,cwe_id,code,repo,path,url,sha,target 3530,NVD-CWE-Other,"static int ras_getdatastd(jas_stream_t *in, ras_hdr_t *hdr, ras_cmap_t *cmap, jas_image_t *image) { int pad; int nz; int z; int c; int y; int x; int v; int i; jas_matrix_t *data[3]; cmap = 0; for (i = 0; i < jas_image_numcmpts(image); ++i) { data[i] = jas_matrix_create(1, jas_image_width(image)); assert(data[i]); } pad = RAS_ROWSIZE(hdr) - (hdr->width * hdr->depth + 7) / 8; for (y = 0; y < hdr->height; y++) { nz = 0; z = 0; for (x = 0; x < hdr->width; x++) { while (nz < hdr->depth) { if ((c = jas_stream_getc(in)) == EOF) { return -1; } z = (z << 8) | c; nz += 8; } v = (z >> (nz - hdr->depth)) & RAS_ONES(hdr->depth); z &= RAS_ONES(nz - hdr->depth); nz -= hdr->depth; if (jas_image_numcmpts(image) == 3) { jas_matrix_setv(data[0], x, (RAS_GETRED(v))); jas_matrix_setv(data[1], x, (RAS_GETGREEN(v))); jas_matrix_setv(data[2], x, (RAS_GETBLUE(v))); } else { jas_matrix_setv(data[0], x, (v)); } } if (pad) { if ((c = jas_stream_getc(in)) == EOF) { return -1; } } for (i = 0; i < jas_image_numcmpts(image); ++i) { if (jas_image_writecmpt(image, i, 0, y, hdr->width, 1, data[i])) { return -1; } } } for (i = 0; i < jas_image_numcmpts(image); ++i) { jas_matrix_destroy(data[i]); } return 0; }",visit repo url,src/libjasper/ras/ras_dec.c,https://github.com/mdadams/jasper,106829516887531,1 4682,CWE-732,"char *M_fs_path_tmpdir(M_fs_system_t sys_type) { char *d = NULL; char *out = NULL; M_fs_error_t res; #ifdef _WIN32 size_t len = M_fs_path_get_path_max(M_FS_SYSTEM_WINDOWS)+1; d = M_malloc_zero(len); if (GetTempPath((DWORD)len, d) >= len) { M_free(d); d = NULL; } #elif defined(__APPLE__) d = M_fs_path_mac_tmpdir(); #else const char *const_temp; # ifdef HAVE_SECURE_GETENV const_temp = secure_getenv(""TMPDIR""); # else const_temp = getenv(""TMPDIR""); # endif if (!M_str_isempty(const_temp) && M_fs_perms_can_access(const_temp, M_FS_FILE_MODE_READ|M_FS_FILE_MODE_WRITE) == M_FS_ERROR_SUCCESS) { d = M_strdup(const_temp); } if (d == NULL) { const_temp = ""/tmp""; if (!M_str_isempty(const_temp) && M_fs_perms_can_access(const_temp, M_FS_FILE_MODE_READ|M_FS_FILE_MODE_WRITE) == M_FS_ERROR_SUCCESS) { d = M_strdup(const_temp); } } if (d == NULL) { const_temp = ""/var/tmp""; if (!M_str_isempty(const_temp) && M_fs_perms_can_access(const_temp, M_FS_FILE_MODE_READ|M_FS_FILE_MODE_WRITE) == M_FS_ERROR_SUCCESS) { d = M_strdup(const_temp); } } #endif if (d != NULL) { res = M_fs_path_norm(&out, d, M_FS_PATH_NORM_ABSOLUTE, sys_type); if (res != M_FS_ERROR_SUCCESS) { out = NULL; } } M_free(d); return out; }",visit repo url,base/fs/m_fs_path.c,https://github.com/Monetra/mstdlib,88247877163772,1 4537,['CWE-20'],"static int make_indexed_dir(handle_t *handle, struct dentry *dentry, struct inode *inode, struct buffer_head *bh) { struct inode *dir = dentry->d_parent->d_inode; const char *name = dentry->d_name.name; int namelen = dentry->d_name.len; struct buffer_head *bh2; struct dx_root *root; struct dx_frame frames[2], *frame; struct dx_entry *entries; struct ext4_dir_entry_2 *de, *de2; char *data1, *top; unsigned len; int retval; unsigned blocksize; struct dx_hash_info hinfo; ext4_lblk_t block; struct fake_dirent *fde; blocksize = dir->i_sb->s_blocksize; dxtrace(printk(KERN_DEBUG ""Creating index: inode %lu\n"", dir->i_ino)); retval = ext4_journal_get_write_access(handle, bh); if (retval) { ext4_std_error(dir->i_sb, retval); brelse(bh); return retval; } root = (struct dx_root *) bh->b_data; fde = &root->dotdot; de = (struct ext4_dir_entry_2 *)((char *)fde + ext4_rec_len_from_disk(fde->rec_len)); if ((char *) de >= (((char *) root) + blocksize)) { ext4_error(dir->i_sb, __func__, ""invalid rec_len for '..' in inode %lu"", dir->i_ino); brelse(bh); return -EIO; } len = ((char *) root) + blocksize - (char *) de; bh2 = ext4_append(handle, dir, &block, &retval); if (!(bh2)) { brelse(bh); return retval; } EXT4_I(dir)->i_flags |= EXT4_INDEX_FL; data1 = bh2->b_data; memcpy (data1, de, len); de = (struct ext4_dir_entry_2 *) data1; top = data1 + len; while ((char *)(de2 = ext4_next_entry(de)) < top) de = de2; de->rec_len = ext4_rec_len_to_disk(data1 + blocksize - (char *) de); de = (struct ext4_dir_entry_2 *) (&root->dotdot); de->rec_len = ext4_rec_len_to_disk(blocksize - EXT4_DIR_REC_LEN(2)); memset (&root->info, 0, sizeof(root->info)); root->info.info_length = sizeof(root->info); root->info.hash_version = EXT4_SB(dir->i_sb)->s_def_hash_version; entries = root->entries; dx_set_block(entries, 1); dx_set_count(entries, 1); dx_set_limit(entries, dx_root_limit(dir, sizeof(root->info))); hinfo.hash_version = root->info.hash_version; if (hinfo.hash_version <= DX_HASH_TEA) hinfo.hash_version += EXT4_SB(dir->i_sb)->s_hash_unsigned; hinfo.seed = EXT4_SB(dir->i_sb)->s_hash_seed; ext4fs_dirhash(name, namelen, &hinfo); frame = frames; frame->entries = entries; frame->at = entries; frame->bh = bh; bh = bh2; de = do_split(handle,dir, &bh, frame, &hinfo, &retval); dx_release (frames); if (!(de)) return retval; return add_dirent_to_buf(handle, dentry, inode, de, bh); }",linux-2.6,,,287883023626102361284836105016297785515,0 2148,CWE-476,"struct btrfs_device *btrfs_find_device(struct btrfs_fs_devices *fs_devices, u64 devid, u8 *uuid, u8 *fsid) { struct btrfs_device *device; while (fs_devices) { if (!fsid || !memcmp(fs_devices->metadata_uuid, fsid, BTRFS_FSID_SIZE)) { device = find_device(fs_devices, devid, uuid); if (device) return device; } fs_devices = fs_devices->seed; } return NULL; }",visit repo url,fs/btrfs/volumes.c,https://github.com/torvalds/linux,239983200436702,1 4426,['CWE-264'],"ssize_t sock_no_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags) { ssize_t res; struct msghdr msg = {.msg_flags = flags}; struct kvec iov; char *kaddr = kmap(page); iov.iov_base = kaddr + offset; iov.iov_len = size; res = kernel_sendmsg(sock, &msg, &iov, 1, size); kunmap(page); return res; }",linux-2.6,,,78434298454054858077706649493150329771,0 4842,['CWE-189'],"write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat, size_t *written) { u32 flags = 0; int i; for (i = 0; i < ((sizeof(ecryptfs_flag_map) / sizeof(struct ecryptfs_flag_map_elem))); i++) if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag) flags |= ecryptfs_flag_map[i].file_flag; flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000); put_unaligned_be32(flags, page_virt); (*written) = 4; }",linux-2.6,,,298313984179014176993334665379279089654,0 2181,CWE-416,"static int gup_pte_range(pmd_t pmd, unsigned long addr, unsigned long end, int write, struct page **pages, int *nr) { struct dev_pagemap *pgmap = NULL; int nr_start = *nr, ret = 0; pte_t *ptep, *ptem; ptem = ptep = pte_offset_map(&pmd, addr); do { pte_t pte = gup_get_pte(ptep); struct page *head, *page; if (pte_protnone(pte)) goto pte_unmap; if (!pte_access_permitted(pte, write)) goto pte_unmap; if (pte_devmap(pte)) { pgmap = get_dev_pagemap(pte_pfn(pte), pgmap); if (unlikely(!pgmap)) { undo_dev_pagemap(nr, nr_start, pages); goto pte_unmap; } } else if (pte_special(pte)) goto pte_unmap; VM_BUG_ON(!pfn_valid(pte_pfn(pte))); page = pte_page(pte); head = compound_head(page); if (!page_cache_get_speculative(head)) goto pte_unmap; if (unlikely(pte_val(pte) != pte_val(*ptep))) { put_page(head); goto pte_unmap; } VM_BUG_ON_PAGE(compound_head(page) != head, page); SetPageReferenced(page); pages[*nr] = page; (*nr)++; } while (ptep++, addr += PAGE_SIZE, addr != end); ret = 1; pte_unmap: if (pgmap) put_dev_pagemap(pgmap); pte_unmap(ptem); return ret; }",visit repo url,mm/gup.c,https://github.com/torvalds/linux,32482761570393,1 5433,['CWE-476'],"static int is_efer_nx(void) { unsigned long long efer = 0; rdmsrl_safe(MSR_EFER, &efer); return efer & EFER_NX; }",linux-2.6,,,260499358369119256138692990202697785976,0 3439,['CWE-264'],"static long do_tee(struct file *in, struct file *out, size_t len, unsigned int flags) { struct pipe_inode_info *ipipe = in->f_dentry->d_inode->i_pipe; struct pipe_inode_info *opipe = out->f_dentry->d_inode->i_pipe; int ret = -EINVAL; if (ipipe && opipe && ipipe != opipe) { ret = link_ipipe_prep(ipipe, flags); if (!ret) { ret = link_opipe_prep(opipe, flags); if (!ret) { ret = link_pipe(ipipe, opipe, len, flags); if (!ret && (flags & SPLICE_F_NONBLOCK)) ret = -EAGAIN; } } } return ret; }",linux-2.6,,,235949820129859338460165285264020714539,0 5527,CWE-125,"ast2obj_mod(void* _o) { mod_ty o = (mod_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case Module_kind: result = PyType_GenericNew(Module_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Module.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Module.type_ignores, ast2obj_type_ignore); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_ignores, value) == -1) goto failed; Py_DECREF(value); break; case Interactive_kind: result = PyType_GenericNew(Interactive_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Interactive.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; case Expression_kind: result = PyType_GenericNew(Expression_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Expression.body); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; case FunctionType_kind: result = PyType_GenericNew(FunctionType_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.FunctionType.argtypes, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_argtypes, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.FunctionType.returns); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_returns, value) == -1) goto failed; Py_DECREF(value); break; case Suite_kind: result = PyType_GenericNew(Suite_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Suite.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; } return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,192939688364872,1 2084,[],"int udp_ioctl(struct sock *sk, int cmd, unsigned long arg) { switch (cmd) { case SIOCOUTQ: { int amount = atomic_read(&sk->sk_wmem_alloc); return put_user(amount, (int __user *)arg); } case SIOCINQ: { struct sk_buff *skb; unsigned long amount; amount = 0; spin_lock_bh(&sk->sk_receive_queue.lock); skb = skb_peek(&sk->sk_receive_queue); if (skb != NULL) { amount = skb->len - sizeof(struct udphdr); } spin_unlock_bh(&sk->sk_receive_queue.lock); return put_user(amount, (int __user *)arg); } default: return -ENOIOCTLCMD; } return 0; }",linux-2.6,,,300124532402002416154988305593391401565,0 6281,['CWE-200'],"static struct pneigh_entry *pneigh_get_first(struct seq_file *seq) { struct neigh_seq_state *state = seq->private; struct neigh_table *tbl = state->tbl; struct pneigh_entry *pn = NULL; int bucket = state->bucket; state->flags |= NEIGH_SEQ_IS_PNEIGH; for (bucket = 0; bucket <= PNEIGH_HASHMASK; bucket++) { pn = tbl->phash_buckets[bucket]; if (pn) break; } state->bucket = bucket; return pn; }",linux-2.6,,,140568425999016775663514487490638461066,0 2692,[],"SCTP_STATIC int sctp_seqpacket_listen(struct sock *sk, int backlog) { struct sctp_sock *sp = sctp_sk(sk); struct sctp_endpoint *ep = sp->ep; if (!sctp_style(sk, UDP)) return -EINVAL; if (!backlog) { if (sctp_sstate(sk, CLOSED)) return 0; sctp_unhash_endpoint(ep); sk->sk_state = SCTP_SS_CLOSED; return 0; } if (sctp_sstate(sk, LISTENING)) return 0; sk->sk_state = SCTP_SS_LISTENING; if (!ep->base.bind_addr.port) { if (sctp_autobind(sk)) return -EAGAIN; } else { if (sctp_get_port(sk, inet_sk(sk)->num)) { sk->sk_state = SCTP_SS_CLOSED; return -EADDRINUSE; } sctp_sk(sk)->bind_hash->fastreuse = 0; } sctp_hash_endpoint(ep); return 0; }",linux-2.6,,,148203341676715553760037444215785348694,0 2950,['CWE-189'],"int jas_image_addcmpt(jas_image_t *image, int cmptno, jas_image_cmptparm_t *cmptparm) { jas_image_cmpt_t *newcmpt; if (cmptno < 0) cmptno = image->numcmpts_; assert(cmptno >= 0 && cmptno <= image->numcmpts_); if (image->numcmpts_ >= image->maxcmpts_) { if (jas_image_growcmpts(image, image->maxcmpts_ + 128)) { return -1; } } if (!(newcmpt = jas_image_cmpt_create(cmptparm->tlx, cmptparm->tly, cmptparm->hstep, cmptparm->vstep, cmptparm->width, cmptparm->height, cmptparm->prec, cmptparm->sgnd, 1))) { return -1; } if (cmptno < image->numcmpts_) { memmove(&image->cmpts_[cmptno + 1], &image->cmpts_[cmptno], (image->numcmpts_ - cmptno) * sizeof(jas_image_cmpt_t *)); } image->cmpts_[cmptno] = newcmpt; ++image->numcmpts_; jas_image_setbbox(image); return 0; }",jasper,,,108092392555998318901935348126151390902,0 5385,['CWE-476'],"static void seg_desct_to_kvm_desct(struct desc_struct *seg_desc, u16 selector, struct kvm_segment *kvm_desct) { kvm_desct->base = seg_desc->base0; kvm_desct->base |= seg_desc->base1 << 16; kvm_desct->base |= seg_desc->base2 << 24; kvm_desct->limit = seg_desc->limit0; kvm_desct->limit |= seg_desc->limit << 16; if (seg_desc->g) { kvm_desct->limit <<= 12; kvm_desct->limit |= 0xfff; } kvm_desct->selector = selector; kvm_desct->type = seg_desc->type; kvm_desct->present = seg_desc->p; kvm_desct->dpl = seg_desc->dpl; kvm_desct->db = seg_desc->d; kvm_desct->s = seg_desc->s; kvm_desct->l = seg_desc->l; kvm_desct->g = seg_desc->g; kvm_desct->avl = seg_desc->avl; if (!selector) kvm_desct->unusable = 1; else kvm_desct->unusable = 0; kvm_desct->padding = 0; }",linux-2.6,,,337166164548148247238968834948006468073,0 298,[],"static int do_video_get_event(unsigned int fd, unsigned int cmd, unsigned long arg) { struct video_event kevent; mm_segment_t old_fs = get_fs(); int err; set_fs(KERNEL_DS); err = sys_ioctl(fd, cmd, (unsigned long) &kevent); set_fs(old_fs); if (!err) { struct compat_video_event __user *up = compat_ptr(arg); err = put_user(kevent.type, &up->type); err |= put_user(kevent.timestamp, &up->timestamp); err |= put_user(kevent.u.size.w, &up->u.size.w); err |= put_user(kevent.u.size.h, &up->u.size.h); err |= put_user(kevent.u.size.aspect_ratio, &up->u.size.aspect_ratio); if (err) err = -EFAULT; } return err; }",linux-2.6,,,276859405116476988774808102864104372092,0 72,CWE-772,"setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { ret.code = kadm5_setv4key_principal((void *)handle, arg->princ, arg->keyblock); } else { log_unauth(""kadm5_setv4key_principal"", prime_arg, &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_SETKEY; } if(ret.code != KADM5_AUTH_SETKEY) { if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_setv4key_principal"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,191292565756561,1 5052,['CWE-20'],"static u64 construct_eptp(unsigned long root_hpa) { u64 eptp; eptp = VMX_EPT_DEFAULT_MT | VMX_EPT_DEFAULT_GAW << VMX_EPT_GAW_EPTP_SHIFT; eptp |= (root_hpa & PAGE_MASK); return eptp; }",linux-2.6,,,37611004297531294211116832685058887734,0 117,['CWE-787'],"static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h) { int sx, sy; int dx, dy; int width, height; int depth; int notify = 0; depth = s->get_bpp((VGAState *)s) / 8; s->get_resolution((VGAState *)s, &width, &height); sx = (src % (width * depth)) / depth; sy = (src / (width * depth)); dx = (dst % (width *depth)) / depth; dy = (dst / (width * depth)); w /= depth; if (s->cirrus_blt_dstpitch < 0) { sx -= (s->cirrus_blt_width / depth) - 1; dx -= (s->cirrus_blt_width / depth) - 1; sy -= s->cirrus_blt_height - 1; dy -= s->cirrus_blt_height - 1; } if (sx >= 0 && sy >= 0 && dx >= 0 && dy >= 0 && (sx + w) <= width && (sy + h) <= height && (dx + w) <= width && (dy + h) <= height) { notify = 1; } if (*s->cirrus_rop != cirrus_bitblt_rop_fwd_src && *s->cirrus_rop != cirrus_bitblt_rop_bkwd_src) notify = 0; if (notify) vga_hw_update(); (*s->cirrus_rop) (s, s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), s->vram_ptr + (s->cirrus_blt_srcaddr & s->cirrus_addr_mask), s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch, s->cirrus_blt_width, s->cirrus_blt_height); if (notify) qemu_console_copy(s->console, sx, sy, dx, dy, s->cirrus_blt_width / depth, s->cirrus_blt_height); if (!notify) cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, s->cirrus_blt_dstpitch, s->cirrus_blt_width, s->cirrus_blt_height); }",qemu,,,752190157672784659890276263864689180,0 3976,['CWE-362'],"static void __put_tree(struct rcu_head *rcu) { struct audit_tree *tree = container_of(rcu, struct audit_tree, head); kfree(tree); }",linux-2.6,,,252875202486757633772739017293262967288,0 3300,CWE-706,"GIT_INLINE(bool) verify_dotgit_ntfs(git_repository *repo, const char *path, size_t len) { git_buf *reserved = git_repository__reserved_names_win32; size_t reserved_len = git_repository__reserved_names_win32_len; size_t start = 0, i; if (repo) git_repository__reserved_names(&reserved, &reserved_len, repo, true); for (i = 0; i < reserved_len; i++) { git_buf *r = &reserved[i]; if (len >= r->size && strncasecmp(path, r->ptr, r->size) == 0) { start = r->size; break; } } if (!start) return true; if (path[start] == '\\') return false; for (i = start; i < len; i++) { if (path[i] != ' ' && path[i] != '.') return true; } return false; }",visit repo url,src/path.c,https://github.com/libgit2/libgit2,201924818343295,1 5167,CWE-119,"static void libxsmm_sparse_csr_reader( const char* i_csr_file_in, unsigned int** o_row_idx, unsigned int** o_column_idx, REALTYPE** o_values, unsigned int* o_row_count, unsigned int* o_column_count, unsigned int* o_element_count ) { FILE *l_csr_file_handle; const unsigned int l_line_length = 512; char l_line[512 +1]; unsigned int l_header_read = 0; unsigned int* l_row_idx_id = NULL; unsigned int l_i = 0; l_csr_file_handle = fopen( i_csr_file_in, ""r"" ); if ( l_csr_file_handle == NULL ) { fprintf( stderr, ""cannot open CSR file!\n"" ); return; } while (fgets(l_line, l_line_length, l_csr_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { fprintf( stderr, ""could not read file length!\n"" ); return; } if ( l_line[0] == '%' ) { continue; } else { if ( l_header_read == 0 ) { if ( sscanf(l_line, ""%u %u %u"", o_row_count, o_column_count, o_element_count) == 3 ) { *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count + 1)); *o_values = (REALTYPE*) malloc(sizeof(double) * (*o_element_count)); l_row_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count)); if ( ( *o_row_idx == NULL ) || ( *o_column_idx == NULL ) || ( *o_values == NULL ) || ( l_row_idx_id == NULL ) ) { fprintf( stderr, ""could not allocate sp data!\n"" ); return; } memset(*o_row_idx, 0, sizeof(unsigned int)*(*o_row_count + 1)); memset(*o_column_idx, 0, sizeof(unsigned int)*(*o_element_count)); memset(*o_values, 0, sizeof(double)*(*o_element_count)); memset(l_row_idx_id, 0, sizeof(unsigned int)*(*o_row_count)); for ( l_i = 0; l_i < (*o_row_count + 1); l_i++) (*o_row_idx)[l_i] = (*o_element_count); (*o_row_idx)[0] = 0; l_i = 0; l_header_read = 1; } else { fprintf( stderr, ""could not csr description!\n"" ); return; } } else { unsigned int l_row, l_column; REALTYPE l_value; #if defined(__EDGE_EXECUTE_F32__) if ( sscanf(l_line, ""%u %u %f"", &l_row, &l_column, &l_value) != 3 ) { fprintf( stderr, ""could not read element!\n"" ); return; } #else if ( sscanf(l_line, ""%u %u %lf"", &l_row, &l_column, &l_value) != 3 ) { fprintf( stderr, ""could not read element!\n"" ); return; } #endif l_row--; l_column--; (*o_column_idx)[l_i] = l_column; (*o_values)[l_i] = l_value; l_i++; l_row_idx_id[l_row] = 1; (*o_row_idx)[l_row+1] = l_i; } } } fclose( l_csr_file_handle ); if ( l_i != (*o_element_count) ) { fprintf( stderr, ""we were not able to read all elements!\n"" ); return; } for ( l_i = 0; l_i < (*o_row_count); l_i++) { if ( l_row_idx_id[l_i] == 0 ) { (*o_row_idx)[l_i+1] = (*o_row_idx)[l_i]; } } if ( l_row_idx_id != NULL ) { free( l_row_idx_id ); } }",visit repo url,samples/edge/common_edge_proxy.h,https://github.com/hfp/libxsmm,171024799489721,1 2485,CWE-189,"static FORCEINLINE NEDMALLOCNOALIASATTR NEDMALLOCPTRATTR void *CallMalloc(void *RESTRICT mspace, size_t size, size_t alignment, unsigned flags) THROWSPEC { void *RESTRICT ret=0; #if USE_MAGIC_HEADERS size_t _alignment=alignment; size_t *_ret=0; size+=alignment+3*sizeof(size_t); _alignment=0; #endif #if USE_ALLOCATOR==0 ret=(flags & M2_ZERO_MEMORY) ? syscalloc(1, size) : sysmalloc(size); #elif USE_ALLOCATOR==1 ret=mspace_malloc2((mstate) mspace, size, alignment, flags); #ifndef ENABLE_FAST_HEAP_DETECTION if(ret) { mchunkptr p=mem2chunk(ret); size_t truesize=chunksize(p) - overhead_for(p); if(!leastusedaddress || (void *)((mstate) mspace)->least_addrleast_addr; if(!largestusedblock || truesize>largestusedblock) largestusedblock=(truesize+mparams.page_size) & ~(mparams.page_size-1); } #endif #endif if(!ret) return 0; #if DEBUG if(flags & M2_ZERO_MEMORY) { const char *RESTRICT n; for(n=(const char *)ret; n<(const char *)ret+size; n++) { assert(!*n); } } #endif #if USE_MAGIC_HEADERS _ret=(size_t *) ret; ret=(void *)(_ret+3); if(alignment) ret=(void *)(((size_t) ret+alignment-1)&~(alignment-1)); for(; _ret<(size_t *)ret-2; _ret++) *_ret=*(size_t *)""NEDMALOC""; _ret[0]=(size_t) mspace; _ret[1]=size-3*sizeof(size_t); #endif return ret; } ",visit repo url,nedmalloc.c,https://github.com/ned14/nedmalloc,190020185680496,1 4964,['CWE-20'],"int nfs_access_cache_shrinker(int nr_to_scan, gfp_t gfp_mask) { LIST_HEAD(head); struct nfs_inode *nfsi; struct nfs_access_entry *cache; restart: spin_lock(&nfs_access_lru_lock); list_for_each_entry(nfsi, &nfs_access_lru_list, access_cache_inode_lru) { struct inode *inode; if (nr_to_scan-- == 0) break; inode = igrab(&nfsi->vfs_inode); if (inode == NULL) continue; spin_lock(&inode->i_lock); if (list_empty(&nfsi->access_cache_entry_lru)) goto remove_lru_entry; cache = list_entry(nfsi->access_cache_entry_lru.next, struct nfs_access_entry, lru); list_move(&cache->lru, &head); rb_erase(&cache->rb_node, &nfsi->access_cache); if (!list_empty(&nfsi->access_cache_entry_lru)) list_move_tail(&nfsi->access_cache_inode_lru, &nfs_access_lru_list); else { remove_lru_entry: list_del_init(&nfsi->access_cache_inode_lru); clear_bit(NFS_INO_ACL_LRU_SET, &nfsi->flags); } spin_unlock(&inode->i_lock); spin_unlock(&nfs_access_lru_lock); iput(inode); goto restart; } spin_unlock(&nfs_access_lru_lock); while (!list_empty(&head)) { cache = list_entry(head.next, struct nfs_access_entry, lru); list_del(&cache->lru); nfs_access_free_entry(cache); } return (atomic_long_read(&nfs_access_nr_entries) / 100) * sysctl_vfs_cache_pressure; }",linux-2.6,,,110445159651544468556264276288533097544,0 1571,CWE-119,"static __exit void sctp_exit(void) { sctp_v6_del_protocol(); sctp_v4_del_protocol(); unregister_pernet_subsys(&sctp_net_ops); sctp_v6_protosw_exit(); sctp_v4_protosw_exit(); sctp_v6_pf_exit(); sctp_v4_pf_exit(); sctp_sysctl_unregister(); free_pages((unsigned long)sctp_assoc_hashtable, get_order(sctp_assoc_hashsize * sizeof(struct sctp_hashbucket))); kfree(sctp_ep_hashtable); free_pages((unsigned long)sctp_port_hashtable, get_order(sctp_port_hashsize * sizeof(struct sctp_bind_hashbucket))); percpu_counter_destroy(&sctp_sockets_allocated); rcu_barrier(); kmem_cache_destroy(sctp_chunk_cachep); kmem_cache_destroy(sctp_bucket_cachep); }",visit repo url,net/sctp/protocol.c,https://github.com/torvalds/linux,226975583211059,1 1190,['CWE-189'],"static inline int hrtimer_callback_running(struct hrtimer *timer) { return timer->state & HRTIMER_STATE_CALLBACK; }",linux-2.6,,,206521240607747431216962651754727900638,0 600,CWE-119,"static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma) { unsigned int len; unsigned long start=0, off; struct au1200fb_device *fbdev = info->par; if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) { return -EINVAL; } start = fbdev->fb_phys & PAGE_MASK; len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len); off = vma->vm_pgoff << PAGE_SHIFT; if ((vma->vm_end - vma->vm_start + off) > len) { return -EINVAL; } off += start; vma->vm_pgoff = off >> PAGE_SHIFT; vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, vma->vm_end - vma->vm_start, vma->vm_page_prot); }",visit repo url,drivers/video/au1200fb.c,https://github.com/torvalds/linux,85465335459313,1 166,[],"static int compat_nfs_getfs_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg) { if (!access_ok(VERIFY_READ,&arg->ca32_getfs,sizeof(arg->ca32_getfs)) || get_user(karg->ca_version, &arg->ca32_version) || __copy_from_user(&karg->ca_getfs.gd_addr, &arg->ca32_getfs.gd32_addr, (sizeof(struct sockaddr))) || __copy_from_user(&karg->ca_getfs.gd_path, &arg->ca32_getfs.gd32_path, (NFS_MAXPATHLEN+1)) || __get_user(karg->ca_getfs.gd_maxlen, &arg->ca32_getfs.gd32_maxlen)) return -EFAULT; return 0; }",linux-2.6,,,125432727321263774133051920268860852516,0 1249,NVD-CWE-noinfo,"static int fr_add_pvc(struct net_device *frad, unsigned int dlci, int type) { hdlc_device *hdlc = dev_to_hdlc(frad); pvc_device *pvc; struct net_device *dev; int used; if ((pvc = add_pvc(frad, dlci)) == NULL) { netdev_warn(frad, ""Memory squeeze on fr_add_pvc()\n""); return -ENOBUFS; } if (*get_dev_p(pvc, type)) return -EEXIST; used = pvc_is_used(pvc); if (type == ARPHRD_ETHER) dev = alloc_netdev(0, ""pvceth%d"", ether_setup); else dev = alloc_netdev(0, ""pvc%d"", pvc_setup); if (!dev) { netdev_warn(frad, ""Memory squeeze on fr_pvc()\n""); delete_unused_pvcs(hdlc); return -ENOBUFS; } if (type == ARPHRD_ETHER) random_ether_addr(dev->dev_addr); else { *(__be16*)dev->dev_addr = htons(dlci); dlci_to_q922(dev->broadcast, dlci); } dev->netdev_ops = &pvc_ops; dev->mtu = HDLC_MAX_MTU; dev->tx_queue_len = 0; dev->ml_priv = pvc; if (register_netdevice(dev) != 0) { free_netdev(dev); delete_unused_pvcs(hdlc); return -EIO; } dev->destructor = free_netdev; *get_dev_p(pvc, type) = dev; if (!used) { state(hdlc)->dce_changed = 1; state(hdlc)->dce_pvc_count++; } return 0; }",visit repo url,drivers/net/wan/hdlc_fr.c,https://github.com/torvalds/linux,219660245119432,1 3641,CWE-264,"static int timer_start(Unit *u) { Timer *t = TIMER(u); TimerValue *v; assert(t); assert(t->state == TIMER_DEAD || t->state == TIMER_FAILED); if (UNIT_TRIGGER(u)->load_state != UNIT_LOADED) return -ENOENT; t->last_trigger = DUAL_TIMESTAMP_NULL; LIST_FOREACH(value, v, t->values) if (v->base == TIMER_ACTIVE) v->disabled = false; if (t->stamp_path) { struct stat st; if (stat(t->stamp_path, &st) >= 0) t->last_trigger.realtime = timespec_load(&st.st_atim); else if (errno == ENOENT) touch_file(t->stamp_path, true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0); } t->result = TIMER_SUCCESS; timer_enter_waiting(t, true); return 1; }",visit repo url,src/core/timer.c,https://github.com/systemd/systemd,160941782765306,1 2032,NVD-CWE-noinfo,"static void evtchn_fifo_handle_events(unsigned cpu) { __evtchn_fifo_handle_events(cpu, false); }",visit repo url,drivers/xen/events/events_fifo.c,https://github.com/torvalds/linux,64880204678213,1 1932,CWE-400,"static int assign_cfs_rq_runtime(struct cfs_rq *cfs_rq) { struct task_group *tg = cfs_rq->tg; struct cfs_bandwidth *cfs_b = tg_cfs_bandwidth(tg); u64 amount = 0, min_amount, expires; int expires_seq; min_amount = sched_cfs_bandwidth_slice() - cfs_rq->runtime_remaining; raw_spin_lock(&cfs_b->lock); if (cfs_b->quota == RUNTIME_INF) amount = min_amount; else { start_cfs_bandwidth(cfs_b); if (cfs_b->runtime > 0) { amount = min(cfs_b->runtime, min_amount); cfs_b->runtime -= amount; cfs_b->idle = 0; } } expires_seq = cfs_b->expires_seq; expires = cfs_b->runtime_expires; raw_spin_unlock(&cfs_b->lock); cfs_rq->runtime_remaining += amount; if (cfs_rq->expires_seq != expires_seq) { cfs_rq->expires_seq = expires_seq; cfs_rq->runtime_expires = expires; } return cfs_rq->runtime_remaining > 0; }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,44984350679699,1 6480,CWE-787,"static int parse_line(char *p) { struct SYMBOL *s; char *q, c; char *dot = NULL; struct SYMBOL *last_note_sav = NULL; struct decos dc_sav; int i, flags, flags_sav = 0, slur; static char qtb[10] = {0, 1, 3, 2, 3, 0, 2, 0, 3, 0}; colnum = 0; switch (*p) { case '\0': switch (parse.abc_state) { case ABC_S_GLOBAL: if (parse.last_sym && parse.last_sym->abc_type != ABC_T_NULL) abc_new(ABC_T_NULL, NULL); case ABC_S_HEAD: return 0; } return 1; case '%': if (p[1] == '%') { s = abc_new(ABC_T_PSCOM, p); p += 2; if (strncasecmp(p, ""decoration "", 11) == 0) { p += 11; while (isspace((unsigned char) *p)) p++; switch (*p) { case '!': char_tb['!'] = CHAR_DECOS; char_tb['+'] = CHAR_BAD; break; case '+': char_tb['+'] = CHAR_DECOS; char_tb['!'] = CHAR_BAD; break; } return 0; } if (strncasecmp(p, ""linebreak "", 10) == 0) { for (i = 0; i < sizeof char_tb; i++) { if (char_tb[i] == CHAR_LINEBREAK) char_tb[i] = i != '!' ? CHAR_BAD : CHAR_DECOS; } p += 10; for (;;) { while (isspace((unsigned char) *p)) p++; if (*p == '\0') break; switch (*p) { case '!': case '$': case '*': case ';': case '?': case '@': char_tb[(unsigned char) *p++] = CHAR_LINEBREAK; break; case '<': if (strncmp(p, """", 6) == 0) return 0; if (strncmp(p, """", 5) == 0) { char_tb['\n'] = CHAR_LINEBREAK; p += 5; break; } default: if (strcmp(p, ""lock"") != 0) syntax(""Invalid character in %%%%linebreak"", p); return 0; } } return 0; } if (strncasecmp(p, ""microscale "", 11) == 0) { int v; p += 11; while (isspace((unsigned char) *p)) p++; sscanf(p, ""%d"", &v); if (v < 4 || v >= 256 || v & 1) syntax(""Invalid value in %%microscale"", p); else microscale = v; return 0; } if (strncasecmp(p, ""user "", 5) == 0) { p += 5; while (isspace((unsigned char) *p)) p++; get_user(p, s); return 0; } return 0; } case '\\': return 0; } if (p[1] == ':' && *p != '|' && *p != ':') { int new_tune; new_tune = parse_info(p); if (*p != 'V' || parse.abc_state != ABC_S_TUNE) return new_tune; c = p[strlen(p) - 1]; if (c != '|' && c != ']') return new_tune; while (!isspace((unsigned char) *p) && *p != '\0') p++; while (isspace((unsigned char) *p)) p++; } if (parse.abc_state != ABC_S_TUNE) return 0; flags = 0; if (parse.abc_vers <= (2 << 16)) lyric_started = 0; deco_start = deco_cont = NULL; slur = 0; while (*p != '\0') { colnum = p - abc_line; switch (char_tb[(unsigned char) *p++]) { case CHAR_GCHORD: if (flags & ABC_F_GRACE) goto bad_char; p = parse_gchord(p); break; case CHAR_GR_ST: if (flags & ABC_F_GRACE) goto bad_char; last_note_sav = curvoice->last_note; curvoice->last_note = NULL; memcpy(&dc_sav, &dc, sizeof dc); dc.n = 0; flags_sav = flags; flags = ABC_F_GRACE; if (*p == '/') { flags |= ABC_F_SAPPO; p++; } break; case CHAR_GR_EN: if (!(flags & ABC_F_GRACE)) goto bad_char; parse.last_sym->flags |= ABC_F_GR_END; if (dc.n != 0) syntax(""Decoration ignored"", p); curvoice->last_note = last_note_sav; memcpy(&dc, &dc_sav, sizeof dc); flags = flags_sav; break; case CHAR_DECOS: if (p[-1] == '!' && char_tb['\n'] == CHAR_LINEBREAK && check_nl(p)) { s = abc_new(ABC_T_EOLN, NULL); s->u.eoln.type = 2; break; } case CHAR_DECO: if (p[-1] == '.') { if (*p == '(' || *p == '-') { dot = p; break; } } p = parse_deco(p - 1, &dc, -1); break; case CHAR_LINEBREAK: s = abc_new(ABC_T_EOLN, NULL); break; case CHAR_NOTE: p = parse_note(p - 1, flags); flags &= ABC_F_GRACE; parse.last_sym->u.note.slur_st = slur; slur = 0; if (parse.last_sym->u.note.notes[0].len > 0) curvoice->last_note = parse.last_sym; break; case CHAR_SLASH: if (flags & ABC_F_GRACE) goto bad_char; if (char_tb[(unsigned char) p[-1]] != CHAR_BAR) goto bad_char; q = p; while (*q == '/') q++; if (char_tb[(unsigned char) *q] != CHAR_BAR) goto bad_char; s = abc_new(ABC_T_MREP, NULL); s->u.bar.type = 0; s->u.bar.len = q - p + 1; syntax(""Non standard measure repeat syntax"", p - 1); p = q; break; case CHAR_BSLASH: if (*p == '\0') break; syntax(""'\\' ignored"", p - 1); break; case CHAR_OBRA: if (*p == '|' || *p == ']' || *p == ':' || isdigit((unsigned char) *p) || *p == '""' || *p == ' ') { if (flags & ABC_F_GRACE) goto bad_char; p = parse_bar(p); break; } if (p[1] != ':') { p = parse_note(p - 1, flags); flags &= ABC_F_GRACE; parse.last_sym->u.note.slur_st = slur; slur = 0; curvoice->last_note = parse.last_sym; break; } #if 0 if (flags & ABC_F_GRACE) goto bad_char; #endif while (p[2] == ' ') { p[2] = ':'; p[1] = *p; p++; } c = ']'; q = p; while (*p != '\0' && *p != c) p++; if (*p == '\0') { syntax(""Escape sequence [..] not closed"", q); c = '\0'; } else { *p = '\0'; } parse_info(q); *p = c; if (c != '\0') p++; break; case CHAR_BAR: if (flags & ABC_F_GRACE) goto bad_char; p = parse_bar(p); break; case CHAR_OPAR: if (*p > '0' && *p <= '9') { int pplet, qplet, rplet; pplet = strtol(p, &q, 10); p = q; if ((unsigned) pplet < sizeof qtb / sizeof qtb[0]) qplet = qtb[pplet]; else qplet = qtb[0]; rplet = pplet; if (*p == ':') { p++; if (isdigit((unsigned char) *p)) { qplet = strtol(p, &q, 10); p = q; } if (*p == ':') { p++; if (isdigit((unsigned char) *p)) { rplet = strtol(p, &q, 10); p = q; } } } if (rplet < 1) { syntax(""Invalid 'r' in tuplet"", p); break; } if (pplet >= 128 || qplet >= 128 || rplet >= 128) { syntax(""Invalid 'p:q:r' in tuplet"", p); break; } if (qplet == 0) qplet = meter % 3 == 0 ? 3 : 2; s = abc_new(ABC_T_TUPLET, NULL); s->u.tuplet.p_plet = pplet; s->u.tuplet.q_plet = qplet; s->u.tuplet.r_plet = rplet; s->flags |= flags; break; } if (*p == '&') { if (flags & ABC_F_GRACE) goto bad_char; p++; if (vover != 0) { syntax(""Nested voice overlay"", p - 1); break; } s = abc_new(ABC_T_V_OVER, NULL); s->u.v_over.type = V_OVER_S; s->u.v_over.voice = curvoice - voice_tb; vover = -1; break; } slur <<= 4; if (p == dot + 1 && dc.n == 0) slur |= SL_DOTTED; switch (*p) { case '\'': slur += SL_ABOVE; p++; break; case ',': slur += SL_BELOW; p++; break; default: slur += SL_AUTO; break; } break; case CHAR_CPAR: switch (parse.last_sym->abc_type) { case ABC_T_NOTE: case ABC_T_REST: break; default: goto bad_char; } parse.last_sym->u.note.slur_end++; break; case CHAR_VOV: if (flags & ABC_F_GRACE) goto bad_char; if (*p != ')' || vover == 0) { if (!curvoice->last_note) { syntax(""Bad start of voice overlay"", p); break; } s = abc_new(ABC_T_V_OVER, NULL); vover_new(); s->u.v_over.voice = curvoice - voice_tb; if (vover == 0) vover = 1; break; } p++; vover = 0; s = abc_new(ABC_T_V_OVER, NULL); s->u.v_over.type = V_OVER_E; s->u.v_over.voice = curvoice->mvoice; curvoice->last_note = NULL; curvoice = &voice_tb[curvoice->mvoice]; break; case CHAR_SPAC: flags |= ABC_F_SPACE; break; case CHAR_MINUS: { int tie_pos; if (!curvoice->last_note || curvoice->last_note->abc_type != ABC_T_NOTE) goto bad_char; if (p == dot + 1 && dc.n == 0) tie_pos = SL_DOTTED; else tie_pos = 0; switch (*p) { case '\'': tie_pos += SL_ABOVE; p++; break; case ',': tie_pos += SL_BELOW; p++; break; default: tie_pos += SL_AUTO; break; } for (i = 0; i <= curvoice->last_note->nhd; i++) { if (curvoice->last_note->u.note.notes[i].ti1 == 0) curvoice->last_note->u.note.notes[i].ti1 = tie_pos; else if (curvoice->last_note->nhd == 0) syntax(""Too many ties"", p); } break; } case CHAR_BRHY: if (!curvoice->last_note) goto bad_char; i = 1; while (*p == p[-1]) { i++; p++; } if (i > 3) { syntax(""Bad broken rhythm"", p - 1); i = 3; } if (p[-1] == '<') i = -i; broken_rhythm(curvoice->last_note, i); curvoice->last_note->u.note.brhythm = i; break; case CHAR_IGN: break; default: bad_char: syntax((flags & ABC_F_GRACE) ? ""Bad character in grace note sequence"" : ""Bad character"", p - 1); break; } } if (flags & ABC_F_GRACE) { syntax(""EOLN in grace note sequence"", p - 1); if (curvoice->last_note) curvoice->last_note->flags |= ABC_F_GR_END; curvoice->last_note = last_note_sav; memcpy(&dc, &dc_sav, sizeof dc); } s = abc_new(ABC_T_EOLN, NULL); if (flags & ABC_F_SPACE) s->flags |= ABC_F_SPACE; if (p[-1] == '\\' || char_tb['\n'] != CHAR_LINEBREAK) s->u.eoln.type = 1; return 0; }",visit repo url,abcparse.c,https://github.com/leesavide/abcm2ps,194289475440854,1 5620,CWE-125,"FstringParser_ConcatFstring(FstringParser *state, const char **str, const char *end, int raw, int recurse_lvl, struct compiling *c, const node *n) { FstringParser_check_invariants(state); while (1) { PyObject *literal = NULL; expr_ty expression = NULL; int result = fstring_find_literal_and_expr(str, end, raw, recurse_lvl, &literal, &expression, c, n); if (result < 0) return -1; if (!literal) { } else if (!state->last_str) { state->last_str = literal; literal = NULL; } else { assert(PyUnicode_GET_LENGTH(literal) != 0); if (FstringParser_ConcatAndDel(state, literal) < 0) return -1; literal = NULL; } assert(!state->last_str || PyUnicode_GET_LENGTH(state->last_str) != 0); assert(literal == NULL); if (result == 1) continue; if (!expression) break; if (!state->last_str) { } else { expr_ty str = make_str_node_and_del(&state->last_str, c, n); if (!str || ExprList_Append(&state->expr_list, str) < 0) return -1; } if (ExprList_Append(&state->expr_list, expression) < 0) return -1; } if (recurse_lvl == 0 && *str < end-1) { ast_error(c, n, ""f-string: unexpected end of string""); return -1; } if (recurse_lvl != 0 && **str != '}') { ast_error(c, n, ""f-string: expecting '}'""); return -1; } FstringParser_check_invariants(state); return 0; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,143971830930985,1 6082,['CWE-200'],"static void addrconf_add_lroute(struct net_device *dev) { struct in6_addr addr; ipv6_addr_set(&addr, htonl(0xFE800000), 0, 0, 0); addrconf_prefix_route(&addr, 64, dev, 0, 0); }",linux-2.6,,,60763194052571849065432320161062127284,0 5578,CWE-125,"obj2ast_withitem(PyObject* obj, withitem_ty* out, PyArena* arena) { PyObject* tmp = NULL; expr_ty context_expr; expr_ty optional_vars; if (_PyObject_HasAttrId(obj, &PyId_context_expr)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_context_expr); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &context_expr, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""context_expr\"" missing from withitem""); return 1; } if (exists_not_none(obj, &PyId_optional_vars)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_optional_vars); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &optional_vars, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { optional_vars = NULL; } *out = withitem(context_expr, optional_vars, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,82611377092684,1 3834,[],"int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5, long *rc_p) { long error = 0; switch (option) { case PR_CAPBSET_READ: if (!cap_valid(arg2)) error = -EINVAL; else error = !!cap_raised(current->cap_bset, arg2); break; #ifdef CONFIG_SECURITY_FILE_CAPABILITIES case PR_CAPBSET_DROP: error = cap_prctl_drop(arg2); break; case PR_SET_SECUREBITS: if ((((current->securebits & SECURE_ALL_LOCKS) >> 1) & (current->securebits ^ arg2)) || ((current->securebits & SECURE_ALL_LOCKS & ~arg2)) || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) || (cap_capable(current, CAP_SETPCAP) != 0)) { error = -EPERM; } else { current->securebits = arg2; } break; case PR_GET_SECUREBITS: error = current->securebits; break; #endif case PR_GET_KEEPCAPS: if (issecure(SECURE_KEEP_CAPS)) error = 1; break; case PR_SET_KEEPCAPS: if (arg2 > 1) error = -EINVAL; else if (issecure(SECURE_KEEP_CAPS_LOCKED)) error = -EPERM; else if (arg2) current->securebits |= issecure_mask(SECURE_KEEP_CAPS); else current->securebits &= ~issecure_mask(SECURE_KEEP_CAPS); break; default: return 0; } *rc_p = error; return 1; }",linux-2.6,,,290960678707354694522253199603974644697,0 6080,['CWE-200'],"static int rsvp_dump(struct tcf_proto *tp, unsigned long fh, struct sk_buff *skb, struct tcmsg *t) { struct rsvp_filter *f = (struct rsvp_filter*)fh; struct rsvp_session *s; unsigned char *b = skb->tail; struct rtattr *rta; struct tc_rsvp_pinfo pinfo; if (f == NULL) return skb->len; s = f->sess; t->tcm_handle = f->handle; rta = (struct rtattr*)b; RTA_PUT(skb, TCA_OPTIONS, 0, NULL); RTA_PUT(skb, TCA_RSVP_DST, sizeof(s->dst), &s->dst); pinfo.dpi = s->dpi; pinfo.spi = f->spi; pinfo.protocol = s->protocol; pinfo.tunnelid = s->tunnelid; pinfo.tunnelhdr = f->tunnelhdr; pinfo.pad = 0; RTA_PUT(skb, TCA_RSVP_PINFO, sizeof(pinfo), &pinfo); if (f->res.classid) RTA_PUT(skb, TCA_RSVP_CLASSID, 4, &f->res.classid); if (((f->handle>>8)&0xFF) != 16) RTA_PUT(skb, TCA_RSVP_SRC, sizeof(f->src), f->src); if (tcf_exts_dump(skb, &f->exts, &rsvp_ext_map) < 0) goto rtattr_failure; rta->rta_len = skb->tail - b; if (tcf_exts_dump_stats(skb, &f->exts, &rsvp_ext_map) < 0) goto rtattr_failure; return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,56965782348469412992051832161130252549,0 6547,['CWE-200'],"connection_changed_info_destroy (gpointer data) { ConnectionChangedInfo *info = (ConnectionChangedInfo *) data; g_free (info->path); g_free (info); }",network-manager-applet,,,218382596581552730919512891966643679984,0 6216,CWE-190,"void fp48_exp_dig(fp48_t c, const fp48_t a, dig_t b) { bn_t _b; fp48_t t, v; int8_t u, naf[RLC_DIG + 1]; int l; if (b == 0) { fp48_set_dig(c, 1); return; } bn_null(_b); fp48_null(t); fp48_null(v); RLC_TRY { bn_new(_b); fp48_new(t); fp48_new(v); fp48_copy(t, a); if (fp48_test_cyc(a)) { fp48_inv_cyc(v, a); bn_set_dig(_b, b); l = RLC_DIG + 1; bn_rec_naf(naf, &l, _b, 2); for (int i = bn_bits(_b) - 2; i >= 0; i--) { fp48_sqr_cyc(t, t); u = naf[i]; if (u > 0) { fp48_mul(t, t, a); } else if (u < 0) { fp48_mul(t, t, v); } } } else { for (int i = util_bits_dig(b) - 2; i >= 0; i--) { fp48_sqr(t, t); if (b & ((dig_t)1 << i)) { fp48_mul(t, t, a); } } } fp48_copy(c, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(_b); fp48_free(t); fp48_free(v); } }",visit repo url,src/fpx/relic_fpx_exp.c,https://github.com/relic-toolkit/relic,57997261313119,1 1831,CWE-367,"int nfc_start_poll(struct nfc_dev *dev, u32 im_protocols, u32 tm_protocols) { int rc; pr_debug(""dev_name %s initiator protocols 0x%x target protocols 0x%x\n"", dev_name(&dev->dev), im_protocols, tm_protocols); if (!im_protocols && !tm_protocols) return -EINVAL; device_lock(&dev->dev); if (!device_is_registered(&dev->dev)) { rc = -ENODEV; goto error; } if (!dev->dev_up) { rc = -ENODEV; goto error; } if (dev->polling) { rc = -EBUSY; goto error; } rc = dev->ops->start_poll(dev, im_protocols, tm_protocols); if (!rc) { dev->polling = true; dev->rf_mode = NFC_RF_NONE; } error: device_unlock(&dev->dev); return rc; }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,73675210947091,1 2524,CWE-19,"check_symlinks(struct archive_write_disk *a) { #if !defined(HAVE_LSTAT) (void)a; return (ARCHIVE_OK); #else char *pn; char c; int r; struct stat st; pn = a->name; if (archive_strlen(&(a->path_safe)) > 0) { char *p = a->path_safe.s; while ((*pn != '\0') && (*p == *pn)) ++p, ++pn; } if(pn == a->name && pn[0] == '/') ++pn; c = pn[0]; while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) { while (*pn != '\0' && *pn != '/') ++pn; c = pn[0]; pn[0] = '\0'; r = lstat(a->name, &st); if (r != 0) { if (errno == ENOENT) { break; } else { return (ARCHIVE_FAILED); } } else if (S_ISLNK(st.st_mode)) { if (c == '\0') { if (unlink(a->name)) { archive_set_error(&a->archive, errno, ""Could not remove symlink %s"", a->name); pn[0] = c; return (ARCHIVE_FAILED); } a->pst = NULL; if (!S_ISLNK(a->mode)) { archive_set_error(&a->archive, 0, ""Removing symlink %s"", a->name); } pn[0] = c; return (0); } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) { if (unlink(a->name) != 0) { archive_set_error(&a->archive, 0, ""Cannot remove intervening symlink %s"", a->name); pn[0] = c; return (ARCHIVE_FAILED); } a->pst = NULL; } else { archive_set_error(&a->archive, 0, ""Cannot extract through symlink %s"", a->name); pn[0] = c; return (ARCHIVE_FAILED); } } pn[0] = c; if (pn[0] != '\0') pn++; } pn[0] = c; archive_strcpy(&a->path_safe, a->name); return (ARCHIVE_OK); #endif }",visit repo url,libarchive/archive_write_disk_posix.c,https://github.com/libarchive/libarchive,213374845783239,1 1238,[],"find_builtin_by_name (const char *name) { const builtin *bp; for (bp = &builtin_tab[0]; bp->name != NULL; bp++) if (strcmp (bp->name, name) == 0) return bp; return bp + 1; }",m4,,,79619690765386817663700234935708205614,0 5371,CWE-787,"int modbus_reply(modbus_t *ctx, const uint8_t *req, int req_length, modbus_mapping_t *mb_mapping) { int offset; int slave; int function; uint16_t address; uint8_t rsp[MAX_MESSAGE_LENGTH]; int rsp_length = 0; sft_t sft; if (ctx == NULL) { errno = EINVAL; return -1; } offset = ctx->backend->header_length; slave = req[offset - 1]; function = req[offset]; address = (req[offset + 1] << 8) + req[offset + 2]; sft.slave = slave; sft.function = function; sft.t_id = ctx->backend->prepare_response_tid(req, &req_length); switch (function) { case MODBUS_FC_READ_COILS: case MODBUS_FC_READ_DISCRETE_INPUTS: { unsigned int is_input = (function == MODBUS_FC_READ_DISCRETE_INPUTS); int start_bits = is_input ? mb_mapping->start_input_bits : mb_mapping->start_bits; int nb_bits = is_input ? mb_mapping->nb_input_bits : mb_mapping->nb_bits; uint8_t *tab_bits = is_input ? mb_mapping->tab_input_bits : mb_mapping->tab_bits; const char * const name = is_input ? ""read_input_bits"" : ""read_bits""; int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - start_bits; if (nb < 1 || MODBUS_MAX_READ_BITS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal nb of values %d in %s (max %d)\n"", nb, name, MODBUS_MAX_READ_BITS); } else if (mapping_address < 0 || (mapping_address + nb) > nb_bits) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in %s\n"", mapping_address < 0 ? address : address + nb, name); } else { rsp_length = ctx->backend->build_response_basis(&sft, rsp); rsp[rsp_length++] = (nb / 8) + ((nb % 8) ? 1 : 0); rsp_length = response_io_status(tab_bits, mapping_address, nb, rsp, rsp_length); } } break; case MODBUS_FC_READ_HOLDING_REGISTERS: case MODBUS_FC_READ_INPUT_REGISTERS: { unsigned int is_input = (function == MODBUS_FC_READ_INPUT_REGISTERS); int start_registers = is_input ? mb_mapping->start_input_registers : mb_mapping->start_registers; int nb_registers = is_input ? mb_mapping->nb_input_registers : mb_mapping->nb_registers; uint16_t *tab_registers = is_input ? mb_mapping->tab_input_registers : mb_mapping->tab_registers; const char * const name = is_input ? ""read_input_registers"" : ""read_registers""; int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - start_registers; if (nb < 1 || MODBUS_MAX_READ_REGISTERS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal nb of values %d in %s (max %d)\n"", nb, name, MODBUS_MAX_READ_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in %s\n"", mapping_address < 0 ? address : address + nb, name); } else { int i; rsp_length = ctx->backend->build_response_basis(&sft, rsp); rsp[rsp_length++] = nb << 1; for (i = mapping_address; i < mapping_address + nb; i++) { rsp[rsp_length++] = tab_registers[i] >> 8; rsp[rsp_length++] = tab_registers[i] & 0xFF; } } } break; case MODBUS_FC_WRITE_SINGLE_COIL: { int mapping_address = address - mb_mapping->start_bits; if (mapping_address < 0 || mapping_address >= mb_mapping->nb_bits) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_bit\n"", address); } else { int data = (req[offset + 3] << 8) + req[offset + 4]; if (data == 0xFF00 || data == 0x0) { mb_mapping->tab_bits[mapping_address] = data ? ON : OFF; memcpy(rsp, req, req_length); rsp_length = req_length; } else { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, FALSE, ""Illegal data value 0x%0X in write_bit request at address %0X\n"", data, address); } } } break; case MODBUS_FC_WRITE_SINGLE_REGISTER: { int mapping_address = address - mb_mapping->start_registers; if (mapping_address < 0 || mapping_address >= mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_register\n"", address); } else { int data = (req[offset + 3] << 8) + req[offset + 4]; mb_mapping->tab_registers[mapping_address] = data; memcpy(rsp, req, req_length); rsp_length = req_length; } } break; case MODBUS_FC_WRITE_MULTIPLE_COILS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; int nb_bits = req[offset + 5]; int mapping_address = address - mb_mapping->start_bits; if (nb < 1 || MODBUS_MAX_WRITE_BITS < nb || nb_bits * 8 < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal number of values %d in write_bits (max %d)\n"", nb, MODBUS_MAX_WRITE_BITS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_bits) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_bits\n"", mapping_address < 0 ? address : address + nb); } else { modbus_set_bits_from_bytes(mb_mapping->tab_bits, mapping_address, nb, &req[offset + 6]); rsp_length = ctx->backend->build_response_basis(&sft, rsp); memcpy(rsp + rsp_length, req + rsp_length, 4); rsp_length += 4; } } break; case MODBUS_FC_WRITE_MULTIPLE_REGISTERS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; int nb_bytes = req[offset + 5]; int mapping_address = address - mb_mapping->start_registers; if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb || nb_bytes != nb * 2) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal number of values %d in write_registers (max %d)\n"", nb, MODBUS_MAX_WRITE_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_registers\n"", mapping_address < 0 ? address : address + nb); } else { int i, j; for (i = mapping_address, j = 6; i < mapping_address + nb; i++, j += 2) { mb_mapping->tab_registers[i] = (req[offset + j] << 8) + req[offset + j + 1]; } rsp_length = ctx->backend->build_response_basis(&sft, rsp); memcpy(rsp + rsp_length, req + rsp_length, 4); rsp_length += 4; } } break; case MODBUS_FC_REPORT_SLAVE_ID: { int str_len; int byte_count_pos; rsp_length = ctx->backend->build_response_basis(&sft, rsp); byte_count_pos = rsp_length++; rsp[rsp_length++] = _REPORT_SLAVE_ID; rsp[rsp_length++] = 0xFF; str_len = 3 + strlen(LIBMODBUS_VERSION_STRING); memcpy(rsp + rsp_length, ""LMB"" LIBMODBUS_VERSION_STRING, str_len); rsp_length += str_len; rsp[byte_count_pos] = rsp_length - byte_count_pos - 1; } break; case MODBUS_FC_READ_EXCEPTION_STATUS: if (ctx->debug) { fprintf(stderr, ""FIXME Not implemented\n""); } errno = ENOPROTOOPT; return -1; break; case MODBUS_FC_MASK_WRITE_REGISTER: { int mapping_address = address - mb_mapping->start_registers; if (mapping_address < 0 || mapping_address >= mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_register\n"", address); } else { uint16_t data = mb_mapping->tab_registers[mapping_address]; uint16_t and = (req[offset + 3] << 8) + req[offset + 4]; uint16_t or = (req[offset + 5] << 8) + req[offset + 6]; data = (data & and) | (or & (~and)); mb_mapping->tab_registers[mapping_address] = data; memcpy(rsp, req, req_length); rsp_length = req_length; } } break; case MODBUS_FC_WRITE_AND_READ_REGISTERS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; uint16_t address_write = (req[offset + 5] << 8) + req[offset + 6]; int nb_write = (req[offset + 7] << 8) + req[offset + 8]; int nb_write_bytes = req[offset + 9]; int mapping_address = address - mb_mapping->start_registers; int mapping_address_write = address_write - mb_mapping->start_registers; if (nb_write < 1 || MODBUS_MAX_WR_WRITE_REGISTERS < nb_write || nb < 1 || MODBUS_MAX_WR_READ_REGISTERS < nb || nb_write_bytes != nb_write * 2) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal nb of values (W%d, R%d) in write_and_read_registers (max W%d, R%d)\n"", nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_registers || mapping_address < 0 || (mapping_address_write + nb_write) > mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data read address 0x%0X or write address 0x%0X write_and_read_registers\n"", mapping_address < 0 ? address : address + nb, mapping_address_write < 0 ? address_write : address_write + nb_write); } else { int i, j; rsp_length = ctx->backend->build_response_basis(&sft, rsp); rsp[rsp_length++] = nb << 1; for (i = mapping_address_write, j = 10; i < mapping_address_write + nb_write; i++, j += 2) { mb_mapping->tab_registers[i] = (req[offset + j] << 8) + req[offset + j + 1]; } for (i = mapping_address; i < mapping_address + nb; i++) { rsp[rsp_length++] = mb_mapping->tab_registers[i] >> 8; rsp[rsp_length++] = mb_mapping->tab_registers[i] & 0xFF; } } } break; default: rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_FUNCTION, rsp, TRUE, ""Unknown Modbus function code: 0x%0X\n"", function); break; } return (ctx->backend->backend_type == _MODBUS_BACKEND_TYPE_RTU && slave == MODBUS_BROADCAST_ADDRESS) ? 0 : send_msg(ctx, rsp, rsp_length); }",visit repo url,src/modbus.c,https://github.com/stephane/libmodbus,24961696124499,1 2893,['CWE-189'],"int jpc_ft_synthesize(int *a, int xstart, int ystart, int width, int height, int stride) { int numrows = height; int numcols = width; int rowparity = ystart & 1; int colparity = xstart & 1; int maxcols; jpc_fix_t *startptr; int i; startptr = &a[0]; for (i = 0; i < numrows; ++i) { jpc_ft_invlift_row(startptr, numcols, colparity); jpc_qmfb_join_row(startptr, numcols, colparity); startptr += stride; } maxcols = (numcols / JPC_QMFB_COLGRPSIZE) * JPC_QMFB_COLGRPSIZE; startptr = &a[0]; for (i = 0; i < maxcols; i += JPC_QMFB_COLGRPSIZE) { jpc_ft_invlift_colgrp(startptr, numrows, stride, rowparity); jpc_qmfb_join_colgrp(startptr, numrows, stride, rowparity); startptr += JPC_QMFB_COLGRPSIZE; } if (maxcols < numcols) { jpc_ft_invlift_colres(startptr, numrows, numcols - maxcols, stride, rowparity); jpc_qmfb_join_colres(startptr, numrows, numcols - maxcols, stride, rowparity); } return 0; }",jasper,,,14946871989294156875242577457857405340,0 1580,CWE-20,"static noinline void key_gc_unused_keys(struct list_head *keys) { while (!list_empty(keys)) { struct key *key = list_entry(keys->next, struct key, graveyard_link); list_del(&key->graveyard_link); kdebug(""- %u"", key->serial); key_check(key); if (key->type->destroy) key->type->destroy(key); security_key_free(key); if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { spin_lock(&key->user->lock); key->user->qnkeys--; key->user->qnbytes -= key->quotalen; spin_unlock(&key->user->lock); } atomic_dec(&key->user->nkeys); if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) atomic_dec(&key->user->nikeys); key_user_put(key->user); kfree(key->description); #ifdef KEY_DEBUGGING key->magic = KEY_DEBUG_MAGIC_X; #endif kmem_cache_free(key_jar, key); } }",visit repo url,security/keys/gc.c,https://github.com/torvalds/linux,54447269930188,1 5087,['CWE-20'],"static inline int vm_need_ept(void) { return (cpu_has_vmx_ept() && enable_ept); }",linux-2.6,,,147215335578997587537030863881247407889,0 429,CWE-416,"static inline int init_new_context(struct task_struct *tsk, struct mm_struct *mm) { #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS if (cpu_feature_enabled(X86_FEATURE_OSPKE)) { mm->context.pkey_allocation_map = 0x1; mm->context.execute_only_pkey = -1; } #endif init_new_context_ldt(tsk, mm); return 0; }",visit repo url,arch/x86/include/asm/mmu_context.h,https://github.com/torvalds/linux,106716424814199,1 4873,CWE-119,"const char * util_acl_to_str(const sc_acl_entry_t *e) { static char line[80], buf[20]; unsigned int acl; if (e == NULL) return ""N/A""; line[0] = 0; while (e != NULL) { acl = e->method; switch (acl) { case SC_AC_UNKNOWN: return ""N/A""; case SC_AC_NEVER: return ""NEVR""; case SC_AC_NONE: return ""NONE""; case SC_AC_CHV: strcpy(buf, ""CHV""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""%d"", e->key_ref); break; case SC_AC_TERM: strcpy(buf, ""TERM""); break; case SC_AC_PRO: strcpy(buf, ""PROT""); break; case SC_AC_AUT: strcpy(buf, ""AUTH""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 4, ""%d"", e->key_ref); break; case SC_AC_SEN: strcpy(buf, ""Sec.Env. ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; case SC_AC_SCB: strcpy(buf, ""Sec.ControlByte ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""Ox%X"", e->key_ref); break; case SC_AC_IDA: strcpy(buf, ""PKCS#15 AuthID ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; default: strcpy(buf, ""????""); break; } strcat(line, buf); strcat(line, "" ""); e = e->next; } line[strlen(line)-1] = 0; return line; }",visit repo url,src/tools/util.c,https://github.com/OpenSC/OpenSC,34728816745796,1 1404,[],"static inline struct rq *rq_of(struct cfs_rq *cfs_rq) { return cfs_rq->rq; }",linux-2.6,,,127587787165080264403024792237679582403,0 93,CWE-617,"finish_process_as_req(struct as_req_state *state, krb5_error_code errcode) { krb5_key_data *server_key; krb5_keyblock *as_encrypting_key = NULL; krb5_data *response = NULL; const char *emsg = 0; int did_log = 0; loop_respond_fn oldrespond; void *oldarg; kdc_realm_t *kdc_active_realm = state->active_realm; krb5_audit_state *au_state = state->au_state; assert(state); oldrespond = state->respond; oldarg = state->arg; if (errcode) goto egress; au_state->stage = ENCR_REP; if ((errcode = validate_forwardable(state->request, *state->client, *state->server, state->kdc_time, &state->status))) { errcode += ERROR_TABLE_BASE_krb5; goto egress; } errcode = check_indicators(kdc_context, state->server, state->auth_indicators); if (errcode) { state->status = ""HIGHER_AUTHENTICATION_REQUIRED""; goto egress; } state->ticket_reply.enc_part2 = &state->enc_tkt_reply; if ((errcode = krb5_dbe_find_enctype(kdc_context, state->server, -1, -1, 0, &server_key))) { state->status = ""FINDING_SERVER_KEY""; goto egress; } if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, NULL, server_key, &state->server_keyblock, NULL))) { state->status = ""DECRYPT_SERVER_KEY""; goto egress; } state->reply.msg_type = KRB5_AS_REP; state->reply.client = state->enc_tkt_reply.client; state->reply.ticket = &state->ticket_reply; state->reply_encpart.session = &state->session_key; if ((errcode = fetch_last_req_info(state->client, &state->reply_encpart.last_req))) { state->status = ""FETCH_LAST_REQ""; goto egress; } state->reply_encpart.nonce = state->request->nonce; state->reply_encpart.key_exp = get_key_exp(state->client); state->reply_encpart.flags = state->enc_tkt_reply.flags; state->reply_encpart.server = state->ticket_reply.server; state->reply_encpart.times = state->enc_tkt_reply.times; state->reply_encpart.times.authtime = state->authtime = state->kdc_time; state->reply_encpart.caddrs = state->enc_tkt_reply.caddrs; state->reply_encpart.enc_padata = NULL; errcode = return_padata(kdc_context, &state->rock, state->req_pkt, state->request, &state->reply, &state->client_keyblock, &state->pa_context); if (errcode) { state->status = ""KDC_RETURN_PADATA""; goto egress; } if (state->client_keyblock.enctype == ENCTYPE_NULL) { state->status = ""CANT_FIND_CLIENT_KEY""; errcode = KRB5KDC_ERR_ETYPE_NOSUPP; goto egress; } errcode = handle_authdata(kdc_context, state->c_flags, state->client, state->server, NULL, state->local_tgt, &state->client_keyblock, &state->server_keyblock, NULL, state->req_pkt, state->request, NULL, NULL, state->auth_indicators, &state->enc_tkt_reply); if (errcode) { krb5_klog_syslog(LOG_INFO, _(""AS_REQ : handle_authdata (%d)""), errcode); state->status = ""HANDLE_AUTHDATA""; goto egress; } errcode = krb5_encrypt_tkt_part(kdc_context, &state->server_keyblock, &state->ticket_reply); if (errcode) { state->status = ""ENCRYPT_TICKET""; goto egress; } errcode = kau_make_tkt_id(kdc_context, &state->ticket_reply, &au_state->tkt_out_id); if (errcode) { state->status = ""GENERATE_TICKET_ID""; goto egress; } state->ticket_reply.enc_part.kvno = server_key->key_data_kvno; errcode = kdc_fast_response_handle_padata(state->rstate, state->request, &state->reply, state->client_keyblock.enctype); if (errcode) { state->status = ""MAKE_FAST_RESPONSE""; goto egress; } state->reply.enc_part.enctype = state->client_keyblock.enctype; errcode = kdc_fast_handle_reply_key(state->rstate, &state->client_keyblock, &as_encrypting_key); if (errcode) { state->status = ""MAKE_FAST_REPLY_KEY""; goto egress; } errcode = return_enc_padata(kdc_context, state->req_pkt, state->request, as_encrypting_key, state->server, &state->reply_encpart, FALSE); if (errcode) { state->status = ""KDC_RETURN_ENC_PADATA""; goto egress; } if (kdc_fast_hide_client(state->rstate)) state->reply.client = (krb5_principal)krb5_anonymous_principal(); errcode = krb5_encode_kdc_rep(kdc_context, KRB5_AS_REP, &state->reply_encpart, 0, as_encrypting_key, &state->reply, &response); if (state->client_key != NULL) state->reply.enc_part.kvno = state->client_key->key_data_kvno; if (errcode) { state->status = ""ENCODE_KDC_REP""; goto egress; } memset(state->reply.enc_part.ciphertext.data, 0, state->reply.enc_part.ciphertext.length); free(state->reply.enc_part.ciphertext.data); log_as_req(kdc_context, state->local_addr, state->remote_addr, state->request, &state->reply, state->client, state->cname, state->server, state->sname, state->authtime, 0, 0, 0); did_log = 1; egress: if (errcode != 0) assert (state->status != 0); au_state->status = state->status; au_state->reply = &state->reply; kau_as_req(kdc_context, (errcode || state->preauth_err) ? FALSE : TRUE, au_state); kau_free_kdc_req(au_state); free_padata_context(kdc_context, state->pa_context); if (as_encrypting_key) krb5_free_keyblock(kdc_context, as_encrypting_key); if (errcode) emsg = krb5_get_error_message(kdc_context, errcode); if (state->status) { log_as_req(kdc_context, state->local_addr, state->remote_addr, state->request, &state->reply, state->client, state->cname, state->server, state->sname, state->authtime, state->status, errcode, emsg); did_log = 1; } if (errcode) { if (state->status == 0) { state->status = emsg; } if (errcode != KRB5KDC_ERR_DISCARD) { errcode -= ERROR_TABLE_BASE_krb5; if (errcode < 0 || errcode > KRB_ERR_MAX) errcode = KRB_ERR_GENERIC; errcode = prepare_error_as(state->rstate, state->request, state->local_tgt, errcode, state->e_data, state->typed_e_data, ((state->client != NULL) ? state->client->princ : NULL), &response, state->status); state->status = 0; } } if (emsg) krb5_free_error_message(kdc_context, emsg); if (state->enc_tkt_reply.authorization_data != NULL) krb5_free_authdata(kdc_context, state->enc_tkt_reply.authorization_data); if (state->server_keyblock.contents != NULL) krb5_free_keyblock_contents(kdc_context, &state->server_keyblock); if (state->client_keyblock.contents != NULL) krb5_free_keyblock_contents(kdc_context, &state->client_keyblock); if (state->reply.padata != NULL) krb5_free_pa_data(kdc_context, state->reply.padata); if (state->reply_encpart.enc_padata) krb5_free_pa_data(kdc_context, state->reply_encpart.enc_padata); if (state->cname != NULL) free(state->cname); if (state->sname != NULL) free(state->sname); krb5_db_free_principal(kdc_context, state->client); krb5_db_free_principal(kdc_context, state->server); krb5_db_free_principal(kdc_context, state->local_tgt_storage); if (state->session_key.contents != NULL) krb5_free_keyblock_contents(kdc_context, &state->session_key); if (state->ticket_reply.enc_part.ciphertext.data != NULL) { memset(state->ticket_reply.enc_part.ciphertext.data , 0, state->ticket_reply.enc_part.ciphertext.length); free(state->ticket_reply.enc_part.ciphertext.data); } krb5_free_pa_data(kdc_context, state->e_data); krb5_free_data(kdc_context, state->inner_body); kdc_free_rstate(state->rstate); krb5_free_kdc_req(kdc_context, state->request); k5_free_data_ptr_list(state->auth_indicators); assert(did_log != 0); free(state); (*oldrespond)(oldarg, errcode, response); }",visit repo url,src/kdc/do_as_req.c,https://github.com/krb5/krb5,198300111589924,1 5154,CWE-125,"ast_for_with_stmt(struct compiling *c, const node *n0, bool is_async) { const node * const n = is_async ? CHILD(n0, 1) : n0; int i, n_items, end_lineno, end_col_offset; asdl_seq *items, *body; REQ(n, with_stmt); n_items = (NCH(n) - 2) / 2; items = _Py_asdl_seq_new(n_items, c->c_arena); if (!items) return NULL; for (i = 1; i < NCH(n) - 2; i += 2) { withitem_ty item = ast_for_with_item(c, CHILD(n, i)); if (!item) return NULL; asdl_seq_SET(items, (i - 1) / 2, item); } body = ast_for_suite(c, CHILD(n, NCH(n) - 1)); if (!body) return NULL; get_last_end_pos(body, &end_lineno, &end_col_offset); if (is_async) return AsyncWith(items, body, LINENO(n0), n0->n_col_offset, end_lineno, end_col_offset, c->c_arena); else return With(items, body, LINENO(n), n->n_col_offset, end_lineno, end_col_offset, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,30112699427629,1 3535,NVD-CWE-Other,"static int jpc_siz_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_siz_t *siz = &ms->parms.siz; unsigned int i; uint_fast8_t tmp; cstate = 0; if (jpc_getuint16(in, &siz->caps) || jpc_getuint32(in, &siz->width) || jpc_getuint32(in, &siz->height) || jpc_getuint32(in, &siz->xoff) || jpc_getuint32(in, &siz->yoff) || jpc_getuint32(in, &siz->tilewidth) || jpc_getuint32(in, &siz->tileheight) || jpc_getuint32(in, &siz->tilexoff) || jpc_getuint32(in, &siz->tileyoff) || jpc_getuint16(in, &siz->numcomps)) { return -1; } if (!siz->width || !siz->height || !siz->tilewidth || !siz->tileheight || !siz->numcomps || siz->numcomps > 16384) { return -1; } if (siz->tilexoff >= siz->width || siz->tileyoff >= siz->height) { jas_eprintf(""all tiles are outside the image area\n""); return -1; } if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { return -1; } for (i = 0; i < siz->numcomps; ++i) { if (jpc_getuint8(in, &tmp) || jpc_getuint8(in, &siz->comps[i].hsamp) || jpc_getuint8(in, &siz->comps[i].vsamp)) { jas_free(siz->comps); return -1; } if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) { jas_eprintf(""invalid XRsiz value %d\n"", siz->comps[i].hsamp); jas_free(siz->comps); return -1; } if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) { jas_eprintf(""invalid YRsiz value %d\n"", siz->comps[i].vsamp); jas_free(siz->comps); return -1; } siz->comps[i].sgnd = (tmp >> 7) & 1; siz->comps[i].prec = (tmp & 0x7f) + 1; } if (jas_stream_eof(in)) { jas_free(siz->comps); return -1; } return 0; }",visit repo url,src/libjasper/jpc/jpc_cs.c,https://github.com/mdadams/jasper,143784807566874,1 3855,[],"int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp) { return 0; }",linux-2.6,,,98568258799021413713158077150666175121,0 3833,CWE-476,"ExpandBufnames( char_u *pat, int *num_file, char_u ***file, int options) { int count = 0; buf_T *buf; int round; char_u *p; int attempt; char_u *patc = NULL; #ifdef FEAT_VIMINFO bufmatch_T *matches = NULL; #endif int fuzzy; fuzmatch_str_T *fuzmatch = NULL; *num_file = 0; *file = NULL; #ifdef FEAT_DIFF if ((options & BUF_DIFF_FILTER) && !curwin->w_p_diff) return FAIL; #endif fuzzy = cmdline_fuzzy_complete(pat); if (!fuzzy) { if (*pat == '^') { patc = alloc(STRLEN(pat) + 11); if (patc == NULL) return FAIL; STRCPY(patc, ""\\(^\\|[\\/]\\)""); STRCPY(patc + 11, pat + 1); } else patc = pat; } for (attempt = 0; attempt <= (fuzzy ? 0 : 1); ++attempt) { regmatch_T regmatch; int score = 0; if (!fuzzy) { if (attempt > 0 && patc == pat) break; regmatch.regprog = vim_regcomp(patc + attempt * 11, RE_MAGIC); if (regmatch.regprog == NULL) { if (patc != pat) vim_free(patc); return FAIL; } } for (round = 1; round <= 2; ++round) { count = 0; FOR_ALL_BUFFERS(buf) { if (!buf->b_p_bl) continue; #ifdef FEAT_DIFF if (options & BUF_DIFF_FILTER) if (buf == curbuf || !diff_mode_buf(buf)) continue; #endif if (!fuzzy) p = buflist_match(®match, buf, p_wic); else { p = NULL; if ((score = fuzzy_match_str(buf->b_sfname, pat)) != 0) p = buf->b_sfname; if (p == NULL) { if ((score = fuzzy_match_str(buf->b_ffname, pat)) != 0) p = buf->b_ffname; } } if (p == NULL) continue; if (round == 1) { ++count; continue; } if (options & WILD_HOME_REPLACE) p = home_replace_save(buf, p); else p = vim_strsave(p); if (!fuzzy) { #ifdef FEAT_VIMINFO if (matches != NULL) { matches[count].buf = buf; matches[count].match = p; count++; } else #endif (*file)[count++] = p; } else { fuzmatch[count].idx = count; fuzmatch[count].str = p; fuzmatch[count].score = score; count++; } } if (count == 0) break; if (round == 1) { if (!fuzzy) { *file = ALLOC_MULT(char_u *, count); if (*file == NULL) { vim_regfree(regmatch.regprog); if (patc != pat) vim_free(patc); return FAIL; } #ifdef FEAT_VIMINFO if (options & WILD_BUFLASTUSED) matches = ALLOC_MULT(bufmatch_T, count); #endif } else { fuzmatch = ALLOC_MULT(fuzmatch_str_T, count); if (fuzmatch == NULL) { *num_file = 0; *file = NULL; return FAIL; } } } } if (!fuzzy) { vim_regfree(regmatch.regprog); if (count) break; } } if (!fuzzy && patc != pat) vim_free(patc); #ifdef FEAT_VIMINFO if (!fuzzy) { if (matches != NULL) { int i; if (count > 1) qsort(matches, count, sizeof(bufmatch_T), buf_compare); if (matches[0].buf == curbuf) { for (i = 1; i < count; i++) (*file)[i-1] = matches[i].match; (*file)[count-1] = matches[0].match; } else { for (i = 0; i < count; i++) (*file)[i] = matches[i].match; } vim_free(matches); } } else { if (fuzzymatches_to_strmatches(fuzmatch, file, count, FALSE) == FAIL) return FAIL; } #endif *num_file = count; return (count == 0 ? FAIL : OK); }",visit repo url,src/buffer.c,https://github.com/vim/vim,83664794195451,1 3188,['CWE-189'],"static int jas_iccgettime(jas_stream_t *in, jas_icctime_t *time) { if (jas_iccgetuint16(in, &time->year) || jas_iccgetuint16(in, &time->month) || jas_iccgetuint16(in, &time->day) || jas_iccgetuint16(in, &time->hour) || jas_iccgetuint16(in, &time->min) || jas_iccgetuint16(in, &time->sec)) { return -1; } return 0; }",jasper,,,319229640563030914897525663989007865704,0 6338,['CWE-200'],"static struct tc_action_ops *tc_lookup_action_n(char *kind) { struct tc_action_ops *a = NULL; if (kind) { read_lock(&act_mod_lock); for (a = act_base; a; a = a->next) { if (strcmp(kind, a->kind) == 0) { if (!try_module_get(a->owner)) { read_unlock(&act_mod_lock); return NULL; } break; } } read_unlock(&act_mod_lock); } return a; }",linux-2.6,,,172782662917285906620480604868557444661,0 165,CWE-476,"tegra_xusb_find_port_node(struct tegra_xusb_padctl *padctl, const char *type, unsigned int index) { struct device_node *ports, *np; char *name; ports = of_get_child_by_name(padctl->dev->of_node, ""ports""); if (!ports) return NULL; name = kasprintf(GFP_KERNEL, ""%s-%u"", type, index); if (!name) { of_node_put(ports); return ERR_PTR(-ENOMEM); } np = of_get_child_by_name(ports, name); kfree(name); of_node_put(ports); return np; }",visit repo url,drivers/phy/tegra/xusb.c,https://github.com/torvalds/linux,72560743222656,1 4692,['CWE-399'],"static int ext4_normal_writepage(struct page *page, struct writeback_control *wbc) { struct inode *inode = page->mapping->host; loff_t size = i_size_read(inode); loff_t len; trace_mark(ext4_normal_writepage, ""dev %s ino %lu page_index %lu"", inode->i_sb->s_id, inode->i_ino, page->index); J_ASSERT(PageLocked(page)); if (page->index == size >> PAGE_CACHE_SHIFT) len = size & ~PAGE_CACHE_MASK; else len = PAGE_CACHE_SIZE; if (page_has_buffers(page)) { BUG_ON(walk_page_buffers(NULL, page_buffers(page), 0, len, NULL, ext4_bh_unmapped_or_delay)); } if (!ext4_journal_current_handle()) return __ext4_normal_writepage(page, wbc); redirty_page_for_writepage(wbc, page); unlock_page(page); return 0; }",linux-2.6,,,304150879799589466662144663023146784933,0 3090,['CWE-189'],"int jas_image_getfmt(jas_stream_t *in) { jas_image_fmtinfo_t *fmtinfo; int found; int i; found = 0; for (i = 0, fmtinfo = jas_image_fmtinfos; i < jas_image_numfmts; ++i, ++fmtinfo) { if (fmtinfo->ops.validate) { if (!(*fmtinfo->ops.validate)(in)) { found = 1; break; } } } return found ? fmtinfo->id : (-1); }",jasper,,,34866464501796053537316129586705146343,0 3128,['CWE-189'],"jpc_pchg_t *jpc_pchg_copy(jpc_pchg_t *pchg) { jpc_pchg_t *newpchg; if (!(newpchg = jas_malloc(sizeof(jpc_pchg_t)))) { return 0; } *newpchg = *pchg; return newpchg; }",jasper,,,68431926799307234724955451327387768602,0 5867,CWE-835,"pjmedia_avi_player_create_streams(pj_pool_t *pool, const char *filename, unsigned options, pjmedia_avi_streams **p_streams) { pjmedia_avi_hdr avi_hdr; struct avi_reader_port *fport[PJMEDIA_AVI_MAX_NUM_STREAMS]; pj_off_t pos; unsigned i, nstr = 0; pj_status_t status = PJ_SUCCESS; PJ_ASSERT_RETURN(pool && filename && p_streams, PJ_EINVAL); if (!pj_file_exists(filename)) { return PJ_ENOTFOUND; } fport[0] = create_avi_port(pool); if (!fport[0]) { return PJ_ENOMEM; } fport[0]->fsize = pj_file_size(filename); if (fport[0]->fsize <= sizeof(riff_hdr_t) + sizeof(avih_hdr_t) + sizeof(strl_hdr_t)) { return PJMEDIA_EINVALIMEDIATYPE; } status = pj_file_open(pool, filename, PJ_O_RDONLY, &fport[0]->fd); if (status != PJ_SUCCESS) return status; status = file_read(fport[0]->fd, &avi_hdr, sizeof(riff_hdr_t) + sizeof(avih_hdr_t)); if (status != PJ_SUCCESS) goto on_error; if (!COMPARE_TAG(avi_hdr.riff_hdr.riff, PJMEDIA_AVI_RIFF_TAG) || !COMPARE_TAG(avi_hdr.riff_hdr.avi, PJMEDIA_AVI_AVI_TAG) || !COMPARE_TAG(avi_hdr.avih_hdr.list_tag, PJMEDIA_AVI_LIST_TAG) || !COMPARE_TAG(avi_hdr.avih_hdr.hdrl_tag, PJMEDIA_AVI_HDRL_TAG) || !COMPARE_TAG(avi_hdr.avih_hdr.avih, PJMEDIA_AVI_AVIH_TAG)) { status = PJMEDIA_EINVALIMEDIATYPE; goto on_error; } PJ_LOG(5, (THIS_FILE, ""The AVI file has %d streams."", avi_hdr.avih_hdr.num_streams)); if (avi_hdr.avih_hdr.num_streams > PJMEDIA_AVI_MAX_NUM_STREAMS) { status = PJMEDIA_EAVIUNSUPP; goto on_error; } if (avi_hdr.avih_hdr.flags & AVIF_MUSTUSEINDEX || avi_hdr.avih_hdr.pad > 1) { PJ_LOG(3, (THIS_FILE, ""Warning!!! Possibly unsupported AVI format: "" ""flags:%d, pad:%d"", avi_hdr.avih_hdr.flags, avi_hdr.avih_hdr.pad)); } for (i = 0; i < avi_hdr.avih_hdr.num_streams; i++) { pj_size_t elem = 0; pj_ssize_t size_to_read; status = file_read(fport[0]->fd, &avi_hdr.strl_hdr[i], sizeof(strl_hdr_t)); if (status != PJ_SUCCESS) goto on_error; elem = COMPARE_TAG(avi_hdr.strl_hdr[i].data_type, PJMEDIA_AVI_VIDS_TAG) ? sizeof(strf_video_hdr_t) : COMPARE_TAG(avi_hdr.strl_hdr[i].data_type, PJMEDIA_AVI_AUDS_TAG) ? sizeof(strf_audio_hdr_t) : 0; status = file_read2(fport[0]->fd, &avi_hdr.strf_hdr[i], elem, 0); if (status != PJ_SUCCESS) goto on_error; if (elem == sizeof(strf_video_hdr_t)) data_to_host2(&avi_hdr.strf_hdr[i], sizeof(strf_video_hdr_sizes)/ sizeof(strf_video_hdr_sizes[0]), strf_video_hdr_sizes); else if (elem == sizeof(strf_audio_hdr_t)) data_to_host2(&avi_hdr.strf_hdr[i], sizeof(strf_audio_hdr_sizes)/ sizeof(strf_audio_hdr_sizes[0]), strf_audio_hdr_sizes); size_to_read = avi_hdr.strl_hdr[i].list_sz - (sizeof(strl_hdr_t) - 8) - elem; status = pj_file_setpos(fport[0]->fd, size_to_read, PJ_SEEK_CUR); if (status != PJ_SUCCESS) { goto on_error; } } status = pj_file_setpos(fport[0]->fd, avi_hdr.avih_hdr.list_sz + sizeof(riff_hdr_t) + 8, PJ_SEEK_SET); if (status != PJ_SUCCESS) { goto on_error; } do { pjmedia_avi_subchunk ch; int read = 0; status = file_read(fport[0]->fd, &ch, sizeof(pjmedia_avi_subchunk)); if (status != PJ_SUCCESS) { goto on_error; } if (COMPARE_TAG(ch.id, PJMEDIA_AVI_LIST_TAG)) { read = 4; status = file_read(fport[0]->fd, &ch, read); if (COMPARE_TAG(ch.id, PJMEDIA_AVI_MOVI_TAG)) break; } status = pj_file_setpos(fport[0]->fd, ch.len-read, PJ_SEEK_CUR); if (status != PJ_SUCCESS) { goto on_error; } } while(1); status = pj_file_getpos(fport[0]->fd, &pos); if (status != PJ_SUCCESS) goto on_error; for (i = 0, nstr = 0; i < avi_hdr.avih_hdr.num_streams; i++) { pjmedia_format_id fmt_id; if ((!COMPARE_TAG(avi_hdr.strl_hdr[i].data_type, PJMEDIA_AVI_VIDS_TAG) && !COMPARE_TAG(avi_hdr.strl_hdr[i].data_type, PJMEDIA_AVI_AUDS_TAG)) || avi_hdr.strl_hdr[i].flags & AVISF_DISABLED) { continue; } if (COMPARE_TAG(avi_hdr.strl_hdr[i].data_type, PJMEDIA_AVI_VIDS_TAG)) { int j; if (avi_hdr.strl_hdr[i].flags & AVISF_VIDEO_PALCHANGES) { PJ_LOG(4, (THIS_FILE, ""Unsupported video stream"")); continue; } fmt_id = avi_hdr.strl_hdr[i].codec; for (j = sizeof(avi_fmts)/sizeof(avi_fmts[0])-1; j >= 0; j--) { if (fmt_id == avi_fmts[j].fmt_id) { if (avi_fmts[j].eff_fmt_id) fmt_id = avi_fmts[j].eff_fmt_id; break; } } if (j < 0) { PJ_LOG(4, (THIS_FILE, ""Unsupported video stream"")); continue; } } else { strf_audio_hdr_t *hdr = (strf_audio_hdr_t*) &avi_hdr.strf_hdr[i].strf_audio_hdr; if (hdr->fmt_tag == PJMEDIA_WAVE_FMT_TAG_PCM && hdr->bits_per_sample == 16) { fmt_id = PJMEDIA_FORMAT_PCM; } else if (hdr->fmt_tag == PJMEDIA_WAVE_FMT_TAG_ALAW) { fmt_id = PJMEDIA_FORMAT_PCMA; } else if (hdr->fmt_tag == PJMEDIA_WAVE_FMT_TAG_ULAW) { fmt_id = PJMEDIA_FORMAT_PCMU; } else { PJ_LOG(4, (THIS_FILE, ""Unsupported audio stream"")); continue; } } if (nstr > 0) { fport[nstr] = create_avi_port(pool); if (!fport[nstr]) { status = PJ_ENOMEM; goto on_error; } status = pj_file_open(pool, filename, PJ_O_RDONLY, &fport[nstr]->fd); if (status != PJ_SUCCESS) goto on_error; status = pj_file_setpos(fport[nstr]->fd, pos, PJ_SEEK_SET); if (status != PJ_SUCCESS) { goto on_error; } } fport[nstr]->stream_id = i; fport[nstr]->fmt_id = fmt_id; nstr++; } if (nstr == 0) { status = PJMEDIA_EAVIUNSUPP; goto on_error; } for (i = 0; i < nstr; i++) { strl_hdr_t *strl_hdr = &avi_hdr.strl_hdr[fport[i]->stream_id]; fport[i]->options = options; fport[i]->fsize = fport[0]->fsize; fport[i]->start_data = pos; if (COMPARE_TAG(strl_hdr->data_type, PJMEDIA_AVI_VIDS_TAG)) { strf_video_hdr_t *strf_hdr = &avi_hdr.strf_hdr[fport[i]->stream_id].strf_video_hdr; const pjmedia_video_format_info *vfi; vfi = pjmedia_get_video_format_info( pjmedia_video_format_mgr_instance(), strl_hdr->codec); fport[i]->bits_per_sample = (vfi ? vfi->bpp : 0); fport[i]->usec_per_frame = avi_hdr.avih_hdr.usec_per_frame; pjmedia_format_init_video(&fport[i]->base.info.fmt, fport[i]->fmt_id, strf_hdr->biWidth, strf_hdr->biHeight, strl_hdr->rate, strl_hdr->scale); #if 0 bps = strf_hdr->biSizeImage * 8 * strl_hdr->rate / strl_hdr->scale; if (bps==0) { bps = strf_hdr->biWidth * strf_hdr->biHeight * strf_hdr->biBitCount * strl_hdr->rate / strl_hdr->scale; } fport[i]->base.info.fmt.det.vid.avg_bps = bps; fport[i]->base.info.fmt.det.vid.max_bps = bps; #endif } else { strf_audio_hdr_t *strf_hdr = &avi_hdr.strf_hdr[fport[i]->stream_id].strf_audio_hdr; fport[i]->bits_per_sample = strf_hdr->bits_per_sample; fport[i]->usec_per_frame = avi_hdr.avih_hdr.usec_per_frame; pjmedia_format_init_audio(&fport[i]->base.info.fmt, fport[i]->fmt_id, strf_hdr->sample_rate, strf_hdr->nchannels, strf_hdr->bits_per_sample, 20000 , strf_hdr->bytes_per_sec * 8, strf_hdr->bytes_per_sec * 8); if (fport[i]->fmt_id == PJMEDIA_FORMAT_PCMA || fport[i]->fmt_id == PJMEDIA_FORMAT_PCMU) { fport[i]->base.info.fmt.id = PJMEDIA_FORMAT_PCM; fport[i]->base.info.fmt.det.aud.bits_per_sample = 16; } } pj_strdup2(pool, &fport[i]->base.info.name, filename); } *p_streams = pj_pool_alloc(pool, sizeof(pjmedia_avi_streams)); (*p_streams)->num_streams = nstr; (*p_streams)->streams = pj_pool_calloc(pool, (*p_streams)->num_streams, sizeof(pjmedia_port *)); for (i = 0; i < nstr; i++) (*p_streams)->streams[i] = &fport[i]->base; PJ_LOG(4,(THIS_FILE, ""AVI file player '%.*s' created with "" ""%d media ports"", (int)fport[0]->base.info.name.slen, fport[0]->base.info.name.ptr, (*p_streams)->num_streams)); return PJ_SUCCESS; on_error: fport[0]->base.on_destroy(&fport[0]->base); for (i = 1; i < nstr; i++) fport[i]->base.on_destroy(&fport[i]->base); if (status == AVI_EOF) return PJMEDIA_EINVALIMEDIATYPE; return status; }",visit repo url,pjmedia/src/pjmedia/avi_player.c,https://github.com/pjsip/pjproject,201585834892246,1 2794,CWE-787,"static void nsc_rle_decompress_data(NSC_CONTEXT* context) { UINT16 i; BYTE* rle; UINT32 planeSize; UINT32 originalSize; rle = context->Planes; for (i = 0; i < 4; i++) { originalSize = context->OrgByteCount[i]; planeSize = context->PlaneByteCount[i]; if (planeSize == 0) FillMemory(context->priv->PlaneBuffers[i], originalSize, 0xFF); else if (planeSize < originalSize) nsc_rle_decode(rle, context->priv->PlaneBuffers[i], originalSize); else CopyMemory(context->priv->PlaneBuffers[i], rle, originalSize); rle += planeSize; } }",visit repo url,libfreerdp/codec/nsc.c,https://github.com/FreeRDP/FreeRDP,81878599086768,1 5755,CWE-190,"static int bson_string_is_db_ref( const unsigned char *string, const int length ) { int result = 0; if( length >= 4 ) { if( string[1] == 'r' && string[2] == 'e' && string[3] == 'f' ) result = 1; } else if( length >= 3 ) { if( string[1] == 'i' && string[2] == 'd' ) result = 1; else if( string[1] == 'd' && string[2] == 'b' ) result = 1; } return result; }",visit repo url,src/encoding.c,https://github.com/10gen-archive/mongo-c-driver-legacy,256512279829658,1 3928,['CWE-399'],static int tda9855_treble(int val) { return (val/0x1c71+0x3)<<1; },linux-2.6,,,225409820254818732076187641741340817787,0 5767,CWE-190,"static void mongo_pass_digest( const char *user, const char *pass, char hex_digest[33] ) { mongo_md5_state_t st; mongo_md5_byte_t digest[16]; mongo_md5_init( &st ); mongo_md5_append( &st, ( const mongo_md5_byte_t * )user, strlen( user ) ); mongo_md5_append( &st, ( const mongo_md5_byte_t * )"":mongo:"", 7 ); mongo_md5_append( &st, ( const mongo_md5_byte_t * )pass, strlen( pass ) ); mongo_md5_finish( &st, digest ); digest2hex( digest, hex_digest ); }",visit repo url,src/mongo.c,https://github.com/10gen-archive/mongo-c-driver-legacy,252556511135567,1 1433,[],"account_entity_enqueue(struct cfs_rq *cfs_rq, struct sched_entity *se) { update_load_add(&cfs_rq->load, se->load.weight); if (!parent_entity(se)) inc_cpu_load(rq_of(cfs_rq), se->load.weight); if (entity_is_task(se)) add_cfs_task_weight(cfs_rq, se->load.weight); cfs_rq->nr_running++; se->on_rq = 1; }",linux-2.6,,,65807270256669245841798272413652463285,0 4843,CWE-119,"static int read_public_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I1012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_public_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,241413677709066,1 143,[],"compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) { long ret; aio_context_t ctx64; mm_segment_t oldfs = get_fs(); if (unlikely(get_user(ctx64, ctx32p))) return -EFAULT; set_fs(KERNEL_DS); ret = sys_io_setup(nr_reqs, (aio_context_t __user *) &ctx64); set_fs(oldfs); if (!ret) ret = put_user((u32) ctx64, ctx32p); return ret; }",linux-2.6,,,165533053922624891411133172265949575446,0 5090,CWE-190,"Unpickler_set_memo(UnpicklerObject *self, PyObject *obj) { PyObject **new_memo; Py_ssize_t new_memo_size = 0; Py_ssize_t i; if (obj == NULL) { PyErr_SetString(PyExc_TypeError, ""attribute deletion is not supported""); return -1; } if (Py_TYPE(obj) == &UnpicklerMemoProxyType) { UnpicklerObject *unpickler = ((UnpicklerMemoProxyObject *)obj)->unpickler; new_memo_size = unpickler->memo_size; new_memo = _Unpickler_NewMemo(new_memo_size); if (new_memo == NULL) return -1; for (i = 0; i < new_memo_size; i++) { Py_XINCREF(unpickler->memo[i]); new_memo[i] = unpickler->memo[i]; } } else if (PyDict_Check(obj)) { Py_ssize_t i = 0; PyObject *key, *value; new_memo_size = PyDict_GET_SIZE(obj); new_memo = _Unpickler_NewMemo(new_memo_size); if (new_memo == NULL) return -1; while (PyDict_Next(obj, &i, &key, &value)) { Py_ssize_t idx; if (!PyLong_Check(key)) { PyErr_SetString(PyExc_TypeError, ""memo key must be integers""); goto error; } idx = PyLong_AsSsize_t(key); if (idx == -1 && PyErr_Occurred()) goto error; if (idx < 0) { PyErr_SetString(PyExc_ValueError, ""memo key must be positive integers.""); goto error; } if (_Unpickler_MemoPut(self, idx, value) < 0) goto error; } } else { PyErr_Format(PyExc_TypeError, ""'memo' attribute must be an UnpicklerMemoProxy object"" ""or dict, not %.200s"", Py_TYPE(obj)->tp_name); return -1; } _Unpickler_MemoCleanup(self); self->memo_size = new_memo_size; self->memo = new_memo; return 0; error: if (new_memo_size) { i = new_memo_size; while (--i >= 0) { Py_XDECREF(new_memo[i]); } PyMem_FREE(new_memo); } return -1; }",visit repo url,Modules/_pickle.c,https://github.com/python/cpython,236493281370907,1 2257,[],"void __init setup_per_cpu_areas(void) { int i; unsigned long size; #ifdef CONFIG_HOTPLUG_CPU prefill_possible_map(); #endif size = PERCPU_ENOUGH_ROOM; printk(KERN_INFO ""PERCPU: Allocating %lu bytes of per cpu data\n"", size); for_each_cpu_mask (i, cpu_possible_map) { char *ptr; if (!NODE_DATA(cpu_to_node(i))) { printk(""cpu with no node %d, num_online_nodes %d\n"", i, num_online_nodes()); ptr = alloc_bootmem(size); } else { ptr = alloc_bootmem_node(NODE_DATA(cpu_to_node(i)), size); } if (!ptr) panic(""Cannot allocate cpu data for CPU %d\n"", i); cpu_pda(i)->data_offset = ptr - __per_cpu_start; memcpy(ptr, __per_cpu_start, __per_cpu_end - __per_cpu_start); } } ",linux-2.6,,,275463663119487421888874278486798890881,0 5372,['CWE-476'],"void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code) { WARN_ON(vcpu->arch.exception.pending); vcpu->arch.exception.pending = true; vcpu->arch.exception.has_error_code = true; vcpu->arch.exception.nr = nr; vcpu->arch.exception.error_code = error_code; }",linux-2.6,,,277419190809228742867305846048514332724,0 3892,['CWE-399'],static int tda8425_shift10(int val) { return (val >> 10) | 0xc0; },linux-2.6,,,3017930420928661060370749482622103289,0 3567,['CWE-20'],"sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_chunk *repl; struct sctp_association *new_asoc; struct sctp_chunk *err_chunk; struct sctp_packet *packet; sctp_unrecognized_param_t *unk_param; int len; if (!chunk->singleton) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (ep == sctp_sk((sctp_get_ctl_sock()))->ep) return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); if (chunk->sctp_hdr->vtag != 0) return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_init_chunk_t))) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); err_chunk = NULL; if (!sctp_verify_init(asoc, chunk->chunk_hdr->type, (sctp_init_chunk_t *)chunk->chunk_hdr, chunk, &err_chunk)) { if (err_chunk) { packet = sctp_abort_pkt_new(ep, asoc, arg, (__u8 *)(err_chunk->chunk_hdr) + sizeof(sctp_chunkhdr_t), ntohs(err_chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t)); sctp_chunk_free(err_chunk); if (packet) { sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(packet)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); return SCTP_DISPOSITION_CONSUME; } else { return SCTP_DISPOSITION_NOMEM; } } else { return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); } } chunk->subh.init_hdr = (sctp_inithdr_t *)chunk->skb->data; chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t)); new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC); if (!new_asoc) goto nomem; if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, sctp_source(chunk), (sctp_init_chunk_t *)chunk->chunk_hdr, GFP_ATOMIC)) goto nomem_init; len = 0; if (err_chunk) len = ntohs(err_chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0) goto nomem_init; repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len); if (!repl) goto nomem_init; if (err_chunk) { unk_param = (sctp_unrecognized_param_t *) ((__u8 *)(err_chunk->chunk_hdr) + sizeof(sctp_chunkhdr_t)); sctp_addto_chunk(repl, len, unk_param); sctp_chunk_free(err_chunk); } sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); return SCTP_DISPOSITION_DELETE_TCB; nomem_init: sctp_association_free(new_asoc); nomem: if (err_chunk) sctp_chunk_free(err_chunk); return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,144890448382107918155995237282181740420,0 2963,CWE-20,"stf_status ikev2parent_inI2outR2(struct msg_digest *md) { struct state *st = md->st; DBG(DBG_CONTROLMORE, DBG_log( ""ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2"")); if (!md->chain[ISAKMP_NEXT_v2E]) { libreswan_log(""R2 state should receive an encrypted payload""); reset_globals(); return STF_FATAL; } { struct dh_continuation *dh = alloc_thing( struct dh_continuation, ""ikev2_inI2outR2 KE""); stf_status e; dh->md = md; set_suspended(st, dh->md); pcrc_init(&dh->dh_pcrc); dh->dh_pcrc.pcrc_func = ikev2_parent_inI2outR2_continue; e = start_dh_v2(&dh->dh_pcrc, st, st->st_import, RESPONDER, st->st_oakley.groupnum); if (e != STF_SUSPEND && e != STF_INLINE) { loglog(RC_CRYPTOFAILED, ""system too busy""); delete_state(st); } reset_globals(); return e; } }",visit repo url,programs/pluto/ikev2_parent.c,https://github.com/libreswan/libreswan,25875613898138,1 3310,['CWE-189'],"static void jpc_dec_cp_resetflags(jpc_dec_cp_t *cp) { int compno; jpc_dec_ccp_t *ccp; cp->flags &= (JPC_CSET | JPC_QSET); for (compno = 0, ccp = cp->ccps; compno < cp->numcomps; ++compno, ++ccp) { ccp->flags = 0; } }",jasper,,,179759407460428233795294543787027735326,0 5483,['CWE-476'],"int kvm_dev_ioctl_check_extension(long ext) { int r; switch (ext) { case KVM_CAP_IRQCHIP: case KVM_CAP_HLT: case KVM_CAP_MMU_SHADOW_CACHE_CONTROL: case KVM_CAP_SET_TSS_ADDR: case KVM_CAP_EXT_CPUID: case KVM_CAP_CLOCKSOURCE: case KVM_CAP_PIT: case KVM_CAP_NOP_IO_DELAY: case KVM_CAP_MP_STATE: case KVM_CAP_SYNC_MMU: case KVM_CAP_REINJECT_CONTROL: case KVM_CAP_IRQ_INJECT_STATUS: case KVM_CAP_ASSIGN_DEV_IRQ: r = 1; break; case KVM_CAP_COALESCED_MMIO: r = KVM_COALESCED_MMIO_PAGE_OFFSET; break; case KVM_CAP_VAPIC: r = !kvm_x86_ops->cpu_has_accelerated_tpr(); break; case KVM_CAP_NR_VCPUS: r = KVM_MAX_VCPUS; break; case KVM_CAP_NR_MEMSLOTS: r = KVM_MEMORY_SLOTS; break; case KVM_CAP_PV_MMU: r = !tdp_enabled; break; case KVM_CAP_IOMMU: r = iommu_found(); break; default: r = 0; break; } return r; }",linux-2.6,,,203710518813635649305923037608420392148,0 3800,[],"static long unix_wait_for_peer(struct sock *other, long timeo) { struct unix_sock *u = unix_sk(other); int sched; DEFINE_WAIT(wait); prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE); sched = !sock_flag(other, SOCK_DEAD) && !(other->sk_shutdown & RCV_SHUTDOWN) && (skb_queue_len(&other->sk_receive_queue) > other->sk_max_ack_backlog); unix_state_unlock(other); if (sched) timeo = schedule_timeout(timeo); finish_wait(&u->peer_wait, &wait); return timeo; }",linux-2.6,,,80093679095573387851289918957063670923,0 6501,CWE-787,"void trustedSetSEK_backup(int *errStatus, char *errString, uint8_t *encrypted_sek, uint32_t *enc_len, const char *sek_hex) { CALL_ONCE LOG_INFO(__FUNCTION__); INIT_ERROR_STATE CHECK_STATE(encrypted_sek); CHECK_STATE(sek_hex); uint64_t len; hex2carray(sek_hex, &len, (uint8_t *) AES_key); derive_DH_Key(); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex); if (*errStatus != 0) { LOG_ERROR(""sealHexSEK failed""); goto clean; } SET_SUCCESS clean: ; LOG_INFO(__FUNCTION__ ); LOG_INFO(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,205328220013181,1 1986,['CWE-20'],"static __init void vdso_setup_trampolines(struct lib32_elfinfo *v32, struct lib64_elfinfo *v64) { #ifdef CONFIG_PPC64 vdso64_rt_sigtramp = find_function64(v64, ""__kernel_sigtramp_rt64""); #endif vdso32_sigtramp = find_function32(v32, ""__kernel_sigtramp32""); vdso32_rt_sigtramp = find_function32(v32, ""__kernel_sigtramp_rt32""); }",linux-2.6,,,86265376108256159286525450990127946485,0 4952,['CWE-20'],"void nfs_put_client(struct nfs_client *clp) { if (!clp) return; dprintk(""--> nfs_put_client({%d})\n"", atomic_read(&clp->cl_count)); if (atomic_dec_and_lock(&clp->cl_count, &nfs_client_lock)) { list_del(&clp->cl_share_link); spin_unlock(&nfs_client_lock); BUG_ON(!list_empty(&clp->cl_superblocks)); nfs_free_client(clp); } }",linux-2.6,,,228876711561711494901428556628822153142,0 3353,[],"static inline int nlmsg_len(const struct nlmsghdr *nlh) { return nlh->nlmsg_len - NLMSG_HDRLEN; }",linux-2.6,,,131262605036114318055971867823471577031,0 2133,CWE-416,"int ipmi_destroy_user(struct ipmi_user *user) { _ipmi_destroy_user(user); cleanup_srcu_struct(&user->release_barrier); kref_put(&user->refcount, free_user); return 0; }",visit repo url,drivers/char/ipmi/ipmi_msghandler.c,https://github.com/torvalds/linux,260688602459856,1 3561,CWE-20,"static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf, int bufsize) { assert(!stream->bufbase_); if (bufmode != JAS_STREAM_UNBUF) { if (!buf) { if ((stream->bufbase_ = jas_malloc(JAS_STREAM_BUFSIZE + JAS_STREAM_MAXPUTBACK))) { stream->bufmode_ |= JAS_STREAM_FREEBUF; stream->bufsize_ = JAS_STREAM_BUFSIZE; } else { stream->bufbase_ = stream->tinybuf_; stream->bufsize_ = 1; } } else { assert(bufsize > JAS_STREAM_MAXPUTBACK); stream->bufbase_ = JAS_CAST(uchar *, buf); stream->bufsize_ = bufsize - JAS_STREAM_MAXPUTBACK; } } else { assert(!buf); stream->bufbase_ = stream->tinybuf_; stream->bufsize_ = 1; } stream->bufstart_ = &stream->bufbase_[JAS_STREAM_MAXPUTBACK]; stream->ptr_ = stream->bufstart_; stream->cnt_ = 0; stream->bufmode_ |= bufmode & JAS_STREAM_BUFMODEMASK; }",visit repo url,src/libjasper/base/jas_stream.c,https://github.com/mdadams/jasper,98761166910627,1 6465,[],"lt_dladvise_preload (lt_dladvise *padvise) { assert (padvise && *padvise); (*padvise)->try_preload_only = 1; return 0; }",libtool,,,32762092716794372117454204149650054552,0 6709,CWE-116,"find_sessions(const char *dir, regex_t *re, const char *user, const char *tty) { DIR *d; struct dirent *dp; struct stat sb; size_t sdlen, sessions_len = 0, sessions_size = 0; unsigned int i; int len; char pathbuf[PATH_MAX], **sessions = NULL; #ifdef HAVE_STRUCT_DIRENT_D_TYPE bool checked_type = true; #else const bool checked_type = false; #endif debug_decl(find_sessions, SUDO_DEBUG_UTIL); d = opendir(dir); if (d == NULL) sudo_fatal(U_(""unable to open %s""), dir); sdlen = strlcpy(pathbuf, dir, sizeof(pathbuf)); if (sdlen + 1 >= sizeof(pathbuf)) { errno = ENAMETOOLONG; sudo_fatal(""%s/"", dir); } pathbuf[sdlen++] = '/'; pathbuf[sdlen] = '\0'; while ((dp = readdir(d)) != NULL) { if (dp->d_name[0] == '.' && (dp->d_name[1] == '\0' || (dp->d_name[1] == '.' && dp->d_name[2] == '\0'))) continue; #ifdef HAVE_STRUCT_DIRENT_D_TYPE if (checked_type) { if (dp->d_type != DT_DIR) { if (dp->d_type != DT_UNKNOWN) continue; checked_type = false; } } #endif if (sessions_len + 1 > sessions_size) { if (sessions_size == 0) sessions_size = 36 * 36 / 2; sessions = reallocarray(sessions, sessions_size, 2 * sizeof(char *)); if (sessions == NULL) sudo_fatalx(U_(""%s: %s""), __func__, U_(""unable to allocate memory"")); sessions_size *= 2; } if ((sessions[sessions_len] = strdup(dp->d_name)) == NULL) sudo_fatalx(U_(""%s: %s""), __func__, U_(""unable to allocate memory"")); sessions_len++; } closedir(d); if (sessions != NULL) { qsort(sessions, sessions_len, sizeof(char *), session_compare); for (i = 0; i < sessions_len; i++) { len = snprintf(&pathbuf[sdlen], sizeof(pathbuf) - sdlen, ""%s/log"", sessions[i]); if (len < 0 || (size_t)len >= sizeof(pathbuf) - sdlen) { errno = ENAMETOOLONG; sudo_fatal(""%s/%s/log"", dir, sessions[i]); } free(sessions[i]); if (lstat(pathbuf, &sb) == 0 && S_ISREG(sb.st_mode)) { pathbuf[sdlen + len - 4] = '\0'; list_session(pathbuf, re, user, tty); } else { pathbuf[sdlen + len - 4] = '\0'; if (checked_type || (lstat(pathbuf, &sb) == 0 && S_ISDIR(sb.st_mode))) find_sessions(pathbuf, re, user, tty); } } free(sessions); } debug_return_int(0); }",visit repo url,plugins/sudoers/sudoreplay.c,https://github.com/sudo-project/sudo,145525949442755,1 1339,['CWE-399'],"__ipip6_tunnel_locate_prl(struct ip_tunnel *t, __be32 addr) { struct ip_tunnel_prl_entry *p = (struct ip_tunnel_prl_entry *)NULL; for (p = t->prl; p; p = p->next) if (p->addr == addr) break; return p; }",linux-2.6,,,327673878740862005797639702763037892697,0 5245,['CWE-264'],"static uint32 get_pai_entry_val(struct pai_entry *paie) { switch (paie->owner_type) { case UID_ACE: DEBUG(10,(""get_pai_entry_val: uid = %u\n"", (unsigned int)paie->unix_ug.uid )); return (uint32)paie->unix_ug.uid; case GID_ACE: DEBUG(10,(""get_pai_entry_val: gid = %u\n"", (unsigned int)paie->unix_ug.gid )); return (uint32)paie->unix_ug.gid; case WORLD_ACE: default: DEBUG(10,(""get_pai_entry_val: world ace\n"")); return (uint32)-1; } }",samba,,,114469199296106266574791299129433981867,0 1015,['CWE-94'],"static int get_iovec_page_array(const struct iovec __user *iov, unsigned int nr_vecs, struct page **pages, struct partial_page *partial, int aligned) { int buffers = 0, error = 0; down_read(¤t->mm->mmap_sem); while (nr_vecs) { unsigned long off, npages; struct iovec entry; void __user *base; size_t len; int i; error = -EFAULT; if (copy_from_user_mmap_sem(&entry, iov, sizeof(entry))) break; base = entry.iov_base; len = entry.iov_len; error = 0; if (unlikely(!len)) break; error = -EFAULT; if (!access_ok(VERIFY_READ, base, len)) break; off = (unsigned long) base & ~PAGE_MASK; error = -EINVAL; if (aligned && (off || len & ~PAGE_MASK)) break; npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT; if (npages > PIPE_BUFFERS - buffers) npages = PIPE_BUFFERS - buffers; error = get_user_pages(current, current->mm, (unsigned long) base, npages, 0, 0, &pages[buffers], NULL); if (unlikely(error <= 0)) break; for (i = 0; i < error; i++) { const int plen = min_t(size_t, len, PAGE_SIZE - off); partial[buffers].offset = off; partial[buffers].len = plen; off = 0; len -= plen; buffers++; } if (len) break; if (error < npages || buffers == PIPE_BUFFERS) break; nr_vecs--; iov++; } up_read(¤t->mm->mmap_sem); if (buffers) return buffers; return error; }",linux-2.6,,,230196709563596818991580927917549992752,0 1562,CWE-264,"struct request *blk_mq_tag_to_rq(struct blk_mq_tags *tags, unsigned int tag) { struct request *rq = tags->rqs[tag]; struct blk_flush_queue *fq = blk_get_flush_queue(rq->q, rq->mq_ctx); if (!is_flush_request(rq, fq, tag)) return rq; return fq->flush_rq; }",visit repo url,block/blk-mq.c,https://github.com/torvalds/linux,251679991210755,1 887,['CWE-200'],"static void shmem_destroy_inode(struct inode *inode) { if ((inode->i_mode & S_IFMT) == S_IFREG) { mpol_free_shared_policy(&SHMEM_I(inode)->policy); } shmem_acl_destroy_inode(inode); kmem_cache_free(shmem_inode_cachep, SHMEM_I(inode)); }",linux-2.6,,,164288759202631695132758330749393275256,0 3794,CWE-416,"get_function_line( exarg_T *eap, char_u **line_to_free, int indent, getline_opt_T getline_options) { char_u *theline; if (eap->getline == NULL) theline = getcmdline(':', 0L, indent, 0); else theline = eap->getline(':', eap->cookie, indent, getline_options); if (theline != NULL) { if (*eap->cmdlinep == *line_to_free) *eap->cmdlinep = theline; vim_free(*line_to_free); *line_to_free = theline; } return theline; }",visit repo url,src/userfunc.c,https://github.com/vim/vim,131443209886281,1 1610,CWE-264,"static int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct in6_addr *daddr, *final_p, final; struct dst_entry *dst; struct flowi6 fl6; struct ip6_flowlabel *flowlabel = NULL; struct ipv6_txoptions *opt; int addr_type; int err; if (usin->sin6_family == AF_INET) { if (__ipv6_only_sock(sk)) return -EAFNOSUPPORT; err = __ip4_datagram_connect(sk, uaddr, addr_len); goto ipv4_connected; } if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; if (usin->sin6_family != AF_INET6) return -EAFNOSUPPORT; memset(&fl6, 0, sizeof(fl6)); if (np->sndflow) { fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } } addr_type = ipv6_addr_type(&usin->sin6_addr); if (addr_type == IPV6_ADDR_ANY) { usin->sin6_addr.s6_addr[15] = 0x01; } daddr = &usin->sin6_addr; if (addr_type == IPV6_ADDR_MAPPED) { struct sockaddr_in sin; if (__ipv6_only_sock(sk)) { err = -ENETUNREACH; goto out; } sin.sin_family = AF_INET; sin.sin_addr.s_addr = daddr->s6_addr32[3]; sin.sin_port = usin->sin6_port; err = __ip4_datagram_connect(sk, (struct sockaddr *) &sin, sizeof(sin)); ipv4_connected: if (err) goto out; ipv6_addr_set_v4mapped(inet->inet_daddr, &sk->sk_v6_daddr); if (ipv6_addr_any(&np->saddr) || ipv6_mapped_addr_any(&np->saddr)) ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); if (ipv6_addr_any(&sk->sk_v6_rcv_saddr) || ipv6_mapped_addr_any(&sk->sk_v6_rcv_saddr)) { ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, &sk->sk_v6_rcv_saddr); if (sk->sk_prot->rehash) sk->sk_prot->rehash(sk); } goto out; } if (__ipv6_addr_needs_scope_id(addr_type)) { if (addr_len >= sizeof(struct sockaddr_in6) && usin->sin6_scope_id) { if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != usin->sin6_scope_id) { err = -EINVAL; goto out; } sk->sk_bound_dev_if = usin->sin6_scope_id; } if (!sk->sk_bound_dev_if && (addr_type & IPV6_ADDR_MULTICAST)) sk->sk_bound_dev_if = np->mcast_oif; if (!sk->sk_bound_dev_if) { err = -EINVAL; goto out; } } sk->sk_v6_daddr = *daddr; np->flow_label = fl6.flowlabel; inet->inet_dport = usin->sin6_port; fl6.flowi6_proto = sk->sk_protocol; fl6.daddr = sk->sk_v6_daddr; fl6.saddr = np->saddr; fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = sk->sk_mark; fl6.fl6_dport = inet->inet_dport; fl6.fl6_sport = inet->inet_sport; if (!fl6.flowi6_oif && (addr_type&IPV6_ADDR_MULTICAST)) fl6.flowi6_oif = np->mcast_oif; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); opt = flowlabel ? flowlabel->opt : np->opt; final_p = fl6_update_dst(&fl6, opt, &final); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); err = 0; if (IS_ERR(dst)) { err = PTR_ERR(dst); goto out; } if (ipv6_addr_any(&np->saddr)) np->saddr = fl6.saddr; if (ipv6_addr_any(&sk->sk_v6_rcv_saddr)) { sk->sk_v6_rcv_saddr = fl6.saddr; inet->inet_rcv_saddr = LOOPBACK4_IPV6; if (sk->sk_prot->rehash) sk->sk_prot->rehash(sk); } ip6_dst_store(sk, dst, ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr) ? &sk->sk_v6_daddr : NULL, #ifdef CONFIG_IPV6_SUBTREES ipv6_addr_equal(&fl6.saddr, &np->saddr) ? &np->saddr : #endif NULL); sk->sk_state = TCP_ESTABLISHED; sk_set_txhash(sk); out: fl6_sock_release(flowlabel); return err; }",visit repo url,net/ipv6/datagram.c,https://github.com/torvalds/linux,39393262186986,1 1255,NVD-CWE-Other,"static inline struct keydata *get_keyptr(void) { struct keydata *keyptr = &ip_keydata[ip_cnt & 1]; smp_rmb(); return keyptr; }",visit repo url,drivers/char/random.c,https://github.com/torvalds/linux,187195402883107,1 5459,['CWE-476'],"int kvm_arch_init(void *opaque) { int r, cpu; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; if (kvm_x86_ops) { printk(KERN_ERR ""kvm: already loaded the other module\n""); r = -EEXIST; goto out; } if (!ops->cpu_has_kvm_support()) { printk(KERN_ERR ""kvm: no hardware support\n""); r = -EOPNOTSUPP; goto out; } if (ops->disabled_by_bios()) { printk(KERN_ERR ""kvm: disabled by bios\n""); r = -EOPNOTSUPP; goto out; } r = kvm_mmu_module_init(); if (r) goto out; kvm_init_msr_list(); kvm_x86_ops = ops; kvm_mmu_set_nonpresent_ptes(0ull, 0ull); kvm_mmu_set_base_ptes(PT_PRESENT_MASK); kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK, PT_DIRTY_MASK, PT64_NX_MASK, 0, 0); for_each_possible_cpu(cpu) per_cpu(cpu_tsc_khz, cpu) = tsc_khz; if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) { tsc_khz_ref = tsc_khz; cpufreq_register_notifier(&kvmclock_cpufreq_notifier_block, CPUFREQ_TRANSITION_NOTIFIER); } return 0; out: return r; }",linux-2.6,,,268487528256552544983055753105652463809,0 2982,['CWE-189'],"int jas_image_readcmpt(jas_image_t *image, int cmptno, jas_image_coord_t x, jas_image_coord_t y, jas_image_coord_t width, jas_image_coord_t height, jas_matrix_t *data) { jas_image_cmpt_t *cmpt; jas_image_coord_t i; jas_image_coord_t j; int k; jas_seqent_t v; int c; jas_seqent_t *dr; jas_seqent_t *d; int drs; if (cmptno < 0 || cmptno >= image->numcmpts_) { return -1; } cmpt = image->cmpts_[cmptno]; if (x >= cmpt->width_ || y >= cmpt->height_ || x + width > cmpt->width_ || y + height > cmpt->height_) { return -1; } if (!jas_matrix_numrows(data) || !jas_matrix_numcols(data)) { return -1; } if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) { if (jas_matrix_resize(data, height, width)) { return -1; } } dr = jas_matrix_getref(data, 0, 0); drs = jas_matrix_rowstep(data); for (i = 0; i < height; ++i, dr += drs) { d = dr; if (jas_stream_seek(cmpt->stream_, (cmpt->width_ * (y + i) + x) * cmpt->cps_, SEEK_SET) < 0) { return -1; } for (j = width; j > 0; --j, ++d) { v = 0; for (k = cmpt->cps_; k > 0; --k) { if ((c = jas_stream_getc(cmpt->stream_)) == EOF) { return -1; } v = (v << 8) | (c & 0xff); } *d = bitstoint(v, cmpt->prec_, cmpt->sgnd_); } } return 0; }",jasper,,,65348203836144563058110573566925531793,0 3176,CWE-125,"llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, const struct lladdr_info *src, const struct lladdr_info *dst) { uint8_t dsap_field, dsap, ssap_field, ssap; uint16_t control; int hdrlen; int is_u; if (caplen < 3) { ND_PRINT((ndo, ""[|llc]"")); ND_DEFAULTPRINT((const u_char *)p, caplen); return (caplen); } if (length < 3) { ND_PRINT((ndo, ""[|llc]"")); ND_DEFAULTPRINT((const u_char *)p, caplen); return (length); } dsap_field = *p; ssap_field = *(p + 1); control = *(p + 2); if ((control & LLC_U_FMT) == LLC_U_FMT) { is_u = 1; hdrlen = 3; } else { if (caplen < 4) { ND_PRINT((ndo, ""[|llc]"")); ND_DEFAULTPRINT((const u_char *)p, caplen); return (caplen); } if (length < 4) { ND_PRINT((ndo, ""[|llc]"")); ND_DEFAULTPRINT((const u_char *)p, caplen); return (length); } control = EXTRACT_LE_16BITS(p + 2); is_u = 0; hdrlen = 4; } if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) { if (ndo->ndo_eflag) ND_PRINT((ndo, ""IPX 802.3: "")); ipx_print(ndo, p, length); return (0); } dsap = dsap_field & ~LLC_IG; ssap = ssap_field & ~LLC_GSAP; if (ndo->ndo_eflag) { ND_PRINT((ndo, ""LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s"", tok2str(llc_values, ""Unknown"", dsap), dsap, tok2str(llc_ig_flag_values, ""Unknown"", dsap_field & LLC_IG), tok2str(llc_values, ""Unknown"", ssap), ssap, tok2str(llc_flag_values, ""Unknown"", ssap_field & LLC_GSAP))); if (is_u) { ND_PRINT((ndo, "", ctrl 0x%02x: "", control)); } else { ND_PRINT((ndo, "", ctrl 0x%04x: "", control)); } } p += hdrlen; length -= hdrlen; caplen -= hdrlen; if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP && control == LLC_UI) { if (!snap_print(ndo, p, length, caplen, src, dst, 2)) { return (-(hdrlen + 5)); } else return (hdrlen + 5); } if (ssap == LLCSAP_8021D && dsap == LLCSAP_8021D && control == LLC_UI) { stp_print(ndo, p, length); return (hdrlen); } if (ssap == LLCSAP_IP && dsap == LLCSAP_IP && control == LLC_UI) { ip_print(ndo, p, length); return (hdrlen); } if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX && control == LLC_UI) { if (ndo->ndo_eflag) ND_PRINT((ndo, ""IPX 802.2: "")); ipx_print(ndo, p, length); return (hdrlen); } #ifdef ENABLE_SMB if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI && (!(control & LLC_S_FMT) || control == LLC_U_FMT)) { netbeui_print(ndo, control, p, length); return (hdrlen); } #endif if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS && control == LLC_UI) { isoclns_print(ndo, p, length, caplen); return (hdrlen); } if (!ndo->ndo_eflag) { if (ssap == dsap) { if (src == NULL || dst == NULL) ND_PRINT((ndo, ""%s "", tok2str(llc_values, ""Unknown DSAP 0x%02x"", dsap))); else ND_PRINT((ndo, ""%s > %s %s "", (src->addr_string)(ndo, src->addr), (dst->addr_string)(ndo, dst->addr), tok2str(llc_values, ""Unknown DSAP 0x%02x"", dsap))); } else { if (src == NULL || dst == NULL) ND_PRINT((ndo, ""%s > %s "", tok2str(llc_values, ""Unknown SSAP 0x%02x"", ssap), tok2str(llc_values, ""Unknown DSAP 0x%02x"", dsap))); else ND_PRINT((ndo, ""%s %s > %s %s "", (src->addr_string)(ndo, src->addr), tok2str(llc_values, ""Unknown SSAP 0x%02x"", ssap), (dst->addr_string)(ndo, dst->addr), tok2str(llc_values, ""Unknown DSAP 0x%02x"", dsap))); } } if (is_u) { ND_PRINT((ndo, ""Unnumbered, %s, Flags [%s], length %u"", tok2str(llc_cmd_values, ""%02x"", LLC_U_CMD(control)), tok2str(llc_flag_values,""?"",(ssap_field & LLC_GSAP) | (control & LLC_U_POLL)), length + hdrlen)); if ((control & ~LLC_U_POLL) == LLC_XID) { if (length == 0) { return (hdrlen); } if (caplen < 1) { ND_PRINT((ndo, ""[|llc]"")); if (caplen > 0) ND_DEFAULTPRINT((const u_char *)p, caplen); return (hdrlen); } if (*p == LLC_XID_FI) { if (caplen < 3 || length < 3) { ND_PRINT((ndo, ""[|llc]"")); if (caplen > 0) ND_DEFAULTPRINT((const u_char *)p, caplen); } else ND_PRINT((ndo, "": %02x %02x"", p[1], p[2])); return (hdrlen); } } } else { if ((control & LLC_S_FMT) == LLC_S_FMT) { ND_PRINT((ndo, ""Supervisory, %s, rcv seq %u, Flags [%s], length %u"", tok2str(llc_supervisory_values,""?"",LLC_S_CMD(control)), LLC_IS_NR(control), tok2str(llc_flag_values,""?"",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)), length + hdrlen)); return (hdrlen); } else { ND_PRINT((ndo, ""Information, send seq %u, rcv seq %u, Flags [%s], length %u"", LLC_I_NS(control), LLC_IS_NR(control), tok2str(llc_flag_values,""?"",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)), length + hdrlen)); } } return (-hdrlen); }",visit repo url,print-llc.c,https://github.com/the-tcpdump-group/tcpdump,212154047467949,1 943,['CWE-200'],"static inline struct page *shmem_dir_alloc(gfp_t gfp_mask) { return alloc_pages((gfp_mask & ~GFP_MOVABLE_MASK) | __GFP_ZERO, PAGE_CACHE_SHIFT-PAGE_SHIFT); }",linux-2.6,,,166300216698132984896862410211027671352,0 522,['CWE-399'],"static void usb_pwc_disconnect(struct usb_interface *intf) { struct pwc_device *pdev; int hint; lock_kernel(); pdev = usb_get_intfdata (intf); usb_set_intfdata (intf, NULL); if (pdev == NULL) { PWC_ERROR(""pwc_disconnect() Called without private pointer.\n""); goto disconnect_out; } if (pdev->udev == NULL) { PWC_ERROR(""pwc_disconnect() already called for %p\n"", pdev); goto disconnect_out; } if (pdev->udev != interface_to_usbdev(intf)) { PWC_ERROR(""pwc_disconnect() Woops: pointer mismatch udev/pdev.\n""); goto disconnect_out; } if (pdev->vopen) { PWC_INFO(""Disconnected while webcam is in use!\n""); pdev->error_status = EPIPE; } wake_up_interruptible(&pdev->frameq); if(pdev->vopen) { pdev->unplugged = 1; } else { PWC_DEBUG_PROBE(""Unregistering video device in disconnect().\n""); pwc_cleanup(pdev); kfree(pdev); disconnect_out: for (hint = 0; hint < MAX_DEV_HINTS; hint++) if (device_hint[hint].pdev == pdev) device_hint[hint].pdev = NULL; } unlock_kernel(); }",linux-2.6,,,157595063714595412050767314624393006901,0 3281,['CWE-189'],"static int jas_icccurv_output(jas_iccattrval_t *attrval, jas_stream_t *out) { jas_icccurv_t *curv = &attrval->data.curv; unsigned int i; if (jas_iccputuint32(out, curv->numents)) goto error; for (i = 0; i < curv->numents; ++i) { if (jas_iccputuint16(out, curv->ents[i])) goto error; } return 0; error: return -1; }",jasper,,,339788642247586785631615496045830066502,0 4162,CWE-476,"TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) { TIFFDirectory *td = &tif->tif_dir; char *sep; long l, n; #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) fprintf(fd, ""TIFF Directory at offset 0x%I64x (%I64u)\n"", (unsigned __int64) tif->tif_diroff, (unsigned __int64) tif->tif_diroff); #else fprintf(fd, ""TIFF Directory at offset 0x%llx (%llu)\n"", (unsigned long long) tif->tif_diroff, (unsigned long long) tif->tif_diroff); #endif if (TIFFFieldSet(tif,FIELD_SUBFILETYPE)) { fprintf(fd, "" Subfile Type:""); sep = "" ""; if (td->td_subfiletype & FILETYPE_REDUCEDIMAGE) { fprintf(fd, ""%sreduced-resolution image"", sep); sep = ""/""; } if (td->td_subfiletype & FILETYPE_PAGE) { fprintf(fd, ""%smulti-page document"", sep); sep = ""/""; } if (td->td_subfiletype & FILETYPE_MASK) fprintf(fd, ""%stransparency mask"", sep); fprintf(fd, "" (%lu = 0x%lx)\n"", (unsigned long) td->td_subfiletype, (long) td->td_subfiletype); } if (TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS)) { fprintf(fd, "" Image Width: %lu Image Length: %lu"", (unsigned long) td->td_imagewidth, (unsigned long) td->td_imagelength); if (TIFFFieldSet(tif,FIELD_IMAGEDEPTH)) fprintf(fd, "" Image Depth: %lu"", (unsigned long) td->td_imagedepth); fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_TILEDIMENSIONS)) { fprintf(fd, "" Tile Width: %lu Tile Length: %lu"", (unsigned long) td->td_tilewidth, (unsigned long) td->td_tilelength); if (TIFFFieldSet(tif,FIELD_TILEDEPTH)) fprintf(fd, "" Tile Depth: %lu"", (unsigned long) td->td_tiledepth); fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_RESOLUTION)) { fprintf(fd, "" Resolution: %g, %g"", td->td_xresolution, td->td_yresolution); if (TIFFFieldSet(tif,FIELD_RESOLUTIONUNIT)) { switch (td->td_resolutionunit) { case RESUNIT_NONE: fprintf(fd, "" (unitless)""); break; case RESUNIT_INCH: fprintf(fd, "" pixels/inch""); break; case RESUNIT_CENTIMETER: fprintf(fd, "" pixels/cm""); break; default: fprintf(fd, "" (unit %u = 0x%x)"", td->td_resolutionunit, td->td_resolutionunit); break; } } fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_POSITION)) fprintf(fd, "" Position: %g, %g\n"", td->td_xposition, td->td_yposition); if (TIFFFieldSet(tif,FIELD_BITSPERSAMPLE)) fprintf(fd, "" Bits/Sample: %u\n"", td->td_bitspersample); if (TIFFFieldSet(tif,FIELD_SAMPLEFORMAT)) { fprintf(fd, "" Sample Format: ""); switch (td->td_sampleformat) { case SAMPLEFORMAT_VOID: fprintf(fd, ""void\n""); break; case SAMPLEFORMAT_INT: fprintf(fd, ""signed integer\n""); break; case SAMPLEFORMAT_UINT: fprintf(fd, ""unsigned integer\n""); break; case SAMPLEFORMAT_IEEEFP: fprintf(fd, ""IEEE floating point\n""); break; case SAMPLEFORMAT_COMPLEXINT: fprintf(fd, ""complex signed integer\n""); break; case SAMPLEFORMAT_COMPLEXIEEEFP: fprintf(fd, ""complex IEEE floating point\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_sampleformat, td->td_sampleformat); break; } } if (TIFFFieldSet(tif,FIELD_COMPRESSION)) { const TIFFCodec* c = TIFFFindCODEC(td->td_compression); fprintf(fd, "" Compression Scheme: ""); if (c) fprintf(fd, ""%s\n"", c->name); else fprintf(fd, ""%u (0x%x)\n"", td->td_compression, td->td_compression); } if (TIFFFieldSet(tif,FIELD_PHOTOMETRIC)) { fprintf(fd, "" Photometric Interpretation: ""); if (td->td_photometric < NPHOTONAMES) fprintf(fd, ""%s\n"", photoNames[td->td_photometric]); else { switch (td->td_photometric) { case PHOTOMETRIC_LOGL: fprintf(fd, ""CIE Log2(L)\n""); break; case PHOTOMETRIC_LOGLUV: fprintf(fd, ""CIE Log2(L) (u',v')\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_photometric, td->td_photometric); break; } } } if (TIFFFieldSet(tif,FIELD_EXTRASAMPLES) && td->td_extrasamples) { uint16 i; fprintf(fd, "" Extra Samples: %u<"", td->td_extrasamples); sep = """"; for (i = 0; i < td->td_extrasamples; i++) { switch (td->td_sampleinfo[i]) { case EXTRASAMPLE_UNSPECIFIED: fprintf(fd, ""%sunspecified"", sep); break; case EXTRASAMPLE_ASSOCALPHA: fprintf(fd, ""%sassoc-alpha"", sep); break; case EXTRASAMPLE_UNASSALPHA: fprintf(fd, ""%sunassoc-alpha"", sep); break; default: fprintf(fd, ""%s%u (0x%x)"", sep, td->td_sampleinfo[i], td->td_sampleinfo[i]); break; } sep = "", ""; } fprintf(fd, "">\n""); } if (TIFFFieldSet(tif,FIELD_INKNAMES)) { char* cp; uint16 i; fprintf(fd, "" Ink Names: ""); i = td->td_samplesperpixel; sep = """"; for (cp = td->td_inknames; i > 0 && cp < td->td_inknames + td->td_inknameslen; cp = strchr(cp,'\0')+1, i--) { size_t max_chars = td->td_inknameslen - (cp - td->td_inknames); fputs(sep, fd); _TIFFprintAsciiBounded(fd, cp, max_chars); sep = "", ""; } fputs(""\n"", fd); } if (TIFFFieldSet(tif,FIELD_THRESHHOLDING)) { fprintf(fd, "" Thresholding: ""); switch (td->td_threshholding) { case THRESHHOLD_BILEVEL: fprintf(fd, ""bilevel art scan\n""); break; case THRESHHOLD_HALFTONE: fprintf(fd, ""halftone or dithered scan\n""); break; case THRESHHOLD_ERRORDIFFUSE: fprintf(fd, ""error diffused\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_threshholding, td->td_threshholding); break; } } if (TIFFFieldSet(tif,FIELD_FILLORDER)) { fprintf(fd, "" FillOrder: ""); switch (td->td_fillorder) { case FILLORDER_MSB2LSB: fprintf(fd, ""msb-to-lsb\n""); break; case FILLORDER_LSB2MSB: fprintf(fd, ""lsb-to-msb\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_fillorder, td->td_fillorder); break; } } if (TIFFFieldSet(tif,FIELD_YCBCRSUBSAMPLING)) { fprintf(fd, "" YCbCr Subsampling: %u, %u\n"", td->td_ycbcrsubsampling[0], td->td_ycbcrsubsampling[1] ); } if (TIFFFieldSet(tif,FIELD_YCBCRPOSITIONING)) { fprintf(fd, "" YCbCr Positioning: ""); switch (td->td_ycbcrpositioning) { case YCBCRPOSITION_CENTERED: fprintf(fd, ""centered\n""); break; case YCBCRPOSITION_COSITED: fprintf(fd, ""cosited\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_ycbcrpositioning, td->td_ycbcrpositioning); break; } } if (TIFFFieldSet(tif,FIELD_HALFTONEHINTS)) fprintf(fd, "" Halftone Hints: light %u dark %u\n"", td->td_halftonehints[0], td->td_halftonehints[1]); if (TIFFFieldSet(tif,FIELD_ORIENTATION)) { fprintf(fd, "" Orientation: ""); if (td->td_orientation < NORIENTNAMES) fprintf(fd, ""%s\n"", orientNames[td->td_orientation]); else fprintf(fd, ""%u (0x%x)\n"", td->td_orientation, td->td_orientation); } if (TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL)) fprintf(fd, "" Samples/Pixel: %u\n"", td->td_samplesperpixel); if (TIFFFieldSet(tif,FIELD_ROWSPERSTRIP)) { fprintf(fd, "" Rows/Strip: ""); if (td->td_rowsperstrip == (uint32) -1) fprintf(fd, ""(infinite)\n""); else fprintf(fd, ""%lu\n"", (unsigned long) td->td_rowsperstrip); } if (TIFFFieldSet(tif,FIELD_MINSAMPLEVALUE)) fprintf(fd, "" Min Sample Value: %u\n"", td->td_minsamplevalue); if (TIFFFieldSet(tif,FIELD_MAXSAMPLEVALUE)) fprintf(fd, "" Max Sample Value: %u\n"", td->td_maxsamplevalue); if (TIFFFieldSet(tif,FIELD_SMINSAMPLEVALUE)) { int i; int count = (tif->tif_flags & TIFF_PERSAMPLE) ? td->td_samplesperpixel : 1; fprintf(fd, "" SMin Sample Value:""); for (i = 0; i < count; ++i) fprintf(fd, "" %g"", td->td_sminsamplevalue[i]); fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_SMAXSAMPLEVALUE)) { int i; int count = (tif->tif_flags & TIFF_PERSAMPLE) ? td->td_samplesperpixel : 1; fprintf(fd, "" SMax Sample Value:""); for (i = 0; i < count; ++i) fprintf(fd, "" %g"", td->td_smaxsamplevalue[i]); fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_PLANARCONFIG)) { fprintf(fd, "" Planar Configuration: ""); switch (td->td_planarconfig) { case PLANARCONFIG_CONTIG: fprintf(fd, ""single image plane\n""); break; case PLANARCONFIG_SEPARATE: fprintf(fd, ""separate image planes\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_planarconfig, td->td_planarconfig); break; } } if (TIFFFieldSet(tif,FIELD_PAGENUMBER)) fprintf(fd, "" Page Number: %u-%u\n"", td->td_pagenumber[0], td->td_pagenumber[1]); if (TIFFFieldSet(tif,FIELD_COLORMAP)) { fprintf(fd, "" Color Map: ""); if (flags & TIFFPRINT_COLORMAP) { fprintf(fd, ""\n""); n = 1L<td_bitspersample; for (l = 0; l < n; l++) fprintf(fd, "" %5ld: %5u %5u %5u\n"", l, td->td_colormap[0][l], td->td_colormap[1][l], td->td_colormap[2][l]); } else fprintf(fd, ""(present)\n""); } if (TIFFFieldSet(tif,FIELD_REFBLACKWHITE)) { int i; fprintf(fd, "" Reference Black/White:\n""); for (i = 0; i < 3; i++) fprintf(fd, "" %2d: %5g %5g\n"", i, td->td_refblackwhite[2*i+0], td->td_refblackwhite[2*i+1]); } if (TIFFFieldSet(tif,FIELD_TRANSFERFUNCTION)) { fprintf(fd, "" Transfer Function: ""); if (flags & TIFFPRINT_CURVES) { fprintf(fd, ""\n""); n = 1L<td_bitspersample; for (l = 0; l < n; l++) { uint16 i; fprintf(fd, "" %2ld: %5u"", l, td->td_transferfunction[0][l]); for (i = 1; i < td->td_samplesperpixel; i++) fprintf(fd, "" %5u"", td->td_transferfunction[i][l]); fputc('\n', fd); } } else fprintf(fd, ""(present)\n""); } if (TIFFFieldSet(tif, FIELD_SUBIFD) && (td->td_subifd)) { uint16 i; fprintf(fd, "" SubIFD Offsets:""); for (i = 0; i < td->td_nsubifd; i++) #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) fprintf(fd, "" %5I64u"", (unsigned __int64) td->td_subifd[i]); #else fprintf(fd, "" %5llu"", (unsigned long long) td->td_subifd[i]); #endif fputc('\n', fd); } { int i; short count; count = (short) TIFFGetTagListCount(tif); for(i = 0; i < count; i++) { uint32 tag = TIFFGetTagListEntry(tif, i); const TIFFField *fip; uint32 value_count; int mem_alloc = 0; void *raw_data; fip = TIFFFieldWithTag(tif, tag); if(fip == NULL) continue; if(fip->field_passcount) { if (fip->field_readcount == TIFF_VARIABLE2 ) { if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1) continue; } else if (fip->field_readcount == TIFF_VARIABLE ) { uint16 small_value_count; if(TIFFGetField(tif, tag, &small_value_count, &raw_data) != 1) continue; value_count = small_value_count; } else { assert (fip->field_readcount == TIFF_VARIABLE || fip->field_readcount == TIFF_VARIABLE2); continue; } } else { if (fip->field_readcount == TIFF_VARIABLE || fip->field_readcount == TIFF_VARIABLE2) value_count = 1; else if (fip->field_readcount == TIFF_SPP) value_count = td->td_samplesperpixel; else value_count = fip->field_readcount; if (fip->field_tag == TIFFTAG_DOTRANGE && strcmp(fip->field_name,""DotRange"") == 0) { static uint16 dotrange[2]; raw_data = dotrange; TIFFGetField(tif, tag, dotrange+0, dotrange+1); } else if (fip->field_type == TIFF_ASCII || fip->field_readcount == TIFF_VARIABLE || fip->field_readcount == TIFF_VARIABLE2 || fip->field_readcount == TIFF_SPP || value_count > 1) { if(TIFFGetField(tif, tag, &raw_data) != 1) continue; } else { raw_data = _TIFFmalloc( _TIFFDataSize(fip->field_type) * value_count); mem_alloc = 1; if(TIFFGetField(tif, tag, raw_data) != 1) { _TIFFfree(raw_data); continue; } } } if (!_TIFFPrettyPrintField(tif, fip, fd, tag, value_count, raw_data)) _TIFFPrintField(fd, fip, value_count, raw_data); if(mem_alloc) _TIFFfree(raw_data); } } if (tif->tif_tagmethods.printdir) (*tif->tif_tagmethods.printdir)(tif, fd, flags); _TIFFFillStriles( tif ); if ((flags & TIFFPRINT_STRIPS) && TIFFFieldSet(tif,FIELD_STRIPOFFSETS)) { uint32 s; fprintf(fd, "" %lu %s:\n"", (unsigned long) td->td_nstrips, isTiled(tif) ? ""Tiles"" : ""Strips""); for (s = 0; s < td->td_nstrips; s++) #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) fprintf(fd, "" %3lu: [%8I64u, %8I64u]\n"", (unsigned long) s, (unsigned __int64) td->td_stripoffset[s], (unsigned __int64) td->td_stripbytecount[s]); #else fprintf(fd, "" %3lu: [%8llu, %8llu]\n"", (unsigned long) s, (unsigned long long) td->td_stripoffset[s], (unsigned long long) td->td_stripbytecount[s]); #endif } }",visit repo url,libtiff/tif_print.c,https://gitlab.com/libtiff/libtiff,186601367195280,1 2054,['CWE-269'],"static void commit_tree(struct vfsmount *mnt) { struct vfsmount *parent = mnt->mnt_parent; struct vfsmount *m; LIST_HEAD(head); struct mnt_namespace *n = parent->mnt_ns; BUG_ON(parent == mnt); list_add_tail(&head, &mnt->mnt_list); list_for_each_entry(m, &head, mnt_list) m->mnt_ns = n; list_splice(&head, n->list.prev); list_add_tail(&mnt->mnt_hash, mount_hashtable + hash(parent, mnt->mnt_mountpoint)); list_add_tail(&mnt->mnt_child, &parent->mnt_mounts); touch_mnt_namespace(n); }",linux-2.6,,,307666254818360461375879889541640978776,0 3457,CWE-119,"static char *get_pid_environ_val(pid_t pid,char *val){ char temp[500]; int i=0; int foundit=0; FILE *fp; sprintf(temp,""/proc/%d/environ"",pid); fp=fopen(temp,""r""); if(fp==NULL) return NULL; for(;;){ temp[i]=fgetc(fp); if(foundit==1 && (temp[i]==0 || temp[i]=='\0' || temp[i]==EOF)){ char *ret; temp[i]=0; ret=malloc(strlen(temp)+10); sprintf(ret,""%s"",temp); fclose(fp); return ret; } switch(temp[i]){ case EOF: fclose(fp); return NULL; case '=': temp[i]=0; if(!strcmp(temp,val)){ foundit=1; } i=0; break; case '\0': i=0; break; default: i++; } } }",visit repo url,das_watchdog.c,https://github.com/kmatheussen/das_watchdog,255327802910083,1 2180,CWE-416,"static struct page *follow_pmd_mask(struct vm_area_struct *vma, unsigned long address, pud_t *pudp, unsigned int flags, struct follow_page_context *ctx) { pmd_t *pmd, pmdval; spinlock_t *ptl; struct page *page; struct mm_struct *mm = vma->vm_mm; pmd = pmd_offset(pudp, address); pmdval = READ_ONCE(*pmd); if (pmd_none(pmdval)) return no_page_table(vma, flags); if (pmd_huge(pmdval) && vma->vm_flags & VM_HUGETLB) { page = follow_huge_pmd(mm, address, pmd, flags); if (page) return page; return no_page_table(vma, flags); } if (is_hugepd(__hugepd(pmd_val(pmdval)))) { page = follow_huge_pd(vma, address, __hugepd(pmd_val(pmdval)), flags, PMD_SHIFT); if (page) return page; return no_page_table(vma, flags); } retry: if (!pmd_present(pmdval)) { if (likely(!(flags & FOLL_MIGRATION))) return no_page_table(vma, flags); VM_BUG_ON(thp_migration_supported() && !is_pmd_migration_entry(pmdval)); if (is_pmd_migration_entry(pmdval)) pmd_migration_entry_wait(mm, pmd); pmdval = READ_ONCE(*pmd); if (pmd_none(pmdval)) return no_page_table(vma, flags); goto retry; } if (pmd_devmap(pmdval)) { ptl = pmd_lock(mm, pmd); page = follow_devmap_pmd(vma, address, pmd, flags, &ctx->pgmap); spin_unlock(ptl); if (page) return page; } if (likely(!pmd_trans_huge(pmdval))) return follow_page_pte(vma, address, pmd, flags, &ctx->pgmap); if ((flags & FOLL_NUMA) && pmd_protnone(pmdval)) return no_page_table(vma, flags); retry_locked: ptl = pmd_lock(mm, pmd); if (unlikely(pmd_none(*pmd))) { spin_unlock(ptl); return no_page_table(vma, flags); } if (unlikely(!pmd_present(*pmd))) { spin_unlock(ptl); if (likely(!(flags & FOLL_MIGRATION))) return no_page_table(vma, flags); pmd_migration_entry_wait(mm, pmd); goto retry_locked; } if (unlikely(!pmd_trans_huge(*pmd))) { spin_unlock(ptl); return follow_page_pte(vma, address, pmd, flags, &ctx->pgmap); } if (flags & FOLL_SPLIT) { int ret; page = pmd_page(*pmd); if (is_huge_zero_page(page)) { spin_unlock(ptl); ret = 0; split_huge_pmd(vma, pmd, address); if (pmd_trans_unstable(pmd)) ret = -EBUSY; } else { get_page(page); spin_unlock(ptl); lock_page(page); ret = split_huge_page(page); unlock_page(page); put_page(page); if (pmd_none(*pmd)) return no_page_table(vma, flags); } return ret ? ERR_PTR(ret) : follow_page_pte(vma, address, pmd, flags, &ctx->pgmap); } page = follow_trans_huge_pmd(vma, address, pmd, flags); spin_unlock(ptl); ctx->page_mask = HPAGE_PMD_NR - 1; return page; }",visit repo url,mm/gup.c,https://github.com/torvalds/linux,19264466424844,1 1665,CWE-416,"static int perf_swevent_add(struct perf_event *event, int flags) { struct swevent_htable *swhash = this_cpu_ptr(&swevent_htable); struct hw_perf_event *hwc = &event->hw; struct hlist_head *head; if (is_sampling_event(event)) { hwc->last_period = hwc->sample_period; perf_swevent_set_period(event); } hwc->state = !(flags & PERF_EF_START); head = find_swevent_head(swhash, event); if (!head) { WARN_ON_ONCE(swhash->online); return -EINVAL; } hlist_add_head_rcu(&event->hlist_entry, head); perf_event_update_userpage(event); return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,55809942209332,1 6510,['CWE-20'],"static inline int emulate_grp1a(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) { struct decode_cache *c = &ctxt->decode; int rc; rc = emulate_pop(ctxt, ops, &c->dst.val, c->dst.bytes); if (rc != 0) return rc; return 0; }",kvm,,,116859467122381499623004088765562170089,0 2444,['CWE-119'],"int run_diff_files(struct rev_info *revs, unsigned int option) { int entries, i; int diff_unmerged_stage = revs->max_count; int silent_on_removed = option & DIFF_SILENT_ON_REMOVED; unsigned ce_option = ((option & DIFF_RACY_IS_MODIFIED) ? CE_MATCH_RACY_IS_DIRTY : 0); char symcache[PATH_MAX]; if (diff_unmerged_stage < 0) diff_unmerged_stage = 2; entries = active_nr; symcache[0] = '\0'; for (i = 0; i < entries; i++) { struct stat st; unsigned int oldmode, newmode; struct cache_entry *ce = active_cache[i]; int changed; if (DIFF_OPT_TST(&revs->diffopt, QUIET) && DIFF_OPT_TST(&revs->diffopt, HAS_CHANGES)) break; if (!ce_path_match(ce, revs->prune_data)) continue; if (ce_stage(ce)) { struct combine_diff_path *dpath; int num_compare_stages = 0; size_t path_len; path_len = ce_namelen(ce); dpath = xmalloc(combine_diff_path_size(5, path_len)); dpath->path = (char *) &(dpath->parent[5]); dpath->next = NULL; dpath->len = path_len; memcpy(dpath->path, ce->name, path_len); dpath->path[path_len] = '\0'; hashclr(dpath->sha1); memset(&(dpath->parent[0]), 0, sizeof(struct combine_diff_parent)*5); changed = check_removed(ce, &st); if (!changed) dpath->mode = ce_mode_from_stat(ce, st.st_mode); else { if (changed < 0) { perror(ce->name); continue; } if (silent_on_removed) continue; } while (i < entries) { struct cache_entry *nce = active_cache[i]; int stage; if (strcmp(ce->name, nce->name)) break; stage = ce_stage(nce); if (2 <= stage) { int mode = nce->ce_mode; num_compare_stages++; hashcpy(dpath->parent[stage-2].sha1, nce->sha1); dpath->parent[stage-2].mode = ce_mode_from_stat(nce, mode); dpath->parent[stage-2].status = DIFF_STATUS_MODIFIED; } if (stage == diff_unmerged_stage) ce = nce; i++; } i--; if (revs->combine_merges && num_compare_stages == 2) { show_combined_diff(dpath, 2, revs->dense_combined_merges, revs); free(dpath); continue; } free(dpath); dpath = NULL; diff_unmerge(&revs->diffopt, ce->name, 0, null_sha1); if (ce_stage(ce) != diff_unmerged_stage) continue; } if (ce_uptodate(ce)) continue; changed = check_removed(ce, &st); if (changed) { if (changed < 0) { perror(ce->name); continue; } if (silent_on_removed) continue; diff_addremove(&revs->diffopt, '-', ce->ce_mode, ce->sha1, ce->name); continue; } changed = ce_match_stat(ce, &st, ce_option); if (!changed) { ce_mark_uptodate(ce); if (!DIFF_OPT_TST(&revs->diffopt, FIND_COPIES_HARDER)) continue; } oldmode = ce->ce_mode; newmode = ce_mode_from_stat(ce, st.st_mode); diff_change(&revs->diffopt, oldmode, newmode, ce->sha1, (changed ? null_sha1 : ce->sha1), ce->name); } diffcore_std(&revs->diffopt); diff_flush(&revs->diffopt); return 0; }",git,,,267406503309307460103833949258826464248,0 2230,['CWE-193'],"int filemap_fdatawrite_range(struct address_space *mapping, loff_t start, loff_t end) { return __filemap_fdatawrite_range(mapping, start, end, WB_SYNC_ALL); }",linux-2.6,,,178119045537244535294058958371039442400,0 775,CWE-20,"static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct iucv_sock *iucv = iucv_sk(sk); unsigned int copied, rlen; struct sk_buff *skb, *rskb, *cskb; int err = 0; u32 offset; msg->msg_namelen = 0; if ((sk->sk_state == IUCV_DISCONN) && skb_queue_empty(&iucv->backlog_skb_q) && skb_queue_empty(&sk->sk_receive_queue) && list_empty(&iucv->message_q.list)) return 0; if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } offset = IUCV_SKB_CB(skb)->offset; rlen = skb->len - offset; copied = min_t(unsigned int, rlen, len); if (!rlen) sk->sk_shutdown = sk->sk_shutdown | RCV_SHUTDOWN; cskb = skb; if (skb_copy_datagram_iovec(cskb, offset, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } if (sk->sk_type == SOCK_SEQPACKET) { if (copied < rlen) msg->msg_flags |= MSG_TRUNC; msg->msg_flags |= MSG_EOR; } err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, sizeof(IUCV_SKB_CB(skb)->class), (void *)&IUCV_SKB_CB(skb)->class); if (err) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return err; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM) { if (copied < rlen) { IUCV_SKB_CB(skb)->offset = offset + copied; goto done; } } kfree_skb(skb); if (iucv->transport == AF_IUCV_TRANS_HIPER) { atomic_inc(&iucv->msg_recv); if (atomic_read(&iucv->msg_recv) > iucv->msglimit) { WARN_ON(1); iucv_sock_close(sk); return -EFAULT; } } spin_lock_bh(&iucv->message_q.lock); rskb = skb_dequeue(&iucv->backlog_skb_q); while (rskb) { IUCV_SKB_CB(rskb)->offset = 0; if (sock_queue_rcv_skb(sk, rskb)) { skb_queue_head(&iucv->backlog_skb_q, rskb); break; } else { rskb = skb_dequeue(&iucv->backlog_skb_q); } } if (skb_queue_empty(&iucv->backlog_skb_q)) { if (!list_empty(&iucv->message_q.list)) iucv_process_message_q(sk); if (atomic_read(&iucv->msg_recv) >= iucv->msglimit / 2) { err = iucv_send_ctrl(sk, AF_IUCV_FLAG_WIN); if (err) { sk->sk_state = IUCV_DISCONN; sk->sk_state_change(sk); } } } spin_unlock_bh(&iucv->message_q.lock); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/iucv/af_iucv.c,https://github.com/torvalds/linux,252125006578245,1 31,['CWE-264'],"static void pdo_sqlite_cleanup_callbacks(pdo_sqlite_db_handle *H TSRMLS_DC) { struct pdo_sqlite_func *func; while (H->funcs) { func = H->funcs; H->funcs = func->next; if (H->db) { sqlite3_create_function(H->db, func->funcname, func->argc, SQLITE_UTF8, func, NULL, NULL, NULL); } efree((char*)func->funcname); if (func->func) { zval_ptr_dtor(&func->func); } if (func->step) { zval_ptr_dtor(&func->step); } if (func->fini) { zval_ptr_dtor(&func->fini); } efree(func); } while (H->collations) { struct pdo_sqlite_collation *collation; collation = H->collations; H->collations = collation->next; if (H->db) { sqlite3_create_collation(H->db, collation->name, SQLITE_UTF8, collation, NULL); } efree((char*)collation->name); if (collation->callback) { zval_ptr_dtor(&collation->callback); } efree(collation); } }",php-src,,,269030955495640479783910421917387571349,0 3376,NVD-CWE-noinfo,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { const char *option; float *chromaticity, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status; MagickBooleanType status; MagickSizeType number_pixels; QuantumInfo *quantum_info; QuantumType quantum_type; register ssize_t i; size_t pad; ssize_t y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag, bits_per_sample, endian, extra_samples, interlace, max_sample_value, min_sample_value, orientation, pages, photometric, *sample_info, sample_format, samples_per_pixel, units, value; uint32 height, rows_per_strip, width; unsigned char *pixels; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info,exception); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t) TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } do { DisableMSCWarning(4127) if (0 && (image_info->verbose != MagickFalse)) TIFFPrintDirectory(tiff,stdout,MagickFalse); RestoreMSCWarning if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point"", exception); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black"", exception); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white"", exception); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette"",exception); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB"",exception); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB"",exception); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)"", exception); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV"",exception); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK"",exception); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated"",exception); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR"",exception); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown"",exception); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"", exception)); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb"",exception); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb"",exception); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) SetImageColorspace(image,GRAYColorspace,exception); if (photometric == PHOTOMETRIC_SEPARATED) SetImageColorspace(image,CMYKColorspace,exception); if (photometric == PHOTOMETRIC_CIELAB) SetImageColorspace(image,LabColorspace,exception); TIFFGetProfiles(tiff,image,image_info->ping,exception); TIFFGetProperties(tiff,image,exception); option=GetImageOption(image_info,""tiff:exif-properties""); if (IsStringFalse(option) == MagickFalse) TIFFGetEXIFProperties(tiff,image,exception); (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL, &samples_per_pixel); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution) == 1)) { image->resolution.x=x_resolution; image->resolution.y=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position) == 1)) { image->page.x=(ssize_t) ceil(x_position*image->resolution.x-0.5); image->page.y=(ssize_t) ceil(y_position*image->resolution.y-0.5); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MagickPathExtent]; int tiff_status; uint16 horizontal, vertical; tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_YCBCRSUBSAMPLING, &horizontal,&vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MagickPathExtent, ""%dx%d"",horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor,exception); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; default: image->compression=RLECompression; break; } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) { TIFFClose(tiff); quantum_info=DestroyQuantumInfo(quantum_info); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified"",exception); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->alpha_trait=BlendPixelTrait; } else for (i=0; i < extra_samples; i++) { image->alpha_trait=BlendPixelTrait; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated"", exception); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) (void) SetImageProperty(image,""tiff:alpha"",""unassociated"", exception); } } if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors,exception) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } value=(unsigned short) image->scene; if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages) == 1) image->scene=value; if (image->storage_class == PseudoClass) { int tiff_status; size_t range; uint16 *blue_colormap, *green_colormap, *red_colormap; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } if (image->alpha_trait == UndefinedPixelTrait) image->depth=GetImageDepth(image,exception); } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) { quantum_info=DestroyQuantumInfo(quantum_info); break; } goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); method=ReadGenericMethod; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char value[MagickPathExtent]; method=ReadStripMethod; (void) FormatLocaleString(value,MagickPathExtent,""%u"", (unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",value,exception); } if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_CONTIG)) method=ReadRGBAMethod; if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_SEPARATE)) method=ReadCMYKAMethod; if ((photometric != PHOTOMETRIC_RGB) && (photometric != PHOTOMETRIC_CIELAB) && (photometric != PHOTOMETRIC_SEPARATED)) method=ReadGenericMethod; if (image->storage_class == PseudoClass) method=ReadSingleSampleMethod; if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) method=ReadSingleSampleMethod; if ((photometric != PHOTOMETRIC_SEPARATED) && (interlace == PLANARCONFIG_SEPARATE) && (bits_per_sample < 64)) method=ReadGenericMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); if (compress_tag == COMPRESSION_JBIG) method=ReadStripMethod; if (TIFFIsTiled(tiff) != MagickFalse) method=ReadTileMethod; quantum_info->endian=LSBEndian; quantum_type=RGBQuantum; pixels=(unsigned char *) GetQuantumPixels(quantum_info); switch (method) { case ReadSingleSampleMethod: { quantum_type=IndexQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-1,0); if (image->alpha_trait != UndefinedPixelTrait) { if (image->storage_class != PseudoClass) { quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-2,0); } else { quantum_type=IndexAlphaQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-2,0); } } else if (image->storage_class != PseudoClass) { quantum_type=GrayQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-1,0); } status=SetQuantumPad(image,quantum_info,pad*pow(2,ceil(log( bits_per_sample)/log(2)))); if (status == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadRGBAMethod: { pad=(size_t) MagickMax((size_t) samples_per_pixel-3,0); quantum_type=RGBQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); } if (image->colorspace == CMYKColorspace) { pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); quantum_type=CMYKQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadCMYKAMethod: { for (i=0; i < (ssize_t) samples_per_pixel; i++) { for (y=0; y < (ssize_t) image->rows; y++) { register Quantum *magick_restrict q; int status; status=TIFFReadPixels(tiff,bits_per_sample,(tsample_t) i,y,(char *) pixels); if (status == -1) break; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; if (image->colorspace != CMYKColorspace) switch (i) { case 0: quantum_type=RedQuantum; break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: quantum_type=AlphaQuantum; break; default: quantum_type=UndefinedQuantum; break; } else switch (i) { case 0: quantum_type=CyanQuantum; break; case 1: quantum_type=MagentaQuantum; break; case 2: quantum_type=YellowQuantum; break; case 3: quantum_type=BlackQuantum; break; case 4: quantum_type=AlphaQuantum; break; default: quantum_type=UndefinedQuantum; break; } (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadYCCKMethod: { pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; register ssize_t x; unsigned char *p; status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456)),q); SetPixelMagenta(image,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984)),q); SetPixelYellow(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816)),q); SetPixelBlack(image,ScaleCharToQuantum((unsigned char) *(p+3)),q); q+=GetPixelChannels(image); p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { register uint32 *p; i=0; p=(uint32 *) NULL; for (y=0; y < (ssize_t) image->rows; y++) { register ssize_t x; register Quantum *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; if (i == 0) { if (TIFFReadRGBAStrip(tiff,(tstrip_t) y,(uint32 *) pixels) == 0) break; i=(ssize_t) MagickMin((ssize_t) rows_per_strip,(ssize_t) image->rows-y); } i--; p=((uint32 *) pixels)+image->columns*i; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) (TIFFGetR(*p))),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) (TIFFGetG(*p))),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) (TIFFGetB(*p))),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) (TIFFGetA(*p))),q); p++; q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadTileMethod: { register uint32 *p; uint32 *tile_pixels, columns, rows; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) { TIFFClose(tiff); ThrowReaderException(CoderError,""ImageIsNotTiled""); } (void) SetImageStorageClass(image,DirectClass,exception); number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } tile_pixels=(uint32 *) AcquireQuantumMemory(columns,rows* sizeof(*tile_pixels)); if (tile_pixels == (uint32 *) NULL) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } for (y=0; y < (ssize_t) image->rows; y+=rows) { register ssize_t x; register Quantum *magick_restrict q, *magick_restrict tile; size_t columns_remaining, rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; tile=QueueAuthenticPixels(image,0,y,image->columns,rows_remaining, exception); if (tile == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t column, row; if (TIFFReadRGBATile(tiff,(uint32) x,(uint32) y,tile_pixels) == 0) break; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; p=tile_pixels+(rows-rows_remaining)*columns; q=tile+GetPixelChannels(image)*(image->columns*(rows_remaining-1)+ x); for (row=rows_remaining; row > 0; row--) { if (image->alpha_trait != UndefinedPixelTrait) for (column=columns_remaining; column > 0; column--) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) TIFFGetA(*p)),q); p++; q+=GetPixelChannels(image); } else for (column=columns_remaining; column > 0; column--) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); p++; q+=GetPixelChannels(image); } p+=columns-columns_remaining; q-=GetPixelChannels(image)*(image->columns+columns_remaining); } } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } tile_pixels=(uint32 *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *pixel_info; register uint32 *p; uint32 *pixels; number_pixels=(MagickSizeType) image->columns*image->rows; if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixel_info=AcquireVirtualMemory(image->columns,image->rows* sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixels=(uint32 *) GetVirtualMemoryBlob(pixel_info); (void) TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32) image->rows,(uint32 *) pixels,0); p=pixels+number_pixels-1; for (y=0; y < (ssize_t) image->rows; y++) { register ssize_t x; register Quantum *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; q+=GetPixelChannels(image)*(image->columns-1); for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) TIFFGetA(*p)),q); p--; q-=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } pixel_info=RelinquishVirtualMemory(pixel_info); break; } } SetQuantumImageType(image,quantum_type); next_tiff_frame: quantum_info=DestroyQuantumInfo(quantum_info); if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status != MagickFalse) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while (status != MagickFalse); TIFFClose(tiff); TIFFReadPhotoshopLayers(image,image_info,exception); if (image_info->number_scenes != 0) { if (image_info->scene >= GetImageListLength(image)) { image=DestroyImageList(image); return((Image *)NULL); } } return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,277676502060841,1 5522,['CWE-119'],"int ecryptfs_write_packet_length(char *dest, size_t size, size_t *packet_size_length) { int rc = 0; if (size < 192) { dest[0] = size; (*packet_size_length) = 1; } else if (size < 65536) { dest[0] = (((size - 192) / 256) + 192); dest[1] = ((size - 192) % 256); (*packet_size_length) = 2; } else { rc = -EINVAL; ecryptfs_printk(KERN_WARNING, ""Unsupported packet size: [%d]\n"", size); } return rc; }",linux-2.6,,,72743372271498324315355223226922278614,0 780,CWE-20,"static int pfkey_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct pfkey_sock *pfk = pfkey_sk(sk); struct sk_buff *skb; int copied, err; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) goto out; msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); err = (flags & MSG_TRUNC) ? skb->len : copied; if (pfk->dump.dump != NULL && 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) pfkey_do_dump(pfk); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/key/af_key.c,https://github.com/torvalds/linux,186000895945295,1 4589,['CWE-399'],"static int ext4_da_writepage(struct page *page, struct writeback_control *wbc) { int ret = 0; loff_t size; unsigned int len; struct buffer_head *page_bufs; struct inode *inode = page->mapping->host; trace_mark(ext4_da_writepage, ""dev %s ino %lu page_index %lu"", inode->i_sb->s_id, inode->i_ino, page->index); size = i_size_read(inode); if (page->index == size >> PAGE_CACHE_SHIFT) len = size & ~PAGE_CACHE_MASK; else len = PAGE_CACHE_SIZE; if (page_has_buffers(page)) { page_bufs = page_buffers(page); if (walk_page_buffers(NULL, page_bufs, 0, len, NULL, ext4_bh_unmapped_or_delay)) { redirty_page_for_writepage(wbc, page); unlock_page(page); return 0; } } else { ret = block_prepare_write(page, 0, PAGE_CACHE_SIZE, ext4_normal_get_block_write); if (!ret) { page_bufs = page_buffers(page); if (walk_page_buffers(NULL, page_bufs, 0, len, NULL, ext4_bh_unmapped_or_delay)) { redirty_page_for_writepage(wbc, page); unlock_page(page); return 0; } } else { redirty_page_for_writepage(wbc, page); unlock_page(page); return 0; } block_commit_write(page, 0, PAGE_CACHE_SIZE); } if (test_opt(inode->i_sb, NOBH) && ext4_should_writeback_data(inode)) ret = nobh_writepage(page, ext4_normal_get_block_write, wbc); else ret = block_write_full_page(page, ext4_normal_get_block_write, wbc); return ret; }",linux-2.6,,,63993557895704974585526094390564445167,0 904,['CWE-200'],"static inline void shmem_dir_unmap(struct page **dir) { kunmap_atomic(dir, KM_USER0); }",linux-2.6,,,234415669587401861814186364186245008201,0 1325,CWE-119,"static __u8 *nci_extract_rf_params_nfca_passive_poll(struct nci_dev *ndev, struct rf_tech_specific_params_nfca_poll *nfca_poll, __u8 *data) { nfca_poll->sens_res = __le16_to_cpu(*((__u16 *)data)); data += 2; nfca_poll->nfcid1_len = *data++; pr_debug(""sens_res 0x%x, nfcid1_len %d\n"", nfca_poll->sens_res, nfca_poll->nfcid1_len); memcpy(nfca_poll->nfcid1, data, nfca_poll->nfcid1_len); data += nfca_poll->nfcid1_len; nfca_poll->sel_res_len = *data++; if (nfca_poll->sel_res_len != 0) nfca_poll->sel_res = *data++; pr_debug(""sel_res_len %d, sel_res 0x%x\n"", nfca_poll->sel_res_len, nfca_poll->sel_res); return data; }",visit repo url,net/nfc/nci/ntf.c,https://github.com/torvalds/linux,12878008678076,1 3468,['CWE-20'],"static void sctp_process_ext_param(struct sctp_association *asoc, union sctp_params param) { __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); int i; for (i = 0; i < num_ext; i++) { switch (param.ext->chunks[i]) { case SCTP_CID_FWD_TSN: if (sctp_prsctp_enable && !asoc->peer.prsctp_capable) asoc->peer.prsctp_capable = 1; break; case SCTP_CID_AUTH: if (sctp_auth_enable) asoc->peer.auth_capable = 1; break; case SCTP_CID_ASCONF: case SCTP_CID_ASCONF_ACK: if (sctp_addip_enable) asoc->peer.asconf_capable = 1; break; default: break; } } }",linux-2.6,,,287892557068863121560212523887262757508,0 4349,CWE-787,"MG_INTERNAL int parse_mqtt(struct mbuf *io, struct mg_mqtt_message *mm) { uint8_t header; size_t len = 0, len_len = 0; const char *p, *end; unsigned char lc = 0; int cmd; if (io->len < 2) return MG_MQTT_ERROR_INCOMPLETE_MSG; header = io->buf[0]; cmd = header >> 4; len = len_len = 0; p = io->buf + 1; while ((size_t)(p - io->buf) < io->len) { lc = *((const unsigned char *) p++); len += (lc & 0x7f) << 7 * len_len; len_len++; if (!(lc & 0x80)) break; if (len_len > 4) return MG_MQTT_ERROR_MALFORMED_MSG; } end = p + len; if (lc & 0x80 || len > (io->len - (p - io->buf))) { return MG_MQTT_ERROR_INCOMPLETE_MSG; } mm->cmd = cmd; mm->qos = MG_MQTT_GET_QOS(header); switch (cmd) { case MG_MQTT_CMD_CONNECT: { p = scanto(p, &mm->protocol_name); if (p > end - 4) return MG_MQTT_ERROR_MALFORMED_MSG; mm->protocol_version = *(uint8_t *) p++; mm->connect_flags = *(uint8_t *) p++; mm->keep_alive_timer = getu16(p); p += 2; if (p >= end) return MG_MQTT_ERROR_MALFORMED_MSG; p = scanto(p, &mm->client_id); if (p > end) return MG_MQTT_ERROR_MALFORMED_MSG; if (mm->connect_flags & MG_MQTT_HAS_WILL) { if (p >= end) return MG_MQTT_ERROR_MALFORMED_MSG; p = scanto(p, &mm->will_topic); } if (mm->connect_flags & MG_MQTT_HAS_WILL) { if (p >= end) return MG_MQTT_ERROR_MALFORMED_MSG; p = scanto(p, &mm->will_message); } if (mm->connect_flags & MG_MQTT_HAS_USER_NAME) { if (p >= end) return MG_MQTT_ERROR_MALFORMED_MSG; p = scanto(p, &mm->user_name); } if (mm->connect_flags & MG_MQTT_HAS_PASSWORD) { if (p >= end) return MG_MQTT_ERROR_MALFORMED_MSG; p = scanto(p, &mm->password); } if (p != end) return MG_MQTT_ERROR_MALFORMED_MSG; LOG(LL_DEBUG, (""%d %2x %d proto [%.*s] client_id [%.*s] will_topic [%.*s] "" ""will_msg [%.*s] user_name [%.*s] password [%.*s]"", (int) len, (int) mm->connect_flags, (int) mm->keep_alive_timer, (int) mm->protocol_name.len, mm->protocol_name.p, (int) mm->client_id.len, mm->client_id.p, (int) mm->will_topic.len, mm->will_topic.p, (int) mm->will_message.len, mm->will_message.p, (int) mm->user_name.len, mm->user_name.p, (int) mm->password.len, mm->password.p)); break; } case MG_MQTT_CMD_CONNACK: if (end - p < 2) return MG_MQTT_ERROR_MALFORMED_MSG; mm->connack_ret_code = p[1]; break; case MG_MQTT_CMD_PUBACK: case MG_MQTT_CMD_PUBREC: case MG_MQTT_CMD_PUBREL: case MG_MQTT_CMD_PUBCOMP: case MG_MQTT_CMD_SUBACK: mm->message_id = getu16(p); break; case MG_MQTT_CMD_PUBLISH: { p = scanto(p, &mm->topic); if (p > end) return MG_MQTT_ERROR_MALFORMED_MSG; if (mm->qos > 0) { if (end - p < 2) return MG_MQTT_ERROR_MALFORMED_MSG; mm->message_id = getu16(p); p += 2; } mm->payload.p = p; mm->payload.len = end - p; break; } case MG_MQTT_CMD_SUBSCRIBE: if (end - p < 2) return MG_MQTT_ERROR_MALFORMED_MSG; mm->message_id = getu16(p); p += 2; mm->payload.p = p; mm->payload.len = end - p; break; default: break; } mm->len = end - io->buf; return mm->len; }",visit repo url,src/mg_mqtt.c,https://github.com/cesanta/mongoose,58226587668360,1 6598,['CWE-200'],"nm_connection_list_new (GType def_type) { NMConnectionList *list; DBusGConnection *dbus_connection; GError *error = NULL; list = g_object_new (NM_TYPE_CONNECTION_LIST, NULL); if (!list) return NULL; list->gui = glade_xml_new (GLADEDIR ""/nm-connection-editor.glade"", ""NMConnectionList"", NULL); if (!list->gui) { g_warning (""Could not load Glade file for connection list""); goto error; } gtk_window_set_default_icon_name (""preferences-system-network""); list->icon_theme = gtk_icon_theme_get_for_screen (gdk_screen_get_default ()); ICON_LOAD(list->wired_icon, ""nm-device-wired""); ICON_LOAD(list->wireless_icon, ""nm-device-wireless""); ICON_LOAD(list->wwan_icon, ""nm-device-wwan""); ICON_LOAD(list->vpn_icon, ""nm-vpn-standalone-lock""); ICON_LOAD(list->unknown_icon, ""nm-no-connection""); list->client = gconf_client_get_default (); if (!list->client) goto error; dbus_connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error); if (error) { g_warning (""Could not connect to the system bus: %s"", error->message); g_error_free (error); goto error; } list->system_settings = nm_dbus_settings_system_new (dbus_connection); dbus_g_connection_unref (dbus_connection); g_signal_connect (list->system_settings, ""new-connection"", G_CALLBACK (connection_added), list); list->gconf_settings = nma_gconf_settings_new (NULL); g_signal_connect (list->gconf_settings, ""new-connection"", G_CALLBACK (connection_added), list); add_connection_tabs (list, def_type); list->editors = g_hash_table_new_full (g_direct_hash, g_direct_equal, g_object_unref, g_object_unref); list->dialog = glade_xml_get_widget (list->gui, ""NMConnectionList""); if (!list->dialog) goto error; g_signal_connect (G_OBJECT (list->dialog), ""response"", G_CALLBACK (dialog_response_cb), list); if (!vpn_get_plugins (&error)) { g_warning (""%s: failed to load VPN plugins: %s"", __func__, error->message); g_error_free (error); } return list; error: g_object_unref (list); return NULL; }",network-manager-applet,,,253462502972103573672102575708686027933,0 6466,CWE-476,"void sqlcipher_exportFunc(sqlite3_context *context, int argc, sqlite3_value **argv) { sqlite3 *db = sqlite3_context_db_handle(context); const char* targetDb, *sourceDb; int targetDb_idx = 0; u64 saved_flags = db->flags; u32 saved_mDbFlags = db->mDbFlags; int saved_nChange = db->nChange; int saved_nTotalChange = db->nTotalChange; u8 saved_mTrace = db->mTrace; int rc = SQLITE_OK; char *zSql = NULL; char *pzErrMsg = NULL; if(argc != 1 && argc != 2) { rc = SQLITE_ERROR; pzErrMsg = sqlite3_mprintf(""invalid number of arguments (%d) passed to sqlcipher_export"", argc); goto end_of_export; } targetDb = (const char*) sqlite3_value_text(argv[0]); sourceDb = (argc == 2) ? (char *) sqlite3_value_text(argv[1]) : ""main""; targetDb_idx = sqlcipher_find_db_index(db, targetDb); if(targetDb_idx == 0 && sqlite3StrICmp(""main"", targetDb) != 0) { rc = SQLITE_ERROR; pzErrMsg = sqlite3_mprintf(""unknown database %s"", targetDb); goto end_of_export; } db->init.iDb = targetDb_idx; db->flags |= SQLITE_WriteSchema | SQLITE_IgnoreChecks; db->mDbFlags |= DBFLAG_PreferBuiltin | DBFLAG_Vacuum; db->flags &= ~(u64)(SQLITE_ForeignKeys | SQLITE_ReverseOrder | SQLITE_Defensive | SQLITE_CountRows); db->mTrace = 0; zSql = sqlite3_mprintf( ""SELECT sql "" "" FROM %s.sqlite_master WHERE type='table' AND name!='sqlite_sequence'"" "" AND rootpage>0"" , sourceDb); rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql); if( rc!=SQLITE_OK ) goto end_of_export; sqlite3_free(zSql); zSql = sqlite3_mprintf( ""SELECT sql "" "" FROM %s.sqlite_master WHERE sql LIKE 'CREATE INDEX %%' "" , sourceDb); rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql); if( rc!=SQLITE_OK ) goto end_of_export; sqlite3_free(zSql); zSql = sqlite3_mprintf( ""SELECT sql "" "" FROM %s.sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %%'"" , sourceDb); rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql); if( rc!=SQLITE_OK ) goto end_of_export; sqlite3_free(zSql); zSql = sqlite3_mprintf( ""SELECT 'INSERT INTO %s.' || quote(name) "" ""|| ' SELECT * FROM %s.' || quote(name) || ';'"" ""FROM %s.sqlite_master "" ""WHERE type = 'table' AND name!='sqlite_sequence' "" "" AND rootpage>0"" , targetDb, sourceDb, sourceDb); rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql); if( rc!=SQLITE_OK ) goto end_of_export; sqlite3_free(zSql); zSql = sqlite3_mprintf( ""SELECT 'INSERT INTO %s.' || quote(name) "" ""|| ' SELECT * FROM %s.' || quote(name) || ';' "" ""FROM %s.sqlite_master WHERE name=='sqlite_sequence';"" , targetDb, sourceDb, targetDb); rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql); if( rc!=SQLITE_OK ) goto end_of_export; sqlite3_free(zSql); zSql = sqlite3_mprintf( ""INSERT INTO %s.sqlite_master "" "" SELECT type, name, tbl_name, rootpage, sql"" "" FROM %s.sqlite_master"" "" WHERE type='view' OR type='trigger'"" "" OR (type='table' AND rootpage=0)"" , targetDb, sourceDb); rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execSql(db, &pzErrMsg, zSql); if( rc!=SQLITE_OK ) goto end_of_export; sqlite3_free(zSql); zSql = NULL; end_of_export: db->init.iDb = 0; db->flags = saved_flags; db->mDbFlags = saved_mDbFlags; db->nChange = saved_nChange; db->nTotalChange = saved_nTotalChange; db->mTrace = saved_mTrace; if(zSql) sqlite3_free(zSql); if(rc) { if(pzErrMsg != NULL) { sqlite3_result_error(context, pzErrMsg, -1); sqlite3DbFree(db, pzErrMsg); } else { sqlite3_result_error(context, sqlite3ErrStr(rc), -1); } } }",visit repo url,src/crypto.c,https://github.com/sqlcipher/sqlcipher,96685411402882,1 1709,[],"void __cpuinit init_idle_bootup_task(struct task_struct *idle) { idle->sched_class = &idle_sched_class; }",linux-2.6,,,70593479633530866123238809128673857763,0 3072,CWE-119,"getword(f, word, newlinep, filename) FILE *f; char *word; int *newlinep; char *filename; { int c, len, escape; int quoted, comment; int value, digit, got, n; #define isoctal(c) ((c) >= '0' && (c) < '8') *newlinep = 0; len = 0; escape = 0; comment = 0; quoted = 0; for (;;) { c = getc(f); if (c == EOF) break; if (c == '\n') { if (!escape) { *newlinep = 1; comment = 0; } else escape = 0; continue; } if (comment) continue; if (escape) break; if (c == '\\') { escape = 1; continue; } if (c == '#') { comment = 1; continue; } if (!isspace(c)) break; } while (c != EOF) { if (escape) { escape = 0; if (c == '\n') { c = getc(f); continue; } got = 0; switch (c) { case 'a': value = '\a'; break; case 'b': value = '\b'; break; case 'f': value = '\f'; break; case 'n': value = '\n'; break; case 'r': value = '\r'; break; case 's': value = ' '; break; case 't': value = '\t'; break; default: if (isoctal(c)) { value = 0; for (n = 0; n < 3 && isoctal(c); ++n) { value = (value << 3) + (c & 07); c = getc(f); } got = 1; break; } if (c == 'x') { value = 0; c = getc(f); for (n = 0; n < 2 && isxdigit(c); ++n) { digit = toupper(c) - '0'; if (digit > 10) digit += '0' + 10 - 'A'; value = (value << 4) + digit; c = getc (f); } got = 1; break; } value = c; break; } if (len < MAXWORDLEN-1) word[len] = value; ++len; if (!got) c = getc(f); continue; } if (c == '\\') { escape = 1; c = getc(f); continue; } if (quoted) { if (c == quoted) { quoted = 0; c = getc(f); continue; } } else if (c == '""' || c == '\'') { quoted = c; c = getc(f); continue; } else if (isspace(c) || c == '#') { ungetc (c, f); break; } if (len < MAXWORDLEN-1) word[len] = c; ++len; c = getc(f); } if (c == EOF) { if (ferror(f)) { if (errno == 0) errno = EIO; option_error(""Error reading %s: %m"", filename); die(1); } if (len == 0) return 0; if (quoted) option_error(""warning: quoted word runs to end of file (%.20s...)"", filename, word); } if (len >= MAXWORDLEN) { option_error(""warning: word in file %s too long (%.20s...)"", filename, word); len = MAXWORDLEN - 1; } word[len] = 0; return 1; #undef isoctal }",visit repo url,pppd/options.c,https://github.com/paulusmack/ppp,132262938571613,1 3508,['CWE-20'],"sctp_disposition_t sctp_sf_autoclose_timer_expire( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { int disposition; SCTP_INC_STATS(SCTP_MIB_AUTOCLOSE_EXPIREDS); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD)); disposition = SCTP_DISPOSITION_CONSUME; if (sctp_outq_is_empty(&asoc->outqueue)) { disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type, arg, commands); } return disposition; }",linux-2.6,,,107731648416436607752856953434450409868,0 2212,['CWE-193'],"unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index, unsigned int nr_pages, struct page **pages) { unsigned int i; unsigned int ret; unsigned int nr_found; rcu_read_lock(); restart: nr_found = radix_tree_gang_lookup_slot(&mapping->page_tree, (void ***)pages, index, nr_pages); ret = 0; for (i = 0; i < nr_found; i++) { struct page *page; repeat: page = radix_tree_deref_slot((void **)pages[i]); if (unlikely(!page)) continue; if (unlikely(page == RADIX_TREE_RETRY)) goto restart; if (page->mapping == NULL || page->index != index) break; if (!page_cache_get_speculative(page)) goto repeat; if (unlikely(page != *((void **)pages[i]))) { page_cache_release(page); goto repeat; } pages[ret] = page; ret++; index++; } rcu_read_unlock(); return ret; }",linux-2.6,,,233238029402673530026510619003057578430,0 6506,CWE-787,"void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len, char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n, uint8_t ind) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE uint32_t enc_len; int status; CHECK_STATE(encrypted_skey); CHECK_STATE(result_str); CHECK_STATE(s_shareG2); CHECK_STATE(pub_keyB); LOG_DEBUG(__FUNCTION__); SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); SAFE_CHAR_BUF(pub_key_x, BUF_LEN);SAFE_CHAR_BUF(pub_key_y, BUF_LEN); trustedGenerateEcdsaKeyAES(&status, errString, encrypted_skey, &enc_len, pub_key_x, pub_key_y); CHECK_STATUS(""trustedGenerateEcdsaKeyAES failed""); status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN); skey[ECDSA_SKEY_LEN - 1] = 0; CHECK_STATUS2(""AES_decrypt failed (in trustedGetEncryptedSecretShareAES) with status %d""); *dec_len = enc_len; SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN); status = gen_session_key(skey, pub_keyB, common_key); CHECK_STATUS(""gen_session_key failed"") SAFE_CHAR_BUF(s_share, ECDSA_SKEY_LEN); status = calc_secret_share(getThreadLocalDecryptedDkgPoly(), s_share, _t, _n, ind); CHECK_STATUS(""calc secret share failed"") status = calc_secret_shareG2(s_share, s_shareG2); CHECK_STATUS(""invalid decr secret share""); SAFE_CHAR_BUF(cypher, ECDSA_SKEY_LEN); status=xor_encrypt(common_key, s_share, cypher); CHECK_STATUS(""xor_encrypt failed"") strncpy(result_str, cypher, strlen(cypher)); strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x)); strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y)); SET_SUCCESS clean: ; LOG_INFO(__FUNCTION__ ); LOG_INFO(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,257248027359220,1 4182,CWE-476,"sraSpanInsertAfter(sraSpan *newspan, sraSpan *after) { newspan->_next = after->_next; newspan->_prev = after; after->_next->_prev = newspan; after->_next = newspan; }",visit repo url,libvncserver/rfbregion.c,https://github.com/LibVNC/libvncserver,186094616496449,1 6062,CWE-190,"static char get_bits(const bn_t a, int from, int to) { int f, t; dig_t mf, mt; RLC_RIP(from, f, from); RLC_RIP(to, t, to); if (f == t) { mf = RLC_MASK(from); if (to + 1 >= RLC_DIG) { mt = RLC_DMASK; } else { mt = RLC_MASK(to + 1); } mf = mf ^ mt; return ((a->dp[f] & (mf)) >> from); } else { mf = RLC_MASK(RLC_DIG - from) << from; mt = RLC_MASK(to + 1); return ((a->dp[f] & mf) >> from) | ((a->dp[t] & mt) << (RLC_DIG - from)); } }",visit repo url,src/bn/relic_bn_rec.c,https://github.com/relic-toolkit/relic,20309387468726,1 6010,['CWE-200'],"static int __ipv6_regen_rndid(struct inet6_dev *idev) { struct net_device *dev; struct scatterlist sg[2]; sg[0].page = virt_to_page(idev->entropy); sg[0].offset = offset_in_page(idev->entropy); sg[0].length = 8; sg[1].page = virt_to_page(idev->work_eui64); sg[1].offset = offset_in_page(idev->work_eui64); sg[1].length = 8; dev = idev->dev; if (ipv6_generate_eui64(idev->work_eui64, dev)) { printk(KERN_INFO ""__ipv6_regen_rndid(idev=%p): cannot get EUI64 identifier; use random bytes.\n"", idev); get_random_bytes(idev->work_eui64, sizeof(idev->work_eui64)); } regen: spin_lock(&md5_tfm_lock); if (unlikely(md5_tfm == NULL)) { spin_unlock(&md5_tfm_lock); return -1; } crypto_digest_init(md5_tfm); crypto_digest_update(md5_tfm, sg, 2); crypto_digest_final(md5_tfm, idev->work_digest); spin_unlock(&md5_tfm_lock); memcpy(idev->rndid, &idev->work_digest[0], 8); idev->rndid[0] &= ~0x02; memcpy(idev->entropy, &idev->work_digest[8], 8); if (idev->rndid[0] == 0xfd && (idev->rndid[1]&idev->rndid[2]&idev->rndid[3]&idev->rndid[4]&idev->rndid[5]&idev->rndid[6]) == 0xff && (idev->rndid[7]&0x80)) goto regen; if ((idev->rndid[0]|idev->rndid[1]) == 0) { if (idev->rndid[2] == 0x5e && idev->rndid[3] == 0xfe) goto regen; if ((idev->rndid[2]|idev->rndid[3]|idev->rndid[4]|idev->rndid[5]|idev->rndid[6]|idev->rndid[7]) == 0x00) goto regen; } return 0; }",linux-2.6,,,215833737360876673257122376970725739430,0 2796,['CWE-264'],"sbni_setup( char *p ) { int n, parm; if( *p++ != '(' ) goto bad_param; for( n = 0, parm = 0; *p && n < 8; ) { (*dest[ parm ])[ n ] = simple_strtol( p, &p, 0 ); if( !*p || *p == ')' ) return 1; if( *p == ';' ) ++p, ++n, parm = 0; else if( *p++ != ',' ) break; else if( ++parm >= 5 ) break; } bad_param: printk( KERN_ERR ""Error in sbni kernel parameter!\n"" ); return 0; }",linux-2.6,,,276918884044688496050292700766161033025,0 3856,CWE-121,"spell_dump_compl( char_u *pat, int ic, int *dir, int dumpflags_arg) { langp_T *lp; slang_T *slang; idx_T arridx[MAXWLEN]; int curi[MAXWLEN]; char_u word[MAXWLEN]; int c; char_u *byts; idx_T *idxs; linenr_T lnum = 0; int round; int depth; int n; int flags; char_u *region_names = NULL; int do_region = TRUE; char_u *p; int lpi; int dumpflags = dumpflags_arg; int patlen; if (pat != NULL) { if (ic) dumpflags |= DUMPFLAG_ICASE; else { n = captype(pat, NULL); if (n == WF_ONECAP) dumpflags |= DUMPFLAG_ONECAP; else if (n == WF_ALLCAP && (int)STRLEN(pat) > mb_ptr2len(pat)) dumpflags |= DUMPFLAG_ALLCAP; } } for (lpi = 0; lpi < curwin->w_s->b_langp.ga_len; ++lpi) { lp = LANGP_ENTRY(curwin->w_s->b_langp, lpi); p = lp->lp_slang->sl_regions; if (p[0] != 0) { if (region_names == NULL) region_names = p; else if (STRCMP(region_names, p) != 0) { do_region = FALSE; break; } } } if (do_region && region_names != NULL) { if (pat == NULL) { vim_snprintf((char *)IObuff, IOSIZE, ""/regions=%s"", region_names); ml_append(lnum++, IObuff, (colnr_T)0, FALSE); } } else do_region = FALSE; for (lpi = 0; lpi < curwin->w_s->b_langp.ga_len; ++lpi) { lp = LANGP_ENTRY(curwin->w_s->b_langp, lpi); slang = lp->lp_slang; if (slang->sl_fbyts == NULL) continue; if (pat == NULL) { vim_snprintf((char *)IObuff, IOSIZE, ""# file: %s"", slang->sl_fname); ml_append(lnum++, IObuff, (colnr_T)0, FALSE); } if (pat != NULL && slang->sl_pbyts == NULL) patlen = (int)STRLEN(pat); else patlen = -1; for (round = 1; round <= 2; ++round) { if (round == 1) { dumpflags &= ~DUMPFLAG_KEEPCASE; byts = slang->sl_fbyts; idxs = slang->sl_fidxs; } else { dumpflags |= DUMPFLAG_KEEPCASE; byts = slang->sl_kbyts; idxs = slang->sl_kidxs; } if (byts == NULL) continue; depth = 0; arridx[0] = 0; curi[0] = 1; while (depth >= 0 && !got_int && (pat == NULL || !ins_compl_interrupted())) { if (curi[depth] > byts[arridx[depth]]) { --depth; line_breakcheck(); ins_compl_check_keys(50, FALSE); } else { n = arridx[depth] + curi[depth]; ++curi[depth]; c = byts[n]; if (c == 0) { flags = (int)idxs[n]; if ((round == 2 || (flags & WF_KEEPCAP) == 0) && (flags & WF_NEEDCOMP) == 0 && (do_region || (flags & WF_REGION) == 0 || (((unsigned)flags >> 16) & lp->lp_region) != 0)) { word[depth] = NUL; if (!do_region) flags &= ~WF_REGION; c = (unsigned)flags >> 24; if (c == 0 || curi[depth] == 2) { dump_word(slang, word, pat, dir, dumpflags, flags, lnum); if (pat == NULL) ++lnum; } if (c != 0) lnum = dump_prefixes(slang, word, pat, dir, dumpflags, flags, lnum); } } else { word[depth++] = c; arridx[depth] = idxs[n]; curi[depth] = 1; if (depth <= patlen && MB_STRNICMP(word, pat, depth) != 0) --depth; } } } } } }",visit repo url,src/spell.c,https://github.com/vim/vim,175468074916324,1 4275,['CWE-264'],"static void posix_cpu_timers_init_group(struct signal_struct *sig) { thread_group_cputime_init(sig); sig->it_virt_expires = cputime_zero; sig->it_virt_incr = cputime_zero; sig->it_prof_expires = cputime_zero; sig->it_prof_incr = cputime_zero; sig->cputime_expires.prof_exp = cputime_zero; sig->cputime_expires.virt_exp = cputime_zero; sig->cputime_expires.sched_exp = 0; INIT_LIST_HEAD(&sig->cpu_timers[0]); INIT_LIST_HEAD(&sig->cpu_timers[1]); INIT_LIST_HEAD(&sig->cpu_timers[2]); }",linux-2.6,,,234542378659341815082960165088798059002,0 3558,CWE-190,"static int jas_iccputuint(jas_stream_t *out, int n, ulonglong val) { int i; int c; for (i = n; i > 0; --i) { c = (val >> (8 * (i - 1))) & 0xff; if (jas_stream_putc(out, c) == EOF) return -1; } return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,42450445153190,1 4542,CWE-400,"static GF_Err gf_filter_pid_merge_properties_internal(GF_FilterPid *dst_pid, GF_FilterPid *src_pid, gf_filter_prop_filter filter_prop, void *cbk, Bool is_merge) { GF_PropertyMap *dst_props, *src_props = NULL, *old_dst_props=NULL; if (PID_IS_INPUT(dst_pid)) { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Attempt to reset all properties on input PID in filter %s - ignoring\n"", dst_pid->filter->name)); return GF_BAD_PARAM; } if (is_merge) { gf_mx_p(src_pid->filter->tasks_mx); old_dst_props = gf_list_last(dst_pid->properties); gf_mx_v(src_pid->filter->tasks_mx); } dst_props = check_new_pid_props(dst_pid, GF_FALSE); if (!dst_props) { GF_LOG(GF_LOG_WARNING, GF_LOG_FILTER, (""No properties for destination pid in filter %s, ignoring reset\n"", dst_pid->filter->name)); return GF_OUT_OF_MEM; } if (PID_IS_INPUT(src_pid)) { GF_FilterPidInst *pidi = (GF_FilterPidInst *)src_pid; if (!pidi->props) { gf_mx_p(src_pid->filter->tasks_mx); pidi->props = gf_list_get(src_pid->pid->properties, 0); gf_mx_v(src_pid->filter->tasks_mx); assert(pidi->props); safe_int_inc(&pidi->props->reference_count); } src_props = pidi->props; } src_pid = src_pid->pid; if (!src_props) { gf_mx_p(src_pid->filter->tasks_mx); src_props = gf_list_last(src_pid->properties); gf_mx_v(src_pid->filter->tasks_mx); if (!src_props) { GF_LOG(GF_LOG_WARNING, GF_LOG_FILTER, (""No properties to copy from pid %s in filter %s, ignoring merge\n"", src_pid->name, src_pid->filter->name)); return GF_OK; } } if (src_pid->name && !old_dst_props) gf_filter_pid_set_name(dst_pid, src_pid->name); if (!is_merge) { gf_props_reset(dst_props); } else { if (old_dst_props && (old_dst_props!=dst_props)) { GF_Err e = gf_props_merge_property(dst_props, old_dst_props, NULL, NULL); if (e) return e; } } return gf_props_merge_property(dst_props, src_props, filter_prop, cbk);",visit repo url,src/filter_core/filter_pid.c,https://github.com/gpac/gpac,109083843786003,1 3791,CWE-416,"ignore_error_for_testing(char_u *error) { if (ignore_error_list.ga_itemsize == 0) ga_init2(&ignore_error_list, sizeof(char_u *), 1); if (STRCMP(""RESET"", error) == 0) ga_clear_strings(&ignore_error_list); else ga_add_string(&ignore_error_list, error); }",visit repo url,src/message.c,https://github.com/vim/vim,215469258424762,1 272,[],"static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd, unsigned long arg, struct file *f) { return sys_ioctl(fd, cmd, (unsigned long)compat_ptr(arg)); }",linux-2.6,,,69872262360967241700420276615326195343,0 2678,[],"static void __sctp_write_space(struct sctp_association *asoc) { struct sock *sk = asoc->base.sk; struct socket *sock = sk->sk_socket; if ((sctp_wspace(asoc) > 0) && sock) { if (waitqueue_active(&asoc->wait)) wake_up_interruptible(&asoc->wait); if (sctp_writeable(sk)) { if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) wake_up_interruptible(sk->sk_sleep); if (sock->fasync_list && !(sk->sk_shutdown & SEND_SHUTDOWN)) sock_wake_async(sock, SOCK_WAKE_SPACE, POLL_OUT); } } }",linux-2.6,,,203786083085436314680477491484095476393,0 6328,['CWE-200'],"void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie) { int chain; read_lock_bh(&tbl->lock); for (chain = 0; chain <= tbl->hash_mask; chain++) { struct neighbour *n; for (n = tbl->hash_buckets[chain]; n; n = n->next) cb(n, cookie); } read_unlock_bh(&tbl->lock); }",linux-2.6,,,79080980638312042998745369854190223236,0 349,['CWE-20'],"static void set_singlestep(struct task_struct *child) { struct pt_regs *regs = task_pt_regs(child); set_tsk_thread_flag(child, TIF_SINGLESTEP); if (regs->eflags & TRAP_FLAG) return; regs->eflags |= TRAP_FLAG; if (is_setting_trap_flag(child, regs)) return; child->ptrace |= PT_DTRACE; }",linux-2.6,,,325383959834296498683244534273301297424,0 6150,CWE-190,"void ep2_mul_slide(ep2_t r, const ep2_t p, const bn_t k) { ep2_t t[1 << (EP_WIDTH - 1)], q; int i, j, l; uint8_t win[RLC_FP_BITS + 1]; ep2_null(q); if (bn_is_zero(k) || ep2_is_infty(p)) { ep2_set_infty(r); return; } RLC_TRY { for (i = 0; i < (1 << (EP_WIDTH - 1)); i ++) { ep2_null(t[i]); ep2_new(t[i]); } ep2_new(q); ep2_copy(t[0], p); ep2_dbl(q, p); #if defined(EP_MIXED) ep2_norm(q, q); #endif for (i = 1; i < (1 << (EP_WIDTH - 1)); i++) { ep2_add(t[i], t[i - 1], q); } #if defined(EP_MIXED) ep2_norm_sim(t + 1, t + 1, (1 << (EP_WIDTH - 1)) - 1); #endif ep2_set_infty(q); l = RLC_FP_BITS + 1; bn_rec_slw(win, &l, k, EP_WIDTH); for (i = 0; i < l; i++) { if (win[i] == 0) { ep2_dbl(q, q); } else { for (j = 0; j < util_bits_dig(win[i]); j++) { ep2_dbl(q, q); } ep2_add(q, q, t[win[i] >> 1]); } } ep2_norm(r, q); if (bn_sign(k) == RLC_NEG) { ep2_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (EP_WIDTH - 1)); i++) { ep2_free(t[i]); } ep2_free(q); } }",visit repo url,src/epx/relic_ep2_mul.c,https://github.com/relic-toolkit/relic,194628170333142,1 5687,CWE-416,"void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) { COMPS_HSList *tmplist, *tmp_subnodes; COMPS_HSListItem *it; struct Pair { COMPS_HSList * subnodes; char * key; char added; } *pair, *parent_pair; pair = malloc(sizeof(struct Pair)); pair->subnodes = rt2->subnodes; pair->key = NULL; tmplist = comps_hslist_create(); comps_hslist_init(tmplist, NULL, NULL, &free); comps_hslist_append(tmplist, pair, 0); while (tmplist->first != NULL) { it = tmplist->first; comps_hslist_remove(tmplist, tmplist->first); tmp_subnodes = ((struct Pair*)it->data)->subnodes; parent_pair = (struct Pair*) it->data; free(it); for (it = tmp_subnodes->first; it != NULL; it=it->next) { pair = malloc(sizeof(struct Pair)); pair->subnodes = ((COMPS_ObjRTreeData*)it->data)->subnodes; if (parent_pair->key != NULL) { pair->key = malloc(sizeof(char) * (strlen(((COMPS_ObjRTreeData*)it->data)->key) + strlen(parent_pair->key) + 1)); memcpy(pair->key, parent_pair->key, sizeof(char) * strlen(parent_pair->key)); memcpy(pair->key + strlen(parent_pair->key), ((COMPS_ObjRTreeData*)it->data)->key, sizeof(char)*(strlen(((COMPS_ObjRTreeData*)it->data)->key)+1)); } else { pair->key = malloc(sizeof(char)* (strlen(((COMPS_ObjRTreeData*)it->data)->key) +1)); memcpy(pair->key, ((COMPS_ObjRTreeData*)it->data)->key, sizeof(char)*(strlen(((COMPS_ObjRTreeData*)it->data)->key)+1)); } if (((COMPS_ObjRTreeData*)it->data)->data != NULL) { comps_objrtree_set(rt1, pair->key, (((COMPS_ObjRTreeData*)it->data)->data)); } if (((COMPS_ObjRTreeData*)it->data)->subnodes->first) { comps_hslist_append(tmplist, pair, 0); } else { free(pair->key); free(pair); } } free(parent_pair->key); free(parent_pair); } comps_hslist_destroy(&tmplist); }",visit repo url,libcomps/src/comps_objradix.c,https://github.com/rpm-software-management/libcomps,80075684565580,1 2220,['CWE-193'],"static inline void wake_up_page(struct page *page, int bit) { __wake_up_bit(page_waitqueue(page), &page->flags, bit); }",linux-2.6,,,74790016337940407397304391075679726624,0 1474,[],"inline int task_curr(const struct task_struct *p) { return cpu_curr(task_cpu(p)) == p; }",linux-2.6,,,31159547481865902134270745290624446330,0 959,CWE-264,"void setattr_copy(struct inode *inode, const struct iattr *attr) { unsigned int ia_valid = attr->ia_valid; if (ia_valid & ATTR_UID) inode->i_uid = attr->ia_uid; if (ia_valid & ATTR_GID) inode->i_gid = attr->ia_gid; if (ia_valid & ATTR_ATIME) inode->i_atime = timespec_trunc(attr->ia_atime, inode->i_sb->s_time_gran); if (ia_valid & ATTR_MTIME) inode->i_mtime = timespec_trunc(attr->ia_mtime, inode->i_sb->s_time_gran); if (ia_valid & ATTR_CTIME) inode->i_ctime = timespec_trunc(attr->ia_ctime, inode->i_sb->s_time_gran); if (ia_valid & ATTR_MODE) { umode_t mode = attr->ia_mode; if (!in_group_p(inode->i_gid) && !inode_capable(inode, CAP_FSETID)) mode &= ~S_ISGID; inode->i_mode = mode; } }",visit repo url,fs/attr.c,https://github.com/torvalds/linux,23141792849139,1 2768,CWE-400,"static inline int add_post_vars(zval *arr, post_var_data_t *vars, zend_bool eof TSRMLS_DC) { uint64_t max_vars = PG(max_input_vars); vars->ptr = vars->str.c; vars->end = vars->str.c + vars->str.len; while (add_post_var(arr, vars, eof TSRMLS_CC)) { if (++vars->cnt > max_vars) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Input variables exceeded %"" PRIu64 "". "" ""To increase the limit change max_input_vars in php.ini."", max_vars); return FAILURE; } } if (!eof) { memmove(vars->str.c, vars->ptr, vars->str.len = vars->end - vars->ptr); } return SUCCESS; }",visit repo url,main/php_variables.c,https://github.com/php/php-src,125644527385099,1 43,CWE-763,"spnego_gss_wrap_iov_length(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count) { OM_uint32 ret; ret = gss_wrap_iov_length(minor_status, context_handle, conf_req_flag, qop_req, conf_state, iov, iov_count); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,270312796242549,1 6166,['CWE-200'],"int tcf_unregister_action(struct tc_action_ops *act) { struct tc_action_ops *a, **ap; int err = -ENOENT; write_lock(&act_mod_lock); for (ap = &act_base; (a = *ap) != NULL; ap = &a->next) if (a == act) break; if (a) { *ap = a->next; a->next = NULL; err = 0; } write_unlock(&act_mod_lock); return err; }",linux-2.6,,,278366126620496282248400911828421792937,0 4200,['CWE-399'],"static void mcast_socket_event(AvahiWatch *w, int fd, AvahiWatchEvent events, void *userdata) { AvahiServer *s = userdata; AvahiAddress dest, src; AvahiDnsPacket *p = NULL; AvahiIfIndex iface; uint16_t port; uint8_t ttl; assert(w); assert(fd >= 0); assert(events & AVAHI_WATCH_IN); if (fd == s->fd_ipv4) { dest.proto = src.proto = AVAHI_PROTO_INET; p = avahi_recv_dns_packet_ipv4(s->fd_ipv4, &src.data.ipv4, &port, &dest.data.ipv4, &iface, &ttl); } else { assert(fd == s->fd_ipv6); dest.proto = src.proto = AVAHI_PROTO_INET6; p = avahi_recv_dns_packet_ipv6(s->fd_ipv6, &src.data.ipv6, &port, &dest.data.ipv6, &iface, &ttl); } if (p) { if (iface == AVAHI_IF_UNSPEC) iface = avahi_find_interface_for_address(s->monitor, &dest); if (iface != AVAHI_IF_UNSPEC) dispatch_packet(s, p, &src, port, &dest, iface, ttl); else avahi_log_error(""Incoming packet recieved on address that isn't local.""); avahi_dns_packet_free(p); cleanup_dead(s); } }",avahi,,,63496386976663376310931056120507490827,0 5104,['CWE-20'],"static void vmx_complete_interrupts(struct vcpu_vmx *vmx) { u32 exit_intr_info; u32 idt_vectoring_info; bool unblock_nmi; u8 vector; int type; bool idtv_info_valid; u32 error; exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO); if (cpu_has_virtual_nmis()) { unblock_nmi = (exit_intr_info & INTR_INFO_UNBLOCK_NMI) != 0; vector = exit_intr_info & INTR_INFO_VECTOR_MASK; if (unblock_nmi && vector != DF_VECTOR) vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI); } else if (unlikely(vmx->soft_vnmi_blocked)) vmx->vnmi_blocked_time += ktime_to_ns(ktime_sub(ktime_get(), vmx->entry_time)); idt_vectoring_info = vmx->idt_vectoring_info; idtv_info_valid = idt_vectoring_info & VECTORING_INFO_VALID_MASK; vector = idt_vectoring_info & VECTORING_INFO_VECTOR_MASK; type = idt_vectoring_info & VECTORING_INFO_TYPE_MASK; if (vmx->vcpu.arch.nmi_injected) { if (idtv_info_valid && type == INTR_TYPE_NMI_INTR) vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI); else vmx->vcpu.arch.nmi_injected = false; } kvm_clear_exception_queue(&vmx->vcpu); if (idtv_info_valid && (type == INTR_TYPE_HARD_EXCEPTION || type == INTR_TYPE_SOFT_EXCEPTION)) { if (idt_vectoring_info & VECTORING_INFO_DELIVER_CODE_MASK) { error = vmcs_read32(IDT_VECTORING_ERROR_CODE); kvm_queue_exception_e(&vmx->vcpu, vector, error); } else kvm_queue_exception(&vmx->vcpu, vector); vmx->idt_vectoring_info = 0; } kvm_clear_interrupt_queue(&vmx->vcpu); if (idtv_info_valid && type == INTR_TYPE_EXT_INTR) { kvm_queue_interrupt(&vmx->vcpu, vector); vmx->idt_vectoring_info = 0; } }",linux-2.6,,,203722864435141172200140374656441237796,0 4592,['CWE-399'],"static inline void add_chain(Indirect *p, struct buffer_head *bh, __le32 *v) { p->key = *(p->p = v); p->bh = bh; }",linux-2.6,,,49537185126137431055415408000567621158,0 2573,CWE-119,"static int stellaris_enet_load(QEMUFile *f, void *opaque, int version_id) { stellaris_enet_state *s = (stellaris_enet_state *)opaque; int i; if (version_id != 1) return -EINVAL; s->ris = qemu_get_be32(f); s->im = qemu_get_be32(f); s->rctl = qemu_get_be32(f); s->tctl = qemu_get_be32(f); s->thr = qemu_get_be32(f); s->mctl = qemu_get_be32(f); s->mdv = qemu_get_be32(f); s->mtxd = qemu_get_be32(f); s->mrxd = qemu_get_be32(f); s->np = qemu_get_be32(f); s->tx_fifo_len = qemu_get_be32(f); qemu_get_buffer(f, s->tx_fifo, sizeof(s->tx_fifo)); for (i = 0; i < 31; i++) { s->rx[i].len = qemu_get_be32(f); qemu_get_buffer(f, s->rx[i].data, sizeof(s->rx[i].data)); } s->next_packet = qemu_get_be32(f); s->rx_fifo_offset = qemu_get_be32(f); return 0; }",visit repo url,hw/net/stellaris_enet.c,https://github.com/qemu/qemu,70114453649754,1 3348,CWE-119,"test_string_matching (xd3_stream *stream, int ignore) { usize_t i; int ret; xd3_config config; char rbuf[TESTBUFSIZE]; for (i = 0; i < SIZEOF_ARRAY (match_tests); i += 1) { const string_match_test *test = & match_tests[i]; char *rptr = rbuf; usize_t len = (usize_t) strlen (test->input); xd3_free_stream (stream); xd3_init_config (& config, 0); config.smatch_cfg = XD3_SMATCH_SOFT; config.smatcher_soft.large_look = 4; config.smatcher_soft.large_step = 4; config.smatcher_soft.small_look = 4; config.smatcher_soft.small_chain = 10; config.smatcher_soft.small_lchain = 10; config.smatcher_soft.max_lazy = (test->flags & SM_LAZY) ? 10 : 0; config.smatcher_soft.long_enough = 10; if ((ret = xd3_config_stream (stream, & config))) { return ret; } if ((ret = xd3_encode_init_full (stream))) { return ret; } xd3_avail_input (stream, (uint8_t*)test->input, len); if ((ret = stream->smatcher.string_match (stream))) { return ret; } *rptr = 0; while (! xd3_rlist_empty (& stream->iopt_used)) { xd3_rinst *inst = xd3_rlist_pop_front (& stream->iopt_used); switch (inst->type) { case XD3_RUN: *rptr++ = 'R'; break; case XD3_CPY: *rptr++ = 'C'; break; default: CHECK(0); } snprintf_func (rptr, rbuf+TESTBUFSIZE-rptr, ""%d/%d"", inst->pos, inst->size); rptr += strlen (rptr); if (inst->type == XD3_CPY) { *rptr++ = '@'; snprintf_func (rptr, rbuf+TESTBUFSIZE-rptr, ""%""Q""d"", inst->addr); rptr += strlen (rptr); } *rptr++ = ' '; xd3_rlist_push_back (& stream->iopt_free, inst); } if (rptr != rbuf) { rptr -= 1; *rptr = 0; } if (strcmp (rbuf, test->result) != 0) { XPR(NT ""test %u: expected %s: got %s"", i, test->result, rbuf); stream->msg = ""wrong result""; return XD3_INTERNAL; } } return 0; }",visit repo url,xdelta3/xdelta3-test.h,https://github.com/jmacd/xdelta-devel,202312710699699,1 3991,CWE-416,"CURLcode Curl_close(struct Curl_easy *data) { struct Curl_multi *m; if(!data) return CURLE_OK; Curl_expire_clear(data); m = data->multi; if(m) curl_multi_remove_handle(data->multi, data); if(data->multi_easy) curl_multi_cleanup(data->multi_easy); Curl_llist_destroy(&data->state.timeoutlist, NULL); data->magic = 0; if(data->state.rangestringalloc) free(data->state.range); Curl_free_request_state(data); Curl_ssl_close_all(data); Curl_safefree(data->state.first_host); Curl_safefree(data->state.scratch); Curl_ssl_free_certinfo(data); free(data->req.newurl); data->req.newurl = NULL; if(data->change.referer_alloc) { Curl_safefree(data->change.referer); data->change.referer_alloc = FALSE; } data->change.referer = NULL; Curl_up_free(data); Curl_safefree(data->state.buffer); Curl_safefree(data->state.headerbuff); Curl_safefree(data->state.ulbuf); Curl_flush_cookies(data, 1); Curl_digest_cleanup(data); Curl_safefree(data->info.contenttype); Curl_safefree(data->info.wouldredirect); Curl_resolver_cleanup(data->state.resolver); Curl_http2_cleanup_dependencies(data); Curl_convert_close(data); if(data->share) { Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE); data->share->dirty--; Curl_share_unlock(data, CURL_LOCK_DATA_SHARE); } Curl_wildcard_dtor(&data->wildcard); Curl_freeset(data); free(data); return CURLE_OK; }",visit repo url,lib/url.c,https://github.com/curl/curl,68323966334373,1 2714,[],"static int sctp_getsockopt_associnfo(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_assocparams assocparams; struct sctp_association *asoc; struct list_head *pos; int cnt = 0; if (len < sizeof (struct sctp_assocparams)) return -EINVAL; len = sizeof(struct sctp_assocparams); if (copy_from_user(&assocparams, optval, len)) return -EFAULT; asoc = sctp_id2assoc(sk, assocparams.sasoc_assoc_id); if (!asoc && assocparams.sasoc_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (asoc) { assocparams.sasoc_asocmaxrxt = asoc->max_retrans; assocparams.sasoc_peer_rwnd = asoc->peer.rwnd; assocparams.sasoc_local_rwnd = asoc->a_rwnd; assocparams.sasoc_cookie_life = (asoc->cookie_life.tv_sec * 1000) + (asoc->cookie_life.tv_usec / 1000); list_for_each(pos, &asoc->peer.transport_addr_list) { cnt ++; } assocparams.sasoc_number_peer_destinations = cnt; } else { struct sctp_sock *sp = sctp_sk(sk); assocparams.sasoc_asocmaxrxt = sp->assocparams.sasoc_asocmaxrxt; assocparams.sasoc_peer_rwnd = sp->assocparams.sasoc_peer_rwnd; assocparams.sasoc_local_rwnd = sp->assocparams.sasoc_local_rwnd; assocparams.sasoc_cookie_life = sp->assocparams.sasoc_cookie_life; assocparams.sasoc_number_peer_destinations = sp->assocparams. sasoc_number_peer_destinations; } if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &assocparams, len)) return -EFAULT; return 0; }",linux-2.6,,,72451943493765490873186477077522878964,0 2467,['CWE-119'],"static void gc_boundary(struct object_array *array) { unsigned nr = array->nr; unsigned alloc = array->alloc; struct object_array_entry *objects = array->objects; if (alloc <= nr) { unsigned i, j; for (i = j = 0; i < nr; i++) { if (objects[i].item->flags & SHOWN) continue; if (i != j) objects[j] = objects[i]; j++; } for (i = j; i < nr; i++) objects[i].item = NULL; array->nr = j; } }",git,,,299062243506598865735344927547585406097,0 4306,['CWE-264'],"static struct fs_struct *__copy_fs_struct(struct fs_struct *old) { struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL); if (fs) { atomic_set(&fs->count, 1); rwlock_init(&fs->lock); fs->umask = old->umask; read_lock(&old->lock); fs->root = old->root; path_get(&old->root); fs->pwd = old->pwd; path_get(&old->pwd); read_unlock(&old->lock); } return fs; }",linux-2.6,,,89061887005926036600115428249919475757,0 2397,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *in) { PadContext *s = inlink->dst->priv; AVFrame *out; int needs_copy = frame_needs_copy(s, in); if (needs_copy) { av_log(inlink->dst, AV_LOG_DEBUG, ""Direct padding impossible allocating new frame\n""); out = ff_get_video_buffer(inlink->dst->outputs[0], FFMAX(inlink->w, s->w), FFMAX(inlink->h, s->h)); if (!out) { av_frame_free(&in); return AVERROR(ENOMEM); } av_frame_copy_props(out, in); } else { int i; out = in; for (i = 0; i < 4 && out->data[i]; i++) { int hsub = s->draw.hsub[i]; int vsub = s->draw.vsub[i]; out->data[i] -= (s->x >> hsub) * s->draw.pixelstep[i] + (s->y >> vsub) * out->linesize[i]; } } if (s->y) { ff_fill_rectangle(&s->draw, &s->color, out->data, out->linesize, 0, 0, s->w, s->y); } if (s->h > s->y + s->in_h) { ff_fill_rectangle(&s->draw, &s->color, out->data, out->linesize, 0, s->y + s->in_h, s->w, s->h - s->y - s->in_h); } ff_fill_rectangle(&s->draw, &s->color, out->data, out->linesize, 0, s->y, s->x, in->height); if (needs_copy) { ff_copy_rectangle2(&s->draw, out->data, out->linesize, in->data, in->linesize, s->x, s->y, 0, 0, in->width, in->height); } ff_fill_rectangle(&s->draw, &s->color, out->data, out->linesize, s->x + s->in_w, s->y, s->w - s->x - s->in_w, in->height); out->width = s->w; out->height = s->h; if (in != out) av_frame_free(&in); return ff_filter_frame(inlink->dst->outputs[0], out); }",visit repo url,libavfilter/vf_pad.c,https://github.com/FFmpeg/FFmpeg,217507285758179,1 5110,['CWE-20'],"static int handle_wrmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { u32 ecx = vcpu->arch.regs[VCPU_REGS_RCX]; u64 data = (vcpu->arch.regs[VCPU_REGS_RAX] & -1u) | ((u64)(vcpu->arch.regs[VCPU_REGS_RDX] & -1u) << 32); KVMTRACE_3D(MSR_WRITE, vcpu, ecx, (u32)data, (u32)(data >> 32), handler); if (vmx_set_msr(vcpu, ecx, data) != 0) { kvm_inject_gp(vcpu, 0); return 1; } skip_emulated_instruction(vcpu); return 1; }",linux-2.6,,,326695292138501962113788119840184560859,0 6473,[],"tryall_dlopen_module (lt_dlhandle *handle, const char *prefix, const char *dirname, const char *dlname, lt_dladvise advise) { int error = 0; char *filename = 0; size_t filename_len = 0; size_t dirname_len = LT_STRLEN (dirname); assert (handle); assert (dirname); assert (dlname); #if defined(LT_DIRSEP_CHAR) assert (strchr (dirname, LT_DIRSEP_CHAR) == 0); #endif if (dirname_len > 0) if (dirname[dirname_len -1] == '/') --dirname_len; filename_len = dirname_len + 1 + LT_STRLEN (dlname); filename = MALLOC (char, filename_len + 1); if (!filename) return 1; sprintf (filename, ""%.*s/%s"", (int) dirname_len, dirname, dlname); if (prefix) { error += tryall_dlopen_module (handle, (const char *) 0, prefix, filename, advise); } else if (tryall_dlopen (handle, filename, advise, 0) != 0) { ++error; } FREE (filename); return error; }",libtool,,,277309075890765836942676481952626557759,0 2690,CWE-190,"static void spl_filesystem_tree_it_move_forward(zend_object_iterator *iter TSRMLS_DC) { spl_filesystem_iterator *iterator = (spl_filesystem_iterator *)iter; spl_filesystem_object *object = spl_filesystem_iterator_to_object(iterator); object->u.dir.index++; do { spl_filesystem_dir_read(object TSRMLS_CC); } while (spl_filesystem_is_dot(object->u.dir.entry.d_name)); if (object->file_name) { efree(object->file_name); object->file_name = NULL; } if (iterator->current) { zval_ptr_dtor(&iterator->current); iterator->current = NULL; } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,222456568305880,1 5221,CWE-276,"flatpak_dir_deploy (FlatpakDir *self, const char *origin, FlatpakDecomposed *ref, const char *checksum_or_latest, const char * const * subpaths, const char * const * previous_ids, GCancellable *cancellable, GError **error) { g_autofree char *resolved_ref = NULL; g_autofree char *ref_id = NULL; g_autoptr(GFile) root = NULL; g_autoptr(GFile) deploy_base = NULL; g_autoptr(GFile) checkoutdir = NULL; g_autoptr(GFile) bindir = NULL; g_autofree char *checkoutdirpath = NULL; g_autoptr(GFile) real_checkoutdir = NULL; g_autoptr(GFile) dotref = NULL; g_autoptr(GFile) files_etc = NULL; g_autoptr(GFile) deploy_data_file = NULL; g_autoptr(GVariant) commit_data = NULL; g_autoptr(GBytes) deploy_data = NULL; g_autoptr(GFile) export = NULL; g_autoptr(GFile) extradir = NULL; g_autoptr(GKeyFile) keyfile = NULL; guint64 installed_size = 0; OstreeRepoCheckoutAtOptions options = { 0, }; const char *checksum; glnx_autofd int checkoutdir_dfd = -1; g_autoptr(GFile) tmp_dir_template = NULL; g_autofree char *tmp_dir_path = NULL; const char *xa_ref = NULL; g_autofree char *checkout_basename = NULL; gboolean created_extra_data = FALSE; g_autoptr(GVariant) commit_metadata = NULL; g_auto(GLnxLockFile) lock = { 0, }; g_autoptr(GFile) metadata_file = NULL; g_autofree char *metadata_contents = NULL; gsize metadata_size = 0; gboolean is_oci; const char *flatpak; if (!flatpak_dir_ensure_repo (self, cancellable, error)) return FALSE; ref_id = flatpak_decomposed_dup_id (ref); if (!flatpak_dir_repo_lock (self, &lock, LOCK_SH, cancellable, error)) return FALSE; deploy_base = flatpak_dir_get_deploy_dir (self, ref); if (checksum_or_latest == NULL) { g_debug (""No checksum specified, getting tip of %s from origin %s"", flatpak_decomposed_get_ref (ref), origin); resolved_ref = flatpak_dir_read_latest (self, origin, flatpak_decomposed_get_ref (ref), NULL, cancellable, error); if (resolved_ref == NULL) { g_prefix_error (error, _(""While trying to resolve ref %s: ""), flatpak_decomposed_get_ref (ref)); return FALSE; } checksum = resolved_ref; g_debug (""tip resolved to: %s"", checksum); } else { checksum = checksum_or_latest; g_debug (""Looking for checksum %s in local repo"", checksum); if (!ostree_repo_read_commit (self->repo, checksum, NULL, NULL, cancellable, NULL)) return flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA, _(""%s is not available""), flatpak_decomposed_get_ref (ref)); } if (!ostree_repo_load_commit (self->repo, checksum, &commit_data, NULL, error)) return FALSE; commit_metadata = g_variant_get_child_value (commit_data, 0); checkout_basename = flatpak_dir_get_deploy_subdir (self, checksum, subpaths); real_checkoutdir = g_file_get_child (deploy_base, checkout_basename); if (g_file_query_exists (real_checkoutdir, cancellable)) return flatpak_fail_error (error, FLATPAK_ERROR_ALREADY_INSTALLED, _(""%s commit %s already installed""), flatpak_decomposed_get_ref (ref), checksum); g_autofree char *template = g_strdup_printf ("".%s-XXXXXX"", checkout_basename); tmp_dir_template = g_file_get_child (deploy_base, template); tmp_dir_path = g_file_get_path (tmp_dir_template); if (g_mkdtemp_full (tmp_dir_path, 0755) == NULL) { g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, _(""Can't create deploy directory"")); return FALSE; } checkoutdir = g_file_new_for_path (tmp_dir_path); if (!ostree_repo_read_commit (self->repo, checksum, &root, NULL, cancellable, error)) { g_prefix_error (error, _(""Failed to read commit %s: ""), checksum); return FALSE; } if (!flatpak_repo_collect_sizes (self->repo, root, &installed_size, NULL, cancellable, error)) return FALSE; options.mode = OSTREE_REPO_CHECKOUT_MODE_USER; options.overwrite_mode = OSTREE_REPO_CHECKOUT_OVERWRITE_UNION_FILES; options.enable_fsync = FALSE; options.bareuseronly_dirs = TRUE; checkoutdirpath = g_file_get_path (checkoutdir); if (subpaths == NULL || *subpaths == NULL) { if (!ostree_repo_checkout_at (self->repo, &options, AT_FDCWD, checkoutdirpath, checksum, cancellable, error)) { g_prefix_error (error, _(""While trying to checkout %s into %s: ""), checksum, checkoutdirpath); return FALSE; } } else { g_autoptr(GFile) files = g_file_get_child (checkoutdir, ""files""); int i; if (!g_file_make_directory_with_parents (files, cancellable, error)) return FALSE; options.subpath = ""/metadata""; if (!ostree_repo_checkout_at (self->repo, &options, AT_FDCWD, checkoutdirpath, checksum, cancellable, error)) { g_prefix_error (error, _(""While trying to checkout metadata subpath: "")); return FALSE; } for (i = 0; subpaths[i] != NULL; i++) { g_autofree char *subpath = g_build_filename (""/files"", subpaths[i], NULL); g_autofree char *dstpath = g_build_filename (checkoutdirpath, ""/files"", subpaths[i], NULL); g_autofree char *dstpath_parent = g_path_get_dirname (dstpath); g_autoptr(GFile) child = NULL; child = g_file_resolve_relative_path (root, subpath); if (!g_file_query_exists (child, cancellable)) { g_debug (""subpath %s not in tree"", subpaths[i]); continue; } if (g_mkdir_with_parents (dstpath_parent, 0755)) { glnx_set_error_from_errno (error); return FALSE; } options.subpath = subpath; if (!ostree_repo_checkout_at (self->repo, &options, AT_FDCWD, dstpath, checksum, cancellable, error)) { g_prefix_error (error, _(""While trying to checkout subpath ‘%s’: ""), subpath); return FALSE; } } } extradir = g_file_resolve_relative_path (checkoutdir, ""files/extra""); if (!flatpak_rm_rf (extradir, cancellable, error)) { g_prefix_error (error, _(""While trying to remove existing extra dir: "")); return FALSE; } if (!extract_extra_data (self, checksum, extradir, &created_extra_data, cancellable, error)) return FALSE; if (created_extra_data) { if (!apply_extra_data (self, checkoutdir, cancellable, error)) { g_prefix_error (error, _(""While trying to apply extra data: "")); return FALSE; } } g_variant_lookup (commit_metadata, ""xa.ref"", ""&s"", &xa_ref); if (xa_ref != NULL) { gboolean gpg_verify_summary; if (!ostree_repo_remote_get_gpg_verify_summary (self->repo, origin, &gpg_verify_summary, error)) return FALSE; if (gpg_verify_summary) { FlatpakDecomposed *checkout_ref = ref; g_autoptr(FlatpakDecomposed) commit_ref = NULL; commit_ref = flatpak_decomposed_new_from_ref (xa_ref, error); if (commit_ref == NULL) { g_prefix_error (error, _(""Invalid commit ref %s: ""), xa_ref); return FALSE; } if (!flatpak_decomposed_equal_except_branch (checkout_ref, commit_ref)) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED, _(""Deployed ref %s does not match commit (%s)""), flatpak_decomposed_get_ref (ref), xa_ref); return FALSE; } if (strcmp (flatpak_decomposed_get_branch (checkout_ref), flatpak_decomposed_get_branch (commit_ref)) != 0) g_warning (_(""Deployed ref %s branch does not match commit (%s)""), flatpak_decomposed_get_ref (ref), xa_ref); } else if (strcmp (flatpak_decomposed_get_ref (ref), xa_ref) != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED, _(""Deployed ref %s does not match commit (%s)""), flatpak_decomposed_get_ref (ref), xa_ref); return FALSE; } } keyfile = g_key_file_new (); metadata_file = g_file_resolve_relative_path (checkoutdir, ""metadata""); if (g_file_load_contents (metadata_file, NULL, &metadata_contents, &metadata_size, NULL, NULL)) { if (!g_key_file_load_from_data (keyfile, metadata_contents, metadata_size, 0, error)) return FALSE; if (!flatpak_check_required_version (flatpak_decomposed_get_ref (ref), keyfile, error)) return FALSE; } is_oci = flatpak_dir_get_remote_oci (self, origin); if (!validate_commit_metadata (commit_data, flatpak_decomposed_get_ref (ref), metadata_contents, metadata_size, !is_oci, error)) return FALSE; dotref = g_file_resolve_relative_path (checkoutdir, ""files/.ref""); if (!g_file_replace_contents (dotref, """", 0, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, cancellable, error)) return FALSE; export = g_file_get_child (checkoutdir, ""export""); bindir = g_file_get_child (export, ""bin""); if (!flatpak_rm_rf (bindir, cancellable, error)) return FALSE; if (flatpak_decomposed_is_runtime (ref)) { files_etc = g_file_resolve_relative_path (checkoutdir, ""files/etc""); if (g_file_query_exists (files_etc, cancellable)) { char *etcfiles[] = {""passwd"", ""group"", ""machine-id"" }; g_autoptr(GFile) etc_resolve_conf = g_file_get_child (files_etc, ""resolv.conf""); int i; for (i = 0; i < G_N_ELEMENTS (etcfiles); i++) { g_autoptr(GFile) etc_file = g_file_get_child (files_etc, etcfiles[i]); GFileType type; type = g_file_query_file_type (etc_file, G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, cancellable); if (type == G_FILE_TYPE_REGULAR) continue; if (type != G_FILE_TYPE_UNKNOWN) { if (!g_file_delete (etc_file, cancellable, error)) return FALSE; } if (!g_file_replace_contents (etc_file, """", 0, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, cancellable, error)) return FALSE; } if (g_file_query_exists (etc_resolve_conf, cancellable) && !g_file_delete (etc_resolve_conf, cancellable, error)) return FALSE; if (!g_file_make_symbolic_link (etc_resolve_conf, ""/run/host/monitor/resolv.conf"", cancellable, error)) return FALSE; } if (!flatpak_rm_rf (export, cancellable, error)) return FALSE; } else { g_autofree char *ref_arch = flatpak_decomposed_dup_arch (ref); g_autofree char *ref_branch = flatpak_decomposed_dup_branch (ref); g_autoptr(GFile) wrapper = g_file_get_child (bindir, ref_id); g_autofree char *escaped_app = maybe_quote (ref_id); g_autofree char *escaped_branch = maybe_quote (ref_branch); g_autofree char *escaped_arch = maybe_quote (ref_arch); g_autofree char *bin_data = NULL; int r; if (!flatpak_mkdir_p (bindir, cancellable, error)) return FALSE; if (!flatpak_rewrite_export_dir (ref_id, ref_branch, ref_arch, keyfile, previous_ids, export, cancellable, error)) return FALSE; if ((flatpak = g_getenv (""FLATPAK_BINARY"")) == NULL) flatpak = FLATPAK_BINDIR ""/flatpak""; bin_data = g_strdup_printf (""#!/bin/sh\nexec %s run --branch=%s --arch=%s %s \""$@\""\n"", flatpak, escaped_branch, escaped_arch, escaped_app); if (!g_file_replace_contents (wrapper, bin_data, strlen (bin_data), NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, cancellable, error)) return FALSE; do r = fchmodat (AT_FDCWD, flatpak_file_get_path_cached (wrapper), 0755, 0); while (G_UNLIKELY (r == -1 && errno == EINTR)); if (r == -1) return glnx_throw_errno_prefix (error, ""fchmodat""); } deploy_data = flatpak_dir_new_deploy_data (self, checkoutdir, commit_data, commit_metadata, keyfile, ref_id, origin, checksum, (char **) subpaths, installed_size, previous_ids); if (!flatpak_dir_check_parental_controls (self, flatpak_decomposed_get_ref (ref), deploy_data, cancellable, error)) return FALSE; deploy_data_file = g_file_get_child (checkoutdir, ""deploy""); if (!flatpak_bytes_save (deploy_data_file, deploy_data, cancellable, error)) return FALSE; if (!glnx_opendirat (AT_FDCWD, checkoutdirpath, TRUE, &checkoutdir_dfd, error)) return FALSE; if (syncfs (checkoutdir_dfd) != 0) { glnx_set_error_from_errno (error); return FALSE; } if (!g_file_move (checkoutdir, real_checkoutdir, G_FILE_COPY_NO_FALLBACK_FOR_MOVE, cancellable, NULL, NULL, error)) return FALSE; if (!flatpak_dir_set_active (self, ref, checkout_basename, cancellable, error)) return FALSE; if (!flatpak_dir_update_deploy_ref (self, flatpak_decomposed_get_ref (ref), checksum, error)) return FALSE; return TRUE; }",visit repo url,common/flatpak-dir.c,https://github.com/flatpak/flatpak,145492680159588,1 575,[],"static int bad_inode_symlink (struct inode *dir, struct dentry *dentry, const char *symname) { return -EIO; }",linux-2.6,,,24307327406114313884890546251566947174,0 993,['CWE-94'],"ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags, splice_actor *actor) { ssize_t ret; struct inode *inode = out->f_mapping->host; struct splice_desc sd = { .total_len = len, .flags = flags, .pos = *ppos, .u.file = out, }; inode_double_lock(inode, pipe->inode); ret = __splice_from_pipe(pipe, &sd, actor); inode_double_unlock(inode, pipe->inode); return ret; }",linux-2.6,,,80338003699078455241614040562725177585,0 1602,[],"cpu_cgroup_create(struct cgroup_subsys *ss, struct cgroup *cgrp) { struct task_group *tg, *parent; if (!cgrp->parent) { init_task_group.css.cgroup = cgrp; return &init_task_group.css; } parent = cgroup_tg(cgrp->parent); tg = sched_create_group(parent); if (IS_ERR(tg)) return ERR_PTR(-ENOMEM); tg->css.cgroup = cgrp; return &tg->css; }",linux-2.6,,,155596868045782396205500680505099146423,0 6489,CWE-787,"int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen) { if (!message) { LOG_ERROR(""Null message in AES_encrypt_DH""); return -1; } if (!encr_message) { LOG_ERROR(""Null encr message in AES_encrypt_DH""); return -2; } uint64_t len = strlen(message) + 1; if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) { LOG_ERROR(""Output buffer too small""); return -3; } sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_DH_key, (uint8_t*)message, strlen(message), encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, (sgx_aes_gcm_128bit_tag_t *) encr_message); return status; }",visit repo url,secure_enclave/AESUtils.c,https://github.com/skalenetwork/sgxwallet,256349138391790,1 4816,['CWE-399'],"static void inotify_dev_event_dequeue(struct inotify_device *dev) { if (!list_empty(&dev->events)) { struct inotify_kernel_event *kevent; kevent = inotify_dev_get_event(dev); remove_kevent(dev, kevent); free_kevent(kevent); } }",linux-2.6,,,108043734155947726717347574349411368366,0 5112,CWE-125,"obj2ast_stmt(PyObject* obj, stmt_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; int lineno; int col_offset; int end_lineno; int end_col_offset; if (obj == Py_None) { *out = NULL; return 0; } if (_PyObject_LookupAttrId(obj, &PyId_lineno, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from stmt""); return 1; } else { int res; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_col_offset, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from stmt""); return 1; } else { int res; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_end_lineno, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); end_lineno = 0; } else { int res; res = obj2ast_int(tmp, &end_lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_end_col_offset, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); end_col_offset = 0; } else { int res; res = obj2ast_int(tmp, &end_col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } isinstance = PyObject_IsInstance(obj, (PyObject*)FunctionDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; arguments_ty args; asdl_seq* body; asdl_seq* decorator_list; expr_ty returns; if (_PyObject_LookupAttrId(obj, &PyId_name, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from FunctionDef""); return 1; } else { int res; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_args, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from FunctionDef""); return 1; } else { int res; res = obj2ast_arguments(tmp, &args, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from FunctionDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_decorator_list, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from FunctionDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Py_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_returns, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); returns = NULL; } else { int res; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = FunctionDef(name, args, body, decorator_list, returns, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncFunctionDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; arguments_ty args; asdl_seq* body; asdl_seq* decorator_list; expr_ty returns; if (_PyObject_LookupAttrId(obj, &PyId_name, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from AsyncFunctionDef""); return 1; } else { int res; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_args, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from AsyncFunctionDef""); return 1; } else { int res; res = obj2ast_arguments(tmp, &args, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncFunctionDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFunctionDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFunctionDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_decorator_list, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from AsyncFunctionDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFunctionDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Py_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFunctionDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_returns, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); returns = NULL; } else { int res; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = AsyncFunctionDef(name, args, body, decorator_list, returns, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ClassDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; asdl_seq* bases; asdl_seq* keywords; asdl_seq* body; asdl_seq* decorator_list; if (_PyObject_LookupAttrId(obj, &PyId_name, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from ClassDef""); return 1; } else { int res; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_bases, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""bases\"" missing from ClassDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""bases\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); bases = _Py_asdl_seq_new(len, arena); if (bases == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""bases\"" changed size during iteration""); goto failed; } asdl_seq_SET(bases, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_keywords, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""keywords\"" missing from ClassDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""keywords\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); keywords = _Py_asdl_seq_new(len, arena); if (keywords == NULL) goto failed; for (i = 0; i < len; i++) { keyword_ty val; res = obj2ast_keyword(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""keywords\"" changed size during iteration""); goto failed; } asdl_seq_SET(keywords, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from ClassDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_decorator_list, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from ClassDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Py_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, val); } Py_CLEAR(tmp); } *out = ClassDef(name, bases, keywords, body, decorator_list, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Return_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); value = NULL; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Return(value, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Delete_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* targets; if (_PyObject_LookupAttrId(obj, &PyId_targets, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""targets\"" missing from Delete""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Delete field \""targets\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); targets = _Py_asdl_seq_new(len, arena); if (targets == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Delete field \""targets\"" changed size during iteration""); goto failed; } asdl_seq_SET(targets, i, val); } Py_CLEAR(tmp); } *out = Delete(targets, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Assign_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* targets; expr_ty value; if (_PyObject_LookupAttrId(obj, &PyId_targets, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""targets\"" missing from Assign""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Assign field \""targets\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); targets = _Py_asdl_seq_new(len, arena); if (targets == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Assign field \""targets\"" changed size during iteration""); goto failed; } asdl_seq_SET(targets, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Assign""); return 1; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Assign(targets, value, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AugAssign_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; operator_ty op; expr_ty value; if (_PyObject_LookupAttrId(obj, &PyId_target, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AugAssign""); return 1; } else { int res; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_op, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""op\"" missing from AugAssign""); return 1; } else { int res; res = obj2ast_operator(tmp, &op, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from AugAssign""); return 1; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = AugAssign(target, op, value, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AnnAssign_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty annotation; expr_ty value; int simple; if (_PyObject_LookupAttrId(obj, &PyId_target, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AnnAssign""); return 1; } else { int res; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_annotation, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""annotation\"" missing from AnnAssign""); return 1; } else { int res; res = obj2ast_expr(tmp, &annotation, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); value = NULL; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_simple, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""simple\"" missing from AnnAssign""); return 1; } else { int res; res = obj2ast_int(tmp, &simple, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = AnnAssign(target, annotation, value, simple, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)For_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty iter; asdl_seq* body; asdl_seq* orelse; if (_PyObject_LookupAttrId(obj, &PyId_target, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from For""); return 1; } else { int res; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_iter, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from For""); return 1; } else { int res; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from For""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""For field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""For field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from For""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""For field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""For field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } *out = For(target, iter, body, orelse, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncFor_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty iter; asdl_seq* body; asdl_seq* orelse; if (_PyObject_LookupAttrId(obj, &PyId_target, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AsyncFor""); return 1; } else { int res; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_iter, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from AsyncFor""); return 1; } else { int res; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncFor""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFor field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFor field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from AsyncFor""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFor field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFor field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } *out = AsyncFor(target, iter, body, orelse, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)While_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; asdl_seq* body; asdl_seq* orelse; if (_PyObject_LookupAttrId(obj, &PyId_test, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from While""); return 1; } else { int res; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from While""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""While field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""While field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from While""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""While field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""While field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } *out = While(test, body, orelse, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)If_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; asdl_seq* body; asdl_seq* orelse; if (_PyObject_LookupAttrId(obj, &PyId_test, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from If""); return 1; } else { int res; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from If""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""If field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""If field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from If""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""If field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""If field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } *out = If(test, body, orelse, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)With_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* items; asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_items, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""items\"" missing from With""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""With field \""items\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); items = _Py_asdl_seq_new(len, arena); if (items == NULL) goto failed; for (i = 0; i < len; i++) { withitem_ty val; res = obj2ast_withitem(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""With field \""items\"" changed size during iteration""); goto failed; } asdl_seq_SET(items, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from With""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""With field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""With field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = With(items, body, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncWith_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* items; asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_items, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""items\"" missing from AsyncWith""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncWith field \""items\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); items = _Py_asdl_seq_new(len, arena); if (items == NULL) goto failed; for (i = 0; i < len; i++) { withitem_ty val; res = obj2ast_withitem(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncWith field \""items\"" changed size during iteration""); goto failed; } asdl_seq_SET(items, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncWith""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncWith field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncWith field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = AsyncWith(items, body, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Raise_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty exc; expr_ty cause; if (_PyObject_LookupAttrId(obj, &PyId_exc, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); exc = NULL; } else { int res; res = obj2ast_expr(tmp, &exc, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_cause, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); cause = NULL; } else { int res; res = obj2ast_expr(tmp, &cause, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Raise(exc, cause, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Try_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; asdl_seq* handlers; asdl_seq* orelse; asdl_seq* finalbody; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Try""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_handlers, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""handlers\"" missing from Try""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""handlers\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); handlers = _Py_asdl_seq_new(len, arena); if (handlers == NULL) goto failed; for (i = 0; i < len; i++) { excepthandler_ty val; res = obj2ast_excepthandler(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""handlers\"" changed size during iteration""); goto failed; } asdl_seq_SET(handlers, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from Try""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_finalbody, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""finalbody\"" missing from Try""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""finalbody\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); finalbody = _Py_asdl_seq_new(len, arena); if (finalbody == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""finalbody\"" changed size during iteration""); goto failed; } asdl_seq_SET(finalbody, i, val); } Py_CLEAR(tmp); } *out = Try(body, handlers, orelse, finalbody, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Assert_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; expr_ty msg; if (_PyObject_LookupAttrId(obj, &PyId_test, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from Assert""); return 1; } else { int res; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_msg, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); msg = NULL; } else { int res; res = obj2ast_expr(tmp, &msg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Assert(test, msg, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Import_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_LookupAttrId(obj, &PyId_names, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Import""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Import field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Py_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { alias_ty val; res = obj2ast_alias(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Import field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, val); } Py_CLEAR(tmp); } *out = Import(names, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ImportFrom_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier module; asdl_seq* names; int level; if (_PyObject_LookupAttrId(obj, &PyId_module, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); module = NULL; } else { int res; res = obj2ast_identifier(tmp, &module, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_names, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from ImportFrom""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ImportFrom field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Py_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { alias_ty val; res = obj2ast_alias(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ImportFrom field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_level, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); level = 0; } else { int res; res = obj2ast_int(tmp, &level, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = ImportFrom(module, names, level, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Global_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_LookupAttrId(obj, &PyId_names, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Global""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Global field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Py_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { identifier val; res = obj2ast_identifier(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Global field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, val); } Py_CLEAR(tmp); } *out = Global(names, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Nonlocal_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_LookupAttrId(obj, &PyId_names, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Nonlocal""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Nonlocal field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Py_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { identifier val; res = obj2ast_identifier(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Nonlocal field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, val); } Py_CLEAR(tmp); } *out = Nonlocal(names, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Expr_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Expr""); return 1; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Expr(value, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Pass_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Pass(lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Break_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Break(lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Continue_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Continue(lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of stmt, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,270734675778851,1 4571,CWE-119,"int mp4client_main(int argc, char **argv) { char c; const char *str; int ret_val = 0; u32 i, times[100], nb_times, dump_mode; u32 simulation_time_in_ms = 0; u32 initial_service_id = 0; Bool auto_exit = GF_FALSE; Bool logs_set = GF_FALSE; Bool start_fs = GF_FALSE; Bool use_rtix = GF_FALSE; Bool pause_at_first = GF_FALSE; Bool no_cfg_save = GF_FALSE; Bool is_cfg_only = GF_FALSE; Double play_from = 0; #ifdef GPAC_MEMORY_TRACKING GF_MemTrackerType mem_track = GF_MemTrackerNone; #endif Double fps = GF_IMPORT_DEFAULT_FPS; Bool fill_ar, visible, do_uncache, has_command; char *url_arg, *out_arg, *the_cfg, *rti_file, *views, *mosaic; FILE *logfile = NULL; Float scale = 1; #ifndef WIN32 dlopen(NULL, RTLD_NOW|RTLD_GLOBAL); #endif strcpy(the_url, "".""); memset(&user, 0, sizeof(GF_User)); dump_mode = DUMP_NONE; fill_ar = visible = do_uncache = has_command = GF_FALSE; url_arg = out_arg = the_cfg = rti_file = views = mosaic = NULL; nb_times = 0; times[0] = 0; for (i=1; i<(u32) argc; i++) { char *arg = argv[i]; if (!strcmp(arg, ""-c"") || !strcmp(arg, ""-cfg"")) { the_cfg = argv[i+1]; i++; } else if (!strcmp(arg, ""-mem-track"") || !strcmp(arg, ""-mem-track-stack"")) { #ifdef GPAC_MEMORY_TRACKING mem_track = !strcmp(arg, ""-mem-track-stack"") ? GF_MemTrackerBackTrace : GF_MemTrackerSimple; #else fprintf(stderr, ""WARNING - GPAC not compiled with Memory Tracker - ignoring \""%s\""\n"", arg); #endif } else if (!strcmp(arg, ""-gui"")) { gui_mode = 1; } else if (!strcmp(arg, ""-guid"")) { gui_mode = 2; } else if (!strcmp(arg, ""-h"") || !strcmp(arg, ""-help"")) { PrintUsage(); return 0; } } #ifdef GPAC_MEMORY_TRACKING gf_sys_init(mem_track); #else gf_sys_init(GF_MemTrackerNone); #endif gf_sys_set_args(argc, (const char **) argv); cfg_file = gf_cfg_init(the_cfg, NULL); if (!cfg_file) { fprintf(stderr, ""Error: Configuration File not found\n""); return 1; } if (gf_log_set_tools_levels( gf_cfg_get_key(cfg_file, ""General"", ""Logs"") ) != GF_OK) { return 1; } if( gf_cfg_get_key(cfg_file, ""General"", ""Logs"") != NULL ) { logs_set = GF_TRUE; } if (!gui_mode) { str = gf_cfg_get_key(cfg_file, ""General"", ""ForceGUI""); if (str && !strcmp(str, ""yes"")) gui_mode = 1; } for (i=1; i<(u32) argc; i++) { char *arg = argv[i]; if (!strcmp(arg, ""-rti"")) { rti_file = argv[i+1]; i++; } else if (!strcmp(arg, ""-rtix"")) { rti_file = argv[i+1]; i++; use_rtix = GF_TRUE; } else if (!stricmp(arg, ""-size"")) { if (sscanf(argv[i+1], ""%dx%d"", &forced_width, &forced_height) != 2) { forced_width = forced_height = 0; } i++; } else if (!strcmp(arg, ""-quiet"")) { be_quiet = 1; } else if (!strcmp(arg, ""-strict-error"")) { gf_log_set_strict_error(1); } else if (!strcmp(arg, ""-log-file"") || !strcmp(arg, ""-lf"")) { logfile = gf_fopen(argv[i+1], ""wt""); gf_log_set_callback(logfile, on_gpac_log); i++; } else if (!strcmp(arg, ""-logs"") ) { if (gf_log_set_tools_levels(argv[i+1]) != GF_OK) { return 1; } logs_set = GF_TRUE; i++; } else if (!strcmp(arg, ""-log-clock"") || !strcmp(arg, ""-lc"")) { log_time_start = 1; } else if (!strcmp(arg, ""-log-utc"") || !strcmp(arg, ""-lu"")) { log_utc_time = 1; } #if defined(__DARWIN__) || defined(__APPLE__) else if (!strcmp(arg, ""-thread"")) threading_flags = 0; #else else if (!strcmp(arg, ""-no-thread"")) threading_flags = GF_TERM_NO_DECODER_THREAD | GF_TERM_NO_COMPOSITOR_THREAD | GF_TERM_WINDOW_NO_THREAD; #endif else if (!strcmp(arg, ""-no-cthread"") || !strcmp(arg, ""-no-compositor-thread"")) threading_flags |= GF_TERM_NO_COMPOSITOR_THREAD; else if (!strcmp(arg, ""-no-audio"")) no_audio = 1; else if (!strcmp(arg, ""-no-regulation"")) no_regulation = 1; else if (!strcmp(arg, ""-fs"")) start_fs = 1; else if (!strcmp(arg, ""-opt"")) { set_cfg_option(argv[i+1]); i++; } else if (!strcmp(arg, ""-conf"")) { set_cfg_option(argv[i+1]); is_cfg_only=GF_TRUE; i++; } else if (!strcmp(arg, ""-ifce"")) { gf_cfg_set_key(cfg_file, ""Network"", ""DefaultMCastInterface"", argv[i+1]); i++; } else if (!stricmp(arg, ""-help"")) { PrintUsage(); return 1; } else if (!stricmp(arg, ""-noprog"")) { no_prog=1; gf_set_progress_callback(NULL, progress_quiet); } else if (!stricmp(arg, ""-no-save"") || !stricmp(arg, ""--no-save"") ) { no_cfg_save=1; } else if (!stricmp(arg, ""-ntp-shift"")) { s32 shift = atoi(argv[i+1]); i++; gf_net_set_ntp_shift(shift); } else if (!stricmp(arg, ""-run-for"")) { simulation_time_in_ms = atoi(argv[i+1]) * 1000; if (!simulation_time_in_ms) simulation_time_in_ms = 1; i++; } else if (!strcmp(arg, ""-out"")) { out_arg = argv[i+1]; i++; } else if (!stricmp(arg, ""-fps"")) { fps = atof(argv[i+1]); i++; } else if (!strcmp(arg, ""-avi"") || !strcmp(arg, ""-sha"")) { dump_mode &= 0xFFFF0000; if (!strcmp(arg, ""-sha"")) dump_mode |= DUMP_SHA1; else dump_mode |= DUMP_AVI; if ((url_arg || (i+2<(u32)argc)) && get_time_list(argv[i+1], times, &nb_times)) { if (!strcmp(arg, ""-avi"") && (nb_times!=2) ) { fprintf(stderr, ""Only one time arg found for -avi - check usage\n""); return 1; } i++; } } else if (!strcmp(arg, ""-rgbds"")) { dump_mode |= DUMP_RGB_DEPTH_SHAPE; } else if (!strcmp(arg, ""-rgbd"")) { dump_mode |= DUMP_RGB_DEPTH; } else if (!strcmp(arg, ""-depth"")) { dump_mode |= DUMP_DEPTH_ONLY; } else if (!strcmp(arg, ""-bmp"")) { dump_mode &= 0xFFFF0000; dump_mode |= DUMP_BMP; if ((url_arg || (i+2<(u32)argc)) && get_time_list(argv[i+1], times, &nb_times)) i++; } else if (!strcmp(arg, ""-png"")) { dump_mode &= 0xFFFF0000; dump_mode |= DUMP_PNG; if ((url_arg || (i+2<(u32)argc)) && get_time_list(argv[i+1], times, &nb_times)) i++; } else if (!strcmp(arg, ""-raw"")) { dump_mode &= 0xFFFF0000; dump_mode |= DUMP_RAW; if ((url_arg || (i+2<(u32)argc)) && get_time_list(argv[i+1], times, &nb_times)) i++; } else if (!stricmp(arg, ""-scale"")) { sscanf(argv[i+1], ""%f"", &scale); i++; } else if (!strcmp(arg, ""-c"") || !strcmp(arg, ""-cfg"")) { i++; } if (!gui_mode) { if (arg[0] != '-') { if (url_arg) { fprintf(stderr, ""Several input URLs provided (\""%s\"", \""%s\""). Check your command-line.\n"", url_arg, arg); return 1; } url_arg = arg; } else if (!strcmp(arg, ""-loop"")) loop_at_end = 1; else if (!strcmp(arg, ""-bench"")) bench_mode = 1; else if (!strcmp(arg, ""-vbench"")) bench_mode = 2; else if (!strcmp(arg, ""-sbench"")) bench_mode = 3; else if (!strcmp(arg, ""-no-addon"")) enable_add_ons = GF_FALSE; else if (!strcmp(arg, ""-pause"")) pause_at_first = 1; else if (!strcmp(arg, ""-play-from"")) { play_from = atof((const char *) argv[i+1]); i++; } else if (!strcmp(arg, ""-speed"")) { playback_speed = FLT2FIX( atof((const char *) argv[i+1]) ); if (playback_speed <= 0) playback_speed = FIX_ONE; i++; } else if (!strcmp(arg, ""-no-wnd"")) user.init_flags |= GF_TERM_WINDOWLESS; else if (!strcmp(arg, ""-no-back"")) user.init_flags |= GF_TERM_WINDOW_TRANSPARENT; else if (!strcmp(arg, ""-align"")) { if (argv[i+1][0]=='m') align_mode = 1; else if (argv[i+1][0]=='b') align_mode = 2; align_mode <<= 8; if (argv[i+1][1]=='m') align_mode |= 1; else if (argv[i+1][1]=='r') align_mode |= 2; i++; } else if (!strcmp(arg, ""-fill"")) { fill_ar = GF_TRUE; } else if (!strcmp(arg, ""-show"")) { visible = 1; } else if (!strcmp(arg, ""-uncache"")) { do_uncache = GF_TRUE; } else if (!strcmp(arg, ""-exit"")) auto_exit = GF_TRUE; else if (!stricmp(arg, ""-views"")) { views = argv[i+1]; i++; } else if (!stricmp(arg, ""-mosaic"")) { mosaic = argv[i+1]; i++; } else if (!stricmp(arg, ""-com"")) { has_command = GF_TRUE; i++; } else if (!stricmp(arg, ""-service"")) { initial_service_id = atoi(argv[i+1]); i++; } } } if (is_cfg_only) { gf_cfg_del(cfg_file); fprintf(stderr, ""GPAC Config updated\n""); return 0; } if (do_uncache) { const char *cache_dir = gf_cfg_get_key(cfg_file, ""General"", ""CacheDirectory""); do_flatten_cache(cache_dir); fprintf(stderr, ""GPAC Cache dir %s flattened\n"", cache_dir); gf_cfg_del(cfg_file); return 0; } if (dump_mode && !url_arg ) { FILE *test; url_arg = (char *)gf_cfg_get_key(cfg_file, ""General"", ""StartupFile""); test = url_arg ? gf_fopen(url_arg, ""rt"") : NULL; if (!test) url_arg = NULL; else gf_fclose(test); if (!url_arg) { fprintf(stderr, ""Missing argument for dump\n""); PrintUsage(); if (logfile) gf_fclose(logfile); return 1; } } if (!gui_mode && !url_arg && (gf_cfg_get_key(cfg_file, ""General"", ""StartupFile"") != NULL)) { gui_mode=1; } #ifdef WIN32 if (gui_mode==1) { const char *opt; TCHAR buffer[1024]; DWORD res = GetCurrentDirectory(1024, buffer); buffer[res] = 0; opt = gf_cfg_get_key(cfg_file, ""General"", ""ModulesDirectory""); if (strstr(opt, buffer)) { gui_mode=1; } else { gui_mode=2; } } #endif if (gui_mode==1) { hide_shell(1); } if (gui_mode) { no_prog=1; gf_set_progress_callback(NULL, progress_quiet); } if (!url_arg && simulation_time_in_ms) simulation_time_in_ms += gf_sys_clock(); #if defined(__DARWIN__) || defined(__APPLE__) carbon_init(); #endif if (dump_mode) rti_file = NULL; if (!logs_set) { gf_log_set_tool_level(GF_LOG_ALL, GF_LOG_WARNING); } if (rti_file || logfile || log_utc_time || log_time_start) gf_log_set_callback(NULL, on_gpac_log); if (rti_file) init_rti_logs(rti_file, url_arg, use_rtix); { GF_SystemRTInfo rti; if (gf_sys_get_rti(0, &rti, 0)) fprintf(stderr, ""System info: %d MB RAM - %d cores\n"", (u32) (rti.physical_memory/1024/1024), rti.nb_cores); } if (dump_mode) { user.init_flags |= GF_TERM_NO_DECODER_THREAD | GF_TERM_NO_COMPOSITOR_THREAD | GF_TERM_NO_REGULATION; if (!visible) user.init_flags |= GF_TERM_INIT_HIDE; gf_cfg_set_key(cfg_file, ""Audio"", ""DriverName"", ""Raw Audio Output""); no_cfg_save=GF_TRUE; } else { init_w = forced_width; init_h = forced_height; } user.modules = gf_modules_new(NULL, cfg_file); if (user.modules) i = gf_modules_get_count(user.modules); if (!i || !user.modules) { fprintf(stderr, ""Error: no modules found - exiting\n""); if (user.modules) gf_modules_del(user.modules); gf_cfg_del(cfg_file); gf_sys_close(); if (logfile) gf_fclose(logfile); return 1; } fprintf(stderr, ""Modules Found : %d \n"", i); str = gf_cfg_get_key(cfg_file, ""General"", ""GPACVersion""); if (!str || strcmp(str, GPAC_FULL_VERSION)) { gf_cfg_del_section(cfg_file, ""PluginsCache""); gf_cfg_set_key(cfg_file, ""General"", ""GPACVersion"", GPAC_FULL_VERSION); } user.config = cfg_file; user.EventProc = GPAC_EventProc; user.opaque = user.modules; if (threading_flags) user.init_flags |= threading_flags; if (no_audio) user.init_flags |= GF_TERM_NO_AUDIO; if (no_regulation) user.init_flags |= GF_TERM_NO_REGULATION; if (threading_flags & (GF_TERM_NO_DECODER_THREAD|GF_TERM_NO_COMPOSITOR_THREAD) ) term_step = GF_TRUE; if (dump_mode) user.init_flags |= GF_TERM_USE_AUDIO_HW_CLOCK; if (bench_mode) { gf_cfg_discard_changes(user.config); auto_exit = GF_TRUE; gf_cfg_set_key(user.config, ""Audio"", ""DriverName"", ""Raw Audio Output""); if (bench_mode!=2) { gf_cfg_set_key(user.config, ""Video"", ""DriverName"", ""Raw Video Output""); gf_cfg_set_key(user.config, ""RAWVideo"", ""RawOutput"", ""null""); gf_cfg_set_key(user.config, ""Compositor"", ""OpenGLMode"", ""disable""); } else { gf_cfg_set_key(user.config, ""Video"", ""DisableVSync"", ""yes""); } } { char dim[50]; sprintf(dim, ""%d"", forced_width); gf_cfg_set_key(user.config, ""Compositor"", ""DefaultWidth"", forced_width ? dim : NULL); sprintf(dim, ""%d"", forced_height); gf_cfg_set_key(user.config, ""Compositor"", ""DefaultHeight"", forced_height ? dim : NULL); } fprintf(stderr, ""Loading GPAC Terminal\n""); i = gf_sys_clock(); term = gf_term_new(&user); if (!term) { fprintf(stderr, ""\nInit error - check you have at least one video out and one rasterizer...\nFound modules:\n""); list_modules(user.modules); gf_modules_del(user.modules); gf_cfg_discard_changes(cfg_file); gf_cfg_del(cfg_file); gf_sys_close(); if (logfile) gf_fclose(logfile); return 1; } fprintf(stderr, ""Terminal Loaded in %d ms\n"", gf_sys_clock()-i); if (bench_mode) { display_rti = 2; gf_term_set_option(term, GF_OPT_VIDEO_BENCH, (bench_mode==3) ? 2 : 1); if (bench_mode==1) bench_mode=2; } if (dump_mode) { if (fill_ar) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_FILL_SCREEN); } else { str = gf_cfg_get_key(cfg_file, ""Video"", ""DriverName""); if (!bench_mode && !strcmp(str, ""Raw Video Output"")) fprintf(stderr, ""WARNING: using raw output video (memory only) - no display used\n""); str = gf_cfg_get_key(cfg_file, ""Audio"", ""DriverName""); if (!str || !strcmp(str, ""No Audio Output Available"")) fprintf(stderr, ""WARNING: no audio output available - make sure no other program is locking the sound card\n""); str = gf_cfg_get_key(cfg_file, ""General"", ""NoMIMETypeFetch""); no_mime_check = (str && !stricmp(str, ""yes"")) ? 1 : 0; } str = gf_cfg_get_key(cfg_file, ""HTTPProxy"", ""Enabled""); if (str && !strcmp(str, ""yes"")) { str = gf_cfg_get_key(cfg_file, ""HTTPProxy"", ""Name""); if (str) fprintf(stderr, ""HTTP Proxy %s enabled\n"", str); } if (rti_file) { str = gf_cfg_get_key(cfg_file, ""General"", ""RTIRefreshPeriod""); if (str) { rti_update_time_ms = atoi(str); } else { gf_cfg_set_key(cfg_file, ""General"", ""RTIRefreshPeriod"", ""200""); } UpdateRTInfo(""At GPAC load time\n""); } Run = 1; if (dump_mode) { if (!nb_times) { times[0] = 0; nb_times++; } ret_val = dump_file(url_arg, out_arg, dump_mode, fps, forced_width, forced_height, scale, times, nb_times); Run = 0; } else if (views) { } else if (!gui_mode && url_arg) { char *ext; strcpy(the_url, url_arg); ext = strrchr(the_url, '.'); if (ext && (!stricmp(ext, "".m3u"") || !stricmp(ext, "".pls""))) { GF_Err e = GF_OK; fprintf(stderr, ""Opening Playlist %s\n"", the_url); strcpy(pl_path, the_url); if (!strncmp(""http:"", the_url, 5)) { GF_DownloadSession *sess = gf_dm_sess_new(term->downloader, the_url, GF_NETIO_SESSION_NOT_THREADED, NULL, NULL, &e); if (sess) { e = gf_dm_sess_process(sess); if (!e) strcpy(the_url, gf_dm_sess_get_cache_name(sess)); gf_dm_sess_del(sess); } } playlist = e ? NULL : gf_fopen(the_url, ""rt""); readonly_playlist = 1; if (playlist) { request_next_playlist_item = GF_TRUE; } else { if (e) fprintf(stderr, ""Failed to open playlist %s: %s\n"", the_url, gf_error_to_string(e) ); fprintf(stderr, ""Hit 'h' for help\n\n""); } } else { fprintf(stderr, ""Opening URL %s\n"", the_url); if (pause_at_first) fprintf(stderr, ""[Status: Paused]\n""); gf_term_connect_from_time(term, the_url, (u64) (play_from*1000), pause_at_first); } } else { fprintf(stderr, ""Hit 'h' for help\n\n""); str = gf_cfg_get_key(cfg_file, ""General"", ""StartupFile""); if (str) { strcpy(the_url, ""MP4Client ""GPAC_FULL_VERSION); gf_term_connect(term, str); startup_file = 1; is_connected = 1; } } if (gui_mode==2) gui_mode=0; if (start_fs) gf_term_set_option(term, GF_OPT_FULLSCREEN, 1); if (views) { char szTemp[4046]; sprintf(szTemp, ""views://%s"", views); gf_term_connect(term, szTemp); } if (mosaic) { char szTemp[4046]; sprintf(szTemp, ""mosaic://%s"", mosaic); gf_term_connect(term, szTemp); } if (bench_mode) { rti_update_time_ms = 500; bench_mode_start = gf_sys_clock(); } while (Run) { if ((gui_mode==1) || !gf_prompt_has_input()) { if (reload) { reload = 0; gf_term_disconnect(term); gf_term_connect(term, startup_file ? gf_cfg_get_key(cfg_file, ""General"", ""StartupFile"") : the_url); } if (restart && gf_term_get_option(term, GF_OPT_IS_OVER)) { restart = 0; gf_term_play_from_time(term, 0, 0); } if (request_next_playlist_item) { c = '\n'; request_next_playlist_item = 0; goto force_input; } if (has_command && is_connected) { has_command = GF_FALSE; for (i=0; i<(u32)argc; i++) { if (!strcmp(argv[i], ""-com"")) { gf_term_scene_update(term, NULL, argv[i+1]); i++; } } } if (initial_service_id && is_connected) { GF_ObjectManager *root_od = gf_term_get_root_object(term); if (root_od) { gf_term_select_service(term, root_od, initial_service_id); initial_service_id = 0; } } if (!use_rtix || display_rti) UpdateRTInfo(NULL); if (term_step) { gf_term_process_step(term); } else { gf_sleep(rti_update_time_ms); } if (auto_exit && eos_seen && gf_term_get_option(term, GF_OPT_IS_OVER)) { Run = GF_FALSE; } if (simulation_time_in_ms && ( (gf_term_get_elapsed_time_in_ms(term)>simulation_time_in_ms) || (!url_arg && gf_sys_clock()>simulation_time_in_ms)) ) { Run = GF_FALSE; } continue; } c = gf_prompt_get_char(); force_input: switch (c) { case 'q': { GF_Event evt; memset(&evt, 0, sizeof(GF_Event)); evt.type = GF_EVENT_QUIT; gf_term_send_event(term, &evt); } break; case 'X': exit(0); break; case 'Q': break; case 'o': startup_file = 0; gf_term_disconnect(term); fprintf(stderr, ""Enter the absolute URL\n""); if (1 > scanf(""%s"", the_url)) { fprintf(stderr, ""Cannot read absolute URL, aborting\n""); break; } if (rti_file) init_rti_logs(rti_file, the_url, use_rtix); gf_term_connect(term, the_url); break; case 'O': gf_term_disconnect(term); fprintf(stderr, ""Enter the absolute URL to the playlist\n""); if (1 > scanf(""%s"", the_url)) { fprintf(stderr, ""Cannot read the absolute URL, aborting.\n""); break; } playlist = gf_fopen(the_url, ""rt""); if (playlist) { if (1 > fscanf(playlist, ""%s"", the_url)) { fprintf(stderr, ""Cannot read any URL from playlist, aborting.\n""); gf_fclose( playlist); break; } fprintf(stderr, ""Opening URL %s\n"", the_url); gf_term_connect(term, the_url); } break; case '\n': case 'N': if (playlist) { int res; gf_term_disconnect(term); res = fscanf(playlist, ""%s"", the_url); if ((res == EOF) && loop_at_end) { fseek(playlist, 0, SEEK_SET); res = fscanf(playlist, ""%s"", the_url); } if (res == EOF) { fprintf(stderr, ""No more items - exiting\n""); Run = 0; } else if (the_url[0] == '#') { request_next_playlist_item = GF_TRUE; } else { fprintf(stderr, ""Opening URL %s\n"", the_url); gf_term_connect_with_path(term, the_url, pl_path); } } break; case 'P': if (playlist) { u32 count; gf_term_disconnect(term); if (1 > scanf(""%u"", &count)) { fprintf(stderr, ""Cannot read number, aborting.\n""); break; } while (count) { if (fscanf(playlist, ""%s"", the_url)) { fprintf(stderr, ""Failed to read line, aborting\n""); break; } count--; } fprintf(stderr, ""Opening URL %s\n"", the_url); gf_term_connect(term, the_url); } break; case 'r': if (is_connected) reload = 1; break; case 'D': if (is_connected) gf_term_disconnect(term); break; case 'p': if (is_connected) { Bool is_pause = gf_term_get_option(term, GF_OPT_PLAY_STATE); fprintf(stderr, ""[Status: %s]\n"", is_pause ? ""Playing"" : ""Paused""); gf_term_set_option(term, GF_OPT_PLAY_STATE, is_pause ? GF_STATE_PLAYING : GF_STATE_PAUSED); } break; case 's': if (is_connected) { gf_term_set_option(term, GF_OPT_PLAY_STATE, GF_STATE_STEP_PAUSE); fprintf(stderr, ""Step time: ""); PrintTime(gf_term_get_time_in_ms(term)); fprintf(stderr, ""\n""); } break; case 'z': case 'T': if (!CanSeek || (Duration<=2000)) { fprintf(stderr, ""scene not seekable\n""); } else { Double res; s32 seekTo; fprintf(stderr, ""Duration: ""); PrintTime(Duration); res = gf_term_get_time_in_ms(term); if (c=='z') { res *= 100; res /= (s64)Duration; fprintf(stderr, "" (current %.2f %%)\nEnter Seek percentage:\n"", res); if (scanf(""%d"", &seekTo) == 1) { if (seekTo > 100) seekTo = 100; res = (Double)(s64)Duration; res /= 100; res *= seekTo; gf_term_play_from_time(term, (u64) (s64) res, 0); } } else { u32 r, h, m, s; fprintf(stderr, "" - Current Time: ""); PrintTime((u64) res); fprintf(stderr, ""\nEnter seek time (Format: s, m:s or h:m:s):\n""); h = m = s = 0; r =scanf(""%d:%d:%d"", &h, &m, &s); if (r==2) { s = m; m = h; h = 0; } else if (r==1) { s = h; m = h = 0; } if (r && (r<=3)) { u64 time = h*3600 + m*60 + s; gf_term_play_from_time(term, time*1000, 0); } } } break; case 't': { if (is_connected) { fprintf(stderr, ""Current Time: ""); PrintTime(gf_term_get_time_in_ms(term)); fprintf(stderr, "" - Duration: ""); PrintTime(Duration); fprintf(stderr, ""\n""); } } break; case 'w': if (is_connected) PrintWorldInfo(term); break; case 'v': if (is_connected) PrintODList(term, NULL, 0, 0, ""Root""); break; case 'i': if (is_connected) { u32 ID; fprintf(stderr, ""Enter OD ID (0 for main OD): ""); fflush(stderr); if (scanf(""%ud"", &ID) == 1) { ViewOD(term, ID, (u32)-1, NULL); } else { char str_url[GF_MAX_PATH]; if (scanf(""%s"", str_url) == 1) ViewOD(term, 0, (u32)-1, str_url); } } break; case 'j': if (is_connected) { u32 num; do { fprintf(stderr, ""Enter OD number (0 for main OD): ""); fflush(stderr); } while( 1 > scanf(""%ud"", &num)); ViewOD(term, (u32)-1, num, NULL); } break; case 'b': if (is_connected) ViewODs(term, 1); break; case 'm': if (is_connected) ViewODs(term, 0); break; case 'l': list_modules(user.modules); break; case 'n': if (is_connected) set_navigation(); break; case 'x': if (is_connected) gf_term_set_option(term, GF_OPT_NAVIGATION_TYPE, 0); break; case 'd': if (is_connected) { GF_ObjectManager *odm = NULL; char radname[GF_MAX_PATH], *sExt; GF_Err e; u32 i, count, odid; Bool xml_dump, std_out; radname[0] = 0; do { fprintf(stderr, ""Enter Inline OD ID if any or 0 : ""); fflush(stderr); } while( 1 > scanf(""%ud"", &odid)); if (odid) { GF_ObjectManager *root_odm = gf_term_get_root_object(term); if (!root_odm) break; count = gf_term_get_object_count(term, root_odm); for (i=0; iobjectDescriptorID==odid) break; } odm = NULL; } } do { fprintf(stderr, ""Enter file radical name (+\'.x\' for XML dumping) - \""std\"" for stderr: ""); fflush(stderr); } while( 1 > scanf(""%s"", radname)); sExt = strrchr(radname, '.'); xml_dump = 0; if (sExt) { if (!stricmp(sExt, "".x"")) xml_dump = 1; sExt[0] = 0; } std_out = strnicmp(radname, ""std"", 3) ? 0 : 1; e = gf_term_dump_scene(term, std_out ? NULL : radname, NULL, xml_dump, 0, odm); fprintf(stderr, ""Dump done (%s)\n"", gf_error_to_string(e)); } break; case 'c': PrintGPACConfig(); break; case '3': { Bool use_3d = !gf_term_get_option(term, GF_OPT_USE_OPENGL); if (gf_term_set_option(term, GF_OPT_USE_OPENGL, use_3d)==GF_OK) { fprintf(stderr, ""Using %s for 2D drawing\n"", use_3d ? ""OpenGL"" : ""2D rasterizer""); } } break; case 'k': { Bool opt = gf_term_get_option(term, GF_OPT_STRESS_MODE); opt = !opt; fprintf(stderr, ""Turning stress mode %s\n"", opt ? ""on"" : ""off""); gf_term_set_option(term, GF_OPT_STRESS_MODE, opt); } break; case '4': gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_4_3); break; case '5': gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_16_9); break; case '6': gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_FILL_SCREEN); break; case '7': gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_KEEP); break; case 'C': switch (gf_term_get_option(term, GF_OPT_MEDIA_CACHE)) { case GF_MEDIA_CACHE_DISABLED: gf_term_set_option(term, GF_OPT_MEDIA_CACHE, GF_MEDIA_CACHE_ENABLED); break; case GF_MEDIA_CACHE_ENABLED: gf_term_set_option(term, GF_OPT_MEDIA_CACHE, GF_MEDIA_CACHE_DISABLED); break; case GF_MEDIA_CACHE_RUNNING: fprintf(stderr, ""Streaming Cache is running - please stop it first\n""); continue; } switch (gf_term_get_option(term, GF_OPT_MEDIA_CACHE)) { case GF_MEDIA_CACHE_ENABLED: fprintf(stderr, ""Streaming Cache Enabled\n""); break; case GF_MEDIA_CACHE_DISABLED: fprintf(stderr, ""Streaming Cache Disabled\n""); break; case GF_MEDIA_CACHE_RUNNING: fprintf(stderr, ""Streaming Cache Running\n""); break; } break; case 'S': case 'A': if (gf_term_get_option(term, GF_OPT_MEDIA_CACHE)==GF_MEDIA_CACHE_RUNNING) { gf_term_set_option(term, GF_OPT_MEDIA_CACHE, (c=='S') ? GF_MEDIA_CACHE_DISABLED : GF_MEDIA_CACHE_DISCARD); fprintf(stderr, ""Streaming Cache stopped\n""); } else { fprintf(stderr, ""Streaming Cache not running\n""); } break; case 'R': display_rti = !display_rti; ResetCaption(); break; case 'F': if (display_rti) display_rti = 0; else display_rti = 2; ResetCaption(); break; case 'u': { GF_Err e; char szCom[8192]; fprintf(stderr, ""Enter command to send:\n""); fflush(stdin); szCom[0] = 0; if (1 > scanf(""%[^\t\n]"", szCom)) { fprintf(stderr, ""Cannot read command to send, aborting.\n""); break; } e = gf_term_scene_update(term, NULL, szCom); if (e) fprintf(stderr, ""Processing command failed: %s\n"", gf_error_to_string(e)); } break; case 'e': { GF_Err e; char jsCode[8192]; fprintf(stderr, ""Enter JavaScript code to evaluate:\n""); fflush(stdin); jsCode[0] = 0; if (1 > scanf(""%[^\t\n]"", jsCode)) { fprintf(stderr, ""Cannot read code to evaluate, aborting.\n""); break; } e = gf_term_scene_update(term, ""application/ecmascript"", jsCode); if (e) fprintf(stderr, ""Processing JS code failed: %s\n"", gf_error_to_string(e)); } break; case 'L': { char szLog[1024], *cur_logs; cur_logs = gf_log_get_tools_levels(); fprintf(stderr, ""Enter new log level (current tools %s):\n"", cur_logs); gf_free(cur_logs); if (scanf(""%s"", szLog) < 1) { fprintf(stderr, ""Cannot read new log level, aborting.\n""); break; } gf_log_modify_tools_levels(szLog); } break; case 'g': { GF_SystemRTInfo rti; gf_sys_get_rti(rti_update_time_ms, &rti, 0); fprintf(stderr, ""GPAC allocated memory ""LLD""\n"", rti.gpac_memory); } break; case 'M': { u32 size; do { fprintf(stderr, ""Enter new video cache memory in kBytes (current %ud):\n"", gf_term_get_option(term, GF_OPT_VIDEO_CACHE_SIZE)); } while (1 > scanf(""%ud"", &size)); gf_term_set_option(term, GF_OPT_VIDEO_CACHE_SIZE, size); } break; case 'H': { u32 http_bitrate = gf_term_get_option(term, GF_OPT_HTTP_MAX_RATE); do { fprintf(stderr, ""Enter new http bitrate in bps (0 for none) - current limit: %d\n"", http_bitrate); } while (1 > scanf(""%ud"", &http_bitrate)); gf_term_set_option(term, GF_OPT_HTTP_MAX_RATE, http_bitrate); } break; case 'E': gf_term_set_option(term, GF_OPT_RELOAD_CONFIG, 1); break; case 'B': switch_bench(!bench_mode); break; case 'Y': { char szOpt[8192]; fprintf(stderr, ""Enter option to set (Section:Name=Value):\n""); fflush(stdin); szOpt[0] = 0; if (1 > scanf(""%[^\t\n]"", szOpt)) { fprintf(stderr, ""Cannot read option\n""); break; } set_cfg_option(szOpt); } break; case 'Z': { char szFileName[100]; u32 nb_pass, nb_views, offscreen_view = 0; GF_VideoSurface fb; GF_Err e; nb_pass = 1; nb_views = gf_term_get_option(term, GF_OPT_NUM_STEREO_VIEWS); if (nb_views>1) { fprintf(stderr, ""Auto-stereo mode detected - type number of view to dump (0 is main output, 1 to %d offscreen view, %d for all offscreen, %d for all offscreen and main)\n"", nb_views, nb_views+1, nb_views+2); if (scanf(""%d"", &offscreen_view) != 1) { offscreen_view = 0; } if (offscreen_view==nb_views+1) { offscreen_view = 1; nb_pass = nb_views; } else if (offscreen_view==nb_views+2) { offscreen_view = 0; nb_pass = nb_views+1; } } while (nb_pass) { nb_pass--; if (offscreen_view) { sprintf(szFileName, ""view%d_dump.png"", offscreen_view); e = gf_term_get_offscreen_buffer(term, &fb, offscreen_view-1, 0); } else { sprintf(szFileName, ""gpac_video_dump_""LLU"".png"", gf_net_get_utc() ); e = gf_term_get_screen_buffer(term, &fb); } offscreen_view++; if (e) { fprintf(stderr, ""Error dumping screen buffer %s\n"", gf_error_to_string(e) ); nb_pass = 0; } else { #ifndef GPAC_DISABLE_AV_PARSERS u32 dst_size = fb.width*fb.height*4; char *dst = (char*)gf_malloc(sizeof(char)*dst_size); e = gf_img_png_enc(fb.video_buffer, fb.width, fb.height, fb.pitch_y, fb.pixel_format, dst, &dst_size); if (e) { fprintf(stderr, ""Error encoding PNG %s\n"", gf_error_to_string(e) ); nb_pass = 0; } else { FILE *png = gf_fopen(szFileName, ""wb""); if (!png) { fprintf(stderr, ""Error writing file %s\n"", szFileName); nb_pass = 0; } else { gf_fwrite(dst, dst_size, 1, png); gf_fclose(png); fprintf(stderr, ""Dump to %s\n"", szFileName); } } if (dst) gf_free(dst); gf_term_release_screen_buffer(term, &fb); #endif } } fprintf(stderr, ""Done: %s\n"", szFileName); } break; case 'G': { GF_ObjectManager *root_od, *odm; u32 index; char szOpt[8192]; fprintf(stderr, ""Enter 0-based index of object to select or service ID:\n""); fflush(stdin); szOpt[0] = 0; if (1 > scanf(""%[^\t\n]"", szOpt)) { fprintf(stderr, ""Cannot read OD ID\n""); break; } index = atoi(szOpt); odm = NULL; root_od = gf_term_get_root_object(term); if (root_od) { if ( gf_term_find_service(term, root_od, index)) { gf_term_select_service(term, root_od, index); } else { fprintf(stderr, ""Cannot find service %d - trying with object index\n"", index); odm = gf_term_get_object(term, root_od, index); if (odm) { gf_term_select_object(term, odm); } else { fprintf(stderr, ""Cannot find object at index %d\n"", index); } } } } break; case 'h': PrintHelp(); break; default: break; } } if (bench_mode) { PrintAVInfo(GF_TRUE); } if (simulation_time_in_ms) { gf_log_set_strict_error(0); } i = gf_sys_clock(); gf_term_disconnect(term); if (rti_file) UpdateRTInfo(""Disconnected\n""); fprintf(stderr, ""Deleting terminal... ""); if (playlist) gf_fclose(playlist); #if defined(__DARWIN__) || defined(__APPLE__) carbon_uninit(); #endif gf_term_del(term); fprintf(stderr, ""done (in %d ms) - ran for %d ms\n"", gf_sys_clock() - i, gf_sys_clock()); fprintf(stderr, ""GPAC cleanup ...\n""); gf_modules_del(user.modules); if (no_cfg_save) gf_cfg_discard_changes(cfg_file); gf_cfg_del(cfg_file); gf_sys_close(); if (rti_logs) gf_fclose(rti_logs); if (logfile) gf_fclose(logfile); if (gui_mode) { hide_shell(2); } #ifdef GPAC_MEMORY_TRACKING if (mem_track && (gf_memory_size() || gf_file_handles_count() )) { gf_log_set_tool_level(GF_LOG_MEMORY, GF_LOG_INFO); gf_memory_print(); return 2; } #endif return ret_val; }",visit repo url,applications/mp4client/main.c,https://github.com/gpac/gpac,242394218598973,1 6410,CWE-20,"error_t ksz8851Init(NetInterface *interface) { Ksz8851Context *context; context = (Ksz8851Context *) interface->nicContext; TRACE_INFO(""Initializing KSZ8851 Ethernet controller...\r\n""); #if (KSZ8851_SPI_SUPPORT == ENABLED) interface->spiDriver->init(); #endif interface->extIntDriver->init(); TRACE_DEBUG(""CIDER=0x%04"" PRIX16 ""\r\n"", ksz8851ReadReg(interface, KSZ8851_REG_CIDER)); TRACE_DEBUG(""PHY1ILR=0x%04"" PRIX16 ""\r\n"", ksz8851ReadReg(interface, KSZ8851_REG_PHY1ILR)); TRACE_DEBUG(""PHY1IHR=0x%04"" PRIX16 ""\r\n"", ksz8851ReadReg(interface, KSZ8851_REG_PHY1IHR)); if(ksz8851ReadReg(interface, KSZ8851_REG_CIDER) != KSZ8851_REV_A3_ID) { return ERROR_WRONG_IDENTIFIER; } ksz8851DumpReg(interface); context->frameId = 0; context->txBuffer = memPoolAlloc(ETH_MAX_FRAME_SIZE); context->rxBuffer = memPoolAlloc(ETH_MAX_FRAME_SIZE); if(context->txBuffer == NULL || context->rxBuffer == NULL) { memPoolFree(context->txBuffer); memPoolFree(context->rxBuffer); return ERROR_OUT_OF_MEMORY; } ksz8851WriteReg(interface, KSZ8851_REG_MARH, htons(interface->macAddr.w[0])); ksz8851WriteReg(interface, KSZ8851_REG_MARM, htons(interface->macAddr.w[1])); ksz8851WriteReg(interface, KSZ8851_REG_MARL, htons(interface->macAddr.w[2])); ksz8851WriteReg(interface, KSZ8851_REG_TXCR, TXCR_TXFCE | TXCR_TXPE | TXCR_TXCE); ksz8851WriteReg(interface, KSZ8851_REG_TXFDPR, TXFDPR_TXFPAI); ksz8851WriteReg(interface, KSZ8851_REG_RXCR1, RXCR1_RXPAFMA | RXCR1_RXFCE | RXCR1_RXBE | RXCR1_RXME | RXCR1_RXUE); ksz8851WriteReg(interface, KSZ8851_REG_RXCR2, RXCR2_SRDBL2 | RXCR2_IUFFP | RXCR2_RXIUFCEZ); ksz8851WriteReg(interface, KSZ8851_REG_RXQCR, RXQCR_RXFCTE | RXQCR_ADRFE); ksz8851WriteReg(interface, KSZ8851_REG_RXFDPR, RXFDPR_RXFPAI); ksz8851WriteReg(interface, KSZ8851_REG_RXFCTR, 1); ksz8851ClearBit(interface, KSZ8851_REG_P1CR, P1CR_FORCE_DUPLEX); ksz8851SetBit(interface, KSZ8851_REG_P1CR, P1CR_RESTART_AN); ksz8851SetBit(interface, KSZ8851_REG_ISR, ISR_LCIS | ISR_TXIS | ISR_RXIS | ISR_RXOIS | ISR_TXPSIS | ISR_RXPSIS | ISR_TXSAIS | ISR_RXWFDIS | ISR_RXMPDIS | ISR_LDIS | ISR_EDIS | ISR_SPIBEIS); ksz8851SetBit(interface, KSZ8851_REG_IER, IER_LCIE | IER_TXIE | IER_RXIE); ksz8851SetBit(interface, KSZ8851_REG_TXCR, TXCR_TXE); ksz8851SetBit(interface, KSZ8851_REG_RXCR1, RXCR1_RXE); osSetEvent(&interface->nicTxEvent); interface->nicEvent = TRUE; osSetEvent(&netEvent); return NO_ERROR; }",visit repo url,drivers/eth/ksz8851_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,21526698071846,1 2413,['CWE-119'],"int diff_opt_parse(struct diff_options *options, const char **av, int ac) { const char *arg = av[0]; if (!strcmp(arg, ""-p"") || !strcmp(arg, ""-u"")) options->output_format |= DIFF_FORMAT_PATCH; else if (opt_arg(arg, 'U', ""unified"", &options->context)) options->output_format |= DIFF_FORMAT_PATCH; else if (!strcmp(arg, ""--raw"")) options->output_format |= DIFF_FORMAT_RAW; else if (!strcmp(arg, ""--patch-with-raw"")) options->output_format |= DIFF_FORMAT_PATCH | DIFF_FORMAT_RAW; else if (!strcmp(arg, ""--numstat"")) options->output_format |= DIFF_FORMAT_NUMSTAT; else if (!strcmp(arg, ""--shortstat"")) options->output_format |= DIFF_FORMAT_SHORTSTAT; else if (opt_arg(arg, 'X', ""dirstat"", &options->dirstat_percent)) options->output_format |= DIFF_FORMAT_DIRSTAT; else if (!strcmp(arg, ""--cumulative"")) options->output_format |= DIFF_FORMAT_CUMULATIVE; else if (!strcmp(arg, ""--check"")) options->output_format |= DIFF_FORMAT_CHECKDIFF; else if (!strcmp(arg, ""--summary"")) options->output_format |= DIFF_FORMAT_SUMMARY; else if (!strcmp(arg, ""--patch-with-stat"")) options->output_format |= DIFF_FORMAT_PATCH | DIFF_FORMAT_DIFFSTAT; else if (!strcmp(arg, ""--name-only"")) options->output_format |= DIFF_FORMAT_NAME; else if (!strcmp(arg, ""--name-status"")) options->output_format |= DIFF_FORMAT_NAME_STATUS; else if (!strcmp(arg, ""-s"")) options->output_format |= DIFF_FORMAT_NO_OUTPUT; else if (!prefixcmp(arg, ""--stat"")) { char *end; int width = options->stat_width; int name_width = options->stat_name_width; arg += 6; end = (char *)arg; switch (*arg) { case '-': if (!prefixcmp(arg, ""-width="")) width = strtoul(arg + 7, &end, 10); else if (!prefixcmp(arg, ""-name-width="")) name_width = strtoul(arg + 12, &end, 10); break; case '=': width = strtoul(arg+1, &end, 10); if (*end == ',') name_width = strtoul(end+1, &end, 10); } if (*end) return 0; options->output_format |= DIFF_FORMAT_DIFFSTAT; options->stat_name_width = name_width; options->stat_width = width; } else if (!prefixcmp(arg, ""-B"")) { if ((options->break_opt = diff_scoreopt_parse(arg)) == -1) return -1; } else if (!prefixcmp(arg, ""-M"")) { if ((options->rename_score = diff_scoreopt_parse(arg)) == -1) return -1; options->detect_rename = DIFF_DETECT_RENAME; } else if (!prefixcmp(arg, ""-C"")) { if (options->detect_rename == DIFF_DETECT_COPY) DIFF_OPT_SET(options, FIND_COPIES_HARDER); if ((options->rename_score = diff_scoreopt_parse(arg)) == -1) return -1; options->detect_rename = DIFF_DETECT_COPY; } else if (!strcmp(arg, ""--no-renames"")) options->detect_rename = 0; else if (!strcmp(arg, ""--relative"")) DIFF_OPT_SET(options, RELATIVE_NAME); else if (!prefixcmp(arg, ""--relative="")) { DIFF_OPT_SET(options, RELATIVE_NAME); options->prefix = arg + 11; } else if (!strcmp(arg, ""-w"") || !strcmp(arg, ""--ignore-all-space"")) options->xdl_opts |= XDF_IGNORE_WHITESPACE; else if (!strcmp(arg, ""-b"") || !strcmp(arg, ""--ignore-space-change"")) options->xdl_opts |= XDF_IGNORE_WHITESPACE_CHANGE; else if (!strcmp(arg, ""--ignore-space-at-eol"")) options->xdl_opts |= XDF_IGNORE_WHITESPACE_AT_EOL; else if (!strcmp(arg, ""--binary"")) { options->output_format |= DIFF_FORMAT_PATCH; DIFF_OPT_SET(options, BINARY); } else if (!strcmp(arg, ""--full-index"")) DIFF_OPT_SET(options, FULL_INDEX); else if (!strcmp(arg, ""-a"") || !strcmp(arg, ""--text"")) DIFF_OPT_SET(options, TEXT); else if (!strcmp(arg, ""-R"")) DIFF_OPT_SET(options, REVERSE_DIFF); else if (!strcmp(arg, ""--find-copies-harder"")) DIFF_OPT_SET(options, FIND_COPIES_HARDER); else if (!strcmp(arg, ""--follow"")) DIFF_OPT_SET(options, FOLLOW_RENAMES); else if (!strcmp(arg, ""--color"")) DIFF_OPT_SET(options, COLOR_DIFF); else if (!strcmp(arg, ""--no-color"")) DIFF_OPT_CLR(options, COLOR_DIFF); else if (!strcmp(arg, ""--color-words"")) options->flags |= DIFF_OPT_COLOR_DIFF | DIFF_OPT_COLOR_DIFF_WORDS; else if (!strcmp(arg, ""--exit-code"")) DIFF_OPT_SET(options, EXIT_WITH_STATUS); else if (!strcmp(arg, ""--quiet"")) DIFF_OPT_SET(options, QUIET); else if (!strcmp(arg, ""--ext-diff"")) DIFF_OPT_SET(options, ALLOW_EXTERNAL); else if (!strcmp(arg, ""--no-ext-diff"")) DIFF_OPT_CLR(options, ALLOW_EXTERNAL); else if (!strcmp(arg, ""--ignore-submodules"")) DIFF_OPT_SET(options, IGNORE_SUBMODULES); else if (!strcmp(arg, ""-z"")) options->line_termination = 0; else if (!prefixcmp(arg, ""-l"")) options->rename_limit = strtoul(arg+2, NULL, 10); else if (!prefixcmp(arg, ""-S"")) options->pickaxe = arg + 2; else if (!strcmp(arg, ""--pickaxe-all"")) options->pickaxe_opts = DIFF_PICKAXE_ALL; else if (!strcmp(arg, ""--pickaxe-regex"")) options->pickaxe_opts = DIFF_PICKAXE_REGEX; else if (!prefixcmp(arg, ""-O"")) options->orderfile = arg + 2; else if (!prefixcmp(arg, ""--diff-filter="")) options->filter = arg + 14; else if (!strcmp(arg, ""--abbrev"")) options->abbrev = DEFAULT_ABBREV; else if (!prefixcmp(arg, ""--abbrev="")) { options->abbrev = strtoul(arg + 9, NULL, 10); if (options->abbrev < MINIMUM_ABBREV) options->abbrev = MINIMUM_ABBREV; else if (40 < options->abbrev) options->abbrev = 40; } else if (!prefixcmp(arg, ""--src-prefix="")) options->a_prefix = arg + 13; else if (!prefixcmp(arg, ""--dst-prefix="")) options->b_prefix = arg + 13; else if (!strcmp(arg, ""--no-prefix"")) options->a_prefix = options->b_prefix = """"; else if (!prefixcmp(arg, ""--output="")) { options->file = fopen(arg + strlen(""--output=""), ""w""); options->close_file = 1; } else return 0; return 1; }",git,,,145396887621289296668572734125042666508,0 3982,CWE-352,"static void doGet(HttpRequest req, HttpResponse res) { set_content_type(res, ""text/html""); if (ACTION(HOME)) { LOCK(Run.mutex) do_home(res); END_LOCK; } else if (ACTION(RUN)) { handle_run(req, res); } else if (ACTION(TEST)) { is_monit_running(res); } else if (ACTION(VIEWLOG)) { do_viewlog(req, res); } else if (ACTION(ABOUT)) { do_about(res); } else if (ACTION(FAVICON)) { printFavicon(res); } else if (ACTION(PING)) { do_ping(res); } else if (ACTION(GETID)) { do_getid(res); } else if (ACTION(STATUS)) { print_status(req, res, 1); } else if (ACTION(STATUS2)) { print_status(req, res, 2); } else if (ACTION(SUMMARY)) { print_summary(req, res); } else if (ACTION(REPORT)) { _printReport(req, res); } else if (ACTION(DOACTION)) { handle_do_action(req, res); } else { handle_action(req, res); } }",visit repo url,src/http/cervlet.c,https://bitbucket.org/tildeslash/monit,116951614994196,1 4021,CWE-787,"int ZEXPORT deflateCopy (dest, source) z_streamp dest; z_streamp source; { #ifdef MAXSEG_64K return Z_STREAM_ERROR; #else deflate_state *ds; deflate_state *ss; ushf *overlay; if (deflateStateCheck(source) || dest == Z_NULL) { return Z_STREAM_ERROR; } ss = source->state; zmemcpy((voidpf)dest, (voidpf)source, sizeof(z_stream)); ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state)); if (ds == Z_NULL) return Z_MEM_ERROR; dest->state = (struct internal_state FAR *) ds; zmemcpy((voidpf)ds, (voidpf)ss, sizeof(deflate_state)); ds->strm = dest; ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); ds->pending_buf = (uchf *) overlay; if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || ds->pending_buf == Z_NULL) { deflateEnd (dest); return Z_MEM_ERROR; } zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte)); zmemcpy((voidpf)ds->prev, (voidpf)ss->prev, ds->w_size * sizeof(Pos)); zmemcpy((voidpf)ds->head, (voidpf)ss->head, ds->hash_size * sizeof(Pos)); zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; ds->l_desc.dyn_tree = ds->dyn_ltree; ds->d_desc.dyn_tree = ds->dyn_dtree; ds->bl_desc.dyn_tree = ds->bl_tree; return Z_OK; #endif }",visit repo url,deflate.c,https://github.com/madler/zlib,78598235497945,1 1579,[],"static u64 cpu_shares_read_uint(struct cgroup *cgrp, struct cftype *cft) { struct task_group *tg = cgroup_tg(cgrp); return (u64) tg->shares; }",linux-2.6,,,90162324120775508157031713025073417429,0 2584,CWE-125,"messageAddArgument(message *m, const char *arg) { int offset; char *p; assert(m != NULL); if(arg == NULL) return; while(isspace(*arg)) arg++; if(*arg == '\0') return; cli_dbgmsg(""messageAddArgument, arg='%s'\n"", arg); if(!usefulArg(arg)) return; for(offset = 0; offset < m->numberOfArguments; offset++) if(m->mimeArguments[offset] == NULL) break; else if(strcasecmp(arg, m->mimeArguments[offset]) == 0) return; if(offset == m->numberOfArguments) { char **q; m->numberOfArguments++; q = (char **)cli_realloc(m->mimeArguments, m->numberOfArguments * sizeof(char *)); if(q == NULL) { m->numberOfArguments--; return; } m->mimeArguments = q; } p = m->mimeArguments[offset] = rfc2231(arg); if(!p) { cli_dbgmsg(""messageAddArgument, error from rfc2231()\n""); return; } if(strchr(p, '=') == NULL) { if(strncmp(p, ""filename"", 8) == 0) { cli_dbgmsg(""Possible data corruption fixed\n""); p[8] = '='; } else { if(*p) cli_dbgmsg(""messageAddArgument, '%s' contains no '='\n"", p); free(m->mimeArguments[offset]); m->mimeArguments[offset] = NULL; return; } } if((strncasecmp(p, ""filename="", 9) == 0) || (strncasecmp(p, ""name="", 5) == 0)) if(messageGetMimeType(m) == NOMIME) { cli_dbgmsg(""Force mime encoding to application\n""); messageSetMimeType(m, ""application""); } }",visit repo url,libclamav/message.c,https://github.com/vrtadmin/clamav-devel,87054897904092,1 3417,['CWE-264'],"asmlinkage long sys_chdir(const char __user * filename) { struct nameidata nd; int error; error = __user_walk(filename, LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_CHDIR, &nd); if (error) goto out; error = vfs_permission(&nd, MAY_EXEC); if (error) goto dput_and_out; set_fs_pwd(current->fs, nd.mnt, nd.dentry); dput_and_out: path_release(&nd); out: return error; }",linux-2.6,,,7605640467302798386198052723265589572,0 6375,CWE-125,"parse_tree(tree_t *t) { tree_t *parent; tree_t *target, *temp; uchar heading[255], link[255], baselink[255], *existing; int i, level; uchar *var; static const char *ones[10] = { """", ""i"", ""ii"", ""iii"", ""iv"", ""v"", ""vi"", ""vii"", ""viii"", ""ix"" }, *tens[10] = { """", ""x"", ""xx"", ""xxx"", ""xl"", ""l"", ""lx"", ""lxx"", ""lxxx"", ""xc"" }, *hundreds[10] = { """", ""c"", ""cc"", ""ccc"", ""cd"", ""d"", ""dc"", ""dcc"", ""dccc"", ""cm"" }, *ONES[10] = { """", ""I"", ""II"", ""III"", ""IV"", ""V"", ""VI"", ""VII"", ""VIII"", ""IX"" }, *TENS[10] = { """", ""X"", ""XX"", ""XXX"", ""XL"", ""L"", ""LX"", ""LXX"", ""LXXX"", ""XC"" }, *HUNDREDS[10] = { """", ""C"", ""CC"", ""CCC"", ""CD"", ""D"", ""DC"", ""DCC"", ""DCCC"", ""CM"" }; while (t != NULL) { switch (t->markup) { case MARKUP_H1 : case MARKUP_H2 : case MARKUP_H3 : case MARKUP_H4 : case MARKUP_H5 : case MARKUP_H6 : case MARKUP_H7 : case MARKUP_H8 : case MARKUP_H9 : case MARKUP_H10 : case MARKUP_H11 : case MARKUP_H12 : case MARKUP_H13 : case MARKUP_H14 : case MARKUP_H15 : level = t->markup - MARKUP_H1; if ((level - last_level) > 1) { level = last_level + 1; t->markup = (markup_t)(MARKUP_H1 + level); } if ((var = htmlGetVariable(t, (uchar *)""VALUE"")) != NULL) heading_numbers[level] = atoi((char *)var); else heading_numbers[level] ++; if (level == 0) TocDocCount ++; if ((var = htmlGetVariable(t, (uchar *)""TYPE"")) != NULL) heading_types[level] = var[0]; for (i = level + 1; i < 15; i ++) heading_numbers[i] = 0; heading[0] = '\0'; baselink[0] = '\0'; for (i = 0; i <= level; i ++) { uchar *baseptr = baselink + strlen((char *)baselink); uchar *headptr = heading + strlen((char *)heading); if (i == 0) snprintf((char *)baseptr, sizeof(baselink) - (size_t)(baseptr - baselink), ""%d"", TocDocCount); else snprintf((char *)baseptr, sizeof(baselink) - (size_t)(baseptr - baselink), ""%d"", heading_numbers[i]); switch (heading_types[i]) { case '1' : snprintf((char *)headptr, sizeof(heading) - (size_t)(headptr - heading), ""%d"", heading_numbers[i]); break; case 'a' : if (heading_numbers[i] > 26) snprintf((char *)headptr, sizeof(heading) - (size_t)(headptr - heading), ""%c%c"", 'a' + (heading_numbers[i] / 26) - 1, 'a' + (heading_numbers[i] % 26) - 1); else snprintf((char *)headptr, sizeof(heading) - (size_t)(headptr - heading), ""%c"", 'a' + heading_numbers[i] - 1); break; case 'A' : if (heading_numbers[i] > 26) snprintf((char *)headptr, sizeof(heading) - (size_t)(headptr - heading), ""%c%c"", 'A' + (heading_numbers[i] / 26) - 1, 'A' + (heading_numbers[i] % 26) - 1); else snprintf((char *)headptr, sizeof(heading) - (size_t)(headptr - heading), ""%c"", 'A' + heading_numbers[i] - 1); break; case 'i' : snprintf((char *)headptr, sizeof(heading) - (size_t)(headptr - heading), ""%s%s%s"", hundreds[heading_numbers[i] / 100], tens[(heading_numbers[i] / 10) % 10], ones[heading_numbers[i] % 10]); break; case 'I' : snprintf((char *)headptr, sizeof(heading) - (size_t)(headptr - heading), ""%s%s%s"", HUNDREDS[heading_numbers[i] / 100], TENS[(heading_numbers[i] / 10) % 10], ONES[heading_numbers[i] % 10]); break; } if (i < level) { strlcat((char *)heading, ""."", sizeof(heading)); strlcat((char *)baselink, ""_"", sizeof(baselink)); } } existing = NULL; if (t->parent != NULL && t->parent->markup == MARKUP_A) { existing = htmlGetVariable(t->parent, (uchar *)""NAME""); if (!existing) existing = htmlGetVariable(t->parent, (uchar *)""ID""); } if (existing == NULL && t->child != NULL && t->child->markup == MARKUP_A) { existing = htmlGetVariable(t->child, (uchar *)""NAME""); if (!existing) existing = htmlGetVariable(t->child, (uchar *)""ID""); } if (existing != NULL && strlen((char *)existing) >= 124) existing = NULL; if (existing != NULL) snprintf((char *)link, sizeof(link), ""#%s"", existing); else snprintf((char *)link, sizeof(link), ""#%s"", baselink); if (TocNumbers) { strlcat((char *)heading, "" "", sizeof(heading)); htmlInsertTree(t, MARKUP_NONE, heading); } if (level < TocLevels) { if (level > last_level) { if (heading_parents[last_level]->last_child && level > 1) heading_parents[level] = htmlAddTree(heading_parents[last_level]->last_child, MARKUP_UL, NULL); else heading_parents[level] = htmlAddTree(heading_parents[last_level], MARKUP_UL, NULL); DEBUG_printf((""level=%d, last_level=%d, created new UL parent %p\n"", level, last_level, (void *)heading_parents[level])); } if (level == 0) { if (last_level == 0) { htmlAddTree(heading_parents[level], MARKUP_BR, NULL); htmlAddTree(heading_parents[level], MARKUP_BR, NULL); } parent = htmlAddTree(heading_parents[level], MARKUP_B, NULL); } else parent = htmlAddTree(heading_parents[level], MARKUP_LI, NULL); DEBUG_printf((""parent=%p\n"", (void *)parent)); if ((var = htmlGetVariable(t, (uchar *)""_HD_OMIT_TOC"")) != NULL) htmlSetVariable(parent, (uchar *)""_HD_OMIT_TOC"", var); if (TocLinks) { parent = htmlAddTree(parent, MARKUP_A, NULL); htmlSetVariable(parent, (uchar *)""HREF"", link); if (existing == NULL) { if (t->parent != NULL && t->parent->markup == MARKUP_A) htmlSetVariable(t->parent, (uchar *)""NAME"", baselink); else if (t->child != NULL && t->child->markup == MARKUP_A) htmlSetVariable(t->child, (uchar *)""NAME"", baselink); else { target = htmlNewTree(t, MARKUP_A, NULL); htmlSetVariable(target, (uchar *)""NAME"", baselink); for (temp = t->child; temp != NULL; temp = temp->next) temp->parent = target; target->child = t->child; t->child = target; } } } add_heading(parent, t->child); } last_level = level; break; default : if (t->child != NULL) parse_tree(t->child); break; } t = t->next; } }",visit repo url,htmldoc/toc.cxx,https://github.com/michaelrsweet/htmldoc,194992396578751,1 3718,[],"static int unix_net_init(struct net *net) { int error = -ENOMEM; net->unx.sysctl_max_dgram_qlen = 10; if (unix_sysctl_register(net)) goto out; #ifdef CONFIG_PROC_FS if (!proc_net_fops_create(net, ""unix"", 0, &unix_seq_fops)) { unix_sysctl_unregister(net); goto out; } #endif error = 0; out: return error; }",linux-2.6,,,324921631518923826228455775446904418531,0 3250,['CWE-189'],"void jpc_mqdec_init(jpc_mqdec_t *mqdec) { int c; mqdec->eof = 0; mqdec->creg = 0; if ((c = jas_stream_getc(mqdec->in)) == EOF) { c = 0xff; mqdec->eof = 1; } mqdec->inbuffer = c; mqdec->creg += mqdec->inbuffer << 16; jpc_mqdec_bytein(mqdec); mqdec->creg <<= 7; mqdec->ctreg -= 7; mqdec->areg = 0x8000; }",jasper,,,189169560894047550028338676931845268786,0 3312,[],"static inline __le16 nla_get_le16(struct nlattr *nla) { return *(__le16 *) nla_data(nla); }",linux-2.6,,,66522066257604516797204403970453197912,0 5730,['CWE-200'],"static int irda_shutdown(struct socket *sock, int how) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); IRDA_DEBUG(1, ""%s(%p)\n"", __func__, self); sk->sk_state = TCP_CLOSE; sk->sk_shutdown |= SEND_SHUTDOWN; sk->sk_state_change(sk); if (self->iriap) { iriap_close(self->iriap); self->iriap = NULL; } if (self->tsap) { irttp_disconnect_request(self->tsap, NULL, P_NORMAL); irttp_close_tsap(self->tsap); self->tsap = NULL; } self->rx_flow = self->tx_flow = FLOW_START; self->daddr = DEV_ADDR_ANY; self->saddr = 0x0; return 0; }",linux-2.6,,,43252545325157875821122717218619151634,0 6446,[],"loader_init_callback (lt_dlhandle handle) { lt_get_vtable *vtable_func = (lt_get_vtable *) lt_dlsym (handle, ""get_vtable""); return loader_init (vtable_func, 0); }",libtool,,,252155377718617354989441135328236743509,0 1357,['CWE-399'],"ipip6_tunnel_add_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a, int chg) { struct ip_tunnel_prl_entry *p; int err = 0; if (a->addr == htonl(INADDR_ANY)) return -EINVAL; write_lock(&ipip6_lock); for (p = t->prl; p; p = p->next) { if (p->addr == a->addr) { if (chg) goto update; err = -EEXIST; goto out; } } if (chg) { err = -ENXIO; goto out; } p = kzalloc(sizeof(struct ip_tunnel_prl_entry), GFP_KERNEL); if (!p) { err = -ENOBUFS; goto out; } p->next = t->prl; t->prl = p; t->prl_count++; update: p->addr = a->addr; p->flags = a->flags; out: write_unlock(&ipip6_lock); return err; }",linux-2.6,,,69068147057280942596202546767038183008,0 6334,CWE-404,"void watchdogSignalHandler(int sig, siginfo_t *info, void *secret) { #ifdef HAVE_BACKTRACE ucontext_t *uc = (ucontext_t*) secret; #else (void)secret; #endif UNUSED(info); UNUSED(sig); serverLogFromHandler(LL_WARNING,""\n--- WATCHDOG TIMER EXPIRED ---""); #ifdef HAVE_BACKTRACE logStackTrace(getMcontextEip(uc), 1); #else serverLogFromHandler(LL_WARNING,""Sorry: no support for backtrace().""); #endif serverLogFromHandler(LL_WARNING,""--------\n""); }",visit repo url,src/debug.c,https://github.com/redis/redis,174408369185869,1 6693,CWE-330,"void sdb_edit(procinfo *pi) { char * filename = omStrDup(""/tmp/sd000000""); sprintf(filename+7,""%d"",getpid()); FILE *fp=fopen(filename,""w""); if (fp==NULL) { Print(""cannot open %s\n"",filename); omFree(filename); return; } if (pi->language!= LANG_SINGULAR) { Print(""cannot edit type %d\n"",pi->language); fclose(fp); fp=NULL; } else { const char *editor=getenv(""EDITOR""); if (editor==NULL) editor=getenv(""VISUAL""); if (editor==NULL) editor=""vi""; editor=omStrDup(editor); if (pi->data.s.body==NULL) { iiGetLibProcBuffer(pi); if (pi->data.s.body==NULL) { PrintS(""cannot get the procedure body\n""); fclose(fp); si_unlink(filename); omFree(filename); return; } } fwrite(pi->data.s.body,1,strlen(pi->data.s.body),fp); fclose(fp); int pid=fork(); if (pid!=0) { si_wait(&pid); } else if(pid==0) { if (strchr(editor,' ')==NULL) { execlp(editor,editor,filename,NULL); Print(""cannot exec %s\n"",editor); } else { char *p=(char *)omAlloc(strlen(editor)+strlen(filename)+2); sprintf(p,""%s %s"",editor,filename); system(p); } exit(0); } else { PrintS(""cannot fork\n""); } fp=fopen(filename,""r""); if (fp==NULL) { Print(""cannot read from %s\n"",filename); } else { fseek(fp,0L,SEEK_END); long len=ftell(fp); fseek(fp,0L,SEEK_SET); omFree((ADDRESS)pi->data.s.body); pi->data.s.body=(char *)omAlloc((int)len+1); myfread( pi->data.s.body, len, 1, fp); pi->data.s.body[len]='\0'; fclose(fp); } } si_unlink(filename); omFree(filename); }",visit repo url,Singular/sdb.cc,https://github.com/Singular/Singular,261853736963044,1 4071,['CWE-399'],"static int svc_addparty(struct socket *sock, struct sockaddr *sockaddr, int sockaddr_len, int flags) { DEFINE_WAIT(wait); struct sock *sk = sock->sk; struct atm_vcc *vcc = ATM_SD(sock); int error; lock_sock(sk); set_bit(ATM_VF_WAITING, &vcc->flags); prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); sigd_enq(vcc, as_addparty, NULL, NULL, (struct sockaddr_atmsvc *) sockaddr); if (flags & O_NONBLOCK) { finish_wait(sk->sk_sleep, &wait); error = -EINPROGRESS; goto out; } pr_debug(""svc_addparty added wait queue\n""); while (test_bit(ATM_VF_WAITING, &vcc->flags) && sigd) { schedule(); prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); } finish_wait(sk->sk_sleep, &wait); error = xchg(&sk->sk_err_soft, 0); out: release_sock(sk); return error; }",linux-2.6,,,62568983193957495571958026640182885686,0 1547,CWE-362,"static void sctp_close(struct sock *sk, long timeout) { struct net *net = sock_net(sk); struct sctp_endpoint *ep; struct sctp_association *asoc; struct list_head *pos, *temp; unsigned int data_was_unread; pr_debug(""%s: sk:%p, timeout:%ld\n"", __func__, sk, timeout); lock_sock(sk); sk->sk_shutdown = SHUTDOWN_MASK; sk->sk_state = SCTP_SS_CLOSING; ep = sctp_sk(sk)->ep; data_was_unread = sctp_queue_purge_ulpevents(&sk->sk_receive_queue); data_was_unread += sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby); list_for_each_safe(pos, temp, &ep->asocs) { asoc = list_entry(pos, struct sctp_association, asocs); if (sctp_style(sk, TCP)) { if (sctp_state(asoc, CLOSED)) { sctp_unhash_established(asoc); sctp_association_free(asoc); continue; } } if (data_was_unread || !skb_queue_empty(&asoc->ulpq.lobby) || !skb_queue_empty(&asoc->ulpq.reasm) || (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime)) { struct sctp_chunk *chunk; chunk = sctp_make_abort_user(asoc, NULL, 0); if (chunk) sctp_primitive_ABORT(net, asoc, chunk); } else sctp_primitive_SHUTDOWN(net, asoc, NULL); } if (sctp_style(sk, TCP) && timeout) sctp_wait_for_close(sk, timeout); release_sock(sk); local_bh_disable(); bh_lock_sock(sk); sock_hold(sk); sk_common_release(sk); bh_unlock_sock(sk); local_bh_enable(); sock_put(sk); SCTP_DBG_OBJCNT_DEC(sock); }",visit repo url,net/sctp/socket.c,https://github.com/torvalds/linux,156368528760348,1 5226,['CWE-264'],"int inherit_access_acl(connection_struct *conn, const char *inherit_from_dir, const char *name, mode_t mode) { if (directory_has_default_acl(conn, inherit_from_dir)) return 0; return copy_access_acl(conn, inherit_from_dir, name, mode); }",samba,,,87125923928506191328403787651418792254,0 2582,[],"static int grep_cache(struct grep_opt *opt, const char **paths, int cached) { int hit = 0; int nr; read_cache(); #if !NO_EXTERNAL_GREP if (!cached) { hit = external_grep(opt, paths, cached); if (hit >= 0) return hit; } #endif for (nr = 0; nr < active_nr; nr++) { struct cache_entry *ce = active_cache[nr]; if (!S_ISREG(ce->ce_mode)) continue; if (!pathspec_matches(paths, ce->name)) continue; if (cached) { if (ce_stage(ce)) continue; hit |= grep_sha1(opt, ce->sha1, ce->name, 0); } else hit |= grep_file(opt, ce->name); if (ce_stage(ce)) { do { nr++; } while (nr < active_nr && !strcmp(ce->name, active_cache[nr]->name)); nr--; } } free_grep_patterns(opt); return hit; }",git,,,209658755404871282058550620696987540617,0 6561,['CWE-200'],"read_connections_cb (gpointer data) { NMA_GCONF_SETTINGS_GET_PRIVATE (data)->read_connections_id = 0; read_connections (NMA_GCONF_SETTINGS (data)); return FALSE; }",network-manager-applet,,,130626862387742235480518966455589439920,0 3307,['CWE-189'],"void jpc_ft_fwdlift_row(jpc_fix_t *a, int numcols, int parity) { register jpc_fix_t *lptr; register jpc_fix_t *hptr; register int n; int llen; llen = (numcols + 1 - parity) >> 1; if (numcols > 1) { lptr = &a[0]; hptr = &a[llen]; if (parity) { hptr[0] -= lptr[0]; ++hptr; } n = numcols - llen - parity - (parity == (numcols & 1)); while (n-- > 0) { hptr[0] -= (lptr[0] + lptr[1]) >> 1; ++hptr; ++lptr; } if (parity == (numcols & 1)) { hptr[0] -= lptr[0]; } lptr = &a[0]; hptr = &a[llen]; if (!parity) { lptr[0] += (hptr[0] + 1) >> 1; ++lptr; } n = llen - (!parity) - (parity != (numcols & 1)); while (n-- > 0) { lptr[0] += (hptr[0] + hptr[1] + 2) >> 2; ++lptr; ++hptr; } if (parity != (numcols & 1)) { lptr[0] += (hptr[0] + 1) >> 1; } } else { if (parity) { lptr = &a[0]; lptr[0] <<= 1; } } }",jasper,,,293743008095106148850849256540142728713,0 1085,NVD-CWE-Other," __acquires(kernel_lock) { char *orig_data = kstrdup(data, GFP_KERNEL); struct buffer_head *bh; struct ext4_super_block *es = NULL; struct ext4_sb_info *sbi; ext4_fsblk_t block; ext4_fsblk_t sb_block = get_sb_block(&data); ext4_fsblk_t logical_sb_block; unsigned long offset = 0; unsigned long journal_devnum = 0; unsigned long def_mount_opts; struct inode *root; char *cp; const char *descr; int ret = -ENOMEM; int blocksize; unsigned int db_count; unsigned int i; int needs_recovery, has_huge_files; __u64 blocks_count; int err; unsigned int journal_ioprio = DEFAULT_JOURNAL_IOPRIO; ext4_group_t first_not_zeroed; sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); if (!sbi) goto out_free_orig; sbi->s_blockgroup_lock = kzalloc(sizeof(struct blockgroup_lock), GFP_KERNEL); if (!sbi->s_blockgroup_lock) { kfree(sbi); goto out_free_orig; } sb->s_fs_info = sbi; sbi->s_mount_opt = 0; sbi->s_resuid = EXT4_DEF_RESUID; sbi->s_resgid = EXT4_DEF_RESGID; sbi->s_inode_readahead_blks = EXT4_DEF_INODE_READAHEAD_BLKS; sbi->s_sb_block = sb_block; if (sb->s_bdev->bd_part) sbi->s_sectors_written_start = part_stat_read(sb->s_bdev->bd_part, sectors[1]); for (cp = sb->s_id; (cp = strchr(cp, '/'));) *cp = '!'; ret = -EINVAL; blocksize = sb_min_blocksize(sb, EXT4_MIN_BLOCK_SIZE); if (!blocksize) { ext4_msg(sb, KERN_ERR, ""unable to set blocksize""); goto out_fail; } if (blocksize != EXT4_MIN_BLOCK_SIZE) { logical_sb_block = sb_block * EXT4_MIN_BLOCK_SIZE; offset = do_div(logical_sb_block, blocksize); } else { logical_sb_block = sb_block; } if (!(bh = sb_bread(sb, logical_sb_block))) { ext4_msg(sb, KERN_ERR, ""unable to read superblock""); goto out_fail; } es = (struct ext4_super_block *) (((char *)bh->b_data) + offset); sbi->s_es = es; sb->s_magic = le16_to_cpu(es->s_magic); if (sb->s_magic != EXT4_SUPER_MAGIC) goto cantfind_ext4; sbi->s_kbytes_written = le64_to_cpu(es->s_kbytes_written); def_mount_opts = le32_to_cpu(es->s_default_mount_opts); set_opt(sb, INIT_INODE_TABLE); if (def_mount_opts & EXT4_DEFM_DEBUG) set_opt(sb, DEBUG); if (def_mount_opts & EXT4_DEFM_BSDGROUPS) { ext4_msg(sb, KERN_WARNING, deprecated_msg, ""bsdgroups"", ""2.6.38""); set_opt(sb, GRPID); } if (def_mount_opts & EXT4_DEFM_UID16) set_opt(sb, NO_UID32); #ifdef CONFIG_EXT4_FS_XATTR set_opt(sb, XATTR_USER); #endif #ifdef CONFIG_EXT4_FS_POSIX_ACL set_opt(sb, POSIX_ACL); #endif set_opt(sb, MBLK_IO_SUBMIT); if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_DATA) set_opt(sb, JOURNAL_DATA); else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_ORDERED) set_opt(sb, ORDERED_DATA); else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_WBACK) set_opt(sb, WRITEBACK_DATA); if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC) set_opt(sb, ERRORS_PANIC); else if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_CONTINUE) set_opt(sb, ERRORS_CONT); else set_opt(sb, ERRORS_RO); if (def_mount_opts & EXT4_DEFM_BLOCK_VALIDITY) set_opt(sb, BLOCK_VALIDITY); if (def_mount_opts & EXT4_DEFM_DISCARD) set_opt(sb, DISCARD); sbi->s_resuid = le16_to_cpu(es->s_def_resuid); sbi->s_resgid = le16_to_cpu(es->s_def_resgid); sbi->s_commit_interval = JBD2_DEFAULT_MAX_COMMIT_AGE * HZ; sbi->s_min_batch_time = EXT4_DEF_MIN_BATCH_TIME; sbi->s_max_batch_time = EXT4_DEF_MAX_BATCH_TIME; if ((def_mount_opts & EXT4_DEFM_NOBARRIER) == 0) set_opt(sb, BARRIER); if (!IS_EXT3_SB(sb) && ((def_mount_opts & EXT4_DEFM_NODELALLOC) == 0)) set_opt(sb, DELALLOC); if (!parse_options((char *) sbi->s_es->s_mount_opts, sb, &journal_devnum, &journal_ioprio, NULL, 0)) { ext4_msg(sb, KERN_WARNING, ""failed to parse options in superblock: %s"", sbi->s_es->s_mount_opts); } if (!parse_options((char *) data, sb, &journal_devnum, &journal_ioprio, NULL, 0)) goto failed_mount; sb->s_flags = (sb->s_flags & ~MS_POSIXACL) | (test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0); if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV && (EXT4_HAS_COMPAT_FEATURE(sb, ~0U) || EXT4_HAS_RO_COMPAT_FEATURE(sb, ~0U) || EXT4_HAS_INCOMPAT_FEATURE(sb, ~0U))) ext4_msg(sb, KERN_WARNING, ""feature flags set on rev 0 fs, "" ""running e2fsck is recommended""); if (!ext4_feature_set_ok(sb, (sb->s_flags & MS_RDONLY))) goto failed_mount; blocksize = BLOCK_SIZE << le32_to_cpu(es->s_log_block_size); if (blocksize < EXT4_MIN_BLOCK_SIZE || blocksize > EXT4_MAX_BLOCK_SIZE) { ext4_msg(sb, KERN_ERR, ""Unsupported filesystem blocksize %d"", blocksize); goto failed_mount; } if (sb->s_blocksize != blocksize) { if (!sb_set_blocksize(sb, blocksize)) { ext4_msg(sb, KERN_ERR, ""bad block size %d"", blocksize); goto failed_mount; } brelse(bh); logical_sb_block = sb_block * EXT4_MIN_BLOCK_SIZE; offset = do_div(logical_sb_block, blocksize); bh = sb_bread(sb, logical_sb_block); if (!bh) { ext4_msg(sb, KERN_ERR, ""Can't read superblock on 2nd try""); goto failed_mount; } es = (struct ext4_super_block *)(((char *)bh->b_data) + offset); sbi->s_es = es; if (es->s_magic != cpu_to_le16(EXT4_SUPER_MAGIC)) { ext4_msg(sb, KERN_ERR, ""Magic mismatch, very weird!""); goto failed_mount; } } has_huge_files = EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_HUGE_FILE); sbi->s_bitmap_maxbytes = ext4_max_bitmap_size(sb->s_blocksize_bits, has_huge_files); sb->s_maxbytes = ext4_max_size(sb->s_blocksize_bits, has_huge_files); if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV) { sbi->s_inode_size = EXT4_GOOD_OLD_INODE_SIZE; sbi->s_first_ino = EXT4_GOOD_OLD_FIRST_INO; } else { sbi->s_inode_size = le16_to_cpu(es->s_inode_size); sbi->s_first_ino = le32_to_cpu(es->s_first_ino); if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) || (!is_power_of_2(sbi->s_inode_size)) || (sbi->s_inode_size > blocksize)) { ext4_msg(sb, KERN_ERR, ""unsupported inode size: %d"", sbi->s_inode_size); goto failed_mount; } if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) sb->s_time_gran = 1 << (EXT4_EPOCH_BITS - 2); } sbi->s_desc_size = le16_to_cpu(es->s_desc_size); if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_64BIT)) { if (sbi->s_desc_size < EXT4_MIN_DESC_SIZE_64BIT || sbi->s_desc_size > EXT4_MAX_DESC_SIZE || !is_power_of_2(sbi->s_desc_size)) { ext4_msg(sb, KERN_ERR, ""unsupported descriptor size %lu"", sbi->s_desc_size); goto failed_mount; } } else sbi->s_desc_size = EXT4_MIN_DESC_SIZE; sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group); sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group); if (EXT4_INODE_SIZE(sb) == 0 || EXT4_INODES_PER_GROUP(sb) == 0) goto cantfind_ext4; sbi->s_inodes_per_block = blocksize / EXT4_INODE_SIZE(sb); if (sbi->s_inodes_per_block == 0) goto cantfind_ext4; sbi->s_itb_per_group = sbi->s_inodes_per_group / sbi->s_inodes_per_block; sbi->s_desc_per_block = blocksize / EXT4_DESC_SIZE(sb); sbi->s_sbh = bh; sbi->s_mount_state = le16_to_cpu(es->s_state); sbi->s_addr_per_block_bits = ilog2(EXT4_ADDR_PER_BLOCK(sb)); sbi->s_desc_per_block_bits = ilog2(EXT4_DESC_PER_BLOCK(sb)); for (i = 0; i < 4; i++) sbi->s_hash_seed[i] = le32_to_cpu(es->s_hash_seed[i]); sbi->s_def_hash_version = es->s_def_hash_version; i = le32_to_cpu(es->s_flags); if (i & EXT2_FLAGS_UNSIGNED_HASH) sbi->s_hash_unsigned = 3; else if ((i & EXT2_FLAGS_SIGNED_HASH) == 0) { #ifdef __CHAR_UNSIGNED__ es->s_flags |= cpu_to_le32(EXT2_FLAGS_UNSIGNED_HASH); sbi->s_hash_unsigned = 3; #else es->s_flags |= cpu_to_le32(EXT2_FLAGS_SIGNED_HASH); #endif sb->s_dirt = 1; } if (sbi->s_blocks_per_group > blocksize * 8) { ext4_msg(sb, KERN_ERR, ""#blocks per group too big: %lu"", sbi->s_blocks_per_group); goto failed_mount; } if (sbi->s_inodes_per_group > blocksize * 8) { ext4_msg(sb, KERN_ERR, ""#inodes per group too big: %lu"", sbi->s_inodes_per_group); goto failed_mount; } err = generic_check_addressable(sb->s_blocksize_bits, ext4_blocks_count(es)); if (err) { ext4_msg(sb, KERN_ERR, ""filesystem"" "" too large to mount safely on this system""); if (sizeof(sector_t) < 8) ext4_msg(sb, KERN_WARNING, ""CONFIG_LBDAF not enabled""); ret = err; goto failed_mount; } if (EXT4_BLOCKS_PER_GROUP(sb) == 0) goto cantfind_ext4; blocks_count = sb->s_bdev->bd_inode->i_size >> sb->s_blocksize_bits; if (blocks_count && ext4_blocks_count(es) > blocks_count) { ext4_msg(sb, KERN_WARNING, ""bad geometry: block count %llu "" ""exceeds size of device (%llu blocks)"", ext4_blocks_count(es), blocks_count); goto failed_mount; } if (le32_to_cpu(es->s_first_data_block) >= ext4_blocks_count(es)) { ext4_msg(sb, KERN_WARNING, ""bad geometry: first data"" ""block %u is beyond end of filesystem (%llu)"", le32_to_cpu(es->s_first_data_block), ext4_blocks_count(es)); goto failed_mount; } blocks_count = (ext4_blocks_count(es) - le32_to_cpu(es->s_first_data_block) + EXT4_BLOCKS_PER_GROUP(sb) - 1); do_div(blocks_count, EXT4_BLOCKS_PER_GROUP(sb)); if (blocks_count > ((uint64_t)1<<32) - EXT4_DESC_PER_BLOCK(sb)) { ext4_msg(sb, KERN_WARNING, ""groups count too large: %u "" ""(block count %llu, first data block %u, "" ""blocks per group %lu)"", sbi->s_groups_count, ext4_blocks_count(es), le32_to_cpu(es->s_first_data_block), EXT4_BLOCKS_PER_GROUP(sb)); goto failed_mount; } sbi->s_groups_count = blocks_count; sbi->s_blockfile_groups = min_t(ext4_group_t, sbi->s_groups_count, (EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb))); db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) / EXT4_DESC_PER_BLOCK(sb); sbi->s_group_desc = kmalloc(db_count * sizeof(struct buffer_head *), GFP_KERNEL); if (sbi->s_group_desc == NULL) { ext4_msg(sb, KERN_ERR, ""not enough memory""); goto failed_mount; } #ifdef CONFIG_PROC_FS if (ext4_proc_root) sbi->s_proc = proc_mkdir(sb->s_id, ext4_proc_root); #endif bgl_lock_init(sbi->s_blockgroup_lock); for (i = 0; i < db_count; i++) { block = descriptor_loc(sb, logical_sb_block, i); sbi->s_group_desc[i] = sb_bread(sb, block); if (!sbi->s_group_desc[i]) { ext4_msg(sb, KERN_ERR, ""can't read group descriptor %d"", i); db_count = i; goto failed_mount2; } } if (!ext4_check_descriptors(sb, &first_not_zeroed)) { ext4_msg(sb, KERN_ERR, ""group descriptors corrupted!""); goto failed_mount2; } if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) if (!ext4_fill_flex_info(sb)) { ext4_msg(sb, KERN_ERR, ""unable to initialize "" ""flex_bg meta info!""); goto failed_mount2; } sbi->s_gdb_count = db_count; get_random_bytes(&sbi->s_next_generation, sizeof(u32)); spin_lock_init(&sbi->s_next_gen_lock); err = percpu_counter_init(&sbi->s_freeblocks_counter, ext4_count_free_blocks(sb)); if (!err) { err = percpu_counter_init(&sbi->s_freeinodes_counter, ext4_count_free_inodes(sb)); } if (!err) { err = percpu_counter_init(&sbi->s_dirs_counter, ext4_count_dirs(sb)); } if (!err) { err = percpu_counter_init(&sbi->s_dirtyblocks_counter, 0); } if (err) { ext4_msg(sb, KERN_ERR, ""insufficient memory""); goto failed_mount3; } sbi->s_stripe = ext4_get_stripe_size(sbi); sbi->s_max_writeback_mb_bump = 128; if (!test_opt(sb, NOLOAD) && EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)) sb->s_op = &ext4_sops; else sb->s_op = &ext4_nojournal_sops; sb->s_export_op = &ext4_export_ops; sb->s_xattr = ext4_xattr_handlers; #ifdef CONFIG_QUOTA sb->s_qcop = &ext4_qctl_operations; sb->dq_op = &ext4_quota_operations; #endif memcpy(sb->s_uuid, es->s_uuid, sizeof(es->s_uuid)); INIT_LIST_HEAD(&sbi->s_orphan); mutex_init(&sbi->s_orphan_lock); mutex_init(&sbi->s_resize_lock); sb->s_root = NULL; needs_recovery = (es->s_last_orphan != 0 || EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER)); if (!test_opt(sb, NOLOAD) && EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)) { if (ext4_load_journal(sb, es, journal_devnum)) goto failed_mount3; } else if (test_opt(sb, NOLOAD) && !(sb->s_flags & MS_RDONLY) && EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER)) { ext4_msg(sb, KERN_ERR, ""required journal recovery "" ""suppressed and not mounted read-only""); goto failed_mount_wq; } else { clear_opt(sb, DATA_FLAGS); set_opt(sb, WRITEBACK_DATA); sbi->s_journal = NULL; needs_recovery = 0; goto no_journal; } if (ext4_blocks_count(es) > 0xffffffffULL && !jbd2_journal_set_features(EXT4_SB(sb)->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_64BIT)) { ext4_msg(sb, KERN_ERR, ""Failed to set 64-bit journal feature""); goto failed_mount_wq; } if (test_opt(sb, JOURNAL_ASYNC_COMMIT)) { jbd2_journal_set_features(sbi->s_journal, JBD2_FEATURE_COMPAT_CHECKSUM, 0, JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT); } else if (test_opt(sb, JOURNAL_CHECKSUM)) { jbd2_journal_set_features(sbi->s_journal, JBD2_FEATURE_COMPAT_CHECKSUM, 0, 0); jbd2_journal_clear_features(sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT); } else { jbd2_journal_clear_features(sbi->s_journal, JBD2_FEATURE_COMPAT_CHECKSUM, 0, JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT); } switch (test_opt(sb, DATA_FLAGS)) { case 0: if (jbd2_journal_check_available_features (sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_REVOKE)) set_opt(sb, ORDERED_DATA); else set_opt(sb, JOURNAL_DATA); break; case EXT4_MOUNT_ORDERED_DATA: case EXT4_MOUNT_WRITEBACK_DATA: if (!jbd2_journal_check_available_features (sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_REVOKE)) { ext4_msg(sb, KERN_ERR, ""Journal does not support "" ""requested data journaling mode""); goto failed_mount_wq; } default: break; } set_task_ioprio(sbi->s_journal->j_task, journal_ioprio); percpu_counter_set(&sbi->s_freeblocks_counter, ext4_count_free_blocks(sb)); percpu_counter_set(&sbi->s_freeinodes_counter, ext4_count_free_inodes(sb)); percpu_counter_set(&sbi->s_dirs_counter, ext4_count_dirs(sb)); percpu_counter_set(&sbi->s_dirtyblocks_counter, 0); no_journal: EXT4_SB(sb)->dio_unwritten_wq = alloc_workqueue(""ext4-dio-unwritten"", WQ_MEM_RECLAIM | WQ_UNBOUND, 1); if (!EXT4_SB(sb)->dio_unwritten_wq) { printk(KERN_ERR ""EXT4-fs: failed to create DIO workqueue\n""); goto failed_mount_wq; } root = ext4_iget(sb, EXT4_ROOT_INO); if (IS_ERR(root)) { ext4_msg(sb, KERN_ERR, ""get root inode failed""); ret = PTR_ERR(root); root = NULL; goto failed_mount4; } if (!S_ISDIR(root->i_mode) || !root->i_blocks || !root->i_size) { ext4_msg(sb, KERN_ERR, ""corrupt root inode, run e2fsck""); goto failed_mount4; } sb->s_root = d_alloc_root(root); if (!sb->s_root) { ext4_msg(sb, KERN_ERR, ""get root dentry failed""); ret = -ENOMEM; goto failed_mount4; } ext4_setup_super(sb, es, sb->s_flags & MS_RDONLY); if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; if (EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_EXTRA_ISIZE)) { if (sbi->s_want_extra_isize < le16_to_cpu(es->s_want_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_want_extra_isize); if (sbi->s_want_extra_isize < le16_to_cpu(es->s_min_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_min_extra_isize); } } if (EXT4_GOOD_OLD_INODE_SIZE + sbi->s_want_extra_isize > sbi->s_inode_size) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; ext4_msg(sb, KERN_INFO, ""required extra inode space not"" ""available""); } if (test_opt(sb, DELALLOC) && (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA)) { ext4_msg(sb, KERN_WARNING, ""Ignoring delalloc option - "" ""requested data journaling mode""); clear_opt(sb, DELALLOC); } if (test_opt(sb, DIOREAD_NOLOCK)) { if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) { ext4_msg(sb, KERN_WARNING, ""Ignoring dioread_nolock "" ""option - requested data journaling mode""); clear_opt(sb, DIOREAD_NOLOCK); } if (sb->s_blocksize < PAGE_SIZE) { ext4_msg(sb, KERN_WARNING, ""Ignoring dioread_nolock "" ""option - block size is too small""); clear_opt(sb, DIOREAD_NOLOCK); } } err = ext4_setup_system_zone(sb); if (err) { ext4_msg(sb, KERN_ERR, ""failed to initialize system "" ""zone (%d)"", err); goto failed_mount4; } ext4_ext_init(sb); err = ext4_mb_init(sb, needs_recovery); if (err) { ext4_msg(sb, KERN_ERR, ""failed to initialize mballoc (%d)"", err); goto failed_mount4; } err = ext4_register_li_request(sb, first_not_zeroed); if (err) goto failed_mount4; sbi->s_kobj.kset = ext4_kset; init_completion(&sbi->s_kobj_unregister); err = kobject_init_and_add(&sbi->s_kobj, &ext4_ktype, NULL, ""%s"", sb->s_id); if (err) { ext4_mb_release(sb); ext4_ext_release(sb); goto failed_mount4; }; EXT4_SB(sb)->s_mount_state |= EXT4_ORPHAN_FS; ext4_orphan_cleanup(sb, es); EXT4_SB(sb)->s_mount_state &= ~EXT4_ORPHAN_FS; if (needs_recovery) { ext4_msg(sb, KERN_INFO, ""recovery complete""); ext4_mark_recovery_complete(sb, es); } if (EXT4_SB(sb)->s_journal) { if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) descr = "" journalled data mode""; else if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_ORDERED_DATA) descr = "" ordered data mode""; else descr = "" writeback data mode""; } else descr = ""out journal""; ext4_msg(sb, KERN_INFO, ""mounted filesystem with%s. "" ""Opts: %s%s%s"", descr, sbi->s_es->s_mount_opts, *sbi->s_es->s_mount_opts ? ""; "" : """", orig_data); init_timer(&sbi->s_err_report); sbi->s_err_report.function = print_daily_error_info; sbi->s_err_report.data = (unsigned long) sb; if (es->s_error_count) mod_timer(&sbi->s_err_report, jiffies + 300*HZ); kfree(orig_data); return 0; cantfind_ext4: if (!silent) ext4_msg(sb, KERN_ERR, ""VFS: Can't find ext4 filesystem""); goto failed_mount; failed_mount4: iput(root); sb->s_root = NULL; ext4_msg(sb, KERN_ERR, ""mount failed""); destroy_workqueue(EXT4_SB(sb)->dio_unwritten_wq); failed_mount_wq: ext4_release_system_zone(sb); if (sbi->s_journal) { jbd2_journal_destroy(sbi->s_journal); sbi->s_journal = NULL; } failed_mount3: if (sbi->s_flex_groups) { if (is_vmalloc_addr(sbi->s_flex_groups)) vfree(sbi->s_flex_groups); else kfree(sbi->s_flex_groups); } percpu_counter_destroy(&sbi->s_freeblocks_counter); percpu_counter_destroy(&sbi->s_freeinodes_counter); percpu_counter_destroy(&sbi->s_dirs_counter); percpu_counter_destroy(&sbi->s_dirtyblocks_counter); failed_mount2: for (i = 0; i < db_count; i++) brelse(sbi->s_group_desc[i]); kfree(sbi->s_group_desc); failed_mount: if (sbi->s_proc) { remove_proc_entry(sb->s_id, ext4_proc_root); } #ifdef CONFIG_QUOTA for (i = 0; i < MAXQUOTAS; i++) kfree(sbi->s_qf_names[i]); #endif ext4_blkdev_remove(sbi); brelse(bh); out_fail: sb->s_fs_info = NULL; kfree(sbi->s_blockgroup_lock); kfree(sbi); out_free_orig: kfree(orig_data); return ret; }",visit repo url,fs/ext4/super.c,https://github.com/torvalds/linux,225469516304790,1 4661,CWE-120,"static s32 svc_parse_slice(GF_BitStream *bs, AVCState *avc, AVCSliceInfo *si) { s32 pps_id; gf_bs_read_ue_log(bs, ""first_mb_in_slice""); si->slice_type = gf_bs_read_ue_log(bs, ""slice_type""); if (si->slice_type > 9) return -1; pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if (pps_id > 255) return -1; si->pps = &avc->pps[pps_id]; si->pps->id = pps_id; if (!si->pps->slice_group_count) return -2; si->sps = &avc->sps[si->pps->sps_id + GF_SVC_SSPS_ID_SHIFT]; if (!si->sps->log2_max_frame_num) return -2; si->frame_num = gf_bs_read_int_log(bs, si->sps->log2_max_frame_num, ""frame_num""); si->field_pic_flag = 0; if (si->sps->frame_mbs_only_flag) { } else { si->field_pic_flag = gf_bs_read_int_log(bs, 1, ""field_pic_flag""); if (si->field_pic_flag) si->bottom_field_flag = gf_bs_read_int_log(bs, 1, ""bottom_field_flag""); } if (si->nal_unit_type == GF_AVC_NALU_IDR_SLICE || si->NalHeader.idr_pic_flag) si->idr_pic_id = gf_bs_read_ue_log(bs, ""idr_pic_id""); if (si->sps->poc_type == 0) { si->poc_lsb = gf_bs_read_int_log(bs, si->sps->log2_max_poc_lsb, ""poc_lsb""); if (si->pps->pic_order_present && !si->field_pic_flag) { si->delta_poc_bottom = gf_bs_read_se_log(bs, ""delta_poc_bottom""); } } else if ((si->sps->poc_type == 1) && !si->sps->delta_pic_order_always_zero_flag) { si->delta_poc[0] = gf_bs_read_se_log(bs, ""delta_poc0""); if ((si->pps->pic_order_present == 1) && !si->field_pic_flag) si->delta_poc[1] = gf_bs_read_se_log(bs, ""delta_poc1""); } if (si->pps->redundant_pic_cnt_present) { si->redundant_pic_cnt = gf_bs_read_ue_log(bs, ""redundant_pic_cnt""); } return 0; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,121330491312867,1 4751,CWE-119,"static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* serial) { cac_private_data_t * priv = CAC_DATA(card); SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->serialnr.len) { *serial = card->serialnr; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } if (priv->cac_id_len) { serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR); memcpy(serial->value, priv->cac_id, priv->cac_id_len); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); }",visit repo url,src/libopensc/card-cac.c,https://github.com/OpenSC/OpenSC,194185458772061,1 4895,CWE-190,"static void ExportRGBQuantum(QuantumInfo *quantum_info, const MagickSizeType number_pixels,const PixelPacket *magick_restrict p, unsigned char *magick_restrict q) { QuantumAny range; ssize_t x; ssize_t bit; switch (quantum_info->depth) { case 8: { for (x=0; x < (ssize_t) number_pixels; x++) { q=PopCharPixel(ScaleQuantumToChar(GetPixelRed(p)),q); q=PopCharPixel(ScaleQuantumToChar(GetPixelGreen(p)),q); q=PopCharPixel(ScaleQuantumToChar(GetPixelBlue(p)),q); p++; q+=quantum_info->pad; } break; } case 10: { unsigned int pixel; range=GetQuantumRange(quantum_info->depth); if (quantum_info->pack == MagickFalse) { for (x=0; x < (ssize_t) number_pixels; x++) { pixel=(unsigned int) ( ScaleQuantumToAny(GetPixelRed(p),range) << 22 | ScaleQuantumToAny(GetPixelGreen(p),range) << 12 | ScaleQuantumToAny(GetPixelBlue(p),range) << 2); q=PopLongPixel(quantum_info->endian,pixel,q); p++; q+=quantum_info->pad; } break; } if (quantum_info->quantum == 32UL) { for (x=0; x < (ssize_t) number_pixels; x++) { pixel=(unsigned int) ScaleQuantumToAny(GetPixelRed(p),range); q=PopQuantumLongPixel(quantum_info,pixel,q); pixel=(unsigned int) ScaleQuantumToAny(GetPixelGreen(p),range); q=PopQuantumLongPixel(quantum_info,pixel,q); pixel=(unsigned int) ScaleQuantumToAny(GetPixelBlue(p),range); q=PopQuantumLongPixel(quantum_info,pixel,q); p++; q+=quantum_info->pad; } break; } for (x=0; x < (ssize_t) number_pixels; x++) { pixel=(unsigned int) ScaleQuantumToAny(GetPixelRed(p),range); q=PopQuantumPixel(quantum_info,pixel,q); pixel=(unsigned int) ScaleQuantumToAny(GetPixelGreen(p),range); q=PopQuantumPixel(quantum_info,pixel,q); pixel=(unsigned int) ScaleQuantumToAny(GetPixelBlue(p),range); q=PopQuantumPixel(quantum_info,pixel,q); p++; q+=quantum_info->pad; } break; } case 12: { unsigned int pixel; range=GetQuantumRange(quantum_info->depth); if (quantum_info->pack == MagickFalse) { for (x=0; x < (ssize_t) (3*number_pixels-1); x+=2) { switch (x % 3) { default: case 0: { pixel=(unsigned int) ScaleQuantumToAny(GetPixelRed(p),range); break; } case 1: { pixel=(unsigned int) ScaleQuantumToAny(GetPixelGreen(p),range); break; } case 2: { pixel=(unsigned int) ScaleQuantumToAny(GetPixelBlue(p),range); p++; break; } } q=PopShortPixel(quantum_info->endian,(unsigned short) (pixel << 4),q); switch ((x+1) % 3) { default: case 0: { pixel=(unsigned int) ScaleQuantumToAny(GetPixelRed(p),range); break; } case 1: { pixel=(unsigned int) ScaleQuantumToAny(GetPixelGreen(p),range); break; } case 2: { pixel=(unsigned int) ScaleQuantumToAny(GetPixelBlue(p),range); p++; break; } } q=PopShortPixel(quantum_info->endian,(unsigned short) (pixel << 4),q); q+=quantum_info->pad; } for (bit=0; bit < (ssize_t) (3*number_pixels % 2); bit++) { switch ((x+bit) % 3) { default: case 0: { pixel=(unsigned int) ScaleQuantumToAny(GetPixelRed(p),range); break; } case 1: { pixel=(unsigned int) ScaleQuantumToAny(GetPixelGreen(p),range); break; } case 2: { pixel=(unsigned int) ScaleQuantumToAny(GetPixelBlue(p),range); p++; break; } } q=PopShortPixel(quantum_info->endian,(unsigned short) (pixel << 4),q); q+=quantum_info->pad; } if (bit != 0) p++; break; } if (quantum_info->quantum == 32UL) { for (x=0; x < (ssize_t) number_pixels; x++) { pixel=(unsigned int) ScaleQuantumToAny(GetPixelRed(p),range); q=PopQuantumLongPixel(quantum_info,pixel,q); pixel=(unsigned int) ScaleQuantumToAny(GetPixelGreen(p),range); q=PopQuantumLongPixel(quantum_info,pixel,q); pixel=(unsigned int) ScaleQuantumToAny(GetPixelBlue(p),range); q=PopQuantumLongPixel(quantum_info,pixel,q); p++; q+=quantum_info->pad; } break; } for (x=0; x < (ssize_t) number_pixels; x++) { pixel=(unsigned int) ScaleQuantumToAny(GetPixelRed(p),range); q=PopQuantumPixel(quantum_info,pixel,q); pixel=(unsigned int) ScaleQuantumToAny(GetPixelGreen(p),range); q=PopQuantumPixel(quantum_info,pixel,q); pixel=(unsigned int) ScaleQuantumToAny(GetPixelBlue(p),range); q=PopQuantumPixel(quantum_info,pixel,q); p++; q+=quantum_info->pad; } break; } case 16: { unsigned short pixel; if (quantum_info->format == FloatingPointQuantumFormat) { for (x=0; x < (ssize_t) number_pixels; x++) { pixel=SinglePrecisionToHalf(QuantumScale*GetPixelRed(p)); q=PopShortPixel(quantum_info->endian,pixel,q); pixel=SinglePrecisionToHalf(QuantumScale*GetPixelGreen(p)); q=PopShortPixel(quantum_info->endian,pixel,q); pixel=SinglePrecisionToHalf(QuantumScale*GetPixelBlue(p)); q=PopShortPixel(quantum_info->endian,pixel,q); p++; q+=quantum_info->pad; } break; } for (x=0; x < (ssize_t) number_pixels; x++) { pixel=ScaleQuantumToShort(GetPixelRed(p)); q=PopShortPixel(quantum_info->endian,pixel,q); pixel=ScaleQuantumToShort(GetPixelGreen(p)); q=PopShortPixel(quantum_info->endian,pixel,q); pixel=ScaleQuantumToShort(GetPixelBlue(p)); q=PopShortPixel(quantum_info->endian,pixel,q); p++; q+=quantum_info->pad; } break; } case 32: { unsigned int pixel; if (quantum_info->format == FloatingPointQuantumFormat) { for (x=0; x < (ssize_t) number_pixels; x++) { q=PopFloatPixel(quantum_info,(float) GetPixelRed(p),q); q=PopFloatPixel(quantum_info,(float) GetPixelGreen(p),q); q=PopFloatPixel(quantum_info,(float) GetPixelBlue(p),q); p++; q+=quantum_info->pad; } break; } for (x=0; x < (ssize_t) number_pixels; x++) { pixel=ScaleQuantumToLong(GetPixelRed(p)); q=PopLongPixel(quantum_info->endian,pixel,q); pixel=ScaleQuantumToLong(GetPixelGreen(p)); q=PopLongPixel(quantum_info->endian,pixel,q); pixel=ScaleQuantumToLong(GetPixelBlue(p)); q=PopLongPixel(quantum_info->endian,pixel,q); p++; q+=quantum_info->pad; } break; } case 64: { if (quantum_info->format == FloatingPointQuantumFormat) { for (x=0; x < (ssize_t) number_pixels; x++) { q=PopDoublePixel(quantum_info,(double) GetPixelRed(p),q); q=PopDoublePixel(quantum_info,(double) GetPixelGreen(p),q); q=PopDoublePixel(quantum_info,(double) GetPixelBlue(p),q); p++; q+=quantum_info->pad; } break; } } default: { range=GetQuantumRange(quantum_info->depth); for (x=0; x < (ssize_t) number_pixels; x++) { q=PopQuantumPixel(quantum_info, ScaleQuantumToAny(GetPixelRed(p),range),q); q=PopQuantumPixel(quantum_info, ScaleQuantumToAny(GetPixelGreen(p),range),q); q=PopQuantumPixel(quantum_info, ScaleQuantumToAny(GetPixelBlue(p),range),q); p++; q+=quantum_info->pad; } break; } } }",visit repo url,magick/quantum-export.c,https://github.com/ImageMagick/ImageMagick6,181408590157606,1 1352,['CWE-399'],"static int ipip6_err(struct sk_buff *skb, u32 info) { #ifndef I_WISH_WORLD_WERE_PERFECT struct iphdr *iph = (struct iphdr*)skb->data; const int type = icmp_hdr(skb)->type; const int code = icmp_hdr(skb)->code; struct ip_tunnel *t; int err; switch (type) { default: case ICMP_PARAMETERPROB: return 0; case ICMP_DEST_UNREACH: switch (code) { case ICMP_SR_FAILED: case ICMP_PORT_UNREACH: return 0; case ICMP_FRAG_NEEDED: return 0; default: break; } break; case ICMP_TIME_EXCEEDED: if (code != ICMP_EXC_TTL) return 0; break; } err = -ENOENT; read_lock(&ipip6_lock); t = ipip6_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr); if (t == NULL || t->parms.iph.daddr == 0) goto out; err = 0; if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) goto out; if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO) t->err_count++; else t->err_count = 1; t->err_time = jiffies; out: read_unlock(&ipip6_lock); return err; #else struct iphdr *iph = (struct iphdr*)dp; int hlen = iph->ihl<<2; struct ipv6hdr *iph6; const int type = icmp_hdr(skb)->type; const int code = icmp_hdr(skb)->code; int rel_type = 0; int rel_code = 0; int rel_info = 0; struct sk_buff *skb2; struct rt6_info *rt6i; if (len < hlen + sizeof(struct ipv6hdr)) return; iph6 = (struct ipv6hdr*)(dp + hlen); switch (type) { default: return; case ICMP_PARAMETERPROB: if (icmp_hdr(skb)->un.gateway < hlen) return; rel_type = ICMPV6_PARAMPROB; rel_info = icmp_hdr(skb)->un.gateway - hlen; break; case ICMP_DEST_UNREACH: switch (code) { case ICMP_SR_FAILED: case ICMP_PORT_UNREACH: return; case ICMP_FRAG_NEEDED: return; default: rel_type = ICMPV6_DEST_UNREACH; rel_code = ICMPV6_ADDR_UNREACH; break; } break; case ICMP_TIME_EXCEEDED: if (code != ICMP_EXC_TTL) return; rel_type = ICMPV6_TIME_EXCEED; rel_code = ICMPV6_EXC_HOPLIMIT; break; } skb2 = skb_clone(skb, GFP_ATOMIC); if (skb2 == NULL) return 0; dst_release(skb2->dst); skb2->dst = NULL; skb_pull(skb2, skb->data - (u8*)iph6); skb_reset_network_header(skb2); rt6i = rt6_lookup(dev_net(skb->dev), &iph6->saddr, NULL, NULL, 0); if (rt6i && rt6i->rt6i_dev) { skb2->dev = rt6i->rt6i_dev; rt6i = rt6_lookup(dev_net(skb->dev), &iph6->daddr, &iph6->saddr, NULL, 0); if (rt6i && rt6i->rt6i_dev && rt6i->rt6i_dev->type == ARPHRD_SIT) { struct ip_tunnel *t = netdev_priv(rt6i->rt6i_dev); if (rel_type == ICMPV6_TIME_EXCEED && t->parms.iph.ttl) { rel_type = ICMPV6_DEST_UNREACH; rel_code = ICMPV6_ADDR_UNREACH; } icmpv6_send(skb2, rel_type, rel_code, rel_info, skb2->dev); } } kfree_skb(skb2); return 0; #endif }",linux-2.6,,,334050186226782185943340218903608610311,0 4548,CWE-476,"GF_Err gf_isom_fragment_add_sample_ex(GF_ISOFile *movie, GF_ISOTrackID TrackID, const GF_ISOSample *sample, u32 DescIndex, u32 Duration, u8 PaddingBits, u16 DegradationPriority, Bool redundant_coding, void **ref, u32 ref_offset) { u32 count, buffer_size; u8 *buffer; u64 pos; GF_ISOSample *od_sample = NULL; GF_TrunEntry ent, *prev_ent; GF_TrackFragmentBox *traf, *traf_2; GF_TrackFragmentRunBox *trun; if (!movie->moof || !(movie->FragmentsFlags & GF_ISOM_FRAG_WRITE_READY) || !sample) return GF_BAD_PARAM; traf = gf_isom_get_traf(movie, TrackID); if (!traf) return GF_BAD_PARAM; if (!traf->tfhd->sample_desc_index) traf->tfhd->sample_desc_index = DescIndex ? DescIndex : traf->trex->def_sample_desc_index; pos = gf_bs_get_position(movie->editFileMap->bs); if ( DescIndex && (traf->tfhd->sample_desc_index != DescIndex)) { if (traf->DataCache && !traf->use_sample_interleave) { count = gf_list_count(traf->TrackRuns); if (count) { trun = (GF_TrackFragmentRunBox *)gf_list_get(traf->TrackRuns, count-1); trun->data_offset = (u32) (pos - movie->moof->fragment_offset - 8); gf_bs_get_content(trun->cache, &buffer, &buffer_size); gf_bs_write_data(movie->editFileMap->bs, buffer, buffer_size); gf_bs_del(trun->cache); trun->cache = NULL; gf_free(buffer); } } traf_2 = (GF_TrackFragmentBox *) gf_isom_box_new_parent(&movie->moof->child_boxes, GF_ISOM_BOX_TYPE_TRAF); if (!traf_2) return GF_OUT_OF_MEM; traf_2->trex = traf->trex; traf_2->tfhd = (GF_TrackFragmentHeaderBox *) gf_isom_box_new_parent(&traf_2->child_boxes, GF_ISOM_BOX_TYPE_TFHD); if (!traf_2->tfhd) return GF_OUT_OF_MEM; traf_2->tfhd->trackID = traf->tfhd->trackID; traf_2->tfhd->base_data_offset = movie->moof->fragment_offset + 8; gf_list_add(movie->moof->TrackList, traf_2); traf_2->IFrameSwitching = traf->IFrameSwitching; traf_2->use_sample_interleave = traf->use_sample_interleave; traf_2->interleave_id = traf->interleave_id; traf_2->truns_first = traf->truns_first; traf_2->truns_v1 = traf->truns_v1; traf_2->large_tfdt = traf->large_tfdt; traf_2->DataCache = traf->DataCache; traf_2->tfhd->sample_desc_index = DescIndex; traf = traf_2; } pos = movie->moof->trun_ref_size ? (8+movie->moof->trun_ref_size) : gf_bs_get_position(movie->editFileMap->bs); count = (traf->use_sample_interleave && traf->force_new_trun) ? 0 : gf_list_count(traf->TrackRuns); if (count) { trun = (GF_TrackFragmentRunBox *)gf_list_get(traf->TrackRuns, count-1); if (!traf->DataCache && (movie->moof->fragment_offset + 8 + trun->data_offset + trun->run_size != pos) ) count = 0; if (traf->IFrameSwitching && sample->IsRAP) count = 0; if (traf->DataCache && (traf->DataCache==trun->sample_count) && !traf->use_sample_interleave) count = 0; if (traf->force_new_trun) count = 0; if (!count && traf->DataCache && !traf->use_sample_interleave) { trun->data_offset = (u32) (pos - movie->moof->fragment_offset - 8); gf_bs_get_content(trun->cache, &buffer, &buffer_size); gf_bs_write_data(movie->editFileMap->bs, buffer, buffer_size); gf_bs_del(trun->cache); trun->cache = NULL; gf_free(buffer); } } traf->force_new_trun = 0; if (!count) { trun = (GF_TrackFragmentRunBox *) gf_isom_box_new_parent(&traf->child_boxes, GF_ISOM_BOX_TYPE_TRUN); if (!trun) return GF_OUT_OF_MEM; trun->data_offset = (u32) (pos - movie->moof->fragment_offset - 8); gf_list_add(traf->TrackRuns, trun); #ifdef GF_ENABLE_CTRN trun->use_ctrn = traf->use_ctrn; trun->use_inherit = traf->use_inherit; trun->ctso_multiplier = traf->trex->def_sample_duration; #endif trun->interleave_id = traf->interleave_id; if (traf->truns_v1) trun->version = 1; if (traf->DataCache) trun->cache = gf_bs_new(NULL, 0, GF_BITSTREAM_WRITE); } memset(&ent, 0, sizeof(GF_TrunEntry)); ent.CTS_Offset = sample->CTS_Offset; ent.Duration = Duration; ent.dts = sample->DTS; ent.nb_pack = sample->nb_pack; ent.flags = GF_ISOM_FORMAT_FRAG_FLAGS(PaddingBits, sample->IsRAP, DegradationPriority); if (sample->IsRAP) { ent.flags |= GF_ISOM_GET_FRAG_DEPEND_FLAGS(0, 2, 0, (redundant_coding ? 1 : 0) ); ent.SAP_type = sample->IsRAP; } if (trun->nb_samples) { prev_ent = &trun->samples[trun->nb_samples-1]; } else { prev_ent = NULL; } if (prev_ent && (prev_ent->dts || !prev_ent->Duration) && sample->DTS) { u32 nsamp = prev_ent->nb_pack ? prev_ent->nb_pack : 1; if (nsamp*prev_ent->Duration != sample->DTS - prev_ent->dts) prev_ent->Duration = (u32) (sample->DTS - prev_ent->dts) / nsamp; } if (trun->nb_samples >= trun->sample_alloc) { trun->sample_alloc += 50; if (trun->nb_samples >= trun->sample_alloc) trun->sample_alloc = trun->nb_samples+1; trun->samples = gf_realloc(trun->samples, sizeof(GF_TrunEntry)*trun->sample_alloc); if (!trun->samples) return GF_OUT_OF_MEM; } if (traf->trex->track->Media->handler->handlerType == GF_ISOM_MEDIA_OD) { Media_ParseODFrame(traf->trex->track->Media, sample, &od_sample); sample = od_sample; } ent.size = sample->dataLength; trun->samples[trun->nb_samples] = ent; trun->nb_samples ++; trun->run_size += ent.size; if (sample->CTS_Offset<0) { trun->version = 1; } trun->sample_count += sample->nb_pack ? sample->nb_pack : 1; if (sample->dataLength) { u32 res = 0; if (!traf->DataCache) { if (movie->moof_first && movie->on_block_out && (ref || trun->sample_refs)) { GF_TrafSampleRef *sref; if (!trun->sample_refs) trun->sample_refs = gf_list_new(); GF_SAFEALLOC(sref, GF_TrafSampleRef); if (!sref) return GF_OUT_OF_MEM; if (ref && *ref && !od_sample) { sref->data = sample->data; sref->len = sample->dataLength; sref->ref = *ref; sref->ref_offset = ref_offset; *ref = NULL; } else { sref->data = gf_malloc(sample->dataLength); if (!sref->data) { gf_free(sref); return GF_OUT_OF_MEM; } memcpy(sref->data, sample->data, sample->dataLength); sref->len = sample->dataLength; } res = sref->len; traf->trun_ref_size += res; movie->moof->trun_ref_size += res; gf_list_add(trun->sample_refs, sref); } else { res = gf_bs_write_data(movie->editFileMap->bs, sample->data, sample->dataLength); } } else if (trun->cache) { res = gf_bs_write_data(trun->cache, sample->data, sample->dataLength); } else { return GF_BAD_PARAM; } if (res!=sample->dataLength) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso fragment] Could not add a sample with a size of %u bytes\n"", sample->dataLength)); return GF_OUT_OF_MEM; } } if (od_sample) gf_isom_sample_del(&od_sample); if (traf->trex->tfra) { GF_RandomAccessEntry *raf; raf = &traf->trex->tfra->entries[traf->trex->tfra->nb_entries-1]; if (!raf->trun_number && sample->IsRAP) { raf->time = sample->DTS + sample->CTS_Offset; raf->trun_number = gf_list_count(traf->TrackRuns); raf->sample_number = trun->sample_count; } } return GF_OK; }",visit repo url,src/isomedia/movie_fragments.c,https://github.com/gpac/gpac,36295169600670,1 1335,CWE-200,"static int rfcomm_get_dev_list(void __user *arg) { struct rfcomm_dev *dev; struct rfcomm_dev_list_req *dl; struct rfcomm_dev_info *di; int n = 0, size, err; u16 dev_num; BT_DBG(""""); if (get_user(dev_num, (u16 __user *) arg)) return -EFAULT; if (!dev_num || dev_num > (PAGE_SIZE * 4) / sizeof(*di)) return -EINVAL; size = sizeof(*dl) + dev_num * sizeof(*di); dl = kmalloc(size, GFP_KERNEL); if (!dl) return -ENOMEM; di = dl->dev_info; spin_lock(&rfcomm_dev_lock); list_for_each_entry(dev, &rfcomm_dev_list, list) { if (test_bit(RFCOMM_TTY_RELEASED, &dev->flags)) continue; (di + n)->id = dev->id; (di + n)->flags = dev->flags; (di + n)->state = dev->dlc->state; (di + n)->channel = dev->channel; bacpy(&(di + n)->src, &dev->src); bacpy(&(di + n)->dst, &dev->dst); if (++n >= dev_num) break; } spin_unlock(&rfcomm_dev_lock); dl->dev_num = n; size = sizeof(*dl) + n * sizeof(*di); err = copy_to_user(arg, dl, size); kfree(dl); return err ? -EFAULT : 0; }",visit repo url,net/bluetooth/rfcomm/tty.c,https://github.com/torvalds/linux,270973839615035,1 1128,['CWE-399'],"void user_enable_single_step(struct task_struct *task) { task->thread.per_info.single_step = 1; FixPerRegisters(task); }",linux-2.6,,,164499478029275528457315347956124938183,0 6363,[],"guchar getRruleCount (guchar a, guchar b) { return ((a << 8) | b); }",evolution,,,179042696570037509215591351619945158781,0 5554,CWE-125,"static int add_attributes(PyTypeObject* type, char**attrs, int num_fields) { int i, result; _Py_IDENTIFIER(_attributes); PyObject *s, *l = PyTuple_New(num_fields); if (!l) return 0; for (i = 0; i < num_fields; i++) { s = PyUnicode_FromString(attrs[i]); if (!s) { Py_DECREF(l); return 0; } PyTuple_SET_ITEM(l, i, s); } result = _PyObject_SetAttrId((PyObject*)type, &PyId__attributes, l) >= 0; Py_DECREF(l); return result; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,160056296799991,1 4318,CWE-824,"R_API void r_anal_list_vtables(RAnal *anal, int rad) { RVTableContext context; r_anal_vtable_begin (anal, &context); const char *noMethodName = ""No Name found""; RVTableMethodInfo *curMethod; RListIter *vtableIter; RVTableInfo *table; RList *vtables = r_anal_vtable_search (&context); if (rad == 'j') { PJ *pj = pj_new (); if (!pj) { return; } pj_a (pj); r_list_foreach (vtables, vtableIter, table) { pj_o (pj); pj_kN (pj, ""offset"", table->saddr); pj_ka (pj, ""methods""); r_vector_foreach (&table->methods, curMethod) { RAnalFunction *fcn = r_anal_get_fcn_in (anal, curMethod->addr, 0); const char *const name = fcn ? fcn->name : NULL; pj_o (pj); pj_kN (pj, ""offset"", curMethod->addr); pj_ks (pj, ""name"", r_str_get_fail (name, noMethodName)); pj_end (pj); } pj_end (pj); pj_end (pj); } pj_end (pj); r_cons_println (pj_string (pj)); pj_free (pj); } else if (rad == '*') { r_list_foreach (vtables, vtableIter, table) { r_cons_printf (""f vtable.0x%08""PFMT64x"" %""PFMT64d"" @ 0x%08""PFMT64x""\n"", table->saddr, r_anal_vtable_info_get_size (&context, table), table->saddr); r_vector_foreach (&table->methods, curMethod) { r_cons_printf (""Cd %d @ 0x%08""PFMT64x""\n"", context.word_size, table->saddr + curMethod->vtable_offset); RAnalFunction *fcn = r_anal_get_fcn_in (anal, curMethod->addr, 0); const char *const name = fcn ? fcn->name : NULL; if (name) { r_cons_printf (""f %s=0x%08""PFMT64x""\n"", name, curMethod->addr); } else { r_cons_printf (""f method.virtual.0x%08""PFMT64x""=0x%08""PFMT64x""\n"", curMethod->addr, curMethod->addr); } } } } else { r_list_foreach (vtables, vtableIter, table) { ut64 vtableStartAddress = table->saddr; r_cons_printf (""\nVtable Found at 0x%08""PFMT64x""\n"", vtableStartAddress); r_vector_foreach (&table->methods, curMethod) { RAnalFunction *fcn = r_anal_get_fcn_in (anal, curMethod->addr, 0); const char *const name = fcn ? fcn->name : NULL; r_cons_printf (""0x%08""PFMT64x"" : %s\n"", vtableStartAddress, r_str_get_fail (name, noMethodName)); vtableStartAddress += context.word_size; } r_cons_newline (); } } r_list_free (vtables); }",visit repo url,libr/anal/vtable.c,https://github.com/radareorg/radare2,21292275719083,1 2411,CWE-189,"static void add_bytes_c(uint8_t *dst, uint8_t *src, int w){ long i; for(i=0; i<=w-sizeof(long); i+=sizeof(long)){ long a = *(long*)(src+i); long b = *(long*)(dst+i); *(long*)(dst+i) = ((a&pb_7f) + (b&pb_7f)) ^ ((a^b)&pb_80); } for(; i cprot && p -> cprot -> pops ) p -> cprot -> pops -> proto_del ( p -> cprot ); #endif isdn_net_rmallphone(p); if (p->local->exclusive != -1) isdn_unexclusive_channel(p->local->pre_device, p->local->pre_channel); if (p->local->master) { if (((isdn_net_local *) (p->local->master->priv))->slave == p->dev) ((isdn_net_local *) (p->local->master->priv))->slave = p->local->slave; } else { unregister_netdev(p->dev); } spin_lock_irqsave(&dev->lock, flags); if (q) q->next = p->next; else dev->netdev = p->next; if (p->local->slave) { char *slavename = p->local->slave->name; isdn_net_dev *n = dev->netdev; q = NULL; while (n) { if (!strcmp(n->dev->name, slavename)) { spin_unlock_irqrestore(&dev->lock, flags); isdn_net_realrm(n, q); spin_lock_irqsave(&dev->lock, flags); break; } q = n; n = (isdn_net_dev *)n->next; } } spin_unlock_irqrestore(&dev->lock, flags); if (dev->netdev == NULL) isdn_timer_ctrl(ISDN_TIMER_NETHANGUP, 0); free_netdev(p->dev); kfree(p); return 0; }",linux-2.6,,,303460018077963832264339060046752518590,0 3812,['CWE-120'],"static void __exit uvc_cleanup(void) { usb_deregister(&uvc_driver.driver); }",linux-2.6,,,45992113646959004046176396544554650477,0 5856,['CWE-200'],"static __exit void raw_module_exit(void) { can_proto_unregister(&raw_can_proto); }",linux-2.6,,,313094903712005121599045000866057102327,0 112,CWE-190,"krb5_pac_parse(krb5_context context, const void *ptr, size_t len, krb5_pac *ppac) { krb5_error_code ret; size_t i; const unsigned char *p = (const unsigned char *)ptr; krb5_pac pac; size_t header_len; krb5_ui_4 cbuffers, version; *ppac = NULL; if (len < PACTYPE_LENGTH) return ERANGE; cbuffers = load_32_le(p); p += 4; version = load_32_le(p); p += 4; if (version != 0) return EINVAL; header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH); if (len < header_len) return ERANGE; ret = krb5_pac_init(context, &pac); if (ret != 0) return ret; pac->pac = (PACTYPE *)realloc(pac->pac, sizeof(PACTYPE) + ((cbuffers - 1) * sizeof(PAC_INFO_BUFFER))); if (pac->pac == NULL) { krb5_pac_free(context, pac); return ENOMEM; } pac->pac->cBuffers = cbuffers; pac->pac->Version = version; for (i = 0; i < pac->pac->cBuffers; i++) { PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i]; buffer->ulType = load_32_le(p); p += 4; buffer->cbBufferSize = load_32_le(p); p += 4; buffer->Offset = load_64_le(p); p += 8; if (buffer->Offset % PAC_ALIGNMENT) { krb5_pac_free(context, pac); return EINVAL; } if (buffer->Offset < header_len || buffer->Offset + buffer->cbBufferSize > len) { krb5_pac_free(context, pac); return ERANGE; } } pac->data.data = realloc(pac->data.data, len); if (pac->data.data == NULL) { krb5_pac_free(context, pac); return ENOMEM; } memcpy(pac->data.data, ptr, len); pac->data.length = len; *ppac = pac; return 0; }",visit repo url,src/lib/krb5/krb/pac.c,https://github.com/krb5/krb5,98158501146996,1 161,CWE-401,"ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) { struct ccp_aes_engine *aes = &cmd->u.aes; struct ccp_dm_workarea key, ctx, final_wa, tag; struct ccp_data src, dst; struct ccp_data aad; struct ccp_op op; unsigned int dm_offset; unsigned int authsize; unsigned int jobid; unsigned int ilen; bool in_place = true; __be64 *final; int ret; struct scatterlist *p_inp, sg_inp[2]; struct scatterlist *p_tag, sg_tag[2]; struct scatterlist *p_outp, sg_outp[2]; struct scatterlist *p_aad; if (!aes->iv) return -EINVAL; if (!((aes->key_len == AES_KEYSIZE_128) || (aes->key_len == AES_KEYSIZE_192) || (aes->key_len == AES_KEYSIZE_256))) return -EINVAL; if (!aes->key) return -EINVAL; authsize = aes->authsize ? aes->authsize : AES_BLOCK_SIZE; switch (authsize) { case 16: case 15: case 14: case 13: case 12: case 8: case 4: break; default: return -EINVAL; } p_aad = aes->src; p_inp = scatterwalk_ffwd(sg_inp, aes->src, aes->aad_len); p_outp = scatterwalk_ffwd(sg_outp, aes->dst, aes->aad_len); if (aes->action == CCP_AES_ACTION_ENCRYPT) { ilen = aes->src_len; p_tag = scatterwalk_ffwd(sg_tag, p_outp, ilen); } else { ilen = aes->src_len - authsize; p_tag = scatterwalk_ffwd(sg_tag, p_inp, ilen); } jobid = CCP_NEW_JOBID(cmd_q->ccp); memset(&op, 0, sizeof(op)); op.cmd_q = cmd_q; op.jobid = jobid; op.sb_key = cmd_q->sb_key; op.sb_ctx = cmd_q->sb_ctx; op.init = 1; op.u.aes.type = aes->type; ret = ccp_init_dm_workarea(&key, cmd_q, CCP_AES_CTX_SB_COUNT * CCP_SB_BYTES, DMA_TO_DEVICE); if (ret) return ret; dm_offset = CCP_SB_BYTES - aes->key_len; ret = ccp_set_dm_area(&key, dm_offset, aes->key, 0, aes->key_len); if (ret) goto e_key; ret = ccp_copy_to_sb(cmd_q, &key, op.jobid, op.sb_key, CCP_PASSTHRU_BYTESWAP_256BIT); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_key; } ret = ccp_init_dm_workarea(&ctx, cmd_q, CCP_AES_CTX_SB_COUNT * CCP_SB_BYTES, DMA_BIDIRECTIONAL); if (ret) goto e_key; dm_offset = CCP_AES_CTX_SB_COUNT * CCP_SB_BYTES - aes->iv_len; ret = ccp_set_dm_area(&ctx, dm_offset, aes->iv, 0, aes->iv_len); if (ret) goto e_ctx; ret = ccp_copy_to_sb(cmd_q, &ctx, op.jobid, op.sb_ctx, CCP_PASSTHRU_BYTESWAP_256BIT); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_ctx; } op.init = 1; if (aes->aad_len > 0) { ret = ccp_init_data(&aad, cmd_q, p_aad, aes->aad_len, AES_BLOCK_SIZE, DMA_TO_DEVICE); if (ret) goto e_ctx; op.u.aes.mode = CCP_AES_MODE_GHASH; op.u.aes.action = CCP_AES_GHASHAAD; while (aad.sg_wa.bytes_left) { ccp_prepare_data(&aad, NULL, &op, AES_BLOCK_SIZE, true); ret = cmd_q->ccp->vdata->perform->aes(&op); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_aad; } ccp_process_data(&aad, NULL, &op); op.init = 0; } } op.u.aes.mode = CCP_AES_MODE_GCTR; op.u.aes.action = aes->action; if (ilen > 0) { in_place = (sg_virt(p_inp) == sg_virt(p_outp)) ? true : false; ret = ccp_init_data(&src, cmd_q, p_inp, ilen, AES_BLOCK_SIZE, in_place ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE); if (ret) goto e_ctx; if (in_place) { dst = src; } else { ret = ccp_init_data(&dst, cmd_q, p_outp, ilen, AES_BLOCK_SIZE, DMA_FROM_DEVICE); if (ret) goto e_src; } op.soc = 0; op.eom = 0; op.init = 1; while (src.sg_wa.bytes_left) { ccp_prepare_data(&src, &dst, &op, AES_BLOCK_SIZE, true); if (!src.sg_wa.bytes_left) { unsigned int nbytes = ilen % AES_BLOCK_SIZE; if (nbytes) { op.eom = 1; op.u.aes.size = (nbytes * 8) - 1; } } ret = cmd_q->ccp->vdata->perform->aes(&op); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_dst; } ccp_process_data(&src, &dst, &op); op.init = 0; } } ret = ccp_copy_from_sb(cmd_q, &ctx, op.jobid, op.sb_ctx, CCP_PASSTHRU_BYTESWAP_256BIT); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_dst; } ret = ccp_set_dm_area(&ctx, dm_offset, aes->iv, 0, aes->iv_len); if (ret) goto e_dst; ret = ccp_copy_to_sb(cmd_q, &ctx, op.jobid, op.sb_ctx, CCP_PASSTHRU_BYTESWAP_256BIT); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_dst; } ret = ccp_init_dm_workarea(&final_wa, cmd_q, AES_BLOCK_SIZE, DMA_BIDIRECTIONAL); if (ret) goto e_dst; final = (__be64 *)final_wa.address; final[0] = cpu_to_be64(aes->aad_len * 8); final[1] = cpu_to_be64(ilen * 8); memset(&op, 0, sizeof(op)); op.cmd_q = cmd_q; op.jobid = jobid; op.sb_key = cmd_q->sb_key; op.sb_ctx = cmd_q->sb_ctx; op.init = 1; op.u.aes.type = aes->type; op.u.aes.mode = CCP_AES_MODE_GHASH; op.u.aes.action = CCP_AES_GHASHFINAL; op.src.type = CCP_MEMTYPE_SYSTEM; op.src.u.dma.address = final_wa.dma.address; op.src.u.dma.length = AES_BLOCK_SIZE; op.dst.type = CCP_MEMTYPE_SYSTEM; op.dst.u.dma.address = final_wa.dma.address; op.dst.u.dma.length = AES_BLOCK_SIZE; op.eom = 1; op.u.aes.size = 0; ret = cmd_q->ccp->vdata->perform->aes(&op); if (ret) goto e_dst; if (aes->action == CCP_AES_ACTION_ENCRYPT) { ccp_get_dm_area(&final_wa, 0, p_tag, 0, authsize); } else { ret = ccp_init_dm_workarea(&tag, cmd_q, authsize, DMA_BIDIRECTIONAL); if (ret) goto e_tag; ret = ccp_set_dm_area(&tag, 0, p_tag, 0, authsize); if (ret) goto e_tag; ret = crypto_memneq(tag.address, final_wa.address, authsize) ? -EBADMSG : 0; ccp_dm_free(&tag); } e_tag: ccp_dm_free(&final_wa); e_dst: if (ilen > 0 && !in_place) ccp_free_data(&dst, cmd_q); e_src: if (ilen > 0) ccp_free_data(&src, cmd_q); e_aad: if (aes->aad_len) ccp_free_data(&aad, cmd_q); e_ctx: ccp_dm_free(&ctx); e_key: ccp_dm_free(&key); return ret; }",visit repo url,drivers/crypto/ccp/ccp-ops.c,https://github.com/torvalds/linux,260826291248666,1 1549,CWE-362,"static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk, struct sctp_association *assoc, sctp_socket_type_t type) { struct sctp_sock *oldsp = sctp_sk(oldsk); struct sctp_sock *newsp = sctp_sk(newsk); struct sctp_bind_bucket *pp; struct sctp_endpoint *newep = newsp->ep; struct sk_buff *skb, *tmp; struct sctp_ulpevent *event; struct sctp_bind_hashbucket *head; struct list_head tmplist; newsk->sk_sndbuf = oldsk->sk_sndbuf; newsk->sk_rcvbuf = oldsk->sk_rcvbuf; if (oldsp->do_auto_asconf) { memcpy(&tmplist, &newsp->auto_asconf_list, sizeof(tmplist)); inet_sk_copy_descendant(newsk, oldsk); memcpy(&newsp->auto_asconf_list, &tmplist, sizeof(tmplist)); } else inet_sk_copy_descendant(newsk, oldsk); newsp->ep = newep; newsp->hmac = NULL; head = &sctp_port_hashtable[sctp_phashfn(sock_net(oldsk), inet_sk(oldsk)->inet_num)]; local_bh_disable(); spin_lock(&head->lock); pp = sctp_sk(oldsk)->bind_hash; sk_add_bind_node(newsk, &pp->owner); sctp_sk(newsk)->bind_hash = pp; inet_sk(newsk)->inet_num = inet_sk(oldsk)->inet_num; spin_unlock(&head->lock); local_bh_enable(); sctp_bind_addr_dup(&newsp->ep->base.bind_addr, &oldsp->ep->base.bind_addr, GFP_KERNEL); sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) { event = sctp_skb2event(skb); if (event->asoc == assoc) { __skb_unlink(skb, &oldsk->sk_receive_queue); __skb_queue_tail(&newsk->sk_receive_queue, skb); sctp_skb_set_owner_r_frag(skb, newsk); } } skb_queue_head_init(&newsp->pd_lobby); atomic_set(&sctp_sk(newsk)->pd_mode, assoc->ulpq.pd_mode); if (atomic_read(&sctp_sk(oldsk)->pd_mode)) { struct sk_buff_head *queue; if (assoc->ulpq.pd_mode) { queue = &newsp->pd_lobby; } else queue = &newsk->sk_receive_queue; sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) { event = sctp_skb2event(skb); if (event->asoc == assoc) { __skb_unlink(skb, &oldsp->pd_lobby); __skb_queue_tail(queue, skb); sctp_skb_set_owner_r_frag(skb, newsk); } } if (assoc->ulpq.pd_mode) sctp_clear_pd(oldsk, NULL); } sctp_skb_for_each(skb, &assoc->ulpq.reasm, tmp) sctp_skb_set_owner_r_frag(skb, newsk); sctp_skb_for_each(skb, &assoc->ulpq.lobby, tmp) sctp_skb_set_owner_r_frag(skb, newsk); newsp->type = type; lock_sock_nested(newsk, SINGLE_DEPTH_NESTING); sctp_assoc_migrate(assoc, newsk); if (sctp_state(assoc, CLOSED) && sctp_style(newsk, TCP)) newsk->sk_shutdown |= RCV_SHUTDOWN; newsk->sk_state = SCTP_SS_ESTABLISHED; release_sock(newsk); }",visit repo url,net/sctp/socket.c,https://github.com/torvalds/linux,92618004285445,1 725,CWE-20,"static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct sco_pinfo *pi = sco_pi(sk); lock_sock(sk); if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { sco_conn_defer_accept(pi->conn->hcon, pi->setting); sk->sk_state = BT_CONFIG; msg->msg_namelen = 0; release_sock(sk); return 0; } release_sock(sk); return bt_sock_recvmsg(iocb, sock, msg, len, flags); }",visit repo url,net/bluetooth/sco.c,https://github.com/torvalds/linux,169024666607659,1 6096,CWE-190,"static int pad_pkcs2(bn_t m, int *p_len, int m_len, int k_len, int operation) { uint8_t pad, h1[RLC_MD_LEN], h2[RLC_MD_LEN]; uint8_t *mask = RLC_ALLOCA(uint8_t, k_len); int result = RLC_ERR; bn_t t; bn_null(t); RLC_TRY { bn_new(t); switch (operation) { case RSA_ENC: md_map(h1, NULL, 0); bn_read_bin(m, h1, RLC_MD_LEN); *p_len = k_len - 2 * RLC_MD_LEN - 2 - m_len; bn_lsh(m, m, *p_len * 8); bn_lsh(m, m, 8); bn_add_dig(m, m, 0x01); bn_lsh(m, m, m_len * 8); result = RLC_OK; break; case RSA_ENC_FIN: rand_bytes(h1, RLC_MD_LEN); md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < t->used; i++) { m->dp[i] ^= t->dp[i]; } bn_write_bin(mask, k_len - RLC_MD_LEN - 1, m); md_mgf(h2, RLC_MD_LEN, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < RLC_MD_LEN; i++) { h1[i] ^= h2[i]; } bn_read_bin(t, h1, RLC_MD_LEN); bn_lsh(t, t, 8 * (k_len - RLC_MD_LEN - 1)); bn_add(t, t, m); bn_copy(m, t); result = RLC_OK; break; case RSA_DEC: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (bn_is_zero(t)) { m_len -= RLC_MD_LEN; bn_rsh(t, m, 8 * m_len); bn_write_bin(h1, RLC_MD_LEN, t); bn_mod_2b(m, m, 8 * m_len); bn_write_bin(mask, m_len, m); md_mgf(h2, RLC_MD_LEN, mask, m_len); for (int i = 0; i < RLC_MD_LEN; i++) { h1[i] ^= h2[i]; } md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < t->used; i++) { m->dp[i] ^= t->dp[i]; } m_len -= RLC_MD_LEN; bn_rsh(t, m, 8 * m_len); bn_write_bin(h2, RLC_MD_LEN, t); md_map(h1, NULL, 0); pad = 0; for (int i = 0; i < RLC_MD_LEN; i++) { pad |= h1[i] ^ h2[i]; } bn_mod_2b(m, m, 8 * m_len); *p_len = bn_size_bin(m); (*p_len)--; bn_rsh(t, m, *p_len * 8); if (pad == 0 && bn_cmp_dig(t, 1) == RLC_EQ) { result = RLC_OK; } bn_mod_2b(m, m, *p_len * 8); *p_len = k_len - *p_len; } break; case RSA_SIG: case RSA_SIG_HASH: bn_zero(m); bn_lsh(m, m, 64); bn_lsh(m, m, RLC_MD_LEN * 8); result = RLC_OK; break; case RSA_SIG_FIN: memset(mask, 0, 8); bn_write_bin(mask + 8, RLC_MD_LEN, m); md_map(h1, mask, RLC_MD_LEN + 8); bn_read_bin(m, h1, RLC_MD_LEN); md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); t->dp[0] ^= 0x01; bn_lsh(t, t, 8 * RLC_MD_LEN); bn_add(m, t, m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PSS); for (int i = m_len - 1; i < 8 * k_len; i++) { bn_set_bit(m, i, 0); } result = RLC_OK; break; case RSA_VER: case RSA_VER_HASH: bn_mod_2b(t, m, 8); pad = (uint8_t)t->dp[0]; if (pad == RSA_PSS) { int r = 1; for (int i = m_len; i < 8 * k_len; i++) { if (bn_get_bit(m, i) != 0) { r = 0; } } bn_rsh(m, m, 8); bn_mod_2b(t, m, 8 * RLC_MD_LEN); bn_write_bin(h2, RLC_MD_LEN, t); bn_rsh(m, m, 8 * RLC_MD_LEN); bn_write_bin(h1, RLC_MD_LEN, t); md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < t->used; i++) { m->dp[i] ^= t->dp[i]; } m->dp[0] ^= 0x01; for (int i = m_len - 1; i < 8 * k_len; i++) { bn_set_bit(m, i - ((RLC_MD_LEN + 1) * 8), 0); } if (r == 1 && bn_is_zero(m)) { result = RLC_OK; } bn_read_bin(m, h2, RLC_MD_LEN); *p_len = k_len - RLC_MD_LEN; } break; } } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(t); } RLC_FREE(mask); return result; }",visit repo url,src/cp/relic_cp_rsa.c,https://github.com/relic-toolkit/relic,31185856485720,1 3735,[],"static inline int unix_may_send(struct sock *sk, struct sock *osk) { return (unix_peer(osk) == NULL || unix_our_peer(sk, osk)); }",linux-2.6,,,129546240350555754037945028334477080047,0 4343,['CWE-399'],"static int keyctl_change_reqkey_auth(struct key *key) { struct cred *new; new = prepare_creds(); if (!new) return -ENOMEM; key_put(new->request_key_auth); new->request_key_auth = key_get(key); return commit_creds(new); }",linux-2.6,,,222215028725400256050857457572956007436,0 1281,CWE-119,"int utf8s_to_utf16s(const u8 *s, int len, wchar_t *pwcs) { u16 *op; int size; unicode_t u; op = pwcs; while (*s && len > 0) { if (*s & 0x80) { size = utf8_to_utf32(s, len, &u); if (size < 0) return -EINVAL; if (u >= PLANE_SIZE) { u -= PLANE_SIZE; *op++ = (wchar_t) (SURROGATE_PAIR | ((u >> 10) & SURROGATE_BITS)); *op++ = (wchar_t) (SURROGATE_PAIR | SURROGATE_LOW | (u & SURROGATE_BITS)); } else { *op++ = (wchar_t) u; } s += size; len -= size; } else { *op++ = *s++; len--; } } return op - pwcs; }",visit repo url,fs/nls/nls_base.c,https://github.com/torvalds/linux,227902706954751,1 6665,CWE-120,"static int pkey_GOST_ECcp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, const unsigned char *key, size_t key_len) { GOST_KEY_TRANSPORT *gkt = NULL; EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx); struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); int pkey_nid = EVP_PKEY_base_id(pubk); ASN1_OBJECT *crypt_params_obj = (pkey_nid == NID_id_GostR3410_2001 || pkey_nid == NID_id_GostR3410_2001DH) ? OBJ_nid2obj(NID_id_Gost28147_89_CryptoPro_A_ParamSet) : OBJ_nid2obj(NID_id_tc26_gost_28147_param_Z); const struct gost_cipher_info *param = get_encryption_params(crypt_params_obj); unsigned char ukm[8], shared_key[32], crypted_key[44]; int ret = 0; int key_is_ephemeral = 1; gost_ctx cctx; EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx); if (data->shared_ukm_size) { memcpy(ukm, data->shared_ukm, 8); } else { if (RAND_bytes(ukm, 8) <= 0) { GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_RNG_ERROR); return 0; } } if (!param) goto err; if (sec_key) { key_is_ephemeral = 0; if (!gost_get0_priv_key(sec_key)) { GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR); goto err; } } else { key_is_ephemeral = 1; if (out) { sec_key = EVP_PKEY_new(); if (!EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new()) || !EVP_PKEY_copy_parameters(sec_key, pubk) || !gost_ec_keygen(EVP_PKEY_get0(sec_key))) { GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; } } } if (out) { int dgst_nid = NID_undef; EVP_PKEY_get_default_digest_nid(pubk, &dgst_nid); if (dgst_nid == NID_id_GostR3411_2012_512) dgst_nid = NID_id_GostR3411_2012_256; if (!VKO_compute_key(shared_key, EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)), EVP_PKEY_get0(sec_key), ukm, 8, dgst_nid)) { GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; } gost_init(&cctx, param->sblock); keyWrapCryptoPro(&cctx, shared_key, ukm, key, crypted_key); } gkt = GOST_KEY_TRANSPORT_new(); if (!gkt) { goto err; } if (!ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8)) { goto err; } if (!ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, 4)) { goto err; } if (!ASN1_OCTET_STRING_set (gkt->key_info->encrypted_key, crypted_key + 8, 32)) { goto err; } if (key_is_ephemeral) { if (!X509_PUBKEY_set (&gkt->key_agreement_info->ephem_key, out ? sec_key : pubk)) { GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_CANNOT_PACK_EPHEMERAL_KEY); goto err; } } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); if (key_is_ephemeral) EVP_PKEY_free(sec_key); if (!key_is_ephemeral) { if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) { GOSTerr(GOST_F_PKEY_GOST_ECCP_ENCRYPT, GOST_R_CTRL_CALL_FAILED); goto err; } } if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0) ret = 1; OPENSSL_cleanse(shared_key, sizeof(shared_key)); GOST_KEY_TRANSPORT_free(gkt); return ret; err: OPENSSL_cleanse(shared_key, sizeof(shared_key)); if (key_is_ephemeral) EVP_PKEY_free(sec_key); GOST_KEY_TRANSPORT_free(gkt); return -1; }",visit repo url,gost_ec_keyx.c,https://github.com/gost-engine/engine,85806931730620,1 3855,CWE-416,"ex_diffgetput(exarg_T *eap) { linenr_T lnum; int count; linenr_T off = 0; diff_T *dp; diff_T *dprev; diff_T *dfree; int idx_cur; int idx_other; int idx_from; int idx_to; int i; int added; char_u *p; aco_save_T aco; buf_T *buf; int start_skip, end_skip; int new_count; int buf_empty; int found_not_ma = FALSE; idx_cur = diff_buf_idx(curbuf); if (idx_cur == DB_COUNT) { emsg(_(e_current_buffer_is_not_in_diff_mode)); return; } if (*eap->arg == NUL) { for (idx_other = 0; idx_other < DB_COUNT; ++idx_other) if (curtab->tp_diffbuf[idx_other] != curbuf && curtab->tp_diffbuf[idx_other] != NULL) { if (eap->cmdidx != CMD_diffput || curtab->tp_diffbuf[idx_other]->b_p_ma) break; found_not_ma = TRUE; } if (idx_other == DB_COUNT) { if (found_not_ma) emsg(_(e_no_other_buffer_in_diff_mode_is_modifiable)); else emsg(_(e_no_other_buffer_in_diff_mode)); return; } for (i = idx_other + 1; i < DB_COUNT; ++i) if (curtab->tp_diffbuf[i] != curbuf && curtab->tp_diffbuf[i] != NULL && (eap->cmdidx != CMD_diffput || curtab->tp_diffbuf[i]->b_p_ma)) { emsg(_(e_more_than_two_buffers_in_diff_mode_dont_know_which_one_to_use)); return; } } else { p = eap->arg + STRLEN(eap->arg); while (p > eap->arg && VIM_ISWHITE(p[-1])) --p; for (i = 0; vim_isdigit(eap->arg[i]) && eap->arg + i < p; ++i) ; if (eap->arg + i == p) i = atol((char *)eap->arg); else { i = buflist_findpat(eap->arg, p, FALSE, TRUE, FALSE); if (i < 0) return; } buf = buflist_findnr(i); if (buf == NULL) { semsg(_(e_cant_find_buffer_str), eap->arg); return; } if (buf == curbuf) return; idx_other = diff_buf_idx(buf); if (idx_other == DB_COUNT) { semsg(_(e_buffer_str_is_not_in_diff_mode), eap->arg); return; } } diff_busy = TRUE; if (eap->addr_count == 0) { if (eap->cmdidx == CMD_diffget && eap->line1 == curbuf->b_ml.ml_line_count && diff_check(curwin, eap->line1) == 0 && (eap->line1 == 1 || diff_check(curwin, eap->line1 - 1) == 0)) ++eap->line2; else if (eap->line1 > 0) --eap->line1; } if (eap->cmdidx == CMD_diffget) { idx_from = idx_other; idx_to = idx_cur; } else { idx_from = idx_cur; idx_to = idx_other; aucmd_prepbuf(&aco, curtab->tp_diffbuf[idx_other]); } if (!curbuf->b_changed) { change_warning(0); if (diff_buf_idx(curbuf) != idx_to) { emsg(_(e_buffer_changed_unexpectedly)); goto theend; } } dprev = NULL; for (dp = curtab->tp_first_diff; dp != NULL; ) { if (dp->df_lnum[idx_cur] > eap->line2 + off) break; dfree = NULL; lnum = dp->df_lnum[idx_to]; count = dp->df_count[idx_to]; if (dp->df_lnum[idx_cur] + dp->df_count[idx_cur] > eap->line1 + off && u_save(lnum - 1, lnum + count) != FAIL) { start_skip = 0; end_skip = 0; if (eap->addr_count > 0) { start_skip = eap->line1 + off - dp->df_lnum[idx_cur]; if (start_skip > 0) { if (start_skip > count) { lnum += count; count = 0; } else { count -= start_skip; lnum += start_skip; } } else start_skip = 0; end_skip = dp->df_lnum[idx_cur] + dp->df_count[idx_cur] - 1 - (eap->line2 + off); if (end_skip > 0) { if (idx_cur == idx_from) { i = dp->df_count[idx_cur] - start_skip - end_skip; if (count > i) count = i; } else { count -= end_skip; end_skip = dp->df_count[idx_from] - start_skip - count; if (end_skip < 0) end_skip = 0; } } else end_skip = 0; } buf_empty = BUFEMPTY(); added = 0; for (i = 0; i < count; ++i) { buf_empty = curbuf->b_ml.ml_line_count == 1; ml_delete(lnum); --added; } for (i = 0; i < dp->df_count[idx_from] - start_skip - end_skip; ++i) { linenr_T nr; nr = dp->df_lnum[idx_from] + start_skip + i; if (nr > curtab->tp_diffbuf[idx_from]->b_ml.ml_line_count) break; p = vim_strsave(ml_get_buf(curtab->tp_diffbuf[idx_from], nr, FALSE)); if (p != NULL) { ml_append(lnum + i - 1, p, 0, FALSE); vim_free(p); ++added; if (buf_empty && curbuf->b_ml.ml_line_count == 2) { buf_empty = FALSE; ml_delete((linenr_T)2); } } } new_count = dp->df_count[idx_to] + added; dp->df_count[idx_to] = new_count; if (start_skip == 0 && end_skip == 0) { for (i = 0; i < DB_COUNT; ++i) if (curtab->tp_diffbuf[i] != NULL && i != idx_from && i != idx_to && !diff_equal_entry(dp, idx_from, i)) break; if (i == DB_COUNT) { dfree = dp; dp = dp->df_next; if (dprev == NULL) curtab->tp_first_diff = dp; else dprev->df_next = dp; } } if (added != 0) { mark_adjust(lnum, lnum + count - 1, (long)MAXLNUM, (long)added); if (curwin->w_cursor.lnum >= lnum) { if (curwin->w_cursor.lnum >= lnum + count) curwin->w_cursor.lnum += added; else if (added < 0) curwin->w_cursor.lnum = lnum; } } changed_lines(lnum, 0, lnum + count, (long)added); if (dfree != NULL) { #ifdef FEAT_FOLDING diff_fold_update(dfree, idx_to); #endif vim_free(dfree); } else dp->df_count[idx_to] = new_count; if (idx_cur == idx_to) off += added; } if (dfree == NULL) { dprev = dp; dp = dp->df_next; } } if (eap->cmdidx != CMD_diffget) { if (KeyTyped) u_sync(FALSE); aucmd_restbuf(&aco); } theend: diff_busy = FALSE; if (diff_need_update) ex_diffupdate(NULL); check_cursor(); changed_line_abv_curs(); if (diff_need_update) diff_need_update = FALSE; else { diff_redraw(FALSE); apply_autocmds(EVENT_DIFFUPDATED, NULL, NULL, FALSE, curbuf); } }",visit repo url,src/diff.c,https://github.com/vim/vim,23919189490540,1 3178,CWE-125,"null_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { u_int length = h->len; u_int caplen = h->caplen; u_int family; if (caplen < NULL_HDRLEN) { ND_PRINT((ndo, ""[|null]"")); return (NULL_HDRLEN); } memcpy((char *)&family, (const char *)p, sizeof(family)); if ((family & 0xFFFF0000) != 0) family = SWAPLONG(family); if (ndo->ndo_eflag) null_hdr_print(ndo, family, length); length -= NULL_HDRLEN; caplen -= NULL_HDRLEN; p += NULL_HDRLEN; switch (family) { case BSD_AFNUM_INET: ip_print(ndo, p, length); break; case BSD_AFNUM_INET6_BSD: case BSD_AFNUM_INET6_FREEBSD: case BSD_AFNUM_INET6_DARWIN: ip6_print(ndo, p, length); break; case BSD_AFNUM_ISO: isoclns_print(ndo, p, length, caplen); break; case BSD_AFNUM_APPLETALK: atalk_print(ndo, p, length); break; case BSD_AFNUM_IPX: ipx_print(ndo, p, length); break; default: if (!ndo->ndo_eflag) null_hdr_print(ndo, family, length + NULL_HDRLEN); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } return (NULL_HDRLEN); }",visit repo url,print-null.c,https://github.com/the-tcpdump-group/tcpdump,216513513890868,1 4970,['CWE-20'],"int find_dirent(nfs_readdir_descriptor_t *desc) { struct nfs_entry *entry = desc->entry; int loop_count = 0, status; while((status = dir_decode(desc)) == 0) { dfprintk(DIRCACHE, ""NFS: %s: examining cookie %Lu\n"", __FUNCTION__, (unsigned long long)entry->cookie); if (entry->prev_cookie == *desc->dir_cookie) break; if (loop_count++ > 200) { loop_count = 0; schedule(); } } return status; }",linux-2.6,,,197644269823862712277791675447981049256,0 3015,['CWE-189'],"jas_image_t *jas_image_copy(jas_image_t *image) { jas_image_t *newimage; int cmptno; newimage = jas_image_create0(); if (jas_image_growcmpts(newimage, image->numcmpts_)) { goto error; } for (cmptno = 0; cmptno < image->numcmpts_; ++cmptno) { if (!(newimage->cmpts_[cmptno] = jas_image_cmpt_copy(image->cmpts_[cmptno]))) { goto error; } ++newimage->numcmpts_; } jas_image_setbbox(newimage); if (image->cmprof_) { if (!(newimage->cmprof_ = jas_cmprof_copy(image->cmprof_))) goto error; } return newimage; error: if (newimage) { jas_image_destroy(newimage); } return 0; }",jasper,,,6633503402659315559772479511343075982,0 6582,['CWE-200'],"connection_new_secrets_requested_cb (NMAGConfConnection *connection, const char *setting_name, const char **hints, gboolean ask_user, DBusGMethodInvocation *context, gpointer user_data) { NMAGConfSettings *self = NMA_GCONF_SETTINGS (user_data); g_signal_emit (self, signals[NEW_SECRETS_REQUESTED], 0, connection, setting_name, hints, ask_user, context); }",network-manager-applet,,,67656373480079350769171782667555822375,0 4826,['CWE-399'],"SYSCALL_DEFINE0(inotify_init) { return sys_inotify_init1(0); }",linux-2.6,,,249816590920314032507817099356963621681,0 6225,['CWE-200'],"check_loop_fn(struct Qdisc *q, unsigned long cl, struct qdisc_walker *w) { struct Qdisc *leaf; struct Qdisc_class_ops *cops = q->ops->cl_ops; struct check_loop_arg *arg = (struct check_loop_arg *)w; leaf = cops->leaf(q, cl); if (leaf) { if (leaf == arg->p || arg->depth > 7) return -ELOOP; return check_loop(leaf, arg->p, arg->depth + 1); } return 0; }",linux-2.6,,,251346268414354236327251800092590579878,0 310,[],"static int dev_ifname32(unsigned int fd, unsigned int cmd, unsigned long arg) { struct net_device *dev; struct ifreq32 ifr32; int err; if (copy_from_user(&ifr32, compat_ptr(arg), sizeof(ifr32))) return -EFAULT; dev = dev_get_by_index(ifr32.ifr_ifindex); if (!dev) return -ENODEV; strlcpy(ifr32.ifr_name, dev->name, sizeof(ifr32.ifr_name)); dev_put(dev); err = copy_to_user(compat_ptr(arg), &ifr32, sizeof(ifr32)); return (err ? -EFAULT : 0); }",linux-2.6,,,321851414500081230111382293152986547687,0 5439,CWE-787,"uint8_t ethereum_extractThorchainData(const EthereumSignTx *msg, char *buffer) { uint16_t offset = 4 + (5 * 32); int16_t len = msg->data_length - offset; if (msg->has_data_length && len > 0) { memcpy(buffer, msg->data_initial_chunk.bytes + offset, len); return len < 256 ? (uint8_t)len : 0; } return 0; }",visit repo url,lib/firmware/ethereum.c,https://github.com/keepkey/keepkey-firmware,205564078676139,1 6281,CWE-120,"read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, uint32_t offset, uint32_t length, uint8_t *frubuf) { uint32_t off = offset, tmp, finish; struct ipmi_rs * rsp; struct ipmi_rq req; uint8_t msg_data[4]; if (offset > fru->size) { lprintf(LOG_ERR, ""Read FRU Area offset incorrect: %d > %d"", offset, fru->size); return -1; } finish = offset + length; if (finish > fru->size) { finish = fru->size; lprintf(LOG_NOTICE, ""Read FRU Area length %d too large, "" ""Adjusting to %d"", offset + length, finish - offset); } memset(&req, 0, sizeof(req)); req.msg.netfn = IPMI_NETFN_STORAGE; req.msg.cmd = GET_FRU_DATA; req.msg.data = msg_data; req.msg.data_len = 4; if (fru->max_read_size == 0) { uint16_t max_rs_size = ipmi_intf_get_max_response_data_size(intf) - 1; if (max_rs_size <= 1) { lprintf(LOG_ERROR, ""Maximum response size is too small to send "" ""a read request""); return -1; } if (max_rs_size - 1 > 255) { fru->max_read_size = 255; } else { fru->max_read_size = max_rs_size - 1; } if (fru->access) { fru->max_read_size &= ~1; } } do { tmp = fru->access ? off >> 1 : off; msg_data[0] = id; msg_data[1] = (uint8_t)(tmp & 0xff); msg_data[2] = (uint8_t)(tmp >> 8); tmp = finish - off; if (tmp > fru->max_read_size) msg_data[3] = (uint8_t)fru->max_read_size; else msg_data[3] = (uint8_t)tmp; rsp = intf->sendrecv(intf, &req); if (!rsp) { lprintf(LOG_NOTICE, ""FRU Read failed""); break; } if (rsp->ccode) { if (fru_cc_rq2big(rsp->ccode) && fru->max_read_size > FRU_BLOCK_SZ) { if (fru->max_read_size > FRU_AREA_MAXIMUM_BLOCK_SZ) { fru->max_read_size -= FRU_BLOCK_SZ; } else { fru->max_read_size--; } lprintf(LOG_INFO, ""Retrying FRU read with request size %d"", fru->max_read_size); continue; } lprintf(LOG_NOTICE, ""FRU Read failed: %s"", val2str(rsp->ccode, completion_code_vals)); break; } tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; memcpy(frubuf, rsp->data + 1, tmp); off += tmp; frubuf += tmp; if (tmp == 0 && off < finish) { return 0; } } while (off < finish); if (off < finish) { return -1; } return 0; }",visit repo url,lib/ipmi_fru.c,https://github.com/ipmitool/ipmitool,271701010251526,1 5654,CWE-59,"_mibindex_add( const char *dirname, int i ) { const int old_mibindex_max = _mibindex_max; DEBUGMSGTL((""mibindex"", ""add: %s (%d)\n"", dirname, i )); if ( i == -1 ) i = _mibindex++; if ( i >= _mibindex_max ) { _mibindex_max = i + 10; _mibindexes = realloc(_mibindexes, _mibindex_max * sizeof(_mibindexes[0])); netsnmp_assert(_mibindexes); memset(_mibindexes + old_mibindex_max, 0, (_mibindex_max - old_mibindex_max) * sizeof(_mibindexes[0])); } _mibindexes[ i ] = strdup( dirname ); if ( i >= _mibindex ) _mibindex = i+1; DEBUGMSGTL((""mibindex"", ""add: %d/%d/%d\n"", i, _mibindex, _mibindex_max )); return i; }",visit repo url,snmplib/mib.c,https://github.com/net-snmp/net-snmp,199729503167091,1 1883,CWE-416,"int gru_handle_user_call_os(unsigned long cb) { struct gru_tlb_fault_handle *tfh; struct gru_thread_state *gts; void *cbk; int ucbnum, cbrnum, ret = -EINVAL; STAT(call_os); ucbnum = get_cb_number((void *)cb); if ((cb & (GRU_HANDLE_STRIDE - 1)) || ucbnum >= GRU_NUM_CB) return -EINVAL; gts = gru_find_lock_gts(cb); if (!gts) return -EINVAL; gru_dbg(grudev, ""address 0x%lx, gid %d, gts 0x%p\n"", cb, gts->ts_gru ? gts->ts_gru->gs_gid : -1, gts); if (ucbnum >= gts->ts_cbr_au_count * GRU_CBR_AU_SIZE) goto exit; gru_check_context_placement(gts); if (gts->ts_gru && gts->ts_force_cch_reload) { gts->ts_force_cch_reload = 0; gru_update_cch(gts); } ret = -EAGAIN; cbrnum = thread_cbr_number(gts, ucbnum); if (gts->ts_gru) { tfh = get_tfh_by_index(gts->ts_gru, cbrnum); cbk = get_gseg_base_address_cb(gts->ts_gru->gs_gru_base_vaddr, gts->ts_ctxnum, ucbnum); ret = gru_user_dropin(gts, tfh, cbk); } exit: gru_unlock_gts(gts); return ret; }",visit repo url,drivers/misc/sgi-gru/grufault.c,https://github.com/torvalds/linux,178789374764284,1 3117,['CWE-189'],"jpc_tagtree_t *jpc_tagtree_create(int numleafsh, int numleafsv) { int nplh[JPC_TAGTREE_MAXDEPTH]; int nplv[JPC_TAGTREE_MAXDEPTH]; jpc_tagtreenode_t *node; jpc_tagtreenode_t *parentnode; jpc_tagtreenode_t *parentnode0; jpc_tagtree_t *tree; int i; int j; int k; int numlvls; int n; assert(numleafsh > 0 && numleafsv > 0); if (!(tree = jpc_tagtree_alloc())) { return 0; } tree->numleafsh_ = numleafsh; tree->numleafsv_ = numleafsv; numlvls = 0; nplh[0] = numleafsh; nplv[0] = numleafsv; do { n = nplh[numlvls] * nplv[numlvls]; nplh[numlvls + 1] = (nplh[numlvls] + 1) / 2; nplv[numlvls + 1] = (nplv[numlvls] + 1) / 2; tree->numnodes_ += n; ++numlvls; } while (n > 1); if (!(tree->nodes_ = jas_alloc2(tree->numnodes_, sizeof(jpc_tagtreenode_t)))) { return 0; } node = tree->nodes_; parentnode = &tree->nodes_[tree->numleafsh_ * tree->numleafsv_]; parentnode0 = parentnode; for (i = 0; i < numlvls - 1; ++i) { for (j = 0; j < nplv[i]; ++j) { k = nplh[i]; while (--k >= 0) { node->parent_ = parentnode; ++node; if (--k >= 0) { node->parent_ = parentnode; ++node; } ++parentnode; } if ((j & 1) || j == nplv[i] - 1) { parentnode0 = parentnode; } else { parentnode = parentnode0; parentnode0 += nplh[i]; } } } node->parent_ = 0; jpc_tagtree_reset(tree); return tree; }",jasper,,,284338587225586247095270559071640610144,0 2471,CWE-119,"_pyfribidi_log2vis (PyObject * self, PyObject * args, PyObject * kw) { PyObject *logical = NULL; FriBidiParType base = FRIBIDI_TYPE_RTL; const char *encoding = ""utf-8""; int clean = 0; int reordernsm = 1; static char *kwargs[] = { ""logical"", ""base_direction"", ""encoding"", ""clean"", ""reordernsm"", NULL }; if (!PyArg_ParseTupleAndKeywords (args, kw, ""O|isii"", kwargs, &logical, &base, &encoding, &clean, &reordernsm)) return NULL; if (!(base == FRIBIDI_TYPE_RTL || base == FRIBIDI_TYPE_LTR || base == FRIBIDI_TYPE_ON)) return PyErr_Format (PyExc_ValueError, ""invalid value %d: use either RTL, LTR or ON"", base); if (PyUnicode_Check (logical)) return log2vis_unicode (logical, base, clean, reordernsm); else if (PyString_Check (logical)) return log2vis_encoded_string (logical, encoding, base, clean, reordernsm); else return PyErr_Format (PyExc_TypeError, ""expected unicode or str, not %s"", logical->ob_type->tp_name); }",visit repo url,pyfribidi.c,https://github.com/pediapress/pyfribidi,193857195536088,1 2887,['CWE-189'],"static int mif_hdr_addcmpt(mif_hdr_t *hdr, int cmptno, mif_cmpt_t *cmpt) { assert(cmptno >= hdr->numcmpts); if (hdr->numcmpts >= hdr->maxcmpts) { if (mif_hdr_growcmpts(hdr, hdr->numcmpts + 128)) { return -1; } } hdr->cmpts[hdr->numcmpts] = cmpt; ++hdr->numcmpts; return 0; }",jasper,,,294905424405567511214774276119436245644,0 363,[],"sys_perfmonctl (int fd, int cmd, void __user *arg, int count) { struct file *file = NULL; pfm_context_t *ctx = NULL; unsigned long flags = 0UL; void *args_k = NULL; long ret; size_t base_sz, sz, xtra_sz = 0; int narg, completed_args = 0, call_made = 0, cmd_flags; int (*func)(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs); int (*getsize)(void *arg, size_t *sz); #define PFM_MAX_ARGSIZE 4096 if (unlikely(pmu_conf == NULL)) return -ENOSYS; if (unlikely(cmd < 0 || cmd >= PFM_CMD_COUNT)) { DPRINT((""invalid cmd=%d\n"", cmd)); return -EINVAL; } func = pfm_cmd_tab[cmd].cmd_func; narg = pfm_cmd_tab[cmd].cmd_narg; base_sz = pfm_cmd_tab[cmd].cmd_argsize; getsize = pfm_cmd_tab[cmd].cmd_getsize; cmd_flags = pfm_cmd_tab[cmd].cmd_flags; if (unlikely(func == NULL)) { DPRINT((""invalid cmd=%d\n"", cmd)); return -EINVAL; } DPRINT((""cmd=%s idx=%d narg=0x%x argsz=%lu count=%d\n"", PFM_CMD_NAME(cmd), cmd, narg, base_sz, count)); if (unlikely((narg == PFM_CMD_ARG_MANY && count <= 0) || (narg > 0 && narg != count))) return -EINVAL; restart_args: sz = xtra_sz + base_sz*count; if (unlikely(sz > PFM_MAX_ARGSIZE)) { printk(KERN_ERR ""perfmon: [%d] argument too big %lu\n"", current->pid, sz); return -E2BIG; } if (likely(count && args_k == NULL)) { args_k = kmalloc(PFM_MAX_ARGSIZE, GFP_KERNEL); if (args_k == NULL) return -ENOMEM; } ret = -EFAULT; if (sz && copy_from_user(args_k, arg, sz)) { DPRINT((""cannot copy_from_user %lu bytes @%p\n"", sz, arg)); goto error_args; } if (completed_args == 0 && getsize) { ret = (*getsize)(args_k, &xtra_sz); if (ret) goto error_args; completed_args = 1; DPRINT((""restart_args sz=%lu xtra_sz=%lu\n"", sz, xtra_sz)); if (likely(xtra_sz)) goto restart_args; } if (unlikely((cmd_flags & PFM_CMD_FD) == 0)) goto skip_fd; ret = -EBADF; file = fget(fd); if (unlikely(file == NULL)) { DPRINT((""invalid fd %d\n"", fd)); goto error_args; } if (unlikely(PFM_IS_FILE(file) == 0)) { DPRINT((""fd %d not related to perfmon\n"", fd)); goto error_args; } ctx = (pfm_context_t *)file->private_data; if (unlikely(ctx == NULL)) { DPRINT((""no context for fd %d\n"", fd)); goto error_args; } prefetch(&ctx->ctx_state); PROTECT_CTX(ctx, flags); ret = pfm_check_task_state(ctx, cmd, flags); if (unlikely(ret)) goto abort_locked; skip_fd: ret = (*func)(ctx, args_k, count, task_pt_regs(current)); call_made = 1; abort_locked: if (likely(ctx)) { DPRINT((""context unlocked\n"")); UNPROTECT_CTX(ctx, flags); } if (call_made && PFM_CMD_RW_ARG(cmd) && copy_to_user(arg, args_k, base_sz*count)) ret = -EFAULT; error_args: if (file) fput(file); kfree(args_k); DPRINT((""cmd=%s ret=%ld\n"", PFM_CMD_NAME(cmd), ret)); return ret; }",linux-2.6,,,174121314843693408497139122031954947351,0 4702,['CWE-20'],"static int ext4_blkdev_remove(struct ext4_sb_info *sbi) { struct block_device *bdev; int ret = -ENODEV; bdev = sbi->journal_bdev; if (bdev) { ret = ext4_blkdev_put(bdev); sbi->journal_bdev = NULL; } return ret; }",linux-2.6,,,288281130083872470359908769154437447384,0 3271,CWE-125,"cfm_network_addr_print(netdissect_options *ndo, register const u_char *tptr) { u_int network_addr_type; u_int hexdump = FALSE; network_addr_type = *tptr; ND_PRINT((ndo, ""\n\t Network Address Type %s (%u)"", tok2str(af_values, ""Unknown"", network_addr_type), network_addr_type)); switch(network_addr_type) { case AFNUM_INET: ND_PRINT((ndo, "", %s"", ipaddr_string(ndo, tptr + 1))); break; case AFNUM_INET6: ND_PRINT((ndo, "", %s"", ip6addr_string(ndo, tptr + 1))); break; default: hexdump = TRUE; break; } return hexdump; }",visit repo url,print-cfm.c,https://github.com/the-tcpdump-group/tcpdump,82002604982850,1 5276,['CWE-264'],"static bool current_user_in_group(gid_t gid) { int i; for (i = 0; i < current_user.ut.ngroups; i++) { if (current_user.ut.groups[i] == gid) { return True; } } return False; }",samba,,,308026634373827542343974044020028785411,0 1241,[],"expand_ranges (const char *s, struct obstack *obs) { unsigned char from; unsigned char to; for (from = '\0'; *s != '\0'; from = to_uchar (*s++)) { if (*s == '-' && from != '\0') { to = to_uchar (*++s); if (to == '\0') { obstack_1grow (obs, '-'); break; } else if (from <= to) { while (from++ < to) obstack_1grow (obs, from); } else { while (--from >= to) obstack_1grow (obs, from); } } else obstack_1grow (obs, *s); } obstack_1grow (obs, '\0'); return (char *) obstack_finish (obs); }",m4,,,243332340256618091645676642185213727908,0 4148,['CWE-399'],"AvahiServerConfig* avahi_server_config_copy(AvahiServerConfig *ret, const AvahiServerConfig *c) { char *d = NULL, *h = NULL; AvahiStringList *l = NULL; assert(ret); assert(c); if (c->host_name) if (!(h = avahi_strdup(c->host_name))) return NULL; if (c->domain_name) if (!(d = avahi_strdup(c->domain_name))) { avahi_free(h); return NULL; } if (!(l = avahi_string_list_copy(c->browse_domains)) && c->browse_domains) { avahi_free(h); avahi_free(d); return NULL; } *ret = *c; ret->host_name = h; ret->domain_name = d; ret->browse_domains = l; return ret; }",avahi,,,275118705259667015681200471547723286170,0 1195,CWE-400,"asmlinkage void kernel_unaligned_trap(struct pt_regs *regs, unsigned int insn) { enum direction dir = decode_direction(insn); int size = decode_access_size(insn); if(!ok_for_kernel(insn) || dir == both) { printk(""Unsupported unaligned load/store trap for kernel at <%08lx>.\n"", regs->pc); unaligned_panic(""Wheee. Kernel does fpu/atomic unaligned load/store.""); } else { unsigned long addr = compute_effective_address(regs, insn); int err; perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, 0, regs, addr); switch (dir) { case load: err = do_int_load(fetch_reg_addr(((insn>>25)&0x1f), regs), size, (unsigned long *) addr, decode_signedness(insn)); break; case store: err = do_int_store(((insn>>25)&0x1f), size, (unsigned long *) addr, regs); break; default: panic(""Impossible kernel unaligned trap.""); } if (err) kernel_mna_trap_fault(regs, insn); else advance(regs); } }",visit repo url,arch/sparc/kernel/unaligned_32.c,https://github.com/torvalds/linux,75092749267227,1 6172,['CWE-200'],"static int ipmr_mfc_open(struct inode *inode, struct file *file) { struct seq_file *seq; int rc = -ENOMEM; struct ipmr_mfc_iter *s = kmalloc(sizeof(*s), GFP_KERNEL); if (!s) goto out; rc = seq_open(file, &ipmr_mfc_seq_ops); if (rc) goto out_kfree; seq = file->private_data; seq->private = s; out: return rc; out_kfree: kfree(s); goto out; }",linux-2.6,,,241888630967244603116493196294467428827,0 1422,[],"pick_next(struct cfs_rq *cfs_rq, struct sched_entity *se) { s64 diff, gran; if (!cfs_rq->next) return se; diff = cfs_rq->next->vruntime - se->vruntime; if (diff < 0) return se; gran = calc_delta_fair(sysctl_sched_wakeup_granularity, &cfs_rq->load); if (diff > gran) return se; return cfs_rq->next; }",linux-2.6,,,64845187213810776829746904833171382928,0 1179,CWE-400,"static void record_and_restart(struct perf_event *event, unsigned long val, struct pt_regs *regs, int nmi) { u64 period = event->hw.sample_period; s64 prev, delta, left; int record = 0; if (event->hw.state & PERF_HES_STOPPED) { write_pmc(event->hw.idx, 0); return; } prev = local64_read(&event->hw.prev_count); delta = (val - prev) & 0xfffffffful; local64_add(delta, &event->count); val = 0; left = local64_read(&event->hw.period_left) - delta; if (period) { if (left <= 0) { left += period; if (left <= 0) left = period; record = 1; event->hw.last_period = event->hw.sample_period; } if (left < 0x80000000LL) val = 0x80000000LL - left; } write_pmc(event->hw.idx, val); local64_set(&event->hw.prev_count, val); local64_set(&event->hw.period_left, left); perf_event_update_userpage(event); if (record) { struct perf_sample_data data; perf_sample_data_init(&data, 0); data.period = event->hw.last_period; if (perf_event_overflow(event, nmi, &data, regs)) fsl_emb_pmu_stop(event, 0); } }",visit repo url,arch/powerpc/kernel/perf_event_fsl_emb.c,https://github.com/torvalds/linux,148651534847984,1 1590,CWE-399,"static int db_interception(struct vcpu_svm *svm) { struct kvm_run *kvm_run = svm->vcpu.run; if (!(svm->vcpu.guest_debug & (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) && !svm->nmi_singlestep) { kvm_queue_exception(&svm->vcpu, DB_VECTOR); return 1; } if (svm->nmi_singlestep) { svm->nmi_singlestep = false; if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP)) svm->vmcb->save.rflags &= ~(X86_EFLAGS_TF | X86_EFLAGS_RF); update_db_bp_intercept(&svm->vcpu); } if (svm->vcpu.guest_debug & (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) { kvm_run->exit_reason = KVM_EXIT_DEBUG; kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip; kvm_run->debug.arch.exception = DB_VECTOR; return 0; } return 1; }",visit repo url,arch/x86/kvm/svm.c,https://github.com/torvalds/linux,219904919337254,1 3207,['CWE-189'],"void jpc_ft_invlift_row(jpc_fix_t *a, int numcols, int parity) { register jpc_fix_t *lptr; register jpc_fix_t *hptr; register int n; int llen; llen = (numcols + 1 - parity) >> 1; if (numcols > 1) { lptr = &a[0]; hptr = &a[llen]; if (!parity) { lptr[0] -= (hptr[0] + 1) >> 1; ++lptr; } n = llen - (!parity) - (parity != (numcols & 1)); while (n-- > 0) { lptr[0] -= (hptr[0] + hptr[1] + 2) >> 2; ++lptr; ++hptr; } if (parity != (numcols & 1)) { lptr[0] -= (hptr[0] + 1) >> 1; } lptr = &a[0]; hptr = &a[llen]; if (parity) { hptr[0] += lptr[0]; ++hptr; } n = numcols - llen - parity - (parity == (numcols & 1)); while (n-- > 0) { hptr[0] += (lptr[0] + lptr[1]) >> 1; ++hptr; ++lptr; } if (parity == (numcols & 1)) { hptr[0] += lptr[0]; } } else { if (parity) { lptr = &a[0]; lptr[0] >>= 1; } } }",jasper,,,67714511148054124099814572029008794167,0 3194,['CWE-189'],"static void jp2_colr_destroy(jp2_box_t *box) { jp2_colr_t *colr = &box->data.colr; if (colr->iccp) { jas_free(colr->iccp); } }",jasper,,,246170445688533691413732820930809291688,0 2250,['CWE-193'],"static int page_cache_read(struct file *file, pgoff_t offset) { struct address_space *mapping = file->f_mapping; struct page *page; int ret; do { page = page_cache_alloc_cold(mapping); if (!page) return -ENOMEM; ret = add_to_page_cache_lru(page, mapping, offset, GFP_KERNEL); if (ret == 0) ret = mapping->a_ops->readpage(file, page); else if (ret == -EEXIST) ret = 0; page_cache_release(page); } while (ret == AOP_TRUNCATED_PAGE); return ret; }",linux-2.6,,,47292699175095722603007741169204918736,0 652,CWE-20,"static int pn_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct sk_buff *skb = NULL; struct sockaddr_pn sa; int rval = -EOPNOTSUPP; int copylen; if (flags & ~(MSG_PEEK|MSG_TRUNC|MSG_DONTWAIT|MSG_NOSIGNAL| MSG_CMSG_COMPAT)) goto out_nofree; if (addr_len) *addr_len = sizeof(sa); skb = skb_recv_datagram(sk, flags, noblock, &rval); if (skb == NULL) goto out_nofree; pn_skb_get_src_sockaddr(skb, &sa); copylen = skb->len; if (len < copylen) { msg->msg_flags |= MSG_TRUNC; copylen = len; } rval = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copylen); if (rval) { rval = -EFAULT; goto out; } rval = (flags & MSG_TRUNC) ? skb->len : copylen; if (msg->msg_name != NULL) memcpy(msg->msg_name, &sa, sizeof(struct sockaddr_pn)); out: skb_free_datagram(sk, skb); out_nofree: return rval; }",visit repo url,net/phonet/datagram.c,https://github.com/torvalds/linux,163310526685294,1 4078,CWE-416,"ut64 MACH0_(get_main)(struct MACH0_(obj_t)* bin) { ut64 addr = 0LL; struct symbol_t *symbols; int i; if (!(symbols = MACH0_(get_symbols) (bin))) { return 0; } for (i = 0; !symbols[i].last; i++) { if (!strcmp (symbols[i].name, ""_main"")) { addr = symbols[i].addr; break; } } free (symbols); if (!addr && bin->main_cmd.cmd == LC_MAIN) { addr = bin->entry + bin->baddr; } if (!addr) { ut8 b[128]; ut64 entry = addr_to_offset(bin, bin->entry); if (entry > bin->size || entry + sizeof (b) > bin->size) return 0; i = r_buf_read_at (bin->b, entry, b, sizeof (b)); if (i < 1) { return 0; } for (i = 0; i < 64; i++) { if (b[i] == 0xe8 && !b[i+3] && !b[i+4]) { int delta = b[i+1] | (b[i+2] << 8) | (b[i+3] << 16) | (b[i+4] << 24); return bin->entry + i + 5 + delta; } } } return addr; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radare/radare2,244586088152261,1 5127,['CWE-20'],"static bool rmode_segment_valid(struct kvm_vcpu *vcpu, int seg) { struct kvm_segment var; u32 ar; vmx_get_segment(vcpu, &var, seg); ar = vmx_segment_access_rights(&var); if (var.base != (var.selector << 4)) return false; if (var.limit != 0xffff) return false; if (ar != 0xf3) return false; return true; }",linux-2.6,,,252414164473444038958694300727950973561,0 4351,CWE-552,"int mg_http_upload(struct mg_connection *c, struct mg_http_message *hm, const char *dir) { char offset[40] = """", name[200] = """", path[256]; mg_http_get_var(&hm->query, ""offset"", offset, sizeof(offset)); mg_http_get_var(&hm->query, ""name"", name, sizeof(name)); if (name[0] == '\0') { mg_http_reply(c, 400, """", ""%s"", ""name required""); return -1; } else { FILE *fp; size_t oft = strtoul(offset, NULL, 0); snprintf(path, sizeof(path), ""%s%c%s"", dir, MG_DIRSEP, name); LOG(LL_DEBUG, (""%p %d bytes @ %d [%s]"", c->fd, (int) hm->body.len, (int) oft, name)); if ((fp = fopen(path, oft == 0 ? ""wb"" : ""ab"")) == NULL) { mg_http_reply(c, 400, """", ""fopen(%s): %d"", name, errno); return -2; } else { fwrite(hm->body.ptr, 1, hm->body.len, fp); fclose(fp); mg_http_reply(c, 200, """", """"); return (int) hm->body.len; } } }",visit repo url,src/http.c,https://github.com/cesanta/mongoose,122663292850192,1 5967,['CWE-200'],"static __inline__ int cbq_dump_police(struct sk_buff *skb, struct cbq_class *cl) { unsigned char *b = skb->tail; struct tc_cbq_police opt; if (cl->police) { opt.police = cl->police; opt.__res1 = 0; opt.__res2 = 0; RTA_PUT(skb, TCA_CBQ_POLICE, sizeof(opt), &opt); } return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,226863545047745922781496619876385078608,0 3571,CWE-20,"jpc_streamlist_t *jpc_ppmstabtostreams(jpc_ppxstab_t *tab) { jpc_streamlist_t *streams; uchar *dataptr; uint_fast32_t datacnt; uint_fast32_t tpcnt; jpc_ppxstabent_t *ent; int entno; jas_stream_t *stream; int n; if (!(streams = jpc_streamlist_create())) { goto error; } if (!tab->numents) { return streams; } entno = 0; ent = tab->ents[entno]; dataptr = ent->data; datacnt = ent->len; for (;;) { if (datacnt < 4) { goto error; } if (!(stream = jas_stream_memopen(0, 0))) { goto error; } if (jpc_streamlist_insert(streams, jpc_streamlist_numstreams(streams), stream)) { goto error; } tpcnt = (dataptr[0] << 24) | (dataptr[1] << 16) | (dataptr[2] << 8) | dataptr[3]; datacnt -= 4; dataptr += 4; while (tpcnt) { if (!datacnt) { if (++entno >= tab->numents) { goto error; } ent = tab->ents[entno]; dataptr = ent->data; datacnt = ent->len; } n = JAS_MIN(tpcnt, datacnt); if (jas_stream_write(stream, dataptr, n) != n) { goto error; } tpcnt -= n; dataptr += n; datacnt -= n; } jas_stream_rewind(stream); if (!datacnt) { if (++entno >= tab->numents) { break; } ent = tab->ents[entno]; dataptr = ent->data; datacnt = ent->len; } } return streams; error: if (streams) { jpc_streamlist_destroy(streams); } return 0; }",visit repo url,src/libjasper/jpc/jpc_dec.c,https://github.com/mdadams/jasper,28832482159993,1 1184,['CWE-189'],"switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base) { struct hrtimer_clock_base *new_base; struct hrtimer_cpu_base *new_cpu_base; new_cpu_base = &__get_cpu_var(hrtimer_bases); new_base = &new_cpu_base->clock_base[base->index]; if (base != new_base) { if (unlikely(hrtimer_callback_running(timer))) return base; timer->base = NULL; spin_unlock(&base->cpu_base->lock); spin_lock(&new_base->cpu_base->lock); timer->base = new_base; } return new_base; }",linux-2.6,,,83456406258812906843951897506880477774,0 1326,['CWE-119'],"static int snmp_parse_mangle(unsigned char *msg, u_int16_t len, const struct oct1_map *map, __sum16 *check) { unsigned char *eoc, *end; unsigned int cls, con, tag, vers, pdutype; struct asn1_ctx ctx; struct asn1_octstr comm; struct snmp_object **obj; if (debug > 1) hex_dump(msg, len); asn1_open(&ctx, msg, len); if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) return 0; if (!asn1_header_decode(&ctx, &end, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) return 0; if (!asn1_uint_decode (&ctx, end, &vers)) return 0; if (debug > 1) printk(KERN_DEBUG ""bsalg: snmp version: %u\n"", vers + 1); if (vers > 1) return 1; if (!asn1_header_decode (&ctx, &end, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OTS) return 0; if (!asn1_octets_decode(&ctx, end, &comm.data, &comm.len)) return 0; if (debug > 1) { unsigned int i; printk(KERN_DEBUG ""bsalg: community: ""); for (i = 0; i < comm.len; i++) printk(""%c"", comm.data[i]); printk(""\n""); } kfree(comm.data); if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &pdutype)) return 0; if (cls != ASN1_CTX || con != ASN1_CON) return 0; if (debug > 1) { static const unsigned char *const pdus[] = { [SNMP_PDU_GET] = ""get"", [SNMP_PDU_NEXT] = ""get-next"", [SNMP_PDU_RESPONSE] = ""response"", [SNMP_PDU_SET] = ""set"", [SNMP_PDU_TRAP1] = ""trapv1"", [SNMP_PDU_BULK] = ""bulk"", [SNMP_PDU_INFORM] = ""inform"", [SNMP_PDU_TRAP2] = ""trapv2"" }; if (pdutype > SNMP_PDU_TRAP2) printk(KERN_DEBUG ""bsalg: bad pdu type %u\n"", pdutype); else printk(KERN_DEBUG ""bsalg: pdu: %s\n"", pdus[pdutype]); } if (pdutype != SNMP_PDU_RESPONSE && pdutype != SNMP_PDU_TRAP1 && pdutype != SNMP_PDU_TRAP2) return 1; if (pdutype == SNMP_PDU_TRAP1) { struct snmp_v1_trap trap; unsigned char ret = snmp_trap_decode(&ctx, &trap, map, check); if (ret) { kfree(trap.id); kfree((unsigned long *)trap.ip_address); } else return ret; } else { struct snmp_request req; if (!snmp_request_decode(&ctx, &req)) return 0; if (debug > 1) printk(KERN_DEBUG ""bsalg: request: id=0x%lx error_status=%u "" ""error_index=%u\n"", req.id, req.error_status, req.error_index); } if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) return 0; obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC); if (obj == NULL) { if (net_ratelimit()) printk(KERN_WARNING ""OOM in bsalg(%d)\n"", __LINE__); return 0; } while (!asn1_eoc_decode(&ctx, eoc)) { unsigned int i; if (!snmp_object_decode(&ctx, obj)) { if (*obj) { kfree((*obj)->id); kfree(*obj); } kfree(obj); return 0; } if (debug > 1) { printk(KERN_DEBUG ""bsalg: object: ""); for (i = 0; i < (*obj)->id_len; i++) { if (i > 0) printk("".""); printk(""%lu"", (*obj)->id[i]); } printk("": type=%u\n"", (*obj)->type); } if ((*obj)->type == SNMP_IPADDR) mangle_address(ctx.begin, ctx.pointer - 4 , map, check); kfree((*obj)->id); kfree(*obj); } kfree(obj); if (!asn1_eoc_decode(&ctx, eoc)) return 0; return 1; }",linux-2.6,,,251770107125685964285478781738933702031,0 4945,['CWE-20'],"static inline void nfs_set_verifier(struct dentry * dentry, unsigned long verf) { dentry->d_time = verf; }",linux-2.6,,,237065473942496402454372548507205461876,0 4788,[],"int selinux_netlbl_inode_permission(struct inode *inode, int mask) { int rc; struct sock *sk; struct socket *sock; struct sk_security_struct *sksec; if (!S_ISSOCK(inode->i_mode) || ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) return 0; sock = SOCKET_I(inode); sk = sock->sk; if (sk == NULL) return 0; sksec = sk->sk_security; if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE) return 0; local_bh_disable(); bh_lock_sock_nested(sk); if (likely(sksec->nlbl_state == NLBL_REQUIRE)) rc = selinux_netlbl_sock_setsid(sk); else rc = 0; bh_unlock_sock(sk); local_bh_enable(); return rc; }",linux-2.6,,,94826128266880569548056501909748592682,0 1186,CWE-400,"static int misaligned_fpu_load(struct pt_regs *regs, __u32 opcode, int displacement_not_indexed, int width_shift, int do_paired_load) { int error; int destreg; __u64 address; error = generate_and_check_address(regs, opcode, displacement_not_indexed, width_shift, &address); if (error < 0) { return error; } perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, address); destreg = (opcode >> 4) & 0x3f; if (user_mode(regs)) { __u64 buffer; __u32 buflo, bufhi; if (!access_ok(VERIFY_READ, (unsigned long) address, 1UL< 0) { return -1; } if (last_task_used_math == current) { enable_fpu(); save_fpu(current); disable_fpu(); last_task_used_math = NULL; regs->sr |= SR_FD; } buflo = *(__u32*) &buffer; bufhi = *(1 + (__u32*) &buffer); switch (width_shift) { case 2: current->thread.xstate->hardfpu.fp_regs[destreg] = buflo; break; case 3: if (do_paired_load) { current->thread.xstate->hardfpu.fp_regs[destreg] = buflo; current->thread.xstate->hardfpu.fp_regs[destreg+1] = bufhi; } else { #if defined(CONFIG_CPU_LITTLE_ENDIAN) current->thread.xstate->hardfpu.fp_regs[destreg] = bufhi; current->thread.xstate->hardfpu.fp_regs[destreg+1] = buflo; #else current->thread.xstate->hardfpu.fp_regs[destreg] = buflo; current->thread.xstate->hardfpu.fp_regs[destreg+1] = bufhi; #endif } break; default: printk(""Unexpected width_shift %d in misaligned_fpu_load, PC=%08lx\n"", width_shift, (unsigned long) regs->pc); break; } return 0; } else { die (""Misaligned FPU load inside kernel"", regs, 0); return -1; } }",visit repo url,arch/sh/kernel/traps_64.c,https://github.com/torvalds/linux,202066646079784,1 1415,CWE-310,"static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_comp rcomp; snprintf(rcomp.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""compression""); if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, sizeof(struct crypto_report_comp), &rcomp)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user.c,https://github.com/torvalds/linux,133008035110244,1 4236,['CWE-399'],"static struct sk_buff *pfifo_fast_dequeue(struct Qdisc* qdisc) { int prio; struct sk_buff_head *list = qdisc_priv(qdisc); for (prio = 0; prio < PFIFO_FAST_BANDS; prio++) { if (!skb_queue_empty(list + prio)) { qdisc->q.qlen--; return __qdisc_dequeue_head(qdisc, list + prio); } } return NULL; }",linux-2.6,,,113796797893900293229499027759980331222,0 4193,['CWE-399'],"static void register_localhost(AvahiServer *s) { AvahiAddress a; assert(s); avahi_address_parse(""127.0.0.1"", AVAHI_PROTO_INET, &a); avahi_server_add_address(s, NULL, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, AVAHI_PUBLISH_NO_PROBE|AVAHI_PUBLISH_NO_ANNOUNCE, ""localhost"", &a); avahi_address_parse(""::1"", AVAHI_PROTO_INET6, &a); avahi_server_add_address(s, NULL, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, AVAHI_PUBLISH_NO_PROBE|AVAHI_PUBLISH_NO_ANNOUNCE, ""ip6-localhost"", &a); }",avahi,,,97640438472529646805376207416843870167,0 765,['CWE-119'],"isdn_net_start_xmit(struct sk_buff *skb, struct net_device *ndev) { isdn_net_local *lp = (isdn_net_local *) ndev->priv; #ifdef CONFIG_ISDN_X25 struct concap_proto * cprot = lp -> netdev -> cprot; if (cprot && cprot -> pops) { int ret = cprot -> pops -> encap_and_xmit ( cprot , skb); if (ret) netif_stop_queue(ndev); return ret; } else #endif { #ifdef ISDN_DEBUG_NET_DUMP u_char *buf; #endif isdn_net_adjust_hdr(skb, ndev); #ifdef ISDN_DEBUG_NET_DUMP buf = skb->data; isdn_dumppkt(""S:"", buf, skb->len, 40); #endif if (!(lp->flags & ISDN_NET_CONNECTED)) { int chi; if (!(ISDN_NET_DIALMODE(*lp) == ISDN_NET_DM_AUTO)) { isdn_net_unreachable(ndev, skb, ""dial rejected: interface not in dialmode `auto'""); dev_kfree_skb(skb); return 0; } if (lp->phone[1]) { ulong flags; if(lp->dialwait_timer <= 0) if(lp->dialstarted > 0 && lp->dialtimeout > 0 && time_before(jiffies, lp->dialstarted + lp->dialtimeout + lp->dialwait)) lp->dialwait_timer = lp->dialstarted + lp->dialtimeout + lp->dialwait; if(lp->dialwait_timer > 0) { if(time_before(jiffies, lp->dialwait_timer)) { isdn_net_unreachable(ndev, skb, ""dial rejected: retry-time not reached""); dev_kfree_skb(skb); return 0; } else lp->dialwait_timer = 0; } spin_lock_irqsave(&dev->lock, flags); if (((chi = isdn_get_free_channel( ISDN_USAGE_NET, lp->l2_proto, lp->l3_proto, lp->pre_device, lp->pre_channel, lp->msn) ) < 0) && ((chi = isdn_get_free_channel( ISDN_USAGE_NET, lp->l2_proto, lp->l3_proto, lp->pre_device, lp->pre_channel^1, lp->msn) ) < 0)) { spin_unlock_irqrestore(&dev->lock, flags); isdn_net_unreachable(ndev, skb, ""No channel""); dev_kfree_skb(skb); return 0; } if (dev->net_verbose) isdn_net_log_skb(skb, lp); lp->dialstate = 1; isdn_net_bind_channel(lp, chi); #ifdef CONFIG_ISDN_PPP if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP) { if (isdn_ppp_bind(lp) < 0) { dev_kfree_skb(skb); isdn_net_unbind_channel(lp); spin_unlock_irqrestore(&dev->lock, flags); return 0; } #ifdef CONFIG_IPPP_FILTER if (isdn_ppp_autodial_filter(skb, lp)) { isdn_ppp_free(lp); isdn_net_unbind_channel(lp); spin_unlock_irqrestore(&dev->lock, flags); isdn_net_unreachable(ndev, skb, ""dial rejected: packet filtered""); dev_kfree_skb(skb); return 0; } #endif spin_unlock_irqrestore(&dev->lock, flags); isdn_net_dial(); netif_stop_queue(ndev); return 1; } #endif spin_unlock_irqrestore(&dev->lock, flags); isdn_net_dial(); isdn_net_device_stop_queue(lp); return 1; } else { isdn_net_unreachable(ndev, skb, ""No phone number""); dev_kfree_skb(skb); return 0; } } else { ndev->trans_start = jiffies; if (!lp->dialstate) { int ret; ret = (isdn_net_xmit(ndev, skb)); if(ret) netif_stop_queue(ndev); return ret; } else netif_stop_queue(ndev); } } return 1; }",linux-2.6,,,37821952746486751251931014308453437945,0 2252,[],"void __cpuinit cpu_init (void) { int cpu = stack_smp_processor_id(); struct tss_struct *t = &per_cpu(init_tss, cpu); struct orig_ist *orig_ist = &per_cpu(orig_ist, cpu); unsigned long v; char *estacks = NULL; struct task_struct *me; int i; if (cpu != 0) { pda_init(cpu); zap_low_mappings(cpu); } else estacks = boot_exception_stacks; me = current; if (cpu_test_and_set(cpu, cpu_initialized)) panic(""CPU#%d already initialized!\n"", cpu); printk(""Initializing CPU#%d\n"", cpu); clear_in_cr4(X86_CR4_VME|X86_CR4_PVI|X86_CR4_TSD|X86_CR4_DE); if (cpu) memcpy(cpu_gdt(cpu), cpu_gdt_table, GDT_SIZE); cpu_gdt_descr[cpu].size = GDT_SIZE; asm volatile(""lgdt %0"" :: ""m"" (cpu_gdt_descr[cpu])); asm volatile(""lidt %0"" :: ""m"" (idt_descr)); memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); wrmsrl(MSR_FS_BASE, 0); wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); check_efer(); for (v = 0; v < N_EXCEPTION_STACKS; v++) { static const unsigned int order[N_EXCEPTION_STACKS] = { [0 ... N_EXCEPTION_STACKS - 1] = EXCEPTION_STACK_ORDER, [DEBUG_STACK - 1] = DEBUG_STACK_ORDER }; if (cpu) { estacks = (char *)__get_free_pages(GFP_ATOMIC, order[v]); if (!estacks) panic(""Cannot allocate exception stack %ld %d\n"", v, cpu); } estacks += PAGE_SIZE << order[v]; orig_ist->ist[v] = t->ist[v] = (unsigned long)estacks; } t->io_bitmap_base = offsetof(struct tss_struct, io_bitmap); for (i = 0; i <= IO_BITMAP_LONGS; i++) t->io_bitmap[i] = ~0UL; atomic_inc(&init_mm.mm_count); me->active_mm = &init_mm; if (me->mm) BUG(); enter_lazy_tlb(&init_mm, me); set_tss_desc(cpu, t); load_TR_desc(); load_LDT(&init_mm.context); set_debugreg(0UL, 0); set_debugreg(0UL, 1); set_debugreg(0UL, 2); set_debugreg(0UL, 3); set_debugreg(0UL, 6); set_debugreg(0UL, 7); fpu_init(); raw_local_save_flags(kernel_eflags); }",linux-2.6,,,44329994289390644187660556782296601688,0 31,CWE-763,"spnego_gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count) { return gss_verify_mic_iov(minor_status, context_handle, qop_state, iov, iov_count); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,142527346938226,1 3801,CWE-416,"read_viminfo_barline(vir_T *virp, int got_encoding, int force, int writing) { char_u *p = virp->vir_line + 1; int bartype; garray_T values; bval_T *vp; int i; int read_next = TRUE; if (*p == '<') { if (writing) ga_add_string(&virp->vir_barlines, virp->vir_line); } else { ga_init2(&values, sizeof(bval_T), 20); bartype = getdigits(&p); switch (bartype) { case BARTYPE_VERSION: if (!got_encoding) { read_next = barline_parse(virp, p, &values); vp = (bval_T *)values.ga_data; if (values.ga_len > 0 && vp->bv_type == BVAL_NR) virp->vir_version = vp->bv_nr; } break; case BARTYPE_HISTORY: read_next = barline_parse(virp, p, &values); handle_viminfo_history(&values, writing); break; case BARTYPE_REGISTER: read_next = barline_parse(virp, p, &values); handle_viminfo_register(&values, force); break; case BARTYPE_MARK: read_next = barline_parse(virp, p, &values); handle_viminfo_mark(&values, force); break; default: if (writing) ga_add_string(&virp->vir_barlines, virp->vir_line); } for (i = 0; i < values.ga_len; ++i) { vp = (bval_T *)values.ga_data + i; if (vp->bv_type == BVAL_STRING && vp->bv_allocated) vim_free(vp->bv_string); vim_free(vp->bv_tofree); } ga_clear(&values); } if (read_next) return viminfo_readline(virp); return FALSE; }",visit repo url,src/viminfo.c,https://github.com/vim/vim,193045337641405,1 1089,CWE-399,"static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, u32 features) { struct sk_buff *segs = ERR_PTR(-EINVAL); unsigned int mss; unsigned int unfrag_ip6hlen, unfrag_len; struct frag_hdr *fptr; u8 *mac_start, *prevhdr; u8 nexthdr; u8 frag_hdr_sz = sizeof(struct frag_hdr); int offset; __wsum csum; mss = skb_shinfo(skb)->gso_size; if (unlikely(skb->len <= mss)) goto out; if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) { int type = skb_shinfo(skb)->gso_type; if (unlikely(type & ~(SKB_GSO_UDP | SKB_GSO_DODGY) || !(type & (SKB_GSO_UDP)))) goto out; skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss); segs = NULL; goto out; } offset = skb->csum_start - skb_headroom(skb); csum = skb_checksum(skb, offset, skb->len- offset, 0); offset += skb->csum_offset; *(__sum16 *)(skb->data + offset) = csum_fold(csum); skb->ip_summed = CHECKSUM_NONE; if ((skb_headroom(skb) < frag_hdr_sz) && pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC)) goto out; unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr); nexthdr = *prevhdr; *prevhdr = NEXTHDR_FRAGMENT; unfrag_len = skb_network_header(skb) - skb_mac_header(skb) + unfrag_ip6hlen; mac_start = skb_mac_header(skb); memmove(mac_start-frag_hdr_sz, mac_start, unfrag_len); skb->mac_header -= frag_hdr_sz; skb->network_header -= frag_hdr_sz; fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen); fptr->nexthdr = nexthdr; fptr->reserved = 0; ipv6_select_ident(fptr); segs = skb_segment(skb, features); out: return segs; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,162903550414586,1 1147,CWE-189,"SYSCALL_DEFINE3(osf_sysinfo, int, command, char __user *, buf, long, count) { const char *sysinfo_table[] = { utsname()->sysname, utsname()->nodename, utsname()->release, utsname()->version, utsname()->machine, ""alpha"", ""dummy"", ""dummy"", ""dummy"", }; unsigned long offset; const char *res; long len, err = -EINVAL; offset = command-1; if (offset >= ARRAY_SIZE(sysinfo_table)) { printk(""sysinfo(%d)"", command); goto out; } down_read(&uts_sem); res = sysinfo_table[offset]; len = strlen(res)+1; if (len > count) len = count; if (copy_to_user(buf, res, len)) err = -EFAULT; else err = 0; up_read(&uts_sem); out: return err; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,17547188397697,1 1172,CWE-400,"static int simulate_llsc(struct pt_regs *regs, unsigned int opcode) { if ((opcode & OPCODE) == LL) { perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); return simulate_ll(regs, opcode); } if ((opcode & OPCODE) == SC) { perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); return simulate_sc(regs, opcode); } return -1; }",visit repo url,arch/mips/kernel/traps.c,https://github.com/torvalds/linux,280049552561789,1 2033,['CWE-269'],"static struct vfsmount *next_mnt(struct vfsmount *p, struct vfsmount *root) { struct list_head *next = p->mnt_mounts.next; if (next == &p->mnt_mounts) { while (1) { if (p == root) return NULL; next = p->mnt_child.next; if (next != &p->mnt_parent->mnt_mounts) break; p = p->mnt_parent; } } return list_entry(next, struct vfsmount, mnt_child); }",linux-2.6,,,268493265184558541550690695151651974653,0 1501,[],"static int sd_degenerate(struct sched_domain *sd) { if (cpus_weight(sd->span) == 1) return 1; if (sd->flags & (SD_LOAD_BALANCE | SD_BALANCE_NEWIDLE | SD_BALANCE_FORK | SD_BALANCE_EXEC | SD_SHARE_CPUPOWER | SD_SHARE_PKG_RESOURCES)) { if (sd->groups != sd->groups->next) return 0; } if (sd->flags & (SD_WAKE_IDLE | SD_WAKE_AFFINE | SD_WAKE_BALANCE)) return 0; return 1; }",linux-2.6,,,14597805633882640423699928741018428630,0 4213,CWE-787,"get_html_data (MAPI_Attr *a) { VarLenData **body = XCALLOC(VarLenData*, a->num_values + 1); int j; for (j = 0; j < a->num_values; j++) { body[j] = XMALLOC(VarLenData, 1); body[j]->len = a->values[j].len; body[j]->data = CHECKED_XCALLOC(unsigned char, a->values[j].len); memmove (body[j]->data, a->values[j].data.buf, body[j]->len); } return body; }",visit repo url,src/tnef.c,https://github.com/verdammelt/tnef,113940098504507,1 620,CWE-17,"static struct super_block *alloc_super(struct file_system_type *type, int flags) { struct super_block *s = kzalloc(sizeof(struct super_block), GFP_USER); static const struct super_operations default_op; int i; if (!s) return NULL; if (security_sb_alloc(s)) goto fail; #ifdef CONFIG_SMP s->s_files = alloc_percpu(struct list_head); if (!s->s_files) goto fail; for_each_possible_cpu(i) INIT_LIST_HEAD(per_cpu_ptr(s->s_files, i)); #else INIT_LIST_HEAD(&s->s_files); #endif for (i = 0; i < SB_FREEZE_LEVELS; i++) { if (percpu_counter_init(&s->s_writers.counter[i], 0) < 0) goto fail; lockdep_init_map(&s->s_writers.lock_map[i], sb_writers_name[i], &type->s_writers_key[i], 0); } init_waitqueue_head(&s->s_writers.wait); init_waitqueue_head(&s->s_writers.wait_unfrozen); s->s_flags = flags; s->s_bdi = &default_backing_dev_info; INIT_HLIST_NODE(&s->s_instances); INIT_HLIST_BL_HEAD(&s->s_anon); INIT_LIST_HEAD(&s->s_inodes); if (list_lru_init(&s->s_dentry_lru)) goto fail; if (list_lru_init(&s->s_inode_lru)) goto fail; INIT_LIST_HEAD(&s->s_mounts); init_rwsem(&s->s_umount); lockdep_set_class(&s->s_umount, &type->s_umount_key); down_write_nested(&s->s_umount, SINGLE_DEPTH_NESTING); s->s_count = 1; atomic_set(&s->s_active, 1); mutex_init(&s->s_vfs_rename_mutex); lockdep_set_class(&s->s_vfs_rename_mutex, &type->s_vfs_rename_key); mutex_init(&s->s_dquot.dqio_mutex); mutex_init(&s->s_dquot.dqonoff_mutex); init_rwsem(&s->s_dquot.dqptr_sem); s->s_maxbytes = MAX_NON_LFS; s->s_op = &default_op; s->s_time_gran = 1000000000; s->cleancache_poolid = -1; s->s_shrink.seeks = DEFAULT_SEEKS; s->s_shrink.scan_objects = super_cache_scan; s->s_shrink.count_objects = super_cache_count; s->s_shrink.batch = 1024; s->s_shrink.flags = SHRINKER_NUMA_AWARE; return s; fail: destroy_super(s); return NULL; }",visit repo url,fs/super.c,https://github.com/torvalds/linux,179840098899958,1 1098,CWE-362,"void inet_sock_destruct(struct sock *sk) { struct inet_sock *inet = inet_sk(sk); __skb_queue_purge(&sk->sk_receive_queue); __skb_queue_purge(&sk->sk_error_queue); sk_mem_reclaim(sk); if (sk->sk_type == SOCK_STREAM && sk->sk_state != TCP_CLOSE) { pr_err(""Attempt to release TCP socket in state %d %p\n"", sk->sk_state, sk); return; } if (!sock_flag(sk, SOCK_DEAD)) { pr_err(""Attempt to release alive inet socket %p\n"", sk); return; } WARN_ON(atomic_read(&sk->sk_rmem_alloc)); WARN_ON(atomic_read(&sk->sk_wmem_alloc)); WARN_ON(sk->sk_wmem_queued); WARN_ON(sk->sk_forward_alloc); kfree(inet->opt); dst_release(rcu_dereference_check(sk->sk_dst_cache, 1)); sk_refcnt_debug_dec(sk); }",visit repo url,net/ipv4/af_inet.c,https://github.com/torvalds/linux,125902660119755,1 670,CWE-20,"static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, struct msghdr *msg, size_t ignored, int flags) { struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct skcipher_ctx *ctx = ask->private; unsigned bs = crypto_ablkcipher_blocksize(crypto_ablkcipher_reqtfm( &ctx->req)); struct skcipher_sg_list *sgl; struct scatterlist *sg; unsigned long iovlen; struct iovec *iov; int err = -EAGAIN; int used; long copied = 0; lock_sock(sk); msg->msg_namelen = 0; for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; iovlen--, iov++) { unsigned long seglen = iov->iov_len; char __user *from = iov->iov_base; while (seglen) { sgl = list_first_entry(&ctx->tsgl, struct skcipher_sg_list, list); sg = sgl->sg; while (!sg->length) sg++; used = ctx->used; if (!used) { err = skcipher_wait_for_data(sk, flags); if (err) goto unlock; } used = min_t(unsigned long, used, seglen); used = af_alg_make_sg(&ctx->rsgl, from, used, 1); err = used; if (err < 0) goto unlock; if (ctx->more || used < ctx->used) used -= used % bs; err = -EINVAL; if (!used) goto free; ablkcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used, ctx->iv); err = af_alg_wait_for_completion( ctx->enc ? crypto_ablkcipher_encrypt(&ctx->req) : crypto_ablkcipher_decrypt(&ctx->req), &ctx->completion); free: af_alg_free_sg(&ctx->rsgl); if (err) goto unlock; copied += used; from += used; seglen -= used; skcipher_pull_sgl(sk, used); } } err = 0; unlock: skcipher_wmem_wakeup(sk); release_sock(sk); return copied ?: err; }",visit repo url,crypto/algif_skcipher.c,https://github.com/torvalds/linux,208261331521689,1 3793,CWE-416,"get_function_body( exarg_T *eap, garray_T *newlines, char_u *line_arg_in, char_u **line_to_free) { linenr_T sourcing_lnum_top = SOURCING_LNUM; linenr_T sourcing_lnum_off; int saved_wait_return = need_wait_return; char_u *line_arg = line_arg_in; int vim9_function = eap->cmdidx == CMD_def || eap->cmdidx == CMD_block; #define MAX_FUNC_NESTING 50 char nesting_def[MAX_FUNC_NESTING]; char nesting_inline[MAX_FUNC_NESTING]; int nesting = 0; getline_opt_T getline_options; int indent = 2; char_u *skip_until = NULL; int ret = FAIL; int is_heredoc = FALSE; int heredoc_concat_len = 0; garray_T heredoc_ga; char_u *heredoc_trimmed = NULL; ga_init2(&heredoc_ga, 1, 500); sourcing_lnum_off = get_sourced_lnum(eap->getline, eap->cookie); if (SOURCING_LNUM < sourcing_lnum_off) { sourcing_lnum_off -= SOURCING_LNUM; if (ga_grow(newlines, sourcing_lnum_off) == FAIL) goto theend; while (sourcing_lnum_off-- > 0) ((char_u **)(newlines->ga_data))[newlines->ga_len++] = NULL; } nesting_def[0] = vim9_function; nesting_inline[0] = eap->cmdidx == CMD_block; getline_options = vim9_function ? GETLINE_CONCAT_CONTBAR : GETLINE_CONCAT_CONT; for (;;) { char_u *theline; char_u *p; char_u *arg; if (KeyTyped) { msg_scroll = TRUE; saved_wait_return = FALSE; } need_wait_return = FALSE; if (line_arg != NULL) { theline = line_arg; p = vim_strchr(theline, '\n'); if (p == NULL) line_arg += STRLEN(line_arg); else { *p = NUL; line_arg = p + 1; } } else { theline = get_function_line(eap, line_to_free, indent, getline_options); } if (KeyTyped) lines_left = Rows - 1; if (theline == NULL) { SOURCING_LNUM = sourcing_lnum_top; if (skip_until != NULL) semsg(_(e_missing_heredoc_end_marker_str), skip_until); else if (nesting_inline[nesting]) emsg(_(e_missing_end_block)); else if (eap->cmdidx == CMD_def) emsg(_(e_missing_enddef)); else emsg(_(e_missing_endfunction)); goto theend; } sourcing_lnum_off = get_sourced_lnum(eap->getline, eap->cookie); if (SOURCING_LNUM < sourcing_lnum_off) sourcing_lnum_off -= SOURCING_LNUM; else sourcing_lnum_off = 0; if (skip_until != NULL) { if (heredoc_trimmed == NULL || (is_heredoc && skipwhite(theline) == theline) || STRNCMP(theline, heredoc_trimmed, STRLEN(heredoc_trimmed)) == 0) { if (heredoc_trimmed == NULL) p = theline; else if (is_heredoc) p = skipwhite(theline) == theline ? theline : theline + STRLEN(heredoc_trimmed); else p = theline + STRLEN(heredoc_trimmed); if (STRCMP(p, skip_until) == 0) { VIM_CLEAR(skip_until); VIM_CLEAR(heredoc_trimmed); getline_options = vim9_function ? GETLINE_CONCAT_CONTBAR : GETLINE_CONCAT_CONT; is_heredoc = FALSE; if (heredoc_concat_len > 0) { ga_concat(&heredoc_ga, theline); vim_free(((char_u **)(newlines->ga_data))[ heredoc_concat_len - 1]); ((char_u **)(newlines->ga_data))[ heredoc_concat_len - 1] = heredoc_ga.ga_data; ga_init(&heredoc_ga); heredoc_concat_len = 0; theline += STRLEN(theline); } } } } else { int c; char_u *end; for (p = theline; VIM_ISWHITE(*p) || *p == ':'; ++p) ; if (nesting_inline[nesting] ? *p == '}' : (checkforcmd(&p, nesting_def[nesting] ? ""enddef"" : ""endfunction"", 4) && *p != ':')) { if (nesting-- == 0) { char_u *nextcmd = NULL; if (*p == '|' || *p == '}') nextcmd = p + 1; else if (line_arg != NULL && *skipwhite(line_arg) != NUL) nextcmd = line_arg; else if (*p != NUL && *p != (vim9_function ? '#' : '""') && (vim9_function || p_verbose > 0)) { SOURCING_LNUM = sourcing_lnum_top + newlines->ga_len + 1; if (eap->cmdidx == CMD_def) semsg(_(e_text_found_after_str_str), ""enddef"", p); else give_warning2((char_u *) _(""W22: Text found after :endfunction: %s""), p, TRUE); } if (nextcmd != NULL && *skipwhite(nextcmd) != NUL) { eap->nextcmd = nextcmd; if (*line_to_free != NULL && *eap->cmdlinep != *line_to_free) { vim_free(*eap->cmdlinep); *eap->cmdlinep = *line_to_free; *line_to_free = NULL; } } break; } } else if (nesting_def[nesting]) { if (checkforcmd(&p, ""endfunction"", 4) && *p != ':') emsg(_(e_mismatched_endfunction)); } else if (eap->cmdidx == CMD_def && checkforcmd(&p, ""enddef"", 4)) emsg(_(e_mismatched_enddef)); if (indent > 2 && (*p == '}' || STRNCMP(p, ""end"", 3) == 0)) indent -= 2; else if (STRNCMP(p, ""if"", 2) == 0 || STRNCMP(p, ""wh"", 2) == 0 || STRNCMP(p, ""for"", 3) == 0 || STRNCMP(p, ""try"", 3) == 0) indent += 2; c = *p; if (is_function_cmd(&p) || (eap->cmdidx == CMD_def && checkforcmd(&p, ""def"", 3))) { if (*p == '!') p = skipwhite(p + 1); p += eval_fname_script(p); vim_free(trans_function_name(&p, NULL, TRUE, 0, NULL, NULL, NULL)); if (*skipwhite(p) == '(') { if (nesting == MAX_FUNC_NESTING - 1) emsg(_(e_function_nesting_too_deep)); else { ++nesting; nesting_def[nesting] = (c == 'd'); nesting_inline[nesting] = FALSE; indent += 2; } } } if (nesting_def[nesting] ? *p != '#' : *p != '""') { end = p + STRLEN(p) - 1; while (end > p && VIM_ISWHITE(*end)) --end; if (end > p + 1 && *end == '{' && VIM_ISWHITE(end[-1])) { int is_block; --end; while (end > p && VIM_ISWHITE(*end)) --end; is_block = end > p + 2 && end[-1] == '=' && end[0] == '>'; if (!is_block) { char_u *s = p; is_block = checkforcmd_noparen(&s, ""autocmd"", 2) || checkforcmd_noparen(&s, ""command"", 3); } if (is_block) { if (nesting == MAX_FUNC_NESTING - 1) emsg(_(e_function_nesting_too_deep)); else { ++nesting; nesting_def[nesting] = TRUE; nesting_inline[nesting] = TRUE; indent += 2; } } } } p = skip_range(p, FALSE, NULL); if (!vim9_function && ((p[0] == 'a' && (!ASCII_ISALPHA(p[1]) || p[1] == 'p')) || (p[0] == 'c' && (!ASCII_ISALPHA(p[1]) || (p[1] == 'h' && (!ASCII_ISALPHA(p[2]) || (p[2] == 'a' && (STRNCMP(&p[3], ""nge"", 3) != 0 || !ASCII_ISALPHA(p[6]))))))) || (p[0] == 'i' && (!ASCII_ISALPHA(p[1]) || (p[1] == 'n' && (!ASCII_ISALPHA(p[2]) || (p[2] == 's' && (!ASCII_ISALPHA(p[3]) || p[3] == 'e')))))))) skip_until = vim_strsave((char_u *)"".""); arg = skipwhite(skiptowhite(p)); if (arg[0] == '<' && arg[1] =='<' && ((p[0] == 'p' && p[1] == 'y' && (!ASCII_ISALNUM(p[2]) || p[2] == 't' || ((p[2] == '3' || p[2] == 'x') && !ASCII_ISALPHA(p[3])))) || (p[0] == 'p' && p[1] == 'e' && (!ASCII_ISALPHA(p[2]) || p[2] == 'r')) || (p[0] == 't' && p[1] == 'c' && (!ASCII_ISALPHA(p[2]) || p[2] == 'l')) || (p[0] == 'l' && p[1] == 'u' && p[2] == 'a' && !ASCII_ISALPHA(p[3])) || (p[0] == 'r' && p[1] == 'u' && p[2] == 'b' && (!ASCII_ISALPHA(p[3]) || p[3] == 'y')) || (p[0] == 'm' && p[1] == 'z' && (!ASCII_ISALPHA(p[2]) || p[2] == 's')) )) { p = skipwhite(arg + 2); if (STRNCMP(p, ""trim"", 4) == 0) { p = skipwhite(p + 4); heredoc_trimmed = vim_strnsave(theline, skipwhite(theline) - theline); } if (*p == NUL) skip_until = vim_strsave((char_u *)"".""); else skip_until = vim_strnsave(p, skiptowhite(p) - p); getline_options = GETLINE_NONE; is_heredoc = TRUE; if (eap->cmdidx == CMD_def) heredoc_concat_len = newlines->ga_len + 1; } arg = skipwhite(skiptowhite(p)); if (*arg == '[') arg = vim_strchr(arg, ']'); if (arg != NULL) { int found = (eap->cmdidx == CMD_def && arg[0] == '=' && arg[1] == '<' && arg[2] =='<'); if (!found) arg = skipwhite(skiptowhite(arg)); if (found || (arg[0] == '=' && arg[1] == '<' && arg[2] =='<' && (checkforcmd(&p, ""let"", 2) || checkforcmd(&p, ""var"", 3) || checkforcmd(&p, ""final"", 5) || checkforcmd(&p, ""const"", 5)))) { p = skipwhite(arg + 3); if (STRNCMP(p, ""trim"", 4) == 0) { p = skipwhite(p + 4); heredoc_trimmed = vim_strnsave(theline, skipwhite(theline) - theline); } skip_until = vim_strnsave(p, skiptowhite(p) - p); getline_options = GETLINE_NONE; is_heredoc = TRUE; } } } if (ga_grow(newlines, 1 + sourcing_lnum_off) == FAIL) goto theend; if (heredoc_concat_len > 0) { ga_concat(&heredoc_ga, theline); ga_concat(&heredoc_ga, (char_u *)""\n""); p = vim_strsave((char_u *)""""); } else { p = vim_strsave(theline); } if (p == NULL) goto theend; ((char_u **)(newlines->ga_data))[newlines->ga_len++] = p; while (sourcing_lnum_off-- > 0) ((char_u **)(newlines->ga_data))[newlines->ga_len++] = NULL; if (line_arg != NULL && *line_arg == NUL) line_arg = NULL; } if (!did_emsg) ret = OK; theend: vim_free(skip_until); vim_free(heredoc_trimmed); vim_free(heredoc_ga.ga_data); need_wait_return |= saved_wait_return; return ret; }",visit repo url,src/userfunc.c,https://github.com/vim/vim,126756275658614,1 5511,['CWE-119'],"int ecryptfs_parse_packet_length(unsigned char *data, size_t *size, size_t *length_size) { int rc = 0; (*length_size) = 0; (*size) = 0; if (data[0] < 192) { (*size) = (unsigned char)data[0]; (*length_size) = 1; } else if (data[0] < 224) { (*size) = (((unsigned char)(data[0]) - 192) * 256); (*size) += ((unsigned char)(data[1]) + 192); (*length_size) = 2; } else if (data[0] == 255) { ecryptfs_printk(KERN_ERR, ""Five-byte packet length not "" ""supported\n""); rc = -EINVAL; goto out; } else { ecryptfs_printk(KERN_ERR, ""Error parsing packet length\n""); rc = -EINVAL; goto out; } out: return rc; }",linux-2.6,,,82691586912450432692585673773234653888,0 940,CWE-125,"static u64 __skb_get_nlattr_nest(u64 ctx, u64 A, u64 X, u64 r4, u64 r5) { struct sk_buff *skb = (struct sk_buff *)(long) ctx; struct nlattr *nla; if (skb_is_nonlinear(skb)) return 0; if (A > skb->len - sizeof(struct nlattr)) return 0; nla = (struct nlattr *) &skb->data[A]; if (nla->nla_len > A - skb->len) return 0; nla = nla_find_nested(nla, X); if (nla) return (void *) nla - (void *) skb->data; return 0; }",visit repo url,net/core/filter.c,https://github.com/torvalds/linux,93123523497198,1 3406,CWE-772,"static Image *ReadOneJNGImage(MngInfo *mng_info, const ImageInfo *image_info, ExceptionInfo *exception) { Image *alpha_image, *color_image, *image, *jng_image; ImageInfo *alpha_image_info, *color_image_info; MagickBooleanType logging; ssize_t y; MagickBooleanType status; png_uint_32 jng_height, jng_width; png_byte jng_color_type, jng_image_sample_depth, jng_image_compression_method, jng_image_interlace_method, jng_alpha_sample_depth, jng_alpha_compression_method, jng_alpha_filter_method, jng_alpha_interlace_method; register const Quantum *s; register ssize_t i, x; register Quantum *q; register unsigned char *p; unsigned int read_JSEP, reading_idat; size_t length; jng_alpha_compression_method=0; jng_alpha_sample_depth=8; jng_color_type=0; jng_height=0; jng_width=0; alpha_image=(Image *) NULL; color_image=(Image *) NULL; alpha_image_info=(ImageInfo *) NULL; color_image_info=(ImageInfo *) NULL; logging=LogMagickEvent(CoderEvent,GetMagickModule(), "" Enter ReadOneJNGImage()""); image=mng_info->image; if (GetAuthenticPixelQueue(image) != (Quantum *) NULL) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" AcquireNextImage()""); AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) return(DestroyImageList(image)); image=SyncNextImageInList(image); } mng_info->image=image; read_JSEP=MagickFalse; reading_idat=MagickFalse; for (;;) { char type[MagickPathExtent]; unsigned char *chunk; unsigned int count; status=SetImageProgress(image,LoadImagesTag,TellBlob(image), 2*GetBlobSize(image)); if (status == MagickFalse) break; type[0]='\0'; (void) ConcatenateMagickString(type,""errr"",MagickPathExtent); length=(size_t) ReadBlobMSBLong(image); count=(unsigned int) ReadBlob(image,4,(unsigned char *) type); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading JNG chunk type %c%c%c%c, length: %.20g"", type[0],type[1],type[2],type[3],(double) length); if (length > PNG_UINT_31_MAX || count == 0) { DestroyJNG(NULL,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (length > GetBlobSize(image)) { DestroyJNG(NULL,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(CorruptImageError, ""InsufficientImageDataInFile""); } p=NULL; chunk=(unsigned char *) NULL; if (length != 0) { chunk=(unsigned char *) AcquireQuantumMemory(length,sizeof(*chunk)); if (chunk == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); for (i=0; i < (ssize_t) length; i++) { int c; c=ReadBlobByte(image); if (c == EOF) break; chunk[i]=(unsigned char) c; } for ( ; i < (ssize_t) length; i++) chunk[i]='\0'; p=chunk; } (void) ReadBlobMSBLong(image); if (memcmp(type,mng_JHDR,4) == 0) { if (length == 16) { jng_width=(png_uint_32)mng_get_long(p); jng_height=(png_uint_32)mng_get_long(&p[4]); if ((jng_width == 0) || (jng_height == 0)) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(CorruptImageError, ""NegativeOrZeroImageSize""); } jng_color_type=p[8]; jng_image_sample_depth=p[9]; jng_image_compression_method=p[10]; jng_image_interlace_method=p[11]; image->interlace=jng_image_interlace_method != 0 ? PNGInterlace : NoInterlace; jng_alpha_sample_depth=p[12]; jng_alpha_compression_method=p[13]; jng_alpha_filter_method=p[14]; jng_alpha_interlace_method=p[15]; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_width: %16lu, jng_height: %16lu\n"" "" jng_color_type: %16d, jng_image_sample_depth: %3d\n"" "" jng_image_compression_method:%3d"", (unsigned long) jng_width, (unsigned long) jng_height, jng_color_type, jng_image_sample_depth, jng_image_compression_method); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_image_interlace_method: %3d"" "" jng_alpha_sample_depth: %3d"", jng_image_interlace_method, jng_alpha_sample_depth); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_alpha_compression_method:%3d\n"" "" jng_alpha_filter_method: %3d\n"" "" jng_alpha_interlace_method: %3d"", jng_alpha_compression_method, jng_alpha_filter_method, jng_alpha_interlace_method); } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); if (jng_width > 65535 || jng_height > 65535 || (long) jng_width > GetMagickResourceLimit(WidthResource) || (long) jng_height > GetMagickResourceLimit(HeightResource)) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" JNG width or height too large: (%lu x %lu)"", (long) jng_width, (long) jng_height); DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } continue; } if ((reading_idat == MagickFalse) && (read_JSEP == MagickFalse) && ((memcmp(type,mng_JDAT,4) == 0) || (memcmp(type,mng_JdAA,4) == 0) || (memcmp(type,mng_IDAT,4) == 0) || (memcmp(type,mng_JDAA,4) == 0))) { color_image_info=(ImageInfo *)AcquireMagickMemory(sizeof(ImageInfo)); if (color_image_info == (ImageInfo *) NULL) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } GetImageInfo(color_image_info); color_image=AcquireImage(color_image_info,exception); if (color_image == (Image *) NULL) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Creating color_blob.""); (void) AcquireUniqueFilename(color_image->filename); status=OpenBlob(color_image_info,color_image,WriteBinaryBlobMode, exception); if (status == MagickFalse) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); return(DestroyImageList(image)); } if ((image_info->ping == MagickFalse) && (jng_color_type >= 12)) { alpha_image_info=(ImageInfo *) AcquireMagickMemory(sizeof(ImageInfo)); if (alpha_image_info == (ImageInfo *) NULL) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } GetImageInfo(alpha_image_info); alpha_image=AcquireImage(alpha_image_info,exception); if (alpha_image == (Image *) NULL) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Creating alpha_blob.""); (void) AcquireUniqueFilename(alpha_image->filename); status=OpenBlob(alpha_image_info,alpha_image,WriteBinaryBlobMode, exception); if (status == MagickFalse) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); return(DestroyImageList(image)); } if (jng_alpha_compression_method == 0) { unsigned char data[18]; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing IHDR chunk to alpha_blob.""); (void) WriteBlob(alpha_image,8,(const unsigned char *) ""\211PNG\r\n\032\n""); (void) WriteBlobMSBULong(alpha_image,13L); PNGType(data,mng_IHDR); LogPNGChunk(logging,mng_IHDR,13L); PNGLong(data+4,jng_width); PNGLong(data+8,jng_height); data[12]=jng_alpha_sample_depth; data[13]=0; data[14]=0; data[15]=0; data[16]=0; (void) WriteBlob(alpha_image,17,data); (void) WriteBlobMSBULong(alpha_image,crc32(0,data,17)); } } reading_idat=MagickTrue; } if (memcmp(type,mng_JDAT,4) == 0) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying JDAT chunk data to color_blob.""); if ((length != 0) && (color_image != (Image *) NULL)) (void) WriteBlob(color_image,length,chunk); chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_IDAT,4) == 0) { png_byte data[5]; if (alpha_image != NULL && image_info->ping == MagickFalse) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying IDAT chunk data to alpha_blob.""); (void) WriteBlobMSBULong(alpha_image,(size_t) length); PNGType(data,mng_IDAT); LogPNGChunk(logging,mng_IDAT,length); (void) WriteBlob(alpha_image,4,data); (void) WriteBlob(alpha_image,length,chunk); (void) WriteBlobMSBULong(alpha_image, crc32(crc32(0,data,4),chunk,(uInt) length)); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if ((memcmp(type,mng_JDAA,4) == 0) || (memcmp(type,mng_JdAA,4) == 0)) { if ((alpha_image != NULL) && (image_info->ping == MagickFalse) && (length != 0)) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying JDAA chunk data to alpha_blob.""); (void) WriteBlob(alpha_image,length,chunk); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_JSEP,4) == 0) { read_JSEP=MagickTrue; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_bKGD,4) == 0) { if (length == 2) { image->background_color.red=ScaleCharToQuantum(p[1]); image->background_color.green=image->background_color.red; image->background_color.blue=image->background_color.red; } if (length == 6) { image->background_color.red=ScaleCharToQuantum(p[1]); image->background_color.green=ScaleCharToQuantum(p[3]); image->background_color.blue=ScaleCharToQuantum(p[5]); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_gAMA,4) == 0) { if (length == 4) image->gamma=((float) mng_get_long(p))*0.00001; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_cHRM,4) == 0) { if (length == 32) { image->chromaticity.white_point.x=0.00001*mng_get_long(p); image->chromaticity.white_point.y=0.00001*mng_get_long(&p[4]); image->chromaticity.red_primary.x=0.00001*mng_get_long(&p[8]); image->chromaticity.red_primary.y=0.00001*mng_get_long(&p[12]); image->chromaticity.green_primary.x=0.00001*mng_get_long(&p[16]); image->chromaticity.green_primary.y=0.00001*mng_get_long(&p[20]); image->chromaticity.blue_primary.x=0.00001*mng_get_long(&p[24]); image->chromaticity.blue_primary.y=0.00001*mng_get_long(&p[28]); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_sRGB,4) == 0) { if (length == 1) { image->rendering_intent= Magick_RenderingIntent_from_PNG_RenderingIntent(p[0]); image->gamma=1.000f/2.200f; image->chromaticity.red_primary.x=0.6400f; image->chromaticity.red_primary.y=0.3300f; image->chromaticity.green_primary.x=0.3000f; image->chromaticity.green_primary.y=0.6000f; image->chromaticity.blue_primary.x=0.1500f; image->chromaticity.blue_primary.y=0.0600f; image->chromaticity.white_point.x=0.3127f; image->chromaticity.white_point.y=0.3290f; } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_oFFs,4) == 0) { if (length > 8) { image->page.x=(ssize_t) mng_get_long(p); image->page.y=(ssize_t) mng_get_long(&p[4]); if ((int) p[8] != 0) { image->page.x/=10000; image->page.y/=10000; } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_pHYs,4) == 0) { if (length > 8) { image->resolution.x=(double) mng_get_long(p); image->resolution.y=(double) mng_get_long(&p[4]); if ((int) p[8] == PNG_RESOLUTION_METER) { image->units=PixelsPerCentimeterResolution; image->resolution.x=image->resolution.x/100.0f; image->resolution.y=image->resolution.y/100.0f; } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } #if 0 if (memcmp(type,mng_iCCP,4) == 0) { chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } #endif chunk=(unsigned char *) RelinquishMagickMemory(chunk); if (memcmp(type,mng_IEND,4)) continue; break; } if (color_image_info == (ImageInfo *) NULL) { assert(color_image == (Image *) NULL); assert(alpha_image == (Image *) NULL); if (color_image != (Image *) NULL) color_image=DestroyImageList(color_image); return(DestroyImageList(image)); } if (color_image == (Image *) NULL) { assert(alpha_image == (Image *) NULL); ThrowReaderException(CorruptImageError,""InsufficientImageDataInFile""); } (void) SeekBlob(color_image,0,SEEK_SET); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading jng_image from color_blob.""); assert(color_image_info != (ImageInfo *) NULL); (void) FormatLocaleString(color_image_info->filename,MagickPathExtent, ""jpeg:%s"",color_image->filename); color_image_info->ping=MagickFalse; jng_image=ReadImage(color_image_info,exception); (void) RelinquishUniqueFileResource(color_image->filename); color_image=DestroyImage(color_image); color_image_info=DestroyImageInfo(color_image_info); if (jng_image == (Image *) NULL) { DestroyJNG(NULL,NULL,NULL,&alpha_image,&alpha_image_info); return(DestroyImageList(image)); } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying jng_image pixels to main image.""); image->rows=jng_height; image->columns=jng_width; status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) { DestroyJNG(NULL,&color_image,&color_image_info,&alpha_image, &alpha_image_info); jng_image=DestroyImageList(jng_image); return(DestroyImageList(image)); } if ((image->columns != jng_image->columns) || (image->rows != jng_image->rows)) { DestroyJNG(NULL,&color_image,&color_image_info,&alpha_image, &alpha_image_info); jng_image=DestroyImageList(jng_image); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } for (y=0; y < (ssize_t) image->rows; y++) { s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) break; for (x=(ssize_t) image->columns; x != 0; x--) { SetPixelRed(image,GetPixelRed(jng_image,s),q); SetPixelGreen(image,GetPixelGreen(jng_image,s),q); SetPixelBlue(image,GetPixelBlue(jng_image,s),q); q+=GetPixelChannels(image); s+=GetPixelChannels(jng_image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } jng_image=DestroyImage(jng_image); if ((image_info->ping == MagickFalse) && (jng_color_type >= 12)) { if (jng_alpha_compression_method == 0) { png_byte data[5]; (void) WriteBlobMSBULong(alpha_image,0x00000000L); PNGType(data,mng_IEND); LogPNGChunk(logging,mng_IEND,0L); (void) WriteBlob(alpha_image,4,data); (void) WriteBlobMSBULong(alpha_image,crc32(0,data,4)); } (void) CloseBlob(alpha_image); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading alpha from alpha_blob.""); (void) FormatLocaleString(alpha_image_info->filename,MagickPathExtent, ""%s"",alpha_image->filename); jng_image=ReadImage(alpha_image_info,exception); if (jng_image != (Image *) NULL) for (y=0; y < (ssize_t) image->rows; y++) { s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if ((s == (const Quantum *) NULL) || (q == (Quantum *) NULL)) break; if (image->alpha_trait != UndefinedPixelTrait) for (x=(ssize_t) image->columns; x != 0; x--) { SetPixelAlpha(image,GetPixelRed(jng_image,s),q); q+=GetPixelChannels(image); s+=GetPixelChannels(jng_image); } else for (x=(ssize_t) image->columns; x != 0; x--) { SetPixelAlpha(image,GetPixelRed(jng_image,s),q); if (GetPixelAlpha(image,q) != OpaqueAlpha) image->alpha_trait=BlendPixelTrait; q+=GetPixelChannels(image); s+=GetPixelChannels(jng_image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } (void) RelinquishUniqueFileResource(alpha_image->filename); alpha_image=DestroyImage(alpha_image); alpha_image_info=DestroyImageInfo(alpha_image_info); if (jng_image != (Image *) NULL) jng_image=DestroyImage(jng_image); } if (mng_info->mng_type == 0) { mng_info->mng_width=jng_width; mng_info->mng_height=jng_height; } if (image->page.width == 0 && image->page.height == 0) { image->page.width=jng_width; image->page.height=jng_height; } if (image->page.x == 0 && image->page.y == 0) { image->page.x=mng_info->x_off[mng_info->object_id]; image->page.y=mng_info->y_off[mng_info->object_id]; } else { image->page.y=mng_info->y_off[mng_info->object_id]; } mng_info->image_found++; status=SetImageProgress(image,LoadImagesTag,2*TellBlob(image), 2*GetBlobSize(image)); if (status == MagickFalse) return(DestroyImageList(image)); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" exit ReadOneJNGImage()""); return(image); }",visit repo url,coders/png.c,https://github.com/ImageMagick/ImageMagick,188792504399241,1 3907,['CWE-399'],"static int tda8425_initialize(struct CHIPSTATE *chip) { struct CHIPDESC *desc = chip->desc; int inputmap[4] = { TDA8425_S1_CH2, TDA8425_S1_CH1, TDA8425_S1_CH1, TDA8425_S1_OFF}; if (chip->c->adapter->id == I2C_HW_B_RIVA) { memcpy (desc->inputmap, inputmap, sizeof (inputmap)); } return 0; }",linux-2.6,,,63870545666295986808539938093806419335,0 4026,NVD-CWE-noinfo,"local unsigned long crc32_big(crc, buf, len) unsigned long crc; const unsigned char FAR *buf; unsigned len; { register z_crc_t c; register const z_crc_t FAR *buf4; c = ZSWAP32((z_crc_t)crc); c = ~c; while (len && ((ptrdiff_t)buf & 3)) { c = crc_table[4][(c >> 24) ^ *buf++] ^ (c << 8); len--; } buf4 = (const z_crc_t FAR *)(const void FAR *)buf; buf4--; while (len >= 32) { DOBIG32; len -= 32; } while (len >= 4) { DOBIG4; len -= 4; } buf4++; buf = (const unsigned char FAR *)buf4; if (len) do { c = crc_table[4][(c >> 24) ^ *buf++] ^ (c << 8); } while (--len); c = ~c; return (unsigned long)(ZSWAP32(c)); }",visit repo url,crc32.c,https://github.com/madler/zlib,13580860271403,1 1045,CWE-476,"static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id) { struct syscall_metadata *sys_data; struct syscall_trace_enter *rec; struct hlist_head *head; int syscall_nr; int rctx; int size; syscall_nr = trace_get_syscall_nr(current, regs); if (syscall_nr < 0) return; if (!test_bit(syscall_nr, enabled_perf_enter_syscalls)) return; sys_data = syscall_nr_to_meta(syscall_nr); if (!sys_data) return; head = this_cpu_ptr(sys_data->enter_event->perf_events); if (hlist_empty(head)) return; size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec); size = ALIGN(size + sizeof(u32), sizeof(u64)); size -= sizeof(u32); rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size, sys_data->enter_event->event.type, regs, &rctx); if (!rec) return; rec->nr = syscall_nr; syscall_get_arguments(current, regs, 0, sys_data->nb_args, (unsigned long *)&rec->args); perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head, NULL); }",visit repo url,kernel/trace/trace_syscalls.c,https://github.com/torvalds/linux,161108815932476,1 1251,NVD-CWE-noinfo,"static void l2tp_eth_dev_setup(struct net_device *dev) { ether_setup(dev); dev->netdev_ops = &l2tp_eth_netdev_ops; dev->destructor = free_netdev; }",visit repo url,net/l2tp/l2tp_eth.c,https://github.com/torvalds/linux,101145893145657,1 5065,CWE-125,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 6755,CWE-787,"tlstran_pipe_recv_cb(void *arg) { nni_aio * aio; nni_iov iov[2]; uint8_t type; uint8_t rv; uint32_t pos = 1; uint64_t len = 0; size_t n; nni_msg *msg, *qmsg; tlstran_pipe *p = arg; nni_aio * rxaio = p->rxaio; conn_param * cparam; bool ack = false; log_trace(""tlstran_pipe_recv_cb %p\n"", p); nni_mtx_lock(&p->mtx); aio = nni_list_first(&p->recvq); if ((rv = nni_aio_result(rxaio)) != 0) { log_warn("" recv aio error %s"", nng_strerror(rv)); rv = NMQ_SERVER_BUSY; goto recv_error; } n = nni_aio_count(rxaio); p->gotrxhead += n; nni_aio_iov_advance(rxaio, n); len = get_var_integer(p->rxlen, &pos); log_trace(""new %ld recevied %ld header %x %d pos: %d len : %d"", n, p->gotrxhead, p->rxlen[0], p->rxlen[1], pos, len); log_trace(""still need byte count:%ld > 0\n"", nni_aio_iov_count(rxaio)); if (nni_aio_iov_count(rxaio) > 0) { log_trace(""got: %x %x, %ld!!\n"", p->rxlen[0], p->rxlen[1], strlen((char *) p->rxlen)); nng_stream_recv(p->conn, rxaio); nni_mtx_unlock(&p->mtx); return; } else if (p->gotrxhead <= NNI_NANO_MAX_HEADER_SIZE && p->rxlen[p->gotrxhead - 1] > 0x7f) { if (p->gotrxhead == NNI_NANO_MAX_HEADER_SIZE) { rv = NNG_EMSGSIZE; goto recv_error; } iov[0].iov_buf = &p->rxlen[p->gotrxhead]; iov[0].iov_len = 1; nni_aio_set_iov(rxaio, 1, iov); nng_stream_recv(p->conn, rxaio); nni_mtx_unlock(&p->mtx); return; } else if (len == 0 && n == 2) { if ((p->rxlen[0] & 0XFF) == CMD_PINGREQ) { nng_aio_wait(p->rpaio); p->txlen[0] = CMD_PINGRESP; p->txlen[1] = 0x00; iov[0].iov_len = 2; iov[0].iov_buf = &p->txlen; nni_aio_set_iov(p->rpaio, 1, iov); nng_stream_send(p->conn, p->rpaio); goto notify; } } p->wantrxhead = len + p->gotrxhead; cparam = p->tcp_cparam; if (p->rxmsg == NULL) { log_trace(""pipe %p header got: %x %x %x %x %x, %ld!!\n"", p, p->rxlen[0], p->rxlen[1], p->rxlen[2], p->rxlen[3], p->rxlen[4], p->wantrxhead); if (len > p->conf->max_packet_size) { log_error(""size error 0x95\n""); rv = NMQ_PACKET_TOO_LARGE; goto recv_error; } if ((rv = nni_msg_alloc(&p->rxmsg, (size_t) len)) != 0) { log_error(""mem error %ld\n"", (size_t) len); rv = NMQ_SERVER_UNAVAILABLE; goto recv_error; } if (len != 0) { iov[0].iov_buf = nni_msg_body(p->rxmsg); iov[0].iov_len = (size_t) len; nni_aio_set_iov(rxaio, 1, iov); nng_stream_recv(p->conn, rxaio); nni_mtx_unlock(&p->mtx); return; } } nni_aio_list_remove(aio); msg = p->rxmsg; p->rxmsg = NULL; n = nni_msg_len(msg); type = p->rxlen[0] & 0xf0; fixed_header_adaptor(p->rxlen, msg); nni_msg_set_conn_param(msg, cparam); nni_msg_set_remaining_len(msg, len); nni_msg_set_cmd_type(msg, type); log_trace(""remain_len %d cparam %p clientid %s username %s proto %d\n"", len, cparam, cparam->clientid.body, cparam->username.body, cparam->pro_ver); log_trace(""The type of msg is %x"", type); uint16_t packet_id = 0; uint8_t reason_code = 0; property *prop = NULL; uint8_t ack_cmd = 0; if (type == CMD_PUBLISH) { nni_msg_set_timestamp(msg, nng_clock()); uint8_t qos_pac = nni_msg_get_pub_qos(msg); if (qos_pac > 0) { if (p->tcp_cparam->pro_ver == 5) { if (p->qrecv_quota > 0) { p->qrecv_quota--; } else { rv = NMQ_RECEIVE_MAXIMUM_EXCEEDED; goto recv_error; } } if (qos_pac == 1) { ack_cmd = CMD_PUBACK; } else if (qos_pac == 2) { ack_cmd = CMD_PUBREC; } packet_id = nni_msg_get_pub_pid(msg); ack = true; } } else if (type == CMD_PUBREC) { if (nni_mqtt_pubres_decode(msg, &packet_id, &reason_code, &prop, cparam->pro_ver) != 0) { log_error(""decode PUBREC variable header failed!""); } ack_cmd = CMD_PUBREL; ack = true; } else if (type == CMD_PUBREL) { if (nni_mqtt_pubres_decode(msg, &packet_id, &reason_code, &prop, cparam->pro_ver) != 0) { log_error(""decode PUBREL variable header failed!""); } ack_cmd = CMD_PUBCOMP; ack = true; } else if (type == CMD_PUBACK || type == CMD_PUBCOMP) { if (nni_mqtt_pubres_decode(msg, &packet_id, &reason_code, &prop, cparam->pro_ver) != 0) { log_error(""decode PUBACK or PUBCOMP variable header "" ""failed!""); } if (p->tcp_cparam->pro_ver == 5) { property_free(prop); p->qsend_quota++; } } if (ack == true) { if ((rv = nni_msg_alloc(&qmsg, 0)) != 0) { ack = false; rv = NMQ_SERVER_BUSY; goto recv_error; } nni_msg_set_cmd_type(qmsg, ack_cmd); nni_mqtt_msgack_encode( qmsg, packet_id, reason_code, prop, cparam->pro_ver); nni_mqtt_pubres_header_encode(qmsg, ack_cmd); if (p->busy == false) { if (nni_aio_begin(aio) != 0) { log_error(""ACK aio error!!""); } nni_msg_insert(qmsg, nni_msg_header(qmsg), nni_msg_header_len(qmsg)); iov[0].iov_len = nni_msg_len(qmsg); iov[0].iov_buf = nni_msg_body(qmsg); p->busy = true; nni_aio_set_msg(p->qsaio, qmsg); nni_aio_set_iov(p->qsaio, 1, iov); nng_stream_send(p->conn, p->qsaio); log_trace(""QoS ACK msg sent!""); } else { if (nni_lmq_full(&p->rslmq)) { if (nni_lmq_cap(&p->rslmq) <= NANO_MAX_QOS_PACKET) { if ((rv = nni_lmq_resize(&p->rslmq, nni_lmq_cap(&p->rslmq) * 2)) == 0) { nni_lmq_put(&p->rslmq, qmsg); } else { nni_msg_free(qmsg); } } else { nni_msg *old; (void) nni_lmq_get(&p->rslmq, &old); nni_msg_free(old); nni_lmq_put(&p->rslmq, qmsg); } } else { nni_lmq_put(&p->rslmq, qmsg); } } ack = false; } if (!nni_list_empty(&p->recvq)) { tlstran_pipe_recv_start(p); } nni_pipe_bump_rx(p->npipe, n); nni_mtx_unlock(&p->mtx); nni_aio_set_msg(aio, msg); nni_aio_finish_sync(aio, 0, n); log_trace(""end of tlstran_pipe_recv_cb: synch! %p\n"", p); return; recv_error: nni_aio_list_remove(aio); msg = p->rxmsg; p->rxmsg = NULL; nni_pipe_bump_error(p->npipe, rv); nni_mtx_unlock(&p->mtx); nni_msg_free(msg); nni_aio_finish_error(aio, rv); log_trace(""tlstran_pipe_recv_cb: recv error rv: %d\n"", rv); return; notify: nni_aio_list_remove(aio); nni_mtx_unlock(&p->mtx); nni_aio_set_msg(aio, NULL); nni_aio_finish(aio, 0, 0); return; }",visit repo url,src/sp/transport/mqtts/broker_tls.c,https://github.com/nanomq/NanoNNG,228440448868982,1 5219,CWE-276,"resolve_op_end (FlatpakTransaction *self, FlatpakTransactionOperation *op, const char *checksum, GFile *sideload_path, GBytes *metadata_bytes) { g_autoptr(GBytes) old_metadata_bytes = NULL; old_metadata_bytes = load_deployed_metadata (self, op->ref, NULL, NULL); mark_op_resolved (op, checksum, sideload_path, metadata_bytes, old_metadata_bytes); emit_eol_and_maybe_skip (self, op); }",visit repo url,common/flatpak-transaction.c,https://github.com/flatpak/flatpak,207044640245739,1 1188,CWE-400,"static int misaligned_fpu_store(struct pt_regs *regs, __u32 opcode, int displacement_not_indexed, int width_shift, int do_paired_load) { int error; int srcreg; __u64 address; error = generate_and_check_address(regs, opcode, displacement_not_indexed, width_shift, &address); if (error < 0) { return error; } perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, address); srcreg = (opcode >> 4) & 0x3f; if (user_mode(regs)) { __u64 buffer; __u32 buflo=0xffffffffUL, bufhi=0xffffffffUL; if (!access_ok(VERIFY_WRITE, (unsigned long) address, 1UL<sr |= SR_FD; } switch (width_shift) { case 2: buflo = current->thread.xstate->hardfpu.fp_regs[srcreg]; break; case 3: if (do_paired_load) { buflo = current->thread.xstate->hardfpu.fp_regs[srcreg]; bufhi = current->thread.xstate->hardfpu.fp_regs[srcreg+1]; } else { #if defined(CONFIG_CPU_LITTLE_ENDIAN) bufhi = current->thread.xstate->hardfpu.fp_regs[srcreg]; buflo = current->thread.xstate->hardfpu.fp_regs[srcreg+1]; #else buflo = current->thread.xstate->hardfpu.fp_regs[srcreg]; bufhi = current->thread.xstate->hardfpu.fp_regs[srcreg+1]; #endif } break; default: printk(""Unexpected width_shift %d in misaligned_fpu_store, PC=%08lx\n"", width_shift, (unsigned long) regs->pc); break; } *(__u32*) &buffer = buflo; *(1 + (__u32*) &buffer) = bufhi; if (__copy_user((void *)(int)address, &buffer, (1 << width_shift)) > 0) { return -1; } return 0; } else { die (""Misaligned FPU load inside kernel"", regs, 0); return -1; } }",visit repo url,arch/sh/kernel/traps_64.c,https://github.com/torvalds/linux,234450200739497,1 5140,['CWE-20'],"static int handle_task_switch(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { struct vcpu_vmx *vmx = to_vmx(vcpu); unsigned long exit_qualification; u16 tss_selector; int reason; exit_qualification = vmcs_readl(EXIT_QUALIFICATION); reason = (u32)exit_qualification >> 30; if (reason == TASK_SWITCH_GATE && vmx->vcpu.arch.nmi_injected && (vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK) && (vmx->idt_vectoring_info & VECTORING_INFO_TYPE_MASK) == INTR_TYPE_NMI_INTR) { vcpu->arch.nmi_injected = false; if (cpu_has_virtual_nmis()) vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_NMI); } tss_selector = exit_qualification; if (!kvm_task_switch(vcpu, tss_selector, reason)) return 0; vmcs_writel(GUEST_DR7, vmcs_readl(GUEST_DR7) & ~55); return 1; }",linux-2.6,,,290380286515673694671700024692833704789,0 3,[],"inline static int is_write_comp_null(gnutls_session_t session) { if (session->security_parameters.write_compression_algorithm == GNUTLS_COMP_NULL) return 0; return 1; }",gnutls,,,119322514087527166454801906167102433500,0 6171,['CWE-200'],"static void iw_send_thrspy_event(struct net_device * dev, struct iw_spy_data * spydata, unsigned char * address, struct iw_quality * wstats) { union iwreq_data wrqu; struct iw_thrspy threshold; wrqu.data.length = 1; wrqu.data.flags = 0; memcpy(threshold.addr.sa_data, address, ETH_ALEN); threshold.addr.sa_family = ARPHRD_ETHER; memcpy(&(threshold.qual), wstats, sizeof(struct iw_quality)); memcpy(&(threshold.low), &(spydata->spy_thr_low), 2 * sizeof(struct iw_quality)); #ifdef WE_SPY_DEBUG printk(KERN_DEBUG ""iw_send_thrspy_event() : address %02X:%02X:%02X:%02X:%02X:%02X, level %d, up = %d\n"", threshold.addr.sa_data[0], threshold.addr.sa_data[1], threshold.addr.sa_data[2], threshold.addr.sa_data[3], threshold.addr.sa_data[4], threshold.addr.sa_data[5], threshold.qual.level); #endif wireless_send_event(dev, SIOCGIWTHRSPY, &wrqu, (char *) &threshold); }",linux-2.6,,,262998004087798345407283253318193687975,0 1986,CWE-416," */ static enum hrtimer_restart bfq_idle_slice_timer(struct hrtimer *timer) { struct bfq_data *bfqd = container_of(timer, struct bfq_data, idle_slice_timer); struct bfq_queue *bfqq = bfqd->in_service_queue; if (bfqq) bfq_idle_slice_timer_body(bfqq); return HRTIMER_NORESTART;",visit repo url,block/bfq-iosched.c,https://github.com/torvalds/linux,222599128639381,1 5471,CWE-617,"pci_lintr_request(struct pci_vdev *dev) { struct businfo *bi; struct slotinfo *si; int bestpin, bestcount, pin; bi = pci_businfo[dev->bus]; assert(bi != NULL); si = &bi->slotinfo[dev->slot]; bestpin = 0; bestcount = si->si_intpins[0].ii_count; for (pin = 1; pin < 4; pin++) { if (si->si_intpins[pin].ii_count < bestcount) { bestpin = pin; bestcount = si->si_intpins[pin].ii_count; } } si->si_intpins[bestpin].ii_count++; dev->lintr.pin = bestpin + 1; pci_set_cfgdata8(dev, PCIR_INTPIN, bestpin + 1); }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,62745556136203,1 538,['CWE-399'],"int pwc_handle_frame(struct pwc_device *pdev) { int ret = 0; unsigned long flags; spin_lock_irqsave(&pdev->ptrlock, flags); if (pdev->read_frame != NULL) { PWC_ERROR(""Huh? Read frame still in use?\n""); spin_unlock_irqrestore(&pdev->ptrlock, flags); return ret; } if (pdev->full_frames == NULL) { PWC_ERROR(""Woops. No frames ready.\n""); } else { pdev->read_frame = pdev->full_frames; pdev->full_frames = pdev->full_frames->next; pdev->read_frame->next = NULL; } if (pdev->read_frame != NULL) { spin_unlock_irqrestore(&pdev->ptrlock, flags); ret = pwc_decompress(pdev); spin_lock_irqsave(&pdev->ptrlock, flags); if (pdev->empty_frames == NULL) { pdev->empty_frames = pdev->read_frame; pdev->empty_frames_tail = pdev->empty_frames; } else { pdev->empty_frames_tail->next = pdev->read_frame; pdev->empty_frames_tail = pdev->read_frame; } pdev->read_frame = NULL; } spin_unlock_irqrestore(&pdev->ptrlock, flags); return ret; }",linux-2.6,,,301821844505037068260544579781104648864,0 5196,CWE-190,"int TfLiteIntArrayGetSizeInBytes(int size) { static TfLiteIntArray dummy; int computed_size = sizeof(dummy) + sizeof(dummy.data[0]) * size; #if defined(_MSC_VER) computed_size -= sizeof(dummy.data[0]); #endif return computed_size; }",visit repo url,tensorflow/lite/c/common.c,https://github.com/tensorflow/tensorflow,211926311078127,1 604,CWE-200,"static int mp_get_count(struct sb_uart_state *state, struct serial_icounter_struct *icnt) { struct serial_icounter_struct icount; struct sb_uart_icount cnow; struct sb_uart_port *port = state->port; spin_lock_irq(&port->lock); memcpy(&cnow, &port->icount, sizeof(struct sb_uart_icount)); spin_unlock_irq(&port->lock); icount.cts = cnow.cts; icount.dsr = cnow.dsr; icount.rng = cnow.rng; icount.dcd = cnow.dcd; icount.rx = cnow.rx; icount.tx = cnow.tx; icount.frame = cnow.frame; icount.overrun = cnow.overrun; icount.parity = cnow.parity; icount.brk = cnow.brk; icount.buf_overrun = cnow.buf_overrun; return copy_to_user(icnt, &icount, sizeof(icount)) ? -EFAULT : 0; }",visit repo url,drivers/staging/sb105x/sb_pci_mp.c,https://github.com/torvalds/linux,207934774162318,1 1920,CWE-476,"static inline struct f2fs_sb_info *F2FS_P_SB(struct page *page) { return F2FS_M_SB(page->mapping); }",visit repo url,fs/f2fs/f2fs.h,https://github.com/torvalds/linux,135034674122116,1 4481,CWE-200,"static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) { int err; #ifdef WOLFSSL_SMALL_STACK byte* buf; #else byte buf[ECC_MAXSIZE_GEN]; #endif #ifdef WOLFSSL_SMALL_STACK buf = (byte*)XMALLOC(ECC_MAXSIZE_GEN, NULL, DYNAMIC_TYPE_ECC_BUFFER); if (buf == NULL) return MEMORY_E; #endif size += 8; err = wc_RNG_GenerateBlock(rng, buf, size); if (err == 0) err = mp_read_unsigned_bin(k, (byte*)buf, size); if (err == MP_OKAY) { if (mp_iszero(k) == MP_YES) err = MP_ZERO_E; } if (err == MP_OKAY) { if (mp_cmp(k, order) != MP_LT) { err = mp_mod(k, order, k); } } ForceZero(buf, ECC_MAXSIZE); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); #endif return err; }",visit repo url,wolfcrypt/src/ecc.c,https://github.com/wolfSSL/wolfssl,181297505228598,1 4126,CWE-190,"static punycode_uint decode_digit(punycode_uint cp) { return cp - 48 < 10 ? cp - 22 : cp - 65 < 26 ? cp - 65 : cp - 97 < 26 ? cp - 97 : base; }",visit repo url,lib/puny_decode.c,https://gitlab.com/libidn/libidn2,246547127082736,1 4528,CWE-416,"GF_VVCConfig *gf_odf_vvc_cfg_read_bs(GF_BitStream *bs) { u32 i, count; GF_VVCConfig *cfg = gf_odf_vvc_cfg_new(); gf_bs_read_int(bs, 5); cfg->nal_unit_size = 1 + gf_bs_read_int(bs, 2); cfg->ptl_present = gf_bs_read_int(bs, 1); if (cfg->ptl_present) { s32 j; cfg->ols_idx = gf_bs_read_int(bs, 9); cfg->numTemporalLayers = gf_bs_read_int(bs, 3); cfg->constantFrameRate = gf_bs_read_int(bs, 2); cfg->chroma_format = gf_bs_read_int(bs, 2); cfg->bit_depth = 8 + gf_bs_read_int(bs, 3); gf_bs_read_int(bs, 5); gf_bs_read_int(bs, 2); cfg->num_constraint_info = gf_bs_read_int(bs, 6); cfg->general_profile_idc = gf_bs_read_int(bs, 7); cfg->general_tier_flag = gf_bs_read_int(bs, 1); cfg->general_level_idc = gf_bs_read_u8(bs); cfg->ptl_frame_only_constraint = gf_bs_read_int(bs, 1); cfg->ptl_multilayer_enabled = gf_bs_read_int(bs, 1); if (cfg->num_constraint_info) { cfg->general_constraint_info = gf_malloc(sizeof(u8)*cfg->num_constraint_info); if (!cfg->general_constraint_info) { gf_free(cfg); GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] alloc failed while parsing vvc config\n"")); return NULL; } gf_bs_read_data(bs, cfg->general_constraint_info, cfg->num_constraint_info - 1); cfg->general_constraint_info[cfg->num_constraint_info-1] = gf_bs_read_int(bs, 6); } else { gf_bs_read_int(bs, 6); } cfg->ptl_sublayer_present_mask = 0; for (j=cfg->numTemporalLayers-2; j>=0; j--) { u32 val = gf_bs_read_int(bs, 1); cfg->ptl_sublayer_present_mask |= val << j; } for (j=cfg->numTemporalLayers; j<=8 && cfg->numTemporalLayers>1; j++) { gf_bs_read_int(bs, 1); } for (j=cfg->numTemporalLayers-2; j>=0; j--) { if (cfg->ptl_sublayer_present_mask & (1<sublayer_level_idc[j] = gf_bs_read_u8(bs); } } cfg->num_sub_profiles = gf_bs_read_u8(bs); if (cfg->num_sub_profiles) { cfg->sub_profiles_idc = gf_malloc(sizeof(u32)*cfg->num_sub_profiles); if (!cfg->sub_profiles_idc) { gf_free(cfg->general_constraint_info); gf_free(cfg); GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] alloc failed while parsing vvc config\n"")); return NULL; } } for (i=0; inum_sub_profiles; i++) { cfg->sub_profiles_idc[i] = gf_bs_read_u32(bs); } cfg->maxPictureWidth = gf_bs_read_u16(bs); cfg->maxPictureHeight = gf_bs_read_u16(bs); cfg->avgFrameRate = gf_bs_read_u16(bs); } count = gf_bs_read_int(bs, 8); for (i=0; iarray_completeness = gf_bs_read_int(bs, 1); gf_bs_read_int(bs, 2); ar->type = gf_bs_read_int(bs, 5); switch (ar->type) { case GF_VVC_NALU_DEC_PARAM: case GF_VVC_NALU_OPI: case GF_VVC_NALU_VID_PARAM: case GF_VVC_NALU_SEQ_PARAM: case GF_VVC_NALU_PIC_PARAM: case GF_VVC_NALU_SEI_PREFIX: case GF_VVC_NALU_SEI_SUFFIX: valid = GF_TRUE; ar->nalus = gf_list_new(); gf_list_add(cfg->param_array, ar); break; default: GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[VVC] Invalid NALU type in vvcC - ignoring\n"", ar->nalus)); gf_free(ar); break; } if ((ar->type != GF_VVC_NALU_DEC_PARAM) && (ar->type != GF_VVC_NALU_OPI)) nalucount = gf_bs_read_int(bs, 16); else nalucount = 1; for (j=0; jgf_bs_available(bs)) || (size<2)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] Wrong param set size %d\n"", size)); gf_odf_vvc_cfg_del(cfg); return NULL; } if (!valid) { gf_bs_skip_bytes(bs, size); continue; } GF_SAFEALLOC(sl, GF_NALUFFParam ); if (!sl) { gf_odf_vvc_cfg_del(cfg); GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] alloc failed while parsing vvc config\n"")); return NULL; } sl->size = size; sl->data = (char *)gf_malloc(sizeof(char) * sl->size); if (!sl->data) { gf_free(sl); gf_odf_vvc_cfg_del(cfg); GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] alloc failed while parsing vvc config\n"")); return NULL; } gf_bs_read_data(bs, sl->data, sl->size); gf_list_add(ar->nalus, sl); } } return cfg; }",visit repo url,src/odf/descriptors.c,https://github.com/gpac/gpac,133596557976742,1 2375,CWE-476,"static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPacket *avpkt) { TiffContext *const s = avctx->priv_data; AVFrame *const p = data; ThreadFrame frame = { .f = data }; unsigned off, last_off; int le, ret, plane, planes; int i, j, entries, stride; unsigned soff, ssize; uint8_t *dst; GetByteContext stripsizes; GetByteContext stripdata; int retry_for_subifd, retry_for_page; int is_dng; int has_tile_bits, has_strip_bits; bytestream2_init(&s->gb, avpkt->data, avpkt->size); if ((ret = ff_tdecode_header(&s->gb, &le, &off))) { av_log(avctx, AV_LOG_ERROR, ""Invalid TIFF header\n""); return ret; } else if (off >= UINT_MAX - 14 || avpkt->size < off + 14) { av_log(avctx, AV_LOG_ERROR, ""IFD offset is greater than image size\n""); return AVERROR_INVALIDDATA; } s->le = le; s->tiff_type = TIFF_TYPE_TIFF; again: s->is_thumbnail = 0; s->bppcount = s->bpp = 1; s->photometric = TIFF_PHOTOMETRIC_NONE; s->compr = TIFF_RAW; s->fill_order = 0; s->white_level = 0; s->is_bayer = 0; s->is_tiled = 0; s->is_jpeg = 0; s->cur_page = 0; s->last_tag = 0; for (i = 0; i < 65536; i++) s->dng_lut[i] = i; free_geotags(s); s->stripsizesoff = s->strippos = 0; bytestream2_seek(&s->gb, off, SEEK_SET); entries = ff_tget_short(&s->gb, le); if (bytestream2_get_bytes_left(&s->gb) < entries * 12) return AVERROR_INVALIDDATA; for (i = 0; i < entries; i++) { if ((ret = tiff_decode_tag(s, p)) < 0) return ret; } if (s->get_thumbnail && !s->is_thumbnail) { av_log(avctx, AV_LOG_INFO, ""No embedded thumbnail present\n""); return AVERROR_EOF; } retry_for_subifd = s->sub_ifd && (s->get_subimage || (!s->get_thumbnail && s->is_thumbnail)); retry_for_page = s->get_page && s->cur_page + 1 < s->get_page; last_off = off; if (retry_for_page) { off = ff_tget_long(&s->gb, le); } else if (retry_for_subifd) { off = s->sub_ifd; } if (retry_for_subifd || retry_for_page) { if (!off) { av_log(avctx, AV_LOG_ERROR, ""Requested entry not found\n""); return AVERROR_INVALIDDATA; } if (off <= last_off) { avpriv_request_sample(s->avctx, ""non increasing IFD offset""); return AVERROR_INVALIDDATA; } if (off >= UINT_MAX - 14 || avpkt->size < off + 14) { av_log(avctx, AV_LOG_ERROR, ""IFD offset is greater than image size\n""); return AVERROR_INVALIDDATA; } s->sub_ifd = 0; goto again; } is_dng = (s->tiff_type == TIFF_TYPE_DNG || s->tiff_type == TIFF_TYPE_CINEMADNG); for (i = 0; igeotag_count; i++) { const char *keyname = get_geokey_name(s->geotags[i].key); if (!keyname) { av_log(avctx, AV_LOG_WARNING, ""Unknown or unsupported GeoTIFF key %d\n"", s->geotags[i].key); continue; } if (get_geokey_type(s->geotags[i].key) != s->geotags[i].type) { av_log(avctx, AV_LOG_WARNING, ""Type of GeoTIFF key %d is wrong\n"", s->geotags[i].key); continue; } ret = av_dict_set(&p->metadata, keyname, s->geotags[i].val, 0); if (ret<0) { av_log(avctx, AV_LOG_ERROR, ""Writing metadata with key '%s' failed\n"", keyname); return ret; } } if (is_dng) { int bps; if (s->bpp % s->bppcount) return AVERROR_INVALIDDATA; bps = s->bpp / s->bppcount; if (bps < 8 || bps > 32) return AVERROR_INVALIDDATA; if (s->white_level == 0) s->white_level = (1LL << bps) - 1; if (s->white_level <= s->black_level) { av_log(avctx, AV_LOG_ERROR, ""BlackLevel (%""PRId32"") must be less than WhiteLevel (%""PRId32"")\n"", s->black_level, s->white_level); return AVERROR_INVALIDDATA; } if (s->planar) return AVERROR_PATCHWELCOME; } if (!s->is_tiled && !s->strippos && !s->stripoff) { av_log(avctx, AV_LOG_ERROR, ""Image data is missing\n""); return AVERROR_INVALIDDATA; } has_tile_bits = s->is_tiled || s->tile_byte_counts_offset || s->tile_offsets_offset || s->tile_width || s->tile_length || s->tile_count; has_strip_bits = s->strippos || s->strips || s->stripoff || s->rps || s->sot || s->sstype || s->stripsize || s->stripsizesoff; if (has_tile_bits && has_strip_bits) { av_log(avctx, AV_LOG_WARNING, ""Tiled TIFF is not allowed to strip\n""); } if ((ret = init_image(s, &frame)) < 0) return ret; if (!s->is_tiled) { if (s->strips == 1 && !s->stripsize) { av_log(avctx, AV_LOG_WARNING, ""Image data size missing\n""); s->stripsize = avpkt->size - s->stripoff; } if (s->stripsizesoff) { if (s->stripsizesoff >= (unsigned)avpkt->size) return AVERROR_INVALIDDATA; bytestream2_init(&stripsizes, avpkt->data + s->stripsizesoff, avpkt->size - s->stripsizesoff); } if (s->strippos) { if (s->strippos >= (unsigned)avpkt->size) return AVERROR_INVALIDDATA; bytestream2_init(&stripdata, avpkt->data + s->strippos, avpkt->size - s->strippos); } if (s->rps <= 0 || s->rps % s->subsampling[1]) { av_log(avctx, AV_LOG_ERROR, ""rps %d invalid\n"", s->rps); return AVERROR_INVALIDDATA; } } if (s->photometric == TIFF_PHOTOMETRIC_LINEAR_RAW || s->photometric == TIFF_PHOTOMETRIC_CFA) { p->color_trc = AVCOL_TRC_LINEAR; } else if (s->photometric == TIFF_PHOTOMETRIC_BLACK_IS_ZERO) { p->color_trc = AVCOL_TRC_GAMMA22; } if (is_dng && s->is_tiled) { if (!s->is_jpeg) { avpriv_report_missing_feature(avctx, ""DNG uncompressed tiled images""); return AVERROR_PATCHWELCOME; } else if (!s->is_bayer) { avpriv_report_missing_feature(avctx, ""DNG JPG-compressed tiled non-bayer-encoded images""); return AVERROR_PATCHWELCOME; } else { if ((ret = dng_decode_tiles(avctx, (AVFrame*)data, avpkt)) > 0) *got_frame = 1; return ret; } } planes = s->planar ? s->bppcount : 1; for (plane = 0; plane < planes; plane++) { uint8_t *five_planes = NULL; int remaining = avpkt->size; int decoded_height; stride = p->linesize[plane]; dst = p->data[plane]; if (s->photometric == TIFF_PHOTOMETRIC_SEPARATED && s->avctx->pix_fmt == AV_PIX_FMT_RGBA) { stride = stride * 5 / 4; five_planes = dst = av_malloc(stride * s->height); if (!dst) return AVERROR(ENOMEM); } for (i = 0; i < s->height; i += s->rps) { if (i) dst += s->rps * stride; if (s->stripsizesoff) ssize = ff_tget(&stripsizes, s->sstype, le); else ssize = s->stripsize; if (s->strippos) soff = ff_tget(&stripdata, s->sot, le); else soff = s->stripoff; if (soff > avpkt->size || ssize > avpkt->size - soff || ssize > remaining) { av_log(avctx, AV_LOG_ERROR, ""Invalid strip size/offset\n""); av_freep(&five_planes); return AVERROR_INVALIDDATA; } remaining -= ssize; if ((ret = tiff_unpack_strip(s, p, dst, stride, avpkt->data + soff, ssize, i, FFMIN(s->rps, s->height - i))) < 0) { if (avctx->err_recognition & AV_EF_EXPLODE) { av_freep(&five_planes); return ret; } break; } } decoded_height = FFMIN(i, s->height); if (s->predictor == 2) { if (s->photometric == TIFF_PHOTOMETRIC_YCBCR) { av_log(s->avctx, AV_LOG_ERROR, ""predictor == 2 with YUV is unsupported""); return AVERROR_PATCHWELCOME; } dst = five_planes ? five_planes : p->data[plane]; soff = s->bpp >> 3; if (s->planar) soff = FFMAX(soff / s->bppcount, 1); ssize = s->width * soff; if (s->avctx->pix_fmt == AV_PIX_FMT_RGB48LE || s->avctx->pix_fmt == AV_PIX_FMT_RGBA64LE || s->avctx->pix_fmt == AV_PIX_FMT_GRAY16LE || s->avctx->pix_fmt == AV_PIX_FMT_YA16LE || s->avctx->pix_fmt == AV_PIX_FMT_GBRP16LE || s->avctx->pix_fmt == AV_PIX_FMT_GBRAP16LE) { for (i = 0; i < decoded_height; i++) { for (j = soff; j < ssize; j += 2) AV_WL16(dst + j, AV_RL16(dst + j) + AV_RL16(dst + j - soff)); dst += stride; } } else if (s->avctx->pix_fmt == AV_PIX_FMT_RGB48BE || s->avctx->pix_fmt == AV_PIX_FMT_RGBA64BE || s->avctx->pix_fmt == AV_PIX_FMT_GRAY16BE || s->avctx->pix_fmt == AV_PIX_FMT_YA16BE || s->avctx->pix_fmt == AV_PIX_FMT_GBRP16BE || s->avctx->pix_fmt == AV_PIX_FMT_GBRAP16BE) { for (i = 0; i < decoded_height; i++) { for (j = soff; j < ssize; j += 2) AV_WB16(dst + j, AV_RB16(dst + j) + AV_RB16(dst + j - soff)); dst += stride; } } else { for (i = 0; i < decoded_height; i++) { for (j = soff; j < ssize; j++) dst[j] += dst[j - soff]; dst += stride; } } } if (s->photometric == TIFF_PHOTOMETRIC_WHITE_IS_ZERO) { int c = (s->avctx->pix_fmt == AV_PIX_FMT_PAL8 ? (1<bpp) - 1 : 255); dst = p->data[plane]; for (i = 0; i < s->height; i++) { for (j = 0; j < stride; j++) dst[j] = c - dst[j]; dst += stride; } } if (s->photometric == TIFF_PHOTOMETRIC_SEPARATED && (s->avctx->pix_fmt == AV_PIX_FMT_RGB0 || s->avctx->pix_fmt == AV_PIX_FMT_RGBA)) { int x = s->avctx->pix_fmt == AV_PIX_FMT_RGB0 ? 4 : 5; uint8_t *src = five_planes ? five_planes : p->data[plane]; dst = p->data[plane]; for (i = 0; i < s->height; i++) { for (j = 0; j < s->width; j++) { int k = 255 - src[x * j + 3]; int r = (255 - src[x * j ]) * k; int g = (255 - src[x * j + 1]) * k; int b = (255 - src[x * j + 2]) * k; dst[4 * j ] = r * 257 >> 16; dst[4 * j + 1] = g * 257 >> 16; dst[4 * j + 2] = b * 257 >> 16; dst[4 * j + 3] = s->avctx->pix_fmt == AV_PIX_FMT_RGBA ? src[x * j + 4] : 255; } src += stride; dst += p->linesize[plane]; } av_freep(&five_planes); } else if (s->photometric == TIFF_PHOTOMETRIC_SEPARATED && s->avctx->pix_fmt == AV_PIX_FMT_RGBA64BE) { dst = p->data[plane]; for (i = 0; i < s->height; i++) { for (j = 0; j < s->width; j++) { uint64_t k = 65535 - AV_RB16(dst + 8 * j + 6); uint64_t r = (65535 - AV_RB16(dst + 8 * j )) * k; uint64_t g = (65535 - AV_RB16(dst + 8 * j + 2)) * k; uint64_t b = (65535 - AV_RB16(dst + 8 * j + 4)) * k; AV_WB16(dst + 8 * j , r * 65537 >> 32); AV_WB16(dst + 8 * j + 2, g * 65537 >> 32); AV_WB16(dst + 8 * j + 4, b * 65537 >> 32); AV_WB16(dst + 8 * j + 6, 65535); } dst += p->linesize[plane]; } } } if (s->planar && s->bppcount > 2) { FFSWAP(uint8_t*, p->data[0], p->data[2]); FFSWAP(int, p->linesize[0], p->linesize[2]); FFSWAP(uint8_t*, p->data[0], p->data[1]); FFSWAP(int, p->linesize[0], p->linesize[1]); } if (s->is_bayer && s->white_level && s->bpp == 16 && !is_dng) { uint16_t *dst = (uint16_t *)p->data[0]; for (i = 0; i < s->height; i++) { for (j = 0; j < s->width; j++) dst[j] = FFMIN((dst[j] / (float)s->white_level) * 65535, 65535); dst += stride / 2; } } *got_frame = 1; return avpkt->size; }",visit repo url,libavcodec/tiff.c,https://github.com/FFmpeg/FFmpeg,75632962132162,1 4598,CWE-787,"static s32 gf_hevc_read_sps_bs_internal(GF_BitStream *bs, HEVCState *hevc, u8 layer_id, u32 *vui_flag_pos) { s32 vps_id, sps_id = -1; u32 i, nb_CTUs, depth; HEVC_SPS *sps; HEVC_VPS *vps; HEVC_ProfileTierLevel ptl; Bool multiLayerExtSpsFlag; u8 sps_ext_or_max_sub_layers_minus1, max_sub_layers_minus1; if (vui_flag_pos) *vui_flag_pos = 0; vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) { return -1; } memset(&ptl, 0, sizeof(ptl)); max_sub_layers_minus1 = 0; sps_ext_or_max_sub_layers_minus1 = 0; if (layer_id == 0) max_sub_layers_minus1 = gf_bs_read_int_log(bs, 3, ""max_sub_layers_minus1""); else sps_ext_or_max_sub_layers_minus1 = gf_bs_read_int_log(bs, 3, ""sps_ext_or_max_sub_layers_minus1""); multiLayerExtSpsFlag = (layer_id != 0) && (sps_ext_or_max_sub_layers_minus1 == 7); if (!multiLayerExtSpsFlag) { gf_bs_read_int_log(bs, 1, ""temporal_id_nesting_flag""); hevc_profile_tier_level(bs, 1, max_sub_layers_minus1, &ptl, 0); } sps_id = gf_bs_read_ue_log(bs, ""sps_id""); if ((sps_id < 0) || (sps_id >= 16)) { return -1; } sps = &hevc->sps[sps_id]; if (!sps->state) { sps->state = 1; sps->id = sps_id; sps->vps_id = vps_id; } sps->ptl = ptl; vps = &hevc->vps[vps_id]; sps->max_sub_layers_minus1 = 0; sps->sps_ext_or_max_sub_layers_minus1 = 0; sps->colour_primaries = 2; sps->transfer_characteristic = 2; sps->matrix_coeffs = 2; if (multiLayerExtSpsFlag) { sps->update_rep_format_flag = gf_bs_read_int_log(bs, 1, ""update_rep_format_flag""); if (sps->update_rep_format_flag) { sps->rep_format_idx = gf_bs_read_int_log(bs, 8, ""rep_format_idx""); } else { sps->rep_format_idx = vps->rep_format_idx[layer_id]; } sps->width = vps->rep_formats[sps->rep_format_idx].pic_width_luma_samples; sps->height = vps->rep_formats[sps->rep_format_idx].pic_height_luma_samples; sps->chroma_format_idc = vps->rep_formats[sps->rep_format_idx].chroma_format_idc; sps->bit_depth_luma = vps->rep_formats[sps->rep_format_idx].bit_depth_luma; sps->bit_depth_chroma = vps->rep_formats[sps->rep_format_idx].bit_depth_chroma; sps->separate_colour_plane_flag = vps->rep_formats[sps->rep_format_idx].separate_colour_plane_flag; sps->ptl = vps->ext_ptl[0]; } else { sps->chroma_format_idc = gf_bs_read_ue_log(bs, ""chroma_format_idc""); if (sps->chroma_format_idc == 3) sps->separate_colour_plane_flag = gf_bs_read_int_log(bs, 1, ""separate_colour_plane_flag""); sps->width = gf_bs_read_ue_log(bs, ""width""); sps->height = gf_bs_read_ue_log(bs, ""height""); if ((sps->cw_flag = gf_bs_read_int_log(bs, 1, ""conformance_window_flag""))) { u32 SubWidthC, SubHeightC; if (sps->chroma_format_idc == 1) { SubWidthC = SubHeightC = 2; } else if (sps->chroma_format_idc == 2) { SubWidthC = 2; SubHeightC = 1; } else { SubWidthC = SubHeightC = 1; } sps->cw_left = gf_bs_read_ue_log(bs, ""conformance_window_left""); sps->cw_right = gf_bs_read_ue_log(bs, ""conformance_window_right""); sps->cw_top = gf_bs_read_ue_log(bs, ""conformance_window_top""); sps->cw_bottom = gf_bs_read_ue_log(bs, ""conformance_window_bottom""); sps->width -= SubWidthC * (sps->cw_left + sps->cw_right); sps->height -= SubHeightC * (sps->cw_top + sps->cw_bottom); } sps->bit_depth_luma = 8 + gf_bs_read_ue_log(bs, ""bit_depth_luma_minus8""); sps->bit_depth_chroma = 8 + gf_bs_read_ue_log(bs, ""bit_depth_chroma_minus8""); } sps->log2_max_pic_order_cnt_lsb = 4 + gf_bs_read_ue_log(bs, ""log2_max_pic_order_cnt_lsb_minus4""); if (!multiLayerExtSpsFlag) { sps->sub_layer_ordering_info_present_flag = gf_bs_read_int_log(bs, 1, ""sub_layer_ordering_info_present_flag""); for (i = sps->sub_layer_ordering_info_present_flag ? 0 : sps->max_sub_layers_minus1; i <= sps->max_sub_layers_minus1; i++) { gf_bs_read_ue_log_idx(bs, ""max_dec_pic_buffering"", i); gf_bs_read_ue_log_idx(bs, ""num_reorder_pics"", i); gf_bs_read_ue_log_idx(bs, ""max_latency_increase"", i); } } sps->log2_min_luma_coding_block_size = 3 + gf_bs_read_ue_log(bs, ""log2_min_luma_coding_block_size_minus3""); sps->log2_diff_max_min_luma_coding_block_size = gf_bs_read_ue_log(bs, ""log2_diff_max_min_luma_coding_block_size""); sps->max_CU_width = (1 << (sps->log2_min_luma_coding_block_size + sps->log2_diff_max_min_luma_coding_block_size)); sps->max_CU_height = (1 << (sps->log2_min_luma_coding_block_size + sps->log2_diff_max_min_luma_coding_block_size)); sps->log2_min_transform_block_size = 2 + gf_bs_read_ue_log(bs, ""log2_min_transform_block_size_minus2""); sps->log2_max_transform_block_size = sps->log2_min_transform_block_size + gf_bs_read_ue_log(bs, ""log2_max_transform_block_size""); depth = 0; sps->max_transform_hierarchy_depth_inter = gf_bs_read_ue_log(bs, ""max_transform_hierarchy_depth_inter""); sps->max_transform_hierarchy_depth_intra = gf_bs_read_ue_log(bs, ""max_transform_hierarchy_depth_intra""); while ((u32)(sps->max_CU_width >> sps->log2_diff_max_min_luma_coding_block_size) > (u32)(1 << (sps->log2_min_transform_block_size + depth))) { depth++; } sps->max_CU_depth = sps->log2_diff_max_min_luma_coding_block_size + depth; nb_CTUs = ((sps->width + sps->max_CU_width - 1) / sps->max_CU_width) * ((sps->height + sps->max_CU_height - 1) / sps->max_CU_height); sps->bitsSliceSegmentAddress = 0; while (nb_CTUs > (u32)(1 << sps->bitsSliceSegmentAddress)) { sps->bitsSliceSegmentAddress++; } sps->scaling_list_enable_flag = gf_bs_read_int_log(bs, 1, ""scaling_list_enable_flag""); if (sps->scaling_list_enable_flag) { sps->infer_scaling_list_flag = 0; sps->scaling_list_ref_layer_id = 0; if (multiLayerExtSpsFlag) { sps->infer_scaling_list_flag = gf_bs_read_int_log(bs, 1, ""infer_scaling_list_flag""); } if (sps->infer_scaling_list_flag) { sps->scaling_list_ref_layer_id = gf_bs_read_int_log(bs, 6, ""scaling_list_ref_layer_id""); } else { sps->scaling_list_data_present_flag = gf_bs_read_int_log(bs, 1, ""scaling_list_data_present_flag""); if (sps->scaling_list_data_present_flag) { hevc_scaling_list_data(bs); } } } sps->asymmetric_motion_partitions_enabled_flag = gf_bs_read_int_log(bs, 1, ""asymmetric_motion_partitions_enabled_flag""); sps->sample_adaptive_offset_enabled_flag = gf_bs_read_int_log(bs, 1, ""sample_adaptive_offset_enabled_flag""); if ( (sps->pcm_enabled_flag = gf_bs_read_int_log(bs, 1, ""pcm_enabled_flag"")) ) { sps->pcm_sample_bit_depth_luma_minus1 = gf_bs_read_int_log(bs, 4, ""pcm_sample_bit_depth_luma_minus1""); sps->pcm_sample_bit_depth_chroma_minus1 = gf_bs_read_int_log(bs, 4, ""pcm_sample_bit_depth_chroma_minus1""); sps->log2_min_pcm_luma_coding_block_size_minus3 = gf_bs_read_ue_log(bs, ""log2_min_pcm_luma_coding_block_size_minus3""); sps->log2_diff_max_min_pcm_luma_coding_block_size = gf_bs_read_ue_log(bs, ""log2_diff_max_min_pcm_luma_coding_block_size""); sps->pcm_loop_filter_disable_flag = gf_bs_read_int_log(bs, 1, ""pcm_loop_filter_disable_flag""); } sps->num_short_term_ref_pic_sets = gf_bs_read_ue_log(bs, ""num_short_term_ref_pic_sets""); if (sps->num_short_term_ref_pic_sets > 64) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Invalid number of short term reference picture sets %d\n"", sps->num_short_term_ref_pic_sets)); return -1; } for (i = 0; i < sps->num_short_term_ref_pic_sets; i++) { Bool ret = hevc_parse_short_term_ref_pic_set(bs, sps, i); if (!ret) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Invalid short_term_ref_pic_set\n"")); return -1; } } sps->long_term_ref_pics_present_flag = gf_bs_read_int_log(bs, 1, ""long_term_ref_pics_present_flag""); if (sps->long_term_ref_pics_present_flag) { sps->num_long_term_ref_pic_sps = gf_bs_read_ue_log(bs, ""num_long_term_ref_pic_sps""); for (i = 0; i < sps->num_long_term_ref_pic_sps; i++) { gf_bs_read_int_log_idx(bs, sps->log2_max_pic_order_cnt_lsb, ""lt_ref_pic_poc_lsb_sps"", i); gf_bs_read_int_log_idx(bs, 1, ""used_by_curr_pic_lt_sps_flag"", i); } } sps->temporal_mvp_enable_flag = gf_bs_read_int_log(bs, 1, ""temporal_mvp_enable_flag""); sps->strong_intra_smoothing_enable_flag = gf_bs_read_int_log(bs, 1, ""strong_intra_smoothing_enable_flag""); if (vui_flag_pos) *vui_flag_pos = (u32)gf_bs_get_bit_offset(bs); if ((sps->vui_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_parameters_present_flag"")) ) { sps->aspect_ratio_info_present_flag = gf_bs_read_int_log(bs, 1, ""aspect_ratio_info_present_flag""); if (sps->aspect_ratio_info_present_flag) { sps->sar_idc = gf_bs_read_int_log(bs, 8, ""aspect_ratio_idc""); if (sps->sar_idc == 255) { sps->sar_width = gf_bs_read_int_log(bs, 16, ""aspect_ratio_width""); sps->sar_height = gf_bs_read_int_log(bs, 16, ""aspect_ratio_height""); } else if (sps->sar_idc < 17) { sps->sar_width = hevc_sar[sps->sar_idc].w; sps->sar_height = hevc_sar[sps->sar_idc].h; } } if ((sps->overscan_info_present = gf_bs_read_int_log(bs, 1, ""overscan_info_present""))) sps->overscan_appropriate = gf_bs_read_int_log(bs, 1, ""overscan_appropriate""); sps->video_signal_type_present_flag = gf_bs_read_int_log(bs, 1, ""video_signal_type_present_flag""); if (sps->video_signal_type_present_flag) { sps->video_format = gf_bs_read_int_log(bs, 3, ""video_format""); sps->video_full_range_flag = gf_bs_read_int_log(bs, 1, ""video_full_range_flag""); if ((sps->colour_description_present_flag = gf_bs_read_int_log(bs, 1, ""colour_description_present_flag""))) { sps->colour_primaries = gf_bs_read_int_log(bs, 8, ""colour_primaries""); sps->transfer_characteristic = gf_bs_read_int_log(bs, 8, ""transfer_characteristic""); sps->matrix_coeffs = gf_bs_read_int_log(bs, 8, ""matrix_coefficients""); } } if ((sps->chroma_loc_info_present_flag = gf_bs_read_int_log(bs, 1, ""chroma_loc_info_present_flag""))) { sps->chroma_sample_loc_type_top_field = gf_bs_read_ue_log(bs, ""chroma_sample_loc_type_top_field""); sps->chroma_sample_loc_type_bottom_field = gf_bs_read_ue_log(bs, ""chroma_sample_loc_type_bottom_field""); } sps->neutra_chroma_indication_flag = gf_bs_read_int_log(bs, 1, ""neutra_chroma_indication_flag""); sps->field_seq_flag = gf_bs_read_int_log(bs, 1, ""field_seq_flag""); sps->frame_field_info_present_flag = gf_bs_read_int_log(bs, 1, ""frame_field_info_present_flag""); if ((sps->default_display_window_flag = gf_bs_read_int_log(bs, 1, ""default_display_window_flag""))) { sps->left_offset = gf_bs_read_ue_log(bs, ""display_window_left_offset""); sps->right_offset = gf_bs_read_ue_log(bs, ""display_window_right_offset""); sps->top_offset = gf_bs_read_ue_log(bs, ""display_window_top_offset""); sps->bottom_offset = gf_bs_read_ue_log(bs, ""display_window_bottom_offset""); } sps->has_timing_info = gf_bs_read_int_log(bs, 1, ""has_timing_info""); if (sps->has_timing_info) { sps->num_units_in_tick = gf_bs_read_int_log(bs, 32, ""num_units_in_tick""); sps->time_scale = gf_bs_read_int_log(bs, 32, ""time_scale""); sps->poc_proportional_to_timing_flag = gf_bs_read_int_log(bs, 1, ""poc_proportional_to_timing_flag""); if (sps->poc_proportional_to_timing_flag) sps->num_ticks_poc_diff_one_minus1 = gf_bs_read_ue_log(bs, ""num_ticks_poc_diff_one_minus1""); if ((sps->hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""hrd_parameters_present_flag""))) { return sps_id; } } if (gf_bs_read_int_log(bs, 1, ""bitstream_restriction_flag"")) { gf_bs_read_int_log(bs, 1, ""tiles_fixed_structure_flag""); gf_bs_read_int_log(bs, 1, ""motion_vectors_over_pic_boundaries_flag""); gf_bs_read_int_log(bs, 1, ""restricted_ref_pic_lists_flag""); gf_bs_read_ue_log(bs, ""min_spatial_segmentation_idc""); gf_bs_read_ue_log(bs, ""max_bytes_per_pic_denom""); gf_bs_read_ue_log(bs, ""max_bits_per_min_cu_denom""); gf_bs_read_ue_log(bs, ""log2_max_mv_length_horizontal""); gf_bs_read_ue_log(bs, ""log2_max_mv_length_vertical""); } } if (gf_bs_read_int_log(bs, 1, ""sps_extension_flag"")) { #if 0 while (gf_bs_available(bs)) { gf_bs_read_int(bs, 1); } #endif } return sps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,122774947734483,1 4455,['CWE-264'],"static void sock_def_error_report(struct sock *sk) { read_lock(&sk->sk_callback_lock); if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) wake_up_interruptible(sk->sk_sleep); sk_wake_async(sk, SOCK_WAKE_IO, POLL_ERR); read_unlock(&sk->sk_callback_lock); }",linux-2.6,,,338947398811484296275214783498125922130,0 6598,CWE-121,"static RzList *__io_maps(RzDebug *dbg) { RzList *list = rz_list_new(); char *str = dbg->iob.system(dbg->iob.io, ""dm""); if (!str) { rz_list_free(list); return NULL; } char *ostr = str; ut64 map_start, map_end; char perm[32]; char name[512]; for (;;) { char *nl = strchr(str, '\n'); if (nl) { *nl = 0; *name = 0; *perm = 0; map_start = map_end = 0LL; if (!strncmp(str, ""sys "", 4)) { char *sp = strchr(str + 4, ' '); if (sp) { str = sp + 1; } else { str += 4; } } char *_s_ = strstr(str, "" s ""); if (_s_) { memmove(_s_, _s_ + 2, strlen(_s_)); } _s_ = strstr(str, "" ? ""); if (_s_) { memmove(_s_, _s_ + 2, strlen(_s_)); } sscanf(str, ""0x%"" PFMT64x "" - 0x%"" PFMT64x "" %s %s"", &map_start, &map_end, perm, name); if (map_end != 0LL) { RzDebugMap *map = rz_debug_map_new(name, map_start, map_end, rz_str_rwx(perm), 0); rz_list_append(list, map); } str = nl + 1; } else { break; } } free(ostr); rz_cons_reset(); return list; }",visit repo url,librz/debug/p/debug_io.c,https://github.com/rizinorg/rizin,98222585145932,1 5996,['CWE-200'],"static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr) { int ret = 0; if (tmpaddr && memcmp(idev->rndid, &tmpaddr->s6_addr[8], 8) == 0) ret = __ipv6_regen_rndid(idev); return ret; }",linux-2.6,,,167588642396541266690737636507592973096,0 2249,CWE-400,"static struct task_struct *copy_process(unsigned long clone_flags, unsigned long stack_start, struct pt_regs *regs, unsigned long stack_size, int __user *child_tidptr, struct pid *pid, int trace) { int retval; struct task_struct *p; int cgroup_callbacks_done = 0; if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS)) return ERR_PTR(-EINVAL); if ((clone_flags & CLONE_THREAD) && !(clone_flags & CLONE_SIGHAND)) return ERR_PTR(-EINVAL); if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM)) return ERR_PTR(-EINVAL); if ((clone_flags & CLONE_PARENT) && current->signal->flags & SIGNAL_UNKILLABLE) return ERR_PTR(-EINVAL); retval = security_task_create(clone_flags); if (retval) goto fork_out; retval = -ENOMEM; p = dup_task_struct(current); if (!p) goto fork_out; ftrace_graph_init_task(p); rt_mutex_init_task(p); #ifdef CONFIG_PROVE_LOCKING DEBUG_LOCKS_WARN_ON(!p->hardirqs_enabled); DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; if (atomic_read(&p->real_cred->user->processes) >= p->signal->rlim[RLIMIT_NPROC].rlim_cur) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && p->real_cred->user != INIT_USER) goto bad_fork_free; } retval = copy_creds(p, clone_flags); if (retval < 0) goto bad_fork_free; retval = -EAGAIN; if (nr_threads >= max_threads) goto bad_fork_cleanup_count; if (!try_module_get(task_thread_info(p)->exec_domain->module)) goto bad_fork_cleanup_count; p->did_exec = 0; delayacct_tsk_init(p); copy_flags(clone_flags, p); INIT_LIST_HEAD(&p->children); INIT_LIST_HEAD(&p->sibling); rcu_copy_process(p); p->vfork_done = NULL; spin_lock_init(&p->alloc_lock); init_sigpending(&p->pending); p->utime = cputime_zero; p->stime = cputime_zero; p->gtime = cputime_zero; p->utimescaled = cputime_zero; p->stimescaled = cputime_zero; p->prev_utime = cputime_zero; p->prev_stime = cputime_zero; p->default_timer_slack_ns = current->timer_slack_ns; task_io_accounting_init(&p->ioac); acct_clear_integrals(p); posix_cpu_timers_init(p); p->lock_depth = -1; do_posix_clock_monotonic_gettime(&p->start_time); p->real_start_time = p->start_time; monotonic_to_bootbased(&p->real_start_time); p->io_context = NULL; p->audit_context = NULL; cgroup_fork(p); #ifdef CONFIG_NUMA p->mempolicy = mpol_dup(p->mempolicy); if (IS_ERR(p->mempolicy)) { retval = PTR_ERR(p->mempolicy); p->mempolicy = NULL; goto bad_fork_cleanup_cgroup; } mpol_fix_fork_child_flag(p); #endif #ifdef CONFIG_TRACE_IRQFLAGS p->irq_events = 0; #ifdef __ARCH_WANT_INTERRUPTS_ON_CTXSW p->hardirqs_enabled = 1; #else p->hardirqs_enabled = 0; #endif p->hardirq_enable_ip = 0; p->hardirq_enable_event = 0; p->hardirq_disable_ip = _THIS_IP_; p->hardirq_disable_event = 0; p->softirqs_enabled = 1; p->softirq_enable_ip = _THIS_IP_; p->softirq_enable_event = 0; p->softirq_disable_ip = 0; p->softirq_disable_event = 0; p->hardirq_context = 0; p->softirq_context = 0; #endif #ifdef CONFIG_LOCKDEP p->lockdep_depth = 0; p->curr_chain_key = 0; p->lockdep_recursion = 0; #endif #ifdef CONFIG_DEBUG_MUTEXES p->blocked_on = NULL; #endif p->bts = NULL; p->stack_start = stack_start; sched_fork(p, clone_flags); retval = perf_event_init_task(p); if (retval) goto bad_fork_cleanup_policy; if ((retval = audit_alloc(p))) goto bad_fork_cleanup_policy; if ((retval = copy_semundo(clone_flags, p))) goto bad_fork_cleanup_audit; if ((retval = copy_files(clone_flags, p))) goto bad_fork_cleanup_semundo; if ((retval = copy_fs(clone_flags, p))) goto bad_fork_cleanup_files; if ((retval = copy_sighand(clone_flags, p))) goto bad_fork_cleanup_fs; if ((retval = copy_signal(clone_flags, p))) goto bad_fork_cleanup_sighand; if ((retval = copy_mm(clone_flags, p))) goto bad_fork_cleanup_signal; if ((retval = copy_namespaces(clone_flags, p))) goto bad_fork_cleanup_mm; if ((retval = copy_io(clone_flags, p))) goto bad_fork_cleanup_namespaces; retval = copy_thread(clone_flags, stack_start, stack_size, p, regs); if (retval) goto bad_fork_cleanup_io; if (pid != &init_struct_pid) { retval = -ENOMEM; pid = alloc_pid(p->nsproxy->pid_ns); if (!pid) goto bad_fork_cleanup_io; if (clone_flags & CLONE_NEWPID) { retval = pid_ns_prepare_proc(p->nsproxy->pid_ns); if (retval < 0) goto bad_fork_free_pid; } } p->pid = pid_nr(pid); p->tgid = p->pid; if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; if (current->nsproxy != p->nsproxy) { retval = ns_cgroup_clone(p, pid); if (retval) goto bad_fork_free_pid; } p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; p->clear_child_tid = (clone_flags & CLONE_CHILD_CLEARTID) ? child_tidptr: NULL; #ifdef CONFIG_FUTEX p->robust_list = NULL; #ifdef CONFIG_COMPAT p->compat_robust_list = NULL; #endif INIT_LIST_HEAD(&p->pi_state_list); p->pi_state_cache = NULL; #endif if ((clone_flags & (CLONE_VM|CLONE_VFORK)) == CLONE_VM) p->sas_ss_sp = p->sas_ss_size = 0; clear_tsk_thread_flag(p, TIF_SYSCALL_TRACE); #ifdef TIF_SYSCALL_EMU clear_tsk_thread_flag(p, TIF_SYSCALL_EMU); #endif clear_all_latency_tracing(p); p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL); p->pdeath_signal = 0; p->exit_state = 0; p->group_leader = p; INIT_LIST_HEAD(&p->thread_group); cgroup_fork_callbacks(p); cgroup_callbacks_done = 1; write_lock_irq(&tasklist_lock); p->cpus_allowed = current->cpus_allowed; p->rt.nr_cpus_allowed = current->rt.nr_cpus_allowed; if (unlikely(!cpu_isset(task_cpu(p), p->cpus_allowed) || !cpu_online(task_cpu(p)))) set_task_cpu(p, smp_processor_id()); if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) { p->real_parent = current->real_parent; p->parent_exec_id = current->parent_exec_id; } else { p->real_parent = current; p->parent_exec_id = current->self_exec_id; } spin_lock(¤t->sighand->siglock); recalc_sigpending(); if (signal_pending(current)) { spin_unlock(¤t->sighand->siglock); write_unlock_irq(&tasklist_lock); retval = -ERESTARTNOINTR; goto bad_fork_free_pid; } if (clone_flags & CLONE_THREAD) { atomic_inc(¤t->signal->count); atomic_inc(¤t->signal->live); p->group_leader = current->group_leader; list_add_tail_rcu(&p->thread_group, &p->group_leader->thread_group); } if (likely(p->pid)) { list_add_tail(&p->sibling, &p->real_parent->children); tracehook_finish_clone(p, clone_flags, trace); if (thread_group_leader(p)) { if (clone_flags & CLONE_NEWPID) p->nsproxy->pid_ns->child_reaper = p; p->signal->leader_pid = pid; tty_kref_put(p->signal->tty); p->signal->tty = tty_kref_get(current->signal->tty); attach_pid(p, PIDTYPE_PGID, task_pgrp(current)); attach_pid(p, PIDTYPE_SID, task_session(current)); list_add_tail_rcu(&p->tasks, &init_task.tasks); __get_cpu_var(process_counts)++; } attach_pid(p, PIDTYPE_PID, pid); nr_threads++; } total_forks++; spin_unlock(¤t->sighand->siglock); write_unlock_irq(&tasklist_lock); proc_fork_connector(p); cgroup_post_fork(p); perf_event_fork(p); return p; bad_fork_free_pid: if (pid != &init_struct_pid) free_pid(pid); bad_fork_cleanup_io: put_io_context(p->io_context); bad_fork_cleanup_namespaces: exit_task_namespaces(p); bad_fork_cleanup_mm: if (p->mm) mmput(p->mm); bad_fork_cleanup_signal: if (!(clone_flags & CLONE_THREAD)) __cleanup_signal(p->signal); bad_fork_cleanup_sighand: __cleanup_sighand(p->sighand); bad_fork_cleanup_fs: exit_fs(p); bad_fork_cleanup_files: exit_files(p); bad_fork_cleanup_semundo: exit_sem(p); bad_fork_cleanup_audit: audit_free(p); bad_fork_cleanup_policy: perf_event_free_task(p); #ifdef CONFIG_NUMA mpol_put(p->mempolicy); bad_fork_cleanup_cgroup: #endif cgroup_exit(p, cgroup_callbacks_done); delayacct_tsk_free(p); module_put(task_thread_info(p)->exec_domain->module); bad_fork_cleanup_count: atomic_dec(&p->cred->user->processes); exit_creds(p); bad_fork_free: free_task(p); fork_out: return ERR_PTR(retval); }",visit repo url,kernel/fork.c,https://github.com/torvalds/linux,168546240060396,1 721,[],"jpc_ms_t *jpc_getms(jas_stream_t *in, jpc_cstate_t *cstate) { jpc_ms_t *ms; jpc_mstabent_t *mstabent; jas_stream_t *tmpstream; if (!(ms = jpc_ms_create(0))) { return 0; } if (jpc_getuint16(in, &ms->id) || ms->id < JPC_MS_MIN || ms->id > JPC_MS_MAX) { jpc_ms_destroy(ms); return 0; } mstabent = jpc_mstab_lookup(ms->id); ms->ops = &mstabent->ops; if (JPC_MS_HASPARMS(ms->id)) { if (jpc_getuint16(in, &ms->len) || ms->len < 3) { jpc_ms_destroy(ms); return 0; } ms->len -= 2; if (!(tmpstream = jas_stream_memopen(0, 0))) { jpc_ms_destroy(ms); return 0; } if (jas_stream_copy(tmpstream, in, ms->len) || jas_stream_seek(tmpstream, 0, SEEK_SET) < 0) { jas_stream_close(tmpstream); jpc_ms_destroy(ms); return 0; } if ((*ms->ops->getparms)(ms, cstate, tmpstream)) { ms->ops = 0; jpc_ms_destroy(ms); jas_stream_close(tmpstream); return 0; } if (jas_getdbglevel() > 0) { jpc_ms_dump(ms, stderr); } if (JAS_CAST(ulong, jas_stream_tell(tmpstream)) != ms->len) { jas_eprintf(""warning: trailing garbage in marker segment (%ld bytes)\n"", ms->len - jas_stream_tell(tmpstream)); } jas_stream_close(tmpstream); } else { ms->len = 0; if (jas_getdbglevel() > 0) { jpc_ms_dump(ms, stderr); } } if (ms->id == JPC_MS_SIZ) { cstate->numcomps = ms->parms.siz.numcomps; } return ms; }",jasper,,,121848335770875051605805903962063236067,0 5099,['CWE-20'],"static void vmx_inject_irq(struct kvm_vcpu *vcpu, int irq) { struct vcpu_vmx *vmx = to_vmx(vcpu); KVMTRACE_1D(INJ_VIRQ, vcpu, (u32)irq, handler); ++vcpu->stat.irq_injections; if (vcpu->arch.rmode.active) { vmx->rmode.irq.pending = true; vmx->rmode.irq.vector = irq; vmx->rmode.irq.rip = kvm_rip_read(vcpu); vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, irq | INTR_TYPE_SOFT_INTR | INTR_INFO_VALID_MASK); vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, 1); kvm_rip_write(vcpu, vmx->rmode.irq.rip - 1); return; } vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, irq | INTR_TYPE_EXT_INTR | INTR_INFO_VALID_MASK); }",linux-2.6,,,310163746431869169277330153467242804842,0 1628,[],"static int tg_set_bandwidth(struct task_group *tg, u64 rt_period, u64 rt_runtime) { int i, err = 0; mutex_lock(&rt_constraints_mutex); read_lock(&tasklist_lock); if (rt_runtime == 0 && tg_has_rt_tasks(tg)) { err = -EBUSY; goto unlock; } if (!__rt_schedulable(tg, rt_period, rt_runtime)) { err = -EINVAL; goto unlock; } spin_lock_irq(&tg->rt_bandwidth.rt_runtime_lock); tg->rt_bandwidth.rt_period = ns_to_ktime(rt_period); tg->rt_bandwidth.rt_runtime = rt_runtime; for_each_possible_cpu(i) { struct rt_rq *rt_rq = tg->rt_rq[i]; spin_lock(&rt_rq->rt_runtime_lock); rt_rq->rt_runtime = rt_runtime; spin_unlock(&rt_rq->rt_runtime_lock); } spin_unlock_irq(&tg->rt_bandwidth.rt_runtime_lock); unlock: read_unlock(&tasklist_lock); mutex_unlock(&rt_constraints_mutex); return err; }",linux-2.6,,,150347565652923641624455305375685333640,0 3075,['CWE-189'],"void jpc_ns_fwdlift_col(jpc_fix_t *a, int numrows, int stride, int parity) { jpc_fix_t *lptr; jpc_fix_t *hptr; register jpc_fix_t *lptr2; register jpc_fix_t *hptr2; register int n; int llen; llen = (numrows + 1 - parity) >> 1; if (numrows > 1) { lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++hptr2; ++lptr2; hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(ALPHA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++lptr2; ++hptr2; } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(BETA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++hptr2; ++lptr2; hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(GAMMA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++lptr2; ++hptr2; } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(DELTA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } #if defined(WT_DOSCALE) lptr = &a[0]; n = llen; while (n-- > 0) { lptr2 = lptr; lptr2[0] = jpc_fix_mul(lptr2[0], jpc_dbltofix(LGAIN)); ++lptr2; lptr += stride; } hptr = &a[llen * stride]; n = numrows - llen; while (n-- > 0) { hptr2 = hptr; hptr2[0] = jpc_fix_mul(hptr2[0], jpc_dbltofix(HGAIN)); ++hptr2; hptr += stride; } #endif } else { #if defined(WT_LENONE) if (parity) { lptr2 = &a[0]; lptr2[0] <<= 1; ++lptr2; } #endif } }",jasper,,,88842136166467049396811744493252015284,0 6151,['CWE-200'],"static int ip_mr_forward(struct sk_buff *skb, struct mfc_cache *cache, int local) { int psend = -1; int vif, ct; vif = cache->mfc_parent; cache->mfc_un.res.pkt++; cache->mfc_un.res.bytes += skb->len; if (vif_table[vif].dev != skb->dev) { int true_vifi; if (((struct rtable*)skb->dst)->fl.iif == 0) { goto dont_forward; } cache->mfc_un.res.wrong_if++; true_vifi = ipmr_find_vif(skb->dev); if (true_vifi >= 0 && mroute_do_assert && (mroute_do_pim || cache->mfc_un.res.ttls[true_vifi] < 255) && time_after(jiffies, cache->mfc_un.res.last_assert + MFC_ASSERT_THRESH)) { cache->mfc_un.res.last_assert = jiffies; ipmr_cache_report(skb, true_vifi, IGMPMSG_WRONGVIF); } goto dont_forward; } vif_table[vif].pkt_in++; vif_table[vif].bytes_in+=skb->len; for (ct = cache->mfc_un.res.maxvif-1; ct >= cache->mfc_un.res.minvif; ct--) { if (skb->nh.iph->ttl > cache->mfc_un.res.ttls[ct]) { if (psend != -1) { struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); if (skb2) ipmr_queue_xmit(skb2, cache, psend); } psend=ct; } } if (psend != -1) { if (local) { struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); if (skb2) ipmr_queue_xmit(skb2, cache, psend); } else { ipmr_queue_xmit(skb, cache, psend); return 0; } } dont_forward: if (!local) kfree_skb(skb); return 0; }",linux-2.6,,,17813475244839861536143168994480405653,0 2864,['CWE-189'],"static void jas_image_setbbox(jas_image_t *image) { jas_image_cmpt_t *cmpt; int cmptno; int_fast32_t x; int_fast32_t y; if (image->numcmpts_ > 0) { cmpt = image->cmpts_[0]; image->tlx_ = cmpt->tlx_; image->tly_ = cmpt->tly_; image->brx_ = cmpt->tlx_ + cmpt->hstep_ * (cmpt->width_ - 1) + 1; image->bry_ = cmpt->tly_ + cmpt->vstep_ * (cmpt->height_ - 1) + 1; for (cmptno = 1; cmptno < image->numcmpts_; ++cmptno) { cmpt = image->cmpts_[cmptno]; if (image->tlx_ > cmpt->tlx_) { image->tlx_ = cmpt->tlx_; } if (image->tly_ > cmpt->tly_) { image->tly_ = cmpt->tly_; } x = cmpt->tlx_ + cmpt->hstep_ * (cmpt->width_ - 1) + 1; if (image->brx_ < x) { image->brx_ = x; } y = cmpt->tly_ + cmpt->vstep_ * (cmpt->height_ - 1) + 1; if (image->bry_ < y) { image->bry_ = y; } } } else { image->tlx_ = 0; image->tly_ = 0; image->brx_ = 0; image->bry_ = 0; } }",jasper,,,15395175696287463362785875361014275173,0 559,CWE-189,"void ipc_rcu_getref(void *ptr) { container_of(ptr, struct ipc_rcu_hdr, data)->refcount++; }",visit repo url,ipc/util.c,https://github.com/torvalds/linux,68854022356029,1 2731,[],"static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) { if (len < sizeof(struct sctp_initmsg)) return -EINVAL; len = sizeof(struct sctp_initmsg); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &sctp_sk(sk)->initmsg, len)) return -EFAULT; return 0; }",linux-2.6,,,191372129430208984367081928045844672176,0 4789,[],"void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec, int family) { if (family == PF_INET) ssec->nlbl_state = NLBL_REQUIRE; else ssec->nlbl_state = NLBL_UNSET; }",linux-2.6,,,209319286185280733412608611931077609012,0 4354,['CWE-399'],"long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) { struct key_user *newowner, *zapowner = NULL; struct key *key; key_ref_t key_ref; long ret; ret = 0; if (uid == (uid_t) -1 && gid == (gid_t) -1) goto error; key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); goto error; } key = key_ref_to_ptr(key_ref); ret = -EACCES; down_write(&key->sem); if (!capable(CAP_SYS_ADMIN)) { if (uid != (uid_t) -1 && key->uid != uid) goto error_put; if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid)) goto error_put; } if (uid != (uid_t) -1 && uid != key->uid) { ret = -ENOMEM; newowner = key_user_lookup(uid); if (!newowner) goto error_put; if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { unsigned maxkeys = (uid == 0) ? key_quota_root_maxkeys : key_quota_maxkeys; unsigned maxbytes = (uid == 0) ? key_quota_root_maxbytes : key_quota_maxbytes; spin_lock(&newowner->lock); if (newowner->qnkeys + 1 >= maxkeys || newowner->qnbytes + key->quotalen >= maxbytes || newowner->qnbytes + key->quotalen < newowner->qnbytes) goto quota_overrun; newowner->qnkeys++; newowner->qnbytes += key->quotalen; spin_unlock(&newowner->lock); spin_lock(&key->user->lock); key->user->qnkeys--; key->user->qnbytes -= key->quotalen; spin_unlock(&key->user->lock); } atomic_dec(&key->user->nkeys); atomic_inc(&newowner->nkeys); if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { atomic_dec(&key->user->nikeys); atomic_inc(&newowner->nikeys); } zapowner = key->user; key->user = newowner; key->uid = uid; } if (gid != (gid_t) -1) key->gid = gid; ret = 0; error_put: up_write(&key->sem); key_put(key); if (zapowner) key_user_put(zapowner); error: return ret; quota_overrun: spin_unlock(&newowner->lock); zapowner = newowner; ret = -EDQUOT; goto error_put; } ",linux-2.6,,,314565854135313807684376817693696834662,0 1709,CWE-19,"ext4_xattr_cache_insert(struct mb_cache *ext4_mb_cache, struct buffer_head *bh) { __u32 hash = le32_to_cpu(BHDR(bh)->h_hash); struct mb_cache_entry *ce; int error; ce = mb_cache_entry_alloc(ext4_mb_cache, GFP_NOFS); if (!ce) { ea_bdebug(bh, ""out of memory""); return; } error = mb_cache_entry_insert(ce, bh->b_bdev, bh->b_blocknr, hash); if (error) { mb_cache_entry_free(ce); if (error == -EBUSY) { ea_bdebug(bh, ""already in cache""); error = 0; } } else { ea_bdebug(bh, ""inserting [%x]"", (int)hash); mb_cache_entry_release(ce); } }",visit repo url,fs/ext4/xattr.c,https://github.com/torvalds/linux,226054258363834,1 4921,CWE-59,"vrrp_print_json(void) { FILE *file; element e; struct json_object *array; if (LIST_ISEMPTY(vrrp_data->vrrp)) return; file = fopen (""/tmp/keepalived.json"",""w""); if (!file) { log_message(LOG_INFO, ""Can't open /tmp/keepalived.json (%d: %s)"", errno, strerror(errno)); return; } array = json_object_new_array(); for (e = LIST_HEAD(vrrp_data->vrrp); e; ELEMENT_NEXT(e)) { struct json_object *instance_json, *json_stats, *json_data, *vips, *evips, *track_ifp, *track_script; #ifdef _HAVE_FIB_ROUTING_ struct json_object *vroutes, *vrules; #endif element f; vrrp_t *vrrp = ELEMENT_DATA(e); instance_json = json_object_new_object(); json_stats = json_object_new_object(); json_data = json_object_new_object(); vips = json_object_new_array(); evips = json_object_new_array(); track_ifp = json_object_new_array(); track_script = json_object_new_array(); #ifdef _HAVE_FIB_ROUTING_ vroutes = json_object_new_array(); vrules = json_object_new_array(); #endif json_object_object_add(json_data, ""iname"", json_object_new_string(vrrp->iname)); json_object_object_add(json_data, ""dont_track_primary"", json_object_new_int(vrrp->dont_track_primary)); json_object_object_add(json_data, ""skip_check_adv_addr"", json_object_new_int(vrrp->skip_check_adv_addr)); json_object_object_add(json_data, ""strict_mode"", json_object_new_int((int)vrrp->strict_mode)); #ifdef _HAVE_VRRP_VMAC_ json_object_object_add(json_data, ""vmac_ifname"", json_object_new_string(vrrp->vmac_ifname)); #endif if (!LIST_ISEMPTY(vrrp->track_ifp)) { for (f = LIST_HEAD(vrrp->track_ifp); f; ELEMENT_NEXT(f)) { interface_t *ifp = ELEMENT_DATA(f); json_object_array_add(track_ifp, json_object_new_string(ifp->ifname)); } } json_object_object_add(json_data, ""track_ifp"", track_ifp); if (!LIST_ISEMPTY(vrrp->track_script)) { for (f = LIST_HEAD(vrrp->track_script); f; ELEMENT_NEXT(f)) { tracked_sc_t *tsc = ELEMENT_DATA(f); vrrp_script_t *vscript = tsc->scr; json_object_array_add(track_script, json_object_new_string(cmd_str(&vscript->script))); } } json_object_object_add(json_data, ""track_script"", track_script); json_object_object_add(json_data, ""ifp_ifname"", json_object_new_string(vrrp->ifp->ifname)); json_object_object_add(json_data, ""master_priority"", json_object_new_int(vrrp->master_priority)); json_object_object_add(json_data, ""last_transition"", json_object_new_double(timeval_to_double(&vrrp->last_transition))); json_object_object_add(json_data, ""garp_delay"", json_object_new_double(vrrp->garp_delay / TIMER_HZ_FLOAT)); json_object_object_add(json_data, ""garp_refresh"", json_object_new_int((int)vrrp->garp_refresh.tv_sec)); json_object_object_add(json_data, ""garp_rep"", json_object_new_int((int)vrrp->garp_rep)); json_object_object_add(json_data, ""garp_refresh_rep"", json_object_new_int((int)vrrp->garp_refresh_rep)); json_object_object_add(json_data, ""garp_lower_prio_delay"", json_object_new_int((int)(vrrp->garp_lower_prio_delay / TIMER_HZ))); json_object_object_add(json_data, ""garp_lower_prio_rep"", json_object_new_int((int)vrrp->garp_lower_prio_rep)); json_object_object_add(json_data, ""lower_prio_no_advert"", json_object_new_int((int)vrrp->lower_prio_no_advert)); json_object_object_add(json_data, ""higher_prio_send_advert"", json_object_new_int((int)vrrp->higher_prio_send_advert)); json_object_object_add(json_data, ""vrid"", json_object_new_int(vrrp->vrid)); json_object_object_add(json_data, ""base_priority"", json_object_new_int(vrrp->base_priority)); json_object_object_add(json_data, ""effective_priority"", json_object_new_int(vrrp->effective_priority)); json_object_object_add(json_data, ""vipset"", json_object_new_boolean(vrrp->vipset)); if (!LIST_ISEMPTY(vrrp->vip)) { for (f = LIST_HEAD(vrrp->vip); f; ELEMENT_NEXT(f)) { ip_address_t *vip = ELEMENT_DATA(f); char ipaddr[INET6_ADDRSTRLEN]; inet_ntop(vrrp->family, &(vip->u.sin.sin_addr.s_addr), ipaddr, INET6_ADDRSTRLEN); json_object_array_add(vips, json_object_new_string(ipaddr)); } } json_object_object_add(json_data, ""vips"", vips); if (!LIST_ISEMPTY(vrrp->evip)) { for (f = LIST_HEAD(vrrp->evip); f; ELEMENT_NEXT(f)) { ip_address_t *evip = ELEMENT_DATA(f); char ipaddr[INET6_ADDRSTRLEN]; inet_ntop(vrrp->family, &(evip->u.sin.sin_addr.s_addr), ipaddr, INET6_ADDRSTRLEN); json_object_array_add(evips, json_object_new_string(ipaddr)); } } json_object_object_add(json_data, ""evips"", evips); json_object_object_add(json_data, ""promote_secondaries"", json_object_new_boolean(vrrp->promote_secondaries)); #ifdef _HAVE_FIB_ROUTING_ if (!LIST_ISEMPTY(vrrp->vroutes)) { for (f = LIST_HEAD(vrrp->vroutes); f; ELEMENT_NEXT(f)) { ip_route_t *route = ELEMENT_DATA(f); char *buf = MALLOC(ROUTE_BUF_SIZE); format_iproute(route, buf, ROUTE_BUF_SIZE); json_object_array_add(vroutes, json_object_new_string(buf)); } } json_object_object_add(json_data, ""vroutes"", vroutes); if (!LIST_ISEMPTY(vrrp->vrules)) { for (f = LIST_HEAD(vrrp->vrules); f; ELEMENT_NEXT(f)) { ip_rule_t *rule = ELEMENT_DATA(f); char *buf = MALLOC(RULE_BUF_SIZE); format_iprule(rule, buf, RULE_BUF_SIZE); json_object_array_add(vrules, json_object_new_string(buf)); } } json_object_object_add(json_data, ""vrules"", vrules); #endif json_object_object_add(json_data, ""adver_int"", json_object_new_double(vrrp->adver_int / TIMER_HZ_FLOAT)); json_object_object_add(json_data, ""master_adver_int"", json_object_new_double(vrrp->master_adver_int / TIMER_HZ_FLOAT)); json_object_object_add(json_data, ""accept"", json_object_new_int((int)vrrp->accept)); json_object_object_add(json_data, ""nopreempt"", json_object_new_boolean(vrrp->nopreempt)); json_object_object_add(json_data, ""preempt_delay"", json_object_new_int((int)(vrrp->preempt_delay / TIMER_HZ))); json_object_object_add(json_data, ""state"", json_object_new_int(vrrp->state)); json_object_object_add(json_data, ""wantstate"", json_object_new_int(vrrp->wantstate)); json_object_object_add(json_data, ""version"", json_object_new_int(vrrp->version)); if (vrrp->script_backup) json_object_object_add(json_data, ""script_backup"", json_object_new_string(cmd_str(vrrp->script_backup))); if (vrrp->script_master) json_object_object_add(json_data, ""script_master"", json_object_new_string(cmd_str(vrrp->script_master))); if (vrrp->script_fault) json_object_object_add(json_data, ""script_fault"", json_object_new_string(cmd_str(vrrp->script_fault))); if (vrrp->script_stop) json_object_object_add(json_data, ""script_stop"", json_object_new_string(cmd_str(vrrp->script_stop))); if (vrrp->script) json_object_object_add(json_data, ""script"", json_object_new_string(cmd_str(vrrp->script))); if (vrrp->script_master_rx_lower_pri) json_object_object_add(json_data, ""script_master_rx_lower_pri"", json_object_new_string(cmd_str(vrrp->script_master_rx_lower_pri))); json_object_object_add(json_data, ""smtp_alert"", json_object_new_boolean(vrrp->smtp_alert)); #ifdef _WITH_VRRP_AUTH_ if (vrrp->auth_type) { json_object_object_add(json_data, ""auth_type"", json_object_new_int(vrrp->auth_type)); if (vrrp->auth_type != VRRP_AUTH_AH) { char auth_data[sizeof(vrrp->auth_data) + 1]; memcpy(auth_data, vrrp->auth_data, sizeof(vrrp->auth_data)); auth_data[sizeof(vrrp->auth_data)] = '\0'; json_object_object_add(json_data, ""auth_data"", json_object_new_string(auth_data)); } } else json_object_object_add(json_data, ""auth_type"", json_object_new_int(0)); #endif json_object_object_add(json_stats, ""advert_rcvd"", json_object_new_int64((int64_t)vrrp->stats->advert_rcvd)); json_object_object_add(json_stats, ""advert_sent"", json_object_new_int64(vrrp->stats->advert_sent)); json_object_object_add(json_stats, ""become_master"", json_object_new_int64(vrrp->stats->become_master)); json_object_object_add(json_stats, ""release_master"", json_object_new_int64(vrrp->stats->release_master)); json_object_object_add(json_stats, ""packet_len_err"", json_object_new_int64((int64_t)vrrp->stats->packet_len_err)); json_object_object_add(json_stats, ""advert_interval_err"", json_object_new_int64((int64_t)vrrp->stats->advert_interval_err)); json_object_object_add(json_stats, ""ip_ttl_err"", json_object_new_int64((int64_t)vrrp->stats->ip_ttl_err)); json_object_object_add(json_stats, ""invalid_type_rcvd"", json_object_new_int64((int64_t)vrrp->stats->invalid_type_rcvd)); json_object_object_add(json_stats, ""addr_list_err"", json_object_new_int64((int64_t)vrrp->stats->addr_list_err)); json_object_object_add(json_stats, ""invalid_authtype"", json_object_new_int64(vrrp->stats->invalid_authtype)); #ifdef _WITH_VRRP_AUTH_ json_object_object_add(json_stats, ""authtype_mismatch"", json_object_new_int64(vrrp->stats->authtype_mismatch)); json_object_object_add(json_stats, ""auth_failure"", json_object_new_int64(vrrp->stats->auth_failure)); #endif json_object_object_add(json_stats, ""pri_zero_rcvd"", json_object_new_int64((int64_t)vrrp->stats->pri_zero_rcvd)); json_object_object_add(json_stats, ""pri_zero_sent"", json_object_new_int64((int64_t)vrrp->stats->pri_zero_sent)); json_object_object_add(instance_json, ""data"", json_data); json_object_object_add(instance_json, ""stats"", json_stats); json_object_array_add(array, instance_json); } fprintf(file, ""%s"", json_object_to_json_string(array)); fclose(file); }",visit repo url,keepalived/vrrp/vrrp_json.c,https://github.com/acassen/keepalived,77360691633099,1 734,CWE-20,"static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int copied = 0; int target; int err = 0; long timeo; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; err = -EAGAIN; if (sk->sk_state == CAIF_CONNECTING) goto out; caif_read_lock(sk); target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); do { int chunk; struct sk_buff *skb; lock_sock(sk); skb = skb_dequeue(&sk->sk_receive_queue); caif_check_flow_release(sk); if (skb == NULL) { if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; err = -ECONNRESET; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; err = -EPIPE; if (sk->sk_state != CAIF_CONNECTED) goto unlock; if (sock_flag(sk, SOCK_DEAD)) goto unlock; release_sock(sk); err = -EAGAIN; if (!timeo) break; caif_read_unlock(sk); timeo = caif_stream_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } caif_read_lock(sk); continue; unlock: release_sock(sk); break; } release_sock(sk); chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); caif_read_unlock(sk); out: return copied ? : err; }",visit repo url,net/caif/caif_socket.c,https://github.com/torvalds/linux,221882276043621,1 20,NVD-CWE-Other,"krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, qop_req, req_output_size, max_input_size) OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; gss_qop_t qop_req; OM_uint32 req_output_size; OM_uint32 *max_input_size; { krb5_gss_ctx_id_rec *ctx; OM_uint32 data_size, conflen; OM_uint32 ohlen; int overhead; if (qop_req != GSS_C_QOP_DEFAULT) { *minor_status = (OM_uint32) G_UNKNOWN_QOP; return(GSS_S_FAILURE); } ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { *minor_status = KG_CTX_INCOMPLETE; return(GSS_S_NO_CONTEXT); } if (ctx->proto == 1) { OM_uint32 sz = req_output_size; if (conf_req_flag) { krb5_key key; krb5_enctype enctype; key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey : ctx->subkey; enctype = key->keyblock.enctype; while (sz > 0 && krb5_encrypt_size(sz, enctype) + 16 > req_output_size) sz--; if (sz > 16) sz -= 16; else sz = 0; #ifdef CFX_EXERCISE if (sz > 65535) sz -= 65535; else sz = 0; #endif } else { krb5_cksumtype cksumtype; krb5_error_code err; size_t cksumsize; cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype : ctx->cksumtype; err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize); if (err) { *minor_status = err; return GSS_S_FAILURE; } if (sz < 16 + cksumsize) sz = 0; else sz -= (16 + cksumsize); } *max_input_size = sz; *minor_status = 0; return GSS_S_COMPLETE; } overhead = 7 + ctx->mech_used->length; data_size = req_output_size; conflen = kg_confounder_size(ctx->k5_context, ctx->enc->keyblock.enctype); data_size = (conflen + data_size + 8) & (~(OM_uint32)7); ohlen = g_token_size(ctx->mech_used, (unsigned int) (data_size + ctx->cksum_size + 14)) - req_output_size; if (ohlen+overhead < req_output_size) *max_input_size = (req_output_size - ohlen - overhead) & (~(OM_uint32)7); else *max_input_size = 0; *minor_status = 0; return(GSS_S_COMPLETE); }",visit repo url,src/lib/gssapi/krb5/wrap_size_limit.c,https://github.com/krb5/krb5,58808418403269,1 1962,['CWE-20'],"static int writeout(struct address_space *mapping, struct page *page) { struct writeback_control wbc = { .sync_mode = WB_SYNC_NONE, .nr_to_write = 1, .range_start = 0, .range_end = LLONG_MAX, .nonblocking = 1, .for_reclaim = 1 }; int rc; if (!mapping->a_ops->writepage) return -EINVAL; if (!clear_page_dirty_for_io(page)) return -EAGAIN; remove_migration_ptes(page, page); rc = mapping->a_ops->writepage(page, &wbc); if (rc < 0) return -EIO; if (rc != AOP_WRITEPAGE_ACTIVATE) lock_page(page); return -EAGAIN; }",linux-2.6,,,171809630880581663456374750493499176575,0 2172,CWE-125,"static void ttm_put_pages(struct page **pages, unsigned npages, int flags, enum ttm_caching_state cstate) { struct ttm_page_pool *pool = ttm_get_pool(flags, false, cstate); #ifdef CONFIG_TRANSPARENT_HUGEPAGE struct ttm_page_pool *huge = ttm_get_pool(flags, true, cstate); #endif unsigned long irq_flags; unsigned i; if (pool == NULL) { i = 0; while (i < npages) { #ifdef CONFIG_TRANSPARENT_HUGEPAGE struct page *p = pages[i]; #endif unsigned order = 0, j; if (!pages[i]) { ++i; continue; } #ifdef CONFIG_TRANSPARENT_HUGEPAGE if (!(flags & TTM_PAGE_FLAG_DMA32)) { for (j = 0; j < HPAGE_PMD_NR; ++j) if (p++ != pages[i + j]) break; if (j == HPAGE_PMD_NR) order = HPAGE_PMD_ORDER; } #endif if (page_count(pages[i]) != 1) pr_err(""Erroneous page count. Leaking pages.\n""); __free_pages(pages[i], order); j = 1 << order; while (j) { pages[i++] = NULL; --j; } } return; } i = 0; #ifdef CONFIG_TRANSPARENT_HUGEPAGE if (huge) { unsigned max_size, n2free; spin_lock_irqsave(&huge->lock, irq_flags); while (i < npages) { struct page *p = pages[i]; unsigned j; if (!p) break; for (j = 0; j < HPAGE_PMD_NR; ++j) if (p++ != pages[i + j]) break; if (j != HPAGE_PMD_NR) break; list_add_tail(&pages[i]->lru, &huge->list); for (j = 0; j < HPAGE_PMD_NR; ++j) pages[i++] = NULL; huge->npages++; } max_size = _manager->options.max_size; max_size /= HPAGE_PMD_NR; if (huge->npages > max_size) n2free = huge->npages - max_size; else n2free = 0; spin_unlock_irqrestore(&huge->lock, irq_flags); if (n2free) ttm_page_pool_free(huge, n2free, false); } #endif spin_lock_irqsave(&pool->lock, irq_flags); while (i < npages) { if (pages[i]) { if (page_count(pages[i]) != 1) pr_err(""Erroneous page count. Leaking pages.\n""); list_add_tail(&pages[i]->lru, &pool->list); pages[i] = NULL; pool->npages++; } ++i; } npages = 0; if (pool->npages > _manager->options.max_size) { npages = pool->npages - _manager->options.max_size; if (npages < NUM_PAGES_TO_ALLOC) npages = NUM_PAGES_TO_ALLOC; } spin_unlock_irqrestore(&pool->lock, irq_flags); if (npages) ttm_page_pool_free(pool, npages, false); }",visit repo url,drivers/gpu/drm/ttm/ttm_page_alloc.c,https://github.com/torvalds/linux,173823049208246,1 4130,[],"static int __devinit ibwdt_probe(struct platform_device *dev) { int res; #if WDT_START != WDT_STOP if (!request_region(WDT_STOP, 1, ""IB700 WDT"")) { printk(KERN_ERR PFX ""STOP method I/O %X is not available.\n"", WDT_STOP); res = -EIO; goto out_nostopreg; } #endif if (!request_region(WDT_START, 1, ""IB700 WDT"")) { printk(KERN_ERR PFX ""START method I/O %X is not available.\n"", WDT_START); res = -EIO; goto out_nostartreg; } res = misc_register(&ibwdt_miscdev); if (res) { printk(KERN_ERR PFX ""failed to register misc device\n""); goto out_nomisc; } return 0; out_nomisc: release_region(WDT_START, 1); out_nostartreg: #if WDT_START != WDT_STOP release_region(WDT_STOP, 1); #endif out_nostopreg: return res; }",linux-2.6,,,59461602115580159770478822161492462687,0 4742,CWE-347,"static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, bigint *modulus, bigint *pub_exp) { int i, size; bigint *decrypted_bi, *dat_bi; bigint *bir = NULL; uint8_t *block = (uint8_t *)malloc(sig_len); dat_bi = bi_import(ctx, sig, sig_len); ctx->mod_offset = BIGINT_M_OFFSET; decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp); bi_export(ctx, decrypted_bi, block, sig_len); ctx->mod_offset = BIGINT_M_OFFSET; i = 10; while (block[i++] && i < sig_len); size = sig_len - i; if (size > 0) { int len; const uint8_t *sig_ptr = get_signature(&block[i], &len); if (sig_ptr) { bir = bi_import(ctx, sig_ptr, len); } } free(block); bi_clear_cache(ctx); return bir; }",visit repo url,ssl/x509.c,https://github.com/igrr/axtls-8266,125222013541284,1 6616,CWE-362,"int main(int argc, char **argv, char **envp) { int opt; while ((opt = getopt(argc, argv, ""b:h:k:p:q:w:z:xv"")) != -1) { switch (opt) { case 'b': tmate_settings->bind_addr = xstrdup(optarg); break; case 'h': tmate_settings->tmate_host = xstrdup(optarg); break; case 'k': tmate_settings->keys_dir = xstrdup(optarg); break; case 'p': tmate_settings->ssh_port = atoi(optarg); break; case 'q': tmate_settings->ssh_port_advertized = atoi(optarg); break; case 'w': tmate_settings->websocket_hostname = xstrdup(optarg); break; case 'z': tmate_settings->websocket_port = atoi(optarg); break; case 'x': tmate_settings->use_proxy_protocol = true; break; case 'v': tmate_settings->log_level++; break; default: usage(); return 1; } } init_logging(tmate_settings->log_level); setup_locale(); if (!tmate_settings->tmate_host) tmate_settings->tmate_host = get_full_hostname(); cmdline = *argv; cmdline_end = *envp; tmate_preload_trace_lib(); tmate_catch_sigsegv(); tmate_init_rand(); if ((mkdir(TMATE_WORKDIR, 0701) < 0 && errno != EEXIST) || (mkdir(TMATE_WORKDIR ""/sessions"", 0703) < 0 && errno != EEXIST) || (mkdir(TMATE_WORKDIR ""/jail"", 0700) < 0 && errno != EEXIST)) tmate_fatal(""Cannot prepare session in "" TMATE_WORKDIR); if ((chmod(TMATE_WORKDIR, 0701) < 0) || (chmod(TMATE_WORKDIR ""/sessions"", 0703) < 0) || (chmod(TMATE_WORKDIR ""/jail"", 0700) < 0)) tmate_fatal(""Cannot prepare session in "" TMATE_WORKDIR); tmate_ssh_server_main(tmate_session, tmate_settings->keys_dir, tmate_settings->bind_addr, tmate_settings->ssh_port); return 0; }",visit repo url,tmate-main.c,https://github.com/tmate-io/tmate-ssh-server,177160344375645,1 4143,['CWE-399'],"int avahi_server_set_browse_domains(AvahiServer *s, AvahiStringList *domains) { AvahiStringList *l; assert(s); for (l = s->config.browse_domains; l; l = l->next) if (!avahi_is_valid_domain_name((char*) l->text)) return avahi_server_set_errno(s, AVAHI_ERR_INVALID_DOMAIN_NAME); avahi_string_list_free(s->config.browse_domains); s->config.browse_domains = avahi_string_list_copy(domains); return AVAHI_OK; }",avahi,,,339622068746724375826664513084199030602,0 3954,['CWE-362'],"static void audit_remove_parent_watches(struct audit_parent *parent) { struct audit_watch *w, *nextw; struct audit_krule *r, *nextr; struct audit_entry *e; mutex_lock(&audit_filter_mutex); parent->flags |= AUDIT_PARENT_INVALID; list_for_each_entry_safe(w, nextw, &parent->watches, wlist) { list_for_each_entry_safe(r, nextr, &w->rules, rlist) { e = container_of(r, struct audit_entry, rule); if (audit_enabled) { struct audit_buffer *ab; ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); audit_log_format(ab, ""auid=%u ses=%u"", audit_get_loginuid(current), audit_get_sessionid(current)); audit_log_format(ab, "" op=remove rule path=""); audit_log_untrustedstring(ab, w->path); if (r->filterkey) { audit_log_format(ab, "" key=""); audit_log_untrustedstring(ab, r->filterkey); } else audit_log_format(ab, "" key=(null)""); audit_log_format(ab, "" list=%d res=1"", r->listnr); audit_log_end(ab); } list_del(&r->rlist); list_del_rcu(&e->list); call_rcu(&e->rcu, audit_free_rule_rcu); } audit_remove_watch(w); } mutex_unlock(&audit_filter_mutex); }",linux-2.6,,,337914458722083707844270901497492295054,0 746,['CWE-119'],"isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup) { char *eaz; int si1; int si2; int ematch; int wret; int swapped; int sidx = 0; u_long flags; isdn_net_dev *p; isdn_net_phone *n; char nr[ISDN_MSNLEN]; char *my_eaz; if (!setup->phone[0]) { nr[0] = '0'; nr[1] = '\0'; printk(KERN_INFO ""isdn_net: Incoming call without OAD, assuming '0'\n""); } else strlcpy(nr, setup->phone, ISDN_MSNLEN); si1 = (int) setup->si1; si2 = (int) setup->si2; if (!setup->eazmsn[0]) { printk(KERN_WARNING ""isdn_net: Incoming call without CPN, assuming '0'\n""); eaz = ""0""; } else eaz = setup->eazmsn; if (dev->net_verbose > 1) printk(KERN_INFO ""isdn_net: call from %s,%d,%d -> %s\n"", nr, si1, si2, eaz); if ((si1 != 7) && (si1 != 1)) { if (dev->net_verbose > 1) printk(KERN_INFO ""isdn_net: Service-Indicator not 1 or 7, ignored\n""); return 0; } n = (isdn_net_phone *) 0; p = dev->netdev; ematch = wret = swapped = 0; #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: di=%d ch=%d idx=%d usg=%d\n"", di, ch, idx, dev->usage[idx]); #endif while (p) { int matchret; isdn_net_local *lp = p->local; switch (swapped) { case 2: isdn_net_swap_usage(idx, sidx); case 1: isdn_net_swapbind(di); break; } swapped = 0; my_eaz = isdn_map_eaz2msn(lp->msn, di); if (si1 == 1) { if (*my_eaz == 'v' || *my_eaz == 'V' || *my_eaz == 'b' || *my_eaz == 'B') my_eaz++; else my_eaz = NULL; } else { if (*my_eaz == 'b' || *my_eaz == 'B') my_eaz++; } if (my_eaz) matchret = isdn_msncmp(eaz, my_eaz); else matchret = 1; if (!matchret) ematch = 1; if (matchret > wret) wret = matchret; #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: if='%s', l.msn=%s, l.flags=%d, l.dstate=%d\n"", p->dev->name, lp->msn, lp->flags, lp->dialstate); #endif if ((!matchret) && (((!(lp->flags & ISDN_NET_CONNECTED)) && (USG_NONE(dev->usage[idx]))) || ((((lp->dialstate == 4) || (lp->dialstate == 12)) && (!(lp->flags & ISDN_NET_CALLBACK))) ))) { #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: match1, pdev=%d pch=%d\n"", lp->pre_device, lp->pre_channel); #endif if (dev->usage[idx] & ISDN_USAGE_EXCLUSIVE) { if ((lp->pre_channel != ch) || (lp->pre_device != di)) { if (ch == 0) { sidx = isdn_dc2minor(di, 1); #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: ch is 0\n""); #endif if (USG_NONE(dev->usage[sidx])) { if (dev->usage[sidx] & ISDN_USAGE_EXCLUSIVE) { #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: 2nd channel is down and bound\n""); #endif if ((lp->pre_device == di) && (lp->pre_channel == 1)) { isdn_net_swapbind(di); swapped = 1; } else { p = (isdn_net_dev *) p->next; continue; } } else { #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: 2nd channel is down and unbound\n""); #endif isdn_net_swap_usage(idx, sidx); isdn_net_swapbind(di); swapped = 2; } #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: final check\n""); #endif if ((dev->usage[idx] & ISDN_USAGE_EXCLUSIVE) && ((lp->pre_channel != ch) || (lp->pre_device != di))) { #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: final check failed\n""); #endif p = (isdn_net_dev *) p->next; continue; } } } else { #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: already on 2nd channel\n""); #endif } } } #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: match2\n""); #endif n = lp->phone[0]; if (lp->flags & ISDN_NET_SECURE) { while (n) { if (!isdn_msncmp(nr, n->num)) break; n = (isdn_net_phone *) n->next; } } if (n || (!(lp->flags & ISDN_NET_SECURE))) { #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: match3\n""); #endif if (ISDN_NET_DIALMODE(*lp) == ISDN_NET_DM_OFF) { printk(KERN_INFO ""incoming call, interface %s `stopped' -> rejected\n"", p->dev->name); return 3; } if (!isdn_net_device_started(p)) { printk(KERN_INFO ""%s: incoming call, interface down -> rejected\n"", p->dev->name); return 3; } if (lp->master) { isdn_net_local *mlp = (isdn_net_local *) lp->master->priv; printk(KERN_DEBUG ""ICALLslv: %s\n"", p->dev->name); printk(KERN_DEBUG ""master=%s\n"", lp->master->name); if (mlp->flags & ISDN_NET_CONNECTED) { printk(KERN_DEBUG ""master online\n""); while (mlp->slave) { if ((isdn_net_local *) mlp->slave->priv == lp) break; mlp = (isdn_net_local *) mlp->slave->priv; } } else printk(KERN_DEBUG ""master offline\n""); printk(KERN_DEBUG ""mlpf: %d\n"", mlp->flags & ISDN_NET_CONNECTED); if (!(mlp->flags & ISDN_NET_CONNECTED)) { p = (isdn_net_dev *) p->next; continue; } } if (lp->flags & ISDN_NET_CALLBACK) { int chi; if (ISDN_NET_DIALMODE(*lp) == ISDN_NET_DM_OFF) { printk(KERN_INFO ""incoming call for callback, interface %s `off' -> rejected\n"", p->dev->name); return 3; } printk(KERN_DEBUG ""%s: call from %s -> %s, start callback\n"", p->dev->name, nr, eaz); if (lp->phone[1]) { spin_lock_irqsave(&dev->lock, flags); if ((chi = isdn_get_free_channel( ISDN_USAGE_NET, lp->l2_proto, lp->l3_proto, lp->pre_device, lp->pre_channel, lp->msn) ) < 0) { printk(KERN_WARNING ""isdn_net_find_icall: No channel for %s\n"", p->dev->name); spin_unlock_irqrestore(&dev->lock, flags); return 0; } lp->dtimer = 0; lp->dialstate = 11; isdn_net_bind_channel(lp, chi); #ifdef CONFIG_ISDN_PPP if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP) if (isdn_ppp_bind(lp) < 0) { spin_unlock_irqrestore(&dev->lock, flags); isdn_net_unbind_channel(lp); return 0; } #endif spin_unlock_irqrestore(&dev->lock, flags); return (lp->flags & ISDN_NET_CBHUP) ? 2 : 4; } else printk(KERN_WARNING ""isdn_net: %s: No phone number\n"", p->dev->name); return 0; } else { printk(KERN_DEBUG ""%s: call from %s -> %s accepted\n"", p->dev->name, nr, eaz); if ((lp->dialstate == 4) || (lp->dialstate == 12)) { #ifdef CONFIG_ISDN_PPP if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP) isdn_ppp_free(lp); #endif isdn_net_lp_disconnected(lp); isdn_free_channel(lp->isdn_device, lp->isdn_channel, ISDN_USAGE_NET); } spin_lock_irqsave(&dev->lock, flags); dev->usage[idx] &= ISDN_USAGE_EXCLUSIVE; dev->usage[idx] |= ISDN_USAGE_NET; strcpy(dev->num[idx], nr); isdn_info_update(); dev->st_netdev[idx] = lp->netdev; lp->isdn_device = di; lp->isdn_channel = ch; lp->ppp_slot = -1; lp->flags |= ISDN_NET_CONNECTED; lp->dialstate = 7; lp->dtimer = 0; lp->outgoing = 0; lp->huptimer = 0; lp->hupflags |= ISDN_WAITCHARGE; lp->hupflags &= ~ISDN_HAVECHARGE; #ifdef CONFIG_ISDN_PPP if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP) { if (isdn_ppp_bind(lp) < 0) { isdn_net_unbind_channel(lp); spin_unlock_irqrestore(&dev->lock, flags); return 0; } } #endif spin_unlock_irqrestore(&dev->lock, flags); return 1; } } } p = (isdn_net_dev *) p->next; } if (!ematch || dev->net_verbose) printk(KERN_INFO ""isdn_net: call from %s -> %d %s ignored\n"", nr, di, eaz); return (wret == 2)?5:0; }",linux-2.6,,,74171390323547040028123098011982912780,0 5008,['CWE-120'],"size_t util_path_decode(char *s) { size_t i, j; for (i = 0, j = 0; s[i] != '\0'; j++) { if (memcmp(&s[i], ""\\x2f"", 4) == 0) { s[j] = '/'; i += 4; }else if (memcmp(&s[i], ""\\x5c"", 4) == 0) { s[j] = '\\'; i += 4; } else { s[j] = s[i]; i++; } } s[j] = '\0'; return j; }",udev,,,297756171302182811913715277893426430120,0 5338,['CWE-476'],"static int load_state_from_tss32(struct kvm_vcpu *vcpu, struct tss_segment_32 *tss) { kvm_set_cr3(vcpu, tss->cr3); kvm_rip_write(vcpu, tss->eip); kvm_x86_ops->set_rflags(vcpu, tss->eflags | 2); kvm_register_write(vcpu, VCPU_REGS_RAX, tss->eax); kvm_register_write(vcpu, VCPU_REGS_RCX, tss->ecx); kvm_register_write(vcpu, VCPU_REGS_RDX, tss->edx); kvm_register_write(vcpu, VCPU_REGS_RBX, tss->ebx); kvm_register_write(vcpu, VCPU_REGS_RSP, tss->esp); kvm_register_write(vcpu, VCPU_REGS_RBP, tss->ebp); kvm_register_write(vcpu, VCPU_REGS_RSI, tss->esi); kvm_register_write(vcpu, VCPU_REGS_RDI, tss->edi); if (kvm_load_segment_descriptor(vcpu, tss->ldt_selector, 0, VCPU_SREG_LDTR)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->es, 1, VCPU_SREG_ES)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->cs, 9, VCPU_SREG_CS)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->ss, 1, VCPU_SREG_SS)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->ds, 1, VCPU_SREG_DS)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->fs, 1, VCPU_SREG_FS)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->gs, 1, VCPU_SREG_GS)) return 1; return 0; }",linux-2.6,,,91216541921484434985336106670825772222,0 5626,[],"SYSCALL_DEFINE4(rt_tgsigqueueinfo, pid_t, tgid, pid_t, pid, int, sig, siginfo_t __user *, uinfo) { siginfo_t info; if (copy_from_user(&info, uinfo, sizeof(siginfo_t))) return -EFAULT; return do_rt_tgsigqueueinfo(tgid, pid, sig, &info); }",linux-2.6,,,53188395499382553326909432084671485937,0 4565,CWE-1077,"static u32 swf_get_32(SWFReader *read) { u32 val, res; val = swf_read_int(read, 32); res = (val&0xFF); res <<=8; res |= ((val>>8)&0xFF); res<<=8; res |= ((val>>16)&0xFF); res<<=8; res|= ((val>>24)&0xFF); return res; }",visit repo url,src/scene_manager/swf_parse.c,https://github.com/gpac/gpac,62502078206036,1 6156,['CWE-200'],"static inline struct neigh_parms *lookup_neigh_params(struct neigh_table *tbl, int ifindex) { struct neigh_parms *p; for (p = &tbl->parms; p; p = p->next) if ((p->dev && p->dev->ifindex == ifindex) || (!p->dev && !ifindex)) return p; return NULL; }",linux-2.6,,,244795466548406759314725159783379524250,0 3979,['CWE-362'],"static inline struct inotify_handle *inotify_init(const struct inotify_operations *ops) { return ERR_PTR(-EOPNOTSUPP); }",linux-2.6,,,107348955137286099072713308307957511030,0 794,CWE-20,"static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sockaddr_llc *uaddr = (struct sockaddr_llc *)msg->msg_name; const int nonblock = flags & MSG_DONTWAIT; struct sk_buff *skb = NULL; struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); unsigned long cpu_flags; size_t copied = 0; u32 peek_seq = 0; u32 *seq; unsigned long used; int target; long timeo; msg->msg_namelen = 0; lock_sock(sk); copied = -ENOTCONN; if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) goto out; timeo = sock_rcvtimeo(sk, nonblock); seq = &llc->copied_seq; if (flags & MSG_PEEK) { peek_seq = llc->copied_seq; seq = &peek_seq; } target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); copied = 0; do { u32 offset; if (signal_pending(current)) { if (copied) break; copied = timeo ? sock_intr_errno(timeo) : -EAGAIN; break; } skb = skb_peek(&sk->sk_receive_queue); if (skb) { offset = *seq; goto found_ok_skb; } if (copied >= target && !sk->sk_backlog.tail) break; if (copied) { if (sk->sk_err || sk->sk_state == TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN) || !timeo || (flags & MSG_PEEK)) break; } else { if (sock_flag(sk, SOCK_DONE)) break; if (sk->sk_err) { copied = sock_error(sk); break; } if (sk->sk_shutdown & RCV_SHUTDOWN) break; if (sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_CLOSE) { if (!sock_flag(sk, SOCK_DONE)) { copied = -ENOTCONN; break; } break; } if (!timeo) { copied = -EAGAIN; break; } } if (copied >= target) { release_sock(sk); lock_sock(sk); } else sk_wait_data(sk, &timeo); if ((flags & MSG_PEEK) && peek_seq != llc->copied_seq) { net_dbg_ratelimited(""LLC(%s:%d): Application bug, race in MSG_PEEK\n"", current->comm, task_pid_nr(current)); peek_seq = llc->copied_seq; } continue; found_ok_skb: used = skb->len - offset; if (len < used) used = len; if (!(flags & MSG_TRUNC)) { int rc = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, used); if (rc) { if (!copied) copied = -EFAULT; break; } } *seq += used; copied += used; len -= used; if (sk->sk_type != SOCK_STREAM) goto copy_uaddr; if (!(flags & MSG_PEEK)) { spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags); sk_eat_skb(sk, skb, false); spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags); *seq = 0; } if (used + offset < skb->len) continue; } while (len > 0); out: release_sock(sk); return copied; copy_uaddr: if (uaddr != NULL && skb != NULL) { memcpy(uaddr, llc_ui_skb_cb(skb), sizeof(*uaddr)); msg->msg_namelen = sizeof(*uaddr); } if (llc_sk(sk)->cmsg_flags) llc_cmsg_rcv(msg, skb); if (!(flags & MSG_PEEK)) { spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags); sk_eat_skb(sk, skb, false); spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags); *seq = 0; } goto out; }",visit repo url,net/llc/af_llc.c,https://github.com/torvalds/linux,150059117372885,1 5710,CWE-416,"void luaT_getvarargs (lua_State *L, CallInfo *ci, StkId where, int wanted) { int i; int nextra = ci->u.l.nextraargs; if (wanted < 0) { wanted = nextra; checkstackp(L, nextra, where); L->top = where + nextra; } for (i = 0; i < wanted && i < nextra; i++) setobjs2s(L, where + i, ci->func - nextra + i); for (; i < wanted; i++) setnilvalue(s2v(where + i)); }",visit repo url,ltm.c,https://github.com/lua/lua,204885896458001,1 1006,['CWE-94'],"static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe, struct pipe_buffer *buf) { page_cache_release(buf->page); buf->flags &= ~PIPE_BUF_FLAG_LRU; }",linux-2.6,,,319694320237170388866633984932351586444,0 5506,CWE-125,"indenterror(struct tok_state *tok) { if (tok->alterror) { tok->done = E_TABSPACE; tok->cur = tok->inp; return 1; } if (tok->altwarning) { #ifdef PGEN PySys_WriteStderr(""inconsistent use of tabs and spaces "" ""in indentation\n""); #else PySys_FormatStderr(""%U: inconsistent use of tabs and spaces "" ""in indentation\n"", tok->filename); #endif tok->altwarning = 0; } return 0; }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,143748082875943,1 4717,CWE-78,"int imap_subscribe(char *path, bool subscribe) { struct ImapData *idata = NULL; char buf[LONG_STRING]; char mbox[LONG_STRING]; char errstr[STRING]; struct Buffer err, token; struct ImapMbox mx; if (!mx_is_imap(path) || imap_parse_path(path, &mx) || !mx.mbox) { mutt_error(_(""Bad mailbox name"")); return -1; } idata = imap_conn_find(&(mx.account), 0); if (!idata) goto fail; imap_fix_path(idata, mx.mbox, buf, sizeof(buf)); if (!*buf) mutt_str_strfcpy(buf, ""INBOX"", sizeof(buf)); if (ImapCheckSubscribed) { mutt_buffer_init(&token); mutt_buffer_init(&err); err.data = errstr; err.dsize = sizeof(errstr); snprintf(mbox, sizeof(mbox), ""%smailboxes \""%s\"""", subscribe ? """" : ""un"", path); if (mutt_parse_rc_line(mbox, &token, &err)) mutt_debug(1, ""Error adding subscribed mailbox: %s\n"", errstr); FREE(&token.data); } if (subscribe) mutt_message(_(""Subscribing to %s...""), buf); else mutt_message(_(""Unsubscribing from %s...""), buf); imap_munge_mbox_name(idata, mbox, sizeof(mbox), buf); snprintf(buf, sizeof(buf), ""%sSUBSCRIBE %s"", subscribe ? """" : ""UN"", mbox); if (imap_exec(idata, buf, 0) < 0) goto fail; imap_unmunge_mbox_name(idata, mx.mbox); if (subscribe) mutt_message(_(""Subscribed to %s""), mx.mbox); else mutt_message(_(""Unsubscribed from %s""), mx.mbox); FREE(&mx.mbox); return 0; fail: FREE(&mx.mbox); return -1; }",visit repo url,imap/imap.c,https://github.com/neomutt/neomutt,6432007124570,1 2450,CWE-119,"static void scsi_read_complete(void * opaque, int ret) { SCSIDiskReq *r = (SCSIDiskReq *)opaque; SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); int n; if (r->req.aiocb != NULL) { r->req.aiocb = NULL; bdrv_acct_done(s->bs, &r->acct); } if (ret) { if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_READ)) { return; } } DPRINTF(""Data ready tag=0x%x len=%zd\n"", r->req.tag, r->iov.iov_len); n = r->iov.iov_len / 512; r->sector += n; r->sector_count -= n; scsi_req_data(&r->req, r->iov.iov_len); }",visit repo url,hw/scsi-disk.c,https://github.com/bonzini/qemu,185160537799203,1 3256,CWE-125,"ikev2_t_print(netdissect_options *ndo, int tcount, const struct isakmp_gen *ext, u_int item_len, const u_char *ep) { const struct ikev2_t *p; struct ikev2_t t; uint16_t t_id; const u_char *cp; const char *idstr; const struct attrmap *map; size_t nmap; const u_char *ep2; p = (const struct ikev2_t *)ext; ND_TCHECK(*p); UNALIGNED_MEMCPY(&t, ext, sizeof(t)); ikev2_pay_print(ndo, NPSTR(ISAKMP_NPTYPE_T), t.h.critical); t_id = ntohs(t.t_id); map = NULL; nmap = 0; switch (t.t_type) { case IV2_T_ENCR: idstr = STR_OR_ID(t_id, esp_p_map); map = encr_t_map; nmap = sizeof(encr_t_map)/sizeof(encr_t_map[0]); break; case IV2_T_PRF: idstr = STR_OR_ID(t_id, prf_p_map); break; case IV2_T_INTEG: idstr = STR_OR_ID(t_id, integ_p_map); break; case IV2_T_DH: idstr = STR_OR_ID(t_id, dh_p_map); break; case IV2_T_ESN: idstr = STR_OR_ID(t_id, esn_p_map); break; default: idstr = NULL; break; } if (idstr) ND_PRINT((ndo,"" #%u type=%s id=%s "", tcount, STR_OR_ID(t.t_type, ikev2_t_type_map), idstr)); else ND_PRINT((ndo,"" #%u type=%s id=%u "", tcount, STR_OR_ID(t.t_type, ikev2_t_type_map), t.t_id)); cp = (const u_char *)(p + 1); ep2 = (const u_char *)p + item_len; while (cp < ep && cp < ep2) { if (map && nmap) { cp = ikev1_attrmap_print(ndo, cp, (ep < ep2) ? ep : ep2, map, nmap); } else cp = ikev1_attr_print(ndo, cp, (ep < ep2) ? ep : ep2); } if (ep < ep2) ND_PRINT((ndo,""..."")); return cp; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(ISAKMP_NPTYPE_T))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,232965527617965,1 355,[],"pfm_mask_monitoring(struct task_struct *task) { pfm_context_t *ctx = PFM_GET_CTX(task); unsigned long mask, val, ovfl_mask; int i; DPRINT_ovfl((""masking monitoring for [%d]\n"", task->pid)); ovfl_mask = pmu_conf->ovfl_val; mask = ctx->ctx_used_pmds[0]; for (i = 0; mask; i++, mask>>=1) { if ((mask & 0x1) == 0) continue; val = ia64_get_pmd(i); if (PMD_IS_COUNTING(i)) { ctx->ctx_pmds[i].val += (val & ovfl_mask); } else { ctx->ctx_pmds[i].val = val; } DPRINT_ovfl((""pmd[%d]=0x%lx hw_pmd=0x%lx\n"", i, ctx->ctx_pmds[i].val, val & ovfl_mask)); } mask = ctx->ctx_used_monitors[0] >> PMU_FIRST_COUNTER; for(i= PMU_FIRST_COUNTER; mask; i++, mask>>=1) { if ((mask & 0x1) == 0UL) continue; ia64_set_pmc(i, ctx->th_pmcs[i] & ~0xfUL); ctx->th_pmcs[i] &= ~0xfUL; DPRINT_ovfl((""pmc[%d]=0x%lx\n"", i, ctx->th_pmcs[i])); } ia64_srlz_d(); }",linux-2.6,,,58522208225978681981059079005233006810,0 115,NVD-CWE-Other,"check_1_6_dummy(kadm5_principal_ent_t entry, long mask, int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, char **passptr) { int i; char *password = *passptr; if (!(mask & KADM5_ATTRIBUTES) || !(entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX)) return; for (i = 0; (unsigned char) password[i] == i + 1; i++); if (password[i] != '\0' || i != 255) return; *passptr = NULL; }",visit repo url,src/lib/kadm5/srv/svr_principal.c,https://github.com/krb5/krb5,189564086063391,1 804,CWE-20,"static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; size_t copied; struct sk_buff *skb; int er; lock_sock(sk); if (sk->sk_state != TCP_ESTABLISHED) { release_sock(sk); return -ENOTCONN; } if ((skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &er)) == NULL) { release_sock(sk); return er; } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } er = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (er < 0) { skb_free_datagram(sk, skb); release_sock(sk); return er; } if (sax != NULL) { memset(sax, 0, sizeof(*sax)); sax->sax25_family = AF_NETROM; skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, AX25_ADDR_LEN); } msg->msg_namelen = sizeof(*sax); skb_free_datagram(sk, skb); release_sock(sk); return copied; }",visit repo url,net/netrom/af_netrom.c,https://github.com/torvalds/linux,173317170707187,1 5781,['CWE-200']," __releases(rose_list_lock) { spin_unlock_bh(&rose_list_lock); }",linux-2.6,,,109768626389143632648721351914523160432,0 5947,CWE-120,"jsi_wsGetHeaders(jsi_wsPss *pss, struct lws *wsi, Jsi_DString* dStr, int lens[], int hmax) { int n = 0, i = 0, nlen; char buf[1000]; const char *cp; while ((cp = (char*)lws_token_to_string((enum lws_token_indexes)n))) { int len = lws_hdr_copy(wsi, buf, sizeof(buf), ( enum lws_token_indexes)n); n++; if (i>=(n*2+2)) break; if (len<=0) continue; buf[sizeof(buf)-1] = 0; if (!buf[0]) continue; nlen = Jsi_Strlen(cp); if (nlen>0 && cp[nlen-1]==' ') nlen--; if (nlen>0 && cp[nlen-1]==':') nlen--; Jsi_DSAppendLen(dStr, cp, nlen); Jsi_DSAppend(dStr, ""="", buf, ""\n"", NULL); if (lens) { lens[i++] = nlen; lens[i++] = Jsi_Strlen(buf); } } return i; }",visit repo url,src/jsiWebSocket.c,https://github.com/pcmacdon/jsish,266327918519488,1 3208,CWE-125,"l2tp_result_code_print(netdissect_options *ndo, const u_char *dat, u_int length) { const uint16_t *ptr = (const uint16_t *)dat; ND_PRINT((ndo, ""%u"", EXTRACT_16BITS(ptr))); ptr++; if (length > 2) { ND_PRINT((ndo, ""/%u"", EXTRACT_16BITS(ptr))); ptr++; } if (length > 4) { ND_PRINT((ndo, "" "")); print_string(ndo, (const u_char *)ptr, length - 4); } }",visit repo url,print-l2tp.c,https://github.com/the-tcpdump-group/tcpdump,109608576841155,1 4892,['CWE-399'],"static inline void highlight_pointer(const int where) { complement_pos(sel_cons, where); }",linux-2.6,,,89608649581949747241727478948991965699,0 270,CWE-362,"static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, int closing, int tx_ring) { struct pgv *pg_vec = NULL; struct packet_sock *po = pkt_sk(sk); int was_running, order = 0; struct packet_ring_buffer *rb; struct sk_buff_head *rb_queue; __be16 num; int err = -EINVAL; struct tpacket_req *req = &req_u->req; if (!closing && tx_ring && (po->tp_version > TPACKET_V2)) { net_warn_ratelimited(""Tx-ring is not supported.\n""); goto out; } rb = tx_ring ? &po->tx_ring : &po->rx_ring; rb_queue = tx_ring ? &sk->sk_write_queue : &sk->sk_receive_queue; err = -EBUSY; if (!closing) { if (atomic_read(&po->mapped)) goto out; if (packet_read_pending(rb)) goto out; } if (req->tp_block_nr) { err = -EBUSY; if (unlikely(rb->pg_vec)) goto out; switch (po->tp_version) { case TPACKET_V1: po->tp_hdrlen = TPACKET_HDRLEN; break; case TPACKET_V2: po->tp_hdrlen = TPACKET2_HDRLEN; break; case TPACKET_V3: po->tp_hdrlen = TPACKET3_HDRLEN; break; } err = -EINVAL; if (unlikely((int)req->tp_block_size <= 0)) goto out; if (unlikely(!PAGE_ALIGNED(req->tp_block_size))) goto out; if (po->tp_version >= TPACKET_V3 && (int)(req->tp_block_size - BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) goto out; if (unlikely(req->tp_frame_size < po->tp_hdrlen + po->tp_reserve)) goto out; if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1))) goto out; rb->frames_per_block = req->tp_block_size / req->tp_frame_size; if (unlikely(rb->frames_per_block == 0)) goto out; if (unlikely((rb->frames_per_block * req->tp_block_nr) != req->tp_frame_nr)) goto out; err = -ENOMEM; order = get_order(req->tp_block_size); pg_vec = alloc_pg_vec(req, order); if (unlikely(!pg_vec)) goto out; switch (po->tp_version) { case TPACKET_V3: if (!tx_ring) init_prb_bdqc(po, rb, pg_vec, req_u); break; default: break; } } else { err = -EINVAL; if (unlikely(req->tp_frame_nr)) goto out; } lock_sock(sk); spin_lock(&po->bind_lock); was_running = po->running; num = po->num; if (was_running) { po->num = 0; __unregister_prot_hook(sk, false); } spin_unlock(&po->bind_lock); synchronize_net(); err = -EBUSY; mutex_lock(&po->pg_vec_lock); if (closing || atomic_read(&po->mapped) == 0) { err = 0; spin_lock_bh(&rb_queue->lock); swap(rb->pg_vec, pg_vec); rb->frame_max = (req->tp_frame_nr - 1); rb->head = 0; rb->frame_size = req->tp_frame_size; spin_unlock_bh(&rb_queue->lock); swap(rb->pg_vec_order, order); swap(rb->pg_vec_len, req->tp_block_nr); rb->pg_vec_pages = req->tp_block_size/PAGE_SIZE; po->prot_hook.func = (po->rx_ring.pg_vec) ? tpacket_rcv : packet_rcv; skb_queue_purge(rb_queue); if (atomic_read(&po->mapped)) pr_err(""packet_mmap: vma is busy: %d\n"", atomic_read(&po->mapped)); } mutex_unlock(&po->pg_vec_lock); spin_lock(&po->bind_lock); if (was_running) { po->num = num; register_prot_hook(sk); } spin_unlock(&po->bind_lock); if (closing && (po->tp_version > TPACKET_V2)) { if (!tx_ring) prb_shutdown_retire_blk_timer(po, rb_queue); } release_sock(sk); if (pg_vec) free_pg_vec(pg_vec, order, req->tp_block_nr); out: return err; }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,220400262189082,1 1096,['CWE-399'],"asmlinkage int sys_rt_sigreturn(unsigned long __unused) { struct pt_regs *regs = (struct pt_regs *) &__unused; struct rt_sigframe __user *frame = (struct rt_sigframe __user *)(regs->sp - 4); sigset_t set; int ax; if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) goto badframe; if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) goto badframe; sigdelsetmask(&set, ~_BLOCKABLE); spin_lock_irq(¤t->sighand->siglock); current->blocked = set; recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); if (restore_sigcontext(regs, &frame->uc.uc_mcontext, &ax)) goto badframe; if (do_sigaltstack(&frame->uc.uc_stack, NULL, regs->sp) == -EFAULT) goto badframe; return ax; badframe: force_sig(SIGSEGV, current); return 0; } ",linux-2.6,,,325093209536129468656586565628936253474,0 4095,['CWE-399'],"bsg_validate_sgv4_hdr(struct request_queue *q, struct sg_io_v4 *hdr, int *rw) { int ret = 0; if (hdr->guard != 'Q') return -EINVAL; if (hdr->dout_xfer_len > (q->max_sectors << 9) || hdr->din_xfer_len > (q->max_sectors << 9)) return -EIO; switch (hdr->protocol) { case BSG_PROTOCOL_SCSI: switch (hdr->subprotocol) { case BSG_SUB_PROTOCOL_SCSI_CMD: case BSG_SUB_PROTOCOL_SCSI_TRANSPORT: break; default: ret = -EINVAL; } break; default: ret = -EINVAL; } *rw = hdr->dout_xfer_len ? WRITE : READ; return ret; }",linux-2.6,,,45191116639049280713685502789784662898,0 3728,CWE-908,"int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { uint32_t chan_chunk = 0, channel_layout = 0, bcount; unsigned char *channel_identities = NULL; unsigned char *channel_reorder = NULL; int64_t total_samples = 0, infilesize; CAFFileHeader caf_file_header; CAFChunkHeader caf_chunk_header; CAFAudioFormat caf_audio_format; int i; infilesize = DoGetFileSize (infile); memcpy (&caf_file_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &caf_file_header) + 4, sizeof (CAFFileHeader) - 4, &bcount) || bcount != sizeof (CAFFileHeader) - 4)) { error_line (""%s is not a valid .CAF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &caf_file_header, sizeof (CAFFileHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&caf_file_header, CAFFileHeaderFormat); if (caf_file_header.mFileVersion != 1) { error_line (""%s: can't handle version %d .CAF files!"", infilename, caf_file_header.mFileVersion); return WAVPACK_SOFT_ERROR; } while (1) { if (!DoReadFile (infile, &caf_chunk_header, sizeof (CAFChunkHeader), &bcount) || bcount != sizeof (CAFChunkHeader)) { error_line (""%s is not a valid .CAF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &caf_chunk_header, sizeof (CAFChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&caf_chunk_header, CAFChunkHeaderFormat); if (!strncmp (caf_chunk_header.mChunkType, ""desc"", 4)) { int supported = TRUE; if (caf_chunk_header.mChunkSize != sizeof (CAFAudioFormat) || !DoReadFile (infile, &caf_audio_format, (uint32_t) caf_chunk_header.mChunkSize, &bcount) || bcount != caf_chunk_header.mChunkSize) { error_line (""%s is not a valid .CAF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &caf_audio_format, (uint32_t) caf_chunk_header.mChunkSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&caf_audio_format, CAFAudioFormatFormat); if (debug_logging_mode) { char formatstr [5]; memcpy (formatstr, caf_audio_format.mFormatID, 4); formatstr [4] = 0; error_line (""format = %s, flags = %x, sampling rate = %g"", formatstr, caf_audio_format.mFormatFlags, caf_audio_format.mSampleRate); error_line (""packet = %d bytes and %d frames"", caf_audio_format.mBytesPerPacket, caf_audio_format.mFramesPerPacket); error_line (""channels per frame = %d, bits per channel = %d"", caf_audio_format.mChannelsPerFrame, caf_audio_format.mBitsPerChannel); } if (strncmp (caf_audio_format.mFormatID, ""lpcm"", 4) || (caf_audio_format.mFormatFlags & ~3)) supported = FALSE; else if (caf_audio_format.mSampleRate < 1.0 || caf_audio_format.mSampleRate > 16777215.0 || caf_audio_format.mSampleRate != floor (caf_audio_format.mSampleRate)) supported = FALSE; else if (!caf_audio_format.mChannelsPerFrame || caf_audio_format.mChannelsPerFrame > 256) supported = FALSE; else if (caf_audio_format.mBitsPerChannel < 1 || caf_audio_format.mBitsPerChannel > 32 || ((caf_audio_format.mFormatFlags & CAF_FORMAT_FLOAT) && caf_audio_format.mBitsPerChannel != 32)) supported = FALSE; else if (caf_audio_format.mFramesPerPacket != 1 || caf_audio_format.mBytesPerPacket / caf_audio_format.mChannelsPerFrame < (caf_audio_format.mBitsPerChannel + 7) / 8 || caf_audio_format.mBytesPerPacket / caf_audio_format.mChannelsPerFrame > 4 || caf_audio_format.mBytesPerPacket % caf_audio_format.mChannelsPerFrame) supported = FALSE; if (!supported) { error_line (""%s is an unsupported .CAF format!"", infilename); return WAVPACK_SOFT_ERROR; } config->bytes_per_sample = caf_audio_format.mBytesPerPacket / caf_audio_format.mChannelsPerFrame; config->float_norm_exp = (caf_audio_format.mFormatFlags & CAF_FORMAT_FLOAT) ? 127 : 0; config->bits_per_sample = caf_audio_format.mBitsPerChannel; config->num_channels = caf_audio_format.mChannelsPerFrame; config->sample_rate = (int) caf_audio_format.mSampleRate; if (!(caf_audio_format.mFormatFlags & CAF_FORMAT_LITTLE_ENDIAN) && config->bytes_per_sample > 1) config->qmode |= QMODE_BIG_ENDIAN; if (config->bytes_per_sample == 1) config->qmode |= QMODE_SIGNED_BYTES; if (debug_logging_mode) { if (config->float_norm_exp == 127) error_line (""data format: 32-bit %s-endian floating point"", (config->qmode & QMODE_BIG_ENDIAN) ? ""big"" : ""little""); else error_line (""data format: %d-bit %s-endian integers stored in %d byte(s)"", config->bits_per_sample, (config->qmode & QMODE_BIG_ENDIAN) ? ""big"" : ""little"", config->bytes_per_sample); } } else if (!strncmp (caf_chunk_header.mChunkType, ""chan"", 4)) { CAFChannelLayout *caf_channel_layout; if (caf_chunk_header.mChunkSize < 0 || caf_chunk_header.mChunkSize > 1024 || caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout)) { error_line (""this .CAF file has an invalid 'chan' chunk!""); return WAVPACK_SOFT_ERROR; } if (debug_logging_mode) error_line (""'chan' chunk is %d bytes"", (int) caf_chunk_header.mChunkSize); caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize); if (!DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) || bcount != caf_chunk_header.mChunkSize) { error_line (""%s is not a valid .CAF file!"", infilename); free (caf_channel_layout); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (caf_channel_layout); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (caf_channel_layout, CAFChannelLayoutFormat); chan_chunk = 1; if (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED)) { error_line (""this CAF file already has channel order information!""); free (caf_channel_layout); return WAVPACK_SOFT_ERROR; } switch (caf_channel_layout->mChannelLayoutTag) { case kCAFChannelLayoutTag_UseChannelDescriptions: { CAFChannelDescription *descriptions = (CAFChannelDescription *) (caf_channel_layout + 1); int num_descriptions = caf_channel_layout->mNumberChannelDescriptions; int label, cindex = 0, idents = 0; if (caf_chunk_header.mChunkSize != sizeof (CAFChannelLayout) + sizeof (CAFChannelDescription) * num_descriptions || num_descriptions != config->num_channels) { error_line (""channel descriptions in 'chan' chunk are the wrong size!""); free (caf_channel_layout); return WAVPACK_SOFT_ERROR; } if (num_descriptions >= 256) { error_line (""%d channel descriptions is more than we can handle...ignoring!""); break; } channel_reorder = malloc (num_descriptions); memset (channel_reorder, -1, num_descriptions); channel_identities = malloc (num_descriptions+1); for (i = 0; i < num_descriptions; ++i) { WavpackBigEndianToNative (descriptions + i, CAFChannelDescriptionFormat); if (debug_logging_mode) error_line (""chan %d --> %d"", i + 1, descriptions [i].mChannelLabel); } for (label = 1; label <= 18; ++label) for (i = 0; i < num_descriptions; ++i) if (descriptions [i].mChannelLabel == label) { config->channel_mask |= 1 << (label - 1); channel_reorder [i] = cindex++; break; } for (i = 0; i < num_descriptions; ++i) if (channel_reorder [i] == (unsigned char) -1) { uint32_t clabel = descriptions [i].mChannelLabel; if (clabel == 0 || clabel == 0xffffffff || clabel == 100) channel_identities [idents++] = 0xff; else if ((clabel >= 33 && clabel <= 44) || (clabel >= 200 && clabel <= 207) || (clabel >= 301 && clabel <= 305)) channel_identities [idents++] = clabel >= 301 ? clabel - 80 : clabel; else { error_line (""warning: unknown channel descriptions label: %d"", clabel); channel_identities [idents++] = 0xff; } channel_reorder [i] = cindex++; } for (i = 0; i < num_descriptions; ++i) if (channel_reorder [i] != i) break; if (i == num_descriptions) { free (channel_reorder); channel_reorder = NULL; } else { config->qmode |= QMODE_REORDERED_CHANS; channel_layout = num_descriptions; } if (!idents) { free (channel_identities); channel_identities = NULL; } else channel_identities [idents] = 0; if (debug_logging_mode) { error_line (""layout_tag = 0x%08x, so generated bitmap of 0x%08x from %d descriptions, %d non-MS"", caf_channel_layout->mChannelLayoutTag, config->channel_mask, caf_channel_layout->mNumberChannelDescriptions, idents); if (channel_reorder && num_descriptions <= 8) { char reorder_string [] = ""12345678""; for (i = 0; i < num_descriptions; ++i) reorder_string [i] = channel_reorder [i] + '1'; reorder_string [i] = 0; error_line (""reordering string = \""%s\""\n"", reorder_string); } } } break; case kCAFChannelLayoutTag_UseChannelBitmap: config->channel_mask = caf_channel_layout->mChannelBitmap; if (debug_logging_mode) error_line (""layout_tag = 0x%08x, so using supplied bitmap of 0x%08x"", caf_channel_layout->mChannelLayoutTag, caf_channel_layout->mChannelBitmap); break; default: for (i = 0; i < NUM_LAYOUTS; ++i) if (caf_channel_layout->mChannelLayoutTag == layouts [i].mChannelLayoutTag) { config->channel_mask = layouts [i].mChannelBitmap; channel_layout = layouts [i].mChannelLayoutTag; if (layouts [i].mChannelReorder) { channel_reorder = (unsigned char *) strdup (layouts [i].mChannelReorder); config->qmode |= QMODE_REORDERED_CHANS; } if (layouts [i].mChannelIdentities) channel_identities = (unsigned char *) strdup (layouts [i].mChannelIdentities); if (debug_logging_mode) error_line (""layout_tag 0x%08x found in table, bitmap = 0x%08x, reorder = %s, identities = %s"", channel_layout, config->channel_mask, channel_reorder ? ""yes"" : ""no"", channel_identities ? ""yes"" : ""no""); break; } if (i == NUM_LAYOUTS && debug_logging_mode) error_line (""layout_tag 0x%08x not found in table...all channels unassigned"", caf_channel_layout->mChannelLayoutTag); break; } free (caf_channel_layout); } else if (!strncmp (caf_chunk_header.mChunkType, ""data"", 4)) { uint32_t mEditCount; if (!DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) || bcount != sizeof (mEditCount)) { error_line (""%s is not a valid .CAF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &mEditCount, sizeof (mEditCount))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } if ((config->qmode & QMODE_IGNORE_LENGTH) || caf_chunk_header.mChunkSize == -1) { config->qmode |= QMODE_IGNORE_LENGTH; if (infilesize && DoGetFilePosition (infile) != -1) total_samples = (infilesize - DoGetFilePosition (infile)) / caf_audio_format.mBytesPerPacket; else total_samples = -1; } else { if (infilesize && infilesize - caf_chunk_header.mChunkSize > 16777216) { error_line ("".CAF file %s has over 16 MB of extra CAFF data, probably is corrupt!"", infilename); return WAVPACK_SOFT_ERROR; } if ((caf_chunk_header.mChunkSize - 4) % caf_audio_format.mBytesPerPacket) { error_line ("".CAF file %s has an invalid data chunk size, probably is corrupt!"", infilename); return WAVPACK_SOFT_ERROR; } total_samples = (caf_chunk_header.mChunkSize - 4) / caf_audio_format.mBytesPerPacket; if (!total_samples) { error_line (""this .CAF file has no audio samples, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (total_samples > MAX_WAVPACK_SAMPLES) { error_line (""%s has too many samples for WavPack!"", infilename); return WAVPACK_SOFT_ERROR; } } break; } else { uint32_t bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize; char *buff; if (caf_chunk_header.mChunkSize < 0 || caf_chunk_header.mChunkSize > 1048576) { error_line (""%s is not a valid .CAF file!"", infilename); return WAVPACK_SOFT_ERROR; } buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", caf_chunk_header.mChunkType [0], caf_chunk_header.mChunkType [1], caf_chunk_header.mChunkType [2], caf_chunk_header.mChunkType [3], caf_chunk_header.mChunkSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (!chan_chunk && !config->channel_mask && config->num_channels <= 2 && !(config->qmode & QMODE_CHANS_UNASSIGNED)) config->channel_mask = 0x5 - config->num_channels; if (!WavpackSetConfiguration64 (wpc, config, total_samples, channel_identities)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } if (channel_identities) free (channel_identities); if (channel_layout || channel_reorder) { if (!WavpackSetChannelLayout (wpc, channel_layout, channel_reorder)) { error_line (""problem with setting channel layout (should not happen)""); return WAVPACK_SOFT_ERROR; } if (channel_reorder) free (channel_reorder); } return WAVPACK_NO_ERROR; }",visit repo url,cli/caff.c,https://github.com/dbry/WavPack,118849133757363,1 403,[],"pfm_read_pmds(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { struct task_struct *task; unsigned long val = 0UL, lval, ovfl_mask, sval; pfarg_reg_t *req = (pfarg_reg_t *)arg; unsigned int cnum, reg_flags = 0; int i, can_access_pmu = 0, state; int is_loaded, is_system, is_counting, expert_mode; int ret = -EINVAL; pfm_reg_check_t rd_func; state = ctx->ctx_state; is_loaded = state == PFM_CTX_LOADED ? 1 : 0; is_system = ctx->ctx_fl_system; ovfl_mask = pmu_conf->ovfl_val; task = ctx->ctx_task; if (state == PFM_CTX_ZOMBIE) return -EINVAL; if (likely(is_loaded)) { if (unlikely(is_system && ctx->ctx_cpu != smp_processor_id())) { DPRINT((""should be running on CPU%d\n"", ctx->ctx_cpu)); return -EBUSY; } can_access_pmu = GET_PMU_OWNER() == task || is_system ? 1 : 0; if (can_access_pmu) ia64_srlz_d(); } expert_mode = pfm_sysctl.expert_mode; DPRINT((""ld=%d apmu=%d ctx_state=%d\n"", is_loaded, can_access_pmu, state)); for (i = 0; i < count; i++, req++) { cnum = req->reg_num; reg_flags = req->reg_flags; if (unlikely(!PMD_IS_IMPL(cnum))) goto error; if (unlikely(!CTX_IS_USED_PMD(ctx, cnum))) goto error; sval = ctx->ctx_pmds[cnum].val; lval = ctx->ctx_pmds[cnum].lval; is_counting = PMD_IS_COUNTING(cnum); if (can_access_pmu){ val = ia64_get_pmd(cnum); } else { val = is_loaded ? ctx->th_pmds[cnum] : 0UL; } rd_func = pmu_conf->pmd_desc[cnum].read_check; if (is_counting) { val &= ovfl_mask; val += sval; } if (unlikely(expert_mode == 0 && rd_func)) { unsigned long v = val; ret = (*rd_func)(ctx->ctx_task, ctx, cnum, &v, regs); if (ret) goto error; val = v; ret = -EINVAL; } PFM_REG_RETFLAG_SET(reg_flags, 0); DPRINT((""pmd[%u]=0x%lx\n"", cnum, val)); req->reg_value = val; req->reg_flags = reg_flags; req->reg_last_reset_val = lval; } return 0; error: PFM_REG_RETFLAG_SET(req->reg_flags, PFM_REG_RETFL_EINVAL); return ret; }",linux-2.6,,,35232713559232001514799411911835921684,0 4935,['CWE-20'],"static struct nfs_server *nfs_alloc_server(void) { struct nfs_server *server; server = kzalloc(sizeof(struct nfs_server), GFP_KERNEL); if (!server) return NULL; server->client = server->client_acl = ERR_PTR(-EINVAL); INIT_LIST_HEAD(&server->client_link); INIT_LIST_HEAD(&server->master_link); server->io_stats = nfs_alloc_iostats(); if (!server->io_stats) { kfree(server); return NULL; } return server; }",linux-2.6,,,319791745227257401194290212604022724001,0 3752,[],"static struct sock *unix_peer_get(struct sock *s) { struct sock *peer; unix_state_lock(s); peer = unix_peer(s); if (peer) sock_hold(peer); unix_state_unlock(s); return peer; }",linux-2.6,,,219438273901790360992110572122244756391,0 4753,CWE-119,"static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* serial) { cac_private_data_t * priv = CAC_DATA(card); SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->serialnr.len) { *serial = card->serialnr; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } if (priv->cac_id_len) { serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR); memcpy(serial->value, priv->cac_id, priv->cac_id_len); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); }",visit repo url,src/libopensc/card-cac.c,https://github.com/OpenSC/OpenSC,194185458772061,1 3401,['CWE-264'],"asmlinkage long sys_fstatfs(unsigned int fd, struct statfs __user * buf) { struct file * file; struct statfs tmp; int error; error = -EBADF; file = fget(fd); if (!file) goto out; error = vfs_statfs_native(file->f_path.dentry, &tmp); if (!error && copy_to_user(buf, &tmp, sizeof(tmp))) error = -EFAULT; fput(file); out: return error; }",linux-2.6,,,194279932023610831358894941869619988435,0 5536,['CWE-20'],"int inflate_dynamic() { int i; unsigned j; unsigned l; unsigned m; unsigned n; unsigned w; struct huft *tl; struct huft *td; int bl; int bd; unsigned nb; unsigned nl; unsigned nd; #ifdef PKZIP_BUG_WORKAROUND unsigned ll[288+32]; #else unsigned ll[286+30]; #endif register ulg b; register unsigned k; b = bb; k = bk; w = wp; NEEDBITS(5) nl = 257 + ((unsigned)b & 0x1f); DUMPBITS(5) NEEDBITS(5) nd = 1 + ((unsigned)b & 0x1f); DUMPBITS(5) NEEDBITS(4) nb = 4 + ((unsigned)b & 0xf); DUMPBITS(4) #ifdef PKZIP_BUG_WORKAROUND if (nl > 288 || nd > 32) #else if (nl > 286 || nd > 30) #endif return 1; for (j = 0; j < nb; j++) { NEEDBITS(3) ll[border[j]] = (unsigned)b & 7; DUMPBITS(3) } for (; j < 19; j++) ll[border[j]] = 0; bl = 7; if ((i = huft_build(ll, 19, 19, NULL, NULL, &tl, &bl)) != 0) { if (i == 1) huft_free(tl); return i; } if (tl == NULL) return 2; n = nl + nd; m = mask_bits[bl]; i = l = 0; while ((unsigned)i < n) { NEEDBITS((unsigned)bl) j = (td = tl + ((unsigned)b & m))->b; DUMPBITS(j) j = td->v.n; if (j < 16) ll[i++] = l = j; else if (j == 16) { NEEDBITS(2) j = 3 + ((unsigned)b & 3); DUMPBITS(2) if ((unsigned)i + j > n) return 1; while (j--) ll[i++] = l; } else if (j == 17) { NEEDBITS(3) j = 3 + ((unsigned)b & 7); DUMPBITS(3) if ((unsigned)i + j > n) return 1; while (j--) ll[i++] = 0; l = 0; } else { NEEDBITS(7) j = 11 + ((unsigned)b & 0x7f); DUMPBITS(7) if ((unsigned)i + j > n) return 1; while (j--) ll[i++] = 0; l = 0; } } huft_free(tl); bb = b; bk = k; bl = lbits; if ((i = huft_build(ll, nl, 257, cplens, cplext, &tl, &bl)) != 0) { if (i == 1) { Trace ((stderr, "" incomplete literal tree\n"")); huft_free(tl); } return i; } bd = dbits; if ((i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &td, &bd)) != 0) { if (i == 1) { Trace ((stderr, "" incomplete distance tree\n"")); #ifdef PKZIP_BUG_WORKAROUND i = 0; } #else huft_free(td); } huft_free(tl); return i; #endif }",gzip,,,110388975021499471212196329125059919916,0 6221,CWE-190,"void fp3_read_bin(fp3_t a, const uint8_t *bin, int len) { if (len != 3 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp_read_bin(a[0], bin, RLC_FP_BYTES); fp_read_bin(a[1], bin + RLC_FP_BYTES, RLC_FP_BYTES); fp_read_bin(a[2], bin + 2 * RLC_FP_BYTES, RLC_FP_BYTES); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,14462985823595,1 6555,CWE-407,"find_link_ref(struct link_ref **references, uint8_t *name, size_t length) { unsigned int hash = hash_link_ref(name, length); struct link_ref *ref = NULL; ref = references[hash % REF_TABLE_SIZE]; while (ref != NULL) { if (ref->id == hash) return ref; ref = ref->next; } return NULL; }",visit repo url,src/markdown.c,https://github.com/reddit/snudown,73208881145828,1 6377,CWE-20,"error_t ipStringToAddr(const char_t *str, IpAddr *ipAddr) { error_t error; #if (IPV6_SUPPORT == ENABLED) if(strchr(str, ':')) { ipAddr->length = sizeof(Ipv6Addr); error = ipv6StringToAddr(str, &ipAddr->ipv6Addr); } else #endif #if (IPV4_SUPPORT == ENABLED) if(strchr(str, '.')) { ipAddr->length = sizeof(Ipv4Addr); error = ipv4StringToAddr(str, &ipAddr->ipv4Addr); } else #endif { error = ERROR_FAILURE; } return error; }",visit repo url,core/ip.c,https://github.com/Oryx-Embedded/CycloneTCP,145561550483707,1 5456,['CWE-476'],"static void do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function, u32 index, int *nent, int maxnent) { const u32 kvm_supported_word0_x86_features = bit(X86_FEATURE_FPU) | bit(X86_FEATURE_VME) | bit(X86_FEATURE_DE) | bit(X86_FEATURE_PSE) | bit(X86_FEATURE_TSC) | bit(X86_FEATURE_MSR) | bit(X86_FEATURE_PAE) | bit(X86_FEATURE_CX8) | bit(X86_FEATURE_APIC) | bit(X86_FEATURE_SEP) | bit(X86_FEATURE_PGE) | bit(X86_FEATURE_CMOV) | bit(X86_FEATURE_PSE36) | bit(X86_FEATURE_CLFLSH) | bit(X86_FEATURE_MMX) | bit(X86_FEATURE_FXSR) | bit(X86_FEATURE_XMM) | bit(X86_FEATURE_XMM2) | bit(X86_FEATURE_SELFSNOOP); const u32 kvm_supported_word1_x86_features = bit(X86_FEATURE_FPU) | bit(X86_FEATURE_VME) | bit(X86_FEATURE_DE) | bit(X86_FEATURE_PSE) | bit(X86_FEATURE_TSC) | bit(X86_FEATURE_MSR) | bit(X86_FEATURE_PAE) | bit(X86_FEATURE_CX8) | bit(X86_FEATURE_APIC) | bit(X86_FEATURE_PGE) | bit(X86_FEATURE_CMOV) | bit(X86_FEATURE_PSE36) | bit(X86_FEATURE_MMX) | bit(X86_FEATURE_FXSR) | bit(X86_FEATURE_SYSCALL) | (is_efer_nx() ? bit(X86_FEATURE_NX) : 0) | #ifdef CONFIG_X86_64 bit(X86_FEATURE_LM) | #endif bit(X86_FEATURE_FXSR_OPT) | bit(X86_FEATURE_MMXEXT) | bit(X86_FEATURE_3DNOWEXT) | bit(X86_FEATURE_3DNOW); const u32 kvm_supported_word3_x86_features = bit(X86_FEATURE_XMM3) | bit(X86_FEATURE_CX16); const u32 kvm_supported_word6_x86_features = bit(X86_FEATURE_LAHF_LM) | bit(X86_FEATURE_CMP_LEGACY) | bit(X86_FEATURE_SVM); get_cpu(); do_cpuid_1_ent(entry, function, index); ++*nent; switch (function) { case 0: entry->eax = min(entry->eax, (u32)0xb); break; case 1: entry->edx &= kvm_supported_word0_x86_features; entry->ecx &= kvm_supported_word3_x86_features; break; case 2: { int t, times = entry->eax & 0xff; entry->flags |= KVM_CPUID_FLAG_STATEFUL_FUNC; entry->flags |= KVM_CPUID_FLAG_STATE_READ_NEXT; for (t = 1; t < times && *nent < maxnent; ++t) { do_cpuid_1_ent(&entry[t], function, 0); entry[t].flags |= KVM_CPUID_FLAG_STATEFUL_FUNC; ++*nent; } break; } case 4: { int i, cache_type; entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX; for (i = 1; *nent < maxnent; ++i) { cache_type = entry[i - 1].eax & 0x1f; if (!cache_type) break; do_cpuid_1_ent(&entry[i], function, i); entry[i].flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX; ++*nent; } break; } case 0xb: { int i, level_type; entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX; for (i = 1; *nent < maxnent; ++i) { level_type = entry[i - 1].ecx & 0xff00; if (!level_type) break; do_cpuid_1_ent(&entry[i], function, i); entry[i].flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX; ++*nent; } break; } case 0x80000000: entry->eax = min(entry->eax, 0x8000001a); break; case 0x80000001: entry->edx &= kvm_supported_word1_x86_features; entry->ecx &= kvm_supported_word6_x86_features; break; } put_cpu(); }",linux-2.6,,,84197382445962203278914090302493684158,0 4808,CWE-119,"static int gemsafe_get_cert_len(sc_card_t *card) { int r; u8 ibuf[GEMSAFE_MAX_OBJLEN]; u8 *iptr; struct sc_path path; struct sc_file *file; size_t objlen, certlen; unsigned int ind, i=0; sc_format_path(GEMSAFE_PATH, &path); r = sc_select_file(card, &path, &file); if (r != SC_SUCCESS || !file) return SC_ERROR_INTERNAL; r = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0); if (r < 0) return SC_ERROR_INTERNAL; objlen = (((size_t) ibuf[0]) << 8) | ibuf[1]; sc_log(card->ctx, ""Stored object is of size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); if (objlen < 1 || objlen > GEMSAFE_MAX_OBJLEN) { sc_log(card->ctx, ""Invalid object size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); return SC_ERROR_INTERNAL; } ind = 2; while (ibuf[ind] == 0x01) { if (ibuf[ind+1] == 0xFE) { gemsafe_prkeys[i].ref = ibuf[ind+4]; sc_log(card->ctx, ""Key container %d is allocated and uses key_ref %d"", i+1, gemsafe_prkeys[i].ref); ind += 9; } else { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; sc_log(card->ctx, ""Key container %d is unallocated"", i+1); ind += 8; } i++; } for (; i < gemsafe_cert_max; i++) { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } iptr = ibuf + GEMSAFE_READ_QUANTUM; while ((size_t)(iptr - ibuf) < objlen) { r = sc_read_binary(card, iptr - ibuf, iptr, MIN(GEMSAFE_READ_QUANTUM, objlen - (iptr - ibuf)), 0); if (r < 0) { sc_log(card->ctx, ""Could not read cert object""); return SC_ERROR_INTERNAL; } iptr += GEMSAFE_READ_QUANTUM; } i = 0; while (ind < objlen - 1) { if (ibuf[ind] == 0x30 && ibuf[ind+1] == 0x82) { while (i < gemsafe_cert_max && gemsafe_cert[i].label == NULL) i++; if (i == gemsafe_cert_max) { sc_log(card->ctx, ""Warning: Found orphaned certificate at offset %d"", ind); return SC_SUCCESS; } if (ind+3 >= sizeof ibuf) return SC_ERROR_INVALID_DATA; certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4; sc_log(card->ctx, ""Found certificate of key container %d at offset %d, len %""SC_FORMAT_LEN_SIZE_T""u"", i+1, ind, certlen); gemsafe_cert[i].index = ind; gemsafe_cert[i].count = certlen; ind += certlen; i++; } else ind++; } for (; i < gemsafe_cert_max; i++) { if (gemsafe_cert[i].label) { sc_log(card->ctx, ""Warning: Certificate of key container %d is missing"", i+1); gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-gemsafeV1.c,https://github.com/OpenSC/OpenSC,187411920034295,1 3582,['CWE-20'],"sctp_disposition_t sctp_sf_do_prm_requestheartbeat( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { if (SCTP_DISPOSITION_NOMEM == sctp_sf_heartbeat(ep, asoc, type, (struct sctp_transport *)arg, commands)) return SCTP_DISPOSITION_NOMEM; sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_RESET, SCTP_TRANSPORT(arg)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,122728558763958633449035263690175552221,0 4040,['CWE-362'],"static int create_chunk(struct inode *inode, struct audit_tree *tree) { struct audit_chunk *chunk = alloc_chunk(1); if (!chunk) return -ENOMEM; if (inotify_add_watch(rtree_ih, &chunk->watch, inode, IN_IGNORED | IN_DELETE_SELF) < 0) { free_chunk(chunk); return -ENOSPC; } mutex_lock(&inode->inotify_mutex); spin_lock(&hash_lock); if (tree->goner) { spin_unlock(&hash_lock); chunk->dead = 1; inotify_evict_watch(&chunk->watch); mutex_unlock(&inode->inotify_mutex); put_inotify_watch(&chunk->watch); return 0; } chunk->owners[0].index = (1U << 31); chunk->owners[0].owner = tree; get_tree(tree); list_add(&chunk->owners[0].list, &tree->chunks); if (!tree->root) { tree->root = chunk; list_add(&tree->same_root, &chunk->trees); } insert_hash(chunk); spin_unlock(&hash_lock); mutex_unlock(&inode->inotify_mutex); return 0; }",linux-2.6,,,153956609031203751309369259446025679024,0 706,CWE-20,"int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; size_t copied; int err; BT_DBG(""sock %p sk %p len %zu"", sock, sk, len); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) { msg->msg_namelen = 0; return 0; } return err; } copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err == 0) { sock_recv_ts_and_drops(msg, sk, skb); if (bt_sk(sk)->skb_msg_name) bt_sk(sk)->skb_msg_name(skb, msg->msg_name, &msg->msg_namelen); else msg->msg_namelen = 0; } skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,145229541403126,1 6626,CWE-843,"njs_promise_prototype_then(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs, njs_index_t unused) { njs_int_t ret; njs_value_t *promise, *fulfilled, *rejected, constructor; njs_object_t *object; njs_function_t *function; njs_promise_capability_t *capability; promise = njs_argument(args, 0); if (njs_slow_path(!njs_is_object(promise))) { goto failed; } object = njs_object_proto_lookup(njs_object(promise), NJS_PROMISE, njs_object_t); if (njs_slow_path(object == NULL)) { goto failed; } function = njs_promise_create_function(vm, sizeof(njs_promise_context_t)); function->u.native = njs_promise_constructor; njs_set_function(&constructor, function); ret = njs_value_species_constructor(vm, promise, &constructor, &constructor); if (njs_slow_path(ret != NJS_OK)) { return ret; } capability = njs_promise_new_capability(vm, &constructor); if (njs_slow_path(capability == NULL)) { return NJS_ERROR; } fulfilled = njs_arg(args, nargs, 1); rejected = njs_arg(args, nargs, 2); return njs_promise_perform_then(vm, promise, fulfilled, rejected, capability); failed: njs_type_error(vm, ""required a promise object""); return NJS_ERROR; }",visit repo url,src/njs_promise.c,https://github.com/nginx/njs,14093183440867,1 3214,['CWE-189'],"static int bmp_getdata(jas_stream_t *in, bmp_info_t *info, jas_image_t *image) { int i; int j; int y; jas_matrix_t *cmpts[3]; int numpad; int red; int grn; int blu; int ret; int numcmpts; int cmptno; int ind; bmp_palent_t *palent; int mxind; int haspal; assert(info->depth == 8 || info->depth == 24); assert(info->enctype == BMP_ENC_RGB); numcmpts = bmp_numcmpts(info); haspal = bmp_haspal(info); ret = 0; for (i = 0; i < numcmpts; ++i) { cmpts[i] = 0; } for (i = 0; i < numcmpts; ++i) { if (!(cmpts[i] = jas_matrix_create(1, info->width))) { ret = -1; goto bmp_getdata_done; } } numpad = (numcmpts * info->width) % 4; if (numpad) { numpad = 4 - numpad; } mxind = (1 << info->depth) - 1; for (i = 0; i < info->height; ++i) { for (j = 0; j < info->width; ++j) { if (haspal) { if ((ind = jas_stream_getc(in)) == EOF) { ret = -1; goto bmp_getdata_done; } if (ind > mxind) { ret = -1; goto bmp_getdata_done; } if (ind < info->numcolors) { palent = &info->palents[ind]; red = palent->red; grn = palent->grn; blu = palent->blu; } else { red = ind; grn = ind; blu = ind; } } else { if ((blu = jas_stream_getc(in)) == EOF || (grn = jas_stream_getc(in)) == EOF || (red = jas_stream_getc(in)) == EOF) { ret = -1; goto bmp_getdata_done; } } if (numcmpts == 3) { jas_matrix_setv(cmpts[0], j, red); jas_matrix_setv(cmpts[1], j, grn); jas_matrix_setv(cmpts[2], j, blu); } else { jas_matrix_setv(cmpts[0], j, red); } } for (j = numpad; j > 0; --j) { if (jas_stream_getc(in) == EOF) { ret = -1; goto bmp_getdata_done; } } for (cmptno = 0; cmptno < numcmpts; ++cmptno) { y = info->topdown ? i : (info->height - 1 - i); if (jas_image_writecmpt(image, cmptno, 0, y, info->width, 1, cmpts[cmptno])) { ret = -1; goto bmp_getdata_done; } } } bmp_getdata_done: for (i = 0; i < numcmpts; ++i) { if (cmpts[i]) { jas_matrix_destroy(cmpts[i]); } } return ret; }",jasper,,,16703267401304794276520789288275838004,0 579,CWE-399,"int unshare_userns(unsigned long unshare_flags, struct cred **new_cred) { struct cred *cred; if (!(unshare_flags & CLONE_NEWUSER)) return 0; cred = prepare_creds(); if (!cred) return -ENOMEM; *new_cred = cred; return create_user_ns(cred); }",visit repo url,kernel/user_namespace.c,https://github.com/torvalds/linux,156751891419265,1 2555,CWE-399,"cib_recv_plaintext(int sock) { char *buf = NULL; ssize_t rc = 0; ssize_t len = 0; ssize_t chunk_size = 512; buf = calloc(1, chunk_size); while (1) { errno = 0; rc = read(sock, buf + len, chunk_size); crm_trace(""Got %d more bytes. errno=%d"", (int)rc, errno); if (errno == EINTR || errno == EAGAIN) { crm_trace(""Retry: %d"", (int)rc); if (rc > 0) { len += rc; buf = realloc(buf, len + chunk_size); CRM_ASSERT(buf != NULL); } } else if (rc < 0) { crm_perror(LOG_ERR, ""Error receiving message: %d"", (int)rc); goto bail; } else if (rc == chunk_size) { len += rc; chunk_size *= 2; buf = realloc(buf, len + chunk_size); crm_trace(""Retry with %d more bytes"", (int)chunk_size); CRM_ASSERT(buf != NULL); } else if (buf[len + rc - 1] != 0) { crm_trace(""Last char is %d '%c'"", buf[len + rc - 1], buf[len + rc - 1]); crm_trace(""Retry with %d more bytes"", (int)chunk_size); len += rc; buf = realloc(buf, len + chunk_size); CRM_ASSERT(buf != NULL); } else { return buf; } } bail: free(buf); return NULL; }",visit repo url,lib/common/remote.c,https://github.com/ClusterLabs/pacemaker,53085055313557,1 3573,['CWE-20'],"sctp_disposition_t sctp_sf_do_4_C(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_ulpevent *ev; if (!sctp_vtag_verify_either(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!chunk->singleton) return sctp_sf_violation_chunk(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP, 0, 0, 0, NULL, GFP_ATOMIC); if (ev) sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_CLOSED)); SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); return SCTP_DISPOSITION_DELETE_TCB; }",linux-2.6,,,25604305270753205315408257312227123630,0 261,CWE-20,"int mpi_powm(MPI res, MPI base, MPI exp, MPI mod) { mpi_ptr_t mp_marker = NULL, bp_marker = NULL, ep_marker = NULL; mpi_ptr_t xp_marker = NULL; mpi_ptr_t tspace = NULL; mpi_ptr_t rp, ep, mp, bp; mpi_size_t esize, msize, bsize, rsize; int esign, msign, bsign, rsign; mpi_size_t size; int mod_shift_cnt; int negative_result; int assign_rp = 0; mpi_size_t tsize = 0; int rc = -ENOMEM; esize = exp->nlimbs; msize = mod->nlimbs; size = 2 * msize; esign = exp->sign; msign = mod->sign; rp = res->d; ep = exp->d; if (!msize) return -EINVAL; if (!esize) { rp[0] = 1; res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1; res->sign = 0; goto leave; } mp = mp_marker = mpi_alloc_limb_space(msize); if (!mp) goto enomem; mod_shift_cnt = count_leading_zeros(mod->d[msize - 1]); if (mod_shift_cnt) mpihelp_lshift(mp, mod->d, msize, mod_shift_cnt); else MPN_COPY(mp, mod->d, msize); bsize = base->nlimbs; bsign = base->sign; if (bsize > msize) { bp = bp_marker = mpi_alloc_limb_space(bsize + 1); if (!bp) goto enomem; MPN_COPY(bp, base->d, bsize); mpihelp_divrem(bp + msize, 0, bp, bsize, mp, msize); bsize = msize; MPN_NORMALIZE(bp, bsize); } else bp = base->d; if (!bsize) { res->nlimbs = 0; res->sign = 0; goto leave; } if (res->alloced < size) { if (rp == ep || rp == mp || rp == bp) { rp = mpi_alloc_limb_space(size); if (!rp) goto enomem; assign_rp = 1; } else { if (mpi_resize(res, size) < 0) goto enomem; rp = res->d; } } else { if (rp == bp) { BUG_ON(bp_marker); bp = bp_marker = mpi_alloc_limb_space(bsize); if (!bp) goto enomem; MPN_COPY(bp, rp, bsize); } if (rp == ep) { ep = ep_marker = mpi_alloc_limb_space(esize); if (!ep) goto enomem; MPN_COPY(ep, rp, esize); } if (rp == mp) { BUG_ON(mp_marker); mp = mp_marker = mpi_alloc_limb_space(msize); if (!mp) goto enomem; MPN_COPY(mp, rp, msize); } } MPN_COPY(rp, bp, bsize); rsize = bsize; rsign = bsign; { mpi_size_t i; mpi_ptr_t xp; int c; mpi_limb_t e; mpi_limb_t carry_limb; struct karatsuba_ctx karactx; xp = xp_marker = mpi_alloc_limb_space(2 * (msize + 1)); if (!xp) goto enomem; memset(&karactx, 0, sizeof karactx); negative_result = (ep[0] & 1) && base->sign; i = esize - 1; e = ep[i]; c = count_leading_zeros(e); e = (e << c) << 1; c = BITS_PER_MPI_LIMB - 1 - c; for (;;) { while (c) { mpi_ptr_t tp; mpi_size_t xsize; if (rsize < KARATSUBA_THRESHOLD) mpih_sqr_n_basecase(xp, rp, rsize); else { if (!tspace) { tsize = 2 * rsize; tspace = mpi_alloc_limb_space(tsize); if (!tspace) goto enomem; } else if (tsize < (2 * rsize)) { mpi_free_limb_space(tspace); tsize = 2 * rsize; tspace = mpi_alloc_limb_space(tsize); if (!tspace) goto enomem; } mpih_sqr_n(xp, rp, rsize, tspace); } xsize = 2 * rsize; if (xsize > msize) { mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); xsize = msize; } tp = rp; rp = xp; xp = tp; rsize = xsize; if ((mpi_limb_signed_t) e < 0) { if (bsize < KARATSUBA_THRESHOLD) { mpi_limb_t tmp; if (mpihelp_mul (xp, rp, rsize, bp, bsize, &tmp) < 0) goto enomem; } else { if (mpihelp_mul_karatsuba_case (xp, rp, rsize, bp, bsize, &karactx) < 0) goto enomem; } xsize = rsize + bsize; if (xsize > msize) { mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); xsize = msize; } tp = rp; rp = xp; xp = tp; rsize = xsize; } e <<= 1; c--; } i--; if (i < 0) break; e = ep[i]; c = BITS_PER_MPI_LIMB; } if (mod_shift_cnt) { carry_limb = mpihelp_lshift(res->d, rp, rsize, mod_shift_cnt); rp = res->d; if (carry_limb) { rp[rsize] = carry_limb; rsize++; } } else { MPN_COPY(res->d, rp, rsize); rp = res->d; } if (rsize >= msize) { mpihelp_divrem(rp + msize, 0, rp, rsize, mp, msize); rsize = msize; } if (mod_shift_cnt) mpihelp_rshift(rp, rp, rsize, mod_shift_cnt); MPN_NORMALIZE(rp, rsize); mpihelp_release_karatsuba_ctx(&karactx); } if (negative_result && rsize) { if (mod_shift_cnt) mpihelp_rshift(mp, mp, msize, mod_shift_cnt); mpihelp_sub(rp, mp, msize, rp, rsize); rsize = msize; rsign = msign; MPN_NORMALIZE(rp, rsize); } res->nlimbs = rsize; res->sign = rsign; leave: rc = 0; enomem: if (assign_rp) mpi_assign_limb_space(res, rp, size); if (mp_marker) mpi_free_limb_space(mp_marker); if (bp_marker) mpi_free_limb_space(bp_marker); if (ep_marker) mpi_free_limb_space(ep_marker); if (xp_marker) mpi_free_limb_space(xp_marker); if (tspace) mpi_free_limb_space(tspace); return rc; }",visit repo url,lib/mpi/mpi-pow.c,https://github.com/torvalds/linux,262592523939076,1 3680,CWE-787,"static void add_password(AUTH_HDR *request, unsigned char type, CONST char *password, char *secret) { MD5_CTX md5_secret, my_md5; unsigned char misc[AUTH_VECTOR_LEN]; int i; int length = strlen(password); unsigned char hashed[256 + AUTH_PASS_LEN]; unsigned char *vector; attribute_t *attr; if (length > MAXPASS) { length = MAXPASS; } if (length == 0) { length = AUTH_PASS_LEN; } if ((length & (AUTH_PASS_LEN - 1)) != 0) { length += (AUTH_PASS_LEN - 1); length &= ~(AUTH_PASS_LEN - 1); } memset(hashed, 0, length); memcpy(hashed, password, strlen(password)); attr = find_attribute(request, PW_PASSWORD); if (type == PW_PASSWORD) { vector = request->vector; } else { vector = attr->data; } MD5Init(&md5_secret); MD5Update(&md5_secret, (unsigned char *) secret, strlen(secret)); my_md5 = md5_secret; MD5Update(&my_md5, vector, AUTH_VECTOR_LEN); MD5Final(misc, &my_md5); xor(hashed, misc, AUTH_PASS_LEN); for (i = 1; i < (length >> 4); i++) { my_md5 = md5_secret; MD5Update(&my_md5, &hashed[(i-1) * AUTH_PASS_LEN], AUTH_PASS_LEN); MD5Final(misc, &my_md5); xor(&hashed[i * AUTH_PASS_LEN], misc, AUTH_PASS_LEN); } if (type == PW_OLD_PASSWORD) { attr = find_attribute(request, PW_OLD_PASSWORD); } if (!attr) { add_attribute(request, type, hashed, length); } else { memcpy(attr->data, hashed, length); } }",visit repo url,src/pam_radius_auth.c,https://github.com/FreeRADIUS/pam_radius,46764942444360,1 6559,['CWE-200'],"nma_set_notifications_enabled_cb (GtkWidget *widget, NMApplet *applet) { gboolean state; g_return_if_fail (applet != NULL); state = gtk_check_menu_item_get_active (GTK_CHECK_MENU_ITEM (widget)); gconf_client_set_bool (applet->gconf_client, PREF_DISABLE_CONNECTED_NOTIFICATIONS, !state, NULL); gconf_client_set_bool (applet->gconf_client, PREF_DISABLE_DISCONNECTED_NOTIFICATIONS, !state, NULL); gconf_client_set_bool (applet->gconf_client, PREF_SUPPRESS_WIRELESS_NETWORKS_AVAILABLE, !state, NULL); }",network-manager-applet,,,41582401995430790275354597824077023119,0 5693,CWE-125,"bgp_open_option_parse (struct peer *peer, u_char length, int *capability) { int ret; u_char *end; u_char opt_type; u_char opt_length; u_char *pnt; u_char *error; u_char error_data[BGP_MAX_PACKET_SIZE]; pnt = stream_pnt (peer->ibuf); ret = 0; opt_type = 0; opt_length = 0; end = pnt + length; error = error_data; if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s rcv OPEN w/ OPTION parameter len: %u"", peer->host, length); while (pnt < end) { if (pnt + 2 > end) { zlog_info (""%s Option length error"", peer->host); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } opt_type = *pnt++; opt_length = *pnt++; if (pnt + opt_length > end) { zlog_info (""%s Option length error"", peer->host); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s rcvd OPEN w/ optional parameter type %u (%s) len %u"", peer->host, opt_type, opt_type == BGP_OPEN_OPT_AUTH ? ""Authentication"" : opt_type == BGP_OPEN_OPT_CAP ? ""Capability"" : ""Unknown"", opt_length); switch (opt_type) { case BGP_OPEN_OPT_AUTH: ret = bgp_auth_parse (peer, pnt, opt_length); break; case BGP_OPEN_OPT_CAP: ret = bgp_capability_parse (peer, pnt, opt_length, &error); *capability = 1; break; default: bgp_notify_send (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_UNSUP_PARAM); ret = -1; break; } if (ret < 0) return -1; pnt += opt_length; } if (CHECK_FLAG (peer->flags, PEER_FLAG_STRICT_CAP_MATCH)) { if (error != error_data) { bgp_notify_send_with_data (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data, error - error_data); return -1; } if (! strict_capability_same (peer)) { bgp_notify_send (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_UNSUP_CAPBL); return -1; } } if (*capability && ! CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) { if (! peer->afc_nego[AFI_IP][SAFI_UNICAST] && ! peer->afc_nego[AFI_IP][SAFI_MULTICAST] && ! peer->afc_nego[AFI_IP][SAFI_MPLS_VPN] && ! peer->afc_nego[AFI_IP6][SAFI_UNICAST] && ! peer->afc_nego[AFI_IP6][SAFI_MULTICAST]) { plog_err (peer->log, ""%s [Error] No common capability"", peer->host); if (error != error_data) bgp_notify_send_with_data (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_UNSUP_CAPBL, error_data, error - error_data); else bgp_notify_send (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_UNSUP_CAPBL); return -1; } } return 0; }",visit repo url,bgpd/bgp_open.c,https://github.com/FRRouting/frr,166787971080216,1 5518,CWE-125,"tok_new(void) { struct tok_state *tok = (struct tok_state *)PyMem_MALLOC( sizeof(struct tok_state)); if (tok == NULL) return NULL; tok->buf = tok->cur = tok->end = tok->inp = tok->start = NULL; tok->done = E_OK; tok->fp = NULL; tok->input = NULL; tok->tabsize = TABSIZE; tok->indent = 0; tok->indstack[0] = 0; tok->atbol = 1; tok->pendin = 0; tok->prompt = tok->nextprompt = NULL; tok->lineno = 0; tok->level = 0; tok->altwarning = 1; tok->alterror = 1; tok->alttabsize = 1; tok->altindstack[0] = 0; tok->decoding_state = STATE_INIT; tok->decoding_erred = 0; tok->read_coding_spec = 0; tok->enc = NULL; tok->encoding = NULL; tok->cont_line = 0; #ifndef PGEN tok->filename = NULL; tok->decoding_readline = NULL; tok->decoding_buffer = NULL; #endif tok->async_def = 0; tok->async_def_indent = 0; tok->async_def_nl = 0; return tok; }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,9752594609652,1 3422,['CWE-264'],"asmlinkage long sys_open(const char __user *filename, int flags, int mode) { long ret; if (force_o_largefile()) flags |= O_LARGEFILE; ret = do_sys_open(AT_FDCWD, filename, flags, mode); prevent_tail_call(ret); return ret; }",linux-2.6,,,77091942330252679789120080858822533067,0 2129,['CWE-119'],"static inline void clear_LDT(void) { set_ldt(NULL, 0); }",linux-2.6,,,42062327743144588280619503044030085946,0 5597,[],"kill_proc_info(int sig, struct siginfo *info, pid_t pid) { int error; rcu_read_lock(); error = kill_pid_info(sig, info, find_vpid(pid)); rcu_read_unlock(); return error; }",linux-2.6,,,103463426315446154597118140881150076468,0 4127,['CWE-399'],"bsg_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { struct bsg_device *bd = file->private_data; int ret; ssize_t bytes_read; dprintk(""%s: read %Zd bytes\n"", bd->name, count); bsg_set_block(bd, file); bytes_read = 0; ret = __bsg_read(buf, count, bd, NULL, &bytes_read); *ppos = bytes_read; if (!bytes_read || (bytes_read && err_block_err(ret))) bytes_read = ret; return bytes_read; }",linux-2.6,,,172158164766748474821193052127689172898,0 6374,CWE-787,"parse_paragraph(tree_t *t, float left, float right, float bottom, float top, float *x, float *y, int *page, int needspace) { int whitespace; tree_t *flat, *start, *end, *prev, *temp; float width, height, offset, spacing, borderspace, temp_y, temp_width, temp_height; float format_width, image_y, image_left, image_right; int image_page = *page; float char_spacing; int num_chars; render_t *r; uchar *align, *hspace, *vspace, *link, *border; float rgb[3]; uchar line[10240], *lineptr, *dataptr; tree_t *linetype; float linex, linewidth; int firstline; DEBUG_printf((""parse_paragraph(t=%p, left=%.1f, right=%.1f, bottom=%.1f, top=%.1f, x=%.1f, y=%.1f, page=%d, needspace=%d\n"", (void *)t, left, right, bottom, top, *x, *y, *page, needspace)); flat = flatten_tree(t->child); image_left = left; image_right = right; image_y = 0; if (flat == NULL) DEBUG_puts(""parse_paragraph: flat == NULL!""); if (*y < top && needspace) *y -= _htmlSpacings[SIZE_P]; for (temp = flat, prev = NULL; temp != NULL;) { if (temp->markup == MARKUP_IMG) update_image_size(temp); if (temp->markup == MARKUP_IMG && (align = htmlGetVariable(temp, (uchar *)""ALIGN""))) { if ((border = htmlGetVariable(temp, (uchar *)""BORDER"")) != NULL) borderspace = (float)atof((char *)border); else if (temp->link) borderspace = 1; else borderspace = 0; borderspace *= PagePrintWidth / _htmlBrowserWidth; if (strcasecmp((char *)align, ""LEFT"") == 0) { if ((vspace = htmlGetVariable(temp, (uchar *)""VSPACE"")) != NULL) *y -= atoi((char *)vspace); if (*y < (bottom + temp->height + 2 * borderspace)) { (*page) ++; *y = top; if (Verbosity) progress_show(""Formatting page %d"", *page); } if (borderspace > 0.0f) { if (temp->link && PSLevel == 0) memcpy(rgb, link_color, sizeof(rgb)); else { rgb[0] = temp->red / 255.0f; rgb[1] = temp->green / 255.0f; rgb[2] = temp->blue / 255.0f; } new_render(*page, RENDER_BOX, image_left, *y - borderspace, temp->width + 2 * borderspace, borderspace, rgb); new_render(*page, RENDER_BOX, image_left, *y - temp->height - 2 * borderspace, borderspace, temp->height + 2 * borderspace, rgb); new_render(*page, RENDER_BOX, image_left + temp->width + borderspace, *y - temp->height - 2 * borderspace, borderspace, temp->height + 2 * borderspace, rgb); new_render(*page, RENDER_BOX, image_left, *y - temp->height - 2 * borderspace, temp->width + 2 * borderspace, borderspace, rgb); } *y -= borderspace; new_render(*page, RENDER_IMAGE, image_left + borderspace, *y - temp->height, temp->width, temp->height, image_find((char *)htmlGetVariable(temp, (uchar *)""REALSRC""))); if (temp->link && (link = htmlGetVariable(temp->link, (uchar *)""_HD_FULL_HREF"")) != NULL) { new_render(*page, RENDER_LINK, image_left + borderspace, *y - temp->height, temp->width, temp->height, link); } *y -= borderspace; if (vspace != NULL) *y -= atoi((char *)vspace); image_left += temp->width + 2 * borderspace; temp_y = *y - temp->height; image_page = *page; if (temp_y < image_y || image_y == 0) image_y = temp_y; if ((hspace = htmlGetVariable(temp, (uchar *)""HSPACE"")) != NULL) image_left += atoi((char *)hspace); if (prev != NULL) prev->next = temp->next; else flat = temp->next; free(temp); temp = prev; } else if (strcasecmp((char *)align, ""RIGHT"") == 0) { if ((vspace = htmlGetVariable(temp, (uchar *)""VSPACE"")) != NULL) *y -= atoi((char *)vspace); if (*y < (bottom + temp->height + 2 * borderspace)) { (*page) ++; *y = top; if (Verbosity) progress_show(""Formatting page %d"", *page); } image_right -= temp->width + 2 * borderspace; image_page = *page; if (borderspace > 0.0f) { if (temp->link && PSLevel == 0) memcpy(rgb, link_color, sizeof(rgb)); else { rgb[0] = temp->red / 255.0f; rgb[1] = temp->green / 255.0f; rgb[2] = temp->blue / 255.0f; } new_render(*page, RENDER_BOX, image_right, *y - borderspace, temp->width + 2 * borderspace, borderspace, rgb); new_render(*page, RENDER_BOX, image_right, *y - temp->height - 2 * borderspace, borderspace, temp->height + 2 * borderspace, rgb); new_render(*page, RENDER_BOX, image_right + temp->width + borderspace, *y - temp->height - 2 * borderspace, borderspace, temp->height + 2 * borderspace, rgb); new_render(*page, RENDER_BOX, image_right, *y - temp->height - 2 * borderspace, temp->width + 2 * borderspace, borderspace, rgb); } *y -= borderspace; new_render(*page, RENDER_IMAGE, image_right + borderspace, *y - temp->height, temp->width, temp->height, image_find((char *)htmlGetVariable(temp, (uchar *)""REALSRC""))); if (temp->link && (link = htmlGetVariable(temp->link, (uchar *)""_HD_FULL_HREF"")) != NULL) { new_render(*page, RENDER_LINK, image_right + borderspace, *y - temp->height, temp->width, temp->height, link); } *y -= borderspace; if (vspace != NULL) *y -= atoi((char *)vspace); temp_y = *y - temp->height; if (temp_y < image_y || image_y == 0) image_y = temp_y; if ((hspace = htmlGetVariable(temp, (uchar *)""HSPACE"")) != NULL) image_right -= atoi((char *)hspace); if (prev != NULL) prev->next = temp->next; else flat = temp->next; free(temp); temp = prev; } } if (temp != NULL) { prev = temp; temp = temp->next; } else temp = flat; } format_width = image_right - image_left; firstline = 1; DEBUG_printf((""format_width = %.1f\n"", format_width)); offset = 0.0f; temp_width = 0.0f; temp_height = 0.0f; lineptr = NULL; linex = 0.0f; linewidth = 0.0f; while (flat != NULL) { start = flat; end = flat; width = 0.0; while (flat != NULL) { temp_width = 0.0; temp = flat; whitespace = 0; while (temp != NULL && !whitespace) { if (temp->markup == MARKUP_NONE && temp->data[0] == ' ') { if (temp == start) temp_width -= _htmlWidths[temp->typeface][temp->style][' '] * _htmlSizes[temp->size] * 0.001f; else if (temp_width > 0.0f) whitespace = 1; } else whitespace = 0; if (whitespace) break; if (temp->markup == MARKUP_IMG) { if ((border = htmlGetVariable(temp, (uchar *)""BORDER"")) != NULL) borderspace = (float)atof((char *)border); else if (temp->link) borderspace = 1; else borderspace = 0; borderspace *= PagePrintWidth / _htmlBrowserWidth; temp_width += 2 * borderspace; } prev = temp; temp = temp->next; temp_width += prev->width; if ((temp_width >= format_width && prev->markup == MARKUP_IMG) || prev->markup == MARKUP_BR) { break; } else if (prev->markup == MARKUP_NONE) { int ch = prev->data[strlen((char *)prev->data) - 1]; if (_htmlUTF8) ch = _htmlUnicode[ch]; if (ch == 173) break; } } if ((width + temp_width) <= format_width) { width += temp_width; end = temp; flat = temp; if (prev->markup == MARKUP_BR) break; } else if (width == 0.0) { width += temp_width; end = temp; flat = temp; break; } else break; } if (start == end) { end = start->next; flat = start->next; width = start->width; } for (height = 0.0, num_chars = 0, temp = prev = start; temp != end; temp = temp->next) { prev = temp; if (temp->markup == MARKUP_NONE) num_chars += strlen((char *)temp->data); if (temp->height > height) height = temp->height; } for (spacing = 0.0, temp = prev = start; temp != end; temp = temp->next) { prev = temp; if (temp->markup != MARKUP_IMG) temp_height = (float)(temp->height * _htmlSpacings[0] / _htmlSizes[0]); else { if ((border = htmlGetVariable(temp, (uchar *)""BORDER"")) != NULL) borderspace = (float)atof((char *)border); else if (temp->link) borderspace = 1; else borderspace = 0; borderspace *= PagePrintWidth / _htmlBrowserWidth; temp_height = temp->height + 2 * borderspace; } if (temp_height > spacing) spacing = temp_height; } if (firstline && end != NULL && *y < (bottom + height + _htmlSpacings[t->size])) { (*page) ++; *y = top; if (Verbosity) progress_show(""Formatting page %d"", *page); } firstline = 0; if (height == 0.0f) height = spacing; for (temp = start; temp != end; temp = temp->next) if (temp->markup != MARKUP_A) break; if (temp != NULL && temp->markup == MARKUP_NONE && temp->data[0] == ' ') { for (dataptr = temp->data; *dataptr; dataptr ++) *dataptr = dataptr[1]; *dataptr = '\0'; temp_width = _htmlWidths[temp->typeface][temp->style][' '] * _htmlSizes[temp->size] * 0.001f; temp->width -= temp_width; num_chars --; } if (end != NULL) temp = end->prev; else temp = NULL; DEBUG_printf(("" BEFORE page=%d, y=%.1f, height=%.1f, spacing=%.1f, bottom=%.1f\n"", *page, *y, height, spacing, bottom)); if (*y < (spacing + bottom)) { (*page) ++; *y = top; if (Verbosity) progress_show(""Formatting page %d"", *page); } *y -= height; DEBUG_printf(("" page=%d, y=%.1f, width=%.1f, height=%.1f\n"", *page, *y, width, height)); if (Verbosity) progress_update(100 - (int)(100 * (*y) / PagePrintLength)); char_spacing = 0.0f; whitespace = 0; temp = start; linetype = NULL; rgb[0] = temp->red / 255.0f; rgb[1] = temp->green / 255.0f; rgb[2] = temp->blue / 255.0f; switch (t->halignment) { case ALIGN_LEFT : linex = image_left; break; case ALIGN_CENTER : linex = image_left + 0.5f * (format_width - width); break; case ALIGN_RIGHT : linex = image_right - width; break; case ALIGN_JUSTIFY : linex = image_left; if (flat != NULL && flat->prev->markup != MARKUP_BR && num_chars > 1) char_spacing = (format_width - width) / (num_chars - 1); break; } while (temp != end) { if (temp->link != NULL && PSLevel == 0 && Links && temp->markup == MARKUP_NONE) { temp->red = (uchar)(link_color[0] * 255.0); temp->green = (uchar)(link_color[1] * 255.0); temp->blue = (uchar)(link_color[2] * 255.0); } if (linetype != NULL && (temp->markup != MARKUP_NONE || temp->typeface != linetype->typeface || temp->style != linetype->style || temp->size != linetype->size || temp->superscript != linetype->superscript || temp->subscript != linetype->subscript || temp->red != linetype->red || temp->green != linetype->green || temp->blue != linetype->blue)) { r = new_render(*page, RENDER_TEXT, linex - linewidth, *y, linewidth, linetype->height, line); r->data.text.typeface = linetype->typeface; r->data.text.style = linetype->style; r->data.text.size = (float)_htmlSizes[linetype->size]; r->data.text.spacing = char_spacing; memcpy(r->data.text.rgb, rgb, sizeof(rgb)); if (linetype->superscript) r->y += height - linetype->height; else if (linetype->subscript) r->y -= height - linetype->height; free(linetype); linetype = NULL; } if ((link = htmlGetVariable(temp, (uchar *)""ID"")) != NULL) { add_link(link, *page, (int)(*y + height)); } switch (temp->markup) { case MARKUP_A : if ((link = htmlGetVariable(temp, (uchar *)""NAME"")) != NULL) { add_link(link, *page, (int)(*y + height)); } default : temp_width = temp->width; break; case MARKUP_NONE : if (temp->data == NULL) break; if (((temp->width - right + left) > 0.001 || (temp->height - top + bottom) > 0.001) && OverflowErrors) progress_error(HD_ERROR_CONTENT_TOO_LARGE, ""Text on page %d too large - "" ""truncation or overlapping may occur!"", *page + 1); if (linetype == NULL) { linetype = temp; lineptr = line; linewidth = 0.0; rgb[0] = temp->red / 255.0f; rgb[1] = temp->green / 255.0f; rgb[2] = temp->blue / 255.0f; } strlcpy((char *)lineptr, (char *)temp->data, sizeof(line) - (size_t)(lineptr - line)); temp_width = temp->width + char_spacing * strlen((char *)lineptr); if (temp->underline || (temp->link && LinkStyle && PSLevel == 0)) new_render(*page, RENDER_BOX, linex, *y - 1, temp_width, 0, rgb); if (temp->strikethrough) new_render(*page, RENDER_BOX, linex, *y + temp->height * 0.25f, temp_width, 0, rgb); linewidth += temp_width; lineptr += strlen((char *)lineptr); if (lineptr > line && lineptr[-1] == ' ') whitespace = 1; else whitespace = 0; break; case MARKUP_IMG : if (((temp->width - right + left) > 0.001 || (temp->height - top + bottom) > 0.001) && OverflowErrors) { DEBUG_printf((""IMAGE: %.3fx%.3f > %.3fx%.3f\n"", temp->width, temp->height, right - left, top - bottom)); progress_error(HD_ERROR_CONTENT_TOO_LARGE, ""Image on page %d too large - "" ""truncation or overlapping may occur!"", *page + 1); } if ((border = htmlGetVariable(temp, (uchar *)""BORDER"")) != NULL) borderspace = (float)atof((char *)border); else if (temp->link) borderspace = 1; else borderspace = 0; borderspace *= PagePrintWidth / _htmlBrowserWidth; temp_width += 2 * borderspace; switch (temp->valignment) { case ALIGN_TOP : offset = height - temp->height - 2 * borderspace; break; case ALIGN_MIDDLE : offset = 0.5f * (height - temp->height) - borderspace; break; case ALIGN_BOTTOM : offset = 0.0f; } if (borderspace > 0.0f) { new_render(*page, RENDER_BOX, linex, *y + offset + temp->height + borderspace, temp->width + 2 * borderspace, borderspace, rgb); new_render(*page, RENDER_BOX, linex, *y + offset, borderspace, temp->height + 2 * borderspace, rgb); new_render(*page, RENDER_BOX, linex + temp->width + borderspace, *y + offset, borderspace, temp->height + 2 * borderspace, rgb); new_render(*page, RENDER_BOX, linex, *y + offset, temp->width + 2 * borderspace, borderspace, rgb); } new_render(*page, RENDER_IMAGE, linex + borderspace, *y + offset + borderspace, temp->width, temp->height, image_find((char *)htmlGetVariable(temp, (uchar *)""REALSRC""))); whitespace = 0; temp_width = temp->width + 2 * borderspace; break; } if (temp->link != NULL && (link = htmlGetVariable(temp->link, (uchar *)""_HD_FULL_HREF"")) != NULL) { new_render(*page, RENDER_LINK, linex, *y + offset, temp->width, temp->height, link); } linex += temp_width; prev = temp; temp = temp->next; if (prev != linetype) free(prev); } if (linetype != NULL) { r = new_render(*page, RENDER_TEXT, linex - linewidth, *y, linewidth, linetype->height, line); r->data.text.typeface = linetype->typeface; r->data.text.style = linetype->style; r->data.text.spacing = char_spacing; r->data.text.size = (float)_htmlSizes[linetype->size]; memcpy(r->data.text.rgb, rgb, sizeof(rgb)); if (linetype->superscript) r->y += height - linetype->height; else if (linetype->subscript) r->y -= height - linetype->height; free(linetype); } *y -= spacing - height; DEBUG_printf(("" AFTER y=%.1f, bottom=%.1f\n"", *y, bottom)); if (*y < bottom) { (*page) ++; *y = top; if (Verbosity) progress_show(""Formatting page %d"", *page); } if (*y < image_y || *page > image_page) { image_y = 0.0f; image_left = left; image_right = right; format_width = image_right - image_left; } } *x = left; if (*y > image_y && image_y > 0.0f && image_page == *page) *y = image_y; DEBUG_printf((""LEAVING parse_paragraph(), x = %.1f, y = %.1f, page = %d, image_y = %.1f\n"", *x, *y, *page, image_y)); }",visit repo url,htmldoc/ps-pdf.cxx,https://github.com/michaelrsweet/htmldoc,170817873221674,1 6214,CWE-190,"void fp54_exp_dig(fp54_t c, const fp54_t a, dig_t b) { bn_t _b; fp54_t t, v; int8_t u, naf[RLC_DIG + 1]; int l; if (b == 0) { fp54_set_dig(c, 1); return; } bn_null(_b); fp54_null(t); fp54_null(v); RLC_TRY { bn_new(_b); fp54_new(t); fp54_new(v); fp54_copy(t, a); if (fp54_test_cyc(a)) { fp54_inv_cyc(v, a); bn_set_dig(_b, b); l = RLC_DIG + 1; bn_rec_naf(naf, &l, _b, 2); for (int i = bn_bits(_b) - 2; i >= 0; i--) { fp54_sqr_cyc(t, t); u = naf[i]; if (u > 0) { fp54_mul(t, t, a); } else if (u < 0) { fp54_mul(t, t, v); } } } else { for (int i = util_bits_dig(b) - 2; i >= 0; i--) { fp54_sqr(t, t); if (b & ((dig_t)1 << i)) { fp54_mul(t, t, a); } } } fp54_copy(c, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(_b); fp54_free(t); fp54_free(v); } }",visit repo url,src/fpx/relic_fpx_exp.c,https://github.com/relic-toolkit/relic,259691828458028,1 2746,['CWE-189'],"static struct sctp_auth_bytes *sctp_auth_make_local_vector( const struct sctp_association *asoc, gfp_t gfp) { return sctp_auth_make_key_vector( (sctp_random_param_t*)asoc->c.auth_random, (sctp_chunks_param_t*)asoc->c.auth_chunks, (sctp_hmac_algo_param_t*)asoc->c.auth_hmacs, gfp); }",linux-2.6,,,120331618979118126328453440298151688872,0 2022,['CWE-269'],"struct vfsmount *copy_tree(struct vfsmount *mnt, struct dentry *dentry, int flag) { struct vfsmount *res, *p, *q, *r, *s; struct nameidata nd; if (!(flag & CL_COPY_ALL) && IS_MNT_UNBINDABLE(mnt)) return NULL; res = q = clone_mnt(mnt, dentry, flag); if (!q) goto Enomem; q->mnt_mountpoint = mnt->mnt_mountpoint; p = mnt; list_for_each_entry(r, &mnt->mnt_mounts, mnt_child) { if (!lives_below_in_same_fs(r->mnt_mountpoint, dentry)) continue; for (s = r; s; s = next_mnt(s, r)) { if (!(flag & CL_COPY_ALL) && IS_MNT_UNBINDABLE(s)) { s = skip_mnt_tree(s); continue; } while (p != s->mnt_parent) { p = p->mnt_parent; q = q->mnt_parent; } p = s; nd.mnt = q; nd.dentry = p->mnt_mountpoint; q = clone_mnt(p, p->mnt_root, flag); if (!q) goto Enomem; spin_lock(&vfsmount_lock); list_add_tail(&q->mnt_list, &res->mnt_list); attach_mnt(q, &nd); spin_unlock(&vfsmount_lock); } } return res; Enomem: if (res) { LIST_HEAD(umount_list); spin_lock(&vfsmount_lock); umount_tree(res, 0, &umount_list); spin_unlock(&vfsmount_lock); release_mounts(&umount_list); } return NULL; }",linux-2.6,,,273758537131804444844522019777278166058,0 4311,['CWE-119'],"static void ima_adpcm_decompress_describe (_AFmoduleinst *i) { i->outc->f.compressionType = AF_COMPRESSION_NONE; i->outc->f.compressionParams = AU_NULL_PVLIST; }",audiofile,,,31110285637546632521447444688735772504,0 1063,['CWE-20'],"int srcu_notifier_call_chain(struct srcu_notifier_head *nh, unsigned long val, void *v) { int ret; int idx; idx = srcu_read_lock(&nh->srcu); ret = notifier_call_chain(&nh->head, val, v); srcu_read_unlock(&nh->srcu, idx); return ret; }",linux-2.6,,,219132642152230260064350167591618872197,0 673,CWE-20,"mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sk_buff *skb; struct sock *sk = sock->sk; struct sockaddr_mISDN *maddr; int copied, err; if (*debug & DEBUG_SOCKET) printk(KERN_DEBUG ""%s: len %d, flags %x ch.nr %d, proto %x\n"", __func__, (int)len, flags, _pms(sk)->ch.nr, sk->sk_protocol); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == MISDN_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (!skb) return err; if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) { msg->msg_namelen = sizeof(struct sockaddr_mISDN); maddr = (struct sockaddr_mISDN *)msg->msg_name; maddr->family = AF_ISDN; maddr->dev = _pms(sk)->dev->id; if ((sk->sk_protocol == ISDN_P_LAPD_TE) || (sk->sk_protocol == ISDN_P_LAPD_NT)) { maddr->channel = (mISDN_HEAD_ID(skb) >> 16) & 0xff; maddr->tei = (mISDN_HEAD_ID(skb) >> 8) & 0xff; maddr->sapi = mISDN_HEAD_ID(skb) & 0xff; } else { maddr->channel = _pms(sk)->ch.nr; maddr->sapi = _pms(sk)->ch.addr & 0xFF; maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF; } } else { if (msg->msg_namelen) printk(KERN_WARNING ""%s: too small namelen %d\n"", __func__, msg->msg_namelen); msg->msg_namelen = 0; } copied = skb->len + MISDN_HEADER_LEN; if (len < copied) { if (flags & MSG_PEEK) atomic_dec(&skb->users); else skb_queue_head(&sk->sk_receive_queue, skb); return -ENOSPC; } memcpy(skb_push(skb, MISDN_HEADER_LEN), mISDN_HEAD_P(skb), MISDN_HEADER_LEN); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); mISDN_sock_cmsg(sk, msg, skb); skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,drivers/isdn/mISDN/socket.c,https://github.com/torvalds/linux,109946884267745,1 139,CWE-347,"void set_module_sig_enforced(void) { sig_enforce = true; }",visit repo url,kernel/module.c,https://github.com/torvalds/linux,14366008066025,1 5561,[],"static int sig_ignored(struct task_struct *t, int sig, int from_ancestor_ns) { if (sigismember(&t->blocked, sig) || sigismember(&t->real_blocked, sig)) return 0; if (!sig_task_ignored(t, sig, from_ancestor_ns)) return 0; return !tracehook_consider_ignored_signal(t, sig); }",linux-2.6,,,56020556380315859126663239425624694271,0 875,CWE-20,"static void unix_copy_addr(struct msghdr *msg, struct sock *sk) { struct unix_sock *u = unix_sk(sk); msg->msg_namelen = 0; if (u->addr) { msg->msg_namelen = u->addr->len; memcpy(msg->msg_name, u->addr->name, u->addr->len); } }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,153126031543195,1 6047,CWE-190,"static void benaloh(void) { bdpe_t pub, prv; dig_t in, new; uint8_t out[RLC_BN_BITS / 8 + 1]; size_t out_len; bdpe_null(pub); bdpe_null(prv); bdpe_new(pub); bdpe_new(prv); BENCH_ONE(""cp_bdpe_gen"", cp_bdpe_gen(pub, prv, bn_get_prime(47), RLC_BN_BITS), 1); BENCH_RUN(""cp_bdpe_enc"") { out_len = RLC_BN_BITS / 8 + 1; rand_bytes(out, 1); in = out[0] % bn_get_prime(47); BENCH_ADD(cp_bdpe_enc(out, &out_len, in, pub)); cp_bdpe_dec(&new, out, out_len, prv); } BENCH_END; BENCH_RUN(""cp_bdpe_dec"") { out_len = RLC_BN_BITS / 8 + 1; rand_bytes(out, 1); in = out[0] % bn_get_prime(47); cp_bdpe_enc(out, &out_len, in, pub); BENCH_ADD(cp_bdpe_dec(&new, out, out_len, prv)); } BENCH_END; bdpe_free(pub); bdpe_free(prv); }",visit repo url,bench/bench_cp.c,https://github.com/relic-toolkit/relic,123629020865101,1 1113,['CWE-399'],"asmlinkage long sys32_sigaltstack(const stack_ia32_t __user *uss_ptr, stack_ia32_t __user *uoss_ptr, struct pt_regs *regs) { stack_t uss, uoss; int ret; mm_segment_t seg; if (uss_ptr) { u32 ptr; memset(&uss, 0, sizeof(stack_t)); if (!access_ok(VERIFY_READ, uss_ptr, sizeof(stack_ia32_t)) || __get_user(ptr, &uss_ptr->ss_sp) || __get_user(uss.ss_flags, &uss_ptr->ss_flags) || __get_user(uss.ss_size, &uss_ptr->ss_size)) return -EFAULT; uss.ss_sp = compat_ptr(ptr); } seg = get_fs(); set_fs(KERNEL_DS); ret = do_sigaltstack(uss_ptr ? &uss : NULL, &uoss, regs->sp); set_fs(seg); if (ret >= 0 && uoss_ptr) { if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t)) || __put_user(ptr_to_compat(uoss.ss_sp), &uoss_ptr->ss_sp) || __put_user(uoss.ss_flags, &uoss_ptr->ss_flags) || __put_user(uoss.ss_size, &uoss_ptr->ss_size)) ret = -EFAULT; } return ret; }",linux-2.6,,,266666254795109755130228985002177341696,0 3318,CWE-119,"header_put_le_int (SF_PRIVATE *psf, int x) { if (psf->headindex < SIGNED_SIZEOF (psf->header) - 4) { psf->header [psf->headindex++] = x ; psf->header [psf->headindex++] = (x >> 8) ; psf->header [psf->headindex++] = (x >> 16) ; psf->header [psf->headindex++] = (x >> 24) ; } ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,18255392469470,1 5545,[],"void ptrace_notify(int exit_code) { siginfo_t info; BUG_ON((exit_code & (0x7f | ~0xffff)) != SIGTRAP); memset(&info, 0, sizeof info); info.si_signo = SIGTRAP; info.si_code = exit_code; info.si_pid = task_pid_vnr(current); info.si_uid = current_uid(); spin_lock_irq(¤t->sighand->siglock); ptrace_stop(exit_code, 1, &info); spin_unlock_irq(¤t->sighand->siglock); }",linux-2.6,,,41854737981097246485965900653366084628,0 2244,CWE-787,"static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) { struct l2cap_conf_req *req = (struct l2cap_conf_req *) data; u16 dcid, flags; u8 rsp[64]; struct sock *sk; int len; dcid = __le16_to_cpu(req->dcid); flags = __le16_to_cpu(req->flags); BT_DBG(""dcid 0x%4.4x flags 0x%2.2x"", dcid, flags); sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid); if (!sk) return -ENOENT; if (sk->sk_state == BT_DISCONN) goto unlock; len = cmd_len - sizeof(*req); if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) { l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, L2CAP_CONF_REJECT, flags), rsp); goto unlock; } memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len); l2cap_pi(sk)->conf_len += len; if (flags & 0x0001) { l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, L2CAP_CONF_SUCCESS, 0x0001), rsp); goto unlock; } len = l2cap_parse_conf_req(sk, rsp); if (len < 0) goto unlock; l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); l2cap_pi(sk)->conf_len = 0; if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE)) goto unlock; if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) { sk->sk_state = BT_CONNECTED; l2cap_chan_ready(sk); goto unlock; } if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) { u8 buf[64]; l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, l2cap_build_conf_req(sk, buf), buf); } unlock: bh_unlock_sock(sk); return 0; }",visit repo url,net/bluetooth/l2cap.c,https://github.com/torvalds/linux,73455939486748,1 1050,CWE-399,"void xacct_add_tsk(struct taskstats *stats, struct task_struct *p) { stats->coremem = jiffies_to_usecs(p->acct_rss_mem1) * PAGE_SIZE / MB; stats->virtmem = jiffies_to_usecs(p->acct_vm_mem1) * PAGE_SIZE / MB; if (p->mm) { stats->hiwater_rss = p->mm->hiwater_rss * PAGE_SIZE / KB; stats->hiwater_vm = p->mm->hiwater_vm * PAGE_SIZE / KB; } stats->read_char = p->rchar; stats->write_char = p->wchar; stats->read_syscalls = p->syscr; stats->write_syscalls = p->syscw; }",visit repo url,kernel/tsacct.c,https://github.com/torvalds/linux,27115573412224,1 1965,['CWE-20'],"static int do_wp_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, spinlock_t *ptl, pte_t orig_pte) { struct page *old_page, *new_page; pte_t entry; int reuse = 0, ret = 0; int page_mkwrite = 0; struct page *dirty_page = NULL; old_page = vm_normal_page(vma, address, orig_pte); if (!old_page) goto gotten; if (PageAnon(old_page)) { if (!TestSetPageLocked(old_page)) { reuse = can_share_swap_page(old_page); unlock_page(old_page); } } else if (unlikely((vma->vm_flags & (VM_WRITE|VM_SHARED)) == (VM_WRITE|VM_SHARED))) { if (vma->vm_ops && vma->vm_ops->page_mkwrite) { page_cache_get(old_page); pte_unmap_unlock(page_table, ptl); if (vma->vm_ops->page_mkwrite(vma, old_page) < 0) goto unwritable_page; page_table = pte_offset_map_lock(mm, pmd, address, &ptl); page_cache_release(old_page); if (!pte_same(*page_table, orig_pte)) goto unlock; page_mkwrite = 1; } dirty_page = old_page; get_page(dirty_page); reuse = 1; } if (reuse) { flush_cache_page(vma, address, pte_pfn(orig_pte)); entry = pte_mkyoung(orig_pte); entry = maybe_mkwrite(pte_mkdirty(entry), vma); if (ptep_set_access_flags(vma, address, page_table, entry,1)) update_mmu_cache(vma, address, entry); ret |= VM_FAULT_WRITE; goto unlock; } page_cache_get(old_page); gotten: pte_unmap_unlock(page_table, ptl); if (unlikely(anon_vma_prepare(vma))) goto oom; VM_BUG_ON(old_page == ZERO_PAGE(0)); new_page = alloc_page_vma(GFP_HIGHUSER_MOVABLE, vma, address); if (!new_page) goto oom; cow_user_page(new_page, old_page, address, vma); __SetPageUptodate(new_page); if (mem_cgroup_charge(new_page, mm, GFP_KERNEL)) goto oom_free_new; page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { if (old_page) { page_remove_rmap(old_page, vma); if (!PageAnon(old_page)) { dec_mm_counter(mm, file_rss); inc_mm_counter(mm, anon_rss); } } else inc_mm_counter(mm, anon_rss); flush_cache_page(vma, address, pte_pfn(orig_pte)); entry = mk_pte(new_page, vma->vm_page_prot); entry = maybe_mkwrite(pte_mkdirty(entry), vma); ptep_clear_flush(vma, address, page_table); set_pte_at(mm, address, page_table, entry); update_mmu_cache(vma, address, entry); lru_cache_add_active(new_page); page_add_new_anon_rmap(new_page, vma, address); new_page = old_page; ret |= VM_FAULT_WRITE; } else mem_cgroup_uncharge_page(new_page); if (new_page) page_cache_release(new_page); if (old_page) page_cache_release(old_page); unlock: pte_unmap_unlock(page_table, ptl); if (dirty_page) { if (vma->vm_file) file_update_time(vma->vm_file); wait_on_page_locked(dirty_page); set_page_dirty_balance(dirty_page, page_mkwrite); put_page(dirty_page); } return ret; oom_free_new: page_cache_release(new_page); oom: if (old_page) page_cache_release(old_page); return VM_FAULT_OOM; unwritable_page: page_cache_release(old_page); return VM_FAULT_SIGBUS; }",linux-2.6,,,87135253547205852744146250267301199758,0 1961,CWE-401,"static int mlx5_fpga_conn_create_cq(struct mlx5_fpga_conn *conn, int cq_size) { struct mlx5_fpga_device *fdev = conn->fdev; struct mlx5_core_dev *mdev = fdev->mdev; u32 temp_cqc[MLX5_ST_SZ_DW(cqc)] = {0}; u32 out[MLX5_ST_SZ_DW(create_cq_out)]; struct mlx5_wq_param wqp; struct mlx5_cqe64 *cqe; int inlen, err, eqn; unsigned int irqn; void *cqc, *in; __be64 *pas; u32 i; cq_size = roundup_pow_of_two(cq_size); MLX5_SET(cqc, temp_cqc, log_cq_size, ilog2(cq_size)); wqp.buf_numa_node = mdev->priv.numa_node; wqp.db_numa_node = mdev->priv.numa_node; err = mlx5_cqwq_create(mdev, &wqp, temp_cqc, &conn->cq.wq, &conn->cq.wq_ctrl); if (err) return err; for (i = 0; i < mlx5_cqwq_get_size(&conn->cq.wq); i++) { cqe = mlx5_cqwq_get_wqe(&conn->cq.wq, i); cqe->op_own = MLX5_CQE_INVALID << 4 | MLX5_CQE_OWNER_MASK; } inlen = MLX5_ST_SZ_BYTES(create_cq_in) + sizeof(u64) * conn->cq.wq_ctrl.buf.npages; in = kvzalloc(inlen, GFP_KERNEL); if (!in) { err = -ENOMEM; goto err_cqwq; } err = mlx5_vector2eqn(mdev, smp_processor_id(), &eqn, &irqn); if (err) goto err_cqwq; cqc = MLX5_ADDR_OF(create_cq_in, in, cq_context); MLX5_SET(cqc, cqc, log_cq_size, ilog2(cq_size)); MLX5_SET(cqc, cqc, c_eqn, eqn); MLX5_SET(cqc, cqc, uar_page, fdev->conn_res.uar->index); MLX5_SET(cqc, cqc, log_page_size, conn->cq.wq_ctrl.buf.page_shift - MLX5_ADAPTER_PAGE_SHIFT); MLX5_SET64(cqc, cqc, dbr_addr, conn->cq.wq_ctrl.db.dma); pas = (__be64 *)MLX5_ADDR_OF(create_cq_in, in, pas); mlx5_fill_page_frag_array(&conn->cq.wq_ctrl.buf, pas); err = mlx5_core_create_cq(mdev, &conn->cq.mcq, in, inlen, out, sizeof(out)); kvfree(in); if (err) goto err_cqwq; conn->cq.mcq.cqe_sz = 64; conn->cq.mcq.set_ci_db = conn->cq.wq_ctrl.db.db; conn->cq.mcq.arm_db = conn->cq.wq_ctrl.db.db + 1; *conn->cq.mcq.set_ci_db = 0; *conn->cq.mcq.arm_db = 0; conn->cq.mcq.vector = 0; conn->cq.mcq.comp = mlx5_fpga_conn_cq_complete; conn->cq.mcq.event = mlx5_fpga_conn_cq_event; conn->cq.mcq.irqn = irqn; conn->cq.mcq.uar = fdev->conn_res.uar; tasklet_init(&conn->cq.tasklet, mlx5_fpga_conn_cq_tasklet, (unsigned long)conn); mlx5_fpga_dbg(fdev, ""Created CQ #0x%x\n"", conn->cq.mcq.cqn); goto out; err_cqwq: mlx5_wq_destroy(&conn->cq.wq_ctrl); out: return err; }",visit repo url,drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c,https://github.com/torvalds/linux,54039661090042,1 2232,NVD-CWE-noinfo,"static struct nfs4_state *nfs4_try_open_cached(struct nfs4_opendata *opendata) { struct nfs4_state *state = opendata->state; struct nfs_inode *nfsi = NFS_I(state->inode); struct nfs_delegation *delegation; int open_mode = opendata->o_arg.open_flags & (FMODE_READ|FMODE_WRITE|O_EXCL); nfs4_stateid stateid; int ret = -EAGAIN; for (;;) { if (can_open_cached(state, open_mode)) { spin_lock(&state->owner->so_lock); if (can_open_cached(state, open_mode)) { update_open_stateflags(state, open_mode); spin_unlock(&state->owner->so_lock); goto out_return_state; } spin_unlock(&state->owner->so_lock); } rcu_read_lock(); delegation = rcu_dereference(nfsi->delegation); if (delegation == NULL || !can_open_delegated(delegation, open_mode)) { rcu_read_unlock(); break; } memcpy(stateid.data, delegation->stateid.data, sizeof(stateid.data)); rcu_read_unlock(); ret = nfs_may_open(state->inode, state->owner->so_cred, open_mode); if (ret != 0) goto out; ret = -EAGAIN; if (update_open_stateid(state, NULL, &stateid, open_mode)) goto out_return_state; } out: return ERR_PTR(ret); out_return_state: atomic_inc(&state->count); return state; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,66560814656385,1 5907,['CWE-909'],"int tc_classify_compat(struct sk_buff *skb, struct tcf_proto *tp, struct tcf_result *res) { __be16 protocol = skb->protocol; int err = 0; for (; tp; tp = tp->next) { if ((tp->protocol == protocol || tp->protocol == htons(ETH_P_ALL)) && (err = tp->classify(skb, tp, res)) >= 0) { #ifdef CONFIG_NET_CLS_ACT if (err != TC_ACT_RECLASSIFY && skb->tc_verd) skb->tc_verd = SET_TC_VERD(skb->tc_verd, 0); #endif return err; } } return -1; }",linux-2.6,,,283626123133165426483031791260298089480,0 76,['CWE-787'],"static void cirrus_vga_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val) { #ifdef TARGET_WORDS_BIGENDIAN cirrus_vga_mem_writeb(opaque, addr, (val >> 8) & 0xff); cirrus_vga_mem_writeb(opaque, addr + 1, val & 0xff); #else cirrus_vga_mem_writeb(opaque, addr, val & 0xff); cirrus_vga_mem_writeb(opaque, addr + 1, (val >> 8) & 0xff); #endif }",qemu,,,297304067392823205998700698963039832553,0 6017,['CWE-200'],"static void cbq_sync_defmap(struct cbq_class *cl) { struct cbq_sched_data *q = qdisc_priv(cl->qdisc); struct cbq_class *split = cl->split; unsigned h; int i; if (split == NULL) return; for (i=0; i<=TC_PRIO_MAX; i++) { if (split->defaults[i] == cl && !(cl->defmap&(1<defaults[i] = NULL; } for (i=0; i<=TC_PRIO_MAX; i++) { int level = split->level; if (split->defaults[i]) continue; for (h=0; h<16; h++) { struct cbq_class *c; for (c = q->classes[h]; c; c = c->next) { if (c->split == split && c->level < level && c->defmap&(1<defaults[i] = c; level = c->level; } } } } }",linux-2.6,,,305585947141635292251556847138149234536,0 2522,CWE-119,"safe_fprintf(FILE *f, const char *fmt, ...) { char fmtbuff_stack[256]; char outbuff[256]; char *fmtbuff_heap; char *fmtbuff; int fmtbuff_length; int length, n; va_list ap; const char *p; unsigned i; wchar_t wc; char try_wc; fmtbuff_heap = NULL; fmtbuff_length = sizeof(fmtbuff_stack); fmtbuff = fmtbuff_stack; va_start(ap, fmt); length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap); va_end(ap); while (length < 0 || length >= fmtbuff_length) { if (length >= fmtbuff_length) fmtbuff_length = length+1; else if (fmtbuff_length < 8192) fmtbuff_length *= 2; else if (fmtbuff_length < 1000000) fmtbuff_length += fmtbuff_length / 4; else { length = fmtbuff_length; fmtbuff_heap[length-1] = '\0'; break; } free(fmtbuff_heap); fmtbuff_heap = malloc(fmtbuff_length); if (fmtbuff_heap != NULL) { fmtbuff = fmtbuff_heap; va_start(ap, fmt); length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap); va_end(ap); } else { length = sizeof(fmtbuff_stack) - 1; break; } } if (mbtowc(NULL, NULL, 1) == -1) { free(fmtbuff_heap); return; } p = fmtbuff; i = 0; try_wc = 1; while (*p != '\0') { if (try_wc && (n = mbtowc(&wc, p, length)) != -1) { length -= n; if (iswprint(wc) && wc != L'\\') { while (n-- > 0) outbuff[i++] = *p++; } else { while (n-- > 0) i += (unsigned)bsdtar_expand_char( outbuff, i, *p++); } } else { i += (unsigned)bsdtar_expand_char(outbuff, i, *p++); try_wc = 0; } if (i > (sizeof(outbuff) - 20)) { outbuff[i] = '\0'; fprintf(f, ""%s"", outbuff); i = 0; } } outbuff[i] = '\0'; fprintf(f, ""%s"", outbuff); free(fmtbuff_heap); }",visit repo url,tar/util.c,https://github.com/libarchive/libarchive,268190308690498,1 2214,['CWE-193'],"size_t iov_iter_single_seg_count(struct iov_iter *i) { const struct iovec *iov = i->iov; if (i->nr_segs == 1) return i->count; else return min(i->count, iov->iov_len - i->iov_offset); }",linux-2.6,,,53753966992339612675385070228746357782,0 5314,['CWE-119'],"static void tun_sock_write_space(struct sock *sk) { struct tun_struct *tun; if (!sock_writeable(sk)) return; if (!test_and_clear_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags)) return; if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) wake_up_interruptible_sync(sk->sk_sleep); tun = container_of(sk, struct tun_sock, sk)->tun; kill_fasync(&tun->fasync, SIGIO, POLL_OUT); }",linux-2.6,,,2472236397926234244511302922349834535,0 2958,CWE-264,"static int attach_child_main(void* data) { struct attach_clone_payload* payload = (struct attach_clone_payload*)data; int ipc_socket = payload->ipc_socket; int procfd = payload->procfd; lxc_attach_options_t* options = payload->options; struct lxc_proc_context_info* init_ctx = payload->init_ctx; #if HAVE_SYS_PERSONALITY_H long new_personality; #endif int ret; int status; int expected; long flags; int fd; uid_t new_uid; gid_t new_gid; expected = 0; status = -1; ret = lxc_read_nointr_expect(ipc_socket, &status, sizeof(status), &expected); if (ret <= 0) { ERROR(""error using IPC to receive notification from initial process (0)""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } if (!(options->namespaces & CLONE_NEWNS) && (options->attach_flags & LXC_ATTACH_REMOUNT_PROC_SYS)) { ret = lxc_attach_remount_sys_proc(); if (ret < 0) { shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } #if HAVE_SYS_PERSONALITY_H if (options->personality < 0) new_personality = init_ctx->personality; else new_personality = options->personality; if (options->attach_flags & LXC_ATTACH_SET_PERSONALITY) { ret = personality(new_personality); if (ret < 0) { SYSERROR(""could not ensure correct architecture""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } #endif if (options->attach_flags & LXC_ATTACH_DROP_CAPABILITIES) { ret = lxc_attach_drop_privs(init_ctx); if (ret < 0) { ERROR(""could not drop privileges""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } ret = lxc_attach_set_environment(options->env_policy, options->extra_env_vars, options->extra_keep_env); if (ret < 0) { ERROR(""could not set initial environment for attached process""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } new_uid = 0; new_gid = 0; if (options->namespaces & CLONE_NEWUSER) lxc_attach_get_init_uidgid(&new_uid, &new_gid); if (options->uid != (uid_t)-1) new_uid = options->uid; if (options->gid != (gid_t)-1) new_gid = options->gid; if (options->stdin_fd && isatty(options->stdin_fd)) { if (setsid() < 0) { SYSERROR(""unable to setsid""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } if (ioctl(options->stdin_fd, TIOCSCTTY, (char *)NULL) < 0) { SYSERROR(""unable to TIOCSTTY""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } if ((new_gid != 0 || options->namespaces & CLONE_NEWUSER)) { if (setgid(new_gid) || setgroups(0, NULL)) { SYSERROR(""switching to container gid""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } if ((new_uid != 0 || options->namespaces & CLONE_NEWUSER) && setuid(new_uid)) { SYSERROR(""switching to container uid""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } status = 1; ret = lxc_write_nointr(ipc_socket, &status, sizeof(status)); if (ret != sizeof(status)) { ERROR(""error using IPC to notify initial process for initialization (1)""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } expected = 2; status = -1; ret = lxc_read_nointr_expect(ipc_socket, &status, sizeof(status), &expected); if (ret <= 0) { ERROR(""error using IPC to receive final notification from initial process (2)""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } shutdown(ipc_socket, SHUT_RDWR); close(ipc_socket); if ((init_ctx->container && init_ctx->container->lxc_conf && init_ctx->container->lxc_conf->no_new_privs) || (options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) { if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) { SYSERROR(""PR_SET_NO_NEW_PRIVS could not be set. "" ""Process can use execve() gainable "" ""privileges.""); rexit(-1); } INFO(""PR_SET_NO_NEW_PRIVS is set. Process cannot use execve() "" ""gainable privileges.""); } if ((options->namespaces & CLONE_NEWNS) && (options->attach_flags & LXC_ATTACH_LSM) && init_ctx->lsm_label) { int on_exec; on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? 1 : 0; if (lsm_set_label_at(procfd, on_exec, init_ctx->lsm_label) < 0) { rexit(-1); } } if (init_ctx->container && init_ctx->container->lxc_conf && init_ctx->container->lxc_conf->seccomp && (lxc_seccomp_load(init_ctx->container->lxc_conf) != 0)) { ERROR(""Loading seccomp policy""); rexit(-1); } lxc_proc_put_context_info(init_ctx); if (options->stdin_fd >= 0 && options->stdin_fd != 0) dup2(options->stdin_fd, 0); if (options->stdout_fd >= 0 && options->stdout_fd != 1) dup2(options->stdout_fd, 1); if (options->stderr_fd >= 0 && options->stderr_fd != 2) dup2(options->stderr_fd, 2); if (options->stdin_fd > 2) close(options->stdin_fd); if (options->stdout_fd > 2) close(options->stdout_fd); if (options->stderr_fd > 2) close(options->stderr_fd); for (fd = 0; fd <= 2; fd++) { flags = fcntl(fd, F_GETFL); if (flags < 0) continue; if (flags & FD_CLOEXEC) if (fcntl(fd, F_SETFL, flags & ~FD_CLOEXEC) < 0) SYSERROR(""Unable to clear CLOEXEC from fd""); } close(procfd); rexit(payload->exec_function(payload->exec_payload)); }",visit repo url,src/lxc/attach.c,https://github.com/lxc/lxc,41193617569654,1 2740,CWE-476," */ static void php_wddx_pop_element(void *user_data, const XML_Char *name) { st_entry *ent1, *ent2; wddx_stack *stack = (wddx_stack *)user_data; HashTable *target_hash; zend_class_entry *pce; zval obj; if (stack->top == 0) { return; } if (!strcmp((char *)name, EL_STRING) || !strcmp((char *)name, EL_NUMBER) || !strcmp((char *)name, EL_BOOLEAN) || !strcmp((char *)name, EL_NULL) || !strcmp((char *)name, EL_ARRAY) || !strcmp((char *)name, EL_STRUCT) || !strcmp((char *)name, EL_RECORDSET) || !strcmp((char *)name, EL_BINARY) || !strcmp((char *)name, EL_DATETIME)) { wddx_stack_top(stack, (void**)&ent1); if (Z_TYPE(ent1->data) == IS_UNDEF) { if (stack->top > 1) { stack->top--; } else { stack->done = 1; } efree(ent1); return; } if (!strcmp((char *)name, EL_BINARY)) { zend_string *new_str = php_base64_decode( (unsigned char *)Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); zval_ptr_dtor(&ent1->data); ZVAL_STR(&ent1->data, new_str); } if (Z_TYPE(ent1->data) == IS_OBJECT) { zval fname, retval; ZVAL_STRING(&fname, ""__wakeup""); call_user_function_ex(NULL, &ent1->data, &fname, &retval, 0, 0, 0, NULL); zval_ptr_dtor(&fname); zval_ptr_dtor(&retval); } if (stack->top > 1) { stack->top--; wddx_stack_top(stack, (void**)&ent2); if (ent2->type == ST_FIELD && Z_ISUNDEF(ent2->data)) { zval_ptr_dtor(&ent1->data); efree(ent1); return; } if (Z_TYPE(ent2->data) == IS_ARRAY || Z_TYPE(ent2->data) == IS_OBJECT) { target_hash = HASH_OF(&ent2->data); if (ent1->varname) { if (!strcmp(ent1->varname, PHP_CLASS_NAME_VAR) && Z_TYPE(ent1->data) == IS_STRING && Z_STRLEN(ent1->data) && ent2->type == ST_STRUCT && Z_TYPE(ent2->data) == IS_ARRAY) { zend_bool incomplete_class = 0; zend_str_tolower(Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); zend_string_forget_hash_val(Z_STR(ent1->data)); if ((pce = zend_hash_find_ptr(EG(class_table), Z_STR(ent1->data))) == NULL) { incomplete_class = 1; pce = PHP_IC_ENTRY; } object_init_ex(&obj, pce); zend_hash_merge(Z_OBJPROP(obj), Z_ARRVAL(ent2->data), zval_add_ref, 0); if (incomplete_class) { php_store_class_name(&obj, Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); } zval_ptr_dtor(&ent2->data); ZVAL_COPY_VALUE(&ent2->data, &obj); zval_ptr_dtor(&ent1->data); } else if (Z_TYPE(ent2->data) == IS_OBJECT) { zend_class_entry *old_scope = EG(scope); EG(scope) = Z_OBJCE(ent2->data); add_property_zval(&ent2->data, ent1->varname, &ent1->data); if Z_REFCOUNTED(ent1->data) Z_DELREF(ent1->data); EG(scope) = old_scope; } else { zend_symtable_str_update(target_hash, ent1->varname, strlen(ent1->varname), &ent1->data); } efree(ent1->varname); } else { zend_hash_next_index_insert(target_hash, &ent1->data); } } efree(ent1); } else { stack->done = 1; } } else if (!strcmp((char *)name, EL_VAR) && stack->varname) { efree(stack->varname); stack->varname = NULL; } else if (!strcmp((char *)name, EL_FIELD)) { st_entry *ent; wddx_stack_top(stack, (void **)&ent); efree(ent); stack->top--; }",visit repo url,ext/wddx/wddx.c,https://github.com/php/php-src,75271249522785,1 5247,CWE-369,"pixBlockconvGray(PIX *pixs, PIX *pixacc, l_int32 wc, l_int32 hc) { l_int32 w, h, d, wpl, wpla; l_uint32 *datad, *dataa; PIX *pixd, *pixt; PROCNAME(""pixBlockconvGray""); if (!pixs) return (PIX *)ERROR_PTR(""pixs not defined"", procName, NULL); pixGetDimensions(pixs, &w, &h, &d); if (d != 8) return (PIX *)ERROR_PTR(""pixs not 8 bpp"", procName, NULL); if (wc < 0) wc = 0; if (hc < 0) hc = 0; if (wc == 0 && hc == 0) return pixCopy(NULL, pixs); if (w < 2 * wc + 1 || h < 2 * hc + 1) { L_WARNING(""kernel too large; returning a copy\n"", procName); L_INFO(""w = %d, wc = %d, h = %d, hc = %d\n"", procName, w, wc, h, hc); return pixCopy(NULL, pixs); } if (pixacc) { if (pixGetDepth(pixacc) == 32) { pixt = pixClone(pixacc); } else { L_WARNING(""pixacc not 32 bpp; making new one\n"", procName); if ((pixt = pixBlockconvAccum(pixs)) == NULL) return (PIX *)ERROR_PTR(""pixt not made"", procName, NULL); } } else { if ((pixt = pixBlockconvAccum(pixs)) == NULL) return (PIX *)ERROR_PTR(""pixt not made"", procName, NULL); } if ((pixd = pixCreateTemplate(pixs)) == NULL) { pixDestroy(&pixt); return (PIX *)ERROR_PTR(""pixd not made"", procName, NULL); } pixSetPadBits(pixt, 0); wpl = pixGetWpl(pixd); wpla = pixGetWpl(pixt); datad = pixGetData(pixd); dataa = pixGetData(pixt); blockconvLow(datad, w, h, wpl, dataa, wpla, wc, hc); pixDestroy(&pixt); return pixd; }",visit repo url,src/convolve.c,https://github.com/DanBloomberg/leptonica,14971024380222,1 4231,['CWE-399'],"struct Qdisc *qdisc_alloc(struct net_device *dev, struct Qdisc_ops *ops) { void *p; struct Qdisc *sch; unsigned int size; int err = -ENOBUFS; size = QDISC_ALIGN(sizeof(*sch)); size += ops->priv_size + (QDISC_ALIGNTO - 1); p = kzalloc(size, GFP_KERNEL); if (!p) goto errout; sch = (struct Qdisc *) QDISC_ALIGN((unsigned long) p); sch->padded = (char *) sch - (char *) p; INIT_LIST_HEAD(&sch->list); skb_queue_head_init(&sch->q); sch->ops = ops; sch->enqueue = ops->enqueue; sch->dequeue = ops->dequeue; sch->dev = dev; dev_hold(dev); atomic_set(&sch->refcnt, 1); return sch; errout: return ERR_PTR(-err); }",linux-2.6,,,166682568176690698709563372529135439757,0 6149,['CWE-200'],"static struct neighbour **neigh_hash_alloc(unsigned int entries) { unsigned long size = entries * sizeof(struct neighbour *); struct neighbour **ret; if (size <= PAGE_SIZE) { ret = kmalloc(size, GFP_ATOMIC); } else { ret = (struct neighbour **) __get_free_pages(GFP_ATOMIC, get_order(size)); } if (ret) memset(ret, 0, size); return ret; }",linux-2.6,,,104333067020317370873925750948603201248,0 3115,CWE-119,"bool initiate_stratum(struct pool *pool) { char s[RBUFSIZE], *sret = NULL, *nonce1, *sessionid; json_t *val = NULL, *res_val, *err_val; bool ret = false, recvd = false; json_error_t err; int n2size; if (!setup_stratum_curl(pool)) goto out; resend: if (pool->sessionid) sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": [\""%s\""]}"", swork_id++, pool->sessionid); else sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": []}"", swork_id++); if (!__stratum_send(pool, s, strlen(s))) { applog(LOG_DEBUG, ""Failed to send s in initiate_stratum""); goto out; } if (!socket_full(pool, true)) { applog(LOG_DEBUG, ""Timed out waiting for response in initiate_stratum""); goto out; } sret = recv_line(pool); if (!sret) goto out; recvd = true; val = JSON_LOADS(sret, &err); free(sret); if (!val) { applog(LOG_INFO, ""JSON decode failed(%d): %s"", err.line, err.text); goto out; } res_val = json_object_get(val, ""result""); err_val = json_object_get(val, ""error""); if (!res_val || json_is_null(res_val) || (err_val && !json_is_null(err_val))) { char *ss; if (err_val) ss = json_dumps(err_val, JSON_INDENT(3)); else ss = strdup(""(unknown reason)""); applog(LOG_INFO, ""JSON-RPC decode failed: %s"", ss); free(ss); goto out; } sessionid = json_array_string(json_array_get(res_val, 0), 1); if (!sessionid) { applog(LOG_INFO, ""Failed to get sessionid in initiate_stratum""); goto out; } nonce1 = json_array_string(res_val, 1); if (!nonce1) { applog(LOG_INFO, ""Failed to get nonce1 in initiate_stratum""); free(sessionid); goto out; } n2size = json_integer_value(json_array_get(res_val, 2)); if (!n2size) { applog(LOG_INFO, ""Failed to get n2size in initiate_stratum""); free(sessionid); free(nonce1); goto out; } mutex_lock(&pool->pool_lock); pool->sessionid = sessionid; free(pool->nonce1); pool->nonce1 = nonce1; pool->n1_len = strlen(nonce1) / 2; pool->n2size = n2size; mutex_unlock(&pool->pool_lock); applog(LOG_DEBUG, ""Pool %d stratum session id: %s"", pool->pool_no, pool->sessionid); ret = true; out: if (val) json_decref(val); if (ret) { if (!pool->stratum_url) pool->stratum_url = pool->sockaddr_url; pool->stratum_active = true; pool->swork.diff = 1; if (opt_protocol) { applog(LOG_DEBUG, ""Pool %d confirmed mining.subscribe with extranonce1 %s extran2size %d"", pool->pool_no, pool->nonce1, pool->n2size); } } else { if (recvd && pool->sessionid) { mutex_lock(&pool->pool_lock); free(pool->sessionid); free(pool->nonce1); pool->sessionid = pool->nonce1 = NULL; mutex_unlock(&pool->pool_lock); applog(LOG_DEBUG, ""Failed to resume stratum, trying afresh""); goto resend; } applog(LOG_DEBUG, ""Initiate stratum failed""); if (pool->sock != INVSOCK) { shutdown(pool->sock, SHUT_RDWR); pool->sock = INVSOCK; } } return ret; }",visit repo url,util.c,https://github.com/luke-jr/bfgminer,57050897328724,1 2943,['CWE-189'],"static void jas_icctxt_destroy(jas_iccattrval_t *attrval) { jas_icctxt_t *txt = &attrval->data.txt; if (txt->string) { jas_free(txt->string); txt->string = 0; } }",jasper,,,70096534267163086585889022968381725538,0 746,CWE-20,"int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, struct sockaddr_storage *kern_address, int mode) { int tot_len; if (kern_msg->msg_namelen) { if (mode == VERIFY_READ) { int err = move_addr_to_kernel(kern_msg->msg_name, kern_msg->msg_namelen, kern_address); if (err < 0) return err; } kern_msg->msg_name = kern_address; } else kern_msg->msg_name = NULL; tot_len = iov_from_user_compat_to_kern(kern_iov, (struct compat_iovec __user *)kern_msg->msg_iov, kern_msg->msg_iovlen); if (tot_len >= 0) kern_msg->msg_iov = kern_iov; return tot_len; }",visit repo url,net/compat.c,https://github.com/torvalds/linux,209053982154124,1 3004,['CWE-189'],"static int jas_icclut8_output(jas_iccattrval_t *attrval, jas_stream_t *out) { jas_icclut8_t *lut8 = &attrval->data.lut8; int i; int j; int n; lut8->clut = 0; lut8->intabs = 0; lut8->intabsbuf = 0; lut8->outtabs = 0; lut8->outtabsbuf = 0; if (jas_stream_putc(out, lut8->numinchans) == EOF || jas_stream_putc(out, lut8->numoutchans) == EOF || jas_stream_putc(out, lut8->clutlen) == EOF || jas_stream_putc(out, 0) == EOF) goto error; for (i = 0; i < 3; ++i) { for (j = 0; j < 3; ++j) { if (jas_iccputsint32(out, lut8->e[i][j])) goto error; } } if (jas_iccputuint16(out, lut8->numintabents) || jas_iccputuint16(out, lut8->numouttabents)) goto error; n = lut8->numinchans * lut8->numintabents; for (i = 0; i < n; ++i) { if (jas_iccputuint8(out, lut8->intabsbuf[i])) goto error; } n = lut8->numoutchans * lut8->numouttabents; for (i = 0; i < n; ++i) { if (jas_iccputuint8(out, lut8->outtabsbuf[i])) goto error; } n = jas_iccpowi(lut8->clutlen, lut8->numinchans) * lut8->numoutchans; for (i = 0; i < n; ++i) { if (jas_iccputuint8(out, lut8->clut[i])) goto error; } return 0; error: return -1; }",jasper,,,267035057070452603337601866837548426563,0 3833,[],"int cap_inode_need_killpriv(struct dentry *dentry) { struct inode *inode = dentry->d_inode; int error; if (!inode->i_op || !inode->i_op->getxattr) return 0; error = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, NULL, 0); if (error <= 0) return 0; return 1; }",linux-2.6,,,48901113585978580139357915477909363260,0 4589,CWE-190,"s32 vvc_parse_picture_header(GF_BitStream *bs, VVCState *vvc, VVCSliceInfo *si) { u32 pps_id; si->irap_or_gdr_pic = gf_bs_read_int_log(bs, 1, ""irap_or_gdr_pic""); si->non_ref_pic = gf_bs_read_int_log(bs, 1, ""non_ref_pic""); if (si->irap_or_gdr_pic) si->gdr_pic = gf_bs_read_int_log(bs, 1, ""gdr_pic""); if ((si->inter_slice_allowed_flag = gf_bs_read_int_log(bs, 1, ""inter_slice_allowed_flag""))) si->intra_slice_allowed_flag = gf_bs_read_int_log(bs, 1, ""intra_slice_allowed_flag""); pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if (pps_id >= 64) return -1; si->pps = &vvc->pps[pps_id]; si->sps = &vvc->sps[si->pps->sps_id]; si->poc_lsb = gf_bs_read_int_log(bs, si->sps->log2_max_poc_lsb, ""poc_lsb""); si->recovery_point_valid = 0; si->gdr_recovery_count = 0; if (si->gdr_pic) { si->recovery_point_valid = 1; si->gdr_recovery_count = gf_bs_read_ue_log(bs, ""gdr_recovery_count""); } gf_bs_read_int_log(bs, si->sps->ph_num_extra_bits, ""ph_extra_bits""); if (si->sps->poc_msb_cycle_flag) { if ( (si->poc_msb_cycle_present_flag = gf_bs_read_int_log(bs, 1, ""poc_msb_cycle_present_flag""))) { si->poc_msb_cycle = gf_bs_read_int_log(bs, si->sps->poc_msb_cycle_len, ""poc_msb_cycle""); } } return 0; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,139454496834564,1 6496,['CWE-20'],"setup_syscalls_segments(struct x86_emulate_ctxt *ctxt, struct kvm_segment *cs, struct kvm_segment *ss) { memset(cs, 0, sizeof(struct kvm_segment)); kvm_x86_ops->get_segment(ctxt->vcpu, cs, VCPU_SREG_CS); memset(ss, 0, sizeof(struct kvm_segment)); cs->l = 0; cs->base = 0; cs->g = 1; cs->limit = 0xffffffff; cs->type = 0x0b; cs->s = 1; cs->dpl = 0; cs->present = 1; cs->db = 1; ss->unusable = 0; ss->base = 0; ss->limit = 0xffffffff; ss->g = 1; ss->s = 1; ss->type = 0x03; ss->db = 1; ss->dpl = 0; ss->present = 1; }",kvm,,,41505413980803765914561597662465907366,0 4947,['CWE-20'],"int find_dirent_index(nfs_readdir_descriptor_t *desc) { struct nfs_entry *entry = desc->entry; int loop_count = 0, status; for(;;) { status = dir_decode(desc); if (status) break; dfprintk(DIRCACHE, ""NFS: found cookie %Lu at index %Ld\n"", (unsigned long long)entry->cookie, desc->current_index); if (desc->file->f_pos == desc->current_index) { *desc->dir_cookie = entry->cookie; break; } desc->current_index++; if (loop_count++ > 200) { loop_count = 0; schedule(); } } return status; }",linux-2.6,,,309171084309578240205110725460105197834,0 3511,CWE-20,"int read_xattrs_from_disk(int fd, struct squashfs_super_block *sBlk, int flag, long long *table_start) { int res, bytes, i, indexes, index_bytes, ids; long long *index, start, end; struct squashfs_xattr_table id_table; TRACE(""read_xattrs_from_disk\n""); if(sBlk->xattr_id_table_start == SQUASHFS_INVALID_BLK) return SQUASHFS_INVALID_BLK; res = read_fs_bytes(fd, sBlk->xattr_id_table_start, sizeof(id_table), &id_table); if(res == 0) return 0; SQUASHFS_INSWAP_XATTR_TABLE(&id_table); if(flag) { *table_start = id_table.xattr_table_start; return id_table.xattr_ids; } ids = id_table.xattr_ids; xattr_table_start = id_table.xattr_table_start; index_bytes = SQUASHFS_XATTR_BLOCK_BYTES(ids); indexes = SQUASHFS_XATTR_BLOCKS(ids); index = malloc(index_bytes); if(index == NULL) MEM_ERROR(); res = read_fs_bytes(fd, sBlk->xattr_id_table_start + sizeof(id_table), index_bytes, index); if(res ==0) goto failed1; SQUASHFS_INSWAP_LONG_LONGS(index, indexes); bytes = SQUASHFS_XATTR_BYTES(ids); xattr_ids = malloc(bytes); if(xattr_ids == NULL) MEM_ERROR(); for(i = 0; i < indexes; i++) { int expected = (i + 1) != indexes ? SQUASHFS_METADATA_SIZE : bytes & (SQUASHFS_METADATA_SIZE - 1); int length = read_block(fd, index[i], NULL, expected, ((unsigned char *) xattr_ids) + (i * SQUASHFS_METADATA_SIZE)); TRACE(""Read xattr id table block %d, from 0x%llx, length "" ""%d\n"", i, index[i], length); if(length == 0) { ERROR(""Failed to read xattr id table block %d, "" ""from 0x%llx, length %d\n"", i, index[i], length); goto failed2; } } start = xattr_table_start; end = index[0]; for(i = 0; start < end; i++) { int length; xattrs = realloc(xattrs, (i + 1) * SQUASHFS_METADATA_SIZE); if(xattrs == NULL) MEM_ERROR(); save_xattr_block(start, i * SQUASHFS_METADATA_SIZE); length = read_block(fd, start, &start, 0, ((unsigned char *) xattrs) + (i * SQUASHFS_METADATA_SIZE)); TRACE(""Read xattr block %d, length %d\n"", i, length); if(length == 0) { ERROR(""Failed to read xattr block %d\n"", i); goto failed3; } if(start != end && length != SQUASHFS_METADATA_SIZE) { ERROR(""Xattr block %d should be %d bytes in length, "" ""it is %d bytes\n"", i, SQUASHFS_METADATA_SIZE, length); goto failed3; } } for(i = 0; i < ids; i++) SQUASHFS_INSWAP_XATTR_ID(&xattr_ids[i]); free(index); return ids; failed3: free(xattrs); failed2: free(xattr_ids); failed1: free(index); return 0; }",visit repo url,squashfs-tools/read_xattrs.c,https://github.com/plougher/squashfs-tools,59556073409303,1 200,[],"static int atalk_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { struct sockaddr_at *addr = (struct sockaddr_at *)uaddr; struct sock *sk = sock->sk; struct atalk_sock *at = at_sk(sk); if (!sk->sk_zapped || addr_len != sizeof(struct sockaddr_at)) return -EINVAL; if (addr->sat_family != AF_APPLETALK) return -EAFNOSUPPORT; if (addr->sat_addr.s_net == htons(ATADDR_ANYNET)) { struct atalk_addr *ap = atalk_find_primary(); if (!ap) return -EADDRNOTAVAIL; at->src_net = addr->sat_addr.s_net = ap->s_net; at->src_node = addr->sat_addr.s_node= ap->s_node; } else { if (!atalk_find_interface(addr->sat_addr.s_net, addr->sat_addr.s_node)) return -EADDRNOTAVAIL; at->src_net = addr->sat_addr.s_net; at->src_node = addr->sat_addr.s_node; } if (addr->sat_port == ATADDR_ANYPORT) { int n = atalk_pick_and_bind_port(sk, addr); if (n < 0) return n; } else { at->src_port = addr->sat_port; if (atalk_find_or_insert_socket(sk, addr)) return -EADDRINUSE; } sk->sk_zapped = 0; return 0; }",history,,,280805212141536519977081868200314509869,0 1404,CWE-310,"static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_hash rhash; snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""ahash""); rhash.blocksize = alg->cra_blocksize; rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize; if (nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(struct crypto_report_hash), &rhash)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/ahash.c,https://github.com/torvalds/linux,20391327011751,1 5708,['CWE-200'],"static int llc_ui_release(struct socket *sock) { struct sock *sk = sock->sk; struct llc_sock *llc; if (unlikely(sk == NULL)) goto out; sock_hold(sk); lock_sock(sk); llc = llc_sk(sk); dprintk(""%s: closing local(%02X) remote(%02X)\n"", __func__, llc->laddr.lsap, llc->daddr.lsap); if (!llc_send_disc(sk)) llc_ui_wait_for_disc(sk, sk->sk_rcvtimeo); if (!sock_flag(sk, SOCK_ZAPPED)) { llc_sap_put(llc->sap); llc_sap_remove_socket(llc->sap, sk); } release_sock(sk); if (llc->dev) dev_put(llc->dev); sock_put(sk); llc_sk_free(sk); out: return 0; }",linux-2.6,,,231373381136000756830318710992959800329,0 5704,['CWE-200'],"static inline u8 llc_ui_addr_null(struct sockaddr_llc *addr) { return !memcmp(addr, &llc_ui_addrnull, sizeof(*addr)); }",linux-2.6,,,701234639042372345464854604375130095,0 5354,CWE-787,"static void write_version( FILE *fp, const char *fname, const char *dirname, xref_t *xref) { long start; char *c, *new_fname, data; FILE *new_fp; start = ftell(fp); if ((c = strstr(fname, "".pdf""))) *c = '\0'; new_fname = malloc(strlen(fname) + strlen(dirname) + 16); snprintf(new_fname, strlen(fname) + strlen(dirname) + 16, ""%s/%s-version-%d.pdf"", dirname, fname, xref->version); if (!(new_fp = fopen(new_fname, ""w""))) { ERR(""Could not create file '%s'\n"", new_fname); fseek(fp, start, SEEK_SET); free(new_fname); return; } fseek(fp, 0, SEEK_SET); while (fread(&data, 1, 1, fp)) fwrite(&data, 1, 1, new_fp); fprintf(new_fp, ""\r\nstartxref\r\n%ld\r\n%%%%EOF"", xref->start); fclose(new_fp); free(new_fname); fseek(fp, start, SEEK_SET); }",visit repo url,main.c,https://github.com/enferex/pdfresurrect,43708363561896,1 5057,['CWE-20'],"static int handle_io(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { unsigned long exit_qualification; int size, in, string; unsigned port; ++vcpu->stat.io_exits; exit_qualification = vmcs_readl(EXIT_QUALIFICATION); string = (exit_qualification & 16) != 0; if (string) { if (emulate_instruction(vcpu, kvm_run, 0, 0, 0) == EMULATE_DO_MMIO) return 0; return 1; } size = (exit_qualification & 7) + 1; in = (exit_qualification & 8) != 0; port = exit_qualification >> 16; skip_emulated_instruction(vcpu); return kvm_emulate_pio(vcpu, kvm_run, in, size, port); }",linux-2.6,,,246825683454574546413969376338395280847,0 5760,['CWE-200'],"static int rose_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { struct sock *sk = sock->sk; struct rose_sock *rose = rose_sk(sk); void __user *argp = (void __user *)arg; switch (cmd) { case TIOCOUTQ: { long amount; amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk); if (amount < 0) amount = 0; return put_user(amount, (unsigned int __user *) argp); } case TIOCINQ: { struct sk_buff *skb; long amount = 0L; if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) amount = skb->len; return put_user(amount, (unsigned int __user *) argp); } case SIOCGSTAMP: return sock_get_timestamp(sk, (struct timeval __user *) argp); case SIOCGSTAMPNS: return sock_get_timestampns(sk, (struct timespec __user *) argp); case SIOCGIFADDR: case SIOCSIFADDR: case SIOCGIFDSTADDR: case SIOCSIFDSTADDR: case SIOCGIFBRDADDR: case SIOCSIFBRDADDR: case SIOCGIFNETMASK: case SIOCSIFNETMASK: case SIOCGIFMETRIC: case SIOCSIFMETRIC: return -EINVAL; case SIOCADDRT: case SIOCDELRT: case SIOCRSCLRRT: if (!capable(CAP_NET_ADMIN)) return -EPERM; return rose_rt_ioctl(cmd, argp); case SIOCRSGCAUSE: { struct rose_cause_struct rose_cause; rose_cause.cause = rose->cause; rose_cause.diagnostic = rose->diagnostic; return copy_to_user(argp, &rose_cause, sizeof(struct rose_cause_struct)) ? -EFAULT : 0; } case SIOCRSSCAUSE: { struct rose_cause_struct rose_cause; if (copy_from_user(&rose_cause, argp, sizeof(struct rose_cause_struct))) return -EFAULT; rose->cause = rose_cause.cause; rose->diagnostic = rose_cause.diagnostic; return 0; } case SIOCRSSL2CALL: if (!capable(CAP_NET_ADMIN)) return -EPERM; if (ax25cmp(&rose_callsign, &null_ax25_address) != 0) ax25_listen_release(&rose_callsign, NULL); if (copy_from_user(&rose_callsign, argp, sizeof(ax25_address))) return -EFAULT; if (ax25cmp(&rose_callsign, &null_ax25_address) != 0) return ax25_listen_register(&rose_callsign, NULL); return 0; case SIOCRSGL2CALL: return copy_to_user(argp, &rose_callsign, sizeof(ax25_address)) ? -EFAULT : 0; case SIOCRSACCEPT: if (rose->state == ROSE_STATE_5) { rose_write_internal(sk, ROSE_CALL_ACCEPTED); rose_start_idletimer(sk); rose->condition = 0x00; rose->vs = 0; rose->va = 0; rose->vr = 0; rose->vl = 0; rose->state = ROSE_STATE_3; } return 0; default: return -ENOIOCTLCMD; } return 0; }",linux-2.6,,,245261112377161874696202097902266858333,0 5241,['CWE-264'],"static void print_canon_ace(canon_ace *pace, int num) { dbgtext( ""canon_ace index %d. Type = %s "", num, pace->attr == ALLOW_ACE ? ""allow"" : ""deny"" ); dbgtext( ""SID = %s "", sid_string_dbg(&pace->trustee)); if (pace->owner_type == UID_ACE) { const char *u_name = uidtoname(pace->unix_ug.uid); dbgtext( ""uid %u (%s) "", (unsigned int)pace->unix_ug.uid, u_name ); } else if (pace->owner_type == GID_ACE) { char *g_name = gidtoname(pace->unix_ug.gid); dbgtext( ""gid %u (%s) "", (unsigned int)pace->unix_ug.gid, g_name ); } else dbgtext( ""other ""); switch (pace->type) { case SMB_ACL_USER: dbgtext( ""SMB_ACL_USER ""); break; case SMB_ACL_USER_OBJ: dbgtext( ""SMB_ACL_USER_OBJ ""); break; case SMB_ACL_GROUP: dbgtext( ""SMB_ACL_GROUP ""); break; case SMB_ACL_GROUP_OBJ: dbgtext( ""SMB_ACL_GROUP_OBJ ""); break; case SMB_ACL_OTHER: dbgtext( ""SMB_ACL_OTHER ""); break; default: dbgtext( ""MASK "" ); break; } if (pace->inherited) dbgtext( ""(inherited) ""); dbgtext( ""perms ""); dbgtext( ""%c"", pace->perms & S_IRUSR ? 'r' : '-'); dbgtext( ""%c"", pace->perms & S_IWUSR ? 'w' : '-'); dbgtext( ""%c\n"", pace->perms & S_IXUSR ? 'x' : '-'); }",samba,,,165141962222148914801020189857437605299,0 5928,CWE-120,"static Jsi_Value *jsi_hashFmtKey(Jsi_MapEntry* h, struct Jsi_MapOpts *opts, int flags) { Jsi_HashEntry* hPtr = (Jsi_HashEntry*)h; void *key = Jsi_HashKeyGet(hPtr); if (opts->keyType == JSI_KEYS_ONEWORD) return Jsi_ValueNewNumber(opts->interp, (Jsi_Number)(intptr_t)key); char nbuf[100]; snprintf(nbuf, sizeof(nbuf), ""%p"", key); return Jsi_ValueNewStringDup(opts->interp, nbuf); }",visit repo url,src/jsiHash.c,https://github.com/pcmacdon/jsish,50591736711610,1 654,[],"unsigned int dccp_poll(struct file *file, struct socket *sock, poll_table *wait) { unsigned int mask; struct sock *sk = sock->sk; poll_wait(file, sk->sk_sleep, wait); if (sk->sk_state == DCCP_LISTEN) return inet_csk_listen_poll(sk); mask = 0; if (sk->sk_err) mask = POLLERR; if (sk->sk_shutdown == SHUTDOWN_MASK || sk->sk_state == DCCP_CLOSED) mask |= POLLHUP; if (sk->sk_shutdown & RCV_SHUTDOWN) mask |= POLLIN | POLLRDNORM | POLLRDHUP; if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_RESPOND)) { if (atomic_read(&sk->sk_rmem_alloc) > 0) mask |= POLLIN | POLLRDNORM; if (!(sk->sk_shutdown & SEND_SHUTDOWN)) { if (sk_stream_wspace(sk) >= sk_stream_min_wspace(sk)) { mask |= POLLOUT | POLLWRNORM; } else { set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags); set_bit(SOCK_NOSPACE, &sk->sk_socket->flags); if (sk_stream_wspace(sk) >= sk_stream_min_wspace(sk)) mask |= POLLOUT | POLLWRNORM; } } } return mask; }",linux-2.6,,,104562265851635842767776967256160737655,0 2100,CWE-20,"static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) { __u32 __user *uaddr = (__u32 __user *)(unsigned long)reg->addr; struct kvm_regs *regs = vcpu_gp_regs(vcpu); int nr_regs = sizeof(*regs) / sizeof(__u32); __uint128_t tmp; void *valp = &tmp; u64 off; int err = 0; off = core_reg_offset_from_id(reg->id); if (off >= nr_regs || (off + (KVM_REG_SIZE(reg->id) / sizeof(__u32))) >= nr_regs) return -ENOENT; if (validate_core_offset(reg)) return -EINVAL; if (KVM_REG_SIZE(reg->id) > sizeof(tmp)) return -EINVAL; if (copy_from_user(valp, uaddr, KVM_REG_SIZE(reg->id))) { err = -EFAULT; goto out; } if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) { u32 mode = (*(u32 *)valp) & PSR_AA32_MODE_MASK; switch (mode) { case PSR_AA32_MODE_USR: case PSR_AA32_MODE_FIQ: case PSR_AA32_MODE_IRQ: case PSR_AA32_MODE_SVC: case PSR_AA32_MODE_ABT: case PSR_AA32_MODE_UND: case PSR_MODE_EL0t: case PSR_MODE_EL1t: case PSR_MODE_EL1h: break; default: err = -EINVAL; goto out; } } memcpy((u32 *)regs + off, valp, KVM_REG_SIZE(reg->id)); out: return err; }",visit repo url,arch/arm64/kvm/guest.c,https://github.com/torvalds/linux,61084934184834,1 4440,CWE-125,"mrb_vm_exec(mrb_state *mrb, const struct RProc *proc, const mrb_code *pc) { const mrb_irep *irep = proc->body.irep; const mrb_pool_value *pool = irep->pool; const mrb_sym *syms = irep->syms; mrb_code insn; int ai = mrb_gc_arena_save(mrb); struct mrb_jmpbuf *prev_jmp = mrb->jmp; struct mrb_jmpbuf c_jmp; uint32_t a; uint16_t b; uint16_t c; mrb_sym mid; const struct mrb_irep_catch_handler *ch; #ifdef DIRECT_THREADED static const void * const optable[] = { #define OPCODE(x,_) &&L_OP_ ## x, #include ""mruby/ops.h"" #undef OPCODE }; #endif mrb_bool exc_catched = FALSE; RETRY_TRY_BLOCK: MRB_TRY(&c_jmp) { if (exc_catched) { exc_catched = FALSE; mrb_gc_arena_restore(mrb, ai); if (mrb->exc && mrb->exc->tt == MRB_TT_BREAK) goto L_BREAK; goto L_RAISE; } mrb->jmp = &c_jmp; mrb_vm_ci_proc_set(mrb->c->ci, proc); #define regs (mrb->c->ci->stack) INIT_DISPATCH { CASE(OP_NOP, Z) { NEXT; } CASE(OP_MOVE, BB) { regs[a] = regs[b]; NEXT; } CASE(OP_LOADL, BB) { switch (pool[b].tt) { case IREP_TT_INT32: regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i32); break; case IREP_TT_INT64: #if defined(MRB_INT64) regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; #else #if defined(MRB_64BIT) if (INT32_MIN <= pool[b].u.i64 && pool[b].u.i64 <= INT32_MAX) { regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; } #endif goto L_INT_OVERFLOW; #endif case IREP_TT_BIGINT: #ifdef MRB_USE_BIGINT { const char *s = pool[b].u.str; regs[a] = mrb_bint_new_str(mrb, s+2, (mrb_int)s[0], (mrb_int)s[1]); } break; #else goto L_INT_OVERFLOW; #endif #ifndef MRB_NO_FLOAT case IREP_TT_FLOAT: regs[a] = mrb_float_value(mrb, pool[b].u.f); break; #endif default: regs[a] = mrb_nil_value(); break; } NEXT; } CASE(OP_LOADI, BB) { SET_FIXNUM_VALUE(regs[a], b); NEXT; } CASE(OP_LOADINEG, BB) { SET_FIXNUM_VALUE(regs[a], -b); NEXT; } CASE(OP_LOADI__1,B) goto L_LOADI; CASE(OP_LOADI_0,B) goto L_LOADI; CASE(OP_LOADI_1,B) goto L_LOADI; CASE(OP_LOADI_2,B) goto L_LOADI; CASE(OP_LOADI_3,B) goto L_LOADI; CASE(OP_LOADI_4,B) goto L_LOADI; CASE(OP_LOADI_5,B) goto L_LOADI; CASE(OP_LOADI_6,B) goto L_LOADI; CASE(OP_LOADI_7, B) { L_LOADI: SET_FIXNUM_VALUE(regs[a], (mrb_int)insn - (mrb_int)OP_LOADI_0); NEXT; } CASE(OP_LOADI16, BS) { SET_FIXNUM_VALUE(regs[a], (mrb_int)(int16_t)b); NEXT; } CASE(OP_LOADI32, BSS) { SET_INT_VALUE(mrb, regs[a], (int32_t)(((uint32_t)b<<16)+c)); NEXT; } CASE(OP_LOADSYM, BB) { SET_SYM_VALUE(regs[a], syms[b]); NEXT; } CASE(OP_LOADNIL, B) { SET_NIL_VALUE(regs[a]); NEXT; } CASE(OP_LOADSELF, B) { regs[a] = regs[0]; NEXT; } CASE(OP_LOADT, B) { SET_TRUE_VALUE(regs[a]); NEXT; } CASE(OP_LOADF, B) { SET_FALSE_VALUE(regs[a]); NEXT; } CASE(OP_GETGV, BB) { mrb_value val = mrb_gv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETGV, BB) { mrb_gv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETSV, BB) { mrb_value val = mrb_vm_special_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETSV, BB) { mrb_vm_special_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIV, BB) { regs[a] = mrb_iv_get(mrb, regs[0], syms[b]); NEXT; } CASE(OP_SETIV, BB) { mrb_iv_set(mrb, regs[0], syms[b], regs[a]); NEXT; } CASE(OP_GETCV, BB) { mrb_value val; val = mrb_vm_cv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETCV, BB) { mrb_vm_cv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIDX, B) { mrb_value va = regs[a], vb = regs[a+1]; switch (mrb_type(va)) { case MRB_TT_ARRAY: if (!mrb_integer_p(vb)) goto getidx_fallback; regs[a] = mrb_ary_entry(va, mrb_integer(vb)); break; case MRB_TT_HASH: va = mrb_hash_get(mrb, va, vb); regs[a] = va; break; case MRB_TT_STRING: switch (mrb_type(vb)) { case MRB_TT_INTEGER: case MRB_TT_STRING: case MRB_TT_RANGE: va = mrb_str_aref(mrb, va, vb, mrb_undef_value()); regs[a] = va; break; default: goto getidx_fallback; } break; default: getidx_fallback: mid = MRB_OPSYM(aref); goto L_SEND_SYM; } NEXT; } CASE(OP_SETIDX, B) { c = 2; mid = MRB_OPSYM(aset); SET_NIL_VALUE(regs[a+3]); goto L_SENDB_SYM; } CASE(OP_GETCONST, BB) { mrb_value v = mrb_vm_const_get(mrb, syms[b]); regs[a] = v; NEXT; } CASE(OP_SETCONST, BB) { mrb_vm_const_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETMCNST, BB) { mrb_value v = mrb_const_get(mrb, regs[a], syms[b]); regs[a] = v; NEXT; } CASE(OP_SETMCNST, BB) { mrb_const_set(mrb, regs[a+1], syms[b], regs[a]); NEXT; } CASE(OP_GETUPVAR, BBB) { mrb_value *regs_a = regs + a; struct REnv *e = uvenv(mrb, c); if (e && b < MRB_ENV_LEN(e)) { *regs_a = e->stack[b]; } else { *regs_a = mrb_nil_value(); } NEXT; } CASE(OP_SETUPVAR, BBB) { struct REnv *e = uvenv(mrb, c); if (e) { mrb_value *regs_a = regs + a; if (b < MRB_ENV_LEN(e)) { e->stack[b] = *regs_a; mrb_write_barrier(mrb, (struct RBasic*)e); } } NEXT; } CASE(OP_JMP, S) { pc += (int16_t)a; JUMP; } CASE(OP_JMPIF, BS) { if (mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNOT, BS) { if (!mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNIL, BS) { if (mrb_nil_p(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPUW, S) { a = (uint32_t)((pc - irep->iseq) + (int16_t)a); CHECKPOINT_RESTORE(RBREAK_TAG_JUMP) { struct RBreak *brk = (struct RBreak*)mrb->exc; mrb_value target = mrb_break_value_get(brk); mrb_assert(mrb_integer_p(target)); a = (uint32_t)mrb_integer(target); mrb_assert(a >= 0 && a < irep->ilen); } CHECKPOINT_MAIN(RBREAK_TAG_JUMP) { ch = catch_handler_find(mrb, mrb->c->ci, pc, MRB_CATCH_FILTER_ENSURE); if (ch) { if (a < mrb_irep_catch_handler_unpack(ch->begin) || a >= mrb_irep_catch_handler_unpack(ch->end)) { THROW_TAGGED_BREAK(mrb, RBREAK_TAG_JUMP, proc, mrb_fixnum_value(a)); } } } CHECKPOINT_END(RBREAK_TAG_JUMP); mrb->exc = NULL; pc = irep->iseq + a; JUMP; } CASE(OP_EXCEPT, B) { mrb_value exc; if (mrb->exc == NULL) { exc = mrb_nil_value(); } else { switch (mrb->exc->tt) { case MRB_TT_BREAK: case MRB_TT_EXCEPTION: exc = mrb_obj_value(mrb->exc); break; default: mrb_assert(!""bad mrb_type""); exc = mrb_nil_value(); break; } mrb->exc = NULL; } regs[a] = exc; NEXT; } CASE(OP_RESCUE, BB) { mrb_value exc = regs[a]; mrb_value e = regs[b]; struct RClass *ec; switch (mrb_type(e)) { case MRB_TT_CLASS: case MRB_TT_MODULE: break; default: { mrb_value exc; exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""class or module required for rescue clause""); mrb_exc_set(mrb, exc); goto L_RAISE; } } ec = mrb_class_ptr(e); regs[b] = mrb_bool_value(mrb_obj_is_kind_of(mrb, exc, ec)); NEXT; } CASE(OP_RAISEIF, B) { mrb_value exc = regs[a]; if (mrb_break_p(exc)) { mrb->exc = mrb_obj_ptr(exc); goto L_BREAK; } mrb_exc_set(mrb, exc); if (mrb->exc) { goto L_RAISE; } NEXT; } CASE(OP_SSEND, BBB) { regs[a] = regs[0]; insn = OP_SEND; } goto L_SENDB; CASE(OP_SSENDB, BBB) { regs[a] = regs[0]; } goto L_SENDB; CASE(OP_SEND, BBB) goto L_SENDB; L_SEND_SYM: c = 1; SET_NIL_VALUE(regs[a+2]); goto L_SENDB_SYM; CASE(OP_SENDB, BBB) L_SENDB: mid = syms[b]; L_SENDB_SYM: { mrb_callinfo *ci = mrb->c->ci; mrb_method_t m; struct RClass *cls; mrb_value recv, blk; ARGUMENT_NORMALIZE(a, &c, insn); recv = regs[a]; cls = mrb_class(mrb, recv); m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &c, blk, 0); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, c); if (MRB_METHOD_CFUNC_P(m)) { if (MRB_METHOD_PROC_P(m)) { struct RProc *p = MRB_METHOD_PROC(m); mrb_vm_ci_proc_set(ci, p); recv = p->body.func(mrb, recv); } else { if (MRB_METHOD_NOARG_P(m)) { check_method_noarg(mrb, ci); } recv = MRB_METHOD_FUNC(m)(mrb, recv); } mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (p && !MRB_PROC_STRICT_P(p) && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } if (!ci->u.target_class) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return recv; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } ci->stack[0] = recv; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } } JUMP; CASE(OP_CALL, Z) { mrb_callinfo *ci = mrb->c->ci; mrb_value recv = ci->stack[0]; struct RProc *m = mrb_proc_ptr(recv); ci->u.target_class = MRB_PROC_TARGET_CLASS(m); mrb_vm_ci_proc_set(ci, m); if (MRB_PROC_ENV_P(m)) { ci->mid = MRB_PROC_ENV(m)->mid; } if (MRB_PROC_CFUNC_P(m)) { recv = MRB_PROC_CFUNC(m)(mrb, recv); mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = cipop(mrb); pc = ci->pc; ci[1].stack[0] = recv; irep = mrb->c->ci->proc->body.irep; } else { proc = m; irep = m->body.irep; if (!irep) { mrb->c->ci->stack[0] = mrb_nil_value(); a = 0; c = OP_R_NORMAL; goto L_OP_RETURN_BODY; } mrb_int nargs = mrb_ci_bidx(ci)+1; if (nargs < irep->nregs) { mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+nargs, irep->nregs-nargs); } if (MRB_PROC_ENV_P(m)) { regs[0] = MRB_PROC_ENV(m)->stack[0]; } pc = irep->iseq; } pool = irep->pool; syms = irep->syms; JUMP; } CASE(OP_SUPER, BB) { mrb_method_t m; struct RClass *cls; mrb_callinfo *ci = mrb->c->ci; mrb_value recv, blk; const struct RProc *p = ci->proc; mrb_sym mid = ci->mid; struct RClass* target_class = MRB_PROC_TARGET_CLASS(p); if (MRB_PROC_ENV_P(p) && p->e.env->mid && p->e.env->mid != mid) { mid = p->e.env->mid; } if (mid == 0 || !target_class) { mrb_value exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (target_class->flags & MRB_FL_CLASS_IS_PREPENDED) { target_class = mrb_vm_ci_target_class(ci); } else if (target_class->tt == MRB_TT_MODULE) { target_class = mrb_vm_ci_target_class(ci); if (!target_class || target_class->tt != MRB_TT_ICLASS) { goto super_typeerror; } } recv = regs[0]; if (!mrb_obj_is_kind_of(mrb, recv, target_class)) { super_typeerror: ; mrb_value exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""self has wrong type to call super in this context""); mrb_exc_set(mrb, exc); goto L_RAISE; } ARGUMENT_NORMALIZE(a, &b, OP_SUPER); cls = target_class->super; m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &b, blk, 1); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, b); ci->stack[0] = recv; if (MRB_METHOD_CFUNC_P(m)) { mrb_value v; if (MRB_METHOD_PROC_P(m)) { mrb_vm_ci_proc_set(ci, MRB_METHOD_PROC(m)); } v = MRB_METHOD_CFUNC(m)(mrb, recv); mrb_gc_arena_restore(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; mrb_assert(!mrb_break_p(v)); if (!mrb_vm_ci_target_class(ci)) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return v; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } mrb->c->ci->stack[0] = v; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } JUMP; } CASE(OP_ARGARY, BS) { mrb_int m1 = (b>>11)&0x3f; mrb_int r = (b>>10)&0x1; mrb_int m2 = (b>>5)&0x1f; mrb_int kd = (b>>4)&0x1; mrb_int lv = (b>>0)&0xf; mrb_value *stack; if (mrb->c->ci->mid == 0 || mrb_vm_ci_target_class(mrb->c->ci) == NULL) { mrb_value exc; L_NOSUPER: exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e) goto L_NOSUPER; if (MRB_ENV_LEN(e) <= m1+r+m2+1) goto L_NOSUPER; stack = e->stack + 1; } if (r == 0) { regs[a] = mrb_ary_new_from_values(mrb, m1+m2, stack); } else { mrb_value *pp = NULL; struct RArray *rest; mrb_int len = 0; if (mrb_array_p(stack[m1])) { struct RArray *ary = mrb_ary_ptr(stack[m1]); pp = ARY_PTR(ary); len = ARY_LEN(ary); } regs[a] = mrb_ary_new_capa(mrb, m1+len+m2); rest = mrb_ary_ptr(regs[a]); if (m1 > 0) { stack_copy(ARY_PTR(rest), stack, m1); } if (len > 0) { stack_copy(ARY_PTR(rest)+m1, pp, len); } if (m2 > 0) { stack_copy(ARY_PTR(rest)+m1+len, stack+m1+1, m2); } ARY_SET_LEN(rest, m1+len+m2); } if (kd) { regs[a+1] = stack[m1+r+m2]; regs[a+2] = stack[m1+r+m2+1]; } else { regs[a+1] = stack[m1+r+m2]; } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ENTER, W) { mrb_int m1 = MRB_ASPEC_REQ(a); mrb_int o = MRB_ASPEC_OPT(a); mrb_int r = MRB_ASPEC_REST(a); mrb_int m2 = MRB_ASPEC_POST(a); mrb_int kd = (MRB_ASPEC_KEY(a) > 0 || MRB_ASPEC_KDICT(a))? 1 : 0; mrb_int const len = m1 + o + r + m2; mrb_callinfo *ci = mrb->c->ci; mrb_int argc = ci->n; mrb_value *argv = regs+1; mrb_value * const argv0 = argv; mrb_int const kw_pos = len + kd; mrb_int const blk_pos = kw_pos + 1; mrb_value blk = regs[mrb_ci_bidx(ci)]; mrb_value kdict = mrb_nil_value(); if (ci->nk > 0) { mrb_int kidx = mrb_ci_kidx(ci); kdict = regs[kidx]; if (!mrb_hash_p(kdict) || mrb_hash_size(mrb, kdict) == 0) { kdict = mrb_nil_value(); ci->nk = 0; } } if (!kd && !mrb_nil_p(kdict)) { if (argc < 14) { ci->n++; argc++; } else if (argc == 14) { regs[1] = mrb_ary_new_from_values(mrb, argc+1, ®s[1]); argc = ci->n = 15; } else { mrb_ary_push(mrb, regs[1], regs[2]); } ci->nk = 0; } if (kd && MRB_ASPEC_KEY(a) > 0 && mrb_hash_p(kdict)) { kdict = mrb_hash_dup(mrb, kdict); } if (argc == 15) { struct RArray *ary = mrb_ary_ptr(regs[1]); argv = ARY_PTR(ary); argc = (int)ARY_LEN(ary); mrb_gc_protect(mrb, regs[1]); } if (ci->proc && MRB_PROC_STRICT_P(ci->proc)) { if (argc < m1 + m2 || (r == 0 && argc > len)) { argnum_error(mrb, m1+m2); goto L_RAISE; } } else if (len > 1 && argc == 1 && mrb_array_p(argv[0])) { mrb_gc_protect(mrb, argv[0]); argc = (int)RARRAY_LEN(argv[0]); argv = RARRAY_PTR(argv[0]); } mrb_value rest = mrb_nil_value(); if (argc < len) { mrb_int mlen = m2; if (argc < m1+m2) { mlen = m1 < argc ? argc - m1 : 0; } if (argv0 != argv && argv) { value_move(®s[1], argv, argc-mlen); } if (argc < m1) { stack_clear(®s[argc+1], m1-argc); } if (mlen) { value_move(®s[len-m2+1], &argv[argc-mlen], mlen); } if (mlen < m2) { stack_clear(®s[len-m2+mlen+1], m2-mlen); } if (r) { rest = mrb_ary_new_capa(mrb, 0); regs[m1+o+1] = rest; } if (o > 0 && argc > m1+m2) pc += (argc - m1 - m2)*3; } else { mrb_int rnum = 0; if (argv0 != argv) { value_move(®s[1], argv, m1+o); } if (r) { rnum = argc-m1-o-m2; rest = mrb_ary_new_from_values(mrb, rnum, argv+m1+o); regs[m1+o+1] = rest; } if (m2 > 0 && argc-m2 > m1) { value_move(®s[m1+o+r+1], &argv[m1+o+rnum], m2); } pc += o*3; } regs[blk_pos] = blk; if (kd) { if (mrb_nil_p(kdict)) kdict = mrb_hash_new_capa(mrb, 0); regs[kw_pos] = kdict; } mrb->c->ci->n = (uint8_t)len; if (irep->nlocals-blk_pos-1 > 0) { stack_clear(®s[blk_pos+1], irep->nlocals-blk_pos-1); } JUMP; } CASE(OP_KARG, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict, v; if (kidx < 0 || !mrb_hash_p(kdict=regs[kidx]) || !mrb_hash_key_p(mrb, kdict, k)) { mrb_value str = mrb_format(mrb, ""missing keyword: %v"", k); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } v = mrb_hash_get(mrb, kdict, k); regs[a] = v; mrb_hash_delete_key(mrb, kdict, k); NEXT; } CASE(OP_KEY_P, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; mrb_bool key_p = FALSE; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx])) { key_p = mrb_hash_key_p(mrb, kdict, k); } regs[a] = mrb_bool_value(key_p); NEXT; } CASE(OP_KEYEND, Z) { mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx]) && !mrb_hash_empty_p(mrb, kdict)) { mrb_value keys = mrb_hash_keys(mrb, kdict); mrb_value key1 = RARRAY_PTR(keys)[0]; mrb_value str = mrb_format(mrb, ""unknown keyword: %v"", key1); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } NEXT; } CASE(OP_BREAK, B) { c = OP_R_BREAK; goto L_RETURN; } CASE(OP_RETURN_BLK, B) { c = OP_R_RETURN; goto L_RETURN; } CASE(OP_RETURN, B) c = OP_R_NORMAL; L_RETURN: { mrb_callinfo *ci; ci = mrb->c->ci; if (ci->mid) { mrb_value blk = regs[mrb_ci_bidx(ci)]; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p) && ci > mrb->c->cibase && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } } if (mrb->exc) { L_RAISE: ci = mrb->c->ci; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) goto L_FTOP; goto L_CATCH; } while ((ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL)) == NULL) { ci = cipop(mrb); if (ci[1].cci == CINFO_SKIP && prev_jmp) { mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } pc = ci[0].pc; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) { L_FTOP: if (mrb->c == mrb->root_c) { mrb->c->ci->stack = mrb->c->stbase; goto L_STOP; } else { struct mrb_context *c = mrb->c; c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; c->prev = NULL; goto L_RAISE; } } break; } } L_CATCH: if (ch == NULL) goto L_STOP; if (FALSE) { L_CATCH_TAGGED_BREAK: ci = mrb->c->ci; } proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); pc = irep->iseq + mrb_irep_catch_handler_unpack(ch->target); } else { mrb_int acc; mrb_value v; ci = mrb->c->ci; v = regs[a]; mrb_gc_protect(mrb, v); switch (c) { case OP_R_RETURN: if (ci->cci == CINFO_NONE && MRB_PROC_ENV_P(proc) && !MRB_PROC_STRICT_P(proc)) { const struct RProc *dst; mrb_callinfo *cibase; cibase = mrb->c->cibase; dst = top_proc(mrb, proc); if (MRB_PROC_ENV_P(dst)) { struct REnv *e = MRB_PROC_ENV(dst); if (!MRB_ENV_ONSTACK_P(e) || (e->cxt && e->cxt != mrb->c)) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } } while (cibase <= ci && ci->proc != dst) { if (ci->cci > CINFO_NONE) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci--; } if (ci <= cibase) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci = mrb->c->ci; while (cibase <= ci && ci->proc != dst) { CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_BLOCK) { cibase = mrb->c->cibase; dst = top_proc(mrb, proc); } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_BLOCK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_BLOCK, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_BLOCK); ci = cipop(mrb); pc = ci->pc; } proc = ci->proc; mrb->exc = NULL; break; } case OP_R_NORMAL: NORMAL_RETURN: if (ci == mrb->c->cibase) { struct mrb_context *c; c = mrb->c; if (!c->prev) { regs[irep->nlocals] = v; goto CHECKPOINT_LABEL_MAKE(RBREAK_TAG_STOP); } if (!c->vmexec && c->prev->ci == c->prev->cibase) { mrb_value exc = mrb_exc_new_lit(mrb, E_FIBER_ERROR, ""double resume""); mrb_exc_set(mrb, exc); goto L_RAISE; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_TOPLEVEL) { c = mrb->c; } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_TOPLEVEL) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_TOPLEVEL, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_TOPLEVEL); c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; mrb->c->status = MRB_FIBER_RUNNING; c->prev = NULL; if (c->vmexec) { mrb_gc_arena_restore(mrb, ai); c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } ci = mrb->c->ci; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN) { } CHECKPOINT_MAIN(RBREAK_TAG_RETURN) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN); mrb->exc = NULL; break; case OP_R_BREAK: if (MRB_PROC_STRICT_P(proc)) goto NORMAL_RETURN; if (MRB_PROC_ORPHAN_P(proc)) { mrb_value exc; L_BREAK_ERROR: exc = mrb_exc_new_lit(mrb, E_LOCALJUMP_ERROR, ""break from proc-closure""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (!MRB_PROC_ENV_P(proc) || !MRB_ENV_ONSTACK_P(MRB_PROC_ENV(proc))) { goto L_BREAK_ERROR; } else { struct REnv *e = MRB_PROC_ENV(proc); if (e->cxt != mrb->c) { goto L_BREAK_ERROR; } } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK); if (ci == mrb->c->cibase && ci->pc) { struct mrb_context *c = mrb->c; mrb->c = c->prev; c->prev = NULL; ci = mrb->c->ci; } if (ci->cci > CINFO_NONE) { ci = cipop(mrb); mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } if (FALSE) { struct RBreak *brk; L_BREAK: brk = (struct RBreak*)mrb->exc; proc = mrb_break_proc_get(brk); v = mrb_break_value_get(brk); ci = mrb->c->ci; switch (mrb_break_tag_get(brk)) { #define DISPATCH_CHECKPOINTS(n, i) case n: goto CHECKPOINT_LABEL_MAKE(n); RBREAK_TAG_FOREACH(DISPATCH_CHECKPOINTS) #undef DISPATCH_CHECKPOINTS default: mrb_assert(!""wrong break tag""); } } while (mrb->c->cibase < ci && ci[-1].proc != proc->upper) { if (ci[-1].cci == CINFO_SKIP) { goto L_BREAK_ERROR; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_UPPER) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_UPPER) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_UPPER, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_UPPER); ci = cipop(mrb); pc = ci->pc; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_INTARGET) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_INTARGET) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_INTARGET, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_INTARGET); if (ci == mrb->c->cibase) { goto L_BREAK_ERROR; } mrb->exc = NULL; break; default: break; } mrb_assert(ci == mrb->c->ci); mrb_assert(mrb->exc == NULL); if (mrb->c->vmexec && !mrb_vm_ci_target_class(ci)) { mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } acc = ci->cci; ci = cipop(mrb); if (acc == CINFO_SKIP || acc == CINFO_DIRECT) { mrb_gc_arena_restore(mrb, ai); mrb->jmp = prev_jmp; return v; } pc = ci->pc; DEBUG(fprintf(stderr, ""from :%s\n"", mrb_sym_name(mrb, ci->mid))); proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; ci[1].stack[0] = v; mrb_gc_arena_restore(mrb, ai); } JUMP; } CASE(OP_BLKPUSH, BS) { int m1 = (b>>11)&0x3f; int r = (b>>10)&0x1; int m2 = (b>>5)&0x1f; int kd = (b>>4)&0x1; int lv = (b>>0)&0xf; mrb_value *stack; if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e || (!MRB_ENV_ONSTACK_P(e) && e->mid == 0) || MRB_ENV_LEN(e) <= m1+r+m2+1) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } stack = e->stack + 1; } if (mrb_nil_p(stack[m1+r+m2+kd])) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } regs[a] = stack[m1+r+m2+kd]; NEXT; } #if !defined(MRB_USE_BIGINT) || defined(MRB_INT32) L_INT_OVERFLOW: { mrb_value exc = mrb_exc_new_lit(mrb, E_RANGE_ERROR, ""integer overflow""); mrb_exc_set(mrb, exc); } goto L_RAISE; #endif #define TYPES2(a,b) ((((uint16_t)(a))<<8)|(((uint16_t)(b))&0xff)) #define OP_MATH(op_name) \ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { \ OP_MATH_CASE_INTEGER(op_name); \ OP_MATH_CASE_FLOAT(op_name, integer, float); \ OP_MATH_CASE_FLOAT(op_name, float, integer); \ OP_MATH_CASE_FLOAT(op_name, float, float); \ OP_MATH_CASE_STRING_##op_name(); \ default: \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATH_CASE_INTEGER(op_name) \ case TYPES2(MRB_TT_INTEGER, MRB_TT_INTEGER): \ { \ mrb_int x = mrb_integer(regs[a]), y = mrb_integer(regs[a+1]), z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) { \ OP_MATH_OVERFLOW_INT(op_name,x,y); \ } \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATH_CASE_FLOAT(op_name, t1, t2) (void)0 #else #define OP_MATH_CASE_FLOAT(op_name, t1, t2) \ case TYPES2(OP_MATH_TT_##t1, OP_MATH_TT_##t2): \ { \ mrb_float z = mrb_##t1(regs[a]) OP_MATH_OP_##op_name mrb_##t2(regs[a+1]); \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif #ifdef MRB_USE_BIGINT #define OP_MATH_OVERFLOW_INT(op,x,y) regs[a] = mrb_bint_##op##_ii(mrb,x,y) #else #define OP_MATH_OVERFLOW_INT(op,x,y) goto L_INT_OVERFLOW #endif #define OP_MATH_CASE_STRING_add() \ case TYPES2(MRB_TT_STRING, MRB_TT_STRING): \ regs[a] = mrb_str_plus(mrb, regs[a], regs[a+1]); \ mrb_gc_arena_restore(mrb, ai); \ break #define OP_MATH_CASE_STRING_sub() (void)0 #define OP_MATH_CASE_STRING_mul() (void)0 #define OP_MATH_OP_add + #define OP_MATH_OP_sub - #define OP_MATH_OP_mul * #define OP_MATH_TT_integer MRB_TT_INTEGER #define OP_MATH_TT_float MRB_TT_FLOAT CASE(OP_ADD, B) { OP_MATH(add); } CASE(OP_SUB, B) { OP_MATH(sub); } CASE(OP_MUL, B) { OP_MATH(mul); } CASE(OP_DIV, B) { #ifndef MRB_NO_FLOAT mrb_float x, y, f; #endif switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER): { mrb_int x = mrb_integer(regs[a]); mrb_int y = mrb_integer(regs[a+1]); mrb_int div = mrb_div_int(mrb, x, y); SET_INT_VALUE(mrb, regs[a], div); } NEXT; #ifndef MRB_NO_FLOAT case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT): x = (mrb_float)mrb_integer(regs[a]); y = mrb_float(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER): x = mrb_float(regs[a]); y = (mrb_float)mrb_integer(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): x = mrb_float(regs[a]); y = mrb_float(regs[a+1]); break; #endif default: mid = MRB_OPSYM(div); goto L_SEND_SYM; } #ifndef MRB_NO_FLOAT f = mrb_div_float(x, y); SET_FLOAT_VALUE(mrb, regs[a], f); #endif NEXT; } #define OP_MATHI(op_name) \ \ switch (mrb_type(regs[a])) { \ OP_MATHI_CASE_INTEGER(op_name); \ OP_MATHI_CASE_FLOAT(op_name); \ default: \ SET_INT_VALUE(mrb,regs[a+1], b); \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATHI_CASE_INTEGER(op_name) \ case MRB_TT_INTEGER: \ { \ mrb_int x = mrb_integer(regs[a]), y = (mrb_int)b, z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) { \ OP_MATH_OVERFLOW_INT(op_name,x,y); \ } \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATHI_CASE_FLOAT(op_name) (void)0 #else #define OP_MATHI_CASE_FLOAT(op_name) \ case MRB_TT_FLOAT: \ { \ mrb_float z = mrb_float(regs[a]) OP_MATH_OP_##op_name b; \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif CASE(OP_ADDI, BB) { OP_MATHI(add); } CASE(OP_SUBI, BB) { OP_MATHI(sub); } #define OP_CMP_BODY(op,v1,v2) (v1(regs[a]) op v2(regs[a+1])) #ifdef MRB_NO_FLOAT #define OP_CMP(op,sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #else #define OP_CMP(op, sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_float);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_float,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_float,mrb_float);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #endif CASE(OP_EQ, B) { if (mrb_obj_eq(mrb, regs[a], regs[a+1])) { SET_TRUE_VALUE(regs[a]); } else { OP_CMP(==,eq); } NEXT; } CASE(OP_LT, B) { OP_CMP(<,lt); NEXT; } CASE(OP_LE, B) { OP_CMP(<=,le); NEXT; } CASE(OP_GT, B) { OP_CMP(>,gt); NEXT; } CASE(OP_GE, B) { OP_CMP(>=,ge); NEXT; } CASE(OP_ARRAY, BB) { regs[a] = mrb_ary_new_from_values(mrb, b, ®s[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARRAY2, BBB) { regs[a] = mrb_ary_new_from_values(mrb, c, ®s[b]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYCAT, B) { mrb_value splat = mrb_ary_splat(mrb, regs[a+1]); if (mrb_nil_p(regs[a])) { regs[a] = splat; } else { mrb_assert(mrb_array_p(regs[a])); mrb_ary_concat(mrb, regs[a], splat); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYPUSH, BB) { mrb_assert(mrb_array_p(regs[a])); for (mrb_int i=0; i pre + post) { v = mrb_ary_new_from_values(mrb, len - pre - post, ARY_PTR(ary)+pre); regs[a++] = v; while (post--) { regs[a++] = ARY_PTR(ary)[len-post-1]; } } else { v = mrb_ary_new_capa(mrb, 0); regs[a++] = v; for (idx=0; idx+pre> 2; if (pool[b].tt & IREP_TT_SFLAG) { sym = mrb_intern_static(mrb, pool[b].u.str, len); } else { sym = mrb_intern(mrb, pool[b].u.str, len); } regs[a] = mrb_symbol_value(sym); NEXT; } CASE(OP_STRING, BB) { mrb_int len; mrb_assert((pool[b].tt&IREP_TT_NFLAG)==0); len = pool[b].tt >> 2; if (pool[b].tt & IREP_TT_SFLAG) { regs[a] = mrb_str_new_static(mrb, pool[b].u.str, len); } else { regs[a] = mrb_str_new(mrb, pool[b].u.str, len); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_STRCAT, B) { mrb_assert(mrb_string_p(regs[a])); mrb_str_concat(mrb, regs[a], regs[a+1]); NEXT; } CASE(OP_HASH, BB) { mrb_value hash = mrb_hash_new_capa(mrb, b); int i; int lim = a+b*2; for (i=a; ireps[b]; if (c & OP_L_CAPTURE) { p = mrb_closure_new(mrb, nirep); } else { p = mrb_proc_new(mrb, nirep); p->flags |= MRB_PROC_SCOPE; } if (c & OP_L_STRICT) p->flags |= MRB_PROC_STRICT; regs[a] = mrb_obj_value(p); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_BLOCK, BB) { c = OP_L_BLOCK; goto L_MAKE_LAMBDA; } CASE(OP_METHOD, BB) { c = OP_L_METHOD; goto L_MAKE_LAMBDA; } CASE(OP_RANGE_INC, B) { mrb_value v = mrb_range_new(mrb, regs[a], regs[a+1], FALSE); regs[a] = v; mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_RANGE_EXC, B) { mrb_value v = mrb_range_new(mrb, regs[a], regs[a+1], TRUE); regs[a] = v; mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_OCLASS, B) { regs[a] = mrb_obj_value(mrb->object_class); NEXT; } CASE(OP_CLASS, BB) { struct RClass *c = 0, *baseclass; mrb_value base, super; mrb_sym id = syms[b]; base = regs[a]; super = regs[a+1]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } c = mrb_vm_define_class(mrb, base, super, id); regs[a] = mrb_obj_value(c); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_MODULE, BB) { struct RClass *cls = 0, *baseclass; mrb_value base; mrb_sym id = syms[b]; base = regs[a]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } cls = mrb_vm_define_module(mrb, base, id); regs[a] = mrb_obj_value(cls); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_EXEC, BB) { mrb_value recv = regs[a]; struct RProc *p; const mrb_irep *nirep = irep->reps[b]; p = mrb_proc_new(mrb, nirep); p->c = NULL; mrb_field_write_barrier(mrb, (struct RBasic*)p, (struct RBasic*)proc); MRB_PROC_SET_TARGET_CLASS(p, mrb_class_ptr(recv)); p->flags |= MRB_PROC_SCOPE; cipush(mrb, a, 0, mrb_class_ptr(recv), p, 0, 0); irep = p->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+1, irep->nregs-1); pc = irep->iseq; JUMP; } CASE(OP_DEF, BB) { struct RClass *target = mrb_class_ptr(regs[a]); struct RProc *p = mrb_proc_ptr(regs[a+1]); mrb_method_t m; mrb_sym mid = syms[b]; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, target, mid, m); mrb_method_added(mrb, target, mid); mrb_gc_arena_restore(mrb, ai); regs[a] = mrb_symbol_value(mid); NEXT; } CASE(OP_SCLASS, B) { regs[a] = mrb_singleton_class(mrb, regs[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_TCLASS, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; regs[a] = mrb_obj_value(target); NEXT; } CASE(OP_ALIAS, BB) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_alias_method(mrb, target, syms[a], syms[b]); mrb_method_added(mrb, target, syms[a]); NEXT; } CASE(OP_UNDEF, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_undef_method_id(mrb, target, syms[a]); NEXT; } CASE(OP_DEBUG, Z) { FETCH_BBB(); #ifdef MRB_USE_DEBUG_HOOK mrb->debug_op_hook(mrb, irep, pc, regs); #else #ifndef MRB_NO_STDIO printf(""OP_DEBUG %d %d %d\n"", a, b, c); #else abort(); #endif #endif NEXT; } CASE(OP_ERR, B) { size_t len = pool[a].tt >> 2; mrb_value exc; mrb_assert((pool[a].tt&IREP_TT_NFLAG)==0); exc = mrb_exc_new(mrb, E_LOCALJUMP_ERROR, pool[a].u.str, len); mrb_exc_set(mrb, exc); goto L_RAISE; } CASE(OP_EXT1, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _1(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT2, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _2(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT3, Z) { uint8_t insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _3(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_STOP, Z) { CHECKPOINT_RESTORE(RBREAK_TAG_STOP) { } CHECKPOINT_MAIN(RBREAK_TAG_STOP) { UNWIND_ENSURE(mrb, mrb->c->ci, pc, RBREAK_TAG_STOP, proc, mrb_nil_value()); } CHECKPOINT_END(RBREAK_TAG_STOP); L_STOP: mrb->jmp = prev_jmp; if (mrb->exc) { mrb_assert(mrb->exc->tt == MRB_TT_EXCEPTION); return mrb_obj_value(mrb->exc); } return regs[irep->nlocals]; } } END_DISPATCH; #undef regs } MRB_CATCH(&c_jmp) { mrb_callinfo *ci = mrb->c->ci; while (ci > mrb->c->cibase && ci->cci == CINFO_DIRECT) { ci = cipop(mrb); } exc_catched = TRUE; pc = ci->pc; goto RETRY_TRY_BLOCK; } MRB_END_EXC(&c_jmp); }",visit repo url,src/vm.c,https://github.com/mruby/mruby,121415412723368,1 1275,[],"m4_debugfile (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 1, 2)) return; if (argc == 1) debug_set_output (NULL); else if (!debug_set_output (ARG (1))) M4ERROR ((warning_status, errno, ""cannot set error file: `%s'"", ARG (1))); }",m4,,,6931456144742451265368224484409508389,0 6528,CWE-125,"static MOBI_RET mobi_parse_index_entry(MOBIIndx *indx, const MOBIIdxt idxt, const MOBITagx *tagx, const MOBIOrdt *ordt, MOBIBuffer *buf, const size_t curr_number) { if (indx == NULL) { debug_print(""%s"", ""INDX structure not initialized\n""); return MOBI_INIT_FAILED; } const size_t entry_offset = indx->entries_count; const size_t entry_length = idxt.offsets[curr_number + 1] - idxt.offsets[curr_number]; mobi_buffer_setpos(buf, idxt.offsets[curr_number]); size_t entry_number = curr_number + entry_offset; if (entry_number >= indx->total_entries_count) { debug_print(""Entry number beyond array: %zu\n"", entry_number); return MOBI_DATA_CORRUPT; } const size_t buf_maxlen = buf->maxlen; if (buf->offset + entry_length >= buf_maxlen) { debug_print(""Entry length too long: %zu\n"", entry_length); return MOBI_DATA_CORRUPT; } buf->maxlen = buf->offset + entry_length; size_t label_length = mobi_buffer_get8(buf); if (label_length > entry_length) { debug_print(""Label length too long: %zu\n"", label_length); return MOBI_DATA_CORRUPT; } char text[INDX_LABEL_SIZEMAX]; if (ordt->ordt2) { label_length = mobi_getstring_ordt(ordt, buf, (unsigned char*) text, label_length); } else { label_length = mobi_indx_get_label((unsigned char*) text, buf, label_length, indx->ligt_entries_count); } indx->entries[entry_number].label = malloc(label_length + 1); if (indx->entries[entry_number].label == NULL) { debug_print(""Memory allocation failed (%zu bytes)\n"", label_length); return MOBI_MALLOC_FAILED; } strncpy(indx->entries[entry_number].label, text, label_length + 1); unsigned char *control_bytes; control_bytes = buf->data + buf->offset; mobi_buffer_seek(buf, (int) tagx->control_byte_count); indx->entries[entry_number].tags_count = 0; indx->entries[entry_number].tags = NULL; if (tagx->tags_count > 0) { typedef struct { uint8_t tag; uint8_t tag_value_count; uint32_t value_count; uint32_t value_bytes; } MOBIPtagx; MOBIPtagx *ptagx = malloc(tagx->tags_count * sizeof(MOBIPtagx)); if (ptagx == NULL) { debug_print(""Memory allocation failed (%zu bytes)\n"", tagx->tags_count * sizeof(MOBIPtagx)); return MOBI_MALLOC_FAILED; } uint32_t ptagx_count = 0; size_t len; size_t i = 0; while (i < tagx->tags_count) { if (tagx->tags[i].control_byte == 1) { control_bytes++; i++; continue; } uint32_t value = control_bytes[0] & tagx->tags[i].bitmask; if (value != 0) { uint32_t value_count = MOBI_NOTSET; uint32_t value_bytes = MOBI_NOTSET; if (value == tagx->tags[i].bitmask) { if (mobi_bitcount(tagx->tags[i].bitmask) > 1) { len = 0; value_bytes = mobi_buffer_get_varlen(buf, &len); } else { value_count = 1; } } else { uint8_t mask = tagx->tags[i].bitmask; while ((mask & 1) == 0) { mask >>= 1; value >>= 1; } value_count = value; } ptagx[ptagx_count].tag = tagx->tags[i].tag; ptagx[ptagx_count].tag_value_count = tagx->tags[i].values_count; ptagx[ptagx_count].value_count = value_count; ptagx[ptagx_count].value_bytes = value_bytes; ptagx_count++; } i++; } indx->entries[entry_number].tags = malloc(tagx->tags_count * sizeof(MOBIIndexTag)); if (indx->entries[entry_number].tags == NULL) { debug_print(""Memory allocation failed (%zu bytes)\n"", tagx->tags_count * sizeof(MOBIIndexTag)); free(ptagx); return MOBI_MALLOC_FAILED; } i = 0; while (i < ptagx_count) { uint32_t tagvalues_count = 0; uint32_t tagvalues[INDX_TAGVALUES_MAX]; if (ptagx[i].value_count != MOBI_NOTSET) { size_t count = ptagx[i].value_count * ptagx[i].tag_value_count; while (count-- && tagvalues_count < INDX_TAGVALUES_MAX) { len = 0; const uint32_t value_bytes = mobi_buffer_get_varlen(buf, &len); tagvalues[tagvalues_count++] = value_bytes; } } else { len = 0; while (len < ptagx[i].value_bytes && tagvalues_count < INDX_TAGVALUES_MAX) { const uint32_t value_bytes = mobi_buffer_get_varlen(buf, &len); tagvalues[tagvalues_count++] = value_bytes; } } if (tagvalues_count) { const size_t arr_size = tagvalues_count * sizeof(*indx->entries[entry_number].tags[i].tagvalues); indx->entries[entry_number].tags[i].tagvalues = malloc(arr_size); if (indx->entries[entry_number].tags[i].tagvalues == NULL) { debug_print(""Memory allocation failed (%zu bytes)\n"", arr_size); free(ptagx); return MOBI_MALLOC_FAILED; } memcpy(indx->entries[entry_number].tags[i].tagvalues, tagvalues, arr_size); } else { indx->entries[entry_number].tags[i].tagvalues = NULL; } indx->entries[entry_number].tags[i].tagid = ptagx[i].tag; indx->entries[entry_number].tags[i].tagvalues_count = tagvalues_count; indx->entries[entry_number].tags_count++; i++; } free(ptagx); } buf->maxlen = buf_maxlen; return MOBI_SUCCESS; }",visit repo url,src/index.c,https://github.com/bfabiszewski/libmobi,780183906724,1 345,['CWE-20'],"static inline unsigned long get_stack_long(struct task_struct *task, int offset) { unsigned char *stack; stack = (unsigned char *)task->thread.rsp0; stack += offset; return (*((unsigned long *)stack)); }",linux-2.6,,,251693473340809768163077332518398514950,0 3677,CWE-787,"hb_set_clear (hb_set_t *set) { if (unlikely (hb_object_is_immutable (set))) return; set->clear (); }",visit repo url,src/hb-set.cc,https://github.com/harfbuzz/harfbuzz,266965086952504,1 993,CWE-20,"struct inode *isofs_iget(struct super_block *sb, unsigned long block, unsigned long offset) { unsigned long hashval; struct inode *inode; struct isofs_iget5_callback_data data; long ret; if (offset >= 1ul << sb->s_blocksize_bits) return ERR_PTR(-EINVAL); data.block = block; data.offset = offset; hashval = (block << sb->s_blocksize_bits) | offset; inode = iget5_locked(sb, hashval, &isofs_iget5_test, &isofs_iget5_set, &data); if (!inode) return ERR_PTR(-ENOMEM); if (inode->i_state & I_NEW) { ret = isofs_read_inode(inode); if (ret < 0) { iget_failed(inode); inode = ERR_PTR(ret); } else { unlock_new_inode(inode); } } return inode; }",visit repo url,fs/isofs/inode.c,https://github.com/torvalds/linux,73817153675940,1 3759,[],"static void unix_state_double_lock(struct sock *sk1, struct sock *sk2) { if (unlikely(sk1 == sk2) || !sk2) { unix_state_lock(sk1); return; } if (sk1 < sk2) { unix_state_lock(sk1); unix_state_lock_nested(sk2); } else { unix_state_lock(sk2); unix_state_lock_nested(sk1); } }",linux-2.6,,,27686759701784998720313455088616195515,0 4811,['CWE-399'],"inotify_dev_get_last_event(struct inotify_device *dev) { if (list_empty(&dev->events)) return NULL; return list_entry(dev->events.prev, struct inotify_kernel_event, list); }",linux-2.6,,,112655674781071653145808901174808280418,0 4987,CWE-190,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 1401,[],"static void set_curr_task_fair(struct rq *rq) { struct sched_entity *se = &rq->curr->se; for_each_sched_entity(se) set_next_entity(cfs_rq_of(se), se); }",linux-2.6,,,199530578607555394302555582346043245771,0 1501,CWE-119,"get_matching_model_microcode(int cpu, unsigned long start, void *data, size_t size, struct mc_saved_data *mc_saved_data, unsigned long *mc_saved_in_initrd, struct ucode_cpu_info *uci) { u8 *ucode_ptr = data; unsigned int leftover = size; enum ucode_state state = UCODE_OK; unsigned int mc_size; struct microcode_header_intel *mc_header; struct microcode_intel *mc_saved_tmp[MAX_UCODE_COUNT]; unsigned int mc_saved_count = mc_saved_data->mc_saved_count; int i; while (leftover) { mc_header = (struct microcode_header_intel *)ucode_ptr; mc_size = get_totalsize(mc_header); if (!mc_size || mc_size > leftover || microcode_sanity_check(ucode_ptr, 0) < 0) break; leftover -= mc_size; if (matching_model_microcode(mc_header, uci->cpu_sig.sig) != UCODE_OK) { ucode_ptr += mc_size; continue; } _save_mc(mc_saved_tmp, ucode_ptr, &mc_saved_count); ucode_ptr += mc_size; } if (leftover) { state = UCODE_ERROR; goto out; } if (mc_saved_count == 0) { state = UCODE_NFOUND; goto out; } for (i = 0; i < mc_saved_count; i++) mc_saved_in_initrd[i] = (unsigned long)mc_saved_tmp[i] - start; mc_saved_data->mc_saved_count = mc_saved_count; out: return state; }",visit repo url,arch/x86/kernel/cpu/microcode/intel_early.c,https://github.com/torvalds/linux,150251384890185,1 2515,['CWE-119'],"void mark_tree_uninteresting(struct tree *tree) { struct tree_desc desc; struct name_entry entry; struct object *obj = &tree->object; if (!tree) return; if (obj->flags & UNINTERESTING) return; obj->flags |= UNINTERESTING; if (!has_sha1_file(obj->sha1)) return; if (parse_tree(tree) < 0) die(""bad tree %s"", sha1_to_hex(obj->sha1)); init_tree_desc(&desc, tree->buffer, tree->size); while (tree_entry(&desc, &entry)) { switch (object_type(entry.mode)) { case OBJ_TREE: mark_tree_uninteresting(lookup_tree(entry.sha1)); break; case OBJ_BLOB: mark_blob_uninteresting(lookup_blob(entry.sha1)); break; default: break; } } free(tree->buffer); tree->buffer = NULL; }",git,,,276159524926732884772163003217458545587,0 3512,['CWE-20'],"struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, const struct msghdr *msg, size_t paylen) { struct sctp_chunk *retval; void *payload = NULL; int err; retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); if (!retval) goto err_chunk; if (paylen) { payload = kmalloc(paylen, GFP_KERNEL); if (!payload) goto err_payload; err = memcpy_fromiovec(payload, msg->msg_iov, paylen); if (err < 0) goto err_copy; } sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); sctp_addto_chunk(retval, paylen, payload); if (paylen) kfree(payload); return retval; err_copy: kfree(payload); err_payload: sctp_chunk_free(retval); retval = NULL; err_chunk: return retval; }",linux-2.6,,,315756456851145695892539122379577121574,0 4341,['CWE-119'],"static void ima_adpcm_run_pull (_AFmoduleinst *module) { ima_adpcm_data *d = (ima_adpcm_data *) module->modspec; AFframecount frames2read = module->outc->nframes; AFframecount nframes = 0; int framesPerBlock = d->framesPerBlock; assert(module->outc->nframes % framesPerBlock == 0); int blockCount = module->outc->nframes / framesPerBlock; ssize_t blocksRead = af_fread(module->inc->buf, d->blockAlign, blockCount, d->fh); if (blocksRead < 0) { if (d->track->filemodhappy) { _af_error(AF_BAD_READ, ""file missing data""); d->track->filemodhappy = AF_FALSE; } } if (blocksRead < blockCount) blockCount = blocksRead; for (int i=0; iinc->buf + i * d->blockAlign, (int16_t *) module->outc->buf + i * d->framesPerBlock * d->track->f.channelCount); nframes += framesPerBlock; } d->track->nextfframe += nframes; if (blocksRead > 0) d->track->fpos_next_frame += blocksRead * d->blockAlign; assert(af_ftell(d->fh) == d->track->fpos_next_frame); if (d->track->totalfframes != -1 && nframes != frames2read) { if (d->track->filemodhappy) { _af_error(AF_BAD_READ, ""file missing data -- read %d frames, should be %d"", d->track->nextfframe, d->track->totalfframes); d->track->filemodhappy = AF_FALSE; } } module->outc->nframes = nframes; }",audiofile,,,35897382806416532068171908702847472318,0 5544,[],"static int sig_task_ignored(struct task_struct *t, int sig, int from_ancestor_ns) { void __user *handler; handler = sig_handler(t, sig); if (unlikely(t->signal->flags & SIGNAL_UNKILLABLE) && handler == SIG_DFL && !from_ancestor_ns) return 1; return sig_handler_ignored(handler, sig); }",linux-2.6,,,70678717865959857151042430906730634098,0 1654,NVD-CWE-Other,"int iwch_cxgb3_ofld_send(struct t3cdev *tdev, struct sk_buff *skb) { int error = 0; struct cxio_rdev *rdev; rdev = (struct cxio_rdev *)tdev->ulp; if (cxio_fatal_error(rdev)) { kfree_skb(skb); return -EIO; } error = cxgb3_ofld_send(tdev, skb); if (error < 0) kfree_skb(skb); return error; }",visit repo url,drivers/infiniband/hw/cxgb3/iwch_cm.c,https://github.com/torvalds/linux,55525415379489,1 6015,CWE-415,"static void cancel_att_send_op(struct att_send_op *op) { if (op->destroy) op->destroy(op->user_data); op->user_data = NULL; op->callback = NULL; op->destroy = NULL; }",visit repo url,src/shared/att.c,https://github.com/bluez/bluez,227840710201289,1 6663,CWE-787,"int main(int argc, char *argv[]) { bool lrzcat = false, compat = false, recurse = false; bool options_file = false, conf_file_compression_set = false; struct timeval start_time, end_time; struct sigaction handler; double seconds,total_time; bool nice_set = false; int c, i; int hours,minutes; extern int optind; char *eptr, *av; char *endptr = NULL; control = &base_control; initialise_control(control); av = basename(argv[0]); if (!strcmp(av, ""lrunzip"")) control->flags |= FLAG_DECOMPRESS; else if (!strcmp(av, ""lrzcat"")) { control->flags |= FLAG_DECOMPRESS | FLAG_STDOUT; lrzcat = true; } else if (!strcmp(av, ""lrz"")) { control->flags &= ~FLAG_SHOW_PROGRESS; control->flags &= ~FLAG_KEEP_FILES; compat = true; long_options[1].name = ""stdout""; long_options[11].name = ""keep""; } CrcGenerateTable(); eptr = getenv(""LRZIP""); if (eptr == NULL) options_file = read_config(control); else if (!strstr(eptr,""NOCONFIG"")) options_file = read_config(control); if (options_file && (control->flags & FLAG_NOT_LZMA)) conf_file_compression_set = true; while ((c = getopt_long(argc, argv, compat ? coptions : loptions, long_options, &i)) != -1) { switch (c) { case 'b': case 'g': case 'l': case 'n': case 'z': if ((control->flags & FLAG_NOT_LZMA) && conf_file_compression_set == false) failure(""Can only use one of -l, -b, -g, -z or -n\n""); control->flags &= ~FLAG_NOT_LZMA; if (c == 'b') control->flags |= FLAG_BZIP2_COMPRESS; else if (c == 'g') control->flags |= FLAG_ZLIB_COMPRESS; else if (c == 'l') control->flags |= FLAG_LZO_COMPRESS; else if (c == 'n') control->flags |= FLAG_NO_COMPRESS; else if (c == 'z') control->flags |= FLAG_ZPAQ_COMPRESS; conf_file_compression_set = false; break; case '/': control->flags &= ~FLAG_NOT_LZMA; break; case 'c': if (compat) { control->flags |= FLAG_KEEP_FILES; set_stdout(control); break; } case 'C': control->flags |= FLAG_CHECK; control->flags |= FLAG_HASH; break; case 'd': control->flags |= FLAG_DECOMPRESS; break; case 'D': control->flags &= ~FLAG_KEEP_FILES; break; case 'e': control->flags |= FLAG_ENCRYPT; control->passphrase = optarg; break; case 'f': control->flags |= FLAG_FORCE_REPLACE; break; case 'h': usage(compat); exit(0); break; case 'H': control->flags |= FLAG_HASH; break; case 'i': control->flags |= FLAG_INFO; control->flags &= ~FLAG_DECOMPRESS; break; case 'k': if (compat) { control->flags |= FLAG_KEEP_FILES; break; } case 'K': control->flags |= FLAG_KEEP_BROKEN; break; case 'L': if (compat) { license(); exit(0); } control->compression_level = strtol(optarg, &endptr, 10); if (control->compression_level < 1 || control->compression_level > 9) failure(""Invalid compression level (must be 1-9)\n""); if (*endptr) failure(""Extra characters after compression level: \'%s\'\n"", endptr); break; case 'm': control->ramsize = strtol(optarg, &endptr, 10) * 1024 * 1024 * 100; if (*endptr) failure(""Extra characters after ramsize: \'%s\'\n"", endptr); break; case 'N': nice_set = true; control->nice_val = strtol(optarg, &endptr, 10); if (control->nice_val < PRIO_MIN || control->nice_val > PRIO_MAX) failure(""Invalid nice value (must be %d...%d)\n"", PRIO_MIN, PRIO_MAX); if (*endptr) failure(""Extra characters after nice level: \'%s\'\n"", endptr); break; case 'o': if (control->outdir) failure(""Cannot have -o and -O together\n""); if (unlikely(STDOUT)) failure(""Cannot specify an output filename when outputting to stdout\n""); control->outname = optarg; control->suffix = """"; break; case 'O': if (control->outname) failure(""Cannot have options -o and -O together\n""); if (unlikely(STDOUT)) failure(""Cannot specify an output directory when outputting to stdout\n""); control->outdir = malloc(strlen(optarg) + 2); if (control->outdir == NULL) fatal(""Failed to allocate for outdir\n""); strcpy(control->outdir,optarg); if (strcmp(optarg+strlen(optarg) - 1, ""/"")) strcat(control->outdir, ""/""); break; case 'p': control->threads = strtol(optarg, &endptr, 10); if (control->threads < 1) failure(""Must have at least one thread\n""); if (*endptr) failure(""Extra characters after number of threads: \'%s\'\n"", endptr); break; case 'P': control->flags |= FLAG_SHOW_PROGRESS; break; case 'q': control->flags &= ~FLAG_SHOW_PROGRESS; break; case 'r': recurse = true; break; case 'S': if (control->outname) failure(""Specified output filename already, can't specify an extension.\n""); if (unlikely(STDOUT)) failure(""Cannot specify a filename suffix when outputting to stdout\n""); control->suffix = optarg; break; case 't': if (control->outname) failure(""Cannot specify an output file name when just testing.\n""); if (compat) control->flags |= FLAG_KEEP_FILES; if (!KEEP_FILES) failure(""Doubt that you want to delete a file when just testing.\n""); control->flags |= FLAG_TEST_ONLY; break; case 'T': control->flags &= ~FLAG_THRESHOLD; break; case 'U': control->flags |= FLAG_UNLIMITED; break; case 'v': if (!(control->flags & FLAG_SHOW_PROGRESS)) control->flags |= FLAG_SHOW_PROGRESS; else if (!(control->flags & FLAG_VERBOSITY) && !(control->flags & FLAG_VERBOSITY_MAX)) control->flags |= FLAG_VERBOSITY; else if ((control->flags & FLAG_VERBOSITY)) { control->flags &= ~FLAG_VERBOSITY; control->flags |= FLAG_VERBOSITY_MAX; } break; case 'V': control->msgout = stdout; print_output(""lrzip version %s\n"", PACKAGE_VERSION); exit(0); break; case 'w': control->window = strtol(optarg, &endptr, 10); if (control->window < 1) failure(""Window must be positive\n""); if (*endptr) failure(""Extra characters after window size: \'%s\'\n"", endptr); break; case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': control->compression_level = c - '0'; break; default: usage(compat); return 2; } } argc -= optind; argv += optind; if (control->outname) { if (argc > 1) failure(""Cannot specify output filename with more than 1 file\n""); if (recurse) failure(""Cannot specify output filename with recursive\n""); } if (VERBOSE && !SHOW_PROGRESS) { print_err(""Cannot have -v and -q options. -v wins.\n""); control->flags |= FLAG_SHOW_PROGRESS; } if (UNLIMITED && control->window) { print_err(""If -U used, cannot specify a window size with -w.\n""); control->window = 0; } if (argc < 1) control->flags |= FLAG_STDIN; if (UNLIMITED && STDIN) { print_err(""Cannot have -U and stdin, unlimited mode disabled.\n""); control->flags &= ~FLAG_UNLIMITED; } setup_overhead(control); control->current_priority = getpriority(PRIO_PROCESS, 0); if (nice_set) { if (!NO_COMPRESS) { if (unlikely(setpriority(PRIO_PROCESS, 0, control->nice_val/2) == -1)) { print_err(""Warning, unable to set nice value %d...Resetting to %d\n"", control->nice_val, control->current_priority); setpriority(PRIO_PROCESS, 0, (control->nice_val=control->current_priority)); } } else { if (unlikely(setpriority(PRIO_PROCESS, 0, control->nice_val) == -1)) { print_err(""Warning, unable to set nice value %d...Resetting to %d\n"", control->nice_val, control->current_priority); setpriority(PRIO_PROCESS, 0, (control->nice_val=control->current_priority)); } } } for (i = 0; i <= argc; i++) { char *dirlist = NULL, *infile = NULL; int direntries = 0, curentry = 0; if (i < argc) infile = argv[i]; else if (!(i == 0 && STDIN)) break; if (infile) { if ((strcmp(infile, ""-"") == 0)) control->flags |= FLAG_STDIN; else { bool isdir = false; struct stat istat; if (unlikely(stat(infile, &istat))) failure(""Failed to stat %s\n"", infile); isdir = S_ISDIR(istat.st_mode); if (!recurse && (isdir || !S_ISREG(istat.st_mode))) { failure(""lrzip only works directly on regular FILES.\n"" ""Use -r recursive, lrztar or pipe through tar for compressing directories.\n""); } if (recurse && !isdir) failure(""%s not a directory, -r recursive needs a directory\n"", infile); } } if (recurse) { if (unlikely(STDIN || STDOUT)) failure(""Cannot use -r recursive with STDIO\n""); recurse_dirlist(infile, &dirlist, &direntries); } if (INFO && STDIN) failure(""Will not get file info from STDIN\n""); recursion: if (recurse) { if (curentry >= direntries) { infile = NULL; continue; } infile = dirlist + MAX_PATH_LEN * curentry++; } control->infile = infile; if ((control->outname && (strcmp(control->outname, ""-"") == 0)) || (!control->outname && STDIN) || lrzcat) set_stdout(control); if (lrzcat) { control->msgout = stderr; control->outFILE = stdout; register_outputfile(control, control->msgout); } if (!STDOUT) { control->msgout = stdout; register_outputfile(control, control->msgout); } if (STDIN) control->inFILE = stdin; sigemptyset(&handler.sa_mask); handler.sa_flags = 0; handler.sa_handler = &sighandler; sigaction(SIGTERM, &handler, 0); sigaction(SIGINT, &handler, 0); if (!FORCE_REPLACE) { if (STDIN && isatty(fileno((FILE *)stdin))) { print_err(""Will not read stdin from a terminal. Use -f to override.\n""); usage(compat); exit (1); } if (!TEST_ONLY && STDOUT && isatty(fileno((FILE *)stdout)) && !compat) { print_err(""Will not write stdout to a terminal. Use -f to override.\n""); usage(compat); exit (1); } } if (CHECK_FILE) { if (!DECOMPRESS) { print_err(""Can only check file written on decompression.\n""); control->flags &= ~FLAG_CHECK; } else if (STDOUT) { print_err(""Can't check file written when writing to stdout. Checking disabled.\n""); control->flags &= ~FLAG_CHECK; } } setup_ram(control); show_summary(); gettimeofday(&start_time, NULL); if (unlikely((STDIN || STDOUT) && ENCRYPT)) failure(""Unable to work from STDIO while reading password\n""); memcpy(&local_control, &base_control, sizeof(rzip_control)); if (DECOMPRESS || TEST_ONLY) decompress_file(&local_control); else if (INFO) get_fileinfo(&local_control); else compress_file(&local_control); gettimeofday(&end_time, NULL); total_time = (end_time.tv_sec + (double)end_time.tv_usec / 1000000) - (start_time.tv_sec + (double)start_time.tv_usec / 1000000); hours = (int)total_time / 3600; minutes = (int)(total_time / 60) % 60; seconds = total_time - hours * 3600 - minutes * 60; if (!INFO) print_progress(""Total time: %02d:%02d:%05.2f\n"", hours, minutes, seconds); if (recurse) goto recursion; } return 0; }",visit repo url,main.c,https://github.com/ckolivas/lrzip,109498612301875,1 2265,NVD-CWE-Other,"int ext4_ext_insert_extent(handle_t *handle, struct inode *inode, struct ext4_ext_path *path, struct ext4_extent *newext, int flag) { struct ext4_extent_header *eh; struct ext4_extent *ex, *fex; struct ext4_extent *nearex; struct ext4_ext_path *npath = NULL; int depth, len, err; ext4_lblk_t next; unsigned uninitialized = 0; BUG_ON(ext4_ext_get_actual_len(newext) == 0); depth = ext_depth(inode); ex = path[depth].p_ext; BUG_ON(path[depth].p_hdr == NULL); if (ex && (flag != EXT4_GET_BLOCKS_PRE_IO) && ext4_can_extents_be_merged(inode, ex, newext)) { ext_debug(""append [%d]%d block to %d:[%d]%d (from %llu)\n"", ext4_ext_is_uninitialized(newext), ext4_ext_get_actual_len(newext), le32_to_cpu(ex->ee_block), ext4_ext_is_uninitialized(ex), ext4_ext_get_actual_len(ex), ext_pblock(ex)); err = ext4_ext_get_access(handle, inode, path + depth); if (err) return err; if (ext4_ext_is_uninitialized(ex)) uninitialized = 1; ex->ee_len = cpu_to_le16(ext4_ext_get_actual_len(ex) + ext4_ext_get_actual_len(newext)); if (uninitialized) ext4_ext_mark_uninitialized(ex); eh = path[depth].p_hdr; nearex = ex; goto merge; } repeat: depth = ext_depth(inode); eh = path[depth].p_hdr; if (le16_to_cpu(eh->eh_entries) < le16_to_cpu(eh->eh_max)) goto has_space; fex = EXT_LAST_EXTENT(eh); next = ext4_ext_next_leaf_block(inode, path); if (le32_to_cpu(newext->ee_block) > le32_to_cpu(fex->ee_block) && next != EXT_MAX_BLOCK) { ext_debug(""next leaf block - %d\n"", next); BUG_ON(npath != NULL); npath = ext4_ext_find_extent(inode, next, NULL); if (IS_ERR(npath)) return PTR_ERR(npath); BUG_ON(npath->p_depth != path->p_depth); eh = npath[depth].p_hdr; if (le16_to_cpu(eh->eh_entries) < le16_to_cpu(eh->eh_max)) { ext_debug(""next leaf isnt full(%d)\n"", le16_to_cpu(eh->eh_entries)); path = npath; goto repeat; } ext_debug(""next leaf has no free space(%d,%d)\n"", le16_to_cpu(eh->eh_entries), le16_to_cpu(eh->eh_max)); } err = ext4_ext_create_new_leaf(handle, inode, path, newext); if (err) goto cleanup; depth = ext_depth(inode); eh = path[depth].p_hdr; has_space: nearex = path[depth].p_ext; err = ext4_ext_get_access(handle, inode, path + depth); if (err) goto cleanup; if (!nearex) { ext_debug(""first extent in the leaf: %d:%llu:[%d]%d\n"", le32_to_cpu(newext->ee_block), ext_pblock(newext), ext4_ext_is_uninitialized(newext), ext4_ext_get_actual_len(newext)); path[depth].p_ext = EXT_FIRST_EXTENT(eh); } else if (le32_to_cpu(newext->ee_block) > le32_to_cpu(nearex->ee_block)) { if (nearex != EXT_LAST_EXTENT(eh)) { len = EXT_MAX_EXTENT(eh) - nearex; len = (len - 1) * sizeof(struct ext4_extent); len = len < 0 ? 0 : len; ext_debug(""insert %d:%llu:[%d]%d after: nearest 0x%p, "" ""move %d from 0x%p to 0x%p\n"", le32_to_cpu(newext->ee_block), ext_pblock(newext), ext4_ext_is_uninitialized(newext), ext4_ext_get_actual_len(newext), nearex, len, nearex + 1, nearex + 2); memmove(nearex + 2, nearex + 1, len); } path[depth].p_ext = nearex + 1; } else { BUG_ON(newext->ee_block == nearex->ee_block); len = (EXT_MAX_EXTENT(eh) - nearex) * sizeof(struct ext4_extent); len = len < 0 ? 0 : len; ext_debug(""insert %d:%llu:[%d]%d before: nearest 0x%p, "" ""move %d from 0x%p to 0x%p\n"", le32_to_cpu(newext->ee_block), ext_pblock(newext), ext4_ext_is_uninitialized(newext), ext4_ext_get_actual_len(newext), nearex, len, nearex + 1, nearex + 2); memmove(nearex + 1, nearex, len); path[depth].p_ext = nearex; } le16_add_cpu(&eh->eh_entries, 1); nearex = path[depth].p_ext; nearex->ee_block = newext->ee_block; ext4_ext_store_pblock(nearex, ext_pblock(newext)); nearex->ee_len = newext->ee_len; merge: if (flag != EXT4_GET_BLOCKS_PRE_IO) ext4_ext_try_to_merge(inode, path, nearex); err = ext4_ext_correct_indexes(handle, inode, path); if (err) goto cleanup; err = ext4_ext_dirty(handle, inode, path + depth); cleanup: if (npath) { ext4_ext_drop_refs(npath); kfree(npath); } ext4_ext_invalidate_cache(inode); return err; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,66017672001632,1 3964,CWE-20,"static gboolean netscreen_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset) { gint64 offset; int pkt_len; char line[NETSCREEN_LINE_LENGTH]; char cap_int[NETSCREEN_MAX_INT_NAME_LENGTH]; gboolean cap_dir; char cap_dst[13]; offset = netscreen_seek_next_packet(wth, err, err_info, line); if (offset < 0) return FALSE; pkt_len = parse_netscreen_rec_hdr(&wth->phdr, line, cap_int, &cap_dir, cap_dst, err, err_info); if (pkt_len == -1) return FALSE; if (!parse_netscreen_hex_dump(wth->fh, pkt_len, cap_int, cap_dst, &wth->phdr, wth->frame_buffer, err, err_info)) return FALSE; if (wth->file_encap == WTAP_ENCAP_UNKNOWN) wth->file_encap = wth->phdr.pkt_encap; else { if (wth->file_encap != wth->phdr.pkt_encap) wth->file_encap = WTAP_ENCAP_PER_PACKET; } *data_offset = offset; return TRUE; }",visit repo url,wiretap/netscreen.c,https://github.com/wireshark/wireshark,218804586904607,1 6661,CWE-276,"crun_command_exec (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *err) { int first_arg = 0, ret = 0; libcrun_context_t crun_context = { 0, }; cleanup_process_schema runtime_spec_schema_config_schema_process *process = NULL; struct libcrun_container_exec_options_s exec_opts; memset (&exec_opts, 0, sizeof (exec_opts)); exec_opts.struct_size = sizeof (exec_opts); crun_context.preserve_fds = 0; crun_context.listen_fds = 0; argp_parse (&run_argp, argc, argv, ARGP_IN_ORDER, &first_arg, &exec_options); crun_assert_n_args (argc - first_arg, exec_options.process ? 1 : 2, -1); ret = init_libcrun_context (&crun_context, argv[first_arg], global_args, err); if (UNLIKELY (ret < 0)) return ret; crun_context.detach = exec_options.detach; crun_context.console_socket = exec_options.console_socket; crun_context.pid_file = exec_options.pid_file; crun_context.preserve_fds = exec_options.preserve_fds; if (getenv (""LISTEN_FDS"")) { crun_context.listen_fds = strtoll (getenv (""LISTEN_FDS""), NULL, 10); crun_context.preserve_fds += crun_context.listen_fds; } if (exec_options.process) exec_opts.path = exec_options.process; else { process = xmalloc0 (sizeof (*process)); int i; process->args_len = argc; process->args = xmalloc0 ((argc + 1) * sizeof (*process->args)); for (i = 0; i < argc - first_arg; i++) process->args[i] = xstrdup (argv[first_arg + i + 1]); process->args[i] = NULL; if (exec_options.cwd) process->cwd = exec_options.cwd; process->terminal = exec_options.tty; process->env = exec_options.env; process->env_len = exec_options.env_size; process->user = make_oci_process_user (exec_options.user); if (exec_options.process_label != NULL) process->selinux_label = exec_options.process_label; if (exec_options.apparmor != NULL) process->apparmor_profile = exec_options.apparmor; if (exec_options.cap_size > 0) { runtime_spec_schema_config_schema_process_capabilities *capabilities = xmalloc (sizeof (runtime_spec_schema_config_schema_process_capabilities)); capabilities->effective = exec_options.cap; capabilities->effective_len = exec_options.cap_size; capabilities->inheritable = dup_array (exec_options.cap, exec_options.cap_size); capabilities->inheritable_len = exec_options.cap_size; capabilities->bounding = dup_array (exec_options.cap, exec_options.cap_size); capabilities->bounding_len = exec_options.cap_size; capabilities->ambient = dup_array (exec_options.cap, exec_options.cap_size); capabilities->ambient_len = exec_options.cap_size; capabilities->permitted = dup_array (exec_options.cap, exec_options.cap_size); capabilities->permitted_len = exec_options.cap_size; process->capabilities = capabilities; } if (exec_options.no_new_privs) process->no_new_privileges = 1; exec_opts.process = process; } exec_opts.cgroup = exec_options.cgroup; return libcrun_container_exec_with_options (&crun_context, argv[first_arg], &exec_opts, err); }",visit repo url,src/exec.c,https://github.com/containers/crun,98382615883025,1 3764,[],"void unix_notinflight(struct file *fp) { struct sock *s = unix_get_socket(fp); if(s) { struct unix_sock *u = unix_sk(s); spin_lock(&unix_gc_lock); BUG_ON(list_empty(&u->link)); if (atomic_long_dec_and_test(&u->inflight)) list_del_init(&u->link); unix_tot_inflight--; spin_unlock(&unix_gc_lock); } }",linux-2.6,,,302253900997661515064213706194026341369,0 3155,['CWE-189'],"static int jas_icccurv_getsize(jas_iccattrval_t *attrval) { jas_icccurv_t *curv = &attrval->data.curv; return 4 + 2 * curv->numents; }",jasper,,,257225011394438965486440908744225679249,0 3333,[],"static inline int nla_put_u64(struct sk_buff *skb, int attrtype, u64 value) { return nla_put(skb, attrtype, sizeof(u64), &value); }",linux-2.6,,,130651975396424976390917298508881758699,0 4711,['CWE-20'],"void ext4_inode_table_set(struct super_block *sb, struct ext4_group_desc *bg, ext4_fsblk_t blk) { bg->bg_inode_table_lo = cpu_to_le32((u32)blk); if (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT) bg->bg_inode_table_hi = cpu_to_le32(blk >> 32); }",linux-2.6,,,36328109763028210790139620094122230091,0 5514,['CWE-119'],"ecryptfs_find_auth_tok_for_sig( struct ecryptfs_auth_tok **auth_tok, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig) { struct ecryptfs_global_auth_tok *global_auth_tok; int rc = 0; (*auth_tok) = NULL; if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok, mount_crypt_stat, sig)) { struct key *auth_tok_key; rc = ecryptfs_keyring_auth_tok_for_sig(&auth_tok_key, auth_tok, sig); } else (*auth_tok) = global_auth_tok->global_auth_tok; return rc; }",linux-2.6,,,336180781282492745307737541695245344075,0 6530,['CWE-200'],"nma_gconf_settings_init (NMAGConfSettings *settings) { NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (settings); priv->client = gconf_client_get_default (); priv->pending_changes = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, remove_pending_change); gconf_client_add_dir (priv->client, GCONF_PATH_CONNECTIONS, GCONF_CLIENT_PRELOAD_NONE, NULL); priv->conf_notify_id = gconf_client_notify_add (priv->client, GCONF_PATH_CONNECTIONS, (GConfClientNotifyFunc) connections_changed_cb, settings, NULL, NULL); }",network-manager-applet,,,149941780598061533841207780338124515218,0 3802,[],"void unix_inflight(struct file *fp) { struct sock *s = unix_get_socket(fp); if(s) { struct unix_sock *u = unix_sk(s); spin_lock(&unix_gc_lock); if (atomic_inc_return(&u->inflight) == 1) { BUG_ON(!list_empty(&u->link)); list_add_tail(&u->link, &gc_inflight_list); } else { BUG_ON(list_empty(&u->link)); } atomic_inc(&unix_tot_inflight); spin_unlock(&unix_gc_lock); } }",linux-2.6,,,290412353989617590743533270509720950407,0 2952,['CWE-189'],"static void mif_cmpt_destroy(mif_cmpt_t *cmpt) { if (cmpt->data) { jas_free(cmpt->data); } jas_free(cmpt); }",jasper,,,253404195290492731189257492574566515223,0 3629,CWE-416,"static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; AsyncPolkitQuery *q = userdata; int r; assert(reply); assert(q); q->slot = sd_bus_slot_unref(q->slot); q->reply = sd_bus_message_ref(reply); r = sd_bus_message_rewind(q->request, true); if (r < 0) { r = sd_bus_reply_method_errno(q->request, r, NULL); goto finish; } r = q->callback(q->request, q->userdata, &error_buffer); r = bus_maybe_reply_error(q->request, r, &error_buffer); finish: async_polkit_query_free(q); return r; }",visit repo url,src/shared/bus-polkit.c,https://github.com/systemd/systemd,77537006559076,1 5746,CWE-125,"void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; NDPI_LOG_DBG(ndpi_struct, ""search H323\n""); if((packet->tcp != NULL) && (packet->tcp->dest != ntohs(102))) { NDPI_LOG_DBG2(ndpi_struct, ""calculated dport over tcp\n""); if(packet->payload_packet_len >= 4 && (packet->payload[0] == 0x03) && (packet->payload[1] == 0x00)) { struct tpkt *t = (struct tpkt*)packet->payload; u_int16_t len = ntohs(t->len); if(packet->payload_packet_len == len) { if(packet->payload[4] == (packet->payload_packet_len - sizeof(struct tpkt) - 1)) { if((packet->payload[5] == 0xE0 ) || (packet->payload[5] == 0xD0 )) { NDPI_LOG_INFO(ndpi_struct, ""found RDP\n""); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN); return; } } flow->l4.tcp.h323_valid_packets++; if(flow->l4.tcp.h323_valid_packets >= 2) { NDPI_LOG_INFO(ndpi_struct, ""found H323 broadcast\n""); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); } } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } } else if(packet->udp != NULL) { sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); NDPI_LOG_DBG2(ndpi_struct, ""calculated dport over udp\n""); if(packet->payload_packet_len >= 6 && packet->payload[0] == 0x80 && packet->payload[1] == 0x08 && (packet->payload[2] == 0xe7 || packet->payload[2] == 0x26) && packet->payload[4] == 0x00 && packet->payload[5] == 0x00) { NDPI_LOG_INFO(ndpi_struct, ""found H323 broadcast\n""); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); return; } if(sport == 1719 || dport == 1719) { if(packet->payload[0] == 0x16 && packet->payload[1] == 0x80 && packet->payload[4] == 0x06 && packet->payload[5] == 0x00) { NDPI_LOG_INFO(ndpi_struct, ""found H323 broadcast\n""); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); return; } else if(packet->payload_packet_len >= 20 && packet->payload_packet_len <= 117) { NDPI_LOG_INFO(ndpi_struct, ""found H323 broadcast\n""); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); return; } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } } }",visit repo url,src/lib/protocols/h323.c,https://github.com/ntop/nDPI,78776229587016,1 4212,CWE-125,"parse_file (FILE* input_file, char* directory, char *body_filename, char *body_pref, int flags) { uint32 d; uint16 key; Attr *attr = NULL; File *file = NULL; int rtf_size = 0, html_size = 0; MessageBody body; memset (&body, '\0', sizeof (MessageBody)); g_flags = flags; d = geti32(input_file); if (d != TNEF_SIGNATURE) { fprintf (stdout, ""Seems not to be a TNEF file\n""); return 1; } key = geti16(input_file); debug_print (""TNEF Key: %hx\n"", key); while ( data_left( input_file ) ) { attr = read_object( input_file ); if ( attr == NULL ) break; if (attr->name == attATTACHRENDDATA) { if (file) { file_write (file, directory); file_free (file); } else { file = CHECKED_XCALLOC (File, 1); } } switch (attr->lvl_type) { case LVL_MESSAGE: if (attr->name == attBODY) { body.text_body = get_text_data (attr); } else if (attr->name == attMAPIPROPS) { MAPI_Attr **mapi_attrs = mapi_attr_read (attr->len, attr->buf); if (mapi_attrs) { int i; for (i = 0; mapi_attrs[i]; i++) { MAPI_Attr *a = mapi_attrs[i]; if (a->name == MAPI_BODY_HTML) { body.html_bodies = get_html_data (a); html_size = a->num_values; } else if (a->name == MAPI_RTF_COMPRESSED) { body.rtf_bodies = get_rtf_data (a); rtf_size = a->num_values; } } mapi_attr_free_list (mapi_attrs); XFREE (mapi_attrs); } } break; case LVL_ATTACHMENT: file_add_attr (file, attr); break; default: fprintf (stderr, ""Invalid lvl type on attribute: %d\n"", attr->lvl_type); return 1; break; } attr_free (attr); XFREE (attr); } if (file) { file_write (file, directory); file_free (file); XFREE (file); } if (flags & SAVEBODY) { int i = 0; int all_flag = 0; if (strcmp (body_pref, ""all"") == 0) { all_flag = 1; body_pref = ""rht""; } for (; i < 3; i++) { File **files = get_body_files (body_filename, body_pref[i], &body); if (files) { int j = 0; for (; files[j]; j++) { file_write(files[j], directory); file_free (files[j]); XFREE(files[j]); } XFREE(files); if (!all_flag) break; } } } if (body.text_body) { free_bodies(body.text_body, 1); XFREE(body.text_body); } if (rtf_size > 0) { free_bodies(body.rtf_bodies, rtf_size); XFREE(body.rtf_bodies); } if (html_size > 0) { free_bodies(body.html_bodies, html_size); XFREE(body.html_bodies); } return 0; }",visit repo url,src/tnef.c,https://github.com/verdammelt/tnef,35980798089116,1 2072,[],"static void udp_seq_stop(struct seq_file *seq, void *v) { read_unlock(&udp_hash_lock); }",linux-2.6,,,209451500585127135197200526709447368750,0 2516,CWE-59,"archive_write_disk_set_acls(struct archive *a, int fd, const char *name, struct archive_acl *abstract_acl, __LA_MODE_T mode) { int ret = ARCHIVE_OK; #if !ARCHIVE_ACL_LIBRICHACL (void)mode; #endif #if ARCHIVE_ACL_LIBRICHACL if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) { ret = set_richacl(a, fd, name, abstract_acl, mode, ARCHIVE_ENTRY_ACL_TYPE_NFS4, ""nfs4""); } #if ARCHIVE_ACL_LIBACL else #endif #endif #if ARCHIVE_ACL_LIBACL if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) { if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) { ret = set_acl(a, fd, name, abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ""access""); if (ret != ARCHIVE_OK) return (ret); } if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0) ret = set_acl(a, fd, name, abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ""default""); } #endif return (ret); }",visit repo url,libarchive/archive_disk_acl_linux.c,https://github.com/libarchive/libarchive,8463315727103,1 5237,CWE-787,"gplotAddPlot(GPLOT *gplot, NUMA *nax, NUMA *nay, l_int32 plotstyle, const char *plottitle) { char buf[L_BUF_SIZE]; char emptystring[] = """"; char *datastr, *title; l_int32 n, i; l_float32 valx, valy, startx, delx; SARRAY *sa; PROCNAME(""gplotAddPlot""); if (!gplot) return ERROR_INT(""gplot not defined"", procName, 1); if (!nay) return ERROR_INT(""nay not defined"", procName, 1); if (plotstyle < 0 || plotstyle >= NUM_GPLOT_STYLES) return ERROR_INT(""invalid plotstyle"", procName, 1); if ((n = numaGetCount(nay)) == 0) return ERROR_INT(""no points to plot"", procName, 1); if (nax && (n != numaGetCount(nax))) return ERROR_INT(""nax and nay sizes differ"", procName, 1); if (n == 1 && plotstyle == GPLOT_LINES) { L_INFO(""only 1 pt; changing style to points\n"", procName); plotstyle = GPLOT_POINTS; } numaGetParameters(nay, &startx, &delx); numaAddNumber(gplot->plotstyles, plotstyle); if (plottitle) { title = stringNew(plottitle); sarrayAddString(gplot->plottitles, title, L_INSERT); } else { sarrayAddString(gplot->plottitles, emptystring, L_COPY); } gplot->nplots++; snprintf(buf, L_BUF_SIZE, ""%s.data.%d"", gplot->rootname, gplot->nplots); sarrayAddString(gplot->datanames, buf, L_COPY); sa = sarrayCreate(n); for (i = 0; i < n; i++) { if (nax) numaGetFValue(nax, i, &valx); else valx = startx + i * delx; numaGetFValue(nay, i, &valy); snprintf(buf, L_BUF_SIZE, ""%f %f\n"", valx, valy); sarrayAddString(sa, buf, L_COPY); } datastr = sarrayToString(sa, 0); sarrayAddString(gplot->plotdata, datastr, L_INSERT); sarrayDestroy(&sa); return 0; }",visit repo url,src/gplot.c,https://github.com/DanBloomberg/leptonica,101195032306762,1 6742,['CWE-310'],"remove_leftovers (CopyOneSettingValueInfo *info) { GSList *dirs; GSList *iter; size_t prefix_len; prefix_len = strlen (info->dir) + 1; dirs = gconf_client_all_dirs (info->client, info->dir, NULL); for (iter = dirs; iter; iter = iter->next) { char *key = (char *) iter->data; NMSetting *setting; setting = nm_connection_get_setting_by_name (info->connection, key + prefix_len); if (!setting) gconf_client_recursive_unset (info->client, key, 0, NULL); g_free (key); } g_slist_free (dirs); }",network-manager-applet,,,224549219090056048888848539527674553943,0 6154,['CWE-200'],"static int ipmr_device_event(struct notifier_block *this, unsigned long event, void *ptr) { struct vif_device *v; int ct; if (event != NETDEV_UNREGISTER) return NOTIFY_DONE; v=&vif_table[0]; for(ct=0;ctdev==ptr) vif_delete(ct); } return NOTIFY_DONE; }",linux-2.6,,,1683923183597886475031462219670167699,0 1153,['CWE-189'],"remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base) { if (hrtimer_is_queued(timer)) { int reprogram; timer_stats_hrtimer_clear_start_info(timer); reprogram = base->cpu_base == &__get_cpu_var(hrtimer_bases); __remove_hrtimer(timer, base, HRTIMER_STATE_INACTIVE, reprogram); return 1; } return 0; }",linux-2.6,,,315817146536492811557909641190435686099,0 5242,['CWE-264'],"static SEC_ACCESS map_canon_ace_perms(int snum, enum security_ace_type *pacl_type, mode_t perms, bool directory_ace) { SEC_ACCESS sa; uint32 nt_mask = 0; *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED; if (lp_acl_map_full_control(snum) && ((perms & ALL_ACE_PERMS) == ALL_ACE_PERMS)) { if (directory_ace) { nt_mask = UNIX_DIRECTORY_ACCESS_RWX; } else { nt_mask = UNIX_ACCESS_RWX; } } else if ((perms & ALL_ACE_PERMS) == (mode_t)0) { if (nt4_compatible_acls()) nt_mask = UNIX_ACCESS_NONE; else nt_mask = 0; } else { if (directory_ace) { nt_mask |= ((perms & S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 ); nt_mask |= ((perms & S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 ); nt_mask |= ((perms & S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 ); } else { nt_mask |= ((perms & S_IRUSR) ? UNIX_ACCESS_R : 0 ); nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 ); nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 ); } } DEBUG(10,(""map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n"", (unsigned int)perms, (unsigned int)nt_mask )); init_sec_access(&sa,nt_mask); return sa; }",samba,,,321134656432586941619692115991389431251,0 3492,CWE-119,"static int check_line_charstring(void) { char *p = line; while (isspace(*p)) p++; return (*p == '/' || (p[0] == 'd' && p[1] == 'u' && p[2] == 'p')); }",visit repo url,t1asm.c,https://github.com/kohler/t1utils,77968399531436,1 3576,CWE-20,"jas_image_t *jpg_decode(jas_stream_t *in, char *optstr) { struct jpeg_decompress_struct cinfo; struct jpeg_error_mgr jerr; FILE *input_file; jpg_dest_t dest_mgr_buf; jpg_dest_t *dest_mgr = &dest_mgr_buf; JDIMENSION num_scanlines; jas_image_t *image; int ret; jpg_dec_importopts_t opts; size_t size; if (jpg_dec_parseopts(optstr, &opts)) { goto error; } memset(&cinfo, 0, sizeof(struct jpeg_decompress_struct)); memset(dest_mgr, 0, sizeof(jpg_dest_t)); dest_mgr->data = 0; image = 0; input_file = 0; if (!(input_file = tmpfile())) { jas_eprintf(""cannot make temporary file\n""); goto error; } if (jpg_copystreamtofile(input_file, in)) { jas_eprintf(""cannot copy stream\n""); goto error; } rewind(input_file); JAS_DBGLOG(10, (""jpeg_std_error(%p)\n"", &jerr)); cinfo.err = jpeg_std_error(&jerr); JAS_DBGLOG(10, (""jpeg_create_decompress(%p)\n"", &cinfo)); jpeg_create_decompress(&cinfo); JAS_DBGLOG(10, (""jpeg_stdio_src(%p, %p)\n"", &cinfo, input_file)); jpeg_stdio_src(&cinfo, input_file); JAS_DBGLOG(10, (""jpeg_read_header(%p, TRUE)\n"", &cinfo)); ret = jpeg_read_header(&cinfo, TRUE); JAS_DBGLOG(10, (""jpeg_read_header return value %d\n"", ret)); if (ret != JPEG_HEADER_OK) { jas_eprintf(""jpeg_read_header did not return JPEG_HEADER_OK\n""); } JAS_DBGLOG(10, ( ""header: image_width %d; image_height %d; num_components %d\n"", cinfo.image_width, cinfo.image_height, cinfo.num_components) ); JAS_DBGLOG(10, (""jpeg_start_decompress(%p)\n"", &cinfo)); ret = jpeg_start_decompress(&cinfo); JAS_DBGLOG(10, (""jpeg_start_decompress return value %d\n"", ret)); JAS_DBGLOG(10, ( ""header: output_width %d; output_height %d; output_components %d\n"", cinfo.output_width, cinfo.output_height, cinfo.output_components) ); if (opts.max_size) { if (!jas_safe_size_mul(cinfo.output_width, cinfo.output_height, &size) || !jas_safe_size_mul(size, cinfo.output_components, &size)) { goto error; } if (size > opts.max_size) { jas_eprintf(""image is too large\n""); goto error; } } if (!(image = jpg_mkimage(&cinfo))) { jas_eprintf(""jpg_mkimage failed\n""); goto error; } dest_mgr->image = image; if (!(dest_mgr->data = jas_matrix_create(1, cinfo.output_width))) { jas_eprintf(""jas_matrix_create failed\n""); goto error; } dest_mgr->start_output = jpg_start_output; dest_mgr->put_pixel_rows = jpg_put_pixel_rows; dest_mgr->finish_output = jpg_finish_output; dest_mgr->buffer = (*cinfo.mem->alloc_sarray) ((j_common_ptr) &cinfo, JPOOL_IMAGE, cinfo.output_width * cinfo.output_components, (JDIMENSION) 1); dest_mgr->buffer_height = 1; dest_mgr->error = 0; (*dest_mgr->start_output)(&cinfo, dest_mgr); while (cinfo.output_scanline < cinfo.output_height) { JAS_DBGLOG(10, (""jpeg_read_scanlines(%p, %p, %lu)\n"", &cinfo, dest_mgr->buffer, JAS_CAST(unsigned long, dest_mgr->buffer_height))); num_scanlines = jpeg_read_scanlines(&cinfo, dest_mgr->buffer, dest_mgr->buffer_height); JAS_DBGLOG(10, (""jpeg_read_scanlines return value %lu\n"", JAS_CAST(unsigned long, num_scanlines))); (*dest_mgr->put_pixel_rows)(&cinfo, dest_mgr, num_scanlines); } (*dest_mgr->finish_output)(&cinfo, dest_mgr); JAS_DBGLOG(10, (""jpeg_finish_decompress(%p)\n"", &cinfo)); jpeg_finish_decompress(&cinfo); JAS_DBGLOG(10, (""jpeg_destroy_decompress(%p)\n"", &cinfo)); jpeg_destroy_decompress(&cinfo); jas_matrix_destroy(dest_mgr->data); JAS_DBGLOG(10, (""fclose(%p)\n"", input_file)); fclose(input_file); input_file = 0; if (dest_mgr->error) { jas_eprintf(""error during decoding\n""); goto error; } return image; error: if (dest_mgr->data) { jas_matrix_destroy(dest_mgr->data); } if (image) { jas_image_destroy(image); } if (input_file) { fclose(input_file); } return 0; }",visit repo url,src/libjasper/jpg/jpg_dec.c,https://github.com/mdadams/jasper,76808333028275,1 6284,['CWE-200'],"tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts, struct tcf_ext_map *map) { #ifdef CONFIG_NET_CLS_ACT if (exts->action) if (tcf_action_copy_stats(skb, exts->action, 1) < 0) goto rtattr_failure; #elif defined CONFIG_NET_CLS_POLICE if (exts->police) if (tcf_police_dump_stats(skb, exts->police) < 0) goto rtattr_failure; #endif return 0; rtattr_failure: __attribute__ ((unused)) return -1; }",linux-2.6,,,8790625497981257226786039502316716926,0 2293,['CWE-120'],"struct dentry *lookup_create(struct nameidata *nd, int is_dir) { struct dentry *dentry = ERR_PTR(-EEXIST); mutex_lock_nested(&nd->path.dentry->d_inode->i_mutex, I_MUTEX_PARENT); if (nd->last_type != LAST_NORM) goto fail; nd->flags &= ~LOOKUP_PARENT; nd->flags |= LOOKUP_CREATE; nd->intent.open.flags = O_EXCL; dentry = lookup_hash(nd); if (IS_ERR(dentry)) goto fail; if (dentry->d_inode) goto eexist; if (unlikely(!is_dir && nd->last.name[nd->last.len])) { dput(dentry); dentry = ERR_PTR(-ENOENT); } return dentry; eexist: dput(dentry); dentry = ERR_PTR(-EEXIST); fail: return dentry; }",linux-2.6,,,127401547762289576765362919972698497563,0 1766,[],"static void __cond_resched(void) { #ifdef CONFIG_DEBUG_SPINLOCK_SLEEP __might_sleep(__FILE__, __LINE__); #endif do { add_preempt_count(PREEMPT_ACTIVE); schedule(); sub_preempt_count(PREEMPT_ACTIVE); } while (need_resched()); }",linux-2.6,,,100236830282298603294464320531891982410,0 3704,CWE-770,"parse_range(char *str, size_t file_sz, int *nranges) { static struct range ranges[MAX_RANGES]; int i = 0; char *p, *q; if ((p = strchr(str, '=')) == NULL) return (NULL); *p++ = '\0'; if (strcmp(str, ""bytes"") != 0) return (NULL); while ((q = strchr(p, ',')) != NULL) { *q++ = '\0'; if (parse_range_spec(p, file_sz, &ranges[i]) == 0) continue; i++; if (i == MAX_RANGES) return (NULL); p = q; } if (parse_range_spec(p, file_sz, &ranges[i]) != 0) i++; *nranges = i; return (i ? ranges : NULL); }",visit repo url,usr.sbin/httpd/server_file.c,https://github.com/openbsd/src,272740361295795,1 6611,['CWE-200'],"secrets_return_error (DBusGMethodInvocation *context, GError *error) { nm_warning (""Error getting secrets: %s"", error->message); dbus_g_method_return_error (context, error); g_error_free (error); }",network-manager-applet,,,250491084060761059290781821630832197878,0 3925,CWE-122,"do_put( int regname, char_u *expr_result, int dir, long count, int flags) { char_u *ptr; char_u *newp, *oldp; int yanklen; int totlen = 0; linenr_T lnum; colnr_T col; long i; int y_type; long y_size; int oldlen; long y_width = 0; colnr_T vcol; int delcount; int incr = 0; long j; struct block_def bd; char_u **y_array = NULL; yankreg_T *y_current_used = NULL; long nr_lines = 0; pos_T new_cursor; int indent; int orig_indent = 0; int indent_diff = 0; int first_indent = TRUE; int lendiff = 0; pos_T old_pos; char_u *insert_string = NULL; int allocated = FALSE; long cnt; pos_T orig_start = curbuf->b_op_start; pos_T orig_end = curbuf->b_op_end; unsigned int cur_ve_flags = get_ve_flags(); #ifdef FEAT_CLIPBOARD adjust_clip_reg(®name); (void)may_get_selection(regname); #endif if (flags & PUT_FIXINDENT) orig_indent = get_indent(); curbuf->b_op_start = curwin->w_cursor; curbuf->b_op_end = curwin->w_cursor; if (regname == '.') { if (VIsual_active) stuffcharReadbuff(VIsual_mode); (void)stuff_inserted((dir == FORWARD ? (count == -1 ? 'o' : 'a') : (count == -1 ? 'O' : 'i')), count, FALSE); if ((flags & PUT_CURSEND) && gchar_cursor() != NUL) stuffcharReadbuff('l'); return; } if (regname == '=' && expr_result != NULL) insert_string = expr_result; else if (get_spec_reg(regname, &insert_string, &allocated, TRUE) && insert_string == NULL) return; if (u_save(curwin->w_cursor.lnum, curwin->w_cursor.lnum + 1) == FAIL) goto end; if (insert_string != NULL) { y_type = MCHAR; #ifdef FEAT_EVAL if (regname == '=') { for (;;) { y_size = 0; ptr = insert_string; while (ptr != NULL) { if (y_array != NULL) y_array[y_size] = ptr; ++y_size; ptr = vim_strchr(ptr, '\n'); if (ptr != NULL) { if (y_array != NULL) *ptr = NUL; ++ptr; if (*ptr == NUL) { y_type = MLINE; break; } } } if (y_array != NULL) break; y_array = ALLOC_MULT(char_u *, y_size); if (y_array == NULL) goto end; } } else #endif { y_size = 1; y_array = &insert_string; } } else { get_yank_register(regname, FALSE); y_type = y_current->y_type; y_width = y_current->y_width; y_size = y_current->y_size; y_array = y_current->y_array; y_current_used = y_current; } if (y_type == MLINE) { if (flags & PUT_LINE_SPLIT) { char_u *p; if (u_save_cursor() == FAIL) goto end; p = ml_get_cursor(); if (dir == FORWARD && *p != NUL) MB_PTR_ADV(p); ptr = vim_strsave(p); if (ptr == NULL) goto end; ml_append(curwin->w_cursor.lnum, ptr, (colnr_T)0, FALSE); vim_free(ptr); oldp = ml_get_curline(); p = oldp + curwin->w_cursor.col; if (dir == FORWARD && *p != NUL) MB_PTR_ADV(p); ptr = vim_strnsave(oldp, p - oldp); if (ptr == NULL) goto end; ml_replace(curwin->w_cursor.lnum, ptr, FALSE); ++nr_lines; dir = FORWARD; } if (flags & PUT_LINE_FORWARD) { curwin->w_cursor = curbuf->b_visual.vi_end; dir = FORWARD; } curbuf->b_op_start = curwin->w_cursor; curbuf->b_op_end = curwin->w_cursor; } if (flags & PUT_LINE) y_type = MLINE; if (y_size == 0 || y_array == NULL) { semsg(_(e_nothing_in_register_str), regname == 0 ? (char_u *)""\"""" : transchar(regname)); goto end; } if (y_type == MBLOCK) { lnum = curwin->w_cursor.lnum + y_size + 1; if (lnum > curbuf->b_ml.ml_line_count) lnum = curbuf->b_ml.ml_line_count + 1; if (u_save(curwin->w_cursor.lnum - 1, lnum) == FAIL) goto end; } else if (y_type == MLINE) { lnum = curwin->w_cursor.lnum; #ifdef FEAT_FOLDING if (dir == BACKWARD) (void)hasFolding(lnum, &lnum, NULL); else (void)hasFolding(lnum, NULL, &lnum); #endif if (dir == FORWARD) ++lnum; if ((BUFEMPTY() ? u_save(0, 2) : u_save(lnum - 1, lnum)) == FAIL) goto end; #ifdef FEAT_FOLDING if (dir == FORWARD) curwin->w_cursor.lnum = lnum - 1; else curwin->w_cursor.lnum = lnum; curbuf->b_op_start = curwin->w_cursor; #endif } else if (u_save_cursor() == FAIL) goto end; yanklen = (int)STRLEN(y_array[0]); if (cur_ve_flags == VE_ALL && y_type == MCHAR) { if (gchar_cursor() == TAB) { int viscol = getviscol(); int ts = curbuf->b_p_ts; if (dir == FORWARD ? #ifdef FEAT_VARTABS tabstop_padding(viscol, ts, curbuf->b_p_vts_array) != 1 #else ts - (viscol % ts) != 1 #endif : curwin->w_cursor.coladd > 0) coladvance_force(viscol); else curwin->w_cursor.coladd = 0; } else if (curwin->w_cursor.coladd > 0 || gchar_cursor() == NUL) coladvance_force(getviscol() + (dir == FORWARD)); } lnum = curwin->w_cursor.lnum; col = curwin->w_cursor.col; if (y_type == MBLOCK) { int c = gchar_cursor(); colnr_T endcol2 = 0; if (dir == FORWARD && c != NUL) { if (cur_ve_flags == VE_ALL) getvcol(curwin, &curwin->w_cursor, &col, NULL, &endcol2); else getvcol(curwin, &curwin->w_cursor, NULL, NULL, &col); if (has_mbyte) curwin->w_cursor.col += (*mb_ptr2len)(ml_get_cursor()); else if (c != TAB || cur_ve_flags != VE_ALL) ++curwin->w_cursor.col; ++col; } else getvcol(curwin, &curwin->w_cursor, &col, NULL, &endcol2); col += curwin->w_cursor.coladd; if (cur_ve_flags == VE_ALL && (curwin->w_cursor.coladd > 0 || endcol2 == curwin->w_cursor.col)) { if (dir == FORWARD && c == NUL) ++col; if (dir != FORWARD && c != NUL && curwin->w_cursor.coladd > 0) ++curwin->w_cursor.col; if (c == TAB) { if (dir == BACKWARD && curwin->w_cursor.col) curwin->w_cursor.col--; if (dir == FORWARD && col - 1 == endcol2) curwin->w_cursor.col++; } } curwin->w_cursor.coladd = 0; bd.textcol = 0; for (i = 0; i < y_size; ++i) { int spaces = 0; char shortline; chartabsize_T cts; bd.startspaces = 0; bd.endspaces = 0; vcol = 0; delcount = 0; if (curwin->w_cursor.lnum > curbuf->b_ml.ml_line_count) { if (ml_append(curbuf->b_ml.ml_line_count, (char_u *)"""", (colnr_T)1, FALSE) == FAIL) break; ++nr_lines; } oldp = ml_get_curline(); oldlen = (int)STRLEN(oldp); init_chartabsize_arg(&cts, curwin, curwin->w_cursor.lnum, 0, oldp, oldp); while (cts.cts_vcol < col && *cts.cts_ptr != NUL) { incr = lbr_chartabsize_adv(&cts); cts.cts_vcol += incr; } vcol = cts.cts_vcol; ptr = cts.cts_ptr; bd.textcol = (colnr_T)(ptr - oldp); clear_chartabsize_arg(&cts); shortline = (vcol < col) || (vcol == col && !*ptr) ; if (vcol < col) bd.startspaces = col - vcol; else if (vcol > col) { bd.endspaces = vcol - col; bd.startspaces = incr - bd.endspaces; --bd.textcol; delcount = 1; if (has_mbyte) bd.textcol -= (*mb_head_off)(oldp, oldp + bd.textcol); if (oldp[bd.textcol] != TAB) { delcount = 0; bd.endspaces = 0; } } yanklen = (int)STRLEN(y_array[i]); if ((flags & PUT_BLOCK_INNER) == 0) { spaces = y_width + 1; init_chartabsize_arg(&cts, curwin, 0, 0, y_array[i], y_array[i]); for (j = 0; j < yanklen; j++) { spaces -= lbr_chartabsize(&cts); ++cts.cts_ptr; cts.cts_vcol = 0; } clear_chartabsize_arg(&cts); if (spaces < 0) spaces = 0; } if (yanklen + spaces != 0 && count > ((INT_MAX - (bd.startspaces + bd.endspaces)) / (yanklen + spaces))) { emsg(_(e_resulting_text_too_long)); break; } totlen = count * (yanklen + spaces) + bd.startspaces + bd.endspaces; newp = alloc(totlen + oldlen + 1); if (newp == NULL) break; ptr = newp; mch_memmove(ptr, oldp, (size_t)bd.textcol); ptr += bd.textcol; vim_memset(ptr, ' ', (size_t)bd.startspaces); ptr += bd.startspaces; for (j = 0; j < count; ++j) { mch_memmove(ptr, y_array[i], (size_t)yanklen); ptr += yanklen; if ((j < count - 1 || !shortline) && spaces) { vim_memset(ptr, ' ', (size_t)spaces); ptr += spaces; } else totlen -= spaces; } vim_memset(ptr, ' ', (size_t)bd.endspaces); ptr += bd.endspaces; mch_memmove(ptr, oldp + bd.textcol + delcount, (size_t)(oldlen - bd.textcol - delcount + 1)); ml_replace(curwin->w_cursor.lnum, newp, FALSE); ++curwin->w_cursor.lnum; if (i == 0) curwin->w_cursor.col += bd.startspaces; } changed_lines(lnum, 0, curwin->w_cursor.lnum, nr_lines); curbuf->b_op_start = curwin->w_cursor; curbuf->b_op_start.lnum = lnum; curbuf->b_op_end.lnum = curwin->w_cursor.lnum - 1; curbuf->b_op_end.col = bd.textcol + totlen - 1; if (curbuf->b_op_end.col < 0) curbuf->b_op_end.col = 0; curbuf->b_op_end.coladd = 0; if (flags & PUT_CURSEND) { colnr_T len; curwin->w_cursor = curbuf->b_op_end; curwin->w_cursor.col++; len = (colnr_T)STRLEN(ml_get_curline()); if (curwin->w_cursor.col > len) curwin->w_cursor.col = len; } else curwin->w_cursor.lnum = lnum; } else { if (y_type == MCHAR) { if (dir == FORWARD && gchar_cursor() != NUL) { if (has_mbyte) { int bytelen = (*mb_ptr2len)(ml_get_cursor()); col += bytelen; if (yanklen) { curwin->w_cursor.col += bytelen; curbuf->b_op_end.col += bytelen; } } else { ++col; if (yanklen) { ++curwin->w_cursor.col; ++curbuf->b_op_end.col; } } } curbuf->b_op_start = curwin->w_cursor; } else if (dir == BACKWARD) --lnum; new_cursor = curwin->w_cursor; if (y_type == MCHAR && y_size == 1) { linenr_T end_lnum = 0; linenr_T start_lnum = lnum; int first_byte_off = 0; if (VIsual_active) { end_lnum = curbuf->b_visual.vi_end.lnum; if (end_lnum < curbuf->b_visual.vi_start.lnum) end_lnum = curbuf->b_visual.vi_start.lnum; if (end_lnum > start_lnum) { pos_T pos; pos.lnum = lnum; pos.col = col; pos.coladd = 0; getvcol(curwin, &pos, NULL, &vcol, NULL); } } if (count == 0 || yanklen == 0) { if (VIsual_active) lnum = end_lnum; } else if (count > INT_MAX / yanklen) emsg(_(e_resulting_text_too_long)); else { totlen = count * yanklen; do { oldp = ml_get(lnum); oldlen = (int)STRLEN(oldp); if (lnum > start_lnum) { pos_T pos; pos.lnum = lnum; if (getvpos(&pos, vcol) == OK) col = pos.col; else col = MAXCOL; } if (VIsual_active && col > oldlen) { lnum++; continue; } newp = alloc(totlen + oldlen + 1); if (newp == NULL) goto end; mch_memmove(newp, oldp, (size_t)col); ptr = newp + col; for (i = 0; i < count; ++i) { mch_memmove(ptr, y_array[0], (size_t)yanklen); ptr += yanklen; } STRMOVE(ptr, oldp + col); first_byte_off = mb_head_off(newp, ptr - 1); ml_replace(lnum, newp, FALSE); inserted_bytes(lnum, col, totlen); if (lnum == curwin->w_cursor.lnum) { changed_cline_bef_curs(); curwin->w_cursor.col += (colnr_T)(totlen - 1); } if (VIsual_active) lnum++; } while (VIsual_active && lnum <= end_lnum); if (VIsual_active) lnum--; } curbuf->b_op_end = curwin->w_cursor; curbuf->b_op_end.col -= first_byte_off; if (totlen && (restart_edit != 0 || (flags & PUT_CURSEND))) ++curwin->w_cursor.col; else curwin->w_cursor.col -= first_byte_off; } else { linenr_T new_lnum = new_cursor.lnum; size_t len; for (cnt = 1; cnt <= count; ++cnt) { i = 0; if (y_type == MCHAR) { lnum = new_cursor.lnum; ptr = ml_get(lnum) + col; totlen = (int)STRLEN(y_array[y_size - 1]); newp = alloc(STRLEN(ptr) + totlen + 1); if (newp == NULL) goto error; STRCPY(newp, y_array[y_size - 1]); STRCAT(newp, ptr); ml_append(lnum, newp, (colnr_T)0, FALSE); ++new_lnum; vim_free(newp); oldp = ml_get(lnum); newp = alloc(col + yanklen + 1); if (newp == NULL) goto error; mch_memmove(newp, oldp, (size_t)col); mch_memmove(newp + col, y_array[0], (size_t)(yanklen + 1)); ml_replace(lnum, newp, FALSE); curwin->w_cursor.lnum = lnum; i = 1; } for (; i < y_size; ++i) { if (y_type != MCHAR || i < y_size - 1) { if (ml_append(lnum, y_array[i], (colnr_T)0, FALSE) == FAIL) goto error; new_lnum++; } lnum++; ++nr_lines; if (flags & PUT_FIXINDENT) { old_pos = curwin->w_cursor; curwin->w_cursor.lnum = lnum; ptr = ml_get(lnum); if (cnt == count && i == y_size - 1) lendiff = (int)STRLEN(ptr); if (*ptr == '#' && preprocs_left()) indent = 0; else if (*ptr == NUL) indent = 0; else if (first_indent) { indent_diff = orig_indent - get_indent(); indent = orig_indent; first_indent = FALSE; } else if ((indent = get_indent() + indent_diff) < 0) indent = 0; (void)set_indent(indent, 0); curwin->w_cursor = old_pos; if (cnt == count && i == y_size - 1) lendiff -= (int)STRLEN(ml_get(lnum)); } } if (cnt == 1) new_lnum = lnum; } error: if (y_type == MLINE) { curbuf->b_op_start.col = 0; if (dir == FORWARD) curbuf->b_op_start.lnum++; } mark_adjust(curbuf->b_op_start.lnum + (y_type == MCHAR), (linenr_T)MAXLNUM, nr_lines, 0L); if (y_type == MCHAR) changed_lines(curwin->w_cursor.lnum, col, curwin->w_cursor.lnum + 1, nr_lines); else changed_lines(curbuf->b_op_start.lnum, 0, curbuf->b_op_start.lnum, nr_lines); if (y_current_used != NULL && (y_current_used != y_current || y_current->y_array != y_array)) { emsg(_(e_yank_register_changed_while_using_it)); goto end; } curbuf->b_op_end.lnum = new_lnum; len = STRLEN(y_array[y_size - 1]); col = (colnr_T)len - lendiff; if (col > 1) { curbuf->b_op_end.col = col - 1; if (len > 0) curbuf->b_op_end.col -= mb_head_off(y_array[y_size - 1], y_array[y_size - 1] + len - 1); } else curbuf->b_op_end.col = 0; if (flags & PUT_CURSLINE) { curwin->w_cursor.lnum = lnum; beginline(BL_WHITE | BL_FIX); } else if (flags & PUT_CURSEND) { if (y_type == MLINE) { if (lnum >= curbuf->b_ml.ml_line_count) curwin->w_cursor.lnum = curbuf->b_ml.ml_line_count; else curwin->w_cursor.lnum = lnum + 1; curwin->w_cursor.col = 0; } else { curwin->w_cursor.lnum = new_lnum; curwin->w_cursor.col = col; curbuf->b_op_end = curwin->w_cursor; if (col > 1) curbuf->b_op_end.col = col - 1; } } else if (y_type == MLINE) { curwin->w_cursor.col = 0; if (dir == FORWARD) ++curwin->w_cursor.lnum; beginline(BL_WHITE | BL_FIX); } else curwin->w_cursor = new_cursor; } } msgmore(nr_lines); curwin->w_set_curswant = TRUE; end: if (cmdmod.cmod_flags & CMOD_LOCKMARKS) { curbuf->b_op_start = orig_start; curbuf->b_op_end = orig_end; } if (allocated) vim_free(insert_string); if (regname == '=') vim_free(y_array); VIsual_active = FALSE; adjust_cursor_eol(); }",visit repo url,src/register.c,https://github.com/vim/vim,144419856116821,1 5417,['CWE-476'],"static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 __user *entries) { int r; r = -E2BIG; if (cpuid->nent < vcpu->arch.cpuid_nent) goto out; r = -EFAULT; if (copy_to_user(entries, &vcpu->arch.cpuid_entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) goto out; return 0; out: cpuid->nent = vcpu->arch.cpuid_nent; return r; }",linux-2.6,,,226763382432325466102408310960366518002,0 109,['CWE-787'],"static void cirrus_vga_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val) { #ifdef TARGET_WORDS_BIGENDIAN cirrus_vga_mem_writeb(opaque, addr, (val >> 24) & 0xff); cirrus_vga_mem_writeb(opaque, addr + 1, (val >> 16) & 0xff); cirrus_vga_mem_writeb(opaque, addr + 2, (val >> 8) & 0xff); cirrus_vga_mem_writeb(opaque, addr + 3, val & 0xff); #else cirrus_vga_mem_writeb(opaque, addr, val & 0xff); cirrus_vga_mem_writeb(opaque, addr + 1, (val >> 8) & 0xff); cirrus_vga_mem_writeb(opaque, addr + 2, (val >> 16) & 0xff); cirrus_vga_mem_writeb(opaque, addr + 3, (val >> 24) & 0xff); #endif }",qemu,,,286521755238505120897169248932787523784,0 1371,CWE-310,"static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, struct btrfs_fs_info *fs_info, struct btrfs_pending_snapshot *pending) { struct btrfs_key key; struct btrfs_root_item *new_root_item; struct btrfs_root *tree_root = fs_info->tree_root; struct btrfs_root *root = pending->root; struct btrfs_root *parent_root; struct btrfs_block_rsv *rsv; struct inode *parent_inode; struct btrfs_path *path; struct btrfs_dir_item *dir_item; struct dentry *parent; struct dentry *dentry; struct extent_buffer *tmp; struct extent_buffer *old; struct timespec cur_time = CURRENT_TIME; int ret; u64 to_reserve = 0; u64 index = 0; u64 objectid; u64 root_flags; uuid_le new_uuid; path = btrfs_alloc_path(); if (!path) { ret = pending->error = -ENOMEM; goto path_alloc_fail; } new_root_item = kmalloc(sizeof(*new_root_item), GFP_NOFS); if (!new_root_item) { ret = pending->error = -ENOMEM; goto root_item_alloc_fail; } ret = btrfs_find_free_objectid(tree_root, &objectid); if (ret) { pending->error = ret; goto no_free_objectid; } btrfs_reloc_pre_snapshot(trans, pending, &to_reserve); if (to_reserve > 0) { ret = btrfs_block_rsv_add(root, &pending->block_rsv, to_reserve, BTRFS_RESERVE_NO_FLUSH); if (ret) { pending->error = ret; goto no_free_objectid; } } ret = btrfs_qgroup_inherit(trans, fs_info, root->root_key.objectid, objectid, pending->inherit); if (ret) { pending->error = ret; goto no_free_objectid; } key.objectid = objectid; key.offset = (u64)-1; key.type = BTRFS_ROOT_ITEM_KEY; rsv = trans->block_rsv; trans->block_rsv = &pending->block_rsv; dentry = pending->dentry; parent = dget_parent(dentry); parent_inode = parent->d_inode; parent_root = BTRFS_I(parent_inode)->root; record_root_in_trans(trans, parent_root); ret = btrfs_set_inode_index(parent_inode, &index); BUG_ON(ret); dir_item = btrfs_lookup_dir_item(NULL, parent_root, path, btrfs_ino(parent_inode), dentry->d_name.name, dentry->d_name.len, 0); if (dir_item != NULL && !IS_ERR(dir_item)) { pending->error = -EEXIST; goto fail; } else if (IS_ERR(dir_item)) { ret = PTR_ERR(dir_item); btrfs_abort_transaction(trans, root, ret); goto fail; } btrfs_release_path(path); ret = btrfs_run_delayed_items(trans, root); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } record_root_in_trans(trans, root); btrfs_set_root_last_snapshot(&root->root_item, trans->transid); memcpy(new_root_item, &root->root_item, sizeof(*new_root_item)); btrfs_check_and_init_root_item(new_root_item); root_flags = btrfs_root_flags(new_root_item); if (pending->readonly) root_flags |= BTRFS_ROOT_SUBVOL_RDONLY; else root_flags &= ~BTRFS_ROOT_SUBVOL_RDONLY; btrfs_set_root_flags(new_root_item, root_flags); btrfs_set_root_generation_v2(new_root_item, trans->transid); uuid_le_gen(&new_uuid); memcpy(new_root_item->uuid, new_uuid.b, BTRFS_UUID_SIZE); memcpy(new_root_item->parent_uuid, root->root_item.uuid, BTRFS_UUID_SIZE); new_root_item->otime.sec = cpu_to_le64(cur_time.tv_sec); new_root_item->otime.nsec = cpu_to_le32(cur_time.tv_nsec); btrfs_set_root_otransid(new_root_item, trans->transid); memset(&new_root_item->stime, 0, sizeof(new_root_item->stime)); memset(&new_root_item->rtime, 0, sizeof(new_root_item->rtime)); btrfs_set_root_stransid(new_root_item, 0); btrfs_set_root_rtransid(new_root_item, 0); old = btrfs_lock_root_node(root); ret = btrfs_cow_block(trans, root, old, NULL, 0, &old); if (ret) { btrfs_tree_unlock(old); free_extent_buffer(old); btrfs_abort_transaction(trans, root, ret); goto fail; } btrfs_set_lock_blocking(old); ret = btrfs_copy_root(trans, root, old, &tmp, objectid); btrfs_tree_unlock(old); free_extent_buffer(old); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } root->force_cow = 1; smp_wmb(); btrfs_set_root_node(new_root_item, tmp); key.offset = trans->transid; ret = btrfs_insert_root(trans, tree_root, &key, new_root_item); btrfs_tree_unlock(tmp); free_extent_buffer(tmp); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } ret = btrfs_add_root_ref(trans, tree_root, objectid, parent_root->root_key.objectid, btrfs_ino(parent_inode), index, dentry->d_name.name, dentry->d_name.len); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } key.offset = (u64)-1; pending->snap = btrfs_read_fs_root_no_name(root->fs_info, &key); if (IS_ERR(pending->snap)) { ret = PTR_ERR(pending->snap); btrfs_abort_transaction(trans, root, ret); goto fail; } ret = btrfs_reloc_post_snapshot(trans, pending); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } ret = btrfs_run_delayed_refs(trans, root, (unsigned long)-1); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } ret = btrfs_insert_dir_item(trans, parent_root, dentry->d_name.name, dentry->d_name.len, parent_inode, &key, BTRFS_FT_DIR, index); BUG_ON(ret == -EEXIST); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } btrfs_i_size_write(parent_inode, parent_inode->i_size + dentry->d_name.len * 2); parent_inode->i_mtime = parent_inode->i_ctime = CURRENT_TIME; ret = btrfs_update_inode_fallback(trans, parent_root, parent_inode); if (ret) btrfs_abort_transaction(trans, root, ret); fail: dput(parent); trans->block_rsv = rsv; no_free_objectid: kfree(new_root_item); root_item_alloc_fail: btrfs_free_path(path); path_alloc_fail: btrfs_block_rsv_release(root, &pending->block_rsv, (u64)-1); return ret; }",visit repo url,fs/btrfs/transaction.c,https://github.com/torvalds/linux,89099811017743,1 2839,['CWE-119'],"sort_pacl(struct posix_acl *pacl) { int i, j; if (pacl->a_count <= 4) return; i = 1; while (pacl->a_entries[i].e_tag == ACL_USER) i++; sort_pacl_range(pacl, 1, i-1); BUG_ON(pacl->a_entries[i].e_tag != ACL_GROUP_OBJ); j = i++; while (pacl->a_entries[j].e_tag == ACL_GROUP) j++; sort_pacl_range(pacl, i, j-1); return; }",linux-2.6,,,253061689497649632691909533520576498250,0 2592,['CWE-189'],"static int do_dccp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { struct dccp_sock *dp; int val, len; if (get_user(len, optlen)) return -EFAULT; if (len < (int)sizeof(int)) return -EINVAL; dp = dccp_sk(sk); switch (optname) { case DCCP_SOCKOPT_PACKET_SIZE: DCCP_WARN(""sockopt(PACKET_SIZE) is deprecated: fix your app\n""); return 0; case DCCP_SOCKOPT_SERVICE: return dccp_getsockopt_service(sk, len, (__be32 __user *)optval, optlen); case DCCP_SOCKOPT_GET_CUR_MPS: val = dp->dccps_mss_cache; break; case DCCP_SOCKOPT_SERVER_TIMEWAIT: val = dp->dccps_server_timewait; break; case DCCP_SOCKOPT_SEND_CSCOV: val = dp->dccps_pcslen; break; case DCCP_SOCKOPT_RECV_CSCOV: val = dp->dccps_pcrlen; break; case 128 ... 191: return ccid_hc_rx_getsockopt(dp->dccps_hc_rx_ccid, sk, optname, len, (u32 __user *)optval, optlen); case 192 ... 255: return ccid_hc_tx_getsockopt(dp->dccps_hc_tx_ccid, sk, optname, len, (u32 __user *)optval, optlen); default: return -ENOPROTOOPT; } len = sizeof(val); if (put_user(len, optlen) || copy_to_user(optval, &val, len)) return -EFAULT; return 0; }",linux-2.6,,,197266464702263545234974502233056106391,0 2437,['CWE-119'],"static int parse_diff_color_slot(const char *var, int ofs) { if (!strcasecmp(var+ofs, ""plain"")) return DIFF_PLAIN; if (!strcasecmp(var+ofs, ""meta"")) return DIFF_METAINFO; if (!strcasecmp(var+ofs, ""frag"")) return DIFF_FRAGINFO; if (!strcasecmp(var+ofs, ""old"")) return DIFF_FILE_OLD; if (!strcasecmp(var+ofs, ""new"")) return DIFF_FILE_NEW; if (!strcasecmp(var+ofs, ""commit"")) return DIFF_COMMIT; if (!strcasecmp(var+ofs, ""whitespace"")) return DIFF_WHITESPACE; die(""bad config variable '%s'"", var); }",git,,,169514921998482673576726924156905350445,0 2944,CWE-59,"static inline int mount_entry_on_generic(struct mntent *mntent, const char* path) { unsigned long mntflags; char *mntdata; int ret; bool optional = hasmntopt(mntent, ""optional"") != NULL; ret = mount_entry_create_dir_file(mntent, path); if (ret < 0) return optional ? 0 : -1; cull_mntent_opt(mntent); if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) { free(mntdata); return -1; } ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type, mntflags, mntdata, optional); free(mntdata); return ret; }",visit repo url,src/lxc/conf.c,https://github.com/lxc/lxc,242269970760420,1 3157,NVD-CWE-noinfo,"int main(void) { FILE *f; char *tmpname; f = xfmkstemp(&tmpname, NULL); unlink(tmpname); free(tmpname); fclose(f); return EXIT_FAILURE; }",visit repo url,lib/fileutils.c,https://github.com/karelzak/util-linux,62375880694287,1 2447,['CWE-119'],"static int diff_filespec_is_identical(struct diff_filespec *one, struct diff_filespec *two) { if (S_ISGITLINK(one->mode)) return 0; if (diff_populate_filespec(one, 0)) return 0; if (diff_populate_filespec(two, 0)) return 0; return !memcmp(one->data, two->data, one->size); }",git,,,15074312653463457613193500381285921543,0 3539,['CWE-20'],"struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, union sctp_addr *laddr, struct sockaddr *addrs, int addrcnt, __be16 flags) { sctp_addip_param_t param; struct sctp_chunk *retval; union sctp_addr_param addr_param; union sctp_addr *addr; void *addr_buf; struct sctp_af *af; int paramlen = sizeof(param); int addr_param_len = 0; int totallen = 0; int i; addr_buf = addrs; for (i = 0; i < addrcnt; i++) { addr = (union sctp_addr *)addr_buf; af = sctp_get_af_specific(addr->v4.sin_family); addr_param_len = af->to_addr_param(addr, &addr_param); totallen += paramlen; totallen += addr_param_len; addr_buf += af->sockaddr_len; } retval = sctp_make_asconf(asoc, laddr, totallen); if (!retval) return NULL; addr_buf = addrs; for (i = 0; i < addrcnt; i++) { addr = (union sctp_addr *)addr_buf; af = sctp_get_af_specific(addr->v4.sin_family); addr_param_len = af->to_addr_param(addr, &addr_param); param.param_hdr.type = flags; param.param_hdr.length = htons(paramlen + addr_param_len); param.crr_id = i; sctp_addto_chunk(retval, paramlen, ¶m); sctp_addto_chunk(retval, addr_param_len, &addr_param); addr_buf += af->sockaddr_len; } return retval; }",linux-2.6,,,248150256785153236334857851478308272469,0 6352,CWE-190,"image_load_bmp(image_t *img, FILE *fp, int gray, int load_data) { int info_size, depth, compression, colors_used, x, y, color, count, temp, align; uchar bit, byte; uchar *ptr; uchar colormap[256][4]; getc(fp); getc(fp); read_dword(fp); read_word(fp); read_word(fp); read_dword(fp); info_size = (int)read_dword(fp); img->width = read_long(fp); img->height = read_long(fp); read_word(fp); depth = read_word(fp); compression = (int)read_dword(fp); read_dword(fp); read_long(fp); read_long(fp); colors_used = (int)read_dword(fp); read_dword(fp); if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192 || info_size < 0) return (-1); if (info_size > 40) { for (info_size -= 40; info_size > 0; info_size --) getc(fp); } if (colors_used == 0 && depth <= 8) colors_used = 1 << depth; else if (colors_used < 0 || colors_used > 256) return (-1); fread(colormap, (size_t)colors_used, 4, fp); img->depth = gray ? 1 : 3; if (depth <= 8 && Encryption) img->use ++; if (!load_data) return (0); img->pixels = (uchar *)malloc((size_t)(img->width * img->height * img->depth)); if (img->pixels == NULL) return (-1); if (gray && depth <= 8) { for (color = colors_used - 1; color >= 0; color --) colormap[color][0] = (colormap[color][2] * 31 + colormap[color][1] * 61 + colormap[color][0] * 8) / 100; } color = 0; count = 0; align = 0; byte = 0; temp = 0; for (y = img->height - 1; y >= 0; y --) { ptr = img->pixels + y * img->width * img->depth; switch (depth) { case 1 : for (x = img->width, bit = 128; x > 0; x --) { if (bit == 128) byte = (uchar)getc(fp); if (byte & bit) { if (!gray) { *ptr++ = colormap[1][2]; *ptr++ = colormap[1][1]; } *ptr++ = colormap[1][0]; } else { if (!gray) { *ptr++ = colormap[0][2]; *ptr++ = colormap[0][1]; } *ptr++ = colormap[0][0]; } if (bit > 1) bit >>= 1; else bit = 128; } for (temp = (img->width + 7) / 8; temp & 3; temp ++) getc(fp); break; case 4 : for (x = img->width, bit = 0xf0; x > 0; x --) { if (compression != BI_RLE4 && count == 0) { count = 2; color = -1; } if (count == 0) { while (align > 0) { align --; getc(fp); } if ((count = getc(fp)) == 0) { if ((count = getc(fp)) == 0) { x ++; continue; } else if (count == 1) { break; } else if (count == 2) { count = getc(fp) * getc(fp) * img->width; color = 0; } else { color = -1; align = ((4 - (count & 3)) / 2) & 1; } } else color = getc(fp); } count --; if (bit == 0xf0) { if (color < 0) temp = getc(fp) & 255; else temp = color; if (!gray) { *ptr++ = colormap[temp >> 4][2]; *ptr++ = colormap[temp >> 4][1]; } *ptr++ = colormap[temp >> 4][0]; bit = 0x0f; } else { if (!gray) { *ptr++ = colormap[temp & 15][2]; *ptr++ = colormap[temp & 15][1]; } *ptr++ = colormap[temp & 15][0]; bit = 0xf0; } } break; case 8 : for (x = img->width; x > 0; x --) { if (compression != BI_RLE8) { count = 1; color = -1; } if (count == 0) { while (align > 0) { align --; getc(fp); } if ((count = getc(fp)) == 0) { if ((count = getc(fp)) == 0) { x ++; continue; } else if (count == 1) { break; } else if (count == 2) { count = getc(fp) * getc(fp) * img->width; color = 0; } else { color = -1; align = (2 - (count & 1)) & 1; } } else color = getc(fp); } if (color < 0) temp = getc(fp) & 255; else temp = color; count --; if (!gray) { *ptr++ = colormap[temp][2]; *ptr++ = colormap[temp][1]; } *ptr++ = colormap[temp][0]; } break; case 24 : if (gray) { for (x = img->width; x > 0; x --) { temp = getc(fp) * 8; temp += getc(fp) * 61; temp += getc(fp) * 31; *ptr++ = (uchar)(temp / 100); } } else { for (x = img->width; x > 0; x --, ptr += 3) { ptr[2] = (uchar)getc(fp); ptr[1] = (uchar)getc(fp); ptr[0] = (uchar)getc(fp); } } for (temp = img->width * 3; temp & 3; temp ++) getc(fp); break; } } return (0); }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,33037813532802,1 6413,CWE-20,"error_t am335xEthAddVlanAddrEntry(uint_t port, uint_t vlanId, MacAddr *macAddr) { error_t error; uint_t index; Am335xAleEntry entry; index = am335xEthFindVlanAddrEntry(vlanId, macAddr); if(index >= CPSW_ALE_MAX_ENTRIES) { index = am335xEthFindFreeEntry(); } if(index < CPSW_ALE_MAX_ENTRIES) { entry.word2 = 0; entry.word1 = CPSW_ALE_WORD1_ENTRY_TYPE_VLAN_ADDR; entry.word0 = 0; if(macIsMulticastAddr(macAddr)) { entry.word2 |= CPSW_ALE_WORD2_SUPER | CPSW_ALE_WORD2_PORT_LIST(1 << port) | CPSW_ALE_WORD2_PORT_LIST(1 << CPSW_CH0); entry.word1 |= CPSW_ALE_WORD1_MCAST_FWD_STATE(0); } entry.word1 |= CPSW_ALE_WORD1_VLAN_ID(vlanId); entry.word1 |= (macAddr->b[0] << 8) | macAddr->b[1]; entry.word0 |= (macAddr->b[2] << 24) | (macAddr->b[3] << 16) | (macAddr->b[4] << 8) | macAddr->b[5]; am335xEthWriteEntry(index, &entry); error = NO_ERROR; } else { error = ERROR_FAILURE; } return error; }",visit repo url,drivers/mac/am335x_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,260353369031074,1 4832,['CWE-189'],"ecryptfs_write_metadata_to_xattr(struct dentry *ecryptfs_dentry, char *page_virt, size_t size) { int rc; rc = ecryptfs_setxattr(ecryptfs_dentry, ECRYPTFS_XATTR_NAME, page_virt, size, 0); return rc; }",linux-2.6,,,313989109739327068924903368238053511999,0 541,CWE-189,"long do_msgsnd(int msqid, long mtype, void __user *mtext, size_t msgsz, int msgflg) { struct msg_queue *msq; struct msg_msg *msg; int err; struct ipc_namespace *ns; ns = current->nsproxy->ipc_ns; if (msgsz > ns->msg_ctlmax || (long) msgsz < 0 || msqid < 0) return -EINVAL; if (mtype < 1) return -EINVAL; msg = load_msg(mtext, msgsz); if (IS_ERR(msg)) return PTR_ERR(msg); msg->m_type = mtype; msg->m_ts = msgsz; msq = msg_lock_check(ns, msqid); if (IS_ERR(msq)) { err = PTR_ERR(msq); goto out_free; } for (;;) { struct msg_sender s; err = -EACCES; if (ipcperms(ns, &msq->q_perm, S_IWUGO)) goto out_unlock_free; err = security_msg_queue_msgsnd(msq, msg, msgflg); if (err) goto out_unlock_free; if (msgsz + msq->q_cbytes <= msq->q_qbytes && 1 + msq->q_qnum <= msq->q_qbytes) { break; } if (msgflg & IPC_NOWAIT) { err = -EAGAIN; goto out_unlock_free; } ss_add(msq, &s); ipc_rcu_getref(msq); msg_unlock(msq); schedule(); ipc_lock_by_ptr(&msq->q_perm); ipc_rcu_putref(msq); if (msq->q_perm.deleted) { err = -EIDRM; goto out_unlock_free; } ss_del(&s); if (signal_pending(current)) { err = -ERESTARTNOHAND; goto out_unlock_free; } } msq->q_lspid = task_tgid_vnr(current); msq->q_stime = get_seconds(); if (!pipelined_send(msq, msg)) { list_add_tail(&msg->m_list, &msq->q_messages); msq->q_cbytes += msgsz; msq->q_qnum++; atomic_add(msgsz, &ns->msg_bytes); atomic_inc(&ns->msg_hdrs); } err = 0; msg = NULL; out_unlock_free: msg_unlock(msq); out_free: if (msg != NULL) free_msg(msg); return err; }",visit repo url,ipc/msg.c,https://github.com/torvalds/linux,214719113809947,1 6610,CWE-787,"static int on_header_value( multipart_parser *parser, const char *at, size_t length) { multipart_parser_data_t *data = NULL; ogs_assert(parser); data = multipart_parser_get_data(parser); ogs_assert(data); if (at && length) { SWITCH(data->header_field) CASE(OGS_SBI_CONTENT_TYPE) if (data->part[data->num_of_part].content_type) ogs_free(data->part[data->num_of_part].content_type); data->part[data->num_of_part].content_type = ogs_strndup(at, length); ogs_assert(data->part[data->num_of_part].content_type); break; CASE(OGS_SBI_CONTENT_ID) if (data->part[data->num_of_part].content_id) ogs_free(data->part[data->num_of_part].content_id); data->part[data->num_of_part].content_id = ogs_strndup(at, length); ogs_assert(data->part[data->num_of_part].content_id); break; DEFAULT ogs_error(""Unknown header field [%s]"", data->header_field); END } return 0; }",visit repo url,lib/sbi/message.c,https://github.com/open5gs/open5gs,181021006487221,1 1057,['CWE-20'],"asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) { int retval; retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); if (retval) return retval; if (!capable(CAP_SETGID)) { if ((rgid != (gid_t) -1) && (rgid != current->gid) && (rgid != current->egid) && (rgid != current->sgid)) return -EPERM; if ((egid != (gid_t) -1) && (egid != current->gid) && (egid != current->egid) && (egid != current->sgid)) return -EPERM; if ((sgid != (gid_t) -1) && (sgid != current->gid) && (sgid != current->egid) && (sgid != current->sgid)) return -EPERM; } if (egid != (gid_t) -1) { if (egid != current->egid) { current->mm->dumpable = suid_dumpable; smp_wmb(); } current->egid = egid; } current->fsgid = current->egid; if (rgid != (gid_t) -1) current->gid = rgid; if (sgid != (gid_t) -1) current->sgid = sgid; key_fsgid_changed(current); proc_id_connector(current, PROC_EVENT_GID); return 0; }",linux-2.6,,,338614515044405343812409740712251114814,0 1158,CWE-264,"SYSCALL_DEFINE5(osf_getsysinfo, unsigned long, op, void __user *, buffer, unsigned long, nbytes, int __user *, start, void __user *, arg) { unsigned long w; struct percpu_struct *cpu; switch (op) { case GSI_IEEE_FP_CONTROL: w = current_thread_info()->ieee_state & IEEE_SW_MASK; w = swcr_update_status(w, rdfpcr()); if (put_user(w, (unsigned long __user *) buffer)) return -EFAULT; return 0; case GSI_IEEE_STATE_AT_SIGNAL: break; case GSI_UACPROC: if (nbytes < sizeof(unsigned int)) return -EINVAL; w = (current_thread_info()->flags >> UAC_SHIFT) & UAC_BITMASK; if (put_user(w, (unsigned int __user *)buffer)) return -EFAULT; return 1; case GSI_PROC_TYPE: if (nbytes < sizeof(unsigned long)) return -EINVAL; cpu = (struct percpu_struct*) ((char*)hwrpb + hwrpb->processor_offset); w = cpu->type; if (put_user(w, (unsigned long __user*)buffer)) return -EFAULT; return 1; case GSI_GET_HWRPB: if (nbytes < sizeof(*hwrpb)) return -EINVAL; if (copy_to_user(buffer, hwrpb, nbytes) != 0) return -EFAULT; return 1; default: break; } return -EOPNOTSUPP; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,160474443922201,1 2218,NVD-CWE-noinfo,"static struct nfs4_state *nfs4_do_open(struct inode *dir, struct path *path, int flags, struct iattr *sattr, struct rpc_cred *cred) { struct nfs4_exception exception = { }; struct nfs4_state *res; int status; do { status = _nfs4_do_open(dir, path, flags, sattr, cred, &res); if (status == 0) break; if (status == -NFS4ERR_BAD_SEQID) { printk(KERN_WARNING ""NFS: v4 server %s "" "" returned a bad sequence-id error!\n"", NFS_SERVER(dir)->nfs_client->cl_hostname); exception.retry = 1; continue; } if (status == -NFS4ERR_BAD_STATEID) { exception.retry = 1; continue; } if (status == -EAGAIN) { exception.retry = 1; continue; } res = ERR_PTR(nfs4_handle_exception(NFS_SERVER(dir), status, &exception)); } while (exception.retry); return res; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,217802278547175,1 127,[],"asmlinkage long compat_sys_newfstat(unsigned int fd, struct compat_stat __user * statbuf) { struct kstat stat; int error = vfs_fstat(fd, &stat); if (!error) error = cp_compat_stat(&stat, statbuf); return error; }",linux-2.6,,,321872813833710589277787620024218453488,0 4145,CWE-78,"construct_command_line(struct manager_ctx *manager, struct server *server) { static char cmd[BUF_SIZE]; char *method = manager->method; int i; build_config(working_dir, server); if (server->method) method = server->method; memset(cmd, 0, BUF_SIZE); snprintf(cmd, BUF_SIZE, ""%s -m %s --manager-address %s -f %s/.shadowsocks_%s.pid -c %s/.shadowsocks_%s.conf"", executable, method, manager->manager_address, working_dir, server->port, working_dir, server->port); if (manager->acl != NULL) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" --acl %s"", manager->acl); } if (manager->timeout != NULL) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" -t %s"", manager->timeout); } #ifdef HAVE_SETRLIMIT if (manager->nofile) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" -n %d"", manager->nofile); } #endif if (manager->user != NULL) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" -a %s"", manager->user); } if (manager->verbose) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" -v""); } if (server->mode == NULL && manager->mode == UDP_ONLY) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" -U""); } if (server->mode == NULL && manager->mode == TCP_AND_UDP) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" -u""); } if (server->fast_open[0] == 0 && manager->fast_open) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" --fast-open""); } if (manager->ipv6first) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" -6""); } if (manager->mtu) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" --mtu %d"", manager->mtu); } if (server->plugin == NULL && manager->plugin) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" --plugin \""%s\"""", manager->plugin); } if (server->plugin_opts == NULL && manager->plugin_opts) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" --plugin-opts \""%s\"""", manager->plugin_opts); } for (i = 0; i < manager->nameserver_num; i++) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" -d %s"", manager->nameservers[i]); } for (i = 0; i < manager->host_num; i++) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" -s %s"", manager->hosts[i]); } { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, "" --reuse-port""); } if (verbose) { LOGI(""cmd: %s"", cmd); } return cmd; }",visit repo url,src/manager.c,https://github.com/shadowsocks/shadowsocks-libev,59462573476606,1 4137,[],"static void ibwdt_shutdown(struct platform_device *dev) { ibwdt_disable(); }",linux-2.6,,,93434454540624240586247888612271522986,0 1343,['CWE-399'],"static void ipip6_tunnel_bind_dev(struct net_device *dev) { struct net_device *tdev = NULL; struct ip_tunnel *tunnel; struct iphdr *iph; tunnel = netdev_priv(dev); iph = &tunnel->parms.iph; if (iph->daddr) { struct flowi fl = { .nl_u = { .ip4_u = { .daddr = iph->daddr, .saddr = iph->saddr, .tos = RT_TOS(iph->tos) } }, .oif = tunnel->parms.link, .proto = IPPROTO_IPV6 }; struct rtable *rt; if (!ip_route_output_key(dev_net(dev), &rt, &fl)) { tdev = rt->u.dst.dev; ip_rt_put(rt); } dev->flags |= IFF_POINTOPOINT; } if (!tdev && tunnel->parms.link) tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link); if (tdev) { dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr); dev->mtu = tdev->mtu - sizeof(struct iphdr); if (dev->mtu < IPV6_MIN_MTU) dev->mtu = IPV6_MIN_MTU; } dev->iflink = tunnel->parms.link; }",linux-2.6,,,287375928187696482599074748260915524232,0 4636,['CWE-399'],"static void ext4_da_release_space(struct inode *inode, int to_free) { struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); int total, mdb, mdb_free, release; if (!to_free) return; spin_lock(&EXT4_I(inode)->i_block_reservation_lock); if (!EXT4_I(inode)->i_reserved_data_blocks) { printk(KERN_INFO ""ext4 delalloc try to release %d reserved "" ""blocks for inode %lu, but there is no reserved "" ""data blocks\n"", to_free, inode->i_ino); spin_unlock(&EXT4_I(inode)->i_block_reservation_lock); return; } total = EXT4_I(inode)->i_reserved_data_blocks - to_free; mdb = ext4_calc_metadata_amount(inode, total); BUG_ON(mdb > EXT4_I(inode)->i_reserved_meta_blocks); mdb_free = EXT4_I(inode)->i_reserved_meta_blocks - mdb; release = to_free + mdb_free; percpu_counter_sub(&sbi->s_dirtyblocks_counter, release); BUG_ON(to_free > EXT4_I(inode)->i_reserved_data_blocks); EXT4_I(inode)->i_reserved_data_blocks -= to_free; BUG_ON(mdb > EXT4_I(inode)->i_reserved_meta_blocks); EXT4_I(inode)->i_reserved_meta_blocks = mdb; spin_unlock(&EXT4_I(inode)->i_block_reservation_lock); }",linux-2.6,,,217264106334892653437315580968348587071,0 5824,['CWE-200'],"static void ab_cleanup(unsigned long h) { struct sk_buff *skb, *n; unsigned long flags; spin_lock_irqsave(&aun_queue_lock, flags); skb_queue_walk_safe(&aun_queue, skb, n) { struct ec_cb *eb = (struct ec_cb *)&skb->cb; if ((jiffies - eb->start) > eb->timeout) { tx_result(skb->sk, eb->cookie, ECTYPE_TRANSMIT_NOT_PRESENT); skb_unlink(skb, &aun_queue); kfree_skb(skb); } } spin_unlock_irqrestore(&aun_queue_lock, flags); mod_timer(&ab_cleanup_timer, jiffies + (HZ*2)); }",linux-2.6,,,55103339375816086318119536295714089570,0 2005,['CWE-269'],"static int select_submounts(struct vfsmount *parent, struct list_head *graveyard) { struct vfsmount *this_parent = parent; struct list_head *next; int found = 0; repeat: next = this_parent->mnt_mounts.next; resume: while (next != &this_parent->mnt_mounts) { struct list_head *tmp = next; struct vfsmount *mnt = list_entry(tmp, struct vfsmount, mnt_child); next = tmp->next; if (!(mnt->mnt_flags & MNT_SHRINKABLE)) continue; if (!list_empty(&mnt->mnt_mounts)) { this_parent = mnt; goto repeat; } if (!propagate_mount_busy(mnt, 1)) { mntget(mnt); list_move_tail(&mnt->mnt_expire, graveyard); found++; } } if (this_parent != parent) { next = this_parent->mnt_child.next; this_parent = this_parent->mnt_parent; goto resume; } return found; }",linux-2.6,,,28136195569347631978475700278510064946,0 4245,CWE-78,"R_API char *r_socket_http_post (const char *url, const char *data, int *code, int *rlen) { RSocket *s; bool ssl = r_str_startswith (url, ""https://""); char *uri = strdup (url); if (!uri) { return NULL; } char *host = strstr (uri, ""://""); if (!host) { free (uri); printf (""Invalid URI""); return NULL; } host += 3; char *port = strchr (host, ':'); if (!port) { port = (ssl)? ""443"": ""80""; } else { *port++ = 0; } char *path = strchr (host, '/'); if (!path) { path = """"; } else { *path++ = 0; } s = r_socket_new (ssl); if (!s) { printf (""Cannot create socket\n""); free (uri); return NULL; } if (!r_socket_connect_tcp (s, host, port, 0)) { eprintf (""Cannot connect to %s:%s\n"", host, port); free (uri); return NULL; } r_socket_printf (s, ""POST /%s HTTP/1.0\r\n"" ""User-Agent: radare2 ""R2_VERSION""\r\n"" ""Accept: */*\r\n"" ""Host: %s\r\n"" ""Content-Length: %i\r\n"" ""Content-Type: application/x-www-form-urlencoded\r\n"" ""\r\n"", path, host, (int)strlen (data)); free (uri); r_socket_write (s, (void *)data, strlen (data)); return r_socket_http_answer (s, code, rlen); }",visit repo url,libr/socket/socket_http.c,https://github.com/radareorg/radare2,264429083205139,1 2393,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *in) { GradFunContext *s = inlink->dst->priv; AVFilterLink *outlink = inlink->dst->outputs[0]; AVFrame *out; int p, direct; if (av_frame_is_writable(in)) { direct = 1; out = in; } else { direct = 0; out = ff_get_video_buffer(outlink, outlink->w, outlink->h); if (!out) { av_frame_free(&in); return AVERROR(ENOMEM); } av_frame_copy_props(out, in); } for (p = 0; p < 4 && in->data[p]; p++) { int w = inlink->w; int h = inlink->h; int r = s->radius; if (p) { w = s->chroma_w; h = s->chroma_h; r = s->chroma_r; } if (FFMIN(w, h) > 2 * r) filter(s, out->data[p], in->data[p], w, h, out->linesize[p], in->linesize[p], r); else if (out->data[p] != in->data[p]) av_image_copy_plane(out->data[p], out->linesize[p], in->data[p], in->linesize[p], w, h); } if (!direct) av_frame_free(&in); return ff_filter_frame(outlink, out); }",visit repo url,libavfilter/vf_gradfun.c,https://github.com/FFmpeg/FFmpeg,133828840384305,1 2063,CWE-476,"xfs_iget_cache_miss( struct xfs_mount *mp, struct xfs_perag *pag, xfs_trans_t *tp, xfs_ino_t ino, struct xfs_inode **ipp, int flags, int lock_flags) { struct xfs_inode *ip; int error; xfs_agino_t agino = XFS_INO_TO_AGINO(mp, ino); int iflags; ip = xfs_inode_alloc(mp, ino); if (!ip) return -ENOMEM; error = xfs_iread(mp, tp, ip, flags); if (error) goto out_destroy; if (!xfs_inode_verify_forks(ip)) { error = -EFSCORRUPTED; goto out_destroy; } trace_xfs_iget_miss(ip); if (flags & XFS_IGET_CREATE) { if (VFS_I(ip)->i_mode != 0) { xfs_warn(mp, ""Corruption detected! Free inode 0x%llx not marked free on disk"", ino); error = -EFSCORRUPTED; goto out_destroy; } if (ip->i_d.di_nblocks != 0) { xfs_warn(mp, ""Corruption detected! Free inode 0x%llx has blocks allocated!"", ino); error = -EFSCORRUPTED; goto out_destroy; } } else if (VFS_I(ip)->i_mode == 0) { error = -ENOENT; goto out_destroy; } if (radix_tree_preload(GFP_NOFS)) { error = -EAGAIN; goto out_destroy; } if (lock_flags) { if (!xfs_ilock_nowait(ip, lock_flags)) BUG(); } iflags = XFS_INEW; if (flags & XFS_IGET_DONTCACHE) iflags |= XFS_IDONTCACHE; ip->i_udquot = NULL; ip->i_gdquot = NULL; ip->i_pdquot = NULL; xfs_iflags_set(ip, iflags); spin_lock(&pag->pag_ici_lock); error = radix_tree_insert(&pag->pag_ici_root, agino, ip); if (unlikely(error)) { WARN_ON(error != -EEXIST); XFS_STATS_INC(mp, xs_ig_dup); error = -EAGAIN; goto out_preload_end; } spin_unlock(&pag->pag_ici_lock); radix_tree_preload_end(); *ipp = ip; return 0; out_preload_end: spin_unlock(&pag->pag_ici_lock); radix_tree_preload_end(); if (lock_flags) xfs_iunlock(ip, lock_flags); out_destroy: __destroy_inode(VFS_I(ip)); xfs_inode_free(ip); return error; }",visit repo url,fs/xfs/xfs_icache.c,https://github.com/torvalds/linux,274851416746340,1 6514,CWE-476,"void qemu_ram_free(struct uc_struct *uc, RAMBlock *block) { if (!block) { return; } QLIST_REMOVE(block, next); uc->ram_list.mru_block = NULL; reclaim_ramblock(uc, block); }",visit repo url,qemu/exec.c,https://github.com/unicorn-engine/unicorn,42071684654824,1 2746,CWE-200,"static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offset, int section_index TSRMLS_DC) { int i, sn, num_entries, sub_section_index = 0; unsigned char *dir_entry; char tagname[64]; size_t ifd_size, dir_size, entry_offset, next_offset, entry_length, entry_value=0, fgot; int entry_tag , entry_type; tag_table_type tag_table = exif_get_tag_table(section_index); if (ImageInfo->ifd_nesting_level > MAX_IFD_NESTING_LEVEL) { return FALSE; } if (ImageInfo->FileSize >= dir_offset+2) { sn = exif_file_sections_add(ImageInfo, M_PSEUDO, 2, NULL); #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Read from TIFF: filesize(x%04X), IFD dir(x%04X + x%04X)"", ImageInfo->FileSize, dir_offset, 2); #endif php_stream_seek(ImageInfo->infile, dir_offset, SEEK_SET); php_stream_read(ImageInfo->infile, (char*)ImageInfo->file.list[sn].data, 2); num_entries = php_ifd_get16u(ImageInfo->file.list[sn].data, ImageInfo->motorola_intel); dir_size = 2 +12 *num_entries +4 ; if (ImageInfo->FileSize >= dir_offset+dir_size) { #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Read from TIFF: filesize(x%04X), IFD dir(x%04X + x%04X), IFD entries(%d)"", ImageInfo->FileSize, dir_offset+2, dir_size-2, num_entries); #endif if (exif_file_sections_realloc(ImageInfo, sn, dir_size TSRMLS_CC)) { return FALSE; } php_stream_read(ImageInfo->infile, (char*)(ImageInfo->file.list[sn].data+2), dir_size-2); next_offset = php_ifd_get32u(ImageInfo->file.list[sn].data + dir_size - 4, ImageInfo->motorola_intel); #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Read from TIFF done, next offset x%04X"", next_offset); #endif ifd_size = dir_size; for(i=0;ifile.list[sn].data+2+i*12; entry_tag = php_ifd_get16u(dir_entry+0, ImageInfo->motorola_intel); entry_type = php_ifd_get16u(dir_entry+2, ImageInfo->motorola_intel); if (entry_type > NUM_FORMATS) { exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Read from TIFF: tag(0x%04X,%12s): Illegal format code 0x%04X, switching to BYTE"", entry_tag, exif_get_tagname(entry_tag, tagname, -12, tag_table TSRMLS_CC), entry_type); entry_type = TAG_FMT_BYTE; } entry_length = php_ifd_get32u(dir_entry+4, ImageInfo->motorola_intel) * php_tiff_bytes_per_format[entry_type]; if (entry_length <= 4) { switch(entry_type) { case TAG_FMT_USHORT: entry_value = php_ifd_get16u(dir_entry+8, ImageInfo->motorola_intel); break; case TAG_FMT_SSHORT: entry_value = php_ifd_get16s(dir_entry+8, ImageInfo->motorola_intel); break; case TAG_FMT_ULONG: entry_value = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel); break; case TAG_FMT_SLONG: entry_value = php_ifd_get32s(dir_entry+8, ImageInfo->motorola_intel); break; } switch(entry_tag) { case TAG_IMAGEWIDTH: case TAG_COMP_IMAGE_WIDTH: ImageInfo->Width = entry_value; break; case TAG_IMAGEHEIGHT: case TAG_COMP_IMAGE_HEIGHT: ImageInfo->Height = entry_value; break; case TAG_PHOTOMETRIC_INTERPRETATION: switch (entry_value) { case PMI_BLACK_IS_ZERO: case PMI_WHITE_IS_ZERO: case PMI_TRANSPARENCY_MASK: ImageInfo->IsColor = 0; break; case PMI_RGB: case PMI_PALETTE_COLOR: case PMI_SEPARATED: case PMI_YCBCR: case PMI_CIELAB: ImageInfo->IsColor = 1; break; } break; } } else { entry_offset = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel); if (entry_offset + entry_length > dir_offset + ifd_size && entry_offset == dir_offset + ifd_size) { ifd_size = entry_offset + entry_length - dir_offset; #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Resize struct: x%04X + x%04X - x%04X = x%04X"", entry_offset, entry_length, dir_offset, ifd_size); #endif } } } if (ImageInfo->FileSize >= dir_offset + ImageInfo->file.list[sn].size) { if (ifd_size > dir_size) { if (dir_offset + ifd_size > ImageInfo->FileSize) { exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, ""Error in TIFF: filesize(x%04X) less than size of IFD(x%04X + x%04X)"", ImageInfo->FileSize, dir_offset, ifd_size); return FALSE; } if (exif_file_sections_realloc(ImageInfo, sn, ifd_size TSRMLS_CC)) { return FALSE; } #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Read from TIFF: filesize(x%04X), IFD(x%04X + x%04X)"", ImageInfo->FileSize, dir_offset, ifd_size); #endif php_stream_read(ImageInfo->infile, (char*)(ImageInfo->file.list[sn].data+dir_size), ifd_size-dir_size); #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Read from TIFF, done""); #endif } for(i=0;ifile.list[sn].data+2+i*12; entry_tag = php_ifd_get16u(dir_entry+0, ImageInfo->motorola_intel); entry_type = php_ifd_get16u(dir_entry+2, ImageInfo->motorola_intel); if (entry_tag == TAG_EXIF_IFD_POINTER || entry_tag == TAG_INTEROP_IFD_POINTER || entry_tag == TAG_GPS_IFD_POINTER || entry_tag == TAG_SUB_IFD ) { switch(entry_tag) { case TAG_EXIF_IFD_POINTER: ImageInfo->sections_found |= FOUND_EXIF; sub_section_index = SECTION_EXIF; break; case TAG_GPS_IFD_POINTER: ImageInfo->sections_found |= FOUND_GPS; sub_section_index = SECTION_GPS; break; case TAG_INTEROP_IFD_POINTER: ImageInfo->sections_found |= FOUND_INTEROP; sub_section_index = SECTION_INTEROP; break; case TAG_SUB_IFD: ImageInfo->sections_found |= FOUND_THUMBNAIL; sub_section_index = SECTION_THUMBNAIL; break; } entry_offset = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel); #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Next IFD: %s @x%04X"", exif_get_sectionname(sub_section_index), entry_offset); #endif ImageInfo->ifd_nesting_level++; exif_process_IFD_in_TIFF(ImageInfo, entry_offset, sub_section_index TSRMLS_CC); if (section_index!=SECTION_THUMBNAIL && entry_tag==TAG_SUB_IFD) { if (ImageInfo->Thumbnail.filetype != IMAGE_FILETYPE_UNKNOWN && ImageInfo->Thumbnail.size && ImageInfo->Thumbnail.offset && ImageInfo->read_thumbnail ) { #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""%s THUMBNAIL @0x%04X + 0x%04X"", ImageInfo->Thumbnail.data ? ""Ignore"" : ""Read"", ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size); #endif if (!ImageInfo->Thumbnail.data) { ImageInfo->Thumbnail.data = safe_emalloc(ImageInfo->Thumbnail.size, 1, 0); php_stream_seek(ImageInfo->infile, ImageInfo->Thumbnail.offset, SEEK_SET); fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size); if (fgot < ImageInfo->Thumbnail.size) { EXIF_ERRLOG_THUMBEOF(ImageInfo) } exif_thumbnail_build(ImageInfo TSRMLS_CC); } } } #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Next IFD: %s done"", exif_get_sectionname(sub_section_index)); #endif } else { if (!exif_process_IFD_TAG(ImageInfo, (char*)dir_entry, (char*)(ImageInfo->file.list[sn].data-dir_offset), ifd_size, 0, section_index, 0, tag_table TSRMLS_CC)) { return FALSE; } } } if (next_offset && section_index != SECTION_THUMBNAIL) { #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Read next IFD (THUMBNAIL) at x%04X"", next_offset); #endif ImageInfo->ifd_nesting_level++; exif_process_IFD_in_TIFF(ImageInfo, next_offset, SECTION_THUMBNAIL TSRMLS_CC); #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""%s THUMBNAIL @0x%04X + 0x%04X"", ImageInfo->Thumbnail.data ? ""Ignore"" : ""Read"", ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size); #endif if (!ImageInfo->Thumbnail.data && ImageInfo->Thumbnail.offset && ImageInfo->Thumbnail.size && ImageInfo->read_thumbnail) { ImageInfo->Thumbnail.data = safe_emalloc(ImageInfo->Thumbnail.size, 1, 0); php_stream_seek(ImageInfo->infile, ImageInfo->Thumbnail.offset, SEEK_SET); fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size); if (fgot < ImageInfo->Thumbnail.size) { EXIF_ERRLOG_THUMBEOF(ImageInfo) } exif_thumbnail_build(ImageInfo TSRMLS_CC); } #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, ""Read next IFD (THUMBNAIL) done""); #endif } return TRUE; } else { exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, ""Error in TIFF: filesize(x%04X) less than size of IFD(x%04X)"", ImageInfo->FileSize, dir_offset+ImageInfo->file.list[sn].size); return FALSE; } } else { exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, ""Error in TIFF: filesize(x%04X) less than size of IFD dir(x%04X)"", ImageInfo->FileSize, dir_offset+dir_size); return FALSE; } } else { exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, ""Error in TIFF: filesize(x%04X) less than start of IFD dir(x%04X)"", ImageInfo->FileSize, dir_offset+2); return FALSE; } }",visit repo url,ext/exif/exif.c,https://github.com/php/php-src,4607588633683,1 5146,['CWE-20'],"static bool vmx_exception_injected(struct kvm_vcpu *vcpu) { return false; }",linux-2.6,,,177119794405811723617139396707785116819,0 2414,['CWE-119'],"static long gather_dirstat(FILE *file, struct dirstat_dir *dir, unsigned long changed, const char *base, int baselen) { unsigned long this_dir = 0; unsigned int sources = 0; while (dir->nr) { struct dirstat_file *f = dir->files; int namelen = strlen(f->name); unsigned long this; char *slash; if (namelen < baselen) break; if (memcmp(f->name, base, baselen)) break; slash = strchr(f->name + baselen, '/'); if (slash) { int newbaselen = slash + 1 - f->name; this = gather_dirstat(file, dir, changed, f->name, newbaselen); sources++; } else { this = f->changed; dir->files++; dir->nr--; sources += 2; } this_dir += this; } if (baselen && sources != 1) { int permille = this_dir * 1000 / changed; if (permille) { int percent = permille / 10; if (percent >= dir->percent) { fprintf(file, ""%4d.%01d%% %.*s\n"", percent, permille % 10, baselen, base); if (!dir->cumulative) return 0; } } } return this_dir; }",git,,,268437220797782113374160270959567163433,0 6658,['CWE-200'],"delete_connection_cb (GtkButton *button, gpointer user_data) { ActionInfo *info = (ActionInfo *) user_data; NMExportedConnection *exported = NULL; NMConnection *connection; NMSettingConnection *s_con; GtkWidget *dialog; const char *id; guint result; exported = get_active_connection (info->treeview); g_return_if_fail (exported != NULL); connection = nm_exported_connection_get_connection (exported); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); id = s_con ? nm_setting_connection_get_id (s_con) : NULL; if (!id) return; dialog = gtk_message_dialog_new (GTK_WINDOW (info->list->dialog), GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_QUESTION, GTK_BUTTONS_NONE, _(""Are you sure you wish to delete the connection %s?""), id); gtk_dialog_add_buttons (GTK_DIALOG (dialog), GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, GTK_STOCK_DELETE, GTK_RESPONSE_YES, NULL); gtk_window_set_transient_for (GTK_WINDOW (dialog), GTK_WINDOW (info->list->dialog)); result = gtk_dialog_run (GTK_DIALOG (dialog)); gtk_widget_destroy (dialog); if (result == GTK_RESPONSE_YES) remove_connection (exported, GTK_WINDOW (info->list->dialog), connection_remove_done, info->list); }",network-manager-applet,,,191146933232993186877703886895349754053,0 3441,['CWE-264'],"static int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf, struct splice_desc *sd) { struct file *file = sd->file; struct address_space *mapping = file->f_mapping; gfp_t gfp_mask = mapping_gfp_mask(mapping); unsigned int offset, this_len; struct page *page; pgoff_t index; int ret; ret = buf->ops->pin(pipe, buf); if (unlikely(ret)) return ret; index = sd->pos >> PAGE_CACHE_SHIFT; offset = sd->pos & ~PAGE_CACHE_MASK; this_len = sd->len; if (this_len + offset > PAGE_CACHE_SIZE) this_len = PAGE_CACHE_SIZE - offset; if ((sd->flags & SPLICE_F_MOVE) && this_len == PAGE_CACHE_SIZE) { if (buf->ops->steal(pipe, buf)) goto find_page; page = buf->page; if (add_to_page_cache(page, mapping, index, gfp_mask)) { unlock_page(page); goto find_page; } page_cache_get(page); if (!(buf->flags & PIPE_BUF_FLAG_LRU)) lru_cache_add(page); } else { find_page: page = find_lock_page(mapping, index); if (!page) { ret = -ENOMEM; page = page_cache_alloc_cold(mapping); if (unlikely(!page)) goto out_ret; ret = add_to_page_cache_lru(page, mapping, index, gfp_mask); if (unlikely(ret)) goto out; } if (!PageUptodate(page)) { if (this_len < PAGE_CACHE_SIZE) { ret = mapping->a_ops->readpage(file, page); if (unlikely(ret)) goto out; lock_page(page); if (!PageUptodate(page)) { if (!page->mapping) { unlock_page(page); page_cache_release(page); goto find_page; } ret = -EIO; goto out; } } else SetPageUptodate(page); } } ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len); if (unlikely(ret)) { loff_t isize = i_size_read(mapping->host); if (ret != AOP_TRUNCATED_PAGE) unlock_page(page); page_cache_release(page); if (ret == AOP_TRUNCATED_PAGE) goto find_page; if (sd->pos + this_len > isize) vmtruncate(mapping->host, isize); goto out_ret; } if (buf->page != page) { char *src = buf->ops->map(pipe, buf, 1); char *dst = kmap_atomic(page, KM_USER1); memcpy(dst + offset, src + buf->offset, this_len); flush_dcache_page(page); kunmap_atomic(dst, KM_USER1); buf->ops->unmap(pipe, buf, src); } ret = mapping->a_ops->commit_write(file, page, offset, offset+this_len); if (!ret) { ret = this_len; mark_page_accessed(page); balance_dirty_pages_ratelimited(mapping); } else if (ret == AOP_TRUNCATED_PAGE) { page_cache_release(page); goto find_page; } out: page_cache_release(page); unlock_page(page); out_ret: return ret; }",linux-2.6,,,180596632104209769124288923616434210887,0 606,CWE-264,"static int perf_trace_event_perm(struct ftrace_event_call *tp_event, struct perf_event *p_event) { if (ftrace_event_is_function(tp_event) && perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) return -EPERM; if (!(p_event->attr.sample_type & PERF_SAMPLE_RAW)) return 0; if (p_event->attach_state == PERF_ATTACH_TASK) { if (tp_event->flags & TRACE_EVENT_FL_CAP_ANY) return 0; } if (perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN)) return -EPERM; return 0; }",visit repo url,kernel/trace/trace_event_perf.c,https://github.com/torvalds/linux,151559900036632,1 850,['CWE-119'],"isdn_status_callback(isdn_ctrl * c) { int di; u_long flags; int i; int r; int retval = 0; isdn_ctrl cmd; isdn_net_dev *p; di = c->driver; i = isdn_dc2minor(di, c->arg); switch (c->command) { case ISDN_STAT_BSENT: if (i < 0) return -1; if (dev->global_flags & ISDN_GLOBAL_STOPPED) return 0; if (isdn_net_stat_callback(i, c)) return 0; if (isdn_v110_stat_callback(i, c)) return 0; if (isdn_tty_stat_callback(i, c)) return 0; wake_up_interruptible(&dev->drv[di]->snd_waitq[c->arg]); break; case ISDN_STAT_STAVAIL: dev->drv[di]->stavail += c->arg; wake_up_interruptible(&dev->drv[di]->st_waitq); break; case ISDN_STAT_RUN: dev->drv[di]->flags |= DRV_FLAG_RUNNING; for (i = 0; i < ISDN_MAX_CHANNELS; i++) if (dev->drvmap[i] == di) isdn_all_eaz(di, dev->chanmap[i]); set_global_features(); break; case ISDN_STAT_STOP: dev->drv[di]->flags &= ~DRV_FLAG_RUNNING; break; case ISDN_STAT_ICALL: if (i < 0) return -1; #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""ICALL (net): %d %ld %s\n"", di, c->arg, c->parm.num); #endif if (dev->global_flags & ISDN_GLOBAL_STOPPED) { cmd.driver = di; cmd.arg = c->arg; cmd.command = ISDN_CMD_HANGUP; isdn_command(&cmd); return 0; } r = ((c->command == ISDN_STAT_ICALLW) ? 0 : isdn_net_find_icall(di, c->arg, i, &c->parm.setup)); switch (r) { case 0: if (c->command == ISDN_STAT_ICALL) if ((retval = isdn_tty_find_icall(di, c->arg, &c->parm.setup))) return(retval); #ifdef CONFIG_ISDN_DIVERSION if (divert_if) if ((retval = divert_if->stat_callback(c))) return(retval); #endif if ((!retval) && (dev->drv[di]->flags & DRV_FLAG_REJBUS)) { cmd.driver = di; cmd.arg = c->arg; cmd.command = ISDN_CMD_HANGUP; isdn_command(&cmd); retval = 2; } break; case 1: isdn_net_dial(); cmd.driver = di; cmd.arg = c->arg; cmd.command = ISDN_CMD_ACCEPTD; for ( p = dev->netdev; p; p = p->next ) if ( p->local->isdn_channel == cmd.arg ) { strcpy( cmd.parm.setup.eazmsn, p->local->msn ); isdn_command(&cmd); retval = 1; break; } break; case 2: case 3: retval = 2; printk(KERN_INFO ""isdn: Rejecting Call\n""); cmd.driver = di; cmd.arg = c->arg; cmd.command = ISDN_CMD_HANGUP; isdn_command(&cmd); if (r == 3) break; case 4: isdn_net_dial(); break; case 5: retval = 3; break; } #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""ICALL: ret=%d\n"", retval); #endif return retval; break; case ISDN_STAT_CINF: if (i < 0) return -1; #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""CINF: %ld %s\n"", c->arg, c->parm.num); #endif if (dev->global_flags & ISDN_GLOBAL_STOPPED) return 0; if (strcmp(c->parm.num, ""0"")) isdn_net_stat_callback(i, c); isdn_tty_stat_callback(i, c); break; case ISDN_STAT_CAUSE: #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""CAUSE: %ld %s\n"", c->arg, c->parm.num); #endif printk(KERN_INFO ""isdn: %s,ch%ld cause: %s\n"", dev->drvid[di], c->arg, c->parm.num); isdn_tty_stat_callback(i, c); #ifdef CONFIG_ISDN_DIVERSION if (divert_if) divert_if->stat_callback(c); #endif break; case ISDN_STAT_DISPLAY: #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""DISPLAY: %ld %s\n"", c->arg, c->parm.display); #endif isdn_tty_stat_callback(i, c); #ifdef CONFIG_ISDN_DIVERSION if (divert_if) divert_if->stat_callback(c); #endif break; case ISDN_STAT_DCONN: if (i < 0) return -1; #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""DCONN: %ld\n"", c->arg); #endif if (dev->global_flags & ISDN_GLOBAL_STOPPED) return 0; if (isdn_net_stat_callback(i, c)) break; isdn_v110_stat_callback(i, c); if (isdn_tty_stat_callback(i, c)) { cmd.driver = di; cmd.arg = c->arg; cmd.command = ISDN_CMD_ACCEPTB; isdn_command(&cmd); break; } break; case ISDN_STAT_DHUP: if (i < 0) return -1; #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""DHUP: %ld\n"", c->arg); #endif if (dev->global_flags & ISDN_GLOBAL_STOPPED) return 0; dev->drv[di]->online &= ~(1 << (c->arg)); isdn_info_update(); if (isdn_net_stat_callback(i, c)) break; isdn_v110_stat_callback(i, c); if (isdn_tty_stat_callback(i, c)) break; #ifdef CONFIG_ISDN_DIVERSION if (divert_if) divert_if->stat_callback(c); #endif break; break; case ISDN_STAT_BCONN: if (i < 0) return -1; #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""BCONN: %ld\n"", c->arg); #endif if (dev->global_flags & ISDN_GLOBAL_STOPPED) return 0; dev->drv[di]->online |= (1 << (c->arg)); isdn_info_update(); if (isdn_net_stat_callback(i, c)) break; isdn_v110_stat_callback(i, c); if (isdn_tty_stat_callback(i, c)) break; break; case ISDN_STAT_BHUP: if (i < 0) return -1; #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""BHUP: %ld\n"", c->arg); #endif if (dev->global_flags & ISDN_GLOBAL_STOPPED) return 0; dev->drv[di]->online &= ~(1 << (c->arg)); isdn_info_update(); #ifdef CONFIG_ISDN_X25 if (isdn_net_stat_callback(i, c)) break; #endif isdn_v110_stat_callback(i, c); if (isdn_tty_stat_callback(i, c)) break; break; case ISDN_STAT_NODCH: if (i < 0) return -1; #ifdef ISDN_DEBUG_STATCALLB printk(KERN_DEBUG ""NODCH: %ld\n"", c->arg); #endif if (dev->global_flags & ISDN_GLOBAL_STOPPED) return 0; if (isdn_net_stat_callback(i, c)) break; if (isdn_tty_stat_callback(i, c)) break; break; case ISDN_STAT_ADDCH: spin_lock_irqsave(&dev->lock, flags); if (isdn_add_channels(dev->drv[di], di, c->arg, 1)) { spin_unlock_irqrestore(&dev->lock, flags); return -1; } spin_unlock_irqrestore(&dev->lock, flags); isdn_info_update(); break; case ISDN_STAT_DISCH: spin_lock_irqsave(&dev->lock, flags); for (i = 0; i < ISDN_MAX_CHANNELS; i++) if ((dev->drvmap[i] == di) && (dev->chanmap[i] == c->arg)) { if (c->parm.num[0]) dev->usage[i] &= ~ISDN_USAGE_DISABLED; else if (USG_NONE(dev->usage[i])) { dev->usage[i] |= ISDN_USAGE_DISABLED; } else retval = -1; break; } spin_unlock_irqrestore(&dev->lock, flags); isdn_info_update(); break; case ISDN_STAT_UNLOAD: while (dev->drv[di]->locks > 0) { isdn_unlock_driver(dev->drv[di]); } spin_lock_irqsave(&dev->lock, flags); isdn_tty_stat_callback(i, c); for (i = 0; i < ISDN_MAX_CHANNELS; i++) if (dev->drvmap[i] == di) { dev->drvmap[i] = -1; dev->chanmap[i] = -1; dev->usage[i] &= ~ISDN_USAGE_DISABLED; } dev->drivers--; dev->channels -= dev->drv[di]->channels; kfree(dev->drv[di]->rcverr); kfree(dev->drv[di]->rcvcount); for (i = 0; i < dev->drv[di]->channels; i++) skb_queue_purge(&dev->drv[di]->rpqueue[i]); kfree(dev->drv[di]->rpqueue); kfree(dev->drv[di]->rcv_waitq); kfree(dev->drv[di]); dev->drv[di] = NULL; dev->drvid[di][0] = '\0'; isdn_info_update(); set_global_features(); spin_unlock_irqrestore(&dev->lock, flags); return 0; case ISDN_STAT_L1ERR: break; case CAPI_PUT_MESSAGE: return(isdn_capi_rec_hl_msg(&c->parm.cmsg)); #ifdef CONFIG_ISDN_TTY_FAX case ISDN_STAT_FAXIND: isdn_tty_stat_callback(i, c); break; #endif #ifdef CONFIG_ISDN_AUDIO case ISDN_STAT_AUDIO: isdn_tty_stat_callback(i, c); break; #endif #ifdef CONFIG_ISDN_DIVERSION case ISDN_STAT_PROT: case ISDN_STAT_REDIR: if (divert_if) return(divert_if->stat_callback(c)); #endif default: return -1; } return 0; }",linux-2.6,,,148232737897155536727272350507842463525,0 988,['CWE-94'],"static int link_opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) { int ret; if (pipe->nrbufs < PIPE_BUFFERS) return 0; ret = 0; mutex_lock(&pipe->inode->i_mutex); while (pipe->nrbufs >= PIPE_BUFFERS) { if (!pipe->readers) { send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; } if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; } if (signal_pending(current)) { ret = -ERESTARTSYS; break; } pipe->waiting_writers++; pipe_wait(pipe); pipe->waiting_writers--; } mutex_unlock(&pipe->inode->i_mutex); return ret; }",linux-2.6,,,46731846851752115583641044091921807940,0 4593,['CWE-399'],"static int ext4_releasepage(struct page *page, gfp_t wait) { journal_t *journal = EXT4_JOURNAL(page->mapping->host); WARN_ON(PageChecked(page)); if (!page_has_buffers(page)) return 0; if (journal) return jbd2_journal_try_to_free_buffers(journal, page, wait); else return try_to_free_buffers(page); }",linux-2.6,,,80267950910948821016530686754988333769,0 6261,CWE-190,"static int recoding(void) { int code = RLC_ERR; bn_t a, b, c, v1[3], v2[3]; int w, k, l; uint8_t d[RLC_BN_BITS + 1]; int8_t e[2 * (RLC_BN_BITS + 1)]; bn_null(a); bn_null(b); bn_null(c); for (k = 0; k < 3; k++) { bn_null(v1[k]); bn_null(v2[k]); } RLC_TRY { bn_new(a); bn_new(b); bn_new(c); for (k = 0; k < 3; k++) { bn_new(v1[k]); bn_new(v2[k]); } TEST_CASE(""window recoding is correct"") { for (w = 2; w <= 8; w++) { bn_rand(a, RLC_POS, RLC_BN_BITS); l = RLC_BN_BITS + 1; bn_rec_win(d, &l, a, w); bn_zero(b); for (k = l - 1; k >= 0; k--) { bn_lsh(b, b, w); bn_add_dig(b, b, d[k]); } TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } } TEST_END; TEST_CASE(""sliding window recoding is correct"") { for (w = 2; w <= 8; w++) { bn_rand(a, RLC_POS, RLC_BN_BITS); l = RLC_BN_BITS + 1; bn_rec_slw(d, &l, a, w); bn_zero(b); for (k = 0; k < l; k++) { if (d[k] == 0) { bn_dbl(b, b); } else { bn_lsh(b, b, util_bits_dig(d[k])); bn_add_dig(b, b, d[k]); } } TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } } TEST_END; TEST_CASE(""naf recoding is correct"") { for (w = 2; w <= 8; w++) { bn_rand(a, RLC_POS, RLC_BN_BITS); l = RLC_BN_BITS + 1; bn_rec_naf(e, &l, a, w); bn_zero(b); for (k = l - 1; k >= 0; k--) { bn_dbl(b, b); if (e[k] >= 0) { bn_add_dig(b, b, e[k]); } else { bn_sub_dig(b, b, -e[k]); } } TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } } TEST_END; #if defined(WITH_EB) && defined(EB_KBLTZ) && (EB_MUL == LWNAF || EB_MUL == RWNAF || EB_FIX == LWNAF || EB_SIM == INTER || !defined(STRIP)) if (eb_param_set_any_kbltz() == RLC_OK) { eb_curve_get_ord(v1[2]); TEST_CASE(""tnaf recoding is correct"") { for (w = 2; w <= 8; w++) { uint8_t t_w; int8_t beta[64], gama[64]; int8_t tnaf[RLC_FB_BITS + 8]; int8_t u = (eb_curve_opt_a() == RLC_ZERO ? -1 : 1); bn_rand_mod(a, v1[2]); l = RLC_FB_BITS + 1; bn_rec_tnaf_mod(v1[0], v1[1], a, u, RLC_FB_BITS); bn_rec_tnaf_get(&t_w, beta, gama, u, w); bn_rec_tnaf(tnaf, &l, a, u, RLC_FB_BITS, w); bn_zero(a); bn_zero(b); for (k = l - 1; k >= 0; k--) { bn_copy(c, b); if (u == -1) { bn_neg(c, c); } bn_add(c, c, a); bn_dbl(a, b); bn_neg(a, a); bn_copy(b, c); if (w == 2) { if (tnaf[k] >= 0) { bn_add_dig(a, a, tnaf[k]); } else { bn_sub_dig(a, a, -tnaf[k]); } } else { if (tnaf[k] > 0) { if (beta[tnaf[k] / 2] >= 0) { bn_add_dig(a, a, beta[tnaf[k] / 2]); } else { bn_sub_dig(a, a, -beta[tnaf[k] / 2]); } if (gama[tnaf[k] / 2] >= 0) { bn_add_dig(b, b, gama[tnaf[k] / 2]); } else { bn_sub_dig(b, b, -gama[tnaf[k] / 2]); } } if (tnaf[k] < 0) { if (beta[-tnaf[k] / 2] >= 0) { bn_sub_dig(a, a, beta[-tnaf[k] / 2]); } else { bn_add_dig(a, a, -beta[-tnaf[k] / 2]); } if (gama[-tnaf[k] / 2] >= 0) { bn_sub_dig(b, b, gama[-tnaf[k] / 2]); } else { bn_add_dig(b, b, -gama[-tnaf[k] / 2]); } } } } TEST_ASSERT(bn_cmp(a, v1[0]) == RLC_EQ, end); TEST_ASSERT(bn_cmp(b, v1[1]) == RLC_EQ, end); } } TEST_END; TEST_CASE(""regular tnaf recoding is correct"") { for (w = 2; w <= 8; w++) { uint8_t t_w; int8_t beta[64], gama[64]; int8_t tnaf[RLC_FB_BITS + 8]; int8_t u = (eb_curve_opt_a() == RLC_ZERO ? -1 : 1); int n; do { bn_rand_mod(a, v1[2]); l = RLC_FB_BITS + 1; bn_rec_tnaf_mod(v1[0], v1[1], a, u, RLC_FB_BITS); } while (bn_is_even(v1[0]) || bn_is_even(v1[1])); bn_rec_tnaf_get(&t_w, beta, gama, u, w); bn_rec_rtnaf(tnaf, &l, a, u, RLC_FB_BITS, w); bn_zero(a); bn_zero(b); n = 0; for (k = l - 1; k >= 0; k--) { for (int m = 0; m < w - 1; m++) { bn_copy(c, b); if (u == -1) { bn_neg(c, c); } bn_add(c, c, a); bn_dbl(a, b); bn_neg(a, a); bn_copy(b, c); } if (tnaf[k] != 0) { n++; } if (w == 2) { if (tnaf[k] >= 0) { bn_add_dig(a, a, tnaf[k]); } else { bn_sub_dig(a, a, -tnaf[k]); } } else { if (tnaf[k] > 0) { if (beta[tnaf[k] / 2] >= 0) { bn_add_dig(a, a, beta[tnaf[k] / 2]); } else { bn_sub_dig(a, a, -beta[tnaf[k] / 2]); } if (gama[tnaf[k] / 2] >= 0) { bn_add_dig(b, b, gama[tnaf[k] / 2]); } else { bn_sub_dig(b, b, -gama[tnaf[k] / 2]); } } if (tnaf[k] < 0) { if (beta[-tnaf[k] / 2] >= 0) { bn_sub_dig(a, a, beta[-tnaf[k] / 2]); } else { bn_add_dig(a, a, -beta[-tnaf[k] / 2]); } if (gama[-tnaf[k] / 2] >= 0) { bn_sub_dig(b, b, gama[-tnaf[k] / 2]); } else { bn_add_dig(b, b, -gama[-tnaf[k] / 2]); } } } } TEST_ASSERT(bn_cmp(a, v1[0]) == RLC_EQ, end); TEST_ASSERT(bn_cmp(b, v1[1]) == RLC_EQ, end); } } TEST_END; } #endif TEST_CASE(""regular recoding is correct"") { bn_rand(a, RLC_POS, RLC_BN_BITS); if (bn_is_even(a)) { bn_add_dig(a, a, 1); } for (w = 2; w <= 8; w++) { l = RLC_BN_BITS + 1; bn_rec_reg(e, &l, a, RLC_BN_BITS, w); bn_zero(b); for (k = l - 1; k >= 0; k--) { bn_lsh(b, b, w - 1); if (e[k] > 0) { bn_add_dig(b, b, e[k]); } else { bn_sub_dig(b, b, -e[k]); } } TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } } TEST_END; TEST_CASE(""jsf recoding is correct"") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); l = 2 * (RLC_BN_BITS + 1); bn_rec_jsf(e, &l, a, b); w = RLC_MAX(bn_bits(a), bn_bits(b)) + 1; bn_add(a, a, b); bn_zero(b); for (k = l - 1; k >= 0; k--) { bn_dbl(b, b); if (e[k] >= 0) { bn_add_dig(b, b, e[k]); } else { bn_sub_dig(b, b, -e[k]); } if (e[k + w] >= 0) { bn_add_dig(b, b, e[k + w]); } else { bn_sub_dig(b, b, -e[k + w]); } } TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } TEST_END; #if defined(WITH_EP) && defined(EP_ENDOM) && (EP_MUL == LWNAF || EP_FIX == COMBS || EP_FIX == LWNAF || EP_SIM == INTER || !defined(STRIP)) TEST_CASE(""glv recoding is correct"") { if (ep_param_set_any_endom() == RLC_OK) { ep_curve_get_v1(v1); ep_curve_get_v2(v2); ep_curve_get_ord(b); bn_rand_mod(a, b); bn_rec_glv(b, c, a, b, (const bn_t *)v1, (const bn_t *)v2); ep_curve_get_ord(v2[0]); TEST_ASSERT(bn_bits(b) <= 1 + (bn_bits(v2[0]) >> 1), end); TEST_ASSERT(bn_bits(c) <= 1 + (bn_bits(v2[0]) >> 1), end); if (bn_cmp_dig(v1[2], 1) == RLC_EQ) { bn_gcd_ext(v1[0], v2[1], NULL, v1[1], v2[0]); } else { bn_gcd_ext(v1[0], v2[1], NULL, v1[2], v2[0]); } if (bn_sign(v2[1]) == RLC_NEG) { bn_add(v2[1], v2[0], v2[1]); } if (bn_cmp_dig(v1[2], 1) == RLC_EQ) { bn_sub(v1[0], v2[1], v1[2]); } else { bn_mul(v1[0], v2[1], v1[1]); } bn_mod(v1[0], v1[0], v2[0]); bn_sub(v1[1], v2[0], v1[0]); if (bn_cmp(v1[1], v1[0]) == RLC_LT) { bn_copy(v1[0], v1[1]); } bn_mul(c, c, v1[0]); bn_add(b, b, c); bn_mod(b, b, v2[0]); if (bn_sign(b) == RLC_NEG) { bn_add(b, b, v2[0]); } TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } } TEST_END; #endif } RLC_CATCH_ANY { RLC_ERROR(end); } code = RLC_OK; end: bn_free(a); bn_free(b); bn_free(c); for (k = 0; k < 3; k++) { bn_free(v1[k]); bn_free(v2[k]); } return code; }",visit repo url,test/test_bn.c,https://github.com/relic-toolkit/relic,192834746423296,1 1807,[],"static void init_rt_rq(struct rt_rq *rt_rq, struct rq *rq) { struct rt_prio_array *array; int i; array = &rt_rq->active; for (i = 0; i < MAX_RT_PRIO; i++) { INIT_LIST_HEAD(array->queue + i); __clear_bit(i, array->bitmap); } __set_bit(MAX_RT_PRIO, array->bitmap); #if defined CONFIG_SMP || defined CONFIG_RT_GROUP_SCHED rt_rq->highest_prio = MAX_RT_PRIO; #endif #ifdef CONFIG_SMP rt_rq->rt_nr_migratory = 0; rt_rq->overloaded = 0; #endif rt_rq->rt_time = 0; rt_rq->rt_throttled = 0; rt_rq->rt_runtime = 0; spin_lock_init(&rt_rq->rt_runtime_lock); #ifdef CONFIG_RT_GROUP_SCHED rt_rq->rt_nr_boosted = 0; rt_rq->rq = rq; #endif }",linux-2.6,,,317355356533968591035201726069423527442,0 4725,['CWE-20'],"static int ext4_fill_flex_info(struct super_block *sb) { struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_group_desc *gdp = NULL; struct buffer_head *bh; ext4_group_t flex_group_count; ext4_group_t flex_group; int groups_per_flex = 0; int i; if (!sbi->s_es->s_log_groups_per_flex) { sbi->s_log_groups_per_flex = 0; return 1; } sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex; groups_per_flex = 1 << sbi->s_log_groups_per_flex; flex_group_count = ((sbi->s_groups_count + groups_per_flex - 1) + ((le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) + 1) << EXT4_DESC_PER_BLOCK_BITS(sb))) / groups_per_flex; sbi->s_flex_groups = kzalloc(flex_group_count * sizeof(struct flex_groups), GFP_KERNEL); if (sbi->s_flex_groups == NULL) { printk(KERN_ERR ""EXT4-fs: not enough memory for "" ""%u flex groups\n"", flex_group_count); goto failed; } for (i = 0; i < sbi->s_groups_count; i++) { gdp = ext4_get_group_desc(sb, i, &bh); flex_group = ext4_flex_group(sbi, i); sbi->s_flex_groups[flex_group].free_inodes += ext4_free_inodes_count(sb, gdp); sbi->s_flex_groups[flex_group].free_blocks += ext4_free_blks_count(sb, gdp); } return 1; failed: return 0; }",linux-2.6,,,319088226902944720433423680268494640443,0 1486,[],"void sched_fork(struct task_struct *p, int clone_flags) { int cpu = get_cpu(); __sched_fork(p); #ifdef CONFIG_SMP cpu = sched_balance_self(cpu, SD_BALANCE_FORK); #endif set_task_cpu(p, cpu); p->prio = current->normal_prio; if (!rt_prio(p->prio)) p->sched_class = &fair_sched_class; #if defined(CONFIG_SCHEDSTATS) || defined(CONFIG_TASK_DELAY_ACCT) if (likely(sched_info_on())) memset(&p->sched_info, 0, sizeof(p->sched_info)); #endif #if defined(CONFIG_SMP) && defined(__ARCH_WANT_UNLOCKED_CTXSW) p->oncpu = 0; #endif #ifdef CONFIG_PREEMPT task_thread_info(p)->preempt_count = 1; #endif put_cpu(); }",linux-2.6,,,178132369997293849112704857555922843922,0 1288,[],"m4_patsubst (struct obstack *obs, int argc, token_data **argv) { const char *victim; const char *regexp; struct re_pattern_buffer buf; struct re_registers regs; const char *msg; int matchpos; int offset; int length; if (bad_argc (argv[0], argc, 3, 4)) { if (argc == 2) obstack_grow (obs, ARG (1), strlen (ARG (1))); return; } regexp = TOKEN_DATA_TEXT (argv[2]); init_pattern_buffer (&buf, ®s); msg = re_compile_pattern (regexp, strlen (regexp), &buf); if (msg != NULL) { M4ERROR ((warning_status, 0, ""bad regular expression `%s': %s"", regexp, msg)); free (buf.buffer); return; } victim = TOKEN_DATA_TEXT (argv[1]); length = strlen (victim); offset = 0; matchpos = 0; while (offset <= length) { matchpos = re_search (&buf, victim, length, offset, length - offset, ®s); if (matchpos < 0) { if (matchpos == -2) M4ERROR ((warning_status, 0, ""error matching regular expression `%s'"", regexp)); else if (offset < length) obstack_grow (obs, victim + offset, length - offset); break; } if (matchpos > offset) obstack_grow (obs, victim + offset, matchpos - offset); substitute (obs, victim, ARG (3), ®s); offset = regs.end[0]; if (regs.start[0] == regs.end[0]) obstack_1grow (obs, victim[offset++]); } obstack_1grow (obs, '\0'); free_pattern_buffer (&buf, ®s); }",m4,,,288406767910285444987458348647696642690,0 6710,['CWE-310'],"string_compare (NMConnection *dst, NMConnection *src, const char *tag) { const char *s1, *s2; s1 = (const char *) g_object_get_data (G_OBJECT (src), tag); s2 = (const char *) g_object_get_data (G_OBJECT (dst), tag); if (s1 && !s2) return FALSE; if (!s1 && s2) return FALSE; if (!s1 && !s2) return TRUE; g_assert (s1 && s2); return !strcmp (s1, s2); }",network-manager-applet,,,129394538881085816637827961297464266138,0 4060,CWE-125,"static int parse_import_ptr(struct MACH0_(obj_t)* bin, struct reloc_t *reloc, int idx) { int i, j, sym, wordsize; ut32 stype; wordsize = MACH0_(get_bits)(bin) / 8; if (idx < 0 || idx >= bin->nsymtab) { return 0; } if ((bin->symtab[idx].n_desc & REFERENCE_TYPE) == REFERENCE_FLAG_UNDEFINED_LAZY) { stype = S_LAZY_SYMBOL_POINTERS; } else { stype = S_NON_LAZY_SYMBOL_POINTERS; } reloc->offset = 0; reloc->addr = 0; reloc->addend = 0; #define CASE(T) case (T / 8): reloc->type = R_BIN_RELOC_ ## T; break switch (wordsize) { CASE(8); CASE(16); CASE(32); CASE(64); default: return false; } #undef CASE for (i = 0; i < bin->nsects; i++) { if ((bin->sects[i].flags & SECTION_TYPE) == stype) { for (j=0, sym=-1; bin->sects[i].reserved1+j < bin->nindirectsyms; j++) if (idx == bin->indirectsyms[bin->sects[i].reserved1 + j]) { sym = j; break; } reloc->offset = sym == -1 ? 0 : bin->sects[i].offset + sym * wordsize; reloc->addr = sym == -1 ? 0 : bin->sects[i].addr + sym * wordsize; return true; } } return false; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radare/radare2,38503076251527,1 5795,CWE-125,"snmp_engine_get(snmp_header_t *header, snmp_varbind_t *varbinds, uint32_t varbinds_length) { snmp_mib_resource_t *resource; uint32_t i; for(i = 0; i < varbinds_length; i++) { resource = snmp_mib_find(varbinds[i].oid); if(!resource) { switch(header->version) { case SNMP_VERSION_1: header->error_status_non_repeaters.error_status = SNMP_STATUS_NO_SUCH_NAME; header->error_index_max_repetitions.error_index = i + 1; break; case SNMP_VERSION_2C: (&varbinds[i])->value_type = SNMP_DATA_TYPE_NO_SUCH_INSTANCE; break; default: header->error_status_non_repeaters.error_status = SNMP_STATUS_NO_SUCH_NAME; header->error_index_max_repetitions.error_index = 0; } } else { resource->handler(&varbinds[i], resource->oid); } } return 0; }",visit repo url,os/net/app-layer/snmp/snmp-engine.c,https://github.com/contiki-ng/contiki-ng,231328161479169,1 4601,['CWE-399'],"static int ext4_alloc_blocks(handle_t *handle, struct inode *inode, ext4_lblk_t iblock, ext4_fsblk_t goal, int indirect_blks, int blks, ext4_fsblk_t new_blocks[4], int *err) { struct ext4_allocation_request ar; int target, i; unsigned long count = 0, blk_allocated = 0; int index = 0; ext4_fsblk_t current_block = 0; int ret = 0; target = indirect_blks; while (target > 0) { count = target; current_block = ext4_new_meta_blocks(handle, inode, goal, &count, err); if (*err) goto failed_out; target -= count; while (index < indirect_blks && count) { new_blocks[index++] = current_block++; count--; } if (count > 0) { new_blocks[index] = current_block; printk(KERN_INFO ""%s returned more blocks than "" ""requested\n"", __func__); WARN_ON(1); break; } } target = blks - count ; blk_allocated = count; if (!target) goto allocated; memset(&ar, 0, sizeof(ar)); ar.inode = inode; ar.goal = goal; ar.len = target; ar.logical = iblock; if (S_ISREG(inode->i_mode)) ar.flags = EXT4_MB_HINT_DATA; current_block = ext4_mb_new_blocks(handle, &ar, err); if (*err && (target == blks)) { goto failed_out; } if (!*err) { if (target == blks) { new_blocks[index] = current_block; } blk_allocated += ar.len; } allocated: ret = blk_allocated; *err = 0; return ret; failed_out: for (i = 0; i < index; i++) ext4_free_blocks(handle, inode, new_blocks[i], 1, 0); return ret; }",linux-2.6,,,79781128989016069079483064354385446261,0 878,CWE-20,"static void unix_copy_addr(struct msghdr *msg, struct sock *sk) { struct unix_sock *u = unix_sk(sk); msg->msg_namelen = 0; if (u->addr) { msg->msg_namelen = u->addr->len; memcpy(msg->msg_name, u->addr->name, u->addr->len); } }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,153126031543195,1 3966,CWE-20,"parse_netscreen_rec_hdr(struct wtap_pkthdr *phdr, const char *line, char *cap_int, gboolean *cap_dir, char *cap_dst, int *err, gchar **err_info) { int sec; int dsec, pkt_len; char direction[2]; char cap_src[13]; phdr->rec_type = REC_TYPE_PACKET; phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN; if (sscanf(line, ""%9d.%9d: %15[a-z0-9/:.-](%1[io]) len=%9d:%12s->%12s/"", &sec, &dsec, cap_int, direction, &pkt_len, cap_src, cap_dst) < 5) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""netscreen: Can't parse packet-header""); return -1; } *cap_dir = (direction[0] == 'o' ? NETSCREEN_EGRESS : NETSCREEN_INGRESS); phdr->ts.secs = sec; phdr->ts.nsecs = dsec * 100000000; phdr->len = pkt_len; return pkt_len; }",visit repo url,wiretap/netscreen.c,https://github.com/wireshark/wireshark,486559866325,1 2883,['CWE-189'],"static long mem_seek(jas_stream_obj_t *obj, long offset, int origin) { jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj; long newpos; switch (origin) { case SEEK_SET: newpos = offset; break; case SEEK_END: newpos = m->len_ - offset; break; case SEEK_CUR: newpos = m->pos_ + offset; break; default: abort(); break; } if (newpos < 0) { return -1; } m->pos_ = newpos; return m->pos_; }",jasper,,,135709311483314780494057458379238861834,0 2561,[],"static int invalid_attr_name(const char *name, int namelen) { if (*name == '-') return -1; while (namelen--) { char ch = *name++; if (! (ch == '-' || ch == '.' || ch == '_' || ('0' <= ch && ch <= '9') || ('a' <= ch && ch <= 'z') || ('A' <= ch && ch <= 'Z')) ) return -1; } return 0; }",git,,,229575077037208838640326569311884561880,0 5510,['CWE-119'],"ecryptfs_get_auth_tok_sig(char **sig, struct ecryptfs_auth_tok *auth_tok) { int rc = 0; (*sig) = NULL; switch (auth_tok->token_type) { case ECRYPTFS_PASSWORD: (*sig) = auth_tok->token.password.signature; break; case ECRYPTFS_PRIVATE_KEY: (*sig) = auth_tok->token.private_key.signature; break; default: printk(KERN_ERR ""Cannot get sig for auth_tok of type [%d]\n"", auth_tok->token_type); rc = -EINVAL; } return rc; }",linux-2.6,,,76594966772286020751610772343219480766,0 6079,['CWE-200'],"static __inline__ unsigned hash_src(u32 *src) { unsigned h = src[RSVP_DST_LEN-1]; h ^= h>>16; h ^= h>>8; h ^= h>>4; return h & 0xF; }",linux-2.6,,,59238081033229318009509206358901158485,0 1391,CWE-310,"static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_blkcipher rblkcipher; snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""ablkcipher""); snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", alg->cra_ablkcipher.geniv ?: """"); rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize; rblkcipher.ivsize = alg->cra_ablkcipher.ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, sizeof(struct crypto_report_blkcipher), &rblkcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/ablkcipher.c,https://github.com/torvalds/linux,148442488089788,1 6592,CWE-787,"static RzList *classes_from_symbols(RzBinFile *bf) { RzBinSymbol *sym; RzListIter *iter; rz_list_foreach (bf->o->symbols, iter, sym) { if (sym->name[0] != '_') { continue; } const char *cn = sym->classname; if (cn) { RzBinClass *c = rz_bin_file_add_class(bf, sym->classname, NULL, 0); if (!c) { continue; } char *dn = sym->dname; char *fn = swiftField(dn, cn); if (fn) { RzBinField *f = rz_bin_field_new(sym->paddr, sym->vaddr, sym->size, fn, NULL, NULL, false); rz_list_append(c->fields, f); free(fn); } else { char *mn = strstr(dn, ""..""); if (!mn) { mn = strstr(dn, cn); if (mn && mn[strlen(cn)] == '.') { rz_list_append(c->methods, sym); } } } } } return bf->o->classes; }",visit repo url,librz/bin/bobj.c,https://github.com/rizinorg/rizin,125341743488100,1 4792,CWE-119,"sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; unsigned char buff[128]; int r, i; size_t field_length = 0, modulus_length = 0; sc_path_t tmppath; set_string (&p15card->tokeninfo->label, ""ID-kaart""); set_string (&p15card->tokeninfo->manufacturer_id, ""AS Sertifitseerimiskeskus""); sc_format_path (""3f00eeee5044"", &tmppath); r = sc_select_file (card, &tmppath, NULL); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""select esteid PD failed""); r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""read document number failed""); buff[r] = '\0'; set_string (&p15card->tokeninfo->serial_number, (const char *) buff); p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT | SC_PKCS15_TOKEN_READONLY; for (i = 0; i < 2; i++) { static const char *esteid_cert_names[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; static char const *esteid_cert_paths[2] = { ""3f00eeeeaace"", ""3f00eeeeddce""}; static int esteid_cert_ids[2] = {1, 2}; struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); cert_info.id.value[0] = esteid_cert_ids[i]; cert_info.id.len = 1; sc_format_path(esteid_cert_paths[i], &cert_info.path); strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label)); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; if (i == 0) { sc_pkcs15_cert_t *cert = NULL; r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); if (r < 0) return SC_ERROR_INTERNAL; if (cert->key->algorithm == SC_ALGORITHM_EC) field_length = cert->key->u.ec.params.field_length; else modulus_length = cert->key->u.rsa.modulus.len * 8; if (r == SC_SUCCESS) { static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }}; u8 *cn_name = NULL; size_t cn_len = 0; sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len); if (cn_len > 0) { char *token_name = malloc(cn_len+1); if (token_name) { memcpy(token_name, cn_name, cn_len); token_name[cn_len] = '\0'; set_string(&p15card->tokeninfo->label, (const char*)token_name); free(token_name); } } free(cn_name); sc_pkcs15_free_certificate(cert); } } } sc_format_path (""3f000016"", &tmppath); r = sc_select_file (card, &tmppath, NULL); if (r < 0) return SC_ERROR_INTERNAL; for (i = 0; i < 3; i++) { unsigned char tries_left; static const char *esteid_pin_names[3] = { ""PIN1"", ""PIN2"", ""PUK"" }; static const int esteid_pin_min[3] = {4, 5, 8}; static const int esteid_pin_ref[3] = {1, 2, 0}; static const int esteid_pin_authid[3] = {1, 2, 3}; static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN}; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = esteid_pin_authid[i]; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = esteid_pin_ref[i]; pin_info.attrs.pin.flags = esteid_pin_flags[i]; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = esteid_pin_min[i]; pin_info.attrs.pin.stored_length = 12; pin_info.attrs.pin.max_length = 12; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = (int)tries_left; pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; if (i < 2) { pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 3; } r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) return SC_ERROR_INTERNAL; } for (i = 0; i < 2; i++) { static int prkey_pin[2] = {1, 2}; static const char *prkey_name[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); prkey_info.id.len = 1; prkey_info.id.value[0] = prkey_pin[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; prkey_info.field_length = field_length; prkey_info.modulus_length = modulus_length; if (i == 1) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; else if(field_length > 0) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE; else prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; prkey_obj.auth_id.value[0] = prkey_pin[i]; prkey_obj.user_consent = 0; prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; if(field_length > 0) r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); else r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if (r < 0) return SC_ERROR_INTERNAL; } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-esteid.c,https://github.com/OpenSC/OpenSC,125994446105878,1 5751,CWE-787,"int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, uint32_t quic_version) { struct ndpi_packet_struct *packet = &flow->packet; union ja3_info ja3; u_int8_t invalid_ja3 = 0; u_int16_t tls_version, ja3_str_len; char ja3_str[JA3_STR_LEN]; ndpi_MD5_CTX ctx; u_char md5_hash[16]; int i; u_int16_t total_len; u_int8_t handshake_type; char buffer[64] = { '\0' }; int is_quic = (quic_version != 0); int is_dtls = packet->udp && (!is_quic); #ifdef DEBUG_TLS printf(""TLS %s() called\n"", __FUNCTION__); #endif memset(&ja3, 0, sizeof(ja3)); handshake_type = packet->payload[0]; total_len = (packet->payload[1] << 16) + (packet->payload[2] << 8) + packet->payload[3]; if((total_len > packet->payload_packet_len) || (packet->payload[1] != 0x0)) return(0); total_len = packet->payload_packet_len; if(total_len > 4) { u_int16_t base_offset = (!is_dtls) ? 38 : 46; u_int16_t version_offset = (!is_dtls) ? 4 : 12; u_int16_t offset = (!is_dtls) ? 38 : 46, extension_len, j; u_int8_t session_id_len = 0; if((base_offset >= total_len) || (version_offset + 1) >= total_len) return 0; session_id_len = packet->payload[base_offset]; #ifdef DEBUG_TLS printf(""TLS [len: %u][handshake_type: %02X]\n"", packet->payload_packet_len, handshake_type); #endif tls_version = ntohs(*((u_int16_t*)&packet->payload[version_offset])); if(handshake_type == 0x02 ) { int i, rc; ja3.server.tls_handshake_version = tls_version; #ifdef DEBUG_TLS printf(""TLS Server Hello [version: 0x%04X]\n"", tls_version); #endif if(packet->udp) offset += session_id_len + 1; else { if(tls_version < 0x7F15 ) offset += session_id_len+1; } if((offset+3) > packet->payload_packet_len) return(0); ja3.server.num_cipher = 1, ja3.server.cipher[0] = ntohs(*((u_int16_t*)&packet->payload[offset])); if((flow->protos.tls_quic_stun.tls_quic.server_unsafe_cipher = ndpi_is_safe_ssl_cipher(ja3.server.cipher[0])) == 1) ndpi_set_risk(flow, NDPI_TLS_WEAK_CIPHER); flow->protos.tls_quic_stun.tls_quic.server_cipher = ja3.server.cipher[0]; #ifdef DEBUG_TLS printf(""TLS [server][session_id_len: %u][cipher: %04X]\n"", session_id_len, ja3.server.cipher[0]); #endif offset += 2 + 1; if((offset + 1) < packet->payload_packet_len) extension_len = ntohs(*((u_int16_t*)&packet->payload[offset])); else extension_len = 0; #ifdef DEBUG_TLS printf(""TLS [server][extension_len: %u]\n"", extension_len); #endif offset += 2; for(i=0; i packet->payload_packet_len) break; extension_id = ntohs(*((u_int16_t*)&packet->payload[offset])); extension_len = ntohs(*((u_int16_t*)&packet->payload[offset+2])); if(ja3.server.num_tls_extension < MAX_NUM_JA3) ja3.server.tls_extension[ja3.server.num_tls_extension++] = extension_id; #ifdef DEBUG_TLS printf(""TLS [server][extension_id: %u/0x%04X][len: %u]\n"", extension_id, extension_id, extension_len); #endif if(extension_id == 43 ) { if(extension_len >= 2) { u_int16_t tls_version = ntohs(*((u_int16_t*)&packet->payload[offset+4])); #ifdef DEBUG_TLS printf(""TLS [server] [TLS version: 0x%04X]\n"", tls_version); #endif flow->protos.tls_quic_stun.tls_quic.ssl_version = ja3.server.tls_supported_version = tls_version; } } else if(extension_id == 16 ) { u_int16_t s_offset = offset+4; u_int16_t tot_alpn_len = ntohs(*((u_int16_t*)&packet->payload[s_offset])); char alpn_str[256]; u_int8_t alpn_str_len = 0, i; #ifdef DEBUG_TLS printf(""Server TLS [ALPN: block_len=%u/len=%u]\n"", extension_len, tot_alpn_len); #endif s_offset += 2; tot_alpn_len += s_offset; while(s_offset < tot_alpn_len && s_offset < total_len) { u_int8_t alpn_i, alpn_len = packet->payload[s_offset++]; if((s_offset + alpn_len) <= tot_alpn_len) { #ifdef DEBUG_TLS printf(""Server TLS [ALPN: %u]\n"", alpn_len); #endif if((alpn_str_len+alpn_len+1) < (sizeof(alpn_str)-1)) { if(alpn_str_len > 0) { alpn_str[alpn_str_len] = ','; alpn_str_len++; } for(alpn_i=0; alpn_ipayload[s_offset+alpn_i]; } s_offset += alpn_len, alpn_str_len += alpn_len;; } else { ndpi_set_risk(flow, NDPI_TLS_UNCOMMON_ALPN); break; } } else { ndpi_set_risk(flow, NDPI_TLS_UNCOMMON_ALPN); break; } } alpn_str[alpn_str_len] = '\0'; #ifdef DEBUG_TLS printf(""Server TLS [ALPN: %s][len: %u]\n"", alpn_str, alpn_str_len); #endif if(flow->protos.tls_quic_stun.tls_quic.alpn == NULL) flow->protos.tls_quic_stun.tls_quic.alpn = ndpi_strdup(alpn_str); if(flow->protos.tls_quic_stun.tls_quic.alpn != NULL) tlsCheckUncommonALPN(flow); snprintf(ja3.server.alpn, sizeof(ja3.server.alpn), ""%s"", alpn_str); for(i=0; ja3.server.alpn[i] != '\0'; i++) if(ja3.server.alpn[i] == ',') ja3.server.alpn[i] = '-'; } else if(extension_id == 11 ) { u_int16_t s_offset = offset+4 + 1; #ifdef DEBUG_TLS printf(""Server TLS [EllipticCurveFormat: len=%u]\n"", extension_len); #endif if((s_offset+extension_len-1) <= total_len) { for(i=0; ipayload[s_offset+i]; #ifdef DEBUG_TLS printf(""Server TLS [EllipticCurveFormat: %u]\n"", s_group); #endif if(ja3.server.num_elliptic_curve_point_format < MAX_NUM_JA3) ja3.server.elliptic_curve_point_format[ja3.server.num_elliptic_curve_point_format++] = s_group; else { invalid_ja3 = 1; #ifdef DEBUG_TLS printf(""Server TLS Invalid num elliptic %u\n"", ja3.server.num_elliptic_curve_point_format); #endif } } } else { invalid_ja3 = 1; #ifdef DEBUG_TLS printf(""Server TLS Invalid len %u vs %u\n"", s_offset+extension_len, total_len); #endif } } i += 4 + extension_len, offset += 4 + extension_len; } ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), ""%u,"", ja3.server.tls_handshake_version); for(i=0; i 0) ? ""-"" : """", ja3.server.cipher[i]); if(rc <= 0) break; else ja3_str_len += rc; } rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "",""); if(rc > 0 && ja3_str_len + rc < JA3_STR_LEN) ja3_str_len += rc; for(i=0; i 0) ? ""-"" : """", ja3.server.tls_extension[i]); if(rc <= 0) break; else ja3_str_len += rc; } if(ndpi_struct->enable_ja3_plus) { for(i=0; i 0) ? ""-"" : """", ja3.server.elliptic_curve_point_format[i]); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; else break; } if(ja3.server.alpn[0] != '\0') { rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "",%s"", ja3.server.alpn); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; } #ifdef DEBUG_TLS printf(""[JA3+] Server: %s \n"", ja3_str); #endif } else { #ifdef DEBUG_TLS printf(""[JA3] Server: %s \n"", ja3_str); #endif } ndpi_MD5Init(&ctx); ndpi_MD5Update(&ctx, (const unsigned char *)ja3_str, strlen(ja3_str)); ndpi_MD5Final(md5_hash, &ctx); for(i=0, j=0; i<16; i++) { int rc = snprintf(&flow->protos.tls_quic_stun.tls_quic.ja3_server[j], sizeof(flow->protos.tls_quic_stun.tls_quic.ja3_server)-j, ""%02x"", md5_hash[i]); if(rc <= 0) break; else j += rc; } #ifdef DEBUG_TLS printf(""[JA3] Server: %s \n"", flow->protos.tls_quic_stun.tls_quic.ja3_server); #endif } else if(handshake_type == 0x01 ) { u_int16_t cipher_len, cipher_offset; u_int8_t cookie_len = 0; flow->protos.tls_quic_stun.tls_quic.ssl_version = ja3.client.tls_handshake_version = tls_version; if(flow->protos.tls_quic_stun.tls_quic.ssl_version < 0x0302) ndpi_set_risk(flow, NDPI_TLS_OBSOLETE_VERSION); if((session_id_len+base_offset+3) > packet->payload_packet_len) return(0); if(!is_dtls) { cipher_len = packet->payload[session_id_len+base_offset+2] + (packet->payload[session_id_len+base_offset+1] << 8); cipher_offset = base_offset + session_id_len + 3; } else { cookie_len = packet->payload[base_offset+session_id_len+1]; #ifdef DEBUG_TLS printf(""[JA3] Client: DTLS cookie len %d\n"", cookie_len); #endif if((session_id_len+base_offset+cookie_len+4) > packet->payload_packet_len) return(0); cipher_len = ntohs(*((u_int16_t*)&packet->payload[base_offset+session_id_len+cookie_len+2])); cipher_offset = base_offset + session_id_len + cookie_len + 4; } #ifdef DEBUG_TLS printf(""Client TLS [client cipher_len: %u][tls_version: 0x%04X]\n"", cipher_len, tls_version); #endif if((cipher_offset+cipher_len) <= total_len) { u_int8_t safari_ciphers = 0, chrome_ciphers = 0; for(i=0; ipayload[cipher_offset+i]; #ifdef DEBUG_TLS printf(""Client TLS [cipher suite: %u/0x%04X] [%d/%u]\n"", ntohs(*id), ntohs(*id), i, cipher_len); #endif if((*id == 0) || (packet->payload[cipher_offset+i] != packet->payload[cipher_offset+i+1])) { u_int16_t cipher_id = ntohs(*id); if(ja3.client.num_cipher < MAX_NUM_JA3) ja3.client.cipher[ja3.client.num_cipher++] = cipher_id; else { invalid_ja3 = 1; #ifdef DEBUG_TLS printf(""Client TLS Invalid cipher %u\n"", ja3.client.num_cipher); #endif } switch(cipher_id) { case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: safari_ciphers++; break; case TLS_CIPHER_GREASE_RESERVED_0: case TLS_AES_128_GCM_SHA256: case TLS_AES_256_GCM_SHA384: case TLS_CHACHA20_POLY1305_SHA256: chrome_ciphers++; break; case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: case TLS_RSA_WITH_AES_128_CBC_SHA: case TLS_RSA_WITH_AES_256_CBC_SHA: case TLS_RSA_WITH_AES_128_GCM_SHA256: case TLS_RSA_WITH_AES_256_GCM_SHA384: safari_ciphers++, chrome_ciphers++; break; } } i += 2; } if(chrome_ciphers == 13) flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls = 1; else if(safari_ciphers == 12) flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls = 1; } else { invalid_ja3 = 1; #ifdef DEBUG_TLS printf(""Client TLS Invalid len %u vs %u\n"", (cipher_offset+cipher_len), total_len); #endif } offset = base_offset + session_id_len + cookie_len + cipher_len + 2; offset += (!is_dtls) ? 1 : 2; if(offset < total_len) { u_int16_t compression_len; u_int16_t extensions_len; compression_len = packet->payload[offset]; offset++; #ifdef DEBUG_TLS printf(""Client TLS [compression_len: %u]\n"", compression_len); #endif offset += compression_len; if(offset+1 < total_len) { extensions_len = ntohs(*((u_int16_t*)&packet->payload[offset])); offset += 2; #ifdef DEBUG_TLS printf(""Client TLS [extensions_len: %u]\n"", extensions_len); #endif if((extensions_len+offset) <= total_len) { u_int extension_offset = 0; u_int32_t j; while(extension_offset < extensions_len && offset+extension_offset+4 <= total_len) { u_int16_t extension_id, extension_len, extn_off = offset+extension_offset; extension_id = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset])); extension_offset += 2; extension_len = ntohs(*((u_int16_t*)&packet->payload[offset+extension_offset])); extension_offset += 2; #ifdef DEBUG_TLS printf(""Client TLS [extension_id: %u][extension_len: %u]\n"", extension_id, extension_len); #endif if((extension_id == 0) || (packet->payload[extn_off] != packet->payload[extn_off+1])) { if(ja3.client.num_tls_extension < MAX_NUM_JA3) ja3.client.tls_extension[ja3.client.num_tls_extension++] = extension_id; else { invalid_ja3 = 1; #ifdef DEBUG_TLS printf(""Client TLS Invalid extensions %u\n"", ja3.client.num_tls_extension); #endif } } if(extension_id == 0 ) { u_int16_t len; #ifdef DEBUG_TLS printf(""[TLS] Extensions: found server name\n""); #endif if((offset+extension_offset+4) < packet->payload_packet_len) { len = (packet->payload[offset+extension_offset+3] << 8) + packet->payload[offset+extension_offset+4]; len = (u_int)ndpi_min(len, sizeof(buffer)-1); if((offset+extension_offset+5+len) <= packet->payload_packet_len) { strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len); buffer[len] = '\0'; cleanupServerName(buffer, sizeof(buffer)); snprintf(flow->protos.tls_quic_stun.tls_quic.client_requested_server_name, sizeof(flow->protos.tls_quic_stun.tls_quic.client_requested_server_name), ""%s"", buffer); #ifdef DEBUG_TLS printf(""[TLS] SNI: [%s]\n"", buffer); #endif if(!is_quic) { if(ndpi_match_hostname_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TLS, buffer, strlen(buffer))) flow->l4.tcp.tls.subprotocol_detected = 1; } else { if(ndpi_match_hostname_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, buffer, strlen(buffer))) flow->l4.tcp.tls.subprotocol_detected = 1; } if(ndpi_check_dga_name(ndpi_struct, flow, flow->protos.tls_quic_stun.tls_quic.client_requested_server_name, 1)) { char *sni = flow->protos.tls_quic_stun.tls_quic.client_requested_server_name; int len = strlen(sni); #ifdef DEBUG_TLS printf(""[TLS] SNI: (DGA) [%s]\n"", flow->protos.tls_quic_stun.tls_quic.client_requested_server_name); #endif if((len >= 4) && ((strcmp(&sni[len-4], "".com"") == 0) || (strcmp(&sni[len-4], "".net"") == 0)) && (strncmp(sni, ""www."", 4) == 0)) ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_TLS); } else { #ifdef DEBUG_TLS printf(""[TLS] SNI: (NO DGA) [%s]\n"", flow->protos.tls_quic_stun.tls_quic.client_requested_server_name); #endif } } else { #ifdef DEBUG_TLS printf(""[TLS] Extensions server len too short: %u vs %u\n"", offset+extension_offset+5+len, packet->payload_packet_len); #endif } } } else if(extension_id == 10 ) { u_int16_t s_offset = offset+extension_offset + 2; #ifdef DEBUG_TLS printf(""Client TLS [EllipticCurveGroups: len=%u]\n"", extension_len); #endif if((s_offset+extension_len-2) <= total_len) { for(i=0; ipayload[s_offset+i])); #ifdef DEBUG_TLS printf(""Client TLS [EllipticCurve: %u/0x%04X]\n"", s_group, s_group); #endif if((s_group == 0) || (packet->payload[s_offset+i] != packet->payload[s_offset+i+1])) { if(ja3.client.num_elliptic_curve < MAX_NUM_JA3) ja3.client.elliptic_curve[ja3.client.num_elliptic_curve++] = s_group; else { invalid_ja3 = 1; #ifdef DEBUG_TLS printf(""Client TLS Invalid num elliptic %u\n"", ja3.client.num_elliptic_curve); #endif } } i += 2; } } else { invalid_ja3 = 1; #ifdef DEBUG_TLS printf(""Client TLS Invalid len %u vs %u\n"", (s_offset+extension_len-1), total_len); #endif } } else if(extension_id == 11 ) { u_int16_t s_offset = offset+extension_offset + 1; #ifdef DEBUG_TLS printf(""Client TLS [EllipticCurveFormat: len=%u]\n"", extension_len); #endif if((s_offset+extension_len-1) <= total_len) { for(i=0; ipayload[s_offset+i]; #ifdef DEBUG_TLS printf(""Client TLS [EllipticCurveFormat: %u]\n"", s_group); #endif if(ja3.client.num_elliptic_curve_point_format < MAX_NUM_JA3) ja3.client.elliptic_curve_point_format[ja3.client.num_elliptic_curve_point_format++] = s_group; else { invalid_ja3 = 1; #ifdef DEBUG_TLS printf(""Client TLS Invalid num elliptic %u\n"", ja3.client.num_elliptic_curve_point_format); #endif } } } else { invalid_ja3 = 1; #ifdef DEBUG_TLS printf(""Client TLS Invalid len %u vs %u\n"", s_offset+extension_len, total_len); #endif } } else if(extension_id == 13 ) { u_int16_t s_offset = offset+extension_offset, safari_signature_algorithms = 0, chrome_signature_algorithms = 0; u_int16_t tot_signature_algorithms_len = ntohs(*((u_int16_t*)&packet->payload[s_offset])); #ifdef DEBUG_TLS printf(""Client TLS [SIGNATURE_ALGORITHMS: block_len=%u/len=%u]\n"", extension_len, tot_signature_algorithms_len); #endif s_offset += 2; tot_signature_algorithms_len = ndpi_min((sizeof(ja3.client.signature_algorithms) / 2) - 1, tot_signature_algorithms_len); #ifdef TLS_HANDLE_SIGNATURE_ALGORITMS flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms = ndpi_min(tot_signature_algorithms_len / 2, MAX_NUM_TLS_SIGNATURE_ALGORITHMS); memcpy(flow->protos.tls_quic_stun.tls_quic.client_signature_algorithms, &packet->payload[s_offset], 2 *flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms); #endif for(i=0; ipayload[s_offset+i]); if(rc < 0) break; } for(i=0; ipayload[s_offset+i])); switch(cipher_id) { case ECDSA_SECP521R1_SHA512: flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_firefox_tls = 1; break; case ECDSA_SECP256R1_SHA256: case ECDSA_SECP384R1_SHA384: case RSA_PKCS1_SHA256: case RSA_PKCS1_SHA384: case RSA_PKCS1_SHA512: case RSA_PSS_RSAE_SHA256: case RSA_PSS_RSAE_SHA384: case RSA_PSS_RSAE_SHA512: chrome_signature_algorithms++, safari_signature_algorithms++; break; } } if(flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_firefox_tls) flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls = 0, flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls = 0; if(safari_signature_algorithms != 8) flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_safari_tls = 0; if(chrome_signature_algorithms != 8) flow->protos.tls_quic_stun.tls_quic.browser_euristics.is_chrome_tls = 0; ja3.client.signature_algorithms[i*2] = '\0'; #ifdef DEBUG_TLS printf(""Client TLS [SIGNATURE_ALGORITHMS: %s]\n"", ja3.client.signature_algorithms); #endif } else if(extension_id == 16 ) { u_int16_t s_offset = offset+extension_offset; u_int16_t tot_alpn_len = ntohs(*((u_int16_t*)&packet->payload[s_offset])); char alpn_str[256]; u_int8_t alpn_str_len = 0, i; #ifdef DEBUG_TLS printf(""Client TLS [ALPN: block_len=%u/len=%u]\n"", extension_len, tot_alpn_len); #endif s_offset += 2; tot_alpn_len += s_offset; while(s_offset < tot_alpn_len && s_offset < total_len) { u_int8_t alpn_i, alpn_len = packet->payload[s_offset++]; if((s_offset + alpn_len) <= tot_alpn_len && (s_offset + alpn_len) <= total_len) { #ifdef DEBUG_TLS printf(""Client TLS [ALPN: %u]\n"", alpn_len); #endif if((alpn_str_len+alpn_len+1) < (sizeof(alpn_str)-1)) { if(alpn_str_len > 0) { alpn_str[alpn_str_len] = ','; alpn_str_len++; } for(alpn_i=0; alpn_ipayload[s_offset+alpn_i]; s_offset += alpn_len, alpn_str_len += alpn_len;; } else break; } else break; } alpn_str[alpn_str_len] = '\0'; #ifdef DEBUG_TLS printf(""Client TLS [ALPN: %s][len: %u]\n"", alpn_str, alpn_str_len); #endif if(flow->protos.tls_quic_stun.tls_quic.alpn == NULL) flow->protos.tls_quic_stun.tls_quic.alpn = ndpi_strdup(alpn_str); snprintf(ja3.client.alpn, sizeof(ja3.client.alpn), ""%s"", alpn_str); for(i=0; ja3.client.alpn[i] != '\0'; i++) if(ja3.client.alpn[i] == ',') ja3.client.alpn[i] = '-'; } else if(extension_id == 43 ) { u_int16_t s_offset = offset+extension_offset; u_int8_t version_len = packet->payload[s_offset]; char version_str[256]; u_int8_t version_str_len = 0; version_str[0] = 0; #ifdef DEBUG_TLS printf(""Client TLS [TLS version len: %u]\n"", version_len); #endif if(version_len == (extension_len-1)) { u_int8_t j; u_int16_t supported_versions_offset = 0; s_offset++; for(j=0; j+1payload[s_offset+j])); u_int8_t unknown_tls_version; #ifdef DEBUG_TLS printf(""Client TLS [TLS version: %s/0x%04X]\n"", ndpi_ssl_version2str(flow, tls_version, &unknown_tls_version), tls_version); #endif if((version_str_len+8) < sizeof(version_str)) { int rc = snprintf(&version_str[version_str_len], sizeof(version_str) - version_str_len, ""%s%s"", (version_str_len > 0) ? "","" : """", ndpi_ssl_version2str(flow, tls_version, &unknown_tls_version)); if(rc <= 0) break; else version_str_len += rc; rc = snprintf(&ja3.client.supported_versions[supported_versions_offset], sizeof(ja3.client.supported_versions)-supported_versions_offset, ""%s%04X"", (j > 0) ? ""-"" : """", tls_version); if(rc > 0) supported_versions_offset += rc; } } #ifdef DEBUG_TLS printf(""Client TLS [SUPPORTED_VERSIONS: %s]\n"", ja3.client.supported_versions); #endif if(flow->protos.tls_quic_stun.tls_quic.tls_supported_versions == NULL) flow->protos.tls_quic_stun.tls_quic.tls_supported_versions = ndpi_strdup(version_str); } } else if(extension_id == 65486 ) { u_int16_t e_offset = offset+extension_offset; u_int16_t initial_offset = e_offset; u_int16_t e_sni_len, cipher_suite = ntohs(*((u_int16_t*)&packet->payload[e_offset])); flow->protos.tls_quic_stun.tls_quic.encrypted_sni.cipher_suite = cipher_suite; e_offset += 2; e_offset += 2; e_offset += ntohs(*((u_int16_t*)&packet->payload[e_offset])) + 2; if((e_offset+4) < packet->payload_packet_len) { e_offset += ntohs(*((u_int16_t*)&packet->payload[e_offset])) + 2; if((e_offset+4) < packet->payload_packet_len) { e_sni_len = ntohs(*((u_int16_t*)&packet->payload[e_offset])); e_offset += 2; if((e_offset+e_sni_len-extension_len-initial_offset) >= 0 && e_offset+e_sni_len < packet->payload_packet_len) { #ifdef DEBUG_ENCRYPTED_SNI printf(""Client TLS [Encrypted Server Name len: %u]\n"", e_sni_len); #endif if(flow->protos.tls_quic_stun.tls_quic.encrypted_sni.esni == NULL) { flow->protos.tls_quic_stun.tls_quic.encrypted_sni.esni = (char*)ndpi_malloc(e_sni_len*2+1); if(flow->protos.tls_quic_stun.tls_quic.encrypted_sni.esni) { u_int16_t i, off; for(i=e_offset, off=0; i<(e_offset+e_sni_len); i++) { int rc = sprintf(&flow->protos.tls_quic_stun.tls_quic.encrypted_sni.esni[off], ""%02X"", packet->payload[i] & 0XFF); if(rc <= 0) { flow->protos.tls_quic_stun.tls_quic.encrypted_sni.esni[off] = '\0'; break; } else off += rc; } } } } } } } else if(extension_id == 65445 || extension_id == 57) { u_int16_t s_offset = offset+extension_offset; uint16_t final_offset; int using_var_int = is_version_with_var_int_transport_params(quic_version); if(!using_var_int) { if(s_offset+1 >= total_len) { final_offset = 0; } else { u_int16_t seq_len = ntohs(*((u_int16_t*)&packet->payload[s_offset])); s_offset += 2; final_offset = MIN(total_len, s_offset + seq_len); } } else { final_offset = MIN(total_len, s_offset + extension_len); } while(s_offset < final_offset) { u_int64_t param_type, param_len; if(!using_var_int) { if(s_offset+3 >= final_offset) break; param_type = ntohs(*((u_int16_t*)&packet->payload[s_offset])); param_len = ntohs(*((u_int16_t*)&packet->payload[s_offset + 2])); s_offset += 4; } else { if(s_offset >= final_offset || (s_offset + quic_len_buffer_still_required(packet->payload[s_offset])) >= final_offset) break; s_offset += quic_len(&packet->payload[s_offset], ¶m_type); if(s_offset >= final_offset || (s_offset + quic_len_buffer_still_required(packet->payload[s_offset])) >= final_offset) break; s_offset += quic_len(&packet->payload[s_offset], ¶m_len); } #ifdef DEBUG_TLS printf(""Client TLS [QUIC TP: Param 0x%x Len %d]\n"", (int)param_type, (int)param_len); #endif if(s_offset+param_len > final_offset) break; if(param_type==0x3129) { #ifdef DEBUG_TLS printf(""UA [%.*s]\n"", (int)param_len, &packet->payload[s_offset]); #endif http_process_user_agent(ndpi_struct, flow, &packet->payload[s_offset], param_len); break; } s_offset += param_len; } } extension_offset += extension_len; #ifdef DEBUG_TLS printf(""Client TLS [extension_offset/len: %u/%u]\n"", extension_offset, extension_len); #endif } if(!invalid_ja3) { int rc; compute_ja3c: ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), ""%u,"", ja3.client.tls_handshake_version); for(i=0; i 0) ? ""-"" : """", ja3.client.cipher[i]); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; else break; } rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "",""); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; for(i=0; i 0) ? ""-"" : """", ja3.client.tls_extension[i]); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; else break; } rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "",""); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; for(i=0; i 0) ? ""-"" : """", ja3.client.elliptic_curve[i]); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; else break; } rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "",""); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; for(i=0; i 0) ? ""-"" : """", ja3.client.elliptic_curve_point_format[i]); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; else break; } if(ndpi_struct->enable_ja3_plus) { rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "",%s,%s,%s"", ja3.client.signature_algorithms, ja3.client.supported_versions, ja3.client.alpn); if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; } #ifdef DEBUG_JA3C printf(""[JA3+] Client: %s \n"", ja3_str); #endif ndpi_MD5Init(&ctx); ndpi_MD5Update(&ctx, (const unsigned char *)ja3_str, strlen(ja3_str)); ndpi_MD5Final(md5_hash, &ctx); for(i=0, j=0; i<16; i++) { rc = snprintf(&flow->protos.tls_quic_stun.tls_quic.ja3_client[j], sizeof(flow->protos.tls_quic_stun.tls_quic.ja3_client)-j, ""%02x"", md5_hash[i]); if(rc > 0) j += rc; else break; } #ifdef DEBUG_JA3C printf(""[JA3] Client: %s \n"", flow->protos.tls_quic_stun.tls_quic.ja3_client); #endif if(ndpi_struct->malicious_ja3_automa.ac_automa != NULL) { u_int16_t rc1 = ndpi_match_string(ndpi_struct->malicious_ja3_automa.ac_automa, flow->protos.tls_quic_stun.tls_quic.ja3_client); if(rc1 > 0) ndpi_set_risk(flow, NDPI_MALICIOUS_JA3); } } if((flow->protos.tls_quic_stun.tls_quic.ssl_version >= 0x0303) && (flow->protos.tls_quic_stun.tls_quic.alpn == NULL) ) { ndpi_set_risk(flow, NDPI_TLS_NOT_CARRYING_HTTPS); } if(flow->protos.tls_quic_stun.tls_quic.encrypted_sni.esni && flow->protos.tls_quic_stun.tls_quic.client_requested_server_name[0] != '\0') { ndpi_set_risk(flow, NDPI_TLS_SUSPICIOUS_ESNI_USAGE); } if((flow->protos.tls_quic_stun.tls_quic.client_requested_server_name[0] == 0) && (flow->protos.tls_quic_stun.tls_quic.ssl_version >= 0x0302) && (flow->protos.tls_quic_stun.tls_quic.encrypted_sni.esni == NULL) ) { ndpi_set_risk(flow, NDPI_TLS_MISSING_SNI); } return(2 ); } else { #ifdef DEBUG_TLS printf(""[TLS] Client: too short [%u vs %u]\n"", (extensions_len+offset), total_len); #endif } } else if(offset == total_len) { goto compute_ja3c; } } else { #ifdef DEBUG_TLS printf(""[JA3] Client: invalid length detected\n""); #endif } } } return(0); }",visit repo url,src/lib/protocols/tls.c,https://github.com/ntop/nDPI,269642396469272,1 1444,CWE-17,"dotraplinkage void do_stack_segment(struct pt_regs *regs, long error_code) { enum ctx_state prev_state; prev_state = exception_enter(); if (notify_die(DIE_TRAP, ""stack segment"", regs, error_code, X86_TRAP_SS, SIGBUS) != NOTIFY_STOP) { preempt_conditional_sti(regs); do_trap(X86_TRAP_SS, SIGBUS, ""stack segment"", regs, error_code, NULL); preempt_conditional_cli(regs); } exception_exit(prev_state); }",visit repo url,arch/x86/kernel/traps.c,https://github.com/torvalds/linux,268725671753303,1 5462,['CWE-476'],"void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) { kvm_x86_ops->vcpu_load(vcpu, cpu); kvm_request_guest_time_update(vcpu); }",linux-2.6,,,181556280928137072105047945608390440260,0 2830,[],"static int dio_complete(struct dio *dio, loff_t offset, int ret) { ssize_t transferred = 0; if (ret == -EIOCBQUEUED) ret = 0; if (dio->result) { transferred = dio->result; if ((dio->rw == READ) && ((offset + transferred) > dio->i_size)) transferred = dio->i_size - offset; } if (dio->end_io && dio->result) dio->end_io(dio->iocb, offset, transferred, dio->map_bh.b_private); if (dio->lock_type == DIO_LOCKING) up_read_non_owner(&dio->inode->i_alloc_sem); if (ret == 0) ret = dio->page_errors; if (ret == 0) ret = dio->io_error; if (ret == 0) ret = transferred; return ret; }",linux-2.6,,,121016058585493905671554069872246839902,0 5840,['CWE-200'],"static int __init aun_udp_initialise(void) { int error; struct sockaddr_in sin; skb_queue_head_init(&aun_queue); spin_lock_init(&aun_queue_lock); setup_timer(&ab_cleanup_timer, ab_cleanup, 0); ab_cleanup_timer.expires = jiffies + (HZ*2); add_timer(&ab_cleanup_timer); memset(&sin, 0, sizeof(sin)); sin.sin_port = htons(AUN_PORT); if ((error = sock_create_kern(PF_INET, SOCK_DGRAM, 0, &udpsock)) < 0) { printk(""AUN: socket error %d\n"", -error); return error; } udpsock->sk->sk_reuse = 1; udpsock->sk->sk_allocation = GFP_ATOMIC; error = udpsock->ops->bind(udpsock, (struct sockaddr *)&sin, sizeof(sin)); if (error < 0) { printk(""AUN: bind error %d\n"", -error); goto release; } udpsock->sk->sk_data_ready = aun_data_available; return 0; release: sock_release(udpsock); udpsock = NULL; return error; }",linux-2.6,,,321085382330275351250605806207826643920,0 101,CWE-119,"X509_NAME_oneline_ex(X509_NAME * a, char *buf, unsigned int *size, unsigned long flag) { BIO *out = NULL; out = BIO_new(BIO_s_mem ()); if (X509_NAME_print_ex(out, a, 0, flag) > 0) { if (buf != NULL && (*size) > (unsigned int) BIO_number_written(out)) { memset(buf, 0, *size); BIO_read(out, buf, (int) BIO_number_written(out)); } else { *size = BIO_number_written(out); } } BIO_free(out); return (buf); }",visit repo url,src/plugins/preauth/pkinit/pkinit_crypto_openssl.c,https://github.com/krb5/krb5,89217145581043,1 1156,['CWE-189'],"unsigned long ktime_divns(const ktime_t kt, s64 div) { u64 dclc, inc, dns; int sft = 0; dclc = dns = ktime_to_ns(kt); inc = div; while (div >> 32) { sft++; div >>= 1; } dclc >>= sft; do_div(dclc, (unsigned long) div); return (unsigned long) dclc; }",linux-2.6,,,136022862621518556661940760758997806043,0 2835,[],"static int get_more_blocks(struct dio *dio) { int ret; struct buffer_head *map_bh = &dio->map_bh; sector_t fs_startblk; unsigned long fs_count; unsigned long dio_count; unsigned long blkmask; int create; ret = dio->page_errors; if (ret == 0) { BUG_ON(dio->block_in_file >= dio->final_block_in_request); fs_startblk = dio->block_in_file >> dio->blkfactor; dio_count = dio->final_block_in_request - dio->block_in_file; fs_count = dio_count >> dio->blkfactor; blkmask = (1 << dio->blkfactor) - 1; if (dio_count & blkmask) fs_count++; map_bh->b_state = 0; map_bh->b_size = fs_count << dio->inode->i_blkbits; create = dio->rw & WRITE; if (dio->lock_type == DIO_LOCKING) { if (dio->block_in_file < (i_size_read(dio->inode) >> dio->blkbits)) create = 0; } else if (dio->lock_type == DIO_NO_LOCKING) { create = 0; } ret = (*dio->get_block)(dio->inode, fs_startblk, map_bh, create); } return ret; }",linux-2.6,,,99439294062350871472729818798617261044,0 3922,['CWE-399'],static int tea6320_volume(int val) { return (val / (65535/(63-12)) + 12) & 0x3f; },linux-2.6,,,4804907926851381654998764029003618327,0 276,[],"static int raw_ioctl(unsigned fd, unsigned cmd, unsigned long arg) { int ret; switch (cmd) { case RAW_SETBIND: case RAW_GETBIND: { struct raw_config_request req; struct raw32_config_request __user *user_req = compat_ptr(arg); mm_segment_t oldfs = get_fs(); if ((ret = get_raw32_request(&req, user_req))) return ret; set_fs(KERNEL_DS); ret = sys_ioctl(fd,cmd,(unsigned long)&req); set_fs(oldfs); if ((!ret) && (cmd == RAW_GETBIND)) { ret = set_raw32_request(&req, user_req); } break; } default: ret = sys_ioctl(fd, cmd, arg); break; } return ret; }",linux-2.6,,,187011751319585649236344523182885524404,0 1916,CWE-476,"static int f2fs_read_single_page(struct inode *inode, struct page *page, unsigned nr_pages, struct f2fs_map_blocks *map, struct bio **bio_ret, sector_t *last_block_in_bio, bool is_readahead) { struct bio *bio = *bio_ret; const unsigned blkbits = inode->i_blkbits; const unsigned blocksize = 1 << blkbits; sector_t block_in_file; sector_t last_block; sector_t last_block_in_file; sector_t block_nr; int ret = 0; block_in_file = (sector_t)page->index; last_block = block_in_file + nr_pages; last_block_in_file = (i_size_read(inode) + blocksize - 1) >> blkbits; if (last_block > last_block_in_file) last_block = last_block_in_file; if (block_in_file >= last_block) goto zero_out; if ((map->m_flags & F2FS_MAP_MAPPED) && block_in_file > map->m_lblk && block_in_file < (map->m_lblk + map->m_len)) goto got_it; map->m_lblk = block_in_file; map->m_len = last_block - block_in_file; ret = f2fs_map_blocks(inode, map, 0, F2FS_GET_BLOCK_DEFAULT); if (ret) goto out; got_it: if ((map->m_flags & F2FS_MAP_MAPPED)) { block_nr = map->m_pblk + block_in_file - map->m_lblk; SetPageMappedToDisk(page); if (!PageUptodate(page) && !cleancache_get_page(page)) { SetPageUptodate(page); goto confused; } if (!f2fs_is_valid_blkaddr(F2FS_I_SB(inode), block_nr, DATA_GENERIC_ENHANCE_READ)) { ret = -EFSCORRUPTED; goto out; } } else { zero_out: zero_user_segment(page, 0, PAGE_SIZE); if (!PageUptodate(page)) SetPageUptodate(page); unlock_page(page); goto out; } if (bio && (*last_block_in_bio != block_nr - 1 || !__same_bdev(F2FS_I_SB(inode), block_nr, bio))) { submit_and_realloc: __submit_bio(F2FS_I_SB(inode), bio, DATA); bio = NULL; } if (bio == NULL) { bio = f2fs_grab_read_bio(inode, block_nr, nr_pages, is_readahead ? REQ_RAHEAD : 0); if (IS_ERR(bio)) { ret = PTR_ERR(bio); bio = NULL; goto out; } } f2fs_wait_on_block_writeback(inode, block_nr); if (bio_add_page(bio, page, blocksize, 0) < blocksize) goto submit_and_realloc; inc_page_count(F2FS_I_SB(inode), F2FS_RD_DATA); ClearPageError(page); *last_block_in_bio = block_nr; goto out; confused: if (bio) { __submit_bio(F2FS_I_SB(inode), bio, DATA); bio = NULL; } unlock_page(page); out: *bio_ret = bio; return ret; }",visit repo url,fs/f2fs/data.c,https://github.com/torvalds/linux,18473248532487,1 1908,['CWE-20'],"int vmtruncate(struct inode * inode, loff_t offset) { if (inode->i_size < offset) { unsigned long limit; limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; if (limit != RLIM_INFINITY && offset > limit) goto out_sig; if (offset > inode->i_sb->s_maxbytes) goto out_big; i_size_write(inode, offset); } else { struct address_space *mapping = inode->i_mapping; if (IS_SWAPFILE(inode)) return -ETXTBSY; i_size_write(inode, offset); unmap_mapping_range(mapping, offset + PAGE_SIZE - 1, 0, 1); truncate_inode_pages(mapping, offset); unmap_mapping_range(mapping, offset + PAGE_SIZE - 1, 0, 1); } if (inode->i_op && inode->i_op->truncate) inode->i_op->truncate(inode); return 0; out_sig: send_sig(SIGXFSZ, current, 0); out_big: return -EFBIG; }",linux-2.6,,,228995500974072761698111213129547590092,0 5269,['CWE-264'],"static struct canon_ace *canon_ace_entry_for(struct canon_ace *list, SMB_ACL_TAG_T type, posix_id *id) { while (list) { if (list->type == type && ((type != SMB_ACL_USER && type != SMB_ACL_GROUP) || (type == SMB_ACL_USER && id && id->uid == list->unix_ug.uid) || (type == SMB_ACL_GROUP && id && id->gid == list->unix_ug.gid))) break; list = list->next; } return list; }",samba,,,61822320172100170913833254638740363411,0 1115,CWE-362,"static int ip_options_get_finish(struct net *net, struct ip_options **optp, struct ip_options *opt, int optlen) { while (optlen & 3) opt->__data[optlen++] = IPOPT_END; opt->optlen = optlen; if (optlen && ip_options_compile(net, opt, NULL)) { kfree(opt); return -EINVAL; } kfree(*optp); *optp = opt; return 0; }",visit repo url,net/ipv4/ip_options.c,https://github.com/torvalds/linux,6942782607889,1 3153,['CWE-189'],"static int jpc_dec_tilefini(jpc_dec_t *dec, jpc_dec_tile_t *tile) { jpc_dec_tcomp_t *tcomp; int compno; int bandno; int rlvlno; jpc_dec_band_t *band; jpc_dec_rlvl_t *rlvl; int prcno; jpc_dec_prc_t *prc; jpc_dec_seg_t *seg; jpc_dec_cblk_t *cblk; int cblkno; if (tile->tcomps) { for (compno = 0, tcomp = tile->tcomps; compno < dec->numcomps; ++compno, ++tcomp) { for (rlvlno = 0, rlvl = tcomp->rlvls; rlvlno < tcomp->numrlvls; ++rlvlno, ++rlvl) { if (!rlvl->bands) { continue; } for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; ++bandno, ++band) { if (band->prcs) { for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno, ++prc) { if (!prc->cblks) { continue; } for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks; ++cblkno, ++cblk) { while (cblk->segs.head) { seg = cblk->segs.head; jpc_seglist_remove(&cblk->segs, seg); jpc_seg_destroy(seg); } jas_matrix_destroy(cblk->data); if (cblk->mqdec) { jpc_mqdec_destroy(cblk->mqdec); } if (cblk->nulldec) { jpc_bitstream_close(cblk->nulldec); } if (cblk->flags) { jas_matrix_destroy(cblk->flags); } } if (prc->incltagtree) { jpc_tagtree_destroy(prc->incltagtree); } if (prc->numimsbstagtree) { jpc_tagtree_destroy(prc->numimsbstagtree); } if (prc->cblks) { jas_free(prc->cblks); } } } if (band->data) { jas_matrix_destroy(band->data); } if (band->prcs) { jas_free(band->prcs); } } if (rlvl->bands) { jas_free(rlvl->bands); } } if (tcomp->rlvls) { jas_free(tcomp->rlvls); } if (tcomp->data) { jas_matrix_destroy(tcomp->data); } if (tcomp->tsfb) { jpc_tsfb_destroy(tcomp->tsfb); } } } if (tile->cp) { jpc_dec_cp_destroy(tile->cp); tile->cp = 0; } if (tile->tcomps) { jas_free(tile->tcomps); tile->tcomps = 0; } if (tile->pi) { jpc_pi_destroy(tile->pi); tile->pi = 0; } if (tile->pkthdrstream) { jas_stream_close(tile->pkthdrstream); tile->pkthdrstream = 0; } if (tile->pptstab) { jpc_ppxstab_destroy(tile->pptstab); tile->pptstab = 0; } tile->state = JPC_TILE_DONE; return 0; }",jasper,,,54903208423080664486616953031162042741,0 3269,['CWE-189'],"long jas_stream_length(jas_stream_t *stream) { long oldpos; long pos; if ((oldpos = jas_stream_tell(stream)) < 0) { return -1; } if (jas_stream_seek(stream, 0, SEEK_END) < 0) { return -1; } if ((pos = jas_stream_tell(stream)) < 0) { return -1; } if (jas_stream_seek(stream, oldpos, SEEK_SET) < 0) { return -1; } return pos; }",jasper,,,303762539943791722997869719809496970739,0 581,[],"static int bad_file_lock(struct file *file, int cmd, struct file_lock *fl) { return -EIO; }",linux-2.6,,,288898838804401928487490819513679440223,0 6470,[],"foreachfile_callback (char *dirname, void *data1, void *data2) { file_worker_func *func = *(file_worker_func **) data1; int is_done = 0; char *argz = 0; size_t argz_len = 0; if (list_files_by_dir (dirname, &argz, &argz_len) != 0) goto cleanup; if (!argz) goto cleanup; { char *filename = 0; while ((filename = argz_next (argz, argz_len, filename))) if ((is_done = (*func) (filename, data2))) break; } cleanup: FREE (argz); return is_done; }",libtool,,,339199477264227898221541759390030119359,0 2899,['CWE-189'],"jas_cmprof_t *jas_cmprof_createfromclrspc(int clrspc) { jas_iccprof_t *iccprof; jas_cmprof_t *prof; iccprof = 0; prof = 0; switch (clrspc) { case JAS_CLRSPC_SYCBCR: if (!(prof = jas_cmprof_createsycc())) goto error; break; default: if (!(iccprof = jas_iccprof_createfromclrspc(clrspc))) goto error; if (!(prof = jas_cmprof_createfromiccprof(iccprof))) goto error; jas_iccprof_destroy(iccprof); iccprof = 0; if (!jas_clrspc_isgeneric(clrspc)) prof->clrspc = clrspc; break; } return prof; error: if (iccprof) jas_iccprof_destroy(iccprof); return 0; }",jasper,,,76077321696049783234883039773256433206,0 5274,CWE-330,"apr_byte_t oidc_cache_set(request_rec *r, const char *section, const char *key, const char *value, apr_time_t expiry) { oidc_cfg *cfg = ap_get_module_config(r->server->module_config, &auth_openidc_module); int encrypted = oidc_cfg_cache_encrypt(r); char *encoded = NULL; apr_byte_t rc = FALSE; char *msg = NULL; oidc_debug(r, ""enter: %s (section=%s, len=%d, encrypt=%d, ttl(s)=%"" APR_TIME_T_FMT "", type=%s)"", key, section, value ? (int )strlen(value) : 0, encrypted, apr_time_sec(expiry - apr_time_now()), cfg->cache->name); if (encrypted == 1) { key = oidc_cache_get_hashed_key(r, cfg->crypto_passphrase, key); if (key == NULL) goto out; if (value != NULL) { if (oidc_cache_crypto_encrypt(r, value, oidc_cache_hash_passphrase(r, cfg->crypto_passphrase), &encoded) <= 0) goto out; value = encoded; } } rc = cfg->cache->set(r, section, key, value, expiry); out: msg = apr_psprintf(r->pool, ""%d bytes in %s cache backend for %skey %s"", (value ? (int) strlen(value) : 0), (cfg->cache->name ? cfg->cache->name : """"), (encrypted ? ""encrypted "" : """"), (key ? key : """")); if (rc == TRUE) oidc_debug(r, ""successfully stored %s"", msg); else oidc_warn(r, ""could NOT store %s"", msg); return rc; }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,24309960832855,1 691,CWE-20,"int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct atm_vcc *vcc; struct sk_buff *skb; int copied, error = -EINVAL; msg->msg_namelen = 0; if (sock->state != SS_CONNECTED) return -ENOTCONN; if (flags & ~(MSG_DONTWAIT | MSG_PEEK)) return -EOPNOTSUPP; vcc = ATM_SD(sock); if (test_bit(ATM_VF_RELEASED, &vcc->flags) || test_bit(ATM_VF_CLOSE, &vcc->flags) || !test_bit(ATM_VF_READY, &vcc->flags)) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &error); if (!skb) return error; copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } error = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (error) return error; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { pr_debug(""%d -= %d\n"", atomic_read(&sk->sk_rmem_alloc), skb->truesize); atm_return(vcc, skb->truesize); } skb_free_datagram(sk, skb); return copied; }",visit repo url,net/atm/common.c,https://github.com/torvalds/linux,240275613128050,1 2877,CWE-787,"loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned char **read_ptr) { uint32 i; float xres = 0.0, yres = 0.0; uint16 nstrips = 0, ntiles = 0, planar = 0; uint16 bps = 0, spp = 0, res_unit = 0; uint16 orientation = 0; uint16 input_compression = 0, input_photometric = 0; uint16 subsampling_horiz, subsampling_vert; uint32 width = 0, length = 0; uint32 stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; uint32 tw = 0, tl = 0; uint32 tile_rowsize = 0; unsigned char *read_buff = NULL; unsigned char *new_buff = NULL; int readunit = 0; static uint32 prev_readsize = 0; TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); TIFFGetFieldDefaulted(in, TIFFTAG_ORIENTATION, &orientation); if (! TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric)) TIFFError(""loadImage"",""Image lacks Photometric interpreation tag""); if (! TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width)) TIFFError(""loadimage"",""Image lacks image width tag""); if(! TIFFGetField(in, TIFFTAG_IMAGELENGTH, &length)) TIFFError(""loadimage"",""Image lacks image length tag""); TIFFGetFieldDefaulted(in, TIFFTAG_XRESOLUTION, &xres); TIFFGetFieldDefaulted(in, TIFFTAG_YRESOLUTION, &yres); if (!TIFFGetFieldDefaulted(in, TIFFTAG_RESOLUTIONUNIT, &res_unit)) res_unit = RESUNIT_INCH; if (!TIFFGetField(in, TIFFTAG_COMPRESSION, &input_compression)) input_compression = COMPRESSION_NONE; #ifdef DEBUG2 char compressionid[16]; switch (input_compression) { case COMPRESSION_NONE: strcpy (compressionid, ""None/dump""); break; case COMPRESSION_CCITTRLE: strcpy (compressionid, ""Huffman RLE""); break; case COMPRESSION_CCITTFAX3: strcpy (compressionid, ""Group3 Fax""); break; case COMPRESSION_CCITTFAX4: strcpy (compressionid, ""Group4 Fax""); break; case COMPRESSION_LZW: strcpy (compressionid, ""LZW""); break; case COMPRESSION_OJPEG: strcpy (compressionid, ""Old Jpeg""); break; case COMPRESSION_JPEG: strcpy (compressionid, ""New Jpeg""); break; case COMPRESSION_NEXT: strcpy (compressionid, ""Next RLE""); break; case COMPRESSION_CCITTRLEW: strcpy (compressionid, ""CITTRLEW""); break; case COMPRESSION_PACKBITS: strcpy (compressionid, ""Mac Packbits""); break; case COMPRESSION_THUNDERSCAN: strcpy (compressionid, ""Thunderscan""); break; case COMPRESSION_IT8CTPAD: strcpy (compressionid, ""IT8 padded""); break; case COMPRESSION_IT8LW: strcpy (compressionid, ""IT8 RLE""); break; case COMPRESSION_IT8MP: strcpy (compressionid, ""IT8 mono""); break; case COMPRESSION_IT8BL: strcpy (compressionid, ""IT8 lineart""); break; case COMPRESSION_PIXARFILM: strcpy (compressionid, ""Pixar 10 bit""); break; case COMPRESSION_PIXARLOG: strcpy (compressionid, ""Pixar 11bit""); break; case COMPRESSION_DEFLATE: strcpy (compressionid, ""Deflate""); break; case COMPRESSION_ADOBE_DEFLATE: strcpy (compressionid, ""Adobe deflate""); break; default: strcpy (compressionid, ""None/unknown""); break; } TIFFError(""loadImage"", ""Input compression %s"", compressionid); #endif scanlinesize = TIFFScanlineSize(in); image->bps = bps; image->spp = spp; image->planar = planar; image->width = width; image->length = length; image->xres = xres; image->yres = yres; image->res_unit = res_unit; image->compression = input_compression; image->photometric = input_photometric; #ifdef DEBUG2 char photometricid[12]; switch (input_photometric) { case PHOTOMETRIC_MINISWHITE: strcpy (photometricid, ""MinIsWhite""); break; case PHOTOMETRIC_MINISBLACK: strcpy (photometricid, ""MinIsBlack""); break; case PHOTOMETRIC_RGB: strcpy (photometricid, ""RGB""); break; case PHOTOMETRIC_PALETTE: strcpy (photometricid, ""Palette""); break; case PHOTOMETRIC_MASK: strcpy (photometricid, ""Mask""); break; case PHOTOMETRIC_SEPARATED: strcpy (photometricid, ""Separated""); break; case PHOTOMETRIC_YCBCR: strcpy (photometricid, ""YCBCR""); break; case PHOTOMETRIC_CIELAB: strcpy (photometricid, ""CIELab""); break; case PHOTOMETRIC_ICCLAB: strcpy (photometricid, ""ICCLab""); break; case PHOTOMETRIC_ITULAB: strcpy (photometricid, ""ITULab""); break; case PHOTOMETRIC_LOGL: strcpy (photometricid, ""LogL""); break; case PHOTOMETRIC_LOGLUV: strcpy (photometricid, ""LOGLuv""); break; default: strcpy (photometricid, ""Unknown""); break; } TIFFError(""loadImage"", ""Input photometric interpretation %s"", photometricid); #endif image->orientation = orientation; switch (orientation) { case 0: case ORIENTATION_TOPLEFT: image->adjustments = 0; break; case ORIENTATION_TOPRIGHT: image->adjustments = MIRROR_HORIZ; break; case ORIENTATION_BOTRIGHT: image->adjustments = ROTATECW_180; break; case ORIENTATION_BOTLEFT: image->adjustments = MIRROR_VERT; break; case ORIENTATION_LEFTTOP: image->adjustments = MIRROR_VERT | ROTATECW_90; break; case ORIENTATION_RIGHTTOP: image->adjustments = ROTATECW_90; break; case ORIENTATION_RIGHTBOT: image->adjustments = MIRROR_VERT | ROTATECW_270; break; case ORIENTATION_LEFTBOT: image->adjustments = ROTATECW_270; break; default: image->adjustments = 0; image->orientation = ORIENTATION_TOPLEFT; } if ((bps == 0) || (spp == 0)) { TIFFError(""loadImage"", ""Invalid samples per pixel (%d) or bits per sample (%d)"", spp, bps); return (-1); } if (TIFFIsTiled(in)) { readunit = TILE; tlsize = TIFFTileSize(in); ntiles = TIFFNumberOfTiles(in); TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); tile_rowsize = TIFFTileRowSize(in); if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) { TIFFError(""loadImage"", ""File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.""); exit(-1); } buffsize = tlsize * ntiles; if (tlsize != (buffsize / ntiles)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) { buffsize = ntiles * tl * tile_rowsize; if (ntiles != (buffsize / tl / tile_rowsize)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } #ifdef DEBUG2 TIFFError(""loadImage"", ""Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu"", tlsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Tilesize: %u, Number of Tiles: %u, Tile row size: %u"", tlsize, ntiles, tile_rowsize); } else { uint32 buffsize_check; readunit = STRIP; TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); stsize = TIFFStripSize(in); nstrips = TIFFNumberOfStrips(in); if (nstrips == 0 || stsize == 0) { TIFFError(""loadImage"", ""File appears to be striped, but the number of stipes or stripe size is zero.""); exit(-1); } buffsize = stsize * nstrips; if (stsize != (buffsize / nstrips)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } buffsize_check = ((length * width * spp * bps) + 7); if (length != ((buffsize_check - 7) / width / spp / bps)) { TIFFError(""loadImage"", ""Integer overflow detected.""); exit(-1); } if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) { buffsize = ((length * width * spp * bps) + 7) / 8; #ifdef DEBUG2 TIFFError(""loadImage"", ""Stripsize %u is too small, using imagelength * width * spp * bps / 8 = %lu"", stsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Stripsize: %u, Number of Strips: %u, Rows per Strip: %u, Scanline size: %u"", stsize, nstrips, rowsperstrip, scanlinesize); } if (input_compression == COMPRESSION_JPEG) { jpegcolormode = JPEGCOLORMODE_RGB; TIFFSetField(in, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { if (input_photometric == PHOTOMETRIC_YCBCR) { TIFFGetFieldDefaulted(in, TIFFTAG_YCBCRSUBSAMPLING, &subsampling_horiz, &subsampling_vert); if (subsampling_horiz != 1 || subsampling_vert != 1) { TIFFError(""loadImage"", ""Can't copy/convert subsampled image with subsampling %d horiz %d vert"", subsampling_horiz, subsampling_vert); return (-1); } } } read_buff = *read_ptr; if (!read_buff) read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); else { if (prev_readsize < buffsize) { new_buff = _TIFFrealloc(read_buff, buffsize+3); if (!new_buff) { free (read_buff); read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); } else read_buff = new_buff; } } if (!read_buff) { TIFFError(""loadImage"", ""Unable to allocate/reallocate read buffer""); return (-1); } read_buff[buffsize] = 0; read_buff[buffsize+1] = 0; read_buff[buffsize+2] = 0; prev_readsize = buffsize; *read_ptr = read_buff; switch (readunit) { case STRIP: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigStripsIntoBuffer(in, read_buff))) { TIFFError(""loadImage"", ""Unable to read contiguous strips into buffer""); return (-1); } } else { if (!(readSeparateStripsIntoBuffer(in, read_buff, length, width, spp, dump))) { TIFFError(""loadImage"", ""Unable to read separate strips into buffer""); return (-1); } } break; case TILE: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read contiguous tiles into buffer""); return (-1); } } else { if (!(readSeparateTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read separate tiles into buffer""); return (-1); } } break; default: TIFFError(""loadImage"", ""Unsupported image file format""); return (-1); break; } if ((dump->infile != NULL) && (dump->level == 2)) { dump_info (dump->infile, dump->format, ""loadImage"", ""Image width %d, length %d, Raw image data, %4d bytes"", width, length, buffsize); dump_info (dump->infile, dump->format, """", ""Bits per sample %d, Samples per pixel %d"", bps, spp); for (i = 0; i < length; i++) dump_buffer(dump->infile, dump->format, 1, scanlinesize, i, read_buff + (i * scanlinesize)); } return (0); } ",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,240254658313187,1 6592,['CWE-200'],"applet_do_notify (NMApplet *applet, NotifyUrgency urgency, const char *summary, const char *message, const char *icon, const char *action1, const char *action1_label, NotifyActionCallback action1_cb, gpointer action1_user_data) { NotifyNotification *notify; GError *error = NULL; char *escaped; g_return_if_fail (applet != NULL); g_return_if_fail (summary != NULL); g_return_if_fail (message != NULL); #if GTK_CHECK_VERSION(2, 11, 0) if (!gtk_status_icon_is_embedded (applet->status_icon)) return; #endif applet_clear_notify (applet); escaped = utils_escape_notify_message (message); notify = notify_notification_new (summary, escaped, icon ? icon : GTK_STOCK_NETWORK, NULL); g_free (escaped); applet->notification = notify; notify_notification_attach_to_status_icon (notify, applet->status_icon); notify_notification_set_urgency (notify, urgency); notify_notification_set_timeout (notify, NOTIFY_EXPIRES_DEFAULT); if (applet->notify_with_actions && action1) { notify_notification_add_action (notify, action1, action1_label, action1_cb, action1_user_data, NULL); } if (!notify_notification_show (notify, &error)) { g_warning (""Failed to show notification: %s"", error && error->message ? error->message : ""(unknown)""); g_clear_error (&error); } }",network-manager-applet,,,169770724992888590215881502845695576643,0 2296,['CWE-120'],"int vfs_rmdir(struct inode *dir, struct dentry *dentry) { int error = may_delete(dir, dentry, 1); if (error) return error; if (!dir->i_op || !dir->i_op->rmdir) return -EPERM; DQUOT_INIT(dir); mutex_lock(&dentry->d_inode->i_mutex); dentry_unhash(dentry); if (d_mountpoint(dentry)) error = -EBUSY; else { error = security_inode_rmdir(dir, dentry); if (!error) { error = dir->i_op->rmdir(dir, dentry); if (!error) dentry->d_inode->i_flags |= S_DEAD; } } mutex_unlock(&dentry->d_inode->i_mutex); if (!error) { d_delete(dentry); } dput(dentry); return error; }",linux-2.6,,,285794030601970687078461193992445648209,0 6131,['CWE-200'],"void neigh_seq_stop(struct seq_file *seq, void *v) { struct neigh_seq_state *state = seq->private; struct neigh_table *tbl = state->tbl; read_unlock_bh(&tbl->lock); }",linux-2.6,,,193451742793274493387436063049655813733,0 3668,['CWE-264'],"static long do_tee(struct file *in, struct file *out, size_t len, unsigned int flags) { struct pipe_inode_info *ipipe = pipe_info(in->f_path.dentry->d_inode); struct pipe_inode_info *opipe = pipe_info(out->f_path.dentry->d_inode); int ret = -EINVAL; if (ipipe && opipe && ipipe != opipe) { ret = link_ipipe_prep(ipipe, flags); if (!ret) { ret = link_opipe_prep(opipe, flags); if (!ret) ret = link_pipe(ipipe, opipe, len, flags); } } return ret; }",linux-2.6,,,249016870274053193973008802973371455238,0 4244,['CWE-399'],"void qdisc_reset(struct Qdisc *qdisc) { const struct Qdisc_ops *ops = qdisc->ops; if (ops->reset) ops->reset(qdisc); }",linux-2.6,,,277886066569488954990226020418861299912,0 2949,CWE-59,"static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_handler *handler) { int r; size_t i; static struct { int match_mask; int match_flag; const char *source; const char *destination; const char *fstype; unsigned long flags; const char *options; } default_mounts[] = { { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, ""proc"", ""%r/proc"", ""proc"", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL }, { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, ""%r/proc/sys/net"", ""%r/proc/net"", NULL, MS_BIND, NULL }, { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, ""%r/proc/sys"", ""%r/proc/sys"", NULL, MS_BIND, NULL }, { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, ""%r/proc/sys"", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL }, { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, ""%r/proc/net"", ""%r/proc/sys/net"", NULL, MS_MOVE, NULL }, { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, ""%r/proc/sysrq-trigger"", ""%r/proc/sysrq-trigger"", NULL, MS_BIND, NULL }, { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, ""%r/proc/sysrq-trigger"", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL }, { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW, ""proc"", ""%r/proc"", ""proc"", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL }, { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW, ""sysfs"", ""%r/sys"", ""sysfs"", 0, NULL }, { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO, ""sysfs"", ""%r/sys"", ""sysfs"", MS_RDONLY, NULL }, { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, ""sysfs"", ""%r/sys"", ""sysfs"", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL }, { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, ""%r/sys"", ""%r/sys"", NULL, MS_BIND, NULL }, { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, ""%r/sys"", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL }, { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, ""sysfs"", ""%r/sys/devices/virtual/net"", ""sysfs"", 0, NULL }, { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, ""%r/sys/devices/virtual/net/devices/virtual/net"", ""%r/sys/devices/virtual/net"", NULL, MS_BIND, NULL }, { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, ""%r/sys/devices/virtual/net"", NULL, MS_REMOUNT|MS_BIND|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL }, { 0, 0, NULL, NULL, NULL, 0, NULL } }; for (i = 0; default_mounts[i].match_mask; i++) { if ((flags & default_mounts[i].match_mask) == default_mounts[i].match_flag) { char *source = NULL; char *destination = NULL; int saved_errno; unsigned long mflags; if (default_mounts[i].source) { source = lxc_string_replace(""%r"", conf->rootfs.path ? conf->rootfs.mount : """", default_mounts[i].source); if (!source) { SYSERROR(""memory allocation error""); return -1; } } if (default_mounts[i].destination) { destination = lxc_string_replace(""%r"", conf->rootfs.path ? conf->rootfs.mount : """", default_mounts[i].destination); if (!destination) { saved_errno = errno; SYSERROR(""memory allocation error""); free(source); errno = saved_errno; return -1; } } mflags = add_required_remount_flags(source, destination, default_mounts[i].flags); r = mount(source, destination, default_mounts[i].fstype, mflags, default_mounts[i].options); saved_errno = errno; if (r < 0 && errno == ENOENT) { INFO(""Mount source or target for %s on %s doesn't exist. Skipping."", source, destination); r = 0; } else if (r < 0) SYSERROR(""error mounting %s on %s flags %lu"", source, destination, mflags); free(source); free(destination); if (r < 0) { errno = saved_errno; return -1; } } } if (flags & LXC_AUTO_CGROUP_MASK) { int cg_flags; cg_flags = flags & LXC_AUTO_CGROUP_MASK; if (cg_flags == LXC_AUTO_CGROUP_NOSPEC || cg_flags == LXC_AUTO_CGROUP_FULL_NOSPEC) { int has_sys_admin = 0; if (!lxc_list_empty(&conf->keepcaps)) { has_sys_admin = in_caplist(CAP_SYS_ADMIN, &conf->keepcaps); } else { has_sys_admin = !in_caplist(CAP_SYS_ADMIN, &conf->caps); } if (cg_flags == LXC_AUTO_CGROUP_NOSPEC) { cg_flags = has_sys_admin ? LXC_AUTO_CGROUP_RW : LXC_AUTO_CGROUP_MIXED; } else { cg_flags = has_sys_admin ? LXC_AUTO_CGROUP_FULL_RW : LXC_AUTO_CGROUP_FULL_MIXED; } } if (!cgroup_mount(conf->rootfs.path ? conf->rootfs.mount : """", handler, cg_flags)) { SYSERROR(""error mounting /sys/fs/cgroup""); return -1; } } return 0; }",visit repo url,src/lxc/conf.c,https://github.com/lxc/lxc,47110061460121,1 1933,CWE-400,"void __refill_cfs_bandwidth_runtime(struct cfs_bandwidth *cfs_b) { u64 now; if (cfs_b->quota == RUNTIME_INF) return; now = sched_clock_cpu(smp_processor_id()); cfs_b->runtime = cfs_b->quota; cfs_b->runtime_expires = now + ktime_to_ns(cfs_b->period); cfs_b->expires_seq++; }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,72763890496284,1 6174,CWE-190,"void ep4_mul_sim_joint(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, const bn_t m) { ep4_t t[5]; int i, l, u_i, offset; int8_t jsf[4 * (RLC_FP_BITS + 1)]; if (bn_is_zero(k) || ep4_is_infty(p)) { ep4_mul(r, q, m); return; } if (bn_is_zero(m) || ep4_is_infty(q)) { ep4_mul(r, p, k); return; } RLC_TRY { for (i = 0; i < 5; i++) { ep4_null(t[i]); ep4_new(t[i]); } ep4_set_infty(t[0]); ep4_copy(t[1], q); if (bn_sign(m) == RLC_NEG) { ep4_neg(t[1], t[1]); } ep4_copy(t[2], p); if (bn_sign(k) == RLC_NEG) { ep4_neg(t[2], t[2]); } ep4_add(t[3], t[2], t[1]); ep4_sub(t[4], t[2], t[1]); #if defined(EP_MIXED) ep4_norm_sim(t + 3, t + 3, 2); #endif l = 4 * (RLC_FP_BITS + 1); bn_rec_jsf(jsf, &l, k, m); ep4_set_infty(r); offset = RLC_MAX(bn_bits(k), bn_bits(m)) + 1; for (i = l - 1; i >= 0; i--) { ep4_dbl(r, r); if (jsf[i] != 0 && jsf[i] == -jsf[i + offset]) { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { ep4_sub(r, r, t[4]); } else { ep4_add(r, r, t[4]); } } else { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { ep4_sub(r, r, t[-u_i]); } else { ep4_add(r, r, t[u_i]); } } } ep4_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < 5; i++) { ep4_free(t[i]); } } }",visit repo url,src/epx/relic_ep4_mul_sim.c,https://github.com/relic-toolkit/relic,262980847492141,1 1981,CWE-476,"static int stv06xx_isoc_init(struct gspca_dev *gspca_dev) { struct usb_host_interface *alt; struct sd *sd = (struct sd *) gspca_dev; alt = &gspca_dev->dev->actconfig->intf_cache[0]->altsetting[1]; alt->endpoint[0].desc.wMaxPacketSize = cpu_to_le16(sd->sensor->max_packet_size[gspca_dev->curr_mode]); return 0; }",visit repo url,drivers/media/usb/gspca/stv06xx/stv06xx.c,https://github.com/torvalds/linux,76864466316953,1 1144,['CWE-362'],"void __inode_dir_notify(struct inode *inode, unsigned long event) { struct dnotify_struct * dn; struct dnotify_struct **prev; struct fown_struct * fown; int changed = 0; spin_lock(&inode->i_lock); prev = &inode->i_dnotify; while ((dn = *prev) != NULL) { if ((dn->dn_mask & event) == 0) { prev = &dn->dn_next; continue; } fown = &dn->dn_filp->f_owner; send_sigio(fown, dn->dn_fd, POLL_MSG); if (dn->dn_mask & DN_MULTISHOT) prev = &dn->dn_next; else { *prev = dn->dn_next; changed = 1; kmem_cache_free(dn_cache, dn); } } if (changed) redo_inode_mask(inode); spin_unlock(&inode->i_lock); }",linux-2.6,,,323652773387804392303313303730044537470,0 3418,CWE-119,"static void finish_object(struct object *obj, struct strbuf *path, const char *name, void *cb_data) { struct rev_list_info *info = cb_data; if (obj->type == OBJ_BLOB && !has_object_file(&obj->oid)) die(""missing blob object '%s'"", oid_to_hex(&obj->oid)); if (info->revs->verify_objects && !obj->parsed && obj->type != OBJ_COMMIT) parse_object(obj->oid.hash); }",visit repo url,builtin/rev-list.c,https://github.com/git/git,124445513516221,1 1054,['CWE-20'],"int raw_notifier_call_chain(struct raw_notifier_head *nh, unsigned long val, void *v) { return notifier_call_chain(&nh->head, val, v); }",linux-2.6,,,124474560767520971873402630128714925964,0 5179,['CWE-20'],"static u32 vmcs_read32(unsigned long field) { return vmcs_readl(field); }",linux-2.6,,,301801632297553943258716142642456261168,0 6605,CWE-476,"static int on_header_value( multipart_parser *parser, const char *at, size_t length) { multipart_parser_data_t *data = NULL; ogs_assert(parser); data = multipart_parser_get_data(parser); ogs_assert(data); if (at && length) { SWITCH(data->header_field) CASE(OGS_SBI_CONTENT_TYPE) if (data->part[data->num_of_part].content_type) ogs_free(data->part[data->num_of_part].content_type); data->part[data->num_of_part].content_type = ogs_strndup(at, length); ogs_assert(data->part[data->num_of_part].content_type); break; CASE(OGS_SBI_CONTENT_ID) if (data->part[data->num_of_part].content_id) ogs_free(data->part[data->num_of_part].content_id); data->part[data->num_of_part].content_id = ogs_strndup(at, length); ogs_assert(data->part[data->num_of_part].content_id); break; DEFAULT ogs_error(""Unknown header field [%s]"", data->header_field); END } return 0; }",visit repo url,lib/sbi/message.c,https://github.com/open5gs/open5gs,181021006487221,1 1464,NVD-CWE-Other,"void sctp_assoc_update(struct sctp_association *asoc, struct sctp_association *new) { struct sctp_transport *trans; struct list_head *pos, *temp; asoc->c = new->c; asoc->peer.rwnd = new->peer.rwnd; asoc->peer.sack_needed = new->peer.sack_needed; asoc->peer.auth_capable = new->peer.auth_capable; asoc->peer.i = new->peer.i; sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, asoc->peer.i.initial_tsn, GFP_ATOMIC); list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { trans = list_entry(pos, struct sctp_transport, transports); if (!sctp_assoc_lookup_paddr(new, &trans->ipaddr)) { sctp_assoc_rm_peer(asoc, trans); continue; } if (asoc->state >= SCTP_STATE_ESTABLISHED) sctp_transport_reset(trans); } if (asoc->state >= SCTP_STATE_ESTABLISHED) { asoc->next_tsn = new->next_tsn; asoc->ctsn_ack_point = new->ctsn_ack_point; asoc->adv_peer_ack_point = new->adv_peer_ack_point; sctp_ssnmap_clear(asoc->ssnmap); sctp_ulpq_flush(&asoc->ulpq); asoc->overall_error_count = 0; } else { list_for_each_entry(trans, &new->peer.transport_addr_list, transports) { if (!sctp_assoc_lookup_paddr(asoc, &trans->ipaddr)) sctp_assoc_add_peer(asoc, &trans->ipaddr, GFP_ATOMIC, trans->state); } asoc->ctsn_ack_point = asoc->next_tsn - 1; asoc->adv_peer_ack_point = asoc->ctsn_ack_point; if (!asoc->ssnmap) { asoc->ssnmap = new->ssnmap; new->ssnmap = NULL; } if (!asoc->assoc_id) { sctp_assoc_set_id(asoc, GFP_ATOMIC); } } kfree(asoc->peer.peer_random); asoc->peer.peer_random = new->peer.peer_random; new->peer.peer_random = NULL; kfree(asoc->peer.peer_chunks); asoc->peer.peer_chunks = new->peer.peer_chunks; new->peer.peer_chunks = NULL; kfree(asoc->peer.peer_hmacs); asoc->peer.peer_hmacs = new->peer.peer_hmacs; new->peer.peer_hmacs = NULL; sctp_auth_key_put(asoc->asoc_shared_key); sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC); }",visit repo url,net/sctp/associola.c,https://github.com/torvalds/linux,272032901646372,1 5653,CWE-59,"netsnmp_mibindex_new( const char *dirname ) { FILE *fp; char tmpbuf[300]; char *cp; int i; cp = netsnmp_mibindex_lookup( dirname ); if (!cp) { i = _mibindex_add( dirname, -1 ); snprintf( tmpbuf, sizeof(tmpbuf), ""%s/mib_indexes/%d"", get_persistent_directory(), i ); tmpbuf[sizeof(tmpbuf)-1] = 0; cp = tmpbuf; } DEBUGMSGTL((""mibindex"", ""new: %s (%s)\n"", dirname, cp )); fp = fopen( cp, ""w"" ); if (fp) fprintf( fp, ""DIR %s\n"", dirname ); return fp; }",visit repo url,snmplib/mib.c,https://github.com/net-snmp/net-snmp,193793105970515,1 1745,[],"void aggregate_group_load(struct task_group *tg, struct sched_domain *sd) { unsigned long load; if (!tg->parent) { int i; load = 0; for_each_cpu_mask(i, sd->span) load += cpu_rq(i)->load.weight; } else { load = aggregate(tg->parent, sd)->load; load *= aggregate(tg, sd)->shares; load /= aggregate(tg->parent, sd)->rq_weight + 1; } aggregate(tg, sd)->load = load; }",linux-2.6,,,278190555508291680818803298588206520389,0 1585,[],"static inline int task_running(struct rq *rq, struct task_struct *p) { #ifdef CONFIG_SMP return p->oncpu; #else return task_current(rq, p); #endif }",linux-2.6,,,269603082536470964911416705133771300565,0 559,[],"static ssize_t bad_file_read(struct file *filp, char __user *buf, size_t size, loff_t *ppos) { return -EIO; }",linux-2.6,,,247587591015439456047703898251218367,0 4229,['CWE-399'],"static void __qdisc_destroy(struct rcu_head *head) { struct Qdisc *qdisc = container_of(head, struct Qdisc, q_rcu); kfree((char *) qdisc - qdisc->padded); }",linux-2.6,,,79391867703268387915198964033322054792,0 6297,['CWE-200'],"static struct pneigh_entry *pneigh_get_idx(struct seq_file *seq, loff_t *pos) { struct pneigh_entry *pn = pneigh_get_first(seq); if (pn) { while (*pos) { pn = pneigh_get_next(seq, pn, pos); if (!pn) break; } } return *pos ? NULL : pn; }",linux-2.6,,,133956209020986468820528757696635094031,0 4267,['CWE-264'],"noinline struct pt_regs * __cpuinit __attribute__((weak)) idle_regs(struct pt_regs *regs) { memset(regs, 0, sizeof(struct pt_regs)); return regs; }",linux-2.6,,,65976011276801105441826713712207481931,0 691,[],"static int jpc_ppt_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_ppt_t *ppt = &ms->parms.ppt; fprintf(out, ""ind=%d; len = %d;\n"", ppt->ind, ppt->len); if (ppt->len > 0) { fprintf(out, ""data =\n""); jas_memdump(out, ppt->data, ppt->len); } return 0; }",jasper,,,251095650060770836683678764051968875488,0 1795,[],"static int __migrate_task_irq(struct task_struct *p, int src_cpu, int dest_cpu) { int ret; local_irq_disable(); ret = __migrate_task(p, src_cpu, dest_cpu); local_irq_enable(); return ret; }",linux-2.6,,,186856546761457056541293070631560219942,0 2743,CWE-74,"PS_SERIALIZER_DECODE_FUNC(php_binary) { const char *p; char *name; const char *endptr = val + vallen; zval *current; int namelen; int has_value; php_unserialize_data_t var_hash; PHP_VAR_UNSERIALIZE_INIT(var_hash); for (p = val; p < endptr; ) { zval **tmp; namelen = ((unsigned char)(*p)) & (~PS_BIN_UNDEF); if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) { PHP_VAR_UNSERIALIZE_DESTROY(var_hash); return FAILURE; } has_value = *p & PS_BIN_UNDEF ? 0 : 1; name = estrndup(p + 1, namelen); p += namelen + 1; if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) { if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) { efree(name); continue; } } if (has_value) { ALLOC_INIT_ZVAL(current); if (php_var_unserialize(¤t, (const unsigned char **) &p, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) { php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC); } else { PHP_VAR_UNSERIALIZE_DESTROY(var_hash); return FAILURE; } var_push_dtor_no_addref(&var_hash, ¤t); } PS_ADD_VARL(name, namelen); efree(name); } PHP_VAR_UNSERIALIZE_DESTROY(var_hash); return SUCCESS; }",visit repo url,ext/session/session.c,https://github.com/php/php-src,194495319765919,1 5320,CWE-787,"static int do_i2c_md(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { uint chip; uint addr, length; int alen; int j, nbytes, linebytes; int ret; #if CONFIG_IS_ENABLED(DM_I2C) struct udevice *dev; #endif chip = i2c_dp_last_chip; addr = i2c_dp_last_addr; alen = i2c_dp_last_alen; length = i2c_dp_last_length; if (argc < 3) return CMD_RET_USAGE; if ((flag & CMD_FLAG_REPEAT) == 0) { chip = hextoul(argv[1], NULL); addr = hextoul(argv[2], NULL); alen = get_alen(argv[2], DEFAULT_ADDR_LEN); if (alen > 3) return CMD_RET_USAGE; if (argc > 3) length = hextoul(argv[3], NULL); } #if CONFIG_IS_ENABLED(DM_I2C) ret = i2c_get_cur_bus_chip(chip, &dev); if (!ret && alen != -1) ret = i2c_set_chip_offset_len(dev, alen); if (ret) return i2c_report_err(ret, I2C_ERR_READ); #endif nbytes = length; do { unsigned char linebuf[DISP_LINE_LEN]; unsigned char *cp; linebytes = (nbytes > DISP_LINE_LEN) ? DISP_LINE_LEN : nbytes; #if CONFIG_IS_ENABLED(DM_I2C) ret = dm_i2c_read(dev, addr, linebuf, linebytes); #else ret = i2c_read(chip, addr, alen, linebuf, linebytes); #endif if (ret) return i2c_report_err(ret, I2C_ERR_READ); else { printf(""%04x:"", addr); cp = linebuf; for (j=0; j 0x7e)) puts ("".""); else printf(""%c"", *cp); cp++; } putc ('\n'); } nbytes -= linebytes; } while (nbytes > 0); i2c_dp_last_chip = chip; i2c_dp_last_addr = addr; i2c_dp_last_alen = alen; i2c_dp_last_length = length; return 0; }",visit repo url,cmd/i2c.c,https://github.com/u-boot/u-boot,59994727198976,1 4886,CWE-787,"sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path, unsigned char **out, size_t *out_len, int verify_pin) { struct sc_context *ctx = p15card->card->ctx; struct sc_card *card = p15card->card; struct sc_file *file = NULL; struct sc_path path; size_t sz; int rv; LOG_FUNC_CALLED(ctx); if (!in_path || !out || !out_len) LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, ""Cannot read oberthur file""); sc_log(ctx, ""read file '%s'; verify_pin:%i"", in_path, verify_pin); *out = NULL; *out_len = 0; sc_format_path(in_path, &path); rv = sc_select_file(card, &path, &file); if (rv != SC_SUCCESS) { sc_file_free(file); LOG_TEST_RET(ctx, rv, ""Cannot select oberthur file to read""); } if (file->ef_structure == SC_FILE_EF_TRANSPARENT) sz = file->size; else sz = (file->record_length + 2) * file->record_count; *out = calloc(sz, 1); if (*out == NULL) { sc_file_free(file); LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, ""Cannot read oberthur file""); } if (file->ef_structure == SC_FILE_EF_TRANSPARENT) { rv = sc_read_binary(card, 0, *out, sz, 0); } else { int rec; int offs = 0; int rec_len = file->record_length; for (rec = 1; ; rec++) { rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR); if (rv == SC_ERROR_RECORD_NOT_FOUND) { rv = 0; break; } else if (rv < 0) { break; } rec_len = rv; *(*out + offs) = 'R'; *(*out + offs + 1) = rv; offs += rv + 2; } sz = offs; } sc_log(ctx, ""read oberthur file result %i"", rv); if (verify_pin && rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) { struct sc_pkcs15_object *objs[0x10], *pin_obj = NULL; const struct sc_acl_entry *acl = sc_file_get_acl_entry(file, SC_AC_OP_READ); int ii; rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, objs, 0x10); if (rv != SC_SUCCESS) { sc_file_free(file); LOG_TEST_RET(ctx, rv, ""Cannot read oberthur file: get AUTH objects error""); } for (ii=0; iidata; sc_log(ctx, ""compare PIN/ACL refs:%i/%i, method:%i/%i"", auth_info->attrs.pin.reference, acl->key_ref, auth_info->auth_method, acl->method); if (auth_info->attrs.pin.reference == (int)acl->key_ref && auth_info->auth_method == (unsigned)acl->method) { pin_obj = objs[ii]; break; } } if (!pin_obj || !pin_obj->content.value) { rv = SC_ERROR_SECURITY_STATUS_NOT_SATISFIED; } else { rv = sc_pkcs15_verify_pin(p15card, pin_obj, pin_obj->content.value, pin_obj->content.len); if (!rv) rv = sc_oberthur_read_file(p15card, in_path, out, out_len, 0); } }; sc_file_free(file); if (rv < 0) { free(*out); *out = NULL; *out_len = 0; } *out_len = sz; LOG_FUNC_RETURN(ctx, rv); }",visit repo url,src/libopensc/pkcs15-oberthur.c,https://github.com/OpenSC/OpenSC,235635850058261,1 751,['CWE-119'],"isdn_net_addphone(isdn_net_ioctl_phone * phone) { isdn_net_dev *p = isdn_net_findif(phone->name); isdn_net_phone *n; if (p) { if (!(n = kmalloc(sizeof(isdn_net_phone), GFP_KERNEL))) return -ENOMEM; strlcpy(n->num, phone->phone, sizeof(n->num)); n->next = p->local->phone[phone->outgoing & 1]; p->local->phone[phone->outgoing & 1] = n; return 0; } return -ENODEV; }",linux-2.6,,,12163030335627575984323980777428994316,0 1430,[],"account_entity_dequeue(struct cfs_rq *cfs_rq, struct sched_entity *se) { update_load_sub(&cfs_rq->load, se->load.weight); if (!parent_entity(se)) dec_cpu_load(rq_of(cfs_rq), se->load.weight); if (entity_is_task(se)) add_cfs_task_weight(cfs_rq, -se->load.weight); cfs_rq->nr_running--; se->on_rq = 0; }",linux-2.6,,,65873533581822886654931307693249886070,0 5945,CWE-120,"static Jsi_RC WebSocketVersionCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { const char *verStr = NULL; verStr = lws_get_library_version(); if (verStr) { char buf[100], *cp; snprintf(buf, sizeof(buf), ""%s"", verStr); cp = Jsi_Strchr(buf, ' '); if (cp) *cp = 0; Jsi_ValueMakeStringDup(interp, ret, buf); } return JSI_OK; }",visit repo url,src/jsiWebSocket.c,https://github.com/pcmacdon/jsish,139390497834354,1 1693,CWE-200,"static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh, u_int16_t subsys_id) { struct sk_buff *oskb = skb; struct net *net = sock_net(skb->sk); const struct nfnetlink_subsystem *ss; const struct nfnl_callback *nc; static LIST_HEAD(err_list); u32 status; int err; if (subsys_id >= NFNL_SUBSYS_COUNT) return netlink_ack(skb, nlh, -EINVAL); replay: status = 0; skb = netlink_skb_clone(oskb, GFP_KERNEL); if (!skb) return netlink_ack(oskb, nlh, -ENOMEM); nfnl_lock(subsys_id); ss = nfnl_dereference_protected(subsys_id); if (!ss) { #ifdef CONFIG_MODULES nfnl_unlock(subsys_id); request_module(""nfnetlink-subsys-%d"", subsys_id); nfnl_lock(subsys_id); ss = nfnl_dereference_protected(subsys_id); if (!ss) #endif { nfnl_unlock(subsys_id); netlink_ack(oskb, nlh, -EOPNOTSUPP); return kfree_skb(skb); } } if (!ss->commit || !ss->abort) { nfnl_unlock(subsys_id); netlink_ack(oskb, nlh, -EOPNOTSUPP); return kfree_skb(skb); } while (skb->len >= nlmsg_total_size(0)) { int msglen, type; nlh = nlmsg_hdr(skb); err = 0; if (nlmsg_len(nlh) < sizeof(struct nfgenmsg) || skb->len < nlh->nlmsg_len) { err = -EINVAL; goto ack; } if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) { err = -EINVAL; goto ack; } type = nlh->nlmsg_type; if (type == NFNL_MSG_BATCH_BEGIN) { nfnl_err_reset(&err_list); status |= NFNL_BATCH_FAILURE; goto done; } else if (type == NFNL_MSG_BATCH_END) { status |= NFNL_BATCH_DONE; goto done; } else if (type < NLMSG_MIN_TYPE) { err = -EINVAL; goto ack; } if (NFNL_SUBSYS_ID(type) != subsys_id) { err = -EINVAL; goto ack; } nc = nfnetlink_find_client(type, ss); if (!nc) { err = -EINVAL; goto ack; } { int min_len = nlmsg_total_size(sizeof(struct nfgenmsg)); u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type); struct nlattr *cda[ss->cb[cb_id].attr_count + 1]; struct nlattr *attr = (void *)nlh + min_len; int attrlen = nlh->nlmsg_len - min_len; err = nla_parse(cda, ss->cb[cb_id].attr_count, attr, attrlen, ss->cb[cb_id].policy); if (err < 0) goto ack; if (nc->call_batch) { err = nc->call_batch(net, net->nfnl, skb, nlh, (const struct nlattr **)cda); } if (err == -EAGAIN) { status |= NFNL_BATCH_REPLAY; goto next; } } ack: if (nlh->nlmsg_flags & NLM_F_ACK || err) { if (nfnl_err_add(&err_list, nlh, err) < 0) { nfnl_err_reset(&err_list); netlink_ack(oskb, nlmsg_hdr(oskb), -ENOMEM); status |= NFNL_BATCH_FAILURE; goto done; } if (err) status |= NFNL_BATCH_FAILURE; } next: msglen = NLMSG_ALIGN(nlh->nlmsg_len); if (msglen > skb->len) msglen = skb->len; skb_pull(skb, msglen); } done: if (status & NFNL_BATCH_REPLAY) { ss->abort(net, oskb); nfnl_err_reset(&err_list); nfnl_unlock(subsys_id); kfree_skb(skb); goto replay; } else if (status == NFNL_BATCH_DONE) { ss->commit(net, oskb); } else { ss->abort(net, oskb); } nfnl_err_deliver(&err_list, oskb); nfnl_unlock(subsys_id); kfree_skb(skb); }",visit repo url,net/netfilter/nfnetlink.c,https://github.com/torvalds/linux,116377874523369,1 1678,CWE-362,"int snd_timer_close(struct snd_timer_instance *timeri) { struct snd_timer *timer = NULL; struct snd_timer_instance *slave, *tmp; if (snd_BUG_ON(!timeri)) return -ENXIO; snd_timer_stop(timeri); if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) { spin_lock_irq(&slave_active_lock); while (timeri->flags & SNDRV_TIMER_IFLG_CALLBACK) { spin_unlock_irq(&slave_active_lock); udelay(10); spin_lock_irq(&slave_active_lock); } spin_unlock_irq(&slave_active_lock); mutex_lock(®ister_mutex); list_del(&timeri->open_list); mutex_unlock(®ister_mutex); } else { timer = timeri->timer; if (snd_BUG_ON(!timer)) goto out; spin_lock_irq(&timer->lock); while (timeri->flags & SNDRV_TIMER_IFLG_CALLBACK) { spin_unlock_irq(&timer->lock); udelay(10); spin_lock_irq(&timer->lock); } spin_unlock_irq(&timer->lock); mutex_lock(®ister_mutex); list_del(&timeri->open_list); if (timer && list_empty(&timer->open_list_head) && timer->hw.close) timer->hw.close(timer); list_for_each_entry_safe(slave, tmp, &timeri->slave_list_head, open_list) { spin_lock_irq(&slave_active_lock); _snd_timer_stop(slave, 1, SNDRV_TIMER_EVENT_RESOLUTION); list_move_tail(&slave->open_list, &snd_timer_slave_list); slave->master = NULL; slave->timer = NULL; spin_unlock_irq(&slave_active_lock); } mutex_unlock(®ister_mutex); } out: if (timeri->private_free) timeri->private_free(timeri); kfree(timeri->owner); kfree(timeri); if (timer) module_put(timer->module); return 0; }",visit repo url,sound/core/timer.c,https://github.com/torvalds/linux,9222332381303,1 6111,CWE-190,"void eb_mul_sim_trick(eb_t r, const eb_t p, const bn_t k, const eb_t q, const bn_t m) { eb_t t0[1 << (EB_WIDTH / 2)], t1[1 << (EB_WIDTH / 2)], t[1 << EB_WIDTH]; int l0, l1, w = EB_WIDTH / 2; uint8_t w0[RLC_FB_BITS], w1[RLC_FB_BITS]; bn_t n; bn_null(n); if (bn_is_zero(k) || eb_is_infty(p)) { eb_mul(r, q, m); return; } if (bn_is_zero(m) || eb_is_infty(q)) { eb_mul(r, p, k); return; } RLC_TRY { bn_new(n); eb_curve_get_ord(n); for (int i = 0; i < (1 << w); i++) { eb_null(t0[i]); eb_null(t1[i]); eb_new(t0[i]); eb_new(t1[i]); } for (int i = 0; i < (1 << EB_WIDTH); i++) { eb_null(t[i]); eb_new(t[i]); } eb_set_infty(t0[0]); eb_copy(t0[1], p); if (bn_sign(k) == RLC_NEG) { eb_neg(t0[1], t0[1]); } for (int i = 2; i < (1 << w); i++) { eb_add(t0[i], t0[i - 1], t0[1]); } eb_set_infty(t1[0]); eb_copy(t1[1], q); if (bn_sign(m) == RLC_NEG) { eb_neg(t1[1], t1[1]); } for (int i = 2; i < (1 << w); i++) { eb_add(t1[i], t1[i - 1], t1[1]); } for (int i = 0; i < (1 << w); i++) { for (int j = 0; j < (1 << w); j++) { eb_add(t[(i << w) + j], t0[i], t1[j]); } } #if EB_WIDTH > 2 && defined(EB_MIXED) eb_norm_sim(t + 1, (const eb_t *)(t + 1), (1 << EB_WIDTH) - 1); #endif l0 = l1 = RLC_CEIL(RLC_FB_BITS + 1, w); bn_rec_win(w0, &l0, k, w); bn_rec_win(w1, &l1, m, w); for (int i = l0; i < l1; i++) { w0[i] = 0; } for (int i = l1; i < l0; i++) { w1[i] = 0; } eb_set_infty(r); for (int i = RLC_MAX(l0, l1) - 1; i >= 0; i--) { for (int j = 0; j < w; j++) { eb_dbl(r, r); } eb_add(r, r, t[(w0[i] << w) + w1[i]]); } eb_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); for (int i = 0; i < (1 << w); i++) { eb_free(t0[i]); eb_free(t1[i]); } for (int i = 0; i < (1 << EB_WIDTH); i++) { eb_free(t[i]); } } }",visit repo url,src/eb/relic_eb_mul_sim.c,https://github.com/relic-toolkit/relic,68802212424738,1 306,CWE-415,"int blkcg_init_queue(struct request_queue *q) { struct blkcg_gq *new_blkg, *blkg; bool preloaded; int ret; new_blkg = blkg_alloc(&blkcg_root, q, GFP_KERNEL); if (!new_blkg) return -ENOMEM; preloaded = !radix_tree_preload(GFP_KERNEL); rcu_read_lock(); spin_lock_irq(q->queue_lock); blkg = blkg_create(&blkcg_root, q, new_blkg); spin_unlock_irq(q->queue_lock); rcu_read_unlock(); if (preloaded) radix_tree_preload_end(); if (IS_ERR(blkg)) { blkg_free(new_blkg); return PTR_ERR(blkg); } q->root_blkg = blkg; q->root_rl.blkg = blkg; ret = blk_throtl_init(q); if (ret) { spin_lock_irq(q->queue_lock); blkg_destroy_all(q); spin_unlock_irq(q->queue_lock); } return ret; }",visit repo url,block/blk-cgroup.c,https://github.com/torvalds/linux,131424777213336,1 884,['CWE-200'],"static int shmem_rmdir(struct inode *dir, struct dentry *dentry) { if (!simple_empty(dentry)) return -ENOTEMPTY; drop_nlink(dentry->d_inode); drop_nlink(dir); return shmem_unlink(dir, dentry); }",linux-2.6,,,334450114128020593385621942147142748245,0 1633,[],"calc_delta_mine(unsigned long delta_exec, unsigned long weight, struct load_weight *lw) { u64 tmp; if (unlikely(!lw->inv_weight)) lw->inv_weight = (WMULT_CONST-lw->weight/2) / (lw->weight+1); tmp = (u64)delta_exec * weight; if (unlikely(tmp > WMULT_CONST)) tmp = SRR(SRR(tmp, WMULT_SHIFT/2) * lw->inv_weight, WMULT_SHIFT/2); else tmp = SRR(tmp * lw->inv_weight, WMULT_SHIFT); return (unsigned long)min(tmp, (u64)(unsigned long)LONG_MAX); }",linux-2.6,,,61085560687393212994001515453513558637,0 5662,['CWE-476'],"static __inline__ int __udp_checksum_complete(struct sk_buff *skb) { return __skb_checksum_complete(skb); }",linux-2.6,,,91591917758998558290648607320941054870,0 5532,CWE-125,"ast2obj_alias(void* _o) { alias_ty o = (alias_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(alias_type, NULL, NULL); if (!result) return NULL; value = ast2obj_identifier(o->name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_identifier(o->asname); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_asname, value) == -1) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,224558775572141,1 5977,CWE-120,"static CYTHON_INLINE unsigned char __Pyx_PyInt_As_unsigned_char(PyObject *x) { const unsigned char neg_one = (unsigned char) ((unsigned char) 0 - (unsigned char) 1), const_zero = (unsigned char) 0; const int is_unsigned = neg_one > const_zero; #if PY_MAJOR_VERSION < 3 if (likely(PyInt_Check(x))) { if (sizeof(unsigned char) < sizeof(long)) { __PYX_VERIFY_RETURN_INT(unsigned char, long, PyInt_AS_LONG(x)) } else { long val = PyInt_AS_LONG(x); if (is_unsigned && unlikely(val < 0)) { goto raise_neg_overflow; } return (unsigned char) val; } } else #endif if (likely(PyLong_Check(x))) { if (is_unsigned) { #if CYTHON_USE_PYLONG_INTERNALS const digit* digits = ((PyLongObject*)x)->ob_digit; switch (Py_SIZE(x)) { case 0: return (unsigned char) 0; case 1: __PYX_VERIFY_RETURN_INT(unsigned char, digit, digits[0]) case 2: if (8 * sizeof(unsigned char) > 1 * PyLong_SHIFT) { if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) { __PYX_VERIFY_RETURN_INT(unsigned char, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0]))) } else if (8 * sizeof(unsigned char) >= 2 * PyLong_SHIFT) { return (unsigned char) (((((unsigned char)digits[1]) << PyLong_SHIFT) | (unsigned char)digits[0])); } } break; case 3: if (8 * sizeof(unsigned char) > 2 * PyLong_SHIFT) { if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) { __PYX_VERIFY_RETURN_INT(unsigned char, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0]))) } else if (8 * sizeof(unsigned char) >= 3 * PyLong_SHIFT) { return (unsigned char) (((((((unsigned char)digits[2]) << PyLong_SHIFT) | (unsigned char)digits[1]) << PyLong_SHIFT) | (unsigned char)digits[0])); } } break; case 4: if (8 * sizeof(unsigned char) > 3 * PyLong_SHIFT) { if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) { __PYX_VERIFY_RETURN_INT(unsigned char, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0]))) } else if (8 * sizeof(unsigned char) >= 4 * PyLong_SHIFT) { return (unsigned char) (((((((((unsigned char)digits[3]) << PyLong_SHIFT) | (unsigned char)digits[2]) << PyLong_SHIFT) | (unsigned char)digits[1]) << PyLong_SHIFT) | (unsigned char)digits[0])); } } break; } #endif #if CYTHON_COMPILING_IN_CPYTHON if (unlikely(Py_SIZE(x) < 0)) { goto raise_neg_overflow; } #else { int result = PyObject_RichCompareBool(x, Py_False, Py_LT); if (unlikely(result < 0)) return (unsigned char) -1; if (unlikely(result == 1)) goto raise_neg_overflow; } #endif if (sizeof(unsigned char) <= sizeof(unsigned long)) { __PYX_VERIFY_RETURN_INT_EXC(unsigned char, unsigned long, PyLong_AsUnsignedLong(x)) #ifdef HAVE_LONG_LONG } else if (sizeof(unsigned char) <= sizeof(unsigned PY_LONG_LONG)) { __PYX_VERIFY_RETURN_INT_EXC(unsigned char, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x)) #endif } } else { #if CYTHON_USE_PYLONG_INTERNALS const digit* digits = ((PyLongObject*)x)->ob_digit; switch (Py_SIZE(x)) { case 0: return (unsigned char) 0; case -1: __PYX_VERIFY_RETURN_INT(unsigned char, sdigit, (sdigit) (-(sdigit)digits[0])) case 1: __PYX_VERIFY_RETURN_INT(unsigned char, digit, +digits[0]) case -2: if (8 * sizeof(unsigned char) - 1 > 1 * PyLong_SHIFT) { if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) { __PYX_VERIFY_RETURN_INT(unsigned char, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0]))) } else if (8 * sizeof(unsigned char) - 1 > 2 * PyLong_SHIFT) { return (unsigned char) (((unsigned char)-1)*(((((unsigned char)digits[1]) << PyLong_SHIFT) | (unsigned char)digits[0]))); } } break; case 2: if (8 * sizeof(unsigned char) > 1 * PyLong_SHIFT) { if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) { __PYX_VERIFY_RETURN_INT(unsigned char, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0]))) } else if (8 * sizeof(unsigned char) - 1 > 2 * PyLong_SHIFT) { return (unsigned char) ((((((unsigned char)digits[1]) << PyLong_SHIFT) | (unsigned char)digits[0]))); } } break; case -3: if (8 * sizeof(unsigned char) - 1 > 2 * PyLong_SHIFT) { if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) { __PYX_VERIFY_RETURN_INT(unsigned char, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0]))) } else if (8 * sizeof(unsigned char) - 1 > 3 * PyLong_SHIFT) { return (unsigned char) (((unsigned char)-1)*(((((((unsigned char)digits[2]) << PyLong_SHIFT) | (unsigned char)digits[1]) << PyLong_SHIFT) | (unsigned char)digits[0]))); } } break; case 3: if (8 * sizeof(unsigned char) > 2 * PyLong_SHIFT) { if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) { __PYX_VERIFY_RETURN_INT(unsigned char, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0]))) } else if (8 * sizeof(unsigned char) - 1 > 3 * PyLong_SHIFT) { return (unsigned char) ((((((((unsigned char)digits[2]) << PyLong_SHIFT) | (unsigned char)digits[1]) << PyLong_SHIFT) | (unsigned char)digits[0]))); } } break; case -4: if (8 * sizeof(unsigned char) - 1 > 3 * PyLong_SHIFT) { if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) { __PYX_VERIFY_RETURN_INT(unsigned char, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0]))) } else if (8 * sizeof(unsigned char) - 1 > 4 * PyLong_SHIFT) { return (unsigned char) (((unsigned char)-1)*(((((((((unsigned char)digits[3]) << PyLong_SHIFT) | (unsigned char)digits[2]) << PyLong_SHIFT) | (unsigned char)digits[1]) << PyLong_SHIFT) | (unsigned char)digits[0]))); } } break; case 4: if (8 * sizeof(unsigned char) > 3 * PyLong_SHIFT) { if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) { __PYX_VERIFY_RETURN_INT(unsigned char, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0]))) } else if (8 * sizeof(unsigned char) - 1 > 4 * PyLong_SHIFT) { return (unsigned char) ((((((((((unsigned char)digits[3]) << PyLong_SHIFT) | (unsigned char)digits[2]) << PyLong_SHIFT) | (unsigned char)digits[1]) << PyLong_SHIFT) | (unsigned char)digits[0]))); } } break; } #endif if (sizeof(unsigned char) <= sizeof(long)) { __PYX_VERIFY_RETURN_INT_EXC(unsigned char, long, PyLong_AsLong(x)) #ifdef HAVE_LONG_LONG } else if (sizeof(unsigned char) <= sizeof(PY_LONG_LONG)) { __PYX_VERIFY_RETURN_INT_EXC(unsigned char, PY_LONG_LONG, PyLong_AsLongLong(x)) #endif } } { #if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray) PyErr_SetString(PyExc_RuntimeError, ""_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers""); #else unsigned char val; PyObject *v = __Pyx_PyNumber_IntOrLong(x); #if PY_MAJOR_VERSION < 3 if (likely(v) && !PyLong_Check(v)) { PyObject *tmp = v; v = PyNumber_Long(tmp); Py_DECREF(tmp); } #endif if (likely(v)) { int one = 1; int is_little = (int)*(unsigned char *)&one; unsigned char *bytes = (unsigned char *)&val; int ret = _PyLong_AsByteArray((PyLongObject *)v, bytes, sizeof(val), is_little, !is_unsigned); Py_DECREF(v); if (likely(!ret)) return val; } #endif return (unsigned char) -1; } } else { unsigned char val; PyObject *tmp = __Pyx_PyNumber_IntOrLong(x); if (!tmp) return (unsigned char) -1; val = __Pyx_PyInt_As_unsigned_char(tmp); Py_DECREF(tmp); return val; } raise_overflow: PyErr_SetString(PyExc_OverflowError, ""value too large to convert to unsigned char""); return (unsigned char) -1; raise_neg_overflow: PyErr_SetString(PyExc_OverflowError, ""can't convert negative value to unsigned char""); return (unsigned char) -1; }",visit repo url,clickhouse_driver/varint.c,https://github.com/mymarilyn/clickhouse-driver,91809293114831,1 3696,[],"static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp) { int *fdp = (int*)CMSG_DATA(cmsg); struct scm_fp_list *fpl = *fplp; struct file **fpp; int i, num; num = (cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr)))/sizeof(int); if (num <= 0) return 0; if (num > SCM_MAX_FD) return -EINVAL; if (!fpl) { fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL); if (!fpl) return -ENOMEM; *fplp = fpl; INIT_LIST_HEAD(&fpl->list); fpl->count = 0; } fpp = &fpl->fp[fpl->count]; if (fpl->count + num > SCM_MAX_FD) return -EINVAL; for (i=0; i< num; i++) { int fd = fdp[i]; struct file *file; if (fd < 0 || !(file = fget(fd))) return -EBADF; *fpp++ = file; fpl->count++; } return num; }",linux-2.6,,,24466402984817266656362237389332694971,0 5517,CWE-125,"Ta3Tokenizer_FindEncodingFilename(int fd, PyObject *filename) { struct tok_state *tok; FILE *fp; char *p_start =NULL , *p_end =NULL , *encoding = NULL; #ifndef PGEN #if PY_MINOR_VERSION >= 4 fd = _Py_dup(fd); #endif #else fd = dup(fd); #endif if (fd < 0) { return NULL; } fp = fdopen(fd, ""r""); if (fp == NULL) { return NULL; } tok = Ta3Tokenizer_FromFile(fp, NULL, NULL, NULL); if (tok == NULL) { fclose(fp); return NULL; } #ifndef PGEN if (filename != NULL) { Py_INCREF(filename); tok->filename = filename; } else { tok->filename = PyUnicode_FromString(""""); if (tok->filename == NULL) { fclose(fp); Ta3Tokenizer_Free(tok); return encoding; } } #endif while (tok->lineno < 2 && tok->done == E_OK) { Ta3Tokenizer_Get(tok, &p_start, &p_end); } fclose(fp); if (tok->encoding) { encoding = (char *)PyMem_MALLOC(strlen(tok->encoding) + 1); if (encoding) strcpy(encoding, tok->encoding); } Ta3Tokenizer_Free(tok); return encoding; }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,67393740577357,1 6374,[],"e_plugin_lib_enable (EPlugin *ep, gint enable) { if (loaded) return 0; loaded = TRUE; if (enable) { bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR); bind_textdomain_codeset(GETTEXT_PACKAGE, ""UTF-8""); } return 0; }",evolution,,,315699933395802275390554560031347057896,0 4573,CWE-119,"static Bool FFD_CanHandleURL(GF_InputService *plug, const char *url) { Bool has_audio, has_video; s32 i; AVFormatContext *ctx; AVOutputFormat *fmt_out; Bool ret = GF_FALSE; char *ext, szName[1000], szExt[20]; const char *szExtList; FFDemux *ffd; if (!plug || !url) return GF_FALSE; if (!strnicmp(url, ""rtsp://"", 7)) return GF_FALSE; if (!strnicmp(url, ""rtspu://"", 8)) return GF_FALSE; if (!strnicmp(url, ""rtp://"", 6)) return GF_FALSE; if (!strnicmp(url, ""plato://"", 8)) return GF_FALSE; if (!strnicmp(url, ""udp://"", 6)) return GF_FALSE; if (!strnicmp(url, ""tcp://"", 6)) return GF_FALSE; if (!strnicmp(url, ""data:"", 5)) return GF_FALSE; ffd = (FFDemux*)plug->priv; strcpy(szName, url); ext = strrchr(szName, '#'); if (ext) ext[0] = 0; ext = strrchr(szName, '?'); if (ext) ext[0] = 0; ext = strrchr(szName, '.'); if (ext && strlen(ext) > 19) ext = NULL; if (ext && strlen(ext) > 1) { strcpy(szExt, &ext[1]); strlwr(szExt); #ifndef FFMPEG_DEMUX_ENABLE_MPEG2TS if (strstr(""ts m2t mts dmb trp"", szExt) ) return GF_FALSE; #endif if (!strcmp(szExt, ""mp4"") || !strcmp(szExt, ""mpg4"") || !strcmp(szExt, ""m4a"") || !strcmp(szExt, ""m21"") || !strcmp(szExt, ""m4v"") || !strcmp(szExt, ""m4a"") || !strcmp(szExt, ""m4s"") || !strcmp(szExt, ""3gs"") || !strcmp(szExt, ""3gp"") || !strcmp(szExt, ""3gpp"") || !strcmp(szExt, ""3gp2"") || !strcmp(szExt, ""3g2"") || !strcmp(szExt, ""mp3"") || !strcmp(szExt, ""ac3"") || !strcmp(szExt, ""amr"") || !strcmp(szExt, ""bt"") || !strcmp(szExt, ""wrl"") || !strcmp(szExt, ""x3dv"") || !strcmp(szExt, ""xmt"") || !strcmp(szExt, ""xmta"") || !strcmp(szExt, ""x3d"") || !strcmp(szExt, ""jpg"") || !strcmp(szExt, ""jpeg"") || !strcmp(szExt, ""png"") ) return GF_FALSE; { u32 i; for (i = 0 ; FFD_MIME_TYPES[i]; i+=3) { if (gf_service_check_mime_register(plug, FFD_MIME_TYPES[i], FFD_MIME_TYPES[i+1], FFD_MIME_TYPES[i+2], ext)) return GF_TRUE; } } } ffd_parse_options(ffd, url); ctx = NULL; if (open_file(&ctx, szName, NULL, ffd->options ? &ffd->options : NULL)<0) { AVInputFormat *av_in = NULL; if (ext && !strcmp(szExt, ""cmp"")) av_in = av_find_input_format(""m4v""); if (open_file(&ctx, szName, av_in, ffd->options ? &ffd->options : NULL)<0) { return GF_FALSE; } } if (!ctx) goto exit; if (av_find_stream_info(ctx) <0) goto exit; has_video = has_audio = GF_FALSE; for(i = 0; i < (s32)ctx->nb_streams; i++) { AVCodecContext *enc = ctx->streams[i]->codec; switch(enc->codec_type) { case AVMEDIA_TYPE_AUDIO: if (!has_audio) has_audio = GF_TRUE; break; case AVMEDIA_TYPE_VIDEO: if (!has_video) has_video= GF_TRUE; break; default: break; } } if (!has_audio && !has_video) goto exit; ret = GF_TRUE; #if ((LIBAVFORMAT_VERSION_MAJOR == 52) && (LIBAVFORMAT_VERSION_MINOR <= 47)) || (LIBAVFORMAT_VERSION_MAJOR < 52) fmt_out = guess_stream_format(NULL, url, NULL); #else fmt_out = av_guess_format(NULL, url, NULL); #endif if (fmt_out) gf_service_register_mime(plug, fmt_out->mime_type, fmt_out->extensions, fmt_out->name); else { ext = strrchr(szName, '.'); if (ext) { strcpy(szExt, &ext[1]); strlwr(szExt); szExtList = gf_modules_get_option((GF_BaseInterface *)plug, ""MimeTypes"", ""application/x-ffmpeg""); if (!szExtList) { gf_service_register_mime(plug, ""application/x-ffmpeg"", szExt, ""Other Movies (FFMPEG)""); } else if (!strstr(szExtList, szExt)) { u32 len; char *buf; len = (u32) (strlen(szExtList) + strlen(szExt) + 10); buf = (char*)gf_malloc(sizeof(char)*len); sprintf(buf, ""\""%s "", szExt); strcat(buf, &szExtList[1]); gf_modules_set_option((GF_BaseInterface *)plug, ""MimeTypes"", ""application/x-ffmpeg"", buf); gf_free(buf); } } } exit: #if FF_API_CLOSE_INPUT_FILE if (ctx) av_close_input_file(ctx); #else if (ctx) avformat_close_input(&ctx); #endif return ret; }",visit repo url,modules/ffmpeg_in/ffmpeg_demux.c,https://github.com/gpac/gpac,189655590609166,1 5942,['CWE-909'],"static int qdisc_graft(struct net_device *dev, struct Qdisc *parent, struct sk_buff *skb, struct nlmsghdr *n, u32 classid, struct Qdisc *new, struct Qdisc *old) { struct Qdisc *q = old; int err = 0; if (parent == NULL) { unsigned int i, num_q, ingress; ingress = 0; num_q = dev->num_tx_queues; if ((q && q->flags & TCQ_F_INGRESS) || (new && new->flags & TCQ_F_INGRESS)) { num_q = 1; ingress = 1; } if (dev->flags & IFF_UP) dev_deactivate(dev); for (i = 0; i < num_q; i++) { struct netdev_queue *dev_queue = &dev->rx_queue; if (!ingress) dev_queue = netdev_get_tx_queue(dev, i); old = dev_graft_qdisc(dev_queue, new); if (new && i > 0) atomic_inc(&new->refcnt); notify_and_destroy(skb, n, classid, old, new); } if (dev->flags & IFF_UP) dev_activate(dev); } else { const struct Qdisc_class_ops *cops = parent->ops->cl_ops; err = -EINVAL; if (cops) { unsigned long cl = cops->get(parent, classid); if (cl) { err = cops->graft(parent, cl, new, &old); cops->put(parent, cl); } } if (!err) notify_and_destroy(skb, n, classid, old, new); } return err; }",linux-2.6,,,228313859339434454232830095951652600498,0 978,['CWE-189'],"SProcShmDetach(client) ClientPtr client; { register int n; REQUEST(xShmDetachReq); swaps(&stuff->length, n); REQUEST_SIZE_MATCH(xShmDetachReq); swapl(&stuff->shmseg, n); return ProcShmDetach(client); }",xserver,,,80058839912001333868990245939441194300,0 5178,CWE-125,"TfLiteStatus Eval(TfLiteContext* context, TfLiteNode* node) { OpContext op_context(context, node); OpData* op_data = reinterpret_cast(node->user_data); const TfLiteTensor* lhs = GetInput(context, node, kInputLHSTensor); const TfLiteTensor* rhs = GetInput(context, node, kInputRHSTensor); TfLiteTensor* output = GetOutput(context, node, kOutputTensor); RuntimeShape orig_lhs_shape = GetTensorShape(lhs); RuntimeShape orig_rhs_shape = GetTensorShape(rhs); bool adj_y = op_context.params->adj_y; bool adj_x = op_context.params->adj_x; const TfLiteTensor* rhs_tensor = adj_y ? rhs : GetTempRhs(context, node, rhs); const TfLiteTensor* lhs_tensor = adj_x ? GetTempLhs(context, node, lhs) : lhs; if (!adj_y) { if (!(IsConstantTensor(rhs) && op_data->rhs_transposed)) { TransposeRowsColumns(context, rhs, GetTemporary(context, node, 1)); op_data->rhs_transposed = true; } } if (adj_x) { TransposeRowsColumns(context, lhs, GetTemporary(context, node, 0)); } RuntimeShape rhs_shape = adj_y ? orig_rhs_shape : SwapRowColumnDims(orig_rhs_shape); RuntimeShape lhs_shape = adj_x ? orig_lhs_shape : SwapRowColumnDims(orig_lhs_shape); switch (rhs->type) { case kTfLiteFloat32: if (kernel_type == kGenericOptimized) { optimized_ops::BatchMatMul(rhs_shape, GetTensorData(rhs_tensor), lhs_shape, GetTensorData(lhs_tensor), GetTensorShape(output), GetTensorData(output), CpuBackendContext::GetFromContext(context)); } else { reference_ops::BatchMatMul(rhs_shape, GetTensorData(rhs_tensor), lhs_shape, GetTensorData(lhs_tensor), GetTensorShape(output), GetTensorData(output)); } break; case kTfLiteInt8: EvalQuantized(context, node, op_data, lhs_shape, lhs_tensor, rhs_shape, rhs_tensor, output); break; default: TF_LITE_KERNEL_LOG(context, ""Currently BatchMatMul doesn't support type: %s"", TfLiteTypeGetName(lhs->type)); return kTfLiteError; } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/batch_matmul.cc,https://github.com/tensorflow/tensorflow,230532498156380,1 3965,CWE-20,"parse_netscreen_hex_dump(FILE_T fh, int pkt_len, const char *cap_int, const char *cap_dst, struct wtap_pkthdr *phdr, Buffer* buf, int *err, gchar **err_info) { guint8 *pd; gchar line[NETSCREEN_LINE_LENGTH]; gchar *p; int n, i = 0, offset = 0; gchar dststr[13]; ws_buffer_assure_space(buf, NETSCREEN_MAX_PACKET_LEN); pd = ws_buffer_start_ptr(buf); while(1) { if (file_gets(line, NETSCREEN_LINE_LENGTH, fh) == NULL) { break; } for (p = &line[0]; g_ascii_isspace(*p); p++) ; if (*p == '\0') { break; } n = parse_single_hex_dump_line(p, pd, offset); if (offset == 0 && n < 6) { if (info_line(line)) { if (++i <= NETSCREEN_MAX_INFOLINES) { continue; } } else { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""netscreen: cannot parse hex-data""); return FALSE; } } if(n == -1) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""netscreen: cannot parse hex-data""); return FALSE; } offset += n; if(offset > pkt_len) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""netscreen: too much hex-data""); return FALSE; } } if (strncmp(cap_int, ""adsl"", 4) == 0) { g_snprintf(dststr, 13, ""%02x%02x%02x%02x%02x%02x"", pd[0], pd[1], pd[2], pd[3], pd[4], pd[5]); if (strncmp(dststr, cap_dst, 12) == 0) phdr->pkt_encap = WTAP_ENCAP_ETHERNET; else phdr->pkt_encap = WTAP_ENCAP_PPP; } else if (strncmp(cap_int, ""seri"", 4) == 0) phdr->pkt_encap = WTAP_ENCAP_PPP; else phdr->pkt_encap = WTAP_ENCAP_ETHERNET; phdr->caplen = offset; return TRUE; }",visit repo url,wiretap/netscreen.c,https://github.com/wireshark/wireshark,254542504796557,1 2513,['CWE-119'],"void add_pending_object(struct rev_info *revs, struct object *obj, const char *name) { add_pending_object_with_mode(revs, obj, name, S_IFINVALID); }",git,,,234924579263185452108343285393714911649,0 1432,[],"wake_affine(struct rq *rq, struct sched_domain *this_sd, struct rq *this_rq, struct task_struct *p, int prev_cpu, int this_cpu, int sync, int idx, unsigned long load, unsigned long this_load, unsigned int imbalance) { struct task_struct *curr = this_rq->curr; unsigned long tl = this_load; unsigned long tl_per_task; if (!(this_sd->flags & SD_WAKE_AFFINE)) return 0; if (sync && curr->sched_class == &fair_sched_class) { if (curr->se.avg_overlap < sysctl_sched_migration_cost && p->se.avg_overlap < sysctl_sched_migration_cost) return 1; } schedstat_inc(p, se.nr_wakeups_affine_attempts); tl_per_task = cpu_avg_load_per_task(this_cpu); if (sync) tl -= current->se.load.weight; if ((tl <= load && tl + target_load(prev_cpu, idx) <= tl_per_task) || 100*(tl + p->se.load.weight) <= imbalance*load) { schedstat_inc(this_sd, ttwu_move_affine); schedstat_inc(p, se.nr_wakeups_affine); return 1; } return 0; }",linux-2.6,,,169527314481160863041604570243742279705,0 2262,NVD-CWE-Other,"nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) { struct sk_buff *fp, *op, *head = fq->q.fragments; int payload_len; fq_kill(fq); WARN_ON(head == NULL); WARN_ON(NFCT_FRAG6_CB(head)->offset != 0); payload_len = ((head->data - skb_network_header(head)) - sizeof(struct ipv6hdr) + fq->q.len - sizeof(struct frag_hdr)); if (payload_len > IPV6_MAXPLEN) { pr_debug(""payload len is too large.\n""); goto out_oversize; } if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) { pr_debug(""skb is cloned but can't expand head""); goto out_oom; } if (skb_has_frags(head)) { struct sk_buff *clone; int i, plen = 0; if ((clone = alloc_skb(0, GFP_ATOMIC)) == NULL) { pr_debug(""Can't alloc skb\n""); goto out_oom; } clone->next = head->next; head->next = clone; skb_shinfo(clone)->frag_list = skb_shinfo(head)->frag_list; skb_frag_list_init(head); for (i=0; inr_frags; i++) plen += skb_shinfo(head)->frags[i].size; clone->len = clone->data_len = head->data_len - plen; head->data_len -= clone->len; head->len -= clone->len; clone->csum = 0; clone->ip_summed = head->ip_summed; NFCT_FRAG6_CB(clone)->orig = NULL; atomic_add(clone->truesize, &nf_init_frags.mem); } skb_network_header(head)[fq->nhoffset] = skb_transport_header(head)[0]; memmove(head->head + sizeof(struct frag_hdr), head->head, (head->data - head->head) - sizeof(struct frag_hdr)); head->mac_header += sizeof(struct frag_hdr); head->network_header += sizeof(struct frag_hdr); skb_shinfo(head)->frag_list = head->next; skb_reset_transport_header(head); skb_push(head, head->data - skb_network_header(head)); atomic_sub(head->truesize, &nf_init_frags.mem); for (fp=head->next; fp; fp = fp->next) { head->data_len += fp->len; head->len += fp->len; if (head->ip_summed != fp->ip_summed) head->ip_summed = CHECKSUM_NONE; else if (head->ip_summed == CHECKSUM_COMPLETE) head->csum = csum_add(head->csum, fp->csum); head->truesize += fp->truesize; atomic_sub(fp->truesize, &nf_init_frags.mem); } head->next = NULL; head->dev = dev; head->tstamp = fq->q.stamp; ipv6_hdr(head)->payload_len = htons(payload_len); if (head->ip_summed == CHECKSUM_COMPLETE) head->csum = csum_partial(skb_network_header(head), skb_network_header_len(head), head->csum); fq->q.fragments = NULL; fp = skb_shinfo(head)->frag_list; if (NFCT_FRAG6_CB(fp)->orig == NULL) fp = fp->next; op = NFCT_FRAG6_CB(head)->orig; for (; fp; fp = fp->next) { struct sk_buff *orig = NFCT_FRAG6_CB(fp)->orig; op->next = orig; op = orig; NFCT_FRAG6_CB(fp)->orig = NULL; } return head; out_oversize: if (net_ratelimit()) printk(KERN_DEBUG ""nf_ct_frag6_reasm: payload len = %d\n"", payload_len); goto out_fail; out_oom: if (net_ratelimit()) printk(KERN_DEBUG ""nf_ct_frag6_reasm: no memory for reassembly\n""); out_fail: return NULL; }",visit repo url,net/ipv6/netfilter/nf_conntrack_reasm.c,https://github.com/torvalds/linux,70584429236802,1 6497,['CWE-20'],"static int do_insn_fetch(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops, unsigned long eip, void *dest, unsigned size) { int rc = 0; if (eip + size - ctxt->decode.eip_orig > 15) return X86EMUL_UNHANDLEABLE; eip += ctxt->cs_base; while (size--) { rc = do_fetch_insn_byte(ctxt, ops, eip++, dest++); if (rc) return rc; } return 0; }",kvm,,,318908584017869549030157787945176826734,0 5185,CWE-125,"TfLiteStatus Eval(TfLiteContext* context, TfLiteNode* node) { const auto* params = reinterpret_cast( node->builtin_data); const TfLiteTensor* input = GetInput(context, node, kInputTensor); const TfLiteTensor* fw_input_weights = GetInput(context, node, kFwWeightsTensor); const TfLiteTensor* fw_recurrent_weights = GetInput(context, node, kFwRecurrentWeightsTensor); const TfLiteTensor* fw_bias = GetInput(context, node, kFwBiasTensor); const TfLiteTensor* bw_input_weights = GetInput(context, node, kBwWeightsTensor); const TfLiteTensor* bw_recurrent_weights = GetInput(context, node, kBwRecurrentWeightsTensor); const TfLiteTensor* bw_bias = GetInput(context, node, kBwBiasTensor); const TfLiteTensor* aux_input = GetOptionalInputTensor(context, node, kAuxInputTensor); const TfLiteTensor* fw_aux_input_weights = GetOptionalInputTensor(context, node, kFwAuxWeightsTensor); const TfLiteTensor* bw_aux_input_weights = GetOptionalInputTensor(context, node, kBwAuxWeightsTensor); TfLiteTensor* fw_hidden_state = GetVariableInput(context, node, kFwHiddenStateTensor); TF_LITE_ENSURE(context, fw_hidden_state != nullptr); TfLiteTensor* bw_hidden_state = GetVariableInput(context, node, kBwHiddenStateTensor); TF_LITE_ENSURE(context, bw_hidden_state != nullptr); TfLiteTensor* fw_output = GetOutput(context, node, kFwOutputTensor); TfLiteTensor* bw_output = params->merge_outputs ? nullptr : GetOutput(context, node, kBwOutputTensor); const bool has_previous_bw_output = (aux_input != nullptr); const bool use_aux_input = (fw_aux_input_weights != nullptr); const bool non_stacking_mode = !use_aux_input && has_previous_bw_output; const TfLiteTensor* bw_input = non_stacking_mode ? aux_input : input; const TfLiteTensor* real_aux_input = non_stacking_mode ? nullptr : aux_input; switch (fw_input_weights->type) { case kTfLiteFloat32: return EvalFloat(input, bw_input, fw_input_weights, fw_recurrent_weights, fw_bias, bw_input_weights, bw_recurrent_weights, bw_bias, real_aux_input, fw_aux_input_weights, bw_aux_input_weights, params, fw_hidden_state, fw_output, bw_hidden_state, bw_output); case kTfLiteUInt8: case kTfLiteInt8: { TfLiteTensor* input_quantized = GetTemporary(context, node, kInputQuantized); TfLiteTensor* fw_hidden_state_quantized = GetTemporary(context, node, kFwHiddenStateQuantized); TfLiteTensor* bw_hidden_state_quantized = GetTemporary(context, node, kBwHiddenStateQuantized); TfLiteTensor* scaling_factors = GetTemporary(context, node, kScalingFactors); TfLiteTensor* zero_points = GetTemporary(context, node, kZeroPoints); TfLiteTensor* accum_scratch = GetTemporary(context, node, kAccumScratch); TfLiteTensor* fw_row_sums = GetTemporary(context, node, kFwRowSums); TfLiteTensor* bw_row_sums = GetTemporary(context, node, kBwRowSums); TfLiteTensor* aux_input_quantized = use_aux_input ? GetTemporary(context, node, kAuxInputQuantized) : nullptr; auto* op_data = reinterpret_cast(node->user_data); return EvalHybrid( input, bw_input, fw_input_weights, fw_recurrent_weights, fw_bias, bw_input_weights, bw_recurrent_weights, bw_bias, real_aux_input, fw_aux_input_weights, bw_aux_input_weights, params, scaling_factors, input_quantized, aux_input_quantized, fw_hidden_state_quantized, fw_hidden_state, fw_output, bw_hidden_state_quantized, bw_hidden_state, bw_output, zero_points, accum_scratch, fw_row_sums, bw_row_sums, &op_data->fw_compute_row_sums, &op_data->bw_compute_row_sums); } default: context->ReportError(context, ""Type not currently supported.""); return kTfLiteError; } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/bidirectional_sequence_rnn.cc,https://github.com/tensorflow/tensorflow,260752509641126,1 15,NVD-CWE-Other,"kg_seal(minor_status, context_handle, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer, toktype) OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; gss_qop_t qop_req; gss_buffer_t input_message_buffer; int *conf_state; gss_buffer_t output_message_buffer; int toktype; { krb5_gss_ctx_id_rec *ctx; krb5_error_code code; krb5_context context; output_message_buffer->length = 0; output_message_buffer->value = NULL; if (qop_req != 0) { *minor_status = (OM_uint32) G_UNKNOWN_QOP; return GSS_S_FAILURE; } ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { *minor_status = KG_CTX_INCOMPLETE; return(GSS_S_NO_CONTEXT); } context = ctx->k5_context; switch (ctx->proto) { case 0: code = make_seal_token_v1(context, ctx->enc, ctx->seq, &ctx->seq_send, ctx->initiate, input_message_buffer, output_message_buffer, ctx->signalg, ctx->cksum_size, ctx->sealalg, conf_req_flag, toktype, ctx->mech_used); break; case 1: code = gss_krb5int_make_seal_token_v3(context, ctx, input_message_buffer, output_message_buffer, conf_req_flag, toktype); break; default: code = G_UNKNOWN_QOP; break; } if (code) { *minor_status = code; save_error_info(*minor_status, context); return(GSS_S_FAILURE); } if (conf_state) *conf_state = conf_req_flag; *minor_status = 0; return(GSS_S_COMPLETE); }",visit repo url,src/lib/gssapi/krb5/k5seal.c,https://github.com/krb5/krb5,74489304139192,1 1370,[],"static void dequeue_task_fair(struct rq *rq, struct task_struct *p, int sleep) { struct cfs_rq *cfs_rq; struct sched_entity *se = &p->se; for_each_sched_entity(se) { cfs_rq = cfs_rq_of(se); dequeue_entity(cfs_rq, se, sleep); if (cfs_rq->load.weight) break; sleep = 1; } hrtick_start_fair(rq, rq->curr); }",linux-2.6,,,297284362242363299317877672683904024830,0 3431,CWE-119,"static void test_show_object(struct object *object, struct strbuf *path, const char *last, void *data) { struct bitmap_test_data *tdata = data; int bitmap_pos; bitmap_pos = bitmap_position(object->oid.hash); if (bitmap_pos < 0) die(""Object not in bitmap: %s\n"", oid_to_hex(&object->oid)); bitmap_set(tdata->base, bitmap_pos); display_progress(tdata->prg, ++tdata->seen); }",visit repo url,pack-bitmap.c,https://github.com/git/git,94983213207532,1 566,CWE-264,"copy_thread(unsigned long clone_flags, unsigned long stack_start, unsigned long stk_sz, struct task_struct *p) { struct thread_info *thread = task_thread_info(p); struct pt_regs *childregs = task_pt_regs(p); memset(&thread->cpu_context, 0, sizeof(struct cpu_context_save)); if (likely(!(p->flags & PF_KTHREAD))) { *childregs = *current_pt_regs(); childregs->ARM_r0 = 0; if (stack_start) childregs->ARM_sp = stack_start; } else { memset(childregs, 0, sizeof(struct pt_regs)); thread->cpu_context.r4 = stk_sz; thread->cpu_context.r5 = stack_start; childregs->ARM_cpsr = SVC_MODE; } thread->cpu_context.pc = (unsigned long)ret_from_fork; thread->cpu_context.sp = (unsigned long)childregs; clear_ptrace_hw_breakpoint(p); if (clone_flags & CLONE_SETTLS) thread->tp_value = childregs->ARM_r3; thread_notify(THREAD_NOTIFY_COPY, thread); return 0; }",visit repo url,arch/arm/kernel/process.c,https://github.com/torvalds/linux,151482229461547,1 1964,['CWE-20'],"static unsigned long zap_pte_range(struct mmu_gather *tlb, struct vm_area_struct *vma, pmd_t *pmd, unsigned long addr, unsigned long end, long *zap_work, struct zap_details *details) { struct mm_struct *mm = tlb->mm; pte_t *pte; spinlock_t *ptl; int file_rss = 0; int anon_rss = 0; pte = pte_offset_map_lock(mm, pmd, addr, &ptl); arch_enter_lazy_mmu_mode(); do { pte_t ptent = *pte; if (pte_none(ptent)) { (*zap_work)--; continue; } (*zap_work) -= PAGE_SIZE; if (pte_present(ptent)) { struct page *page; page = vm_normal_page(vma, addr, ptent); if (unlikely(details) && page) { if (details->check_mapping && details->check_mapping != page->mapping) continue; if (details->nonlinear_vma && (page->index < details->first_index || page->index > details->last_index)) continue; } ptent = ptep_get_and_clear_full(mm, addr, pte, tlb->fullmm); tlb_remove_tlb_entry(tlb, pte, addr); if (unlikely(!page)) continue; if (unlikely(details) && details->nonlinear_vma && linear_page_index(details->nonlinear_vma, addr) != page->index) set_pte_at(mm, addr, pte, pgoff_to_pte(page->index)); if (PageAnon(page)) anon_rss--; else { if (pte_dirty(ptent)) set_page_dirty(page); if (pte_young(ptent)) SetPageReferenced(page); file_rss--; } page_remove_rmap(page, vma); tlb_remove_page(tlb, page); continue; } if (unlikely(details)) continue; if (!pte_file(ptent)) free_swap_and_cache(pte_to_swp_entry(ptent)); pte_clear_not_present_full(mm, addr, pte, tlb->fullmm); } while (pte++, addr += PAGE_SIZE, (addr != end && *zap_work > 0)); add_mm_rss(mm, file_rss, anon_rss); arch_leave_lazy_mmu_mode(); pte_unmap_unlock(pte - 1, ptl); return addr; }",linux-2.6,,,237915982031279437042249116484554825287,0 1587,[],"wait_for_completion_interruptible_timeout(struct completion *x, unsigned long timeout) { return wait_for_common(x, timeout, TASK_INTERRUPTIBLE); }",linux-2.6,,,248158010771893769028487588464252246796,0 2987,CWE-119," */ private int mconvert(struct magic_set *ms, struct magic *m, int flip) { union VALUETYPE *p = &ms->ms_value; uint8_t type; switch (type = cvt_flip(m->type, flip)) { case FILE_BYTE: cvt_8(p, m); return 1; case FILE_SHORT: cvt_16(p, m); return 1; case FILE_LONG: case FILE_DATE: case FILE_LDATE: cvt_32(p, m); return 1; case FILE_QUAD: case FILE_QDATE: case FILE_QLDATE: case FILE_QWDATE: cvt_64(p, m); return 1; case FILE_STRING: case FILE_BESTRING16: case FILE_LESTRING16: { p->s[sizeof(p->s) - 1] = '\0'; return 1; } case FILE_PSTRING: { char *ptr1 = p->s, *ptr2 = ptr1 + file_pstring_length_size(m); size_t len = file_pstring_get_length(m, ptr1); if (len >= sizeof(p->s)) len = sizeof(p->s) - 1; while (len--) *ptr1++ = *ptr2++; *ptr1 = '\0'; return 1; } case FILE_BESHORT: p->h = (short)((p->hs[0]<<8)|(p->hs[1])); cvt_16(p, m); return 1; case FILE_BELONG: case FILE_BEDATE: case FILE_BELDATE: p->l = (int32_t) ((p->hl[0]<<24)|(p->hl[1]<<16)|(p->hl[2]<<8)|(p->hl[3])); if (type == FILE_BELONG) cvt_32(p, m); return 1; case FILE_BEQUAD: case FILE_BEQDATE: case FILE_BEQLDATE: case FILE_BEQWDATE: p->q = (uint64_t) (((uint64_t)p->hq[0]<<56)|((uint64_t)p->hq[1]<<48)| ((uint64_t)p->hq[2]<<40)|((uint64_t)p->hq[3]<<32)| ((uint64_t)p->hq[4]<<24)|((uint64_t)p->hq[5]<<16)| ((uint64_t)p->hq[6]<<8)|((uint64_t)p->hq[7])); if (type == FILE_BEQUAD) cvt_64(p, m); return 1; case FILE_LESHORT: p->h = (short)((p->hs[1]<<8)|(p->hs[0])); cvt_16(p, m); return 1; case FILE_LELONG: case FILE_LEDATE: case FILE_LELDATE: p->l = (int32_t) ((p->hl[3]<<24)|(p->hl[2]<<16)|(p->hl[1]<<8)|(p->hl[0])); if (type == FILE_LELONG) cvt_32(p, m); return 1; case FILE_LEQUAD: case FILE_LEQDATE: case FILE_LEQLDATE: case FILE_LEQWDATE: p->q = (uint64_t) (((uint64_t)p->hq[7]<<56)|((uint64_t)p->hq[6]<<48)| ((uint64_t)p->hq[5]<<40)|((uint64_t)p->hq[4]<<32)| ((uint64_t)p->hq[3]<<24)|((uint64_t)p->hq[2]<<16)| ((uint64_t)p->hq[1]<<8)|((uint64_t)p->hq[0])); if (type == FILE_LEQUAD) cvt_64(p, m); return 1; case FILE_MELONG: case FILE_MEDATE: case FILE_MELDATE: p->l = (int32_t) ((p->hl[1]<<24)|(p->hl[0]<<16)|(p->hl[3]<<8)|(p->hl[2])); if (type == FILE_MELONG) cvt_32(p, m); return 1; case FILE_FLOAT: cvt_float(p, m); return 1; case FILE_BEFLOAT: p->l = ((uint32_t)p->hl[0]<<24)|((uint32_t)p->hl[1]<<16)| ((uint32_t)p->hl[2]<<8) |((uint32_t)p->hl[3]); cvt_float(p, m); return 1; case FILE_LEFLOAT: p->l = ((uint32_t)p->hl[3]<<24)|((uint32_t)p->hl[2]<<16)| ((uint32_t)p->hl[1]<<8) |((uint32_t)p->hl[0]); cvt_float(p, m); return 1; case FILE_DOUBLE: cvt_double(p, m); return 1; case FILE_BEDOUBLE: p->q = ((uint64_t)p->hq[0]<<56)|((uint64_t)p->hq[1]<<48)| ((uint64_t)p->hq[2]<<40)|((uint64_t)p->hq[3]<<32)| ((uint64_t)p->hq[4]<<24)|((uint64_t)p->hq[5]<<16)| ((uint64_t)p->hq[6]<<8) |((uint64_t)p->hq[7]); cvt_double(p, m); return 1; case FILE_LEDOUBLE: p->q = ((uint64_t)p->hq[7]<<56)|((uint64_t)p->hq[6]<<48)| ((uint64_t)p->hq[5]<<40)|((uint64_t)p->hq[4]<<32)| ((uint64_t)p->hq[3]<<24)|((uint64_t)p->hq[2]<<16)| ((uint64_t)p->hq[1]<<8) |((uint64_t)p->hq[0]); cvt_double(p, m); return 1; case FILE_REGEX: case FILE_SEARCH: case FILE_DEFAULT: case FILE_CLEAR: case FILE_NAME: case FILE_USE: return 1; default: file_magerror(ms, ""invalid type %d in mconvert()"", m->type); return 0;",visit repo url,src/softmagic.c,https://github.com/file/file,251341053907055,1 4344,CWE-358,"IPV6DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len) { int i; int ret = 0; DefragInit(); int id = 1; Packet *packets[17]; memset(packets, 0x00, sizeof(packets)); packets[0] = IPV6BuildTestPacket(id, 0, 1, 'A', 24); packets[1] = IPV6BuildTestPacket(id, 32 >> 3, 1, 'B', 16); packets[2] = IPV6BuildTestPacket(id, 48 >> 3, 1, 'C', 24); packets[3] = IPV6BuildTestPacket(id, 80 >> 3, 1, 'D', 8); packets[4] = IPV6BuildTestPacket(id, 104 >> 3, 1, 'E', 16); packets[5] = IPV6BuildTestPacket(id, 120 >> 3, 1, 'F', 24); packets[6] = IPV6BuildTestPacket(id, 144 >> 3, 1, 'G', 16); packets[7] = IPV6BuildTestPacket(id, 160 >> 3, 1, 'H', 16); packets[8] = IPV6BuildTestPacket(id, 176 >> 3, 1, 'I', 8); packets[9] = IPV6BuildTestPacket(id, 8 >> 3, 1, 'J', 32); packets[10] = IPV6BuildTestPacket(id, 48 >> 3, 1, 'K', 24); packets[11] = IPV6BuildTestPacket(id, 72 >> 3, 1, 'L', 24); packets[12] = IPV6BuildTestPacket(id, 96 >> 3, 1, 'M', 24); packets[13] = IPV6BuildTestPacket(id, 128 >> 3, 1, 'N', 8); packets[14] = IPV6BuildTestPacket(id, 152 >> 3, 1, 'O', 8); packets[15] = IPV6BuildTestPacket(id, 160 >> 3, 1, 'P', 8); packets[16] = IPV6BuildTestPacket(id, 176 >> 3, 0, 'Q', 16); default_policy = policy; for (i = 0; i < 9; i++) { Packet *tp = Defrag(NULL, NULL, packets[i], NULL); if (tp != NULL) { SCFree(tp); goto end; } if (ENGINE_ISSET_EVENT(packets[i], IPV6_FRAG_OVERLAP)) { goto end; } } int overlap = 0; for (; i < 16; i++) { Packet *tp = Defrag(NULL, NULL, packets[i], NULL); if (tp != NULL) { SCFree(tp); goto end; } if (ENGINE_ISSET_EVENT(packets[i], IPV6_FRAG_OVERLAP)) { overlap++; } } if (!overlap) goto end; Packet *reassembled = Defrag(NULL, NULL, packets[16], NULL); if (reassembled == NULL) goto end; if (memcmp(GET_PKT_DATA(reassembled) + 40, expected, expected_len) != 0) goto end; if (IPV6_GET_PLEN(reassembled) != 192) goto end; SCFree(reassembled); if (defrag_context->frag_pool->outstanding != 0) { printf(""defrag_context->frag_pool->outstanding %u: "", defrag_context->frag_pool->outstanding); goto end; } ret = 1; end: for (i = 0; i < 17; i++) { SCFree(packets[i]); } DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,275845395503195,1 3590,CWE-190,"int ras_validate(jas_stream_t *in) { uchar buf[RAS_MAGICLEN]; int i; int n; uint_fast32_t magic; assert(JAS_STREAM_MAXPUTBACK >= RAS_MAGICLEN); if ((n = jas_stream_read(in, buf, RAS_MAGICLEN)) < 0) { return -1; } for (i = n - 1; i >= 0; --i) { if (jas_stream_ungetc(in, buf[i]) == EOF) { return -1; } } if (n < RAS_MAGICLEN) { return -1; } magic = (JAS_CAST(uint_fast32_t, buf[0]) << 24) | (JAS_CAST(uint_fast32_t, buf[1]) << 16) | (JAS_CAST(uint_fast32_t, buf[2]) << 8) | buf[3]; if (magic != RAS_MAGIC) { return -1; } return 0; }",visit repo url,src/libjasper/ras/ras_dec.c,https://github.com/mdadams/jasper,122450261970759,1 253,CWE-617,"static bool access_pmu_evcntr(struct kvm_vcpu *vcpu, struct sys_reg_params *p, const struct sys_reg_desc *r) { u64 idx; if (!kvm_arm_pmu_v3_ready(vcpu)) return trap_raz_wi(vcpu, p, r); if (r->CRn == 9 && r->CRm == 13) { if (r->Op2 == 2) { if (pmu_access_event_counter_el0_disabled(vcpu)) return false; idx = vcpu_sys_reg(vcpu, PMSELR_EL0) & ARMV8_PMU_COUNTER_MASK; } else if (r->Op2 == 0) { if (pmu_access_cycle_counter_el0_disabled(vcpu)) return false; idx = ARMV8_PMU_CYCLE_IDX; } else { BUG(); } } else if (r->CRn == 14 && (r->CRm & 12) == 8) { if (pmu_access_event_counter_el0_disabled(vcpu)) return false; idx = ((r->CRm & 3) << 3) | (r->Op2 & 7); } else { BUG(); } if (!pmu_counter_idx_valid(vcpu, idx)) return false; if (p->is_write) { if (pmu_access_el0_disabled(vcpu)) return false; kvm_pmu_set_counter_value(vcpu, idx, p->regval); } else { p->regval = kvm_pmu_get_counter_value(vcpu, idx); } return true; }",visit repo url,arch/arm64/kvm/sys_regs.c,https://github.com/torvalds/linux,68652784691137,1 3442,CWE-120,"int init_result(RESULT & result, void*& data) { FILE* f; std::string line; int retval, n; DATA* dp = new DATA; OUTPUT_FILE_INFO fi; log_messages.printf(MSG_DEBUG, ""Start\n""); retval = get_output_file_path(result, fi.path); if (retval) { log_messages.printf(MSG_CRITICAL, ""Unable to open file\n""); return -1; } f = fopen(fi.path.c_str(), ""r""); if (f == NULL) { log_messages.printf(MSG_CRITICAL, ""Open error: %s\n errno: %s Waiting...\n"", fi.path.c_str(), errno); usleep(1000); log_messages.printf(MSG_CRITICAL, ""Try again...\n""); f = fopen(fi.path.c_str(), ""r""); if (f == NULL) { return -1; } } log_messages.printf(MSG_DEBUG, ""Check result\n""); char buff[256]; n = fscanf(f, ""%s"", buff); char * pch; pch = strtok(buff, "" ,""); if (pch != NULL) { dp->receptor = pch; } else { log_messages.printf(MSG_CRITICAL, ""Seek receptor failed\n""); return -1; } pch = strtok(NULL, "",""); if (pch != NULL) { dp->ligand = pch; } else { log_messages.printf(MSG_CRITICAL, ""Seek ligand failed\n""); return -1; } pch = strtok(NULL, "",""); if (pch != NULL) { dp->seed = strtod(pch, NULL); } else { log_messages.printf(MSG_CRITICAL, ""Seek seed failed\n""); return -1; } pch = strtok(NULL, "",""); if (pch != NULL) { dp->score = atof(pch); } else { log_messages.printf(MSG_CRITICAL, ""Seek score failed\n""); return -1; } log_messages.printf(MSG_DEBUG, ""%s %s %f %f\n"", dp->receptor, dp->ligand, dp->seed, dp->score); if (strlen(dp->ligand) < 4 || strlen(dp->receptor) < 4) { log_messages.printf(MSG_CRITICAL, ""%s %s Name failed\n"", dp->receptor, dp->ligand); return -1; } data = (void*) dp; fclose(f); return 0; }",visit repo url,validator/my_validator.cpp,https://github.com/AenBleidd/FiND,130750580756581,1 5391,['CWE-476'],"int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu, struct kvm_translation *tr) { unsigned long vaddr = tr->linear_address; gpa_t gpa; vcpu_load(vcpu); down_read(&vcpu->kvm->slots_lock); gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, vaddr); up_read(&vcpu->kvm->slots_lock); tr->physical_address = gpa; tr->valid = gpa != UNMAPPED_GVA; tr->writeable = 1; tr->usermode = 0; vcpu_put(vcpu); return 0; }",linux-2.6,,,59446356148939628358439018084440982124,0 3909,CWE-476,"eval_expr_typval(typval_T *expr, typval_T *argv, int argc, typval_T *rettv) { char_u *s; char_u buf[NUMBUFLEN]; funcexe_T funcexe; if (expr->v_type == VAR_FUNC) { s = expr->vval.v_string; if (s == NULL || *s == NUL) return FAIL; CLEAR_FIELD(funcexe); funcexe.fe_evaluate = TRUE; if (call_func(s, -1, rettv, argc, argv, &funcexe) == FAIL) return FAIL; } else if (expr->v_type == VAR_PARTIAL) { partial_T *partial = expr->vval.v_partial; if (partial == NULL) return FAIL; if (partial->pt_func != NULL && partial->pt_func->uf_def_status != UF_NOT_COMPILED) { funccall_T *fc = create_funccal(partial->pt_func, rettv); int r; if (fc == NULL) return FAIL; r = call_def_function(partial->pt_func, argc, argv, DEF_USE_PT_ARGV, partial, fc, rettv); remove_funccal(); if (r == FAIL) return FAIL; } else { s = partial_name(partial); if (s == NULL || *s == NUL) return FAIL; CLEAR_FIELD(funcexe); funcexe.fe_evaluate = TRUE; funcexe.fe_partial = partial; if (call_func(s, -1, rettv, argc, argv, &funcexe) == FAIL) return FAIL; } } else if (expr->v_type == VAR_INSTR) { return exe_typval_instr(expr, rettv); } else { s = tv_get_string_buf_chk_strict(expr, buf, in_vim9script()); if (s == NULL) return FAIL; s = skipwhite(s); if (eval1_emsg(&s, rettv, NULL) == FAIL) return FAIL; if (*skipwhite(s) != NUL) { clear_tv(rettv); semsg(_(e_invalid_expression_str), s); return FAIL; } } return OK; }",visit repo url,src/eval.c,https://github.com/vim/vim,249993850341576,1 4674,CWE-369,"png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length) { png_alloc_size_t limit = PNG_UINT_31_MAX; # ifdef PNG_SET_USER_LIMITS_SUPPORTED if (png_ptr->user_chunk_malloc_max > 0 && png_ptr->user_chunk_malloc_max < limit) limit = png_ptr->user_chunk_malloc_max; # elif PNG_USER_CHUNK_MALLOC_MAX > 0 if (PNG_USER_CHUNK_MALLOC_MAX < limit) limit = PNG_USER_CHUNK_MALLOC_MAX; # endif if (png_ptr->chunk_name == png_IDAT) { png_alloc_size_t idat_limit = PNG_UINT_31_MAX; size_t row_factor = (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) + 1 + (png_ptr->interlaced? 6: 0)); if (png_ptr->height > PNG_UINT_32_MAX/row_factor) idat_limit=PNG_UINT_31_MAX; else idat_limit = png_ptr->height * row_factor; row_factor = row_factor > 32566? 32566 : row_factor; idat_limit += 6 + 5*(idat_limit/row_factor+1); idat_limit=idat_limit < PNG_UINT_31_MAX? idat_limit : PNG_UINT_31_MAX; limit = limit < idat_limit? idat_limit : limit; } if (length > limit) { png_debug2(0,"" length = %lu, limit = %lu"", (unsigned long)length,(unsigned long)limit); png_chunk_error(png_ptr, ""chunk data is too large""); } }",visit repo url,pngrutil.c,https://github.com/glennrp/libpng,23562601023460,1 2809,CWE-125,"void rdp_read_flow_control_pdu(wStream* s, UINT16* type) { UINT8 pduType; Stream_Read_UINT8(s, pduType); *type = pduType; Stream_Seek_UINT8(s); Stream_Seek_UINT8(s); Stream_Seek_UINT8(s); Stream_Seek_UINT16(s); }",visit repo url,libfreerdp/core/rdp.c,https://github.com/FreeRDP/FreeRDP,221369776818759,1 870,['CWE-119'],"isdn_write(struct file *file, const char __user *buf, size_t count, loff_t * off) { uint minor = iminor(file->f_path.dentry->d_inode); int drvidx; int chidx; int retval; if (minor == ISDN_MINOR_STATUS) return -EPERM; if (!dev->drivers) return -ENODEV; lock_kernel(); if (minor <= ISDN_MINOR_BMAX) { printk(KERN_WARNING ""isdn_write minor %d obsolete!\n"", minor); drvidx = isdn_minor2drv(minor); if (drvidx < 0) { retval = -ENODEV; goto out; } if (!(dev->drv[drvidx]->flags & DRV_FLAG_RUNNING)) { retval = -ENODEV; goto out; } chidx = isdn_minor2chan(minor); while ((retval = isdn_writebuf_stub(drvidx, chidx, buf, count)) == 0) interruptible_sleep_on(&dev->drv[drvidx]->snd_waitq[chidx]); goto out; } if (minor <= ISDN_MINOR_CTRLMAX) { drvidx = isdn_minor2drv(minor - ISDN_MINOR_CTRL); if (drvidx < 0) { retval = -ENODEV; goto out; } if (dev->drv[drvidx]->interface->writecmd) retval = dev->drv[drvidx]->interface-> writecmd(buf, count, drvidx, isdn_minor2chan(minor - ISDN_MINOR_CTRL)); else retval = count; goto out; } #ifdef CONFIG_ISDN_PPP if (minor <= ISDN_MINOR_PPPMAX) { retval = isdn_ppp_write(minor - ISDN_MINOR_PPP, file, buf, count); goto out; } #endif retval = -ENODEV; out: unlock_kernel(); return retval; }",linux-2.6,,,235823903944424813133761928945364315367,0 6209,['CWE-200'],"static void *ipmr_vif_seq_next(struct seq_file *seq, void *v, loff_t *pos) { struct ipmr_vif_iter *iter = seq->private; ++*pos; if (v == SEQ_START_TOKEN) return ipmr_vif_seq_idx(iter, 0); while (++iter->ct < maxvif) { if(!VIF_EXISTS(iter->ct)) continue; return &vif_table[iter->ct]; } return NULL; }",linux-2.6,,,17998105883892329336882589871806996954,0 299,[],"static int set_raw32_request(struct raw_config_request *req, struct raw32_config_request __user *user_req) { int ret; if (!access_ok(VERIFY_WRITE, user_req, sizeof(struct raw32_config_request))) return -EFAULT; ret = __put_user(req->raw_minor, &user_req->raw_minor); ret |= __put_user(req->block_major, &user_req->block_major); ret |= __put_user(req->block_minor, &user_req->block_minor); return ret ? -EFAULT : 0; }",linux-2.6,,,312379198308817079261417125844992111217,0 2678,CWE-190,"static int spl_filesystem_file_call(spl_filesystem_object *intern, zend_function *func_ptr, int pass_num_args, zval *return_value, zval *arg2 TSRMLS_DC) { zend_fcall_info fci; zend_fcall_info_cache fcic; zval z_fname; zval * zresource_ptr = &intern->u.file.zresource, *retval; int result; int num_args = pass_num_args + (arg2 ? 2 : 1); zval ***params = (zval***)safe_emalloc(num_args, sizeof(zval**), 0); params[0] = &zresource_ptr; if (arg2) { params[1] = &arg2; } zend_get_parameters_array_ex(pass_num_args, params+(arg2 ? 2 : 1)); ZVAL_STRING(&z_fname, func_ptr->common.function_name, 0); fci.size = sizeof(fci); fci.function_table = EG(function_table); fci.object_ptr = NULL; fci.function_name = &z_fname; fci.retval_ptr_ptr = &retval; fci.param_count = num_args; fci.params = params; fci.no_separation = 1; fci.symbol_table = NULL; fcic.initialized = 1; fcic.function_handler = func_ptr; fcic.calling_scope = NULL; fcic.called_scope = NULL; fcic.object_ptr = NULL; result = zend_call_function(&fci, &fcic TSRMLS_CC); if (result == FAILURE) { RETVAL_FALSE; } else { ZVAL_ZVAL(return_value, retval, 1, 1); } efree(params); return result; } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,1758071693893,1 2186,['CWE-193'],"static int __remove_suid(struct dentry *dentry, int kill) { struct iattr newattrs; newattrs.ia_valid = ATTR_FORCE | kill; return notify_change(dentry, &newattrs); }",linux-2.6,,,105901087016134991069969689120349583122,0 2260,['CWE-120'],"static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link) { int res = 0; char *name; if (IS_ERR(link)) goto fail; if (*link == '/') { path_put(&nd->path); if (!walk_init_root(link, nd)) goto out; } res = link_path_walk(link, nd); out: if (nd->depth || res || nd->last_type!=LAST_NORM) return res; name = __getname(); if (unlikely(!name)) { path_put(&nd->path); return -ENOMEM; } strcpy(name, nd->last.name); nd->last.name = name; return 0; fail: path_put(&nd->path); return PTR_ERR(link); }",linux-2.6,,,127452551865075486119837156160925430528,0 1017,['CWE-20'],"int in_group_p(gid_t grp) { int retval = 1; if (grp != current->fsgid) retval = groups_search(current->group_info, grp); return retval; }",linux-2.6,,,87807808930585025751490282131888388330,0 1304,['CWE-119'],"asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid) { unsigned char ch; *subid = 0; do { if (!asn1_octet_decode(ctx, &ch)) return 0; *subid <<= 7; *subid |= ch & 0x7F; } while ((ch & 0x80) == 0x80); return 1; }",linux-2.6,,,133373429366598707493079429711686965774,0 6722,CWE-787,"int ec_glob(const char *pattern, const char *string) { size_t i; int_pair * p; char * c; char pcre_str[2 * PATTERN_MAX] = ""^""; char * p_pcre; char * pcre_str_end; int brace_level = 0; _Bool is_in_bracket = 0; int error_code; size_t erroffset; pcre2_code * re; int rc; size_t * pcre_result; pcre2_match_data * pcre_match_data; char l_pattern[2 * PATTERN_MAX]; _Bool are_braces_paired = 1; UT_array * nums; int ret = 0; strcpy(l_pattern, pattern); p_pcre = pcre_str + 1; pcre_str_end = pcre_str + 2 * PATTERN_MAX; { int left_count = 0; int right_count = 0; for (c = l_pattern; *c; ++ c) { if (*c == '\\' && *(c+1) != '\0') { ++ c; continue; } if (*c == '}') ++ right_count; else if (*c == '{') ++ left_count; if (right_count > left_count) { are_braces_paired = 0; break; } } if (right_count != left_count) are_braces_paired = 0; } re = pcre2_compile(""^\\{[\\+\\-]?\\d+\\.\\.[\\+\\-]?\\d+\\}$"", PCRE2_ZERO_TERMINATED, 0, &error_code, &erroffset, NULL); if (!re) return -1; utarray_new(nums, &ut_int_pair_icd); for (c = l_pattern; *c; ++ c) { switch (*c) { case '\\': if (*(c+1) != '\0') { *(p_pcre ++) = *(c++); *(p_pcre ++) = *c; } else STRING_CAT(p_pcre, ""\\\\"", pcre_str_end); break; case '?': STRING_CAT(p_pcre, ""[^/]"", pcre_str_end); break; case '*': if (*(c+1) == '*') { STRING_CAT(p_pcre, "".*"", pcre_str_end); ++ c; } else STRING_CAT(p_pcre, ""[^\\/]*"", pcre_str_end); break; case '[': if (is_in_bracket) { STRING_CAT(p_pcre, ""\\["", pcre_str_end); break; } { _Bool has_slash = 0; char * cc; for (cc = c; *cc && *cc != ']'; ++ cc) { if (*cc == '\\' && *(cc+1) != '\0') { ++ cc; continue; } if (*cc == '/') { has_slash = 1; break; } } if (has_slash) { char * right_bracket = strchr(c, ']'); if (!right_bracket) right_bracket = c + strlen(c); strcat(p_pcre, ""\\""); strncat(p_pcre, c, right_bracket - c); if (*right_bracket) strcat(p_pcre, ""\\]""); p_pcre += strlen(p_pcre); c = right_bracket; if (!*c) c -= 1; break; } } is_in_bracket = 1; if (*(c+1) == '!') { STRING_CAT(p_pcre, ""[^"", pcre_str_end); ++ c; } else *(p_pcre ++) = '['; break; case ']': is_in_bracket = 0; *(p_pcre ++) = *c; break; case '-': if (is_in_bracket) *(p_pcre ++) = *c; else STRING_CAT(p_pcre, ""\\-"", pcre_str_end); break; case '{': if (!are_braces_paired) { STRING_CAT(p_pcre, ""\\{"", pcre_str_end); break; } { char * cc; _Bool is_single = 1; for (cc = c + 1; *cc != '\0' && *cc != '}'; ++ cc) { if (*cc == '\\' && *(cc+1) != '\0') { ++ cc; continue; } if (*cc == ',') { is_single = 0; break; } } if (*cc == '\0') is_single = 0; if (is_single) { const char * double_dots; int_pair pair; pcre2_match_data * match_data = pcre2_match_data_create_from_pattern(re, NULL); rc = pcre2_match(re, c, cc - c + 1, 0, 0, match_data, NULL); pcre2_match_data_free(match_data); if (rc < 0) { STRING_CAT(p_pcre, ""\\{"", pcre_str_end); memmove(cc+1, cc, strlen(cc) + 1); *cc = '\\'; break; } double_dots = strstr(c, ""..""); pair.num1 = ec_atoi(c + 1); pair.num2 = ec_atoi(double_dots + 2); utarray_push_back(nums, &pair); STRING_CAT(p_pcre, ""([\\+\\-]?\\d+)"", pcre_str_end); c = cc; break; } } ++ brace_level; STRING_CAT(p_pcre, ""(?:"", pcre_str_end); break; case '}': if (!are_braces_paired) { STRING_CAT(p_pcre, ""\\}"", pcre_str_end); break; } -- brace_level; *(p_pcre ++) = ')'; break; case ',': if (brace_level > 0) *(p_pcre ++) = '|'; else STRING_CAT(p_pcre, ""\\,"", pcre_str_end); break; case '/': if (!strncmp(c, ""/**/"", 4)) { STRING_CAT(p_pcre, ""(\\/|\\/.*\\/)"", pcre_str_end); c += 3; } else STRING_CAT(p_pcre, ""\\/"", pcre_str_end); break; default: if (!isalnum(*c)) *(p_pcre ++) = '\\'; *(p_pcre ++) = *c; } } *(p_pcre ++) = '$'; pcre2_code_free(re); re = pcre2_compile(pcre_str, PCRE2_ZERO_TERMINATED, 0, &error_code, &erroffset, NULL); if (!re) { utarray_free(nums); return -1; } pcre_match_data = pcre2_match_data_create_from_pattern(re, NULL); rc = pcre2_match(re, string, strlen(string), 0, 0, pcre_match_data, NULL); if (rc < 0) { if (rc == PCRE2_ERROR_NOMATCH) ret = EC_GLOB_NOMATCH; else ret = rc; goto cleanup; } pcre_result = pcre2_get_ovector_pointer(pcre_match_data); for(p = (int_pair *) utarray_front(nums), i = 1; p; ++ i, p = (int_pair *) utarray_next(nums, p)) { const char * substring_start = string + pcre_result[2 * i]; size_t substring_length = pcre_result[2 * i + 1] - pcre_result[2 * i]; char * num_string; int num; if (*substring_start == '0') break; num_string = strndup(substring_start, substring_length); if (num_string == NULL) { ret = -2; goto cleanup; } num = ec_atoi(num_string); free(num_string); if (num < p->num1 || num > p->num2) break; } if (p != NULL) ret = EC_GLOB_NOMATCH; cleanup: pcre2_code_free(re); pcre2_match_data_free(pcre_match_data); utarray_free(nums); return ret; }",visit repo url,src/lib/ec_glob.c,https://github.com/editorconfig/editorconfig-core-c,239310161034327,1 301,CWE-404,"static int cp2112_gpio_direction_output(struct gpio_chip *chip, unsigned offset, int value) { struct cp2112_device *dev = gpiochip_get_data(chip); struct hid_device *hdev = dev->hdev; u8 *buf = dev->in_out_buffer; unsigned long flags; int ret; spin_lock_irqsave(&dev->lock, flags); ret = hid_hw_raw_request(hdev, CP2112_GPIO_CONFIG, buf, CP2112_GPIO_CONFIG_LENGTH, HID_FEATURE_REPORT, HID_REQ_GET_REPORT); if (ret != CP2112_GPIO_CONFIG_LENGTH) { hid_err(hdev, ""error requesting GPIO config: %d\n"", ret); goto fail; } buf[1] |= 1 << offset; buf[2] = gpio_push_pull; ret = hid_hw_raw_request(hdev, CP2112_GPIO_CONFIG, buf, CP2112_GPIO_CONFIG_LENGTH, HID_FEATURE_REPORT, HID_REQ_SET_REPORT); if (ret < 0) { hid_err(hdev, ""error setting GPIO config: %d\n"", ret); goto fail; } spin_unlock_irqrestore(&dev->lock, flags); cp2112_gpio_set(chip, offset, value); return 0; fail: spin_unlock_irqrestore(&dev->lock, flags); return ret < 0 ? ret : -EIO; }",visit repo url,drivers/hid/hid-cp2112.c,https://github.com/torvalds/linux,89543554484245,1 334,['CWE-20'],"static void set_singlestep(struct task_struct *child) { struct pt_regs *regs = get_child_regs(child); set_tsk_thread_flag(child, TIF_SINGLESTEP); if (regs->eflags & TRAP_FLAG) return; regs->eflags |= TRAP_FLAG; if (is_setting_trap_flag(child, regs)) return; child->ptrace |= PT_DTRACE; }",linux-2.6,,,114342126874034297144179325621294212980,0 2758,['CWE-189'],"void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc, struct sctp_hmac_algo_param *hmacs) { struct sctp_endpoint *ep; __u16 id; int i; int n_params; if (asoc->default_hmac_id) return; n_params = (ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t)) >> 1; ep = asoc->ep; for (i = 0; i < n_params; i++) { id = ntohs(hmacs->hmac_ids[i]); if (id > SCTP_AUTH_HMAC_ID_MAX) continue; if (ep->auth_hmacs[id]) { asoc->default_hmac_id = id; break; } } }",linux-2.6,,,231982725765404062019006408660314219265,0 361,CWE-125,"void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk, struct sk_buff *skb) { int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP); struct scm_timestamping tss; int empty = 1; struct skb_shared_hwtstamps *shhwtstamps = skb_hwtstamps(skb); if (need_software_tstamp && skb->tstamp == 0) __net_timestamp(skb); if (need_software_tstamp) { if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) { struct timeval tv; skb_get_timestamp(skb, &tv); put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMP, sizeof(tv), &tv); } else { struct timespec ts; skb_get_timestampns(skb, &ts); put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPNS, sizeof(ts), &ts); } } memset(&tss, 0, sizeof(tss)); if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) && ktime_to_timespec_cond(skb->tstamp, tss.ts + 0)) empty = 0; if (shhwtstamps && (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) && ktime_to_timespec_cond(shhwtstamps->hwtstamp, tss.ts + 2)) empty = 0; if (!empty) { put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING, sizeof(tss), &tss); if (skb->len && (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_STATS)) put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS, skb->len, skb->data); } }",visit repo url,net/socket.c,https://github.com/torvalds/linux,273789701010079,1 6412,CWE-20,"error_t ksz8851UpdateMacAddrFilter(NetInterface *interface) { uint_t i; uint_t k; uint32_t crc; uint16_t hashTable[4]; MacFilterEntry *entry; TRACE_DEBUG(""Updating MAC filter...\r\n""); osMemset(hashTable, 0, sizeof(hashTable)); for(i = 0; i < MAC_ADDR_FILTER_SIZE; i++) { entry = &interface->macAddrFilter[i]; if(entry->refCount > 0) { crc = ksz8851CalcCrc(&entry->addr, sizeof(MacAddr)); k = (crc >> 26) & 0x3F; hashTable[k / 16] |= (1 << (k % 16)); } } ksz8851WriteReg(interface, KSZ8851_REG_MAHTR0, hashTable[0]); ksz8851WriteReg(interface, KSZ8851_REG_MAHTR1, hashTable[1]); ksz8851WriteReg(interface, KSZ8851_REG_MAHTR2, hashTable[2]); ksz8851WriteReg(interface, KSZ8851_REG_MAHTR3, hashTable[3]); TRACE_DEBUG("" MAHTR0 = %04"" PRIX16 ""\r\n"", ksz8851ReadReg(interface, KSZ8851_REG_MAHTR0)); TRACE_DEBUG("" MAHTR1 = %04"" PRIX16 ""\r\n"", ksz8851ReadReg(interface, KSZ8851_REG_MAHTR1)); TRACE_DEBUG("" MAHTR2 = %04"" PRIX16 ""\r\n"", ksz8851ReadReg(interface, KSZ8851_REG_MAHTR2)); TRACE_DEBUG("" MAHTR3 = %04"" PRIX16 ""\r\n"", ksz8851ReadReg(interface, KSZ8851_REG_MAHTR3)); return NO_ERROR; }",visit repo url,drivers/eth/ksz8851_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,52324498824548,1 495,[],"static ssize_t snd_mem_proc_write(struct file *file, const char __user * buffer, size_t count, loff_t * ppos) { char buf[128]; char *token, *p; if (count > sizeof(buf) - 1) return -EINVAL; if (copy_from_user(buf, buffer, count)) return -EFAULT; buf[count] = '\0'; p = buf; token = gettoken(&p); if (! token || *token == '#') return count; if (strcmp(token, ""add"") == 0) { char *endp; int vendor, device, size, buffers; long mask; int i, alloced; struct pci_dev *pci; if ((token = gettoken(&p)) == NULL || (vendor = simple_strtol(token, NULL, 0)) <= 0 || (token = gettoken(&p)) == NULL || (device = simple_strtol(token, NULL, 0)) <= 0 || (token = gettoken(&p)) == NULL || (mask = simple_strtol(token, NULL, 0)) < 0 || (token = gettoken(&p)) == NULL || (size = memparse(token, &endp)) < 64*1024 || size > 16*1024*1024 || (token = gettoken(&p)) == NULL || (buffers = simple_strtol(token, NULL, 0)) <= 0 || buffers > 4) { printk(KERN_ERR ""snd-page-alloc: invalid proc write format\n""); return count; } vendor &= 0xffff; device &= 0xffff; alloced = 0; pci = NULL; while ((pci = pci_get_device(vendor, device, pci)) != NULL) { if (mask > 0 && mask < 0xffffffff) { if (pci_set_dma_mask(pci, mask) < 0 || pci_set_consistent_dma_mask(pci, mask) < 0) { printk(KERN_ERR ""snd-page-alloc: cannot set DMA mask %lx for pci %04x:%04x\n"", mask, vendor, device); return count; } } for (i = 0; i < buffers; i++) { struct snd_dma_buffer dmab; memset(&dmab, 0, sizeof(dmab)); if (snd_dma_alloc_pages(SNDRV_DMA_TYPE_DEV, snd_dma_pci_data(pci), size, &dmab) < 0) { printk(KERN_ERR ""snd-page-alloc: cannot allocate buffer pages (size = %d)\n"", size); pci_dev_put(pci); return count; } snd_dma_reserve_buf(&dmab, snd_dma_pci_buf_id(pci)); } alloced++; } if (! alloced) { for (i = 0; i < buffers; i++) { struct snd_dma_buffer dmab; memset(&dmab, 0, sizeof(dmab)); if (snd_dma_alloc_pages(SNDRV_DMA_TYPE_DEV, NULL, size, &dmab) < 0) { printk(KERN_ERR ""snd-page-alloc: cannot allocate buffer pages (size = %d)\n"", size); break; } snd_dma_reserve_buf(&dmab, (unsigned int)((vendor << 16) | device)); } } } else if (strcmp(token, ""erase"") == 0) free_all_reserved_pages(); else printk(KERN_ERR ""snd-page-alloc: invalid proc cmd\n""); return count; }",linux-2.6,,,331559564737028705983074774692241209703,0 534,CWE-264,"static ssize_t map_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos, int cap_setid, struct uid_gid_map *map, struct uid_gid_map *parent_map) { struct seq_file *seq = file->private_data; struct user_namespace *ns = seq->private; struct uid_gid_map new_map; unsigned idx; struct uid_gid_extent *extent = NULL; unsigned long page = 0; char *kbuf, *pos, *next_line; ssize_t ret = -EINVAL; mutex_lock(&id_map_mutex); ret = -EPERM; if (map->nr_extents != 0) goto out; if (cap_valid(cap_setid) && !ns_capable(ns, cap_setid)) goto out; ret = -ENOMEM; page = __get_free_page(GFP_TEMPORARY); kbuf = (char *) page; if (!page) goto out; ret = -EINVAL; if ((*ppos != 0) || (count >= PAGE_SIZE)) goto out; ret = -EFAULT; if (copy_from_user(kbuf, buf, count)) goto out; kbuf[count] = '\0'; ret = -EINVAL; pos = kbuf; new_map.nr_extents = 0; for (;pos; pos = next_line) { extent = &new_map.extent[new_map.nr_extents]; next_line = strchr(pos, '\n'); if (next_line) { *next_line = '\0'; next_line++; if (*next_line == '\0') next_line = NULL; } pos = skip_spaces(pos); extent->first = simple_strtoul(pos, &pos, 10); if (!isspace(*pos)) goto out; pos = skip_spaces(pos); extent->lower_first = simple_strtoul(pos, &pos, 10); if (!isspace(*pos)) goto out; pos = skip_spaces(pos); extent->count = simple_strtoul(pos, &pos, 10); if (*pos && !isspace(*pos)) goto out; pos = skip_spaces(pos); if (*pos != '\0') goto out; if ((extent->first == (u32) -1) || (extent->lower_first == (u32) -1 )) goto out; if ((extent->first + extent->count) <= extent->first) goto out; if ((extent->lower_first + extent->count) <= extent->lower_first) goto out; if (mappings_overlap(&new_map, extent)) goto out; new_map.nr_extents++; if ((new_map.nr_extents == UID_GID_MAP_MAX_EXTENTS) && (next_line != NULL)) goto out; } if (new_map.nr_extents == 0) goto out; ret = -EPERM; if (!new_idmap_permitted(ns, cap_setid, &new_map)) goto out; for (idx = 0; idx < new_map.nr_extents; idx++) { u32 lower_first; extent = &new_map.extent[idx]; lower_first = map_id_range_down(parent_map, extent->lower_first, extent->count); if (lower_first == (u32) -1) goto out; extent->lower_first = lower_first; } memcpy(map->extent, new_map.extent, new_map.nr_extents*sizeof(new_map.extent[0])); smp_wmb(); map->nr_extents = new_map.nr_extents; *ppos = count; ret = count; out: mutex_unlock(&id_map_mutex); if (page) free_page(page); return ret; }",visit repo url,kernel/user_namespace.c,https://github.com/torvalds/linux,186859326124978,1 4929,['CWE-20'],"static void nfs_server_copy_userdata(struct nfs_server *target, struct nfs_server *source) { target->flags = source->flags; target->acregmin = source->acregmin; target->acregmax = source->acregmax; target->acdirmin = source->acdirmin; target->acdirmax = source->acdirmax; target->caps = source->caps; }",linux-2.6,,,78184866728405542219355929568307494488,0 2011,CWE-125,"static const char *vgacon_startup(void) { const char *display_desc = NULL; u16 saved1, saved2; volatile u16 *p; if (screen_info.orig_video_isVGA == VIDEO_TYPE_VLFB || screen_info.orig_video_isVGA == VIDEO_TYPE_EFI) { no_vga: #ifdef CONFIG_DUMMY_CONSOLE conswitchp = &dummy_con; return conswitchp->con_startup(); #else return NULL; #endif } if ((screen_info.orig_video_lines == 0) || (screen_info.orig_video_cols == 0)) goto no_vga; if ((screen_info.orig_video_mode == 0x0D) || (screen_info.orig_video_mode == 0x0E) || (screen_info.orig_video_mode == 0x10) || (screen_info.orig_video_mode == 0x12) || (screen_info.orig_video_mode == 0x6A)) goto no_vga; vga_video_num_lines = screen_info.orig_video_lines; vga_video_num_columns = screen_info.orig_video_cols; vgastate.vgabase = NULL; if (screen_info.orig_video_mode == 7) { vga_vram_base = 0xb0000; vga_video_port_reg = VGA_CRT_IM; vga_video_port_val = VGA_CRT_DM; if ((screen_info.orig_video_ega_bx & 0xff) != 0x10) { static struct resource ega_console_resource = { .name = ""ega"", .flags = IORESOURCE_IO, .start = 0x3B0, .end = 0x3BF }; vga_video_type = VIDEO_TYPE_EGAM; vga_vram_size = 0x8000; display_desc = ""EGA+""; request_resource(&ioport_resource, &ega_console_resource); } else { static struct resource mda1_console_resource = { .name = ""mda"", .flags = IORESOURCE_IO, .start = 0x3B0, .end = 0x3BB }; static struct resource mda2_console_resource = { .name = ""mda"", .flags = IORESOURCE_IO, .start = 0x3BF, .end = 0x3BF }; vga_video_type = VIDEO_TYPE_MDA; vga_vram_size = 0x2000; display_desc = ""*MDA""; request_resource(&ioport_resource, &mda1_console_resource); request_resource(&ioport_resource, &mda2_console_resource); vga_video_font_height = 14; } } else { vga_can_do_color = true; vga_vram_base = 0xb8000; vga_video_port_reg = VGA_CRT_IC; vga_video_port_val = VGA_CRT_DC; if ((screen_info.orig_video_ega_bx & 0xff) != 0x10) { int i; vga_vram_size = 0x8000; if (!screen_info.orig_video_isVGA) { static struct resource ega_console_resource = { .name = ""ega"", .flags = IORESOURCE_IO, .start = 0x3C0, .end = 0x3DF }; vga_video_type = VIDEO_TYPE_EGAC; display_desc = ""EGA""; request_resource(&ioport_resource, &ega_console_resource); } else { static struct resource vga_console_resource = { .name = ""vga+"", .flags = IORESOURCE_IO, .start = 0x3C0, .end = 0x3DF }; vga_video_type = VIDEO_TYPE_VGAC; display_desc = ""VGA+""; request_resource(&ioport_resource, &vga_console_resource); for (i = 0; i < 16; i++) { inb_p(VGA_IS1_RC); outb_p(i, VGA_ATT_W); outb_p(i, VGA_ATT_W); } outb_p(0x20, VGA_ATT_W); for (i = 0; i < 16; i++) { outb_p(color_table[i], VGA_PEL_IW); outb_p(default_red[i], VGA_PEL_D); outb_p(default_grn[i], VGA_PEL_D); outb_p(default_blu[i], VGA_PEL_D); } } } else { static struct resource cga_console_resource = { .name = ""cga"", .flags = IORESOURCE_IO, .start = 0x3D4, .end = 0x3D5 }; vga_video_type = VIDEO_TYPE_CGA; vga_vram_size = 0x2000; display_desc = ""*CGA""; request_resource(&ioport_resource, &cga_console_resource); vga_video_font_height = 8; } } vga_vram_base = VGA_MAP_MEM(vga_vram_base, vga_vram_size); vga_vram_end = vga_vram_base + vga_vram_size; p = (volatile u16 *) vga_vram_base; saved1 = scr_readw(p); saved2 = scr_readw(p + 1); scr_writew(0xAA55, p); scr_writew(0x55AA, p + 1); if (scr_readw(p) != 0xAA55 || scr_readw(p + 1) != 0x55AA) { scr_writew(saved1, p); scr_writew(saved2, p + 1); goto no_vga; } scr_writew(0x55AA, p); scr_writew(0xAA55, p + 1); if (scr_readw(p) != 0x55AA || scr_readw(p + 1) != 0xAA55) { scr_writew(saved1, p); scr_writew(saved2, p + 1); goto no_vga; } scr_writew(saved1, p); scr_writew(saved2, p + 1); if (vga_video_type == VIDEO_TYPE_EGAC || vga_video_type == VIDEO_TYPE_VGAC || vga_video_type == VIDEO_TYPE_EGAM) { vga_hardscroll_enabled = vga_hardscroll_user_enable; vga_default_font_height = screen_info.orig_video_points; vga_video_font_height = screen_info.orig_video_points; vga_scan_lines = vga_video_font_height * vga_video_num_lines; } vgacon_xres = screen_info.orig_video_cols * VGA_FONTWIDTH; vgacon_yres = vga_scan_lines; if (!vga_init_done) { vgacon_scrollback_startup(); vga_init_done = true; } return display_desc; }",visit repo url,drivers/video/console/vgacon.c,https://github.com/torvalds/linux,58408228585400,1 2329,['CWE-120'],"struct file *do_filp_open(int dfd, const char *pathname, int open_flag, int mode) { struct file *filp; struct nameidata nd; int acc_mode, error; struct path path; struct dentry *dir; int count = 0; int will_write; int flag = open_to_namei_flags(open_flag); acc_mode = ACC_MODE(flag); if (flag & O_TRUNC) acc_mode |= MAY_WRITE; if (flag & O_APPEND) acc_mode |= MAY_APPEND; if (!(flag & O_CREAT)) { error = path_lookup_open(dfd, pathname, lookup_flags(flag), &nd, flag); if (error) return ERR_PTR(error); goto ok; } error = path_lookup_create(dfd, pathname, LOOKUP_PARENT, &nd, flag, mode); if (error) return ERR_PTR(error); error = -EISDIR; if (nd.last_type != LAST_NORM || nd.last.name[nd.last.len]) goto exit; dir = nd.path.dentry; nd.flags &= ~LOOKUP_PARENT; mutex_lock(&dir->d_inode->i_mutex); path.dentry = lookup_hash(&nd); path.mnt = nd.path.mnt; do_last: error = PTR_ERR(path.dentry); if (IS_ERR(path.dentry)) { mutex_unlock(&dir->d_inode->i_mutex); goto exit; } if (IS_ERR(nd.intent.open.file)) { error = PTR_ERR(nd.intent.open.file); goto exit_mutex_unlock; } if (!path.dentry->d_inode) { error = mnt_want_write(nd.path.mnt); if (error) goto exit_mutex_unlock; error = __open_namei_create(&nd, &path, flag, mode); if (error) { mnt_drop_write(nd.path.mnt); goto exit; } filp = nameidata_to_filp(&nd, open_flag); mnt_drop_write(nd.path.mnt); return filp; } mutex_unlock(&dir->d_inode->i_mutex); audit_inode(pathname, path.dentry); error = -EEXIST; if (flag & O_EXCL) goto exit_dput; if (__follow_mount(&path)) { error = -ELOOP; if (flag & O_NOFOLLOW) goto exit_dput; } error = -ENOENT; if (!path.dentry->d_inode) goto exit_dput; if (path.dentry->d_inode->i_op && path.dentry->d_inode->i_op->follow_link) goto do_link; path_to_nameidata(&path, &nd); error = -EISDIR; if (path.dentry->d_inode && S_ISDIR(path.dentry->d_inode->i_mode)) goto exit; ok: will_write = open_will_write_to_fs(flag, nd.path.dentry->d_inode); if (will_write) { error = mnt_want_write(nd.path.mnt); if (error) goto exit; } error = may_open(&nd, acc_mode, flag); if (error) { if (will_write) mnt_drop_write(nd.path.mnt); goto exit; } filp = nameidata_to_filp(&nd, open_flag); if (will_write) mnt_drop_write(nd.path.mnt); return filp; exit_mutex_unlock: mutex_unlock(&dir->d_inode->i_mutex); exit_dput: path_put_conditional(&path, &nd); exit: if (!IS_ERR(nd.intent.open.file)) release_open_intent(&nd); path_put(&nd.path); return ERR_PTR(error); do_link: error = -ELOOP; if (flag & O_NOFOLLOW) goto exit_dput; nd.flags |= LOOKUP_PARENT; error = security_inode_follow_link(path.dentry, &nd); if (error) goto exit_dput; error = __do_follow_link(&path, &nd); if (error) { release_open_intent(&nd); return ERR_PTR(error); } nd.flags &= ~LOOKUP_PARENT; if (nd.last_type == LAST_BIND) goto ok; error = -EISDIR; if (nd.last_type != LAST_NORM) goto exit; if (nd.last.name[nd.last.len]) { __putname(nd.last.name); goto exit; } error = -ELOOP; if (count++==32) { __putname(nd.last.name); goto exit; } dir = nd.path.dentry; mutex_lock(&dir->d_inode->i_mutex); path.dentry = lookup_hash(&nd); path.mnt = nd.path.mnt; __putname(nd.last.name); goto do_last; }",linux-2.6,,,199426094808315849708396248624284481994,0 1820,CWE-415,"static struct rpmsg_device *rpmsg_virtio_add_ctrl_dev(struct virtio_device *vdev) { struct virtproc_info *vrp = vdev->priv; struct virtio_rpmsg_channel *vch; struct rpmsg_device *rpdev_ctrl; int err = 0; vch = kzalloc(sizeof(*vch), GFP_KERNEL); if (!vch) return ERR_PTR(-ENOMEM); vch->vrp = vrp; rpdev_ctrl = &vch->rpdev; rpdev_ctrl->ops = &virtio_rpmsg_ops; rpdev_ctrl->dev.parent = &vrp->vdev->dev; rpdev_ctrl->dev.release = virtio_rpmsg_release_device; rpdev_ctrl->little_endian = virtio_is_little_endian(vrp->vdev); err = rpmsg_ctrldev_register_device(rpdev_ctrl); if (err) { kfree(vch); return ERR_PTR(err); } return rpdev_ctrl; }",visit repo url,drivers/rpmsg/virtio_rpmsg_bus.c,https://github.com/torvalds/linux,56134985127336,1 2234,NVD-CWE-noinfo,"static void __nfs4_close(struct path *path, struct nfs4_state *state, mode_t mode, int wait) { struct nfs4_state_owner *owner = state->owner; int call_close = 0; int newstate; atomic_inc(&owner->so_count); spin_lock(&owner->so_lock); switch (mode & (FMODE_READ | FMODE_WRITE)) { case FMODE_READ: state->n_rdonly--; break; case FMODE_WRITE: state->n_wronly--; break; case FMODE_READ|FMODE_WRITE: state->n_rdwr--; } newstate = FMODE_READ|FMODE_WRITE; if (state->n_rdwr == 0) { if (state->n_rdonly == 0) { newstate &= ~FMODE_READ; call_close |= test_bit(NFS_O_RDONLY_STATE, &state->flags); call_close |= test_bit(NFS_O_RDWR_STATE, &state->flags); } if (state->n_wronly == 0) { newstate &= ~FMODE_WRITE; call_close |= test_bit(NFS_O_WRONLY_STATE, &state->flags); call_close |= test_bit(NFS_O_RDWR_STATE, &state->flags); } if (newstate == 0) clear_bit(NFS_DELEGATED_STATE, &state->flags); } nfs4_state_set_mode_locked(state, newstate); spin_unlock(&owner->so_lock); if (!call_close) { nfs4_put_open_state(state); nfs4_put_state_owner(owner); } else nfs4_do_close(path, state, wait); }",visit repo url,fs/nfs/nfs4state.c,https://github.com/torvalds/linux,117905203453922,1 1515,[],"static void unregister_sched_domain_sysctl(void) { }",linux-2.6,,,10400662381386140468529565903821050542,0 5493,['CWE-476'],"void kvm_report_emulation_failure(struct kvm_vcpu *vcpu, const char *context) { u8 opcodes[4]; unsigned long rip = kvm_rip_read(vcpu); unsigned long rip_linear; if (!printk_ratelimit()) return; rip_linear = rip + get_segment_base(vcpu, VCPU_SREG_CS); kvm_read_guest_virt(rip_linear, (void *)opcodes, 4, vcpu); printk(KERN_ERR ""emulation failed (%s) rip %lx %02x %02x %02x %02x\n"", context, rip, opcodes[0], opcodes[1], opcodes[2], opcodes[3]); }",linux-2.6,,,235926794284708190196319780510857022591,0 3135,['CWE-189'],"static int mem_close(jas_stream_obj_t *obj) { jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj; if (m->myalloc_ && m->buf_) { jas_free(m->buf_); m->buf_ = 0; } jas_free(obj); return 0; }",jasper,,,286688447784317248717160354868248648286,0 1408,[],"static struct sched_entity *__pick_next_entity(struct cfs_rq *cfs_rq) { return rb_entry(first_fair(cfs_rq), struct sched_entity, run_node); }",linux-2.6,,,85497484407454326705698717300656633643,0 3683,['CWE-20'],"int hfsplus_block_allocate(struct super_block *sb, u32 size, u32 offset, u32 *max) { struct page *page; struct address_space *mapping; __be32 *pptr, *curr, *end; u32 mask, start, len, n; __be32 val; int i; len = *max; if (!len) return size; dprint(DBG_BITMAP, ""block_allocate: %u,%u,%u\n"", size, offset, len); mutex_lock(&HFSPLUS_SB(sb).alloc_file->i_mutex); mapping = HFSPLUS_SB(sb).alloc_file->i_mapping; page = read_mapping_page(mapping, offset / PAGE_CACHE_BITS, NULL); if (IS_ERR(page)) { start = size; goto out; } pptr = kmap(page); curr = pptr + (offset & (PAGE_CACHE_BITS - 1)) / 32; i = offset % 32; offset &= ~(PAGE_CACHE_BITS - 1); if ((size ^ offset) / PAGE_CACHE_BITS) end = pptr + PAGE_CACHE_BITS / 32; else end = pptr + ((size + 31) & (PAGE_CACHE_BITS - 1)) / 32; val = *curr; if (~val) { n = be32_to_cpu(val); mask = (1U << 31) >> i; for (; i < 32; mask >>= 1, i++) { if (!(n & mask)) goto found; } } curr++; while (1) { while (curr < end) { val = *curr; if (~val) { n = be32_to_cpu(val); mask = 1 << 31; for (i = 0; i < 32; mask >>= 1, i++) { if (!(n & mask)) goto found; } } curr++; } kunmap(page); offset += PAGE_CACHE_BITS; if (offset >= size) break; page = read_mapping_page(mapping, offset / PAGE_CACHE_BITS, NULL); if (IS_ERR(page)) { start = size; goto out; } curr = pptr = kmap(page); if ((size ^ offset) / PAGE_CACHE_BITS) end = pptr + PAGE_CACHE_BITS / 32; else end = pptr + ((size + 31) & (PAGE_CACHE_BITS - 1)) / 32; } dprint(DBG_BITMAP, ""bitmap full\n""); start = size; goto out; found: start = offset + (curr - pptr) * 32 + i; if (start >= size) { dprint(DBG_BITMAP, ""bitmap full\n""); goto out; } len = min(size - start, len); while (1) { n |= mask; if (++i >= 32) break; mask >>= 1; if (!--len || n & mask) goto done; } if (!--len) goto done; *curr++ = cpu_to_be32(n); while (1) { while (curr < end) { n = be32_to_cpu(*curr); if (len < 32) goto last; if (n) { len = 32; goto last; } *curr++ = cpu_to_be32(0xffffffff); len -= 32; } set_page_dirty(page); kunmap(page); offset += PAGE_CACHE_BITS; page = read_mapping_page(mapping, offset / PAGE_CACHE_BITS, NULL); if (IS_ERR(page)) { start = size; goto out; } pptr = kmap(page); curr = pptr; end = pptr + PAGE_CACHE_BITS / 32; } last: mask = 1U << 31; for (i = 0; i < len; i++) { if (n & mask) break; n |= mask; mask >>= 1; } done: *curr = cpu_to_be32(n); set_page_dirty(page); kunmap(page); *max = offset + (curr - pptr) * 32 + i - start; HFSPLUS_SB(sb).free_blocks -= *max; sb->s_dirt = 1; dprint(DBG_BITMAP, ""-> %u,%u\n"", start, *max); out: mutex_unlock(&HFSPLUS_SB(sb).alloc_file->i_mutex); return start; }",linux-2.6,,,233847245052184033481551786746005091494,0 4553,CWE-125,"GF_Err vobsub_read_idx(FILE *file, vobsub_file *vobsub, s32 *version) { char strbuf[256]; char *str, *pos, *entry; s32 line, id =-1, delay = 0; Bool error = 0; for (line = 0; !error && gf_fgets(strbuf, sizeof(strbuf), file); line++) { str = strtrim(strbuf); if (line == 0) { char *buf = ""VobSub index file, v""; pos = strstr(str, buf); if (pos == NULL || sscanf(pos + strlen(buf), ""%d"", version) != 1 || *version > VOBSUBIDXVER) { error = 1; continue; } } else if (strlen(str) == 0) { continue; } else if (str[0] == '#') { continue; } pos = strchr(str, ':'); if (pos == NULL || pos == str) { continue; } entry = str; *pos = '\0'; str = strtrim(pos + 1); if (strlen(str) == 0) { continue; } if (stricmp(entry, ""size"") == 0) { s32 w, h; if (sscanf(str, ""%dx%d"", &w, &h) != 2) { error = 1; } vobsub->width = w; vobsub->height = h; } else if (stricmp(entry, ""palette"") == 0) { s32 c; u8 palette[16][4]; if (sscanf(str, ""%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x"", (u32 *) &palette[0], (u32 *) &palette[1], (u32 *) &palette[2], (u32 *) &palette[3], (u32 *) &palette[4], (u32 *) &palette[5], (u32 *) &palette[6], (u32 *) &palette[7], (u32 *) &palette[8], (u32 *) &palette[9], (u32 *) &palette[10], (u32 *) &palette[11], (u32 *) &palette[12],(u32 *) &palette[13],(u32 *) &palette[14], (u32 *) &palette[15]) != 16) { error = 1; continue; } for (c = 0; c < 16; c++) { u8 r, g, b; r = palette[c][2]; g = palette[c][1]; b = palette[c][0]; vobsub->palette[c][0] = 0; vobsub->palette[c][1] = (( 66 * r + 129 * g + 25 * b + 128 + 4096) >> 8) & 0xff; vobsub->palette[c][2] = ((112 * r - 94 * g - 18 * b + 128 + 32768) >> 8) & 0xff; vobsub->palette[c][3] = ((-38 * r - 74 * g + 112 * b + 128 + 32768) >> 8) & 0xff; } } else if (stricmp(entry, ""id"") == 0) { char *buf = ""index:""; s32 lang_id; strlwr(str); lang_id = ((str[0] & 0xff) << 8) | (str[1] & 0xff); pos = strstr(str, buf); if (pos == NULL) { error = 1; continue; } if (sscanf(pos + strlen(buf), ""%d"", &id) != 1 || id < 0 || id >= 32) { error = 1; continue; } vobsub->langs[id].id = lang_id; vobsub->langs[id].name = lang_table[vobsub_lang_name((u16)lang_id)].lang; vobsub->langs[id].idx = id; vobsub->langs[id].subpos = gf_list_new(); if (vobsub->langs[id].subpos == NULL) { error = 1; continue; } delay = 0; vobsub->num_langs++; } else if (id >= 0 && stricmp(entry, ""delay"") == 0) { s32 hh, mm, ss, ms; char c; s32 sign = (str[0] == '-') ? -1 : 1; pos = str; while (*pos == '-' || *pos == '+') pos++; if (sscanf(pos, ""%d%c%d%c%d%c%d"", &hh, &c, &mm, &c, &ss, &c, &ms) != 7) { error = 1; continue; } delay += (hh*60*60*1000 + mm*60*1000 + ss*1000 + ms) * sign; } else if (id >= 0 && stricmp(entry, ""timestamp"") == 0) { vobsub_pos *vspos; s32 sign; char c; s32 hh, mm, ss, ms; char *buf = ""filepos:""; vspos = (vobsub_pos*)gf_calloc(1, sizeof(vobsub_pos)); if (vspos == NULL) { error = 1; continue; } sign = (str[0] == '-') ? -1 : 1; while (*str == '-' || *str == '+') str++; if (sscanf(str, ""%d%c%d%c%d%c%d"", &hh, &c, &mm, &c, &ss, &c, &ms) != 7) { gf_free(vspos); error = 1; continue; } vspos->start = (((hh*60 + mm)*60 + ss)*1000 + ms) * sign + delay; pos = strstr(str, buf); if (pos == NULL) { gf_free(vspos); error = 1; continue; } if (sscanf(pos + strlen(buf), LLX, &vspos->filepos) != 1) { gf_free(vspos); error = 1; continue; } if (delay < 0 && gf_list_count(vobsub->langs[id].subpos) > 0) { vobsub_pos *vspos_next; vspos_next = (vobsub_pos*)gf_list_get(vobsub->langs[id].subpos, gf_list_count(vobsub->langs[id].subpos) - 1); if (vspos->start < vspos_next->start) { delay += (s32)(vspos_next->start - vspos->start); vspos->start = vspos_next->start; } } if (gf_list_add(vobsub->langs[id].subpos, vspos) != GF_OK) { gf_free(vspos); error = 1; continue; } } } return error ? GF_CORRUPTED_DATA : GF_OK; }",visit repo url,src/media_tools/vobsub.c,https://github.com/gpac/gpac,74119356281175,1 1200,['CWE-189'],"static inline int hrtimer_enqueue_reprogram(struct hrtimer *timer, struct hrtimer_clock_base *base) { return 0; }",linux-2.6,,,82010261990736655669863906250781692455,0 2713,[],"static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_authchunks __user *p = (void __user *)optval; struct sctp_authchunks val; struct sctp_association *asoc; struct sctp_chunks_param *ch; u32 num_chunks = 0; char __user *to; if (!sctp_auth_enable) return -EACCES; if (len < sizeof(struct sctp_authchunks)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) return -EFAULT; to = p->gauth_chunks; asoc = sctp_id2assoc(sk, val.gauth_assoc_id); if (!asoc) return -EINVAL; ch = asoc->peer.peer_chunks; if (!ch) goto num; num_chunks = ntohs(ch->param_hdr.length) - sizeof(sctp_paramhdr_t); if (len < num_chunks) return -EINVAL; if (copy_to_user(to, ch->chunks, num_chunks)) return -EFAULT; num: len = sizeof(struct sctp_authchunks) + num_chunks; if (put_user(len, optlen)) return -EFAULT; if (put_user(num_chunks, &p->gauth_number_of_chunks)) return -EFAULT; return 0; }",linux-2.6,,,232024984204578800376969440123728238688,0 6613,['CWE-200'],"static void nma_icons_free (NMApplet *applet) { int i, j; if (!applet->icons_loaded) return; for (i = 0; i <= ICON_LAYER_MAX; i++) CLEAR_ICON(applet->icon_layers[i]); CLEAR_ICON(applet->no_connection_icon); CLEAR_ICON(applet->wired_icon); CLEAR_ICON(applet->adhoc_icon); CLEAR_ICON(applet->wwan_icon); CLEAR_ICON(applet->vpn_lock_icon); CLEAR_ICON(applet->wireless_00_icon); CLEAR_ICON(applet->wireless_25_icon); CLEAR_ICON(applet->wireless_50_icon); CLEAR_ICON(applet->wireless_75_icon); CLEAR_ICON(applet->wireless_100_icon); for (i = 0; i < NUM_CONNECTING_STAGES; i++) { for (j = 0; j < NUM_CONNECTING_FRAMES; j++) CLEAR_ICON(applet->network_connecting_icons[i][j]); } for (i = 0; i < NUM_VPN_CONNECTING_FRAMES; i++) CLEAR_ICON(applet->vpn_connecting_icons[i]); for (i = 0; i <= ICON_LAYER_MAX; i++) CLEAR_ICON(applet->icon_layers[i]); applet->icons_loaded = FALSE; }",network-manager-applet,,,206886449891211599746407156317877627970,0 4485,CWE-203,"static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, ecc_point* pubOut) { int err = MP_OKAY; #ifndef WOLFSSL_ATECC508A #ifndef WOLFSSL_SP_MATH ecc_point* base = NULL; #endif ecc_point* pub; DECLARE_CURVE_SPECS(curve, ECC_CURVE_FIELD_COUNT); #endif if (key == NULL) { return BAD_FUNC_ARG; } #ifndef WOLFSSL_ATECC508A if (pubOut != NULL) { pub = pubOut; } else { pub = &key->pubkey; key->type = ECC_PRIVATEKEY_ONLY; } if (curveIn != NULL) { curve = curveIn; } else { if (err == MP_OKAY) { ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT); err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL); } } if (err == MP_OKAY) { #ifndef ALT_ECC_SIZE err = mp_init_multi(pub->x, pub->y, pub->z, NULL, NULL, NULL); #else pub->x = (mp_int*)&pub->xyz[0]; pub->y = (mp_int*)&pub->xyz[1]; pub->z = (mp_int*)&pub->xyz[2]; alt_fp_init(pub->x); alt_fp_init(pub->y); alt_fp_init(pub->z); #endif } #ifdef WOLFSSL_HAVE_SP_ECC #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { if (err == MP_OKAY) err = sp_ecc_mulmod_base_256(&key->k, pub, 1, key->heap); } else #endif #ifdef WOLFSSL_SP_384 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP384R1) { if (err == MP_OKAY) err = sp_ecc_mulmod_base_384(&key->k, pub, 1, key->heap); } else #endif #endif #ifdef WOLFSSL_SP_MATH err = WC_KEY_SIZE_E; #else { if (err == MP_OKAY) { base = wc_ecc_new_point_h(key->heap); if (base == NULL) err = MEMORY_E; } if (err == MP_OKAY) err = mp_copy(curve->Gx, base->x); if (err == MP_OKAY) err = mp_copy(curve->Gy, base->y); if (err == MP_OKAY) err = mp_set(base->z, 1); if (err == MP_OKAY) { err = wc_ecc_mulmod_ex(&key->k, base, pub, curve->Af, curve->prime, 1, key->heap); if (err == MP_MEM) { err = MEMORY_E; } } wc_ecc_del_point_h(base, key->heap); } #endif #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN if (err == MP_OKAY) err = ecc_check_pubkey_order(key, pub, curve->Af, curve->prime, curve->order); #endif if (err != MP_OKAY) { #ifndef ALT_ECC_SIZE mp_clear(pub->x); mp_clear(pub->y); mp_clear(pub->z); #endif } if (curveIn == NULL) { wc_ecc_curve_free(curve); FREE_CURVE_SPECS(); } #else (void)curveIn; err = NOT_COMPILED_IN; #endif if (key->type == ECC_PRIVATEKEY_ONLY && pubOut == NULL) { key->type = ECC_PRIVATEKEY; } return err; }",visit repo url,wolfcrypt/src/ecc.c,https://github.com/wolfSSL/wolfssl,240044339255650,1 4732,CWE-476,"CompileKeymap(XkbFile *file, struct xkb_keymap *keymap, enum merge_mode merge) { bool ok; XkbFile *files[LAST_KEYMAP_FILE_TYPE + 1] = { NULL }; enum xkb_file_type type; struct xkb_context *ctx = keymap->ctx; for (file = (XkbFile *) file->defs; file; file = (XkbFile *) file->common.next) { if (file->file_type < FIRST_KEYMAP_FILE_TYPE || file->file_type > LAST_KEYMAP_FILE_TYPE) { log_err(ctx, ""Cannot define %s in a keymap file\n"", xkb_file_type_to_string(file->file_type)); continue; } if (files[file->file_type]) { log_err(ctx, ""More than one %s section in keymap file; "" ""All sections after the first ignored\n"", xkb_file_type_to_string(file->file_type)); continue; } files[file->file_type] = file; } ok = true; for (type = FIRST_KEYMAP_FILE_TYPE; type <= LAST_KEYMAP_FILE_TYPE; type++) { if (files[type] == NULL) { log_err(ctx, ""Required section %s missing from keymap\n"", xkb_file_type_to_string(type)); ok = false; } } if (!ok) return false; for (type = FIRST_KEYMAP_FILE_TYPE; type <= LAST_KEYMAP_FILE_TYPE; type++) { log_dbg(ctx, ""Compiling %s \""%s\""\n"", xkb_file_type_to_string(type), files[type]->name); ok = compile_file_fns[type](files[type], keymap, merge); if (!ok) { log_err(ctx, ""Failed to compile %s\n"", xkb_file_type_to_string(type)); return false; } } return UpdateDerivedKeymapFields(keymap); }",visit repo url,src/xkbcomp/keymap.c,https://github.com/xkbcommon/libxkbcommon,19447630377357,1 5760,CWE-190,"MONGO_EXPORT mongo_cursor *gridfile_get_chunks( gridfile *gfile, int start, int size ) { bson_iterator it; bson_oid_t id; bson gte; bson query; bson orderby; bson command; mongo_cursor *cursor; bson_find( &it, gfile->meta, ""_id"" ); id = *bson_iterator_oid( &it ); bson_init( &query ); bson_append_oid( &query, ""files_id"", &id ); if ( size == 1 ) { bson_append_int( &query, ""n"", start ); } else { bson_init( >e ); bson_append_int( >e, ""$gte"", start ); bson_finish( >e ); bson_append_bson( &query, ""n"", >e ); bson_destroy( >e ); } bson_finish( &query ); bson_init( &orderby ); bson_append_int( &orderby, ""n"", 1 ); bson_finish( &orderby ); bson_init( &command ); bson_append_bson( &command, ""query"", &query ); bson_append_bson( &command, ""orderby"", &orderby ); bson_finish( &command ); cursor = mongo_find( gfile->gfs->client, gfile->gfs->chunks_ns, &command, NULL, size, 0, 0 ); bson_destroy( &command ); bson_destroy( &query ); bson_destroy( &orderby ); return cursor; }",visit repo url,src/gridfs.c,https://github.com/10gen-archive/mongo-c-driver-legacy,271281210802195,1 565,[],"static ssize_t bad_file_aio_write(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos) { return -EIO; }",linux-2.6,,,317742677344777767905087947823390987882,0 2996,['CWE-189'],"void jpc_restore_t2state(jpc_enc_t *enc) { jpc_enc_tcmpt_t *comp; jpc_enc_tcmpt_t *endcomps; jpc_enc_rlvl_t *lvl; jpc_enc_rlvl_t *endlvls; jpc_enc_band_t *band; jpc_enc_band_t *endbands; jpc_enc_cblk_t *cblk; jpc_enc_cblk_t *endcblks; jpc_enc_tile_t *tile; int prcno; jpc_enc_prc_t *prc; tile = enc->curtile; endcomps = &tile->tcmpts[tile->numtcmpts]; for (comp = tile->tcmpts; comp != endcomps; ++comp) { endlvls = &comp->rlvls[comp->numrlvls]; for (lvl = comp->rlvls; lvl != endlvls; ++lvl) { if (!lvl->bands) { continue; } endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { continue; } for (prcno = 0, prc = band->prcs; prcno < lvl->numprcs; ++prcno, ++prc) { if (!prc->cblks) { continue; } jpc_tagtree_copy(prc->incltree, prc->savincltree); jpc_tagtree_copy(prc->nlibtree, prc->savnlibtree); endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { cblk->curpass = cblk->savedcurpass; cblk->numencpasses = cblk->savednumencpasses; cblk->numlenbits = cblk->savednumlenbits; } } } } } }",jasper,,,211115087980290796176751907414577856600,0 1541,[],"static inline void hrtick_clear(struct rq *rq) { }",linux-2.6,,,118346527290129519665554631752232258810,0 1384,[],"account_entity_enqueue(struct cfs_rq *cfs_rq, struct sched_entity *se) { update_load_add(&cfs_rq->load, se->load.weight); cfs_rq->nr_running++; se->on_rq = 1; }",linux-2.6,,,188637679406001050400954548491900931150,0 5842,['CWE-200'],"static int econet_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; size_t copied; int err; msg->msg_namelen = sizeof(struct sockaddr_ec); mutex_lock(&econet_mutex); skb=skb_recv_datagram(sk,flags,flags&MSG_DONTWAIT,&err); if(skb==NULL) goto out; copied = skb->len; if (copied > len) { copied=len; msg->msg_flags|=MSG_TRUNC; } err = memcpy_toiovec(msg->msg_iov, skb->data, copied); if (err) goto out_free; sk->sk_stamp = skb->tstamp; if (msg->msg_name) memcpy(msg->msg_name, skb->cb, msg->msg_namelen); err = copied; out_free: skb_free_datagram(sk, skb); out: mutex_unlock(&econet_mutex); return err; }",linux-2.6,,,81344156544146839258161667802459297074,0 3552,CWE-20,"static int jas_iccgetuint64(jas_stream_t *in, jas_iccuint64_t *val) { ulonglong tmp; if (jas_iccgetuint(in, 8, &tmp)) return -1; *val = tmp; return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,54399428591160,1 4410,CWE-476,"mrb_mod_define_method_m(mrb_state *mrb, struct RClass *c) { struct RProc *p; mrb_method_t m; mrb_sym mid; mrb_value proc = mrb_undef_value(); mrb_value blk; mrb_get_args(mrb, ""n|o&"", &mid, &proc, &blk); switch (mrb_type(proc)) { case MRB_TT_PROC: blk = proc; break; case MRB_TT_UNDEF: break; default: mrb_raisef(mrb, E_TYPE_ERROR, ""wrong argument type %T (expected Proc)"", proc); break; } if (mrb_nil_p(blk)) { mrb_raise(mrb, E_ARGUMENT_ERROR, ""no block given""); } p = MRB_OBJ_ALLOC(mrb, MRB_TT_PROC, mrb->proc_class); mrb_proc_copy(p, mrb_proc_ptr(blk)); p->flags |= MRB_PROC_STRICT; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, c, mid, m); mrb_method_added(mrb, c, mid); return mrb_symbol_value(mid); }",visit repo url,src/class.c,https://github.com/mruby/mruby,53747529762251,1 1966,CWE-401,"static ssize_t sof_dfsentry_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos) { #if IS_ENABLED(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST) struct snd_sof_dfsentry *dfse = file->private_data; struct snd_sof_dev *sdev = dfse->sdev; unsigned long ipc_duration_ms = 0; bool flood_duration_test = false; unsigned long ipc_count = 0; struct dentry *dentry; int err; #endif size_t size; char *string; int ret; string = kzalloc(count, GFP_KERNEL); if (!string) return -ENOMEM; size = simple_write_to_buffer(string, count, ppos, buffer, count); ret = size; #if IS_ENABLED(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST) dentry = file->f_path.dentry; if (strcmp(dentry->d_name.name, ""ipc_flood_count"") && strcmp(dentry->d_name.name, ""ipc_flood_duration_ms"")) return -EINVAL; if (!strcmp(dentry->d_name.name, ""ipc_flood_duration_ms"")) flood_duration_test = true; if (flood_duration_test) ret = kstrtoul(string, 0, &ipc_duration_ms); else ret = kstrtoul(string, 0, &ipc_count); if (ret < 0) goto out; if (flood_duration_test) { if (!ipc_duration_ms) { ret = size; goto out; } if (ipc_duration_ms > MAX_IPC_FLOOD_DURATION_MS) ipc_duration_ms = MAX_IPC_FLOOD_DURATION_MS; } else { if (!ipc_count) { ret = size; goto out; } if (ipc_count > MAX_IPC_FLOOD_COUNT) ipc_count = MAX_IPC_FLOOD_COUNT; } ret = pm_runtime_get_sync(sdev->dev); if (ret < 0) { dev_err_ratelimited(sdev->dev, ""error: debugfs write failed to resume %d\n"", ret); pm_runtime_put_noidle(sdev->dev); goto out; } ret = sof_debug_ipc_flood_test(sdev, dfse, flood_duration_test, ipc_duration_ms, ipc_count); pm_runtime_mark_last_busy(sdev->dev); err = pm_runtime_put_autosuspend(sdev->dev); if (err < 0) dev_err_ratelimited(sdev->dev, ""error: debugfs write failed to idle %d\n"", err); if (ret >= 0) ret = size; out: #endif kfree(string); return ret; }",visit repo url,sound/soc/sof/debug.c,https://github.com/torvalds/linux,81946266830913,1 1095,CWE-362,"struct sock *dccp_v4_request_recv_sock(struct sock *sk, struct sk_buff *skb, struct request_sock *req, struct dst_entry *dst) { struct inet_request_sock *ireq; struct inet_sock *newinet; struct sock *newsk; if (sk_acceptq_is_full(sk)) goto exit_overflow; if (dst == NULL && (dst = inet_csk_route_req(sk, req)) == NULL) goto exit; newsk = dccp_create_openreq_child(sk, req, skb); if (newsk == NULL) goto exit_nonewsk; sk_setup_caps(newsk, dst); newinet = inet_sk(newsk); ireq = inet_rsk(req); newinet->inet_daddr = ireq->rmt_addr; newinet->inet_rcv_saddr = ireq->loc_addr; newinet->inet_saddr = ireq->loc_addr; newinet->opt = ireq->opt; ireq->opt = NULL; newinet->mc_index = inet_iif(skb); newinet->mc_ttl = ip_hdr(skb)->ttl; newinet->inet_id = jiffies; dccp_sync_mss(newsk, dst_mtu(dst)); if (__inet_inherit_port(sk, newsk) < 0) { sock_put(newsk); goto exit; } __inet_hash_nolisten(newsk, NULL); return newsk; exit_overflow: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); exit_nonewsk: dst_release(dst); exit: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); return NULL; }",visit repo url,net/dccp/ipv4.c,https://github.com/torvalds/linux,6581538257299,1 4016,['CWE-362'],"static void unpin_and_kill(struct inotify_watch *watch, int how) { struct super_block *sb = watch->inode->i_sb; put_inotify_watch(watch); switch (how) { case 1: deactivate_super(sb); break; case 2: drop_super(sb); } }",linux-2.6,,,141983885734944716770702669947644212164,0 3628,CWE-416,"static void async_polkit_query_free(AsyncPolkitQuery *q) { if (!q) return; sd_bus_slot_unref(q->slot); if (q->registry && q->request) hashmap_remove(q->registry, q->request); sd_bus_message_unref(q->request); sd_bus_message_unref(q->reply); free(q->action); strv_free(q->details); free(q); }",visit repo url,src/shared/bus-polkit.c,https://github.com/systemd/systemd,64528977176203,1 4337,['CWE-119'],"static status ParseFrameCount (AFfilehandle filehandle, AFvirtualfile *fp, uint32_t id, size_t size) { uint32_t totalFrames; _Track *track; track = _af_filehandle_get_track(filehandle, AF_DEFAULT_TRACK); af_read_uint32_le(&totalFrames, fp); track->totalfframes = totalFrames; return AF_SUCCEED; }",audiofile,,,234496714543987920392061169079388051255,0 3342,[],"static inline int nla_nest_compat_end(struct sk_buff *skb, struct nlattr *start) { struct nlattr *nest = (void *)start + NLMSG_ALIGN(start->nla_len); start->nla_len = skb_tail_pointer(skb) - (unsigned char *)start; return nla_nest_end(skb, nest); }",linux-2.6,,,254914989881275668106335153849008474243,0 1410,[],"static void check_spread(struct cfs_rq *cfs_rq, struct sched_entity *se) { #ifdef CONFIG_SCHED_DEBUG s64 d = se->vruntime - cfs_rq->min_vruntime; if (d < 0) d = -d; if (d > 3*sysctl_sched_latency) schedstat_inc(cfs_rq, nr_spread_over); #endif }",linux-2.6,,,299640915655860836057762652327354805691,0 2795,['CWE-264'],"static int __init sbni_init(struct net_device *dev) { int i; if( dev->base_addr ) return sbni_isa_probe( dev ); if( io[ num ] != -1 ) dev->base_addr = io[ num ], dev->irq = irq[ num ]; else if( scandone || io[ 0 ] != -1 ) return -ENODEV; if( dev->base_addr ) return sbni_isa_probe( dev ); if( !skip_pci_probe && !sbni_pci_probe( dev ) ) return 0; if( io[ num ] == -1 ) { scandone = 1; if( num > 0 ) return -ENODEV; } for( i = 0; netcard_portlist[ i ]; ++i ) { int ioaddr = netcard_portlist[ i ]; if( request_region( ioaddr, SBNI_IO_EXTENT, dev->name ) && sbni_probe1( dev, ioaddr, 0 )) return 0; } return -ENODEV; }",linux-2.6,,,214086691161495212970362013776871450574,0 4590,['CWE-399'],"static int ext4_indirect_trans_blocks(struct inode *inode, int nrblocks, int chunk) { int indirects; if (chunk) { indirects = nrblocks / EXT4_ADDR_PER_BLOCK(inode->i_sb); return indirects + 3; } indirects = nrblocks * 2 + 1; return indirects; }",linux-2.6,,,204396665353144011359071098247086701228,0 2740,['CWE-189'],"int sctp_auth_set_key(struct sctp_endpoint *ep, struct sctp_association *asoc, struct sctp_authkey *auth_key) { struct sctp_shared_key *cur_key = NULL; struct sctp_auth_bytes *key; struct list_head *sh_keys; int replace = 0; if (asoc) sh_keys = &asoc->endpoint_shared_keys; else sh_keys = &ep->endpoint_shared_keys; key_for_each(cur_key, sh_keys) { if (cur_key->key_id == auth_key->sca_keynumber) { replace = 1; break; } } if (!replace) { cur_key = sctp_auth_shkey_create(auth_key->sca_keynumber, GFP_KERNEL); if (!cur_key) return -ENOMEM; } key = sctp_auth_create_key(auth_key->sca_keylength, GFP_KERNEL); if (!key) goto nomem; memcpy(key->data, &auth_key->sca_key[0], auth_key->sca_keylength); if (replace) sctp_auth_key_put(cur_key->key); else list_add(&cur_key->key_list, sh_keys); cur_key->key = key; sctp_auth_key_hold(key); return 0; nomem: if (!replace) sctp_auth_shkey_free(cur_key); return -ENOMEM; }",linux-2.6,,,168467436750660162515484724025334390910,0 1395,CWE-310,"static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_blkcipher rblkcipher; snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""ablkcipher""); snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", alg->cra_ablkcipher.geniv ?: """"); rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize; rblkcipher.ivsize = alg->cra_ablkcipher.ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, sizeof(struct crypto_report_blkcipher), &rblkcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/ablkcipher.c,https://github.com/torvalds/linux,148442488089788,1 2066,['CWE-269'],"struct vfsmount *alloc_vfsmnt(const char *name) { struct vfsmount *mnt = kmem_cache_zalloc(mnt_cache, GFP_KERNEL); if (mnt) { atomic_set(&mnt->mnt_count, 1); INIT_LIST_HEAD(&mnt->mnt_hash); INIT_LIST_HEAD(&mnt->mnt_child); INIT_LIST_HEAD(&mnt->mnt_mounts); INIT_LIST_HEAD(&mnt->mnt_list); INIT_LIST_HEAD(&mnt->mnt_expire); INIT_LIST_HEAD(&mnt->mnt_share); INIT_LIST_HEAD(&mnt->mnt_slave_list); INIT_LIST_HEAD(&mnt->mnt_slave); if (name) { int size = strlen(name) + 1; char *newname = kmalloc(size, GFP_KERNEL); if (newname) { memcpy(newname, name, size); mnt->mnt_devname = newname; } } } return mnt; }",linux-2.6,,,102289785387850028143460086560712136799,0 2264,['CWE-120'],"asmlinkage long sys_mknod(const char __user *filename, int mode, unsigned dev) { return sys_mknodat(AT_FDCWD, filename, mode, dev); }",linux-2.6,,,92630951168071625374286366289309767997,0 6107,['CWE-200'],"static void cbq_destroy_class(struct Qdisc *sch, struct cbq_class *cl) { struct cbq_sched_data *q = qdisc_priv(sch); BUG_TRAP(!cl->filters); cbq_destroy_filters(cl); qdisc_destroy(cl->q); qdisc_put_rtab(cl->R_tab); #ifdef CONFIG_NET_ESTIMATOR gen_kill_estimator(&cl->bstats, &cl->rate_est); #endif if (cl != &q->link) kfree(cl); }",linux-2.6,,,234074543190253097028806896693460790300,0 4224,CWE-74,"static bool meta_set(RAnal *a, RAnalMetaType type, int subtype, ut64 from, ut64 to, const char *str) { if (to < from) { return false; } RSpace *space = r_spaces_current (&a->meta_spaces); RIntervalNode *node = find_node_at (a, type, space, from); RAnalMetaItem *item = node ? node->data : R_NEW0 (RAnalMetaItem); if (!item) { return false; } item->type = type; item->subtype = subtype; item->space = space; free (item->str); item->str = str ? strdup (str) : NULL; if (str && !item->str) { if (!node) { free (item); } return false; } R_DIRTY (a); if (!node) { r_interval_tree_insert (&a->meta, from, to, item); } else if (node->end != to) { r_interval_tree_resize (&a->meta, node, from, to); } return true; }",visit repo url,libr/anal/meta.c,https://github.com/radareorg/radare2,6006027260236,1 1010,['CWE-94'],"static long do_splice_to(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { int ret; if (unlikely(!in->f_op || !in->f_op->splice_read)) return -EINVAL; if (unlikely(!(in->f_mode & FMODE_READ))) return -EBADF; ret = rw_verify_area(READ, in, ppos, len); if (unlikely(ret < 0)) return ret; return in->f_op->splice_read(in, ppos, pipe, len, flags); }",linux-2.6,,,159840396015582902325406886969258967649,0 3172,['CWE-189'],"static int jpc_dec_process_sot(jpc_dec_t *dec, jpc_ms_t *ms) { jpc_dec_tile_t *tile; jpc_sot_t *sot = &ms->parms.sot; jas_image_cmptparm_t *compinfos; jas_image_cmptparm_t *compinfo; jpc_dec_cmpt_t *cmpt; int cmptno; if (dec->state == JPC_MH) { compinfos = jas_alloc2(dec->numcomps, sizeof(jas_image_cmptparm_t)); assert(compinfos); for (cmptno = 0, cmpt = dec->cmpts, compinfo = compinfos; cmptno < dec->numcomps; ++cmptno, ++cmpt, ++compinfo) { compinfo->tlx = 0; compinfo->tly = 0; compinfo->prec = cmpt->prec; compinfo->sgnd = cmpt->sgnd; compinfo->width = cmpt->width; compinfo->height = cmpt->height; compinfo->hstep = cmpt->hstep; compinfo->vstep = cmpt->vstep; } if (!(dec->image = jas_image_create(dec->numcomps, compinfos, JAS_CLRSPC_UNKNOWN))) { return -1; } jas_free(compinfos); if (dec->ppmstab) { if (!(dec->pkthdrstreams = jpc_ppmstabtostreams(dec->ppmstab))) { abort(); } jpc_ppxstab_destroy(dec->ppmstab); dec->ppmstab = 0; } } if (sot->len > 0) { dec->curtileendoff = jas_stream_getrwcount(dec->in) - ms->len - 4 + sot->len; } else { dec->curtileendoff = 0; } if (JAS_CAST(int, sot->tileno) >= dec->numtiles) { jas_eprintf(""invalid tile number in SOT marker segment\n""); return -1; } dec->curtile = &dec->tiles[sot->tileno]; tile = dec->curtile; if (sot->partno != tile->partno) { return -1; } if (tile->numparts > 0 && sot->partno >= tile->numparts) { return -1; } if (!tile->numparts && sot->numparts > 0) { tile->numparts = sot->numparts; } tile->pptstab = 0; switch (tile->state) { case JPC_TILE_INIT: tile->state = JPC_TILE_ACTIVE; assert(!tile->cp); if (!(tile->cp = jpc_dec_cp_copy(dec->cp))) { return -1; } jpc_dec_cp_resetflags(dec->cp); break; default: if (sot->numparts == sot->partno - 1) { tile->state = JPC_TILE_ACTIVELAST; } break; } dec->state = JPC_TPH; return 0; }",jasper,,,110822854864429101088274087181706653881,0 1874,CWE-416,"void unlink_anon_vmas(struct vm_area_struct *vma) { struct anon_vma_chain *avc, *next; struct anon_vma *root = NULL; list_for_each_entry_safe(avc, next, &vma->anon_vma_chain, same_vma) { struct anon_vma *anon_vma = avc->anon_vma; root = lock_anon_vma_root(root, anon_vma); anon_vma_interval_tree_remove(avc, &anon_vma->rb_root); if (RB_EMPTY_ROOT(&anon_vma->rb_root.rb_root)) { anon_vma->parent->degree--; continue; } list_del(&avc->same_vma); anon_vma_chain_free(avc); } if (vma->anon_vma) { vma->anon_vma->degree--; vma->anon_vma = NULL; } unlock_anon_vma_root(root); list_for_each_entry_safe(avc, next, &vma->anon_vma_chain, same_vma) { struct anon_vma *anon_vma = avc->anon_vma; VM_WARN_ON(anon_vma->degree); put_anon_vma(anon_vma); list_del(&avc->same_vma); anon_vma_chain_free(avc); } }",visit repo url,mm/rmap.c,https://github.com/torvalds/linux,202998594585367,1 6348,CWE-787,"image_load_gif(image_t *img, FILE *fp, int gray, int load_data) { uchar buf[1024]; gif_cmap_t cmap; int ncolors, transparent; fread(buf, 13, 1, fp); img->width = (buf[7] << 8) | buf[6]; img->height = (buf[9] << 8) | buf[8]; ncolors = 2 << (buf[10] & 0x07); if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767) return (-1); if (Encryption) img->use ++; if (buf[10] & GIF_COLORMAP) if (gif_read_cmap(fp, ncolors, cmap, &gray)) return (-1); transparent = -1; while (1) { switch (getc(fp)) { case ';' : return (-1); case '!' : buf[0] = (uchar)getc(fp); if (buf[0] == 0xf9) { gif_get_block(fp, buf); if (buf[0] & 1) transparent = buf[3]; } while (gif_get_block(fp, buf) != 0); break; case ',' : fread(buf, 9, 1, fp); if (buf[8] & GIF_COLORMAP) { ncolors = 2 << (buf[8] & 0x07); if (gif_read_cmap(fp, ncolors, cmap, &gray)) return (-1); } if (transparent >= 0) { if (BodyColor[0]) { float rgb[3]; get_color((uchar *)BodyColor, rgb); cmap[transparent][0] = (uchar)(rgb[0] * 255.0f + 0.5f); cmap[transparent][1] = (uchar)(rgb[1] * 255.0f + 0.5f); cmap[transparent][2] = (uchar)(rgb[2] * 255.0f + 0.5f); } else { cmap[transparent][0] = 255; cmap[transparent][1] = 255; cmap[transparent][2] = 255; } image_need_mask(img); } img->width = (buf[5] << 8) | buf[4]; img->height = (buf[7] << 8) | buf[6]; img->depth = gray ? 1 : 3; if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767) return (-1); if (!load_data) return (0); img->pixels = (uchar *)malloc((size_t)(img->width * img->height * img->depth)); if (img->pixels == NULL) return (-1); return (gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE, transparent)); } } }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,127173774018196,1 6349,CWE-787,"image_set_mask(image_t *img, int x, int y, uchar alpha) { int i, j; uchar *maskptr; static uchar masks[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; static uchar dither[4][4] = { { 0, 2, 15, 6 }, { 4, 12, 9, 11 }, { 14, 7, 1, 3 }, { 8, 10, 5, 13 } }; if (img == NULL || img->mask == NULL || x < 0 || x >= img->width || y < 0 || y > img->height) return; if (img->maskscale == 8) { if (PSLevel) img->mask[y * img->maskwidth + x] = 255 - alpha; else img->mask[y * img->maskwidth + x] = alpha; } else { x *= img->maskscale; y *= img->maskscale; alpha >>= 4; for (i = 0; i < img->maskscale; i ++, y ++, x -= img->maskscale) for (j = 0; j < img->maskscale; j ++, x ++) { maskptr = img->mask + y * img->maskwidth + x / 8; if (alpha <= dither[x & 3][y & 3]) *maskptr |= masks[x & 7]; } } }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,266868205660717,1 698,[],"static int jpc_poc_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_poc_t *poc = &ms->parms.poc; jpc_pocpchg_t *pchg; int pchgno; uint_fast8_t tmp; poc->numpchgs = (cstate->numcomps > 256) ? (ms->len / 9) : (ms->len / 7); if (!(poc->pchgs = jas_alloc2(poc->numpchgs, sizeof(jpc_pocpchg_t)))) { goto error; } for (pchgno = 0, pchg = poc->pchgs; pchgno < poc->numpchgs; ++pchgno, ++pchg) { if (jpc_getuint8(in, &pchg->rlvlnostart)) { goto error; } if (cstate->numcomps > 256) { if (jpc_getuint16(in, &pchg->compnostart)) { goto error; } } else { if (jpc_getuint8(in, &tmp)) { goto error; }; pchg->compnostart = tmp; } if (jpc_getuint16(in, &pchg->lyrnoend) || jpc_getuint8(in, &pchg->rlvlnoend)) { goto error; } if (cstate->numcomps > 256) { if (jpc_getuint16(in, &pchg->compnoend)) { goto error; } } else { if (jpc_getuint8(in, &tmp)) { goto error; } pchg->compnoend = tmp; } if (jpc_getuint8(in, &pchg->prgord)) { goto error; } if (pchg->rlvlnostart > pchg->rlvlnoend || pchg->compnostart > pchg->compnoend) { goto error; } } return 0; error: jpc_poc_destroyparms(ms); return -1; }",jasper,,,293082664809773905507862438467430693793,0 2107,[],"int udp_rcv(struct sk_buff *skb) { return __udp4_lib_rcv(skb, udp_hash, IPPROTO_UDP); }",linux-2.6,,,75908295363120966526441118156551972546,0 5889,['CWE-200'],"static int nr_info_open(struct inode *inode, struct file *file) { return seq_open(file, &nr_info_seqops); }",linux-2.6,,,220211200476118195777737309427693497368,0 2311,CWE-189,"pango_glyph_string_set_size (PangoGlyphString *string, gint new_len) { g_return_if_fail (new_len >= 0); while (new_len > string->space) { if (string->space == 0) string->space = 1; else string->space *= 2; if (string->space < 0) { g_warning (""glyph string length overflows maximum integer size, truncated""); new_len = string->space = G_MAXINT - 8; } } string->glyphs = g_realloc (string->glyphs, string->space * sizeof (PangoGlyphInfo)); string->log_clusters = g_realloc (string->log_clusters, string->space * sizeof (gint)); string->num_glyphs = new_len; }",visit repo url,pango/glyphstring.c,https://github.com/bratsche/pango,216265889567989,1 4649,['CWE-399'],"ext4_readpages(struct file *file, struct address_space *mapping, struct list_head *pages, unsigned nr_pages) { return mpage_readpages(mapping, pages, nr_pages, ext4_get_block); }",linux-2.6,,,139793074965310851836275054582425969857,0 5866,['CWE-200'],"static int nr_info_show(struct seq_file *seq, void *v) { struct sock *s = v; struct net_device *dev; struct nr_sock *nr; const char *devname; char buf[11]; if (v == SEQ_START_TOKEN) seq_puts(seq, ""user_addr dest_node src_node dev my your st vs vr va t1 t2 t4 idle n2 wnd Snd-Q Rcv-Q inode\n""); else { bh_lock_sock(s); nr = nr_sk(s); if ((dev = nr->device) == NULL) devname = ""???""; else devname = dev->name; seq_printf(seq, ""%-9s "", ax2asc(buf, &nr->user_addr)); seq_printf(seq, ""%-9s "", ax2asc(buf, &nr->dest_addr)); seq_printf(seq, ""%-9s %-3s %02X/%02X %02X/%02X %2d %3d %3d %3d %3lu/%03lu %2lu/%02lu %3lu/%03lu %3lu/%03lu %2d/%02d %3d %5d %5d %ld\n"", ax2asc(buf, &nr->source_addr), devname, nr->my_index, nr->my_id, nr->your_index, nr->your_id, nr->state, nr->vs, nr->vr, nr->va, ax25_display_timer(&nr->t1timer) / HZ, nr->t1 / HZ, ax25_display_timer(&nr->t2timer) / HZ, nr->t2 / HZ, ax25_display_timer(&nr->t4timer) / HZ, nr->t4 / HZ, ax25_display_timer(&nr->idletimer) / (60 * HZ), nr->idle / (60 * HZ), nr->n2count, nr->n2, nr->window, sk_wmem_alloc_get(s), sk_rmem_alloc_get(s), s->sk_socket ? SOCK_INODE(s->sk_socket)->i_ino : 0L); bh_unlock_sock(s); } return 0; }",linux-2.6,,,148845672618761504812764865410313531752,0 894,CWE-20,"static int vmci_transport_dgram_dequeue(struct kiocb *kiocb, struct vsock_sock *vsk, struct msghdr *msg, size_t len, int flags) { int err; int noblock; struct vmci_datagram *dg; size_t payload_len; struct sk_buff *skb; noblock = flags & MSG_DONTWAIT; if (flags & MSG_OOB || flags & MSG_ERRQUEUE) return -EOPNOTSUPP; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); if (err) return err; if (!skb) return -EAGAIN; dg = (struct vmci_datagram *)skb->data; if (!dg) goto out; payload_len = dg->payload_size; if (payload_len != skb->len - sizeof(*dg)) { err = -EINVAL; goto out; } if (payload_len > len) { payload_len = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, sizeof(*dg), msg->msg_iov, payload_len); if (err) goto out; if (msg->msg_name) { struct sockaddr_vm *vm_addr; vm_addr = (struct sockaddr_vm *)msg->msg_name; vsock_addr_init(vm_addr, dg->src.context, dg->src.resource); msg->msg_namelen = sizeof(*vm_addr); } err = payload_len; out: skb_free_datagram(&vsk->sk, skb); return err; }",visit repo url,net/vmw_vsock/vmci_transport.c,https://github.com/torvalds/linux,147465821146213,1 5503,['CWE-119'],"parse_tag_67_packet(struct ecryptfs_key_record *key_rec, struct ecryptfs_message *msg) { size_t i = 0; char *data; size_t data_len; size_t message_len; int rc; message_len = msg->data_len; data = msg->data; if (message_len < 4) { rc = -EIO; printk(KERN_ERR ""%s: message_len is [%zd]; minimum acceptable "" ""message length is [%d]\n"", __func__, message_len, 4); goto out; } if (data[i++] != ECRYPTFS_TAG_67_PACKET_TYPE) { rc = -EIO; printk(KERN_ERR ""%s: Type should be ECRYPTFS_TAG_67\n"", __func__); goto out; } if (data[i++]) { rc = -EIO; printk(KERN_ERR ""%s: Status indicator has non zero "" ""value [%d]\n"", __func__, data[i-1]); goto out; } rc = ecryptfs_parse_packet_length(&data[i], &key_rec->enc_key_size, &data_len); if (rc) { ecryptfs_printk(KERN_WARNING, ""Error parsing packet length; "" ""rc = [%d]\n"", rc); goto out; } i += data_len; if (message_len < (i + key_rec->enc_key_size)) { rc = -EIO; printk(KERN_ERR ""%s: message_len [%zd]; max len is [%zd]\n"", __func__, message_len, (i + key_rec->enc_key_size)); goto out; } if (key_rec->enc_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { rc = -EIO; printk(KERN_ERR ""%s: Encrypted key_size [%zd] larger than "" ""the maximum key size [%d]\n"", __func__, key_rec->enc_key_size, ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); goto out; } memcpy(key_rec->enc_key, &data[i], key_rec->enc_key_size); out: return rc; }",linux-2.6,,,207105553628945553197357235826521255817,0 5011,CWE-787,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 5779,['CWE-200']," __acquires(rose_list_lock) { int i; struct sock *s; struct hlist_node *node; spin_lock_bh(&rose_list_lock); if (*pos == 0) return SEQ_START_TOKEN; i = 1; sk_for_each(s, node, &rose_list) { if (i == *pos) return s; ++i; } return NULL; }",linux-2.6,,,334601298127385779173404516459835119214,0 2663,[],"unsigned int sctp_poll(struct file *file, struct socket *sock, poll_table *wait) { struct sock *sk = sock->sk; struct sctp_sock *sp = sctp_sk(sk); unsigned int mask; poll_wait(file, sk->sk_sleep, wait); if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) return (!list_empty(&sp->ep->asocs)) ? (POLLIN | POLLRDNORM) : 0; mask = 0; if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue)) mask |= POLLERR; if (sk->sk_shutdown & RCV_SHUTDOWN) mask |= POLLRDHUP; if (sk->sk_shutdown == SHUTDOWN_MASK) mask |= POLLHUP; if (!skb_queue_empty(&sk->sk_receive_queue) || (sk->sk_shutdown & RCV_SHUTDOWN)) mask |= POLLIN | POLLRDNORM; if (!sctp_style(sk, UDP) && sctp_sstate(sk, CLOSED)) return mask; if (sctp_writeable(sk)) { mask |= POLLOUT | POLLWRNORM; } else { set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags); if (sctp_writeable(sk)) mask |= POLLOUT | POLLWRNORM; } return mask; }",linux-2.6,,,309288661643253340605398324905228154905,0 4834,CWE-415,"int sc_file_set_sec_attr(sc_file_t *file, const u8 *sec_attr, size_t sec_attr_len) { u8 *tmp; if (!sc_file_valid(file)) { return SC_ERROR_INVALID_ARGUMENTS; } if (sec_attr == NULL) { if (file->sec_attr != NULL) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return 0; } tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); if (!tmp) { if (file->sec_attr) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; return 0; }",visit repo url,src/libopensc/sc.c,https://github.com/OpenSC/OpenSC,171861329616562,1 6105,['CWE-200'],"static void tunnel_recycle(struct rsvp_head *data) { struct rsvp_session **sht = data->ht; u32 tmap[256/32]; int h1, h2; memset(tmap, 0, sizeof(tmap)); for (h1=0; h1<256; h1++) { struct rsvp_session *s; for (s = sht[h1]; s; s = s->next) { for (h2=0; h2<=16; h2++) { struct rsvp_filter *f; for (f = s->ht[h2]; f; f = f->next) { if (f->tunnelhdr == 0) continue; data->tgenerator = f->res.classid; tunnel_bts(data); } } } } memcpy(data->tmap, tmap, sizeof(tmap)); }",linux-2.6,,,306461268121627384778712476693354788697,0 2654,[],"SCTP_STATIC int sctp_ioctl(struct sock *sk, int cmd, unsigned long arg) { return -ENOIOCTLCMD; }",linux-2.6,,,116284944591314221497134754396193499746,0 4469,['CWE-264'],"u_long dma_master(struct s_smc * smc, void *virt, int len, int flag) { return (smc->os.SharedMemDMA + ((char *) virt - (char *)smc->os.SharedMemAddr)); } ",linux-2.6,,,52576908718928719591467503476624329356,0 2016,CWE-362,"static void clear_evtchn_to_irq_row(unsigned row) { unsigned col; for (col = 0; col < EVTCHN_PER_ROW; col++) evtchn_to_irq[row][col] = -1; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,272758822395205,1 5519,CWE-125,"ast2obj_expr(void* _o) { expr_ty o = (expr_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case BoolOp_kind: result = PyType_GenericNew(BoolOp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_boolop(o->v.BoolOp.op); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_op, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.BoolOp.values, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_values, value) == -1) goto failed; Py_DECREF(value); break; case BinOp_kind: result = PyType_GenericNew(BinOp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.BinOp.left); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_left, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_operator(o->v.BinOp.op); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_op, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.BinOp.right); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_right, value) == -1) goto failed; Py_DECREF(value); break; case UnaryOp_kind: result = PyType_GenericNew(UnaryOp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_unaryop(o->v.UnaryOp.op); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_op, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.UnaryOp.operand); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_operand, value) == -1) goto failed; Py_DECREF(value); break; case Lambda_kind: result = PyType_GenericNew(Lambda_type, NULL, NULL); if (!result) goto failed; value = ast2obj_arguments(o->v.Lambda.args); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Lambda.body); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; case IfExp_kind: result = PyType_GenericNew(IfExp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.IfExp.test); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_test, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.IfExp.body); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.IfExp.orelse); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); break; case Dict_kind: result = PyType_GenericNew(Dict_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Dict.keys, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_keys, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Dict.values, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_values, value) == -1) goto failed; Py_DECREF(value); break; case Set_kind: result = PyType_GenericNew(Set_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Set.elts, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elts, value) == -1) goto failed; Py_DECREF(value); break; case ListComp_kind: result = PyType_GenericNew(ListComp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.ListComp.elt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elt, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ListComp.generators, ast2obj_comprehension); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_generators, value) == -1) goto failed; Py_DECREF(value); break; case SetComp_kind: result = PyType_GenericNew(SetComp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.SetComp.elt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elt, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.SetComp.generators, ast2obj_comprehension); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_generators, value) == -1) goto failed; Py_DECREF(value); break; case DictComp_kind: result = PyType_GenericNew(DictComp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.DictComp.key); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_key, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.DictComp.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.DictComp.generators, ast2obj_comprehension); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_generators, value) == -1) goto failed; Py_DECREF(value); break; case GeneratorExp_kind: result = PyType_GenericNew(GeneratorExp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.GeneratorExp.elt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elt, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.GeneratorExp.generators, ast2obj_comprehension); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_generators, value) == -1) goto failed; Py_DECREF(value); break; case Await_kind: result = PyType_GenericNew(Await_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Await.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Yield_kind: result = PyType_GenericNew(Yield_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Yield.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case YieldFrom_kind: result = PyType_GenericNew(YieldFrom_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.YieldFrom.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Compare_kind: result = PyType_GenericNew(Compare_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Compare.left); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_left, value) == -1) goto failed; Py_DECREF(value); { Py_ssize_t i, n = asdl_seq_LEN(o->v.Compare.ops); value = PyList_New(n); if (!value) goto failed; for(i = 0; i < n; i++) PyList_SET_ITEM(value, i, ast2obj_cmpop((cmpop_ty)asdl_seq_GET(o->v.Compare.ops, i))); } if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ops, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Compare.comparators, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_comparators, value) == -1) goto failed; Py_DECREF(value); break; case Call_kind: result = PyType_GenericNew(Call_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Call.func); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_func, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Call.args, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Call.keywords, ast2obj_keyword); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_keywords, value) == -1) goto failed; Py_DECREF(value); break; case Num_kind: result = PyType_GenericNew(Num_type, NULL, NULL); if (!result) goto failed; value = ast2obj_object(o->v.Num.n); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_n, value) == -1) goto failed; Py_DECREF(value); break; case Str_kind: result = PyType_GenericNew(Str_type, NULL, NULL); if (!result) goto failed; value = ast2obj_string(o->v.Str.s); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_s, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.Str.kind); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_kind, value) == -1) goto failed; Py_DECREF(value); break; case FormattedValue_kind: result = PyType_GenericNew(FormattedValue_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.FormattedValue.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_int(o->v.FormattedValue.conversion); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_conversion, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.FormattedValue.format_spec); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_format_spec, value) == -1) goto failed; Py_DECREF(value); break; case JoinedStr_kind: result = PyType_GenericNew(JoinedStr_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.JoinedStr.values, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_values, value) == -1) goto failed; Py_DECREF(value); break; case Bytes_kind: result = PyType_GenericNew(Bytes_type, NULL, NULL); if (!result) goto failed; value = ast2obj_bytes(o->v.Bytes.s); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_s, value) == -1) goto failed; Py_DECREF(value); break; case NameConstant_kind: result = PyType_GenericNew(NameConstant_type, NULL, NULL); if (!result) goto failed; value = ast2obj_singleton(o->v.NameConstant.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Ellipsis_kind: result = PyType_GenericNew(Ellipsis_type, NULL, NULL); if (!result) goto failed; break; case Constant_kind: result = PyType_GenericNew(Constant_type, NULL, NULL); if (!result) goto failed; value = ast2obj_constant(o->v.Constant.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Attribute_kind: result = PyType_GenericNew(Attribute_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Attribute.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_identifier(o->v.Attribute.attr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_attr, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Attribute.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case Subscript_kind: result = PyType_GenericNew(Subscript_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Subscript.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_slice(o->v.Subscript.slice); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_slice, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Subscript.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case Starred_kind: result = PyType_GenericNew(Starred_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Starred.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Starred.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case Name_kind: result = PyType_GenericNew(Name_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.Name.id); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_id, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Name.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case List_kind: result = PyType_GenericNew(List_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.List.elts, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elts, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.List.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case Tuple_kind: result = PyType_GenericNew(Tuple_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Tuple.elts, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elts, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Tuple.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; } value = ast2obj_int(o->lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) < 0) goto failed; Py_DECREF(value); value = ast2obj_int(o->col_offset); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_col_offset, value) < 0) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,112324066274021,1 2449,['CWE-119'],"static void fill_print_name(struct diffstat_file *file) { char *pname; if (file->print_name) return; if (!file->is_renamed) { struct strbuf buf; strbuf_init(&buf, 0); if (quote_c_style(file->name, &buf, NULL, 0)) { pname = strbuf_detach(&buf, NULL); } else { pname = file->name; strbuf_release(&buf); } } else { pname = pprint_rename(file->from_name, file->name); } file->print_name = pname; }",git,,,227413634891749134117558249927344871514,0 2383,CWE-252,"static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) { if (cid != ctx->cid) { const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid); if (!cid_table) { av_log(ctx->avctx, AV_LOG_ERROR, ""unsupported cid %""PRIu32""\n"", cid); return AVERROR(ENOSYS); } if (cid_table->bit_depth != bitdepth && cid_table->bit_depth != DNXHD_VARIABLE) { av_log(ctx->avctx, AV_LOG_ERROR, ""bit depth mismatches %d %d\n"", cid_table->bit_depth, bitdepth); return AVERROR_INVALIDDATA; } ctx->cid_table = cid_table; av_log(ctx->avctx, AV_LOG_VERBOSE, ""Profile cid %""PRIu32"".\n"", cid); ff_free_vlc(&ctx->ac_vlc); ff_free_vlc(&ctx->dc_vlc); ff_free_vlc(&ctx->run_vlc); init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257, ctx->cid_table->ac_bits, 1, 1, ctx->cid_table->ac_codes, 2, 2, 0); init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, ctx->cid_table->dc_bits, 1, 1, ctx->cid_table->dc_codes, 1, 1, 0); init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62, ctx->cid_table->run_bits, 1, 1, ctx->cid_table->run_codes, 2, 2, 0); ctx->cid = cid; } return 0; }",visit repo url,libavcodec/dnxhddec.c,https://github.com/FFmpeg/FFmpeg,115056451307752,1 4782,CWE-119,"static int tcos_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { sc_context_t *ctx; sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; unsigned int i; int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x04); switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) return SC_ERROR_INVALID_ARGUMENTS; case SC_PATH_TYPE_FROM_CURRENT: apdu.p1 = 9; break; case SC_PATH_TYPE_DF_NAME: apdu.p1 = 4; break; case SC_PATH_TYPE_PATH: apdu.p1 = 8; if (pathlen >= 2 && memcmp(path, ""\x3F\x00"", 2) == 0) path += 2, pathlen -= 2; if (pathlen == 0) apdu.p1 = 0; break; case SC_PATH_TYPE_PARENT: apdu.p1 = 3; pathlen = 0; break; default: SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; apdu.lc = pathlen; apdu.data = path; apdu.datalen = pathlen; if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); apdu.le = 256; } else { apdu.resplen = 0; apdu.le = 0; apdu.p2 = 0x0C; apdu.cse = (pathlen == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; } r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, ""APDU transmit failed""); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""received invalid template %02X\n"", apdu.resp[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); *file_out = file; file->path = *in_path; for(i=2; i+1size=0; for(j=0; jsize = (file->size<<8) | d[j]; break; case 0x82: file->shareable = (d[0] & 0x40) ? 1 : 0; file->ef_structure = d[0] & 7; switch ((d[0]>>3) & 7) { case 0: file->type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""invalid file type %02X in file descriptor\n"", d[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: file->id = (d[0]<<8) | d[1]; break; case 0x84: memcpy(file->name, d, len); file->namelen = len; break; case 0x86: sc_file_set_sec_attr(file, d, len); break; default: if (len>0) sc_file_set_prop_attr(file, d, len); } } file->magic = SC_FILE_MAGIC; parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len); return 0; }",visit repo url,src/libopensc/card-tcos.c,https://github.com/OpenSC/OpenSC,13139987058975,1 1607,[],"find_idlest_group(struct sched_domain *sd, struct task_struct *p, int this_cpu) { struct sched_group *idlest = NULL, *this = NULL, *group = sd->groups; unsigned long min_load = ULONG_MAX, this_load = 0; int load_idx = sd->forkexec_idx; int imbalance = 100 + (sd->imbalance_pct-100)/2; do { unsigned long load, avg_load; int local_group; int i; if (!cpus_intersects(group->cpumask, p->cpus_allowed)) continue; local_group = cpu_isset(this_cpu, group->cpumask); avg_load = 0; for_each_cpu_mask(i, group->cpumask) { if (local_group) load = source_load(i, load_idx); else load = target_load(i, load_idx); avg_load += load; } avg_load = sg_div_cpu_power(group, avg_load * SCHED_LOAD_SCALE); if (local_group) { this_load = avg_load; this = group; } else if (avg_load < min_load) { min_load = avg_load; idlest = group; } } while (group = group->next, group != sd->groups); if (!idlest || 100*this_load < imbalance*min_load) return NULL; return idlest; }",linux-2.6,,,247678703076140226004490684718528020616,0 5661,['CWE-476'],"static int udpv6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len) { struct ipv6_txoptions opt_space; struct udp_sock *up = udp_sk(sk); struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) msg->msg_name; struct in6_addr *daddr, *final_p = NULL, final; struct ipv6_txoptions *opt = NULL; struct ip6_flowlabel *flowlabel = NULL; struct flowi fl; struct dst_entry *dst; int addr_len = msg->msg_namelen; int ulen = len; int hlimit = -1; int tclass = -1; int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; int err; int connected = 0; if (sin6) { if (addr_len < offsetof(struct sockaddr, sa_data)) return -EINVAL; switch (sin6->sin6_family) { case AF_INET6: if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; daddr = &sin6->sin6_addr; break; case AF_INET: goto do_udp_sendmsg; case AF_UNSPEC: msg->msg_name = sin6 = NULL; msg->msg_namelen = addr_len = 0; daddr = NULL; break; default: return -EINVAL; } } else if (!up->pending) { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; daddr = &np->daddr; } else daddr = NULL; if (daddr) { if (ipv6_addr_type(daddr) == IPV6_ADDR_MAPPED) { struct sockaddr_in sin; sin.sin_family = AF_INET; sin.sin_port = sin6 ? sin6->sin6_port : inet->dport; sin.sin_addr.s_addr = daddr->s6_addr32[3]; msg->msg_name = &sin; msg->msg_namelen = sizeof(sin); do_udp_sendmsg: if (__ipv6_only_sock(sk)) return -ENETUNREACH; return udp_sendmsg(iocb, sk, msg, len); } } if (up->pending == AF_INET) return udp_sendmsg(iocb, sk, msg, len); if (len > INT_MAX - sizeof(struct udphdr)) return -EMSGSIZE; if (up->pending) { lock_sock(sk); if (likely(up->pending)) { if (unlikely(up->pending != AF_INET6)) { release_sock(sk); return -EAFNOSUPPORT; } dst = NULL; goto do_append_data; } release_sock(sk); } ulen += sizeof(struct udphdr); memset(&fl, 0, sizeof(fl)); if (sin6) { if (sin6->sin6_port == 0) return -EINVAL; fl.fl_ip_dport = sin6->sin6_port; daddr = &sin6->sin6_addr; if (np->sndflow) { fl.fl6_flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK; if (fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) { flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel); if (flowlabel == NULL) return -EINVAL; daddr = &flowlabel->dst; } } if (sk->sk_state == TCP_ESTABLISHED && ipv6_addr_equal(daddr, &np->daddr)) daddr = &np->daddr; if (addr_len >= sizeof(struct sockaddr_in6) && sin6->sin6_scope_id && ipv6_addr_type(daddr)&IPV6_ADDR_LINKLOCAL) fl.oif = sin6->sin6_scope_id; } else { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; fl.fl_ip_dport = inet->dport; daddr = &np->daddr; fl.fl6_flowlabel = np->flow_label; connected = 1; } if (!fl.oif) fl.oif = sk->sk_bound_dev_if; if (msg->msg_controllen) { opt = &opt_space; memset(opt, 0, sizeof(struct ipv6_txoptions)); opt->tot_len = sizeof(*opt); err = datagram_send_ctl(msg, &fl, opt, &hlimit, &tclass); if (err < 0) { fl6_sock_release(flowlabel); return err; } if ((fl.fl6_flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) { flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel); if (flowlabel == NULL) return -EINVAL; } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; connected = 0; } if (opt == NULL) opt = np->opt; if (flowlabel) opt = fl6_merge_options(&opt_space, flowlabel, opt); opt = ipv6_fixup_options(&opt_space, opt); fl.proto = IPPROTO_UDP; ipv6_addr_copy(&fl.fl6_dst, daddr); if (ipv6_addr_any(&fl.fl6_src) && !ipv6_addr_any(&np->saddr)) ipv6_addr_copy(&fl.fl6_src, &np->saddr); fl.fl_ip_sport = inet->sport; if (opt && opt->srcrt) { struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; ipv6_addr_copy(&final, &fl.fl6_dst); ipv6_addr_copy(&fl.fl6_dst, rt0->addr); final_p = &final; connected = 0; } if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) { fl.oif = np->mcast_oif; connected = 0; } security_sk_classify_flow(sk, &fl); err = ip6_sk_dst_lookup(sk, &dst, &fl); if (err) goto out; if (final_p) ipv6_addr_copy(&fl.fl6_dst, final_p); if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) goto out; if (hlimit < 0) { if (ipv6_addr_is_multicast(&fl.fl6_dst)) hlimit = np->mcast_hops; else hlimit = np->hop_limit; if (hlimit < 0) hlimit = dst_metric(dst, RTAX_HOPLIMIT); if (hlimit < 0) hlimit = ipv6_get_hoplimit(dst->dev); } if (tclass < 0) { tclass = np->tclass; if (tclass < 0) tclass = 0; } if (msg->msg_flags&MSG_CONFIRM) goto do_confirm; back_from_confirm: lock_sock(sk); if (unlikely(up->pending)) { release_sock(sk); LIMIT_NETDEBUG(KERN_DEBUG ""udp cork app bug 2\n""); err = -EINVAL; goto out; } up->pending = AF_INET6; do_append_data: up->len += ulen; err = ip6_append_data(sk, ip_generic_getfrag, msg->msg_iov, ulen, sizeof(struct udphdr), hlimit, tclass, opt, &fl, (struct rt6_info*)dst, corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags); if (err) udp_v6_flush_pending_frames(sk); else if (!corkreq) err = udp_v6_push_pending_frames(sk, up); else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) up->pending = 0; if (dst) { if (connected) { ip6_dst_store(sk, dst, ipv6_addr_equal(&fl.fl6_dst, &np->daddr) ? &np->daddr : NULL, #ifdef CONFIG_IPV6_SUBTREES ipv6_addr_equal(&fl.fl6_src, &np->saddr) ? &np->saddr : #endif NULL); } else { dst_release(dst); } } if (err > 0) err = np->recverr ? net_xmit_errno(err) : 0; release_sock(sk); out: fl6_sock_release(flowlabel); if (!err) { UDP6_INC_STATS_USER(UDP_MIB_OUTDATAGRAMS); return len; } if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { UDP6_INC_STATS_USER(UDP_MIB_SNDBUFERRORS); } return err; do_confirm: dst_confirm(dst); if (!(msg->msg_flags&MSG_PROBE) || len) goto back_from_confirm; err = 0; goto out; }",linux-2.6,,,125966818098673716701238292244365219297,0 6538,CWE-552,"int main(int argc, char *argv[]) { struct libmnt_table *tb = NULL; char **tabfiles = NULL; int direction = MNT_ITER_FORWARD; int verify = 0; int c, rc = -1, timeout = -1; int ntabfiles = 0, tabtype = 0; char *outarg = NULL; size_t i; int force_tree = 0, istree = 0; struct libscols_table *table = NULL; enum { FINDMNT_OPT_VERBOSE = CHAR_MAX + 1, FINDMNT_OPT_TREE, FINDMNT_OPT_OUTPUT_ALL, FINDMNT_OPT_PSEUDO, FINDMNT_OPT_REAL, FINDMNT_OPT_VFS_ALL, FINDMNT_OPT_SHADOWED, FINDMNT_OPT_DELETED, }; static const struct option longopts[] = { { ""all"", no_argument, NULL, 'A' }, { ""ascii"", no_argument, NULL, 'a' }, { ""bytes"", no_argument, NULL, 'b' }, { ""canonicalize"", no_argument, NULL, 'c' }, { ""deleted"", no_argument, NULL, FINDMNT_OPT_DELETED }, { ""direction"", required_argument, NULL, 'd' }, { ""df"", no_argument, NULL, 'D' }, { ""evaluate"", no_argument, NULL, 'e' }, { ""first-only"", no_argument, NULL, 'f' }, { ""fstab"", no_argument, NULL, 's' }, { ""help"", no_argument, NULL, 'h' }, { ""invert"", no_argument, NULL, 'i' }, { ""json"", no_argument, NULL, 'J' }, { ""kernel"", no_argument, NULL, 'k' }, { ""list"", no_argument, NULL, 'l' }, { ""mountpoint"", required_argument, NULL, 'M' }, { ""mtab"", no_argument, NULL, 'm' }, { ""noheadings"", no_argument, NULL, 'n' }, { ""notruncate"", no_argument, NULL, 'u' }, { ""options"", required_argument, NULL, 'O' }, { ""output"", required_argument, NULL, 'o' }, { ""output-all"", no_argument, NULL, FINDMNT_OPT_OUTPUT_ALL }, { ""poll"", optional_argument, NULL, 'p' }, { ""pairs"", no_argument, NULL, 'P' }, { ""raw"", no_argument, NULL, 'r' }, { ""types"", required_argument, NULL, 't' }, { ""nocanonicalize"", no_argument, NULL, 'C' }, { ""nofsroot"", no_argument, NULL, 'v' }, { ""submounts"", no_argument, NULL, 'R' }, { ""source"", required_argument, NULL, 'S' }, { ""tab-file"", required_argument, NULL, 'F' }, { ""task"", required_argument, NULL, 'N' }, { ""target"", required_argument, NULL, 'T' }, { ""timeout"", required_argument, NULL, 'w' }, { ""uniq"", no_argument, NULL, 'U' }, { ""verify"", no_argument, NULL, 'x' }, { ""version"", no_argument, NULL, 'V' }, { ""verbose"", no_argument, NULL, FINDMNT_OPT_VERBOSE }, { ""tree"", no_argument, NULL, FINDMNT_OPT_TREE }, { ""real"", no_argument, NULL, FINDMNT_OPT_REAL }, { ""pseudo"", no_argument, NULL, FINDMNT_OPT_PSEUDO }, { ""vfs-all"", no_argument, NULL, FINDMNT_OPT_VFS_ALL }, { ""shadowed"", no_argument, NULL, FINDMNT_OPT_SHADOWED }, { NULL, 0, NULL, 0 } }; static const ul_excl_t excl[] = { { 'C', 'c'}, { 'C', 'e' }, { 'J', 'P', 'r','x' }, { 'M', 'T' }, { 'N','k','m','s' }, { 'P','l','r','x' }, { 'p','x' }, { 'm','p','s' }, { FINDMNT_OPT_PSEUDO, FINDMNT_OPT_REAL }, { 0 } }; int excl_st[ARRAY_SIZE(excl)] = UL_EXCL_STATUS_INIT; setlocale(LC_ALL, """"); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); close_stdout_atexit(); flags |= FL_TREE; while ((c = getopt_long(argc, argv, ""AabCcDd:ehiJfF:o:O:p::PklmM:nN:rst:uvRS:T:Uw:Vx"", longopts, NULL)) != -1) { err_exclusive_options(c, longopts, excl, excl_st); switch(c) { case 'A': flags |= FL_ALL; break; case 'a': flags |= FL_ASCII; break; case 'b': flags |= FL_BYTES; break; case 'C': flags |= FL_NOCACHE; break; case 'c': flags |= FL_CANONICALIZE; break; case 'D': flags &= ~FL_TREE; flags |= FL_DF; break; case 'd': if (!strcmp(optarg, ""forward"")) direction = MNT_ITER_FORWARD; else if (!strcmp(optarg, ""backward"")) direction = MNT_ITER_BACKWARD; else errx(EXIT_FAILURE, _(""unknown direction '%s'""), optarg); break; case 'e': flags |= FL_EVALUATE; break; case 'i': flags |= FL_INVERT; break; case 'J': flags |= FL_JSON; break; case 'f': flags |= FL_FIRSTONLY; break; case 'F': tabfiles = append_tabfile(tabfiles, &ntabfiles, optarg); break; case 'u': disable_columns_truncate(); break; case 'o': outarg = optarg; break; case FINDMNT_OPT_OUTPUT_ALL: for (ncolumns = 0; ncolumns < ARRAY_SIZE(infos); ncolumns++) { if (is_tabdiff_column(ncolumns)) continue; columns[ncolumns] = ncolumns; } break; case 'O': set_match(COL_OPTIONS, optarg); break; case 'p': if (optarg) { nactions = string_to_idarray(optarg, actions, ARRAY_SIZE(actions), poll_action_name_to_id); if (nactions < 0) exit(EXIT_FAILURE); } flags |= FL_POLL; flags &= ~FL_TREE; break; case 'P': flags |= FL_EXPORT; flags &= ~FL_TREE; break; case 'm': tabtype = TABTYPE_MTAB; flags &= ~FL_TREE; break; case 's': tabtype = TABTYPE_FSTAB; flags &= ~FL_TREE; break; case 'k': tabtype = TABTYPE_KERNEL; break; case 't': set_match(COL_FSTYPE, optarg); break; case 'r': flags &= ~FL_TREE; flags |= FL_RAW; break; case 'l': flags &= ~FL_TREE; break; case 'n': flags |= FL_NOHEADINGS; break; case 'N': tabtype = TABTYPE_KERNEL; tabfiles = append_pid_tabfile(tabfiles, &ntabfiles, strtou32_or_err(optarg, _(""invalid TID argument""))); break; case 'v': flags |= FL_NOFSROOT; break; case 'R': flags |= FL_SUBMOUNTS; break; case 'S': set_source_match(optarg); flags |= FL_NOSWAPMATCH; break; case 'M': flags |= FL_STRICTTARGET; case 'T': set_match(COL_TARGET, optarg); flags |= FL_NOSWAPMATCH; break; case 'U': flags |= FL_UNIQ; break; case 'w': timeout = strtos32_or_err(optarg, _(""invalid timeout argument"")); break; case 'x': verify = 1; break; case FINDMNT_OPT_VERBOSE: flags |= FL_VERBOSE; break; case FINDMNT_OPT_TREE: force_tree = 1; break; case FINDMNT_OPT_PSEUDO: flags |= FL_PSEUDO; break; case FINDMNT_OPT_REAL: flags |= FL_REAL; break; case FINDMNT_OPT_VFS_ALL: flags |= FL_VFS_ALL; break; case FINDMNT_OPT_SHADOWED: flags |= FL_SHADOWED; break; case FINDMNT_OPT_DELETED: flags |= FL_DELETED; break; case 'h': usage(); case 'V': print_version(EXIT_SUCCESS); default: errtryhelp(EXIT_FAILURE); } } if (!ncolumns && (flags & FL_DF)) { add_column(columns, ncolumns++, COL_SOURCE); add_column(columns, ncolumns++, COL_FSTYPE); add_column(columns, ncolumns++, COL_SIZE); add_column(columns, ncolumns++, COL_USED); add_column(columns, ncolumns++, COL_AVAIL); add_column(columns, ncolumns++, COL_USEPERC); add_column(columns, ncolumns++, COL_TARGET); } if (!ncolumns) { if (flags & FL_POLL) add_column(columns, ncolumns++, COL_ACTION); add_column(columns, ncolumns++, COL_TARGET); add_column(columns, ncolumns++, COL_SOURCE); add_column(columns, ncolumns++, COL_FSTYPE); add_column(columns, ncolumns++, COL_OPTIONS); } if (outarg && string_add_to_idarray(outarg, columns, ARRAY_SIZE(columns), &ncolumns, column_name_to_id) < 0) return EXIT_FAILURE; if (!tabtype) tabtype = verify ? TABTYPE_FSTAB : TABTYPE_KERNEL; if ((flags & FL_POLL) && ntabfiles > 1) errx(EXIT_FAILURE, _(""--poll accepts only one file, but more specified by --tab-file"")); if (optind < argc && (get_match(COL_SOURCE) || get_match(COL_TARGET))) errx(EXIT_FAILURE, _( ""options --target and --source can't be used together "" ""with command line element that is not an option"")); if (optind < argc) set_source_match(argv[optind++]); if (optind < argc) set_match(COL_TARGET, argv[optind++]); if ((flags & FL_SUBMOUNTS) && is_listall_mode()) flags &= ~FL_SUBMOUNTS; if (!(flags & FL_SUBMOUNTS) && ((flags & FL_FIRSTONLY) || get_match(COL_TARGET) || get_match(COL_SOURCE) || get_match(COL_MAJMIN))) flags &= ~FL_TREE; if (!(flags & FL_NOSWAPMATCH) && !get_match(COL_TARGET) && get_match(COL_SOURCE)) { const char *x = get_match(COL_SOURCE); if (!strncmp(x, ""LABEL="", 6) || !strncmp(x, ""UUID="", 5) || !strncmp(x, ""PARTLABEL="", 10) || !strncmp(x, ""PARTUUID="", 9)) flags |= FL_NOSWAPMATCH; } mnt_init_debug(0); tb = parse_tabfiles(tabfiles, ntabfiles, tabtype); if (!tb) goto leave; if (tabtype == TABTYPE_MTAB && tab_is_kernel(tb)) tabtype = TABTYPE_KERNEL; istree = tab_is_tree(tb); if (istree && force_tree) flags |= FL_TREE; if ((flags & FL_TREE) && (ntabfiles > 1 || !istree)) flags &= ~FL_TREE; if (!(flags & FL_NOCACHE)) { cache = mnt_new_cache(); if (!cache) { warn(_(""failed to initialize libmount cache"")); goto leave; } mnt_table_set_cache(tb, cache); if (tabtype != TABTYPE_KERNEL) cache_set_targets(cache); } if (flags & FL_UNIQ) mnt_table_uniq_fs(tb, MNT_UNIQ_KEEPTREE, uniq_fs_target_cmp); if (verify) { rc = verify_table(tb); goto leave; } scols_init_debug(0); table = scols_new_table(); if (!table) { warn(_(""failed to allocate output table"")); goto leave; } scols_table_enable_raw(table, !!(flags & FL_RAW)); scols_table_enable_export(table, !!(flags & FL_EXPORT)); scols_table_enable_json(table, !!(flags & FL_JSON)); scols_table_enable_ascii(table, !!(flags & FL_ASCII)); scols_table_enable_noheadings(table, !!(flags & FL_NOHEADINGS)); if (flags & FL_JSON) scols_table_set_name(table, ""filesystems""); for (i = 0; i < ncolumns; i++) { struct libscols_column *cl; int fl = get_column_flags(i); int id = get_column_id(i); if (!(flags & FL_TREE)) fl &= ~SCOLS_FL_TREE; if (!(flags & FL_POLL) && is_tabdiff_column(id)) { warnx(_(""%s column is requested, but --poll "" ""is not enabled""), get_column_name(i)); goto leave; } cl = scols_table_new_column(table, get_column_name(i), get_column_whint(i), fl); if (!cl) { warn(_(""failed to allocate output column"")); goto leave; } if (fl & SCOLS_FL_WRAP) { scols_column_set_wrapfunc(cl, scols_wrapnl_chunksize, scols_wrapnl_nextchunk, NULL); scols_column_set_safechars(cl, ""\n""); } if (flags & FL_JSON) { switch (id) { case COL_SIZE: case COL_AVAIL: case COL_USED: if (!(flags & FL_BYTES)) break; case COL_ID: case COL_PARENT: case COL_FREQ: case COL_PASSNO: case COL_TID: scols_column_set_json_type(cl, SCOLS_JSON_NUMBER); break; case COL_DELETED: scols_column_set_json_type(cl, SCOLS_JSON_BOOLEAN); break; default: if (fl & SCOLS_FL_WRAP) scols_column_set_json_type(cl, SCOLS_JSON_ARRAY_STRING); else scols_column_set_json_type(cl, SCOLS_JSON_STRING); break; } } } if (flags & FL_POLL) { rc = poll_table(tb, tabfiles ? *tabfiles : _PATH_PROC_MOUNTINFO, timeout, table, direction); } else if ((flags & FL_TREE) && !(flags & FL_SUBMOUNTS)) { rc = create_treenode(table, tb, NULL, NULL); } else { rc = add_matching_lines(tb, table, direction); if (rc != 0 && tabtype == TABTYPE_KERNEL && (flags & FL_NOSWAPMATCH) && !(flags & FL_STRICTTARGET) && get_match(COL_TARGET)) { enable_extra_target_match(tb); rc = add_matching_lines(tb, table, direction); } } if (!rc && !(flags & FL_POLL)) scols_print_table(table); leave: scols_unref_table(table); mnt_unref_table(tb); mnt_unref_cache(cache); free(tabfiles); #ifdef HAVE_LIBUDEV udev_unref(udev); #endif return rc ? EXIT_FAILURE : EXIT_SUCCESS; }",visit repo url,misc-utils/findmnt.c,https://github.com/util-linux/util-linux,100359959619135,1 4557,['CWE-20'],"static inline ext4_lblk_t dx_get_block(struct dx_entry *entry) { return le32_to_cpu(entry->block) & 0x00ffffff; }",linux-2.6,,,270730192480677550855504487701798666226,0 3992,['CWE-362'],"static int audit_match_signal(struct audit_entry *entry) { struct audit_field *arch = entry->rule.arch_f; if (!arch) { return (audit_match_class_bits(AUDIT_CLASS_SIGNAL, entry->rule.mask) && audit_match_class_bits(AUDIT_CLASS_SIGNAL_32, entry->rule.mask)); } switch(audit_classify_arch(arch->val)) { case 0: return (audit_match_class_bits(AUDIT_CLASS_SIGNAL, entry->rule.mask)); case 1: return (audit_match_class_bits(AUDIT_CLASS_SIGNAL_32, entry->rule.mask)); default: return 1; } }",linux-2.6,,,207017733030838298436507057043427471486,0 5301,['CWE-119'],"static void tun_free_netdev(struct net_device *dev) { struct tun_struct *tun = netdev_priv(dev); sock_put(tun->sk); }",linux-2.6,,,183905483182840997515212818714227920196,0 4430,['CWE-264'],"int compat_sock_common_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { struct sock *sk = sock->sk; if (sk->sk_prot->compat_getsockopt != NULL) return sk->sk_prot->compat_getsockopt(sk, level, optname, optval, optlen); return sk->sk_prot->getsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,204505161034893313269324757365088470960,0 3063,['CWE-189'],"int jpc_atoaf(char *s, int *numvalues, double **values) { static char delim[] = "", \t\n""; char buf[4096]; int n; double *vs; char *cp; strncpy(buf, s, sizeof(buf)); buf[sizeof(buf) - 1] = '\0'; n = 0; if ((cp = strtok(buf, delim))) { ++n; while ((cp = strtok(0, delim))) { if (cp != '\0') { ++n; } } } if (n) { if (!(vs = jas_alloc2(n, sizeof(double)))) { return -1; } strncpy(buf, s, sizeof(buf)); buf[sizeof(buf) - 1] = '\0'; n = 0; if ((cp = strtok(buf, delim))) { vs[n] = atof(cp); ++n; while ((cp = strtok(0, delim))) { if (cp != '\0') { vs[n] = atof(cp); ++n; } } } } else { vs = 0; } *numvalues = n; *values = vs; return 0; }",jasper,,,61344305680883226377293621423281765682,0 6250,CWE-190,"static void pp_mil_k48(fp48_t r, const fp8_t qx, const fp8_t qy, const ep_t p, const bn_t a) { fp48_t l; ep_t _p; fp8_t rx, ry, rz, qn; int i, len = bn_bits(a) + 1; int8_t s[RLC_FP_BITS + 1]; fp48_null(l); ep_null(_p); fp8_null(rx); fp8_null(ry); fp8_null(rz); fp8_null(qn); RLC_TRY { fp48_new(l); ep_new(_p); fp8_new(rx); fp8_new(ry); fp8_new(rz); fp8_new(qn); fp48_zero(l); fp8_copy(rx, qx); fp8_copy(ry, qy); fp8_set_dig(rz, 1); #if EP_ADD == BASIC ep_neg(_p, p); #else fp_add(_p->x, p->x, p->x); fp_add(_p->x, _p->x, p->x); fp_neg(_p->y, p->y); #endif fp8_neg(qn, qy); bn_rec_naf(s, &len, a, 2); for (i = len - 2; i >= 0; i--) { fp48_sqr(r, r); pp_dbl_k48(l, rx, ry, rz, _p); fp48_mul_dxs(r, r, l); if (s[i] > 0) { pp_add_k48(l, rx, ry, rz, qx, qy, p); fp48_mul_dxs(r, r, l); } if (s[i] < 0) { pp_add_k48(l, rx, ry, rz, qx, qn, p); fp48_mul_dxs(r, r, l); } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp48_free(l); ep_free(_p); fp8_free(rx); fp8_free(ry); fp8_free(rz); fp8_free(qn); } }",visit repo url,src/pp/relic_pp_map_k48.c,https://github.com/relic-toolkit/relic,211561395269701,1 2032,['CWE-269'],"static int show_vfsmnt(struct seq_file *m, void *v) { struct vfsmount *mnt = v; int err = 0; static struct proc_fs_info { int flag; char *str; } fs_info[] = { { MS_SYNCHRONOUS, "",sync"" }, { MS_DIRSYNC, "",dirsync"" }, { MS_MANDLOCK, "",mand"" }, { 0, NULL } }; static struct proc_fs_info mnt_info[] = { { MNT_NOSUID, "",nosuid"" }, { MNT_NODEV, "",nodev"" }, { MNT_NOEXEC, "",noexec"" }, { MNT_NOATIME, "",noatime"" }, { MNT_NODIRATIME, "",nodiratime"" }, { MNT_RELATIME, "",relatime"" }, { 0, NULL } }; struct proc_fs_info *fs_infop; mangle(m, mnt->mnt_devname ? mnt->mnt_devname : ""none""); seq_putc(m, ' '); seq_path(m, mnt, mnt->mnt_root, "" \t\n\\""); seq_putc(m, ' '); mangle(m, mnt->mnt_sb->s_type->name); if (mnt->mnt_sb->s_subtype && mnt->mnt_sb->s_subtype[0]) { seq_putc(m, '.'); mangle(m, mnt->mnt_sb->s_subtype); } seq_puts(m, mnt->mnt_sb->s_flags & MS_RDONLY ? "" ro"" : "" rw""); for (fs_infop = fs_info; fs_infop->flag; fs_infop++) { if (mnt->mnt_sb->s_flags & fs_infop->flag) seq_puts(m, fs_infop->str); } for (fs_infop = mnt_info; fs_infop->flag; fs_infop++) { if (mnt->mnt_flags & fs_infop->flag) seq_puts(m, fs_infop->str); } if (mnt->mnt_sb->s_op->show_options) err = mnt->mnt_sb->s_op->show_options(m, mnt); seq_puts(m, "" 0 0\n""); return err; }",linux-2.6,,,29827405671607943193108993069208696678,0 4815,['CWE-399'],"static inline void get_inotify_dev(struct inotify_device *dev) { atomic_inc(&dev->count); }",linux-2.6,,,72086246975139682857272396668856819453,0 6368,CWE-787,"write_node(FILE *out, tree_t *t, int col) { int i; uchar *ptr, *entity, *src, *realsrc, newsrc[1024]; if (out == NULL) return (0); switch (t->markup) { case MARKUP_NONE : if (t->data == NULL) break; if (t->preformatted) { for (ptr = t->data; *ptr; ptr ++) fputs((char *)iso8859(*ptr), out); if (t->data[strlen((char *)t->data) - 1] == '\n') col = 0; else col += strlen((char *)t->data); } else { if ((col + (int)strlen((char *)t->data)) > 72 && col > 0) { putc('\n', out); col = 0; } for (ptr = t->data; *ptr; ptr ++) fputs((char *)iso8859(*ptr), out); col += strlen((char *)t->data); if (col > 72) { putc('\n', out); col = 0; } } break; case MARKUP_COMMENT : case MARKUP_UNKNOWN : fputs(""\n\n"", out); col = 0; break; case MARKUP_AREA : case MARKUP_BODY : case MARKUP_DOCTYPE : case MARKUP_ERROR : case MARKUP_FILE : case MARKUP_HEAD : case MARKUP_HTML : case MARKUP_MAP : case MARKUP_META : case MARKUP_TITLE : break; case MARKUP_BR : case MARKUP_CENTER : case MARKUP_DD : case MARKUP_DL : case MARKUP_DT : case MARKUP_H1 : case MARKUP_H2 : case MARKUP_H3 : case MARKUP_H4 : case MARKUP_H5 : case MARKUP_H6 : case MARKUP_H7 : case MARKUP_H8 : case MARKUP_H9 : case MARKUP_H10 : case MARKUP_H11 : case MARKUP_H12 : case MARKUP_H13 : case MARKUP_H14 : case MARKUP_H15 : case MARKUP_HR : case MARKUP_LI : case MARKUP_OL : case MARKUP_P : case MARKUP_PRE : case MARKUP_TABLE : case MARKUP_TR : case MARKUP_UL : if (col > 0) { putc('\n', out); col = 0; } default : if (t->markup == MARKUP_IMG && OutputFiles && (src = htmlGetVariable(t, (uchar *)""SRC"")) != NULL && (realsrc = htmlGetVariable(t, (uchar *)""REALSRC"")) != NULL) { if (file_method((char *)src) == NULL && src[0] != '/' && src[0] != '\\' && (!isalpha(src[0]) || src[1] != ':')) { image_copy((char *)src, (char *)realsrc, OutputPath); strlcpy((char *)newsrc, file_basename((char *)src), sizeof(newsrc)); htmlSetVariable(t, (uchar *)""SRC"", newsrc); } } if (t->markup != MARKUP_EMBED) { col += fprintf(out, ""<%s"", _htmlMarkups[t->markup]); for (i = 0; i < t->nvars; i ++) { if (strcasecmp((char *)t->vars[i].name, ""BREAK"") == 0 && t->markup == MARKUP_HR) continue; if (strcasecmp((char *)t->vars[i].name, ""REALSRC"") == 0 && t->markup == MARKUP_IMG) continue; if (strncasecmp((char *)t->vars[i].name, ""_HD_"", 4) == 0) continue; if (col > 72 && !t->preformatted) { putc('\n', out); col = 0; } if (col > 0) { putc(' ', out); col ++; } if (t->vars[i].value == NULL) col += fprintf(out, ""%s"", t->vars[i].name); else { col += fprintf(out, ""%s=\"""", t->vars[i].name); for (ptr = t->vars[i].value; *ptr; ptr ++) { entity = iso8859(*ptr); fputs((char *)entity, out); col += strlen((char *)entity); } putc('\""', out); col ++; } } putc('>', out); col ++; if (col > 72 && !t->preformatted) { putc('\n', out); col = 0; } } break; } return (col); }",visit repo url,htmldoc/html.cxx,https://github.com/michaelrsweet/htmldoc,11465618801059,1 1758,CWE-119,"check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, struct xt_table_info *newinfo, unsigned int *size, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, const char *name) { struct xt_entry_match *ematch; struct xt_entry_target *t; struct xt_target *target; unsigned int entry_offset; unsigned int j; int ret, off, h; duprintf(""check_compat_entry_size_and_hooks %p\n"", e); if ((unsigned long)e % __alignof__(struct compat_ip6t_entry) != 0 || (unsigned char *)e + sizeof(struct compat_ip6t_entry) >= limit) { duprintf(""Bad offset %p, limit = %p\n"", e, limit); return -EINVAL; } if (e->next_offset < sizeof(struct compat_ip6t_entry) + sizeof(struct compat_xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } ret = check_entry((struct ip6t_entry *)e); if (ret) return ret; off = sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); entry_offset = (void *)e - (void *)base; j = 0; xt_ematch_foreach(ematch, e) { ret = compat_find_calc_match(ematch, name, &e->ipv6, &off); if (ret != 0) goto release_matches; ++j; } t = compat_ip6t_get_target(e); target = xt_request_find_target(NFPROTO_IPV6, t->u.user.name, t->u.user.revision); if (IS_ERR(target)) { duprintf(""check_compat_entry_size_and_hooks: `%s' not found\n"", t->u.user.name); ret = PTR_ERR(target); goto release_matches; } t->u.kernel.target = target; off += xt_compat_target_offset(target); *size += off; ret = xt_compat_add_offset(AF_INET6, entry_offset, off); if (ret) goto out; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) newinfo->underflow[h] = underflows[h]; } memset(&e->counters, 0, sizeof(e->counters)); e->comefrom = 0; return 0; out: module_put(t->u.kernel.target->me); release_matches: xt_ematch_foreach(ematch, e) { if (j-- == 0) break; module_put(ematch->u.kernel.match->me); } return ret; }",visit repo url,net/ipv6/netfilter/ip6_tables.c,https://github.com/torvalds/linux,254741351400196,1 2595,CWE-119,"PHP_FUNCTION(radius_get_vendor_attr) { int res; const void *data; int len; u_int32_t vendor; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""s"", &data, &len) == FAILURE) { return; } res = rad_get_vendor_attr(&vendor, &data, (size_t *) &len); if (res == -1) { RETURN_FALSE; } else { array_init(return_value); add_assoc_long(return_value, ""attr"", res); add_assoc_long(return_value, ""vendor"", vendor); add_assoc_stringl(return_value, ""data"", (char *) data, len, 1); return; } }",visit repo url,radius.c,https://github.com/LawnGnome/php-radius,68047048463523,1 6571,['CWE-200'],"remove_connection_cb (PolKitAction *action, gboolean gained_privilege, GError *error, gpointer user_data) { ConnectionRemoveInfo *info = (ConnectionRemoveInfo *) user_data; gboolean done = TRUE; if (gained_privilege) { remove_connection (info->exported, info->parent, info->callback, info->user_data); done = FALSE; } else if (error) { error_dialog (info->parent, _(""Could not obtain required privileges""), ""%s"", error->message); g_error_free (error); } else { error_dialog (info->parent, _(""Could not delete connection""), ""%s"", _(""The connection could not be deleted due to an unknown error."")); } if (done && info->callback) info->callback (info->exported, FALSE, info->user_data); g_object_unref (info->exported); g_slice_free (ConnectionRemoveInfo, info); }",network-manager-applet,,,192508838249857421231198232753992524425,0 1856,NVD-CWE-noinfo,"static void __init clear_bss(void) { memset(__bss_start, 0, (unsigned long) __bss_stop - (unsigned long) __bss_start); }",visit repo url,arch/x86/kernel/head64.c,https://github.com/torvalds/linux,3534083510452,1 1966,['CWE-20'],"copy_one_pte(struct mm_struct *dst_mm, struct mm_struct *src_mm, pte_t *dst_pte, pte_t *src_pte, struct vm_area_struct *vma, unsigned long addr, int *rss) { unsigned long vm_flags = vma->vm_flags; pte_t pte = *src_pte; struct page *page; if (unlikely(!pte_present(pte))) { if (!pte_file(pte)) { swp_entry_t entry = pte_to_swp_entry(pte); swap_duplicate(entry); if (unlikely(list_empty(&dst_mm->mmlist))) { spin_lock(&mmlist_lock); if (list_empty(&dst_mm->mmlist)) list_add(&dst_mm->mmlist, &src_mm->mmlist); spin_unlock(&mmlist_lock); } if (is_write_migration_entry(entry) && is_cow_mapping(vm_flags)) { make_migration_entry_read(&entry); pte = swp_entry_to_pte(entry); set_pte_at(src_mm, addr, src_pte, pte); } } goto out_set_pte; } if (is_cow_mapping(vm_flags)) { ptep_set_wrprotect(src_mm, addr, src_pte); pte = pte_wrprotect(pte); } if (vm_flags & VM_SHARED) pte = pte_mkclean(pte); pte = pte_mkold(pte); page = vm_normal_page(vma, addr, pte); if (page) { get_page(page); page_dup_rmap(page, vma, addr); rss[!!PageAnon(page)]++; } out_set_pte: set_pte_at(dst_mm, addr, dst_pte, pte); }",linux-2.6,,,226808325472588139392535892159885189485,0 405,[],"pfm_protect_ctx_ctxsw(pfm_context_t *x) { spin_lock(&(x)->ctx_lock); return 0UL; }",linux-2.6,,,88788345717949422619813160820612554234,0 6198,['CWE-200'],"static void neigh_timer_handler(unsigned long arg) { unsigned long now, next; struct neighbour *neigh = (struct neighbour *)arg; unsigned state; int notify = 0; write_lock(&neigh->lock); state = neigh->nud_state; now = jiffies; next = now + HZ; if (!(state & NUD_IN_TIMER)) { #ifndef CONFIG_SMP printk(KERN_WARNING ""neigh: timer & !nud_in_timer\n""); #endif goto out; } if (state & NUD_REACHABLE) { if (time_before_eq(now, neigh->confirmed + neigh->parms->reachable_time)) { NEIGH_PRINTK2(""neigh %p is still alive.\n"", neigh); next = neigh->confirmed + neigh->parms->reachable_time; } else if (time_before_eq(now, neigh->used + neigh->parms->delay_probe_time)) { NEIGH_PRINTK2(""neigh %p is delayed.\n"", neigh); neigh->nud_state = NUD_DELAY; neigh_suspect(neigh); next = now + neigh->parms->delay_probe_time; } else { NEIGH_PRINTK2(""neigh %p is suspected.\n"", neigh); neigh->nud_state = NUD_STALE; neigh_suspect(neigh); } } else if (state & NUD_DELAY) { if (time_before_eq(now, neigh->confirmed + neigh->parms->delay_probe_time)) { NEIGH_PRINTK2(""neigh %p is now reachable.\n"", neigh); neigh->nud_state = NUD_REACHABLE; neigh_connect(neigh); next = neigh->confirmed + neigh->parms->reachable_time; } else { NEIGH_PRINTK2(""neigh %p is probed.\n"", neigh); neigh->nud_state = NUD_PROBE; atomic_set(&neigh->probes, 0); next = now + neigh->parms->retrans_time; } } else { next = now + neigh->parms->retrans_time; } if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) && atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) { struct sk_buff *skb; neigh->nud_state = NUD_FAILED; notify = 1; NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed); NEIGH_PRINTK2(""neigh %p is failed.\n"", neigh); while (neigh->nud_state == NUD_FAILED && (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { write_unlock(&neigh->lock); neigh->ops->error_report(neigh, skb); write_lock(&neigh->lock); } skb_queue_purge(&neigh->arp_queue); } if (neigh->nud_state & NUD_IN_TIMER) { neigh_hold(neigh); if (time_before(next, jiffies + HZ/2)) next = jiffies + HZ/2; neigh->timer.expires = next; add_timer(&neigh->timer); } if (neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) { struct sk_buff *skb = skb_peek(&neigh->arp_queue); if (skb) skb_get(skb); write_unlock(&neigh->lock); neigh->ops->solicit(neigh, skb); atomic_inc(&neigh->probes); if (skb) kfree_skb(skb); } else { out: write_unlock(&neigh->lock); } #ifdef CONFIG_ARPD if (notify && neigh->parms->app_probes) neigh_app_notify(neigh); #endif neigh_release(neigh); }",linux-2.6,,,52050306017099300178061882783028016576,0 381,[],"pfm_remove_alt_pmu_interrupt(pfm_intr_handler_desc_t *hdl) { int i; int ret; if (hdl == NULL) return -EINVAL; if (pfm_alt_intr_handler != hdl) return -EINVAL; if (!spin_trylock(&pfm_alt_install_check)) { return -EBUSY; } pfm_alt_intr_handler = NULL; ret = on_each_cpu(pfm_alt_restore_pmu_state, NULL, 0, 1); if (ret) { DPRINT((""on_each_cpu() failed: %d\n"", ret)); } for_each_online_cpu(i) { pfm_unreserve_session(NULL, 1, i); } spin_unlock(&pfm_alt_install_check); return 0; }",linux-2.6,,,183652399388947235984747090607968616127,0 6447,CWE-20,"error_t httpCheckCharset(const char_t *s, size_t length, uint_t charset) { error_t error; size_t i; uint8_t c; uint_t m; error = NO_ERROR; for(i = 0; i < length; i++) { c = (uint8_t) s[i]; m = HTTP_CHARSET_OCTET; if(iscntrl(c)) m |= HTTP_CHARSET_CTL; if(isprint(c) && c <= 126) m |= HTTP_CHARSET_TEXT | HTTP_CHARSET_VCHAR; if(c == ' ' || c == '\t') m |= HTTP_CHARSET_TEXT | HTTP_CHARSET_LWS; if(isalpha(c)) m |= HTTP_CHARSET_TCHAR | HTTP_CHARSET_ALPHA; if(osIsdigit(c)) m |= HTTP_CHARSET_TCHAR | HTTP_CHARSET_DIGIT; if(isxdigit(c)) m |= HTTP_CHARSET_HEX; if(c >= 128) m |= HTTP_CHARSET_TEXT | HTTP_CHARSET_OBS_TEXT; if(strchr(""!#$%&'*+-.^_`|~"", c)) m |= HTTP_CHARSET_TCHAR; if((m & charset) == 0) error = ERROR_INVALID_SYNTAX; } return error; }",visit repo url,http/http_common.c,https://github.com/Oryx-Embedded/CycloneTCP,144243456276589,1 1138,['CWE-399'],"static unsigned long __peek_user(struct task_struct *child, addr_t addr) { struct user *dummy = NULL; addr_t offset, tmp; if (addr < (addr_t) &dummy->regs.acrs) { tmp = *(addr_t *)((addr_t) &task_pt_regs(child)->psw + addr); if (addr == (addr_t) &dummy->regs.psw.mask) tmp &= ~PSW_MASK_PER; } else if (addr < (addr_t) &dummy->regs.orig_gpr2) { offset = addr - (addr_t) &dummy->regs.acrs; #ifdef CONFIG_64BIT if (addr == (addr_t) &dummy->regs.acrs[15]) tmp = ((unsigned long) child->thread.acrs[15]) << 32; else #endif tmp = *(addr_t *)((addr_t) &child->thread.acrs + offset); } else if (addr == (addr_t) &dummy->regs.orig_gpr2) { tmp = (addr_t) task_pt_regs(child)->orig_gpr2; } else if (addr < (addr_t) &dummy->regs.fp_regs) { tmp = 0; } else if (addr < (addr_t) (&dummy->regs.fp_regs + 1)) { offset = addr - (addr_t) &dummy->regs.fp_regs; tmp = *(addr_t *)((addr_t) &child->thread.fp_regs + offset); if (addr == (addr_t) &dummy->regs.fp_regs.fpc) tmp &= (unsigned long) FPC_VALID_MASK << (BITS_PER_LONG - 32); } else if (addr < (addr_t) (&dummy->regs.per_info + 1)) { offset = addr - (addr_t) &dummy->regs.per_info; tmp = *(addr_t *)((addr_t) &child->thread.per_info + offset); } else tmp = 0; return tmp; }",linux-2.6,,,196221434868836118326849220324928930688,0 1020,CWE-476,"static int asymmetric_key_match(const struct key *key, const struct key_match_data *match_data) { const struct asymmetric_key_subtype *subtype = asymmetric_key_subtype(key); const char *description = match_data->raw_data; const char *spec = description; const char *id; ptrdiff_t speclen; if (!subtype || !spec || !*spec) return 0; if (key->description && strcmp(key->description, description) == 0) return 1; id = strchr(spec, ':'); if (!id) return 0; speclen = id - spec; id++; if (speclen == 2 && memcmp(spec, ""id"", 2) == 0) return asymmetric_keyid_match(asymmetric_key_id(key), id); if (speclen == subtype->name_len && memcmp(spec, subtype->name, speclen) == 0) return 1; return 0; }",visit repo url,crypto/asymmetric_keys/asymmetric_type.c,https://github.com/torvalds/linux,237530066623843,1 5767,['CWE-200'],"static int rose_info_show(struct seq_file *seq, void *v) { char buf[11], rsbuf[11]; if (v == SEQ_START_TOKEN) seq_puts(seq, ""dest_addr dest_call src_addr src_call dev lci neigh st vs vr va t t1 t2 t3 hb idle Snd-Q Rcv-Q inode\n""); else { struct sock *s = v; struct rose_sock *rose = rose_sk(s); const char *devname, *callsign; const struct net_device *dev = rose->device; if (!dev) devname = ""???""; else devname = dev->name; seq_printf(seq, ""%-10s %-9s "", rose2asc(rsbuf, &rose->dest_addr), ax2asc(buf, &rose->dest_call)); if (ax25cmp(&rose->source_call, &null_ax25_address) == 0) callsign = ""??????-?""; else callsign = ax2asc(buf, &rose->source_call); seq_printf(seq, ""%-10s %-9s %-5s %3.3X %05d %d %d %d %d %3lu %3lu %3lu %3lu %3lu %3lu/%03lu %5d %5d %ld\n"", rose2asc(rsbuf, &rose->source_addr), callsign, devname, rose->lci & 0x0FFF, (rose->neighbour) ? rose->neighbour->number : 0, rose->state, rose->vs, rose->vr, rose->va, ax25_display_timer(&rose->timer) / HZ, rose->t1 / HZ, rose->t2 / HZ, rose->t3 / HZ, rose->hb / HZ, ax25_display_timer(&rose->idletimer) / (60 * HZ), rose->idle / (60 * HZ), sk_wmem_alloc_get(s), sk_rmem_alloc_get(s), s->sk_socket ? SOCK_INODE(s->sk_socket)->i_ino : 0L); } return 0; }",linux-2.6,,,99600263603351479256687324302873667773,0 3258,CWE-125,"ikev1_attrmap_print(netdissect_options *ndo, const u_char *p, const u_char *ep, const struct attrmap *map, size_t nmap) { int totlen; uint32_t t, v; if (p[0] & 0x80) totlen = 4; else totlen = 4 + EXTRACT_16BITS(&p[2]); if (ep < p + totlen) { ND_PRINT((ndo,""[|attr]"")); return ep + 1; } ND_PRINT((ndo,""("")); t = EXTRACT_16BITS(&p[0]) & 0x7fff; if (map && t < nmap && map[t].type) ND_PRINT((ndo,""type=%s "", map[t].type)); else ND_PRINT((ndo,""type=#%d "", t)); if (p[0] & 0x80) { ND_PRINT((ndo,""value="")); v = EXTRACT_16BITS(&p[2]); if (map && t < nmap && v < map[t].nvalue && map[t].value[v]) ND_PRINT((ndo,""%s"", map[t].value[v])); else rawprint(ndo, (const uint8_t *)&p[2], 2); } else { ND_PRINT((ndo,""len=%d value="", EXTRACT_16BITS(&p[2]))); rawprint(ndo, (const uint8_t *)&p[4], EXTRACT_16BITS(&p[2])); } ND_PRINT((ndo,"")"")); return p + totlen; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,278532711869245,1 3028,CWE-476,"BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { gdImagePtr dst; register int i, x; if (src->trueColor) { dst = gdImageCreateTrueColor(src->sx , src->sy); } else { dst = gdImageCreate(src->sx , src->sy); } if (dst == NULL) { return NULL; } if (src->trueColor == 0) { dst->colorsTotal = src->colorsTotal; for (i = 0; i < gdMaxColors; i++) { dst->red[i] = src->red[i]; dst->green[i] = src->green[i]; dst->blue[i] = src->blue[i]; dst->alpha[i] = src->alpha[i]; dst->open[i] = src->open[i]; } for (i = 0; i < src->sy; i++) { for (x = 0; x < src->sx; x++) { dst->pixels[i][x] = src->pixels[i][x]; } } } else { for (i = 0; i < src->sy; i++) { for (x = 0; x < src->sx; x++) { dst->tpixels[i][x] = src->tpixels[i][x]; } } } if (src->styleLength > 0) { dst->styleLength = src->styleLength; dst->stylePos = src->stylePos; for (i = 0; i < src->styleLength; i++) { dst->style[i] = src->style[i]; } } dst->interlace = src->interlace; dst->alphaBlendingFlag = src->alphaBlendingFlag; dst->saveAlphaFlag = src->saveAlphaFlag; dst->AA = src->AA; dst->AA_color = src->AA_color; dst->AA_dont_blend = src->AA_dont_blend; dst->cx1 = src->cx1; dst->cy1 = src->cy1; dst->cx2 = src->cx2; dst->cy2 = src->cy2; dst->res_x = src->res_x; dst->res_y = src->res_y; dst->paletteQuantizationMethod = src->paletteQuantizationMethod; dst->paletteQuantizationSpeed = src->paletteQuantizationSpeed; dst->paletteQuantizationMinQuality = src->paletteQuantizationMinQuality; dst->paletteQuantizationMinQuality = src->paletteQuantizationMinQuality; dst->interpolation_id = src->interpolation_id; dst->interpolation = src->interpolation; if (src->brush) { dst->brush = gdImageClone(src->brush); } if (src->tile) { dst->tile = gdImageClone(src->tile); } if (src->style) { gdImageSetStyle(dst, src->style, src->styleLength); } for (i = 0; i < gdMaxColors; i++) { dst->brushColorMap[i] = src->brushColorMap[i]; dst->tileColorMap[i] = src->tileColorMap[i]; } if (src->polyAllocated > 0) { dst->polyAllocated = src->polyAllocated; for (i = 0; i < src->polyAllocated; i++) { dst->polyInts[i] = src->polyInts[i]; } } return dst; }",visit repo url,src/gd.c,https://github.com/libgd/libgd,247510024081340,1 2616,CWE-190,"static inline int map_from_unicode(unsigned code, enum entity_charset charset, unsigned *res) { unsigned char found; const uni_to_enc *table; size_t table_size; switch (charset) { case cs_8859_1: if (code > 0xFF) { return FAILURE; } *res = code; break; case cs_8859_5: if (code <= 0xA0 || code == 0xAD ) { *res = code; } else if (code == 0x2116) { *res = 0xF0; } else if (code == 0xA7) { *res = 0xFD; } else if (code >= 0x0401 && code <= 0x044F) { if (code == 0x040D || code == 0x0450 || code == 0x045D) return FAILURE; *res = code - 0x360; } else { return FAILURE; } break; case cs_8859_15: if (code < 0xA4 || (code > 0xBE && code <= 0xFF)) { *res = code; } else { found = unimap_bsearch(unimap_iso885915, code, sizeof(unimap_iso885915) / sizeof(*unimap_iso885915)); if (found) *res = found; else return FAILURE; } break; case cs_cp1252: if (code <= 0x7F || (code >= 0xA0 && code <= 0xFF)) { *res = code; } else { found = unimap_bsearch(unimap_win1252, code, sizeof(unimap_win1252) / sizeof(*unimap_win1252)); if (found) *res = found; else return FAILURE; } break; case cs_macroman: if (code == 0x7F) return FAILURE; table = unimap_macroman; table_size = sizeof(unimap_macroman) / sizeof(*unimap_macroman); goto table_over_7F; case cs_cp1251: table = unimap_win1251; table_size = sizeof(unimap_win1251) / sizeof(*unimap_win1251); goto table_over_7F; case cs_koi8r: table = unimap_koi8r; table_size = sizeof(unimap_koi8r) / sizeof(*unimap_koi8r); goto table_over_7F; case cs_cp866: table = unimap_cp866; table_size = sizeof(unimap_cp866) / sizeof(*unimap_cp866); table_over_7F: if (code <= 0x7F) { *res = code; } else { found = unimap_bsearch(table, code, table_size); if (found) *res = found; else return FAILURE; } break; case cs_sjis: case cs_eucjp: if (code >= 0x20 && code <= 0x7D) { if (code == 0x5C) return FAILURE; *res = code; } else { return FAILURE; } break; case cs_big5: case cs_big5hkscs: case cs_gb2312: if (code >= 0x20 && code <= 0x7D) { *res = code; } else { return FAILURE; } break; default: return FAILURE; } return SUCCESS; }",visit repo url,ext/standard/html.c,https://github.com/php/php-src,106394481743649,1 789,CWE-20,"static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int err; struct sk_buff *skb; struct sock *sk = sock->sk; err = -EIO; if (sk->sk_state & PPPOX_BOUND) goto end; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) goto end; if (len > skb->len) len = skb->len; else if (len < skb->len) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len); if (likely(err == 0)) err = len; kfree_skb(skb); end: return err; }",visit repo url,net/l2tp/l2tp_ppp.c,https://github.com/torvalds/linux,83283590519134,1 85,CWE-772,"get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) { static gprinc_ret ret; char *prime_arg, *funcname; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_gprinc_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; funcname = ""kadm5_get_principal""; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_INQUIRE, arg->princ, NULL))) { ret.code = KADM5_AUTH_GET; log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp); } else { ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec, arg->mask); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(funcname, prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,29753464846482,1 295,CWE-190,"vc4_get_bcl(struct drm_device *dev, struct vc4_exec_info *exec) { struct drm_vc4_submit_cl *args = exec->args; void *temp = NULL; void *bin; int ret = 0; uint32_t bin_offset = 0; uint32_t shader_rec_offset = roundup(bin_offset + args->bin_cl_size, 16); uint32_t uniforms_offset = shader_rec_offset + args->shader_rec_size; uint32_t exec_size = uniforms_offset + args->uniforms_size; uint32_t temp_size = exec_size + (sizeof(struct vc4_shader_state) * args->shader_rec_count); struct vc4_bo *bo; if (uniforms_offset < shader_rec_offset || exec_size < uniforms_offset || args->shader_rec_count >= (UINT_MAX / sizeof(struct vc4_shader_state)) || temp_size < exec_size) { DRM_ERROR(""overflow in exec arguments\n""); goto fail; } temp = drm_malloc_ab(temp_size, 1); if (!temp) { DRM_ERROR(""Failed to allocate storage for copying "" ""in bin/render CLs.\n""); ret = -ENOMEM; goto fail; } bin = temp + bin_offset; exec->shader_rec_u = temp + shader_rec_offset; exec->uniforms_u = temp + uniforms_offset; exec->shader_state = temp + exec_size; exec->shader_state_size = args->shader_rec_count; if (copy_from_user(bin, (void __user *)(uintptr_t)args->bin_cl, args->bin_cl_size)) { ret = -EFAULT; goto fail; } if (copy_from_user(exec->shader_rec_u, (void __user *)(uintptr_t)args->shader_rec, args->shader_rec_size)) { ret = -EFAULT; goto fail; } if (copy_from_user(exec->uniforms_u, (void __user *)(uintptr_t)args->uniforms, args->uniforms_size)) { ret = -EFAULT; goto fail; } bo = vc4_bo_create(dev, exec_size, true); if (IS_ERR(bo)) { DRM_ERROR(""Couldn't allocate BO for binning\n""); ret = PTR_ERR(bo); goto fail; } exec->exec_bo = &bo->base; list_add_tail(&to_vc4_bo(&exec->exec_bo->base)->unref_head, &exec->unref_list); exec->ct0ca = exec->exec_bo->paddr + bin_offset; exec->bin_u = bin; exec->shader_rec_v = exec->exec_bo->vaddr + shader_rec_offset; exec->shader_rec_p = exec->exec_bo->paddr + shader_rec_offset; exec->shader_rec_size = args->shader_rec_size; exec->uniforms_v = exec->exec_bo->vaddr + uniforms_offset; exec->uniforms_p = exec->exec_bo->paddr + uniforms_offset; exec->uniforms_size = args->uniforms_size; ret = vc4_validate_bin_cl(dev, exec->exec_bo->vaddr + bin_offset, bin, exec); if (ret) goto fail; ret = vc4_validate_shader_recs(dev, exec); if (ret) goto fail; ret = vc4_wait_for_seqno(dev, exec->bin_dep_seqno, ~0ull, true); fail: drm_free_large(temp); return ret; }",visit repo url,drivers/gpu/drm/vc4/vc4_gem.c,https://github.com/torvalds/linux,199159381526507,1 2910,['CWE-189'],"jas_seq_t *jpc_seq_upsample(jas_seq_t *x, int m) { jas_seq_t *z; int i; if (!(z = jas_seq_create(jas_seq_start(x) * m, (jas_seq_end(x) - 1) * m + 1))) return 0; for (i = jas_seq_start(z); i < jas_seq_end(z); i++) { *jas_seq_getref(z, i) = (!JAS_MOD(i, m)) ? jas_seq_get(x, i / m) : jpc_inttofix(0); } return z; }",jasper,,,16309091002223295170546449423495268938,0 6501,['CWE-20'],"static void emulate_push_sreg(struct x86_emulate_ctxt *ctxt, int seg) { struct decode_cache *c = &ctxt->decode; struct kvm_segment segment; kvm_x86_ops->get_segment(ctxt->vcpu, &segment, seg); c->src.val = segment.selector; emulate_push(ctxt); }",kvm,,,130219452427034714629125099802037611611,0 6685,['CWE-200'],"nm_connection_list_present (NMConnectionList *list) { g_return_if_fail (NM_IS_CONNECTION_LIST (list)); gtk_window_present (GTK_WINDOW (list->dialog)); }",network-manager-applet,,,293627468785980494942242734092090154261,0 3926,CWE-476,"vgetorpeek(int advance) { int c, c1; int timedout = FALSE; int mapdepth = 0; int mode_deleted = FALSE; int new_wcol, new_wrow; #ifdef FEAT_GUI int shape_changed = FALSE; #endif int n; int old_wcol, old_wrow; int wait_tb_len; if (vgetc_busy > 0 && ex_normal_busy == 0) return NUL; ++vgetc_busy; if (advance) { KeyStuffed = FALSE; typebuf_was_empty = FALSE; } init_typebuf(); start_stuff(); check_end_reg_executing(advance); do { if (typeahead_char != 0) { c = typeahead_char; if (advance) typeahead_char = 0; } else c = read_readbuffers(advance); if (c != NUL && !got_int) { if (advance) { KeyStuffed = TRUE; } if (typebuf.tb_no_abbr_cnt == 0) typebuf.tb_no_abbr_cnt = 1; } else { for (;;) { long wait_time; int keylen = 0; int showcmd_idx; check_end_reg_executing(advance); if (typebuf.tb_maplen) line_breakcheck(); else ui_breakcheck(); if (got_int) { c = inchar(typebuf.tb_buf, typebuf.tb_buflen - 1, 0L); if ((c || typebuf.tb_maplen) && (State & (MODE_INSERT | MODE_CMDLINE))) c = ESC; else c = Ctrl_C; flush_buffers(FLUSH_INPUT); if (advance) { *typebuf.tb_buf = c; gotchars(typebuf.tb_buf, 1); } cmd_silent = FALSE; break; } else if (typebuf.tb_len > 0) { map_result_T result = handle_mapping( &keylen, &timedout, &mapdepth); if (result == map_result_retry) continue; if (result == map_result_fail) { c = -1; break; } if (result == map_result_get) { c = typebuf.tb_buf[typebuf.tb_off]; if (advance) { cmd_silent = (typebuf.tb_silent > 0); if (typebuf.tb_maplen > 0) KeyTyped = FALSE; else { KeyTyped = TRUE; gotchars(typebuf.tb_buf + typebuf.tb_off, 1); } KeyNoremap = typebuf.tb_noremap[ typebuf.tb_off]; del_typebuf(1, 0); } break; } } c = 0; new_wcol = curwin->w_wcol; new_wrow = curwin->w_wrow; if ( advance && typebuf.tb_len == 1 && typebuf.tb_buf[typebuf.tb_off] == ESC && !no_mapping && kitty_protocol_state != KKPS_ENABLED && ex_normal_busy == 0 && typebuf.tb_maplen == 0 && (State & MODE_INSERT) && (p_timeout || (keylen == KEYLEN_PART_KEY && p_ttimeout)) && (c = inchar(typebuf.tb_buf + typebuf.tb_off + typebuf.tb_len, 3, 25L)) == 0) { colnr_T col = 0; char_u *ptr; if (mode_displayed) { unshowmode(TRUE); mode_deleted = TRUE; } #ifdef FEAT_GUI if (gui.in_use && State != MODE_NORMAL && !cmd_silent) { int save_State; save_State = State; State = MODE_NORMAL; gui_update_cursor(TRUE, FALSE); State = save_State; shape_changed = TRUE; } #endif validate_cursor(); old_wcol = curwin->w_wcol; old_wrow = curwin->w_wrow; if (curwin->w_cursor.col != 0) { if (curwin->w_wcol > 0) { if (did_ai && *skipwhite(ml_get_curline() + curwin->w_cursor.col) == NUL) { chartabsize_T cts; curwin->w_wcol = 0; ptr = ml_get_curline(); init_chartabsize_arg(&cts, curwin, curwin->w_cursor.lnum, 0, ptr, ptr); while (cts.cts_ptr < ptr + curwin->w_cursor.col) { if (!VIM_ISWHITE(*cts.cts_ptr)) curwin->w_wcol = cts.cts_vcol; cts.cts_vcol += lbr_chartabsize(&cts); if (has_mbyte) cts.cts_ptr += (*mb_ptr2len)(cts.cts_ptr); else ++cts.cts_ptr; } clear_chartabsize_arg(&cts); curwin->w_wrow = curwin->w_cline_row + curwin->w_wcol / curwin->w_width; curwin->w_wcol %= curwin->w_width; curwin->w_wcol += curwin_col_off(); col = 0; } else { --curwin->w_wcol; col = curwin->w_cursor.col - 1; } } else if (curwin->w_p_wrap && curwin->w_wrow) { --curwin->w_wrow; curwin->w_wcol = curwin->w_width - 1; col = curwin->w_cursor.col - 1; } if (has_mbyte && col > 0 && curwin->w_wcol > 0) { ptr = ml_get_curline(); col -= (*mb_head_off)(ptr, ptr + col); if ((*mb_ptr2cells)(ptr + col) > 1) --curwin->w_wcol; } } setcursor(); out_flush(); new_wcol = curwin->w_wcol; new_wrow = curwin->w_wrow; curwin->w_wcol = old_wcol; curwin->w_wrow = old_wrow; } if (c < 0) continue; for (n = 1; n <= c; ++n) typebuf.tb_noremap[typebuf.tb_off + n] = RM_YES; typebuf.tb_len += c; if (typebuf.tb_len >= typebuf.tb_maplen + MAXMAPLEN) { timedout = TRUE; continue; } if (ex_normal_busy > 0) { static int tc = 0; if (typebuf.tb_len > 0) { timedout = TRUE; continue; } if (p_im && (State & MODE_INSERT)) c = Ctrl_L; #ifdef FEAT_TERMINAL else if (terminal_is_active()) c = K_CANCEL; #endif else if ((State & MODE_CMDLINE) || (cmdwin_type > 0 && tc == ESC)) c = Ctrl_C; else c = ESC; tc = c; if (advance) typebuf_was_empty = TRUE; if (pending_exmode_active) exmode_active = EXMODE_NORMAL; typebuf.tb_no_abbr_cnt = 0; break; } if (((State & MODE_INSERT) != 0 || p_lz) && (State & MODE_CMDLINE) == 0 && advance && must_redraw != 0 && !need_wait_return) { update_screen(0); setcursor(); } showcmd_idx = 0; c1 = 0; if (typebuf.tb_len > 0 && advance && !exmode_active) { if (((State & (MODE_NORMAL | MODE_INSERT)) || State == MODE_LANGMAP) && State != MODE_HITRETURN) { if (State & MODE_INSERT && ptr2cells(typebuf.tb_buf + typebuf.tb_off + typebuf.tb_len - 1) == 1) { edit_putchar(typebuf.tb_buf[typebuf.tb_off + typebuf.tb_len - 1], FALSE); setcursor(); c1 = 1; } old_wcol = curwin->w_wcol; old_wrow = curwin->w_wrow; curwin->w_wcol = new_wcol; curwin->w_wrow = new_wrow; push_showcmd(); if (typebuf.tb_len > SHOWCMD_COLS) showcmd_idx = typebuf.tb_len - SHOWCMD_COLS; while (showcmd_idx < typebuf.tb_len) (void)add_to_showcmd( typebuf.tb_buf[typebuf.tb_off + showcmd_idx++]); curwin->w_wcol = old_wcol; curwin->w_wrow = old_wrow; } if ((State & MODE_CMDLINE) #if defined(FEAT_CRYPT) || defined(FEAT_EVAL) && cmdline_star == 0 #endif && ptr2cells(typebuf.tb_buf + typebuf.tb_off + typebuf.tb_len - 1) == 1) { putcmdline(typebuf.tb_buf[typebuf.tb_off + typebuf.tb_len - 1], FALSE); c1 = 1; } } if (typebuf.tb_len == 0) timedout = FALSE; if (advance) { if (typebuf.tb_len == 0 || !(p_timeout || (p_ttimeout && keylen == KEYLEN_PART_KEY))) wait_time = -1L; else if (keylen == KEYLEN_PART_KEY && p_ttm >= 0) wait_time = p_ttm; else wait_time = p_tm; } else wait_time = 0; wait_tb_len = typebuf.tb_len; c = inchar(typebuf.tb_buf + typebuf.tb_off + typebuf.tb_len, typebuf.tb_buflen - typebuf.tb_off - typebuf.tb_len - 1, wait_time); if (showcmd_idx != 0) pop_showcmd(); if (c1 == 1) { if (State & MODE_INSERT) edit_unputchar(); if (State & MODE_CMDLINE) unputcmdline(); else setcursor(); } if (c < 0) continue; if (c == NUL) { if (!advance) break; if (wait_tb_len > 0) { timedout = TRUE; continue; } } else { while (typebuf.tb_buf[typebuf.tb_off + typebuf.tb_len] != NUL) typebuf.tb_noremap[typebuf.tb_off + typebuf.tb_len++] = RM_YES; #ifdef HAVE_INPUT_METHOD vgetc_im_active = im_get_status(); #endif } } } } while ((c < 0 && c != K_CANCEL) || (advance && c == NUL)); if (advance && p_smd && msg_silent == 0 && (State & MODE_INSERT)) { if (c == ESC && !mode_deleted && !no_mapping && mode_displayed) { if (typebuf.tb_len && !KeyTyped) redraw_cmdline = TRUE; else unshowmode(FALSE); } else if (c != ESC && mode_deleted) { if (typebuf.tb_len && !KeyTyped) redraw_cmdline = TRUE; else showmode(); } } #ifdef FEAT_GUI if (gui.in_use && shape_changed) gui_update_cursor(TRUE, FALSE); #endif if (timedout && c == ESC) { char_u nop_buf[3]; nop_buf[0] = K_SPECIAL; nop_buf[1] = KS_EXTRA; nop_buf[2] = KE_NOP; gotchars(nop_buf, 3); } --vgetc_busy; return c; }",visit repo url,src/getchar.c,https://github.com/vim/vim,205850158126622,1 682,[],"static void jpc_cod_destroyparms(jpc_ms_t *ms) { jpc_cod_t *cod = &ms->parms.cod; jpc_cox_destroycompparms(&cod->compparms); }",jasper,,,330626690074121579398928988186945074649,0 5028,CWE-787,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 4387,CWE-125,"static void iwjpeg_scan_exif_ifd(struct iwjpegrcontext *rctx, struct iw_exif_state *e, iw_uint32 ifd) { unsigned int tag_count; unsigned int i; unsigned int tag_pos; unsigned int tag_id; unsigned int v; double v_dbl; if(ifd<8 || ifd>e->d_len-18) return; tag_count = iw_get_ui16_e(&e->d[ifd],e->endian); if(tag_count>1000) return; for(i=0;i e->d_len) return; tag_id = iw_get_ui16_e(&e->d[tag_pos],e->endian); switch(tag_id) { case 274: if(get_exif_tag_int_value(e,tag_pos,&v)) { rctx->exif_orientation = v; } break; case 296: if(get_exif_tag_int_value(e,tag_pos,&v)) { rctx->exif_density_unit = v; } break; case 282: if(get_exif_tag_dbl_value(e,tag_pos,&v_dbl)) { rctx->exif_density_x = v_dbl; } break; case 283: if(get_exif_tag_dbl_value(e,tag_pos,&v_dbl)) { rctx->exif_density_y = v_dbl; } break; } } }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,254890664792750,1 6762,['CWE-310'],"file_to_g_byte_array (const char *filename) { char *contents = NULL; GByteArray *array = NULL; gsize length = 0; if (!g_file_get_contents (filename, &contents, &length, NULL)) return NULL; array = g_byte_array_sized_new (length); if (!array) { g_free (contents); return NULL; } g_byte_array_append (array, (unsigned char *) contents, length); return array; }",network-manager-applet,,,217202771593696579884589207204863508018,0 3640,CWE-264,"int touch(const char *path) { return touch_file(path, false, USEC_INFINITY, UID_INVALID, GID_INVALID, 0); }",visit repo url,src/basic/fs-util.c,https://github.com/systemd/systemd,32482921432078,1 2367,['CWE-200'],"snd_seq_oss_synth_register(struct snd_seq_device *dev) { int i; struct seq_oss_synth *rec; struct snd_seq_oss_reg *reg = SNDRV_SEQ_DEVICE_ARGPTR(dev); unsigned long flags; if ((rec = kzalloc(sizeof(*rec), GFP_KERNEL)) == NULL) { snd_printk(KERN_ERR ""can't malloc synth info\n""); return -ENOMEM; } rec->seq_device = -1; rec->synth_type = reg->type; rec->synth_subtype = reg->subtype; rec->nr_voices = reg->nvoices; rec->oper = reg->oper; rec->private_data = reg->private_data; rec->opened = 0; snd_use_lock_init(&rec->use_lock); strlcpy(rec->name, dev->name, sizeof(rec->name)); spin_lock_irqsave(®ister_lock, flags); for (i = 0; i < max_synth_devs; i++) { if (synth_devs[i] == NULL) break; } if (i >= max_synth_devs) { if (max_synth_devs >= SNDRV_SEQ_OSS_MAX_SYNTH_DEVS) { spin_unlock_irqrestore(®ister_lock, flags); snd_printk(KERN_ERR ""no more synth slot\n""); kfree(rec); return -ENOMEM; } max_synth_devs++; } rec->seq_device = i; synth_devs[i] = rec; debug_printk((""synth %s registered %d\n"", rec->name, i)); spin_unlock_irqrestore(®ister_lock, flags); dev->driver_data = rec; #ifdef SNDRV_OSS_INFO_DEV_SYNTH if (i < SNDRV_CARDS) snd_oss_info_register(SNDRV_OSS_INFO_DEV_SYNTH, i, rec->name); #endif return 0; }",linux-2.6,,,64345710726578814034418920237650919107,0 502,[],"static void *snd_dma_hack_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_handle, gfp_t flags) { void *ret; u64 dma_mask, coherent_dma_mask; if (dev == NULL || !dev->dma_mask) return dma_alloc_coherent(dev, size, dma_handle, flags); dma_mask = *dev->dma_mask; coherent_dma_mask = dev->coherent_dma_mask; *dev->dma_mask = 0xffffffff; dev->coherent_dma_mask = 0xffffffff; ret = dma_alloc_coherent(dev, size, dma_handle, flags); *dev->dma_mask = dma_mask; dev->coherent_dma_mask = coherent_dma_mask; if (ret) { if (((unsigned long)*dma_handle + size - 1) & ~dma_mask) { dma_free_coherent(dev, size, ret, *dma_handle); ret = dma_alloc_coherent(dev, size, dma_handle, flags); } } else { if (dma_mask != 0xffffffffUL) { flags &= ~GFP_KERNEL; flags |= GFP_ATOMIC; ret = dma_alloc_coherent(dev, size, dma_handle, flags); } } return ret; }",linux-2.6,,,163611288063225541839141190296534388346,0 3265,['CWE-189'],"int jas_image_writecmpt(jas_image_t *image, int cmptno, jas_image_coord_t x, jas_image_coord_t y, jas_image_coord_t width, jas_image_coord_t height, jas_matrix_t *data) { jas_image_cmpt_t *cmpt; jas_image_coord_t i; jas_image_coord_t j; jas_seqent_t *d; jas_seqent_t *dr; int drs; jas_seqent_t v; int k; int c; if (cmptno < 0 || cmptno >= image->numcmpts_) { return -1; } cmpt = image->cmpts_[cmptno]; if (x >= cmpt->width_ || y >= cmpt->height_ || x + width > cmpt->width_ || y + height > cmpt->height_) { return -1; } if (!jas_matrix_numrows(data) || !jas_matrix_numcols(data)) { return -1; } if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) { return -1; } dr = jas_matrix_getref(data, 0, 0); drs = jas_matrix_rowstep(data); for (i = 0; i < height; ++i, dr += drs) { d = dr; if (jas_stream_seek(cmpt->stream_, (cmpt->width_ * (y + i) + x) * cmpt->cps_, SEEK_SET) < 0) { return -1; } for (j = width; j > 0; --j, ++d) { v = inttobits(*d, cmpt->prec_, cmpt->sgnd_); for (k = cmpt->cps_; k > 0; --k) { c = (v >> (8 * (cmpt->cps_ - 1))) & 0xff; if (jas_stream_putc(cmpt->stream_, (unsigned char) c) == EOF) { return -1; } v <<= 8; } } } return 0; }",jasper,,,42468207238204636476975975884434593528,0 1698,[],"static inline int get_aggregate(struct sched_domain *sd) { return 0; }",linux-2.6,,,192913071863519858581176415832102908367,0 1520,NVD-CWE-Other,"static ssize_t aio_run_iocb(struct kiocb *req, unsigned opcode, char __user *buf, size_t len, bool compat) { struct file *file = req->ki_filp; ssize_t ret; unsigned long nr_segs; int rw; fmode_t mode; aio_rw_op *rw_op; rw_iter_op *iter_op; struct iovec inline_vecs[UIO_FASTIOV], *iovec = inline_vecs; struct iov_iter iter; switch (opcode) { case IOCB_CMD_PREAD: case IOCB_CMD_PREADV: mode = FMODE_READ; rw = READ; rw_op = file->f_op->aio_read; iter_op = file->f_op->read_iter; goto rw_common; case IOCB_CMD_PWRITE: case IOCB_CMD_PWRITEV: mode = FMODE_WRITE; rw = WRITE; rw_op = file->f_op->aio_write; iter_op = file->f_op->write_iter; goto rw_common; rw_common: if (unlikely(!(file->f_mode & mode))) return -EBADF; if (!rw_op && !iter_op) return -EINVAL; if (opcode == IOCB_CMD_PREADV || opcode == IOCB_CMD_PWRITEV) ret = aio_setup_vectored_rw(req, rw, buf, &nr_segs, &len, &iovec, compat); else ret = aio_setup_single_vector(req, rw, buf, &nr_segs, len, iovec); if (!ret) ret = rw_verify_area(rw, file, &req->ki_pos, len); if (ret < 0) { if (iovec != inline_vecs) kfree(iovec); return ret; } len = ret; if (req->ki_pos < 0) { ret = -EINVAL; break; } if (rw == WRITE) file_start_write(file); if (iter_op) { iov_iter_init(&iter, rw, iovec, nr_segs, len); ret = iter_op(req, &iter); } else { ret = rw_op(req, iovec, nr_segs, req->ki_pos); } if (rw == WRITE) file_end_write(file); break; case IOCB_CMD_FDSYNC: if (!file->f_op->aio_fsync) return -EINVAL; ret = file->f_op->aio_fsync(req, 1); break; case IOCB_CMD_FSYNC: if (!file->f_op->aio_fsync) return -EINVAL; ret = file->f_op->aio_fsync(req, 0); break; default: pr_debug(""EINVAL: no operation provided\n""); return -EINVAL; } if (iovec != inline_vecs) kfree(iovec); if (ret != -EIOCBQUEUED) { if (unlikely(ret == -ERESTARTSYS || ret == -ERESTARTNOINTR || ret == -ERESTARTNOHAND || ret == -ERESTART_RESTARTBLOCK)) ret = -EINTR; aio_complete(req, ret, 0); } return 0; }",visit repo url,fs/aio.c,https://github.com/torvalds/linux,5893968332816,1 220,[],"static int atalk_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, int len) { struct sock *sk = sock->sk; struct atalk_sock *at = at_sk(sk); struct sockaddr_at *usat = (struct sockaddr_at *)msg->msg_name; int flags = msg->msg_flags; int loopback = 0; struct sockaddr_at local_satalk, gsat; struct sk_buff *skb; struct net_device *dev; struct ddpehdr *ddp; int size; struct atalk_route *rt; int err; if (flags & ~MSG_DONTWAIT) return -EINVAL; if (len > DDP_MAXSZ) return -EMSGSIZE; if (usat) { if (sk->sk_zapped) if (atalk_autobind(sk) < 0) return -EBUSY; if (msg->msg_namelen < sizeof(*usat) || usat->sat_family != AF_APPLETALK) return -EINVAL; if (usat->sat_addr.s_node == ATADDR_BCAST && !sock_flag(sk, SOCK_BROADCAST)) { printk(KERN_INFO ""SO_BROADCAST: Fix your netatalk as "" ""it will break before 2.2\n""); #if 0 return -EPERM; #endif } } else { if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; usat = &local_satalk; usat->sat_family = AF_APPLETALK; usat->sat_port = at->dest_port; usat->sat_addr.s_node = at->dest_node; usat->sat_addr.s_net = at->dest_net; } SOCK_DEBUG(sk, ""SK %p: Got address.\n"", sk); size = sizeof(struct ddpehdr) + len + ddp_dl->header_length; if (usat->sat_addr.s_net || usat->sat_addr.s_node == ATADDR_ANYNODE) { rt = atrtr_find(&usat->sat_addr); if (!rt) return -ENETUNREACH; dev = rt->dev; } else { struct atalk_addr at_hint; at_hint.s_node = 0; at_hint.s_net = at->src_net; rt = atrtr_find(&at_hint); if (!rt) return -ENETUNREACH; dev = rt->dev; } SOCK_DEBUG(sk, ""SK %p: Size needed %d, device %s\n"", sk, size, dev->name); size += dev->hard_header_len; skb = sock_alloc_send_skb(sk, size, (flags & MSG_DONTWAIT), &err); if (!skb) return err; skb->sk = sk; skb_reserve(skb, ddp_dl->header_length); skb_reserve(skb, dev->hard_header_len); skb->dev = dev; SOCK_DEBUG(sk, ""SK %p: Begin build.\n"", sk); ddp = (struct ddpehdr *)skb_put(skb, sizeof(struct ddpehdr)); ddp->deh_pad = 0; ddp->deh_hops = 0; ddp->deh_len = len + sizeof(*ddp); *((__u16 *)ddp) = ntohs(*((__u16 *)ddp)); ddp->deh_dnet = usat->sat_addr.s_net; ddp->deh_snet = at->src_net; ddp->deh_dnode = usat->sat_addr.s_node; ddp->deh_snode = at->src_node; ddp->deh_dport = usat->sat_port; ddp->deh_sport = at->src_port; SOCK_DEBUG(sk, ""SK %p: Copy user data (%d bytes).\n"", sk, len); err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len); if (err) { kfree_skb(skb); return -EFAULT; } if (sk->sk_no_check == 1) ddp->deh_sum = 0; else ddp->deh_sum = atalk_checksum(skb, len + sizeof(*ddp)); if (ddp->deh_dnode == ATADDR_BCAST && !(rt->flags & RTF_GATEWAY) && !(dev->flags & IFF_LOOPBACK)) { struct sk_buff *skb2 = skb_copy(skb, GFP_KERNEL); if (skb2) { loopback = 1; SOCK_DEBUG(sk, ""SK %p: send out(copy).\n"", sk); if (aarp_send_ddp(dev, skb2, &usat->sat_addr, NULL) == -1) kfree_skb(skb2); } } if (dev->flags & IFF_LOOPBACK || loopback) { SOCK_DEBUG(sk, ""SK %p: Loop back.\n"", sk); skb_orphan(skb); ddp_dl->request(ddp_dl, skb, dev->dev_addr); } else { SOCK_DEBUG(sk, ""SK %p: send out.\n"", sk); if (rt->flags & RTF_GATEWAY) { gsat.sat_addr = rt->gateway; usat = &gsat; } if (aarp_send_ddp(dev, skb, &usat->sat_addr, NULL) == -1) kfree_skb(skb); } SOCK_DEBUG(sk, ""SK %p: Done write (%d).\n"", sk, len); return len; }",history,,,30984741686928332715204482785191890339,0 3704,[],"static int unix_accept(struct socket *sock, struct socket *newsock, int flags) { struct sock *sk = sock->sk; struct sock *tsk; struct sk_buff *skb; int err; err = -EOPNOTSUPP; if (sock->type!=SOCK_STREAM && sock->type!=SOCK_SEQPACKET) goto out; err = -EINVAL; if (sk->sk_state != TCP_LISTEN) goto out; skb = skb_recv_datagram(sk, 0, flags&O_NONBLOCK, &err); if (!skb) { if (err == 0) err = -EINVAL; goto out; } tsk = skb->sk; skb_free_datagram(sk, skb); wake_up_interruptible(&unix_sk(sk)->peer_wait); unix_state_lock(tsk); newsock->state = SS_CONNECTED; sock_graft(tsk, newsock); unix_state_unlock(tsk); return 0; out: return err; }",linux-2.6,,,69724345823502975158885229583992392770,0 3046,CWE-189,"txid_snapshot_recv(PG_FUNCTION_ARGS) { StringInfo buf = (StringInfo) PG_GETARG_POINTER(0); TxidSnapshot *snap; txid last = 0; int nxip; int i; int avail; int expect; txid xmin, xmax; nxip = pq_getmsgint(buf, 4); avail = buf->len - buf->cursor; expect = 8 + 8 + nxip * 8; if (nxip < 0 || nxip > avail || expect > avail) goto bad_format; xmin = pq_getmsgint64(buf); xmax = pq_getmsgint64(buf); if (xmin == 0 || xmax == 0 || xmin > xmax || xmax > MAX_TXID) goto bad_format; snap = palloc(TXID_SNAPSHOT_SIZE(nxip)); snap->xmin = xmin; snap->xmax = xmax; snap->nxip = nxip; SET_VARSIZE(snap, TXID_SNAPSHOT_SIZE(nxip)); for (i = 0; i < nxip; i++) { txid cur = pq_getmsgint64(buf); if (cur <= last || cur < xmin || cur >= xmax) goto bad_format; snap->xip[i] = cur; last = cur; } PG_RETURN_POINTER(snap); bad_format: elog(ERROR, ""invalid snapshot data""); return (Datum) NULL; }",visit repo url,src/backend/utils/adt/txid.c,https://github.com/postgres/postgres,114849825684704,1 6576,CWE-401,"destroyUserInformationLists(DUL_USERINFO * userInfo) { PRV_SCUSCPROLE * role; role = (PRV_SCUSCPROLE*)LST_Dequeue(&userInfo->SCUSCPRoleList); while (role != NULL) { free(role); role = (PRV_SCUSCPROLE*)LST_Dequeue(&userInfo->SCUSCPRoleList); } LST_Destroy(&userInfo->SCUSCPRoleList); delete userInfo->extNegList; userInfo->extNegList = NULL; delete userInfo->usrIdent; userInfo->usrIdent = NULL; }",visit repo url,dcmnet/libsrc/dulfsm.cc,https://github.com/DCMTK/dcmtk,68737762957367,1 2623,[],"SCTP_STATIC void sctp_destroy_sock(struct sock *sk) { struct sctp_endpoint *ep; SCTP_DEBUG_PRINTK(""sctp_destroy_sock(sk: %p)\n"", sk); ep = sctp_sk(sk)->ep; sctp_endpoint_free(ep); atomic_dec(&sctp_sockets_allocated); }",linux-2.6,,,201921141903396091439264301048188406410,0 2586,CWE-119,"static void mspack_fmap_free(void *mem) { free(mem); }",visit repo url,libclamav/libmspack.c,https://github.com/vrtadmin/clamav-devel,48278684211423,1 477,[],"pfm_proc_show_header(struct seq_file *m) { struct list_head * pos; pfm_buffer_fmt_t * entry; unsigned long flags; seq_printf(m, ""perfmon version : %u.%u\n"" ""model : %s\n"" ""fastctxsw : %s\n"" ""expert mode : %s\n"" ""ovfl_mask : 0x%lx\n"" ""PMU flags : 0x%x\n"", PFM_VERSION_MAJ, PFM_VERSION_MIN, pmu_conf->pmu_name, pfm_sysctl.fastctxsw > 0 ? ""Yes"": ""No"", pfm_sysctl.expert_mode > 0 ? ""Yes"": ""No"", pmu_conf->ovfl_val, pmu_conf->flags); LOCK_PFS(flags); seq_printf(m, ""proc_sessions : %u\n"" ""sys_sessions : %u\n"" ""sys_use_dbregs : %u\n"" ""ptrace_use_dbregs : %u\n"", pfm_sessions.pfs_task_sessions, pfm_sessions.pfs_sys_sessions, pfm_sessions.pfs_sys_use_dbregs, pfm_sessions.pfs_ptrace_use_dbregs); UNLOCK_PFS(flags); spin_lock(&pfm_buffer_fmt_lock); list_for_each(pos, &pfm_buffer_fmt_list) { entry = list_entry(pos, pfm_buffer_fmt_t, fmt_list); seq_printf(m, ""format : %02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x %s\n"", entry->fmt_uuid[0], entry->fmt_uuid[1], entry->fmt_uuid[2], entry->fmt_uuid[3], entry->fmt_uuid[4], entry->fmt_uuid[5], entry->fmt_uuid[6], entry->fmt_uuid[7], entry->fmt_uuid[8], entry->fmt_uuid[9], entry->fmt_uuid[10], entry->fmt_uuid[11], entry->fmt_uuid[12], entry->fmt_uuid[13], entry->fmt_uuid[14], entry->fmt_uuid[15], entry->fmt_name); } spin_unlock(&pfm_buffer_fmt_lock); }",linux-2.6,,,10328676433442843517269628726241336330,0 4100,CWE-369,"gaussian_blur_surface (cairo_surface_t *in, cairo_surface_t *out, gdouble sx, gdouble sy) { gboolean use_box_blur; gint width, height; cairo_format_t in_format, out_format; gint in_stride; gint out_stride; guchar *in_data, *out_data; gint bpp; gboolean out_has_data; cairo_surface_flush (in); width = cairo_image_surface_get_width (in); height = cairo_image_surface_get_height (in); g_assert (width == cairo_image_surface_get_width (out) && height == cairo_image_surface_get_height (out)); in_format = cairo_image_surface_get_format (in); out_format = cairo_image_surface_get_format (out); g_assert (in_format == out_format); g_assert (in_format == CAIRO_FORMAT_ARGB32 || in_format == CAIRO_FORMAT_A8); if (in_format == CAIRO_FORMAT_ARGB32) bpp = 4; else if (in_format == CAIRO_FORMAT_A8) bpp = 1; else { g_assert_not_reached (); return; } in_stride = cairo_image_surface_get_stride (in); out_stride = cairo_image_surface_get_stride (out); in_data = cairo_image_surface_get_data (in); out_data = cairo_image_surface_get_data (out); if (sx < 0.0) sx = 0.0; if (sy < 0.0) sy = 0.0; if (sx < 10.0 && sy < 10.0) use_box_blur = FALSE; else use_box_blur = TRUE; if ((sx == 0.0 && sy == 0.0) || sx > 1000 || sy > 1000) { cairo_t *cr; cr = cairo_create (out); cairo_set_source_surface (cr, in, 0, 0); cairo_paint (cr); cairo_destroy (cr); return; } if (sx != 0.0) { gint box_width; gdouble *gaussian_matrix; gint gaussian_matrix_len; int y; guchar *row_buffer = NULL; guchar *row1, *row2; if (use_box_blur) { box_width = compute_box_blur_width (sx); row_buffer = g_new0 (guchar, width * bpp * 2); row1 = row_buffer; row2 = row_buffer + width * bpp; } else make_gaussian_convolution_matrix (sx, &gaussian_matrix, &gaussian_matrix_len); for (y = 0; y < height; y++) { guchar *in_row, *out_row; in_row = in_data + in_stride * y; out_row = out_data + out_stride * y; if (use_box_blur) { if (box_width % 2 != 0) { box_blur_line (box_width, 0, in_row, row1, width, bpp); box_blur_line (box_width, 0, row1, row2, width, bpp); box_blur_line (box_width, 0, row2, out_row, width, bpp); } else { box_blur_line (box_width, -1, in_row, row1, width, bpp); box_blur_line (box_width, 1, row1, row2, width, bpp); box_blur_line (box_width + 1, 0, row2, out_row, width, bpp); } } else gaussian_blur_line (gaussian_matrix, gaussian_matrix_len, in_row, out_row, width, bpp); } if (!use_box_blur) g_free (gaussian_matrix); g_free (row_buffer); out_has_data = TRUE; } else out_has_data = FALSE; if (sy != 0.0) { gint box_height; gdouble *gaussian_matrix = NULL; gint gaussian_matrix_len; guchar *col_buffer; guchar *col1, *col2; int x; col_buffer = g_new0 (guchar, height * bpp * 2); col1 = col_buffer; col2 = col_buffer + height * bpp; if (use_box_blur) { box_height = compute_box_blur_width (sy); } else make_gaussian_convolution_matrix (sy, &gaussian_matrix, &gaussian_matrix_len); for (x = 0; x < width; x++) { if (out_has_data) get_column (col1, out_data, out_stride, bpp, height, x); else get_column (col1, in_data, in_stride, bpp, height, x); if (use_box_blur) { if (box_height % 2 != 0) { box_blur_line (box_height, 0, col1, col2, height, bpp); box_blur_line (box_height, 0, col2, col1, height, bpp); box_blur_line (box_height, 0, col1, col2, height, bpp); } else { box_blur_line (box_height, -1, col1, col2, height, bpp); box_blur_line (box_height, 1, col2, col1, height, bpp); box_blur_line (box_height + 1, 0, col1, col2, height, bpp); } } else gaussian_blur_line (gaussian_matrix, gaussian_matrix_len, col1, col2, height, bpp); put_column (col2, out_data, out_stride, bpp, height, x); } g_free (gaussian_matrix); g_free (col_buffer); } cairo_surface_mark_dirty (out); }",visit repo url,rsvg-filter.c,https://github.com/GNOME/librsvg,179561751978325,1 2757,CWE-119,"SPL_METHOD(SplObjectStorage, unserialize) { spl_SplObjectStorage *intern = Z_SPLOBJSTORAGE_P(getThis()); char *buf; size_t buf_len; const unsigned char *p, *s; php_unserialize_data_t var_hash; zval entry, inf; zval *pcount, *pmembers; spl_SplObjectStorageElement *element; zend_long count; if (zend_parse_parameters(ZEND_NUM_ARGS(), ""s"", &buf, &buf_len) == FAILURE) { return; } if (buf_len == 0) { return; } s = p = (const unsigned char*)buf; PHP_VAR_UNSERIALIZE_INIT(var_hash); if (*p!= 'x' || *++p != ':') { goto outexcept; } ++p; pcount = var_tmp_var(&var_hash); if (!php_var_unserialize(pcount, &p, s + buf_len, &var_hash) || Z_TYPE_P(pcount) != IS_LONG) { goto outexcept; } --p; count = Z_LVAL_P(pcount); while (count-- > 0) { spl_SplObjectStorageElement *pelement; zend_string *hash; if (*p != ';') { goto outexcept; } ++p; if(*p != 'O' && *p != 'C' && *p != 'r') { goto outexcept; } if (!php_var_unserialize(&entry, &p, s + buf_len, &var_hash)) { goto outexcept; } if (Z_TYPE(entry) != IS_OBJECT) { zval_ptr_dtor(&entry); goto outexcept; } if (*p == ',') { ++p; if (!php_var_unserialize(&inf, &p, s + buf_len, &var_hash)) { zval_ptr_dtor(&entry); goto outexcept; } } else { ZVAL_UNDEF(&inf); } hash = spl_object_storage_get_hash(intern, getThis(), &entry); if (!hash) { zval_ptr_dtor(&entry); zval_ptr_dtor(&inf); goto outexcept; } pelement = spl_object_storage_get(intern, hash); spl_object_storage_free_hash(intern, hash); if (pelement) { if (!Z_ISUNDEF(pelement->inf)) { var_push_dtor(&var_hash, &pelement->inf); } if (!Z_ISUNDEF(pelement->obj)) { var_push_dtor(&var_hash, &pelement->obj); } } element = spl_object_storage_attach(intern, getThis(), &entry, Z_ISUNDEF(inf)?NULL:&inf); var_replace(&var_hash, &entry, &element->obj); var_replace(&var_hash, &inf, &element->inf); zval_ptr_dtor(&entry); ZVAL_UNDEF(&entry); zval_ptr_dtor(&inf); ZVAL_UNDEF(&inf); } if (*p != ';') { goto outexcept; } ++p; if (*p!= 'm' || *++p != ':') { goto outexcept; } ++p; pmembers = var_tmp_var(&var_hash); if (!php_var_unserialize(pmembers, &p, s + buf_len, &var_hash) || Z_TYPE_P(pmembers) != IS_ARRAY) { goto outexcept; } object_properties_load(&intern->std, Z_ARRVAL_P(pmembers)); PHP_VAR_UNSERIALIZE_DESTROY(var_hash); return; outexcept: PHP_VAR_UNSERIALIZE_DESTROY(var_hash); zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0, ""Error at offset %pd of %d bytes"", (zend_long)((char*)p - buf), buf_len); return; } ",visit repo url,ext/spl/spl_observer.c,https://github.com/php/php-src,273778223734103,1 3109,CWE-476,"static void copyIPv6IfDifferent(void * dest, const void * src) { if(dest != src) { memcpy(dest, src, sizeof(struct in6_addr)); } }",visit repo url,miniupnpd/pcpserver.c,https://github.com/miniupnp/miniupnp,208973723035042,1 1520,[]," __releases(rq->lock) { spin_unlock(&rq->lock); }",linux-2.6,,,84624344544585880476516841829639692836,0 3911,CWE-121,"ex_finally(exarg_T *eap) { int idx; int skip = FALSE; int pending = CSTP_NONE; cstack_T *cstack = eap->cstack; if (cmdmod_error(FALSE)) return; if (cstack->cs_trylevel <= 0 || cstack->cs_idx < 0) eap->errmsg = _(e_finally_without_try); else { if (!(cstack->cs_flags[cstack->cs_idx] & CSF_TRY)) { eap->errmsg = get_end_emsg(cstack); for (idx = cstack->cs_idx - 1; idx > 0; --idx) if (cstack->cs_flags[idx] & CSF_TRY) break; pending = CSTP_ERROR; } else idx = cstack->cs_idx; if (cstack->cs_flags[idx] & CSF_FINALLY) { eap->errmsg = _(e_multiple_finally); return; } rewind_conditionals(cstack, idx, CSF_WHILE | CSF_FOR, &cstack->cs_looplevel); skip = !(cstack->cs_flags[cstack->cs_idx] & CSF_TRUE); if (!skip) { if (dbg_check_skipped(eap)) { (void)do_intthrow(cstack); } cleanup_conditionals(cstack, CSF_TRY, FALSE); if (cstack->cs_idx >= 0 && (cstack->cs_flags[cstack->cs_idx] & CSF_TRY)) { leave_block(cstack); enter_block(cstack); } if (pending == CSTP_ERROR || did_emsg || got_int || did_throw) { if (cstack->cs_pending[cstack->cs_idx] == CSTP_RETURN) { report_discard_pending(CSTP_RETURN, cstack->cs_rettv[cstack->cs_idx]); discard_pending_return(cstack->cs_rettv[cstack->cs_idx]); } if (pending == CSTP_ERROR && !did_emsg) pending |= (THROW_ON_ERROR) ? CSTP_THROW : 0; else pending |= did_throw ? CSTP_THROW : 0; pending |= did_emsg ? CSTP_ERROR : 0; pending |= got_int ? CSTP_INTERRUPT : 0; cstack->cs_pending[cstack->cs_idx] = pending; if (did_throw && cstack->cs_exception[cstack->cs_idx] != current_exception) internal_error(""ex_finally()""); } cstack->cs_lflags |= CSL_HAD_FINA; } } }",visit repo url,src/ex_eval.c,https://github.com/vim/vim,98689775102613,1 5534,CWE-125,"static int exists_not_none(PyObject *obj, _Py_Identifier *id) { int isnone; PyObject *attr = _PyObject_GetAttrId(obj, id); if (!attr) { PyErr_Clear(); return 0; } isnone = attr == Py_None; Py_DECREF(attr); return !isnone; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,225503859159888,1 5431,CWE-787,"gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) { TIFF* tif = img->tif; tileSeparateRoutine put = img->put.separate; unsigned char *buf = NULL; unsigned char *p0 = NULL, *p1 = NULL, *p2 = NULL, *pa = NULL; uint32 row, y, nrow, rowstoread; tmsize_t pos; tmsize_t scanline; uint32 rowsperstrip, offset_row; uint32 imagewidth = img->width; tmsize_t stripsize; tmsize_t bufsize; int32 fromskew, toskew; int alpha = img->alpha; int ret = 1, flip; uint16 colorchannels; stripsize = TIFFStripSize(tif); bufsize = _TIFFMultiplySSize(tif,alpha?4:3,stripsize, ""gtStripSeparate""); if (bufsize == 0) { return (0); } flip = setorientation(img); if (flip & FLIP_VERTICALLY) { y = h - 1; toskew = -(int32)(w + w); } else { y = 0; toskew = -(int32)(w - w); } switch( img->photometric ) { case PHOTOMETRIC_MINISWHITE: case PHOTOMETRIC_MINISBLACK: case PHOTOMETRIC_PALETTE: colorchannels = 1; break; default: colorchannels = 3; break; } TIFFGetFieldDefaulted(tif, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); scanline = TIFFScanlineSize(tif); fromskew = (w < imagewidth ? imagewidth - w : 0); for (row = 0; row < h; row += nrow) { rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip; nrow = (row + rowstoread > h ? h - row : rowstoread); offset_row = row + img->row_offset; if( buf == NULL ) { if (_TIFFReadEncodedStripAndAllocBuffer( tif, TIFFComputeStrip(tif, offset_row, 0), (void**) &buf, bufsize, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && (buf == NULL || img->stoponerr)) { ret = 0; break; } p0 = buf; if( colorchannels == 1 ) { p2 = p1 = p0; pa = (alpha?(p0+3*stripsize):NULL); } else { p1 = p0 + stripsize; p2 = p1 + stripsize; pa = (alpha?(p2+stripsize):NULL); } } else if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0), p0, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } if (colorchannels > 1 && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 1), p1, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } if (colorchannels > 1 && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 2), p2, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } if (alpha) { if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, colorchannels), pa, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } } pos = ((row + img->row_offset) % rowsperstrip) * scanline + \ ((tmsize_t) img->col_offset * img->samplesperpixel); (*put)(img, raster+y*w, 0, y, w, nrow, fromskew, toskew, p0 + pos, p1 + pos, p2 + pos, (alpha?(pa+pos):NULL)); y += ((flip & FLIP_VERTICALLY) ? -(int32) nrow : (int32) nrow); } if (flip & FLIP_HORIZONTALLY) { uint32 line; for (line = 0; line < h; line++) { uint32 *left = raster + (line * w); uint32 *right = left + w - 1; while ( left < right ) { uint32 temp = *left; *left = *right; *right = temp; left++; right--; } } } _TIFFfree(buf); return (ret); }",visit repo url,gdal/frmts/gtiff/libtiff/tif_getimage.c,https://github.com/OSGeo/gdal,59943543133499,1 4069,['CWE-399'],"void atmsvc_exit(void) { sock_unregister(PF_ATMSVC); }",linux-2.6,,,93753971739432979222381928419783073243,0 1615,CWE-264,"int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused) { struct ipv6_pinfo *np = inet6_sk(sk); struct flowi6 fl6; struct dst_entry *dst; int res; dst = inet6_csk_route_socket(sk, &fl6); if (IS_ERR(dst)) { sk->sk_err_soft = -PTR_ERR(dst); sk->sk_route_caps = 0; kfree_skb(skb); return PTR_ERR(dst); } rcu_read_lock(); skb_dst_set_noref(skb, dst); fl6.daddr = sk->sk_v6_daddr; res = ip6_xmit(sk, skb, &fl6, np->opt, np->tclass); rcu_read_unlock(); return res; }",visit repo url,net/ipv6/inet6_connection_sock.c,https://github.com/torvalds/linux,172651933112340,1 1592,CWE-399,"static void enable_nmi_window(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); if ((svm->vcpu.arch.hflags & (HF_NMI_MASK | HF_IRET_MASK)) == HF_NMI_MASK) return; svm->nmi_singlestep = true; svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF); update_db_bp_intercept(vcpu); }",visit repo url,arch/x86/kvm/svm.c,https://github.com/torvalds/linux,71128892342645,1 1075,CWE-20,"int rose_rx_call_request(struct sk_buff *skb, struct net_device *dev, struct rose_neigh *neigh, unsigned int lci) { struct sock *sk; struct sock *make; struct rose_sock *make_rose; struct rose_facilities_struct facilities; int n, len; skb->sk = NULL; memset(&facilities, 0x00, sizeof(struct rose_facilities_struct)); len = (((skb->data[3] >> 4) & 0x0F) + 1) >> 1; len += (((skb->data[3] >> 0) & 0x0F) + 1) >> 1; if (!rose_parse_facilities(skb->data + len + 4, &facilities)) { rose_transmit_clear_request(neigh, lci, ROSE_INVALID_FACILITY, 76); return 0; } sk = rose_find_listener(&facilities.source_addr, &facilities.source_call); if (sk == NULL || sk_acceptq_is_full(sk) || (make = rose_make_new(sk)) == NULL) { rose_transmit_clear_request(neigh, lci, ROSE_NETWORK_CONGESTION, 120); return 0; } skb->sk = make; make->sk_state = TCP_ESTABLISHED; make_rose = rose_sk(make); make_rose->lci = lci; make_rose->dest_addr = facilities.dest_addr; make_rose->dest_call = facilities.dest_call; make_rose->dest_ndigis = facilities.dest_ndigis; for (n = 0 ; n < facilities.dest_ndigis ; n++) make_rose->dest_digis[n] = facilities.dest_digis[n]; make_rose->source_addr = facilities.source_addr; make_rose->source_call = facilities.source_call; make_rose->source_ndigis = facilities.source_ndigis; for (n = 0 ; n < facilities.source_ndigis ; n++) make_rose->source_digis[n]= facilities.source_digis[n]; make_rose->neighbour = neigh; make_rose->device = dev; make_rose->facilities = facilities; make_rose->neighbour->use++; if (rose_sk(sk)->defer) { make_rose->state = ROSE_STATE_5; } else { rose_write_internal(make, ROSE_CALL_ACCEPTED); make_rose->state = ROSE_STATE_3; rose_start_idletimer(make); } make_rose->condition = 0x00; make_rose->vs = 0; make_rose->va = 0; make_rose->vr = 0; make_rose->vl = 0; sk->sk_ack_backlog++; rose_insert_socket(make); skb_queue_head(&sk->sk_receive_queue, skb); rose_start_heartbeat(make); if (!sock_flag(sk, SOCK_DEAD)) sk->sk_data_ready(sk, skb->len); return 1; }",visit repo url,net/rose/af_rose.c,https://github.com/torvalds/linux,193984008821029,1 3592,CWE-476,"int jp2_box_put(jp2_box_t *box, jas_stream_t *out) { jas_stream_t *tmpstream; bool extlen; bool dataflag; tmpstream = 0; dataflag = !(box->info->flags & (JP2_BOX_SUPER | JP2_BOX_NODATA)); if (dataflag) { if (!(tmpstream = jas_stream_memopen(0, 0))) { goto error; } if (box->ops->putdata) { if ((*box->ops->putdata)(box, tmpstream)) { goto error; } } box->len = jas_stream_tell(tmpstream) + JP2_BOX_HDRLEN(false); jas_stream_rewind(tmpstream); } extlen = (box->len >= (((uint_fast64_t)1) << 32)) != 0; if (jp2_putuint32(out, extlen ? 1 : box->len)) { goto error; } if (jp2_putuint32(out, box->type)) { goto error; } if (extlen) { if (jp2_putuint64(out, box->len)) { goto error; } } if (dataflag) { if (jas_stream_copy(out, tmpstream, box->len - JP2_BOX_HDRLEN(false))) { goto error; } jas_stream_close(tmpstream); } return 0; error: if (tmpstream) { jas_stream_close(tmpstream); } return -1; }",visit repo url,src/libjasper/jp2/jp2_cod.c,https://github.com/mdadams/jasper,122214478089513,1 3169,CWE-125,"gre_print_0(netdissect_options *ndo, const u_char *bp, u_int length) { u_int len = length; uint16_t flags, prot; flags = EXTRACT_16BITS(bp); if (ndo->ndo_vflag) ND_PRINT((ndo, "", Flags [%s]"", bittok2str(gre_flag_values,""none"",flags))); len -= 2; bp += 2; ND_TCHECK2(*bp, 2); if (len < 2) goto trunc; prot = EXTRACT_16BITS(bp); len -= 2; bp += 2; if ((flags & GRE_CP) | (flags & GRE_RP)) { ND_TCHECK2(*bp, 2); if (len < 2) goto trunc; if (ndo->ndo_vflag) ND_PRINT((ndo, "", sum 0x%x"", EXTRACT_16BITS(bp))); bp += 2; len -= 2; ND_TCHECK2(*bp, 2); if (len < 2) goto trunc; ND_PRINT((ndo, "", off 0x%x"", EXTRACT_16BITS(bp))); bp += 2; len -= 2; } if (flags & GRE_KP) { ND_TCHECK2(*bp, 4); if (len < 4) goto trunc; ND_PRINT((ndo, "", key=0x%x"", EXTRACT_32BITS(bp))); bp += 4; len -= 4; } if (flags & GRE_SP) { ND_TCHECK2(*bp, 4); if (len < 4) goto trunc; ND_PRINT((ndo, "", seq %u"", EXTRACT_32BITS(bp))); bp += 4; len -= 4; } if (flags & GRE_RP) { for (;;) { uint16_t af; uint8_t sreoff; uint8_t srelen; ND_TCHECK2(*bp, 4); if (len < 4) goto trunc; af = EXTRACT_16BITS(bp); sreoff = *(bp + 2); srelen = *(bp + 3); bp += 4; len -= 4; if (af == 0 && srelen == 0) break; if (!gre_sre_print(ndo, af, sreoff, srelen, bp, len)) goto trunc; if (len < srelen) goto trunc; bp += srelen; len -= srelen; } } if (ndo->ndo_eflag) ND_PRINT((ndo, "", proto %s (0x%04x)"", tok2str(ethertype_values,""unknown"",prot), prot)); ND_PRINT((ndo, "", length %u"",length)); if (ndo->ndo_vflag < 1) ND_PRINT((ndo, "": "")); else ND_PRINT((ndo, ""\n\t"")); switch (prot) { case ETHERTYPE_IP: ip_print(ndo, bp, len); break; case ETHERTYPE_IPV6: ip6_print(ndo, bp, len); break; case ETHERTYPE_MPLS: mpls_print(ndo, bp, len); break; case ETHERTYPE_IPX: ipx_print(ndo, bp, len); break; case ETHERTYPE_ATALK: atalk_print(ndo, bp, len); break; case ETHERTYPE_GRE_ISO: isoclns_print(ndo, bp, len, ndo->ndo_snapend - bp); break; case ETHERTYPE_TEB: ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL); break; default: ND_PRINT((ndo, ""gre-proto-0x%x"", prot)); } return; trunc: ND_PRINT((ndo, ""%s"", tstr)); }",visit repo url,print-gre.c,https://github.com/the-tcpdump-group/tcpdump,92083431634274,1 4577,['CWE-399'],"void ext4_set_aops(struct inode *inode) { if (ext4_should_order_data(inode) && test_opt(inode->i_sb, DELALLOC)) inode->i_mapping->a_ops = &ext4_da_aops; else if (ext4_should_order_data(inode)) inode->i_mapping->a_ops = &ext4_ordered_aops; else if (ext4_should_writeback_data(inode) && test_opt(inode->i_sb, DELALLOC)) inode->i_mapping->a_ops = &ext4_da_aops; else if (ext4_should_writeback_data(inode)) inode->i_mapping->a_ops = &ext4_writeback_aops; else inode->i_mapping->a_ops = &ext4_journalled_aops; }",linux-2.6,,,196030531808709004728296923869849360125,0 991,CWE-399,"struct inode *isofs_iget(struct super_block *sb, unsigned long block, unsigned long offset) { unsigned long hashval; struct inode *inode; struct isofs_iget5_callback_data data; long ret; if (offset >= 1ul << sb->s_blocksize_bits) return ERR_PTR(-EINVAL); data.block = block; data.offset = offset; hashval = (block << sb->s_blocksize_bits) | offset; inode = iget5_locked(sb, hashval, &isofs_iget5_test, &isofs_iget5_set, &data); if (!inode) return ERR_PTR(-ENOMEM); if (inode->i_state & I_NEW) { ret = isofs_read_inode(inode); if (ret < 0) { iget_failed(inode); inode = ERR_PTR(ret); } else { unlock_new_inode(inode); } } return inode; }",visit repo url,fs/isofs/inode.c,https://github.com/torvalds/linux,73817153675940,1 6718,NVD-CWE-Other,"ansi_step(pansi, ch) struct ansi_state *pansi; LWCHAR ch; { if (pansi->hlink) { if (ch == '\7') return ANSI_END; if (pansi->prev_esc && ch == '\\') return ANSI_END; pansi->prev_esc = (ch == ESC); return ANSI_MID; } if (pansi->hindex >= 0) { static char hlink_prefix[] = ESCS ""]8;""; if (ch == hlink_prefix[pansi->hindex] || (pansi->hindex == 0 && IS_CSI_START(ch))) { pansi->hindex++; if (hlink_prefix[pansi->hindex] == '\0') pansi->hlink = 1; return ANSI_MID; } pansi->hindex = -1; } if (is_ansi_middle(ch)) return ANSI_MID; if (is_ansi_end(ch)) return ANSI_END; return ANSI_ERR; }",visit repo url,line.c,https://github.com/gwsw/less,28232878163858,1 1691,[],"cpu_to_core_group(int cpu, const cpumask_t *cpu_map, struct sched_group **sg, cpumask_t *unused) { if (sg) *sg = &per_cpu(sched_group_core, cpu); return cpu; }",linux-2.6,,,316094251368874462879842360461905857001,0 1873,['CWE-189'],"_gnutls_send_hello (gnutls_session_t session, int again) { int ret; if (session->security_parameters.entity == GNUTLS_CLIENT) { ret = _gnutls_send_client_hello (session, again); } else { ret = _gnutls_send_server_hello (session, again); } return ret; }",gnutls,,,143880026572121985332781295993955187872,0 3879,['CWE-119'],"static inline char *lbs_translate_scan(struct lbs_private *priv, struct iw_request_info *info, char *start, char *stop, struct bss_descriptor *bss) { struct chan_freq_power *cfp; char *current_val; struct iw_event iwe; int j; #define PERFECT_RSSI ((uint8_t)50) #define WORST_RSSI ((uint8_t)0) #define RSSI_DIFF ((uint8_t)(PERFECT_RSSI - WORST_RSSI)) uint8_t rssi; lbs_deb_enter(LBS_DEB_SCAN); cfp = lbs_find_cfp_by_band_and_channel(priv, 0, bss->channel); if (!cfp) { lbs_deb_scan(""Invalid channel number %d\n"", bss->channel); start = NULL; goto out; } iwe.cmd = SIOCGIWAP; iwe.u.ap_addr.sa_family = ARPHRD_ETHER; memcpy(iwe.u.ap_addr.sa_data, &bss->bssid, ETH_ALEN); start = iwe_stream_add_event(info, start, stop, &iwe, IW_EV_ADDR_LEN); iwe.cmd = SIOCGIWESSID; iwe.u.data.flags = 1; iwe.u.data.length = min((uint32_t) bss->ssid_len, (uint32_t) IW_ESSID_MAX_SIZE); start = iwe_stream_add_point(info, start, stop, &iwe, bss->ssid); iwe.cmd = SIOCGIWMODE; iwe.u.mode = bss->mode; start = iwe_stream_add_event(info, start, stop, &iwe, IW_EV_UINT_LEN); iwe.cmd = SIOCGIWFREQ; iwe.u.freq.m = (long)cfp->freq * 100000; iwe.u.freq.e = 1; start = iwe_stream_add_event(info, start, stop, &iwe, IW_EV_FREQ_LEN); iwe.cmd = IWEVQUAL; iwe.u.qual.updated = IW_QUAL_ALL_UPDATED; iwe.u.qual.level = SCAN_RSSI(bss->rssi); rssi = iwe.u.qual.level - MRVDRV_NF_DEFAULT_SCAN_VALUE; iwe.u.qual.qual = (100 * RSSI_DIFF * RSSI_DIFF - (PERFECT_RSSI - rssi) * (15 * (RSSI_DIFF) + 62 * (PERFECT_RSSI - rssi))) / (RSSI_DIFF * RSSI_DIFF); if (iwe.u.qual.qual > 100) iwe.u.qual.qual = 100; if (priv->NF[TYPE_BEACON][TYPE_NOAVG] == 0) { iwe.u.qual.noise = MRVDRV_NF_DEFAULT_SCAN_VALUE; } else { iwe.u.qual.noise = CAL_NF(priv->NF[TYPE_BEACON][TYPE_NOAVG]); } if ((priv->mode == IW_MODE_ADHOC) && priv->adhoccreate && !lbs_ssid_cmp(priv->curbssparams.ssid, priv->curbssparams.ssid_len, bss->ssid, bss->ssid_len)) { int snr, nf; snr = priv->SNR[TYPE_RXPD][TYPE_AVG] / AVG_SCALE; nf = priv->NF[TYPE_RXPD][TYPE_AVG] / AVG_SCALE; iwe.u.qual.level = CAL_RSSI(snr, nf); } start = iwe_stream_add_event(info, start, stop, &iwe, IW_EV_QUAL_LEN); iwe.cmd = SIOCGIWENCODE; if (bss->capability & WLAN_CAPABILITY_PRIVACY) { iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY; } else { iwe.u.data.flags = IW_ENCODE_DISABLED; } iwe.u.data.length = 0; start = iwe_stream_add_point(info, start, stop, &iwe, bss->ssid); current_val = start + iwe_stream_lcp_len(info); iwe.cmd = SIOCGIWRATE; iwe.u.bitrate.fixed = 0; iwe.u.bitrate.disabled = 0; iwe.u.bitrate.value = 0; for (j = 0; bss->rates[j] && (j < sizeof(bss->rates)); j++) { iwe.u.bitrate.value = bss->rates[j] * 500000; current_val = iwe_stream_add_value(info, start, current_val, stop, &iwe, IW_EV_PARAM_LEN); } if ((bss->mode == IW_MODE_ADHOC) && priv->adhoccreate && !lbs_ssid_cmp(priv->curbssparams.ssid, priv->curbssparams.ssid_len, bss->ssid, bss->ssid_len)) { iwe.u.bitrate.value = 22 * 500000; current_val = iwe_stream_add_value(info, start, current_val, stop, &iwe, IW_EV_PARAM_LEN); } if ((current_val - start) > iwe_stream_lcp_len(info)) start = current_val; memset(&iwe, 0, sizeof(iwe)); if (bss->wpa_ie_len) { char buf[MAX_WPA_IE_LEN]; memcpy(buf, bss->wpa_ie, bss->wpa_ie_len); iwe.cmd = IWEVGENIE; iwe.u.data.length = bss->wpa_ie_len; start = iwe_stream_add_point(info, start, stop, &iwe, buf); } memset(&iwe, 0, sizeof(iwe)); if (bss->rsn_ie_len) { char buf[MAX_WPA_IE_LEN]; memcpy(buf, bss->rsn_ie, bss->rsn_ie_len); iwe.cmd = IWEVGENIE; iwe.u.data.length = bss->rsn_ie_len; start = iwe_stream_add_point(info, start, stop, &iwe, buf); } if (bss->mesh) { char custom[MAX_CUSTOM_LEN]; char *p = custom; iwe.cmd = IWEVCUSTOM; p += snprintf(p, MAX_CUSTOM_LEN, ""mesh-type: olpc""); iwe.u.data.length = p - custom; if (iwe.u.data.length) start = iwe_stream_add_point(info, start, stop, &iwe, custom); } out: lbs_deb_leave_args(LBS_DEB_SCAN, ""start %p"", start); return start; }",linux-2.6,,,183070345450302655195676700176711047447,0 1456,CWE-17,"static void udf_pc_to_char(struct super_block *sb, unsigned char *from, int fromlen, unsigned char *to) { struct pathComponent *pc; int elen = 0; unsigned char *p = to; while (elen < fromlen) { pc = (struct pathComponent *)(from + elen); switch (pc->componentType) { case 1: if (pc->lengthComponentIdent > 0) break; case 2: p = to; *p++ = '/'; break; case 3: memcpy(p, ""../"", 3); p += 3; break; case 4: memcpy(p, ""./"", 2); p += 2; break; case 5: p += udf_get_filename(sb, pc->componentIdent, p, pc->lengthComponentIdent); *p++ = '/'; break; } elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; } if (p > to + 1) p[-1] = '\0'; else p[0] = '\0'; }",visit repo url,fs/udf/symlink.c,https://github.com/torvalds/linux,87905554066880,1 4497,['CWE-264'],"void mac_drv_fill_rxd(struct s_smc *smc) { int MaxFrameSize; unsigned char *v_addr; unsigned long b_addr; struct sk_buff *skb; volatile struct s_smt_fp_rxd *rxd; PRINTK(KERN_INFO ""entering mac_drv_fill_rxd\n""); MaxFrameSize = smc->os.MaxFrameSize; while (HWM_GET_RX_FREE(smc) > 0) { PRINTK(KERN_INFO "".\n""); rxd = HWM_GET_CURR_RXD(smc); skb = alloc_skb(MaxFrameSize + 3, GFP_ATOMIC); if (skb) { skb_reserve(skb, 3); skb_put(skb, MaxFrameSize); v_addr = skb->data; b_addr = pci_map_single(&smc->os.pdev, v_addr, MaxFrameSize, PCI_DMA_FROMDEVICE); rxd->rxd_os.dma_addr = b_addr; } else { PRINTK(""Queueing invalid buffer!\n""); v_addr = smc->os.LocalRxBuffer; b_addr = smc->os.LocalRxBufferDMA; } rxd->rxd_os.skb = skb; hwm_rx_frag(smc, v_addr, b_addr, MaxFrameSize, FIRST_FRAG | LAST_FRAG); } PRINTK(KERN_INFO ""leaving mac_drv_fill_rxd\n""); } ",linux-2.6,,,184949216765897444861002691977760692898,0 1392,[],"enqueue_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int wakeup) { update_curr(cfs_rq); if (wakeup) { place_entity(cfs_rq, se, 0); enqueue_sleeper(cfs_rq, se); } update_stats_enqueue(cfs_rq, se); check_spread(cfs_rq, se); if (se != cfs_rq->curr) __enqueue_entity(cfs_rq, se); account_entity_enqueue(cfs_rq, se); }",linux-2.6,,,161863426770445993976064777898292343516,0 731,CWE-20,"static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int ret; int copylen; ret = -EOPNOTSUPP; if (m->msg_flags&MSG_OOB) goto read_error; m->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, 0 , &ret); if (!skb) goto read_error; copylen = skb->len; if (len < copylen) { m->msg_flags |= MSG_TRUNC; copylen = len; } ret = skb_copy_datagram_iovec(skb, 0, m->msg_iov, copylen); if (ret) goto out_free; ret = (flags & MSG_TRUNC) ? skb->len : copylen; out_free: skb_free_datagram(sk, skb); caif_check_flow_release(sk); return ret; read_error: return ret; }",visit repo url,net/caif/caif_socket.c,https://github.com/torvalds/linux,109452384008025,1 6296,['CWE-200'],"void tcf_action_destroy(struct tc_action *act, int bind) { struct tc_action *a; for (a = act; a; a = act) { if (a->ops && a->ops->cleanup) { DPRINTK(""tcf_action_destroy destroying %p next %p\n"", a, a->next); if (a->ops->cleanup(a, bind) == ACT_P_DELETED) module_put(a->ops->owner); act = act->next; kfree(a); } else { printk(""tcf_action_destroy: BUG? destroying NULL ops\n""); act = act->next; kfree(a); } } }",linux-2.6,,,140674012517479411963379386385606549231,0 6478,[],"parse_dotla_file(FILE *file, char **dlname, char **libdir, char **deplibs, char **old_name, int *installed) { int errors = 0; size_t line_len = LT_FILENAME_MAX; char * line = MALLOC (char, line_len); if (!line) { LT__SETERROR (FILE_NOT_FOUND); return 1; } while (!feof (file)) { line[line_len-2] = '\0'; if (!fgets (line, (int) line_len, file)) { break; } while (line[line_len-2] != '\0' && line[line_len-2] != '\n' && !feof (file)) { line = REALLOC (char, line, line_len *2); if (!line) { ++errors; goto cleanup; } line[line_len * 2 - 2] = '\0'; if (!fgets (&line[line_len -1], (int) line_len +1, file)) { break; } line_len *= 2; } if (line[0] == '\n' || line[0] == '#') { continue; } #undef STR_DLNAME #define STR_DLNAME ""dlname="" if (strncmp (line, STR_DLNAME, sizeof (STR_DLNAME) - 1) == 0) { errors += trim (dlname, &line[sizeof (STR_DLNAME) - 1]); } #undef STR_OLD_LIBRARY #define STR_OLD_LIBRARY ""old_library="" else if (strncmp (line, STR_OLD_LIBRARY, sizeof (STR_OLD_LIBRARY) - 1) == 0) { errors += trim (old_name, &line[sizeof (STR_OLD_LIBRARY) - 1]); } #undef STR_LIBDIR #define STR_LIBDIR ""libdir="" else if (strncmp (line, STR_LIBDIR, sizeof (STR_LIBDIR) - 1) == 0) { errors += trim (libdir, &line[sizeof(STR_LIBDIR) - 1]); } #undef STR_DL_DEPLIBS #define STR_DL_DEPLIBS ""dependency_libs="" else if (strncmp (line, STR_DL_DEPLIBS, sizeof (STR_DL_DEPLIBS) - 1) == 0) { errors += trim (deplibs, &line[sizeof (STR_DL_DEPLIBS) - 1]); } else if (streq (line, ""installed=yes\n"")) { *installed = 1; } else if (streq (line, ""installed=no\n"")) { *installed = 0; } #undef STR_LIBRARY_NAMES #define STR_LIBRARY_NAMES ""library_names="" else if (!*dlname && strncmp (line, STR_LIBRARY_NAMES, sizeof (STR_LIBRARY_NAMES) - 1) == 0) { char *last_libname; errors += trim (dlname, &line[sizeof (STR_LIBRARY_NAMES) - 1]); if (!errors && *dlname && (last_libname = strrchr (*dlname, ' ')) != 0) { last_libname = lt__strdup (last_libname + 1); if (!last_libname) { ++errors; goto cleanup; } MEMREASSIGN (*dlname, last_libname); } } if (errors) break; } cleanup: FREE (line); return errors; }",libtool,,,257689100321225701539005170049072063168,0 6309,['CWE-200'],"ipmr_fill_mroute(struct sk_buff *skb, struct mfc_cache *c, struct rtmsg *rtm) { int ct; struct rtnexthop *nhp; struct net_device *dev = vif_table[c->mfc_parent].dev; u8 *b = skb->tail; struct rtattr *mp_head; if (dev) RTA_PUT(skb, RTA_IIF, 4, &dev->ifindex); mp_head = (struct rtattr*)skb_put(skb, RTA_LENGTH(0)); for (ct = c->mfc_un.res.minvif; ct < c->mfc_un.res.maxvif; ct++) { if (c->mfc_un.res.ttls[ct] < 255) { if (skb_tailroom(skb) < RTA_ALIGN(RTA_ALIGN(sizeof(*nhp)) + 4)) goto rtattr_failure; nhp = (struct rtnexthop*)skb_put(skb, RTA_ALIGN(sizeof(*nhp))); nhp->rtnh_flags = 0; nhp->rtnh_hops = c->mfc_un.res.ttls[ct]; nhp->rtnh_ifindex = vif_table[ct].dev->ifindex; nhp->rtnh_len = sizeof(*nhp); } } mp_head->rta_type = RTA_MULTIPATH; mp_head->rta_len = skb->tail - (u8*)mp_head; rtm->rtm_type = RTN_MULTICAST; return 1; rtattr_failure: skb_trim(skb, b - skb->data); return -EMSGSIZE; }",linux-2.6,,,155113386517246256583705466590242567409,0 5667,CWE-835,"dwg_decode_add_object (Dwg_Data *restrict dwg, Bit_Chain *dat, Bit_Chain *hdl_dat, long unsigned int address) { long unsigned int objpos, restartpos; Bit_Chain abs_dat = { NULL }; unsigned char previous_bit; Dwg_Object *restrict obj; BITCODE_BL num = dwg->num_objects; int error = 0; int realloced = 0; abs_dat = *dat; dat->byte = address; dat->bit = 0; realloced = dwg_add_object (dwg); if (realloced > 0) { *dat = abs_dat; return realloced; } obj = &dwg->object[num]; LOG_INFO (""==========================================\n"" ""Object number: %lu/%lX"", (unsigned long)num, (unsigned long)num) obj->size = bit_read_MS (dat); LOG_INFO ("", Size: %d [MS]"", obj->size) SINCE (R_2010) { obj->handlestream_size = bit_read_UMC (dat); LOG_INFO ("", Hdlsize: "" FORMAT_UMC "" [UMC] "", obj->handlestream_size); obj->bitsize = obj->size * 8 - obj->handlestream_size; } objpos = bit_position (dat); obj->address = dat->byte; bit_reset_chain (dat); if (obj->size > dat->size) { LOG_ERROR (""\nInvalid object size. Would overflow""); *dat = abs_dat; return DWG_ERR_VALUEOUTOFBOUNDS; } dat->size = obj->size; SINCE (R_2010) { obj->type = bit_read_BOT (dat); } else { obj->type = bit_read_BS (dat); } LOG_INFO ("", Type: %d [%s]\n"", obj->type, dat->version >= R_2010 ? ""BOT"" : ""BS""); restartpos = bit_position (dat); switch (obj->type) { case DWG_TYPE_TEXT: error = dwg_decode_TEXT (dat, obj); break; case DWG_TYPE_ATTRIB: error = dwg_decode_ATTRIB (dat, obj); break; case DWG_TYPE_ATTDEF: error = dwg_decode_ATTDEF (dat, obj); break; case DWG_TYPE_BLOCK: error = dwg_decode_BLOCK (dat, obj); break; case DWG_TYPE_ENDBLK: error = dwg_decode_ENDBLK (dat, obj); break; case DWG_TYPE_SEQEND: error = dwg_decode_SEQEND (dat, obj); if (dat->version >= R_13 && obj->tio.entity->ownerhandle) { Dwg_Object *restrict owner = dwg_resolve_handle ( dwg, obj->tio.entity->ownerhandle->absolute_ref); if (!owner) { LOG_WARN (""no SEQEND.ownerhandle"") } else if (owner->fixedtype == DWG_TYPE_INSERT || owner->fixedtype == DWG_TYPE_MINSERT) { hash_set (dwg->object_map, obj->handle.value, (uint32_t)num); (void)dwg_validate_INSERT (owner); } else if (owner->fixedtype == DWG_TYPE_POLYLINE_2D || owner->fixedtype == DWG_TYPE_POLYLINE_3D || owner->fixedtype == DWG_TYPE_POLYLINE_PFACE || owner->fixedtype == DWG_TYPE_POLYLINE_MESH) { Dwg_Entity_POLYLINE_2D *restrict _obj = owner->tio.entity->tio.POLYLINE_2D; if (!_obj->seqend) hash_set (dwg->object_map, obj->handle.value, (uint32_t)num); (void)dwg_validate_POLYLINE (owner); } } break; case DWG_TYPE_INSERT: error = dwg_decode_INSERT (dat, obj); break; case DWG_TYPE_MINSERT: error = dwg_decode_MINSERT (dat, obj); break; case DWG_TYPE_VERTEX_2D: error = dwg_decode_VERTEX_2D (dat, obj); break; case DWG_TYPE_VERTEX_3D: error = dwg_decode_VERTEX_3D (dat, obj); break; case DWG_TYPE_VERTEX_MESH: error = dwg_decode_VERTEX_MESH (dat, obj); break; case DWG_TYPE_VERTEX_PFACE: error = dwg_decode_VERTEX_PFACE (dat, obj); break; case DWG_TYPE_VERTEX_PFACE_FACE: error = dwg_decode_VERTEX_PFACE_FACE (dat, obj); break; case DWG_TYPE_POLYLINE_2D: error = dwg_decode_POLYLINE_2D (dat, obj); if (dat->version >= R_2010) check_POLYLINE_handles (obj); break; case DWG_TYPE_POLYLINE_3D: error = dwg_decode_POLYLINE_3D (dat, obj); if (dat->version >= R_2010) check_POLYLINE_handles (obj); break; case DWG_TYPE_ARC: error = dwg_decode_ARC (dat, obj); break; case DWG_TYPE_CIRCLE: error = dwg_decode_CIRCLE (dat, obj); break; case DWG_TYPE_LINE: error = dwg_decode_LINE (dat, obj); break; case DWG_TYPE_DIMENSION_ORDINATE: error = dwg_decode_DIMENSION_ORDINATE (dat, obj); break; case DWG_TYPE_DIMENSION_LINEAR: error = dwg_decode_DIMENSION_LINEAR (dat, obj); break; case DWG_TYPE_DIMENSION_ALIGNED: error = dwg_decode_DIMENSION_ALIGNED (dat, obj); break; case DWG_TYPE_DIMENSION_ANG3PT: error = dwg_decode_DIMENSION_ANG3PT (dat, obj); break; case DWG_TYPE_DIMENSION_ANG2LN: error = dwg_decode_DIMENSION_ANG2LN (dat, obj); break; case DWG_TYPE_DIMENSION_RADIUS: error = dwg_decode_DIMENSION_RADIUS (dat, obj); break; case DWG_TYPE_DIMENSION_DIAMETER: error = dwg_decode_DIMENSION_DIAMETER (dat, obj); break; case DWG_TYPE_POINT: error = dwg_decode_POINT (dat, obj); break; case DWG_TYPE__3DFACE: error = dwg_decode__3DFACE (dat, obj); break; case DWG_TYPE_POLYLINE_PFACE: error = dwg_decode_POLYLINE_PFACE (dat, obj); if (dat->version >= R_2010) check_POLYLINE_handles (obj); break; case DWG_TYPE_POLYLINE_MESH: error = dwg_decode_POLYLINE_MESH (dat, obj); if (dat->version >= R_2010) check_POLYLINE_handles (obj); break; case DWG_TYPE_SOLID: error = dwg_decode_SOLID (dat, obj); break; case DWG_TYPE_TRACE: error = dwg_decode_TRACE (dat, obj); break; case DWG_TYPE_SHAPE: error = dwg_decode_SHAPE (dat, obj); break; case DWG_TYPE_VIEWPORT: error = dwg_decode_VIEWPORT (dat, obj); break; case DWG_TYPE_ELLIPSE: error = dwg_decode_ELLIPSE (dat, obj); break; case DWG_TYPE_SPLINE: error = dwg_decode_SPLINE (dat, obj); break; case DWG_TYPE_REGION: error = dwg_decode_REGION (dat, obj); break; case DWG_TYPE__3DSOLID: error = dwg_decode__3DSOLID (dat, obj); break; case DWG_TYPE_BODY: error = dwg_decode_BODY (dat, obj); break; case DWG_TYPE_RAY: error = dwg_decode_RAY (dat, obj); break; case DWG_TYPE_XLINE: error = dwg_decode_XLINE (dat, obj); break; case DWG_TYPE_DICTIONARY: error = dwg_decode_DICTIONARY (dat, obj); break; case DWG_TYPE_MTEXT: error = dwg_decode_MTEXT (dat, obj); break; case DWG_TYPE_LEADER: error = dwg_decode_LEADER (dat, obj); break; case DWG_TYPE_TOLERANCE: error = dwg_decode_TOLERANCE (dat, obj); break; case DWG_TYPE_MLINE: error = dwg_decode_MLINE (dat, obj); break; case DWG_TYPE_BLOCK_CONTROL: error = dwg_decode_BLOCK_CONTROL (dat, obj); if (!error && obj->tio.object->tio.BLOCK_CONTROL) { obj->tio.object->tio.BLOCK_CONTROL->objid = num; if (!dwg->block_control.parent) dwg->block_control = *obj->tio.object->tio.BLOCK_CONTROL; else LOG_WARN (""Second BLOCK_CONTROL object ignored""); } break; case DWG_TYPE_BLOCK_HEADER: error = dwg_decode_BLOCK_HEADER (dat, obj); break; case DWG_TYPE_LAYER_CONTROL: error = dwg_decode_LAYER_CONTROL (dat, obj); if (!error && obj->tio.object->tio.LAYER_CONTROL) { obj->tio.object->tio.LAYER_CONTROL->objid = num; dwg->layer_control = *obj->tio.object->tio.LAYER_CONTROL; } break; case DWG_TYPE_LAYER: error = dwg_decode_LAYER (dat, obj); break; case DWG_TYPE_STYLE_CONTROL: error = dwg_decode_STYLE_CONTROL (dat, obj); if (!error && obj->tio.object->tio.STYLE_CONTROL) { obj->tio.object->tio.STYLE_CONTROL->objid = num; dwg->style_control = *obj->tio.object->tio.STYLE_CONTROL; } break; case DWG_TYPE_STYLE: error = dwg_decode_STYLE (dat, obj); break; case DWG_TYPE_LTYPE_CONTROL: error = dwg_decode_LTYPE_CONTROL (dat, obj); if (!error && obj->tio.object->tio.LTYPE_CONTROL) { obj->tio.object->tio.LTYPE_CONTROL->objid = num; dwg->ltype_control = *obj->tio.object->tio.LTYPE_CONTROL; } break; case DWG_TYPE_LTYPE: error = dwg_decode_LTYPE (dat, obj); break; case DWG_TYPE_VIEW_CONTROL: error = dwg_decode_VIEW_CONTROL (dat, obj); if (!error && obj->tio.object->tio.VIEW_CONTROL) { obj->tio.object->tio.VIEW_CONTROL->objid = num; dwg->view_control = *obj->tio.object->tio.VIEW_CONTROL; } break; case DWG_TYPE_VIEW: error = dwg_decode_VIEW (dat, obj); break; case DWG_TYPE_UCS_CONTROL: error = dwg_decode_UCS_CONTROL (dat, obj); if (!error && obj->tio.object->tio.UCS_CONTROL) { obj->tio.object->tio.UCS_CONTROL->objid = num; dwg->ucs_control = *obj->tio.object->tio.UCS_CONTROL; } break; case DWG_TYPE_UCS: error = dwg_decode_UCS (dat, obj); break; case DWG_TYPE_VPORT_CONTROL: error = dwg_decode_VPORT_CONTROL (dat, obj); if (!error && obj->tio.object->tio.VPORT_CONTROL) { obj->tio.object->tio.VPORT_CONTROL->objid = num; dwg->vport_control = *obj->tio.object->tio.VPORT_CONTROL; } break; case DWG_TYPE_VPORT: error = dwg_decode_VPORT (dat, obj); break; case DWG_TYPE_APPID_CONTROL: error = dwg_decode_APPID_CONTROL (dat, obj); if (!error && obj->tio.object->tio.APPID_CONTROL) { obj->tio.object->tio.APPID_CONTROL->objid = num; dwg->appid_control = *obj->tio.object->tio.APPID_CONTROL; } break; case DWG_TYPE_APPID: error = dwg_decode_APPID (dat, obj); break; case DWG_TYPE_DIMSTYLE_CONTROL: error = dwg_decode_DIMSTYLE_CONTROL (dat, obj); if (!error && obj->tio.object->tio.DIMSTYLE_CONTROL) { obj->tio.object->tio.DIMSTYLE_CONTROL->objid = num; dwg->dimstyle_control = *obj->tio.object->tio.DIMSTYLE_CONTROL; } break; case DWG_TYPE_DIMSTYLE: error = dwg_decode_DIMSTYLE (dat, obj); break; case DWG_TYPE_VPORT_ENTITY_CONTROL: error = dwg_decode_VPORT_ENTITY_CONTROL (dat, obj); if (!error && obj->tio.object->tio.VPORT_ENTITY_CONTROL) { obj->tio.object->tio.VPORT_ENTITY_CONTROL->objid = num; dwg->vport_entity_control = *obj->tio.object->tio.VPORT_ENTITY_CONTROL; } break; case DWG_TYPE_VPORT_ENTITY_HEADER: error = dwg_decode_VPORT_ENTITY_HEADER (dat, obj); break; case DWG_TYPE_GROUP: error = dwg_decode_GROUP (dat, obj); break; case DWG_TYPE_MLINESTYLE: error = dwg_decode_MLINESTYLE (dat, obj); break; case DWG_TYPE_OLE2FRAME: error = dwg_decode_OLE2FRAME (dat, obj); break; case DWG_TYPE_DUMMY: error = dwg_decode_DUMMY (dat, obj); break; case DWG_TYPE_LONG_TRANSACTION: error = dwg_decode_LONG_TRANSACTION (dat, obj); break; case DWG_TYPE_LWPOLYLINE: error = dwg_decode_LWPOLYLINE (dat, obj); break; case DWG_TYPE_HATCH: error = dwg_decode_HATCH (dat, obj); break; case DWG_TYPE_XRECORD: error = dwg_decode_XRECORD (dat, obj); break; case DWG_TYPE_PLACEHOLDER: error = dwg_decode_PLACEHOLDER (dat, obj); break; case DWG_TYPE_OLEFRAME: error = dwg_decode_OLEFRAME (dat, obj); break; case DWG_TYPE_VBA_PROJECT: LOG_ERROR (""Unhandled Object VBA_PROJECT. Has its own section""); error = DWG_ERR_UNHANDLEDCLASS; break; case DWG_TYPE_LAYOUT: error = dwg_decode_LAYOUT (dat, obj); break; case DWG_TYPE_PROXY_ENTITY: error = dwg_decode_PROXY_ENTITY (dat, obj); break; case DWG_TYPE_PROXY_OBJECT: error = dwg_decode_PROXY_OBJECT (dat, obj); break; default: if (obj->type == dwg->layout_type) error = dwg_decode_LAYOUT (dat, obj); else if ((error = dwg_decode_variable_type (dwg, dat, hdl_dat, obj)) & DWG_ERR_UNHANDLEDCLASS) { int is_entity = 0; int i = obj->type - 500; Dwg_Class *klass = NULL; bit_set_position (dat, restartpos); if (i >= 0 && i < (int)dwg->num_classes) { klass = &dwg->dwg_class[i]; is_entity = dwg_class_is_entity (klass); } else { if (i < 0) { LOG_ERROR (""Invalid class index %d <0"", i); } else { LOG_ERROR (""Invalid class index %d >%d"", i, (int)dwg->num_classes); } obj->supertype = DWG_SUPERTYPE_UNKNOWN; obj->type = 0; *dat = abs_dat; return error | DWG_ERR_VALUEOUTOFBOUNDS; } if (klass && !is_entity) { int err = dwg_decode_UNKNOWN_OBJ (dat, obj); error |= err; obj->supertype = DWG_SUPERTYPE_UNKNOWN; if (!dat) return error; if (err >= DWG_ERR_CRITICAL) *dat = abs_dat; } else if (klass) { int err; #if 0 && !defined(IS_RELEASE) if (strEQc(klass->dxfname, ""MULTILEADER"")) { char *mleader = bit_read_TF(dat, obj->size); LOG_INSANE_TF(mleader, (int)obj->size) bit_set_position(dat, restartpos); free (mleader); } #endif err = dwg_decode_UNKNOWN_ENT (dat, obj); error |= err; obj->supertype = DWG_SUPERTYPE_UNKNOWN; if (!dat) return error; if (err >= DWG_ERR_CRITICAL) *dat = abs_dat; } else { LOG_WARN (""Unknown object, skipping eed/reactors/xdic""); SINCE (R_2000) { obj->bitsize = bit_read_RL (dat); LOG_TRACE (""bitsize: "" FORMAT_RL "" [RL] @%lu.%u\n"", obj->bitsize, dat->byte-2, dat->bit); if (obj->bitsize > obj->size * 8) { LOG_ERROR (""Invalid bitsize "" FORMAT_RL "" => "" FORMAT_RL, obj->bitsize, obj->size * 8); obj->bitsize = obj->size * 8; error |= DWG_ERR_VALUEOUTOFBOUNDS; } } if (!bit_read_H (dat, &obj->handle)) { LOG_TRACE (""handle: "" FORMAT_H "" [H 5]\n"", ARGS_H (obj->handle)); } restartpos = dat->byte; obj->supertype = DWG_SUPERTYPE_UNKNOWN; obj->tio.unknown = bit_read_TF (dat, obj->size); dat->byte = restartpos; } } } if (obj->handle.value) { LOG_HANDLE ("" object_map{%lX} = %lu\n"", obj->handle.value, (unsigned long)num); hash_set (dwg->object_map, obj->handle.value, (uint32_t)num); } if (dat->byte > 8 * dat->size) { LOG_ERROR (""Invalid object address (overflow): %lu > %lu"", dat->byte, 8 * dat->size); *dat = abs_dat; return error | DWG_ERR_INVALIDDWG; } restartpos = bit_position (dat); *dat = abs_dat; bit_set_position (dat, objpos + restartpos); if (dat->bit) { unsigned char r = 8 - dat->bit; LOG_HANDLE ("" padding: %X/%X (%d bits)\n"", dat->chain[dat->byte], dat->chain[dat->byte] & ((1 << r) - 1), r); bit_advance_position (dat, r); } bit_set_position (dat, (obj->address + obj->size) * 8 - 2); if (!bit_check_CRC (dat, address, 0xC0C1)) error |= DWG_ERR_WRONGCRC; *dat = abs_dat; return realloced ? -1 : error; }",visit repo url,src/decode.c,https://github.com/LibreDWG/libredwg,69913907316737,1 5702,CWE-125,"void luaD_shrinkstack (lua_State *L) { int inuse = stackinuse(L); int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK; if (goodsize > LUAI_MAXSTACK) goodsize = LUAI_MAXSTACK; if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize) luaD_reallocstack(L, goodsize, 0); else condmovestack(L,{},{}); luaE_shrinkCI(L); }",visit repo url,ldo.c,https://github.com/lua/lua,93153615327379,1 753,['CWE-119'],"static __inline__ void isdn_net_inc_frame_cnt(isdn_net_local *lp) { atomic_inc(&lp->frame_cnt); if (isdn_net_device_busy(lp)) isdn_net_device_stop_queue(lp); }",linux-2.6,,,275840092339667958877792034759644054379,0 3518,['CWE-20'],"sctp_disposition_t sctp_sf_do_5_2_3_initack(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { if (ep == sctp_sk((sctp_get_ctl_sock()))->ep) return sctp_sf_ootb(ep, asoc, type, arg, commands); else return sctp_sf_discard_chunk(ep, asoc, type, arg, commands); }",linux-2.6,,,83838189657321178964469855796146363434,0 5489,CWE-755,"static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){ assert( p->nOp>0 || p->aOp==0 ); assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed ); if( p->nOp ){ assert( p->aOp ); sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment); p->aOp[p->nOp-1].zComment = sqlite3VMPrintf(p->db, zFormat, ap); } }",visit repo url,src/vdbeaux.c,https://github.com/sqlite/sqlite,211071535154960,1 3803,[],"static int unix_create(struct socket *sock, int protocol) { if (protocol && protocol != PF_UNIX) return -EPROTONOSUPPORT; sock->state = SS_UNCONNECTED; switch (sock->type) { case SOCK_STREAM: sock->ops = &unix_stream_ops; break; case SOCK_RAW: sock->type=SOCK_DGRAM; case SOCK_DGRAM: sock->ops = &unix_dgram_ops; break; case SOCK_SEQPACKET: sock->ops = &unix_seqpacket_ops; break; default: return -ESOCKTNOSUPPORT; } return unix_create1(sock) ? 0 : -ENOMEM; }",linux-2.6,,,143637450987250830601976440685822833894,0 5408,['CWE-476'],"void kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) { unsigned long old_cr4 = vcpu->arch.cr4; unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE; if (cr4 & CR4_RESERVED_BITS) { printk(KERN_DEBUG ""set_cr4: #GP, reserved bits\n""); kvm_inject_gp(vcpu, 0); return; } if (is_long_mode(vcpu)) { if (!(cr4 & X86_CR4_PAE)) { printk(KERN_DEBUG ""set_cr4: #GP, clearing PAE while "" ""in long mode\n""); kvm_inject_gp(vcpu, 0); return; } } else if (is_paging(vcpu) && (cr4 & X86_CR4_PAE) && ((cr4 ^ old_cr4) & pdptr_bits) && !load_pdptrs(vcpu, vcpu->arch.cr3)) { printk(KERN_DEBUG ""set_cr4: #GP, pdptrs reserved bits\n""); kvm_inject_gp(vcpu, 0); return; } if (cr4 & X86_CR4_VMXE) { printk(KERN_DEBUG ""set_cr4: #GP, setting VMXE\n""); kvm_inject_gp(vcpu, 0); return; } kvm_x86_ops->set_cr4(vcpu, cr4); vcpu->arch.cr4 = cr4; vcpu->arch.mmu.base_role.cr4_pge = (cr4 & X86_CR4_PGE) && !tdp_enabled; kvm_mmu_reset_context(vcpu); }",linux-2.6,,,1917495479190984746448450281100197586,0 5958,CWE-863,"zfs_groupmember(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr) { #ifdef HAVE_KSID ksid_t *ksid = crgetsid(cr, KSID_GROUP); ksidlist_t *ksidlist = crgetsidlist(cr); uid_t gid; if (ksid && ksidlist) { int i; ksid_t *ksid_groups; uint32_t idx = FUID_INDEX(id); uint32_t rid = FUID_RID(id); ksid_groups = ksidlist->ksl_sids; for (i = 0; i != ksidlist->ksl_nsid; i++) { if (idx == 0) { if (id != IDMAP_WK_CREATOR_GROUP_GID && id == ksid_groups[i].ks_id) { return (B_TRUE); } } else { const char *domain; domain = zfs_fuid_find_by_idx(zfsvfs, idx); ASSERT(domain != NULL); if (strcmp(domain, IDMAP_WK_CREATOR_SID_AUTHORITY) == 0) return (B_FALSE); if ((strcmp(domain, ksid_groups[i].ks_domain->kd_name) == 0) && rid == ksid_groups[i].ks_rid) return (B_TRUE); } } } gid = zfs_fuid_map_id(zfsvfs, id, cr, ZFS_GROUP); return (groupmember(gid, cr)); #else return (B_TRUE); #endif }",visit repo url,module/zfs/zfs_fuid.c,https://github.com/openzfs/zfs,233701998061661,1 5595,CWE-125,"ast_for_funcdef_impl(struct compiling *c, const node *n, asdl_seq *decorator_seq, int is_async) { identifier name; arguments_ty args; asdl_seq *body; expr_ty returns = NULL; int name_i = 1; node *tc; string type_comment = NULL; if (is_async && c->c_feature_version < 5) { ast_error(c, n, ""Async functions are only supported in Python 3.5 and greater""); return NULL; } REQ(n, funcdef); name = NEW_IDENTIFIER(CHILD(n, name_i)); if (!name) return NULL; if (forbidden_name(c, name, CHILD(n, name_i), 0)) return NULL; args = ast_for_arguments(c, CHILD(n, name_i + 1)); if (!args) return NULL; if (TYPE(CHILD(n, name_i+2)) == RARROW) { returns = ast_for_expr(c, CHILD(n, name_i + 3)); if (!returns) return NULL; name_i += 2; } if (TYPE(CHILD(n, name_i + 3)) == TYPE_COMMENT) { type_comment = NEW_TYPE_COMMENT(CHILD(n, name_i + 3)); name_i += 1; } body = ast_for_suite(c, CHILD(n, name_i + 3)); if (!body) return NULL; if (!type_comment && NCH(CHILD(n, name_i + 3)) > 1) { tc = CHILD(CHILD(n, name_i + 3), 1); if (TYPE(tc) == TYPE_COMMENT) type_comment = NEW_TYPE_COMMENT(tc); } if (is_async) return AsyncFunctionDef(name, args, body, decorator_seq, returns, type_comment, LINENO(n), n->n_col_offset, c->c_arena); else return FunctionDef(name, args, body, decorator_seq, returns, type_comment, LINENO(n), n->n_col_offset, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,227965930282776,1 3974,['CWE-362'],"static int __init inotify_setup(void) { atomic_set(&inotify_cookie, 0); return 0; }",linux-2.6,,,131327605822333210160669053619560643237,0 2787,CWE-681,"BITMAP_UPDATE* update_read_bitmap_update(rdpUpdate* update, wStream* s) { UINT32 i; BITMAP_UPDATE* bitmapUpdate = calloc(1, sizeof(BITMAP_UPDATE)); if (!bitmapUpdate) goto fail; if (Stream_GetRemainingLength(s) < 2) goto fail; Stream_Read_UINT16(s, bitmapUpdate->number); WLog_Print(update->log, WLOG_TRACE, ""BitmapUpdate: %""PRIu32"""", bitmapUpdate->number); if (bitmapUpdate->number > bitmapUpdate->count) { UINT16 count; BITMAP_DATA* newdata; count = bitmapUpdate->number * 2; newdata = (BITMAP_DATA*) realloc(bitmapUpdate->rectangles, sizeof(BITMAP_DATA) * count); if (!newdata) goto fail; bitmapUpdate->rectangles = newdata; ZeroMemory(&bitmapUpdate->rectangles[bitmapUpdate->count], sizeof(BITMAP_DATA) * (count - bitmapUpdate->count)); bitmapUpdate->count = count; } for (i = 0; i < bitmapUpdate->number; i++) { if (!update_read_bitmap_data(update, s, &bitmapUpdate->rectangles[i])) goto fail; } return bitmapUpdate; fail: free_bitmap_update(update->context, bitmapUpdate); return NULL; }",visit repo url,libfreerdp/core/update.c,https://github.com/FreeRDP/FreeRDP,41491631901326,1 5055,['CWE-20'],"static void vmx_flush_tlb(struct kvm_vcpu *vcpu) { vpid_sync_vcpu_all(to_vmx(vcpu)); if (vm_need_ept()) ept_sync_context(construct_eptp(vcpu->arch.mmu.root_hpa)); }",linux-2.6,,,243997988128063064545123390702106943785,0 2462,['CWE-119'],"int diff_setup_done(struct diff_options *options) { int count = 0; if (options->output_format & DIFF_FORMAT_NAME) count++; if (options->output_format & DIFF_FORMAT_NAME_STATUS) count++; if (options->output_format & DIFF_FORMAT_CHECKDIFF) count++; if (options->output_format & DIFF_FORMAT_NO_OUTPUT) count++; if (count > 1) die(""--name-only, --name-status, --check and -s are mutually exclusive""); if (DIFF_OPT_TST(options, FIND_COPIES_HARDER)) options->detect_rename = DIFF_DETECT_COPY; if (!DIFF_OPT_TST(options, RELATIVE_NAME)) options->prefix = NULL; if (options->prefix) options->prefix_length = strlen(options->prefix); else options->prefix_length = 0; if (options->output_format & (DIFF_FORMAT_NAME | DIFF_FORMAT_NAME_STATUS | DIFF_FORMAT_CHECKDIFF | DIFF_FORMAT_NO_OUTPUT)) options->output_format &= ~(DIFF_FORMAT_RAW | DIFF_FORMAT_NUMSTAT | DIFF_FORMAT_DIFFSTAT | DIFF_FORMAT_SHORTSTAT | DIFF_FORMAT_DIRSTAT | DIFF_FORMAT_SUMMARY | DIFF_FORMAT_PATCH); if (options->output_format & (DIFF_FORMAT_PATCH | DIFF_FORMAT_NUMSTAT | DIFF_FORMAT_DIFFSTAT | DIFF_FORMAT_SHORTSTAT | DIFF_FORMAT_DIRSTAT | DIFF_FORMAT_SUMMARY | DIFF_FORMAT_CHECKDIFF)) DIFF_OPT_SET(options, RECURSIVE); if (options->pickaxe) DIFF_OPT_SET(options, RECURSIVE); if (options->detect_rename && options->rename_limit < 0) options->rename_limit = diff_rename_limit_default; if (options->setup & DIFF_SETUP_USE_CACHE) { if (!active_cache) read_cache(); } if (options->abbrev <= 0 || 40 < options->abbrev) options->abbrev = 40; if (DIFF_OPT_TST(options, QUIET)) { options->output_format = DIFF_FORMAT_NO_OUTPUT; DIFF_OPT_SET(options, EXIT_WITH_STATUS); } if (options->pickaxe || options->filter) DIFF_OPT_CLR(options, QUIET); return 0; }",git,,,247419530307172841012736619964578735741,0 6548,NVD-CWE-noinfo,"find_by_thp(struct tang_keys_info* tki, const char* target) { if (!tki) { return NULL; } json_auto_t* keys = json_deep_copy(tki->m_keys); json_array_extend(keys, tki->m_rotated_keys); size_t idx; json_t* jwk; const char** hashes = supported_hashes(); json_array_foreach(keys, idx, jwk) { for (int i = 0; hashes[i]; i++) { __attribute__ ((__cleanup__(cleanup_str))) char* thumbprint = jwk_thumbprint(jwk, hashes[i]); if (!thumbprint || strcmp(thumbprint, target) != 0) { continue; } if (jwk_valid_for_deriving_keys(jwk)) { return json_incref(jwk); } else if (jwk_valid_for_signing(jwk)) { json_auto_t* sign = json_deep_copy(tki->m_sign); if (json_array_append(sign, jwk) == -1) { return NULL; } json_auto_t* jws = jwk_sign(tki->m_payload, sign); if (!jws) { return NULL; } return json_incref(jws); } } } return NULL; }",visit repo url,src/keys.c,https://github.com/latchset/tang,70988466786739,1 163,[],"static int compat_fillonedir(void *__buf, const char *name, int namlen, loff_t offset, u64 ino, unsigned int d_type) { struct compat_readdir_callback *buf = __buf; struct compat_old_linux_dirent __user *dirent; compat_ulong_t d_ino; if (buf->result) return -EINVAL; d_ino = ino; if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) return -EOVERFLOW; buf->result++; dirent = buf->dirent; if (!access_ok(VERIFY_WRITE, dirent, (unsigned long)(dirent->d_name + namlen + 1) - (unsigned long)dirent)) goto efault; if ( __put_user(d_ino, &dirent->d_ino) || __put_user(offset, &dirent->d_offset) || __put_user(namlen, &dirent->d_namlen) || __copy_to_user(dirent->d_name, name, namlen) || __put_user(0, dirent->d_name + namlen)) goto efault; return 0; efault: buf->result = -EFAULT; return -EFAULT; }",linux-2.6,,,100544468366491872752784632283279129315,0 5284,['CWE-119'],"static int tun_get_iff(struct net *net, struct file *file, struct ifreq *ifr) { struct tun_struct *tun = tun_get(file); if (!tun) return -EBADFD; DBG(KERN_INFO ""%s: tun_get_iff\n"", tun->dev->name); strcpy(ifr->ifr_name, tun->dev->name); ifr->ifr_flags = tun_flags(tun); tun_put(tun); return 0; }",linux-2.6,,,248921530450310641628098302700697093397,0 3629,['CWE-287'],"struct sctp_transport *sctp_assoc_is_match(struct sctp_association *asoc, const union sctp_addr *laddr, const union sctp_addr *paddr) { struct sctp_transport *transport; if ((htons(asoc->base.bind_addr.port) == laddr->v4.sin_port) && (htons(asoc->peer.port) == paddr->v4.sin_port)) { transport = sctp_assoc_lookup_paddr(asoc, paddr); if (!transport) goto out; if (sctp_bind_addr_match(&asoc->base.bind_addr, laddr, sctp_sk(asoc->base.sk))) goto out; } transport = NULL; out: return transport; }",linux-2.6,,,36365733003977402285747360436554809672,0 6507,['CWE-20'],"static int decode_modrm(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) { struct decode_cache *c = &ctxt->decode; u8 sib; int index_reg = 0, base_reg = 0, scale; int rc = 0; if (c->rex_prefix) { c->modrm_reg = (c->rex_prefix & 4) << 1; index_reg = (c->rex_prefix & 2) << 2; c->modrm_rm = base_reg = (c->rex_prefix & 1) << 3; } c->modrm = insn_fetch(u8, 1, c->eip); c->modrm_mod |= (c->modrm & 0xc0) >> 6; c->modrm_reg |= (c->modrm & 0x38) >> 3; c->modrm_rm |= (c->modrm & 0x07); c->modrm_ea = 0; c->use_modrm_ea = 1; if (c->modrm_mod == 3) { c->modrm_ptr = decode_register(c->modrm_rm, c->regs, c->d & ByteOp); c->modrm_val = *(unsigned long *)c->modrm_ptr; return rc; } if (c->ad_bytes == 2) { unsigned bx = c->regs[VCPU_REGS_RBX]; unsigned bp = c->regs[VCPU_REGS_RBP]; unsigned si = c->regs[VCPU_REGS_RSI]; unsigned di = c->regs[VCPU_REGS_RDI]; switch (c->modrm_mod) { case 0: if (c->modrm_rm == 6) c->modrm_ea += insn_fetch(u16, 2, c->eip); break; case 1: c->modrm_ea += insn_fetch(s8, 1, c->eip); break; case 2: c->modrm_ea += insn_fetch(u16, 2, c->eip); break; } switch (c->modrm_rm) { case 0: c->modrm_ea += bx + si; break; case 1: c->modrm_ea += bx + di; break; case 2: c->modrm_ea += bp + si; break; case 3: c->modrm_ea += bp + di; break; case 4: c->modrm_ea += si; break; case 5: c->modrm_ea += di; break; case 6: if (c->modrm_mod != 0) c->modrm_ea += bp; break; case 7: c->modrm_ea += bx; break; } if (c->modrm_rm == 2 || c->modrm_rm == 3 || (c->modrm_rm == 6 && c->modrm_mod != 0)) if (!c->has_seg_override) set_seg_override(c, VCPU_SREG_SS); c->modrm_ea = (u16)c->modrm_ea; } else { if ((c->modrm_rm & 7) == 4) { sib = insn_fetch(u8, 1, c->eip); index_reg |= (sib >> 3) & 7; base_reg |= sib & 7; scale = sib >> 6; if ((base_reg & 7) == 5 && c->modrm_mod == 0) c->modrm_ea += insn_fetch(s32, 4, c->eip); else c->modrm_ea += c->regs[base_reg]; if (index_reg != 4) c->modrm_ea += c->regs[index_reg] << scale; } else if ((c->modrm_rm & 7) == 5 && c->modrm_mod == 0) { if (ctxt->mode == X86EMUL_MODE_PROT64) c->rip_relative = 1; } else c->modrm_ea += c->regs[c->modrm_rm]; switch (c->modrm_mod) { case 0: if (c->modrm_rm == 5) c->modrm_ea += insn_fetch(s32, 4, c->eip); break; case 1: c->modrm_ea += insn_fetch(s8, 1, c->eip); break; case 2: c->modrm_ea += insn_fetch(s32, 4, c->eip); break; } } done: return rc; }",kvm,,,248549852647775128225373767378893141248,0 4900,['CWE-20'],"static inline void nfs_renew_times(struct dentry * dentry) { dentry->d_time = jiffies; }",linux-2.6,,,320517324369278787105851444422965046595,0 1261,[],"m4_ifdef (struct obstack *obs, int argc, token_data **argv) { symbol *s; const char *result; if (bad_argc (argv[0], argc, 3, 4)) return; s = lookup_symbol (ARG (1), SYMBOL_LOOKUP); if (s != NULL && SYMBOL_TYPE (s) != TOKEN_VOID) result = ARG (2); else if (argc >= 4) result = ARG (3); else result = NULL; if (result != NULL) obstack_grow (obs, result, strlen (result)); }",m4,,,269836188343913173833757449904936949328,0 3303,CWE-415,"static int parse_index(git_index *index, const char *buffer, size_t buffer_size) { int error = 0; unsigned int i; struct index_header header = { 0 }; git_oid checksum_calculated, checksum_expected; const char *last = NULL; const char *empty = """"; #define seek_forward(_increase) { \ if (_increase >= buffer_size) { \ error = index_error_invalid(""ran out of data while parsing""); \ goto done; } \ buffer += _increase; \ buffer_size -= _increase;\ } if (buffer_size < INDEX_HEADER_SIZE + INDEX_FOOTER_SIZE) return index_error_invalid(""insufficient buffer space""); git_hash_buf(&checksum_calculated, buffer, buffer_size - INDEX_FOOTER_SIZE); if ((error = read_header(&header, buffer)) < 0) return error; index->version = header.version; if (index->version >= INDEX_VERSION_NUMBER_COMP) last = empty; seek_forward(INDEX_HEADER_SIZE); assert(!index->entries.length); if (index->ignore_case) git_idxmap_icase_resize((khash_t(idxicase) *) index->entries_map, header.entry_count); else git_idxmap_resize(index->entries_map, header.entry_count); for (i = 0; i < header.entry_count && buffer_size > INDEX_FOOTER_SIZE; ++i) { git_index_entry *entry = NULL; size_t entry_size = read_entry(&entry, index, buffer, buffer_size, last); if (entry_size == 0) { error = index_error_invalid(""invalid entry""); goto done; } if ((error = git_vector_insert(&index->entries, entry)) < 0) { index_entry_free(entry); goto done; } INSERT_IN_MAP(index, entry, &error); if (error < 0) { index_entry_free(entry); goto done; } error = 0; if (index->version >= INDEX_VERSION_NUMBER_COMP) last = entry->path; seek_forward(entry_size); } if (i != header.entry_count) { error = index_error_invalid(""header entries changed while parsing""); goto done; } while (buffer_size > INDEX_FOOTER_SIZE) { size_t extension_size; extension_size = read_extension(index, buffer, buffer_size); if (extension_size == 0) { error = index_error_invalid(""extension is truncated""); goto done; } seek_forward(extension_size); } if (buffer_size != INDEX_FOOTER_SIZE) { error = index_error_invalid( ""buffer size does not match index footer size""); goto done; } git_oid_fromraw(&checksum_expected, (const unsigned char *)buffer); if (git_oid__cmp(&checksum_calculated, &checksum_expected) != 0) { error = index_error_invalid( ""calculated checksum does not match expected""); goto done; } git_oid_cpy(&index->checksum, &checksum_calculated); #undef seek_forward git_vector_set_sorted(&index->entries, !index->ignore_case); git_vector_sort(&index->entries); done: return error; }",visit repo url,src/index.c,https://github.com/libgit2/libgit2,3665600147439,1 5415,['CWE-476'],"int emulator_get_dr(struct x86_emulate_ctxt *ctxt, int dr, unsigned long *dest) { struct kvm_vcpu *vcpu = ctxt->vcpu; switch (dr) { case 0 ... 3: *dest = kvm_x86_ops->get_dr(vcpu, dr); return X86EMUL_CONTINUE; default: pr_unimpl(vcpu, ""%s: unexpected dr %u\n"", __func__, dr); return X86EMUL_UNHANDLEABLE; } }",linux-2.6,,,254748967989309296596538352367963092900,0 4206,CWE-190,"checked_xmalloc (size_t size) { alloc_limit_assert (""checked_xmalloc"", size); return xmalloc (size); }",visit repo url,src/alloc.c,https://github.com/verdammelt/tnef,82478259872183,1 6270,['CWE-200'],"static void neigh_periodic_timer(unsigned long arg) { struct neigh_table *tbl = (struct neigh_table *)arg; struct neighbour *n, **np; unsigned long expire, now = jiffies; NEIGH_CACHE_STAT_INC(tbl, periodic_gc_runs); write_lock(&tbl->lock); if (time_after(now, tbl->last_rand + 300 * HZ)) { struct neigh_parms *p; tbl->last_rand = now; for (p = &tbl->parms; p; p = p->next) p->reachable_time = neigh_rand_reach_time(p->base_reachable_time); } np = &tbl->hash_buckets[tbl->hash_chain_gc]; tbl->hash_chain_gc = ((tbl->hash_chain_gc + 1) & tbl->hash_mask); while ((n = *np) != NULL) { unsigned int state; write_lock(&n->lock); state = n->nud_state; if (state & (NUD_PERMANENT | NUD_IN_TIMER)) { write_unlock(&n->lock); goto next_elt; } if (time_before(n->used, n->confirmed)) n->used = n->confirmed; if (atomic_read(&n->refcnt) == 1 && (state == NUD_FAILED || time_after(now, n->used + n->parms->gc_staletime))) { *np = n->next; n->dead = 1; write_unlock(&n->lock); neigh_release(n); continue; } write_unlock(&n->lock); next_elt: np = &n->next; } expire = tbl->parms.base_reachable_time >> 1; expire /= (tbl->hash_mask + 1); if (!expire) expire = 1; mod_timer(&tbl->gc_timer, now + expire); write_unlock(&tbl->lock); }",linux-2.6,,,91852128282738120249087539784370017313,0 1425,CWE-310,"static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_hash rhash; struct shash_alg *salg = __crypto_shash_alg(alg); snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""shash""); rhash.blocksize = alg->cra_blocksize; rhash.digestsize = salg->digestsize; if (nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(struct crypto_report_hash), &rhash)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/shash.c,https://github.com/torvalds/linux,20784825367587,1 1402,[],"static inline struct sched_entity *parent_entity(struct sched_entity *se) { return NULL; }",linux-2.6,,,62245735288994761621745851172642131987,0 521,CWE-119,"static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regno, int off, int bpf_size, enum bpf_access_type t, int value_regno) { struct bpf_verifier_state *state = env->cur_state; struct bpf_reg_state *regs = cur_regs(env); struct bpf_reg_state *reg = regs + regno; int size, err = 0; size = bpf_size_to_bytes(bpf_size); if (size < 0) return size; err = check_ptr_alignment(env, reg, off, size); if (err) return err; off += reg->off; if (reg->type == PTR_TO_MAP_VALUE) { if (t == BPF_WRITE && value_regno >= 0 && is_pointer_value(env, value_regno)) { verbose(env, ""R%d leaks addr into map\n"", value_regno); return -EACCES; } err = check_map_access(env, regno, off, size, false); if (!err && t == BPF_READ && value_regno >= 0) mark_reg_unknown(env, regs, value_regno); } else if (reg->type == PTR_TO_CTX) { enum bpf_reg_type reg_type = SCALAR_VALUE; if (t == BPF_WRITE && value_regno >= 0 && is_pointer_value(env, value_regno)) { verbose(env, ""R%d leaks addr into ctx\n"", value_regno); return -EACCES; } if (reg->off) { verbose(env, ""dereference of modified ctx ptr R%d off=%d+%d, ctx+const is allowed, ctx+const+const is not\n"", regno, reg->off, off - reg->off); return -EACCES; } if (!tnum_is_const(reg->var_off) || reg->var_off.value) { char tn_buf[48]; tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); verbose(env, ""variable ctx access var_off=%s off=%d size=%d"", tn_buf, off, size); return -EACCES; } err = check_ctx_access(env, insn_idx, off, size, t, ®_type); if (!err && t == BPF_READ && value_regno >= 0) { if (reg_type == SCALAR_VALUE) mark_reg_unknown(env, regs, value_regno); else mark_reg_known_zero(env, regs, value_regno); regs[value_regno].id = 0; regs[value_regno].off = 0; regs[value_regno].range = 0; regs[value_regno].type = reg_type; } } else if (reg->type == PTR_TO_STACK) { if (!tnum_is_const(reg->var_off)) { char tn_buf[48]; tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); verbose(env, ""variable stack access var_off=%s off=%d size=%d"", tn_buf, off, size); return -EACCES; } off += reg->var_off.value; if (off >= 0 || off < -MAX_BPF_STACK) { verbose(env, ""invalid stack off=%d size=%d\n"", off, size); return -EACCES; } if (env->prog->aux->stack_depth < -off) env->prog->aux->stack_depth = -off; if (t == BPF_WRITE) err = check_stack_write(env, state, off, size, value_regno); else err = check_stack_read(env, state, off, size, value_regno); } else if (reg_is_pkt_pointer(reg)) { if (t == BPF_WRITE && !may_access_direct_pkt_data(env, NULL, t)) { verbose(env, ""cannot write into packet\n""); return -EACCES; } if (t == BPF_WRITE && value_regno >= 0 && is_pointer_value(env, value_regno)) { verbose(env, ""R%d leaks addr into packet\n"", value_regno); return -EACCES; } err = check_packet_access(env, regno, off, size, false); if (!err && t == BPF_READ && value_regno >= 0) mark_reg_unknown(env, regs, value_regno); } else { verbose(env, ""R%d invalid mem access '%s'\n"", regno, reg_type_str[reg->type]); return -EACCES; } if (!err && size < BPF_REG_SIZE && value_regno >= 0 && t == BPF_READ && regs[value_regno].type == SCALAR_VALUE) { regs[value_regno].var_off = tnum_cast(regs[value_regno].var_off, size); __update_reg_bounds(®s[value_regno]); } return err; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,5914206004956,1 5281,['CWE-264'],"static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms) { int snum = SNUM(fsp->conn); size_t ace_count = count_canon_ace_list(file_ace_list); canon_ace *ace_p; canon_ace *owner_ace = NULL; canon_ace *group_ace = NULL; canon_ace *other_ace = NULL; mode_t and_bits; mode_t or_bits; if (ace_count != 3) { DEBUG(3,(""convert_canon_ace_to_posix_perms: Too many ACE entries for file %s to convert to \ posix perms.\n"", fsp->fsp_name )); return False; } for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) { if (ace_p->owner_type == UID_ACE) owner_ace = ace_p; else if (ace_p->owner_type == GID_ACE) group_ace = ace_p; else if (ace_p->owner_type == WORLD_ACE) other_ace = ace_p; } if (!owner_ace || !group_ace || !other_ace) { DEBUG(3,(""convert_canon_ace_to_posix_perms: Can't get standard entries for file %s.\n"", fsp->fsp_name )); return False; } *posix_perms = (mode_t)0; *posix_perms |= owner_ace->perms; *posix_perms |= MAP_PERM(group_ace->perms, S_IRUSR, S_IRGRP); *posix_perms |= MAP_PERM(group_ace->perms, S_IWUSR, S_IWGRP); *posix_perms |= MAP_PERM(group_ace->perms, S_IXUSR, S_IXGRP); *posix_perms |= MAP_PERM(other_ace->perms, S_IRUSR, S_IROTH); *posix_perms |= MAP_PERM(other_ace->perms, S_IWUSR, S_IWOTH); *posix_perms |= MAP_PERM(other_ace->perms, S_IXUSR, S_IXOTH); *posix_perms |= S_IRUSR; if (fsp->is_directory) *posix_perms |= (S_IWUSR|S_IXUSR); if (fsp->is_directory) { and_bits = lp_dir_security_mask(snum); or_bits = lp_force_dir_security_mode(snum); } else { and_bits = lp_security_mask(snum); or_bits = lp_force_security_mode(snum); } *posix_perms = (((*posix_perms) & and_bits)|or_bits); DEBUG(10,(""convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o to perm=0%o for file %s.\n"", (int)owner_ace->perms, (int)group_ace->perms, (int)other_ace->perms, (int)*posix_perms, fsp->fsp_name )); return True; }",samba,,,197732752530208841459657693411921066847,0 3280,CWE-125,"ikev2_ID_print(netdissect_options *ndo, u_char tpay, const struct isakmp_gen *ext, u_int item_len _U_, const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto _U_, int depth _U_) { struct ikev2_id id; int id_len, idtype_len, i; unsigned int dumpascii, dumphex; const unsigned char *typedata; ND_TCHECK(*ext); UNALIGNED_MEMCPY(&id, ext, sizeof(id)); ikev2_pay_print(ndo, NPSTR(tpay), id.h.critical); id_len = ntohs(id.h.len); ND_PRINT((ndo,"" len=%d"", id_len - 4)); if (2 < ndo->ndo_vflag && 4 < id_len) { ND_PRINT((ndo,"" "")); if (!rawprint(ndo, (const uint8_t *)(ext + 1), id_len - 4)) goto trunc; } idtype_len =id_len - sizeof(struct ikev2_id); dumpascii = 0; dumphex = 0; typedata = (const unsigned char *)(ext)+sizeof(struct ikev2_id); switch(id.type) { case ID_IPV4_ADDR: ND_PRINT((ndo, "" ipv4:"")); dumphex=1; break; case ID_FQDN: ND_PRINT((ndo, "" fqdn:"")); dumpascii=1; break; case ID_RFC822_ADDR: ND_PRINT((ndo, "" rfc822:"")); dumpascii=1; break; case ID_IPV6_ADDR: ND_PRINT((ndo, "" ipv6:"")); dumphex=1; break; case ID_DER_ASN1_DN: ND_PRINT((ndo, "" dn:"")); dumphex=1; break; case ID_DER_ASN1_GN: ND_PRINT((ndo, "" gn:"")); dumphex=1; break; case ID_KEY_ID: ND_PRINT((ndo, "" keyid:"")); dumphex=1; break; } if(dumpascii) { ND_TCHECK2(*typedata, idtype_len); for(i=0; ii_flags & EXT4_EXTENTS_FL)) return ext4_indirect_trans_blocks(inode, nrblocks, chunk); return ext4_ext_index_trans_blocks(inode, nrblocks, chunk); }",linux-2.6,,,17038361055865151521881716047184784232,0 1089,['CWE-399'],"restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc, int *peax) { unsigned int err = 0; current_thread_info()->restart_block.fn = do_no_restart_syscall; #define COPY(x) err |= __get_user(regs->x, &sc->x) #define COPY_SEG(seg) \ { unsigned short tmp; \ err |= __get_user(tmp, &sc->seg); \ regs->seg = tmp; } #define COPY_SEG_STRICT(seg) \ { unsigned short tmp; \ err |= __get_user(tmp, &sc->seg); \ regs->seg = tmp|3; } #define GET_SEG(seg) \ { unsigned short tmp; \ err |= __get_user(tmp, &sc->seg); \ loadsegment(seg,tmp); } #define FIX_EFLAGS (X86_EFLAGS_AC | X86_EFLAGS_RF | \ X86_EFLAGS_OF | X86_EFLAGS_DF | \ X86_EFLAGS_TF | X86_EFLAGS_SF | X86_EFLAGS_ZF | \ X86_EFLAGS_AF | X86_EFLAGS_PF | X86_EFLAGS_CF) GET_SEG(gs); COPY_SEG(fs); COPY_SEG(es); COPY_SEG(ds); COPY(di); COPY(si); COPY(bp); COPY(sp); COPY(bx); COPY(dx); COPY(cx); COPY(ip); COPY_SEG_STRICT(cs); COPY_SEG_STRICT(ss); { unsigned int tmpflags; err |= __get_user(tmpflags, &sc->flags); regs->flags = (regs->flags & ~FIX_EFLAGS) | (tmpflags & FIX_EFLAGS); regs->orig_ax = -1; } { struct _fpstate __user * buf; err |= __get_user(buf, &sc->fpstate); if (buf) { if (!access_ok(VERIFY_READ, buf, sizeof(*buf))) goto badframe; err |= restore_i387(buf); } else { struct task_struct *me = current; if (used_math()) { clear_fpu(me); clear_used_math(); } } } err |= __get_user(*peax, &sc->ax); return err; badframe: return 1; }",linux-2.6,,,171660535001939172827485422619770843513,0 4968,CWE-125,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 4887,CWE-369,"MagickExport Image *MeanShiftImage(const Image *image,const size_t width, const size_t height,const double color_distance,ExceptionInfo *exception) { #define MaxMeanShiftIterations 100 #define MeanShiftImageTag ""MeanShift/Image"" CacheView *image_view, *mean_view, *pixel_view; Image *mean_image; MagickBooleanType status; MagickOffsetType progress; ssize_t y; assert(image != (const Image *) NULL); assert(image->signature == MagickCoreSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); mean_image=CloneImage(image,0,0,MagickTrue,exception); if (mean_image == (Image *) NULL) return((Image *) NULL); if (SetImageStorageClass(mean_image,DirectClass) == MagickFalse) { InheritException(exception,&mean_image->exception); mean_image=DestroyImage(mean_image); return((Image *) NULL); } status=MagickTrue; progress=0; image_view=AcquireVirtualCacheView(image,exception); pixel_view=AcquireVirtualCacheView(image,exception); mean_view=AcquireAuthenticCacheView(mean_image,exception); #if defined(MAGICKCORE_OPENMP_SUPPORT) #pragma omp parallel for schedule(static) shared(status,progress) \ magick_number_threads(mean_image,mean_image,mean_image->rows,1) #endif for (y=0; y < (ssize_t) mean_image->rows; y++) { register const IndexPacket *magick_restrict indexes; register const PixelPacket *magick_restrict p; register PixelPacket *magick_restrict q; register ssize_t x; if (status == MagickFalse) continue; p=GetCacheViewVirtualPixels(image_view,0,y,image->columns,1,exception); q=GetCacheViewAuthenticPixels(mean_view,0,y,mean_image->columns,1, exception); if ((p == (const PixelPacket *) NULL) || (q == (PixelPacket *) NULL)) { status=MagickFalse; continue; } indexes=GetCacheViewVirtualIndexQueue(image_view); for (x=0; x < (ssize_t) mean_image->columns; x++) { MagickPixelPacket mean_pixel, previous_pixel; PointInfo mean_location, previous_location; register ssize_t i; GetMagickPixelPacket(image,&mean_pixel); SetMagickPixelPacket(image,p,indexes+x,&mean_pixel); mean_location.x=(double) x; mean_location.y=(double) y; for (i=0; i < MaxMeanShiftIterations; i++) { double distance, gamma; MagickPixelPacket sum_pixel; PointInfo sum_location; ssize_t count, v; sum_location.x=0.0; sum_location.y=0.0; GetMagickPixelPacket(image,&sum_pixel); previous_location=mean_location; previous_pixel=mean_pixel; count=0; for (v=(-((ssize_t) height/2)); v <= (((ssize_t) height/2)); v++) { ssize_t u; for (u=(-((ssize_t) width/2)); u <= (((ssize_t) width/2)); u++) { if ((v*v+u*u) <= (ssize_t) ((width/2)*(height/2))) { PixelPacket pixel; status=GetOneCacheViewVirtualPixel(pixel_view,(ssize_t) MagickRound(mean_location.x+u),(ssize_t) MagickRound( mean_location.y+v),&pixel,exception); distance=(mean_pixel.red-pixel.red)*(mean_pixel.red-pixel.red)+ (mean_pixel.green-pixel.green)*(mean_pixel.green-pixel.green)+ (mean_pixel.blue-pixel.blue)*(mean_pixel.blue-pixel.blue); if (distance <= (color_distance*color_distance)) { sum_location.x+=mean_location.x+u; sum_location.y+=mean_location.y+v; sum_pixel.red+=pixel.red; sum_pixel.green+=pixel.green; sum_pixel.blue+=pixel.blue; sum_pixel.opacity+=pixel.opacity; count++; } } } } gamma=1.0/count; mean_location.x=gamma*sum_location.x; mean_location.y=gamma*sum_location.y; mean_pixel.red=gamma*sum_pixel.red; mean_pixel.green=gamma*sum_pixel.green; mean_pixel.blue=gamma*sum_pixel.blue; mean_pixel.opacity=gamma*sum_pixel.opacity; distance=(mean_location.x-previous_location.x)* (mean_location.x-previous_location.x)+ (mean_location.y-previous_location.y)* (mean_location.y-previous_location.y)+ 255.0*QuantumScale*(mean_pixel.red-previous_pixel.red)* 255.0*QuantumScale*(mean_pixel.red-previous_pixel.red)+ 255.0*QuantumScale*(mean_pixel.green-previous_pixel.green)* 255.0*QuantumScale*(mean_pixel.green-previous_pixel.green)+ 255.0*QuantumScale*(mean_pixel.blue-previous_pixel.blue)* 255.0*QuantumScale*(mean_pixel.blue-previous_pixel.blue); if (distance <= 3.0) break; } q->red=ClampToQuantum(mean_pixel.red); q->green=ClampToQuantum(mean_pixel.green); q->blue=ClampToQuantum(mean_pixel.blue); q->opacity=ClampToQuantum(mean_pixel.opacity); p++; q++; } if (SyncCacheViewAuthenticPixels(mean_view,exception) == MagickFalse) status=MagickFalse; if (image->progress_monitor != (MagickProgressMonitor) NULL) { MagickBooleanType proceed; #if defined(MAGICKCORE_OPENMP_SUPPORT) #pragma omp atomic #endif progress++; proceed=SetImageProgress(image,MeanShiftImageTag,progress,image->rows); if (proceed == MagickFalse) status=MagickFalse; } } mean_view=DestroyCacheView(mean_view); pixel_view=DestroyCacheView(pixel_view); image_view=DestroyCacheView(image_view); return(mean_image); }",visit repo url,magick/feature.c,https://github.com/ImageMagick/ImageMagick6,249368796117581,1 1118,CWE-362,"int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk, __be32 saddr, __be32 daddr, struct ip_options *opt) { struct inet_sock *inet = inet_sk(sk); struct rtable *rt = skb_rtable(skb); struct iphdr *iph; skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0)); skb_reset_network_header(skb); iph = ip_hdr(skb); iph->version = 4; iph->ihl = 5; iph->tos = inet->tos; if (ip_dont_fragment(sk, &rt->dst)) iph->frag_off = htons(IP_DF); else iph->frag_off = 0; iph->ttl = ip_select_ttl(inet, &rt->dst); iph->daddr = rt->rt_dst; iph->saddr = rt->rt_src; iph->protocol = sk->sk_protocol; ip_select_ident(iph, &rt->dst, sk); if (opt && opt->optlen) { iph->ihl += opt->optlen>>2; ip_options_build(skb, opt, daddr, rt, 0); } skb->priority = sk->sk_priority; skb->mark = sk->sk_mark; return ip_local_out(skb); }",visit repo url,net/ipv4/ip_output.c,https://github.com/torvalds/linux,16966161257824,1 1111,['CWE-399'],"handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka, sigset_t *oldset, struct pt_regs * regs) { int ret; if (regs->orig_ax >= 0) { switch (regs->ax) { case -ERESTART_RESTARTBLOCK: case -ERESTARTNOHAND: regs->ax = -EINTR; break; case -ERESTARTSYS: if (!(ka->sa.sa_flags & SA_RESTART)) { regs->ax = -EINTR; break; } case -ERESTARTNOINTR: regs->ax = regs->orig_ax; regs->ip -= 2; } } if (unlikely(regs->flags & X86_EFLAGS_TF) && likely(test_and_clear_thread_flag(TIF_FORCED_TF))) regs->flags &= ~X86_EFLAGS_TF; if (ka->sa.sa_flags & SA_SIGINFO) ret = setup_rt_frame(sig, ka, info, oldset, regs); else ret = setup_frame(sig, ka, oldset, regs); if (ret == 0) { spin_lock_irq(¤t->sighand->siglock); sigorsets(¤t->blocked,¤t->blocked,&ka->sa.sa_mask); if (!(ka->sa.sa_flags & SA_NODEFER)) sigaddset(¤t->blocked,sig); recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); } return ret; }",linux-2.6,,,136920852617602624696599241708994725932,0 5446,['CWE-476'],"static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { int r; if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_SIPI_RECEIVED)) { pr_debug(""vcpu %d received sipi with vector # %x\n"", vcpu->vcpu_id, vcpu->arch.sipi_vector); kvm_lapic_reset(vcpu); r = kvm_arch_vcpu_reset(vcpu); if (r) return r; vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; } down_read(&vcpu->kvm->slots_lock); vapic_enter(vcpu); r = 1; while (r > 0) { if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE) r = vcpu_enter_guest(vcpu, kvm_run); else { up_read(&vcpu->kvm->slots_lock); kvm_vcpu_block(vcpu); down_read(&vcpu->kvm->slots_lock); if (test_and_clear_bit(KVM_REQ_UNHALT, &vcpu->requests)) { switch(vcpu->arch.mp_state) { case KVM_MP_STATE_HALTED: vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; case KVM_MP_STATE_RUNNABLE: break; case KVM_MP_STATE_SIPI_RECEIVED: default: r = -EINTR; break; } } } if (r <= 0) break; clear_bit(KVM_REQ_PENDING_TIMER, &vcpu->requests); if (kvm_cpu_has_pending_timer(vcpu)) kvm_inject_pending_timer_irqs(vcpu); if (dm_request_for_irq_injection(vcpu, kvm_run)) { r = -EINTR; kvm_run->exit_reason = KVM_EXIT_INTR; ++vcpu->stat.request_irq_exits; } if (signal_pending(current)) { r = -EINTR; kvm_run->exit_reason = KVM_EXIT_INTR; ++vcpu->stat.signal_exits; } if (need_resched()) { up_read(&vcpu->kvm->slots_lock); kvm_resched(vcpu); down_read(&vcpu->kvm->slots_lock); } } up_read(&vcpu->kvm->slots_lock); post_kvm_run_save(vcpu, kvm_run); vapic_exit(vcpu); return r; }",linux-2.6,,,159566387240367020606845286070946645383,0 2682,CWE-190,"SPL_METHOD(SplFileInfo, __construct) { spl_filesystem_object *intern; char *path; int len; zend_error_handling error_handling; zend_replace_error_handling(EH_THROW, spl_ce_RuntimeException, &error_handling TSRMLS_CC); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""s"", &path, &len) == FAILURE) { zend_restore_error_handling(&error_handling TSRMLS_CC); return; } intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); spl_filesystem_info_set_filename(intern, path, len, 1 TSRMLS_CC); zend_restore_error_handling(&error_handling TSRMLS_CC); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,18114118042897,1 835,CWE-20,"static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct rose_sock *rose = rose_sk(sk); struct sockaddr_rose *srose = (struct sockaddr_rose *)msg->msg_name; size_t copied; unsigned char *asmptr; struct sk_buff *skb; int n, er, qbit; if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; if ((skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &er)) == NULL) return er; qbit = (skb->data[0] & ROSE_Q_BIT) == ROSE_Q_BIT; skb_pull(skb, ROSE_MIN_LEN); if (rose->qbitincl) { asmptr = skb_push(skb, 1); *asmptr = qbit; } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (srose != NULL) { memset(srose, 0, msg->msg_namelen); srose->srose_family = AF_ROSE; srose->srose_addr = rose->dest_addr; srose->srose_call = rose->dest_call; srose->srose_ndigis = rose->dest_ndigis; if (msg->msg_namelen >= sizeof(struct full_sockaddr_rose)) { struct full_sockaddr_rose *full_srose = (struct full_sockaddr_rose *)msg->msg_name; for (n = 0 ; n < rose->dest_ndigis ; n++) full_srose->srose_digis[n] = rose->dest_digis[n]; msg->msg_namelen = sizeof(struct full_sockaddr_rose); } else { if (rose->dest_ndigis >= 1) { srose->srose_ndigis = 1; srose->srose_digi = rose->dest_digis[0]; } msg->msg_namelen = sizeof(struct sockaddr_rose); } } skb_free_datagram(sk, skb); return copied; }",visit repo url,net/rose/af_rose.c,https://github.com/torvalds/linux,102675711192841,1 4441,CWE-416,"hash_new_from_values(mrb_state *mrb, mrb_int argc, mrb_value *regs) { mrb_value hash = mrb_hash_new_capa(mrb, argc); while (argc--) { mrb_hash_set(mrb, hash, regs[0], regs[1]); regs += 2; } return hash; }",visit repo url,src/vm.c,https://github.com/mruby/mruby,230729274509655,1 5546,[],"do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) { struct task_struct *p; unsigned long flags; int error = -ESRCH; rcu_read_lock(); p = find_task_by_vpid(pid); if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { error = check_kill_permission(sig, info, p); if (!error && sig && lock_task_sighand(p, &flags)) { error = specific_send_sig_info(sig, info, p); unlock_task_sighand(p, &flags); } } rcu_read_unlock(); return error; }",linux-2.6,,,300333937949091982406069772122144037535,0 2260,CWE-362,"static void xfrm6_tunnel_spi_fini(void) { kmem_cache_destroy(xfrm6_tunnel_spi_kmem); }",visit repo url,net/ipv6/xfrm6_tunnel.c,https://github.com/torvalds/linux,32290224469031,1 6540,CWE-552,"static void __attribute__((__noreturn__)) usage(void) { FILE *out = stdout; size_t i; fputs(USAGE_HEADER, out); fprintf(out, _( "" %1$s [options]\n"" "" %1$s [options] | \n"" "" %1$s [options] \n"" "" %1$s [options] [--source ] [--target | --mountpoint ]\n""), program_invocation_short_name); fputs(USAGE_SEPARATOR, out); fputs(_(""Find a (mounted) filesystem.\n""), out); fputs(USAGE_OPTIONS, out); fputs(_("" -s, --fstab search in static table of filesystems\n""), out); fputs(_("" -m, --mtab search in table of mounted filesystems\n"" "" (includes user space mount options)\n""), out); fputs(_("" -k, --kernel search in kernel table of mounted\n"" "" filesystems (default)\n""), out); fputc('\n', out); fputs(_("" -p, --poll[=] monitor changes in table of mounted filesystems\n""), out); fputs(_("" -w, --timeout upper limit in milliseconds that --poll will block\n""), out); fputc('\n', out); fputs(_("" -A, --all disable all built-in filters, print all filesystems\n""), out); fputs(_("" -a, --ascii use ASCII chars for tree formatting\n""), out); fputs(_("" -b, --bytes print sizes in bytes rather than in human readable format\n""), out); fputs(_("" -C, --nocanonicalize don't canonicalize when comparing paths\n""), out); fputs(_("" -c, --canonicalize canonicalize printed paths\n""), out); fputs(_("" --deleted print filesystems with mountpoint marked as deleted\n""), out); fputs(_("" -D, --df imitate the output of df(1)\n""), out); fputs(_("" -d, --direction direction of search, 'forward' or 'backward'\n""), out); fputs(_("" -e, --evaluate convert tags (LABEL,UUID,PARTUUID,PARTLABEL) \n"" "" to device names\n""), out); fputs(_("" -F, --tab-file alternative file for -s, -m or -k options\n""), out); fputs(_("" -f, --first-only print the first found filesystem only\n""), out); fputs(_("" -i, --invert invert the sense of matching\n""), out); fputs(_("" -J, --json use JSON output format\n""), out); fputs(_("" -l, --list use list format output\n""), out); fputs(_("" -N, --task use alternative namespace (/proc//mountinfo file)\n""), out); fputs(_("" -n, --noheadings don't print column headings\n""), out); fputs(_("" -O, --options limit the set of filesystems by mount options\n""), out); fputs(_("" -o, --output the output columns to be shown\n""), out); fputs(_("" --output-all output all available columns\n""), out); fputs(_("" -P, --pairs use key=\""value\"" output format\n""), out); fputs(_("" --pseudo print only pseudo-filesystems\n""), out); fputs(_("" --shadowed print only filesystems over-mounted by another filesystem\n""), out); fputs(_("" -R, --submounts print all submounts for the matching filesystems\n""), out); fputs(_("" -r, --raw use raw output format\n""), out); fputs(_("" --real print only real filesystems\n""), out); fputs(_("" -S, --source the device to mount (by name, maj:min, \n"" "" LABEL=, UUID=, PARTUUID=, PARTLABEL=)\n""), out); fputs(_("" -T, --target the path to the filesystem to use\n""), out); fputs(_("" --tree enable tree format output if possible\n""), out); fputs(_("" -M, --mountpoint the mountpoint directory\n""), out); fputs(_("" -t, --types limit the set of filesystems by FS types\n""), out); fputs(_("" -U, --uniq ignore filesystems with duplicate target\n""), out); fputs(_("" -u, --notruncate don't truncate text in columns\n""), out); fputs(_("" -v, --nofsroot don't print [/dir] for bind or btrfs mounts\n""), out); fputc('\n', out); fputs(_("" -x, --verify verify mount table content (default is fstab)\n""), out); fputs(_("" --verbose print more details\n""), out); fputs(_("" --vfs-all print all VFS options\n""), out); fputs(USAGE_SEPARATOR, out); printf(USAGE_HELP_OPTIONS(24)); fputs(USAGE_COLUMNS, out); for (i = 0; i < ARRAY_SIZE(infos); i++) fprintf(out, "" %11s %s\n"", infos[i].name, _(infos[i].help)); printf(USAGE_MAN_TAIL(""findmnt(8)"")); exit(EXIT_SUCCESS); }",visit repo url,misc-utils/findmnt.c,https://github.com/util-linux/util-linux,256825995803852,1 2631,[],"static int sctp_wait_for_connect(struct sctp_association *asoc, long *timeo_p) { struct sock *sk = asoc->base.sk; int err = 0; long current_timeo = *timeo_p; DEFINE_WAIT(wait); SCTP_DEBUG_PRINTK(""%s: asoc=%p, timeo=%ld\n"", __func__, asoc, (long)(*timeo_p)); sctp_association_hold(asoc); for (;;) { prepare_to_wait_exclusive(&asoc->wait, &wait, TASK_INTERRUPTIBLE); if (!*timeo_p) goto do_nonblock; if (sk->sk_shutdown & RCV_SHUTDOWN) break; if (sk->sk_err || asoc->state >= SCTP_STATE_SHUTDOWN_PENDING || asoc->base.dead) goto do_error; if (signal_pending(current)) goto do_interrupted; if (sctp_state(asoc, ESTABLISHED)) break; sctp_release_sock(sk); current_timeo = schedule_timeout(current_timeo); sctp_lock_sock(sk); *timeo_p = current_timeo; } out: finish_wait(&asoc->wait, &wait); sctp_association_put(asoc); return err; do_error: if (asoc->init_err_counter + 1 > asoc->max_init_attempts) err = -ETIMEDOUT; else err = -ECONNREFUSED; goto out; do_interrupted: err = sock_intr_errno(*timeo_p); goto out; do_nonblock: err = -EINPROGRESS; goto out; }",linux-2.6,,,272476937880326349826777573764479580407,0 1776,NVD-CWE-Other,"static int gtco_probe(struct usb_interface *usbinterface, const struct usb_device_id *id) { struct gtco *gtco; struct input_dev *input_dev; struct hid_descriptor *hid_desc; char *report; int result = 0, retry; int error; struct usb_endpoint_descriptor *endpoint; gtco = kzalloc(sizeof(struct gtco), GFP_KERNEL); input_dev = input_allocate_device(); if (!gtco || !input_dev) { dev_err(&usbinterface->dev, ""No more memory\n""); error = -ENOMEM; goto err_free_devs; } gtco->inputdevice = input_dev; gtco->usbdev = interface_to_usbdev(usbinterface); gtco->intf = usbinterface; gtco->buffer = usb_alloc_coherent(gtco->usbdev, REPORT_MAX_SIZE, GFP_KERNEL, >co->buf_dma); if (!gtco->buffer) { dev_err(&usbinterface->dev, ""No more memory for us buffers\n""); error = -ENOMEM; goto err_free_devs; } gtco->urbinfo = usb_alloc_urb(0, GFP_KERNEL); if (!gtco->urbinfo) { dev_err(&usbinterface->dev, ""Failed to allocate URB\n""); error = -ENOMEM; goto err_free_buf; } endpoint = &usbinterface->altsetting[0].endpoint[0].desc; dev_dbg(&usbinterface->dev, ""gtco # interfaces: %d\n"", usbinterface->num_altsetting); dev_dbg(&usbinterface->dev, ""num endpoints: %d\n"", usbinterface->cur_altsetting->desc.bNumEndpoints); dev_dbg(&usbinterface->dev, ""interface class: %d\n"", usbinterface->cur_altsetting->desc.bInterfaceClass); dev_dbg(&usbinterface->dev, ""endpoint: attribute:0x%x type:0x%x\n"", endpoint->bmAttributes, endpoint->bDescriptorType); if (usb_endpoint_xfer_int(endpoint)) dev_dbg(&usbinterface->dev, ""endpoint: we have interrupt endpoint\n""); dev_dbg(&usbinterface->dev, ""endpoint extra len:%d\n"", usbinterface->altsetting[0].extralen); if (usb_get_extra_descriptor(usbinterface->cur_altsetting, HID_DEVICE_TYPE, &hid_desc) != 0){ dev_err(&usbinterface->dev, ""Can't retrieve exta USB descriptor to get hid report descriptor length\n""); error = -EIO; goto err_free_urb; } dev_dbg(&usbinterface->dev, ""Extra descriptor success: type:%d len:%d\n"", hid_desc->bDescriptorType, hid_desc->wDescriptorLength); report = kzalloc(le16_to_cpu(hid_desc->wDescriptorLength), GFP_KERNEL); if (!report) { dev_err(&usbinterface->dev, ""No more memory for report\n""); error = -ENOMEM; goto err_free_urb; } for (retry = 0; retry < 3; retry++) { result = usb_control_msg(gtco->usbdev, usb_rcvctrlpipe(gtco->usbdev, 0), USB_REQ_GET_DESCRIPTOR, USB_RECIP_INTERFACE | USB_DIR_IN, REPORT_DEVICE_TYPE << 8, 0, report, le16_to_cpu(hid_desc->wDescriptorLength), 5000); dev_dbg(&usbinterface->dev, ""usb_control_msg result: %d\n"", result); if (result == le16_to_cpu(hid_desc->wDescriptorLength)) { parse_hid_report_descriptor(gtco, report, result); break; } } kfree(report); if (result != le16_to_cpu(hid_desc->wDescriptorLength)) { dev_err(&usbinterface->dev, ""Failed to get HID Report Descriptor of size: %d\n"", hid_desc->wDescriptorLength); error = -EIO; goto err_free_urb; } usb_make_path(gtco->usbdev, gtco->usbpath, sizeof(gtco->usbpath)); strlcat(gtco->usbpath, ""/input0"", sizeof(gtco->usbpath)); input_dev->open = gtco_input_open; input_dev->close = gtco_input_close; input_dev->name = ""GTCO_CalComp""; input_dev->phys = gtco->usbpath; input_set_drvdata(input_dev, gtco); gtco_setup_caps(input_dev); usb_to_input_id(gtco->usbdev, &input_dev->id); input_dev->dev.parent = &usbinterface->dev; endpoint = &usbinterface->altsetting[0].endpoint[0].desc; usb_fill_int_urb(gtco->urbinfo, gtco->usbdev, usb_rcvintpipe(gtco->usbdev, endpoint->bEndpointAddress), gtco->buffer, REPORT_MAX_SIZE, gtco_urb_callback, gtco, endpoint->bInterval); gtco->urbinfo->transfer_dma = gtco->buf_dma; gtco->urbinfo->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; usb_set_intfdata(usbinterface, gtco); error = input_register_device(input_dev); if (error) goto err_free_urb; return 0; err_free_urb: usb_free_urb(gtco->urbinfo); err_free_buf: usb_free_coherent(gtco->usbdev, REPORT_MAX_SIZE, gtco->buffer, gtco->buf_dma); err_free_devs: input_free_device(input_dev); kfree(gtco); return error; }",visit repo url,drivers/input/tablet/gtco.c,https://github.com/torvalds/linux,131606743797005,1 5329,CWE-674,"int regexec(Reprog *prog, const char *sp, Resub *sub, int eflags) { Resub scratch; int i; if (!sub) sub = &scratch; sub->nsub = prog->nsub; for (i = 0; i < MAXSUB; ++i) sub->sub[i].sp = sub->sub[i].ep = NULL; return !match(prog->start, sp, sp, prog->flags | eflags, sub); }",visit repo url,regexp.c,https://github.com/ccxvii/mujs,214227562144291,1 1290,CWE-189,"nfs4_xdr_dec_getacl(struct rpc_rqst *rqstp, struct xdr_stream *xdr, struct nfs_getaclres *res) { struct compound_hdr hdr; int status; status = decode_compound_hdr(xdr, &hdr); if (status) goto out; status = decode_sequence(xdr, &res->seq_res, rqstp); if (status) goto out; status = decode_putfh(xdr); if (status) goto out; status = decode_getacl(xdr, rqstp, &res->acl_len); out: return status; }",visit repo url,fs/nfs/nfs4xdr.c,https://github.com/torvalds/linux,175964823765066,1 5466,['CWE-476'],"void kvm_arch_vcpu_free(struct kvm_vcpu *vcpu) { if (vcpu->arch.time_page) { kvm_release_page_dirty(vcpu->arch.time_page); vcpu->arch.time_page = NULL; } kvm_x86_ops->vcpu_free(vcpu); }",linux-2.6,,,96509657905016239095695443110666619788,0 2958,['CWE-189'],"static void jas_stream_destroy(jas_stream_t *stream) { if ((stream->bufmode_ & JAS_STREAM_FREEBUF) && stream->bufbase_) { jas_free(stream->bufbase_); stream->bufbase_ = 0; } jas_free(stream); }",jasper,,,209240346952838571031916851782317823821,0 699,CWE-20,"static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int err = 0; lock_sock(sk); if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) { err = -ENOTCONN; goto out; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (!ax25_sk(sk)->pidincl) skb_pull(skb, 1); skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (msg->msg_namelen != 0) { struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; ax25_digi digi; ax25_address src; const unsigned char *mac = skb_mac_header(skb); memset(sax, 0, sizeof(struct full_sockaddr_ax25)); ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, &digi, NULL, NULL); sax->sax25_family = AF_AX25; sax->sax25_ndigis = digi.ndigi; sax->sax25_call = src; if (sax->sax25_ndigis != 0) { int ct; struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax; for (ct = 0; ct < digi.ndigi; ct++) fsa->fsa_digipeater[ct] = digi.calls[ct]; } msg->msg_namelen = sizeof(struct full_sockaddr_ax25); } skb_free_datagram(sk, skb); err = copied; out: release_sock(sk); return err; }",visit repo url,net/ax25/af_ax25.c,https://github.com/torvalds/linux,113629503405761,1 5027,[],"void winbind_child_died(pid_t pid) { struct winbindd_child *child; for (child = children; child != NULL; child = child->next) { if (child->pid == pid) { break; } } if (child == NULL) { DEBUG(5, (""Already reaped child %u died\n"", (unsigned int)pid)); return; } DLIST_REMOVE(children, child); remove_fd_event(&child->event); close(child->event.fd); child->event.fd = 0; child->event.flags = 0; child->pid = 0; schedule_async_request(child); }",samba,,,216838465956424304332306837210277978536,0 6344,['CWE-200'],"static __inline__ int neigh_max_probes(struct neighbour *n) { struct neigh_parms *p = n->parms; return (n->nud_state & NUD_PROBE ? p->ucast_probes : p->ucast_probes + p->app_probes + p->mcast_probes); }",linux-2.6,,,234812102848634778532806472143698865322,0 3608,['CWE-20'],"struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) { struct sctp_chunk *retval; struct sctp_hmac *hmac_desc; struct sctp_authhdr auth_hdr; __u8 *hmac; hmac_desc = sctp_auth_asoc_get_hmac(asoc); if (unlikely(!hmac_desc)) return NULL; retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); if (!retval) return NULL; auth_hdr.hmac_id = htons(hmac_desc->hmac_id); auth_hdr.shkey_id = htons(asoc->active_key_id); retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), &auth_hdr); hmac = skb_put(retval->skb, hmac_desc->hmac_len); memset(hmac, 0, hmac_desc->hmac_len); retval->chunk_hdr->length = htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); retval->chunk_end = skb_tail_pointer(retval->skb); return retval; }",linux-2.6,,,21036558380092397928657815885934228656,0 1747,[],"static int find_next_best_node(int node, nodemask_t *used_nodes) { int i, n, val, min_val, best_node = 0; min_val = INT_MAX; for (i = 0; i < MAX_NUMNODES; i++) { n = (node + i) % MAX_NUMNODES; if (!nr_cpus_node(n)) continue; if (node_isset(n, *used_nodes)) continue; val = node_distance(node, n); if (val < min_val) { min_val = val; best_node = n; } } node_set(best_node, *used_nodes); return best_node; }",linux-2.6,,,46197431534420140962467671564414183878,0 5005,CWE-787,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 3130,CWE-134,"int bad_format_imginfo( char *fmt) { char *ptr; int n = 0; ptr = fmt; while (*ptr != '\0') if (*ptr++ == '%') { if (*ptr == '\0') return 1; if (*ptr == '%') ptr++; else if (*ptr == 's' || *ptr == 'S') { n = 1; ptr++; } else { if (*ptr == ' ') ptr++; while (*ptr >= '0' && *ptr <= '9') ptr++; if (*ptr++ != 'l') return 1; if (*ptr == 'u') ptr++; else return 1; n++; } } return (n != 3); }",visit repo url,src/rrd_graph.c,https://github.com/oetiker/rrdtool-1.x,33533861269650,1 6626,['CWE-200'],"exported_connection_to_connection (gpointer data, gpointer user_data) { GSList **list = (GSList **) user_data; *list = g_slist_prepend (*list, nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (data))); }",network-manager-applet,,,24392706214191327915693700926278521807,0 2847,['CWE-119'],"static inline void deny_bits(struct posix_ace_state *astate, u32 mask) { astate->deny |= mask & ~astate->allow; }",linux-2.6,,,255573617148933354839742640999900264622,0 2688,[],"static int sctp_getsockopt_maxburst(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_assoc_value params; struct sctp_sock *sp; struct sctp_association *asoc; if (len < sizeof(int)) return -EINVAL; if (len == sizeof(int)) { printk(KERN_WARNING ""SCTP: Use of int in max_burst socket option deprecated\n""); printk(KERN_WARNING ""SCTP: Use struct sctp_assoc_value instead\n""); params.assoc_id = 0; } else if (len == sizeof (struct sctp_assoc_value)) { if (copy_from_user(¶ms, optval, len)) return -EFAULT; } else return -EINVAL; sp = sctp_sk(sk); if (params.assoc_id != 0) { asoc = sctp_id2assoc(sk, params.assoc_id); if (!asoc) return -EINVAL; params.assoc_value = asoc->max_burst; } else params.assoc_value = sp->max_burst; if (len == sizeof(int)) { if (copy_to_user(optval, ¶ms.assoc_value, len)) return -EFAULT; } else { if (copy_to_user(optval, ¶ms, len)) return -EFAULT; } return 0; }",linux-2.6,,,188274165178619863117265656141583374707,0 6494,['CWE-20'],"static inline void emulate_grp2(struct x86_emulate_ctxt *ctxt) { struct decode_cache *c = &ctxt->decode; switch (c->modrm_reg) { case 0: emulate_2op_SrcB(""rol"", c->src, c->dst, ctxt->eflags); break; case 1: emulate_2op_SrcB(""ror"", c->src, c->dst, ctxt->eflags); break; case 2: emulate_2op_SrcB(""rcl"", c->src, c->dst, ctxt->eflags); break; case 3: emulate_2op_SrcB(""rcr"", c->src, c->dst, ctxt->eflags); break; case 4: case 6: emulate_2op_SrcB(""sal"", c->src, c->dst, ctxt->eflags); break; case 5: emulate_2op_SrcB(""shr"", c->src, c->dst, ctxt->eflags); break; case 7: emulate_2op_SrcB(""sar"", c->src, c->dst, ctxt->eflags); break; } }",kvm,,,315782975664394995439633890408132128692,0 2176,CWE-416,"static int gup_huge_pud(pud_t orig, pud_t *pudp, unsigned long addr, unsigned long end, int write, struct page **pages, int *nr) { struct page *head, *page; int refs; if (!pud_access_permitted(orig, write)) return 0; if (pud_devmap(orig)) return __gup_device_huge_pud(orig, pudp, addr, end, pages, nr); refs = 0; page = pud_page(orig) + ((addr & ~PUD_MASK) >> PAGE_SHIFT); do { pages[*nr] = page; (*nr)++; page++; refs++; } while (addr += PAGE_SIZE, addr != end); head = compound_head(pud_page(orig)); if (!page_cache_add_speculative(head, refs)) { *nr -= refs; return 0; } if (unlikely(pud_val(orig) != pud_val(*pudp))) { *nr -= refs; while (refs--) put_page(head); return 0; } SetPageReferenced(head); return 1; }",visit repo url,mm/gup.c,https://github.com/torvalds/linux,137868994336382,1 650,CWE-20,"static int l2tp_ip_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); size_t copied = 0; int err = -EOPNOTSUPP; struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; struct sk_buff *skb; if (flags & MSG_OOB) goto out; if (addr_len) *addr_len = sizeof(*sin); skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_timestamp(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; sin->sin_port = 0; memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); } if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); if (flags & MSG_TRUNC) copied = skb->len; done: skb_free_datagram(sk, skb); out: return err ? err : copied; }",visit repo url,net/l2tp/l2tp_ip.c,https://github.com/torvalds/linux,25169350195135,1 831,CWE-20,"int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { struct sock *sk = sock->sk; struct rds_sock *rs = rds_sk_to_rs(sk); long timeo; int ret = 0, nonblock = msg_flags & MSG_DONTWAIT; struct sockaddr_in *sin; struct rds_incoming *inc = NULL; timeo = sock_rcvtimeo(sk, nonblock); rdsdebug(""size %zu flags 0x%x timeo %ld\n"", size, msg_flags, timeo); msg->msg_namelen = 0; if (msg_flags & MSG_OOB) goto out; while (1) { if (!list_empty(&rs->rs_notify_queue)) { ret = rds_notify_queue_get(rs, msg); break; } if (rs->rs_cong_notify) { ret = rds_notify_cong(rs, msg); break; } if (!rds_next_incoming(rs, &inc)) { if (nonblock) { ret = -EAGAIN; break; } timeo = wait_event_interruptible_timeout(*sk_sleep(sk), (!list_empty(&rs->rs_notify_queue) || rs->rs_cong_notify || rds_next_incoming(rs, &inc)), timeo); rdsdebug(""recvmsg woke inc %p timeo %ld\n"", inc, timeo); if (timeo > 0 || timeo == MAX_SCHEDULE_TIMEOUT) continue; ret = timeo; if (ret == 0) ret = -ETIMEDOUT; break; } rdsdebug(""copying inc %p from %pI4:%u to user\n"", inc, &inc->i_conn->c_faddr, ntohs(inc->i_hdr.h_sport)); ret = inc->i_conn->c_trans->inc_copy_to_user(inc, msg->msg_iov, size); if (ret < 0) break; if (!rds_still_queued(rs, inc, !(msg_flags & MSG_PEEK))) { rds_inc_put(inc); inc = NULL; rds_stats_inc(s_recv_deliver_raced); continue; } if (ret < be32_to_cpu(inc->i_hdr.h_len)) { if (msg_flags & MSG_TRUNC) ret = be32_to_cpu(inc->i_hdr.h_len); msg->msg_flags |= MSG_TRUNC; } if (rds_cmsg_recv(inc, msg)) { ret = -EFAULT; goto out; } rds_stats_inc(s_recv_delivered); sin = (struct sockaddr_in *)msg->msg_name; if (sin) { sin->sin_family = AF_INET; sin->sin_port = inc->i_hdr.h_sport; sin->sin_addr.s_addr = inc->i_saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); msg->msg_namelen = sizeof(*sin); } break; } if (inc) rds_inc_put(inc); out: return ret; }",visit repo url,net/rds/recv.c,https://github.com/torvalds/linux,53010977236851,1 2909,CWE-125,"LogLuvClose(TIFF* tif) { TIFFDirectory *td = &tif->tif_dir; td->td_samplesperpixel = (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; td->td_bitspersample = 16; td->td_sampleformat = SAMPLEFORMAT_INT; }",visit repo url,libtiff/tif_luv.c,https://github.com/vadz/libtiff,174585555081653,1 3274,['CWE-189'],"static jpc_enc_rlvl_t *rlvl_create(jpc_enc_rlvl_t *rlvl, jpc_enc_cp_t *cp, jpc_enc_tcmpt_t *tcmpt, jpc_tsfb_band_t *bandinfos) { uint_fast16_t rlvlno; uint_fast32_t tlprctlx; uint_fast32_t tlprctly; uint_fast32_t brprcbrx; uint_fast32_t brprcbry; uint_fast16_t bandno; jpc_enc_band_t *band; rlvlno = rlvl - tcmpt->rlvls; rlvl->bands = 0; rlvl->tcmpt = tcmpt; rlvl->tlx = JPC_CEILDIVPOW2(jas_seq2d_xstart(tcmpt->data), tcmpt->numrlvls - 1 - rlvlno); rlvl->tly = JPC_CEILDIVPOW2(jas_seq2d_ystart(tcmpt->data), tcmpt->numrlvls - 1 - rlvlno); rlvl->brx = JPC_CEILDIVPOW2(jas_seq2d_xend(tcmpt->data), tcmpt->numrlvls - 1 - rlvlno); rlvl->bry = JPC_CEILDIVPOW2(jas_seq2d_yend(tcmpt->data), tcmpt->numrlvls - 1 - rlvlno); if (rlvl->tlx >= rlvl->brx || rlvl->tly >= rlvl->bry) { rlvl->numhprcs = 0; rlvl->numvprcs = 0; rlvl->numprcs = 0; return rlvl; } rlvl->numbands = (!rlvlno) ? 1 : 3; rlvl->prcwidthexpn = cp->tccp.prcwidthexpns[rlvlno]; rlvl->prcheightexpn = cp->tccp.prcheightexpns[rlvlno]; if (!rlvlno) { rlvl->cbgwidthexpn = rlvl->prcwidthexpn; rlvl->cbgheightexpn = rlvl->prcheightexpn; } else { rlvl->cbgwidthexpn = rlvl->prcwidthexpn - 1; rlvl->cbgheightexpn = rlvl->prcheightexpn - 1; } rlvl->cblkwidthexpn = JAS_MIN(cp->tccp.cblkwidthexpn, rlvl->cbgwidthexpn); rlvl->cblkheightexpn = JAS_MIN(cp->tccp.cblkheightexpn, rlvl->cbgheightexpn); tlprctlx = JPC_FLOORTOMULTPOW2(rlvl->tlx, rlvl->prcwidthexpn); tlprctly = JPC_FLOORTOMULTPOW2(rlvl->tly, rlvl->prcheightexpn); brprcbrx = JPC_CEILTOMULTPOW2(rlvl->brx, rlvl->prcwidthexpn); brprcbry = JPC_CEILTOMULTPOW2(rlvl->bry, rlvl->prcheightexpn); rlvl->numhprcs = JPC_FLOORDIVPOW2(brprcbrx - tlprctlx, rlvl->prcwidthexpn); rlvl->numvprcs = JPC_FLOORDIVPOW2(brprcbry - tlprctly, rlvl->prcheightexpn); rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs; if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_enc_band_t)))) { goto error; } for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; ++bandno, ++band) { band->prcs = 0; band->data = 0; band->rlvl = rlvl; } for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; ++bandno, ++band) { if (!band_create(band, cp, rlvl, bandinfos)) { goto error; } } return rlvl; error: rlvl_destroy(rlvl); return 0; }",jasper,,,77257229303878297747388900507787633337,0 2409,CWE-189,"static void add_bytes_l2_c(uint8_t *dst, uint8_t *src1, uint8_t *src2, int w) { long i; for (i = 0; i <= w - sizeof(long); i += sizeof(long)) { long a = *(long *)(src1 + i); long b = *(long *)(src2 + i); *(long *)(dst + i) = ((a & pb_7f) + (b & pb_7f)) ^ ((a ^ b) & pb_80); } for (; i < w; i++) dst[i] = src1[i] + src2[i]; }",visit repo url,libavcodec/pngdsp.c,https://github.com/FFmpeg/FFmpeg,239108416300498,1 3533,['CWE-20'],"static sctp_disposition_t sctp_sf_violation_ctsn( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { static const char err_str[]=""The cumulative tsn ack beyond the max tsn currently sent:""; return sctp_sf_abort_violation(ep, asoc, arg, commands, err_str, sizeof(err_str)); }",linux-2.6,,,199075648485126780042391018292435126714,0 516,CWE-119,"static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, struct bpf_insn *insn, struct bpf_reg_state *dst_reg, struct bpf_reg_state src_reg) { struct bpf_reg_state *regs = cur_regs(env); u8 opcode = BPF_OP(insn->code); bool src_known, dst_known; s64 smin_val, smax_val; u64 umin_val, umax_val; if (BPF_CLASS(insn->code) != BPF_ALU64) { coerce_reg_to_32(dst_reg); coerce_reg_to_32(&src_reg); } smin_val = src_reg.smin_value; smax_val = src_reg.smax_value; umin_val = src_reg.umin_value; umax_val = src_reg.umax_value; src_known = tnum_is_const(src_reg.var_off); dst_known = tnum_is_const(dst_reg->var_off); switch (opcode) { case BPF_ADD: if (signed_add_overflows(dst_reg->smin_value, smin_val) || signed_add_overflows(dst_reg->smax_value, smax_val)) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value += smin_val; dst_reg->smax_value += smax_val; } if (dst_reg->umin_value + umin_val < umin_val || dst_reg->umax_value + umax_val < umax_val) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value += umin_val; dst_reg->umax_value += umax_val; } dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off); break; case BPF_SUB: if (signed_sub_overflows(dst_reg->smin_value, smax_val) || signed_sub_overflows(dst_reg->smax_value, smin_val)) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value -= smax_val; dst_reg->smax_value -= smin_val; } if (dst_reg->umin_value < umax_val) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value -= umax_val; dst_reg->umax_value -= umin_val; } dst_reg->var_off = tnum_sub(dst_reg->var_off, src_reg.var_off); break; case BPF_MUL: dst_reg->var_off = tnum_mul(dst_reg->var_off, src_reg.var_off); if (smin_val < 0 || dst_reg->smin_value < 0) { __mark_reg_unbounded(dst_reg); __update_reg_bounds(dst_reg); break; } if (umax_val > U32_MAX || dst_reg->umax_value > U32_MAX) { __mark_reg_unbounded(dst_reg); __update_reg_bounds(dst_reg); break; } dst_reg->umin_value *= umin_val; dst_reg->umax_value *= umax_val; if (dst_reg->umax_value > S64_MAX) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } break; case BPF_AND: if (src_known && dst_known) { __mark_reg_known(dst_reg, dst_reg->var_off.value & src_reg.var_off.value); break; } dst_reg->var_off = tnum_and(dst_reg->var_off, src_reg.var_off); dst_reg->umin_value = dst_reg->var_off.value; dst_reg->umax_value = min(dst_reg->umax_value, umax_val); if (dst_reg->smin_value < 0 || smin_val < 0) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } __update_reg_bounds(dst_reg); break; case BPF_OR: if (src_known && dst_known) { __mark_reg_known(dst_reg, dst_reg->var_off.value | src_reg.var_off.value); break; } dst_reg->var_off = tnum_or(dst_reg->var_off, src_reg.var_off); dst_reg->umin_value = max(dst_reg->umin_value, umin_val); dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask; if (dst_reg->smin_value < 0 || smin_val < 0) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } __update_reg_bounds(dst_reg); break; case BPF_LSH: if (umax_val > 63) { mark_reg_unknown(env, regs, insn->dst_reg); break; } dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; if (dst_reg->umax_value > 1ULL << (63 - umax_val)) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value <<= umin_val; dst_reg->umax_value <<= umax_val; } if (src_known) dst_reg->var_off = tnum_lshift(dst_reg->var_off, umin_val); else dst_reg->var_off = tnum_lshift(tnum_unknown, umin_val); __update_reg_bounds(dst_reg); break; case BPF_RSH: if (umax_val > 63) { mark_reg_unknown(env, regs, insn->dst_reg); break; } if (dst_reg->smin_value < 0) { if (umin_val) { dst_reg->smin_value = 0; } else { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } } else { dst_reg->smin_value = (u64)(dst_reg->smin_value) >> umax_val; } if (src_known) dst_reg->var_off = tnum_rshift(dst_reg->var_off, umin_val); else dst_reg->var_off = tnum_rshift(tnum_unknown, umin_val); dst_reg->umin_value >>= umax_val; dst_reg->umax_value >>= umin_val; __update_reg_bounds(dst_reg); break; default: mark_reg_unknown(env, regs, insn->dst_reg); break; } __reg_deduce_bounds(dst_reg); __reg_bound_offset(dst_reg); return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,71658147704117,1 177,[],"static inline void free_arg_pages(struct linux_binprm *bprm) { int i; for (i = 0; i < MAX_ARG_PAGES; i++) { if (bprm->page[i]) __free_page(bprm->page[i]); bprm->page[i] = NULL; } }",linux-2.6,,,111973301259186621064100708714420353841,0 3994,CWE-119,"void ourWriteOut(CURL *curl, struct OutStruct *outs, const char *writeinfo) { FILE *stream = stdout; const char *ptr = writeinfo; char *stringp = NULL; long longinfo; double doubleinfo; while(ptr && *ptr) { if('%' == *ptr) { if('%' == ptr[1]) { fputc('%', stream); ptr += 2; } else { char *end; char keepit; int i; if('{' == ptr[1]) { bool match = FALSE; end = strchr(ptr, '}'); ptr += 2; if(!end) { fputs(""%{"", stream); continue; } keepit = *end; *end = 0; for(i = 0; replacements[i].name; i++) { if(curl_strequal(ptr, replacements[i].name)) { match = TRUE; switch(replacements[i].id) { case VAR_EFFECTIVE_URL: if((CURLE_OK == curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &stringp)) && stringp) fputs(stringp, stream); break; case VAR_HTTP_CODE: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &longinfo)) fprintf(stream, ""%03ld"", longinfo); break; case VAR_HTTP_CODE_PROXY: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_HTTP_CONNECTCODE, &longinfo)) fprintf(stream, ""%03ld"", longinfo); break; case VAR_HEADER_SIZE: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_HEADER_SIZE, &longinfo)) fprintf(stream, ""%ld"", longinfo); break; case VAR_REQUEST_SIZE: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_REQUEST_SIZE, &longinfo)) fprintf(stream, ""%ld"", longinfo); break; case VAR_NUM_CONNECTS: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_NUM_CONNECTS, &longinfo)) fprintf(stream, ""%ld"", longinfo); break; case VAR_REDIRECT_COUNT: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_REDIRECT_COUNT, &longinfo)) fprintf(stream, ""%ld"", longinfo); break; case VAR_REDIRECT_TIME: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_REDIRECT_TIME, &doubleinfo)) fprintf(stream, ""%.6f"", doubleinfo); break; case VAR_TOTAL_TIME: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &doubleinfo)) fprintf(stream, ""%.6f"", doubleinfo); break; case VAR_NAMELOOKUP_TIME: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_NAMELOOKUP_TIME, &doubleinfo)) fprintf(stream, ""%.6f"", doubleinfo); break; case VAR_CONNECT_TIME: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_CONNECT_TIME, &doubleinfo)) fprintf(stream, ""%.6f"", doubleinfo); break; case VAR_APPCONNECT_TIME: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_APPCONNECT_TIME, &doubleinfo)) fprintf(stream, ""%.6f"", doubleinfo); break; case VAR_PRETRANSFER_TIME: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_PRETRANSFER_TIME, &doubleinfo)) fprintf(stream, ""%.6f"", doubleinfo); break; case VAR_STARTTRANSFER_TIME: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_STARTTRANSFER_TIME, &doubleinfo)) fprintf(stream, ""%.6f"", doubleinfo); break; case VAR_SIZE_UPLOAD: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_SIZE_UPLOAD, &doubleinfo)) fprintf(stream, ""%.0f"", doubleinfo); break; case VAR_SIZE_DOWNLOAD: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_SIZE_DOWNLOAD, &doubleinfo)) fprintf(stream, ""%.0f"", doubleinfo); break; case VAR_SPEED_DOWNLOAD: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_SPEED_DOWNLOAD, &doubleinfo)) fprintf(stream, ""%.3f"", doubleinfo); break; case VAR_SPEED_UPLOAD: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD, &doubleinfo)) fprintf(stream, ""%.3f"", doubleinfo); break; case VAR_CONTENT_TYPE: if((CURLE_OK == curl_easy_getinfo(curl, CURLINFO_CONTENT_TYPE, &stringp)) && stringp) fputs(stringp, stream); break; case VAR_FTP_ENTRY_PATH: if((CURLE_OK == curl_easy_getinfo(curl, CURLINFO_FTP_ENTRY_PATH, &stringp)) && stringp) fputs(stringp, stream); break; case VAR_REDIRECT_URL: if((CURLE_OK == curl_easy_getinfo(curl, CURLINFO_REDIRECT_URL, &stringp)) && stringp) fputs(stringp, stream); break; case VAR_SSL_VERIFY_RESULT: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_SSL_VERIFYRESULT, &longinfo)) fprintf(stream, ""%ld"", longinfo); break; case VAR_PROXY_SSL_VERIFY_RESULT: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_PROXY_SSL_VERIFYRESULT, &longinfo)) fprintf(stream, ""%ld"", longinfo); break; case VAR_EFFECTIVE_FILENAME: if(outs->filename) fprintf(stream, ""%s"", outs->filename); break; case VAR_PRIMARY_IP: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_PRIMARY_IP, &stringp)) fprintf(stream, ""%s"", stringp); break; case VAR_PRIMARY_PORT: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_PRIMARY_PORT, &longinfo)) fprintf(stream, ""%ld"", longinfo); break; case VAR_LOCAL_IP: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_LOCAL_IP, &stringp)) fprintf(stream, ""%s"", stringp); break; case VAR_LOCAL_PORT: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_LOCAL_PORT, &longinfo)) fprintf(stream, ""%ld"", longinfo); break; case VAR_HTTP_VERSION: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_HTTP_VERSION, &longinfo)) { const char *version = ""0""; switch(longinfo) { case CURL_HTTP_VERSION_1_0: version = ""1.0""; break; case CURL_HTTP_VERSION_1_1: version = ""1.1""; break; case CURL_HTTP_VERSION_2_0: version = ""2""; break; } fprintf(stream, version); } break; case VAR_SCHEME: if(CURLE_OK == curl_easy_getinfo(curl, CURLINFO_SCHEME, &stringp)) fprintf(stream, ""%s"", stringp); break; default: break; } break; } } if(!match) { fprintf(stderr, ""curl: unknown --write-out variable: '%s'\n"", ptr); } ptr = end + 1; *end = keepit; } else { fputc('%', stream); fputc(ptr[1], stream); ptr += 2; } } } else if('\\' == *ptr) { switch(ptr[1]) { case 'r': fputc('\r', stream); break; case 'n': fputc('\n', stream); break; case 't': fputc('\t', stream); break; default: fputc(*ptr, stream); fputc(ptr[1], stream); break; } ptr += 2; } else { fputc(*ptr, stream); ptr++; } } }",visit repo url,src/tool_writeout.c,https://github.com/curl/curl,264601829531420,1 2869,CWE-119,"tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ tsize_t written=0; unsigned char* buffer=NULL; unsigned char* samplebuffer=NULL; tsize_t bufferoffset=0; tsize_t samplebufferoffset=0; tsize_t read=0; tstrip_t i=0; tstrip_t j=0; tstrip_t stripcount=0; tsize_t stripsize=0; tsize_t sepstripcount=0; tsize_t sepstripsize=0; #ifdef OJPEG_SUPPORT toff_t inputoffset=0; uint16 h_samp=1; uint16 v_samp=1; uint16 ri=1; uint32 rows=0; #endif #ifdef JPEG_SUPPORT unsigned char* jpt; float* xfloatp; uint64* sbc; unsigned char* stripbuffer; tsize_t striplength=0; uint32 max_striplength=0; #endif if (t2p->t2p_error != T2P_ERR_OK) return(0); if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){ #ifdef CCITT_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_G4){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if (buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for "" ""t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB){ TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef ZIP_SUPPORT if (t2p->pdf_compression == T2P_COMPRESS_ZIP) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB) { TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef OJPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_OJPEG) { if(t2p->tiff_dataoffset != 0) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if(t2p->pdf_ojpegiflength==0){ inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); t2pReadFile(input, (tdata_t) buffer, t2p->tiff_datasize); t2pSeekFile(input, inputoffset, SEEK_SET); t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } else { inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); bufferoffset = t2pReadFile(input, (tdata_t) buffer, t2p->pdf_ojpegiflength); t2p->pdf_ojpegiflength = 0; t2pSeekFile(input, inputoffset, SEEK_SET); TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &h_samp, &v_samp); buffer[bufferoffset++]= 0xff; buffer[bufferoffset++]= 0xdd; buffer[bufferoffset++]= 0x00; buffer[bufferoffset++]= 0x04; h_samp*=8; v_samp*=8; ri=(t2p->tiff_width+h_samp-1) / h_samp; TIFFGetField(input, TIFFTAG_ROWSPERSTRIP, &rows); ri*=(rows+v_samp-1)/v_samp; buffer[bufferoffset++]= (ri>>8) & 0xff; buffer[bufferoffset++]= ri & 0xff; stripcount=TIFFNumberOfStrips(input); for(i=0;ipdf_ojpegdata){ TIFFError(TIFF2PDF_MODULE, ""No support for OJPEG image %s with bad tables"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); _TIFFmemcpy(buffer, t2p->pdf_ojpegdata, t2p->pdf_ojpegdatalength); bufferoffset=t2p->pdf_ojpegdatalength; stripcount=TIFFNumberOfStrips(input); for(i=0;it2p_error = T2P_ERR_ERROR; return(0); #endif } } #endif #ifdef JPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_JPEG) { uint32 count = 0; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if (TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { if(count > 4) { _TIFFmemcpy(buffer, jpt, count); bufferoffset += count - 2; } } stripcount=TIFFNumberOfStrips(input); TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc); for(i=0;imax_striplength) max_striplength=sbc[i]; } stripbuffer = (unsigned char*) _TIFFmalloc(max_striplength); if(stripbuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s"", max_striplength, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } for(i=0;itiff_length)){ TIFFError(TIFF2PDF_MODULE, ""Can't process JPEG data in input file %s"", TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } } buffer[bufferoffset++]=0xff; buffer[bufferoffset++]=0xd9; t2pWriteFile(output, (tdata_t) buffer, bufferoffset); _TIFFfree(stripbuffer); _TIFFfree(buffer); return(bufferoffset); } #endif (void)0; } if(t2p->pdf_sample==T2P_SAMPLE_NOTHING){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } } else { if(t2p->pdf_sample & T2P_SAMPLE_PLANAR_SEPARATE_TO_CONTIG){ sepstripsize=TIFFStripSize(input); sepstripcount=TIFFNumberOfStrips(input); stripsize=sepstripsize*t2p->tiff_samplesperpixel; stripcount=sepstripcount/t2p->tiff_samplesperpixel; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); samplebuffer = (unsigned char*) _TIFFmalloc(stripsize); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } for(i=0;itiff_samplesperpixel;j++){ read = TIFFReadEncodedStrip(input, i + j*stripcount, (tdata_t) &(samplebuffer[samplebufferoffset]), TIFFmin(sepstripsize, stripsize - samplebufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i + j*stripcount, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } samplebufferoffset+=read; } t2p_sample_planar_separate_to_contig( t2p, &(buffer[bufferoffset]), samplebuffer, samplebufferoffset); bufferoffset+=samplebufferoffset; } _TIFFfree(samplebuffer); goto dataready; } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } if(t2p->pdf_sample & T2P_SAMPLE_REALIZE_PALETTE){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t) buffer, t2p->tiff_datasize * t2p->tiff_samplesperpixel); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; t2p->tiff_datasize *= t2p->tiff_samplesperpixel; } t2p_sample_realize_palette(t2p, buffer); } if(t2p->pdf_sample & T2P_SAMPLE_RGBA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgba_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_RGBAA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgbaa_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_YCBCR_TO_RGB){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length*4); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; } if(!TIFFReadRGBAImageOriented( input, t2p->tiff_width, t2p->tiff_length, (uint32*)buffer, ORIENTATION_TOPLEFT, 0)){ TIFFError(TIFF2PDF_MODULE, ""Can't use TIFFReadRGBAImageOriented to extract RGB image from %s"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } t2p->tiff_datasize=t2p_sample_abgr_to_rgb( (tdata_t) buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_LAB_SIGNED_TO_UNSIGNED){ t2p->tiff_datasize=t2p_sample_lab_signed_to_unsigned( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } } dataready: t2p_disable(output); TIFFSetField(output, TIFFTAG_PHOTOMETRIC, t2p->tiff_photometric); TIFFSetField(output, TIFFTAG_BITSPERSAMPLE, t2p->tiff_bitspersample); TIFFSetField(output, TIFFTAG_SAMPLESPERPIXEL, t2p->tiff_samplesperpixel); TIFFSetField(output, TIFFTAG_IMAGEWIDTH, t2p->tiff_width); TIFFSetField(output, TIFFTAG_IMAGELENGTH, t2p->tiff_length); TIFFSetField(output, TIFFTAG_ROWSPERSTRIP, t2p->tiff_length); TIFFSetField(output, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); TIFFSetField(output, TIFFTAG_FILLORDER, FILLORDER_MSB2LSB); switch(t2p->pdf_compression){ case T2P_COMPRESS_NONE: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_NONE); break; #ifdef CCITT_SUPPORT case T2P_COMPRESS_G4: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_CCITTFAX4); break; #endif #ifdef JPEG_SUPPORT case T2P_COMPRESS_JPEG: if(t2p->tiff_photometric==PHOTOMETRIC_YCBCR) { uint16 hor = 0, ver = 0; if (TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &hor, &ver) !=0 ) { if(hor != 0 && ver != 0){ TIFFSetField(output, TIFFTAG_YCBCRSUBSAMPLING, hor, ver); } } if(TIFFGetField(input, TIFFTAG_REFERENCEBLACKWHITE, &xfloatp)!=0){ TIFFSetField(output, TIFFTAG_REFERENCEBLACKWHITE, xfloatp); } } if(TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_JPEG)==0){ TIFFError(TIFF2PDF_MODULE, ""Unable to use JPEG compression for input %s and output %s"", TIFFFileName(input), TIFFFileName(output)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFSetField(output, TIFFTAG_JPEGTABLESMODE, 0); if(t2p->pdf_colorspace & (T2P_CS_RGB | T2P_CS_LAB)){ TIFFSetField(output, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_YCBCR); if(t2p->tiff_photometric != PHOTOMETRIC_YCBCR){ TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RAW); } } if(t2p->pdf_colorspace & T2P_CS_GRAY){ (void)0; } if(t2p->pdf_colorspace & T2P_CS_CMYK){ (void)0; } if(t2p->pdf_defaultcompressionquality != 0){ TIFFSetField(output, TIFFTAG_JPEGQUALITY, t2p->pdf_defaultcompressionquality); } break; #endif #ifdef ZIP_SUPPORT case T2P_COMPRESS_ZIP: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_DEFLATE); if(t2p->pdf_defaultcompressionquality%100 != 0){ TIFFSetField(output, TIFFTAG_PREDICTOR, t2p->pdf_defaultcompressionquality % 100); } if(t2p->pdf_defaultcompressionquality/100 != 0){ TIFFSetField(output, TIFFTAG_ZIPQUALITY, (t2p->pdf_defaultcompressionquality / 100)); } break; #endif default: break; } t2p_enable(output); t2p->outputwritten = 0; #ifdef JPEG_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_JPEG && t2p->tiff_photometric == PHOTOMETRIC_YCBCR){ bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, stripsize * stripcount); } else #endif { bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, t2p->tiff_datasize); } if (buffer != NULL) { _TIFFfree(buffer); buffer=NULL; } if (bufferoffset == (tsize_t)-1) { TIFFError(TIFF2PDF_MODULE, ""Error writing encoded strip to output PDF %s"", TIFFFileName(output)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } written = t2p->outputwritten; return(written); }",visit repo url,tools/tiff2pdf.c,https://github.com/vadz/libtiff,108893693056642,1 5236,CWE-787,"int main(int argc, char **argv) { char *filein, *str, *tempfile, *prestring, *outprotos, *protostr; const char *spacestr = "" ""; char buf[L_BUF_SIZE]; l_uint8 *allheaders; l_int32 i, maxindex, in_line, nflags, protos_added, firstfile, len, ret; size_t nbytes; L_BYTEA *ba, *ba2; SARRAY *sa, *safirst; static char mainName[] = ""xtractprotos""; if (argc == 1) { fprintf(stderr, ""xtractprotos [-prestring=] [-protos=] "" ""[list of C files]\n"" ""where the prestring is prepended to each prototype, and \n"" ""protos can be either 'inline' or the name of an output "" ""prototype file\n""); return 1; } prestring = outprotos = NULL; in_line = FALSE; nflags = 0; maxindex = L_MIN(3, argc); for (i = 1; i < maxindex; i++) { if (argv[i][0] == '-') { if (!strncmp(argv[i], ""-prestring"", 10)) { nflags++; ret = sscanf(argv[i] + 1, ""prestring=%s"", buf); if (ret != 1) { fprintf(stderr, ""parse failure for prestring\n""); return 1; } if ((len = strlen(buf)) > L_BUF_SIZE - 3) { L_WARNING(""prestring too large; omitting!\n"", mainName); } else { buf[len] = ' '; buf[len + 1] = '\0'; prestring = stringNew(buf); } } else if (!strncmp(argv[i], ""-protos"", 7)) { nflags++; ret = sscanf(argv[i] + 1, ""protos=%s"", buf); if (ret != 1) { fprintf(stderr, ""parse failure for protos\n""); return 1; } outprotos = stringNew(buf); if (!strncmp(outprotos, ""inline"", 7)) in_line = TRUE; } } } if (argc - nflags < 2) { fprintf(stderr, ""no files specified!\n""); return 1; } ba = l_byteaCreate(500); sa = sarrayCreate(0); sarrayAddString(sa, (char *)""/*"", L_COPY); snprintf(buf, L_BUF_SIZE, "" * These prototypes were autogen'd by xtractprotos, v. %s"", version); sarrayAddString(sa, buf, L_COPY); sarrayAddString(sa, (char *)"" */"", L_COPY); sarrayAddString(sa, (char *)""#ifdef __cplusplus"", L_COPY); sarrayAddString(sa, (char *)""extern \""C\"" {"", L_COPY); sarrayAddString(sa, (char *)""#endif /* __cplusplus */\n"", L_COPY); str = sarrayToString(sa, 1); l_byteaAppendString(ba, str); lept_free(str); sarrayDestroy(&sa); firstfile = 1 + nflags; protos_added = FALSE; if ((tempfile = l_makeTempFilename()) == NULL) { fprintf(stderr, ""failure to make a writeable temp file\n""); return 1; } for (i = firstfile; i < argc; i++) { filein = argv[i]; len = strlen(filein); if (filein[len - 1] == 'h') continue; snprintf(buf, L_BUF_SIZE, ""cpp -ansi -DNO_PROTOS %s %s"", filein, tempfile); ret = system(buf); if (ret) { fprintf(stderr, ""cpp failure for %s; continuing\n"", filein); continue; } if ((str = parseForProtos(tempfile, prestring)) == NULL) { fprintf(stderr, ""parse failure for %s; continuing\n"", filein); continue; } if (strlen(str) > 1) { l_byteaAppendString(ba, str); protos_added = TRUE; } lept_free(str); } lept_rmfile(tempfile); lept_free(tempfile); sa = sarrayCreate(0); sarrayAddString(sa, (char *)""\n#ifdef __cplusplus"", L_COPY); sarrayAddString(sa, (char *)""}"", L_COPY); sarrayAddString(sa, (char *)""#endif /* __cplusplus */"", L_COPY); str = sarrayToString(sa, 1); l_byteaAppendString(ba, str); lept_free(str); sarrayDestroy(&sa); protostr = (char *)l_byteaCopyData(ba, &nbytes); l_byteaDestroy(&ba); if (!outprotos) { fprintf(stderr, ""%s\n"", protostr); lept_free(protostr); return 0; } if (!protos_added) { fprintf(stderr, ""No protos found\n""); lept_free(protostr); return 1; } ba = l_byteaInitFromFile(""allheaders_top.txt""); if (!in_line) { snprintf(buf, sizeof(buf), ""#include \""%s\""\n"", outprotos); l_byteaAppendString(ba, buf); l_binaryWrite(outprotos, ""w"", protostr, nbytes); } else { l_byteaAppendString(ba, protostr); } ba2 = l_byteaInitFromFile(""allheaders_bot.txt""); l_byteaJoin(ba, &ba2); l_byteaWrite(""allheaders.h"", ba, 0, 0); l_byteaDestroy(&ba); lept_free(protostr); return 0; }",visit repo url,prog/xtractprotos.c,https://github.com/DanBloomberg/leptonica,126540936729905,1 4195,CWE-346,"_handle_carbons(xmpp_stanza_t *const stanza) { xmpp_stanza_t *carbons = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_CARBONS); if (!carbons) { return FALSE; } const char *name = xmpp_stanza_get_name(carbons); if (!name) { log_error(""Unable to retrieve stanza name for Carbon""); return TRUE; } if (g_strcmp0(name, ""private"") == 0) { log_info(""Carbon received with private element.""); return FALSE; } if ((g_strcmp0(name, ""received"") != 0) && (g_strcmp0(name, ""sent"") != 0)) { log_warning(""Carbon received with unrecognised stanza name: %s"", name); return TRUE; } xmpp_stanza_t *forwarded = xmpp_stanza_get_child_by_ns(carbons, STANZA_NS_FORWARD); if (!forwarded) { log_warning(""Carbon received with no forwarded element""); return TRUE; } xmpp_stanza_t *message = xmpp_stanza_get_child_by_name(forwarded, STANZA_NAME_MESSAGE); if (!message) { log_warning(""Carbon received with no message element""); return TRUE; } char *message_txt = xmpp_message_get_body(message); if (!message_txt) { log_warning(""Carbon received with no message.""); return TRUE; } const gchar *to = xmpp_stanza_get_to(message); const gchar *from = xmpp_stanza_get_from(message); if (!to) to = from; Jid *jid_from = jid_create(from); Jid *jid_to = jid_create(to); Jid *my_jid = jid_create(connection_get_fulljid()); char *enc_message = NULL; xmpp_stanza_t *x = xmpp_stanza_get_child_by_ns(message, STANZA_NS_ENCRYPTED); if (x) { enc_message = xmpp_stanza_get_text(x); } if (g_strcmp0(my_jid->barejid, jid_to->barejid) == 0) { sv_ev_incoming_carbon(jid_from->barejid, jid_from->resourcepart, message_txt, enc_message); } else { sv_ev_outgoing_carbon(jid_to->barejid, message_txt, enc_message); } xmpp_ctx_t *ctx = connection_get_ctx(); xmpp_free(ctx, message_txt); xmpp_free(ctx, enc_message); jid_destroy(jid_from); jid_destroy(jid_to); jid_destroy(my_jid); return TRUE; }",visit repo url,src/xmpp/message.c,https://github.com/boothj5/profanity,99654720262025,1 325,CWE-415,"int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb, struct dccp_hdr *dh, unsigned int len) { struct dccp_sock *dp = dccp_sk(sk); struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb); const int old_state = sk->sk_state; int queued = 0; if (sk->sk_state == DCCP_LISTEN) { if (dh->dccph_type == DCCP_PKT_REQUEST) { if (inet_csk(sk)->icsk_af_ops->conn_request(sk, skb) < 0) return 1; goto discard; } if (dh->dccph_type == DCCP_PKT_RESET) goto discard; dcb->dccpd_reset_code = DCCP_RESET_CODE_NO_CONNECTION; return 1; } else if (sk->sk_state == DCCP_CLOSED) { dcb->dccpd_reset_code = DCCP_RESET_CODE_NO_CONNECTION; return 1; } if (sk->sk_state != DCCP_REQUESTING && dccp_check_seqno(sk, skb)) goto discard; if ((dp->dccps_role != DCCP_ROLE_CLIENT && dh->dccph_type == DCCP_PKT_RESPONSE) || (dp->dccps_role == DCCP_ROLE_CLIENT && dh->dccph_type == DCCP_PKT_REQUEST) || (sk->sk_state == DCCP_RESPOND && dh->dccph_type == DCCP_PKT_DATA)) { dccp_send_sync(sk, dcb->dccpd_seq, DCCP_PKT_SYNC); goto discard; } if (dccp_parse_options(sk, NULL, skb)) return 1; if (dh->dccph_type == DCCP_PKT_RESET) { dccp_rcv_reset(sk, skb); return 0; } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { if (dccp_rcv_closereq(sk, skb)) return 0; goto discard; } else if (dh->dccph_type == DCCP_PKT_CLOSE) { if (dccp_rcv_close(sk, skb)) return 0; goto discard; } switch (sk->sk_state) { case DCCP_REQUESTING: queued = dccp_rcv_request_sent_state_process(sk, skb, dh, len); if (queued >= 0) return queued; __kfree_skb(skb); return 0; case DCCP_PARTOPEN: dccp_handle_ackvec_processing(sk, skb); dccp_deliver_input_to_ccids(sk, skb); case DCCP_RESPOND: queued = dccp_rcv_respond_partopen_state_process(sk, skb, dh, len); break; } if (dh->dccph_type == DCCP_PKT_ACK || dh->dccph_type == DCCP_PKT_DATAACK) { switch (old_state) { case DCCP_PARTOPEN: sk->sk_state_change(sk); sk_wake_async(sk, SOCK_WAKE_IO, POLL_OUT); break; } } else if (unlikely(dh->dccph_type == DCCP_PKT_SYNC)) { dccp_send_sync(sk, dcb->dccpd_seq, DCCP_PKT_SYNCACK); goto discard; } if (!queued) { discard: __kfree_skb(skb); } return 0; }",visit repo url,net/dccp/input.c,https://github.com/torvalds/linux,16256427416845,1 5230,CWE-116,"flatpak_context_load_metadata (FlatpakContext *context, GKeyFile *metakey, GError **error) { gboolean remove; g_auto(GStrv) groups = NULL; gsize i; if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_SHARED, NULL)) { g_auto(GStrv) shares = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_SHARED, NULL, error); if (shares == NULL) return FALSE; for (i = 0; shares[i] != NULL; i++) { FlatpakContextShares share; share = flatpak_context_share_from_string (parse_negated (shares[i], &remove), NULL); if (share == 0) g_info (""Unknown share type %s"", shares[i]); else { if (remove) flatpak_context_remove_shares (context, share); else flatpak_context_add_shares (context, share); } } } if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_SOCKETS, NULL)) { g_auto(GStrv) sockets = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_SOCKETS, NULL, error); if (sockets == NULL) return FALSE; for (i = 0; sockets[i] != NULL; i++) { FlatpakContextSockets socket = flatpak_context_socket_from_string (parse_negated (sockets[i], &remove), NULL); if (socket == 0) g_info (""Unknown socket type %s"", sockets[i]); else { if (remove) flatpak_context_remove_sockets (context, socket); else flatpak_context_add_sockets (context, socket); } } } if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_DEVICES, NULL)) { g_auto(GStrv) devices = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_DEVICES, NULL, error); if (devices == NULL) return FALSE; for (i = 0; devices[i] != NULL; i++) { FlatpakContextDevices device = flatpak_context_device_from_string (parse_negated (devices[i], &remove), NULL); if (device == 0) g_info (""Unknown device type %s"", devices[i]); else { if (remove) flatpak_context_remove_devices (context, device); else flatpak_context_add_devices (context, device); } } } if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_FEATURES, NULL)) { g_auto(GStrv) features = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_FEATURES, NULL, error); if (features == NULL) return FALSE; for (i = 0; features[i] != NULL; i++) { FlatpakContextFeatures feature = flatpak_context_feature_from_string (parse_negated (features[i], &remove), NULL); if (feature == 0) g_info (""Unknown feature type %s"", features[i]); else { if (remove) flatpak_context_remove_features (context, feature); else flatpak_context_add_features (context, feature); } } } if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_FILESYSTEMS, NULL)) { g_auto(GStrv) filesystems = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_FILESYSTEMS, NULL, error); if (filesystems == NULL) return FALSE; for (i = 0; filesystems[i] != NULL; i++) { const char *fs = parse_negated (filesystems[i], &remove); g_autofree char *filesystem = NULL; FlatpakFilesystemMode mode; if (!flatpak_context_parse_filesystem (fs, remove, &filesystem, &mode, NULL)) g_info (""Unknown filesystem type %s"", filesystems[i]); else { g_assert (mode == FLATPAK_FILESYSTEM_MODE_NONE || !remove); flatpak_context_take_filesystem (context, g_steal_pointer (&filesystem), mode); } } } if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_PERSISTENT, NULL)) { g_auto(GStrv) persistent = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_PERSISTENT, NULL, error); if (persistent == NULL) return FALSE; for (i = 0; persistent[i] != NULL; i++) flatpak_context_set_persistent (context, persistent[i]); } if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_SESSION_BUS_POLICY)) { g_auto(GStrv) keys = NULL; gsize keys_count; keys = g_key_file_get_keys (metakey, FLATPAK_METADATA_GROUP_SESSION_BUS_POLICY, &keys_count, NULL); for (i = 0; i < keys_count; i++) { const char *key = keys[i]; g_autofree char *value = g_key_file_get_string (metakey, FLATPAK_METADATA_GROUP_SESSION_BUS_POLICY, key, NULL); FlatpakPolicy policy; if (!flatpak_verify_dbus_name (key, error)) return FALSE; policy = flatpak_policy_from_string (value, NULL); if ((int) policy != -1) flatpak_context_set_session_bus_policy (context, key, policy); } } if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_SYSTEM_BUS_POLICY)) { g_auto(GStrv) keys = NULL; gsize keys_count; keys = g_key_file_get_keys (metakey, FLATPAK_METADATA_GROUP_SYSTEM_BUS_POLICY, &keys_count, NULL); for (i = 0; i < keys_count; i++) { const char *key = keys[i]; g_autofree char *value = g_key_file_get_string (metakey, FLATPAK_METADATA_GROUP_SYSTEM_BUS_POLICY, key, NULL); FlatpakPolicy policy; if (!flatpak_verify_dbus_name (key, error)) return FALSE; policy = flatpak_policy_from_string (value, NULL); if ((int) policy != -1) flatpak_context_set_system_bus_policy (context, key, policy); } } if (g_key_file_has_group (metakey, FLATPAK_METADATA_GROUP_ENVIRONMENT)) { g_auto(GStrv) keys = NULL; gsize keys_count; keys = g_key_file_get_keys (metakey, FLATPAK_METADATA_GROUP_ENVIRONMENT, &keys_count, NULL); for (i = 0; i < keys_count; i++) { const char *key = keys[i]; g_autofree char *value = g_key_file_get_string (metakey, FLATPAK_METADATA_GROUP_ENVIRONMENT, key, NULL); flatpak_context_set_env_var (context, key, value); } } if (g_key_file_has_key (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_UNSET_ENVIRONMENT, NULL)) { g_auto(GStrv) vars = NULL; gsize vars_count; vars = g_key_file_get_string_list (metakey, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_UNSET_ENVIRONMENT, &vars_count, error); if (vars == NULL) return FALSE; for (i = 0; i < vars_count; i++) { const char *var = vars[i]; flatpak_context_set_env_var (context, var, NULL); } } groups = g_key_file_get_groups (metakey, NULL); for (i = 0; groups[i] != NULL; i++) { const char *group = groups[i]; const char *subsystem; int j; if (g_str_has_prefix (group, FLATPAK_METADATA_GROUP_PREFIX_POLICY)) { g_auto(GStrv) keys = NULL; subsystem = group + strlen (FLATPAK_METADATA_GROUP_PREFIX_POLICY); keys = g_key_file_get_keys (metakey, group, NULL, NULL); for (j = 0; keys != NULL && keys[j] != NULL; j++) { const char *key = keys[j]; g_autofree char *policy_key = g_strdup_printf (""%s.%s"", subsystem, key); g_auto(GStrv) values = NULL; int k; values = g_key_file_get_string_list (metakey, group, key, NULL, NULL); for (k = 0; values != NULL && values[k] != NULL; k++) flatpak_context_apply_generic_policy (context, policy_key, values[k]); } } } return TRUE; }",visit repo url,common/flatpak-context.c,https://github.com/flatpak/flatpak,262655872309787,1 6513,['CWE-20'],"static inline int emulate_grp45(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) { struct decode_cache *c = &ctxt->decode; switch (c->modrm_reg) { case 0: emulate_1op(""inc"", c->dst, ctxt->eflags); break; case 1: emulate_1op(""dec"", c->dst, ctxt->eflags); break; case 2: { long int old_eip; old_eip = c->eip; c->eip = c->src.val; c->src.val = old_eip; emulate_push(ctxt); break; } case 4: c->eip = c->src.val; break; case 6: emulate_push(ctxt); break; } return 0; }",kvm,,,57845548118748068151174179095753415996,0 2109,[],"void udp_err(struct sk_buff *skb, u32 info) { return __udp4_lib_err(skb, info, udp_hash); }",linux-2.6,,,47709292383056128538595663071264062709,0 3957,['CWE-362'],"static inline void inotify_inode_is_dead(struct inode *inode) { }",linux-2.6,,,256170822696522984224643558295809047969,0 245,CWE-476,"static int __init big_key_init(void) { return register_key_type(&key_type_big_key); }",visit repo url,security/keys/big_key.c,https://github.com/torvalds/linux,36157007904848,1 548,[],"static long bad_file_unlocked_ioctl(struct file *file, unsigned cmd, unsigned long arg) { return -EIO; }",linux-2.6,,,34242631769891212139467575844271955809,0 3246,['CWE-189'],"int jas_image_getcmptbytype(jas_image_t *image, int ctype) { int cmptno; for (cmptno = 0; cmptno < image->numcmpts_; ++cmptno) { if (image->cmpts_[cmptno]->type_ == ctype) { return cmptno; } } return -1; }",jasper,,,243798819948144531939835204235827408958,0 4776,['CWE-20'],"static void ext4_init_journal_params(struct super_block *sb, journal_t *journal) { struct ext4_sb_info *sbi = EXT4_SB(sb); journal->j_commit_interval = sbi->s_commit_interval; journal->j_min_batch_time = sbi->s_min_batch_time; journal->j_max_batch_time = sbi->s_max_batch_time; spin_lock(&journal->j_state_lock); if (test_opt(sb, BARRIER)) journal->j_flags |= JBD2_BARRIER; else journal->j_flags &= ~JBD2_BARRIER; if (test_opt(sb, DATA_ERR_ABORT)) journal->j_flags |= JBD2_ABORT_ON_SYNCDATA_ERR; else journal->j_flags &= ~JBD2_ABORT_ON_SYNCDATA_ERR; spin_unlock(&journal->j_state_lock); }",linux-2.6,,,85255847836078518228935453184428068731,0 18,NVD-CWE-Other,"kg_unseal_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int *conf_state, gss_qop_t *qop_state, gss_iov_buffer_desc *iov, int iov_count, int toktype) { krb5_gss_ctx_id_rec *ctx; OM_uint32 code; ctx = (krb5_gss_ctx_id_rec *)context_handle; if (!ctx->established) { *minor_status = KG_CTX_INCOMPLETE; return GSS_S_NO_CONTEXT; } if (kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM) != NULL) { code = kg_unseal_stream_iov(minor_status, ctx, conf_state, qop_state, iov, iov_count, toktype); } else { code = kg_unseal_iov_token(minor_status, ctx, conf_state, qop_state, iov, iov_count, toktype); } return code; }",visit repo url,src/lib/gssapi/krb5/k5unsealiov.c,https://github.com/krb5/krb5,68753511579242,1 3778,[],"static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock_iocb *siocb = kiocb_to_siocb(kiocb); struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr=msg->msg_name; struct sock *other = NULL; int namelen = 0; int err; unsigned hash; struct sk_buff *skb; long timeo; struct scm_cookie tmp_scm; if (NULL == siocb->scm) siocb->scm = &tmp_scm; err = scm_send(sock, msg, siocb->scm); if (err < 0) return err; err = -EOPNOTSUPP; if (msg->msg_flags&MSG_OOB) goto out; if (msg->msg_namelen) { err = unix_mkname(sunaddr, msg->msg_namelen, &hash); if (err < 0) goto out; namelen = err; } else { sunaddr = NULL; err = -ENOTCONN; other = unix_peer_get(sk); if (!other) goto out; } if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr && (err = unix_autobind(sock)) != 0) goto out; err = -EMSGSIZE; if (len > sk->sk_sndbuf - 32) goto out; skb = sock_alloc_send_skb(sk, len, msg->msg_flags&MSG_DONTWAIT, &err); if (skb==NULL) goto out; memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); if (siocb->scm->fp) unix_attach_fds(siocb->scm, skb); unix_get_secdata(siocb->scm, skb); skb_reset_transport_header(skb); err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len); if (err) goto out_free; timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); restart: if (!other) { err = -ECONNRESET; if (sunaddr == NULL) goto out_free; other = unix_find_other(sunaddr, namelen, sk->sk_type, hash, &err); if (other==NULL) goto out_free; } unix_state_lock(other); err = -EPERM; if (!unix_may_send(sk, other)) goto out_unlock; if (sock_flag(other, SOCK_DEAD)) { unix_state_unlock(other); sock_put(other); err = 0; unix_state_lock(sk); if (unix_peer(sk) == other) { unix_peer(sk)=NULL; unix_state_unlock(sk); unix_dgram_disconnected(sk, other); sock_put(other); err = -ECONNREFUSED; } else { unix_state_unlock(sk); } other = NULL; if (err) goto out_free; goto restart; } err = -EPIPE; if (other->sk_shutdown & RCV_SHUTDOWN) goto out_unlock; if (sk->sk_type != SOCK_SEQPACKET) { err = security_unix_may_send(sk->sk_socket, other->sk_socket); if (err) goto out_unlock; } if (unix_peer(other) != sk && (skb_queue_len(&other->sk_receive_queue) > other->sk_max_ack_backlog)) { if (!timeo) { err = -EAGAIN; goto out_unlock; } timeo = unix_wait_for_peer(other, timeo); err = sock_intr_errno(timeo); if (signal_pending(current)) goto out_free; goto restart; } skb_queue_tail(&other->sk_receive_queue, skb); unix_state_unlock(other); other->sk_data_ready(other, len); sock_put(other); scm_destroy(siocb->scm); return len; out_unlock: unix_state_unlock(other); out_free: kfree_skb(skb); out: if (other) sock_put(other); scm_destroy(siocb->scm); return err; }",linux-2.6,,,64369909574856649553154096215516717048,0 2107,CWE-200,"static int crypto_report_acomp(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_acomp racomp; strlcpy(racomp.type, ""acomp"", sizeof(racomp.type)); if (nla_put(skb, CRYPTOCFGA_REPORT_ACOMP, sizeof(struct crypto_report_acomp), &racomp)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user_base.c,https://github.com/torvalds/linux,192807872909567,1 968,NVD-CWE-noinfo,"void sctp_association_free(struct sctp_association *asoc) { struct sock *sk = asoc->base.sk; struct sctp_transport *transport; struct list_head *pos, *temp; int i; if (!asoc->temp) { list_del(&asoc->asocs); if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) sk->sk_ack_backlog--; } asoc->base.dead = true; sctp_outq_free(&asoc->outqueue); sctp_ulpq_free(&asoc->ulpq); sctp_inq_free(&asoc->base.inqueue); sctp_tsnmap_free(&asoc->peer.tsn_map); sctp_ssnmap_free(asoc->ssnmap); sctp_bind_addr_free(&asoc->base.bind_addr); for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i) { if (del_timer(&asoc->timers[i])) sctp_association_put(asoc); } kfree(asoc->peer.cookie); kfree(asoc->peer.peer_random); kfree(asoc->peer.peer_chunks); kfree(asoc->peer.peer_hmacs); list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { transport = list_entry(pos, struct sctp_transport, transports); list_del_rcu(pos); sctp_transport_free(transport); } asoc->peer.transport_count = 0; sctp_asconf_queue_teardown(asoc); if (asoc->asconf_addr_del_pending != NULL) kfree(asoc->asconf_addr_del_pending); sctp_auth_destroy_keys(&asoc->endpoint_shared_keys); sctp_auth_key_put(asoc->asoc_shared_key); sctp_association_put(asoc); }",visit repo url,net/sctp/associola.c,https://github.com/torvalds/linux,22365184870262,1 2093,CWE-416,"static inline void vmacache_invalidate(struct mm_struct *mm) { mm->vmacache_seqnum++; if (unlikely(mm->vmacache_seqnum == 0)) vmacache_flush_all(mm); }",visit repo url,include/linux/vmacache.h,https://github.com/torvalds/linux,59919281008008,1 476,CWE-20,"static int keyring_search_iterator(const void *object, void *iterator_data) { struct keyring_search_context *ctx = iterator_data; const struct key *key = keyring_ptr_to_key(object); unsigned long kflags = key->flags; kenter(""{%d}"", key->serial); if (key->type != ctx->index_key.type) { kleave("" = 0 [!type]""); return 0; } if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { if (kflags & ((1 << KEY_FLAG_INVALIDATED) | (1 << KEY_FLAG_REVOKED))) { ctx->result = ERR_PTR(-EKEYREVOKED); kleave("" = %d [invrev]"", ctx->skipped_ret); goto skipped; } if (key->expiry && ctx->now.tv_sec >= key->expiry) { if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED)) ctx->result = ERR_PTR(-EKEYEXPIRED); kleave("" = %d [expire]"", ctx->skipped_ret); goto skipped; } } if (!ctx->match_data.cmp(key, &ctx->match_data)) { kleave("" = 0 [!match]""); return 0; } if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) && key_task_permission(make_key_ref(key, ctx->possessed), ctx->cred, KEY_NEED_SEARCH) < 0) { ctx->result = ERR_PTR(-EACCES); kleave("" = %d [!perm]"", ctx->skipped_ret); goto skipped; } if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { if (kflags & (1 << KEY_FLAG_NEGATIVE)) { smp_rmb(); ctx->result = ERR_PTR(key->reject_error); kleave("" = %d [neg]"", ctx->skipped_ret); goto skipped; } } ctx->result = make_key_ref(key, ctx->possessed); kleave("" = 1 [found]""); return 1; skipped: return ctx->skipped_ret; }",visit repo url,security/keys/keyring.c,https://github.com/torvalds/linux,176613589389793,1 624,['CWE-189'],"void ieee80211_rx_any(struct ieee80211_device *ieee, struct sk_buff *skb, struct ieee80211_rx_stats *stats) { struct ieee80211_hdr_4addr *hdr; int is_packet_for_us; u16 fc; if (ieee->iw_mode == IW_MODE_MONITOR) { if (!ieee80211_rx(ieee, skb, stats)) dev_kfree_skb_irq(skb); return; } if (skb->len < sizeof(struct ieee80211_hdr)) goto drop_free; hdr = (struct ieee80211_hdr_4addr *)skb->data; fc = le16_to_cpu(hdr->frame_ctl); if ((fc & IEEE80211_FCTL_VERS) != 0) goto drop_free; switch (fc & IEEE80211_FCTL_FTYPE) { case IEEE80211_FTYPE_MGMT: if (skb->len < sizeof(struct ieee80211_hdr_3addr)) goto drop_free; ieee80211_rx_mgt(ieee, hdr, stats); dev_kfree_skb_irq(skb); return; case IEEE80211_FTYPE_DATA: break; case IEEE80211_FTYPE_CTL: return; default: return; } is_packet_for_us = 0; switch (ieee->iw_mode) { case IW_MODE_ADHOC: if (memcmp(hdr->addr3, ieee->bssid, ETH_ALEN) == 0) if ((fc & (IEEE80211_FCTL_TODS+IEEE80211_FCTL_FROMDS)) == 0) { if (ieee->dev->flags & IFF_PROMISC) is_packet_for_us = 1; else if (memcmp(hdr->addr1, ieee->dev->dev_addr, ETH_ALEN) == 0) is_packet_for_us = 1; else if (is_multicast_ether_addr(hdr->addr1)) is_packet_for_us = 1; } break; case IW_MODE_INFRA: if (memcmp(hdr->addr2, ieee->bssid, ETH_ALEN) == 0) if ((fc & (IEEE80211_FCTL_TODS+IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_FROMDS) { if (ieee->dev->flags & IFF_PROMISC) is_packet_for_us = 1; else if (memcmp(hdr->addr1, ieee->dev->dev_addr, ETH_ALEN) == 0) is_packet_for_us = 1; else if (is_multicast_ether_addr(hdr->addr1)) { if (memcmp(hdr->addr3, ieee->dev->dev_addr, ETH_ALEN)) is_packet_for_us = 1; } } break; default: break; } if (is_packet_for_us) if (!ieee80211_rx(ieee, skb, stats)) dev_kfree_skb_irq(skb); return; drop_free: dev_kfree_skb_irq(skb); ieee->stats.rx_dropped++; return; }",linux-2.6,,,196017907739259306099623311591925380855,0 3077,['CWE-189'],"static int jp2_getct(int colorspace, int type, int assoc) { if (type == 1 && assoc == 0) { return JAS_IMAGE_CT_OPACITY; } if (type == 0 && assoc >= 1 && assoc <= 65534) { switch (colorspace) { case JAS_CLRSPC_FAM_RGB: switch (assoc) { case JP2_CDEF_RGB_R: return JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_R); break; case JP2_CDEF_RGB_G: return JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_G); break; case JP2_CDEF_RGB_B: return JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_B); break; } break; case JAS_CLRSPC_FAM_YCBCR: switch (assoc) { case JP2_CDEF_YCBCR_Y: return JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_YCBCR_Y); break; case JP2_CDEF_YCBCR_CB: return JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_YCBCR_CB); break; case JP2_CDEF_YCBCR_CR: return JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_YCBCR_CR); break; } break; case JAS_CLRSPC_FAM_GRAY: switch (assoc) { case JP2_CDEF_GRAY_Y: return JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_GRAY_Y); break; } break; default: return JAS_IMAGE_CT_COLOR(assoc - 1); break; } } return JAS_IMAGE_CT_UNKNOWN; }",jasper,,,313244786017913342130614403215657304333,0 842,['CWE-119'],"isdn_star(char *s, char *p) { while (isdn_wildmat(s, p)) { if (*++s == '\0') return (2); } return (0); }",linux-2.6,,,189225945395543447061700191236046203691,0 2224,['CWE-193'],"int filemap_fdatawrite(struct address_space *mapping) { return __filemap_fdatawrite(mapping, WB_SYNC_ALL); }",linux-2.6,,,61650871680405924420375251049202297707,0 2672,CWE-190,"SPL_METHOD(RecursiveDirectoryIterator, getChildren) { zval *zpath, *zflags; spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); spl_filesystem_object *subdir; char slash = SPL_HAS_FLAG(intern->flags, SPL_FILE_DIR_UNIXPATHS) ? '/' : DEFAULT_SLASH; if (zend_parse_parameters_none() == FAILURE) { return; } spl_filesystem_object_get_file_name(intern TSRMLS_CC); MAKE_STD_ZVAL(zflags); MAKE_STD_ZVAL(zpath); ZVAL_LONG(zflags, intern->flags); ZVAL_STRINGL(zpath, intern->file_name, intern->file_name_len, 1); spl_instantiate_arg_ex2(Z_OBJCE_P(getThis()), &return_value, 0, zpath, zflags TSRMLS_CC); zval_ptr_dtor(&zpath); zval_ptr_dtor(&zflags); subdir = (spl_filesystem_object*)zend_object_store_get_object(return_value TSRMLS_CC); if (subdir) { if (intern->u.dir.sub_path && intern->u.dir.sub_path[0]) { subdir->u.dir.sub_path_len = spprintf(&subdir->u.dir.sub_path, 0, ""%s%c%s"", intern->u.dir.sub_path, slash, intern->u.dir.entry.d_name); } else { subdir->u.dir.sub_path_len = strlen(intern->u.dir.entry.d_name); subdir->u.dir.sub_path = estrndup(intern->u.dir.entry.d_name, subdir->u.dir.sub_path_len); } subdir->info_class = intern->info_class; subdir->file_class = intern->file_class; subdir->oth = intern->oth; } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,14978288669324,1 4167,CWE-290,"valid_host(cupsd_client_t *con) { cupsd_alias_t *a; cupsd_netif_t *netif; const char *end; char *ptr; strlcpy(con->clientname, httpGetField(con->http, HTTP_FIELD_HOST), sizeof(con->clientname)); if ((ptr = strrchr(con->clientname, ':')) != NULL && !strchr(ptr, ']')) { *ptr++ = '\0'; con->clientport = atoi(ptr); } else con->clientport = con->serverport; if (httpAddrLocalhost(httpGetAddress(con->http))) { return (!_cups_strcasecmp(con->clientname, ""localhost"") || !_cups_strcasecmp(con->clientname, ""localhost."") || #ifdef __linux !_cups_strcasecmp(con->clientname, ""localhost.localdomain"") || #endif !strcmp(con->clientname, ""127.0.0.1"") || !strcmp(con->clientname, ""[::1]"")); } #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI) if ((end = strrchr(con->clientname, '.')) != NULL && end > con->clientname && !end[1]) { for (end --; end > con->clientname && *end != '.'; end --); } if (end && (!_cups_strcasecmp(end, "".local"") || !_cups_strcasecmp(end, "".local.""))) return (1); #endif if (isdigit(con->clientname[0] & 255) || con->clientname[0] == '[') { http_addrlist_t *addrlist; if ((addrlist = httpAddrGetList(con->clientname, AF_UNSPEC, NULL)) != NULL) { httpAddrFreeList(addrlist); return (1); } } for (a = (cupsd_alias_t *)cupsArrayFirst(ServerAlias); a; a = (cupsd_alias_t *)cupsArrayNext(ServerAlias)) { if (!strcmp(a->name, ""*"")) return (1); if (!_cups_strncasecmp(con->clientname, a->name, a->namelen)) { end = con->clientname + a->namelen; if (!*end || (*end == '.' && !end[1])) return (1); } } #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI) for (a = (cupsd_alias_t *)cupsArrayFirst(DNSSDAlias); a; a = (cupsd_alias_t *)cupsArrayNext(DNSSDAlias)) { if (!strcmp(a->name, ""*"")) return (1); if (!_cups_strncasecmp(con->clientname, a->name, a->namelen)) { end = con->clientname + a->namelen; if (!*end || (*end == '.' && !end[1])) return (1); } } #endif for (netif = (cupsd_netif_t *)cupsArrayFirst(NetIFList); netif; netif = (cupsd_netif_t *)cupsArrayNext(NetIFList)) { if (!_cups_strncasecmp(con->clientname, netif->hostname, netif->hostlen)) { end = con->clientname + netif->hostlen; if (!*end || (*end == '.' && !end[1])) return (1); } } return (0); }",visit repo url,scheduler/client.c,https://github.com/apple/cups,66819541583324,1 4495,['CWE-264'],"void *mac_drv_get_space(struct s_smc *smc, unsigned int size) { void *virt; PRINTK(KERN_INFO ""mac_drv_get_space (%d bytes), "", size); virt = (void *) (smc->os.SharedMemAddr + smc->os.SharedMemHeap); if ((smc->os.SharedMemHeap + size) > smc->os.SharedMemSize) { printk(""Unexpected SMT memory size requested: %d\n"", size); return (NULL); } smc->os.SharedMemHeap += size; PRINTK(KERN_INFO ""mac_drv_get_space end\n""); PRINTK(KERN_INFO ""virt addr: %lx\n"", (ulong) virt); PRINTK(KERN_INFO ""bus addr: %lx\n"", (ulong) (smc->os.SharedMemDMA + ((char *) virt - (char *)smc->os.SharedMemAddr))); return (virt); } ",linux-2.6,,,160967387236129073478783079635750553165,0 6382,CWE-20,"uint16_t dm9000ReadPhyReg(uint8_t address) { dm9000WriteReg(DM9000_REG_EPAR, 0x40 | address); dm9000WriteReg(DM9000_REG_EPCR, EPCR_EPOS | EPCR_ERPRR); while((dm9000ReadReg(DM9000_REG_EPCR) & EPCR_ERRE) != 0) { } dm9000WriteReg(DM9000_REG_EPCR, EPCR_EPOS); usleep(5); return (dm9000ReadReg(DM9000_REG_EPDRH) << 8) | dm9000ReadReg(DM9000_REG_EPDRL); }",visit repo url,drivers/eth/dm9000_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,160495110951016,1 6103,CWE-190,"static void eb_mul_rtnaf_imp(eb_t r, const eb_t p, const bn_t k) { int i, l, n; int8_t tnaf[RLC_FB_BITS + 8], u; eb_t t[1 << (EB_WIDTH - 2)]; if (eb_curve_opt_a() == RLC_ZERO) { u = -1; } else { u = 1; } RLC_TRY { for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_null(t[i]); eb_new(t[i]); eb_set_infty(t[i]); } l = sizeof(tnaf); bn_rec_tnaf(tnaf, &l, k, u, RLC_FB_BITS, EB_WIDTH); eb_copy(r, p); for (i = 0; i < l; i++) { n = tnaf[i]; if (n > 0) { eb_add(t[n / 2], t[n / 2], r); } if (n < 0) { eb_sub(t[-n / 2], t[-n / 2], r); } fb_sqr(r->x, r->x); fb_sqr(r->y, r->y); } eb_copy(r, t[0]); #if defined(EB_MIXED) && defined(STRIP) && (EB_WIDTH > 2) eb_norm_sim(t + 1, (const eb_t *)t + 1, (1 << (EB_WIDTH - 2)) - 1); #endif #if EB_WIDTH == 3 eb_frb(t[0], t[1]); if (u == 1) { eb_sub(t[1], t[1], t[0]); } else { eb_add(t[1], t[1], t[0]); } #endif #if EB_WIDTH == 4 eb_frb(t[0], t[3]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == 1) { eb_neg(t[0], t[0]); } eb_sub(t[3], t[0], t[3]); eb_frb(t[0], t[1]); eb_frb(t[0], t[0]); eb_sub(t[1], t[0], t[1]); eb_frb(t[0], t[2]); eb_frb(t[0], t[0]); eb_add(t[2], t[0], t[2]); #endif #if EB_WIDTH == 5 eb_frb(t[0], t[3]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == 1) { eb_neg(t[0], t[0]); } eb_sub(t[3], t[0], t[3]); eb_frb(t[0], t[1]); eb_frb(t[0], t[0]); eb_sub(t[1], t[0], t[1]); eb_frb(t[0], t[2]); eb_frb(t[0], t[0]); eb_add(t[2], t[0], t[2]); eb_frb(t[0], t[4]); eb_frb(t[0], t[0]); eb_add(t[0], t[0], t[4]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == 1) { eb_neg(t[0], t[0]); } eb_add(t[4], t[0], t[4]); eb_frb(t[0], t[5]); eb_frb(t[0], t[0]); eb_add(t[0], t[0], t[5]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_neg(t[0], t[0]); eb_sub(t[5], t[0], t[5]); eb_frb(t[0], t[6]); eb_frb(t[0], t[0]); eb_add(t[0], t[0], t[6]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_neg(t[0], t[0]); eb_add(t[6], t[0], t[6]); eb_frb(t[0], t[7]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_sub(t[7], t[0], t[7]); #endif #if EB_WIDTH == 6 eb_frb(t[0], t[1]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == -1) { eb_neg(t[0], t[0]); } eb_add(t[0], t[0], t[1]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_sub(t[1], t[0], t[1]); eb_frb(t[0], t[2]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == -1) { eb_neg(t[0], t[0]); } eb_add(t[0], t[0], t[2]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_add(t[2], t[0], t[2]); eb_frb(t[0], t[3]); eb_frb(t[0], t[0]); eb_add(t[0], t[0], t[3]); eb_neg(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == -1) { eb_neg(t[0], t[0]); } eb_sub(t[3], t[0], t[3]); eb_frb(t[0], t[4]); eb_frb(t[0], t[0]); eb_add(t[0], t[0], t[4]); eb_neg(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == -1) { eb_neg(t[0], t[0]); } eb_add(t[4], t[0], t[4]); eb_frb(t[0], t[5]); eb_frb(t[0], t[0]); eb_add(t[0], t[0], t[5]); eb_neg(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_sub(t[5], t[0], t[5]); eb_frb(t[0], t[6]); eb_frb(t[0], t[0]); eb_add(t[0], t[0], t[6]); eb_neg(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_add(t[6], t[0], t[6]); eb_frb(t[0], t[7]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_sub(t[7], t[0], t[7]); eb_frb(t[0], t[8]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_add(t[8], t[0], t[8]); eb_frb(t[0], t[9]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == -1) { eb_neg(t[0], t[0]); } eb_add(t[0], t[0], t[9]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_sub(t[0], t[0], t[9]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_add(t[0], t[0], t[9]); eb_neg(t[9], t[0]); eb_frb(t[0], t[10]); eb_frb(t[0], t[0]); eb_neg(t[0], t[0]); eb_add(t[0], t[0], t[10]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_add(t[10], t[0], t[10]); eb_frb(t[0], t[11]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == -1) { eb_neg(t[0], t[0]); } eb_sub(t[11], t[0], t[11]); eb_frb(t[0], t[12]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == -1) { eb_neg(t[0], t[0]); } eb_add(t[12], t[0], t[12]); eb_frb(t[0], t[13]); eb_frb(t[0], t[0]); eb_add(t[0], t[0], t[13]); eb_neg(t[13], t[0]); eb_frb(t[0], t[14]); eb_frb(t[0], t[0]); eb_neg(t[0], t[0]); eb_add(t[14], t[0], t[14]); eb_frb(t[0], t[15]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); eb_frb(t[0], t[0]); if (u == -1) { eb_neg(t[0], t[0]); } eb_sub(t[15], t[0], t[15]); #endif #if defined(EB_MIXED) && defined(STRIP) && (EB_WIDTH > 2) eb_norm_sim(t + 1, (const eb_t *)t + 1, (1 << (EB_WIDTH - 2)) - 1); #endif for (i = 1; i < (1 << (EB_WIDTH - 2)); i++) { if (r->coord == BASIC) { eb_add(r, t[i], r); } else { eb_add(r, r, t[i]); } } eb_norm(r, r); if (bn_sign(k) == RLC_NEG) { eb_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_free(t[i]); } } }",visit repo url,src/eb/relic_eb_mul.c,https://github.com/relic-toolkit/relic,166255362395995,1 471,CWE-20,"static inline key_ref_t __key_update(key_ref_t key_ref, struct key_preparsed_payload *prep) { struct key *key = key_ref_to_ptr(key_ref); int ret; ret = key_permission(key_ref, KEY_NEED_WRITE); if (ret < 0) goto error; ret = -EEXIST; if (!key->type->update) goto error; down_write(&key->sem); ret = key->type->update(key, prep); if (ret == 0) clear_bit(KEY_FLAG_NEGATIVE, &key->flags); up_write(&key->sem); if (ret < 0) goto error; out: return key_ref; error: key_put(key); key_ref = ERR_PTR(ret); goto out; }",visit repo url,security/keys/key.c,https://github.com/torvalds/linux,240614022604831,1 195,CWE-415,"static netdev_tx_t ems_usb_start_xmit(struct sk_buff *skb, struct net_device *netdev) { struct ems_usb *dev = netdev_priv(netdev); struct ems_tx_urb_context *context = NULL; struct net_device_stats *stats = &netdev->stats; struct can_frame *cf = (struct can_frame *)skb->data; struct ems_cpc_msg *msg; struct urb *urb; u8 *buf; int i, err; size_t size = CPC_HEADER_SIZE + CPC_MSG_HEADER_LEN + sizeof(struct cpc_can_msg); if (can_dropped_invalid_skb(netdev, skb)) return NETDEV_TX_OK; urb = usb_alloc_urb(0, GFP_ATOMIC); if (!urb) goto nomem; buf = usb_alloc_coherent(dev->udev, size, GFP_ATOMIC, &urb->transfer_dma); if (!buf) { netdev_err(netdev, ""No memory left for USB buffer\n""); usb_free_urb(urb); goto nomem; } msg = (struct ems_cpc_msg *)&buf[CPC_HEADER_SIZE]; msg->msg.can_msg.id = cpu_to_le32(cf->can_id & CAN_ERR_MASK); msg->msg.can_msg.length = cf->len; if (cf->can_id & CAN_RTR_FLAG) { msg->type = cf->can_id & CAN_EFF_FLAG ? CPC_CMD_TYPE_EXT_RTR_FRAME : CPC_CMD_TYPE_RTR_FRAME; msg->length = CPC_CAN_MSG_MIN_SIZE; } else { msg->type = cf->can_id & CAN_EFF_FLAG ? CPC_CMD_TYPE_EXT_CAN_FRAME : CPC_CMD_TYPE_CAN_FRAME; for (i = 0; i < cf->len; i++) msg->msg.can_msg.msg[i] = cf->data[i]; msg->length = CPC_CAN_MSG_MIN_SIZE + cf->len; } for (i = 0; i < MAX_TX_URBS; i++) { if (dev->tx_contexts[i].echo_index == MAX_TX_URBS) { context = &dev->tx_contexts[i]; break; } } if (!context) { usb_free_coherent(dev->udev, size, buf, urb->transfer_dma); usb_free_urb(urb); netdev_warn(netdev, ""couldn't find free context\n""); return NETDEV_TX_BUSY; } context->dev = dev; context->echo_index = i; usb_fill_bulk_urb(urb, dev->udev, usb_sndbulkpipe(dev->udev, 2), buf, size, ems_usb_write_bulk_callback, context); urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; usb_anchor_urb(urb, &dev->tx_submitted); can_put_echo_skb(skb, netdev, context->echo_index, 0); atomic_inc(&dev->active_tx_urbs); err = usb_submit_urb(urb, GFP_ATOMIC); if (unlikely(err)) { can_free_echo_skb(netdev, context->echo_index, NULL); usb_unanchor_urb(urb); usb_free_coherent(dev->udev, size, buf, urb->transfer_dma); dev_kfree_skb(skb); atomic_dec(&dev->active_tx_urbs); if (err == -ENODEV) { netif_device_detach(netdev); } else { netdev_warn(netdev, ""failed tx_urb %d\n"", err); stats->tx_dropped++; } } else { netif_trans_update(netdev); if (atomic_read(&dev->active_tx_urbs) >= MAX_TX_URBS || dev->free_slots < CPC_TX_QUEUE_TRIGGER_LOW) { netif_stop_queue(netdev); } } usb_free_urb(urb); return NETDEV_TX_OK; nomem: dev_kfree_skb(skb); stats->tx_dropped++; return NETDEV_TX_OK; }",visit repo url,drivers/net/can/usb/ems_usb.c,https://github.com/torvalds/linux,82333158255095,1 5188,['CWE-20'],"static inline int cpu_has_vmx_ept(void) { return (vmcs_config.cpu_based_2nd_exec_ctrl & SECONDARY_EXEC_ENABLE_EPT); }",linux-2.6,,,295881552796006630804313337644844313712,0 143,CWE-667,"void btrfs_trans_release_chunk_metadata(struct btrfs_trans_handle *trans) { struct btrfs_fs_info *fs_info = trans->fs_info; struct btrfs_transaction *cur_trans = trans->transaction; if (!trans->chunk_bytes_reserved) return; WARN_ON_ONCE(!list_empty(&trans->new_bgs)); btrfs_block_rsv_release(fs_info, &fs_info->chunk_block_rsv, trans->chunk_bytes_reserved, NULL); atomic64_sub(trans->chunk_bytes_reserved, &cur_trans->chunk_bytes_reserved); cond_wake_up(&cur_trans->chunk_reserve_wait); trans->chunk_bytes_reserved = 0; }",visit repo url,fs/btrfs/transaction.c,https://github.com/torvalds/linux,220270944619904,1 1100,['CWE-399'],"static void do_signal(struct pt_regs *regs) { struct k_sigaction ka; siginfo_t info; int signr; sigset_t *oldset; if (!user_mode(regs)) return; if (test_thread_flag(TIF_RESTORE_SIGMASK)) oldset = ¤t->saved_sigmask; else oldset = ¤t->blocked; signr = get_signal_to_deliver(&info, &ka, regs, NULL); if (signr > 0) { if (current->thread.debugreg7) set_debugreg(current->thread.debugreg7, 7); if (handle_signal(signr, &info, &ka, oldset, regs) == 0) { clear_thread_flag(TIF_RESTORE_SIGMASK); } return; } if ((long)regs->orig_ax >= 0) { long res = regs->ax; switch (res) { case -ERESTARTNOHAND: case -ERESTARTSYS: case -ERESTARTNOINTR: regs->ax = regs->orig_ax; regs->ip -= 2; break; case -ERESTART_RESTARTBLOCK: regs->ax = test_thread_flag(TIF_IA32) ? __NR_ia32_restart_syscall : __NR_restart_syscall; regs->ip -= 2; break; } } if (test_thread_flag(TIF_RESTORE_SIGMASK)) { clear_thread_flag(TIF_RESTORE_SIGMASK); sigprocmask(SIG_SETMASK, ¤t->saved_sigmask, NULL); } }",linux-2.6,,,336787438998974489757402342974961592696,0 6471,CWE-190," StreamBufferHandle_t xStreamBufferGenericCreate( size_t xBufferSizeBytes, size_t xTriggerLevelBytes, BaseType_t xIsMessageBuffer ) { uint8_t * pucAllocatedMemory; uint8_t ucFlags; if( xIsMessageBuffer == pdTRUE ) { ucFlags = sbFLAGS_IS_MESSAGE_BUFFER; configASSERT( xBufferSizeBytes > sbBYTES_TO_STORE_MESSAGE_LENGTH ); } else { ucFlags = 0; configASSERT( xBufferSizeBytes > 0 ); } configASSERT( xTriggerLevelBytes <= xBufferSizeBytes ); if( xTriggerLevelBytes == ( size_t ) 0 ) { xTriggerLevelBytes = ( size_t ) 1; } xBufferSizeBytes++; pucAllocatedMemory = ( uint8_t * ) pvPortMalloc( xBufferSizeBytes + sizeof( StreamBuffer_t ) ); if( pucAllocatedMemory != NULL ) { prvInitialiseNewStreamBuffer( ( StreamBuffer_t * ) pucAllocatedMemory, pucAllocatedMemory + sizeof( StreamBuffer_t ), xBufferSizeBytes, xTriggerLevelBytes, ucFlags ); traceSTREAM_BUFFER_CREATE( ( ( StreamBuffer_t * ) pucAllocatedMemory ), xIsMessageBuffer ); } else { traceSTREAM_BUFFER_CREATE_FAILED( xIsMessageBuffer ); } return ( StreamBufferHandle_t ) pucAllocatedMemory; } ",visit repo url,stream_buffer.c,https://github.com/FreeRTOS/FreeRTOS-Kernel,254619405540343,1 6492,['CWE-20'],"static int do_fetch_insn_byte(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops, unsigned long linear, u8 *dest) { struct fetch_cache *fc = &ctxt->decode.fetch; int rc; int size; if (linear < fc->start || linear >= fc->end) { size = min(15UL, PAGE_SIZE - offset_in_page(linear)); rc = ops->read_std(linear, fc->data, size, ctxt->vcpu); if (rc) return rc; fc->start = linear; fc->end = linear + size; } *dest = fc->data[linear - fc->start]; return 0; }",kvm,,,176894298710240462989496992196304149828,0 5627,CWE-125,"ast_for_for_stmt(struct compiling *c, const node *n, int is_async) { asdl_seq *_target, *seq = NULL, *suite_seq; expr_ty expression; expr_ty target, first; const node *node_target; int has_type_comment; string type_comment; if (is_async && c->c_feature_version < 5) { ast_error(c, n, ""Async for loops are only supported in Python 3.5 and greater""); return NULL; } REQ(n, for_stmt); has_type_comment = TYPE(CHILD(n, 5)) == TYPE_COMMENT; if (NCH(n) == 9 + has_type_comment) { seq = ast_for_suite(c, CHILD(n, 8 + has_type_comment)); if (!seq) return NULL; } node_target = CHILD(n, 1); _target = ast_for_exprlist(c, node_target, Store); if (!_target) return NULL; first = (expr_ty)asdl_seq_GET(_target, 0); if (NCH(node_target) == 1) target = first; else target = Tuple(_target, Store, first->lineno, first->col_offset, c->c_arena); expression = ast_for_testlist(c, CHILD(n, 3)); if (!expression) return NULL; suite_seq = ast_for_suite(c, CHILD(n, 5 + has_type_comment)); if (!suite_seq) return NULL; if (has_type_comment) type_comment = NEW_TYPE_COMMENT(CHILD(n, 5)); else type_comment = NULL; if (is_async) return AsyncFor(target, expression, suite_seq, seq, type_comment, LINENO(n), n->n_col_offset, c->c_arena); else return For(target, expression, suite_seq, seq, type_comment, LINENO(n), n->n_col_offset, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,239675095182096,1 1248,NVD-CWE-noinfo,"void macvlan_common_setup(struct net_device *dev) { ether_setup(dev); dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; dev->netdev_ops = &macvlan_netdev_ops; dev->destructor = free_netdev; dev->header_ops = &macvlan_hard_header_ops, dev->ethtool_ops = &macvlan_ethtool_ops; }",visit repo url,drivers/net/macvlan.c,https://github.com/torvalds/linux,164612398604278,1 3580,['CWE-20'],"struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, const struct sctp_bind_addr *bp, gfp_t gfp, int vparam_len) { sctp_inithdr_t init; union sctp_params addrs; size_t chunksize; struct sctp_chunk *retval = NULL; int num_types, addrs_len = 0; struct sctp_sock *sp; sctp_supported_addrs_param_t sat; __be16 types[2]; sctp_adaptation_ind_param_t aiparam; sctp_supported_ext_param_t ext_param; int num_ext = 0; __u8 extensions[3]; sctp_paramhdr_t *auth_chunks = NULL, *auth_hmacs = NULL; retval = NULL; addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); init.init_tag = htonl(asoc->c.my_vtag); init.a_rwnd = htonl(asoc->rwnd); init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); init.initial_tsn = htonl(asoc->c.initial_tsn); sp = sctp_sk(asoc->base.sk); num_types = sp->pf->supported_addrs(sp, types); chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); chunksize += sizeof(ecap_param); if (sctp_prsctp_enable) chunksize += sizeof(prsctp_param); if (sctp_addip_enable) { extensions[num_ext] = SCTP_CID_ASCONF; extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; num_ext += 2; } chunksize += sizeof(aiparam); chunksize += vparam_len; if (sctp_auth_enable) { chunksize += sizeof(asoc->c.auth_random); auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; if (auth_hmacs->length) chunksize += ntohs(auth_hmacs->length); else auth_hmacs = NULL; auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; if (auth_chunks->length) chunksize += ntohs(auth_chunks->length); else auth_chunks = NULL; extensions[num_ext] = SCTP_CID_AUTH; num_ext += 1; } if (num_ext) chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); if (!retval) goto nodata; retval->subh.init_hdr = sctp_addto_chunk(retval, sizeof(init), &init); retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); sctp_addto_chunk(retval, sizeof(sat), &sat); sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); if (num_ext) { ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; ext_param.param_hdr.length = htons(sizeof(sctp_supported_ext_param_t) + num_ext); sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), &ext_param); sctp_addto_param(retval, num_ext, extensions); } if (sctp_prsctp_enable) sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; aiparam.param_hdr.length = htons(sizeof(aiparam)); aiparam.adaptation_ind = htonl(sp->adaptation_ind); sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); if (sctp_auth_enable) { sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), asoc->c.auth_random); if (auth_hmacs) sctp_addto_chunk(retval, ntohs(auth_hmacs->length), auth_hmacs); if (auth_chunks) sctp_addto_chunk(retval, ntohs(auth_chunks->length), auth_chunks); } nodata: kfree(addrs.v); return retval; }",linux-2.6,,,132066176152763344676624082068538778854,0 5546,CWE-125,"obj2ast_arguments(PyObject* obj, arguments_ty* out, PyArena* arena) { PyObject* tmp = NULL; asdl_seq* args; arg_ty vararg; asdl_seq* kwonlyargs; asdl_seq* kw_defaults; arg_ty kwarg; asdl_seq* defaults; if (_PyObject_HasAttrId(obj, &PyId_args)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_args); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""arguments field \""args\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); args = _Ta3_asdl_seq_new(len, arena); if (args == NULL) goto failed; for (i = 0; i < len; i++) { arg_ty value; res = obj2ast_arg(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""arguments field \""args\"" changed size during iteration""); goto failed; } asdl_seq_SET(args, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from arguments""); return 1; } if (exists_not_none(obj, &PyId_vararg)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_vararg); if (tmp == NULL) goto failed; res = obj2ast_arg(tmp, &vararg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { vararg = NULL; } if (_PyObject_HasAttrId(obj, &PyId_kwonlyargs)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_kwonlyargs); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""arguments field \""kwonlyargs\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); kwonlyargs = _Ta3_asdl_seq_new(len, arena); if (kwonlyargs == NULL) goto failed; for (i = 0; i < len; i++) { arg_ty value; res = obj2ast_arg(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""arguments field \""kwonlyargs\"" changed size during iteration""); goto failed; } asdl_seq_SET(kwonlyargs, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""kwonlyargs\"" missing from arguments""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_kw_defaults)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_kw_defaults); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""arguments field \""kw_defaults\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); kw_defaults = _Ta3_asdl_seq_new(len, arena); if (kw_defaults == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""arguments field \""kw_defaults\"" changed size during iteration""); goto failed; } asdl_seq_SET(kw_defaults, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""kw_defaults\"" missing from arguments""); return 1; } if (exists_not_none(obj, &PyId_kwarg)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_kwarg); if (tmp == NULL) goto failed; res = obj2ast_arg(tmp, &kwarg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { kwarg = NULL; } if (_PyObject_HasAttrId(obj, &PyId_defaults)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_defaults); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""arguments field \""defaults\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); defaults = _Ta3_asdl_seq_new(len, arena); if (defaults == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""arguments field \""defaults\"" changed size during iteration""); goto failed; } asdl_seq_SET(defaults, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""defaults\"" missing from arguments""); return 1; } *out = arguments(args, vararg, kwonlyargs, kw_defaults, kwarg, defaults, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,80726548327269,1 4972,['CWE-20'],"static int nfs_server_list_open(struct inode *inode, struct file *file) { struct seq_file *m; int ret; ret = seq_open(file, &nfs_server_list_ops); if (ret < 0) return ret; m = file->private_data; m->private = PDE(inode)->data; return 0; }",linux-2.6,,,34487729763077897259699336242314426602,0 1801,CWE-200,"static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg) { struct usbdevfs_connectinfo ci = { .devnum = ps->dev->devnum, .slow = ps->dev->speed == USB_SPEED_LOW }; if (copy_to_user(arg, &ci, sizeof(ci))) return -EFAULT; return 0; }",visit repo url,drivers/usb/core/devio.c,https://github.com/torvalds/linux,71022186643145,1 935,CWE-17,"static int iov_fault_in_pages_write(struct iovec *iov, unsigned long len) { while (!iov->iov_len) iov++; while (len > 0) { unsigned long this_len; this_len = min_t(unsigned long, len, iov->iov_len); if (fault_in_pages_writeable(iov->iov_base, this_len)) break; len -= this_len; iov++; } return len; }",visit repo url,fs/pipe.c,https://github.com/torvalds/linux,83837521162037,1 263,CWE-119,"static int cqspi_setup_flash(struct cqspi_st *cqspi, struct device_node *np) { struct platform_device *pdev = cqspi->pdev; struct device *dev = &pdev->dev; struct cqspi_flash_pdata *f_pdata; struct spi_nor *nor; struct mtd_info *mtd; unsigned int cs; int i, ret; for_each_available_child_of_node(dev->of_node, np) { if (of_property_read_u32(np, ""reg"", &cs)) { dev_err(dev, ""Couldn't determine chip select.\n""); goto err; } if (cs > CQSPI_MAX_CHIPSELECT) { dev_err(dev, ""Chip select %d out of range.\n"", cs); goto err; } f_pdata = &cqspi->f_pdata[cs]; f_pdata->cqspi = cqspi; f_pdata->cs = cs; ret = cqspi_of_get_flash_pdata(pdev, f_pdata, np); if (ret) goto err; nor = &f_pdata->nor; mtd = &nor->mtd; mtd->priv = nor; nor->dev = dev; spi_nor_set_flash_node(nor, np); nor->priv = f_pdata; nor->read_reg = cqspi_read_reg; nor->write_reg = cqspi_write_reg; nor->read = cqspi_read; nor->write = cqspi_write; nor->erase = cqspi_erase; nor->prepare = cqspi_prep; nor->unprepare = cqspi_unprep; mtd->name = devm_kasprintf(dev, GFP_KERNEL, ""%s.%d"", dev_name(dev), cs); if (!mtd->name) { ret = -ENOMEM; goto err; } ret = spi_nor_scan(nor, NULL, SPI_NOR_QUAD); if (ret) goto err; ret = mtd_device_register(mtd, NULL, 0); if (ret) goto err; f_pdata->registered = true; } return 0; err: for (i = 0; i < CQSPI_MAX_CHIPSELECT; i++) if (cqspi->f_pdata[i].registered) mtd_device_unregister(&cqspi->f_pdata[i].nor.mtd); return ret; }",visit repo url,drivers/mtd/spi-nor/cadence-quadspi.c,https://github.com/torvalds/linux,51146410488694,1 3070,CWE-787,"char *string_crypt(const char *key, const char *salt) { assertx(key); assertx(salt); char random_salt[12]; if (!*salt) { memcpy(random_salt,""$1$"",3); ito64(random_salt+3,rand(),8); random_salt[11] = '\0'; return string_crypt(key, random_salt); } auto const saltLen = strlen(salt); if ((saltLen > sizeof(""$2X$00$"")) && (salt[0] == '$') && (salt[1] == '2') && (salt[2] >= 'a') && (salt[2] <= 'z') && (salt[3] == '$') && (salt[4] >= '0') && (salt[4] <= '3') && (salt[5] >= '0') && (salt[5] <= '9') && (salt[6] == '$')) { char output[61]; static constexpr size_t maxSaltLength = 123; char paddedSalt[maxSaltLength + 1]; paddedSalt[0] = paddedSalt[maxSaltLength] = '\0'; memset(&paddedSalt[1], '$', maxSaltLength - 1); memcpy(paddedSalt, salt, std::min(maxSaltLength, saltLen)); paddedSalt[saltLen] = '\0'; if (php_crypt_blowfish_rn(key, paddedSalt, output, sizeof(output))) { return strdup(output); } } else { #ifdef USE_PHP_CRYPT_R return php_crypt_r(key, salt); #else static Mutex mutex; Lock lock(mutex); char *crypt_res = crypt(key,salt); if (crypt_res) { return strdup(crypt_res); } #endif } return ((salt[0] == '*') && (salt[1] == '0')) ? strdup(""*1"") : strdup(""*0""); }",visit repo url,hphp/zend/zend-string.cpp,https://github.com/facebook/hhvm,171278930242578,1 2101,[],"static inline struct sock *udp_v4_mcast_next(struct sock *sk, __be16 loc_port, __be32 loc_addr, __be16 rmt_port, __be32 rmt_addr, int dif) { struct hlist_node *node; struct sock *s = sk; unsigned short hnum = ntohs(loc_port); sk_for_each_from(s, node) { struct inet_sock *inet = inet_sk(s); if (s->sk_hash != hnum || (inet->daddr && inet->daddr != rmt_addr) || (inet->dport != rmt_port && inet->dport) || (inet->rcv_saddr && inet->rcv_saddr != loc_addr) || ipv6_only_sock(s) || (s->sk_bound_dev_if && s->sk_bound_dev_if != dif)) continue; if (!ip_mc_sf_allow(s, loc_addr, rmt_addr, dif)) continue; goto found; } s = NULL; found: return s; }",linux-2.6,,,150968085085945230595929648130748112929,0 2506,['CWE-119'],"int diff_tree_sha1(const unsigned char *old, const unsigned char *new, const char *base, struct diff_options *opt) { void *tree1, *tree2; struct tree_desc t1, t2; unsigned long size1, size2; int retval; tree1 = read_object_with_reference(old, tree_type, &size1, NULL); if (!tree1) die(""unable to read source tree (%s)"", sha1_to_hex(old)); tree2 = read_object_with_reference(new, tree_type, &size2, NULL); if (!tree2) die(""unable to read destination tree (%s)"", sha1_to_hex(new)); init_tree_desc(&t1, tree1, size1); init_tree_desc(&t2, tree2, size2); retval = diff_tree(&t1, &t2, base, opt); if (DIFF_OPT_TST(opt, FOLLOW_RENAMES) && diff_might_be_rename()) { init_tree_desc(&t1, tree1, size1); init_tree_desc(&t2, tree2, size2); try_to_follow_renames(&t1, &t2, base, opt); } free(tree1); free(tree2); return retval; }",git,,,16717994426349949490735830009259472897,0 378,CWE-404,"static int install_thread_keyring(void) { struct cred *new; int ret; new = prepare_creds(); if (!new) return -ENOMEM; BUG_ON(new->thread_keyring); ret = install_thread_keyring_to_cred(new); if (ret < 0) { abort_creds(new); return ret; } return commit_creds(new); }",visit repo url,security/keys/process_keys.c,https://github.com/torvalds/linux,250251298187251,1 1595,NVD-CWE-Other,"static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) { struct sock *sk = sock->sk; struct net *net = sock_net(sk); struct unix_sock *u = unix_sk(sk); DECLARE_SOCKADDR(struct sockaddr_un *, sunaddr, msg->msg_name); struct sock *other = NULL; int namelen = 0; int err; unsigned int hash; struct sk_buff *skb; long timeo; struct scm_cookie scm; int max_level; int data_len = 0; wait_for_unix_gc(); err = scm_send(sock, msg, &scm, false); if (err < 0) return err; err = -EOPNOTSUPP; if (msg->msg_flags&MSG_OOB) goto out; if (msg->msg_namelen) { err = unix_mkname(sunaddr, msg->msg_namelen, &hash); if (err < 0) goto out; namelen = err; } else { sunaddr = NULL; err = -ENOTCONN; other = unix_peer_get(sk); if (!other) goto out; } if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr && (err = unix_autobind(sock)) != 0) goto out; err = -EMSGSIZE; if (len > sk->sk_sndbuf - 32) goto out; if (len > SKB_MAX_ALLOC) { data_len = min_t(size_t, len - SKB_MAX_ALLOC, MAX_SKB_FRAGS * PAGE_SIZE); data_len = PAGE_ALIGN(data_len); BUILD_BUG_ON(SKB_MAX_ALLOC < PAGE_SIZE); } skb = sock_alloc_send_pskb(sk, len - data_len, data_len, msg->msg_flags & MSG_DONTWAIT, &err, PAGE_ALLOC_COSTLY_ORDER); if (skb == NULL) goto out; err = unix_scm_to_skb(&scm, skb, true); if (err < 0) goto out_free; max_level = err + 1; skb_put(skb, len - data_len); skb->data_len = data_len; skb->len = len; err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, len); if (err) goto out_free; timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); restart: if (!other) { err = -ECONNRESET; if (sunaddr == NULL) goto out_free; other = unix_find_other(net, sunaddr, namelen, sk->sk_type, hash, &err); if (other == NULL) goto out_free; } if (sk_filter(other, skb) < 0) { err = len; goto out_free; } unix_state_lock(other); err = -EPERM; if (!unix_may_send(sk, other)) goto out_unlock; if (sock_flag(other, SOCK_DEAD)) { unix_state_unlock(other); sock_put(other); err = 0; unix_state_lock(sk); if (unix_peer(sk) == other) { unix_peer(sk) = NULL; unix_state_unlock(sk); unix_dgram_disconnected(sk, other); sock_put(other); err = -ECONNREFUSED; } else { unix_state_unlock(sk); } other = NULL; if (err) goto out_free; goto restart; } err = -EPIPE; if (other->sk_shutdown & RCV_SHUTDOWN) goto out_unlock; if (sk->sk_type != SOCK_SEQPACKET) { err = security_unix_may_send(sk->sk_socket, other->sk_socket); if (err) goto out_unlock; } if (unix_peer(other) != sk && unix_recvq_full(other)) { if (!timeo) { err = -EAGAIN; goto out_unlock; } timeo = unix_wait_for_peer(other, timeo); err = sock_intr_errno(timeo); if (signal_pending(current)) goto out_free; goto restart; } if (sock_flag(other, SOCK_RCVTSTAMP)) __net_timestamp(skb); maybe_add_creds(skb, sock, other); skb_queue_tail(&other->sk_receive_queue, skb); if (max_level > unix_sk(other)->recursion_level) unix_sk(other)->recursion_level = max_level; unix_state_unlock(other); other->sk_data_ready(other); sock_put(other); scm_destroy(&scm); return len; out_unlock: unix_state_unlock(other); out_free: kfree_skb(skb); out: if (other) sock_put(other); scm_destroy(&scm); return err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,29617964679474,1 102,CWE-476,"krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, char **db_args) { int l=0, kerberos_principal_object_type=0; unsigned int ntrees=0, tre=0; krb5_error_code st=0, tempst=0; LDAP *ld=NULL; LDAPMessage *result=NULL, *ent=NULL; char **subtreelist = NULL; char *user=NULL, *subtree=NULL, *principal_dn=NULL; char **values=NULL, *strval[10]={NULL}, errbuf[1024]; char *filtuser=NULL; struct berval **bersecretkey=NULL; LDAPMod **mods=NULL; krb5_boolean create_standalone=FALSE; krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE; char *standalone_principal_dn=NULL; krb5_tl_data *tl_data=NULL; krb5_key_data **keys=NULL; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; osa_princ_ent_rec princ_ent = {0}; xargs_t xargs = {0}; char *polname = NULL; OPERATION optype; krb5_boolean found_entry = FALSE; krb5_clear_error_message(context); SETUP_CONTEXT(); if (ldap_context->lrparams == NULL || ldap_context->container_dn == NULL) return EINVAL; GET_HANDLE(); if (!is_principal_in_realm(ldap_context, entry->princ)) { st = EINVAL; k5_setmsg(context, st, _(""Principal does not belong to the default realm"")); goto cleanup; } if (((st=krb5_unparse_name(context, entry->princ, &user)) != 0) || ((st=krb5_ldap_unparse_principal_name(user)) != 0)) goto cleanup; filtuser = ldap_filter_correct(user); if (filtuser == NULL) { st = ENOMEM; goto cleanup; } if (entry->mask & KADM5_PRINCIPAL) optype = ADD_PRINCIPAL; else optype = MODIFY_PRINCIPAL; if (((st=krb5_get_princ_type(context, entry, &kerberos_principal_object_type)) != 0) || ((st=krb5_get_userdn(context, entry, &principal_dn)) != 0)) goto cleanup; if ((st=process_db_args(context, db_args, &xargs, optype)) != 0) goto cleanup; if (entry->mask & KADM5_LOAD) { unsigned int tree = 0; int numlentries = 0; char *filter = NULL; if (asprintf(&filter, FILTER""%s))"", filtuser) < 0) { filter = NULL; st = ENOMEM; goto cleanup; } if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0) goto cleanup; found_entry = FALSE; for (tree = 0; found_entry == FALSE && tree < ntrees; ++tree) { if (principal_dn == NULL) { LDAP_SEARCH_1(subtreelist[tree], ldap_context->lrparams->search_scope, filter, principal_attributes, IGNORE_STATUS); } else { LDAP_SEARCH_1(principal_dn, LDAP_SCOPE_BASE, filter, principal_attributes, IGNORE_STATUS); } if (st == LDAP_SUCCESS) { numlentries = ldap_count_entries(ld, result); if (numlentries > 1) { free(filter); st = EINVAL; k5_setmsg(context, st, _(""operation can not continue, more than one "" ""entry with principal name \""%s\"" found""), user); goto cleanup; } else if (numlentries == 1) { found_entry = TRUE; if (principal_dn == NULL) { ent = ldap_first_entry(ld, result); if (ent != NULL) { if ((principal_dn = ldap_get_dn(ld, ent)) == NULL) { ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st); st = set_ldap_error (context, st, 0); free(filter); goto cleanup; } } } } } else if (st != LDAP_NO_SUCH_OBJECT) { st = set_ldap_error (context, st, 0); free(filter); goto cleanup; } ldap_msgfree(result); result = NULL; } free(filter); if (found_entry == FALSE && principal_dn != NULL) { create_standalone = TRUE; standalone_principal_dn = strdup(principal_dn); CHECK_NULL(standalone_principal_dn); } } if (principal_dn == NULL && xargs.dn == NULL) { if (entry->princ->length == 2 && entry->princ->data[0].length == strlen(""krbtgt"") && strncmp(entry->princ->data[0].data, ""krbtgt"", entry->princ->data[0].length) == 0) { subtree = strdup(ldap_context->lrparams->realmdn); } else if (xargs.containerdn) { if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) { if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) { int ost = st; st = EINVAL; k5_wrapmsg(context, ost, st, _(""'%s' not found""), xargs.containerdn); } goto cleanup; } subtree = strdup(xargs.containerdn); } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) { subtree = strdup(ldap_context->lrparams->containerref); } else { subtree = strdup(ldap_context->lrparams->realmdn); } CHECK_NULL(subtree); if (asprintf(&standalone_principal_dn, ""krbprincipalname=%s,%s"", filtuser, subtree) < 0) standalone_principal_dn = NULL; CHECK_NULL(standalone_principal_dn); create_standalone = TRUE; free(subtree); subtree = NULL; } if (xargs.dn_from_kbd == TRUE) { int dnlen=0, subtreelen=0; char *dn=NULL; krb5_boolean outofsubtree=TRUE; if (xargs.dn != NULL) { dn = xargs.dn; } else if (xargs.linkdn != NULL) { dn = xargs.linkdn; } else if (standalone_principal_dn != NULL) { dn = standalone_principal_dn; } if (subtreelist == NULL) { st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees); if (st) goto cleanup; } for (tre=0; tre= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) { outofsubtree = FALSE; break; } } } if (outofsubtree == TRUE) { st = EINVAL; k5_setmsg(context, st, _(""DN is out of the realm subtree"")); goto cleanup; } if (standalone_principal_dn == NULL) { char *attributes[]={""krbticketpolicyreference"", ""krbprincipalname"", NULL}; ldap_msgfree(result); result = NULL; LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS); if (st == LDAP_SUCCESS) { ent = ldap_first_entry(ld, result); if (ent != NULL) { if ((values=ldap_get_values(ld, ent, ""krbticketpolicyreference"")) != NULL) { ldap_value_free(values); } if ((values=ldap_get_values(ld, ent, ""krbprincipalname"")) != NULL) { krb_identity_exists = TRUE; ldap_value_free(values); } } } else { st = set_ldap_error(context, st, OP_SEARCH); goto cleanup; } } } if (xargs.dn != NULL && krb_identity_exists == TRUE) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _(""ldap object is already kerberized"")); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } if (xargs.linkdn != NULL) { if (optype == MODIFY_PRINCIPAL && kerberos_principal_object_type != KDB_STANDALONE_PRINCIPAL_OBJECT) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _(""link information can not be set/updated as the "" ""kerberos principal belongs to an ldap object"")); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } { char **linkdns=NULL; int j=0; if ((st=krb5_get_linkdn(context, entry, &linkdns)) != 0) { snprintf(errbuf, sizeof(errbuf), _(""Failed getting object references"")); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } if (linkdns != NULL) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _(""kerberos principal is already linked to a ldap "" ""object"")); k5_setmsg(context, st, ""%s"", errbuf); for (j=0; linkdns[j] != NULL; ++j) free (linkdns[j]); free (linkdns); goto cleanup; } } establish_links = TRUE; } if (entry->mask & KADM5_LAST_SUCCESS) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->last_success)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastSuccessfulAuth"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_LAST_FAILED) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->last_failed)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastFailedAuth"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free(strval[0]); } if (entry->mask & KADM5_FAIL_AUTH_COUNT) { krb5_kvno fail_auth_count; fail_auth_count = entry->fail_auth_count; if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) fail_auth_count++; st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_REPLACE, fail_auth_count); if (st != 0) goto cleanup; } else if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) { int attr_mask = 0; krb5_boolean has_fail_count; st = krb5_get_attributes_mask(context, entry, &attr_mask); if (st != 0) goto cleanup; has_fail_count = ((attr_mask & KDB_FAIL_AUTH_COUNT_ATTR) != 0); #ifdef LDAP_MOD_INCREMENT if (ldap_server_handle->server_info->modify_increment && has_fail_count) { st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_INCREMENT, 1); if (st != 0) goto cleanup; } else { #endif if (has_fail_count) { st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_DELETE, entry->fail_auth_count); if (st != 0) goto cleanup; } st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_ADD, entry->fail_auth_count + 1); if (st != 0) goto cleanup; #ifdef LDAP_MOD_INCREMENT } #endif } else if (optype == ADD_PRINCIPAL) { st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_ADD, 0); } if (entry->mask & KADM5_MAX_LIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, ""krbmaxticketlife"", LDAP_MOD_REPLACE, entry->max_life)) != 0) goto cleanup; } if (entry->mask & KADM5_MAX_RLIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, ""krbmaxrenewableage"", LDAP_MOD_REPLACE, entry->max_renewable_life)) != 0) goto cleanup; } if (entry->mask & KADM5_ATTRIBUTES) { if ((st=krb5_add_int_mem_ldap_mod(&mods, ""krbticketflags"", LDAP_MOD_REPLACE, entry->attributes)) != 0) goto cleanup; } if (entry->mask & KADM5_PRINCIPAL) { memset(strval, 0, sizeof(strval)); strval[0] = user; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbprincipalname"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } if (entry->mask & KADM5_PRINC_EXPIRE_TIME) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbprincipalexpiration"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_PW_EXPIRATION) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpasswordexpiration"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_POLICY || entry->mask & KADM5_KEY_HIST) { memset(&princ_ent, 0, sizeof(princ_ent)); for (tl_data=entry->tl_data; tl_data; tl_data=tl_data->tl_data_next) { if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) { if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) { goto cleanup; } break; } } } if (entry->mask & KADM5_POLICY) { if (princ_ent.aux_attributes & KADM5_POLICY) { memset(strval, 0, sizeof(strval)); if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0) goto cleanup; strval[0] = polname; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpwdpolicyreference"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } else { st = EINVAL; k5_setmsg(context, st, ""Password policy value null""); goto cleanup; } } else if (entry->mask & KADM5_LOAD && found_entry == TRUE) { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpwdpolicyreference"", LDAP_MOD_REPLACE, NULL)) != 0) goto cleanup; } if (entry->mask & KADM5_POLICY_CLR) { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpwdpolicyreference"", LDAP_MOD_DELETE, NULL)) != 0) goto cleanup; } if (entry->mask & KADM5_KEY_HIST) { bersecretkey = krb5_encode_histkey(&princ_ent); if (bersecretkey == NULL) { st = ENOMEM; goto cleanup; } st = krb5_add_ber_mem_ldap_mod(&mods, ""krbpwdhistory"", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey); if (st != 0) goto cleanup; free_berdata(bersecretkey); bersecretkey = NULL; } if (entry->mask & KADM5_KEY_DATA || entry->mask & KADM5_KVNO) { krb5_kvno mkvno; if ((st=krb5_dbe_lookup_mkvno(context, entry, &mkvno)) != 0) goto cleanup; bersecretkey = krb5_encode_krbsecretkey (entry->key_data, entry->n_key_data, mkvno); if (bersecretkey == NULL) { st = ENOMEM; goto cleanup; } if (bersecretkey[0] != NULL || !create_standalone) { st = krb5_add_ber_mem_ldap_mod(&mods, ""krbprincipalkey"", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey); if (st != 0) goto cleanup; } if (!(entry->mask & KADM5_PRINCIPAL)) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpasswordexpiration"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } { krb5_timestamp last_pw_changed; if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0) goto cleanup; memset(strval, 0, sizeof(strval)); if ((strval[0] = getstringtime(last_pw_changed)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastPwdChange"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } } st = update_ldap_mod_auth_ind(context, entry, &mods); if (st != 0) goto cleanup; if (entry->tl_data != NULL) { int count = 0; struct berval **ber_tl_data = NULL; krb5_tl_data *ptr; krb5_timestamp unlock_time; for (ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) { if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE #ifdef SECURID || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA || ptr->tl_data_type == KDB_TL_USER_INFO || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK) continue; count++; } if (count != 0) { int j; ber_tl_data = (struct berval **) calloc (count + 1, sizeof (struct berval*)); if (ber_tl_data == NULL) { st = ENOMEM; goto cleanup; } for (j = 0, ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) { if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE #ifdef SECURID || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA || ptr->tl_data_type == KDB_TL_USER_INFO || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK) continue; if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0) break; j++; } if (st == 0) { ber_tl_data[count] = NULL; st=krb5_add_ber_mem_ldap_mod(&mods, ""krbExtraData"", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, ber_tl_data); } free_berdata(ber_tl_data); if (st != 0) goto cleanup; } if ((st=krb5_dbe_lookup_last_admin_unlock(context, entry, &unlock_time)) != 0) goto cleanup; if (unlock_time != 0) { memset(strval, 0, sizeof(strval)); if ((strval[0] = getstringtime(unlock_time)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastAdminUnlock"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } } if (xargs.tktpolicydn != NULL) { int tmask=0; if (strlen(xargs.tktpolicydn) != 0) { st = checkattributevalue(ld, xargs.tktpolicydn, ""objectclass"", policyclass, &tmask); CHECK_CLASS_VALIDITY(st, tmask, _(""ticket policy object value: "")); strval[0] = xargs.tktpolicydn; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbticketpolicyreference"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } else { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbticketpolicyreference"", LDAP_MOD_DELETE, NULL)) != 0) goto cleanup; } } if (establish_links == TRUE) { memset(strval, 0, sizeof(strval)); strval[0] = xargs.linkdn; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbObjectReferences"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } if (mods == NULL) goto cleanup; if (create_standalone == TRUE) { memset(strval, 0, sizeof(strval)); strval[0] = ""krbprincipal""; strval[1] = ""krbprincipalaux""; strval[2] = ""krbTicketPolicyAux""; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""objectclass"", LDAP_MOD_ADD, strval)) != 0) goto cleanup; st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL); if (st == LDAP_ALREADY_EXISTS && entry->mask & KADM5_LOAD) { st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL); if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _(""Principal delete failed (trying to replace "" ""entry): %s""), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } else { st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL); } } if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _(""Principal add failed: %s""), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } } else { { char *attrvalues[] = {""krbprincipalaux"", ""krbTicketPolicyAux"", NULL}; int p, q, r=0, amask=0; if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn, ""objectclass"", attrvalues, &amask)) != 0) goto cleanup; memset(strval, 0, sizeof(strval)); for (p=1, q=0; p<=2; p<<=1, ++q) { if ((p & amask) == 0) strval[r++] = attrvalues[q]; } if (r != 0) { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""objectclass"", LDAP_MOD_ADD, strval)) != 0) goto cleanup; } } if (xargs.dn != NULL) st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL); else st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL); if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _(""User modification failed: %s""), ldap_err2string(st)); st = translate_ldap_error (st, OP_MOD); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) entry->fail_auth_count++; } cleanup: if (user) free(user); if (filtuser) free(filtuser); free_xargs(xargs); if (standalone_principal_dn) free(standalone_principal_dn); if (principal_dn) free (principal_dn); if (polname != NULL) free(polname); for (tre = 0; tre < ntrees; tre++) free(subtreelist[tre]); free(subtreelist); if (subtree) free (subtree); if (bersecretkey) { for (l=0; bersecretkey[l]; ++l) { if (bersecretkey[l]->bv_val) free (bersecretkey[l]->bv_val); free (bersecretkey[l]); } free (bersecretkey); } if (keys) free (keys); ldap_mods_free(mods, 1); ldap_osa_free_princ_ent(&princ_ent); ldap_msgfree(result); krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return(st); }",visit repo url,src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c,https://github.com/krb5/krb5,52442138191037,1 3397,NVD-CWE-Other,"static MagickBooleanType WritePICTImage(const ImageInfo *image_info, Image *image,ExceptionInfo *exception) { #define MaxCount 128 #define PictCropRegionOp 0x01 #define PictEndOfPictureOp 0xff #define PictJPEGOp 0x8200 #define PictInfoOp 0x0C00 #define PictInfoSize 512 #define PictPixmapOp 0x9A #define PictPICTOp 0x98 #define PictVersion 0x11 const StringInfo *profile; double x_resolution, y_resolution; MagickBooleanType status; MagickOffsetType offset; PICTPixmap pixmap; PICTRectangle bounds, crop_rectangle, destination_rectangle, frame_rectangle, size_rectangle, source_rectangle; register const Quantum *p; register ssize_t i, x; size_t bytes_per_line, count, storage_class; ssize_t y; unsigned char *buffer, *packed_scanline, *scanline; unsigned short base_address, row_bytes, transfer_mode; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickSignature); assert(image != (Image *) NULL); assert(image->signature == MagickSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); if ((image->columns > 65535L) || (image->rows > 65535L)) ThrowWriterException(ImageError,""WidthOrHeightExceedsLimit""); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickSignature); status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception); if (status == MagickFalse) return(status); (void) TransformImageColorspace(image,sRGBColorspace,exception); size_rectangle.top=0; size_rectangle.left=0; size_rectangle.bottom=(short) image->rows; size_rectangle.right=(short) image->columns; frame_rectangle=size_rectangle; crop_rectangle=size_rectangle; source_rectangle=size_rectangle; destination_rectangle=size_rectangle; base_address=0xff; row_bytes=(unsigned short) (image->columns | 0x8000); bounds.top=0; bounds.left=0; bounds.bottom=(short) image->rows; bounds.right=(short) image->columns; pixmap.version=0; pixmap.pack_type=0; pixmap.pack_size=0; pixmap.pixel_type=0; pixmap.bits_per_pixel=8; pixmap.component_count=1; pixmap.component_size=8; pixmap.plane_bytes=0; pixmap.table=0; pixmap.reserved=0; transfer_mode=0; x_resolution=image->resolution.x != 0.0 ? image->resolution.x : DefaultResolution; y_resolution=image->resolution.y != 0.0 ? image->resolution.y : DefaultResolution; storage_class=image->storage_class; if (image_info->compression == JPEGCompression) storage_class=DirectClass; if (storage_class == DirectClass) { pixmap.component_count=image->alpha_trait != UndefinedPixelTrait ? 4 : 3; pixmap.pixel_type=16; pixmap.bits_per_pixel=32; pixmap.pack_type=0x04; transfer_mode=0x40; row_bytes=(unsigned short) ((4*image->columns) | 0x8000); } bytes_per_line=image->columns; if (storage_class == DirectClass) bytes_per_line*=image->alpha_trait != UndefinedPixelTrait ? 4 : 3; buffer=(unsigned char *) AcquireQuantumMemory(PictInfoSize,sizeof(*buffer)); packed_scanline=(unsigned char *) AcquireQuantumMemory((size_t) (row_bytes+MaxCount),sizeof(*packed_scanline)); scanline=(unsigned char *) AcquireQuantumMemory(row_bytes,sizeof(*scanline)); if ((buffer == (unsigned char *) NULL) || (packed_scanline == (unsigned char *) NULL) || (scanline == (unsigned char *) NULL)) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); (void) ResetMagickMemory(scanline,0,row_bytes); (void) ResetMagickMemory(packed_scanline,0,(size_t) (row_bytes+MaxCount)); (void) ResetMagickMemory(buffer,0,PictInfoSize); (void) WriteBlob(image,PictInfoSize,buffer); (void) WriteBlobMSBShort(image,0); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.right); (void) WriteBlobMSBShort(image,PictVersion); (void) WriteBlobMSBShort(image,0x02ff); (void) WriteBlobMSBShort(image,PictInfoOp); (void) WriteBlobMSBLong(image,0xFFFE0000UL); (void) WriteBlobMSBShort(image,(unsigned short) x_resolution); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) y_resolution); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.right); (void) WriteBlobMSBLong(image,0x00000000L); profile=GetImageProfile(image,""iptc""); if (profile != (StringInfo *) NULL) { (void) WriteBlobMSBShort(image,0xa1); (void) WriteBlobMSBShort(image,0x1f2); (void) WriteBlobMSBShort(image,(unsigned short) (GetStringInfoLength(profile)+4)); (void) WriteBlobString(image,""8BIM""); (void) WriteBlob(image,GetStringInfoLength(profile), GetStringInfoDatum(profile)); } profile=GetImageProfile(image,""icc""); if (profile != (StringInfo *) NULL) { (void) WriteBlobMSBShort(image,0xa1); (void) WriteBlobMSBShort(image,0xe0); (void) WriteBlobMSBShort(image,(unsigned short) (GetStringInfoLength(profile)+4)); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlob(image,GetStringInfoLength(profile), GetStringInfoDatum(profile)); (void) WriteBlobMSBShort(image,0xa1); (void) WriteBlobMSBShort(image,0xe0); (void) WriteBlobMSBShort(image,4); (void) WriteBlobMSBLong(image,0x00000002UL); } (void) WriteBlobMSBShort(image,PictCropRegionOp); (void) WriteBlobMSBShort(image,0xa); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.right); if (image_info->compression == JPEGCompression) { Image *jpeg_image; ImageInfo *jpeg_info; size_t length; unsigned char *blob; jpeg_image=CloneImage(image,0,0,MagickTrue,exception); if (jpeg_image == (Image *) NULL) { (void) CloseBlob(image); return(MagickFalse); } jpeg_info=CloneImageInfo(image_info); (void) CopyMagickString(jpeg_info->magick,""JPEG"",MagickPathExtent); length=0; blob=(unsigned char *) ImageToBlob(jpeg_info,jpeg_image,&length, exception); jpeg_info=DestroyImageInfo(jpeg_info); if (blob == (unsigned char *) NULL) return(MagickFalse); jpeg_image=DestroyImage(jpeg_image); (void) WriteBlobMSBShort(image,PictJPEGOp); (void) WriteBlobMSBLong(image,(unsigned int) length+154); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBLong(image,0x00010000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00010000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x40000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00400000UL); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) image->rows); (void) WriteBlobMSBShort(image,(unsigned short) image->columns); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,768); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00566A70UL); (void) WriteBlobMSBLong(image,0x65670000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000001UL); (void) WriteBlobMSBLong(image,0x00016170UL); (void) WriteBlobMSBLong(image,0x706C0000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBShort(image,768); (void) WriteBlobMSBShort(image,(unsigned short) image->columns); (void) WriteBlobMSBShort(image,(unsigned short) image->rows); (void) WriteBlobMSBShort(image,(unsigned short) x_resolution); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) y_resolution); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x87AC0001UL); (void) WriteBlobMSBLong(image,0x0B466F74UL); (void) WriteBlobMSBLong(image,0x6F202D20UL); (void) WriteBlobMSBLong(image,0x4A504547UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x0018FFFFUL); (void) WriteBlob(image,length,blob); if ((length & 0x01) != 0) (void) WriteBlobByte(image,'\0'); blob=(unsigned char *) RelinquishMagickMemory(blob); } if (storage_class == PseudoClass) (void) WriteBlobMSBShort(image,PictPICTOp); else { (void) WriteBlobMSBShort(image,PictPixmapOp); (void) WriteBlobMSBLong(image,(size_t) base_address); } (void) WriteBlobMSBShort(image,(unsigned short) (row_bytes | 0x8000)); (void) WriteBlobMSBShort(image,(unsigned short) bounds.top); (void) WriteBlobMSBShort(image,(unsigned short) bounds.left); (void) WriteBlobMSBShort(image,(unsigned short) bounds.bottom); (void) WriteBlobMSBShort(image,(unsigned short) bounds.right); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.version); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.pack_type); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.pack_size); (void) WriteBlobMSBShort(image,(unsigned short) (x_resolution+0.5)); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) (y_resolution+0.5)); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.pixel_type); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.bits_per_pixel); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.component_count); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.component_size); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.plane_bytes); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.table); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.reserved); if (storage_class == PseudoClass) { (void) WriteBlobMSBLong(image,0x00000000L); (void) WriteBlobMSBShort(image,0L); (void) WriteBlobMSBShort(image,(unsigned short) (image->colors-1)); for (i=0; i < (ssize_t) image->colors; i++) { (void) WriteBlobMSBShort(image,(unsigned short) i); (void) WriteBlobMSBShort(image,ScaleQuantumToShort( image->colormap[i].red)); (void) WriteBlobMSBShort(image,ScaleQuantumToShort( image->colormap[i].green)); (void) WriteBlobMSBShort(image,ScaleQuantumToShort( image->colormap[i].blue)); } } (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.right); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.right); (void) WriteBlobMSBShort(image,(unsigned short) transfer_mode); count=0; if (storage_class == PseudoClass) for (y=0; y < (ssize_t) image->rows; y++) { p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { scanline[x]=(unsigned char) GetPixelIndex(image,p); p+=GetPixelChannels(image); } count+=EncodeImage(image,scanline,(size_t) (row_bytes & 0x7FFF), packed_scanline); if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } else if (image_info->compression == JPEGCompression) { (void) ResetMagickMemory(scanline,0,row_bytes); for (y=0; y < (ssize_t) image->rows; y++) count+=EncodeImage(image,scanline,(size_t) (row_bytes & 0x7FFF), packed_scanline); } else { register unsigned char *blue, *green, *opacity, *red; red=scanline; green=scanline+image->columns; blue=scanline+2*image->columns; opacity=scanline+3*image->columns; for (y=0; y < (ssize_t) image->rows; y++) { p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; red=scanline; green=scanline+image->columns; blue=scanline+2*image->columns; if (image->alpha_trait != UndefinedPixelTrait) { opacity=scanline; red=scanline+image->columns; green=scanline+2*image->columns; blue=scanline+3*image->columns; } for (x=0; x < (ssize_t) image->columns; x++) { *red++=ScaleQuantumToChar(GetPixelRed(image,p)); *green++=ScaleQuantumToChar(GetPixelGreen(image,p)); *blue++=ScaleQuantumToChar(GetPixelBlue(image,p)); if (image->alpha_trait != UndefinedPixelTrait) *opacity++=ScaleQuantumToChar((Quantum) (GetPixelAlpha(image,p))); p+=GetPixelChannels(image); } count+=EncodeImage(image,scanline,bytes_per_line & 0x7FFF, packed_scanline); if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } } if ((count & 0x01) != 0) (void) WriteBlobByte(image,'\0'); (void) WriteBlobMSBShort(image,PictEndOfPictureOp); offset=TellBlob(image); offset=SeekBlob(image,512,SEEK_SET); (void) WriteBlobMSBShort(image,(unsigned short) offset); scanline=(unsigned char *) RelinquishMagickMemory(scanline); packed_scanline=(unsigned char *) RelinquishMagickMemory(packed_scanline); buffer=(unsigned char *) RelinquishMagickMemory(buffer); (void) CloseBlob(image); return(MagickTrue); }",visit repo url,coders/pict.c,https://github.com/ImageMagick/ImageMagick,186493089683415,1 3402,['CWE-264'],"asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) { struct inode * inode; struct dentry * dentry; struct file * file; int err = -EBADF; struct iattr newattrs; file = fget(fd); if (!file) goto out; dentry = file->f_path.dentry; inode = dentry->d_inode; audit_inode(NULL, inode); err = -EROFS; if (IS_RDONLY(inode)) goto out_putf; err = -EPERM; if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) goto out_putf; mutex_lock(&inode->i_mutex); if (mode == (mode_t) -1) mode = inode->i_mode; newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; err = notify_change(dentry, &newattrs); mutex_unlock(&inode->i_mutex); out_putf: fput(file); out: return err; }",linux-2.6,,,68639645671496050423498444589386183006,0 2215,['CWE-193'],"static ssize_t generic_perform_write_2copy(struct file *file, struct iov_iter *i, loff_t pos) { struct address_space *mapping = file->f_mapping; const struct address_space_operations *a_ops = mapping->a_ops; struct inode *inode = mapping->host; long status = 0; ssize_t written = 0; do { struct page *src_page; struct page *page; pgoff_t index; unsigned long offset; unsigned long bytes; size_t copied; offset = (pos & (PAGE_CACHE_SIZE - 1)); index = pos >> PAGE_CACHE_SHIFT; bytes = min_t(unsigned long, PAGE_CACHE_SIZE - offset, iov_iter_count(i)); src_page = NULL; if (unlikely(iov_iter_fault_in_readable(i, bytes))) { status = -EFAULT; break; } page = __grab_cache_page(mapping, index); if (!page) { status = -ENOMEM; break; } if (!PageUptodate(page) && !segment_eq(get_fs(), KERNEL_DS)) { unlock_page(page); src_page = alloc_page(GFP_KERNEL); if (!src_page) { page_cache_release(page); status = -ENOMEM; break; } copied = iov_iter_copy_from_user(src_page, i, offset, bytes); if (unlikely(copied == 0)) { status = -EFAULT; page_cache_release(page); page_cache_release(src_page); break; } bytes = copied; lock_page(page); if (unlikely(!page->mapping || PageUptodate(page))) { unlock_page(page); page_cache_release(page); page_cache_release(src_page); continue; } } status = a_ops->prepare_write(file, page, offset, offset+bytes); if (unlikely(status)) goto fs_write_aop_error; if (!src_page) { pagefault_disable(); copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes); pagefault_enable(); } else { void *src, *dst; src = kmap_atomic(src_page, KM_USER0); dst = kmap_atomic(page, KM_USER1); memcpy(dst + offset, src + offset, bytes); kunmap_atomic(dst, KM_USER1); kunmap_atomic(src, KM_USER0); copied = bytes; } flush_dcache_page(page); status = a_ops->commit_write(file, page, offset, offset+bytes); if (unlikely(status < 0)) goto fs_write_aop_error; if (unlikely(status > 0)) copied = min_t(size_t, copied, status); unlock_page(page); mark_page_accessed(page); page_cache_release(page); if (src_page) page_cache_release(src_page); iov_iter_advance(i, copied); pos += copied; written += copied; balance_dirty_pages_ratelimited(mapping); cond_resched(); continue; fs_write_aop_error: unlock_page(page); page_cache_release(page); if (src_page) page_cache_release(src_page); if (pos + bytes > inode->i_size) vmtruncate(inode, inode->i_size); break; } while (iov_iter_count(i)); return written ? written : status; }",linux-2.6,,,20914530940183921957951767610330777027,0 6022,NVD-CWE-noinfo,"static void bits2int(uECC_word_t *native, const uint8_t *bits, unsigned bits_size, uECC_Curve curve) { unsigned num_n_bytes = BITS_TO_BYTES(curve->num_n_bits); unsigned num_n_words = BITS_TO_WORDS(curve->num_n_bits); int shift; uECC_word_t carry; uECC_word_t *ptr; if (bits_size > num_n_bytes) { bits_size = num_n_bytes; } uECC_vli_clear(native, num_n_words); #if uECC_VLI_NATIVE_LITTLE_ENDIAN bcopy((uint8_t *) native, bits, bits_size); #else uECC_vli_bytesToNative(native, bits, bits_size); #endif if (bits_size * 8 <= (unsigned)curve->num_n_bits) { return; } shift = bits_size * 8 - curve->num_n_bits; carry = 0; ptr = native + num_n_words; while (ptr-- > native) { uECC_word_t temp = *ptr; *ptr = (temp >> shift) | carry; carry = temp << (uECC_WORD_BITS - shift); } if (uECC_vli_cmp_unsafe(curve->n, native, num_n_words) != 1) { uECC_vli_sub(native, native, curve->n, num_n_words); } }",visit repo url,uECC.c,https://github.com/kmackay/micro-ecc,169676495564654,1 2951,CWE-59,"int mount_proc_if_needed(const char *rootfs) { char path[MAXPATHLEN]; char link[20]; int linklen, ret; int mypid; ret = snprintf(path, MAXPATHLEN, ""%s/proc/self"", rootfs); if (ret < 0 || ret >= MAXPATHLEN) { SYSERROR(""proc path name too long""); return -1; } memset(link, 0, 20); linklen = readlink(path, link, 20); mypid = (int)getpid(); INFO(""I am %d, /proc/self points to '%s'"", mypid, link); ret = snprintf(path, MAXPATHLEN, ""%s/proc"", rootfs); if (ret < 0 || ret >= MAXPATHLEN) { SYSERROR(""proc path name too long""); return -1; } if (linklen < 0) goto domount; if (atoi(link) != mypid) { umount2(path, MNT_DETACH); goto domount; } return 0; domount: if (mount(""proc"", path, ""proc"", 0, NULL)) return -1; INFO(""Mounted /proc in container for security transition""); return 1; }",visit repo url,src/lxc/utils.c,https://github.com/lxc/lxc,13478413389151,1 3085,['CWE-189'],"int jas_clrspc_numchans(int clrspc) { switch (jas_clrspc_fam(clrspc)) { case JAS_CLRSPC_FAM_XYZ: case JAS_CLRSPC_FAM_LAB: case JAS_CLRSPC_FAM_RGB: case JAS_CLRSPC_FAM_YCBCR: return 3; break; case JAS_CLRSPC_FAM_GRAY: return 1; break; default: abort(); break; } }",jasper,,,17215924872788047693200944374887717291,0 587,CWE-119,"int ieee80211_radiotap_iterator_init( struct ieee80211_radiotap_iterator *iterator, struct ieee80211_radiotap_header *radiotap_header, int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns) { if (radiotap_header->it_version) return -EINVAL; if (max_length < get_unaligned_le16(&radiotap_header->it_len)) return -EINVAL; iterator->_rtheader = radiotap_header; iterator->_max_length = get_unaligned_le16(&radiotap_header->it_len); iterator->_arg_index = 0; iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present); iterator->_arg = (uint8_t *)radiotap_header + sizeof(*radiotap_header); iterator->_reset_on_ext = 0; iterator->_next_bitmap = &radiotap_header->it_present; iterator->_next_bitmap++; iterator->_vns = vns; iterator->current_namespace = &radiotap_ns; iterator->is_radiotap_ns = 1; if (iterator->_bitmap_shifter & (1<_arg) & (1 << IEEE80211_RADIOTAP_EXT)) { iterator->_arg += sizeof(uint32_t); if ((unsigned long)iterator->_arg - (unsigned long)iterator->_rtheader > (unsigned long)iterator->_max_length) return -EINVAL; } iterator->_arg += sizeof(uint32_t); } iterator->this_arg = iterator->_arg; return 0; }",visit repo url,net/wireless/radiotap.c,https://github.com/torvalds/linux,141580299275661,1 1388,[],"static inline struct cfs_rq *task_cfs_rq(struct task_struct *p) { return p->se.cfs_rq; }",linux-2.6,,,112032490517107858715242141703725852022,0 1915,CWE-476,"static int f2fs_read_data_page(struct file *file, struct page *page) { struct inode *inode = page->mapping->host; int ret = -EAGAIN; trace_f2fs_readpage(page, DATA); if (f2fs_has_inline_data(inode)) ret = f2fs_read_inline_data(inode, page); if (ret == -EAGAIN) ret = f2fs_mpage_readpages(page->mapping, NULL, page, 1, false); return ret; }",visit repo url,fs/f2fs/data.c,https://github.com/torvalds/linux,118680520816984,1 1136,CWE-20,"int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset, int len) { int r; unsigned long addr; addr = gfn_to_hva(kvm, gfn); if (kvm_is_error_hva(addr)) return -EFAULT; r = copy_from_user(data, (void __user *)addr + offset, len); if (r) return -EFAULT; return 0; }",visit repo url,virt/kvm/kvm_main.c,https://github.com/torvalds/linux,133519343147509,1 2336,CWE-399,"void ves_icall_System_Threading_InternalThread_Thread_free_internal (MonoInternalThread *this, HANDLE thread) { MONO_ARCH_SAVE_REGS; THREAD_DEBUG (g_message (""%s: Closing thread %p, handle %p"", __func__, this, thread)); if (thread) CloseHandle (thread); if (this->synch_cs) { DeleteCriticalSection (this->synch_cs); g_free (this->synch_cs); this->synch_cs = NULL; } g_free (this->name); }",visit repo url,mono/metadata/threads.c,https://github.com/mono/mono,170157652735827,1 6406,CWE-20,"error_t enc624j600SendPacket(NetInterface *interface, const NetBuffer *buffer, size_t offset, NetTxAncillary *ancillary) { size_t length; length = netBufferGetLength(buffer) - offset; if(length > 1536) { osSetEvent(&interface->nicTxEvent); return ERROR_INVALID_LENGTH; } if(!interface->linkState) { osSetEvent(&interface->nicTxEvent); return NO_ERROR; } if(enc624j600ReadReg(interface, ENC624J600_REG_ECON1) & ECON1_TXRTS) { return ERROR_FAILURE; } enc624j600WriteReg(interface, ENC624J600_REG_EGPWRPT, ENC624J600_TX_BUFFER_START); enc624j600WriteBuffer(interface, ENC624J600_CMD_WGPDATA, buffer, offset); enc624j600WriteReg(interface, ENC624J600_REG_ETXST, ENC624J600_TX_BUFFER_START); enc624j600WriteReg(interface, ENC624J600_REG_ETXLEN, length); enc624j600ClearBit(interface, ENC624J600_REG_EIR, EIR_TXIF | EIR_TXABTIF); enc624j600SetBit(interface, ENC624J600_REG_ECON1, ECON1_TXRTS); return NO_ERROR; }",visit repo url,drivers/eth/enc624j600_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,38684327700338,1 3569,CWE-190,"static int jpc_ppm_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_ppm_t *ppm = &ms->parms.ppm; cstate = 0; ppm->data = 0; if (ms->len < 1) { goto error; } if (jpc_getuint8(in, &ppm->ind)) { goto error; } ppm->len = ms->len - 1; if (ppm->len > 0) { if (!(ppm->data = jas_malloc(ppm->len))) { goto error; } if (JAS_CAST(uint, jas_stream_read(in, ppm->data, ppm->len)) != ppm->len) { goto error; } } else { ppm->data = 0; } return 0; error: jpc_ppm_destroyparms(ms); return -1; }",visit repo url,src/libjasper/jpc/jpc_cs.c,https://github.com/mdadams/jasper,251380772730862,1 6524,CWE-125,"size_t mobi_get_attribute_value(char *value, const unsigned char *data, const size_t size, const char *attribute, bool only_quoted) { if (!data) { debug_print(""Data is null%s"", ""\n""); return SIZE_MAX; } size_t length = size; size_t attr_length = strlen(attribute); if (attr_length > MOBI_ATTRNAME_MAXSIZE) { debug_print(""Attribute too long: %zu\n"", attr_length); return SIZE_MAX; } char attr[MOBI_ATTRNAME_MAXSIZE + 2]; strcpy(attr, attribute); strcat(attr, ""=""); attr_length++; if (size < attr_length) { return SIZE_MAX; } unsigned char last_border = '\0'; do { if (*data == '<' || *data == '>') { last_border = *data; } if (length > attr_length + 1 && memcmp(data, attr, attr_length) == 0) { size_t offset = size - length; if (last_border == '>') { data += attr_length; length -= attr_length - 1; continue; } if (offset > 0) { if (data[-1] != '<' && !isspace(data[-1])) { data += attr_length; length -= attr_length - 1; continue; } } data += attr_length; length -= attr_length; unsigned char separator; if (*data != '\'' && *data != '""') { if (only_quoted) { continue; } separator = ' '; } else { separator = *data; data++; length--; } size_t j; for (j = 0; j < MOBI_ATTRVALUE_MAXSIZE && length && *data != separator && *data != '>'; j++) { *value++ = (char) *data++; length--; } if (*(data - 1) == '/' && *data == '>') { value--; } *value = '\0'; return size - length - j; } data++; } while (--length); value[0] = '\0'; return SIZE_MAX; }",visit repo url,src/parse_rawml.c,https://github.com/bfabiszewski/libmobi,27672189136364,1 4606,CWE-787,"static s32 gf_hevc_read_vps_bs_internal(GF_BitStream *bs, HEVCState *hevc, Bool stop_at_vps_ext) { u8 vps_sub_layer_ordering_info_present_flag, vps_extension_flag; u32 i, j; s32 vps_id; HEVC_VPS *vps; u8 layer_id_included_flag[MAX_LHVC_LAYERS][64]; vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) return -1; vps = &hevc->vps[vps_id]; vps->bit_pos_vps_extensions = -1; if (!vps->state) { vps->id = vps_id; vps->state = 1; } vps->base_layer_internal_flag = gf_bs_read_int_log(bs, 1, ""base_layer_internal_flag""); vps->base_layer_available_flag = gf_bs_read_int_log(bs, 1, ""base_layer_available_flag""); vps->max_layers = 1 + gf_bs_read_int_log(bs, 6, ""max_layers_minus1""); if (vps->max_layers > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] sorry, %d layers in VPS but only %d supported\n"", vps->max_layers, MAX_LHVC_LAYERS)); return -1; } vps->max_sub_layers = gf_bs_read_int_log(bs, 3, ""max_sub_layers_minus1"") + 1; vps->temporal_id_nesting = gf_bs_read_int_log(bs, 1, ""temporal_id_nesting""); gf_bs_read_int_log(bs, 16, ""vps_reserved_ffff_16bits""); hevc_profile_tier_level(bs, 1, vps->max_sub_layers - 1, &vps->ptl, 0); vps_sub_layer_ordering_info_present_flag = gf_bs_read_int_log(bs, 1, ""vps_sub_layer_ordering_info_present_flag""); for (i = (vps_sub_layer_ordering_info_present_flag ? 0 : vps->max_sub_layers - 1); i < vps->max_sub_layers; i++) { gf_bs_read_ue_log_idx(bs, ""vps_max_dec_pic_buffering_minus1"", i); gf_bs_read_ue_log_idx(bs, ""vps_max_num_reorder_pics"", i); gf_bs_read_ue_log_idx(bs, ""vps_max_latency_increase_plus1"", i); } vps->max_layer_id = gf_bs_read_int_log(bs, 6, ""max_layer_id""); if (vps->max_layer_id > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] VPS max layer ID %u but GPAC only supports %u\n"", vps->max_layer_id, MAX_LHVC_LAYERS)); return -1; } vps->num_layer_sets = gf_bs_read_ue_log(bs, ""num_layer_sets_minus1"") + 1; if (vps->num_layer_sets > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Wrong number of layer sets in VPS %d\n"", vps->num_layer_sets)); return -1; } for (i = 1; i < vps->num_layer_sets; i++) { for (j = 0; j <= vps->max_layer_id; j++) { layer_id_included_flag[i][j] = gf_bs_read_int_log_idx2(bs, 1, ""layer_id_included_flag"", i, j); } } vps->num_layers_in_id_list[0] = 1; for (i = 1; i < vps->num_layer_sets; i++) { u32 n, m; n = 0; for (m = 0; m <= vps->max_layer_id; m++) { if (layer_id_included_flag[i][m]) { vps->LayerSetLayerIdList[i][n++] = m; if (vps->LayerSetLayerIdListMax[i] < m) vps->LayerSetLayerIdListMax[i] = m; } } vps->num_layers_in_id_list[i] = n; } if (gf_bs_read_int_log(bs, 1, ""vps_timing_info_present_flag"")) { u32 vps_num_hrd_parameters; gf_bs_read_int_log(bs, 32, ""vps_num_units_in_tick""); gf_bs_read_int_log(bs, 32, ""vps_time_scale""); if (gf_bs_read_int_log(bs, 1, ""vps_poc_proportional_to_timing_flag"")) { gf_bs_read_ue_log(bs, ""vps_num_ticks_poc_diff_one_minus1""); } vps_num_hrd_parameters = gf_bs_read_ue_log(bs, ""vps_num_hrd_parameters""); for (i = 0; i < vps_num_hrd_parameters; i++) { Bool cprms_present_flag = GF_TRUE; gf_bs_read_ue_log_idx(bs, ""hrd_layer_set_idx"", i); if (i > 0) cprms_present_flag = gf_bs_read_int_log(bs, 1, ""cprms_present_flag""); hevc_parse_hrd_parameters(bs, cprms_present_flag, vps->max_sub_layers - 1, i); } } if (stop_at_vps_ext) { return vps_id; } vps_extension_flag = gf_bs_read_int_log(bs, 1, ""vps_extension_flag""); if (vps_extension_flag) { Bool res; gf_bs_align(bs); res = hevc_parse_vps_extension(vps, bs); if (res != GF_TRUE) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Failed to parse VPS extensions\n"")); return -1; } if (gf_bs_read_int_log(bs, 1, ""vps_extension2_flag"")) { #if 0 while (gf_bs_available(bs)) { gf_bs_read_int(bs, 1); } #endif } } return vps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,85408619606295,1 319,[],"static int routing_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) { int ret; void *r = NULL; struct in6_rtmsg r6; struct rtentry r4; char devname[16]; u32 rtdev; mm_segment_t old_fs = get_fs(); struct socket *mysock = sockfd_lookup(fd, &ret); if (mysock && mysock->sk && mysock->sk->sk_family == AF_INET6) { struct in6_rtmsg32 __user *ur6 = compat_ptr(arg); ret = copy_from_user (&r6.rtmsg_dst, &(ur6->rtmsg_dst), 3 * sizeof(struct in6_addr)); ret |= __get_user (r6.rtmsg_type, &(ur6->rtmsg_type)); ret |= __get_user (r6.rtmsg_dst_len, &(ur6->rtmsg_dst_len)); ret |= __get_user (r6.rtmsg_src_len, &(ur6->rtmsg_src_len)); ret |= __get_user (r6.rtmsg_metric, &(ur6->rtmsg_metric)); ret |= __get_user (r6.rtmsg_info, &(ur6->rtmsg_info)); ret |= __get_user (r6.rtmsg_flags, &(ur6->rtmsg_flags)); ret |= __get_user (r6.rtmsg_ifindex, &(ur6->rtmsg_ifindex)); r = (void *) &r6; } else { struct rtentry32 __user *ur4 = compat_ptr(arg); ret = copy_from_user (&r4.rt_dst, &(ur4->rt_dst), 3 * sizeof(struct sockaddr)); ret |= __get_user (r4.rt_flags, &(ur4->rt_flags)); ret |= __get_user (r4.rt_metric, &(ur4->rt_metric)); ret |= __get_user (r4.rt_mtu, &(ur4->rt_mtu)); ret |= __get_user (r4.rt_window, &(ur4->rt_window)); ret |= __get_user (r4.rt_irtt, &(ur4->rt_irtt)); ret |= __get_user (rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user (devname, compat_ptr(rtdev), 15); r4.rt_dev = devname; devname[15] = 0; } else r4.rt_dev = NULL; r = (void *) &r4; } if (ret) { ret = -EFAULT; goto out; } set_fs (KERNEL_DS); ret = sys_ioctl (fd, cmd, (unsigned long) r); set_fs (old_fs); out: if (mysock) sockfd_put(mysock); return ret; }",linux-2.6,,,257443513163165163442844843430974370060,0 1970,CWE-416,"static void ext4_clamp_want_extra_isize(struct super_block *sb) { struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_super_block *es = sbi->s_es; if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE && sbi->s_want_extra_isize == 0) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; if (ext4_has_feature_extra_isize(sb)) { if (sbi->s_want_extra_isize < le16_to_cpu(es->s_want_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_want_extra_isize); if (sbi->s_want_extra_isize < le16_to_cpu(es->s_min_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_min_extra_isize); } } if (EXT4_GOOD_OLD_INODE_SIZE + sbi->s_want_extra_isize > sbi->s_inode_size) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; ext4_msg(sb, KERN_INFO, ""required extra inode space not available""); } }",visit repo url,fs/ext4/super.c,https://github.com/torvalds/linux,223126092730518,1 2305,CWE-399,"long video_ioctl2(struct file *file, unsigned int cmd, unsigned long arg) { char sbuf[128]; void *mbuf = NULL; void *parg = (void *)arg; long err = -EINVAL; bool has_array_args; size_t array_size = 0; void __user *user_ptr = NULL; void **kernel_ptr = NULL; if (_IOC_DIR(cmd) != _IOC_NONE) { if (_IOC_SIZE(cmd) <= sizeof(sbuf)) { parg = sbuf; } else { mbuf = kmalloc(_IOC_SIZE(cmd), GFP_KERNEL); if (NULL == mbuf) return -ENOMEM; parg = mbuf; } err = -EFAULT; if (_IOC_DIR(cmd) & _IOC_WRITE) { unsigned long n = cmd_input_size(cmd); if (copy_from_user(parg, (void __user *)arg, n)) goto out; if (n < _IOC_SIZE(cmd)) memset((u8 *)parg + n, 0, _IOC_SIZE(cmd) - n); } else { memset(parg, 0, _IOC_SIZE(cmd)); } } err = check_array_args(cmd, parg, &array_size, &user_ptr, &kernel_ptr); if (err < 0) goto out; has_array_args = err; if (has_array_args) { mbuf = kmalloc(array_size, GFP_KERNEL); err = -ENOMEM; if (NULL == mbuf) goto out_array_args; err = -EFAULT; if (copy_from_user(mbuf, user_ptr, array_size)) goto out_array_args; *kernel_ptr = mbuf; } err = __video_do_ioctl(file, cmd, parg); if (err == -ENOIOCTLCMD) err = -EINVAL; if (has_array_args) { *kernel_ptr = user_ptr; if (copy_to_user(user_ptr, mbuf, array_size)) err = -EFAULT; goto out_array_args; } if (err < 0) goto out; out_array_args: switch (_IOC_DIR(cmd)) { case _IOC_READ: case (_IOC_WRITE | _IOC_READ): if (copy_to_user((void __user *)arg, parg, _IOC_SIZE(cmd))) err = -EFAULT; break; } out: kfree(mbuf); return err; }",visit repo url,drivers/media/video/v4l2-ioctl.c,https://github.com/torvalds/linux,270704853489482,1 22,CWE-284,"check_rpcsec_auth(struct svc_req *rqstp) { gss_ctx_id_t ctx; krb5_context kctx; OM_uint32 maj_stat, min_stat; gss_name_t name; krb5_principal princ; int ret, success; krb5_data *c1, *c2, *realm; gss_buffer_desc gss_str; kadm5_server_handle_t handle; size_t slen; char *sdots; success = 0; handle = (kadm5_server_handle_t)global_server_handle; if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS) return 0; ctx = rqstp->rq_svccred; maj_stat = gss_inquire_context(&min_stat, ctx, NULL, &name, NULL, NULL, NULL, NULL, NULL); if (maj_stat != GSS_S_COMPLETE) { krb5_klog_syslog(LOG_ERR, _(""check_rpcsec_auth: failed "" ""inquire_context, stat=%u""), maj_stat); log_badauth(maj_stat, min_stat, rqstp->rq_xprt, NULL); goto fail_name; } kctx = handle->context; ret = gss_to_krb5_name_1(rqstp, kctx, name, &princ, &gss_str); if (ret == 0) goto fail_name; slen = gss_str.length; trunc_name(&slen, &sdots); if (krb5_princ_size(kctx, princ) != 2) goto fail_princ; c1 = krb5_princ_component(kctx, princ, 0); c2 = krb5_princ_component(kctx, princ, 1); realm = krb5_princ_realm(kctx, princ); if (strncmp(handle->params.realm, realm->data, realm->length) == 0 && strncmp(""kadmin"", c1->data, c1->length) == 0) { if (strncmp(""history"", c2->data, c2->length) == 0) goto fail_princ; else success = 1; } fail_princ: if (!success) { krb5_klog_syslog(LOG_ERR, _(""bad service principal %.*s%s""), (int) slen, (char *) gss_str.value, sdots); } gss_release_buffer(&min_stat, &gss_str); krb5_free_principal(kctx, princ); fail_name: gss_release_name(&min_stat, &name); return success; }",visit repo url,src/kadmin/server/kadm_rpc_svc.c,https://github.com/krb5/krb5,67134553159240,1 6040,['CWE-200'],"static struct tcf_proto **cbq_find_tcf(struct Qdisc *sch, unsigned long arg) { struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *cl = (struct cbq_class *)arg; if (cl == NULL) cl = &q->link; return &cl->filter_list; }",linux-2.6,,,266727463129037390627235934391957328854,0 3374,['CWE-399'],"__generic_file_splice_read(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { struct address_space *mapping = in->f_mapping; unsigned int loff, nr_pages, req_pages; struct page *pages[PIPE_BUFFERS]; struct partial_page partial[PIPE_BUFFERS]; struct page *page; pgoff_t index, end_index; loff_t isize; int error, page_nr; struct splice_pipe_desc spd = { .pages = pages, .partial = partial, .flags = flags, .ops = &page_cache_pipe_buf_ops, }; index = *ppos >> PAGE_CACHE_SHIFT; loff = *ppos & ~PAGE_CACHE_MASK; req_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; nr_pages = min(req_pages, (unsigned)PIPE_BUFFERS); spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages); index += spd.nr_pages; if (spd.nr_pages < nr_pages) page_cache_sync_readahead(mapping, &in->f_ra, in, index, req_pages - spd.nr_pages); error = 0; while (spd.nr_pages < nr_pages) { page = find_get_page(mapping, index); if (!page) { page = page_cache_alloc_cold(mapping); if (!page) break; error = add_to_page_cache_lru(page, mapping, index, GFP_KERNEL); if (unlikely(error)) { page_cache_release(page); if (error == -EEXIST) continue; break; } unlock_page(page); } pages[spd.nr_pages++] = page; index++; } index = *ppos >> PAGE_CACHE_SHIFT; nr_pages = spd.nr_pages; spd.nr_pages = 0; for (page_nr = 0; page_nr < nr_pages; page_nr++) { unsigned int this_len; if (!len) break; this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff); page = pages[page_nr]; if (PageReadahead(page)) page_cache_async_readahead(mapping, &in->f_ra, in, page, index, req_pages - page_nr); if (!PageUptodate(page)) { if (flags & SPLICE_F_NONBLOCK) { if (TestSetPageLocked(page)) break; } else lock_page(page); if (!page->mapping) { unlock_page(page); break; } if (PageUptodate(page)) { unlock_page(page); goto fill_it; } error = mapping->a_ops->readpage(in, page); if (unlikely(error)) { if (error == AOP_TRUNCATED_PAGE) error = 0; break; } } fill_it: isize = i_size_read(mapping->host); end_index = (isize - 1) >> PAGE_CACHE_SHIFT; if (unlikely(!isize || index > end_index)) break; if (end_index == index) { unsigned int plen; plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1; if (plen <= loff) break; this_len = min(this_len, plen - loff); len = this_len; } partial[page_nr].offset = loff; partial[page_nr].len = this_len; len -= this_len; loff = 0; spd.nr_pages++; index++; } while (page_nr < nr_pages) page_cache_release(pages[page_nr++]); in->f_ra.prev_index = index; if (spd.nr_pages) return splice_to_pipe(pipe, &spd); return error; }",linux-2.6,,,121375069238004940112522901743895644982,0 5427,['CWE-476'],"void kvm_vcpu_kick(struct kvm_vcpu *vcpu) { int ipi_pcpu = vcpu->cpu; int cpu = get_cpu(); if (waitqueue_active(&vcpu->wq)) { wake_up_interruptible(&vcpu->wq); ++vcpu->stat.halt_wakeup; } if (vcpu->guest_mode && vcpu->cpu != cpu) smp_call_function_single(ipi_pcpu, vcpu_kick_intr, vcpu, 0); put_cpu(); }",linux-2.6,,,129155663276575472695526541238228758417,0 6154,CWE-190,"void ep2_mul_dig(ep2_t r, const ep2_t p, const dig_t k) { ep2_t t; bn_t _k; int8_t u, naf[RLC_DIG + 1]; int l; ep2_null(t); bn_null(_k); if (k == 0 || ep2_is_infty(p)) { ep2_set_infty(r); return; } RLC_TRY { ep2_new(t); bn_new(_k); bn_set_dig(_k, k); l = RLC_DIG + 1; bn_rec_naf(naf, &l, _k, 2); ep2_set_infty(t); for (int i = l - 1; i >= 0; i--) { ep2_dbl(t, t); u = naf[i]; if (u > 0) { ep2_add(t, t, p); } else if (u < 0) { ep2_sub(t, t, p); } } ep2_norm(r, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { ep2_free(t); bn_free(_k); } }",visit repo url,src/epx/relic_ep2_mul.c,https://github.com/relic-toolkit/relic,46459298000690,1 4523,CWE-190,"static Fixed lsr_translate_scale(GF_LASeRCodec *lsr, u32 val) { if (val >> (lsr->coord_bits-1) ) { s32 v = val - (1<coord_bits); return INT2FIX(v) / 256 ; } else { return INT2FIX(val) / 256; } }",visit repo url,src/laser/lsr_dec.c,https://github.com/gpac/gpac,95915782955899,1 5296,CWE-190,"TEE_Result syscall_asymm_verify(unsigned long state, const struct utee_attribute *usr_params, size_t num_params, const void *data, size_t data_len, const void *sig, size_t sig_len) { TEE_Result res; struct tee_cryp_state *cs; struct tee_ta_session *sess; struct tee_obj *o; size_t hash_size; int salt_len = 0; TEE_Attribute *params = NULL; uint32_t hash_algo; struct user_ta_ctx *utc; res = tee_ta_get_current_session(&sess); if (res != TEE_SUCCESS) return res; utc = to_user_ta_ctx(sess->ctx); res = tee_svc_cryp_get_state(sess, tee_svc_uref_to_vaddr(state), &cs); if (res != TEE_SUCCESS) return res; if (cs->mode != TEE_MODE_VERIFY) return TEE_ERROR_BAD_PARAMETERS; res = tee_mmu_check_access_rights(utc, TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, (uaddr_t)data, data_len); if (res != TEE_SUCCESS) return res; res = tee_mmu_check_access_rights(utc, TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, (uaddr_t)sig, sig_len); if (res != TEE_SUCCESS) return res; params = malloc(sizeof(TEE_Attribute) * num_params); if (!params) return TEE_ERROR_OUT_OF_MEMORY; res = copy_in_attrs(utc, usr_params, num_params, params); if (res != TEE_SUCCESS) goto out; res = tee_obj_get(utc, cs->key1, &o); if (res != TEE_SUCCESS) goto out; if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } switch (TEE_ALG_GET_MAIN_ALG(cs->algo)) { case TEE_MAIN_ALGO_RSA: if (cs->algo != TEE_ALG_RSASSA_PKCS1_V1_5) { hash_algo = TEE_DIGEST_HASH_TO_ALGO(cs->algo); res = tee_hash_get_digest_size(hash_algo, &hash_size); if (res != TEE_SUCCESS) break; if (data_len != hash_size) { res = TEE_ERROR_BAD_PARAMETERS; break; } salt_len = pkcs1_get_salt_len(params, num_params, hash_size); } res = crypto_acipher_rsassa_verify(cs->algo, o->attr, salt_len, data, data_len, sig, sig_len); break; case TEE_MAIN_ALGO_DSA: hash_algo = TEE_DIGEST_HASH_TO_ALGO(cs->algo); res = tee_hash_get_digest_size(hash_algo, &hash_size); if (res != TEE_SUCCESS) break; if (data_len > hash_size) { res = TEE_ERROR_BAD_PARAMETERS; break; } res = crypto_acipher_dsa_verify(cs->algo, o->attr, data, data_len, sig, sig_len); break; case TEE_MAIN_ALGO_ECDSA: res = crypto_acipher_ecc_verify(cs->algo, o->attr, data, data_len, sig, sig_len); break; default: res = TEE_ERROR_NOT_SUPPORTED; } out: free(params); return res; }",visit repo url,core/tee/tee_svc_cryp.c,https://github.com/OP-TEE/optee_os,161414094762405,1 3125,['CWE-189'],"void jpc_init_t2state(jpc_enc_t *enc, int raflag) { jpc_enc_tcmpt_t *comp; jpc_enc_tcmpt_t *endcomps; jpc_enc_rlvl_t *lvl; jpc_enc_rlvl_t *endlvls; jpc_enc_band_t *band; jpc_enc_band_t *endbands; jpc_enc_cblk_t *cblk; jpc_enc_cblk_t *endcblks; jpc_enc_pass_t *pass; jpc_enc_pass_t *endpasses; jpc_tagtreenode_t *leaf; jpc_enc_tile_t *tile; int prcno; jpc_enc_prc_t *prc; tile = enc->curtile; endcomps = &tile->tcmpts[tile->numtcmpts]; for (comp = tile->tcmpts; comp != endcomps; ++comp) { endlvls = &comp->rlvls[comp->numrlvls]; for (lvl = comp->rlvls; lvl != endlvls; ++lvl) { if (!lvl->bands) { continue; } endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { continue; } for (prcno = 0, prc = band->prcs; prcno < lvl->numprcs; ++prcno, ++prc) { if (!prc->cblks) { continue; } jpc_tagtree_reset(prc->incltree); jpc_tagtree_reset(prc->nlibtree); endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { if (jas_stream_rewind(cblk->stream)) { assert(0); } cblk->curpass = (cblk->numpasses > 0) ? cblk->passes : 0; cblk->numencpasses = 0; cblk->numlenbits = 3; cblk->numimsbs = band->numbps - cblk->numbps; assert(cblk->numimsbs >= 0); leaf = jpc_tagtree_getleaf(prc->nlibtree, cblk - prc->cblks); jpc_tagtree_setvalue(prc->nlibtree, leaf, cblk->numimsbs); if (raflag) { endpasses = &cblk->passes[cblk->numpasses]; for (pass = cblk->passes; pass != endpasses; ++pass) { pass->lyrno = -1; pass->lyrno = 0; } } } } } } } }",jasper,,,232092580595883978115661216038087631049,0 5485,CWE-674,"static void renameColumnFunc( sqlite3_context *context, int NotUsed, sqlite3_value **argv ){ sqlite3 *db = sqlite3_context_db_handle(context); RenameCtx sCtx; const char *zSql = (const char*)sqlite3_value_text(argv[0]); const char *zDb = (const char*)sqlite3_value_text(argv[3]); const char *zTable = (const char*)sqlite3_value_text(argv[4]); int iCol = sqlite3_value_int(argv[5]); const char *zNew = (const char*)sqlite3_value_text(argv[6]); int bQuote = sqlite3_value_int(argv[7]); int bTemp = sqlite3_value_int(argv[8]); const char *zOld; int rc; Parse sParse; Walker sWalker; Index *pIdx; int i; Table *pTab; #ifndef SQLITE_OMIT_AUTHORIZATION sqlite3_xauth xAuth = db->xAuth; #endif UNUSED_PARAMETER(NotUsed); if( zSql==0 ) return; if( zTable==0 ) return; if( zNew==0 ) return; if( iCol<0 ) return; sqlite3BtreeEnterAll(db); pTab = sqlite3FindTable(db, zTable, zDb); if( pTab==0 || iCol>=pTab->nCol ){ sqlite3BtreeLeaveAll(db); return; } zOld = pTab->aCol[iCol].zName; memset(&sCtx, 0, sizeof(sCtx)); sCtx.iCol = ((iCol==pTab->iPKey) ? -1 : iCol); #ifndef SQLITE_OMIT_AUTHORIZATION db->xAuth = 0; #endif rc = renameParseSql(&sParse, zDb, 0, db, zSql, bTemp); memset(&sWalker, 0, sizeof(Walker)); sWalker.pParse = &sParse; sWalker.xExprCallback = renameColumnExprCb; sWalker.xSelectCallback = renameColumnSelectCb; sWalker.u.pRename = &sCtx; sCtx.pTab = pTab; if( rc!=SQLITE_OK ) goto renameColumnFunc_done; if( sParse.pNewTable ){ Select *pSelect = sParse.pNewTable->pSelect; if( pSelect ){ sParse.rc = SQLITE_OK; sqlite3SelectPrep(&sParse, sParse.pNewTable->pSelect, 0); rc = (db->mallocFailed ? SQLITE_NOMEM : sParse.rc); if( rc==SQLITE_OK ){ sqlite3WalkSelect(&sWalker, pSelect); } if( rc!=SQLITE_OK ) goto renameColumnFunc_done; }else{ int bFKOnly = sqlite3_stricmp(zTable, sParse.pNewTable->zName); FKey *pFKey; assert( sParse.pNewTable->pSelect==0 ); sCtx.pTab = sParse.pNewTable; if( bFKOnly==0 ){ renameTokenFind( &sParse, &sCtx, (void*)sParse.pNewTable->aCol[iCol].zName ); if( sCtx.iCol<0 ){ renameTokenFind(&sParse, &sCtx, (void*)&sParse.pNewTable->iPKey); } sqlite3WalkExprList(&sWalker, sParse.pNewTable->pCheck); for(pIdx=sParse.pNewTable->pIndex; pIdx; pIdx=pIdx->pNext){ sqlite3WalkExprList(&sWalker, pIdx->aColExpr); } for(pIdx=sParse.pNewIndex; pIdx; pIdx=pIdx->pNext){ sqlite3WalkExprList(&sWalker, pIdx->aColExpr); } } #ifndef SQLITE_OMIT_GENERATED_COLUMNS for(i=0; inCol; i++){ sqlite3WalkExpr(&sWalker, sParse.pNewTable->aCol[i].pDflt); } #endif for(pFKey=sParse.pNewTable->pFKey; pFKey; pFKey=pFKey->pNextFrom){ for(i=0; inCol; i++){ if( bFKOnly==0 && pFKey->aCol[i].iFrom==iCol ){ renameTokenFind(&sParse, &sCtx, (void*)&pFKey->aCol[i]); } if( 0==sqlite3_stricmp(pFKey->zTo, zTable) && 0==sqlite3_stricmp(pFKey->aCol[i].zCol, zOld) ){ renameTokenFind(&sParse, &sCtx, (void*)pFKey->aCol[i].zCol); } } } } }else if( sParse.pNewIndex ){ sqlite3WalkExprList(&sWalker, sParse.pNewIndex->aColExpr); sqlite3WalkExpr(&sWalker, sParse.pNewIndex->pPartIdxWhere); }else{ TriggerStep *pStep; rc = renameResolveTrigger(&sParse, (bTemp ? 0 : zDb)); if( rc!=SQLITE_OK ) goto renameColumnFunc_done; for(pStep=sParse.pNewTrigger->step_list; pStep; pStep=pStep->pNext){ if( pStep->zTarget ){ Table *pTarget = sqlite3LocateTable(&sParse, 0, pStep->zTarget, zDb); if( pTarget==pTab ){ if( pStep->pUpsert ){ ExprList *pUpsertSet = pStep->pUpsert->pUpsertSet; renameColumnElistNames(&sParse, &sCtx, pUpsertSet, zOld); } renameColumnIdlistNames(&sParse, &sCtx, pStep->pIdList, zOld); renameColumnElistNames(&sParse, &sCtx, pStep->pExprList, zOld); } } } if( sParse.pTriggerTab==pTab ){ renameColumnIdlistNames(&sParse, &sCtx,sParse.pNewTrigger->pColumns,zOld); } renameWalkTrigger(&sWalker, sParse.pNewTrigger); } assert( rc==SQLITE_OK ); rc = renameEditSql(context, &sCtx, zSql, zNew, bQuote); renameColumnFunc_done: if( rc!=SQLITE_OK ){ if( sParse.zErrMsg ){ renameColumnParseError(context, 0, argv[1], argv[2], &sParse); }else{ sqlite3_result_error_code(context, rc); } } renameParseCleanup(&sParse); renameTokenFree(db, sCtx.pList); #ifndef SQLITE_OMIT_AUTHORIZATION db->xAuth = xAuth; #endif sqlite3BtreeLeaveAll(db); }",visit repo url,src/alter.c,https://github.com/sqlite/sqlite,133915456356459,1 1289,[],"m4_mkstemp (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 2, 2)) return; mkstemp_helper (obs, ARG (0), ARG (1), strlen (ARG (1))); }",m4,,,90678325049567372999092501776231735856,0 5955,CWE-863,"zfs_fastaccesschk_execute(znode_t *zdp, cred_t *cr) { boolean_t owner = B_FALSE; boolean_t groupmbr = B_FALSE; boolean_t is_attr; uid_t uid = crgetuid(cr); if (zdp->z_pflags & ZFS_AV_QUARANTINED) return (1); is_attr = ((zdp->z_pflags & ZFS_XATTR) && (ZTOV(zdp)->v_type == VDIR)); if (is_attr) return (1); if (zdp->z_pflags & ZFS_NO_EXECS_DENIED) return (0); mutex_enter(&zdp->z_acl_lock); if (FUID_INDEX(zdp->z_uid) != 0 || FUID_INDEX(zdp->z_gid) != 0) { goto out_slow; } if (uid == zdp->z_uid) { owner = B_TRUE; if (zdp->z_mode & S_IXUSR) { goto out; } else { goto out_slow; } } if (groupmember(zdp->z_gid, cr)) { groupmbr = B_TRUE; if (zdp->z_mode & S_IXGRP) { goto out; } else { goto out_slow; } } if (!owner && !groupmbr) { if (zdp->z_mode & S_IXOTH) { goto out; } } out: mutex_exit(&zdp->z_acl_lock); return (0); out_slow: mutex_exit(&zdp->z_acl_lock); return (1); }",visit repo url,module/os/freebsd/zfs/zfs_acl.c,https://github.com/openzfs/zfs,155536398488683,1 3909,['CWE-399'],static int tda8425_shift12(int val) { return (val >> 12) | 0xf0; },linux-2.6,,,322400764894111229403593637958985847069,0 3858,CWE-122,"ins_compl_infercase_gettext( char_u *str, int actual_len, int actual_compl_length, int min_len) { int *wca; char_u *p; int i, c; int has_lower = FALSE; int was_letter = FALSE; IObuff[0] = NUL; wca = ALLOC_MULT(int, actual_len); if (wca == NULL) return IObuff; p = str; for (i = 0; i < actual_len; ++i) if (has_mbyte) wca[i] = mb_ptr2char_adv(&p); else wca[i] = *(p++); p = compl_orig_text; for (i = 0; i < min_len; ++i) { if (has_mbyte) c = mb_ptr2char_adv(&p); else c = *(p++); if (MB_ISLOWER(c)) { has_lower = TRUE; if (MB_ISUPPER(wca[i])) { for (i = actual_compl_length; i < actual_len; ++i) wca[i] = MB_TOLOWER(wca[i]); break; } } } if (!has_lower) { p = compl_orig_text; for (i = 0; i < min_len; ++i) { if (has_mbyte) c = mb_ptr2char_adv(&p); else c = *(p++); if (was_letter && MB_ISUPPER(c) && MB_ISLOWER(wca[i])) { for (i = actual_compl_length; i < actual_len; ++i) wca[i] = MB_TOUPPER(wca[i]); break; } was_letter = MB_ISLOWER(c) || MB_ISUPPER(c); } } p = compl_orig_text; for (i = 0; i < min_len; ++i) { if (has_mbyte) c = mb_ptr2char_adv(&p); else c = *(p++); if (MB_ISLOWER(c)) wca[i] = MB_TOLOWER(wca[i]); else if (MB_ISUPPER(c)) wca[i] = MB_TOUPPER(wca[i]); } p = IObuff; i = 0; while (i < actual_len && (p - IObuff + 6) < IOSIZE) if (has_mbyte) p += (*mb_char2bytes)(wca[i++], p); else *(p++) = wca[i++]; *p = NUL; vim_free(wca); return IObuff; }",visit repo url,src/insexpand.c,https://github.com/vim/vim,5485398088045,1 2076,[],"int udplite_get_port(struct sock *sk, unsigned short p, int (*c)(const struct sock *, const struct sock *)) { return __udp_lib_get_port(sk, p, udplite_hash, c); }",linux-2.6,,,205165005449915215225046813715069206681,0 1784,CWE-264,"check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, struct xt_table_info *newinfo, unsigned int *size, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, const char *name) { struct xt_entry_match *ematch; struct xt_entry_target *t; struct xt_target *target; unsigned int entry_offset; unsigned int j; int ret, off, h; duprintf(""check_compat_entry_size_and_hooks %p\n"", e); if ((unsigned long)e % __alignof__(struct compat_ip6t_entry) != 0 || (unsigned char *)e + sizeof(struct compat_ip6t_entry) >= limit || (unsigned char *)e + e->next_offset > limit) { duprintf(""Bad offset %p, limit = %p\n"", e, limit); return -EINVAL; } if (e->next_offset < sizeof(struct compat_ip6t_entry) + sizeof(struct compat_xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } if (!ip6_checkentry(&e->ipv6)) return -EINVAL; ret = xt_compat_check_entry_offsets(e, e->target_offset, e->next_offset); if (ret) return ret; off = sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); entry_offset = (void *)e - (void *)base; j = 0; xt_ematch_foreach(ematch, e) { ret = compat_find_calc_match(ematch, name, &e->ipv6, &off); if (ret != 0) goto release_matches; ++j; } t = compat_ip6t_get_target(e); target = xt_request_find_target(NFPROTO_IPV6, t->u.user.name, t->u.user.revision); if (IS_ERR(target)) { duprintf(""check_compat_entry_size_and_hooks: `%s' not found\n"", t->u.user.name); ret = PTR_ERR(target); goto release_matches; } t->u.kernel.target = target; off += xt_compat_target_offset(target); *size += off; ret = xt_compat_add_offset(AF_INET6, entry_offset, off); if (ret) goto out; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) newinfo->underflow[h] = underflows[h]; } memset(&e->counters, 0, sizeof(e->counters)); e->comefrom = 0; return 0; out: module_put(t->u.kernel.target->me); release_matches: xt_ematch_foreach(ematch, e) { if (j-- == 0) break; module_put(ematch->u.kernel.match->me); } return ret; }",visit repo url,net/ipv6/netfilter/ip6_tables.c,https://github.com/torvalds/linux,7316320200847,1 1525,[],"static void deactivate_task(struct rq *rq, struct task_struct *p, int sleep) { if (task_contributes_to_load(p)) rq->nr_uninterruptible++; dequeue_task(rq, p, sleep); dec_nr_running(rq); }",linux-2.6,,,246867969650154397082464981787235473356,0 2726,CWE-415,"static void _php_mb_regex_set_options(OnigOptionType options, OnigSyntaxType *syntax, OnigOptionType *prev_options, OnigSyntaxType **prev_syntax TSRMLS_DC) { if (prev_options != NULL) { *prev_options = MBREX(regex_default_options); } if (prev_syntax != NULL) { *prev_syntax = MBREX(regex_default_syntax); } MBREX(regex_default_options) = options; MBREX(regex_default_syntax) = syntax; }",visit repo url,ext/mbstring/php_mbregex.c,https://github.com/php/php-src,221735685763827,1 6145,['CWE-200'],"static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg) { struct tcmsg *tcm = NLMSG_DATA(n); struct rtattr **tca = arg; struct net_device *dev; u32 clid = tcm->tcm_parent; struct Qdisc *q = NULL; struct Qdisc *p = NULL; int err; if ((dev = __dev_get_by_index(tcm->tcm_ifindex)) == NULL) return -ENODEV; if (clid) { if (clid != TC_H_ROOT) { if (TC_H_MAJ(clid) != TC_H_MAJ(TC_H_INGRESS)) { if ((p = qdisc_lookup(dev, TC_H_MAJ(clid))) == NULL) return -ENOENT; q = qdisc_leaf(p, clid); } else { q = dev->qdisc_ingress; } } else { q = dev->qdisc_sleeping; } if (!q) return -ENOENT; if (tcm->tcm_handle && q->handle != tcm->tcm_handle) return -EINVAL; } else { if ((q = qdisc_lookup(dev, tcm->tcm_handle)) == NULL) return -ENOENT; } if (tca[TCA_KIND-1] && rtattr_strcmp(tca[TCA_KIND-1], q->ops->id)) return -EINVAL; if (n->nlmsg_type == RTM_DELQDISC) { if (!clid) return -EINVAL; if (q->handle == 0) return -ENOENT; if ((err = qdisc_graft(dev, p, clid, NULL, &q)) != 0) return err; if (q) { qdisc_notify(skb, n, clid, q, NULL); spin_lock_bh(&dev->queue_lock); qdisc_destroy(q); spin_unlock_bh(&dev->queue_lock); } } else { qdisc_notify(skb, n, clid, NULL, q); } return 0; }",linux-2.6,,,244956853030364476860763589816391761319,0 421,CWE-460,"int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm, pte_t *dst_pte, struct vm_area_struct *dst_vma, unsigned long dst_addr, unsigned long src_addr, struct page **pagep) { int vm_shared = dst_vma->vm_flags & VM_SHARED; struct hstate *h = hstate_vma(dst_vma); pte_t _dst_pte; spinlock_t *ptl; int ret; struct page *page; if (!*pagep) { ret = -ENOMEM; page = alloc_huge_page(dst_vma, dst_addr, 0); if (IS_ERR(page)) goto out; ret = copy_huge_page_from_user(page, (const void __user *) src_addr, pages_per_huge_page(h), false); if (unlikely(ret)) { ret = -EFAULT; *pagep = page; goto out; } } else { page = *pagep; *pagep = NULL; } __SetPageUptodate(page); set_page_huge_active(page); if (vm_shared) { struct address_space *mapping = dst_vma->vm_file->f_mapping; pgoff_t idx = vma_hugecache_offset(h, dst_vma, dst_addr); ret = huge_add_to_page_cache(page, mapping, idx); if (ret) goto out_release_nounlock; } ptl = huge_pte_lockptr(h, dst_mm, dst_pte); spin_lock(ptl); ret = -EEXIST; if (!huge_pte_none(huge_ptep_get(dst_pte))) goto out_release_unlock; if (vm_shared) { page_dup_rmap(page, true); } else { ClearPagePrivate(page); hugepage_add_new_anon_rmap(page, dst_vma, dst_addr); } _dst_pte = make_huge_pte(dst_vma, page, dst_vma->vm_flags & VM_WRITE); if (dst_vma->vm_flags & VM_WRITE) _dst_pte = huge_pte_mkdirty(_dst_pte); _dst_pte = pte_mkyoung(_dst_pte); set_huge_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte); (void)huge_ptep_set_access_flags(dst_vma, dst_addr, dst_pte, _dst_pte, dst_vma->vm_flags & VM_WRITE); hugetlb_count_add(pages_per_huge_page(h), dst_mm); update_mmu_cache(dst_vma, dst_addr, dst_pte); spin_unlock(ptl); if (vm_shared) unlock_page(page); ret = 0; out: return ret; out_release_unlock: spin_unlock(ptl); out_release_nounlock: if (vm_shared) unlock_page(page); put_page(page); goto out; }",visit repo url,mm/hugetlb.c,https://github.com/torvalds/linux,13015313189381,1 4863,['CWE-189'],"int ecryptfs_get_tfm_and_mutex_for_cipher_name(struct crypto_blkcipher **tfm, struct mutex **tfm_mutex, char *cipher_name) { struct ecryptfs_key_tfm *key_tfm; int rc = 0; (*tfm) = NULL; (*tfm_mutex) = NULL; mutex_lock(&key_tfm_list_mutex); if (!ecryptfs_tfm_exists(cipher_name, &key_tfm)) { rc = ecryptfs_add_new_key_tfm(&key_tfm, cipher_name, 0); if (rc) { printk(KERN_ERR ""Error adding new key_tfm to list; "" ""rc = [%d]\n"", rc); goto out; } } (*tfm) = key_tfm->key_tfm; (*tfm_mutex) = &key_tfm->key_tfm_mutex; out: mutex_unlock(&key_tfm_list_mutex); return rc; }",linux-2.6,,,48300268947505968396130988411525593610,0 6295,['CWE-200'],"static int qdisc_change(struct Qdisc *sch, struct rtattr **tca) { if (tca[TCA_OPTIONS-1]) { int err; if (sch->ops->change == NULL) return -EINVAL; err = sch->ops->change(sch, tca[TCA_OPTIONS-1]); if (err) return err; } #ifdef CONFIG_NET_ESTIMATOR if (tca[TCA_RATE-1]) gen_replace_estimator(&sch->bstats, &sch->rate_est, sch->stats_lock, tca[TCA_RATE-1]); #endif return 0; }",linux-2.6,,,493973965994127738103965309651014971,0 392,CWE-125,"int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) { u16 offset = sizeof(struct ipv6hdr); struct ipv6_opt_hdr *exthdr = (struct ipv6_opt_hdr *)(ipv6_hdr(skb) + 1); unsigned int packet_len = skb_tail_pointer(skb) - skb_network_header(skb); int found_rhdr = 0; *nexthdr = &ipv6_hdr(skb)->nexthdr; while (offset + 1 <= packet_len) { switch (**nexthdr) { case NEXTHDR_HOP: break; case NEXTHDR_ROUTING: found_rhdr = 1; break; case NEXTHDR_DEST: #if IS_ENABLED(CONFIG_IPV6_MIP6) if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0) break; #endif if (found_rhdr) return offset; break; default: return offset; } offset += ipv6_optlen(exthdr); *nexthdr = &exthdr->nexthdr; exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) + offset); } return offset; }",visit repo url,net/ipv6/output_core.c,https://github.com/torvalds/linux,9329494835136,1 5400,CWE-787,"double GetGPMFSampleRateAndTimes(size_t handle, GPMF_stream *gs, double rate, uint32_t index, double *in, double *out) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return 0.0; uint32_t key, insamples; uint32_t repeat, outsamples; GPMF_stream find_stream; if (gs == NULL || mp4->metaoffsets == 0 || mp4->indexcount == 0 || mp4->basemetadataduration == 0 || mp4->meta_clockdemon == 0 || in == NULL || out == NULL) return 0.0; key = GPMF_Key(gs); repeat = GPMF_Repeat(gs); if (rate == 0.0) rate = GetGPMFSampleRate(handle, key, GPMF_SAMPLE_RATE_FAST); if (rate == 0.0) { *in = *out = 0.0; return 0.0; } GPMF_CopyState(gs, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TOTAL_SAMPLES, GPMF_CURRENT_LEVEL)) { outsamples = BYTESWAP32(*(uint32_t *)GPMF_RawData(&find_stream)); insamples = outsamples - repeat; *in = ((double)insamples / (double)rate); *out = ((double)outsamples / (double)rate); } else { *in = ((double)index * (double)mp4->basemetadataduration / (double)mp4->meta_clockdemon); *out = ((double)(index + 1) * (double)mp4->basemetadataduration / (double)mp4->meta_clockdemon); } return rate; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,259952087012547,1 5411,['CWE-476'],"static void kvm_set_time_scale(uint32_t tsc_khz, struct pvclock_vcpu_time_info *hv_clock) { uint64_t nsecs = 1000000000LL; int32_t shift = 0; uint64_t tps64; uint32_t tps32; tps64 = tsc_khz * 1000LL; while (tps64 > nsecs*2) { tps64 >>= 1; shift--; } tps32 = (uint32_t)tps64; while (tps32 <= (uint32_t)nsecs) { tps32 <<= 1; shift++; } hv_clock->tsc_shift = shift; hv_clock->tsc_to_system_mul = div_frac(nsecs, tps32); pr_debug(""%s: tsc_khz %u, tsc_shift %d, tsc_mul %u\n"", __func__, tsc_khz, hv_clock->tsc_shift, hv_clock->tsc_to_system_mul); }",linux-2.6,,,32089450768118990895221635020821599766,0 1630,[],"void aggregate_get_up(struct task_group *tg, struct sched_domain *sd) { aggregate_group_set_shares(tg, sd); }",linux-2.6,,,24254965561467867928759792759020335592,0 1198,CWE-400,"void handle_ld_nf(u32 insn, struct pt_regs *regs) { int rd = ((insn >> 25) & 0x1f); int from_kernel = (regs->tstate & TSTATE_PRIV) != 0; unsigned long *reg; perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); maybe_flush_windows(0, 0, rd, from_kernel); reg = fetch_reg_addr(rd, regs); if (from_kernel || rd < 16) { reg[0] = 0; if ((insn & 0x780000) == 0x180000) reg[1] = 0; } else if (test_thread_flag(TIF_32BIT)) { put_user(0, (int __user *) reg); if ((insn & 0x780000) == 0x180000) put_user(0, ((int __user *) reg) + 1); } else { put_user(0, (unsigned long __user *) reg); if ((insn & 0x780000) == 0x180000) put_user(0, (unsigned long __user *) reg + 1); } advance(regs); }",visit repo url,arch/sparc/kernel/unaligned_64.c,https://github.com/torvalds/linux,191286296288965,1 671,[],"int jpc_getdata(jas_stream_t *in, jas_stream_t *out, long len) { return jas_stream_copy(out, in, len); }",jasper,,,321357880961676183876575390992538974381,0 549,[],"static int bad_file_fsync(struct file *file, struct dentry *dentry, int datasync) { return -EIO; }",linux-2.6,,,31953404454453220773533967659015805567,0 6248,CWE-190,"static void pp_mil_k12(fp12_t r, ep2_t *t, ep2_t *q, ep_t *p, int m, bn_t a) { fp12_t l; ep_t *_p = RLC_ALLOCA(ep_t, m); ep2_t *_q = RLC_ALLOCA(ep2_t, m); int i, j, len = bn_bits(a) + 1; int8_t s[RLC_FP_BITS + 1]; if (m == 0) { return; } fp12_null(l); RLC_TRY { fp12_new(l); if (_p == NULL || _q == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (j = 0; j < m; j++) { ep_null(_p[j]); ep2_null(_q[j]); ep_new(_p[j]); ep2_new(_q[j]); ep2_copy(t[j], q[j]); ep2_neg(_q[j], q[j]); #if EP_ADD == BASIC ep_neg(_p[j], p[j]); #else fp_add(_p[j]->x, p[j]->x, p[j]->x); fp_add(_p[j]->x, _p[j]->x, p[j]->x); fp_neg(_p[j]->y, p[j]->y); #endif } fp12_zero(l); bn_rec_naf(s, &len, a, 2); pp_dbl_k12(r, t[0], t[0], _p[0]); for (j = 1; j < m; j++) { pp_dbl_k12(l, t[j], t[j], _p[j]); fp12_mul_dxs(r, r, l); } if (s[len - 2] > 0) { for (j = 0; j < m; j++) { pp_add_k12(l, t[j], q[j], p[j]); fp12_mul_dxs(r, r, l); } } if (s[len - 2] < 0) { for (j = 0; j < m; j++) { pp_add_k12(l, t[j], _q[j], p[j]); fp12_mul_dxs(r, r, l); } } for (i = len - 3; i >= 0; i--) { fp12_sqr(r, r); for (j = 0; j < m; j++) { pp_dbl_k12(l, t[j], t[j], _p[j]); fp12_mul_dxs(r, r, l); if (s[i] > 0) { pp_add_k12(l, t[j], q[j], p[j]); fp12_mul_dxs(r, r, l); } if (s[i] < 0) { pp_add_k12(l, t[j], _q[j], p[j]); fp12_mul_dxs(r, r, l); } } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp12_free(l); for (j = 0; j < m; j++) { ep_free(_p[j]); ep2_free(_q[j]); } RLC_FREE(_p); RLC_FREE(_q); } }",visit repo url,src/pp/relic_pp_map_k12.c,https://github.com/relic-toolkit/relic,221143681295193,1 5890,CWE-122,"static pj_status_t decode_errcode_attr(pj_pool_t *pool, const pj_uint8_t *buf, const pj_stun_msg_hdr *msghdr, void **p_attr) { pj_stun_errcode_attr *attr; pj_str_t value; PJ_UNUSED_ARG(msghdr); attr = PJ_POOL_ZALLOC_T(pool, pj_stun_errcode_attr); GETATTRHDR(buf, &attr->hdr); attr->err_code = buf[6] * 100 + buf[7]; value.ptr = ((char*)buf + ATTR_HDR_LEN + 4); value.slen = attr->hdr.length - 4; if (value.slen < 0) value.slen = 0; pj_strdup(pool, &attr->reason, &value); *p_attr = attr; return PJ_SUCCESS; }",visit repo url,pjnath/src/pjnath/stun_msg.c,https://github.com/pjsip/pjproject,59211946842355,1 2497,CWE-190,"static size_t optsize (lua_State *L, char opt, const char **fmt) { switch (opt) { case 'B': case 'b': return sizeof(char); case 'H': case 'h': return sizeof(short); case 'L': case 'l': return sizeof(long); case 'T': return sizeof(size_t); case 'f': return sizeof(float); case 'd': return sizeof(double); case 'x': return 1; case 'c': return getnum(fmt, 1); case 'i': case 'I': { int sz = getnum(fmt, sizeof(int)); if (sz > MAXINTSIZE) luaL_error(L, ""integral size %d is larger than limit of %d"", sz, MAXINTSIZE); return sz; } default: return 0; } }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,264163654290582,1 4654,['CWE-399'],"static inline int all_zeroes(__le32 *p, __le32 *q) { while (p < q) if (*p++) return 0; return 1; }",linux-2.6,,,262337393637073875063025258315510871426,0 2145,CWE-476,"static struct btrfs_device *btrfs_find_device_by_path( struct btrfs_fs_info *fs_info, const char *device_path) { int ret = 0; struct btrfs_super_block *disk_super; u64 devid; u8 *dev_uuid; struct block_device *bdev; struct buffer_head *bh; struct btrfs_device *device; ret = btrfs_get_bdev_and_sb(device_path, FMODE_READ, fs_info->bdev_holder, 0, &bdev, &bh); if (ret) return ERR_PTR(ret); disk_super = (struct btrfs_super_block *)bh->b_data; devid = btrfs_stack_device_id(&disk_super->dev_item); dev_uuid = disk_super->dev_item.uuid; if (btrfs_fs_incompat(fs_info, METADATA_UUID)) device = btrfs_find_device(fs_info->fs_devices, devid, dev_uuid, disk_super->metadata_uuid); else device = btrfs_find_device(fs_info->fs_devices, devid, dev_uuid, disk_super->fsid); brelse(bh); if (!device) device = ERR_PTR(-ENOENT); blkdev_put(bdev, FMODE_READ); return device; }",visit repo url,fs/btrfs/volumes.c,https://github.com/torvalds/linux,157853113222051,1 2735,CWE-190,"void gdImageFill(gdImagePtr im, int x, int y, int nc) { int l, x1, x2, dy; int oc; int wx2,wy2; int alphablending_bak; struct seg *stack = NULL; struct seg *sp; if (!im->trueColor && nc > (im->colorsTotal -1)) { return; } alphablending_bak = im->alphaBlendingFlag; im->alphaBlendingFlag = 0; if (nc==gdTiled){ _gdImageFillTiled(im,x,y,nc); im->alphaBlendingFlag = alphablending_bak; return; } wx2=im->sx;wy2=im->sy; oc = gdImageGetPixel(im, x, y); if (oc==nc || x<0 || x>wx2 || y<0 || y>wy2) { im->alphaBlendingFlag = alphablending_bak; return; } if (im->sx < 4) { int ix = x, iy = y, c; do { do { c = gdImageGetPixel(im, ix, iy); if (c != oc) { goto done; } gdImageSetPixel(im, ix, iy, nc); } while(ix++ < (im->sx -1)); ix = x; } while(iy++ < (im->sy -1)); goto done; } stack = (struct seg *)safe_emalloc(sizeof(struct seg), ((int)(im->sy*im->sx)/4), 1); sp = stack; FILL_PUSH(y,x,x,1); FILL_PUSH(y+1, x, x, -1); while (sp>stack) { FILL_POP(y, x1, x2, dy); for (x=x1; x>=0 && gdImageGetPixel(im,x, y)==oc; x--) { gdImageSetPixel(im,x, y, nc); } if (x>=x1) { goto skip; } l = x+1; if (lx2+1) { FILL_PUSH(y, x2+1, x-1, -dy); } skip: for (x++; x<=x2 && (gdImageGetPixel(im, x, y)!=oc); x++); l = x; } while (x<=x2); } efree(stack); done: im->alphaBlendingFlag = alphablending_bak; }",visit repo url,ext/gd/libgd/gd.c,https://github.com/php/php-src,207096292050076,1 905,['CWE-200'],"static int shmem_writepage(struct page *page, struct writeback_control *wbc) { struct shmem_inode_info *info; swp_entry_t *entry, swap; struct address_space *mapping; unsigned long index; struct inode *inode; BUG_ON(!PageLocked(page)); if (!wbc->for_reclaim) { set_page_dirty(page); unlock_page(page); return 0; } BUG_ON(page_mapped(page)); mapping = page->mapping; index = page->index; inode = mapping->host; info = SHMEM_I(inode); if (info->flags & VM_LOCKED) goto redirty; swap = get_swap_page(); if (!swap.val) goto redirty; spin_lock(&info->lock); shmem_recalc_inode(inode); if (index >= info->next_index) { BUG_ON(!(info->flags & SHMEM_TRUNCATE)); goto unlock; } entry = shmem_swp_entry(info, index, NULL); BUG_ON(!entry); BUG_ON(entry->val); if (move_to_swap_cache(page, swap) == 0) { shmem_swp_set(info, entry, swap.val); shmem_swp_unmap(entry); spin_unlock(&info->lock); if (list_empty(&info->swaplist)) { spin_lock(&shmem_swaplist_lock); list_move_tail(&info->swaplist, &shmem_swaplist); spin_unlock(&shmem_swaplist_lock); } unlock_page(page); return 0; } shmem_swp_unmap(entry); unlock: spin_unlock(&info->lock); swap_free(swap); redirty: set_page_dirty(page); return AOP_WRITEPAGE_ACTIVATE; }",linux-2.6,,,168306334633102536104168774484279644677,0 4721,['CWE-20'],"void ext4_used_dirs_set(struct super_block *sb, struct ext4_group_desc *bg, __u32 count) { bg->bg_used_dirs_count_lo = cpu_to_le16((__u16)count); if (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT) bg->bg_used_dirs_count_hi = cpu_to_le16(count >> 16); }",linux-2.6,,,172832132522210930904104712837068421073,0 5121,['CWE-20'],"static void vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer) { struct vcpu_vmx *vmx = to_vmx(vcpu); struct kvm_msr_entry *msr = find_msr_entry(vmx, MSR_EFER); vcpu->arch.shadow_efer = efer; if (!msr) return; if (efer & EFER_LMA) { vmcs_write32(VM_ENTRY_CONTROLS, vmcs_read32(VM_ENTRY_CONTROLS) | VM_ENTRY_IA32E_MODE); msr->data = efer; } else { vmcs_write32(VM_ENTRY_CONTROLS, vmcs_read32(VM_ENTRY_CONTROLS) & ~VM_ENTRY_IA32E_MODE); msr->data = efer & ~EFER_LME; } setup_msrs(vmx); }",linux-2.6,,,223481348165664994490747289990546525161,0 5936,CWE-120,"static Jsi_RC NumberToFixedCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { char buf[100]; int prec = 0, skip = 0; Jsi_Number num; Jsi_Value *v; ChkStringN(_this, funcPtr, v); Jsi_Value *pa = Jsi_ValueArrayIndex(interp, args, skip); if (pa && Jsi_GetIntFromValue(interp, pa, &prec) != JSI_OK) return JSI_ERROR; if (prec<0) prec = 0; Jsi_GetDoubleFromValue(interp, v, &num); snprintf(buf, sizeof(buf), ""%.*"" JSI_NUMFFMT, prec, num); Jsi_ValueMakeStringDup(interp, ret, buf); return JSI_OK; }",visit repo url,src/jsiNumber.c,https://github.com/pcmacdon/jsish,54691797449142,1 1222,[],"dumpdef_cmp (const void *s1, const void *s2) { return strcmp (SYMBOL_NAME (* (symbol *const *) s1), SYMBOL_NAME (* (symbol *const *) s2)); }",m4,,,30691015806076464004577926840445457123,0 3726,CWE-284,"_prolog_error(batch_job_launch_msg_t *req, int rc) { char *err_name_ptr, err_name[256], path_name[MAXPATHLEN]; char *fmt_char; int fd; if (req->std_err || req->std_out) { if (req->std_err) strncpy(err_name, req->std_err, sizeof(err_name)); else strncpy(err_name, req->std_out, sizeof(err_name)); if ((fmt_char = strchr(err_name, (int) '%')) && (fmt_char[1] == 'j') && !strchr(fmt_char+1, (int) '%')) { char tmp_name[256]; fmt_char[1] = 'u'; snprintf(tmp_name, sizeof(tmp_name), err_name, req->job_id); strncpy(err_name, tmp_name, sizeof(err_name)); } } else { snprintf(err_name, sizeof(err_name), ""slurm-%u.out"", req->job_id); } err_name_ptr = err_name; if (err_name_ptr[0] == '/') snprintf(path_name, MAXPATHLEN, ""%s"", err_name_ptr); else if (req->work_dir) snprintf(path_name, MAXPATHLEN, ""%s/%s"", req->work_dir, err_name_ptr); else snprintf(path_name, MAXPATHLEN, ""/%s"", err_name_ptr); if ((fd = open(path_name, (O_CREAT|O_APPEND|O_WRONLY), 0644)) == -1) { error(""Unable to open %s: %s"", path_name, slurm_strerror(errno)); return; } snprintf(err_name, sizeof(err_name), ""Error running slurm prolog: %d\n"", WEXITSTATUS(rc)); safe_write(fd, err_name, strlen(err_name)); if (fchown(fd, (uid_t) req->uid, (gid_t) req->gid) == -1) { snprintf(err_name, sizeof(err_name), ""Couldn't change fd owner to %u:%u: %m\n"", req->uid, req->gid); } rwfail: close(fd); }",visit repo url,src/slurmd/slurmd/req.c,https://github.com/SchedMD/slurm,106074355070044,1 2742,CWE-74,"PS_SERIALIZER_DECODE_FUNC(php) { const char *p, *q; char *name; const char *endptr = val + vallen; zval *current; int namelen; int has_value; php_unserialize_data_t var_hash; PHP_VAR_UNSERIALIZE_INIT(var_hash); p = val; while (p < endptr) { zval **tmp; q = p; while (*q != PS_DELIMITER) { if (++q >= endptr) goto break_outer_loop; } if (p[0] == PS_UNDEF_MARKER) { p++; has_value = 0; } else { has_value = 1; } namelen = q - p; name = estrndup(p, namelen); q++; if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) { if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) { goto skip; } } if (has_value) { ALLOC_INIT_ZVAL(current); if (php_var_unserialize(¤t, (const unsigned char **) &q, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) { php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC); } else { var_push_dtor_no_addref(&var_hash, ¤t); efree(name); PHP_VAR_UNSERIALIZE_DESTROY(var_hash); return FAILURE; } var_push_dtor_no_addref(&var_hash, ¤t); } PS_ADD_VARL(name, namelen); skip: efree(name); p = q; } break_outer_loop: PHP_VAR_UNSERIALIZE_DESTROY(var_hash); return SUCCESS; }",visit repo url,ext/session/session.c,https://github.com/php/php-src,153436493732935,1 2880,['CWE-189'],"static jpc_fix_t jpc_calcabsstepsize(int stepsize, int numbits) { jpc_fix_t absstepsize; int n; absstepsize = jpc_inttofix(1); n = JPC_FIX_FRACBITS - 11; absstepsize |= (n >= 0) ? (JPC_QCX_GETMANT(stepsize) << n) : (JPC_QCX_GETMANT(stepsize) >> (-n)); n = numbits - JPC_QCX_GETEXPN(stepsize); absstepsize = (n >= 0) ? (absstepsize << n) : (absstepsize >> (-n)); return absstepsize; }",jasper,,,117482496567951520198617149495254219562,0 3810,CWE-125,"delete_buff_tail(buffheader_T *buf, int slen) { int len = (int)STRLEN(buf->bh_curr->b_str); if (len >= slen) { buf->bh_curr->b_str[len - slen] = NUL; buf->bh_space += slen; } }",visit repo url,src/getchar.c,https://github.com/vim/vim,38555207555004,1 2925,['CWE-189'],"static bmp_info_t *bmp_getinfo(jas_stream_t *in) { bmp_info_t *info; int i; bmp_palent_t *palent; if (!(info = bmp_info_create())) { return 0; } if (bmp_getint32(in, &info->len) || info->len != 40 || bmp_getint32(in, &info->width) || bmp_getint32(in, &info->height) || bmp_getint16(in, &info->numplanes) || bmp_getint16(in, &info->depth) || bmp_getint32(in, &info->enctype) || bmp_getint32(in, &info->siz) || bmp_getint32(in, &info->hres) || bmp_getint32(in, &info->vres) || bmp_getint32(in, &info->numcolors) || bmp_getint32(in, &info->mincolors)) { bmp_info_destroy(info); return 0; } if (info->height < 0) { info->topdown = 1; info->height = -info->height; } else { info->topdown = 0; } if (info->width <= 0 || info->height <= 0 || info->numplanes <= 0 || info->depth <= 0 || info->numcolors < 0 || info->mincolors < 0) { bmp_info_destroy(info); return 0; } if (info->enctype != BMP_ENC_RGB) { jas_eprintf(""unsupported BMP encoding\n""); bmp_info_destroy(info); return 0; } if (info->numcolors > 0) { if (!(info->palents = jas_alloc2(info->numcolors, sizeof(bmp_palent_t)))) { bmp_info_destroy(info); return 0; } } else { info->palents = 0; } for (i = 0; i < info->numcolors; ++i) { palent = &info->palents[i]; if ((palent->blu = jas_stream_getc(in)) == EOF || (palent->grn = jas_stream_getc(in)) == EOF || (palent->red = jas_stream_getc(in)) == EOF || (palent->res = jas_stream_getc(in)) == EOF) { bmp_info_destroy(info); return 0; } } return info; }",jasper,,,236489827692948445940201647795400187425,0 2848,CWE-787,"horizontalDifferenceF(float *ip, int n, int stride, uint16 *wp, uint16 *FromLT2) { int32 r1, g1, b1, a1, r2, g2, b2, a2, mask; float fltsize = Fltsize; #define CLAMP(v) ( (v<(float)0.) ? 0 \ : (v<(float)2.) ? FromLT2[(int)(v*fltsize)] \ : (v>(float)24.2) ? 2047 \ : LogK1*log(v*LogK2) + 0.5 ) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); a2 = wp[3] = (uint16) CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = (int32) CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,249185675440749,1 4725,CWE-120,"static char *rfc2047_decode_word(const char *s, size_t len, enum ContentEncoding enc) { const char *it = s; const char *end = s + len; if (enc == ENCQUOTEDPRINTABLE) { struct Buffer buf = { 0 }; for (; it < end; ++it) { if (*it == '_') { mutt_buffer_addch(&buf, ' '); } else if ((*it == '=') && (!(it[1] & ~127) && hexval(it[1]) != -1) && (!(it[2] & ~127) && hexval(it[2]) != -1)) { mutt_buffer_addch(&buf, (hexval(it[1]) << 4) | hexval(it[2])); it += 2; } else { mutt_buffer_addch(&buf, *it); } } mutt_buffer_addch(&buf, '\0'); return buf.data; } else if (enc == ENCBASE64) { char *out = mutt_mem_malloc(3 * len / 4 + 1); int dlen = mutt_b64_decode(out, it); if (dlen == -1) { FREE(&out); return NULL; } out[dlen] = '\0'; return out; } assert(0); return NULL; }",visit repo url,mutt/rfc2047.c,https://github.com/neomutt/neomutt,113175913524851,1 4436,['CWE-264'],"int sock_no_connect(struct socket *sock, struct sockaddr *saddr, int len, int flags) { return -EOPNOTSUPP; }",linux-2.6,,,220314986298171973912148335465803811754,0 340,CWE-119,"static int su3000_i2c_transfer(struct i2c_adapter *adap, struct i2c_msg msg[], int num) { struct dvb_usb_device *d = i2c_get_adapdata(adap); u8 obuf[0x40], ibuf[0x40]; if (!d) return -ENODEV; if (mutex_lock_interruptible(&d->i2c_mutex) < 0) return -EAGAIN; switch (num) { case 1: switch (msg[0].addr) { case SU3000_STREAM_CTRL: obuf[0] = msg[0].buf[0] + 0x36; obuf[1] = 3; obuf[2] = 0; if (dvb_usb_generic_rw(d, obuf, 3, ibuf, 0, 0) < 0) err(""i2c transfer failed.""); break; case DW2102_RC_QUERY: obuf[0] = 0x10; if (dvb_usb_generic_rw(d, obuf, 1, ibuf, 2, 0) < 0) err(""i2c transfer failed.""); msg[0].buf[1] = ibuf[0]; msg[0].buf[0] = ibuf[1]; break; default: obuf[0] = 0x08; obuf[1] = msg[0].addr; obuf[2] = msg[0].len; memcpy(&obuf[3], msg[0].buf, msg[0].len); if (dvb_usb_generic_rw(d, obuf, msg[0].len + 3, ibuf, 1, 0) < 0) err(""i2c transfer failed.""); } break; case 2: obuf[0] = 0x09; obuf[1] = msg[0].len; obuf[2] = msg[1].len; obuf[3] = msg[0].addr; memcpy(&obuf[4], msg[0].buf, msg[0].len); if (dvb_usb_generic_rw(d, obuf, msg[0].len + 4, ibuf, msg[1].len + 1, 0) < 0) err(""i2c transfer failed.""); memcpy(msg[1].buf, &ibuf[1], msg[1].len); break; default: warn(""more than 2 i2c messages at a time is not handled yet.""); break; } mutex_unlock(&d->i2c_mutex); return num; }",visit repo url,drivers/media/usb/dvb-usb/dw2102.c,https://github.com/torvalds/linux,20885088465982,1 2331,CWE-120,"void gtkui_icmp_redir(void) { GtkWidget *dialog, *table, *hbox, *image, *label, *entry1, *entry2, *frame; gint response = 0; DEBUG_MSG(""gtk_icmp_redir""); dialog = gtk_dialog_new_with_buttons(""MITM Attack: ICMP Redirect"", GTK_WINDOW (window), GTK_DIALOG_MODAL, GTK_STOCK_OK, GTK_RESPONSE_OK, GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL); gtk_container_set_border_width(GTK_CONTAINER (dialog), 5); gtk_dialog_set_has_separator(GTK_DIALOG (dialog), FALSE); hbox = gtk_hbox_new (FALSE, 5); gtk_box_pack_start (GTK_BOX (GTK_DIALOG (dialog)->vbox), hbox, FALSE, FALSE, 0); gtk_widget_show(hbox); image = gtk_image_new_from_stock (GTK_STOCK_DIALOG_QUESTION, GTK_ICON_SIZE_DIALOG); gtk_misc_set_alignment (GTK_MISC (image), 0.5, 0.1); gtk_box_pack_start (GTK_BOX (hbox), image, FALSE, FALSE, 5); gtk_widget_show(image); frame = gtk_frame_new(""Gateway Information""); gtk_container_set_border_width(GTK_CONTAINER (frame), 5); gtk_box_pack_start (GTK_BOX (hbox), frame, TRUE, TRUE, 0); gtk_widget_show(frame); table = gtk_table_new(2, 2, FALSE); gtk_table_set_row_spacings(GTK_TABLE (table), 5); gtk_table_set_col_spacings(GTK_TABLE (table), 5); gtk_container_set_border_width(GTK_CONTAINER (table), 8); gtk_container_add(GTK_CONTAINER (frame), table); gtk_widget_show(table); label = gtk_label_new(""MAC Address""); gtk_misc_set_alignment(GTK_MISC (label), 0, 0.5); gtk_table_attach(GTK_TABLE (table), label, 0, 1, 0, 1, GTK_FILL, GTK_FILL, 0, 0); gtk_widget_show(label); entry1 = gtk_entry_new(); gtk_entry_set_max_length(GTK_ENTRY (entry1), ETH_ASCII_ADDR_LEN); gtk_table_attach_defaults(GTK_TABLE (table), entry1, 1, 2, 0, 1); gtk_widget_show(entry1); label = gtk_label_new(""IP Address""); gtk_misc_set_alignment(GTK_MISC (label), 0, 0.5); gtk_table_attach(GTK_TABLE (table), label, 0, 1, 1, 2, GTK_FILL, GTK_FILL, 0, 0); gtk_widget_show(label); entry2 = gtk_entry_new(); gtk_entry_set_max_length(GTK_ENTRY (entry2), IP6_ASCII_ADDR_LEN); gtk_table_attach_defaults(GTK_TABLE (table), entry2, 1, 2, 1, 2); gtk_widget_show(entry2); response = gtk_dialog_run(GTK_DIALOG(dialog)); if(response == GTK_RESPONSE_OK) { gtk_widget_hide(dialog); snprintf(params, 6, ""icmp:""); strncat(params, gtk_entry_get_text(GTK_ENTRY(entry1)), PARAMS_LEN); strncat(params, ""/"", PARAMS_LEN); strncat(params, gtk_entry_get_text(GTK_ENTRY(entry2)), PARAMS_LEN); gtkui_start_mitm(); } gtk_widget_destroy(dialog); }",visit repo url,src/interfaces/gtk/ec_gtk_mitm.c,https://github.com/Ettercap/ettercap,107175736094841,1 4695,['CWE-20'],"int ext4_force_commit(struct super_block *sb) { journal_t *journal; int ret = 0; if (sb->s_flags & MS_RDONLY) return 0; journal = EXT4_SB(sb)->s_journal; if (journal) { sb->s_dirt = 0; ret = ext4_journal_force_commit(journal); } return ret; }",linux-2.6,,,134854616287833734991015543648260806608,0 5042,CWE-125,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 1266,[],"m4_define (struct obstack *obs, int argc, token_data **argv) { define_macro (argc, argv, SYMBOL_INSERT); }",m4,,,111580215494698231131423293081759770044,0 2932,CWE-310,"static int hashtable_do_del(hashtable_t *hashtable, const char *key, size_t hash) { pair_t *pair; bucket_t *bucket; size_t index; index = hash % num_buckets(hashtable); bucket = &hashtable->buckets[index]; pair = hashtable_find_pair(hashtable, bucket, key, hash); if(!pair) return -1; if(&pair->list == bucket->first && &pair->list == bucket->last) bucket->first = bucket->last = &hashtable->list; else if(&pair->list == bucket->first) bucket->first = pair->list.next; else if(&pair->list == bucket->last) bucket->last = pair->list.prev; list_remove(&pair->list); json_decref(pair->value); jsonp_free(pair); hashtable->size--; return 0; }",visit repo url,src/hashtable.c,https://github.com/akheron/jansson,89230572764797,1 5836,['CWE-200'],"static int econet_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) { struct ec_framehdr *hdr; struct sock *sk; struct ec_device *edev = dev->ec_ptr; if (!net_eq(dev_net(dev), &init_net)) goto drop; if (skb->pkt_type == PACKET_OTHERHOST) goto drop; if (!edev) goto drop; if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) return NET_RX_DROP; if (!pskb_may_pull(skb, sizeof(struct ec_framehdr))) goto drop; hdr = (struct ec_framehdr *) skb->data; if (hdr->port == EC_PORT_IP) { skb->protocol = htons(ETH_P_IP); skb_pull(skb, sizeof(struct ec_framehdr)); netif_rx(skb); return 0; } sk = ec_listening_socket(hdr->port, hdr->src_stn, hdr->src_net); if (!sk) goto drop; if (ec_queue_packet(sk, skb, edev->net, hdr->src_stn, hdr->cb, hdr->port)) goto drop; return 0; drop: kfree_skb(skb); return NET_RX_DROP; }",linux-2.6,,,109467475804006764093663910217079604852,0 2812,CWE-119,"BOOL update_recv(rdpUpdate* update, wStream* s) { BOOL rc = FALSE; UINT16 updateType; rdpContext* context = update->context; if (Stream_GetRemainingLength(s) < 2) { WLog_ERR(TAG, ""Stream_GetRemainingLength(s) < 2""); return FALSE; } Stream_Read_UINT16(s, updateType); WLog_Print(update->log, WLOG_TRACE, ""%s Update Data PDU"", UPDATE_TYPE_STRINGS[updateType]); if (!update_begin_paint(update)) goto fail; switch (updateType) { case UPDATE_TYPE_ORDERS: rc = update_recv_orders(update, s); break; case UPDATE_TYPE_BITMAP: { BITMAP_UPDATE* bitmap_update = update_read_bitmap_update(update, s); if (!bitmap_update) { WLog_ERR(TAG, ""UPDATE_TYPE_BITMAP - update_read_bitmap_update() failed""); goto fail; } rc = IFCALLRESULT(FALSE, update->BitmapUpdate, context, bitmap_update); free_bitmap_update(update->context, bitmap_update); } break; case UPDATE_TYPE_PALETTE: { PALETTE_UPDATE* palette_update = update_read_palette(update, s); if (!palette_update) { WLog_ERR(TAG, ""UPDATE_TYPE_PALETTE - update_read_palette() failed""); goto fail; } rc = IFCALLRESULT(FALSE, update->Palette, context, palette_update); free_palette_update(context, palette_update); } break; case UPDATE_TYPE_SYNCHRONIZE: update_read_synchronize(update, s); rc = IFCALLRESULT(TRUE, update->Synchronize, context); break; default: break; } fail: if (!update_end_paint(update)) rc = FALSE; if (!rc) { WLog_ERR(TAG, ""UPDATE_TYPE %s [%"" PRIu16 ""] failed"", update_type_to_string(updateType), updateType); return FALSE; } return TRUE; }",visit repo url,libfreerdp/core/update.c,https://github.com/FreeRDP/FreeRDP,78203881055459,1 2215,NVD-CWE-noinfo,"static int _nfs4_do_open(struct inode *dir, struct path *path, int flags, struct iattr *sattr, struct rpc_cred *cred, struct nfs4_state **res) { struct nfs4_state_owner *sp; struct nfs4_state *state = NULL; struct nfs_server *server = NFS_SERVER(dir); struct nfs4_opendata *opendata; int status; status = -ENOMEM; if (!(sp = nfs4_get_state_owner(server, cred))) { dprintk(""nfs4_do_open: nfs4_get_state_owner failed!\n""); goto out_err; } status = nfs4_recover_expired_lease(server); if (status != 0) goto err_put_state_owner; if (path->dentry->d_inode != NULL) nfs4_return_incompatible_delegation(path->dentry->d_inode, flags & (FMODE_READ|FMODE_WRITE)); status = -ENOMEM; opendata = nfs4_opendata_alloc(path, sp, flags, sattr); if (opendata == NULL) goto err_put_state_owner; if (path->dentry->d_inode != NULL) opendata->state = nfs4_get_open_state(path->dentry->d_inode, sp); status = _nfs4_proc_open(opendata); if (status != 0) goto err_opendata_put; if (opendata->o_arg.open_flags & O_EXCL) nfs4_exclusive_attrset(opendata, sattr); state = nfs4_opendata_to_nfs4_state(opendata); status = PTR_ERR(state); if (IS_ERR(state)) goto err_opendata_put; nfs4_opendata_put(opendata); nfs4_put_state_owner(sp); *res = state; return 0; err_opendata_put: nfs4_opendata_put(opendata); err_put_state_owner: nfs4_put_state_owner(sp); out_err: *res = NULL; return status; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,16995849880769,1 974,CWE-416,"int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol, bool add_on_replace) { struct snd_ctl_elem_id id; unsigned int idx; struct snd_kcontrol *old; int ret; if (!kcontrol) return -EINVAL; if (snd_BUG_ON(!card || !kcontrol->info)) { ret = -EINVAL; goto error; } id = kcontrol->id; down_write(&card->controls_rwsem); old = snd_ctl_find_id(card, &id); if (!old) { if (add_on_replace) goto add; up_write(&card->controls_rwsem); ret = -EINVAL; goto error; } ret = snd_ctl_remove(card, old); if (ret < 0) { up_write(&card->controls_rwsem); goto error; } add: if (snd_ctl_find_hole(card, kcontrol->count) < 0) { up_write(&card->controls_rwsem); ret = -ENOMEM; goto error; } list_add_tail(&kcontrol->list, &card->controls); card->controls_count += kcontrol->count; kcontrol->id.numid = card->last_numid + 1; card->last_numid += kcontrol->count; up_write(&card->controls_rwsem); for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++) snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); return 0; error: snd_ctl_free_one(kcontrol); return ret; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,140833099750827,1 2144,CWE-476,"int btrfs_scrub_dev(struct btrfs_fs_info *fs_info, u64 devid, u64 start, u64 end, struct btrfs_scrub_progress *progress, int readonly, int is_dev_replace) { struct scrub_ctx *sctx; int ret; struct btrfs_device *dev; unsigned int nofs_flag; if (btrfs_fs_closing(fs_info)) return -EINVAL; if (fs_info->nodesize > BTRFS_STRIPE_LEN) { btrfs_err(fs_info, ""scrub: size assumption nodesize <= BTRFS_STRIPE_LEN (%d <= %d) fails"", fs_info->nodesize, BTRFS_STRIPE_LEN); return -EINVAL; } if (fs_info->sectorsize != PAGE_SIZE) { btrfs_err_rl(fs_info, ""scrub: size assumption sectorsize != PAGE_SIZE (%d != %lu) fails"", fs_info->sectorsize, PAGE_SIZE); return -EINVAL; } if (fs_info->nodesize > PAGE_SIZE * SCRUB_MAX_PAGES_PER_BLOCK || fs_info->sectorsize > PAGE_SIZE * SCRUB_MAX_PAGES_PER_BLOCK) { btrfs_err(fs_info, ""scrub: size assumption nodesize and sectorsize <= SCRUB_MAX_PAGES_PER_BLOCK (%d <= %d && %d <= %d) fails"", fs_info->nodesize, SCRUB_MAX_PAGES_PER_BLOCK, fs_info->sectorsize, SCRUB_MAX_PAGES_PER_BLOCK); return -EINVAL; } sctx = scrub_setup_ctx(fs_info, is_dev_replace); if (IS_ERR(sctx)) return PTR_ERR(sctx); mutex_lock(&fs_info->fs_devices->device_list_mutex); dev = btrfs_find_device(fs_info->fs_devices, devid, NULL, NULL); if (!dev || (test_bit(BTRFS_DEV_STATE_MISSING, &dev->dev_state) && !is_dev_replace)) { mutex_unlock(&fs_info->fs_devices->device_list_mutex); ret = -ENODEV; goto out_free_ctx; } if (!is_dev_replace && !readonly && !test_bit(BTRFS_DEV_STATE_WRITEABLE, &dev->dev_state)) { mutex_unlock(&fs_info->fs_devices->device_list_mutex); btrfs_err_in_rcu(fs_info, ""scrub: device %s is not writable"", rcu_str_deref(dev->name)); ret = -EROFS; goto out_free_ctx; } mutex_lock(&fs_info->scrub_lock); if (!test_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &dev->dev_state) || test_bit(BTRFS_DEV_STATE_REPLACE_TGT, &dev->dev_state)) { mutex_unlock(&fs_info->scrub_lock); mutex_unlock(&fs_info->fs_devices->device_list_mutex); ret = -EIO; goto out_free_ctx; } down_read(&fs_info->dev_replace.rwsem); if (dev->scrub_ctx || (!is_dev_replace && btrfs_dev_replace_is_ongoing(&fs_info->dev_replace))) { up_read(&fs_info->dev_replace.rwsem); mutex_unlock(&fs_info->scrub_lock); mutex_unlock(&fs_info->fs_devices->device_list_mutex); ret = -EINPROGRESS; goto out_free_ctx; } up_read(&fs_info->dev_replace.rwsem); ret = scrub_workers_get(fs_info, is_dev_replace); if (ret) { mutex_unlock(&fs_info->scrub_lock); mutex_unlock(&fs_info->fs_devices->device_list_mutex); goto out_free_ctx; } sctx->readonly = readonly; dev->scrub_ctx = sctx; mutex_unlock(&fs_info->fs_devices->device_list_mutex); __scrub_blocked_if_needed(fs_info); atomic_inc(&fs_info->scrubs_running); mutex_unlock(&fs_info->scrub_lock); nofs_flag = memalloc_nofs_save(); if (!is_dev_replace) { mutex_lock(&fs_info->fs_devices->device_list_mutex); ret = scrub_supers(sctx, dev); mutex_unlock(&fs_info->fs_devices->device_list_mutex); } if (!ret) ret = scrub_enumerate_chunks(sctx, dev, start, end); memalloc_nofs_restore(nofs_flag); wait_event(sctx->list_wait, atomic_read(&sctx->bios_in_flight) == 0); atomic_dec(&fs_info->scrubs_running); wake_up(&fs_info->scrub_pause_wait); wait_event(sctx->list_wait, atomic_read(&sctx->workers_pending) == 0); if (progress) memcpy(progress, &sctx->stat, sizeof(*progress)); mutex_lock(&fs_info->scrub_lock); dev->scrub_ctx = NULL; scrub_workers_put(fs_info); mutex_unlock(&fs_info->scrub_lock); scrub_put_ctx(sctx); return ret; out_free_ctx: scrub_free_ctx(sctx); return ret; }",visit repo url,fs/btrfs/scrub.c,https://github.com/torvalds/linux,73626341170988,1 3497,CWE-119,"main(int argc, char *argv[]) { int i, c; FILE *ifp = 0, *ofp = 0; const char *ifp_filename = """"; const char *ofp_filename = """"; const char *set_font_name = 0; struct font_reader fr; uint32_t rfork_len; int raw = 0, macbinary = 1, applesingle = 0, appledouble = 0, binhex = 0; Clp_Parser *clp = Clp_NewParser(argc, (const char * const *)argv, sizeof(options) / sizeof(options[0]), options); program_name = Clp_ProgramName(clp); while (1) { int opt = Clp_Next(clp); switch (opt) { case RAW_OPT: raw = 1; macbinary = applesingle = appledouble = binhex = 0; break; case MACBINARY_OPT: macbinary = 1; raw = applesingle = appledouble = binhex = 0; break; case APPLESINGLE_OPT: applesingle = 1; raw = macbinary = appledouble = binhex = 0; break; case APPLEDOUBLE_OPT: appledouble = 1; raw = macbinary = applesingle = binhex = 0; break; case BINHEX_OPT: binhex = 1; raw = macbinary = applesingle = appledouble = 0; break; output_file: case OUTPUT_OPT: if (ofp) fatal_error(""output file already specified""); if (strcmp(clp->vstr, ""-"") == 0) ofp = stdout; else { ofp_filename = clp->vstr; ofp = fopen(ofp_filename, ""wb""); if (!ofp) fatal_error(""%s: %s"", ofp_filename, strerror(errno)); } break; case FILENAME_OPT: if (set_font_name) fatal_error(""Macintosh font filename already specified""); set_font_name = clp->vstr; break; case HELP_OPT: usage(); exit(0); break; case VERSION_OPT: printf(""t1mac (LCDF t1utils) %s\n"", VERSION); printf(""Copyright (C) 2000-2010 Eddie Kohler et al.\n\ This is free software; see the source for copying conditions.\n\ There is NO warranty, not even for merchantability or fitness for a\n\ particular purpose.\n""); exit(0); break; case Clp_NotOption: if (ifp && ofp) fatal_error(""too many arguments""); else if (ifp) goto output_file; if (strcmp(clp->vstr, ""-"") == 0) ifp = stdin; else { ifp_filename = clp->vstr; ifp = fopen(clp->vstr, ""r""); if (!ifp) fatal_error(""%s: %s"", clp->vstr, strerror(errno)); } break; case Clp_Done: goto done; case Clp_BadOption: short_usage(); exit(1); break; } } done: if (!ifp) ifp = stdin; if (!ofp) ofp = stdout; #if defined(_MSDOS) || defined(_WIN32) _setmode(_fileno(ofp), _O_BINARY); #endif fr.output_ascii = t1mac_output_ascii; fr.output_binary = t1mac_output_binary; fr.output_end = t1mac_output_end; rfork_f = tmpfile(); if (!rfork_f) fatal_error(""cannot open temorary file: %s"", strerror(errno)); for (i = 0; i < RFORK_HEADERLEN; i++) putc(0, rfork_f); init_current_post(); c = getc(ifp); ungetc(c, ifp); if (c == PFB_MARKER) process_pfb(ifp, ifp_filename, &fr); else if (c == '%') process_pfa(ifp, ifp_filename, &fr); else fatal_error(""%s does not start with font marker (`%%' or 0x80)"", ifp_filename); if (ifp != stdin) fclose(ifp); if (nrsrc == 0) error(""no POST resources written -- are you sure this was a font?""); output_new_rsrc(""ICN#"", 256, 32, (const char *)icon_bw_data, 256); output_new_rsrc(""FREF"", 256, 32, ""LWFN\0\0\0"", 7); output_new_rsrc(""BNDL"", 256, 32, ""T1UT\0\0\0\1FREF\0\0\0\0\1\0ICN#\0\0\0\0\1\0"", 28); output_new_rsrc(""icl8"", 256, 32, (const char *)icon_8_data, 1024); output_new_rsrc(""icl4"", 256, 32, (const char *)icon_4_data, 512); output_new_rsrc(""ics#"", 256, 32, (const char *)small_icon_bw_data, 64); output_new_rsrc(""ics8"", 256, 32, (const char *)small_icon_8_data, 256); output_new_rsrc(""ics4"", 256, 32, (const char *)small_icon_4_data, 128); output_new_rsrc(""T1UT"", 0, 0, ""DConverted by t1mac (t1utils) \251Eddie Kohler http://www.lcdf.org/type/"", 69); rfork_len = complete_rfork(); if (!set_font_name && font_name) { int part = 0, len = 0; char *x, *s; for (x = s = font_name; *s; s++) if (isupper(*s) || isdigit(*s)) { *x++ = *s; part++; len = 1; } else if (islower(*s)) { if (len < (part <= 1 ? 5 : 3)) *x++ = *s; len++; } *x++ = 0; set_font_name = font_name; } else if (!set_font_name) set_font_name = ""Unknown Font""; if (macbinary) output_macbinary(rfork_f, rfork_len, set_font_name, ofp); else if (raw) output_raw(rfork_f, rfork_len, ofp); else if (applesingle || appledouble) output_applesingle(rfork_f, rfork_len, set_font_name, ofp, appledouble); else if (binhex) output_binhex(rfork_f, rfork_len, set_font_name, ofp); else fatal_error(""strange output format""); fclose(rfork_f); if (ofp != stdout) fclose(ofp); return 0; }",visit repo url,t1mac.c,https://github.com/kohler/t1utils,117517298457130,1 146,[],"static void compat_ioctl_error(struct file *filp, unsigned int fd, unsigned int cmd, unsigned long arg) { char buf[10]; char *fn = ""?""; char *path; path = (char *)__get_free_page(GFP_KERNEL); if (path) { fn = d_path(filp->f_dentry, filp->f_vfsmnt, path, PAGE_SIZE); if (IS_ERR(fn)) fn = ""?""; } sprintf(buf,""'%c'"", (cmd>>24) & 0x3f); if (!isprint(buf[1])) sprintf(buf, ""%02x"", buf[1]); compat_printk(""ioctl32(%s:%d): Unknown cmd fd(%d) "" ""cmd(%08x){%s} arg(%08x) on %s\n"", current->comm, current->pid, (int)fd, (unsigned int)cmd, buf, (unsigned int)arg, fn); if (path) free_page((unsigned long)path); }",linux-2.6,,,185842403495247456655101451878875673103,0 399,CWE-200,"static ssize_t snd_timer_user_read(struct file *file, char __user *buffer, size_t count, loff_t *offset) { struct snd_timer_user *tu; long result = 0, unit; int qhead; int err = 0; tu = file->private_data; unit = tu->tread ? sizeof(struct snd_timer_tread) : sizeof(struct snd_timer_read); spin_lock_irq(&tu->qlock); while ((long)count - result >= unit) { while (!tu->qused) { wait_queue_t wait; if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) { err = -EAGAIN; goto _error; } set_current_state(TASK_INTERRUPTIBLE); init_waitqueue_entry(&wait, current); add_wait_queue(&tu->qchange_sleep, &wait); spin_unlock_irq(&tu->qlock); schedule(); spin_lock_irq(&tu->qlock); remove_wait_queue(&tu->qchange_sleep, &wait); if (tu->disconnected) { err = -ENODEV; goto _error; } if (signal_pending(current)) { err = -ERESTARTSYS; goto _error; } } qhead = tu->qhead++; tu->qhead %= tu->queue_size; tu->qused--; spin_unlock_irq(&tu->qlock); mutex_lock(&tu->ioctl_lock); if (tu->tread) { if (copy_to_user(buffer, &tu->tqueue[qhead], sizeof(struct snd_timer_tread))) err = -EFAULT; } else { if (copy_to_user(buffer, &tu->queue[qhead], sizeof(struct snd_timer_read))) err = -EFAULT; } mutex_unlock(&tu->ioctl_lock); spin_lock_irq(&tu->qlock); if (err < 0) goto _error; result += unit; buffer += unit; } _error: spin_unlock_irq(&tu->qlock); return result > 0 ? result : err; }",visit repo url,sound/core/timer.c,https://github.com/torvalds/linux,203745794154700,1 1013,CWE-399,"static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end, void *obuf, size_t olen) { struct ceph_x_encrypt_header head; size_t head_len = sizeof(head); int len, ret; len = ceph_decode_32(p); if (*p + len > end) return -EINVAL; dout(""ceph_x_decrypt len %d\n"", len); ret = ceph_decrypt2(secret, &head, &head_len, obuf, &olen, *p, len); if (ret) return ret; if (head.struct_v != 1 || le64_to_cpu(head.magic) != CEPHX_ENC_MAGIC) return -EPERM; *p += len; return olen; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,236481976604243,1 4627,['CWE-399'],"static inline __le32 ext4_encode_extra_time(struct timespec *time) { return cpu_to_le32((sizeof(time->tv_sec) > 4 ? time->tv_sec >> 32 : 0) | ((time->tv_nsec << 2) & EXT4_NSEC_MASK));",linux-2.6,,,251416099702740458088272011387575151155,0 873,['CWE-200'],"static void *shmem_follow_link(struct dentry *dentry, struct nameidata *nd) { struct page *page = NULL; int res = shmem_getpage(dentry->d_inode, 0, &page, SGP_READ, NULL); nd_set_link(nd, res ? ERR_PTR(res) : kmap(page)); return page; }",linux-2.6,,,74327387563395761606313976276645722065,0 4661,['CWE-399'],"static inline ext4_fsblk_t ext4_group_first_block_no(struct super_block *sb, ext4_group_t group_no) { return group_no * (ext4_fsblk_t)EXT4_BLOCKS_PER_GROUP(sb) + le32_to_cpu(EXT4_SB(sb)->s_es->s_first_data_block);",linux-2.6,,,124876508105761216337239182746157340751,0 147,[],"asmlinkage long compat_sys_utimes(char __user *filename, struct compat_timeval __user *t) { return compat_sys_futimesat(AT_FDCWD, filename, t); }",linux-2.6,,,90586389343844512901462587108748391146,0 1557,[],"void __might_sleep(char *file, int line) { #ifdef in_atomic static unsigned long prev_jiffy; if ((in_atomic() || irqs_disabled()) && system_state == SYSTEM_RUNNING && !oops_in_progress) { if (time_before(jiffies, prev_jiffy + HZ) && prev_jiffy) return; prev_jiffy = jiffies; printk(KERN_ERR ""BUG: sleeping function called from invalid"" "" context at %s:%d\n"", file, line); printk(""in_atomic():%d, irqs_disabled():%d\n"", in_atomic(), irqs_disabled()); debug_show_held_locks(current); if (irqs_disabled()) print_irqtrace_events(current); dump_stack(); } #endif }",linux-2.6,,,244241581296307540649745352193044227165,0 718,CWE-20,"static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied, err; BT_DBG(""sock %p, sk %p"", sock, sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == BT_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) return err; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); switch (hci_pi(sk)->channel) { case HCI_CHANNEL_RAW: hci_sock_cmsg(sk, msg, skb); break; case HCI_CHANNEL_USER: case HCI_CHANNEL_CONTROL: case HCI_CHANNEL_MONITOR: sock_recv_timestamp(msg, sk, skb); break; } skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/hci_sock.c,https://github.com/torvalds/linux,129040150037285,1 26,['CWE-264'],"int _pdo_sqlite_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, const char *file, int line TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; pdo_error_type *pdo_err = stmt ? &stmt->error_code : &dbh->error_code; pdo_sqlite_error_info *einfo = &H->einfo; einfo->errcode = sqlite3_errcode(H->db); einfo->file = file; einfo->line = line; if (einfo->errcode != SQLITE_OK) { if (einfo->errmsg) { pefree(einfo->errmsg, dbh->is_persistent); } einfo->errmsg = pestrdup((char*)sqlite3_errmsg(H->db), dbh->is_persistent); } else { strncpy(*pdo_err, PDO_ERR_NONE, sizeof(PDO_ERR_NONE)); return 0; } switch (einfo->errcode) { case SQLITE_NOTFOUND: strncpy(*pdo_err, ""42S02"", sizeof(""42S02"")); break; case SQLITE_INTERRUPT: strncpy(*pdo_err, ""01002"", sizeof(""01002"")); break; case SQLITE_NOLFS: strncpy(*pdo_err, ""HYC00"", sizeof(""HYC00"")); break; case SQLITE_TOOBIG: strncpy(*pdo_err, ""22001"", sizeof(""22001"")); break; case SQLITE_CONSTRAINT: strncpy(*pdo_err, ""23000"", sizeof(""23000"")); break; case SQLITE_ERROR: default: strncpy(*pdo_err, ""HY000"", sizeof(""HY000"")); break; } if (!dbh->methods) { zend_throw_exception_ex(php_pdo_get_exception(), einfo->errcode TSRMLS_CC, ""SQLSTATE[%s] [%d] %s"", *pdo_err, einfo->errcode, einfo->errmsg); } return einfo->errcode; }",php-src,,,93289496886638969612228804889120937607,0 1191,['CWE-189'],static inline int hrtimer_hres_active(void) { return 0; },linux-2.6,,,226978847694839142293021437393915850814,0 5551,CWE-125,"ast2obj_keyword(void* _o) { keyword_ty o = (keyword_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(keyword_type, NULL, NULL); if (!result) return NULL; value = ast2obj_identifier(o->arg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_arg, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,113293443157071,1 5494,['CWE-476'],"long kvm_arch_dev_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; long r; switch (ioctl) { case KVM_GET_MSR_INDEX_LIST: { struct kvm_msr_list __user *user_msr_list = argp; struct kvm_msr_list msr_list; unsigned n; r = -EFAULT; if (copy_from_user(&msr_list, user_msr_list, sizeof msr_list)) goto out; n = msr_list.nmsrs; msr_list.nmsrs = num_msrs_to_save + ARRAY_SIZE(emulated_msrs); if (copy_to_user(user_msr_list, &msr_list, sizeof msr_list)) goto out; r = -E2BIG; if (n < num_msrs_to_save) goto out; r = -EFAULT; if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; if (copy_to_user(user_msr_list->indices + num_msrs_to_save * sizeof(u32), &emulated_msrs, ARRAY_SIZE(emulated_msrs) * sizeof(u32))) goto out; r = 0; break; } case KVM_GET_SUPPORTED_CPUID: { struct kvm_cpuid2 __user *cpuid_arg = argp; struct kvm_cpuid2 cpuid; r = -EFAULT; if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid)) goto out; r = kvm_dev_ioctl_get_supported_cpuid(&cpuid, cpuid_arg->entries); if (r) goto out; r = -EFAULT; if (copy_to_user(cpuid_arg, &cpuid, sizeof cpuid)) goto out; r = 0; break; } default: r = -EINVAL; } out: return r; }",linux-2.6,,,328187481787952816674799226829473504720,0 4634,CWE-476,"GF_Err gf_isom_get_text_description(GF_ISOFile *movie, u32 trackNumber, u32 descriptionIndex, GF_TextSampleDescriptor **out_desc) { GF_TrackBox *trak; u32 i; Bool is_qt_text = GF_FALSE; GF_Tx3gSampleEntryBox *txt; if (!descriptionIndex || !out_desc) return GF_BAD_PARAM; trak = gf_isom_get_track_from_file(movie, trackNumber); if (!trak || !trak->Media) return GF_BAD_PARAM; switch (trak->Media->handler->handlerType) { case GF_ISOM_MEDIA_TEXT: case GF_ISOM_MEDIA_SUBT: break; default: return GF_BAD_PARAM; } txt = (GF_Tx3gSampleEntryBox*)gf_list_get(trak->Media->information->sampleTable->SampleDescription->child_boxes, descriptionIndex - 1); if (!txt) return GF_BAD_PARAM; switch (txt->type) { case GF_ISOM_BOX_TYPE_TX3G: break; case GF_ISOM_BOX_TYPE_TEXT: is_qt_text = GF_TRUE; break; default: return GF_BAD_PARAM; } (*out_desc) = (GF_TextSampleDescriptor *) gf_odf_desc_new(GF_ODF_TX3G_TAG); if (! (*out_desc) ) return GF_OUT_OF_MEM; (*out_desc)->back_color = txt->back_color; (*out_desc)->default_pos = txt->default_box; (*out_desc)->default_style = txt->default_style; (*out_desc)->displayFlags = txt->displayFlags; (*out_desc)->vert_justif = txt->vertical_justification; (*out_desc)->horiz_justif = txt->horizontal_justification; if (is_qt_text) { GF_TextSampleEntryBox *qt_txt = (GF_TextSampleEntryBox *) txt; if (qt_txt->textName) { (*out_desc)->font_count = 1; (*out_desc)->fonts = (GF_FontRecord *) gf_malloc(sizeof(GF_FontRecord)); (*out_desc)->fonts[0].fontName = gf_strdup(qt_txt->textName); } } else { (*out_desc)->font_count = txt->font_table->entry_count; (*out_desc)->fonts = (GF_FontRecord *) gf_malloc(sizeof(GF_FontRecord) * txt->font_table->entry_count); for (i=0; ifont_table->entry_count; i++) { (*out_desc)->fonts[i].fontID = txt->font_table->fonts[i].fontID; if (txt->font_table->fonts[i].fontName) (*out_desc)->fonts[i].fontName = gf_strdup(txt->font_table->fonts[i].fontName); } } return GF_OK; }",visit repo url,src/isomedia/tx3g.c,https://github.com/gpac/gpac,141542388797211,1 4406,CWE-476,"scanner_scan_all (parser_context_t *context_p, const uint8_t *arg_list_p, const uint8_t *arg_list_end_p, const uint8_t *source_p, const uint8_t *source_end_p) { scanner_context_t scanner_context; #if ENABLED (JERRY_PARSER_DUMP_BYTE_CODE) if (context_p->is_show_opcodes) { JERRY_DEBUG_MSG (""\n--- Scanning start ---\n\n""); } #endif scanner_context.context_status_flags = context_p->status_flags; scanner_context.status_flags = SCANNER_CONTEXT_NO_FLAGS; #if ENABLED (JERRY_DEBUGGER) if (JERRY_CONTEXT (debugger_flags) & JERRY_DEBUGGER_CONNECTED) { scanner_context.status_flags |= SCANNER_CONTEXT_DEBUGGER_ENABLED; } #endif #if ENABLED (JERRY_ES2015) scanner_context.binding_type = SCANNER_BINDING_NONE; scanner_context.active_binding_list_p = NULL; #endif scanner_context.active_literal_pool_p = NULL; scanner_context.active_switch_statement.last_case_p = NULL; scanner_context.end_arguments_p = NULL; #if ENABLED (JERRY_ES2015) scanner_context.async_source_p = NULL; #endif context_p->u.scanner_context_p = &scanner_context; parser_stack_init (context_p); PARSER_TRY (context_p->try_buffer) { context_p->line = 1; context_p->column = 1; if (arg_list_p == NULL) { context_p->source_p = source_p; context_p->source_end_p = source_end_p; uint16_t status_flags = SCANNER_LITERAL_POOL_FUNCTION_WITHOUT_ARGUMENTS | SCANNER_LITERAL_POOL_CAN_EVAL; if (context_p->status_flags & PARSER_IS_STRICT) { status_flags |= SCANNER_LITERAL_POOL_IS_STRICT; } scanner_literal_pool_t *literal_pool_p = scanner_push_literal_pool (context_p, &scanner_context, status_flags); literal_pool_p->source_p = source_p; parser_stack_push_uint8 (context_p, SCAN_STACK_SCRIPT); lexer_next_token (context_p); scanner_check_directives (context_p, &scanner_context); } else { context_p->source_p = arg_list_p; context_p->source_end_p = arg_list_end_p; uint16_t status_flags = SCANNER_LITERAL_POOL_FUNCTION; if (context_p->status_flags & PARSER_IS_STRICT) { status_flags |= SCANNER_LITERAL_POOL_IS_STRICT; } #if ENABLED (JERRY_ES2015) if (context_p->status_flags & PARSER_IS_GENERATOR_FUNCTION) { status_flags |= SCANNER_LITERAL_POOL_GENERATOR; } #endif scanner_push_literal_pool (context_p, &scanner_context, status_flags); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; parser_stack_push_uint8 (context_p, SCAN_STACK_SCRIPT_FUNCTION); context_p->token.type = LEXER_LEFT_PAREN; } while (true) { lexer_token_type_t type = (lexer_token_type_t) context_p->token.type; scan_stack_modes_t stack_top = (scan_stack_modes_t) context_p->stack_top_uint8; switch (scanner_context.mode) { case SCAN_MODE_PRIMARY_EXPRESSION: { if (type == LEXER_ADD || type == LEXER_SUBTRACT || LEXER_IS_UNARY_OP_TOKEN (type)) { break; } } case SCAN_MODE_PRIMARY_EXPRESSION_AFTER_NEW: { if (scanner_scan_primary_expression (context_p, &scanner_context, type, stack_top) != SCAN_NEXT_TOKEN) { continue; } break; } #if ENABLED (JERRY_ES2015) case SCAN_MODE_CLASS_DECLARATION: { if (context_p->token.type == LEXER_KEYW_EXTENDS) { parser_stack_push_uint8 (context_p, SCAN_STACK_CLASS_EXTENDS); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } else if (context_p->token.type != LEXER_LEFT_BRACE) { scanner_raise_error (context_p); } scanner_context.mode = SCAN_MODE_CLASS_METHOD; } case SCAN_MODE_CLASS_METHOD: { JERRY_ASSERT (stack_top == SCAN_STACK_IMPLICIT_CLASS_CONSTRUCTOR || stack_top == SCAN_STACK_EXPLICIT_CLASS_CONSTRUCTOR); lexer_skip_empty_statements (context_p); lexer_scan_identifier (context_p); if (context_p->token.type == LEXER_RIGHT_BRACE) { scanner_source_start_t source_start; parser_stack_pop_uint8 (context_p); if (stack_top == SCAN_STACK_IMPLICIT_CLASS_CONSTRUCTOR) { parser_stack_pop (context_p, &source_start, sizeof (scanner_source_start_t)); } stack_top = context_p->stack_top_uint8; JERRY_ASSERT (stack_top == SCAN_STACK_CLASS_STATEMENT || stack_top == SCAN_STACK_CLASS_EXPRESSION); if (stack_top == SCAN_STACK_CLASS_STATEMENT) { scanner_context.mode = SCAN_MODE_STATEMENT_END; continue; } scanner_context.mode = SCAN_MODE_POST_PRIMARY_EXPRESSION; parser_stack_pop_uint8 (context_p); break; } if (context_p->token.type == LEXER_LITERAL && LEXER_IS_IDENT_OR_STRING (context_p->token.lit_location.type) && lexer_compare_literal_to_string (context_p, ""constructor"", 11)) { if (stack_top == SCAN_STACK_IMPLICIT_CLASS_CONSTRUCTOR) { scanner_source_start_t source_start; parser_stack_pop_uint8 (context_p); parser_stack_pop (context_p, &source_start, sizeof (scanner_source_start_t)); scanner_info_t *info_p = scanner_insert_info (context_p, source_start.source_p, sizeof (scanner_info_t)); info_p->type = SCANNER_TYPE_CLASS_CONSTRUCTOR; parser_stack_push_uint8 (context_p, SCAN_STACK_EXPLICIT_CLASS_CONSTRUCTOR); } } if (lexer_token_is_identifier (context_p, ""static"", 6)) { lexer_scan_identifier (context_p); } parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PROPERTY); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; uint16_t literal_pool_flags = SCANNER_LITERAL_POOL_FUNCTION; if (lexer_token_is_identifier (context_p, ""get"", 3) || lexer_token_is_identifier (context_p, ""set"", 3)) { lexer_scan_identifier (context_p); if (context_p->token.type == LEXER_LEFT_PAREN) { scanner_push_literal_pool (context_p, &scanner_context, SCANNER_LITERAL_POOL_FUNCTION); continue; } } else if (lexer_token_is_identifier (context_p, ""async"", 5)) { lexer_scan_identifier (context_p); if (context_p->token.type == LEXER_LEFT_PAREN) { scanner_push_literal_pool (context_p, &scanner_context, SCANNER_LITERAL_POOL_FUNCTION); continue; } literal_pool_flags |= SCANNER_LITERAL_POOL_ASYNC; if (context_p->token.type == LEXER_MULTIPLY) { lexer_scan_identifier (context_p); literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } } else if (context_p->token.type == LEXER_MULTIPLY) { lexer_scan_identifier (context_p); literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCANNER_FROM_LITERAL_POOL_TO_COMPUTED (literal_pool_flags)); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } if (literal_pool_flags & SCANNER_LITERAL_POOL_GENERATOR) { context_p->status_flags |= PARSER_IS_GENERATOR_FUNCTION; } scanner_push_literal_pool (context_p, &scanner_context, literal_pool_flags); lexer_next_token (context_p); continue; } #endif case SCAN_MODE_POST_PRIMARY_EXPRESSION: { if (scanner_scan_post_primary_expression (context_p, &scanner_context, type, stack_top)) { break; } type = (lexer_token_type_t) context_p->token.type; } case SCAN_MODE_PRIMARY_EXPRESSION_END: { if (scanner_scan_primary_expression_end (context_p, &scanner_context, type, stack_top) != SCAN_NEXT_TOKEN) { continue; } break; } case SCAN_MODE_STATEMENT_OR_TERMINATOR: { if (type == LEXER_RIGHT_BRACE || type == LEXER_EOS) { scanner_context.mode = SCAN_MODE_STATEMENT_END; continue; } } case SCAN_MODE_STATEMENT: { if (scanner_scan_statement (context_p, &scanner_context, type, stack_top) != SCAN_NEXT_TOKEN) { continue; } break; } case SCAN_MODE_STATEMENT_END: { if (scanner_scan_statement_end (context_p, &scanner_context, type) != SCAN_NEXT_TOKEN) { continue; } if (context_p->token.type == LEXER_EOS) { goto scan_completed; } break; } case SCAN_MODE_VAR_STATEMENT: { #if ENABLED (JERRY_ES2015) if (type == LEXER_LEFT_SQUARE || type == LEXER_LEFT_BRACE) { uint8_t binding_type = SCANNER_BINDING_VAR; if (stack_top == SCAN_STACK_LET || stack_top == SCAN_STACK_FOR_LET_START) { binding_type = SCANNER_BINDING_LET; } else if (stack_top == SCAN_STACK_CONST || stack_top == SCAN_STACK_FOR_CONST_START) { binding_type = SCANNER_BINDING_CONST; } scanner_push_destructuring_pattern (context_p, &scanner_context, binding_type, false); if (type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_ARRAY_LITERAL); scanner_context.mode = SCAN_MODE_BINDING; break; } parser_stack_push_uint8 (context_p, SCAN_STACK_OBJECT_LITERAL); scanner_context.mode = SCAN_MODE_PROPERTY_NAME; continue; } #endif if (type != LEXER_LITERAL || context_p->token.lit_location.type != LEXER_IDENT_LITERAL) { scanner_raise_error (context_p); } lexer_lit_location_t *literal_p = scanner_add_literal (context_p, &scanner_context); #if ENABLED (JERRY_ES2015) if (stack_top != SCAN_STACK_VAR && stack_top != SCAN_STACK_FOR_VAR_START) { scanner_detect_invalid_let (context_p, literal_p); if (stack_top == SCAN_STACK_LET || stack_top == SCAN_STACK_FOR_LET_START) { literal_p->type |= SCANNER_LITERAL_IS_LET; } else { JERRY_ASSERT (stack_top == SCAN_STACK_CONST || stack_top == SCAN_STACK_FOR_CONST_START); literal_p->type |= SCANNER_LITERAL_IS_CONST; } lexer_next_token (context_p); if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; } else if (context_p->token.type == LEXER_ASSIGN) { scanner_binding_literal_t binding_literal; binding_literal.literal_p = literal_p; parser_stack_push (context_p, &binding_literal, sizeof (scanner_binding_literal_t)); parser_stack_push_uint8 (context_p, SCAN_STACK_BINDING_INIT); } } else { if (!(literal_p->type & SCANNER_LITERAL_IS_VAR)) { scanner_detect_invalid_var (context_p, &scanner_context, literal_p); literal_p->type |= SCANNER_LITERAL_IS_VAR; if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_WITH) { literal_p->type |= SCANNER_LITERAL_NO_REG; } } lexer_next_token (context_p); } #else literal_p->type |= SCANNER_LITERAL_IS_VAR; if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_WITH) { literal_p->type |= SCANNER_LITERAL_NO_REG; } lexer_next_token (context_p); #endif #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_EXPORT) { literal_p->type |= SCANNER_LITERAL_NO_REG; } #endif switch (context_p->token.type) { case LEXER_ASSIGN: { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; } case LEXER_COMMA: { lexer_next_token (context_p); continue; } } if (SCANNER_IS_FOR_START (stack_top)) { #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) JERRY_ASSERT (!(scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_EXPORT)); #endif if (context_p->token.type != LEXER_SEMICOLON && context_p->token.type != LEXER_KEYW_IN && !SCANNER_IDENTIFIER_IS_OF ()) { scanner_raise_error (context_p); } scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION_END; continue; } #if ENABLED (JERRY_ES2015) JERRY_ASSERT (stack_top == SCAN_STACK_VAR || stack_top == SCAN_STACK_LET || stack_top == SCAN_STACK_CONST); #else JERRY_ASSERT (stack_top == SCAN_STACK_VAR); #endif #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) scanner_context.active_literal_pool_p->status_flags &= (uint16_t) ~SCANNER_LITERAL_POOL_IN_EXPORT; #endif scanner_context.mode = SCAN_MODE_STATEMENT_END; parser_stack_pop_uint8 (context_p); continue; } case SCAN_MODE_FUNCTION_ARGUMENTS: { JERRY_ASSERT (stack_top == SCAN_STACK_SCRIPT_FUNCTION || stack_top == SCAN_STACK_FUNCTION_STATEMENT || stack_top == SCAN_STACK_FUNCTION_EXPRESSION || stack_top == SCAN_STACK_FUNCTION_PROPERTY); scanner_literal_pool_t *literal_pool_p = scanner_context.active_literal_pool_p; JERRY_ASSERT (literal_pool_p != NULL && (literal_pool_p->status_flags & SCANNER_LITERAL_POOL_FUNCTION)); literal_pool_p->source_p = context_p->source_p; #if ENABLED (JERRY_ES2015) if (JERRY_UNLIKELY (scanner_context.async_source_p != NULL)) { literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ASYNC; literal_pool_p->source_p = scanner_context.async_source_p; scanner_context.async_source_p = NULL; } #endif if (type != LEXER_LEFT_PAREN) { scanner_raise_error (context_p); } lexer_next_token (context_p); #if ENABLED (JERRY_ES2015) } case SCAN_MODE_CONTINUE_FUNCTION_ARGUMENTS: { #endif if (context_p->token.type != LEXER_RIGHT_PAREN && context_p->token.type != LEXER_EOS) { #if ENABLED (JERRY_ES2015) lexer_lit_location_t *argument_literal_p; #endif while (true) { #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_THREE_DOTS) { scanner_context.active_literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ARGUMENTS_UNMAPPED; lexer_next_token (context_p); } if (context_p->token.type == LEXER_LEFT_SQUARE || context_p->token.type == LEXER_LEFT_BRACE) { argument_literal_p = NULL; break; } #endif if (context_p->token.type != LEXER_LITERAL || context_p->token.lit_location.type != LEXER_IDENT_LITERAL) { scanner_raise_error (context_p); } #if ENABLED (JERRY_ES2015) argument_literal_p = scanner_append_argument (context_p, &scanner_context); #else scanner_append_argument (context_p, &scanner_context); #endif lexer_next_token (context_p); if (context_p->token.type != LEXER_COMMA) { break; } lexer_next_token (context_p); } #if ENABLED (JERRY_ES2015) if (argument_literal_p == NULL) { scanner_context.active_literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ARGUMENTS_UNMAPPED; parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PARAMETERS); scanner_append_hole (context_p, &scanner_context); scanner_push_destructuring_pattern (context_p, &scanner_context, SCANNER_BINDING_ARG, false); if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_ARRAY_LITERAL); scanner_context.mode = SCAN_MODE_BINDING; break; } parser_stack_push_uint8 (context_p, SCAN_STACK_OBJECT_LITERAL); scanner_context.mode = SCAN_MODE_PROPERTY_NAME; continue; } if (context_p->token.type == LEXER_ASSIGN) { scanner_context.active_literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ARGUMENTS_UNMAPPED; parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PARAMETERS); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; if (argument_literal_p->type & SCANNER_LITERAL_IS_USED) { JERRY_ASSERT (argument_literal_p->type & SCANNER_LITERAL_EARLY_CREATE); break; } scanner_binding_literal_t binding_literal; binding_literal.literal_p = argument_literal_p; parser_stack_push (context_p, &binding_literal, sizeof (scanner_binding_literal_t)); parser_stack_push_uint8 (context_p, SCAN_STACK_BINDING_INIT); break; } #endif } if (context_p->token.type == LEXER_EOS && stack_top == SCAN_STACK_SCRIPT_FUNCTION) { scanner_info_t *scanner_info_p = (scanner_info_t *) scanner_malloc (context_p, sizeof (scanner_info_t)); scanner_info_p->next_p = context_p->next_scanner_info_p; scanner_info_p->source_p = NULL; scanner_info_p->type = SCANNER_TYPE_END_ARGUMENTS; scanner_context.end_arguments_p = scanner_info_p; context_p->next_scanner_info_p = scanner_info_p; context_p->source_p = source_p; context_p->source_end_p = source_end_p; context_p->line = 1; context_p->column = 1; scanner_filter_arguments (context_p, &scanner_context); lexer_next_token (context_p); scanner_check_directives (context_p, &scanner_context); continue; } if (context_p->token.type != LEXER_RIGHT_PAREN) { scanner_raise_error (context_p); } lexer_next_token (context_p); if (context_p->token.type != LEXER_LEFT_BRACE) { scanner_raise_error (context_p); } scanner_filter_arguments (context_p, &scanner_context); lexer_next_token (context_p); scanner_check_directives (context_p, &scanner_context); continue; } case SCAN_MODE_PROPERTY_NAME: { JERRY_ASSERT (stack_top == SCAN_STACK_OBJECT_LITERAL); if (lexer_scan_identifier (context_p)) { lexer_check_property_modifier (context_p); } #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_COMPUTED_PROPERTY); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } #endif if (context_p->token.type == LEXER_RIGHT_BRACE) { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION_END; continue; } if (context_p->token.type == LEXER_PROPERTY_GETTER #if ENABLED (JERRY_ES2015) || context_p->token.type == LEXER_KEYW_ASYNC || context_p->token.type == LEXER_MULTIPLY #endif || context_p->token.type == LEXER_PROPERTY_SETTER) { uint16_t literal_pool_flags = SCANNER_LITERAL_POOL_FUNCTION; #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_MULTIPLY) { literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } else if (context_p->token.type == LEXER_KEYW_ASYNC) { literal_pool_flags |= SCANNER_LITERAL_POOL_ASYNC; if (lexer_consume_generator (context_p)) { literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } } #endif parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PROPERTY); lexer_scan_identifier (context_p); #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCANNER_FROM_LITERAL_POOL_TO_COMPUTED (literal_pool_flags)); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } #endif if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } scanner_push_literal_pool (context_p, &scanner_context, literal_pool_flags); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; break; } if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } #if ENABLED (JERRY_ES2015) parser_line_counter_t start_line = context_p->token.line; parser_line_counter_t start_column = context_p->token.column; bool is_ident = (context_p->token.lit_location.type == LEXER_IDENT_LITERAL); #endif lexer_next_token (context_p); #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_LEFT_PAREN) { scanner_push_literal_pool (context_p, &scanner_context, SCANNER_LITERAL_POOL_FUNCTION); parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PROPERTY); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; continue; } if (is_ident && (context_p->token.type == LEXER_COMMA || context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN)) { context_p->source_p = context_p->token.lit_location.char_p; context_p->line = start_line; context_p->column = start_column; lexer_next_token (context_p); JERRY_ASSERT (context_p->token.type != LEXER_LITERAL || context_p->token.lit_location.type == LEXER_IDENT_LITERAL); if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } if (scanner_context.binding_type != SCANNER_BINDING_NONE) { scanner_context.mode = SCAN_MODE_BINDING; continue; } scanner_add_reference (context_p, &scanner_context); lexer_next_token (context_p); if (context_p->token.type == LEXER_ASSIGN) { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION_END; continue; } #endif if (context_p->token.type != LEXER_COLON) { scanner_raise_error (context_p); } scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; #if ENABLED (JERRY_ES2015) if (scanner_context.binding_type != SCANNER_BINDING_NONE) { scanner_context.mode = SCAN_MODE_BINDING; } #endif break; } #if ENABLED (JERRY_ES2015) case SCAN_MODE_BINDING: { JERRY_ASSERT (scanner_context.binding_type == SCANNER_BINDING_VAR || scanner_context.binding_type == SCANNER_BINDING_LET || scanner_context.binding_type == SCANNER_BINDING_CATCH || scanner_context.binding_type == SCANNER_BINDING_CONST || scanner_context.binding_type == SCANNER_BINDING_ARG || scanner_context.binding_type == SCANNER_BINDING_ARROW_ARG); if (type == LEXER_THREE_DOTS) { lexer_next_token (context_p); type = (lexer_token_type_t) context_p->token.type; } if (type == LEXER_LEFT_SQUARE || type == LEXER_LEFT_BRACE) { scanner_push_destructuring_pattern (context_p, &scanner_context, scanner_context.binding_type, true); if (type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_ARRAY_LITERAL); break; } parser_stack_push_uint8 (context_p, SCAN_STACK_OBJECT_LITERAL); scanner_context.mode = SCAN_MODE_PROPERTY_NAME; continue; } if (type != LEXER_LITERAL || context_p->token.lit_location.type != LEXER_IDENT_LITERAL) { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; continue; } lexer_lit_location_t *literal_p = scanner_add_literal (context_p, &scanner_context); scanner_context.mode = SCAN_MODE_POST_PRIMARY_EXPRESSION; if (scanner_context.binding_type == SCANNER_BINDING_VAR) { if (!(literal_p->type & SCANNER_LITERAL_IS_VAR)) { scanner_detect_invalid_var (context_p, &scanner_context, literal_p); literal_p->type |= SCANNER_LITERAL_IS_VAR; if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_WITH) { literal_p->type |= SCANNER_LITERAL_NO_REG; } } break; } if (scanner_context.binding_type == SCANNER_BINDING_ARROW_ARG) { literal_p->type |= SCANNER_LITERAL_IS_ARG | SCANNER_LITERAL_IS_ARROW_DESTRUCTURED_ARG; if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; break; } } else { scanner_detect_invalid_let (context_p, literal_p); if (scanner_context.binding_type <= SCANNER_BINDING_CATCH) { JERRY_ASSERT ((scanner_context.binding_type == SCANNER_BINDING_LET) || (scanner_context.binding_type == SCANNER_BINDING_CATCH)); literal_p->type |= SCANNER_LITERAL_IS_LET; } else { literal_p->type |= SCANNER_LITERAL_IS_CONST; if (scanner_context.binding_type == SCANNER_BINDING_ARG) { literal_p->type |= SCANNER_LITERAL_IS_ARG; if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; break; } } } if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; break; } } scanner_binding_item_t *binding_item_p; binding_item_p = (scanner_binding_item_t *) scanner_malloc (context_p, sizeof (scanner_binding_item_t)); binding_item_p->next_p = scanner_context.active_binding_list_p->items_p; binding_item_p->literal_p = literal_p; scanner_context.active_binding_list_p->items_p = binding_item_p; lexer_next_token (context_p); if (context_p->token.type != LEXER_ASSIGN) { continue; } scanner_binding_literal_t binding_literal; binding_literal.literal_p = literal_p; parser_stack_push (context_p, &binding_literal, sizeof (scanner_binding_literal_t)); parser_stack_push_uint8 (context_p, SCAN_STACK_BINDING_INIT); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } #endif } lexer_next_token (context_p); } scan_completed: if (context_p->stack_top_uint8 != SCAN_STACK_SCRIPT && context_p->stack_top_uint8 != SCAN_STACK_SCRIPT_FUNCTION) { scanner_raise_error (context_p); } scanner_pop_literal_pool (context_p, &scanner_context); #if ENABLED (JERRY_ES2015) JERRY_ASSERT (scanner_context.active_binding_list_p == NULL); #endif JERRY_ASSERT (scanner_context.active_literal_pool_p == NULL); #ifndef JERRY_NDEBUG scanner_context.context_status_flags |= PARSER_SCANNING_SUCCESSFUL; #endif } PARSER_CATCH { if (context_p->error != PARSER_ERR_OUT_OF_MEMORY) { context_p->error = PARSER_ERR_NO_ERROR; } #if ENABLED (JERRY_ES2015) while (scanner_context.active_binding_list_p != NULL) { scanner_pop_binding_list (&scanner_context); } #endif PARSER_TRY (context_p->try_buffer) { #if ENABLED (JERRY_ES2015) if (scanner_context.status_flags & SCANNER_CONTEXT_THROW_ERR_ASYNC_FUNCTION) { JERRY_ASSERT (scanner_context.async_source_p != NULL); scanner_info_t *info_p; info_p = scanner_insert_info (context_p, scanner_context.async_source_p, sizeof (scanner_info_t)); info_p->type = SCANNER_TYPE_ERR_ASYNC_FUNCTION; } #endif while (scanner_context.active_literal_pool_p != NULL) { scanner_pop_literal_pool (context_p, &scanner_context); } } PARSER_CATCH { JERRY_ASSERT (context_p->error == PARSER_ERR_NO_ERROR); while (scanner_context.active_literal_pool_p != NULL) { scanner_literal_pool_t *literal_pool_p = scanner_context.active_literal_pool_p; scanner_context.active_literal_pool_p = literal_pool_p->prev_p; parser_list_free (&literal_pool_p->literal_pool); scanner_free (literal_pool_p, sizeof (scanner_literal_pool_t)); } } PARSER_TRY_END #if ENABLED (JERRY_ES2015) context_p->status_flags &= (uint32_t) ~PARSER_IS_GENERATOR_FUNCTION; #endif } PARSER_TRY_END context_p->status_flags = scanner_context.context_status_flags; scanner_reverse_info_list (context_p); #if ENABLED (JERRY_PARSER_DUMP_BYTE_CODE) if (context_p->is_show_opcodes) { scanner_info_t *info_p = context_p->next_scanner_info_p; const uint8_t *source_start_p = (arg_list_p == NULL) ? source_p : arg_list_p; while (info_p->type != SCANNER_TYPE_END) { const char *name_p = NULL; bool print_location = false; switch (info_p->type) { case SCANNER_TYPE_END_ARGUMENTS: { JERRY_DEBUG_MSG ("" END_ARGUMENTS\n""); source_start_p = source_p; break; } case SCANNER_TYPE_FUNCTION: case SCANNER_TYPE_BLOCK: { const uint8_t *prev_source_p = info_p->source_p - 1; const uint8_t *data_p; if (info_p->type == SCANNER_TYPE_FUNCTION) { data_p = (const uint8_t *) (info_p + 1); JERRY_DEBUG_MSG ("" FUNCTION: flags: 0x%x declarations: %d"", (int) info_p->u8_arg, (int) info_p->u16_arg); } else { data_p = (const uint8_t *) (info_p + 1); JERRY_DEBUG_MSG ("" BLOCK:""); } JERRY_DEBUG_MSG ("" source:%d\n"", (int) (info_p->source_p - source_start_p)); while (data_p[0] != SCANNER_STREAM_TYPE_END) { switch (data_p[0] & SCANNER_STREAM_TYPE_MASK) { case SCANNER_STREAM_TYPE_VAR: { JERRY_DEBUG_MSG ("" VAR ""); break; } #if ENABLED (JERRY_ES2015) case SCANNER_STREAM_TYPE_LET: { JERRY_DEBUG_MSG ("" LET ""); break; } case SCANNER_STREAM_TYPE_CONST: { JERRY_DEBUG_MSG ("" CONST ""); break; } case SCANNER_STREAM_TYPE_LOCAL: { JERRY_DEBUG_MSG ("" LOCAL ""); break; } #endif #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) case SCANNER_STREAM_TYPE_IMPORT: { JERRY_DEBUG_MSG ("" IMPORT ""); break; } #endif case SCANNER_STREAM_TYPE_ARG: { JERRY_DEBUG_MSG ("" ARG ""); break; } #if ENABLED (JERRY_ES2015) case SCANNER_STREAM_TYPE_DESTRUCTURED_ARG: { JERRY_DEBUG_MSG ("" DESTRUCTURED_ARG ""); break; } #endif case SCANNER_STREAM_TYPE_ARG_FUNC: { JERRY_DEBUG_MSG ("" ARG_FUNC ""); break; } #if ENABLED (JERRY_ES2015) case SCANNER_STREAM_TYPE_DESTRUCTURED_ARG_FUNC: { JERRY_DEBUG_MSG ("" DESTRUCTURED_ARG_FUNC ""); break; } #endif case SCANNER_STREAM_TYPE_FUNC: { JERRY_DEBUG_MSG ("" FUNC ""); break; } default: { JERRY_ASSERT ((data_p[0] & SCANNER_STREAM_TYPE_MASK) == SCANNER_STREAM_TYPE_HOLE); JERRY_DEBUG_MSG ("" HOLE\n""); data_p++; continue; } } size_t length; if (!(data_p[0] & SCANNER_STREAM_UINT16_DIFF)) { if (data_p[2] != 0) { prev_source_p += data_p[2]; length = 2 + 1; } else { memcpy (&prev_source_p, data_p + 2 + 1, sizeof (const uint8_t *)); length = 2 + 1 + sizeof (const uint8_t *); } } else { int32_t diff = ((int32_t) data_p[2]) | ((int32_t) data_p[3]) << 8; if (diff <= UINT8_MAX) { diff = -diff; } prev_source_p += diff; length = 2 + 2; } #if ENABLED (JERRY_ES2015) if (data_p[0] & SCANNER_STREAM_EARLY_CREATE) { JERRY_ASSERT (data_p[0] & SCANNER_STREAM_NO_REG); JERRY_DEBUG_MSG (""*""); } #endif if (data_p[0] & SCANNER_STREAM_NO_REG) { JERRY_DEBUG_MSG (""* ""); } JERRY_DEBUG_MSG (""'%.*s'\n"", data_p[1], (char *) prev_source_p); prev_source_p += data_p[1]; data_p += length; } break; } case SCANNER_TYPE_WHILE: { name_p = ""WHILE""; print_location = true; break; } case SCANNER_TYPE_FOR: { scanner_for_info_t *for_info_p = (scanner_for_info_t *) info_p; JERRY_DEBUG_MSG ("" FOR: source:%d expression:%d[%d:%d] end:%d[%d:%d]\n"", (int) (for_info_p->info.source_p - source_start_p), (int) (for_info_p->expression_location.source_p - source_start_p), (int) for_info_p->expression_location.line, (int) for_info_p->expression_location.column, (int) (for_info_p->end_location.source_p - source_start_p), (int) for_info_p->end_location.line, (int) for_info_p->end_location.column); break; } case SCANNER_TYPE_FOR_IN: { name_p = ""FOR-IN""; print_location = true; break; } #if ENABLED (JERRY_ES2015) case SCANNER_TYPE_FOR_OF: { name_p = ""FOR-OF""; print_location = true; break; } #endif case SCANNER_TYPE_SWITCH: { JERRY_DEBUG_MSG ("" SWITCH: source:%d\n"", (int) (info_p->source_p - source_start_p)); scanner_case_info_t *current_case_p = ((scanner_switch_info_t *) info_p)->case_p; while (current_case_p != NULL) { JERRY_DEBUG_MSG ("" CASE: location:%d[%d:%d]\n"", (int) (current_case_p->location.source_p - source_start_p), (int) current_case_p->location.line, (int) current_case_p->location.column); current_case_p = current_case_p->next_p; } break; } case SCANNER_TYPE_CASE: { name_p = ""CASE""; print_location = true; break; } #if ENABLED (JERRY_ES2015) case SCANNER_TYPE_INITIALIZER: { name_p = ""INITIALIZER""; print_location = true; break; } case SCANNER_TYPE_CLASS_CONSTRUCTOR: { JERRY_DEBUG_MSG ("" CLASS-CONSTRUCTOR: source:%d\n"", (int) (info_p->source_p - source_start_p)); print_location = false; break; } case SCANNER_TYPE_LET_EXPRESSION: { JERRY_DEBUG_MSG ("" LET_EXPRESSION: source:%d\n"", (int) (info_p->source_p - source_start_p)); break; } case SCANNER_TYPE_ERR_REDECLARED: { JERRY_DEBUG_MSG ("" ERR_REDECLARED: source:%d\n"", (int) (info_p->source_p - source_start_p)); break; } case SCANNER_TYPE_ERR_ASYNC_FUNCTION: { JERRY_DEBUG_MSG ("" ERR_ASYNC_FUNCTION: source:%d\n"", (int) (info_p->source_p - source_start_p)); break; } #endif } if (print_location) { scanner_location_info_t *location_info_p = (scanner_location_info_t *) info_p; JERRY_DEBUG_MSG ("" %s: source:%d location:%d[%d:%d]\n"", name_p, (int) (location_info_p->info.source_p - source_start_p), (int) (location_info_p->location.source_p - source_start_p), (int) location_info_p->location.line, (int) location_info_p->location.column); } info_p = info_p->next_p; } JERRY_DEBUG_MSG (""\n--- Scanning end ---\n\n""); } #endif parser_stack_free (context_p); } ",visit repo url,jerry-core/parser/js/js-scanner.c,https://github.com/jerryscript-project/jerryscript,199109117186543,1 5497,['CWE-476'],"static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 __user *entries) { struct kvm_cpuid_entry2 *cpuid_entries; int limit, nent = 0, r = -E2BIG; u32 func; if (cpuid->nent < 1) goto out; r = -ENOMEM; cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry2) * cpuid->nent); if (!cpuid_entries) goto out; do_cpuid_ent(&cpuid_entries[0], 0, 0, &nent, cpuid->nent); limit = cpuid_entries[0].eax; for (func = 1; func <= limit && nent < cpuid->nent; ++func) do_cpuid_ent(&cpuid_entries[nent], func, 0, &nent, cpuid->nent); r = -E2BIG; if (nent >= cpuid->nent) goto out_free; do_cpuid_ent(&cpuid_entries[nent], 0x80000000, 0, &nent, cpuid->nent); limit = cpuid_entries[nent - 1].eax; for (func = 0x80000001; func <= limit && nent < cpuid->nent; ++func) do_cpuid_ent(&cpuid_entries[nent], func, 0, &nent, cpuid->nent); r = -EFAULT; if (copy_to_user(entries, cpuid_entries, nent * sizeof(struct kvm_cpuid_entry2))) goto out_free; cpuid->nent = nent; r = 0; out_free: vfree(cpuid_entries); out: return r; }",linux-2.6,,,14336560719085804751298009541590536323,0 2618,[],"static int sctp_getsockopt_peer_addrs_old(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_association *asoc; int cnt = 0; struct sctp_getaddrs_old getaddrs; struct sctp_transport *from; void __user *to; union sctp_addr temp; struct sctp_sock *sp = sctp_sk(sk); int addrlen; if (len < sizeof(struct sctp_getaddrs_old)) return -EINVAL; len = sizeof(struct sctp_getaddrs_old); if (copy_from_user(&getaddrs, optval, len)) return -EFAULT; if (getaddrs.addr_num <= 0) return -EINVAL; printk(KERN_WARNING ""SCTP: Use of SCTP_GET_PEER_ADDRS_OLD "" ""socket option deprecated\n""); asoc = sctp_id2assoc(sk, getaddrs.assoc_id); if (!asoc) return -EINVAL; to = (void __user *)getaddrs.addrs; list_for_each_entry(from, &asoc->peer.transport_addr_list, transports) { memcpy(&temp, &from->ipaddr, sizeof(temp)); sctp_get_pf_specific(sk->sk_family)->addr_v4map(sp, &temp); addrlen = sctp_get_af_specific(sk->sk_family)->sockaddr_len; if (copy_to_user(to, &temp, addrlen)) return -EFAULT; to += addrlen ; cnt ++; if (cnt >= getaddrs.addr_num) break; } getaddrs.addr_num = cnt; if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &getaddrs, len)) return -EFAULT; return 0; }",linux-2.6,,,173986461350272593276945211186535181423,0 5930,CWE-120,"static void jsonNewDString(Jsi_Interp *interp, Jsi_DString *dStr, const char* str, int len) { char buf[100], *dp = buf; const char *cp = str; int ulen; while ((cp-str)90) { *dp = 0; Jsi_DSAppendLen(dStr, buf, dp-buf); dp = buf; } } *dp = 0; Jsi_DSAppendLen(dStr, buf, dp-buf); }",visit repo url,src/jsiJSON.c,https://github.com/pcmacdon/jsish,110159295243918,1 3254,CWE-125,"ip_printts(netdissect_options *ndo, register const u_char *cp, u_int length) { register u_int ptr; register u_int len; int hoplen; const char *type; if (length < 4) { ND_PRINT((ndo, ""[bad length %u]"", length)); return; } ND_PRINT((ndo, "" TS{"")); hoplen = ((cp[3]&0xF) != IPOPT_TS_TSONLY) ? 8 : 4; if ((length - 4) & (hoplen-1)) ND_PRINT((ndo, ""[bad length %u]"", length)); ptr = cp[2] - 1; len = 0; if (ptr < 4 || ((ptr - 4) & (hoplen-1)) || ptr > length + 1) ND_PRINT((ndo, ""[bad ptr %u]"", cp[2])); switch (cp[3]&0xF) { case IPOPT_TS_TSONLY: ND_PRINT((ndo, ""TSONLY"")); break; case IPOPT_TS_TSANDADDR: ND_PRINT((ndo, ""TS+ADDR"")); break; case 2: ND_PRINT((ndo, ""PRESPEC2.0"")); break; case 3: ND_PRINT((ndo, ""PRESPEC"")); break; default: ND_PRINT((ndo, ""[bad ts type %d]"", cp[3]&0xF)); goto done; } type = "" ""; for (len = 4; len < length; len += hoplen) { if (ptr == len) type = "" ^ ""; ND_PRINT((ndo, ""%s%d@%s"", type, EXTRACT_32BITS(&cp[len+hoplen-4]), hoplen!=8 ? """" : ipaddr_string(ndo, &cp[len]))); type = "" ""; } done: ND_PRINT((ndo, ""%s"", ptr == len ? "" ^ "" : """")); if (cp[3]>>4) ND_PRINT((ndo, "" [%d hops not recorded]} "", cp[3]>>4)); else ND_PRINT((ndo, ""}"")); }",visit repo url,print-ip.c,https://github.com/the-tcpdump-group/tcpdump,57984779505825,1 5787,CWE-125,"snmp_ber_decode_length(unsigned char *buff, uint32_t *buff_len, uint8_t *length) { if(*buff_len == 0) { return NULL; } *length = *buff++; (*buff_len)--; return buff; }",visit repo url,os/net/app-layer/snmp/snmp-ber.c,https://github.com/contiki-ng/contiki-ng,33870782592066,1 1591,[],"static void idle_balance(int this_cpu, struct rq *this_rq) { struct sched_domain *sd; int pulled_task = -1; unsigned long next_balance = jiffies + HZ; cpumask_t tmpmask; for_each_domain(this_cpu, sd) { unsigned long interval; if (!(sd->flags & SD_LOAD_BALANCE)) continue; if (sd->flags & SD_BALANCE_NEWIDLE) pulled_task = load_balance_newidle(this_cpu, this_rq, sd, &tmpmask); interval = msecs_to_jiffies(sd->balance_interval); if (time_after(next_balance, sd->last_balance + interval)) next_balance = sd->last_balance + interval; if (pulled_task) break; } if (pulled_task || time_after(jiffies, this_rq->next_balance)) { this_rq->next_balance = next_balance; } }",linux-2.6,,,197526210295707576070942151147865946161,0 1568,[],"static struct root_domain *alloc_rootdomain(void) { struct root_domain *rd; rd = kmalloc(sizeof(*rd), GFP_KERNEL); if (!rd) return NULL; init_rootdomain(rd); return rd; }",linux-2.6,,,330809661447748421893795454664907898244,0 2077,[],"int udp_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen) { if (level == SOL_UDP || level == SOL_UDPLITE) return udp_lib_setsockopt(sk, level, optname, optval, optlen, udp_push_pending_frames); return ip_setsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,165748610901042032268370164403509738579,0 6271,['CWE-200'],"static struct vif_device *ipmr_vif_seq_idx(struct ipmr_vif_iter *iter, loff_t pos) { for (iter->ct = 0; iter->ct < maxvif; ++iter->ct) { if(!VIF_EXISTS(iter->ct)) continue; if (pos-- == 0) return &vif_table[iter->ct]; } return NULL; }",linux-2.6,,,51954184119965034490105632687761836327,0 5412,CWE-125,"processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) { const char *textStart, *textEnd; const char *next; enum XML_Error result; OPEN_INTERNAL_ENTITY *openEntity; if (parser->m_freeInternalEntities) { openEntity = parser->m_freeInternalEntities; parser->m_freeInternalEntities = openEntity->next; } else { openEntity = (OPEN_INTERNAL_ENTITY *)MALLOC(parser, sizeof(OPEN_INTERNAL_ENTITY)); if (! openEntity) return XML_ERROR_NO_MEMORY; } entity->open = XML_TRUE; entity->processed = 0; openEntity->next = parser->m_openInternalEntities; parser->m_openInternalEntities = openEntity; openEntity->entity = entity; openEntity->startTagLevel = parser->m_tagLevel; openEntity->betweenDecl = betweenDecl; openEntity->internalEventPtr = NULL; openEntity->internalEventEndPtr = NULL; textStart = (char *)entity->textPtr; textEnd = (char *)(entity->textPtr + entity->textLen); next = textStart; #ifdef XML_DTD if (entity->is_param) { int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok, next, &next, XML_FALSE); } else #endif result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding, textStart, textEnd, &next, XML_FALSE); if (result == XML_ERROR_NONE) { if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { entity->processed = (int)(next - textStart); parser->m_processor = internalEntityProcessor; } else { entity->open = XML_FALSE; parser->m_openInternalEntities = openEntity->next; openEntity->next = parser->m_freeInternalEntities; parser->m_freeInternalEntities = openEntity; } } return result; }",visit repo url,expat/lib/xmlparse.c,https://github.com/libexpat/libexpat,126618658631430,1 6080,CWE-190,"void bn_set_bit(bn_t a, int bit, int value) { int d; if (bit < 0) { RLC_THROW(ERR_NO_VALID); return; } RLC_RIP(bit, d, bit); bn_grow(a, d); if (value == 1) { a->dp[d] |= ((dig_t)1 << bit); if ((d + 1) > a->used) { a->used = d + 1; } } else { a->dp[d] &= ~((dig_t)1 << bit); bn_trim(a); } }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,154577502257186,1 3846,CWE-125,"cmdline_insert_reg(int *gotesc UNUSED) { int i; int c; #ifdef USE_ON_FLY_SCROLL dont_scroll = TRUE; #endif putcmdline('""', TRUE); ++no_mapping; ++allow_keys; i = c = plain_vgetc(); if (i == Ctrl_O) i = Ctrl_R; if (i == Ctrl_R) c = plain_vgetc(); extra_char = NUL; --no_mapping; --allow_keys; #ifdef FEAT_EVAL new_cmdpos = -1; if (c == '=') { if (ccline.cmdfirstc == '=' || cmdline_star > 0) { beep_flush(); c = ESC; } else c = get_expr_register(); } #endif if (c != ESC) { cmdline_paste(c, i == Ctrl_R, FALSE); #ifdef FEAT_EVAL if (aborting()) { *gotesc = TRUE; return GOTO_NORMAL_MODE; } #endif KeyTyped = FALSE; #ifdef FEAT_EVAL if (new_cmdpos >= 0) { if (new_cmdpos > ccline.cmdlen) ccline.cmdpos = ccline.cmdlen; else ccline.cmdpos = new_cmdpos; } #endif } redrawcmd(); return CMDLINE_NOT_CHANGED; }",visit repo url,src/ex_getln.c,https://github.com/vim/vim,267318085361971,1 3996,['CWE-362'],"static int is_under(struct vfsmount *mnt, struct dentry *dentry, struct path *path) { if (mnt != path->mnt) { for (;;) { if (mnt->mnt_parent == mnt) return 0; if (mnt->mnt_parent == path->mnt) break; mnt = mnt->mnt_parent; } dentry = mnt->mnt_mountpoint; } return is_subdir(dentry, path->dentry); }",linux-2.6,,,166178457240106869615019611012614154629,0 5107,CWE-125,"With(asdl_seq * items, asdl_seq * body, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = With_kind; p->v.With.items = items; p->v.With.body = body; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,209920470455215,1 5828,['CWE-200'],"static void econet_insert_socket(struct hlist_head *list, struct sock *sk) { write_lock_bh(&econet_lock); sk_add_node(sk, list); write_unlock_bh(&econet_lock); }",linux-2.6,,,61181088784802890116251424925450707852,0 3646,CWE-119,"static void tokenadd(struct jv_parser* p, char c) { assert(p->tokenpos <= p->tokenlen); if (p->tokenpos == p->tokenlen) { p->tokenlen = p->tokenlen*2 + 256; p->tokenbuf = jv_mem_realloc(p->tokenbuf, p->tokenlen); } assert(p->tokenpos < p->tokenlen); p->tokenbuf[p->tokenpos++] = c; }",visit repo url,src/jv_parse.c,https://github.com/stedolan/jq,75009269289193,1 4428,['CWE-264'],"static void sock_def_readable(struct sock *sk, int len) { read_lock(&sk->sk_callback_lock); if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) wake_up_interruptible_sync(sk->sk_sleep); sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); read_unlock(&sk->sk_callback_lock); }",linux-2.6,,,138296370544246449512172048234271028822,0 6217,CWE-190,"void fp24_write_bin(uint8_t *bin, int len, const fp24_t a, int pack) { fp24_t t; fp24_null(t); RLC_TRY { fp24_new(t); if (pack) { if (len != 16 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); } fp24_pck(t, a); fp4_write_bin(bin, 4 * RLC_FP_BYTES, a[1][0]); fp4_write_bin(bin + 4 * RLC_FP_BYTES, 4 * RLC_FP_BYTES, a[1][1]); fp4_write_bin(bin + 8 * RLC_FP_BYTES, 4 * RLC_FP_BYTES, a[2][0]); fp4_write_bin(bin + 12 * RLC_FP_BYTES, 4 * RLC_FP_BYTES, a[2][1]); } else { if (len != 24 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); } fp8_write_bin(bin, 8 * RLC_FP_BYTES, a[0]); fp8_write_bin(bin + 8 * RLC_FP_BYTES, 8 * RLC_FP_BYTES, a[1]); fp8_write_bin(bin + 16 * RLC_FP_BYTES, 8 * RLC_FP_BYTES, a[2]); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp24_free(t); } }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,11081819699480,1 1617,CWE-416,"static struct dst_entry *inet6_csk_route_socket(struct sock *sk, struct flowi6 *fl6) { struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct in6_addr *final_p, final; struct dst_entry *dst; memset(fl6, 0, sizeof(*fl6)); fl6->flowi6_proto = sk->sk_protocol; fl6->daddr = sk->sk_v6_daddr; fl6->saddr = np->saddr; fl6->flowlabel = np->flow_label; IP6_ECN_flow_xmit(sk, fl6->flowlabel); fl6->flowi6_oif = sk->sk_bound_dev_if; fl6->flowi6_mark = sk->sk_mark; fl6->fl6_sport = inet->inet_sport; fl6->fl6_dport = inet->inet_dport; security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); final_p = fl6_update_dst(fl6, np->opt, &final); dst = __inet6_csk_dst_check(sk, np->dst_cookie); if (!dst) { dst = ip6_dst_lookup_flow(sk, fl6, final_p); if (!IS_ERR(dst)) __inet6_csk_dst_store(sk, dst, NULL, NULL); } return dst; }",visit repo url,net/ipv6/inet6_connection_sock.c,https://github.com/torvalds/linux,149504478028072,1 2180,['CWE-400'],"static unsigned long shmem_default_max_inodes(void) { return min(totalram_pages - totalhigh_pages, totalram_pages / 2); }",linux-2.6,,,114981251859875234176511097868023547298,0 5504,CWE-125,"parsetok(struct tok_state *tok, grammar *g, int start, perrdetail *err_ret, int *flags) { parser_state *ps; node *n; int started = 0; growable_int_array type_ignores; if (!growable_int_array_init(&type_ignores, 10)) { err_ret->error = E_NOMEM; Ta3Tokenizer_Free(tok); return NULL; } if ((ps = Ta3Parser_New(g, start)) == NULL) { err_ret->error = E_NOMEM; Ta3Tokenizer_Free(tok); return NULL; } #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD if (*flags & PyPARSE_BARRY_AS_BDFL) ps->p_flags |= CO_FUTURE_BARRY_AS_BDFL; #endif for (;;) { char *a, *b; int type; size_t len; char *str; int col_offset; type = Ta3Tokenizer_Get(tok, &a, &b); if (type == ERRORTOKEN) { err_ret->error = tok->done; break; } if (type == ENDMARKER && started) { type = NEWLINE; started = 0; if (tok->indent && !(*flags & PyPARSE_DONT_IMPLY_DEDENT)) { tok->pendin = -tok->indent; tok->indent = 0; } } else started = 1; len = b - a; str = (char *) PyObject_MALLOC(len + 1); if (str == NULL) { err_ret->error = E_NOMEM; break; } if (len > 0) strncpy(str, a, len); str[len] = '\0'; #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD if (type == NOTEQUAL) { if (!(ps->p_flags & CO_FUTURE_BARRY_AS_BDFL) && strcmp(str, ""!="")) { PyObject_FREE(str); err_ret->error = E_SYNTAX; break; } else if ((ps->p_flags & CO_FUTURE_BARRY_AS_BDFL) && strcmp(str, ""<>"")) { PyObject_FREE(str); err_ret->text = ""with Barry as BDFL, use '<>' "" ""instead of '!='""; err_ret->error = E_SYNTAX; break; } } #endif if (a >= tok->line_start) col_offset = Py_SAFE_DOWNCAST(a - tok->line_start, intptr_t, int); else col_offset = -1; if (type == TYPE_IGNORE) { if (!growable_int_array_add(&type_ignores, tok->lineno)) { err_ret->error = E_NOMEM; break; } continue; } if ((err_ret->error = Ta3Parser_AddToken(ps, (int)type, str, tok->lineno, col_offset, &(err_ret->expected))) != E_OK) { if (err_ret->error != E_DONE) { PyObject_FREE(str); err_ret->token = type; } break; } } if (err_ret->error == E_DONE) { n = ps->p_tree; ps->p_tree = NULL; if (n->n_type == file_input) { int num; node *ch; size_t i; num = NCH(n); ch = CHILD(n, num - 1); REQ(ch, ENDMARKER); for (i = 0; i < type_ignores.num_items; i++) { Ta3Node_AddChild(ch, TYPE_IGNORE, NULL, type_ignores.items[i], 0); } } growable_int_array_deallocate(&type_ignores); #ifndef PGEN if (start == single_input) { char *cur = tok->cur; char c = *tok->cur; for (;;) { while (c == ' ' || c == '\t' || c == '\n' || c == '\014') c = *++cur; if (!c) break; if (c != '#') { err_ret->error = E_BADSINGLE; Ta3Node_Free(n); n = NULL; break; } while (c && c != '\n') c = *++cur; } } #endif } else n = NULL; #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD *flags = ps->p_flags; #endif Ta3Parser_Delete(ps); if (n == NULL) { if (tok->done == E_EOF) err_ret->error = E_EOF; err_ret->lineno = tok->lineno; if (tok->buf != NULL) { size_t len; assert(tok->cur - tok->buf < INT_MAX); err_ret->offset = (int)(tok->cur - tok->buf); len = tok->inp - tok->buf; err_ret->text = (char *) PyObject_MALLOC(len + 1); if (err_ret->text != NULL) { if (len > 0) strncpy(err_ret->text, tok->buf, len); err_ret->text[len] = '\0'; } } } else if (tok->encoding != NULL) { node* r = Ta3Node_New(encoding_decl); if (r) r->n_str = PyObject_MALLOC(strlen(tok->encoding)+1); if (!r || !r->n_str) { err_ret->error = E_NOMEM; if (r) PyObject_FREE(r); n = NULL; goto done; } strcpy(r->n_str, tok->encoding); PyMem_FREE(tok->encoding); tok->encoding = NULL; r->n_nchildren = 1; r->n_child = n; n = r; } done: Ta3Tokenizer_Free(tok); return n; }",visit repo url,ast3/Parser/parsetok.c,https://github.com/python/typed_ast,96038328611249,1 1399,[],"static inline struct cfs_rq *group_cfs_rq(struct sched_entity *grp) { return grp->my_q; }",linux-2.6,,,143793833055780355930155249376359825672,0 4626,CWE-476,"static GF_AV1Config* AV1_DuplicateConfig(GF_AV1Config const * const cfg) { u32 i = 0; GF_AV1Config *out = gf_malloc(sizeof(GF_AV1Config)); out->marker = cfg->marker; out->version = cfg->version; out->seq_profile = cfg->seq_profile; out->seq_level_idx_0 = cfg->seq_level_idx_0; out->seq_tier_0 = cfg->seq_tier_0; out->high_bitdepth = cfg->high_bitdepth; out->twelve_bit = cfg->twelve_bit; out->monochrome = cfg->monochrome; out->chroma_subsampling_x = cfg->chroma_subsampling_x; out->chroma_subsampling_y = cfg->chroma_subsampling_y; out->chroma_sample_position = cfg->chroma_sample_position; out->initial_presentation_delay_present = cfg->initial_presentation_delay_present; out->initial_presentation_delay_minus_one = cfg->initial_presentation_delay_minus_one; out->obu_array = gf_list_new(); for (i = 0; iobu_array); ++i) { GF_AV1_OBUArrayEntry *dst = gf_malloc(sizeof(GF_AV1_OBUArrayEntry)), *src = gf_list_get(cfg->obu_array, i); dst->obu_length = src->obu_length; dst->obu_type = src->obu_type; dst->obu = gf_malloc((size_t)dst->obu_length); memcpy(dst->obu, src->obu, (size_t)src->obu_length); gf_list_add(out->obu_array, dst); } return out; }",visit repo url,src/isomedia/avc_ext.c,https://github.com/gpac/gpac,215493618096190,1 330,CWE-415,"static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, size_t msg_len) { struct sock *sk = asoc->base.sk; int err = 0; long current_timeo = *timeo_p; DEFINE_WAIT(wait); pr_debug(""%s: asoc:%p, timeo:%ld, msg_len:%zu\n"", __func__, asoc, *timeo_p, msg_len); sctp_association_hold(asoc); for (;;) { prepare_to_wait_exclusive(&asoc->wait, &wait, TASK_INTERRUPTIBLE); if (!*timeo_p) goto do_nonblock; if (sk->sk_err || asoc->state >= SCTP_STATE_SHUTDOWN_PENDING || asoc->base.dead) goto do_error; if (signal_pending(current)) goto do_interrupted; if (msg_len <= sctp_wspace(asoc)) break; release_sock(sk); current_timeo = schedule_timeout(current_timeo); if (sk != asoc->base.sk) goto do_error; lock_sock(sk); *timeo_p = current_timeo; } out: finish_wait(&asoc->wait, &wait); sctp_association_put(asoc); return err; do_error: err = -EPIPE; goto out; do_interrupted: err = sock_intr_errno(*timeo_p); goto out; do_nonblock: err = -EAGAIN; goto out; }",visit repo url,net/sctp/socket.c,https://github.com/torvalds/linux,125720648980590,1 5064,CWE-787,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 5898,CWE-22,"char *compose_path(ctrl_t *ctrl, char *path) { struct stat st; static char rpath[PATH_MAX]; char *name, *ptr; char dir[PATH_MAX] = { 0 }; strlcpy(dir, ctrl->cwd, sizeof(dir)); DBG(""Compose path from cwd: %s, arg: %s"", ctrl->cwd, path ?: """"); if (!path || !strlen(path)) goto check; if (path) { if (path[0] != '/') { if (dir[strlen(dir) - 1] != '/') strlcat(dir, ""/"", sizeof(dir)); } strlcat(dir, path, sizeof(dir)); } check: while ((ptr = strstr(dir, ""//""))) memmove(ptr, &ptr[1], strlen(&ptr[1]) + 1); if (!chrooted) { size_t len = strlen(home); DBG(""Server path from CWD: %s"", dir); if (len > 0 && home[len - 1] == '/') len--; memmove(dir + len, dir, strlen(dir) + 1); memcpy(dir, home, len); DBG(""Resulting non-chroot path: %s"", dir); } if (!stat(dir, &st) && S_ISDIR(st.st_mode)) { if (!realpath(dir, rpath)) return NULL; } else { name = basename(path); ptr = dirname(dir); memset(rpath, 0, sizeof(rpath)); if (!realpath(ptr, rpath)) { INFO(""Failed realpath(%s): %m"", ptr); return NULL; } if (rpath[1] != 0) strlcat(rpath, ""/"", sizeof(rpath)); strlcat(rpath, name, sizeof(rpath)); } if (!chrooted && strncmp(dir, home, strlen(home))) { DBG(""Failed non-chroot dir:%s vs home:%s"", dir, home); return NULL; } return rpath; }",visit repo url,src/common.c,https://github.com/troglobit/uftpd,125585818723698,1 2758,CWE-476," */ static void php_wddx_serialize_object(wddx_packet *packet, zval *obj) { zval **ent, *fname, **varname; zval *retval = NULL; const char *key; ulong idx; char tmp_buf[WDDX_BUF_LEN]; HashTable *objhash, *sleephash; TSRMLS_FETCH(); MAKE_STD_ZVAL(fname); ZVAL_STRING(fname, ""__sleep"", 1); if (call_user_function_ex(CG(function_table), &obj, fname, &retval, 0, 0, 1, NULL TSRMLS_CC) == SUCCESS) { if (retval && (sleephash = HASH_OF(retval))) { PHP_CLASS_ATTRIBUTES; PHP_SET_CLASS_ATTRIBUTES(obj); php_wddx_add_chunk_static(packet, WDDX_STRUCT_S); snprintf(tmp_buf, WDDX_BUF_LEN, WDDX_VAR_S, PHP_CLASS_NAME_VAR); php_wddx_add_chunk(packet, tmp_buf); php_wddx_add_chunk_static(packet, WDDX_STRING_S); php_wddx_add_chunk_ex(packet, class_name, name_len); php_wddx_add_chunk_static(packet, WDDX_STRING_E); php_wddx_add_chunk_static(packet, WDDX_VAR_E); PHP_CLEANUP_CLASS_ATTRIBUTES(); objhash = HASH_OF(obj); for (zend_hash_internal_pointer_reset(sleephash); zend_hash_get_current_data(sleephash, (void **)&varname) == SUCCESS; zend_hash_move_forward(sleephash)) { if (Z_TYPE_PP(varname) != IS_STRING) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, ""__sleep should return an array only containing the names of instance-variables to serialize.""); continue; } if (zend_hash_find(objhash, Z_STRVAL_PP(varname), Z_STRLEN_PP(varname)+1, (void **)&ent) == SUCCESS) { php_wddx_serialize_var(packet, *ent, Z_STRVAL_PP(varname), Z_STRLEN_PP(varname) TSRMLS_CC); } } php_wddx_add_chunk_static(packet, WDDX_STRUCT_E); } } else { uint key_len; PHP_CLASS_ATTRIBUTES; PHP_SET_CLASS_ATTRIBUTES(obj); php_wddx_add_chunk_static(packet, WDDX_STRUCT_S); snprintf(tmp_buf, WDDX_BUF_LEN, WDDX_VAR_S, PHP_CLASS_NAME_VAR); php_wddx_add_chunk(packet, tmp_buf); php_wddx_add_chunk_static(packet, WDDX_STRING_S); php_wddx_add_chunk_ex(packet, class_name, name_len); php_wddx_add_chunk_static(packet, WDDX_STRING_E); php_wddx_add_chunk_static(packet, WDDX_VAR_E); PHP_CLEANUP_CLASS_ATTRIBUTES(); objhash = HASH_OF(obj); for (zend_hash_internal_pointer_reset(objhash); zend_hash_get_current_data(objhash, (void**)&ent) == SUCCESS; zend_hash_move_forward(objhash)) { if (*ent == obj) { continue; } if (zend_hash_get_current_key_ex(objhash, &key, &key_len, &idx, 0, NULL) == HASH_KEY_IS_STRING) { const char *class_name, *prop_name; zend_unmangle_property_name(key, key_len-1, &class_name, &prop_name); php_wddx_serialize_var(packet, *ent, prop_name, strlen(prop_name)+1 TSRMLS_CC); } else { key_len = slprintf(tmp_buf, sizeof(tmp_buf), ""%ld"", idx); php_wddx_serialize_var(packet, *ent, tmp_buf, key_len TSRMLS_CC); } } php_wddx_add_chunk_static(packet, WDDX_STRUCT_E); } zval_dtor(fname); FREE_ZVAL(fname); if (retval) { zval_ptr_dtor(&retval); }",visit repo url,ext/wddx/wddx.c,https://github.com/php/php-src,162600994464902,1 566,[],"static int bad_inode_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) { return -EIO; }",linux-2.6,,,258644835535053246913169481305907286370,0 1257,NVD-CWE-Other,"static void rekey_seq_generator(struct work_struct *work) { struct keydata *keyptr = &ip_keydata[1 ^ (ip_cnt & 1)]; get_random_bytes(keyptr->secret, sizeof(keyptr->secret)); keyptr->count = (ip_cnt & COUNT_MASK) << HASH_BITS; smp_wmb(); ip_cnt++; schedule_delayed_work(&rekey_work, round_jiffies_relative(REKEY_INTERVAL)); }",visit repo url,drivers/char/random.c,https://github.com/torvalds/linux,227174405846183,1 3885,['CWE-119'],"int lbs_get_scan(struct net_device *dev, struct iw_request_info *info, struct iw_point *dwrq, char *extra) { #define SCAN_ITEM_SIZE 128 struct lbs_private *priv = dev->priv; int err = 0; char *ev = extra; char *stop = ev + dwrq->length; struct bss_descriptor *iter_bss; struct bss_descriptor *safe; lbs_deb_enter(LBS_DEB_WEXT); if (priv->scan_channel) return -EAGAIN; if ((priv->mode == IW_MODE_ADHOC) && priv->adhoccreate) lbs_prepare_and_send_command(priv, CMD_802_11_RSSI, 0, CMD_OPTION_WAITFORRSP, 0, NULL); mutex_lock(&priv->lock); list_for_each_entry_safe (iter_bss, safe, &priv->network_list, list) { char *next_ev; unsigned long stale_time; if (stop - ev < SCAN_ITEM_SIZE) { err = -E2BIG; break; } if (dev == priv->mesh_dev && !iter_bss->mesh) continue; stale_time = iter_bss->last_scanned + DEFAULT_MAX_SCAN_AGE; if (time_after(jiffies, stale_time)) { list_move_tail(&iter_bss->list, &priv->network_free_list); clear_bss_descriptor(iter_bss); continue; } next_ev = lbs_translate_scan(priv, info, ev, stop, iter_bss); if (next_ev == NULL) continue; ev = next_ev; } mutex_unlock(&priv->lock); dwrq->length = (ev - extra); dwrq->flags = 0; lbs_deb_leave_args(LBS_DEB_WEXT, ""ret %d"", err); return err; }",linux-2.6,,,245291304582424830281635166095151816942,0 3359,[],"static inline int nlmsg_padlen(int payload) { return nlmsg_total_size(payload) - nlmsg_msg_size(payload); }",linux-2.6,,,107234364431532604952834851422390854575,0 4280,CWE-400,"struct r_bin_pe_addr_t *PE_(check_mingw)(RBinPEObj *pe) { struct r_bin_pe_addr_t* entry; bool sw = false; ut8 b[1024]; size_t n = 0; if (!pe || !pe->b) { return 0LL; } entry = PE_(r_bin_pe_get_entrypoint) (pe); ZERO_FILL (b); if (r_buf_read_at (pe->b, entry->paddr, b, sizeof (b)) < 0) { pe_printf (""Warning: Cannot read entry at 0x%08""PFMT64x ""\n"", entry->paddr); free (entry); return NULL; } if (b[0] == 0x55 && b[1] == 0x89 && b[3] == 0x83 && b[6] == 0xc7 && b[13] == 0xff && b[19] == 0xe8) { sw = follow_offset (entry, pe->b, b, sizeof (b), pe->big_endian, 19); } if (b[0] == 0x83 && b[3] == 0xc7 && b[10] == 0xff && b[16] == 0xe8) { sw = follow_offset (entry, pe->b, b, sizeof (b), pe->big_endian, 16); } if (b[0] == 0x83 && b[3] == 0xc7 && b[13] == 0xe8 && b[18] == 0x83 && b[21] == 0xe9) { sw = follow_offset (entry, pe->b, b, sizeof (b), pe->big_endian, 21); } if (sw) { for (n = 0; n < sizeof (b) - 12; n++) { if (b[n] == 0xa1 && b[n + 5] == 0x89 && b[n + 8] == 0xe8) { sw = follow_offset (entry, pe->b, b, sizeof (b), pe->big_endian, n + 8); return entry; } } } free (entry); return NULL; }",visit repo url,libr/bin/format/pe/pe.c,https://github.com/radareorg/radare2,15268615401481,1 4669,CWE-125,"GF_Err sgpd_dump(GF_Box *a, FILE * trace) { u32 i; GF_SampleGroupDescriptionBox *ptr = (GF_SampleGroupDescriptionBox*) a; if (!a) return GF_BAD_PARAM; gf_isom_box_dump_start(a, ""SampleGroupDescriptionBox"", trace); if (ptr->grouping_type) fprintf(trace, ""grouping_type=\""%s\"""", gf_4cc_to_str(ptr->grouping_type) ); if (ptr->version==1) fprintf(trace, "" default_length=\""%d\"""", ptr->default_length); if ((ptr->version>=2) && ptr->default_description_index) fprintf(trace, "" default_group_index=\""%d\"""", ptr->default_description_index); fprintf(trace, "">\n""); for (i=0; igroup_descriptions); i++) { void *entry = gf_list_get(ptr->group_descriptions, i); switch (ptr->grouping_type) { case GF_ISOM_SAMPLE_GROUP_ROLL: fprintf(trace, ""\n"", ((GF_RollRecoveryEntry*)entry)->roll_distance ); break; case GF_ISOM_SAMPLE_GROUP_PROL: fprintf(trace, ""\n"", ((GF_RollRecoveryEntry*)entry)->roll_distance ); break; case GF_ISOM_SAMPLE_GROUP_TELE: fprintf(trace, ""\n"", ((GF_TemporalLevelEntry*)entry)->level_independently_decodable); break; case GF_ISOM_SAMPLE_GROUP_RAP: fprintf(trace, ""num_leading_samples_known ? ""yes"" : ""no""); if (((GF_VisualRandomAccessEntry*)entry)->num_leading_samples_known) fprintf(trace, "" num_leading_samples=\""%d\"""", ((GF_VisualRandomAccessEntry*)entry)->num_leading_samples); fprintf(trace, ""/>\n""); break; case GF_ISOM_SAMPLE_GROUP_SYNC: fprintf(trace, ""\n"", ((GF_SYNCEntry*)entry)->NALU_type); break; case GF_ISOM_SAMPLE_GROUP_SEIG: fprintf(trace, ""IsProtected, ((GF_CENCSampleEncryptionGroupEntry*)entry)->Per_Sample_IV_size); dump_data_hex(trace, (char *)((GF_CENCSampleEncryptionGroupEntry*)entry)->KID, 16); if ((((GF_CENCSampleEncryptionGroupEntry*)entry)->IsProtected == 1) && !((GF_CENCSampleEncryptionGroupEntry*)entry)->Per_Sample_IV_size) { fprintf(trace, ""\"" constant_IV_size=\""%d\"" constant_IV=\"""", ((GF_CENCSampleEncryptionGroupEntry*)entry)->constant_IV_size); dump_data_hex(trace, (char *)((GF_CENCSampleEncryptionGroupEntry*)entry)->constant_IV, ((GF_CENCSampleEncryptionGroupEntry*)entry)->constant_IV_size); } fprintf(trace, ""\""/>\n""); break; case GF_ISOM_SAMPLE_GROUP_OINF: oinf_entry_dump(entry, trace); break; case GF_ISOM_SAMPLE_GROUP_LINF: linf_dump(entry, trace); break; case GF_ISOM_SAMPLE_GROUP_TRIF: trif_dump(trace, (char *) ((GF_DefaultSampleGroupDescriptionEntry*)entry)->data, ((GF_DefaultSampleGroupDescriptionEntry*)entry)->length); break; case GF_ISOM_SAMPLE_GROUP_NALM: nalm_dump(trace, (char *) ((GF_DefaultSampleGroupDescriptionEntry*)entry)->data, ((GF_DefaultSampleGroupDescriptionEntry*)entry)->length); break; case GF_ISOM_SAMPLE_GROUP_SAP: fprintf(trace, ""\n"", ((GF_SAPEntry*)entry)->dependent_flag, ((GF_SAPEntry*)entry)->SAP_type); break; default: fprintf(trace, ""length); dump_data(trace, (char *) ((GF_DefaultSampleGroupDescriptionEntry*)entry)->data, ((GF_DefaultSampleGroupDescriptionEntry*)entry)->length); fprintf(trace, ""\""/>\n""); } } if (!ptr->size) { switch (ptr->grouping_type) { case GF_ISOM_SAMPLE_GROUP_ROLL: fprintf(trace, ""\n""); break; case GF_ISOM_SAMPLE_GROUP_PROL: fprintf(trace, ""\n""); break; case GF_ISOM_SAMPLE_GROUP_TELE: fprintf(trace, ""\n""); break; case GF_ISOM_SAMPLE_GROUP_RAP: fprintf(trace, ""\n""); break; case GF_ISOM_SAMPLE_GROUP_SYNC: fprintf(trace, ""\n""); break; case GF_ISOM_SAMPLE_GROUP_SEIG: fprintf(trace, ""\n""); break; case GF_ISOM_SAMPLE_GROUP_OINF: oinf_entry_dump(NULL, trace); break; case GF_ISOM_SAMPLE_GROUP_LINF: linf_dump(NULL, trace); break; case GF_ISOM_SAMPLE_GROUP_TRIF: trif_dump(trace, NULL, 0); break; case GF_ISOM_SAMPLE_GROUP_NALM: nalm_dump(trace, NULL, 0); break; case GF_ISOM_SAMPLE_GROUP_SAP: fprintf(trace, ""\n""); break; default: fprintf(trace, ""\n""); } } gf_isom_box_dump_done(""SampleGroupDescriptionBox"", a, trace); return GF_OK; }",visit repo url,src/isomedia/box_dump.c,https://github.com/gpac/gpac,154247372295942,1 1276,CWE-119,"static int write_empty_blocks(struct page *page, unsigned from, unsigned to, int mode) { struct inode *inode = page->mapping->host; unsigned start, end, next, blksize; sector_t block = page->index << (PAGE_CACHE_SHIFT - inode->i_blkbits); int ret; blksize = 1 << inode->i_blkbits; next = end = 0; while (next < from) { next += blksize; block++; } start = next; do { next += blksize; ret = needs_empty_write(block, inode); if (unlikely(ret < 0)) return ret; if (ret == 0) { if (end) { ret = __block_write_begin(page, start, end - start, gfs2_block_map); if (unlikely(ret)) return ret; ret = empty_write_end(page, start, end, mode); if (unlikely(ret)) return ret; end = 0; } start = next; } else end = next; block++; } while (next < to); if (end) { ret = __block_write_begin(page, start, end - start, gfs2_block_map); if (unlikely(ret)) return ret; ret = empty_write_end(page, start, end, mode); if (unlikely(ret)) return ret; } return 0; }",visit repo url,fs/gfs2/file.c,https://github.com/torvalds/linux,255038811026031,1 2185,CWE-416,"static int link_pipe(struct pipe_inode_info *ipipe, struct pipe_inode_info *opipe, size_t len, unsigned int flags) { struct pipe_buffer *ibuf, *obuf; int ret = 0, i = 0, nbuf; pipe_double_lock(ipipe, opipe); do { if (!opipe->readers) { send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; break; } if (i >= ipipe->nrbufs || opipe->nrbufs >= opipe->buffers) break; ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (ipipe->buffers-1)); nbuf = (opipe->curbuf + opipe->nrbufs) & (opipe->buffers - 1); pipe_buf_get(ipipe, ibuf); obuf = opipe->bufs + nbuf; *obuf = *ibuf; obuf->flags &= ~PIPE_BUF_FLAG_GIFT; if (obuf->len > len) obuf->len = len; opipe->nrbufs++; ret += obuf->len; len -= obuf->len; i++; } while (len); if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK)) ret = -EAGAIN; pipe_unlock(ipipe); pipe_unlock(opipe); if (ret > 0) wakeup_pipe_readers(opipe); return ret; }",visit repo url,fs/splice.c,https://github.com/torvalds/linux,71383741618233,1 3038,['CWE-189'],"jas_image_t *mif_decode(jas_stream_t *in, char *optstr) { mif_hdr_t *hdr; jas_image_t *image; jas_image_t *tmpimage; jas_stream_t *tmpstream; int cmptno; mif_cmpt_t *cmpt; jas_image_cmptparm_t cmptparm; jas_seq2d_t *data; int_fast32_t x; int_fast32_t y; int bias; optstr = 0; hdr = 0; image = 0; tmpimage = 0; tmpstream = 0; data = 0; if (!(hdr = mif_hdr_get(in))) { goto error; } if (!(image = jas_image_create0())) { goto error; } for (cmptno = 0; cmptno < hdr->numcmpts; ++cmptno) { cmpt = hdr->cmpts[cmptno]; tmpstream = cmpt->data ? jas_stream_fopen(cmpt->data, ""rb"") : in; if (!tmpstream) { goto error; } if (!(tmpimage = jas_image_decode(tmpstream, -1, 0))) { goto error; } if (tmpstream != in) { jas_stream_close(tmpstream); tmpstream = 0; } if (!cmpt->width) { cmpt->width = jas_image_cmptwidth(tmpimage, 0); } if (!cmpt->height) { cmpt->height = jas_image_cmptwidth(tmpimage, 0); } if (!cmpt->prec) { cmpt->prec = jas_image_cmptprec(tmpimage, 0); } if (cmpt->sgnd < 0) { cmpt->sgnd = jas_image_cmptsgnd(tmpimage, 0); } cmptparm.tlx = cmpt->tlx; cmptparm.tly = cmpt->tly; cmptparm.hstep = cmpt->sampperx; cmptparm.vstep = cmpt->samppery; cmptparm.width = cmpt->width; cmptparm.height = cmpt->height; cmptparm.prec = cmpt->prec; cmptparm.sgnd = cmpt->sgnd; if (jas_image_addcmpt(image, jas_image_numcmpts(image), &cmptparm)) { goto error; } if (!(data = jas_seq2d_create(0, 0, cmpt->width, cmpt->height))) { goto error; } if (jas_image_readcmpt(tmpimage, 0, 0, 0, cmpt->width, cmpt->height, data)) { goto error; } if (cmpt->sgnd) { bias = 1 << (cmpt->prec - 1); for (y = 0; y < cmpt->height; ++y) { for (x = 0; x < cmpt->width; ++x) { *jas_seq2d_getref(data, x, y) -= bias; } } } if (jas_image_writecmpt(image, jas_image_numcmpts(image) - 1, 0, 0, cmpt->width, cmpt->height, data)) { goto error; } jas_seq2d_destroy(data); data = 0; jas_image_destroy(tmpimage); tmpimage = 0; } mif_hdr_destroy(hdr); hdr = 0; return image; error: if (image) { jas_image_destroy(image); } if (hdr) { mif_hdr_destroy(hdr); } if (tmpstream && tmpstream != in) { jas_stream_close(tmpstream); } if (tmpimage) { jas_image_destroy(tmpimage); } if (data) { jas_seq2d_destroy(data); } return 0; }",jasper,,,270885114667014292039869267673431324138,0 1678,[],"int task_prio(const struct task_struct *p) { return p->prio - MAX_RT_PRIO; }",linux-2.6,,,113398448542145877554859201670100826600,0 1349,['CWE-399'],"static struct net_device_stats *ipip6_tunnel_get_stats(struct net_device *dev) { return &(((struct ip_tunnel*)netdev_priv(dev))->stat); }",linux-2.6,,,69930965450014182929055050132029987334,0 1355,CWE-119,"static inline int pmd_present(pmd_t pmd) { return pmd_flags(pmd) & _PAGE_PRESENT; }",visit repo url,arch/x86/include/asm/pgtable.h,https://github.com/torvalds/linux,191361401807730,1 6346,['CWE-200'],"static void rtnetlink_rcv(struct sock *sk, int len) { unsigned int qlen = skb_queue_len(&sk->sk_receive_queue); do { struct sk_buff *skb; rtnl_lock(); if (qlen > skb_queue_len(&sk->sk_receive_queue)) qlen = skb_queue_len(&sk->sk_receive_queue); for (; qlen; qlen--) { skb = skb_dequeue(&sk->sk_receive_queue); if (rtnetlink_rcv_skb(skb)) { if (skb->len) skb_queue_head(&sk->sk_receive_queue, skb); else { kfree_skb(skb); qlen--; } break; } kfree_skb(skb); } up(&rtnl_sem); netdev_run_todo(); } while (qlen); }",linux-2.6,,,261692312143628584835045237804909690033,0 120,['CWE-787'],"cirrus_hook_read_cr(CirrusVGAState * s, unsigned reg_index, int *reg_value) { switch (reg_index) { case 0x00: case 0x01: case 0x02: case 0x03: case 0x04: case 0x05: case 0x06: case 0x07: case 0x08: case 0x09: case 0x0a: case 0x0b: case 0x0c: case 0x0d: case 0x0e: case 0x0f: case 0x10: case 0x11: case 0x12: case 0x13: case 0x14: case 0x15: case 0x16: case 0x17: case 0x18: return CIRRUS_HOOK_NOT_HANDLED; case 0x24: *reg_value = (s->ar_flip_flop << 7); break; case 0x19: case 0x1a: case 0x1b: case 0x1c: case 0x1d: case 0x22: case 0x25: case 0x27: *reg_value = s->cr[reg_index]; break; case 0x26: *reg_value = s->ar_index & 0x3f; break; default: #ifdef DEBUG_CIRRUS printf(""cirrus: inport cr_index %02x\n"", reg_index); *reg_value = 0xff; #endif break; } return CIRRUS_HOOK_HANDLED; }",qemu,,,42284136905532475815282319880932033801,0 3567,CWE-20,"jpc_ms_t *jpc_getms(jas_stream_t *in, jpc_cstate_t *cstate) { jpc_ms_t *ms; jpc_mstabent_t *mstabent; jas_stream_t *tmpstream; if (!(ms = jpc_ms_create(0))) { return 0; } if (jpc_getuint16(in, &ms->id) || ms->id < JPC_MS_MIN || ms->id > JPC_MS_MAX) { jpc_ms_destroy(ms); return 0; } mstabent = jpc_mstab_lookup(ms->id); ms->ops = &mstabent->ops; if (JPC_MS_HASPARMS(ms->id)) { if (jpc_getuint16(in, &ms->len) || ms->len < 3) { jpc_ms_destroy(ms); return 0; } ms->len -= 2; if (!(tmpstream = jas_stream_memopen(0, 0))) { jpc_ms_destroy(ms); return 0; } if (jas_stream_copy(tmpstream, in, ms->len) || jas_stream_seek(tmpstream, 0, SEEK_SET) < 0) { jas_stream_close(tmpstream); jpc_ms_destroy(ms); return 0; } if ((*ms->ops->getparms)(ms, cstate, tmpstream)) { ms->ops = 0; jpc_ms_destroy(ms); jas_stream_close(tmpstream); return 0; } if (jas_getdbglevel() > 0) { jpc_ms_dump(ms, stderr); } if (JAS_CAST(ulong, jas_stream_tell(tmpstream)) != ms->len) { jas_eprintf( ""warning: trailing garbage in marker segment (%ld bytes)\n"", ms->len - jas_stream_tell(tmpstream)); } jas_stream_close(tmpstream); } else { ms->len = 0; if (jas_getdbglevel() > 0) { jpc_ms_dump(ms, stderr); } } if (ms->id == JPC_MS_SIZ) { cstate->numcomps = ms->parms.siz.numcomps; } return ms; }",visit repo url,src/libjasper/jpc/jpc_cs.c,https://github.com/mdadams/jasper,279704117302162,1 4691,['CWE-399'],"static unsigned long blocks_for_truncate(struct inode *inode) { ext4_lblk_t needed; needed = inode->i_blocks >> (inode->i_sb->s_blocksize_bits - 9); if (needed < 2) needed = 2; if (needed > EXT4_MAX_TRANS_DATA) needed = EXT4_MAX_TRANS_DATA; return EXT4_DATA_TRANS_BLOCKS(inode->i_sb) + needed; }",linux-2.6,,,173192896693629906040469308363183862456,0 2259,CWE-362,"static int __init xfrm6_tunnel_spi_init(void) { xfrm6_tunnel_spi_kmem = kmem_cache_create(""xfrm6_tunnel_spi"", sizeof(struct xfrm6_tunnel_spi), 0, SLAB_HWCACHE_ALIGN, NULL); if (!xfrm6_tunnel_spi_kmem) return -ENOMEM; return 0; }",visit repo url,net/ipv6/xfrm6_tunnel.c,https://github.com/torvalds/linux,193266290645154,1 3260,CWE-125,"mp_join_print(netdissect_options *ndo, const u_char *opt, u_int opt_len, u_char flags) { const struct mp_join *mpj = (const struct mp_join *) opt; if (!(opt_len == 12 && flags & TH_SYN) && !(opt_len == 16 && (flags & (TH_SYN | TH_ACK)) == (TH_SYN | TH_ACK)) && !(opt_len == 24 && flags & TH_ACK)) return 0; if (opt_len != 24) { if (mpj->sub_b & MP_JOIN_B) ND_PRINT((ndo, "" backup"")); ND_PRINT((ndo, "" id %u"", mpj->addr_id)); } switch (opt_len) { case 12: ND_PRINT((ndo, "" token 0x%x"" "" nonce 0x%x"", EXTRACT_32BITS(mpj->u.syn.token), EXTRACT_32BITS(mpj->u.syn.nonce))); break; case 16: ND_PRINT((ndo, "" hmac 0x%"" PRIx64 "" nonce 0x%x"", EXTRACT_64BITS(mpj->u.synack.mac), EXTRACT_32BITS(mpj->u.synack.nonce))); break; case 24: { size_t i; ND_PRINT((ndo, "" hmac 0x"")); for (i = 0; i < sizeof(mpj->u.ack.mac); ++i) ND_PRINT((ndo, ""%02x"", mpj->u.ack.mac[i])); } default: break; } return 1; }",visit repo url,print-mptcp.c,https://github.com/the-tcpdump-group/tcpdump,118079864261283,1 2394,['CWE-119'],"static void free_diff_words_data(struct emit_callback *ecbdata) { if (ecbdata->diff_words) { if (ecbdata->diff_words->minus.text.size || ecbdata->diff_words->plus.text.size) diff_words_show(ecbdata->diff_words); free (ecbdata->diff_words->minus.text.ptr); free (ecbdata->diff_words->plus.text.ptr); free(ecbdata->diff_words); ecbdata->diff_words = NULL; } }",git,,,45407786314540004462503351707048240020,0 931,['CWE-200'],"static inline void shmem_swp_unmap(swp_entry_t *entry) { kunmap_atomic(entry, KM_USER1); }",linux-2.6,,,241434956617053198081148213018672382673,0 5494,NVD-CWE-Other,"static int selectExpander(Walker *pWalker, Select *p){ Parse *pParse = pWalker->pParse; int i, j, k; SrcList *pTabList; ExprList *pEList; struct SrcList_item *pFrom; sqlite3 *db = pParse->db; Expr *pE, *pRight, *pExpr; u16 selFlags = p->selFlags; u32 elistFlags = 0; p->selFlags |= SF_Expanded; if( db->mallocFailed ){ return WRC_Abort; } assert( p->pSrc!=0 ); if( (selFlags & SF_Expanded)!=0 ){ return WRC_Prune; } if( pWalker->eCode ){ p->selId = ++pParse->nSelect; } pTabList = p->pSrc; pEList = p->pEList; sqlite3WithPush(pParse, p->pWith, 0); sqlite3SrcListAssignCursors(pParse, pTabList); for(i=0, pFrom=pTabList->a; inSrc; i++, pFrom++){ Table *pTab; assert( pFrom->fg.isRecursive==0 || pFrom->pTab!=0 ); if( pFrom->fg.isRecursive ) continue; assert( pFrom->pTab==0 ); #ifndef SQLITE_OMIT_CTE if( withExpand(pWalker, pFrom) ) return WRC_Abort; if( pFrom->pTab ) {} else #endif if( pFrom->zName==0 ){ #ifndef SQLITE_OMIT_SUBQUERY Select *pSel = pFrom->pSelect; assert( pSel!=0 ); assert( pFrom->pTab==0 ); if( sqlite3WalkSelect(pWalker, pSel) ) return WRC_Abort; if( sqlite3ExpandSubquery(pParse, pFrom) ) return WRC_Abort; #endif }else{ assert( pFrom->pTab==0 ); pFrom->pTab = pTab = sqlite3LocateTableItem(pParse, 0, pFrom); if( pTab==0 ) return WRC_Abort; if( pTab->nTabRef>=0xffff ){ sqlite3ErrorMsg(pParse, ""too many references to \""%s\"": max 65535"", pTab->zName); pFrom->pTab = 0; return WRC_Abort; } pTab->nTabRef++; if( !IsVirtual(pTab) && cannotBeFunction(pParse, pFrom) ){ return WRC_Abort; } #if !defined(SQLITE_OMIT_VIEW) || !defined (SQLITE_OMIT_VIRTUALTABLE) if( IsVirtual(pTab) || pTab->pSelect ){ i16 nCol; u8 eCodeOrig = pWalker->eCode; if( sqlite3ViewGetColumnNames(pParse, pTab) ) return WRC_Abort; assert( pFrom->pSelect==0 ); if( pTab->pSelect && (db->flags & SQLITE_EnableView)==0 ){ sqlite3ErrorMsg(pParse, ""access to view \""%s\"" prohibited"", pTab->zName); } pFrom->pSelect = sqlite3SelectDup(db, pTab->pSelect, 0); nCol = pTab->nCol; pTab->nCol = -1; pWalker->eCode = 1; sqlite3WalkSelect(pWalker, pFrom->pSelect); pWalker->eCode = eCodeOrig; pTab->nCol = nCol; } #endif } if( sqlite3IndexedByLookup(pParse, pFrom) ){ return WRC_Abort; } } if( db->mallocFailed || sqliteProcessJoin(pParse, p) ){ return WRC_Abort; } for(k=0; knExpr; k++){ pE = pEList->a[k].pExpr; if( pE->op==TK_ASTERISK ) break; assert( pE->op!=TK_DOT || pE->pRight!=0 ); assert( pE->op!=TK_DOT || (pE->pLeft!=0 && pE->pLeft->op==TK_ID) ); if( pE->op==TK_DOT && pE->pRight->op==TK_ASTERISK ) break; elistFlags |= pE->flags; } if( knExpr ){ struct ExprList_item *a = pEList->a; ExprList *pNew = 0; int flags = pParse->db->flags; int longNames = (flags & SQLITE_FullColNames)!=0 && (flags & SQLITE_ShortColNames)==0; for(k=0; knExpr; k++){ pE = a[k].pExpr; elistFlags |= pE->flags; pRight = pE->pRight; assert( pE->op!=TK_DOT || pRight!=0 ); if( pE->op!=TK_ASTERISK && (pE->op!=TK_DOT || pRight->op!=TK_ASTERISK) ){ pNew = sqlite3ExprListAppend(pParse, pNew, a[k].pExpr); if( pNew ){ pNew->a[pNew->nExpr-1].zName = a[k].zName; pNew->a[pNew->nExpr-1].zSpan = a[k].zSpan; a[k].zName = 0; a[k].zSpan = 0; } a[k].pExpr = 0; }else{ int tableSeen = 0; char *zTName = 0; if( pE->op==TK_DOT ){ assert( pE->pLeft!=0 ); assert( !ExprHasProperty(pE->pLeft, EP_IntValue) ); zTName = pE->pLeft->u.zToken; } for(i=0, pFrom=pTabList->a; inSrc; i++, pFrom++){ Table *pTab = pFrom->pTab; Select *pSub = pFrom->pSelect; char *zTabName = pFrom->zAlias; const char *zSchemaName = 0; int iDb; if( zTabName==0 ){ zTabName = pTab->zName; } if( db->mallocFailed ) break; if( pSub==0 || (pSub->selFlags & SF_NestedFrom)==0 ){ pSub = 0; if( zTName && sqlite3StrICmp(zTName, zTabName)!=0 ){ continue; } iDb = sqlite3SchemaToIndex(db, pTab->pSchema); zSchemaName = iDb>=0 ? db->aDb[iDb].zDbSName : ""*""; } for(j=0; jnCol; j++){ char *zName = pTab->aCol[j].zName; char *zColname; char *zToFree; Token sColname; assert( zName ); if( zTName && pSub && sqlite3MatchSpanName(pSub->pEList->a[j].zSpan, 0, zTName, 0)==0 ){ continue; } if( (p->selFlags & SF_IncludeHidden)==0 && IsHiddenColumn(&pTab->aCol[j]) ){ continue; } tableSeen = 1; if( i>0 && zTName==0 ){ if( (pFrom->fg.jointype & JT_NATURAL)!=0 && tableAndColumnIndex(pTabList, i, zName, 0, 0) ){ continue; } if( sqlite3IdListIndex(pFrom->pUsing, zName)>=0 ){ continue; } } pRight = sqlite3Expr(db, TK_ID, zName); zColname = zName; zToFree = 0; if( longNames || pTabList->nSrc>1 ){ Expr *pLeft; pLeft = sqlite3Expr(db, TK_ID, zTabName); pExpr = sqlite3PExpr(pParse, TK_DOT, pLeft, pRight); if( zSchemaName ){ pLeft = sqlite3Expr(db, TK_ID, zSchemaName); pExpr = sqlite3PExpr(pParse, TK_DOT, pLeft, pExpr); } if( longNames ){ zColname = sqlite3MPrintf(db, ""%s.%s"", zTabName, zName); zToFree = zColname; } }else{ pExpr = pRight; } pNew = sqlite3ExprListAppend(pParse, pNew, pExpr); sqlite3TokenInit(&sColname, zColname); sqlite3ExprListSetName(pParse, pNew, &sColname, 0); if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){ struct ExprList_item *pX = &pNew->a[pNew->nExpr-1]; if( pSub ){ pX->zSpan = sqlite3DbStrDup(db, pSub->pEList->a[j].zSpan); testcase( pX->zSpan==0 ); }else{ pX->zSpan = sqlite3MPrintf(db, ""%s.%s.%s"", zSchemaName, zTabName, zColname); testcase( pX->zSpan==0 ); } pX->bSpanIsTab = 1; } sqlite3DbFree(db, zToFree); } } if( !tableSeen ){ if( zTName ){ sqlite3ErrorMsg(pParse, ""no such table: %s"", zTName); }else{ sqlite3ErrorMsg(pParse, ""no tables specified""); } } } } sqlite3ExprListDelete(db, pEList); p->pEList = pNew; } if( p->pEList ){ if( p->pEList->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){ sqlite3ErrorMsg(pParse, ""too many columns in result set""); return WRC_Abort; } if( (elistFlags & (EP_HasFunc|EP_Subquery))!=0 ){ p->selFlags |= SF_ComplexResult; } } return WRC_Continue; }",visit repo url,src/select.c,https://github.com/sqlite/sqlite,59972872545498,1 3809,CWE-122,"yank_copy_line(struct block_def *bd, long y_idx, int exclude_trailing_space) { char_u *pnew; if (exclude_trailing_space) bd->endspaces = 0; if ((pnew = alloc(bd->startspaces + bd->endspaces + bd->textlen + 1)) == NULL) return FAIL; y_current->y_array[y_idx] = pnew; vim_memset(pnew, ' ', (size_t)bd->startspaces); pnew += bd->startspaces; mch_memmove(pnew, bd->textstart, (size_t)bd->textlen); pnew += bd->textlen; vim_memset(pnew, ' ', (size_t)bd->endspaces); pnew += bd->endspaces; if (exclude_trailing_space) { int s = bd->textlen + bd->endspaces; while (VIM_ISWHITE(*(bd->textstart + s - 1)) && s > 0) { s = s - (*mb_head_off)(bd->textstart, bd->textstart + s - 1) - 1; pnew--; } } *pnew = NUL; return OK; }",visit repo url,src/register.c,https://github.com/vim/vim,231307231475870,1 2820,CWE-125,"SECURITY_STATUS ntlm_read_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer buffer) { wStream* s; size_t length; UINT32 flags; NTLM_AV_PAIR* AvFlags; UINT32 PayloadBufferOffset; NTLM_AUTHENTICATE_MESSAGE* message; SSPI_CREDENTIALS* credentials = context->credentials; flags = 0; AvFlags = NULL; message = &context->AUTHENTICATE_MESSAGE; ZeroMemory(message, sizeof(NTLM_AUTHENTICATE_MESSAGE)); s = Stream_New((BYTE*)buffer->pvBuffer, buffer->cbBuffer); if (!s) return SEC_E_INTERNAL_ERROR; if (ntlm_read_message_header(s, (NTLM_MESSAGE_HEADER*)message) < 0) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } if (message->MessageType != MESSAGE_TYPE_AUTHENTICATE) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } if (ntlm_read_message_fields(s, &(message->LmChallengeResponse)) < 0) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } if (ntlm_read_message_fields(s, &(message->NtChallengeResponse)) < 0) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } if (ntlm_read_message_fields(s, &(message->DomainName)) < 0) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } if (ntlm_read_message_fields(s, &(message->UserName)) < 0) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } if (ntlm_read_message_fields(s, &(message->Workstation)) < 0) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } if (ntlm_read_message_fields(s, &(message->EncryptedRandomSessionKey)) < 0) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } Stream_Read_UINT32(s, message->NegotiateFlags); context->NegotiateKeyExchange = (message->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH) ? TRUE : FALSE; if ((context->NegotiateKeyExchange && !message->EncryptedRandomSessionKey.Len) || (!context->NegotiateKeyExchange && message->EncryptedRandomSessionKey.Len)) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION) { if (ntlm_read_version_info(s, &(message->Version)) < 0) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } } PayloadBufferOffset = Stream_GetPosition(s); if (ntlm_read_message_fields_buffer(s, &(message->DomainName)) < 0) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } if (ntlm_read_message_fields_buffer(s, &(message->UserName)) < 0) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } if (ntlm_read_message_fields_buffer(s, &(message->Workstation)) < 0) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } if (ntlm_read_message_fields_buffer(s, &(message->LmChallengeResponse)) < 0) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } if (ntlm_read_message_fields_buffer(s, &(message->NtChallengeResponse)) < 0) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } if (message->NtChallengeResponse.Len > 0) { size_t cbAvFlags; wStream* snt = Stream_New(message->NtChallengeResponse.Buffer, message->NtChallengeResponse.Len); if (!snt) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } if (ntlm_read_ntlm_v2_response(snt, &(context->NTLMv2Response)) < 0) { Stream_Free(s, FALSE); Stream_Free(snt, FALSE); return SEC_E_INVALID_TOKEN; } Stream_Free(snt, FALSE); context->NtChallengeResponse.pvBuffer = message->NtChallengeResponse.Buffer; context->NtChallengeResponse.cbBuffer = message->NtChallengeResponse.Len; sspi_SecBufferFree(&(context->ChallengeTargetInfo)); context->ChallengeTargetInfo.pvBuffer = (void*)context->NTLMv2Response.Challenge.AvPairs; context->ChallengeTargetInfo.cbBuffer = message->NtChallengeResponse.Len - (28 + 16); CopyMemory(context->ClientChallenge, context->NTLMv2Response.Challenge.ClientChallenge, 8); AvFlags = ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs, context->NTLMv2Response.Challenge.cbAvPairs, MsvAvFlags, &cbAvFlags); if (AvFlags) Data_Read_UINT32(ntlm_av_pair_get_value_pointer(AvFlags), flags); } if (ntlm_read_message_fields_buffer(s, &(message->EncryptedRandomSessionKey)) < 0) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } if (message->EncryptedRandomSessionKey.Len > 0) { if (message->EncryptedRandomSessionKey.Len != 16) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } CopyMemory(context->EncryptedRandomSessionKey, message->EncryptedRandomSessionKey.Buffer, 16); } length = Stream_GetPosition(s); if (!sspi_SecBufferAlloc(&context->AuthenticateMessage, length)) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } CopyMemory(context->AuthenticateMessage.pvBuffer, Stream_Buffer(s), length); buffer->cbBuffer = length; Stream_SetPosition(s, PayloadBufferOffset); if (flags & MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK) { context->MessageIntegrityCheckOffset = (UINT32)Stream_GetPosition(s); if (Stream_GetRemainingLength(s) < 16) { Stream_Free(s, FALSE); return SEC_E_INVALID_TOKEN; } Stream_Read(s, message->MessageIntegrityCheck, 16); } #ifdef WITH_DEBUG_NTLM WLog_DBG(TAG, ""AUTHENTICATE_MESSAGE (length = %"" PRIu32 "")"", context->AuthenticateMessage.cbBuffer); winpr_HexDump(TAG, WLOG_DEBUG, context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer); if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION) ntlm_print_version_info(&(message->Version)); ntlm_print_message_fields(&(message->DomainName), ""DomainName""); ntlm_print_message_fields(&(message->UserName), ""UserName""); ntlm_print_message_fields(&(message->Workstation), ""Workstation""); ntlm_print_message_fields(&(message->LmChallengeResponse), ""LmChallengeResponse""); ntlm_print_message_fields(&(message->NtChallengeResponse), ""NtChallengeResponse""); ntlm_print_message_fields(&(message->EncryptedRandomSessionKey), ""EncryptedRandomSessionKey""); ntlm_print_av_pair_list(context->NTLMv2Response.Challenge.AvPairs, context->NTLMv2Response.Challenge.cbAvPairs); if (flags & MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK) { WLog_DBG(TAG, ""MessageIntegrityCheck:""); winpr_HexDump(TAG, WLOG_DEBUG, message->MessageIntegrityCheck, 16); } #endif if (message->UserName.Len > 0) { credentials->identity.User = (UINT16*)malloc(message->UserName.Len); if (!credentials->identity.User) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } CopyMemory(credentials->identity.User, message->UserName.Buffer, message->UserName.Len); credentials->identity.UserLength = message->UserName.Len / 2; } if (message->DomainName.Len > 0) { credentials->identity.Domain = (UINT16*)malloc(message->DomainName.Len); if (!credentials->identity.Domain) { Stream_Free(s, FALSE); return SEC_E_INTERNAL_ERROR; } CopyMemory(credentials->identity.Domain, message->DomainName.Buffer, message->DomainName.Len); credentials->identity.DomainLength = message->DomainName.Len / 2; } Stream_Free(s, FALSE); context->state = NTLM_STATE_COMPLETION; return SEC_I_COMPLETE_NEEDED; }",visit repo url,winpr/libwinpr/sspi/NTLM/ntlm_message.c,https://github.com/FreeRDP/FreeRDP,61671606641478,1 6539,['CWE-200'],"connection_updated (NMExportedConnection *exported, GHashTable *settings, gpointer user_data) { GtkListStore *store = GTK_LIST_STORE (user_data); GtkTreeIter iter; if (get_iter_for_connection (GTK_TREE_MODEL (store), exported, &iter)) update_connection_row (store, &iter, exported); }",network-manager-applet,,,29778775273345607724459419275082085716,0 1175,['CWE-189'],"static void __remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, unsigned long newstate, int reprogram) { if (hrtimer_cb_pending(timer)) hrtimer_remove_cb_pending(timer); else { if (base->first == &timer->node) { base->first = rb_next(&timer->node); if (reprogram && hrtimer_hres_active()) hrtimer_force_reprogram(base->cpu_base); } rb_erase(&timer->node, &base->active); } timer->state = newstate; }",linux-2.6,,,75734520244291473070601149317895557969,0 351,CWE-416,"int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname, int lookup, struct fscrypt_name *fname) { int ret = 0, bigname = 0; memset(fname, 0, sizeof(struct fscrypt_name)); fname->usr_fname = iname; if (!dir->i_sb->s_cop->is_encrypted(dir) || fscrypt_is_dot_dotdot(iname)) { fname->disk_name.name = (unsigned char *)iname->name; fname->disk_name.len = iname->len; return 0; } ret = fscrypt_get_crypt_info(dir); if (ret && ret != -EOPNOTSUPP) return ret; if (dir->i_crypt_info) { ret = fscrypt_fname_alloc_buffer(dir, iname->len, &fname->crypto_buf); if (ret) return ret; ret = fname_encrypt(dir, iname, &fname->crypto_buf); if (ret) goto errout; fname->disk_name.name = fname->crypto_buf.name; fname->disk_name.len = fname->crypto_buf.len; return 0; } if (!lookup) return -ENOKEY; if (iname->name[0] == '_') bigname = 1; if ((bigname && (iname->len != 33)) || (!bigname && (iname->len > 43))) return -ENOENT; fname->crypto_buf.name = kmalloc(32, GFP_KERNEL); if (fname->crypto_buf.name == NULL) return -ENOMEM; ret = digest_decode(iname->name + bigname, iname->len - bigname, fname->crypto_buf.name); if (ret < 0) { ret = -ENOENT; goto errout; } fname->crypto_buf.len = ret; if (bigname) { memcpy(&fname->hash, fname->crypto_buf.name, 4); memcpy(&fname->minor_hash, fname->crypto_buf.name + 4, 4); } else { fname->disk_name.name = fname->crypto_buf.name; fname->disk_name.len = fname->crypto_buf.len; } return 0; errout: fscrypt_fname_free_buffer(&fname->crypto_buf); return ret; }",visit repo url,fs/crypto/fname.c,https://github.com/torvalds/linux,243717987664942,1 1808,[],"static inline u64 max_skipped_ticks(struct rq *rq) { return 1; }",linux-2.6,,,164704814955358957202239632043184870037,0 690,CWE-20,"int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct atm_vcc *vcc; struct sk_buff *skb; int copied, error = -EINVAL; msg->msg_namelen = 0; if (sock->state != SS_CONNECTED) return -ENOTCONN; if (flags & ~(MSG_DONTWAIT | MSG_PEEK)) return -EOPNOTSUPP; vcc = ATM_SD(sock); if (test_bit(ATM_VF_RELEASED, &vcc->flags) || test_bit(ATM_VF_CLOSE, &vcc->flags) || !test_bit(ATM_VF_READY, &vcc->flags)) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &error); if (!skb) return error; copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } error = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (error) return error; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { pr_debug(""%d -= %d\n"", atomic_read(&sk->sk_rmem_alloc), skb->truesize); atm_return(vcc, skb->truesize); } skb_free_datagram(sk, skb); return copied; }",visit repo url,net/atm/common.c,https://github.com/torvalds/linux,240275613128050,1 3299,CWE-706,"void test_checkout_nasty__git_tilde1(void) { #ifdef GIT_WIN32 test_checkout_fails(""refs/heads/git_tilde1"", "".git/foobar""); #endif }",visit repo url,tests/checkout/nasty.c,https://github.com/libgit2/libgit2,110852357517252,1 5867,['CWE-200'],"static int nr_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { struct sock *sk = sock->sk; struct nr_sock *nr = nr_sk(sk); int val = 0; int len; if (level != SOL_NETROM) return -ENOPROTOOPT; if (get_user(len, optlen)) return -EFAULT; if (len < 0) return -EINVAL; switch (optname) { case NETROM_T1: val = nr->t1 / HZ; break; case NETROM_T2: val = nr->t2 / HZ; break; case NETROM_N2: val = nr->n2; break; case NETROM_T4: val = nr->t4 / HZ; break; case NETROM_IDLE: val = nr->idle / (60 * HZ); break; default: return -ENOPROTOOPT; } len = min_t(unsigned int, len, sizeof(int)); if (put_user(len, optlen)) return -EFAULT; return copy_to_user(optval, &val, len) ? -EFAULT : 0; }",linux-2.6,,,67762323735295743787905916152833928276,0 6653,CWE-134,"static int vidioc_querycap(struct file *file, void *priv, struct v4l2_capability *cap) { struct v4l2_loopback_device *dev = v4l2loopback_getdevice(file); int labellen = (sizeof(cap->card) < sizeof(dev->card_label)) ? sizeof(cap->card) : sizeof(dev->card_label); int device_nr = ((struct v4l2loopback_private *)video_get_drvdata(dev->vdev)) ->device_nr; __u32 capabilities = V4L2_CAP_STREAMING | V4L2_CAP_READWRITE; strlcpy(cap->driver, ""v4l2 loopback"", sizeof(cap->driver)); snprintf(cap->card, labellen, dev->card_label); snprintf(cap->bus_info, sizeof(cap->bus_info), ""platform:v4l2loopback-%03d"", device_nr); #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0) cap->version = V4L2LOOPBACK_VERSION_CODE; #endif #ifdef V4L2_CAP_VIDEO_M2M capabilities |= V4L2_CAP_VIDEO_M2M; #endif if (dev->announce_all_caps) { capabilities |= V4L2_CAP_VIDEO_CAPTURE | V4L2_CAP_VIDEO_OUTPUT; } else { if (dev->ready_for_capture) { capabilities |= V4L2_CAP_VIDEO_CAPTURE; } if (dev->ready_for_output) { capabilities |= V4L2_CAP_VIDEO_OUTPUT; } } #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 7, 0) dev->vdev->device_caps = #endif cap->device_caps = cap->capabilities = capabilities; #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 3, 0) cap->capabilities |= V4L2_CAP_DEVICE_CAPS; #endif memset(cap->reserved, 0, sizeof(cap->reserved)); return 0; }",visit repo url,v4l2loopback.c,https://github.com/umlaeute/v4l2loopback,82778955353222,1 1022,CWE-476,"key_ref_t key_create_or_update(key_ref_t keyring_ref, const char *type, const char *description, const void *payload, size_t plen, key_perm_t perm, unsigned long flags) { struct keyring_index_key index_key = { .description = description, }; struct key_preparsed_payload prep; struct assoc_array_edit *edit; const struct cred *cred = current_cred(); struct key *keyring, *key = NULL; key_ref_t key_ref; int ret; index_key.type = key_type_lookup(type); if (IS_ERR(index_key.type)) { key_ref = ERR_PTR(-ENODEV); goto error; } key_ref = ERR_PTR(-EINVAL); if (!index_key.type->match || !index_key.type->instantiate || (!index_key.description && !index_key.type->preparse)) goto error_put_type; keyring = key_ref_to_ptr(keyring_ref); key_check(keyring); key_ref = ERR_PTR(-ENOTDIR); if (keyring->type != &key_type_keyring) goto error_put_type; memset(&prep, 0, sizeof(prep)); prep.data = payload; prep.datalen = plen; prep.quotalen = index_key.type->def_datalen; prep.trusted = flags & KEY_ALLOC_TRUSTED; prep.expiry = TIME_T_MAX; if (index_key.type->preparse) { ret = index_key.type->preparse(&prep); if (ret < 0) { key_ref = ERR_PTR(ret); goto error_free_prep; } if (!index_key.description) index_key.description = prep.description; key_ref = ERR_PTR(-EINVAL); if (!index_key.description) goto error_free_prep; } index_key.desc_len = strlen(index_key.description); key_ref = ERR_PTR(-EPERM); if (!prep.trusted && test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags)) goto error_free_prep; flags |= prep.trusted ? KEY_ALLOC_TRUSTED : 0; ret = __key_link_begin(keyring, &index_key, &edit); if (ret < 0) { key_ref = ERR_PTR(ret); goto error_free_prep; } ret = key_permission(keyring_ref, KEY_NEED_WRITE); if (ret < 0) { key_ref = ERR_PTR(ret); goto error_link_end; } if (index_key.type->update) { key_ref = find_key_to_update(keyring_ref, &index_key); if (key_ref) goto found_matching_key; } if (perm == KEY_PERM_UNDEF) { perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; perm |= KEY_USR_VIEW; if (index_key.type->read) perm |= KEY_POS_READ; if (index_key.type == &key_type_keyring || index_key.type->update) perm |= KEY_POS_WRITE; } key = key_alloc(index_key.type, index_key.description, cred->fsuid, cred->fsgid, cred, perm, flags); if (IS_ERR(key)) { key_ref = ERR_CAST(key); goto error_link_end; } ret = __key_instantiate_and_link(key, &prep, keyring, NULL, &edit); if (ret < 0) { key_put(key); key_ref = ERR_PTR(ret); goto error_link_end; } key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); error_link_end: __key_link_end(keyring, &index_key, edit); error_free_prep: if (index_key.type->preparse) index_key.type->free_preparse(&prep); error_put_type: key_type_put(index_key.type); error: return key_ref; found_matching_key: __key_link_end(keyring, &index_key, edit); key_ref = __key_update(key_ref, &prep); goto error_free_prep; }",visit repo url,security/keys/key.c,https://github.com/torvalds/linux,121680805950690,1 4823,['CWE-399'],"static ssize_t copy_event_to_user(struct inotify_kernel_event *kevent, char __user *buf) { size_t event_size = sizeof(struct inotify_event); if (copy_to_user(buf, &kevent->event, event_size)) return -EFAULT; if (kevent->name) { buf += event_size; if (copy_to_user(buf, kevent->name, kevent->event.len)) return -EFAULT; event_size += kevent->event.len; } return event_size; }",linux-2.6,,,238446032143649313953198181145621462802,0 6177,['CWE-200'],"int register_qdisc(struct Qdisc_ops *qops) { struct Qdisc_ops *q, **qp; int rc = -EEXIST; write_lock(&qdisc_mod_lock); for (qp = &qdisc_base; (q = *qp) != NULL; qp = &q->next) if (!strcmp(qops->id, q->id)) goto out; if (qops->enqueue == NULL) qops->enqueue = noop_qdisc_ops.enqueue; if (qops->requeue == NULL) qops->requeue = noop_qdisc_ops.requeue; if (qops->dequeue == NULL) qops->dequeue = noop_qdisc_ops.dequeue; qops->next = NULL; *qp = qops; rc = 0; out: write_unlock(&qdisc_mod_lock); return rc; }",linux-2.6,,,320853664304535884858327313025418599859,0 1158,['CWE-189'],"static inline void hrtimer_remove_cb_pending(struct hrtimer *timer) { list_del_init(&timer->cb_entry); }",linux-2.6,,,271558943057840260463715320461110463687,0 3615,CWE-415,"compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) { if (!(ssh->compat & SSH_BUG_RSASIGMD5)) return pkalg_prop; debug2_f(""original public key proposal: %s"", pkalg_prop); if ((pkalg_prop = match_filter_denylist(pkalg_prop, ""ssh-rsa"")) == NULL) fatal(""match_filter_denylist failed""); debug2_f(""compat public key proposal: %s"", pkalg_prop); if (*pkalg_prop == '\0') fatal(""No supported PK algorithms found""); return pkalg_prop; }",visit repo url,compat.c,https://github.com/openssh/openssh-portable,90845672932112,1 4856,CWE-415,"static int read_private_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; const sc_acl_entry_t *e; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I0012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select private key file: %s\n"", sc_strerror(r)); return 2; } e = sc_file_get_acl_entry(file, SC_AC_OP_READ); if (e == NULL || e->method == SC_AC_NEVER) return 10; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read private key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_private_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,178422530736789,1 2717,CWE-190,"static int spl_filesystem_file_is_empty_line(spl_filesystem_object *intern TSRMLS_DC) { if (intern->u.file.current_line) { return intern->u.file.current_line_len == 0; } else if (intern->u.file.current_zval) { switch(Z_TYPE_P(intern->u.file.current_zval)) { case IS_STRING: return Z_STRLEN_P(intern->u.file.current_zval) == 0; case IS_ARRAY: if (SPL_HAS_FLAG(intern->flags, SPL_FILE_OBJECT_READ_CSV) && zend_hash_num_elements(Z_ARRVAL_P(intern->u.file.current_zval)) == 1) { zval ** first = Z_ARRVAL_P(intern->u.file.current_zval)->pListHead->pData; return Z_TYPE_PP(first) == IS_STRING && Z_STRLEN_PP(first) == 0; } return zend_hash_num_elements(Z_ARRVAL_P(intern->u.file.current_zval)) == 0; case IS_NULL: return 1; default: return 0; } } else { return 1; } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,8868537739881,1 2095,CWE-416,"void vmacache_flush_all(struct mm_struct *mm) { struct task_struct *g, *p; count_vm_vmacache_event(VMACACHE_FULL_FLUSHES); if (atomic_read(&mm->mm_users) == 1) return; rcu_read_lock(); for_each_process_thread(g, p) { if (mm == p->mm) vmacache_flush(p); } rcu_read_unlock(); }",visit repo url,mm/vmacache.c,https://github.com/torvalds/linux,200270818332412,1 2028,NVD-CWE-noinfo,"static void xen_irq_lateeoi_locked(struct irq_info *info) { evtchn_port_t evtchn; evtchn = info->evtchn; if (!VALID_EVTCHN(evtchn)) return; unmask_evtchn(evtchn); }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,33351899199722,1 3520,['CWE-20'],"__u32 sctp_generate_tag(const struct sctp_endpoint *ep) { __u32 x; do { get_random_bytes(&x, sizeof(__u32)); } while (x == 0); return x; }",linux-2.6,,,70682401970505403949732387078251434477,0 5823,NVD-CWE-Other,"static ssize_t _epoll_writev( oe_fd_t* desc, const struct oe_iovec* iov, int iovcnt) { ssize_t ret = -1; epoll_t* file = _cast_epoll(desc); void* buf = NULL; size_t buf_size = 0; if (!file || (iovcnt && !iov) || iovcnt < 0 || iovcnt > OE_IOV_MAX) OE_RAISE_ERRNO(OE_EINVAL); if (oe_iov_pack(iov, iovcnt, &buf, &buf_size) != 0) OE_RAISE_ERRNO(OE_ENOMEM); if (oe_syscall_writev_ocall(&ret, file->host_fd, buf, iovcnt, buf_size) != OE_OK) { OE_RAISE_ERRNO(OE_EINVAL); } done: if (buf) oe_free(buf); return ret; }",visit repo url,syscall/devices/hostepoll/hostepoll.c,https://github.com/openenclave/openenclave,267113271413145,1 1110,['CWE-399'],"int ia32_setup_frame(int sig, struct k_sigaction *ka, compat_sigset_t *set, struct pt_regs *regs) { struct sigframe __user *frame; void __user *restorer; int err = 0; static const struct { u16 poplmovl; u32 val; u16 int80; u16 pad; } __attribute__((packed)) code = { 0xb858, __NR_ia32_sigreturn, 0x80cd, 0, }; frame = get_sigframe(ka, regs, sizeof(*frame)); if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) goto give_sigsegv; err |= __put_user(sig, &frame->sig); if (err) goto give_sigsegv; err |= ia32_setup_sigcontext(&frame->sc, &frame->fpstate, regs, set->sig[0]); if (err) goto give_sigsegv; if (_COMPAT_NSIG_WORDS > 1) { err |= __copy_to_user(frame->extramask, &set->sig[1], sizeof(frame->extramask)); if (err) goto give_sigsegv; } if (ka->sa.sa_flags & SA_RESTORER) { restorer = ka->sa.sa_restorer; } else { if (current->binfmt->hasvdso) restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn); else restorer = &frame->retcode; } err |= __put_user(ptr_to_compat(restorer), &frame->pretcode); err |= __copy_to_user(frame->retcode, &code, 8); if (err) goto give_sigsegv; regs->sp = (unsigned long) frame; regs->ip = (unsigned long) ka->sa.sa_handler; regs->ax = sig; regs->dx = 0; regs->cx = 0; asm volatile(""movl %0,%%ds"" :: ""r"" (__USER32_DS)); asm volatile(""movl %0,%%es"" :: ""r"" (__USER32_DS)); regs->cs = __USER32_CS; regs->ss = __USER32_DS; set_fs(USER_DS); regs->flags &= ~(X86_EFLAGS_TF | X86_EFLAGS_DF); if (test_thread_flag(TIF_SINGLESTEP)) ptrace_notify(SIGTRAP); #if DEBUG_SIG printk(KERN_DEBUG ""SIG deliver (%s:%d): sp=%p pc=%lx ra=%u\n"", current->comm, current->pid, frame, regs->ip, frame->pretcode); #endif return 0; give_sigsegv: force_sigsegv(sig, current); return -EFAULT; }",linux-2.6,,,161217332970554728648272682730461181452,0 2535,CWE-125,"archive_wstring_append_from_mbs(struct archive_wstring *dest, const char *p, size_t len) { size_t r; int ret_val = 0; size_t wcs_length = len; size_t mbs_length = len; const char *mbs = p; wchar_t *wcs; #if HAVE_MBRTOWC mbstate_t shift_state; memset(&shift_state, 0, sizeof(shift_state)); #endif if (NULL == archive_wstring_ensure(dest, dest->length + wcs_length + 1)) return (-1); wcs = dest->s + dest->length; while (*mbs && mbs_length > 0) { if (wcs_length == 0) { dest->length = wcs - dest->s; dest->s[dest->length] = L'\0'; wcs_length = mbs_length; if (NULL == archive_wstring_ensure(dest, dest->length + wcs_length + 1)) return (-1); wcs = dest->s + dest->length; } #if HAVE_MBRTOWC r = mbrtowc(wcs, mbs, wcs_length, &shift_state); #else r = mbtowc(wcs, mbs, wcs_length); #endif if (r == (size_t)-1 || r == (size_t)-2) { ret_val = -1; if (errno == EILSEQ) { ++mbs; --mbs_length; continue; } else break; } if (r == 0 || r > mbs_length) break; wcs++; wcs_length--; mbs += r; mbs_length -= r; } dest->length = wcs - dest->s; dest->s[dest->length] = L'\0'; return (ret_val); }",visit repo url,libarchive/archive_string.c,https://github.com/libarchive/libarchive,3550344054098,1 376,[],"pfm_get_next_msg(pfm_context_t *ctx) { pfm_msg_t *msg; DPRINT((""ctx=%p head=%d tail=%d\n"", ctx, ctx->ctx_msgq_head, ctx->ctx_msgq_tail)); if (PFM_CTXQ_EMPTY(ctx)) return NULL; msg = ctx->ctx_msgq+ctx->ctx_msgq_head; ctx->ctx_msgq_head = (ctx->ctx_msgq_head+1) % PFM_MAX_MSGS; DPRINT((""ctx=%p head=%d tail=%d type=%d\n"", ctx, ctx->ctx_msgq_head, ctx->ctx_msgq_tail, msg->pfm_gen_msg.msg_type)); return msg; }",linux-2.6,,,134966773592224163691720140249717244857,0 2481,CWE-189,"void * calloc(size_t n, size_t lb) { if (lb && n > GC_SIZE_MAX / lb) return NULL; # if defined(GC_LINUX_THREADS) { static GC_bool lib_bounds_set = FALSE; ptr_t caller = (ptr_t)__builtin_return_address(0); if (!EXPECT(lib_bounds_set, TRUE)) { GC_init_lib_bounds(); lib_bounds_set = TRUE; } if (((word)caller >= (word)GC_libpthread_start && (word)caller < (word)GC_libpthread_end) || ((word)caller >= (word)GC_libld_start && (word)caller < (word)GC_libld_end)) return GC_malloc_uncollectable(n*lb); } # endif return((void *)REDIRECT_MALLOC(n*lb)); }",visit repo url,malloc.c,https://github.com/ivmai/bdwgc,252947259038409,1 3184,CWE-125,"le64addr_string(netdissect_options *ndo, const u_char *ep) { const unsigned int len = 8; register u_int i; register char *cp; register struct enamemem *tp; char buf[BUFSIZE]; tp = lookup_bytestring(ndo, ep, len); if (tp->e_name) return (tp->e_name); cp = buf; for (i = len; i > 0 ; --i) { *cp++ = hex[*(ep + i - 1) >> 4]; *cp++ = hex[*(ep + i - 1) & 0xf]; *cp++ = ':'; } cp --; *cp = '\0'; tp->e_name = strdup(buf); if (tp->e_name == NULL) (*ndo->ndo_error)(ndo, ""le64addr_string: strdup(buf)""); return (tp->e_name); }",visit repo url,addrtoname.c,https://github.com/the-tcpdump-group/tcpdump,201212270052950,1 1870,CWE-787,"int build_sec_desc(struct user_namespace *user_ns, struct smb_ntsd *pntsd, struct smb_ntsd *ppntsd, int addition_info, __u32 *secdesclen, struct smb_fattr *fattr) { int rc = 0; __u32 offset; struct smb_sid *owner_sid_ptr, *group_sid_ptr; struct smb_sid *nowner_sid_ptr, *ngroup_sid_ptr; struct smb_acl *dacl_ptr = NULL; uid_t uid; gid_t gid; unsigned int sid_type = SIDOWNER; nowner_sid_ptr = kmalloc(sizeof(struct smb_sid), GFP_KERNEL); if (!nowner_sid_ptr) return -ENOMEM; uid = from_kuid(&init_user_ns, fattr->cf_uid); if (!uid) sid_type = SIDUNIX_USER; id_to_sid(uid, sid_type, nowner_sid_ptr); ngroup_sid_ptr = kmalloc(sizeof(struct smb_sid), GFP_KERNEL); if (!ngroup_sid_ptr) { kfree(nowner_sid_ptr); return -ENOMEM; } gid = from_kgid(&init_user_ns, fattr->cf_gid); id_to_sid(gid, SIDUNIX_GROUP, ngroup_sid_ptr); offset = sizeof(struct smb_ntsd); pntsd->sacloffset = 0; pntsd->revision = cpu_to_le16(1); pntsd->type = cpu_to_le16(SELF_RELATIVE); if (ppntsd) pntsd->type |= ppntsd->type; if (addition_info & OWNER_SECINFO) { pntsd->osidoffset = cpu_to_le32(offset); owner_sid_ptr = (struct smb_sid *)((char *)pntsd + offset); smb_copy_sid(owner_sid_ptr, nowner_sid_ptr); offset += 1 + 1 + 6 + (nowner_sid_ptr->num_subauth * 4); } if (addition_info & GROUP_SECINFO) { pntsd->gsidoffset = cpu_to_le32(offset); group_sid_ptr = (struct smb_sid *)((char *)pntsd + offset); smb_copy_sid(group_sid_ptr, ngroup_sid_ptr); offset += 1 + 1 + 6 + (ngroup_sid_ptr->num_subauth * 4); } if (addition_info & DACL_SECINFO) { pntsd->type |= cpu_to_le16(DACL_PRESENT); dacl_ptr = (struct smb_acl *)((char *)pntsd + offset); dacl_ptr->revision = cpu_to_le16(2); dacl_ptr->size = cpu_to_le16(sizeof(struct smb_acl)); dacl_ptr->num_aces = 0; if (!ppntsd) { set_mode_dacl(user_ns, dacl_ptr, fattr); } else if (!ppntsd->dacloffset) { goto out; } else { struct smb_acl *ppdacl_ptr; ppdacl_ptr = (struct smb_acl *)((char *)ppntsd + le32_to_cpu(ppntsd->dacloffset)); set_ntacl_dacl(user_ns, dacl_ptr, ppdacl_ptr, nowner_sid_ptr, ngroup_sid_ptr, fattr); } pntsd->dacloffset = cpu_to_le32(offset); offset += le16_to_cpu(dacl_ptr->size); } out: kfree(nowner_sid_ptr); kfree(ngroup_sid_ptr); *secdesclen = offset; return rc; }",visit repo url,fs/ksmbd/smbacl.c,https://github.com/torvalds/linux,2929252622263,1 3946,['CWE-362'],"char *audit_unpack_string(void **bufp, size_t *remain, size_t len) { char *str; if (!*bufp || (len == 0) || (len > *remain)) return ERR_PTR(-EINVAL); if (len > PATH_MAX) return ERR_PTR(-ENAMETOOLONG); str = kmalloc(len + 1, GFP_KERNEL); if (unlikely(!str)) return ERR_PTR(-ENOMEM); memcpy(str, *bufp, len); str[len] = 0; *bufp += len; *remain -= len; return str; }",linux-2.6,,,334485943031177007195517262922529975897,0 5666,CWE-125,"bit_write_UMC (Bit_Chain *dat, BITCODE_UMC val) { int i, j; int negative; unsigned char byte[5]; BITCODE_UMC mask; BITCODE_UMC value; value = val; mask = 0x0000007f; for (i = 4, j = 0; i >= 0; i--, j += 7) { byte[i] = (unsigned char)((value & mask) >> j); byte[i] |= 0x80; mask = mask << 7; } for (i = 0; i < 4; i++) if (byte[i] & 0x7f) break; if (byte[i] & 0x40) i--; byte[i] &= 0x7f; for (j = 4; j >= i; j--) bit_write_RC (dat, byte[j]); }",visit repo url,src/bits.c,https://github.com/LibreDWG/libredwg,271857118501039,1 2152,['CWE-400'],"int shmem_unuse(swp_entry_t entry, struct page *page) { struct list_head *p, *next; struct shmem_inode_info *info; int found = 0; mutex_lock(&shmem_swaplist_mutex); list_for_each_safe(p, next, &shmem_swaplist) { info = list_entry(p, struct shmem_inode_info, swaplist); found = shmem_unuse_inode(info, entry, page); cond_resched(); if (found) goto out; } mutex_unlock(&shmem_swaplist_mutex); out: return found; }",linux-2.6,,,50972054701547882494392429631186114008,0 5629,[],"static int send_signal(int sig, struct siginfo *info, struct task_struct *t, int group) { int from_ancestor_ns = 0; #ifdef CONFIG_PID_NS if (!is_si_special(info) && SI_FROMUSER(info) && task_pid_nr_ns(current, task_active_pid_ns(t)) <= 0) from_ancestor_ns = 1; #endif return __send_signal(sig, info, t, group, from_ancestor_ns); }",linux-2.6,,,28889264537713630152815576796583348937,0 4978,['CWE-20'],"struct nfs_server *nfs4_create_referral_server(struct nfs_clone_mount *data, struct nfs_fh *mntfh) { struct nfs_client *parent_client; struct nfs_server *server, *parent_server; struct nfs_fattr fattr; int error; dprintk(""--> nfs4_create_referral_server()\n""); server = nfs_alloc_server(); if (!server) return ERR_PTR(-ENOMEM); parent_server = NFS_SB(data->sb); parent_client = parent_server->nfs_client; error = nfs4_set_client(server, data->hostname, data->addr, parent_client->cl_ipaddr, data->authflavor, parent_server->client->cl_xprt->prot, parent_client->retrans_timeo, parent_client->retrans_count); if (error < 0) goto error; nfs_server_copy_userdata(server, parent_server); server->caps |= NFS_CAP_ATOMIC_OPEN; error = nfs_init_server_rpcclient(server, data->authflavor); if (error < 0) goto error; BUG_ON(!server->nfs_client); BUG_ON(!server->nfs_client->rpc_ops); BUG_ON(!server->nfs_client->rpc_ops->file_inode_ops); error = nfs4_path_walk(server, mntfh, data->mnt_path); if (error < 0) goto error; error = nfs_probe_fsinfo(server, mntfh, &fattr); if (error < 0) goto error; if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN) server->namelen = NFS4_MAXNAMLEN; dprintk(""Referral FSID: %llx:%llx\n"", (unsigned long long) server->fsid.major, (unsigned long long) server->fsid.minor); spin_lock(&nfs_client_lock); list_add_tail(&server->client_link, &server->nfs_client->cl_superblocks); list_add_tail(&server->master_link, &nfs_volume_list); spin_unlock(&nfs_client_lock); server->mount_time = jiffies; dprintk(""<-- nfs_create_referral_server() = %p\n"", server); return server; error: nfs_free_server(server); dprintk(""<-- nfs4_create_referral_server() = error %d\n"", error); return ERR_PTR(error); }",linux-2.6,,,266343541924516127420118425682947494025,0 3824,CWE-476,"find_ucmd( exarg_T *eap, char_u *p, int *full, expand_T *xp, int *complp) { int len = (int)(p - eap->cmd); int j, k, matchlen = 0; ucmd_T *uc; int found = FALSE; int possible = FALSE; char_u *cp, *np; garray_T *gap; int amb_local = FALSE; gap = #ifdef FEAT_CMDWIN is_in_cmdwin() ? &prevwin->w_buffer->b_ucmds : #endif &curbuf->b_ucmds; for (;;) { for (j = 0; j < gap->ga_len; ++j) { uc = USER_CMD_GA(gap, j); cp = eap->cmd; np = uc->uc_name; k = 0; while (k < len && *np != NUL && *cp++ == *np++) k++; if (k == len || (*np == NUL && vim_isdigit(eap->cmd[k]))) { if (k == len && found && *np != NUL) { if (gap == &ucmds) return NULL; amb_local = TRUE; } if (!found || (k == len && *np == NUL)) { if (k == len) found = TRUE; else possible = TRUE; if (gap == &ucmds) eap->cmdidx = CMD_USER; else eap->cmdidx = CMD_USER_BUF; eap->argt = (long)uc->uc_argt; eap->useridx = j; eap->addr_type = uc->uc_addr_type; if (complp != NULL) *complp = uc->uc_compl; # ifdef FEAT_EVAL if (xp != NULL) { xp->xp_arg = uc->uc_compl_arg; xp->xp_script_ctx = uc->uc_script_ctx; xp->xp_script_ctx.sc_lnum += SOURCING_LNUM; } # endif matchlen = k; if (k == len && *np == NUL) { if (full != NULL) *full = TRUE; amb_local = FALSE; break; } } } } if (j < gap->ga_len || gap == &ucmds) break; gap = &ucmds; } if (amb_local) { if (xp != NULL) xp->xp_context = EXPAND_UNSUCCESSFUL; return NULL; } if (found || possible) return p + (matchlen - len); return p; }",visit repo url,src/usercmd.c,https://github.com/vim/vim,247894643366341,1 1918,CWE-476,"static enum count_type __read_io_type(struct page *page) { struct address_space *mapping = page->mapping; if (mapping) { struct inode *inode = mapping->host; struct f2fs_sb_info *sbi = F2FS_I_SB(inode); if (inode->i_ino == F2FS_META_INO(sbi)) return F2FS_RD_META; if (inode->i_ino == F2FS_NODE_INO(sbi)) return F2FS_RD_NODE; } return F2FS_RD_DATA; }",visit repo url,fs/f2fs/data.c,https://github.com/torvalds/linux,200247109234699,1 3893,CWE-416,"nv_replace(cmdarg_T *cap) { char_u *ptr; int had_ctrl_v; long n; if (checkclearop(cap->oap)) return; #ifdef FEAT_JOB_CHANNEL if (bt_prompt(curbuf) && !prompt_curpos_editable()) { clearopbeep(cap->oap); return; } #endif if (cap->nchar == Ctrl_V) { had_ctrl_v = Ctrl_V; cap->nchar = get_literal(FALSE); if (cap->nchar > DEL) had_ctrl_v = NUL; } else had_ctrl_v = NUL; if (IS_SPECIAL(cap->nchar)) { clearopbeep(cap->oap); return; } if (VIsual_active) { if (got_int) reset_VIsual(); if (had_ctrl_v) { if (cap->nchar == CAR) cap->nchar = REPLACE_CR_NCHAR; else if (cap->nchar == NL) cap->nchar = REPLACE_NL_NCHAR; } nv_operator(cap); return; } if (virtual_active()) { if (u_save_cursor() == FAIL) return; if (gchar_cursor() == NUL) { coladvance_force((colnr_T)(getviscol() + cap->count1)); curwin->w_cursor.col -= cap->count1; } else if (gchar_cursor() == TAB) coladvance_force(getviscol()); } ptr = ml_get_cursor(); if (STRLEN(ptr) < (unsigned)cap->count1 || (has_mbyte && mb_charlen(ptr) < cap->count1)) { clearopbeep(cap->oap); return; } if (had_ctrl_v != Ctrl_V && cap->nchar == '\t' && (curbuf->b_p_et || p_sta)) { stuffnumReadbuff(cap->count1); stuffcharReadbuff('R'); stuffcharReadbuff('\t'); stuffcharReadbuff(ESC); return; } if (u_save_cursor() == FAIL) return; if (had_ctrl_v != Ctrl_V && (cap->nchar == '\r' || cap->nchar == '\n')) { (void)del_chars(cap->count1, FALSE); stuffcharReadbuff('\r'); stuffcharReadbuff(ESC); invoke_edit(cap, TRUE, 'r', FALSE); } else { prep_redo(cap->oap->regname, cap->count1, NUL, 'r', NUL, had_ctrl_v, cap->nchar); curbuf->b_op_start = curwin->w_cursor; if (has_mbyte) { int old_State = State; if (cap->ncharC1 != 0) AppendCharToRedobuff(cap->ncharC1); if (cap->ncharC2 != 0) AppendCharToRedobuff(cap->ncharC2); for (n = cap->count1; n > 0; --n) { State = REPLACE; if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y) { int c = ins_copychar(curwin->w_cursor.lnum + (cap->nchar == Ctrl_Y ? -1 : 1)); if (c != NUL) ins_char(c); else ++curwin->w_cursor.col; } else ins_char(cap->nchar); State = old_State; if (cap->ncharC1 != 0) ins_char(cap->ncharC1); if (cap->ncharC2 != 0) ins_char(cap->ncharC2); } } else { for (n = cap->count1; n > 0; --n) { ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); if (cap->nchar == Ctrl_E || cap->nchar == Ctrl_Y) { int c = ins_copychar(curwin->w_cursor.lnum + (cap->nchar == Ctrl_Y ? -1 : 1)); if (c != NUL) ptr[curwin->w_cursor.col] = c; } else ptr[curwin->w_cursor.col] = cap->nchar; if (p_sm && msg_silent == 0) showmatch(cap->nchar); ++curwin->w_cursor.col; } #ifdef FEAT_NETBEANS_INTG if (netbeans_active()) { colnr_T start = (colnr_T)(curwin->w_cursor.col - cap->count1); netbeans_removed(curbuf, curwin->w_cursor.lnum, start, (long)cap->count1); netbeans_inserted(curbuf, curwin->w_cursor.lnum, start, &ptr[start], (int)cap->count1); } #endif changed_bytes(curwin->w_cursor.lnum, (colnr_T)(curwin->w_cursor.col - cap->count1)); } --curwin->w_cursor.col; if (has_mbyte) mb_adjust_cursor(); curbuf->b_op_end = curwin->w_cursor; curwin->w_set_curswant = TRUE; set_last_insert(cap->nchar); } }",visit repo url,src/normal.c,https://github.com/vim/vim,71844946152858,1 6417,CWE-20,"void esp32EthDisableIrq(NetInterface *interface) { if(interface->phyDriver != NULL) { interface->phyDriver->disableIrq(interface); } else if(interface->switchDriver != NULL) { interface->switchDriver->disableIrq(interface); } else { } }",visit repo url,drivers/mac/esp32_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,193326984450940,1 2160,['CWE-400'],"static int shmem_link(struct dentry *old_dentry, struct inode *dir, struct dentry *dentry) { struct inode *inode = old_dentry->d_inode; int ret; ret = shmem_reserve_inode(inode->i_sb); if (ret) goto out; dir->i_size += BOGO_DIRENT_SIZE; inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME; inc_nlink(inode); atomic_inc(&inode->i_count); dget(dentry); d_instantiate(dentry, inode); out: return ret; }",linux-2.6,,,32130980983624081355758702989661135097,0 6655,['CWE-200'],"check_vpn_import_supported (gpointer key, gpointer data, gpointer user_data) { NMVpnPluginUiInterface *plugin = NM_VPN_PLUGIN_UI_INTERFACE (data); gboolean *import_supported = user_data; if (*import_supported) return; if (nm_vpn_plugin_ui_interface_get_capabilities (plugin) & NM_VPN_PLUGIN_UI_CAPABILITY_IMPORT) *import_supported = TRUE; }",network-manager-applet,,,108624856733616577491860379585854584921,0 3111,CWE-476,"GetOutboundPinholeTimeout(struct upnphttp * h, const char * action, const char * ns) { int r; static const char resp[] = """" ""%d"" """"; char body[512]; int bodylen; struct NameValueParserData data; char * int_ip, * int_port, * rem_host, * rem_port, * protocol; int opt=0; unsigned short iport, rport; if (GETFLAG(IPV6FCFWDISABLEDMASK)) { SoapError(h, 702, ""FirewallDisabled""); return; } ParseNameValue(h->req_buf + h->req_contentoff, h->req_contentlen, &data); int_ip = GetValueFromNameValueList(&data, ""InternalClient""); int_port = GetValueFromNameValueList(&data, ""InternalPort""); rem_host = GetValueFromNameValueList(&data, ""RemoteHost""); rem_port = GetValueFromNameValueList(&data, ""RemotePort""); protocol = GetValueFromNameValueList(&data, ""Protocol""); if (!int_port || !ext_port || !protocol) { ClearNameValueList(&data); SoapError(h, 402, ""Invalid Args""); return; } rport = (unsigned short)atoi(rem_port); iport = (unsigned short)atoi(int_port); syslog(LOG_INFO, ""%s: retrieving timeout for outbound pinhole from [%s]:%hu to [%s]:%hu protocol %s"", action, int_ip, iport,rem_host, rport, protocol); r = -1; switch(r) { case 1: bodylen = snprintf(body, sizeof(body), resp, action, ns , opt, action); BuildSendAndCloseSoapResp(h, body, bodylen); break; case -5: SoapError(h, 705, ""ProtocolNotSupported""); break; default: SoapError(h, 501, ""ActionFailed""); } ClearNameValueList(&data); }",visit repo url,miniupnpd/upnpsoap.c,https://github.com/miniupnp/miniupnp,205998267915652,1 3061,CWE-787,"char *string_crypt(const char *key, const char *salt) { assert(key); assert(salt); char random_salt[12]; if (!*salt) { memcpy(random_salt,""$1$"",3); ito64(random_salt+3,rand(),8); random_salt[11] = '\0'; return string_crypt(key, random_salt); } if ((strlen(salt) > sizeof(""$2X$00$"")) && (salt[0] == '$') && (salt[1] == '2') && (salt[2] >= 'a') && (salt[2] <= 'z') && (salt[3] == '$') && (salt[4] >= '0') && (salt[4] <= '3') && (salt[5] >= '0') && (salt[5] <= '9') && (salt[6] == '$')) { char output[61]; if (php_crypt_blowfish_rn(key, salt, output, sizeof(output))) { return strdup(output); } } else { #ifdef USE_PHP_CRYPT_R return php_crypt_r(key, salt); #else static Mutex mutex; Lock lock(mutex); char *crypt_res = crypt(key,salt); if (crypt_res) { return strdup(crypt_res); } #endif } return ((salt[0] == '*') && (salt[1] == '0')) ? strdup(""*1"") : strdup(""*0""); }",visit repo url,hphp/zend/zend-string.cpp,https://github.com/facebook/hhvm,124316546725727,1 1131,['CWE-399'],"long compat_arch_ptrace(struct task_struct *child, compat_long_t request, compat_ulong_t caddr, compat_ulong_t cdata) { unsigned long addr = caddr; unsigned long data = cdata; ptrace_area_emu31 parea; int copied, ret; switch (request) { case PTRACE_PEEKUSR: return peek_user_compat(child, addr, data); case PTRACE_POKEUSR: return poke_user_compat(child, addr, data); case PTRACE_PEEKUSR_AREA: case PTRACE_POKEUSR_AREA: if (copy_from_user(&parea, (void __force __user *) addr, sizeof(parea))) return -EFAULT; addr = parea.kernel_addr; data = parea.process_addr; copied = 0; while (copied < parea.len) { if (request == PTRACE_PEEKUSR_AREA) ret = peek_user_compat(child, addr, data); else { __u32 utmp; if (get_user(utmp, (__u32 __force __user *) data)) return -EFAULT; ret = poke_user_compat(child, addr, utmp); } if (ret) return ret; addr += sizeof(unsigned int); data += sizeof(unsigned int); copied += sizeof(unsigned int); } return 0; } return compat_ptrace_request(child, request, addr, data); }",linux-2.6,,,284857527564805510333800969933689077807,0 4251,CWE-416,"static pyc_object *get_object(RBuffer *buffer) { bool error = false; pyc_object *ret = NULL; ut8 code = get_ut8 (buffer, &error); ut8 flag = code & FLAG_REF; RListIter *ref_idx = NULL; ut8 type = code & ~FLAG_REF; if (error) { return NULL; } if (flag) { ret = get_none_object (); if (!ret) { return NULL; } ref_idx = r_list_append (refs, ret); if (!ref_idx) { free_object (ret); return NULL; } } switch (type) { case TYPE_NULL: free_object (ret); return NULL; case TYPE_TRUE: free_object (ret); return get_true_object (); case TYPE_FALSE: free_object (ret); return get_false_object (); case TYPE_NONE: free_object (ret); return get_none_object (); case TYPE_REF: free_object (ret); return get_ref_object (buffer); case TYPE_SMALL_TUPLE: ret = get_small_tuple_object (buffer); break; case TYPE_TUPLE: ret = get_tuple_object (buffer); break; case TYPE_STRING: ret = get_string_object (buffer); break; case TYPE_CODE_v0: ret = get_code_object (buffer); if (ret) { ret->type = TYPE_CODE_v0; } break; case TYPE_CODE_v1: ret = get_code_object (buffer); if (ret) { ret->type = TYPE_CODE_v1; } break; case TYPE_INT: ret = get_int_object (buffer); break; case TYPE_ASCII_INTERNED: ret = get_ascii_interned_object (buffer); break; case TYPE_SHORT_ASCII: ret = get_short_ascii_object (buffer); break; case TYPE_ASCII: ret = get_ascii_object (buffer); break; case TYPE_SHORT_ASCII_INTERNED: ret = get_short_ascii_interned_object (buffer); break; case TYPE_INT64: ret = get_int64_object (buffer); break; case TYPE_INTERNED: ret = get_interned_object (buffer); break; case TYPE_STRINGREF: ret = get_stringref_object (buffer); break; case TYPE_FLOAT: ret = get_float_object (buffer); break; case TYPE_BINARY_FLOAT: ret = get_binary_float_object (buffer); break; case TYPE_COMPLEX: ret = get_complex_object (buffer); break; case TYPE_BINARY_COMPLEX: ret = get_binary_complex_object (buffer); break; case TYPE_LIST: ret = get_list_object (buffer); break; case TYPE_LONG: ret = get_long_object (buffer); break; case TYPE_UNICODE: ret = get_unicode_object (buffer); break; case TYPE_DICT: ret = get_dict_object (buffer); break; case TYPE_FROZENSET: case TYPE_SET: ret = get_set_object (buffer); break; case TYPE_STOPITER: case TYPE_ELLIPSIS: ret = R_NEW0 (pyc_object); break; case TYPE_UNKNOWN: eprintf (""Get not implemented for type 0x%x\n"", type); free_object (ret); return NULL; case 0: break; default: eprintf (""Undefined type in get_object (0x%x)\n"", type); free_object (ret); return NULL; } if (flag && ref_idx) { free_object (ref_idx->data); ref_idx->data = copy_object (ret); } return ret; }",visit repo url,libr/bin/format/pyc/marshal.c,https://github.com/radareorg/radare2,216260144418929,1 2057,['CWE-269'],"int copy_mount_options(const void __user * data, unsigned long *where) { int i; unsigned long page; unsigned long size; *where = 0; if (!data) return 0; if (!(page = __get_free_page(GFP_KERNEL))) return -ENOMEM; size = TASK_SIZE - (unsigned long)data; if (size > PAGE_SIZE) size = PAGE_SIZE; i = size - exact_copy_from_user((void *)page, data, size); if (!i) { free_page(page); return -EFAULT; } if (i != PAGE_SIZE) memset((char *)page + i, 0, PAGE_SIZE - i); *where = page; return 0; }",linux-2.6,,,91332603080480553206236647656620181978,0 3836,CWE-126,"get_one_sourceline(source_cookie_T *sp) { garray_T ga; int len; int c; char_u *buf; #ifdef USE_CRNL int has_cr; #endif int have_read = FALSE; ga_init2(&ga, 1, 250); ++sp->sourcing_lnum; for (;;) { if (ga_grow(&ga, 120) == FAIL) break; if (sp->source_from_buf) { if (sp->buf_lnum >= sp->buflines.ga_len) break; ga_concat(&ga, ((char_u **)sp->buflines.ga_data)[sp->buf_lnum]); sp->buf_lnum++; if (ga_grow(&ga, 1) == FAIL) break; buf = (char_u *)ga.ga_data; buf[ga.ga_len++] = NUL; } else { buf = (char_u *)ga.ga_data; if (fgets((char *)buf + ga.ga_len, ga.ga_maxlen - ga.ga_len, sp->fp) == NULL) break; } len = ga.ga_len + (int)STRLEN(buf + ga.ga_len); #ifdef USE_CRNL if ( (len == 1 || (len >= 2 && buf[len - 2] == '\n')) && sp->fileformat == EOL_DOS && buf[len - 1] == Ctrl_Z) { buf[len - 1] = NUL; break; } #endif have_read = TRUE; ga.ga_len = len; if (ga.ga_maxlen - ga.ga_len == 1 && buf[len - 1] != '\n') continue; if (len >= 1 && buf[len - 1] == '\n') { #ifdef USE_CRNL has_cr = (len >= 2 && buf[len - 2] == '\r'); if (sp->fileformat == EOL_UNKNOWN) { if (has_cr) sp->fileformat = EOL_DOS; else sp->fileformat = EOL_UNIX; } if (sp->fileformat == EOL_DOS) { if (has_cr) { buf[len - 2] = '\n'; --len; --ga.ga_len; } else { if (!sp->error) { msg_source(HL_ATTR(HLF_W)); emsg(_(""W15: Warning: Wrong line separator, ^M may be missing"")); } sp->error = TRUE; sp->fileformat = EOL_UNIX; } } #endif for (c = len - 2; c >= 0 && buf[c] == Ctrl_V; c--) ; if ((len & 1) != (c & 1)) { ++sp->sourcing_lnum; continue; } buf[len - 1] = NUL; } line_breakcheck(); break; } if (have_read) return (char_u *)ga.ga_data; vim_free(ga.ga_data); return NULL; }",visit repo url,src/scriptfile.c,https://github.com/vim/vim,22336541580976,1 965,CWE-362,"void ip4_datagram_release_cb(struct sock *sk) { const struct inet_sock *inet = inet_sk(sk); const struct ip_options_rcu *inet_opt; __be32 daddr = inet->inet_daddr; struct flowi4 fl4; struct rtable *rt; if (! __sk_dst_get(sk) || __sk_dst_check(sk, 0)) return; rcu_read_lock(); inet_opt = rcu_dereference(inet->inet_opt); if (inet_opt && inet_opt->opt.srr) daddr = inet_opt->opt.faddr; rt = ip_route_output_ports(sock_net(sk), &fl4, sk, daddr, inet->inet_saddr, inet->inet_dport, inet->inet_sport, sk->sk_protocol, RT_CONN_FLAGS(sk), sk->sk_bound_dev_if); if (!IS_ERR(rt)) __sk_dst_set(sk, &rt->dst); rcu_read_unlock(); }",visit repo url,net/ipv4/datagram.c,https://github.com/torvalds/linux,103541254763103,1 3241,['CWE-189'],"static uint_fast32_t inttobits(jas_seqent_t v, int prec, bool sgnd) { uint_fast32_t ret; ret = ((sgnd && v < 0) ? ((1 << prec) + v) : v) & JAS_ONES(prec); return ret; }",jasper,,,154983119772602003495115396772088843605,0 815,CWE-20,"static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int rc; pr_debug(""sock=%p sk=%p len=%zu flags=%d\n"", sock, sk, len, flags); skb = skb_recv_datagram(sk, flags, noblock, &rc); if (!skb) return rc; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); return rc ? : copied; }",visit repo url,net/nfc/rawsock.c,https://github.com/torvalds/linux,193439535934568,1 5097,CWE-190,"_pickle_PicklerMemoProxy_copy_impl(PicklerMemoProxyObject *self) { Py_ssize_t i; PyMemoTable *memo; PyObject *new_memo = PyDict_New(); if (new_memo == NULL) return NULL; memo = self->pickler->memo; for (i = 0; i < memo->mt_allocated; ++i) { PyMemoEntry entry = memo->mt_table[i]; if (entry.me_key != NULL) { int status; PyObject *key, *value; key = PyLong_FromVoidPtr(entry.me_key); value = Py_BuildValue(""nO"", entry.me_value, entry.me_key); if (key == NULL || value == NULL) { Py_XDECREF(key); Py_XDECREF(value); goto error; } status = PyDict_SetItem(new_memo, key, value); Py_DECREF(key); Py_DECREF(value); if (status < 0) goto error; } } return new_memo; error: Py_XDECREF(new_memo); return NULL; }",visit repo url,Modules/_pickle.c,https://github.com/python/cpython,89057025290043,1 2999,['CWE-189'],"static void jas_icccurv_destroy(jas_iccattrval_t *attrval) { jas_icccurv_t *curv = &attrval->data.curv; if (curv->ents) { jas_free(curv->ents); curv->ents = 0; } }",jasper,,,172777762740373180511411319078261585864,0 336,['CWE-20'],"static inline struct pt_regs *get_child_regs(struct task_struct *task) { void *stack_top = (void *)task->thread.esp0; return stack_top - sizeof(struct pt_regs); }",linux-2.6,,,73087254091751577796723327949017532105,0 2140,['CWE-119'],"static inline void native_load_gdt(const struct desc_ptr *dtr) { asm volatile(""lgdt %0""::""m"" (*dtr)); }",linux-2.6,,,337620039984246948808035978522918606175,0 5882,['CWE-200'],"static void nr_insert_socket(struct sock *sk) { spin_lock_bh(&nr_list_lock); sk_add_node(sk, &nr_list); spin_unlock_bh(&nr_list_lock); }",linux-2.6,,,289601975614046391334694017850501365679,0 6627,CWE-843,"njs_promise_resolve(njs_vm_t *vm, njs_value_t *constructor, njs_value_t *x) { njs_int_t ret; njs_value_t value; njs_object_t *object; njs_promise_capability_t *capability; static const njs_value_t string_constructor = njs_string(""constructor""); if (njs_is_object(x)) { object = njs_object_proto_lookup(njs_object(x), NJS_PROMISE, njs_object_t); if (object != NULL) { ret = njs_value_property(vm, x, njs_value_arg(&string_constructor), &value); if (njs_slow_path(ret == NJS_ERROR)) { return NULL; } if (njs_values_same(&value, constructor)) { return njs_promise(x); } } } capability = njs_promise_new_capability(vm, constructor); if (njs_slow_path(capability == NULL)) { return NULL; } ret = njs_function_call(vm, njs_function(&capability->resolve), &njs_value_undefined, x, 1, &value); if (njs_slow_path(ret != NJS_OK)) { return NULL; } return njs_promise(&capability->promise); }",visit repo url,src/njs_promise.c,https://github.com/nginx/njs,189486664317242,1 1014,['CWE-94'],"ssize_t splice_to_pipe(struct pipe_inode_info *pipe, struct splice_pipe_desc *spd) { unsigned int spd_pages = spd->nr_pages; int ret, do_wakeup, page_nr; ret = 0; do_wakeup = 0; page_nr = 0; if (pipe->inode) mutex_lock(&pipe->inode->i_mutex); for (;;) { if (!pipe->readers) { send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; break; } if (pipe->nrbufs < PIPE_BUFFERS) { int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1); struct pipe_buffer *buf = pipe->bufs + newbuf; buf->page = spd->pages[page_nr]; buf->offset = spd->partial[page_nr].offset; buf->len = spd->partial[page_nr].len; buf->private = spd->partial[page_nr].private; buf->ops = spd->ops; if (spd->flags & SPLICE_F_GIFT) buf->flags |= PIPE_BUF_FLAG_GIFT; pipe->nrbufs++; page_nr++; ret += buf->len; if (pipe->inode) do_wakeup = 1; if (!--spd->nr_pages) break; if (pipe->nrbufs < PIPE_BUFFERS) continue; break; } if (spd->flags & SPLICE_F_NONBLOCK) { if (!ret) ret = -EAGAIN; break; } if (signal_pending(current)) { if (!ret) ret = -ERESTARTSYS; break; } if (do_wakeup) { smp_mb(); if (waitqueue_active(&pipe->wait)) wake_up_interruptible_sync(&pipe->wait); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); do_wakeup = 0; } pipe->waiting_writers++; pipe_wait(pipe); pipe->waiting_writers--; } if (pipe->inode) { mutex_unlock(&pipe->inode->i_mutex); if (do_wakeup) { smp_mb(); if (waitqueue_active(&pipe->wait)) wake_up_interruptible(&pipe->wait); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); } } while (page_nr < spd_pages) spd->spd_release(spd, page_nr++); return ret; }",linux-2.6,,,31868303172661969058505030287178313024,0 3585,CWE-20,"static int pgx_gethdr(jas_stream_t *in, pgx_hdr_t *hdr) { int c; uchar buf[2]; if ((c = jas_stream_getc(in)) == EOF) { goto error; } buf[0] = c; if ((c = jas_stream_getc(in)) == EOF) { goto error; } buf[1] = c; hdr->magic = buf[0] << 8 | buf[1]; if (hdr->magic != PGX_MAGIC) { jas_eprintf(""invalid PGX signature\n""); goto error; } if ((c = pgx_getc(in)) == EOF || !isspace(c)) { goto error; } if (pgx_getbyteorder(in, &hdr->bigendian)) { jas_eprintf(""cannot get byte order\n""); goto error; } if (pgx_getsgnd(in, &hdr->sgnd)) { jas_eprintf(""cannot get signedness\n""); goto error; } if (pgx_getuint32(in, &hdr->prec)) { jas_eprintf(""cannot get precision\n""); goto error; } if (pgx_getuint32(in, &hdr->width)) { jas_eprintf(""cannot get width\n""); goto error; } if (pgx_getuint32(in, &hdr->height)) { jas_eprintf(""cannot get height\n""); goto error; } return 0; error: return -1; }",visit repo url,src/libjasper/pgx/pgx_dec.c,https://github.com/mdadams/jasper,23061308956273,1 345,CWE-416,"static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid) { struct hlist_head *hashent = ucounts_hashentry(ns, uid); struct ucounts *ucounts, *new; spin_lock_irq(&ucounts_lock); ucounts = find_ucounts(ns, uid, hashent); if (!ucounts) { spin_unlock_irq(&ucounts_lock); new = kzalloc(sizeof(*new), GFP_KERNEL); if (!new) return NULL; new->ns = ns; new->uid = uid; atomic_set(&new->count, 0); spin_lock_irq(&ucounts_lock); ucounts = find_ucounts(ns, uid, hashent); if (ucounts) { kfree(new); } else { hlist_add_head(&new->node, hashent); ucounts = new; } } if (!atomic_add_unless(&ucounts->count, 1, INT_MAX)) ucounts = NULL; spin_unlock_irq(&ucounts_lock); return ucounts; }",visit repo url,kernel/ucount.c,https://github.com/torvalds/linux,278316267386294,1 1637,[],"migrate_task(struct task_struct *p, int dest_cpu, struct migration_req *req) { struct rq *rq = task_rq(p); if (!p->se.on_rq && !task_running(rq, p)) { set_task_cpu(p, dest_cpu); return 0; } init_completion(&req->done); req->task = p; req->dest_cpu = dest_cpu; list_add(&req->list, &rq->migration_queue); return 1; }",linux-2.6,,,14272245432186878064243174106871251851,0 5711,['CWE-200'],"static inline u8 llc_ui_header_len(struct sock *sk, struct sockaddr_llc *addr) { u8 rc = LLC_PDU_LEN_U; if (addr->sllc_test || addr->sllc_xid) rc = LLC_PDU_LEN_U; else if (sk->sk_type == SOCK_STREAM) rc = LLC_PDU_LEN_I; return rc; }",linux-2.6,,,215885996642824953089816251592939687727,0 1191,CWE-400,"asmlinkage void __kprobes do_page_fault(struct pt_regs *regs, unsigned long writeaccess, unsigned long address) { unsigned long vec; struct task_struct *tsk; struct mm_struct *mm; struct vm_area_struct * vma; int si_code; int fault; siginfo_t info; tsk = current; mm = tsk->mm; si_code = SEGV_MAPERR; vec = lookup_exception_vector(); if (unlikely(fault_in_kernel_space(address))) { if (vmalloc_fault(address) >= 0) return; if (notify_page_fault(regs, vec)) return; goto bad_area_nosemaphore; } if (unlikely(notify_page_fault(regs, vec))) return; if ((regs->sr & SR_IMASK) != SR_IMASK) local_irq_enable(); perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, 0, regs, address); if (in_atomic() || !mm) goto no_context; down_read(&mm->mmap_sem); vma = find_vma(mm, address); if (!vma) goto bad_area; if (vma->vm_start <= address) goto good_area; if (!(vma->vm_flags & VM_GROWSDOWN)) goto bad_area; if (expand_stack(vma, address)) goto bad_area; good_area: si_code = SEGV_ACCERR; if (writeaccess) { if (!(vma->vm_flags & VM_WRITE)) goto bad_area; } else { if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) goto bad_area; } fault = handle_mm_fault(mm, vma, address, writeaccess ? FAULT_FLAG_WRITE : 0); if (unlikely(fault & VM_FAULT_ERROR)) { if (fault & VM_FAULT_OOM) goto out_of_memory; else if (fault & VM_FAULT_SIGBUS) goto do_sigbus; BUG(); } if (fault & VM_FAULT_MAJOR) { tsk->maj_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, 0, regs, address); } else { tsk->min_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, 0, regs, address); } up_read(&mm->mmap_sem); return; bad_area: up_read(&mm->mmap_sem); bad_area_nosemaphore: if (user_mode(regs)) { info.si_signo = SIGSEGV; info.si_errno = 0; info.si_code = si_code; info.si_addr = (void *) address; force_sig_info(SIGSEGV, &info, tsk); return; } no_context: if (fixup_exception(regs)) return; if (handle_trapped_io(regs, address)) return; bust_spinlocks(1); if (oops_may_print()) { unsigned long page; if (address < PAGE_SIZE) printk(KERN_ALERT ""Unable to handle kernel NULL "" ""pointer dereference""); else printk(KERN_ALERT ""Unable to handle kernel paging "" ""request""); printk("" at virtual address %08lx\n"", address); printk(KERN_ALERT ""pc = %08lx\n"", regs->pc); page = (unsigned long)get_TTB(); if (page) { page = ((__typeof__(page) *)page)[address >> PGDIR_SHIFT]; printk(KERN_ALERT ""*pde = %08lx\n"", page); if (page & _PAGE_PRESENT) { page &= PAGE_MASK; address &= 0x003ff000; page = ((__typeof__(page) *) __va(page))[address >> PAGE_SHIFT]; printk(KERN_ALERT ""*pte = %08lx\n"", page); } } } die(""Oops"", regs, writeaccess); bust_spinlocks(0); do_exit(SIGKILL); out_of_memory: up_read(&mm->mmap_sem); if (!user_mode(regs)) goto no_context; pagefault_out_of_memory(); return; do_sigbus: up_read(&mm->mmap_sem); info.si_signo = SIGBUS; info.si_errno = 0; info.si_code = BUS_ADRERR; info.si_addr = (void *)address; force_sig_info(SIGBUS, &info, tsk); if (!user_mode(regs)) goto no_context; }",visit repo url,arch/sh/mm/fault_32.c,https://github.com/torvalds/linux,50537031821809,1 2736,[],"static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, size_t msg_len) { struct sock *sk = asoc->base.sk; int err = 0; long current_timeo = *timeo_p; DEFINE_WAIT(wait); SCTP_DEBUG_PRINTK(""wait_for_sndbuf: asoc=%p, timeo=%ld, msg_len=%zu\n"", asoc, (long)(*timeo_p), msg_len); sctp_association_hold(asoc); for (;;) { prepare_to_wait_exclusive(&asoc->wait, &wait, TASK_INTERRUPTIBLE); if (!*timeo_p) goto do_nonblock; if (sk->sk_err || asoc->state >= SCTP_STATE_SHUTDOWN_PENDING || asoc->base.dead) goto do_error; if (signal_pending(current)) goto do_interrupted; if (msg_len <= sctp_wspace(asoc)) break; sctp_release_sock(sk); current_timeo = schedule_timeout(current_timeo); BUG_ON(sk != asoc->base.sk); sctp_lock_sock(sk); *timeo_p = current_timeo; } out: finish_wait(&asoc->wait, &wait); sctp_association_put(asoc); return err; do_error: err = -EPIPE; goto out; do_interrupted: err = sock_intr_errno(*timeo_p); goto out; do_nonblock: err = -EAGAIN; goto out; }",linux-2.6,,,96232739745502043129720791111437259587,0 3671,CWE-77,"do_command (unsigned char c) { static int dtr_up = 0; int newbaud, newflow, newparity, newbits; const char *xfr_cmd; char *fname; int r; switch (c) { case KEY_EXIT: return 1; case KEY_QUIT: term_set_hupcl(tty_fd, 0); term_flush(tty_fd); term_apply(tty_fd); term_erase(tty_fd); return 1; case KEY_STATUS: show_status(dtr_up); break; case KEY_PULSE: fd_printf(STO, ""\r\n*** pulse DTR ***\r\n""); if ( term_pulse_dtr(tty_fd) < 0 ) fd_printf(STO, ""*** FAILED\r\n""); break; case KEY_TOGGLE: if ( dtr_up ) r = term_lower_dtr(tty_fd); else r = term_raise_dtr(tty_fd); if ( r >= 0 ) dtr_up = ! dtr_up; fd_printf(STO, ""\r\n*** DTR: %s ***\r\n"", dtr_up ? ""up"" : ""down""); break; case KEY_BAUD_UP: case KEY_BAUD_DN: if (c == KEY_BAUD_UP) opts.baud = baud_up(opts.baud); else opts.baud = baud_down(opts.baud); term_set_baudrate(tty_fd, opts.baud); tty_q.len = 0; term_flush(tty_fd); term_apply(tty_fd); newbaud = term_get_baudrate(tty_fd, NULL); if ( opts.baud != newbaud ) { fd_printf(STO, ""\r\n*** baud: %d (%d) ***\r\n"", opts.baud, newbaud); } else { fd_printf(STO, ""\r\n*** baud: %d ***\r\n"", opts.baud); } set_tty_write_sz(newbaud); break; case KEY_FLOW: opts.flow = flow_next(opts.flow); term_set_flowcntrl(tty_fd, opts.flow); tty_q.len = 0; term_flush(tty_fd); term_apply(tty_fd); newflow = term_get_flowcntrl(tty_fd); if ( opts.flow != newflow ) { fd_printf(STO, ""\r\n*** flow: %s (%s) ***\r\n"", flow_str[opts.flow], flow_str[newflow]); } else { fd_printf(STO, ""\r\n*** flow: %s ***\r\n"", flow_str[opts.flow]); } break; case KEY_PARITY: opts.parity = parity_next(opts.parity); term_set_parity(tty_fd, opts.parity); tty_q.len = 0; term_flush(tty_fd); term_apply(tty_fd); newparity = term_get_parity(tty_fd); if (opts.parity != newparity ) { fd_printf(STO, ""\r\n*** parity: %s (%s) ***\r\n"", parity_str[opts.parity], parity_str[newparity]); } else { fd_printf(STO, ""\r\n*** parity: %s ***\r\n"", parity_str[opts.parity]); } break; case KEY_BITS: opts.databits = bits_next(opts.databits); term_set_databits(tty_fd, opts.databits); tty_q.len = 0; term_flush(tty_fd); term_apply(tty_fd); newbits = term_get_databits(tty_fd); if (opts.databits != newbits ) { fd_printf(STO, ""\r\n*** databits: %d (%d) ***\r\n"", opts.databits, newbits); } else { fd_printf(STO, ""\r\n*** databits: %d ***\r\n"", opts.databits); } break; case KEY_LECHO: opts.lecho = ! opts.lecho; fd_printf(STO, ""\r\n*** local echo: %s ***\r\n"", opts.lecho ? ""yes"" : ""no""); break; case KEY_SEND: case KEY_RECEIVE: xfr_cmd = (c == KEY_SEND) ? opts.send_cmd : opts.receive_cmd; if ( xfr_cmd[0] == '\0' ) { fd_printf(STO, ""\r\n*** command disabled ***\r\n""); break; } fname = read_filename(); if (fname == NULL) { fd_printf(STO, ""*** cannot read filename ***\r\n""); break; } run_cmd(tty_fd, xfr_cmd, fname, NULL); free(fname); break; case KEY_BREAK: term_break(tty_fd); fd_printf(STO, ""\r\n*** break sent ***\r\n""); break; default: break; } return 0; }",visit repo url,picocom.c,https://github.com/npat-efault/picocom,105683840415146,1 2353,CWE-476,"int avpriv_ac3_parse_header(AC3HeaderInfo **phdr, const uint8_t *buf, size_t size) { GetBitContext gb; AC3HeaderInfo *hdr; int err; if (!*phdr) *phdr = av_mallocz(sizeof(AC3HeaderInfo)); if (!*phdr) return AVERROR(ENOMEM); hdr = *phdr; init_get_bits8(&gb, buf, size); err = ff_ac3_parse_header(&gb, hdr); if (err < 0) return AVERROR_INVALIDDATA; return get_bits_count(&gb); }",visit repo url,libavcodec/ac3_parser.c,https://github.com/FFmpeg/FFmpeg,273714082579226,1 3603,CWE-119,"void jpc_qmfb_join_colgrp(jpc_fix_t *a, int numrows, int stride, int parity) { int bufsize = JPC_CEILDIVPOW2(numrows, 1); jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE]; jpc_fix_t *buf = joinbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; register jpc_fix_t *srcptr2; register jpc_fix_t *dstptr2; register int n; register int i; int hstartcol; if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc3(bufsize, JPC_QMFB_COLGRPSIZE, sizeof(jpc_fix_t)))) { abort(); } } hstartcol = (numrows + 1 - parity) >> 1; n = hstartcol; srcptr = &a[0]; dstptr = buf; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } srcptr += stride; dstptr += JPC_QMFB_COLGRPSIZE; } srcptr = &a[hstartcol * stride]; dstptr = &a[(1 - parity) * stride]; n = numrows - hstartcol; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += 2 * stride; srcptr += stride; } srcptr = buf; dstptr = &a[parity * stride]; n = hstartcol; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += 2 * stride; srcptr += JPC_QMFB_COLGRPSIZE; } if (buf != joinbuf) { jas_free(buf); } }",visit repo url,src/libjasper/jpc/jpc_qmfb.c,https://github.com/mdadams/jasper,274178140015189,1 3589,CWE-20,"int ras_validate(jas_stream_t *in) { uchar buf[RAS_MAGICLEN]; int i; int n; uint_fast32_t magic; assert(JAS_STREAM_MAXPUTBACK >= RAS_MAGICLEN); if ((n = jas_stream_read(in, buf, RAS_MAGICLEN)) < 0) { return -1; } for (i = n - 1; i >= 0; --i) { if (jas_stream_ungetc(in, buf[i]) == EOF) { return -1; } } if (n < RAS_MAGICLEN) { return -1; } magic = (JAS_CAST(uint_fast32_t, buf[0]) << 24) | (JAS_CAST(uint_fast32_t, buf[1]) << 16) | (JAS_CAST(uint_fast32_t, buf[2]) << 8) | buf[3]; if (magic != RAS_MAGIC) { return -1; } return 0; }",visit repo url,src/libjasper/ras/ras_dec.c,https://github.com/mdadams/jasper,122450261970759,1 4207,CWE-125,"get_html_data (MAPI_Attr *a) { VarLenData **body = XCALLOC(VarLenData*, a->num_values + 1); int j; for (j = 0; j < a->num_values; j++) { body[j] = XMALLOC(VarLenData, 1); body[j]->len = a->values[j].len; body[j]->data = CHECKED_XCALLOC(unsigned char, a->values[j].len); memmove (body[j]->data, a->values[j].data.buf, body[j]->len); } return body; }",visit repo url,src/tnef.c,https://github.com/verdammelt/tnef,113940098504507,1 2765,CWE-476," */ static void php_wddx_pop_element(void *user_data, const XML_Char *name) { st_entry *ent1, *ent2; wddx_stack *stack = (wddx_stack *)user_data; HashTable *target_hash; zend_class_entry *pce; zval obj; if (stack->top == 0) { return; } if (!strcmp((char *)name, EL_STRING) || !strcmp((char *)name, EL_NUMBER) || !strcmp((char *)name, EL_BOOLEAN) || !strcmp((char *)name, EL_NULL) || !strcmp((char *)name, EL_ARRAY) || !strcmp((char *)name, EL_STRUCT) || !strcmp((char *)name, EL_RECORDSET) || !strcmp((char *)name, EL_BINARY) || !strcmp((char *)name, EL_DATETIME)) { wddx_stack_top(stack, (void**)&ent1); if (Z_TYPE(ent1->data) == IS_UNDEF) { if (stack->top > 1) { stack->top--; efree(ent1); } else { stack->done = 1; } return; } if (!strcmp((char *)name, EL_BINARY)) { zend_string *new_str = NULL; if (ZSTR_EMPTY_ALLOC() != Z_STR(ent1->data)) { new_str = php_base64_decode( (unsigned char *)Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); } zval_ptr_dtor(&ent1->data); if (new_str) { ZVAL_STR(&ent1->data, new_str); } else { ZVAL_EMPTY_STRING(&ent1->data); } } if (Z_TYPE(ent1->data) == IS_OBJECT) { zval fname, retval; ZVAL_STRING(&fname, ""__wakeup""); call_user_function_ex(NULL, &ent1->data, &fname, &retval, 0, 0, 0, NULL); zval_ptr_dtor(&fname); zval_ptr_dtor(&retval); } if (stack->top > 1) { stack->top--; wddx_stack_top(stack, (void**)&ent2); if (Z_ISUNDEF(ent2->data)) { zval_ptr_dtor(&ent1->data); efree(ent1); return; } if (Z_TYPE(ent2->data) == IS_ARRAY || Z_TYPE(ent2->data) == IS_OBJECT) { target_hash = HASH_OF(&ent2->data); if (ent1->varname) { if (!strcmp(ent1->varname, PHP_CLASS_NAME_VAR) && Z_TYPE(ent1->data) == IS_STRING && Z_STRLEN(ent1->data) && ent2->type == ST_STRUCT && Z_TYPE(ent2->data) == IS_ARRAY) { zend_bool incomplete_class = 0; zend_str_tolower(Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); zend_string_forget_hash_val(Z_STR(ent1->data)); if ((pce = zend_hash_find_ptr(EG(class_table), Z_STR(ent1->data))) == NULL) { incomplete_class = 1; pce = PHP_IC_ENTRY; } if (pce != PHP_IC_ENTRY && (pce->serialize || pce->unserialize)) { zval_ptr_dtor(&ent2->data); ZVAL_UNDEF(&ent2->data); php_error_docref(NULL, E_WARNING, ""Class %s can not be unserialized"", Z_STRVAL(ent1->data)); } else { object_init_ex(&obj, pce); zend_hash_merge(Z_OBJPROP(obj), Z_ARRVAL(ent2->data), zval_add_ref, 0); if (incomplete_class) { php_store_class_name(&obj, Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); } zval_ptr_dtor(&ent2->data); ZVAL_COPY_VALUE(&ent2->data, &obj); } zval_ptr_dtor(&ent1->data); } else if (Z_TYPE(ent2->data) == IS_OBJECT) { zend_class_entry *old_scope = EG(scope); EG(scope) = Z_OBJCE(ent2->data); add_property_zval(&ent2->data, ent1->varname, &ent1->data); if Z_REFCOUNTED(ent1->data) Z_DELREF(ent1->data); EG(scope) = old_scope; } else { zend_symtable_str_update(target_hash, ent1->varname, strlen(ent1->varname), &ent1->data); } efree(ent1->varname); } else { zend_hash_next_index_insert(target_hash, &ent1->data); } } efree(ent1); } else { stack->done = 1; } } else if (!strcmp((char *)name, EL_VAR) && stack->varname) { efree(stack->varname); stack->varname = NULL; } else if (!strcmp((char *)name, EL_FIELD)) { st_entry *ent; wddx_stack_top(stack, (void **)&ent); efree(ent); stack->top--; }",visit repo url,ext/wddx/wddx.c,https://github.com/php/php-src,95924325956441,1 4017,['CWE-362'],"int audit_match_class(int class, unsigned syscall) { if (unlikely(syscall >= AUDIT_BITMASK_SIZE * 32)) return 0; if (unlikely(class >= AUDIT_SYSCALL_CLASSES || !classes[class])) return 0; return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall); }",linux-2.6,,,105531176084582039931139403976061103679,0 3754,[],"static struct sock *unix_get_socket(struct file *filp) { struct sock *u_sock = NULL; struct inode *inode = filp->f_path.dentry->d_inode; if (S_ISSOCK(inode->i_mode)) { struct socket * sock = SOCKET_I(inode); struct sock * s = sock->sk; if (s && sock->ops && sock->ops->family == PF_UNIX) u_sock = s; } return u_sock; }",linux-2.6,,,262483452488175271208577705024688626713,0 2370,['CWE-200'],"snd_seq_oss_synth_info_read(struct snd_info_buffer *buf) { int i; struct seq_oss_synth *rec; snd_iprintf(buf, ""\nNumber of synth devices: %d\n"", max_synth_devs); for (i = 0; i < max_synth_devs; i++) { snd_iprintf(buf, ""\nsynth %d: "", i); rec = get_sdev(i); if (rec == NULL) { snd_iprintf(buf, ""*empty*\n""); continue; } snd_iprintf(buf, ""[%s]\n"", rec->name); snd_iprintf(buf, "" type 0x%x : subtype 0x%x : voices %d\n"", rec->synth_type, rec->synth_subtype, rec->nr_voices); snd_iprintf(buf, "" capabilities : ioctl %s / load_patch %s\n"", enabled_str((long)rec->oper.ioctl), enabled_str((long)rec->oper.load_patch)); snd_use_lock_free(&rec->use_lock); } }",linux-2.6,,,266826350043774992573027375763389794533,0 1545,NVD-CWE-Other,"static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu) { return vcpu->arch.apic->pending_events; }",visit repo url,arch/x86/kvm/lapic.h,https://github.com/torvalds/linux,204374219613570,1 5373,CWE-77,"Sfdouble_t sh_strnum(Shell_t *shp, const char *str, char **ptr, int mode) { Sfdouble_t d; char *last; if (*str == 0) { if (ptr) *ptr = (char *)str; return 0; } errno = 0; d = number(str, &last, shp->inarith ? 0 : 10, NULL); if (*last) { if (*last != '.' || last[1] != '.') { d = strval(shp, str, &last, arith, mode); Varsubscript = true; } if (!ptr && *last && mode > 0) errormsg(SH_DICT, ERROR_exit(1), e_lexbadchar, *last, str); } else if (!d && *str == '-') { d = -0.0; } if (ptr) *ptr = last; return d; }",visit repo url,src/cmd/ksh93/sh/arith.c,https://github.com/att/ast,241289760411416,1 4389,CWE-125,"static int get_exif_tag_int_value(struct iw_exif_state *e, unsigned int tag_pos, unsigned int *pv) { unsigned int field_type; unsigned int value_count; field_type = iw_get_ui16_e(&e->d[tag_pos+2],e->endian); value_count = iw_get_ui32_e(&e->d[tag_pos+4],e->endian); if(value_count!=1) return 0; if(field_type==3) { *pv = iw_get_ui16_e(&e->d[tag_pos+8],e->endian); return 1; } else if(field_type==4) { *pv = iw_get_ui32_e(&e->d[tag_pos+8],e->endian); return 1; } return 0; }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,102653325511732,1 3829,['CWE-120'],"static int uvc_probe(struct usb_interface *intf, const struct usb_device_id *id) { struct usb_device *udev = interface_to_usbdev(intf); struct uvc_device *dev; int ret; if (id->idVendor && id->idProduct) uvc_trace(UVC_TRACE_PROBE, ""Probing known UVC device %s "" ""(%04x:%04x)\n"", udev->devpath, id->idVendor, id->idProduct); else uvc_trace(UVC_TRACE_PROBE, ""Probing generic UVC device %s\n"", udev->devpath); if ((dev = kzalloc(sizeof *dev, GFP_KERNEL)) == NULL) return -ENOMEM; INIT_LIST_HEAD(&dev->entities); INIT_LIST_HEAD(&dev->streaming); kref_init(&dev->kref); dev->udev = usb_get_dev(udev); dev->intf = usb_get_intf(intf); dev->intfnum = intf->cur_altsetting->desc.bInterfaceNumber; dev->quirks = id->driver_info | uvc_quirks_param; if (udev->product != NULL) strncpy(dev->name, udev->product, sizeof dev->name); else snprintf(dev->name, sizeof dev->name, ""UVC Camera (%04x:%04x)"", le16_to_cpu(udev->descriptor.idVendor), le16_to_cpu(udev->descriptor.idProduct)); if (uvc_parse_control(dev) < 0) { uvc_trace(UVC_TRACE_PROBE, ""Unable to parse UVC "" ""descriptors.\n""); goto error; } uvc_printk(KERN_INFO, ""Found UVC %u.%02u device %s (%04x:%04x)\n"", dev->uvc_version >> 8, dev->uvc_version & 0xff, udev->product ? udev->product : """", le16_to_cpu(udev->descriptor.idVendor), le16_to_cpu(udev->descriptor.idProduct)); if (uvc_quirks_param != 0) { uvc_printk(KERN_INFO, ""Forcing device quirks 0x%x by module "" ""parameter for testing purpose.\n"", uvc_quirks_param); uvc_printk(KERN_INFO, ""Please report required quirks to the "" ""linux-uvc-devel mailing list.\n""); } if (uvc_ctrl_init_device(dev) < 0) goto error; if (uvc_register_video(dev) < 0) goto error; usb_set_intfdata(intf, dev); if ((ret = uvc_status_init(dev)) < 0) { uvc_printk(KERN_INFO, ""Unable to initialize the status "" ""endpoint (%d), status interrupt will not be "" ""supported.\n"", ret); } uvc_trace(UVC_TRACE_PROBE, ""UVC device initialized.\n""); return 0; error: kref_put(&dev->kref, uvc_delete); return -ENODEV; }",linux-2.6,,,112004511049739077818713761623846137182,0 3636,['CWE-287'],"int sctp_assoc_set_bind_addr_from_cookie(struct sctp_association *asoc, struct sctp_cookie *cookie, gfp_t gfp) { int var_size2 = ntohs(cookie->peer_init->chunk_hdr.length); int var_size3 = cookie->raw_addr_list_len; __u8 *raw = (__u8 *)cookie->peer_init + var_size2; return sctp_raw_to_bind_addrs(&asoc->base.bind_addr, raw, var_size3, asoc->ep->base.bind_addr.port, gfp); }",linux-2.6,,,75096694463983959877696725773878772551,0 6118,['CWE-200'],"static unsigned long cbq_undelay_prio(struct cbq_sched_data *q, int prio) { struct cbq_class *cl; struct cbq_class *cl_prev = q->active[prio]; unsigned long now = jiffies; unsigned long sched = now; if (cl_prev == NULL) return now; do { cl = cl_prev->next_alive; if ((long)(now - cl->penalized) > 0) { cl_prev->next_alive = cl->next_alive; cl->next_alive = NULL; cl->cpriority = cl->priority; cl->delayed = 0; cbq_activate_class(cl); if (cl == q->active[prio]) { q->active[prio] = cl_prev; if (cl == q->active[prio]) { q->active[prio] = NULL; return 0; } } cl = cl_prev->next_alive; } else if ((long)(sched - cl->penalized) > 0) sched = cl->penalized; } while ((cl_prev = cl) != q->active[prio]); return (long)(sched - now); }",linux-2.6,,,11015218113734375925615304126776423891,0 2148,['CWE-400'],"static struct mempolicy *shmem_get_sbmpol(struct shmem_sb_info *sbinfo) { struct mempolicy *mpol = NULL; if (sbinfo->mpol) { spin_lock(&sbinfo->stat_lock); mpol = sbinfo->mpol; mpol_get(mpol); spin_unlock(&sbinfo->stat_lock); } return mpol; }",linux-2.6,,,336265967151551491111968381335711364784,0 602,CWE-119,"int wvlan_set_station_nickname(struct net_device *dev, struct iw_request_info *info, union iwreq_data *wrqu, char *extra) { struct wl_private *lp = wl_priv(dev); unsigned long flags; int ret = 0; DBG_FUNC(""wvlan_set_station_nickname""); DBG_ENTER(DbgInfo); wl_lock(lp, &flags); memset(lp->StationName, 0, sizeof(lp->StationName)); memcpy(lp->StationName, extra, wrqu->data.length); wl_apply(lp); wl_unlock(lp, &flags); DBG_LEAVE(DbgInfo); return ret; } ",visit repo url,drivers/staging/wlags49_h2/wl_priv.c,https://github.com/torvalds/linux,100021583517997,1 662,[],"void jpc_cstate_destroy(jpc_cstate_t *cstate) { jas_free(cstate); }",jasper,,,138613327070992868122520694854625460260,0 3611,['CWE-20'],"sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; union sctp_addr from_addr; struct sctp_transport *link; sctp_sender_hb_info_t *hbinfo; unsigned long max_interval; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_heartbeat_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data; if (ntohs(hbinfo->param_hdr.length) != sizeof(sctp_sender_hb_info_t)) { return SCTP_DISPOSITION_DISCARD; } from_addr = hbinfo->daddr; link = sctp_assoc_lookup_paddr(asoc, &from_addr); if (unlikely(!link)) { if (from_addr.sa.sa_family == AF_INET6) { if (net_ratelimit()) printk(KERN_WARNING ""%s association %p could not find address "" NIP6_FMT ""\n"", __func__, asoc, NIP6(from_addr.v6.sin6_addr)); } else { if (net_ratelimit()) printk(KERN_WARNING ""%s association %p could not find address "" NIPQUAD_FMT ""\n"", __func__, asoc, NIPQUAD(from_addr.v4.sin_addr.s_addr)); } return SCTP_DISPOSITION_DISCARD; } if (hbinfo->hb_nonce != link->hb_nonce) return SCTP_DISPOSITION_DISCARD; max_interval = link->hbinterval + link->rto; if (time_after(hbinfo->sent_at, jiffies) || time_after(jiffies, hbinfo->sent_at + max_interval)) { SCTP_DEBUG_PRINTK(""%s: HEARTBEAT ACK with invalid timestamp "" ""received for transport: %p\n"", __func__, link); return SCTP_DISPOSITION_DISCARD; } sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_ON, SCTP_TRANSPORT(link)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,103895665533240610390297792367639798642,0 5639,CWE-125,"forbidden_name(struct compiling *c, identifier name, const node *n, int full_checks) { assert(PyUnicode_Check(name)); if (PyUnicode_CompareWithASCIIString(name, ""__debug__"") == 0) { ast_error(c, n, ""assignment to keyword""); return 1; } if (full_checks) { const char * const *p; for (p = FORBIDDEN; *p; p++) { if (PyUnicode_CompareWithASCIIString(name, *p) == 0) { ast_error(c, n, ""assignment to keyword""); return 1; } } } return 0; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,79550353677879,1 6496,CWE-787,"trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint64_t key_len, char *bls_pub_key) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE CHECK_STATE(bls_pub_key); CHECK_STATE(encryptedPrivateKey); SAFE_CHAR_BUF(skey_hex, ECDSA_SKEY_LEN); int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN); CHECK_STATUS2(""AES decrypt failed %d""); skey_hex[ECDSA_SKEY_LEN - 1] = 0; status = calc_bls_public_key(skey_hex, bls_pub_key); CHECK_STATUS(""could not calculate bls public key""); SET_SUCCESS static uint64_t counter = 0; clean: if (counter % 1000 == 0) { LOG_INFO(__FUNCTION__); LOG_INFO(""Thousand SGX calls completed""); } counter++; }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,158245601014976,1 3987,['CWE-362'],"static void audit_list(int pid, int seq, struct sk_buff_head *q) { struct sk_buff *skb; struct audit_entry *entry; int i; for (i=0; irule); if (unlikely(!rule)) break; skb = audit_make_reply(pid, seq, AUDIT_LIST, 0, 1, rule, sizeof(*rule)); if (skb) skb_queue_tail(q, skb); kfree(rule); } } for (i = 0; i < AUDIT_INODE_BUCKETS; i++) { list_for_each_entry(entry, &audit_inode_hash[i], list) { struct audit_rule *rule; rule = audit_krule_to_rule(&entry->rule); if (unlikely(!rule)) break; skb = audit_make_reply(pid, seq, AUDIT_LIST, 0, 1, rule, sizeof(*rule)); if (skb) skb_queue_tail(q, skb); kfree(rule); } } skb = audit_make_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0); if (skb) skb_queue_tail(q, skb); }",linux-2.6,,,197187460240270886366611841799199817975,0 6266,['CWE-200'],"static int neigh_stat_seq_open(struct inode *inode, struct file *file) { int ret = seq_open(file, &neigh_stat_seq_ops); if (!ret) { struct seq_file *sf = file->private_data; sf->private = PDE(inode); } return ret; };",linux-2.6,,,161599682962748953949129837191433922320,0 730,CWE-20,"static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct sco_pinfo *pi = sco_pi(sk); lock_sock(sk); if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { sco_conn_defer_accept(pi->conn->hcon, pi->setting); sk->sk_state = BT_CONFIG; msg->msg_namelen = 0; release_sock(sk); return 0; } release_sock(sk); return bt_sock_recvmsg(iocb, sock, msg, len, flags); }",visit repo url,net/bluetooth/sco.c,https://github.com/torvalds/linux,169024666607659,1 2696,[],"static void sctp_bucket_destroy(struct sctp_bind_bucket *pp) { if (pp && hlist_empty(&pp->owner)) { __hlist_del(&pp->node); kmem_cache_free(sctp_bucket_cachep, pp); SCTP_DBG_OBJCNT_DEC(bind_bucket); } }",linux-2.6,,,8179733462829481797880739179064278169,0 4343,CWE-358,"DefragReverseSimpleTest(void) { Packet *p1 = NULL, *p2 = NULL, *p3 = NULL; Packet *reassembled = NULL; int id = 12; int i; int ret = 0; DefragInit(); p1 = BuildTestPacket(id, 0, 1, 'A', 8); if (p1 == NULL) goto end; p2 = BuildTestPacket(id, 1, 1, 'B', 8); if (p2 == NULL) goto end; p3 = BuildTestPacket(id, 2, 0, 'C', 3); if (p3 == NULL) goto end; if (Defrag(NULL, NULL, p3, NULL) != NULL) goto end; if (Defrag(NULL, NULL, p2, NULL) != NULL) goto end; reassembled = Defrag(NULL, NULL, p1, NULL); if (reassembled == NULL) goto end; if (IPV4_GET_HLEN(reassembled) != 20) goto end; if (IPV4_GET_IPLEN(reassembled) != 39) goto end; for (i = 20; i < 20 + 8; i++) { if (GET_PKT_DATA(reassembled)[i] != 'A') goto end; } for (i = 28; i < 28 + 8; i++) { if (GET_PKT_DATA(reassembled)[i] != 'B') goto end; } for (i = 36; i < 36 + 3; i++) { if (GET_PKT_DATA(reassembled)[i] != 'C') goto end; } ret = 1; end: if (p1 != NULL) SCFree(p1); if (p2 != NULL) SCFree(p2); if (p3 != NULL) SCFree(p3); if (reassembled != NULL) SCFree(reassembled); DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,254589710184585,1 1598,[],"void set_curr_task(int cpu, struct task_struct *p) { cpu_curr(cpu) = p; }",linux-2.6,,,253377441866632843439412140601285030614,0 1748,[],"find_busiest_queue(struct sched_group *group, enum cpu_idle_type idle, unsigned long imbalance, const cpumask_t *cpus) { struct rq *busiest = NULL, *rq; unsigned long max_load = 0; int i; for_each_cpu_mask(i, group->cpumask) { unsigned long wl; if (!cpu_isset(i, *cpus)) continue; rq = cpu_rq(i); wl = weighted_cpuload(i); if (rq->nr_running == 1 && wl > imbalance) continue; if (wl > max_load) { max_load = wl; busiest = rq; } } return busiest; }",linux-2.6,,,265399706345634269323158002776607075077,0 871,['CWE-119'],"isdn_free_channel(int di, int ch, int usage) { int i; if ((di < 0) || (ch < 0)) { printk(KERN_WARNING ""%s: called with invalid drv(%d) or channel(%d)\n"", __FUNCTION__, di, ch); return; } for (i = 0; i < ISDN_MAX_CHANNELS; i++) if (((!usage) || ((dev->usage[i] & ISDN_USAGE_MASK) == usage)) && (dev->drvmap[i] == di) && (dev->chanmap[i] == ch)) { dev->usage[i] &= (ISDN_USAGE_NONE | ISDN_USAGE_EXCLUSIVE); strcpy(dev->num[i], ""???""); dev->ibytes[i] = 0; dev->obytes[i] = 0; dev->v110emu[i] = 0; atomic_set(&(dev->v110use[i]), 0); isdn_v110_close(dev->v110[i]); dev->v110[i] = NULL; isdn_info_update(); if (dev->drv[di]) skb_queue_purge(&dev->drv[di]->rpqueue[ch]); } }",linux-2.6,,,316312861808316371324437918937373532243,0 4474,CWE-476,"h2v1_merged_upsample_565D_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf, JDIMENSION in_row_group_ctr, JSAMPARRAY output_buf) { my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; register int y, cred, cgreen, cblue; int cb, cr; register JSAMPROW outptr; JSAMPROW inptr0, inptr1, inptr2; JDIMENSION col; register JSAMPLE *range_limit = cinfo->sample_range_limit; int *Crrtab = upsample->Cr_r_tab; int *Cbbtab = upsample->Cb_b_tab; JLONG *Crgtab = upsample->Cr_g_tab; JLONG *Cbgtab = upsample->Cb_g_tab; JLONG d0 = dither_matrix[cinfo->output_scanline & DITHER_MASK]; unsigned int r, g, b; JLONG rgb; SHIFT_TEMPS inptr0 = input_buf[0][in_row_group_ctr]; inptr1 = input_buf[1][in_row_group_ctr]; inptr2 = input_buf[2][in_row_group_ctr]; outptr = output_buf[0]; for (col = cinfo->output_width >> 1; col > 0; col--) { cb = GETJSAMPLE(*inptr1++); cr = GETJSAMPLE(*inptr2++); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr0++); r = range_limit[DITHER_565_R(y + cred, d0)]; g = range_limit[DITHER_565_G(y + cgreen, d0)]; b = range_limit[DITHER_565_B(y + cblue, d0)]; d0 = DITHER_ROTATE(d0); rgb = PACK_SHORT_565(r, g, b); y = GETJSAMPLE(*inptr0++); r = range_limit[DITHER_565_R(y + cred, d0)]; g = range_limit[DITHER_565_G(y + cgreen, d0)]; b = range_limit[DITHER_565_B(y + cblue, d0)]; d0 = DITHER_ROTATE(d0); rgb = PACK_TWO_PIXELS(rgb, PACK_SHORT_565(r, g, b)); WRITE_TWO_PIXELS(outptr, rgb); outptr += 4; } if (cinfo->output_width & 1) { cb = GETJSAMPLE(*inptr1); cr = GETJSAMPLE(*inptr2); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr0); r = range_limit[DITHER_565_R(y + cred, d0)]; g = range_limit[DITHER_565_G(y + cgreen, d0)]; b = range_limit[DITHER_565_B(y + cblue, d0)]; rgb = PACK_SHORT_565(r, g, b); *(INT16 *)outptr = (INT16)rgb; } }",visit repo url,jdmrg565.c,https://github.com/libjpeg-turbo/libjpeg-turbo,260407563350116,1 1205,['CWE-189'],"void unlock_hrtimer_base(const struct hrtimer *timer, unsigned long *flags) { spin_unlock_irqrestore(&timer->base->cpu_base->lock, *flags); }",linux-2.6,,,294665678278501838534277680493650286795,0 4635,['CWE-399'],"static inline unsigned int ext4_flex_bg_size(struct ext4_sb_info *sbi) { return 1 << sbi->s_log_groups_per_flex;",linux-2.6,,,258126540348619205725450326137721005502,0 5403,['CWE-476'],"int kvm_vm_ioctl_get_dirty_log(struct kvm *kvm, struct kvm_dirty_log *log) { int r; int n; struct kvm_memory_slot *memslot; int is_dirty = 0; down_write(&kvm->slots_lock); r = kvm_get_dirty_log(kvm, log, &is_dirty); if (r) goto out; if (is_dirty) { kvm_mmu_slot_remove_write_access(kvm, log->slot); kvm_flush_remote_tlbs(kvm); memslot = &kvm->memslots[log->slot]; n = ALIGN(memslot->npages, BITS_PER_LONG) / 8; memset(memslot->dirty_bitmap, 0, n); } r = 0; out: up_write(&kvm->slots_lock); return r; }",linux-2.6,,,151665314337446707870436219033801600725,0 3461,CWE-362,"int mi_repair(MI_CHECK *param, register MI_INFO *info, char * name, int rep_quick) { int error,got_error; ha_rows start_records,new_header_length; my_off_t del; File new_file; MYISAM_SHARE *share=info->s; char llbuff[22],llbuff2[22]; SORT_INFO sort_info; MI_SORT_PARAM sort_param; DBUG_ENTER(""mi_repair""); bzero((char *)&sort_info, sizeof(sort_info)); bzero((char *)&sort_param, sizeof(sort_param)); start_records=info->state->records; new_header_length=(param->testflag & T_UNPACK) ? 0L : share->pack.header_length; got_error=1; new_file= -1; sort_param.sort_info=&sort_info; if (!(param->testflag & T_SILENT)) { printf(""- recovering (with keycache) MyISAM-table '%s'\n"",name); printf(""Data records: %s\n"", llstr(info->state->records,llbuff)); } param->testflag|=T_REP; if (info->s->options & (HA_OPTION_CHECKSUM | HA_OPTION_COMPRESS_RECORD)) param->testflag|=T_CALC_CHECKSUM; DBUG_ASSERT(param->use_buffers < SIZE_T_MAX); if (!param->using_global_keycache) (void) init_key_cache(dflt_key_cache, param->key_cache_block_size, param->use_buffers, 0, 0); if (init_io_cache(¶m->read_cache,info->dfile, (uint) param->read_buffer_length, READ_CACHE,share->pack.header_length,1,MYF(MY_WME))) { bzero(&info->rec_cache,sizeof(info->rec_cache)); goto err; } if (!rep_quick) if (init_io_cache(&info->rec_cache,-1,(uint) param->write_buffer_length, WRITE_CACHE, new_header_length, 1, MYF(MY_WME | MY_WAIT_IF_FULL))) goto err; info->opt_flag|=WRITE_CACHE_USED; if (!mi_alloc_rec_buff(info, -1, &sort_param.record) || !mi_alloc_rec_buff(info, -1, &sort_param.rec_buff)) { mi_check_print_error(param, ""Not enough memory for extra record""); goto err; } if (!rep_quick) { if ((new_file= mysql_file_create(mi_key_file_datatmp, fn_format(param->temp_filename, share->data_file_name, """", DATA_TMP_EXT, 2+4), 0, param->tmpfile_createflag, MYF(0))) < 0) { mi_check_print_error(param,""Can't create new tempfile: '%s'"", param->temp_filename); goto err; } if (new_header_length && filecopy(param,new_file,info->dfile,0L,new_header_length, ""datafile-header"")) goto err; info->s->state.dellink= HA_OFFSET_ERROR; info->rec_cache.file=new_file; if (param->testflag & T_UNPACK) { share->options&= ~HA_OPTION_COMPRESS_RECORD; mi_int2store(share->state.header.options,share->options); } } sort_info.info=info; sort_info.param = param; sort_param.read_cache=param->read_cache; sort_param.pos=sort_param.max_pos=share->pack.header_length; sort_param.filepos=new_header_length; param->read_cache.end_of_file=sort_info.filelength= mysql_file_seek(info->dfile, 0L, MY_SEEK_END, MYF(0)); sort_info.dupp=0; sort_param.fix_datafile= (my_bool) (! rep_quick); sort_param.master=1; sort_info.max_records= ~(ha_rows) 0; set_data_file_type(&sort_info, share); del=info->state->del; info->state->records=info->state->del=share->state.split=0; info->state->empty=0; param->glob_crc=0; if (param->testflag & T_CALC_CHECKSUM) sort_param.calc_checksum= 1; info->update= (short) (HA_STATE_CHANGED | HA_STATE_ROW_CHANGED); if (param->testflag & T_CREATE_MISSING_KEYS) mi_set_all_keys_active(share->state.key_map, share->base.keys); mi_drop_all_indexes(param, info, TRUE); lock_memory(param); while (!(error=sort_get_next_record(&sort_param))) { if (writekeys(&sort_param)) { if (my_errno != HA_ERR_FOUND_DUPP_KEY) goto err; DBUG_DUMP(""record"",(uchar*) sort_param.record,share->base.pack_reclength); mi_check_print_info(param,""Duplicate key %2d for record at %10s against new record at %10s"", info->errkey+1, llstr(sort_param.start_recpos,llbuff), llstr(info->dupp_key_pos,llbuff2)); if (param->testflag & T_VERBOSE) { (void) _mi_make_key(info,(uint) info->errkey,info->lastkey, sort_param.record,0L); _mi_print_key(stdout,share->keyinfo[info->errkey].seg,info->lastkey, USE_WHOLE_KEY); } sort_info.dupp++; if ((param->testflag & (T_FORCE_UNIQUENESS|T_QUICK)) == T_QUICK) { param->testflag|=T_RETRY_WITHOUT_QUICK; param->error_printed=1; goto err; } continue; } if (sort_write_record(&sort_param)) goto err; } if (error > 0 || write_data_suffix(&sort_info, (my_bool)!rep_quick) || flush_io_cache(&info->rec_cache) || param->read_cache.error < 0) goto err; if (param->testflag & T_WRITE_LOOP) { (void) fputs("" \r"",stdout); (void) fflush(stdout); } if (mysql_file_chsize(share->kfile, info->state->key_file_length, 0, MYF(0))) { mi_check_print_warning(param, ""Can't change size of indexfile, error: %d"", my_errno); goto err; } if (rep_quick && del+sort_info.dupp != info->state->del) { mi_check_print_error(param,""Couldn't fix table with quick recovery: Found wrong number of deleted records""); mi_check_print_error(param,""Run recovery again without -q""); got_error=1; param->retry_repair=1; param->testflag|=T_RETRY_WITHOUT_QUICK; goto err; } if (param->testflag & T_SAFE_REPAIR) { if (info->state->records+1 < start_records) { info->state->records=start_records; got_error=1; goto err; } } if (!rep_quick) { mysql_file_close(info->dfile, MYF(0)); info->dfile=new_file; info->state->data_file_length=sort_param.filepos; share->state.version=(ulong) time((time_t*) 0); } else { info->state->data_file_length=sort_param.max_pos; } if (param->testflag & T_CALC_CHECKSUM) info->state->checksum=param->glob_crc; if (!(param->testflag & T_SILENT)) { if (start_records != info->state->records) printf(""Data records: %s\n"", llstr(info->state->records,llbuff)); if (sort_info.dupp) mi_check_print_warning(param, ""%s records have been removed"", llstr(sort_info.dupp,llbuff)); } got_error=0; if (&share->state.state != info->state) memcpy( &share->state.state, info->state, sizeof(*info->state)); err: if (!got_error) { if (new_file >= 0) { mysql_file_close(new_file, MYF(0)); info->dfile=new_file= -1; if (info->s->file_map) { (void) my_munmap((char*) info->s->file_map, (size_t) info->s->mmaped_length); info->s->file_map= NULL; } if (change_to_newfile(share->data_file_name, MI_NAME_DEXT, DATA_TMP_EXT, (param->testflag & T_BACKUP_DATA ? MYF(MY_REDEL_MAKE_BACKUP): MYF(0))) || mi_open_datafile(info,share,name,-1)) got_error=1; param->retry_repair= 0; } } if (got_error) { if (! param->error_printed) mi_check_print_error(param,""%d for record at pos %s"",my_errno, llstr(sort_param.start_recpos,llbuff)); if (new_file >= 0) { (void) mysql_file_close(new_file, MYF(0)); (void) mysql_file_delete(mi_key_file_datatmp, param->temp_filename, MYF(MY_WME)); info->rec_cache.file=-1; } mi_mark_crashed_on_repair(info); } my_free(mi_get_rec_buff_ptr(info, sort_param.rec_buff)); my_free(mi_get_rec_buff_ptr(info, sort_param.record)); my_free(sort_info.buff); (void) end_io_cache(¶m->read_cache); info->opt_flag&= ~(READ_CACHE_USED | WRITE_CACHE_USED); (void) end_io_cache(&info->rec_cache); got_error|=flush_blocks(param, share->key_cache, share->kfile); if (!got_error && param->testflag & T_UNPACK) { share->state.header.options[0]&= (uchar) ~HA_OPTION_COMPRESS_RECORD; share->pack.header_length=0; share->data_file_type=sort_info.new_data_file_type; } share->state.changed|= (STATE_NOT_OPTIMIZED_KEYS | STATE_NOT_SORTED_PAGES | STATE_NOT_ANALYZED); DBUG_RETURN(got_error); }",visit repo url,storage/myisam/mi_check.c,https://github.com/mysql/mysql-server,259630580007368,1 167,[],"static int put_compat_flock(struct flock *kfl, struct compat_flock __user *ufl) { if (!access_ok(VERIFY_WRITE, ufl, sizeof(*ufl)) || __put_user(kfl->l_type, &ufl->l_type) || __put_user(kfl->l_whence, &ufl->l_whence) || __put_user(kfl->l_start, &ufl->l_start) || __put_user(kfl->l_len, &ufl->l_len) || __put_user(kfl->l_pid, &ufl->l_pid)) return -EFAULT; return 0; }",linux-2.6,,,229903518823260316242773987628302980996,0 973,CWE-416,"static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file, struct snd_ctl_tlv __user *_tlv, int op_flag) { struct snd_card *card = file->card; struct snd_ctl_tlv tlv; struct snd_kcontrol *kctl; struct snd_kcontrol_volatile *vd; unsigned int len; int err = 0; if (copy_from_user(&tlv, _tlv, sizeof(tlv))) return -EFAULT; if (tlv.length < sizeof(unsigned int) * 2) return -EINVAL; down_read(&card->controls_rwsem); kctl = snd_ctl_find_numid(card, tlv.numid); if (kctl == NULL) { err = -ENOENT; goto __kctl_end; } if (kctl->tlv.p == NULL) { err = -ENXIO; goto __kctl_end; } vd = &kctl->vd[tlv.numid - kctl->id.numid]; if ((op_flag == 0 && (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_READ) == 0) || (op_flag > 0 && (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_WRITE) == 0) || (op_flag < 0 && (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_COMMAND) == 0)) { err = -ENXIO; goto __kctl_end; } if (vd->access & SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK) { if (vd->owner != NULL && vd->owner != file) { err = -EPERM; goto __kctl_end; } err = kctl->tlv.c(kctl, op_flag, tlv.length, _tlv->tlv); if (err > 0) { up_read(&card->controls_rwsem); snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &kctl->id); return 0; } } else { if (op_flag) { err = -ENXIO; goto __kctl_end; } len = kctl->tlv.p[1] + 2 * sizeof(unsigned int); if (tlv.length < len) { err = -ENOMEM; goto __kctl_end; } if (copy_to_user(_tlv->tlv, kctl->tlv.p, len)) err = -EFAULT; } __kctl_end: up_read(&card->controls_rwsem); return err; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,104683428470422,1 680,CWE-20,"static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t total_len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int error = 0; if (sk->sk_state & PPPOX_BOUND) { error = -EIO; goto end; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &error); if (error < 0) goto end; m->msg_namelen = 0; if (skb) { total_len = min_t(size_t, total_len, skb->len); error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len); if (error == 0) { consume_skb(skb); return total_len; } } kfree_skb(skb); end: return error; }",visit repo url,drivers/net/ppp/pppoe.c,https://github.com/torvalds/linux,210801352169286,1 3927,['CWE-399'],"static void ta8874z_setmode(struct CHIPSTATE *chip, int mode) { int update = 1; audiocmd *t = NULL; v4l_dbg(1, debug, chip->c, ""ta8874z_setmode(): mode: 0x%02x\n"", mode); switch(mode){ case V4L2_TUNER_MODE_MONO: t = &ta8874z_mono; break; case V4L2_TUNER_MODE_STEREO: t = &ta8874z_stereo; break; case V4L2_TUNER_MODE_LANG1: t = &ta8874z_main; break; case V4L2_TUNER_MODE_LANG2: t = &ta8874z_sub; break; default: update = 0; } if(update) chip_cmd(chip, ""TA8874Z"", t); }",linux-2.6,,,197616786838780622578862146647721323226,0 3526,CWE-476,"jas_image_t *jp2_decode(jas_stream_t *in, char *optstr) { jp2_box_t *box; int found; jas_image_t *image; jp2_dec_t *dec; bool samedtype; int dtype; unsigned int i; jp2_cmap_t *cmapd; jp2_pclr_t *pclrd; jp2_cdef_t *cdefd; unsigned int channo; int newcmptno; int_fast32_t *lutents; #if 0 jp2_cdefchan_t *cdefent; int cmptno; #endif jp2_cmapent_t *cmapent; jas_icchdr_t icchdr; jas_iccprof_t *iccprof; dec = 0; box = 0; image = 0; if (!(dec = jp2_dec_create())) { goto error; } if (!(box = jp2_box_get(in))) { jas_eprintf(""error: cannot get box\n""); goto error; } if (box->type != JP2_BOX_JP) { jas_eprintf(""error: expecting signature box\n""); goto error; } if (box->data.jp.magic != JP2_JP_MAGIC) { jas_eprintf(""incorrect magic number\n""); goto error; } jp2_box_destroy(box); box = 0; if (!(box = jp2_box_get(in))) { goto error; } if (box->type != JP2_BOX_FTYP) { jas_eprintf(""expecting file type box\n""); goto error; } jp2_box_destroy(box); box = 0; found = 0; while ((box = jp2_box_get(in))) { if (jas_getdbglevel() >= 1) { jas_eprintf(""box type %s\n"", box->info->name); } switch (box->type) { case JP2_BOX_JP2C: found = 1; break; case JP2_BOX_IHDR: if (!dec->ihdr) { dec->ihdr = box; box = 0; } break; case JP2_BOX_BPCC: if (!dec->bpcc) { dec->bpcc = box; box = 0; } break; case JP2_BOX_CDEF: if (!dec->cdef) { dec->cdef = box; box = 0; } break; case JP2_BOX_PCLR: if (!dec->pclr) { dec->pclr = box; box = 0; } break; case JP2_BOX_CMAP: if (!dec->cmap) { dec->cmap = box; box = 0; } break; case JP2_BOX_COLR: if (!dec->colr) { dec->colr = box; box = 0; } break; } if (box) { jp2_box_destroy(box); box = 0; } if (found) { break; } } if (!found) { jas_eprintf(""error: no code stream found\n""); goto error; } if (!(dec->image = jpc_decode(in, optstr))) { jas_eprintf(""error: cannot decode code stream\n""); goto error; } if (!dec->ihdr) { jas_eprintf(""error: missing IHDR box\n""); goto error; } if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } samedtype = true; dtype = jas_image_cmptdtype(dec->image, 0); for (i = 1; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != dtype) { samedtype = false; break; } } if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) || (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) { jas_eprintf(""warning: component data type mismatch\n""); } if (dec->ihdr->data.ihdr.comptype != JP2_IHDR_COMPTYPE) { jas_eprintf(""error: unsupported compression type\n""); goto error; } if (dec->bpcc) { if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(uint, jas_image_numcmpts( dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!samedtype) { for (i = 0; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) { jas_eprintf(""warning: component data type mismatch\n""); } } } else { jas_eprintf(""warning: superfluous BPCC box\n""); } } if (!dec->colr) { jas_eprintf(""error: no COLR box\n""); goto error; } switch (dec->colr->data.colr.method) { case JP2_COLR_ENUM: jas_image_setclrspc(dec->image, jp2_getcs(&dec->colr->data.colr)); break; case JP2_COLR_ICC: iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, dec->colr->data.colr.iccplen); if (!iccprof) { jas_eprintf(""error: failed to parse ICC profile\n""); goto error; } jas_iccprof_gethdr(iccprof, &icchdr); jas_eprintf(""ICC Profile CS %08x\n"", icchdr.colorspc); jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof); assert(dec->image->cmprof_); jas_iccprof_destroy(iccprof); break; } if (dec->cmap && !dec->pclr) { jas_eprintf(""warning: missing PCLR box or superfluous CMAP box\n""); jp2_box_destroy(dec->cmap); dec->cmap = 0; } if (!dec->cmap && dec->pclr) { jas_eprintf(""warning: missing CMAP box or superfluous PCLR box\n""); jp2_box_destroy(dec->pclr); dec->pclr = 0; } dec->numchans = dec->cmap ? dec->cmap->data.cmap.numchans : JAS_CAST(uint, jas_image_numcmpts(dec->image)); if (dec->cmap) { for (i = 0; i < dec->numchans; ++i) { if (dec->cmap->data.cmap.ents[i].cmptno >= JAS_CAST(uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""error: invalid component number in CMAP box\n""); goto error; } if (dec->cmap->data.cmap.ents[i].pcol >= dec->pclr->data.pclr.numchans) { jas_eprintf(""error: invalid CMAP LUT index\n""); goto error; } } } if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) { jas_eprintf(""error: no memory\n""); goto error; } if (!dec->cmap) { for (i = 0; i < dec->numchans; ++i) { dec->chantocmptlut[i] = i; } } else { cmapd = &dec->cmap->data.cmap; pclrd = &dec->pclr->data.pclr; cdefd = &dec->cdef->data.cdef; for (channo = 0; channo < cmapd->numchans; ++channo) { cmapent = &cmapd->ents[channo]; if (cmapent->map == JP2_CMAP_DIRECT) { dec->chantocmptlut[channo] = channo; } else if (cmapent->map == JP2_CMAP_PALETTE) { lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); for (i = 0; i < pclrd->numlutents; ++i) { lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; } newcmptno = jas_image_numcmpts(dec->image); jas_image_depalettize(dec->image, cmapent->cmptno, pclrd->numlutents, lutents, JP2_BPCTODTYPE(pclrd->bpc[cmapent->pcol]), newcmptno); dec->chantocmptlut[channo] = newcmptno; jas_free(lutents); #if 0 if (dec->cdef) { cdefent = jp2_cdef_lookup(cdefd, channo); if (!cdefent) { abort(); } jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), cdefent->type, cdefent->assoc)); } else { jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1)); } #endif } } } for (i = 0; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { jas_image_setcmpttype(dec->image, i, JAS_IMAGE_CT_UNKNOWN); } if (dec->cdef) { for (i = 0; i < dec->numchans; ++i) { if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { jas_eprintf(""error: invalid channel number in CDEF box\n""); goto error; } jas_image_setcmpttype(dec->image, dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], jp2_getct(jas_image_clrspc(dec->image), dec->cdef->data.cdef.ents[i].type, dec->cdef->data.cdef.ents[i].assoc)); } } else { for (i = 0; i < dec->numchans; ++i) { jas_image_setcmpttype(dec->image, dec->chantocmptlut[i], jp2_getct(jas_image_clrspc(dec->image), 0, i + 1)); } } for (i = jas_image_numcmpts(dec->image); i > 0; --i) { if (jas_image_cmpttype(dec->image, i - 1) == JAS_IMAGE_CT_UNKNOWN) { jas_image_delcmpt(dec->image, i - 1); } } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } #if 0 jas_eprintf(""no of components is %d\n"", jas_image_numcmpts(dec->image)); #endif image = dec->image; dec->image = 0; jp2_dec_destroy(dec); return image; error: if (box) { jp2_box_destroy(box); } if (dec) { jp2_dec_destroy(dec); } return 0; }",visit repo url,src/libjasper/jp2/jp2_dec.c,https://github.com/mdadams/jasper,155540392954752,1 4043,CWE-119,"static Sdb *store_versioninfo_gnu_verdef(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz) { const char *section_name = """"; const char *link_section_name = """"; char *end = NULL; Elf_(Shdr) *link_shdr = NULL; ut8 dfs[sizeof (Elf_(Verdef))] = {0}; Sdb *sdb; int cnt, i; if (shdr->sh_link > bin->ehdr.e_shnum) { return false; } link_shdr = &bin->shdr[shdr->sh_link]; if (shdr->sh_size < 1) { return false; } Elf_(Verdef) *defs = calloc (shdr->sh_size, sizeof (char)); if (!defs) { return false; } if (bin->shstrtab && shdr->sh_name < bin->shstrtab_size) { section_name = &bin->shstrtab[shdr->sh_name]; } if (link_shdr && bin->shstrtab && link_shdr->sh_name < bin->shstrtab_size) { link_section_name = &bin->shstrtab[link_shdr->sh_name]; } if (!defs) { bprintf (""Warning: Cannot allocate memory (Check Elf_(Verdef))\n""); return NULL; } sdb = sdb_new0 (); end = (char *)defs + shdr->sh_size; sdb_set (sdb, ""section_name"", section_name, 0); sdb_num_set (sdb, ""entries"", shdr->sh_info, 0); sdb_num_set (sdb, ""addr"", shdr->sh_addr, 0); sdb_num_set (sdb, ""offset"", shdr->sh_offset, 0); sdb_num_set (sdb, ""link"", shdr->sh_link, 0); sdb_set (sdb, ""link_section_name"", link_section_name, 0); for (cnt = 0, i = 0; cnt < shdr->sh_info && ((char *)defs + i < end); ++cnt) { Sdb *sdb_verdef = sdb_new0 (); char *vstart = ((char*)defs) + i; char key[32] = {0}; Elf_(Verdef) *verdef = (Elf_(Verdef)*)vstart; Elf_(Verdaux) aux = {0}; int j = 0; int isum = 0; r_buf_read_at (bin->b, shdr->sh_offset + i, dfs, sizeof (Elf_(Verdef))); verdef->vd_version = READ16 (dfs, j) verdef->vd_flags = READ16 (dfs, j) verdef->vd_ndx = READ16 (dfs, j) verdef->vd_cnt = READ16 (dfs, j) verdef->vd_hash = READ32 (dfs, j) verdef->vd_aux = READ32 (dfs, j) verdef->vd_next = READ32 (dfs, j) vstart += verdef->vd_aux; if (vstart > end || vstart + sizeof (Elf_(Verdaux)) > end) { sdb_free (sdb_verdef); goto out_error; } j = 0; aux.vda_name = READ32 (vstart, j) aux.vda_next = READ32 (vstart, j) isum = i + verdef->vd_aux; if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); goto out_error; } sdb_num_set (sdb_verdef, ""idx"", i, 0); sdb_num_set (sdb_verdef, ""vd_version"", verdef->vd_version, 0); sdb_num_set (sdb_verdef, ""vd_ndx"", verdef->vd_ndx, 0); sdb_num_set (sdb_verdef, ""vd_cnt"", verdef->vd_cnt, 0); sdb_set (sdb_verdef, ""vda_name"", &bin->dynstr[aux.vda_name], 0); sdb_set (sdb_verdef, ""flags"", get_ver_flags (verdef->vd_flags), 0); for (j = 1; j < verdef->vd_cnt; ++j) { int k; Sdb *sdb_parent = sdb_new0 (); isum += aux.vda_next; vstart += aux.vda_next; if (vstart > end || vstart + sizeof(Elf_(Verdaux)) > end) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } k = 0; aux.vda_name = READ32 (vstart, k) aux.vda_next = READ32 (vstart, k) if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } sdb_num_set (sdb_parent, ""idx"", isum, 0); sdb_num_set (sdb_parent, ""parent"", j, 0); sdb_set (sdb_parent, ""vda_name"", &bin->dynstr[aux.vda_name], 0); snprintf (key, sizeof (key), ""parent%d"", j - 1); sdb_ns_set (sdb_verdef, key, sdb_parent); } snprintf (key, sizeof (key), ""verdef%d"", cnt); sdb_ns_set (sdb, key, sdb_verdef); if (!verdef->vd_next) { sdb_free (sdb_verdef); goto out_error; } i += verdef->vd_next; } free (defs); return sdb; out_error: free (defs); sdb_free (sdb); return NULL; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radare/radare2,35792548339732,1 1077,['CWE-20'],"void ctrl_alt_del(void) { static DECLARE_WORK(cad_work, deferred_cad); if (C_A_D) schedule_work(&cad_work); else kill_cad_pid(SIGINT, 1); }",linux-2.6,,,246398934481417513280579496222248518516,0 6730,['CWE-310'],"nm_gconf_get_ip4_helper (GConfClient *client, const char *path, const char *key, const char *setting, guint32 tuple_len, GPtrArray **value) { char *gc_key; GConfValue *gc_value = NULL; GPtrArray *array; gboolean success = FALSE; GSList *values, *iter; GArray *tuple = NULL; g_return_val_if_fail (key != NULL, FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (value != NULL, FALSE); g_return_val_if_fail (tuple_len > 0, FALSE); gc_key = g_strdup_printf (""%s/%s/%s"", path, setting, key); if (!(gc_value = gconf_client_get (client, gc_key, NULL))) goto out; if ( (gc_value->type != GCONF_VALUE_LIST) || (gconf_value_get_list_type (gc_value) != GCONF_VALUE_INT)) goto out; values = gconf_value_get_list (gc_value); if (g_slist_length (values) % tuple_len != 0) { g_warning (""%s: %s format invalid; # elements not divisible by %d"", __func__, gc_key, tuple_len); goto out; } array = g_ptr_array_sized_new (1); for (iter = values; iter; iter = g_slist_next (iter)) { int i = gconf_value_get_int ((GConfValue *) iter->data); if (tuple == NULL) tuple = g_array_sized_new (FALSE, TRUE, sizeof (guint32), tuple_len); g_array_append_val (tuple, i); if (tuple->len == tuple_len) { g_ptr_array_add (array, tuple); tuple = NULL; } } *value = array; success = TRUE; out: if (gc_value) gconf_value_free (gc_value); g_free (gc_key); return success; }",network-manager-applet,,,53361734058408253335542268890978534924,0 5794,CWE-125,"snmp_engine_get_next(snmp_header_t *header, snmp_varbind_t *varbinds, uint32_t varbinds_length) { snmp_mib_resource_t *resource; uint32_t i; for(i = 0; i < varbinds_length; i++) { resource = snmp_mib_find_next(varbinds[i].oid); if(!resource) { switch(header->version) { case SNMP_VERSION_1: header->error_status_non_repeaters.error_status = SNMP_STATUS_NO_SUCH_NAME; header->error_index_max_repetitions.error_index = i + 1; break; case SNMP_VERSION_2C: (&varbinds[i])->value_type = SNMP_DATA_TYPE_END_OF_MIB_VIEW; break; default: header->error_status_non_repeaters.error_status = SNMP_STATUS_NO_SUCH_NAME; header->error_index_max_repetitions.error_index = 0; } } else { resource->handler(&varbinds[i], resource->oid); } } return 0; }",visit repo url,os/net/app-layer/snmp/snmp-engine.c,https://github.com/contiki-ng/contiki-ng,162288498394238,1 5528,['CWE-119'],"int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, unsigned char *src, struct dentry *ecryptfs_dentry) { size_t i = 0; size_t found_auth_tok; size_t next_packet_is_auth_tok_packet; struct list_head auth_tok_list; struct ecryptfs_auth_tok *matching_auth_tok; struct ecryptfs_auth_tok *candidate_auth_tok; char *candidate_auth_tok_sig; size_t packet_size; struct ecryptfs_auth_tok *new_auth_tok; unsigned char sig_tmp_space[ECRYPTFS_SIG_SIZE]; struct ecryptfs_auth_tok_list_item *auth_tok_list_item; size_t tag_11_contents_size; size_t tag_11_packet_size; int rc = 0; INIT_LIST_HEAD(&auth_tok_list); next_packet_is_auth_tok_packet = 1; while (next_packet_is_auth_tok_packet) { size_t max_packet_size = ((PAGE_CACHE_SIZE - 8) - i); switch (src[i]) { case ECRYPTFS_TAG_3_PACKET_TYPE: rc = parse_tag_3_packet(crypt_stat, (unsigned char *)&src[i], &auth_tok_list, &new_auth_tok, &packet_size, max_packet_size); if (rc) { ecryptfs_printk(KERN_ERR, ""Error parsing "" ""tag 3 packet\n""); rc = -EIO; goto out_wipe_list; } i += packet_size; rc = parse_tag_11_packet((unsigned char *)&src[i], sig_tmp_space, ECRYPTFS_SIG_SIZE, &tag_11_contents_size, &tag_11_packet_size, max_packet_size); if (rc) { ecryptfs_printk(KERN_ERR, ""No valid "" ""(ecryptfs-specific) literal "" ""packet containing "" ""authentication token "" ""signature found after "" ""tag 3 packet\n""); rc = -EIO; goto out_wipe_list; } i += tag_11_packet_size; if (ECRYPTFS_SIG_SIZE != tag_11_contents_size) { ecryptfs_printk(KERN_ERR, ""Expected "" ""signature of size [%d]; "" ""read size [%d]\n"", ECRYPTFS_SIG_SIZE, tag_11_contents_size); rc = -EIO; goto out_wipe_list; } ecryptfs_to_hex(new_auth_tok->token.password.signature, sig_tmp_space, tag_11_contents_size); new_auth_tok->token.password.signature[ ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; crypt_stat->flags |= ECRYPTFS_ENCRYPTED; break; case ECRYPTFS_TAG_1_PACKET_TYPE: rc = parse_tag_1_packet(crypt_stat, (unsigned char *)&src[i], &auth_tok_list, &new_auth_tok, &packet_size, max_packet_size); if (rc) { ecryptfs_printk(KERN_ERR, ""Error parsing "" ""tag 1 packet\n""); rc = -EIO; goto out_wipe_list; } i += packet_size; crypt_stat->flags |= ECRYPTFS_ENCRYPTED; break; case ECRYPTFS_TAG_11_PACKET_TYPE: ecryptfs_printk(KERN_WARNING, ""Invalid packet set "" ""(Tag 11 not allowed by itself)\n""); rc = -EIO; goto out_wipe_list; break; default: ecryptfs_printk(KERN_DEBUG, ""No packet at offset "" ""[%d] of the file header; hex value of "" ""character is [0x%.2x]\n"", i, src[i]); next_packet_is_auth_tok_packet = 0; } } if (list_empty(&auth_tok_list)) { printk(KERN_ERR ""The lower file appears to be a non-encrypted "" ""eCryptfs file; this is not supported in this version "" ""of the eCryptfs kernel module\n""); rc = -EINVAL; goto out; } find_next_matching_auth_tok: found_auth_tok = 0; list_for_each_entry(auth_tok_list_item, &auth_tok_list, list) { candidate_auth_tok = &auth_tok_list_item->auth_tok; if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""Considering cadidate auth tok:\n""); ecryptfs_dump_auth_tok(candidate_auth_tok); } rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig, candidate_auth_tok); if (rc) { printk(KERN_ERR ""Unrecognized candidate auth tok type: [%d]\n"", candidate_auth_tok->token_type); rc = -EINVAL; goto out_wipe_list; } ecryptfs_find_auth_tok_for_sig(&matching_auth_tok, crypt_stat->mount_crypt_stat, candidate_auth_tok_sig); if (matching_auth_tok) { found_auth_tok = 1; goto found_matching_auth_tok; } } if (!found_auth_tok) { ecryptfs_printk(KERN_ERR, ""Could not find a usable "" ""authentication token\n""); rc = -EIO; goto out_wipe_list; } found_matching_auth_tok: if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) { memcpy(&(candidate_auth_tok->token.private_key), &(matching_auth_tok->token.private_key), sizeof(struct ecryptfs_private_key)); rc = decrypt_pki_encrypted_session_key(candidate_auth_tok, crypt_stat); } else if (candidate_auth_tok->token_type == ECRYPTFS_PASSWORD) { memcpy(&(candidate_auth_tok->token.password), &(matching_auth_tok->token.password), sizeof(struct ecryptfs_password)); rc = decrypt_passphrase_encrypted_session_key( candidate_auth_tok, crypt_stat); } if (rc) { struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp; ecryptfs_printk(KERN_WARNING, ""Error decrypting the "" ""session key for authentication token with sig "" ""[%.*s]; rc = [%d]. Removing auth tok "" ""candidate from the list and searching for "" ""the next match.\n"", candidate_auth_tok_sig, ECRYPTFS_SIG_SIZE_HEX, rc); list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp, &auth_tok_list, list) { if (candidate_auth_tok == &auth_tok_list_item->auth_tok) { list_del(&auth_tok_list_item->list); kmem_cache_free( ecryptfs_auth_tok_list_item_cache, auth_tok_list_item); goto find_next_matching_auth_tok; } } BUG(); } rc = ecryptfs_compute_root_iv(crypt_stat); if (rc) { ecryptfs_printk(KERN_ERR, ""Error computing "" ""the root IV\n""); goto out_wipe_list; } rc = ecryptfs_init_crypt_ctx(crypt_stat); if (rc) { ecryptfs_printk(KERN_ERR, ""Error initializing crypto "" ""context for cipher [%s]; rc = [%d]\n"", crypt_stat->cipher, rc); } out_wipe_list: wipe_auth_tok_list(&auth_tok_list); out: return rc; }",linux-2.6,,,5583573355951331625316094658640527472,0 3984,['CWE-362'],"void inotify_d_move(struct dentry *entry) { struct dentry *parent; parent = entry->d_parent; if (inotify_inode_watched(parent->d_inode)) entry->d_flags |= DCACHE_INOTIFY_PARENT_WATCHED; else entry->d_flags &= ~DCACHE_INOTIFY_PARENT_WATCHED; }",linux-2.6,,,300383289257238796370245975870037727521,0 3889,CWE-122,"paste_option_changed(void) { static int old_p_paste = FALSE; static int save_sm = 0; static int save_sta = 0; #ifdef FEAT_CMDL_INFO static int save_ru = 0; #endif #ifdef FEAT_RIGHTLEFT static int save_ri = 0; static int save_hkmap = 0; #endif buf_T *buf; if (p_paste) { if (!old_p_paste) { FOR_ALL_BUFFERS(buf) { buf->b_p_tw_nopaste = buf->b_p_tw; buf->b_p_wm_nopaste = buf->b_p_wm; buf->b_p_sts_nopaste = buf->b_p_sts; buf->b_p_ai_nopaste = buf->b_p_ai; buf->b_p_et_nopaste = buf->b_p_et; #ifdef FEAT_VARTABS if (buf->b_p_vsts_nopaste) vim_free(buf->b_p_vsts_nopaste); buf->b_p_vsts_nopaste = buf->b_p_vsts && buf->b_p_vsts != empty_option ? vim_strsave(buf->b_p_vsts) : NULL; #endif } save_sm = p_sm; save_sta = p_sta; #ifdef FEAT_CMDL_INFO save_ru = p_ru; #endif #ifdef FEAT_RIGHTLEFT save_ri = p_ri; save_hkmap = p_hkmap; #endif p_ai_nopaste = p_ai; p_et_nopaste = p_et; p_sts_nopaste = p_sts; p_tw_nopaste = p_tw; p_wm_nopaste = p_wm; #ifdef FEAT_VARTABS if (p_vsts_nopaste) vim_free(p_vsts_nopaste); p_vsts_nopaste = p_vsts && p_vsts != empty_option ? vim_strsave(p_vsts) : NULL; #endif } FOR_ALL_BUFFERS(buf) { buf->b_p_tw = 0; buf->b_p_wm = 0; buf->b_p_sts = 0; buf->b_p_ai = 0; buf->b_p_et = 0; #ifdef FEAT_VARTABS if (buf->b_p_vsts) free_string_option(buf->b_p_vsts); buf->b_p_vsts = empty_option; if (buf->b_p_vsts_array) vim_free(buf->b_p_vsts_array); buf->b_p_vsts_array = 0; #endif } p_sm = 0; p_sta = 0; #ifdef FEAT_CMDL_INFO if (p_ru) status_redraw_all(); p_ru = 0; #endif #ifdef FEAT_RIGHTLEFT p_ri = 0; p_hkmap = 0; #endif p_tw = 0; p_wm = 0; p_sts = 0; p_ai = 0; #ifdef FEAT_VARTABS if (p_vsts) free_string_option(p_vsts); p_vsts = empty_option; #endif } else if (old_p_paste) { FOR_ALL_BUFFERS(buf) { buf->b_p_tw = buf->b_p_tw_nopaste; buf->b_p_wm = buf->b_p_wm_nopaste; buf->b_p_sts = buf->b_p_sts_nopaste; buf->b_p_ai = buf->b_p_ai_nopaste; buf->b_p_et = buf->b_p_et_nopaste; #ifdef FEAT_VARTABS if (buf->b_p_vsts) free_string_option(buf->b_p_vsts); buf->b_p_vsts = buf->b_p_vsts_nopaste ? vim_strsave(buf->b_p_vsts_nopaste) : empty_option; if (buf->b_p_vsts_array) vim_free(buf->b_p_vsts_array); if (buf->b_p_vsts && buf->b_p_vsts != empty_option) tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); else buf->b_p_vsts_array = 0; #endif } p_sm = save_sm; p_sta = save_sta; #ifdef FEAT_CMDL_INFO if (p_ru != save_ru) status_redraw_all(); p_ru = save_ru; #endif #ifdef FEAT_RIGHTLEFT p_ri = save_ri; p_hkmap = save_hkmap; #endif p_ai = p_ai_nopaste; p_et = p_et_nopaste; p_sts = p_sts_nopaste; p_tw = p_tw_nopaste; p_wm = p_wm_nopaste; #ifdef FEAT_VARTABS if (p_vsts) free_string_option(p_vsts); p_vsts = p_vsts_nopaste ? vim_strsave(p_vsts_nopaste) : empty_option; #endif } old_p_paste = p_paste; }",visit repo url,src/option.c,https://github.com/vim/vim,202137444144175,1 523,CWE-119,"static bool regsafe(struct bpf_reg_state *rold, struct bpf_reg_state *rcur, struct idpair *idmap) { if (!(rold->live & REG_LIVE_READ)) return true; if (memcmp(rold, rcur, offsetof(struct bpf_reg_state, live)) == 0) return true; if (rold->type == NOT_INIT) return true; if (rcur->type == NOT_INIT) return false; switch (rold->type) { case SCALAR_VALUE: if (rcur->type == SCALAR_VALUE) { return range_within(rold, rcur) && tnum_in(rold->var_off, rcur->var_off); } else { return rold->umin_value == 0 && rold->umax_value == U64_MAX && rold->smin_value == S64_MIN && rold->smax_value == S64_MAX && tnum_is_unknown(rold->var_off); } case PTR_TO_MAP_VALUE: return memcmp(rold, rcur, offsetof(struct bpf_reg_state, id)) == 0 && range_within(rold, rcur) && tnum_in(rold->var_off, rcur->var_off); case PTR_TO_MAP_VALUE_OR_NULL: if (rcur->type != PTR_TO_MAP_VALUE_OR_NULL) return false; if (memcmp(rold, rcur, offsetof(struct bpf_reg_state, id))) return false; return check_ids(rold->id, rcur->id, idmap); case PTR_TO_PACKET_META: case PTR_TO_PACKET: if (rcur->type != rold->type) return false; if (rold->range > rcur->range) return false; if (rold->off != rcur->off) return false; if (rold->id && !check_ids(rold->id, rcur->id, idmap)) return false; return range_within(rold, rcur) && tnum_in(rold->var_off, rcur->var_off); case PTR_TO_CTX: case CONST_PTR_TO_MAP: case PTR_TO_STACK: case PTR_TO_PACKET_END: default: return false; } WARN_ON_ONCE(1); return false; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,79414456430027,1 6087,['CWE-200'],"cbq_update(struct cbq_sched_data *q) { struct cbq_class *this = q->tx_class; struct cbq_class *cl = this; int len = q->tx_len; q->tx_class = NULL; for ( ; cl; cl = cl->share) { long avgidle = cl->avgidle; long idle; cl->bstats.packets++; cl->bstats.bytes += len; idle = PSCHED_TDIFF(q->now, cl->last); if ((unsigned long)idle > 128*1024*1024) { avgidle = cl->maxidle; } else { idle -= L2T(cl, len); avgidle += idle - (avgidle>>cl->ewma_log); } if (avgidle <= 0) { if (avgidle < cl->minidle) avgidle = cl->minidle; cl->avgidle = avgidle; idle = (-avgidle) - ((-avgidle) >> cl->ewma_log); idle -= L2T(&q->link, len); idle += L2T(cl, len); PSCHED_AUDIT_TDIFF(idle); PSCHED_TADD2(q->now, idle, cl->undertime); } else { PSCHED_SET_PASTPERFECT(cl->undertime); if (avgidle > cl->maxidle) cl->avgidle = cl->maxidle; else cl->avgidle = avgidle; } cl->last = q->now; } cbq_update_toplevel(q, this, q->tx_borrowed); }",linux-2.6,,,188026415010363964597101771346331664532,0 4501,CWE-476,"static GF_Err gf_isom_parse_movie_boxes_internal(GF_ISOFile *mov, u32 *boxType, u64 *bytesMissing, Bool progressive_mode) { GF_Box *a; u64 totSize, mdat_end=0; GF_Err e = GF_OK; #ifndef GPAC_DISABLE_ISOM_FRAGMENTS if (mov->single_moof_mode && mov->single_moof_state == 2) { return e; } totSize = mov->current_top_box_start; if (mov->bytes_removed) { assert(totSize >= mov->bytes_removed); totSize -= mov->bytes_removed; } gf_bs_seek(mov->movieFileMap->bs, totSize); #endif while (gf_bs_available(mov->movieFileMap->bs)) { *bytesMissing = 0; #ifndef GPAC_DISABLE_ISOM_FRAGMENTS mov->current_top_box_start = gf_bs_get_position(mov->movieFileMap->bs) + mov->bytes_removed; GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Parsing a top-level box at position %d\n"", mov->current_top_box_start)); #endif e = gf_isom_parse_root_box(&a, mov->movieFileMap->bs, boxType, bytesMissing, progressive_mode); if (e >= 0) { } else if (e == GF_ISOM_INCOMPLETE_FILE) { if (mov->openMode != GF_ISOM_OPEN_READ) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Incomplete MDAT while file is not read-only\n"")); return GF_ISOM_INVALID_FILE; } if ((mov->openMode == GF_ISOM_OPEN_READ) && !progressive_mode) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Incomplete file while reading for dump - aborting parsing\n"")); break; } return e; } else { return e; } switch (a->type) { case GF_ISOM_BOX_TYPE_MOOV: if (mov->moov) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Duplicate MOOV detected!\n"")); gf_isom_box_del(a); return GF_ISOM_INVALID_FILE; } mov->moov = (GF_MovieBox *)a; mov->original_moov_offset = mov->current_top_box_start; mov->moov->mov = mov; #ifndef GPAC_DISABLE_ISOM_FRAGMENTS if (mov->moov->mvex) mov->moov->mvex->mov = mov; #ifdef GF_ENABLE_CTRN if (! (mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG)) { gf_isom_setup_traf_inheritance(mov); } #endif #endif e = gf_list_add(mov->TopBoxes, a); if (e) return e; totSize += a->size; if (!mov->moov->mvhd) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Missing MovieHeaderBox\n"")); return GF_ISOM_INVALID_FILE; } if (mov->meta) { gf_isom_meta_restore_items_ref(mov, mov->meta); } if (mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG) { u32 k; for (k=0; kmoov->trackList); k++) { GF_TrackBox *trak = (GF_TrackBox *)gf_list_get(mov->moov->trackList, k); if (trak->sample_encryption) { e = senc_Parse(mov->movieFileMap->bs, trak, NULL, trak->sample_encryption); if (e) return e; } } } else { u32 k; for (k=0; kmoov->trackList); k++) { GF_TrackBox *trak = (GF_TrackBox *)gf_list_get(mov->moov->trackList, k); if (trak->Media->information->sampleTable->sampleGroups) { convert_compact_sample_groups(trak->Media->information->sampleTable->child_boxes, trak->Media->information->sampleTable->sampleGroups); } } } if (mdat_end && mov->signal_frag_bounds && !(mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG) ) { gf_isom_push_mdat_end(mov, mdat_end); mdat_end=0; } break; case GF_ISOM_BOX_TYPE_META: if (mov->meta) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Duplicate META detected!\n"")); gf_isom_box_del(a); return GF_ISOM_INVALID_FILE; } mov->meta = (GF_MetaBox *)a; mov->original_meta_offset = mov->current_top_box_start; e = gf_list_add(mov->TopBoxes, a); if (e) { return e; } totSize += a->size; gf_isom_meta_restore_items_ref(mov, mov->meta); break; case GF_ISOM_BOX_TYPE_MDAT: if (!mov->first_data_toplevel_offset) { mov->first_data_toplevel_offset = mov->current_top_box_start; mov->first_data_toplevel_size = a->size; } totSize += a->size; #ifndef GPAC_DISABLE_ISOM_FRAGMENTS if (mov->emsgs) { gf_isom_box_array_del(mov->emsgs); mov->emsgs = NULL; } #endif if (mov->openMode == GF_ISOM_OPEN_READ) { if (!mov->mdat) { mov->mdat = (GF_MediaDataBox *) a; e = gf_list_add(mov->TopBoxes, mov->mdat); if (e) { return e; } } #ifndef GPAC_DISABLE_ISOM_FRAGMENTS else if (mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG) gf_list_add(mov->TopBoxes, a); #endif else gf_isom_box_del(a); if (mov->signal_frag_bounds && !(mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG) ) { mdat_end = gf_bs_get_position(mov->movieFileMap->bs); if (mov->moov) { gf_isom_push_mdat_end(mov, mdat_end); mdat_end=0; } } } else if (!mov->mdat && (mov->openMode != GF_ISOM_OPEN_READ) && (mov->openMode != GF_ISOM_OPEN_KEEP_FRAGMENTS)) { gf_isom_box_del(a); mov->mdat = (GF_MediaDataBox *) gf_isom_box_new(GF_ISOM_BOX_TYPE_MDAT); if (!mov->mdat) return GF_OUT_OF_MEM; e = gf_list_add(mov->TopBoxes, mov->mdat); if (e) { return e; } } else { gf_isom_box_del(a); } break; case GF_ISOM_BOX_TYPE_FTYP: if (mov->brand) { gf_isom_box_del(a); GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Duplicate 'ftyp' detected!\n"")); return GF_ISOM_INVALID_FILE; } mov->brand = (GF_FileTypeBox *)a; totSize += a->size; e = gf_list_add(mov->TopBoxes, a); if (e) return e; break; case GF_ISOM_BOX_TYPE_OTYP: if (mov->otyp) { gf_isom_box_del(a); GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Duplicate 'otyp' detected!\n"")); return GF_ISOM_INVALID_FILE; } if (mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG) { mov->otyp = (GF_Box *)a; totSize += a->size; e = gf_list_add(mov->TopBoxes, a); if (e) return e; } else { GF_FileTypeBox *brand = (GF_FileTypeBox *) gf_isom_box_find_child(a->child_boxes, GF_ISOM_BOX_TYPE_FTYP); if (brand) { s32 pos; gf_list_del_item(a->child_boxes, brand); pos = gf_list_del_item(mov->TopBoxes, mov->brand); gf_isom_box_del((GF_Box *) mov->brand); mov->brand = brand; if (pos<0) pos=0; gf_list_insert(mov->TopBoxes, brand, pos); } gf_isom_box_del(a); } break; case GF_ISOM_BOX_TYPE_PDIN: if (mov->pdin) { gf_isom_box_del(a); GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Duplicate 'pdin'' detected!\n"")); return GF_ISOM_INVALID_FILE; } mov->pdin = (GF_ProgressiveDownloadBox *) a; totSize += a->size; e = gf_list_add(mov->TopBoxes, a); if (e) return e; break; #ifndef GPAC_DISABLE_ISOM_FRAGMENTS case GF_ISOM_BOX_TYPE_STYP: { u32 brand = ((GF_FileTypeBox *)a)->majorBrand; switch (brand) { case GF_ISOM_BRAND_SISX: case GF_ISOM_BRAND_RISX: case GF_ISOM_BRAND_SSSS: mov->is_index_segment = GF_TRUE; break; default: break; } } case GF_ISOM_BOX_TYPE_SIDX: case GF_ISOM_BOX_TYPE_SSIX: if (mov->moov && !mov->first_data_toplevel_offset) { mov->first_data_toplevel_offset = mov->current_top_box_start; mov->first_data_toplevel_size = a->size; } totSize += a->size; if (mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG) { e = gf_list_add(mov->TopBoxes, a); if (e) return e; } else if (mov->signal_frag_bounds && !(mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG) && (mov->openMode!=GF_ISOM_OPEN_KEEP_FRAGMENTS) ) { if (a->type==GF_ISOM_BOX_TYPE_SIDX) { if (mov->root_sidx) gf_isom_box_del( (GF_Box *) mov->root_sidx); mov->root_sidx = (GF_SegmentIndexBox *) a; mov->sidx_start_offset = mov->current_top_box_start; mov->sidx_end_offset = gf_bs_get_position(mov->movieFileMap->bs); } else if (a->type==GF_ISOM_BOX_TYPE_STYP) { mov->styp_start_offset = mov->current_top_box_start; if (mov->seg_styp) gf_isom_box_del(mov->seg_styp); mov->seg_styp = a; } else if (a->type==GF_ISOM_BOX_TYPE_SSIX) { if (mov->seg_ssix) gf_isom_box_del(mov->seg_ssix); mov->seg_ssix = a; } else { gf_isom_box_del(a); } gf_isom_push_mdat_end(mov, mov->current_top_box_start); } else if (!mov->NextMoofNumber && (a->type==GF_ISOM_BOX_TYPE_SIDX)) { if (mov->main_sidx) gf_isom_box_del( (GF_Box *) mov->main_sidx); mov->main_sidx = (GF_SegmentIndexBox *) a; mov->main_sidx_end_pos = mov->current_top_box_start + a->size; } else { gf_isom_box_del(a); } break; case GF_ISOM_BOX_TYPE_MOOF: gf_isom_disable_inplace_rewrite(mov); if (!mov->moov) { GF_LOG(mov->moof ? GF_LOG_DEBUG : GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Movie fragment but no moov (yet) - possibly broken parsing!\n"")); } if (mov->single_moof_mode) { mov->single_moof_state++; if (mov->single_moof_state > 1) { gf_isom_box_del(a); return GF_OK; } } ((GF_MovieFragmentBox *)a)->mov = mov; totSize += a->size; mov->moof = (GF_MovieFragmentBox *) a; FixTrackID(mov); if (! (mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG)) { FixSDTPInTRAF(mov->moof); } else { u32 k; for (k=0; kmoof->TrackList); k++) { GF_TrackFragmentBox *traf = (GF_TrackFragmentBox *)gf_list_get(mov->moof->TrackList, k); if (traf->sampleGroups) { convert_compact_sample_groups(traf->child_boxes, traf->sampleGroups); } } } if (mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG) { u32 k; gf_list_add(mov->TopBoxes, a); if (mov->moov) { for (k=0; kmoof->TrackList); k++) { GF_TrackFragmentBox *traf = gf_list_get(mov->moof->TrackList, k); if (traf->tfhd && mov->moov->mvex && mov->moov->mvex->TrackExList) { GF_TrackBox *trak = gf_isom_get_track_from_id(mov->moov, traf->tfhd->trackID); u32 j=0; while ((traf->trex = (GF_TrackExtendsBox*)gf_list_enum(mov->moov->mvex->TrackExList, &j))) { if (traf->trex->trackID == traf->tfhd->trackID) { if (!traf->trex->track) traf->trex->track = trak; break; } traf->trex = NULL; } } if (traf->trex && traf->tfhd && traf->trex->track && traf->sample_encryption) { GF_TrackBox *trak = GetTrackbyID(mov->moov, traf->tfhd->trackID); if (trak) { trak->current_traf_stsd_idx = traf->tfhd->sample_desc_index ? traf->tfhd->sample_desc_index : traf->trex->def_sample_desc_index; e = senc_Parse(mov->movieFileMap->bs, trak, traf, traf->sample_encryption); if (e) return e; trak->current_traf_stsd_idx = 0; } } } } else { for (k=0; kmoof->TrackList); k++) { GF_TrackFragmentBox *traf = gf_list_get(mov->moof->TrackList, k); if (traf->sample_encryption) { e = senc_Parse(mov->movieFileMap->bs, NULL, traf, traf->sample_encryption); if (e) return e; } } } } else if (mov->openMode==GF_ISOM_OPEN_KEEP_FRAGMENTS) { mov->NextMoofNumber = mov->moof->mfhd->sequence_number+1; mov->moof = NULL; gf_isom_box_del(a); } else { e = MergeFragment((GF_MovieFragmentBox *)a, mov); gf_isom_box_del(a); if (e) return e; } if (mov->root_sidx) { gf_isom_box_del((GF_Box *) mov->root_sidx); mov->root_sidx = NULL; } if (mov->root_ssix) { gf_isom_box_del(mov->seg_ssix); mov->root_ssix = NULL; } if (mov->seg_styp) { gf_isom_box_del(mov->seg_styp); mov->seg_styp = NULL; } mov->sidx_start_offset = 0; mov->sidx_end_offset = 0; mov->styp_start_offset = 0; break; #endif case GF_ISOM_BOX_TYPE_UNKNOWN: { GF_UnknownBox *box = (GF_UnknownBox*)a; if (box->original_4cc == GF_ISOM_BOX_TYPE_JP) { u8 *c = (u8 *) box->data; if ((box->dataSize==4) && (GF_4CC(c[0],c[1],c[2],c[3])==(u32)0x0D0A870A)) mov->is_jp2 = 1; gf_isom_box_del(a); } else { e = gf_list_add(mov->TopBoxes, a); if (e) return e; } } break; case GF_ISOM_BOX_TYPE_PRFT: #ifndef GPAC_DISABLE_ISOM_FRAGMENTS if (!(mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG)) { if (mov->last_producer_ref_time) gf_isom_box_del(a); else mov->last_producer_ref_time = (GF_ProducerReferenceTimeBox *)a; break; } #endif case GF_ISOM_BOX_TYPE_EMSG: #ifndef GPAC_DISABLE_ISOM_FRAGMENTS if (! (mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG)) { if (!mov->emsgs) mov->emsgs = gf_list_new(); gf_list_add(mov->emsgs, a); break; } #endif case GF_ISOM_BOX_TYPE_MFRA: case GF_ISOM_BOX_TYPE_MFRO: if (! (mov->FragmentsFlags & GF_ISOM_FRAG_READ_DEBUG)) { totSize += a->size; gf_isom_box_del(a); break; } default: totSize += a->size; e = gf_list_add(mov->TopBoxes, a); if (e) return e; break; } #ifndef GPAC_DISABLE_ISOM_FRAGMENTS mov->current_top_box_start = gf_bs_get_position(mov->movieFileMap->bs) + mov->bytes_removed; #endif } if (!mov->moov && !mov->meta #ifndef GPAC_DISABLE_ISOM_FRAGMENTS && !mov->moof && !mov->is_index_segment #endif ) { return GF_ISOM_INCOMPLETE_FILE; } if (!gf_opts_get_bool(""core"", ""no-check"")) { if (mov->moov && !mov->moov->mvhd) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Missing MVHD in MOOV!\n"")); return GF_ISOM_INVALID_FILE; } if (mov->meta && !mov->meta->handler) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Missing handler in META!\n"")); return GF_ISOM_INVALID_FILE; } } #ifndef GPAC_DISABLE_ISOM_WRITE if (mov->moov) { mov->interleavingTime = mov->moov->mvhd->timeScale; #ifndef GPAC_DISABLE_ISOM_FRAGMENTS if ((mov->openMode > GF_ISOM_OPEN_READ) && (mov->openMode != GF_ISOM_OPEN_KEEP_FRAGMENTS) && mov->moov->mvex) { gf_isom_box_del_parent(&mov->moov->child_boxes, (GF_Box *)mov->moov->mvex); mov->moov->mvex = NULL; } #endif } if (!mov->mdat && (mov->openMode != GF_ISOM_OPEN_READ) && (mov->openMode != GF_ISOM_OPEN_KEEP_FRAGMENTS)) { mov->mdat = (GF_MediaDataBox *) gf_isom_box_new(GF_ISOM_BOX_TYPE_MDAT); if (!mov->mdat) return GF_OUT_OF_MEM; e = gf_list_add(mov->TopBoxes, mov->mdat); if (e) return e; } #endif return GF_OK; }",visit repo url,src/isomedia/isom_intern.c,https://github.com/gpac/gpac,281092957594483,1 6196,CWE-190,"void fp_write_str(char *str, int len, const fp_t a, int radix) { bn_t t; bn_null(t); RLC_TRY { bn_new(t); fp_prime_back(t, a); bn_write_str(str, len, t, radix); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/fp/relic_fp_util.c,https://github.com/relic-toolkit/relic,137431362191820,1 790,CWE-20,"static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int err; struct sk_buff *skb; struct sock *sk = sock->sk; err = -EIO; if (sk->sk_state & PPPOX_BOUND) goto end; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) goto end; if (len > skb->len) len = skb->len; else if (len < skb->len) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len); if (likely(err == 0)) err = len; kfree_skb(skb); end: return err; }",visit repo url,net/l2tp/l2tp_ppp.c,https://github.com/torvalds/linux,83283590519134,1 1021,CWE-476,"dns_resolver_match(const struct key *key, const struct key_match_data *match_data) { int slen, dlen, ret = 0; const char *src = key->description, *dsp = match_data->raw_data; kenter(""%s,%s"", src, dsp); if (!src || !dsp) goto no_match; if (strcasecmp(src, dsp) == 0) goto matched; slen = strlen(src); dlen = strlen(dsp); if (slen <= 0 || dlen <= 0) goto no_match; if (src[slen - 1] == '.') slen--; if (dsp[dlen - 1] == '.') dlen--; if (slen != dlen || strncasecmp(src, dsp, slen) != 0) goto no_match; matched: ret = 1; no_match: kleave("" = %d"", ret); return ret; }",visit repo url,net/dns_resolver/dns_key.c,https://github.com/torvalds/linux,178177652005935,1 4921,['CWE-20'],"static int nfs_server_list_show(struct seq_file *m, void *v) { struct nfs_client *clp; if (v == &nfs_client_list) { seq_puts(m, ""NV SERVER PORT USE HOSTNAME\n""); return 0; } clp = list_entry(v, struct nfs_client, cl_share_link); seq_printf(m, ""v%d %02x%02x%02x%02x %4hx %3d %s\n"", clp->cl_nfsversion, NIPQUAD(clp->cl_addr.sin_addr), ntohs(clp->cl_addr.sin_port), atomic_read(&clp->cl_count), clp->cl_hostname); return 0; }",linux-2.6,,,199790137571295300349397539940708329861,0 6294,NVD-CWE-noinfo,"static void add_offer_options(uint8_t *option_start_address) { uint8_t *temp_option_addr; temp_option_addr = fill_one_option_content(option_start_address, DHCP_OPTION_CODE_SUBNET_MASK, DHCP_OPTION_LENGTH_FOUR, (void *)&dhcps_local_mask); temp_option_addr = fill_one_option_content(temp_option_addr, DHCP_OPTION_CODE_ROUTER, DHCP_OPTION_LENGTH_FOUR, (void *)&dhcps_local_address); temp_option_addr = fill_one_option_content(temp_option_addr, DHCP_OPTION_CODE_DNS_SERVER, DHCP_OPTION_LENGTH_FOUR, (void *)&dhcps_local_address); temp_option_addr = fill_one_option_content(temp_option_addr, DHCP_OPTION_CODE_LEASE_TIME, DHCP_OPTION_LENGTH_FOUR, (void *)&dhcp_option_lease_time); temp_option_addr = fill_one_option_content(temp_option_addr, DHCP_OPTION_CODE_SERVER_ID, DHCP_OPTION_LENGTH_FOUR, (void *)&dhcps_local_address); temp_option_addr = fill_one_option_content(temp_option_addr, DHCP_OPTION_CODE_BROADCAST_ADDRESS, DHCP_OPTION_LENGTH_FOUR, (void *)&dhcps_subnet_broadcast); temp_option_addr = fill_one_option_content(temp_option_addr, DHCP_OPTION_CODE_INTERFACE_MTU, DHCP_OPTION_LENGTH_TWO, (void *) &dhcp_option_interface_mtu); temp_option_addr = fill_one_option_content(temp_option_addr, DHCP_OPTION_CODE_PERFORM_ROUTER_DISCOVERY, DHCP_OPTION_LENGTH_ONE, NULL); *temp_option_addr++ = DHCP_OPTION_CODE_END; }",visit repo url,component/common/network/dhcp/dhcps.c,https://github.com/ambiot/amb1_sdk,271951232389520,1 6033,['CWE-200'],"static void cbq_deactivate_class(struct cbq_class *this) { struct cbq_sched_data *q = qdisc_priv(this->qdisc); int prio = this->cpriority; struct cbq_class *cl; struct cbq_class *cl_prev = q->active[prio]; do { cl = cl_prev->next_alive; if (cl == this) { cl_prev->next_alive = cl->next_alive; cl->next_alive = NULL; if (cl == q->active[prio]) { q->active[prio] = cl_prev; if (cl == q->active[prio]) { q->active[prio] = NULL; q->activemask &= ~(1<next_alive; return; } } while ((cl_prev = cl) != q->active[prio]); }",linux-2.6,,,295682548098110190129676671083084643225,0 4633,['CWE-399'],"static void mpage_put_bnr_to_bhs(struct mpage_da_data *mpd, sector_t logical, struct buffer_head *exbh) { struct inode *inode = mpd->inode; struct address_space *mapping = inode->i_mapping; int blocks = exbh->b_size >> inode->i_blkbits; sector_t pblock = exbh->b_blocknr, cur_logical; struct buffer_head *head, *bh; pgoff_t index, end; struct pagevec pvec; int nr_pages, i; index = logical >> (PAGE_CACHE_SHIFT - inode->i_blkbits); end = (logical + blocks - 1) >> (PAGE_CACHE_SHIFT - inode->i_blkbits); cur_logical = index << (PAGE_CACHE_SHIFT - inode->i_blkbits); pagevec_init(&pvec, 0); while (index <= end) { nr_pages = pagevec_lookup(&pvec, mapping, index, PAGEVEC_SIZE); if (nr_pages == 0) break; for (i = 0; i < nr_pages; i++) { struct page *page = pvec.pages[i]; index = page->index; if (index > end) break; index++; BUG_ON(!PageLocked(page)); BUG_ON(PageWriteback(page)); BUG_ON(!page_has_buffers(page)); bh = page_buffers(page); head = bh; do { if (cur_logical >= logical) break; cur_logical++; } while ((bh = bh->b_this_page) != head); do { if (cur_logical >= logical + blocks) break; if (buffer_delay(bh)) { bh->b_blocknr = pblock; clear_buffer_delay(bh); bh->b_bdev = inode->i_sb->s_bdev; } else if (buffer_unwritten(bh)) { bh->b_blocknr = pblock; clear_buffer_unwritten(bh); set_buffer_mapped(bh); set_buffer_new(bh); bh->b_bdev = inode->i_sb->s_bdev; } else if (buffer_mapped(bh)) BUG_ON(bh->b_blocknr != pblock); cur_logical++; pblock++; } while ((bh = bh->b_this_page) != head); } pagevec_release(&pvec); } }",linux-2.6,,,205335512737867059596111498077320286410,0 3591,CWE-787,"static int jpc_dec_tileinit(jpc_dec_t *dec, jpc_dec_tile_t *tile) { jpc_dec_tcomp_t *tcomp; int compno; int rlvlno; jpc_dec_rlvl_t *rlvl; jpc_dec_band_t *band; jpc_dec_prc_t *prc; int bndno; jpc_tsfb_band_t *bnd; int bandno; jpc_dec_ccp_t *ccp; int prccnt; jpc_dec_cblk_t *cblk; int cblkcnt; uint_fast32_t tlprcxstart; uint_fast32_t tlprcystart; uint_fast32_t brprcxend; uint_fast32_t brprcyend; uint_fast32_t tlcbgxstart; uint_fast32_t tlcbgystart; uint_fast32_t brcbgxend; uint_fast32_t brcbgyend; uint_fast32_t cbgxstart; uint_fast32_t cbgystart; uint_fast32_t cbgxend; uint_fast32_t cbgyend; uint_fast32_t tlcblkxstart; uint_fast32_t tlcblkystart; uint_fast32_t brcblkxend; uint_fast32_t brcblkyend; uint_fast32_t cblkxstart; uint_fast32_t cblkystart; uint_fast32_t cblkxend; uint_fast32_t cblkyend; uint_fast32_t tmpxstart; uint_fast32_t tmpystart; uint_fast32_t tmpxend; uint_fast32_t tmpyend; jpc_dec_cp_t *cp; jpc_tsfb_band_t bnds[64]; jpc_pchg_t *pchg; int pchgno; jpc_dec_cmpt_t *cmpt; cp = tile->cp; tile->realmode = 0; if (cp->mctid == JPC_MCT_ICT) { tile->realmode = 1; } for (compno = 0, tcomp = tile->tcomps, cmpt = dec->cmpts; compno < dec->numcomps; ++compno, ++tcomp, ++cmpt) { ccp = &tile->cp->ccps[compno]; if (ccp->qmfbid == JPC_COX_INS) { tile->realmode = 1; } tcomp->numrlvls = ccp->numrlvls; if (!(tcomp->rlvls = jas_alloc2(tcomp->numrlvls, sizeof(jpc_dec_rlvl_t)))) { return -1; } if (!(tcomp->data = jas_seq2d_create(JPC_CEILDIV(tile->xstart, cmpt->hstep), JPC_CEILDIV(tile->ystart, cmpt->vstep), JPC_CEILDIV(tile->xend, cmpt->hstep), JPC_CEILDIV(tile->yend, cmpt->vstep)))) { return -1; } if (!(tcomp->tsfb = jpc_cod_gettsfb(ccp->qmfbid, tcomp->numrlvls - 1))) { return -1; } { jpc_tsfb_getbands(tcomp->tsfb, jas_seq2d_xstart(tcomp->data), jas_seq2d_ystart(tcomp->data), jas_seq2d_xend(tcomp->data), jas_seq2d_yend(tcomp->data), bnds); } for (rlvlno = 0, rlvl = tcomp->rlvls; rlvlno < tcomp->numrlvls; ++rlvlno, ++rlvl) { rlvl->bands = 0; rlvl->xstart = JPC_CEILDIVPOW2(tcomp->xstart, tcomp->numrlvls - 1 - rlvlno); rlvl->ystart = JPC_CEILDIVPOW2(tcomp->ystart, tcomp->numrlvls - 1 - rlvlno); rlvl->xend = JPC_CEILDIVPOW2(tcomp->xend, tcomp->numrlvls - 1 - rlvlno); rlvl->yend = JPC_CEILDIVPOW2(tcomp->yend, tcomp->numrlvls - 1 - rlvlno); rlvl->prcwidthexpn = ccp->prcwidthexpns[rlvlno]; rlvl->prcheightexpn = ccp->prcheightexpns[rlvlno]; tlprcxstart = JPC_FLOORDIVPOW2(rlvl->xstart, rlvl->prcwidthexpn) << rlvl->prcwidthexpn; tlprcystart = JPC_FLOORDIVPOW2(rlvl->ystart, rlvl->prcheightexpn) << rlvl->prcheightexpn; brprcxend = JPC_CEILDIVPOW2(rlvl->xend, rlvl->prcwidthexpn) << rlvl->prcwidthexpn; brprcyend = JPC_CEILDIVPOW2(rlvl->yend, rlvl->prcheightexpn) << rlvl->prcheightexpn; rlvl->numhprcs = (brprcxend - tlprcxstart) >> rlvl->prcwidthexpn; rlvl->numvprcs = (brprcyend - tlprcystart) >> rlvl->prcheightexpn; rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs; if (rlvl->xstart >= rlvl->xend || rlvl->ystart >= rlvl->yend) { rlvl->bands = 0; rlvl->numprcs = 0; rlvl->numhprcs = 0; rlvl->numvprcs = 0; continue; } if (!rlvlno) { tlcbgxstart = tlprcxstart; tlcbgystart = tlprcystart; brcbgxend = brprcxend; brcbgyend = brprcyend; rlvl->cbgwidthexpn = rlvl->prcwidthexpn; rlvl->cbgheightexpn = rlvl->prcheightexpn; } else { tlcbgxstart = JPC_CEILDIVPOW2(tlprcxstart, 1); tlcbgystart = JPC_CEILDIVPOW2(tlprcystart, 1); brcbgxend = JPC_CEILDIVPOW2(brprcxend, 1); brcbgyend = JPC_CEILDIVPOW2(brprcyend, 1); rlvl->cbgwidthexpn = rlvl->prcwidthexpn - 1; rlvl->cbgheightexpn = rlvl->prcheightexpn - 1; } rlvl->cblkwidthexpn = JAS_MIN(ccp->cblkwidthexpn, rlvl->cbgwidthexpn); rlvl->cblkheightexpn = JAS_MIN(ccp->cblkheightexpn, rlvl->cbgheightexpn); rlvl->numbands = (!rlvlno) ? 1 : 3; if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_dec_band_t)))) { return -1; } for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; ++bandno, ++band) { bndno = (!rlvlno) ? 0 : (3 * (rlvlno - 1) + bandno + 1); bnd = &bnds[bndno]; band->orient = bnd->orient; band->stepsize = ccp->stepsizes[bndno]; band->analgain = JPC_NOMINALGAIN(ccp->qmfbid, tcomp->numrlvls - 1, rlvlno, band->orient); band->absstepsize = jpc_calcabsstepsize(band->stepsize, cmpt->prec + band->analgain); band->numbps = ccp->numguardbits + JPC_QCX_GETEXPN(band->stepsize) - 1; band->roishift = (ccp->roishift + band->numbps >= JPC_PREC) ? (JPC_PREC - 1 - band->numbps) : ccp->roishift; band->data = 0; band->prcs = 0; if (bnd->xstart == bnd->xend || bnd->ystart == bnd->yend) { continue; } if (!(band->data = jas_seq2d_create(0, 0, 0, 0))) { return -1; } jas_seq2d_bindsub(band->data, tcomp->data, bnd->locxstart, bnd->locystart, bnd->locxend, bnd->locyend); jas_seq2d_setshift(band->data, bnd->xstart, bnd->ystart); assert(rlvl->numprcs); if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_dec_prc_t)))) { return -1; } cbgxstart = tlcbgxstart; cbgystart = tlcbgystart; for (prccnt = rlvl->numprcs, prc = band->prcs; prccnt > 0; --prccnt, ++prc) { cbgxend = cbgxstart + (1 << rlvl->cbgwidthexpn); cbgyend = cbgystart + (1 << rlvl->cbgheightexpn); prc->xstart = JAS_MAX(cbgxstart, JAS_CAST(uint_fast32_t, jas_seq2d_xstart(band->data))); prc->ystart = JAS_MAX(cbgystart, JAS_CAST(uint_fast32_t, jas_seq2d_ystart(band->data))); prc->xend = JAS_MIN(cbgxend, JAS_CAST(uint_fast32_t, jas_seq2d_xend(band->data))); prc->yend = JAS_MIN(cbgyend, JAS_CAST(uint_fast32_t, jas_seq2d_yend(band->data))); if (prc->xend > prc->xstart && prc->yend > prc->ystart) { tlcblkxstart = JPC_FLOORDIVPOW2(prc->xstart, rlvl->cblkwidthexpn) << rlvl->cblkwidthexpn; tlcblkystart = JPC_FLOORDIVPOW2(prc->ystart, rlvl->cblkheightexpn) << rlvl->cblkheightexpn; brcblkxend = JPC_CEILDIVPOW2(prc->xend, rlvl->cblkwidthexpn) << rlvl->cblkwidthexpn; brcblkyend = JPC_CEILDIVPOW2(prc->yend, rlvl->cblkheightexpn) << rlvl->cblkheightexpn; prc->numhcblks = (brcblkxend - tlcblkxstart) >> rlvl->cblkwidthexpn; prc->numvcblks = (brcblkyend - tlcblkystart) >> rlvl->cblkheightexpn; prc->numcblks = prc->numhcblks * prc->numvcblks; assert(prc->numcblks > 0); if (!(prc->incltagtree = jpc_tagtree_create( prc->numhcblks, prc->numvcblks))) { return -1; } if (!(prc->numimsbstagtree = jpc_tagtree_create( prc->numhcblks, prc->numvcblks))) { return -1; } if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_dec_cblk_t)))) { return -1; } cblkxstart = cbgxstart; cblkystart = cbgystart; for (cblkcnt = prc->numcblks, cblk = prc->cblks; cblkcnt > 0;) { cblkxend = cblkxstart + (1 << rlvl->cblkwidthexpn); cblkyend = cblkystart + (1 << rlvl->cblkheightexpn); tmpxstart = JAS_MAX(cblkxstart, prc->xstart); tmpystart = JAS_MAX(cblkystart, prc->ystart); tmpxend = JAS_MIN(cblkxend, prc->xend); tmpyend = JAS_MIN(cblkyend, prc->yend); if (tmpxend > tmpxstart && tmpyend > tmpystart) { cblk->firstpassno = -1; cblk->mqdec = 0; cblk->nulldec = 0; cblk->flags = 0; cblk->numpasses = 0; cblk->segs.head = 0; cblk->segs.tail = 0; cblk->curseg = 0; cblk->numimsbs = 0; cblk->numlenbits = 3; cblk->flags = 0; if (!(cblk->data = jas_seq2d_create(0, 0, 0, 0))) { return -1; } jas_seq2d_bindsub(cblk->data, band->data, tmpxstart, tmpystart, tmpxend, tmpyend); ++cblk; --cblkcnt; } cblkxstart += 1 << rlvl->cblkwidthexpn; if (cblkxstart >= cbgxend) { cblkxstart = cbgxstart; cblkystart += 1 << rlvl->cblkheightexpn; } } } else { prc->cblks = 0; prc->incltagtree = 0; prc->numimsbstagtree = 0; } cbgxstart += 1 << rlvl->cbgwidthexpn; if (cbgxstart >= brcbgxend) { cbgxstart = tlcbgxstart; cbgystart += 1 << rlvl->cbgheightexpn; } } } } } if (!(tile->pi = jpc_dec_pi_create(dec, tile))) { return -1; } for (pchgno = 0; pchgno < jpc_pchglist_numpchgs(tile->cp->pchglist); ++pchgno) { pchg = jpc_pchg_copy(jpc_pchglist_get(tile->cp->pchglist, pchgno)); assert(pchg); jpc_pi_addpchg(tile->pi, pchg); } jpc_pi_init(tile->pi); return 0; }",visit repo url,src/libjasper/jpc/jpc_dec.c,https://github.com/mdadams/jasper,274487979167654,1 2286,CWE-119,"queue_unlock(struct futex_q *q, struct futex_hash_bucket *hb) { spin_unlock(&hb->lock); drop_futex_key_refs(&q->key); }",visit repo url,kernel/futex.c,https://github.com/torvalds/linux,222578401149734,1 6137,CWE-190,"void ep_mul_slide(ep_t r, const ep_t p, const bn_t k) { bn_t _k, n; ep_t t[1 << (EP_WIDTH - 1)], q; int i, j, l; uint8_t win[RLC_FP_BITS + 1]; if (bn_is_zero(k) || ep_is_infty(p)) { ep_set_infty(r); return; } ep_null(q); bn_null(n); bn_null(_k); RLC_TRY { bn_new(n); bn_new(_k); for (i = 0; i < (1 << (EP_WIDTH - 1)); i ++) { ep_null(t[i]); ep_new(t[i]); } ep_new(q); ep_copy(t[0], p); ep_dbl(q, p); #if defined(EP_MIXED) ep_norm(q, q); #endif ep_curve_get_ord(n); bn_mod(_k, k, n); for (i = 1; i < (1 << (EP_WIDTH - 1)); i++) { ep_add(t[i], t[i - 1], q); } #if defined(EP_MIXED) ep_norm_sim(t + 1, (const ep_t *)t + 1, (1 << (EP_WIDTH - 1)) - 1); #endif ep_set_infty(q); l = RLC_FP_BITS + 1; bn_rec_slw(win, &l, _k, EP_WIDTH); for (i = 0; i < l; i++) { if (win[i] == 0) { ep_dbl(q, q); } else { for (j = 0; j < util_bits_dig(win[i]); j++) { ep_dbl(q, q); } ep_add(q, q, t[win[i] >> 1]); } } ep_norm(r, q); if (bn_sign(_k) == RLC_NEG) { ep_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(_k); for (i = 0; i < (1 << (EP_WIDTH - 1)); i++) { ep_free(t[i]); } ep_free(q); } }",visit repo url,src/ep/relic_ep_mul.c,https://github.com/relic-toolkit/relic,31697821974755,1 5754,['CWE-200'],"static int irda_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { struct sock *sk = sock->sk; IRDA_DEBUG(4, ""%s(), cmd=%#x\n"", __func__, cmd); switch (cmd) { case TIOCOUTQ: { long amount; amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk); if (amount < 0) amount = 0; if (put_user(amount, (unsigned int __user *)arg)) return -EFAULT; return 0; } case TIOCINQ: { struct sk_buff *skb; long amount = 0L; if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) amount = skb->len; if (put_user(amount, (unsigned int __user *)arg)) return -EFAULT; return 0; } case SIOCGSTAMP: if (sk != NULL) return sock_get_timestamp(sk, (struct timeval __user *)arg); return -EINVAL; case SIOCGIFADDR: case SIOCSIFADDR: case SIOCGIFDSTADDR: case SIOCSIFDSTADDR: case SIOCGIFBRDADDR: case SIOCSIFBRDADDR: case SIOCGIFNETMASK: case SIOCSIFNETMASK: case SIOCGIFMETRIC: case SIOCSIFMETRIC: return -EINVAL; default: IRDA_DEBUG(1, ""%s(), doing device ioctl!\n"", __func__); return -ENOIOCTLCMD; } return 0; }",linux-2.6,,,191335328906931892669133714194598669671,0 5795,['CWE-200'],"static int atif_ioctl(int cmd, void __user *arg) { static char aarp_mcast[6] = { 0x09, 0x00, 0x00, 0xFF, 0xFF, 0xFF }; struct ifreq atreq; struct atalk_netrange *nr; struct sockaddr_at *sa; struct net_device *dev; struct atalk_iface *atif; int ct; int limit; struct rtentry rtdef; int add_route; if (copy_from_user(&atreq, arg, sizeof(atreq))) return -EFAULT; dev = __dev_get_by_name(&init_net, atreq.ifr_name); if (!dev) return -ENODEV; sa = (struct sockaddr_at *)&atreq.ifr_addr; atif = atalk_find_dev(dev); switch (cmd) { case SIOCSIFADDR: if (!capable(CAP_NET_ADMIN)) return -EPERM; if (sa->sat_family != AF_APPLETALK) return -EINVAL; if (dev->type != ARPHRD_ETHER && dev->type != ARPHRD_LOOPBACK && dev->type != ARPHRD_LOCALTLK && dev->type != ARPHRD_PPP) return -EPROTONOSUPPORT; nr = (struct atalk_netrange *)&sa->sat_zero[0]; add_route = 1; if ((dev->flags & IFF_POINTOPOINT) && atalk_find_interface(sa->sat_addr.s_net, sa->sat_addr.s_node)) { printk(KERN_DEBUG ""AppleTalk: point-to-point "" ""interface added with "" ""existing address\n""); add_route = 0; } if (dev->type == ARPHRD_ETHER && nr->nr_phase != 2) return -EPROTONOSUPPORT; if (sa->sat_addr.s_node == ATADDR_BCAST || sa->sat_addr.s_node == 254) return -EINVAL; if (atif) { if (atif->status & ATIF_PROBE) return -EBUSY; atif->address.s_net = sa->sat_addr.s_net; atif->address.s_node = sa->sat_addr.s_node; atrtr_device_down(dev); } else { atif = atif_add_device(dev, &sa->sat_addr); if (!atif) return -ENOMEM; } atif->nets = *nr; if (!(dev->flags & IFF_LOOPBACK) && !(dev->flags & IFF_POINTOPOINT) && atif_probe_device(atif) < 0) { atif_drop_device(dev); return -EADDRINUSE; } sa = (struct sockaddr_at *)&rtdef.rt_gateway; sa->sat_family = AF_APPLETALK; sa->sat_addr.s_net = atif->address.s_net; sa->sat_addr.s_node = atif->address.s_node; sa = (struct sockaddr_at *)&rtdef.rt_dst; rtdef.rt_flags = RTF_UP; sa->sat_family = AF_APPLETALK; sa->sat_addr.s_node = ATADDR_ANYNODE; if (dev->flags & IFF_LOOPBACK || dev->flags & IFF_POINTOPOINT) rtdef.rt_flags |= RTF_HOST; if (nr->nr_firstnet == htons(0) && nr->nr_lastnet == htons(0xFFFE)) { sa->sat_addr.s_net = atif->address.s_net; atrtr_create(&rtdef, dev); atrtr_set_default(dev); } else { limit = ntohs(nr->nr_lastnet); if (limit - ntohs(nr->nr_firstnet) > 4096) { printk(KERN_WARNING ""Too many routes/"" ""iface.\n""); return -EINVAL; } if (add_route) for (ct = ntohs(nr->nr_firstnet); ct <= limit; ct++) { sa->sat_addr.s_net = htons(ct); atrtr_create(&rtdef, dev); } } dev_mc_add(dev, aarp_mcast, 6, 1); return 0; case SIOCGIFADDR: if (!atif) return -EADDRNOTAVAIL; sa->sat_family = AF_APPLETALK; sa->sat_addr = atif->address; break; case SIOCGIFBRDADDR: if (!atif) return -EADDRNOTAVAIL; sa->sat_family = AF_APPLETALK; sa->sat_addr.s_net = atif->address.s_net; sa->sat_addr.s_node = ATADDR_BCAST; break; case SIOCATALKDIFADDR: case SIOCDIFADDR: if (!capable(CAP_NET_ADMIN)) return -EPERM; if (sa->sat_family != AF_APPLETALK) return -EINVAL; atalk_dev_down(dev); break; case SIOCSARP: if (!capable(CAP_NET_ADMIN)) return -EPERM; if (sa->sat_family != AF_APPLETALK) return -EINVAL; if (dev->type != ARPHRD_ETHER) return -EPROTONOSUPPORT; if (!atif) return -EADDRNOTAVAIL; nr = (struct atalk_netrange *)&(atif->nets); if (dev->type == ARPHRD_ETHER && nr->nr_phase != 2) return -EPROTONOSUPPORT; if (sa->sat_addr.s_node == ATADDR_BCAST || sa->sat_addr.s_node == 254) return -EINVAL; if (atif_proxy_probe_device(atif, &(sa->sat_addr)) < 0) return -EADDRINUSE; break; case SIOCDARP: if (!capable(CAP_NET_ADMIN)) return -EPERM; if (sa->sat_family != AF_APPLETALK) return -EINVAL; if (!atif) return -EADDRNOTAVAIL; aarp_proxy_remove(atif->dev, &(sa->sat_addr)); return 0; } return copy_to_user(arg, &atreq, sizeof(atreq)) ? -EFAULT : 0; }",linux-2.6,,,12428133733728526022638447523350996861,0 3340,[],"static inline int nlmsg_total_size(int payload) { return NLMSG_ALIGN(nlmsg_msg_size(payload)); }",linux-2.6,,,227534345814315948185551963017373772047,0 915,['CWE-200'],"static int shmem_fill_super(struct super_block *sb, void *data, int silent) { struct inode *inode; struct dentry *root; int mode = S_IRWXUGO | S_ISVTX; uid_t uid = current->fsuid; gid_t gid = current->fsgid; int err = -ENOMEM; struct shmem_sb_info *sbinfo; unsigned long blocks = 0; unsigned long inodes = 0; int policy = MPOL_DEFAULT; nodemask_t policy_nodes = node_states[N_HIGH_MEMORY]; #ifdef CONFIG_TMPFS if (!(sb->s_flags & MS_NOUSER)) { blocks = totalram_pages / 2; inodes = totalram_pages - totalhigh_pages; if (inodes > blocks) inodes = blocks; if (shmem_parse_options(data, &mode, &uid, &gid, &blocks, &inodes, &policy, &policy_nodes)) return -EINVAL; } sb->s_export_op = &shmem_export_ops; #else sb->s_flags |= MS_NOUSER; #endif sbinfo = kmalloc(max((int)sizeof(struct shmem_sb_info), L1_CACHE_BYTES), GFP_KERNEL); if (!sbinfo) return -ENOMEM; spin_lock_init(&sbinfo->stat_lock); sbinfo->max_blocks = blocks; sbinfo->free_blocks = blocks; sbinfo->max_inodes = inodes; sbinfo->free_inodes = inodes; sbinfo->policy = policy; sbinfo->policy_nodes = policy_nodes; sb->s_fs_info = sbinfo; sb->s_maxbytes = SHMEM_MAX_BYTES; sb->s_blocksize = PAGE_CACHE_SIZE; sb->s_blocksize_bits = PAGE_CACHE_SHIFT; sb->s_magic = TMPFS_MAGIC; sb->s_op = &shmem_ops; sb->s_time_gran = 1; #ifdef CONFIG_TMPFS_POSIX_ACL sb->s_xattr = shmem_xattr_handlers; sb->s_flags |= MS_POSIXACL; #endif inode = shmem_get_inode(sb, S_IFDIR | mode, 0); if (!inode) goto failed; inode->i_uid = uid; inode->i_gid = gid; root = d_alloc_root(inode); if (!root) goto failed_iput; sb->s_root = root; return 0; failed_iput: iput(inode); failed: shmem_put_super(sb); return err; }",linux-2.6,,,78130708393860250722700484512332726844,0 3639,['CWE-287'],"struct sctp_transport *sctp_assoc_lookup_paddr( const struct sctp_association *asoc, const union sctp_addr *address) { struct sctp_transport *t; list_for_each_entry(t, &asoc->peer.transport_addr_list, transports) { if (sctp_cmp_addr_exact(address, &t->ipaddr)) return t; } return NULL; }",linux-2.6,,,61862470261638815426682429130494208014,0 207,CWE-362,"static long ec_device_ioctl_xcmd(struct cros_ec_dev *ec, void __user *arg) { long ret; struct cros_ec_command u_cmd; struct cros_ec_command *s_cmd; if (copy_from_user(&u_cmd, arg, sizeof(u_cmd))) return -EFAULT; if ((u_cmd.outsize > EC_MAX_MSG_BYTES) || (u_cmd.insize > EC_MAX_MSG_BYTES)) return -EINVAL; s_cmd = kmalloc(sizeof(*s_cmd) + max(u_cmd.outsize, u_cmd.insize), GFP_KERNEL); if (!s_cmd) return -ENOMEM; if (copy_from_user(s_cmd, arg, sizeof(*s_cmd) + u_cmd.outsize)) { ret = -EFAULT; goto exit; } s_cmd->command += ec->cmd_offset; ret = cros_ec_cmd_xfer(ec->ec_dev, s_cmd); if (ret < 0) goto exit; if (copy_to_user(arg, s_cmd, sizeof(*s_cmd) + u_cmd.insize)) ret = -EFAULT; exit: kfree(s_cmd); return ret; }",visit repo url,drivers/platform/chrome/cros_ec_dev.c,https://github.com/torvalds/linux,68215705492452,1 2454,CWE-119,"static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun, void *hba_private) { SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d); SCSIRequest *req; SCSIDiskReq *r; req = scsi_req_alloc(&scsi_disk_reqops, &s->qdev, tag, lun, hba_private); r = DO_UPCAST(SCSIDiskReq, req, req); r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE); return req; }",visit repo url,hw/scsi-disk.c,https://github.com/bonzini/qemu,187569432790076,1 5621,[],"SYSCALL_DEFINE1(sigpending, old_sigset_t __user *, set) { return do_sigpending(set, sizeof(*set)); }",linux-2.6,,,216212929654433561989979068587982103166,0 5952,['CWE-909'],"static int qdisc_notify(struct sk_buff *oskb, struct nlmsghdr *n, u32 clid, struct Qdisc *old, struct Qdisc *new) { struct sk_buff *skb; u32 pid = oskb ? NETLINK_CB(oskb).pid : 0; skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) return -ENOBUFS; if (old && old->handle) { if (tc_fill_qdisc(skb, old, clid, pid, n->nlmsg_seq, 0, RTM_DELQDISC) < 0) goto err_out; } if (new) { if (tc_fill_qdisc(skb, new, clid, pid, n->nlmsg_seq, old ? NLM_F_REPLACE : 0, RTM_NEWQDISC) < 0) goto err_out; } if (skb->len) return rtnetlink_send(skb, &init_net, pid, RTNLGRP_TC, n->nlmsg_flags&NLM_F_ECHO); err_out: kfree_skb(skb); return -EINVAL; }",linux-2.6,,,116687550584135920328944630623444229733,0 3625,[],"static void rtc_uie_timer(unsigned long data) { struct rtc_device *rtc = (struct rtc_device *)data; unsigned long flags; spin_lock_irqsave(&rtc->irq_lock, flags); rtc->uie_timer_active = 0; rtc->uie_task_active = 1; if ((schedule_work(&rtc->uie_task) == 0)) rtc->uie_task_active = 0; spin_unlock_irqrestore(&rtc->irq_lock, flags); }",linux-2.6,,,62003386981996695901809594914392322279,0 969,CWE-362,"static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { int change; struct user_element *ue = kcontrol->private_data; change = memcmp(&ucontrol->value, ue->elem_data, ue->elem_data_size) != 0; if (change) memcpy(ue->elem_data, &ucontrol->value, ue->elem_data_size); return change; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,253929512089435,1 417,[],"pfm_reserve_page(unsigned long a) { SetPageReserved(vmalloc_to_page((void *)a)); }",linux-2.6,,,98328478990109979253638127978037321988,0 6081,['CWE-200'],"cbq_destroy(struct Qdisc* sch) { struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *cl; unsigned h; #ifdef CONFIG_NET_CLS_POLICE q->rx_class = NULL; #endif for (h = 0; h < 16; h++) for (cl = q->classes[h]; cl; cl = cl->next) cbq_destroy_filters(cl); for (h = 0; h < 16; h++) { struct cbq_class *next; for (cl = q->classes[h]; cl; cl = next) { next = cl->next; cbq_destroy_class(sch, cl); } } }",linux-2.6,,,75840462520245661911215448185272603296,0 6077,CWE-190,"int bn_size_str(const bn_t a, int radix) { int digits = 0; bn_t t; bn_null(t); if (radix < 2 || radix > 64) { RLC_THROW(ERR_NO_VALID); return 0; } if (bn_is_zero(a)) { return 2; } if (radix == 2) { return bn_bits(a) + (a->sign == RLC_NEG ? 1 : 0) + 1; } if (a->sign == RLC_NEG) { digits++; } RLC_TRY { bn_new(t); bn_copy(t, a); t->sign = RLC_POS; while (!bn_is_zero(t)) { bn_div_dig(t, t, (dig_t)radix); digits++; } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } return digits + 1; }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,124693740708531,1 1294,CWE-264,"static int flakey_ioctl(struct dm_target *ti, unsigned int cmd, unsigned long arg) { struct flakey_c *fc = ti->private; return __blkdev_driver_ioctl(fc->dev->bdev, fc->dev->mode, cmd, arg); }",visit repo url,drivers/md/dm-flakey.c,https://github.com/torvalds/linux,12803811539748,1 5629,CWE-125,"expr_context_name(expr_context_ty ctx) { switch (ctx) { case Load: return ""Load""; case Store: return ""Store""; case Del: return ""Del""; case AugLoad: return ""AugLoad""; case AugStore: return ""AugStore""; case Param: return ""Param""; default: assert(0); return ""(unknown)""; } }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,260872093129908,1 4014,CWE-532,"rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request, size_t request_len) { rend_service_t *service; rend_intro_point_t *intro; char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; (void) request; (void) request_len; tor_assert(circuit->rend_data); const char *rend_pk_digest = (char *) rend_data_get_pk_digest(circuit->rend_data, NULL); if (circuit->base_.purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) { log_warn(LD_PROTOCOL, ""received INTRO_ESTABLISHED cell on non-intro circuit.""); goto err; } service = rend_service_get_by_pk_digest(rend_pk_digest); if (!service) { log_warn(LD_REND, ""Unknown service on introduction circuit %u."", (unsigned)circuit->base_.n_circ_id); goto err; } intro = find_intro_point(circuit); if (intro == NULL) { log_warn(LD_REND, ""Introduction circuit established without a rend_intro_point_t "" ""object for service %s on circuit %u"", safe_str_client(serviceid), (unsigned)circuit->base_.n_circ_id); goto err; } intro->circuit_established = 1; service->desc_is_dirty = time(NULL); circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO); base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1, rend_pk_digest, REND_SERVICE_ID_LEN); log_info(LD_REND, ""Received INTRO_ESTABLISHED cell on circuit %u for service %s"", (unsigned)circuit->base_.n_circ_id, serviceid); pathbias_mark_use_success(circuit); return 0; err: circuit_mark_for_close(TO_CIRCUIT(circuit), END_CIRC_REASON_TORPROTOCOL); return -1; }",visit repo url,src/or/rendservice.c,https://github.com/torproject/tor,15395739443553,1 1012,['CWE-94'],"static int direct_splice_actor(struct pipe_inode_info *pipe, struct splice_desc *sd) { struct file *file = sd->u.file; return do_splice_from(pipe, file, &sd->pos, sd->total_len, sd->flags); }",linux-2.6,,,216131311432967630822738268038044077309,0 304,[],"static int do_ncp_getobjectname(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ncp_objectname_ioctl_32 n32, __user *p32 = compat_ptr(arg); struct ncp_objectname_ioctl __user *p = compat_alloc_user_space(sizeof(*p)); s32 auth_type; u32 name_len; int err; if (copy_from_user(&n32, p32, sizeof(n32)) || put_user(n32.object_name_len, &p->object_name_len) || put_user(compat_ptr(n32.object_name), &p->object_name)) return -EFAULT; err = sys_ioctl(fd, NCP_IOC_GETOBJECTNAME, (unsigned long)p); if (err) return err; if (get_user(auth_type, &p->auth_type) || put_user(auth_type, &p32->auth_type) || get_user(name_len, &p->object_name_len) || put_user(name_len, &p32->object_name_len)) return -EFAULT; return 0; }",linux-2.6,,,68957596293930975477604541543405845813,0 254,[],"static int fat_parse_long(struct inode *dir, loff_t *pos, struct buffer_head **bh, struct msdos_dir_entry **de, wchar_t **unicode, unsigned char *nr_slots) { struct msdos_dir_slot *ds; unsigned char id, slot, slots, alias_checksum; if (!*unicode) { *unicode = (wchar_t *)__get_free_page(GFP_KERNEL); if (!*unicode) { brelse(*bh); return -ENOMEM; } } parse_long: slots = 0; ds = (struct msdos_dir_slot *)*de; id = ds->id; if (!(id & 0x40)) return PARSE_INVALID; slots = id & ~0x40; if (slots > 20 || !slots) return PARSE_INVALID; *nr_slots = slots; alias_checksum = ds->alias_checksum; slot = slots; while (1) { int offset; slot--; offset = slot * 13; fat16_towchar(*unicode + offset, ds->name0_4, 5); fat16_towchar(*unicode + offset + 5, ds->name5_10, 6); fat16_towchar(*unicode + offset + 11, ds->name11_12, 2); if (ds->id & 0x40) (*unicode)[offset + 13] = 0; if (fat_get_entry(dir, pos, bh, de) < 0) return PARSE_EOF; if (slot == 0) break; ds = (struct msdos_dir_slot *)*de; if (ds->attr != ATTR_EXT) return PARSE_NOT_LONGNAME; if ((ds->id & ~0x40) != slot) goto parse_long; if (ds->alias_checksum != alias_checksum) goto parse_long; } if ((*de)->name[0] == DELETED_FLAG) return PARSE_INVALID; if ((*de)->attr == ATTR_EXT) goto parse_long; if (IS_FREE((*de)->name) || ((*de)->attr & ATTR_VOLUME)) return PARSE_INVALID; if (fat_checksum((*de)->name) != alias_checksum) *nr_slots = 0; return 0; }",linux-2.6,,,322255316050878017403792738615195690386,0 2550,['CWE-119'],"static int handle_one_ref(const char *path, const unsigned char *sha1, int flag, void *cb_data) { struct all_refs_cb *cb = cb_data; struct object *object = get_reference(cb->all_revs, path, sha1, cb->all_flags); add_pending_object(cb->all_revs, object, path); return 0; }",git,,,309680088798601713959963899900537749729,0 500,[],"void *snd_malloc_pages(size_t size, gfp_t gfp_flags) { int pg; void *res; snd_assert(size > 0, return NULL); snd_assert(gfp_flags != 0, return NULL); gfp_flags |= __GFP_COMP; pg = get_order(size); if ((res = (void *) __get_free_pages(gfp_flags, pg)) != NULL) inc_snd_pages(pg); return res; }",linux-2.6,,,83865424187259947793680950088775982603,0 1909,['CWE-20'],"void print_vma_addr(char *prefix, unsigned long ip) { struct mm_struct *mm = current->mm; struct vm_area_struct *vma; if (preempt_count()) return; down_read(&mm->mmap_sem); vma = find_vma(mm, ip); if (vma && vma->vm_file) { struct file *f = vma->vm_file; char *buf = (char *)__get_free_page(GFP_KERNEL); if (buf) { char *p, *s; p = d_path(&f->f_path, buf, PAGE_SIZE); if (IS_ERR(p)) p = ""?""; s = strrchr(p, '/'); if (s) p = s+1; printk(""%s%s[%lx+%lx]"", prefix, p, vma->vm_start, vma->vm_end - vma->vm_start); free_page((unsigned long)buf); } } up_read(¤t->mm->mmap_sem); }",linux-2.6,,,158079701056646137954890503148015493178,0 4758,CWE-415,"static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* serial) { cac_private_data_t * priv = CAC_DATA(card); SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->serialnr.len) { *serial = card->serialnr; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } if (priv->cac_id_len) { serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR); memcpy(serial->value, priv->cac_id, priv->cac_id_len); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); }",visit repo url,src/libopensc/card-cac.c,https://github.com/OpenSC/OpenSC,194185458772061,1 178,CWE-476,"static void ax25_kill_by_device(struct net_device *dev) { ax25_dev *ax25_dev; ax25_cb *s; struct sock *sk; if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL) return; spin_lock_bh(&ax25_list_lock); again: ax25_for_each(s, &ax25_list) { if (s->ax25_dev == ax25_dev) { sk = s->sk; sock_hold(sk); spin_unlock_bh(&ax25_list_lock); lock_sock(sk); s->ax25_dev = NULL; ax25_dev_put(ax25_dev); release_sock(sk); ax25_disconnect(s, ENETUNREACH); spin_lock_bh(&ax25_list_lock); sock_put(sk); goto again; } } spin_unlock_bh(&ax25_list_lock); }",visit repo url,net/ax25/af_ax25.c,https://github.com/torvalds/linux,13235392193164,1 1096,CWE-362,"int dccp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) { const struct sockaddr_in *usin = (struct sockaddr_in *)uaddr; struct inet_sock *inet = inet_sk(sk); struct dccp_sock *dp = dccp_sk(sk); __be16 orig_sport, orig_dport; __be32 daddr, nexthop; struct flowi4 fl4; struct rtable *rt; int err; dp->dccps_role = DCCP_ROLE_CLIENT; if (addr_len < sizeof(struct sockaddr_in)) return -EINVAL; if (usin->sin_family != AF_INET) return -EAFNOSUPPORT; nexthop = daddr = usin->sin_addr.s_addr; if (inet->opt != NULL && inet->opt->srr) { if (daddr == 0) return -EINVAL; nexthop = inet->opt->faddr; } orig_sport = inet->inet_sport; orig_dport = usin->sin_port; rt = ip_route_connect(&fl4, nexthop, inet->inet_saddr, RT_CONN_FLAGS(sk), sk->sk_bound_dev_if, IPPROTO_DCCP, orig_sport, orig_dport, sk, true); if (IS_ERR(rt)) return PTR_ERR(rt); if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) { ip_rt_put(rt); return -ENETUNREACH; } if (inet->opt == NULL || !inet->opt->srr) daddr = rt->rt_dst; if (inet->inet_saddr == 0) inet->inet_saddr = rt->rt_src; inet->inet_rcv_saddr = inet->inet_saddr; inet->inet_dport = usin->sin_port; inet->inet_daddr = daddr; inet_csk(sk)->icsk_ext_hdr_len = 0; if (inet->opt != NULL) inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen; dccp_set_state(sk, DCCP_REQUESTING); err = inet_hash_connect(&dccp_death_row, sk); if (err != 0) goto failure; rt = ip_route_newports(&fl4, rt, orig_sport, orig_dport, inet->inet_sport, inet->inet_dport, sk); if (IS_ERR(rt)) { rt = NULL; goto failure; } sk_setup_caps(sk, &rt->dst); dp->dccps_iss = secure_dccp_sequence_number(inet->inet_saddr, inet->inet_daddr, inet->inet_sport, inet->inet_dport); inet->inet_id = dp->dccps_iss ^ jiffies; err = dccp_connect(sk); rt = NULL; if (err != 0) goto failure; out: return err; failure: dccp_set_state(sk, DCCP_CLOSED); ip_rt_put(rt); sk->sk_route_caps = 0; inet->inet_dport = 0; goto out; }",visit repo url,net/dccp/ipv4.c,https://github.com/torvalds/linux,7129178591206,1 1415,[],"check_preempt_tick(struct cfs_rq *cfs_rq, struct sched_entity *curr) { unsigned long ideal_runtime, delta_exec; ideal_runtime = sched_slice(cfs_rq, curr); delta_exec = curr->sum_exec_runtime - curr->prev_sum_exec_runtime; if (delta_exec > ideal_runtime) resched_task(rq_of(cfs_rq)->curr); }",linux-2.6,,,324330441675558251539140394527256153410,0 1302,CWE-399,"static int hugetlbfs_statfs(struct dentry *dentry, struct kstatfs *buf) { struct hugetlbfs_sb_info *sbinfo = HUGETLBFS_SB(dentry->d_sb); struct hstate *h = hstate_inode(dentry->d_inode); buf->f_type = HUGETLBFS_MAGIC; buf->f_bsize = huge_page_size(h); if (sbinfo) { spin_lock(&sbinfo->stat_lock); if (sbinfo->max_blocks >= 0) { buf->f_blocks = sbinfo->max_blocks; buf->f_bavail = buf->f_bfree = sbinfo->free_blocks; buf->f_files = sbinfo->max_inodes; buf->f_ffree = sbinfo->free_inodes; } spin_unlock(&sbinfo->stat_lock); } buf->f_namelen = NAME_MAX; return 0; }",visit repo url,fs/hugetlbfs/inode.c,https://github.com/torvalds/linux,235765536791405,1 1082,['CWE-20'],"void kernel_restart(char *cmd) { kernel_restart_prepare(cmd); if (!cmd) printk(KERN_EMERG ""Restarting system.\n""); else printk(KERN_EMERG ""Restarting system with command '%s'.\n"", cmd); machine_restart(cmd); }",linux-2.6,,,138211116247724037290663877341285791533,0 2704,CWE-190,"static void spl_filesystem_dir_it_current_data(zend_object_iterator *iter, zval ***data TSRMLS_DC) { spl_filesystem_iterator *iterator = (spl_filesystem_iterator *)iter; *data = &iterator->current; }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,35871629905536,1 3505,['CWE-20'],"sctp_disposition_t sctp_sf_ignore_other(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { SCTP_DEBUG_PRINTK(""The event other type %d is ignored\n"", type.other); return SCTP_DISPOSITION_DISCARD; }",linux-2.6,,,315658002061999082081560286236989853994,0 1926,CWE-400,"static void __return_cfs_rq_runtime(struct cfs_rq *cfs_rq) { struct cfs_bandwidth *cfs_b = tg_cfs_bandwidth(cfs_rq->tg); s64 slack_runtime = cfs_rq->runtime_remaining - min_cfs_rq_runtime; if (slack_runtime <= 0) return; raw_spin_lock(&cfs_b->lock); if (cfs_b->quota != RUNTIME_INF && cfs_rq->runtime_expires == cfs_b->runtime_expires) { cfs_b->runtime += slack_runtime; if (cfs_b->runtime > sched_cfs_bandwidth_slice() && !list_empty(&cfs_b->throttled_cfs_rq)) start_cfs_slack_bandwidth(cfs_b); } raw_spin_unlock(&cfs_b->lock); cfs_rq->runtime_remaining -= slack_runtime; }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,138407677950401,1 1590,[],"void __init sched_init_smp(void) { cpumask_t non_isolated_cpus; #if defined(CONFIG_NUMA) sched_group_nodes_bycpu = kzalloc(nr_cpu_ids * sizeof(void **), GFP_KERNEL); BUG_ON(sched_group_nodes_bycpu == NULL); #endif get_online_cpus(); arch_init_sched_domains(&cpu_online_map); cpus_andnot(non_isolated_cpus, cpu_possible_map, cpu_isolated_map); if (cpus_empty(non_isolated_cpus)) cpu_set(smp_processor_id(), non_isolated_cpus); put_online_cpus(); hotcpu_notifier(update_sched_domains, 0); if (set_cpus_allowed_ptr(current, &non_isolated_cpus) < 0) BUG(); sched_init_granularity(); }",linux-2.6,,,317268189490823919527111452353988269784,0 4356,['CWE-399'],"long keyctl_revoke_key(key_serial_t id) { key_ref_t key_ref; long ret; key_ref = lookup_user_key(id, 0, 0, KEY_WRITE); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); goto error; } key_revoke(key_ref_to_ptr(key_ref)); ret = 0; key_ref_put(key_ref); error: return ret; } ",linux-2.6,,,339185153485019594488953047825200996838,0 981,['CWE-189'],"ShmDetachSegment(value, shmseg) pointer value; XID shmseg; { ShmDescPtr shmdesc = (ShmDescPtr)value; ShmDescPtr *prev; if (--shmdesc->refcnt) return TRUE; shmdt(shmdesc->addr); for (prev = &Shmsegs; *prev != shmdesc; prev = &(*prev)->next) ; *prev = shmdesc->next; xfree(shmdesc); return Success; }",xserver,,,83811048172358700461959355823353458196,0 5609,[],"static void __flush_itimer_signals(struct sigpending *pending) { sigset_t signal, retain; struct sigqueue *q, *n; signal = pending->signal; sigemptyset(&retain); list_for_each_entry_safe(q, n, &pending->list, list) { int sig = q->info.si_signo; if (likely(q->info.si_code != SI_TIMER)) { sigaddset(&retain, sig); } else { sigdelset(&signal, sig); list_del_init(&q->list); __sigqueue_free(q); } } sigorsets(&pending->signal, &signal, &retain); }",linux-2.6,,,287095271771864296382209696546935546064,0 1929,CWE-400,"static int do_sched_cfs_period_timer(struct cfs_bandwidth *cfs_b, int overrun, unsigned long flags) { u64 runtime, runtime_expires; int throttled; if (cfs_b->quota == RUNTIME_INF) goto out_deactivate; throttled = !list_empty(&cfs_b->throttled_cfs_rq); cfs_b->nr_periods += overrun; if (cfs_b->idle && !throttled) goto out_deactivate; __refill_cfs_bandwidth_runtime(cfs_b); if (!throttled) { cfs_b->idle = 1; return 0; } cfs_b->nr_throttled += overrun; runtime_expires = cfs_b->runtime_expires; while (throttled && cfs_b->runtime > 0 && !cfs_b->distribute_running) { runtime = cfs_b->runtime; cfs_b->distribute_running = 1; raw_spin_unlock_irqrestore(&cfs_b->lock, flags); runtime = distribute_cfs_runtime(cfs_b, runtime, runtime_expires); raw_spin_lock_irqsave(&cfs_b->lock, flags); cfs_b->distribute_running = 0; throttled = !list_empty(&cfs_b->throttled_cfs_rq); lsub_positive(&cfs_b->runtime, runtime); } cfs_b->idle = 0; return 0; out_deactivate: return 1; }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,261593208285766,1 3446,CWE-264,"static bool caller_is_in_ancestor(pid_t pid, const char *contrl, const char *cg, char **nextcg) { char fnam[PROCLEN]; FILE *f; bool answer = false; char *line = NULL; size_t len = 0; int ret; ret = snprintf(fnam, PROCLEN, ""/proc/%d/cgroup"", pid); if (ret < 0 || ret >= PROCLEN) return false; if (!(f = fopen(fnam, ""r""))) return false; while (getline(&line, &len, f) != -1) { char *c1, *c2, *linecmp; if (!line[0]) continue; c1 = strchr(line, ':'); if (!c1) goto out; c1++; c2 = strchr(c1, ':'); if (!c2) goto out; *c2 = '\0'; if (strcmp(c1, contrl) != 0) continue; c2++; stripnewline(c2); prune_init_slice(c2); linecmp = *cg == '/' ? c2 : c2+1; if (strncmp(linecmp, cg, strlen(linecmp)) != 0) { if (nextcg) *nextcg = get_next_cgroup_dir(linecmp, cg); goto out; } answer = true; goto out; } out: fclose(f); free(line); return answer; }",visit repo url,lxcfs.c,https://github.com/lxc/lxcfs,135378662710024,1 694,[],"static void jpc_siz_destroyparms(jpc_ms_t *ms) { jpc_siz_t *siz = &ms->parms.siz; if (siz->comps) { jas_free(siz->comps); } }",jasper,,,22728077003861641205642589514578207528,0 620,['CWE-189'],"static int ieee80211_parse_info_param(struct ieee80211_info_element *info_element, u16 length, struct ieee80211_network *network) { u8 i; #ifdef CONFIG_IEEE80211_DEBUG char rates_str[64]; char *p; #endif while (length >= sizeof(*info_element)) { if (sizeof(*info_element) + info_element->len > length) { IEEE80211_DEBUG_MGMT(""Info elem: parse failed: "" ""info_element->len + 2 > left : "" ""info_element->len+2=%zd left=%d, id=%d.\n"", info_element->len + sizeof(*info_element), length, info_element->id); break; } switch (info_element->id) { case MFIE_TYPE_SSID: if (ieee80211_is_empty_essid(info_element->data, info_element->len)) { network->flags |= NETWORK_EMPTY_ESSID; break; } network->ssid_len = min(info_element->len, (u8) IW_ESSID_MAX_SIZE); memcpy(network->ssid, info_element->data, network->ssid_len); if (network->ssid_len < IW_ESSID_MAX_SIZE) memset(network->ssid + network->ssid_len, 0, IW_ESSID_MAX_SIZE - network->ssid_len); IEEE80211_DEBUG_MGMT(""MFIE_TYPE_SSID: '%s' len=%d.\n"", network->ssid, network->ssid_len); break; case MFIE_TYPE_RATES: #ifdef CONFIG_IEEE80211_DEBUG p = rates_str; #endif network->rates_len = min(info_element->len, MAX_RATES_LENGTH); for (i = 0; i < network->rates_len; i++) { network->rates[i] = info_element->data[i]; #ifdef CONFIG_IEEE80211_DEBUG p += snprintf(p, sizeof(rates_str) - (p - rates_str), ""%02X "", network->rates[i]); #endif if (ieee80211_is_ofdm_rate (info_element->data[i])) { network->flags |= NETWORK_HAS_OFDM; if (info_element->data[i] & IEEE80211_BASIC_RATE_MASK) network->flags &= ~NETWORK_HAS_CCK; } } IEEE80211_DEBUG_MGMT(""MFIE_TYPE_RATES: '%s' (%d)\n"", rates_str, network->rates_len); break; case MFIE_TYPE_RATES_EX: #ifdef CONFIG_IEEE80211_DEBUG p = rates_str; #endif network->rates_ex_len = min(info_element->len, MAX_RATES_EX_LENGTH); for (i = 0; i < network->rates_ex_len; i++) { network->rates_ex[i] = info_element->data[i]; #ifdef CONFIG_IEEE80211_DEBUG p += snprintf(p, sizeof(rates_str) - (p - rates_str), ""%02X "", network->rates[i]); #endif if (ieee80211_is_ofdm_rate (info_element->data[i])) { network->flags |= NETWORK_HAS_OFDM; if (info_element->data[i] & IEEE80211_BASIC_RATE_MASK) network->flags &= ~NETWORK_HAS_CCK; } } IEEE80211_DEBUG_MGMT(""MFIE_TYPE_RATES_EX: '%s' (%d)\n"", rates_str, network->rates_ex_len); break; case MFIE_TYPE_DS_SET: IEEE80211_DEBUG_MGMT(""MFIE_TYPE_DS_SET: %d\n"", info_element->data[0]); network->channel = info_element->data[0]; break; case MFIE_TYPE_FH_SET: IEEE80211_DEBUG_MGMT(""MFIE_TYPE_FH_SET: ignored\n""); break; case MFIE_TYPE_CF_SET: IEEE80211_DEBUG_MGMT(""MFIE_TYPE_CF_SET: ignored\n""); break; case MFIE_TYPE_TIM: network->tim.tim_count = info_element->data[0]; network->tim.tim_period = info_element->data[1]; IEEE80211_DEBUG_MGMT(""MFIE_TYPE_TIM: partially ignored\n""); break; case MFIE_TYPE_ERP_INFO: network->erp_value = info_element->data[0]; network->flags |= NETWORK_HAS_ERP_VALUE; IEEE80211_DEBUG_MGMT(""MFIE_TYPE_ERP_SET: %d\n"", network->erp_value); break; case MFIE_TYPE_IBSS_SET: network->atim_window = info_element->data[0]; IEEE80211_DEBUG_MGMT(""MFIE_TYPE_IBSS_SET: %d\n"", network->atim_window); break; case MFIE_TYPE_CHALLENGE: IEEE80211_DEBUG_MGMT(""MFIE_TYPE_CHALLENGE: ignored\n""); break; case MFIE_TYPE_GENERIC: IEEE80211_DEBUG_MGMT(""MFIE_TYPE_GENERIC: %d bytes\n"", info_element->len); if (!ieee80211_parse_qos_info_param_IE(info_element, network)) break; if (info_element->len >= 4 && info_element->data[0] == 0x00 && info_element->data[1] == 0x50 && info_element->data[2] == 0xf2 && info_element->data[3] == 0x01) { network->wpa_ie_len = min(info_element->len + 2, MAX_WPA_IE_LEN); memcpy(network->wpa_ie, info_element, network->wpa_ie_len); } break; case MFIE_TYPE_RSN: IEEE80211_DEBUG_MGMT(""MFIE_TYPE_RSN: %d bytes\n"", info_element->len); network->rsn_ie_len = min(info_element->len + 2, MAX_WPA_IE_LEN); memcpy(network->rsn_ie, info_element, network->rsn_ie_len); break; case MFIE_TYPE_QOS_PARAMETER: printk(KERN_ERR ""QoS Error need to parse QOS_PARAMETER IE\n""); break; case MFIE_TYPE_POWER_CONSTRAINT: network->power_constraint = info_element->data[0]; network->flags |= NETWORK_HAS_POWER_CONSTRAINT; break; case MFIE_TYPE_CSA: network->power_constraint = info_element->data[0]; network->flags |= NETWORK_HAS_CSA; break; case MFIE_TYPE_QUIET: network->quiet.count = info_element->data[0]; network->quiet.period = info_element->data[1]; network->quiet.duration = info_element->data[2]; network->quiet.offset = info_element->data[3]; network->flags |= NETWORK_HAS_QUIET; break; case MFIE_TYPE_IBSS_DFS: if (network->ibss_dfs) break; network->ibss_dfs = kmemdup(info_element->data, info_element->len, GFP_ATOMIC); if (!network->ibss_dfs) return 1; network->flags |= NETWORK_HAS_IBSS_DFS; break; case MFIE_TYPE_TPC_REPORT: network->tpc_report.transmit_power = info_element->data[0]; network->tpc_report.link_margin = info_element->data[1]; network->flags |= NETWORK_HAS_TPC_REPORT; break; default: IEEE80211_DEBUG_MGMT (""Unsupported info element: %s (%d)\n"", get_info_element_string(info_element->id), info_element->id); break; } length -= sizeof(*info_element) + info_element->len; info_element = (struct ieee80211_info_element *)&info_element-> data[info_element->len]; } return 0; }",linux-2.6,,,280087613369696816480081792654341827197,0 2207,NVD-CWE-noinfo,"struct nfs_open_context *nfs_find_open_context(struct inode *inode, struct rpc_cred *cred, int mode) { struct nfs_inode *nfsi = NFS_I(inode); struct nfs_open_context *pos, *ctx = NULL; spin_lock(&inode->i_lock); list_for_each_entry(pos, &nfsi->open_files, list) { if (cred != NULL && pos->cred != cred) continue; if ((pos->mode & mode) == mode) { ctx = get_nfs_open_context(pos); break; } } spin_unlock(&inode->i_lock); return ctx; }",visit repo url,fs/nfs/inode.c,https://github.com/torvalds/linux,210345942841117,1 4117,CWE-190,"static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p, const unsigned char *end ) { int ret = 0; size_t n; if( ssl->conf->f_psk == NULL && ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL || ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""got no pre-shared key"" ) ); return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); } if( *p + 2 > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad client key exchange message"" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } n = ( (*p)[0] << 8 ) | (*p)[1]; *p += 2; if( n < 1 || n > 65535 || *p + n > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad client key exchange message"" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } if( ssl->conf->f_psk != NULL ) { if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 ) ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; } else { if( n != ssl->conf->psk_identity_len || mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 ) { ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; } } if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) { MBEDTLS_SSL_DEBUG_BUF( 3, ""Unknown PSK identity"", *p, n ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY ); return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ); } *p += n; return( 0 ); }",visit repo url,library/ssl_srv.c,https://github.com/ARMmbed/mbedtls,27796262449273,1 1784,[],"void scheduler_tick(void) { int cpu = smp_processor_id(); struct rq *rq = cpu_rq(cpu); struct task_struct *curr = rq->curr; u64 next_tick = rq->tick_timestamp + TICK_NSEC; spin_lock(&rq->lock); __update_rq_clock(rq); if (unlikely(rq->clock < next_tick)) { rq->clock = next_tick; rq->clock_underflows++; } rq->tick_timestamp = rq->clock; update_last_tick_seen(rq); update_cpu_load(rq); curr->sched_class->task_tick(rq, curr, 0); spin_unlock(&rq->lock); #ifdef CONFIG_SMP rq->idle_at_tick = idle_cpu(cpu); trigger_load_balance(rq, cpu); #endif }",linux-2.6,,,322858866349001939058920622721588919772,0 1406,[],"static struct task_struct *load_balance_next_fair(void *arg) { struct cfs_rq *cfs_rq = arg; return __load_balance_iterator(cfs_rq, cfs_rq->rb_load_balance_curr); }",linux-2.6,,,331420071130699612642662527649073493981,0 2812,['CWE-264'],"handle_channel( struct net_device *dev ) { struct net_local *nl = (struct net_local *) dev->priv; unsigned long ioaddr = dev->base_addr; int req_ans; unsigned char csr0; #ifdef CONFIG_SBNI_MULTILINE if( nl->state & FL_SLAVE ) spin_lock( &((struct net_local *) nl->master->priv)->lock ); #endif outb( (inb( ioaddr + CSR0 ) & ~EN_INT) | TR_REQ, ioaddr + CSR0 ); nl->timer_ticks = CHANGE_LEVEL_START_TICKS; for(;;) { csr0 = inb( ioaddr + CSR0 ); if( ( csr0 & (RC_RDY | TR_RDY) ) == 0 ) break; req_ans = !(nl->state & FL_PREV_OK); if( csr0 & RC_RDY ) req_ans = recv_frame( dev ); csr0 = inb( ioaddr + CSR0 ); if( !(csr0 & TR_RDY) || (csr0 & RC_RDY) ) printk( KERN_ERR ""%s: internal error!\n"", dev->name ); if( req_ans || nl->tx_frameno != 0 ) send_frame( dev ); else outb( inb( ioaddr + CSR0 ) & ~TR_REQ, ioaddr + CSR0 ); } outb( inb( ioaddr + CSR0 ) | EN_INT, ioaddr + CSR0 ); #ifdef CONFIG_SBNI_MULTILINE if( nl->state & FL_SLAVE ) spin_unlock( &((struct net_local *) nl->master->priv)->lock ); #endif }",linux-2.6,,,106039029169402403806342030856559560014,0 995,CWE-399,"parse_rock_ridge_inode_internal(struct iso_directory_record *de, struct inode *inode, int regard_xa) { int symlink_len = 0; int cnt, sig; struct inode *reloc; struct rock_ridge *rr; int rootflag; struct rock_state rs; int ret = 0; if (!ISOFS_SB(inode->i_sb)->s_rock) return 0; init_rock_state(&rs, inode); setup_rock_ridge(de, inode, &rs); if (regard_xa) { rs.chr += 14; rs.len -= 14; if (rs.len < 0) rs.len = 0; } repeat: while (rs.len > 2) { rr = (struct rock_ridge *)rs.chr; if (rr->len < 3) goto out; sig = isonum_721(rs.chr); if (rock_check_overflow(&rs, sig)) goto eio; rs.chr += rr->len; rs.len -= rr->len; if (rs.len < 0) goto out; switch (sig) { #ifndef CONFIG_ZISOFS case SIG('R', 'R'): if ((rr->u.RR.flags[0] & (RR_PX | RR_TF | RR_SL | RR_CL)) == 0) goto out; break; #endif case SIG('S', 'P'): if (check_sp(rr, inode)) goto out; break; case SIG('C', 'E'): rs.cont_extent = isonum_733(rr->u.CE.extent); rs.cont_offset = isonum_733(rr->u.CE.offset); rs.cont_size = isonum_733(rr->u.CE.size); break; case SIG('E', 'R'): ISOFS_SB(inode->i_sb)->s_rock = 1; printk(KERN_DEBUG ""ISO 9660 Extensions: ""); { int p; for (p = 0; p < rr->u.ER.len_id; p++) printk(""%c"", rr->u.ER.data[p]); } printk(""\n""); break; case SIG('P', 'X'): inode->i_mode = isonum_733(rr->u.PX.mode); set_nlink(inode, isonum_733(rr->u.PX.n_links)); i_uid_write(inode, isonum_733(rr->u.PX.uid)); i_gid_write(inode, isonum_733(rr->u.PX.gid)); break; case SIG('P', 'N'): { int high, low; high = isonum_733(rr->u.PN.dev_high); low = isonum_733(rr->u.PN.dev_low); if ((low & ~0xff) && high == 0) { inode->i_rdev = MKDEV(low >> 8, low & 0xff); } else { inode->i_rdev = MKDEV(high, low); } } break; case SIG('T', 'F'): cnt = 0; if (rr->u.TF.flags & TF_CREATE) { inode->i_ctime.tv_sec = iso_date(rr->u.TF.times[cnt++].time, 0); inode->i_ctime.tv_nsec = 0; } if (rr->u.TF.flags & TF_MODIFY) { inode->i_mtime.tv_sec = iso_date(rr->u.TF.times[cnt++].time, 0); inode->i_mtime.tv_nsec = 0; } if (rr->u.TF.flags & TF_ACCESS) { inode->i_atime.tv_sec = iso_date(rr->u.TF.times[cnt++].time, 0); inode->i_atime.tv_nsec = 0; } if (rr->u.TF.flags & TF_ATTRIBUTES) { inode->i_ctime.tv_sec = iso_date(rr->u.TF.times[cnt++].time, 0); inode->i_ctime.tv_nsec = 0; } break; case SIG('S', 'L'): { int slen; struct SL_component *slp; struct SL_component *oldslp; slen = rr->len - 5; slp = &rr->u.SL.link; inode->i_size = symlink_len; while (slen > 1) { rootflag = 0; switch (slp->flags & ~1) { case 0: inode->i_size += slp->len; break; case 2: inode->i_size += 1; break; case 4: inode->i_size += 2; break; case 8: rootflag = 1; inode->i_size += 1; break; default: printk(""Symlink component flag "" ""not implemented\n""); } slen -= slp->len + 2; oldslp = slp; slp = (struct SL_component *) (((char *)slp) + slp->len + 2); if (slen < 2) { if (((rr->u.SL. flags & 1) != 0) && ((oldslp-> flags & 1) == 0)) inode->i_size += 1; break; } if (!rootflag && (oldslp->flags & 1) == 0) inode->i_size += 1; } } symlink_len = inode->i_size; break; case SIG('R', 'E'): printk(KERN_WARNING ""Attempt to read inode for "" ""relocated directory\n""); goto out; case SIG('C', 'L'): ISOFS_I(inode)->i_first_extent = isonum_733(rr->u.CL.location); reloc = isofs_iget(inode->i_sb, ISOFS_I(inode)->i_first_extent, 0); if (IS_ERR(reloc)) { ret = PTR_ERR(reloc); goto out; } inode->i_mode = reloc->i_mode; set_nlink(inode, reloc->i_nlink); inode->i_uid = reloc->i_uid; inode->i_gid = reloc->i_gid; inode->i_rdev = reloc->i_rdev; inode->i_size = reloc->i_size; inode->i_blocks = reloc->i_blocks; inode->i_atime = reloc->i_atime; inode->i_ctime = reloc->i_ctime; inode->i_mtime = reloc->i_mtime; iput(reloc); break; #ifdef CONFIG_ZISOFS case SIG('Z', 'F'): { int algo; if (ISOFS_SB(inode->i_sb)->s_nocompress) break; algo = isonum_721(rr->u.ZF.algorithm); if (algo == SIG('p', 'z')) { int block_shift = isonum_711(&rr->u.ZF.parms[1]); if (block_shift > 17) { printk(KERN_WARNING ""isofs: "" ""Can't handle ZF block "" ""size of 2^%d\n"", block_shift); } else { ISOFS_I(inode)->i_file_format = isofs_file_compressed; ISOFS_I(inode)->i_format_parm[0] = isonum_711(&rr->u.ZF.parms[0]); ISOFS_I(inode)->i_format_parm[1] = isonum_711(&rr->u.ZF.parms[1]); inode->i_size = isonum_733(rr->u.ZF. real_size); } } else { printk(KERN_WARNING ""isofs: Unknown ZF compression "" ""algorithm: %c%c\n"", rr->u.ZF.algorithm[0], rr->u.ZF.algorithm[1]); } break; } #endif default: break; } } ret = rock_continue(&rs); if (ret == 0) goto repeat; if (ret == 1) ret = 0; out: kfree(rs.buffer); return ret; eio: ret = -EIO; goto out; }",visit repo url,fs/isofs/rock.c,https://github.com/torvalds/linux,169730773672138,1 4303,CWE-129,"void __init(RBuffer *buf, r_bin_ne_obj_t *bin) { bin->header_offset = r_buf_read_le16_at (buf, 0x3c); bin->ne_header = R_NEW0 (NE_image_header); if (!bin->ne_header) { return; } bin->buf = buf; r_buf_read_at (buf, bin->header_offset, (ut8 *)bin->ne_header, sizeof (NE_image_header)); bin->alignment = 1 << bin->ne_header->FileAlnSzShftCnt; if (!bin->alignment) { bin->alignment = 1 << 9; } bin->os = __get_target_os (bin); ut16 offset = bin->ne_header->SegTableOffset + bin->header_offset; ut16 size = bin->ne_header->SegCount * sizeof (NE_image_segment_entry); bin->segment_entries = calloc (1, size); if (!bin->segment_entries) { return; } r_buf_read_at (buf, offset, (ut8 *)bin->segment_entries, size); bin->entry_table = calloc (1, bin->ne_header->EntryTableLength); r_buf_read_at (buf, (ut64)bin->header_offset + bin->ne_header->EntryTableOffset, bin->entry_table, bin->ne_header->EntryTableLength); bin->imports = r_bin_ne_get_imports (bin); __ne_get_resources (bin); }",visit repo url,libr/bin/format/ne/ne.c,https://github.com/radareorg/radare2,9471669401969,1 1481,CWE-264,"void perf_pmu_migrate_context(struct pmu *pmu, int src_cpu, int dst_cpu) { struct perf_event_context *src_ctx; struct perf_event_context *dst_ctx; struct perf_event *event, *tmp; LIST_HEAD(events); src_ctx = &per_cpu_ptr(pmu->pmu_cpu_context, src_cpu)->ctx; dst_ctx = &per_cpu_ptr(pmu->pmu_cpu_context, dst_cpu)->ctx; mutex_lock(&src_ctx->mutex); list_for_each_entry_safe(event, tmp, &src_ctx->event_list, event_entry) { perf_remove_from_context(event, false); unaccount_event_cpu(event, src_cpu); put_ctx(src_ctx); list_add(&event->migrate_entry, &events); } mutex_unlock(&src_ctx->mutex); synchronize_rcu(); mutex_lock(&dst_ctx->mutex); list_for_each_entry_safe(event, tmp, &events, migrate_entry) { list_del(&event->migrate_entry); if (event->state >= PERF_EVENT_STATE_OFF) event->state = PERF_EVENT_STATE_INACTIVE; account_event_cpu(event, dst_cpu); perf_install_in_context(dst_ctx, event, dst_cpu); get_ctx(dst_ctx); } mutex_unlock(&dst_ctx->mutex); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,85913588303762,1 5473,CWE-617,"pci_set_cfgdata8(struct pci_vdev *dev, int offset, uint8_t val) { assert(offset <= PCI_REGMAX); *(uint8_t *)(dev->cfgdata + offset) = val; }",visit repo url,devicemodel/include/pci_core.h,https://github.com/projectacrn/acrn-hypervisor,101360539999490,1 6119,CWE-190,"void ed_mul_dig(ed_t r, const ed_t p, dig_t k) { ed_t t; bn_t _k; int8_t u, naf[RLC_DIG + 1]; int l; ed_null(t); bn_null(_k); if (k == 0 || ed_is_infty(p)) { ed_set_infty(r); return; } RLC_TRY { ed_new(t); bn_new(_k); bn_set_dig(_k, k); l = RLC_DIG + 1; bn_rec_naf(naf, &l, _k, 2); ed_set_infty(t); for (int i = l - 1; i >= 0; i--) { ed_dbl(t, t); u = naf[i]; if (u > 0) { ed_add(t, t, p); } else if (u < 0) { ed_sub(t, t, p); } } ed_norm(r, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { ed_free(t); bn_free(_k); } }",visit repo url,src/ed/relic_ed_mul.c,https://github.com/relic-toolkit/relic,84882689016750,1 951,CWE-17,"pipe_write(struct kiocb *iocb, const struct iovec *_iov, unsigned long nr_segs, loff_t ppos) { struct file *filp = iocb->ki_filp; struct pipe_inode_info *pipe = filp->private_data; ssize_t ret; int do_wakeup; struct iovec *iov = (struct iovec *)_iov; size_t total_len; ssize_t chars; total_len = iov_length(iov, nr_segs); if (unlikely(total_len == 0)) return 0; do_wakeup = 0; ret = 0; __pipe_lock(pipe); if (!pipe->readers) { send_sig(SIGPIPE, current, 0); ret = -EPIPE; goto out; } chars = total_len & (PAGE_SIZE-1); if (pipe->nrbufs && chars != 0) { int lastbuf = (pipe->curbuf + pipe->nrbufs - 1) & (pipe->buffers - 1); struct pipe_buffer *buf = pipe->bufs + lastbuf; const struct pipe_buf_operations *ops = buf->ops; int offset = buf->offset + buf->len; if (ops->can_merge && offset + chars <= PAGE_SIZE) { int error, atomic = 1; void *addr; error = ops->confirm(pipe, buf); if (error) goto out; iov_fault_in_pages_read(iov, chars); redo1: if (atomic) addr = kmap_atomic(buf->page); else addr = kmap(buf->page); error = pipe_iov_copy_from_user(offset + addr, iov, chars, atomic); if (atomic) kunmap_atomic(addr); else kunmap(buf->page); ret = error; do_wakeup = 1; if (error) { if (atomic) { atomic = 0; goto redo1; } goto out; } buf->len += chars; total_len -= chars; ret = chars; if (!total_len) goto out; } } for (;;) { int bufs; if (!pipe->readers) { send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; break; } bufs = pipe->nrbufs; if (bufs < pipe->buffers) { int newbuf = (pipe->curbuf + bufs) & (pipe->buffers-1); struct pipe_buffer *buf = pipe->bufs + newbuf; struct page *page = pipe->tmp_page; char *src; int error, atomic = 1; if (!page) { page = alloc_page(GFP_HIGHUSER); if (unlikely(!page)) { ret = ret ? : -ENOMEM; break; } pipe->tmp_page = page; } do_wakeup = 1; chars = PAGE_SIZE; if (chars > total_len) chars = total_len; iov_fault_in_pages_read(iov, chars); redo2: if (atomic) src = kmap_atomic(page); else src = kmap(page); error = pipe_iov_copy_from_user(src, iov, chars, atomic); if (atomic) kunmap_atomic(src); else kunmap(page); if (unlikely(error)) { if (atomic) { atomic = 0; goto redo2; } if (!ret) ret = error; break; } ret += chars; buf->page = page; buf->ops = &anon_pipe_buf_ops; buf->offset = 0; buf->len = chars; buf->flags = 0; if (is_packetized(filp)) { buf->ops = &packet_pipe_buf_ops; buf->flags = PIPE_BUF_FLAG_PACKET; } pipe->nrbufs = ++bufs; pipe->tmp_page = NULL; total_len -= chars; if (!total_len) break; } if (bufs < pipe->buffers) continue; if (filp->f_flags & O_NONBLOCK) { if (!ret) ret = -EAGAIN; break; } if (signal_pending(current)) { if (!ret) ret = -ERESTARTSYS; break; } if (do_wakeup) { wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLRDNORM); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); do_wakeup = 0; } pipe->waiting_writers++; pipe_wait(pipe); pipe->waiting_writers--; } out: __pipe_unlock(pipe); if (do_wakeup) { wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLRDNORM); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); } if (ret > 0 && sb_start_write_trylock(file_inode(filp)->i_sb)) { int err = file_update_time(filp); if (err) ret = err; sb_end_write(file_inode(filp)->i_sb); } return ret; }",visit repo url,fs/pipe.c,https://github.com/torvalds/linux,175642234953518,1 576,[],"static int bad_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode) { return -EIO; }",linux-2.6,,,119654660210671884353020943280871295290,0 1095,['CWE-399'],"static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, sigset_t *set, struct pt_regs * regs) { struct rt_sigframe __user *frame; struct _fpstate __user *fp = NULL; int err = 0; struct task_struct *me = current; if (used_math()) { fp = get_stack(ka, regs, sizeof(struct _fpstate)); frame = (void __user *)round_down( (unsigned long)fp - sizeof(struct rt_sigframe), 16) - 8; if (!access_ok(VERIFY_WRITE, fp, sizeof(struct _fpstate))) goto give_sigsegv; if (save_i387(fp) < 0) err |= -1; } else frame = get_stack(ka, regs, sizeof(struct rt_sigframe)) - 8; if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) goto give_sigsegv; if (ka->sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, info); if (err) goto give_sigsegv; } err |= __put_user(0, &frame->uc.uc_flags); err |= __put_user(0, &frame->uc.uc_link); err |= __put_user(me->sas_ss_sp, &frame->uc.uc_stack.ss_sp); err |= __put_user(sas_ss_flags(regs->sp), &frame->uc.uc_stack.ss_flags); err |= __put_user(me->sas_ss_size, &frame->uc.uc_stack.ss_size); err |= setup_sigcontext(&frame->uc.uc_mcontext, regs, set->sig[0], me); err |= __put_user(fp, &frame->uc.uc_mcontext.fpstate); if (sizeof(*set) == 16) { __put_user(set->sig[0], &frame->uc.uc_sigmask.sig[0]); __put_user(set->sig[1], &frame->uc.uc_sigmask.sig[1]); } else err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)); if (ka->sa.sa_flags & SA_RESTORER) { err |= __put_user(ka->sa.sa_restorer, &frame->pretcode); } else { goto give_sigsegv; } if (err) goto give_sigsegv; #ifdef DEBUG_SIG printk(""%d old ip %lx old sp %lx old ax %lx\n"", current->pid,regs->ip,regs->sp,regs->ax); #endif regs->di = sig; regs->ax = 0; regs->si = (unsigned long)&frame->info; regs->dx = (unsigned long)&frame->uc; regs->ip = (unsigned long) ka->sa.sa_handler; regs->sp = (unsigned long)frame; regs->cs = __USER_CS; set_fs(USER_DS); regs->flags &= ~(X86_EFLAGS_TF | X86_EFLAGS_DF); if (test_thread_flag(TIF_SINGLESTEP)) ptrace_notify(SIGTRAP); #ifdef DEBUG_SIG printk(""SIG deliver (%s:%d): sp=%p pc=%lx ra=%p\n"", current->comm, current->pid, frame, regs->ip, frame->pretcode); #endif return 0; give_sigsegv: force_sigsegv(sig, current); return -EFAULT; }",linux-2.6,,,203114314175308613446819568229930491517,0 2262,['CWE-120'],"static int do_path_lookup(int dfd, const char *name, unsigned int flags, struct nameidata *nd) { int retval = 0; int fput_needed; struct file *file; struct fs_struct *fs = current->fs; nd->last_type = LAST_ROOT; nd->flags = flags; nd->depth = 0; if (*name=='/') { read_lock(&fs->lock); if (fs->altroot.dentry && !(nd->flags & LOOKUP_NOALT)) { nd->path = fs->altroot; path_get(&fs->altroot); read_unlock(&fs->lock); if (__emul_lookup_dentry(name,nd)) goto out; read_lock(&fs->lock); } nd->path = fs->root; path_get(&fs->root); read_unlock(&fs->lock); } else if (dfd == AT_FDCWD) { read_lock(&fs->lock); nd->path = fs->pwd; path_get(&fs->pwd); read_unlock(&fs->lock); } else { struct dentry *dentry; file = fget_light(dfd, &fput_needed); retval = -EBADF; if (!file) goto out_fail; dentry = file->f_path.dentry; retval = -ENOTDIR; if (!S_ISDIR(dentry->d_inode->i_mode)) goto fput_fail; retval = file_permission(file, MAY_EXEC); if (retval) goto fput_fail; nd->path = file->f_path; path_get(&file->f_path); fput_light(file, fput_needed); } retval = path_walk(name, nd); out: if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry && nd->path.dentry->d_inode)) audit_inode(name, nd->path.dentry); out_fail: return retval; fput_fail: fput_light(file, fput_needed); goto out_fail; }",linux-2.6,,,141647261272751337256640102970529499383,0 5901,CWE-120,"static int src_parser_trans_stage_1_2_3(const int tmp_fd, const char *src, const struct trans_config cfg) { struct parser_buf pbuf = { .f_indx = 0, .tmp_indx = 0, .f_read_size = 0 }; int write_count = 0; int src_fd; int p_state = P_STATE_CODE; src_fd = open(src, O_RDONLY); if (src_fd == -1) { fprintf(stderr, ""**Error: Could not open source file: %s.\n"", src); return -1; } while (p_buf_refill(&pbuf, src_fd) > 0) { while (PBUF_F_REMD(pbuf)) { switch (p_state) { case P_STATE_COMMENT_C: switch (PBUF_F_CHAR(pbuf)) { case '*': p_buf_push_tmp_char(&pbuf, '*'); continue; case '/': if (pbuf.tmp_indx && (PBUF_TMP_PREV_CHAR(pbuf) == '*')) { pbuf.tmp_indx--; p_state = P_STATE_CODE; } break; default: if (pbuf.tmp_indx && (PBUF_TMP_PREV_CHAR(pbuf) == '*')) pbuf.tmp_indx--; break; } pbuf.f_indx++; case P_STATE_CODE: default: switch (PBUF_F_CHAR(pbuf)) { case ' ': case '\t': if (pbuf.tmp_indx && (PBUF_TMP_PREV_CHAR(pbuf) == ' ' || PBUF_TMP_PREV_CHAR(pbuf) == '\t' || PBUF_TMP_PREV_CHAR(pbuf) == '\n')) pbuf.f_indx++; else p_buf_push_tmp_char(&pbuf, ' '); continue; case '\r': case '\n': if (pbuf.tmp_indx && (PBUF_TMP_PREV_CHAR(pbuf) == ' ' || PBUF_TMP_PREV_CHAR(pbuf) == '\t' || PBUF_TMP_PREV_CHAR(pbuf) == '\n')) { pbuf.f_indx++; } else if (pbuf.tmp_indx && (PBUF_TMP_PREV_CHAR(pbuf) == '\\')) { pbuf.tmp_indx--; pbuf.f_indx++; } else { p_buf_push_tmp_char(&pbuf, '\n'); } continue; case '\\': p_buf_push_tmp_char(&pbuf, '\\'); continue; case '/': p_buf_push_tmp_char(&pbuf, '/'); continue; case '*': if (pbuf.tmp_indx && (PBUF_TMP_PREV_CHAR(pbuf) == '/')) { pbuf.tmp_indx--; pbuf.f_indx++; p_state = P_STATE_COMMENT_C; continue; } default: break; } p_buf_write_tmp(&pbuf, tmp_fd); p_buf_write_f_char(&pbuf, tmp_fd); } } } p_buf_write_tmp(&pbuf, tmp_fd); return 0; }",visit repo url,src/src_parser.c,https://github.com/trgil/gilcc,188811279926249,1 2298,NVD-CWE-Other,"static int rds_loop_xmit(struct rds_connection *conn, struct rds_message *rm, unsigned int hdr_off, unsigned int sg, unsigned int off) { if (rm->m_inc.i_hdr.h_flags & RDS_FLAG_CONG_BITMAP) { rds_cong_map_updated(conn->c_fcong, ~(u64) 0); return sizeof(struct rds_header) + RDS_CONG_MAP_BYTES; } BUG_ON(hdr_off || sg || off); rds_inc_init(&rm->m_inc, conn, conn->c_laddr); rds_message_addref(rm); rds_recv_incoming(conn, conn->c_laddr, conn->c_faddr, &rm->m_inc, GFP_KERNEL, KM_USER0); rds_send_drop_acked(conn, be64_to_cpu(rm->m_inc.i_hdr.h_sequence), NULL); rds_inc_put(&rm->m_inc); return sizeof(struct rds_header) + be32_to_cpu(rm->m_inc.i_hdr.h_len); }",visit repo url,net/rds/loop.c,https://github.com/torvalds/linux,175710676634547,1 1553,CWE-310,"int asn1_ber_decoder(const struct asn1_decoder *decoder, void *context, const unsigned char *data, size_t datalen) { const unsigned char *machine = decoder->machine; const asn1_action_t *actions = decoder->actions; size_t machlen = decoder->machlen; enum asn1_opcode op; unsigned char tag = 0, csp = 0, jsp = 0, optag = 0, hdr = 0; const char *errmsg; size_t pc = 0, dp = 0, tdp = 0, len = 0; int ret; unsigned char flags = 0; #define FLAG_INDEFINITE_LENGTH 0x01 #define FLAG_MATCHED 0x02 #define FLAG_LAST_MATCHED 0x04 #define FLAG_CONS 0x20 #define NR_CONS_STACK 10 unsigned short cons_dp_stack[NR_CONS_STACK]; unsigned short cons_datalen_stack[NR_CONS_STACK]; unsigned char cons_hdrlen_stack[NR_CONS_STACK]; #define NR_JUMP_STACK 10 unsigned char jump_stack[NR_JUMP_STACK]; if (datalen > 65535) return -EMSGSIZE; next_op: pr_debug(""next_op: pc=\e[32m%zu\e[m/%zu dp=\e[33m%zu\e[m/%zu C=%d J=%d\n"", pc, machlen, dp, datalen, csp, jsp); if (unlikely(pc >= machlen)) goto machine_overrun_error; op = machine[pc]; if (unlikely(pc + asn1_op_lengths[op] > machlen)) goto machine_overrun_error; if (op <= ASN1_OP__MATCHES_TAG) { unsigned char tmp; if ((op & ASN1_OP_MATCH__COND && flags & FLAG_MATCHED) || dp == datalen) { flags &= ~FLAG_LAST_MATCHED; pc += asn1_op_lengths[op]; goto next_op; } flags = 0; hdr = 2; if (unlikely(dp >= datalen - 1)) goto data_overrun_error; tag = data[dp++]; if (unlikely((tag & 0x1f) == ASN1_LONG_TAG)) goto long_tag_not_supported; if (op & ASN1_OP_MATCH__ANY) { pr_debug(""- any %02x\n"", tag); } else { optag = machine[pc + 1]; flags |= optag & FLAG_CONS; tmp = optag ^ tag; tmp &= ~(optag & ASN1_CONS_BIT); pr_debug(""- match? %02x %02x %02x\n"", tag, optag, tmp); if (tmp != 0) { if (op & ASN1_OP_MATCH__SKIP) { pc += asn1_op_lengths[op]; dp--; goto next_op; } goto tag_mismatch; } } flags |= FLAG_MATCHED; len = data[dp++]; if (len > 0x7f) { if (unlikely(len == ASN1_INDEFINITE_LENGTH)) { if (unlikely(!(tag & ASN1_CONS_BIT))) goto indefinite_len_primitive; flags |= FLAG_INDEFINITE_LENGTH; if (unlikely(2 > datalen - dp)) goto data_overrun_error; } else { int n = len - 0x80; if (unlikely(n > 2)) goto length_too_long; if (unlikely(dp >= datalen - n)) goto data_overrun_error; hdr += n; for (len = 0; n > 0; n--) { len <<= 8; len |= data[dp++]; } if (unlikely(len > datalen - dp)) goto data_overrun_error; } } if (flags & FLAG_CONS) { if (unlikely(csp >= NR_CONS_STACK)) goto cons_stack_overflow; cons_dp_stack[csp] = dp; cons_hdrlen_stack[csp] = hdr; if (!(flags & FLAG_INDEFINITE_LENGTH)) { cons_datalen_stack[csp] = datalen; datalen = dp + len; } else { cons_datalen_stack[csp] = 0; } csp++; } pr_debug(""- TAG: %02x %zu%s\n"", tag, len, flags & FLAG_CONS ? "" CONS"" : """"); tdp = dp; } switch (op) { case ASN1_OP_MATCH_ANY_ACT: case ASN1_OP_COND_MATCH_ANY_ACT: ret = actions[machine[pc + 1]](context, hdr, tag, data + dp, len); if (ret < 0) return ret; goto skip_data; case ASN1_OP_MATCH_ACT: case ASN1_OP_MATCH_ACT_OR_SKIP: case ASN1_OP_COND_MATCH_ACT_OR_SKIP: ret = actions[machine[pc + 2]](context, hdr, tag, data + dp, len); if (ret < 0) return ret; goto skip_data; case ASN1_OP_MATCH: case ASN1_OP_MATCH_OR_SKIP: case ASN1_OP_MATCH_ANY: case ASN1_OP_COND_MATCH_OR_SKIP: case ASN1_OP_COND_MATCH_ANY: skip_data: if (!(flags & FLAG_CONS)) { if (flags & FLAG_INDEFINITE_LENGTH) { ret = asn1_find_indefinite_length( data, datalen, &dp, &len, &errmsg); if (ret < 0) goto error; } else { dp += len; } pr_debug(""- LEAF: %zu\n"", len); } pc += asn1_op_lengths[op]; goto next_op; case ASN1_OP_MATCH_JUMP: case ASN1_OP_MATCH_JUMP_OR_SKIP: case ASN1_OP_COND_MATCH_JUMP_OR_SKIP: pr_debug(""- MATCH_JUMP\n""); if (unlikely(jsp == NR_JUMP_STACK)) goto jump_stack_overflow; jump_stack[jsp++] = pc + asn1_op_lengths[op]; pc = machine[pc + 2]; goto next_op; case ASN1_OP_COND_FAIL: if (unlikely(!(flags & FLAG_MATCHED))) goto tag_mismatch; pc += asn1_op_lengths[op]; goto next_op; case ASN1_OP_COMPLETE: if (unlikely(jsp != 0 || csp != 0)) { pr_err(""ASN.1 decoder error: Stacks not empty at completion (%u, %u)\n"", jsp, csp); return -EBADMSG; } return 0; case ASN1_OP_END_SET: case ASN1_OP_END_SET_ACT: if (unlikely(!(flags & FLAG_MATCHED))) goto tag_mismatch; case ASN1_OP_END_SEQ: case ASN1_OP_END_SET_OF: case ASN1_OP_END_SEQ_OF: case ASN1_OP_END_SEQ_ACT: case ASN1_OP_END_SET_OF_ACT: case ASN1_OP_END_SEQ_OF_ACT: if (unlikely(csp <= 0)) goto cons_stack_underflow; csp--; tdp = cons_dp_stack[csp]; hdr = cons_hdrlen_stack[csp]; len = datalen; datalen = cons_datalen_stack[csp]; pr_debug(""- end cons t=%zu dp=%zu l=%zu/%zu\n"", tdp, dp, len, datalen); if (datalen == 0) { datalen = len; if (unlikely(datalen - dp < 2)) goto data_overrun_error; if (data[dp++] != 0) { if (op & ASN1_OP_END__OF) { dp--; csp++; pc = machine[pc + 1]; pr_debug(""- continue\n""); goto next_op; } goto missing_eoc; } if (data[dp++] != 0) goto invalid_eoc; len = dp - tdp - 2; } else { if (dp < len && (op & ASN1_OP_END__OF)) { datalen = len; csp++; pc = machine[pc + 1]; pr_debug(""- continue\n""); goto next_op; } if (dp != len) goto cons_length_error; len -= tdp; pr_debug(""- cons len l=%zu d=%zu\n"", len, dp - tdp); } if (op & ASN1_OP_END__ACT) { unsigned char act; if (op & ASN1_OP_END__OF) act = machine[pc + 2]; else act = machine[pc + 1]; ret = actions[act](context, hdr, 0, data + tdp, len); } pc += asn1_op_lengths[op]; goto next_op; case ASN1_OP_MAYBE_ACT: if (!(flags & FLAG_LAST_MATCHED)) { pc += asn1_op_lengths[op]; goto next_op; } case ASN1_OP_ACT: ret = actions[machine[pc + 1]](context, hdr, tag, data + tdp, len); if (ret < 0) return ret; pc += asn1_op_lengths[op]; goto next_op; case ASN1_OP_RETURN: if (unlikely(jsp <= 0)) goto jump_stack_underflow; pc = jump_stack[--jsp]; flags |= FLAG_MATCHED | FLAG_LAST_MATCHED; goto next_op; default: break; } pr_err(""ASN.1 decoder error: Found reserved opcode (%u) pc=%zu\n"", op, pc); return -EBADMSG; data_overrun_error: errmsg = ""Data overrun error""; goto error; machine_overrun_error: errmsg = ""Machine overrun error""; goto error; jump_stack_underflow: errmsg = ""Jump stack underflow""; goto error; jump_stack_overflow: errmsg = ""Jump stack overflow""; goto error; cons_stack_underflow: errmsg = ""Cons stack underflow""; goto error; cons_stack_overflow: errmsg = ""Cons stack overflow""; goto error; cons_length_error: errmsg = ""Cons length error""; goto error; missing_eoc: errmsg = ""Missing EOC in indefinite len cons""; goto error; invalid_eoc: errmsg = ""Invalid length EOC""; goto error; length_too_long: errmsg = ""Unsupported length""; goto error; indefinite_len_primitive: errmsg = ""Indefinite len primitive not permitted""; goto error; tag_mismatch: errmsg = ""Unexpected tag""; goto error; long_tag_not_supported: errmsg = ""Long tag not supported""; error: pr_debug(""\nASN1: %s [m=%zu d=%zu ot=%02x t=%02x l=%zu]\n"", errmsg, pc, dp, optag, tag, len); return -EBADMSG; }",visit repo url,lib/asn1_decoder.c,https://github.com/torvalds/linux,130791592890601,1 2743,['CWE-189'],"int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc, __be16 hmac_id) { struct sctp_hmac_algo_param *hmacs; __u16 n_elt; if (!asoc) return 0; hmacs = (struct sctp_hmac_algo_param *)asoc->c.auth_hmacs; n_elt = (ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t)) >> 1; return __sctp_auth_find_hmacid(hmacs->hmac_ids, n_elt, hmac_id); }",linux-2.6,,,274864844700007961047326666815937817025,0 1139,['CWE-399'],"poke_user(struct task_struct *child, addr_t addr, addr_t data) { struct user *dummy = NULL; addr_t mask; mask = __ADDR_MASK; #ifdef CONFIG_64BIT if (addr >= (addr_t) &dummy->regs.acrs && addr < (addr_t) &dummy->regs.orig_gpr2) mask = 3; #endif if ((addr & mask) || addr > sizeof(struct user) - __ADDR_MASK) return -EIO; return __poke_user(child, addr, data); }",linux-2.6,,,146100729569063226155960175221708740241,0 2271,NVD-CWE-Other,"static int ext4_writepage(struct page *page, struct writeback_control *wbc) { int ret = 0; loff_t size; unsigned int len; struct buffer_head *page_bufs; struct inode *inode = page->mapping->host; trace_ext4_writepage(inode, page); size = i_size_read(inode); if (page->index == size >> PAGE_CACHE_SHIFT) len = size & ~PAGE_CACHE_MASK; else len = PAGE_CACHE_SIZE; if (page_has_buffers(page)) { page_bufs = page_buffers(page); if (walk_page_buffers(NULL, page_bufs, 0, len, NULL, ext4_bh_delay_or_unwritten)) { redirty_page_for_writepage(wbc, page); unlock_page(page); return 0; } } else { ret = block_prepare_write(page, 0, len, noalloc_get_block_write); if (!ret) { page_bufs = page_buffers(page); if (walk_page_buffers(NULL, page_bufs, 0, len, NULL, ext4_bh_delay_or_unwritten)) { redirty_page_for_writepage(wbc, page); unlock_page(page); return 0; } } else { redirty_page_for_writepage(wbc, page); unlock_page(page); return 0; } block_commit_write(page, 0, len); } if (PageChecked(page) && ext4_should_journal_data(inode)) { ClearPageChecked(page); return __ext4_journalled_writepage(page, len); } if (test_opt(inode->i_sb, NOBH) && ext4_should_writeback_data(inode)) ret = nobh_writepage(page, noalloc_get_block_write, wbc); else ret = block_write_full_page(page, noalloc_get_block_write, wbc); return ret; }",visit repo url,fs/ext4/inode.c,https://github.com/torvalds/linux,192831169747080,1 1707,CWE-19,"ext4_xattr_block_set(handle_t *handle, struct inode *inode, struct ext4_xattr_info *i, struct ext4_xattr_block_find *bs) { struct super_block *sb = inode->i_sb; struct buffer_head *new_bh = NULL; struct ext4_xattr_search *s = &bs->s; struct mb_cache_entry *ce = NULL; int error = 0; struct mb_cache *ext4_mb_cache = EXT4_GET_MB_CACHE(inode); #define header(x) ((struct ext4_xattr_header *)(x)) if (i->value && i->value_len > sb->s_blocksize) return -ENOSPC; if (s->base) { ce = mb_cache_entry_get(ext4_mb_cache, bs->bh->b_bdev, bs->bh->b_blocknr); BUFFER_TRACE(bs->bh, ""get_write_access""); error = ext4_journal_get_write_access(handle, bs->bh); if (error) goto cleanup; lock_buffer(bs->bh); if (header(s->base)->h_refcount == cpu_to_le32(1)) { if (ce) { mb_cache_entry_free(ce); ce = NULL; } ea_bdebug(bs->bh, ""modifying in-place""); error = ext4_xattr_set_entry(i, s); if (!error) { if (!IS_LAST_ENTRY(s->first)) ext4_xattr_rehash(header(s->base), s->here); ext4_xattr_cache_insert(ext4_mb_cache, bs->bh); } unlock_buffer(bs->bh); if (error == -EFSCORRUPTED) goto bad_block; if (!error) error = ext4_handle_dirty_xattr_block(handle, inode, bs->bh); if (error) goto cleanup; goto inserted; } else { int offset = (char *)s->here - bs->bh->b_data; unlock_buffer(bs->bh); if (ce) { mb_cache_entry_release(ce); ce = NULL; } ea_bdebug(bs->bh, ""cloning""); s->base = kmalloc(bs->bh->b_size, GFP_NOFS); error = -ENOMEM; if (s->base == NULL) goto cleanup; memcpy(s->base, BHDR(bs->bh), bs->bh->b_size); s->first = ENTRY(header(s->base)+1); header(s->base)->h_refcount = cpu_to_le32(1); s->here = ENTRY(s->base + offset); s->end = s->base + bs->bh->b_size; } } else { s->base = kzalloc(sb->s_blocksize, GFP_NOFS); error = -ENOMEM; if (s->base == NULL) goto cleanup; header(s->base)->h_magic = cpu_to_le32(EXT4_XATTR_MAGIC); header(s->base)->h_blocks = cpu_to_le32(1); header(s->base)->h_refcount = cpu_to_le32(1); s->first = ENTRY(header(s->base)+1); s->here = ENTRY(header(s->base)+1); s->end = s->base + sb->s_blocksize; } error = ext4_xattr_set_entry(i, s); if (error == -EFSCORRUPTED) goto bad_block; if (error) goto cleanup; if (!IS_LAST_ENTRY(s->first)) ext4_xattr_rehash(header(s->base), s->here); inserted: if (!IS_LAST_ENTRY(s->first)) { new_bh = ext4_xattr_cache_find(inode, header(s->base), &ce); if (new_bh) { if (new_bh == bs->bh) ea_bdebug(new_bh, ""keeping""); else { error = dquot_alloc_block(inode, EXT4_C2B(EXT4_SB(sb), 1)); if (error) goto cleanup; BUFFER_TRACE(new_bh, ""get_write_access""); error = ext4_journal_get_write_access(handle, new_bh); if (error) goto cleanup_dquot; lock_buffer(new_bh); le32_add_cpu(&BHDR(new_bh)->h_refcount, 1); ea_bdebug(new_bh, ""reusing; refcount now=%d"", le32_to_cpu(BHDR(new_bh)->h_refcount)); unlock_buffer(new_bh); error = ext4_handle_dirty_xattr_block(handle, inode, new_bh); if (error) goto cleanup_dquot; } mb_cache_entry_release(ce); ce = NULL; } else if (bs->bh && s->base == bs->bh->b_data) { ea_bdebug(bs->bh, ""keeping this block""); new_bh = bs->bh; get_bh(new_bh); } else { ext4_fsblk_t goal, block; goal = ext4_group_first_block_no(sb, EXT4_I(inode)->i_block_group); if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) goal = goal & EXT4_MAX_BLOCK_FILE_PHYS; block = ext4_new_meta_blocks(handle, inode, goal, 0, NULL, &error); if (error) goto cleanup; if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) BUG_ON(block > EXT4_MAX_BLOCK_FILE_PHYS); ea_idebug(inode, ""creating block %llu"", (unsigned long long)block); new_bh = sb_getblk(sb, block); if (unlikely(!new_bh)) { error = -ENOMEM; getblk_failed: ext4_free_blocks(handle, inode, NULL, block, 1, EXT4_FREE_BLOCKS_METADATA); goto cleanup; } lock_buffer(new_bh); error = ext4_journal_get_create_access(handle, new_bh); if (error) { unlock_buffer(new_bh); error = -EIO; goto getblk_failed; } memcpy(new_bh->b_data, s->base, new_bh->b_size); set_buffer_uptodate(new_bh); unlock_buffer(new_bh); ext4_xattr_cache_insert(ext4_mb_cache, new_bh); error = ext4_handle_dirty_xattr_block(handle, inode, new_bh); if (error) goto cleanup; } } EXT4_I(inode)->i_file_acl = new_bh ? new_bh->b_blocknr : 0; if (bs->bh && bs->bh != new_bh) ext4_xattr_release_block(handle, inode, bs->bh); error = 0; cleanup: if (ce) mb_cache_entry_release(ce); brelse(new_bh); if (!(bs->bh && s->base == bs->bh->b_data)) kfree(s->base); return error; cleanup_dquot: dquot_free_block(inode, EXT4_C2B(EXT4_SB(sb), 1)); goto cleanup; bad_block: EXT4_ERROR_INODE(inode, ""bad block %llu"", EXT4_I(inode)->i_file_acl); goto cleanup; #undef header }",visit repo url,fs/ext4/xattr.c,https://github.com/torvalds/linux,176810801954384,1 2254,CWE-362,"static int __init ipip_init(void) { int err; printk(banner); if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) { printk(KERN_INFO ""ipip init: can't register tunnel\n""); return -EAGAIN; } err = register_pernet_device(&ipip_net_ops); if (err) xfrm4_tunnel_deregister(&ipip_handler, AF_INET); return err; }",visit repo url,net/ipv4/ipip.c,https://github.com/torvalds/linux,102198079329375,1 2254,[],"void syscall_init(void) { wrmsrl(MSR_STAR, ((u64)__USER32_CS)<<48 | ((u64)__KERNEL_CS)<<32); wrmsrl(MSR_LSTAR, system_call); #ifdef CONFIG_IA32_EMULATION syscall32_cpu_init (); #endif wrmsrl(MSR_SYSCALL_MASK, EF_TF|EF_DF|EF_IE|0x3000); }",linux-2.6,,,119220765239404942207081919597758625132,0 464,[],"pfm_context_unload(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { struct task_struct *task = PFM_CTX_TASK(ctx); struct pt_regs *tregs; int prev_state, is_system; int ret; DPRINT((""ctx_state=%d task [%d]\n"", ctx->ctx_state, task ? task->pid : -1)); prev_state = ctx->ctx_state; is_system = ctx->ctx_fl_system; if (prev_state == PFM_CTX_UNLOADED) { DPRINT((""ctx_state=%d, nothing to do\n"", prev_state)); return 0; } ret = pfm_stop(ctx, NULL, 0, regs); if (ret) return ret; ctx->ctx_state = PFM_CTX_UNLOADED; if (is_system) { PFM_CPUINFO_CLEAR(PFM_CPUINFO_SYST_WIDE); PFM_CPUINFO_CLEAR(PFM_CPUINFO_EXCL_IDLE); pfm_flush_pmds(current, ctx); if (prev_state != PFM_CTX_ZOMBIE) pfm_unreserve_session(ctx, 1 , ctx->ctx_cpu); task->thread.pfm_context = NULL; ctx->ctx_task = NULL; return 0; } tregs = task == current ? regs : task_pt_regs(task); if (task == current) { ia64_psr(regs)->sp = 1; DPRINT((""setting psr.sp for [%d]\n"", task->pid)); } pfm_flush_pmds(task, ctx); if (prev_state != PFM_CTX_ZOMBIE) pfm_unreserve_session(ctx, 0 , ctx->ctx_cpu); ctx->ctx_last_activation = PFM_INVALID_ACTIVATION; SET_LAST_CPU(ctx, -1); task->thread.flags &= ~IA64_THREAD_PM_VALID; task->thread.pfm_context = NULL; ctx->ctx_task = NULL; PFM_SET_WORK_PENDING(task, 0); ctx->ctx_fl_trap_reason = PFM_TRAP_REASON_NONE; ctx->ctx_fl_can_restart = 0; ctx->ctx_fl_going_zombie = 0; DPRINT((""disconnected [%d] from context\n"", task->pid)); return 0; }",linux-2.6,,,137585945381908079647535544371524949152,0 1295,CWE-264,"static int linear_ioctl(struct dm_target *ti, unsigned int cmd, unsigned long arg) { struct linear_c *lc = (struct linear_c *) ti->private; return __blkdev_driver_ioctl(lc->dev->bdev, lc->dev->mode, cmd, arg); }",visit repo url,drivers/md/dm-linear.c,https://github.com/torvalds/linux,18105529249552,1 4667,CWE-125,"GF_Err urn_Read(GF_Box *s, GF_BitStream *bs) { u32 i, to_read; char *tmpName; GF_DataEntryURNBox *ptr = (GF_DataEntryURNBox *)s; if (! ptr->size ) return GF_OK; to_read = (u32) ptr->size; tmpName = (char*)gf_malloc(sizeof(char) * to_read); if (!tmpName) return GF_OUT_OF_MEM; gf_bs_read_data(bs, tmpName, to_read); i = 0; while ( (tmpName[i] != 0) && (i < to_read) ) { i++; } if (i == to_read) { gf_free(tmpName); return GF_ISOM_INVALID_FILE; } if (i == to_read - 1) { ptr->nameURN = tmpName; ptr->location = NULL; return GF_OK; } ptr->nameURN = (char*)gf_malloc(sizeof(char) * (i+1)); if (!ptr->nameURN) { gf_free(tmpName); return GF_OUT_OF_MEM; } ptr->location = (char*)gf_malloc(sizeof(char) * (to_read - i - 1)); if (!ptr->location) { gf_free(tmpName); gf_free(ptr->nameURN); ptr->nameURN = NULL; return GF_OUT_OF_MEM; } memcpy(ptr->nameURN, tmpName, i + 1); memcpy(ptr->location, tmpName + i + 1, (to_read - i - 1)); gf_free(tmpName); return GF_OK; }",visit repo url,src/isomedia/box_code_base.c,https://github.com/gpac/gpac,264400446087643,1 3449,['CWE-20'],"_dbus_validate_error_name (const DBusString *str, int start, int len) { return _dbus_validate_interface (str, start, len); }",dbus,,,46593973422231075435786327943305903923,0 2077,CWE-190,"static int uvesafb_setcmap(struct fb_cmap *cmap, struct fb_info *info) { struct uvesafb_pal_entry *entries; int shift = 16 - dac_width; int i, err = 0; if (info->var.bits_per_pixel == 8) { if (cmap->start + cmap->len > info->cmap.start + info->cmap.len || cmap->start < info->cmap.start) return -EINVAL; entries = kmalloc(sizeof(*entries) * cmap->len, GFP_KERNEL); if (!entries) return -ENOMEM; for (i = 0; i < cmap->len; i++) { entries[i].red = cmap->red[i] >> shift; entries[i].green = cmap->green[i] >> shift; entries[i].blue = cmap->blue[i] >> shift; entries[i].pad = 0; } err = uvesafb_setpalette(entries, cmap->len, cmap->start, info); kfree(entries); } else { for (i = 0; i < cmap->len; i++) { err |= uvesafb_setcolreg(cmap->start + i, cmap->red[i], cmap->green[i], cmap->blue[i], 0, info); } } return err; }",visit repo url,drivers/video/fbdev/uvesafb.c,https://github.com/torvalds/linux,178648137731685,1 4829,['CWE-189'],"void ecryptfs_destroy_mount_crypt_stat( struct ecryptfs_mount_crypt_stat *mount_crypt_stat) { struct ecryptfs_global_auth_tok *auth_tok, *auth_tok_tmp; if (!(mount_crypt_stat->flags & ECRYPTFS_MOUNT_CRYPT_STAT_INITIALIZED)) return; mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); list_for_each_entry_safe(auth_tok, auth_tok_tmp, &mount_crypt_stat->global_auth_tok_list, mount_crypt_stat_list) { list_del(&auth_tok->mount_crypt_stat_list); mount_crypt_stat->num_global_auth_toks--; if (auth_tok->global_auth_tok_key && !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID)) key_put(auth_tok->global_auth_tok_key); kmem_cache_free(ecryptfs_global_auth_tok_cache, auth_tok); } mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); memset(mount_crypt_stat, 0, sizeof(struct ecryptfs_mount_crypt_stat)); }",linux-2.6,,,232275297623219748301028015672144153091,0 3238,CWE-125,"lldp_mgmt_addr_tlv_print(netdissect_options *ndo, const u_char *pptr, u_int len) { uint8_t mgmt_addr_len, intf_num_subtype, oid_len; const u_char *tptr; u_int tlen; char *mgmt_addr; tlen = len; tptr = pptr; if (tlen < 1) { return 0; } mgmt_addr_len = *tptr++; tlen--; if (tlen < mgmt_addr_len) { return 0; } mgmt_addr = lldp_network_addr_print(ndo, tptr, mgmt_addr_len); if (mgmt_addr == NULL) { return 0; } ND_PRINT((ndo, ""\n\t Management Address length %u, %s"", mgmt_addr_len, mgmt_addr)); tptr += mgmt_addr_len; tlen -= mgmt_addr_len; if (tlen < LLDP_INTF_NUM_LEN) { return 0; } intf_num_subtype = *tptr; ND_PRINT((ndo, ""\n\t %s Interface Numbering (%u): %u"", tok2str(lldp_intf_numb_subtype_values, ""Unknown"", intf_num_subtype), intf_num_subtype, EXTRACT_32BITS(tptr + 1))); tptr += LLDP_INTF_NUM_LEN; tlen -= LLDP_INTF_NUM_LEN; if (tlen) { oid_len = *tptr; if (tlen < oid_len) { return 0; } if (oid_len) { ND_PRINT((ndo, ""\n\t OID length %u"", oid_len)); safeputs(ndo, tptr + 1, oid_len); } } return 1; }",visit repo url,print-lldp.c,https://github.com/the-tcpdump-group/tcpdump,60079286035195,1 1377,[],"is_same_group(struct sched_entity *se, struct sched_entity *pse) { if (se->cfs_rq == pse->cfs_rq) return 1; return 0; }",linux-2.6,,,217964367415398447308993808024474065519,0 1832,CWE-367,"int nfc_deactivate_target(struct nfc_dev *dev, u32 target_idx, u8 mode) { int rc = 0; pr_debug(""dev_name=%s target_idx=%u\n"", dev_name(&dev->dev), target_idx); device_lock(&dev->dev); if (!device_is_registered(&dev->dev)) { rc = -ENODEV; goto error; } if (dev->active_target == NULL) { rc = -ENOTCONN; goto error; } if (dev->active_target->idx != target_idx) { rc = -ENOTCONN; goto error; } if (dev->ops->check_presence) del_timer_sync(&dev->check_pres_timer); dev->ops->deactivate_target(dev, dev->active_target, mode); dev->active_target = NULL; error: device_unlock(&dev->dev); return rc; }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,81896899679152,1 3365,CWE-119,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { const char *option; float *chromaticity, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status; MagickBooleanType status; MagickSizeType number_pixels; QuantumInfo *quantum_info; QuantumType quantum_type; register ssize_t i; size_t pad; ssize_t y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag, bits_per_sample, endian, extra_samples, interlace, max_sample_value, min_sample_value, orientation, pages, photometric, *sample_info, sample_format, samples_per_pixel, units, value; uint32 height, rows_per_strip, width; unsigned char *pixels; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info,exception); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t) TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } do { DisableMSCWarning(4127) if (0 && (image_info->verbose != MagickFalse)) TIFFPrintDirectory(tiff,stdout,MagickFalse); RestoreMSCWarning if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point"", exception); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black"", exception); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white"", exception); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette"",exception); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB"",exception); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB"",exception); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)"", exception); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV"",exception); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK"",exception); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated"",exception); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR"",exception); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown"",exception); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"", exception)); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb"",exception); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb"",exception); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) SetImageColorspace(image,GRAYColorspace,exception); if (photometric == PHOTOMETRIC_SEPARATED) SetImageColorspace(image,CMYKColorspace,exception); if (photometric == PHOTOMETRIC_CIELAB) SetImageColorspace(image,LabColorspace,exception); TIFFGetProfiles(tiff,image,image_info->ping,exception); TIFFGetProperties(tiff,image,exception); option=GetImageOption(image_info,""tiff:exif-properties""); if (IsStringFalse(option) == MagickFalse) TIFFGetEXIFProperties(tiff,image,exception); (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL, &samples_per_pixel); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution) == 1)) { image->resolution.x=x_resolution; image->resolution.y=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position) == 1)) { image->page.x=(ssize_t) ceil(x_position*image->resolution.x-0.5); image->page.y=(ssize_t) ceil(y_position*image->resolution.y-0.5); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MagickPathExtent]; int tiff_status; uint16 horizontal, vertical; tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_YCBCRSUBSAMPLING, &horizontal,&vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MagickPathExtent, ""%dx%d"",horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor,exception); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; default: image->compression=RLECompression; break; } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) { TIFFClose(tiff); quantum_info=DestroyQuantumInfo(quantum_info); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified"",exception); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->alpha_trait=BlendPixelTrait; } else for (i=0; i < extra_samples; i++) { image->alpha_trait=BlendPixelTrait; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated"", exception); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) (void) SetImageProperty(image,""tiff:alpha"",""unassociated"", exception); } } if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors,exception) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } value=(unsigned short) image->scene; if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages) == 1) image->scene=value; if (image->storage_class == PseudoClass) { int tiff_status; size_t range; uint16 *blue_colormap, *green_colormap, *red_colormap; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } if (image->alpha_trait == UndefinedPixelTrait) image->depth=GetImageDepth(image,exception); } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) { quantum_info=DestroyQuantumInfo(quantum_info); break; } goto next_tiff_frame; } method=ReadGenericMethod; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char value[MagickPathExtent]; method=ReadStripMethod; (void) FormatLocaleString(value,MagickPathExtent,""%u"", (unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",value,exception); } if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_CONTIG)) method=ReadRGBAMethod; if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_SEPARATE)) method=ReadCMYKAMethod; if ((photometric != PHOTOMETRIC_RGB) && (photometric != PHOTOMETRIC_CIELAB) && (photometric != PHOTOMETRIC_SEPARATED)) method=ReadGenericMethod; if (image->storage_class == PseudoClass) method=ReadSingleSampleMethod; if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) method=ReadSingleSampleMethod; if ((photometric != PHOTOMETRIC_SEPARATED) && (interlace == PLANARCONFIG_SEPARATE) && (bits_per_sample < 64)) method=ReadGenericMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); if (compress_tag == COMPRESSION_JBIG) method=ReadStripMethod; if (TIFFIsTiled(tiff) != MagickFalse) method=ReadTileMethod; quantum_info->endian=LSBEndian; quantum_type=RGBQuantum; pixels=(unsigned char *) GetQuantumPixels(quantum_info); switch (method) { case ReadSingleSampleMethod: { quantum_type=IndexQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-1,0); if (image->alpha_trait != UndefinedPixelTrait) { if (image->storage_class != PseudoClass) { quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-2,0); } else { quantum_type=IndexAlphaQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-2,0); } } else if (image->storage_class != PseudoClass) { quantum_type=GrayQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-1,0); } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadRGBAMethod: { pad=(size_t) MagickMax((size_t) samples_per_pixel-3,0); quantum_type=RGBQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); } if (image->colorspace == CMYKColorspace) { pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); quantum_type=CMYKQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadCMYKAMethod: { for (i=0; i < (ssize_t) samples_per_pixel; i++) { for (y=0; y < (ssize_t) image->rows; y++) { register Quantum *magick_restrict q; int status; status=TIFFReadPixels(tiff,bits_per_sample,(tsample_t) i,y,(char *) pixels); if (status == -1) break; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; if (image->colorspace != CMYKColorspace) switch (i) { case 0: quantum_type=RedQuantum; break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: quantum_type=AlphaQuantum; break; default: quantum_type=UndefinedQuantum; break; } else switch (i) { case 0: quantum_type=CyanQuantum; break; case 1: quantum_type=MagentaQuantum; break; case 2: quantum_type=YellowQuantum; break; case 3: quantum_type=BlackQuantum; break; case 4: quantum_type=AlphaQuantum; break; default: quantum_type=UndefinedQuantum; break; } (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadYCCKMethod: { pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; register ssize_t x; unsigned char *p; status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456)),q); SetPixelMagenta(image,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984)),q); SetPixelYellow(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816)),q); SetPixelBlack(image,ScaleCharToQuantum((unsigned char) *(p+3)),q); q+=GetPixelChannels(image); p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { register uint32 *p; i=0; p=(uint32 *) NULL; for (y=0; y < (ssize_t) image->rows; y++) { register ssize_t x; register Quantum *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; if (i == 0) { if (TIFFReadRGBAStrip(tiff,(tstrip_t) y,(uint32 *) pixels) == 0) break; i=(ssize_t) MagickMin((ssize_t) rows_per_strip,(ssize_t) image->rows-y); } i--; p=((uint32 *) pixels)+image->columns*i; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) (TIFFGetR(*p))),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) (TIFFGetG(*p))),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) (TIFFGetB(*p))),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) (TIFFGetA(*p))),q); p++; q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadTileMethod: { register uint32 *p; uint32 *tile_pixels, columns, rows; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) { TIFFClose(tiff); ThrowReaderException(CoderError,""ImageIsNotTiled""); } (void) SetImageStorageClass(image,DirectClass,exception); number_pixels=(MagickSizeType) columns*rows; if ((number_pixels*sizeof(uint32)) != (MagickSizeType) ((size_t) (number_pixels*sizeof(uint32)))) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } tile_pixels=(uint32 *) AcquireQuantumMemory(columns, rows*sizeof(*tile_pixels)); if (tile_pixels == (uint32 *) NULL) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } for (y=0; y < (ssize_t) image->rows; y+=rows) { register ssize_t x; register Quantum *magick_restrict q, *magick_restrict tile; size_t columns_remaining, rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; tile=QueueAuthenticPixels(image,0,y,image->columns,rows_remaining, exception); if (tile == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t column, row; if (TIFFReadRGBATile(tiff,(uint32) x,(uint32) y,tile_pixels) == 0) break; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; p=tile_pixels+(rows-rows_remaining)*columns; q=tile+GetPixelChannels(image)*(image->columns*(rows_remaining-1)+ x); for (row=rows_remaining; row > 0; row--) { if (image->alpha_trait != UndefinedPixelTrait) for (column=columns_remaining; column > 0; column--) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) TIFFGetA(*p)),q); p++; q+=GetPixelChannels(image); } else for (column=columns_remaining; column > 0; column--) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); p++; q+=GetPixelChannels(image); } p+=columns-columns_remaining; q-=GetPixelChannels(image)*(image->columns+columns_remaining); } } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } tile_pixels=(uint32 *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *pixel_info; register uint32 *p; uint32 *pixels; number_pixels=(MagickSizeType) image->columns*image->rows; if ((number_pixels*sizeof(uint32)) != (MagickSizeType) ((size_t) (number_pixels*sizeof(uint32)))) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixel_info=AcquireVirtualMemory(image->columns,image->rows* sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixels=(uint32 *) GetVirtualMemoryBlob(pixel_info); (void) TIFFReadRGBAImage(tiff,(uint32) image->columns, (uint32) image->rows,(uint32 *) pixels,0); p=pixels+number_pixels-1; for (y=0; y < (ssize_t) image->rows; y++) { register ssize_t x; register Quantum *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; q+=GetPixelChannels(image)*(image->columns-1); for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) TIFFGetA(*p)),q); p--; q-=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } pixel_info=RelinquishVirtualMemory(pixel_info); break; } } SetQuantumImageType(image,quantum_type); next_tiff_frame: quantum_info=DestroyQuantumInfo(quantum_info); if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status != MagickFalse) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while (status != MagickFalse); TIFFClose(tiff); TIFFReadPhotoshopLayers(image,image_info,exception); if (image_info->number_scenes != 0) { if (image_info->scene >= GetImageListLength(image)) { image=DestroyImageList(image); return((Image *)NULL); } } return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,281381581119411,1 3298,CWE-706,"static int checkout_verify_paths( git_repository *repo, int action, git_diff_delta *delta) { unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS; if (action & CHECKOUT_ACTION__REMOVE) { if (!git_path_isvalid(repo, delta->old_file.path, delta->old_file.mode, flags)) { git_error_set(GIT_ERROR_CHECKOUT, ""cannot remove invalid path '%s'"", delta->old_file.path); return -1; } } if (action & ~CHECKOUT_ACTION__REMOVE) { if (!git_path_isvalid(repo, delta->new_file.path, delta->new_file.mode, flags)) { git_error_set(GIT_ERROR_CHECKOUT, ""cannot checkout to invalid path '%s'"", delta->new_file.path); return -1; } } return 0; }",visit repo url,src/checkout.c,https://github.com/libgit2/libgit2,233597848302249,1 5111,['CWE-20'],"static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr) { int ret; struct kvm_userspace_memory_region tss_mem = { .slot = TSS_PRIVATE_MEMSLOT, .guest_phys_addr = addr, .memory_size = PAGE_SIZE * 3, .flags = 0, }; ret = kvm_set_memory_region(kvm, &tss_mem, 0); if (ret) return ret; kvm->arch.tss_addr = addr; return 0; }",linux-2.6,,,109185364792840118897675856683596787566,0 5575,[],"static int __dequeue_signal(struct sigpending *pending, sigset_t *mask, siginfo_t *info) { int sig = next_signal(pending, mask); if (sig) { if (current->notifier) { if (sigismember(current->notifier_mask, sig)) { if (!(current->notifier)(current->notifier_data)) { clear_thread_flag(TIF_SIGPENDING); return 0; } } } collect_signal(sig, pending, info); } return sig; }",linux-2.6,,,309803577992538838735466247254349822385,0 2165,['CWE-400'],"static int shmem_xattr_security_get(struct inode *inode, const char *name, void *buffer, size_t size) { if (strcmp(name, """") == 0) return -EINVAL; return xattr_getsecurity(inode, name, buffer, size); }",linux-2.6,,,4799514599434600003328206064040485812,0 2327,CWE-20,"static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, const char *mycert, const char *mypkey, const char *cafile, const char *capath, gboolean verify) { GIOSSLChannel *chan; GIOChannel *gchan; int fd; SSL *ssl; SSL_CTX *ctx = NULL; g_return_val_if_fail(handle != NULL, NULL); if(!ssl_ctx && !irssi_ssl_init()) return NULL; if(!(fd = g_io_channel_unix_get_fd(handle))) return NULL; if (mycert && *mycert) { char *scert = NULL, *spkey = NULL; if ((ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { g_error(""Could not allocate memory for SSL context""); return NULL; } scert = convert_home(mycert); if (mypkey && *mypkey) spkey = convert_home(mypkey); if (! SSL_CTX_use_certificate_file(ctx, scert, SSL_FILETYPE_PEM)) g_warning(""Loading of client certificate '%s' failed"", mycert); else if (! SSL_CTX_use_PrivateKey_file(ctx, spkey ? spkey : scert, SSL_FILETYPE_PEM)) g_warning(""Loading of private key '%s' failed"", mypkey ? mypkey : mycert); else if (! SSL_CTX_check_private_key(ctx)) g_warning(""Private key does not match the certificate""); g_free(scert); g_free(spkey); } if ((cafile && *cafile) || (capath && *capath)) { char *scafile = NULL; char *scapath = NULL; if (! ctx && (ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { g_error(""Could not allocate memory for SSL context""); return NULL; } if (cafile && *cafile) scafile = convert_home(cafile); if (capath && *capath) scapath = convert_home(capath); if (! SSL_CTX_load_verify_locations(ctx, scafile, scapath)) { g_warning(""Could not load CA list for verifying SSL server certificate""); g_free(scafile); g_free(scapath); SSL_CTX_free(ctx); return NULL; } g_free(scafile); g_free(scapath); verify = TRUE; } if (ctx == NULL) ctx = ssl_ctx; if(!(ssl = SSL_new(ctx))) { g_warning(""Failed to allocate SSL structure""); return NULL; } if(!SSL_set_fd(ssl, fd)) { g_warning(""Failed to associate socket to SSL stream""); SSL_free(ssl); if (ctx != ssl_ctx) SSL_CTX_free(ctx); return NULL; } SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); chan = g_new0(GIOSSLChannel, 1); chan->fd = fd; chan->giochan = handle; chan->ssl = ssl; chan->ctx = ctx; chan->verify = verify; gchan = (GIOChannel *)chan; gchan->funcs = &irssi_ssl_channel_funcs; g_io_channel_init(gchan); gchan->is_readable = gchan->is_writeable = TRUE; gchan->use_buffer = FALSE; return gchan; }",visit repo url,src/core/network-openssl.c,https://github.com/ensc/irssi-proxy,83791343726816,1 2681,[],"SCTP_STATIC void sctp_shutdown(struct sock *sk, int how) { struct sctp_endpoint *ep; struct sctp_association *asoc; if (!sctp_style(sk, TCP)) return; if (how & SEND_SHUTDOWN) { ep = sctp_sk(sk)->ep; if (!list_empty(&ep->asocs)) { asoc = list_entry(ep->asocs.next, struct sctp_association, asocs); sctp_primitive_SHUTDOWN(asoc, NULL); } } }",linux-2.6,,,159940138847016952068447455419413555334,0 6674,CWE-787,"TIFFReadDirectory(TIFF* tif) { static const char module[] = ""TIFFReadDirectory""; int n; TIFFDirectory* td; TIFFDirEntry *dp, *dir = NULL; uint16 iv; uint32 v; const TIFFFieldInfo* fip; size_t fix; uint16 dircount; int diroutoforderwarning = 0, compressionknown = 0; int haveunknowntags = 0; tif->tif_diroff = tif->tif_nextdiroff; if (!TIFFCheckDirOffset(tif, tif->tif_nextdiroff)) return 0; (*tif->tif_cleanup)(tif); tif->tif_curdir++; dircount = TIFFFetchDirectory(tif, tif->tif_nextdiroff, &dir, &tif->tif_nextdiroff); if (!dircount) { TIFFErrorExt(tif->tif_clientdata, module, ""%s: Failed to read directory at offset %u"", tif->tif_name, tif->tif_nextdiroff); return 0; } tif->tif_flags &= ~TIFF_BEENWRITING; td = &tif->tif_dir; TIFFFreeDirectory(tif); TIFFDefaultDirectory(tif); TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); for (dp = dir, n = dircount; n > 0; n--, dp++) { if (tif->tif_flags & TIFF_SWAB) { TIFFSwabArrayOfShort(&dp->tdir_tag, 2); TIFFSwabArrayOfLong(&dp->tdir_count, 2); } if (dp->tdir_tag == TIFFTAG_SAMPLESPERPIXEL) { if (!TIFFFetchNormalTag(tif, dp)) goto bad; dp->tdir_tag = IGNORE; } } fix = 0; for (dp = dir, n = dircount; n > 0; n--, dp++) { if (dp->tdir_tag == IGNORE) continue; if (fix >= tif->tif_nfields) fix = 0; if (dp->tdir_tag < tif->tif_fieldinfo[fix]->field_tag) { if (!diroutoforderwarning) { TIFFWarningExt(tif->tif_clientdata, module, ""%s: invalid TIFF directory; tags are not sorted in ascending order"", tif->tif_name); diroutoforderwarning = 1; } fix = 0; } while (fix < tif->tif_nfields && tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag) fix++; if (fix >= tif->tif_nfields || tif->tif_fieldinfo[fix]->field_tag != dp->tdir_tag) { haveunknowntags = 1; continue; } if (tif->tif_fieldinfo[fix]->field_bit == FIELD_IGNORE) { ignore: dp->tdir_tag = IGNORE; continue; } fip = tif->tif_fieldinfo[fix]; while (dp->tdir_type != (unsigned short) fip->field_type && fix < tif->tif_nfields) { if (fip->field_type == TIFF_ANY) break; fip = tif->tif_fieldinfo[++fix]; if (fix >= tif->tif_nfields || fip->field_tag != dp->tdir_tag) { TIFFWarningExt(tif->tif_clientdata, module, ""%s: wrong data type %d for \""%s\""; tag ignored"", tif->tif_name, dp->tdir_type, tif->tif_fieldinfo[fix-1]->field_name); goto ignore; } } if (fip->field_readcount != TIFF_VARIABLE && fip->field_readcount != TIFF_VARIABLE2) { uint32 expected = (fip->field_readcount == TIFF_SPP) ? (uint32) td->td_samplesperpixel : (uint32) fip->field_readcount; if (!CheckDirCount(tif, dp, expected)) goto ignore; } switch (dp->tdir_tag) { case TIFFTAG_COMPRESSION: if (dp->tdir_count == 1) { v = TIFFExtractData(tif, dp->tdir_type, dp->tdir_offset); if (!TIFFSetField(tif, dp->tdir_tag, (uint16)v)) goto bad; else compressionknown = 1; break; } else if (dp->tdir_type == TIFF_LONG) { if (!TIFFFetchPerSampleLongs(tif, dp, &v) || !TIFFSetField(tif, dp->tdir_tag, (uint16)v)) goto bad; } else { if (!TIFFFetchPerSampleShorts(tif, dp, &iv) || !TIFFSetField(tif, dp->tdir_tag, iv)) goto bad; } dp->tdir_tag = IGNORE; break; case TIFFTAG_STRIPOFFSETS: case TIFFTAG_STRIPBYTECOUNTS: case TIFFTAG_TILEOFFSETS: case TIFFTAG_TILEBYTECOUNTS: TIFFSetFieldBit(tif, fip->field_bit); break; case TIFFTAG_IMAGEWIDTH: case TIFFTAG_IMAGELENGTH: case TIFFTAG_IMAGEDEPTH: case TIFFTAG_TILELENGTH: case TIFFTAG_TILEWIDTH: case TIFFTAG_TILEDEPTH: case TIFFTAG_PLANARCONFIG: case TIFFTAG_ROWSPERSTRIP: case TIFFTAG_EXTRASAMPLES: if (!TIFFFetchNormalTag(tif, dp)) goto bad; dp->tdir_tag = IGNORE; break; } } if (haveunknowntags) { fix = 0; for (dp = dir, n = dircount; n > 0; n--, dp++) { if (dp->tdir_tag == IGNORE) continue; if (fix >= tif->tif_nfields || dp->tdir_tag < tif->tif_fieldinfo[fix]->field_tag) fix = 0; while (fix < tif->tif_nfields && tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag) fix++; if (fix >= tif->tif_nfields || tif->tif_fieldinfo[fix]->field_tag != dp->tdir_tag) { TIFFWarningExt(tif->tif_clientdata, module, ""%s: unknown field with tag %d (0x%x) encountered"", tif->tif_name, dp->tdir_tag, dp->tdir_tag); if (!_TIFFMergeFieldInfo(tif, _TIFFCreateAnonFieldInfo(tif, dp->tdir_tag, (TIFFDataType) dp->tdir_type), 1)) { TIFFWarningExt(tif->tif_clientdata, module, ""Registering anonymous field with tag %d (0x%x) failed"", dp->tdir_tag, dp->tdir_tag); dp->tdir_tag = IGNORE; continue; } fix = 0; while (fix < tif->tif_nfields && tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag) fix++; } fip = tif->tif_fieldinfo[fix]; while (dp->tdir_type != (unsigned short) fip->field_type && fix < tif->tif_nfields) { if (fip->field_type == TIFF_ANY) break; fip = tif->tif_fieldinfo[++fix]; if (fix >= tif->tif_nfields || fip->field_tag != dp->tdir_tag) { TIFFWarningExt(tif->tif_clientdata, module, ""%s: wrong data type %d for \""%s\""; tag ignored"", tif->tif_name, dp->tdir_type, tif->tif_fieldinfo[fix-1]->field_name); dp->tdir_tag = IGNORE; break; } } } } if ((td->td_compression==COMPRESSION_OJPEG) && (td->td_planarconfig==PLANARCONFIG_SEPARATE)) { dp = TIFFReadDirectoryFind(dir,dircount,TIFFTAG_STRIPOFFSETS); if ((dp!=0) && (dp->tdir_count==1)) { dp = TIFFReadDirectoryFind(dir, dircount, TIFFTAG_STRIPBYTECOUNTS); if ((dp!=0) && (dp->tdir_count==1)) { td->td_planarconfig=PLANARCONFIG_CONTIG; TIFFWarningExt(tif->tif_clientdata, ""TIFFReadDirectory"", ""Planarconfig tag value assumed incorrect, "" ""assuming data is contig instead of chunky""); } } } if (!TIFFFieldSet(tif, FIELD_IMAGEDIMENSIONS)) { MissingRequired(tif, ""ImageLength""); goto bad; } if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) { td->td_nstrips = TIFFNumberOfStrips(tif); td->td_tilewidth = td->td_imagewidth; td->td_tilelength = td->td_rowsperstrip; td->td_tiledepth = td->td_imagedepth; tif->tif_flags &= ~TIFF_ISTILED; } else { td->td_nstrips = TIFFNumberOfTiles(tif); tif->tif_flags |= TIFF_ISTILED; } if (!td->td_nstrips) { TIFFErrorExt(tif->tif_clientdata, module, ""%s: cannot handle zero number of %s"", tif->tif_name, isTiled(tif) ? ""tiles"" : ""strips""); goto bad; } td->td_stripsperimage = td->td_nstrips; if (td->td_planarconfig == PLANARCONFIG_SEPARATE) td->td_stripsperimage /= td->td_samplesperpixel; if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) { if ((td->td_compression==COMPRESSION_OJPEG) && (isTiled(tif)==0) && (td->td_nstrips==1)) { TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS); } else { MissingRequired(tif, isTiled(tif) ? ""TileOffsets"" : ""StripOffsets""); goto bad; } } for (dp = dir, n = dircount; n > 0; n--, dp++) { if (dp->tdir_tag == IGNORE) continue; switch (dp->tdir_tag) { case TIFFTAG_MINSAMPLEVALUE: case TIFFTAG_MAXSAMPLEVALUE: case TIFFTAG_BITSPERSAMPLE: case TIFFTAG_DATATYPE: case TIFFTAG_SAMPLEFORMAT: if (dp->tdir_count == 1) { v = TIFFExtractData(tif, dp->tdir_type, dp->tdir_offset); if (!TIFFSetField(tif, dp->tdir_tag, (uint16)v)) goto bad; } else if (dp->tdir_tag == TIFFTAG_BITSPERSAMPLE && dp->tdir_type == TIFF_LONG) { if (!TIFFFetchPerSampleLongs(tif, dp, &v) || !TIFFSetField(tif, dp->tdir_tag, (uint16)v)) goto bad; } else { if (!TIFFFetchPerSampleShorts(tif, dp, &iv) || !TIFFSetField(tif, dp->tdir_tag, iv)) goto bad; } break; case TIFFTAG_SMINSAMPLEVALUE: case TIFFTAG_SMAXSAMPLEVALUE: { double dv = 0.0; if (!TIFFFetchPerSampleAnys(tif, dp, &dv) || !TIFFSetField(tif, dp->tdir_tag, dv)) goto bad; } break; case TIFFTAG_STRIPOFFSETS: case TIFFTAG_TILEOFFSETS: if (!TIFFFetchStripThing(tif, dp, td->td_nstrips, &td->td_stripoffset)) goto bad; break; case TIFFTAG_STRIPBYTECOUNTS: case TIFFTAG_TILEBYTECOUNTS: if (!TIFFFetchStripThing(tif, dp, td->td_nstrips, &td->td_stripbytecount)) goto bad; break; case TIFFTAG_COLORMAP: case TIFFTAG_TRANSFERFUNCTION: { char* cp; v = 1L<td_bitspersample; if (dp->tdir_tag == TIFFTAG_COLORMAP || dp->tdir_count != v) { if (!CheckDirCount(tif, dp, 3 * v)) break; } v *= sizeof(uint16); cp = (char *)_TIFFCheckMalloc(tif, dp->tdir_count, sizeof (uint16), ""to read \""TransferFunction\"" tag""); if (cp != NULL) { if (TIFFFetchData(tif, dp, cp)) { uint32 c = 1L << td->td_bitspersample; if (dp->tdir_count == c) v = 0L; TIFFSetField(tif, dp->tdir_tag, cp, cp+v, cp+2*v); } _TIFFfree(cp); } break; } case TIFFTAG_PAGENUMBER: case TIFFTAG_HALFTONEHINTS: case TIFFTAG_YCBCRSUBSAMPLING: case TIFFTAG_DOTRANGE: (void) TIFFFetchShortPair(tif, dp); break; case TIFFTAG_REFERENCEBLACKWHITE: (void) TIFFFetchRefBlackWhite(tif, dp); break; case TIFFTAG_OSUBFILETYPE: v = 0L; switch (TIFFExtractData(tif, dp->tdir_type, dp->tdir_offset)) { case OFILETYPE_REDUCEDIMAGE: v = FILETYPE_REDUCEDIMAGE; break; case OFILETYPE_PAGE: v = FILETYPE_PAGE; break; } if (v) TIFFSetField(tif, TIFFTAG_SUBFILETYPE, v); break; default: (void) TIFFFetchNormalTag(tif, dp); break; } } if (td->td_compression==COMPRESSION_OJPEG) { if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC)) { TIFFWarningExt(tif->tif_clientdata, ""TIFFReadDirectory"", ""Photometric tag is missing, assuming data is YCbCr""); if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR)) goto bad; } else if (td->td_photometric==PHOTOMETRIC_RGB) { td->td_photometric=PHOTOMETRIC_YCBCR; TIFFWarningExt(tif->tif_clientdata, ""TIFFReadDirectory"", ""Photometric tag value assumed incorrect, "" ""assuming data is YCbCr instead of RGB""); } if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE)) { TIFFWarningExt(tif->tif_clientdata,""TIFFReadDirectory"", ""BitsPerSample tag is missing, assuming 8 bits per sample""); if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8)) goto bad; } if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL)) { if ((td->td_photometric==PHOTOMETRIC_RGB) || (td->td_photometric==PHOTOMETRIC_YCBCR)) { TIFFWarningExt(tif->tif_clientdata, ""TIFFReadDirectory"", ""SamplesPerPixel tag is missing, "" ""assuming correct SamplesPerPixel value is 3""); if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3)) goto bad; } else if ((td->td_photometric==PHOTOMETRIC_MINISWHITE) || (td->td_photometric==PHOTOMETRIC_MINISBLACK)) { TIFFWarningExt(tif->tif_clientdata, ""TIFFReadDirectory"", ""SamplesPerPixel tag is missing, "" ""assuming correct SamplesPerPixel value is 1""); if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1)) goto bad; } } } if (td->td_photometric == PHOTOMETRIC_PALETTE && !TIFFFieldSet(tif, FIELD_COLORMAP)) { MissingRequired(tif, ""Colormap""); goto bad; } if (td->td_compression!=COMPRESSION_OJPEG) { if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) { if ((td->td_planarconfig == PLANARCONFIG_CONTIG && td->td_nstrips > 1) || (td->td_planarconfig == PLANARCONFIG_SEPARATE && td->td_nstrips != td->td_samplesperpixel)) { MissingRequired(tif, ""StripByteCounts""); goto bad; } TIFFWarningExt(tif->tif_clientdata, module, ""%s: TIFF directory is missing required "" ""\""%s\"" field, calculating from imagelength"", tif->tif_name, _TIFFFieldWithTag(tif,TIFFTAG_STRIPBYTECOUNTS)->field_name); if (EstimateStripByteCounts(tif, dir, dircount) < 0) goto bad; #define BYTECOUNTLOOKSBAD \ ( (td->td_stripbytecount[0] == 0 && td->td_stripoffset[0] != 0) || \ (td->td_compression == COMPRESSION_NONE && \ td->td_stripbytecount[0] > TIFFGetFileSize(tif) - td->td_stripoffset[0]) || \ (tif->tif_mode == O_RDONLY && \ td->td_compression == COMPRESSION_NONE && \ td->td_stripbytecount[0] < TIFFScanlineSize(tif) * td->td_imagelength) ) } else if (td->td_nstrips == 1 && td->td_stripoffset[0] != 0 && BYTECOUNTLOOKSBAD) { TIFFWarningExt(tif->tif_clientdata, module, ""%s: Bogus \""%s\"" field, ignoring and calculating from imagelength"", tif->tif_name, _TIFFFieldWithTag(tif,TIFFTAG_STRIPBYTECOUNTS)->field_name); if(EstimateStripByteCounts(tif, dir, dircount) < 0) goto bad; } else if (td->td_planarconfig == PLANARCONFIG_CONTIG && td->td_nstrips > 2 && td->td_compression == COMPRESSION_NONE && td->td_stripbytecount[0] != td->td_stripbytecount[1] && td->td_stripbytecount[0] != 0 && td->td_stripbytecount[1] != 0 ) { TIFFWarningExt(tif->tif_clientdata, module, ""%s: Wrong \""%s\"" field, ignoring and calculating from imagelength"", tif->tif_name, _TIFFFieldWithTag(tif,TIFFTAG_STRIPBYTECOUNTS)->field_name); if (EstimateStripByteCounts(tif, dir, dircount) < 0) goto bad; } } if (dir) { _TIFFfree((char *)dir); dir = NULL; } if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE)) td->td_maxsamplevalue = (uint16)((1L<td_bitspersample)-1); if (td->td_nstrips > 1) { tstrip_t strip; td->td_stripbytecountsorted = 1; for (strip = 1; strip < td->td_nstrips; strip++) { if (td->td_stripoffset[strip - 1] > td->td_stripoffset[strip]) { td->td_stripbytecountsorted = 0; break; } } } if (!TIFFFieldSet(tif, FIELD_COMPRESSION)) TIFFSetField(tif, TIFFTAG_COMPRESSION, COMPRESSION_NONE); if (td->td_nstrips == 1 && td->td_compression == COMPRESSION_NONE && (tif->tif_flags & (TIFF_STRIPCHOP|TIFF_ISTILED)) == TIFF_STRIPCHOP) ChopUpSingleUncompressedStrip(tif); tif->tif_row = (uint32) -1; tif->tif_curstrip = (tstrip_t) -1; tif->tif_col = (uint32) -1; tif->tif_curtile = (ttile_t) -1; tif->tif_tilesize = (tsize_t) -1; tif->tif_scanlinesize = TIFFScanlineSize(tif); if (!tif->tif_scanlinesize) { TIFFErrorExt(tif->tif_clientdata, module, ""%s: cannot handle zero scanline size"", tif->tif_name); return (0); } if (isTiled(tif)) { tif->tif_tilesize = TIFFTileSize(tif); if (!tif->tif_tilesize) { TIFFErrorExt(tif->tif_clientdata, module, ""%s: cannot handle zero tile size"", tif->tif_name); return (0); } } else { if (!TIFFStripSize(tif)) { TIFFErrorExt(tif->tif_clientdata, module, ""%s: cannot handle zero strip size"", tif->tif_name); return (0); } } return (1); bad: if (dir) _TIFFfree(dir); return (0); }",visit repo url,DesktopEditor/cximage/tiff/tif_dirread.c,https://github.com/ONLYOFFICE/core,60813133087725,1 4621,['CWE-399'],"static int ext4_normal_get_block_write(struct inode *inode, sector_t iblock, struct buffer_head *bh_result, int create) { int ret = 0; unsigned max_blocks = bh_result->b_size >> inode->i_blkbits; ret = ext4_get_blocks_wrap(NULL, inode, iblock, max_blocks, bh_result, 0, 0, 0); if (ret > 0) { bh_result->b_size = (ret << inode->i_blkbits); ret = 0; } return ret; }",linux-2.6,,,172968554619087587467031629134742998590,0 3753,CWE-125,"int _yr_scan_verify_re_match( YR_SCAN_CONTEXT* context, YR_AC_MATCH* ac_match, uint8_t* data, size_t data_size, size_t data_base, size_t offset) { CALLBACK_ARGS callback_args; RE_EXEC_FUNC exec; int forward_matches = -1; int backward_matches = -1; int flags = 0; if (STRING_IS_GREEDY_REGEXP(ac_match->string)) flags |= RE_FLAGS_GREEDY; if (STRING_IS_NO_CASE(ac_match->string)) flags |= RE_FLAGS_NO_CASE; if (STRING_IS_DOT_ALL(ac_match->string)) flags |= RE_FLAGS_DOT_ALL; if (STRING_IS_FAST_REGEXP(ac_match->string)) exec = yr_re_fast_exec; else exec = yr_re_exec; if (STRING_IS_ASCII(ac_match->string)) { forward_matches = exec( ac_match->forward_code, data + offset, data_size - offset, offset > 0 ? flags | RE_FLAGS_NOT_AT_START : flags, NULL, NULL); } if (STRING_IS_WIDE(ac_match->string) && forward_matches == -1) { flags |= RE_FLAGS_WIDE; forward_matches = exec( ac_match->forward_code, data + offset, data_size - offset, offset > 0 ? flags | RE_FLAGS_NOT_AT_START : flags, NULL, NULL); } switch(forward_matches) { case -1: return ERROR_SUCCESS; case -2: return ERROR_INSUFFICIENT_MEMORY; case -3: return ERROR_TOO_MANY_MATCHES; case -4: return ERROR_TOO_MANY_RE_FIBERS; case -5: return ERROR_INTERNAL_FATAL_ERROR; } if (forward_matches == 0 && ac_match->backward_code == NULL) return ERROR_SUCCESS; callback_args.string = ac_match->string; callback_args.context = context; callback_args.data = data; callback_args.data_size = data_size; callback_args.data_base = data_base; callback_args.forward_matches = forward_matches; callback_args.full_word = STRING_IS_FULL_WORD(ac_match->string); if (ac_match->backward_code != NULL) { backward_matches = exec( ac_match->backward_code, data + offset, offset, flags | RE_FLAGS_BACKWARDS | RE_FLAGS_EXHAUSTIVE, _yr_scan_match_callback, (void*) &callback_args); switch(backward_matches) { case -2: return ERROR_INSUFFICIENT_MEMORY; case -3: return ERROR_TOO_MANY_MATCHES; case -4: return ERROR_TOO_MANY_RE_FIBERS; case -5: return ERROR_INTERNAL_FATAL_ERROR; } } else { FAIL_ON_ERROR(_yr_scan_match_callback( data + offset, 0, flags, &callback_args)); } return ERROR_SUCCESS; }",visit repo url,libyara/scan.c,https://github.com/VirusTotal/yara,242441848170487,1 6205,['CWE-200'],"static int rtnetlink_event(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *dev = ptr; switch (event) { case NETDEV_UNREGISTER: rtmsg_ifinfo(RTM_DELLINK, dev, ~0U); break; case NETDEV_REGISTER: rtmsg_ifinfo(RTM_NEWLINK, dev, ~0U); break; case NETDEV_UP: case NETDEV_DOWN: rtmsg_ifinfo(RTM_NEWLINK, dev, IFF_UP|IFF_RUNNING); break; case NETDEV_CHANGE: case NETDEV_GOING_DOWN: break; default: rtmsg_ifinfo(RTM_NEWLINK, dev, 0); break; } return NOTIFY_DONE; }",linux-2.6,,,209083749627085958400078537411843765706,0 2465,CWE-89,"static CURLcode smtp_connect(struct connectdata *conn, bool *done) { CURLcode result; struct smtp_conn *smtpc = &conn->proto.smtpc; struct SessionHandle *data = conn->data; struct pingpong *pp = &smtpc->pp; const char *path = conn->data->state.path; int len; char localhost[HOSTNAME_MAX + 1]; *done = FALSE; Curl_reset_reqproto(conn); result = smtp_init(conn); if(CURLE_OK != result) return result; conn->bits.close = FALSE; pp->response_time = RESP_TIMEOUT; pp->statemach_act = smtp_statemach_act; pp->endofresp = smtp_endofresp; pp->conn = conn; if(conn->bits.tunnel_proxy && conn->bits.httpproxy) { struct HTTP http_proxy; struct FTP *smtp_save; smtp_save = data->state.proto.smtp; memset(&http_proxy, 0, sizeof(http_proxy)); data->state.proto.http = &http_proxy; result = Curl_proxyCONNECT(conn, FIRSTSOCKET, conn->host.name, conn->remote_port); data->state.proto.smtp = smtp_save; if(CURLE_OK != result) return result; } if((conn->handler->protocol & CURLPROTO_SMTPS) && data->state.used_interface != Curl_if_multi) { result = Curl_ssl_connect(conn, FIRSTSOCKET); if(result) return result; } Curl_pp_init(pp); pp->response_time = RESP_TIMEOUT; pp->statemach_act = smtp_statemach_act; pp->endofresp = smtp_endofresp; pp->conn = conn; if(!*path) { if(!Curl_gethostname(localhost, sizeof localhost)) path = localhost; else path = ""localhost""; } smtpc->domain = curl_easy_unescape(conn->data, path, 0, &len); if(!smtpc->domain) return CURLE_OUT_OF_MEMORY; state(conn, SMTP_SERVERGREET); if(data->state.used_interface == Curl_if_multi) result = smtp_multi_statemach(conn, done); else { result = smtp_easy_statemach(conn); if(!result) *done = TRUE; } return result; }",visit repo url,lib/smtp.c,https://github.com/bagder/curl,237399051201386,1 1443,[],"dequeue_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int sleep) { update_curr(cfs_rq); update_stats_dequeue(cfs_rq, se); if (sleep) { update_avg_stats(cfs_rq, se); #ifdef CONFIG_SCHEDSTATS if (entity_is_task(se)) { struct task_struct *tsk = task_of(se); if (tsk->state & TASK_INTERRUPTIBLE) se->sleep_start = rq_of(cfs_rq)->clock; if (tsk->state & TASK_UNINTERRUPTIBLE) se->block_start = rq_of(cfs_rq)->clock; } #endif } if (se != cfs_rq->curr) __dequeue_entity(cfs_rq, se); account_entity_dequeue(cfs_rq, se); }",linux-2.6,,,310429320401838291650557445418043850745,0 1405,CWE-310,"static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_hash rhash; snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""ahash""); rhash.blocksize = alg->cra_blocksize; rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize; if (nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(struct crypto_report_hash), &rhash)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/ahash.c,https://github.com/torvalds/linux,20391327011751,1 4894,['CWE-399'],"static inline int inword(const u16 c) { return c > 0xff || (( inwordLut[c>>5] >> (c & 0x1F) ) & 1); }",linux-2.6,,,152305560985261477904209093511280669125,0 3977,CWE-254,"void test_parser(void) { int i, retval; bzrtpPacket_t *zrtpPacket; bzrtpContext_t *context87654321 = bzrtp_createBzrtpContext(0x87654321); bzrtpContext_t *context12345678 = bzrtp_createBzrtpContext(0x12345678); memcpy (context12345678->channelContext[0]->selfH[0], H12345678[0], 32); memcpy (context12345678->channelContext[0]->selfH[1], H12345678[1], 32); memcpy (context12345678->channelContext[0]->selfH[2], H12345678[2], 32); memcpy (context12345678->channelContext[0]->selfH[3], H12345678[3], 32); memcpy (context87654321->channelContext[0]->selfH[0], H87654321[0], 32); memcpy (context87654321->channelContext[0]->selfH[1], H87654321[1], 32); memcpy (context87654321->channelContext[0]->selfH[2], H87654321[2], 32); memcpy (context87654321->channelContext[0]->selfH[3], H87654321[3], 32); context87654321->channelContext[0]->keyAgreementAlgo = ZRTP_KEYAGREEMENT_DH3k; context12345678->channelContext[0]->keyAgreementAlgo = ZRTP_KEYAGREEMENT_DH3k; context87654321->channelContext[0]->cipherAlgo = ZRTP_CIPHER_AES1; context12345678->channelContext[0]->cipherAlgo = ZRTP_CIPHER_AES1; context87654321->channelContext[0]->hashAlgo = ZRTP_HASH_S256; context12345678->channelContext[0]->hashAlgo = ZRTP_HASH_S256; updateCryptoFunctionPointers(context87654321->channelContext[0]); updateCryptoFunctionPointers(context12345678->channelContext[0]); context87654321->channelContext[0]->mackeyi = (uint8_t *)malloc(32); context12345678->channelContext[0]->mackeyi = (uint8_t *)malloc(32); context87654321->channelContext[0]->mackeyr = (uint8_t *)malloc(32); context12345678->channelContext[0]->mackeyr = (uint8_t *)malloc(32); context87654321->channelContext[0]->zrtpkeyi = (uint8_t *)malloc(16); context12345678->channelContext[0]->zrtpkeyi = (uint8_t *)malloc(16); context87654321->channelContext[0]->zrtpkeyr = (uint8_t *)malloc(16); context12345678->channelContext[0]->zrtpkeyr = (uint8_t *)malloc(16); memcpy(context12345678->channelContext[0]->mackeyi, mackeyi, 32); memcpy(context12345678->channelContext[0]->mackeyr, mackeyr, 32); memcpy(context12345678->channelContext[0]->zrtpkeyi, zrtpkeyi, 16); memcpy(context12345678->channelContext[0]->zrtpkeyr, zrtpkeyr, 16); memcpy(context87654321->channelContext[0]->mackeyi, mackeyi, 32); memcpy(context87654321->channelContext[0]->mackeyr, mackeyr, 32); memcpy(context87654321->channelContext[0]->zrtpkeyi, zrtpkeyi, 16); memcpy(context87654321->channelContext[0]->zrtpkeyr, zrtpkeyr, 16); context12345678->channelContext[0]->role = RESPONDER; for (i=0; ichannelContext[0]:context87654321->channelContext[0], patternZRTPPackets[i], patternZRTPMetaData[i][0], zrtpPacket); if (zrtpPacket->messageType==MSGTYPE_HELLO) { if (patternZRTPMetaData[i][2]==0x87654321) { context12345678->channelContext[0]->peerPackets[HELLO_MESSAGE_STORE_ID] = zrtpPacket; } else { context87654321->channelContext[0]->peerPackets[HELLO_MESSAGE_STORE_ID] = zrtpPacket; } freePacketFlag = 0; } if (zrtpPacket->messageType==MSGTYPE_COMMIT) { if (patternZRTPMetaData[i][2]==0x87654321) { context12345678->channelContext[0]->peerPackets[COMMIT_MESSAGE_STORE_ID] = zrtpPacket; } else { context87654321->channelContext[0]->peerPackets[COMMIT_MESSAGE_STORE_ID] = zrtpPacket; } freePacketFlag = 0; } if (zrtpPacket->messageType==MSGTYPE_DHPART1 || zrtpPacket->messageType==MSGTYPE_DHPART2) { if (patternZRTPMetaData[i][2]==0x87654321) { context12345678->channelContext[0]->peerPackets[DHPART_MESSAGE_STORE_ID] = zrtpPacket; } else { context87654321->channelContext[0]->peerPackets[DHPART_MESSAGE_STORE_ID] = zrtpPacket; } freePacketFlag = 0; } free(zrtpPacket->packetString); retval = bzrtp_packetBuild((patternZRTPMetaData[i][2]==0x12345678)?context12345678:context87654321, (patternZRTPMetaData[i][2]==0x12345678)?context12345678->channelContext[0]:context87654321->channelContext[0], zrtpPacket, patternZRTPMetaData[i][1]); if (zrtpPacket->packetString != NULL) { CU_ASSERT_TRUE(memcmp(zrtpPacket->packetString, patternZRTPPackets[i], patternZRTPMetaData[i][0]) == 0); } else { CU_FAIL(""Unable to build packet""); } if (freePacketFlag == 1) { bzrtp_freeZrtpPacket(zrtpPacket); } } bzrtp_destroyBzrtpContext(context87654321, 0x87654321); bzrtp_destroyBzrtpContext(context12345678, 0x12345678); }",visit repo url,test/bzrtpParserTest.c,https://github.com/BelledonneCommunications/bzrtp,141447829404228,1 6683,CWE-1284,"int decrypt_stream(FILE *infp, FILE *outfp, unsigned char* passwd, int passlen) { aes_context aes_ctx; sha256_context sha_ctx; aescrypt_hdr aeshdr; sha256_t digest; unsigned char IV[16]; unsigned char iv_key[48]; unsigned i, j, n; size_t bytes_read; unsigned char buffer[64], buffer2[32]; unsigned char *head, *tail; unsigned char ipad[64], opad[64]; int reached_eof = 0; if ((bytes_read = fread(&aeshdr, 1, sizeof(aeshdr), infp)) != sizeof(aescrypt_hdr)) { if (feof(infp)) { fprintf(stderr, ""Error: Input file is too short.\n""); } else { perror(""Error reading the file header:""); } return -1; } if (!(aeshdr.aes[0] == 'A' && aeshdr.aes[1] == 'E' && aeshdr.aes[2] == 'S')) { fprintf(stderr, ""Error: Bad file header (not aescrypt file or is corrupted? [%x, %x, %x])\n"", aeshdr.aes[0], aeshdr.aes[1], aeshdr.aes[2]); return -1; } if (aeshdr.version == 0) { aeshdr.last_block_size = (aeshdr.last_block_size & 0x0F); } else if (aeshdr.version > 0x02) { fprintf(stderr, ""Error: Unsupported AES file version: %d\n"", aeshdr.version); return -1; } if (aeshdr.version >= 0x02) { do { if ((bytes_read = fread(buffer, 1, 2, infp)) != 2) { if (feof(infp)) { fprintf(stderr, ""Error: Input file is too short.\n""); } else { perror(""Error reading the file extensions:""); } return -1; } i = j = (((int)buffer[0]) << 8) | (int)buffer[1]; while (i--) { if ((bytes_read = fread(buffer, 1, 1, infp)) != 1) { if (feof(infp)) { fprintf(stderr, ""Error: Input file is too short.\n""); } else { perror(""Error reading the file extensions:""); } return -1; } } } while(j); } if ((bytes_read = fread(IV, 1, 16, infp)) != 16) { if (feof(infp)) { fprintf(stderr, ""Error: Input file is too short.\n""); } else { perror(""Error reading the initialization vector:""); } return -1; } memset(digest, 0, 32); memcpy(digest, IV, 16); for(i=0; i<8192; i++) { sha256_starts( &sha_ctx); sha256_update( &sha_ctx, digest, 32); sha256_update( &sha_ctx, passwd, passlen); sha256_finish( &sha_ctx, digest); } aes_set_key(&aes_ctx, digest, 256); memset(ipad, 0x36, 64); memset(opad, 0x5C, 64); for(i=0; i<32; i++) { ipad[i] ^= digest[i]; opad[i] ^= digest[i]; } sha256_starts(&sha_ctx); sha256_update(&sha_ctx, ipad, 64); if (aeshdr.version >= 0x01) { for(i=0; i<48; i+=16) { if ((bytes_read = fread(buffer, 1, 16, infp)) != 16) { if (feof(infp)) { fprintf(stderr, ""Error: Input file is too short.\n""); } else { perror(""Error reading input file IV and key:""); } return -1; } memcpy(buffer2, buffer, 16); sha256_update(&sha_ctx, buffer, 16); aes_decrypt(&aes_ctx, buffer, buffer); for(j=0; j<16; j++) { iv_key[i+j] = (buffer[j] ^ IV[j]); } memcpy(IV, buffer2, 16); } sha256_finish(&sha_ctx, digest); sha256_starts(&sha_ctx); sha256_update(&sha_ctx, opad, 64); sha256_update(&sha_ctx, digest, 32); sha256_finish(&sha_ctx, digest); if ((bytes_read = fread(buffer, 1, 32, infp)) != 32) { if (feof(infp)) { fprintf(stderr, ""Error: Input file is too short.\n""); } else { perror(""Error reading input file digest:""); } return -1; } if (memcmp(digest, buffer, 32)) { fprintf(stderr, ""Error: Message has been altered or password is incorrect\n""); return -1; } memcpy(IV, iv_key, 16); aes_set_key(&aes_ctx, iv_key+16, 256); memset(ipad, 0x36, 64); memset(opad, 0x5C, 64); for(i=0; i<32; i++) { ipad[i] ^= iv_key[i+16]; opad[i] ^= iv_key[i+16]; } memset_secure(iv_key, 0, 48); sha256_starts(&sha_ctx); sha256_update(&sha_ctx, ipad, 64); } if ((bytes_read = fread(buffer, 1, 48, infp)) < 48) { if (!feof(infp)) { perror(""Error reading input file ring:""); return -1; } else { if ((aeshdr.version == 0x00 && bytes_read != 32) || (aeshdr.version >= 0x01 && bytes_read != 33)) { fprintf(stderr, ""Error: Input file is corrupt (1:%u).\n"", (unsigned) bytes_read); return -1; } else { if (aeshdr.version >= 0x01) { aeshdr.last_block_size = (buffer[0] & 0x0F); } if (aeshdr.last_block_size != 0) { fprintf(stderr, ""Error: Input file is corrupt (2).\n""); return -1; } } reached_eof = 1; } } head = buffer + 48; tail = buffer; while(!reached_eof) { if (head == (buffer + 64)) { head = buffer; } if ((bytes_read = fread(head, 1, 16, infp)) < 16) { if (!feof(infp)) { perror(""Error reading input file:""); return -1; } else { if ((aeshdr.version == 0x00 && bytes_read > 0) || (aeshdr.version >= 0x01 && bytes_read != 1)) { fprintf(stderr, ""Error: Input file is corrupt (3:%u).\n"", (unsigned) bytes_read); return -1; } if (aeshdr.version >= 0x01) { if ((tail + 16) < (buffer + 64)) { aeshdr.last_block_size = (tail[16] & 0x0F); } else { aeshdr.last_block_size = (buffer[0] & 0x0F); } } reached_eof = 1; } } if ((bytes_read > 0) || (aeshdr.version == 0x00)) { if (bytes_read > 0) { head += 16; } memcpy(buffer2, tail, 16); sha256_update(&sha_ctx, tail, 16); aes_decrypt(&aes_ctx, tail, tail); for(i=0; i<16; i++) { tail[i] ^= IV[i]; } memcpy(IV, buffer2, 16); n = ((!reached_eof) || (aeshdr.last_block_size == 0)) ? 16 : aeshdr.last_block_size; if ((i = fwrite(tail, 1, n, outfp)) != n) { perror(""Error writing decrypted block:""); return -1; } tail += 16; if (tail == (buffer+64)) { tail = buffer; } } } sha256_finish(&sha_ctx, digest); sha256_starts(&sha_ctx); sha256_update(&sha_ctx, opad, 64); sha256_update(&sha_ctx, digest, 32); sha256_finish(&sha_ctx, digest); if (aeshdr.version == 0x00) { memcpy(buffer2, tail, 16); tail += 16; if (tail == (buffer + 64)) { tail = buffer; } memcpy(buffer2+16, tail, 16); } else { memcpy(buffer2, tail+1, 15); tail += 16; if (tail == (buffer + 64)) { tail = buffer; } memcpy(buffer2+15, tail, 16); tail += 16; if (tail == (buffer + 64)) { tail = buffer; } memcpy(buffer2+31, tail, 1); } if (memcmp(digest, buffer2, 32)) { if (aeshdr.version == 0x00) { fprintf(stderr, ""Error: Message has been altered or password is incorrect\n""); } else { fprintf(stderr, ""Error: Message has been altered and should not be trusted\n""); } return -1; } if (fflush(outfp)) { fprintf(stderr, ""Error: Could not flush output file buffer\n""); return -1; } return 0; }",visit repo url,Linux/src/aescrypt.c,https://github.com/paulej/AESCrypt,28862923243224,1 5089,['CWE-20'],"static inline int cpu_has_virtual_nmis(void) { return vmcs_config.pin_based_exec_ctrl & PIN_BASED_VIRTUAL_NMIS; }",linux-2.6,,,252516853242559001084733021513472460728,0 1872,CWE-125,"static unsigned long get_ctl_id_hash(const struct snd_ctl_elem_id *id) { int i; unsigned long h; h = id->iface; h = MULTIPLIER * h + id->device; h = MULTIPLIER * h + id->subdevice; for (i = 0; id->name[i] && i < SNDRV_CTL_ELEM_ID_NAME_MAXLEN; i++) h = MULTIPLIER * h + id->name[i]; h = MULTIPLIER * h + id->index; h &= LONG_MAX; return h; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,60135915389611,1 3866,CWE-122,"ins_comp_get_next_word_or_line( buf_T *ins_buf, pos_T *cur_match_pos, int *match_len, int *cont_s_ipos) { char_u *ptr; int len; *match_len = 0; ptr = ml_get_buf(ins_buf, cur_match_pos->lnum, FALSE) + cur_match_pos->col; if (ctrl_x_mode_line_or_eval()) { if (compl_status_adding()) { if (cur_match_pos->lnum >= ins_buf->b_ml.ml_line_count) return NULL; ptr = ml_get_buf(ins_buf, cur_match_pos->lnum + 1, FALSE); if (!p_paste) ptr = skipwhite(ptr); } len = (int)STRLEN(ptr); } else { char_u *tmp_ptr = ptr; if (compl_status_adding()) { tmp_ptr += compl_length; if (vim_iswordp(tmp_ptr)) return NULL; tmp_ptr = find_word_start(tmp_ptr); } tmp_ptr = find_word_end(tmp_ptr); len = (int)(tmp_ptr - ptr); if (compl_status_adding() && len == compl_length) { if (cur_match_pos->lnum < ins_buf->b_ml.ml_line_count) { STRNCPY(IObuff, ptr, len); ptr = ml_get_buf(ins_buf, cur_match_pos->lnum + 1, FALSE); tmp_ptr = ptr = skipwhite(ptr); tmp_ptr = find_word_start(tmp_ptr); tmp_ptr = find_word_end(tmp_ptr); if (tmp_ptr > ptr) { if (*ptr != ')' && IObuff[len - 1] != TAB) { if (IObuff[len - 1] != ' ') IObuff[len++] = ' '; if (p_js && (IObuff[len - 2] == '.' || (vim_strchr(p_cpo, CPO_JOINSP) == NULL && (IObuff[len - 2] == '?' || IObuff[len - 2] == '!')))) IObuff[len++] = ' '; } if (tmp_ptr - ptr >= IOSIZE - len) tmp_ptr = ptr + IOSIZE - len - 1; STRNCPY(IObuff + len, ptr, tmp_ptr - ptr); len += (int)(tmp_ptr - ptr); *cont_s_ipos = TRUE; } IObuff[len] = NUL; ptr = IObuff; } if (len == compl_length) return NULL; } } *match_len = len; return ptr; }",visit repo url,src/insexpand.c,https://github.com/vim/vim,269924728901676,1 3657,CWE-369,"static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no, OPJ_BOOL isEncoder, OPJ_FLOAT32 fraction, OPJ_SIZE_T sizeof_block, opj_event_mgr_t* manager) { OPJ_UINT32 (*l_gain_ptr)(OPJ_UINT32) = 00; OPJ_UINT32 compno, resno, bandno, precno, cblkno; opj_tcp_t * l_tcp = 00; opj_cp_t * l_cp = 00; opj_tcd_tile_t * l_tile = 00; opj_tccp_t *l_tccp = 00; opj_tcd_tilecomp_t *l_tilec = 00; opj_image_comp_t * l_image_comp = 00; opj_tcd_resolution_t *l_res = 00; opj_tcd_band_t *l_band = 00; opj_stepsize_t * l_step_size = 00; opj_tcd_precinct_t *l_current_precinct = 00; opj_image_t *l_image = 00; OPJ_UINT32 p,q; OPJ_UINT32 l_level_no; OPJ_UINT32 l_pdx, l_pdy; OPJ_UINT32 l_gain; OPJ_INT32 l_x0b, l_y0b; OPJ_UINT32 l_tx0, l_ty0; OPJ_INT32 l_tl_prc_x_start, l_tl_prc_y_start, l_br_prc_x_end, l_br_prc_y_end; OPJ_UINT32 l_nb_precincts; OPJ_UINT32 l_nb_precinct_size; OPJ_UINT32 l_nb_code_blocks; OPJ_UINT32 l_nb_code_blocks_size; OPJ_UINT32 l_data_size; l_cp = p_tcd->cp; l_tcp = &(l_cp->tcps[p_tile_no]); l_tile = p_tcd->tcd_image->tiles; l_tccp = l_tcp->tccps; l_tilec = l_tile->comps; l_image = p_tcd->image; l_image_comp = p_tcd->image->comps; p = p_tile_no % l_cp->tw; q = p_tile_no / l_cp->tw; l_tx0 = l_cp->tx0 + p * l_cp->tdx; l_tile->x0 = (OPJ_INT32)opj_uint_max(l_tx0, l_image->x0); l_tile->x1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_tx0, l_cp->tdx), l_image->x1); l_ty0 = l_cp->ty0 + q * l_cp->tdy; l_tile->y0 = (OPJ_INT32)opj_uint_max(l_ty0, l_image->y0); l_tile->y1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_ty0, l_cp->tdy), l_image->y1); if (l_tccp->numresolutions == 0) { opj_event_msg(manager, EVT_ERROR, ""tiles require at least one resolution\n""); return OPJ_FALSE; } for (compno = 0; compno < l_tile->numcomps; ++compno) { l_image_comp->resno_decoded = 0; l_tilec->x0 = opj_int_ceildiv(l_tile->x0, (OPJ_INT32)l_image_comp->dx); l_tilec->y0 = opj_int_ceildiv(l_tile->y0, (OPJ_INT32)l_image_comp->dy); l_tilec->x1 = opj_int_ceildiv(l_tile->x1, (OPJ_INT32)l_image_comp->dx); l_tilec->y1 = opj_int_ceildiv(l_tile->y1, (OPJ_INT32)l_image_comp->dy); l_data_size = (OPJ_UINT32)(l_tilec->x1 - l_tilec->x0); if ((((OPJ_UINT32)-1) / l_data_size) < (OPJ_UINT32)(l_tilec->y1 - l_tilec->y0)) { opj_event_msg(manager, EVT_ERROR, ""Not enough memory for tile data\n""); return OPJ_FALSE; } l_data_size = l_data_size * (OPJ_UINT32)(l_tilec->y1 - l_tilec->y0); if ((((OPJ_UINT32)-1) / (OPJ_UINT32)sizeof(OPJ_UINT32)) < l_data_size) { opj_event_msg(manager, EVT_ERROR, ""Not enough memory for tile data\n""); return OPJ_FALSE; } l_data_size = l_data_size * (OPJ_UINT32)sizeof(OPJ_UINT32); l_tilec->numresolutions = l_tccp->numresolutions; if (l_tccp->numresolutions < l_cp->m_specific_param.m_dec.m_reduce) { l_tilec->minimum_num_resolutions = 1; } else { l_tilec->minimum_num_resolutions = l_tccp->numresolutions - l_cp->m_specific_param.m_dec.m_reduce; } l_tilec->data_size_needed = l_data_size; if (p_tcd->m_is_decoder && !opj_alloc_tile_component_data(l_tilec)) { opj_event_msg(manager, EVT_ERROR, ""Not enough memory for tile data\n""); return OPJ_FALSE; } l_data_size = l_tilec->numresolutions * (OPJ_UINT32)sizeof(opj_tcd_resolution_t); if (l_tilec->resolutions == 00) { l_tilec->resolutions = (opj_tcd_resolution_t *) opj_malloc(l_data_size); if (! l_tilec->resolutions ) { return OPJ_FALSE; } l_tilec->resolutions_size = l_data_size; memset(l_tilec->resolutions,0,l_data_size); } else if (l_data_size > l_tilec->resolutions_size) { opj_tcd_resolution_t* new_resolutions = (opj_tcd_resolution_t *) opj_realloc(l_tilec->resolutions, l_data_size); if (! new_resolutions) { opj_event_msg(manager, EVT_ERROR, ""Not enough memory for tile resolutions\n""); opj_free(l_tilec->resolutions); l_tilec->resolutions = NULL; l_tilec->resolutions_size = 0; return OPJ_FALSE; } l_tilec->resolutions = new_resolutions; memset(((OPJ_BYTE*) l_tilec->resolutions)+l_tilec->resolutions_size,0,l_data_size - l_tilec->resolutions_size); l_tilec->resolutions_size = l_data_size; } l_level_no = l_tilec->numresolutions; l_res = l_tilec->resolutions; l_step_size = l_tccp->stepsizes; if (l_tccp->qmfbid == 0) { l_gain_ptr = &opj_dwt_getgain_real; } else { l_gain_ptr = &opj_dwt_getgain; } for (resno = 0; resno < l_tilec->numresolutions; ++resno) { OPJ_INT32 tlcbgxstart, tlcbgystart ; OPJ_UINT32 cbgwidthexpn, cbgheightexpn; OPJ_UINT32 cblkwidthexpn, cblkheightexpn; --l_level_no; l_res->x0 = opj_int_ceildivpow2(l_tilec->x0, (OPJ_INT32)l_level_no); l_res->y0 = opj_int_ceildivpow2(l_tilec->y0, (OPJ_INT32)l_level_no); l_res->x1 = opj_int_ceildivpow2(l_tilec->x1, (OPJ_INT32)l_level_no); l_res->y1 = opj_int_ceildivpow2(l_tilec->y1, (OPJ_INT32)l_level_no); l_pdx = l_tccp->prcw[resno]; l_pdy = l_tccp->prch[resno]; l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx; l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy; l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT32)l_pdx) << l_pdx; l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT32)l_pdy) << l_pdy; l_res->pw = (l_res->x0 == l_res->x1) ? 0 : (OPJ_UINT32)((l_br_prc_x_end - l_tl_prc_x_start) >> l_pdx); l_res->ph = (l_res->y0 == l_res->y1) ? 0 : (OPJ_UINT32)((l_br_prc_y_end - l_tl_prc_y_start) >> l_pdy); l_nb_precincts = l_res->pw * l_res->ph; l_nb_precinct_size = l_nb_precincts * (OPJ_UINT32)sizeof(opj_tcd_precinct_t); if (resno == 0) { tlcbgxstart = l_tl_prc_x_start; tlcbgystart = l_tl_prc_y_start; cbgwidthexpn = l_pdx; cbgheightexpn = l_pdy; l_res->numbands = 1; } else { tlcbgxstart = opj_int_ceildivpow2(l_tl_prc_x_start, 1); tlcbgystart = opj_int_ceildivpow2(l_tl_prc_y_start, 1); cbgwidthexpn = l_pdx - 1; cbgheightexpn = l_pdy - 1; l_res->numbands = 3; } cblkwidthexpn = opj_uint_min(l_tccp->cblkw, cbgwidthexpn); cblkheightexpn = opj_uint_min(l_tccp->cblkh, cbgheightexpn); l_band = l_res->bands; for (bandno = 0; bandno < l_res->numbands; ++bandno) { OPJ_INT32 numbps; if (resno == 0) { l_band->bandno = 0 ; l_band->x0 = opj_int_ceildivpow2(l_tilec->x0, (OPJ_INT32)l_level_no); l_band->y0 = opj_int_ceildivpow2(l_tilec->y0, (OPJ_INT32)l_level_no); l_band->x1 = opj_int_ceildivpow2(l_tilec->x1, (OPJ_INT32)l_level_no); l_band->y1 = opj_int_ceildivpow2(l_tilec->y1, (OPJ_INT32)l_level_no); } else { l_band->bandno = bandno + 1; l_x0b = l_band->bandno&1; l_y0b = (OPJ_INT32)((l_band->bandno)>>1); l_band->x0 = opj_int64_ceildivpow2(l_tilec->x0 - ((OPJ_INT64)l_x0b << l_level_no), (OPJ_INT32)(l_level_no + 1)); l_band->y0 = opj_int64_ceildivpow2(l_tilec->y0 - ((OPJ_INT64)l_y0b << l_level_no), (OPJ_INT32)(l_level_no + 1)); l_band->x1 = opj_int64_ceildivpow2(l_tilec->x1 - ((OPJ_INT64)l_x0b << l_level_no), (OPJ_INT32)(l_level_no + 1)); l_band->y1 = opj_int64_ceildivpow2(l_tilec->y1 - ((OPJ_INT64)l_y0b << l_level_no), (OPJ_INT32)(l_level_no + 1)); } l_gain = (*l_gain_ptr) (l_band->bandno); numbps = (OPJ_INT32)(l_image_comp->prec + l_gain); l_band->stepsize = (OPJ_FLOAT32)(((1.0 + l_step_size->mant / 2048.0) * pow(2.0, (OPJ_INT32) (numbps - l_step_size->expn)))) * fraction; l_band->numbps = l_step_size->expn + (OPJ_INT32)l_tccp->numgbits - 1; if (!l_band->precincts && (l_nb_precincts > 0U)) { l_band->precincts = (opj_tcd_precinct_t *) opj_malloc( l_nb_precinct_size); if (! l_band->precincts) { return OPJ_FALSE; } memset(l_band->precincts,0,l_nb_precinct_size); l_band->precincts_data_size = l_nb_precinct_size; } else if (l_band->precincts_data_size < l_nb_precinct_size) { opj_tcd_precinct_t * new_precincts = (opj_tcd_precinct_t *) opj_realloc(l_band->precincts, l_nb_precinct_size); if (! new_precincts) { opj_event_msg(manager, EVT_ERROR, ""Not enough memory to handle band precints\n""); opj_free(l_band->precincts); l_band->precincts = NULL; l_band->precincts_data_size = 0; return OPJ_FALSE; } l_band->precincts = new_precincts; memset(((OPJ_BYTE *) l_band->precincts) + l_band->precincts_data_size,0,l_nb_precinct_size - l_band->precincts_data_size); l_band->precincts_data_size = l_nb_precinct_size; } l_current_precinct = l_band->precincts; for (precno = 0; precno < l_nb_precincts; ++precno) { OPJ_INT32 tlcblkxstart, tlcblkystart, brcblkxend, brcblkyend; OPJ_INT32 cbgxstart = tlcbgxstart + (OPJ_INT32)(precno % l_res->pw) * (1 << cbgwidthexpn); OPJ_INT32 cbgystart = tlcbgystart + (OPJ_INT32)(precno / l_res->pw) * (1 << cbgheightexpn); OPJ_INT32 cbgxend = cbgxstart + (1 << cbgwidthexpn); OPJ_INT32 cbgyend = cbgystart + (1 << cbgheightexpn); l_current_precinct->x0 = opj_int_max(cbgxstart, l_band->x0); l_current_precinct->y0 = opj_int_max(cbgystart, l_band->y0); l_current_precinct->x1 = opj_int_min(cbgxend, l_band->x1); l_current_precinct->y1 = opj_int_min(cbgyend, l_band->y1); tlcblkxstart = opj_int_floordivpow2(l_current_precinct->x0, (OPJ_INT32)cblkwidthexpn) << cblkwidthexpn; tlcblkystart = opj_int_floordivpow2(l_current_precinct->y0, (OPJ_INT32)cblkheightexpn) << cblkheightexpn; brcblkxend = opj_int_ceildivpow2(l_current_precinct->x1, (OPJ_INT32)cblkwidthexpn) << cblkwidthexpn; brcblkyend = opj_int_ceildivpow2(l_current_precinct->y1, (OPJ_INT32)cblkheightexpn) << cblkheightexpn; l_current_precinct->cw = (OPJ_UINT32)((brcblkxend - tlcblkxstart) >> cblkwidthexpn); l_current_precinct->ch = (OPJ_UINT32)((brcblkyend - tlcblkystart) >> cblkheightexpn); l_nb_code_blocks = l_current_precinct->cw * l_current_precinct->ch; l_nb_code_blocks_size = l_nb_code_blocks * (OPJ_UINT32)sizeof_block; if (!l_current_precinct->cblks.blocks && (l_nb_code_blocks > 0U)) { l_current_precinct->cblks.blocks = opj_malloc(l_nb_code_blocks_size); if (! l_current_precinct->cblks.blocks ) { return OPJ_FALSE; } memset(l_current_precinct->cblks.blocks,0,l_nb_code_blocks_size); l_current_precinct->block_size = l_nb_code_blocks_size; } else if (l_nb_code_blocks_size > l_current_precinct->block_size) { void *new_blocks = opj_realloc(l_current_precinct->cblks.blocks, l_nb_code_blocks_size); if (! new_blocks) { opj_free(l_current_precinct->cblks.blocks); l_current_precinct->cblks.blocks = NULL; l_current_precinct->block_size = 0; opj_event_msg(manager, EVT_ERROR, ""Not enough memory for current precinct codeblock element\n""); return OPJ_FALSE; } l_current_precinct->cblks.blocks = new_blocks; memset(((OPJ_BYTE *) l_current_precinct->cblks.blocks) + l_current_precinct->block_size ,0 ,l_nb_code_blocks_size - l_current_precinct->block_size); l_current_precinct->block_size = l_nb_code_blocks_size; } if (! l_current_precinct->incltree) { l_current_precinct->incltree = opj_tgt_create(l_current_precinct->cw, l_current_precinct->ch, manager); } else{ l_current_precinct->incltree = opj_tgt_init(l_current_precinct->incltree, l_current_precinct->cw, l_current_precinct->ch, manager); } if (! l_current_precinct->incltree) { opj_event_msg(manager, EVT_WARNING, ""No incltree created.\n""); } if (! l_current_precinct->imsbtree) { l_current_precinct->imsbtree = opj_tgt_create(l_current_precinct->cw, l_current_precinct->ch, manager); } else { l_current_precinct->imsbtree = opj_tgt_init(l_current_precinct->imsbtree, l_current_precinct->cw, l_current_precinct->ch, manager); } if (! l_current_precinct->imsbtree) { opj_event_msg(manager, EVT_WARNING, ""No imsbtree created.\n""); } for (cblkno = 0; cblkno < l_nb_code_blocks; ++cblkno) { OPJ_INT32 cblkxstart = tlcblkxstart + (OPJ_INT32)(cblkno % l_current_precinct->cw) * (1 << cblkwidthexpn); OPJ_INT32 cblkystart = tlcblkystart + (OPJ_INT32)(cblkno / l_current_precinct->cw) * (1 << cblkheightexpn); OPJ_INT32 cblkxend = cblkxstart + (1 << cblkwidthexpn); OPJ_INT32 cblkyend = cblkystart + (1 << cblkheightexpn); if (isEncoder) { opj_tcd_cblk_enc_t* l_code_block = l_current_precinct->cblks.enc + cblkno; if (! opj_tcd_code_block_enc_allocate(l_code_block)) { return OPJ_FALSE; } l_code_block->x0 = opj_int_max(cblkxstart, l_current_precinct->x0); l_code_block->y0 = opj_int_max(cblkystart, l_current_precinct->y0); l_code_block->x1 = opj_int_min(cblkxend, l_current_precinct->x1); l_code_block->y1 = opj_int_min(cblkyend, l_current_precinct->y1); if (! opj_tcd_code_block_enc_allocate_data(l_code_block)) { return OPJ_FALSE; } } else { opj_tcd_cblk_dec_t* l_code_block = l_current_precinct->cblks.dec + cblkno; if (! opj_tcd_code_block_dec_allocate(l_code_block)) { return OPJ_FALSE; } l_code_block->x0 = opj_int_max(cblkxstart, l_current_precinct->x0); l_code_block->y0 = opj_int_max(cblkystart, l_current_precinct->y0); l_code_block->x1 = opj_int_min(cblkxend, l_current_precinct->x1); l_code_block->y1 = opj_int_min(cblkyend, l_current_precinct->y1); } } ++l_current_precinct; } ++l_band; ++l_step_size; } ++l_res; } ++l_tccp; ++l_tilec; ++l_image_comp; } return OPJ_TRUE; }",visit repo url,src/lib/openjp2/tcd.c,https://github.com/uclouvain/openjpeg,105424903745869,1 4727,CWE-287,"int imap_open_connection(struct ImapAccountData *adata) { if (mutt_socket_open(adata->conn) < 0) return -1; adata->state = IMAP_CONNECTED; if (imap_cmd_step(adata) != IMAP_RES_OK) { imap_close_connection(adata); return -1; } if (mutt_istr_startswith(adata->buf, ""* OK"")) { if (!mutt_istr_startswith(adata->buf, ""* OK [CAPABILITY"") && check_capabilities(adata)) { goto bail; } #ifdef USE_SSL if ((adata->conn->ssf == 0) && (C_SslForceTls || (adata->capabilities & IMAP_CAP_STARTTLS))) { enum QuadOption ans; if (C_SslForceTls) ans = MUTT_YES; else if ((ans = query_quadoption(C_SslStarttls, _(""Secure connection with TLS?""))) == MUTT_ABORT) { goto err_close_conn; } if (ans == MUTT_YES) { enum ImapExecResult rc = imap_exec(adata, ""STARTTLS"", IMAP_CMD_SINGLE); mutt_socket_empty(adata->conn); if (rc == IMAP_EXEC_FATAL) goto bail; if (rc != IMAP_EXEC_ERROR) { if (mutt_ssl_starttls(adata->conn)) { mutt_error(_(""Could not negotiate TLS connection"")); goto err_close_conn; } else { if (imap_exec(adata, ""CAPABILITY"", IMAP_CMD_NO_FLAGS)) goto bail; } } } } if (C_SslForceTls && (adata->conn->ssf == 0)) { mutt_error(_(""Encrypted connection unavailable"")); goto err_close_conn; } #endif } else if (mutt_istr_startswith(adata->buf, ""* PREAUTH"")) { #ifdef USE_SSL if ((adata->conn->ssf == 0) && C_SslForceTls) { mutt_error(_(""Encrypted connection unavailable"")); goto err_close_conn; } #endif adata->state = IMAP_AUTHENTICATED; if (check_capabilities(adata) != 0) goto bail; FREE(&adata->capstr); } else { imap_error(""imap_open_connection()"", adata->buf); goto bail; } return 0; #ifdef USE_SSL err_close_conn: imap_close_connection(adata); #endif bail: FREE(&adata->capstr); return -1; }",visit repo url,imap/imap.c,https://github.com/neomutt/neomutt,111591152947075,1 4147,['CWE-399'],"static int handle_conflict(AvahiServer *s, AvahiInterface *i, AvahiRecord *record, int unique) { int valid = 1, ours = 0, conflict = 0, withdraw_immediately = 0; AvahiEntry *e, *n, *conflicting_entry = NULL; assert(s); assert(i); assert(record); for (e = avahi_hashmap_lookup(s->entries_by_key, record->key); e; e = n) { n = e->by_key_next; if (e->dead) continue; if (avahi_record_is_goodbye(record)) { if (avahi_record_equal_no_ttl(e->record, record)) { char *t; t = avahi_record_to_string(record); avahi_log_debug(""Received goodbye record for one of our records [%s]. Refreshing."", t); avahi_server_prepare_matching_responses(s, i, e->record->key, 0); valid = 0; avahi_free(t); break; } continue; } if (!(e->flags & AVAHI_PUBLISH_UNIQUE) && !unique) continue; if (avahi_record_equal_no_ttl(e->record, record)) { ours = 1; if (record->ttl <= e->record->ttl/2 && avahi_entry_is_registered(s, e, i)) { char *t; t = avahi_record_to_string(record); avahi_log_debug(""Received record with bad TTL [%s]. Refreshing."", t); avahi_server_prepare_matching_responses(s, i, e->record->key, 0); valid = 0; avahi_free(t); } break; } else { if (avahi_entry_is_registered(s, e, i)) { conflict = 1; conflicting_entry = e; } else if (avahi_entry_is_probing(s, e, i)) { conflict = 1; withdraw_immediately = 1; } } } if (!ours && conflict) { char *t; valid = 0; t = avahi_record_to_string(record); if (withdraw_immediately) { avahi_log_debug(""Received conflicting record [%s] with local record to be. Withdrawing."", t); withdraw_rrset(s, record->key); } else { assert(conflicting_entry); avahi_log_debug(""Received conflicting record [%s]. Resetting our record."", t); avahi_entry_return_to_initial_state(s, conflicting_entry, i); } avahi_free(t); } return valid; }",avahi,,,236874600117520362817649922108223573260,0 3959,CWE-284,"int socket_create(uint16_t port) { int sfd = -1; int yes = 1; #ifdef WIN32 WSADATA wsa_data; if (!wsa_init) { if (WSAStartup(MAKEWORD(2,2), &wsa_data) != ERROR_SUCCESS) { fprintf(stderr, ""WSAStartup failed!\n""); ExitProcess(-1); } wsa_init = 1; } #endif struct sockaddr_in saddr; if (0 > (sfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP))) { perror(""socket()""); return -1; } if (setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, (void*)&yes, sizeof(int)) == -1) { perror(""setsockopt()""); socket_close(sfd); return -1; } #ifdef SO_NOSIGPIPE if (setsockopt(sfd, SOL_SOCKET, SO_NOSIGPIPE, (void*)&yes, sizeof(int)) == -1) { perror(""setsockopt()""); socket_close(sfd); return -1; } #endif memset((void *) &saddr, 0, sizeof(saddr)); saddr.sin_family = AF_INET; saddr.sin_addr.s_addr = htonl(INADDR_ANY); saddr.sin_port = htons(port); if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) { perror(""bind()""); socket_close(sfd); return -1; } if (listen(sfd, 1) == -1) { perror(""listen()""); socket_close(sfd); return -1; } return sfd; }",visit repo url,common/socket.c,https://github.com/libimobiledevice/libusbmuxd,249297327299658,1 6179,['CWE-200'],"static struct mfc_cache *ipmr_mfc_seq_idx(struct ipmr_mfc_iter *it, loff_t pos) { struct mfc_cache *mfc; it->cache = mfc_cache_array; read_lock(&mrt_lock); for (it->ct = 0; it->ct < MFC_LINES; it->ct++) for(mfc = mfc_cache_array[it->ct]; mfc; mfc = mfc->next) if (pos-- == 0) return mfc; read_unlock(&mrt_lock); it->cache = &mfc_unres_queue; spin_lock_bh(&mfc_unres_lock); for(mfc = mfc_unres_queue; mfc; mfc = mfc->next) if (pos-- == 0) return mfc; spin_unlock_bh(&mfc_unres_lock); it->cache = NULL; return NULL; }",linux-2.6,,,121592434346259410760357054916422082138,0 4888,CWE-125,"static MagickBooleanType WriteTIFFImage(const ImageInfo *image_info, Image *image) { const char *mode, *option; CompressionType compression; EndianType endian_type; MagickBooleanType debug, status; MagickOffsetType scene; QuantumInfo *quantum_info; QuantumType quantum_type; register ssize_t i; size_t imageListLength; ssize_t y; TIFF *tiff; TIFFInfo tiff_info; uint16 bits_per_sample, compress_tag, endian, photometric, predictor; unsigned char *pixels; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(image != (Image *) NULL); assert(image->signature == MagickCoreSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); status=OpenBlob(image_info,image,WriteBinaryBlobMode,&image->exception); if (status == MagickFalse) return(status); (void) SetMagickThreadValue(tiff_exception,&image->exception); endian_type=UndefinedEndian; option=GetImageOption(image_info,""tiff:endian""); if (option != (const char *) NULL) { if (LocaleNCompare(option,""msb"",3) == 0) endian_type=MSBEndian; if (LocaleNCompare(option,""lsb"",3) == 0) endian_type=LSBEndian;; } switch (endian_type) { case LSBEndian: mode=""wl""; break; case MSBEndian: mode=""wb""; break; default: mode=""w""; break; } #if defined(TIFF_VERSION_BIG) if (LocaleCompare(image_info->magick,""TIFF64"") == 0) switch (endian_type) { case LSBEndian: mode=""wl8""; break; case MSBEndian: mode=""wb8""; break; default: mode=""w8""; break; } #endif tiff=TIFFClientOpen(image->filename,mode,(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) return(MagickFalse); if (image->exception.severity > ErrorException) { TIFFClose(tiff); return(MagickFalse); } (void) DeleteImageProfile(image,""tiff:37724""); scene=0; debug=IsEventLogging(); (void) debug; imageListLength=GetImageListLength(image); do { if ((image_info->type != UndefinedType) && (image_info->type != OptimizeType)) (void) SetImageType(image,image_info->type); compression=UndefinedCompression; if (image->compression != JPEGCompression) compression=image->compression; if (image_info->compression != UndefinedCompression) compression=image_info->compression; switch (compression) { case FaxCompression: case Group4Compression: { (void) SetImageType(image,BilevelType); (void) SetImageDepth(image,1); break; } case JPEGCompression: { (void) SetImageStorageClass(image,DirectClass); (void) SetImageDepth(image,8); break; } default: break; } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); if ((image->storage_class != PseudoClass) && (image->depth >= 32) && (quantum_info->format == UndefinedQuantumFormat) && (IsHighDynamicRangeImage(image,&image->exception) != MagickFalse)) { status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) { quantum_info=DestroyQuantumInfo(quantum_info); ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); } } if ((LocaleCompare(image_info->magick,""PTIF"") == 0) && (GetPreviousImageInList(image) != (Image *) NULL)) (void) TIFFSetField(tiff,TIFFTAG_SUBFILETYPE,FILETYPE_REDUCEDIMAGE); if ((image->columns != (uint32) image->columns) || (image->rows != (uint32) image->rows)) ThrowWriterException(ImageError,""WidthOrHeightExceedsLimit""); (void) TIFFSetField(tiff,TIFFTAG_IMAGELENGTH,(uint32) image->rows); (void) TIFFSetField(tiff,TIFFTAG_IMAGEWIDTH,(uint32) image->columns); switch (compression) { case FaxCompression: { compress_tag=COMPRESSION_CCITTFAX3; option=GetImageOption(image_info,""quantum:polarity""); if (option == (const char *) NULL) SetQuantumMinIsWhite(quantum_info,MagickTrue); break; } case Group4Compression: { compress_tag=COMPRESSION_CCITTFAX4; option=GetImageOption(image_info,""quantum:polarity""); if (option == (const char *) NULL) SetQuantumMinIsWhite(quantum_info,MagickTrue); break; } #if defined(COMPRESSION_JBIG) case JBIG1Compression: { compress_tag=COMPRESSION_JBIG; break; } #endif case JPEGCompression: { compress_tag=COMPRESSION_JPEG; break; } #if defined(COMPRESSION_LZMA) case LZMACompression: { compress_tag=COMPRESSION_LZMA; break; } #endif case LZWCompression: { compress_tag=COMPRESSION_LZW; break; } case RLECompression: { compress_tag=COMPRESSION_PACKBITS; break; } #if defined(COMPRESSION_WEBP) case WebPCompression: { compress_tag=COMPRESSION_WEBP; break; } #endif case ZipCompression: { compress_tag=COMPRESSION_ADOBE_DEFLATE; break; } #if defined(COMPRESSION_ZSTD) case ZstdCompression: { compress_tag=COMPRESSION_ZSTD; break; } #endif case NoCompression: default: { compress_tag=COMPRESSION_NONE; break; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { (void) ThrowMagickException(&image->exception,GetMagickModule(), CoderError,""CompressionNotSupported"",""`%s'"",CommandOptionToMnemonic( MagickCompressOptions,(ssize_t) compression)); compress_tag=COMPRESSION_NONE; } #else switch (compress_tag) { #if defined(CCITT_SUPPORT) case COMPRESSION_CCITTFAX3: case COMPRESSION_CCITTFAX4: #endif #if defined(YCBCR_SUPPORT) && defined(JPEG_SUPPORT) case COMPRESSION_JPEG: #endif #if defined(LZMA_SUPPORT) && defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: #endif #if defined(LZW_SUPPORT) case COMPRESSION_LZW: #endif #if defined(PACKBITS_SUPPORT) case COMPRESSION_PACKBITS: #endif #if defined(ZIP_SUPPORT) case COMPRESSION_ADOBE_DEFLATE: #endif case COMPRESSION_NONE: break; default: { (void) ThrowMagickException(&image->exception,GetMagickModule(), CoderError,""CompressionNotSupported"",""`%s'"",CommandOptionToMnemonic( MagickCompressOptions,(ssize_t) compression)); compress_tag=COMPRESSION_NONE; break; } } #endif if (image->colorspace == CMYKColorspace) { photometric=PHOTOMETRIC_SEPARATED; (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,4); (void) TIFFSetField(tiff,TIFFTAG_INKSET,INKSET_CMYK); } else { if (image->colorspace == LabColorspace) { photometric=PHOTOMETRIC_CIELAB; EncodeLabImage(image,&image->exception); } else if (image->colorspace == YCbCrColorspace) { photometric=PHOTOMETRIC_YCBCR; (void) TIFFSetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,1,1); (void) SetImageStorageClass(image,DirectClass); (void) SetImageDepth(image,8); } else photometric=PHOTOMETRIC_RGB; (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,3); if ((image_info->type != TrueColorType) && (image_info->type != TrueColorMatteType)) { if ((image_info->type != PaletteType) && (SetImageGray(image,&image->exception) != MagickFalse)) { photometric=(uint16) (quantum_info->min_is_white != MagickFalse ? PHOTOMETRIC_MINISWHITE : PHOTOMETRIC_MINISBLACK); (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,1); if ((image->depth == 1) && (image->matte == MagickFalse)) SetImageMonochrome(image,&image->exception); } else if (image->storage_class == PseudoClass) { size_t depth; (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,1); photometric=PHOTOMETRIC_PALETTE; depth=1; while ((GetQuantumRange(depth)+1) < image->colors) depth<<=1; status=SetQuantumDepth(image,quantum_info,depth); if (status == MagickFalse) ThrowWriterException(ResourceLimitError, ""MemoryAllocationFailed""); } } } (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian); if ((compress_tag == COMPRESSION_CCITTFAX3) || (compress_tag == COMPRESSION_CCITTFAX4)) { if ((photometric != PHOTOMETRIC_MINISWHITE) && (photometric != PHOTOMETRIC_MINISBLACK)) { compress_tag=COMPRESSION_NONE; endian=FILLORDER_MSB2LSB; } } option=GetImageOption(image_info,""tiff:fill-order""); if (option != (const char *) NULL) { if (LocaleNCompare(option,""msb"",3) == 0) endian=FILLORDER_MSB2LSB; if (LocaleNCompare(option,""lsb"",3) == 0) endian=FILLORDER_LSB2MSB; } (void) TIFFSetField(tiff,TIFFTAG_COMPRESSION,compress_tag); (void) TIFFSetField(tiff,TIFFTAG_FILLORDER,endian); (void) TIFFSetField(tiff,TIFFTAG_BITSPERSAMPLE,quantum_info->depth); if (image->matte != MagickFalse) { uint16 extra_samples, sample_info[1], samples_per_pixel; extra_samples=1; sample_info[0]=EXTRASAMPLE_UNASSALPHA; option=GetImageOption(image_info,""tiff:alpha""); if (option != (const char *) NULL) { if (LocaleCompare(option,""associated"") == 0) sample_info[0]=EXTRASAMPLE_ASSOCALPHA; else if (LocaleCompare(option,""unspecified"") == 0) sample_info[0]=EXTRASAMPLE_UNSPECIFIED; } (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL, &samples_per_pixel); (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,samples_per_pixel+1); (void) TIFFSetField(tiff,TIFFTAG_EXTRASAMPLES,extra_samples, &sample_info); if (sample_info[0] == EXTRASAMPLE_ASSOCALPHA) SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); } (void) TIFFSetField(tiff,TIFFTAG_PHOTOMETRIC,photometric); switch (quantum_info->format) { case FloatingPointQuantumFormat: { (void) TIFFSetField(tiff,TIFFTAG_SAMPLEFORMAT,SAMPLEFORMAT_IEEEFP); (void) TIFFSetField(tiff,TIFFTAG_SMINSAMPLEVALUE,quantum_info->minimum); (void) TIFFSetField(tiff,TIFFTAG_SMAXSAMPLEVALUE,quantum_info->maximum); break; } case SignedQuantumFormat: { (void) TIFFSetField(tiff,TIFFTAG_SAMPLEFORMAT,SAMPLEFORMAT_INT); break; } case UnsignedQuantumFormat: { (void) TIFFSetField(tiff,TIFFTAG_SAMPLEFORMAT,SAMPLEFORMAT_UINT); break; } default: break; } (void) TIFFSetField(tiff,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG); if (photometric == PHOTOMETRIC_RGB) if ((image_info->interlace == PlaneInterlace) || (image_info->interlace == PartitionInterlace)) (void) TIFFSetField(tiff,TIFFTAG_PLANARCONFIG,PLANARCONFIG_SEPARATE); predictor=0; switch (compress_tag) { case COMPRESSION_JPEG: { #if defined(JPEG_SUPPORT) if (image_info->quality != UndefinedCompressionQuality) (void) TIFFSetField(tiff,TIFFTAG_JPEGQUALITY,image_info->quality); (void) TIFFSetField(tiff,TIFFTAG_JPEGCOLORMODE,JPEGCOLORMODE_RAW); if (IssRGBCompatibleColorspace(image->colorspace) != MagickFalse) { const char *value; (void) TIFFSetField(tiff,TIFFTAG_JPEGCOLORMODE,JPEGCOLORMODE_RGB); if (image->colorspace == YCbCrColorspace) { const char *sampling_factor; GeometryInfo geometry_info; MagickStatusType flags; sampling_factor=(const char *) NULL; value=GetImageProperty(image,""jpeg:sampling-factor""); if (value != (char *) NULL) { sampling_factor=value; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Input sampling-factors=%s"",sampling_factor); } if (image_info->sampling_factor != (char *) NULL) sampling_factor=image_info->sampling_factor; if (sampling_factor != (const char *) NULL) { flags=ParseGeometry(sampling_factor,&geometry_info); if ((flags & SigmaValue) == 0) geometry_info.sigma=geometry_info.rho; (void) TIFFSetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,(uint16) geometry_info.rho,(uint16) geometry_info.sigma); } } } (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE, &bits_per_sample); if (bits_per_sample == 12) (void) TIFFSetField(tiff,TIFFTAG_JPEGTABLESMODE,JPEGTABLESMODE_QUANT); #endif break; } case COMPRESSION_ADOBE_DEFLATE: { (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE, &bits_per_sample); if (((photometric == PHOTOMETRIC_RGB) || (photometric == PHOTOMETRIC_SEPARATED) || (photometric == PHOTOMETRIC_MINISBLACK)) && ((bits_per_sample == 8) || (bits_per_sample == 16))) predictor=PREDICTOR_HORIZONTAL; (void) TIFFSetField(tiff,TIFFTAG_ZIPQUALITY,(long) ( image_info->quality == UndefinedCompressionQuality ? 7 : MagickMin((ssize_t) image_info->quality/10,9))); break; } case COMPRESSION_CCITTFAX3: { (void) TIFFSetField(tiff,TIFFTAG_GROUP3OPTIONS,4); break; } case COMPRESSION_CCITTFAX4: break; #if defined(LZMA_SUPPORT) && defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: { if (((photometric == PHOTOMETRIC_RGB) || (photometric == PHOTOMETRIC_SEPARATED) || (photometric == PHOTOMETRIC_MINISBLACK)) && ((bits_per_sample == 8) || (bits_per_sample == 16))) predictor=PREDICTOR_HORIZONTAL; (void) TIFFSetField(tiff,TIFFTAG_LZMAPRESET,(long) ( image_info->quality == UndefinedCompressionQuality ? 7 : MagickMin((ssize_t) image_info->quality/10,9))); break; } #endif case COMPRESSION_LZW: { (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE, &bits_per_sample); if (((photometric == PHOTOMETRIC_RGB) || (photometric == PHOTOMETRIC_SEPARATED) || (photometric == PHOTOMETRIC_MINISBLACK)) && ((bits_per_sample == 8) || (bits_per_sample == 16))) predictor=PREDICTOR_HORIZONTAL; break; } #if defined(WEBP_SUPPORT) && defined(COMPRESSION_WEBP) case COMPRESSION_WEBP: { (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE, &bits_per_sample); if (((photometric == PHOTOMETRIC_RGB) || (photometric == PHOTOMETRIC_SEPARATED) || (photometric == PHOTOMETRIC_MINISBLACK)) && ((bits_per_sample == 8) || (bits_per_sample == 16))) predictor=PREDICTOR_HORIZONTAL; (void) TIFFSetField(tiff,TIFFTAG_WEBP_LEVEL,mage_info->quality); if (image_info->quality >= 100) (void) TIFFSetField(tiff,TIFFTAG_WEBP_LOSSLESS,1); break; } #endif #if defined(ZSTD_SUPPORT) && defined(COMPRESSION_ZSTD) case COMPRESSION_ZSTD: { (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE, &bits_per_sample); if (((photometric == PHOTOMETRIC_RGB) || (photometric == PHOTOMETRIC_SEPARATED) || (photometric == PHOTOMETRIC_MINISBLACK)) && ((bits_per_sample == 8) || (bits_per_sample == 16))) predictor=PREDICTOR_HORIZONTAL; (void) TIFFSetField(tiff,TIFFTAG_ZSTD_LEVEL,22*image_info->quality/ 100.0); break; } #endif default: break; } option=GetImageOption(image_info,""tiff:predictor""); if (option != (const char * ) NULL) predictor=(size_t) strtol(option,(char **) NULL,10); if (predictor != 0) (void) TIFFSetField(tiff,TIFFTAG_PREDICTOR,predictor); if ((image->x_resolution != 0.0) && (image->y_resolution != 0.0)) { unsigned short units; units=RESUNIT_NONE; if (image->units == PixelsPerInchResolution) units=RESUNIT_INCH; if (image->units == PixelsPerCentimeterResolution) units=RESUNIT_CENTIMETER; (void) TIFFSetField(tiff,TIFFTAG_RESOLUTIONUNIT,(uint16) units); (void) TIFFSetField(tiff,TIFFTAG_XRESOLUTION,image->x_resolution); (void) TIFFSetField(tiff,TIFFTAG_YRESOLUTION,image->y_resolution); if ((image->page.x < 0) || (image->page.y < 0)) (void) ThrowMagickException(&image->exception,GetMagickModule(), CoderError,""TIFF: negative image positions unsupported"",""%s"", image->filename); if ((image->page.x > 0) && (image->x_resolution > 0.0)) { (void) TIFFSetField(tiff,TIFFTAG_XPOSITION,(float) image->page.x/ image->x_resolution); } if ((image->page.y > 0) && (image->y_resolution > 0.0)) { (void) TIFFSetField(tiff,TIFFTAG_YPOSITION,(float) image->page.y/ image->y_resolution); } } if (image->chromaticity.white_point.x != 0.0) { float chromaticity[6]; chromaticity[0]=(float) image->chromaticity.red_primary.x; chromaticity[1]=(float) image->chromaticity.red_primary.y; chromaticity[2]=(float) image->chromaticity.green_primary.x; chromaticity[3]=(float) image->chromaticity.green_primary.y; chromaticity[4]=(float) image->chromaticity.blue_primary.x; chromaticity[5]=(float) image->chromaticity.blue_primary.y; (void) TIFFSetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,chromaticity); chromaticity[0]=(float) image->chromaticity.white_point.x; chromaticity[1]=(float) image->chromaticity.white_point.y; (void) TIFFSetField(tiff,TIFFTAG_WHITEPOINT,chromaticity); } if ((LocaleCompare(image_info->magick,""PTIF"") != 0) && (image_info->adjoin != MagickFalse) && (imageListLength > 1)) { (void) TIFFSetField(tiff,TIFFTAG_SUBFILETYPE,FILETYPE_PAGE); if (image->scene != 0) (void) TIFFSetField(tiff,TIFFTAG_PAGENUMBER,(uint16) image->scene, imageListLength); } if (image->orientation != UndefinedOrientation) (void) TIFFSetField(tiff,TIFFTAG_ORIENTATION,(uint16) image->orientation); else (void) TIFFSetField(tiff,TIFFTAG_ORIENTATION,ORIENTATION_TOPLEFT); (void) TIFFSetProfiles(tiff,image); { uint16 page, pages; page=(uint16) scene; pages=(uint16) imageListLength; if ((LocaleCompare(image_info->magick,""PTIF"") != 0) && (image_info->adjoin != MagickFalse) && (pages > 1)) (void) TIFFSetField(tiff,TIFFTAG_SUBFILETYPE,FILETYPE_PAGE); (void) TIFFSetField(tiff,TIFFTAG_PAGENUMBER,page,pages); } (void) TIFFSetProperties(tiff,image_info,image); DisableMSCWarning(4127) if (0) RestoreMSCWarning (void) TIFFSetEXIFProperties(tiff,image); if (GetTIFFInfo(image_info,tiff,&tiff_info) == MagickFalse) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); quantum_info->endian=LSBEndian; pixels=GetQuantumPixels(quantum_info); tiff_info.scanline=GetQuantumPixels(quantum_info); switch (photometric) { case PHOTOMETRIC_CIELAB: case PHOTOMETRIC_YCBCR: case PHOTOMETRIC_RGB: { switch (image_info->interlace) { case NoInterlace: default: { quantum_type=RGBQuantum; if (image->matte != MagickFalse) quantum_type=RGBAQuantum; for (y=0; y < (ssize_t) image->rows; y++) { register const PixelPacket *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception); if (p == (const PixelPacket *) NULL) break; (void) ExportQuantumPixels(image,(const CacheView *) NULL, quantum_info,quantum_type,pixels,&image->exception); if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y,image->rows); if (status == MagickFalse) break; } } break; } case PlaneInterlace: case PartitionInterlace: { for (y=0; y < (ssize_t) image->rows; y++) { register const PixelPacket *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception); if (p == (const PixelPacket *) NULL) break; (void) ExportQuantumPixels(image,(const CacheView *) NULL, quantum_info,RedQuantum,pixels,&image->exception); if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,100,400); if (status == MagickFalse) break; } for (y=0; y < (ssize_t) image->rows; y++) { register const PixelPacket *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception); if (p == (const PixelPacket *) NULL) break; (void) ExportQuantumPixels(image,(const CacheView *) NULL, quantum_info,GreenQuantum,pixels,&image->exception); if (TIFFWritePixels(tiff,&tiff_info,y,1,image) == -1) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,200,400); if (status == MagickFalse) break; } for (y=0; y < (ssize_t) image->rows; y++) { register const PixelPacket *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception); if (p == (const PixelPacket *) NULL) break; (void) ExportQuantumPixels(image,(const CacheView *) NULL, quantum_info,BlueQuantum,pixels,&image->exception); if (TIFFWritePixels(tiff,&tiff_info,y,2,image) == -1) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,300,400); if (status == MagickFalse) break; } if (image->matte != MagickFalse) for (y=0; y < (ssize_t) image->rows; y++) { register const PixelPacket *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1, &image->exception); if (p == (const PixelPacket *) NULL) break; (void) ExportQuantumPixels(image,(const CacheView *) NULL, quantum_info,AlphaQuantum,pixels,&image->exception); if (TIFFWritePixels(tiff,&tiff_info,y,3,image) == -1) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,400,400); if (status == MagickFalse) break; } break; } } break; } case PHOTOMETRIC_SEPARATED: { quantum_type=CMYKQuantum; if (image->matte != MagickFalse) quantum_type=CMYKAQuantum; if (image->colorspace != CMYKColorspace) (void) TransformImageColorspace(image,CMYKColorspace); for (y=0; y < (ssize_t) image->rows; y++) { register const PixelPacket *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception); if (p == (const PixelPacket *) NULL) break; (void) ExportQuantumPixels(image,(const CacheView *) NULL, quantum_info,quantum_type,pixels,&image->exception); if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case PHOTOMETRIC_PALETTE: { uint16 *blue, *green, *red; red=(uint16 *) AcquireQuantumMemory(65536,sizeof(*red)); green=(uint16 *) AcquireQuantumMemory(65536,sizeof(*green)); blue=(uint16 *) AcquireQuantumMemory(65536,sizeof(*blue)); if ((red == (uint16 *) NULL) || (green == (uint16 *) NULL) || (blue == (uint16 *) NULL)) { if (red != (uint16 *) NULL) red=(uint16 *) RelinquishMagickMemory(red); if (green != (uint16 *) NULL) green=(uint16 *) RelinquishMagickMemory(green); if (blue != (uint16 *) NULL) blue=(uint16 *) RelinquishMagickMemory(blue); ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); } (void) memset(red,0,65536*sizeof(*red)); (void) memset(green,0,65536*sizeof(*green)); (void) memset(blue,0,65536*sizeof(*blue)); for (i=0; i < (ssize_t) image->colors; i++) { red[i]=ScaleQuantumToShort(image->colormap[i].red); green[i]=ScaleQuantumToShort(image->colormap[i].green); blue[i]=ScaleQuantumToShort(image->colormap[i].blue); } (void) TIFFSetField(tiff,TIFFTAG_COLORMAP,red,green,blue); red=(uint16 *) RelinquishMagickMemory(red); green=(uint16 *) RelinquishMagickMemory(green); blue=(uint16 *) RelinquishMagickMemory(blue); } default: { quantum_type=IndexQuantum; if (image->matte != MagickFalse) { if (photometric != PHOTOMETRIC_PALETTE) quantum_type=GrayAlphaQuantum; else quantum_type=IndexAlphaQuantum; } else if (photometric != PHOTOMETRIC_PALETTE) quantum_type=GrayQuantum; for (y=0; y < (ssize_t) image->rows; y++) { register const PixelPacket *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception); if (p == (const PixelPacket *) NULL) break; (void) ExportQuantumPixels(image,(const CacheView *) NULL, quantum_info,quantum_type,pixels,&image->exception); if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } } quantum_info=DestroyQuantumInfo(quantum_info); if (image->colorspace == LabColorspace) DecodeLabImage(image,&image->exception); DestroyTIFFInfo(&tiff_info); if (image->exception.severity > ErrorException) break; DisableMSCWarning(4127) if (0 && (image_info->verbose != MagickFalse)) RestoreMSCWarning TIFFPrintDirectory(tiff,stdout,MagickFalse); (void) TIFFWriteDirectory(tiff); image=SyncNextImageInList(image); if (image == (Image *) NULL) break; status=SetImageProgress(image,SaveImagesTag,scene++,imageListLength); if (status == MagickFalse) break; } while (image_info->adjoin != MagickFalse); TIFFClose(tiff); return(image->exception.severity > ErrorException ? MagickFalse : MagickTrue); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick6,256950674026435,1 1024,['CWE-20'],"void kernel_halt(void) { kernel_shutdown_prepare(SYSTEM_HALT); printk(KERN_EMERG ""System halted.\n""); machine_halt(); }",linux-2.6,,,328750970307150759934422353150538113346,0 3019,CWE-415,"BGD_DECLARE(void) gdImageWebp (gdImagePtr im, FILE * outFile) { gdIOCtx *out = gdNewFileCtx(outFile); if (out == NULL) { return; } gdImageWebpCtx(im, out, -1); out->gd_free(out); }",visit repo url,src/gd_webp.c,https://github.com/libgd/libgd,85470058367251,1 1069,CWE-189,"jiffies_to_timespec(const unsigned long jiffies, struct timespec *value) { u64 nsec = (u64)jiffies * TICK_NSEC; value->tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &value->tv_nsec); }",visit repo url,kernel/time.c,https://github.com/torvalds/linux,254288283106945,1 4508,['CWE-20'],"static int setup_new_group_blocks(struct super_block *sb, struct ext4_new_group_data *input) { struct ext4_sb_info *sbi = EXT4_SB(sb); ext4_fsblk_t start = ext4_group_first_block_no(sb, input->group); int reserved_gdb = ext4_bg_has_super(sb, input->group) ? le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) : 0; unsigned long gdblocks = ext4_bg_num_gdb(sb, input->group); struct buffer_head *bh; handle_t *handle; ext4_fsblk_t block; ext4_grpblk_t bit; int i; int err = 0, err2; handle = ext4_journal_start_sb(sb, EXT4_MAX_TRANS_DATA); if (IS_ERR(handle)) return PTR_ERR(handle); lock_super(sb); if (input->group != sbi->s_groups_count) { err = -EBUSY; goto exit_journal; } if (IS_ERR(bh = bclean(handle, sb, input->block_bitmap))) { err = PTR_ERR(bh); goto exit_journal; } if (ext4_bg_has_super(sb, input->group)) { ext4_debug(""mark backup superblock %#04llx (+0)\n"", start); ext4_set_bit(0, bh->b_data); } for (i = 0, bit = 1, block = start + 1; i < gdblocks; i++, block++, bit++) { struct buffer_head *gdb; ext4_debug(""update backup group %#04llx (+%d)\n"", block, bit); if ((err = extend_or_restart_transaction(handle, 1, bh))) goto exit_bh; gdb = sb_getblk(sb, block); if (!gdb) { err = -EIO; goto exit_bh; } if ((err = ext4_journal_get_write_access(handle, gdb))) { brelse(gdb); goto exit_bh; } lock_buffer(gdb); memcpy(gdb->b_data, sbi->s_group_desc[i]->b_data, gdb->b_size); set_buffer_uptodate(gdb); unlock_buffer(gdb); ext4_handle_dirty_metadata(handle, NULL, gdb); ext4_set_bit(bit, bh->b_data); brelse(gdb); } for (i = 0, bit = gdblocks + 1, block = start + bit; i < reserved_gdb; i++, block++, bit++) { struct buffer_head *gdb; ext4_debug(""clear reserved block %#04llx (+%d)\n"", block, bit); if ((err = extend_or_restart_transaction(handle, 1, bh))) goto exit_bh; if (IS_ERR(gdb = bclean(handle, sb, block))) { err = PTR_ERR(bh); goto exit_bh; } ext4_handle_dirty_metadata(handle, NULL, gdb); ext4_set_bit(bit, bh->b_data); brelse(gdb); } ext4_debug(""mark block bitmap %#04llx (+%llu)\n"", input->block_bitmap, input->block_bitmap - start); ext4_set_bit(input->block_bitmap - start, bh->b_data); ext4_debug(""mark inode bitmap %#04llx (+%llu)\n"", input->inode_bitmap, input->inode_bitmap - start); ext4_set_bit(input->inode_bitmap - start, bh->b_data); for (i = 0, block = input->inode_table, bit = block - start; i < sbi->s_itb_per_group; i++, bit++, block++) { struct buffer_head *it; ext4_debug(""clear inode block %#04llx (+%d)\n"", block, bit); if ((err = extend_or_restart_transaction(handle, 1, bh))) goto exit_bh; if (IS_ERR(it = bclean(handle, sb, block))) { err = PTR_ERR(it); goto exit_bh; } ext4_handle_dirty_metadata(handle, NULL, it); brelse(it); ext4_set_bit(bit, bh->b_data); } if ((err = extend_or_restart_transaction(handle, 2, bh))) goto exit_bh; mark_bitmap_end(input->blocks_count, sb->s_blocksize * 8, bh->b_data); ext4_handle_dirty_metadata(handle, NULL, bh); brelse(bh); ext4_debug(""clear inode bitmap %#04llx (+%llu)\n"", input->inode_bitmap, input->inode_bitmap - start); if (IS_ERR(bh = bclean(handle, sb, input->inode_bitmap))) { err = PTR_ERR(bh); goto exit_journal; } mark_bitmap_end(EXT4_INODES_PER_GROUP(sb), sb->s_blocksize * 8, bh->b_data); ext4_handle_dirty_metadata(handle, NULL, bh); exit_bh: brelse(bh); exit_journal: unlock_super(sb); if ((err2 = ext4_journal_stop(handle)) && !err) err = err2; return err; }",linux-2.6,,,270094313103328522278874993323389670020,0 935,['CWE-200'],"static size_t shmem_xattr_security_list(struct inode *inode, char *list, size_t list_len, const char *name, size_t name_len) { return security_inode_listsecurity(inode, list, list_len); }",linux-2.6,,,51021725159487747921367756795087239988,0 5216,['CWE-20'],"static void vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg) { struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; u32 ar; if (vcpu->arch.rmode.active && seg == VCPU_SREG_TR) { vcpu->arch.rmode.tr.selector = var->selector; vcpu->arch.rmode.tr.base = var->base; vcpu->arch.rmode.tr.limit = var->limit; vcpu->arch.rmode.tr.ar = vmx_segment_access_rights(var); return; } vmcs_writel(sf->base, var->base); vmcs_write32(sf->limit, var->limit); vmcs_write16(sf->selector, var->selector); if (vcpu->arch.rmode.active && var->s) { if (var->base == 0xffff0000 && var->selector == 0xf000) vmcs_writel(sf->base, 0xf0000); ar = 0xf3; } else ar = vmx_segment_access_rights(var); vmcs_write32(sf->ar_bytes, ar); }",linux-2.6,,,332571229957481108754579713153944371725,0 408,[],"pfm_stop(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { struct pt_regs *tregs; struct task_struct *task = PFM_CTX_TASK(ctx); int state, is_system; state = ctx->ctx_state; is_system = ctx->ctx_fl_system; if (state == PFM_CTX_UNLOADED) return -EINVAL; if (is_system && ctx->ctx_cpu != smp_processor_id()) { DPRINT((""should be running on CPU%d\n"", ctx->ctx_cpu)); return -EBUSY; } DPRINT((""task [%d] ctx_state=%d is_system=%d\n"", PFM_CTX_TASK(ctx)->pid, state, is_system)); if (is_system) { ia64_setreg(_IA64_REG_CR_DCR, ia64_getreg(_IA64_REG_CR_DCR) & ~IA64_DCR_PP); ia64_srlz_i(); PFM_CPUINFO_CLEAR(PFM_CPUINFO_DCR_PP); pfm_clear_psr_pp(); ia64_psr(regs)->pp = 0; return 0; } if (task == current) { pfm_clear_psr_up(); ia64_psr(regs)->up = 0; } else { tregs = task_pt_regs(task); ia64_psr(tregs)->up = 0; ctx->ctx_saved_psr_up = 0; DPRINT((""task=[%d]\n"", task->pid)); } return 0; }",linux-2.6,,,139250890971695175377509755803586789304,0 40,CWE-763,"spnego_gss_inquire_sec_context_by_oid( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID desired_object, gss_buffer_set_t *data_set) { OM_uint32 ret; ret = gss_inquire_sec_context_by_oid(minor_status, context_handle, desired_object, data_set); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,226548802860615,1 6268,CWE-327,"static int pad_pkcs1(bn_t m, int *p_len, int m_len, int k_len, int operation) { uint8_t *id, pad = 0; int len, result = RLC_OK; bn_t t; bn_null(t); RLC_TRY { bn_new(t); switch (operation) { case RSA_ENC: bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PUB); *p_len = k_len - 3 - m_len; for (int i = 0; i < *p_len; i++) { bn_lsh(m, m, 8); do { rand_bytes(&pad, 1); } while (pad == 0); bn_add_dig(m, m, pad); } bn_lsh(m, m, 8); bn_add_dig(m, m, 0); bn_lsh(m, m, m_len * 8); break; case RSA_DEC: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } *p_len = m_len; m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; if (pad != RSA_PUB) { result = RLC_ERR; } do { m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad != 0 && m_len > 0); *p_len -= (m_len - 1); bn_mod_2b(m, m, (k_len - *p_len) * 8); break; case RSA_SIG: id = hash_id(MD_MAP, &len); bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PRV); *p_len = k_len - 3 - m_len - len; for (int i = 0; i < *p_len; i++) { bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PAD); } bn_lsh(m, m, 8); bn_add_dig(m, m, 0); bn_lsh(m, m, 8 * len); bn_read_bin(t, id, len); bn_add(m, m, t); bn_lsh(m, m, m_len * 8); break; case RSA_SIG_HASH: bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PRV); *p_len = k_len - 3 - m_len; for (int i = 0; i < *p_len; i++) { bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PAD); } bn_lsh(m, m, 8); bn_add_dig(m, m, 0); bn_lsh(m, m, m_len * 8); break; case RSA_VER: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; if (pad != RSA_PRV) { result = RLC_ERR; } do { m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad != 0 && m_len > 0); if (m_len == 0) { result = RLC_ERR; } id = hash_id(MD_MAP, &len); m_len -= len; bn_rsh(t, m, m_len * 8); int r = 0; for (int i = 0; i < len; i++) { pad = (uint8_t)t->dp[0]; r |= pad - id[len - i - 1]; bn_rsh(t, t, 8); } *p_len = k_len - m_len; bn_mod_2b(m, m, m_len * 8); result = (r == 0 ? RLC_OK : RLC_ERR); break; case RSA_VER_HASH: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; if (pad != RSA_PRV) { result = RLC_ERR; } do { m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad != 0 && m_len > 0); if (m_len == 0) { result = RLC_ERR; } *p_len = k_len - m_len; bn_mod_2b(m, m, m_len * 8); break; } } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(t); } return result; }",visit repo url,src/cp/relic_cp_rsa.c,https://github.com/relic-toolkit/relic,215678258689758,1 1170,['CWE-189'],"void hrtimer_run_queues(void) { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); int i; if (hrtimer_hres_active()) return; if (tick_check_oneshot_change(!hrtimer_is_hres_enabled())) if (hrtimer_switch_to_hres()) return; hrtimer_get_softirq_time(cpu_base); for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++) run_hrtimer_queue(cpu_base, i); }",linux-2.6,,,148746748526124865188076041887528425553,0 3636,CWE-193,"char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) { static const struct { const char *suffix; usec_t usec; } table[] = { { ""y"", USEC_PER_YEAR }, { ""month"", USEC_PER_MONTH }, { ""w"", USEC_PER_WEEK }, { ""d"", USEC_PER_DAY }, { ""h"", USEC_PER_HOUR }, { ""min"", USEC_PER_MINUTE }, { ""s"", USEC_PER_SEC }, { ""ms"", USEC_PER_MSEC }, { ""us"", 1 }, }; char *p = buf; bool something = false; assert(buf); assert(l > 0); if (t == USEC_INFINITY) { strncpy(p, ""infinity"", l-1); p[l-1] = 0; return p; } if (t <= 0) { strncpy(p, ""0"", l-1); p[l-1] = 0; return p; } for (size_t i = 0; i < ELEMENTSOF(table); i++) { int k = 0; size_t n; bool done = false; usec_t a, b; if (t <= 0) break; if (t < accuracy && something) break; if (t < table[i].usec) continue; if (l <= 1) break; a = t / table[i].usec; b = t % table[i].usec; if (t < USEC_PER_MINUTE && b > 0) { signed char j = 0; for (usec_t cc = table[i].usec; cc > 1; cc /= 10) j++; for (usec_t cc = accuracy; cc > 1; cc /= 10) { b /= 10; j--; } if (j > 0) { k = snprintf(p, l, ""%s""USEC_FMT"".%0*""PRI_USEC""%s"", p > buf ? "" "" : """", a, j, b, table[i].suffix); t = 0; done = true; } } if (!done) { k = snprintf(p, l, ""%s""USEC_FMT""%s"", p > buf ? "" "" : """", a, table[i].suffix); t = b; } n = MIN((size_t) k, l); l -= n; p += n; something = true; } *p = 0; return buf; }",visit repo url,src/basic/time-util.c,https://github.com/systemd/systemd,24666936652056,1 6361,CWE-476,"image_load_jpeg(image_t *img, FILE *fp, int gray, int load_data) { struct jpeg_decompress_struct cinfo; struct jpeg_error_mgr jerr; JSAMPROW row; jpeg_std_error(&jerr); jerr.error_exit = jpeg_error_handler; cinfo.err = &jerr; jpeg_create_decompress(&cinfo); jpeg_stdio_src(&cinfo, fp); jpeg_read_header(&cinfo, (boolean)1); cinfo.quantize_colors = FALSE; if (gray || cinfo.num_components == 1) { cinfo.out_color_space = JCS_GRAYSCALE; cinfo.out_color_components = 1; cinfo.output_components = 1; } else if (cinfo.num_components != 3) { jpeg_destroy_decompress(&cinfo); progress_error(HD_ERROR_BAD_FORMAT, ""CMYK JPEG files are not supported! (%s)"", file_rlookup(img->filename)); return (-1); } else { cinfo.out_color_space = JCS_RGB; cinfo.out_color_components = 3; cinfo.output_components = 3; } jpeg_calc_output_dimensions(&cinfo); img->width = (int)cinfo.output_width; img->height = (int)cinfo.output_height; img->depth = (int)cinfo.output_components; if (!load_data) { jpeg_destroy_decompress(&cinfo); return (0); } img->pixels = (uchar *)malloc((size_t)(img->width * img->height * img->depth)); if (img->pixels == NULL) { jpeg_destroy_decompress(&cinfo); return (-1); } jpeg_start_decompress(&cinfo); while (cinfo.output_scanline < cinfo.output_height) { row = (JSAMPROW)(img->pixels + (size_t)cinfo.output_scanline * (size_t)cinfo.output_width * (size_t)cinfo.output_components); jpeg_read_scanlines(&cinfo, &row, (JDIMENSION)1); } jpeg_finish_decompress(&cinfo); jpeg_destroy_decompress(&cinfo); return (0); }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,201385466453759,1 2794,['CWE-264'],"int __init sbni_probe(int unit) { struct net_device *dev; static unsigned version_printed __initdata = 0; int err; dev = alloc_netdev(sizeof(struct net_local), ""sbni"", sbni_devsetup); if (!dev) return -ENOMEM; sprintf(dev->name, ""sbni%d"", unit); netdev_boot_setup_check(dev); err = sbni_init(dev); if (err) { free_netdev(dev); return err; } err = register_netdev(dev); if (err) { release_region( dev->base_addr, SBNI_IO_EXTENT ); free_netdev(dev); return err; } if( version_printed++ == 0 ) printk( KERN_INFO ""%s"", version ); return 0; }",linux-2.6,,,134865134009037356775699546668150350259,0 2486,['CWE-119'],"static int check_removed(const struct cache_entry *ce, struct stat *st) { if (lstat(ce->name, st) < 0) { if (errno != ENOENT && errno != ENOTDIR) return -1; return 1; } if (has_symlink_leading_path(ce_namelen(ce), ce->name)) return 1; if (S_ISDIR(st->st_mode)) { unsigned char sub[20]; if (!S_ISGITLINK(ce->ce_mode) && resolve_gitlink_ref(ce->name, ""HEAD"", sub)) return 1; } return 0; }",git,,,272347872715940282844315249630191848887,0 3227,CWE-119,"bittok2str_internal(register const struct tok *lp, register const char *fmt, register u_int v, const char *sep) { static char buf[256]; int buflen=0; register u_int rotbit; register u_int tokval; const char * sepstr = """"; while (lp != NULL && lp->s != NULL) { tokval=lp->v; rotbit=1; while (rotbit != 0) { if (tokval == (v&rotbit)) { buflen+=snprintf(buf+buflen, sizeof(buf)-buflen, ""%s%s"", sepstr, lp->s); sepstr = sep; break; } rotbit=rotbit<<1; } lp++; } if (buflen == 0) (void)snprintf(buf, sizeof(buf), fmt == NULL ? ""#%08x"" : fmt, v); return (buf); }",visit repo url,util-print.c,https://github.com/the-tcpdump-group/tcpdump,233889005732349,1 3942,['CWE-362'],"static inline void put_inotify_watch(struct inotify_watch *watch) { }",linux-2.6,,,215332688192270666989367497591234991366,0 3128,CWE-59,"rs_filter_graph(RSFilter *filter) { g_return_if_fail(RS_IS_FILTER(filter)); GString *str = g_string_new(""digraph G {\n""); rs_filter_graph_helper(str, filter); g_string_append_printf(str, ""}\n""); g_file_set_contents(""/tmp/rs-filter-graph"", str->str, str->len, NULL); if (0 != system(""dot -Tpng >/tmp/rs-filter-graph.png = 0; i--) { ed_dbl(r, r); if (jsf[i] != 0 && jsf[i] == -jsf[i + offset]) { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { ed_sub(r, r, t[4]); } else { ed_add(r, r, t[4]); } } else { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { ed_sub(r, r, t[-u_i]); } else { ed_add(r, r, t[u_i]); } } } ed_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < 5; i++) { ed_free(t[i]); } } }",visit repo url,src/ed/relic_ed_mul_sim.c,https://github.com/relic-toolkit/relic,3444124679207,1 1548,CWE-362,"static int sctp_init_sock(struct sock *sk) { struct net *net = sock_net(sk); struct sctp_sock *sp; pr_debug(""%s: sk:%p\n"", __func__, sk); sp = sctp_sk(sk); switch (sk->sk_type) { case SOCK_SEQPACKET: sp->type = SCTP_SOCKET_UDP; break; case SOCK_STREAM: sp->type = SCTP_SOCKET_TCP; break; default: return -ESOCKTNOSUPPORT; } sp->default_stream = 0; sp->default_ppid = 0; sp->default_flags = 0; sp->default_context = 0; sp->default_timetolive = 0; sp->default_rcv_context = 0; sp->max_burst = net->sctp.max_burst; sp->sctp_hmac_alg = net->sctp.sctp_hmac_alg; sp->initmsg.sinit_num_ostreams = sctp_max_outstreams; sp->initmsg.sinit_max_instreams = sctp_max_instreams; sp->initmsg.sinit_max_attempts = net->sctp.max_retrans_init; sp->initmsg.sinit_max_init_timeo = net->sctp.rto_max; sp->rtoinfo.srto_initial = net->sctp.rto_initial; sp->rtoinfo.srto_max = net->sctp.rto_max; sp->rtoinfo.srto_min = net->sctp.rto_min; sp->assocparams.sasoc_asocmaxrxt = net->sctp.max_retrans_association; sp->assocparams.sasoc_number_peer_destinations = 0; sp->assocparams.sasoc_peer_rwnd = 0; sp->assocparams.sasoc_local_rwnd = 0; sp->assocparams.sasoc_cookie_life = net->sctp.valid_cookie_life; memset(&sp->subscribe, 0, sizeof(struct sctp_event_subscribe)); sp->hbinterval = net->sctp.hb_interval; sp->pathmaxrxt = net->sctp.max_retrans_path; sp->pathmtu = 0; sp->sackdelay = net->sctp.sack_timeout; sp->sackfreq = 2; sp->param_flags = SPP_HB_ENABLE | SPP_PMTUD_ENABLE | SPP_SACKDELAY_ENABLE; sp->disable_fragments = 0; sp->nodelay = 0; sp->recvrcvinfo = 0; sp->recvnxtinfo = 0; sp->v4mapped = 1; sp->autoclose = 0; sp->user_frag = 0; sp->adaptation_ind = 0; sp->pf = sctp_get_pf_specific(sk->sk_family); atomic_set(&sp->pd_mode, 0); skb_queue_head_init(&sp->pd_lobby); sp->frag_interleave = 0; sp->ep = sctp_endpoint_new(sk, GFP_KERNEL); if (!sp->ep) return -ENOMEM; sp->hmac = NULL; sk->sk_destruct = sctp_destruct_sock; SCTP_DBG_OBJCNT_INC(sock); local_bh_disable(); percpu_counter_inc(&sctp_sockets_allocated); sock_prot_inuse_add(net, sk->sk_prot, 1); if (net->sctp.default_auto_asconf) { list_add_tail(&sp->auto_asconf_list, &net->sctp.auto_asconf_splist); sp->do_auto_asconf = 1; } else sp->do_auto_asconf = 0; local_bh_enable(); return 0; }",visit repo url,net/sctp/socket.c,https://github.com/torvalds/linux,264624053930212,1 2521,CWE-190,"choose_volume(struct archive_read *a, struct iso9660 *iso9660) { struct file_info *file; int64_t skipsize; struct vd *vd; const void *block; char seenJoliet; vd = &(iso9660->primary); if (!iso9660->opt_support_joliet) iso9660->seenJoliet = 0; if (iso9660->seenJoliet && vd->location > iso9660->joliet.location) vd = &(iso9660->joliet); skipsize = LOGICAL_BLOCK_SIZE * vd->location; skipsize = __archive_read_consume(a, skipsize); if (skipsize < 0) return ((int)skipsize); iso9660->current_position = skipsize; block = __archive_read_ahead(a, vd->size, NULL); if (block == NULL) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Failed to read full block when scanning "" ""ISO9660 directory list""); return (ARCHIVE_FATAL); } seenJoliet = iso9660->seenJoliet; iso9660->seenJoliet = 0; file = parse_file_info(a, NULL, block); if (file == NULL) return (ARCHIVE_FATAL); iso9660->seenJoliet = seenJoliet; if (vd == &(iso9660->primary) && iso9660->seenRockridge && iso9660->seenJoliet) iso9660->seenJoliet = 0; if (vd == &(iso9660->primary) && !iso9660->seenRockridge && iso9660->seenJoliet) { vd = &(iso9660->joliet); skipsize = LOGICAL_BLOCK_SIZE * vd->location; skipsize -= iso9660->current_position; skipsize = __archive_read_consume(a, skipsize); if (skipsize < 0) return ((int)skipsize); iso9660->current_position += skipsize; block = __archive_read_ahead(a, vd->size, NULL); if (block == NULL) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Failed to read full block when scanning "" ""ISO9660 directory list""); return (ARCHIVE_FATAL); } iso9660->seenJoliet = 0; file = parse_file_info(a, NULL, block); if (file == NULL) return (ARCHIVE_FATAL); iso9660->seenJoliet = seenJoliet; } if (add_entry(a, iso9660, file) != ARCHIVE_OK) return (ARCHIVE_FATAL); if (iso9660->seenRockridge) { a->archive.archive_format = ARCHIVE_FORMAT_ISO9660_ROCKRIDGE; a->archive.archive_format_name = ""ISO9660 with Rockridge extensions""; } return (ARCHIVE_OK); }",visit repo url,libarchive/archive_read_support_format_iso9660.c,https://github.com/libarchive/libarchive,37881952798069,1 2722,CWE-190,"SPL_METHOD(FilesystemIterator, key) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } if (SPL_FILE_DIR_KEY(intern, SPL_FILE_DIR_KEY_AS_FILENAME)) { RETURN_STRING(intern->u.dir.entry.d_name, 1); } else { spl_filesystem_object_get_file_name(intern TSRMLS_CC); RETURN_STRINGL(intern->file_name, intern->file_name_len, 1); } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,9943446163429,1 3631,CWE-416,"static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; AsyncPolkitQuery *q = userdata; int r; assert(reply); assert(q); assert(q->slot); q->slot = sd_bus_slot_unref(q->slot); assert(!q->reply); q->reply = sd_bus_message_ref(reply); assert(!q->defer_event_source); r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q); if (r < 0) goto fail; r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE); if (r < 0) goto fail; r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT); if (r < 0) goto fail; r = sd_bus_message_rewind(q->request, true); if (r < 0) goto fail; r = sd_bus_enqeue_for_read(sd_bus_message_get_bus(q->request), q->request); if (r < 0) goto fail; return 1; fail: log_debug_errno(r, ""Processing asynchronous PolicyKit reply failed, ignoring: %m""); (void) sd_bus_reply_method_errno(q->request, r, NULL); async_polkit_query_free(q); return r; }",visit repo url,src/shared/bus-polkit.c,https://github.com/systemd/systemd,5604116728885,1 2944,['CWE-189'],"jp2_cdefchan_t *jp2_cdef_lookup(jp2_cdef_t *cdef, int channo) { unsigned int i; jp2_cdefchan_t *cdefent; for (i = 0; i < cdef->numchans; ++i) { cdefent = &cdef->ents[i]; if (cdefent->channo == JAS_CAST(unsigned int, channo)) { return cdefent; } } return 0; }",jasper,,,220742570156286598130003907613169023237,0 3333,CWE-119,"flac_buffer_copy (SF_PRIVATE *psf) { FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ; const FLAC__Frame *frame = pflac->frame ; const int32_t* const *buffer = pflac->wbuffer ; unsigned i = 0, j, offset, channels, len ; if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE) { psf_log_printf (psf, ""Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n"", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ; psf->error = SFE_INTERNAL ; return 0 ; } ; if (frame->header.channels > FLAC__MAX_CHANNELS) psf_log_printf (psf, ""Ooops : frame->header.channels (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n"", __func__, __LINE__, frame->header.channels, FLAC__MAX_CHANNELS) ; channels = SF_MIN (frame->header.channels, FLAC__MAX_CHANNELS) ; if (pflac->ptr == NULL) { pflac->bufferbackup = SF_TRUE ; for (i = 0 ; i < channels ; i++) { if (pflac->rbuffer [i] == NULL) pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (int32_t)) ; memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (int32_t)) ; } ; pflac->wbuffer = (const int32_t* const*) pflac->rbuffer ; return 0 ; } ; len = SF_MIN (pflac->len, frame->header.blocksize) ; switch (pflac->pcmtype) { case PFLAC_PCM_SHORT : { short *retpcm = (short*) pflac->ptr ; int shift = 16 - frame->header.bits_per_sample ; if (shift < 0) { shift = abs (shift) ; for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = buffer [j][pflac->bufferpos] >> shift ; pflac->remain -= channels ; pflac->bufferpos++ ; } } else { for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = ((uint16_t) buffer [j][pflac->bufferpos]) << shift ; pflac->remain -= channels ; pflac->bufferpos++ ; } ; } ; } ; break ; case PFLAC_PCM_INT : { int *retpcm = (int*) pflac->ptr ; int shift = 32 - frame->header.bits_per_sample ; for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = ((uint32_t) buffer [j][pflac->bufferpos]) << shift ; pflac->remain -= channels ; pflac->bufferpos++ ; } ; } ; break ; case PFLAC_PCM_FLOAT : { float *retpcm = (float*) pflac->ptr ; float norm = (psf->norm_float == SF_TRUE) ? 1.0 / (1 << (frame->header.bits_per_sample - 1)) : 1.0 ; for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = buffer [j][pflac->bufferpos] * norm ; pflac->remain -= channels ; pflac->bufferpos++ ; } ; } ; break ; case PFLAC_PCM_DOUBLE : { double *retpcm = (double*) pflac->ptr ; double norm = (psf->norm_double == SF_TRUE) ? 1.0 / (1 << (frame->header.bits_per_sample - 1)) : 1.0 ; for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = buffer [j][pflac->bufferpos] * norm ; pflac->remain -= channels ; pflac->bufferpos++ ; } ; } ; break ; default : return 0 ; } ; offset = i * channels ; pflac->pos += i * channels ; return offset ; } ",visit repo url,src/flac.c,https://github.com/erikd/libsndfile,137586189829061,1 2253,NVD-CWE-Other,"static int __init ipgre_init(void) { int err; printk(KERN_INFO ""GRE over IPv4 tunneling driver\n""); if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) { printk(KERN_INFO ""ipgre init: can't add protocol\n""); return -EAGAIN; } err = register_pernet_device(&ipgre_net_ops); if (err < 0) goto gen_device_failed; err = rtnl_link_register(&ipgre_link_ops); if (err < 0) goto rtnl_link_failed; err = rtnl_link_register(&ipgre_tap_ops); if (err < 0) goto tap_ops_failed; out: return err; tap_ops_failed: rtnl_link_unregister(&ipgre_link_ops); rtnl_link_failed: unregister_pernet_device(&ipgre_net_ops); gen_device_failed: inet_del_protocol(&ipgre_protocol, IPPROTO_GRE); goto out; }",visit repo url,net/ipv4/ip_gre.c,https://github.com/torvalds/linux,68570190895979,1 5352,CWE-190,"SWFInput_readSBits(SWFInput input, int number) { int num = SWFInput_readBits(input, number); if ( num & (1<<(number-1)) ) return num - (1<link); }",linux-2.6,,,201496596542458029473946902485421596180,0 2417,CWE-119,"static int http_buf_read(URLContext *h, uint8_t *buf, int size) { HTTPContext *s = h->priv_data; int len; len = s->buf_end - s->buf_ptr; if (len > 0) { if (len > size) len = size; memcpy(buf, s->buf_ptr, len); s->buf_ptr += len; } else { int64_t target_end = s->end_off ? s->end_off : s->filesize; if ((!s->willclose || s->chunksize < 0) && target_end >= 0 && s->off >= target_end) return AVERROR_EOF; len = ffurl_read(s->hd, buf, size); if (!len && (!s->willclose || s->chunksize < 0) && target_end >= 0 && s->off < target_end) { av_log(h, AV_LOG_ERROR, ""Stream ends prematurely at %""PRId64"", should be %""PRId64""\n"", s->off, target_end ); return AVERROR(EIO); } } if (len > 0) { s->off += len; if (s->chunksize > 0) s->chunksize -= len; } return len; }",visit repo url,libavformat/http.c,https://github.com/FFmpeg/FFmpeg,264609391933963,1 1141,CWE-264,"static int __init acpi_custom_method_init(void) { if (!acpi_debugfs_dir) return -ENOENT; cm_dentry = debugfs_create_file(""custom_method"", S_IWUSR, acpi_debugfs_dir, NULL, &cm_fops); if (!cm_dentry) return -ENODEV; return 0; }",visit repo url,drivers/acpi/debugfs.c,https://github.com/torvalds/linux,177880030894227,1 2396,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *in) { AVFilterContext *ctx = inlink->dst; LutContext *s = ctx->priv; AVFilterLink *outlink = ctx->outputs[0]; AVFrame *out; uint8_t *inrow, *outrow, *inrow0, *outrow0; int i, j, plane, direct = 0; if (av_frame_is_writable(in)) { direct = 1; out = in; } else { out = ff_get_video_buffer(outlink, outlink->w, outlink->h); if (!out) { av_frame_free(&in); return AVERROR(ENOMEM); } av_frame_copy_props(out, in); } if (s->is_rgb) { inrow0 = in ->data[0]; outrow0 = out->data[0]; for (i = 0; i < in->height; i ++) { int w = inlink->w; const uint8_t (*tab)[256] = (const uint8_t (*)[256])s->lut; inrow = inrow0; outrow = outrow0; for (j = 0; j < w; j++) { switch (s->step) { case 4: outrow[3] = tab[3][inrow[3]]; case 3: outrow[2] = tab[2][inrow[2]]; case 2: outrow[1] = tab[1][inrow[1]]; default: outrow[0] = tab[0][inrow[0]]; } outrow += s->step; inrow += s->step; } inrow0 += in ->linesize[0]; outrow0 += out->linesize[0]; } } else { for (plane = 0; plane < 4 && in->data[plane]; plane++) { int vsub = plane == 1 || plane == 2 ? s->vsub : 0; int hsub = plane == 1 || plane == 2 ? s->hsub : 0; int h = FF_CEIL_RSHIFT(inlink->h, vsub); int w = FF_CEIL_RSHIFT(inlink->w, hsub); inrow = in ->data[plane]; outrow = out->data[plane]; for (i = 0; i < h; i++) { const uint8_t *tab = s->lut[plane]; for (j = 0; j < w; j++) outrow[j] = tab[inrow[j]]; inrow += in ->linesize[plane]; outrow += out->linesize[plane]; } } } if (!direct) av_frame_free(&in); return ff_filter_frame(outlink, out); }",visit repo url,libavfilter/vf_lut.c,https://github.com/FFmpeg/FFmpeg,64037650402326,1 5521,CWE-125,"static int add_ast_fields(void) { PyObject *empty_tuple, *d; if (PyType_Ready(&AST_type) < 0) return -1; d = AST_type.tp_dict; empty_tuple = PyTuple_New(0); if (!empty_tuple || PyDict_SetItemString(d, ""_fields"", empty_tuple) < 0 || PyDict_SetItemString(d, ""_attributes"", empty_tuple) < 0) { Py_XDECREF(empty_tuple); return -1; } Py_DECREF(empty_tuple); return 0; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,136209209319151,1 3354,CWE-119,"test_recode_command2 (xd3_stream *stream, int has_source, int variant, int change) { int has_adler32 = (variant & 0x1) != 0; int has_apphead = (variant & 0x2) != 0; int has_secondary = (variant & 0x4) != 0; int change_adler32 = (change & 0x1) != 0; int change_apphead = (change & 0x2) != 0; int change_secondary = (change & 0x4) != 0; int recoded_adler32 = change_adler32 ? !has_adler32 : has_adler32; int recoded_apphead = change_apphead ? !has_apphead : has_apphead; int recoded_secondary = change_secondary ? !has_secondary : has_secondary; char ecmd[TESTBUFSIZE], recmd[TESTBUFSIZE], dcmd[TESTBUFSIZE]; xoff_t tsize, ssize; int ret; test_setup (); if ((ret = test_make_inputs (stream, has_source ? & ssize : NULL, & tsize))) { return ret; } snprintf_func (ecmd, TESTBUFSIZE, ""%s %s -f %s %s %s %s %s %s %s"", program_name, test_softcfg_str, has_adler32 ? """" : ""-n "", has_apphead ? ""-A=encode_apphead "" : ""-A= "", has_secondary ? ""-S djw "" : ""-S none "", has_source ? ""-s "" : """", has_source ? TEST_SOURCE_FILE : """", TEST_TARGET_FILE, TEST_DELTA_FILE); if ((ret = system (ecmd)) != 0) { XPR(NT ""encode command: %s\n"", ecmd); stream->msg = ""encode cmd failed""; return XD3_INTERNAL; } snprintf_func (recmd, TESTBUFSIZE, ""%s recode %s -f %s %s %s %s %s"", program_name, test_softcfg_str, recoded_adler32 ? """" : ""-n "", !change_apphead ? """" : (recoded_apphead ? ""-A=recode_apphead "" : ""-A= ""), recoded_secondary ? ""-S djw "" : ""-S none "", TEST_DELTA_FILE, TEST_COPY_FILE); if ((ret = system (recmd)) != 0) { XPR(NT ""recode command: %s\n"", recmd); stream->msg = ""recode cmd failed""; return XD3_INTERNAL; } if ((ret = check_vcdiff_header (stream, TEST_COPY_FILE, ""VCDIFF window indicator"", ""VCD_SOURCE"", has_source))) { return ret; } if ((ret = check_vcdiff_header (stream, TEST_COPY_FILE, ""VCDIFF header indicator"", ""VCD_SECONDARY"", recoded_secondary))) { return ret; } if ((ret = check_vcdiff_header (stream, TEST_COPY_FILE, ""VCDIFF window indicator"", ""VCD_ADLER32"", has_adler32 && recoded_adler32))) { return ret; } if (!change_apphead) { if ((ret = check_vcdiff_header (stream, TEST_COPY_FILE, ""VCDIFF header indicator"", ""VCD_APPHEADER"", has_apphead))) { return ret; } if ((ret = check_vcdiff_header (stream, TEST_COPY_FILE, ""VCDIFF application header"", ""encode_apphead"", has_apphead))) { return ret; } } else { if ((ret = check_vcdiff_header (stream, TEST_COPY_FILE, ""VCDIFF header indicator"", ""VCD_APPHEADER"", recoded_apphead))) { return ret; } if (recoded_apphead && (ret = check_vcdiff_header (stream, TEST_COPY_FILE, ""VCDIFF application header"", ""recode_apphead"", 1))) { return ret; } } snprintf_func (dcmd, TESTBUFSIZE, ""%s -fd %s %s %s %s "", program_name, has_source ? ""-s "" : """", has_source ? TEST_SOURCE_FILE : """", TEST_COPY_FILE, TEST_RECON_FILE); if ((ret = system (dcmd)) != 0) { XPR(NT ""decode command: %s\n"", dcmd); stream->msg = ""decode cmd failed""; return XD3_INTERNAL; } if ((ret = test_compare_files (TEST_TARGET_FILE, TEST_RECON_FILE))) { return ret; } return 0; }",visit repo url,xdelta3/xdelta3-test.h,https://github.com/jmacd/xdelta-devel,61277618915475,1 6282,['CWE-200'],"static struct pneigh_entry *pneigh_get_next(struct seq_file *seq, struct pneigh_entry *pn, loff_t *pos) { struct neigh_seq_state *state = seq->private; struct neigh_table *tbl = state->tbl; pn = pn->next; while (!pn) { if (++state->bucket > PNEIGH_HASHMASK) break; pn = tbl->phash_buckets[state->bucket]; if (pn) break; } if (pn && pos) --(*pos); return pn; }",linux-2.6,,,238465478252506488180786387282483551635,0 1078,['CWE-20'],"asmlinkage long sys_setpgid(pid_t pid, pid_t pgid) { struct task_struct *p; struct task_struct *group_leader = current->group_leader; int err = -EINVAL; if (!pid) pid = group_leader->pid; if (!pgid) pgid = pid; if (pgid < 0) return -EINVAL; write_lock_irq(&tasklist_lock); err = -ESRCH; p = find_task_by_pid(pid); if (!p) goto out; err = -EINVAL; if (!thread_group_leader(p)) goto out; if (p->real_parent == group_leader) { err = -EPERM; if (task_session(p) != task_session(group_leader)) goto out; err = -EACCES; if (p->did_exec) goto out; } else { err = -ESRCH; if (p != group_leader) goto out; } err = -EPERM; if (p->signal->leader) goto out; if (pgid != pid) { struct task_struct *g = find_task_by_pid_type(PIDTYPE_PGID, pgid); if (!g || task_session(g) != task_session(group_leader)) goto out; } err = security_task_setpgid(p, pgid); if (err) goto out; if (process_group(p) != pgid) { detach_pid(p, PIDTYPE_PGID); p->signal->pgrp = pgid; attach_pid(p, PIDTYPE_PGID, pgid); } err = 0; out: write_unlock_irq(&tasklist_lock); return err; }",linux-2.6,,,259009264639224630290329723854460637947,0 5406,CWE-754,"parsegid(const char *s, gid_t *gid) { struct group *gr; const char *errstr; if ((gr = getgrnam(s)) != NULL) { *gid = gr->gr_gid; return 0; } #if !defined(__linux__) && !defined(__NetBSD__) *gid = strtonum(s, 0, GID_MAX, &errstr); #else sscanf(s, ""%d"", gid); #endif if (errstr) return -1; return 0; }",visit repo url,doas.c,https://github.com/slicer69/doas,151489711142308,1 29,['CWE-264'],"static void php_sqlite3_func_step_callback(sqlite3_context *context, int argc, sqlite3_value **argv) { struct pdo_sqlite_func *func = (struct pdo_sqlite_func*)sqlite3_user_data(context); TSRMLS_FETCH(); do_callback(&func->astep, func->step, argc, argv, context, 1 TSRMLS_CC); }",php-src,,,291984345501818705117112988405570561929,0 5460,CWE-617,"pci_emul_alloc_resource(uint64_t *baseptr, uint64_t limit, uint64_t size, uint64_t *addr) { uint64_t base; assert((size & (size - 1)) == 0); base = roundup2(*baseptr, size); if (base + size <= limit) { *addr = base; *baseptr = base + size; return 0; } else return -1; }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,203407585064760,1 3817,['CWE-120'],"uint32_t uvc_fraction_to_interval(uint32_t numerator, uint32_t denominator) { uint32_t multiplier; if (denominator == 0 || numerator/denominator >= ((uint32_t)-1)/10000000) return (uint32_t)-1; multiplier = 10000000; while (numerator > ((uint32_t)-1)/multiplier) { multiplier /= 2; denominator /= 2; } return denominator ? numerator * multiplier / denominator : 0; }",linux-2.6,,,202435422671782006552162756789987920271,0 6733,['CWE-310'],"utils_fill_connection_certs (NMConnection *connection, GError **error) { NMSetting8021x *s_8021x; const char *filename; GError *tmp_error = NULL; gboolean need_client_cert = TRUE; g_return_val_if_fail (connection != NULL, FALSE); s_8021x = NM_SETTING_802_1X (nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X)); if (!s_8021x) return TRUE; filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG); if (filename) { if (!nm_setting_802_1x_set_ca_cert_from_file (s_8021x, filename, NULL, &tmp_error)) { g_set_error (error, tmp_error->domain, tmp_error->code, _(""Could not read CA certificate: %s""), tmp_error->message); g_clear_error (&tmp_error); return FALSE; } } need_client_cert = fill_one_private_key (connection, NMA_PATH_PRIVATE_KEY_TAG, NM_SETTING_802_1X_PRIVATE_KEY, NM_SETTING_802_1X_CLIENT_CERT); if (need_client_cert) { filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CLIENT_CERT_TAG); if (filename) { if (!nm_setting_802_1x_set_client_cert_from_file (s_8021x, filename, NULL, &tmp_error)) { g_set_error (error, tmp_error->domain, tmp_error->code, _(""Could not read client certificate: %s""), tmp_error->message); g_clear_error (&tmp_error); return FALSE; } } } filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_PHASE2_CA_CERT_TAG); if (filename) { if (!nm_setting_802_1x_set_phase2_ca_cert_from_file (s_8021x, filename, NULL, &tmp_error)) { g_set_error (error, tmp_error->domain, tmp_error->code, _(""Could not read inner CA certificate: %s""), tmp_error->message); g_clear_error (&tmp_error); return FALSE; } } need_client_cert = fill_one_private_key (connection, NMA_PATH_PHASE2_PRIVATE_KEY_TAG, NM_SETTING_802_1X_PHASE2_PRIVATE_KEY, NM_SETTING_802_1X_PHASE2_CLIENT_CERT); if (need_client_cert) { filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_PHASE2_CLIENT_CERT_TAG); if (filename) { if (!nm_setting_802_1x_set_phase2_client_cert_from_file (s_8021x, filename, NULL, &tmp_error)) { g_set_error (error, tmp_error->domain, tmp_error->code, _(""Could not read inner client certificate: %s""), tmp_error->message); g_clear_error (&tmp_error); return FALSE; } } } return TRUE; }",network-manager-applet,,,142832666146841652538813200629472247726,0 4482,['CWE-264'],"void ecm_state_change(struct s_smc *smc, int e_state) { #ifdef DRIVERDEBUG char *s; switch (e_state) { case EC0_OUT: s = ""EC0_OUT""; break; case EC1_IN: s = ""EC1_IN""; break; case EC2_TRACE: s = ""EC2_TRACE""; break; case EC3_LEAVE: s = ""EC3_LEAVE""; break; case EC4_PATH_TEST: s = ""EC4_PATH_TEST""; break; case EC5_INSERT: s = ""EC5_INSERT""; break; case EC6_CHECK: s = ""EC6_CHECK""; break; case EC7_DEINSERT: s = ""EC7_DEINSERT""; break; default: s = ""unknown""; break; } PRINTK(KERN_INFO ""ecm_state_change: %s\n"", s); #endif } ",linux-2.6,,,307599749312593108566660547745377749440,0 2487,CWE-20,"static void _out_verify(conn_t out, nad_t nad) { int attr, ns; jid_t from, to; conn_t in; char *rkey; int valid; attr = nad_find_attr(nad, 0, -1, ""from"", NULL); if(attr < 0 || (from = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) { log_debug(ZONE, ""missing or invalid from on db verify packet""); nad_free(nad); return; } attr = nad_find_attr(nad, 0, -1, ""to"", NULL); if(attr < 0 || (to = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) { log_debug(ZONE, ""missing or invalid to on db verify packet""); jid_free(from); nad_free(nad); return; } attr = nad_find_attr(nad, 0, -1, ""id"", NULL); if(attr < 0) { log_debug(ZONE, ""missing id on db verify packet""); jid_free(from); jid_free(to); nad_free(nad); return; } in = xhash_getx(out->s2s->in, NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr)); if(in == NULL) { log_debug(ZONE, ""got a verify for incoming conn %.*s, but it doesn't exist, dropping the packet"", NAD_AVAL_L(nad, attr), NAD_AVAL(nad, attr)); jid_free(from); jid_free(to); nad_free(nad); return; } rkey = s2s_route_key(NULL, to->domain, from->domain); attr = nad_find_attr(nad, 0, -1, ""type"", ""valid""); if(attr >= 0) { xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID); log_write(in->s2s->log, LOG_NOTICE, ""[%d] [%s, port=%d] incoming route '%s' is now valid%s%s"", in->fd->fd, in->ip, in->port, rkey, (in->s->flags & SX_SSL_WRAPPER) ? "", TLS negotiated"" : """", in->s->compressed ? "", ZLIB compression enabled"" : """"); valid = 1; } else { log_write(in->s2s->log, LOG_NOTICE, ""[%d] [%s, port=%d] incoming route '%s' is now invalid"", in->fd->fd, in->ip, in->port, rkey); valid = 0; } free(rkey); nad_free(nad); --out->verify; nad = nad_new(); ns = nad_add_namespace(nad, uri_DIALBACK, ""db""); nad_append_elem(nad, ns, ""result"", 0); nad_append_attr(nad, -1, ""to"", from->domain); nad_append_attr(nad, -1, ""from"", to->domain); nad_append_attr(nad, -1, ""type"", valid ? ""valid"" : ""invalid""); sx_nad_write(in->s, nad); if (!valid) { sx_error(in->s, stream_err_INVALID_ID, ""dialback negotiation failed""); sx_close(in->s); } jid_free(from); jid_free(to); }",visit repo url,s2s/out.c,https://github.com/Jabberd2/jabberd2,54713310164111,1 2838,CWE-125,"static CACHE_BITMAP_V3_ORDER* update_read_cache_bitmap_v3_order(rdpUpdate* update, wStream* s, UINT16 flags) { BYTE bitsPerPixelId; BITMAP_DATA_EX* bitmapData; UINT32 new_len; BYTE* new_data; CACHE_BITMAP_V3_ORDER* cache_bitmap_v3; if (!update || !s) return NULL; cache_bitmap_v3 = calloc(1, sizeof(CACHE_BITMAP_V3_ORDER)); if (!cache_bitmap_v3) goto fail; cache_bitmap_v3->cacheId = flags & 0x00000003; cache_bitmap_v3->flags = (flags & 0x0000FF80) >> 7; bitsPerPixelId = (flags & 0x00000078) >> 3; cache_bitmap_v3->bpp = CBR23_BPP[bitsPerPixelId]; if (Stream_GetRemainingLength(s) < 21) goto fail; Stream_Read_UINT16(s, cache_bitmap_v3->cacheIndex); Stream_Read_UINT32(s, cache_bitmap_v3->key1); Stream_Read_UINT32(s, cache_bitmap_v3->key2); bitmapData = &cache_bitmap_v3->bitmapData; Stream_Read_UINT8(s, bitmapData->bpp); if ((bitmapData->bpp < 1) || (bitmapData->bpp > 32)) { WLog_Print(update->log, WLOG_ERROR, ""invalid bpp value %"" PRIu32 """", bitmapData->bpp); goto fail; } Stream_Seek_UINT8(s); Stream_Seek_UINT8(s); Stream_Read_UINT8(s, bitmapData->codecID); Stream_Read_UINT16(s, bitmapData->width); Stream_Read_UINT16(s, bitmapData->height); Stream_Read_UINT32(s, new_len); if ((new_len == 0) || (Stream_GetRemainingLength(s) < new_len)) goto fail; new_data = (BYTE*)realloc(bitmapData->data, new_len); if (!new_data) goto fail; bitmapData->data = new_data; bitmapData->length = new_len; Stream_Read(s, bitmapData->data, bitmapData->length); return cache_bitmap_v3; fail: free_cache_bitmap_v3_order(update->context, cache_bitmap_v3); return NULL; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,62268862034921,1 34,CWE-763,"spnego_gss_set_sec_context_option( OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_OID desired_object, const gss_buffer_t value) { OM_uint32 ret; ret = gss_set_sec_context_option(minor_status, context_handle, desired_object, value); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,15783315225685,1 4289,CWE-400,"R_API st64 r_buf_read_at(RBuffer *b, ut64 addr, ut8 *buf, ut64 len) { r_return_val_if_fail (b && buf, -1); st64 o_addr = r_buf_seek (b, 0, R_BUF_CUR); st64 r = r_buf_seek (b, addr, R_BUF_SET); if (r < 0) { return r; } r = r_buf_read (b, buf, len); r_buf_seek (b, o_addr, R_BUF_SET); return r; }",visit repo url,libr/util/buf.c,https://github.com/radareorg/radare2,161469624654789,1 5405,CWE-754,"parseuid(const char *s, uid_t *uid) { struct passwd *pw; const char *errstr; if ((pw = getpwnam(s)) != NULL) { *uid = pw->pw_uid; return 0; } #if !defined(__linux__) && !defined(__NetBSD__) *uid = strtonum(s, 0, UID_MAX, &errstr); #else sscanf(s, ""%d"", uid); #endif if (errstr) return -1; return 0; }",visit repo url,doas.c,https://github.com/slicer69/doas,12248068660656,1 3685,[],"int hfs_cat_keycmp(const btree_key *key1, const btree_key *key2) { int retval; retval = be32_to_cpu(key1->cat.ParID) - be32_to_cpu(key2->cat.ParID); if (!retval) retval = hfs_strcmp(key1->cat.CName.name, key1->cat.CName.len, key2->cat.CName.name, key2->cat.CName.len); return retval; }",linux-2.6,,,145328055161034671275537114550189420851,0 4771,CWE-119,"static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) { muscle_private_t* priv = MUSCLE_DATA(card); mscfs_t *fs = priv->fs; int x; int count = 0; mscfs_check_cache(priv->fs); for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ""FILE: %02X%02X%02X%02X\n"", oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; if(buf[0] == 0x00 && buf[1] == 0x00) continue; buf += 2; count+=2; } } return count; }",visit repo url,src/libopensc/card-muscle.c,https://github.com/OpenSC/OpenSC,15195210024435,1 4177,CWE-190,"void rfbScaledScreenUpdateRect(rfbScreenInfoPtr screen, rfbScreenInfoPtr ptr, int x0, int y0, int w0, int h0) { int x,y,w,v,z; int x1, y1, w1, h1; int bitsPerPixel, bytesPerPixel, bytesPerLine, areaX, areaY, area2; unsigned char *srcptr, *dstptr; if (screen==ptr) return; x1 = x0; y1 = y0; w1 = w0; h1 = h0; rfbScaledCorrection(screen, ptr, &x1, &y1, &w1, &h1, ""rfbScaledScreenUpdateRect""); x0 = ScaleX(ptr, screen, x1); y0 = ScaleY(ptr, screen, y1); w0 = ScaleX(ptr, screen, w1); h0 = ScaleY(ptr, screen, h1); bitsPerPixel = screen->bitsPerPixel; bytesPerPixel = bitsPerPixel / 8; bytesPerLine = w1 * bytesPerPixel; srcptr = (unsigned char *)(screen->frameBuffer + (y0 * screen->paddedWidthInBytes + x0 * bytesPerPixel)); dstptr = (unsigned char *)(ptr->frameBuffer + ( y1 * ptr->paddedWidthInBytes + x1 * bytesPerPixel)); areaX = ScaleX(ptr,screen,1); areaY = ScaleY(ptr,screen,1); area2 = areaX*areaY; if ((x1+w1) > (ptr->width)) { if (x1==0) w1=ptr->width; else x1 = ptr->width - w1; } if ((y1+h1) > (ptr->height)) { if (y1==0) h1=ptr->height; else y1 = ptr->height - h1; } if (screen->serverFormat.trueColour) { unsigned char *srcptr2; unsigned long pixel_value, red, green, blue; unsigned int redShift = screen->serverFormat.redShift; unsigned int greenShift = screen->serverFormat.greenShift; unsigned int blueShift = screen->serverFormat.blueShift; unsigned long redMax = screen->serverFormat.redMax; unsigned long greenMax = screen->serverFormat.greenMax; unsigned long blueMax = screen->serverFormat.blueMax; for (y = 0; y < h1; y++) { for (x = 0; x < w1; x++) { red = green = blue = 0; for (w = 0; w < areaX; w++) { for (v = 0; v < areaY; v++) { srcptr2 = &srcptr[(((x * areaX) + w) * bytesPerPixel) + (v * screen->paddedWidthInBytes)]; pixel_value = 0; switch (bytesPerPixel) { case 4: pixel_value = *((unsigned int *)srcptr2); break; case 2: pixel_value = *((unsigned short *)srcptr2); break; case 1: pixel_value = *((unsigned char *)srcptr2); break; default: for (z = 0; z < bytesPerPixel; z++) pixel_value += (srcptr2[z] << (8 * z)); break; } red += ((pixel_value >> redShift) & redMax); green += ((pixel_value >> greenShift) & greenMax); blue += ((pixel_value >> blueShift) & blueMax); } } red /= area2; green /= area2; blue /= area2; pixel_value = ((red & redMax) << redShift) | ((green & greenMax) << greenShift) | ((blue & blueMax) << blueShift); switch (bytesPerPixel) { case 4: *((unsigned int *)dstptr) = (unsigned int) pixel_value; break; case 2: *((unsigned short *)dstptr) = (unsigned short) pixel_value; break; case 1: *((unsigned char *)dstptr) = (unsigned char) pixel_value; break; default: for (z = 0; z < bytesPerPixel; z++) dstptr[z]=(pixel_value >> (8 * z)) & 0xff; break; } dstptr += bytesPerPixel; } srcptr += (screen->paddedWidthInBytes * areaY); dstptr += (ptr->paddedWidthInBytes - bytesPerLine); } } else { for (y = y1; y < (y1+h1); y++) { for (x = x1; x < (x1+w1); x++) memcpy (&ptr->frameBuffer[(y *ptr->paddedWidthInBytes) + (x * bytesPerPixel)], &screen->frameBuffer[(y * areaY * screen->paddedWidthInBytes) + (x *areaX * bytesPerPixel)], bytesPerPixel); } } }",visit repo url,libvncserver/scale.c,https://github.com/LibVNC/libvncserver,76740484139891,1 3341,[],"static inline void *nlmsg_get_pos(struct sk_buff *skb) { return skb_tail_pointer(skb); }",linux-2.6,,,5456960594505314563332376324364307350,0 5586,[],"int kill_pgrp(struct pid *pid, int sig, int priv) { int ret; read_lock(&tasklist_lock); ret = __kill_pgrp_info(sig, __si_special(priv), pid); read_unlock(&tasklist_lock); return ret; }",linux-2.6,,,223751540883095547201693581611308595865,0 1422,CWE-310,"static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_rng rrng; snprintf(rrng.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""rng""); rrng.seedsize = alg->cra_rng.seedsize; if (nla_put(skb, CRYPTOCFGA_REPORT_RNG, sizeof(struct crypto_report_rng), &rrng)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/rng.c,https://github.com/torvalds/linux,181708372934514,1 6095,['CWE-200'],"static struct inet6_dev * ipv6_add_dev(struct net_device *dev) { struct inet6_dev *ndev; ASSERT_RTNL(); if (dev->mtu < IPV6_MIN_MTU) return NULL; ndev = kmalloc(sizeof(struct inet6_dev), GFP_KERNEL); if (ndev) { memset(ndev, 0, sizeof(struct inet6_dev)); rwlock_init(&ndev->lock); ndev->dev = dev; memcpy(&ndev->cnf, &ipv6_devconf_dflt, sizeof(ndev->cnf)); ndev->cnf.mtu6 = dev->mtu; ndev->cnf.sysctl = NULL; ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl); if (ndev->nd_parms == NULL) { kfree(ndev); return NULL; } dev_hold(dev); if (snmp6_alloc_dev(ndev) < 0) { ADBG((KERN_WARNING ""%s(): cannot allocate memory for statistics; dev=%s.\n"", __FUNCTION__, dev->name)); neigh_parms_release(&nd_tbl, ndev->nd_parms); ndev->dead = 1; in6_dev_finish_destroy(ndev); return NULL; } if (snmp6_register_dev(ndev) < 0) { ADBG((KERN_WARNING ""%s(): cannot create /proc/net/dev_snmp6/%s\n"", __FUNCTION__, dev->name)); neigh_parms_release(&nd_tbl, ndev->nd_parms); ndev->dead = 1; in6_dev_finish_destroy(ndev); return NULL; } in6_dev_hold(ndev); #ifdef CONFIG_IPV6_PRIVACY get_random_bytes(ndev->rndid, sizeof(ndev->rndid)); get_random_bytes(ndev->entropy, sizeof(ndev->entropy)); init_timer(&ndev->regen_timer); ndev->regen_timer.function = ipv6_regen_rndid; ndev->regen_timer.data = (unsigned long) ndev; if ((dev->flags&IFF_LOOPBACK) || dev->type == ARPHRD_TUNNEL || dev->type == ARPHRD_NONE || dev->type == ARPHRD_SIT) { printk(KERN_INFO ""Disabled Privacy Extensions on device %p(%s)\n"", dev, dev->name); ndev->cnf.use_tempaddr = -1; } else { in6_dev_hold(ndev); ipv6_regen_rndid((unsigned long) ndev); } #endif write_lock_bh(&addrconf_lock); dev->ip6_ptr = ndev; write_unlock_bh(&addrconf_lock); ipv6_mc_init_dev(ndev); ndev->tstamp = jiffies; #ifdef CONFIG_SYSCTL neigh_sysctl_register(dev, ndev->nd_parms, NET_IPV6, NET_IPV6_NEIGH, ""ipv6"", &ndisc_ifinfo_sysctl_change, NULL); addrconf_sysctl_register(ndev, &ndev->cnf); #endif } return ndev; }",linux-2.6,,,73460288508680905118550662866751600498,0 2395,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *inpic) { KerndeintContext *kerndeint = inlink->dst->priv; AVFilterLink *outlink = inlink->dst->outputs[0]; AVFrame *outpic; const uint8_t *prvp; const uint8_t *prvpp; const uint8_t *prvpn; const uint8_t *prvppp; const uint8_t *prvpnn; const uint8_t *prvp4p; const uint8_t *prvp4n; const uint8_t *srcp; const uint8_t *srcpp; const uint8_t *srcpn; const uint8_t *srcppp; const uint8_t *srcpnn; const uint8_t *srcp3p; const uint8_t *srcp3n; const uint8_t *srcp4p; const uint8_t *srcp4n; uint8_t *dstp, *dstp_saved; const uint8_t *srcp_saved; int src_linesize, psrc_linesize, dst_linesize, bwidth; int x, y, plane, val, hi, lo, g, h, n = kerndeint->frame++; double valf; const int thresh = kerndeint->thresh; const int order = kerndeint->order; const int map = kerndeint->map; const int sharp = kerndeint->sharp; const int twoway = kerndeint->twoway; const int is_packed_rgb = kerndeint->is_packed_rgb; outpic = ff_get_video_buffer(outlink, outlink->w, outlink->h); if (!outpic) { av_frame_free(&inpic); return AVERROR(ENOMEM); } av_frame_copy_props(outpic, inpic); outpic->interlaced_frame = 0; for (plane = 0; inpic->data[plane] && plane < 4; plane++) { h = plane == 0 ? inlink->h : FF_CEIL_RSHIFT(inlink->h, kerndeint->vsub); bwidth = kerndeint->tmp_bwidth[plane]; srcp = srcp_saved = inpic->data[plane]; src_linesize = inpic->linesize[plane]; psrc_linesize = kerndeint->tmp_linesize[plane]; dstp = dstp_saved = outpic->data[plane]; dst_linesize = outpic->linesize[plane]; srcp = srcp_saved + (1 - order) * src_linesize; dstp = dstp_saved + (1 - order) * dst_linesize; for (y = 0; y < h; y += 2) { memcpy(dstp, srcp, bwidth); srcp += 2 * src_linesize; dstp += 2 * dst_linesize; } memcpy(dstp_saved + order * dst_linesize, srcp_saved + (1 - order) * src_linesize, bwidth); memcpy(dstp_saved + (2 + order ) * dst_linesize, srcp_saved + (3 - order) * src_linesize, bwidth); memcpy(dstp_saved + (h - 2 + order) * dst_linesize, srcp_saved + (h - 1 - order) * src_linesize, bwidth); memcpy(dstp_saved + (h - 4 + order) * dst_linesize, srcp_saved + (h - 3 - order) * src_linesize, bwidth); prvp = kerndeint->tmp_data[plane] + 5 * psrc_linesize - (1 - order) * psrc_linesize; prvpp = prvp - psrc_linesize; prvppp = prvp - 2 * psrc_linesize; prvp4p = prvp - 4 * psrc_linesize; prvpn = prvp + psrc_linesize; prvpnn = prvp + 2 * psrc_linesize; prvp4n = prvp + 4 * psrc_linesize; srcp = srcp_saved + 5 * src_linesize - (1 - order) * src_linesize; srcpp = srcp - src_linesize; srcppp = srcp - 2 * src_linesize; srcp3p = srcp - 3 * src_linesize; srcp4p = srcp - 4 * src_linesize; srcpn = srcp + src_linesize; srcpnn = srcp + 2 * src_linesize; srcp3n = srcp + 3 * src_linesize; srcp4n = srcp + 4 * src_linesize; dstp = dstp_saved + 5 * dst_linesize - (1 - order) * dst_linesize; for (y = 5 - (1 - order); y <= h - 5 - (1 - order); y += 2) { for (x = 0; x < bwidth; x++) { if (thresh == 0 || n == 0 || (abs((int)prvp[x] - (int)srcp[x]) > thresh) || (abs((int)prvpp[x] - (int)srcpp[x]) > thresh) || (abs((int)prvpn[x] - (int)srcpn[x]) > thresh)) { if (map) { g = x & ~3; if (is_packed_rgb) { AV_WB32(dstp + g, 0xffffffff); x = g + 3; } else if (inlink->format == AV_PIX_FMT_YUYV422) { AV_WB32(dstp + g, 0xeb80eb80); x = g + 3; } else { dstp[x] = plane == 0 ? 235 : 128; } } else { if (is_packed_rgb) { hi = 255; lo = 0; } else if (inlink->format == AV_PIX_FMT_YUYV422) { hi = x & 1 ? 240 : 235; lo = 16; } else { hi = plane == 0 ? 235 : 240; lo = 16; } if (sharp) { if (twoway) { valf = + 0.526 * ((int)srcpp[x] + (int)srcpn[x]) + 0.170 * ((int)srcp[x] + (int)prvp[x]) - 0.116 * ((int)srcppp[x] + (int)srcpnn[x] + (int)prvppp[x] + (int)prvpnn[x]) - 0.026 * ((int)srcp3p[x] + (int)srcp3n[x]) + 0.031 * ((int)srcp4p[x] + (int)srcp4n[x] + (int)prvp4p[x] + (int)prvp4n[x]); } else { valf = + 0.526 * ((int)srcpp[x] + (int)srcpn[x]) + 0.170 * ((int)prvp[x]) - 0.116 * ((int)prvppp[x] + (int)prvpnn[x]) - 0.026 * ((int)srcp3p[x] + (int)srcp3n[x]) + 0.031 * ((int)prvp4p[x] + (int)prvp4p[x]); } dstp[x] = av_clip(valf, lo, hi); } else { if (twoway) { val = (8 * ((int)srcpp[x] + (int)srcpn[x]) + 2 * ((int)srcp[x] + (int)prvp[x]) - (int)(srcppp[x]) - (int)(srcpnn[x]) - (int)(prvppp[x]) - (int)(prvpnn[x])) >> 4; } else { val = (8 * ((int)srcpp[x] + (int)srcpn[x]) + 2 * ((int)prvp[x]) - (int)(prvppp[x]) - (int)(prvpnn[x])) >> 4; } dstp[x] = av_clip(val, lo, hi); } } } else { dstp[x] = srcp[x]; } } prvp += 2 * psrc_linesize; prvpp += 2 * psrc_linesize; prvppp += 2 * psrc_linesize; prvpn += 2 * psrc_linesize; prvpnn += 2 * psrc_linesize; prvp4p += 2 * psrc_linesize; prvp4n += 2 * psrc_linesize; srcp += 2 * src_linesize; srcpp += 2 * src_linesize; srcppp += 2 * src_linesize; srcp3p += 2 * src_linesize; srcp4p += 2 * src_linesize; srcpn += 2 * src_linesize; srcpnn += 2 * src_linesize; srcp3n += 2 * src_linesize; srcp4n += 2 * src_linesize; dstp += 2 * dst_linesize; } srcp = inpic->data[plane]; dstp = kerndeint->tmp_data[plane]; av_image_copy_plane(dstp, psrc_linesize, srcp, src_linesize, bwidth, h); } av_frame_free(&inpic); return ff_filter_frame(outlink, outpic); }",visit repo url,libavfilter/vf_kerndeint.c,https://github.com/FFmpeg/FFmpeg,109052853945238,1 2408,CWE-119,"static int read_header(FFV1Context *f) { uint8_t state[CONTEXT_SIZE]; int i, j, context_count = -1; RangeCoder *const c = &f->slice_context[0]->c; memset(state, 128, sizeof(state)); if (f->version < 2) { int chroma_planes, chroma_h_shift, chroma_v_shift, transparency; unsigned v= get_symbol(c, state, 0); if (v >= 2) { av_log(f->avctx, AV_LOG_ERROR, ""invalid version %d in ver01 header\n"", v); return AVERROR_INVALIDDATA; } f->version = v; f->ac = f->avctx->coder_type = get_symbol(c, state, 0); if (f->ac > 1) { for (i = 1; i < 256; i++) f->state_transition[i] = get_symbol(c, state, 1) + c->one_state[i]; } f->colorspace = get_symbol(c, state, 0); if (f->version > 0) f->avctx->bits_per_raw_sample = get_symbol(c, state, 0); chroma_planes = get_rac(c, state); chroma_h_shift = get_symbol(c, state, 0); chroma_v_shift = get_symbol(c, state, 0); transparency = get_rac(c, state); if (f->plane_count) { if ( chroma_planes != f->chroma_planes || chroma_h_shift!= f->chroma_h_shift || chroma_v_shift!= f->chroma_v_shift || transparency != f->transparency) { av_log(f->avctx, AV_LOG_ERROR, ""Invalid change of global parameters\n""); return AVERROR_INVALIDDATA; } } f->chroma_planes = chroma_planes; f->chroma_h_shift = chroma_h_shift; f->chroma_v_shift = chroma_v_shift; f->transparency = transparency; f->plane_count = 2 + f->transparency; } if (f->colorspace == 0) { if (!f->transparency && !f->chroma_planes) { if (f->avctx->bits_per_raw_sample <= 8) f->avctx->pix_fmt = AV_PIX_FMT_GRAY8; else f->avctx->pix_fmt = AV_PIX_FMT_GRAY16; } else if (f->avctx->bits_per_raw_sample<=8 && !f->transparency) { switch(16 * f->chroma_h_shift + f->chroma_v_shift) { case 0x00: f->avctx->pix_fmt = AV_PIX_FMT_YUV444P; break; case 0x01: f->avctx->pix_fmt = AV_PIX_FMT_YUV440P; break; case 0x10: f->avctx->pix_fmt = AV_PIX_FMT_YUV422P; break; case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUV420P; break; case 0x20: f->avctx->pix_fmt = AV_PIX_FMT_YUV411P; break; case 0x22: f->avctx->pix_fmt = AV_PIX_FMT_YUV410P; break; default: av_log(f->avctx, AV_LOG_ERROR, ""format not supported\n""); return AVERROR(ENOSYS); } } else if (f->avctx->bits_per_raw_sample <= 8 && f->transparency) { switch(16*f->chroma_h_shift + f->chroma_v_shift) { case 0x00: f->avctx->pix_fmt = AV_PIX_FMT_YUVA444P; break; case 0x10: f->avctx->pix_fmt = AV_PIX_FMT_YUVA422P; break; case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUVA420P; break; default: av_log(f->avctx, AV_LOG_ERROR, ""format not supported\n""); return AVERROR(ENOSYS); } } else if (f->avctx->bits_per_raw_sample == 9) { f->packed_at_lsb = 1; switch(16 * f->chroma_h_shift + f->chroma_v_shift) { case 0x00: f->avctx->pix_fmt = AV_PIX_FMT_YUV444P9; break; case 0x10: f->avctx->pix_fmt = AV_PIX_FMT_YUV422P9; break; case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUV420P9; break; default: av_log(f->avctx, AV_LOG_ERROR, ""format not supported\n""); return AVERROR(ENOSYS); } } else if (f->avctx->bits_per_raw_sample == 10) { f->packed_at_lsb = 1; switch(16 * f->chroma_h_shift + f->chroma_v_shift) { case 0x00: f->avctx->pix_fmt = AV_PIX_FMT_YUV444P10; break; case 0x10: f->avctx->pix_fmt = AV_PIX_FMT_YUV422P10; break; case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUV420P10; break; default: av_log(f->avctx, AV_LOG_ERROR, ""format not supported\n""); return AVERROR(ENOSYS); } } else { switch(16 * f->chroma_h_shift + f->chroma_v_shift) { case 0x00: f->avctx->pix_fmt = AV_PIX_FMT_YUV444P16; break; case 0x10: f->avctx->pix_fmt = AV_PIX_FMT_YUV422P16; break; case 0x11: f->avctx->pix_fmt = AV_PIX_FMT_YUV420P16; break; default: av_log(f->avctx, AV_LOG_ERROR, ""format not supported\n""); return AVERROR(ENOSYS); } } } else if (f->colorspace == 1) { if (f->chroma_h_shift || f->chroma_v_shift) { av_log(f->avctx, AV_LOG_ERROR, ""chroma subsampling not supported in this colorspace\n""); return AVERROR(ENOSYS); } if ( f->avctx->bits_per_raw_sample == 9) f->avctx->pix_fmt = AV_PIX_FMT_GBRP9; else if (f->avctx->bits_per_raw_sample == 10) f->avctx->pix_fmt = AV_PIX_FMT_GBRP10; else if (f->avctx->bits_per_raw_sample == 12) f->avctx->pix_fmt = AV_PIX_FMT_GBRP12; else if (f->avctx->bits_per_raw_sample == 14) f->avctx->pix_fmt = AV_PIX_FMT_GBRP14; else if (f->transparency) f->avctx->pix_fmt = AV_PIX_FMT_RGB32; else f->avctx->pix_fmt = AV_PIX_FMT_0RGB32; } else { av_log(f->avctx, AV_LOG_ERROR, ""colorspace not supported\n""); return AVERROR(ENOSYS); } av_dlog(f->avctx, ""%d %d %d\n"", f->chroma_h_shift, f->chroma_v_shift, f->avctx->pix_fmt); if (f->version < 2) { context_count = read_quant_tables(c, f->quant_table); if (context_count < 0) { av_log(f->avctx, AV_LOG_ERROR, ""read_quant_table error\n""); return AVERROR_INVALIDDATA; } } else if (f->version < 3) { f->slice_count = get_symbol(c, state, 0); } else { const uint8_t *p = c->bytestream_end; for (f->slice_count = 0; f->slice_count < MAX_SLICES && 3 < p - c->bytestream_start; f->slice_count++) { int trailer = 3 + 5*!!f->ec; int size = AV_RB24(p-trailer); if (size + trailer > p - c->bytestream_start) break; p -= size + trailer; } } if (f->slice_count > (unsigned)MAX_SLICES || f->slice_count <= 0) { av_log(f->avctx, AV_LOG_ERROR, ""slice count %d is invalid\n"", f->slice_count); return AVERROR_INVALIDDATA; } for (j = 0; j < f->slice_count; j++) { FFV1Context *fs = f->slice_context[j]; fs->ac = f->ac; fs->packed_at_lsb = f->packed_at_lsb; fs->slice_damaged = 0; if (f->version == 2) { fs->slice_x = get_symbol(c, state, 0) * f->width ; fs->slice_y = get_symbol(c, state, 0) * f->height; fs->slice_width = (get_symbol(c, state, 0) + 1) * f->width + fs->slice_x; fs->slice_height = (get_symbol(c, state, 0) + 1) * f->height + fs->slice_y; fs->slice_x /= f->num_h_slices; fs->slice_y /= f->num_v_slices; fs->slice_width = fs->slice_width / f->num_h_slices - fs->slice_x; fs->slice_height = fs->slice_height / f->num_v_slices - fs->slice_y; if ((unsigned)fs->slice_width > f->width || (unsigned)fs->slice_height > f->height) return AVERROR_INVALIDDATA; if ( (unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height) return AVERROR_INVALIDDATA; } for (i = 0; i < f->plane_count; i++) { PlaneContext *const p = &fs->plane[i]; if (f->version == 2) { int idx = get_symbol(c, state, 0); if (idx > (unsigned)f->quant_table_count) { av_log(f->avctx, AV_LOG_ERROR, ""quant_table_index out of range\n""); return AVERROR_INVALIDDATA; } p->quant_table_index = idx; memcpy(p->quant_table, f->quant_tables[idx], sizeof(p->quant_table)); context_count = f->context_count[idx]; } else { memcpy(p->quant_table, f->quant_table, sizeof(p->quant_table)); } if (f->version <= 2) { av_assert0(context_count >= 0); if (p->context_count < context_count) { av_freep(&p->state); av_freep(&p->vlc_state); } p->context_count = context_count; } } } return 0; }",visit repo url,libavcodec/ffv1dec.c,https://github.com/FFmpeg/FFmpeg,173451596943921,1 812,CWE-20,"static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; unsigned int copied, rlen; struct sk_buff *skb, *cskb; int err = 0; pr_debug(""%p %zu\n"", sk, len); msg->msg_namelen = 0; lock_sock(sk); if (sk->sk_state == LLCP_CLOSED && skb_queue_empty(&sk->sk_receive_queue)) { release_sock(sk); return 0; } release_sock(sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { pr_err(""Recv datagram failed state %d %d %d"", sk->sk_state, err, sock_error(sk)); if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } rlen = skb->len; copied = min_t(unsigned int, rlen, len); cskb = skb; if (skb_copy_datagram_iovec(cskb, 0, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } sock_recv_timestamp(msg, sk, skb); if (sk->sk_type == SOCK_DGRAM && msg->msg_name) { struct nfc_llcp_ui_cb *ui_cb = nfc_llcp_ui_skb_cb(skb); struct sockaddr_nfc_llcp *sockaddr = (struct sockaddr_nfc_llcp *) msg->msg_name; msg->msg_namelen = sizeof(struct sockaddr_nfc_llcp); pr_debug(""Datagram socket %d %d\n"", ui_cb->dsap, ui_cb->ssap); memset(sockaddr, 0, sizeof(*sockaddr)); sockaddr->sa_family = AF_NFC; sockaddr->nfc_protocol = NFC_PROTO_NFC_DEP; sockaddr->dsap = ui_cb->dsap; sockaddr->ssap = ui_cb->ssap; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) { skb_pull(skb, copied); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); goto done; } } kfree_skb(skb); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/nfc/llcp_sock.c,https://github.com/torvalds/linux,259541481085604,1 2007,['CWE-269'],"static int mount_is_safe(struct nameidata *nd) { if (capable(CAP_SYS_ADMIN)) return 0; return -EPERM; #ifdef notyet if (S_ISLNK(nd->dentry->d_inode->i_mode)) return -EPERM; if (nd->dentry->d_inode->i_mode & S_ISVTX) { if (current->uid != nd->dentry->d_inode->i_uid) return -EPERM; } if (vfs_permission(nd, MAY_WRITE)) return -EPERM; return 0; #endif }",linux-2.6,,,294189940513554393815213946506054551654,0 3168,CWE-125,"fr_print(netdissect_options *ndo, register const u_char *p, u_int length) { int ret; uint16_t extracted_ethertype; u_int dlci; u_int addr_len; uint16_t nlpid; u_int hdr_len; uint8_t flags[4]; ret = parse_q922_addr(ndo, p, &dlci, &addr_len, flags, length); if (ret == -1) goto trunc; if (ret == 0) { ND_PRINT((ndo, ""Q.922, invalid address"")); return 0; } ND_TCHECK(p[addr_len]); if (length < addr_len + 1) goto trunc; if (p[addr_len] != LLC_UI && dlci != 0) { if (!ND_TTEST2(p[addr_len], 2) || length < addr_len + 2) { ND_PRINT((ndo, ""UI %02x! "", p[addr_len])); } else { extracted_ethertype = EXTRACT_16BITS(p+addr_len); if (ndo->ndo_eflag) fr_hdr_print(ndo, length, addr_len, dlci, flags, extracted_ethertype); if (ethertype_print(ndo, extracted_ethertype, p+addr_len+ETHERTYPE_LEN, length-addr_len-ETHERTYPE_LEN, ndo->ndo_snapend-p-addr_len-ETHERTYPE_LEN, NULL, NULL) == 0) ND_PRINT((ndo, ""UI %02x! "", p[addr_len])); else return addr_len + 2; } } ND_TCHECK(p[addr_len+1]); if (length < addr_len + 2) goto trunc; if (p[addr_len + 1] == 0) { if (addr_len != 3) ND_PRINT((ndo, ""Pad! "")); hdr_len = addr_len + 1 + 1 + 1 ; } else { if (addr_len == 3) ND_PRINT((ndo, ""No pad! "")); hdr_len = addr_len + 1 + 1 ; } ND_TCHECK(p[hdr_len - 1]); if (length < hdr_len) goto trunc; nlpid = p[hdr_len - 1]; if (ndo->ndo_eflag) fr_hdr_print(ndo, length, addr_len, dlci, flags, nlpid); p += hdr_len; length -= hdr_len; switch (nlpid) { case NLPID_IP: ip_print(ndo, p, length); break; case NLPID_IP6: ip6_print(ndo, p, length); break; case NLPID_CLNP: case NLPID_ESIS: case NLPID_ISIS: isoclns_print(ndo, p - 1, length + 1, ndo->ndo_snapend - p + 1); break; case NLPID_SNAP: if (snap_print(ndo, p, length, ndo->ndo_snapend - p, NULL, NULL, 0) == 0) { if (!ndo->ndo_eflag) fr_hdr_print(ndo, length + hdr_len, hdr_len, dlci, flags, nlpid); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p - hdr_len, length + hdr_len); } break; case NLPID_Q933: q933_print(ndo, p, length); break; case NLPID_MFR: frf15_print(ndo, p, length); break; case NLPID_PPP: ppp_print(ndo, p, length); break; default: if (!ndo->ndo_eflag) fr_hdr_print(ndo, length + hdr_len, addr_len, dlci, flags, nlpid); if (!ndo->ndo_xflag) ND_DEFAULTPRINT(p, length); } return hdr_len; trunc: ND_PRINT((ndo, ""[|fr]"")); return 0; }",visit repo url,print-fr.c,https://github.com/the-tcpdump-group/tcpdump,193159026940277,1 1166,['CWE-189'],static inline int hrtimer_switch_to_hres(void) { return 0; },linux-2.6,,,260214844644759186159657420132991284386,0 6623,CWE-787,"static int MqttClient_WaitType(MqttClient *client, void *packet_obj, byte wait_type, word16 wait_packet_id, int timeout_ms) { int rc; word16 packet_id; MqttPacketType packet_type; #ifdef WOLFMQTT_MULTITHREAD MqttPendResp *pendResp; int readLocked; #endif MqttMsgStat* mms_stat; int waitMatchFound; if (client == NULL || packet_obj == NULL) { return MQTT_CODE_ERROR_BAD_ARG; } mms_stat = (MqttMsgStat*)packet_obj; wait_again: packet_id = 0; packet_type = MQTT_PACKET_TYPE_RESERVED; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; readLocked = 0; #endif waitMatchFound = 0; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Type %s (%d), ID %d"", MqttPacket_TypeDesc((MqttPacketType)wait_type), wait_type, wait_packet_id); #endif switch ((int)*mms_stat) { case MQTT_MSG_BEGIN: { #ifdef WOLFMQTT_MULTITHREAD rc = wm_SemLock(&client->lockRecv); if (rc != 0) { PRINTF(""MqttClient_WaitType: recv lock error!""); return rc; } readLocked = 1; #endif client->packet.stat = MQTT_PK_BEGIN; } FALL_THROUGH; #ifdef WOLFMQTT_V5 case MQTT_MSG_AUTH: #endif case MQTT_MSG_WAIT: { #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, (MqttPacketType)wait_type, wait_packet_id, &pendResp)) { if (pendResp->packetDone) { rc = pendResp->packet_ret; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp already Done %p: Rc %d"", pendResp, rc); #endif MqttClient_RespList_Remove(client, pendResp); wm_SemUnlock(&client->lockClient); wm_SemUnlock(&client->lockRecv); return rc; } } wm_SemUnlock(&client->lockClient); } else { break; } #endif *mms_stat = MQTT_MSG_WAIT; rc = MqttPacket_Read(client, client->rx_buf, client->rx_buf_len, timeout_ms); if (rc <= 0) { break; } client->packet.buf_len = rc; rc = MqttClient_DecodePacket(client, client->rx_buf, client->packet.buf_len, NULL, &packet_type, NULL, &packet_id); if (rc < 0) { break; } #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""Read Packet: Len %d, Type %d, ID %d"", client->packet.buf_len, packet_type, packet_id); #endif *mms_stat = MQTT_MSG_READ; } FALL_THROUGH; case MQTT_MSG_READ: case MQTT_MSG_READ_PAYLOAD: { MqttPacketType use_packet_type; void* use_packet_obj; #ifdef WOLFMQTT_MULTITHREAD readLocked = 1; #endif if (*mms_stat == MQTT_MSG_READ_PAYLOAD) { packet_type = MQTT_PACKET_TYPE_PUBLISH; } if ((wait_type == MQTT_PACKET_TYPE_ANY || wait_type == packet_type || MqttIsPubRespPacket(packet_type) == MqttIsPubRespPacket(wait_type)) && (wait_packet_id == 0 || wait_packet_id == packet_id)) { use_packet_obj = packet_obj; waitMatchFound = 1; } else { use_packet_obj = &client->msg; } use_packet_type = packet_type; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, packet_type, packet_id, &pendResp)) { pendResp->packetProcessing = 1; use_packet_obj = pendResp->packet_obj; use_packet_type = pendResp->packet_type; waitMatchFound = 0; } wm_SemUnlock(&client->lockClient); } else { break; } #endif rc = MqttClient_HandlePacket(client, use_packet_type, use_packet_obj, timeout_ms); #ifdef WOLFMQTT_NONBLOCK if (rc == MQTT_CODE_CONTINUE) { return rc; } #endif if (rc >= 0) { rc = MQTT_CODE_SUCCESS; } #ifdef WOLFMQTT_MULTITHREAD if (pendResp) { if (wm_SemLock(&client->lockClient) == 0) { pendResp->packetDone = 1; pendResp->packet_ret = rc; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp Done %p"", pendResp); #endif pendResp = NULL; wm_SemUnlock(&client->lockClient); } } #endif break; } case MQTT_MSG_WRITE: case MQTT_MSG_WRITE_PAYLOAD: default: { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Invalid state %d!"", *mms_stat); #endif rc = MQTT_CODE_ERROR_STAT; break; } } #ifdef WOLFMQTT_NONBLOCK if (rc != MQTT_CODE_CONTINUE) #endif { *mms_stat = MQTT_MSG_BEGIN; } #ifdef WOLFMQTT_MULTITHREAD if (readLocked) { wm_SemUnlock(&client->lockRecv); } #endif if (rc < 0) { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Failure: %s (%d)"", MqttClient_ReturnCodeToString(rc), rc); #endif return rc; } if (!waitMatchFound) { goto wait_again; } return rc; }",visit repo url,src/mqtt_client.c,https://github.com/wolfSSL/wolfMQTT,278703091752165,1 1034,['CWE-20'],"asmlinkage long sys_getrlimit(unsigned int resource, struct rlimit __user *rlim) { if (resource >= RLIM_NLIMITS) return -EINVAL; else { struct rlimit value; task_lock(current->group_leader); value = current->signal->rlim[resource]; task_unlock(current->group_leader); return copy_to_user(rlim, &value, sizeof(*rlim)) ? -EFAULT : 0; } }",linux-2.6,,,302681378235367629582770485821151599537,0 2144,['CWE-119'],"static inline void native_store_idt(struct desc_ptr *dtr) { asm volatile(""sidt %0"":""=m"" (*dtr)); }",linux-2.6,,,23001494431914414566913862247817171598,0 2319,['CWE-120'],"int vfs_follow_link(struct nameidata *nd, const char *link) { return __vfs_follow_link(nd, link); }",linux-2.6,,,210689355916412568478575279083292326312,0 3764,CWE-476,"int re_yylex_init_extra(YY_EXTRA_TYPE yy_user_defined,yyscan_t* ptr_yy_globals ) { struct yyguts_t dummy_yyguts; re_yyset_extra (yy_user_defined, &dummy_yyguts); if (ptr_yy_globals == NULL){ errno = EINVAL; return 1; } *ptr_yy_globals = (yyscan_t) re_yyalloc ( sizeof( struct yyguts_t ), &dummy_yyguts ); if (*ptr_yy_globals == NULL){ errno = ENOMEM; return 1; } memset(*ptr_yy_globals,0x00,sizeof(struct yyguts_t)); re_yyset_extra (yy_user_defined, *ptr_yy_globals); return yy_init_globals ( *ptr_yy_globals );",visit repo url,libyara/re_lexer.c,https://github.com/VirusTotal/yara,241611241924969,1 2154,CWE-476,"static struct btrfs_device *find_device(struct btrfs_fs_devices *fs_devices, u64 devid, const u8 *uuid) { struct btrfs_device *dev; list_for_each_entry(dev, &fs_devices->devices, dev_list) { if (dev->devid == devid && (!uuid || !memcmp(dev->uuid, uuid, BTRFS_UUID_SIZE))) { return dev; } } return NULL; }",visit repo url,fs/btrfs/volumes.c,https://github.com/torvalds/linux,99503748644184,1 6620,['CWE-200'],"static void nma_icon_theme_changed (GtkIconTheme *icon_theme, NMApplet *applet) { nma_icons_free (applet); nma_icons_load (applet); }",network-manager-applet,,,204311954339026458323848429674904850144,0 4313,['CWE-119'],"static status ParsePlayList (AFfilehandle filehandle, AFvirtualfile *fp, uint32_t id, size_t size) { _Instrument *instrument; uint32_t segmentCount; int segment; af_read_uint32_le(&segmentCount, fp); if (segmentCount == 0) { filehandle->instrumentCount = 0; filehandle->instruments = NULL; return AF_SUCCEED; } for (segment=0; segmentcp_str, str, len) == 0 && match->cp_str[len] == NUL) return NOTDONE; match = match->cp_next; } while (match != NULL && !is_first_match(match)); } ins_compl_del_pum(); match = ALLOC_CLEAR_ONE(compl_T); if (match == NULL) return FAIL; match->cp_number = -1; if (flags & CP_ORIGINAL_TEXT) match->cp_number = 0; if ((match->cp_str = vim_strnsave(str, len)) == NULL) { vim_free(match); return FAIL; } if (fname != NULL && compl_curr_match != NULL && compl_curr_match->cp_fname != NULL && STRCMP(fname, compl_curr_match->cp_fname) == 0) match->cp_fname = compl_curr_match->cp_fname; else if (fname != NULL) { match->cp_fname = vim_strsave(fname); flags |= CP_FREE_FNAME; } else match->cp_fname = NULL; match->cp_flags = flags; if (cptext != NULL) { int i; for (i = 0; i < CPT_COUNT; ++i) if (cptext[i] != NULL && *cptext[i] != NUL) match->cp_text[i] = vim_strsave(cptext[i]); } #ifdef FEAT_EVAL if (user_data != NULL) match->cp_user_data = *user_data; #endif if (compl_first_match == NULL) match->cp_next = match->cp_prev = NULL; else if (dir == FORWARD) { match->cp_next = compl_curr_match->cp_next; match->cp_prev = compl_curr_match; } else { match->cp_next = compl_curr_match; match->cp_prev = compl_curr_match->cp_prev; } if (match->cp_next) match->cp_next->cp_prev = match; if (match->cp_prev) match->cp_prev->cp_next = match; else compl_first_match = match; compl_curr_match = match; if (compl_get_longest && (flags & CP_ORIGINAL_TEXT) == 0) ins_compl_longest_match(match); return OK; }",visit repo url,src/insexpand.c,https://github.com/vim/vim,211727514918189,1 3120,['CWE-189'],"static int jas_iccattrtab_lookup(jas_iccattrtab_t *attrtab, jas_iccuint32_t name) { int i; jas_iccattr_t *attr; for (i = 0; i < attrtab->numattrs; ++i) { attr = &attrtab->attrs[i]; if (attr->name == name) return i; } return -1; }",jasper,,,113449537633902047348069510754848537204,0 2091,[],"static inline int __udp_lib_lport_inuse(__u16 num, const struct hlist_head udptable[]) { struct sock *sk; struct hlist_node *node; sk_for_each(sk, node, &udptable[num & (UDP_HTABLE_SIZE - 1)]) if (sk->sk_hash == num) return 1; return 0; }",linux-2.6,,,132415148538424336999661022338224739461,0 3467,NVD-CWE-noinfo,"list_tables(MYSQL *mysql,const char *db,const char *table) { const char *header; uint head_length, counter = 0; char query[255], rows[NAME_LEN], fields[16]; MYSQL_FIELD *field; MYSQL_RES *result; MYSQL_ROW row, rrow; if (mysql_select_db(mysql,db)) { fprintf(stderr,""%s: Cannot connect to db %s: %s\n"",my_progname,db, mysql_error(mysql)); return 1; } if (table) { mysql_real_escape_string(mysql, rows, table, (unsigned long)strlen(table)); my_snprintf(query, sizeof(query), ""show%s tables like '%s'"", opt_table_type ? "" full"" : """", rows); } else my_snprintf(query, sizeof(query), ""show%s tables"", opt_table_type ? "" full"" : """"); if (mysql_query(mysql, query) || !(result= mysql_store_result(mysql))) { fprintf(stderr,""%s: Cannot list tables in %s: %s\n"",my_progname,db, mysql_error(mysql)); exit(1); } printf(""Database: %s"",db); if (table) printf("" Wildcard: %s"",table); putchar('\n'); header=""Tables""; head_length=(uint) strlen(header); field=mysql_fetch_field(result); if (head_length < field->max_length) head_length=field->max_length; if (opt_table_type) { if (!opt_verbose) print_header(header,head_length,""table_type"",10,NullS); else if (opt_verbose == 1) print_header(header,head_length,""table_type"",10,""Columns"",8,NullS); else { print_header(header,head_length,""table_type"",10,""Columns"",8, ""Total Rows"",10,NullS); } } else { if (!opt_verbose) print_header(header,head_length,NullS); else if (opt_verbose == 1) print_header(header,head_length,""Columns"",8,NullS); else print_header(header,head_length,""Columns"",8, ""Total Rows"",10,NullS); } while ((row = mysql_fetch_row(result))) { counter++; if (opt_verbose > 0) { if (!(mysql_select_db(mysql,db))) { MYSQL_RES *rresult = mysql_list_fields(mysql,row[0],NULL); ulong rowcount=0L; if (!rresult) { strmov(fields,""N/A""); strmov(rows,""N/A""); } else { sprintf(fields,""%8u"",(uint) mysql_num_fields(rresult)); mysql_free_result(rresult); if (opt_verbose > 1) { sprintf(query,""SELECT COUNT(*) FROM `%s`"",row[0]); if (!(mysql_query(mysql,query))) { if ((rresult = mysql_store_result(mysql))) { rrow = mysql_fetch_row(rresult); rowcount += (unsigned long) strtoull(rrow[0], (char**) 0, 10); mysql_free_result(rresult); } sprintf(rows,""%10lu"",rowcount); } else sprintf(rows,""%10d"",0); } } } else { strmov(fields,""N/A""); strmov(rows,""N/A""); } } if (opt_table_type) { if (!opt_verbose) print_row(row[0],head_length,row[1],10,NullS); else if (opt_verbose == 1) print_row(row[0],head_length,row[1],10,fields,8,NullS); else print_row(row[0],head_length,row[1],10,fields,8,rows,10,NullS); } else { if (!opt_verbose) print_row(row[0],head_length,NullS); else if (opt_verbose == 1) print_row(row[0],head_length, fields,8, NullS); else print_row(row[0],head_length, fields,8, rows,10, NullS); } } print_trailer(head_length, (opt_table_type ? 10 : opt_verbose > 0 ? 8 : 0), (opt_table_type ? (opt_verbose > 0 ? 8 : 0) : (opt_verbose > 1 ? 10 :0)), !opt_table_type ? 0 : opt_verbose > 1 ? 10 :0, 0); if (counter && opt_verbose) printf(""%u row%s in set.\n\n"",counter,(counter > 1) ? ""s"" : """"); mysql_free_result(result); return 0; }",visit repo url,client/mysqlshow.c,https://github.com/mysql/mysql-server,231223723420699,1 5659,CWE-59,"add_mibdir(const char *dirname) { FILE *ip; const char *oldFile = File; char **filenames; int count = 0; int filename_count, i; #if !(defined(WIN32) || defined(cygwin)) char *token; char space; char newline; struct stat dir_stat, idx_stat; char tmpstr[300]; char tmpstr1[300]; #endif DEBUGMSGTL((""parse-mibs"", ""Scanning directory %s\n"", dirname)); #if !(defined(WIN32) || defined(cygwin)) token = netsnmp_mibindex_lookup( dirname ); if (token && stat(token, &idx_stat) == 0 && stat(dirname, &dir_stat) == 0) { if (dir_stat.st_mtime < idx_stat.st_mtime) { DEBUGMSGTL((""parse-mibs"", ""The index is good\n"")); if ((ip = fopen(token, ""r"")) != NULL) { fgets(tmpstr, sizeof(tmpstr), ip); while (fscanf(ip, ""%127s%c%299[^\n]%c"", token, &space, tmpstr, &newline) == 4) { if (space != ' ' || newline != '\n') { snmp_log(LOG_ERR, ""add_mibdir: strings scanned in from %s/%s "" \ ""are too large. count = %d\n "", dirname, "".index"", count); break; } snprintf(tmpstr1, sizeof(tmpstr1), ""%s/%s"", dirname, tmpstr); tmpstr1[ sizeof(tmpstr1)-1 ] = 0; new_module(token, tmpstr1); count++; } fclose(ip); return count; } else DEBUGMSGTL((""parse-mibs"", ""Can't read index\n"")); } else DEBUGMSGTL((""parse-mibs"", ""Index outdated\n"")); } else DEBUGMSGTL((""parse-mibs"", ""No index\n"")); #endif filename_count = scan_directory(&filenames, dirname); if (filename_count >= 0) { ip = netsnmp_mibindex_new(dirname); for (i = 0; i < filename_count; i++) { if (add_mibfile(filenames[i], strrchr(filenames[i], '/'), ip) == 0) count++; free(filenames[i]); } File = oldFile; if (ip) fclose(ip); free(filenames); return (count); } else DEBUGMSGTL((""parse-mibs"",""cannot open MIB directory %s\n"", dirname)); return (-1); }",visit repo url,snmplib/parse.c,https://github.com/net-snmp/net-snmp,125726771071248,1 3453,CWE-59,"int main(int argc, char **argv) { setlocale(LC_ALL, """"); #if ENABLE_NLS bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); #endif abrt_init(argv); const char *program_usage_string = _( ""& [-y] [-i BUILD_IDS_FILE|-i -] [-e PATH[:PATH]...]\n"" ""\t[-r REPO]\n"" ""\n"" ""Installs debuginfo packages for all build-ids listed in BUILD_IDS_FILE to\n"" ""ABRT system cache."" ); enum { OPT_v = 1 << 0, OPT_y = 1 << 1, OPT_i = 1 << 2, OPT_e = 1 << 3, OPT_r = 1 << 4, OPT_s = 1 << 5, }; const char *build_ids = ""build_ids""; const char *exact = NULL; const char *repo = NULL; const char *size_mb = NULL; struct options program_options[] = { OPT__VERBOSE(&g_verbose), OPT_BOOL ('y', ""yes"", NULL, _(""Noninteractive, assume 'Yes' to all questions"")), OPT_STRING('i', ""ids"", &build_ids, ""BUILD_IDS_FILE"", _(""- means STDIN, default: build_ids"")), OPT_STRING('e', ""exact"", &exact, ""EXACT"", _(""Download only specified files"")), OPT_STRING('r', ""repo"", &repo, ""REPO"", _(""Pattern to use when searching for repos, default: *debug*"")), OPT_STRING('s', ""size_mb"", &size_mb, ""SIZE_MB"", _(""Ignored option"")), OPT_END() }; const unsigned opts = parse_opts(argc, argv, program_options, program_usage_string); const gid_t egid = getegid(); const gid_t rgid = getgid(); const uid_t euid = geteuid(); const gid_t ruid = getuid(); char *build_ids_self_fd = NULL; if (strcmp(""-"", build_ids) != 0) { if (setregid(egid, rgid) < 0) perror_msg_and_die(""setregid(egid, rgid)""); if (setreuid(euid, ruid) < 0) perror_msg_and_die(""setreuid(euid, ruid)""); const int build_ids_fd = open(build_ids, O_RDONLY); if (setregid(rgid, egid) < 0) perror_msg_and_die(""setregid(rgid, egid)""); if (setreuid(ruid, euid) < 0 ) perror_msg_and_die(""setreuid(ruid, euid)""); if (build_ids_fd < 0) perror_msg_and_die(""Failed to open file '%s'"", build_ids); build_ids_self_fd = xasprintf(""/proc/self/fd/%d"", build_ids_fd); } const char *args[11]; { const char *verbs[] = { """", ""-v"", ""-vv"", ""-vvv"" }; unsigned i = 0; args[i++] = EXECUTABLE; args[i++] = ""--ids""; args[i++] = (build_ids_self_fd != NULL) ? build_ids_self_fd : ""-""; if (g_verbose > 0) args[i++] = verbs[g_verbose <= 3 ? g_verbose : 3]; if ((opts & OPT_y)) args[i++] = ""-y""; if ((opts & OPT_e)) { args[i++] = ""--exact""; args[i++] = exact; } if ((opts & OPT_r)) { args[i++] = ""--repo""; args[i++] = repo; } args[i++] = ""--""; args[i] = NULL; } if (egid != rgid) IGNORE_RESULT(setregid(egid, egid)); if (euid != ruid) { IGNORE_RESULT(setreuid(euid, euid)); #if 1 static const char *whitelist[] = { ""REPORT_CLIENT_SLAVE"", ""LANG"", }; const size_t wlsize = sizeof(whitelist)/sizeof(char*); char *setlist[sizeof(whitelist)/sizeof(char*)] = { 0 }; char *p = NULL; for (size_t i = 0; i < wlsize; i++) if ((p = getenv(whitelist[i])) != NULL) setlist[i] = xstrdup(p); clearenv(); for (size_t i = 0; i < wlsize; i++) if (setlist[i] != NULL) { xsetenv(whitelist[i], setlist[i]); free(setlist[i]); } #else static const char forbid[] = ""LD_LIBRARY_PATH"" ""\0"" ""LD_PRELOAD"" ""\0"" ""LD_TRACE_LOADED_OBJECTS"" ""\0"" ""LD_BIND_NOW"" ""\0"" ""LD_AOUT_LIBRARY_PATH"" ""\0"" ""LD_AOUT_PRELOAD"" ""\0"" ""LD_NOWARN"" ""\0"" ""LD_KEEPDIR"" ""\0"" ; const char *p = forbid; do { unsetenv(p); p += strlen(p) + 1; } while (*p); #endif char path_env[] = ""PATH=/usr/sbin:/sbin:/usr/bin:/bin:""BIN_DIR"":""SBIN_DIR; if (euid != 0) strcpy(path_env, ""PATH=/usr/bin:/bin:""BIN_DIR); putenv(path_env); umask(0022); } execvp(EXECUTABLE, (char **)args); error_msg_and_die(""Can't execute %s"", EXECUTABLE); }",visit repo url,src/plugins/abrt-action-install-debuginfo-to-abrt-cache.c,https://github.com/abrt/abrt,67707295039474,1 3622,CWE-617,"cdp_decode(struct lldpd *cfg, char *frame, int s, struct lldpd_hardware *hardware, struct lldpd_chassis **newchassis, struct lldpd_port **newport) { struct lldpd_chassis *chassis; struct lldpd_port *port; struct lldpd_mgmt *mgmt; struct in_addr addr; #if 0 u_int16_t cksum; #endif u_int8_t *software = NULL, *platform = NULL; int software_len = 0, platform_len = 0, proto, version, nb, caps; const unsigned char cdpaddr[] = CDP_MULTICAST_ADDR; #ifdef ENABLE_FDP const unsigned char fdpaddr[] = CDP_MULTICAST_ADDR; int fdp = 0; #endif u_int8_t *pos, *tlv, *pos_address, *pos_next_address; int length, len_eth, tlv_type, tlv_len, addresses_len, address_len; #ifdef ENABLE_DOT1 struct lldpd_vlan *vlan; #endif log_debug(""cdp"", ""decode CDP frame received on %s"", hardware->h_ifname); if ((chassis = calloc(1, sizeof(struct lldpd_chassis))) == NULL) { log_warn(""cdp"", ""failed to allocate remote chassis""); return -1; } TAILQ_INIT(&chassis->c_mgmt); if ((port = calloc(1, sizeof(struct lldpd_port))) == NULL) { log_warn(""cdp"", ""failed to allocate remote port""); free(chassis); return -1; } #ifdef ENABLE_DOT1 TAILQ_INIT(&port->p_vlans); #endif length = s; pos = (u_int8_t*)frame; if (length < 2*ETHER_ADDR_LEN + sizeof(u_int16_t) + 8 + 4 ) { log_warn(""cdp"", ""too short CDP/FDP frame received on %s"", hardware->h_ifname); goto malformed; } if (PEEK_CMP(cdpaddr, sizeof(cdpaddr)) != 0) { #ifdef ENABLE_FDP PEEK_RESTORE((u_int8_t*)frame); if (PEEK_CMP(fdpaddr, sizeof(fdpaddr)) != 0) fdp = 1; else { #endif log_info(""cdp"", ""frame not targeted at CDP/FDP multicast address received on %s"", hardware->h_ifname); goto malformed; #ifdef ENABLE_FDP } #endif } PEEK_DISCARD(ETHER_ADDR_LEN); len_eth = PEEK_UINT16; if (len_eth > length) { log_warnx(""cdp"", ""incorrect 802.3 frame size reported on %s"", hardware->h_ifname); goto malformed; } PEEK_DISCARD(6); proto = PEEK_UINT16; if (proto != LLC_PID_CDP) { if ((proto != LLC_PID_DRIP) && (proto != LLC_PID_PAGP) && (proto != LLC_PID_PVSTP) && (proto != LLC_PID_UDLD) && (proto != LLC_PID_VTP) && (proto != LLC_PID_DTP) && (proto != LLC_PID_STP)) log_debug(""cdp"", ""incorrect LLC protocol ID received on %s"", hardware->h_ifname); goto malformed; } #if 0 cksum = frame_checksum(pos, len_eth - 8, #ifdef ENABLE_FDP !fdp #else 1 #endif ); if (cksum != 0) { log_info(""cdp"", ""incorrect CDP/FDP checksum for frame received on %s (%d)"", hardware->h_ifname, cksum); goto malformed; } #endif version = PEEK_UINT8; if ((version != 1) && (version != 2)) { log_warnx(""cdp"", ""incorrect CDP/FDP version (%d) for frame received on %s"", version, hardware->h_ifname); goto malformed; } chassis->c_ttl = PEEK_UINT8; PEEK_DISCARD_UINT16; while (length) { if (length < 4) { log_warnx(""cdp"", ""CDP/FDP TLV header is too large for "" ""frame received on %s"", hardware->h_ifname); goto malformed; } tlv_type = PEEK_UINT16; tlv_len = PEEK_UINT16 - 4; (void)PEEK_SAVE(tlv); if ((tlv_len < 0) || (length < tlv_len)) { log_warnx(""cdp"", ""incorrect size in CDP/FDP TLV header for frame "" ""received on %s"", hardware->h_ifname); goto malformed; } switch (tlv_type) { case CDP_TLV_CHASSIS: if ((chassis->c_name = (char *)calloc(1, tlv_len + 1)) == NULL) { log_warn(""cdp"", ""unable to allocate memory for chassis name""); goto malformed; } PEEK_BYTES(chassis->c_name, tlv_len); chassis->c_id_subtype = LLDP_CHASSISID_SUBTYPE_LOCAL; if ((chassis->c_id = (char *)malloc(tlv_len)) == NULL) { log_warn(""cdp"", ""unable to allocate memory for chassis ID""); goto malformed; } memcpy(chassis->c_id, chassis->c_name, tlv_len); chassis->c_id_len = tlv_len; break; case CDP_TLV_ADDRESSES: CHECK_TLV_SIZE(4, ""Address""); addresses_len = tlv_len - 4; for (nb = PEEK_UINT32; nb > 0; nb--) { (void)PEEK_SAVE(pos_address); if (addresses_len < 2) { log_warn(""cdp"", ""too short address subframe "" ""received on %s"", hardware->h_ifname); goto malformed; } PEEK_DISCARD_UINT8; addresses_len--; address_len = PEEK_UINT8; addresses_len--; if (addresses_len < address_len + 2) { log_warn(""cdp"", ""too short address subframe "" ""received on %s"", hardware->h_ifname); goto malformed; } PEEK_DISCARD(address_len); addresses_len -= address_len; address_len = PEEK_UINT16; addresses_len -= 2; if (addresses_len < address_len) { log_warn(""cdp"", ""too short address subframe "" ""received on %s"", hardware->h_ifname); goto malformed; } PEEK_DISCARD(address_len); (void)PEEK_SAVE(pos_next_address); PEEK_RESTORE(pos_address); if ((PEEK_UINT8 == 1) && (PEEK_UINT8 == 1) && (PEEK_UINT8 == CDP_ADDRESS_PROTO_IP) && (PEEK_UINT16 == sizeof(struct in_addr))) { PEEK_BYTES(&addr, sizeof(struct in_addr)); mgmt = lldpd_alloc_mgmt(LLDPD_AF_IPV4, &addr, sizeof(struct in_addr), 0); if (mgmt == NULL) { assert(errno == ENOMEM); log_warn(""cdp"", ""unable to allocate memory for management address""); goto malformed; } TAILQ_INSERT_TAIL(&chassis->c_mgmt, mgmt, m_entries); } PEEK_RESTORE(pos_next_address); } break; case CDP_TLV_PORT: if (tlv_len == 0) { log_warn(""cdp"", ""too short port description received""); goto malformed; } if ((port->p_descr = (char *)calloc(1, tlv_len + 1)) == NULL) { log_warn(""cdp"", ""unable to allocate memory for port description""); goto malformed; } PEEK_BYTES(port->p_descr, tlv_len); port->p_id_subtype = LLDP_PORTID_SUBTYPE_IFNAME; if ((port->p_id = (char *)calloc(1, tlv_len)) == NULL) { log_warn(""cdp"", ""unable to allocate memory for port ID""); goto malformed; } memcpy(port->p_id, port->p_descr, tlv_len); port->p_id_len = tlv_len; break; case CDP_TLV_CAPABILITIES: #ifdef ENABLE_FDP if (fdp) { if (!strncmp(""Router"", (char*)pos, tlv_len)) chassis->c_cap_enabled = LLDP_CAP_ROUTER; else if (!strncmp(""Switch"", (char*)pos, tlv_len)) chassis->c_cap_enabled = LLDP_CAP_BRIDGE; else if (!strncmp(""Bridge"", (char*)pos, tlv_len)) chassis->c_cap_enabled = LLDP_CAP_REPEATER; else chassis->c_cap_enabled = LLDP_CAP_STATION; chassis->c_cap_available = chassis->c_cap_enabled; break; } #endif CHECK_TLV_SIZE(4, ""Capabilities""); caps = PEEK_UINT32; if (caps & CDP_CAP_ROUTER) chassis->c_cap_enabled |= LLDP_CAP_ROUTER; if (caps & 0x0e) chassis->c_cap_enabled |= LLDP_CAP_BRIDGE; if (chassis->c_cap_enabled == 0) chassis->c_cap_enabled = LLDP_CAP_STATION; chassis->c_cap_available = chassis->c_cap_enabled; break; case CDP_TLV_SOFTWARE: software_len = tlv_len; (void)PEEK_SAVE(software); break; case CDP_TLV_PLATFORM: platform_len = tlv_len; (void)PEEK_SAVE(platform); break; #ifdef ENABLE_DOT1 case CDP_TLV_NATIVEVLAN: CHECK_TLV_SIZE(2, ""Native VLAN""); if ((vlan = (struct lldpd_vlan *)calloc(1, sizeof(struct lldpd_vlan))) == NULL) { log_warn(""cdp"", ""unable to alloc vlan "" ""structure for "" ""tlv received on %s"", hardware->h_ifname); goto malformed; } vlan->v_vid = port->p_pvid = PEEK_UINT16; if (asprintf(&vlan->v_name, ""VLAN #%d"", vlan->v_vid) == -1) { log_warn(""cdp"", ""unable to alloc VLAN name for "" ""TLV received on %s"", hardware->h_ifname); free(vlan); goto malformed; } TAILQ_INSERT_TAIL(&port->p_vlans, vlan, v_entries); break; #endif default: log_debug(""cdp"", ""unknown CDP/FDP TLV type (%d) received on %s"", ntohs(tlv_type), hardware->h_ifname); hardware->h_rx_unrecognized_cnt++; } PEEK_DISCARD(tlv + tlv_len - pos); } if (!software && platform) { if ((chassis->c_descr = (char *)calloc(1, platform_len + 1)) == NULL) { log_warn(""cdp"", ""unable to allocate memory for chassis description""); goto malformed; } memcpy(chassis->c_descr, platform, platform_len); } else if (software && !platform) { if ((chassis->c_descr = (char *)calloc(1, software_len + 1)) == NULL) { log_warn(""cdp"", ""unable to allocate memory for chassis description""); goto malformed; } memcpy(chassis->c_descr, software, software_len); } else if (software && platform) { #define CONCAT_PLATFORM "" running on\n"" if ((chassis->c_descr = (char *)calloc(1, software_len + platform_len + strlen(CONCAT_PLATFORM) + 1)) == NULL) { log_warn(""cdp"", ""unable to allocate memory for chassis description""); goto malformed; } memcpy(chassis->c_descr, platform, platform_len); memcpy(chassis->c_descr + platform_len, CONCAT_PLATFORM, strlen(CONCAT_PLATFORM)); memcpy(chassis->c_descr + platform_len + strlen(CONCAT_PLATFORM), software, software_len); } if ((chassis->c_id == NULL) || (port->p_id == NULL) || (chassis->c_name == NULL) || (chassis->c_descr == NULL) || (port->p_descr == NULL) || (chassis->c_ttl == 0) || (chassis->c_cap_enabled == 0)) { log_warnx(""cdp"", ""some mandatory CDP/FDP tlv are missing for frame received on %s"", hardware->h_ifname); goto malformed; } *newchassis = chassis; *newport = port; return 1; malformed: lldpd_chassis_cleanup(chassis, 1); lldpd_port_cleanup(port, 1); free(port); return -1; }",visit repo url,src/daemon/protocols/cdp.c,https://github.com/vincentbernat/lldpd,227918713040466,1 6419,['CWE-190'],"read_merged_image_block (PSDimage *img_a, FILE *f, GError **error) { img_a->merged_image_start = ftell(f); if (fseek (f, 0, SEEK_END) < 0) { psd_set_error (feof (f), errno, error); return -1; } img_a->merged_image_len = ftell(f) - img_a->merged_image_start; IFDBG(1) g_debug (""Merged image data block: Start: %d, len: %d"", img_a->merged_image_start, img_a->merged_image_len); return 0; }",gimp,,,257332632841555863138676937724883207890,0 5706,CWE-416,"void luaD_call (lua_State *L, StkId func, int nresults) { lua_CFunction f; retry: switch (ttypetag(s2v(func))) { case LUA_VCCL: f = clCvalue(s2v(func))->f; goto Cfunc; case LUA_VLCF: f = fvalue(s2v(func)); Cfunc: { int n; CallInfo *ci = next_ci(L); checkstackp(L, LUA_MINSTACK, func); ci->nresults = nresults; ci->callstatus = CIST_C; ci->top = L->top + LUA_MINSTACK; ci->func = func; L->ci = ci; lua_assert(ci->top <= L->stack_last); if (L->hookmask & LUA_MASKCALL) { int narg = cast_int(L->top - func) - 1; luaD_hook(L, LUA_HOOKCALL, -1, 1, narg); } lua_unlock(L); n = (*f)(L); lua_lock(L); api_checknelems(L, n); luaD_poscall(L, ci, n); break; } case LUA_VLCL: { CallInfo *ci = next_ci(L); Proto *p = clLvalue(s2v(func))->p; int narg = cast_int(L->top - func) - 1; int nfixparams = p->numparams; int fsize = p->maxstacksize; checkstackp(L, fsize, func); ci->nresults = nresults; ci->u.l.savedpc = p->code; ci->callstatus = 0; ci->top = func + 1 + fsize; ci->func = func; L->ci = ci; for (; narg < nfixparams; narg++) setnilvalue(s2v(L->top++)); lua_assert(ci->top <= L->stack_last); luaV_execute(L, ci); break; } default: { checkstackp(L, 1, func); luaD_tryfuncTM(L, func); goto retry; } } }",visit repo url,ldo.c,https://github.com/lua/lua,128617765926143,1 6526,CWE-125,"MOBI_RET mobi_find_attrvalue(MOBIResult *result, const unsigned char *data_start, const unsigned char *data_end, const MOBIFiletype type, const char *needle) { if (!result) { debug_print(""Result structure is null%s"", ""\n""); return MOBI_PARAM_ERR; } result->start = result->end = NULL; *(result->value) = '\0'; if (!data_start || !data_end) { debug_print(""Data is null%s"", ""\n""); return MOBI_PARAM_ERR; } size_t needle_length = strlen(needle); if (needle_length > MOBI_ATTRNAME_MAXSIZE) { debug_print(""Attribute too long: %zu\n"", needle_length); return MOBI_PARAM_ERR; } if (data_start + needle_length > data_end) { return MOBI_SUCCESS; } unsigned char *data = (unsigned char *) data_start; unsigned char tag_open; unsigned char tag_close; if (type == T_CSS) { tag_open = '{'; tag_close = '}'; } else { tag_open = '<'; tag_close = '>'; } unsigned char last_border = tag_close; while (data <= data_end) { if (*data == tag_open || *data == tag_close) { last_border = *data; } if (data + needle_length <= data_end && memcmp(data, needle, needle_length) == 0) { if (last_border != tag_open) { data += needle_length; continue; } while (data >= data_start && !isspace(*data) && *data != tag_open && *data != '=' && *data != '(') { data--; } result->is_url = (*data == '('); result->start = ++data; int i = 0; while (data <= data_end && !isspace(*data) && *data != tag_close && *data != ')' && i < MOBI_ATTRVALUE_MAXSIZE) { result->value[i++] = (char) *data++; } if (*(data - 1) == '/' && *data == '>') { --data; --i; } result->end = data; result->value[i] = '\0'; return MOBI_SUCCESS; } data++; } return MOBI_SUCCESS; }",visit repo url,src/parse_rawml.c,https://github.com/bfabiszewski/libmobi,155008125335358,1 1332,CWE-119,"int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option) { unsigned char *opt = *option; unsigned char *tag; unsigned char opt_iter; unsigned char err_offset = 0; u8 opt_len; u8 tag_len; struct cipso_v4_doi *doi_def = NULL; u32 tag_iter; opt_len = opt[1]; if (opt_len < 8) { err_offset = 1; goto validate_return; } rcu_read_lock(); doi_def = cipso_v4_doi_search(get_unaligned_be32(&opt[2])); if (doi_def == NULL) { err_offset = 2; goto validate_return_locked; } opt_iter = CIPSO_V4_HDR_LEN; tag = opt + opt_iter; while (opt_iter < opt_len) { for (tag_iter = 0; doi_def->tags[tag_iter] != tag[0];) if (doi_def->tags[tag_iter] == CIPSO_V4_TAG_INVALID || ++tag_iter == CIPSO_V4_TAG_MAXCNT) { err_offset = opt_iter; goto validate_return_locked; } tag_len = tag[1]; if (tag_len > (opt_len - opt_iter)) { err_offset = opt_iter + 1; goto validate_return_locked; } switch (tag[0]) { case CIPSO_V4_TAG_RBITMAP: if (tag_len < CIPSO_V4_TAG_RBM_BLEN) { err_offset = opt_iter + 1; goto validate_return_locked; } if (cipso_v4_rbm_strictvalid) { if (cipso_v4_map_lvl_valid(doi_def, tag[3]) < 0) { err_offset = opt_iter + 3; goto validate_return_locked; } if (tag_len > CIPSO_V4_TAG_RBM_BLEN && cipso_v4_map_cat_rbm_valid(doi_def, &tag[4], tag_len - 4) < 0) { err_offset = opt_iter + 4; goto validate_return_locked; } } break; case CIPSO_V4_TAG_ENUM: if (tag_len < CIPSO_V4_TAG_ENUM_BLEN) { err_offset = opt_iter + 1; goto validate_return_locked; } if (cipso_v4_map_lvl_valid(doi_def, tag[3]) < 0) { err_offset = opt_iter + 3; goto validate_return_locked; } if (tag_len > CIPSO_V4_TAG_ENUM_BLEN && cipso_v4_map_cat_enum_valid(doi_def, &tag[4], tag_len - 4) < 0) { err_offset = opt_iter + 4; goto validate_return_locked; } break; case CIPSO_V4_TAG_RANGE: if (tag_len < CIPSO_V4_TAG_RNG_BLEN) { err_offset = opt_iter + 1; goto validate_return_locked; } if (cipso_v4_map_lvl_valid(doi_def, tag[3]) < 0) { err_offset = opt_iter + 3; goto validate_return_locked; } if (tag_len > CIPSO_V4_TAG_RNG_BLEN && cipso_v4_map_cat_rng_valid(doi_def, &tag[4], tag_len - 4) < 0) { err_offset = opt_iter + 4; goto validate_return_locked; } break; case CIPSO_V4_TAG_LOCAL: if (!(skb->dev->flags & IFF_LOOPBACK)) { err_offset = opt_iter; goto validate_return_locked; } if (tag_len != CIPSO_V4_TAG_LOC_BLEN) { err_offset = opt_iter + 1; goto validate_return_locked; } break; default: err_offset = opt_iter; goto validate_return_locked; } tag += tag_len; opt_iter += tag_len; } validate_return_locked: rcu_read_unlock(); validate_return: *option = opt + err_offset; return err_offset; }",visit repo url,net/ipv4/cipso_ipv4.c,https://github.com/torvalds/linux,191162366963989,1 6552,['CWE-200'],"status_icon_popup_menu_cb (GtkStatusIcon *icon, guint button, guint32 activate_time, NMApplet *applet) { applet_clear_notify (applet); nma_context_menu_update (applet); gtk_menu_popup (GTK_MENU (applet->context_menu), NULL, NULL, gtk_status_icon_position_menu, icon, button, activate_time); }",network-manager-applet,,,14225146311833010078965888864825758020,0 3022,['CWE-189'],"static int jp2_ftyp_getdata(jp2_box_t *box, jas_stream_t *in) { jp2_ftyp_t *ftyp = &box->data.ftyp; unsigned int i; if (jp2_getuint32(in, &ftyp->majver) || jp2_getuint32(in, &ftyp->minver)) { return -1; } ftyp->numcompatcodes = (box->datalen - 8) / 4; if (ftyp->numcompatcodes > JP2_FTYP_MAXCOMPATCODES) { return -1; } for (i = 0; i < ftyp->numcompatcodes; ++i) { if (jp2_getuint32(in, &ftyp->compatcodes[i])) { return -1; } } return 0; }",jasper,,,321346036816154436138437188983671701956,0 959,['CWE-189'],"fbShmPutImage(dst, pGC, depth, format, w, h, sx, sy, sw, sh, dx, dy, data) DrawablePtr dst; GCPtr pGC; int depth, w, h, sx, sy, sw, sh, dx, dy; unsigned int format; char *data; { if ((format == ZPixmap) || (depth == 1)) { PixmapPtr pPixmap; pPixmap = GetScratchPixmapHeader(dst->pScreen, w, h, depth, BitsPerPixel(depth), PixmapBytePad(w, depth), (pointer)data); if (!pPixmap) return; if (format == XYBitmap) (void)(*pGC->ops->CopyPlane)((DrawablePtr)pPixmap, dst, pGC, sx, sy, sw, sh, dx, dy, 1L); else (void)(*pGC->ops->CopyArea)((DrawablePtr)pPixmap, dst, pGC, sx, sy, sw, sh, dx, dy); FreeScratchPixmapHeader(pPixmap); } else miShmPutImage(dst, pGC, depth, format, w, h, sx, sy, sw, sh, dx, dy, data); }",xserver,,,261386987017359138828478956645592421787,0 5364,CWE-787,"int pdf_is_pdf(FILE *fp) { int is_pdf; char *header; header = get_header(fp); if (header && strstr(header, ""%PDF-"")) is_pdf = 1; else is_pdf = 0; free(header); return is_pdf; }",visit repo url,pdf.c,https://github.com/enferex/pdfresurrect,159869229632519,1 3153,CWE-362,"create_watching_parent (void) { pid_t child; sigset_t ourset; struct sigaction oldact[3]; int status = 0; int retval; retval = pam_open_session (pamh, 0); if (is_pam_failure(retval)) { cleanup_pam (retval); errx (EXIT_FAILURE, _(""cannot open session: %s""), pam_strerror (pamh, retval)); } else _pam_session_opened = 1; memset(oldact, 0, sizeof(oldact)); child = fork (); if (child == (pid_t) -1) { cleanup_pam (PAM_ABORT); err (EXIT_FAILURE, _(""cannot create child process"")); } if (child == 0) return; if (chdir (""/"") != 0) warn (_(""cannot change directory to %s""), ""/""); sigfillset (&ourset); if (sigprocmask (SIG_BLOCK, &ourset, NULL)) { warn (_(""cannot block signals"")); caught_signal = true; } if (!caught_signal) { struct sigaction action; action.sa_handler = su_catch_sig; sigemptyset (&action.sa_mask); action.sa_flags = 0; sigemptyset (&ourset); if (!same_session) { if (sigaddset(&ourset, SIGINT) || sigaddset(&ourset, SIGQUIT)) { warn (_(""cannot set signal handler"")); caught_signal = true; } } if (!caught_signal && (sigaddset(&ourset, SIGTERM) || sigaddset(&ourset, SIGALRM) || sigaction(SIGTERM, &action, &oldact[0]) || sigprocmask(SIG_UNBLOCK, &ourset, NULL))) { warn (_(""cannot set signal handler"")); caught_signal = true; } if (!caught_signal && !same_session && (sigaction(SIGINT, &action, &oldact[1]) || sigaction(SIGQUIT, &action, &oldact[2]))) { warn (_(""cannot set signal handler"")); caught_signal = true; } } if (!caught_signal) { pid_t pid; for (;;) { pid = waitpid (child, &status, WUNTRACED); if (pid != (pid_t)-1 && WIFSTOPPED (status)) { kill (getpid (), SIGSTOP); kill (pid, SIGCONT); } else break; } if (pid != (pid_t)-1) { if (WIFSIGNALED (status)) { fprintf (stderr, ""%s%s\n"", strsignal (WTERMSIG (status)), WCOREDUMP (status) ? _("" (core dumped)"") : """"); status = WTERMSIG (status) + 128; } else status = WEXITSTATUS (status); } else if (caught_signal) status = caught_signal + 128; else status = 1; } else status = 1; if (caught_signal) { fprintf (stderr, _(""\nSession terminated, killing shell..."")); kill (child, SIGTERM); } cleanup_pam (PAM_SUCCESS); if (caught_signal) { sleep (2); kill (child, SIGKILL); fprintf (stderr, _("" ...killed.\n"")); switch (caught_signal) { case SIGTERM: sigaction(SIGTERM, &oldact[0], NULL); break; case SIGINT: sigaction(SIGINT, &oldact[1], NULL); break; case SIGQUIT: sigaction(SIGQUIT, &oldact[2], NULL); break; default: caught_signal = SIGKILL; break; } kill(getpid(), caught_signal); } exit (status); }",visit repo url,login-utils/su-common.c,https://github.com/karelzak/util-linux,20979387155366,1 5022,[],"void winbind_msg_online(int msg_type, struct process_id src, void *buf, size_t len, void *private_data) { struct winbindd_child *child; struct winbindd_domain *domain; DEBUG(10,(""winbind_msg_online: got online message.\n"")); if (!lp_winbind_offline_logon()) { DEBUG(10,(""winbind_msg_online: rejecting online message.\n"")); return; } set_global_winbindd_state_online(); smb_nscd_flush_user_cache(); smb_nscd_flush_group_cache(); for (domain = domain_list(); domain; domain = domain->next) { if (domain->internal) { continue; } DEBUG(5,(""winbind_msg_online: requesting %s to go online.\n"", domain->name)); winbindd_flush_negative_conn_cache(domain); set_domain_online_request(domain); if ( domain->primary ) { struct winbindd_child *idmap = idmap_child(); if ( idmap->pid != 0 ) { message_send_pid(pid_to_procid(idmap->pid), MSG_WINBIND_ONLINE, domain->name, strlen(domain->name)+1, False); } } } for (child = children; child != NULL; child = child->next) { if (!child->domain || (child == idmap_child())) { continue; } if (child->domain->internal) { continue; } DEBUG(10,(""winbind_msg_online: sending message to pid %u for domain %s.\n"", (unsigned int)child->pid, child->domain->name )); message_send_pid(pid_to_procid(child->pid), MSG_WINBIND_ONLINE, child->domain->name, strlen(child->domain->name)+1, False); } }",samba,,,125692364754080509026812825498296531740,0 1009,CWE-119,"static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end, void *obuf, size_t olen) { struct ceph_x_encrypt_header head; size_t head_len = sizeof(head); int len, ret; len = ceph_decode_32(p); if (*p + len > end) return -EINVAL; dout(""ceph_x_decrypt len %d\n"", len); ret = ceph_decrypt2(secret, &head, &head_len, obuf, &olen, *p, len); if (ret) return ret; if (head.struct_v != 1 || le64_to_cpu(head.magic) != CEPHX_ENC_MAGIC) return -EPERM; *p += len; return olen; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,236481976604243,1 2803,CWE-401,"BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16* rect) { const RECTANGLE_16* srcExtents; RECTANGLE_16* dstExtents; const RECTANGLE_16* currentBand, *endSrcRect, *nextBand; REGION16_DATA* newItems = NULL; RECTANGLE_16* dstRect = NULL; UINT32 usedRects, srcNbRects; UINT16 topInterBand; assert(src); assert(src->data); assert(dst); srcExtents = region16_extents(src); dstExtents = region16_extents_noconst(dst); if (!region16_n_rects(src)) { dst->extents = *rect; dst->data = allocateRegion(1); if (!dst->data) return FALSE; dstRect = region16_rects_noconst(dst); dstRect->top = rect->top; dstRect->left = rect->left; dstRect->right = rect->right; dstRect->bottom = rect->bottom; return TRUE; } newItems = allocateRegion((1 + region16_n_rects(src)) * 4); if (!newItems) return FALSE; dstRect = (RECTANGLE_16*)(&newItems[1]); usedRects = 0; if (rect->top < srcExtents->top) { dstRect->top = rect->top; dstRect->left = rect->left; dstRect->right = rect->right; dstRect->bottom = MIN(srcExtents->top, rect->bottom); usedRects++; dstRect++; } currentBand = region16_rects(src, &srcNbRects); endSrcRect = currentBand + srcNbRects; while (currentBand < endSrcRect) { if ((currentBand->bottom <= rect->top) || (rect->bottom <= currentBand->top) || rectangle_contained_in_band(currentBand, endSrcRect, rect)) { region16_copy_band_with_union(dstRect, currentBand, endSrcRect, currentBand->top, currentBand->bottom, NULL, &usedRects, &nextBand, &dstRect); topInterBand = rect->top; } else { UINT16 mergeTop = currentBand->top; UINT16 mergeBottom = currentBand->bottom; if (rect->top > currentBand->top) { region16_copy_band_with_union(dstRect, currentBand, endSrcRect, currentBand->top, rect->top, NULL, &usedRects, &nextBand, &dstRect); mergeTop = rect->top; } if (rect->bottom < currentBand->bottom) mergeBottom = rect->bottom; region16_copy_band_with_union(dstRect, currentBand, endSrcRect, mergeTop, mergeBottom, rect, &usedRects, &nextBand, &dstRect); if (rect->bottom < currentBand->bottom) { region16_copy_band_with_union(dstRect, currentBand, endSrcRect, mergeBottom, currentBand->bottom, NULL, &usedRects, &nextBand, &dstRect); } topInterBand = currentBand->bottom; } if ((nextBand < endSrcRect) && (nextBand->top != currentBand->bottom) && (rect->bottom > currentBand->bottom) && (rect->top < nextBand->top)) { dstRect->right = rect->right; dstRect->left = rect->left; dstRect->top = topInterBand; dstRect->bottom = MIN(nextBand->top, rect->bottom); dstRect++; usedRects++; } currentBand = nextBand; } if (srcExtents->bottom < rect->bottom) { dstRect->top = MAX(srcExtents->bottom, rect->top); dstRect->left = rect->left; dstRect->right = rect->right; dstRect->bottom = rect->bottom; usedRects++; dstRect++; } if ((src == dst) && (src->data->size > 0) && (src->data != &empty_region)) free(src->data); dstExtents->top = MIN(rect->top, srcExtents->top); dstExtents->left = MIN(rect->left, srcExtents->left); dstExtents->bottom = MAX(rect->bottom, srcExtents->bottom); dstExtents->right = MAX(rect->right, srcExtents->right); newItems->size = sizeof(REGION16_DATA) + (usedRects * sizeof(RECTANGLE_16)); dst->data = realloc(newItems, newItems->size); if (!dst->data) { free(newItems); return FALSE; } dst->data->nbRects = usedRects; return region16_simplify_bands(dst); }",visit repo url,libfreerdp/codec/region.c,https://github.com/FreeRDP/FreeRDP,228680514954552,1 6036,CWE-203,"ldbm_back_bind(Slapi_PBlock *pb) { backend *be; ldbm_instance *inst; ber_tag_t method; struct berval *cred; struct ldbminfo *li; struct backentry *e; Slapi_Attr *attr; Slapi_Value **bvals; entry_address *addr; back_txn txn = {NULL}; int rc = SLAPI_BIND_SUCCESS; int result_sent = 0; slapi_pblock_get(pb, SLAPI_BACKEND, &be); slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &li); slapi_pblock_get(pb, SLAPI_TARGET_ADDRESS, &addr); slapi_pblock_get(pb, SLAPI_BIND_METHOD, &method); slapi_pblock_get(pb, SLAPI_BIND_CREDENTIALS, &cred); slapi_pblock_get(pb, SLAPI_TXN, &txn.back_txn_txn); if (!txn.back_txn_txn) { dblayer_txn_init(li, &txn); slapi_pblock_set(pb, SLAPI_TXN, txn.back_txn_txn); } inst = (ldbm_instance *)be->be_instance_info; if (inst->inst_ref_count) { slapi_counter_increment(inst->inst_ref_count); } else { slapi_log_err(SLAPI_LOG_ERR, ""ldbm_back_bind"", ""instance %s does not exist.\n"", inst->inst_name); return (SLAPI_BIND_FAIL); } if (method == LDAP_AUTH_SIMPLE && cred->bv_len == 0) { rc = SLAPI_BIND_ANONYMOUS; goto bail; } if ((e = find_entry(pb, be, addr, &txn, &result_sent)) == NULL) { rc = SLAPI_BIND_FAIL; if (!result_sent) { slapi_send_ldap_result(pb, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, 0, NULL); } goto bail; } switch (method) { case LDAP_AUTH_SIMPLE: { Slapi_Value cv; if (slapi_entry_attr_find(e->ep_entry, ""userpassword"", &attr) != 0) { slapi_send_ldap_result(pb, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, 0, NULL); CACHE_RETURN(&inst->inst_cache, &e); rc = SLAPI_BIND_FAIL; goto bail; } bvals = attr_get_present_values(attr); slapi_value_init_berval(&cv, cred); if (slapi_pw_find_sv(bvals, &cv) != 0) { slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, ""Invalid credentials""); slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL); CACHE_RETURN(&inst->inst_cache, &e); value_done(&cv); rc = SLAPI_BIND_FAIL; goto bail; } value_done(&cv); } break; default: slapi_send_ldap_result(pb, LDAP_STRONG_AUTH_NOT_SUPPORTED, NULL, ""auth method not supported"", 0, NULL); CACHE_RETURN(&inst->inst_cache, &e); rc = SLAPI_BIND_FAIL; goto bail; } CACHE_RETURN(&inst->inst_cache, &e); bail: if (inst->inst_ref_count) { slapi_counter_decrement(inst->inst_ref_count); } return rc; }",visit repo url,ldap/servers/slapd/back-ldbm/ldbm_bind.c,https://github.com/389ds/389-ds-base,225574573663125,1 2243,CWE-787,"static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data) { struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; u16 scid, flags, result; struct sock *sk; scid = __le16_to_cpu(rsp->scid); flags = __le16_to_cpu(rsp->flags); result = __le16_to_cpu(rsp->result); BT_DBG(""scid 0x%4.4x flags 0x%2.2x result 0x%2.2x"", scid, flags, result); sk = l2cap_get_chan_by_scid(&conn->chan_list, scid); if (!sk) return 0; switch (result) { case L2CAP_CONF_SUCCESS: break; case L2CAP_CONF_UNACCEPT: if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) { char req[128]; l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req); goto done; } default: sk->sk_state = BT_DISCONN; sk->sk_err = ECONNRESET; l2cap_sock_set_timer(sk, HZ * 5); { struct l2cap_disconn_req req; req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid); req.scid = cpu_to_le16(l2cap_pi(sk)->scid); l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_DISCONN_REQ, sizeof(req), &req); } goto done; } if (flags & 0x01) goto done; l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE; if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) { sk->sk_state = BT_CONNECTED; l2cap_chan_ready(sk); } done: bh_unlock_sock(sk); return 0; }",visit repo url,net/bluetooth/l2cap.c,https://github.com/torvalds/linux,6613559815460,1 3122,['CWE-189'],"void jas_cmprof_destroy(jas_cmprof_t *prof) { int i; for (i = 0; i < JAS_CMPROF_NUMPXFORMSEQS; ++i) { if (prof->pxformseqs[i]) { jas_cmpxformseq_destroy(prof->pxformseqs[i]); prof->pxformseqs[i] = 0; } } if (prof->iccprof) jas_iccprof_destroy(prof->iccprof); jas_free(prof); }",jasper,,,302926350770213647748856855264001852436,0 4687,['CWE-399'],"static inline void ext4_lock_group(struct super_block *sb, ext4_group_t group) { struct ext4_group_info *grinfo = ext4_get_group_info(sb, group); bit_spin_lock(EXT4_GROUP_INFO_LOCKED_BIT, &(grinfo->bb_state));",linux-2.6,,,157326862868139967506058705420172073556,0 5089,CWE-190,"_Unpickler_ResizeMemoList(UnpicklerObject *self, Py_ssize_t new_size) { Py_ssize_t i; assert(new_size > self->memo_size); PyObject **memo_new = self->memo; PyMem_RESIZE(memo_new, PyObject *, new_size); if (memo_new == NULL) { PyErr_NoMemory(); return -1; } self->memo = memo_new; for (i = self->memo_size; i < new_size; i++) self->memo[i] = NULL; self->memo_size = new_size; return 0; }",visit repo url,Modules/_pickle.c,https://github.com/python/cpython,182877622715857,1 3475,['CWE-20'],"sctp_disposition_t sctp_sf_ignore_primitive( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { SCTP_DEBUG_PRINTK(""Primitive type %d is ignored.\n"", type.primitive); return SCTP_DISPOSITION_DISCARD; }",linux-2.6,,,26206293896036323317226275018857618727,0 4055,CWE-125,"static void process_constructors (RBinFile *bf, RList *ret, int bits) { RList *secs = sections (bf); RListIter *iter; RBinSection *sec; int i, type; r_list_foreach (secs, iter, sec) { type = -1; if (!strcmp (sec->name, "".fini_array"")) { type = R_BIN_ENTRY_TYPE_FINI; } else if (!strcmp (sec->name, "".init_array"")) { type = R_BIN_ENTRY_TYPE_INIT; } else if (!strcmp (sec->name, "".preinit_array"")) { type = R_BIN_ENTRY_TYPE_PREINIT; } if (type != -1) { ut8 *buf = calloc (sec->size, 1); if (!buf) { continue; } (void)r_buf_read_at (bf->buf, sec->paddr, buf, sec->size); if (bits == 32) { for (i = 0; i < sec->size; i += 4) { ut32 addr32 = r_read_le32 (buf + i); if (addr32) { RBinAddr *ba = newEntry (sec->paddr + i, (ut64)addr32, type, bits); r_list_append (ret, ba); } } } else { for (i = 0; i < sec->size; i += 8) { ut64 addr64 = r_read_le64 (buf + i); if (addr64) { RBinAddr *ba = newEntry (sec->paddr + i, addr64, type, bits); r_list_append (ret, ba); } } } free (buf); } } r_list_free (secs); }",visit repo url,libr/bin/p/bin_elf.c,https://github.com/radare/radare2,267779353660264,1 4122,['CWE-399'],"static inline struct hlist_head *bsg_dev_idx_hash(int index) { return &bsg_device_list[index & (BSG_LIST_ARRAY_SIZE - 1)]; }",linux-2.6,,,254436800292154948240210707040949188491,0 4914,CWE-200,"keepalived_main(int argc, char **argv) { bool report_stopped = true; struct utsname uname_buf; char *end; set_time_now(); save_cmd_line_options(argc, argv); debug = 0; #ifndef _DEBUG_ prog_type = PROG_TYPE_PARENT; #endif #ifdef _WITH_VRRP_ __set_bit(DAEMON_VRRP, &daemon_mode); #endif #ifdef _WITH_LVS_ __set_bit(DAEMON_CHECKERS, &daemon_mode); #endif #ifdef _WITH_BFD_ __set_bit(DAEMON_BFD, &daemon_mode); #endif openlog(PACKAGE_NAME, LOG_PID, log_facility); #ifdef _MEM_CHECK_ mem_log_init(PACKAGE_NAME, ""Parent process""); #endif if (uname(&uname_buf)) log_message(LOG_INFO, ""Unable to get uname() information - error %d"", errno); else { os_major = (unsigned)strtoul(uname_buf.release, &end, 10); if (*end != '.') os_major = 0; else { os_minor = (unsigned)strtoul(end + 1, &end, 10); if (*end != '.') os_major = 0; else { if (!isdigit(end[1])) os_major = 0; else os_release = (unsigned)strtoul(end + 1, &end, 10); } } if (!os_major) log_message(LOG_INFO, ""Unable to parse kernel version %s"", uname_buf.release); if (!config_id) { end = strchrnul(uname_buf.nodename, '.'); config_id = MALLOC((size_t)(end - uname_buf.nodename) + 1); strncpy(config_id, uname_buf.nodename, (size_t)(end - uname_buf.nodename)); config_id[end - uname_buf.nodename] = '\0'; } } if (parse_cmdline(argc, argv)) { closelog(); if (!__test_bit(NO_SYSLOG_BIT, &debug)) openlog(PACKAGE_NAME, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0) , log_facility); } if (__test_bit(LOG_CONSOLE_BIT, &debug)) enable_console_log(); #ifdef GIT_COMMIT log_message(LOG_INFO, ""Starting %s, git commit %s"", version_string, GIT_COMMIT); #else log_message(LOG_INFO, ""Starting %s"", version_string); #endif core_dump_init(); if (os_major) { if (KERNEL_VERSION(os_major, os_minor, os_release) < LINUX_VERSION_CODE) { log_message(LOG_INFO, ""WARNING - keepalived was build for newer Linux %d.%d.%d, running on %s %s %s"", (LINUX_VERSION_CODE >> 16) & 0xff, (LINUX_VERSION_CODE >> 8) & 0xff, (LINUX_VERSION_CODE ) & 0xff, uname_buf.sysname, uname_buf.release, uname_buf.version); } else { log_message(LOG_INFO, ""Running on %s %s %s (built for Linux %d.%d.%d)"", uname_buf.sysname, uname_buf.release, uname_buf.version, (LINUX_VERSION_CODE >> 16) & 0xff, (LINUX_VERSION_CODE >> 8) & 0xff, (LINUX_VERSION_CODE ) & 0xff); } } #ifndef _DEBUG_ log_command_line(0); #endif if (!check_conf_file(conf_file)) { if (__test_bit(CONFIG_TEST_BIT, &debug)) config_test_exit(); goto end; } global_data = alloc_global_data(); read_config_file(); init_global_data(global_data, NULL); #if HAVE_DECL_CLONE_NEWNET if (override_namespace) { if (global_data->network_namespace) { log_message(LOG_INFO, ""Overriding config net_namespace '%s' with command line namespace '%s'"", global_data->network_namespace, override_namespace); FREE(global_data->network_namespace); } global_data->network_namespace = override_namespace; override_namespace = NULL; } #endif if (!__test_bit(CONFIG_TEST_BIT, &debug) && (global_data->instance_name #if HAVE_DECL_CLONE_NEWNET || global_data->network_namespace #endif )) { if ((syslog_ident = make_syslog_ident(PACKAGE_NAME))) { log_message(LOG_INFO, ""Changing syslog ident to %s"", syslog_ident); closelog(); openlog(syslog_ident, LOG_PID | ((__test_bit(LOG_CONSOLE_BIT, &debug)) ? LOG_CONS : 0), log_facility); } else log_message(LOG_INFO, ""Unable to change syslog ident""); use_pid_dir = true; open_log_file(log_file_name, NULL, #if HAVE_DECL_CLONE_NEWNET global_data->network_namespace, #else NULL, #endif global_data->instance_name); } set_child_finder_name(find_keepalived_child_name); if (!__test_bit(CONFIG_TEST_BIT, &debug)) { if (use_pid_dir) { create_pid_dir(); } } #if HAVE_DECL_CLONE_NEWNET if (global_data->network_namespace) { if (global_data->network_namespace && !set_namespaces(global_data->network_namespace)) { log_message(LOG_ERR, ""Unable to set network namespace %s - exiting"", global_data->network_namespace); goto end; } } #endif if (!__test_bit(CONFIG_TEST_BIT, &debug)) { if (global_data->instance_name) { if (!main_pidfile && (main_pidfile = make_pidfile_name(KEEPALIVED_PID_DIR KEEPALIVED_PID_FILE, global_data->instance_name, PID_EXTENSION))) free_main_pidfile = true; #ifdef _WITH_LVS_ if (!checkers_pidfile && (checkers_pidfile = make_pidfile_name(KEEPALIVED_PID_DIR CHECKERS_PID_FILE, global_data->instance_name, PID_EXTENSION))) free_checkers_pidfile = true; #endif #ifdef _WITH_VRRP_ if (!vrrp_pidfile && (vrrp_pidfile = make_pidfile_name(KEEPALIVED_PID_DIR VRRP_PID_FILE, global_data->instance_name, PID_EXTENSION))) free_vrrp_pidfile = true; #endif #ifdef _WITH_BFD_ if (!bfd_pidfile && (bfd_pidfile = make_pidfile_name(KEEPALIVED_PID_DIR VRRP_PID_FILE, global_data->instance_name, PID_EXTENSION))) free_bfd_pidfile = true; #endif } if (use_pid_dir) { if (!main_pidfile) main_pidfile = KEEPALIVED_PID_DIR KEEPALIVED_PID_FILE PID_EXTENSION; #ifdef _WITH_LVS_ if (!checkers_pidfile) checkers_pidfile = KEEPALIVED_PID_DIR CHECKERS_PID_FILE PID_EXTENSION; #endif #ifdef _WITH_VRRP_ if (!vrrp_pidfile) vrrp_pidfile = KEEPALIVED_PID_DIR VRRP_PID_FILE PID_EXTENSION; #endif #ifdef _WITH_BFD_ if (!bfd_pidfile) bfd_pidfile = KEEPALIVED_PID_DIR BFD_PID_FILE PID_EXTENSION; #endif } else { if (!main_pidfile) main_pidfile = PID_DIR KEEPALIVED_PID_FILE PID_EXTENSION; #ifdef _WITH_LVS_ if (!checkers_pidfile) checkers_pidfile = PID_DIR CHECKERS_PID_FILE PID_EXTENSION; #endif #ifdef _WITH_VRRP_ if (!vrrp_pidfile) vrrp_pidfile = PID_DIR VRRP_PID_FILE PID_EXTENSION; #endif #ifdef _WITH_BFD_ if (!bfd_pidfile) bfd_pidfile = PID_DIR BFD_PID_FILE PID_EXTENSION; #endif } if (keepalived_running(daemon_mode)) { log_message(LOG_INFO, ""daemon is already running""); report_stopped = false; goto end; } } if (!__test_bit(DONT_FORK_BIT, &debug) && xdaemon(false, false, true) > 0) { closelog(); FREE_PTR(config_id); FREE_PTR(orig_core_dump_pattern); close_std_fd(); exit(0); } umask(0); #ifdef _MEM_CHECK_ enable_mem_log_termination(); #endif if (__test_bit(CONFIG_TEST_BIT, &debug)) { validate_config(); config_test_exit(); } if (!pidfile_write(main_pidfile, getpid())) goto end; master = thread_make_master(); signal_init(); if (!start_keepalived()) log_message(LOG_INFO, ""Warning - keepalived has no configuration to run""); initialise_debug_options(); #ifdef THREAD_DUMP register_parent_thread_addresses(); #endif launch_thread_scheduler(master); stop_keepalived(); #ifdef THREAD_DUMP deregister_thread_addresses(); #endif end: if (report_stopped) { #ifdef GIT_COMMIT log_message(LOG_INFO, ""Stopped %s, git commit %s"", version_string, GIT_COMMIT); #else log_message(LOG_INFO, ""Stopped %s"", version_string); #endif } #if HAVE_DECL_CLONE_NEWNET if (global_data && global_data->network_namespace) clear_namespaces(); #endif if (use_pid_dir) remove_pid_dir(); if (orig_core_dump_pattern) update_core_dump_pattern(orig_core_dump_pattern); free_parent_mallocs_startup(false); free_parent_mallocs_exit(); free_global_data(global_data); closelog(); #ifndef _MEM_CHECK_LOG_ FREE_PTR(syslog_ident); #else if (syslog_ident) free(syslog_ident); #endif close_std_fd(); exit(KEEPALIVED_EXIT_OK); }",visit repo url,keepalived/core/main.c,https://github.com/acassen/keepalived,184522842095130,1 1445,[],"__load_balance_fair(struct rq *this_rq, int this_cpu, struct rq *busiest, unsigned long max_load_move, struct sched_domain *sd, enum cpu_idle_type idle, int *all_pinned, int *this_best_prio, struct cfs_rq *cfs_rq) { struct rq_iterator cfs_rq_iterator; cfs_rq_iterator.start = load_balance_start_fair; cfs_rq_iterator.next = load_balance_next_fair; cfs_rq_iterator.arg = cfs_rq; return balance_tasks(this_rq, this_cpu, busiest, max_load_move, sd, idle, all_pinned, this_best_prio, &cfs_rq_iterator); }",linux-2.6,,,182122530451965481466256184136657874113,0 6160,CWE-190,"void ep2_mul_sim_joint(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, const bn_t m) { bn_t n, _k, _m; ep2_t t[5]; int i, l, u_i, offset; int8_t jsf[2 * (RLC_FP_BITS + 1)]; if (bn_is_zero(k) || ep2_is_infty(p)) { ep2_mul(r, q, m); return; } if (bn_is_zero(m) || ep2_is_infty(q)) { ep2_mul(r, p, k); return; } bn_null(n); bn_null(_k); bn_null(_m); RLC_TRY { bn_new(n); bn_new(_k); bn_new(_m); for (i = 0; i < 5; i++) { ep2_null(t[i]); ep2_new(t[i]); } ep2_curve_get_ord(n); bn_mod(_k, k, n); bn_mod(_m, m, n); ep2_set_infty(t[0]); ep2_copy(t[1], q); if (bn_sign(_m) == RLC_NEG) { ep2_neg(t[1], t[1]); } ep2_copy(t[2], p); if (bn_sign(_k) == RLC_NEG) { ep2_neg(t[2], t[2]); } ep2_add(t[3], t[2], t[1]); ep2_sub(t[4], t[2], t[1]); #if defined(EP_MIXED) ep2_norm_sim(t + 3, t + 3, 2); #endif l = 2 * (RLC_FP_BITS + 1); bn_rec_jsf(jsf, &l, _k, _m); ep2_set_infty(r); offset = RLC_MAX(bn_bits(_k), bn_bits(_m)) + 1; for (i = l - 1; i >= 0; i--) { ep2_dbl(r, r); if (jsf[i] != 0 && jsf[i] == -jsf[i + offset]) { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { ep2_sub(r, r, t[4]); } else { ep2_add(r, r, t[4]); } } else { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { ep2_sub(r, r, t[-u_i]); } else { ep2_add(r, r, t[u_i]); } } } ep2_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(_k); bn_free(_m); for (i = 0; i < 5; i++) { ep2_free(t[i]); } } }",visit repo url,src/epx/relic_ep2_mul_sim.c,https://github.com/relic-toolkit/relic,32626673054057,1 3596,CWE-125,"static int jpc_pi_nextrlcp(register jpc_pi_t *pi) { jpc_pchg_t *pchg; int *prclyrno; pchg = pi->pchg; if (!pi->prgvolfirst) { assert(pi->prcno < pi->pirlvl->numprcs); prclyrno = &pi->pirlvl->prclyrnos[pi->prcno]; goto skip; } else { pi->prgvolfirst = 0; } for (pi->rlvlno = pchg->rlvlnostart; pi->rlvlno < pi->maxrlvls && pi->rlvlno < pchg->rlvlnoend; ++pi->rlvlno) { for (pi->lyrno = 0; pi->lyrno < pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { for (pi->compno = pchg->compnostart, pi->picomp = &pi->picomps[pi->compno]; pi->compno < pi->numcomps && pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno, ++pi->picomp) { if (pi->rlvlno >= pi->picomp->numrlvls) { continue; } pi->pirlvl = &pi->picomp->pirlvls[pi->rlvlno]; for (pi->prcno = 0, prclyrno = pi->pirlvl->prclyrnos; pi->prcno < pi->pirlvl->numprcs; ++pi->prcno, ++prclyrno) { if (pi->lyrno >= *prclyrno) { *prclyrno = pi->lyrno; ++(*prclyrno); return 0; } skip: ; } } } } return 1; }",visit repo url,src/libjasper/jpc/jpc_t2cod.c,https://github.com/mdadams/jasper,108693885682375,1 2514,CWE-59,"archive_write_disk_set_acls(struct archive *a, int fd, const char *name, struct archive_acl *abstract_acl, __LA_MODE_T mode) { int ret = ARCHIVE_OK; (void)mode; if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) { if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) { ret = set_acl(a, fd, name, abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ""access""); if (ret != ARCHIVE_OK) return (ret); } if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0) ret = set_acl(a, fd, name, abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ""default""); return (ret); } #if ARCHIVE_ACL_FREEBSD_NFS4 else if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) { ret = set_acl(a, fd, name, abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4, ""nfs4""); } #endif return (ret); }",visit repo url,libarchive/archive_disk_acl_freebsd.c,https://github.com/libarchive/libarchive,264813472246650,1 1001,['CWE-94'],"static int pipe_to_sendpage(struct pipe_inode_info *pipe, struct pipe_buffer *buf, struct splice_desc *sd) { struct file *file = sd->u.file; loff_t pos = sd->pos; int ret, more; ret = buf->ops->confirm(pipe, buf); if (!ret) { more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len; ret = file->f_op->sendpage(file, buf->page, buf->offset, sd->len, &pos, more); } return ret; }",linux-2.6,,,266624522231128267292206289817771900022,0 5651,['CWE-476'],"static void udp4_format_sock(struct sock *sp, char *tmpbuf, int bucket) { struct inet_sock *inet = inet_sk(sp); __be32 dest = inet->daddr; __be32 src = inet->rcv_saddr; __u16 destp = ntohs(inet->dport); __u16 srcp = ntohs(inet->sport); sprintf(tmpbuf, ""%4d: %08X:%04X %08X:%04X"" "" %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p"", bucket, src, srcp, dest, destp, sp->sk_state, atomic_read(&sp->sk_wmem_alloc), atomic_read(&sp->sk_rmem_alloc), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp); }",linux-2.6,,,87007250721981239514482400596635008048,0 5022,CWE-125,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 223,[],"static struct atalk_route *atrtr_find(struct atalk_addr *target) { struct atalk_route *net_route = NULL; struct atalk_route *r; read_lock_bh(&atalk_routes_lock); for (r = atalk_routes; r; r = r->next) { if (!(r->flags & RTF_UP)) continue; if (r->target.s_net == target->s_net) { if (r->flags & RTF_HOST) { if (r->target.s_node == target->s_node) goto out; } else net_route = r; } } if (net_route) r = net_route; else if (atrtr_default.dev) r = &atrtr_default; else r = NULL; out: read_unlock_bh(&atalk_routes_lock); return r; }",history,,,154159160609892152037212746737969035155,0 2113,CWE-416,"static int usb_audio_probe(struct usb_interface *intf, const struct usb_device_id *usb_id) { struct usb_device *dev = interface_to_usbdev(intf); const struct snd_usb_audio_quirk *quirk = (const struct snd_usb_audio_quirk *)usb_id->driver_info; struct snd_usb_audio *chip; int i, err; struct usb_host_interface *alts; int ifnum; u32 id; alts = &intf->altsetting[0]; ifnum = get_iface_desc(alts)->bInterfaceNumber; id = USB_ID(le16_to_cpu(dev->descriptor.idVendor), le16_to_cpu(dev->descriptor.idProduct)); if (get_alias_id(dev, &id)) quirk = get_alias_quirk(dev, id); if (quirk && quirk->ifnum >= 0 && ifnum != quirk->ifnum) return -ENXIO; err = snd_usb_apply_boot_quirk(dev, intf, quirk, id); if (err < 0) return err; chip = NULL; mutex_lock(®ister_mutex); for (i = 0; i < SNDRV_CARDS; i++) { if (usb_chip[i] && usb_chip[i]->dev == dev) { if (atomic_read(&usb_chip[i]->shutdown)) { dev_err(&dev->dev, ""USB device is in the shutdown state, cannot create a card instance\n""); err = -EIO; goto __error; } chip = usb_chip[i]; atomic_inc(&chip->active); break; } } if (! chip) { for (i = 0; i < SNDRV_CARDS; i++) if (!usb_chip[i] && (vid[i] == -1 || vid[i] == USB_ID_VENDOR(id)) && (pid[i] == -1 || pid[i] == USB_ID_PRODUCT(id))) { if (enable[i]) { err = snd_usb_audio_create(intf, dev, i, quirk, id, &chip); if (err < 0) goto __error; chip->pm_intf = intf; break; } else if (vid[i] != -1 || pid[i] != -1) { dev_info(&dev->dev, ""device (%04x:%04x) is disabled\n"", USB_ID_VENDOR(id), USB_ID_PRODUCT(id)); err = -ENOENT; goto __error; } } if (!chip) { dev_err(&dev->dev, ""no available usb audio device\n""); err = -ENODEV; goto __error; } } dev_set_drvdata(&dev->dev, chip); if (!chip->ctrl_intf) chip->ctrl_intf = alts; chip->txfr_quirk = 0; err = 1; if (quirk && quirk->ifnum != QUIRK_NO_INTERFACE) { err = snd_usb_create_quirk(chip, intf, &usb_audio_driver, quirk); if (err < 0) goto __error; } if (err > 0) { err = snd_usb_create_streams(chip, ifnum); if (err < 0) goto __error; err = snd_usb_create_mixer(chip, ifnum, ignore_ctl_error); if (err < 0) goto __error; } err = snd_card_register(chip->card); if (err < 0) goto __error; usb_chip[chip->index] = chip; chip->num_interfaces++; usb_set_intfdata(intf, chip); atomic_dec(&chip->active); mutex_unlock(®ister_mutex); return 0; __error: if (chip) { if (!chip->num_interfaces) snd_card_free(chip->card); atomic_dec(&chip->active); } mutex_unlock(®ister_mutex); return err; }",visit repo url,sound/usb/card.c,https://github.com/torvalds/linux,56534270606731,1 6383,['CWE-200'],"void tcf_exts_destroy(struct tcf_proto *tp, struct tcf_exts *exts) { #ifdef CONFIG_NET_CLS_ACT if (exts->action) { tcf_action_destroy(exts->action, TCA_ACT_UNBIND); exts->action = NULL; } #endif }",linux-2.6,,,60100052432922563479749097487003952104,0 4612,['CWE-399'],"static handle_t *start_transaction(struct inode *inode) { handle_t *result; result = ext4_journal_start(inode, blocks_for_truncate(inode)); if (!IS_ERR(result)) return result; ext4_std_error(inode->i_sb, PTR_ERR(result)); return result; }",linux-2.6,,,308690411923480861539597048925621905833,0 6730,CWE-835,"_pdfioTokenRead(_pdfio_token_t *tb, char *buffer, size_t bufsize) { int ch, parens = 0; char *bufptr, *bufend, state = '\0'; bool saw_nul = false; bufptr = buffer; bufend = buffer + bufsize - 1; while ((ch = get_char(tb)) != EOF) { if (ch == '%') { while ((ch = get_char(tb)) != EOF) { if (ch == '\n' || ch == '\r') break; } } else if (!isspace(ch)) break; } if (ch == EOF) return (false); if (strchr(PDFIO_DELIM_CHARS, ch) != NULL) { *bufptr++ = state = (char)ch; } else if (strchr(PDFIO_NUMBER_CHARS, ch) != NULL) { state = 'N'; *bufptr++ = (char)ch; } else { state = 'K'; *bufptr++ = (char)ch; } switch (state) { case '(' : while ((ch = get_char(tb)) != EOF) { if (ch == 0) saw_nul = true; if (ch == '\\') { int i; switch (ch = get_char(tb)) { case '0' : case '1' : case '2' : case '3' : case '4' : case '5' : case '6' : case '7' : for (ch -= '0', i = 0; i < 2; i ++) { int tch = get_char(tb); if (tch >= '0' && tch <= '7') { ch = (char)((ch << 3) | (tch - '0')); } else { tb->bufptr --; break; } } break; case '\\' : case '(' : case ')' : break; case 'n' : ch = '\n'; break; case 'r' : ch = '\r'; break; case 't' : ch = '\t'; break; case 'b' : ch = '\b'; break; case 'f' : ch = '\f'; break; default : break; } } else if (ch == '(') { parens ++; } else if (ch == ')') { if (parens == 0) break; parens --; } if (bufptr < bufend) { *bufptr++ = (char)ch; } else { _pdfioFileError(tb->pdf, ""Token too large.""); return (false); } } if (ch != ')') { _pdfioFileError(tb->pdf, ""Unterminated string literal.""); return (false); } if (saw_nul) { char *litptr, *hexptr; size_t bytes = (size_t)(bufptr - buffer - 1); static const char *hexchars = ""0123456789ABCDEF""; PDFIO_DEBUG(""_pdfioTokenRead: Converting nul-containing string to binary.\n""); if ((2 * (bytes + 1)) > bufsize) { _pdfioFileError(tb->pdf, ""Token too large.""); return (false); } *buffer = '<'; for (litptr = bufptr - 1, hexptr = buffer + 2 * bytes - 1; litptr > buffer; litptr --, hexptr -= 2) { int litch = *litptr; hexptr[0] = hexchars[(litch >> 4) & 15]; hexptr[1] = hexchars[litch & 15]; } bufptr = buffer + 2 * bytes + 1; } break; case 'K' : while ((ch = get_char(tb)) != EOF && !isspace(ch)) { if (strchr(PDFIO_DELIM_CHARS, ch) != NULL) { tb->bufptr --; break; } else if (bufptr < bufend) { *bufptr++ = (char)ch; } else { _pdfioFileError(tb->pdf, ""Token too large.""); return (false); } } break; case 'N' : while ((ch = get_char(tb)) != EOF && !isspace(ch)) { if (!isdigit(ch) && ch != '.') { tb->bufptr --; break; } else if (bufptr < bufend) { *bufptr++ = (char)ch; } else { _pdfioFileError(tb->pdf, ""Token too large.""); return (false); } } break; case '/' : while ((ch = get_char(tb)) != EOF && !isspace(ch)) { if (strchr(PDFIO_DELIM_CHARS, ch) != NULL) { tb->bufptr --; break; } else if (ch == '#') { int i; for (i = 0, ch = 0; i < 2; i ++) { int tch = get_char(tb); if (!isxdigit(tch & 255)) { _pdfioFileError(tb->pdf, ""Bad # escape in name.""); return (false); } else if (isdigit(tch)) ch = ((ch & 255) << 4) | (tch - '0'); else ch = ((ch & 255) << 4) | (tolower(tch) - 'a' + 10); } } if (bufptr < bufend) { *bufptr++ = (char)ch; } else { _pdfioFileError(tb->pdf, ""Token too large.""); return (false); } } break; case '<' : if ((ch = get_char(tb)) == '<') { *bufptr++ = (char)ch; break; } else if (!isspace(ch & 255) && !isxdigit(ch & 255)) { _pdfioFileError(tb->pdf, ""Syntax error: '<%c'"", ch); return (false); } do { if (isxdigit(ch)) { if (bufptr < bufend) { *bufptr++ = (char)ch; } else { _pdfioFileError(tb->pdf, ""Token too large.""); return (false); } } else if (!isspace(ch)) { _pdfioFileError(tb->pdf, ""Invalid hex string character '%c'."", ch); return (false); } } while ((ch = get_char(tb)) != EOF && ch != '>'); if (ch == EOF) { _pdfioFileError(tb->pdf, ""Unterminated hex string.""); return (false); } break; case '>' : if ((ch = get_char(tb)) == '>') { *bufptr++ = '>'; } else { _pdfioFileError(tb->pdf, ""Syntax error: '>%c'."", ch); return (false); } break; } *bufptr = '\0'; PDFIO_DEBUG(""_pdfioTokenRead: Read '%s'.\n"", buffer); return (bufptr > buffer); }",visit repo url,pdfio-token.c,https://github.com/michaelrsweet/pdfio,235218237870306,1 2962,['CWE-189'],"void jpc_qmfb_join_col(jpc_fix_t *a, int numrows, int stride, int parity) { int bufsize = JPC_CEILDIVPOW2(numrows, 1); jpc_fix_t joinbuf[QMFB_JOINBUFSIZE]; jpc_fix_t *buf = joinbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; register int n; int hstartcol; if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { abort(); } } hstartcol = (numrows + 1 - parity) >> 1; n = hstartcol; srcptr = &a[0]; dstptr = buf; while (n-- > 0) { *dstptr = *srcptr; srcptr += stride; ++dstptr; } srcptr = &a[hstartcol * stride]; dstptr = &a[(1 - parity) * stride]; n = numrows - hstartcol; while (n-- > 0) { *dstptr = *srcptr; dstptr += 2 * stride; srcptr += stride; } srcptr = buf; dstptr = &a[parity * stride]; n = hstartcol; while (n-- > 0) { *dstptr = *srcptr; dstptr += 2 * stride; ++srcptr; } if (buf != joinbuf) { jas_free(buf); } }",jasper,,,78905884815348775337199088718519884651,0 5811,['CWE-200'],"static int atalk_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock *sk = sock->sk; struct atalk_sock *at = at_sk(sk); struct sockaddr_at *usat = (struct sockaddr_at *)msg->msg_name; int flags = msg->msg_flags; int loopback = 0; struct sockaddr_at local_satalk, gsat; struct sk_buff *skb; struct net_device *dev; struct ddpehdr *ddp; int size; struct atalk_route *rt; int err; if (flags & ~(MSG_DONTWAIT|MSG_CMSG_COMPAT)) return -EINVAL; if (len > DDP_MAXSZ) return -EMSGSIZE; if (usat) { if (sock_flag(sk, SOCK_ZAPPED)) if (atalk_autobind(sk) < 0) return -EBUSY; if (msg->msg_namelen < sizeof(*usat) || usat->sat_family != AF_APPLETALK) return -EINVAL; if (usat->sat_addr.s_node == ATADDR_BCAST && !sock_flag(sk, SOCK_BROADCAST)) { return -EPERM; } } else { if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; usat = &local_satalk; usat->sat_family = AF_APPLETALK; usat->sat_port = at->dest_port; usat->sat_addr.s_node = at->dest_node; usat->sat_addr.s_net = at->dest_net; } SOCK_DEBUG(sk, ""SK %p: Got address.\n"", sk); size = sizeof(struct ddpehdr) + len + ddp_dl->header_length; if (usat->sat_addr.s_net || usat->sat_addr.s_node == ATADDR_ANYNODE) { rt = atrtr_find(&usat->sat_addr); } else { struct atalk_addr at_hint; at_hint.s_node = 0; at_hint.s_net = at->src_net; rt = atrtr_find(&at_hint); } if (!rt) return -ENETUNREACH; dev = rt->dev; SOCK_DEBUG(sk, ""SK %p: Size needed %d, device %s\n"", sk, size, dev->name); size += dev->hard_header_len; skb = sock_alloc_send_skb(sk, size, (flags & MSG_DONTWAIT), &err); if (!skb) return err; skb->sk = sk; skb_reserve(skb, ddp_dl->header_length); skb_reserve(skb, dev->hard_header_len); skb->dev = dev; SOCK_DEBUG(sk, ""SK %p: Begin build.\n"", sk); ddp = (struct ddpehdr *)skb_put(skb, sizeof(struct ddpehdr)); ddp->deh_len_hops = htons(len + sizeof(*ddp)); ddp->deh_dnet = usat->sat_addr.s_net; ddp->deh_snet = at->src_net; ddp->deh_dnode = usat->sat_addr.s_node; ddp->deh_snode = at->src_node; ddp->deh_dport = usat->sat_port; ddp->deh_sport = at->src_port; SOCK_DEBUG(sk, ""SK %p: Copy user data (%Zd bytes).\n"", sk, len); err = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len); if (err) { kfree_skb(skb); return -EFAULT; } if (sk->sk_no_check == 1) ddp->deh_sum = 0; else ddp->deh_sum = atalk_checksum(skb, len + sizeof(*ddp)); if (ddp->deh_dnode == ATADDR_BCAST && !(rt->flags & RTF_GATEWAY) && !(dev->flags & IFF_LOOPBACK)) { struct sk_buff *skb2 = skb_copy(skb, GFP_KERNEL); if (skb2) { loopback = 1; SOCK_DEBUG(sk, ""SK %p: send out(copy).\n"", sk); if (aarp_send_ddp(dev, skb2, &usat->sat_addr, NULL) == -1) kfree_skb(skb2); } } if (dev->flags & IFF_LOOPBACK || loopback) { SOCK_DEBUG(sk, ""SK %p: Loop back.\n"", sk); skb_orphan(skb); if (ddp->deh_dnode == ATADDR_BCAST) { struct atalk_addr at_lo; at_lo.s_node = 0; at_lo.s_net = 0; rt = atrtr_find(&at_lo); if (!rt) { kfree_skb(skb); return -ENETUNREACH; } dev = rt->dev; skb->dev = dev; } ddp_dl->request(ddp_dl, skb, dev->dev_addr); } else { SOCK_DEBUG(sk, ""SK %p: send out.\n"", sk); if (rt->flags & RTF_GATEWAY) { gsat.sat_addr = rt->gateway; usat = &gsat; } if (aarp_send_ddp(dev, skb, &usat->sat_addr, NULL) == -1) kfree_skb(skb); } SOCK_DEBUG(sk, ""SK %p: Done write (%Zd).\n"", sk, len); return len; }",linux-2.6,,,297328340264536858390610412713012627056,0 1849,CWE-416,"void rose_stop_idletimer(struct sock *sk) { del_timer(&rose_sk(sk)->idletimer); }",visit repo url,net/rose/rose_timer.c,https://github.com/torvalds/linux,122103637817492,1 3319,CWE-119,"header_put_be_short (SF_PRIVATE *psf, int x) { if (psf->headindex < SIGNED_SIZEOF (psf->header) - 2) { psf->header [psf->headindex++] = (x >> 8) ; psf->header [psf->headindex++] = x ; } ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,199994951936602,1 6427,['CWE-190'],"add_layers (const gint32 image_id, PSDimage *img_a, PSDlayer **lyr_a, FILE *f, GError **error) { PSDchannel **lyr_chn; guchar *pixels; guint16 alpha_chn; guint16 user_mask_chn; guint16 layer_channels; guint16 channel_idx[MAX_CHANNELS]; guint16 *rle_pack_len; gint32 l_x; gint32 l_y; gint32 l_w; gint32 l_h; gint32 lm_x; gint32 lm_y; gint32 lm_w; gint32 lm_h; gint32 layer_size; gint32 layer_id = -1; gint32 mask_id = -1; gint lidx; gint cidx; gint rowi; gint coli; gint i; gboolean alpha; gboolean user_mask; gboolean empty; gboolean empty_mask; GimpDrawable *drawable; GimpPixelRgn pixel_rgn; GimpImageType image_type; GimpLayerModeEffects layer_mode; IFDBG(2) g_debug (""Number of layers: %d"", img_a->num_layers); if (img_a->num_layers == 0) { IFDBG(2) g_debug (""No layers to process""); return 0; } if (fseek (f, img_a->layer_data_start, SEEK_SET) < 0) { psd_set_error (feof (f), errno, error); return -1; } for (lidx = 0; lidx < img_a->num_layers; ++lidx) { IFDBG(2) g_debug (""Process Layer No %d."", lidx); if (lyr_a[lidx]->drop) { IFDBG(2) g_debug (""Drop layer %d"", lidx); for (cidx = 0; cidx < lyr_a[lidx]->num_channels; ++cidx) { if (fseek (f, lyr_a[lidx]->chn_info[cidx].data_len, SEEK_CUR) < 0) { psd_set_error (feof (f), errno, error); return -1; } } g_free (lyr_a[lidx]->chn_info); g_free (lyr_a[lidx]->name); } else { if (lyr_a[lidx]->bottom - lyr_a[lidx]->top == 0 || lyr_a[lidx]->right - lyr_a[lidx]->left == 0) empty = TRUE; else empty = FALSE; if (lyr_a[lidx]->layer_mask.bottom - lyr_a[lidx]->layer_mask.top == 0 || lyr_a[lidx]->layer_mask.right - lyr_a[lidx]->layer_mask.left == 0) empty_mask = TRUE; else empty_mask = FALSE; IFDBG(3) g_debug (""Empty mask %d, size %d %d"", empty_mask, lyr_a[lidx]->layer_mask.bottom - lyr_a[lidx]->layer_mask.top, lyr_a[lidx]->layer_mask.right - lyr_a[lidx]->layer_mask.left); IFDBG(2) g_debug (""Number of channels: %d"", lyr_a[lidx]->num_channels); lyr_chn = g_new (PSDchannel *, lyr_a[lidx]->num_channels); for (cidx = 0; cidx < lyr_a[lidx]->num_channels; ++cidx) { guint16 comp_mode = PSD_COMP_RAW; lyr_chn[cidx] = g_malloc (sizeof (PSDchannel) ); lyr_chn[cidx]->id = lyr_a[lidx]->chn_info[cidx].channel_id; lyr_chn[cidx]->rows = lyr_a[lidx]->bottom - lyr_a[lidx]->top; lyr_chn[cidx]->columns = lyr_a[lidx]->right - lyr_a[lidx]->left; if (lyr_chn[cidx]->id == PSD_CHANNEL_MASK) { if (empty_mask && lyr_a[lidx]->chn_info[cidx].data_len - 2 > 0) { empty_mask = FALSE; if (lyr_a[lidx]->layer_mask.top == lyr_a[lidx]->layer_mask.bottom) { lyr_a[lidx]->layer_mask.top = lyr_a[lidx]->top; lyr_a[lidx]->layer_mask.bottom = lyr_a[lidx]->bottom; } if (lyr_a[lidx]->layer_mask.right == lyr_a[lidx]->layer_mask.left) { lyr_a[lidx]->layer_mask.right = lyr_a[lidx]->right; lyr_a[lidx]->layer_mask.left = lyr_a[lidx]->left; } } lyr_chn[cidx]->rows = (lyr_a[lidx]->layer_mask.bottom - lyr_a[lidx]->layer_mask.top); lyr_chn[cidx]->columns = (lyr_a[lidx]->layer_mask.right - lyr_a[lidx]->layer_mask.left); } IFDBG(3) g_debug (""Channel id %d, %dx%d"", lyr_chn[cidx]->id, lyr_chn[cidx]->columns, lyr_chn[cidx]->rows); if (lyr_a[lidx]->chn_info[cidx].data_len >= COMP_MODE_SIZE) { if (fread (&comp_mode, COMP_MODE_SIZE, 1, f) < 1) { psd_set_error (feof (f), errno, error); return -1; } comp_mode = GUINT16_FROM_BE (comp_mode); IFDBG(3) g_debug (""Compression mode: %d"", comp_mode); } if (lyr_a[lidx]->chn_info[cidx].data_len > COMP_MODE_SIZE) { switch (comp_mode) { case PSD_COMP_RAW: IFDBG(3) g_debug (""Raw data length: %d"", lyr_a[lidx]->chn_info[cidx].data_len - 2); if (read_channel_data (lyr_chn[cidx], img_a->bps, PSD_COMP_RAW, NULL, f, error) < 1) return -1; break; case PSD_COMP_RLE: IFDBG(3) g_debug (""RLE channel length %d, RLE length data: %d, "" ""RLE data block: %d"", lyr_a[lidx]->chn_info[cidx].data_len - 2, lyr_chn[cidx]->rows * 2, (lyr_a[lidx]->chn_info[cidx].data_len - 2 - lyr_chn[cidx]->rows * 2)); rle_pack_len = g_malloc (lyr_chn[cidx]->rows * 2); for (rowi = 0; rowi < lyr_chn[cidx]->rows; ++rowi) { if (fread (&rle_pack_len[rowi], 2, 1, f) < 1) { psd_set_error (feof (f), errno, error); return -1; } rle_pack_len[rowi] = GUINT16_FROM_BE (rle_pack_len[rowi]); } IFDBG(3) g_debug (""RLE decode - data""); if (read_channel_data (lyr_chn[cidx], img_a->bps, PSD_COMP_RLE, rle_pack_len, f, error) < 1) return -1; g_free (rle_pack_len); break; case PSD_COMP_ZIP: case PSD_COMP_ZIP_PRED: default: g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Unsupported compression mode: %d""), comp_mode); return -1; break; } } } g_free (lyr_a[lidx]->chn_info); alpha = FALSE; alpha_chn = -1; user_mask = FALSE; user_mask_chn = -1; layer_channels = 0; l_x = 0; l_y = 0; l_w = img_a->columns; l_h = img_a->rows; IFDBG(3) g_debug (""Re-hash channel indices""); for (cidx = 0; cidx < lyr_a[lidx]->num_channels; ++cidx) { if (lyr_chn[cidx]->id == PSD_CHANNEL_MASK) { user_mask = TRUE; user_mask_chn = cidx; } else if (lyr_chn[cidx]->id == PSD_CHANNEL_ALPHA) { alpha = TRUE; alpha_chn = cidx; } else { channel_idx[layer_channels] = cidx; layer_channels++; } } if (alpha) { channel_idx[layer_channels] = alpha_chn; layer_channels++; } if (empty) { IFDBG(2) g_debug (""Create blank layer""); image_type = get_gimp_image_type (img_a->base_type, TRUE); layer_id = gimp_layer_new (image_id, lyr_a[lidx]->name, img_a->columns, img_a->rows, image_type, 0, GIMP_NORMAL_MODE); g_free (lyr_a[lidx]->name); gimp_image_add_layer (image_id, layer_id, -1); drawable = gimp_drawable_get (layer_id); gimp_drawable_fill (drawable->drawable_id, GIMP_TRANSPARENT_FILL); gimp_drawable_set_visible (drawable->drawable_id, lyr_a[lidx]->layer_flags.visible); if (lyr_a[lidx]->id) gimp_drawable_set_tattoo (drawable->drawable_id, lyr_a[lidx]->id); if (lyr_a[lidx]->layer_flags.irrelevant) gimp_drawable_set_visible (drawable->drawable_id, FALSE); gimp_drawable_flush (drawable); gimp_drawable_detach (drawable); } else { l_x = lyr_a[lidx]->left; l_y = lyr_a[lidx]->top; l_w = lyr_a[lidx]->right - lyr_a[lidx]->left; l_h = lyr_a[lidx]->bottom - lyr_a[lidx]->top; IFDBG(3) g_debug (""Draw layer""); image_type = get_gimp_image_type (img_a->base_type, alpha); IFDBG(3) g_debug (""Layer type %d"", image_type); layer_size = l_w * l_h; pixels = g_malloc (layer_size * layer_channels); for (cidx = 0; cidx < layer_channels; ++cidx) { IFDBG(3) g_debug (""Start channel %d"", channel_idx[cidx]); for (i = 0; i < layer_size; ++i) pixels[(i * layer_channels) + cidx] = lyr_chn[channel_idx[cidx]]->data[i]; g_free (lyr_chn[channel_idx[cidx]]->data); } layer_mode = psd_to_gimp_blend_mode (lyr_a[lidx]->blend_mode); layer_id = gimp_layer_new (image_id, lyr_a[lidx]->name, l_w, l_h, image_type, lyr_a[lidx]->opacity * 100 / 255, layer_mode); IFDBG(3) g_debug (""Layer tattoo: %d"", layer_id); g_free (lyr_a[lidx]->name); gimp_image_add_layer (image_id, layer_id, -1); gimp_layer_set_offsets (layer_id, l_x, l_y); gimp_layer_set_lock_alpha (layer_id, lyr_a[lidx]->layer_flags.trans_prot); drawable = gimp_drawable_get (layer_id); gimp_pixel_rgn_init (&pixel_rgn, drawable, 0, 0, drawable->width, drawable->height, TRUE, FALSE); gimp_pixel_rgn_set_rect (&pixel_rgn, pixels, 0, 0, drawable->width, drawable->height); gimp_drawable_set_visible (drawable->drawable_id, lyr_a[lidx]->layer_flags.visible); if (lyr_a[lidx]->id) gimp_drawable_set_tattoo (drawable->drawable_id, lyr_a[lidx]->id); gimp_drawable_flush (drawable); gimp_drawable_detach (drawable); g_free (pixels); } if (user_mask) { if (empty_mask) { IFDBG(3) g_debug (""Create empty mask""); if (lyr_a[lidx]->layer_mask.def_color == 255) mask_id = gimp_layer_create_mask (layer_id, GIMP_ADD_WHITE_MASK); else mask_id = gimp_layer_create_mask (layer_id, GIMP_ADD_BLACK_MASK); gimp_layer_add_mask (layer_id, mask_id); gimp_layer_set_apply_mask (layer_id, ! lyr_a[lidx]->layer_mask.mask_flags.disabled); } else { if (lyr_a[lidx]->layer_mask.mask_flags.relative_pos) { lm_x = lyr_a[lidx]->layer_mask.left; lm_y = lyr_a[lidx]->layer_mask.top; lm_w = lyr_a[lidx]->layer_mask.right - lyr_a[lidx]->layer_mask.left; lm_h = lyr_a[lidx]->layer_mask.bottom - lyr_a[lidx]->layer_mask.top; } else { lm_x = lyr_a[lidx]->layer_mask.left - l_x; lm_y = lyr_a[lidx]->layer_mask.top - l_y; lm_w = lyr_a[lidx]->layer_mask.right - lyr_a[lidx]->layer_mask.left; lm_h = lyr_a[lidx]->layer_mask.bottom - lyr_a[lidx]->layer_mask.top; } IFDBG(3) g_debug (""Mask channel index %d"", user_mask_chn); IFDBG(3) g_debug (""Relative pos %d"", lyr_a[lidx]->layer_mask.mask_flags.relative_pos); layer_size = lm_w * lm_h; pixels = g_malloc (layer_size); IFDBG(3) g_debug (""Allocate Pixels %d"", layer_size); IFDBG(3) g_debug (""Original Mask %d %d %d %d"", lm_x, lm_y, lm_w, lm_h); if (lm_x < 0 || lm_y < 0 || lm_w + lm_x > l_w || lm_h + lm_y > l_h) { if (CONVERSION_WARNINGS) g_message (""Warning\n"" ""The layer mask is partly outside the "" ""layer boundary. The mask will be "" ""cropped which may result in data loss.""); i = 0; for (rowi = 0; rowi < lm_h; ++rowi) { if (rowi + lm_y >= 0 && rowi + lm_y < l_h) { for (coli = 0; coli < lm_w; ++coli) { if (coli + lm_x >= 0 && coli + lm_x < l_w) { pixels[i] = lyr_chn[user_mask_chn]->data[(rowi * lm_w) + coli]; i++; } } } } if (lm_x < 0) { lm_w += lm_x; lm_x = 0; } if (lm_y < 0) { lm_h += lm_y; lm_y = 0; } if (lm_w + lm_x > l_w) lm_w = l_w - lm_x; if (lm_h + lm_y > l_h) lm_h = l_h - lm_y; } else memcpy (pixels, lyr_chn[user_mask_chn]->data, layer_size); g_free (lyr_chn[user_mask_chn]->data); IFDBG(3) g_debug (""Layer %d %d %d %d"", l_x, l_y, l_w, l_h); IFDBG(3) g_debug (""Mask %d %d %d %d"", lm_x, lm_y, lm_w, lm_h); if (lyr_a[lidx]->layer_mask.def_color == 255) mask_id = gimp_layer_create_mask (layer_id, GIMP_ADD_WHITE_MASK); else mask_id = gimp_layer_create_mask (layer_id, GIMP_ADD_BLACK_MASK); IFDBG(3) g_debug (""New layer mask %d"", mask_id); gimp_layer_add_mask (layer_id, mask_id); drawable = gimp_drawable_get (mask_id); gimp_pixel_rgn_init (&pixel_rgn, drawable, 0 , 0, drawable->width, drawable->height, TRUE, FALSE); gimp_pixel_rgn_set_rect (&pixel_rgn, pixels, lm_x, lm_y, lm_w, lm_h); gimp_drawable_flush (drawable); gimp_drawable_detach (drawable); gimp_layer_set_apply_mask (layer_id, ! lyr_a[lidx]->layer_mask.mask_flags.disabled); g_free (pixels); } } for (cidx = 0; cidx < lyr_a[lidx]->num_channels; ++cidx) if (lyr_chn[cidx]) g_free (lyr_chn[cidx]); g_free (lyr_chn); } g_free (lyr_a[lidx]); } g_free (lyr_a); return 0; }",gimp,,,96850732402675009664545518957071351846,0 2069,[],"static int udplite_rcv(struct sk_buff *skb) { return __udp4_lib_rcv(skb, udplite_hash, IPPROTO_UDPLITE); }",linux-2.6,,,190502969041654710560076210573794920730,0 6204,['CWE-200'],"int neigh_delete(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { struct ndmsg *ndm = NLMSG_DATA(nlh); struct rtattr **nda = arg; struct neigh_table *tbl; struct net_device *dev = NULL; int err = -ENODEV; if (ndm->ndm_ifindex && (dev = dev_get_by_index(ndm->ndm_ifindex)) == NULL) goto out; read_lock(&neigh_tbl_lock); for (tbl = neigh_tables; tbl; tbl = tbl->next) { struct rtattr *dst_attr = nda[NDA_DST - 1]; struct neighbour *n; if (tbl->family != ndm->ndm_family) continue; read_unlock(&neigh_tbl_lock); err = -EINVAL; if (!dst_attr || RTA_PAYLOAD(dst_attr) < tbl->key_len) goto out_dev_put; if (ndm->ndm_flags & NTF_PROXY) { err = pneigh_delete(tbl, RTA_DATA(dst_attr), dev); goto out_dev_put; } if (!dev) goto out; n = neigh_lookup(tbl, RTA_DATA(dst_attr), dev); if (n) { err = neigh_update(n, NULL, NUD_FAILED, NEIGH_UPDATE_F_OVERRIDE| NEIGH_UPDATE_F_ADMIN); neigh_release(n); } goto out_dev_put; } read_unlock(&neigh_tbl_lock); err = -EADDRNOTAVAIL; out_dev_put: if (dev) dev_put(dev); out: return err; }",linux-2.6,,,143606348088584808814265062177218723056,0 6571,CWE-401,"destroyPresentationContextList(LST_HEAD ** l) { PRV_PRESENTATIONCONTEXTITEM * prvCtx; DUL_SUBITEM * subItem; if (*l == NULL) return; prvCtx = (PRV_PRESENTATIONCONTEXTITEM*)LST_Dequeue(l); while (prvCtx != NULL) { subItem = (DUL_SUBITEM*)LST_Dequeue(&prvCtx->transferSyntaxList); while (subItem != NULL) { free(subItem); subItem = (DUL_SUBITEM*)LST_Dequeue(&prvCtx->transferSyntaxList); } LST_Destroy(&prvCtx->transferSyntaxList); free(prvCtx); prvCtx = (PRV_PRESENTATIONCONTEXTITEM*)LST_Dequeue(l); } LST_Destroy(l); }",visit repo url,dcmnet/libsrc/dulfsm.cc,https://github.com/DCMTK/dcmtk,246343253915530,1 2015,CWE-362,"evtchn_port_t evtchn_from_irq(unsigned irq) { if (WARN(irq >= nr_irqs, ""Invalid irq %d!\n"", irq)) return 0; return info_for_irq(irq)->evtchn; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,114975906427438,1 5715,['CWE-200'],"static int llc_ui_wait_for_disc(struct sock *sk, long timeout) { DEFINE_WAIT(wait); int rc = 0; while (1) { prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); if (sk_wait_event(sk, &timeout, sk->sk_state == TCP_CLOSE)) break; rc = -ERESTARTSYS; if (signal_pending(current)) break; rc = -EAGAIN; if (!timeout) break; rc = 0; } finish_wait(sk->sk_sleep, &wait); return rc; }",linux-2.6,,,137499090841372142585669565384345396323,0 2959,['CWE-189'],"static jpc_dec_t *jpc_dec_create(jpc_dec_importopts_t *impopts, jas_stream_t *in) { jpc_dec_t *dec; if (!(dec = jas_malloc(sizeof(jpc_dec_t)))) { return 0; } dec->image = 0; dec->xstart = 0; dec->ystart = 0; dec->xend = 0; dec->yend = 0; dec->tilewidth = 0; dec->tileheight = 0; dec->tilexoff = 0; dec->tileyoff = 0; dec->numhtiles = 0; dec->numvtiles = 0; dec->numtiles = 0; dec->tiles = 0; dec->curtile = 0; dec->numcomps = 0; dec->in = in; dec->cp = 0; dec->maxlyrs = impopts->maxlyrs; dec->maxpkts = impopts->maxpkts; dec->numpkts = 0; dec->ppmseqno = 0; dec->state = 0; dec->cmpts = 0; dec->pkthdrstreams = 0; dec->ppmstab = 0; dec->curtileendoff = 0; return dec; }",jasper,,,116795649537938971517622525989799159869,0 656,[],"static int do_dccp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { struct dccp_sock *dp; int val, len; if (get_user(len, optlen)) return -EFAULT; if (len < (int)sizeof(int)) return -EINVAL; dp = dccp_sk(sk); switch (optname) { case DCCP_SOCKOPT_PACKET_SIZE: DCCP_WARN(""sockopt(PACKET_SIZE) is deprecated: fix your app\n""); return 0; case DCCP_SOCKOPT_SERVICE: return dccp_getsockopt_service(sk, len, (__be32 __user *)optval, optlen); case DCCP_SOCKOPT_SEND_CSCOV: val = dp->dccps_pcslen; len = sizeof(val); break; case DCCP_SOCKOPT_RECV_CSCOV: val = dp->dccps_pcrlen; len = sizeof(val); break; case 128 ... 191: return ccid_hc_rx_getsockopt(dp->dccps_hc_rx_ccid, sk, optname, len, (u32 __user *)optval, optlen); case 192 ... 255: return ccid_hc_tx_getsockopt(dp->dccps_hc_tx_ccid, sk, optname, len, (u32 __user *)optval, optlen); default: return -ENOPROTOOPT; } if (put_user(len, optlen) || copy_to_user(optval, &val, len)) return -EFAULT; return 0; }",linux-2.6,,,212310681485217187997683603191900956909,0 6413,['CWE-190'],"ReadBMP (const gchar *name, GError **error) { FILE *fd; guchar buffer[64]; gint ColormapSize, rowbytes, Maps; gboolean Grey = FALSE; guchar ColorMap[256][3]; gint32 image_ID; gchar magick[2]; Bitmap_Channel masks[4]; filename = name; fd = g_fopen (filename, ""rb""); if (!fd) { g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno), _(""Could not open '%s' for reading: %s""), gimp_filename_to_utf8 (filename), g_strerror (errno)); return -1; } gimp_progress_init_printf (_(""Opening '%s'""), gimp_filename_to_utf8 (name)); if (!ReadOK (fd, magick, 2) || !(!strncmp (magick, ""BA"", 2) || !strncmp (magick, ""BM"", 2) || !strncmp (magick, ""IC"", 2) || !strncmp (magick, ""PI"", 2) || !strncmp (magick, ""CI"", 2) || !strncmp (magick, ""CP"", 2))) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } while (!strncmp (magick, ""BA"", 2)) { if (!ReadOK (fd, buffer, 12)) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } if (!ReadOK (fd, magick, 2)) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } } if (!ReadOK (fd, buffer, 12)) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } Bitmap_File_Head.bfSize = ToL (&buffer[0x00]); Bitmap_File_Head.zzHotX = ToS (&buffer[0x04]); Bitmap_File_Head.zzHotY = ToS (&buffer[0x06]); Bitmap_File_Head.bfOffs = ToL (&buffer[0x08]); if (!ReadOK (fd, buffer, 4)) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } Bitmap_File_Head.biSize = ToL (&buffer[0x00]); if (Bitmap_File_Head.biSize == 12) { if (!ReadOK (fd, buffer, 8)) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Error reading BMP file header from '%s'""), gimp_filename_to_utf8 (filename)); return -1; } Bitmap_Head.biWidth = ToS (&buffer[0x00]); Bitmap_Head.biHeight = ToS (&buffer[0x02]); Bitmap_Head.biPlanes = ToS (&buffer[0x04]); Bitmap_Head.biBitCnt = ToS (&buffer[0x06]); Bitmap_Head.biCompr = 0; Bitmap_Head.biSizeIm = 0; Bitmap_Head.biXPels = Bitmap_Head.biYPels = 0; Bitmap_Head.biClrUsed = 0; Bitmap_Head.biClrImp = 0; Bitmap_Head.masks[0] = 0; Bitmap_Head.masks[1] = 0; Bitmap_Head.masks[2] = 0; Bitmap_Head.masks[3] = 0; memset(masks, 0, sizeof(masks)); Maps = 3; } else if (Bitmap_File_Head.biSize == 40) { if (!ReadOK (fd, buffer, 36)) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Error reading BMP file header from '%s'""), gimp_filename_to_utf8 (filename)); return -1; } Bitmap_Head.biWidth = ToL (&buffer[0x00]); Bitmap_Head.biHeight = ToL (&buffer[0x04]); Bitmap_Head.biPlanes = ToS (&buffer[0x08]); Bitmap_Head.biBitCnt = ToS (&buffer[0x0A]); Bitmap_Head.biCompr = ToL (&buffer[0x0C]); Bitmap_Head.biSizeIm = ToL (&buffer[0x10]); Bitmap_Head.biXPels = ToL (&buffer[0x14]); Bitmap_Head.biYPels = ToL (&buffer[0x18]); Bitmap_Head.biClrUsed = ToL (&buffer[0x1C]); Bitmap_Head.biClrImp = ToL (&buffer[0x20]); Bitmap_Head.masks[0] = 0; Bitmap_Head.masks[1] = 0; Bitmap_Head.masks[2] = 0; Bitmap_Head.masks[3] = 0; Maps = 4; memset(masks, 0, sizeof(masks)); if (Bitmap_Head.biCompr == BI_BITFIELDS) { if (!ReadOK (fd, buffer, 3 * sizeof (guint32))) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Error reading BMP file header from '%s'""), gimp_filename_to_utf8 (filename)); return -1; } Bitmap_Head.masks[0] = ToL(&buffer[0x00]); Bitmap_Head.masks[1] = ToL(&buffer[0x04]); Bitmap_Head.masks[2] = ToL(&buffer[0x08]); ReadChannelMasks (&Bitmap_Head.masks[0], masks, 3); } else switch (Bitmap_Head.biBitCnt) { case 32: masks[0].mask = 0x00ff0000; masks[0].shiftin = 16; masks[0].max_value= (gfloat)255.0; masks[1].mask = 0x0000ff00; masks[1].shiftin = 8; masks[1].max_value= (gfloat)255.0; masks[2].mask = 0x000000ff; masks[2].shiftin = 0; masks[2].max_value= (gfloat)255.0; masks[3].mask = 0xff000000; masks[3].shiftin = 24; masks[3].max_value= (gfloat)255.0; break; case 24: masks[0].mask = 0xff0000; masks[0].shiftin = 16; masks[0].max_value= (gfloat)255.0; masks[1].mask = 0x00ff00; masks[1].shiftin = 8; masks[1].max_value= (gfloat)255.0; masks[2].mask = 0x0000ff; masks[2].shiftin = 0; masks[2].max_value= (gfloat)255.0; masks[3].mask = 0x0; masks[3].shiftin = 0; masks[3].max_value= (gfloat)0.0; break; case 16: masks[0].mask = 0x7c00; masks[0].shiftin = 10; masks[0].max_value= (gfloat)31.0; masks[1].mask = 0x03e0; masks[1].shiftin = 5; masks[1].max_value= (gfloat)31.0; masks[2].mask = 0x001f; masks[2].shiftin = 0; masks[2].max_value= (gfloat)31.0; masks[3].mask = 0x0; masks[3].shiftin = 0; masks[3].max_value= (gfloat)0.0; break; default: break; } } else if (Bitmap_File_Head.biSize >= 56 && Bitmap_File_Head.biSize <= 64) { if (!ReadOK (fd, buffer, Bitmap_File_Head.biSize - 4)) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Error reading BMP file header from '%s'""), gimp_filename_to_utf8 (filename)); return -1; } Bitmap_Head.biWidth =ToL (&buffer[0x00]); Bitmap_Head.biHeight =ToL (&buffer[0x04]); Bitmap_Head.biPlanes =ToS (&buffer[0x08]); Bitmap_Head.biBitCnt =ToS (&buffer[0x0A]); Bitmap_Head.biCompr =ToL (&buffer[0x0C]); Bitmap_Head.biSizeIm =ToL (&buffer[0x10]); Bitmap_Head.biXPels =ToL (&buffer[0x14]); Bitmap_Head.biYPels =ToL (&buffer[0x18]); Bitmap_Head.biClrUsed =ToL (&buffer[0x1C]); Bitmap_Head.biClrImp =ToL (&buffer[0x20]); Bitmap_Head.masks[0] =ToL (&buffer[0x24]); Bitmap_Head.masks[1] =ToL (&buffer[0x28]); Bitmap_Head.masks[2] =ToL (&buffer[0x2C]); Bitmap_Head.masks[3] =ToL (&buffer[0x30]); Maps = 4; ReadChannelMasks (&Bitmap_Head.masks[0], masks, 4); } else { GdkPixbuf* pixbuf = gdk_pixbuf_new_from_file(filename, NULL); if (pixbuf) { gint32 layer_ID; image_ID = gimp_image_new (gdk_pixbuf_get_width (pixbuf), gdk_pixbuf_get_height (pixbuf), GIMP_RGB); layer_ID = gimp_layer_new_from_pixbuf (image_ID, _(""Background""), pixbuf, 100., GIMP_NORMAL_MODE, 0, 0); g_object_unref (pixbuf); gimp_image_set_filename (image_ID, filename); gimp_image_add_layer (image_ID, layer_ID, -1); return image_ID; } else { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Error reading BMP file header from '%s'""), gimp_filename_to_utf8 (filename)); return -1; } } ColormapSize = (Bitmap_File_Head.bfOffs - Bitmap_File_Head.biSize - 14) / Maps; if ((Bitmap_Head.biClrUsed == 0) && (Bitmap_Head.biBitCnt <= 8)) ColormapSize = Bitmap_Head.biClrUsed = 1 << Bitmap_Head.biBitCnt; if (ColormapSize > 256) ColormapSize = 256; if (Bitmap_Head.biHeight == 0 || Bitmap_Head.biWidth == 0) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } if (Bitmap_Head.biWidth < 0 || ABS (Bitmap_Head.biHeight) < 0) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } if (Bitmap_Head.biPlanes != 1) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } if (Bitmap_Head.biClrUsed > 256) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } if (((guint64) Bitmap_Head.biWidth) * Bitmap_Head.biBitCnt > G_MAXINT32 || ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) > G_MAXINT32 || ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) * 4 > G_MAXINT32) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""'%s' is not a valid BMP file""), gimp_filename_to_utf8 (filename)); return -1; } rowbytes= ((Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4; #ifdef DEBUG printf (""\nSize: %u, Colors: %u, Bits: %u, Width: %u, Height: %u, "" ""Comp: %u, Zeile: %u\n"", Bitmap_File_Head.bfSize, Bitmap_Head.biClrUsed, Bitmap_Head.biBitCnt, Bitmap_Head.biWidth, Bitmap_Head.biHeight, Bitmap_Head.biCompr, rowbytes); #endif if (Bitmap_Head.biBitCnt <= 8) { #ifdef DEBUG printf (""Colormap read\n""); #endif if (!ReadColorMap (fd, ColorMap, ColormapSize, Maps, &Grey)) return -1; } fseek (fd, Bitmap_File_Head.bfOffs, SEEK_SET); image_ID = ReadImage (fd, Bitmap_Head.biWidth, ABS (Bitmap_Head.biHeight), ColorMap, Bitmap_Head.biClrUsed, Bitmap_Head.biBitCnt, Bitmap_Head.biCompr, rowbytes, Grey, masks, error); if (image_ID < 0) return -1; if (Bitmap_Head.biXPels > 0 && Bitmap_Head.biYPels > 0) { gdouble xresolution; gdouble yresolution; xresolution = Bitmap_Head.biXPels * 0.0254; yresolution = Bitmap_Head.biYPels * 0.0254; gimp_image_set_resolution (image_ID, xresolution, yresolution); } if (Bitmap_Head.biHeight < 0) gimp_image_flip (image_ID, GIMP_ORIENTATION_VERTICAL); return image_ID; }",gimp,,,320935073184034616873773498692651518607,0 1248,[],"m4_maketemp (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 2, 2)) return; if (no_gnu_extensions) { const char *str = ARG (1); int len = strlen (str); int i; int len2; M4ERROR ((warning_status, 0, ""recommend using mkstemp instead"")); for (i = len; i > 1; i--) if (str[i - 1] != 'X') break; obstack_grow (obs, str, i); str = ntoa ((int32_t) getpid (), 10); len2 = strlen (str); if (len2 > len - i) obstack_grow0 (obs, str + len2 - (len - i), len - i); else { while (i++ < len - len2) obstack_1grow (obs, '0'); obstack_grow0 (obs, str, len2); } } else mkstemp_helper (obs, ARG (0), ARG (1), strlen (ARG (1))); }",m4,,,303805726858685500285036691743332842860,0 3907,CWE-416,"movemark(int count) { pos_T *pos; xfmark_T *jmp; cleanup_jumplist(curwin, TRUE); if (curwin->w_jumplistlen == 0) return (pos_T *)NULL; for (;;) { if (curwin->w_jumplistidx + count < 0 || curwin->w_jumplistidx + count >= curwin->w_jumplistlen) return (pos_T *)NULL; if (curwin->w_jumplistidx == curwin->w_jumplistlen) { setpcmark(); --curwin->w_jumplistidx; if (curwin->w_jumplistidx + count < 0) return (pos_T *)NULL; } curwin->w_jumplistidx += count; jmp = curwin->w_jumplist + curwin->w_jumplistidx; if (jmp->fmark.fnum == 0) fname2fnum(jmp); if (jmp->fmark.fnum != curbuf->b_fnum) { if (buflist_findnr(jmp->fmark.fnum) == NULL) { count += count < 0 ? -1 : 1; continue; } if (buflist_getfile(jmp->fmark.fnum, jmp->fmark.mark.lnum, 0, FALSE) == FAIL) return (pos_T *)NULL; curwin->w_cursor = jmp->fmark.mark; pos = (pos_T *)-1; } else pos = &(jmp->fmark.mark); return pos; } }",visit repo url,src/mark.c,https://github.com/vim/vim,123012494546176,1 1511,[]," __releases(rq->lock) { spin_unlock_irqrestore(&rq->lock, *flags); }",linux-2.6,,,288995786479885597910355703523846676401,0 5726,CWE-191,"static const char *findvararg (CallInfo *ci, int n, StkId *pos) { if (clLvalue(s2v(ci->func))->p->is_vararg) { int nextra = ci->u.l.nextraargs; if (n <= nextra) { *pos = ci->func - nextra + (n - 1); return ""(vararg)""; } } return NULL; }",visit repo url,ldebug.c,https://github.com/lua/lua,177228947954067,1 338,['CWE-20'],"static void syscall_trace(struct pt_regs *regs) { #if 0 printk(""trace %s rip %lx rsp %lx rax %d origrax %d caller %lx tiflags %x ptrace %x\n"", current->comm, regs->rip, regs->rsp, regs->rax, regs->orig_rax, __builtin_return_address(0), current_thread_info()->flags, current->ptrace); #endif ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) ? 0x80 : 0)); if (current->exit_code) { send_sig(current->exit_code, current, 1); current->exit_code = 0; } }",linux-2.6,,,218238594234530151391406579997965773498,0 2782,CWE-125,"void ntlm_write_message_fields_buffer(wStream* s, NTLM_MESSAGE_FIELDS* fields) { if (fields->Len > 0) { Stream_SetPosition(s, fields->BufferOffset); Stream_Write(s, fields->Buffer, fields->Len); } }",visit repo url,winpr/libwinpr/sspi/NTLM/ntlm_message.c,https://github.com/FreeRDP/FreeRDP,273447503726693,1 6704,['CWE-200'],"applet_is_any_device_activating (NMApplet *applet) { const GPtrArray *devices; int i; devices = nm_client_get_devices (applet->nm_client); for (i = 0; devices && (i < devices->len); i++) { NMDevice *candidate = NM_DEVICE (g_ptr_array_index (devices, i)); NMDeviceState state; state = nm_device_get_state (candidate); if (state > NM_DEVICE_STATE_DISCONNECTED && state < NM_DEVICE_STATE_ACTIVATED) return TRUE; } return FALSE; }",network-manager-applet,,,277291753049184816027605771566659015058,0 5964,['CWE-200'],"static void addrconf_dad_completed(struct inet6_ifaddr *ifp) { struct net_device * dev = ifp->idev->dev; ipv6_ifa_notify(RTM_NEWADDR, ifp); if (ifp->idev->cnf.forwarding == 0 && ifp->idev->cnf.rtr_solicits > 0 && (dev->flags&IFF_LOOPBACK) == 0 && (ipv6_addr_type(&ifp->addr) & IPV6_ADDR_LINKLOCAL)) { struct in6_addr all_routers; ipv6_addr_all_routers(&all_routers); ndisc_send_rs(ifp->idev->dev, &ifp->addr, &all_routers); spin_lock_bh(&ifp->lock); ifp->probes = 1; ifp->idev->if_flags |= IF_RS_SENT; addrconf_mod_timer(ifp, AC_RS, ifp->idev->cnf.rtr_solicit_interval); spin_unlock_bh(&ifp->lock); } }",linux-2.6,,,23041197311772221590890831062959325109,0 6418,['CWE-190'],"convert_1_bit (const gchar *src, gchar *dst, guint32 rows, guint32 columns) { guint32 row_pos = 0; gint i, j; IFDBG(3) g_debug (""Start 1 bit conversion""); for (i = 0; i < rows * ((columns + 7) >> 3); ++i) { guchar mask = 0x80; for (j = 0; j < 8 && row_pos < columns; ++j) { *dst = (*src & mask) ? 0 : 1; IFDBG(3) g_debug (""byte %d, bit %d, offset %d, src %d, dst %d"", i , j, row_pos, *src, *dst); dst++; mask >>= 1; row_pos++; } if (row_pos >= columns) row_pos = 0; src++; } IFDBG(3) g_debug (""End 1 bit conversion""); }",gimp,,,16429313994274357957981099624734948584,0 4703,['CWE-20'],"void ext4_itable_unused_set(struct super_block *sb, struct ext4_group_desc *bg, __u32 count) { bg->bg_itable_unused_lo = cpu_to_le16((__u16)count); if (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT) bg->bg_itable_unused_hi = cpu_to_le16(count >> 16); }",linux-2.6,,,3663808569683988199388687649591510929,0 6764,CWE-120,"START_TEST(test_log_long_msg) { int lpc; int rc; int i, max = 1000; char *buffer = calloc(1, max); qb_log_init(""test"", LOG_USER, LOG_DEBUG); rc = qb_log_ctl(QB_LOG_SYSLOG, QB_LOG_CONF_ENABLED, QB_FALSE); ck_assert_int_eq(rc, 0); rc = qb_log_ctl(QB_LOG_BLACKBOX, QB_LOG_CONF_SIZE, 1024); ck_assert_int_eq(rc, 0); rc = qb_log_ctl(QB_LOG_BLACKBOX, QB_LOG_CONF_ENABLED, QB_TRUE); ck_assert_int_eq(rc, 0); rc = qb_log_filter_ctl(QB_LOG_BLACKBOX, QB_LOG_FILTER_ADD, QB_LOG_FILTER_FILE, ""*"", LOG_TRACE); ck_assert_int_eq(rc, 0); for (lpc = 500; lpc < max; lpc++) { lpc++; for(i = 0; i < max; i++) { buffer[i] = 'a' + (i % 10); } buffer[lpc%600] = 0; qb_log(LOG_INFO, ""Message %d %d - %s"", lpc, lpc%600, buffer); } qb_log_blackbox_write_to_file(""blackbox.dump""); qb_log_blackbox_print_from_file(""blackbox.dump""); unlink(""blackbox.dump""); qb_log_fini(); }",visit repo url,tests/check_log.c,https://github.com/ClusterLabs/libqb,266246624775859,1 760,['CWE-119'],"isdn_ciscohdlck_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) { isdn_net_local *lp = (isdn_net_local *) dev->priv; unsigned long len = 0; unsigned long expires = 0; int tmp = 0; int period = lp->cisco_keepalive_period; s8 debserint = lp->cisco_debserint; int rc = 0; if (lp->p_encap != ISDN_NET_ENCAP_CISCOHDLCK) return -EINVAL; switch (cmd) { case SIOCGKEEPPERIOD: len = (unsigned long)sizeof(lp->cisco_keepalive_period); if (copy_to_user(ifr->ifr_data, &lp->cisco_keepalive_period, len)) rc = -EFAULT; break; case SIOCSKEEPPERIOD: tmp = lp->cisco_keepalive_period; len = (unsigned long)sizeof(lp->cisco_keepalive_period); if (copy_from_user(&period, ifr->ifr_data, len)) rc = -EFAULT; if ((period > 0) && (period <= 32767)) lp->cisco_keepalive_period = period; else rc = -EINVAL; if (!rc && (tmp != lp->cisco_keepalive_period)) { expires = (unsigned long)(jiffies + lp->cisco_keepalive_period * HZ); mod_timer(&lp->cisco_timer, expires); printk(KERN_INFO ""%s: Keepalive period set "" ""to %d seconds.\n"", dev->name, lp->cisco_keepalive_period); } break; case SIOCGDEBSERINT: len = (unsigned long)sizeof(lp->cisco_debserint); if (copy_to_user(ifr->ifr_data, &lp->cisco_debserint, len)) rc = -EFAULT; break; case SIOCSDEBSERINT: len = (unsigned long)sizeof(lp->cisco_debserint); if (copy_from_user(&debserint, ifr->ifr_data, len)) rc = -EFAULT; if ((debserint >= 0) && (debserint <= 64)) lp->cisco_debserint = debserint; else rc = -EINVAL; break; default: rc = -EINVAL; break; } return (rc); }",linux-2.6,,,330743078382042076676597224612168697712,0 2545,CWE-399,"cib_remote_perform_op(cib_t * cib, const char *op, const char *host, const char *section, xmlNode * data, xmlNode ** output_data, int call_options, const char *name) { int rc = pcmk_ok; xmlNode *op_msg = NULL; xmlNode *op_reply = NULL; cib_remote_opaque_t *private = cib->variant_opaque; if (sync_timer == NULL) { sync_timer = calloc(1, sizeof(struct timer_rec_s)); } if (cib->state == cib_disconnected) { return -ENOTCONN; } if (output_data != NULL) { *output_data = NULL; } if (op == NULL) { crm_err(""No operation specified""); return -EINVAL; } cib->call_id++; if (cib->call_id < 1) { cib->call_id = 1; } op_msg = cib_create_op(cib->call_id, private->callback.token, op, host, section, data, call_options, NULL); if (op_msg == NULL) { return -EPROTO; } crm_trace(""Sending %s message to CIB service"", op); crm_send_remote_msg(private->command.session, op_msg, private->command.encrypted); free_xml(op_msg); if ((call_options & cib_discard_reply)) { crm_trace(""Discarding reply""); return pcmk_ok; } else if (!(call_options & cib_sync_call)) { return cib->call_id; } crm_trace(""Waiting for a syncronous reply""); if (cib->call_timeout > 0) { timer_expired = FALSE; sync_timer->call_id = cib->call_id; sync_timer->timeout = cib->call_timeout * 1000; sync_timer->ref = g_timeout_add(sync_timer->timeout, cib_timeout_handler, sync_timer); } while (timer_expired == FALSE) { int reply_id = -1; int msg_id = cib->call_id; op_reply = crm_recv_remote_msg(private->command.session, private->command.encrypted); if (op_reply == NULL) { break; } crm_element_value_int(op_reply, F_CIB_CALLID, &reply_id); CRM_CHECK(reply_id > 0, free_xml(op_reply); if (sync_timer->ref > 0) { g_source_remove(sync_timer->ref); sync_timer->ref = 0;} return -ENOMSG) ; if (reply_id == msg_id) { break; } else if (reply_id < msg_id) { crm_debug(""Received old reply: %d (wanted %d)"", reply_id, msg_id); crm_log_xml_trace(op_reply, ""Old reply""); } else if ((reply_id - 10000) > msg_id) { crm_debug(""Received old reply: %d (wanted %d)"", reply_id, msg_id); crm_log_xml_trace(op_reply, ""Old reply""); } else { crm_err(""Received a __future__ reply:"" "" %d (wanted %d)"", reply_id, msg_id); } free_xml(op_reply); op_reply = NULL; } if (sync_timer->ref > 0) { g_source_remove(sync_timer->ref); sync_timer->ref = 0; } if (timer_expired) { return -ETIME; } if (op_reply == NULL) { crm_err(""No reply message - empty""); return -ENOMSG; } crm_trace(""Syncronous reply received""); if (crm_element_value_int(op_reply, F_CIB_RC, &rc) != 0) { rc = -EPROTO; } if (rc == -pcmk_err_diff_resync) { rc = pcmk_ok; } if (rc == pcmk_ok || rc == -EPERM) { crm_log_xml_debug(op_reply, ""passed""); } else { crm_err(""Call failed: %s"", pcmk_strerror(rc)); crm_log_xml_warn(op_reply, ""failed""); } if (output_data == NULL) { } else if (!(call_options & cib_discard_reply)) { xmlNode *tmp = get_message_xml(op_reply, F_CIB_CALLDATA); if (tmp == NULL) { crm_trace(""No output in reply to \""%s\"" command %d"", op, cib->call_id - 1); } else { *output_data = copy_xml(tmp); } } free_xml(op_reply); return rc; }",visit repo url,lib/cib/cib_remote.c,https://github.com/ClusterLabs/pacemaker,110292667663384,1 5736,['CWE-200'],"static int irda_data_indication(void *instance, void *sap, struct sk_buff *skb) { struct irda_sock *self; struct sock *sk; int err; IRDA_DEBUG(3, ""%s()\n"", __func__); self = instance; sk = instance; err = sock_queue_rcv_skb(sk, skb); if (err) { IRDA_DEBUG(1, ""%s(), error: no more mem!\n"", __func__); self->rx_flow = FLOW_STOP; return err; } return 0; }",linux-2.6,,,173802351767831262473679568660010656517,0 907,CWE-20,"void kvm_lapic_sync_to_vapic(struct kvm_vcpu *vcpu) { u32 data, tpr; int max_irr, max_isr; struct kvm_lapic *apic = vcpu->arch.apic; void *vapic; apic_sync_pv_eoi_to_guest(vcpu, apic); if (!test_bit(KVM_APIC_CHECK_VAPIC, &vcpu->arch.apic_attention)) return; tpr = kvm_apic_get_reg(apic, APIC_TASKPRI) & 0xff; max_irr = apic_find_highest_irr(apic); if (max_irr < 0) max_irr = 0; max_isr = apic_find_highest_isr(apic); if (max_isr < 0) max_isr = 0; data = (tpr & 0xff) | ((max_isr & 0xf0) << 8) | (max_irr << 24); vapic = kmap_atomic(vcpu->arch.apic->vapic_page); *(u32 *)(vapic + offset_in_page(vcpu->arch.apic->vapic_addr)) = data; kunmap_atomic(vapic); }",visit repo url,arch/x86/kvm/lapic.c,https://github.com/torvalds/linux,101493435687044,1 2546,CWE-399,"cib_tls_close(cib_t * cib) { cib_remote_opaque_t *private = cib->variant_opaque; shutdown(private->command.socket, SHUT_RDWR); shutdown(private->callback.socket, SHUT_RDWR); close(private->command.socket); close(private->callback.socket); #ifdef HAVE_GNUTLS_GNUTLS_H if (private->command.encrypted) { gnutls_bye(*(private->command.session), GNUTLS_SHUT_RDWR); gnutls_deinit(*(private->command.session)); gnutls_free(private->command.session); gnutls_bye(*(private->callback.session), GNUTLS_SHUT_RDWR); gnutls_deinit(*(private->callback.session)); gnutls_free(private->callback.session); gnutls_anon_free_client_credentials(anon_cred_c); gnutls_global_deinit(); } #endif return 0; }",visit repo url,lib/cib/cib_remote.c,https://github.com/ClusterLabs/pacemaker,140714774120013,1 6222,CWE-190,"void fp2_write_bin(uint8_t *bin, int len, const fp2_t a, int pack) { fp2_t t; fp2_null(t); RLC_TRY { fp2_new(t); if (pack && fp2_test_cyc(a)) { if (len < RLC_FP_BYTES + 1) { RLC_THROW(ERR_NO_BUFFER); return; } else { fp2_pck(t, a); fp_write_bin(bin, RLC_FP_BYTES, t[0]); bin[RLC_FP_BYTES] = fp_get_bit(t[1], 0); } } else { if (len < 2 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } else { fp_write_bin(bin, RLC_FP_BYTES, a[0]); fp_write_bin(bin + RLC_FP_BYTES, RLC_FP_BYTES, a[1]); } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp2_free(t); } }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,149336358923014,1 6526,['CWE-20'],"static int emulate_pop_sreg(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops, int seg) { struct decode_cache *c = &ctxt->decode; unsigned long selector; int rc; rc = emulate_pop(ctxt, ops, &selector, c->op_bytes); if (rc != 0) return rc; rc = kvm_load_segment_descriptor(ctxt->vcpu, (u16)selector, 1, seg); return rc; }",kvm,,,106308528611688404979786508500370009055,0 4277,['CWE-264'],"void __init proc_caches_init(void) { sighand_cachep = kmem_cache_create(""sighand_cache"", sizeof(struct sighand_struct), 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_DESTROY_BY_RCU, sighand_ctor); signal_cachep = kmem_cache_create(""signal_cache"", sizeof(struct signal_struct), 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); files_cachep = kmem_cache_create(""files_cache"", sizeof(struct files_struct), 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); fs_cachep = kmem_cache_create(""fs_cache"", sizeof(struct fs_struct), 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); mm_cachep = kmem_cache_create(""mm_struct"", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); mmap_init(); }",linux-2.6,,,266791574814815943641796199197517529403,0 4798,CWE-119,"sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; unsigned char buff[128]; int r, i; size_t field_length = 0, modulus_length = 0; sc_path_t tmppath; set_string (&p15card->tokeninfo->label, ""ID-kaart""); set_string (&p15card->tokeninfo->manufacturer_id, ""AS Sertifitseerimiskeskus""); sc_format_path (""3f00eeee5044"", &tmppath); r = sc_select_file (card, &tmppath, NULL); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""select esteid PD failed""); r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""read document number failed""); buff[r] = '\0'; set_string (&p15card->tokeninfo->serial_number, (const char *) buff); p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT | SC_PKCS15_TOKEN_READONLY; for (i = 0; i < 2; i++) { static const char *esteid_cert_names[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; static char const *esteid_cert_paths[2] = { ""3f00eeeeaace"", ""3f00eeeeddce""}; static int esteid_cert_ids[2] = {1, 2}; struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); cert_info.id.value[0] = esteid_cert_ids[i]; cert_info.id.len = 1; sc_format_path(esteid_cert_paths[i], &cert_info.path); strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label)); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; if (i == 0) { sc_pkcs15_cert_t *cert = NULL; r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); if (r < 0) return SC_ERROR_INTERNAL; if (cert->key->algorithm == SC_ALGORITHM_EC) field_length = cert->key->u.ec.params.field_length; else modulus_length = cert->key->u.rsa.modulus.len * 8; if (r == SC_SUCCESS) { static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }}; u8 *cn_name = NULL; size_t cn_len = 0; sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len); if (cn_len > 0) { char *token_name = malloc(cn_len+1); if (token_name) { memcpy(token_name, cn_name, cn_len); token_name[cn_len] = '\0'; set_string(&p15card->tokeninfo->label, (const char*)token_name); free(token_name); } } free(cn_name); sc_pkcs15_free_certificate(cert); } } } sc_format_path (""3f000016"", &tmppath); r = sc_select_file (card, &tmppath, NULL); if (r < 0) return SC_ERROR_INTERNAL; for (i = 0; i < 3; i++) { unsigned char tries_left; static const char *esteid_pin_names[3] = { ""PIN1"", ""PIN2"", ""PUK"" }; static const int esteid_pin_min[3] = {4, 5, 8}; static const int esteid_pin_ref[3] = {1, 2, 0}; static const int esteid_pin_authid[3] = {1, 2, 3}; static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN}; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = esteid_pin_authid[i]; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = esteid_pin_ref[i]; pin_info.attrs.pin.flags = esteid_pin_flags[i]; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = esteid_pin_min[i]; pin_info.attrs.pin.stored_length = 12; pin_info.attrs.pin.max_length = 12; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = (int)tries_left; pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; if (i < 2) { pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 3; } r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) return SC_ERROR_INTERNAL; } for (i = 0; i < 2; i++) { static int prkey_pin[2] = {1, 2}; static const char *prkey_name[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); prkey_info.id.len = 1; prkey_info.id.value[0] = prkey_pin[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; prkey_info.field_length = field_length; prkey_info.modulus_length = modulus_length; if (i == 1) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; else if(field_length > 0) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE; else prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; prkey_obj.auth_id.value[0] = prkey_pin[i]; prkey_obj.user_consent = 0; prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; if(field_length > 0) r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); else r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if (r < 0) return SC_ERROR_INTERNAL; } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-esteid.c,https://github.com/OpenSC/OpenSC,125994446105878,1 6665,['CWE-200'],"list_connections (NMSettings *settings) { NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (settings); if (priv->read_connections_id) { g_source_remove (priv->read_connections_id); priv->read_connections_id = 0; read_connections (NMA_GCONF_SETTINGS (settings)); } return g_slist_copy (priv->connections); }",network-manager-applet,,,1572899190955990114116571263435632341,0 3758,[],"static int unix_shutdown(struct socket *sock, int mode) { struct sock *sk = sock->sk; struct sock *other; mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN); if (mode) { unix_state_lock(sk); sk->sk_shutdown |= mode; other=unix_peer(sk); if (other) sock_hold(other); unix_state_unlock(sk); sk->sk_state_change(sk); if (other && (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) { int peer_mode = 0; if (mode&RCV_SHUTDOWN) peer_mode |= SEND_SHUTDOWN; if (mode&SEND_SHUTDOWN) peer_mode |= RCV_SHUTDOWN; unix_state_lock(other); other->sk_shutdown |= peer_mode; unix_state_unlock(other); other->sk_state_change(other); read_lock(&other->sk_callback_lock); if (peer_mode == SHUTDOWN_MASK) sk_wake_async(other, SOCK_WAKE_WAITD, POLL_HUP); else if (peer_mode & RCV_SHUTDOWN) sk_wake_async(other, SOCK_WAKE_WAITD, POLL_IN); read_unlock(&other->sk_callback_lock); } if (other) sock_put(other); } return 0; }",linux-2.6,,,37017088881454815822392969948917790521,0 3183,CWE-125,"lookup_bytestring(netdissect_options *ndo, register const u_char *bs, const unsigned int nlen) { struct enamemem *tp; register u_int i, j, k; if (nlen >= 6) { k = (bs[0] << 8) | bs[1]; j = (bs[2] << 8) | bs[3]; i = (bs[4] << 8) | bs[5]; } else if (nlen >= 4) { k = (bs[0] << 8) | bs[1]; j = (bs[2] << 8) | bs[3]; i = 0; } else i = j = k = 0; tp = &bytestringtable[(i ^ j) & (HASHNAMESIZE-1)]; while (tp->e_nxt) if (tp->e_addr0 == i && tp->e_addr1 == j && tp->e_addr2 == k && memcmp((const char *)bs, (const char *)(tp->e_bs), nlen) == 0) return tp; else tp = tp->e_nxt; tp->e_addr0 = i; tp->e_addr1 = j; tp->e_addr2 = k; tp->e_bs = (u_char *) calloc(1, nlen + 1); if (tp->e_bs == NULL) (*ndo->ndo_error)(ndo, ""lookup_bytestring: calloc""); memcpy(tp->e_bs, bs, nlen); tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp)); if (tp->e_nxt == NULL) (*ndo->ndo_error)(ndo, ""lookup_bytestring: calloc""); return tp; }",visit repo url,addrtoname.c,https://github.com/the-tcpdump-group/tcpdump,166914180537868,1 4501,['CWE-20'],"int ext4_group_extend(struct super_block *sb, struct ext4_super_block *es, ext4_fsblk_t n_blocks_count) { ext4_fsblk_t o_blocks_count; ext4_group_t o_groups_count; ext4_grpblk_t last; ext4_grpblk_t add; struct buffer_head *bh; handle_t *handle; int err; ext4_group_t group; o_blocks_count = ext4_blocks_count(es); o_groups_count = EXT4_SB(sb)->s_groups_count; if (test_opt(sb, DEBUG)) printk(KERN_DEBUG ""EXT4-fs: extending last group from %llu uto %llu blocks\n"", o_blocks_count, n_blocks_count); if (n_blocks_count == 0 || n_blocks_count == o_blocks_count) return 0; if (n_blocks_count > (sector_t)(~0ULL) >> (sb->s_blocksize_bits - 9)) { printk(KERN_ERR ""EXT4-fs: filesystem on %s:"" "" too large to resize to %llu blocks safely\n"", sb->s_id, n_blocks_count); if (sizeof(sector_t) < 8) ext4_warning(sb, __func__, ""CONFIG_LBD not enabled""); return -EINVAL; } if (n_blocks_count < o_blocks_count) { ext4_warning(sb, __func__, ""can't shrink FS - resize aborted""); return -EBUSY; } ext4_get_group_no_and_offset(sb, o_blocks_count, &group, &last); if (last == 0) { ext4_warning(sb, __func__, ""need to use ext2online to resize further""); return -EPERM; } add = EXT4_BLOCKS_PER_GROUP(sb) - last; if (o_blocks_count + add < o_blocks_count) { ext4_warning(sb, __func__, ""blocks_count overflow""); return -EINVAL; } if (o_blocks_count + add > n_blocks_count) add = n_blocks_count - o_blocks_count; if (o_blocks_count + add < n_blocks_count) ext4_warning(sb, __func__, ""will only finish group (%llu"" "" blocks, %u new)"", o_blocks_count + add, add); bh = sb_bread(sb, o_blocks_count + add - 1); if (!bh) { ext4_warning(sb, __func__, ""can't read last block, resize aborted""); return -ENOSPC; } brelse(bh); handle = ext4_journal_start_sb(sb, 3); if (IS_ERR(handle)) { err = PTR_ERR(handle); ext4_warning(sb, __func__, ""error %d on journal start"", err); goto exit_put; } lock_super(sb); if (o_blocks_count != ext4_blocks_count(es)) { ext4_warning(sb, __func__, ""multiple resizers run on filesystem!""); unlock_super(sb); ext4_journal_stop(handle); err = -EBUSY; goto exit_put; } if ((err = ext4_journal_get_write_access(handle, EXT4_SB(sb)->s_sbh))) { ext4_warning(sb, __func__, ""error %d on journal write access"", err); unlock_super(sb); ext4_journal_stop(handle); goto exit_put; } ext4_blocks_count_set(es, o_blocks_count + add); ext4_handle_dirty_metadata(handle, NULL, EXT4_SB(sb)->s_sbh); sb->s_dirt = 1; unlock_super(sb); ext4_debug(""freeing blocks %llu through %llu\n"", o_blocks_count, o_blocks_count + add); ext4_add_groupblocks(handle, sb, o_blocks_count, add); ext4_debug(""freed blocks %llu through %llu\n"", o_blocks_count, o_blocks_count + add); if ((err = ext4_journal_stop(handle))) goto exit_put; if (test_opt(sb, DEBUG)) printk(KERN_DEBUG ""EXT4-fs: extended group to %llu blocks\n"", ext4_blocks_count(es)); update_backups(sb, EXT4_SB(sb)->s_sbh->b_blocknr, (char *)es, sizeof(struct ext4_super_block)); exit_put: return err; } ",linux-2.6,,,225669503474349997256762903535069719629,0 754,['CWE-119'],"static void isdn_header_cache_update(struct hh_cache *hh, const struct net_device *dev, const unsigned char *haddr) { isdn_net_local *lp = dev->priv; if (lp->p_encap == ISDN_NET_ENCAP_ETHER) return eth_header_cache_update(hh, dev, haddr); }",linux-2.6,,,157849749139285194781555042100562459595,0 2406,NVD-CWE-Other,"void ff_jpeg2000_cleanup(Jpeg2000Component *comp, Jpeg2000CodingStyle *codsty) { int reslevelno, bandno, precno; for (reslevelno = 0; comp->reslevel && reslevelno < codsty->nreslevels; reslevelno++) { Jpeg2000ResLevel *reslevel = comp->reslevel + reslevelno; for (bandno = 0; bandno < reslevel->nbands; bandno++) { Jpeg2000Band *band = reslevel->band + bandno; for (precno = 0; precno < reslevel->num_precincts_x * reslevel->num_precincts_y; precno++) { Jpeg2000Prec *prec = band->prec + precno; av_freep(&prec->zerobits); av_freep(&prec->cblkincl); av_freep(&prec->cblk); } av_freep(&band->prec); } av_freep(&reslevel->band); } ff_dwt_destroy(&comp->dwt); av_freep(&comp->reslevel); av_freep(&comp->i_data); av_freep(&comp->f_data); }",visit repo url,libavcodec/jpeg2000.c,https://github.com/FFmpeg/FFmpeg,193321407845010,1 4014,['CWE-362'],"static inline void inotify_remove_watch_locked(struct inotify_handle *ih, struct inotify_watch *watch) { }",linux-2.6,,,53290220139265272726887571080778011313,0 3968,CWE-20,"parse_netscreen_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer* buf, char *line, int *err, gchar **err_info) { int sec; int dsec; char cap_int[NETSCREEN_MAX_INT_NAME_LENGTH]; char direction[2]; guint pkt_len; char cap_src[13]; char cap_dst[13]; guint8 *pd; gchar *p; int n, i = 0; guint offset = 0; gchar dststr[13]; phdr->rec_type = REC_TYPE_PACKET; phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN; if (sscanf(line, ""%9d.%9d: %15[a-z0-9/:.-](%1[io]) len=%9u:%12s->%12s/"", &sec, &dsec, cap_int, direction, &pkt_len, cap_src, cap_dst) < 5) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""netscreen: Can't parse packet-header""); return -1; } if (pkt_len > WTAP_MAX_PACKET_SIZE) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf(""netscreen: File has %u-byte packet, bigger than maximum of %u"", pkt_len, WTAP_MAX_PACKET_SIZE); return FALSE; } phdr->ts.secs = sec; phdr->ts.nsecs = dsec * 100000000; phdr->len = pkt_len; ws_buffer_assure_space(buf, pkt_len); pd = ws_buffer_start_ptr(buf); while(1) { if (file_gets(line, NETSCREEN_LINE_LENGTH, fh) == NULL) { break; } for (p = &line[0]; g_ascii_isspace(*p); p++) ; if (*p == '\0') { break; } n = parse_single_hex_dump_line(p, pd, offset); if (offset == 0 && n < 6) { if (info_line(line)) { if (++i <= NETSCREEN_MAX_INFOLINES) { continue; } } else { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""netscreen: cannot parse hex-data""); return FALSE; } } if (n == -1) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""netscreen: cannot parse hex-data""); return FALSE; } offset += n; if (offset > pkt_len) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""netscreen: too much hex-data""); return FALSE; } } if (strncmp(cap_int, ""adsl"", 4) == 0) { g_snprintf(dststr, 13, ""%02x%02x%02x%02x%02x%02x"", pd[0], pd[1], pd[2], pd[3], pd[4], pd[5]); if (strncmp(dststr, cap_dst, 12) == 0) phdr->pkt_encap = WTAP_ENCAP_ETHERNET; else phdr->pkt_encap = WTAP_ENCAP_PPP; } else if (strncmp(cap_int, ""seri"", 4) == 0) phdr->pkt_encap = WTAP_ENCAP_PPP; else phdr->pkt_encap = WTAP_ENCAP_ETHERNET; phdr->caplen = offset; return TRUE; }",visit repo url,wiretap/netscreen.c,https://github.com/wireshark/wireshark,248182883502893,1 1785,CWE-264,"int xt_compat_check_entry_offsets(const void *base, unsigned int target_offset, unsigned int next_offset) { const struct compat_xt_entry_target *t; const char *e = base; if (target_offset + sizeof(*t) > next_offset) return -EINVAL; t = (void *)(e + target_offset); if (t->u.target_size < sizeof(*t)) return -EINVAL; if (target_offset + t->u.target_size > next_offset) return -EINVAL; if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 && target_offset + sizeof(struct compat_xt_standard_target) != next_offset) return -EINVAL; return 0; }",visit repo url,net/netfilter/x_tables.c,https://github.com/torvalds/linux,151303142495988,1 6490,CWE-787,"int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) { if (!message) { LOG_ERROR(""Null message in AES_encrypt""); return -1; } if (!encr_message) { LOG_ERROR(""Null encr message in AES_encrypt""); return -2; } uint64_t len = strlen(message) + 1; if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) { LOG_ERROR(""Output buffer too small""); return -3; } sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, strlen(message), encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, (sgx_aes_gcm_128bit_tag_t *) encr_message); return status; }",visit repo url,secure_enclave/AESUtils.c,https://github.com/skalenetwork/sgxwallet,53666338222771,1 5068,['CWE-20'],"static inline int cpu_has_vmx_tpr_shadow(void) { return (vmcs_config.cpu_based_exec_ctrl & CPU_BASED_TPR_SHADOW); }",linux-2.6,,,323602128042977553661521750668748462498,0 3910,['CWE-399'],"static int chip_remove(struct i2c_client *client) { struct CHIPSTATE *chip = i2c_get_clientdata(client); del_timer_sync(&chip->wt); if (chip->thread) { kthread_stop(chip->thread); chip->thread = NULL; } kfree(chip); return 0; }",linux-2.6,,,272567365764201650530873081034208345081,0 4718,CWE-787,"static int msg_parse_fetch(struct ImapHeader *h, char *s) { char tmp[SHORT_STRING]; char *ptmp = NULL; if (!s) return -1; while (*s) { SKIPWS(s); if (mutt_str_strncasecmp(""FLAGS"", s, 5) == 0) { s = msg_parse_flags(h, s); if (!s) return -1; } else if (mutt_str_strncasecmp(""UID"", s, 3) == 0) { s += 3; SKIPWS(s); if (mutt_str_atoui(s, &h->data->uid) < 0) return -1; s = imap_next_word(s); } else if (mutt_str_strncasecmp(""INTERNALDATE"", s, 12) == 0) { s += 12; SKIPWS(s); if (*s != '\""') { mutt_debug(1, ""bogus INTERNALDATE entry: %s\n"", s); return -1; } s++; ptmp = tmp; while (*s && *s != '\""') *ptmp++ = *s++; if (*s != '\""') return -1; s++; *ptmp = '\0'; h->received = mutt_date_parse_imap(tmp); } else if (mutt_str_strncasecmp(""RFC822.SIZE"", s, 11) == 0) { s += 11; SKIPWS(s); ptmp = tmp; while (isdigit((unsigned char) *s)) *ptmp++ = *s++; *ptmp = '\0'; if (mutt_str_atol(tmp, &h->content_length) < 0) return -1; } else if ((mutt_str_strncasecmp(""BODY"", s, 4) == 0) || (mutt_str_strncasecmp(""RFC822.HEADER"", s, 13) == 0)) { return -2; } else if (*s == ')') s++; else if (*s) { imap_error(""msg_parse_fetch"", s); return -1; } } return 0; }",visit repo url,imap/message.c,https://github.com/neomutt/neomutt,248809737400782,1 2439,['CWE-119'],"int prepare_revision_walk(struct rev_info *revs) { int nr = revs->pending.nr; struct object_array_entry *e, *list; e = list = revs->pending.objects; revs->pending.nr = 0; revs->pending.alloc = 0; revs->pending.objects = NULL; while (--nr >= 0) { struct commit *commit = handle_commit(revs, e->item, e->name); if (commit) { if (!(commit->object.flags & SEEN)) { commit->object.flags |= SEEN; insert_by_date(commit, &revs->commits); } } e++; } free(list); if (revs->no_walk) return 0; if (revs->limited) if (limit_list(revs) < 0) return -1; if (revs->topo_order) sort_in_topological_order(&revs->commits, revs->lifo); return 0; }",git,,,126267795494624188756270503639231624773,0 1650,NVD-CWE-Other,"long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) { struct key *key; key_ref_t key_ref; long ret; key_ref = lookup_user_key(keyid, 0, 0); if (IS_ERR(key_ref)) { ret = -ENOKEY; goto error; } key = key_ref_to_ptr(key_ref); ret = key_permission(key_ref, KEY_NEED_READ); if (ret == 0) goto can_read_key; if (ret != -EACCES) goto error; if (!is_key_possessed(key_ref)) { ret = -EACCES; goto error2; } can_read_key: ret = key_validate(key); if (ret == 0) { ret = -EOPNOTSUPP; if (key->type->read) { down_read(&key->sem); ret = key->type->read(key, buffer, buflen); up_read(&key->sem); } } error2: key_put(key); error: return ret; }",visit repo url,security/keys/keyctl.c,https://github.com/torvalds/linux,137155041900119,1 1091,CWE-399,"static void collapse_huge_page(struct mm_struct *mm, unsigned long address, struct page **hpage, struct vm_area_struct *vma, int node) { pgd_t *pgd; pud_t *pud; pmd_t *pmd, _pmd; pte_t *pte; pgtable_t pgtable; struct page *new_page; spinlock_t *ptl; int isolated; unsigned long hstart, hend; VM_BUG_ON(address & ~HPAGE_PMD_MASK); #ifndef CONFIG_NUMA VM_BUG_ON(!*hpage); new_page = *hpage; if (unlikely(mem_cgroup_newpage_charge(new_page, mm, GFP_KERNEL))) { up_read(&mm->mmap_sem); return; } #else VM_BUG_ON(*hpage); new_page = alloc_hugepage_vma(khugepaged_defrag(), vma, address, node, __GFP_OTHER_NODE); if (unlikely(!new_page)) { up_read(&mm->mmap_sem); count_vm_event(THP_COLLAPSE_ALLOC_FAILED); *hpage = ERR_PTR(-ENOMEM); return; } count_vm_event(THP_COLLAPSE_ALLOC); if (unlikely(mem_cgroup_newpage_charge(new_page, mm, GFP_KERNEL))) { up_read(&mm->mmap_sem); put_page(new_page); return; } #endif up_read(&mm->mmap_sem); down_write(&mm->mmap_sem); if (unlikely(khugepaged_test_exit(mm))) goto out; vma = find_vma(mm, address); hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK; hend = vma->vm_end & HPAGE_PMD_MASK; if (address < hstart || address + HPAGE_PMD_SIZE > hend) goto out; if ((!(vma->vm_flags & VM_HUGEPAGE) && !khugepaged_always()) || (vma->vm_flags & VM_NOHUGEPAGE)) goto out; if (!vma->anon_vma || vma->vm_ops || vma->vm_file) goto out; if (is_vma_temporary_stack(vma)) goto out; VM_BUG_ON(is_linear_pfn_mapping(vma) || is_pfn_mapping(vma)); pgd = pgd_offset(mm, address); if (!pgd_present(*pgd)) goto out; pud = pud_offset(pgd, address); if (!pud_present(*pud)) goto out; pmd = pmd_offset(pud, address); if (!pmd_present(*pmd) || pmd_trans_huge(*pmd)) goto out; anon_vma_lock(vma->anon_vma); pte = pte_offset_map(pmd, address); ptl = pte_lockptr(mm, pmd); spin_lock(&mm->page_table_lock); _pmd = pmdp_clear_flush_notify(vma, address, pmd); spin_unlock(&mm->page_table_lock); spin_lock(ptl); isolated = __collapse_huge_page_isolate(vma, address, pte); spin_unlock(ptl); if (unlikely(!isolated)) { pte_unmap(pte); spin_lock(&mm->page_table_lock); BUG_ON(!pmd_none(*pmd)); set_pmd_at(mm, address, pmd, _pmd); spin_unlock(&mm->page_table_lock); anon_vma_unlock(vma->anon_vma); goto out; } anon_vma_unlock(vma->anon_vma); __collapse_huge_page_copy(pte, new_page, vma, address, ptl); pte_unmap(pte); __SetPageUptodate(new_page); pgtable = pmd_pgtable(_pmd); VM_BUG_ON(page_count(pgtable) != 1); VM_BUG_ON(page_mapcount(pgtable) != 0); _pmd = mk_pmd(new_page, vma->vm_page_prot); _pmd = maybe_pmd_mkwrite(pmd_mkdirty(_pmd), vma); _pmd = pmd_mkhuge(_pmd); smp_wmb(); spin_lock(&mm->page_table_lock); BUG_ON(!pmd_none(*pmd)); page_add_new_anon_rmap(new_page, vma, address); set_pmd_at(mm, address, pmd, _pmd); update_mmu_cache(vma, address, entry); prepare_pmd_huge_pte(pgtable, mm); mm->nr_ptes--; spin_unlock(&mm->page_table_lock); #ifndef CONFIG_NUMA *hpage = NULL; #endif khugepaged_pages_collapsed++; out_up_write: up_write(&mm->mmap_sem); return; out: mem_cgroup_uncharge_page(new_page); #ifdef CONFIG_NUMA put_page(new_page); #endif goto out_up_write; }",visit repo url,mm/huge_memory.c,https://github.com/torvalds/linux,145929725903554,1 4736,['CWE-20'],"__u32 ext4_used_dirs_count(struct super_block *sb, struct ext4_group_desc *bg) { return le16_to_cpu(bg->bg_used_dirs_count_lo) | (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT ? (__u32)le16_to_cpu(bg->bg_used_dirs_count_hi) << 16 : 0); }",linux-2.6,,,150105958486538303009981250119503314910,0 2524,['CWE-119'],"static void show_dirstat(struct diff_options *options) { int i; unsigned long changed; struct dirstat_dir dir; struct diff_queue_struct *q = &diff_queued_diff; dir.files = NULL; dir.alloc = 0; dir.nr = 0; dir.percent = options->dirstat_percent; dir.cumulative = options->output_format & DIFF_FORMAT_CUMULATIVE; changed = 0; for (i = 0; i < q->nr; i++) { struct diff_filepair *p = q->queue[i]; const char *name; unsigned long copied, added, damage; name = p->one->path ? p->one->path : p->two->path; if (DIFF_FILE_VALID(p->one) && DIFF_FILE_VALID(p->two)) { diff_populate_filespec(p->one, 0); diff_populate_filespec(p->two, 0); diffcore_count_changes(p->one, p->two, NULL, NULL, 0, &copied, &added); diff_free_filespec_data(p->one); diff_free_filespec_data(p->two); } else if (DIFF_FILE_VALID(p->one)) { diff_populate_filespec(p->one, 1); copied = added = 0; diff_free_filespec_data(p->one); } else if (DIFF_FILE_VALID(p->two)) { diff_populate_filespec(p->two, 1); copied = 0; added = p->two->size; diff_free_filespec_data(p->two); } else continue; damage = (p->one->size - copied) + added; ALLOC_GROW(dir.files, dir.nr + 1, dir.alloc); dir.files[dir.nr].name = name; dir.files[dir.nr].changed = damage; changed += damage; dir.nr++; } if (!changed) return; gather_dirstat(options->file, &dir, changed, """", 0); }",git,,,176544559123195012466808702809825426100,0 5219,['CWE-264'],"static void arrange_posix_perms(const char *filename, canon_ace **pp_list_head) { canon_ace *list_head = *pp_list_head; canon_ace *owner_ace = NULL; canon_ace *other_ace = NULL; canon_ace *ace = NULL; for (ace = list_head; ace; ace = ace->next) { if (ace->type == SMB_ACL_USER_OBJ) owner_ace = ace; else if (ace->type == SMB_ACL_OTHER) { other_ace = ace; } } if (!owner_ace || !other_ace) { DEBUG(0,(""arrange_posix_perms: Invalid POSIX permissions for file %s, missing owner or other.\n"", filename )); return; } if (owner_ace) { DLIST_PROMOTE(list_head, owner_ace); } if (other_ace) { DLIST_DEMOTE(list_head, other_ace, canon_ace *); } *pp_list_head = list_head; }",samba,,,17852681413331870773180489958256003842,0 2104,[],"int udp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { if (level == SOL_UDP || level == SOL_UDPLITE) return udp_lib_getsockopt(sk, level, optname, optval, optlen); return ip_getsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,290470755980148078606956712155883470367,0 3858,[],"static long cap_prctl_drop(unsigned long cap) { if (!capable(CAP_SETPCAP)) return -EPERM; if (!cap_valid(cap)) return -EINVAL; cap_lower(current->cap_bset, cap); return 0; }",linux-2.6,,,262985805198931631976809151099034796396,0 5984,CWE-120,"static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) { __Pyx_RefNannyDeclarations __Pyx_RefNannySetupContext(""__Pyx_InitCachedConstants"", 0); __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_u_Unexpected_EOF_while_reading_byt); if (unlikely(!__pyx_tuple_)) __PYX_ERR(0, 191, __pyx_L1_error) __Pyx_GOTREF(__pyx_tuple_); __Pyx_GIVEREF(__pyx_tuple_); __pyx_tuple__2 = PyTuple_Pack(5, __pyx_n_s_pyx_type, __pyx_n_s_pyx_checksum, __pyx_n_s_pyx_state, __pyx_n_s_pyx_PickleError, __pyx_n_s_pyx_result); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_GOTREF(__pyx_tuple__2); __Pyx_GIVEREF(__pyx_tuple__2); __pyx_codeobj__3 = (PyObject*)__Pyx_PyCode_New(3, 0, 5, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__2, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_stringsource, __pyx_n_s_pyx_unpickle_BufferedReader, 1, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__3)) __PYX_ERR(1, 1, __pyx_L1_error) __pyx_tuple__4 = PyTuple_Pack(5, __pyx_n_s_pyx_type, __pyx_n_s_pyx_checksum, __pyx_n_s_pyx_state, __pyx_n_s_pyx_PickleError, __pyx_n_s_pyx_result); if (unlikely(!__pyx_tuple__4)) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_GOTREF(__pyx_tuple__4); __Pyx_GIVEREF(__pyx_tuple__4); __pyx_codeobj__5 = (PyObject*)__Pyx_PyCode_New(3, 0, 5, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__4, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_stringsource, __pyx_n_s_pyx_unpickle_BufferedSocketRea, 1, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__5)) __PYX_ERR(1, 1, __pyx_L1_error) __pyx_tuple__6 = PyTuple_Pack(5, __pyx_n_s_pyx_type, __pyx_n_s_pyx_checksum, __pyx_n_s_pyx_state, __pyx_n_s_pyx_PickleError, __pyx_n_s_pyx_result); if (unlikely(!__pyx_tuple__6)) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_GOTREF(__pyx_tuple__6); __Pyx_GIVEREF(__pyx_tuple__6); __pyx_codeobj__7 = (PyObject*)__Pyx_PyCode_New(3, 0, 5, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__6, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_stringsource, __pyx_n_s_pyx_unpickle_CompressedBuffere, 1, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__7)) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_RefNannyFinishContext(); return 0; __pyx_L1_error:; __Pyx_RefNannyFinishContext(); return -1; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,175952978209739,1 3062,['CWE-189'],"static jas_image_cmpt_t *jas_image_cmpt_copy(jas_image_cmpt_t *cmpt) { jas_image_cmpt_t *newcmpt; if (!(newcmpt = jas_image_cmpt_create0())) { return 0; } newcmpt->tlx_ = cmpt->tlx_; newcmpt->tly_ = cmpt->tly_; newcmpt->hstep_ = cmpt->hstep_; newcmpt->vstep_ = cmpt->vstep_; newcmpt->width_ = cmpt->width_; newcmpt->height_ = cmpt->height_; newcmpt->prec_ = cmpt->prec_; newcmpt->sgnd_ = cmpt->sgnd_; newcmpt->cps_ = cmpt->cps_; newcmpt->type_ = cmpt->type_; if (!(newcmpt->stream_ = jas_stream_memopen(0, 0))) { return 0; } if (jas_stream_seek(cmpt->stream_, 0, SEEK_SET)) { return 0; } if (jas_stream_copy(newcmpt->stream_, cmpt->stream_, -1)) { return 0; } if (jas_stream_seek(newcmpt->stream_, 0, SEEK_SET)) { return 0; } return newcmpt; }",jasper,,,297323577042934232528070339703664651353,0 619,CWE-17,"int do_remount_sb(struct super_block *sb, int flags, void *data, int force) { int retval; int remount_ro; if (sb->s_writers.frozen != SB_UNFROZEN) return -EBUSY; #ifdef CONFIG_BLOCK if (!(flags & MS_RDONLY) && bdev_read_only(sb->s_bdev)) return -EACCES; #endif if (flags & MS_RDONLY) acct_auto_close(sb); shrink_dcache_sb(sb); sync_filesystem(sb); remount_ro = (flags & MS_RDONLY) && !(sb->s_flags & MS_RDONLY); if (remount_ro) { if (force) { mark_files_ro(sb); } else { retval = sb_prepare_remount_readonly(sb); if (retval) return retval; } } if (sb->s_op->remount_fs) { retval = sb->s_op->remount_fs(sb, &flags, data); if (retval) { if (!force) goto cancel_readonly; WARN(1, ""forced remount of a %s fs returned %i\n"", sb->s_type->name, retval); } } sb->s_flags = (sb->s_flags & ~MS_RMT_MASK) | (flags & MS_RMT_MASK); smp_wmb(); sb->s_readonly_remount = 0; if (remount_ro && sb->s_bdev) invalidate_bdev(sb->s_bdev); return 0; cancel_readonly: sb->s_readonly_remount = 0; return retval; }",visit repo url,fs/super.c,https://github.com/torvalds/linux,13015408083470,1 6702,['CWE-200'],"add_connection_tabs (NMConnectionList *self, GType def_type) { add_connection_tab (self, def_type, NM_TYPE_SETTING_WIRED, self->wired_icon, ""wired"", _(""Wired""), wired_connection_new); add_connection_tab (self, def_type, NM_TYPE_SETTING_WIRELESS, self->wireless_icon, ""wireless"", _(""Wireless""), wifi_connection_new); add_connection_tab (self, def_type, NM_TYPE_SETTING_GSM, self->wwan_icon, ""wwan"", _(""Mobile Broadband""), mobile_connection_new); add_connection_tab (self, def_type, NM_TYPE_SETTING_VPN, self->vpn_icon, ""vpn"", _(""VPN""), vpn_connection_new); add_connection_tab (self, def_type, NM_TYPE_SETTING_PPPOE, self->wired_icon, ""dsl"", _(""DSL""), dsl_connection_new); }",network-manager-applet,,,54642770880837962052761596552727506819,0 914,['CWE-200'],"static void shmem_swp_set(struct shmem_inode_info *info, swp_entry_t *entry, unsigned long value) { long incdec = value? 1: -1; entry->val = value; info->swapped += incdec; if ((unsigned long)(entry - info->i_direct) >= SHMEM_NR_DIRECT) { struct page *page = kmap_atomic_to_page(entry); set_page_private(page, page_private(page) + incdec); } }",linux-2.6,,,262130798269900557553043176752231526095,0 3536,['CWE-20'],"sctp_disposition_t sctp_sf_do_9_1_prm_abort( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *abort = arg; sctp_disposition_t retval; retval = SCTP_DISPOSITION_CONSUME; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_USER_ABORT)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); return retval; }",linux-2.6,,,129941087517937912641898216021647433402,0 3265,CWE-125,"rsvp_obj_print(netdissect_options *ndo, const u_char *pptr, u_int plen, const u_char *tptr, const char *ident, u_int tlen, const struct rsvp_common_header *rsvp_com_header) { const struct rsvp_object_header *rsvp_obj_header; const u_char *obj_tptr; union { const struct rsvp_obj_integrity_t *rsvp_obj_integrity; const struct rsvp_obj_frr_t *rsvp_obj_frr; } obj_ptr; u_short rsvp_obj_len,rsvp_obj_ctype,obj_tlen,intserv_serv_tlen; int hexdump,processed,padbytes,error_code,error_value,i,sigcheck; union { float f; uint32_t i; } bw; uint8_t namelen; u_int action, subchannel; while(tlen>=sizeof(struct rsvp_object_header)) { ND_TCHECK2(*tptr, sizeof(struct rsvp_object_header)); rsvp_obj_header = (const struct rsvp_object_header *)tptr; rsvp_obj_len=EXTRACT_16BITS(rsvp_obj_header->length); rsvp_obj_ctype=rsvp_obj_header->ctype; if(rsvp_obj_len % 4) { ND_PRINT((ndo, ""%sERROR: object header size %u not a multiple of 4"", ident, rsvp_obj_len)); return -1; } if(rsvp_obj_len < sizeof(struct rsvp_object_header)) { ND_PRINT((ndo, ""%sERROR: object header too short %u < %lu"", ident, rsvp_obj_len, (unsigned long)sizeof(const struct rsvp_object_header))); return -1; } ND_PRINT((ndo, ""%s%s Object (%u) Flags: [%s"", ident, tok2str(rsvp_obj_values, ""Unknown"", rsvp_obj_header->class_num), rsvp_obj_header->class_num, ((rsvp_obj_header->class_num) & 0x80) ? ""ignore"" : ""reject"")); if (rsvp_obj_header->class_num > 128) ND_PRINT((ndo, "" %s"", ((rsvp_obj_header->class_num) & 0x40) ? ""and forward"" : ""silently"")); ND_PRINT((ndo, "" if unknown], Class-Type: %s (%u), length: %u"", tok2str(rsvp_ctype_values, ""Unknown"", ((rsvp_obj_header->class_num)<<8)+rsvp_obj_ctype), rsvp_obj_ctype, rsvp_obj_len)); if(tlen < rsvp_obj_len) { ND_PRINT((ndo, ""%sERROR: object goes past end of objects TLV"", ident)); return -1; } obj_tptr=tptr+sizeof(struct rsvp_object_header); obj_tlen=rsvp_obj_len-sizeof(struct rsvp_object_header); if (!ND_TTEST2(*tptr, rsvp_obj_len)) return -1; hexdump=FALSE; switch(rsvp_obj_header->class_num) { case RSVP_OBJ_SESSION: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return -1; ND_PRINT((ndo, ""%s IPv4 DestAddress: %s, Protocol ID: 0x%02x"", ident, ipaddr_string(ndo, obj_tptr), *(obj_tptr + sizeof(struct in_addr)))); ND_PRINT((ndo, ""%s Flags: [0x%02x], DestPort %u"", ident, *(obj_tptr+5), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return -1; ND_PRINT((ndo, ""%s IPv6 DestAddress: %s, Protocol ID: 0x%02x"", ident, ip6addr_string(ndo, obj_tptr), *(obj_tptr + sizeof(struct in6_addr)))); ND_PRINT((ndo, ""%s Flags: [0x%02x], DestPort %u"", ident, *(obj_tptr+sizeof(struct in6_addr)+1), EXTRACT_16BITS(obj_tptr + sizeof(struct in6_addr) + 2))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 36) return -1; ND_PRINT((ndo, ""%s IPv6 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+18), ip6addr_string(ndo, obj_tptr + 20))); obj_tlen-=36; obj_tptr+=36; break; case RSVP_CTYPE_14: if (obj_tlen < 26) return -1; ND_PRINT((ndo, ""%s IPv6 P2MP LSP ID: 0x%08x, Tunnel ID: 0x%04x, Extended Tunnel ID: %s"", ident, EXTRACT_32BITS(obj_tptr), EXTRACT_16BITS(obj_tptr+6), ip6addr_string(ndo, obj_tptr + 8))); obj_tlen-=26; obj_tptr+=26; break; case RSVP_CTYPE_13: if (obj_tlen < 12) return -1; ND_PRINT((ndo, ""%s IPv4 P2MP LSP ID: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+6), ipaddr_string(ndo, obj_tptr + 8))); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_TUNNEL_IPV4: case RSVP_CTYPE_UNI_IPV4: if (obj_tlen < 12) return -1; ND_PRINT((ndo, ""%s IPv4 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+6), ipaddr_string(ndo, obj_tptr + 8))); obj_tlen-=12; obj_tptr+=12; break; default: hexdump=TRUE; } break; case RSVP_OBJ_CONFIRM: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < sizeof(struct in_addr)) return -1; ND_PRINT((ndo, ""%s IPv4 Receiver Address: %s"", ident, ipaddr_string(ndo, obj_tptr))); obj_tlen-=sizeof(struct in_addr); obj_tptr+=sizeof(struct in_addr); break; case RSVP_CTYPE_IPV6: if (obj_tlen < sizeof(struct in6_addr)) return -1; ND_PRINT((ndo, ""%s IPv6 Receiver Address: %s"", ident, ip6addr_string(ndo, obj_tptr))); obj_tlen-=sizeof(struct in6_addr); obj_tptr+=sizeof(struct in6_addr); break; default: hexdump=TRUE; } break; case RSVP_OBJ_NOTIFY_REQ: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < sizeof(struct in_addr)) return -1; ND_PRINT((ndo, ""%s IPv4 Notify Node Address: %s"", ident, ipaddr_string(ndo, obj_tptr))); obj_tlen-=sizeof(struct in_addr); obj_tptr+=sizeof(struct in_addr); break; case RSVP_CTYPE_IPV6: if (obj_tlen < sizeof(struct in6_addr)) return-1; ND_PRINT((ndo, ""%s IPv6 Notify Node Address: %s"", ident, ip6addr_string(ndo, obj_tptr))); obj_tlen-=sizeof(struct in6_addr); obj_tptr+=sizeof(struct in6_addr); break; default: hexdump=TRUE; } break; case RSVP_OBJ_SUGGESTED_LABEL: case RSVP_OBJ_UPSTREAM_LABEL: case RSVP_OBJ_RECOVERY_LABEL: case RSVP_OBJ_LABEL: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: while(obj_tlen >= 4 ) { ND_PRINT((ndo, ""%s Label: %u"", ident, EXTRACT_32BITS(obj_tptr))); obj_tlen-=4; obj_tptr+=4; } break; case RSVP_CTYPE_2: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Generalized Label: %u"", ident, EXTRACT_32BITS(obj_tptr))); obj_tlen-=4; obj_tptr+=4; break; case RSVP_CTYPE_3: if (obj_tlen < 12) return-1; ND_PRINT((ndo, ""%s Waveband ID: %u%s Start Label: %u, Stop Label: %u"", ident, EXTRACT_32BITS(obj_tptr), ident, EXTRACT_32BITS(obj_tptr+4), EXTRACT_32BITS(obj_tptr + 8))); obj_tlen-=12; obj_tptr+=12; break; default: hexdump=TRUE; } break; case RSVP_OBJ_STYLE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Reservation Style: %s, Flags: [0x%02x]"", ident, tok2str(rsvp_resstyle_values, ""Unknown"", EXTRACT_24BITS(obj_tptr+1)), *(obj_tptr))); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_SENDER_TEMPLATE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Source Port: %u"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Source Port: %u"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 18))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_13: if (obj_tlen < 40) return-1; ND_PRINT((ndo, ""%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x"" ""%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+18), ident, ip6addr_string(ndo, obj_tptr+20), EXTRACT_16BITS(obj_tptr + 38))); obj_tlen-=40; obj_tptr+=40; break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s IPv4 Tunnel Sender Address: %s, LSP-ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_12: if (obj_tlen < 16) return-1; ND_PRINT((ndo, ""%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x"" ""%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+6), ident, ipaddr_string(ndo, obj_tptr+8), EXTRACT_16BITS(obj_tptr + 12))); obj_tlen-=16; obj_tptr+=16; break; default: hexdump=TRUE; } break; case RSVP_OBJ_LABEL_REQ: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: while(obj_tlen >= 4 ) { ND_PRINT((ndo, ""%s L3 Protocol ID: %s"", ident, tok2str(ethertype_values, ""Unknown Protocol (0x%04x)"", EXTRACT_16BITS(obj_tptr + 2)))); obj_tlen-=4; obj_tptr+=4; } break; case RSVP_CTYPE_2: if (obj_tlen < 12) return-1; ND_PRINT((ndo, ""%s L3 Protocol ID: %s"", ident, tok2str(ethertype_values, ""Unknown Protocol (0x%04x)"", EXTRACT_16BITS(obj_tptr + 2)))); ND_PRINT((ndo, "",%s merge capability"",((*(obj_tptr + 4)) & 0x80) ? ""no"" : """" )); ND_PRINT((ndo, ""%s Minimum VPI/VCI: %u/%u"", ident, (EXTRACT_16BITS(obj_tptr+4))&0xfff, (EXTRACT_16BITS(obj_tptr + 6)) & 0xfff)); ND_PRINT((ndo, ""%s Maximum VPI/VCI: %u/%u"", ident, (EXTRACT_16BITS(obj_tptr+8))&0xfff, (EXTRACT_16BITS(obj_tptr + 10)) & 0xfff)); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_3: if (obj_tlen < 12) return-1; ND_PRINT((ndo, ""%s L3 Protocol ID: %s"", ident, tok2str(ethertype_values, ""Unknown Protocol (0x%04x)"", EXTRACT_16BITS(obj_tptr + 2)))); ND_PRINT((ndo, ""%s Minimum/Maximum DLCI: %u/%u, %s%s bit DLCI"", ident, (EXTRACT_32BITS(obj_tptr+4))&0x7fffff, (EXTRACT_32BITS(obj_tptr+8))&0x7fffff, (((EXTRACT_16BITS(obj_tptr+4)>>7)&3) == 0 ) ? ""10"" : """", (((EXTRACT_16BITS(obj_tptr + 4) >> 7) & 3) == 2 ) ? ""23"" : """")); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_4: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s LSP Encoding Type: %s (%u)"", ident, tok2str(gmpls_encoding_values, ""Unknown"", *obj_tptr), *obj_tptr)); ND_PRINT((ndo, ""%s Switching Type: %s (%u), Payload ID: %s (0x%04x)"", ident, tok2str(gmpls_switch_cap_values, ""Unknown"", *(obj_tptr+1)), *(obj_tptr+1), tok2str(gmpls_payload_values, ""Unknown"", EXTRACT_16BITS(obj_tptr+2)), EXTRACT_16BITS(obj_tptr + 2))); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_RRO: case RSVP_OBJ_ERO: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: while(obj_tlen >= 4 ) { u_char length; ND_TCHECK2(*obj_tptr, 4); length = *(obj_tptr + 1); ND_PRINT((ndo, ""%s Subobject Type: %s, length %u"", ident, tok2str(rsvp_obj_xro_values, ""Unknown %u"", RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)), length)); if (length == 0) { ND_PRINT((ndo, ""%s ERROR: zero length ERO subtype"", ident)); break; } switch(RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)) { u_char prefix_length; case RSVP_OBJ_XRO_IPV4: if (length != 8) { ND_PRINT((ndo, "" ERROR: length != 8"")); goto invalid; } ND_TCHECK2(*obj_tptr, 8); prefix_length = *(obj_tptr+6); if (prefix_length != 32) { ND_PRINT((ndo, "" ERROR: Prefix length %u != 32"", prefix_length)); goto invalid; } ND_PRINT((ndo, "", %s, %s/%u, Flags: [%s]"", RSVP_OBJ_XRO_MASK_LOOSE(*obj_tptr) ? ""Loose"" : ""Strict"", ipaddr_string(ndo, obj_tptr+2), *(obj_tptr+6), bittok2str(rsvp_obj_rro_flag_values, ""none"", *(obj_tptr + 7)))); break; case RSVP_OBJ_XRO_LABEL: if (length != 8) { ND_PRINT((ndo, "" ERROR: length != 8"")); goto invalid; } ND_TCHECK2(*obj_tptr, 8); ND_PRINT((ndo, "", Flags: [%s] (%#x), Class-Type: %s (%u), %u"", bittok2str(rsvp_obj_rro_label_flag_values, ""none"", *(obj_tptr+2)), *(obj_tptr+2), tok2str(rsvp_ctype_values, ""Unknown"", *(obj_tptr+3) + 256*RSVP_OBJ_RRO), *(obj_tptr+3), EXTRACT_32BITS(obj_tptr + 4))); } obj_tlen-=*(obj_tptr+1); obj_tptr+=*(obj_tptr+1); } break; default: hexdump=TRUE; } break; case RSVP_OBJ_HELLO: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: case RSVP_CTYPE_2: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Source Instance: 0x%08x, Destination Instance: 0x%08x"", ident, EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr + 4))); obj_tlen-=8; obj_tptr+=8; break; default: hexdump=TRUE; } break; case RSVP_OBJ_RESTART_CAPABILITY: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Restart Time: %ums, Recovery Time: %ums"", ident, EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr + 4))); obj_tlen-=8; obj_tptr+=8; break; default: hexdump=TRUE; } break; case RSVP_OBJ_SESSION_ATTRIBUTE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 4) return-1; namelen = *(obj_tptr+3); if (obj_tlen < 4+namelen) return-1; ND_PRINT((ndo, ""%s Session Name: "", ident)); for (i = 0; i < namelen; i++) safeputchar(ndo, *(obj_tptr + 4 + i)); ND_PRINT((ndo, ""%s Setup Priority: %u, Holding Priority: %u, Flags: [%s] (%#x)"", ident, (int)*obj_tptr, (int)*(obj_tptr+1), bittok2str(rsvp_session_attribute_flag_values, ""none"", *(obj_tptr+2)), *(obj_tptr + 2))); obj_tlen-=4+*(obj_tptr+3); obj_tptr+=4+*(obj_tptr+3); break; default: hexdump=TRUE; } break; case RSVP_OBJ_GENERALIZED_UNI: switch(rsvp_obj_ctype) { int subobj_type,af,subobj_len,total_subobj_len; case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; total_subobj_len = obj_tlen; while(total_subobj_len > 0) { subobj_len = EXTRACT_16BITS(obj_tptr); subobj_type = (EXTRACT_16BITS(obj_tptr+2))>>8; af = (EXTRACT_16BITS(obj_tptr+2))&0x00FF; ND_PRINT((ndo, ""%s Subobject Type: %s (%u), AF: %s (%u), length: %u"", ident, tok2str(rsvp_obj_generalized_uni_values, ""Unknown"", subobj_type), subobj_type, tok2str(af_values, ""Unknown"", af), af, subobj_len)); if(subobj_len == 0) goto invalid; switch(subobj_type) { case RSVP_GEN_UNI_SUBOBJ_SOURCE_TNA_ADDRESS: case RSVP_GEN_UNI_SUBOBJ_DESTINATION_TNA_ADDRESS: switch(af) { case AFNUM_INET: if (subobj_len < 8) return -1; ND_PRINT((ndo, ""%s UNI IPv4 TNA address: %s"", ident, ipaddr_string(ndo, obj_tptr + 4))); break; case AFNUM_INET6: if (subobj_len < 20) return -1; ND_PRINT((ndo, ""%s UNI IPv6 TNA address: %s"", ident, ip6addr_string(ndo, obj_tptr + 4))); break; case AFNUM_NSAP: if (subobj_len) { hexdump=TRUE; } break; } break; case RSVP_GEN_UNI_SUBOBJ_DIVERSITY: if (subobj_len) { hexdump=TRUE; } break; case RSVP_GEN_UNI_SUBOBJ_EGRESS_LABEL: if (subobj_len < 16) { return -1; } ND_PRINT((ndo, ""%s U-bit: %x, Label type: %u, Logical port id: %u, Label: %u"", ident, ((EXTRACT_32BITS(obj_tptr+4))>>31), ((EXTRACT_32BITS(obj_tptr+4))&0xFF), EXTRACT_32BITS(obj_tptr+8), EXTRACT_32BITS(obj_tptr + 12))); break; case RSVP_GEN_UNI_SUBOBJ_SERVICE_LEVEL: if (subobj_len < 8) { return -1; } ND_PRINT((ndo, ""%s Service level: %u"", ident, (EXTRACT_32BITS(obj_tptr + 4)) >> 24)); break; default: hexdump=TRUE; break; } total_subobj_len-=subobj_len; obj_tptr+=subobj_len; obj_tlen+=subobj_len; } if (total_subobj_len) { hexdump=TRUE; } break; default: hexdump=TRUE; } break; case RSVP_OBJ_RSVP_HOP: switch(rsvp_obj_ctype) { case RSVP_CTYPE_3: case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_32BITS(obj_tptr + 4))); obj_tlen-=8; obj_tptr+=8; if (obj_tlen) hexdump=TRUE; break; case RSVP_CTYPE_4: case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_32BITS(obj_tptr + 16))); obj_tlen-=20; obj_tptr+=20; hexdump=TRUE; break; default: hexdump=TRUE; } break; case RSVP_OBJ_TIME_VALUES: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Refresh Period: %ums"", ident, EXTRACT_32BITS(obj_tptr))); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_SENDER_TSPEC: case RSVP_OBJ_ADSPEC: case RSVP_OBJ_FLOWSPEC: switch(rsvp_obj_ctype) { case RSVP_CTYPE_2: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Msg-Version: %u, length: %u"", ident, (*obj_tptr & 0xf0) >> 4, EXTRACT_16BITS(obj_tptr + 2) << 2)); obj_tptr+=4; obj_tlen-=4; while (obj_tlen >= 4) { intserv_serv_tlen=EXTRACT_16BITS(obj_tptr+2)<<2; ND_PRINT((ndo, ""%s Service Type: %s (%u), break bit %s set, Service length: %u"", ident, tok2str(rsvp_intserv_service_type_values,""unknown"",*(obj_tptr)), *(obj_tptr), (*(obj_tptr+1)&0x80) ? """" : ""not"", intserv_serv_tlen)); obj_tptr+=4; obj_tlen-=4; while (intserv_serv_tlen>=4) { processed = rsvp_intserv_print(ndo, obj_tptr, obj_tlen); if (processed == 0) break; obj_tlen-=processed; intserv_serv_tlen-=processed; obj_tptr+=processed; } } break; default: hexdump=TRUE; } break; case RSVP_OBJ_FILTERSPEC: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Source Port: %u"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Source Port: %u"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 18))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_3: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Flow Label: %u"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_24BITS(obj_tptr + 17))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Source Address: %s, LSP-ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 18))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_13: if (obj_tlen < 40) return-1; ND_PRINT((ndo, ""%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x"" ""%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+18), ident, ip6addr_string(ndo, obj_tptr+20), EXTRACT_16BITS(obj_tptr + 38))); obj_tlen-=40; obj_tptr+=40; break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Source Address: %s, LSP-ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_12: if (obj_tlen < 16) return-1; ND_PRINT((ndo, ""%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x"" ""%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+6), ident, ipaddr_string(ndo, obj_tptr+8), EXTRACT_16BITS(obj_tptr + 12))); obj_tlen-=16; obj_tptr+=16; break; default: hexdump=TRUE; } break; case RSVP_OBJ_FASTREROUTE: obj_ptr.rsvp_obj_frr = (const struct rsvp_obj_frr_t *)obj_tptr; bw.i = EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->bandwidth); switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < sizeof(struct rsvp_obj_frr_t)) return-1; ND_PRINT((ndo, ""%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps"", ident, (int)obj_ptr.rsvp_obj_frr->setup_prio, (int)obj_ptr.rsvp_obj_frr->hold_prio, (int)obj_ptr.rsvp_obj_frr->hop_limit, bw.f * 8 / 1000000)); ND_PRINT((ndo, ""%s Include-any: 0x%08x, Exclude-any: 0x%08x, Include-all: 0x%08x"", ident, EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->include_any), EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->exclude_any), EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->include_all))); obj_tlen-=sizeof(struct rsvp_obj_frr_t); obj_tptr+=sizeof(struct rsvp_obj_frr_t); break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 16) return-1; ND_PRINT((ndo, ""%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps"", ident, (int)obj_ptr.rsvp_obj_frr->setup_prio, (int)obj_ptr.rsvp_obj_frr->hold_prio, (int)obj_ptr.rsvp_obj_frr->hop_limit, bw.f * 8 / 1000000)); ND_PRINT((ndo, ""%s Include Colors: 0x%08x, Exclude Colors: 0x%08x"", ident, EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->include_any), EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->exclude_any))); obj_tlen-=16; obj_tptr+=16; break; default: hexdump=TRUE; } break; case RSVP_OBJ_DETOUR: switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: while(obj_tlen >= 8) { ND_PRINT((ndo, ""%s PLR-ID: %s, Avoid-Node-ID: %s"", ident, ipaddr_string(ndo, obj_tptr), ipaddr_string(ndo, obj_tptr + 4))); obj_tlen-=8; obj_tptr+=8; } break; default: hexdump=TRUE; } break; case RSVP_OBJ_CLASSTYPE: case RSVP_OBJ_CLASSTYPE_OLD: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: ND_PRINT((ndo, ""%s CT: %u"", ident, EXTRACT_32BITS(obj_tptr) & 0x7)); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_ERROR_SPEC: switch(rsvp_obj_ctype) { case RSVP_CTYPE_3: case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return-1; error_code=*(obj_tptr+5); error_value=EXTRACT_16BITS(obj_tptr+6); ND_PRINT((ndo, ""%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)"", ident, ipaddr_string(ndo, obj_tptr), *(obj_tptr+4), ident, tok2str(rsvp_obj_error_code_values,""unknown"",error_code), error_code)); switch (error_code) { case RSVP_OBJ_ERROR_SPEC_CODE_ROUTING: ND_PRINT((ndo, "", Error Value: %s (%u)"", tok2str(rsvp_obj_error_code_routing_values,""unknown"",error_value), error_value)); break; case RSVP_OBJ_ERROR_SPEC_CODE_DIFFSERV_TE: case RSVP_OBJ_ERROR_SPEC_CODE_DIFFSERV_TE_OLD: ND_PRINT((ndo, "", Error Value: %s (%u)"", tok2str(rsvp_obj_error_code_diffserv_te_values,""unknown"",error_value), error_value)); break; default: ND_PRINT((ndo, "", Unknown Error Value (%u)"", error_value)); break; } obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_4: case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return-1; error_code=*(obj_tptr+17); error_value=EXTRACT_16BITS(obj_tptr+18); ND_PRINT((ndo, ""%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)"", ident, ip6addr_string(ndo, obj_tptr), *(obj_tptr+16), ident, tok2str(rsvp_obj_error_code_values,""unknown"",error_code), error_code)); switch (error_code) { case RSVP_OBJ_ERROR_SPEC_CODE_ROUTING: ND_PRINT((ndo, "", Error Value: %s (%u)"", tok2str(rsvp_obj_error_code_routing_values,""unknown"",error_value), error_value)); break; default: break; } obj_tlen-=20; obj_tptr+=20; break; default: hexdump=TRUE; } break; case RSVP_OBJ_PROPERTIES: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; padbytes = EXTRACT_16BITS(obj_tptr+2); ND_PRINT((ndo, ""%s TLV count: %u, padding bytes: %u"", ident, EXTRACT_16BITS(obj_tptr), padbytes)); obj_tlen-=4; obj_tptr+=4; while(obj_tlen >= 2 + padbytes) { ND_PRINT((ndo, ""%s %s TLV (0x%02x), length: %u"", ident, tok2str(rsvp_obj_prop_tlv_values,""unknown"",*obj_tptr), *obj_tptr, *(obj_tptr + 1))); if (obj_tlen < *(obj_tptr+1)) return-1; if (*(obj_tptr+1) < 2) return -1; print_unknown_data(ndo, obj_tptr + 2, ""\n\t\t"", *(obj_tptr + 1) - 2); obj_tlen-=*(obj_tptr+1); obj_tptr+=*(obj_tptr+1); } break; default: hexdump=TRUE; } break; case RSVP_OBJ_MESSAGE_ID: case RSVP_OBJ_MESSAGE_ID_ACK: case RSVP_OBJ_MESSAGE_ID_LIST: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: case RSVP_CTYPE_2: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Flags [0x%02x], epoch: %u"", ident, *obj_tptr, EXTRACT_24BITS(obj_tptr + 1))); obj_tlen-=4; obj_tptr+=4; while(obj_tlen >= 4) { ND_PRINT((ndo, ""%s Message-ID 0x%08x (%u)"", ident, EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr))); obj_tlen-=4; obj_tptr+=4; } break; default: hexdump=TRUE; } break; case RSVP_OBJ_INTEGRITY: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < sizeof(struct rsvp_obj_integrity_t)) return-1; obj_ptr.rsvp_obj_integrity = (const struct rsvp_obj_integrity_t *)obj_tptr; ND_PRINT((ndo, ""%s Key-ID 0x%04x%08x, Sequence 0x%08x%08x, Flags [%s]"", ident, EXTRACT_16BITS(obj_ptr.rsvp_obj_integrity->key_id), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->key_id+2), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->sequence), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->sequence+4), bittok2str(rsvp_obj_integrity_flag_values, ""none"", obj_ptr.rsvp_obj_integrity->flags))); ND_PRINT((ndo, ""%s MD5-sum 0x%08x%08x%08x%08x "", ident, EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest+4), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest+8), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest + 12))); sigcheck = signature_verify(ndo, pptr, plen, obj_ptr.rsvp_obj_integrity->digest, rsvp_clear_checksum, rsvp_com_header); ND_PRINT((ndo, "" (%s)"", tok2str(signature_check_values, ""Unknown"", sigcheck))); obj_tlen+=sizeof(struct rsvp_obj_integrity_t); obj_tptr+=sizeof(struct rsvp_obj_integrity_t); break; default: hexdump=TRUE; } break; case RSVP_OBJ_ADMIN_STATUS: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Flags [%s]"", ident, bittok2str(rsvp_obj_admin_status_flag_values, ""none"", EXTRACT_32BITS(obj_tptr)))); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_LABEL_SET: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; action = (EXTRACT_16BITS(obj_tptr)>>8); ND_PRINT((ndo, ""%s Action: %s (%u), Label type: %u"", ident, tok2str(rsvp_obj_label_set_action_values, ""Unknown"", action), action, ((EXTRACT_32BITS(obj_tptr) & 0x7F)))); switch (action) { case LABEL_SET_INCLUSIVE_RANGE: case LABEL_SET_EXCLUSIVE_RANGE: if (obj_tlen < 12) return -1; ND_PRINT((ndo, ""%s Start range: %u, End range: %u"", ident, EXTRACT_32BITS(obj_tptr+4), EXTRACT_32BITS(obj_tptr + 8))); obj_tlen-=12; obj_tptr+=12; break; default: obj_tlen-=4; obj_tptr+=4; subchannel = 1; while(obj_tlen >= 4 ) { ND_PRINT((ndo, ""%s Subchannel #%u: %u"", ident, subchannel, EXTRACT_32BITS(obj_tptr))); obj_tptr+=4; obj_tlen-=4; subchannel++; } break; } break; default: hexdump=TRUE; } break; case RSVP_OBJ_S2L: switch (rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Sub-LSP destination address: %s"", ident, ipaddr_string(ndo, obj_tptr))); obj_tlen-=4; obj_tptr+=4; break; case RSVP_CTYPE_IPV6: if (obj_tlen < 16) return-1; ND_PRINT((ndo, ""%s Sub-LSP destination address: %s"", ident, ip6addr_string(ndo, obj_tptr))); obj_tlen-=16; obj_tptr+=16; break; default: hexdump=TRUE; } break; case RSVP_OBJ_SCOPE: case RSVP_OBJ_POLICY_DATA: case RSVP_OBJ_ACCEPT_LABEL_SET: case RSVP_OBJ_PROTECTION: default: if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, obj_tptr, ""\n\t "", obj_tlen); break; } if (ndo->ndo_vflag > 1 || hexdump == TRUE) print_unknown_data(ndo, tptr + sizeof(struct rsvp_object_header), ""\n\t "", rsvp_obj_len - sizeof(struct rsvp_object_header)); tptr+=rsvp_obj_len; tlen-=rsvp_obj_len; } return 0; invalid: ND_PRINT((ndo, ""%s"", istr)); return -1; trunc: ND_PRINT((ndo, ""\n\t\t"")); ND_PRINT((ndo, ""%s"", tstr)); return -1; }",visit repo url,print-rsvp.c,https://github.com/the-tcpdump-group/tcpdump,45261177259693,1 2542,['CWE-119'],"static void show_file_mode_name(FILE *file, const char *newdelete, struct diff_filespec *fs) { if (fs->mode) fprintf(file, "" %s mode %06o "", newdelete, fs->mode); else fprintf(file, "" %s "", newdelete); write_name_quoted(fs->path, file, '\n'); }",git,,,87033651145811036577153381202309900661,0 53,['CWE-787'],"static void cirrus_linear_writel(void *opaque, target_phys_addr_t addr, uint32_t val) { #ifdef TARGET_WORDS_BIGENDIAN cirrus_linear_writeb(opaque, addr, (val >> 24) & 0xff); cirrus_linear_writeb(opaque, addr + 1, (val >> 16) & 0xff); cirrus_linear_writeb(opaque, addr + 2, (val >> 8) & 0xff); cirrus_linear_writeb(opaque, addr + 3, val & 0xff); #else cirrus_linear_writeb(opaque, addr, val & 0xff); cirrus_linear_writeb(opaque, addr + 1, (val >> 8) & 0xff); cirrus_linear_writeb(opaque, addr + 2, (val >> 16) & 0xff); cirrus_linear_writeb(opaque, addr + 3, (val >> 24) & 0xff); #endif }",qemu,,,267317670837418283728227944167906376864,0 5407,CWE-863,"parseuid(const char *s, uid_t *uid) { struct passwd *pw; const char *errstr; if ((pw = getpwnam(s)) != NULL) { *uid = pw->pw_uid; return 0; } #if !defined(__linux__) && !defined(__NetBSD__) *uid = strtonum(s, 0, UID_MAX, &errstr); #else sscanf(s, ""%d"", uid); #endif if (errstr) return -1; return 0; }",visit repo url,doas.c,https://github.com/slicer69/doas,12248068660656,1 5077,['CWE-20'],"static inline int cpu_has_vmx_invept_context(void) { return (!!(vmx_capability.ept & VMX_EPT_EXTENT_CONTEXT_BIT)); }",linux-2.6,,,64530723975583960321231602497796948376,0 3460,CWE-362,"int mi_sort_index(MI_CHECK *param, register MI_INFO *info, char * name) { reg2 uint key; reg1 MI_KEYDEF *keyinfo; File new_file; my_off_t index_pos[HA_MAX_POSSIBLE_KEY]; uint r_locks,w_locks; int old_lock; MYISAM_SHARE *share=info->s; MI_STATE_INFO old_state; DBUG_ENTER(""mi_sort_index""); for (key= 0,keyinfo= &share->keyinfo[0]; key < share->base.keys ; key++,keyinfo++) if (keyinfo->key_alg == HA_KEY_ALG_RTREE) DBUG_RETURN(0); if (!(param->testflag & T_SILENT)) printf(""- Sorting index for MyISAM-table '%s'\n"",name); fn_format(param->temp_filename,name,"""", MI_NAME_IEXT,2+4+32); if ((new_file= mysql_file_create(mi_key_file_datatmp, fn_format(param->temp_filename, param->temp_filename, """", INDEX_TMP_EXT, 2+4), 0, param->tmpfile_createflag, MYF(0))) <= 0) { mi_check_print_error(param,""Can't create new tempfile: '%s'"", param->temp_filename); DBUG_RETURN(-1); } if (filecopy(param, new_file,share->kfile,0L, (ulong) share->base.keystart, ""headerblock"")) goto err; param->new_file_pos=share->base.keystart; for (key= 0,keyinfo= &share->keyinfo[0]; key < share->base.keys ; key++,keyinfo++) { if (! mi_is_key_active(info->s->state.key_map, key)) continue; if (share->state.key_root[key] != HA_OFFSET_ERROR) { index_pos[key]=param->new_file_pos; if (sort_one_index(param,info,keyinfo,share->state.key_root[key], new_file)) goto err; } else index_pos[key]= HA_OFFSET_ERROR; } flush_key_blocks(share->key_cache,share->kfile, FLUSH_IGNORE_CHANGED); share->state.version=(ulong) time((time_t*) 0); old_state= share->state; r_locks= share->r_locks; w_locks= share->w_locks; old_lock= info->lock_type; share->r_locks= share->w_locks= share->tot_locks= 0; (void) _mi_writeinfo(info,WRITEINFO_UPDATE_KEYFILE); (void) mysql_file_close(share->kfile, MYF(MY_WME)); share->kfile = -1; (void) mysql_file_close(new_file, MYF(MY_WME)); if (change_to_newfile(share->index_file_name, MI_NAME_IEXT, INDEX_TMP_EXT, MYF(0)) || mi_open_keyfile(share)) goto err2; info->lock_type= F_UNLCK; _mi_readinfo(info,F_WRLCK,0); info->lock_type= old_lock; share->r_locks= r_locks; share->w_locks= w_locks; share->tot_locks= r_locks+w_locks; share->state= old_state; info->state->key_file_length=param->new_file_pos; info->update= (short) (HA_STATE_CHANGED | HA_STATE_ROW_CHANGED); for (key=0 ; key < info->s->base.keys ; key++) info->s->state.key_root[key]=index_pos[key]; for (key=0 ; key < info->s->state.header.max_block_size_index ; key++) info->s->state.key_del[key]= HA_OFFSET_ERROR; info->s->state.changed&= ~STATE_NOT_SORTED_PAGES; DBUG_RETURN(0); err: (void) mysql_file_close(new_file, MYF(MY_WME)); err2: (void) mysql_file_delete(mi_key_file_datatmp, param->temp_filename, MYF(MY_WME)); DBUG_RETURN(-1); } ",visit repo url,storage/myisam/mi_check.c,https://github.com/mysql/mysql-server,135096076476769,1 4766,['CWE-20'],"void ext4_error(struct super_block *sb, const char *function, const char *fmt, ...) { va_list args; va_start(args, fmt); printk(KERN_CRIT ""EXT4-fs error (device %s): %s: "", sb->s_id, function); vprintk(fmt, args); printk(""\n""); va_end(args); ext4_handle_error(sb); }",linux-2.6,,,282639239031010682770362861129033722588,0 4199,CWE-20,"int oidc_handle_redirect_uri_request(request_rec *r, oidc_cfg *c, oidc_session_t *session) { if (oidc_proto_is_redirect_authorization_response(r, c)) { return oidc_handle_redirect_authorization_response(r, c, session); } else if (oidc_proto_is_post_authorization_response(r, c)) { return oidc_handle_post_authorization_response(r, c, session); } else if (oidc_is_discovery_response(r, c)) { return oidc_handle_discovery_response(r, c); } else if (oidc_util_request_has_parameter(r, ""logout"")) { return oidc_handle_logout(r, c, session); } else if (oidc_util_request_has_parameter(r, ""jwks"")) { return oidc_handle_jwks(r, c); } else if (oidc_util_request_has_parameter(r, ""session"")) { return oidc_handle_session_management(r, c, session); } else if (oidc_util_request_has_parameter(r, ""refresh"")) { return oidc_handle_refresh_token_request(r, c, session); } else if (oidc_util_request_has_parameter(r, ""request_uri"")) { return oidc_handle_request_uri(r, c); } else if (oidc_util_request_has_parameter(r, ""remove_at_cache"")) { return oidc_handle_remove_at_cache(r, c); } else if ((r->args == NULL) || (apr_strnatcmp(r->args, """") == 0)) { return oidc_proto_javascript_implicit(r, c); } if (oidc_util_request_has_parameter(r, ""error"")) { oidc_handle_redirect_authorization_response(r, c, session); } return oidc_util_html_send_error(r, c->error_template, ""Invalid Request"", apr_psprintf(r->pool, ""The OpenID Connect callback URL received an invalid request: %s"", r->args), HTTP_INTERNAL_SERVER_ERROR); }",visit repo url,src/mod_auth_openidc.c,https://github.com/pingidentity/mod_auth_openidc,108754116894251,1 1911,['CWE-20'],"static inline int remap_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long addr, unsigned long end, unsigned long pfn, pgprot_t prot) { pud_t *pud; unsigned long next; pfn -= addr >> PAGE_SHIFT; pud = pud_alloc(mm, pgd, addr); if (!pud) return -ENOMEM; do { next = pud_addr_end(addr, end); if (remap_pmd_range(mm, pud, addr, next, pfn + (addr >> PAGE_SHIFT), prot)) return -ENOMEM; } while (pud++, addr = next, addr != end); return 0; }",linux-2.6,,,4739920457681938528279241685522698290,0 5908,['CWE-909'],"void qdisc_tree_decrease_qlen(struct Qdisc *sch, unsigned int n) { const struct Qdisc_class_ops *cops; unsigned long cl; u32 parentid; if (n == 0) return; while ((parentid = sch->parent)) { if (TC_H_MAJ(parentid) == TC_H_MAJ(TC_H_INGRESS)) return; sch = qdisc_lookup(qdisc_dev(sch), TC_H_MAJ(parentid)); if (sch == NULL) { WARN_ON(parentid != TC_H_ROOT); return; } cops = sch->ops->cl_ops; if (cops->qlen_notify) { cl = cops->get(sch, parentid); cops->qlen_notify(sch, cl); cops->put(sch, cl); } sch->q.qlen -= n; } }",linux-2.6,,,279879473274329910202061075562519548509,0 1207,CWE-400,"static int x86_pmu_handle_irq(struct pt_regs *regs) { struct perf_sample_data data; struct cpu_hw_events *cpuc; struct perf_event *event; int idx, handled = 0; u64 val; perf_sample_data_init(&data, 0); cpuc = &__get_cpu_var(cpu_hw_events); apic_write(APIC_LVTPC, APIC_DM_NMI); for (idx = 0; idx < x86_pmu.num_counters; idx++) { if (!test_bit(idx, cpuc->active_mask)) { if (__test_and_clear_bit(idx, cpuc->running)) handled++; continue; } event = cpuc->events[idx]; val = x86_perf_event_update(event); if (val & (1ULL << (x86_pmu.cntval_bits - 1))) continue; handled++; data.period = event->hw.last_period; if (!x86_perf_event_set_period(event)) continue; if (perf_event_overflow(event, 1, &data, regs)) x86_pmu_stop(event, 0); } if (handled) inc_irq_stat(apic_perf_irqs); return handled; }",visit repo url,arch/x86/kernel/cpu/perf_event.c,https://github.com/torvalds/linux,54968238678414,1 6097,CWE-190,"int cp_rsa_gen(rsa_t pub, rsa_t prv, int bits) { bn_t t, r; int result = RLC_OK; if (pub == NULL || prv == NULL || bits == 0) { return RLC_ERR; } bn_null(t); bn_null(r); RLC_TRY { bn_new(t); bn_new(r); do { bn_gen_prime(prv->crt->p, bits / 2); bn_gen_prime(prv->crt->q, bits / 2); } while (bn_cmp(prv->crt->p, prv->crt->q) == RLC_EQ); if (bn_cmp(prv->crt->p, prv->crt->q) != RLC_LT) { bn_copy(t, prv->crt->p); bn_copy(prv->crt->p, prv->crt->q); bn_copy(prv->crt->q, t); } bn_mul(pub->crt->n, prv->crt->p, prv->crt->q); bn_copy(prv->crt->n, pub->crt->n); bn_sub_dig(prv->crt->p, prv->crt->p, 1); bn_sub_dig(prv->crt->q, prv->crt->q, 1); bn_mul(t, prv->crt->p, prv->crt->q); bn_set_2b(pub->e, 16); bn_add_dig(pub->e, pub->e, 1); #if !defined(CP_CRT) bn_gcd_ext(r, prv->d, NULL, pub->e, t); if (bn_sign(prv->d) == RLC_NEG) { bn_add(prv->d, prv->d, t); } if (bn_cmp_dig(r, 1) == RLC_EQ) { bn_add_dig(prv->crt->p, prv->crt->p, 1); bn_add_dig(prv->crt->q, prv->crt->q, 1); result = RLC_OK; } #else bn_gcd_ext(r, prv->d, NULL, pub->e, t); if (bn_sign(prv->d) == RLC_NEG) { bn_add(prv->d, prv->d, t); } if (bn_cmp_dig(r, 1) == RLC_EQ) { bn_mod(prv->crt->dp, prv->d, prv->crt->p); bn_mod(prv->crt->dq, prv->d, prv->crt->q); bn_add_dig(prv->crt->p, prv->crt->p, 1); bn_add_dig(prv->crt->q, prv->crt->q, 1); bn_mod_inv(prv->crt->qi, prv->crt->q, prv->crt->p); result = RLC_OK; } #endif } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(t); bn_free(r); } return result; }",visit repo url,src/cp/relic_cp_rsa.c,https://github.com/relic-toolkit/relic,72264648837815,1 788,['CWE-119'],"isdn_net_open(struct net_device *dev) { int i; struct net_device *p; struct in_device *in_dev; netif_start_queue(dev); isdn_net_reset(dev); for (i = 0; i < ETH_ALEN - sizeof(u32); i++) dev->dev_addr[i] = 0xfc; if ((in_dev = dev->ip_ptr) != NULL) { struct in_ifaddr *ifa = in_dev->ifa_list; if (ifa != NULL) memcpy(dev->dev_addr+2, &ifa->ifa_local, 4); } if ((p = (((isdn_net_local *) dev->priv)->slave))) { while (p) { isdn_net_reset(p); p = (((isdn_net_local *) p->priv)->slave); } } isdn_lock_drivers(); return 0; }",linux-2.6,,,134417263073881948631391945218355402686,0 5732,['CWE-200'],"static int irda_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { return -ENOIOCTLCMD; }",linux-2.6,,,238847284677036535108389898503601356382,0 3949,CWE-337,"static void usage(int status) { FILE *dest = (status == 0) ? stdout : stderr; if(status == 0){ fprintf(dest, ""%s(1)\t\t\tcopyright \t\t\t%s(1)\n\nNAME\n\t%s -- crypt or decrypt any data\n\nSYNOPSIS\n\t%s [-h | --help] FILE [-s | --standard | KEYFILE]\n\nDESCRIPTION\n\t(FR) permet de chiffrer et de déchiffrer toutes les données entrées en paramètre le mot de passe demandé au début est hashé puis sert de graine pour le PRNG le PRNG permet de fournir une clé unique égale à la longueur du fichier à coder. La clé unique subit un xor avec le mot de passe (le mot de passe est répété autant de fois que nécéssaire). Le fichier subit un xor avec cette clé Puis un brouilleur est utilisé, il mélange la table des caractères (ascii) en utilisant le PRNG ou en utilisant le keyFile fourni.\n\t(EN) Can crypt and decrypt any data given in argument. The password asked is hashed to be used as a seed for the PRNG. The PRNG gives a unique key which has the same length as the source file. The key is xored with the password (the password is repeated as long as necessary). The file is then xored with this new key, then a scrambler is used. It scrambles the ascii table using the PRNG or the keyFile given\n\nOPTIONS\n\tthe options are as follows:\n\n\t-h | --help\tfurther help.\n\n\t-s | --standard\tput the scrambler on off.\n\n\t-i | --inverted\tinverts the coding/decoding process, first it xors then it scrambles.\n\nEXIT STATUS\n\tthe %s program exits 0 on success, and anything else if an error occurs.\n\nEXAMPLES\n\tthe command:\t%s file1\n\n\tlets you choose between crypting or decrypting then it will prompt for a password that crypt/decrypt file1 as xfile1 in the same folder, file1 is not modified.\n\n\tthe command:\t%s file2 keyfile1\n\n\tlets you choose between crypting or decrypting, will prompt for the password that crypt/decrypt file2, uses keyfile1 to generate the scrambler then crypt/decrypt file2 as file2x in the same folder, file2 is not modified.\n\n\tthe command:\t%s file3 -s\n\n\tlets you choose between crypting or decrypting, will prompt for a password that crypt/decrypt the file without using the scrambler, resulting in using the unique key only.\n"", progName, progName, progName, progName, progName, progName, progName, progName); } else{ fprintf(dest, ""Usage : %s [-h | --help] FILE [-s | --standard | -i | --inverted] [KEYFILE]\nOptions :\n -h --help :\t\tfurther help\n -s --standard :\tput the scrambler off\n -i --inverted :\tinverts the coding/decoding process\n KEYFILE :\t\tpath to a keyfile that generates the scrambler instead of the password\n"", progName); } exit(status); }",visit repo url,main.c,https://github.com/pfmonville/enigmaX,127312822281450,1 5854,['CWE-200'],"static int raw_enable_allfilters(struct net_device *dev, struct sock *sk) { struct raw_sock *ro = raw_sk(sk); int err; err = raw_enable_filters(dev, sk, ro->filter, ro->count); if (!err) { err = raw_enable_errfilter(dev, sk, ro->err_mask); if (err) raw_disable_filters(dev, sk, ro->filter, ro->count); } return err; }",linux-2.6,,,279517016522530860391983769268040217430,0 373,CWE-732,"int devmem_is_allowed(unsigned long pagenr) { if (pagenr < 256) return 1; if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) return 1; return 0; }",visit repo url,arch/x86/mm/init.c,https://github.com/torvalds/linux,179786958554532,1 385,[],"pfm_exit_thread(struct task_struct *task) { pfm_context_t *ctx; unsigned long flags; struct pt_regs *regs = task_pt_regs(task); int ret, state; int free_ok = 0; ctx = PFM_GET_CTX(task); PROTECT_CTX(ctx, flags); DPRINT((""state=%d task [%d]\n"", ctx->ctx_state, task->pid)); state = ctx->ctx_state; switch(state) { case PFM_CTX_UNLOADED: printk(KERN_ERR ""perfmon: pfm_exit_thread [%d] ctx unloaded\n"", task->pid); break; case PFM_CTX_LOADED: case PFM_CTX_MASKED: ret = pfm_context_unload(ctx, NULL, 0, regs); if (ret) { printk(KERN_ERR ""perfmon: pfm_exit_thread [%d] state=%d unload failed %d\n"", task->pid, state, ret); } DPRINT((""ctx unloaded for current state was %d\n"", state)); pfm_end_notify_user(ctx); break; case PFM_CTX_ZOMBIE: ret = pfm_context_unload(ctx, NULL, 0, regs); if (ret) { printk(KERN_ERR ""perfmon: pfm_exit_thread [%d] state=%d unload failed %d\n"", task->pid, state, ret); } free_ok = 1; break; default: printk(KERN_ERR ""perfmon: pfm_exit_thread [%d] unexpected state=%d\n"", task->pid, state); break; } UNPROTECT_CTX(ctx, flags); { u64 psr = pfm_get_psr(); BUG_ON(psr & (IA64_PSR_UP|IA64_PSR_PP)); BUG_ON(GET_PMU_OWNER()); BUG_ON(ia64_psr(regs)->up); BUG_ON(ia64_psr(regs)->pp); } if (free_ok) pfm_context_free(ctx); }",linux-2.6,,,140906879214208834739145680538448467125,0 1930,CWE-400,"static void __account_cfs_rq_runtime(struct cfs_rq *cfs_rq, u64 delta_exec) { cfs_rq->runtime_remaining -= delta_exec; expire_cfs_rq_runtime(cfs_rq); if (likely(cfs_rq->runtime_remaining > 0)) return; if (!assign_cfs_rq_runtime(cfs_rq) && likely(cfs_rq->curr)) resched_curr(rq_of(cfs_rq)); }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,42764426391937,1 5368,['CWE-476'],"void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l) { struct kvm_segment cs; kvm_get_segment(vcpu, &cs, VCPU_SREG_CS); *db = cs.db; *l = cs.l; }",linux-2.6,,,252202759623934812696295291452818314138,0 1705,[]," __acquires(rq->lock) { for (;;) { struct rq *rq = task_rq(p); spin_lock(&rq->lock); if (likely(rq == task_rq(p))) return rq; spin_unlock(&rq->lock); } }",linux-2.6,,,273013159333903294476088881434620994605,0 4699,['CWE-20'],"static int ext4_write_dquot(struct dquot *dquot) { int ret, err; handle_t *handle; struct inode *inode; inode = dquot_to_inode(dquot); handle = ext4_journal_start(inode, EXT4_QUOTA_TRANS_BLOCKS(dquot->dq_sb)); if (IS_ERR(handle)) return PTR_ERR(handle); ret = dquot_commit(dquot); err = ext4_journal_stop(handle); if (!ret) ret = err; return ret; }",linux-2.6,,,256225014835661184559981021206914480404,0 2482,['CWE-119'],"static int commit_match(struct commit *commit, struct rev_info *opt) { if (!opt->grep_filter) return 1; return grep_buffer(opt->grep_filter, NULL, commit->buffer, strlen(commit->buffer)); }",git,,,326042721010660709919260896590270377352,0 5501,CWE-125,"Ta3Grammar_FindDFA(grammar *g, int type) { dfa *d; #if 1 d = &g->g_dfa[type - NT_OFFSET]; assert(d->d_type == type); return d; #else int i; for (i = g->g_ndfas, d = g->g_dfa; --i >= 0; d++) { if (d->d_type == type) return d; } assert(0); #endif }",visit repo url,ast3/Parser/grammar1.c,https://github.com/python/typed_ast,92397420052765,1 4260,CWE-476,"static bool __core_anal_fcn(RCore *core, ut64 at, ut64 from, int reftype, int depth) { if (depth < 0) { return false; } int has_next = r_config_get_i (core->config, ""anal.hasnext""); RAnalHint *hint = NULL; int i, nexti = 0; ut64 *next = NULL; int fcnlen; RAnalFunction *fcn = r_anal_function_new (core->anal); r_warn_if_fail (fcn); const char *fcnpfx = r_config_get (core->config, ""anal.fcnprefix""); if (!fcnpfx) { fcnpfx = ""fcn""; } const char *cc = r_anal_cc_default (core->anal); if (!cc) { if (r_anal_cc_once (core->anal)) { eprintf (""Warning: set your favourite calling convention in `e anal.cc=?`\n""); } cc = ""reg""; } fcn->cc = r_str_constpool_get (&core->anal->constpool, cc); r_warn_if_fail (fcn->cc); hint = r_anal_hint_get (core->anal, at); if (hint && hint->bits == 16) { fcn->bits = 16; } else { fcn->bits = core->anal->bits; } fcn->addr = at; fcn->name = get_function_name (core, at); if (!fcn->name) { fcn->name = r_str_newf (""%s.%08""PFMT64x, fcnpfx, at); } r_anal_fcn_invalidate_read_ahead_cache (); do { RFlagItem *f; ut64 delta = r_anal_function_linear_size (fcn); if (!r_io_is_valid_offset (core->io, at + delta, !core->anal->opt.noncode)) { goto error; } if (r_cons_is_breaked ()) { break; } fcnlen = r_anal_function(core->anal, fcn, at + delta, core->anal->opt.bb_max_size, reftype); if (core->anal->opt.searchstringrefs) { r_anal_set_stringrefs (core, fcn); } if (fcnlen == 0) { if (core->anal->verbose) { eprintf (""Analyzed function size is 0 at 0x%08""PFMT64x""\n"", at + delta); } goto error; } if (fcnlen < 0) { switch (fcnlen) { case R_ANAL_RET_ERROR: case R_ANAL_RET_NEW: case R_ANAL_RET_DUP: case R_ANAL_RET_END: break; default: eprintf (""Oops. Negative fcnsize at 0x%08""PFMT64x"" (%d)\n"", at, fcnlen); continue; } } f = r_core_flag_get_by_spaces (core->flags, fcn->addr); set_fcn_name_from_flag (fcn, f, fcnpfx); if (fcnlen == R_ANAL_RET_ERROR || (fcnlen == R_ANAL_RET_END && !r_anal_function_realsize (fcn))) { if (core->anal->opt.followbrokenfcnsrefs) { r_anal_analyze_fcn_refs (core, fcn, depth); } goto error; } else if (fcnlen == R_ANAL_RET_END) { f = r_core_flag_get_by_spaces (core->flags, fcn->addr); if (f && f->name && strncmp (f->name, ""sect"", 4)) { char *new_name = strdup (f->name); if (is_entry_flag (f)) { RListIter *iter; RBinSymbol *sym; const RList *syms = r_bin_get_symbols (core->bin); ut64 baddr = r_config_get_i (core->config, ""bin.baddr""); r_list_foreach (syms, iter, sym) { if ((sym->paddr + baddr) == fcn->addr && !strcmp (sym->type, R_BIN_TYPE_FUNC_STR)) { free (new_name); new_name = r_str_newf (""sym.%s"", sym->name); break; } } } free (fcn->name); fcn->name = new_name; } else { R_FREE (fcn->name); const char *fcnpfx = r_anal_fcntype_tostring (fcn->type); if (!fcnpfx || !*fcnpfx || !strcmp (fcnpfx, ""fcn"")) { fcnpfx = r_config_get (core->config, ""anal.fcnprefix""); } fcn->name = r_str_newf (""%s.%08""PFMT64x, fcnpfx, fcn->addr); autoname_imp_trampoline (core, fcn); r_flag_space_push (core->flags, R_FLAGS_FS_FUNCTIONS); r_flag_set (core->flags, fcn->name, fcn->addr, r_anal_function_linear_size (fcn)); r_flag_space_pop (core->flags); } if (from != UT64_MAX) { r_anal_xrefs_set (core->anal, from, fcn->addr, reftype); } r_anal_add_function (core->anal, fcn); if (has_next) { ut64 addr = r_anal_function_max_addr (fcn); RIOMap *map = r_io_map_get_at (core->io, addr); if (!map || (map && map->perm & R_PERM_X)) { for (i = 0; i < nexti; i++) { if (next[i] == addr) { break; } } if (i == nexti) { ut64 at = r_anal_function_max_addr (fcn); while (true) { ut64 size; RAnalMetaItem *mi = r_meta_get_at (core->anal, at, R_META_TYPE_ANY, &size); if (!mi) { break; } at += size; } r_cons_clear_line (1); loganal (fcn->addr, at, 10000 - depth); next = next_append (next, &nexti, at); } } } if (!r_anal_analyze_fcn_refs (core, fcn, depth)) { goto error; } } } while (fcnlen != R_ANAL_RET_END); r_list_free (core->anal->leaddrs); core->anal->leaddrs = NULL; if (has_next) { for (i = 0; i < nexti; i++) { if (!next[i] || r_anal_get_fcn_in (core->anal, next[i], 0)) { continue; } r_core_anal_fcn (core, next[i], from, 0, depth - 1); } free (next); } if (core->anal->cur && core->anal->cur->arch && !strcmp (core->anal->cur->arch, ""x86"")) { r_anal_function_check_bp_use (fcn); if (fcn && !fcn->bp_frame) { r_anal_function_delete_vars_by_kind (fcn, R_ANAL_VAR_KIND_BPV); } } r_anal_hint_free (hint); return true; error: r_list_free (core->anal->leaddrs); core->anal->leaddrs = NULL; if (fcn) { if (!r_anal_function_realsize (fcn) || fcn->addr == UT64_MAX) { r_anal_function_free (fcn); fcn = NULL; } else { if (!fcn->name) { fcn->name = r_str_newf ( ""%s.%08"" PFMT64x, r_anal_fcntype_tostring (fcn->type), at); r_flag_space_push (core->flags, R_FLAGS_FS_FUNCTIONS); r_flag_set (core->flags, fcn->name, at, r_anal_function_linear_size (fcn)); r_flag_space_pop (core->flags); } r_anal_add_function (core->anal, fcn); } if (fcn && has_next) { ut64 newaddr = r_anal_function_max_addr (fcn); RIOMap *map = r_io_map_get_at (core->io, newaddr); if (!map || (map && (map->perm & R_PERM_X))) { next = next_append (next, &nexti, newaddr); for (i = 0; i < nexti; i++) { if (!next[i]) { continue; } r_core_anal_fcn (core, next[i], next[i], 0, depth - 1); } free (next); } } } if (fcn && core->anal->cur && core->anal->cur->arch && !strcmp (core->anal->cur->arch, ""x86"")) { r_anal_function_check_bp_use (fcn); if (!fcn->bp_frame) { r_anal_function_delete_vars_by_kind (fcn, R_ANAL_VAR_KIND_BPV); } } r_anal_hint_free (hint); return false; }",visit repo url,libr/core/canal.c,https://github.com/radareorg/radare2,205569203297768,1 2104,CWE-863,"static ssize_t map_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos, int cap_setid, struct uid_gid_map *map, struct uid_gid_map *parent_map) { struct seq_file *seq = file->private_data; struct user_namespace *ns = seq->private; struct uid_gid_map new_map; unsigned idx; struct uid_gid_extent extent; char *kbuf = NULL, *pos, *next_line; ssize_t ret; if ((*ppos != 0) || (count >= PAGE_SIZE)) return -EINVAL; kbuf = memdup_user_nul(buf, count); if (IS_ERR(kbuf)) return PTR_ERR(kbuf); mutex_lock(&userns_state_mutex); memset(&new_map, 0, sizeof(struct uid_gid_map)); ret = -EPERM; if (map->nr_extents != 0) goto out; if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN)) goto out; ret = -EINVAL; pos = kbuf; for (; pos; pos = next_line) { next_line = strchr(pos, '\n'); if (next_line) { *next_line = '\0'; next_line++; if (*next_line == '\0') next_line = NULL; } pos = skip_spaces(pos); extent.first = simple_strtoul(pos, &pos, 10); if (!isspace(*pos)) goto out; pos = skip_spaces(pos); extent.lower_first = simple_strtoul(pos, &pos, 10); if (!isspace(*pos)) goto out; pos = skip_spaces(pos); extent.count = simple_strtoul(pos, &pos, 10); if (*pos && !isspace(*pos)) goto out; pos = skip_spaces(pos); if (*pos != '\0') goto out; if ((extent.first == (u32) -1) || (extent.lower_first == (u32) -1)) goto out; if ((extent.first + extent.count) <= extent.first) goto out; if ((extent.lower_first + extent.count) <= extent.lower_first) goto out; if (mappings_overlap(&new_map, &extent)) goto out; if ((new_map.nr_extents + 1) == UID_GID_MAP_MAX_EXTENTS && (next_line != NULL)) goto out; ret = insert_extent(&new_map, &extent); if (ret < 0) goto out; ret = -EINVAL; } if (new_map.nr_extents == 0) goto out; ret = -EPERM; if (!new_idmap_permitted(file, ns, cap_setid, &new_map)) goto out; ret = sort_idmaps(&new_map); if (ret < 0) goto out; ret = -EPERM; for (idx = 0; idx < new_map.nr_extents; idx++) { struct uid_gid_extent *e; u32 lower_first; if (new_map.nr_extents <= UID_GID_MAP_MAX_BASE_EXTENTS) e = &new_map.extent[idx]; else e = &new_map.forward[idx]; lower_first = map_id_range_down(parent_map, e->lower_first, e->count); if (lower_first == (u32) -1) goto out; e->lower_first = lower_first; } if (new_map.nr_extents <= UID_GID_MAP_MAX_BASE_EXTENTS) { memcpy(map->extent, new_map.extent, new_map.nr_extents * sizeof(new_map.extent[0])); } else { map->forward = new_map.forward; map->reverse = new_map.reverse; } smp_wmb(); map->nr_extents = new_map.nr_extents; *ppos = count; ret = count; out: if (ret < 0 && new_map.nr_extents > UID_GID_MAP_MAX_BASE_EXTENTS) { kfree(new_map.forward); kfree(new_map.reverse); map->forward = NULL; map->reverse = NULL; map->nr_extents = 0; } mutex_unlock(&userns_state_mutex); kfree(kbuf); return ret; }",visit repo url,kernel/user_namespace.c,https://github.com/torvalds/linux,237804465728453,1 270,[],"static int ppp_ioctl_trans(unsigned int fd, unsigned int cmd, unsigned long arg) { int err; switch (cmd) { case PPPIOCGIDLE32: err = ppp_gidle(fd, cmd, arg); break; case PPPIOCSCOMPRESS32: err = ppp_scompress(fd, cmd, arg); break; default: do { static int count; if (++count <= 20) printk(""ppp_ioctl: Unknown cmd fd(%d) "" ""cmd(%08x) arg(%08x)\n"", (int)fd, (unsigned int)cmd, (unsigned int)arg); } while(0); err = -EINVAL; break; }; return err; }",linux-2.6,,,50446246733173689041354820360354683234,0 108,['CWE-787'],"glue(cirrus_bitblt_rop_bkwd_, ROP_NAME)(CirrusVGAState *s, uint8_t *dst,const uint8_t *src, int dstpitch,int srcpitch, int bltwidth,int bltheight) { int x,y; dstpitch += bltwidth; srcpitch += bltwidth; for (y = 0; y < bltheight; y++) { for (x = 0; x < bltwidth; x++) { ROP_OP(*dst, *src); dst--; src--; } dst += dstpitch; src += srcpitch; } }",qemu,,,130303974633656403260802584993058798719,0 3543,CWE-20,"int main(int argc, char **argv) { int fmtid; int id; char *infile; jas_stream_t *instream; jas_image_t *image; int width; int height; int depth; int numcmpts; int verbose; char *fmtname; int debug; size_t max_mem; if (jas_init()) { abort(); } cmdname = argv[0]; infile = 0; verbose = 0; debug = 0; #if defined(JAS_DEFAULT_MAX_MEM_USAGE) max_mem = JAS_DEFAULT_MAX_MEM_USAGE; #endif while ((id = jas_getopt(argc, argv, opts)) >= 0) { switch (id) { case OPT_VERBOSE: verbose = 1; break; case OPT_VERSION: printf(""%s\n"", JAS_VERSION); exit(EXIT_SUCCESS); break; case OPT_DEBUG: debug = atoi(jas_optarg); break; case OPT_INFILE: infile = jas_optarg; break; case OPT_MAXMEM: max_mem = strtoull(jas_optarg, 0, 10); break; case OPT_HELP: default: usage(); break; } } jas_setdbglevel(debug); #if defined(JAS_DEFAULT_MAX_MEM_USAGE) jas_set_max_mem_usage(max_mem); #endif if (infile) { if (!(instream = jas_stream_fopen(infile, ""rb""))) { fprintf(stderr, ""cannot open input image file %s\n"", infile); exit(EXIT_FAILURE); } } else { if (!(instream = jas_stream_fdopen(0, ""rb""))) { fprintf(stderr, ""cannot open standard input\n""); exit(EXIT_FAILURE); } } if ((fmtid = jas_image_getfmt(instream)) < 0) { fprintf(stderr, ""unknown image format\n""); } if (!(image = jas_image_decode(instream, fmtid, 0))) { jas_stream_close(instream); fprintf(stderr, ""cannot load image\n""); return EXIT_FAILURE; } jas_stream_close(instream); if (!(numcmpts = jas_image_numcmpts(image))) { fprintf(stderr, ""warning: image has no components\n""); } if (numcmpts) { width = jas_image_cmptwidth(image, 0); height = jas_image_cmptheight(image, 0); depth = jas_image_cmptprec(image, 0); } else { width = 0; height = 0; depth = 0; } if (!(fmtname = jas_image_fmttostr(fmtid))) { abort(); } printf(""%s %d %d %d %d %ld\n"", fmtname, numcmpts, width, height, depth, (long) jas_image_rawsize(image)); jas_image_destroy(image); jas_image_clearfmts(); return EXIT_SUCCESS; }",visit repo url,src/appl/imginfo.c,https://github.com/mdadams/jasper,62520432085721,1 6013,['CWE-200'],"static void cbq_adjust_levels(struct cbq_class *this) { if (this == NULL) return; do { int level = 0; struct cbq_class *cl; if ((cl = this->children) != NULL) { do { if (cl->level > level) level = cl->level; } while ((cl = cl->sibling) != this->children); } this->level = level+1; } while ((this = this->tparent) != NULL); }",linux-2.6,,,79652411116818465028374454551383113943,0 2708,[],"struct sctp_endpoint *sctp_endpoint_new(struct sock *sk, gfp_t gfp) { struct sctp_endpoint *ep; ep = t_new(struct sctp_endpoint, gfp); if (!ep) goto fail; if (!sctp_endpoint_init(ep, sk, gfp)) goto fail_init; ep->base.malloced = 1; SCTP_DBG_OBJCNT_INC(ep); return ep; fail_init: kfree(ep); fail: return NULL; }",linux-2.6,,,114969914776100050105781467054861030377,0 1771,[],"static inline void update_load_add(struct load_weight *lw, unsigned long inc) { lw->weight += inc; lw->inv_weight = 0; }",linux-2.6,,,95902251214765202058965430409464003239,0 1229,[],"m4_eval (struct obstack *obs, int argc, token_data **argv) { int32_t value = 0; int radix = 10; int min = 1; const char *s; if (bad_argc (argv[0], argc, 2, 4)) return; if (*ARG (2) && !numeric_arg (argv[0], ARG (2), &radix)) return; if (radix < 1 || radix > (int) strlen (digits)) { M4ERROR ((warning_status, 0, ""radix %d in builtin `%s' out of range"", radix, ARG (0))); return; } if (argc >= 4 && !numeric_arg (argv[0], ARG (3), &min)) return; if (min < 0) { M4ERROR ((warning_status, 0, ""negative width to builtin `%s'"", ARG (0))); return; } if (!*ARG (1)) M4ERROR ((warning_status, 0, ""empty string treated as 0 in builtin `%s'"", ARG (0))); else if (evaluate (ARG (1), &value)) return; if (radix == 1) { if (value < 0) { obstack_1grow (obs, '-'); value = -value; } while (min-- - value > 0) obstack_1grow (obs, '0'); while (value-- != 0) obstack_1grow (obs, '1'); obstack_1grow (obs, '\0'); return; } s = ntoa (value, radix); if (*s == '-') { obstack_1grow (obs, '-'); s++; } for (min -= strlen (s); --min >= 0;) obstack_1grow (obs, '0'); obstack_grow (obs, s, strlen (s)); }",m4,,,24048158566945250428869537063689076994,0 197,CWE-415,"static netdev_tx_t mcba_usb_start_xmit(struct sk_buff *skb, struct net_device *netdev) { struct mcba_priv *priv = netdev_priv(netdev); struct can_frame *cf = (struct can_frame *)skb->data; struct mcba_usb_ctx *ctx = NULL; struct net_device_stats *stats = &priv->netdev->stats; u16 sid; int err; struct mcba_usb_msg_can usb_msg = { .cmd_id = MBCA_CMD_TRANSMIT_MESSAGE_EV }; if (can_dropped_invalid_skb(netdev, skb)) return NETDEV_TX_OK; ctx = mcba_usb_get_free_ctx(priv, cf); if (!ctx) return NETDEV_TX_BUSY; if (cf->can_id & CAN_EFF_FLAG) { sid = MCBA_SIDL_EXID_MASK; sid |= (cf->can_id & 0x1ffc0000) >> 13; sid |= (cf->can_id & 0x30000) >> 16; put_unaligned_be16(sid, &usb_msg.sid); put_unaligned_be16(cf->can_id & 0xffff, &usb_msg.eid); } else { put_unaligned_be16((cf->can_id & CAN_SFF_MASK) << 5, &usb_msg.sid); usb_msg.eid = 0; } usb_msg.dlc = cf->len; memcpy(usb_msg.data, cf->data, usb_msg.dlc); if (cf->can_id & CAN_RTR_FLAG) usb_msg.dlc |= MCBA_DLC_RTR_MASK; can_put_echo_skb(skb, priv->netdev, ctx->ndx, 0); err = mcba_usb_xmit(priv, (struct mcba_usb_msg *)&usb_msg, ctx); if (err) goto xmit_failed; return NETDEV_TX_OK; xmit_failed: can_free_echo_skb(priv->netdev, ctx->ndx, NULL); mcba_usb_free_ctx(ctx); dev_kfree_skb(skb); stats->tx_dropped++; return NETDEV_TX_OK; }",visit repo url,drivers/net/can/usb/mcba_usb.c,https://github.com/torvalds/linux,264076812590898,1 5719,NVD-CWE-Other,"int luaG_traceexec (lua_State *L, const Instruction *pc) { CallInfo *ci = L->ci; lu_byte mask = L->hookmask; int counthook; if (!(mask & (LUA_MASKLINE | LUA_MASKCOUNT))) { ci->u.l.trap = 0; return 0; } pc++; ci->u.l.savedpc = pc; counthook = (--L->hookcount == 0 && (mask & LUA_MASKCOUNT)); if (counthook) resethookcount(L); else if (!(mask & LUA_MASKLINE)) return 1; if (ci->callstatus & CIST_HOOKYIELD) { ci->callstatus &= ~CIST_HOOKYIELD; return 1; } if (!isIT(*(ci->u.l.savedpc - 1))) L->top = ci->top; if (counthook) luaD_hook(L, LUA_HOOKCOUNT, -1, 0, 0); if (mask & LUA_MASKLINE) { const Proto *p = ci_func(ci)->p; int npci = pcRel(pc, p); if (npci == 0 || pc <= L->oldpc || changedline(p, pcRel(L->oldpc, p), npci)) { int newline = luaG_getfuncline(p, npci); luaD_hook(L, LUA_HOOKLINE, newline, 0, 0); } L->oldpc = pc; } if (L->status == LUA_YIELD) { if (counthook) L->hookcount = 1; ci->u.l.savedpc--; ci->callstatus |= CIST_HOOKYIELD; luaD_throw(L, LUA_YIELD); } return 1; }",visit repo url,ldebug.c,https://github.com/lua/lua,244040936713948,1 2000,CWE-276,"void native_tss_update_io_bitmap(void) { struct tss_struct *tss = this_cpu_ptr(&cpu_tss_rw); struct thread_struct *t = ¤t->thread; u16 *base = &tss->x86_tss.io_bitmap_base; if (!test_thread_flag(TIF_IO_BITMAP)) { tss_invalidate_io_bitmap(tss); return; } if (IS_ENABLED(CONFIG_X86_IOPL_IOPERM) && t->iopl_emul == 3) { *base = IO_BITMAP_OFFSET_VALID_ALL; } else { struct io_bitmap *iobm = t->io_bitmap; if (tss->io_bitmap.prev_sequence != iobm->sequence) tss_copy_io_bitmap(tss, iobm); *base = IO_BITMAP_OFFSET_VALID_MAP; } refresh_tss_limit(); }",visit repo url,arch/x86/kernel/process.c,https://github.com/torvalds/linux,94340788096392,1 1264,[],"m4_indir (struct obstack *obs, int argc, token_data **argv) { symbol *s; const char *name; if (bad_argc (argv[0], argc, 2, -1)) return; if (TOKEN_DATA_TYPE (argv[1]) != TOKEN_TEXT) { M4ERROR ((warning_status, 0, ""Warning: %s: invalid macro name ignored"", ARG (0))); return; } name = ARG (1); s = lookup_symbol (name, SYMBOL_LOOKUP); if (s == NULL || SYMBOL_TYPE (s) == TOKEN_VOID) M4ERROR ((warning_status, 0, ""undefined macro `%s'"", name)); else { int i; if (! SYMBOL_MACRO_ARGS (s)) for (i = 2; i < argc; i++) if (TOKEN_DATA_TYPE (argv[i]) != TOKEN_TEXT) { TOKEN_DATA_TYPE (argv[i]) = TOKEN_TEXT; TOKEN_DATA_TEXT (argv[i]) = (char *) """"; } call_macro (s, argc - 1, argv + 1, obs); } }",m4,,,76236406035919151784743549219399583769,0 4267,CWE-416,"static pyc_object *get_list_object(RBuffer *buffer) { pyc_object *ret = NULL; bool error = false; ut32 n = 0; n = get_ut32 (buffer, &error); if (n > ST32_MAX) { eprintf (""bad marshal data (list size out of range)\n""); return NULL; } if (error) { return NULL; } ret = get_array_object_generic (buffer, n); if (ret) { ret->type = TYPE_LIST; return ret; } return NULL; }",visit repo url,libr/bin/format/pyc/marshal.c,https://github.com/radareorg/radare2,173966601518496,1 6292,NVD-CWE-noinfo,"uint8_t dhcps_handle_state_machine_change(uint8_t option_message_type) { switch (option_message_type) { case DHCP_MESSAGE_TYPE_DECLINE: #if (debug_dhcps) printf(""\r\nget message DHCP_MESSAGE_TYPE_DECLINE\n""); #endif dhcp_server_state_machine = DHCP_SERVER_STATE_IDLE; break; case DHCP_MESSAGE_TYPE_DISCOVER: #if (debug_dhcps) printf(""\r\nget message DHCP_MESSAGE_TYPE_DISCOVER\n""); #endif if (dhcp_server_state_machine == DHCP_SERVER_STATE_IDLE) { dhcp_server_state_machine = DHCP_SERVER_STATE_OFFER; } break; case DHCP_MESSAGE_TYPE_REQUEST: #if (debug_dhcps) printf(""\r\n[%d]get message DHCP_MESSAGE_TYPE_REQUEST\n"", xTaskGetTickCount()); #endif #if (!IS_USE_FIXED_IP) #if (debug_dhcps) printf(""\r\ndhcp_server_state_machine=%d"", dhcp_server_state_machine); printf(""\r\ndhcps_allocated_client_address=%d.%d.%d.%d"", ip4_addr1(&dhcps_allocated_client_address), ip4_addr2(&dhcps_allocated_client_address), ip4_addr3(&dhcps_allocated_client_address), ip4_addr4(&dhcps_allocated_client_address)); printf(""\r\nclient_request_ip=%d.%d.%d.%d\n"", ip4_addr1(&client_request_ip), ip4_addr2(&client_request_ip), ip4_addr3(&client_request_ip), ip4_addr4(&client_request_ip)); #endif if (dhcp_server_state_machine == DHCP_SERVER_STATE_OFFER) { if (ip4_addr4(&dhcps_allocated_client_address) != 0) { if (memcmp((void *)&dhcps_allocated_client_address, (void *)&client_request_ip, 4) == 0) { dhcp_server_state_machine = DHCP_SERVER_STATE_ACK; } else { dhcp_server_state_machine = DHCP_SERVER_STATE_NAK; } } else { dhcp_server_state_machine = DHCP_SERVER_STATE_NAK; } } else if(dhcp_server_state_machine == DHCP_SERVER_STATE_IDLE){ uint8_t ip_addr4 = check_client_request_ip(&client_request_ip, client_addr); if(ip_addr4 > 0){ IP4_ADDR(&dhcps_allocated_client_address, (ip4_addr1(&dhcps_network_id)), ip4_addr2(&dhcps_network_id), ip4_addr3(&dhcps_network_id), ip_addr4); dhcp_server_state_machine = DHCP_SERVER_STATE_ACK; }else{ dhcp_server_state_machine = DHCP_SERVER_STATE_NAK; } } else { dhcp_server_state_machine = DHCP_SERVER_STATE_NAK; } #else if (!(dhcp_server_state_machine == DHCP_SERVER_STATE_ACK || dhcp_server_state_machine == DHCP_SERVER_STATE_NAK)) { dhcp_server_state_machine = DHCP_SERVER_STATE_NAK; } #endif break; case DHCP_MESSAGE_TYPE_RELEASE: printf(""get message DHCP_MESSAGE_TYPE_RELEASE\n""); dhcp_server_state_machine = DHCP_SERVER_STATE_IDLE; break; } return dhcp_server_state_machine; }",visit repo url,component/common/network/dhcp/dhcps.c,https://github.com/ambiot/amb1_sdk,199284015762429,1 1707,[],"static int __init setup_relax_domain_level(char *str) { default_relax_domain_level = simple_strtoul(str, NULL, 0); return 1; }",linux-2.6,,,231589118570639259139016592262824265245,0 257,CWE-264,"static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct sockaddr_l2tpip6 *addr = (struct sockaddr_l2tpip6 *) uaddr; struct net *net = sock_net(sk); __be32 v4addr = 0; int addr_type; int err; if (!sock_flag(sk, SOCK_ZAPPED)) return -EINVAL; if (addr->l2tp_family != AF_INET6) return -EINVAL; if (addr_len < sizeof(*addr)) return -EINVAL; addr_type = ipv6_addr_type(&addr->l2tp_addr); if (addr_type == IPV6_ADDR_MAPPED) return -EADDRNOTAVAIL; if (addr_type & IPV6_ADDR_MULTICAST) return -EADDRNOTAVAIL; err = -EADDRINUSE; read_lock_bh(&l2tp_ip6_lock); if (__l2tp_ip6_bind_lookup(net, &addr->l2tp_addr, sk->sk_bound_dev_if, addr->l2tp_conn_id)) goto out_in_use; read_unlock_bh(&l2tp_ip6_lock); lock_sock(sk); err = -EINVAL; if (sk->sk_state != TCP_CLOSE) goto out_unlock; rcu_read_lock(); if (addr_type != IPV6_ADDR_ANY) { struct net_device *dev = NULL; if (addr_type & IPV6_ADDR_LINKLOCAL) { if (addr_len >= sizeof(struct sockaddr_in6) && addr->l2tp_scope_id) { sk->sk_bound_dev_if = addr->l2tp_scope_id; } if (!sk->sk_bound_dev_if) goto out_unlock_rcu; err = -ENODEV; dev = dev_get_by_index_rcu(sock_net(sk), sk->sk_bound_dev_if); if (!dev) goto out_unlock_rcu; } v4addr = LOOPBACK4_IPV6; err = -EADDRNOTAVAIL; if (!ipv6_chk_addr(sock_net(sk), &addr->l2tp_addr, dev, 0)) goto out_unlock_rcu; } rcu_read_unlock(); inet->inet_rcv_saddr = inet->inet_saddr = v4addr; sk->sk_v6_rcv_saddr = addr->l2tp_addr; np->saddr = addr->l2tp_addr; l2tp_ip6_sk(sk)->conn_id = addr->l2tp_conn_id; write_lock_bh(&l2tp_ip6_lock); sk_add_bind_node(sk, &l2tp_ip6_bind_table); sk_del_node_init(sk); write_unlock_bh(&l2tp_ip6_lock); sock_reset_flag(sk, SOCK_ZAPPED); release_sock(sk); return 0; out_unlock_rcu: rcu_read_unlock(); out_unlock: release_sock(sk); return err; out_in_use: read_unlock_bh(&l2tp_ip6_lock); return err; }",visit repo url,net/l2tp/l2tp_ip6.c,https://github.com/torvalds/linux,136536700617723,1 1874,['CWE-189'],"_gnutls_recv_handshake_header (gnutls_session_t session, gnutls_handshake_description_t type, gnutls_handshake_description_t * recv_type) { int ret; uint32_t length32 = 0; uint8_t *dataptr = NULL; size_t handshake_header_size = HANDSHAKE_HEADER_SIZE; if (session->internals.handshake_header_buffer.header_size == handshake_header_size || (session->internals.v2_hello != 0 && type == GNUTLS_HANDSHAKE_CLIENT_HELLO && session->internals. handshake_header_buffer.packet_length > 0)) { *recv_type = session->internals.handshake_header_buffer.recv_type; if (*recv_type != type) { gnutls_assert (); _gnutls_handshake_log (""HSK[%x]: Handshake type mismatch (under attack?)\n"", session); return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; } return session->internals.handshake_header_buffer.packet_length; } dataptr = session->internals.handshake_header_buffer.header; if (session->internals.handshake_header_buffer.header_size < SSL2_HEADERS) { ret = _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, type, dataptr, SSL2_HEADERS); if (ret < 0) { gnutls_assert (); return ret; } if (ret != SSL2_HEADERS) { gnutls_assert (); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } session->internals.handshake_header_buffer.header_size = SSL2_HEADERS; } if (session->internals.v2_hello == 0 || type != GNUTLS_HANDSHAKE_CLIENT_HELLO) { ret = _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, type, &dataptr[session-> internals. handshake_header_buffer. header_size], HANDSHAKE_HEADER_SIZE - session->internals. handshake_header_buffer.header_size); if (ret <= 0) { gnutls_assert (); return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } if ((size_t) ret != HANDSHAKE_HEADER_SIZE - session->internals.handshake_header_buffer.header_size) { gnutls_assert (); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } *recv_type = dataptr[0]; length32 = _gnutls_read_uint24 (&dataptr[1]); handshake_header_size = HANDSHAKE_HEADER_SIZE; _gnutls_handshake_log (""HSK[%x]: %s was received [%ld bytes]\n"", session, _gnutls_handshake2str (dataptr[0]), length32 + HANDSHAKE_HEADER_SIZE); } else { length32 = session->internals.v2_hello - SSL2_HEADERS; handshake_header_size = SSL2_HEADERS; *recv_type = dataptr[0]; _gnutls_handshake_log (""HSK[%x]: %s(v2) was received [%ld bytes]\n"", session, _gnutls_handshake2str (*recv_type), length32 + handshake_header_size); if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO) { gnutls_assert (); return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; } } session->internals.handshake_header_buffer.header_size = handshake_header_size; session->internals.handshake_header_buffer.packet_length = length32; session->internals.handshake_header_buffer.recv_type = *recv_type; if (*recv_type != type) { gnutls_assert (); return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; } return length32; }",gnutls,,,22772102812535241876848167047685179895,0 475,CWE-20,"long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) { struct key *key; key_ref_t key_ref; long ret; key_ref = lookup_user_key(keyid, 0, 0); if (IS_ERR(key_ref)) { ret = -ENOKEY; goto error; } key = key_ref_to_ptr(key_ref); if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { ret = -ENOKEY; goto error2; } ret = key_permission(key_ref, KEY_NEED_READ); if (ret == 0) goto can_read_key; if (ret != -EACCES) goto error2; if (!is_key_possessed(key_ref)) { ret = -EACCES; goto error2; } can_read_key: ret = -EOPNOTSUPP; if (key->type->read) { down_read(&key->sem); ret = key_validate(key); if (ret == 0) ret = key->type->read(key, buffer, buflen); up_read(&key->sem); } error2: key_put(key); error: return ret; }",visit repo url,security/keys/keyctl.c,https://github.com/torvalds/linux,264832667381956,1 1878,['CWE-189'],"_gnutls_tls_create_random (opaque * dst) { uint32_t tim; int ret; tim = time (NULL); _gnutls_write_uint32 (tim, dst); ret = _gnutls_rnd (RND_NONCE, &dst[4], TLS_RANDOM_SIZE - 4); if (ret < 0) { gnutls_assert (); return ret; } return 0; }",gnutls,,,332384674945466243280889971158965125658,0 3036,CWE-119,"PGTYPEStimestamp_from_asc(char *str, char **endptr) { timestamp result; #ifdef HAVE_INT64_TIMESTAMP int64 noresult = 0; #else double noresult = 0.0; #endif fsec_t fsec; struct tm tt, *tm = &tt; int dtype; int nf; char *field[MAXDATEFIELDS]; int ftype[MAXDATEFIELDS]; char lowstr[MAXDATELEN + MAXDATEFIELDS]; char *realptr; char **ptr = (endptr != NULL) ? endptr : &realptr; if (strlen(str) >= sizeof(lowstr)) { errno = PGTYPES_TS_BAD_TIMESTAMP; return (noresult); } if (ParseDateTime(str, lowstr, field, ftype, &nf, ptr) != 0 || DecodeDateTime(field, ftype, nf, &dtype, tm, &fsec, 0) != 0) { errno = PGTYPES_TS_BAD_TIMESTAMP; return (noresult); } switch (dtype) { case DTK_DATE: if (tm2timestamp(tm, fsec, NULL, &result) != 0) { errno = PGTYPES_TS_BAD_TIMESTAMP; return (noresult); } break; case DTK_EPOCH: result = SetEpochTimestamp(); break; case DTK_LATE: TIMESTAMP_NOEND(result); break; case DTK_EARLY: TIMESTAMP_NOBEGIN(result); break; case DTK_INVALID: errno = PGTYPES_TS_BAD_TIMESTAMP; return (noresult); default: errno = PGTYPES_TS_BAD_TIMESTAMP; return (noresult); } errno = 0; return result; }",visit repo url,src/interfaces/ecpg/pgtypeslib/timestamp.c,https://github.com/postgres/postgres,43310517364236,1 1230,[],"m4_changequote (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 1, 3)) return; set_quotes ((argc >= 2) ? TOKEN_DATA_TEXT (argv[1]) : NULL, (argc >= 3) ? TOKEN_DATA_TEXT (argv[2]) : NULL); }",m4,,,76831469724251736653399791030984691340,0 1397,[],"static inline struct cfs_rq *cfs_rq_of(struct sched_entity *se) { return se->cfs_rq; }",linux-2.6,,,245915927505053740226842482657388020825,0 6350,['CWE-200'],"tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts, struct tcf_ext_map *map) { #ifdef CONFIG_NET_CLS_ACT if (map->action && exts->action) { struct rtattr * p_rta = (struct rtattr*) skb->tail; if (exts->action->type != TCA_OLD_COMPAT) { RTA_PUT(skb, map->action, 0, NULL); if (tcf_action_dump(skb, exts->action, 0, 0) < 0) goto rtattr_failure; p_rta->rta_len = skb->tail - (u8*)p_rta; } else if (map->police) { RTA_PUT(skb, map->police, 0, NULL); if (tcf_action_dump_old(skb, exts->action, 0, 0) < 0) goto rtattr_failure; p_rta->rta_len = skb->tail - (u8*)p_rta; } } #elif defined CONFIG_NET_CLS_POLICE if (map->police && exts->police) { struct rtattr * p_rta = (struct rtattr*) skb->tail; RTA_PUT(skb, map->police, 0, NULL); if (tcf_police_dump(skb, exts->police) < 0) goto rtattr_failure; p_rta->rta_len = skb->tail - (u8*)p_rta; } #endif return 0; rtattr_failure: __attribute__ ((unused)) return -1; }",linux-2.6,,,234991818390090129991486510589254843364,0 3710,CWE-295,"x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name) { struct x509_verify_chain *current_chain; int retry_chain_build, full_chain = 0; if (ctx->roots == NULL || ctx->max_depth == 0) { ctx->error = X509_V_ERR_INVALID_CALL; goto err; } if (ctx->xsc != NULL) { if (leaf != NULL || name != NULL) { ctx->error = X509_V_ERR_INVALID_CALL; goto err; } leaf = ctx->xsc->cert; full_chain = 1; if (ctx->xsc->param->flags & X509_V_FLAG_PARTIAL_CHAIN) full_chain = 0; if ((ctx->xsc->chain = sk_X509_new_null()) == NULL) { ctx->error = X509_V_ERR_OUT_OF_MEM; goto err; } if (!X509_up_ref(leaf)) { ctx->error = X509_V_ERR_OUT_OF_MEM; goto err; } if (!sk_X509_push(ctx->xsc->chain, leaf)) { X509_free(leaf); ctx->error = X509_V_ERR_OUT_OF_MEM; goto err; } ctx->xsc->error_depth = 0; ctx->xsc->current_cert = leaf; } if (!x509_verify_cert_valid(ctx, leaf, NULL)) goto err; if (!x509_verify_cert_hostname(ctx, leaf, name)) goto err; if ((current_chain = x509_verify_chain_new()) == NULL) { ctx->error = X509_V_ERR_OUT_OF_MEM; goto err; } if (!x509_verify_chain_append(current_chain, leaf, &ctx->error)) { x509_verify_chain_free(current_chain); goto err; } do { retry_chain_build = 0; if (x509_verify_ctx_cert_is_root(ctx, leaf, full_chain)) { if (!x509_verify_ctx_add_chain(ctx, current_chain)) { x509_verify_chain_free(current_chain); goto err; } } else { x509_verify_build_chains(ctx, leaf, current_chain, full_chain); if (full_chain && ctx->chains_count == 0) { if (!x509_verify_ctx_save_xsc_error(ctx)) { x509_verify_chain_free(current_chain); goto err; } full_chain = 0; retry_chain_build = 1; } } } while (retry_chain_build); x509_verify_chain_free(current_chain); if (!x509_verify_ctx_restore_xsc_error(ctx)) goto err; if (ctx->chains_count == 0 && ctx->error == X509_V_OK) { ctx->error = X509_V_ERR_UNSPECIFIED; if (ctx->xsc != NULL && ctx->xsc->error != X509_V_OK) ctx->error = ctx->xsc->error; } if (ctx->chains_count > 0) ctx->error = X509_V_OK; if (ctx->xsc != NULL) { ctx->xsc->error = ctx->error; if (ctx->chains_count > 0) { if (!x509_verify_ctx_set_xsc_chain(ctx, ctx->chains[0], 1, 1)) goto err; ctx->xsc->error = X509_V_OK; if(!x509_vfy_callback_indicate_success(ctx->xsc)) { ctx->error = ctx->xsc->error; goto err; } } else { if (ctx->xsc->verify_cb(0, ctx->xsc)) { ctx->xsc->error = X509_V_OK; return 1; } } } return (ctx->chains_count); err: if (ctx->error == X509_V_OK) ctx->error = X509_V_ERR_UNSPECIFIED; if (ctx->xsc != NULL) ctx->xsc->error = ctx->error; return 0; }",visit repo url,lib/libcrypto/x509/x509_verify.c,https://github.com/openbsd/src,108671832704311,1 1142,['CWE-399'],"static int s390_fpregs_get(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, void *kbuf, void __user *ubuf) { if (target == current) save_fp_regs(&target->thread.fp_regs); return user_regset_copyout(&pos, &count, &kbuf, &ubuf, &target->thread.fp_regs, 0, -1); }",linux-2.6,,,123503740153779676376409014983386823558,0 6746,['CWE-310'],"fixup_desc_string (const char *desc) { char *p, *temp; char **words, **item; GString *str; p = temp = g_strdup (desc); while (*p) { if (*p == '_' || *p == ',') *p = ' '; p++; } for (item = ignored_phrases; *item; item++) { guint32 ignored_len = strlen (*item); p = strstr (temp, *item); if (p) memmove (p, p + ignored_len, strlen (p + ignored_len) + 1); } words = g_strsplit (temp, "" "", 0); str = g_string_new_len (NULL, strlen (temp)); g_free (temp); for (item = words; *item; item++) { int i = 0; gboolean ignore = FALSE; if (g_ascii_isspace (**item) || (**item == '\0')) continue; while (ignored_words[i] && !ignore) { if (!strcmp (*item, ignored_words[i])) ignore = TRUE; i++; } if (!ignore) { if (str->len) g_string_append_c (str, ' '); g_string_append (str, *item); } } g_strfreev (words); temp = str->str; g_string_free (str, FALSE); return temp; }",network-manager-applet,,,162767066193461964408607606446103122775,0 4263,['CWE-264'],"static struct mm_struct * mm_init(struct mm_struct * mm, struct task_struct *p) { atomic_set(&mm->mm_users, 1); atomic_set(&mm->mm_count, 1); init_rwsem(&mm->mmap_sem); INIT_LIST_HEAD(&mm->mmlist); mm->flags = (current->mm) ? current->mm->flags : default_dump_filter; mm->core_state = NULL; mm->nr_ptes = 0; set_mm_counter(mm, file_rss, 0); set_mm_counter(mm, anon_rss, 0); spin_lock_init(&mm->page_table_lock); spin_lock_init(&mm->ioctx_lock); INIT_HLIST_HEAD(&mm->ioctx_list); mm->free_area_cache = TASK_UNMAPPED_BASE; mm->cached_hole_size = ~0UL; mm_init_owner(mm, p); if (likely(!mm_alloc_pgd(mm))) { mm->def_flags = 0; mmu_notifier_mm_init(mm); return mm; } free_mm(mm); return NULL; }",linux-2.6,,,84601430075719853341290880430270531247,0 3316,CWE-119,"header_put_le_8byte (SF_PRIVATE *psf, sf_count_t x) { if (psf->headindex < SIGNED_SIZEOF (psf->header) - 8) { psf->header [psf->headindex++] = x ; psf->header [psf->headindex++] = (x >> 8) ; psf->header [psf->headindex++] = (x >> 16) ; psf->header [psf->headindex++] = (x >> 24) ; psf->header [psf->headindex++] = 0 ; psf->header [psf->headindex++] = 0 ; psf->header [psf->headindex++] = 0 ; psf->header [psf->headindex++] = 0 ; } ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,141362312286744,1 5557,CWE-125,"PyInit__ast3(void) { PyObject *m, *d; if (!init_types()) return NULL; m = PyModule_Create(&_astmodule3); if (!m) return NULL; d = PyModule_GetDict(m); if (PyDict_SetItemString(d, ""AST"", (PyObject*)&AST_type) < 0) return NULL; if (PyModule_AddIntMacro(m, PyCF_ONLY_AST) < 0) return NULL; if (PyDict_SetItemString(d, ""mod"", (PyObject*)mod_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Module"", (PyObject*)Module_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Interactive"", (PyObject*)Interactive_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Expression"", (PyObject*)Expression_type) < 0) return NULL; if (PyDict_SetItemString(d, ""FunctionType"", (PyObject*)FunctionType_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Suite"", (PyObject*)Suite_type) < 0) return NULL; if (PyDict_SetItemString(d, ""stmt"", (PyObject*)stmt_type) < 0) return NULL; if (PyDict_SetItemString(d, ""FunctionDef"", (PyObject*)FunctionDef_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AsyncFunctionDef"", (PyObject*)AsyncFunctionDef_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ClassDef"", (PyObject*)ClassDef_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Return"", (PyObject*)Return_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Delete"", (PyObject*)Delete_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Assign"", (PyObject*)Assign_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AugAssign"", (PyObject*)AugAssign_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AnnAssign"", (PyObject*)AnnAssign_type) < 0) return NULL; if (PyDict_SetItemString(d, ""For"", (PyObject*)For_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AsyncFor"", (PyObject*)AsyncFor_type) < 0) return NULL; if (PyDict_SetItemString(d, ""While"", (PyObject*)While_type) < 0) return NULL; if (PyDict_SetItemString(d, ""If"", (PyObject*)If_type) < 0) return NULL; if (PyDict_SetItemString(d, ""With"", (PyObject*)With_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AsyncWith"", (PyObject*)AsyncWith_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Raise"", (PyObject*)Raise_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Try"", (PyObject*)Try_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Assert"", (PyObject*)Assert_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Import"", (PyObject*)Import_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ImportFrom"", (PyObject*)ImportFrom_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Global"", (PyObject*)Global_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Nonlocal"", (PyObject*)Nonlocal_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Expr"", (PyObject*)Expr_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Pass"", (PyObject*)Pass_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Break"", (PyObject*)Break_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Continue"", (PyObject*)Continue_type) < 0) return NULL; if (PyDict_SetItemString(d, ""expr"", (PyObject*)expr_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BoolOp"", (PyObject*)BoolOp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BinOp"", (PyObject*)BinOp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""UnaryOp"", (PyObject*)UnaryOp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Lambda"", (PyObject*)Lambda_type) < 0) return NULL; if (PyDict_SetItemString(d, ""IfExp"", (PyObject*)IfExp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Dict"", (PyObject*)Dict_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Set"", (PyObject*)Set_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ListComp"", (PyObject*)ListComp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""SetComp"", (PyObject*)SetComp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""DictComp"", (PyObject*)DictComp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""GeneratorExp"", (PyObject*)GeneratorExp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Await"", (PyObject*)Await_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Yield"", (PyObject*)Yield_type) < 0) return NULL; if (PyDict_SetItemString(d, ""YieldFrom"", (PyObject*)YieldFrom_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Compare"", (PyObject*)Compare_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Call"", (PyObject*)Call_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Num"", (PyObject*)Num_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Str"", (PyObject*)Str_type) < 0) return NULL; if (PyDict_SetItemString(d, ""FormattedValue"", (PyObject*)FormattedValue_type) < 0) return NULL; if (PyDict_SetItemString(d, ""JoinedStr"", (PyObject*)JoinedStr_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Bytes"", (PyObject*)Bytes_type) < 0) return NULL; if (PyDict_SetItemString(d, ""NameConstant"", (PyObject*)NameConstant_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Ellipsis"", (PyObject*)Ellipsis_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Constant"", (PyObject*)Constant_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Attribute"", (PyObject*)Attribute_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Subscript"", (PyObject*)Subscript_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Starred"", (PyObject*)Starred_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Name"", (PyObject*)Name_type) < 0) return NULL; if (PyDict_SetItemString(d, ""List"", (PyObject*)List_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Tuple"", (PyObject*)Tuple_type) < 0) return NULL; if (PyDict_SetItemString(d, ""expr_context"", (PyObject*)expr_context_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Load"", (PyObject*)Load_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Store"", (PyObject*)Store_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Del"", (PyObject*)Del_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AugLoad"", (PyObject*)AugLoad_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AugStore"", (PyObject*)AugStore_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Param"", (PyObject*)Param_type) < 0) return NULL; if (PyDict_SetItemString(d, ""slice"", (PyObject*)slice_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Slice"", (PyObject*)Slice_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ExtSlice"", (PyObject*)ExtSlice_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Index"", (PyObject*)Index_type) < 0) return NULL; if (PyDict_SetItemString(d, ""boolop"", (PyObject*)boolop_type) < 0) return NULL; if (PyDict_SetItemString(d, ""And"", (PyObject*)And_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Or"", (PyObject*)Or_type) < 0) return NULL; if (PyDict_SetItemString(d, ""operator"", (PyObject*)operator_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Add"", (PyObject*)Add_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Sub"", (PyObject*)Sub_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Mult"", (PyObject*)Mult_type) < 0) return NULL; if (PyDict_SetItemString(d, ""MatMult"", (PyObject*)MatMult_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Div"", (PyObject*)Div_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Mod"", (PyObject*)Mod_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Pow"", (PyObject*)Pow_type) < 0) return NULL; if (PyDict_SetItemString(d, ""LShift"", (PyObject*)LShift_type) < 0) return NULL; if (PyDict_SetItemString(d, ""RShift"", (PyObject*)RShift_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BitOr"", (PyObject*)BitOr_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BitXor"", (PyObject*)BitXor_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BitAnd"", (PyObject*)BitAnd_type) < 0) return NULL; if (PyDict_SetItemString(d, ""FloorDiv"", (PyObject*)FloorDiv_type) < 0) return NULL; if (PyDict_SetItemString(d, ""unaryop"", (PyObject*)unaryop_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Invert"", (PyObject*)Invert_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Not"", (PyObject*)Not_type) < 0) return NULL; if (PyDict_SetItemString(d, ""UAdd"", (PyObject*)UAdd_type) < 0) return NULL; if (PyDict_SetItemString(d, ""USub"", (PyObject*)USub_type) < 0) return NULL; if (PyDict_SetItemString(d, ""cmpop"", (PyObject*)cmpop_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Eq"", (PyObject*)Eq_type) < 0) return NULL; if (PyDict_SetItemString(d, ""NotEq"", (PyObject*)NotEq_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Lt"", (PyObject*)Lt_type) < 0) return NULL; if (PyDict_SetItemString(d, ""LtE"", (PyObject*)LtE_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Gt"", (PyObject*)Gt_type) < 0) return NULL; if (PyDict_SetItemString(d, ""GtE"", (PyObject*)GtE_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Is"", (PyObject*)Is_type) < 0) return NULL; if (PyDict_SetItemString(d, ""IsNot"", (PyObject*)IsNot_type) < 0) return NULL; if (PyDict_SetItemString(d, ""In"", (PyObject*)In_type) < 0) return NULL; if (PyDict_SetItemString(d, ""NotIn"", (PyObject*)NotIn_type) < 0) return NULL; if (PyDict_SetItemString(d, ""comprehension"", (PyObject*)comprehension_type) < 0) return NULL; if (PyDict_SetItemString(d, ""excepthandler"", (PyObject*)excepthandler_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ExceptHandler"", (PyObject*)ExceptHandler_type) < 0) return NULL; if (PyDict_SetItemString(d, ""arguments"", (PyObject*)arguments_type) < 0) return NULL; if (PyDict_SetItemString(d, ""arg"", (PyObject*)arg_type) < 0) return NULL; if (PyDict_SetItemString(d, ""keyword"", (PyObject*)keyword_type) < 0) return NULL; if (PyDict_SetItemString(d, ""alias"", (PyObject*)alias_type) < 0) return NULL; if (PyDict_SetItemString(d, ""withitem"", (PyObject*)withitem_type) < 0) return NULL; if (PyDict_SetItemString(d, ""type_ignore"", (PyObject*)type_ignore_type) < 0) return NULL; if (PyDict_SetItemString(d, ""TypeIgnore"", (PyObject*)TypeIgnore_type) < 0) return NULL; return m; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,19279496775193,1 1783,CWE-264,"check_entry_size_and_hooks(struct ip6t_entry *e, struct xt_table_info *newinfo, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks) { unsigned int h; int err; if ((unsigned long)e % __alignof__(struct ip6t_entry) != 0 || (unsigned char *)e + sizeof(struct ip6t_entry) >= limit || (unsigned char *)e + e->next_offset > limit) { duprintf(""Bad offset %p\n"", e); return -EINVAL; } if (e->next_offset < sizeof(struct ip6t_entry) + sizeof(struct xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } if (!ip6_checkentry(&e->ipv6)) return -EINVAL; err = xt_check_entry_offsets(e, e->target_offset, e->next_offset); if (err) return err; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if (!(valid_hooks & (1 << h))) continue; if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) { if (!check_underflow(e)) { pr_debug(""Underflows must be unconditional and "" ""use the STANDARD target with "" ""ACCEPT/DROP\n""); return -EINVAL; } newinfo->underflow[h] = underflows[h]; } } e->counters = ((struct xt_counters) { 0, 0 }); e->comefrom = 0; return 0; }",visit repo url,net/ipv6/netfilter/ip6_tables.c,https://github.com/torvalds/linux,170782144000864,1 3450,CWE-264,"int cg_write(const char *path, const char *buf, size_t size, off_t offset, struct fuse_file_info *fi) { struct fuse_context *fc = fuse_get_context(); char *localbuf = NULL; struct cgfs_files *k = NULL; struct file_info *f = (struct file_info *)fi->fh; bool r; if (f->type != LXC_TYPE_CGFILE) { fprintf(stderr, ""Internal error: directory cache info used in cg_write\n""); return -EIO; } if (offset) return 0; if (!fc) return -EIO; localbuf = alloca(size+1); localbuf[size] = '\0'; memcpy(localbuf, buf, size); if ((k = cgfs_get_key(f->controller, f->cgroup, f->file)) == NULL) { size = -EINVAL; goto out; } if (!fc_may_access(fc, f->controller, f->cgroup, f->file, O_WRONLY)) { size = -EACCES; goto out; } if (strcmp(f->file, ""tasks"") == 0 || strcmp(f->file, ""/tasks"") == 0 || strcmp(f->file, ""/cgroup.procs"") == 0 || strcmp(f->file, ""cgroup.procs"") == 0) r = do_write_pids(fc->pid, f->controller, f->cgroup, f->file, localbuf); else r = cgfs_set_value(f->controller, f->cgroup, f->file, localbuf); if (!r) size = -EINVAL; out: free_key(k); return size; }",visit repo url,lxcfs.c,https://github.com/lxc/lxcfs,81626037102449,1 2532,CWE-193,"read_header(struct archive_read *a, struct archive_entry *entry, char head_type) { const void *h; const char *p, *endp; struct rar *rar; struct rar_header rar_header; struct rar_file_header file_header; int64_t header_size; unsigned filename_size, end; char *filename; char *strp; char packed_size[8]; char unp_size[8]; int ttime; struct archive_string_conv *sconv, *fn_sconv; unsigned long crc32_val; int ret = (ARCHIVE_OK), ret2; rar = (struct rar *)(a->format->data); sconv = rar->opt_sconv; if (sconv == NULL) { if (!rar->init_default_conversion) { rar->sconv_default = archive_string_default_conversion_for_read( &(a->archive)); rar->init_default_conversion = 1; } sconv = rar->sconv_default; } if ((h = __archive_read_ahead(a, 7, NULL)) == NULL) return (ARCHIVE_FATAL); p = h; memcpy(&rar_header, p, sizeof(rar_header)); rar->file_flags = archive_le16dec(rar_header.flags); header_size = archive_le16dec(rar_header.size); if (header_size < (int64_t)sizeof(file_header) + 7) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid header size""); return (ARCHIVE_FATAL); } crc32_val = crc32(0, (const unsigned char *)p + 2, 7 - 2); __archive_read_consume(a, 7); if (!(rar->file_flags & FHD_SOLID)) { rar->compression_method = 0; rar->packed_size = 0; rar->unp_size = 0; rar->mtime = 0; rar->ctime = 0; rar->atime = 0; rar->arctime = 0; rar->mode = 0; memset(&rar->salt, 0, sizeof(rar->salt)); rar->atime = 0; rar->ansec = 0; rar->ctime = 0; rar->cnsec = 0; rar->mtime = 0; rar->mnsec = 0; rar->arctime = 0; rar->arcnsec = 0; } else { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""RAR solid archive support unavailable.""); return (ARCHIVE_FATAL); } if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL) return (ARCHIVE_FATAL); crc32_val = crc32(crc32_val, h, (unsigned)(header_size - 7)); if ((crc32_val & 0xffff) != archive_le16dec(rar_header.crc)) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Header CRC error""); return (ARCHIVE_FATAL); } p = h; endp = p + header_size - 7; memcpy(&file_header, p, sizeof(file_header)); p += sizeof(file_header); rar->compression_method = file_header.method; ttime = archive_le32dec(file_header.file_time); rar->mtime = get_time(ttime); rar->file_crc = archive_le32dec(file_header.file_crc); if (rar->file_flags & FHD_PASSWORD) { archive_entry_set_is_data_encrypted(entry, 1); rar->has_encrypted_entries = 1; archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""RAR encryption support unavailable.""); } if (rar->file_flags & FHD_LARGE) { memcpy(packed_size, file_header.pack_size, 4); memcpy(packed_size + 4, p, 4); p += 4; memcpy(unp_size, file_header.unp_size, 4); memcpy(unp_size + 4, p, 4); p += 4; rar->packed_size = archive_le64dec(&packed_size); rar->unp_size = archive_le64dec(&unp_size); } else { rar->packed_size = archive_le32dec(file_header.pack_size); rar->unp_size = archive_le32dec(file_header.unp_size); } if (rar->packed_size < 0 || rar->unp_size < 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid sizes specified.""); return (ARCHIVE_FATAL); } rar->bytes_remaining = rar->packed_size; if (head_type == NEWSUB_HEAD) { size_t distance = p - (const char *)h; header_size += rar->packed_size; if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL) return (ARCHIVE_FATAL); p = h; endp = p + header_size - 7; p += distance; } filename_size = archive_le16dec(file_header.name_size); if (p + filename_size > endp) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid filename size""); return (ARCHIVE_FATAL); } if (rar->filename_allocated < filename_size * 2 + 2) { char *newptr; size_t newsize = filename_size * 2 + 2; newptr = realloc(rar->filename, newsize); if (newptr == NULL) { archive_set_error(&a->archive, ENOMEM, ""Couldn't allocate memory.""); return (ARCHIVE_FATAL); } rar->filename = newptr; rar->filename_allocated = newsize; } filename = rar->filename; memcpy(filename, p, filename_size); filename[filename_size] = '\0'; if (rar->file_flags & FHD_UNICODE) { if (filename_size != strlen(filename)) { unsigned char highbyte, flagbits, flagbyte; unsigned fn_end, offset; end = filename_size; fn_end = filename_size * 2; filename_size = 0; offset = (unsigned)strlen(filename) + 1; highbyte = *(p + offset++); flagbits = 0; flagbyte = 0; while (offset < end && filename_size < fn_end) { if (!flagbits) { flagbyte = *(p + offset++); flagbits = 8; } flagbits -= 2; switch((flagbyte >> flagbits) & 3) { case 0: filename[filename_size++] = '\0'; filename[filename_size++] = *(p + offset++); break; case 1: filename[filename_size++] = highbyte; filename[filename_size++] = *(p + offset++); break; case 2: filename[filename_size++] = *(p + offset + 1); filename[filename_size++] = *(p + offset); offset += 2; break; case 3: { char extra, high; uint8_t length = *(p + offset++); if (length & 0x80) { extra = *(p + offset++); high = (char)highbyte; } else extra = high = 0; length = (length & 0x7f) + 2; while (length && filename_size < fn_end) { unsigned cp = filename_size >> 1; filename[filename_size++] = high; filename[filename_size++] = p[cp] + extra; length--; } } break; } } if (filename_size > fn_end) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid filename""); return (ARCHIVE_FATAL); } filename[filename_size++] = '\0'; filename[filename_size++] = '\0'; if (rar->sconv_utf16be == NULL) { rar->sconv_utf16be = archive_string_conversion_from_charset( &a->archive, ""UTF-16BE"", 1); if (rar->sconv_utf16be == NULL) return (ARCHIVE_FATAL); } fn_sconv = rar->sconv_utf16be; strp = filename; while (memcmp(strp, ""\x00\x00"", 2)) { if (!memcmp(strp, ""\x00\\"", 2)) *(strp + 1) = '/'; strp += 2; } p += offset; } else { if (rar->sconv_utf8 == NULL) { rar->sconv_utf8 = archive_string_conversion_from_charset( &a->archive, ""UTF-8"", 1); if (rar->sconv_utf8 == NULL) return (ARCHIVE_FATAL); } fn_sconv = rar->sconv_utf8; while ((strp = strchr(filename, '\\')) != NULL) *strp = '/'; p += filename_size; } } else { fn_sconv = sconv; while ((strp = strchr(filename, '\\')) != NULL) *strp = '/'; p += filename_size; } if (rar->filename_save && filename_size == rar->filename_save_size && !memcmp(rar->filename, rar->filename_save, filename_size + 1)) { __archive_read_consume(a, header_size - 7); rar->cursor++; if (rar->cursor >= rar->nodes) { rar->nodes++; if ((rar->dbo = realloc(rar->dbo, sizeof(*rar->dbo) * rar->nodes)) == NULL) { archive_set_error(&a->archive, ENOMEM, ""Couldn't allocate memory.""); return (ARCHIVE_FATAL); } rar->dbo[rar->cursor].header_size = header_size; rar->dbo[rar->cursor].start_offset = -1; rar->dbo[rar->cursor].end_offset = -1; } if (rar->dbo[rar->cursor].start_offset < 0) { rar->dbo[rar->cursor].start_offset = a->filter->position; rar->dbo[rar->cursor].end_offset = rar->dbo[rar->cursor].start_offset + rar->packed_size; } return ret; } rar->filename_save = (char*)realloc(rar->filename_save, filename_size + 1); memcpy(rar->filename_save, rar->filename, filename_size + 1); rar->filename_save_size = filename_size; free(rar->dbo); if ((rar->dbo = calloc(1, sizeof(*rar->dbo))) == NULL) { archive_set_error(&a->archive, ENOMEM, ""Couldn't allocate memory.""); return (ARCHIVE_FATAL); } rar->dbo[0].header_size = header_size; rar->dbo[0].start_offset = -1; rar->dbo[0].end_offset = -1; rar->cursor = 0; rar->nodes = 1; if (rar->file_flags & FHD_SALT) { if (p + 8 > endp) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid header size""); return (ARCHIVE_FATAL); } memcpy(rar->salt, p, 8); p += 8; } if (rar->file_flags & FHD_EXTTIME) { if (read_exttime(p, rar, endp) < 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid header size""); return (ARCHIVE_FATAL); } } __archive_read_consume(a, header_size - 7); rar->dbo[0].start_offset = a->filter->position; rar->dbo[0].end_offset = rar->dbo[0].start_offset + rar->packed_size; switch(file_header.host_os) { case OS_MSDOS: case OS_OS2: case OS_WIN32: rar->mode = archive_le32dec(file_header.file_attr); if (rar->mode & FILE_ATTRIBUTE_DIRECTORY) rar->mode = AE_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH; else rar->mode = AE_IFREG; rar->mode |= S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH; break; case OS_UNIX: case OS_MAC_OS: case OS_BEOS: rar->mode = archive_le32dec(file_header.file_attr); break; default: archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Unknown file attributes from RAR file's host OS""); return (ARCHIVE_FATAL); } rar->bytes_uncopied = rar->bytes_unconsumed = 0; rar->lzss.position = rar->offset = 0; rar->offset_seek = 0; rar->dictionary_size = 0; rar->offset_outgoing = 0; rar->br.cache_avail = 0; rar->br.avail_in = 0; rar->crc_calculated = 0; rar->entry_eof = 0; rar->valid = 1; rar->is_ppmd_block = 0; rar->start_new_table = 1; free(rar->unp_buffer); rar->unp_buffer = NULL; rar->unp_offset = 0; rar->unp_buffer_size = UNP_BUFFER_SIZE; memset(rar->lengthtable, 0, sizeof(rar->lengthtable)); __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context, &g_szalloc); rar->ppmd_valid = rar->ppmd_eod = 0; if (head_type == NEWSUB_HEAD) return ret; archive_entry_set_mtime(entry, rar->mtime, rar->mnsec); archive_entry_set_ctime(entry, rar->ctime, rar->cnsec); archive_entry_set_atime(entry, rar->atime, rar->ansec); archive_entry_set_size(entry, rar->unp_size); archive_entry_set_mode(entry, rar->mode); if (archive_entry_copy_pathname_l(entry, filename, filename_size, fn_sconv)) { if (errno == ENOMEM) { archive_set_error(&a->archive, ENOMEM, ""Can't allocate memory for Pathname""); return (ARCHIVE_FATAL); } archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Pathname cannot be converted from %s to current locale."", archive_string_conversion_charset_name(fn_sconv)); ret = (ARCHIVE_WARN); } if (((rar->mode) & AE_IFMT) == AE_IFLNK) { rar->bytes_remaining = 0; archive_entry_set_size(entry, 0); if ((ret2 = read_symlink_stored(a, entry, sconv)) < (ARCHIVE_WARN)) return ret2; if (ret > ret2) ret = ret2; } if (rar->bytes_remaining == 0) rar->entry_eof = 1; return ret; }",visit repo url,libarchive/archive_read_support_format_rar.c,https://github.com/libarchive/libarchive,142731830190025,1 54,CWE-763,"init_ctx_new(OM_uint32 *minor_status, spnego_gss_cred_id_t spcred, gss_ctx_id_t *ctx, send_token_flag *tokflag) { OM_uint32 ret; spnego_gss_ctx_id_t sc = NULL; sc = create_spnego_ctx(); if (sc == NULL) return GSS_S_FAILURE; ret = get_negotiable_mechs(minor_status, spcred, GSS_C_INITIATE, &sc->mech_set); if (ret != GSS_S_COMPLETE) goto cleanup; sc->internal_mech = &sc->mech_set->elements[0]; if (put_mech_set(sc->mech_set, &sc->DER_mechTypes) < 0) { ret = GSS_S_FAILURE; goto cleanup; } sc->ctx_handle = GSS_C_NO_CONTEXT; *ctx = (gss_ctx_id_t)sc; sc = NULL; *tokflag = INIT_TOKEN_SEND; ret = GSS_S_CONTINUE_NEEDED; cleanup: release_spnego_ctx(&sc); return ret; }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,85170906390376,1 3184,['CWE-189'],"jas_stream_t *jas_stream_freopen(const char *path, const char *mode, FILE *fp) { jas_stream_t *stream; int openflags; path = 0; if (!(stream = jas_stream_create())) { return 0; } stream->openmode_ = jas_strtoopenmode(mode); if ((stream->openmode_ & JAS_STREAM_READ) && (stream->openmode_ & JAS_STREAM_WRITE)) { openflags = O_RDWR; } else if (stream->openmode_ & JAS_STREAM_READ) { openflags = O_RDONLY; } else if (stream->openmode_ & JAS_STREAM_WRITE) { openflags = O_WRONLY; } else { openflags = 0; } if (stream->openmode_ & JAS_STREAM_APPEND) { openflags |= O_APPEND; } if (stream->openmode_ & JAS_STREAM_BINARY) { openflags |= O_BINARY; } if (stream->openmode_ & JAS_STREAM_CREATE) { openflags |= O_CREAT | O_TRUNC; } stream->obj_ = JAS_CAST(void *, fp); stream->ops_ = &jas_stream_sfileops; jas_stream_initbuf(stream, JAS_STREAM_FULLBUF, 0, 0); return stream; }",jasper,,,100616006956730724312467894587997879235,0 4622,CWE-476,"GF_Err MergeTrack(GF_TrackBox *trak, GF_TrackFragmentBox *traf, GF_MovieFragmentBox *moof_box, u64 moof_offset, s32 compressed_diff, u64 *cumulated_offset, Bool is_first_merge) { u32 i, j, chunk_size, track_num; u64 base_offset, data_offset, traf_duration; u32 def_duration, DescIndex, def_size, def_flags; u32 duration, size, flags, prev_trun_data_offset, sample_index; u8 pad, sync; u16 degr; Bool first_samp_in_traf=GF_TRUE; Bool store_traf_map=GF_FALSE; u8 *moof_template=NULL; u32 moof_template_size=0; Bool is_seg_start = GF_FALSE; u64 seg_start=0, sidx_start=0, sidx_end=0, frag_start=0, last_dts=0; GF_TrackFragmentRunBox *trun; GF_TrunEntry *ent; #ifdef GF_ENABLE_CTRN GF_TrackFragmentBox *traf_ref = NULL; #endif GF_Err stbl_AppendTime(GF_SampleTableBox *stbl, u32 duration, u32 nb_pack); GF_Err stbl_AppendSize(GF_SampleTableBox *stbl, u32 size, u32 nb_pack); GF_Err stbl_AppendChunk(GF_SampleTableBox *stbl, u64 offset); GF_Err stbl_AppendSampleToChunk(GF_SampleTableBox *stbl, u32 DescIndex, u32 samplesInChunk); GF_Err stbl_AppendCTSOffset(GF_SampleTableBox *stbl, s32 CTSOffset); GF_Err stbl_AppendRAP(GF_SampleTableBox *stbl, u8 isRap); GF_Err stbl_AppendPadding(GF_SampleTableBox *stbl, u8 padding); GF_Err stbl_AppendDegradation(GF_SampleTableBox *stbl, u16 DegradationPriority); if (trak->Header->trackID != traf->tfhd->trackID) return GF_OK; if (!trak->Media->information->sampleTable || !trak->Media->information->sampleTable->SampleSize || !trak->Media->information->sampleTable->TimeToSample || !trak->Media->information->sampleTable->SampleToChunk || !trak->Media->information->sampleTable->ChunkOffset ) { return GF_ISOM_INVALID_FILE; } if (!traf->trex->track) traf->trex->track = trak; DescIndex = (traf->tfhd->flags & GF_ISOM_TRAF_SAMPLE_DESC) ? traf->tfhd->sample_desc_index : traf->trex->def_sample_desc_index; if (!DescIndex) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] default sample description set to 0, likely broken ! Fixing to 1\n"" )); DescIndex = 1; } else if (DescIndex > gf_list_count(trak->Media->information->sampleTable->SampleDescription->child_boxes)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] default sample description set to %d but only %d sample description(s), likely broken ! Fixing to 1\n"", DescIndex, gf_list_count(trak->Media->information->sampleTable->SampleDescription->child_boxes))); DescIndex = 1; } #ifdef GF_ENABLE_CTRN if (traf->trex->inherit_from_traf_id) { u32 traf_count = gf_list_count(moof_box->TrackList); for (i=0; iTrackList, i); if (atraf->tfhd && atraf->tfhd->trackID==traf->trex->inherit_from_traf_id) { traf_ref = atraf; break; } } } #endif def_duration = (traf->tfhd->flags & GF_ISOM_TRAF_SAMPLE_DUR) ? traf->tfhd->def_sample_duration : traf->trex->def_sample_duration; def_size = (traf->tfhd->flags & GF_ISOM_TRAF_SAMPLE_SIZE) ? traf->tfhd->def_sample_size : traf->trex->def_sample_size; def_flags = (traf->tfhd->flags & GF_ISOM_TRAF_SAMPLE_FLAGS) ? traf->tfhd->def_sample_flags : traf->trex->def_sample_flags; base_offset = moof_offset; if (traf->tfhd->flags & GF_ISOM_TRAF_BASE_OFFSET) base_offset = traf->tfhd->base_data_offset; else if (!(traf->tfhd->flags & GF_ISOM_MOOF_BASE_OFFSET)) base_offset = *cumulated_offset; chunk_size = 0; prev_trun_data_offset = 0; data_offset = 0; traf_duration = 0; if (traf->tfdt && is_first_merge) { #ifndef GPAC_DISABLE_LOG if (trak->moov->mov->NextMoofNumber && trak->present_in_scalable_segment && trak->sample_count_at_seg_start && (trak->dts_at_seg_start != traf->tfdt->baseMediaDecodeTime)) { s32 drift = (s32) ((s64) traf->tfdt->baseMediaDecodeTime - (s64)trak->dts_at_seg_start); if (drift<0) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Warning: TFDT timing ""LLD"" less than cumulated timing ""LLD"" - using tfdt\n"", traf->tfdt->baseMediaDecodeTime, trak->dts_at_seg_start )); } else { GF_LOG(GF_LOG_INFO, GF_LOG_CONTAINER, (""[iso file] TFDT timing ""LLD"" higher than cumulated timing ""LLD"" (last sample got extended in duration)\n"", traf->tfdt->baseMediaDecodeTime, trak->dts_at_seg_start )); } } #endif trak->dts_at_seg_start = traf->tfdt->baseMediaDecodeTime; } else if (traf->tfxd) { trak->dts_at_seg_start = traf->tfxd->absolute_time_in_track_timescale; } if (traf->tfxd) { trak->last_tfxd_value = traf->tfxd->absolute_time_in_track_timescale; trak->last_tfxd_value += traf->tfxd->fragment_duration_in_track_timescale; } if (traf->tfrf) { if (trak->tfrf) gf_isom_box_del_parent(&trak->child_boxes, (GF_Box *)trak->tfrf); trak->tfrf = traf->tfrf; gf_list_del_item(traf->child_boxes, traf->tfrf); gf_list_add(trak->child_boxes, trak->tfrf); } if (trak->moov->mov->signal_frag_bounds) { store_traf_map = GF_TRUE; if (is_first_merge) { GF_MovieFragmentBox *moof_clone = NULL; gf_isom_box_freeze_order((GF_Box *)moof_box); gf_isom_clone_box((GF_Box *)moof_box, (GF_Box **)&moof_clone); if (moof_clone) { GF_BitStream *bs; for (i=0; iTrackList); i++) { GF_TrackFragmentBox *traf_clone = gf_list_get(moof_clone->TrackList, i); gf_isom_box_array_reset_parent(&traf_clone->child_boxes, traf_clone->TrackRuns); gf_isom_box_array_reset_parent(&traf_clone->child_boxes, traf_clone->sampleGroups); gf_isom_box_array_reset_parent(&traf_clone->child_boxes, traf_clone->sampleGroupsDescription); gf_isom_box_array_reset_parent(&traf_clone->child_boxes, traf_clone->sub_samples); gf_isom_box_array_reset_parent(&traf_clone->child_boxes, traf_clone->sai_offsets); gf_isom_box_array_reset_parent(&traf_clone->child_boxes, traf_clone->sai_sizes); if (traf_clone->sample_encryption) { gf_isom_box_del_parent(&traf_clone->child_boxes, (GF_Box *) traf_clone->sample_encryption); traf_clone->sample_encryption = NULL; } if (traf_clone->sdtp) { gf_isom_box_del_parent(&traf_clone->child_boxes, (GF_Box *) traf_clone->sdtp); traf_clone->sdtp = NULL; } } gf_isom_box_size((GF_Box *)moof_clone); bs = gf_bs_new(NULL, 0, GF_BITSTREAM_WRITE); if (trak->moov->mov->seg_styp) { gf_isom_box_size(trak->moov->mov->seg_styp); gf_isom_box_write(trak->moov->mov->seg_styp, bs); } if (trak->moov->mov->root_sidx) { gf_isom_box_size((GF_Box *)trak->moov->mov->root_sidx); gf_isom_box_write((GF_Box *)trak->moov->mov->root_sidx, bs); } if (trak->moov->mov->seg_ssix) { gf_isom_box_size(trak->moov->mov->seg_ssix); gf_isom_box_write(trak->moov->mov->seg_ssix, bs); } gf_isom_box_write((GF_Box *)moof_clone, bs); gf_isom_box_del((GF_Box*)moof_clone); gf_bs_get_content(bs, &moof_template, &moof_template_size); gf_bs_del(bs); } } if (trak->moov->mov->seg_styp) { is_seg_start = GF_TRUE; seg_start = trak->moov->mov->styp_start_offset; } if (trak->moov->mov->root_sidx) { is_seg_start = GF_TRUE; sidx_start = trak->moov->mov->sidx_start_offset; sidx_end = trak->moov->mov->sidx_end_offset; if (! seg_start || (sidx_startmoov->mov->current_top_box_start; } else if (trak->moov->mov->store_traf_map) { store_traf_map = GF_TRUE; } sample_index = 0; i=0; while ((trun = (GF_TrackFragmentRunBox *)gf_list_enum(traf->TrackRuns, &i))) { for (j=0; jsample_count; j++) { GF_Err e; s32 cts_offset=0; if (jnb_samples) { ent = &trun->samples[j]; } else { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Track %d doesn't have enough trun entries (%d) compared to sample count (%d) in run\n"", traf->trex->trackID, trun->nb_samples, trun->sample_count )); break; } size = def_size; duration = def_duration; flags = def_flags; cts_offset = ent->CTS_Offset; #ifdef GF_ENABLE_CTRN if (trun->use_ctrn) { if (!j && (trun->ctrn_flags & GF_ISOM_CTRN_FIRST_SAMPLE) ) { if (trun->ctrn_first_dur) duration = ent->Duration; if (trun->ctrn_first_size) size = ent->size; if (trun->ctrn_first_ctts) flags = ent->flags; } else { if (trun->ctrn_dur) duration = ent->Duration; if (trun->ctrn_size) size = ent->size; if (trun->ctrn_sample_flags) flags = ent->flags; } if (trun->ctrn_flags & 0xF0) { GF_TrunEntry *ref_entry; if (!traf_ref) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Track %d use traf inheritance to track ID %d but reference traf not found\n"", traf->trex->trackID, traf->trex->inherit_from_traf_id )); break; } ref_entry = traf_get_sample_entry(traf_ref, sample_index); if (!ref_entry) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Track %d use traf inheritance but sample %d not found in reference traf\n"", traf->trex->trackID, sample_index+1 )); break; } if (trun->ctrn_flags & GF_ISOM_CTRN_INHERIT_DUR) duration = ref_entry->Duration; if (trun->ctrn_flags & GF_ISOM_CTRN_INHERIT_SIZE) size = ref_entry->size; if (trun->ctrn_flags & GF_ISOM_CTRN_INHERIT_FLAGS) flags = ref_entry->flags; if (trun->ctrn_flags & GF_ISOM_CTRN_INHERIT_CTSO) cts_offset = ref_entry->CTS_Offset; } } else #endif { if (trun->flags & GF_ISOM_TRUN_DURATION) duration = ent->Duration; if (trun->flags & GF_ISOM_TRUN_SIZE) size = ent->size; if (trun->flags & GF_ISOM_TRUN_FLAGS) { flags = ent->flags; } else if (!j && (trun->flags & GF_ISOM_TRUN_FIRST_FLAG)) { flags = trun->first_sample_flags; } } sample_index++; ent->size = size; ent->Duration = duration; ent->flags = flags; ent->CTS_Offset = cts_offset; last_dts += duration; if (!trak->Media->information->sampleTable->SampleSize) { trak->Media->information->sampleTable->SampleSize = (GF_SampleSizeBox *) gf_isom_box_new_parent(&trak->Media->information->sampleTable->child_boxes, GF_ISOM_BOX_TYPE_STSZ); if (!trak->Media->information->sampleTable->SampleSize) return GF_OUT_OF_MEM; } e = stbl_AppendSize(trak->Media->information->sampleTable, size, ent->nb_pack); if (e) return e; if (!trak->Media->information->sampleTable->TimeToSample) { trak->Media->information->sampleTable->TimeToSample = (GF_TimeToSampleBox *) gf_isom_box_new_parent(&trak->Media->information->sampleTable->child_boxes, GF_ISOM_BOX_TYPE_STTS); if (!trak->Media->information->sampleTable->TimeToSample) return GF_OUT_OF_MEM; } e = stbl_AppendTime(trak->Media->information->sampleTable, duration, ent->nb_pack); if (e) return e; if (!j) { u64 final_offset; data_offset = base_offset; if (trun->flags & GF_ISOM_TRUN_DATA_OFFSET) { data_offset += trun->data_offset; chunk_size = 0; prev_trun_data_offset = trun->data_offset; if (trun->data_offset>=0) { data_offset -= compressed_diff; prev_trun_data_offset -= compressed_diff; } } else if (prev_trun_data_offset) { data_offset += prev_trun_data_offset + chunk_size; } else { data_offset += chunk_size; if ((i==1) && (trun->data_offset>=0)) { data_offset -= compressed_diff; } } final_offset = data_offset; if (trak->moov->compressed_diff) { final_offset += trak->moov->compressed_diff; } if (!trak->Media->information->sampleTable->ChunkOffset) { trak->Media->information->sampleTable->ChunkOffset = gf_isom_box_new_parent(&trak->Media->information->sampleTable->child_boxes, GF_ISOM_BOX_TYPE_STCO); if (!trak->Media->information->sampleTable->ChunkOffset) return GF_OUT_OF_MEM; } e = stbl_AppendChunk(trak->Media->information->sampleTable, final_offset); if (e) return e; if (!trak->Media->information->sampleTable->SampleToChunk) { trak->Media->information->sampleTable->SampleToChunk = (GF_SampleToChunkBox *) gf_isom_box_new_parent(&trak->Media->information->sampleTable->child_boxes, GF_ISOM_BOX_TYPE_STSC); if (!trak->Media->information->sampleTable->SampleToChunk) return GF_OUT_OF_MEM; } e = stbl_AppendSampleToChunk(trak->Media->information->sampleTable, DescIndex, trun->sample_count); if (e) return e; } chunk_size += size; if (store_traf_map && first_samp_in_traf) { first_samp_in_traf = GF_FALSE; e = stbl_AppendTrafMap(trak->Media->information->sampleTable, is_seg_start, seg_start, frag_start, moof_template, moof_template_size, sidx_start, sidx_end); if (e) return e; moof_template = NULL; moof_template_size = 0; } if (ent->nb_pack>1) { j+= ent->nb_pack-1; traf_duration += ent->nb_pack*duration; continue; } traf_duration += duration; e = stbl_AppendCTSOffset(trak->Media->information->sampleTable, cts_offset); if (e) return e; sync = GF_ISOM_GET_FRAG_SYNC(flags); if (trak->Media->information->sampleTable->no_sync_found && sync) { trak->Media->information->sampleTable->no_sync_found = 0; } e = stbl_AppendRAP(trak->Media->information->sampleTable, sync); if (e) return e; pad = GF_ISOM_GET_FRAG_PAD(flags); if (pad) { e = stbl_AppendPadding(trak->Media->information->sampleTable, pad); if (e) return e; } degr = GF_ISOM_GET_FRAG_DEG(flags); if (degr) { e = stbl_AppendDegradation(trak->Media->information->sampleTable, degr); if (e) return e; } e = stbl_AppendDependencyType(trak->Media->information->sampleTable, GF_ISOM_GET_FRAG_LEAD(flags), GF_ISOM_GET_FRAG_DEPENDS(flags), GF_ISOM_GET_FRAG_DEPENDED(flags), GF_ISOM_GET_FRAG_REDUNDANT(flags)); if (e) return e; } } if (trak->moov->mov->is_smooth && !traf->tfdt && !traf->tfxd) { if (is_first_merge) trak->dts_at_seg_start = trak->dts_at_next_seg_start; trak->dts_at_next_seg_start += last_dts; } if (traf_duration && trak->editBox && trak->editBox->editList) { for (i=0; ieditBox->editList->entryList); i++) { GF_EdtsEntry *edts_e = gf_list_get(trak->editBox->editList->entryList, i); if (edts_e->was_empty_dur) { u64 extend_dur = traf_duration; extend_dur *= trak->moov->mvhd->timeScale; extend_dur /= trak->Media->mediaHeader->timeScale; edts_e->segmentDuration += extend_dur; } else if (!edts_e->segmentDuration) { edts_e->was_empty_dur = GF_TRUE; if ((s64) traf_duration > edts_e->mediaTime) traf_duration -= edts_e->mediaTime; else traf_duration = 0; edts_e->segmentDuration = traf_duration; edts_e->segmentDuration *= trak->moov->mvhd->timeScale; edts_e->segmentDuration /= trak->Media->mediaHeader->timeScale; } } } *cumulated_offset = data_offset + chunk_size; if (traf->sampleGroups) { GF_List *groups; GF_List *groupDescs; Bool is_identical_sgpd = GF_TRUE; u32 *new_idx = NULL, new_idx_count=0; if (!trak->Media->information->sampleTable->sampleGroups) trak->Media->information->sampleTable->sampleGroups = gf_list_new(); if (!trak->Media->information->sampleTable->sampleGroupsDescription) trak->Media->information->sampleTable->sampleGroupsDescription = gf_list_new(); groupDescs = trak->Media->information->sampleTable->sampleGroupsDescription; for (i=0; isampleGroupsDescription); i++) { GF_SampleGroupDescriptionBox *new_sgdesc = NULL; GF_SampleGroupDescriptionBox *sgdesc = gf_list_get(traf->sampleGroupsDescription, i); for (j=0; jgrouping_type==sgdesc->grouping_type) break; new_sgdesc = NULL; } if (!new_sgdesc) { gf_list_add(groupDescs, sgdesc); gf_list_add(trak->Media->information->sampleTable->child_boxes, sgdesc); gf_list_rem(traf->sampleGroupsDescription, i); gf_list_del_item(traf->child_boxes, sgdesc); i--; } else { u32 count; is_identical_sgpd = gf_isom_is_identical_sgpd(new_sgdesc, sgdesc, 0); if (is_identical_sgpd) continue; new_idx_count = gf_list_count(sgdesc->group_descriptions); new_idx = (u32 *)gf_malloc(new_idx_count * sizeof(u32)); if (!new_idx) return GF_OUT_OF_MEM; count = 0; while (gf_list_count(sgdesc->group_descriptions)) { void *sgpd_entry = gf_list_get(sgdesc->group_descriptions, 0); Bool new_entry = GF_TRUE; for (j = 0; j < gf_list_count(new_sgdesc->group_descriptions); j++) { void *ptr = gf_list_get(new_sgdesc->group_descriptions, j); if (gf_isom_is_identical_sgpd(sgpd_entry, ptr, new_sgdesc->grouping_type)) { new_idx[count] = j + 1; count ++; new_entry = GF_FALSE; gf_free(sgpd_entry); break; } } if (new_entry) { gf_list_add(new_sgdesc->group_descriptions, sgpd_entry); new_idx[count] = gf_list_count(new_sgdesc->group_descriptions); count ++; } gf_list_rem(sgdesc->group_descriptions, 0); } } } groups = trak->Media->information->sampleTable->sampleGroups; for (i=0; isampleGroups); i++) { GF_SampleGroupBox *stbl_group = NULL; GF_SampleGroupBox *frag_group = gf_list_get(traf->sampleGroups, i); for (j=0; jgrouping_type==stbl_group->grouping_type) && (frag_group->grouping_type_parameter==stbl_group->grouping_type_parameter)) break; stbl_group = NULL; } if (!stbl_group) { stbl_group = (GF_SampleGroupBox *) gf_isom_box_new_parent(&trak->Media->information->sampleTable->child_boxes, GF_ISOM_BOX_TYPE_SBGP); if (!stbl_group) return GF_OUT_OF_MEM; stbl_group->grouping_type = frag_group->grouping_type; stbl_group->grouping_type_parameter = frag_group->grouping_type_parameter; stbl_group->version = frag_group->version; gf_list_add(groups, stbl_group); } if (is_identical_sgpd) { for (j = 0; j < frag_group->entry_count; j++) frag_group->sample_entries[j].group_description_index &= 0x0FFFF; if (frag_group->entry_count && stbl_group->entry_count && (frag_group->sample_entries[0].group_description_index==stbl_group->sample_entries[stbl_group->entry_count-1].group_description_index) ) { stbl_group->sample_entries[stbl_group->entry_count - 1].sample_count += frag_group->sample_entries[0].sample_count; if (frag_group->entry_count>1) { stbl_group->sample_entries = gf_realloc(stbl_group->sample_entries, sizeof(GF_SampleGroupEntry) * (stbl_group->entry_count + frag_group->entry_count - 1)); memcpy(&stbl_group->sample_entries[stbl_group->entry_count], &frag_group->sample_entries[1], sizeof(GF_SampleGroupEntry) * (frag_group->entry_count - 1)); stbl_group->entry_count += frag_group->entry_count - 1; } } else { stbl_group->sample_entries = gf_realloc(stbl_group->sample_entries, sizeof(GF_SampleGroupEntry) * (stbl_group->entry_count + frag_group->entry_count)); memcpy(&stbl_group->sample_entries[stbl_group->entry_count], &frag_group->sample_entries[0], sizeof(GF_SampleGroupEntry) * frag_group->entry_count); stbl_group->entry_count += frag_group->entry_count; } } else { stbl_group->sample_entries = gf_realloc(stbl_group->sample_entries, sizeof(GF_SampleGroupEntry) * (stbl_group->entry_count + frag_group->entry_count)); for (j = 0; j < frag_group->entry_count; j++) { u32 sgidx = frag_group->sample_entries[j].group_description_index; if (sgidx > 0x10000) { sgidx -= 0x10001; if (sgidx>=new_idx_count) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[isobmf] corrupted sample group index in fragment %d but only %d group descriptions in fragment\n"", sgidx, new_idx_count)); } else { frag_group->sample_entries[j].group_description_index = new_idx[sgidx]; } } } memcpy(&stbl_group->sample_entries[stbl_group->entry_count], &frag_group->sample_entries[0], sizeof(GF_SampleGroupEntry) * frag_group->entry_count); stbl_group->entry_count += frag_group->entry_count; } } if (new_idx) gf_free(new_idx); } track_num = gf_isom_get_tracknum_from_id(trak->moov, trak->Header->trackID); if (gf_isom_is_cenc_media(trak->moov->mov, track_num, DescIndex) || traf->sample_encryption) { GF_SampleEncryptionBox *senc = NULL; u32 scheme_type; gf_isom_get_cenc_info(trak->moov->mov, track_num, DescIndex, NULL, &scheme_type, NULL); if (traf->sample_encryption) { for (i = 0; i < gf_list_count(trak->Media->information->sampleTable->child_boxes); i++) { GF_Box *a = (GF_Box *)gf_list_get(trak->Media->information->sampleTable->child_boxes, i); if (a->type != traf->sample_encryption->type) continue; if ((a->type ==GF_ISOM_BOX_TYPE_UUID) && (((GF_UUIDBox *)a)->internal_4cc == GF_ISOM_BOX_UUID_PSEC)) { senc = (GF_SampleEncryptionBox *)a; break; } else if (a->type ==GF_ISOM_BOX_TYPE_SENC) { senc = (GF_SampleEncryptionBox *)a; break; } } if (!senc && trak->sample_encryption) senc = trak->sample_encryption; if (!senc) { if (traf->sample_encryption->piff_type==1) { senc = (GF_SampleEncryptionBox *)gf_isom_create_piff_psec_box(1, 0x2, 0, 0, NULL); } else { senc = gf_isom_create_samp_enc_box(1, 0x2); } if (!trak->Media->information->sampleTable->child_boxes) trak->Media->information->sampleTable->child_boxes = gf_list_new(); trak->sample_encryption = senc; if (!trak->child_boxes) trak->child_boxes = gf_list_new(); gf_list_add(trak->child_boxes, senc); } } if (gf_isom_cenc_has_saiz_saio_traf(traf, scheme_type)) { u32 nb_saio; u32 aux_info_type; u64 offset; GF_Err e; Bool is_encrypted; GF_SampleAuxiliaryInfoOffsetBox *saio = NULL; GF_SampleAuxiliaryInfoSizeBox *saiz = NULL; offset = nb_saio = 0; for (i = 0; i < gf_list_count(traf->sai_offsets); i++) { saio = (GF_SampleAuxiliaryInfoOffsetBox *)gf_list_get(traf->sai_offsets, i); aux_info_type = saio->aux_info_type; if (!aux_info_type) aux_info_type = scheme_type; if ((aux_info_type == GF_ISOM_CENC_SCHEME) || (aux_info_type == GF_ISOM_CBC_SCHEME) || (aux_info_type == GF_ISOM_CENS_SCHEME) || (aux_info_type == GF_ISOM_CBCS_SCHEME) || (gf_list_count(traf->sai_offsets) == 1)) { offset = saio->offsets[0] + moof_offset; nb_saio = saio->entry_count; break; } } for (i = 0; i < gf_list_count(traf->sai_sizes); i++) { saiz = (GF_SampleAuxiliaryInfoSizeBox *)gf_list_get(traf->sai_sizes, i); aux_info_type = saiz->aux_info_type; if (!aux_info_type) aux_info_type = scheme_type; if ((aux_info_type == GF_ISOM_CENC_SCHEME) || (aux_info_type == GF_ISOM_CBC_SCHEME) || (aux_info_type == GF_ISOM_CENS_SCHEME) || (aux_info_type == GF_ISOM_CBCS_SCHEME) || (gf_list_count(traf->sai_sizes) == 1)) { break; } } if (saiz && saio && senc) { for (i = 0; i < saiz->sample_count; i++) { GF_CENCSampleAuxInfo *sai; const u8 *key_info=NULL; u32 key_info_size; u64 cur_position; if (nb_saio != 1) offset = saio->offsets[i] + moof_offset; size = saiz->default_sample_info_size ? saiz->default_sample_info_size : saiz->sample_info_size[i]; cur_position = gf_bs_get_position(trak->moov->mov->movieFileMap->bs); gf_bs_seek(trak->moov->mov->movieFileMap->bs, offset); GF_SAFEALLOC(sai, GF_CENCSampleAuxInfo); if (!sai) return GF_OUT_OF_MEM; e = gf_isom_get_sample_cenc_info_internal(trak, traf, senc, i+1, &is_encrypted, NULL, NULL, &key_info, &key_info_size); if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[isobmf] could not get cenc info for sample %d: %s\n"", i+1, gf_error_to_string(e) )); return e; } if (is_encrypted) { sai->cenc_data_size = size; sai->cenc_data = gf_malloc(sizeof(u8)*size); if (!sai->cenc_data) return GF_OUT_OF_MEM; gf_bs_read_data(trak->moov->mov->movieFileMap->bs, sai->cenc_data, sai->cenc_data_size); } else { sai->isNotProtected=1; } if (key_info) { if (!key_info[0]) { if (size > key_info[3]) senc->flags = 0x00000002; } else { senc->flags = 0x00000002; } } gf_bs_seek(trak->moov->mov->movieFileMap->bs, cur_position); gf_list_add(senc->samp_aux_info, sai); e = gf_isom_cenc_merge_saiz_saio(senc, trak->Media->information->sampleTable, offset, size); if (e) return e; if (nb_saio == 1) offset += size; } } } else if (traf->sample_encryption) { senc_Parse(trak->moov->mov->movieFileMap->bs, trak, traf, traf->sample_encryption); trak->sample_encryption->AlgorithmID = traf->sample_encryption->AlgorithmID; if (!trak->sample_encryption->IV_size) trak->sample_encryption->IV_size = traf->sample_encryption->IV_size; if (!trak->sample_encryption->samp_aux_info) trak->sample_encryption->samp_aux_info = gf_list_new(); gf_list_transfer(trak->sample_encryption->samp_aux_info, traf->sample_encryption->samp_aux_info); if (traf->sample_encryption->flags & 0x00000002) trak->sample_encryption->flags |= 0x00000002; } } return GF_OK; }",visit repo url,src/isomedia/track.c,https://github.com/gpac/gpac,84320125505199,1 1209,['CWE-189'],static inline int hrtimer_is_hres_enabled(void) { return 0; },linux-2.6,,,203957672443577655716925986255778394706,0 1904,['CWE-20'],"int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) { pmd_t *new = pmd_alloc_one(mm, address); if (!new) return -ENOMEM; smp_wmb(); spin_lock(&mm->page_table_lock); #ifndef __ARCH_HAS_4LEVEL_HACK if (pud_present(*pud)) pmd_free(mm, new); else pud_populate(mm, pud, new); #else if (pgd_present(*pud)) pmd_free(mm, new); else pgd_populate(mm, pud, new); #endif spin_unlock(&mm->page_table_lock); return 0; }",linux-2.6,,,117247759351616064298608107904726274411,0 756,CWE-20,"static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct ipx_sock *ipxs = ipx_sk(sk); struct sockaddr_ipx *sipx = (struct sockaddr_ipx *)msg->msg_name; struct ipxhdr *ipx = NULL; struct sk_buff *skb; int copied, rc; lock_sock(sk); if (!ipxs->port) { struct sockaddr_ipx uaddr; uaddr.sipx_port = 0; uaddr.sipx_network = 0; #ifdef CONFIG_IPX_INTERN rc = -ENETDOWN; if (!ipxs->intrfc) goto out; memcpy(uaddr.sipx_node, ipxs->intrfc->if_node, IPX_NODE_LEN); #endif rc = __ipx_bind(sock, (struct sockaddr *)&uaddr, sizeof(struct sockaddr_ipx)); if (rc) goto out; } rc = -ENOTCONN; if (sock_flag(sk, SOCK_ZAPPED)) goto out; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); if (!skb) goto out; ipx = ipx_hdr(skb); copied = ntohs(ipx->ipx_pktsize) - sizeof(struct ipxhdr); if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } rc = skb_copy_datagram_iovec(skb, sizeof(struct ipxhdr), msg->msg_iov, copied); if (rc) goto out_free; if (skb->tstamp.tv64) sk->sk_stamp = skb->tstamp; msg->msg_namelen = sizeof(*sipx); if (sipx) { sipx->sipx_family = AF_IPX; sipx->sipx_port = ipx->ipx_source.sock; memcpy(sipx->sipx_node, ipx->ipx_source.node, IPX_NODE_LEN); sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net; sipx->sipx_type = ipx->ipx_type; sipx->sipx_zero = 0; } rc = copied; out_free: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/ipx/af_ipx.c,https://github.com/torvalds/linux,233280970032934,1 2418,CWE-119,"static int process_line(URLContext *h, char *line, int line_count, int *new_location) { HTTPContext *s = h->priv_data; const char *auto_method = h->flags & AVIO_FLAG_READ ? ""POST"" : ""GET""; char *tag, *p, *end, *method, *resource, *version; int ret; if (line[0] == '\0') { s->end_header = 1; return 0; } p = line; if (line_count == 0) { if (s->is_connected_server) { method = p; while (*p && !av_isspace(*p)) p++; *(p++) = '\0'; av_log(h, AV_LOG_TRACE, ""Received method: %s\n"", method); if (s->method) { if (av_strcasecmp(s->method, method)) { av_log(h, AV_LOG_ERROR, ""Received and expected HTTP method do not match. (%s expected, %s received)\n"", s->method, method); return ff_http_averror(400, AVERROR(EIO)); } } else { av_log(h, AV_LOG_TRACE, ""Autodetected %s HTTP method\n"", auto_method); if (av_strcasecmp(auto_method, method)) { av_log(h, AV_LOG_ERROR, ""Received and autodetected HTTP method did not match "" ""(%s autodetected %s received)\n"", auto_method, method); return ff_http_averror(400, AVERROR(EIO)); } if (!(s->method = av_strdup(method))) return AVERROR(ENOMEM); } while (av_isspace(*p)) p++; resource = p; while (!av_isspace(*p)) p++; *(p++) = '\0'; av_log(h, AV_LOG_TRACE, ""Requested resource: %s\n"", resource); if (!(s->resource = av_strdup(resource))) return AVERROR(ENOMEM); while (av_isspace(*p)) p++; version = p; while (*p && !av_isspace(*p)) p++; *p = '\0'; if (av_strncasecmp(version, ""HTTP/"", 5)) { av_log(h, AV_LOG_ERROR, ""Malformed HTTP version string.\n""); return ff_http_averror(400, AVERROR(EIO)); } av_log(h, AV_LOG_TRACE, ""HTTP version string: %s\n"", version); } else { while (!av_isspace(*p) && *p != '\0') p++; while (av_isspace(*p)) p++; s->http_code = strtol(p, &end, 10); av_log(h, AV_LOG_TRACE, ""http_code=%d\n"", s->http_code); if ((ret = check_http_code(h, s->http_code, end)) < 0) return ret; } } else { while (*p != '\0' && *p != ':') p++; if (*p != ':') return 1; *p = '\0'; tag = line; p++; while (av_isspace(*p)) p++; if (!av_strcasecmp(tag, ""Location"")) { if ((ret = parse_location(s, p)) < 0) return ret; *new_location = 1; } else if (!av_strcasecmp(tag, ""Content-Length"") && s->filesize == -1) { s->filesize = strtoll(p, NULL, 10); } else if (!av_strcasecmp(tag, ""Content-Range"")) { parse_content_range(h, p); } else if (!av_strcasecmp(tag, ""Accept-Ranges"") && !strncmp(p, ""bytes"", 5) && s->seekable == -1) { h->is_streamed = 0; } else if (!av_strcasecmp(tag, ""Transfer-Encoding"") && !av_strncasecmp(p, ""chunked"", 7)) { s->filesize = -1; s->chunksize = 0; } else if (!av_strcasecmp(tag, ""WWW-Authenticate"")) { ff_http_auth_handle_header(&s->auth_state, tag, p); } else if (!av_strcasecmp(tag, ""Authentication-Info"")) { ff_http_auth_handle_header(&s->auth_state, tag, p); } else if (!av_strcasecmp(tag, ""Proxy-Authenticate"")) { ff_http_auth_handle_header(&s->proxy_auth_state, tag, p); } else if (!av_strcasecmp(tag, ""Connection"")) { if (!strcmp(p, ""close"")) s->willclose = 1; } else if (!av_strcasecmp(tag, ""Server"")) { if (!av_strcasecmp(p, ""AkamaiGHost"")) { s->is_akamai = 1; } else if (!av_strncasecmp(p, ""MediaGateway"", 12)) { s->is_mediagateway = 1; } } else if (!av_strcasecmp(tag, ""Content-Type"")) { av_free(s->mime_type); s->mime_type = av_strdup(p); } else if (!av_strcasecmp(tag, ""Set-Cookie"")) { if (parse_cookie(s, p, &s->cookie_dict)) av_log(h, AV_LOG_WARNING, ""Unable to parse '%s'\n"", p); } else if (!av_strcasecmp(tag, ""Icy-MetaInt"")) { s->icy_metaint = strtoll(p, NULL, 10); } else if (!av_strncasecmp(tag, ""Icy-"", 4)) { if ((ret = parse_icy(s, tag, p)) < 0) return ret; } else if (!av_strcasecmp(tag, ""Content-Encoding"")) { if ((ret = parse_content_encoding(h, p)) < 0) return ret; } } return 1; }",visit repo url,libavformat/http.c,https://github.com/FFmpeg/FFmpeg,268337533573676,1 3614,[],"rtc_dev_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { struct rtc_device *rtc = file->private_data; DECLARE_WAITQUEUE(wait, current); unsigned long data; ssize_t ret; if (count != sizeof(unsigned int) && count < sizeof(unsigned long)) return -EINVAL; add_wait_queue(&rtc->irq_queue, &wait); do { __set_current_state(TASK_INTERRUPTIBLE); spin_lock_irq(&rtc->irq_lock); data = rtc->irq_data; rtc->irq_data = 0; spin_unlock_irq(&rtc->irq_lock); if (data != 0) { ret = 0; break; } if (file->f_flags & O_NONBLOCK) { ret = -EAGAIN; break; } if (signal_pending(current)) { ret = -ERESTARTSYS; break; } schedule(); } while (1); set_current_state(TASK_RUNNING); remove_wait_queue(&rtc->irq_queue, &wait); if (ret == 0) { if (rtc->ops->read_callback) data = rtc->ops->read_callback(rtc->dev.parent, data); if (sizeof(int) != sizeof(long) && count == sizeof(unsigned int)) ret = put_user(data, (unsigned int __user *)buf) ?: sizeof(unsigned int); else ret = put_user(data, (unsigned long __user *)buf) ?: sizeof(unsigned long); } return ret; }",linux-2.6,,,225982826311428255110719575821807753240,0 231,CWE-285,"int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type) { struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode); int error = 0; void *value = NULL; size_t size = 0; const char *name = NULL; switch (type) { case ACL_TYPE_ACCESS: name = XATTR_NAME_POSIX_ACL_ACCESS; if (acl) { umode_t mode = inode->i_mode; error = posix_acl_equiv_mode(acl, &mode); if (error < 0) { gossip_err(""%s: posix_acl_equiv_mode err: %d\n"", __func__, error); return error; } if (inode->i_mode != mode) SetModeFlag(orangefs_inode); inode->i_mode = mode; mark_inode_dirty_sync(inode); if (error == 0) acl = NULL; } break; case ACL_TYPE_DEFAULT: name = XATTR_NAME_POSIX_ACL_DEFAULT; break; default: gossip_err(""%s: invalid type %d!\n"", __func__, type); return -EINVAL; } gossip_debug(GOSSIP_ACL_DEBUG, ""%s: inode %pU, key %s type %d\n"", __func__, get_khandle_from_ino(inode), name, type); if (acl) { size = posix_acl_xattr_size(acl->a_count); value = kmalloc(size, GFP_KERNEL); if (!value) return -ENOMEM; error = posix_acl_to_xattr(&init_user_ns, acl, value, size); if (error < 0) goto out; } gossip_debug(GOSSIP_ACL_DEBUG, ""%s: name %s, value %p, size %zd, acl %p\n"", __func__, name, value, size, acl); error = orangefs_inode_setxattr(inode, name, value, size, 0); out: kfree(value); if (!error) set_cached_acl(inode, type, acl); return error; }",visit repo url,fs/orangefs/acl.c,https://github.com/torvalds/linux,103560133000432,1 4355,['CWE-399'],"long keyctl_set_timeout(key_serial_t id, unsigned timeout) { struct timespec now; struct key *key; key_ref_t key_ref; time_t expiry; long ret; key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); goto error; } key = key_ref_to_ptr(key_ref); down_write(&key->sem); expiry = 0; if (timeout > 0) { now = current_kernel_time(); expiry = now.tv_sec + timeout; } key->expiry = expiry; up_write(&key->sem); key_put(key); ret = 0; error: return ret; } ",linux-2.6,,,114129757239777492258471050386998908784,0 2846,['CWE-119'],"nfs4_acl_new(int n) { struct nfs4_acl *acl; acl = kmalloc(sizeof(*acl) + n*sizeof(struct nfs4_ace), GFP_KERNEL); if (acl == NULL) return NULL; acl->naces = 0; return acl; }",linux-2.6,,,130926391402208470616289093730597899407,0 6210,['CWE-200'],"void __init rtnetlink_init(void) { int i; rtattr_max = 0; for (i = 0; i < ARRAY_SIZE(rta_max); i++) if (rta_max[i] > rtattr_max) rtattr_max = rta_max[i]; rta_buf = kmalloc(rtattr_max * sizeof(struct rtattr *), GFP_KERNEL); if (!rta_buf) panic(""rtnetlink_init: cannot allocate rta_buf\n""); rtnl = netlink_kernel_create(NETLINK_ROUTE, rtnetlink_rcv); if (rtnl == NULL) panic(""rtnetlink_init: cannot initialize rtnetlink\n""); netlink_set_nonroot(NETLINK_ROUTE, NL_NONROOT_RECV); register_netdevice_notifier(&rtnetlink_dev_notifier); rtnetlink_links[PF_UNSPEC] = link_rtnetlink_table; rtnetlink_links[PF_PACKET] = link_rtnetlink_table; }",linux-2.6,,,314288940762538640042523102932489636827,0 3656,CWE-125,"static void sycc444_to_rgb(opj_image_t *img) { int *d0, *d1, *d2, *r, *g, *b; const int *y, *cb, *cr; unsigned int maxw, maxh, max, i; int offset, upb; upb = (int)img->comps[0].prec; offset = 1<<(upb - 1); upb = (1<comps[0].w; maxh = (unsigned int)img->comps[0].h; max = maxw * maxh; y = img->comps[0].data; cb = img->comps[1].data; cr = img->comps[2].data; d0 = r = (int*)malloc(sizeof(int) * (size_t)max); d1 = g = (int*)malloc(sizeof(int) * (size_t)max); d2 = b = (int*)malloc(sizeof(int) * (size_t)max); if(r == NULL || g == NULL || b == NULL) goto fails; for(i = 0U; i < max; ++i) { sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); ++y; ++cb; ++cr; ++r; ++g; ++b; } free(img->comps[0].data); img->comps[0].data = d0; free(img->comps[1].data); img->comps[1].data = d1; free(img->comps[2].data); img->comps[2].data = d2; return; fails: if(r) free(r); if(g) free(g); if(b) free(b); } ",visit repo url,src/bin/common/color.c,https://github.com/uclouvain/openjpeg,239038918978785,1 3462,CWE-362,"int mi_repair_by_sort(MI_CHECK *param, register MI_INFO *info, const char * name, int rep_quick) { int got_error; uint i; ulong length; ha_rows start_records; my_off_t new_header_length,del; File new_file; MI_SORT_PARAM sort_param; MYISAM_SHARE *share=info->s; HA_KEYSEG *keyseg; ulong *rec_per_key_part; char llbuff[22]; SORT_INFO sort_info; ulonglong UNINIT_VAR(key_map); DBUG_ENTER(""mi_repair_by_sort""); start_records=info->state->records; got_error=1; new_file= -1; new_header_length=(param->testflag & T_UNPACK) ? 0 : share->pack.header_length; if (!(param->testflag & T_SILENT)) { printf(""- recovering (with sort) MyISAM-table '%s'\n"",name); printf(""Data records: %s\n"", llstr(start_records,llbuff)); } param->testflag|=T_REP; if (info->s->options & (HA_OPTION_CHECKSUM | HA_OPTION_COMPRESS_RECORD)) param->testflag|=T_CALC_CHECKSUM; bzero((char*)&sort_info,sizeof(sort_info)); bzero((char *)&sort_param, sizeof(sort_param)); if (!(sort_info.key_block= alloc_key_blocks(param, (uint) param->sort_key_blocks, share->base.max_key_block_length)) || init_io_cache(¶m->read_cache,info->dfile, (uint) param->read_buffer_length, READ_CACHE,share->pack.header_length,1,MYF(MY_WME)) || (! rep_quick && init_io_cache(&info->rec_cache,info->dfile, (uint) param->write_buffer_length, WRITE_CACHE,new_header_length,1, MYF(MY_WME | MY_WAIT_IF_FULL) & param->myf_rw))) goto err; sort_info.key_block_end=sort_info.key_block+param->sort_key_blocks; info->opt_flag|=WRITE_CACHE_USED; info->rec_cache.file=info->dfile; if (!mi_alloc_rec_buff(info, -1, &sort_param.record) || !mi_alloc_rec_buff(info, -1, &sort_param.rec_buff)) { mi_check_print_error(param, ""Not enough memory for extra record""); goto err; } if (!rep_quick) { if ((new_file= mysql_file_create(mi_key_file_datatmp, fn_format(param->temp_filename, share->data_file_name, """", DATA_TMP_EXT, 2+4), 0, param->tmpfile_createflag, MYF(0))) < 0) { mi_check_print_error(param,""Can't create new tempfile: '%s'"", param->temp_filename); goto err; } if (new_header_length && filecopy(param, new_file,info->dfile,0L,new_header_length, ""datafile-header"")) goto err; if (param->testflag & T_UNPACK) { share->options&= ~HA_OPTION_COMPRESS_RECORD; mi_int2store(share->state.header.options,share->options); } share->state.dellink= HA_OFFSET_ERROR; info->rec_cache.file=new_file; } info->update= (short) (HA_STATE_CHANGED | HA_STATE_ROW_CHANGED); mi_drop_all_indexes(param, info, FALSE); key_map= share->state.key_map; if (param->testflag & T_CREATE_MISSING_KEYS) { key_map= ~key_map; } sort_info.info=info; sort_info.param = param; set_data_file_type(&sort_info, share); sort_param.filepos=new_header_length; sort_info.dupp=0; sort_info.buff=0; param->read_cache.end_of_file=sort_info.filelength= mysql_file_seek(param->read_cache.file, 0L, MY_SEEK_END, MYF(0)); sort_param.wordlist=NULL; init_alloc_root(&sort_param.wordroot, FTPARSER_MEMROOT_ALLOC_SIZE, 0); if (share->data_file_type == DYNAMIC_RECORD) length=max(share->base.min_pack_length+1,share->base.min_block_length); else if (share->data_file_type == COMPRESSED_RECORD) length=share->base.min_block_length; else length=share->base.pack_reclength; sort_info.max_records= ((param->testflag & T_CREATE_MISSING_KEYS) ? info->state->records : (ha_rows) (sort_info.filelength/length+1)); sort_param.key_cmp=sort_key_cmp; sort_param.lock_in_memory=lock_memory; sort_param.tmpdir=param->tmpdir; sort_param.sort_info=&sort_info; sort_param.fix_datafile= (my_bool) (! rep_quick); sort_param.master =1; del=info->state->del; param->glob_crc=0; if (param->testflag & T_CALC_CHECKSUM) sort_param.calc_checksum= 1; rec_per_key_part= param->rec_per_key_part; for (sort_param.key=0 ; sort_param.key < share->base.keys ; rec_per_key_part+=sort_param.keyinfo->keysegs, sort_param.key++) { sort_param.read_cache=param->read_cache; sort_param.keyinfo=share->keyinfo+sort_param.key; sort_param.seg=sort_param.keyinfo->seg; if (! mi_is_key_active(key_map, sort_param.key)) { memcpy((char*) rec_per_key_part, (char*) (share->state.rec_per_key_part + (uint) (rec_per_key_part - param->rec_per_key_part)), sort_param.keyinfo->keysegs*sizeof(*rec_per_key_part)); DBUG_PRINT(""repair"", (""skipping seemingly disabled index #: %u"", sort_param.key)); continue; } if ((!(param->testflag & T_SILENT))) printf (""- Fixing index %d\n"",sort_param.key+1); sort_param.max_pos=sort_param.pos=share->pack.header_length; keyseg=sort_param.seg; bzero((char*) sort_param.unique,sizeof(sort_param.unique)); sort_param.key_length=share->rec_reflength; for (i=0 ; keyseg[i].type != HA_KEYTYPE_END; i++) { sort_param.key_length+=keyseg[i].length; if (keyseg[i].flag & HA_SPACE_PACK) sort_param.key_length+=get_pack_length(keyseg[i].length); if (keyseg[i].flag & (HA_BLOB_PART | HA_VAR_LENGTH_PART)) sort_param.key_length+=2 + test(keyseg[i].length >= 127); if (keyseg[i].flag & HA_NULL_PART) sort_param.key_length++; } info->state->records=info->state->del=share->state.split=0; info->state->empty=0; if (sort_param.keyinfo->flag & HA_FULLTEXT) { uint ft_max_word_len_for_sort=FT_MAX_WORD_LEN_FOR_SORT* sort_param.keyinfo->seg->charset->mbmaxlen; sort_param.key_length+=ft_max_word_len_for_sort-HA_FT_MAXBYTELEN; if (sort_param.keyinfo->parser == &ft_default_parser) { sort_info.max_records= (ha_rows) (sort_info.filelength/ft_min_word_len+1); } else { sort_info.max_records= 10 * max(param->sort_buffer_length, MIN_SORT_BUFFER) / sort_param.key_length; } sort_param.key_read=sort_ft_key_read; sort_param.key_write=sort_ft_key_write; } else { sort_param.key_read=sort_key_read; sort_param.key_write=sort_key_write; } if (_create_index_by_sort(&sort_param, (my_bool) (!(param->testflag & T_VERBOSE)), param->sort_buffer_length)) { param->retry_repair=1; goto err; } sort_param.calc_checksum= 0; free_root(&sort_param.wordroot, MYF(0)); sort_info.max_records= (ha_rows) info->state->records; if (param->testflag & T_STATISTICS) update_key_parts(sort_param.keyinfo, rec_per_key_part, sort_param.unique, param->stats_method == MI_STATS_METHOD_IGNORE_NULLS? sort_param.notnull: NULL, (ulonglong) info->state->records); mi_set_key_active(share->state.key_map, sort_param.key); DBUG_PRINT(""repair"", (""set enabled index #: %u"", sort_param.key)); if (sort_param.fix_datafile) { param->read_cache.end_of_file=sort_param.filepos; if (write_data_suffix(&sort_info,1) || end_io_cache(&info->rec_cache)) goto err; if (param->testflag & T_SAFE_REPAIR) { if (info->state->records+1 < start_records) { info->state->records=start_records; goto err; } } share->state.state.data_file_length = info->state->data_file_length= sort_param.filepos; share->state.version=(ulong) time((time_t*) 0); mysql_file_close(info->dfile, MYF(0)); info->dfile=new_file; share->data_file_type=sort_info.new_data_file_type; share->pack.header_length=(ulong) new_header_length; sort_param.fix_datafile=0; } else info->state->data_file_length=sort_param.max_pos; param->read_cache.file=info->dfile; reinit_io_cache(¶m->read_cache,READ_CACHE,share->pack.header_length, 1,1); } if (param->testflag & T_WRITE_LOOP) { (void) fputs("" \r"",stdout); (void) fflush(stdout); } if (rep_quick && del+sort_info.dupp != info->state->del) { mi_check_print_error(param,""Couldn't fix table with quick recovery: Found wrong number of deleted records""); mi_check_print_error(param,""Run recovery again without -q""); got_error=1; param->retry_repair=1; param->testflag|=T_RETRY_WITHOUT_QUICK; goto err; } if (rep_quick & T_FORCE_UNIQUENESS) { my_off_t skr=info->state->data_file_length+ (share->options & HA_OPTION_COMPRESS_RECORD ? MEMMAP_EXTRA_MARGIN : 0); #ifdef USE_RELOC if (share->data_file_type == STATIC_RECORD && skr < share->base.reloc*share->base.min_pack_length) skr=share->base.reloc*share->base.min_pack_length; #endif if (skr != sort_info.filelength) if (mysql_file_chsize(info->dfile, skr, 0, MYF(0))) mi_check_print_warning(param, ""Can't change size of datafile, error: %d"", my_errno); } if (param->testflag & T_CALC_CHECKSUM) info->state->checksum=param->glob_crc; if (mysql_file_chsize(share->kfile, info->state->key_file_length, 0, MYF(0))) mi_check_print_warning(param, ""Can't change size of indexfile, error: %d"", my_errno); if (!(param->testflag & T_SILENT)) { if (start_records != info->state->records) printf(""Data records: %s\n"", llstr(info->state->records,llbuff)); if (sort_info.dupp) mi_check_print_warning(param, ""%s records have been removed"", llstr(sort_info.dupp,llbuff)); } got_error=0; if (&share->state.state != info->state) memcpy( &share->state.state, info->state, sizeof(*info->state)); err: got_error|= flush_blocks(param, share->key_cache, share->kfile); (void) end_io_cache(&info->rec_cache); if (!got_error) { if (new_file >= 0) { mysql_file_close(new_file, MYF(0)); info->dfile=new_file= -1; if (change_to_newfile(share->data_file_name,MI_NAME_DEXT, DATA_TMP_EXT, (param->testflag & T_BACKUP_DATA ? MYF(MY_REDEL_MAKE_BACKUP): MYF(0))) || mi_open_datafile(info,share,name,-1)) got_error=1; } } if (got_error) { if (! param->error_printed) mi_check_print_error(param,""%d when fixing table"",my_errno); if (new_file >= 0) { (void) mysql_file_close(new_file, MYF(0)); (void) mysql_file_delete(mi_key_file_datatmp, param->temp_filename, MYF(MY_WME)); if (info->dfile == new_file) if (unlikely(mi_open_datafile(info, share, name, -1))) param->retry_repair= 0; } mi_mark_crashed_on_repair(info); } else if (key_map == share->state.key_map) share->state.changed&= ~STATE_NOT_OPTIMIZED_KEYS; share->state.changed|=STATE_NOT_SORTED_PAGES; my_free(mi_get_rec_buff_ptr(info, sort_param.rec_buff)); my_free(mi_get_rec_buff_ptr(info, sort_param.record)); my_free(sort_info.key_block); my_free(sort_info.ft_buf); my_free(sort_info.buff); (void) end_io_cache(¶m->read_cache); info->opt_flag&= ~(READ_CACHE_USED | WRITE_CACHE_USED); if (!got_error && (param->testflag & T_UNPACK)) { share->state.header.options[0]&= (uchar) ~HA_OPTION_COMPRESS_RECORD; share->pack.header_length=0; } DBUG_RETURN(got_error); }",visit repo url,storage/myisam/mi_check.c,https://github.com/mysql/mysql-server,274033780225244,1 2017,['CWE-269'],"static int do_new_mount(struct nameidata *nd, char *type, int flags, int mnt_flags, char *name, void *data) { struct vfsmount *mnt; if (!type || !memchr(type, 0, PAGE_SIZE)) return -EINVAL; if (!capable(CAP_SYS_ADMIN)) return -EPERM; mnt = do_kern_mount(type, flags, name, data); if (IS_ERR(mnt)) return PTR_ERR(mnt); return do_add_mount(mnt, nd, mnt_flags, NULL); }",linux-2.6,,,117047445752894420741538290703029262651,0 2209,NVD-CWE-noinfo,"static void nfs_set_open_stateid_locked(struct nfs4_state *state, nfs4_stateid *stateid, int open_flags) { if (test_bit(NFS_DELEGATED_STATE, &state->flags) == 0) memcpy(state->stateid.data, stateid->data, sizeof(state->stateid.data)); memcpy(state->open_stateid.data, stateid->data, sizeof(state->open_stateid.data)); switch (open_flags) { case FMODE_READ: set_bit(NFS_O_RDONLY_STATE, &state->flags); break; case FMODE_WRITE: set_bit(NFS_O_WRONLY_STATE, &state->flags); break; case FMODE_READ|FMODE_WRITE: set_bit(NFS_O_RDWR_STATE, &state->flags); } }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,10805107681872,1 1896,CWE-203,"static char *stibp_state(void) { if (spectre_v2_in_ibrs_mode(spectre_v2_enabled)) return """"; switch (spectre_v2_user_stibp) { case SPECTRE_V2_USER_NONE: return "", STIBP: disabled""; case SPECTRE_V2_USER_STRICT: return "", STIBP: forced""; case SPECTRE_V2_USER_STRICT_PREFERRED: return "", STIBP: always-on""; case SPECTRE_V2_USER_PRCTL: case SPECTRE_V2_USER_SECCOMP: if (static_key_enabled(&switch_to_cond_stibp)) return "", STIBP: conditional""; } return """"; }",visit repo url,arch/x86/kernel/cpu/bugs.c,https://github.com/torvalds/linux,238176753254273,1 2404,CWE-119,"static int get_siz(Jpeg2000DecoderContext *s) { int i; int ncomponents; uint32_t log2_chroma_wh = 0; const enum AVPixelFormat *possible_fmts = NULL; int possible_fmts_nb = 0; if (bytestream2_get_bytes_left(&s->g) < 36) return AVERROR_INVALIDDATA; s->avctx->profile = bytestream2_get_be16u(&s->g); s->width = bytestream2_get_be32u(&s->g); s->height = bytestream2_get_be32u(&s->g); s->image_offset_x = bytestream2_get_be32u(&s->g); s->image_offset_y = bytestream2_get_be32u(&s->g); s->tile_width = bytestream2_get_be32u(&s->g); s->tile_height = bytestream2_get_be32u(&s->g); s->tile_offset_x = bytestream2_get_be32u(&s->g); s->tile_offset_y = bytestream2_get_be32u(&s->g); ncomponents = bytestream2_get_be16u(&s->g); if (ncomponents <= 0) { av_log(s->avctx, AV_LOG_ERROR, ""Invalid number of components: %d\n"", s->ncomponents); return AVERROR_INVALIDDATA; } if (ncomponents > 4) { avpriv_request_sample(s->avctx, ""Support for %d components"", s->ncomponents); return AVERROR_PATCHWELCOME; } s->ncomponents = ncomponents; if (s->tile_width <= 0 || s->tile_height <= 0) { av_log(s->avctx, AV_LOG_ERROR, ""Invalid tile dimension %dx%d.\n"", s->tile_width, s->tile_height); return AVERROR_INVALIDDATA; } if (bytestream2_get_bytes_left(&s->g) < 3 * s->ncomponents) return AVERROR_INVALIDDATA; for (i = 0; i < s->ncomponents; i++) { uint8_t x = bytestream2_get_byteu(&s->g); s->cbps[i] = (x & 0x7f) + 1; s->precision = FFMAX(s->cbps[i], s->precision); s->sgnd[i] = !!(x & 0x80); s->cdx[i] = bytestream2_get_byteu(&s->g); s->cdy[i] = bytestream2_get_byteu(&s->g); if (!s->cdx[i] || !s->cdy[i]) { av_log(s->avctx, AV_LOG_ERROR, ""Invalid sample seperation\n""); return AVERROR_INVALIDDATA; } log2_chroma_wh |= s->cdy[i] >> 1 << i * 4 | s->cdx[i] >> 1 << i * 4 + 2; } s->numXtiles = ff_jpeg2000_ceildiv(s->width - s->tile_offset_x, s->tile_width); s->numYtiles = ff_jpeg2000_ceildiv(s->height - s->tile_offset_y, s->tile_height); if (s->numXtiles * (uint64_t)s->numYtiles > INT_MAX/sizeof(*s->tile)) { s->numXtiles = s->numYtiles = 0; return AVERROR(EINVAL); } s->tile = av_mallocz_array(s->numXtiles * s->numYtiles, sizeof(*s->tile)); if (!s->tile) { s->numXtiles = s->numYtiles = 0; return AVERROR(ENOMEM); } for (i = 0; i < s->numXtiles * s->numYtiles; i++) { Jpeg2000Tile *tile = s->tile + i; tile->comp = av_mallocz(s->ncomponents * sizeof(*tile->comp)); if (!tile->comp) return AVERROR(ENOMEM); } s->avctx->width = ff_jpeg2000_ceildivpow2(s->width - s->image_offset_x, s->reduction_factor); s->avctx->height = ff_jpeg2000_ceildivpow2(s->height - s->image_offset_y, s->reduction_factor); if (s->avctx->profile == FF_PROFILE_JPEG2000_DCINEMA_2K || s->avctx->profile == FF_PROFILE_JPEG2000_DCINEMA_4K) { possible_fmts = xyz_pix_fmts; possible_fmts_nb = FF_ARRAY_ELEMS(xyz_pix_fmts); } else { switch (s->colour_space) { case 16: possible_fmts = rgb_pix_fmts; possible_fmts_nb = FF_ARRAY_ELEMS(rgb_pix_fmts); break; case 17: possible_fmts = gray_pix_fmts; possible_fmts_nb = FF_ARRAY_ELEMS(gray_pix_fmts); break; case 18: possible_fmts = yuv_pix_fmts; possible_fmts_nb = FF_ARRAY_ELEMS(yuv_pix_fmts); break; default: possible_fmts = all_pix_fmts; possible_fmts_nb = FF_ARRAY_ELEMS(all_pix_fmts); break; } } for (i = 0; i < possible_fmts_nb; ++i) { if (pix_fmt_match(possible_fmts[i], ncomponents, s->precision, log2_chroma_wh, s->pal8)) { s->avctx->pix_fmt = possible_fmts[i]; break; } } if (s->avctx->pix_fmt == AV_PIX_FMT_NONE) { av_log(s->avctx, AV_LOG_ERROR, ""Unknown pix_fmt, profile: %d, colour_space: %d, "" ""components: %d, precision: %d, "" ""cdx[1]: %d, cdy[1]: %d, cdx[2]: %d, cdy[2]: %d\n"", s->avctx->profile, s->colour_space, ncomponents, s->precision, ncomponents > 2 ? s->cdx[1] : 0, ncomponents > 2 ? s->cdy[1] : 0, ncomponents > 2 ? s->cdx[2] : 0, ncomponents > 2 ? s->cdy[2] : 0); } return 0; }",visit repo url,libavcodec/jpeg2000dec.c,https://github.com/FFmpeg/FFmpeg,27357688959426,1 1477,CWE-264,"static void perf_event_for_each(struct perf_event *event, void (*func)(struct perf_event *)) { struct perf_event_context *ctx = event->ctx; struct perf_event *sibling; WARN_ON_ONCE(ctx->parent_ctx); mutex_lock(&ctx->mutex); event = event->group_leader; perf_event_for_each_child(event, func); list_for_each_entry(sibling, &event->sibling_list, group_entry) perf_event_for_each_child(sibling, func); mutex_unlock(&ctx->mutex); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,278695379199080,1 289,[],"static int do_ncp_setobjectname(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ncp_objectname_ioctl_32 n32, __user *p32 = compat_ptr(arg); struct ncp_objectname_ioctl __user *p = compat_alloc_user_space(sizeof(*p)); if (copy_from_user(&n32, p32, sizeof(n32)) || put_user(n32.auth_type, &p->auth_type) || put_user(n32.object_name_len, &p->object_name_len) || put_user(compat_ptr(n32.object_name), &p->object_name)) return -EFAULT; return sys_ioctl(fd, NCP_IOC_SETOBJECTNAME, (unsigned long)p); }",linux-2.6,,,161933792420862116986281213679892779678,0 2639,CWE-125,"PHP_FUNCTION(locale_get_display_language) { get_icu_disp_value_src_php( LOC_LANG_TAG , INTERNAL_FUNCTION_PARAM_PASSTHRU ); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,188971647066963,1 1788,CWE-416,"static void ffs_user_copy_worker(struct work_struct *work) { struct ffs_io_data *io_data = container_of(work, struct ffs_io_data, work); int ret = io_data->req->status ? io_data->req->status : io_data->req->actual; if (io_data->read && ret > 0) { use_mm(io_data->mm); ret = copy_to_iter(io_data->buf, ret, &io_data->data); if (iov_iter_count(&io_data->data)) ret = -EFAULT; unuse_mm(io_data->mm); } io_data->kiocb->ki_complete(io_data->kiocb, ret, ret); if (io_data->ffs->ffs_eventfd && !(io_data->kiocb->ki_flags & IOCB_EVENTFD)) eventfd_signal(io_data->ffs->ffs_eventfd, 1); usb_ep_free_request(io_data->ep, io_data->req); io_data->kiocb->private = NULL; if (io_data->read) kfree(io_data->to_free); kfree(io_data->buf); kfree(io_data); }",visit repo url,drivers/usb/gadget/function/f_fs.c,https://github.com/torvalds/linux,88744563128104,1 2103,CWE-125,"static struct phy *serdes_simple_xlate(struct device *dev, struct of_phandle_args *args) { struct serdes_ctrl *ctrl = dev_get_drvdata(dev); unsigned int port, idx, i; if (args->args_count != 2) return ERR_PTR(-EINVAL); port = args->args[0]; idx = args->args[1]; for (i = 0; i <= SERDES_MAX; i++) { struct serdes_macro *macro = phy_get_drvdata(ctrl->phys[i]); if (idx != macro->idx) continue; if (idx != SERDES6G(0) && macro->port >= 0) return ERR_PTR(-EBUSY); macro->port = port; return ctrl->phys[i]; } return ERR_PTR(-ENODEV); }",visit repo url,drivers/phy/mscc/phy-ocelot-serdes.c,https://github.com/torvalds/linux,201689639059023,1 1957,['CWE-20'],"static void * __init find_section32(Elf32_Ehdr *ehdr, const char *secname, unsigned long *size) { Elf32_Shdr *sechdrs; unsigned int i; char *secnames; sechdrs = (void *)ehdr + ehdr->e_shoff; secnames = (void *)ehdr + sechdrs[ehdr->e_shstrndx].sh_offset; for (i = 1; i < ehdr->e_shnum; i++) { if (strcmp(secnames+sechdrs[i].sh_name, secname) == 0) { if (size) *size = sechdrs[i].sh_size; return (void *)ehdr + sechdrs[i].sh_offset; } } *size = 0; return NULL; }",linux-2.6,,,273867450400085653328467866828184594704,0 5093,CWE-190,"_Unpickler_MemoPut(UnpicklerObject *self, Py_ssize_t idx, PyObject *value) { PyObject *old_item; if (idx >= self->memo_size) { if (_Unpickler_ResizeMemoList(self, idx * 2) < 0) return -1; assert(idx < self->memo_size); } Py_INCREF(value); old_item = self->memo[idx]; self->memo[idx] = value; if (old_item != NULL) { Py_DECREF(old_item); } else { self->memo_len++; } return 0; }",visit repo url,Modules/_pickle.c,https://github.com/python/cpython,249491239632284,1 1722,CWE-19,"ext2_xattr_get(struct inode *inode, int name_index, const char *name, void *buffer, size_t buffer_size) { struct buffer_head *bh = NULL; struct ext2_xattr_entry *entry; size_t name_len, size; char *end; int error; ea_idebug(inode, ""name=%d.%s, buffer=%p, buffer_size=%ld"", name_index, name, buffer, (long)buffer_size); if (name == NULL) return -EINVAL; name_len = strlen(name); if (name_len > 255) return -ERANGE; down_read(&EXT2_I(inode)->xattr_sem); error = -ENODATA; if (!EXT2_I(inode)->i_file_acl) goto cleanup; ea_idebug(inode, ""reading block %d"", EXT2_I(inode)->i_file_acl); bh = sb_bread(inode->i_sb, EXT2_I(inode)->i_file_acl); error = -EIO; if (!bh) goto cleanup; ea_bdebug(bh, ""b_count=%d, refcount=%d"", atomic_read(&(bh->b_count)), le32_to_cpu(HDR(bh)->h_refcount)); end = bh->b_data + bh->b_size; if (HDR(bh)->h_magic != cpu_to_le32(EXT2_XATTR_MAGIC) || HDR(bh)->h_blocks != cpu_to_le32(1)) { bad_block: ext2_error(inode->i_sb, ""ext2_xattr_get"", ""inode %ld: bad block %d"", inode->i_ino, EXT2_I(inode)->i_file_acl); error = -EIO; goto cleanup; } entry = FIRST_ENTRY(bh); while (!IS_LAST_ENTRY(entry)) { struct ext2_xattr_entry *next = EXT2_XATTR_NEXT(entry); if ((char *)next >= end) goto bad_block; if (name_index == entry->e_name_index && name_len == entry->e_name_len && memcmp(name, entry->e_name, name_len) == 0) goto found; entry = next; } if (ext2_xattr_cache_insert(bh)) ea_idebug(inode, ""cache insert failed""); error = -ENODATA; goto cleanup; found: if (entry->e_value_block != 0) goto bad_block; size = le32_to_cpu(entry->e_value_size); if (size > inode->i_sb->s_blocksize || le16_to_cpu(entry->e_value_offs) + size > inode->i_sb->s_blocksize) goto bad_block; if (ext2_xattr_cache_insert(bh)) ea_idebug(inode, ""cache insert failed""); if (buffer) { error = -ERANGE; if (size > buffer_size) goto cleanup; memcpy(buffer, bh->b_data + le16_to_cpu(entry->e_value_offs), size); } error = size; cleanup: brelse(bh); up_read(&EXT2_I(inode)->xattr_sem); return error; }",visit repo url,fs/ext2/xattr.c,https://github.com/torvalds/linux,3880993594567,1 578,CWE-399,"static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt, struct nl_info *info) { struct rt6_info *iter = NULL; struct rt6_info **ins; int replace = (info->nlh && (info->nlh->nlmsg_flags & NLM_F_REPLACE)); int add = (!info->nlh || (info->nlh->nlmsg_flags & NLM_F_CREATE)); int found = 0; ins = &fn->leaf; for (iter = fn->leaf; iter; iter = iter->dst.rt6_next) { if (iter->rt6i_metric == rt->rt6i_metric) { if (info->nlh && (info->nlh->nlmsg_flags & NLM_F_EXCL)) return -EEXIST; if (replace) { found++; break; } if (iter->dst.dev == rt->dst.dev && iter->rt6i_idev == rt->rt6i_idev && ipv6_addr_equal(&iter->rt6i_gateway, &rt->rt6i_gateway)) { if (rt->rt6i_nsiblings) rt->rt6i_nsiblings = 0; if (!(iter->rt6i_flags & RTF_EXPIRES)) return -EEXIST; if (!(rt->rt6i_flags & RTF_EXPIRES)) rt6_clean_expires(iter); else rt6_set_expires(iter, rt->dst.expires); return -EEXIST; } if (rt->rt6i_flags & RTF_GATEWAY && !(rt->rt6i_flags & RTF_EXPIRES) && !(iter->rt6i_flags & RTF_EXPIRES)) rt->rt6i_nsiblings++; } if (iter->rt6i_metric > rt->rt6i_metric) break; ins = &iter->dst.rt6_next; } if (ins == &fn->leaf) fn->rr_ptr = NULL; if (rt->rt6i_nsiblings) { unsigned int rt6i_nsiblings; struct rt6_info *sibling, *temp_sibling; sibling = fn->leaf; while (sibling) { if (sibling->rt6i_metric == rt->rt6i_metric) { list_add_tail(&rt->rt6i_siblings, &sibling->rt6i_siblings); break; } sibling = sibling->dst.rt6_next; } rt6i_nsiblings = 0; list_for_each_entry_safe(sibling, temp_sibling, &rt->rt6i_siblings, rt6i_siblings) { sibling->rt6i_nsiblings++; BUG_ON(sibling->rt6i_nsiblings != rt->rt6i_nsiblings); rt6i_nsiblings++; } BUG_ON(rt6i_nsiblings != rt->rt6i_nsiblings); } if (!replace) { if (!add) pr_warn(""NLM_F_CREATE should be set when creating new route\n""); add: rt->dst.rt6_next = iter; *ins = rt; rt->rt6i_node = fn; atomic_inc(&rt->rt6i_ref); inet6_rt_notify(RTM_NEWROUTE, rt, info); info->nl_net->ipv6.rt6_stats->fib_rt_entries++; if (!(fn->fn_flags & RTN_RTINFO)) { info->nl_net->ipv6.rt6_stats->fib_route_nodes++; fn->fn_flags |= RTN_RTINFO; } } else { if (!found) { if (add) goto add; pr_warn(""NLM_F_REPLACE set, but no existing node found!\n""); return -ENOENT; } *ins = rt; rt->rt6i_node = fn; rt->dst.rt6_next = iter->dst.rt6_next; atomic_inc(&rt->rt6i_ref); inet6_rt_notify(RTM_NEWROUTE, rt, info); rt6_release(iter); if (!(fn->fn_flags & RTN_RTINFO)) { info->nl_net->ipv6.rt6_stats->fib_route_nodes++; fn->fn_flags |= RTN_RTINFO; } } return 0; }",visit repo url,net/ipv6/ip6_fib.c,https://github.com/torvalds/linux,56241928830704,1 287,[],"static int rtc_ioctl(unsigned fd, unsigned cmd, unsigned long arg) { mm_segment_t oldfs = get_fs(); compat_ulong_t val32; unsigned long kval; int ret; switch (cmd) { case RTC_IRQP_READ32: case RTC_EPOCH_READ32: set_fs(KERNEL_DS); ret = sys_ioctl(fd, (cmd == RTC_IRQP_READ32) ? RTC_IRQP_READ : RTC_EPOCH_READ, (unsigned long)&kval); set_fs(oldfs); if (ret) return ret; val32 = kval; return put_user(val32, (unsigned int __user *)arg); case RTC_IRQP_SET32: return sys_ioctl(fd, RTC_IRQP_SET, arg); case RTC_EPOCH_SET32: return sys_ioctl(fd, RTC_EPOCH_SET, arg); default: return -ENOIOCTLCMD; } }",linux-2.6,,,251941020136098297017248934558760542078,0 3763,[],"static void __unix_remove_socket(struct sock *sk) { sk_del_node_init(sk); }",linux-2.6,,,175771693388606073209233309683789382455,0 6462,[],"lt_dladvise_init (lt_dladvise *padvise) { lt_dladvise advise = (lt_dladvise) lt__zalloc (sizeof (struct lt__advise)); *padvise = advise; return (advise ? 0 : 1); }",libtool,,,191727270746098132755153240774140795101,0 2188,CWE-416,"static void buffer_pipe_buf_get(struct pipe_inode_info *pipe, struct pipe_buffer *buf) { struct buffer_ref *ref = (struct buffer_ref *)buf->private; ref->ref++; }",visit repo url,kernel/trace/trace.c,https://github.com/torvalds/linux,85542673846940,1 470,CWE-20,"static int __key_instantiate_and_link(struct key *key, struct key_preparsed_payload *prep, struct key *keyring, struct key *authkey, struct assoc_array_edit **_edit) { int ret, awaken; key_check(key); key_check(keyring); awaken = 0; ret = -EBUSY; mutex_lock(&key_construction_mutex); if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { ret = key->type->instantiate(key, prep); if (ret == 0) { atomic_inc(&key->user->nikeys); set_bit(KEY_FLAG_INSTANTIATED, &key->flags); if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags)) awaken = 1; if (keyring) { if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) set_bit(KEY_FLAG_KEEP, &key->flags); __key_link(key, _edit); } if (authkey) key_revoke(authkey); if (prep->expiry != TIME_T_MAX) { key->expiry = prep->expiry; key_schedule_gc(prep->expiry + key_gc_delay); } } } mutex_unlock(&key_construction_mutex); if (awaken) wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); return ret; }",visit repo url,security/keys/key.c,https://github.com/torvalds/linux,106748141635329,1 5269,CWE-323,"static int oidc_cache_crypto_encrypt(request_rec *r, const char *plaintext, unsigned char *key, char **result) { char *encoded = NULL, *p = NULL, *e_tag = NULL; unsigned char *ciphertext = NULL; int plaintext_len, ciphertext_len, encoded_len, e_tag_len; unsigned char tag[OIDC_CACHE_TAG_LEN]; plaintext_len = strlen(plaintext) + 1; ciphertext = apr_pcalloc(r->pool, (plaintext_len + EVP_CIPHER_block_size(OIDC_CACHE_CIPHER))); ciphertext_len = oidc_cache_crypto_encrypt_impl(r, (unsigned char *) plaintext, plaintext_len, OIDC_CACHE_CRYPTO_GCM_AAD, sizeof(OIDC_CACHE_CRYPTO_GCM_AAD), key, OIDC_CACHE_CRYPTO_GCM_IV, sizeof(OIDC_CACHE_CRYPTO_GCM_IV), ciphertext, tag, sizeof(tag)); encoded_len = oidc_base64url_encode(r, &encoded, (const char *) ciphertext, ciphertext_len, 1); if (encoded_len > 0) { p = encoded; e_tag_len = oidc_base64url_encode(r, &e_tag, (const char *) tag, OIDC_CACHE_TAG_LEN, 1); encoded = apr_pcalloc(r->pool, encoded_len + 1 + e_tag_len + 1); memcpy(encoded, p, encoded_len); p = encoded + encoded_len; *p = OIDC_CHAR_DOT; p++; memcpy(p, e_tag, e_tag_len); encoded_len += e_tag_len + 1; encoded[encoded_len] = '\0'; *result = encoded; } return encoded_len; }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,37989702896874,1 791,CWE-20,"static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sockaddr_llc *uaddr = (struct sockaddr_llc *)msg->msg_name; const int nonblock = flags & MSG_DONTWAIT; struct sk_buff *skb = NULL; struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); unsigned long cpu_flags; size_t copied = 0; u32 peek_seq = 0; u32 *seq; unsigned long used; int target; long timeo; msg->msg_namelen = 0; lock_sock(sk); copied = -ENOTCONN; if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) goto out; timeo = sock_rcvtimeo(sk, nonblock); seq = &llc->copied_seq; if (flags & MSG_PEEK) { peek_seq = llc->copied_seq; seq = &peek_seq; } target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); copied = 0; do { u32 offset; if (signal_pending(current)) { if (copied) break; copied = timeo ? sock_intr_errno(timeo) : -EAGAIN; break; } skb = skb_peek(&sk->sk_receive_queue); if (skb) { offset = *seq; goto found_ok_skb; } if (copied >= target && !sk->sk_backlog.tail) break; if (copied) { if (sk->sk_err || sk->sk_state == TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN) || !timeo || (flags & MSG_PEEK)) break; } else { if (sock_flag(sk, SOCK_DONE)) break; if (sk->sk_err) { copied = sock_error(sk); break; } if (sk->sk_shutdown & RCV_SHUTDOWN) break; if (sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_CLOSE) { if (!sock_flag(sk, SOCK_DONE)) { copied = -ENOTCONN; break; } break; } if (!timeo) { copied = -EAGAIN; break; } } if (copied >= target) { release_sock(sk); lock_sock(sk); } else sk_wait_data(sk, &timeo); if ((flags & MSG_PEEK) && peek_seq != llc->copied_seq) { net_dbg_ratelimited(""LLC(%s:%d): Application bug, race in MSG_PEEK\n"", current->comm, task_pid_nr(current)); peek_seq = llc->copied_seq; } continue; found_ok_skb: used = skb->len - offset; if (len < used) used = len; if (!(flags & MSG_TRUNC)) { int rc = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, used); if (rc) { if (!copied) copied = -EFAULT; break; } } *seq += used; copied += used; len -= used; if (sk->sk_type != SOCK_STREAM) goto copy_uaddr; if (!(flags & MSG_PEEK)) { spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags); sk_eat_skb(sk, skb, false); spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags); *seq = 0; } if (used + offset < skb->len) continue; } while (len > 0); out: release_sock(sk); return copied; copy_uaddr: if (uaddr != NULL && skb != NULL) { memcpy(uaddr, llc_ui_skb_cb(skb), sizeof(*uaddr)); msg->msg_namelen = sizeof(*uaddr); } if (llc_sk(sk)->cmsg_flags) llc_cmsg_rcv(msg, skb); if (!(flags & MSG_PEEK)) { spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags); sk_eat_skb(sk, skb, false); spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags); *seq = 0; } goto out; }",visit repo url,net/llc/af_llc.c,https://github.com/torvalds/linux,150059117372885,1 4641,CWE-476,"GF_Err Media_RewriteODFrame(GF_MediaBox *mdia, GF_ISOSample *sample) { GF_Err e; GF_ODCodec *ODdecode; GF_ODCodec *ODencode; GF_ODCom *com; GF_ESDUpdate *esdU, *esdU2; GF_ESDRemove *esdR, *esdR2; GF_ODUpdate *odU, *odU2; GF_ObjectDescriptor *od; GF_IsomObjectDescriptor *isom_od; GF_ESD *esd; GF_ES_ID_Ref *ref; GF_Descriptor *desc; GF_TrackReferenceTypeBox *mpod; u32 i, j, skipped; if (!mdia || !sample || !sample->data || !sample->dataLength) return GF_BAD_PARAM; mpod = NULL; e = Track_FindRef(mdia->mediaTrack, GF_ISOM_BOX_TYPE_MPOD, &mpod); if (e) return e; if (!mpod || !mpod->trackIDs) return GF_OK; ODdecode = gf_odf_codec_new(); if (!ODdecode) return GF_OUT_OF_MEM; ODencode = gf_odf_codec_new(); if (!ODencode) { gf_odf_codec_del(ODdecode); return GF_OUT_OF_MEM; } e = gf_odf_codec_set_au(ODdecode, sample->data, sample->dataLength); if (e) goto err_exit; e = gf_odf_codec_decode(ODdecode); if (e) goto err_exit; while (1) { com = gf_odf_codec_get_com(ODdecode); if (!com) break; switch (com->tag) { case GF_ODF_OD_UPDATE_TAG: odU = (GF_ODUpdate *) com; odU2 = (GF_ODUpdate *) gf_odf_com_new(GF_ODF_OD_UPDATE_TAG); i=0; while ((desc = (GF_Descriptor*)gf_list_enum(odU->objectDescriptors, &i))) { switch (desc->tag) { case GF_ODF_OD_TAG: case GF_ODF_ISOM_OD_TAG: case GF_ODF_ISOM_IOD_TAG: break; default: return GF_ISOM_INVALID_FILE; } e = gf_odf_desc_copy(desc, (GF_Descriptor **)&isom_od); if (e) goto err_exit; if (desc->tag == GF_ODF_ISOM_IOD_TAG) { od = (GF_ObjectDescriptor *) gf_malloc(sizeof(GF_InitialObjectDescriptor)); } else { od = (GF_ObjectDescriptor *) gf_malloc(sizeof(GF_ObjectDescriptor)); } if (!od) { e = GF_OUT_OF_MEM; goto err_exit; } od->ESDescriptors = gf_list_new(); od->objectDescriptorID = isom_od->objectDescriptorID; od->tag = GF_ODF_OD_TAG; od->URLString = isom_od->URLString; isom_od->URLString = NULL; od->extensionDescriptors = isom_od->extensionDescriptors; isom_od->extensionDescriptors = NULL; od->IPMP_Descriptors = isom_od->IPMP_Descriptors; isom_od->IPMP_Descriptors = NULL; od->OCIDescriptors = isom_od->OCIDescriptors; isom_od->OCIDescriptors = NULL; if (isom_od->tag == GF_ODF_ISOM_IOD_TAG) { ((GF_InitialObjectDescriptor *)od)->audio_profileAndLevel = ((GF_IsomInitialObjectDescriptor *)isom_od)->audio_profileAndLevel; ((GF_InitialObjectDescriptor *)od)->inlineProfileFlag = ((GF_IsomInitialObjectDescriptor *)isom_od)->inlineProfileFlag; ((GF_InitialObjectDescriptor *)od)->graphics_profileAndLevel = ((GF_IsomInitialObjectDescriptor *)isom_od)->graphics_profileAndLevel; ((GF_InitialObjectDescriptor *)od)->OD_profileAndLevel = ((GF_IsomInitialObjectDescriptor *)isom_od)->OD_profileAndLevel; ((GF_InitialObjectDescriptor *)od)->scene_profileAndLevel = ((GF_IsomInitialObjectDescriptor *)isom_od)->scene_profileAndLevel; ((GF_InitialObjectDescriptor *)od)->visual_profileAndLevel = ((GF_IsomInitialObjectDescriptor *)isom_od)->visual_profileAndLevel; ((GF_InitialObjectDescriptor *)od)->IPMPToolList = ((GF_IsomInitialObjectDescriptor *)isom_od)->IPMPToolList; ((GF_IsomInitialObjectDescriptor *)isom_od)->IPMPToolList = NULL; } j=0; while ((ref = (GF_ES_ID_Ref*)gf_list_enum(isom_od->ES_ID_RefDescriptors, &j))) { if (!mpod->trackIDs || gf_isom_get_track_from_id(mdia->mediaTrack->moov, mpod->trackIDs[ref->trackRef - 1]) == NULL) continue; e = GetESDForTime(mdia->mediaTrack->moov, mpod->trackIDs[ref->trackRef - 1], sample->DTS, &esd); if (!e) e = gf_odf_desc_add_desc((GF_Descriptor *) od, (GF_Descriptor *) esd); if (e) { gf_odf_desc_del((GF_Descriptor *)od); gf_odf_com_del((GF_ODCom **)&odU2); gf_odf_desc_del((GF_Descriptor *)isom_od); gf_odf_com_del((GF_ODCom **)&odU); goto err_exit; } } gf_odf_desc_del((GF_Descriptor *)isom_od); gf_list_add(odU2->objectDescriptors, od); } gf_odf_com_del((GF_ODCom **)&odU); gf_odf_codec_add_com(ODencode, (GF_ODCom *)odU2); break; case GF_ODF_ESD_UPDATE_TAG: esdU = (GF_ESDUpdate *) com; esdU2 = (GF_ESDUpdate *) gf_odf_com_new(GF_ODF_ESD_UPDATE_TAG); esdU2->ODID = esdU->ODID; i=0; while ((ref = (GF_ES_ID_Ref*)gf_list_enum(esdU->ESDescriptors, &i))) { if (gf_isom_get_track_from_id(mdia->mediaTrack->moov, mpod->trackIDs[ref->trackRef - 1]) == NULL) continue; e = GetESDForTime(mdia->mediaTrack->moov, mpod->trackIDs[ref->trackRef - 1], sample->DTS, &esd); if (e) goto err_exit; gf_list_add(esdU2->ESDescriptors, esd); } gf_odf_com_del((GF_ODCom **)&esdU); gf_odf_codec_add_com(ODencode, (GF_ODCom *)esdU2); break; case GF_ODF_ESD_REMOVE_REF_TAG: esdR = (GF_ESDRemove *) com; esdR2 = (GF_ESDRemove *) gf_odf_com_new(GF_ODF_ESD_REMOVE_TAG); esdR2->ODID = esdR->ODID; esdR2->NbESDs = esdR->NbESDs; esdR2->ES_ID = (unsigned short*)gf_malloc(sizeof(u32) * esdR->NbESDs); if (!esdR2->ES_ID) { e = GF_OUT_OF_MEM; goto err_exit; } skipped = 0; for (i = 0; i < esdR->NbESDs; i++) { if (gf_isom_get_track_from_id(mdia->mediaTrack->moov, mpod->trackIDs[esdR->ES_ID[i] - 1]) == NULL) { skipped ++; } else { esdR2->ES_ID[i - skipped] = mpod->trackIDs[esdR->ES_ID[i] - 1]; } } if (skipped && (skipped != esdR2->NbESDs) ) { esdR2->NbESDs -= skipped; esdR2->ES_ID = (unsigned short*)gf_realloc(esdR2->ES_ID, sizeof(u32) * esdR2->NbESDs); } gf_odf_com_del((GF_ODCom **)&esdR); gf_odf_codec_add_com(ODencode, (GF_ODCom *)esdR2); break; default: e = gf_odf_codec_add_com(ODencode, com); if (e) goto err_exit; } } e = gf_odf_codec_encode(ODencode, 1); if (e) goto err_exit; gf_free(sample->data); sample->data = NULL; sample->dataLength = 0; e = gf_odf_codec_get_au(ODencode, &sample->data, &sample->dataLength); err_exit: gf_odf_codec_del(ODdecode); gf_odf_codec_del(ODencode); return e; }",visit repo url,src/isomedia/media_odf.c,https://github.com/gpac/gpac,236259259852953,1 6376,CWE-125,"format_number(int n, char f) { static const char *ones[10] = { """", ""i"", ""ii"", ""iii"", ""iv"", ""v"", ""vi"", ""vii"", ""viii"", ""ix"" }, *tens[10] = { """", ""x"", ""xx"", ""xxx"", ""xl"", ""l"", ""lx"", ""lxx"", ""lxxx"", ""xc"" }, *hundreds[10] = { """", ""c"", ""cc"", ""ccc"", ""cd"", ""d"", ""dc"", ""dcc"", ""dccc"", ""cm"" }; static const char *ONES[10] = { """", ""I"", ""II"", ""III"", ""IV"", ""V"", ""VI"", ""VII"", ""VIII"", ""IX"" }, *TENS[10] = { """", ""X"", ""XX"", ""XXX"", ""XL"", ""L"", ""LX"", ""LXX"", ""LXXX"", ""XC"" }, *HUNDREDS[10] = { """", ""C"", ""CC"", ""CCC"", ""CD"", ""D"", ""DC"", ""DCC"", ""DCCC"", ""CM"" }; static char buffer[1024]; switch (f) { default : buffer[0] = '\0'; break; case 'a' : if (n >= (26 * 26)) buffer[0] = '\0'; else if (n > 26) snprintf(buffer, sizeof(buffer), ""%c%c"", 'a' + (n / 26) - 1, 'a' + (n % 26) - 1); else snprintf(buffer, sizeof(buffer), ""%c"", 'a' + n - 1); break; case 'A' : if (n >= (26 * 26)) buffer[0] = '\0'; else if (n > 26) snprintf(buffer, sizeof(buffer), ""%c%c"", 'A' + (n / 26) - 1, 'A' + (n % 26) - 1); else snprintf(buffer, sizeof(buffer), ""%c"", 'A' + n - 1); break; case '1' : snprintf(buffer, sizeof(buffer), ""%d"", n); break; case 'i' : if (n >= 1000) buffer[0] = '\0'; else snprintf(buffer, sizeof(buffer), ""%s%s%s"", hundreds[n / 100], tens[(n / 10) % 10], ones[n % 10]); break; case 'I' : if (n >= 1000) buffer[0] = '\0'; else snprintf(buffer, sizeof(buffer), ""%s%s%s"", HUNDREDS[n / 100], TENS[(n / 10) % 10], ONES[n % 10]); break; } return (buffer); }",visit repo url,htmldoc/util.cxx,https://github.com/michaelrsweet/htmldoc,12149111846554,1 3888,['CWE-399'],"static int ta8874z_checkit(struct CHIPSTATE *chip) { int rc; rc = chip_read(chip); return ((rc & 0x1f) == 0x1f) ? 1 : 0; }",linux-2.6,,,175320168153568125628059222103572299638,0 6333,CWE-401,"void streamGetEdgeID(stream *s, int first, int skip_tombstones, streamID *edge_id) { streamIterator si; int64_t numfields; streamIteratorStart(&si,s,NULL,NULL,!first); si.skip_tombstones = skip_tombstones; int found = streamIteratorGetID(&si,edge_id,&numfields); if (!found) { streamID min_id = {0, 0}, max_id = {UINT64_MAX, UINT64_MAX}; *edge_id = first ? max_id : min_id; } }",visit repo url,src/t_stream.c,https://github.com/redis/redis,196579215383590,1 3463,CWE-362,"int mi_repair_parallel(MI_CHECK *param, register MI_INFO *info, const char * name, int rep_quick) { int got_error; uint i,key, total_key_length, istep; ulong rec_length; ha_rows start_records; my_off_t new_header_length,del; File new_file; MI_SORT_PARAM *sort_param=0; MYISAM_SHARE *share=info->s; ulong *rec_per_key_part; HA_KEYSEG *keyseg; char llbuff[22]; IO_CACHE new_data_cache; IO_CACHE_SHARE io_share; SORT_INFO sort_info; ulonglong UNINIT_VAR(key_map); pthread_attr_t thr_attr; ulong max_pack_reclength; int error; DBUG_ENTER(""mi_repair_parallel""); start_records=info->state->records; got_error=1; new_file= -1; new_header_length=(param->testflag & T_UNPACK) ? 0 : share->pack.header_length; if (!(param->testflag & T_SILENT)) { printf(""- parallel recovering (with sort) MyISAM-table '%s'\n"",name); printf(""Data records: %s\n"", llstr(start_records,llbuff)); } param->testflag|=T_REP; if (info->s->options & (HA_OPTION_CHECKSUM | HA_OPTION_COMPRESS_RECORD)) param->testflag|=T_CALC_CHECKSUM; DBUG_PRINT(""info"", (""is quick repair: %d"", rep_quick)); bzero((char*)&sort_info,sizeof(sort_info)); mysql_mutex_init(mi_key_mutex_MI_SORT_INFO_mutex, &sort_info.mutex, MY_MUTEX_INIT_FAST); mysql_cond_init(mi_key_cond_MI_SORT_INFO_cond, &sort_info.cond, 0); mysql_mutex_init(mi_key_mutex_MI_CHECK_print_msg, ¶m->print_msg_mutex, MY_MUTEX_INIT_FAST); param->need_print_msg_lock= 1; if (!(sort_info.key_block= alloc_key_blocks(param, (uint) param->sort_key_blocks, share->base.max_key_block_length)) || init_io_cache(¶m->read_cache, info->dfile, (uint) param->read_buffer_length, READ_CACHE, share->pack.header_length, 1, MYF(MY_WME)) || (!rep_quick && (init_io_cache(&info->rec_cache, info->dfile, (uint) param->write_buffer_length, WRITE_CACHE, new_header_length, 1, MYF(MY_WME | MY_WAIT_IF_FULL) & param->myf_rw) || init_io_cache(&new_data_cache, -1, (uint) param->write_buffer_length, READ_CACHE, new_header_length, 1, MYF(MY_WME | MY_DONT_CHECK_FILESIZE))))) goto err; sort_info.key_block_end=sort_info.key_block+param->sort_key_blocks; info->opt_flag|=WRITE_CACHE_USED; info->rec_cache.file=info->dfile; if (!rep_quick) { if ((new_file= mysql_file_create(mi_key_file_datatmp, fn_format(param->temp_filename, share->data_file_name, """", DATA_TMP_EXT, 2+4), 0, param->tmpfile_createflag, MYF(0))) < 0) { mi_check_print_error(param,""Can't create new tempfile: '%s'"", param->temp_filename); goto err; } if (new_header_length && filecopy(param, new_file,info->dfile,0L,new_header_length, ""datafile-header"")) goto err; if (param->testflag & T_UNPACK) { share->options&= ~HA_OPTION_COMPRESS_RECORD; mi_int2store(share->state.header.options,share->options); } share->state.dellink= HA_OFFSET_ERROR; info->rec_cache.file=new_file; } info->update= (short) (HA_STATE_CHANGED | HA_STATE_ROW_CHANGED); mi_drop_all_indexes(param, info, FALSE); key_map= share->state.key_map; if (param->testflag & T_CREATE_MISSING_KEYS) { key_map= ~key_map; } sort_info.info=info; sort_info.param = param; set_data_file_type(&sort_info, share); sort_info.dupp=0; sort_info.buff=0; param->read_cache.end_of_file=sort_info.filelength= mysql_file_seek(param->read_cache.file, 0L, MY_SEEK_END, MYF(0)); if (share->data_file_type == DYNAMIC_RECORD) rec_length=max(share->base.min_pack_length+1,share->base.min_block_length); else if (share->data_file_type == COMPRESSED_RECORD) rec_length=share->base.min_block_length; else rec_length=share->base.pack_reclength; sort_info.max_records= ((param->testflag & T_CREATE_MISSING_KEYS) ? info->state->records + 1: (ha_rows) (sort_info.filelength/rec_length+1)); del=info->state->del; param->glob_crc=0; max_pack_reclength= share->base.pack_reclength; if (share->options & HA_OPTION_COMPRESS_RECORD) set_if_bigger(max_pack_reclength, share->max_pack_length); if (!(sort_param=(MI_SORT_PARAM *) my_malloc((uint) share->base.keys * (sizeof(MI_SORT_PARAM) + max_pack_reclength), MYF(MY_ZEROFILL)))) { mi_check_print_error(param,""Not enough memory for key!""); goto err; } total_key_length=0; rec_per_key_part= param->rec_per_key_part; info->state->records=info->state->del=share->state.split=0; info->state->empty=0; for (i=key=0, istep=1 ; key < share->base.keys ; rec_per_key_part+=sort_param[i].keyinfo->keysegs, i+=istep, key++) { sort_param[i].key=key; sort_param[i].keyinfo=share->keyinfo+key; sort_param[i].seg=sort_param[i].keyinfo->seg; if (! mi_is_key_active(key_map, key)) { memcpy((char*) rec_per_key_part, (char*) (share->state.rec_per_key_part+ (uint) (rec_per_key_part - param->rec_per_key_part)), sort_param[i].keyinfo->keysegs*sizeof(*rec_per_key_part)); istep=0; continue; } istep=1; if ((!(param->testflag & T_SILENT))) printf (""- Fixing index %d\n"",key+1); if (sort_param[i].keyinfo->flag & HA_FULLTEXT) { sort_param[i].key_read=sort_ft_key_read; sort_param[i].key_write=sort_ft_key_write; } else { sort_param[i].key_read=sort_key_read; sort_param[i].key_write=sort_key_write; } sort_param[i].key_cmp=sort_key_cmp; sort_param[i].lock_in_memory=lock_memory; sort_param[i].tmpdir=param->tmpdir; sort_param[i].sort_info=&sort_info; sort_param[i].master=0; sort_param[i].fix_datafile=0; sort_param[i].calc_checksum= 0; sort_param[i].filepos=new_header_length; sort_param[i].max_pos=sort_param[i].pos=share->pack.header_length; sort_param[i].record= (((uchar *)(sort_param+share->base.keys))+ (max_pack_reclength * i)); if (!mi_alloc_rec_buff(info, -1, &sort_param[i].rec_buff)) { mi_check_print_error(param,""Not enough memory!""); goto err; } sort_param[i].key_length=share->rec_reflength; for (keyseg=sort_param[i].seg; keyseg->type != HA_KEYTYPE_END; keyseg++) { sort_param[i].key_length+=keyseg->length; if (keyseg->flag & HA_SPACE_PACK) sort_param[i].key_length+=get_pack_length(keyseg->length); if (keyseg->flag & (HA_BLOB_PART | HA_VAR_LENGTH_PART)) sort_param[i].key_length+=2 + test(keyseg->length >= 127); if (keyseg->flag & HA_NULL_PART) sort_param[i].key_length++; } total_key_length+=sort_param[i].key_length; if (sort_param[i].keyinfo->flag & HA_FULLTEXT) { uint ft_max_word_len_for_sort=FT_MAX_WORD_LEN_FOR_SORT* sort_param[i].keyinfo->seg->charset->mbmaxlen; sort_param[i].key_length+=ft_max_word_len_for_sort-HA_FT_MAXBYTELEN; init_alloc_root(&sort_param[i].wordroot, FTPARSER_MEMROOT_ALLOC_SIZE, 0); } } sort_info.total_keys=i; sort_param[0].master= 1; sort_param[0].fix_datafile= (my_bool)(! rep_quick); sort_param[0].calc_checksum= test(param->testflag & T_CALC_CHECKSUM); if (!ftparser_alloc_param(info)) goto err; sort_info.got_error=0; mysql_mutex_lock(&sort_info.mutex); if (i > 1) { if (rep_quick) init_io_cache_share(¶m->read_cache, &io_share, NULL, i); else init_io_cache_share(&new_data_cache, &io_share, &info->rec_cache, i); } else io_share.total_threads= 0; (void) pthread_attr_init(&thr_attr); (void) pthread_attr_setdetachstate(&thr_attr,PTHREAD_CREATE_DETACHED); for (i=0 ; i < sort_info.total_keys ; i++) { sort_param[i].read_cache= ((rep_quick || !i) ? param->read_cache : new_data_cache); DBUG_PRINT(""io_cache_share"", (""thread: %u read_cache: 0x%lx"", i, (long) &sort_param[i].read_cache)); sort_param[i].sortbuff_size= #ifndef USING_SECOND_APPROACH param->sort_buffer_length/sort_info.total_keys; #else param->sort_buffer_length*sort_param[i].key_length/total_key_length; #endif if ((error= mysql_thread_create(mi_key_thread_find_all_keys, &sort_param[i].thr, &thr_attr, thr_find_all_keys, (void *) (sort_param+i)))) { mi_check_print_error(param,""Cannot start a repair thread (errno= %d)"", error); if (io_share.total_threads) remove_io_thread(&sort_param[i].read_cache); DBUG_PRINT(""error"", (""Cannot start a repair thread"")); sort_info.got_error=1; } else sort_info.threads_running++; } (void) pthread_attr_destroy(&thr_attr); while (sort_info.threads_running) mysql_cond_wait(&sort_info.cond, &sort_info.mutex); mysql_mutex_unlock(&sort_info.mutex); if ((got_error= thr_write_keys(sort_param))) { param->retry_repair=1; goto err; } got_error=1; if (sort_param[0].fix_datafile) { if (write_data_suffix(&sort_info,1) || end_io_cache(&info->rec_cache)) goto err; if (param->testflag & T_SAFE_REPAIR) { if (info->state->records+1 < start_records) { info->state->records=start_records; goto err; } } share->state.state.data_file_length= info->state->data_file_length= sort_param->filepos; share->state.version=(ulong) time((time_t*) 0); mysql_file_close(info->dfile, MYF(0)); info->dfile=new_file; share->data_file_type=sort_info.new_data_file_type; share->pack.header_length=(ulong) new_header_length; } else info->state->data_file_length=sort_param->max_pos; if (rep_quick && del+sort_info.dupp != info->state->del) { mi_check_print_error(param,""Couldn't fix table with quick recovery: Found wrong number of deleted records""); mi_check_print_error(param,""Run recovery again without -q""); param->retry_repair=1; param->testflag|=T_RETRY_WITHOUT_QUICK; goto err; } if (rep_quick & T_FORCE_UNIQUENESS) { my_off_t skr=info->state->data_file_length+ (share->options & HA_OPTION_COMPRESS_RECORD ? MEMMAP_EXTRA_MARGIN : 0); #ifdef USE_RELOC if (share->data_file_type == STATIC_RECORD && skr < share->base.reloc*share->base.min_pack_length) skr=share->base.reloc*share->base.min_pack_length; #endif if (skr != sort_info.filelength) if (mysql_file_chsize(info->dfile, skr, 0, MYF(0))) mi_check_print_warning(param, ""Can't change size of datafile, error: %d"", my_errno); } if (param->testflag & T_CALC_CHECKSUM) info->state->checksum=param->glob_crc; if (mysql_file_chsize(share->kfile, info->state->key_file_length, 0, MYF(0))) mi_check_print_warning(param, ""Can't change size of indexfile, error: %d"", my_errno); if (!(param->testflag & T_SILENT)) { if (start_records != info->state->records) printf(""Data records: %s\n"", llstr(info->state->records,llbuff)); if (sort_info.dupp) mi_check_print_warning(param, ""%s records have been removed"", llstr(sort_info.dupp,llbuff)); } got_error=0; if (&share->state.state != info->state) memcpy(&share->state.state, info->state, sizeof(*info->state)); err: got_error|= flush_blocks(param, share->key_cache, share->kfile); (void) end_io_cache(&info->rec_cache); if (!rep_quick) (void) end_io_cache(&new_data_cache); if (!got_error) { if (new_file >= 0) { mysql_file_close(new_file, MYF(0)); info->dfile=new_file= -1; if (change_to_newfile(share->data_file_name, MI_NAME_DEXT, DATA_TMP_EXT, (param->testflag & T_BACKUP_DATA ? MYF(MY_REDEL_MAKE_BACKUP): MYF(0))) || mi_open_datafile(info,share,name,-1)) got_error=1; } } if (got_error) { if (! param->error_printed) mi_check_print_error(param,""%d when fixing table"",my_errno); if (new_file >= 0) { (void) mysql_file_close(new_file, MYF(0)); (void) mysql_file_delete(mi_key_file_datatmp, param->temp_filename, MYF(MY_WME)); if (info->dfile == new_file) if (unlikely(mi_open_datafile(info, share, name, -1))) param->retry_repair= 0; } mi_mark_crashed_on_repair(info); } else if (key_map == share->state.key_map) share->state.changed&= ~STATE_NOT_OPTIMIZED_KEYS; share->state.changed|=STATE_NOT_SORTED_PAGES; mysql_cond_destroy(&sort_info.cond); mysql_mutex_destroy(&sort_info.mutex); mysql_mutex_destroy(¶m->print_msg_mutex); param->need_print_msg_lock= 0; my_free(sort_info.ft_buf); my_free(sort_info.key_block); my_free(sort_param); my_free(sort_info.buff); (void) end_io_cache(¶m->read_cache); info->opt_flag&= ~(READ_CACHE_USED | WRITE_CACHE_USED); if (!got_error && (param->testflag & T_UNPACK)) { share->state.header.options[0]&= (uchar) ~HA_OPTION_COMPRESS_RECORD; share->pack.header_length=0; } DBUG_RETURN(got_error); }",visit repo url,storage/myisam/mi_check.c,https://github.com/mysql/mysql-server,83015891836154,1 677,[],"static int jpc_cox_putcompparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out, int prtflag, jpc_coxcp_t *compparms) { int i; assert(compparms->numdlvls <= 32); ms = 0; cstate = 0; if (jpc_putuint8(out, compparms->numdlvls) || jpc_putuint8(out, compparms->cblkwidthval) || jpc_putuint8(out, compparms->cblkheightval) || jpc_putuint8(out, compparms->cblksty) || jpc_putuint8(out, compparms->qmfbid)) { return -1; } if (prtflag) { for (i = 0; i < compparms->numrlvls; ++i) { if (jpc_putuint8(out, ((compparms->rlvls[i].parheightval & 0xf) << 4) | (compparms->rlvls[i].parwidthval & 0xf))) { return -1; } } } return 0; }",jasper,,,283844098564036726364735594397650620480,0 1606,[],"int wake_up_process(struct task_struct *p) { return try_to_wake_up(p, TASK_ALL, 0); }",linux-2.6,,,225485992371689215502801612594096741361,0 5852,CWE-125,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_build_pli( pjmedia_rtcp_session *session, void *buf, pj_size_t *length) { pjmedia_rtcp_common *hdr; unsigned len; PJ_ASSERT_RETURN(session && buf && length, PJ_EINVAL); len = 12; if (len > *length) return PJ_ETOOSMALL; hdr = (pjmedia_rtcp_common*)buf; pj_memcpy(hdr, &session->rtcp_rr_pkt.common, sizeof(*hdr)); hdr->pt = RTCP_PSFB; hdr->count = 1; hdr->length = pj_htons((pj_uint16_t)(len/4 - 1)); *length = len; return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,244963794578092,1 489,[],"init_pfm_fs(void) { int err = register_filesystem(&pfm_fs_type); if (!err) { pfmfs_mnt = kern_mount(&pfm_fs_type); err = PTR_ERR(pfmfs_mnt); if (IS_ERR(pfmfs_mnt)) unregister_filesystem(&pfm_fs_type); else err = 0; } return err; }",linux-2.6,,,171467089035238354679046817436735841667,0 1861,['CWE-189'],"_gnutls_handshake_client (gnutls_session_t session) { int ret = 0; #ifdef HANDSHAKE_DEBUG char buf[64]; if (session->internals.resumed_security_parameters.session_id_size > 0) _gnutls_handshake_log (""HSK[%x]: Ask to resume: %s\n"", session, _gnutls_bin2hex (session->internals. resumed_security_parameters. session_id, session->internals. resumed_security_parameters. session_id_size, buf, sizeof (buf))); #endif switch (STATE) { case STATE0: case STATE1: ret = _gnutls_send_hello (session, AGAIN (STATE1)); STATE = STATE1; IMED_RET (""send hello"", ret); case STATE2: ret = _gnutls_recv_handshake (session, NULL, NULL, GNUTLS_HANDSHAKE_SERVER_HELLO, MANDATORY_PACKET); STATE = STATE2; IMED_RET (""recv hello"", ret); case STATE70: if (session->security_parameters.extensions.do_recv_supplemental) { ret = _gnutls_recv_supplemental (session); STATE = STATE70; IMED_RET (""recv supplemental"", ret); } case STATE3: if (session->internals.resumed == RESUME_FALSE) ret = _gnutls_recv_server_certificate (session); STATE = STATE3; IMED_RET (""recv server certificate"", ret); case STATE4: if (session->internals.resumed == RESUME_FALSE) ret = _gnutls_recv_server_kx_message (session); STATE = STATE4; IMED_RET (""recv server kx message"", ret); case STATE5: if (session->internals.resumed == RESUME_FALSE) ret = _gnutls_recv_server_certificate_request (session); STATE = STATE5; IMED_RET (""recv server certificate request message"", ret); case STATE6: if (session->internals.resumed == RESUME_FALSE) ret = _gnutls_recv_handshake (session, NULL, NULL, GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, MANDATORY_PACKET); STATE = STATE6; IMED_RET (""recv server hello done"", ret); case STATE71: if (session->security_parameters.extensions.do_send_supplemental) { ret = _gnutls_send_supplemental (session, AGAIN (STATE71)); STATE = STATE71; IMED_RET (""send supplemental"", ret); } case STATE7: if (session->internals.resumed == RESUME_FALSE) ret = _gnutls_send_client_certificate (session, AGAIN (STATE7)); STATE = STATE7; IMED_RET (""send client certificate"", ret); case STATE8: if (session->internals.resumed == RESUME_FALSE) ret = _gnutls_send_client_kx_message (session, AGAIN (STATE8)); STATE = STATE8; IMED_RET (""send client kx"", ret); case STATE9: if (session->internals.resumed == RESUME_FALSE) ret = _gnutls_send_client_certificate_verify (session, AGAIN (STATE9)); STATE = STATE9; IMED_RET (""send client certificate verify"", ret); STATE = STATE0; default: break; } return 0; }",gnutls,,,251332432924244014804331173313487361407,0 1225,CWE-400,"perf_event_read_event(struct perf_event *event, struct task_struct *task) { struct perf_output_handle handle; struct perf_sample_data sample; struct perf_read_event read_event = { .header = { .type = PERF_RECORD_READ, .misc = 0, .size = sizeof(read_event) + event->read_size, }, .pid = perf_event_pid(event, task), .tid = perf_event_tid(event, task), }; int ret; perf_event_header__init_id(&read_event.header, &sample, event); ret = perf_output_begin(&handle, event, read_event.header.size, 0, 0); if (ret) return; perf_output_put(&handle, read_event); perf_output_read(&handle, event); perf_event__output_id_sample(event, &handle, &sample); perf_output_end(&handle); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,278964096085866,1 1261,NVD-CWE-Other,"__u32 secure_tcpv6_sequence_number(__be32 *saddr, __be32 *daddr, __be16 sport, __be16 dport) { __u32 seq; __u32 hash[12]; struct keydata *keyptr = get_keyptr(); memcpy(hash, saddr, 16); hash[4] = ((__force u16)sport << 16) + (__force u16)dport; memcpy(&hash[5], keyptr->secret, sizeof(__u32) * 7); seq = twothirdsMD4Transform((const __u32 *)daddr, hash) & HASH_MASK; seq += keyptr->count; seq += ktime_to_ns(ktime_get_real()); return seq; }",visit repo url,drivers/char/random.c,https://github.com/torvalds/linux,275532377788783,1 3013,CWE-125,"static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len) { int rlen, remain; dpIOCtxPtr dctx; dynamicPtr *dp; dctx = (dpIOCtxPtr) ctx; dp = dctx->dp; remain = dp->logicalSize - dp->pos; if(remain >= len) { rlen = len; } else { if(remain <= 0) { return 0; } rlen = remain; } memcpy(buf, (void *) ((char *)dp->data + dp->pos), rlen); dp->pos += rlen; return rlen; }",visit repo url,src/gd_io_dp.c,https://github.com/libgd/libgd,235869413857223,1 1282,[],"m4_translit (struct obstack *obs, int argc, token_data **argv) { const char *data; const char *from; const char *to; char map[256] = {0}; char found[256] = {0}; unsigned char ch; if (bad_argc (argv[0], argc, 3, 4)) { if (argc == 2) obstack_grow (obs, ARG (1), strlen (ARG (1))); return; } from = ARG (2); if (strchr (from, '-') != NULL) { from = expand_ranges (from, obs); if (from == NULL) return; } to = ARG (3); if (strchr (to, '-') != NULL) { to = expand_ranges (to, obs); if (to == NULL) return; } for ( ; (ch = *from) != '\0'; from++) { if (! found[ch]) { found[ch] = 1; map[ch] = *to; } if (*to != '\0') to++; } for (data = ARG (1); (ch = *data) != '\0'; data++) { if (! found[ch]) obstack_1grow (obs, ch); else if (map[ch]) obstack_1grow (obs, map[ch]); } }",m4,,,57225086250404878070026129453177631968,0 33,['CWE-264'],"static PHP_METHOD(SQLite, sqliteCreateCollation) { struct pdo_sqlite_collation *collation; zval *callback; char *collation_name; int collation_name_len; char *cbname = NULL; pdo_dbh_t *dbh; pdo_sqlite_db_handle *H; int ret; if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""sz"", &collation_name, &collation_name_len, &callback)) { RETURN_FALSE; } dbh = zend_object_store_get_object(getThis() TSRMLS_CC); PDO_CONSTRUCT_CHECK; if (!zend_is_callable(callback, 0, &cbname TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""function '%s' is not callable"", cbname); efree(cbname); RETURN_FALSE; } efree(cbname); H = (pdo_sqlite_db_handle *)dbh->driver_data; collation = (struct pdo_sqlite_collation*)ecalloc(1, sizeof(*collation)); ret = sqlite3_create_collation(H->db, collation_name, SQLITE_UTF8, collation, php_sqlite3_collation_callback); if (ret == SQLITE_OK) { collation->name = estrdup(collation_name); MAKE_STD_ZVAL(collation->callback); MAKE_COPY_ZVAL(&callback, collation->callback); collation->next = H->collations; H->collations = collation; RETURN_TRUE; } efree(collation); RETURN_FALSE; }",php-src,,,249466686120348405397321436116223163883,0 6393,['CWE-59'],"static void replace_char(char *string, char from, char to, int maxlen) { char *lastchar = string + maxlen; while (string) { string = strchr(string, from); if (string) { *string = to; if (string >= lastchar) return; } } }",samba,,,258928481867144887292520036214443646212,0 2720,CWE-190,"SPL_METHOD(DirectoryIterator, getFilename) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } RETURN_STRING(intern->u.dir.entry.d_name, 1); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,97528353214109,1 151,[],"asmlinkage long compat_sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) { if ((cmd == F_GETLK64) || (cmd == F_SETLK64) || (cmd == F_SETLKW64)) return -EINVAL; return compat_sys_fcntl64(fd, cmd, arg); }",linux-2.6,,,251793236289075852291142041227931085983,0 1122,['CWE-399'],"FixPerRegisters(struct task_struct *task) { struct pt_regs *regs; per_struct *per_info; regs = task_pt_regs(task); per_info = (per_struct *) &task->thread.per_info; per_info->control_regs.bits.em_instruction_fetch = per_info->single_step | per_info->instruction_fetch; if (per_info->single_step) { per_info->control_regs.bits.starting_addr = 0; #ifdef CONFIG_COMPAT if (test_thread_flag(TIF_31BIT)) per_info->control_regs.bits.ending_addr = 0x7fffffffUL; else #endif per_info->control_regs.bits.ending_addr = PSW_ADDR_INSN; } else { per_info->control_regs.bits.starting_addr = per_info->starting_addr; per_info->control_regs.bits.ending_addr = per_info->ending_addr; } if (per_info->control_regs.words.cr[0] & PER_EM_MASK) regs->psw.mask |= PSW_MASK_PER; else regs->psw.mask &= ~PSW_MASK_PER; if (per_info->control_regs.bits.em_storage_alteration) per_info->control_regs.bits.storage_alt_space_ctl = 1; else per_info->control_regs.bits.storage_alt_space_ctl = 0; }",linux-2.6,,,39845233679207798368429288182972620297,0 520,CWE-119,"static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, struct bpf_insn *insn, struct bpf_reg_state *dst_reg, struct bpf_reg_state src_reg) { struct bpf_reg_state *regs = cur_regs(env); u8 opcode = BPF_OP(insn->code); bool src_known, dst_known; s64 smin_val, smax_val; u64 umin_val, umax_val; if (BPF_CLASS(insn->code) != BPF_ALU64) { coerce_reg_to_32(dst_reg); coerce_reg_to_32(&src_reg); } smin_val = src_reg.smin_value; smax_val = src_reg.smax_value; umin_val = src_reg.umin_value; umax_val = src_reg.umax_value; src_known = tnum_is_const(src_reg.var_off); dst_known = tnum_is_const(dst_reg->var_off); switch (opcode) { case BPF_ADD: if (signed_add_overflows(dst_reg->smin_value, smin_val) || signed_add_overflows(dst_reg->smax_value, smax_val)) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value += smin_val; dst_reg->smax_value += smax_val; } if (dst_reg->umin_value + umin_val < umin_val || dst_reg->umax_value + umax_val < umax_val) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value += umin_val; dst_reg->umax_value += umax_val; } dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off); break; case BPF_SUB: if (signed_sub_overflows(dst_reg->smin_value, smax_val) || signed_sub_overflows(dst_reg->smax_value, smin_val)) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value -= smax_val; dst_reg->smax_value -= smin_val; } if (dst_reg->umin_value < umax_val) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value -= umax_val; dst_reg->umax_value -= umin_val; } dst_reg->var_off = tnum_sub(dst_reg->var_off, src_reg.var_off); break; case BPF_MUL: dst_reg->var_off = tnum_mul(dst_reg->var_off, src_reg.var_off); if (smin_val < 0 || dst_reg->smin_value < 0) { __mark_reg_unbounded(dst_reg); __update_reg_bounds(dst_reg); break; } if (umax_val > U32_MAX || dst_reg->umax_value > U32_MAX) { __mark_reg_unbounded(dst_reg); __update_reg_bounds(dst_reg); break; } dst_reg->umin_value *= umin_val; dst_reg->umax_value *= umax_val; if (dst_reg->umax_value > S64_MAX) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } break; case BPF_AND: if (src_known && dst_known) { __mark_reg_known(dst_reg, dst_reg->var_off.value & src_reg.var_off.value); break; } dst_reg->var_off = tnum_and(dst_reg->var_off, src_reg.var_off); dst_reg->umin_value = dst_reg->var_off.value; dst_reg->umax_value = min(dst_reg->umax_value, umax_val); if (dst_reg->smin_value < 0 || smin_val < 0) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } __update_reg_bounds(dst_reg); break; case BPF_OR: if (src_known && dst_known) { __mark_reg_known(dst_reg, dst_reg->var_off.value | src_reg.var_off.value); break; } dst_reg->var_off = tnum_or(dst_reg->var_off, src_reg.var_off); dst_reg->umin_value = max(dst_reg->umin_value, umin_val); dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask; if (dst_reg->smin_value < 0 || smin_val < 0) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } __update_reg_bounds(dst_reg); break; case BPF_LSH: if (umax_val > 63) { mark_reg_unknown(env, regs, insn->dst_reg); break; } dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; if (dst_reg->umax_value > 1ULL << (63 - umax_val)) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value <<= umin_val; dst_reg->umax_value <<= umax_val; } if (src_known) dst_reg->var_off = tnum_lshift(dst_reg->var_off, umin_val); else dst_reg->var_off = tnum_lshift(tnum_unknown, umin_val); __update_reg_bounds(dst_reg); break; case BPF_RSH: if (umax_val > 63) { mark_reg_unknown(env, regs, insn->dst_reg); break; } dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; if (src_known) dst_reg->var_off = tnum_rshift(dst_reg->var_off, umin_val); else dst_reg->var_off = tnum_rshift(tnum_unknown, umin_val); dst_reg->umin_value >>= umax_val; dst_reg->umax_value >>= umin_val; __update_reg_bounds(dst_reg); break; default: mark_reg_unknown(env, regs, insn->dst_reg); break; } __reg_deduce_bounds(dst_reg); __reg_bound_offset(dst_reg); return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,268404670815547,1 3959,['CWE-362'],"static inline int inotify_inode_watched(struct inode *inode) { return !list_empty(&inode->inotify_watches); }",linux-2.6,,,129900577550860913865769838636350187969,0 2759,CWE-476," */ static void php_wddx_pop_element(void *user_data, const XML_Char *name) { st_entry *ent1, *ent2; wddx_stack *stack = (wddx_stack *)user_data; HashTable *target_hash; zend_class_entry **pce; zval *obj; zval *tmp; TSRMLS_FETCH(); if (stack->top == 0) { return; } if (!strcmp(name, EL_STRING) || !strcmp(name, EL_NUMBER) || !strcmp(name, EL_BOOLEAN) || !strcmp(name, EL_NULL) || !strcmp(name, EL_ARRAY) || !strcmp(name, EL_STRUCT) || !strcmp(name, EL_RECORDSET) || !strcmp(name, EL_BINARY) || !strcmp(name, EL_DATETIME)) { wddx_stack_top(stack, (void**)&ent1); if (!ent1->data) { if (stack->top > 1) { stack->top--; efree(ent1); } else { stack->done = 1; } return; } if (!strcmp(name, EL_BINARY)) { int new_len=0; unsigned char *new_str; new_str = php_base64_decode(Z_STRVAL_P(ent1->data), Z_STRLEN_P(ent1->data), &new_len); STR_FREE(Z_STRVAL_P(ent1->data)); if (new_str) { Z_STRVAL_P(ent1->data) = new_str; Z_STRLEN_P(ent1->data) = new_len; } else { ZVAL_EMPTY_STRING(ent1->data); } } if (Z_TYPE_P(ent1->data) == IS_OBJECT) { zval *fname, *retval = NULL; MAKE_STD_ZVAL(fname); ZVAL_STRING(fname, ""__wakeup"", 1); call_user_function_ex(NULL, &ent1->data, fname, &retval, 0, 0, 0, NULL TSRMLS_CC); zval_dtor(fname); FREE_ZVAL(fname); if (retval) { zval_ptr_dtor(&retval); } } if (stack->top > 1) { stack->top--; wddx_stack_top(stack, (void**)&ent2); if (ent2->data == NULL) { zval_ptr_dtor(&ent1->data); efree(ent1); return; } if (Z_TYPE_P(ent2->data) == IS_ARRAY || Z_TYPE_P(ent2->data) == IS_OBJECT) { target_hash = HASH_OF(ent2->data); if (ent1->varname) { if (!strcmp(ent1->varname, PHP_CLASS_NAME_VAR) && Z_TYPE_P(ent1->data) == IS_STRING && Z_STRLEN_P(ent1->data) && ent2->type == ST_STRUCT && Z_TYPE_P(ent2->data) == IS_ARRAY) { zend_bool incomplete_class = 0; zend_str_tolower(Z_STRVAL_P(ent1->data), Z_STRLEN_P(ent1->data)); if (zend_hash_find(EG(class_table), Z_STRVAL_P(ent1->data), Z_STRLEN_P(ent1->data)+1, (void **) &pce)==FAILURE) { incomplete_class = 1; pce = &PHP_IC_ENTRY; } MAKE_STD_ZVAL(obj); object_init_ex(obj, *pce); zend_hash_merge(Z_OBJPROP_P(obj), Z_ARRVAL_P(ent2->data), (void (*)(void *)) zval_add_ref, (void *) &tmp, sizeof(zval *), 0); if (incomplete_class) { php_store_class_name(obj, Z_STRVAL_P(ent1->data), Z_STRLEN_P(ent1->data)); } zval_ptr_dtor(&ent2->data); ent2->data = obj; zval_ptr_dtor(&ent1->data); } else if (Z_TYPE_P(ent2->data) == IS_OBJECT) { zend_class_entry *old_scope = EG(scope); EG(scope) = Z_OBJCE_P(ent2->data); Z_DELREF_P(ent1->data); add_property_zval(ent2->data, ent1->varname, ent1->data); EG(scope) = old_scope; } else { zend_symtable_update(target_hash, ent1->varname, strlen(ent1->varname)+1, &ent1->data, sizeof(zval *), NULL); } efree(ent1->varname); } else { zend_hash_next_index_insert(target_hash, &ent1->data, sizeof(zval *), NULL); } } efree(ent1); } else { stack->done = 1; } } else if (!strcmp(name, EL_VAR) && stack->varname) { efree(stack->varname); stack->varname = NULL; } else if (!strcmp(name, EL_FIELD)) { st_entry *ent; wddx_stack_top(stack, (void **)&ent); efree(ent); stack->top--; }",visit repo url,ext/wddx/wddx.c,https://github.com/php/php-src,197221640843886,1 6390,['CWE-59'],"static size_t strlcpy(char *d, const char *s, size_t bufsize) { size_t len = strlen(s); size_t ret = len; if (bufsize <= 0) return 0; if (len >= bufsize) len = bufsize-1; memcpy(d, s, len); d[len] = 0; return ret; }",samba,,,61643274158124939556807021479236296695,0 3758,CWE-125,"int yr_re_fast_exec( uint8_t* code, uint8_t* input_data, size_t input_forwards_size, size_t input_backwards_size, int flags, RE_MATCH_CALLBACK_FUNC callback, void* callback_args, int* matches) { RE_REPEAT_ANY_ARGS* repeat_any_args; uint8_t* code_stack[MAX_FAST_RE_STACK]; uint8_t* input_stack[MAX_FAST_RE_STACK]; int matches_stack[MAX_FAST_RE_STACK]; uint8_t* ip = code; uint8_t* input = input_data; uint8_t* next_input; uint8_t* next_opcode; uint8_t mask; uint8_t value; int i; int stop; int input_incr; int sp = 0; int bytes_matched; int max_bytes_matched; max_bytes_matched = flags & RE_FLAGS_BACKWARDS ? (int) input_backwards_size : (int) input_forwards_size; input_incr = flags & RE_FLAGS_BACKWARDS ? -1 : 1; if (flags & RE_FLAGS_BACKWARDS) input--; code_stack[sp] = code; input_stack[sp] = input; matches_stack[sp] = 0; sp++; while (sp > 0) { sp--; ip = code_stack[sp]; input = input_stack[sp]; bytes_matched = matches_stack[sp]; stop = FALSE; while(!stop) { if (*ip == RE_OPCODE_MATCH) { if (flags & RE_FLAGS_EXHAUSTIVE) { FAIL_ON_ERROR(callback( flags & RE_FLAGS_BACKWARDS ? input + 1 : input_data, bytes_matched, flags, callback_args)); break; } else { if (matches != NULL) *matches = bytes_matched; return ERROR_SUCCESS; } } if (bytes_matched >= max_bytes_matched) break; switch(*ip) { case RE_OPCODE_LITERAL: if (*input == *(ip + 1)) { bytes_matched++; input += input_incr; ip += 2; } else { stop = TRUE; } break; case RE_OPCODE_MASKED_LITERAL: value = *(int16_t*)(ip + 1) & 0xFF; mask = *(int16_t*)(ip + 1) >> 8; if ((*input & mask) == value) { bytes_matched++; input += input_incr; ip += 3; } else { stop = TRUE; } break; case RE_OPCODE_ANY: bytes_matched++; input += input_incr; ip += 1; break; case RE_OPCODE_REPEAT_ANY_UNGREEDY: repeat_any_args = (RE_REPEAT_ANY_ARGS*)(ip + 1); next_opcode = ip + 1 + sizeof(RE_REPEAT_ANY_ARGS); for (i = repeat_any_args->min + 1; i <= repeat_any_args->max; i++) { next_input = input + i * input_incr; if (bytes_matched + i >= max_bytes_matched) break; if ( *(next_opcode) != RE_OPCODE_LITERAL || (*(next_opcode) == RE_OPCODE_LITERAL && *(next_opcode + 1) == *next_input)) { if (sp >= MAX_FAST_RE_STACK) return -4; code_stack[sp] = next_opcode; input_stack[sp] = next_input; matches_stack[sp] = bytes_matched + i; sp++; } } input += input_incr * repeat_any_args->min; bytes_matched += repeat_any_args->min; ip = next_opcode; break; default: assert(FALSE); } } } if (matches != NULL) *matches = -1; return ERROR_SUCCESS; }",visit repo url,libyara/re.c,https://github.com/VirusTotal/yara,143885460378177,1 1951,CWE-401,"int cx23888_ir_probe(struct cx23885_dev *dev) { struct cx23888_ir_state *state; struct v4l2_subdev *sd; struct v4l2_subdev_ir_parameters default_params; int ret; state = kzalloc(sizeof(struct cx23888_ir_state), GFP_KERNEL); if (state == NULL) return -ENOMEM; spin_lock_init(&state->rx_kfifo_lock); if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL)) return -ENOMEM; state->dev = dev; sd = &state->sd; v4l2_subdev_init(sd, &cx23888_ir_controller_ops); v4l2_set_subdevdata(sd, state); snprintf(sd->name, sizeof(sd->name), ""%s/888-ir"", dev->name); sd->grp_id = CX23885_HW_888_IR; ret = v4l2_device_register_subdev(&dev->v4l2_dev, sd); if (ret == 0) { cx23888_ir_write4(dev, CX23888_IR_IRQEN_REG, 0); mutex_init(&state->rx_params_lock); default_params = default_rx_params; v4l2_subdev_call(sd, ir, rx_s_parameters, &default_params); mutex_init(&state->tx_params_lock); default_params = default_tx_params; v4l2_subdev_call(sd, ir, tx_s_parameters, &default_params); } else { kfifo_free(&state->rx_kfifo); } return ret; }",visit repo url,drivers/media/pci/cx23885/cx23888-ir.c,https://github.com/torvalds/linux,183773732444219,1 1358,CWE-362,"static int ext4_split_extent(handle_t *handle, struct inode *inode, struct ext4_ext_path *path, struct ext4_map_blocks *map, int split_flag, int flags) { ext4_lblk_t ee_block; struct ext4_extent *ex; unsigned int ee_len, depth; int err = 0; int uninitialized; int split_flag1, flags1; depth = ext_depth(inode); ex = path[depth].p_ext; ee_block = le32_to_cpu(ex->ee_block); ee_len = ext4_ext_get_actual_len(ex); uninitialized = ext4_ext_is_uninitialized(ex); if (map->m_lblk + map->m_len < ee_block + ee_len) { split_flag1 = split_flag & EXT4_EXT_MAY_ZEROOUT ? EXT4_EXT_MAY_ZEROOUT : 0; flags1 = flags | EXT4_GET_BLOCKS_PRE_IO; if (uninitialized) split_flag1 |= EXT4_EXT_MARK_UNINIT1 | EXT4_EXT_MARK_UNINIT2; err = ext4_split_extent_at(handle, inode, path, map->m_lblk + map->m_len, split_flag1, flags1); if (err) goto out; } ext4_ext_drop_refs(path); path = ext4_ext_find_extent(inode, map->m_lblk, path); if (IS_ERR(path)) return PTR_ERR(path); if (map->m_lblk >= ee_block) { split_flag1 = split_flag & EXT4_EXT_MAY_ZEROOUT ? EXT4_EXT_MAY_ZEROOUT : 0; if (uninitialized) split_flag1 |= EXT4_EXT_MARK_UNINIT1; if (split_flag & EXT4_EXT_MARK_UNINIT2) split_flag1 |= EXT4_EXT_MARK_UNINIT2; err = ext4_split_extent_at(handle, inode, path, map->m_lblk, split_flag1, flags); if (err) goto out; } ext4_ext_show_leaf(inode, path); out: return err ? err : map->m_len; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,24632604886459,1 1471,CWE-264,"perf_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { struct perf_event *event = file->private_data; return perf_read_hw(event, buf, count); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,152543625157634,1 279,CWE-388,"static void vmx_complete_atomic_exit(struct vcpu_vmx *vmx) { u32 exit_intr_info; if (!(vmx->exit_reason == EXIT_REASON_MCE_DURING_VMENTRY || vmx->exit_reason == EXIT_REASON_EXCEPTION_NMI)) return; vmx->exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO); exit_intr_info = vmx->exit_intr_info; if (is_machine_check(exit_intr_info)) kvm_machine_check(); if ((exit_intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR && (exit_intr_info & INTR_INFO_VALID_MASK)) { kvm_before_handle_nmi(&vmx->vcpu); asm(""int $2""); kvm_after_handle_nmi(&vmx->vcpu); } }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,89007523710904,1 330,['CWE-20'],"unsigned long convert_rip_to_linear(struct task_struct *child, struct pt_regs *regs) { unsigned long addr, seg; addr = regs->rip; seg = regs->cs & 0xffff; if (seg & LDT_SEGMENT) { u32 *desc; unsigned long base; seg &= ~7UL; down(&child->mm->context.sem); if (unlikely((seg >> 3) >= child->mm->context.size)) addr = -1L; else { desc = child->mm->context.ldt + seg; base = ((desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000)); if (!((desc[1] >> 22) & 1)) addr &= 0xffff; addr += base; } up(&child->mm->context.sem); } return addr; }",linux-2.6,,,9885399700456915300564111112254112030,0 820,['CWE-16'],"static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) { struct esp_data *esp = x->data; u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); u32 align = max_t(u32, blksize, esp->padlen); u32 rem; mtu -= x->props.header_len + crypto_aead_authsize(esp->aead); rem = mtu & (align - 1); mtu &= ~(align - 1); switch (x->props.mode) { case XFRM_MODE_TUNNEL: break; default: case XFRM_MODE_TRANSPORT: mtu -= blksize - 4; mtu += min_t(u32, blksize - 4, rem); break; case XFRM_MODE_BEET: mtu += min_t(u32, IPV4_BEET_PHMAXLEN, rem); break; } return mtu - 2; }",linux-2.6,,,202193602287432024044439151421697046651,0 5743,['CWE-200'],"static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); int noblock = flags & MSG_DONTWAIT; size_t copied = 0; int target, err; long timeo; IRDA_DEBUG(3, ""%s()\n"", __func__); if ((err = sock_error(sk)) < 0) return err; if (sock->flags & __SO_ACCEPTCON) return(-EINVAL); if (flags & MSG_OOB) return -EOPNOTSUPP; target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, noblock); msg->msg_namelen = 0; do { int chunk; struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue); if (skb == NULL) { DEFINE_WAIT(wait); int ret = 0; if (copied >= target) break; prepare_to_wait_exclusive(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); ret = sock_error(sk); if (ret) ; else if (sk->sk_shutdown & RCV_SHUTDOWN) ; else if (noblock) ret = -EAGAIN; else if (signal_pending(current)) ret = sock_intr_errno(timeo); else if (sk->sk_state != TCP_ESTABLISHED) ret = -ENOTCONN; else if (skb_peek(&sk->sk_receive_queue) == NULL) schedule(); finish_wait(sk->sk_sleep, &wait); if (ret) return ret; if (sk->sk_shutdown & RCV_SHUTDOWN) break; continue; } chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { IRDA_DEBUG(1, ""%s(), back on q!\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { IRDA_DEBUG(0, ""%s() questionable!?\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",linux-2.6,,,100568376165509204584153623292624290579,0 3877,CWE-416,"init_evalarg(evalarg_T *evalarg) { CLEAR_POINTER(evalarg); ga_init2(&evalarg->eval_tofree_ga, sizeof(char_u *), 20); }",visit repo url,src/eval.c,https://github.com/vim/vim,45090980916688,1 5924,CWE-120,"static Jsi_RC SysGetEnvCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { extern char **environ; char *cp; int i; if (interp->isSafe) return Jsi_LogError(""no getenv in safe mode""); Jsi_Value *v = Jsi_ValueArrayIndex(interp, args, 0); if (v != NULL) { const char *fnam = Jsi_ValueString(interp, v, NULL); if (!fnam) return Jsi_LogError(""arg1: expected string 'name'""); cp = getenv(fnam); if (cp != NULL) { Jsi_ValueMakeStringDup(interp, ret, cp); } return JSI_OK; } Jsi_Value *vres; Jsi_Obj *ores = Jsi_ObjNew(interp); Jsi_Value *nnv; char *val, nam[200]; vres = Jsi_ValueMakeObject(interp, NULL, ores); for (i=0; ; i++) { int n; cp = environ[i]; if (cp == 0 || ((val = Jsi_Strchr(cp, '='))==NULL)) break; n = val-cp+1; if (n>=(int)sizeof(nam)) n = sizeof(nam)-1; Jsi_Strncpy(nam, cp, n); val = val+1; nnv = Jsi_ValueMakeStringDup(interp, NULL, val); Jsi_ObjInsert(interp, ores, nam, nnv, 0); } Jsi_ValueReplace(interp, ret, vres); return JSI_OK; }",visit repo url,src/jsiCmds.c,https://github.com/pcmacdon/jsish,43588406591436,1 317,[],"static int vt_check(struct file *file) { struct tty_struct *tty; struct inode *inode = file->f_dentry->d_inode; if (file->f_op->ioctl != tty_ioctl) return -EINVAL; tty = (struct tty_struct *)file->private_data; if (tty_paranoia_check(tty, inode, ""tty_ioctl"")) return -EINVAL; if (tty->driver->ioctl != vt_ioctl) return -EINVAL; if (current->signal->tty == tty || capable(CAP_SYS_ADMIN)) return 1; return 0; }",linux-2.6,,,132222473242708534241850732634716809969,0 6612,CWE-787,"static int parse_multipart( ogs_sbi_message_t *message, ogs_sbi_http_message_t *http) { char *boundary = NULL; int i; multipart_parser_settings settings; multipart_parser_data_t data; multipart_parser *parser = NULL; ogs_assert(message); ogs_assert(http); memset(&settings, 0, sizeof(settings)); settings.on_header_field = &on_header_field; settings.on_header_value = &on_header_value; settings.on_part_data = &on_part_data; settings.on_part_data_end = &on_part_data_end; for (i = 0; i < http->content_length; i++) { if (http->content[i] == '\r' && http->content[i+1] == '\n') break; } if (i >= http->content_length) { ogs_error(""Invalid HTTP content [%d]"", i); ogs_log_hexdump(OGS_LOG_ERROR, (unsigned char *)http->content, http->content_length); return OGS_ERROR; } boundary = ogs_strndup(http->content, i); ogs_assert(boundary); parser = multipart_parser_init(boundary, &settings); ogs_assert(parser); memset(&data, 0, sizeof(data)); multipart_parser_set_data(parser, &data); multipart_parser_execute(parser, http->content, http->content_length); multipart_parser_free(parser); ogs_free(boundary); for (i = 0; i < data.num_of_part; i++) { SWITCH(data.part[i].content_type) CASE(OGS_SBI_CONTENT_JSON_TYPE) parse_json(message, data.part[i].content_type, data.part[i].content); if (data.part[i].content_id) ogs_free(data.part[i].content_id); if (data.part[i].content_type) ogs_free(data.part[i].content_type); if (data.part[i].content) ogs_free(data.part[i].content); break; CASE(OGS_SBI_CONTENT_5GNAS_TYPE) CASE(OGS_SBI_CONTENT_NGAP_TYPE) http->part[http->num_of_part].content_id = data.part[i].content_id; http->part[http->num_of_part].content_type = data.part[i].content_type; http->part[http->num_of_part].pkbuf = ogs_pkbuf_alloc(NULL, data.part[i].content_length); ogs_expect_or_return_val( http->part[http->num_of_part].pkbuf, OGS_ERROR); ogs_pkbuf_put_data(http->part[http->num_of_part].pkbuf, data.part[i].content, data.part[i].content_length); message->part[message->num_of_part].content_id = http->part[http->num_of_part].content_id; message->part[message->num_of_part].content_type = http->part[http->num_of_part].content_type; message->part[message->num_of_part].pkbuf = ogs_pkbuf_copy(http->part[http->num_of_part].pkbuf); ogs_expect_or_return_val( message->part[message->num_of_part].pkbuf, OGS_ERROR); http->num_of_part++; message->num_of_part++; if (data.part[i].content) ogs_free(data.part[i].content); break; DEFAULT ogs_error(""Unknown content-type[%s]"", data.part[i].content_type); END } if (data.part[i].content_id) ogs_free(data.part[i].content_id); if (data.part[i].content_type) ogs_free(data.part[i].content_type); if (data.header_field) ogs_free(data.header_field); return OGS_OK; }",visit repo url,lib/sbi/message.c,https://github.com/open5gs/open5gs,93361466900235,1 557,CWE-189,"void ipc_rcu_putref(void *ptr) { if (--container_of(ptr, struct ipc_rcu_hdr, data)->refcount > 0) return; if (container_of(ptr, struct ipc_rcu_hdr, data)->is_vmalloc) { call_rcu(&container_of(ptr, struct ipc_rcu_grace, data)->rcu, ipc_schedule_free); } else { kfree_rcu(container_of(ptr, struct ipc_rcu_grace, data), rcu); } }",visit repo url,ipc/util.c,https://github.com/torvalds/linux,200163601044177,1 4295,CWE-787,"void MACH0_(iterate_chained_fixups)(struct MACH0_(obj_t) *bin, ut64 limit_start, ut64 limit_end, ut32 event_mask, RFixupCallback callback, void * context) { int i = 0; for (; i < bin->nsegs; i++) { if (!bin->chained_starts[i]) { continue; } int page_size = bin->chained_starts[i]->page_size; if (page_size < 1) { page_size = 4096; } ut64 start = bin->segs[i].fileoff; ut64 end = start + bin->segs[i].filesize; if (end >= limit_start && start <= limit_end) { ut64 page_idx = (R_MAX (start, limit_start) - start) / page_size; ut64 page_end_idx = (R_MIN (limit_end, end) - start) / page_size; for (; page_idx <= page_end_idx; page_idx++) { if (page_idx >= bin->chained_starts[i]->page_count) { break; } ut16 page_start = bin->chained_starts[i]->page_start[page_idx]; if (page_start == DYLD_CHAINED_PTR_START_NONE) { continue; } ut64 cursor = start + page_idx * page_size + page_start; while (cursor < limit_end && cursor < end) { ut8 tmp[8]; bool previous_rebasing = bin->rebasing_buffer; bin->rebasing_buffer = true; if (r_buf_read_at (bin->b, cursor, tmp, 8) != 8) { bin->rebasing_buffer = previous_rebasing; break; } bin->rebasing_buffer = previous_rebasing; ut64 raw_ptr = r_read_le64 (tmp); ut64 ptr_value = raw_ptr; ut64 delta, stride, addend; ut16 pointer_format = bin->chained_starts[i]->pointer_format; RFixupEvent event = R_FIXUP_EVENT_NONE; ut8 key = 0, addr_div = 0; ut16 diversity = 0; ut32 ordinal = UT32_MAX; if (pointer_format == DYLD_CHAINED_PTR_ARM64E) { stride = 8; bool is_auth = IS_PTR_AUTH (raw_ptr); bool is_bind = IS_PTR_BIND (raw_ptr); if (is_auth && is_bind) { struct dyld_chained_ptr_arm64e_auth_bind *p = (struct dyld_chained_ptr_arm64e_auth_bind *) &raw_ptr; event = R_FIXUP_EVENT_BIND_AUTH; delta = p->next; ordinal = p->ordinal; key = p->key; addr_div = p->addrDiv; diversity = p->diversity; } else if (!is_auth && is_bind) { struct dyld_chained_ptr_arm64e_bind *p = (struct dyld_chained_ptr_arm64e_bind *) &raw_ptr; event = R_FIXUP_EVENT_BIND; delta = p->next; ordinal = p->ordinal; addend = p->addend; } else if (is_auth && !is_bind) { struct dyld_chained_ptr_arm64e_auth_rebase *p = (struct dyld_chained_ptr_arm64e_auth_rebase *) &raw_ptr; event = R_FIXUP_EVENT_REBASE_AUTH; delta = p->next; ptr_value = p->target + bin->baddr; key = p->key; addr_div = p->addrDiv; diversity = p->diversity; } else { struct dyld_chained_ptr_arm64e_rebase *p = (struct dyld_chained_ptr_arm64e_rebase *) &raw_ptr; event = R_FIXUP_EVENT_REBASE; delta = p->next; ptr_value = ((ut64)p->high8 << 56) | p->target; } } else if (pointer_format == DYLD_CHAINED_PTR_ARM64E_USERLAND24) { stride = 8; struct dyld_chained_ptr_arm64e_bind24 *bind = (struct dyld_chained_ptr_arm64e_bind24 *) &raw_ptr; if (bind->bind) { delta = bind->next; if (bind->auth) { struct dyld_chained_ptr_arm64e_auth_bind24 *p = (struct dyld_chained_ptr_arm64e_auth_bind24 *) &raw_ptr; event = R_FIXUP_EVENT_BIND_AUTH; ordinal = p->ordinal; key = p->key; addr_div = p->addrDiv; diversity = p->diversity; } else { event = R_FIXUP_EVENT_BIND; ordinal = bind->ordinal; addend = bind->addend; } } else { if (bind->auth) { struct dyld_chained_ptr_arm64e_auth_rebase *p = (struct dyld_chained_ptr_arm64e_auth_rebase *) &raw_ptr; event = R_FIXUP_EVENT_REBASE_AUTH; delta = p->next; ptr_value = p->target + bin->baddr; key = p->key; addr_div = p->addrDiv; diversity = p->diversity; } else { struct dyld_chained_ptr_arm64e_rebase *p = (struct dyld_chained_ptr_arm64e_rebase *) &raw_ptr; event = R_FIXUP_EVENT_REBASE; delta = p->next; ptr_value = bin->baddr + (((ut64)p->high8 << 56) | p->target); } } } else if (pointer_format == DYLD_CHAINED_PTR_64_OFFSET) { stride = 4; struct dyld_chained_ptr_64_bind *bind = (struct dyld_chained_ptr_64_bind *) &raw_ptr; if (bind->bind) { event = R_FIXUP_EVENT_BIND; delta = bind->next; ordinal = bind->ordinal; addend = bind->addend; } else { struct dyld_chained_ptr_64_rebase *p = (struct dyld_chained_ptr_64_rebase *) &raw_ptr; event = R_FIXUP_EVENT_REBASE; delta = p->next; ptr_value = bin->baddr + (((ut64)p->high8 << 56) | p->target); } } else { eprintf (""Unsupported chained pointer format %d\n"", pointer_format); return; } if (cursor >= limit_start && cursor <= limit_end - 8 && (event & event_mask) != 0) { bool carry_on; switch (event) { case R_FIXUP_EVENT_BIND: { RFixupBindEventDetails event_details; event_details.type = event; event_details.bin = bin; event_details.offset = cursor; event_details.raw_ptr = raw_ptr; event_details.ordinal = ordinal; event_details.addend = addend; carry_on = callback (context, (RFixupEventDetails *) &event_details); break; } case R_FIXUP_EVENT_BIND_AUTH: { RFixupBindAuthEventDetails event_details; event_details.type = event; event_details.bin = bin; event_details.offset = cursor; event_details.raw_ptr = raw_ptr; event_details.ordinal = ordinal; event_details.key = key; event_details.addr_div = addr_div; event_details.diversity = diversity; carry_on = callback (context, (RFixupEventDetails *) &event_details); break; } case R_FIXUP_EVENT_REBASE: { RFixupRebaseEventDetails event_details; event_details.type = event; event_details.bin = bin; event_details.offset = cursor; event_details.raw_ptr = raw_ptr; event_details.ptr_value = ptr_value; carry_on = callback (context, (RFixupEventDetails *) &event_details); break; } case R_FIXUP_EVENT_REBASE_AUTH: { RFixupRebaseAuthEventDetails event_details; event_details.type = event; event_details.bin = bin; event_details.offset = cursor; event_details.raw_ptr = raw_ptr; event_details.ptr_value = ptr_value; event_details.key = key; event_details.addr_div = addr_div; event_details.diversity = diversity; carry_on = callback (context, (RFixupEventDetails *) &event_details); break; } default: eprintf (""Unexpected event while iterating chained fixups\n""); carry_on = false; } if (!carry_on) { return; } } cursor += delta * stride; if (!delta) { break; } } } } } }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radareorg/radare2,27350751044652,1 5144,['CWE-20'],"static void __vcpu_clear(void *arg) { struct vcpu_vmx *vmx = arg; int cpu = raw_smp_processor_id(); if (vmx->vcpu.cpu == cpu) vmcs_clear(vmx->vmcs); if (per_cpu(current_vmcs, cpu) == vmx->vmcs) per_cpu(current_vmcs, cpu) = NULL; rdtscll(vmx->vcpu.arch.host_tsc); list_del(&vmx->local_vcpus_link); vmx->vcpu.cpu = -1; vmx->launched = 0; }",linux-2.6,,,253637035719232681911310037880702012361,0 5637,CWE-125,"ast_for_trailer(struct compiling *c, const node *n, expr_ty left_expr) { REQ(n, trailer); if (TYPE(CHILD(n, 0)) == LPAR) { if (NCH(n) == 2) return Call(left_expr, NULL, NULL, LINENO(n), n->n_col_offset, c->c_arena); else return ast_for_call(c, CHILD(n, 1), left_expr); } else if (TYPE(CHILD(n, 0)) == DOT) { PyObject *attr_id = NEW_IDENTIFIER(CHILD(n, 1)); if (!attr_id) return NULL; return Attribute(left_expr, attr_id, Load, LINENO(n), n->n_col_offset, c->c_arena); } else { REQ(CHILD(n, 0), LSQB); REQ(CHILD(n, 2), RSQB); n = CHILD(n, 1); if (NCH(n) == 1) { slice_ty slc = ast_for_slice(c, CHILD(n, 0)); if (!slc) return NULL; return Subscript(left_expr, slc, Load, LINENO(n), n->n_col_offset, c->c_arena); } else { int j; slice_ty slc; expr_ty e; int simple = 1; asdl_seq *slices, *elts; slices = _Ta3_asdl_seq_new((NCH(n) + 1) / 2, c->c_arena); if (!slices) return NULL; for (j = 0; j < NCH(n); j += 2) { slc = ast_for_slice(c, CHILD(n, j)); if (!slc) return NULL; if (slc->kind != Index_kind) simple = 0; asdl_seq_SET(slices, j / 2, slc); } if (!simple) { return Subscript(left_expr, ExtSlice(slices, c->c_arena), Load, LINENO(n), n->n_col_offset, c->c_arena); } elts = _Ta3_asdl_seq_new(asdl_seq_LEN(slices), c->c_arena); if (!elts) return NULL; for (j = 0; j < asdl_seq_LEN(slices); ++j) { slc = (slice_ty)asdl_seq_GET(slices, j); assert(slc->kind == Index_kind && slc->v.Index.value); asdl_seq_SET(elts, j, slc->v.Index.value); } e = Tuple(elts, Load, LINENO(n), n->n_col_offset, c->c_arena); if (!e) return NULL; return Subscript(left_expr, Index(e, c->c_arena), Load, LINENO(n), n->n_col_offset, c->c_arena); } } }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,74779696884580,1 4167,['CWE-399'],"void avahi_server_prepare_matching_responses(AvahiServer *s, AvahiInterface *i, AvahiKey *k, int unicast_response) { assert(s); assert(i); assert(k); if (avahi_key_is_pattern(k)) { AvahiEntry *e; for (e = s->entries; e; e = e->entries_next) if (!e->dead && avahi_key_pattern_match(k, e->record->key) && avahi_entry_is_registered(s, e, i)) avahi_server_prepare_response(s, i, e, unicast_response, 0); } else { AvahiEntry *e; for (e = avahi_hashmap_lookup(s->entries_by_key, k); e; e = e->by_key_next) if (!e->dead && avahi_entry_is_registered(s, e, i)) avahi_server_prepare_response(s, i, e, unicast_response, 0); } if ((k->clazz == AVAHI_DNS_CLASS_IN || k->clazz == AVAHI_DNS_CLASS_ANY) && k->type != AVAHI_DNS_TYPE_CNAME && k->type != AVAHI_DNS_TYPE_ANY) { AvahiKey *cname_key; if (!(cname_key = avahi_key_new(k->name, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_CNAME))) return; avahi_server_prepare_matching_responses(s, i, cname_key, unicast_response); avahi_key_unref(cname_key); } }",avahi,,,325022608024745788233470919470265240473,0 2211,['CWE-193'],"static int sync_page(void *word) { struct address_space *mapping; struct page *page; page = container_of((unsigned long *)word, struct page, flags); smp_mb(); mapping = page_mapping(page); if (mapping && mapping->a_ops && mapping->a_ops->sync_page) mapping->a_ops->sync_page(page); io_schedule(); return 0; }",linux-2.6,,,115760048014125022948645393586689127896,0 2658,CWE-125,"static inline int _setEdgePixel(const gdImagePtr src, unsigned int x, unsigned int y, gdFixed coverage, const int bgColor) { const gdFixed f_127 = gd_itofx(127); register int c = src->tpixels[y][x]; c = c | (( (int) (gd_fxtof(gd_mulfx(coverage, f_127)) + 50.5f)) << 24); return _color_blend(bgColor, c); }",visit repo url,ext/gd/libgd/gd_interpolation.c,https://github.com/php/php-src,57672647806279,1 6236,['CWE-200'],"qdisc_create(struct net_device *dev, u32 handle, struct rtattr **tca, int *errp) { int err; struct rtattr *kind = tca[TCA_KIND-1]; void *p = NULL; struct Qdisc *sch; struct Qdisc_ops *ops; int size; ops = qdisc_lookup_ops(kind); #ifdef CONFIG_KMOD if (ops == NULL && kind != NULL) { char name[IFNAMSIZ]; if (rtattr_strlcpy(name, kind, IFNAMSIZ) < IFNAMSIZ) { rtnl_unlock(); request_module(""sch_%s"", name); rtnl_lock(); ops = qdisc_lookup_ops(kind); if (ops != NULL) { module_put(ops->owner); err = -EAGAIN; goto err_out; } } } #endif err = -EINVAL; if (ops == NULL) goto err_out; size = ((sizeof(*sch) + QDISC_ALIGN_CONST) & ~QDISC_ALIGN_CONST); size += ops->priv_size + QDISC_ALIGN_CONST; p = kmalloc(size, GFP_KERNEL); err = -ENOBUFS; if (!p) goto err_out2; memset(p, 0, size); sch = (struct Qdisc *)(((unsigned long)p + QDISC_ALIGN_CONST) & ~QDISC_ALIGN_CONST); sch->padded = (char *)sch - (char *)p; INIT_LIST_HEAD(&sch->list); skb_queue_head_init(&sch->q); if (handle == TC_H_INGRESS) sch->flags |= TCQ_F_INGRESS; sch->ops = ops; sch->enqueue = ops->enqueue; sch->dequeue = ops->dequeue; sch->dev = dev; dev_hold(dev); atomic_set(&sch->refcnt, 1); sch->stats_lock = &dev->queue_lock; if (handle == 0) { handle = qdisc_alloc_handle(dev); err = -ENOMEM; if (handle == 0) goto err_out3; } if (handle == TC_H_INGRESS) sch->handle =TC_H_MAKE(TC_H_INGRESS, 0); else sch->handle = handle; if (!ops->init || (err = ops->init(sch, tca[TCA_OPTIONS-1])) == 0) { qdisc_lock_tree(dev); list_add_tail(&sch->list, &dev->qdisc_list); qdisc_unlock_tree(dev); #ifdef CONFIG_NET_ESTIMATOR if (tca[TCA_RATE-1]) gen_new_estimator(&sch->bstats, &sch->rate_est, sch->stats_lock, tca[TCA_RATE-1]); #endif return sch; } err_out3: dev_put(dev); err_out2: module_put(ops->owner); err_out: *errp = err; if (p) kfree(p); return NULL; }",linux-2.6,,,285062441799460463152959977816993895411,0 3964,['CWE-362'],"static void destroy_watch(struct inotify_watch *watch) { struct audit_chunk *chunk = container_of(watch, struct audit_chunk, watch); call_rcu(&chunk->head, __put_chunk); }",linux-2.6,,,263827045900402420510256928871970230028,0 3345,[],"static inline int nlmsg_report(struct nlmsghdr *nlh) { return !!(nlh->nlmsg_flags & NLM_F_ECHO); }",linux-2.6,,,112663620032630232611371079262940613175,0 951,['CWE-200'],"static inline int shmem_parse_mpol(char *value, int *policy, nodemask_t *policy_nodes) { return 1; }",linux-2.6,,,293324303171425745601161025320489823263,0 1189,['CWE-189'],static inline void hrtimer_remove_cb_pending(struct hrtimer *timer) { },linux-2.6,,,24610536515580308371177317428926514253,0 3986,['CWE-362'],"void inotify_init_watch(struct inotify_watch *watch) { INIT_LIST_HEAD(&watch->h_list); INIT_LIST_HEAD(&watch->i_list); atomic_set(&watch->count, 0); get_inotify_watch(watch); }",linux-2.6,,,228679991733782625595217957839905184278,0 621,['CWE-189'],"ieee80211_rx_frame_decrypt(struct ieee80211_device *ieee, struct sk_buff *skb, struct ieee80211_crypt_data *crypt) { struct ieee80211_hdr_3addr *hdr; int res, hdrlen; if (crypt == NULL || crypt->ops->decrypt_mpdu == NULL) return 0; hdr = (struct ieee80211_hdr_3addr *)skb->data; hdrlen = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); atomic_inc(&crypt->refcnt); res = crypt->ops->decrypt_mpdu(skb, hdrlen, crypt->priv); atomic_dec(&crypt->refcnt); if (res < 0) { IEEE80211_DEBUG_DROP(""decryption failed (SA="" MAC_FMT "") res=%d\n"", MAC_ARG(hdr->addr2), res); if (res == -2) IEEE80211_DEBUG_DROP(""Decryption failed ICV "" ""mismatch (key %d)\n"", skb->data[hdrlen + 3] >> 6); ieee->ieee_stats.rx_discards_undecryptable++; return -1; } return res; }",linux-2.6,,,53936688539753820443261848750969169847,0 1854,['CWE-189'],"_gnutls_send_server_hello (gnutls_session_t session, int again) { opaque *data = NULL; opaque extdata[MAX_EXT_DATA_LENGTH]; int extdatalen; int pos = 0; int datalen, ret = 0; uint8_t comp; opaque *SessionID = session->security_parameters.session_id; uint8_t session_id_len = session->security_parameters.session_id_size; opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; if (SessionID == NULL) session_id_len = 0; datalen = 0; #ifdef ENABLE_SRP if (IS_SRP_KX (_gnutls_cipher_suite_get_kx_algo (&session->security_parameters.current_cipher_suite))) { if (session->internals.resumed == RESUME_FALSE && session->security_parameters.extensions.srp_username[0] == 0) { gnutls_assert (); ret = gnutls_alert_send (session, GNUTLS_AL_FATAL, GNUTLS_A_UNKNOWN_PSK_IDENTITY); if (ret < 0) { gnutls_assert (); return ret; } return GNUTLS_E_ILLEGAL_SRP_USERNAME; } } #endif if (again == 0) { datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3; extdatalen = _gnutls_gen_extensions (session, extdata, sizeof (extdata)); if (extdatalen < 0) { gnutls_assert (); return extdatalen; } data = gnutls_malloc (datalen + extdatalen); if (data == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } data[pos++] = _gnutls_version_get_major (session->security_parameters.version); data[pos++] = _gnutls_version_get_minor (session->security_parameters.version); memcpy (&data[pos], session->security_parameters.server_random, TLS_RANDOM_SIZE); pos += TLS_RANDOM_SIZE; data[pos++] = session_id_len; if (session_id_len > 0) { memcpy (&data[pos], SessionID, session_id_len); } pos += session_id_len; _gnutls_handshake_log (""HSK[%x]: SessionID: %s\n"", session, _gnutls_bin2hex (SessionID, session_id_len, buf, sizeof (buf))); memcpy (&data[pos], session->security_parameters.current_cipher_suite.suite, 2); pos += 2; comp = (uint8_t) _gnutls_compression_get_num (session-> internals.compression_method); data[pos++] = comp; if (extdatalen > 0) { datalen += extdatalen; memcpy (&data[pos], extdata, extdatalen); } } ret = _gnutls_send_handshake (session, data, datalen, GNUTLS_HANDSHAKE_SERVER_HELLO); gnutls_free (data); return ret; }",gnutls,,,173809337281851350365041645623225345196,0 2649,[],"static int sctp_getsockopt_partial_delivery_point(struct sock *sk, int len, char __user *optval, int __user *optlen) { u32 val; if (len < sizeof(u32)) return -EINVAL; len = sizeof(u32); val = sctp_sk(sk)->pd_point; if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) return -EFAULT; return -ENOTSUPP; }",linux-2.6,,,220978404486171604188958296868002500048,0 4598,['CWE-399'],"static int ext4_da_write_begin(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned flags, struct page **pagep, void **fsdata) { int ret, retries = 0; struct page *page; pgoff_t index; unsigned from, to; struct inode *inode = mapping->host; handle_t *handle; index = pos >> PAGE_CACHE_SHIFT; from = pos & (PAGE_CACHE_SIZE - 1); to = from + len; if (ext4_nonda_switch(inode->i_sb)) { *fsdata = (void *)FALL_BACK_TO_NONDELALLOC; return ext4_write_begin(file, mapping, pos, len, flags, pagep, fsdata); } *fsdata = (void *)0; trace_mark(ext4_da_write_begin, ""dev %s ino %lu pos %llu len %u flags %u"", inode->i_sb->s_id, inode->i_ino, (unsigned long long) pos, len, flags); retry: handle = ext4_journal_start(inode, 1); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out; } page = grab_cache_page_write_begin(mapping, index, flags); if (!page) { ext4_journal_stop(handle); ret = -ENOMEM; goto out; } *pagep = page; ret = block_write_begin(file, mapping, pos, len, flags, pagep, fsdata, ext4_da_get_block_prep); if (ret < 0) { unlock_page(page); ext4_journal_stop(handle); page_cache_release(page); if (pos + len > inode->i_size) vmtruncate(inode, inode->i_size); } if (ret == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries)) goto retry; out: return ret; }",linux-2.6,,,306692251956770139218895149495166058815,0 5078,CWE-787,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 6060,['CWE-200'],"static void addrconf_dad_start(struct inet6_ifaddr *ifp, u32 flags) { struct inet6_dev *idev = ifp->idev; struct net_device *dev = idev->dev; unsigned long rand_num; addrconf_join_solict(dev, &ifp->addr); if (ifp->prefix_len != 128 && (ifp->flags&IFA_F_PERMANENT)) addrconf_prefix_route(&ifp->addr, ifp->prefix_len, dev, 0, flags); net_srandom(ifp->addr.s6_addr32[3]); rand_num = net_random() % (idev->cnf.rtr_solicit_delay ? : 1); read_lock_bh(&idev->lock); if (ifp->dead) goto out; spin_lock_bh(&ifp->lock); if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) || !(ifp->flags&IFA_F_TENTATIVE)) { ifp->flags &= ~IFA_F_TENTATIVE; spin_unlock_bh(&ifp->lock); read_unlock_bh(&idev->lock); addrconf_dad_completed(ifp); return; } ifp->probes = idev->cnf.dad_transmits; addrconf_mod_timer(ifp, AC_DAD, rand_num); spin_unlock_bh(&ifp->lock); out: read_unlock_bh(&idev->lock); }",linux-2.6,,,116485924549874836151215203208994045824,0 310,CWE-119,"static int set_register(pegasus_t *pegasus, __u16 indx, __u8 data) { int ret; ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0), PEGASUS_REQ_SET_REG, PEGASUS_REQT_WRITE, data, indx, &data, 1, 1000); if (ret < 0) netif_dbg(pegasus, drv, pegasus->net, ""%s returned %d\n"", __func__, ret); return ret; }",visit repo url,drivers/net/usb/pegasus.c,https://github.com/torvalds/linux,95226967249042,1 5410,['CWE-476'],"void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) { kvm_x86_ops->vcpu_put(vcpu); kvm_put_guest_fpu(vcpu); }",linux-2.6,,,311134467771453555721672513929369893621,0 1092,['CWE-399'],"asmlinkage int sys_sigreturn(unsigned long __unused) { struct pt_regs *regs = (struct pt_regs *) &__unused; struct sigframe __user *frame = (struct sigframe __user *)(regs->sp - 8); sigset_t set; int ax; if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) goto badframe; if (__get_user(set.sig[0], &frame->sc.oldmask) || (_NSIG_WORDS > 1 && __copy_from_user(&set.sig[1], &frame->extramask, sizeof(frame->extramask)))) goto badframe; sigdelsetmask(&set, ~_BLOCKABLE); spin_lock_irq(¤t->sighand->siglock); current->blocked = set; recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); if (restore_sigcontext(regs, &frame->sc, &ax)) goto badframe; return ax; badframe: if (show_unhandled_signals && printk_ratelimit()) { printk(""%s%s[%d] bad frame in sigreturn frame:%p ip:%lx"" "" sp:%lx oeax:%lx"", task_pid_nr(current) > 1 ? KERN_INFO : KERN_EMERG, current->comm, task_pid_nr(current), frame, regs->ip, regs->sp, regs->orig_ax); print_vma_addr("" in "", regs->ip); printk(""\n""); } force_sig(SIGSEGV, current); return 0; } ",linux-2.6,,,165270284749089340539167542765556632339,0 5382,['CWE-476'],"static void kernel_pio(struct kvm_io_device *pio_dev, struct kvm_vcpu *vcpu, void *pd) { mutex_lock(&vcpu->kvm->lock); if (vcpu->arch.pio.in) kvm_iodevice_read(pio_dev, vcpu->arch.pio.port, vcpu->arch.pio.size, pd); else kvm_iodevice_write(pio_dev, vcpu->arch.pio.port, vcpu->arch.pio.size, pd); mutex_unlock(&vcpu->kvm->lock); }",linux-2.6,,,239374622918689687794318719043998368045,0 4247,CWE-78,"R_API bool r_sys_mkdirp(const char *dir) { bool ret = true; char slash = R_SYS_DIR[0]; char *path = strdup (dir), *ptr = path; if (!path) { eprintf (""r_sys_mkdirp: Unable to allocate memory\n""); return false; } if (*ptr == slash) { ptr++; } #if __WINDOWS__ { char *p = strstr (ptr, "":\\""); if (p) { ptr = p + 2; } } #endif for (;;) { for (; *ptr; ptr++) { if (*ptr == '/' || *ptr == '\\') { slash = *ptr; break; } } if (!*ptr) { break; } *ptr = 0; if (!r_sys_mkdir (path) && r_sys_mkdir_failed ()) { eprintf (""r_sys_mkdirp: fail '%s' of '%s'\n"", path, dir); free (path); return false; } *ptr = slash; ptr++; } if (!r_sys_mkdir (path) && r_sys_mkdir_failed ()) { ret = false; } free (path); return ret; }",visit repo url,libr/util/sys.c,https://github.com/radareorg/radare2,41041602695116,1 2019,['CWE-269'],"void mnt_pin(struct vfsmount *mnt) { spin_lock(&vfsmount_lock); mnt->mnt_pinned++; spin_unlock(&vfsmount_lock); }",linux-2.6,,,271180373454972643566042784657601246377,0 2698,[],"struct sctp_association *sctp_endpoint_lookup_assoc( const struct sctp_endpoint *ep, const union sctp_addr *paddr, struct sctp_transport **transport) { struct sctp_association *asoc; sctp_local_bh_disable(); asoc = __sctp_endpoint_lookup_assoc(ep, paddr, transport); sctp_local_bh_enable(); return asoc; }",linux-2.6,,,340272458716667710144383539732434362426,0 815,['CWE-16'],"static int esp_init_state(struct xfrm_state *x) { struct esp_data *esp; struct crypto_aead *aead; u32 align; int err; esp = kzalloc(sizeof(*esp), GFP_KERNEL); if (esp == NULL) return -ENOMEM; x->data = esp; if (x->aead) err = esp_init_aead(x); else err = esp_init_authenc(x); if (err) goto error; aead = esp->aead; esp->padlen = 0; x->props.header_len = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); if (x->props.mode == XFRM_MODE_TUNNEL) x->props.header_len += sizeof(struct iphdr); else if (x->props.mode == XFRM_MODE_BEET) x->props.header_len += IPV4_BEET_PHMAXLEN; if (x->encap) { struct xfrm_encap_tmpl *encap = x->encap; switch (encap->encap_type) { default: goto error; case UDP_ENCAP_ESPINUDP: x->props.header_len += sizeof(struct udphdr); break; case UDP_ENCAP_ESPINUDP_NON_IKE: x->props.header_len += sizeof(struct udphdr) + 2 * sizeof(u32); break; } } align = ALIGN(crypto_aead_blocksize(aead), 4); if (esp->padlen) align = max_t(u32, align, esp->padlen); x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead); error: return err; }",linux-2.6,,,280554942450250380311878522570944108143,0 5422,CWE-119,"static int key_verify(pam_handle_t *pamh, int flags, PKCS11_KEY *authkey) { int ok = 0; unsigned char challenge[30]; unsigned char signature[256]; unsigned int siglen = sizeof signature; const EVP_MD *md = EVP_sha1(); EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); EVP_PKEY *privkey = PKCS11_get_private_key(authkey); EVP_PKEY *pubkey = PKCS11_get_public_key(authkey); if (1 != randomize(pamh, challenge, sizeof challenge)) { goto err; } if (NULL == pubkey || NULL == privkey || NULL == md_ctx || NULL == md || !EVP_SignInit(md_ctx, md) || !EVP_SignUpdate(md_ctx, challenge, sizeof challenge) || !EVP_SignFinal(md_ctx, signature, &siglen, privkey) || !EVP_MD_CTX_reset(md_ctx) || !EVP_VerifyInit(md_ctx, md) || !EVP_VerifyUpdate(md_ctx, challenge, sizeof challenge) || 1 != EVP_VerifyFinal(md_ctx, signature, siglen, pubkey)) { pam_syslog(pamh, LOG_DEBUG, ""Error verifying key: %s\n"", ERR_reason_error_string(ERR_get_error())); prompt(flags, pamh, PAM_ERROR_MSG, NULL, _(""Error verifying key"")); goto err; } ok = 1; err: if (NULL != pubkey) EVP_PKEY_free(pubkey); if (NULL != privkey) EVP_PKEY_free(privkey); if (NULL != md_ctx) { EVP_MD_CTX_free(md_ctx); } return ok; }",visit repo url,src/pam_p11.c,https://github.com/OpenSC/pam_p11,274360035559657,1 6398,CWE-20,"void enc624j600WritePhyReg(NetInterface *interface, uint8_t address, uint16_t data) { enc624j600WriteReg(interface, ENC624J600_REG_MIREGADR, MIREGADR_R8 | address); enc624j600WriteReg(interface, ENC624J600_REG_MIWR, data); while((enc624j600ReadReg(interface, ENC624J600_REG_MISTAT) & MISTAT_BUSY) != 0) { } }",visit repo url,drivers/eth/enc624j600_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,11231262095555,1 1230,CWE-400,"static void perf_event_task_output(struct perf_event *event, struct perf_task_event *task_event) { struct perf_output_handle handle; struct perf_sample_data sample; struct task_struct *task = task_event->task; int ret, size = task_event->event_id.header.size; perf_event_header__init_id(&task_event->event_id.header, &sample, event); ret = perf_output_begin(&handle, event, task_event->event_id.header.size, 0, 0); if (ret) goto out; task_event->event_id.pid = perf_event_pid(event, task); task_event->event_id.ppid = perf_event_pid(event, current); task_event->event_id.tid = perf_event_tid(event, task); task_event->event_id.ptid = perf_event_tid(event, current); perf_output_put(&handle, task_event->event_id); perf_event__output_id_sample(event, &handle, &sample); perf_output_end(&handle); out: task_event->event_id.header.size = size; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,8506795088434,1 6233,CWE-190,"void fp4_write_bin(uint8_t *bin, int len, const fp4_t a) { if (len != 4 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp2_write_bin(bin, 2 * RLC_FP_BYTES, a[0], 0); fp2_write_bin(bin + 2 * RLC_FP_BYTES, 2 * RLC_FP_BYTES, a[1], 0); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,54436464850423,1 1838,['CWE-189'],"_gnutls_compressed2ciphertext (gnutls_session_t session, opaque * cipher_data, int cipher_size, gnutls_datum_t compressed, content_type_t _type, int random_pad) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; uint8_t pad; int length, ret; digest_hd_st td; uint8_t type = _type; uint8_t major, minor; int hash_size = _gnutls_hash_get_algo_len (session->security_parameters. write_mac_algorithm); gnutls_protocol_t ver; int blocksize = _gnutls_cipher_get_block_size (session->security_parameters. write_bulk_cipher_algorithm); cipher_type_t block_algo = _gnutls_cipher_is_block (session->security_parameters. write_bulk_cipher_algorithm); opaque *data_ptr; ver = gnutls_protocol_get_version (session); minor = _gnutls_version_get_minor (ver); major = _gnutls_version_get_major (ver); ret = mac_init (&td, session->security_parameters.write_mac_algorithm, session->connection_state.write_mac_secret.data, session->connection_state.write_mac_secret.size, ver); if (ret < 0 && session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL) { gnutls_assert (); return ret; } c_length = _gnutls_conv_uint16 (compressed.size); if (session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL) { _gnutls_hmac (&td, UINT64DATA (session->connection_state. write_sequence_number), 8); _gnutls_hmac (&td, &type, 1); if (ver >= GNUTLS_TLS1) { _gnutls_hmac (&td, &major, 1); _gnutls_hmac (&td, &minor, 1); } _gnutls_hmac (&td, &c_length, 2); _gnutls_hmac (&td, compressed.data, compressed.size); mac_deinit (&td, MAC, ver); } length = calc_enc_length (session, compressed.size, hash_size, &pad, random_pad, block_algo, blocksize); if (length < 0) { gnutls_assert (); return length; } if (cipher_size < length) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } data_ptr = cipher_data; if (block_algo == CIPHER_BLOCK && session->security_parameters.version >= GNUTLS_TLS1_1) { ret = _gnutls_rnd (RND_NONCE, data_ptr, blocksize); if (ret < 0) { gnutls_assert (); return ret; } data_ptr += blocksize; } memcpy (data_ptr, compressed.data, compressed.size); data_ptr += compressed.size; if (hash_size > 0) { memcpy (data_ptr, MAC, hash_size); data_ptr += hash_size; } if (block_algo == CIPHER_BLOCK && pad > 0) { memset (data_ptr, pad - 1, pad); } ret = _gnutls_cipher_encrypt (&session->connection_state. write_cipher_state, cipher_data, length); if (ret < 0) { gnutls_assert (); return ret; } return length; }",gnutls,,,318365991089350073131825336190202720180,0 2036,['CWE-269'],"static int lives_below_in_same_fs(struct dentry *d, struct dentry *dentry) { while (1) { if (d == dentry) return 1; if (d == NULL || d == d->d_parent) return 0; d = d->d_parent; } }",linux-2.6,,,279503010956738758882831924119579455960,0 3581,CWE-20,"static mif_hdr_t *mif_hdr_get(jas_stream_t *in) { uchar magicbuf[MIF_MAGICLEN]; char buf[4096]; mif_hdr_t *hdr; bool done; jas_tvparser_t *tvp; int id; hdr = 0; tvp = 0; if (jas_stream_read(in, magicbuf, MIF_MAGICLEN) != MIF_MAGICLEN) { goto error; } if (magicbuf[0] != (MIF_MAGIC >> 24) || magicbuf[1] != ((MIF_MAGIC >> 16) & 0xff) || magicbuf[2] != ((MIF_MAGIC >> 8) & 0xff) || magicbuf[3] != (MIF_MAGIC & 0xff)) { jas_eprintf(""error: bad signature\n""); goto error; } if (!(hdr = mif_hdr_create(0))) { goto error; } done = false; do { if (!mif_getline(in, buf, sizeof(buf))) { jas_eprintf(""mif_getline failed\n""); goto error; } if (buf[0] == '\0') { continue; } JAS_DBGLOG(10, (""header line: len=%d; %s\n"", strlen(buf), buf)); if (!(tvp = jas_tvparser_create(buf))) { jas_eprintf(""jas_tvparser_create failed\n""); goto error; } if (jas_tvparser_next(tvp)) { jas_eprintf(""cannot get record type\n""); goto error; } id = jas_taginfo_nonull(jas_taginfos_lookup(mif_tags2, jas_tvparser_gettag(tvp)))->id; jas_tvparser_destroy(tvp); tvp = 0; switch (id) { case MIF_CMPT: if (mif_process_cmpt(hdr, buf)) { jas_eprintf(""cannot get component information\n""); goto error; } break; case MIF_END: done = 1; break; default: jas_eprintf(""invalid header information: %s\n"", buf); goto error; break; } } while (!done); return hdr; error: if (hdr) { mif_hdr_destroy(hdr); } if (tvp) { jas_tvparser_destroy(tvp); } return 0; }",visit repo url,src/libjasper/mif/mif_cod.c,https://github.com/mdadams/jasper,201753891573560,1 6254,['CWE-200'],"static void neigh_hh_init(struct neighbour *n, struct dst_entry *dst, u16 protocol) { struct hh_cache *hh; struct net_device *dev = dst->dev; for (hh = n->hh; hh; hh = hh->hh_next) if (hh->hh_type == protocol) break; if (!hh && (hh = kmalloc(sizeof(*hh), GFP_ATOMIC)) != NULL) { memset(hh, 0, sizeof(struct hh_cache)); rwlock_init(&hh->hh_lock); hh->hh_type = protocol; atomic_set(&hh->hh_refcnt, 0); hh->hh_next = NULL; if (dev->hard_header_cache(n, hh)) { kfree(hh); hh = NULL; } else { atomic_inc(&hh->hh_refcnt); hh->hh_next = n->hh; n->hh = hh; if (n->nud_state & NUD_CONNECTED) hh->hh_output = n->ops->hh_output; else hh->hh_output = n->ops->output; } } if (hh) { atomic_inc(&hh->hh_refcnt); dst->hh = hh; } }",linux-2.6,,,51479318299211624136251356298322517887,0 3149,['CWE-189'],"int jas_image_readcmptsample(jas_image_t *image, int cmptno, int x, int y) { jas_image_cmpt_t *cmpt; uint_fast32_t v; int k; int c; cmpt = image->cmpts_[cmptno]; if (jas_stream_seek(cmpt->stream_, (cmpt->width_ * y + x) * cmpt->cps_, SEEK_SET) < 0) { return -1; } v = 0; for (k = cmpt->cps_; k > 0; --k) { if ((c = jas_stream_getc(cmpt->stream_)) == EOF) { return -1; } v = (v << 8) | (c & 0xff); } return bitstoint(v, cmpt->prec_, cmpt->sgnd_); }",jasper,,,15227250085432291235915856230035944865,0 4883,CWE-672,"int sc_pkcs15_decode_prkdf_entry(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj, const u8 ** buf, size_t *buflen) { sc_context_t *ctx = p15card->card->ctx; struct sc_pkcs15_prkey_info info; int r, i, gostr3410_params[3]; struct sc_pkcs15_keyinfo_gostparams *keyinfo_gostparams; size_t usage_len = sizeof(info.usage); size_t af_len = sizeof(info.access_flags); struct sc_asn1_entry asn1_com_key_attr[C_ASN1_COM_KEY_ATTR_SIZE]; struct sc_asn1_entry asn1_com_prkey_attr[C_ASN1_COM_PRKEY_ATTR_SIZE]; struct sc_asn1_entry asn1_rsakey_attr[C_ASN1_RSAKEY_ATTR_SIZE]; struct sc_asn1_entry asn1_prk_rsa_attr[C_ASN1_PRK_RSA_ATTR_SIZE]; struct sc_asn1_entry asn1_dsakey_attr[C_ASN1_DSAKEY_ATTR_SIZE]; struct sc_asn1_entry asn1_prk_dsa_attr[C_ASN1_PRK_DSA_ATTR_SIZE]; struct sc_asn1_entry asn1_dsakey_i_p_attr[C_ASN1_DSAKEY_I_P_ATTR_SIZE]; struct sc_asn1_entry asn1_dsakey_value_attr[C_ASN1_DSAKEY_VALUE_ATTR_SIZE]; struct sc_asn1_entry asn1_gostr3410key_attr[C_ASN1_GOSTR3410KEY_ATTR_SIZE]; struct sc_asn1_entry asn1_prk_gostr3410_attr[C_ASN1_PRK_GOSTR3410_ATTR_SIZE]; struct sc_asn1_entry asn1_ecckey_attr[C_ASN1_ECCKEY_ATTR]; struct sc_asn1_entry asn1_prk_ecc_attr[C_ASN1_PRK_ECC_ATTR]; struct sc_asn1_entry asn1_prkey[C_ASN1_PRKEY_SIZE]; struct sc_asn1_entry asn1_supported_algorithms[C_ASN1_SUPPORTED_ALGORITHMS_SIZE]; struct sc_asn1_pkcs15_object rsa_prkey_obj = {obj, asn1_com_key_attr, asn1_com_prkey_attr, asn1_prk_rsa_attr}; struct sc_asn1_pkcs15_object dsa_prkey_obj = {obj, asn1_com_key_attr, asn1_com_prkey_attr, asn1_prk_dsa_attr}; struct sc_asn1_pkcs15_object gostr3410_prkey_obj = {obj, asn1_com_key_attr, asn1_com_prkey_attr, asn1_prk_gostr3410_attr}; struct sc_asn1_pkcs15_object ecc_prkey_obj = { obj, asn1_com_key_attr, asn1_com_prkey_attr, asn1_prk_ecc_attr }; sc_copy_asn1_entry(c_asn1_prkey, asn1_prkey); sc_copy_asn1_entry(c_asn1_supported_algorithms, asn1_supported_algorithms); sc_copy_asn1_entry(c_asn1_prk_rsa_attr, asn1_prk_rsa_attr); sc_copy_asn1_entry(c_asn1_rsakey_attr, asn1_rsakey_attr); sc_copy_asn1_entry(c_asn1_prk_dsa_attr, asn1_prk_dsa_attr); sc_copy_asn1_entry(c_asn1_dsakey_attr, asn1_dsakey_attr); sc_copy_asn1_entry(c_asn1_dsakey_value_attr, asn1_dsakey_value_attr); sc_copy_asn1_entry(c_asn1_dsakey_i_p_attr, asn1_dsakey_i_p_attr); sc_copy_asn1_entry(c_asn1_prk_gostr3410_attr, asn1_prk_gostr3410_attr); sc_copy_asn1_entry(c_asn1_gostr3410key_attr, asn1_gostr3410key_attr); sc_copy_asn1_entry(c_asn1_prk_ecc_attr, asn1_prk_ecc_attr); sc_copy_asn1_entry(c_asn1_ecckey_attr, asn1_ecckey_attr); sc_copy_asn1_entry(c_asn1_com_prkey_attr, asn1_com_prkey_attr); sc_copy_asn1_entry(c_asn1_com_key_attr, asn1_com_key_attr); sc_format_asn1_entry(asn1_prkey + 0, &rsa_prkey_obj, NULL, 0); sc_format_asn1_entry(asn1_prkey + 1, &ecc_prkey_obj, NULL, 0); sc_format_asn1_entry(asn1_prkey + 2, &dsa_prkey_obj, NULL, 0); sc_format_asn1_entry(asn1_prkey + 3, &gostr3410_prkey_obj, NULL, 0); sc_format_asn1_entry(asn1_prk_rsa_attr + 0, asn1_rsakey_attr, NULL, 0); sc_format_asn1_entry(asn1_prk_dsa_attr + 0, asn1_dsakey_attr, NULL, 0); sc_format_asn1_entry(asn1_prk_gostr3410_attr + 0, asn1_gostr3410key_attr, NULL, 0); sc_format_asn1_entry(asn1_prk_ecc_attr + 0, asn1_ecckey_attr, NULL, 0); sc_format_asn1_entry(asn1_rsakey_attr + 0, &info.path, NULL, 0); sc_format_asn1_entry(asn1_rsakey_attr + 1, &info.modulus_length, NULL, 0); sc_format_asn1_entry(asn1_dsakey_attr + 0, asn1_dsakey_value_attr, NULL, 0); sc_format_asn1_entry(asn1_dsakey_value_attr + 0, &info.path, NULL, 0); sc_format_asn1_entry(asn1_dsakey_value_attr + 1, asn1_dsakey_i_p_attr, NULL, 0); sc_format_asn1_entry(asn1_dsakey_i_p_attr + 0, &info.path, NULL, 0); sc_format_asn1_entry(asn1_gostr3410key_attr + 0, &info.path, NULL, 0); sc_format_asn1_entry(asn1_gostr3410key_attr + 1, &gostr3410_params[0], NULL, 0); sc_format_asn1_entry(asn1_gostr3410key_attr + 2, &gostr3410_params[1], NULL, 0); sc_format_asn1_entry(asn1_gostr3410key_attr + 3, &gostr3410_params[2], NULL, 0); sc_format_asn1_entry(asn1_ecckey_attr + 0, &info.path, NULL, 0); sc_format_asn1_entry(asn1_ecckey_attr + 1, &info.field_length, NULL, 0); sc_format_asn1_entry(asn1_com_key_attr + 0, &info.id, NULL, 0); sc_format_asn1_entry(asn1_com_key_attr + 1, &info.usage, &usage_len, 0); sc_format_asn1_entry(asn1_com_key_attr + 2, &info.native, NULL, 0); sc_format_asn1_entry(asn1_com_key_attr + 3, &info.access_flags, &af_len, 0); sc_format_asn1_entry(asn1_com_key_attr + 4, &info.key_reference, NULL, 0); for (i=0; iname; i++) sc_format_asn1_entry(asn1_supported_algorithms + i, &info.algo_refs[i], NULL, 0); sc_format_asn1_entry(asn1_com_key_attr + 5, asn1_supported_algorithms, NULL, 0); sc_format_asn1_entry(asn1_com_prkey_attr + 0, &info.subject.value, &info.subject.len, 0); memset(&info, 0, sizeof(info)); info.key_reference = -1; info.native = 1; memset(gostr3410_params, 0, sizeof(gostr3410_params)); r = sc_asn1_decode_choice(ctx, asn1_prkey, *buf, *buflen, buf, buflen); if (r < 0) { if (asn1_com_prkey_attr->flags & SC_ASN1_PRESENT && asn1_com_prkey_attr[0].flags & SC_ASN1_PRESENT) { free(asn1_com_prkey_attr[0].parm); } } if (r == SC_ERROR_ASN1_END_OF_CONTENTS) return r; LOG_TEST_RET(ctx, r, ""PrKey DF ASN.1 decoding failed""); if (asn1_prkey[0].flags & SC_ASN1_PRESENT) { obj->type = SC_PKCS15_TYPE_PRKEY_RSA; } else if (asn1_prkey[1].flags & SC_ASN1_PRESENT) { obj->type = SC_PKCS15_TYPE_PRKEY_EC; } else if (asn1_prkey[2].flags & SC_ASN1_PRESENT) { obj->type = SC_PKCS15_TYPE_PRKEY_DSA; if (asn1_dsakey_i_p_attr[0].flags & SC_ASN1_PRESENT) info.path.type = SC_PATH_TYPE_PATH_PROT; } else if (asn1_prkey[3].flags & SC_ASN1_PRESENT) { obj->type = SC_PKCS15_TYPE_PRKEY_GOSTR3410; assert(info.modulus_length == 0); info.modulus_length = SC_PKCS15_GOSTR3410_KEYSIZE; assert(info.params.len == 0); info.params.len = sizeof(struct sc_pkcs15_keyinfo_gostparams); info.params.data = malloc(info.params.len); if (info.params.data == NULL) LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); assert(sizeof(*keyinfo_gostparams) == info.params.len); keyinfo_gostparams = info.params.data; keyinfo_gostparams->gostr3410 = gostr3410_params[0]; keyinfo_gostparams->gostr3411 = gostr3410_params[1]; keyinfo_gostparams->gost28147 = gostr3410_params[2]; } else { sc_log(ctx, ""Neither RSA or DSA or GOSTR3410 or ECC key in PrKDF entry.""); LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ASN1_OBJECT); } if (!p15card->app || !p15card->app->ddo.aid.len) { r = sc_pkcs15_make_absolute_path(&p15card->file_app->path, &info.path); if (r < 0) { sc_pkcs15_free_key_params(&info.params); return r; } } else { info.path.aid = p15card->app->ddo.aid; } sc_log(ctx, ""PrivKey path '%s'"", sc_print_path(&info.path)); if (info.key_reference < -1) info.key_reference += 256; if ((obj->flags & SC_PKCS15_CO_FLAG_PRIVATE) && (obj->auth_id.len == 0)) { sc_log(ctx, ""Private key %s has no auth ID - checking AccessControlRules"", sc_pkcs15_print_id(&info.id)); for (i = 0; i < SC_PKCS15_MAX_ACCESS_RULES; i++) { if (obj->access_rules[i].access_mode & (SC_PKCS15_ACCESS_RULE_MODE_EXECUTE | SC_PKCS15_ACCESS_RULE_MODE_PSO_CDS | SC_PKCS15_ACCESS_RULE_MODE_PSO_DECRYPT | SC_PKCS15_ACCESS_RULE_MODE_INT_AUTH)) { if (obj->access_rules[i].auth_id.len != 0) { obj->auth_id = obj->access_rules[i].auth_id; sc_log(ctx, ""Auth ID found - %s"", sc_pkcs15_print_id(&obj->auth_id)); break; } } } if (i == SC_PKCS15_MAX_ACCESS_RULES) sc_log(ctx, ""Warning: No auth ID found""); } obj->data = malloc(sizeof(info)); if (obj->data == NULL) { sc_pkcs15_free_key_params(&info.params); LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); } memcpy(obj->data, &info, sizeof(info)); sc_log(ctx, ""Key Subject %s"", sc_dump_hex(info.subject.value, info.subject.len)); sc_log(ctx, ""Key path %s"", sc_print_path(&info.path)); return 0; }",visit repo url,src/libopensc/pkcs15-prkey.c,https://github.com/OpenSC/OpenSC,168261469730093,1 3665,['CWE-264'],"generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags) { struct address_space *mapping = out->f_mapping; struct inode *inode = mapping->host; struct splice_desc sd = { .total_len = len, .flags = flags, .pos = *ppos, .u.file = out, }; ssize_t ret; inode_double_lock(inode, pipe->inode); ret = file_remove_suid(out); if (likely(!ret)) ret = __splice_from_pipe(pipe, &sd, pipe_to_file); inode_double_unlock(inode, pipe->inode); if (ret > 0) { unsigned long nr_pages; *ppos += ret; nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) { int err; mutex_lock(&inode->i_mutex); err = generic_osync_inode(inode, mapping, OSYNC_METADATA|OSYNC_DATA); mutex_unlock(&inode->i_mutex); if (err) ret = err; } balance_dirty_pages_ratelimited_nr(mapping, nr_pages); } return ret; }",linux-2.6,,,220178171143486273515247821890957276068,0 3927,CWE-823,"vgr_match_buflines( qf_list_T *qfl, char_u *fname, buf_T *buf, char_u *spat, regmmatch_T *regmatch, long *tomatch, int duplicate_name, int flags) { int found_match = FALSE; long lnum; colnr_T col; int pat_len = (int)STRLEN(spat); for (lnum = 1; lnum <= buf->b_ml.ml_line_count && *tomatch > 0; ++lnum) { col = 0; if (!(flags & VGR_FUZZY)) { while (vim_regexec_multi(regmatch, curwin, buf, lnum, col, NULL) > 0) { if (qf_add_entry(qfl, NULL, fname, NULL, duplicate_name ? 0 : buf->b_fnum, ml_get_buf(buf, regmatch->startpos[0].lnum + lnum, FALSE), regmatch->startpos[0].lnum + lnum, regmatch->endpos[0].lnum + lnum, regmatch->startpos[0].col + 1, regmatch->endpos[0].col + 1, FALSE, NULL, 0, 0, TRUE ) == QF_FAIL) { got_int = TRUE; break; } found_match = TRUE; if (--*tomatch == 0) break; if ((flags & VGR_GLOBAL) == 0 || regmatch->endpos[0].lnum > 0) break; col = regmatch->endpos[0].col + (col == regmatch->endpos[0].col); if (col > (colnr_T)STRLEN(ml_get_buf(buf, lnum, FALSE))) break; } } else { char_u *str = ml_get_buf(buf, lnum, FALSE); int score; int_u matches[MAX_FUZZY_MATCHES]; int_u sz = ARRAY_LENGTH(matches); while (fuzzy_match(str + col, spat, FALSE, &score, matches, sz) > 0) { if (qf_add_entry(qfl, NULL, fname, NULL, duplicate_name ? 0 : buf->b_fnum, str, lnum, 0, matches[0] + col + 1, 0, FALSE, NULL, 0, 0, TRUE ) == QF_FAIL) { got_int = TRUE; break; } found_match = TRUE; if (--*tomatch == 0) break; if ((flags & VGR_GLOBAL) == 0) break; col = matches[pat_len - 1] + col + 1; if (col > (colnr_T)STRLEN(str)) break; } } line_breakcheck(); if (got_int) break; } return found_match; }",visit repo url,src/quickfix.c,https://github.com/vim/vim,267730719931856,1 2808,['CWE-264'],"send_frame_header( struct net_device *dev, u32 *crc_p ) { struct net_local *nl = (struct net_local *) dev->priv; u32 crc = *crc_p; u32 len_field = nl->framelen + 6; u8 value; if( nl->state & FL_NEED_RESEND ) len_field |= FRAME_RETRY; if( nl->outpos == 0 ) len_field |= FRAME_FIRST; len_field |= (nl->state & FL_PREV_OK) ? FRAME_SENT_OK : FRAME_SENT_BAD; outb( SBNI_SIG, dev->base_addr + DAT ); value = (u8) len_field; outb( value, dev->base_addr + DAT ); crc = CRC32( value, crc ); value = (u8) (len_field >> 8); outb( value, dev->base_addr + DAT ); crc = CRC32( value, crc ); outb( nl->tx_frameno, dev->base_addr + DAT ); crc = CRC32( nl->tx_frameno, crc ); outb( 0, dev->base_addr + DAT ); crc = CRC32( 0, crc ); *crc_p = crc; }",linux-2.6,,,97337511559786898933030973198911298660,0 3701,CWE-264,"server_input_global_request(int type, u_int32_t seq, void *ctxt) { char *rtype; int want_reply; int r, success = 0, allocated_listen_port = 0; struct sshbuf *resp = NULL; rtype = packet_get_string(NULL); want_reply = packet_get_char(); debug(""server_input_global_request: rtype %s want_reply %d"", rtype, want_reply); if (strcmp(rtype, ""tcpip-forward"") == 0) { struct passwd *pw; struct Forward fwd; pw = the_authctxt->pw; if (pw == NULL || !the_authctxt->valid) fatal(""server_input_global_request: no/invalid user""); memset(&fwd, 0, sizeof(fwd)); fwd.listen_host = packet_get_string(NULL); fwd.listen_port = (u_short)packet_get_int(); debug(""server_input_global_request: tcpip-forward listen %s port %d"", fwd.listen_host, fwd.listen_port); if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || options.disable_forwarding || (!want_reply && fwd.listen_port == 0) || (fwd.listen_port != 0 && !bind_permitted(fwd.listen_port, pw->pw_uid))) { success = 0; packet_send_debug(""Server has disabled port forwarding.""); } else { success = channel_setup_remote_fwd_listener(&fwd, &allocated_listen_port, &options.fwd_opts); } free(fwd.listen_host); if ((resp = sshbuf_new()) == NULL) fatal(""%s: sshbuf_new"", __func__); if (allocated_listen_port != 0 && (r = sshbuf_put_u32(resp, allocated_listen_port)) != 0) fatal(""%s: sshbuf_put_u32: %s"", __func__, ssh_err(r)); } else if (strcmp(rtype, ""cancel-tcpip-forward"") == 0) { struct Forward fwd; memset(&fwd, 0, sizeof(fwd)); fwd.listen_host = packet_get_string(NULL); fwd.listen_port = (u_short)packet_get_int(); debug(""%s: cancel-tcpip-forward addr %s port %d"", __func__, fwd.listen_host, fwd.listen_port); success = channel_cancel_rport_listener(&fwd); free(fwd.listen_host); } else if (strcmp(rtype, ""streamlocal-forward@openssh.com"") == 0) { struct Forward fwd; memset(&fwd, 0, sizeof(fwd)); fwd.listen_path = packet_get_string(NULL); debug(""server_input_global_request: streamlocal-forward listen path %s"", fwd.listen_path); if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || options.disable_forwarding) { success = 0; packet_send_debug(""Server has disabled port forwarding.""); } else { success = channel_setup_remote_fwd_listener( &fwd, NULL, &options.fwd_opts); } free(fwd.listen_path); } else if (strcmp(rtype, ""cancel-streamlocal-forward@openssh.com"") == 0) { struct Forward fwd; memset(&fwd, 0, sizeof(fwd)); fwd.listen_path = packet_get_string(NULL); debug(""%s: cancel-streamlocal-forward path %s"", __func__, fwd.listen_path); success = channel_cancel_rport_listener(&fwd); free(fwd.listen_path); } else if (strcmp(rtype, ""no-more-sessions@openssh.com"") == 0) { no_more_sessions = 1; success = 1; } else if (strcmp(rtype, ""hostkeys-prove-00@openssh.com"") == 0) { success = server_input_hostkeys_prove(&resp); } if (want_reply) { packet_start(success ? SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); if (success && resp != NULL) ssh_packet_put_raw(active_state, sshbuf_ptr(resp), sshbuf_len(resp)); packet_send(); packet_write_wait(); } free(rtype); sshbuf_free(resp); return 0; }",visit repo url,usr.bin/ssh/serverloop.c,https://github.com/openbsd/src,220631020759176,1 6392,CWE-20,"bool_t enc28j60IrqHandler(NetInterface *interface) { bool_t flag; uint8_t status; flag = FALSE; enc28j60ClearBit(interface, ENC28J60_REG_EIE, EIE_INTIE); status = enc28j60ReadReg(interface, ENC28J60_REG_EIR); if((status & EIR_LINKIF) != 0) { enc28j60ClearBit(interface, ENC28J60_REG_EIE, EIE_LINKIE); interface->nicEvent = TRUE; flag |= osSetEventFromIsr(&netEvent); } if((status & EIR_PKTIF) != 0) { enc28j60ClearBit(interface, ENC28J60_REG_EIE, EIE_PKTIE); interface->nicEvent = TRUE; flag |= osSetEventFromIsr(&netEvent); } if((status & (EIR_TXIF | EIE_TXERIE)) != 0) { enc28j60ClearBit(interface, ENC28J60_REG_EIR, EIR_TXIF | EIE_TXERIE); flag |= osSetEventFromIsr(&interface->nicTxEvent); } enc28j60SetBit(interface, ENC28J60_REG_EIE, EIE_INTIE); return flag; }",visit repo url,drivers/eth/enc28j60_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,222236810708418,1 6060,CWE-190,"void bn_rec_win(uint8_t *win, int *len, const bn_t k, int w) { int i, j, l; l = bn_bits(k); if (*len < RLC_CEIL(l, w)) { *len = 0; RLC_THROW(ERR_NO_BUFFER); return; } memset(win, 0, *len); j = 0; for (i = 0; i < l - w; i += w) { win[j++] = get_bits(k, i, i + w - 1); } win[j++] = get_bits(k, i, bn_bits(k) - 1); *len = j; }",visit repo url,src/bn/relic_bn_rec.c,https://github.com/relic-toolkit/relic,135288681117166,1 3078,['CWE-189'],"int jas_stream_putc_func(jas_stream_t *stream, int c) { assert(stream->ptr_ - stream->bufstart_ <= stream->bufsize_); return jas_stream_putc_macro(stream, c); }",jasper,,,81638979868079391489750974623679987475,0 6629,CWE-416,"njs_await_fulfilled(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs, njs_index_t unused) { njs_int_t ret; njs_value_t **cur_local, **cur_closures, **cur_temp, *value; njs_frame_t *frame, *async_frame; njs_function_t *function; njs_async_ctx_t *ctx; njs_native_frame_t *top, *async; ctx = vm->top_frame->function->context; value = njs_arg(args, nargs, 1); if (njs_is_error(value)) { goto failed; } async_frame = ctx->await; async = &async_frame->native; async->previous = vm->top_frame; function = async->function; cur_local = vm->levels[NJS_LEVEL_LOCAL]; cur_closures = vm->levels[NJS_LEVEL_CLOSURE]; cur_temp = vm->levels[NJS_LEVEL_TEMP]; top = vm->top_frame; frame = vm->active_frame; vm->levels[NJS_LEVEL_LOCAL] = async->local; vm->levels[NJS_LEVEL_CLOSURE] = njs_function_closures(async->function); vm->levels[NJS_LEVEL_TEMP] = async->temp; vm->top_frame = async; vm->active_frame = async_frame; *njs_scope_value(vm, ctx->index) = *value; vm->retval = *value; vm->top_frame->retval = &vm->retval; function->context = ctx->capability; function->await = ctx; ret = njs_vmcode_interpreter(vm, ctx->pc); function->context = NULL; function->await = NULL; vm->levels[NJS_LEVEL_LOCAL] = cur_local; vm->levels[NJS_LEVEL_CLOSURE] = cur_closures; vm->levels[NJS_LEVEL_TEMP] = cur_temp; vm->top_frame = top; vm->active_frame = frame; if (ret == NJS_OK) { ret = njs_function_call(vm, njs_function(&ctx->capability->resolve), &njs_value_undefined, &vm->retval, 1, &vm->retval); njs_async_context_free(vm, ctx); } else if (ret == NJS_AGAIN) { ret = NJS_OK; } else if (ret == NJS_ERROR) { if (njs_is_memory_error(vm, &vm->retval)) { return NJS_ERROR; } value = &vm->retval; goto failed; } return ret; failed: (void) njs_function_call(vm, njs_function(&ctx->capability->reject), &njs_value_undefined, value, 1, &vm->retval); njs_async_context_free(vm, ctx); return NJS_ERROR; }",visit repo url,src/njs_async.c,https://github.com/nginx/njs,148513632371337,1 5350,CWE-668,"void prefetch_table(const void *tab, size_t len) { const volatile byte *vtab = tab; size_t i; for (i = 0; i < len; i += 8 * 32) { (void)vtab[i + 0 * 32]; (void)vtab[i + 1 * 32]; (void)vtab[i + 2 * 32]; (void)vtab[i + 3 * 32]; (void)vtab[i + 4 * 32]; (void)vtab[i + 5 * 32]; (void)vtab[i + 6 * 32]; (void)vtab[i + 7 * 32]; } (void)vtab[len - 1]; }",visit repo url,cipher/cipher-gcm.c,https://github.com/gpg/libgcrypt,93878631579741,1 5570,CWE-125,"obj2ast_alias(PyObject* obj, alias_ty* out, PyArena* arena) { PyObject* tmp = NULL; identifier name; identifier asname; if (_PyObject_HasAttrId(obj, &PyId_name)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_name); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from alias""); return 1; } if (exists_not_none(obj, &PyId_asname)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_asname); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &asname, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { asname = NULL; } *out = alias(name, asname, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,30474726165710,1 38,['CWE-787'],"static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s, const uint8_t * src) { uint8_t *dst; dst = s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask); if (BLTUNSAFE(s)) return 0; (*s->cirrus_rop) (s, dst, src, s->cirrus_blt_dstpitch, 0, s->cirrus_blt_width, s->cirrus_blt_height); cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, s->cirrus_blt_dstpitch, s->cirrus_blt_width, s->cirrus_blt_height); return 1; }",qemu,,,118099782199730595386914029546377982750,0 662,CWE-20,"static int hash_recvmsg(struct kiocb *unused, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct hash_ctx *ctx = ask->private; unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); int err; if (len > ds) len = ds; else if (len < ds) msg->msg_flags |= MSG_TRUNC; msg->msg_namelen = 0; lock_sock(sk); if (ctx->more) { ctx->more = 0; ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0); err = af_alg_wait_for_completion(crypto_ahash_final(&ctx->req), &ctx->completion); if (err) goto unlock; } err = memcpy_toiovec(msg->msg_iov, ctx->result, len); unlock: release_sock(sk); return err ?: len; }",visit repo url,crypto/algif_hash.c,https://github.com/torvalds/linux,98472359415908,1 3775,CWE-190,"u_read_undo(char_u *name, char_u *hash, char_u *orig_name) { char_u *file_name; FILE *fp; long version, str_len; char_u *line_ptr = NULL; linenr_T line_lnum; colnr_T line_colnr; linenr_T line_count; int num_head = 0; long old_header_seq, new_header_seq, cur_header_seq; long seq_last, seq_cur; long last_save_nr = 0; short old_idx = -1, new_idx = -1, cur_idx = -1; long num_read_uhps = 0; time_t seq_time; int i, j; int c; u_header_T *uhp; u_header_T **uhp_table = NULL; char_u read_hash[UNDO_HASH_SIZE]; char_u magic_buf[UF_START_MAGIC_LEN]; #ifdef U_DEBUG int *uhp_table_used; #endif #ifdef UNIX stat_T st_orig; stat_T st_undo; #endif bufinfo_T bi; vim_memset(&bi, 0, sizeof(bi)); if (name == NULL) { file_name = u_get_undo_file_name(curbuf->b_ffname, TRUE); if (file_name == NULL) return; #ifdef UNIX if (mch_stat((char *)orig_name, &st_orig) >= 0 && mch_stat((char *)file_name, &st_undo) >= 0 && st_orig.st_uid != st_undo.st_uid && st_undo.st_uid != getuid()) { if (p_verbose > 0) { verbose_enter(); smsg((char_u *)_(""Not reading undo file, owner differs: %s""), file_name); verbose_leave(); } return; } #endif } else file_name = name; if (p_verbose > 0) { verbose_enter(); smsg((char_u *)_(""Reading undo file: %s""), file_name); verbose_leave(); } fp = mch_fopen((char *)file_name, ""r""); if (fp == NULL) { if (name != NULL || p_verbose > 0) EMSG2(_(""E822: Cannot open undo file for reading: %s""), file_name); goto error; } bi.bi_buf = curbuf; bi.bi_fp = fp; if (fread(magic_buf, UF_START_MAGIC_LEN, 1, fp) != 1 || memcmp(magic_buf, UF_START_MAGIC, UF_START_MAGIC_LEN) != 0) { EMSG2(_(""E823: Not an undo file: %s""), file_name); goto error; } version = get2c(fp); if (version == UF_VERSION_CRYPT) { #ifdef FEAT_CRYPT if (*curbuf->b_p_key == NUL) { EMSG2(_(""E832: Non-encrypted file has encrypted undo file: %s""), file_name); goto error; } bi.bi_state = crypt_create_from_file(fp, curbuf->b_p_key); if (bi.bi_state == NULL) { EMSG2(_(""E826: Undo file decryption failed: %s""), file_name); goto error; } if (crypt_whole_undofile(bi.bi_state->method_nr)) { bi.bi_buffer = alloc(CRYPT_BUF_SIZE); if (bi.bi_buffer == NULL) { crypt_free_state(bi.bi_state); bi.bi_state = NULL; goto error; } bi.bi_avail = 0; bi.bi_used = 0; } #else EMSG2(_(""E827: Undo file is encrypted: %s""), file_name); goto error; #endif } else if (version != UF_VERSION) { EMSG2(_(""E824: Incompatible undo file: %s""), file_name); goto error; } if (undo_read(&bi, read_hash, (size_t)UNDO_HASH_SIZE) == FAIL) { corruption_error(""hash"", file_name); goto error; } line_count = (linenr_T)undo_read_4c(&bi); if (memcmp(hash, read_hash, UNDO_HASH_SIZE) != 0 || line_count != curbuf->b_ml.ml_line_count) { if (p_verbose > 0 || name != NULL) { if (name == NULL) verbose_enter(); give_warning((char_u *) _(""File contents changed, cannot use undo info""), TRUE); if (name == NULL) verbose_leave(); } goto error; } str_len = undo_read_4c(&bi); if (str_len < 0) goto error; if (str_len > 0) line_ptr = read_string_decrypt(&bi, str_len); line_lnum = (linenr_T)undo_read_4c(&bi); line_colnr = (colnr_T)undo_read_4c(&bi); if (line_lnum < 0 || line_colnr < 0) { corruption_error(""line lnum/col"", file_name); goto error; } old_header_seq = undo_read_4c(&bi); new_header_seq = undo_read_4c(&bi); cur_header_seq = undo_read_4c(&bi); num_head = undo_read_4c(&bi); seq_last = undo_read_4c(&bi); seq_cur = undo_read_4c(&bi); seq_time = undo_read_time(&bi); for (;;) { int len = undo_read_byte(&bi); int what; if (len == 0 || len == EOF) break; what = undo_read_byte(&bi); switch (what) { case UF_LAST_SAVE_NR: last_save_nr = undo_read_4c(&bi); break; default: while (--len >= 0) (void)undo_read_byte(&bi); } } if (num_head > 0) { uhp_table = (u_header_T **)U_ALLOC_LINE( num_head * sizeof(u_header_T *)); if (uhp_table == NULL) goto error; } while ((c = undo_read_2c(&bi)) == UF_HEADER_MAGIC) { if (num_read_uhps >= num_head) { corruption_error(""num_head too small"", file_name); goto error; } uhp = unserialize_uhp(&bi, file_name); if (uhp == NULL) goto error; uhp_table[num_read_uhps++] = uhp; } if (num_read_uhps != num_head) { corruption_error(""num_head"", file_name); goto error; } if (c != UF_HEADER_END_MAGIC) { corruption_error(""end marker"", file_name); goto error; } #ifdef U_DEBUG uhp_table_used = (int *)alloc_clear( (unsigned)(sizeof(int) * num_head + 1)); # define SET_FLAG(j) ++uhp_table_used[j] #else # define SET_FLAG(j) #endif for (i = 0; i < num_head; i++) { uhp = uhp_table[i]; if (uhp == NULL) continue; for (j = 0; j < num_head; j++) if (uhp_table[j] != NULL && i != j && uhp_table[i]->uh_seq == uhp_table[j]->uh_seq) { corruption_error(""duplicate uh_seq"", file_name); goto error; } for (j = 0; j < num_head; j++) if (uhp_table[j] != NULL && uhp_table[j]->uh_seq == uhp->uh_next.seq) { uhp->uh_next.ptr = uhp_table[j]; SET_FLAG(j); break; } for (j = 0; j < num_head; j++) if (uhp_table[j] != NULL && uhp_table[j]->uh_seq == uhp->uh_prev.seq) { uhp->uh_prev.ptr = uhp_table[j]; SET_FLAG(j); break; } for (j = 0; j < num_head; j++) if (uhp_table[j] != NULL && uhp_table[j]->uh_seq == uhp->uh_alt_next.seq) { uhp->uh_alt_next.ptr = uhp_table[j]; SET_FLAG(j); break; } for (j = 0; j < num_head; j++) if (uhp_table[j] != NULL && uhp_table[j]->uh_seq == uhp->uh_alt_prev.seq) { uhp->uh_alt_prev.ptr = uhp_table[j]; SET_FLAG(j); break; } if (old_header_seq > 0 && old_idx < 0 && uhp->uh_seq == old_header_seq) { old_idx = i; SET_FLAG(i); } if (new_header_seq > 0 && new_idx < 0 && uhp->uh_seq == new_header_seq) { new_idx = i; SET_FLAG(i); } if (cur_header_seq > 0 && cur_idx < 0 && uhp->uh_seq == cur_header_seq) { cur_idx = i; SET_FLAG(i); } } u_blockfree(curbuf); curbuf->b_u_oldhead = old_idx < 0 ? NULL : uhp_table[old_idx]; curbuf->b_u_newhead = new_idx < 0 ? NULL : uhp_table[new_idx]; curbuf->b_u_curhead = cur_idx < 0 ? NULL : uhp_table[cur_idx]; curbuf->b_u_line_ptr = line_ptr; curbuf->b_u_line_lnum = line_lnum; curbuf->b_u_line_colnr = line_colnr; curbuf->b_u_numhead = num_head; curbuf->b_u_seq_last = seq_last; curbuf->b_u_seq_cur = seq_cur; curbuf->b_u_time_cur = seq_time; curbuf->b_u_save_nr_last = last_save_nr; curbuf->b_u_save_nr_cur = last_save_nr; curbuf->b_u_synced = TRUE; vim_free(uhp_table); #ifdef U_DEBUG for (i = 0; i < num_head; ++i) if (uhp_table_used[i] == 0) EMSGN(""uhp_table entry %ld not used, leaking memory"", i); vim_free(uhp_table_used); u_check(TRUE); #endif if (name != NULL) smsg((char_u *)_(""Finished reading undo file %s""), file_name); goto theend; error: vim_free(line_ptr); if (uhp_table != NULL) { for (i = 0; i < num_read_uhps; i++) if (uhp_table[i] != NULL) u_free_uhp(uhp_table[i]); vim_free(uhp_table); } theend: #ifdef FEAT_CRYPT if (bi.bi_state != NULL) crypt_free_state(bi.bi_state); vim_free(bi.bi_buffer); #endif if (fp != NULL) fclose(fp); if (file_name != name) vim_free(file_name); return; }",visit repo url,src/undo.c,https://github.com/vim/vim,56366671560866,1 5032,CWE-191,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 1059,CWE-189,"jiffies_to_compat_timeval(unsigned long jiffies, struct compat_timeval *value) { u64 nsec = (u64)jiffies * TICK_NSEC; long rem; value->tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &rem); value->tv_usec = rem / NSEC_PER_USEC; }",visit repo url,arch/mips/kernel/binfmt_elfn32.c,https://github.com/torvalds/linux,249664567672274,1 351,['CWE-20'],"static inline int get_stack_long(struct task_struct *task, int offset) { unsigned char *stack; stack = (unsigned char *)task->thread.esp0 - sizeof(struct pt_regs); stack += offset; return (*((int *)stack)); }",linux-2.6,,,249439938344437762806745703885148947257,0 3466,NVD-CWE-noinfo,"list_table_status(MYSQL *mysql,const char *db,const char *wild) { char query[1024],*end; MYSQL_RES *result; MYSQL_ROW row; end=strxmov(query,""show table status from `"",db,""`"",NullS); if (wild && wild[0]) strxmov(end,"" like '"",wild,""'"",NullS); if (mysql_query(mysql,query) || !(result=mysql_store_result(mysql))) { fprintf(stderr,""%s: Cannot get status for db: %s, table: %s: %s\n"", my_progname,db,wild ? wild : """",mysql_error(mysql)); if (mysql_errno(mysql) == ER_PARSE_ERROR) fprintf(stderr,""This error probably means that your MySQL server doesn't support the\n\'show table status' command.\n""); return 1; } printf(""Database: %s"",db); if (wild) printf("" Wildcard: %s"",wild); putchar('\n'); print_res_header(result); while ((row=mysql_fetch_row(result))) print_res_row(result,row); print_res_top(result); mysql_free_result(result); return 0; }",visit repo url,client/mysqlshow.c,https://github.com/mysql/mysql-server,171002725029995,1 1704,[],"static void free_sched_groups(const cpumask_t *cpu_map, cpumask_t *nodemask) { }",linux-2.6,,,175365760451867642093817433393608065965,0 2318,CWE-20,"static int try_read_command(conn *c) { assert(c != NULL); assert(c->rcurr <= (c->rbuf + c->rsize)); assert(c->rbytes > 0); if (c->protocol == negotiating_prot || c->transport == udp_transport) { if ((unsigned char)c->rbuf[0] == (unsigned char)PROTOCOL_BINARY_REQ) { c->protocol = binary_prot; } else { c->protocol = ascii_prot; } if (settings.verbose > 1) { fprintf(stderr, ""%d: Client using the %s protocol\n"", c->sfd, prot_text(c->protocol)); } } if (c->protocol == binary_prot) { if (c->rbytes < sizeof(c->binary_header)) { return 0; } else { #ifdef NEED_ALIGN if (((long)(c->rcurr)) % 8 != 0) { memmove(c->rbuf, c->rcurr, c->rbytes); c->rcurr = c->rbuf; if (settings.verbose > 1) { fprintf(stderr, ""%d: Realign input buffer\n"", c->sfd); } } #endif protocol_binary_request_header* req; req = (protocol_binary_request_header*)c->rcurr; if (settings.verbose > 1) { int ii; fprintf(stderr, ""<%d Read binary protocol data:"", c->sfd); for (ii = 0; ii < sizeof(req->bytes); ++ii) { if (ii % 4 == 0) { fprintf(stderr, ""\n<%d "", c->sfd); } fprintf(stderr, "" 0x%02x"", req->bytes[ii]); } fprintf(stderr, ""\n""); } c->binary_header = *req; c->binary_header.request.keylen = ntohs(req->request.keylen); c->binary_header.request.bodylen = ntohl(req->request.bodylen); c->binary_header.request.cas = ntohll(req->request.cas); if (c->binary_header.request.magic != PROTOCOL_BINARY_REQ) { if (settings.verbose) { fprintf(stderr, ""Invalid magic: %x\n"", c->binary_header.request.magic); } conn_set_state(c, conn_closing); return -1; } c->msgcurr = 0; c->msgused = 0; c->iovused = 0; if (add_msghdr(c) != 0) { out_string(c, ""SERVER_ERROR out of memory""); return 0; } c->cmd = c->binary_header.request.opcode; c->keylen = c->binary_header.request.keylen; c->opaque = c->binary_header.request.opaque; c->cas = 0; dispatch_bin_command(c); c->rbytes -= sizeof(c->binary_header); c->rcurr += sizeof(c->binary_header); } } else { char *el, *cont; if (c->rbytes == 0) return 0; el = memchr(c->rcurr, '\n', c->rbytes); if (!el) { if (c->rbytes > 1024) { char *ptr = c->rcurr; while (*ptr == ' ') { ++ptr; } if (strcmp(ptr, ""get "") && strcmp(ptr, ""gets "")) { conn_set_state(c, conn_closing); return 1; } } return 0; } cont = el + 1; if ((el - c->rcurr) > 1 && *(el - 1) == '\r') { el--; } *el = '\0'; assert(cont <= (c->rcurr + c->rbytes)); process_command(c, c->rcurr); c->rbytes -= (cont - c->rcurr); c->rcurr = cont; assert(c->rcurr <= (c->rbuf + c->rsize)); } return 1; }",visit repo url,memcached.c,https://github.com/memcached/memcached,251801127513537,1 4828,['CWE-189'],"int ecryptfs_decrypt_page(struct page *page) { struct inode *ecryptfs_inode; struct ecryptfs_crypt_stat *crypt_stat; char *enc_extent_virt; struct page *enc_extent_page = NULL; unsigned long extent_offset; int rc = 0; ecryptfs_inode = page->mapping->host; crypt_stat = &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { rc = ecryptfs_read_lower_page_segment(page, page->index, 0, PAGE_CACHE_SIZE, ecryptfs_inode); if (rc) printk(KERN_ERR ""%s: Error attempting to copy "" ""page at index [%ld]\n"", __func__, page->index); goto out; } enc_extent_page = alloc_page(GFP_USER); if (!enc_extent_page) { rc = -ENOMEM; ecryptfs_printk(KERN_ERR, ""Error allocating memory for "" ""encrypted extent\n""); goto out; } enc_extent_virt = kmap(enc_extent_page); for (extent_offset = 0; extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset++) { loff_t offset; ecryptfs_lower_offset_for_extent( &offset, ((page->index * (PAGE_CACHE_SIZE / crypt_stat->extent_size)) + extent_offset), crypt_stat); rc = ecryptfs_read_lower(enc_extent_virt, offset, crypt_stat->extent_size, ecryptfs_inode); if (rc) { ecryptfs_printk(KERN_ERR, ""Error attempting "" ""to read lower page; rc = [%d]"" ""\n"", rc); goto out; } rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page, extent_offset); if (rc) { printk(KERN_ERR ""%s: Error encrypting extent; "" ""rc = [%d]\n"", __func__, rc); goto out; } } out: if (enc_extent_page) { kunmap(enc_extent_page); __free_page(enc_extent_page); } return rc; }",linux-2.6,,,240630533125729279101446442850480779408,0 4394,['CWE-264'],"int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) { int err = 0; int skb_len; if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= (unsigned)sk->sk_rcvbuf) { err = -ENOMEM; goto out; } err = sk_filter(sk, skb); if (err) goto out; if (!sk_rmem_schedule(sk, skb->truesize)) { err = -ENOBUFS; goto out; } skb->dev = NULL; skb_set_owner_r(skb, sk); skb_len = skb->len; skb_queue_tail(&sk->sk_receive_queue, skb); if (!sock_flag(sk, SOCK_DEAD)) sk->sk_data_ready(sk, skb_len); out: return err; }",linux-2.6,,,100706630155144731287263800404834602219,0 4709,['CWE-20'],"static journal_t *ext4_get_dev_journal(struct super_block *sb, dev_t j_dev) { struct buffer_head *bh; journal_t *journal; ext4_fsblk_t start; ext4_fsblk_t len; int hblock, blocksize; ext4_fsblk_t sb_block; unsigned long offset; struct ext4_super_block *es; struct block_device *bdev; BUG_ON(!EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)); bdev = ext4_blkdev_get(j_dev); if (bdev == NULL) return NULL; if (bd_claim(bdev, sb)) { printk(KERN_ERR ""EXT4: failed to claim external journal device.\n""); blkdev_put(bdev, FMODE_READ|FMODE_WRITE); return NULL; } blocksize = sb->s_blocksize; hblock = bdev_hardsect_size(bdev); if (blocksize < hblock) { printk(KERN_ERR ""EXT4-fs: blocksize too small for journal device.\n""); goto out_bdev; } sb_block = EXT4_MIN_BLOCK_SIZE / blocksize; offset = EXT4_MIN_BLOCK_SIZE % blocksize; set_blocksize(bdev, blocksize); if (!(bh = __bread(bdev, sb_block, blocksize))) { printk(KERN_ERR ""EXT4-fs: couldn't read superblock of "" ""external journal\n""); goto out_bdev; } es = (struct ext4_super_block *) (((char *)bh->b_data) + offset); if ((le16_to_cpu(es->s_magic) != EXT4_SUPER_MAGIC) || !(le32_to_cpu(es->s_feature_incompat) & EXT4_FEATURE_INCOMPAT_JOURNAL_DEV)) { printk(KERN_ERR ""EXT4-fs: external journal has "" ""bad superblock\n""); brelse(bh); goto out_bdev; } if (memcmp(EXT4_SB(sb)->s_es->s_journal_uuid, es->s_uuid, 16)) { printk(KERN_ERR ""EXT4-fs: journal UUID does not match\n""); brelse(bh); goto out_bdev; } len = ext4_blocks_count(es); start = sb_block + 1; brelse(bh); journal = jbd2_journal_init_dev(bdev, sb->s_bdev, start, len, blocksize); if (!journal) { printk(KERN_ERR ""EXT4-fs: failed to create device journal\n""); goto out_bdev; } journal->j_private = sb; ll_rw_block(READ, 1, &journal->j_sb_buffer); wait_on_buffer(journal->j_sb_buffer); if (!buffer_uptodate(journal->j_sb_buffer)) { printk(KERN_ERR ""EXT4-fs: I/O error on journal device\n""); goto out_journal; } if (be32_to_cpu(journal->j_superblock->s_nr_users) != 1) { printk(KERN_ERR ""EXT4-fs: External journal has more than one "" ""user (unsupported) - %d\n"", be32_to_cpu(journal->j_superblock->s_nr_users)); goto out_journal; } EXT4_SB(sb)->journal_bdev = bdev; ext4_init_journal_params(sb, journal); return journal; out_journal: jbd2_journal_destroy(journal); out_bdev: ext4_blkdev_put(bdev); return NULL; }",linux-2.6,,,163330455874718219723761891296211075454,0 3070,['CWE-189'],"static int jp2_getcs(jp2_colr_t *colr) { if (colr->method == JP2_COLR_ENUM) { switch (colr->csid) { case JP2_COLR_SRGB: return JAS_CLRSPC_SRGB; break; case JP2_COLR_SYCC: return JAS_CLRSPC_SYCBCR; break; case JP2_COLR_SGRAY: return JAS_CLRSPC_SGRAY; break; } } return JAS_CLRSPC_UNKNOWN; }",jasper,,,43293718556827735742708880673154004727,0 2872,CWE-787,"tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ tsize_t written=0; unsigned char* buffer=NULL; unsigned char* samplebuffer=NULL; tsize_t bufferoffset=0; tsize_t samplebufferoffset=0; tsize_t read=0; tstrip_t i=0; tstrip_t j=0; tstrip_t stripcount=0; tsize_t stripsize=0; tsize_t sepstripcount=0; tsize_t sepstripsize=0; #ifdef OJPEG_SUPPORT toff_t inputoffset=0; uint16 h_samp=1; uint16 v_samp=1; uint16 ri=1; uint32 rows=0; #endif #ifdef JPEG_SUPPORT unsigned char* jpt; float* xfloatp; uint64* sbc; unsigned char* stripbuffer; tsize_t striplength=0; uint32 max_striplength=0; #endif if (t2p->t2p_error != T2P_ERR_OK) return(0); if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){ #ifdef CCITT_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_G4){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if (buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for "" ""t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB){ TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef ZIP_SUPPORT if (t2p->pdf_compression == T2P_COMPRESS_ZIP) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB) { TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef OJPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_OJPEG) { if(t2p->tiff_dataoffset != 0) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if(t2p->pdf_ojpegiflength==0){ inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); t2pReadFile(input, (tdata_t) buffer, t2p->tiff_datasize); t2pSeekFile(input, inputoffset, SEEK_SET); t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } else { inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); bufferoffset = t2pReadFile(input, (tdata_t) buffer, t2p->pdf_ojpegiflength); t2p->pdf_ojpegiflength = 0; t2pSeekFile(input, inputoffset, SEEK_SET); TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &h_samp, &v_samp); buffer[bufferoffset++]= 0xff; buffer[bufferoffset++]= 0xdd; buffer[bufferoffset++]= 0x00; buffer[bufferoffset++]= 0x04; h_samp*=8; v_samp*=8; ri=(t2p->tiff_width+h_samp-1) / h_samp; TIFFGetField(input, TIFFTAG_ROWSPERSTRIP, &rows); ri*=(rows+v_samp-1)/v_samp; buffer[bufferoffset++]= (ri>>8) & 0xff; buffer[bufferoffset++]= ri & 0xff; stripcount=TIFFNumberOfStrips(input); for(i=0;ipdf_ojpegdata){ TIFFError(TIFF2PDF_MODULE, ""No support for OJPEG image %s with bad tables"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); _TIFFmemcpy(buffer, t2p->pdf_ojpegdata, t2p->pdf_ojpegdatalength); bufferoffset=t2p->pdf_ojpegdatalength; stripcount=TIFFNumberOfStrips(input); for(i=0;it2p_error = T2P_ERR_ERROR; return(0); #endif } } #endif #ifdef JPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_JPEG) { uint32 count = 0; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if (TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { if(count > 4) { _TIFFmemcpy(buffer, jpt, count); bufferoffset += count - 2; } } stripcount=TIFFNumberOfStrips(input); TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc); for(i=0;imax_striplength) max_striplength=sbc[i]; } stripbuffer = (unsigned char*) _TIFFmalloc(max_striplength); if(stripbuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s"", max_striplength, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } for(i=0;itiff_length)){ TIFFError(TIFF2PDF_MODULE, ""Can't process JPEG data in input file %s"", TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } } buffer[bufferoffset++]=0xff; buffer[bufferoffset++]=0xd9; t2pWriteFile(output, (tdata_t) buffer, bufferoffset); _TIFFfree(stripbuffer); _TIFFfree(buffer); return(bufferoffset); } #endif (void)0; } if(t2p->pdf_sample==T2P_SAMPLE_NOTHING){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } } else { if(t2p->pdf_sample & T2P_SAMPLE_PLANAR_SEPARATE_TO_CONTIG){ sepstripsize=TIFFStripSize(input); sepstripcount=TIFFNumberOfStrips(input); stripsize=sepstripsize*t2p->tiff_samplesperpixel; stripcount=sepstripcount/t2p->tiff_samplesperpixel; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); samplebuffer = (unsigned char*) _TIFFmalloc(stripsize); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } for(i=0;itiff_samplesperpixel;j++){ read = TIFFReadEncodedStrip(input, i + j*stripcount, (tdata_t) &(samplebuffer[samplebufferoffset]), TIFFmin(sepstripsize, stripsize - samplebufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i + j*stripcount, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } samplebufferoffset+=read; } t2p_sample_planar_separate_to_contig( t2p, &(buffer[bufferoffset]), samplebuffer, samplebufferoffset); bufferoffset+=samplebufferoffset; } _TIFFfree(samplebuffer); goto dataready; } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } if(t2p->pdf_sample & T2P_SAMPLE_REALIZE_PALETTE){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t) buffer, t2p->tiff_datasize * t2p->tiff_samplesperpixel); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; t2p->tiff_datasize *= t2p->tiff_samplesperpixel; } t2p_sample_realize_palette(t2p, buffer); } if(t2p->pdf_sample & T2P_SAMPLE_RGBA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgba_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_RGBAA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgbaa_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_YCBCR_TO_RGB){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length*4); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; } if(!TIFFReadRGBAImageOriented( input, t2p->tiff_width, t2p->tiff_length, (uint32*)buffer, ORIENTATION_TOPLEFT, 0)){ TIFFError(TIFF2PDF_MODULE, ""Can't use TIFFReadRGBAImageOriented to extract RGB image from %s"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } t2p->tiff_datasize=t2p_sample_abgr_to_rgb( (tdata_t) buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_LAB_SIGNED_TO_UNSIGNED){ t2p->tiff_datasize=t2p_sample_lab_signed_to_unsigned( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } } dataready: t2p_disable(output); TIFFSetField(output, TIFFTAG_PHOTOMETRIC, t2p->tiff_photometric); TIFFSetField(output, TIFFTAG_BITSPERSAMPLE, t2p->tiff_bitspersample); TIFFSetField(output, TIFFTAG_SAMPLESPERPIXEL, t2p->tiff_samplesperpixel); TIFFSetField(output, TIFFTAG_IMAGEWIDTH, t2p->tiff_width); TIFFSetField(output, TIFFTAG_IMAGELENGTH, t2p->tiff_length); TIFFSetField(output, TIFFTAG_ROWSPERSTRIP, t2p->tiff_length); TIFFSetField(output, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); TIFFSetField(output, TIFFTAG_FILLORDER, FILLORDER_MSB2LSB); switch(t2p->pdf_compression){ case T2P_COMPRESS_NONE: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_NONE); break; #ifdef CCITT_SUPPORT case T2P_COMPRESS_G4: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_CCITTFAX4); break; #endif #ifdef JPEG_SUPPORT case T2P_COMPRESS_JPEG: if(t2p->tiff_photometric==PHOTOMETRIC_YCBCR) { uint16 hor = 0, ver = 0; if (TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &hor, &ver) !=0 ) { if(hor != 0 && ver != 0){ TIFFSetField(output, TIFFTAG_YCBCRSUBSAMPLING, hor, ver); } } if(TIFFGetField(input, TIFFTAG_REFERENCEBLACKWHITE, &xfloatp)!=0){ TIFFSetField(output, TIFFTAG_REFERENCEBLACKWHITE, xfloatp); } } if(TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_JPEG)==0){ TIFFError(TIFF2PDF_MODULE, ""Unable to use JPEG compression for input %s and output %s"", TIFFFileName(input), TIFFFileName(output)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFSetField(output, TIFFTAG_JPEGTABLESMODE, 0); if(t2p->pdf_colorspace & (T2P_CS_RGB | T2P_CS_LAB)){ TIFFSetField(output, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_YCBCR); if(t2p->tiff_photometric != PHOTOMETRIC_YCBCR){ TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RAW); } } if(t2p->pdf_colorspace & T2P_CS_GRAY){ (void)0; } if(t2p->pdf_colorspace & T2P_CS_CMYK){ (void)0; } if(t2p->pdf_defaultcompressionquality != 0){ TIFFSetField(output, TIFFTAG_JPEGQUALITY, t2p->pdf_defaultcompressionquality); } break; #endif #ifdef ZIP_SUPPORT case T2P_COMPRESS_ZIP: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_DEFLATE); if(t2p->pdf_defaultcompressionquality%100 != 0){ TIFFSetField(output, TIFFTAG_PREDICTOR, t2p->pdf_defaultcompressionquality % 100); } if(t2p->pdf_defaultcompressionquality/100 != 0){ TIFFSetField(output, TIFFTAG_ZIPQUALITY, (t2p->pdf_defaultcompressionquality / 100)); } break; #endif default: break; } t2p_enable(output); t2p->outputwritten = 0; #ifdef JPEG_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_JPEG && t2p->tiff_photometric == PHOTOMETRIC_YCBCR){ bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, stripsize * stripcount); } else #endif { bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, t2p->tiff_datasize); } if (buffer != NULL) { _TIFFfree(buffer); buffer=NULL; } if (bufferoffset == (tsize_t)-1) { TIFFError(TIFF2PDF_MODULE, ""Error writing encoded strip to output PDF %s"", TIFFFileName(output)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } written = t2p->outputwritten; return(written); }",visit repo url,tools/tiff2pdf.c,https://github.com/vadz/libtiff,108893693056642,1 5522,CWE-125,"obj2ast_type_ignore(PyObject* obj, type_ignore_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; if (obj == Py_None) { *out = NULL; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)TypeIgnore_type); if (isinstance == -1) { return 1; } if (isinstance) { int lineno; if (_PyObject_HasAttrId(obj, &PyId_lineno)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_lineno); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from TypeIgnore""); return 1; } *out = TypeIgnore(lineno, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of type_ignore, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,14368932084483,1 4933,['CWE-20'],"int readdir_search_pagecache(nfs_readdir_descriptor_t *desc) { int loop_count = 0; int res; if (*desc->dir_cookie == 0) { dfprintk(DIRCACHE, ""NFS: readdir_search_pagecache() searching for offset %Ld\n"", (long long)desc->file->f_pos); desc->page_index = 0; desc->entry->cookie = desc->entry->prev_cookie = 0; desc->entry->eof = 0; desc->current_index = 0; } else dfprintk(DIRCACHE, ""NFS: readdir_search_pagecache() searching for cookie %Lu\n"", (unsigned long long)*desc->dir_cookie); for (;;) { res = find_dirent_page(desc); if (res != -EAGAIN) break; desc->page_index ++; if (loop_count++ > 200) { loop_count = 0; schedule(); } } dfprintk(DIRCACHE, ""NFS: %s: returns %d\n"", __FUNCTION__, res); return res; }",linux-2.6,,,293016310656985021121726649412859105765,0 3945,['CWE-362'],"void inotify_dentry_parent_queue_event(struct dentry *dentry, u32 mask, u32 cookie, const char *name) { struct dentry *parent; struct inode *inode; if (!(dentry->d_flags & DCACHE_INOTIFY_PARENT_WATCHED)) return; spin_lock(&dentry->d_lock); parent = dentry->d_parent; inode = parent->d_inode; if (inotify_inode_watched(inode)) { dget(parent); spin_unlock(&dentry->d_lock); inotify_inode_queue_event(inode, mask, cookie, name, dentry->d_inode); dput(parent); } else spin_unlock(&dentry->d_lock); }",linux-2.6,,,121782974819823633114158063620991385984,0 4959,['CWE-20'],"nfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t rdev) { struct iattr attr; int status; dfprintk(VFS, ""NFS: mknod(%s/%ld), %s\n"", dir->i_sb->s_id, dir->i_ino, dentry->d_name.name); if (!new_valid_dev(rdev)) return -EINVAL; attr.ia_mode = mode; attr.ia_valid = ATTR_MODE; lock_kernel(); nfs_begin_data_update(dir); status = NFS_PROTO(dir)->mknod(dir, dentry, &attr, rdev); nfs_end_data_update(dir); if (status != 0) goto out_err; nfs_renew_times(dentry); nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); unlock_kernel(); return 0; out_err: unlock_kernel(); d_drop(dentry); return status; }",linux-2.6,,,103818963439911161357452277866585067288,0 6684,['CWE-200'],"list_close_cb (GtkDialog *dialog, gpointer user_data) { gtk_dialog_response (dialog, GTK_RESPONSE_CLOSE); }",network-manager-applet,,,120342968369485780113377003599211792073,0 2197,CWE-125,"qedi_dbg_info(struct qedi_dbg_ctx *qedi, const char *func, u32 line, u32 level, const char *fmt, ...) { va_list va; struct va_format vaf; char nfunc[32]; memset(nfunc, 0, sizeof(nfunc)); memcpy(nfunc, func, sizeof(nfunc) - 1); va_start(va, fmt); vaf.fmt = fmt; vaf.va = &va; if (!(qedi_dbg_log & level)) goto ret; if (likely(qedi) && likely(qedi->pdev)) pr_info(""[%s]:[%s:%d]:%d: %pV"", dev_name(&qedi->pdev->dev), nfunc, line, qedi->host_no, &vaf); else pr_info(""[0000:00:00.0]:[%s:%d]: %pV"", nfunc, line, &vaf); ret: va_end(va); }",visit repo url,drivers/scsi/qedi/qedi_dbg.c,https://github.com/torvalds/linux,216514716672246,1 3974,CWE-20,"int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, const unsigned char *hash, unsigned long hashlen, int padding, int hash_idx, unsigned long saltlen, int *stat, rsa_key *key) { unsigned long modulus_bitlen, modulus_bytelen, x; int err; unsigned char *tmpbuf; LTC_ARGCHK(hash != NULL); LTC_ARGCHK(sig != NULL); LTC_ARGCHK(stat != NULL); LTC_ARGCHK(key != NULL); *stat = 0; if ((padding != LTC_PKCS_1_V1_5) && (padding != LTC_PKCS_1_PSS)) { return CRYPT_PK_INVALID_PADDING; } if (padding == LTC_PKCS_1_PSS) { if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { return err; } } modulus_bitlen = mp_count_bits( (key->N)); modulus_bytelen = mp_unsigned_bin_size( (key->N)); if (modulus_bytelen != siglen) { return CRYPT_INVALID_PACKET; } tmpbuf = XMALLOC(siglen); if (tmpbuf == NULL) { return CRYPT_MEM; } x = siglen; if ((err = ltc_mp.rsa_me(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) { XFREE(tmpbuf); return err; } if (x != siglen) { XFREE(tmpbuf); return CRYPT_INVALID_PACKET; } if (padding == LTC_PKCS_1_PSS) { if(modulus_bitlen%8 == 1){ err = pkcs_1_pss_decode(hash, hashlen, tmpbuf+1, x-1, saltlen, hash_idx, modulus_bitlen, stat); } else{ err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat); } } else { unsigned char *out; unsigned long outlen, loid[16]; int decoded; ltc_asn1_list digestinfo[2], siginfo[2]; if (hash_descriptor[hash_idx].OIDlen == 0) { err = CRYPT_INVALID_ARG; goto bail_2; } outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3; out = XMALLOC(outlen); if (out == NULL) { err = CRYPT_MEM; goto bail_2; } if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) { XFREE(out); goto bail_2; } LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0])); LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen); if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) { XFREE(out); goto bail_2; } if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) && (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) && (siginfo[1].size == hashlen) && (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) { *stat = 1; } #ifdef LTC_CLEAN_STACK zeromem(out, outlen); #endif XFREE(out); } bail_2: #ifdef LTC_CLEAN_STACK zeromem(tmpbuf, siglen); #endif XFREE(tmpbuf); return err; }",visit repo url,src/pk/rsa/rsa_verify_hash.c,https://github.com/libtom/libtomcrypt,3019535093999,1 6654,NVD-CWE-noinfo,"int main(int argc, char **argv) { swaylock_log_init(LOG_ERROR); initialize_pw_backend(argc, argv); srand(time(NULL)); enum line_mode line_mode = LM_LINE; state.failed_attempts = 0; state.args = (struct swaylock_args){ .mode = BACKGROUND_MODE_FILL, .font = strdup(""sans-serif""), .font_size = 0, .radius = 50, .thickness = 10, .indicator_x_position = 0, .indicator_y_position = 0, .override_indicator_x_position = false, .override_indicator_y_position = false, .ignore_empty = false, .show_indicator = true, .show_caps_lock_indicator = false, .show_caps_lock_text = true, .show_keyboard_layout = false, .hide_keyboard_layout = false, .show_failed_attempts = false, .indicator_idle_visible = false }; wl_list_init(&state.images); set_default_colors(&state.args.colors); char *config_path = NULL; int result = parse_options(argc, argv, NULL, NULL, &config_path); if (result != 0) { free(config_path); return result; } if (!config_path) { config_path = get_config_path(); } if (config_path) { swaylock_log(LOG_DEBUG, ""Found config at %s"", config_path); int config_status = load_config(config_path, &state, &line_mode); free(config_path); if (config_status != 0) { free(state.args.font); return config_status; } } if (argc > 1) { swaylock_log(LOG_DEBUG, ""Parsing CLI Args""); int result = parse_options(argc, argv, &state, &line_mode, NULL); if (result != 0) { free(state.args.font); return result; } } if (line_mode == LM_INSIDE) { state.args.colors.line = state.args.colors.inside; } else if (line_mode == LM_RING) { state.args.colors.line = state.args.colors.ring; } #ifdef __linux__ if (mlock(state.password.buffer, sizeof(state.password.buffer)) != 0) { swaylock_log(LOG_ERROR, ""Unable to mlock() password memory.""); return EXIT_FAILURE; } #endif wl_list_init(&state.surfaces); state.xkb.context = xkb_context_new(XKB_CONTEXT_NO_FLAGS); state.display = wl_display_connect(NULL); if (!state.display) { free(state.args.font); swaylock_log(LOG_ERROR, ""Unable to connect to the compositor. "" ""If your compositor is running, check or set the "" ""WAYLAND_DISPLAY environment variable.""); return EXIT_FAILURE; } struct wl_registry *registry = wl_display_get_registry(state.display); wl_registry_add_listener(registry, ®istry_listener, &state); wl_display_roundtrip(state.display); assert(state.compositor && state.layer_shell && state.shm); if (!state.input_inhibit_manager) { free(state.args.font); swaylock_log(LOG_ERROR, ""Compositor does not support the input "" ""inhibitor protocol, refusing to run insecurely""); return 1; } zwlr_input_inhibit_manager_v1_get_inhibitor(state.input_inhibit_manager); if (wl_display_roundtrip(state.display) == -1) { free(state.args.font); swaylock_log(LOG_ERROR, ""Exiting - failed to inhibit input:"" "" is another lockscreen already running?""); return 2; } if (state.zxdg_output_manager) { struct swaylock_surface *surface; wl_list_for_each(surface, &state.surfaces, link) { surface->xdg_output = zxdg_output_manager_v1_get_xdg_output( state.zxdg_output_manager, surface->output); zxdg_output_v1_add_listener( surface->xdg_output, &_xdg_output_listener, surface); } wl_display_roundtrip(state.display); } else { swaylock_log(LOG_INFO, ""Compositor does not support zxdg output "" ""manager, images assigned to named outputs will not work""); } struct swaylock_surface *surface; wl_list_for_each(surface, &state.surfaces, link) { create_layer_surface(surface); } if (state.args.daemonize) { wl_display_roundtrip(state.display); daemonize(); } state.eventloop = loop_create(); loop_add_fd(state.eventloop, wl_display_get_fd(state.display), POLLIN, display_in, NULL); loop_add_fd(state.eventloop, get_comm_reply_fd(), POLLIN, comm_in, NULL); state.run_display = true; while (state.run_display) { errno = 0; if (wl_display_flush(state.display) == -1 && errno != EAGAIN) { break; } loop_poll(state.eventloop); } free(state.args.font); return 0; }",visit repo url,main.c,https://github.com/swaywm/swaylock,124536968438657,1 1522,CWE-399,"static void perf_callchain_user_64(struct perf_callchain_entry *entry, struct pt_regs *regs) { unsigned long sp, next_sp; unsigned long next_ip; unsigned long lr; long level = 0; struct signal_frame_64 __user *sigframe; unsigned long __user *fp, *uregs; next_ip = perf_instruction_pointer(regs); lr = regs->link; sp = regs->gpr[1]; perf_callchain_store(entry, next_ip); for (;;) { fp = (unsigned long __user *) sp; if (!valid_user_sp(sp, 1) || read_user_stack_64(fp, &next_sp)) return; if (level > 0 && read_user_stack_64(&fp[2], &next_ip)) return; if (next_sp - sp >= sizeof(struct signal_frame_64) && (is_sigreturn_64_address(next_ip, sp) || (level <= 1 && is_sigreturn_64_address(lr, sp))) && sane_signal_64_frame(sp)) { sigframe = (struct signal_frame_64 __user *) sp; uregs = sigframe->uc.uc_mcontext.gp_regs; if (read_user_stack_64(&uregs[PT_NIP], &next_ip) || read_user_stack_64(&uregs[PT_LNK], &lr) || read_user_stack_64(&uregs[PT_R1], &sp)) return; level = 0; perf_callchain_store(entry, PERF_CONTEXT_USER); perf_callchain_store(entry, next_ip); continue; } if (level == 0) next_ip = lr; perf_callchain_store(entry, next_ip); ++level; sp = next_sp; } }",visit repo url,arch/powerpc/perf/callchain.c,https://github.com/torvalds/linux,30355600677698,1 512,CWE-125,"int common_timer_set(struct k_itimer *timr, int flags, struct itimerspec64 *new_setting, struct itimerspec64 *old_setting) { const struct k_clock *kc = timr->kclock; bool sigev_none; ktime_t expires; if (old_setting) common_timer_get(timr, old_setting); timr->it_interval = 0; if (kc->timer_try_to_cancel(timr) < 0) return TIMER_RETRY; timr->it_active = 0; timr->it_requeue_pending = (timr->it_requeue_pending + 2) & ~REQUEUE_PENDING; timr->it_overrun_last = 0; if (!new_setting->it_value.tv_sec && !new_setting->it_value.tv_nsec) return 0; timr->it_interval = timespec64_to_ktime(new_setting->it_interval); expires = timespec64_to_ktime(new_setting->it_value); sigev_none = (timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE; kc->timer_arm(timr, expires, flags & TIMER_ABSTIME, sigev_none); timr->it_active = !sigev_none; return 0; }",visit repo url,kernel/time/posix-timers.c,https://github.com/torvalds/linux,158473734699066,1 6161,CWE-190,"void ep2_mul_sim_dig(ep2_t r, const ep2_t p[], const dig_t k[], int len) { ep2_t t; int max; ep2_null(t); max = util_bits_dig(k[0]); for (int i = 1; i < len; i++) { max = RLC_MAX(max, util_bits_dig(k[i])); } RLC_TRY { ep2_new(t); ep2_set_infty(t); for (int i = max - 1; i >= 0; i--) { ep2_dbl(t, t); for (int j = 0; j < len; j++) { if (k[j] & ((dig_t)1 << i)) { ep2_add(t, t, p[j]); } } } ep2_norm(r, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { ep2_free(t); } }",visit repo url,src/epx/relic_ep2_mul_sim.c,https://github.com/relic-toolkit/relic,52932637117946,1 1967,CWE-401,"static int sof_set_get_large_ctrl_data(struct snd_sof_dev *sdev, struct sof_ipc_ctrl_data *cdata, struct sof_ipc_ctrl_data_params *sparams, bool send) { struct sof_ipc_ctrl_data *partdata; size_t send_bytes; size_t offset = 0; size_t msg_bytes; size_t pl_size; int err; int i; partdata = kzalloc(SOF_IPC_MSG_MAX_SIZE, GFP_KERNEL); if (!partdata) return -ENOMEM; if (send) err = sof_get_ctrl_copy_params(cdata->type, cdata, partdata, sparams); else err = sof_get_ctrl_copy_params(cdata->type, partdata, cdata, sparams); if (err < 0) return err; msg_bytes = sparams->msg_bytes; pl_size = sparams->pl_size; memcpy(partdata, cdata, sparams->hdr_bytes); mutex_lock(&sdev->ipc->tx_mutex); for (i = 0; i < sparams->num_msg; i++) { send_bytes = min(msg_bytes, pl_size); partdata->num_elems = send_bytes; partdata->rhdr.hdr.size = sparams->hdr_bytes + send_bytes; partdata->msg_index = i; msg_bytes -= send_bytes; partdata->elems_remaining = msg_bytes; if (send) memcpy(sparams->dst, sparams->src + offset, send_bytes); err = sof_ipc_tx_message_unlocked(sdev->ipc, partdata->rhdr.hdr.cmd, partdata, partdata->rhdr.hdr.size, partdata, partdata->rhdr.hdr.size); if (err < 0) break; if (!send) memcpy(sparams->dst + offset, sparams->src, send_bytes); offset += pl_size; } mutex_unlock(&sdev->ipc->tx_mutex); kfree(partdata); return err; }",visit repo url,sound/soc/sof/ipc.c,https://github.com/torvalds/linux,134512592880349,1 5136,CWE-125,"ast_for_import_stmt(struct compiling *c, const node *n) { int lineno; int col_offset; int i; asdl_seq *aliases; REQ(n, import_stmt); lineno = LINENO(n); col_offset = n->n_col_offset; n = CHILD(n, 0); if (TYPE(n) == import_name) { n = CHILD(n, 1); REQ(n, dotted_as_names); aliases = _Py_asdl_seq_new((NCH(n) + 1) / 2, c->c_arena); if (!aliases) return NULL; for (i = 0; i < NCH(n); i += 2) { alias_ty import_alias = alias_for_import_name(c, CHILD(n, i), 1); if (!import_alias) return NULL; asdl_seq_SET(aliases, i / 2, import_alias); } return Import(aliases, lineno, col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else if (TYPE(n) == import_from) { int n_children; int idx, ndots = 0; const node *n_copy = n; alias_ty mod = NULL; identifier modname = NULL; for (idx = 1; idx < NCH(n); idx++) { if (TYPE(CHILD(n, idx)) == dotted_name) { mod = alias_for_import_name(c, CHILD(n, idx), 0); if (!mod) return NULL; idx++; break; } else if (TYPE(CHILD(n, idx)) == ELLIPSIS) { ndots += 3; continue; } else if (TYPE(CHILD(n, idx)) != DOT) { break; } ndots++; } idx++; switch (TYPE(CHILD(n, idx))) { case STAR: n = CHILD(n, idx); n_children = 1; break; case LPAR: n = CHILD(n, idx + 1); n_children = NCH(n); break; case import_as_names: n = CHILD(n, idx); n_children = NCH(n); if (n_children % 2 == 0) { ast_error(c, n, ""trailing comma not allowed without"" "" surrounding parentheses""); return NULL; } break; default: ast_error(c, n, ""Unexpected node-type in from-import""); return NULL; } aliases = _Py_asdl_seq_new((n_children + 1) / 2, c->c_arena); if (!aliases) return NULL; if (TYPE(n) == STAR) { alias_ty import_alias = alias_for_import_name(c, n, 1); if (!import_alias) return NULL; asdl_seq_SET(aliases, 0, import_alias); } else { for (i = 0; i < NCH(n); i += 2) { alias_ty import_alias = alias_for_import_name(c, CHILD(n, i), 1); if (!import_alias) return NULL; asdl_seq_SET(aliases, i / 2, import_alias); } } if (mod != NULL) modname = mod->name; return ImportFrom(modname, aliases, ndots, lineno, col_offset, n_copy->n_end_lineno, n_copy->n_end_col_offset, c->c_arena); } PyErr_Format(PyExc_SystemError, ""unknown import statement: starts with command '%s'"", STR(CHILD(n, 0))); return NULL; }",visit repo url,Python/ast.c,https://github.com/python/cpython,19741342458719,1 797,CWE-20,"static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(kiocb); struct scm_cookie scm; struct sock *sk = sock->sk; struct netlink_sock *nlk = nlk_sk(sk); int noblock = flags&MSG_DONTWAIT; size_t copied; struct sk_buff *skb, *data_skb; int err, ret; if (flags&MSG_OOB) return -EOPNOTSUPP; copied = 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (skb == NULL) goto out; data_skb = skb; #ifdef CONFIG_COMPAT_NETLINK_MESSAGES if (unlikely(skb_shinfo(skb)->frag_list)) { if (flags & MSG_CMSG_COMPAT) data_skb = skb_shinfo(skb)->frag_list; } #endif msg->msg_namelen = 0; copied = data_skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(data_skb); err = skb_copy_datagram_iovec(data_skb, 0, msg->msg_iov, copied); if (msg->msg_name) { struct sockaddr_nl *addr = (struct sockaddr_nl *)msg->msg_name; addr->nl_family = AF_NETLINK; addr->nl_pad = 0; addr->nl_pid = NETLINK_CB(skb).portid; addr->nl_groups = netlink_group_mask(NETLINK_CB(skb).dst_group); msg->msg_namelen = sizeof(*addr); } if (nlk->flags & NETLINK_RECV_PKTINFO) netlink_cmsg_recv_pktinfo(msg, skb); if (NULL == siocb->scm) { memset(&scm, 0, sizeof(scm)); siocb->scm = &scm; } siocb->scm->creds = *NETLINK_CREDS(skb); if (flags & MSG_TRUNC) copied = data_skb->len; skb_free_datagram(sk, skb); if (nlk->cb_running && atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) { ret = netlink_dump(sk); if (ret) { sk->sk_err = ret; sk->sk_error_report(sk); } } scm_recv(sock, msg, siocb->scm, flags); out: netlink_rcv_wake(sk); return err ? : copied; }",visit repo url,net/netlink/af_netlink.c,https://github.com/torvalds/linux,280528127100709,1 4271,CWE-416,"R_API bool r_io_bank_map_add_top(RIO *io, const ut32 bankid, const ut32 mapid) { RIOBank *bank = r_io_bank_get (io, bankid); RIOMap *map = r_io_map_get (io, mapid); r_return_val_if_fail (io && bank && map, false); RIOMapRef *mapref = _mapref_from_map (map); if (!mapref) { return false; } RIOSubMap *sm = r_io_submap_new (io, mapref); if (!sm) { free (mapref); return false; } RRBNode *entry = _find_entry_submap_node (bank, sm); if (!entry) { if (!r_crbtree_insert (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL)) { free (sm); free (mapref); return false; } r_list_append (bank->maprefs, mapref); return true; } bank->last_used = NULL; RIOSubMap *bd = (RIOSubMap *)entry->data; if (r_io_submap_to (bd) == r_io_submap_to (sm) && r_io_submap_from (bd) >= r_io_submap_from (sm)) { memcpy (bd, sm, sizeof (RIOSubMap)); free (sm); r_list_append (bank->maprefs, mapref); return true; } if (r_io_submap_from (bd) < r_io_submap_from (sm) && r_io_submap_to (sm) < r_io_submap_to (bd)) { RIOSubMap *bdsm = R_NEWCOPY (RIOSubMap, bd); if (!bdsm) { free (sm); free (mapref); return false; } r_io_submap_set_from (bdsm, r_io_submap_to (sm) + 1); r_io_submap_set_to (bd, r_io_submap_from (sm) - 1); if (!r_crbtree_insert (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL)) { free (sm); free (bdsm); free (mapref); return false; } if (!r_crbtree_insert (bank->submaps, bdsm, _find_sm_by_from_vaddr_cb, NULL)) { r_crbtree_delete (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL); free (sm); free (bdsm); free (mapref); return false; } r_list_append (bank->maprefs, mapref); return true; } if (r_io_submap_from (bd) < r_io_submap_from (sm)) { r_io_submap_set_to (bd, r_io_submap_from (sm) - 1); entry = r_rbnode_next (entry); } while (entry && r_io_submap_to (((RIOSubMap *)entry->data)) <= r_io_submap_to (sm)) { RRBNode *next = r_rbnode_next (entry); bool a = r_crbtree_delete (bank->submaps, entry->data, _find_sm_by_from_vaddr_cb, NULL); if (!a) { break; } entry = next; } if (entry && r_io_submap_from (((RIOSubMap *)entry->data)) <= r_io_submap_to (sm)) { bd = (RIOSubMap *)entry->data; r_io_submap_set_from (bd, r_io_submap_to (sm) + 1); } if (!r_crbtree_insert (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL)) { free (sm); free (mapref); return false; } r_list_append (bank->maprefs, mapref); return true; }",visit repo url,libr/io/io_bank.c,https://github.com/radareorg/radare2,260004401614919,1 2167,['CWE-400'],"static void do_shmem_file_read(struct file *filp, loff_t *ppos, read_descriptor_t *desc, read_actor_t actor) { struct inode *inode = filp->f_path.dentry->d_inode; struct address_space *mapping = inode->i_mapping; unsigned long index, offset; enum sgp_type sgp = SGP_READ; if (segment_eq(get_fs(), KERNEL_DS)) sgp = SGP_DIRTY; index = *ppos >> PAGE_CACHE_SHIFT; offset = *ppos & ~PAGE_CACHE_MASK; for (;;) { struct page *page = NULL; unsigned long end_index, nr, ret; loff_t i_size = i_size_read(inode); end_index = i_size >> PAGE_CACHE_SHIFT; if (index > end_index) break; if (index == end_index) { nr = i_size & ~PAGE_CACHE_MASK; if (nr <= offset) break; } desc->error = shmem_getpage(inode, index, &page, sgp, NULL); if (desc->error) { if (desc->error == -EINVAL) desc->error = 0; break; } if (page) unlock_page(page); nr = PAGE_CACHE_SIZE; i_size = i_size_read(inode); end_index = i_size >> PAGE_CACHE_SHIFT; if (index == end_index) { nr = i_size & ~PAGE_CACHE_MASK; if (nr <= offset) { if (page) page_cache_release(page); break; } } nr -= offset; if (page) { if (mapping_writably_mapped(mapping)) flush_dcache_page(page); if (!offset) mark_page_accessed(page); } else { page = ZERO_PAGE(0); page_cache_get(page); } ret = actor(desc, page, offset, nr); offset += ret; index += offset >> PAGE_CACHE_SHIFT; offset &= ~PAGE_CACHE_MASK; page_cache_release(page); if (ret != nr || !desc->count) break; cond_resched(); } *ppos = ((loff_t) index << PAGE_CACHE_SHIFT) + offset; file_accessed(filp); }",linux-2.6,,,290038638838577810306945614199048599193,0 6384,CWE-20,"error_t dm9000Init(NetInterface *interface) { uint_t i; uint16_t vendorId; uint16_t productId; uint8_t chipRevision; Dm9000Context *context; TRACE_INFO(""Initializing DM9000 Ethernet controller...\r\n""); interface->extIntDriver->init(); context = (Dm9000Context *) interface->nicContext; context->queuedPackets = 0; context->txBuffer = memPoolAlloc(ETH_MAX_FRAME_SIZE); context->rxBuffer = memPoolAlloc(ETH_MAX_FRAME_SIZE); if(context->txBuffer == NULL || context->rxBuffer == NULL) { memPoolFree(context->txBuffer); memPoolFree(context->rxBuffer); return ERROR_OUT_OF_MEMORY; } vendorId = (dm9000ReadReg(DM9000_REG_VIDH) << 8) | dm9000ReadReg(DM9000_REG_VIDL); productId = (dm9000ReadReg(DM9000_REG_PIDH) << 8) | dm9000ReadReg(DM9000_REG_PIDL); chipRevision = dm9000ReadReg(DM9000_REG_CHIPR); if(vendorId != DM9000_VID || productId != DM9000_PID) { return ERROR_WRONG_IDENTIFIER; } if(chipRevision != DM9000A_CHIP_REV && chipRevision != DM9000B_CHIP_REV) { return ERROR_WRONG_IDENTIFIER; } dm9000WriteReg(DM9000_REG_GPR, 0x00); sleep(10); dm9000WriteReg(DM9000_REG_NCR, NCR_RST); while((dm9000ReadReg(DM9000_REG_NCR) & NCR_RST) != 0) { } dm9000WritePhyReg(DM9000_PHY_REG_BMCR, BMCR_RST); while((dm9000ReadPhyReg(DM9000_PHY_REG_BMCR) & BMCR_RST) != 0) { } TRACE_INFO("" VID = 0x%04"" PRIX16 ""\r\n"", vendorId); TRACE_INFO("" PID = 0x%04"" PRIX16 ""\r\n"", productId); TRACE_INFO("" CHIPR = 0x%02"" PRIX8 ""\r\n"", chipRevision); TRACE_INFO("" PHYIDR1 = 0x%04"" PRIX16 ""\r\n"", dm9000ReadPhyReg(DM9000_PHY_REG_PHYIDR1)); TRACE_INFO("" PHYIDR2 = 0x%04"" PRIX16 ""\r\n"", dm9000ReadPhyReg(DM9000_PHY_REG_PHYIDR2)); #if (DM9000_LOOPBACK_MODE == ENABLED) dm9000WriteReg(DM9000_REG_NCR, DM9000_LBK_PHY); dm9000WritePhyReg(DM9000_PHY_REG_BMCR, BMCR_LOOPBACK | BMCR_SPEED_SEL | BMCR_AN_EN | BMCR_DUPLEX_MODE); #endif for(i = 0; i < 6; i++) { dm9000WriteReg(DM9000_REG_PAR0 + i, interface->macAddr.b[i]); } for(i = 0; i < 8; i++) { dm9000WriteReg(DM9000_REG_MAR0 + i, 0x00); } dm9000WriteReg(DM9000_REG_MAR7, 0x80); dm9000WriteReg(DM9000_REG_IMR, IMR_PAR); dm9000WriteReg(DM9000_REG_NSR, NSR_WAKEST | NSR_TX2END | NSR_TX1END); dm9000WriteReg(DM9000_REG_ISR, ISR_LNKCHG | ISR_UDRUN | ISR_ROO | ISR_ROS | ISR_PT | ISR_PR); dm9000WriteReg(DM9000_REG_IMR, IMR_PAR | IMR_LNKCHGI | IMR_PTI | IMR_PRI); dm9000WriteReg(DM9000_REG_RCR, RCR_DIS_LONG | RCR_DIS_CRC | RCR_RXEN); osSetEvent(&interface->nicTxEvent); interface->nicEvent = TRUE; osSetEvent(&netEvent); return NO_ERROR; }",visit repo url,drivers/eth/dm9000_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,164421501472517,1 810,['CWE-16'],"static void __exit esp6_fini(void) { if (inet6_del_protocol(&esp6_protocol, IPPROTO_ESP) < 0) printk(KERN_INFO ""ipv6 esp close: can't remove protocol\n""); if (xfrm_unregister_type(&esp6_type, AF_INET6) < 0) printk(KERN_INFO ""ipv6 esp close: can't remove xfrm type\n""); }",linux-2.6,,,233015870800650383596768022348813050405,0 5392,['CWE-476'],"static int kvm_task_switch_32(struct kvm_vcpu *vcpu, u16 tss_selector, u16 old_tss_sel, u32 old_tss_base, struct desc_struct *nseg_desc) { struct tss_segment_32 tss_segment_32; int ret = 0; if (kvm_read_guest(vcpu->kvm, old_tss_base, &tss_segment_32, sizeof tss_segment_32)) goto out; save_state_to_tss32(vcpu, &tss_segment_32); if (kvm_write_guest(vcpu->kvm, old_tss_base, &tss_segment_32, sizeof tss_segment_32)) goto out; if (kvm_read_guest(vcpu->kvm, get_tss_base_addr(vcpu, nseg_desc), &tss_segment_32, sizeof tss_segment_32)) goto out; if (old_tss_sel != 0xffff) { tss_segment_32.prev_task_link = old_tss_sel; if (kvm_write_guest(vcpu->kvm, get_tss_base_addr(vcpu, nseg_desc), &tss_segment_32.prev_task_link, sizeof tss_segment_32.prev_task_link)) goto out; } if (load_state_from_tss32(vcpu, &tss_segment_32)) goto out; ret = 1; out: return ret; }",linux-2.6,,,337206925063695907367882009477970046721,0 322,[],"static int do_atm_iobuf(unsigned int fd, unsigned int cmd, unsigned long arg) { struct atm_iobuf __user *iobuf; struct atm_iobuf32 __user *iobuf32; u32 data; void __user *datap; int len, err; iobuf = compat_alloc_user_space(sizeof(*iobuf)); iobuf32 = compat_ptr(arg); if (get_user(len, &iobuf32->length) || get_user(data, &iobuf32->buffer)) return -EFAULT; datap = compat_ptr(data); if (put_user(len, &iobuf->length) || put_user(datap, &iobuf->buffer)) return -EFAULT; err = sys_ioctl(fd, cmd, (unsigned long)iobuf); if (!err) { if (copy_in_user(&iobuf32->length, &iobuf->length, sizeof(int))) err = -EFAULT; } return err; }",linux-2.6,,,291666370395452340069711086994417762404,0 4582,['CWE-399'],"void ext4_set_inode_flags(struct inode *inode) { unsigned int flags = EXT4_I(inode)->i_flags; inode->i_flags &= ~(S_SYNC|S_APPEND|S_IMMUTABLE|S_NOATIME|S_DIRSYNC); if (flags & EXT4_SYNC_FL) inode->i_flags |= S_SYNC; if (flags & EXT4_APPEND_FL) inode->i_flags |= S_APPEND; if (flags & EXT4_IMMUTABLE_FL) inode->i_flags |= S_IMMUTABLE; if (flags & EXT4_NOATIME_FL) inode->i_flags |= S_NOATIME; if (flags & EXT4_DIRSYNC_FL) inode->i_flags |= S_DIRSYNC; }",linux-2.6,,,196866544964479159419541455228929660479,0 5106,CWE-125,"AsyncFor(expr_ty target, expr_ty iter, asdl_seq * body, asdl_seq * orelse, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; if (!target) { PyErr_SetString(PyExc_ValueError, ""field target is required for AsyncFor""); return NULL; } if (!iter) { PyErr_SetString(PyExc_ValueError, ""field iter is required for AsyncFor""); return NULL; } p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = AsyncFor_kind; p->v.AsyncFor.target = target; p->v.AsyncFor.iter = iter; p->v.AsyncFor.body = body; p->v.AsyncFor.orelse = orelse; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,209617818820265,1 1933,['CWE-20'],"struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr, pte_t pte) { unsigned long pfn; if (HAVE_PTE_SPECIAL) { if (likely(!pte_special(pte))) { VM_BUG_ON(!pfn_valid(pte_pfn(pte))); return pte_page(pte); } VM_BUG_ON(!(vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP))); return NULL; } pfn = pte_pfn(pte); if (unlikely(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP))) { if (vma->vm_flags & VM_MIXEDMAP) { if (!pfn_valid(pfn)) return NULL; goto out; } else { unsigned long off; off = (addr - vma->vm_start) >> PAGE_SHIFT; if (pfn == vma->vm_pgoff + off) return NULL; if (!is_cow_mapping(vma->vm_flags)) return NULL; } } VM_BUG_ON(!pfn_valid(pfn)); out: return pfn_to_page(pfn); }",linux-2.6,,,233724754846310435433534867184499911648,0 2511,CWE-20,"int prepareForShutdown() { redisLog(REDIS_WARNING,""User requested shutdown, saving DB...""); if (server.bgsavechildpid != -1) { redisLog(REDIS_WARNING,""There is a live saving child. Killing it!""); kill(server.bgsavechildpid,SIGKILL); rdbRemoveTempFile(server.bgsavechildpid); } if (server.appendonly) { aof_fsync(server.appendfd); if (server.vm_enabled) unlink(server.vm_swap_file); } else if (server.saveparamslen > 0) { if (rdbSave(server.dbfilename) != REDIS_OK) { redisLog(REDIS_WARNING,""Error trying to save the DB, can't exit""); return REDIS_ERR; } } else { redisLog(REDIS_WARNING,""Not saving DB.""); } if (server.daemonize) unlink(server.pidfile); redisLog(REDIS_WARNING,""Server exit now, bye bye...""); return REDIS_OK; }",visit repo url,src/redis.c,https://github.com/antirez/redis,68698362891517,1 293,CWE-362,"SYSCALL_DEFINE5(perf_event_open, struct perf_event_attr __user *, attr_uptr, pid_t, pid, int, cpu, int, group_fd, unsigned long, flags) { struct perf_event *group_leader = NULL, *output_event = NULL; struct perf_event *event, *sibling; struct perf_event_attr attr; struct perf_event_context *ctx, *uninitialized_var(gctx); struct file *event_file = NULL; struct fd group = {NULL, 0}; struct task_struct *task = NULL; struct pmu *pmu; int event_fd; int move_group = 0; int err; int f_flags = O_RDWR; int cgroup_fd = -1; if (flags & ~PERF_FLAG_ALL) return -EINVAL; err = perf_copy_attr(attr_uptr, &attr); if (err) return err; if (!attr.exclude_kernel) { if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) return -EACCES; } if (attr.freq) { if (attr.sample_freq > sysctl_perf_event_sample_rate) return -EINVAL; } else { if (attr.sample_period & (1ULL << 63)) return -EINVAL; } if (!attr.sample_max_stack) attr.sample_max_stack = sysctl_perf_event_max_stack; if ((flags & PERF_FLAG_PID_CGROUP) && (pid == -1 || cpu == -1)) return -EINVAL; if (flags & PERF_FLAG_FD_CLOEXEC) f_flags |= O_CLOEXEC; event_fd = get_unused_fd_flags(f_flags); if (event_fd < 0) return event_fd; if (group_fd != -1) { err = perf_fget_light(group_fd, &group); if (err) goto err_fd; group_leader = group.file->private_data; if (flags & PERF_FLAG_FD_OUTPUT) output_event = group_leader; if (flags & PERF_FLAG_FD_NO_GROUP) group_leader = NULL; } if (pid != -1 && !(flags & PERF_FLAG_PID_CGROUP)) { task = find_lively_task_by_vpid(pid); if (IS_ERR(task)) { err = PTR_ERR(task); goto err_group_fd; } } if (task && group_leader && group_leader->attr.inherit != attr.inherit) { err = -EINVAL; goto err_task; } get_online_cpus(); if (task) { err = mutex_lock_interruptible(&task->signal->cred_guard_mutex); if (err) goto err_cpus; err = -EACCES; if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) goto err_cred; } if (flags & PERF_FLAG_PID_CGROUP) cgroup_fd = pid; event = perf_event_alloc(&attr, cpu, task, group_leader, NULL, NULL, NULL, cgroup_fd); if (IS_ERR(event)) { err = PTR_ERR(event); goto err_cred; } if (is_sampling_event(event)) { if (event->pmu->capabilities & PERF_PMU_CAP_NO_INTERRUPT) { err = -EOPNOTSUPP; goto err_alloc; } } pmu = event->pmu; if (attr.use_clockid) { err = perf_event_set_clock(event, attr.clockid); if (err) goto err_alloc; } if (pmu->task_ctx_nr == perf_sw_context) event->event_caps |= PERF_EV_CAP_SOFTWARE; if (group_leader && (is_software_event(event) != is_software_event(group_leader))) { if (is_software_event(event)) { pmu = group_leader->pmu; } else if (is_software_event(group_leader) && (group_leader->group_caps & PERF_EV_CAP_SOFTWARE)) { move_group = 1; } } ctx = find_get_context(pmu, task, event); if (IS_ERR(ctx)) { err = PTR_ERR(ctx); goto err_alloc; } if ((pmu->capabilities & PERF_PMU_CAP_EXCLUSIVE) && group_leader) { err = -EBUSY; goto err_context; } if (group_leader) { err = -EINVAL; if (group_leader->group_leader != group_leader) goto err_context; if (group_leader->clock != event->clock) goto err_context; if (move_group) { if (group_leader->ctx->task != ctx->task) goto err_context; if (group_leader->cpu != event->cpu) goto err_context; } else { if (group_leader->ctx != ctx) goto err_context; } if (attr.exclusive || attr.pinned) goto err_context; } if (output_event) { err = perf_event_set_output(event, output_event); if (err) goto err_context; } event_file = anon_inode_getfile(""[perf_event]"", &perf_fops, event, f_flags); if (IS_ERR(event_file)) { err = PTR_ERR(event_file); event_file = NULL; goto err_context; } if (move_group) { gctx = group_leader->ctx; mutex_lock_double(&gctx->mutex, &ctx->mutex); if (gctx->task == TASK_TOMBSTONE) { err = -ESRCH; goto err_locked; } } else { mutex_lock(&ctx->mutex); } if (ctx->task == TASK_TOMBSTONE) { err = -ESRCH; goto err_locked; } if (!perf_event_validate_size(event)) { err = -E2BIG; goto err_locked; } if (!exclusive_event_installable(event, ctx)) { WARN_ON_ONCE(move_group); err = -EBUSY; goto err_locked; } WARN_ON_ONCE(ctx->parent_ctx); if (move_group) { perf_remove_from_context(group_leader, 0); list_for_each_entry(sibling, &group_leader->sibling_list, group_entry) { perf_remove_from_context(sibling, 0); put_ctx(gctx); } synchronize_rcu(); list_for_each_entry(sibling, &group_leader->sibling_list, group_entry) { perf_event__state_init(sibling); perf_install_in_context(ctx, sibling, sibling->cpu); get_ctx(ctx); } perf_event__state_init(group_leader); perf_install_in_context(ctx, group_leader, group_leader->cpu); get_ctx(ctx); put_ctx(gctx); } perf_event__header_size(event); perf_event__id_header_size(event); event->owner = current; perf_install_in_context(ctx, event, event->cpu); perf_unpin_context(ctx); if (move_group) mutex_unlock(&gctx->mutex); mutex_unlock(&ctx->mutex); if (task) { mutex_unlock(&task->signal->cred_guard_mutex); put_task_struct(task); } put_online_cpus(); mutex_lock(¤t->perf_event_mutex); list_add_tail(&event->owner_entry, ¤t->perf_event_list); mutex_unlock(¤t->perf_event_mutex); fdput(group); fd_install(event_fd, event_file); return event_fd; err_locked: if (move_group) mutex_unlock(&gctx->mutex); mutex_unlock(&ctx->mutex); fput(event_file); err_context: perf_unpin_context(ctx); put_ctx(ctx); err_alloc: if (!event_file) free_event(event); err_cred: if (task) mutex_unlock(&task->signal->cred_guard_mutex); err_cpus: put_online_cpus(); err_task: if (task) put_task_struct(task); err_group_fd: fdput(group); err_fd: put_unused_fd(event_fd); return err; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,57878446153927,1 3008,CWE-310,"ssl_do_connect (server * serv) { char buf[128]; g_sess = serv->server_session; if (SSL_connect (serv->ssl) <= 0) { char err_buf[128]; int err; g_sess = NULL; if ((err = ERR_get_error ()) > 0) { ERR_error_string (err, err_buf); snprintf (buf, sizeof (buf), ""(%d) %s"", err, err_buf); EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, buf, NULL, NULL, NULL, 0); if (ERR_GET_REASON (err) == SSL_R_WRONG_VERSION_NUMBER) PrintText (serv->server_session, _(""Are you sure this is a SSL capable server and port?\n"")); server_cleanup (serv); if (prefs.hex_net_auto_reconnectonfail) auto_reconnect (serv, FALSE, -1); return (0); } } g_sess = NULL; if (SSL_is_init_finished (serv->ssl)) { struct cert_info cert_info; struct chiper_info *chiper_info; int verify_error; int i; if (!_SSL_get_cert_info (&cert_info, serv->ssl)) { snprintf (buf, sizeof (buf), ""* Certification info:""); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); snprintf (buf, sizeof (buf), "" Subject:""); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); for (i = 0; cert_info.subject_word[i]; i++) { snprintf (buf, sizeof (buf), "" %s"", cert_info.subject_word[i]); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); } snprintf (buf, sizeof (buf), "" Issuer:""); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); for (i = 0; cert_info.issuer_word[i]; i++) { snprintf (buf, sizeof (buf), "" %s"", cert_info.issuer_word[i]); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); } snprintf (buf, sizeof (buf), "" Public key algorithm: %s (%d bits)"", cert_info.algorithm, cert_info.algorithm_bits); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); snprintf (buf, sizeof (buf), "" Sign algorithm %s"", cert_info.sign_algorithm ); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); snprintf (buf, sizeof (buf), "" Valid since %s to %s"", cert_info.notbefore, cert_info.notafter); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); } else { snprintf (buf, sizeof (buf), "" * No Certificate""); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); } chiper_info = _SSL_get_cipher_info (serv->ssl); snprintf (buf, sizeof (buf), ""* Cipher info:""); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); snprintf (buf, sizeof (buf), "" Version: %s, cipher %s (%u bits)"", chiper_info->version, chiper_info->chiper, chiper_info->chiper_bits); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); verify_error = SSL_get_verify_result (serv->ssl); switch (verify_error) { case X509_V_OK: break; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: case X509_V_ERR_CERT_HAS_EXPIRED: if (serv->accept_invalid_cert) { snprintf (buf, sizeof (buf), ""* Verify E: %s.? (%d) -- Ignored"", X509_verify_cert_error_string (verify_error), verify_error); EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, NULL, 0); break; } default: snprintf (buf, sizeof (buf), ""%s.? (%d)"", X509_verify_cert_error_string (verify_error), verify_error); EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, buf, NULL, NULL, NULL, 0); server_cleanup (serv); return (0); } server_stopconnecting (serv); server_connected (serv); return (0); } else { if (serv->ssl->session && serv->ssl->session->time + SSLTMOUT < time (NULL)) { snprintf (buf, sizeof (buf), ""SSL handshake timed out""); EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, buf, NULL, NULL, NULL, 0); server_cleanup (serv); if (prefs.hex_net_auto_reconnectonfail) auto_reconnect (serv, FALSE, -1); return (0); } return (1); } }",visit repo url,src/common/server.c,https://github.com/hexchat/hexchat,8091977030735,1 4869,CWE-119,"const char * util_acl_to_str(const sc_acl_entry_t *e) { static char line[80], buf[20]; unsigned int acl; if (e == NULL) return ""N/A""; line[0] = 0; while (e != NULL) { acl = e->method; switch (acl) { case SC_AC_UNKNOWN: return ""N/A""; case SC_AC_NEVER: return ""NEVR""; case SC_AC_NONE: return ""NONE""; case SC_AC_CHV: strcpy(buf, ""CHV""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""%d"", e->key_ref); break; case SC_AC_TERM: strcpy(buf, ""TERM""); break; case SC_AC_PRO: strcpy(buf, ""PROT""); break; case SC_AC_AUT: strcpy(buf, ""AUTH""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 4, ""%d"", e->key_ref); break; case SC_AC_SEN: strcpy(buf, ""Sec.Env. ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; case SC_AC_SCB: strcpy(buf, ""Sec.ControlByte ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""Ox%X"", e->key_ref); break; case SC_AC_IDA: strcpy(buf, ""PKCS#15 AuthID ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; default: strcpy(buf, ""????""); break; } strcat(line, buf); strcat(line, "" ""); e = e->next; } line[strlen(line)-1] = 0; return line; }",visit repo url,src/tools/util.c,https://github.com/OpenSC/OpenSC,34728816745796,1 5432,['CWE-476'],"static int kvmclock_cpufreq_notifier(struct notifier_block *nb, unsigned long val, void *data) { struct cpufreq_freqs *freq = data; struct kvm *kvm; struct kvm_vcpu *vcpu; int i, send_ipi = 0; if (!ref_freq) ref_freq = freq->old; if (val == CPUFREQ_PRECHANGE && freq->old > freq->new) return 0; if (val == CPUFREQ_POSTCHANGE && freq->old < freq->new) return 0; per_cpu(cpu_tsc_khz, freq->cpu) = cpufreq_scale(tsc_khz_ref, ref_freq, freq->new); spin_lock(&kvm_lock); list_for_each_entry(kvm, &vm_list, vm_list) { for (i = 0; i < KVM_MAX_VCPUS; ++i) { vcpu = kvm->vcpus[i]; if (!vcpu) continue; if (vcpu->cpu != freq->cpu) continue; if (!kvm_request_guest_time_update(vcpu)) continue; if (vcpu->cpu != smp_processor_id()) send_ipi++; } } spin_unlock(&kvm_lock); if (freq->old < freq->new && send_ipi) { smp_call_function_single(freq->cpu, bounce_off, NULL, 1); } return 0; }",linux-2.6,,,107323760815111468183834820055838374940,0 5016,CWE-125,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 1770,[],"static void run_rebalance_domains(struct softirq_action *h) { int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); enum cpu_idle_type idle = this_rq->idle_at_tick ? CPU_IDLE : CPU_NOT_IDLE; rebalance_domains(this_cpu, idle); #ifdef CONFIG_NO_HZ if (this_rq->idle_at_tick && atomic_read(&nohz.load_balancer) == this_cpu) { cpumask_t cpus = nohz.cpu_mask; struct rq *rq; int balance_cpu; cpu_clear(this_cpu, cpus); for_each_cpu_mask(balance_cpu, cpus) { if (need_resched()) break; rebalance_domains(balance_cpu, CPU_IDLE); rq = cpu_rq(balance_cpu); if (time_after(this_rq->next_balance, rq->next_balance)) this_rq->next_balance = rq->next_balance; } } #endif }",linux-2.6,,,170641696179729448561933535276825490693,0 2079,[],"int udp_proc_register(struct udp_seq_afinfo *afinfo) { struct proc_dir_entry *p; int rc = 0; if (!afinfo) return -EINVAL; afinfo->seq_fops->owner = afinfo->owner; afinfo->seq_fops->open = udp_seq_open; afinfo->seq_fops->read = seq_read; afinfo->seq_fops->llseek = seq_lseek; afinfo->seq_fops->release = seq_release_private; p = proc_net_fops_create(afinfo->name, S_IRUGO, afinfo->seq_fops); if (p) p->data = afinfo; else rc = -ENOMEM; return rc; }",linux-2.6,,,249373907092913899462939901435245716943,0 1291,CWE-189,"static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req, size_t *acl_len) { __be32 *savep; uint32_t attrlen, bitmap[3] = {0}; struct kvec *iov = req->rq_rcv_buf.head; int status; *acl_len = 0; if ((status = decode_op_hdr(xdr, OP_GETATTR)) != 0) goto out; if ((status = decode_attr_bitmap(xdr, bitmap)) != 0) goto out; if ((status = decode_attr_length(xdr, &attrlen, &savep)) != 0) goto out; if (unlikely(bitmap[0] & (FATTR4_WORD0_ACL - 1U))) return -EIO; if (likely(bitmap[0] & FATTR4_WORD0_ACL)) { size_t hdrlen; u32 recvd; hdrlen = (u8 *)xdr->p - (u8 *)iov->iov_base; recvd = req->rq_rcv_buf.len - hdrlen; if (attrlen > recvd) { dprintk(""NFS: server cheating in getattr"" "" acl reply: attrlen %u > recvd %u\n"", attrlen, recvd); return -EINVAL; } xdr_read_pages(xdr, attrlen); *acl_len = attrlen; } else status = -EOPNOTSUPP; out: return status; }",visit repo url,fs/nfs/nfs4xdr.c,https://github.com/torvalds/linux,225477891881792,1 5969,['CWE-200'],"rsvp_delete_filter(struct tcf_proto *tp, struct rsvp_filter *f) { tcf_unbind_filter(tp, &f->res); tcf_exts_destroy(tp, &f->exts); kfree(f); }",linux-2.6,,,178548034428350714606051683525915898838,0 3897,CWE-122,"get_visual_text( cmdarg_T *cap, char_u **pp, int *lenp) { if (VIsual_mode != 'V') unadjust_for_sel(); if (VIsual.lnum != curwin->w_cursor.lnum) { if (cap != NULL) clearopbeep(cap->oap); return FAIL; } if (VIsual_mode == 'V') { *pp = ml_get_curline(); *lenp = (int)STRLEN(*pp); } else { if (LT_POS(curwin->w_cursor, VIsual)) { *pp = ml_get_pos(&curwin->w_cursor); *lenp = VIsual.col - curwin->w_cursor.col + 1; } else { *pp = ml_get_pos(&VIsual); *lenp = curwin->w_cursor.col - VIsual.col + 1; } if (has_mbyte) *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1; } reset_VIsual_and_resel(); return OK; }",visit repo url,src/normal.c,https://github.com/vim/vim,38057263489111,1 804,['CWE-16'],"static int esp_init_authenc(struct xfrm_state *x) { struct esp_data *esp = x->data; struct crypto_aead *aead; struct crypto_authenc_key_param *param; struct rtattr *rta; char *key; char *p; char authenc_name[CRYPTO_MAX_ALG_NAME]; unsigned int keylen; int err; err = -EINVAL; if (x->ealg == NULL) goto error; err = -ENAMETOOLONG; if (snprintf(authenc_name, CRYPTO_MAX_ALG_NAME, ""authenc(%s,%s)"", x->aalg ? x->aalg->alg_name : ""digest_null"", x->ealg->alg_name) >= CRYPTO_MAX_ALG_NAME) goto error; aead = crypto_alloc_aead(authenc_name, 0, 0); err = PTR_ERR(aead); if (IS_ERR(aead)) goto error; esp->aead = aead; keylen = (x->aalg ? (x->aalg->alg_key_len + 7) / 8 : 0) + (x->ealg->alg_key_len + 7) / 8 + RTA_SPACE(sizeof(*param)); err = -ENOMEM; key = kmalloc(keylen, GFP_KERNEL); if (!key) goto error; p = key; rta = (void *)p; rta->rta_type = CRYPTO_AUTHENC_KEYA_PARAM; rta->rta_len = RTA_LENGTH(sizeof(*param)); param = RTA_DATA(rta); p += RTA_SPACE(sizeof(*param)); if (x->aalg) { struct xfrm_algo_desc *aalg_desc; memcpy(p, x->aalg->alg_key, (x->aalg->alg_key_len + 7) / 8); p += (x->aalg->alg_key_len + 7) / 8; aalg_desc = xfrm_aalg_get_byname(x->aalg->alg_name, 0); BUG_ON(!aalg_desc); err = -EINVAL; if (aalg_desc->uinfo.auth.icv_fullbits/8 != crypto_aead_authsize(aead)) { NETDEBUG(KERN_INFO ""ESP: %s digestsize %u != %hu\n"", x->aalg->alg_name, crypto_aead_authsize(aead), aalg_desc->uinfo.auth.icv_fullbits/8); goto free_key; } err = crypto_aead_setauthsize( aead, aalg_desc->uinfo.auth.icv_truncbits / 8); if (err) goto free_key; } param->enckeylen = cpu_to_be32((x->ealg->alg_key_len + 7) / 8); memcpy(p, x->ealg->alg_key, (x->ealg->alg_key_len + 7) / 8); err = crypto_aead_setkey(aead, key, keylen); free_key: kfree(key); error: return err; }",linux-2.6,,,115487088746811470771120203108189782021,0 1479,[],"static int __init isolated_cpu_setup(char *str) { int ints[NR_CPUS], i; str = get_options(str, ARRAY_SIZE(ints), ints); cpus_clear(cpu_isolated_map); for (i = 1; i <= ints[0]; i++) if (ints[i] < NR_CPUS) cpu_set(ints[i], cpu_isolated_map); return 1; }",linux-2.6,,,335628661691679126095115735915650659074,0 1785,[],"static u64 sched_slice(struct cfs_rq *cfs_rq, struct sched_entity *se) { return calc_delta_weight(__sched_period(cfs_rq->nr_running), se); }",linux-2.6,,,182660531689910370103255880302355626885,0 1934,['CWE-20'],"static __init int vdso_fixup_datapage(struct lib32_elfinfo *v32, struct lib64_elfinfo *v64) { Elf32_Sym *sym32; #ifdef CONFIG_PPC64 Elf64_Sym *sym64; sym64 = find_symbol64(v64, ""__kernel_datapage_offset""); if (sym64 == NULL) { printk(KERN_ERR ""vDSO64: Can't find symbol "" ""__kernel_datapage_offset !\n""); return -1; } *((int *)(vdso64_kbase + sym64->st_value - VDSO64_LBASE)) = (vdso64_pages << PAGE_SHIFT) - (sym64->st_value - VDSO64_LBASE); #endif sym32 = find_symbol32(v32, ""__kernel_datapage_offset""); if (sym32 == NULL) { printk(KERN_ERR ""vDSO32: Can't find symbol "" ""__kernel_datapage_offset !\n""); return -1; } *((int *)(vdso32_kbase + (sym32->st_value - VDSO32_LBASE))) = (vdso32_pages << PAGE_SHIFT) - (sym32->st_value - VDSO32_LBASE); return 0; }",linux-2.6,,,325213548806134066768041097721905020697,0 3647,['CWE-287'],"void sctp_assoc_del_nonprimary_peers(struct sctp_association *asoc, struct sctp_transport *primary) { struct sctp_transport *temp; struct sctp_transport *t; list_for_each_entry_safe(t, temp, &asoc->peer.transport_addr_list, transports) { if (t != primary) sctp_assoc_rm_peer(asoc, t); } return; }",linux-2.6,,,103815267233603833112446568503398715901,0 3851,[],"static inline int cap_from_disk(struct vfs_cap_data *caps, struct linux_binprm *bprm, unsigned size) { __u32 magic_etc; unsigned tocopy, i; int ret; if (size < sizeof(magic_etc)) return -EINVAL; magic_etc = le32_to_cpu(caps->magic_etc); switch ((magic_etc & VFS_CAP_REVISION_MASK)) { case VFS_CAP_REVISION_1: if (size != XATTR_CAPS_SZ_1) return -EINVAL; tocopy = VFS_CAP_U32_1; break; case VFS_CAP_REVISION_2: if (size != XATTR_CAPS_SZ_2) return -EINVAL; tocopy = VFS_CAP_U32_2; break; default: return -EINVAL; } if (magic_etc & VFS_CAP_FLAGS_EFFECTIVE) { bprm->cap_effective = true; } else { bprm->cap_effective = false; } ret = 0; CAP_FOR_EACH_U32(i) { __u32 value_cpu; if (i >= tocopy) { bprm->cap_post_exec_permitted.cap[i] = 0; continue; } value_cpu = le32_to_cpu(caps->data[i].permitted); bprm->cap_post_exec_permitted.cap[i] = (current->cap_bset.cap[i] & value_cpu) | (current->cap_inheritable.cap[i] & le32_to_cpu(caps->data[i].inheritable)); if (value_cpu & ~bprm->cap_post_exec_permitted.cap[i]) { ret = -EPERM; } } return bprm->cap_effective ? ret : 0; }",linux-2.6,,,93095297459408557056846816038675985200,0 4282,CWE-400,"static Var* Pe_r_bin_pe_parse_var(RBinPEObj* pe, PE_DWord* curAddr) { Var* var = calloc (1, sizeof (*var)); if (!var) { pe_printf (""Warning: calloc (Var)\n""); return NULL; } if ((var->wLength = r_buf_read_le16_at (pe->b, *curAddr)) == UT16_MAX) { pe_printf (""Warning: read (Var wLength)\n""); free_Var (var); return NULL; } *curAddr += sizeof (var->wLength); if ((var->wValueLength = r_buf_read_le16_at (pe->b, *curAddr)) == UT16_MAX) { pe_printf (""Warning: read (Var wValueLength)\n""); free_Var (var); return NULL; } *curAddr += sizeof (var->wValueLength); if ((var->wType = r_buf_read_le16_at (pe->b, *curAddr)) == UT16_MAX) { pe_printf (""Warning: read (Var wType)\n""); free_Var (var); return NULL; } *curAddr += sizeof (var->wType); if (var->wType != 0 && var->wType != 1) { pe_printf (""Warning: check (Var wType)\n""); free_Var (var); return NULL; } var->szKey = (ut16*) malloc (UT16_ALIGN (TRANSLATION_UTF_16_LEN)); if (!var->szKey) { pe_printf (""Warning: malloc (Var szKey)\n""); free_Var (var); return NULL; } if (r_buf_read_at (pe->b, *curAddr, (ut8*) var->szKey, TRANSLATION_UTF_16_LEN) < 1) { pe_printf (""Warning: read (Var szKey)\n""); free_Var (var); return NULL; } *curAddr += TRANSLATION_UTF_16_LEN; if (memcmp (var->szKey, TRANSLATION_UTF_16, TRANSLATION_UTF_16_LEN)) { pe_printf (""Warning: check (Var szKey)\n""); free_Var (var); return NULL; } align32 (*curAddr); var->numOfValues = var->wValueLength / 4; if (!var->numOfValues) { pe_printf (""Warning: check (Var numOfValues)\n""); free_Var (var); return NULL; } var->Value = (ut32*) malloc (var->wValueLength); if (!var->Value) { pe_printf (""Warning: malloc (Var Value)\n""); free_Var (var); return NULL; } if (r_buf_read_at (pe->b, *curAddr, (ut8*) var->Value, var->wValueLength) != var->wValueLength) { pe_printf (""Warning: read (Var Value)\n""); free_Var (var); return NULL; } *curAddr += var->wValueLength; return var; }",visit repo url,libr/bin/format/pe/pe.c,https://github.com/radareorg/radare2,30490317578512,1 4748,['CWE-20'],"static void destroy_inodecache(void) { kmem_cache_destroy(ext4_inode_cachep); }",linux-2.6,,,27390136648500119603974488374849411421,0 1792,CWE-200,"static int ext4_write_end(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned copied, struct page *page, void *fsdata) { handle_t *handle = ext4_journal_current_handle(); struct inode *inode = mapping->host; loff_t old_size = inode->i_size; int ret = 0, ret2; int i_size_changed = 0; trace_ext4_write_end(inode, pos, len, copied); if (ext4_test_inode_state(inode, EXT4_STATE_ORDERED_MODE)) { ret = ext4_jbd2_file_inode(handle, inode); if (ret) { unlock_page(page); put_page(page); goto errout; } } if (ext4_has_inline_data(inode)) { ret = ext4_write_inline_data_end(inode, pos, len, copied, page); if (ret < 0) goto errout; copied = ret; } else copied = block_write_end(file, mapping, pos, len, copied, page, fsdata); i_size_changed = ext4_update_inode_size(inode, pos + copied); unlock_page(page); put_page(page); if (old_size < pos) pagecache_isize_extended(inode, old_size, pos); if (i_size_changed) ext4_mark_inode_dirty(handle, inode); if (pos + len > inode->i_size && ext4_can_truncate(inode)) ext4_orphan_add(handle, inode); errout: ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; if (pos + len > inode->i_size) { ext4_truncate_failed_write(inode); if (inode->i_nlink) ext4_orphan_del(NULL, inode); } return ret ? ret : copied; }",visit repo url,fs/ext4/inode.c,https://github.com/torvalds/linux,162040317806076,1 3887,['CWE-119'],"static int lbs_ret_80211_scan(struct lbs_private *priv, unsigned long dummy, struct cmd_header *resp) { struct cmd_ds_802_11_scan_rsp *scanresp = (void *)resp; struct bss_descriptor *iter_bss; struct bss_descriptor *safe; uint8_t *bssinfo; uint16_t scanrespsize; int bytesleft; int idx; int tlvbufsize; int ret; lbs_deb_enter(LBS_DEB_SCAN); list_for_each_entry_safe (iter_bss, safe, &priv->network_list, list) { unsigned long stale_time = iter_bss->last_scanned + DEFAULT_MAX_SCAN_AGE; if (time_before(jiffies, stale_time)) continue; list_move_tail (&iter_bss->list, &priv->network_free_list); clear_bss_descriptor(iter_bss); } if (scanresp->nr_sets > MAX_NETWORK_COUNT) { lbs_deb_scan(""SCAN_RESP: too many scan results (%d, max %d)\n"", scanresp->nr_sets, MAX_NETWORK_COUNT); ret = -1; goto done; } bytesleft = le16_to_cpu(scanresp->bssdescriptsize); lbs_deb_scan(""SCAN_RESP: bssdescriptsize %d\n"", bytesleft); scanrespsize = le16_to_cpu(resp->size); lbs_deb_scan(""SCAN_RESP: scan results %d\n"", scanresp->nr_sets); bssinfo = scanresp->bssdesc_and_tlvbuffer; tlvbufsize = scanrespsize - (bytesleft + sizeof(scanresp->bssdescriptsize) + sizeof(scanresp->nr_sets) + S_DS_GEN); for (idx = 0; idx < scanresp->nr_sets && bytesleft; idx++) { struct bss_descriptor new; struct bss_descriptor *found = NULL; struct bss_descriptor *oldest = NULL; DECLARE_MAC_BUF(mac); memset(&new, 0, sizeof (struct bss_descriptor)); if (lbs_process_bss(&new, &bssinfo, &bytesleft) != 0) { lbs_deb_scan(""SCAN_RESP: process_bss returned ERROR\n""); continue; } list_for_each_entry (iter_bss, &priv->network_list, list) { if (is_same_network(iter_bss, &new)) { found = iter_bss; break; } if ((oldest == NULL) || (iter_bss->last_scanned < oldest->last_scanned)) oldest = iter_bss; } if (found) { clear_bss_descriptor(found); } else if (!list_empty(&priv->network_free_list)) { found = list_entry(priv->network_free_list.next, struct bss_descriptor, list); list_move_tail(&found->list, &priv->network_list); } else if (oldest) { found = oldest; clear_bss_descriptor(found); list_move_tail(&found->list, &priv->network_list); } else { continue; } lbs_deb_scan(""SCAN_RESP: BSSID %s\n"", print_mac(mac, new.bssid)); memcpy(found, &new, offsetof(struct bss_descriptor, list)); } ret = 0; done: lbs_deb_leave_args(LBS_DEB_SCAN, ""ret %d"", ret); return ret; }",linux-2.6,,,266040818068511872945644596626897141511,0 509,CWE-862,"static struct key *construct_key_and_link(struct keyring_search_context *ctx, const char *callout_info, size_t callout_len, void *aux, struct key *dest_keyring, unsigned long flags) { struct key_user *user; struct key *key; int ret; kenter(""""); if (ctx->index_key.type == &key_type_keyring) return ERR_PTR(-EPERM); user = key_user_lookup(current_fsuid()); if (!user) return ERR_PTR(-ENOMEM); construct_get_dest_keyring(&dest_keyring); ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key); key_user_put(user); if (ret == 0) { ret = construct_key(key, callout_info, callout_len, aux, dest_keyring); if (ret < 0) { kdebug(""cons failed""); goto construction_failed; } } else if (ret == -EINPROGRESS) { ret = 0; } else { goto couldnt_alloc_key; } key_put(dest_keyring); kleave("" = key %d"", key_serial(key)); return key; construction_failed: key_negate_and_link(key, key_negative_timeout, NULL, NULL); key_put(key); couldnt_alloc_key: key_put(dest_keyring); kleave("" = %d"", ret); return ERR_PTR(ret); }",visit repo url,security/keys/request_key.c,https://github.com/torvalds/linux,150798519917130,1 3493,['CWE-20'],"static sctp_disposition_t sctp_sf_tabort_8_4_8(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_packet *packet = NULL; struct sctp_chunk *chunk = arg; struct sctp_chunk *abort; packet = sctp_ootb_pkt_new(asoc, chunk); if (packet) { abort = sctp_make_abort(asoc, chunk, 0); if (!abort) { sctp_ootb_pkt_free(packet); return SCTP_DISPOSITION_NOMEM; } if (sctp_test_T_bit(abort)) packet->vtag = ntohl(chunk->sctp_hdr->vtag); abort->skb->sk = ep->base.sk; sctp_packet_append_chunk(packet, abort); sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(packet)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); sctp_sf_pdiscard(ep, asoc, type, arg, commands); return SCTP_DISPOSITION_CONSUME; } return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,105699369239840581140452240363935929720,0 653,[],"static int dccp_getsockopt_service(struct sock *sk, int len, __be32 __user *optval, int __user *optlen) { const struct dccp_sock *dp = dccp_sk(sk); const struct dccp_service_list *sl; int err = -ENOENT, slen = 0, total_len = sizeof(u32); lock_sock(sk); if ((sl = dp->dccps_service_list) != NULL) { slen = sl->dccpsl_nr * sizeof(u32); total_len += slen; } err = -EINVAL; if (total_len > len) goto out; err = 0; if (put_user(total_len, optlen) || put_user(dp->dccps_service, optval) || (sl != NULL && copy_to_user(optval + 1, sl->dccpsl_list, slen))) err = -EFAULT; out: release_sock(sk); return err; }",linux-2.6,,,60701119597104969012487641865676243695,0 6678,['CWE-200'],"applet_schedule_update_icon (NMApplet *applet) { if (!applet->update_icon_id) applet->update_icon_id = g_idle_add (applet_update_icon, applet); }",network-manager-applet,,,9654894634411533315823986326947263449,0 1156,CWE-264,"SYSCALL_DEFINE2(osf_getdomainname, char __user *, name, int, namelen) { unsigned len; int i; if (!access_ok(VERIFY_WRITE, name, namelen)) return -EFAULT; len = namelen; if (namelen > 32) len = 32; down_read(&uts_sem); for (i = 0; i < len; ++i) { __put_user(utsname()->domainname[i], name + i); if (utsname()->domainname[i] == '\0') break; } up_read(&uts_sem); return 0; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,211716187258866,1 5635,['CWE-476'],"static __inline__ struct sock *udp_v4_lookup(__be32 saddr, __be16 sport, __be32 daddr, __be16 dport, int dif) { struct sock *sk; read_lock(&udp_hash_lock); sk = udp_v4_lookup_longway(saddr, sport, daddr, dport, dif); if (sk) sock_hold(sk); read_unlock(&udp_hash_lock); return sk; }",linux-2.6,,,280494743414400611490967223888211699577,0 6331,['CWE-200'],"int tcf_register_action(struct tc_action_ops *act) { struct tc_action_ops *a, **ap; write_lock(&act_mod_lock); for (ap = &act_base; (a = *ap) != NULL; ap = &a->next) { if (act->type == a->type || (strcmp(act->kind, a->kind) == 0)) { write_unlock(&act_mod_lock); return -EEXIST; } } act->next = NULL; *ap = act; write_unlock(&act_mod_lock); return 0; }",linux-2.6,,,246376901055748977895512875211505520253,0 5190,CWE-125,"TfLiteStatus Eval(TfLiteContext* context, TfLiteNode* node) { auto* params = reinterpret_cast(node->builtin_data); const TfLiteTensor* input = GetInput(context, node, kInputTensor); const TfLiteTensor* input_weights = GetInput(context, node, kWeightsTensor); const TfLiteTensor* recurrent_weights = GetInput(context, node, kRecurrentWeightsTensor); const TfLiteTensor* bias = GetInput(context, node, kBiasTensor); TfLiteTensor* hidden_state = const_cast(GetInput(context, node, kHiddenStateTensor)); TfLiteTensor* output = GetOutput(context, node, kOutputTensor); switch (input_weights->type) { case kTfLiteFloat32: return EvalFloat(input, input_weights, recurrent_weights, bias, params, hidden_state, output); case kTfLiteUInt8: case kTfLiteInt8: { auto* op_data = reinterpret_cast(node->user_data); TfLiteTensor* input_quantized = GetTemporary(context, node, 0); TfLiteTensor* hidden_state_quantized = GetTemporary(context, node, 1); TfLiteTensor* scaling_factors = GetTemporary(context, node, 2); TfLiteTensor* accum_scratch = GetTemporary(context, node, 3); TfLiteTensor* zero_points = GetTemporary(context, node, 4); TfLiteTensor* row_sums = GetTemporary(context, node, 5); return EvalHybrid(input, input_weights, recurrent_weights, bias, params, input_quantized, hidden_state_quantized, scaling_factors, hidden_state, output, zero_points, accum_scratch, row_sums, &op_data->compute_row_sums); } default: TF_LITE_KERNEL_LOG(context, ""Type %d not currently supported."", TfLiteTypeGetName(input_weights->type)); return kTfLiteError; } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/unidirectional_sequence_rnn.cc,https://github.com/tensorflow/tensorflow,149794079248942,1 4862,['CWE-189'],"ecryptfs_write_header_metadata(char *virt, struct ecryptfs_crypt_stat *crypt_stat, size_t *written) { u32 header_extent_size; u16 num_header_extents_at_front; header_extent_size = (u32)crypt_stat->extent_size; num_header_extents_at_front = (u16)(crypt_stat->num_header_bytes_at_front / crypt_stat->extent_size); put_unaligned_be32(header_extent_size, virt); virt += 4; put_unaligned_be16(num_header_extents_at_front, virt); (*written) = 6; }",linux-2.6,,,1868971557648922383755860004614308058,0 2307,['CWE-120'],"int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt, const char *name, unsigned int flags, struct nameidata *nd) { int retval; nd->last_type = LAST_ROOT; nd->flags = flags; nd->depth = 0; nd->path.dentry = dentry; nd->path.mnt = mnt; path_get(&nd->path); retval = path_walk(name, nd); if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry && nd->path.dentry->d_inode)) audit_inode(name, nd->path.dentry); return retval; }",linux-2.6,,,9717790437457895013354899188794950073,0 191,CWE-476,"static int stimer_set_count(struct kvm_vcpu_hv_stimer *stimer, u64 count, bool host) { struct kvm_vcpu *vcpu = hv_stimer_to_vcpu(stimer); struct kvm_vcpu_hv_synic *synic = to_hv_synic(vcpu); if (!synic->active && !host) return 1; trace_kvm_hv_stimer_set_count(hv_stimer_to_vcpu(stimer)->vcpu_id, stimer->index, count, host); stimer_cleanup(stimer); stimer->count = count; if (stimer->count == 0) stimer->config.enable = 0; else if (stimer->config.auto_enable) stimer->config.enable = 1; if (stimer->config.enable) stimer_mark_pending(stimer, false); return 0; }",visit repo url,arch/x86/kvm/hyperv.c,https://github.com/torvalds/linux,244034950007959,1 6325,['CWE-200'],"tcf_exts_destroy(struct tcf_proto *tp, struct tcf_exts *exts) { #ifdef CONFIG_NET_CLS_ACT if (exts->action) { tcf_action_destroy(exts->action, TCA_ACT_UNBIND); exts->action = NULL; } #elif defined CONFIG_NET_CLS_POLICE if (exts->police) { tcf_police_release(exts->police, TCA_ACT_UNBIND); exts->police = NULL; } #endif }",linux-2.6,,,245373314608058511543911201528954194843,0 3148,CWE-17,"_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, int clist_size, const gnutls_x509_crt_t * trusted_cas, int tcas_size, const gnutls_x509_crl_t * CRLs, int crls_size, unsigned int flags) { int i = 0, ret; unsigned int status = 0, output; if (clist_size > 1) { if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], certificate_list[clist_size - 1]) > 0) { clist_size--; } } if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) { for (i = 0; i < clist_size; i++) { int j; for (j = 0; j < tcas_size; j++) { if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0) { clist_size = i; break; } } } } if (clist_size == 0) return status; ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1], trusted_cas, tcas_size, flags, &output); if (ret == 0) { gnutls_assert (); status |= output; status |= GNUTLS_CERT_INVALID; return status; } #ifdef ENABLE_PKI for (i = 0; i < clist_size; i++) { ret = gnutls_x509_crt_check_revocation (certificate_list[i], CRLs, crls_size); if (ret == 1) { status |= GNUTLS_CERT_REVOKED; status |= GNUTLS_CERT_INVALID; return status; } } #endif if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) { time_t t, now = time (0); for (i = 0; i < clist_size; i++) { t = gnutls_x509_crt_get_activation_time (certificate_list[i]); if (t == (time_t) - 1 || now < t) { status |= GNUTLS_CERT_NOT_ACTIVATED; status |= GNUTLS_CERT_INVALID; return status; } t = gnutls_x509_crt_get_expiration_time (certificate_list[i]); if (t == (time_t) - 1 || now > t) { status |= GNUTLS_CERT_EXPIRED; status |= GNUTLS_CERT_INVALID; return status; } } } for (i = clist_size - 1; i > 0; i--) { if (i - 1 < 0) break; if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); if ((ret = _gnutls_verify_certificate2 (certificate_list[i - 1], &certificate_list[i], 1, flags, NULL)) == 0) { status |= GNUTLS_CERT_INVALID; return status; } } return 0; }",visit repo url,lib/x509/verify.c,https://gitlab.com/gnutls/gnutls,135804383334052,1 3223,['CWE-189'],"static int jpc_pi_addpchgfrompoc(jpc_pi_t *pi, jpc_poc_t *poc) { int pchgno; jpc_pchg_t *pchg; for (pchgno = 0; pchgno < poc->numpchgs; ++pchgno) { if (!(pchg = jpc_pchg_copy(&poc->pchgs[pchgno]))) { return -1; } if (jpc_pchglist_insert(pi->pchglist, -1, pchg)) { return -1; } } return 0; }",jasper,,,23502479282731181278707770665880305769,0 4649,CWE-401,"GF_Err gf_isom_oinf_read_entry(void *entry, GF_BitStream *bs) { GF_OperatingPointsInformation* ptr = (GF_OperatingPointsInformation *)entry; u32 i, j, count; if (!ptr) return GF_BAD_PARAM; ptr->scalability_mask = gf_bs_read_u16(bs); gf_bs_read_int(bs, 2); count = gf_bs_read_int(bs, 6); for (i = 0; i < count; i++) { LHEVC_ProfileTierLevel *ptl; GF_SAFEALLOC(ptl, LHEVC_ProfileTierLevel); if (!ptl) return GF_OUT_OF_MEM; ptl->general_profile_space = gf_bs_read_int(bs, 2); ptl->general_tier_flag= gf_bs_read_int(bs, 1); ptl->general_profile_idc = gf_bs_read_int(bs, 5); ptl->general_profile_compatibility_flags = gf_bs_read_u32(bs); ptl->general_constraint_indicator_flags = gf_bs_read_long_int(bs, 48); ptl->general_level_idc = gf_bs_read_u8(bs); gf_list_add(ptr->profile_tier_levels, ptl); } count = gf_bs_read_u16(bs); for (i = 0; i < count; i++) { LHEVC_OperatingPoint *op; GF_SAFEALLOC(op, LHEVC_OperatingPoint); if (!op) return GF_OUT_OF_MEM; op->output_layer_set_idx = gf_bs_read_u16(bs); op->max_temporal_id = gf_bs_read_u8(bs); op->layer_count = gf_bs_read_u8(bs); if (op->layer_count > GF_ARRAY_LENGTH(op->layers_info)) return GF_NON_COMPLIANT_BITSTREAM; for (j = 0; j < op->layer_count; j++) { op->layers_info[j].ptl_idx = gf_bs_read_u8(bs); op->layers_info[j].layer_id = gf_bs_read_int(bs, 6); op->layers_info[j].is_outputlayer = gf_bs_read_int(bs, 1) ? GF_TRUE : GF_FALSE; op->layers_info[j].is_alternate_outputlayer = gf_bs_read_int(bs, 1) ? GF_TRUE : GF_FALSE; } op->minPicWidth = gf_bs_read_u16(bs); op->minPicHeight = gf_bs_read_u16(bs); op->maxPicWidth = gf_bs_read_u16(bs); op->maxPicHeight = gf_bs_read_u16(bs); op->maxChromaFormat = gf_bs_read_int(bs, 2); op->maxBitDepth = gf_bs_read_int(bs, 3) + 8; gf_bs_read_int(bs, 1); op->frame_rate_info_flag = gf_bs_read_int(bs, 1) ? GF_TRUE : GF_FALSE; op->bit_rate_info_flag = gf_bs_read_int(bs, 1) ? GF_TRUE : GF_FALSE; if (op->frame_rate_info_flag) { op->avgFrameRate = gf_bs_read_u16(bs); gf_bs_read_int(bs, 6); op->constantFrameRate = gf_bs_read_int(bs, 2); } if (op->bit_rate_info_flag) { op->maxBitRate = gf_bs_read_u32(bs); op->avgBitRate = gf_bs_read_u32(bs); } gf_list_add(ptr->operating_points, op); } count = gf_bs_read_u8(bs); for (i = 0; i < count; i++) { LHEVC_DependentLayer *dep; GF_SAFEALLOC(dep, LHEVC_DependentLayer); if (!dep) return GF_OUT_OF_MEM; dep->dependent_layerID = gf_bs_read_u8(bs); dep->num_layers_dependent_on = gf_bs_read_u8(bs); if (dep->num_layers_dependent_on > GF_ARRAY_LENGTH(dep->dependent_on_layerID)) { gf_free(dep); return GF_NON_COMPLIANT_BITSTREAM; } for (j = 0; j < dep->num_layers_dependent_on; j++) dep->dependent_on_layerID[j] = gf_bs_read_u8(bs); for (j = 0; j < 16; j++) { if (ptr->scalability_mask & (1 << j)) dep->dimension_identifier[j] = gf_bs_read_u8(bs); } gf_list_add(ptr->dependency_layers, dep); } return GF_OK; }",visit repo url,src/isomedia/avc_ext.c,https://github.com/gpac/gpac,9392205161964,1 4616,CWE-190,"static s32 gf_hevc_read_vps_bs_internal(GF_BitStream *bs, HEVCState *hevc, Bool stop_at_vps_ext) { u8 vps_sub_layer_ordering_info_present_flag, vps_extension_flag; u32 i, j; s32 vps_id; HEVC_VPS *vps; u8 layer_id_included_flag[MAX_LHVC_LAYERS][64]; vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) return -1; vps = &hevc->vps[vps_id]; vps->bit_pos_vps_extensions = -1; if (!vps->state) { vps->id = vps_id; vps->state = 1; } vps->base_layer_internal_flag = gf_bs_read_int_log(bs, 1, ""base_layer_internal_flag""); vps->base_layer_available_flag = gf_bs_read_int_log(bs, 1, ""base_layer_available_flag""); vps->max_layers = 1 + gf_bs_read_int_log(bs, 6, ""max_layers_minus1""); if (vps->max_layers > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] sorry, %d layers in VPS but only %d supported\n"", vps->max_layers, MAX_LHVC_LAYERS)); return -1; } vps->max_sub_layers = gf_bs_read_int_log(bs, 3, ""max_sub_layers_minus1"") + 1; vps->temporal_id_nesting = gf_bs_read_int_log(bs, 1, ""temporal_id_nesting""); gf_bs_read_int_log(bs, 16, ""vps_reserved_ffff_16bits""); hevc_profile_tier_level(bs, 1, vps->max_sub_layers - 1, &vps->ptl, 0); vps_sub_layer_ordering_info_present_flag = gf_bs_read_int_log(bs, 1, ""vps_sub_layer_ordering_info_present_flag""); for (i = (vps_sub_layer_ordering_info_present_flag ? 0 : vps->max_sub_layers - 1); i < vps->max_sub_layers; i++) { gf_bs_read_ue_log_idx(bs, ""vps_max_dec_pic_buffering_minus1"", i); gf_bs_read_ue_log_idx(bs, ""vps_max_num_reorder_pics"", i); gf_bs_read_ue_log_idx(bs, ""vps_max_latency_increase_plus1"", i); } vps->max_layer_id = gf_bs_read_int_log(bs, 6, ""max_layer_id""); if (vps->max_layer_id > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] VPS max layer ID %u but GPAC only supports %u\n"", vps->max_layer_id, MAX_LHVC_LAYERS)); return -1; } vps->num_layer_sets = gf_bs_read_ue_log(bs, ""num_layer_sets_minus1"") + 1; if (vps->num_layer_sets > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Wrong number of layer sets in VPS %d\n"", vps->num_layer_sets)); return -1; } for (i = 1; i < vps->num_layer_sets; i++) { for (j = 0; j <= vps->max_layer_id; j++) { layer_id_included_flag[i][j] = gf_bs_read_int_log_idx2(bs, 1, ""layer_id_included_flag"", i, j); } } vps->num_layers_in_id_list[0] = 1; for (i = 1; i < vps->num_layer_sets; i++) { u32 n, m; n = 0; for (m = 0; m <= vps->max_layer_id; m++) { if (layer_id_included_flag[i][m]) { vps->LayerSetLayerIdList[i][n++] = m; if (vps->LayerSetLayerIdListMax[i] < m) vps->LayerSetLayerIdListMax[i] = m; } } vps->num_layers_in_id_list[i] = n; } if (gf_bs_read_int_log(bs, 1, ""vps_timing_info_present_flag"")) { u32 vps_num_hrd_parameters; gf_bs_read_int_log(bs, 32, ""vps_num_units_in_tick""); gf_bs_read_int_log(bs, 32, ""vps_time_scale""); if (gf_bs_read_int_log(bs, 1, ""vps_poc_proportional_to_timing_flag"")) { gf_bs_read_ue_log(bs, ""vps_num_ticks_poc_diff_one_minus1""); } vps_num_hrd_parameters = gf_bs_read_ue_log(bs, ""vps_num_hrd_parameters""); for (i = 0; i < vps_num_hrd_parameters; i++) { Bool cprms_present_flag = GF_TRUE; gf_bs_read_ue_log_idx(bs, ""hrd_layer_set_idx"", i); if (i > 0) cprms_present_flag = gf_bs_read_int_log(bs, 1, ""cprms_present_flag""); hevc_parse_hrd_parameters(bs, cprms_present_flag, vps->max_sub_layers - 1, i); } } if (stop_at_vps_ext) { return vps_id; } vps_extension_flag = gf_bs_read_int_log(bs, 1, ""vps_extension_flag""); if (vps_extension_flag) { Bool res; gf_bs_align(bs); res = hevc_parse_vps_extension(vps, bs); if (res != GF_TRUE) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Failed to parse VPS extensions\n"")); return -1; } if (gf_bs_read_int_log(bs, 1, ""vps_extension2_flag"")) { #if 0 while (gf_bs_available(bs)) { gf_bs_read_int(bs, 1); } #endif } } return vps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,85408619606295,1 2413,CWE-119,"static int http_receive_data(HTTPContext *c) { HTTPContext *c1; int len, loop_run = 0; while (c->chunked_encoding && !c->chunk_size && c->buffer_end > c->buffer_ptr) { len = recv(c->fd, c->buffer_ptr, 1, 0); if (len < 0) { if (ff_neterrno() != AVERROR(EAGAIN) && ff_neterrno() != AVERROR(EINTR)) goto fail; return 0; } else if (len == 0) { goto fail; } else if (c->buffer_ptr - c->buffer >= 2 && !memcmp(c->buffer_ptr - 1, ""\r\n"", 2)) { c->chunk_size = strtol(c->buffer, 0, 16); if (c->chunk_size == 0) goto fail; c->buffer_ptr = c->buffer; break; } else if (++loop_run > 10) goto fail; else c->buffer_ptr++; } if (c->buffer_end > c->buffer_ptr) { len = recv(c->fd, c->buffer_ptr, FFMIN(c->chunk_size, c->buffer_end - c->buffer_ptr), 0); if (len < 0) { if (ff_neterrno() != AVERROR(EAGAIN) && ff_neterrno() != AVERROR(EINTR)) goto fail; } else if (len == 0) goto fail; else { c->chunk_size -= len; c->buffer_ptr += len; c->data_count += len; update_datarate(&c->datarate, c->data_count); } } if (c->buffer_ptr - c->buffer >= 2 && c->data_count > FFM_PACKET_SIZE) { if (c->buffer[0] != 'f' || c->buffer[1] != 'm') { http_log(""Feed stream has become desynchronized -- disconnecting\n""); goto fail; } } if (c->buffer_ptr >= c->buffer_end) { FFServerStream *feed = c->stream; if (c->data_count > FFM_PACKET_SIZE) { if (lseek(c->feed_fd, feed->feed_write_index, SEEK_SET) == -1) http_log(""Seek to %""PRId64"" failed\n"", feed->feed_write_index); if (write(c->feed_fd, c->buffer, FFM_PACKET_SIZE) < 0) { http_log(""Error writing to feed file: %s\n"", strerror(errno)); goto fail; } feed->feed_write_index += FFM_PACKET_SIZE; if (feed->feed_write_index > c->stream->feed_size) feed->feed_size = feed->feed_write_index; if (c->stream->feed_max_size && feed->feed_write_index >= c->stream->feed_max_size) feed->feed_write_index = FFM_PACKET_SIZE; if (ffm_write_write_index(c->feed_fd, feed->feed_write_index) < 0) { http_log(""Error writing index to feed file: %s\n"", strerror(errno)); goto fail; } for(c1 = first_http_ctx; c1; c1 = c1->next) { if (c1->state == HTTPSTATE_WAIT_FEED && c1->stream->feed == c->stream->feed) c1->state = HTTPSTATE_SEND_DATA; } } else { AVFormatContext *s = avformat_alloc_context(); AVIOContext *pb; AVInputFormat *fmt_in; int i; if (!s) goto fail; fmt_in = av_find_input_format(feed->fmt->name); if (!fmt_in) goto fail; pb = avio_alloc_context(c->buffer, c->buffer_end - c->buffer, 0, NULL, NULL, NULL, NULL); if (!pb) goto fail; pb->seekable = 0; s->pb = pb; if (avformat_open_input(&s, c->stream->feed_filename, fmt_in, NULL) < 0) { av_freep(&pb); goto fail; } if (s->nb_streams != feed->nb_streams) { avformat_close_input(&s); av_freep(&pb); http_log(""Feed '%s' stream number does not match registered feed\n"", c->stream->feed_filename); goto fail; } for (i = 0; i < s->nb_streams; i++) { LayeredAVStream *fst = feed->streams[i]; AVStream *st = s->streams[i]; avcodec_parameters_to_context(fst->codec, st->codecpar); avcodec_parameters_from_context(fst->codecpar, fst->codec); } avformat_close_input(&s); av_freep(&pb); } c->buffer_ptr = c->buffer; } return 0; fail: c->stream->feed_opened = 0; close(c->feed_fd); for(c1 = first_http_ctx; c1; c1 = c1->next) { if (c1->state == HTTPSTATE_WAIT_FEED && c1->stream->feed == c->stream->feed) c1->state = HTTPSTATE_SEND_DATA_TRAILER; } return -1; }",visit repo url,ffserver.c,https://github.com/FFmpeg/FFmpeg,268606481621268,1 2946,['CWE-189'],"void jpc_ns_invlift_colgrp(jpc_fix_t *a, int numrows, int stride, int parity) { jpc_fix_t *lptr; jpc_fix_t *hptr; register jpc_fix_t *lptr2; register jpc_fix_t *hptr2; register int n; register int i; int llen; llen = (numrows + 1 - parity) >> 1; if (numrows > 1) { #if defined(WT_DOSCALE) lptr = &a[0]; n = llen; while (n-- > 0) { lptr2 = lptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] = jpc_fix_mul(lptr2[0], jpc_dbltofix(1.0 / LGAIN)); ++lptr2; } lptr += stride; } hptr = &a[llen * stride]; n = numrows - llen; while (n-- > 0) { hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { hptr2[0] = jpc_fix_mul(hptr2[0], jpc_dbltofix(1.0 / HGAIN)); ++hptr2; } hptr += stride; } #endif lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(DELTA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(GAMMA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(BETA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(ALPHA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++lptr2; ++hptr2; } } } else { #if defined(WT_LENONE) if (parity) { lptr2 = &a[0]; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] >>= 1; ++lptr2; } } #endif } }",jasper,,,67862406663591847609703516361424874692,0 6234,CWE-190,"void fp9_write_bin(uint8_t *bin, int len, const fp9_t a) { if (len != 9 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp3_write_bin(bin, 3 * RLC_FP_BYTES, a[0]); fp3_write_bin(bin + 3 * RLC_FP_BYTES, 3 * RLC_FP_BYTES, a[1]); fp3_write_bin(bin + 6 * RLC_FP_BYTES, 3 * RLC_FP_BYTES, a[2]); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,55463234337881,1 5547,CWE-125,"obj2ast_withitem(PyObject* obj, withitem_ty* out, PyArena* arena) { PyObject* tmp = NULL; expr_ty context_expr; expr_ty optional_vars; if (_PyObject_HasAttrId(obj, &PyId_context_expr)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_context_expr); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &context_expr, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""context_expr\"" missing from withitem""); return 1; } if (exists_not_none(obj, &PyId_optional_vars)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_optional_vars); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &optional_vars, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { optional_vars = NULL; } *out = withitem(context_expr, optional_vars, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,82611377092684,1 4761,CWE-119,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 937,['CWE-200'],"static inline void shmem_unacct_size(unsigned long flags, loff_t size) { if (flags & VM_ACCOUNT) vm_unacct_memory(VM_ACCT(size)); }",linux-2.6,,,99243168101302523469886840436376172970,0 2322,CWE-400,"static void settings_init(void) { settings.use_cas = true; settings.access = 0700; settings.port = 11211; settings.udpport = 11211; settings.inter = NULL; settings.maxbytes = 64 * 1024 * 1024; settings.maxconns = 1024; settings.verbose = 0; settings.oldest_live = 0; settings.oldest_cas = 0; settings.evict_to_free = 1; settings.socketpath = NULL; settings.factor = 1.25; settings.chunk_size = 48; settings.num_threads = 4; settings.num_threads_per_udp = 0; settings.prefix_delimiter = ':'; settings.detail_enabled = 0; settings.reqs_per_event = 20; settings.backlog = 1024; settings.binding_protocol = negotiating_prot; settings.item_size_max = 1024 * 1024; settings.slab_page_size = 1024 * 1024; settings.slab_chunk_size_max = settings.slab_page_size / 2; settings.sasl = false; settings.maxconns_fast = true; settings.lru_crawler = false; settings.lru_crawler_sleep = 100; settings.lru_crawler_tocrawl = 0; settings.lru_maintainer_thread = false; settings.lru_segmented = true; settings.hot_lru_pct = 20; settings.warm_lru_pct = 40; settings.hot_max_factor = 0.2; settings.warm_max_factor = 2.0; settings.inline_ascii_response = false; settings.temp_lru = false; settings.temporary_ttl = 61; settings.idle_timeout = 0; settings.hashpower_init = 0; settings.slab_reassign = true; settings.slab_automove = 1; settings.slab_automove_ratio = 0.8; settings.slab_automove_window = 30; settings.shutdown_command = false; settings.tail_repair_time = TAIL_REPAIR_TIME_DEFAULT; settings.flush_enabled = true; settings.dump_enabled = true; settings.crawls_persleep = 1000; settings.logger_watcher_buf_size = LOGGER_WATCHER_BUF_SIZE; settings.logger_buf_size = LOGGER_BUF_SIZE; settings.drop_privileges = true; #ifdef MEMCACHED_DEBUG settings.relaxed_privileges = false; #endif }",visit repo url,memcached.c,https://github.com/memcached/memcached,154208065192354,1 2544,CWE-399,"cib_remote_listen(gpointer data) { int lpc = 0; int csock = 0; unsigned laddr; time_t now = 0; time_t start = time(NULL); struct sockaddr_in addr; int ssock = *(int *)data; #ifdef HAVE_GNUTLS_GNUTLS_H gnutls_session *session = NULL; #endif cib_client_t *new_client = NULL; xmlNode *login = NULL; const char *user = NULL; const char *pass = NULL; const char *tmp = NULL; #ifdef HAVE_DECL_NANOSLEEP const struct timespec sleepfast = { 0, 10000000 }; #endif static struct mainloop_fd_callbacks remote_client_fd_callbacks = { .dispatch = cib_remote_msg, .destroy = cib_remote_connection_destroy, }; laddr = sizeof(addr); csock = accept(ssock, (struct sockaddr *)&addr, &laddr); crm_debug(""New %s connection from %s"", ssock == remote_tls_fd ? ""secure"" : ""clear-text"", inet_ntoa(addr.sin_addr)); if (csock == -1) { crm_err(""accept socket failed""); return TRUE; } if (ssock == remote_tls_fd) { #ifdef HAVE_GNUTLS_GNUTLS_H session = create_tls_session(csock, GNUTLS_SERVER); if (session == NULL) { crm_err(""TLS session creation failed""); close(csock); return TRUE; } #endif } do { crm_trace(""Iter: %d"", lpc++); if (ssock == remote_tls_fd) { #ifdef HAVE_GNUTLS_GNUTLS_H login = crm_recv_remote_msg(session, TRUE); #endif } else { login = crm_recv_remote_msg(GINT_TO_POINTER(csock), FALSE); } if (login != NULL) { break; } #ifdef HAVE_DECL_NANOSLEEP nanosleep(&sleepfast, NULL); #else sleep(1); #endif now = time(NULL); } while (login == NULL && (start - now) < 4); crm_log_xml_info(login, ""Login: ""); if (login == NULL) { goto bail; } tmp = crm_element_name(login); if (safe_str_neq(tmp, ""cib_command"")) { crm_err(""Wrong tag: %s"", tmp); goto bail; } tmp = crm_element_value(login, ""op""); if (safe_str_neq(tmp, ""authenticate"")) { crm_err(""Wrong operation: %s"", tmp); goto bail; } user = crm_element_value(login, ""user""); pass = crm_element_value(login, ""password""); if (check_group_membership(user, CRM_DAEMON_GROUP) == FALSE) { crm_err(""User is not a member of the required group""); goto bail; } else if (authenticate_user(user, pass) == FALSE) { crm_err(""PAM auth failed""); goto bail; } num_clients++; new_client = calloc(1, sizeof(cib_client_t)); new_client->name = crm_element_value_copy(login, ""name""); CRM_CHECK(new_client->id == NULL, free(new_client->id)); new_client->id = crm_generate_uuid(); #if ENABLE_ACL new_client->user = strdup(user); #endif new_client->callback_id = NULL; if (ssock == remote_tls_fd) { #ifdef HAVE_GNUTLS_GNUTLS_H new_client->encrypted = TRUE; new_client->session = session; #endif } else { new_client->session = GINT_TO_POINTER(csock); } free_xml(login); login = create_xml_node(NULL, ""cib_result""); crm_xml_add(login, F_CIB_OPERATION, CRM_OP_REGISTER); crm_xml_add(login, F_CIB_CLIENTID, new_client->id); crm_send_remote_msg(new_client->session, login, new_client->encrypted); free_xml(login); new_client->remote = mainloop_add_fd( ""cib-remote-client"", G_PRIORITY_DEFAULT, csock, new_client, &remote_client_fd_callbacks); g_hash_table_insert(client_list, new_client->id, new_client); return TRUE; bail: if (ssock == remote_tls_fd) { #ifdef HAVE_GNUTLS_GNUTLS_H gnutls_bye(*session, GNUTLS_SHUT_RDWR); gnutls_deinit(*session); gnutls_free(session); #endif } close(csock); free_xml(login); return TRUE; }",visit repo url,cib/remote.c,https://github.com/ClusterLabs/pacemaker,84447494347303,1 1254,[],"mkstemp_helper (struct obstack *obs, const char *me, const char *pattern, size_t len) { int fd; int i; char *name; obstack_grow (obs, lquote.string, lquote.length); obstack_grow (obs, pattern, len); for (i = 0; len > 0 && i < 6; i++) if (pattern[len - i - 1] != 'X') break; obstack_grow0 (obs, ""XXXXXX"", 6 - i); name = (char *) obstack_base (obs) + lquote.length; errno = 0; fd = mkstemp (name); if (fd < 0) { M4ERROR ((0, errno, ""cannot create tempfile `%s'"", pattern)); obstack_free (obs, obstack_finish (obs)); } else { close (fd); obstack_blank (obs, -1); obstack_grow (obs, rquote.string, rquote.length); } }",m4,,,142875464731481664262863383523175137679,0 3247,['CWE-189'],"static jpc_enc_band_t *band_create(jpc_enc_band_t *band, jpc_enc_cp_t *cp, jpc_enc_rlvl_t *rlvl, jpc_tsfb_band_t *bandinfos) { uint_fast16_t bandno; uint_fast16_t gblbandno; uint_fast16_t rlvlno; jpc_tsfb_band_t *bandinfo; jpc_enc_tcmpt_t *tcmpt; uint_fast32_t prcno; jpc_enc_prc_t *prc; tcmpt = rlvl->tcmpt; band->data = 0; band->prcs = 0; band->rlvl = rlvl; rlvlno = rlvl - rlvl->tcmpt->rlvls; bandno = band - rlvl->bands; gblbandno = (!rlvlno) ? 0 : (3 * (rlvlno - 1) + bandno + 1); bandinfo = &bandinfos[gblbandno]; if (bandinfo->xstart != bandinfo->xend && bandinfo->ystart != bandinfo->yend) { if (!(band->data = jas_seq2d_create(0, 0, 0, 0))) { goto error; } jas_seq2d_bindsub(band->data, tcmpt->data, bandinfo->locxstart, bandinfo->locystart, bandinfo->locxend, bandinfo->locyend); jas_seq2d_setshift(band->data, bandinfo->xstart, bandinfo->ystart); } band->orient = bandinfo->orient; band->analgain = JPC_NOMINALGAIN(cp->tccp.qmfbid, tcmpt->numrlvls, rlvlno, band->orient); band->numbps = 0; band->absstepsize = 0; band->stepsize = 0; band->synweight = bandinfo->synenergywt; if (band->data) { if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_enc_prc_t)))) { goto error; } for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno, ++prc) { prc->cblks = 0; prc->incltree = 0; prc->nlibtree = 0; prc->savincltree = 0; prc->savnlibtree = 0; prc->band = band; } for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno, ++prc) { if (!prc_create(prc, cp, band)) { goto error; } } } return band; error: band_destroy(band); return 0; }",jasper,,,302121097553275657193701108463735459354,0 1065,['CWE-20'],"int raw_notifier_chain_unregister(struct raw_notifier_head *nh, struct notifier_block *n) { return notifier_chain_unregister(&nh->head, n); }",linux-2.6,,,240761561516921426006825174077296202249,0 3130,['CWE-189'],"static int bmp_gethdr(jas_stream_t *in, bmp_hdr_t *hdr) { if (bmp_getint16(in, &hdr->magic) || hdr->magic != BMP_MAGIC || bmp_getint32(in, &hdr->siz) || bmp_getint16(in, &hdr->reserved1) || bmp_getint16(in, &hdr->reserved2) || bmp_getint32(in, &hdr->off)) { return -1; } return 0; }",jasper,,,91219071977786188284956786501635259399,0 2850,['CWE-119'],"static void process_one_v4_ace(struct posix_acl_state *state, struct nfs4_ace *ace) { u32 mask = ace->access_mask; int i; state->empty = 0; switch (ace2type(ace)) { case ACL_USER_OBJ: if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->owner, mask); } else { deny_bits(&state->owner, mask); } break; case ACL_USER: i = find_uid(state, state->users, ace->who); if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->users->aces[i].perms, mask); } else { deny_bits(&state->users->aces[i].perms, mask); mask = state->users->aces[i].perms.deny; deny_bits(&state->owner, mask); } break; case ACL_GROUP_OBJ: if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->group, mask); } else { deny_bits(&state->group, mask); mask = state->group.deny; deny_bits(&state->owner, mask); deny_bits(&state->everyone, mask); deny_bits_array(state->users, mask); deny_bits_array(state->groups, mask); } break; case ACL_GROUP: i = find_uid(state, state->groups, ace->who); if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->groups->aces[i].perms, mask); } else { deny_bits(&state->groups->aces[i].perms, mask); mask = state->groups->aces[i].perms.deny; deny_bits(&state->owner, mask); deny_bits(&state->group, mask); deny_bits(&state->everyone, mask); deny_bits_array(state->users, mask); deny_bits_array(state->groups, mask); } break; case ACL_OTHER: if (ace->type == NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE) { allow_bits(&state->owner, mask); allow_bits(&state->group, mask); allow_bits(&state->other, mask); allow_bits(&state->everyone, mask); allow_bits_array(state->users, mask); allow_bits_array(state->groups, mask); } else { deny_bits(&state->owner, mask); deny_bits(&state->group, mask); deny_bits(&state->other, mask); deny_bits(&state->everyone, mask); deny_bits_array(state->users, mask); deny_bits_array(state->groups, mask); } } }",linux-2.6,,,264843665628204105551852726919699869163,0 2522,['CWE-119'],"void add_head_to_pending(struct rev_info *revs) { unsigned char sha1[20]; struct object *obj; if (get_sha1(""HEAD"", sha1)) return; obj = parse_object(sha1); if (!obj) return; add_pending_object(revs, obj, ""HEAD""); }",git,,,99081083859511601847188953664197829523,0 2904,['CWE-189'],"static void jpc_dequantize(jas_matrix_t *x, jpc_fix_t absstepsize) { int i; int j; int t; assert(absstepsize >= 0); if (absstepsize == jpc_inttofix(1)) { return; } for (i = 0; i < jas_matrix_numrows(x); ++i) { for (j = 0; j < jas_matrix_numcols(x); ++j) { t = jas_matrix_get(x, i, j); if (t) { t = jpc_fix_mul(t, absstepsize); } else { t = 0; } jas_matrix_set(x, i, j, t); } } }",jasper,,,239353335623396047495622322368462916508,0 5762,CWE-190,"MONGO_EXPORT void __mongo_set_error( mongo *conn, mongo_error_t err, const char *str, int errcode ) { int errstr_size, str_size; conn->err = err; conn->errcode = errcode; if( str ) { str_size = strlen( str ) + 1; errstr_size = str_size > MONGO_ERR_LEN ? MONGO_ERR_LEN : str_size; memcpy( conn->errstr, str, errstr_size ); conn->errstr[errstr_size-1] = '\0'; } }",visit repo url,src/mongo.c,https://github.com/10gen-archive/mongo-c-driver-legacy,104281020866616,1 5110,CWE-125,"AsyncWith(asdl_seq * items, asdl_seq * body, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = AsyncWith_kind; p->v.AsyncWith.items = items; p->v.AsyncWith.body = body; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,261017249660031,1 1459,[],"calc_delta_fair(unsigned long delta, struct sched_entity *se) { for_each_sched_entity(se) { delta = calc_delta_mine(delta, cfs_rq_of(se)->load.weight, &se->load); } return delta; }",linux-2.6,,,34866927108877406877579290605194682974,0 2058,CWE-415,"static int f_midi_set_alt(struct usb_function *f, unsigned intf, unsigned alt) { struct f_midi *midi = func_to_midi(f); unsigned i; int err; if (intf != midi->ms_id) return 0; err = f_midi_start_ep(midi, f, midi->in_ep); if (err) return err; err = f_midi_start_ep(midi, f, midi->out_ep); if (err) return err; while (kfifo_avail(&midi->in_req_fifo)) { struct usb_request *req = midi_alloc_ep_req(midi->in_ep, midi->buflen); if (req == NULL) return -ENOMEM; req->length = 0; req->complete = f_midi_complete; kfifo_put(&midi->in_req_fifo, req); } for (i = 0; i < midi->qlen && err == 0; i++) { struct usb_request *req = midi_alloc_ep_req(midi->out_ep, midi->buflen); if (req == NULL) return -ENOMEM; req->complete = f_midi_complete; err = usb_ep_queue(midi->out_ep, req, GFP_ATOMIC); if (err) { ERROR(midi, ""%s: couldn't enqueue request: %d\n"", midi->out_ep->name, err); free_ep_req(midi->out_ep, req); return err; } } return 0; }",visit repo url,drivers/usb/gadget/function/f_midi.c,https://github.com/torvalds/linux,230403621905427,1 1721,CWE-19,"exit_ext2_xattr(void) { mb_cache_destroy(ext2_xattr_cache); }",visit repo url,fs/ext2/xattr.c,https://github.com/torvalds/linux,36585070867330,1 5294,['CWE-119'],"static int tun_net_close(struct net_device *dev) { netif_stop_queue(dev); return 0; }",linux-2.6,,,240381896344683404937137053227666889491,0 3485,CWE-295,"*/ static int send_client_reply_packet(MCPVIO_EXT *mpvio, const uchar *data, int data_len) { MYSQL *mysql= mpvio->mysql; NET *net= &mysql->net; char *buff, *end; size_t buff_size; size_t connect_attrs_len= (mysql->server_capabilities & CLIENT_CONNECT_ATTRS && mysql->options.extension) ? mysql->options.extension->connection_attributes_length : 0; DBUG_ASSERT(connect_attrs_len < MAX_CONNECTION_ATTR_STORAGE_LENGTH); buff_size= 33 + USERNAME_LENGTH + data_len + 9 + NAME_LEN + NAME_LEN + connect_attrs_len + 9; buff= my_alloca(buff_size); mysql->client_flag|= mysql->options.client_flag; mysql->client_flag|= CLIENT_CAPABILITIES; if (mysql->client_flag & CLIENT_MULTI_STATEMENTS) mysql->client_flag|= CLIENT_MULTI_RESULTS; #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) if (mysql->options.ssl_key || mysql->options.ssl_cert || mysql->options.ssl_ca || mysql->options.ssl_capath || mysql->options.ssl_cipher || (mysql->options.extension && mysql->options.extension->ssl_crl) || (mysql->options.extension && mysql->options.extension->ssl_crlpath)) mysql->options.use_ssl= 1; if (mysql->options.use_ssl) mysql->client_flag|= CLIENT_SSL; #endif if (mpvio->db) mysql->client_flag|= CLIENT_CONNECT_WITH_DB; else mysql->client_flag&= ~CLIENT_CONNECT_WITH_DB; mysql->client_flag= mysql->client_flag & (~(CLIENT_COMPRESS | CLIENT_SSL | CLIENT_PROTOCOL_41) | mysql->server_capabilities); #ifndef HAVE_COMPRESS mysql->client_flag&= ~CLIENT_COMPRESS; #endif if (mysql->client_flag & CLIENT_PROTOCOL_41) { int4store(buff,mysql->client_flag); int4store(buff+4, net->max_packet_size); buff[8]= (char) mysql->charset->number; memset(buff+9, 0, 32-9); end= buff+32; } else { int2store(buff, mysql->client_flag); int3store(buff+2, net->max_packet_size); end= buff+5; } #ifdef HAVE_OPENSSL if (mysql->client_flag & CLIENT_SSL) { struct st_mysql_options *options= &mysql->options; struct st_VioSSLFd *ssl_fd; enum enum_ssl_init_error ssl_init_error; const char *cert_error; unsigned long ssl_error; MYSQL_TRACE(SEND_SSL_REQUEST, mysql, (end - buff, (const unsigned char*)buff)); if (my_net_write(net, (uchar*)buff, (size_t) (end-buff)) || net_flush(net)) { set_mysql_extended_error(mysql, CR_SERVER_LOST, unknown_sqlstate, ER(CR_SERVER_LOST_EXTENDED), ""sending connection information to server"", errno); goto error; } MYSQL_TRACE_STAGE(mysql, SSL_NEGOTIATION); if (!(ssl_fd= new_VioSSLConnectorFd(options->ssl_key, options->ssl_cert, options->ssl_ca, options->ssl_capath, options->ssl_cipher, &ssl_init_error, options->extension ? options->extension->ssl_crl : NULL, options->extension ? options->extension->ssl_crlpath : NULL))) { set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate, ER(CR_SSL_CONNECTION_ERROR), sslGetErrString(ssl_init_error)); goto error; } mysql->connector_fd= (unsigned char *) ssl_fd; DBUG_PRINT(""info"", (""IO layer change in progress..."")); MYSQL_TRACE(SSL_CONNECT, mysql, ()); if (sslconnect(ssl_fd, net->vio, (long) (mysql->options.connect_timeout), &ssl_error)) { char buf[512]; ERR_error_string_n(ssl_error, buf, 512); buf[511]= 0; set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate, ER(CR_SSL_CONNECTION_ERROR), buf); goto error; } DBUG_PRINT(""info"", (""IO layer change done!"")); if ((mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) && ssl_verify_server_cert(net->vio, mysql->host, &cert_error)) { set_mysql_extended_error(mysql, CR_SSL_CONNECTION_ERROR, unknown_sqlstate, ER(CR_SSL_CONNECTION_ERROR), cert_error); goto error; } MYSQL_TRACE(SSL_CONNECTED, mysql, ()); MYSQL_TRACE_STAGE(mysql, AUTHENTICATE); } #endif DBUG_PRINT(""info"",(""Server version = '%s' capabilites: %lu status: %u client_flag: %lu"", mysql->server_version, mysql->server_capabilities, mysql->server_status, mysql->client_flag)); compile_time_assert(MYSQL_USERNAME_LENGTH == USERNAME_LENGTH); if (mysql->user[0]) strmake(end, mysql->user, USERNAME_LENGTH); else read_user_name(end); DBUG_PRINT(""info"",(""user: %s"",end)); end= strend(end) + 1; if (data_len) { if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION) { if (mysql->server_capabilities & CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA) end= write_length_encoded_string4(end, (char *)(buff + buff_size), (char *) data, (char *)(data + data_len)); else end= write_string(end, (char *)(buff + buff_size), (char *) data, (char *)(data + data_len)); if (end == NULL) goto error; } else { DBUG_ASSERT(data_len == SCRAMBLE_LENGTH_323 + 1); memcpy(end, data, data_len); end+= data_len; } } else *end++= 0; if (mpvio->db && (mysql->server_capabilities & CLIENT_CONNECT_WITH_DB)) { end= strmake(end, mpvio->db, NAME_LEN) + 1; mysql->db= my_strdup(key_memory_MYSQL, mpvio->db, MYF(MY_WME)); } if (mysql->server_capabilities & CLIENT_PLUGIN_AUTH) end= strmake(end, mpvio->plugin->name, NAME_LEN) + 1; end= (char *) send_client_connect_attrs(mysql, (uchar *) end); MYSQL_TRACE(SEND_AUTH_RESPONSE, mysql, (end-buff, (const unsigned char*)buff)); if (my_net_write(net, (uchar*) buff, (size_t) (end-buff)) || net_flush(net)) { set_mysql_extended_error(mysql, CR_SERVER_LOST, unknown_sqlstate, ER(CR_SERVER_LOST_EXTENDED), ""sending authentication information"", errno); goto error; } MYSQL_TRACE(PACKET_SENT, mysql, (end-buff)); my_afree(buff); return 0; error: my_afree(buff); return 1;",visit repo url,sql-common/client.c,https://github.com/mysql/mysql-server,135157825922384,1 6280,['CWE-200'],"void wireless_send_event(struct net_device * dev, unsigned int cmd, union iwreq_data * wrqu, char * extra) { const struct iw_ioctl_description * descr = NULL; int extra_len = 0; struct iw_event *event; int event_len; int hdr_len; unsigned cmd_index; if(cmd <= SIOCIWLAST) { cmd_index = cmd - SIOCIWFIRST; if(cmd_index < standard_ioctl_num) descr = &(standard_ioctl[cmd_index]); } else { cmd_index = cmd - IWEVFIRST; if(cmd_index < standard_event_num) descr = &(standard_event[cmd_index]); } if(descr == NULL) { printk(KERN_ERR ""%s (WE) : Invalid/Unknown Wireless Event (0x%04X)\n"", dev->name, cmd); return; } #ifdef WE_EVENT_DEBUG printk(KERN_DEBUG ""%s (WE) : Got event 0x%04X\n"", dev->name, cmd); printk(KERN_DEBUG ""%s (WE) : Header type : %d, Token type : %d, size : %d, token : %d\n"", dev->name, descr->header_type, descr->token_type, descr->token_size, descr->max_tokens); #endif if(descr->header_type == IW_HEADER_TYPE_POINT) { if(wrqu->data.length > descr->max_tokens) { printk(KERN_ERR ""%s (WE) : Wireless Event too big (%d)\n"", dev->name, wrqu->data.length); return; } if(wrqu->data.length < descr->min_tokens) { printk(KERN_ERR ""%s (WE) : Wireless Event too small (%d)\n"", dev->name, wrqu->data.length); return; } if(extra != NULL) extra_len = wrqu->data.length * descr->token_size; #ifdef WE_EVENT_DEBUG printk(KERN_DEBUG ""%s (WE) : Event 0x%04X, tokens %d, extra_len %d\n"", dev->name, cmd, wrqu->data.length, extra_len); #endif } hdr_len = event_type_size[descr->header_type]; event_len = hdr_len + extra_len; #ifdef WE_EVENT_DEBUG printk(KERN_DEBUG ""%s (WE) : Event 0x%04X, hdr_len %d, event_len %d\n"", dev->name, cmd, hdr_len, event_len); #endif event = kmalloc(event_len, GFP_ATOMIC); if(event == NULL) return; event->len = event_len; event->cmd = cmd; memcpy(&event->u, wrqu, hdr_len - IW_EV_LCP_LEN); if(extra != NULL) memcpy(((char *) event) + hdr_len, extra, extra_len); #ifdef WE_EVENT_NETLINK rtmsg_iwinfo(dev, (char *) event, event_len); #endif kfree(event); return; }",linux-2.6,,,258376269262629785148841313019611126183,0 1473,CWE-264,"static void perf_event_reset(struct perf_event *event) { (void)perf_event_read(event); local64_set(&event->count, 0); perf_event_update_userpage(event); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,246150513135368,1 4131,CWE-119,"static VALUE cState_indent_set(VALUE self, VALUE indent) { unsigned long len; GET_STATE(self); Check_Type(indent, T_STRING); len = RSTRING_LEN(indent); if (len == 0) { if (state->indent) { ruby_xfree(state->indent); state->indent = NULL; state->indent_len = 0; } } else { if (state->indent) ruby_xfree(state->indent); state->indent = strdup(RSTRING_PTR(indent)); state->indent_len = len; } return Qnil; }",visit repo url,ext/json/ext/generator/generator.c,https://github.com/flori/json,199601262132535,1 4311,CWE-787,"static RList *symbols(RBinFile *bf) { RList *res = r_list_newf ((RListFree)r_bin_symbol_free); r_return_val_if_fail (res && bf->o && bf->o->bin_obj, res); RCoreSymCacheElement *element = bf->o->bin_obj; size_t i; HtUU *hash = ht_uu_new0 (); if (!hash) { return res; } bool found = false; for (i = 0; i < element->hdr->n_lined_symbols; i++) { RCoreSymCacheElementSymbol *sym = (RCoreSymCacheElementSymbol *)&element->lined_symbols[i]; if (!sym) { break; } ht_uu_find (hash, sym->paddr, &found); if (found) { continue; } RBinSymbol *s = bin_symbol_from_symbol (element, sym); if (s) { r_list_append (res, s); ht_uu_insert (hash, sym->paddr, 1); } } if (element->symbols) { for (i = 0; i < element->hdr->n_symbols; i++) { RCoreSymCacheElementSymbol *sym = &element->symbols[i]; ht_uu_find (hash, sym->paddr, &found); if (found) { continue; } RBinSymbol *s = bin_symbol_from_symbol (element, sym); if (s) { r_list_append (res, s); } } } ht_uu_free (hash); return res; }",visit repo url,libr/bin/p/bin_symbols.c,https://github.com/radareorg/radare2,201160776403220,1 1619,CWE-416,"struct dst_entry *inet6_csk_route_req(const struct sock *sk, struct flowi6 *fl6, const struct request_sock *req, u8 proto) { struct inet_request_sock *ireq = inet_rsk(req); const struct ipv6_pinfo *np = inet6_sk(sk); struct in6_addr *final_p, final; struct dst_entry *dst; memset(fl6, 0, sizeof(*fl6)); fl6->flowi6_proto = proto; fl6->daddr = ireq->ir_v6_rmt_addr; final_p = fl6_update_dst(fl6, np->opt, &final); fl6->saddr = ireq->ir_v6_loc_addr; fl6->flowi6_oif = ireq->ir_iif; fl6->flowi6_mark = ireq->ir_mark; fl6->fl6_dport = ireq->ir_rmt_port; fl6->fl6_sport = htons(ireq->ir_num); security_req_classify_flow(req, flowi6_to_flowi(fl6)); dst = ip6_dst_lookup_flow(sk, fl6, final_p); if (IS_ERR(dst)) return NULL; return dst; }",visit repo url,net/ipv6/inet6_connection_sock.c,https://github.com/torvalds/linux,92608987030028,1 2004,CWE-125,"static void vgacon_scrolldelta(struct vc_data *c, int lines) { int start, end, count, soff; if (!lines) { vgacon_restore_screen(c); return; } if (!vgacon_scrollback_cur->data) return; if (!vgacon_scrollback_cur->save) { vgacon_cursor(c, CM_ERASE); vgacon_save_screen(c); c->vc_origin = (unsigned long)c->vc_screenbuf; vgacon_scrollback_cur->save = 1; } vgacon_scrollback_cur->restore = 0; start = vgacon_scrollback_cur->cur + lines; end = start + abs(lines); if (start < 0) start = 0; if (start > vgacon_scrollback_cur->cnt) start = vgacon_scrollback_cur->cnt; if (end < 0) end = 0; if (end > vgacon_scrollback_cur->cnt) end = vgacon_scrollback_cur->cnt; vgacon_scrollback_cur->cur = start; count = end - start; soff = vgacon_scrollback_cur->tail - ((vgacon_scrollback_cur->cnt - end) * c->vc_size_row); soff -= count * c->vc_size_row; if (soff < 0) soff += vgacon_scrollback_cur->size; count = vgacon_scrollback_cur->cnt - start; if (count > c->vc_rows) count = c->vc_rows; if (count) { int copysize; int diff = c->vc_rows - count; void *d = (void *) c->vc_visible_origin; void *s = (void *) c->vc_screenbuf; count *= c->vc_size_row; copysize = min(count, vgacon_scrollback_cur->size - soff); scr_memcpyw(d, vgacon_scrollback_cur->data + soff, copysize); d += copysize; count -= copysize; if (count) { scr_memcpyw(d, vgacon_scrollback_cur->data, count); d += count; } if (diff) scr_memcpyw(d, s, diff * c->vc_size_row); } else vgacon_cursor(c, CM_MOVE); }",visit repo url,drivers/video/console/vgacon.c,https://github.com/torvalds/linux,202690545624887,1 3079,['CWE-189'],"jpc_ppxstabent_t *jpc_ppxstabent_create() { jpc_ppxstabent_t *ent; if (!(ent = jas_malloc(sizeof(jpc_ppxstabent_t)))) { return 0; } ent->data = 0; ent->len = 0; ent->ind = 0; return ent; }",jasper,,,37764503907825800065654161042434745473,0 5461,['CWE-476'],"void kvm_emulate_cpuid(struct kvm_vcpu *vcpu) { u32 function, index; struct kvm_cpuid_entry2 *best; function = kvm_register_read(vcpu, VCPU_REGS_RAX); index = kvm_register_read(vcpu, VCPU_REGS_RCX); kvm_register_write(vcpu, VCPU_REGS_RAX, 0); kvm_register_write(vcpu, VCPU_REGS_RBX, 0); kvm_register_write(vcpu, VCPU_REGS_RCX, 0); kvm_register_write(vcpu, VCPU_REGS_RDX, 0); best = kvm_find_cpuid_entry(vcpu, function, index); if (best) { kvm_register_write(vcpu, VCPU_REGS_RAX, best->eax); kvm_register_write(vcpu, VCPU_REGS_RBX, best->ebx); kvm_register_write(vcpu, VCPU_REGS_RCX, best->ecx); kvm_register_write(vcpu, VCPU_REGS_RDX, best->edx); } kvm_x86_ops->skip_emulated_instruction(vcpu); KVMTRACE_5D(CPUID, vcpu, function, (u32)kvm_register_read(vcpu, VCPU_REGS_RAX), (u32)kvm_register_read(vcpu, VCPU_REGS_RBX), (u32)kvm_register_read(vcpu, VCPU_REGS_RCX), (u32)kvm_register_read(vcpu, VCPU_REGS_RDX), handler); }",linux-2.6,,,145327701483509321032259754467609413365,0 2506,CWE-20,"int processCommand(redisClient *c) { struct redisCommand *cmd; if (!strcasecmp(c->argv[0]->ptr,""quit"")) { addReply(c,shared.ok); c->flags |= REDIS_CLOSE_AFTER_REPLY; return REDIS_ERR; } cmd = lookupCommand(c->argv[0]->ptr); if (!cmd) { addReplyErrorFormat(c,""unknown command '%s'"", (char*)c->argv[0]->ptr); return REDIS_OK; } else if ((cmd->arity > 0 && cmd->arity != c->argc) || (c->argc < -cmd->arity)) { addReplyErrorFormat(c,""wrong number of arguments for '%s' command"", cmd->name); return REDIS_OK; } if (server.requirepass && !c->authenticated && cmd->proc != authCommand) { addReplyError(c,""operation not permitted""); return REDIS_OK; } if (server.maxmemory) freeMemoryIfNeeded(); if (server.maxmemory && (cmd->flags & REDIS_CMD_DENYOOM) && zmalloc_used_memory() > server.maxmemory) { addReplyError(c,""command not allowed when used memory > 'maxmemory'""); return REDIS_OK; } if ((dictSize(c->pubsub_channels) > 0 || listLength(c->pubsub_patterns) > 0) && cmd->proc != subscribeCommand && cmd->proc != unsubscribeCommand && cmd->proc != psubscribeCommand && cmd->proc != punsubscribeCommand) { addReplyError(c,""only (P)SUBSCRIBE / (P)UNSUBSCRIBE / QUIT allowed in this context""); return REDIS_OK; } if (server.masterhost && server.replstate != REDIS_REPL_CONNECTED && server.repl_serve_stale_data == 0 && cmd->proc != infoCommand && cmd->proc != slaveofCommand) { addReplyError(c, ""link with MASTER is down and slave-serve-stale-data is set to no""); return REDIS_OK; } if (server.loading && cmd->proc != infoCommand) { addReply(c, shared.loadingerr); return REDIS_OK; } if (c->flags & REDIS_MULTI && cmd->proc != execCommand && cmd->proc != discardCommand && cmd->proc != multiCommand && cmd->proc != watchCommand) { queueMultiCommand(c,cmd); addReply(c,shared.queued); } else { if (server.vm_enabled && server.vm_max_threads > 0 && blockClientOnSwappedKeys(c,cmd)) return REDIS_ERR; call(c,cmd); } return REDIS_OK; }",visit repo url,src/redis.c,https://github.com/antirez/redis,14368487868102,1 3929,[],"static int chip_command(struct i2c_client *client, unsigned int cmd, void *arg) { struct CHIPSTATE *chip = i2c_get_clientdata(client); struct CHIPDESC *desc = chip->desc; v4l_dbg(1, debug, chip->c, ""%s: chip_command 0x%x\n"", chip->c->name, cmd); switch (cmd) { case AUDC_SET_RADIO: chip->radio = 1; chip->watch_stereo = 0; break; case VIDIOC_QUERYCTRL: { struct v4l2_queryctrl *qc = arg; switch (qc->id) { case V4L2_CID_AUDIO_MUTE: break; case V4L2_CID_AUDIO_VOLUME: case V4L2_CID_AUDIO_BALANCE: if (!(desc->flags & CHIP_HAS_VOLUME)) return -EINVAL; break; case V4L2_CID_AUDIO_BASS: case V4L2_CID_AUDIO_TREBLE: if (desc->flags & CHIP_HAS_BASSTREBLE) return -EINVAL; break; default: return -EINVAL; } return v4l2_ctrl_query_fill_std(qc); } case VIDIOC_S_CTRL: return tvaudio_set_ctrl(chip, arg); case VIDIOC_G_CTRL: return tvaudio_get_ctrl(chip, arg); case VIDIOC_INT_G_AUDIO_ROUTING: { struct v4l2_routing *rt = arg; rt->input = chip->input; rt->output = 0; break; } case VIDIOC_INT_S_AUDIO_ROUTING: { struct v4l2_routing *rt = arg; if (!(desc->flags & CHIP_HAS_INPUTSEL) || rt->input >= 4) return -EINVAL; chip->input = rt->input; if (chip->muted) break; chip_write_masked(chip, desc->inputreg, desc->inputmap[chip->input], desc->inputmask); break; } case VIDIOC_S_TUNER: { struct v4l2_tuner *vt = arg; int mode = 0; if (chip->radio) break; switch (vt->audmode) { case V4L2_TUNER_MODE_MONO: case V4L2_TUNER_MODE_STEREO: case V4L2_TUNER_MODE_LANG1: case V4L2_TUNER_MODE_LANG2: mode = vt->audmode; break; case V4L2_TUNER_MODE_LANG1_LANG2: mode = V4L2_TUNER_MODE_STEREO; break; default: return -EINVAL; } chip->audmode = vt->audmode; if (desc->setmode && mode) { chip->watch_stereo = 0; chip->mode = mode; desc->setmode(chip, mode); } break; } case VIDIOC_G_TUNER: { struct v4l2_tuner *vt = arg; int mode = V4L2_TUNER_MODE_MONO; if (chip->radio) break; vt->audmode = chip->audmode; vt->rxsubchans = 0; vt->capability = V4L2_TUNER_CAP_STEREO | V4L2_TUNER_CAP_LANG1 | V4L2_TUNER_CAP_LANG2; if (desc->getmode) mode = desc->getmode(chip); if (mode & V4L2_TUNER_MODE_MONO) vt->rxsubchans |= V4L2_TUNER_SUB_MONO; if (mode & V4L2_TUNER_MODE_STEREO) vt->rxsubchans |= V4L2_TUNER_SUB_STEREO; if (mode & V4L2_TUNER_MODE_LANG1) vt->rxsubchans = V4L2_TUNER_SUB_LANG1 | V4L2_TUNER_SUB_LANG2; break; } case VIDIOC_S_STD: chip->radio = 0; break; case VIDIOC_S_FREQUENCY: chip->mode = 0; if (chip->thread) { desc->setmode(chip,V4L2_TUNER_MODE_MONO); if (chip->prevmode != V4L2_TUNER_MODE_MONO) chip->prevmode = -1; mod_timer(&chip->wt, jiffies+msecs_to_jiffies(2000)); } break; case VIDIOC_G_CHIP_IDENT: return v4l2_chip_ident_i2c_client(client, arg, V4L2_IDENT_TVAUDIO, 0); } return 0; }",linux-2.6,,,227949829776793202311693202514931916252,0 5560,CWE-125,"ast2obj_arguments(void* _o) { arguments_ty o = (arguments_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(arguments_type, NULL, NULL); if (!result) return NULL; value = ast2obj_list(o->args, ast2obj_arg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_arg(o->vararg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_vararg, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->kwonlyargs, ast2obj_arg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_kwonlyargs, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->kw_defaults, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_kw_defaults, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_arg(o->kwarg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_kwarg, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->defaults, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_defaults, value) == -1) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,200545467438944,1 159,CWE-125,"static int vt_kdsetmode(struct vc_data *vc, unsigned long mode) { switch (mode) { case KD_GRAPHICS: break; case KD_TEXT0: case KD_TEXT1: mode = KD_TEXT; fallthrough; case KD_TEXT: break; default: return -EINVAL; } if (vc->vc_mode == mode) return 0; vc->vc_mode = mode; if (vc->vc_num != fg_console) return 0; console_lock(); if (mode == KD_TEXT) do_unblank_screen(1); else do_blank_screen(1); console_unlock(); return 0; }",visit repo url,drivers/tty/vt/vt_ioctl.c,https://github.com/torvalds/linux,108594218922321,1 1772,[],"int set_cpus_allowed_ptr(struct task_struct *p, const cpumask_t *new_mask) { struct migration_req req; unsigned long flags; struct rq *rq; int ret = 0; rq = task_rq_lock(p, &flags); if (!cpus_intersects(*new_mask, cpu_online_map)) { ret = -EINVAL; goto out; } if (p->sched_class->set_cpus_allowed) p->sched_class->set_cpus_allowed(p, new_mask); else { p->cpus_allowed = *new_mask; p->rt.nr_cpus_allowed = cpus_weight(*new_mask); } if (cpu_isset(task_cpu(p), *new_mask)) goto out; if (migrate_task(p, any_online_cpu(*new_mask), &req)) { task_rq_unlock(rq, &flags); wake_up_process(rq->migration_thread); wait_for_completion(&req.done); tlb_migrate_finish(p->mm); return 0; } out: task_rq_unlock(rq, &flags); return ret; }",linux-2.6,,,82554949976797516615352339186161948048,0 6184,CWE-190,"void fb_read_bin(fb_t a, const uint8_t *bin, int len) { bn_t t; bn_null(t); if (len != RLC_FB_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } RLC_TRY { bn_new(t); bn_read_bin(t, bin, len); fb_copy(a, t->dp); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/fb/relic_fb_util.c,https://github.com/relic-toolkit/relic,16496280956306,1 4746,['CWE-20'],"static int ext4_ui_proc_open(struct inode *inode, struct file *file) { return single_open(file, ext4_ui_proc_show, PDE(inode)->data); }",linux-2.6,,,311091530354719968721893869045989134863,0 3018,CWE-415,"BGD_DECLARE(void *) gdImageWebpPtr (gdImagePtr im, int *size) { void *rv; gdIOCtx *out = gdNewDynamicCtx(2048, NULL); if (out == NULL) { return NULL; } gdImageWebpCtx(im, out, -1); rv = gdDPExtractData(out, size); out->gd_free(out); return rv; }",visit repo url,src/gd_webp.c,https://github.com/libgd/libgd,37627815862714,1 724,[],"static int jpc_rgn_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_rgn_t *rgn = &ms->parms.rgn; if (cstate->numcomps <= 256) { if (jpc_putuint8(out, rgn->compno)) { return -1; } } else { if (jpc_putuint16(out, rgn->compno)) { return -1; } } if (jpc_putuint8(out, rgn->roisty) || jpc_putuint8(out, rgn->roishift)) { return -1; } return 0; }",jasper,,,73132883416450543892349005790870027588,0 5712,['CWE-200'],"static int llc_ui_accept(struct socket *sock, struct socket *newsock, int flags) { struct sock *sk = sock->sk, *newsk; struct llc_sock *llc, *newllc; struct sk_buff *skb; int rc = -EOPNOTSUPP; dprintk(""%s: accepting on %02X\n"", __func__, llc_sk(sk)->laddr.lsap); lock_sock(sk); if (unlikely(sk->sk_type != SOCK_STREAM)) goto out; rc = -EINVAL; if (unlikely(sock->state != SS_UNCONNECTED || sk->sk_state != TCP_LISTEN)) goto out; if (skb_queue_empty(&sk->sk_receive_queue)) { rc = llc_wait_data(sk, sk->sk_rcvtimeo); if (rc) goto out; } dprintk(""%s: got a new connection on %02X\n"", __func__, llc_sk(sk)->laddr.lsap); skb = skb_dequeue(&sk->sk_receive_queue); rc = -EINVAL; if (!skb->sk) goto frees; rc = 0; newsk = skb->sk; llc_ui_sk_init(newsock, newsk); sock_reset_flag(newsk, SOCK_ZAPPED); newsk->sk_state = TCP_ESTABLISHED; newsock->state = SS_CONNECTED; llc = llc_sk(sk); newllc = llc_sk(newsk); memcpy(&newllc->addr, &llc->addr, sizeof(newllc->addr)); newllc->link = llc_ui_next_link_no(newllc->laddr.lsap); sk->sk_state = TCP_LISTEN; sk->sk_ack_backlog--; dprintk(""%s: ok success on %02X, client on %02X\n"", __func__, llc_sk(sk)->addr.sllc_sap, newllc->daddr.lsap); frees: kfree_skb(skb); out: release_sock(sk); return rc; }",linux-2.6,,,21995258153074410491959964422928295480,0 2202,['CWE-193'],"static wait_queue_head_t *page_waitqueue(struct page *page) { const struct zone *zone = page_zone(page); return &zone->wait_table[hash_ptr(page, zone->wait_table_bits)]; }",linux-2.6,,,178647962866127480665814372682567909486,0 1363,[],"static inline s64 entity_key(struct cfs_rq *cfs_rq, struct sched_entity *se) { return se->vruntime - cfs_rq->min_vruntime; }",linux-2.6,,,103142850491174683515597544262033681922,0 718,[],"void jpc_ms_destroy(jpc_ms_t *ms) { if (ms->ops && ms->ops->destroyparms) { (*ms->ops->destroyparms)(ms); } jas_free(ms); }",jasper,,,301553796306401792008327466994177966672,0 1213,['CWE-20'],"CairoFont::~CairoFont() { FT_Done_Face (face); gfree(codeToGID); }",poppler,,,201468297247214016630921422946462050,0 4683,['CWE-399'],"static inline void ext4_decode_extra_time(struct timespec *time, __le32 extra) { if (sizeof(time->tv_sec) > 4) time->tv_sec |= (__u64)(le32_to_cpu(extra) & EXT4_EPOCH_MASK) << 32; time->tv_nsec = (le32_to_cpu(extra) & EXT4_NSEC_MASK) >> 2;",linux-2.6,,,3770292732448600303014088441159907094,0 6402,CWE-20,"error_t enc624j600UpdateMacAddrFilter(NetInterface *interface) { uint_t i; uint_t k; uint32_t crc; uint16_t hashTable[4]; MacFilterEntry *entry; TRACE_DEBUG(""Updating MAC filter...\r\n""); osMemset(hashTable, 0, sizeof(hashTable)); for(i = 0; i < MAC_ADDR_FILTER_SIZE; i++) { entry = &interface->macAddrFilter[i]; if(entry->refCount > 0) { crc = enc624j600CalcCrc(&entry->addr, sizeof(MacAddr)); k = (crc >> 23) & 0x3F; hashTable[k / 16] |= (1 << (k % 16)); } } enc624j600WriteReg(interface, ENC624J600_REG_EHT1, hashTable[0]); enc624j600WriteReg(interface, ENC624J600_REG_EHT2, hashTable[1]); enc624j600WriteReg(interface, ENC624J600_REG_EHT3, hashTable[2]); enc624j600WriteReg(interface, ENC624J600_REG_EHT4, hashTable[3]); TRACE_DEBUG("" EHT1 = %04"" PRIX16 ""\r\n"", enc624j600ReadReg(interface, ENC624J600_REG_EHT1)); TRACE_DEBUG("" EHT2 = %04"" PRIX16 ""\r\n"", enc624j600ReadReg(interface, ENC624J600_REG_EHT2)); TRACE_DEBUG("" EHT3 = %04"" PRIX16 ""\r\n"", enc624j600ReadReg(interface, ENC624J600_REG_EHT3)); TRACE_DEBUG("" EHT4 = %04"" PRIX16 ""\r\n"", enc624j600ReadReg(interface, ENC624J600_REG_EHT4)); return NO_ERROR; }",visit repo url,drivers/eth/enc624j600_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,211718496057722,1 1792,[],"place_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int initial) { u64 vruntime; if (first_fair(cfs_rq)) { vruntime = min_vruntime(cfs_rq->min_vruntime, __pick_next_entity(cfs_rq)->vruntime); } else vruntime = cfs_rq->min_vruntime; if (initial && sched_feat(START_DEBIT)) vruntime += sched_vslice_add(cfs_rq, se); if (!initial) { if (sched_feat(NEW_FAIR_SLEEPERS)) { if (sched_feat(NORMALIZED_SLEEPER)) vruntime -= calc_delta_weight(sysctl_sched_latency, se); else vruntime -= sysctl_sched_latency; } vruntime = max_vruntime(se->vruntime, vruntime); } se->vruntime = vruntime; }",linux-2.6,,,275895987838523043591898615213043272480,0 1115,['CWE-399'],"static int ia32_restore_sigcontext(struct pt_regs *regs, struct sigcontext_ia32 __user *sc, unsigned int *peax) { unsigned int tmpflags, gs, oldgs, err = 0; struct _fpstate_ia32 __user *buf; u32 tmp; current_thread_info()->restart_block.fn = do_no_restart_syscall; #if DEBUG_SIG printk(KERN_DEBUG ""SIG restore_sigcontext: "" ""sc=%p err(%x) eip(%x) cs(%x) flg(%x)\n"", sc, sc->err, sc->ip, sc->cs, sc->flags); #endif err |= __get_user(gs, &sc->gs); gs |= 3; asm(""movl %%gs,%0"" : ""=r"" (oldgs)); if (gs != oldgs) load_gs_index(gs); RELOAD_SEG(fs, 3); RELOAD_SEG(ds, 3); RELOAD_SEG(es, 3); COPY(di); COPY(si); COPY(bp); COPY(sp); COPY(bx); COPY(dx); COPY(cx); COPY(ip); err |= __get_user(regs->cs, &sc->cs); regs->cs |= 3; err |= __get_user(regs->ss, &sc->ss); regs->ss |= 3; err |= __get_user(tmpflags, &sc->flags); regs->flags = (regs->flags & ~0x40DD5) | (tmpflags & 0x40DD5); regs->orig_ax = -1; err |= __get_user(tmp, &sc->fpstate); buf = compat_ptr(tmp); if (buf) { if (!access_ok(VERIFY_READ, buf, sizeof(*buf))) goto badframe; err |= restore_i387_ia32(buf); } else { struct task_struct *me = current; if (used_math()) { clear_fpu(me); clear_used_math(); } } err |= __get_user(tmp, &sc->ax); *peax = tmp; return err; badframe: return 1; }",linux-2.6,,,244243897161153998303619656037715436494,0 3608,CWE-362,"fm_mgr_config_init ( OUT p_fm_config_conx_hdlt *p_hdl, IN int instance, OPTIONAL IN char *rem_address, OPTIONAL IN char *community ) { fm_config_conx_hdl *hdl; fm_mgr_config_errno_t res = FM_CONF_OK; if ( (hdl = calloc(1,sizeof(fm_config_conx_hdl))) == NULL ) { res = FM_CONF_NO_MEM; goto cleanup; } hdl->instance = instance; *p_hdl = hdl; if(!rem_address || (strcmp(rem_address,""localhost"") == 0)) { if ( fm_mgr_config_mgr_connect(hdl, FM_MGR_SM) == FM_CONF_INIT_ERR ) { res = FM_CONF_INIT_ERR; goto cleanup; } if ( fm_mgr_config_mgr_connect(hdl, FM_MGR_PM) == FM_CONF_INIT_ERR ) { res = FM_CONF_INIT_ERR; goto cleanup; } if ( fm_mgr_config_mgr_connect(hdl, FM_MGR_FE) == FM_CONF_INIT_ERR ) { res = FM_CONF_INIT_ERR; goto cleanup; } } return res; cleanup: if ( hdl ) { free(hdl); hdl = NULL; } return res; } ",visit repo url,Esm/ib/src/linux/fm_cmd/hsm_config_client.c,https://github.com/01org/opa-fm,181880812557554,1 5784,CWE-125,"snmp_ber_decode_string_len_buffer(unsigned char *buf, uint32_t *buff_len, const char **str, uint32_t *length) { uint8_t type, i, length_bytes; buf = snmp_ber_decode_type(buf, buff_len, &type); if(buf == NULL || type != BER_DATA_TYPE_OCTET_STRING) { return NULL; } if((*buf & 0x80) == 0) { *length = (uint32_t)*buf++; (*buff_len)--; } else { length_bytes = (uint8_t)(*buf++ & 0x7F); (*buff_len)--; if(length_bytes > 4) { return NULL; } *length = (uint32_t)*buf++; (*buff_len)--; for(i = 1; i < length_bytes; ++i) { *length <<= 8; *length |= *buf++; (*buff_len)--; } } *str = (const char *)buf; *buff_len -= *length; return buf + *length; }",visit repo url,os/net/app-layer/snmp/snmp-ber.c,https://github.com/contiki-ng/contiki-ng,188529940280227,1 2817,CWE-125,"static BOOL nsc_rle_decompress_data(NSC_CONTEXT* context) { if (!context) return FALSE; BYTE* rle = context->Planes; WINPR_ASSERT(rle); for (size_t i = 0; i < 4; i++) { const UINT32 originalSize = context->OrgByteCount[i]; const UINT32 planeSize = context->PlaneByteCount[i]; if (planeSize == 0) { if (context->priv->PlaneBuffersLength < originalSize) return FALSE; FillMemory(context->priv->PlaneBuffers[i], originalSize, 0xFF); } else if (planeSize < originalSize) { if (!nsc_rle_decode(rle, context->priv->PlaneBuffers[i], context->priv->PlaneBuffersLength, originalSize)) return FALSE; } else { if (context->priv->PlaneBuffersLength < originalSize) return FALSE; CopyMemory(context->priv->PlaneBuffers[i], rle, originalSize); } rle += planeSize; } return TRUE; }",visit repo url,libfreerdp/codec/nsc.c,https://github.com/FreeRDP/FreeRDP,179527619007608,1 1173,['CWE-189'],"static void migrate_hrtimers(int cpu) { struct hrtimer_cpu_base *old_base, *new_base; int i; BUG_ON(cpu_online(cpu)); old_base = &per_cpu(hrtimer_bases, cpu); new_base = &get_cpu_var(hrtimer_bases); tick_cancel_sched_timer(cpu); local_irq_disable(); double_spin_lock(&new_base->lock, &old_base->lock, smp_processor_id() < cpu); for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++) { migrate_hrtimer_list(&old_base->clock_base[i], &new_base->clock_base[i]); } double_spin_unlock(&new_base->lock, &old_base->lock, smp_processor_id() < cpu); local_irq_enable(); put_cpu_var(hrtimer_bases); }",linux-2.6,,,41062174698255506010547037704056557592,0 2783,CWE-125,"void ntlm_write_message_fields(wStream* s, NTLM_MESSAGE_FIELDS* fields) { if (fields->MaxLen < 1) fields->MaxLen = fields->Len; Stream_Write_UINT16(s, fields->Len); Stream_Write_UINT16(s, fields->MaxLen); Stream_Write_UINT32(s, fields->BufferOffset); }",visit repo url,winpr/libwinpr/sspi/NTLM/ntlm_message.c,https://github.com/FreeRDP/FreeRDP,276958151506622,1 4313,CWE-125,"static int msp430_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *buf, int len, RAnalOpMask mask) { int ret; struct msp430_cmd cmd; memset (&cmd, 0, sizeof (cmd)); op->size = -1; op->nopcode = 1; op->type = R_ANAL_OP_TYPE_UNK; op->family = R_ANAL_OP_FAMILY_CPU; ret = op->size = msp430_decode_command (buf, len, &cmd); if (mask & R_ANAL_OP_MASK_DISASM) { if (ret < 1) { op->mnemonic = strdup (""invalid""); } else if (ret > 0) { if (cmd.operands[0]) { op->mnemonic = r_str_newf (""%s %s"",cmd.instr, cmd.operands); } else { op->mnemonic = strdup (cmd.instr); } } { char *ba = op->mnemonic; r_str_replace_ch (ba, '#', 0, 1); r_str_replace_ch (ba, '&', 0, 1); r_str_replace_ch (ba, '%', 0, 1); } } if (ret < 0) { return ret; } op->addr = addr; switch (cmd.type) { case MSP430_ONEOP: switch (cmd.opcode) { case MSP430_RRA: case MSP430_RRC: op->type = R_ANAL_OP_TYPE_ROR; break; case MSP430_PUSH: op->type = R_ANAL_OP_TYPE_PUSH; break; case MSP430_CALL: op->type = R_ANAL_OP_TYPE_CALL; op->fail = addr + op->size; op->jump = r_read_at_le16 (buf, 2); break; case MSP430_RETI: op->type = R_ANAL_OP_TYPE_RET; break; } break; case MSP430_TWOOP: switch (cmd.opcode) { case MSP430_BIT: case MSP430_BIC: case MSP430_BIS: case MSP430_MOV: op->type = R_ANAL_OP_TYPE_MOV; if ((cmd.instr)[0] == 'b' && (cmd.instr)[1] == 'r') { op->type = R_ANAL_OP_TYPE_UJMP; } break; case MSP430_DADD: case MSP430_ADDC: case MSP430_ADD: op->type = R_ANAL_OP_TYPE_ADD; break; case MSP430_SUBC: case MSP430_SUB: op->type = R_ANAL_OP_TYPE_SUB; break; case MSP430_CMP: op->type = R_ANAL_OP_TYPE_CMP; break; case MSP430_XOR: op->type = R_ANAL_OP_TYPE_XOR; break; case MSP430_AND: op->type = R_ANAL_OP_TYPE_AND; break; } break; case MSP430_JUMP: if (cmd.jmp_cond == MSP430_JMP) { op->type = R_ANAL_OP_TYPE_JMP; } else { op->type = R_ANAL_OP_TYPE_CJMP; } op->jump = addr + cmd.jmp_addr; op->fail = addr + 2; break; case MSP430_INV: op->type = R_ANAL_OP_TYPE_ILL; break; default: op->type = R_ANAL_OP_TYPE_UNK; break; } return ret; }",visit repo url,libr/anal/p/anal_msp430.c,https://github.com/radareorg/radare2,107050165750164,1 4588,CWE-190,"static s32 gf_hevc_read_sps_bs_internal(GF_BitStream *bs, HEVCState *hevc, u8 layer_id, u32 *vui_flag_pos) { s32 vps_id, sps_id = -1; u32 i, nb_CTUs, depth; HEVC_SPS *sps; HEVC_VPS *vps; HEVC_ProfileTierLevel ptl; Bool multiLayerExtSpsFlag; u8 sps_ext_or_max_sub_layers_minus1, max_sub_layers_minus1; if (vui_flag_pos) *vui_flag_pos = 0; vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) { return -1; } memset(&ptl, 0, sizeof(ptl)); max_sub_layers_minus1 = 0; sps_ext_or_max_sub_layers_minus1 = 0; if (layer_id == 0) max_sub_layers_minus1 = gf_bs_read_int_log(bs, 3, ""max_sub_layers_minus1""); else sps_ext_or_max_sub_layers_minus1 = gf_bs_read_int_log(bs, 3, ""sps_ext_or_max_sub_layers_minus1""); multiLayerExtSpsFlag = (layer_id != 0) && (sps_ext_or_max_sub_layers_minus1 == 7); if (!multiLayerExtSpsFlag) { gf_bs_read_int_log(bs, 1, ""temporal_id_nesting_flag""); hevc_profile_tier_level(bs, 1, max_sub_layers_minus1, &ptl, 0); } sps_id = gf_bs_read_ue_log(bs, ""sps_id""); if ((sps_id < 0) || (sps_id >= 16)) { return -1; } sps = &hevc->sps[sps_id]; if (!sps->state) { sps->state = 1; sps->id = sps_id; sps->vps_id = vps_id; } sps->ptl = ptl; vps = &hevc->vps[vps_id]; sps->max_sub_layers_minus1 = 0; sps->sps_ext_or_max_sub_layers_minus1 = 0; sps->colour_primaries = 2; sps->transfer_characteristic = 2; sps->matrix_coeffs = 2; if (multiLayerExtSpsFlag) { sps->update_rep_format_flag = gf_bs_read_int_log(bs, 1, ""update_rep_format_flag""); if (sps->update_rep_format_flag) { sps->rep_format_idx = gf_bs_read_int_log(bs, 8, ""rep_format_idx""); } else { sps->rep_format_idx = vps->rep_format_idx[layer_id]; } sps->width = vps->rep_formats[sps->rep_format_idx].pic_width_luma_samples; sps->height = vps->rep_formats[sps->rep_format_idx].pic_height_luma_samples; sps->chroma_format_idc = vps->rep_formats[sps->rep_format_idx].chroma_format_idc; sps->bit_depth_luma = vps->rep_formats[sps->rep_format_idx].bit_depth_luma; sps->bit_depth_chroma = vps->rep_formats[sps->rep_format_idx].bit_depth_chroma; sps->separate_colour_plane_flag = vps->rep_formats[sps->rep_format_idx].separate_colour_plane_flag; sps->ptl = vps->ext_ptl[0]; } else { sps->chroma_format_idc = gf_bs_read_ue_log(bs, ""chroma_format_idc""); if (sps->chroma_format_idc == 3) sps->separate_colour_plane_flag = gf_bs_read_int_log(bs, 1, ""separate_colour_plane_flag""); sps->width = gf_bs_read_ue_log(bs, ""width""); sps->height = gf_bs_read_ue_log(bs, ""height""); if ((sps->cw_flag = gf_bs_read_int_log(bs, 1, ""conformance_window_flag""))) { u32 SubWidthC, SubHeightC; if (sps->chroma_format_idc == 1) { SubWidthC = SubHeightC = 2; } else if (sps->chroma_format_idc == 2) { SubWidthC = 2; SubHeightC = 1; } else { SubWidthC = SubHeightC = 1; } sps->cw_left = gf_bs_read_ue_log(bs, ""conformance_window_left""); sps->cw_right = gf_bs_read_ue_log(bs, ""conformance_window_right""); sps->cw_top = gf_bs_read_ue_log(bs, ""conformance_window_top""); sps->cw_bottom = gf_bs_read_ue_log(bs, ""conformance_window_bottom""); sps->width -= SubWidthC * (sps->cw_left + sps->cw_right); sps->height -= SubHeightC * (sps->cw_top + sps->cw_bottom); } sps->bit_depth_luma = 8 + gf_bs_read_ue_log(bs, ""bit_depth_luma_minus8""); sps->bit_depth_chroma = 8 + gf_bs_read_ue_log(bs, ""bit_depth_chroma_minus8""); } sps->log2_max_pic_order_cnt_lsb = 4 + gf_bs_read_ue_log(bs, ""log2_max_pic_order_cnt_lsb_minus4""); if (!multiLayerExtSpsFlag) { sps->sub_layer_ordering_info_present_flag = gf_bs_read_int_log(bs, 1, ""sub_layer_ordering_info_present_flag""); for (i = sps->sub_layer_ordering_info_present_flag ? 0 : sps->max_sub_layers_minus1; i <= sps->max_sub_layers_minus1; i++) { gf_bs_read_ue_log_idx(bs, ""max_dec_pic_buffering"", i); gf_bs_read_ue_log_idx(bs, ""num_reorder_pics"", i); gf_bs_read_ue_log_idx(bs, ""max_latency_increase"", i); } } sps->log2_min_luma_coding_block_size = 3 + gf_bs_read_ue_log(bs, ""log2_min_luma_coding_block_size_minus3""); sps->log2_diff_max_min_luma_coding_block_size = gf_bs_read_ue_log(bs, ""log2_diff_max_min_luma_coding_block_size""); sps->max_CU_width = (1 << (sps->log2_min_luma_coding_block_size + sps->log2_diff_max_min_luma_coding_block_size)); sps->max_CU_height = (1 << (sps->log2_min_luma_coding_block_size + sps->log2_diff_max_min_luma_coding_block_size)); sps->log2_min_transform_block_size = 2 + gf_bs_read_ue_log(bs, ""log2_min_transform_block_size_minus2""); sps->log2_max_transform_block_size = sps->log2_min_transform_block_size + gf_bs_read_ue_log(bs, ""log2_max_transform_block_size""); depth = 0; sps->max_transform_hierarchy_depth_inter = gf_bs_read_ue_log(bs, ""max_transform_hierarchy_depth_inter""); sps->max_transform_hierarchy_depth_intra = gf_bs_read_ue_log(bs, ""max_transform_hierarchy_depth_intra""); while ((u32)(sps->max_CU_width >> sps->log2_diff_max_min_luma_coding_block_size) > (u32)(1 << (sps->log2_min_transform_block_size + depth))) { depth++; } sps->max_CU_depth = sps->log2_diff_max_min_luma_coding_block_size + depth; nb_CTUs = ((sps->width + sps->max_CU_width - 1) / sps->max_CU_width) * ((sps->height + sps->max_CU_height - 1) / sps->max_CU_height); sps->bitsSliceSegmentAddress = 0; while (nb_CTUs > (u32)(1 << sps->bitsSliceSegmentAddress)) { sps->bitsSliceSegmentAddress++; } sps->scaling_list_enable_flag = gf_bs_read_int_log(bs, 1, ""scaling_list_enable_flag""); if (sps->scaling_list_enable_flag) { sps->infer_scaling_list_flag = 0; sps->scaling_list_ref_layer_id = 0; if (multiLayerExtSpsFlag) { sps->infer_scaling_list_flag = gf_bs_read_int_log(bs, 1, ""infer_scaling_list_flag""); } if (sps->infer_scaling_list_flag) { sps->scaling_list_ref_layer_id = gf_bs_read_int_log(bs, 6, ""scaling_list_ref_layer_id""); } else { sps->scaling_list_data_present_flag = gf_bs_read_int_log(bs, 1, ""scaling_list_data_present_flag""); if (sps->scaling_list_data_present_flag) { hevc_scaling_list_data(bs); } } } sps->asymmetric_motion_partitions_enabled_flag = gf_bs_read_int_log(bs, 1, ""asymmetric_motion_partitions_enabled_flag""); sps->sample_adaptive_offset_enabled_flag = gf_bs_read_int_log(bs, 1, ""sample_adaptive_offset_enabled_flag""); if ( (sps->pcm_enabled_flag = gf_bs_read_int_log(bs, 1, ""pcm_enabled_flag"")) ) { sps->pcm_sample_bit_depth_luma_minus1 = gf_bs_read_int_log(bs, 4, ""pcm_sample_bit_depth_luma_minus1""); sps->pcm_sample_bit_depth_chroma_minus1 = gf_bs_read_int_log(bs, 4, ""pcm_sample_bit_depth_chroma_minus1""); sps->log2_min_pcm_luma_coding_block_size_minus3 = gf_bs_read_ue_log(bs, ""log2_min_pcm_luma_coding_block_size_minus3""); sps->log2_diff_max_min_pcm_luma_coding_block_size = gf_bs_read_ue_log(bs, ""log2_diff_max_min_pcm_luma_coding_block_size""); sps->pcm_loop_filter_disable_flag = gf_bs_read_int_log(bs, 1, ""pcm_loop_filter_disable_flag""); } sps->num_short_term_ref_pic_sets = gf_bs_read_ue_log(bs, ""num_short_term_ref_pic_sets""); if (sps->num_short_term_ref_pic_sets > 64) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Invalid number of short term reference picture sets %d\n"", sps->num_short_term_ref_pic_sets)); return -1; } for (i = 0; i < sps->num_short_term_ref_pic_sets; i++) { Bool ret = hevc_parse_short_term_ref_pic_set(bs, sps, i); if (!ret) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Invalid short_term_ref_pic_set\n"")); return -1; } } sps->long_term_ref_pics_present_flag = gf_bs_read_int_log(bs, 1, ""long_term_ref_pics_present_flag""); if (sps->long_term_ref_pics_present_flag) { sps->num_long_term_ref_pic_sps = gf_bs_read_ue_log(bs, ""num_long_term_ref_pic_sps""); for (i = 0; i < sps->num_long_term_ref_pic_sps; i++) { gf_bs_read_int_log_idx(bs, sps->log2_max_pic_order_cnt_lsb, ""lt_ref_pic_poc_lsb_sps"", i); gf_bs_read_int_log_idx(bs, 1, ""used_by_curr_pic_lt_sps_flag"", i); } } sps->temporal_mvp_enable_flag = gf_bs_read_int_log(bs, 1, ""temporal_mvp_enable_flag""); sps->strong_intra_smoothing_enable_flag = gf_bs_read_int_log(bs, 1, ""strong_intra_smoothing_enable_flag""); if (vui_flag_pos) *vui_flag_pos = (u32)gf_bs_get_bit_offset(bs); if ((sps->vui_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_parameters_present_flag"")) ) { sps->aspect_ratio_info_present_flag = gf_bs_read_int_log(bs, 1, ""aspect_ratio_info_present_flag""); if (sps->aspect_ratio_info_present_flag) { sps->sar_idc = gf_bs_read_int_log(bs, 8, ""aspect_ratio_idc""); if (sps->sar_idc == 255) { sps->sar_width = gf_bs_read_int_log(bs, 16, ""aspect_ratio_width""); sps->sar_height = gf_bs_read_int_log(bs, 16, ""aspect_ratio_height""); } else if (sps->sar_idc < 17) { sps->sar_width = hevc_sar[sps->sar_idc].w; sps->sar_height = hevc_sar[sps->sar_idc].h; } } if ((sps->overscan_info_present = gf_bs_read_int_log(bs, 1, ""overscan_info_present""))) sps->overscan_appropriate = gf_bs_read_int_log(bs, 1, ""overscan_appropriate""); sps->video_signal_type_present_flag = gf_bs_read_int_log(bs, 1, ""video_signal_type_present_flag""); if (sps->video_signal_type_present_flag) { sps->video_format = gf_bs_read_int_log(bs, 3, ""video_format""); sps->video_full_range_flag = gf_bs_read_int_log(bs, 1, ""video_full_range_flag""); if ((sps->colour_description_present_flag = gf_bs_read_int_log(bs, 1, ""colour_description_present_flag""))) { sps->colour_primaries = gf_bs_read_int_log(bs, 8, ""colour_primaries""); sps->transfer_characteristic = gf_bs_read_int_log(bs, 8, ""transfer_characteristic""); sps->matrix_coeffs = gf_bs_read_int_log(bs, 8, ""matrix_coefficients""); } } if ((sps->chroma_loc_info_present_flag = gf_bs_read_int_log(bs, 1, ""chroma_loc_info_present_flag""))) { sps->chroma_sample_loc_type_top_field = gf_bs_read_ue_log(bs, ""chroma_sample_loc_type_top_field""); sps->chroma_sample_loc_type_bottom_field = gf_bs_read_ue_log(bs, ""chroma_sample_loc_type_bottom_field""); } sps->neutra_chroma_indication_flag = gf_bs_read_int_log(bs, 1, ""neutra_chroma_indication_flag""); sps->field_seq_flag = gf_bs_read_int_log(bs, 1, ""field_seq_flag""); sps->frame_field_info_present_flag = gf_bs_read_int_log(bs, 1, ""frame_field_info_present_flag""); if ((sps->default_display_window_flag = gf_bs_read_int_log(bs, 1, ""default_display_window_flag""))) { sps->left_offset = gf_bs_read_ue_log(bs, ""display_window_left_offset""); sps->right_offset = gf_bs_read_ue_log(bs, ""display_window_right_offset""); sps->top_offset = gf_bs_read_ue_log(bs, ""display_window_top_offset""); sps->bottom_offset = gf_bs_read_ue_log(bs, ""display_window_bottom_offset""); } sps->has_timing_info = gf_bs_read_int_log(bs, 1, ""has_timing_info""); if (sps->has_timing_info) { sps->num_units_in_tick = gf_bs_read_int_log(bs, 32, ""num_units_in_tick""); sps->time_scale = gf_bs_read_int_log(bs, 32, ""time_scale""); sps->poc_proportional_to_timing_flag = gf_bs_read_int_log(bs, 1, ""poc_proportional_to_timing_flag""); if (sps->poc_proportional_to_timing_flag) sps->num_ticks_poc_diff_one_minus1 = gf_bs_read_ue_log(bs, ""num_ticks_poc_diff_one_minus1""); if ((sps->hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""hrd_parameters_present_flag""))) { return sps_id; } } if (gf_bs_read_int_log(bs, 1, ""bitstream_restriction_flag"")) { gf_bs_read_int_log(bs, 1, ""tiles_fixed_structure_flag""); gf_bs_read_int_log(bs, 1, ""motion_vectors_over_pic_boundaries_flag""); gf_bs_read_int_log(bs, 1, ""restricted_ref_pic_lists_flag""); gf_bs_read_ue_log(bs, ""min_spatial_segmentation_idc""); gf_bs_read_ue_log(bs, ""max_bytes_per_pic_denom""); gf_bs_read_ue_log(bs, ""max_bits_per_min_cu_denom""); gf_bs_read_ue_log(bs, ""log2_max_mv_length_horizontal""); gf_bs_read_ue_log(bs, ""log2_max_mv_length_vertical""); } } if (gf_bs_read_int_log(bs, 1, ""sps_extension_flag"")) { #if 0 while (gf_bs_available(bs)) { gf_bs_read_int(bs, 1); } #endif } return sps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,122774947734483,1 4509,CWE-476,"static void gf_dump_vrml_proto_field(GF_SceneDumper *sdump, GF_Node *node, GF_FieldInfo field) { u32 i, sf_type; void *slot_ptr; DUMP_IND(sdump); gf_fprintf(sdump->trace, ""trace, "">\n""); sdump->indent++; if (!sdump->X3DDump) gf_fprintf(sdump->trace, """"); gf_dump_vrml_node(sdump, field.far_ptr ? *(GF_Node **)field.far_ptr : NULL, 0, NULL); if (!sdump->X3DDump) gf_fprintf(sdump->trace, """"); sdump->indent--; DUMP_IND(sdump); gf_fprintf(sdump->trace, ""\n""); } else { if (sdump->X3DDump) { gf_fprintf(sdump->trace, "" value=\""""); } else { gf_fprintf(sdump->trace, "" %s=\"""", GetXMTFieldTypeValueName(field.fieldType)); } gf_dump_vrml_sffield(sdump, field.fieldType, field.far_ptr, 0, node); gf_fprintf(sdump->trace, ""\""/>\n""); } } else { GenMFField *mffield = (GenMFField *) field.far_ptr; sf_type = gf_sg_vrml_get_sf_type(field.fieldType); if ((field.eventType==GF_SG_EVENT_FIELD) || (field.eventType==GF_SG_EVENT_EXPOSED_FIELD)) { if (sf_type == GF_SG_VRML_SFNODE) { GF_ChildNodeItem *list = *(GF_ChildNodeItem **)field.far_ptr; gf_fprintf(sdump->trace, "">\n""); sdump->indent++; if (!sdump->X3DDump) gf_fprintf(sdump->trace, """"); while (list) { gf_dump_vrml_node(sdump, list->node, 1, NULL); list = list->next; } if (!sdump->X3DDump) gf_fprintf(sdump->trace, """"); sdump->indent--; DUMP_IND(sdump); gf_fprintf(sdump->trace, ""\n""); } else { if (sdump->X3DDump) { gf_fprintf(sdump->trace, "" value=\""""); } else { gf_fprintf(sdump->trace, "" %s=\"""", GetXMTFieldTypeValueName(field.fieldType)); } if (mffield) { for (i=0; icount; i++) { if (i) gf_fprintf(sdump->trace, "" ""); if (field.fieldType != GF_SG_VRML_MFNODE) { gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, (mffield->count>1) ? 1 : 0, node); } } } gf_fprintf(sdump->trace, ""\""/>\n""); } } } }",visit repo url,src/scene_manager/scene_dump.c,https://github.com/gpac/gpac,230650669840583,1 3435,CWE-119,"static void mark_object(struct object *obj, struct strbuf *path, const char *name, void *data) { update_progress(data); }",visit repo url,reachable.c,https://github.com/git/git,253233456055821,1 4904,['CWE-20'],"struct dentry *nfs4_get_root(struct super_block *sb, struct nfs_fh *mntfh) { struct nfs_server *server = NFS_SB(sb); struct nfs_fattr fattr; struct dentry *mntroot; struct inode *inode; int error; dprintk(""--> nfs4_get_root()\n""); if (!sb->s_root) { struct nfs_fh dummyfh; struct dentry *root; struct inode *iroot; memset(&dummyfh, 0, sizeof(dummyfh)); memset(&fattr, 0, sizeof(fattr)); nfs_fattr_init(&fattr); fattr.valid = NFS_ATTR_FATTR; fattr.type = NFDIR; fattr.mode = S_IFDIR | S_IRUSR | S_IWUSR; fattr.nlink = 2; iroot = nfs_fhget(sb, &dummyfh, &fattr); if (IS_ERR(iroot)) return ERR_PTR(PTR_ERR(iroot)); root = d_alloc_root(iroot); if (!root) { iput(iroot); return ERR_PTR(-ENOMEM); } sb->s_root = root; } error = nfs4_server_capabilities(server, mntfh); if (error < 0) { dprintk(""nfs_get_root: getcaps error = %d\n"", -error); return ERR_PTR(error); } error = server->nfs_client->rpc_ops->getattr(server, mntfh, &fattr); if (error < 0) { dprintk(""nfs_get_root: getattr error = %d\n"", -error); return ERR_PTR(error); } inode = nfs_fhget(sb, mntfh, &fattr); if (IS_ERR(inode)) { dprintk(""nfs_get_root: get root inode failed\n""); return ERR_PTR(PTR_ERR(inode)); } mntroot = d_alloc_anon(inode); if (!mntroot) { iput(inode); dprintk(""nfs_get_root: get root dentry failed\n""); return ERR_PTR(-ENOMEM); } security_d_instantiate(mntroot, inode); if (!mntroot->d_op) mntroot->d_op = server->nfs_client->rpc_ops->dentry_ops; dprintk(""<-- nfs4_get_root()\n""); return mntroot; }",linux-2.6,,,23913117304995173100703192879022791670,0 1428,CWE-20,"static int sctp_getsockopt_assoc_stats(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_assoc_stats sas; struct sctp_association *asoc = NULL; if (len < sizeof(sctp_assoc_t)) return -EINVAL; if (copy_from_user(&sas, optval, len)) return -EFAULT; asoc = sctp_id2assoc(sk, sas.sas_assoc_id); if (!asoc) return -EINVAL; sas.sas_rtxchunks = asoc->stats.rtxchunks; sas.sas_gapcnt = asoc->stats.gapcnt; sas.sas_outofseqtsns = asoc->stats.outofseqtsns; sas.sas_osacks = asoc->stats.osacks; sas.sas_isacks = asoc->stats.isacks; sas.sas_octrlchunks = asoc->stats.octrlchunks; sas.sas_ictrlchunks = asoc->stats.ictrlchunks; sas.sas_oodchunks = asoc->stats.oodchunks; sas.sas_iodchunks = asoc->stats.iodchunks; sas.sas_ouodchunks = asoc->stats.ouodchunks; sas.sas_iuodchunks = asoc->stats.iuodchunks; sas.sas_idupchunks = asoc->stats.idupchunks; sas.sas_opackets = asoc->stats.opackets; sas.sas_ipackets = asoc->stats.ipackets; sas.sas_maxrto = asoc->stats.max_obs_rto; memcpy(&sas.sas_obs_rto_ipaddr, &asoc->stats.obs_rto_ipaddr, sizeof(struct sockaddr_storage)); asoc->stats.max_obs_rto = asoc->rto_min; len = min_t(size_t, len, sizeof(sas)); if (put_user(len, optlen)) return -EFAULT; SCTP_DEBUG_PRINTK(""sctp_getsockopt_assoc_stat(%d): %d\n"", len, sas.sas_assoc_id); if (copy_to_user(optval, &sas, len)) return -EFAULT; return 0; }",visit repo url,net/sctp/socket.c,https://github.com/torvalds/linux,90449669336116,1 4274,['CWE-264'],"SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) { int err = 0; struct fs_struct *fs, *new_fs = NULL; struct sighand_struct *new_sigh = NULL; struct mm_struct *mm, *new_mm = NULL, *active_mm = NULL; struct files_struct *fd, *new_fd = NULL; struct nsproxy *new_nsproxy = NULL; int do_sysvsem = 0; check_unshare_flags(&unshare_flags); err = -EINVAL; if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND| CLONE_VM|CLONE_FILES|CLONE_SYSVSEM| CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWNET)) goto bad_unshare_out; if (unshare_flags & (CLONE_NEWIPC|CLONE_SYSVSEM)) do_sysvsem = 1; if ((err = unshare_thread(unshare_flags))) goto bad_unshare_out; if ((err = unshare_fs(unshare_flags, &new_fs))) goto bad_unshare_cleanup_thread; if ((err = unshare_sighand(unshare_flags, &new_sigh))) goto bad_unshare_cleanup_fs; if ((err = unshare_vm(unshare_flags, &new_mm))) goto bad_unshare_cleanup_sigh; if ((err = unshare_fd(unshare_flags, &new_fd))) goto bad_unshare_cleanup_vm; if ((err = unshare_nsproxy_namespaces(unshare_flags, &new_nsproxy, new_fs))) goto bad_unshare_cleanup_fd; if (new_fs || new_mm || new_fd || do_sysvsem || new_nsproxy) { if (do_sysvsem) { exit_sem(current); } if (new_nsproxy) { switch_task_namespaces(current, new_nsproxy); new_nsproxy = NULL; } task_lock(current); if (new_fs) { fs = current->fs; current->fs = new_fs; new_fs = fs; } if (new_mm) { mm = current->mm; active_mm = current->active_mm; current->mm = new_mm; current->active_mm = new_mm; activate_mm(active_mm, new_mm); new_mm = mm; } if (new_fd) { fd = current->files; current->files = new_fd; new_fd = fd; } task_unlock(current); } if (new_nsproxy) put_nsproxy(new_nsproxy); bad_unshare_cleanup_fd: if (new_fd) put_files_struct(new_fd); bad_unshare_cleanup_vm: if (new_mm) mmput(new_mm); bad_unshare_cleanup_sigh: if (new_sigh) if (atomic_dec_and_test(&new_sigh->count)) kmem_cache_free(sighand_cachep, new_sigh); bad_unshare_cleanup_fs: if (new_fs) put_fs_struct(new_fs); bad_unshare_cleanup_thread: bad_unshare_out: return err; }",linux-2.6,,,334285753277697962670971214872426028191,0 3430,CWE-119,"static void show_object(struct object *object, struct strbuf *path, const char *last, void *data) { struct bitmap *base = data; int bitmap_pos; bitmap_pos = bitmap_position(object->oid.hash); if (bitmap_pos < 0) { char *name = path_name(path, last); bitmap_pos = ext_index_add_object(object, name); free(name); } bitmap_set(base, bitmap_pos); }",visit repo url,pack-bitmap.c,https://github.com/git/git,49413044528141,1 3972,['CWE-362'],"static int pin_to_kill(struct inotify_handle *ih, struct inotify_watch *watch) { struct super_block *sb = watch->inode->i_sb; s32 wd = watch->wd; spin_lock(&sb_lock); if (sb->s_count >= S_BIAS) { atomic_inc(&sb->s_active); spin_unlock(&sb_lock); get_inotify_watch(watch); mutex_unlock(&ih->mutex); return 1; } sb->s_count++; spin_unlock(&sb_lock); mutex_unlock(&ih->mutex); down_read(&sb->s_umount); if (likely(!sb->s_root)) { drop_super(sb); return 0; } mutex_lock(&ih->mutex); if (idr_find(&ih->idr, wd) != watch || watch->inode->i_sb != sb) { mutex_unlock(&ih->mutex); drop_super(sb); return 0; } get_inotify_watch(watch); mutex_unlock(&ih->mutex); return 2; }",linux-2.6,,,238614998390502917263563633436495797018,0 96,['CWE-787'],"static void cirrus_linear_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val) { CirrusVGAState *s = (CirrusVGAState *) opaque; addr &= s->cirrus_addr_mask; cpu_to_le16w((uint16_t *)(s->vram_ptr + addr), val); cpu_physical_memory_set_dirty(s->vram_offset + addr); }",qemu,,,193961890653795346616898600346548551986,0 1712,CWE-19,"static int __init init_ext2_fs(void) { int err = init_ext2_xattr(); if (err) return err; err = init_inodecache(); if (err) goto out1; err = register_filesystem(&ext2_fs_type); if (err) goto out; return 0; out: destroy_inodecache(); out1: exit_ext2_xattr(); return err; }",visit repo url,fs/ext2/super.c,https://github.com/torvalds/linux,18017305057492,1 2115,[],"static int udp_seq_open(struct inode *inode, struct file *file) { struct udp_seq_afinfo *afinfo = PDE(inode)->data; struct seq_file *seq; int rc = -ENOMEM; struct udp_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL); if (!s) goto out; s->family = afinfo->family; s->hashtable = afinfo->hashtable; s->seq_ops.start = udp_seq_start; s->seq_ops.next = udp_seq_next; s->seq_ops.show = afinfo->seq_show; s->seq_ops.stop = udp_seq_stop; rc = seq_open(file, &s->seq_ops); if (rc) goto out_kfree; seq = file->private_data; seq->private = s; out: return rc; out_kfree: kfree(s); goto out; }",linux-2.6,,,39417846244961986384717548838448358052,0 5249,['CWE-264'],"static bool unpack_canon_ace(files_struct *fsp, SMB_STRUCT_STAT *pst, DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid, canon_ace **ppfile_ace, canon_ace **ppdir_ace, uint32 security_info_sent, SEC_DESC *psd) { canon_ace *file_ace = NULL; canon_ace *dir_ace = NULL; *ppfile_ace = NULL; *ppdir_ace = NULL; if(security_info_sent == 0) { DEBUG(0,(""unpack_canon_ace: no security info sent !\n"")); return False; } if(!(security_info_sent & DACL_SECURITY_INFORMATION) || !psd->dacl) return True; if (!create_canon_ace_lists( fsp, pst, pfile_owner_sid, pfile_grp_sid, &file_ace, &dir_ace, psd->dacl)) return False; if ((file_ace == NULL) && (dir_ace == NULL)) { return True; } print_canon_ace_list( ""file ace - before merge"", file_ace); merge_aces( &file_ace ); print_canon_ace_list( ""dir ace - before merge"", dir_ace); merge_aces( &dir_ace ); print_canon_ace_list( ""file ace - before deny"", file_ace); process_deny_list( &file_ace); print_canon_ace_list( ""dir ace - before deny"", dir_ace); process_deny_list( &dir_ace); print_canon_ace_list( ""file ace - before valid"", file_ace); pst->st_mode = create_default_mode(fsp, False); if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) { free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); return False; } print_canon_ace_list( ""dir ace - before valid"", dir_ace); pst->st_mode = create_default_mode(fsp, True); if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) { free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); return False; } print_canon_ace_list( ""file ace - return"", file_ace); print_canon_ace_list( ""dir ace - return"", dir_ace); *ppfile_ace = file_ace; *ppdir_ace = dir_ace; return True; }",samba,,,313193979776636436164086327822599083867,0 209,[],"static unsigned short atalk_checksum(const struct sk_buff *skb, int len) { unsigned long sum; sum = atalk_sum_skb(skb, 4, len-4, 0); return sum ? htons((unsigned short)sum) : 0xFFFF; }",history,,,306209186879013509695230228345699617926,0 4657,CWE-415,"void gf_av1_reset_state(AV1State *state, Bool is_destroy) { GF_List *l1, *l2; if (state->frame_state.header_obus) { while (gf_list_count(state->frame_state.header_obus)) { GF_AV1_OBUArrayEntry *a = (GF_AV1_OBUArrayEntry*)gf_list_pop_back(state->frame_state.header_obus); if (a->obu) gf_free(a->obu); gf_free(a); } } if (state->frame_state.frame_obus) { while (gf_list_count(state->frame_state.frame_obus)) { GF_AV1_OBUArrayEntry *a = (GF_AV1_OBUArrayEntry*)gf_list_pop_back(state->frame_state.frame_obus); if (a->obu) gf_free(a->obu); gf_free(a); } } l1 = state->frame_state.frame_obus; l2 = state->frame_state.header_obus; memset(&state->frame_state, 0, sizeof(AV1StateFrame)); state->frame_state.is_first_frame = GF_TRUE; if (is_destroy) { gf_list_del(l1); gf_list_del(l2); if (state->bs) { if (gf_bs_get_position(state->bs)) { u32 size; gf_bs_get_content_no_truncate(state->bs, &state->frame_obus, &size, &state->frame_obus_alloc); } gf_bs_del(state->bs); } state->bs = NULL; } else { state->frame_state.frame_obus = l1; state->frame_state.header_obus = l2; if (state->bs) gf_bs_seek(state->bs, 0); } }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,105723616062429,1 3846,[],"int cap_settime(struct timespec *ts, struct timezone *tz) { if (!capable(CAP_SYS_TIME)) return -EPERM; return 0; }",linux-2.6,,,310932199654671093121472125970124260409,0 1527,CWE-476,"int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen) { u8 *buf = NULL; int err; if (!seed && slen) { buf = kmalloc(slen, GFP_KERNEL); if (!buf) return -ENOMEM; get_random_bytes(buf, slen); seed = buf; } err = tfm->seed(tfm, seed, slen); kfree(buf); return err; }",visit repo url,crypto/rng.c,https://github.com/torvalds/linux,221749969349877,1 5513,CWE-125,"indenterror(struct tok_state *tok) { if (tok->alterror) { tok->done = E_TABSPACE; tok->cur = tok->inp; return 1; } if (tok->altwarning) { #ifdef PGEN PySys_WriteStderr(""inconsistent use of tabs and spaces "" ""in indentation\n""); #else PySys_FormatStderr(""%U: inconsistent use of tabs and spaces "" ""in indentation\n"", tok->filename); #endif tok->altwarning = 0; } return 0; }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,143748082875943,1 4382,['CWE-264'],"static long sock_wait_for_wmem(struct sock * sk, long timeo) { DEFINE_WAIT(wait); clear_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags); for (;;) { if (!timeo) break; if (signal_pending(current)) break; set_bit(SOCK_NOSPACE, &sk->sk_socket->flags); prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); if (atomic_read(&sk->sk_wmem_alloc) < sk->sk_sndbuf) break; if (sk->sk_shutdown & SEND_SHUTDOWN) break; if (sk->sk_err) break; timeo = schedule_timeout(timeo); } finish_wait(sk->sk_sleep, &wait); return timeo; }",linux-2.6,,,35309248189400601122474251353891751264,0 6737,['CWE-310'],"wired_menu_item_info_destroy (gpointer data) { WiredMenuItemInfo *info = (WiredMenuItemInfo *) data; g_object_unref (G_OBJECT (info->device)); if (info->connection) g_object_unref (G_OBJECT (info->connection)); g_slice_free (WiredMenuItemInfo, data); }",network-manager-applet,,,95007652989288244315020916648691348739,0 599,CWE-189,"static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma) { unsigned int len; unsigned long start=0, off; struct au1200fb_device *fbdev = info->par; if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) { return -EINVAL; } start = fbdev->fb_phys & PAGE_MASK; len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len); off = vma->vm_pgoff << PAGE_SHIFT; if ((vma->vm_end - vma->vm_start + off) > len) { return -EINVAL; } off += start; vma->vm_pgoff = off >> PAGE_SHIFT; vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, vma->vm_end - vma->vm_start, vma->vm_page_prot); }",visit repo url,drivers/video/au1200fb.c,https://github.com/torvalds/linux,85465335459313,1 5865,CWE-120,"static pj_status_t get_name_len(int rec_counter, const pj_uint8_t *pkt, const pj_uint8_t *start, const pj_uint8_t *max, int *parsed_len, int *name_len) { const pj_uint8_t *p; pj_status_t status; if (rec_counter > 10) { return PJLIB_UTIL_EDNSINNAMEPTR; } *name_len = *parsed_len = 0; p = start; while (*p) { if ((*p & 0xc0) == 0xc0) { int ptr_len = 0; int dummy; pj_uint16_t offset; pj_memcpy(&offset, p, 2); offset ^= pj_htons((pj_uint16_t)(0xc0 << 8)); offset = pj_ntohs(offset); if (offset >= max - pkt) return PJLIB_UTIL_EDNSINNAMEPTR; status = get_name_len(rec_counter+1, pkt, pkt + offset, max, &dummy, &ptr_len); if (status != PJ_SUCCESS) return status; *parsed_len += 2; *name_len += ptr_len; return PJ_SUCCESS; } else { unsigned label_len = *p; if (pkt+label_len > max) return PJLIB_UTIL_EDNSINNAMEPTR; p += (label_len + 1); *parsed_len += (label_len + 1); if (*p != 0) ++label_len; *name_len += label_len; if (p >= max) return PJLIB_UTIL_EDNSINSIZE; } } ++p; (*parsed_len)++; return PJ_SUCCESS; }",visit repo url,pjlib-util/src/pjlib-util/dns.c,https://github.com/pjsip/pjproject,53926829671579,1 4059,CWE-125,"struct symbol_t* MACH0_(get_symbols)(struct MACH0_(obj_t)* bin) { const char *symstr; struct symbol_t *symbols; int from, to, i, j, s, stridx, symbols_size, symbols_count; SdbHash *hash; if (!bin || !bin->symtab || !bin->symstr) { return NULL; } symbols_count = (bin->dysymtab.nextdefsym + \ bin->dysymtab.nlocalsym + \ bin->dysymtab.nundefsym ); symbols_count += bin->nsymtab; symbols_size = (symbols_count + 1) * 2 * sizeof (struct symbol_t); if (symbols_size < 1) { return NULL; } if (!(symbols = calloc (1, symbols_size))) { return NULL; } hash = sdb_ht_new (); j = 0; for (s = 0; s < 2; s++) { switch (s) { case 0: from = bin->dysymtab.iextdefsym; to = from + bin->dysymtab.nextdefsym; break; case 1: from = bin->dysymtab.ilocalsym; to = from + bin->dysymtab.nlocalsym; break; #if NOT_USED case 2: from = bin->dysymtab.iundefsym; to = from + bin->dysymtab.nundefsym; break; #endif } if (from == to) { continue; } #define OLD 1 #if OLD from = R_MIN (R_MAX (0, from), symbols_size / sizeof (struct symbol_t)); to = R_MIN (to , symbols_size / sizeof (struct symbol_t)); to = R_MIN (to, bin->nsymtab); #else from = R_MIN (R_MAX (0, from), symbols_size/sizeof (struct symbol_t)); to = symbols_count; #endif int maxsymbols = symbols_size / sizeof (struct symbol_t); if (to > 0x500000) { bprintf (""WARNING: corrupted mach0 header: symbol table is too big %d\n"", to); free (symbols); sdb_ht_free (hash); return NULL; } if (symbols_count >= maxsymbols) { symbols_count = maxsymbols - 1; } for (i = from; i < to && j < symbols_count; i++, j++) { symbols[j].offset = addr_to_offset (bin, bin->symtab[i].n_value); symbols[j].addr = bin->symtab[i].n_value; symbols[j].size = 0; if (bin->symtab[i].n_type & N_EXT) { symbols[j].type = R_BIN_MACH0_SYMBOL_TYPE_EXT; } else { symbols[j].type = R_BIN_MACH0_SYMBOL_TYPE_LOCAL; } stridx = bin->symtab[i].n_strx; if (stridx >= 0 && stridx < bin->symstrlen) { symstr = (char*)bin->symstr + stridx; } else { symstr = ""???""; } { int i = 0; int len = 0; len = bin->symstrlen - stridx; if (len > 0) { for (i = 0; i < len; i++) { if ((ut8)(symstr[i] & 0xff) == 0xff || !symstr[i]) { len = i; break; } } char *symstr_dup = NULL; if (len > 0) { symstr_dup = r_str_ndup (symstr, len); } if (!symstr_dup) { symbols[j].name[0] = 0; } else { r_str_ncpy (symbols[j].name, symstr_dup, R_BIN_MACH0_STRING_LENGTH); r_str_filter (symbols[j].name, -1); symbols[j].name[R_BIN_MACH0_STRING_LENGTH - 2] = 0; } free (symstr_dup); } else { symbols[j].name[0] = 0; } symbols[j].last = 0; } if (inSymtab (hash, symbols, symbols[j].name, symbols[j].addr)) { symbols[j].name[0] = 0; j--; } } } to = R_MIN (bin->nsymtab, bin->dysymtab.iundefsym + bin->dysymtab.nundefsym); for (i = bin->dysymtab.iundefsym; i < to; i++) { if (j > symbols_count) { bprintf (""mach0-get-symbols: error\n""); break; } if (parse_import_stub(bin, &symbols[j], i)) symbols[j++].last = 0; } #if 1 for (i = 0; i < bin->nsymtab; i++) { struct MACH0_(nlist) *st = &bin->symtab[i]; #if 0 bprintf (""stridx %d -> section %d type %d value = %d\n"", st->n_strx, st->n_sect, st->n_type, st->n_value); #endif stridx = st->n_strx; if (stridx >= 0 && stridx < bin->symstrlen) { symstr = (char*)bin->symstr + stridx; } else { symstr = ""???""; } int section = st->n_sect; if (section == 1 && j < symbols_count) { symbols[j].addr = st->n_value; symbols[j].offset = addr_to_offset (bin, symbols[j].addr); symbols[j].size = 0; if (st->n_type & N_EXT) { symbols[j].type = R_BIN_MACH0_SYMBOL_TYPE_EXT; } else { symbols[j].type = R_BIN_MACH0_SYMBOL_TYPE_LOCAL; } strncpy (symbols[j].name, symstr, R_BIN_MACH0_STRING_LENGTH); symbols[j].name[R_BIN_MACH0_STRING_LENGTH - 1] = 0; symbols[j].last = 0; if (inSymtab (hash, symbols, symbols[j].name, symbols[j].addr)) { symbols[j].name[0] = 0; } else { j++; } } } #endif sdb_ht_free (hash); symbols[j].last = 1; return symbols; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radare/radare2,239889268571913,1 4895,['CWE-399'],"int set_selection(const struct tiocl_selection __user *sel, struct tty_struct *tty) { struct vc_data *vc = vc_cons[fg_console].d; int sel_mode, new_sel_start, new_sel_end, spc; char *bp, *obp; int i, ps, pe, multiplier; u16 c; struct kbd_struct *kbd = kbd_table + fg_console; poke_blanked_console(); { unsigned short xs, ys, xe, ye; if (!access_ok(VERIFY_READ, sel, sizeof(*sel))) return -EFAULT; __get_user(xs, &sel->xs); __get_user(ys, &sel->ys); __get_user(xe, &sel->xe); __get_user(ye, &sel->ye); __get_user(sel_mode, &sel->sel_mode); xs--; ys--; xe--; ye--; xs = limit(xs, vc->vc_cols - 1); ys = limit(ys, vc->vc_rows - 1); xe = limit(xe, vc->vc_cols - 1); ye = limit(ye, vc->vc_rows - 1); ps = ys * vc->vc_size_row + (xs << 1); pe = ye * vc->vc_size_row + (xe << 1); if (sel_mode == TIOCL_SELCLEAR) { clear_selection(); return 0; } if (mouse_reporting() && (sel_mode & TIOCL_SELMOUSEREPORT)) { mouse_report(tty, sel_mode & TIOCL_SELBUTTONMASK, xs, ys); return 0; } } if (ps > pe) { int tmp = ps; ps = pe; pe = tmp; } if (sel_cons != vc_cons[fg_console].d) { clear_selection(); sel_cons = vc_cons[fg_console].d; } use_unicode = kbd && kbd->kbdmode == VC_UNICODE; switch (sel_mode) { case TIOCL_SELCHAR: new_sel_start = ps; new_sel_end = pe; break; case TIOCL_SELWORD: spc = isspace(sel_pos(ps)); for (new_sel_start = ps; ; ps -= 2) { if ((spc && !isspace(sel_pos(ps))) || (!spc && !inword(sel_pos(ps)))) break; new_sel_start = ps; if (!(ps % vc->vc_size_row)) break; } spc = isspace(sel_pos(pe)); for (new_sel_end = pe; ; pe += 2) { if ((spc && !isspace(sel_pos(pe))) || (!spc && !inword(sel_pos(pe)))) break; new_sel_end = pe; if (!((pe + 2) % vc->vc_size_row)) break; } break; case TIOCL_SELLINE: new_sel_start = ps - ps % vc->vc_size_row; new_sel_end = pe + vc->vc_size_row - pe % vc->vc_size_row - 2; break; case TIOCL_SELPOINTER: highlight_pointer(pe); return 0; default: return -EINVAL; } highlight_pointer(-1); if (new_sel_end > new_sel_start && !atedge(new_sel_end, vc->vc_size_row) && isspace(sel_pos(new_sel_end))) { for (pe = new_sel_end + 2; ; pe += 2) if (!isspace(sel_pos(pe)) || atedge(pe, vc->vc_size_row)) break; if (isspace(sel_pos(pe))) new_sel_end = pe; } if (sel_start == -1) highlight(new_sel_start, new_sel_end); else if (new_sel_start == sel_start) { if (new_sel_end == sel_end) return 0; else if (new_sel_end > sel_end) highlight(sel_end + 2, new_sel_end); else highlight(new_sel_end + 2, sel_end); } else if (new_sel_end == sel_end) { if (new_sel_start < sel_start) highlight(new_sel_start, sel_start - 2); else highlight(sel_start, new_sel_start - 2); } else { clear_selection(); highlight(new_sel_start, new_sel_end); } sel_start = new_sel_start; sel_end = new_sel_end; multiplier = use_unicode ? 3 : 1; bp = kmalloc(((sel_end-sel_start)/2+1)*multiplier, GFP_KERNEL); if (!bp) { printk(KERN_WARNING ""selection: kmalloc() failed\n""); clear_selection(); return -ENOMEM; } kfree(sel_buffer); sel_buffer = bp; obp = bp; for (i = sel_start; i <= sel_end; i += 2) { c = sel_pos(i); if (use_unicode) bp += store_utf8(c, bp); else *bp++ = c; if (!isspace(c)) obp = bp; if (! ((i + 2) % vc->vc_size_row)) { if (obp != bp) { bp = obp; *bp++ = '\r'; } obp = bp; } } sel_buffer_lth = bp - sel_buffer; return 0; }",linux-2.6,,,302636173824452057133791497520838603520,0 3326,[],"static inline void nlmsg_free(struct sk_buff *skb) { kfree_skb(skb); }",linux-2.6,,,106628010831899544739159869101718585454,0 3306,CWE-120,"parse_user_name(char *user_input, char **ret_username) { register char *ptr; register int index = 0; char username[PAM_MAX_RESP_SIZE]; *ret_username = NULL; bzero((void *)username, PAM_MAX_RESP_SIZE); ptr = user_input; while ((*ptr == ' ') || (*ptr == '\t')) ptr++; if (*ptr == '\0') { return (PAM_BUF_ERR); } while (*ptr != '\0') { if ((*ptr == ' ') || (*ptr == '\t')) break; else { username[index] = *ptr; index++; ptr++; } } if ((*ret_username = malloc(index + 1)) == NULL) return (PAM_BUF_ERR); (void) strcpy(*ret_username, username); return (PAM_SUCCESS); }",visit repo url,usr/src/lib/libpam/pam_framework.c,https://github.com/illumos/illumos-gate,190139422887388,1 6270,CWE-120,"static int pad_basic(bn_t m, int *p_len, int m_len, int k_len, int operation) { uint8_t pad = 0; int result = RLC_OK; bn_t t; RLC_TRY { bn_null(t); bn_new(t); switch (operation) { case RSA_ENC: case RSA_SIG: case RSA_SIG_HASH: bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PAD); bn_lsh(m, m, m_len * 8); break; case RSA_DEC: case RSA_VER: case RSA_VER_HASH: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } *p_len = 1; do { (*p_len)++; m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad == 0 && m_len > 0); if (pad != RSA_PAD) { result = RLC_ERR; } bn_mod_2b(m, m, (k_len - *p_len) * 8); break; } } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(t); } return result; }",visit repo url,src/cp/relic_cp_rsa.c,https://github.com/relic-toolkit/relic,208318150834259,1 1814,CWE-264,"static void vmx_set_msr_bitmap(struct kvm_vcpu *vcpu) { unsigned long *msr_bitmap; if (is_guest_mode(vcpu)) msr_bitmap = vmx_msr_bitmap_nested; else if (vcpu->arch.apic_base & X2APIC_ENABLE) { if (is_long_mode(vcpu)) msr_bitmap = vmx_msr_bitmap_longmode_x2apic; else msr_bitmap = vmx_msr_bitmap_legacy_x2apic; } else { if (is_long_mode(vcpu)) msr_bitmap = vmx_msr_bitmap_longmode; else msr_bitmap = vmx_msr_bitmap_legacy; } vmcs_write64(MSR_BITMAP, __pa(msr_bitmap)); }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,171429540795802,1 6055,CWE-190,"int bn_is_prime_rabin(const bn_t a) { bn_t t, n1, y, r; int i, s, j, result, b, tests = 0, cmp2; tests = 0; result = 1; bn_null(t); bn_null(n1); bn_null(y); bn_null(r); cmp2 = bn_cmp_dig(a, 2); if (cmp2 == RLC_LT) { return 0; } if (cmp2 == RLC_EQ) { return 1; } if (bn_is_even(a) == 1) { return 0; } RLC_TRY { b = bn_bits(a); if (b >= 1300) { tests = 2; } else if (b >= 850) { tests = 3; } else if (b >= 650) { tests = 4; } else if (b >= 550) { tests = 5; } else if (b >= 450) { tests = 6; } else if (b >= 400) { tests = 7; } else if (b >= 350) { tests = 8; } else if (b >= 300) { tests = 9; } else if (b >= 250) { tests = 12; } else if (b >= 200) { tests = 15; } else if (b >= 150) { tests = 18; } else { tests = 27; } bn_new(t); bn_new(n1); bn_new(y); bn_new(r); bn_sub_dig(n1, a, 1); bn_copy(r, n1); s = 0; while (bn_is_even(r)) { s++; bn_rsh(r, r, 1); } for (i = 0; i < tests; i++) { bn_set_dig(t, primes[i]); if( bn_cmp(t, n1) != RLC_LT ) { result = 1; break; } #if BN_MOD != PMERS bn_mxp(y, t, r, a); #else bn_exp(y, t, r, a); #endif if (bn_cmp_dig(y, 1) != RLC_EQ && bn_cmp(y, n1) != RLC_EQ) { j = 1; while ((j <= (s - 1)) && bn_cmp(y, n1) != RLC_EQ) { bn_sqr(y, y); bn_mod(y, y, a); if (bn_cmp_dig(y, 1) == RLC_EQ) { result = 0; break; } ++j; } if (bn_cmp(y, n1) != RLC_EQ) { result = 0; break; } } } } RLC_CATCH_ANY { result = 0; RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(r); bn_free(y); bn_free(n1); bn_free(t); } return result; }",visit repo url,src/bn/relic_bn_prime.c,https://github.com/relic-toolkit/relic,13058286016005,1 417,CWE-476,"static int i8042_start(struct serio *serio) { struct i8042_port *port = serio->port_data; port->exists = true; mb(); return 0; }",visit repo url,drivers/input/serio/i8042.c,https://github.com/torvalds/linux,256310754729901,1 1145,['CWE-362'],"int fcntl_dirnotify(int fd, struct file *filp, unsigned long arg) { struct dnotify_struct *dn; struct dnotify_struct *odn; struct dnotify_struct **prev; struct inode *inode; fl_owner_t id = current->files; struct file *f; int error = 0; if ((arg & ~DN_MULTISHOT) == 0) { dnotify_flush(filp, id); return 0; } if (!dir_notify_enable) return -EINVAL; inode = filp->f_path.dentry->d_inode; if (!S_ISDIR(inode->i_mode)) return -ENOTDIR; dn = kmem_cache_alloc(dn_cache, GFP_KERNEL); if (dn == NULL) return -ENOMEM; spin_lock(&inode->i_lock); prev = &inode->i_dnotify; while ((odn = *prev) != NULL) { if ((odn->dn_owner == id) && (odn->dn_filp == filp)) { odn->dn_fd = fd; odn->dn_mask |= arg; inode->i_dnotify_mask |= arg & ~DN_MULTISHOT; goto out_free; } prev = &odn->dn_next; } rcu_read_lock(); f = fcheck(fd); rcu_read_unlock(); if (f != filp) goto out_free; error = __f_setown(filp, task_pid(current), PIDTYPE_PID, 0); if (error) goto out_free; dn->dn_mask = arg; dn->dn_fd = fd; dn->dn_filp = filp; dn->dn_owner = id; inode->i_dnotify_mask |= arg & ~DN_MULTISHOT; dn->dn_next = inode->i_dnotify; inode->i_dnotify = dn; spin_unlock(&inode->i_lock); if (filp->f_op && filp->f_op->dir_notify) return filp->f_op->dir_notify(filp, arg); return 0; out_free: spin_unlock(&inode->i_lock); kmem_cache_free(dn_cache, dn); return error; }",linux-2.6,,,74342698354282247539341109282551274006,0 4351,['CWE-399'],"long keyctl_join_session_keyring(const char __user *_name) { char *name; long ret; name = NULL; if (_name) { name = strndup_user(_name, PAGE_SIZE); if (IS_ERR(name)) { ret = PTR_ERR(name); goto error; } } ret = join_session_keyring(name); kfree(name); error: return ret; } ",linux-2.6,,,180722760567521899980825597272783403024,0 3675,['CWE-119'],"int hfsplus_rename_cat(u32 cnid, struct inode *src_dir, struct qstr *src_name, struct inode *dst_dir, struct qstr *dst_name) { struct super_block *sb; struct hfs_find_data src_fd, dst_fd; hfsplus_cat_entry entry; int entry_size, type; int err = 0; dprint(DBG_CAT_MOD, ""rename_cat: %u - %lu,%s - %lu,%s\n"", cnid, src_dir->i_ino, src_name->name, dst_dir->i_ino, dst_name->name); sb = src_dir->i_sb; hfs_find_init(HFSPLUS_SB(sb).cat_tree, &src_fd); dst_fd = src_fd; hfsplus_cat_build_key(sb, src_fd.search_key, src_dir->i_ino, src_name); err = hfs_brec_find(&src_fd); if (err) goto out; hfs_bnode_read(src_fd.bnode, &entry, src_fd.entryoffset, src_fd.entrylength); hfsplus_cat_build_key(sb, dst_fd.search_key, dst_dir->i_ino, dst_name); err = hfs_brec_find(&dst_fd); if (err != -ENOENT) { if (!err) err = -EEXIST; goto out; } err = hfs_brec_insert(&dst_fd, &entry, src_fd.entrylength); if (err) goto out; dst_dir->i_size++; dst_dir->i_mtime = dst_dir->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(dst_dir); hfsplus_cat_build_key(sb, src_fd.search_key, src_dir->i_ino, src_name); err = hfs_brec_find(&src_fd); if (err) goto out; err = hfs_brec_remove(&src_fd); if (err) goto out; src_dir->i_size--; src_dir->i_mtime = src_dir->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(src_dir); hfsplus_cat_build_key(sb, src_fd.search_key, cnid, NULL); err = hfs_brec_find(&src_fd); if (err) goto out; type = hfs_bnode_read_u16(src_fd.bnode, src_fd.entryoffset); err = hfs_brec_remove(&src_fd); if (err) goto out; hfsplus_cat_build_key(sb, dst_fd.search_key, cnid, NULL); entry_size = hfsplus_fill_cat_thread(sb, &entry, type, dst_dir->i_ino, dst_name); err = hfs_brec_find(&dst_fd); if (err != -ENOENT) { if (!err) err = -EEXIST; goto out; } err = hfs_brec_insert(&dst_fd, &entry, entry_size); out: hfs_bnode_put(dst_fd.bnode); hfs_find_exit(&src_fd); return err; }",linux-2.6,,,68893856067935798992936367773939884435,0 6164,['CWE-200'],"int register_tcf_proto_ops(struct tcf_proto_ops *ops) { struct tcf_proto_ops *t, **tp; int rc = -EEXIST; write_lock(&cls_mod_lock); for (tp = &tcf_proto_base; (t = *tp) != NULL; tp = &t->next) if (!strcmp(ops->kind, t->kind)) goto out; ops->next = NULL; *tp = ops; rc = 0; out: write_unlock(&cls_mod_lock); return rc; }",linux-2.6,,,331656169591181112489462927490451379780,0 5487,['CWE-476'],"int kvm_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata) { return kvm_x86_ops->get_msr(vcpu, msr_index, pdata); }",linux-2.6,,,331269476681060464987609075558932687235,0 2475,['CWE-119'],"static void fn_out_diff_words_aux(void *priv, char *line, unsigned long len) { struct diff_words_data *diff_words = priv; if (diff_words->minus.suppressed_newline) { if (line[0] != '+') putc('\n', diff_words->file); diff_words->minus.suppressed_newline = 0; } len--; switch (line[0]) { case '-': print_word(diff_words->file, &diff_words->minus, len, DIFF_FILE_OLD, 1); break; case '+': print_word(diff_words->file, &diff_words->plus, len, DIFF_FILE_NEW, 0); break; case ' ': print_word(diff_words->file, &diff_words->plus, len, DIFF_PLAIN, 0); diff_words->minus.current += len; break; } }",git,,,225501519781811275880870137891099541938,0 6584,['CWE-200'],"set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec) { NMAGConfConnectionPrivate *priv = NMA_GCONF_CONNECTION_GET_PRIVATE (object); switch (prop_id) { case PROP_CLIENT: priv->client = GCONF_CLIENT (g_value_dup_object (value)); break; case PROP_DIR: priv->dir = g_value_dup_string (value); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; } }",network-manager-applet,,,57630142201723213889270285011675191940,0 5913,['CWE-909'],"static int tc_dump_qdisc_root(struct Qdisc *root, struct sk_buff *skb, struct netlink_callback *cb, int *q_idx_p, int s_q_idx) { int ret = 0, q_idx = *q_idx_p; struct Qdisc *q; if (!root) return 0; q = root; if (q_idx < s_q_idx) { q_idx++; } else { if (!tc_qdisc_dump_ignore(q) && tc_fill_qdisc(skb, q, q->parent, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWQDISC) <= 0) goto done; q_idx++; } list_for_each_entry(q, &root->list, list) { if (q_idx < s_q_idx) { q_idx++; continue; } if (!tc_qdisc_dump_ignore(q) && tc_fill_qdisc(skb, q, q->parent, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWQDISC) <= 0) goto done; q_idx++; } out: *q_idx_p = q_idx; return ret; done: ret = -1; goto out; }",linux-2.6,,,121281788719980226289288402053974043619,0 6169,CWE-190,"static void ep4_mul_pre_ordin(ep4_t *t, const ep4_t p) { int i; ep4_dbl(t[0], p); #if defined(EP_MIXED) ep4_norm(t[0], t[0]); #endif #if EP_DEPTH > 2 ep4_add(t[1], t[0], p); for (i = 2; i < (1 << (EP_DEPTH - 2)); i++) { ep4_add(t[i], t[i - 1], t[0]); } #if defined(EP_MIXED) for (i = 1; i < (1 << (EP_DEPTH - 2)); i++) { ep4_norm(t[i], t[i]); } #endif #endif ep4_copy(t[0], p); }",visit repo url,src/epx/relic_ep4_mul_fix.c,https://github.com/relic-toolkit/relic,228399195527153,1 3767,[],"static inline void unix_insert_socket(struct hlist_head *list, struct sock *sk) { spin_lock(&unix_table_lock); __unix_insert_socket(list, sk); spin_unlock(&unix_table_lock); }",linux-2.6,,,152900709690033683348048469301470967317,0 6194,['CWE-200'],"static int neigh_fill_info(struct sk_buff *skb, struct neighbour *n, u32 pid, u32 seq, int event, unsigned int flags) { unsigned long now = jiffies; unsigned char *b = skb->tail; struct nda_cacheinfo ci; int locked = 0; u32 probes; struct nlmsghdr *nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(struct ndmsg), flags); struct ndmsg *ndm = NLMSG_DATA(nlh); ndm->ndm_family = n->ops->family; ndm->ndm_pad1 = 0; ndm->ndm_pad2 = 0; ndm->ndm_flags = n->flags; ndm->ndm_type = n->type; ndm->ndm_ifindex = n->dev->ifindex; RTA_PUT(skb, NDA_DST, n->tbl->key_len, n->primary_key); read_lock_bh(&n->lock); locked = 1; ndm->ndm_state = n->nud_state; if (n->nud_state & NUD_VALID) RTA_PUT(skb, NDA_LLADDR, n->dev->addr_len, n->ha); ci.ndm_used = now - n->used; ci.ndm_confirmed = now - n->confirmed; ci.ndm_updated = now - n->updated; ci.ndm_refcnt = atomic_read(&n->refcnt) - 1; probes = atomic_read(&n->probes); read_unlock_bh(&n->lock); locked = 0; RTA_PUT(skb, NDA_CACHEINFO, sizeof(ci), &ci); RTA_PUT(skb, NDA_PROBES, sizeof(probes), &probes); nlh->nlmsg_len = skb->tail - b; return skb->len; nlmsg_failure: rtattr_failure: if (locked) read_unlock_bh(&n->lock); skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,1554362995851462234751864509079771981,0 1764,CWE-119,"get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e, const char *hookname, const char **chainname, const char **comment, unsigned int *rulenum) { const struct xt_standard_target *t = (void *)ipt_get_target_c(s); if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) { *chainname = t->target.data; (*rulenum) = 0; } else if (s == e) { (*rulenum)++; if (s->target_offset == sizeof(struct ipt_entry) && strcmp(t->target.u.kernel.target->name, XT_STANDARD_TARGET) == 0 && t->verdict < 0 && unconditional(&s->ip)) { *comment = *chainname == hookname ? comments[NF_IP_TRACE_COMMENT_POLICY] : comments[NF_IP_TRACE_COMMENT_RETURN]; } return 1; } else (*rulenum)++; return 0; }",visit repo url,net/ipv4/netfilter/ip_tables.c,https://github.com/torvalds/linux,118886340566541,1 6502,['CWE-20'],"static inline void emulate_push(struct x86_emulate_ctxt *ctxt) { struct decode_cache *c = &ctxt->decode; c->dst.type = OP_MEM; c->dst.bytes = c->op_bytes; c->dst.val = c->src.val; register_address_increment(c, &c->regs[VCPU_REGS_RSP], -c->op_bytes); c->dst.ptr = (void *) register_address(c, ss_base(ctxt), c->regs[VCPU_REGS_RSP]); }",kvm,,,253142875903122001897858006717315776995,0 3931,['CWE-362'],"static void prune_one(struct audit_tree *victim) { spin_lock(&hash_lock); while (!list_empty(&victim->chunks)) { struct node *p; p = list_entry(victim->chunks.next, struct node, list); untag_chunk(p); } spin_unlock(&hash_lock); put_tree(victim); }",linux-2.6,,,88059181603237834274060934400463919135,0 1389,[],"entity_tick(struct cfs_rq *cfs_rq, struct sched_entity *curr, int queued) { update_curr(cfs_rq); #ifdef CONFIG_SCHED_HRTICK if (queued) return resched_task(rq_of(cfs_rq)->curr); if (!sched_feat(DOUBLE_TICK) && hrtimer_active(&rq_of(cfs_rq)->hrtick_timer)) return; #endif if (cfs_rq->nr_running > 1 || !sched_feat(WAKEUP_PREEMPT)) check_preempt_tick(cfs_rq, curr); }",linux-2.6,,,176718966539035635373216821297913806735,0 3238,['CWE-189'],"static jas_cmpxform_t *jas_cmpxform_copy(jas_cmpxform_t *pxform) { ++pxform->refcnt; return pxform; }",jasper,,,61866415024496931118157521440328392128,0 2209,['CWE-193'],"void remove_from_page_cache(struct page *page) { struct address_space *mapping = page->mapping; BUG_ON(!PageLocked(page)); spin_lock_irq(&mapping->tree_lock); __remove_from_page_cache(page); spin_unlock_irq(&mapping->tree_lock); }",linux-2.6,,,241249323538195562468864927576848228309,0 5113,['CWE-20'],"static u64 guest_read_tsc(void) { u64 host_tsc, tsc_offset; rdtscll(host_tsc); tsc_offset = vmcs_read64(TSC_OFFSET); return host_tsc + tsc_offset; }",linux-2.6,,,30059187500572082088214252312587507998,0 641,CWE-20,"static int rawv6_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)msg->msg_name; struct sk_buff *skb; size_t copied; int err; if (flags & MSG_OOB) return -EOPNOTSUPP; if (addr_len) *addr_len=sizeof(*sin6); if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len); if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len); skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } if (skb_csum_unnecessary(skb)) { err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); } else if (msg->msg_flags&MSG_TRUNC) { if (__skb_checksum_complete(skb)) goto csum_copy_err; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); } else { err = skb_copy_and_csum_datagram_iovec(skb, 0, msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (err) goto out_free; if (sin6) { sin6->sin6_family = AF_INET6; sin6->sin6_port = 0; sin6->sin6_addr = ipv6_hdr(skb)->saddr; sin6->sin6_flowinfo = 0; sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); } sock_recv_ts_and_drops(msg, sk, skb); if (np->rxopt.all) ip6_datagram_recv_ctl(sk, msg, skb); err = copied; if (flags & MSG_TRUNC) err = skb->len; out_free: skb_free_datagram(sk, skb); out: return err; csum_copy_err: skb_kill_datagram(sk, skb, flags); err = (flags&MSG_DONTWAIT) ? -EAGAIN : -EHOSTUNREACH; goto out; }",visit repo url,net/ipv6/raw.c,https://github.com/torvalds/linux,215034858141935,1 557,[],"static int bad_inode_rename (struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) { return -EIO; }",linux-2.6,,,331019108618408930284086406329450837186,0 6228,CWE-190,"void fp9_read_bin(fp9_t a, const uint8_t *bin, int len) { if (len != 9 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp3_read_bin(a[0], bin, 3 * RLC_FP_BYTES); fp3_read_bin(a[1], bin + 3 * RLC_FP_BYTES, 3 * RLC_FP_BYTES); fp3_read_bin(a[2], bin + 6 * RLC_FP_BYTES, 3 * RLC_FP_BYTES); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,255683785847571,1 6615,CWE-732,"int main(int argc, char **argv, char **envp) { int opt; while ((opt = getopt(argc, argv, ""b:h:k:p:q:w:z:xv"")) != -1) { switch (opt) { case 'b': tmate_settings->bind_addr = xstrdup(optarg); break; case 'h': tmate_settings->tmate_host = xstrdup(optarg); break; case 'k': tmate_settings->keys_dir = xstrdup(optarg); break; case 'p': tmate_settings->ssh_port = atoi(optarg); break; case 'q': tmate_settings->ssh_port_advertized = atoi(optarg); break; case 'w': tmate_settings->websocket_hostname = xstrdup(optarg); break; case 'z': tmate_settings->websocket_port = atoi(optarg); break; case 'x': tmate_settings->use_proxy_protocol = true; break; case 'v': tmate_settings->log_level++; break; default: usage(); return 1; } } init_logging(tmate_settings->log_level); setup_locale(); if (!tmate_settings->tmate_host) tmate_settings->tmate_host = get_full_hostname(); cmdline = *argv; cmdline_end = *envp; tmate_preload_trace_lib(); tmate_catch_sigsegv(); tmate_init_rand(); if ((mkdir(TMATE_WORKDIR, 0701) < 0 && errno != EEXIST) || (mkdir(TMATE_WORKDIR ""/sessions"", 0703) < 0 && errno != EEXIST) || (mkdir(TMATE_WORKDIR ""/jail"", 0700) < 0 && errno != EEXIST)) tmate_fatal(""Cannot prepare session in "" TMATE_WORKDIR); if ((chmod(TMATE_WORKDIR, 0701) < 0) || (chmod(TMATE_WORKDIR ""/sessions"", 0703) < 0) || (chmod(TMATE_WORKDIR ""/jail"", 0700) < 0)) tmate_fatal(""Cannot prepare session in "" TMATE_WORKDIR); tmate_ssh_server_main(tmate_session, tmate_settings->keys_dir, tmate_settings->bind_addr, tmate_settings->ssh_port); return 0; }",visit repo url,tmate-main.c,https://github.com/tmate-io/tmate-ssh-server,177160344375645,1 6536,CWE-552,"int mnt_fs_is_deleted(struct libmnt_fs *fs) { return mnt_fs_get_flags(fs) & MNT_FS_DELETED; }",visit repo url,libmount/src/fs.c,https://github.com/util-linux/util-linux,274511006364383,1 5314,CWE-787,"static int do_i2c_crc(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { uint chip; ulong addr; int alen; int count; uchar byte; ulong crc; ulong err; int ret = 0; #if CONFIG_IS_ENABLED(DM_I2C) struct udevice *dev; #endif if (argc < 4) return CMD_RET_USAGE; chip = hextoul(argv[1], NULL); addr = hextoul(argv[2], NULL); alen = get_alen(argv[2], DEFAULT_ADDR_LEN); if (alen > 3) return CMD_RET_USAGE; #if CONFIG_IS_ENABLED(DM_I2C) ret = i2c_get_cur_bus_chip(chip, &dev); if (!ret && alen != -1) ret = i2c_set_chip_offset_len(dev, alen); if (ret) return i2c_report_err(ret, I2C_ERR_READ); #endif count = hextoul(argv[3], NULL); printf (""CRC32 for %08lx ... %08lx ==> "", addr, addr + count - 1); crc = 0; err = 0; while (count-- > 0) { #if CONFIG_IS_ENABLED(DM_I2C) ret = dm_i2c_read(dev, addr, &byte, 1); #else ret = i2c_read(chip, addr, alen, &byte, 1); #endif if (ret) err++; crc = crc32(crc, &byte, 1); addr++; } if (err > 0) i2c_report_err(ret, I2C_ERR_READ); else printf (""%08lx\n"", crc); return 0; }",visit repo url,cmd/i2c.c,https://github.com/u-boot/u-boot,147538053243525,1 2602,CWE-770,"static int stream_process(struct sip_msg * msg, struct sdp_stream_cell *cell, str * s, str* ss, regex_t* re, int op,int description) { static sdp_payload_attr_t static_payloads[] = { { NULL,0,{ ""0"",1},{""PCMU"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""3"",1},{ ""GSM"",3},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""4"",1},{""G723"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""5"",1},{""DVI4"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""6"",1},{""DVI4"",4},{""16000"",5},{NULL,0},{NULL,0} }, { NULL,0,{ ""7"",1},{ ""LPC"",3},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""8"",1},{""PCMA"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""9"",1},{""G722"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""10"",2},{ ""L16"",3},{""44100"",5},{NULL,0},{NULL,0} }, { NULL,0,{""11"",2},{ ""L16"",3},{""44100"",5},{NULL,0},{NULL,0} }, { NULL,0,{""12"",2},{""QCELP"",5},{""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""13"",2},{ ""CN"",2},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""14"",2},{ ""MPA"",3},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""15"",2},{""G728"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""16"",2},{""DVI4"",4},{""11025"",5},{NULL,0},{NULL,0} }, { NULL,0,{""17"",2},{""DVI4"",4},{""22050"",5},{NULL,0},{NULL,0} }, { NULL,0,{""18"",2},{""G729"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""25"",2},{""CelB"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""26"",2},{""JPEG"",4},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""28"",2},{ ""nv"",2},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""31"",2},{""H261"",4},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""32"",2},{ ""MPV"",3},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""33"",2},{""MP2T"",4},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""34"",2},{""H263"",4},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""t38"",3},{""t38"",3},{ """",0},{NULL,0},{NULL,0} }, { NULL,0,{NULL,0},{ NULL,0},{ NULL,0},{NULL,0},{NULL,0} } }; sdp_payload_attr_t *payload; char *cur, *tmp, *buff, temp; struct lump * lmp; str found; int ret, i,match, buff_len, is_static; regmatch_t pmatch; lmp = get_associated_lump(msg, cell); if( lmp == NULL) { LM_ERR(""There is no lump for this sdp cell\n""); return -1; } if (lmp->len == 0) return -1; buff_len = 0; ret = 0; buff = pkg_malloc(lmp->len+1); if( buff == NULL) { LM_ERR(""Out of memory\n""); return -1; } is_static = 0; payload = cell->payload_attr; while(payload) { if( payload->rtp_enc.s == NULL || (payload->rtp_clock.s == NULL && ss != NULL) || payload->rtp_payload.s == NULL) { goto next_payload; } match = 0; if( description == DESC_REGEXP ||description == DESC_REGEXP_COMPLEMENT ) { if (is_static) { match = regexec( re, payload->rtp_enc.s, 1, &pmatch, 0) == 0; } else { temp = payload->rtp_enc.s[payload->rtp_enc.len]; payload->rtp_enc.s[payload->rtp_enc.len] = 0; match = regexec( re, payload->rtp_enc.s, 1, &pmatch, 0) == 0; payload->rtp_enc.s[payload->rtp_enc.len] = temp; } } if( description == DESC_REGEXP_COMPLEMENT) match = !match; if( description == DESC_NAME ) { match = s->len == payload->rtp_enc.len && strncasecmp( s->s, payload->rtp_enc.s , payload->rtp_enc.len) == 0; } if( description == DESC_NAME_AND_CLOCK) { match = s->len == payload->rtp_enc.len && strncasecmp( s->s, payload->rtp_enc.s , payload->rtp_enc.len) == 0 && (ss == NULL || ( ss->len == payload->rtp_clock.len && strncasecmp( ss->s, payload->rtp_clock.s , payload->rtp_clock.len) == 0 ) ); } if (match) { match = 0; cur = lmp->u.value; while( !match && cur < lmp->u.value + lmp->len) { found.s = cur; while( cur < lmp->u.value + lmp->len && *cur != ' ' ) cur++; found.len = cur - found.s; if ( found.len == payload->rtp_payload.len && strncmp( found.s,payload->rtp_payload.s,found.len) == 0) { match = 1; } else { while( cur < lmp->u.value + lmp->len && * cur == ' ' ) cur++; } } if (match) { if(op == FIND) { ret = 1; goto end; } if( op == DELETE && !is_static ) { if( delete_sdp_line( msg, payload->rtp_enc.s, cell) < 0 ) { LM_ERR(""Unable to add delete lump for a=\n""); ret = -1; goto end; } if( delete_sdp_line( msg, payload->fmtp_string.s, cell) < 0 ) { LM_ERR(""Unable to add delete lump for a=\n""); ret = -1; goto end; } } { while (found.s > lmp->u.value && *(found.s - 1) == ' ') { found.s--; found.len++; } if (cur == lmp->u.value + lmp->len) { tmp = found.s; while (*(--tmp) == ' ') { found.s--; found.len++; } } for(tmp=found.s ; tmp< lmp->u.value + lmp->len ; tmp++ ) *tmp = *(tmp+found.len); lmp->len -= found.len; } if( op == ADD_TO_FRONT || op == ADD_TO_BACK) { memcpy(&buff[buff_len],"" "",1); buff_len++; memcpy(&buff[buff_len],payload->rtp_payload.s, payload->rtp_payload.len); buff_len += payload->rtp_payload.len; } ret = 1; } } next_payload: if (!is_static) { payload = payload->next; if (payload==NULL) { payload = static_payloads; is_static = 1; } } else { payload ++; if (payload->rtp_payload.s==NULL) payload=NULL; } } if( op == ADD_TO_FRONT && buff_len >0 ) { lmp->u.value = (char*)pkg_realloc(lmp->u.value, lmp->len+buff_len); if(!lmp->u.value) { LM_ERR(""No more pkg memory\n""); ret = -1; goto end; } for( i = lmp->len -1 ; i>=0;i--) lmp->u.value[i+buff_len] = lmp->u.value[i]; memcpy(lmp->u.value,buff,buff_len); lmp->len += buff_len; } if( op == ADD_TO_BACK && buff_len >0 ) { lmp->u.value = (char*)pkg_realloc(lmp->u.value, lmp->len+buff_len); if(!lmp->u.value) { LM_ERR(""No more pkg memory\n""); ret = -1; goto end; } memcpy(&lmp->u.value[lmp->len],buff,buff_len); lmp->len += buff_len; } if (lmp->len == 0) { lmp = del_lump(msg, cell->port.s - msg->buf - 1, cell->port.len + 2, 0); if (!lmp) { LM_ERR(""could not add lump to disable stream!\n""); goto end; } tmp = pkg_malloc(3); if (!tmp) { LM_ERR(""oom for port 0\n""); goto end; } memcpy(tmp, "" 0 "", 3); if (!insert_new_lump_after(lmp, tmp, 3, 0)) LM_ERR(""could not insert lump to disable stream!\n""); } end: pkg_free(buff); return ret; }",visit repo url,modules/sipmsgops/codecs.c,https://github.com/OpenSIPS/opensips,262781173214765,1 2478,['CWE-119'],"static void diffstat_consume(void *priv, char *line, unsigned long len) { struct diffstat_t *diffstat = priv; struct diffstat_file *x = diffstat->files[diffstat->nr - 1]; if (line[0] == '+') x->added++; else if (line[0] == '-') x->deleted++; }",git,,,149276048466316842012862874118181166972,0 5583,CWE-125,"ast_for_expr(struct compiling *c, const node *n) { asdl_seq *seq; int i; loop: switch (TYPE(n)) { case test: case test_nocond: if (TYPE(CHILD(n, 0)) == lambdef || TYPE(CHILD(n, 0)) == lambdef_nocond) return ast_for_lambdef(c, CHILD(n, 0)); else if (NCH(n) > 1) return ast_for_ifexpr(c, n); case or_test: case and_test: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } seq = _Ta3_asdl_seq_new((NCH(n) + 1) / 2, c->c_arena); if (!seq) return NULL; for (i = 0; i < NCH(n); i += 2) { expr_ty e = ast_for_expr(c, CHILD(n, i)); if (!e) return NULL; asdl_seq_SET(seq, i / 2, e); } if (!strcmp(STR(CHILD(n, 1)), ""and"")) return BoolOp(And, seq, LINENO(n), n->n_col_offset, c->c_arena); assert(!strcmp(STR(CHILD(n, 1)), ""or"")); return BoolOp(Or, seq, LINENO(n), n->n_col_offset, c->c_arena); case not_test: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } else { expr_ty expression = ast_for_expr(c, CHILD(n, 1)); if (!expression) return NULL; return UnaryOp(Not, expression, LINENO(n), n->n_col_offset, c->c_arena); } case comparison: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } else { expr_ty expression; asdl_int_seq *ops; asdl_seq *cmps; ops = _Ta3_asdl_int_seq_new(NCH(n) / 2, c->c_arena); if (!ops) return NULL; cmps = _Ta3_asdl_seq_new(NCH(n) / 2, c->c_arena); if (!cmps) { return NULL; } for (i = 1; i < NCH(n); i += 2) { cmpop_ty newoperator; newoperator = ast_for_comp_op(c, CHILD(n, i)); if (!newoperator) { return NULL; } expression = ast_for_expr(c, CHILD(n, i + 1)); if (!expression) { return NULL; } asdl_seq_SET(ops, i / 2, newoperator); asdl_seq_SET(cmps, i / 2, expression); } expression = ast_for_expr(c, CHILD(n, 0)); if (!expression) { return NULL; } return Compare(expression, ops, cmps, LINENO(n), n->n_col_offset, c->c_arena); } break; case star_expr: return ast_for_starred(c, n); case expr: case xor_expr: case and_expr: case shift_expr: case arith_expr: case term: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } return ast_for_binop(c, n); case yield_expr: { node *an = NULL; node *en = NULL; int is_from = 0; expr_ty exp = NULL; if (NCH(n) > 1) an = CHILD(n, 1); if (an) { en = CHILD(an, NCH(an) - 1); if (NCH(an) == 2) { is_from = 1; exp = ast_for_expr(c, en); } else exp = ast_for_testlist(c, en); if (!exp) return NULL; } if (is_from) return YieldFrom(exp, LINENO(n), n->n_col_offset, c->c_arena); return Yield(exp, LINENO(n), n->n_col_offset, c->c_arena); } case factor: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } return ast_for_factor(c, n); case power: return ast_for_power(c, n); default: PyErr_Format(PyExc_SystemError, ""unhandled expr: %d"", TYPE(n)); return NULL; } return NULL; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,123349320927948,1 1269,CWE-264,"static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *raw_data) { struct super_block *s; struct ecryptfs_sb_info *sbi; struct ecryptfs_dentry_info *root_info; const char *err = ""Getting sb failed""; struct inode *inode; struct path path; int rc; sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL); if (!sbi) { rc = -ENOMEM; goto out; } rc = ecryptfs_parse_options(sbi, raw_data); if (rc) { err = ""Error parsing options""; goto out; } s = sget(fs_type, NULL, set_anon_super, NULL); if (IS_ERR(s)) { rc = PTR_ERR(s); goto out; } s->s_flags = flags; rc = bdi_setup_and_register(&sbi->bdi, ""ecryptfs"", BDI_CAP_MAP_COPY); if (rc) goto out1; ecryptfs_set_superblock_private(s, sbi); s->s_bdi = &sbi->bdi; sbi = NULL; s->s_op = &ecryptfs_sops; s->s_d_op = &ecryptfs_dops; err = ""Reading sb failed""; rc = kern_path(dev_name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path); if (rc) { ecryptfs_printk(KERN_WARNING, ""kern_path() failed\n""); goto out1; } if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) { rc = -EINVAL; printk(KERN_ERR ""Mount on filesystem of type "" ""eCryptfs explicitly disallowed due to "" ""known incompatibilities\n""); goto out_free; } ecryptfs_set_superblock_lower(s, path.dentry->d_sb); s->s_maxbytes = path.dentry->d_sb->s_maxbytes; s->s_blocksize = path.dentry->d_sb->s_blocksize; s->s_magic = ECRYPTFS_SUPER_MAGIC; inode = ecryptfs_get_inode(path.dentry->d_inode, s); rc = PTR_ERR(inode); if (IS_ERR(inode)) goto out_free; s->s_root = d_alloc_root(inode); if (!s->s_root) { iput(inode); rc = -ENOMEM; goto out_free; } rc = -ENOMEM; root_info = kmem_cache_zalloc(ecryptfs_dentry_info_cache, GFP_KERNEL); if (!root_info) goto out_free; ecryptfs_set_dentry_private(s->s_root, root_info); ecryptfs_set_dentry_lower(s->s_root, path.dentry); ecryptfs_set_dentry_lower_mnt(s->s_root, path.mnt); s->s_flags |= MS_ACTIVE; return dget(s->s_root); out_free: path_put(&path); out1: deactivate_locked_super(s); out: if (sbi) { ecryptfs_destroy_mount_crypt_stat(&sbi->mount_crypt_stat); kmem_cache_free(ecryptfs_sb_info_cache, sbi); } printk(KERN_ERR ""%s; rc = [%d]\n"", err, rc); return ERR_PTR(rc); }",visit repo url,fs/ecryptfs/main.c,https://github.com/torvalds/linux,278814133131574,1 2834,CWE-125,"BOOL update_write_cache_brush_order(wStream* s, const CACHE_BRUSH_ORDER* cache_brush, UINT16* flags) { int i; BYTE iBitmapFormat; BOOL compressed = FALSE; if (!Stream_EnsureRemainingCapacity(s, update_approximate_cache_brush_order(cache_brush, flags))) return FALSE; iBitmapFormat = BPP_BMF[cache_brush->bpp]; Stream_Write_UINT8(s, cache_brush->index); Stream_Write_UINT8(s, iBitmapFormat); Stream_Write_UINT8(s, cache_brush->cx); Stream_Write_UINT8(s, cache_brush->cy); Stream_Write_UINT8(s, cache_brush->style); Stream_Write_UINT8(s, cache_brush->length); if ((cache_brush->cx == 8) && (cache_brush->cy == 8)) { if (cache_brush->bpp == 1) { if (cache_brush->length != 8) { WLog_ERR(TAG, ""incompatible 1bpp brush of length:%"" PRIu32 """", cache_brush->length); return FALSE; } for (i = 7; i >= 0; i--) { Stream_Write_UINT8(s, cache_brush->data[i]); } } else { if ((iBitmapFormat == BMF_8BPP) && (cache_brush->length == 20)) compressed = TRUE; else if ((iBitmapFormat == BMF_16BPP) && (cache_brush->length == 24)) compressed = TRUE; else if ((iBitmapFormat == BMF_32BPP) && (cache_brush->length == 32)) compressed = TRUE; if (compressed != FALSE) { if (!update_compress_brush(s, cache_brush->data, cache_brush->bpp)) return FALSE; } else { int scanline = (cache_brush->bpp / 8) * 8; for (i = 7; i >= 0; i--) { Stream_Write(s, &cache_brush->data[i * scanline], scanline); } } } } return TRUE; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,241984349392864,1 4257,CWE-416,"R_API void r_core_anal_type_match(RCore *core, RAnalFunction *fcn) { RAnalBlock *bb; RListIter *it; RAnalOp aop = {0}; bool resolved = false; r_return_if_fail (core && core->anal && fcn); if (!core->anal->esil) { eprintf (""Please run aeim\n""); return; } RAnal *anal = core->anal; Sdb *TDB = anal->sdb_types; bool chk_constraint = r_config_get_i (core->config, ""anal.types.constraint""); int ret, bsize = R_MAX (64, core->blocksize); const int mininstrsz = r_anal_archinfo (anal, R_ANAL_ARCHINFO_MIN_OP_SIZE); const int minopcode = R_MAX (1, mininstrsz); int cur_idx , prev_idx = 0; RConfigHold *hc = r_config_hold_new (core->config); if (!hc) { return; } RDebugTrace *dt = NULL; RAnalEsilTrace *et = NULL; if (!anal_emul_init (core, hc, &dt, &et) || !fcn) { anal_emul_restore (core, hc, dt, et); return; } ut8 *buf = malloc (bsize); if (!buf) { anal_emul_restore (core, hc, dt, et); return; } Sdb *etracedb = core->anal->esil->trace->db; HtPPOptions opt = etracedb->ht->opt; ht_pp_free (etracedb->ht); etracedb->ht = ht_pp_new_size (fcn->ninstr * 0xf, opt.dupvalue, opt.freefn, opt.calcsizeV); etracedb->ht->opt = opt; RDebugTrace *dtrace = core->dbg->trace; opt = dtrace->ht->opt; ht_pp_free (dtrace->ht); dtrace->ht = ht_pp_new_size (fcn->ninstr, opt.dupvalue, opt.freefn, opt.calcsizeV); dtrace->ht->opt = opt; char *fcn_name = NULL; char *ret_type = NULL; bool str_flag = false; bool prop = false; bool prev_var = false; char prev_type[256] = {0}; const char *prev_dest = NULL; char *ret_reg = NULL; const char *pc = r_reg_get_name (core->dbg->reg, R_REG_NAME_PC); if (!pc) { free (buf); return; } RRegItem *r = r_reg_get (core->dbg->reg, pc, -1); if (!r) { free (buf); return; } r_cons_break_push (NULL, NULL); r_list_sort (fcn->bbs, bb_cmpaddr); r_list_foreach (fcn->bbs, it, bb) { ut64 addr = bb->addr; int i = 0; r_reg_set_value (core->dbg->reg, r, addr); while (1) { if (r_cons_is_breaked ()) { goto out_function; } if (i >= (bsize - 32)) { i = 0; } ut64 pcval = r_reg_getv (anal->reg, pc); if ((addr >= bb->addr + bb->size) || (addr < bb->addr) || pcval != addr) { break; } if (!i) { r_io_read_at (core->io, addr, buf, bsize); } ret = r_anal_op (anal, &aop, addr, buf + i, bsize - i, R_ANAL_OP_MASK_BASIC | R_ANAL_OP_MASK_VAL); if (ret <= 0) { i += minopcode; addr += minopcode; r_anal_op_fini (&aop); continue; } int loop_count = sdb_num_get (anal->esil->trace->db, sdb_fmt (""0x%""PFMT64x"".count"", addr), 0); if (loop_count > LOOP_MAX || aop.type == R_ANAL_OP_TYPE_RET) { r_anal_op_fini (&aop); break; } sdb_num_set (anal->esil->trace->db, sdb_fmt (""0x%""PFMT64x"".count"", addr), loop_count + 1, 0); if (r_anal_op_nonlinear (aop.type)) { r_reg_set_value (core->dbg->reg, r, addr + ret); } else { r_core_esil_step (core, UT64_MAX, NULL, NULL, false); } bool userfnc = false; Sdb *trace = anal->esil->trace->db; cur_idx = sdb_num_get (trace, ""idx"", 0); RAnalVar *var = r_anal_get_used_function_var (anal, aop.addr); RAnalOp *next_op = r_core_anal_op (core, addr + ret, R_ANAL_OP_MASK_BASIC); ut32 type = aop.type & R_ANAL_OP_TYPE_MASK; if (aop.type == R_ANAL_OP_TYPE_CALL || aop.type & R_ANAL_OP_TYPE_UCALL) { char *full_name = NULL; ut64 callee_addr; if (aop.type == R_ANAL_OP_TYPE_CALL) { RAnalFunction *fcn_call = r_anal_get_fcn_in (anal, aop.jump, -1); if (fcn_call) { full_name = fcn_call->name; callee_addr = fcn_call->addr; } } else if (aop.ptr != UT64_MAX) { RFlagItem *flag = r_flag_get_by_spaces (core->flags, aop.ptr, R_FLAGS_FS_IMPORTS, NULL); if (flag && flag->realname) { full_name = flag->realname; callee_addr = aop.ptr; } } if (full_name) { if (r_type_func_exist (TDB, full_name)) { fcn_name = strdup (full_name); } else { fcn_name = r_type_func_guess (TDB, full_name); } if (!fcn_name) { fcn_name = strdup (full_name); userfnc = true; } const char* Cc = r_anal_cc_func (anal, fcn_name); if (Cc && r_anal_cc_exist (anal, Cc)) { char *cc = strdup (Cc); type_match (core, fcn_name, addr, bb->addr, cc, prev_idx, userfnc, callee_addr); prev_idx = cur_idx; R_FREE (ret_type); const char *rt = r_type_func_ret (TDB, fcn_name); if (rt) { ret_type = strdup (rt); } R_FREE (ret_reg); const char *rr = r_anal_cc_ret (anal, cc); if (rr) { ret_reg = strdup (rr); } resolved = false; free (cc); } if (!strcmp (fcn_name, ""__stack_chk_fail"")) { const char *query = sdb_fmt (""%d.addr"", cur_idx - 1); ut64 mov_addr = sdb_num_get (trace, query, 0); RAnalOp *mop = r_core_anal_op (core, mov_addr, R_ANAL_OP_MASK_VAL | R_ANAL_OP_MASK_BASIC); if (mop) { RAnalVar *mopvar = r_anal_get_used_function_var (anal, mop->addr); ut32 type = mop->type & R_ANAL_OP_TYPE_MASK; if (type == R_ANAL_OP_TYPE_MOV) { __var_rename (anal, mopvar, ""canary"", addr); } } r_anal_op_free (mop); } free (fcn_name); } } else if (!resolved && ret_type && ret_reg) { char src[REGNAME_SIZE] = {0}; const char *query = sdb_fmt (""%d.reg.write"", cur_idx); const char *cur_dest = sdb_const_get (trace, query, 0); get_src_regname (core, aop.addr, src, sizeof (src)); if (ret_reg && *src && strstr (ret_reg, src)) { if (var && aop.direction == R_ANAL_OP_DIR_WRITE) { __var_retype (anal, var, NULL, ret_type, false, false); resolved = true; } else if (type == R_ANAL_OP_TYPE_MOV) { R_FREE (ret_reg); if (cur_dest) { ret_reg = strdup (cur_dest); } } } else if (cur_dest) { char *foo = strdup (cur_dest); char *tmp = strchr (foo, ','); if (tmp) { *tmp++ = '\0'; } if (ret_reg && (strstr (ret_reg, foo) || (tmp && strstr (ret_reg, tmp)))) { resolved = true; } else if (type == R_ANAL_OP_TYPE_MOV && (next_op && next_op->type == R_ANAL_OP_TYPE_MOV)){ char nsrc[REGNAME_SIZE] = {0}; get_src_regname (core, next_op->addr, nsrc, sizeof (nsrc)); if (ret_reg && *nsrc && strstr (ret_reg, nsrc) && var && aop.direction == R_ANAL_OP_DIR_READ) { __var_retype (anal, var, NULL, ret_type, true, false); } } free (foo); } } if (var) { bool sign = false; if ((type == R_ANAL_OP_TYPE_CMP) && next_op) { if (next_op->sign) { sign = true; } else { __var_retype (anal, var, NULL, ""unsigned"", false, true); } } if (sign || aop.sign) { __var_retype (anal, var, NULL, ""signed"", false, true); } if (prev_dest && (type == R_ANAL_OP_TYPE_MOV || type == R_ANAL_OP_TYPE_STORE)) { char reg[REGNAME_SIZE] = {0}; get_src_regname (core, addr, reg, sizeof (reg)); bool match = strstr (prev_dest, reg) != NULL; if (str_flag && match) { __var_retype (anal, var, NULL, ""const char *"", false, false); } if (prop && match && prev_var) { __var_retype (anal, var, NULL, prev_type, false, false); } } if (chk_constraint && var && (type == R_ANAL_OP_TYPE_CMP && aop.disp != UT64_MAX) && next_op && next_op->type == R_ANAL_OP_TYPE_CJMP) { bool jmp = false; RAnalOp *jmp_op = {0}; ut64 jmp_addr = next_op->jump; RAnalBlock *jmpbb = r_anal_fcn_bbget_in (anal, fcn, jmp_addr); for (i = 0; i < MAX_INSTR ; i++) { jmp_op = r_core_anal_op (core, jmp_addr, R_ANAL_OP_MASK_BASIC); if (!jmp_op) { break; } if ((jmp_op->type == R_ANAL_OP_TYPE_RET && r_anal_block_contains (jmpbb, jmp_addr)) || jmp_op->type == R_ANAL_OP_TYPE_CJMP) { jmp = true; r_anal_op_free (jmp_op); break; } jmp_addr += jmp_op->size; r_anal_op_free (jmp_op); } RAnalVarConstraint constr = { .cond = jmp? cond_invert (anal, next_op->cond): next_op->cond, .val = aop.val }; r_anal_var_add_constraint (var, &constr); } } prev_var = (var && aop.direction == R_ANAL_OP_DIR_READ); str_flag = false; prop = false; prev_dest = NULL; switch (type) { case R_ANAL_OP_TYPE_MOV: case R_ANAL_OP_TYPE_LEA: case R_ANAL_OP_TYPE_LOAD: if (aop.ptr && aop.refptr && aop.ptr != UT64_MAX) { if (type == R_ANAL_OP_TYPE_LOAD) { ut8 buf[256] = {0}; r_io_read_at (core->io, aop.ptr, buf, sizeof (buf) - 1); ut64 ptr = r_read_ble (buf, core->print->big_endian, aop.refptr * 8); if (ptr && ptr != UT64_MAX) { RFlagItem *f = r_flag_get_by_spaces (core->flags, ptr, R_FLAGS_FS_STRINGS, NULL); if (f) { str_flag = true; } } } else if (r_flag_exist_at (core->flags, ""str"", 3, aop.ptr)) { str_flag = true; } } if (var && str_flag) { __var_retype (anal, var, NULL, ""const char *"", false, false); } const char *query = sdb_fmt (""%d.reg.write"", cur_idx); prev_dest = sdb_const_get (trace, query, 0); if (var) { strncpy (prev_type, var->type, sizeof (prev_type) - 1); prop = true; } } i += ret; addr += ret; r_anal_op_free (next_op); r_anal_op_fini (&aop); } } RList *list = r_anal_var_list (anal, fcn, R_ANAL_VAR_KIND_REG); RAnalVar *rvar; RListIter *iter; r_list_foreach (list, iter, rvar) { RAnalVar *lvar = r_anal_var_get_dst_var (rvar); RRegItem *i = r_reg_index_get (anal->reg, rvar->delta); if (!i) { continue; } if (lvar) { __var_retype (anal, rvar, NULL, lvar->type, false, false); __var_retype (anal, lvar, NULL, rvar->type, false, false); } } r_list_free (list); out_function: R_FREE (ret_reg); R_FREE (ret_type); free (buf); r_cons_break_pop(); anal_emul_restore (core, hc, dt, et); }",visit repo url,libr/core/anal_tp.c,https://github.com/radareorg/radare2,123477107799939,1 3997,CWE-416,"static CURLcode ossl_connect_step1(struct Curl_easy *data, struct connectdata *conn, int sockindex) { CURLcode result = CURLE_OK; char *ciphers; SSL_METHOD_QUAL SSL_METHOD *req_method = NULL; X509_LOOKUP *lookup = NULL; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; ctx_option_t ctx_options = 0; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME bool sni; const char * const hostname = SSL_HOST_NAME(); #ifdef ENABLE_IPV6 struct in6_addr addr; #else struct in_addr addr; #endif #endif const long int ssl_version = SSL_CONN_CONFIG(version); #ifdef USE_OPENSSL_SRP const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype); #endif char * const ssl_cert = SSL_SET_OPTION(primary.clientcert); const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob); const char * const ssl_cert_type = SSL_SET_OPTION(cert_type); const char * const ssl_cafile = (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile)); const char * const ssl_capath = SSL_CONN_CONFIG(CApath); const bool verifypeer = SSL_CONN_CONFIG(verifypeer); const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile); char error_buffer[256]; struct ssl_backend_data *backend = connssl->backend; bool imported_native_ca = false; DEBUGASSERT(ssl_connect_1 == connssl->connecting_state); result = ossl_seed(data); if(result) return result; SSL_SET_OPTION_LVALUE(certverifyresult) = !X509_V_OK; switch(ssl_version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: case CURL_SSLVERSION_TLSv1_3: #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) req_method = TLS_client_method(); #else req_method = SSLv23_client_method(); #endif use_sni(TRUE); break; case CURL_SSLVERSION_SSLv2: failf(data, ""No SSLv2 support""); return CURLE_NOT_BUILT_IN; case CURL_SSLVERSION_SSLv3: failf(data, ""No SSLv3 support""); return CURLE_NOT_BUILT_IN; default: failf(data, ""Unrecognized parameter passed via CURLOPT_SSLVERSION""); return CURLE_SSL_CONNECT_ERROR; } if(backend->ctx) SSL_CTX_free(backend->ctx); backend->ctx = SSL_CTX_new(req_method); if(!backend->ctx) { failf(data, ""SSL: couldn't create a context: %s"", ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer))); return CURLE_OUT_OF_MEMORY; } #ifdef SSL_MODE_RELEASE_BUFFERS SSL_CTX_set_mode(backend->ctx, SSL_MODE_RELEASE_BUFFERS); #endif #ifdef SSL_CTRL_SET_MSG_CALLBACK if(data->set.fdebug && data->set.verbose) { SSL_CTX_set_msg_callback(backend->ctx, ossl_trace); SSL_CTX_set_msg_callback_arg(backend->ctx, conn); set_logger(conn, data); } #endif ctx_options = SSL_OP_ALL; #ifdef SSL_OP_NO_TICKET ctx_options |= SSL_OP_NO_TICKET; #endif #ifdef SSL_OP_NO_COMPRESSION ctx_options |= SSL_OP_NO_COMPRESSION; #endif #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; #endif #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS if(!SSL_SET_OPTION(enable_beast)) ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; #endif switch(ssl_version) { case CURL_SSLVERSION_SSLv2: case CURL_SSLVERSION_SSLv3: return CURLE_NOT_BUILT_IN; case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: case CURL_SSLVERSION_TLSv1_3: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) result = set_ssl_version_min_max(backend->ctx, conn); #else result = set_ssl_version_min_max_legacy(&ctx_options, data, conn, sockindex); #endif if(result != CURLE_OK) return result; break; default: failf(data, ""Unrecognized parameter passed via CURLOPT_SSLVERSION""); return CURLE_SSL_CONNECT_ERROR; } SSL_CTX_set_options(backend->ctx, ctx_options); #ifdef HAS_NPN if(conn->bits.tls_enable_npn) SSL_CTX_set_next_proto_select_cb(backend->ctx, select_next_proto_cb, data); #endif #ifdef HAS_ALPN if(conn->bits.tls_enable_alpn) { int cur = 0; unsigned char protocols[128]; #ifdef USE_HTTP2 if(data->state.httpwant >= CURL_HTTP_VERSION_2 #ifndef CURL_DISABLE_PROXY && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy) #endif ) { protocols[cur++] = ALPN_H2_LENGTH; memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH); cur += ALPN_H2_LENGTH; infof(data, ""ALPN, offering %s\n"", ALPN_H2); } #endif protocols[cur++] = ALPN_HTTP_1_1_LENGTH; memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); cur += ALPN_HTTP_1_1_LENGTH; infof(data, ""ALPN, offering %s\n"", ALPN_HTTP_1_1); if(SSL_CTX_set_alpn_protos(backend->ctx, protocols, cur)) { failf(data, ""Error setting ALPN""); return CURLE_SSL_CONNECT_ERROR; } } #endif if(ssl_cert || ssl_cert_blob || ssl_cert_type) { if(!result && !cert_stuff(data, backend->ctx, ssl_cert, ssl_cert_blob, ssl_cert_type, SSL_SET_OPTION(key), SSL_SET_OPTION(key_blob), SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd))) result = CURLE_SSL_CERTPROBLEM; if(result) return result; } ciphers = SSL_CONN_CONFIG(cipher_list); if(!ciphers) ciphers = (char *)DEFAULT_CIPHER_SELECTION; if(ciphers) { if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) { failf(data, ""failed setting cipher list: %s"", ciphers); return CURLE_SSL_CIPHER; } infof(data, ""Cipher selection: %s\n"", ciphers); } #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES { char *ciphers13 = SSL_CONN_CONFIG(cipher_list13); if(ciphers13) { if(!SSL_CTX_set_ciphersuites(backend->ctx, ciphers13)) { failf(data, ""failed setting TLS 1.3 cipher suite: %s"", ciphers13); return CURLE_SSL_CIPHER; } infof(data, ""TLS 1.3 cipher selection: %s\n"", ciphers13); } } #endif #ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH SSL_CTX_set_post_handshake_auth(backend->ctx, 1); #endif #ifdef HAVE_SSL_CTX_SET_EC_CURVES { char *curves = SSL_CONN_CONFIG(curves); if(curves) { if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) { failf(data, ""failed setting curves list: '%s'"", curves); return CURLE_SSL_CIPHER; } } } #endif #ifdef USE_OPENSSL_SRP if(ssl_authtype == CURL_TLSAUTH_SRP) { char * const ssl_username = SSL_SET_OPTION(username); infof(data, ""Using TLS-SRP username: %s\n"", ssl_username); if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) { failf(data, ""Unable to set SRP user name""); return CURLE_BAD_FUNCTION_ARGUMENT; } if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) { failf(data, ""failed setting SRP password""); return CURLE_BAD_FUNCTION_ARGUMENT; } if(!SSL_CONN_CONFIG(cipher_list)) { infof(data, ""Setting cipher list SRP\n""); if(!SSL_CTX_set_cipher_list(backend->ctx, ""SRP"")) { failf(data, ""failed setting SRP cipher list""); return CURLE_SSL_CIPHER; } } } #endif #if defined(USE_WIN32_CRYPTO) if((SSL_CONN_CONFIG(verifypeer) || SSL_CONN_CONFIG(verifyhost)) && (SSL_SET_OPTION(native_ca_store))) { X509_STORE *store = SSL_CTX_get_cert_store(backend->ctx); HCERTSTORE hStore = CertOpenSystemStore(0, TEXT(""ROOT"")); if(hStore) { PCCERT_CONTEXT pContext = NULL; CERT_ENHKEY_USAGE *enhkey_usage = NULL; DWORD enhkey_usage_size = 0; result = CURLE_OK; for(;;) { X509 *x509; FILETIME now; BYTE key_usage[2]; DWORD req_size; const unsigned char *encoded_cert; #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) char cert_name[256]; #endif pContext = CertEnumCertificatesInStore(hStore, pContext); if(!pContext) break; #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, cert_name, sizeof(cert_name))) { strcpy(cert_name, ""Unknown""); } infof(data, ""SSL: Checking cert \""%s\""\n"", cert_name); #endif encoded_cert = (const unsigned char *)pContext->pbCertEncoded; if(!encoded_cert) continue; GetSystemTimeAsFileTime(&now); if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > 0 || CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > 0) continue; if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType, pContext->pCertInfo, key_usage, sizeof(key_usage))) { if(!(key_usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE)) continue; } else if(GetLastError()) continue; if(CertGetEnhancedKeyUsage(pContext, 0, NULL, &req_size)) { if(req_size && req_size > enhkey_usage_size) { void *tmp = realloc(enhkey_usage, req_size); if(!tmp) { failf(data, ""SSL: Out of memory allocating for OID list""); result = CURLE_OUT_OF_MEMORY; break; } enhkey_usage = (CERT_ENHKEY_USAGE *)tmp; enhkey_usage_size = req_size; } if(CertGetEnhancedKeyUsage(pContext, 0, enhkey_usage, &req_size)) { if(!enhkey_usage->cUsageIdentifier) { if((HRESULT)GetLastError() != CRYPT_E_NOT_FOUND) continue; } else { DWORD i; bool found = false; for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) { if(!strcmp(""1.3.6.1.5.5.7.3.1"" , enhkey_usage->rgpszUsageIdentifier[i])) { found = true; break; } } if(!found) continue; } } else continue; } else continue; x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded); if(!x509) continue; if(X509_STORE_add_cert(store, x509) == 1) { #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) infof(data, ""SSL: Imported cert \""%s\""\n"", cert_name); #endif imported_native_ca = true; } X509_free(x509); } free(enhkey_usage); CertFreeCertificateContext(pContext); CertCloseStore(hStore, 0); if(result) return result; } if(imported_native_ca) infof(data, ""successfully imported windows ca store\n""); else infof(data, ""error importing windows ca store, continuing anyway\n""); } #endif if(ca_info_blob) { result = load_cacert_from_memory(backend->ctx, ca_info_blob); if(result) { if(result == CURLE_OUT_OF_MEMORY || (verifypeer && !imported_native_ca)) { failf(data, ""error importing CA certificate blob""); return result; } infof(data, ""error importing CA certificate blob, continuing anyway\n""); } } #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) { if(ssl_cafile) { if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) { if(verifypeer && !imported_native_ca) { failf(data, ""error setting certificate file: %s"", ssl_cafile); return CURLE_SSL_CACERT_BADFILE; } infof(data, ""error setting certificate file, continuing anyway\n""); } infof(data, "" CAfile: %s\n"", ssl_cafile); } if(ssl_capath) { if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) { if(verifypeer && !imported_native_ca) { failf(data, ""error setting certificate path: %s"", ssl_capath); return CURLE_SSL_CACERT_BADFILE; } infof(data, ""error setting certificate path, continuing anyway\n""); } infof(data, "" CApath: %s\n"", ssl_capath); } } #else if(ssl_cafile || ssl_capath) { if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) { if(verifypeer && !imported_native_ca) { failf(data, ""error setting certificate verify locations:"" "" CAfile: %s CApath: %s"", ssl_cafile ? ssl_cafile : ""none"", ssl_capath ? ssl_capath : ""none""); return CURLE_SSL_CACERT_BADFILE; } infof(data, ""error setting certificate verify locations,"" "" continuing anyway:\n""); } else { infof(data, ""successfully set certificate verify locations:\n""); } infof(data, "" CAfile: %s\n"", ssl_cafile ? ssl_cafile : ""none""); infof(data, "" CApath: %s\n"", ssl_capath ? ssl_capath : ""none""); } #endif #ifdef CURL_CA_FALLBACK if(verifypeer && !ca_info_blob && !ssl_cafile && !ssl_capath && !imported_native_ca) { SSL_CTX_set_default_verify_paths(backend->ctx); } #endif if(ssl_crlfile) { lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(backend->ctx), X509_LOOKUP_file()); if(!lookup || (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) { failf(data, ""error loading CRL file: %s"", ssl_crlfile); return CURLE_SSL_CRL_BADFILE; } infof(data, ""successfully load CRL file:\n""); X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx), X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); infof(data, "" CRLfile: %s\n"", ssl_crlfile); } if(verifypeer) { #if defined(X509_V_FLAG_TRUSTED_FIRST) X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx), X509_V_FLAG_TRUSTED_FIRST); #endif #ifdef X509_V_FLAG_PARTIAL_CHAIN if(!SSL_SET_OPTION(no_partialchain) && !ssl_crlfile) { X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx), X509_V_FLAG_PARTIAL_CHAIN); } #endif } SSL_CTX_set_verify(backend->ctx, verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); #ifdef HAVE_KEYLOG_CALLBACK if(Curl_tls_keylog_enabled()) { SSL_CTX_set_keylog_callback(backend->ctx, ossl_keylog_callback); } #endif SSL_CTX_set_session_cache_mode(backend->ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); SSL_CTX_sess_set_new_cb(backend->ctx, ossl_new_session_cb); if(data->set.ssl.fsslctx) { Curl_set_in_callback(data, true); result = (*data->set.ssl.fsslctx)(data, backend->ctx, data->set.ssl.fsslctxp); Curl_set_in_callback(data, false); if(result) { failf(data, ""error signaled by ssl ctx callback""); return result; } } if(backend->handle) SSL_free(backend->handle); backend->handle = SSL_new(backend->ctx); if(!backend->handle) { failf(data, ""SSL: couldn't create a context (handle)!""); return CURLE_OUT_OF_MEMORY; } #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ !defined(OPENSSL_NO_OCSP) if(SSL_CONN_CONFIG(verifystatus)) SSL_set_tlsext_status_type(backend->handle, TLSEXT_STATUSTYPE_ocsp); #endif #if defined(OPENSSL_IS_BORINGSSL) && defined(ALLOW_RENEG) SSL_set_renegotiate_mode(backend->handle, ssl_renegotiate_freely); #endif SSL_set_connect_state(backend->handle); backend->server_cert = 0x0; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) && #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && #endif sni) { size_t nlen = strlen(hostname); if((long)nlen >= data->set.buffer_size) return CURLE_SSL_CONNECT_ERROR; Curl_strntolower(data->state.buffer, hostname, nlen); data->state.buffer[nlen] = 0; if(!SSL_set_tlsext_host_name(backend->handle, data->state.buffer)) infof(data, ""WARNING: failed to configure server name indication (SNI) "" ""TLS extension\n""); } #endif if(SSL_SET_OPTION(primary.sessionid)) { void *ssl_sessionid = NULL; int data_idx = ossl_get_ssl_data_index(); int connectdata_idx = ossl_get_ssl_conn_index(); int sockindex_idx = ossl_get_ssl_sockindex_index(); int proxy_idx = ossl_get_proxy_index(); if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0 && proxy_idx >= 0) { SSL_set_ex_data(backend->handle, data_idx, data); SSL_set_ex_data(backend->handle, connectdata_idx, conn); SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex); #ifndef CURL_DISABLE_PROXY SSL_set_ex_data(backend->handle, proxy_idx, SSL_IS_PROXY() ? (void *) 1: NULL); #else SSL_set_ex_data(backend->handle, proxy_idx, NULL); #endif } Curl_ssl_sessionid_lock(data); if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE, &ssl_sessionid, NULL, sockindex)) { if(!SSL_set_session(backend->handle, ssl_sessionid)) { Curl_ssl_sessionid_unlock(data); failf(data, ""SSL: SSL_set_session failed: %s"", ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer))); return CURLE_SSL_CONNECT_ERROR; } infof(data, ""SSL re-using session ID\n""); } Curl_ssl_sessionid_unlock(data); } #ifndef CURL_DISABLE_PROXY if(conn->proxy_ssl[sockindex].use) { BIO *const bio = BIO_new(BIO_f_ssl()); SSL *handle = conn->proxy_ssl[sockindex].backend->handle; DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); DEBUGASSERT(handle != NULL); DEBUGASSERT(bio != NULL); BIO_set_ssl(bio, handle, FALSE); SSL_set_bio(backend->handle, bio, bio); } else #endif if(!SSL_set_fd(backend->handle, (int)sockfd)) { failf(data, ""SSL: SSL_set_fd failed: %s"", ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer))); return CURLE_SSL_CONNECT_ERROR; } connssl->connecting_state = ssl_connect_2; return CURLE_OK; }",visit repo url,lib/vtls/openssl.c,https://github.com/curl/curl,118192725718142,1 3767,CWE-476," */ int re_yyget_column (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (! YY_CURRENT_BUFFER) return 0; return yycolumn;",visit repo url,libyara/re_lexer.c,https://github.com/VirusTotal/yara,52213074492328,1 5913,CWE-190,"static Jsi_RC jsi_ArrayFilterCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this,Jsi_Value **ret, Jsi_Func *funcPtr) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array object""); Jsi_RC rc = JSI_OK; int curlen, nsiz, i, fval, n = 0, maa = 0; Jsi_Obj *obj, *nobj; Jsi_Value *func, *vpargs, *nthis = NULL, *sthis, *nrPtr = NULL; Jsi_Func *fptr = NULL; func = Jsi_ValueArrayIndex(interp, args, 0); if (!Jsi_ValueIsFunction(interp, func)) return Jsi_LogError(""expected function""); sthis = Jsi_ValueArrayIndex(interp, args, 1); if (!sthis) sthis = nthis = Jsi_ValueNew1(interp); obj = _this->d.obj; curlen = Jsi_ObjGetLength(interp, obj); if (curlen < 0) { Jsi_ObjSetLength(interp, obj, 0); } Jsi_ObjListifyArray(interp, obj); nobj = Jsi_ObjNewType(interp, JSI_OT_ARRAY); nsiz = obj->arrCnt; if (nsiz<=0) nsiz = 1; if (Jsi_ObjArraySizer(interp, nobj, nsiz) <= 0) { Jsi_LogError(""index too large: %d"", nsiz); rc = JSI_ERROR; goto bail; } Jsi_ValueMakeArrayObject(interp, ret, nobj); nrPtr = Jsi_ValueNew1(interp); Jsi_Value *vobjs[4]; fptr = func->d.obj->d.fobj->func; maa = (fptr->argnames?fptr->argnames->argCnt:0); if (maa>3) maa = 3; for (i = 0; i < curlen; i++) { if (!obj->arr[i]) continue; vobjs[0] = obj->arr[i]; vobjs[1] = (maa>1?Jsi_ValueNewNumber(interp, i):NULL); vobjs[2] = _this; vpargs = Jsi_ValueMakeObject(interp, NULL, Jsi_ObjNewArray(interp, vobjs, maa, 0)); Jsi_IncrRefCount(interp, vpargs); rc = Jsi_FunctionInvoke(interp, func, vpargs, &nrPtr, sthis); Jsi_DecrRefCount(interp, vpargs); fval = Jsi_ValueIsTrue(interp, nrPtr); Jsi_ValueMakeUndef(interp, &nrPtr); if( JSI_OK!=rc ) { goto bail; } if (fval) { nobj->arr[n++] = obj->arr[i]; Jsi_IncrRefCount(interp, obj->arr[i]); } } if (nthis) Jsi_DecrRefCount(interp, nthis); Jsi_DecrRefCount(interp, nrPtr); Jsi_ObjSetLength(interp, nobj, n); return JSI_OK; bail: if (nthis) Jsi_DecrRefCount(interp, nthis); if (nrPtr) Jsi_DecrRefCount(interp, nrPtr); Jsi_ValueMakeNull(interp, ret); return rc; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,44856444995415,1 785,['CWE-119'],"isdn_net_unreachable(struct net_device *dev, struct sk_buff *skb, char *reason) { if(skb) { u_short proto = ntohs(skb->protocol); printk(KERN_DEBUG ""isdn_net: %s: %s, signalling dst_link_failure %s\n"", dev->name, (reason != NULL) ? reason : ""unknown"", (proto != ETH_P_IP) ? ""Protocol != ETH_P_IP"" : """"); dst_link_failure(skb); } else { printk(KERN_DEBUG ""isdn_net: %s: %s\n"", dev->name, (reason != NULL) ? reason : ""reason unknown""); } }",linux-2.6,,,9991726202371645541065668733466410354,0 5034,CWE-191,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 1838,CWE-125,"static noinline int smb2_write_pipe(struct ksmbd_work *work) { struct smb2_write_req *req = smb2_get_msg(work->request_buf); struct smb2_write_rsp *rsp = smb2_get_msg(work->response_buf); struct ksmbd_rpc_command *rpc_resp; u64 id = 0; int err = 0, ret = 0; char *data_buf; size_t length; length = le32_to_cpu(req->Length); id = req->VolatileFileId; if (le16_to_cpu(req->DataOffset) == offsetof(struct smb2_write_req, Buffer)) { data_buf = (char *)&req->Buffer[0]; } else { if ((u64)le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(work->request_buf)) { pr_err(""invalid write data offset %u, smb_len %u\n"", le16_to_cpu(req->DataOffset), get_rfc1002_len(work->request_buf)); err = -EINVAL; goto out; } data_buf = (char *)(((char *)&req->hdr.ProtocolId) + le16_to_cpu(req->DataOffset)); } rpc_resp = ksmbd_rpc_write(work->sess, id, data_buf, length); if (rpc_resp) { if (rpc_resp->flags == KSMBD_RPC_ENOTIMPLEMENTED) { rsp->hdr.Status = STATUS_NOT_SUPPORTED; kvfree(rpc_resp); smb2_set_err_rsp(work); return -EOPNOTSUPP; } if (rpc_resp->flags != KSMBD_RPC_OK) { rsp->hdr.Status = STATUS_INVALID_HANDLE; smb2_set_err_rsp(work); kvfree(rpc_resp); return ret; } kvfree(rpc_resp); } rsp->StructureSize = cpu_to_le16(17); rsp->DataOffset = 0; rsp->Reserved = 0; rsp->DataLength = cpu_to_le32(length); rsp->DataRemaining = 0; rsp->Reserved2 = 0; inc_rfc1001_len(work->response_buf, 16); return 0; out: if (err) { rsp->hdr.Status = STATUS_INVALID_HANDLE; smb2_set_err_rsp(work); } return err; }",visit repo url,fs/ksmbd/smb2pdu.c,https://github.com/torvalds/linux,122917959981575,1 2621,[],"SCTP_STATIC void sctp_close(struct sock *sk, long timeout) { struct sctp_endpoint *ep; struct sctp_association *asoc; struct list_head *pos, *temp; SCTP_DEBUG_PRINTK(""sctp_close(sk: 0x%p, timeout:%ld)\n"", sk, timeout); sctp_lock_sock(sk); sk->sk_shutdown = SHUTDOWN_MASK; ep = sctp_sk(sk)->ep; list_for_each_safe(pos, temp, &ep->asocs) { asoc = list_entry(pos, struct sctp_association, asocs); if (sctp_style(sk, TCP)) { if (sctp_state(asoc, CLOSED)) { sctp_unhash_established(asoc); sctp_association_free(asoc); continue; } } if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) { struct sctp_chunk *chunk; chunk = sctp_make_abort_user(asoc, NULL, 0); if (chunk) sctp_primitive_ABORT(asoc, chunk); } else sctp_primitive_SHUTDOWN(asoc, NULL); } sctp_queue_purge_ulpevents(&sk->sk_receive_queue); sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby); if (sctp_style(sk, TCP) && timeout) sctp_wait_for_close(sk, timeout); sctp_release_sock(sk); sctp_local_bh_disable(); sctp_bh_lock_sock(sk); sock_hold(sk); sk_common_release(sk); sctp_bh_unlock_sock(sk); sctp_local_bh_enable(); sock_put(sk); SCTP_DBG_OBJCNT_DEC(sock); }",linux-2.6,,,247631723984686430647394623494607046001,0 5407,['CWE-476'],"static void kvm_write_guest_time(struct kvm_vcpu *v) { struct timespec ts; unsigned long flags; struct kvm_vcpu_arch *vcpu = &v->arch; void *shared_kaddr; unsigned long this_tsc_khz; if ((!vcpu->time_page)) return; this_tsc_khz = get_cpu_var(cpu_tsc_khz); if (unlikely(vcpu->hv_clock_tsc_khz != this_tsc_khz)) { kvm_set_time_scale(this_tsc_khz, &vcpu->hv_clock); vcpu->hv_clock_tsc_khz = this_tsc_khz; } put_cpu_var(cpu_tsc_khz); local_irq_save(flags); kvm_get_msr(v, MSR_IA32_TIME_STAMP_COUNTER, &vcpu->hv_clock.tsc_timestamp); ktime_get_ts(&ts); local_irq_restore(flags); vcpu->hv_clock.system_time = ts.tv_nsec + (NSEC_PER_SEC * (u64)ts.tv_sec); vcpu->hv_clock.version += 2; shared_kaddr = kmap_atomic(vcpu->time_page, KM_USER0); memcpy(shared_kaddr + vcpu->time_offset, &vcpu->hv_clock, sizeof(vcpu->hv_clock)); kunmap_atomic(shared_kaddr, KM_USER0); mark_page_dirty(v->kvm, vcpu->time >> PAGE_SHIFT); }",linux-2.6,,,93353296276746351482548073474266720501,0 872,CWE-20,"static void unix_copy_addr(struct msghdr *msg, struct sock *sk) { struct unix_sock *u = unix_sk(sk); msg->msg_namelen = 0; if (u->addr) { msg->msg_namelen = u->addr->len; memcpy(msg->msg_name, u->addr->name, u->addr->len); } }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,153126031543195,1 2399,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *frame) { AVFilterContext *ctx = inlink->dst; const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(inlink->format); uint32_t plane_checksum[4] = {0}, checksum = 0; int i, plane, vsub = desc->log2_chroma_h; for (plane = 0; plane < 4 && frame->data[plane]; plane++) { int64_t linesize = av_image_get_linesize(frame->format, frame->width, plane); uint8_t *data = frame->data[plane]; int h = plane == 1 || plane == 2 ? FF_CEIL_RSHIFT(inlink->h, vsub) : inlink->h; if (linesize < 0) return linesize; for (i = 0; i < h; i++) { plane_checksum[plane] = av_adler32_update(plane_checksum[plane], data, linesize); checksum = av_adler32_update(checksum, data, linesize); data += frame->linesize[plane]; } } av_log(ctx, AV_LOG_INFO, ""n:%""PRId64"" pts:%s pts_time:%s pos:%""PRId64"" "" ""fmt:%s sar:%d/%d s:%dx%d i:%c iskey:%d type:%c "" ""checksum:%08X plane_checksum:[%08X"", inlink->frame_count, av_ts2str(frame->pts), av_ts2timestr(frame->pts, &inlink->time_base), av_frame_get_pkt_pos(frame), desc->name, frame->sample_aspect_ratio.num, frame->sample_aspect_ratio.den, frame->width, frame->height, !frame->interlaced_frame ? 'P' : frame->top_field_first ? 'T' : 'B', frame->key_frame, av_get_picture_type_char(frame->pict_type), checksum, plane_checksum[0]); for (plane = 1; plane < 4 && frame->data[plane]; plane++) av_log(ctx, AV_LOG_INFO, "" %08X"", plane_checksum[plane]); av_log(ctx, AV_LOG_INFO, ""]\n""); return ff_filter_frame(inlink->dst->outputs[0], frame); }",visit repo url,libavfilter/vf_showinfo.c,https://github.com/FFmpeg/FFmpeg,96641275620031,1 2744,['CWE-189'],"int sctp_auth_send_cid(sctp_cid_t chunk, const struct sctp_association *asoc) { if (!sctp_auth_enable || !asoc || !asoc->peer.auth_capable) return 0; return __sctp_auth_cid(chunk, asoc->peer.peer_chunks); }",linux-2.6,,,219044318020784970472037987487769758671,0 1759,CWE-119,"check_entry_size_and_hooks(struct ip6t_entry *e, struct xt_table_info *newinfo, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks) { unsigned int h; int err; if ((unsigned long)e % __alignof__(struct ip6t_entry) != 0 || (unsigned char *)e + sizeof(struct ip6t_entry) >= limit) { duprintf(""Bad offset %p\n"", e); return -EINVAL; } if (e->next_offset < sizeof(struct ip6t_entry) + sizeof(struct xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } err = check_entry(e); if (err) return err; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if (!(valid_hooks & (1 << h))) continue; if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) { if (!check_underflow(e)) { pr_err(""Underflows must be unconditional and "" ""use the STANDARD target with "" ""ACCEPT/DROP\n""); return -EINVAL; } newinfo->underflow[h] = underflows[h]; } } e->counters = ((struct xt_counters) { 0, 0 }); e->comefrom = 0; return 0; }",visit repo url,net/ipv6/netfilter/ip6_tables.c,https://github.com/torvalds/linux,67705029058305,1 5445,CWE-787,"void handle_usb_rx(const void *msg, size_t len) { if (msg_tiny_flag) { uint8_t buf[64]; memcpy(buf, msg, sizeof(buf)); uint16_t msgId = buf[4] | ((uint16_t)buf[3]) << 8; uint32_t msgSize = buf[8] | ((uint32_t)buf[7]) << 8 | ((uint32_t)buf[6]) << 16 | ((uint32_t)buf[5]) << 24; if (msgSize > 64 - 9) { (*msg_failure)(FailureType_Failure_UnexpectedMessage, ""Malformed tiny packet""); return; } const MessagesMap_t *entry = message_map_entry(NORMAL_MSG, msgId, IN_MSG); if (!entry) { (*msg_failure)(FailureType_Failure_UnexpectedMessage, ""Unknown message""); return; } tiny_dispatch(entry, buf + 9, msgSize); } else { usb_rx_helper(msg, len, NORMAL_MSG); } }",visit repo url,lib/board/messages.c,https://github.com/keepkey/keepkey-firmware,91166631412702,1 6385,['CWE-200'],"static int tcf_fill_node(struct sk_buff *skb, struct tcf_proto *tp, unsigned long fh, u32 pid, u32 seq, u16 flags, int event) { struct tcmsg *tcm; struct nlmsghdr *nlh; unsigned char *b = skb_tail_pointer(skb); nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags); tcm = NLMSG_DATA(nlh); tcm->tcm_family = AF_UNSPEC; tcm->tcm__pad1 = 0; tcm->tcm__pad2 = 0; tcm->tcm_ifindex = qdisc_dev(tp->q)->ifindex; tcm->tcm_parent = tp->classid; tcm->tcm_info = TC_H_MAKE(tp->prio, tp->protocol); NLA_PUT_STRING(skb, TCA_KIND, tp->ops->kind); tcm->tcm_handle = fh; if (RTM_DELTFILTER != event) { tcm->tcm_handle = 0; if (tp->ops->dump && tp->ops->dump(tp, fh, skb, tcm) < 0) goto nla_put_failure; } nlh->nlmsg_len = skb_tail_pointer(skb) - b; return skb->len; nlmsg_failure: nla_put_failure: nlmsg_trim(skb, b); return -1; }",linux-2.6,,,263282478198733138627262404535092003432,0 904,CWE-20,"static int x25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct x25_sock *x25 = x25_sk(sk); struct sockaddr_x25 *sx25 = (struct sockaddr_x25 *)msg->msg_name; size_t copied; int qbit, header_len; struct sk_buff *skb; unsigned char *asmptr; int rc = -ENOTCONN; lock_sock(sk); if (x25->neighbour == NULL) goto out; header_len = x25->neighbour->extended ? X25_EXT_MIN_LEN : X25_STD_MIN_LEN; if (sk->sk_state != TCP_ESTABLISHED) goto out; if (flags & MSG_OOB) { rc = -EINVAL; if (sock_flag(sk, SOCK_URGINLINE) || !skb_peek(&x25->interrupt_in_queue)) goto out; skb = skb_dequeue(&x25->interrupt_in_queue); if (!pskb_may_pull(skb, X25_STD_MIN_LEN)) goto out_free_dgram; skb_pull(skb, X25_STD_MIN_LEN); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = 0x00; } msg->msg_flags |= MSG_OOB; } else { release_sock(sk); skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); lock_sock(sk); if (!skb) goto out; if (!pskb_may_pull(skb, header_len)) goto out_free_dgram; qbit = (skb->data[0] & X25_Q_BIT) == X25_Q_BIT; skb_pull(skb, header_len); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = qbit; } } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } msg->msg_flags |= MSG_EOR; rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (rc) goto out_free_dgram; if (sx25) { sx25->sx25_family = AF_X25; sx25->sx25_addr = x25->dest_addr; } msg->msg_namelen = sizeof(struct sockaddr_x25); x25_check_rbuf(sk); rc = copied; out_free_dgram: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/x25/af_x25.c,https://github.com/torvalds/linux,15718660389662,1 755,CWE-20,"static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct ipx_sock *ipxs = ipx_sk(sk); struct sockaddr_ipx *sipx = (struct sockaddr_ipx *)msg->msg_name; struct ipxhdr *ipx = NULL; struct sk_buff *skb; int copied, rc; lock_sock(sk); if (!ipxs->port) { struct sockaddr_ipx uaddr; uaddr.sipx_port = 0; uaddr.sipx_network = 0; #ifdef CONFIG_IPX_INTERN rc = -ENETDOWN; if (!ipxs->intrfc) goto out; memcpy(uaddr.sipx_node, ipxs->intrfc->if_node, IPX_NODE_LEN); #endif rc = __ipx_bind(sock, (struct sockaddr *)&uaddr, sizeof(struct sockaddr_ipx)); if (rc) goto out; } rc = -ENOTCONN; if (sock_flag(sk, SOCK_ZAPPED)) goto out; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); if (!skb) goto out; ipx = ipx_hdr(skb); copied = ntohs(ipx->ipx_pktsize) - sizeof(struct ipxhdr); if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } rc = skb_copy_datagram_iovec(skb, sizeof(struct ipxhdr), msg->msg_iov, copied); if (rc) goto out_free; if (skb->tstamp.tv64) sk->sk_stamp = skb->tstamp; msg->msg_namelen = sizeof(*sipx); if (sipx) { sipx->sipx_family = AF_IPX; sipx->sipx_port = ipx->ipx_source.sock; memcpy(sipx->sipx_node, ipx->ipx_source.node, IPX_NODE_LEN); sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net; sipx->sipx_type = ipx->ipx_type; sipx->sipx_zero = 0; } rc = copied; out_free: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/ipx/af_ipx.c,https://github.com/torvalds/linux,233280970032934,1 736,['CWE-119'],"isdn_net_hangup(struct net_device *d) { isdn_net_local *lp = (isdn_net_local *) d->priv; isdn_ctrl cmd; #ifdef CONFIG_ISDN_X25 struct concap_proto *cprot = lp->netdev->cprot; struct concap_proto_ops *pops = cprot ? cprot->pops : NULL; #endif if (lp->flags & ISDN_NET_CONNECTED) { if (lp->slave != NULL) { isdn_net_local *slp = (isdn_net_local *)lp->slave->priv; if (slp->flags & ISDN_NET_CONNECTED) { printk(KERN_INFO ""isdn_net: hang up slave %s before %s\n"", lp->slave->name, d->name); isdn_net_hangup(lp->slave); } } printk(KERN_INFO ""isdn_net: local hangup %s\n"", d->name); #ifdef CONFIG_ISDN_PPP if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP) isdn_ppp_free(lp); #endif isdn_net_lp_disconnected(lp); #ifdef CONFIG_ISDN_X25 if( pops && pops -> disconn_ind ) pops -> disconn_ind(cprot); #endif cmd.driver = lp->isdn_device; cmd.command = ISDN_CMD_HANGUP; cmd.arg = lp->isdn_channel; isdn_command(&cmd); printk(KERN_INFO ""%s: Chargesum is %d\n"", d->name, lp->charge); isdn_all_eaz(lp->isdn_device, lp->isdn_channel); } isdn_net_unbind_channel(lp); }",linux-2.6,,,51237585177444406940296158125274343777,0 6105,CWE-190,"static void eb_mul_rnaf_imp(eb_t r, const eb_t p, const bn_t k) { int i, l, n; int8_t naf[RLC_FB_BITS + 1]; eb_t t[1 << (EB_WIDTH - 2)]; RLC_TRY { for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_null(t[i]); eb_new(t[i]); eb_set_infty(t[i]); } l = sizeof(naf); bn_rec_naf(naf, &l, k, EB_WIDTH); eb_copy(r, p); for (i = 0; i < l; i++) { n = naf[i]; if (n > 0) { eb_add(t[n / 2], t[n / 2], r); } if (n < 0) { eb_sub(t[-n / 2], t[-n / 2], r); } eb_dbl(r, r); } eb_copy(r, t[0]); #if EB_WIDTH >= 3 eb_dbl(t[0], t[1]); eb_add(t[1], t[0], t[1]); #endif #if EB_WIDTH >= 4 eb_dbl(t[0], t[2]); eb_dbl(t[0], t[0]); eb_add(t[2], t[0], t[2]); eb_dbl(t[0], t[3]); eb_dbl(t[0], t[0]); eb_dbl(t[0], t[0]); eb_sub(t[3], t[0], t[3]); #endif #if EB_WIDTH >= 5 eb_dbl(t[0], t[4]); eb_dbl(t[0], t[0]); eb_dbl(t[0], t[0]); eb_add(t[4], t[0], t[4]); eb_dbl(t[0], t[5]); eb_dbl(t[0], t[0]); eb_add(t[0], t[0], t[5]); eb_dbl(t[0], t[0]); eb_add(t[5], t[0], t[5]); eb_dbl(t[0], t[6]); eb_add(t[0], t[0], t[6]); eb_dbl(t[0], t[0]); eb_dbl(t[0], t[0]); eb_add(t[6], t[0], t[6]); eb_dbl(t[0], t[7]); eb_dbl(t[0], t[0]); eb_dbl(t[0], t[0]); eb_dbl(t[0], t[0]); eb_sub(t[7], t[0], t[7]); #endif #if EB_WIDTH == 6 for (i = 8; i < 15; i++) { eb_mul_dig(t[i], t[i], 2 * i + 1); } eb_dbl(t[0], t[15]); eb_dbl(t[0], t[0]); eb_dbl(t[0], t[0]); eb_dbl(t[0], t[0]); eb_dbl(t[0], t[0]); eb_sub(t[15], t[0], t[15]); #endif for (i = 1; i < (1 << (EB_WIDTH - 2)); i++) { if (r->coord == BASIC) { eb_add(r, t[i], r); } else { eb_add(r, r, t[i]); } } eb_norm(r, r); if (bn_sign(k) == RLC_NEG) { eb_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_free(t[i]); } } }",visit repo url,src/eb/relic_eb_mul.c,https://github.com/relic-toolkit/relic,195407163510849,1 1180,CWE-400,"static void perf_event_interrupt(struct pt_regs *regs) { int i; struct cpu_hw_events *cpuhw = &__get_cpu_var(cpu_hw_events); struct perf_event *event; unsigned long val; int found = 0; int nmi; nmi = perf_intr_is_nmi(regs); if (nmi) nmi_enter(); else irq_enter(); for (i = 0; i < ppmu->n_counter; ++i) { event = cpuhw->event[i]; val = read_pmc(i); if ((int)val < 0) { if (event) { found = 1; record_and_restart(event, val, regs, nmi); } else { write_pmc(i, 0); } } } mtmsr(mfmsr() | MSR_PMM); mtpmr(PMRN_PMGC0, PMGC0_PMIE | PMGC0_FCECE); isync(); if (nmi) nmi_exit(); else irq_exit(); }",visit repo url,arch/powerpc/kernel/perf_event_fsl_emb.c,https://github.com/torvalds/linux,83168232406898,1 3883,['CWE-119'],"static inline void clear_bss_descriptor(struct bss_descriptor *bss) { memset(bss, 0, offsetof(struct bss_descriptor, list)); }",linux-2.6,,,266694280160941467304243331969977863435,0 917,CWE-476,"static int rds_ib_laddr_check(__be32 addr) { int ret; struct rdma_cm_id *cm_id; struct sockaddr_in sin; cm_id = rdma_create_id(NULL, NULL, RDMA_PS_TCP, IB_QPT_RC); if (IS_ERR(cm_id)) return PTR_ERR(cm_id); memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_addr.s_addr = addr; ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin); if (ret || cm_id->device->node_type != RDMA_NODE_IB_CA) ret = -EADDRNOTAVAIL; rdsdebug(""addr %pI4 ret %d node type %d\n"", &addr, ret, cm_id->device ? cm_id->device->node_type : -1); rdma_destroy_id(cm_id); return ret; }",visit repo url,net/rds/ib.c,https://github.com/torvalds/linux,146100275968995,1 6354,CWE-787,"parse_table(tree_t *t, float left, float right, float bottom, float top, float *x, float *y, int *page, int needspace) { int col, row, header_row = -1, tcol, colspan, rowspan, alloc_rows, regular_cols; hdtable_t table; float col_width, col_min, col_pref, col_height, cellspacing, width, pref_width, span_width, regular_width, actual_width, table_width, min_width, temp_width, header_height = 0.0, table_y, temp_bottom, temp_top; int temp_page, table_page; uchar *var, *height_var, *header_height_var = NULL; tree_t *temprow, *tempcol, *tempnext, ***cells, *caption; float temp_height; uchar *bgcolor; float bgrgb[3]; const char *htmldoc_debug; DEBUG_puts(""\n\nTABLE""); DEBUG_printf((""parse_table(t=%p, left=%.1f, right=%.1f, x=%.1f, y=%.1f, page=%d\n"", (void *)t, left, right, *x, *y, *page)); if (t->child == NULL) return; memset(&table, 0, sizeof(table)); if ((htmldoc_debug = getenv(""HTMLDOC_DEBUG"")) != NULL && (strstr(htmldoc_debug, ""table"") || strstr(htmldoc_debug, ""all""))) table.debug = 1; else table.debug = 0; cells = NULL; if ((var = htmlGetVariable(t, (uchar *)""WIDTH"")) != NULL) { if (var[strlen((char *)var) - 1] == '%') table_width = (float)(atof((char *)var) * (right - left) / 100.0f); else table_width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); } else table_width = right - left; if ((var = htmlGetVariable(t, (uchar *)""HEIGHT"")) != NULL) { if (var[strlen((char *)var) - 1] == '%') table.height = (float)(atof((char *)var) * (top - bottom) / 100.0f); else table.height = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); } else table.height = -1.0f; DEBUG_printf((""table_width = %.1f\n"", table_width)); if ((var = htmlGetVariable(t, (uchar *)""CELLPADDING"")) != NULL) table.cellpadding = atoi((char *)var); else table.cellpadding = 1.0f; if ((var = htmlGetVariable(t, (uchar *)""CELLSPACING"")) != NULL) cellspacing = atoi((char *)var); else cellspacing = 0.0f; if ((var = htmlGetVariable(t, (uchar *)""BORDER"")) != NULL) { if ((table.border = (float)atof((char *)var)) == 0.0 && var[0] != '0') table.border = 1.0f; table.cellpadding += table.border; } else table.border = 0.0f; if (table.debug && table.border == 0.0f) table.border = 0.01f; table.border_rgb[0] = t->red / 255.0f; table.border_rgb[1] = t->green / 255.0f; table.border_rgb[2] = t->blue / 255.0f; if ((var = htmlGetVariable(t, (uchar *)""BORDERCOLOR"")) != NULL) get_color(var, table.border_rgb, 0); if (table.border == 0.0f && table.cellpadding > 0.0f) { table.cellpadding += 1.0f; } table.border_size = table.border - 1.0f; cellspacing *= PagePrintWidth / _htmlBrowserWidth; table.cellpadding *= PagePrintWidth / _htmlBrowserWidth; table.border *= PagePrintWidth / _htmlBrowserWidth; table.border_size *= PagePrintWidth / _htmlBrowserWidth; DEBUG_printf((""border = %.1f, cellpadding = %.1f\n"", table.border, table.cellpadding)); temp_bottom = bottom - table.cellpadding; temp_top = top + table.cellpadding; for (temprow = t->child, table.num_cols = 0, table.num_rows = 0, alloc_rows = 0, caption = NULL; temprow != NULL; temprow = tempnext) { tempnext = temprow->next; if (temprow->markup == MARKUP_CAPTION) { if ((var = htmlGetVariable(temprow, (uchar *)""ALIGN"")) == NULL || strcasecmp((char *)var, ""bottom"")) { parse_paragraph(temprow, left, right, bottom, top, x, y, page, needspace); needspace = 1; } else { caption = temprow; } } else if (temprow->markup == MARKUP_TR || ((temprow->markup == MARKUP_TBODY || temprow->markup == MARKUP_THEAD || temprow->markup == MARKUP_TFOOT) && temprow->child != NULL)) { if (temprow->markup == MARKUP_THEAD) header_row = table.num_rows; if (temprow->markup == MARKUP_TBODY || temprow->markup == MARKUP_THEAD || temprow->markup == MARKUP_TFOOT) temprow = temprow->child; if ((tempnext = temprow->next) == NULL) if (temprow->parent->markup == MARKUP_TBODY || temprow->parent->markup == MARKUP_THEAD || temprow->parent->markup == MARKUP_TFOOT) tempnext = temprow->parent->next; if (table.num_rows >= alloc_rows) { alloc_rows += ALLOC_ROWS; if (alloc_rows == ALLOC_ROWS) cells = (tree_t ***)malloc(sizeof(tree_t **) * (size_t)alloc_rows); else cells = (tree_t ***)realloc(cells, sizeof(tree_t **) * (size_t)alloc_rows); if (cells == (tree_t ***)0) { progress_error(HD_ERROR_OUT_OF_MEMORY, ""Unable to allocate memory for table!""); return; } } if ((cells[table.num_rows] = (tree_t **)calloc(sizeof(tree_t *), MAX_COLUMNS)) == NULL) { progress_error(HD_ERROR_OUT_OF_MEMORY, ""Unable to allocate memory for table!""); free(cells); return; } #ifdef DEBUG printf(""BEFORE row %d: num_cols = %d\n"", table.num_rows, table.num_cols); if (table.num_rows) for (col = 0; col < table.num_cols; col ++) printf("" col %d: row_spans[] = %d\n"", col, table.row_spans[col]); #endif if (table.num_rows) { for (col = 0, rowspan = 9999; col < table.num_cols; col ++) if (table.row_spans[col] < rowspan) rowspan = table.row_spans[col]; for (col = 0; col < table.num_cols; col ++) table.row_spans[col] -= rowspan; for (col = 0; table.row_spans[col] && col < table.num_cols; col ++) cells[table.num_rows][col] = cells[table.num_rows - 1][col]; } else col = 0; for (tempcol = temprow->child; tempcol != NULL && col < MAX_COLUMNS; tempcol = tempcol->next) { if (tempcol->markup == MARKUP_TH && table.num_rows == 0) header_row = table.num_rows; if (tempcol->markup == MARKUP_TD || tempcol->markup == MARKUP_TH) { if ((var = htmlGetVariable(tempcol, (uchar *)""COLSPAN"")) != NULL) colspan = atoi((char *)var); else colspan = 1; if ((var = htmlGetVariable(tempcol, (uchar *)""ROWSPAN"")) != NULL) { table.row_spans[col] = atoi((char *)var); if (table.row_spans[col] == 1) table.row_spans[col] = 0; for (tcol = 1; tcol < colspan; tcol ++) table.row_spans[col + tcol] = table.row_spans[col]; } col_width = get_cell_size(tempcol, 0.0f, table_width, &col_min, &col_pref, &col_height); if ((var = htmlGetVariable(tempcol, (uchar *)""WIDTH"")) != NULL) { if (var[strlen((char *)var) - 1] == '%') { col_width -= 2.0 * table.cellpadding - cellspacing; if (colspan <= 1) table.col_percent[col] = 1; } else { col_width -= 2.0 * table.cellpadding; } } else col_width = 0.0f; tempcol->height = col_height; DEBUG_printf((""%d,%d: colsp=%d, rowsp=%d, width=%.1f, minw=%.1f, prefw=%.1f, minh=%.1f\n"", col, table.num_rows, colspan, table.row_spans[col], col_width, col_min, col_pref, col_height)); if (colspan > 1) { if (colspan > table.col_spans[col]) table.col_spans[col] = colspan; if (col_width > table.col_swidths[col]) table.col_swidths[col] = col_width; if (col_min > table.col_smins[col]) table.col_smins[col] = col_min; temp_width = col_width / colspan; for (int i = 0; i < colspan; i ++) { if (temp_width > table.col_widths[col + i]) table.col_widths[col + i] = temp_width; } } else { if (col_width > 0.0f) table.col_fixed[col] = 1; if (col_width > table.col_widths[col]) table.col_widths[col] = col_width; if (col_pref > table.col_prefs[col]) table.col_prefs[col] = col_pref; if (col_min > table.col_mins[col]) table.col_mins[col] = col_min; } while (colspan > 0 && col < MAX_COLUMNS) { cells[table.num_rows][col] = tempcol; col ++; colspan --; } while (table.row_spans[col] && col < table.num_cols) { cells[table.num_rows][col] = cells[table.num_rows - 1][col]; col ++; } } } DEBUG_printf((""header_row=%d\n"", header_row)); if (col > table.num_cols) table.num_cols = col; #ifdef DEBUG printf(""AFTER row %d: num_cols = %d\n"", table.num_rows, table.num_cols); for (col = 0; col < table.num_cols; col ++) printf("" col %d: row_spans[] = %d\n"", col, table.row_spans[col]); #endif table.num_rows ++; for (col = 0; col < table.num_cols; col ++) if (table.row_spans[col]) table.row_spans[col] --; } } if (table.num_cols == 0) return; if ((var = htmlGetVariable(t, (uchar *)""WIDTH"")) != NULL) { if (var[strlen((char *)var) - 1] == '%') width = (float)(atof((char *)var) * (right - left) / 100.0f); else width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); } else { for (col = 0, width = 0.0; col < table.num_cols; col ++) width += table.col_prefs[col]; width += (2 * table.cellpadding + cellspacing) * table.num_cols - cellspacing; if (width > (right - left)) width = right - left; } DEBUG_printf((""\nTABLE: %dx%d\n\n"", table.num_cols, table.num_rows)); actual_width = (2 * table.cellpadding + cellspacing) * table.num_cols - cellspacing; regular_width = (width - actual_width) / table.num_cols; DEBUG_printf(("" width = %.1f, actual_width = %.1f, regular_width = %.1f\n\n"", width, actual_width, regular_width)); DEBUG_puts("" Col Width Min Pref Fixed? Percent?""); DEBUG_puts("" --- ------ ------ ------ ------ --------""); #ifdef DEBUG for (col = 0; col < table.num_cols; col ++) printf("" %-3d %-6.1f %-6.1f %-6.1f %-6s %s\n"", col, table.col_widths[col], table.col_mins[col], table.col_prefs[col], table.col_fixed[col] ? ""YES"" : ""NO"", table.col_percent[col] ? ""YES"" : ""NO""); puts(""""); #endif DEBUG_puts(""PASS 1: fixed width handling\n""); for (col = 0, regular_cols = 0; col < table.num_cols; col ++) if (table.col_widths[col] > 0.0f) { if (table.col_mins[col] > table.col_widths[col]) { DEBUG_printf(("" updating column %d to width=%.1f\n"", col, table.col_mins[col])); table.col_widths[col] = table.col_mins[col]; } actual_width += table.col_widths[col]; } else { regular_cols ++; actual_width += table.col_mins[col]; } DEBUG_printf(("" actual_width = %.1f, regular_cols = %d\n\n"", actual_width,regular_cols)); DEBUG_puts(""PASS 2: preferred width handling\n""); for (col = 0, pref_width = 0.0f; col < table.num_cols; col ++) if (table.col_widths[col] == 0.0f) pref_width += table.col_prefs[col] - table.col_mins[col]; DEBUG_printf(("" pref_width = %.1f\n"", pref_width)); if (pref_width > 0.0f) { if ((regular_width = (width - actual_width) / pref_width) < 0.0f) regular_width = 0.0f; else if (regular_width > 1.0f) regular_width = 1.0f; DEBUG_printf(("" regular_width = %.1f\n"", regular_width)); for (col = 0; col < table.num_cols; col ++) if (table.col_widths[col] == 0.0f) { pref_width = (table.col_prefs[col] - table.col_mins[col]) * regular_width; if ((actual_width + pref_width) > width) { if (col == (table.num_cols - 1) && (width - actual_width) >= table.col_mins[col]) table.col_widths[col] = width - actual_width; else table.col_widths[col] = table.col_mins[col]; } else table.col_widths[col] = pref_width + table.col_mins[col]; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col, table.col_widths[col])); actual_width += table.col_widths[col] - table.col_mins[col]; } } else { for (col = 0; col < table.num_cols; col ++) if (table.col_widths[col] == 0.0f) table.col_widths[col] = table.col_mins[col]; } DEBUG_printf(("" actual_width = %.1f\n\n"", actual_width)); DEBUG_puts(""PASS 3: colspan handling\n\n""); for (col = 0; col < table.num_cols; col ++) { DEBUG_printf(("" col %d, colspan %d\n"", col, table.col_spans[col])); if (table.col_spans[col] > 1) { for (colspan = 0, span_width = 0.0f; colspan < table.col_spans[col]; colspan ++) span_width += table.col_widths[col + colspan]; pref_width = 0.0f; if (span_width < table.col_swidths[col]) pref_width = table.col_swidths[col]; if (span_width < table.col_smins[col] && pref_width < table.col_smins[col]) pref_width = table.col_smins[col]; for (colspan = 0; colspan < table.col_spans[col]; colspan ++) if (table.col_fixed[col + colspan]) { span_width -= table.col_widths[col + colspan]; pref_width -= table.col_widths[col + colspan]; } DEBUG_printf(("" col_swidths=%.1f, col_smins=%.1f, span_width=%.1f, pref_width=%.1f\n"", table.col_swidths[col], table.col_smins[col], span_width, pref_width)); if (pref_width > 0.0f && pref_width > span_width) { if (span_width >= 1.0f) { regular_width = pref_width / span_width; for (colspan = 0; colspan < table.col_spans[col]; colspan ++) if (!table.col_fixed[col + colspan]) { actual_width -= table.col_widths[col + colspan]; table.col_widths[col + colspan] *= regular_width; actual_width += table.col_widths[col + colspan]; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col + colspan, table.col_widths[col + colspan])); } } else { regular_width = pref_width / table.col_spans[col]; for (colspan = 0; colspan < table.col_spans[col]; colspan ++) { actual_width += regular_width; table.col_widths[col + colspan] += regular_width; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col, table.col_widths[col])); } } } } } DEBUG_printf(("" actual_width = %.1f\n\n"", actual_width)); DEBUG_puts(""PASS 4: divide remaining space, if any...\n""); if (width > actual_width) { for (col = 0, colspan = 0; col < table.num_cols; col ++) if (!table.col_fixed[col] || table.col_percent[col]) colspan ++; if (colspan > 0) { regular_width = (width - actual_width) / table.num_cols; for (col = 0; col < table.num_cols; col ++) if (!table.col_fixed[col]) { table.col_widths[col] += regular_width; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col, table.col_widths[col])); } } } else width = actual_width; DEBUG_puts(""""); DEBUG_puts(""PASS 5: Squeeze table as needed...""); if (width > table_width) { for (col = 0, min_width = -cellspacing; col < table.num_cols; col ++) min_width += table.col_mins[col] + 2 * table.cellpadding + cellspacing; DEBUG_printf(("" table_width = %.1f, width = %.1f, min_width = %.1f\n"", table_width, width, min_width)); temp_width = table_width - min_width; if (temp_width < 0.0f) temp_width = 0.0f; width -= min_width; if (width < 1.0f) width = 1.0f; for (col = 0; col < table.num_cols; col ++) { table.col_widths[col] = table.col_mins[col] + temp_width * (table.col_widths[col] - table.col_mins[col]) / width; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col, table.col_widths[col])); } for (col = 0, width = -cellspacing; col < table.num_cols; col ++) width += table.col_widths[col] + 2 * table.cellpadding + cellspacing; DEBUG_printf(("" new width = %.1f, max width = %.1f\n"", width, right - left)); } if ((width - right + left) > 0.001f && OverflowErrors) progress_error(HD_ERROR_CONTENT_TOO_LARGE, ""Table on page %d too wide - truncation or overlapping may occur!"", *page + 1); DEBUG_puts(""""); DEBUG_printf((""Final table width = %.1f, alignment = %d\n"", width, t->halignment)); switch (t->halignment) { case ALIGN_LEFT : *x = left + table.cellpadding; break; case ALIGN_CENTER : *x = left + 0.5f * (right - left - width) + table.cellpadding; break; case ALIGN_RIGHT : *x = right - width + table.cellpadding; break; } for (col = 0; col < table.num_cols; col ++) { table.col_lefts[col] = *x; table.col_rights[col] = *x + table.col_widths[col]; *x = table.col_rights[col] + 2 * table.cellpadding + cellspacing; DEBUG_printf((""left[%d] = %.1f, right[%d] = %.1f\n"", col, table.col_lefts[col], col, table.col_rights[col])); } if (*y < top && needspace) *y -= _htmlSpacings[SIZE_P]; if (table.debug) { check_pages(*page); render_t *r; char table_text[255]; snprintf(table_text, sizeof(table_text), ""t=%p"", (void *)t); r = new_render(*page, RENDER_TEXT, left, *y, get_width((uchar *)table_text, TYPE_COURIER, STYLE_NORMAL, 3), _htmlSizes[3], table_text); r->data.text.typeface = TYPE_COURIER; r->data.text.style = STYLE_NORMAL; r->data.text.size = (float)_htmlSizes[3]; } table_page = *page; table_y = *y; for (row = 0; row < table.num_rows; row ++) { height_var = NULL; if (cells[row][0] != NULL) { if (cells[row][0]->parent->prev != NULL && cells[row][0]->parent->prev->markup == MARKUP_COMMENT) parse_comment(cells[row][0]->parent->prev, &left, &right, &temp_bottom, &temp_top, x, y, page, NULL, 0); if ((height_var = htmlGetVariable(cells[row][0]->parent, (uchar *)""HEIGHT"")) == NULL) for (col = 0; col < table.num_cols; col ++) if (htmlGetVariable(cells[row][col], (uchar *)""ROWSPAN"") == NULL) if ((height_var = htmlGetVariable(cells[row][col], (uchar *)""HEIGHT"")) != NULL) break; } if (height_var != NULL && row == header_row) header_height_var = height_var; if (cells[row][0] != NULL && height_var != NULL) { if (height_var[strlen((char *)height_var) - 1] == '%') temp_height = (float)(atof((char *)height_var) * 0.01f * (PagePrintLength - 2 * table.cellpadding)); else temp_height = (float)(atof((char *)height_var) * PagePrintWidth / _htmlBrowserWidth); if (table.height > 0.0f && temp_height > table.height) temp_height = table.height; temp_height -= 2 * table.cellpadding; } else { for (col = 0, temp_height = (float)_htmlSpacings[SIZE_P]; col < table.num_cols; col ++) if (cells[row][col] != NULL && cells[row][col]->height > temp_height && !htmlGetVariable(cells[row][col], (uchar *)""ROWSPAN"")) temp_height = cells[row][col]->height; if (table.height > 0.0) { if (temp_height > table.height) temp_height = table.height; temp_height -= 2 * table.cellpadding; } else if (temp_height > (PageLength / 8.0) && height_var == NULL) temp_height = PageLength / 8.0; } DEBUG_printf((""BEFORE row = %d, temp_height = %.1f, *y = %.1f, *page = %d\n"", row, temp_height, *y, *page)); if (*y < (bottom + 2 * table.cellpadding + temp_height) && temp_height <= (top - bottom - 2 * table.cellpadding)) { DEBUG_puts(""NEW PAGE""); *y = top - header_height; (*page) ++; if (Verbosity) progress_show(""Formatting page %d"", *page); if (row > 0 && header_row >= 0) { render_table_row(table, cells, header_row, header_height_var, left, right, bottom, top, x, y, page); } } float start_y = *y; temp_page = *page; render_table_row(table, cells, row, height_var, left, right, bottom, top, x, y, page); if (header_row >= 0 && row == header_row) { header_height = *y - start_y; top += header_height; } else if (temp_page != *page && header_row >= 0) { do { float temp_y = top - header_height; temp_page ++; render_table_row(table, cells, header_row, header_height_var, left, right, bottom, top, x, &temp_y, &temp_page); } while (temp_page < *page); } if (row < (table.num_rows - 1)) (*y) -= cellspacing; DEBUG_printf((""END row = %d, *y = %.1f, *page = %d\n"", row, *y, *page)); } top -= header_height; if ((bgcolor = htmlGetVariable(t, (uchar *)""BGCOLOR"")) != NULL) { memcpy(bgrgb, background_color, sizeof(bgrgb)); get_color(bgcolor, bgrgb, 0); table.border_left = table.col_lefts[0] - table.cellpadding; width = table.col_rights[table.num_cols - 1] - table.col_lefts[0] + 2 * table.cellpadding; if (table_page != *page) { new_render(table_page, RENDER_BOX, table.border_left, bottom, width, table_y - bottom, bgrgb, pages[table_page].start); for (temp_page = table_page + 1; temp_page < *page; temp_page ++) { new_render(temp_page, RENDER_BOX, table.border_left, bottom, width, top - bottom, bgrgb, pages[temp_page].start); } check_pages(*page); new_render(*page, RENDER_BOX, table.border_left, *y, width, top - *y, bgrgb, pages[*page].start); } else { new_render(table_page, RENDER_BOX, table.border_left, *y, width, table_y - *y, bgrgb, pages[table_page].start); } } *x = left; if (caption) { parse_paragraph(caption, left, right, bottom, top, x, y, page, needspace); needspace = 1; } if (table.num_rows > 0) { for (row = 0; row < table.num_rows; row ++) free(cells[row]); free(cells); } }",visit repo url,htmldoc/ps-pdf.cxx,https://github.com/michaelrsweet/htmldoc,135277500220711,1 1491,CWE-264,"static void perf_remove_from_owner(struct perf_event *event) { struct task_struct *owner; rcu_read_lock(); owner = ACCESS_ONCE(event->owner); smp_read_barrier_depends(); if (owner) { get_task_struct(owner); } rcu_read_unlock(); if (owner) { mutex_lock(&owner->perf_event_mutex); if (event->owner) list_del_init(&event->owner_entry); mutex_unlock(&owner->perf_event_mutex); put_task_struct(owner); } }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,4097899704487,1 5802,CWE-401,"static int8_t sn_coap_parser_options_parse(struct coap_s *handle, uint8_t **packet_data_pptr, sn_coap_hdr_s *dst_coap_msg_ptr, uint8_t *packet_data_start_ptr, uint16_t packet_len) { uint8_t previous_option_number = 0; int8_t ret_status = 0; uint16_t message_left = sn_coap_parser_move_packet_ptr(packet_data_pptr, packet_data_start_ptr, packet_len, 0); dst_coap_msg_ptr->token_len = *packet_data_start_ptr & COAP_HEADER_TOKEN_LENGTH_MASK; if (dst_coap_msg_ptr->token_len) { int8_t ptr_check_result; if ((dst_coap_msg_ptr->token_len > 8) || dst_coap_msg_ptr->token_ptr) { tr_error(""sn_coap_parser_options_parse - token not valid!""); return -1; } ptr_check_result = sn_coap_parser_check_packet_ptr(*packet_data_pptr, packet_data_start_ptr, packet_len, dst_coap_msg_ptr->token_len); if (0 != ptr_check_result) { tr_error(""sn_coap_parser_options_parse - **packet_data_pptr overflow !""); return -1; } dst_coap_msg_ptr->token_ptr = sn_coap_protocol_malloc_copy(handle, *packet_data_pptr, dst_coap_msg_ptr->token_len); if (dst_coap_msg_ptr->token_ptr == NULL) { tr_error(""sn_coap_parser_options_parse - failed to allocate token!""); return -1; } message_left = sn_coap_parser_move_packet_ptr(packet_data_pptr, packet_data_start_ptr, packet_len, dst_coap_msg_ptr->token_len); } while (message_left && (**packet_data_pptr != 0xff)) { uint16_t option_len = (**packet_data_pptr & 0x0F); uint16_t option_number = (**packet_data_pptr >> COAP_OPTIONS_OPTION_NUMBER_SHIFT); message_left = sn_coap_parser_move_packet_ptr(packet_data_pptr, packet_data_start_ptr, packet_len, 1); int8_t option_parse_result; option_parse_result = parse_ext_option(&option_number, packet_data_pptr, packet_data_start_ptr, packet_len, &message_left); if (option_parse_result != 0) { return -1; } option_number += previous_option_number; option_parse_result = parse_ext_option(&option_len, packet_data_pptr, packet_data_start_ptr, packet_len, &message_left); if (option_parse_result != 0) { return -1; } previous_option_number = option_number; switch (option_number) { case COAP_OPTION_MAX_AGE: case COAP_OPTION_PROXY_URI: case COAP_OPTION_ETAG: case COAP_OPTION_URI_HOST: case COAP_OPTION_LOCATION_PATH: case COAP_OPTION_URI_PORT: case COAP_OPTION_LOCATION_QUERY: case COAP_OPTION_OBSERVE: case COAP_OPTION_URI_QUERY: case COAP_OPTION_BLOCK2: case COAP_OPTION_BLOCK1: case COAP_OPTION_ACCEPT: case COAP_OPTION_SIZE1: case COAP_OPTION_SIZE2: if (sn_coap_parser_alloc_options(handle, dst_coap_msg_ptr) == NULL) { tr_error(""sn_coap_parser_options_parse - failed to allocate options!""); return -1; } break; } if (message_left < option_len){ tr_error(""sn_coap_parser_options_parse - **packet_data_pptr would overflow when parsing options!""); return -1; } switch (option_number) { case COAP_OPTION_CONTENT_FORMAT: if ((option_len > 2) || (dst_coap_msg_ptr->content_format != COAP_CT_NONE)) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_CONTENT_FORMAT not valid!""); return -1; } dst_coap_msg_ptr->content_format = (sn_coap_content_format_e) sn_coap_parser_options_parse_uint(packet_data_pptr, option_len); break; case COAP_OPTION_MAX_AGE: if (option_len > 4) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_MAX_AGE not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->max_age = sn_coap_parser_options_parse_uint(packet_data_pptr, option_len); break; case COAP_OPTION_PROXY_URI: if ((option_len > 1034) || (option_len < 1) || dst_coap_msg_ptr->options_list_ptr->proxy_uri_ptr) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_PROXY_URI not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->proxy_uri_len = option_len; dst_coap_msg_ptr->options_list_ptr->proxy_uri_ptr = sn_coap_protocol_malloc_copy(handle, *packet_data_pptr, option_len); if (dst_coap_msg_ptr->options_list_ptr->proxy_uri_ptr == NULL) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_PROXY_URI allocation failed!""); return -1; } message_left = sn_coap_parser_move_packet_ptr(packet_data_pptr, packet_data_start_ptr, packet_len, option_len); break; case COAP_OPTION_ETAG: ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left, &dst_coap_msg_ptr->options_list_ptr->etag_ptr, (uint16_t *)&dst_coap_msg_ptr->options_list_ptr->etag_len, COAP_OPTION_ETAG, option_len); if (ret_status < 0) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_ETAG not valid!""); return -1; } break; case COAP_OPTION_URI_HOST: if ((option_len > 255) || (option_len < 1) || dst_coap_msg_ptr->options_list_ptr->uri_host_ptr) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_URI_HOST not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->uri_host_len = option_len; dst_coap_msg_ptr->options_list_ptr->uri_host_ptr = sn_coap_protocol_malloc_copy(handle, *packet_data_pptr, option_len); if (dst_coap_msg_ptr->options_list_ptr->uri_host_ptr == NULL) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_URI_HOST allocation failed!""); return -1; } message_left = sn_coap_parser_move_packet_ptr(packet_data_pptr, packet_data_start_ptr, packet_len, option_len); break; case COAP_OPTION_LOCATION_PATH: if (dst_coap_msg_ptr->options_list_ptr->location_path_ptr) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_LOCATION_PATH exists!""); return -1; } ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left, &dst_coap_msg_ptr->options_list_ptr->location_path_ptr, &dst_coap_msg_ptr->options_list_ptr->location_path_len, COAP_OPTION_LOCATION_PATH, option_len); if (ret_status <0) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_LOCATION_PATH not valid!""); return -1; } break; case COAP_OPTION_URI_PORT: if ((option_len > 2) || dst_coap_msg_ptr->options_list_ptr->uri_port != COAP_OPTION_URI_PORT_NONE) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_URI_PORT not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->uri_port = sn_coap_parser_options_parse_uint(packet_data_pptr, option_len); break; case COAP_OPTION_LOCATION_QUERY: ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left, &dst_coap_msg_ptr->options_list_ptr->location_query_ptr, &dst_coap_msg_ptr->options_list_ptr->location_query_len, COAP_OPTION_LOCATION_QUERY, option_len); if (ret_status < 0) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_LOCATION_QUERY not valid!""); return -1; } break; case COAP_OPTION_URI_PATH: ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left, &dst_coap_msg_ptr->uri_path_ptr, &dst_coap_msg_ptr->uri_path_len, COAP_OPTION_URI_PATH, option_len); if (ret_status < 0) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_URI_PATH not valid!""); return -1; } break; case COAP_OPTION_OBSERVE: if ((option_len > 2) || dst_coap_msg_ptr->options_list_ptr->observe != COAP_OBSERVE_NONE) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_OBSERVE not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->observe = sn_coap_parser_options_parse_uint(packet_data_pptr, option_len); break; case COAP_OPTION_URI_QUERY: ret_status = sn_coap_parser_options_parse_multiple_options(handle, packet_data_pptr, message_left, &dst_coap_msg_ptr->options_list_ptr->uri_query_ptr, &dst_coap_msg_ptr->options_list_ptr->uri_query_len, COAP_OPTION_URI_QUERY, option_len); if (ret_status < 0) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_URI_QUERY not valid!""); return -1; } break; case COAP_OPTION_BLOCK2: if ((option_len > 3) || dst_coap_msg_ptr->options_list_ptr->block2 != COAP_OPTION_BLOCK_NONE) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_BLOCK2 not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->block2 = sn_coap_parser_options_parse_uint(packet_data_pptr, option_len); break; case COAP_OPTION_BLOCK1: if ((option_len > 3) || dst_coap_msg_ptr->options_list_ptr->block1 != COAP_OPTION_BLOCK_NONE) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_BLOCK1 not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->block1 = sn_coap_parser_options_parse_uint(packet_data_pptr, option_len); break; case COAP_OPTION_ACCEPT: if ((option_len > 2) || (dst_coap_msg_ptr->options_list_ptr->accept != COAP_CT_NONE)) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_ACCEPT not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->accept = (sn_coap_content_format_e) sn_coap_parser_options_parse_uint(packet_data_pptr, option_len); break; case COAP_OPTION_SIZE1: if ((option_len > 4) || dst_coap_msg_ptr->options_list_ptr->use_size1) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_SIZE1 not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->use_size1 = true; dst_coap_msg_ptr->options_list_ptr->size1 = sn_coap_parser_options_parse_uint(packet_data_pptr, option_len); break; case COAP_OPTION_SIZE2: if ((option_len > 4) || dst_coap_msg_ptr->options_list_ptr->use_size2) { tr_error(""sn_coap_parser_options_parse - COAP_OPTION_SIZE2 not valid!""); return -1; } dst_coap_msg_ptr->options_list_ptr->use_size2 = true; dst_coap_msg_ptr->options_list_ptr->size2 = sn_coap_parser_options_parse_uint(packet_data_pptr, option_len); break; default: tr_error(""sn_coap_parser_options_parse - unknown option!""); return -1; } if ((*packet_data_pptr - packet_data_start_ptr) > packet_len) { return -1; } message_left = sn_coap_parser_move_packet_ptr(packet_data_pptr, packet_data_start_ptr, packet_len, 0); } return 0; }",visit repo url,source/sn_coap_parser.c,https://github.com/mjurczak/mbed-coap,197021877766505,1 1675,[],"cpu_attach_domain(struct sched_domain *sd, struct root_domain *rd, int cpu) { struct rq *rq = cpu_rq(cpu); struct sched_domain *tmp; for (tmp = sd; tmp; tmp = tmp->parent) { struct sched_domain *parent = tmp->parent; if (!parent) break; if (sd_parent_degenerate(tmp, parent)) { tmp->parent = parent->parent; if (parent->parent) parent->parent->child = tmp; } } if (sd && sd_degenerate(sd)) { sd = sd->parent; if (sd) sd->child = NULL; } sched_domain_debug(sd, cpu); rq_attach_root(rq, rd); rcu_assign_pointer(rq->sd, sd); }",linux-2.6,,,64325447554488589007566436601232403130,0 5313,NVD-CWE-noinfo,"int fit_image_load(bootm_headers_t *images, ulong addr, const char **fit_unamep, const char **fit_uname_configp, int arch, int image_type, int bootstage_id, enum fit_load_op load_op, ulong *datap, ulong *lenp) { int cfg_noffset, noffset; const char *fit_uname; const char *fit_uname_config; const char *fit_base_uname_config; const void *fit; void *buf; void *loadbuf; size_t size; int type_ok, os_ok; ulong load, load_end, data, len; uint8_t os, comp; #ifndef USE_HOSTCC uint8_t os_arch; #endif const char *prop_name; int ret; fit = map_sysmem(addr, 0); fit_uname = fit_unamep ? *fit_unamep : NULL; fit_uname_config = fit_uname_configp ? *fit_uname_configp : NULL; fit_base_uname_config = NULL; prop_name = fit_get_image_type_property(image_type); printf(""## Loading %s from FIT Image at %08lx ...\n"", prop_name, addr); bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT); if (fit_check_format(fit, IMAGE_SIZE_INVAL)) { printf(""Bad FIT %s image format!\n"", prop_name); bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT); return -ENOEXEC; } bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK); if (fit_uname) { bootstage_mark(bootstage_id + BOOTSTAGE_SUB_UNIT_NAME); noffset = fit_image_get_node(fit, fit_uname); } else { bootstage_mark(bootstage_id + BOOTSTAGE_SUB_NO_UNIT_NAME); if (IMAGE_ENABLE_BEST_MATCH && !fit_uname_config) { cfg_noffset = fit_conf_find_compat(fit, gd_fdt_blob()); } else { cfg_noffset = fit_conf_get_node(fit, fit_uname_config); } if (cfg_noffset < 0) { puts(""Could not find configuration node\n""); bootstage_error(bootstage_id + BOOTSTAGE_SUB_NO_UNIT_NAME); return -ENOENT; } fit_base_uname_config = fdt_get_name(fit, cfg_noffset, NULL); printf("" Using '%s' configuration\n"", fit_base_uname_config); if (image_type == IH_TYPE_KERNEL) images->fit_uname_cfg = fit_base_uname_config; if (FIT_IMAGE_ENABLE_VERIFY && images->verify) { puts("" Verifying Hash Integrity ... ""); if (fit_config_verify(fit, cfg_noffset)) { puts(""Bad Data Hash\n""); bootstage_error(bootstage_id + BOOTSTAGE_SUB_HASH); return -EACCES; } puts(""OK\n""); } bootstage_mark(BOOTSTAGE_ID_FIT_CONFIG); noffset = fit_conf_get_prop_node(fit, cfg_noffset, prop_name); fit_uname = fit_get_name(fit, noffset, NULL); } if (noffset < 0) { printf(""Could not find subimage node type '%s'\n"", prop_name); bootstage_error(bootstage_id + BOOTSTAGE_SUB_SUBNODE); return -ENOENT; } printf("" Trying '%s' %s subimage\n"", fit_uname, prop_name); ret = fit_image_select(fit, noffset, images->verify); if (ret) { bootstage_error(bootstage_id + BOOTSTAGE_SUB_HASH); return ret; } bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH); if (!host_build() && IS_ENABLED(CONFIG_SANDBOX)) { if (!fit_image_check_target_arch(fit, noffset)) { puts(""Unsupported Architecture\n""); bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ARCH); return -ENOEXEC; } } #ifndef USE_HOSTCC fit_image_get_arch(fit, noffset, &os_arch); images->os.arch = os_arch; #endif bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL); type_ok = fit_image_check_type(fit, noffset, image_type) || fit_image_check_type(fit, noffset, IH_TYPE_FIRMWARE) || (image_type == IH_TYPE_KERNEL && fit_image_check_type(fit, noffset, IH_TYPE_KERNEL_NOLOAD)); os_ok = image_type == IH_TYPE_FLATDT || image_type == IH_TYPE_FPGA || fit_image_check_os(fit, noffset, IH_OS_LINUX) || fit_image_check_os(fit, noffset, IH_OS_U_BOOT) || fit_image_check_os(fit, noffset, IH_OS_OPENRTOS) || fit_image_check_os(fit, noffset, IH_OS_EFI) || fit_image_check_os(fit, noffset, IH_OS_VXWORKS); if ((!type_ok || !os_ok) && image_type != IH_TYPE_LOADABLE) { fit_image_get_os(fit, noffset, &os); printf(""No %s %s %s Image\n"", genimg_get_os_name(os), genimg_get_arch_name(arch), genimg_get_type_name(image_type)); bootstage_error(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL); return -EIO; } bootstage_mark(bootstage_id + BOOTSTAGE_SUB_CHECK_ALL_OK); if (fit_image_get_data_and_size(fit, noffset, (const void **)&buf, &size)) { printf(""Could not find %s subimage data!\n"", prop_name); bootstage_error(bootstage_id + BOOTSTAGE_SUB_GET_DATA); return -ENOENT; } if (IS_ENABLED(CONFIG_FIT_CIPHER) && IMAGE_ENABLE_DECRYPT) { puts("" Decrypting Data ... ""); if (fit_image_uncipher(fit, noffset, &buf, &size)) { puts(""Error\n""); return -EACCES; } puts(""OK\n""); } if (!host_build() && IS_ENABLED(CONFIG_FIT_IMAGE_POST_PROCESS)) board_fit_image_post_process(&buf, &size); len = (ulong)size; bootstage_mark(bootstage_id + BOOTSTAGE_SUB_GET_DATA_OK); data = map_to_sysmem(buf); load = data; if (load_op == FIT_LOAD_IGNORED) { } else if (fit_image_get_load(fit, noffset, &load)) { if (load_op == FIT_LOAD_REQUIRED) { printf(""Can't get %s subimage load address!\n"", prop_name); bootstage_error(bootstage_id + BOOTSTAGE_SUB_LOAD); return -EBADF; } } else if (load_op != FIT_LOAD_OPTIONAL_NON_ZERO || load) { ulong image_start, image_end; image_start = addr; image_end = addr + fit_get_size(fit); load_end = load + len; if (image_type != IH_TYPE_KERNEL && load < image_end && load_end > image_start) { printf(""Error: %s overwritten\n"", prop_name); return -EXDEV; } printf("" Loading %s from 0x%08lx to 0x%08lx\n"", prop_name, data, load); } else { load = data; } comp = IH_COMP_NONE; loadbuf = buf; if (!fit_image_get_comp(fit, noffset, &comp) && comp != IH_COMP_NONE && !(image_type == IH_TYPE_KERNEL || image_type == IH_TYPE_KERNEL_NOLOAD || image_type == IH_TYPE_RAMDISK)) { ulong max_decomp_len = len * 20; if (load == data) { loadbuf = malloc(max_decomp_len); load = map_to_sysmem(loadbuf); } else { loadbuf = map_sysmem(load, max_decomp_len); } if (image_decomp(comp, load, data, image_type, loadbuf, buf, len, max_decomp_len, &load_end)) { printf(""Error decompressing %s\n"", prop_name); return -ENOEXEC; } len = load_end - load; } else if (load != data) { loadbuf = map_sysmem(load, len); memcpy(loadbuf, buf, len); } if (image_type == IH_TYPE_RAMDISK && comp != IH_COMP_NONE) puts(""WARNING: 'compression' nodes for ramdisks are deprecated,"" "" please fix your .its file!\n""); if (image_type == IH_TYPE_FLATDT && fdt_check_header(loadbuf)) { puts(""Subimage data is not a FDT""); return -ENOEXEC; } bootstage_mark(bootstage_id + BOOTSTAGE_SUB_LOAD); *datap = load; *lenp = len; if (fit_unamep) *fit_unamep = (char *)fit_uname; if (fit_uname_configp) *fit_uname_configp = (char *)(fit_uname_config ? : fit_base_uname_config); return noffset; }",visit repo url,common/image-fit.c,https://github.com/u-boot/u-boot,151539428248870,1 3027,['CWE-189'],"static int jas_icctxtdesc_input(jas_iccattrval_t *attrval, jas_stream_t *in, int cnt) { int n; int c; jas_icctxtdesc_t *txtdesc = &attrval->data.txtdesc; txtdesc->ascdata = 0; txtdesc->ucdata = 0; if (jas_iccgetuint32(in, &txtdesc->asclen)) goto error; if (!(txtdesc->ascdata = jas_malloc(txtdesc->asclen))) goto error; if (jas_stream_read(in, txtdesc->ascdata, txtdesc->asclen) != JAS_CAST(int, txtdesc->asclen)) goto error; txtdesc->ascdata[txtdesc->asclen - 1] = '\0'; if (jas_iccgetuint32(in, &txtdesc->uclangcode) || jas_iccgetuint32(in, &txtdesc->uclen)) goto error; if (!(txtdesc->ucdata = jas_alloc2(txtdesc->uclen, 2))) goto error; if (jas_stream_read(in, txtdesc->ucdata, txtdesc->uclen * 2) != JAS_CAST(int, txtdesc->uclen * 2)) goto error; if (jas_iccgetuint16(in, &txtdesc->sccode)) goto error; if ((c = jas_stream_getc(in)) == EOF) goto error; txtdesc->maclen = c; if (jas_stream_read(in, txtdesc->macdata, 67) != 67) goto error; txtdesc->asclen = strlen(txtdesc->ascdata) + 1; #define WORKAROUND_BAD_PROFILES #ifdef WORKAROUND_BAD_PROFILES n = txtdesc->asclen + txtdesc->uclen * 2 + 15 + 67; if (n > cnt) { return -1; } if (n < cnt) { if (jas_stream_gobble(in, cnt - n) != cnt - n) goto error; } #else if (txtdesc->asclen + txtdesc->uclen * 2 + 15 + 67 != cnt) return -1; #endif return 0; error: jas_icctxtdesc_destroy(attrval); return -1; }",jasper,,,167774163593147602478240047697105254435,0 4623,['CWE-399'],"static int ext4_journalled_write_end(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned copied, struct page *page, void *fsdata) { handle_t *handle = ext4_journal_current_handle(); struct inode *inode = mapping->host; int ret = 0, ret2; int partial = 0; unsigned from, to; loff_t new_i_size; trace_mark(ext4_journalled_write_end, ""dev %s ino %lu pos %llu len %u copied %u"", inode->i_sb->s_id, inode->i_ino, (unsigned long long) pos, len, copied); from = pos & (PAGE_CACHE_SIZE - 1); to = from + len; if (copied < len) { if (!PageUptodate(page)) copied = 0; page_zero_new_buffers(page, from+copied, to); } ret = walk_page_buffers(handle, page_buffers(page), from, to, &partial, write_end_fn); if (!partial) SetPageUptodate(page); new_i_size = pos + copied; if (new_i_size > inode->i_size) i_size_write(inode, pos+copied); EXT4_I(inode)->i_state |= EXT4_STATE_JDATA; if (new_i_size > EXT4_I(inode)->i_disksize) { ext4_update_i_disksize(inode, new_i_size); ret2 = ext4_mark_inode_dirty(handle, inode); if (!ret) ret = ret2; } unlock_page(page); ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; page_cache_release(page); return ret ? ret : copied; }",linux-2.6,,,70360055501839715751158489000208918827,0 1815,[],"static inline void schedule_debug(struct task_struct *prev) { if (unlikely(in_atomic_preempt_off()) && unlikely(!prev->exit_state)) __schedule_bug(prev); profile_hit(SCHED_PROFILING, __builtin_return_address(0)); schedstat_inc(this_rq(), sched_count); #ifdef CONFIG_SCHEDSTATS if (unlikely(prev->lock_depth >= 0)) { schedstat_inc(this_rq(), bkl_count); schedstat_inc(prev, sched_info.bkl_count); } #endif }",linux-2.6,,,221448596724699680273595906458073960270,0 5926,CWE-120,"void jsi_code_decode(Jsi_Interp *interp, jsi_OpCode *op, int currentip, char *buf, int bsiz) { if (_JSICASTINT(op->op) < 0 || op->op >= OP_LASTOP) { snprintf(buf, bsiz, ""Bad opcode[%d] at %d"", op->op, currentip); } char nbuf[100]; snprintf(nbuf, sizeof(nbuf), ""%d#%d"", currentip, op->Line); snprintf(buf, bsiz, ""%-8s %s "", nbuf, jsi_op_names[op->op]); int sl = Jsi_Strlen(buf); char *bp = buf + sl; bsiz -= sl; if (op->op == OP_PUSHBOO || op->op == OP_FCALL || op->op == OP_EVAL || op->op == OP_POP || op->op == OP_ASSIGN || op->op == OP_RET || op->op == OP_NEWFCALL || op->op == OP_DELETE || op->op == OP_CHTHIS || op->op == OP_OBJECT || op->op == OP_ARRAY || op->op == OP_SHF || op->op == OP_INC || op->op == OP_DEC) snprintf(bp, bsiz, ""%"" PRId64, (Jsi_Wide)(uintptr_t)op->data); else if (op->op == OP_PUSHNUM) Jsi_NumberDtoA(interp, *((Jsi_Number *)op->data), bp, bsiz, 0); else if (op->op == OP_PUSHVSTR) { Jsi_String *ss = (Jsi_String*)op->data; snprintf(bp, bsiz, ""\""%s\"""", ss->str); } else if (op->op == OP_PUSHSTR || op->op == OP_LOCAL || op->op == OP_SCATCH) snprintf(bp, bsiz, ""\""%s\"""", op->data ? (char*)op->data:""(NoCatch)""); else if (op->op == OP_PUSHVAR) snprintf(bp, bsiz, ""var: \""%s\"""", ((jsi_FastVar *)op->data)->varname); else if (op->op == OP_PUSHFUN) snprintf(bp, bsiz, ""func: 0x%"" PRIx64, (Jsi_Wide)(uintptr_t)op->data); else if (op->op == OP_JTRUE || op->op == OP_JFALSE || op->op == OP_JTRUE_NP || op->op == OP_JFALSE_NP || op->op == OP_JMP) snprintf(bp, bsiz, ""{%"" PRIu64 ""}\t#%"" PRIu64 """", (Jsi_Wide)(uintptr_t)op->data, (Jsi_Wide)((uintptr_t)currentip + (uintptr_t)op->data)); else if (op->op == OP_JMPPOP) { jsi_JmpPopInfo *jp = (jsi_JmpPopInfo*)op->data; snprintf(bp, bsiz, ""{%d},%d\t#%d"", jp->off, jp->topop, currentip + jp->off); } else if (op->op == OP_STRY) { jsi_TryInfo *t = (jsi_TryInfo *)op->data; snprintf(bp, bsiz, ""{try:%d, catch:%d, final:%d}"", t->trylen, t->catchlen, t->finallen); } }",visit repo url,src/jsiCode.c,https://github.com/pcmacdon/jsish,217713253126791,1 5817,['CWE-200'],"static __inline__ int is_ip_over_ddp(struct sk_buff *skb) { return skb->data[12] == 22; }",linux-2.6,,,179849618090692327295668429439368294396,0 4530,['CWE-20'],"static struct buffer_head *ext4_append(handle_t *handle, struct inode *inode, ext4_lblk_t *block, int *err) { struct buffer_head *bh; *block = inode->i_size >> inode->i_sb->s_blocksize_bits; bh = ext4_bread(handle, inode, *block, 1, err); if (bh) { inode->i_size += inode->i_sb->s_blocksize; EXT4_I(inode)->i_disksize = inode->i_size; *err = ext4_journal_get_write_access(handle, bh); if (*err) { brelse(bh); bh = NULL; } } return bh; }",linux-2.6,,,204420349525806050562360800938276368524,0 4600,CWE-787,"static s32 gf_media_vvc_read_pps_bs_internal(GF_BitStream *bs, VVCState *vvc) { u32 i; s32 pps_id; VVC_PPS *pps; pps_id = gf_bs_read_int_log(bs, 6, ""pps_id""); if ((pps_id < 0) || (pps_id >= 64)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] wrong PPS ID %d in PPS\n"", pps_id)); return -1; } pps = &vvc->pps[pps_id]; if (!pps->state) { pps->id = pps_id; pps->state = 1; } pps->sps_id = gf_bs_read_int_log(bs, 4, ""sps_id""); if (pps->sps_id >= 16) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] wrong SPS ID %d in PPS\n"", pps->sps_id)); pps->sps_id=0; return -1; } vvc->sps_active_idx = pps->sps_id; pps->mixed_nal_types = gf_bs_read_int_log(bs, 1, ""mixed_nal_types""); pps->width = gf_bs_read_ue_log(bs, ""width""); pps->height = gf_bs_read_ue_log(bs, ""height""); pps->conf_window = gf_bs_read_int_log(bs, 1, ""conformance_window_flag""); if (pps->conf_window) { pps->cw_left = gf_bs_read_ue_log(bs, ""conf_win_left_offset""); pps->cw_right = gf_bs_read_ue_log(bs, ""conf_win_right_offset""); pps->cw_top = gf_bs_read_ue_log(bs, ""conf_win_top_offset""); pps->cw_bottom = gf_bs_read_ue_log(bs, ""conf_win_bottom_offset""); } if (gf_bs_read_int_log(bs, 1, ""scaling_window_explicit_signalling_flag"")) { gf_bs_read_se_log(bs, ""scaling_win_left_offset""); gf_bs_read_se_log(bs, ""scaling_win_right_offset""); gf_bs_read_se_log(bs, ""scaling_win_top_offset""); gf_bs_read_se_log(bs, ""scaling_win_bottom_offset""); } pps->output_flag_present_flag = gf_bs_read_int_log(bs, 1, ""output_flag_present_flag""); pps->no_pic_partition_flag = gf_bs_read_int_log(bs, 1, ""no_pic_partition_flag""); pps->subpic_id_mapping_present_flag = gf_bs_read_int_log(bs, 1, ""subpic_id_mapping_present_flag""); if (pps->subpic_id_mapping_present_flag) { u32 pps_subpic_id_len, pps_num_subpics=0; if (!pps->no_pic_partition_flag) { pps_num_subpics = 1+gf_bs_read_ue_log(bs, ""pps_num_subpics_minus1""); } pps_subpic_id_len = 1 + gf_bs_read_ue(bs); for (i=0; ino_pic_partition_flag) { gf_bs_read_int_log(bs, 2, ""pps_log2_ctu_size_minus5""); u32 num_exp_tile_columns = 1 + gf_bs_read_ue_log(bs, ""num_exp_tile_columns_minus1""); u32 num_exp_tile_rows = 1 + gf_bs_read_ue_log(bs, ""num_exp_tile_rows_minus1""); for (i=0; ipath.mnt, .dentry = dentry, }; struct nfs4_state *state; struct rpc_cred *cred; int status = 0; cred = rpc_lookup_cred(); if (IS_ERR(cred)) { status = PTR_ERR(cred); goto out; } state = nfs4_do_open(dir, &path, flags, sattr, cred); d_drop(dentry); if (IS_ERR(state)) { status = PTR_ERR(state); goto out_putcred; } d_add(dentry, igrab(state->inode)); nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); if (flags & O_EXCL) { struct nfs_fattr fattr; status = nfs4_do_setattr(state->inode, cred, &fattr, sattr, state); if (status == 0) nfs_setattr_update_inode(state->inode, sattr); nfs_post_op_update_inode(state->inode, &fattr); } if (status == 0 && (nd->flags & LOOKUP_OPEN) != 0) status = nfs4_intent_set_file(nd, &path, state); else nfs4_close_sync(&path, state, flags); out_putcred: put_rpccred(cred); out: return status; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,138166798751973,1 2903,['CWE-189'],"static int jpc_encrawsigpass(jpc_bitstream_t *out, int bitpos, int vcausalflag, jas_matrix_t *flags, jas_matrix_t *data, int term, long *nmsedec) { int i; int j; int k; int one; int vscanlen; int width; int height; int frowstep; int drowstep; int fstripestep; int dstripestep; jpc_fix_t *fstripestart; jpc_fix_t *dstripestart; jpc_fix_t *fp; jpc_fix_t *dp; jpc_fix_t *fvscanstart; jpc_fix_t *dvscanstart; *nmsedec = 0; width = jas_matrix_numcols(data); height = jas_matrix_numrows(data); frowstep = jas_matrix_rowstep(flags); drowstep = jas_matrix_rowstep(data); fstripestep = frowstep << 2; dstripestep = drowstep << 2; one = 1 << (bitpos + JPC_NUMEXTRABITS); fstripestart = jas_matrix_getref(flags, 1, 1); dstripestart = jas_matrix_getref(data, 0, 0); for (i = height; i > 0; i -= 4, fstripestart += fstripestep, dstripestart += dstripestep) { fvscanstart = fstripestart; dvscanstart = dstripestart; vscanlen = JAS_MIN(i, 4); for (j = width; j > 0; --j, ++fvscanstart, ++dvscanstart) { fp = fvscanstart; dp = dvscanstart; k = vscanlen; rawsigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, out, vcausalflag); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; rawsigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, out, 0); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; rawsigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, out, 0); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; rawsigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, out, 0); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; } } if (term) { jpc_bitstream_outalign(out, 0x2a); } return 0; }",jasper,,,333671624936203675729657930439322301937,0 3843,[],static inline int cap_limit_ptraced_target(void) { return 1; },linux-2.6,,,255372357844967299303632030536370412184,0 3314,[],"static inline __be32 nla_get_be32(struct nlattr *nla) { return *(__be32 *) nla_data(nla); }",linux-2.6,,,272501664749857513403727369936263740480,0 6011,['CWE-200'],"static __inline__ unsigned cbq_hash(u32 h) { h ^= h>>8; h ^= h>>4; return h&0xF; }",linux-2.6,,,249623939863395278855492859163695100222,0 2499,CWE-190,"static int getnum (const char **fmt, int df) { if (!isdigit(**fmt)) return df; else { int a = 0; do { a = a*10 + *((*fmt)++) - '0'; } while (isdigit(**fmt)); return a; } }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,90908592553212,1 4565,['CWE-399'],"int ext4_block_truncate_page(handle_t *handle, struct address_space *mapping, loff_t from) { ext4_fsblk_t index = from >> PAGE_CACHE_SHIFT; unsigned offset = from & (PAGE_CACHE_SIZE-1); unsigned blocksize, length, pos; ext4_lblk_t iblock; struct inode *inode = mapping->host; struct buffer_head *bh; struct page *page; int err = 0; page = grab_cache_page(mapping, from >> PAGE_CACHE_SHIFT); if (!page) return -EINVAL; blocksize = inode->i_sb->s_blocksize; length = blocksize - (offset & (blocksize - 1)); iblock = index << (PAGE_CACHE_SHIFT - inode->i_sb->s_blocksize_bits); if (!page_has_buffers(page) && test_opt(inode->i_sb, NOBH) && ext4_should_writeback_data(inode) && PageUptodate(page)) { zero_user(page, offset, length); set_page_dirty(page); goto unlock; } if (!page_has_buffers(page)) create_empty_buffers(page, blocksize, 0); bh = page_buffers(page); pos = blocksize; while (offset >= pos) { bh = bh->b_this_page; iblock++; pos += blocksize; } err = 0; if (buffer_freed(bh)) { BUFFER_TRACE(bh, ""freed: skip""); goto unlock; } if (!buffer_mapped(bh)) { BUFFER_TRACE(bh, ""unmapped""); ext4_get_block(inode, iblock, bh, 0); if (!buffer_mapped(bh)) { BUFFER_TRACE(bh, ""still unmapped""); goto unlock; } } if (PageUptodate(page)) set_buffer_uptodate(bh); if (!buffer_uptodate(bh)) { err = -EIO; ll_rw_block(READ, 1, &bh); wait_on_buffer(bh); if (!buffer_uptodate(bh)) goto unlock; } if (ext4_should_journal_data(inode)) { BUFFER_TRACE(bh, ""get write access""); err = ext4_journal_get_write_access(handle, bh); if (err) goto unlock; } zero_user(page, offset, length); BUFFER_TRACE(bh, ""zeroed end of block""); err = 0; if (ext4_should_journal_data(inode)) { err = ext4_handle_dirty_metadata(handle, inode, bh); } else { if (ext4_should_order_data(inode)) err = ext4_jbd2_file_inode(handle, inode); mark_buffer_dirty(bh); } unlock: unlock_page(page); page_cache_release(page); return err; }",linux-2.6,,,90055010732055031374508860229994744987,0 427,[],"pfm_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) { DPRINT((""pfm_ioctl called\n"")); return -EINVAL; }",linux-2.6,,,192300992653796814410245457089967584542,0 1841,['CWE-189'],"int _gnutls_user_hello_func( gnutls_session session, gnutls_protocol_t adv_version) { int ret; if (session->internals.user_hello_func != NULL) { ret = session->internals.user_hello_func( session); if (ret < 0) { gnutls_assert(); return ret; } ret = _gnutls_negotiate_version( session, adv_version); if (ret < 0) { gnutls_assert(); return ret; } } return 0; }",gnutls,,,109611632538948224416702781870995339596,0 4955,['CWE-20'],"static int nfs4_set_client(struct nfs_server *server, const char *hostname, const struct sockaddr_in *addr, const char *ip_addr, rpc_authflavor_t authflavour, int proto, int timeo, int retrans) { struct nfs_client *clp; int error; dprintk(""--> nfs4_set_client()\n""); clp = nfs_get_client(hostname, addr, 4); if (IS_ERR(clp)) { error = PTR_ERR(clp); goto error; } error = nfs4_init_client(clp, proto, timeo, retrans, ip_addr, authflavour); if (error < 0) goto error_put; server->nfs_client = clp; dprintk(""<-- nfs4_set_client() = 0 [new %p]\n"", clp); return 0; error_put: nfs_put_client(clp); error: dprintk(""<-- nfs4_set_client() = xerror %d\n"", error); return error; }",linux-2.6,,,232734887762544128746422367022671754080,0 5505,CWE-125,"decoding_feof(struct tok_state *tok) { if (tok->decoding_state != STATE_NORMAL) { return feof(tok->fp); } else { PyObject* buf = tok->decoding_buffer; if (buf == NULL) { buf = PyObject_CallObject(tok->decoding_readline, NULL); if (buf == NULL) { error_ret(tok); return 1; } else { tok->decoding_buffer = buf; } } return PyObject_Length(buf) == 0; } }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,127678829183356,1 3545,CWE-20,"static int jas_iccgetsint32(jas_stream_t *in, jas_iccsint32_t *val) { ulonglong tmp; if (jas_iccgetuint(in, 4, &tmp)) return -1; *val = (tmp & 0x80000000) ? (-JAS_CAST(longlong, (((~tmp) & 0x7fffffff) + 1))) : JAS_CAST(longlong, tmp); return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,102392397061265,1 671,CWE-20,"mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sk_buff *skb; struct sock *sk = sock->sk; struct sockaddr_mISDN *maddr; int copied, err; if (*debug & DEBUG_SOCKET) printk(KERN_DEBUG ""%s: len %d, flags %x ch.nr %d, proto %x\n"", __func__, (int)len, flags, _pms(sk)->ch.nr, sk->sk_protocol); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == MISDN_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (!skb) return err; if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) { msg->msg_namelen = sizeof(struct sockaddr_mISDN); maddr = (struct sockaddr_mISDN *)msg->msg_name; maddr->family = AF_ISDN; maddr->dev = _pms(sk)->dev->id; if ((sk->sk_protocol == ISDN_P_LAPD_TE) || (sk->sk_protocol == ISDN_P_LAPD_NT)) { maddr->channel = (mISDN_HEAD_ID(skb) >> 16) & 0xff; maddr->tei = (mISDN_HEAD_ID(skb) >> 8) & 0xff; maddr->sapi = mISDN_HEAD_ID(skb) & 0xff; } else { maddr->channel = _pms(sk)->ch.nr; maddr->sapi = _pms(sk)->ch.addr & 0xFF; maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF; } } else { if (msg->msg_namelen) printk(KERN_WARNING ""%s: too small namelen %d\n"", __func__, msg->msg_namelen); msg->msg_namelen = 0; } copied = skb->len + MISDN_HEADER_LEN; if (len < copied) { if (flags & MSG_PEEK) atomic_dec(&skb->users); else skb_queue_head(&sk->sk_receive_queue, skb); return -ENOSPC; } memcpy(skb_push(skb, MISDN_HEADER_LEN), mISDN_HEAD_P(skb), MISDN_HEADER_LEN); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); mISDN_sock_cmsg(sk, msg, skb); skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,drivers/isdn/mISDN/socket.c,https://github.com/torvalds/linux,109946884267745,1 1700,NVD-CWE-Other,"int snd_usbmidi_create(struct snd_card *card, struct usb_interface *iface, struct list_head *midi_list, const struct snd_usb_audio_quirk *quirk) { struct snd_usb_midi *umidi; struct snd_usb_midi_endpoint_info endpoints[MIDI_MAX_ENDPOINTS]; int out_ports, in_ports; int i, err; umidi = kzalloc(sizeof(*umidi), GFP_KERNEL); if (!umidi) return -ENOMEM; umidi->dev = interface_to_usbdev(iface); umidi->card = card; umidi->iface = iface; umidi->quirk = quirk; umidi->usb_protocol_ops = &snd_usbmidi_standard_ops; spin_lock_init(&umidi->disc_lock); init_rwsem(&umidi->disc_rwsem); mutex_init(&umidi->mutex); umidi->usb_id = USB_ID(le16_to_cpu(umidi->dev->descriptor.idVendor), le16_to_cpu(umidi->dev->descriptor.idProduct)); setup_timer(&umidi->error_timer, snd_usbmidi_error_timer, (unsigned long)umidi); memset(endpoints, 0, sizeof(endpoints)); switch (quirk ? quirk->type : QUIRK_MIDI_STANDARD_INTERFACE) { case QUIRK_MIDI_STANDARD_INTERFACE: err = snd_usbmidi_get_ms_info(umidi, endpoints); if (umidi->usb_id == USB_ID(0x0763, 0x0150)) umidi->usb_protocol_ops = &snd_usbmidi_maudio_broken_running_status_ops; break; case QUIRK_MIDI_US122L: umidi->usb_protocol_ops = &snd_usbmidi_122l_ops; case QUIRK_MIDI_FIXED_ENDPOINT: memcpy(&endpoints[0], quirk->data, sizeof(struct snd_usb_midi_endpoint_info)); err = snd_usbmidi_detect_endpoints(umidi, &endpoints[0], 1); break; case QUIRK_MIDI_YAMAHA: err = snd_usbmidi_detect_yamaha(umidi, &endpoints[0]); break; case QUIRK_MIDI_ROLAND: err = snd_usbmidi_detect_roland(umidi, &endpoints[0]); break; case QUIRK_MIDI_MIDIMAN: umidi->usb_protocol_ops = &snd_usbmidi_midiman_ops; memcpy(&endpoints[0], quirk->data, sizeof(struct snd_usb_midi_endpoint_info)); err = 0; break; case QUIRK_MIDI_NOVATION: umidi->usb_protocol_ops = &snd_usbmidi_novation_ops; err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints); break; case QUIRK_MIDI_RAW_BYTES: umidi->usb_protocol_ops = &snd_usbmidi_raw_ops; if (umidi->usb_id == USB_ID(0x07fd, 0x0001)) usb_set_interface(umidi->dev, 0, 0); err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints); break; case QUIRK_MIDI_EMAGIC: umidi->usb_protocol_ops = &snd_usbmidi_emagic_ops; memcpy(&endpoints[0], quirk->data, sizeof(struct snd_usb_midi_endpoint_info)); err = snd_usbmidi_detect_endpoints(umidi, &endpoints[0], 1); break; case QUIRK_MIDI_CME: umidi->usb_protocol_ops = &snd_usbmidi_cme_ops; err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints); break; case QUIRK_MIDI_AKAI: umidi->usb_protocol_ops = &snd_usbmidi_akai_ops; err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints); endpoints[1].out_cables = 0; break; case QUIRK_MIDI_FTDI: umidi->usb_protocol_ops = &snd_usbmidi_ftdi_ops; err = usb_control_msg(umidi->dev, usb_sndctrlpipe(umidi->dev, 0), 3, 0x40, 0x60, 0, NULL, 0, 1000); if (err < 0) break; err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints); break; case QUIRK_MIDI_CH345: umidi->usb_protocol_ops = &snd_usbmidi_ch345_broken_sysex_ops; err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints); break; default: dev_err(&umidi->dev->dev, ""invalid quirk type %d\n"", quirk->type); err = -ENXIO; break; } if (err < 0) { kfree(umidi); return err; } out_ports = 0; in_ports = 0; for (i = 0; i < MIDI_MAX_ENDPOINTS; ++i) { out_ports += hweight16(endpoints[i].out_cables); in_ports += hweight16(endpoints[i].in_cables); } err = snd_usbmidi_create_rawmidi(umidi, out_ports, in_ports); if (err < 0) { kfree(umidi); return err; } if (quirk && quirk->type == QUIRK_MIDI_MIDIMAN) err = snd_usbmidi_create_endpoints_midiman(umidi, &endpoints[0]); else err = snd_usbmidi_create_endpoints(umidi, endpoints); if (err < 0) { snd_usbmidi_free(umidi); return err; } usb_autopm_get_interface_no_resume(umidi->iface); list_add_tail(&umidi->list, midi_list); return 0; }",visit repo url,sound/usb/midi.c,https://github.com/torvalds/linux,186076146528407,1 6657,['CWE-200'],"add_connection_clicked (GtkButton *button, gpointer user_data) { ActionInfo *info = (ActionInfo *) user_data; NMConnectionList *list = info->list; GType ctype; if (!info->new_func) { ctype = GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (info->treeview), TV_TYPE_TAG)); g_warning (""No new-connection function registered for type '%s'"", g_type_name (ctype)); return; } (*(info->new_func)) (GTK_WINDOW (list->dialog), really_add_connection, page_get_connections, info); }",network-manager-applet,,,110652478504548986751427545289026439710,0 5225,['CWE-264'],"int chmod_acl(connection_struct *conn, const char *name, mode_t mode) { return copy_access_acl(conn, name, name, mode); }",samba,,,75369289559311611650053047344894891775,0 6151,CWE-190,"void ep2_mul_basic(ep2_t r, const ep2_t p, const bn_t k) { int i, l; ep2_t t; ep2_null(t); if (bn_is_zero(k) || ep2_is_infty(p)) { ep2_set_infty(r); return; } RLC_TRY { ep2_new(t); l = bn_bits(k); if (bn_get_bit(k, l - 1)) { ep2_copy(t, p); } else { ep2_set_infty(t); } for (i = l - 2; i >= 0; i--) { ep2_dbl(t, t); if (bn_get_bit(k, i)) { ep2_add(t, t, p); } } ep2_copy(r, t); ep2_norm(r, r); if (bn_sign(k) == RLC_NEG) { ep2_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { ep2_free(t); } }",visit repo url,src/epx/relic_ep2_mul.c,https://github.com/relic-toolkit/relic,220280271087426,1 802,CWE-20,"static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(kiocb); struct scm_cookie scm; struct sock *sk = sock->sk; struct netlink_sock *nlk = nlk_sk(sk); int noblock = flags&MSG_DONTWAIT; size_t copied; struct sk_buff *skb, *data_skb; int err, ret; if (flags&MSG_OOB) return -EOPNOTSUPP; copied = 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (skb == NULL) goto out; data_skb = skb; #ifdef CONFIG_COMPAT_NETLINK_MESSAGES if (unlikely(skb_shinfo(skb)->frag_list)) { if (flags & MSG_CMSG_COMPAT) data_skb = skb_shinfo(skb)->frag_list; } #endif msg->msg_namelen = 0; copied = data_skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(data_skb); err = skb_copy_datagram_iovec(data_skb, 0, msg->msg_iov, copied); if (msg->msg_name) { struct sockaddr_nl *addr = (struct sockaddr_nl *)msg->msg_name; addr->nl_family = AF_NETLINK; addr->nl_pad = 0; addr->nl_pid = NETLINK_CB(skb).portid; addr->nl_groups = netlink_group_mask(NETLINK_CB(skb).dst_group); msg->msg_namelen = sizeof(*addr); } if (nlk->flags & NETLINK_RECV_PKTINFO) netlink_cmsg_recv_pktinfo(msg, skb); if (NULL == siocb->scm) { memset(&scm, 0, sizeof(scm)); siocb->scm = &scm; } siocb->scm->creds = *NETLINK_CREDS(skb); if (flags & MSG_TRUNC) copied = data_skb->len; skb_free_datagram(sk, skb); if (nlk->cb_running && atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) { ret = netlink_dump(sk); if (ret) { sk->sk_err = ret; sk->sk_error_report(sk); } } scm_recv(sock, msg, siocb->scm, flags); out: netlink_rcv_wake(sk); return err ? : copied; }",visit repo url,net/netlink/af_netlink.c,https://github.com/torvalds/linux,280528127100709,1 3869,[],static inline int cap_inh_is_capped(void) { return 1; },linux-2.6,,,311823597460022841777678727994981763789,0 5055,CWE-125,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 144,[],"static int get_compat_flock(struct flock *kfl, struct compat_flock __user *ufl) { if (!access_ok(VERIFY_READ, ufl, sizeof(*ufl)) || __get_user(kfl->l_type, &ufl->l_type) || __get_user(kfl->l_whence, &ufl->l_whence) || __get_user(kfl->l_start, &ufl->l_start) || __get_user(kfl->l_len, &ufl->l_len) || __get_user(kfl->l_pid, &ufl->l_pid)) return -EFAULT; return 0; }",linux-2.6,,,130581081425609358661563757755143684393,0 1145,CWE-400,"static void nlmclnt_unlock_callback(struct rpc_task *task, void *data) { struct nlm_rqst *req = data; u32 status = ntohl(req->a_res.status); if (RPC_ASSASSINATED(task)) goto die; if (task->tk_status < 0) { dprintk(""lockd: unlock failed (err = %d)\n"", -task->tk_status); goto retry_rebind; } if (status == NLM_LCK_DENIED_GRACE_PERIOD) { rpc_delay(task, NLMCLNT_GRACE_WAIT); goto retry_unlock; } if (status != NLM_LCK_GRANTED) printk(KERN_WARNING ""lockd: unexpected unlock status: %d\n"", status); die: return; retry_rebind: nlm_rebind_host(req->a_host); retry_unlock: rpc_restart_call(task); }",visit repo url,fs/lockd/clntproc.c,https://github.com/torvalds/linux,199602224809944,1 6170,CWE-190,"void ep4_mul_sim_trick(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, const bn_t m) { ep4_t t0[1 << (EP_WIDTH / 2)]; ep4_t t1[1 << (EP_WIDTH / 2)]; ep4_t t[1 << EP_WIDTH]; bn_t n; int l0, l1, w = EP_WIDTH / 2; uint8_t w0[2 * RLC_FP_BITS], w1[2 * RLC_FP_BITS]; bn_null(n); if (bn_is_zero(k) || ep4_is_infty(p)) { ep4_mul(r, q, m); return; } if (bn_is_zero(m) || ep4_is_infty(q)) { ep4_mul(r, p, k); return; } RLC_TRY { bn_new(n); ep4_curve_get_ord(n); for (int i = 0; i < (1 << w); i++) { ep4_null(t0[i]); ep4_null(t1[i]); ep4_new(t0[i]); ep4_new(t1[i]); } for (int i = 0; i < (1 << EP_WIDTH); i++) { ep4_null(t[i]); ep4_new(t[i]); } ep4_set_infty(t0[0]); ep4_copy(t0[1], p); if (bn_sign(k) == RLC_NEG) { ep4_neg(t0[1], t0[1]); } for (int i = 2; i < (1 << w); i++) { ep4_add(t0[i], t0[i - 1], t0[1]); } ep4_set_infty(t1[0]); ep4_copy(t1[1], q); if (bn_sign(m) == RLC_NEG) { ep4_neg(t1[1], t1[1]); } for (int i = 1; i < (1 << w); i++) { ep4_add(t1[i], t1[i - 1], t1[1]); } for (int i = 0; i < (1 << w); i++) { for (int j = 0; j < (1 << w); j++) { ep4_add(t[(i << w) + j], t0[i], t1[j]); } } #if defined(EP_MIXED) ep4_norm_sim(t + 1, t + 1, (1 << (EP_WIDTH)) - 1); #endif l0 = l1 = RLC_CEIL(2 * RLC_FP_BITS, w); bn_rec_win(w0, &l0, k, w); bn_rec_win(w1, &l1, m, w); for (int i = l0; i < l1; i++) { w0[i] = 0; } for (int i = l1; i < l0; i++) { w1[i] = 0; } ep4_set_infty(r); for (int i = RLC_MAX(l0, l1) - 1; i >= 0; i--) { for (int j = 0; j < w; j++) { ep4_dbl(r, r); } ep4_add(r, r, t[(w0[i] << w) + w1[i]]); } ep4_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); for (int i = 0; i < (1 << w); i++) { ep4_free(t0[i]); ep4_free(t1[i]); } for (int i = 0; i < (1 << EP_WIDTH); i++) { ep4_free(t[i]); } } }",visit repo url,src/epx/relic_ep4_mul_sim.c,https://github.com/relic-toolkit/relic,156145213600102,1 5382,CWE-125,"void SavePayload(size_t handle, uint32_t *payload, uint32_t index) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return; uint32_t *MP4buffer = NULL; if (index < mp4->indexcount && mp4->mediafp && payload) { LONGSEEK(mp4->mediafp, mp4->metaoffsets[index], SEEK_SET); fwrite(payload, 1, mp4->metasizes[index], mp4->mediafp); } return; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,168190559431340,1 2815,CWE-125,"static BOOL update_read_icon_info(wStream* s, ICON_INFO* iconInfo) { BYTE* newBitMask; if (Stream_GetRemainingLength(s) < 8) return FALSE; Stream_Read_UINT16(s, iconInfo->cacheEntry); Stream_Read_UINT8(s, iconInfo->cacheId); Stream_Read_UINT8(s, iconInfo->bpp); if ((iconInfo->bpp < 1) || (iconInfo->bpp > 32)) { WLog_ERR(TAG, ""invalid bpp value %"" PRIu32 """", iconInfo->bpp); return FALSE; } Stream_Read_UINT16(s, iconInfo->width); Stream_Read_UINT16(s, iconInfo->height); switch (iconInfo->bpp) { case 1: case 4: case 8: if (Stream_GetRemainingLength(s) < 2) return FALSE; Stream_Read_UINT16(s, iconInfo->cbColorTable); break; default: iconInfo->cbColorTable = 0; break; } if (Stream_GetRemainingLength(s) < 4) return FALSE; Stream_Read_UINT16(s, iconInfo->cbBitsMask); Stream_Read_UINT16(s, iconInfo->cbBitsColor); if (Stream_GetRemainingLength(s) < iconInfo->cbBitsMask + iconInfo->cbBitsColor) return FALSE; newBitMask = (BYTE*)realloc(iconInfo->bitsMask, iconInfo->cbBitsMask); if (!newBitMask) { free(iconInfo->bitsMask); iconInfo->bitsMask = NULL; return FALSE; } iconInfo->bitsMask = newBitMask; Stream_Read(s, iconInfo->bitsMask, iconInfo->cbBitsMask); if (iconInfo->colorTable == NULL) { if (iconInfo->cbColorTable) { iconInfo->colorTable = (BYTE*)malloc(iconInfo->cbColorTable); if (!iconInfo->colorTable) return FALSE; } } else if (iconInfo->cbColorTable) { BYTE* new_tab; new_tab = (BYTE*)realloc(iconInfo->colorTable, iconInfo->cbColorTable); if (!new_tab) { free(iconInfo->colorTable); iconInfo->colorTable = NULL; return FALSE; } iconInfo->colorTable = new_tab; } else { free(iconInfo->colorTable); iconInfo->colorTable = NULL; } if (iconInfo->colorTable) Stream_Read(s, iconInfo->colorTable, iconInfo->cbColorTable); newBitMask = (BYTE*)realloc(iconInfo->bitsColor, iconInfo->cbBitsColor); if (!newBitMask) { free(iconInfo->bitsColor); iconInfo->bitsColor = NULL; return FALSE; } iconInfo->bitsColor = newBitMask; Stream_Read(s, iconInfo->bitsColor, iconInfo->cbBitsColor); return TRUE; }",visit repo url,libfreerdp/core/window.c,https://github.com/FreeRDP/FreeRDP,28572683331051,1 279,[],"static int old_bridge_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) { u32 tmp; if (get_user(tmp, (u32 __user *) arg)) return -EFAULT; if (tmp == BRCTL_GET_VERSION) return BRCTL_VERSION + 1; return -EINVAL; }",linux-2.6,,,337819528776137130029790276220394772989,0 3106,CWE-119,"ParseNameValue(const char * buffer, int bufsize, struct NameValueParserData * data) { struct xmlparser parser; data->l_head = NULL; data->portListing = NULL; data->portListingLength = 0; parser.xmlstart = buffer; parser.xmlsize = bufsize; parser.data = data; parser.starteltfunc = NameValueParserStartElt; parser.endeltfunc = NameValueParserEndElt; parser.datafunc = NameValueParserGetData; parser.attfunc = 0; parsexml(&parser); }",visit repo url,miniupnpc/upnpreplyparse.c,https://github.com/miniupnp/miniupnp,276367477370491,1 6143,['CWE-200'],"int iw_handler_set_thrspy(struct net_device * dev, struct iw_request_info *info, union iwreq_data * wrqu, char * extra) { struct iw_spy_data * spydata = get_spydata(dev); struct iw_thrspy * threshold = (struct iw_thrspy *) extra; if(!spydata) return -EOPNOTSUPP; memcpy(&(spydata->spy_thr_low), &(threshold->low), 2 * sizeof(struct iw_quality)); memset(spydata->spy_thr_under, '\0', sizeof(spydata->spy_thr_under)); #ifdef WE_SPY_DEBUG printk(KERN_DEBUG ""iw_handler_set_thrspy() : low %d ; high %d\n"", spydata->spy_thr_low.level, spydata->spy_thr_high.level); #endif return 0; }",linux-2.6,,,143907418127974234455523655110055989528,0 1971,['CWE-20'],"static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, unsigned long addr, unsigned long end, unsigned long floor, unsigned long ceiling) { pud_t *pud; unsigned long next; unsigned long start; start = addr; pud = pud_offset(pgd, addr); do { next = pud_addr_end(addr, end); if (pud_none_or_clear_bad(pud)) continue; free_pmd_range(tlb, pud, addr, next, floor, ceiling); } while (pud++, addr = next, addr != end); start &= PGDIR_MASK; if (start < floor) return; if (ceiling) { ceiling &= PGDIR_MASK; if (!ceiling) return; } if (end - 1 > ceiling - 1) return; pud = pud_offset(pgd, start); pgd_clear(pgd); pud_free_tlb(tlb, pud); }",linux-2.6,,,147074987219126054946656280255610094071,0 57,CWE-763,"acc_ctx_new(OM_uint32 *minor_status, gss_buffer_t buf, gss_ctx_id_t *ctx, spnego_gss_cred_id_t spcred, gss_buffer_t *mechToken, gss_buffer_t *mechListMIC, OM_uint32 *negState, send_token_flag *return_token) { OM_uint32 tmpmin, ret, req_flags; gss_OID_set supported_mechSet, mechTypes; gss_buffer_desc der_mechTypes; gss_OID mech_wanted; spnego_gss_ctx_id_t sc = NULL; ret = GSS_S_DEFECTIVE_TOKEN; der_mechTypes.length = 0; der_mechTypes.value = NULL; *mechToken = *mechListMIC = GSS_C_NO_BUFFER; supported_mechSet = mechTypes = GSS_C_NO_OID_SET; *return_token = ERROR_TOKEN_SEND; *negState = REJECT; *minor_status = 0; ret = get_negTokenInit(minor_status, buf, &der_mechTypes, &mechTypes, &req_flags, mechToken, mechListMIC); if (ret != GSS_S_COMPLETE) { goto cleanup; } ret = get_negotiable_mechs(minor_status, spcred, GSS_C_ACCEPT, &supported_mechSet); if (ret != GSS_S_COMPLETE) { *return_token = NO_TOKEN_SEND; goto cleanup; } mech_wanted = negotiate_mech(supported_mechSet, mechTypes, negState); if (*negState == REJECT) { ret = GSS_S_BAD_MECH; goto cleanup; } sc = (spnego_gss_ctx_id_t)*ctx; if (sc != NULL) { gss_release_buffer(&tmpmin, &sc->DER_mechTypes); assert(mech_wanted != GSS_C_NO_OID); } else sc = create_spnego_ctx(); if (sc == NULL) { ret = GSS_S_FAILURE; *return_token = NO_TOKEN_SEND; goto cleanup; } sc->mech_set = mechTypes; mechTypes = GSS_C_NO_OID_SET; sc->internal_mech = mech_wanted; sc->DER_mechTypes = der_mechTypes; der_mechTypes.length = 0; der_mechTypes.value = NULL; if (*negState == REQUEST_MIC) sc->mic_reqd = 1; *return_token = INIT_TOKEN_SEND; sc->firstpass = 1; *ctx = (gss_ctx_id_t)sc; ret = GSS_S_COMPLETE; cleanup: gss_release_oid_set(&tmpmin, &mechTypes); gss_release_oid_set(&tmpmin, &supported_mechSet); if (der_mechTypes.length != 0) gss_release_buffer(&tmpmin, &der_mechTypes); return ret; }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,92373106903961,1 2676,[],"static int sctp_autobind(struct sock *sk) { union sctp_addr autoaddr; struct sctp_af *af; __be16 port; af = sctp_sk(sk)->pf->af; port = htons(inet_sk(sk)->num); af->inaddr_any(&autoaddr, port); return sctp_do_bind(sk, &autoaddr, af->sockaddr_len); }",linux-2.6,,,143062806699878180423761177661114942652,0 6011,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedwriter_24CompressedBufferedWriter_6__reduce_cython__(struct __pyx_obj_17clickhouse_driver_14bufferedwriter_CompressedBufferedWriter *__pyx_v_self) { PyObject *__pyx_v_state = 0; PyObject *__pyx_v__dict = 0; int __pyx_v_use_setstate; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; int __pyx_t_5; int __pyx_t_6; __Pyx_RefNannySetupContext(""__reduce_cython__"", 0); __pyx_t_1 = __Pyx_PyBytes_FromString(__pyx_v_self->__pyx_base.buffer); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = PyInt_FromSsize_t(__pyx_v_self->__pyx_base.buffer_size); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = PyInt_FromSsize_t(__pyx_v_self->__pyx_base.position); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = PyTuple_New(4); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_GIVEREF(__pyx_t_1); PyTuple_SET_ITEM(__pyx_t_4, 0, __pyx_t_1); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_t_2); __Pyx_INCREF(__pyx_v_self->compressor); __Pyx_GIVEREF(__pyx_v_self->compressor); PyTuple_SET_ITEM(__pyx_t_4, 2, __pyx_v_self->compressor); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_4, 3, __pyx_t_3); __pyx_t_1 = 0; __pyx_t_2 = 0; __pyx_t_3 = 0; __pyx_v_state = ((PyObject*)__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_GetAttr3(((PyObject *)__pyx_v_self), __pyx_n_s_dict, Py_None); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __pyx_v__dict = __pyx_t_4; __pyx_t_4 = 0; __pyx_t_5 = (__pyx_v__dict != Py_None); __pyx_t_6 = (__pyx_t_5 != 0); if (__pyx_t_6) { __pyx_t_4 = PyTuple_New(1); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(__pyx_v__dict); __Pyx_GIVEREF(__pyx_v__dict); PyTuple_SET_ITEM(__pyx_t_4, 0, __pyx_v__dict); __pyx_t_3 = PyNumber_InPlaceAdd(__pyx_v_state, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __Pyx_DECREF_SET(__pyx_v_state, ((PyObject*)__pyx_t_3)); __pyx_t_3 = 0; __pyx_v_use_setstate = 1; goto __pyx_L3; } { __pyx_t_6 = (__pyx_v_self->compressor != Py_None); __pyx_v_use_setstate = __pyx_t_6; } __pyx_L3:; __pyx_t_6 = (__pyx_v_use_setstate != 0); if (__pyx_t_6) { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_pyx_unpickle_CompressedBuffere); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = PyTuple_New(3); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_4, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_17355272); __Pyx_GIVEREF(__pyx_int_17355272); PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_int_17355272); __Pyx_INCREF(Py_None); __Pyx_GIVEREF(Py_None); PyTuple_SET_ITEM(__pyx_t_4, 2, Py_None); __pyx_t_2 = PyTuple_New(3); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_3); __Pyx_GIVEREF(__pyx_t_4); PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_t_4); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_2, 2, __pyx_v_state); __pyx_t_3 = 0; __pyx_t_4 = 0; __pyx_r = __pyx_t_2; __pyx_t_2 = 0; goto __pyx_L0; } { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_pyx_unpickle_CompressedBuffere); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_4 = PyTuple_New(3); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_4, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_17355272); __Pyx_GIVEREF(__pyx_int_17355272); PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_int_17355272); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_4, 2, __pyx_v_state); __pyx_t_3 = PyTuple_New(2); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_3, 0, __pyx_t_2); __Pyx_GIVEREF(__pyx_t_4); PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_t_4); __pyx_t_2 = 0; __pyx_t_4 = 0; __pyx_r = __pyx_t_3; __pyx_t_3 = 0; goto __pyx_L0; } __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_AddTraceback(""clickhouse_driver.bufferedwriter.CompressedBufferedWriter.__reduce_cython__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XDECREF(__pyx_v_state); __Pyx_XDECREF(__pyx_v__dict); __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedwriter.c,https://github.com/mymarilyn/clickhouse-driver,81427285351952,1 2742,['CWE-189'],"int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep, struct sctp_association *asoc, gfp_t gfp) { struct sctp_shared_key *sh_key; struct sctp_shared_key *new; BUG_ON(!list_empty(&asoc->endpoint_shared_keys)); key_for_each(sh_key, &ep->endpoint_shared_keys) { new = sctp_auth_shkey_create(sh_key->key_id, gfp); if (!new) goto nomem; new->key = sh_key->key; sctp_auth_key_hold(new->key); list_add(&new->key_list, &asoc->endpoint_shared_keys); } return 0; nomem: sctp_auth_destroy_keys(&asoc->endpoint_shared_keys); return -ENOMEM; }",linux-2.6,,,78700656875009943203317526642304062024,0 1348,CWE-20,"int ext4_orphan_del(handle_t *handle, struct inode *inode) { struct list_head *prev; struct ext4_inode_info *ei = EXT4_I(inode); struct ext4_sb_info *sbi; __u32 ino_next; struct ext4_iloc iloc; int err = 0; if (handle && !ext4_handle_valid(handle)) return 0; mutex_lock(&EXT4_SB(inode->i_sb)->s_orphan_lock); if (list_empty(&ei->i_orphan)) goto out; ino_next = NEXT_ORPHAN(inode); prev = ei->i_orphan.prev; sbi = EXT4_SB(inode->i_sb); jbd_debug(4, ""remove inode %lu from orphan list\n"", inode->i_ino); list_del_init(&ei->i_orphan); if (sbi->s_journal && !handle) goto out; err = ext4_reserve_inode_write(handle, inode, &iloc); if (err) goto out_err; if (prev == &sbi->s_orphan) { jbd_debug(4, ""superblock will point to %u\n"", ino_next); BUFFER_TRACE(sbi->s_sbh, ""get_write_access""); err = ext4_journal_get_write_access(handle, sbi->s_sbh); if (err) goto out_brelse; sbi->s_es->s_last_orphan = cpu_to_le32(ino_next); err = ext4_handle_dirty_super(handle, inode->i_sb); } else { struct ext4_iloc iloc2; struct inode *i_prev = &list_entry(prev, struct ext4_inode_info, i_orphan)->vfs_inode; jbd_debug(4, ""orphan inode %lu will point to %u\n"", i_prev->i_ino, ino_next); err = ext4_reserve_inode_write(handle, i_prev, &iloc2); if (err) goto out_brelse; NEXT_ORPHAN(i_prev) = ino_next; err = ext4_mark_iloc_dirty(handle, i_prev, &iloc2); } if (err) goto out_brelse; NEXT_ORPHAN(inode) = 0; err = ext4_mark_iloc_dirty(handle, inode, &iloc); out_err: ext4_std_error(inode->i_sb, err); out: mutex_unlock(&EXT4_SB(inode->i_sb)->s_orphan_lock); return err; out_brelse: brelse(iloc.bh); goto out_err; }",visit repo url,fs/ext4/namei.c,https://github.com/torvalds/linux,155094239448010,1 5047,[],"static void async_request_sent(void *private_data_data, BOOL success) { struct winbindd_async_request *state = talloc_get_type_abort(private_data_data, struct winbindd_async_request); if (!success) { DEBUG(5, (""Could not send async request to child pid %u\n"", (unsigned int)state->child_pid )); async_request_fail(state); return; } setup_async_read(&state->child->event, &state->response->result, sizeof(state->response->result), async_reply_recv, state); state->reply_timeout_event = event_add_timed(winbind_event_context(), NULL, timeval_current_ofs(300,0), ""async_request_timeout"", async_request_timeout_handler, state); if (!state->reply_timeout_event) { smb_panic(""async_request_sent: failed to add timeout handler.\n""); } }",samba,,,137763027957972085187679317866522030323,0 5381,CWE-125,"uint32_t GetPayloadTime(size_t handle, uint32_t index, float *in, float *out) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return 0; if (mp4->metaoffsets == 0 || mp4->basemetadataduration == 0 || mp4->meta_clockdemon == 0 || in == NULL || out == NULL) return 1; *in = (float)((double)index * (double)mp4->basemetadataduration / (double)mp4->meta_clockdemon); *out = (float)((double)(index + 1) * (double)mp4->basemetadataduration / (double)mp4->meta_clockdemon); return 0; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,157102844585889,1 3286,CWE-787,"ahcp_time_print(netdissect_options *ndo, const u_char *cp, uint8_t len) { time_t t; struct tm *tm; char buf[BUFSIZE]; if (len != 4) goto invalid; t = GET_BE_U_4(cp); if (NULL == (tm = gmtime(&t))) ND_PRINT("": gmtime() error""); else if (0 == strftime(buf, sizeof(buf), ""%Y-%m-%d %H:%M:%S"", tm)) ND_PRINT("": strftime() error""); else ND_PRINT("": %s UTC"", buf); return; invalid: nd_print_invalid(ndo); ND_TCHECK_LEN(cp, len); }",visit repo url,print-ahcp.c,https://github.com/the-tcpdump-group/tcpdump,253329470646710,1 1633,CWE-416,"static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst, struct flowi *fl, struct request_sock *req, struct tcp_fastopen_cookie *foc, bool attach_req) { struct inet_request_sock *ireq = inet_rsk(req); struct ipv6_pinfo *np = inet6_sk(sk); struct flowi6 *fl6 = &fl->u.ip6; struct sk_buff *skb; int err = -ENOMEM; if (!dst && (dst = inet6_csk_route_req(sk, fl6, req, IPPROTO_TCP)) == NULL) goto done; skb = tcp_make_synack(sk, dst, req, foc, attach_req); if (skb) { __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr, &ireq->ir_v6_rmt_addr); fl6->daddr = ireq->ir_v6_rmt_addr; if (np->repflow && ireq->pktopts) fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts)); err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass); err = net_xmit_eval(err); } done: return err; }",visit repo url,net/ipv6/tcp_ipv6.c,https://github.com/torvalds/linux,192217774200733,1 3483,CWE-295,"int main(int argc, char **argv) { struct st_command *command; my_bool q_send_flag= 0, abort_flag= 0; uint command_executed= 0, last_command_executed= 0; char save_file[FN_REFLEN]; char output_file[FN_REFLEN]; MY_INIT(argv[0]); save_file[0]= 0; output_file[0]= 0; TMPDIR[0]= 0; init_signal_handling(); memset(&saved_expected_errors, 0, sizeof(saved_expected_errors)); #ifdef EMBEDDED_LIBRARY (void) pthread_attr_init(&cn_thd_attrib); pthread_attr_setstacksize(&cn_thd_attrib, DEFAULT_THREAD_STACK); #endif memset(file_stack, 0, sizeof(file_stack)); file_stack_end= file_stack + (sizeof(file_stack)/sizeof(struct st_test_file)) - 1; cur_file= file_stack; memset(block_stack, 0, sizeof(block_stack)); block_stack_end= block_stack + (sizeof(block_stack)/sizeof(struct st_block)) - 1; cur_block= block_stack; cur_block->ok= TRUE; cur_block->cmd= cmd_none; my_init_dynamic_array(&q_lines, sizeof(struct st_command*), 1024, 1024); if (my_hash_init(&var_hash, charset_info, 1024, 0, 0, get_var_key, var_free, MYF(0))) die(""Variable hash initialization failed""); { char path_separator[]= { FN_LIBCHAR, 0 }; var_set_string(""SYSTEM_PATH_SEPARATOR"", path_separator); } var_set_string(""MYSQL_SERVER_VERSION"", MYSQL_SERVER_VERSION); var_set_string(""MYSQL_SYSTEM_TYPE"", SYSTEM_TYPE); var_set_string(""MYSQL_MACHINE_TYPE"", MACHINE_TYPE); if (sizeof(void *) == 8) { var_set_string(""MYSQL_SYSTEM_ARCHITECTURE"", ""64""); } else { var_set_string(""MYSQL_SYSTEM_ARCHITECTURE"", ""32""); } memset(&master_pos, 0, sizeof(master_pos)); parser.current_line= parser.read_lines= 0; memset(&var_reg, 0, sizeof(var_reg)); init_builtin_echo(); #ifdef _WIN32 is_windows= 1; init_win_path_patterns(); #endif init_dynamic_string(&ds_res, """", 2048, 2048); parse_args(argc, argv); log_file.open(opt_logdir, result_file_name, "".log""); verbose_msg(""Logging to '%s'."", log_file.file_name()); if (opt_mark_progress) { progress_file.open(opt_logdir, result_file_name, "".progress""); verbose_msg(""Tracing progress in '%s'."", progress_file.file_name()); } connections= (struct st_connection*) my_malloc(PSI_NOT_INSTRUMENTED, (opt_max_connections+2) * sizeof(struct st_connection), MYF(MY_WME | MY_ZEROFILL)); connections_end= connections + opt_max_connections +1; next_con= connections + 1; var_set_int(""$PS_PROTOCOL"", ps_protocol); var_set_int(""$SP_PROTOCOL"", sp_protocol); var_set_int(""$VIEW_PROTOCOL"", view_protocol); var_set_int(""$OPT_TRACE_PROTOCOL"", opt_trace_protocol); var_set_int(""$EXPLAIN_PROTOCOL"", explain_protocol); var_set_int(""$JSON_EXPLAIN_PROTOCOL"", json_explain_protocol); var_set_int(""$CURSOR_PROTOCOL"", cursor_protocol); var_set_int(""$ENABLED_QUERY_LOG"", 1); var_set_int(""$ENABLED_ABORT_ON_ERROR"", 1); var_set_int(""$ENABLED_RESULT_LOG"", 1); var_set_int(""$ENABLED_CONNECT_LOG"", 0); var_set_int(""$ENABLED_WARNINGS"", 1); var_set_int(""$ENABLED_INFO"", 0); var_set_int(""$ENABLED_METADATA"", 0); DBUG_PRINT(""info"",(""result_file: '%s'"", result_file_name ? result_file_name : """")); verbose_msg(""Results saved in '%s'."", result_file_name ? result_file_name : """"); if (mysql_server_init(embedded_server_arg_count, embedded_server_args, (char**) embedded_server_groups)) die(""Can't initialize MySQL server""); server_initialized= 1; if (cur_file == file_stack && cur_file->file == 0) { cur_file->file= stdin; cur_file->file_name= my_strdup(PSI_NOT_INSTRUMENTED, """", MYF(MY_WME)); cur_file->lineno= 1; } var_set_string(""MYSQLTEST_FILE"", cur_file->file_name); init_re(); if (cursor_protocol) ps_protocol= 1; ps_protocol_enabled= ps_protocol; sp_protocol_enabled= sp_protocol; view_protocol_enabled= view_protocol; opt_trace_protocol_enabled= opt_trace_protocol; explain_protocol_enabled= explain_protocol; json_explain_protocol_enabled= json_explain_protocol; cursor_protocol_enabled= cursor_protocol; st_connection *con= connections; #ifdef EMBEDDED_LIBRARY if (ps_protocol) die(""--ps-protocol is not supported in embedded mode""); init_connection_thd(con); #endif if (!( mysql_init(&con->mysql))) die(""Failed in mysql_init()""); if (opt_connect_timeout) mysql_options(&con->mysql, MYSQL_OPT_CONNECT_TIMEOUT, (void *) &opt_connect_timeout); if (opt_compress) mysql_options(&con->mysql,MYSQL_OPT_COMPRESS,NullS); mysql_options(&con->mysql, MYSQL_OPT_LOCAL_INFILE, 0); mysql_options(&con->mysql, MYSQL_SET_CHARSET_NAME, charset_info->csname); if (opt_charsets_dir) mysql_options(&con->mysql, MYSQL_SET_CHARSET_DIR, opt_charsets_dir); #ifndef EMBEDDED_LIBRARY if (opt_protocol) mysql_options(&con->mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); #endif #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) if (opt_use_ssl) { mysql_ssl_set(&con->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); mysql_options(&con->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(&con->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); #if MYSQL_VERSION_ID >= 50000 opt_ssl_verify_server_cert= opt_host && !strcmp(opt_host, ""localhost""); mysql_options(&con->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &opt_ssl_verify_server_cert); #endif } #endif #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) if (shared_memory_base_name) mysql_options(&con->mysql,MYSQL_SHARED_MEMORY_BASE_NAME,shared_memory_base_name); #endif if (!(con->name = my_strdup(PSI_NOT_INSTRUMENTED, ""default"", MYF(MY_WME)))) die(""Out of memory""); safe_connect(&con->mysql, con->name, opt_host, opt_user, opt_pass, opt_db, opt_port, unix_sock); timer_start= timer_now(); var_set_errno(-1); set_current_connection(con); if (opt_include) { open_file(opt_include); } verbose_msg(""Start processing test commands from '%s' ..."", cur_file->file_name); while (!read_command(&command) && !abort_flag) { int current_line_inc = 1, processed = 0; if (command->type == Q_UNKNOWN || command->type == Q_COMMENT_WITH_COMMAND) get_command_type(command); if (parsing_disabled && command->type != Q_ENABLE_PARSING && command->type != Q_DISABLE_PARSING) { command->type= Q_COMMENT; } command->abort_on_error= (command->expected_errors.count == 0 && abort_on_error); my_bool ok_to_do= cur_block->ok || command->type == Q_DELIMITER; if (!ok_to_do) { if (command->type == Q_SOURCE || command->type == Q_ERROR || command->type == Q_WRITE_FILE || command->type == Q_APPEND_FILE || command->type == Q_PERL) { for (struct st_block *stb= cur_block-1; stb >= block_stack; stb--) { if (stb->cmd == cmd_while) { ok_to_do= 1; break; } } } } if (ok_to_do) { command->last_argument= command->first_argument; processed = 1; curr_command= command; switch (command->type) { case Q_CONNECT: do_connect(command); break; case Q_CONNECTION: select_connection(command); break; case Q_DISCONNECT: case Q_DIRTY_CLOSE: do_close_connection(command); break; case Q_ENABLE_QUERY_LOG: set_property(command, P_QUERY, 0); break; case Q_DISABLE_QUERY_LOG: set_property(command, P_QUERY, 1); break; case Q_ENABLE_ABORT_ON_ERROR: set_property(command, P_ABORT, 1); break; case Q_DISABLE_ABORT_ON_ERROR: set_property(command, P_ABORT, 0); break; case Q_ENABLE_RESULT_LOG: set_property(command, P_RESULT, 0); break; case Q_DISABLE_RESULT_LOG: set_property(command, P_RESULT, 1); break; case Q_ENABLE_CONNECT_LOG: set_property(command, P_CONNECT, 0); break; case Q_DISABLE_CONNECT_LOG: set_property(command, P_CONNECT, 1); break; case Q_ENABLE_WARNINGS: set_property(command, P_WARN, 0); break; case Q_DISABLE_WARNINGS: set_property(command, P_WARN, 1); break; case Q_ENABLE_INFO: set_property(command, P_INFO, 0); break; case Q_DISABLE_INFO: set_property(command, P_INFO, 1); break; case Q_ENABLE_METADATA: set_property(command, P_META, 1); break; case Q_DISABLE_METADATA: set_property(command, P_META, 0); break; case Q_SOURCE: do_source(command); break; case Q_SLEEP: do_sleep(command, 0); break; case Q_REAL_SLEEP: do_sleep(command, 1); break; case Q_WAIT_FOR_SLAVE_TO_STOP: do_wait_for_slave_to_stop(command); break; case Q_INC: do_modify_var(command, DO_INC); break; case Q_DEC: do_modify_var(command, DO_DEC); break; case Q_ECHO: do_echo(command); command_executed++; break; case Q_SYSTEM: die(""'system' command is deprecated, use exec or\n""\ "" see the manual for portable commands to use""); break; case Q_REMOVE_FILE: do_remove_file(command); break; case Q_REMOVE_FILES_WILDCARD: do_remove_files_wildcard(command); break; case Q_MKDIR: do_mkdir(command); break; case Q_RMDIR: do_rmdir(command); break; case Q_LIST_FILES: do_list_files(command); break; case Q_LIST_FILES_WRITE_FILE: do_list_files_write_file_command(command, FALSE); break; case Q_LIST_FILES_APPEND_FILE: do_list_files_write_file_command(command, TRUE); break; case Q_FILE_EXIST: do_file_exist(command); break; case Q_WRITE_FILE: do_write_file(command); break; case Q_APPEND_FILE: do_append_file(command); break; case Q_DIFF_FILES: do_diff_files(command); break; case Q_SEND_QUIT: do_send_quit(command); break; case Q_CHANGE_USER: do_change_user(command); break; case Q_CAT_FILE: do_cat_file(command); break; case Q_COPY_FILE: do_copy_file(command); break; case Q_MOVE_FILE: do_move_file(command); break; case Q_CHMOD_FILE: do_chmod_file(command); break; case Q_PERL: do_perl(command); break; case Q_RESULT_FORMAT_VERSION: do_result_format_version(command); break; case Q_DELIMITER: do_delimiter(command); break; case Q_DISPLAY_VERTICAL_RESULTS: display_result_vertically= TRUE; break; case Q_DISPLAY_HORIZONTAL_RESULTS: display_result_vertically= FALSE; break; case Q_SORTED_RESULT: display_result_sorted= TRUE; break; case Q_LOWERCASE: display_result_lower= TRUE; break; case Q_LET: do_let(command); break; case Q_EVAL_RESULT: die(""'eval_result' command is deprecated""); case Q_EVAL: case Q_QUERY_VERTICAL: case Q_QUERY_HORIZONTAL: if (command->query == command->query_buf) { command->query= command->first_argument; command->first_word_len= 0; } case Q_QUERY: case Q_REAP: { my_bool old_display_result_vertically= display_result_vertically; int flags= QUERY_REAP_FLAG | QUERY_SEND_FLAG; if (q_send_flag) { flags= QUERY_SEND_FLAG; q_send_flag= 0; } else if (command->type == Q_REAP) { flags= QUERY_REAP_FLAG; } display_result_vertically|= (command->type == Q_QUERY_VERTICAL); if (explain_protocol_enabled) run_explain(cur_con, command, flags, 0); if (json_explain_protocol_enabled) run_explain(cur_con, command, flags, 1); if (*save_file) { strmake(command->require_file, save_file, sizeof(save_file) - 1); *save_file= 0; } if (*output_file) { strmake(command->output_file, output_file, sizeof(output_file) - 1); *output_file= 0; } run_query(cur_con, command, flags); display_opt_trace(cur_con, command, flags); command_executed++; command->last_argument= command->end; display_result_vertically= old_display_result_vertically; break; } case Q_SEND: case Q_SEND_EVAL: if (!*command->first_argument) { q_send_flag= 1; break; } if (command->query == command->query_buf) command->query= command->first_argument; run_query(cur_con, command, QUERY_SEND_FLAG); command_executed++; command->last_argument= command->end; break; case Q_REQUIRE: do_get_file_name(command, save_file, sizeof(save_file)); break; case Q_ERROR: do_get_errcodes(command); break; case Q_REPLACE: do_get_replace(command); break; case Q_REPLACE_REGEX: do_get_replace_regex(command); break; case Q_REPLACE_COLUMN: do_get_replace_column(command); break; case Q_SAVE_MASTER_POS: do_save_master_pos(); break; case Q_SYNC_WITH_MASTER: do_sync_with_master(command); break; case Q_SYNC_SLAVE_WITH_MASTER: { do_save_master_pos(); if (*command->first_argument) select_connection(command); else select_connection_name(""slave""); do_sync_with_master2(command, 0); break; } case Q_COMMENT: { command->last_argument= command->end; if (opt_result_format_version == 1) break; if (disable_query_log) break; const char* p= command->query; if (p && *p == '#' && *(p+1) == '#') { dynstr_append_mem(&ds_res, command->query, command->query_len); dynstr_append(&ds_res, ""\n""); } break; } case Q_EMPTY_LINE: if (opt_result_format_version == 1) break; if (disable_query_log) break; dynstr_append(&ds_res, ""\n""); break; case Q_PING: handle_command_error(command, mysql_ping(&cur_con->mysql)); break; case Q_RESET_CONNECTION: do_reset_connection(); break; case Q_SEND_SHUTDOWN: handle_command_error(command, mysql_shutdown(&cur_con->mysql, SHUTDOWN_DEFAULT)); break; case Q_SHUTDOWN_SERVER: do_shutdown_server(command); break; case Q_EXEC: case Q_EXECW: do_exec(command); command_executed++; break; case Q_START_TIMER: timer_start= timer_now(); break; case Q_END_TIMER: timer_output(); break; case Q_CHARACTER_SET: do_set_charset(command); break; case Q_DISABLE_PS_PROTOCOL: set_property(command, P_PS, 0); close_statements(); break; case Q_ENABLE_PS_PROTOCOL: set_property(command, P_PS, ps_protocol); break; case Q_DISABLE_RECONNECT: set_reconnect(&cur_con->mysql, 0); break; case Q_ENABLE_RECONNECT: set_reconnect(&cur_con->mysql, 1); close_statements(); break; case Q_DISABLE_PARSING: if (parsing_disabled == 0) parsing_disabled= 1; else die(""Parsing is already disabled""); break; case Q_ENABLE_PARSING: if (parsing_disabled == 1) parsing_disabled= 0; else die(""Parsing is already enabled""); break; case Q_DIE: die(""%s"", command->first_argument); break; case Q_EXIT: abort_flag= 1; break; case Q_SKIP: abort_not_supported_test(""%s"", command->first_argument); break; case Q_RESULT: die(""result, deprecated command""); break; case Q_OUTPUT: { static DYNAMIC_STRING ds_to_file; const struct command_arg output_file_args[] = {{ ""to_file"", ARG_STRING, TRUE, &ds_to_file, ""Output filename"" }}; check_command_args(command, command->first_argument, output_file_args, 1, ' '); strmake(output_file, ds_to_file.str, FN_REFLEN); dynstr_free(&ds_to_file); break; } default: processed= 0; break; } } if (!processed) { current_line_inc= 0; switch (command->type) { case Q_WHILE: do_block(cmd_while, command); break; case Q_IF: do_block(cmd_if, command); break; case Q_END_BLOCK: do_done(command); break; default: current_line_inc = 1; break; } } else check_eol_junk(command->last_argument); if (command->type != Q_ERROR && command->type != Q_COMMENT) { memset(&saved_expected_errors, 0, sizeof(saved_expected_errors)); } if (command_executed != last_command_executed || command->used_replace) { free_all_replace(); display_result_sorted= FALSE; display_result_lower= FALSE; } last_command_executed= command_executed; parser.current_line += current_line_inc; if ( opt_mark_progress ) mark_progress(command, parser.current_line); log_file.write(&ds_res); log_file.flush(); dynstr_set(&ds_res, 0); } log_file.close(); start_lineno= 0; verbose_msg(""... Done processing test commands.""); if (parsing_disabled) die(""Test ended with parsing disabled""); my_bool empty_result= FALSE; if (log_file.bytes_written()) { if (result_file_name) { if (record) { if (my_copy(log_file.file_name(), result_file_name, MYF(0)) != 0) die(""Failed to copy '%s' to '%s', errno: %d"", log_file.file_name(), result_file_name, errno); } else { check_result(); } } } else { if (! result_file_name || record || compare_files (log_file.file_name(), result_file_name)) { die(""The test didn't produce any output""); } else { empty_result= TRUE; } } if (!command_executed && result_file_name && !empty_result) die(""No queries executed but non-empty result file found!""); verbose_msg(""Test has succeeded!""); timer_output(); cleanup_and_exit(0); return 0; }",visit repo url,client/mysqltest.cc,https://github.com/mysql/mysql-server,51194941046555,1 4537,CWE-193,"char *gf_text_get_utf8_line(char *szLine, u32 lineSize, FILE *txt_in, s32 unicode_type) { u32 i, j, len; char *sOK; char szLineConv[2048]; unsigned short *sptr; memset(szLine, 0, sizeof(char)*lineSize); sOK = gf_fgets(szLine, lineSize, txt_in); if (!sOK) return NULL; if (unicode_type<=1) { j=0; len = (u32) strlen(szLine); for (i=0; i> 6) & 0x3 ); j++; szLine[i] &= 0xbf; } else if ( (szLine[i] & 0xe0) == 0xc0) { szLineConv[j] = szLine[i]; i++; j++; } else if ( (szLine[i] & 0xf0) == 0xe0) { szLineConv[j] = szLine[i]; i++; j++; szLineConv[j] = szLine[i]; i++; j++; } else if ( (szLine[i] & 0xf8) == 0xf0) { szLineConv[j] = szLine[i]; i++; j++; szLineConv[j] = szLine[i]; i++; j++; szLineConv[j] = szLine[i]; i++; j++; } else { i+=1; continue; } } szLineConv[j] = szLine[i]; j++; if (j >= GF_ARRAY_LENGTH(szLineConv) - 1) { GF_LOG(GF_LOG_DEBUG, GF_LOG_PARSER, (""[TXTIn] Line too long to convert to utf8 (len: %d)\n"", len)); break; } } szLineConv[j] = 0; strcpy(szLine, szLineConv); return sOK; } #ifdef GPAC_BIG_ENDIAN if (unicode_type==3) #else if (unicode_type==2) #endif { i=0; while (1) { char c; if (!szLine[i] && !szLine[i+1]) break; c = szLine[i+1]; szLine[i+1] = szLine[i]; szLine[i] = c; i+=2; } } sptr = (u16 *)szLine; i = gf_utf8_wcstombs(szLineConv, 2048, (const unsigned short **) &sptr); if (i == GF_UTF8_FAIL) i = 0; szLineConv[i] = 0; strcpy(szLine, szLineConv); if (unicode_type==3) gf_fgetc(txt_in); return sOK;",visit repo url,src/filters/load_text.c,https://github.com/gpac/gpac,37619413528500,1 1294,['CWE-119'],"static void __exit nf_nat_snmp_basic_fini(void) { nf_conntrack_helper_unregister(&snmp_helper); nf_conntrack_helper_unregister(&snmp_trap_helper); }",linux-2.6,,,218828217356830553704461525672506982474,0 5253,['CWE-264'],"static void free_inherited_info(struct pai_val *pal) { if (pal) { struct pai_entry *paie, *paie_next; for (paie = pal->entry_list; paie; paie = paie_next) { paie_next = paie->next; SAFE_FREE(paie); } for (paie = pal->def_entry_list; paie; paie = paie_next) { paie_next = paie->next; SAFE_FREE(paie); } SAFE_FREE(pal); } }",samba,,,298718196153602929754198733093066194752,0 415,CWE-416,"int hns_nic_net_xmit_hw(struct net_device *ndev, struct sk_buff *skb, struct hns_nic_ring_data *ring_data) { struct hns_nic_priv *priv = netdev_priv(ndev); struct hnae_ring *ring = ring_data->ring; struct device *dev = ring_to_dev(ring); struct netdev_queue *dev_queue; struct skb_frag_struct *frag; int buf_num; int seg_num; dma_addr_t dma; int size, next_to_use; int i; switch (priv->ops.maybe_stop_tx(&skb, &buf_num, ring)) { case -EBUSY: ring->stats.tx_busy++; goto out_net_tx_busy; case -ENOMEM: ring->stats.sw_err_cnt++; netdev_err(ndev, ""no memory to xmit!\n""); goto out_err_tx_ok; default: break; } seg_num = skb_shinfo(skb)->nr_frags + 1; next_to_use = ring->next_to_use; size = skb_headlen(skb); dma = dma_map_single(dev, skb->data, size, DMA_TO_DEVICE); if (dma_mapping_error(dev, dma)) { netdev_err(ndev, ""TX head DMA map failed\n""); ring->stats.sw_err_cnt++; goto out_err_tx_ok; } priv->ops.fill_desc(ring, skb, size, dma, seg_num == 1 ? 1 : 0, buf_num, DESC_TYPE_SKB, ndev->mtu); for (i = 1; i < seg_num; i++) { frag = &skb_shinfo(skb)->frags[i - 1]; size = skb_frag_size(frag); dma = skb_frag_dma_map(dev, frag, 0, size, DMA_TO_DEVICE); if (dma_mapping_error(dev, dma)) { netdev_err(ndev, ""TX frag(%d) DMA map failed\n"", i); ring->stats.sw_err_cnt++; goto out_map_frag_fail; } priv->ops.fill_desc(ring, skb_frag_page(frag), size, dma, seg_num - 1 == i ? 1 : 0, buf_num, DESC_TYPE_PAGE, ndev->mtu); } dev_queue = netdev_get_tx_queue(ndev, skb->queue_mapping); netdev_tx_sent_queue(dev_queue, skb->len); wmb(); assert(skb->queue_mapping < priv->ae_handle->q_num); hnae_queue_xmit(priv->ae_handle->qs[skb->queue_mapping], buf_num); ring->stats.tx_pkts++; ring->stats.tx_bytes += skb->len; return NETDEV_TX_OK; out_map_frag_fail: while (ring->next_to_use != next_to_use) { unfill_desc(ring); if (ring->next_to_use != next_to_use) dma_unmap_page(dev, ring->desc_cb[ring->next_to_use].dma, ring->desc_cb[ring->next_to_use].length, DMA_TO_DEVICE); else dma_unmap_single(dev, ring->desc_cb[next_to_use].dma, ring->desc_cb[next_to_use].length, DMA_TO_DEVICE); } out_err_tx_ok: dev_kfree_skb_any(skb); return NETDEV_TX_OK; out_net_tx_busy: netif_stop_subqueue(ndev, skb->queue_mapping); smp_mb(); return NETDEV_TX_BUSY; }",visit repo url,drivers/net/ethernet/hisilicon/hns/hns_enet.c,https://github.com/torvalds/linux,15467267412774,1 3980,['CWE-362'],"static void free_chunk(struct audit_chunk *chunk) { int i; for (i = 0; i < chunk->count; i++) { if (chunk->owners[i].owner) put_tree(chunk->owners[i].owner); } kfree(chunk); }",linux-2.6,,,176701662540568230931610256368414399289,0 6331,CWE-295,"NOEXPORT unsigned __stdcall daemon_thread(void *arg) { (void)arg; tls_alloc(NULL, NULL, ""main""); main_init(); SetEvent(main_initialized); while(main_configure(cmdline.config_file, NULL)) { if(cmdline.config_file && *cmdline.config_file=='-') cmdline.config_file=NULL; unbind_ports(); log_flush(LOG_MODE_ERROR); PostMessage(hwnd, WM_INVALID_CONFIG, 0, 0); WaitForSingleObject(config_ready, INFINITE); } PostMessage(hwnd, WM_VALID_CONFIG, 0, 0); daemon_loop(); main_cleanup(); _endthreadex(0); return 0; }",visit repo url,src/ui_win_gui.c,https://github.com/mtrojnar/stunnel,77958043540664,1 6123,['CWE-200'],"static void cbq_walk(struct Qdisc *sch, struct qdisc_walker *arg) { struct cbq_sched_data *q = qdisc_priv(sch); unsigned h; if (arg->stop) return; for (h = 0; h < 16; h++) { struct cbq_class *cl; for (cl = q->classes[h]; cl; cl = cl->next) { if (arg->count < arg->skip) { arg->count++; continue; } if (arg->fn(sch, (unsigned long)cl, arg) < 0) { arg->stop = 1; return; } arg->count++; } } }",linux-2.6,,,71713012656806258181891264018170270667,0 714,[],"int jpc_putms(jas_stream_t *out, jpc_cstate_t *cstate, jpc_ms_t *ms) { jas_stream_t *tmpstream; int len; if (jpc_putuint16(out, ms->id)) { return -1; } if (ms->ops->putparms) { if (!(tmpstream = jas_stream_memopen(0, 0))) { return -1; } if ((*ms->ops->putparms)(ms, cstate, tmpstream)) { jas_stream_close(tmpstream); return -1; } if ((len = jas_stream_tell(tmpstream)) < 0) { jas_stream_close(tmpstream); return -1; } ms->len = len; if (jas_stream_seek(tmpstream, 0, SEEK_SET) < 0 || jpc_putuint16(out, ms->len + 2) || jas_stream_copy(out, tmpstream, ms->len) < 0) { jas_stream_close(tmpstream); return -1; } jas_stream_close(tmpstream); } if (ms->id == JPC_MS_SIZ) { cstate->numcomps = ms->parms.siz.numcomps; } if (jas_getdbglevel() > 0) { jpc_ms_dump(ms, stderr); } return 0; }",jasper,,,268898297187113081937624339446206559460,0 5988,['CWE-200'],"static void cbq_rmprio(struct cbq_sched_data *q, struct cbq_class *cl) { q->nclasses[cl->priority]--; q->quanta[cl->priority] -= cl->weight; cbq_normalize_quanta(q, cl->priority); }",linux-2.6,,,242097910226146307259725938112051856888,0 618,CWE-17,"static int do_dentry_open(struct file *f, int (*open)(struct inode *, struct file *), const struct cred *cred) { static const struct file_operations empty_fops = {}; struct inode *inode; int error; f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE; if (unlikely(f->f_flags & O_PATH)) f->f_mode = FMODE_PATH; path_get(&f->f_path); inode = f->f_inode = f->f_path.dentry->d_inode; if (f->f_mode & FMODE_WRITE) { error = __get_file_write_access(inode, f->f_path.mnt); if (error) goto cleanup_file; if (!special_file(inode->i_mode)) file_take_write(f); } f->f_mapping = inode->i_mapping; file_sb_list_add(f, inode->i_sb); if (unlikely(f->f_mode & FMODE_PATH)) { f->f_op = &empty_fops; return 0; } f->f_op = fops_get(inode->i_fop); if (unlikely(WARN_ON(!f->f_op))) { error = -ENODEV; goto cleanup_all; } error = security_file_open(f, cred); if (error) goto cleanup_all; error = break_lease(inode, f->f_flags); if (error) goto cleanup_all; if (!open) open = f->f_op->open; if (open) { error = open(inode, f); if (error) goto cleanup_all; } if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) i_readcount_inc(inode); f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping); return 0; cleanup_all: fops_put(f->f_op); file_sb_list_del(f); if (f->f_mode & FMODE_WRITE) { put_write_access(inode); if (!special_file(inode->i_mode)) { file_reset_write(f); __mnt_drop_write(f->f_path.mnt); } } cleanup_file: path_put(&f->f_path); f->f_path.mnt = NULL; f->f_path.dentry = NULL; f->f_inode = NULL; return error; }",visit repo url,fs/open.c,https://github.com/torvalds/linux,62712500668585,1 6643,CWE-125,"static void compile_xclass_matchingpath(compiler_common *common, PCRE2_SPTR cc, jump_list **backtracks) { DEFINE_COMPILER; jump_list *found = NULL; jump_list **list = (cc[0] & XCL_NOT) == 0 ? &found : backtracks; sljit_uw c, charoffset, max = 256, min = READ_CHAR_MAX; struct sljit_jump *jump = NULL; PCRE2_SPTR ccbegin; int compares, invertcmp, numberofcmps; #if defined SUPPORT_UNICODE && (PCRE2_CODE_UNIT_WIDTH == 8 || PCRE2_CODE_UNIT_WIDTH == 16) BOOL utf = common->utf; #endif #ifdef SUPPORT_UNICODE sljit_u32 unicode_status = 0; int typereg = TMP1; const sljit_u32 *other_cases; sljit_uw typeoffset; #endif cc++; ccbegin = cc; compares = 0; if (cc[-1] & XCL_MAP) { min = 0; cc += 32 / sizeof(PCRE2_UCHAR); } while (*cc != XCL_END) { compares++; if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); if (c > max) max = c; if (c < min) min = c; #ifdef SUPPORT_UNICODE unicode_status |= XCLASS_SAVE_CHAR; #endif } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); if (c < min) min = c; GETCHARINCTEST(c, cc); if (c > max) max = c; #ifdef SUPPORT_UNICODE unicode_status |= XCLASS_SAVE_CHAR; #endif } #ifdef SUPPORT_UNICODE else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; if (*cc == PT_CLIST) { other_cases = PRIV(ucd_caseless_sets) + cc[1]; while (*other_cases != NOTACHAR) { if (*other_cases > max) max = *other_cases; if (*other_cases < min) min = *other_cases; other_cases++; } } else { max = READ_CHAR_MAX; min = 0; } switch(*cc) { case PT_ANY: if (cc[-1] == XCL_PROP) { compile_char1_matchingpath(common, OP_ALLANY, cc, backtracks, FALSE); if (list == backtracks) add_jump(compiler, backtracks, JUMP(SLJIT_JUMP)); return; } break; case PT_LAMP: case PT_GC: case PT_PC: case PT_ALNUM: unicode_status |= XCLASS_HAS_TYPE; break; case PT_SCX: unicode_status |= XCLASS_HAS_SCRIPT_EXTENSION; if (cc[-1] == XCL_NOTPROP) { unicode_status |= XCLASS_SCRIPT_EXTENSION_NOTPROP; break; } compares++; case PT_SC: unicode_status |= XCLASS_HAS_SCRIPT; break; case PT_SPACE: case PT_PXSPACE: case PT_WORD: case PT_PXGRAPH: case PT_PXPRINT: case PT_PXPUNCT: unicode_status |= XCLASS_SAVE_CHAR | XCLASS_HAS_TYPE; break; case PT_CLIST: case PT_UCNC: unicode_status |= XCLASS_SAVE_CHAR; break; case PT_BOOL: unicode_status |= XCLASS_HAS_BOOL; break; case PT_BIDICL: unicode_status |= XCLASS_HAS_BIDICL; break; default: SLJIT_UNREACHABLE(); break; } cc += 2; } #endif } SLJIT_ASSERT(compares > 0); cc = ccbegin; if ((cc[-1] & XCL_NOT) != 0) read_char(common, min, max, backtracks, READ_CHAR_UPDATE_STR_PTR); else { #ifdef SUPPORT_UNICODE read_char(common, min, max, (unicode_status & XCLASS_NEEDS_UCD) ? backtracks : NULL, 0); #else read_char(common, min, max, NULL, 0); #endif } if ((cc[-1] & XCL_HASPROP) == 0) { if ((cc[-1] & XCL_MAP) != 0) { jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255); if (!optimize_class(common, (const sljit_u8 *)cc, (((const sljit_u8 *)cc)[31] & 0x80) != 0, TRUE, &found)) { OP2(SLJIT_AND, TMP2, 0, TMP1, 0, SLJIT_IMM, 0x7); OP2(SLJIT_LSHR, TMP1, 0, TMP1, 0, SLJIT_IMM, 3); OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)cc); OP2(SLJIT_SHL, TMP2, 0, SLJIT_IMM, 1, TMP2, 0); OP2U(SLJIT_AND | SLJIT_SET_Z, TMP1, 0, TMP2, 0); add_jump(compiler, &found, JUMP(SLJIT_NOT_ZERO)); } add_jump(compiler, backtracks, JUMP(SLJIT_JUMP)); JUMPHERE(jump); cc += 32 / sizeof(PCRE2_UCHAR); } else { OP2(SLJIT_SUB, TMP2, 0, TMP1, 0, SLJIT_IMM, min); add_jump(compiler, (cc[-1] & XCL_NOT) == 0 ? backtracks : &found, CMP(SLJIT_GREATER, TMP2, 0, SLJIT_IMM, max - min)); } } else if ((cc[-1] & XCL_MAP) != 0) { OP1(SLJIT_MOV, RETURN_ADDR, 0, TMP1, 0); #ifdef SUPPORT_UNICODE unicode_status |= XCLASS_CHAR_SAVED; #endif if (!optimize_class(common, (const sljit_u8 *)cc, FALSE, TRUE, list)) { #if PCRE2_CODE_UNIT_WIDTH == 8 jump = NULL; if (common->utf) #endif jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255); OP2(SLJIT_AND, TMP2, 0, TMP1, 0, SLJIT_IMM, 0x7); OP2(SLJIT_LSHR, TMP1, 0, TMP1, 0, SLJIT_IMM, 3); OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)cc); OP2(SLJIT_SHL, TMP2, 0, SLJIT_IMM, 1, TMP2, 0); OP2U(SLJIT_AND | SLJIT_SET_Z, TMP1, 0, TMP2, 0); add_jump(compiler, list, JUMP(SLJIT_NOT_ZERO)); #if PCRE2_CODE_UNIT_WIDTH == 8 if (common->utf) #endif JUMPHERE(jump); } OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); cc += 32 / sizeof(PCRE2_UCHAR); } #ifdef SUPPORT_UNICODE if (unicode_status & XCLASS_NEEDS_UCD) { if ((unicode_status & (XCLASS_SAVE_CHAR | XCLASS_CHAR_SAVED)) == XCLASS_SAVE_CHAR) OP1(SLJIT_MOV, RETURN_ADDR, 0, TMP1, 0); #if PCRE2_CODE_UNIT_WIDTH == 32 if (!common->utf) { jump = CMP(SLJIT_LESS, TMP1, 0, SLJIT_IMM, MAX_UTF_CODE_POINT + 1); OP1(SLJIT_MOV, TMP1, 0, SLJIT_IMM, UNASSIGNED_UTF_CHAR); JUMPHERE(jump); } #endif OP2(SLJIT_LSHR, TMP2, 0, TMP1, 0, SLJIT_IMM, UCD_BLOCK_SHIFT); OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 1); OP1(SLJIT_MOV_U16, TMP2, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_stage1)); OP2(SLJIT_AND, TMP1, 0, TMP1, 0, SLJIT_IMM, UCD_BLOCK_MASK); OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, UCD_BLOCK_SHIFT); OP2(SLJIT_ADD, TMP1, 0, TMP1, 0, TMP2, 0); OP1(SLJIT_MOV, TMP2, 0, SLJIT_IMM, (sljit_sw)PRIV(ucd_stage2)); OP1(SLJIT_MOV_U16, TMP2, 0, SLJIT_MEM2(TMP2, TMP1), 1); OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 3); OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 2); OP2(SLJIT_ADD, TMP2, 0, TMP2, 0, TMP1, 0); ccbegin = cc; if (unicode_status & XCLASS_HAS_BIDICL) { OP1(SLJIT_MOV_U16, TMP1, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, scriptx_bidiclass)); OP2(SLJIT_LSHR, TMP1, 0, TMP1, 0, SLJIT_IMM, UCD_BIDICLASS_SHIFT); while (*cc != XCL_END) { if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); GETCHARINCTEST(c, cc); } else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; if (*cc == PT_BIDICL) { compares--; invertcmp = (compares == 0 && list != backtracks); if (cc[-1] == XCL_NOTPROP) invertcmp ^= 0x1; jump = CMP(SLJIT_EQUAL ^ invertcmp, TMP1, 0, SLJIT_IMM, (int)cc[1]); add_jump(compiler, compares > 0 ? list : backtracks, jump); } cc += 2; } } cc = ccbegin; } if (unicode_status & XCLASS_HAS_BOOL) { OP1(SLJIT_MOV_U16, TMP1, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, bprops)); OP2(SLJIT_AND, TMP1, 0, TMP1, 0, SLJIT_IMM, UCD_BPROPS_MASK); OP2(SLJIT_SHL, TMP1, 0, TMP1, 0, SLJIT_IMM, 2); while (*cc != XCL_END) { if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); GETCHARINCTEST(c, cc); } else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; if (*cc == PT_BOOL) { compares--; invertcmp = (compares == 0 && list != backtracks); if (cc[-1] == XCL_NOTPROP) invertcmp ^= 0x1; OP2U(SLJIT_AND32 | SLJIT_SET_Z, SLJIT_MEM1(TMP1), (sljit_sw)(PRIV(ucd_boolprop_sets) + (cc[1] >> 5)), SLJIT_IMM, (sljit_sw)1 << (cc[1] & 0x1f)); add_jump(compiler, compares > 0 ? list : backtracks, JUMP(SLJIT_NOT_ZERO ^ invertcmp)); } cc += 2; } } cc = ccbegin; } if (unicode_status & XCLASS_HAS_SCRIPT) { OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, script)); while (*cc != XCL_END) { if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); GETCHARINCTEST(c, cc); } else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; switch (*cc) { case PT_SCX: if (cc[-1] == XCL_NOTPROP) break; case PT_SC: compares--; invertcmp = (compares == 0 && list != backtracks); if (cc[-1] == XCL_NOTPROP) invertcmp ^= 0x1; add_jump(compiler, compares > 0 ? list : backtracks, CMP(SLJIT_EQUAL ^ invertcmp, TMP1, 0, SLJIT_IMM, (int)cc[1])); } cc += 2; } } cc = ccbegin; } if (unicode_status & XCLASS_HAS_SCRIPT_EXTENSION) { OP1(SLJIT_MOV_U16, TMP1, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, scriptx_bidiclass)); OP2(SLJIT_AND, TMP1, 0, TMP1, 0, SLJIT_IMM, UCD_SCRIPTX_MASK); OP2(SLJIT_SHL, TMP1, 0, TMP1, 0, SLJIT_IMM, 2); if (unicode_status & XCLASS_SCRIPT_EXTENSION_NOTPROP) { if (unicode_status & XCLASS_HAS_TYPE) { if (unicode_status & XCLASS_SAVE_CHAR) { OP1(SLJIT_MOV, SLJIT_MEM1(SLJIT_SP), LOCALS0, TMP2, 0); unicode_status |= XCLASS_SCRIPT_EXTENSION_RESTORE_LOCALS0; } else { OP1(SLJIT_MOV, RETURN_ADDR, 0, TMP2, 0); unicode_status |= XCLASS_SCRIPT_EXTENSION_RESTORE_RETURN_ADDR; } } OP1(SLJIT_MOV_U8, TMP2, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, script)); } while (*cc != XCL_END) { if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); GETCHARINCTEST(c, cc); } else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; if (*cc == PT_SCX) { compares--; invertcmp = (compares == 0 && list != backtracks); jump = NULL; if (cc[-1] == XCL_NOTPROP) { jump = CMP(SLJIT_EQUAL, TMP2, 0, SLJIT_IMM, (int)cc[1]); if (invertcmp) { add_jump(compiler, backtracks, jump); jump = NULL; } invertcmp ^= 0x1; } OP2U(SLJIT_AND32 | SLJIT_SET_Z, SLJIT_MEM1(TMP1), (sljit_sw)(PRIV(ucd_script_sets) + (cc[1] >> 5)), SLJIT_IMM, (sljit_sw)1 << (cc[1] & 0x1f)); add_jump(compiler, compares > 0 ? list : backtracks, JUMP(SLJIT_NOT_ZERO ^ invertcmp)); if (jump != NULL) JUMPHERE(jump); } cc += 2; } } if (unicode_status & XCLASS_SCRIPT_EXTENSION_RESTORE_LOCALS0) OP1(SLJIT_MOV, TMP2, 0, SLJIT_MEM1(SLJIT_SP), LOCALS0); else if (unicode_status & XCLASS_SCRIPT_EXTENSION_RESTORE_RETURN_ADDR) OP1(SLJIT_MOV, TMP2, 0, RETURN_ADDR, 0); cc = ccbegin; } if (unicode_status & XCLASS_SAVE_CHAR) OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); if (unicode_status & XCLASS_HAS_TYPE) { if (unicode_status & XCLASS_SAVE_CHAR) typereg = RETURN_ADDR; OP1(SLJIT_MOV_U8, typereg, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype)); } } #endif charoffset = 0; numberofcmps = 0; #ifdef SUPPORT_UNICODE typeoffset = 0; #endif while (*cc != XCL_END) { compares--; invertcmp = (compares == 0 && list != backtracks); jump = NULL; if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); if (numberofcmps < 3 && (*cc == XCL_SINGLE || *cc == XCL_RANGE)) { OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); OP_FLAGS(numberofcmps == 0 ? SLJIT_MOV : SLJIT_OR, TMP2, 0, SLJIT_EQUAL); numberofcmps++; } else if (numberofcmps > 0) { OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); numberofcmps = 0; } else { jump = CMP(SLJIT_EQUAL ^ invertcmp, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); numberofcmps = 0; } } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); SET_CHAR_OFFSET(c); GETCHARINCTEST(c, cc); if (numberofcmps < 3 && (*cc == XCL_SINGLE || *cc == XCL_RANGE)) { OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); OP_FLAGS(numberofcmps == 0 ? SLJIT_MOV : SLJIT_OR, TMP2, 0, SLJIT_LESS_EQUAL); numberofcmps++; } else if (numberofcmps > 0) { OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_LESS_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); numberofcmps = 0; } else { jump = CMP(SLJIT_LESS_EQUAL ^ invertcmp, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); numberofcmps = 0; } } #ifdef SUPPORT_UNICODE else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); if (*cc == XCL_NOTPROP) invertcmp ^= 0x1; cc++; switch(*cc) { case PT_ANY: if (!invertcmp) jump = JUMP(SLJIT_JUMP); break; case PT_LAMP: OP2U(SLJIT_SUB | SLJIT_SET_Z, typereg, 0, SLJIT_IMM, ucp_Lu - typeoffset); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, typereg, 0, SLJIT_IMM, ucp_Ll - typeoffset); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, typereg, 0, SLJIT_IMM, ucp_Lt - typeoffset); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_GC: c = PRIV(ucp_typerange)[(int)cc[1] * 2]; SET_TYPE_OFFSET(c); jump = CMP(SLJIT_LESS_EQUAL ^ invertcmp, typereg, 0, SLJIT_IMM, PRIV(ucp_typerange)[(int)cc[1] * 2 + 1] - c); break; case PT_PC: jump = CMP(SLJIT_EQUAL ^ invertcmp, typereg, 0, SLJIT_IMM, (int)cc[1] - typeoffset); break; case PT_SC: case PT_SCX: case PT_BOOL: case PT_BIDICL: compares++; break; case PT_SPACE: case PT_PXSPACE: SET_CHAR_OFFSET(9); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, 0xd - 0x9); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_LESS_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x85 - 0x9); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x180e - 0x9); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); SET_TYPE_OFFSET(ucp_Zl); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_Zs - ucp_Zl); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_LESS_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_WORD: OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(CHAR_UNDERSCORE - charoffset)); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); case PT_ALNUM: SET_TYPE_OFFSET(ucp_Ll); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_Lu - ucp_Ll); OP_FLAGS((*cc == PT_ALNUM) ? SLJIT_MOV : SLJIT_OR, TMP2, 0, SLJIT_LESS_EQUAL); SET_TYPE_OFFSET(ucp_Nd); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_No - ucp_Nd); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_LESS_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_CLIST: other_cases = PRIV(ucd_caseless_sets) + cc[1]; SLJIT_ASSERT(other_cases[0] != NOTACHAR && other_cases[1] != NOTACHAR && other_cases[2] != NOTACHAR); SLJIT_ASSERT(other_cases[0] < other_cases[1] && other_cases[1] < other_cases[2]); if (is_powerof2(other_cases[1] ^ other_cases[0])) { if (charoffset == 0) OP2(SLJIT_OR, TMP2, 0, TMP1, 0, SLJIT_IMM, other_cases[1] ^ other_cases[0]); else { OP2(SLJIT_ADD, TMP2, 0, TMP1, 0, SLJIT_IMM, (sljit_sw)charoffset); OP2(SLJIT_OR, TMP2, 0, TMP2, 0, SLJIT_IMM, other_cases[1] ^ other_cases[0]); } OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP2, 0, SLJIT_IMM, other_cases[1]); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); other_cases += 2; } else if (is_powerof2(other_cases[2] ^ other_cases[1])) { if (charoffset == 0) OP2(SLJIT_OR, TMP2, 0, TMP1, 0, SLJIT_IMM, other_cases[2] ^ other_cases[1]); else { OP2(SLJIT_ADD, TMP2, 0, TMP1, 0, SLJIT_IMM, (sljit_sw)charoffset); OP2(SLJIT_OR, TMP2, 0, TMP2, 0, SLJIT_IMM, other_cases[1] ^ other_cases[0]); } OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP2, 0, SLJIT_IMM, other_cases[2]); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(other_cases[0] - charoffset)); OP_FLAGS(SLJIT_OR | ((other_cases[3] == NOTACHAR) ? SLJIT_SET_Z : 0), TMP2, 0, SLJIT_EQUAL); other_cases += 3; } else { OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(*other_cases++ - charoffset)); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); } while (*other_cases != NOTACHAR) { OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(*other_cases++ - charoffset)); OP_FLAGS(SLJIT_OR | ((*other_cases == NOTACHAR) ? SLJIT_SET_Z : 0), TMP2, 0, SLJIT_EQUAL); } jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_UCNC: OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(CHAR_DOLLAR_SIGN - charoffset)); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(CHAR_COMMERCIAL_AT - charoffset)); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(CHAR_GRAVE_ACCENT - charoffset)); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); SET_CHAR_OFFSET(0xa0); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, (sljit_sw)(0xd7ff - charoffset)); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_LESS_EQUAL); SET_CHAR_OFFSET(0); OP2U(SLJIT_SUB | SLJIT_SET_GREATER_EQUAL, TMP1, 0, SLJIT_IMM, 0xe000 - 0); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_GREATER_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_PXGRAPH: SET_TYPE_OFFSET(ucp_Ll); OP2U(SLJIT_SUB | SLJIT_SET_GREATER, typereg, 0, SLJIT_IMM, ucp_So - ucp_Ll); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_GREATER); jump = CMP(SLJIT_NOT_EQUAL, typereg, 0, SLJIT_IMM, ucp_Cf - ucp_Ll); SET_CHAR_OFFSET(0x2066); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, 0x2069 - 0x2066); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_LESS_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x061c - 0x2066); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x180e - 0x2066); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); JUMPHERE(jump); jump = CMP(SLJIT_ZERO ^ invertcmp, TMP2, 0, SLJIT_IMM, 0); break; case PT_PXPRINT: SET_TYPE_OFFSET(ucp_Ll); OP2U(SLJIT_SUB | SLJIT_SET_GREATER, typereg, 0, SLJIT_IMM, ucp_So - ucp_Ll); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_GREATER); OP2U(SLJIT_SUB | SLJIT_SET_Z, typereg, 0, SLJIT_IMM, ucp_Zs - ucp_Ll); OP_FLAGS(SLJIT_AND, TMP2, 0, SLJIT_NOT_EQUAL); jump = CMP(SLJIT_NOT_EQUAL, typereg, 0, SLJIT_IMM, ucp_Cf - ucp_Ll); SET_CHAR_OFFSET(0x2066); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, 0x2069 - 0x2066); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_LESS_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x061c - 0x2066); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); JUMPHERE(jump); jump = CMP(SLJIT_ZERO ^ invertcmp, TMP2, 0, SLJIT_IMM, 0); break; case PT_PXPUNCT: SET_TYPE_OFFSET(ucp_Sc); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_So - ucp_Sc); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_LESS_EQUAL); SET_CHAR_OFFSET(0); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, 0x7f); OP_FLAGS(SLJIT_AND, TMP2, 0, SLJIT_LESS_EQUAL); SET_TYPE_OFFSET(ucp_Pc); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_Ps - ucp_Pc); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_LESS_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; default: SLJIT_UNREACHABLE(); break; } cc += 2; } #endif if (jump != NULL) add_jump(compiler, compares > 0 ? list : backtracks, jump); } if (found != NULL) set_jumps(found, LABEL()); }",visit repo url,src/pcre2_jit_compile.c,https://github.com/PCRE2Project/pcre2,269659923307246,1 1630,CWE-264,"static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst, struct flowi *fl, struct request_sock *req, struct tcp_fastopen_cookie *foc, bool attach_req) { struct inet_request_sock *ireq = inet_rsk(req); struct ipv6_pinfo *np = inet6_sk(sk); struct flowi6 *fl6 = &fl->u.ip6; struct sk_buff *skb; int err = -ENOMEM; if (!dst && (dst = inet6_csk_route_req(sk, fl6, req, IPPROTO_TCP)) == NULL) goto done; skb = tcp_make_synack(sk, dst, req, foc, attach_req); if (skb) { __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr, &ireq->ir_v6_rmt_addr); fl6->daddr = ireq->ir_v6_rmt_addr; if (np->repflow && ireq->pktopts) fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts)); err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass); err = net_xmit_eval(err); } done: return err; }",visit repo url,net/ipv6/tcp_ipv6.c,https://github.com/torvalds/linux,192217774200733,1 1223,CWE-400,"static void perf_log_throttle(struct perf_event *event, int enable) { struct perf_output_handle handle; struct perf_sample_data sample; int ret; struct { struct perf_event_header header; u64 time; u64 id; u64 stream_id; } throttle_event = { .header = { .type = PERF_RECORD_THROTTLE, .misc = 0, .size = sizeof(throttle_event), }, .time = perf_clock(), .id = primary_event_id(event), .stream_id = event->id, }; if (enable) throttle_event.header.type = PERF_RECORD_UNTHROTTLE; perf_event_header__init_id(&throttle_event.header, &sample, event); ret = perf_output_begin(&handle, event, throttle_event.header.size, 1, 0); if (ret) return; perf_output_put(&handle, throttle_event); perf_event__output_id_sample(event, &handle, &sample); perf_output_end(&handle); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,20618955792506,1 5320,['CWE-119'],"static int tun_net_open(struct net_device *dev) { netif_start_queue(dev); return 0; }",linux-2.6,,,90170649178843893782145858284152111719,0 4120,['CWE-399'],"static int bsg_release(struct inode *inode, struct file *file) { struct bsg_device *bd = file->private_data; file->private_data = NULL; return bsg_put_device(bd); }",linux-2.6,,,78821437022866504277534119459875285327,0 2710,[],"static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk, struct sctp_association *assoc, sctp_socket_type_t type) { struct sctp_sock *oldsp = sctp_sk(oldsk); struct sctp_sock *newsp = sctp_sk(newsk); struct sctp_bind_bucket *pp; struct sctp_endpoint *newep = newsp->ep; struct sk_buff *skb, *tmp; struct sctp_ulpevent *event; struct sctp_bind_hashbucket *head; newsk->sk_sndbuf = oldsk->sk_sndbuf; newsk->sk_rcvbuf = oldsk->sk_rcvbuf; inet_sk_copy_descendant(newsk, oldsk); newsp->ep = newep; newsp->hmac = NULL; head = &sctp_port_hashtable[sctp_phashfn(inet_sk(oldsk)->num)]; sctp_local_bh_disable(); sctp_spin_lock(&head->lock); pp = sctp_sk(oldsk)->bind_hash; sk_add_bind_node(newsk, &pp->owner); sctp_sk(newsk)->bind_hash = pp; inet_sk(newsk)->num = inet_sk(oldsk)->num; sctp_spin_unlock(&head->lock); sctp_local_bh_enable(); sctp_bind_addr_dup(&newsp->ep->base.bind_addr, &oldsp->ep->base.bind_addr, GFP_KERNEL); sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) { event = sctp_skb2event(skb); if (event->asoc == assoc) { sctp_sock_rfree_frag(skb); __skb_unlink(skb, &oldsk->sk_receive_queue); __skb_queue_tail(&newsk->sk_receive_queue, skb); sctp_skb_set_owner_r_frag(skb, newsk); } } skb_queue_head_init(&newsp->pd_lobby); atomic_set(&sctp_sk(newsk)->pd_mode, assoc->ulpq.pd_mode); if (atomic_read(&sctp_sk(oldsk)->pd_mode)) { struct sk_buff_head *queue; if (assoc->ulpq.pd_mode) { queue = &newsp->pd_lobby; } else queue = &newsk->sk_receive_queue; sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) { event = sctp_skb2event(skb); if (event->asoc == assoc) { sctp_sock_rfree_frag(skb); __skb_unlink(skb, &oldsp->pd_lobby); __skb_queue_tail(queue, skb); sctp_skb_set_owner_r_frag(skb, newsk); } } if (assoc->ulpq.pd_mode) sctp_clear_pd(oldsk, NULL); } sctp_skb_for_each(skb, &assoc->ulpq.reasm, tmp) { sctp_sock_rfree_frag(skb); sctp_skb_set_owner_r_frag(skb, newsk); } sctp_skb_for_each(skb, &assoc->ulpq.lobby, tmp) { sctp_sock_rfree_frag(skb); sctp_skb_set_owner_r_frag(skb, newsk); } newsp->type = type; lock_sock_nested(newsk, SINGLE_DEPTH_NESTING); sctp_assoc_migrate(assoc, newsk); if (sctp_state(assoc, CLOSED) && sctp_style(newsk, TCP)) newsk->sk_shutdown |= RCV_SHUTDOWN; newsk->sk_state = SCTP_SS_ESTABLISHED; sctp_release_sock(newsk); }",linux-2.6,,,212018503580358907420971157609956623387,0 5970,['CWE-200'],"static void cbq_ovl_drop(struct cbq_class *cl) { if (cl->q->ops->drop) if (cl->q->ops->drop(cl->q)) cl->qdisc->q.qlen--; cl->xstats.overactions++; cbq_ovl_classic(cl); }",linux-2.6,,,148863379396573923520434978503890179951,0 24,CWE-200,"gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, bool_t *no_dispatch) { enum auth_stat retstat; XDR xdrs; SVCAUTH *auth; struct svc_rpc_gss_data *gd; struct rpc_gss_cred *gc; struct rpc_gss_init_res gr; int call_stat, offset; OM_uint32 min_stat; log_debug(""in svcauth_gss()""); rqst->rq_xprt->xp_verf = gssrpc__null_auth; if (rqst->rq_xprt->xp_auth == NULL || rqst->rq_xprt->xp_auth == &svc_auth_none) { if ((auth = calloc(sizeof(*auth), 1)) == NULL) { fprintf(stderr, ""svcauth_gss: out_of_memory\n""); return (AUTH_FAILED); } if ((gd = calloc(sizeof(*gd), 1)) == NULL) { fprintf(stderr, ""svcauth_gss: out_of_memory\n""); return (AUTH_FAILED); } auth->svc_ah_ops = &svc_auth_gss_ops; SVCAUTH_PRIVATE(auth) = gd; rqst->rq_xprt->xp_auth = auth; } else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); log_debug(""xp_auth=%p, gd=%p"", rqst->rq_xprt->xp_auth, gd); if (rqst->rq_cred.oa_length <= 0) return (AUTH_BADCRED); gc = (struct rpc_gss_cred *)rqst->rq_clntcred; memset(gc, 0, sizeof(*gc)); log_debug(""calling xdrmem_create()""); log_debug(""oa_base=%p, oa_length=%u"", rqst->rq_cred.oa_base, rqst->rq_cred.oa_length); xdrmem_create(&xdrs, rqst->rq_cred.oa_base, rqst->rq_cred.oa_length, XDR_DECODE); log_debug(""xdrmem_create() returned""); if (!xdr_rpc_gss_cred(&xdrs, gc)) { log_debug(""xdr_rpc_gss_cred() failed""); XDR_DESTROY(&xdrs); return (AUTH_BADCRED); } XDR_DESTROY(&xdrs); retstat = AUTH_FAILED; #define ret_freegc(code) do { retstat = code; goto freegc; } while (0) if (gc->gc_v != RPCSEC_GSS_VERSION) ret_freegc (AUTH_BADCRED); if (gc->gc_svc != RPCSEC_GSS_SVC_NONE && gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY && gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY) ret_freegc (AUTH_BADCRED); if (gd->established) { if (gc->gc_seq > MAXSEQ) ret_freegc (RPCSEC_GSS_CTXPROBLEM); if ((offset = gd->seqlast - gc->gc_seq) < 0) { gd->seqlast = gc->gc_seq; offset = 0 - offset; gd->seqmask <<= offset; offset = 0; } else if ((u_int)offset >= gd->win || (gd->seqmask & (1 << offset))) { *no_dispatch = 1; ret_freegc (RPCSEC_GSS_CTXPROBLEM); } gd->seq = gc->gc_seq; gd->seqmask |= (1 << offset); } if (gd->established) { rqst->rq_clntname = (char *)gd->client_name; rqst->rq_svccred = (char *)gd->ctx; } switch (gc->gc_proc) { case RPCSEC_GSS_INIT: case RPCSEC_GSS_CONTINUE_INIT: if (rqst->rq_proc != NULLPROC) ret_freegc (AUTH_FAILED); if (!svcauth_gss_acquire_cred()) ret_freegc (AUTH_FAILED); if (!svcauth_gss_accept_sec_context(rqst, &gr)) ret_freegc (AUTH_REJECTEDCRED); if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) { gss_release_buffer(&min_stat, &gr.gr_token); mem_free(gr.gr_ctx.value, sizeof(gss_union_ctx_id_desc)); ret_freegc (AUTH_FAILED); } *no_dispatch = TRUE; call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res, (caddr_t)&gr); gss_release_buffer(&min_stat, &gr.gr_token); gss_release_buffer(&min_stat, &gd->checksum); mem_free(gr.gr_ctx.value, sizeof(gss_union_ctx_id_desc)); if (!call_stat) ret_freegc (AUTH_FAILED); if (gr.gr_major == GSS_S_COMPLETE) gd->established = TRUE; break; case RPCSEC_GSS_DATA: if (!svcauth_gss_validate(rqst, gd, msg)) ret_freegc (RPCSEC_GSS_CREDPROBLEM); if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) ret_freegc (AUTH_FAILED); break; case RPCSEC_GSS_DESTROY: if (rqst->rq_proc != NULLPROC) ret_freegc (AUTH_FAILED); if (!svcauth_gss_validate(rqst, gd, msg)) ret_freegc (RPCSEC_GSS_CREDPROBLEM); if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq))) ret_freegc (AUTH_FAILED); *no_dispatch = TRUE; call_stat = svc_sendreply(rqst->rq_xprt, xdr_void, (caddr_t)NULL); log_debug(""sendreply in destroy: %d"", call_stat); if (!svcauth_gss_release_cred()) ret_freegc (AUTH_FAILED); SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth); rqst->rq_xprt->xp_auth = &svc_auth_none; break; default: ret_freegc (AUTH_REJECTEDCRED); break; } retstat = AUTH_OK; freegc: xdr_free(xdr_rpc_gss_cred, gc); log_debug(""returning %d from svcauth_gss()"", retstat); return (retstat); }",visit repo url,src/lib/rpc/svc_auth_gss.c,https://github.com/krb5/krb5,263109520048857,1 3973,['CWE-362'],"static struct inotify_watch *inode_find_handle(struct inode *inode, struct inotify_handle *ih) { struct inotify_watch *watch; list_for_each_entry(watch, &inode->inotify_watches, i_list) { if (watch->ih == ih) return watch; } return NULL; }",linux-2.6,,,148850365606095465117647228554237971487,0 3065,CWE-787,"static int xbuf_format_converter(char **outbuf, const char *fmt, va_list ap) { register char *s = nullptr; char *q; int s_len; register int min_width = 0; int precision = 0; enum { LEFT, RIGHT } adjust; char pad_char; char prefix_char; double fp_num; wide_int i_num = (wide_int) 0; u_wide_int ui_num; char num_buf[NUM_BUF_SIZE]; char char_buf[2]; #ifdef HAVE_LOCALE_H struct lconv *lconv = nullptr; #endif length_modifier_e modifier; boolean_e alternate_form; boolean_e print_sign; boolean_e print_blank; boolean_e adjust_precision; boolean_e adjust_width; int is_negative; int size = 240; char *result = (char *)malloc(size); int outpos = 0; while (*fmt) { if (*fmt != '%') { appendchar(&result, &outpos, &size, *fmt); } else { adjust = RIGHT; alternate_form = print_sign = print_blank = NO; pad_char = ' '; prefix_char = NUL; fmt++; if (isascii((int)*fmt) && !islower((int)*fmt)) { for (;; fmt++) { if (*fmt == '-') adjust = LEFT; else if (*fmt == '+') print_sign = YES; else if (*fmt == '#') alternate_form = YES; else if (*fmt == ' ') print_blank = YES; else if (*fmt == '0') pad_char = '0'; else break; } if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, min_width); adjust_width = YES; } else if (*fmt == '*') { min_width = va_arg(ap, int); fmt++; adjust_width = YES; if (min_width < 0) { adjust = LEFT; min_width = -min_width; } } else adjust_width = NO; if (*fmt == '.') { adjust_precision = YES; fmt++; if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, precision); } else if (*fmt == '*') { precision = va_arg(ap, int); fmt++; if (precision < 0) precision = 0; } else precision = 0; } else adjust_precision = NO; } else adjust_precision = adjust_width = NO; switch (*fmt) { case 'L': fmt++; modifier = LM_LONG_DOUBLE; break; case 'I': fmt++; #if SIZEOF_LONG_LONG if (*fmt == '6' && *(fmt+1) == '4') { fmt += 2; modifier = LM_LONG_LONG; } else #endif if (*fmt == '3' && *(fmt+1) == '2') { fmt += 2; modifier = LM_LONG; } else { #ifdef _WIN64 modifier = LM_LONG_LONG; #else modifier = LM_LONG; #endif } break; case 'l': fmt++; #if SIZEOF_LONG_LONG if (*fmt == 'l') { fmt++; modifier = LM_LONG_LONG; } else #endif modifier = LM_LONG; break; case 'z': fmt++; modifier = LM_SIZE_T; break; case 'j': fmt++; #if SIZEOF_INTMAX_T modifier = LM_INTMAX_T; #else modifier = LM_SIZE_T; #endif break; case 't': fmt++; #if SIZEOF_PTRDIFF_T modifier = LM_PTRDIFF_T; #else modifier = LM_SIZE_T; #endif break; case 'h': fmt++; if (*fmt == 'h') { fmt++; } default: modifier = LM_STD; break; } switch (*fmt) { case 'u': switch(modifier) { default: i_num = (wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: i_num = (wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } case 'd': case 'i': if ((*fmt) != 'u') { switch(modifier) { default: i_num = (wide_int) va_arg(ap, int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, long int); break; case LM_SIZE_T: #if SIZEOF_SSIZE_T i_num = (wide_int) va_arg(ap, ssize_t); #else i_num = (wide_int) va_arg(ap, size_t); #endif break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, intmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } } s = ap_php_conv_10(i_num, (*fmt) == 'u', &is_negative, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (*fmt != 'u') { if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'o': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 3, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && *s != '0') { *--s = '0'; s_len++; } break; case 'x': case 'X': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 4, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && i_num != 0) { *--s = *fmt; *--s = '0'; s_len += 2; } break; case 's': case 'v': s = va_arg(ap, char *); if (s != nullptr) { s_len = strlen(s); if (adjust_precision && precision < s_len) s_len = precision; } else { s = const_cast(s_null); s_len = S_NULL_LEN; } pad_char = ' '; break; case 'f': case 'F': case 'e': case 'E': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""nan""); s_len = 3; } else if (std::isinf(fp_num)) { s = const_cast(""inf""); s_len = 3; } else { #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_conv_fp((*fmt == 'f')?'F':*fmt, fp_num, alternate_form, (adjust_precision == NO) ? FLOAT_DIGITS : precision, (*fmt == 'f')?LCONV_DECIMAL_POINT:'.', &is_negative, &num_buf[1], &s_len); if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'g': case 'k': case 'G': case 'H': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""NAN""); s_len = 3; break; } else if (std::isinf(fp_num)) { if (fp_num > 0) { s = const_cast(""INF""); s_len = 3; } else { s = const_cast(""-INF""); s_len = 4; } break; } if (adjust_precision == NO) precision = FLOAT_DIGITS; else if (precision == 0) precision = 1; #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_gcvt(fp_num, precision, (*fmt=='H' || *fmt == 'k') ? '.' : LCONV_DECIMAL_POINT, (*fmt == 'G' || *fmt == 'H')?'E':'e', &num_buf[1]); if (*s == '-') prefix_char = *s++; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; s_len = strlen(s); if (alternate_form && (q = strchr(s, '.')) == nullptr) s[s_len++] = '.'; break; case 'c': char_buf[0] = (char) (va_arg(ap, int)); s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case '%': char_buf[0] = '%'; s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case 'n': *(va_arg(ap, int *)) = outpos; goto skip_output; case 'p': if (sizeof(char *) <= sizeof(u_wide_int)) { ui_num = (u_wide_int)((size_t) va_arg(ap, char *)); s = ap_php_conv_p2(ui_num, 4, 'x', &num_buf[NUM_BUF_SIZE], &s_len); if (ui_num != 0) { *--s = 'x'; *--s = '0'; s_len += 2; } } else { s = const_cast(""%p""); s_len = 2; } pad_char = ' '; break; case NUL: continue; fmt_error: throw Exception(""Illegal length modifier specified '%c'"", *fmt); default: char_buf[0] = '%'; char_buf[1] = *fmt; s = char_buf; s_len = 2; pad_char = ' '; break; } if (prefix_char != NUL) { *--s = prefix_char; s_len++; } if (adjust_width && adjust == RIGHT && min_width > s_len) { if (pad_char == '0' && prefix_char != NUL) { appendchar(&result, &outpos, &size, *s); s++; s_len--; min_width--; } for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } appendsimplestring(&result, &outpos, &size, s, s_len); if (adjust_width && adjust == LEFT && min_width > s_len) { for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } } skip_output: fmt++; } result[outpos] = NUL; *outbuf = result; return outpos; }",visit repo url,hphp/zend/zend-printf.cpp,https://github.com/facebook/hhvm,58531151562577,1 5114,CWE-125,"mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode) { mod_ty res; PyObject *req_type[3]; char *req_name[] = {""Module"", ""Expression"", ""Interactive""}; int isinstance; req_type[0] = (PyObject*)Module_type; req_type[1] = (PyObject*)Expression_type; req_type[2] = (PyObject*)Interactive_type; assert(0 <= mode && mode <= 2); if (!init_types()) return NULL; isinstance = PyObject_IsInstance(ast, req_type[mode]); if (isinstance == -1) return NULL; if (!isinstance) { PyErr_Format(PyExc_TypeError, ""expected %s node, got %.400s"", req_name[mode], Py_TYPE(ast)->tp_name); return NULL; } if (obj2ast_mod(ast, &res, arena) != 0) return NULL; else return res; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,71061683755023,1 654,CWE-20,"static int pn_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct sk_buff *skb = NULL; struct sockaddr_pn sa; int rval = -EOPNOTSUPP; int copylen; if (flags & ~(MSG_PEEK|MSG_TRUNC|MSG_DONTWAIT|MSG_NOSIGNAL| MSG_CMSG_COMPAT)) goto out_nofree; if (addr_len) *addr_len = sizeof(sa); skb = skb_recv_datagram(sk, flags, noblock, &rval); if (skb == NULL) goto out_nofree; pn_skb_get_src_sockaddr(skb, &sa); copylen = skb->len; if (len < copylen) { msg->msg_flags |= MSG_TRUNC; copylen = len; } rval = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copylen); if (rval) { rval = -EFAULT; goto out; } rval = (flags & MSG_TRUNC) ? skb->len : copylen; if (msg->msg_name != NULL) memcpy(msg->msg_name, &sa, sizeof(struct sockaddr_pn)); out: skb_free_datagram(sk, skb); out_nofree: return rval; }",visit repo url,net/phonet/datagram.c,https://github.com/torvalds/linux,163310526685294,1 4430,CWE-125,"fiber_switch(mrb_state *mrb, mrb_value self, mrb_int len, const mrb_value *a, mrb_bool resume, mrb_bool vmexec) { struct mrb_context *c = fiber_check(mrb, self); struct mrb_context *old_c = mrb->c; mrb_value value; fiber_check_cfunc(mrb, c); if (resume && c->status == MRB_FIBER_TRANSFERRED) { mrb_raise(mrb, E_FIBER_ERROR, ""resuming transferred fiber""); } if (c->status == MRB_FIBER_RUNNING || c->status == MRB_FIBER_RESUMED) { mrb_raise(mrb, E_FIBER_ERROR, ""double resume (fib)""); } if (c->status == MRB_FIBER_TERMINATED) { mrb_raise(mrb, E_FIBER_ERROR, ""resuming dead fiber""); } mrb->c->status = resume ? MRB_FIBER_RESUMED : MRB_FIBER_TRANSFERRED; c->prev = resume ? mrb->c : (c->prev ? c->prev : mrb->root_c); if (c->status == MRB_FIBER_CREATED) { mrb_value *b, *e; if (len >= c->stend - c->stack) { mrb_raise(mrb, E_FIBER_ERROR, ""too many arguments to fiber""); } b = c->stack+1; e = b + len; while (bcibase->argc = (int)len; value = c->stack[0] = MRB_PROC_ENV(c->ci->proc)->stack[0]; } else { value = fiber_result(mrb, a, len); } fiber_switch_context(mrb, c); if (vmexec) { c->vmexec = TRUE; value = mrb_vm_exec(mrb, c->ci[-1].proc, c->ci->pc); mrb->c = old_c; } else { MARK_CONTEXT_MODIFY(c); } return value; }",visit repo url,mrbgems/mruby-fiber/src/fiber.c,https://github.com/mruby/mruby,2624871431515,1 4525,['CWE-20'],"static int ext4_rmdir(struct inode *dir, struct dentry *dentry) { int retval; struct inode *inode; struct buffer_head *bh; struct ext4_dir_entry_2 *de; handle_t *handle; DQUOT_INIT(dentry->d_inode); handle = ext4_journal_start(dir, EXT4_DELETE_TRANS_BLOCKS(dir->i_sb)); if (IS_ERR(handle)) return PTR_ERR(handle); retval = -ENOENT; bh = ext4_find_entry(dir, &dentry->d_name, &de); if (!bh) goto end_rmdir; if (IS_DIRSYNC(dir)) ext4_handle_sync(handle); inode = dentry->d_inode; retval = -EIO; if (le32_to_cpu(de->inode) != inode->i_ino) goto end_rmdir; retval = -ENOTEMPTY; if (!empty_dir(inode)) goto end_rmdir; retval = ext4_delete_entry(handle, dir, de, bh); if (retval) goto end_rmdir; if (!EXT4_DIR_LINK_EMPTY(inode)) ext4_warning(inode->i_sb, ""ext4_rmdir"", ""empty directory has too many links (%d)"", inode->i_nlink); inode->i_version++; clear_nlink(inode); inode->i_size = 0; ext4_orphan_add(handle, inode); inode->i_ctime = dir->i_ctime = dir->i_mtime = ext4_current_time(inode); ext4_mark_inode_dirty(handle, inode); ext4_dec_count(handle, dir); ext4_update_dx_flag(dir); ext4_mark_inode_dirty(handle, dir); end_rmdir: ext4_journal_stop(handle); brelse(bh); return retval; }",linux-2.6,,,181479017173270315266833826118790434918,0 4089,CWE-119,"void grubfs_free (GrubFS *gf) { if (gf) { if (gf->file && gf->file->device) free (gf->file->device->disk); free (gf->file); free (gf); } }",visit repo url,shlr/grub/grubfs.c,https://github.com/radare/radare2,177927668615270,1 1648,NVD-CWE-Other,"static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) { struct usb_device *hdev = hub->hdev; struct usb_hcd *hcd; int ret; int port1; int status; bool need_debounce_delay = false; unsigned delay; if (type == HUB_INIT2) goto init2; if (type == HUB_INIT3) goto init3; if (type != HUB_RESUME) { if (hdev->parent && hub_is_superspeed(hdev)) { ret = usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0), HUB_SET_DEPTH, USB_RT_HUB, hdev->level - 1, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); if (ret < 0) dev_err(hub->intfdev, ""set hub depth failed\n""); } if (type == HUB_INIT) { delay = hub_power_on_good_delay(hub); hub_power_on(hub, false); INIT_DELAYED_WORK(&hub->init_work, hub_init_func2); queue_delayed_work(system_power_efficient_wq, &hub->init_work, msecs_to_jiffies(delay)); usb_autopm_get_interface_no_resume( to_usb_interface(hub->intfdev)); return; } else if (type == HUB_RESET_RESUME) { hcd = bus_to_hcd(hdev->bus); if (hcd->driver->update_hub_device) { ret = hcd->driver->update_hub_device(hcd, hdev, &hub->tt, GFP_NOIO); if (ret < 0) { dev_err(hub->intfdev, ""Host not "" ""accepting hub info "" ""update.\n""); dev_err(hub->intfdev, ""LS/FS devices "" ""and hubs may not work "" ""under this hub\n.""); } } hub_power_on(hub, true); } else { hub_power_on(hub, true); } } init2: for (port1 = 1; port1 <= hdev->maxchild; ++port1) { struct usb_port *port_dev = hub->ports[port1 - 1]; struct usb_device *udev = port_dev->child; u16 portstatus, portchange; portstatus = portchange = 0; status = hub_port_status(hub, port1, &portstatus, &portchange); if (udev || (portstatus & USB_PORT_STAT_CONNECTION)) dev_dbg(&port_dev->dev, ""status %04x change %04x\n"", portstatus, portchange); if ((portstatus & USB_PORT_STAT_ENABLE) && ( type != HUB_RESUME || !(portstatus & USB_PORT_STAT_CONNECTION) || !udev || udev->state == USB_STATE_NOTATTACHED)) { portstatus &= ~USB_PORT_STAT_ENABLE; if (!hub_is_superspeed(hdev)) usb_clear_port_feature(hdev, port1, USB_PORT_FEAT_ENABLE); } if (portchange & USB_PORT_STAT_C_CONNECTION) { need_debounce_delay = true; usb_clear_port_feature(hub->hdev, port1, USB_PORT_FEAT_C_CONNECTION); } if (portchange & USB_PORT_STAT_C_ENABLE) { need_debounce_delay = true; usb_clear_port_feature(hub->hdev, port1, USB_PORT_FEAT_C_ENABLE); } if (portchange & USB_PORT_STAT_C_RESET) { need_debounce_delay = true; usb_clear_port_feature(hub->hdev, port1, USB_PORT_FEAT_C_RESET); } if ((portchange & USB_PORT_STAT_C_BH_RESET) && hub_is_superspeed(hub->hdev)) { need_debounce_delay = true; usb_clear_port_feature(hub->hdev, port1, USB_PORT_FEAT_C_BH_PORT_RESET); } if (!(portstatus & USB_PORT_STAT_CONNECTION) || (portchange & USB_PORT_STAT_C_CONNECTION)) clear_bit(port1, hub->removed_bits); if (!udev || udev->state == USB_STATE_NOTATTACHED) { if (udev || (portstatus & USB_PORT_STAT_CONNECTION) || (portstatus & USB_PORT_STAT_OVERCURRENT)) set_bit(port1, hub->change_bits); } else if (portstatus & USB_PORT_STAT_ENABLE) { bool port_resumed = (portstatus & USB_PORT_STAT_LINK_STATE) == USB_SS_PORT_LS_U0; if (portchange || (hub_is_superspeed(hub->hdev) && port_resumed)) set_bit(port1, hub->change_bits); } else if (udev->persist_enabled) { #ifdef CONFIG_PM udev->reset_resume = 1; #endif if (test_bit(port1, hub->power_bits)) set_bit(port1, hub->change_bits); } else { usb_set_device_state(udev, USB_STATE_NOTATTACHED); set_bit(port1, hub->change_bits); } } if (need_debounce_delay) { delay = HUB_DEBOUNCE_STABLE; if (type == HUB_INIT2) { INIT_DELAYED_WORK(&hub->init_work, hub_init_func3); queue_delayed_work(system_power_efficient_wq, &hub->init_work, msecs_to_jiffies(delay)); return; } else { msleep(delay); } } init3: hub->quiescing = 0; status = usb_submit_urb(hub->urb, GFP_NOIO); if (status < 0) dev_err(hub->intfdev, ""activate --> %d\n"", status); if (hub->has_indicators && blinkenlights) queue_delayed_work(system_power_efficient_wq, &hub->leds, LED_CYCLE_PERIOD); kick_hub_wq(hub); if (type <= HUB_INIT3) usb_autopm_put_interface_async(to_usb_interface(hub->intfdev)); }",visit repo url,drivers/usb/core/hub.c,https://github.com/torvalds/linux,44507145700773,1 2414,CWE-119,"static int http_read_stream(URLContext *h, uint8_t *buf, int size) { HTTPContext *s = h->priv_data; int err, new_location, read_ret; int64_t seek_ret; if (!s->hd) return AVERROR_EOF; if (s->end_chunked_post && !s->end_header) { err = http_read_header(h, &new_location); if (err < 0) return err; } if (s->chunksize >= 0) { if (!s->chunksize) { char line[32]; do { if ((err = http_get_line(s, line, sizeof(line))) < 0) return err; } while (!*line); s->chunksize = strtoll(line, NULL, 16); av_log(NULL, AV_LOG_TRACE, ""Chunked encoding data size: %""PRId64""'\n"", s->chunksize); if (!s->chunksize) return 0; } size = FFMIN(size, s->chunksize); } #if CONFIG_ZLIB if (s->compressed) return http_buf_read_compressed(h, buf, size); #endif read_ret = http_buf_read(h, buf, size); if ( (read_ret < 0 && s->reconnect && (!h->is_streamed || s->reconnect_streamed) && s->filesize > 0 && s->off < s->filesize) || (read_ret == 0 && s->reconnect_at_eof && (!h->is_streamed || s->reconnect_streamed))) { int64_t target = h->is_streamed ? 0 : s->off; if (s->reconnect_delay > s->reconnect_delay_max) return AVERROR(EIO); av_log(h, AV_LOG_INFO, ""Will reconnect at %""PRId64"" error=%s.\n"", s->off, av_err2str(read_ret)); av_usleep(1000U*1000*s->reconnect_delay); s->reconnect_delay = 1 + 2*s->reconnect_delay; seek_ret = http_seek_internal(h, target, SEEK_SET, 1); if (seek_ret != target) { av_log(h, AV_LOG_ERROR, ""Failed to reconnect at %""PRId64"".\n"", target); return read_ret; } read_ret = http_buf_read(h, buf, size); } else s->reconnect_delay = 0; return read_ret; }",visit repo url,libavformat/http.c,https://github.com/FFmpeg/FFmpeg,104591397410344,1 4391,CWE-125,"static void iwjpeg_scan_exif_ifd(struct iwjpegrcontext *rctx, struct iw_exif_state *e, iw_uint32 ifd) { unsigned int tag_count; unsigned int i; unsigned int tag_pos; unsigned int tag_id; unsigned int v; double v_dbl; if(ifd<8 || ifd>e->d_len-18) return; tag_count = iw_get_ui16_e(&e->d[ifd],e->endian); if(tag_count>1000) return; for(i=0;i e->d_len) return; tag_id = iw_get_ui16_e(&e->d[tag_pos],e->endian); switch(tag_id) { case 274: if(get_exif_tag_int_value(e,tag_pos,&v)) { rctx->exif_orientation = v; } break; case 296: if(get_exif_tag_int_value(e,tag_pos,&v)) { rctx->exif_density_unit = v; } break; case 282: if(get_exif_tag_dbl_value(e,tag_pos,&v_dbl)) { rctx->exif_density_x = v_dbl; } break; case 283: if(get_exif_tag_dbl_value(e,tag_pos,&v_dbl)) { rctx->exif_density_y = v_dbl; } break; } } }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,254890664792750,1 3535,['CWE-20'],"static sctp_disposition_t sctp_sf_do_dupcook_a(const struct sctp_endpoint *ep, const struct sctp_association *asoc, struct sctp_chunk *chunk, sctp_cmd_seq_t *commands, struct sctp_association *new_asoc) { sctp_init_chunk_t *peer_init; struct sctp_ulpevent *ev; struct sctp_chunk *repl; struct sctp_chunk *err; sctp_disposition_t disposition; peer_init = &chunk->subh.cookie_hdr->c.peer_init[0]; if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, sctp_source(chunk), peer_init, GFP_ATOMIC)) goto nomem; if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk, commands)) { return SCTP_DISPOSITION_CONSUME; } if (sctp_state(asoc, SHUTDOWN_ACK_SENT)) { disposition = sctp_sf_do_9_2_reshutack(ep, asoc, SCTP_ST_CHUNK(chunk->chunk_hdr->type), chunk, commands); if (SCTP_DISPOSITION_NOMEM == disposition) goto nomem; err = sctp_make_op_error(asoc, chunk, SCTP_ERROR_COOKIE_IN_SHUTDOWN, NULL, 0); if (err) sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(err)); return SCTP_DISPOSITION_CONSUME; } sctp_add_cmd_sf(commands, SCTP_CMD_PURGE_OUTQUEUE, SCTP_NULL()); repl = sctp_make_cookie_ack(new_asoc, chunk); if (!repl) goto nomem; ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_RESTART, 0, new_asoc->c.sinit_num_ostreams, new_asoc->c.sinit_max_instreams, NULL, GFP_ATOMIC); if (!ev) goto nomem_ev; sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev)); return SCTP_DISPOSITION_CONSUME; nomem_ev: sctp_chunk_free(repl); nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,31020746306556630435632072995421404413,0 1624,[],"long sched_group_rt_period(struct task_group *tg) { u64 rt_period_us; rt_period_us = ktime_to_ns(tg->rt_bandwidth.rt_period); do_div(rt_period_us, NSEC_PER_USEC); return rt_period_us; }",linux-2.6,,,231937993463027556351701490173288902993,0 84,CWE-772,"delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->princ, NULL)) { ret.code = KADM5_AUTH_DELETE; log_unauth(""kadm5_delete_principal"", prime_arg, &client_name, &service_name, rqstp); } else { ret.code = kadm5_delete_principal((void *)handle, arg->princ); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_delete_principal"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,27765959152715,1 5933,CWE-120,"static Jsi_RC NumberToExponentialCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { char buf[100]; int prec = 0, skip = 0; Jsi_Number num; Jsi_Value *v; ChkStringN(_this, funcPtr, v); if (Jsi_GetIntFromValue(interp, Jsi_ValueArrayIndex(interp, args, skip), &prec) != JSI_OK) return JSI_ERROR; if (prec<0) prec = 0; Jsi_GetDoubleFromValue(interp, v, &num); snprintf(buf, sizeof(buf), ""%.*"" JSI_NUMEFMT, prec, num); #ifdef __WIN32 char *e = strrchr(buf, 'e'); if (e && (e[1]=='+' || e[1]=='-')) { e++; int eNum = atoi(e); if (e[0]=='-') eNum = -eNum; e++; snprintf(e, (e-buf), ""%02d"", eNum); } #endif Jsi_ValueMakeStringDup(interp, ret, buf); return JSI_OK; }",visit repo url,src/jsiNumber.c,https://github.com/pcmacdon/jsish,100399864406342,1 3918,['CWE-399'],"static void tda9874a_setmode(struct CHIPSTATE *chip, int mode) { if(tda9874a_mode) { if(chip->shadow.bytes[MAXREGS-2] & 0x20) tda9874a_NCONR &= 0xfe; else tda9874a_NCONR |= 0x01; chip_write(chip, TDA9874A_NCONR, tda9874a_NCONR); } if(tda9874a_dic == 0x11) { int aosr = 0x80; int mdacosr = (tda9874a_mode) ? 0x82:0x80; switch(mode) { case V4L2_TUNER_MODE_MONO: case V4L2_TUNER_MODE_STEREO: break; case V4L2_TUNER_MODE_LANG1: aosr = 0x80; mdacosr = (tda9874a_mode) ? 0x82:0x80; break; case V4L2_TUNER_MODE_LANG2: aosr = 0xa0; mdacosr = (tda9874a_mode) ? 0x83:0x81; break; default: chip->mode = 0; return; } chip_write(chip, TDA9874A_AOSR, aosr); chip_write(chip, TDA9874A_MDACOSR, mdacosr); v4l_dbg(1, debug, chip->c, ""tda9874a_setmode(): req. mode %d; AOSR=0x%X, MDACOSR=0x%X.\n"", mode, aosr, mdacosr); } else { int fmmr,aosr; switch(mode) { case V4L2_TUNER_MODE_MONO: fmmr = 0x00; aosr = 0x10; break; case V4L2_TUNER_MODE_STEREO: if(tda9874a_mode) { fmmr = 0x00; aosr = 0x00; } else { fmmr = (tda9874a_ESP == 1) ? 0x05 : 0x04; aosr = 0x00; } break; case V4L2_TUNER_MODE_LANG1: fmmr = 0x02; aosr = 0x10; break; case V4L2_TUNER_MODE_LANG2: fmmr = 0x02; aosr = 0x20; break; default: chip->mode = 0; return; } chip_write(chip, TDA9874A_FMMR, fmmr); chip_write(chip, TDA9874A_AOSR, aosr); v4l_dbg(1, debug, chip->c, ""tda9874a_setmode(): req. mode %d; FMMR=0x%X, AOSR=0x%X.\n"", mode, fmmr, aosr); } }",linux-2.6,,,225877337584567514230632979035774958246,0 3980,CWE-125,"static char x2c(char *hex) { register char digit; digit = ((hex[0] >= 'A') ? ((hex[0] & 0xdf) - 'A')+10 : (hex[0] - '0')); digit *= 16; digit += (hex[1] >= 'A' ? ((hex[1] & 0xdf) - 'A')+10 : (hex[1] - '0')); return(digit); }",visit repo url,src/util.c,https://bitbucket.org/tildeslash/monit,70247613792715,1 5009,['CWE-120'],"size_t util_strlcat(char *dst, const char *src, size_t size) { size_t bytes = 0; char *q = dst; const char *p = src; char ch; while (bytes < size && *q) { q++; bytes++; } if (bytes == size) return (bytes + strlen(src)); while ((ch = *p++)) { if (bytes+1 < size) *q++ = ch; bytes++; } *q = '\0'; return bytes; }",udev,,,30325727257915378446130966860726349935,0 3613,[],"static void clear_uie(struct rtc_device *rtc) { spin_lock_irq(&rtc->irq_lock); if (rtc->irq_active) { rtc->stop_uie_polling = 1; if (rtc->uie_timer_active) { spin_unlock_irq(&rtc->irq_lock); del_timer_sync(&rtc->uie_timer); spin_lock_irq(&rtc->irq_lock); rtc->uie_timer_active = 0; } if (rtc->uie_task_active) { spin_unlock_irq(&rtc->irq_lock); flush_scheduled_work(); spin_lock_irq(&rtc->irq_lock); } rtc->irq_active = 0; } spin_unlock_irq(&rtc->irq_lock); }",linux-2.6,,,24998908225201084006333885653714550955,0 4361,CWE-345,"rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) { char *msg = NULL; Header h = NULL; Header sigh = NULL; hdrblob blob = NULL; hdrblob sigblob = NULL; rpmVSFlags vsflags = rpmtsVSFlags(ts) | RPMVSF_NEEDPAYLOAD; rpmKeyring keyring = rpmtsGetKeyring(ts, 1); struct rpmvs_s *vs = rpmvsCreate(0, vsflags, keyring); struct pkgdata_s pkgdata = { .msgfunc = loghdrmsg, .fn = fn ? fn : Fdescr(fd), .msg = NULL, .rc = RPMRC_OK, }; if (hdrp) *hdrp = NULL; rpmRC rc = rpmpkgRead(vs, fd, &sigblob, &blob, &msg); if (rc) goto exit; rc = RPMRC_FAIL; if (!rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, handleHdrVS, &pkgdata)) { if (hdrp) { if (hdrblobImport(sigblob, 0, &sigh, &msg)) goto exit; if (hdrblobImport(blob, 0, &h, &msg)) goto exit; headerMergeLegacySigs(h, sigh); applyRetrofits(h); *hdrp = headerLink(h); } rc = RPMRC_OK; } if (rc == RPMRC_OK && pkgdata.rc) rc = pkgdata.rc; exit: if (rc && msg) rpmlog(RPMLOG_ERR, ""%s: %s\n"", Fdescr(fd), msg); hdrblobFree(sigblob); hdrblobFree(blob); headerFree(sigh); headerFree(h); rpmKeyringFree(keyring); rpmvsFree(vs); free(msg); return rc; }",visit repo url,lib/package.c,https://github.com/rpm-software-management/rpm,211776226902144,1 6385,CWE-20,"error_t dm9000UpdateMacAddrFilter(NetInterface *interface) { uint_t i; uint_t k; uint32_t crc; uint8_t hashTable[8]; MacFilterEntry *entry; TRACE_DEBUG(""Updating MAC filter...\r\n""); osMemset(hashTable, 0, sizeof(hashTable)); hashTable[7] = 0x80; for(i = 0; i < MAC_ADDR_FILTER_SIZE; i++) { entry = &interface->macAddrFilter[i]; if(entry->refCount > 0) { crc = dm9000CalcCrc(&entry->addr, sizeof(MacAddr)); k = crc & 0x3F; hashTable[k / 8] |= (1 << (k % 8)); } } for(i = 0; i < 8; i++) { dm9000WriteReg(DM9000_REG_MAR0 + i, hashTable[i]); } TRACE_DEBUG("" MAR = %02"" PRIX8 "" %02"" PRIX8 "" %02"" PRIX8 "" %02"" PRIX8 "" "" ""%02"" PRIX8 "" %02"" PRIX8 "" %02"" PRIX8 "" %02"" PRIX8 ""\r\n"", dm9000ReadReg(DM9000_REG_MAR0), dm9000ReadReg(DM9000_REG_MAR1), dm9000ReadReg(DM9000_REG_MAR2), dm9000ReadReg(DM9000_REG_MAR3), dm9000ReadReg(DM9000_REG_MAR4), dm9000ReadReg(DM9000_REG_MAR5), dm9000ReadReg(DM9000_REG_MAR6), dm9000ReadReg(DM9000_REG_MAR7)); return NO_ERROR; }",visit repo url,drivers/eth/dm9000_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,42393717729015,1 4758,['CWE-20'],"static void init_once(void *foo) { struct ext4_inode_info *ei = (struct ext4_inode_info *) foo; INIT_LIST_HEAD(&ei->i_orphan); #ifdef CONFIG_EXT4_FS_XATTR init_rwsem(&ei->xattr_sem); #endif init_rwsem(&ei->i_data_sem); inode_init_once(&ei->vfs_inode); }",linux-2.6,,,288431483484945723523520960436341584459,0 5887,['CWE-200'],"static void nr_set_lockdep_key(struct net_device *dev) { lockdep_set_class(&dev->addr_list_lock, &nr_netdev_addr_lock_key); netdev_for_each_tx_queue(dev, nr_set_lockdep_one, NULL); }",linux-2.6,,,89196988500212129114339956108054093151,0 727,[],"static void jpc_cox_destroycompparms(jpc_coxcp_t *compparms) { compparms = 0; }",jasper,,,222381924328461148705847422369597565804,0 4262,['CWE-264'],"int nr_processes(void) { int cpu; int total = 0; for_each_online_cpu(cpu) total += per_cpu(process_counts, cpu); return total; }",linux-2.6,,,141439807089480144086099242382559207918,0 4560,['CWE-20'],"static int ext4_delete_entry(handle_t *handle, struct inode *dir, struct ext4_dir_entry_2 *de_del, struct buffer_head *bh) { struct ext4_dir_entry_2 *de, *pde; int i; i = 0; pde = NULL; de = (struct ext4_dir_entry_2 *) bh->b_data; while (i < bh->b_size) { if (!ext4_check_dir_entry(""ext4_delete_entry"", dir, de, bh, i)) return -EIO; if (de == de_del) { BUFFER_TRACE(bh, ""get_write_access""); ext4_journal_get_write_access(handle, bh); if (pde) pde->rec_len = ext4_rec_len_to_disk( ext4_rec_len_from_disk(pde->rec_len) + ext4_rec_len_from_disk(de->rec_len)); else de->inode = 0; dir->i_version++; BUFFER_TRACE(bh, ""call ext4_handle_dirty_metadata""); ext4_handle_dirty_metadata(handle, dir, bh); return 0; } i += ext4_rec_len_from_disk(de->rec_len); pde = de; de = ext4_next_entry(de); } return -ENOENT; }",linux-2.6,,,289303464334939323752300259741710634957,0 5541,[],"specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); }",linux-2.6,,,64431699485096237432709753260698868429,0 3925,['CWE-399'],static int tea6320_shift11(int val) { return val >> 11; },linux-2.6,,,294159095716069893227674799897805968926,0 1689,CWE-362,"long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { struct tty_struct *tty = file_tty(file); struct tty_struct *real_tty; void __user *p = (void __user *)arg; int retval; struct tty_ldisc *ld; if (tty_paranoia_check(tty, file_inode(file), ""tty_ioctl"")) return -EINVAL; real_tty = tty_pair_get_tty(tty); switch (cmd) { case TIOCSETD: case TIOCSBRK: case TIOCCBRK: case TCSBRK: case TCSBRKP: retval = tty_check_change(tty); if (retval) return retval; if (cmd != TIOCCBRK) { tty_wait_until_sent(tty, 0); if (signal_pending(current)) return -EINTR; } break; } switch (cmd) { case TIOCSTI: return tiocsti(tty, p); case TIOCGWINSZ: return tiocgwinsz(real_tty, p); case TIOCSWINSZ: return tiocswinsz(real_tty, p); case TIOCCONS: return real_tty != tty ? -EINVAL : tioccons(file); case FIONBIO: return fionbio(file, p); case TIOCEXCL: set_bit(TTY_EXCLUSIVE, &tty->flags); return 0; case TIOCNXCL: clear_bit(TTY_EXCLUSIVE, &tty->flags); return 0; case TIOCGEXCL: { int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); return put_user(excl, (int __user *)p); } case TIOCNOTTY: if (current->signal->tty != tty) return -ENOTTY; no_tty(); return 0; case TIOCSCTTY: return tiocsctty(real_tty, file, arg); case TIOCGPGRP: return tiocgpgrp(tty, real_tty, p); case TIOCSPGRP: return tiocspgrp(tty, real_tty, p); case TIOCGSID: return tiocgsid(tty, real_tty, p); case TIOCGETD: return put_user(tty->ldisc->ops->num, (int __user *)p); case TIOCSETD: return tiocsetd(tty, p); case TIOCVHANGUP: if (!capable(CAP_SYS_ADMIN)) return -EPERM; tty_vhangup(tty); return 0; case TIOCGDEV: { unsigned int ret = new_encode_dev(tty_devnum(real_tty)); return put_user(ret, (unsigned int __user *)p); } case TIOCSBRK: if (tty->ops->break_ctl) return tty->ops->break_ctl(tty, -1); return 0; case TIOCCBRK: if (tty->ops->break_ctl) return tty->ops->break_ctl(tty, 0); return 0; case TCSBRK: if (!arg) return send_break(tty, 250); return 0; case TCSBRKP: return send_break(tty, arg ? arg*100 : 250); case TIOCMGET: return tty_tiocmget(tty, p); case TIOCMSET: case TIOCMBIC: case TIOCMBIS: return tty_tiocmset(tty, cmd, p); case TIOCGICOUNT: retval = tty_tiocgicount(tty, p); if (retval != -EINVAL) return retval; break; case TCFLSH: switch (arg) { case TCIFLUSH: case TCIOFLUSH: tty_buffer_flush(tty, NULL); break; } break; case TIOCSSERIAL: tty_warn_deprecated_flags(p); break; } if (tty->ops->ioctl) { retval = tty->ops->ioctl(tty, cmd, arg); if (retval != -ENOIOCTLCMD) return retval; } ld = tty_ldisc_ref_wait(tty); retval = -EINVAL; if (ld->ops->ioctl) { retval = ld->ops->ioctl(tty, file, cmd, arg); if (retval == -ENOIOCTLCMD) retval = -ENOTTY; } tty_ldisc_deref(ld); return retval; }",visit repo url,drivers/tty/tty_io.c,https://github.com/torvalds/linux,209925273952053,1 5930,['CWE-909'],"static int qdisc_class_dump(struct Qdisc *q, unsigned long cl, struct qdisc_walker *arg) { struct qdisc_dump_args *a = (struct qdisc_dump_args *)arg; return tc_fill_tclass(a->skb, q, cl, NETLINK_CB(a->cb->skb).pid, a->cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWTCLASS); }",linux-2.6,,,311905130128188786689110416775737984443,0 5101,['CWE-20'],"static void vmx_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg) { struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; u32 ar; var->base = vmcs_readl(sf->base); var->limit = vmcs_read32(sf->limit); var->selector = vmcs_read16(sf->selector); ar = vmcs_read32(sf->ar_bytes); if ((ar & AR_UNUSABLE_MASK) && !emulate_invalid_guest_state) ar = 0; var->type = ar & 15; var->s = (ar >> 4) & 1; var->dpl = (ar >> 5) & 3; var->present = (ar >> 7) & 1; var->avl = (ar >> 12) & 1; var->l = (ar >> 13) & 1; var->db = (ar >> 14) & 1; var->g = (ar >> 15) & 1; var->unusable = (ar >> 16) & 1; }",linux-2.6,,,35447549446431568020382999260839889836,0 6251,CWE-190,"static void pp_mil_k54(fp54_t r, const fp9_t qx, const fp9_t qy, const ep_t p, const bn_t a) { fp54_t l; ep_t _p; fp9_t rx, ry, rz, sx, sy, sz, qn; int i, len = bn_bits(a) + 1; int8_t s[RLC_FP_BITS + 1]; fp54_null(l); ep_null(_p); fp9_null(rx); fp9_null(ry); fp9_null(rz); fp9_null(sx); fp9_null(sy); fp9_null(sz); RLC_TRY { fp54_new(l); ep_new(_p); fp9_new(rx); fp9_new(ry); fp9_new(rz); fp9_new(sx); fp9_new(sy); fp9_new(sz); fp9_new(qn); fp54_zero(l); fp9_copy(rx, qx); fp9_copy(ry, qy); fp9_set_dig(rz, 1); #if EP_ADD == BASIC ep_neg(_p, p); #else fp_add(_p->x, p->x, p->x); fp_add(_p->x, _p->x, p->x); fp_neg(_p->y, p->y); #endif fp9_neg(qn, qy); bn_rec_naf(s, &len, a, 2); for (i = len - 2; i >= 0; i--) { fp54_sqr(r, r); pp_dbl_k54(l, rx, ry, rz, _p); fp54_mul_dxs(r, r, l); if (s[i] > 0) { pp_add_k54(l, rx, ry, rz, qx, qy, p); fp54_mul_dxs(r, r, l); } if (s[i] < 0) { pp_add_k54(l, rx, ry, rz, qx, qn, p); fp54_mul_dxs(r, r, l); } } fp54_sqr(l, r); fp54_mul(r, r, l); fp54_zero(l); fp9_copy(sx, rx); fp9_copy(sy, ry); fp9_copy(sz, rz); pp_dbl_k54(l, sx, sy, sz, _p); fp54_mul_dxs(r, r, l); #if EP_ADD == PROJC fp9_inv(sz, sz); fp9_mul(sx, sx, sz); fp9_mul(sy, sy, sz); #endif pp_add_k54(l, rx, ry, rz, sx, sy, p); fp54_mul_dxs(r, r, l); fp9_frb(rx, qx, 1); fp9_frb(ry, qy, 1); fp9_zero(sz); fp3_set_dig(sz[1], 1); fp9_inv(sz, sz); fp_copy(sz[0][0], sz[2][2]); fp_mul(sz[0][0], sz[0][0], core_get()->fp3_p0[1]); fp_mul(sz[0][0], sz[0][0], core_get()->fp3_p1[3]); fp_mul(sz[0][0], sz[0][0], core_get()->fp3_p1[0]); fp3_mul_nor(sz[0], sz[0]); fp3_mul_nor(sz[0], sz[0]); fp3_mul_nor(sz[0], sz[0]); fp_mul(sz[1][0], sz[0][0], core_get()->fp3_p2[1]); for (int i = 0; i < 3; i++) { fp3_mul(ry[i], ry[i], sz[0]); fp3_mul(rx[i], rx[i], sz[1]); } fp9_frb(sx, qx, 10); fp9_frb(sy, qy, 10); for (int j = 0; j < 10; j++) { for (int i = 0; i < 3; i++) { fp3_mul(sy[i], sy[i], sz[0]); fp3_mul(sx[i], sx[i], sz[1]); } } fp9_set_dig(sz, 1); pp_add_k54(l, sx, sy, sz, rx, ry, p); fp54_mul_dxs(r, r, l); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp54_free(l); ep_free(_p); fp9_free(rx); fp9_free(ry); fp9_free(rz); fp9_free(sx); fp9_free(sy); fp9_free(sz); fp9_free(qn); } }",visit repo url,src/pp/relic_pp_map_k54.c,https://github.com/relic-toolkit/relic,147071915267972,1 5389,CWE-125,"void SavePayload(size_t handle, uint32_t *payload, uint32_t index) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return; uint32_t *MP4buffer = NULL; if (index < mp4->indexcount && mp4->mediafp && payload) { LONGSEEK(mp4->mediafp, mp4->metaoffsets[index], SEEK_SET); fwrite(payload, 1, mp4->metasizes[index], mp4->mediafp); } return; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,168190559431340,1 4518,CWE-189,"static Fixed lsr_translate_coords(GF_LASeRCodec *lsr, u32 val, u32 nb_bits) { if (!nb_bits) return 0; #ifdef GPAC_FIXED_POINT if (val >> (nb_bits-1) ) { s32 neg = (s32) val - (1<res_factor); return gf_divfix(INT2FIX(neg), lsr->res_factor); } else { if (val > FIX_ONE / 2) return 2 * gf_divfix(INT2FIX(val/2), lsr->res_factor); return gf_divfix(INT2FIX(val), lsr->res_factor); } #else if (val >> (nb_bits-1) ) { s32 neg = (s32) val - (1<res_factor); } else { return gf_divfix(INT2FIX(val), lsr->res_factor); } #endif }",visit repo url,src/laser/lsr_dec.c,https://github.com/gpac/gpac,141622124066206,1 629,CWE-20,"int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *isk = inet_sk(sk); int family = sk->sk_family; struct sockaddr_in *sin; struct sockaddr_in6 *sin6; struct sk_buff *skb; int copied, err; pr_debug(""ping_recvmsg(sk=%p,sk->num=%u)\n"", isk, isk->inet_num); err = -EOPNOTSUPP; if (flags & MSG_OOB) goto out; if (addr_len) { if (family == AF_INET) *addr_len = sizeof(*sin); else if (family == AF_INET6 && addr_len) *addr_len = sizeof(*sin6); } if (flags & MSG_ERRQUEUE) { if (family == AF_INET) { return ip_recv_error(sk, msg, len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { return pingv6_ops.ipv6_recv_error(sk, msg, len); #endif } } skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_timestamp(msg, sk, skb); if (family == AF_INET) { sin = (struct sockaddr_in *) msg->msg_name; sin->sin_family = AF_INET; sin->sin_port = 0 ; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); if (isk->cmsg_flags) ip_cmsg_recv(msg, skb); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { struct ipv6_pinfo *np = inet6_sk(sk); struct ipv6hdr *ip6 = ipv6_hdr(skb); sin6 = (struct sockaddr_in6 *) msg->msg_name; sin6->sin6_family = AF_INET6; sin6->sin6_port = 0; sin6->sin6_addr = ip6->saddr; sin6->sin6_flowinfo = 0; if (np->sndflow) sin6->sin6_flowinfo = ip6_flowinfo(ip6); sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); if (inet6_sk(sk)->rxopt.all) pingv6_ops.ip6_datagram_recv_ctl(sk, msg, skb); #endif } else { BUG(); } err = copied; done: skb_free_datagram(sk, skb); out: pr_debug(""ping_recvmsg -> %d\n"", err); return err; }",visit repo url,net/ipv4/ping.c,https://github.com/torvalds/linux,75563104669123,1 1138,CWE-119,"static int nl80211_start_sched_scan(struct sk_buff *skb, struct genl_info *info) { struct cfg80211_sched_scan_request *request; struct cfg80211_registered_device *rdev = info->user_ptr[0]; struct net_device *dev = info->user_ptr[1]; struct nlattr *attr; struct wiphy *wiphy; int err, tmp, n_ssids = 0, n_channels, i; u32 interval; enum ieee80211_band band; size_t ie_len; if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) || !rdev->ops->sched_scan_start) return -EOPNOTSUPP; if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) return -EINVAL; if (rdev->sched_scan_req) return -EINPROGRESS; if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]) return -EINVAL; interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]); if (interval == 0) return -EINVAL; wiphy = &rdev->wiphy; if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { n_channels = validate_scan_freqs( info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); if (!n_channels) return -EINVAL; } else { n_channels = 0; for (band = 0; band < IEEE80211_NUM_BANDS; band++) if (wiphy->bands[band]) n_channels += wiphy->bands[band]->n_channels; } if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) n_ssids++; if (n_ssids > wiphy->max_scan_ssids) return -EINVAL; if (info->attrs[NL80211_ATTR_IE]) ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); else ie_len = 0; if (ie_len > wiphy->max_scan_ie_len) return -EINVAL; request = kzalloc(sizeof(*request) + sizeof(*request->ssids) * n_ssids + sizeof(*request->channels) * n_channels + ie_len, GFP_KERNEL); if (!request) return -ENOMEM; if (n_ssids) request->ssids = (void *)&request->channels[n_channels]; request->n_ssids = n_ssids; if (ie_len) { if (request->ssids) request->ie = (void *)(request->ssids + n_ssids); else request->ie = (void *)(request->channels + n_channels); } i = 0; if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { struct ieee80211_channel *chan; chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); if (!chan) { err = -EINVAL; goto out_free; } if (chan->flags & IEEE80211_CHAN_DISABLED) continue; request->channels[i] = chan; i++; } } else { for (band = 0; band < IEEE80211_NUM_BANDS; band++) { int j; if (!wiphy->bands[band]) continue; for (j = 0; j < wiphy->bands[band]->n_channels; j++) { struct ieee80211_channel *chan; chan = &wiphy->bands[band]->channels[j]; if (chan->flags & IEEE80211_CHAN_DISABLED) continue; request->channels[i] = chan; i++; } } } if (!i) { err = -EINVAL; goto out_free; } request->n_channels = i; i = 0; if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) { err = -EINVAL; goto out_free; } memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); request->ssids[i].ssid_len = nla_len(attr); i++; } } if (info->attrs[NL80211_ATTR_IE]) { request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); memcpy((void *)request->ie, nla_data(info->attrs[NL80211_ATTR_IE]), request->ie_len); } request->dev = dev; request->wiphy = &rdev->wiphy; request->interval = interval; err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request); if (!err) { rdev->sched_scan_req = request; nl80211_send_sched_scan(rdev, dev, NL80211_CMD_START_SCHED_SCAN); goto out; } out_free: kfree(request); out: return err;",visit repo url,net/wireless/nl80211.c,https://github.com/torvalds/linux,153873571055489,1 2003,['CWE-20'],"static inline int use_zero_page(struct vm_area_struct *vma) { if (vma->vm_flags & (VM_LOCKED | VM_SHARED)) return 0; return !vma->vm_ops || (!vma->vm_ops->fault && !vma->vm_ops->nopfn); }",linux-2.6,,,283269546613330920910078761973039104178,0 5793,CWE-125,"snmp_engine_get_bulk(snmp_header_t *header, snmp_varbind_t *varbinds, uint32_t *varbinds_length) { snmp_mib_resource_t *resource; uint32_t i, j, original_varbinds_length; uint32_t oid[SNMP_MAX_NR_VALUES][SNMP_MSG_OID_MAX_LEN]; uint8_t repeater; original_varbinds_length = *varbinds_length; for(i = 0; i < original_varbinds_length; i++) { snmp_oid_copy(oid[i], varbinds[i].oid); } *varbinds_length = 0; for(i = 0; i < original_varbinds_length; i++) { if(i >= header->error_status_non_repeaters.non_repeaters) { break; } resource = snmp_mib_find_next(oid[i]); if(!resource) { switch(header->version) { case SNMP_VERSION_1: header->error_status_non_repeaters.error_status = SNMP_STATUS_NO_SUCH_NAME; header->error_index_max_repetitions.error_index = i + 1; break; case SNMP_VERSION_2C: (&varbinds[i])->value_type = SNMP_DATA_TYPE_END_OF_MIB_VIEW; break; default: header->error_status_non_repeaters.error_status = SNMP_STATUS_NO_SUCH_NAME; header->error_index_max_repetitions.error_index = 0; } } else { if(*varbinds_length < SNMP_MAX_NR_VALUES) { resource->handler(&varbinds[*varbinds_length], resource->oid); (*varbinds_length)++; } } } for(i = 0; i < header->error_index_max_repetitions.max_repetitions; i++) { repeater = 0; for(j = header->error_status_non_repeaters.non_repeaters; j < original_varbinds_length; j++) { resource = snmp_mib_find_next(oid[j]); if(!resource) { switch(header->version) { case SNMP_VERSION_1: header->error_status_non_repeaters.error_status = SNMP_STATUS_NO_SUCH_NAME; header->error_index_max_repetitions.error_index = *varbinds_length + 1; break; case SNMP_VERSION_2C: if(*varbinds_length < SNMP_MAX_NR_VALUES) { (&varbinds[*varbinds_length])->value_type = SNMP_DATA_TYPE_END_OF_MIB_VIEW; snmp_oid_copy((&varbinds[*varbinds_length])->oid, oid[j]); (*varbinds_length)++; } break; default: header->error_status_non_repeaters.error_status = SNMP_STATUS_NO_SUCH_NAME; header->error_index_max_repetitions.error_index = 0; } } else { if(*varbinds_length < SNMP_MAX_NR_VALUES) { resource->handler(&varbinds[*varbinds_length], resource->oid); (*varbinds_length)++; snmp_oid_copy(oid[j], resource->oid); repeater++; } } } if(repeater == 0) { break; } } return 0; }",visit repo url,os/net/app-layer/snmp/snmp-engine.c,https://github.com/contiki-ng/contiki-ng,109256457766824,1 4765,CWE-119,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 2485,['CWE-119'],"void diff_free_filepair(struct diff_filepair *p) { free_filespec(p->one); free_filespec(p->two); free(p); }",git,,,205128067284371374909029085668744023155,0 5838,['CWE-200'],"static int ec_dev_ioctl(struct socket *sock, unsigned int cmd, void __user *arg) { struct ifreq ifr; struct ec_device *edev; struct net_device *dev; struct sockaddr_ec *sec; int err; if (copy_from_user(&ifr, arg, sizeof(struct ifreq))) return -EFAULT; if ((dev = dev_get_by_name(&init_net, ifr.ifr_name)) == NULL) return -ENODEV; sec = (struct sockaddr_ec *)&ifr.ifr_addr; mutex_lock(&econet_mutex); err = 0; switch (cmd) { case SIOCSIFADDR: edev = dev->ec_ptr; if (edev == NULL) { edev = kzalloc(sizeof(struct ec_device), GFP_KERNEL); if (edev == NULL) { err = -ENOMEM; break; } dev->ec_ptr = edev; } else net2dev_map[edev->net] = NULL; edev->station = sec->addr.station; edev->net = sec->addr.net; net2dev_map[sec->addr.net] = dev; if (!net2dev_map[0]) net2dev_map[0] = dev; break; case SIOCGIFADDR: edev = dev->ec_ptr; if (edev == NULL) { err = -ENODEV; break; } memset(sec, 0, sizeof(struct sockaddr_ec)); sec->addr.station = edev->station; sec->addr.net = edev->net; sec->sec_family = AF_ECONET; dev_put(dev); if (copy_to_user(arg, &ifr, sizeof(struct ifreq))) err = -EFAULT; break; default: err = -EINVAL; break; } mutex_unlock(&econet_mutex); dev_put(dev); return err; }",linux-2.6,,,218733024801814556098173304048177283691,0 5536,CWE-125,"obj2ast_keyword(PyObject* obj, keyword_ty* out, PyArena* arena) { PyObject* tmp = NULL; identifier arg; expr_ty value; if (exists_not_none(obj, &PyId_arg)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_arg); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &arg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { arg = NULL; } if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from keyword""); return 1; } *out = keyword(arg, value, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,248224216078475,1 74,CWE-772,"create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->rec.principal, &rp) || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_ADD; log_unauth(""kadm5_create_principal"", prime_arg, &client_name, &service_name, rqstp); } else { ret.code = kadm5_create_principal((void *)handle, &arg->rec, arg->mask, arg->passwd); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_create_principal"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,198581323616832,1 5040,CWE-119,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 3957,CWE-190,"JSON_read(int fd) { uint32_t hsize, nsize; char *str; cJSON *json = NULL; int rc; if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) { hsize = ntohl(nsize); str = (char *) calloc(sizeof(char), hsize+1); if (str != NULL) { rc = Nread(fd, str, hsize, Ptcp); if (rc >= 0) { if (rc == hsize) { json = cJSON_Parse(str); } else { printf(""WARNING: Size of data read does not correspond to offered length\n""); } } } free(str); } return json; }",visit repo url,src/iperf_api.c,https://github.com/esnet/iperf,177544651675942,1 4081,CWE-787,"grub_ext2_iterate_dir (grub_fshelp_node_t dir, int (*hook) (const char *filename, enum grub_fshelp_filetype filetype, grub_fshelp_node_t node, void *closure), void *closure) { unsigned int fpos = 0; struct grub_fshelp_node *diro = (struct grub_fshelp_node *) dir; if (! diro->inode_read) { grub_ext2_read_inode (diro->data, diro->ino, &diro->inode); if (grub_errno) return 0; } if (hook) while (fpos < grub_le_to_cpu32 (diro->inode.size)) { struct ext2_dirent dirent; grub_ext2_read_file (diro, NULL, NULL, 0, fpos, sizeof (dirent), (char *) &dirent); if (grub_errno) return 0; if (dirent.direntlen == 0) return 0; if (dirent.namelen != 0) { #ifndef _MSC_VER char filename[dirent.namelen + 1]; #else char * filename = grub_malloc (dirent.namelen + 1); #endif struct grub_fshelp_node *fdiro; enum grub_fshelp_filetype type = GRUB_FSHELP_UNKNOWN; grub_ext2_read_file (diro, 0, 0, 0, fpos + sizeof (struct ext2_dirent), dirent.namelen, filename); if (grub_errno) return 0; fdiro = grub_malloc (sizeof (struct grub_fshelp_node)); if (! fdiro) return 0; fdiro->data = diro->data; fdiro->ino = grub_le_to_cpu32 (dirent.inode); filename[dirent.namelen] = '\0'; if (dirent.filetype != FILETYPE_UNKNOWN) { fdiro->inode_read = 0; if (dirent.filetype == FILETYPE_DIRECTORY) type = GRUB_FSHELP_DIR; else if (dirent.filetype == FILETYPE_SYMLINK) type = GRUB_FSHELP_SYMLINK; else if (dirent.filetype == FILETYPE_REG) type = GRUB_FSHELP_REG; } else { grub_ext2_read_inode (diro->data, grub_le_to_cpu32 (dirent.inode), &fdiro->inode); if (grub_errno) { grub_free (fdiro); return 0; } fdiro->inode_read = 1; if ((grub_le_to_cpu16 (fdiro->inode.mode) & FILETYPE_INO_MASK) == FILETYPE_INO_DIRECTORY) type = GRUB_FSHELP_DIR; else if ((grub_le_to_cpu16 (fdiro->inode.mode) & FILETYPE_INO_MASK) == FILETYPE_INO_SYMLINK) type = GRUB_FSHELP_SYMLINK; else if ((grub_le_to_cpu16 (fdiro->inode.mode) & FILETYPE_INO_MASK) == FILETYPE_INO_REG) type = GRUB_FSHELP_REG; } if (hook (filename, type, fdiro, closure)) return 1; } fpos += grub_le_to_cpu16 (dirent.direntlen); } return 0; }",visit repo url,shlr/grub/fs/ext2.c,https://github.com/radare/radare2,15436402557295,1 3067,['CWE-189'],"void jas_image_clearfmts() { int i; jas_image_fmtinfo_t *fmtinfo; for (i = 0; i < jas_image_numfmts; ++i) { fmtinfo = &jas_image_fmtinfos[i]; if (fmtinfo->name) { jas_free(fmtinfo->name); fmtinfo->name = 0; } if (fmtinfo->ext) { jas_free(fmtinfo->ext); fmtinfo->ext = 0; } if (fmtinfo->desc) { jas_free(fmtinfo->desc); fmtinfo->desc = 0; } } jas_image_numfmts = 0; }",jasper,,,242403576044534752852094450943274895344,0 2153,CWE-476,"static int read_one_chunk(struct btrfs_fs_info *fs_info, struct btrfs_key *key, struct extent_buffer *leaf, struct btrfs_chunk *chunk) { struct btrfs_mapping_tree *map_tree = &fs_info->mapping_tree; struct map_lookup *map; struct extent_map *em; u64 logical; u64 length; u64 devid; u8 uuid[BTRFS_UUID_SIZE]; int num_stripes; int ret; int i; logical = key->offset; length = btrfs_chunk_length(leaf, chunk); num_stripes = btrfs_chunk_num_stripes(leaf, chunk); ret = btrfs_check_chunk_valid(fs_info, leaf, chunk, logical); if (ret) return ret; read_lock(&map_tree->map_tree.lock); em = lookup_extent_mapping(&map_tree->map_tree, logical, 1); read_unlock(&map_tree->map_tree.lock); if (em && em->start <= logical && em->start + em->len > logical) { free_extent_map(em); return 0; } else if (em) { free_extent_map(em); } em = alloc_extent_map(); if (!em) return -ENOMEM; map = kmalloc(map_lookup_size(num_stripes), GFP_NOFS); if (!map) { free_extent_map(em); return -ENOMEM; } set_bit(EXTENT_FLAG_FS_MAPPING, &em->flags); em->map_lookup = map; em->start = logical; em->len = length; em->orig_start = 0; em->block_start = 0; em->block_len = em->len; map->num_stripes = num_stripes; map->io_width = btrfs_chunk_io_width(leaf, chunk); map->io_align = btrfs_chunk_io_align(leaf, chunk); map->stripe_len = btrfs_chunk_stripe_len(leaf, chunk); map->type = btrfs_chunk_type(leaf, chunk); map->sub_stripes = btrfs_chunk_sub_stripes(leaf, chunk); map->verified_stripes = 0; for (i = 0; i < num_stripes; i++) { map->stripes[i].physical = btrfs_stripe_offset_nr(leaf, chunk, i); devid = btrfs_stripe_devid_nr(leaf, chunk, i); read_extent_buffer(leaf, uuid, (unsigned long) btrfs_stripe_dev_uuid_nr(chunk, i), BTRFS_UUID_SIZE); map->stripes[i].dev = btrfs_find_device(fs_info->fs_devices, devid, uuid, NULL); if (!map->stripes[i].dev && !btrfs_test_opt(fs_info, DEGRADED)) { free_extent_map(em); btrfs_report_missing_device(fs_info, devid, uuid, true); return -ENOENT; } if (!map->stripes[i].dev) { map->stripes[i].dev = add_missing_dev(fs_info->fs_devices, devid, uuid); if (IS_ERR(map->stripes[i].dev)) { free_extent_map(em); btrfs_err(fs_info, ""failed to init missing dev %llu: %ld"", devid, PTR_ERR(map->stripes[i].dev)); return PTR_ERR(map->stripes[i].dev); } btrfs_report_missing_device(fs_info, devid, uuid, false); } set_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &(map->stripes[i].dev->dev_state)); } write_lock(&map_tree->map_tree.lock); ret = add_extent_mapping(&map_tree->map_tree, em, 0); write_unlock(&map_tree->map_tree.lock); if (ret < 0) { btrfs_err(fs_info, ""failed to add chunk map, start=%llu len=%llu: %d"", em->start, em->len, ret); } free_extent_map(em); return ret; }",visit repo url,fs/btrfs/volumes.c,https://github.com/torvalds/linux,88116274556453,1 4646,['CWE-399'],"static inline void ext4_update_i_disksize(struct inode *inode, loff_t newsize) { down_write(&EXT4_I(inode)->i_data_sem); if (newsize > EXT4_I(inode)->i_disksize) EXT4_I(inode)->i_disksize = newsize; up_write(&EXT4_I(inode)->i_data_sem); return ;",linux-2.6,,,219877886734473690977350047458596067315,0 1108,CWE-362,"static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) { struct ipcm_cookie ipc; struct rtable *rt = skb_rtable(skb); struct net *net = dev_net(rt->dst.dev); struct sock *sk; struct inet_sock *inet; __be32 daddr; if (ip_options_echo(&icmp_param->replyopts, skb)) return; sk = icmp_xmit_lock(net); if (sk == NULL) return; inet = inet_sk(sk); icmp_param->data.icmph.checksum = 0; inet->tos = ip_hdr(skb)->tos; daddr = ipc.addr = rt->rt_src; ipc.opt = NULL; ipc.tx_flags = 0; if (icmp_param->replyopts.optlen) { ipc.opt = &icmp_param->replyopts; if (ipc.opt->srr) daddr = icmp_param->replyopts.faddr; } { struct flowi4 fl4 = { .daddr = daddr, .saddr = rt->rt_spec_dst, .flowi4_tos = RT_TOS(ip_hdr(skb)->tos), .flowi4_proto = IPPROTO_ICMP, }; security_skb_classify_flow(skb, flowi4_to_flowi(&fl4)); rt = ip_route_output_key(net, &fl4); if (IS_ERR(rt)) goto out_unlock; } if (icmpv4_xrlim_allow(net, rt, icmp_param->data.icmph.type, icmp_param->data.icmph.code)) icmp_push_reply(icmp_param, &ipc, &rt); ip_rt_put(rt); out_unlock: icmp_xmit_unlock(sk); }",visit repo url,net/ipv4/icmp.c,https://github.com/torvalds/linux,217168461804190,1 3434,['CWE-264'],"static ssize_t splice_to_pipe(struct pipe_inode_info *pipe, struct splice_pipe_desc *spd) { int ret, do_wakeup, page_nr; ret = 0; do_wakeup = 0; page_nr = 0; if (pipe->inode) mutex_lock(&pipe->inode->i_mutex); for (;;) { if (!pipe->readers) { send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; break; } if (pipe->nrbufs < PIPE_BUFFERS) { int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1); struct pipe_buffer *buf = pipe->bufs + newbuf; buf->page = spd->pages[page_nr]; buf->offset = spd->partial[page_nr].offset; buf->len = spd->partial[page_nr].len; buf->ops = spd->ops; if (spd->flags & SPLICE_F_GIFT) buf->flags |= PIPE_BUF_FLAG_GIFT; pipe->nrbufs++; page_nr++; ret += buf->len; if (pipe->inode) do_wakeup = 1; if (!--spd->nr_pages) break; if (pipe->nrbufs < PIPE_BUFFERS) continue; break; } if (spd->flags & SPLICE_F_NONBLOCK) { if (!ret) ret = -EAGAIN; break; } if (signal_pending(current)) { if (!ret) ret = -ERESTARTSYS; break; } if (do_wakeup) { smp_mb(); if (waitqueue_active(&pipe->wait)) wake_up_interruptible_sync(&pipe->wait); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); do_wakeup = 0; } pipe->waiting_writers++; pipe_wait(pipe); pipe->waiting_writers--; } if (pipe->inode) mutex_unlock(&pipe->inode->i_mutex); if (do_wakeup) { smp_mb(); if (waitqueue_active(&pipe->wait)) wake_up_interruptible(&pipe->wait); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); } while (page_nr < spd->nr_pages) page_cache_release(spd->pages[page_nr++]); return ret; }",linux-2.6,,,81477157570048834991917868072965616782,0 4235,CWE-78,"static int download(struct SPDBDownloader *pd) { SPDBDownloaderOpt *opt = pd->opt; char *curl_cmd = NULL; char *extractor_cmd = NULL; char *abspath_to_archive = NULL; char *abspath_to_file = NULL; char *archive_name = NULL; size_t archive_name_len = 0; char *symbol_store_path = NULL; char *dbg_file = NULL; char *guid = NULL; char *archive_name_escaped = NULL; char *user_agent = NULL; char *symbol_server = NULL; int res = 0; int cmd_ret; if (!opt->dbg_file || !*opt->dbg_file) { return 0; } if (!checkCurl ()) { return 0; } archive_name_len = strlen (opt->dbg_file); archive_name = malloc (archive_name_len + 1); if (!archive_name) { return 0; } memcpy (archive_name, opt->dbg_file, archive_name_len + 1); archive_name[archive_name_len - 1] = '_'; symbol_store_path = r_str_escape (opt->symbol_store_path); dbg_file = r_str_escape (opt->dbg_file); guid = r_str_escape (opt->guid); archive_name_escaped = r_str_escape (archive_name); user_agent = r_str_escape (opt->user_agent); symbol_server = r_str_escape (opt->symbol_server); abspath_to_archive = r_str_newf (""%s%s%s%s%s%s%s"", symbol_store_path, R_SYS_DIR, dbg_file, R_SYS_DIR, guid, R_SYS_DIR, archive_name_escaped); abspath_to_file = strdup (abspath_to_archive); abspath_to_file[strlen (abspath_to_file) - 1] = 'b'; if (r_file_exists (abspath_to_file)) { eprintf (""File already downloaded.\n""); R_FREE (user_agent); R_FREE (abspath_to_archive); R_FREE (archive_name_escaped); R_FREE (symbol_store_path); R_FREE (dbg_file); R_FREE (guid); R_FREE (archive_name); R_FREE (abspath_to_file); R_FREE (symbol_server); return 1; } if (checkExtract () || opt->extract == 0) { res = 1; curl_cmd = r_str_newf (""curl -sfLA \""%s\"" \""%s/%s/%s/%s\"" --create-dirs -o \""%s\"""", user_agent, symbol_server, dbg_file, guid, archive_name_escaped, abspath_to_archive); #if __WINDOWS__ const char *cabextractor = ""expand""; const char *format = ""%s %s %s""; extractor_cmd = r_str_newf (format, cabextractor, abspath_to_archive, abspath_to_file); #else const char *cabextractor = ""cabextract""; const char *format = ""%s -d \""%s\"" \""%s\""""; char *abspath_to_dir = r_file_dirname (abspath_to_archive); extractor_cmd = r_str_newf (format, cabextractor, abspath_to_dir, abspath_to_archive); R_FREE (abspath_to_dir); #endif eprintf (""Attempting to download compressed pdb in %s\n"", abspath_to_archive); if ((cmd_ret = r_sys_cmd (curl_cmd) != 0)) { eprintf(""curl exited with error %d\n"", cmd_ret); res = 0; } eprintf (""Attempting to decompress pdb\n""); if (opt->extract > 0) { if (res && ((cmd_ret = r_sys_cmd (extractor_cmd)) != 0)) { eprintf (""cab extractor exited with error %d\n"", cmd_ret); res = 0; } r_file_rm (abspath_to_archive); } R_FREE (curl_cmd); } if (res == 0) { eprintf (""Falling back to uncompressed pdb\n""); res = 1; archive_name_escaped[strlen (archive_name_escaped) - 1] = 'b'; curl_cmd = r_str_newf (""curl -sfLA \""%s\"" \""%s/%s/%s/%s\"" --create-dirs -o \""%s\"""", opt->user_agent, opt->symbol_server, opt->dbg_file, opt->guid, archive_name_escaped, abspath_to_file); eprintf (""Attempting to download uncompressed pdb in %s\n"", abspath_to_file); if ((cmd_ret = r_sys_cmd (curl_cmd) != 0)) { eprintf(""curl exited with error %d\n"", cmd_ret); res = 0; } R_FREE (curl_cmd); } R_FREE (abspath_to_archive); R_FREE (abspath_to_file); R_FREE (archive_name); R_FREE (extractor_cmd); R_FREE (symbol_store_path); R_FREE (dbg_file); R_FREE (guid); R_FREE (archive_name_escaped); R_FREE (user_agent); R_FREE (symbol_server); return res; }",visit repo url,libr/bin/pdb/pdb_downloader.c,https://github.com/radareorg/radare2,146982157835186,1 2915,CWE-119,"DECLAREreadFunc(readContigTilesIntoBuffer) { int status = 1; tsize_t tilesize = TIFFTileSize(in); tdata_t tilebuf; uint32 imagew = TIFFScanlineSize(in); uint32 tilew = TIFFTileRowSize(in); int iskew = imagew - tilew; uint8* bufp = (uint8*) buf; uint32 tw, tl; uint32 row; (void) spp; tilebuf = _TIFFmalloc(tilesize); if (tilebuf == 0) return 0; _TIFFmemset(tilebuf, 0, tilesize); (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); for (row = 0; row < imagelength; row += tl) { uint32 nrow = (row+tl > imagelength) ? imagelength-row : tl; uint32 colb = 0; uint32 col; for (col = 0; col < imagewidth && colb < imagew; col += tw) { if (TIFFReadTile(in, tilebuf, col, row, 0, 0) < 0 && !ignore) { TIFFError(TIFFFileName(in), ""Error, can't read tile at %lu %lu"", (unsigned long) col, (unsigned long) row); status = 0; goto done; } if (colb + tilew > imagew) { uint32 width = imagew - colb; uint32 oskew = tilew - width; cpStripToTile(bufp + colb, tilebuf, nrow, width, oskew + iskew, oskew ); } else cpStripToTile(bufp + colb, tilebuf, nrow, tilew, iskew, 0); colb += tilew; } bufp += imagew * nrow; } done: _TIFFfree(tilebuf); return status; }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,21521315972342,1 3116,['CWE-189'],"static int jas_icclut8_getsize(jas_iccattrval_t *attrval) { jas_icclut8_t *lut8 = &attrval->data.lut8; return 44 + lut8->numinchans * lut8->numintabents + lut8->numoutchans * lut8->numouttabents + jas_iccpowi(lut8->clutlen, lut8->numinchans) * lut8->numoutchans; }",jasper,,,172936439238801632083405768990159938283,0 1185,['CWE-189'],static inline void hrtimer_init_timer_hres(struct hrtimer *timer) { },linux-2.6,,,152290921550850763351193796827639283635,0 1536,CWE-17,"void bpf_int_jit_compile(struct bpf_prog *prog) { struct bpf_binary_header *header = NULL; int proglen, oldproglen = 0; struct jit_context ctx = {}; u8 *image = NULL; int *addrs; int pass; int i; if (!bpf_jit_enable) return; if (!prog || !prog->len) return; addrs = kmalloc(prog->len * sizeof(*addrs), GFP_KERNEL); if (!addrs) return; for (proglen = 0, i = 0; i < prog->len; i++) { proglen += 64; addrs[i] = proglen; } ctx.cleanup_addr = proglen; for (pass = 0; pass < 10; pass++) { proglen = do_jit(prog, addrs, image, oldproglen, &ctx); if (proglen <= 0) { image = NULL; if (header) bpf_jit_binary_free(header); goto out; } if (image) { if (proglen != oldproglen) { pr_err(""bpf_jit: proglen=%d != oldproglen=%d\n"", proglen, oldproglen); goto out; } break; } if (proglen == oldproglen) { header = bpf_jit_binary_alloc(proglen, &image, 1, jit_fill_hole); if (!header) goto out; } oldproglen = proglen; } if (bpf_jit_enable > 1) bpf_jit_dump(prog->len, proglen, 0, image); if (image) { bpf_flush_icache(header, image + proglen); set_memory_ro((unsigned long)header, header->pages); prog->bpf_func = (void *)image; prog->jited = true; } out: kfree(addrs); }",visit repo url,arch/x86/net/bpf_jit_comp.c,https://github.com/torvalds/linux,262495586417987,1 2708,CWE-190,"SPL_METHOD(DirectoryIterator, getBasename) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); char *suffix = 0, *fname; int slen = 0; size_t flen; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""|s"", &suffix, &slen) == FAILURE) { return; } php_basename(intern->u.dir.entry.d_name, strlen(intern->u.dir.entry.d_name), suffix, slen, &fname, &flen TSRMLS_CC); RETURN_STRINGL(fname, flen, 0); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,65829797197285,1 5654,['CWE-476'],"void __init udpv6_init(void) { if (inet6_add_protocol(&udpv6_protocol, IPPROTO_UDP) < 0) printk(KERN_ERR ""udpv6_init: Could not register protocol\n""); inet6_register_protosw(&udpv6_protosw); }",linux-2.6,,,318691166495685553931125373197767663216,0 6371,[],"void printRtf (FILE *fptr, variableLength *vl) { gint index; gchar *byte; gint brace_ct; gint key; key = 0; brace_ct = 0; for (index = 0, byte=vl->data; index < vl->size; index++, byte++) { if (*byte == '}') { brace_ct--; key = 0; continue; } if (*byte == '{') { brace_ct++; continue; } if (*byte == '\\') { key = 1; } if (isspace (*byte)) { key = 0; } if ((brace_ct == 1) && (key == 0)) { if (*byte == '\n') { fprintf(fptr, ""\\n""); } else if (*byte == '\r') { } else if (*byte == ';') { fprintf(fptr, ""\\;""); } else if (*byte == ',') { fprintf(fptr, ""\\,""); } else if (*byte == '\\') { fprintf(fptr, ""\\""); } else { fprintf(fptr, ""%c"", *byte); } } } fprintf(fptr, ""\n""); }",evolution,,,252350402511148650255426895363266655493,0 2365,CWE-125,"int ff_mms_asf_header_parser(MMSContext *mms) { uint8_t *p = mms->asf_header; uint8_t *end; int flags, stream_id; mms->stream_num = 0; if (mms->asf_header_size < sizeof(ff_asf_guid) * 2 + 22 || memcmp(p, ff_asf_header, sizeof(ff_asf_guid))) { av_log(NULL, AV_LOG_ERROR, ""Corrupt stream (invalid ASF header, size=%d)\n"", mms->asf_header_size); return AVERROR_INVALIDDATA; } end = mms->asf_header + mms->asf_header_size; p += sizeof(ff_asf_guid) + 14; while(end - p >= sizeof(ff_asf_guid) + 8) { uint64_t chunksize; if (!memcmp(p, ff_asf_data_header, sizeof(ff_asf_guid))) { chunksize = 50; } else { chunksize = AV_RL64(p + sizeof(ff_asf_guid)); } if (!chunksize || chunksize > end - p) { av_log(NULL, AV_LOG_ERROR, ""Corrupt stream (header chunksize %""PRId64"" is invalid)\n"", chunksize); return AVERROR_INVALIDDATA; } if (!memcmp(p, ff_asf_file_header, sizeof(ff_asf_guid))) { if (end - p > sizeof(ff_asf_guid) * 2 + 68) { mms->asf_packet_len = AV_RL32(p + sizeof(ff_asf_guid) * 2 + 64); if (mms->asf_packet_len <= 0 || mms->asf_packet_len > sizeof(mms->in_buffer)) { av_log(NULL, AV_LOG_ERROR, ""Corrupt stream (too large pkt_len %d)\n"", mms->asf_packet_len); return AVERROR_INVALIDDATA; } } } else if (!memcmp(p, ff_asf_stream_header, sizeof(ff_asf_guid))) { flags = AV_RL16(p + sizeof(ff_asf_guid)*3 + 24); stream_id = flags & 0x7F; if (mms->stream_num < MMS_MAX_STREAMS && 46 + mms->stream_num * 6 < sizeof(mms->out_buffer)) { mms->streams = av_fast_realloc(mms->streams, &mms->nb_streams_allocated, (mms->stream_num + 1) * sizeof(MMSStream)); if (!mms->streams) return AVERROR(ENOMEM); mms->streams[mms->stream_num].id = stream_id; mms->stream_num++; } else { av_log(NULL, AV_LOG_ERROR, ""Corrupt stream (too many A/V streams)\n""); return AVERROR_INVALIDDATA; } } else if (!memcmp(p, ff_asf_ext_stream_header, sizeof(ff_asf_guid))) { if (end - p >= 88) { int stream_count = AV_RL16(p + 84), ext_len_count = AV_RL16(p + 86); uint64_t skip_bytes = 88; while (stream_count--) { if (end - p < skip_bytes + 4) { av_log(NULL, AV_LOG_ERROR, ""Corrupt stream (next stream name length is not in the buffer)\n""); return AVERROR_INVALIDDATA; } skip_bytes += 4 + AV_RL16(p + skip_bytes + 2); } while (ext_len_count--) { if (end - p < skip_bytes + 22) { av_log(NULL, AV_LOG_ERROR, ""Corrupt stream (next extension system info length is not in the buffer)\n""); return AVERROR_INVALIDDATA; } skip_bytes += 22 + AV_RL32(p + skip_bytes + 18); } if (end - p < skip_bytes) { av_log(NULL, AV_LOG_ERROR, ""Corrupt stream (the last extension system info length is invalid)\n""); return AVERROR_INVALIDDATA; } if (chunksize - skip_bytes > 24) chunksize = skip_bytes; } } else if (!memcmp(p, ff_asf_head1_guid, sizeof(ff_asf_guid))) { chunksize = 46; } p += chunksize; } return 0; }",visit repo url,libavformat/mms.c,https://github.com/FFmpeg/FFmpeg,205368792713867,1 5917,['CWE-909'],"static struct qdisc_size_table *qdisc_get_stab(struct nlattr *opt) { struct nlattr *tb[TCA_STAB_MAX + 1]; struct qdisc_size_table *stab; struct tc_sizespec *s; unsigned int tsize = 0; u16 *tab = NULL; int err; err = nla_parse_nested(tb, TCA_STAB_MAX, opt, stab_policy); if (err < 0) return ERR_PTR(err); if (!tb[TCA_STAB_BASE]) return ERR_PTR(-EINVAL); s = nla_data(tb[TCA_STAB_BASE]); if (s->tsize > 0) { if (!tb[TCA_STAB_DATA]) return ERR_PTR(-EINVAL); tab = nla_data(tb[TCA_STAB_DATA]); tsize = nla_len(tb[TCA_STAB_DATA]) / sizeof(u16); } if (!s || tsize != s->tsize || (!tab && tsize > 0)) return ERR_PTR(-EINVAL); spin_lock(&qdisc_stab_lock); list_for_each_entry(stab, &qdisc_stab_list, list) { if (memcmp(&stab->szopts, s, sizeof(*s))) continue; if (tsize > 0 && memcmp(stab->data, tab, tsize * sizeof(u16))) continue; stab->refcnt++; spin_unlock(&qdisc_stab_lock); return stab; } spin_unlock(&qdisc_stab_lock); stab = kmalloc(sizeof(*stab) + tsize * sizeof(u16), GFP_KERNEL); if (!stab) return ERR_PTR(-ENOMEM); stab->refcnt = 1; stab->szopts = *s; if (tsize > 0) memcpy(stab->data, tab, tsize * sizeof(u16)); spin_lock(&qdisc_stab_lock); list_add_tail(&stab->list, &qdisc_stab_list); spin_unlock(&qdisc_stab_lock); return stab; }",linux-2.6,,,52347794211771519037767457655293375399,0 4693,['CWE-20'],"static inline void ext4_show_quota_options(struct seq_file *seq, struct super_block *sb) { #if defined(CONFIG_QUOTA) struct ext4_sb_info *sbi = EXT4_SB(sb); if (sbi->s_jquota_fmt) seq_printf(seq, "",jqfmt=%s"", (sbi->s_jquota_fmt == QFMT_VFS_OLD) ? ""vfsold"" : ""vfsv0""); if (sbi->s_qf_names[USRQUOTA]) seq_printf(seq, "",usrjquota=%s"", sbi->s_qf_names[USRQUOTA]); if (sbi->s_qf_names[GRPQUOTA]) seq_printf(seq, "",grpjquota=%s"", sbi->s_qf_names[GRPQUOTA]); if (sbi->s_mount_opt & EXT4_MOUNT_USRQUOTA) seq_puts(seq, "",usrquota""); if (sbi->s_mount_opt & EXT4_MOUNT_GRPQUOTA) seq_puts(seq, "",grpquota""); #endif }",linux-2.6,,,161388895372675171413855520794781308635,0 576,CWE-20,"static void br_multicast_del_pg(struct net_bridge *br, struct net_bridge_port_group *pg) { struct net_bridge_mdb_htable *mdb; struct net_bridge_mdb_entry *mp; struct net_bridge_port_group *p; struct net_bridge_port_group __rcu **pp; mdb = mlock_dereference(br->mdb, br); mp = br_mdb_ip_get(mdb, &pg->addr); if (WARN_ON(!mp)) return; for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL; pp = &p->next) { if (p != pg) continue; rcu_assign_pointer(*pp, p->next); hlist_del_init(&p->mglist); del_timer(&p->timer); call_rcu_bh(&p->rcu, br_multicast_free_pg); if (!mp->ports && !mp->mglist && netif_running(br->dev)) mod_timer(&mp->timer, jiffies); return; } WARN_ON(1); }",visit repo url,net/bridge/br_multicast.c,https://github.com/torvalds/linux,133738775264449,1 5727,['CWE-200'],"static int irda_find_lsap_sel(struct irda_sock *self, char *name) { IRDA_DEBUG(2, ""%s(%p, %s)\n"", __func__, self, name); if (self->iriap) { IRDA_WARNING(""%s(): busy with a previous query\n"", __func__); return -EBUSY; } self->iriap = iriap_open(LSAP_ANY, IAS_CLIENT, self, irda_getvalue_confirm); if(self->iriap == NULL) return -ENOMEM; self->errno = -EHOSTUNREACH; iriap_getvaluebyclass_request(self->iriap, self->saddr, self->daddr, name, ""IrDA:TinyTP:LsapSel""); if (wait_event_interruptible(self->query_wait, (self->iriap==NULL))) return -EHOSTUNREACH; if (self->errno) { if((self->errno == IAS_CLASS_UNKNOWN) || (self->errno == IAS_ATTRIB_UNKNOWN)) return (-EADDRNOTAVAIL); else return (-EHOSTUNREACH); } switch (self->ias_result->type) { case IAS_INTEGER: IRDA_DEBUG(4, ""%s() int=%d\n"", __func__, self->ias_result->t.integer); if (self->ias_result->t.integer != -1) self->dtsap_sel = self->ias_result->t.integer; else self->dtsap_sel = 0; break; default: self->dtsap_sel = 0; IRDA_DEBUG(0, ""%s(), bad type!\n"", __func__); break; } if (self->ias_result) irias_delete_value(self->ias_result); if (self->dtsap_sel) return 0; return -EADDRNOTAVAIL; }",linux-2.6,,,165698805698786493552979841809667640579,0 5858,CWE-787,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_nack( const void *buf, pj_size_t length, unsigned *nack_cnt, pjmedia_rtcp_fb_nack nack[]) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; pj_uint8_t *p; unsigned cnt, i; PJ_ASSERT_RETURN(buf && nack_cnt && nack, PJ_EINVAL); PJ_ASSERT_RETURN(length >= sizeof(pjmedia_rtcp_common), PJ_ETOOSMALL); if (hdr->pt != RTCP_RTPFB || hdr->count != 1) return PJ_ENOTFOUND; cnt = pj_ntohs((pj_uint16_t)hdr->length); if (cnt > 2) cnt -= 2; else cnt = 0; if (length < (cnt+3)*4) return PJ_ETOOSMALL; *nack_cnt = PJ_MIN(*nack_cnt, cnt); p = (pj_uint8_t*)hdr + sizeof(*hdr); for (i = 0; i < *nack_cnt; ++i) { pj_uint16_t val; pj_memcpy(&val, p, 2); nack[i].pid = pj_ntohs(val); pj_memcpy(&val, p+2, 2); nack[i].blp = pj_ntohs(val); p += 4; } return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,183847780778538,1 3708,CWE-401,"table_regex_match(const char *string, const char *pattern) { regex_t preg; int cflags = REG_EXTENDED|REG_NOSUB; if (strncmp(pattern, ""(?i)"", 4) == 0) { cflags |= REG_ICASE; pattern += 4; } if (regcomp(&preg, pattern, cflags) != 0) return (0); if (regexec(&preg, string, 0, NULL, 0) != 0) return (0); return (1); }",visit repo url,usr.sbin/smtpd/table.c,https://github.com/openbsd/src,170798372417063,1 5951,['CWE-909'],"qdisc_create(struct net_device *dev, struct netdev_queue *dev_queue, u32 parent, u32 handle, struct nlattr **tca, int *errp) { int err; struct nlattr *kind = tca[TCA_KIND]; struct Qdisc *sch; struct Qdisc_ops *ops; struct qdisc_size_table *stab; ops = qdisc_lookup_ops(kind); #ifdef CONFIG_MODULES if (ops == NULL && kind != NULL) { char name[IFNAMSIZ]; if (nla_strlcpy(name, kind, IFNAMSIZ) < IFNAMSIZ) { rtnl_unlock(); request_module(""sch_%s"", name); rtnl_lock(); ops = qdisc_lookup_ops(kind); if (ops != NULL) { module_put(ops->owner); err = -EAGAIN; goto err_out; } } } #endif err = -ENOENT; if (ops == NULL) goto err_out; sch = qdisc_alloc(dev_queue, ops); if (IS_ERR(sch)) { err = PTR_ERR(sch); goto err_out2; } sch->parent = parent; if (handle == TC_H_INGRESS) { sch->flags |= TCQ_F_INGRESS; handle = TC_H_MAKE(TC_H_INGRESS, 0); lockdep_set_class(qdisc_lock(sch), &qdisc_rx_lock); } else { if (handle == 0) { handle = qdisc_alloc_handle(dev); err = -ENOMEM; if (handle == 0) goto err_out3; } lockdep_set_class(qdisc_lock(sch), &qdisc_tx_lock); } sch->handle = handle; if (!ops->init || (err = ops->init(sch, tca[TCA_OPTIONS])) == 0) { if (tca[TCA_STAB]) { stab = qdisc_get_stab(tca[TCA_STAB]); if (IS_ERR(stab)) { err = PTR_ERR(stab); goto err_out3; } sch->stab = stab; } if (tca[TCA_RATE]) { spinlock_t *root_lock; if ((sch->parent != TC_H_ROOT) && !(sch->flags & TCQ_F_INGRESS)) root_lock = qdisc_root_sleeping_lock(sch); else root_lock = qdisc_lock(sch); err = gen_new_estimator(&sch->bstats, &sch->rate_est, root_lock, tca[TCA_RATE]); if (err) { if (ops->destroy) ops->destroy(sch); goto err_out3; } } qdisc_list_add(sch); return sch; } err_out3: qdisc_put_stab(sch->stab); dev_put(dev); kfree((char *) sch - sch->padded); err_out2: module_put(ops->owner); err_out: *errp = err; return NULL; }",linux-2.6,,,4653831559182087669433727016738697948,0 256,CWE-416,"static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct inet_sock *inet = inet_sk(sk); struct sockaddr_l2tpip *addr = (struct sockaddr_l2tpip *) uaddr; struct net *net = sock_net(sk); int ret; int chk_addr_ret; if (!sock_flag(sk, SOCK_ZAPPED)) return -EINVAL; if (addr_len < sizeof(struct sockaddr_l2tpip)) return -EINVAL; if (addr->l2tp_family != AF_INET) return -EINVAL; ret = -EADDRINUSE; read_lock_bh(&l2tp_ip_lock); if (__l2tp_ip_bind_lookup(net, addr->l2tp_addr.s_addr, sk->sk_bound_dev_if, addr->l2tp_conn_id)) goto out_in_use; read_unlock_bh(&l2tp_ip_lock); lock_sock(sk); if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_l2tpip)) goto out; chk_addr_ret = inet_addr_type(net, addr->l2tp_addr.s_addr); ret = -EADDRNOTAVAIL; if (addr->l2tp_addr.s_addr && chk_addr_ret != RTN_LOCAL && chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST) goto out; if (addr->l2tp_addr.s_addr) inet->inet_rcv_saddr = inet->inet_saddr = addr->l2tp_addr.s_addr; if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST) inet->inet_saddr = 0; sk_dst_reset(sk); l2tp_ip_sk(sk)->conn_id = addr->l2tp_conn_id; write_lock_bh(&l2tp_ip_lock); sk_add_bind_node(sk, &l2tp_ip_bind_table); sk_del_node_init(sk); write_unlock_bh(&l2tp_ip_lock); ret = 0; sock_reset_flag(sk, SOCK_ZAPPED); out: release_sock(sk); return ret; out_in_use: read_unlock_bh(&l2tp_ip_lock); return ret; }",visit repo url,net/l2tp/l2tp_ip.c,https://github.com/torvalds/linux,96348929524646,1 2295,['CWE-120'],"int __page_symlink(struct inode *inode, const char *symname, int len, gfp_t gfp_mask) { struct address_space *mapping = inode->i_mapping; struct page *page; void *fsdata; int err; char *kaddr; retry: err = pagecache_write_begin(NULL, mapping, 0, len-1, AOP_FLAG_UNINTERRUPTIBLE, &page, &fsdata); if (err) goto fail; kaddr = kmap_atomic(page, KM_USER0); memcpy(kaddr, symname, len-1); kunmap_atomic(kaddr, KM_USER0); err = pagecache_write_end(NULL, mapping, 0, len-1, len-1, page, fsdata); if (err < 0) goto fail; if (err < len-1) goto retry; mark_inode_dirty(inode); return 0; fail: return err; }",linux-2.6,,,27605407354040079597170847723455626054,0 2101,CWE-125,"static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, struct bpf_insn *insn, struct bpf_reg_state *dst_reg, struct bpf_reg_state src_reg) { struct bpf_reg_state *regs = cur_regs(env); u8 opcode = BPF_OP(insn->code); bool src_known, dst_known; s64 smin_val, smax_val; u64 umin_val, umax_val; u64 insn_bitness = (BPF_CLASS(insn->code) == BPF_ALU64) ? 64 : 32; smin_val = src_reg.smin_value; smax_val = src_reg.smax_value; umin_val = src_reg.umin_value; umax_val = src_reg.umax_value; src_known = tnum_is_const(src_reg.var_off); dst_known = tnum_is_const(dst_reg->var_off); if ((src_known && (smin_val != smax_val || umin_val != umax_val)) || smin_val > smax_val || umin_val > umax_val) { __mark_reg_unknown(dst_reg); return 0; } if (!src_known && opcode != BPF_ADD && opcode != BPF_SUB && opcode != BPF_AND) { __mark_reg_unknown(dst_reg); return 0; } switch (opcode) { case BPF_ADD: if (signed_add_overflows(dst_reg->smin_value, smin_val) || signed_add_overflows(dst_reg->smax_value, smax_val)) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value += smin_val; dst_reg->smax_value += smax_val; } if (dst_reg->umin_value + umin_val < umin_val || dst_reg->umax_value + umax_val < umax_val) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value += umin_val; dst_reg->umax_value += umax_val; } dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off); break; case BPF_SUB: if (signed_sub_overflows(dst_reg->smin_value, smax_val) || signed_sub_overflows(dst_reg->smax_value, smin_val)) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value -= smax_val; dst_reg->smax_value -= smin_val; } if (dst_reg->umin_value < umax_val) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value -= umax_val; dst_reg->umax_value -= umin_val; } dst_reg->var_off = tnum_sub(dst_reg->var_off, src_reg.var_off); break; case BPF_MUL: dst_reg->var_off = tnum_mul(dst_reg->var_off, src_reg.var_off); if (smin_val < 0 || dst_reg->smin_value < 0) { __mark_reg_unbounded(dst_reg); __update_reg_bounds(dst_reg); break; } if (umax_val > U32_MAX || dst_reg->umax_value > U32_MAX) { __mark_reg_unbounded(dst_reg); __update_reg_bounds(dst_reg); break; } dst_reg->umin_value *= umin_val; dst_reg->umax_value *= umax_val; if (dst_reg->umax_value > S64_MAX) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } break; case BPF_AND: if (src_known && dst_known) { __mark_reg_known(dst_reg, dst_reg->var_off.value & src_reg.var_off.value); break; } dst_reg->var_off = tnum_and(dst_reg->var_off, src_reg.var_off); dst_reg->umin_value = dst_reg->var_off.value; dst_reg->umax_value = min(dst_reg->umax_value, umax_val); if (dst_reg->smin_value < 0 || smin_val < 0) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } __update_reg_bounds(dst_reg); break; case BPF_OR: if (src_known && dst_known) { __mark_reg_known(dst_reg, dst_reg->var_off.value | src_reg.var_off.value); break; } dst_reg->var_off = tnum_or(dst_reg->var_off, src_reg.var_off); dst_reg->umin_value = max(dst_reg->umin_value, umin_val); dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask; if (dst_reg->smin_value < 0 || smin_val < 0) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } __update_reg_bounds(dst_reg); break; case BPF_LSH: if (umax_val >= insn_bitness) { mark_reg_unknown(env, regs, insn->dst_reg); break; } dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; if (dst_reg->umax_value > 1ULL << (63 - umax_val)) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value <<= umin_val; dst_reg->umax_value <<= umax_val; } dst_reg->var_off = tnum_lshift(dst_reg->var_off, umin_val); __update_reg_bounds(dst_reg); break; case BPF_RSH: if (umax_val >= insn_bitness) { mark_reg_unknown(env, regs, insn->dst_reg); break; } dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; dst_reg->var_off = tnum_rshift(dst_reg->var_off, umin_val); dst_reg->umin_value >>= umax_val; dst_reg->umax_value >>= umin_val; __update_reg_bounds(dst_reg); break; case BPF_ARSH: if (umax_val >= insn_bitness) { mark_reg_unknown(env, regs, insn->dst_reg); break; } dst_reg->smin_value >>= umin_val; dst_reg->smax_value >>= umin_val; dst_reg->var_off = tnum_arshift(dst_reg->var_off, umin_val); dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; __update_reg_bounds(dst_reg); break; default: mark_reg_unknown(env, regs, insn->dst_reg); break; } if (BPF_CLASS(insn->code) != BPF_ALU64) { coerce_reg_to_size(dst_reg, 4); coerce_reg_to_size(&src_reg, 4); } __reg_deduce_bounds(dst_reg); __reg_bound_offset(dst_reg); return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,194657497392034,1 3292,['CWE-189'],"static int jpc_dec_process_ppm(jpc_dec_t *dec, jpc_ms_t *ms) { jpc_ppm_t *ppm = &ms->parms.ppm; jpc_ppxstabent_t *ppmstabent; if (!dec->ppmstab) { if (!(dec->ppmstab = jpc_ppxstab_create())) { return -1; } } if (!(ppmstabent = jpc_ppxstabent_create())) { return -1; } ppmstabent->ind = ppm->ind; ppmstabent->data = ppm->data; ppm->data = 0; ppmstabent->len = ppm->len; if (jpc_ppxstab_insert(dec->ppmstab, ppmstabent)) { return -1; } return 0; }",jasper,,,278723784230943253256248428752940692916,0 1508,[],"static void dequeue_task(struct rq *rq, struct task_struct *p, int sleep) { p->sched_class->dequeue_task(rq, p, sleep); p->se.on_rq = 0; }",linux-2.6,,,75598776548768466858082910384674806337,0 5686,['CWE-476'],"int udp_rcv(struct sk_buff *skb) { struct sock *sk; struct udphdr *uh; unsigned short ulen; struct rtable *rt = (struct rtable*)skb->dst; __be32 saddr = skb->nh.iph->saddr; __be32 daddr = skb->nh.iph->daddr; int len = skb->len; if (!pskb_may_pull(skb, sizeof(struct udphdr))) goto no_header; uh = skb->h.uh; ulen = ntohs(uh->len); if (ulen > len || ulen < sizeof(*uh)) goto short_packet; if (pskb_trim_rcsum(skb, ulen)) goto short_packet; udp_checksum_init(skb, uh, ulen, saddr, daddr); if(rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST)) return udp_v4_mcast_deliver(skb, uh, saddr, daddr); sk = udp_v4_lookup(saddr, uh->source, daddr, uh->dest, skb->dev->ifindex); if (sk != NULL) { int ret = udp_queue_rcv_skb(sk, skb); sock_put(sk); if (ret > 0) return -ret; return 0; } if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) goto drop; nf_reset(skb); if (udp_checksum_complete(skb)) goto csum_error; UDP_INC_STATS_BH(UDP_MIB_NOPORTS); icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); kfree_skb(skb); return(0); short_packet: LIMIT_NETDEBUG(KERN_DEBUG ""UDP: short packet: From %u.%u.%u.%u:%u %d/%d to %u.%u.%u.%u:%u\n"", NIPQUAD(saddr), ntohs(uh->source), ulen, len, NIPQUAD(daddr), ntohs(uh->dest)); no_header: UDP_INC_STATS_BH(UDP_MIB_INERRORS); kfree_skb(skb); return(0); csum_error: LIMIT_NETDEBUG(KERN_DEBUG ""UDP: bad checksum. From %d.%d.%d.%d:%d to %d.%d.%d.%d:%d ulen %d\n"", NIPQUAD(saddr), ntohs(uh->source), NIPQUAD(daddr), ntohs(uh->dest), ulen); drop: UDP_INC_STATS_BH(UDP_MIB_INERRORS); kfree_skb(skb); return(0); }",linux-2.6,,,206029825509355014461673760759538647901,0 4956,['CWE-20'],"struct dentry *nfs_get_root(struct super_block *sb, struct nfs_fh *mntfh) { struct nfs_server *server = NFS_SB(sb); struct nfs_fsinfo fsinfo; struct nfs_fattr fattr; struct dentry *mntroot; struct inode *inode; int error; if (!sb->s_root) { struct nfs_fh dummyfh; struct dentry *root; struct inode *iroot; memset(&dummyfh, 0, sizeof(dummyfh)); memset(&fattr, 0, sizeof(fattr)); nfs_fattr_init(&fattr); fattr.valid = NFS_ATTR_FATTR; fattr.type = NFDIR; fattr.mode = S_IFDIR | S_IRUSR | S_IWUSR; fattr.nlink = 2; iroot = nfs_fhget(sb, &dummyfh, &fattr); if (IS_ERR(iroot)) return ERR_PTR(PTR_ERR(iroot)); root = d_alloc_root(iroot); if (!root) { iput(iroot); return ERR_PTR(-ENOMEM); } sb->s_root = root; } fsinfo.fattr = &fattr; error = server->nfs_client->rpc_ops->getroot(server, mntfh, &fsinfo); if (error < 0) { dprintk(""nfs_get_root: getattr error = %d\n"", -error); return ERR_PTR(error); } inode = nfs_fhget(sb, mntfh, fsinfo.fattr); if (IS_ERR(inode)) { dprintk(""nfs_get_root: get root inode failed\n""); return ERR_PTR(PTR_ERR(inode)); } mntroot = d_alloc_anon(inode); if (!mntroot) { iput(inode); dprintk(""nfs_get_root: get root dentry failed\n""); return ERR_PTR(-ENOMEM); } security_d_instantiate(mntroot, inode); if (!mntroot->d_op) mntroot->d_op = server->nfs_client->rpc_ops->dentry_ops; return mntroot; }",linux-2.6,,,284468359150456933604020539632557912502,0 2917,['CWE-189'],"int jas_stream_flush(jas_stream_t *stream) { if (stream->bufmode_ & JAS_STREAM_RDBUF) { return 0; } return jas_stream_flushbuf(stream, EOF); }",jasper,,,18682758760611042591339661652512493163,0 5584,CWE-125,"ast_for_comprehension(struct compiling *c, const node *n) { int i, n_fors; asdl_seq *comps; n_fors = count_comp_fors(c, n); if (n_fors == -1) return NULL; comps = _Ta3_asdl_seq_new(n_fors, c->c_arena); if (!comps) return NULL; for (i = 0; i < n_fors; i++) { comprehension_ty comp; asdl_seq *t; expr_ty expression, first; node *for_ch; int is_async = 0; REQ(n, comp_for); if (TYPE(CHILD(n, 0)) == ASYNC) { is_async = 1; } if (is_async && c->c_feature_version < 6) { ast_error(c, n, ""Async comprehensions are only supported in Python 3.6 and greater""); return NULL; } for_ch = CHILD(n, 1 + is_async); t = ast_for_exprlist(c, for_ch, Store); if (!t) return NULL; expression = ast_for_expr(c, CHILD(n, 3 + is_async)); if (!expression) return NULL; first = (expr_ty)asdl_seq_GET(t, 0); if (NCH(for_ch) == 1) comp = comprehension(first, expression, NULL, is_async, c->c_arena); else comp = comprehension(Tuple(t, Store, first->lineno, first->col_offset, c->c_arena), expression, NULL, is_async, c->c_arena); if (!comp) return NULL; if (NCH(n) == (5 + is_async)) { int j, n_ifs; asdl_seq *ifs; n = CHILD(n, 4 + is_async); n_ifs = count_comp_ifs(c, n); if (n_ifs == -1) return NULL; ifs = _Ta3_asdl_seq_new(n_ifs, c->c_arena); if (!ifs) return NULL; for (j = 0; j < n_ifs; j++) { REQ(n, comp_iter); n = CHILD(n, 0); REQ(n, comp_if); expression = ast_for_expr(c, CHILD(n, 1)); if (!expression) return NULL; asdl_seq_SET(ifs, j, expression); if (NCH(n) == 3) n = CHILD(n, 2); } if (TYPE(n) == comp_iter) n = CHILD(n, 0); comp->ifs = ifs; } asdl_seq_SET(comps, i, comp); } return comps; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,123542613167036,1 2757,['CWE-189'],"static struct sctp_auth_bytes *sctp_auth_asoc_create_secret( const struct sctp_association *asoc, struct sctp_shared_key *ep_key, gfp_t gfp) { struct sctp_auth_bytes *local_key_vector; struct sctp_auth_bytes *peer_key_vector; struct sctp_auth_bytes *first_vector, *last_vector; struct sctp_auth_bytes *secret = NULL; int cmp; local_key_vector = sctp_auth_make_local_vector(asoc, gfp); peer_key_vector = sctp_auth_make_peer_vector(asoc, gfp); if (!peer_key_vector || !local_key_vector) goto out; cmp = sctp_auth_compare_vectors(local_key_vector, peer_key_vector); if (cmp < 0) { first_vector = local_key_vector; last_vector = peer_key_vector; } else { first_vector = peer_key_vector; last_vector = local_key_vector; } secret = sctp_auth_asoc_set_secret(ep_key, first_vector, last_vector, gfp); out: kfree(local_key_vector); kfree(peer_key_vector); return secret; }",linux-2.6,,,140130552287384654581869479414189091731,0 2885,CWE-787,"DECLAREreadFunc(readContigTilesIntoBuffer) { int status = 1; tsize_t tilesize = TIFFTileSize(in); tdata_t tilebuf; uint32 imagew = TIFFScanlineSize(in); uint32 tilew = TIFFTileRowSize(in); int iskew = imagew - tilew; uint8* bufp = (uint8*) buf; uint32 tw, tl; uint32 row; (void) spp; tilebuf = _TIFFmalloc(tilesize); if (tilebuf == 0) return 0; _TIFFmemset(tilebuf, 0, tilesize); (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); for (row = 0; row < imagelength; row += tl) { uint32 nrow = (row+tl > imagelength) ? imagelength-row : tl; uint32 colb = 0; uint32 col; for (col = 0; col < imagewidth; col += tw) { if (TIFFReadTile(in, tilebuf, col, row, 0, 0) < 0 && !ignore) { TIFFError(TIFFFileName(in), ""Error, can't read tile at %lu %lu"", (unsigned long) col, (unsigned long) row); status = 0; goto done; } if (colb + tilew > imagew) { uint32 width = imagew - colb; uint32 oskew = tilew - width; cpStripToTile(bufp + colb, tilebuf, nrow, width, oskew + iskew, oskew ); } else cpStripToTile(bufp + colb, tilebuf, nrow, tilew, iskew, 0); colb += tilew; } bufp += imagew * nrow; } done: _TIFFfree(tilebuf); return status; }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,104304349065370,1 1972,['CWE-20'],"static inline void unmap_mapping_range_tree(struct prio_tree_root *root, struct zap_details *details) { struct vm_area_struct *vma; struct prio_tree_iter iter; pgoff_t vba, vea, zba, zea; restart: vma_prio_tree_foreach(vma, &iter, root, details->first_index, details->last_index) { if (vma->vm_truncate_count == details->truncate_count) continue; vba = vma->vm_pgoff; vea = vba + ((vma->vm_end - vma->vm_start) >> PAGE_SHIFT) - 1; zba = details->first_index; if (zba < vba) zba = vba; zea = details->last_index; if (zea > vea) zea = vea; if (unmap_mapping_range_vma(vma, ((zba - vba) << PAGE_SHIFT) + vma->vm_start, ((zea - vba + 1) << PAGE_SHIFT) + vma->vm_start, details) < 0) goto restart; } }",linux-2.6,,,312755265661216217961154404061915626992,0 1727,CWE-19,"exit_ext2_xattr(void) { }",visit repo url,fs/ext2/xattr.h,https://github.com/torvalds/linux,248029954453579,1 1253,[],"m4_sinclude (struct obstack *obs, int argc, token_data **argv) { include (argc, argv, true); }",m4,,,3573179064320760134640000807898947299,0 3475,CWE-295,"get_one_option(int optid, const struct my_option *opt, char *argument) { my_bool add_option= TRUE; switch (optid) { case '?': printf(""%s Ver %s Distrib %s, for %s (%s)\n"", my_progname, VER, MYSQL_SERVER_VERSION, SYSTEM_TYPE, MACHINE_TYPE); puts(ORACLE_WELCOME_COPYRIGHT_NOTICE(""2000"")); puts(""MySQL utility for upgrading databases to new MySQL versions.\n""); my_print_help(my_long_options); exit(0); break; case '#': DBUG_PUSH(argument ? argument : default_dbug_option); add_option= FALSE; debug_check_flag= 1; break; case 'p': if (argument == disabled_my_option) argument= (char*) """"; tty_password= 1; add_option= FALSE; if (argument) { add_one_option(&ds_args, opt, argument); while (*argument) *argument++= 'x'; tty_password= 0; } break; case 't': my_stpnmov(opt_tmpdir, argument, sizeof(opt_tmpdir)); add_option= FALSE; break; case 'k': case 'v': case 'f': case 's': case OPT_WRITE_BINLOG: add_option= FALSE; break; case 'h': case 'W': case 'P': case 'S': case OPT_MYSQL_PROTOCOL: case OPT_SHARED_MEMORY_BASE_NAME: case OPT_PLUGIN_DIR: case OPT_DEFAULT_AUTH: add_one_option(&conn_args, opt, argument); break; } if (add_option) { add_one_option(&ds_args, opt, argument); } return 0; }",visit repo url,client/mysql_upgrade.c,https://github.com/mysql/mysql-server,79134272153987,1 4092,['CWE-399'],"static int sg_io(struct request_queue *q, struct gendisk *bd_disk, struct sg_io_hdr *hdr, fmode_t mode) { unsigned long start_time; int writing = 0, ret = 0; struct request *rq; char sense[SCSI_SENSE_BUFFERSIZE]; struct bio *bio; if (hdr->interface_id != 'S') return -EINVAL; if (hdr->cmd_len > BLK_MAX_CDB) return -EINVAL; if (hdr->dxfer_len > (q->max_hw_sectors << 9)) return -EIO; if (hdr->dxfer_len) switch (hdr->dxfer_direction) { default: return -EINVAL; case SG_DXFER_TO_DEV: writing = 1; break; case SG_DXFER_TO_FROM_DEV: case SG_DXFER_FROM_DEV: break; } rq = blk_get_request(q, writing ? WRITE : READ, GFP_KERNEL); if (!rq) return -ENOMEM; if (blk_fill_sghdr_rq(q, rq, hdr, mode)) { blk_put_request(rq); return -EFAULT; } if (hdr->iovec_count) { const int size = sizeof(struct sg_iovec) * hdr->iovec_count; struct sg_iovec *iov; iov = kmalloc(size, GFP_KERNEL); if (!iov) { ret = -ENOMEM; goto out; } if (copy_from_user(iov, hdr->dxferp, size)) { kfree(iov); ret = -EFAULT; goto out; } ret = blk_rq_map_user_iov(q, rq, NULL, iov, hdr->iovec_count, hdr->dxfer_len, GFP_KERNEL); kfree(iov); } else if (hdr->dxfer_len) ret = blk_rq_map_user(q, rq, NULL, hdr->dxferp, hdr->dxfer_len, GFP_KERNEL); if (ret) goto out; bio = rq->bio; memset(sense, 0, sizeof(sense)); rq->sense = sense; rq->sense_len = 0; rq->retries = 0; start_time = jiffies; blk_execute_rq(q, bd_disk, rq, 0); hdr->duration = jiffies_to_msecs(jiffies - start_time); return blk_complete_sghdr_rq(rq, hdr, bio); out: blk_put_request(rq); return ret; }",linux-2.6,,,165417341805832375196217270697954997179,0 4965,CWE-787,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 3700,[],"static void unix_net_exit(struct net *net) { unix_sysctl_unregister(net); proc_net_remove(net, ""unix""); }",linux-2.6,,,11945962567648884105166166695557943484,0 5070,['CWE-20'],"static void enter_rmode(struct kvm_vcpu *vcpu) { unsigned long flags; struct vcpu_vmx *vmx = to_vmx(vcpu); vmx->emulation_required = 1; vcpu->arch.rmode.active = 1; vcpu->arch.rmode.tr.base = vmcs_readl(GUEST_TR_BASE); vmcs_writel(GUEST_TR_BASE, rmode_tss_base(vcpu->kvm)); vcpu->arch.rmode.tr.limit = vmcs_read32(GUEST_TR_LIMIT); vmcs_write32(GUEST_TR_LIMIT, RMODE_TSS_SIZE - 1); vcpu->arch.rmode.tr.ar = vmcs_read32(GUEST_TR_AR_BYTES); vmcs_write32(GUEST_TR_AR_BYTES, 0x008b); flags = vmcs_readl(GUEST_RFLAGS); vcpu->arch.rmode.save_iopl = (flags & X86_EFLAGS_IOPL) >> IOPL_SHIFT; flags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM; vmcs_writel(GUEST_RFLAGS, flags); vmcs_writel(GUEST_CR4, vmcs_readl(GUEST_CR4) | X86_CR4_VME); update_exception_bitmap(vcpu); if (emulate_invalid_guest_state) goto continue_rmode; vmcs_write16(GUEST_SS_SELECTOR, vmcs_readl(GUEST_SS_BASE) >> 4); vmcs_write32(GUEST_SS_LIMIT, 0xffff); vmcs_write32(GUEST_SS_AR_BYTES, 0xf3); vmcs_write32(GUEST_CS_AR_BYTES, 0xf3); vmcs_write32(GUEST_CS_LIMIT, 0xffff); if (vmcs_readl(GUEST_CS_BASE) == 0xffff0000) vmcs_writel(GUEST_CS_BASE, 0xf0000); vmcs_write16(GUEST_CS_SELECTOR, vmcs_readl(GUEST_CS_BASE) >> 4); fix_rmode_seg(VCPU_SREG_ES, &vcpu->arch.rmode.es); fix_rmode_seg(VCPU_SREG_DS, &vcpu->arch.rmode.ds); fix_rmode_seg(VCPU_SREG_GS, &vcpu->arch.rmode.gs); fix_rmode_seg(VCPU_SREG_FS, &vcpu->arch.rmode.fs); continue_rmode: kvm_mmu_reset_context(vcpu); init_rmode(vcpu->kvm); }",linux-2.6,,,144044049157174031680671112295430007715,0 5169,CWE-119,"void edge_sparse_csr_reader_double( const char* i_csr_file_in, unsigned int** o_row_idx, unsigned int** o_column_idx, double** o_values, unsigned int* o_row_count, unsigned int* o_column_count, unsigned int* o_element_count ) { FILE *l_csr_file_handle; const unsigned int l_line_length = 512; char l_line[512 +1]; unsigned int l_header_read = 0; unsigned int* l_row_idx_id = NULL; unsigned int l_i = 0; l_csr_file_handle = fopen( i_csr_file_in, ""r"" ); if ( l_csr_file_handle == NULL ) { fprintf( stderr, ""cannot open CSR file!\n"" ); return; } while (fgets(l_line, l_line_length, l_csr_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { fprintf( stderr, ""could not read file length!\n"" ); return; } if ( l_line[0] == '%' ) { continue; } else { if ( l_header_read == 0 ) { if ( sscanf(l_line, ""%u %u %u"", o_row_count, o_column_count, o_element_count) == 3 ) { *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count + 1)); *o_values = (double*) malloc(sizeof(double) * (*o_element_count)); l_row_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count)); if ( ( *o_row_idx == NULL ) || ( *o_column_idx == NULL ) || ( *o_values == NULL ) || ( l_row_idx_id == NULL ) ) { fprintf( stderr, ""could not allocate sp data!\n"" ); return; } memset(*o_row_idx, 0, sizeof(unsigned int)*(*o_row_count + 1)); memset(*o_column_idx, 0, sizeof(unsigned int)*(*o_element_count)); memset(*o_values, 0, sizeof(double)*(*o_element_count)); memset(l_row_idx_id, 0, sizeof(unsigned int)*(*o_row_count)); for ( l_i = 0; l_i < (*o_row_count + 1); l_i++) (*o_row_idx)[l_i] = (*o_element_count); (*o_row_idx)[0] = 0; l_i = 0; l_header_read = 1; } else { fprintf( stderr, ""could not csr description!\n"" ); return; } } else { unsigned int l_row, l_column; double l_value; if ( sscanf(l_line, ""%u %u %lf"", &l_row, &l_column, &l_value) != 3 ) { fprintf( stderr, ""could not read element!\n"" ); return; } l_row--; l_column--; (*o_column_idx)[l_i] = l_column; (*o_values)[l_i] = l_value; l_i++; l_row_idx_id[l_row] = 1; (*o_row_idx)[l_row+1] = l_i; } } } fclose( l_csr_file_handle ); if ( l_i != (*o_element_count) ) { fprintf( stderr, ""we were not able to read all elements!\n"" ); return; } for ( l_i = 0; l_i < (*o_row_count); l_i++) { if ( l_row_idx_id[l_i] == 0 ) { (*o_row_idx)[l_i+1] = (*o_row_idx)[l_i]; } } if ( l_row_idx_id != NULL ) { free( l_row_idx_id ); } }",visit repo url,samples/edge/edge_proxy_common.c,https://github.com/hfp/libxsmm,216612051797088,1 4853,['CWE-189'],"void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat) { crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; set_extent_mask_and_shift(crypt_stat); crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES; if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) crypt_stat->num_header_bytes_at_front = 0; else { if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) crypt_stat->num_header_bytes_at_front = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE; else crypt_stat->num_header_bytes_at_front = PAGE_CACHE_SIZE; } }",linux-2.6,,,98452490623481419142077551996807154212,0 607,CWE-119,"int qeth_snmp_command(struct qeth_card *card, char __user *udata) { struct qeth_cmd_buffer *iob; struct qeth_ipa_cmd *cmd; struct qeth_snmp_ureq *ureq; int req_len; struct qeth_arp_query_info qinfo = {0, }; int rc = 0; QETH_CARD_TEXT(card, 3, ""snmpcmd""); if (card->info.guestlan) return -EOPNOTSUPP; if ((!qeth_adp_supported(card, IPA_SETADP_SET_SNMP_CONTROL)) && (!card->options.layer2)) { return -EOPNOTSUPP; } if (copy_from_user(&req_len, udata + sizeof(int), sizeof(int))) return -EFAULT; ureq = memdup_user(udata, req_len + sizeof(struct qeth_snmp_ureq_hdr)); if (IS_ERR(ureq)) { QETH_CARD_TEXT(card, 2, ""snmpnome""); return PTR_ERR(ureq); } qinfo.udata_len = ureq->hdr.data_len; qinfo.udata = kzalloc(qinfo.udata_len, GFP_KERNEL); if (!qinfo.udata) { kfree(ureq); return -ENOMEM; } qinfo.udata_offset = sizeof(struct qeth_snmp_ureq_hdr); iob = qeth_get_adapter_cmd(card, IPA_SETADP_SET_SNMP_CONTROL, QETH_SNMP_SETADP_CMDLENGTH + req_len); cmd = (struct qeth_ipa_cmd *)(iob->data+IPA_PDU_HEADER_SIZE); memcpy(&cmd->data.setadapterparms.data.snmp, &ureq->cmd, req_len); rc = qeth_send_ipa_snmp_cmd(card, iob, QETH_SETADP_BASE_LEN + req_len, qeth_snmp_command_cb, (void *)&qinfo); if (rc) QETH_DBF_MESSAGE(2, ""SNMP command failed on %s: (0x%x)\n"", QETH_CARD_IFNAME(card), rc); else { if (copy_to_user(udata, qinfo.udata, qinfo.udata_len)) rc = -EFAULT; } kfree(ureq); kfree(qinfo.udata); return rc; }",visit repo url,drivers/s390/net/qeth_core_main.c,https://github.com/torvalds/linux,60454648222053,1 1894,['CWE-20'],"int vmtruncate_range(struct inode *inode, loff_t offset, loff_t end) { struct address_space *mapping = inode->i_mapping; if (!inode->i_op || !inode->i_op->truncate_range) return -ENOSYS; mutex_lock(&inode->i_mutex); down_write(&inode->i_alloc_sem); unmap_mapping_range(mapping, offset, (end - offset), 1); truncate_inode_pages_range(mapping, offset, end); unmap_mapping_range(mapping, offset, (end - offset), 1); inode->i_op->truncate_range(inode, offset, end); up_write(&inode->i_alloc_sem); mutex_unlock(&inode->i_mutex); return 0; }",linux-2.6,,,333790529470960507718404479010694675486,0 4523,['CWE-20'],"ext4_next_entry(struct ext4_dir_entry_2 *p) { return (struct ext4_dir_entry_2 *)((char *)p + ext4_rec_len_from_disk(p->rec_len)); }",linux-2.6,,,126479709045219555257494170335710262404,0 1876,['CWE-189'],"_gnutls_send_finished (gnutls_session_t session, int again) { uint8_t data[36]; int ret; int data_size = 0; if (again == 0) { if ((ret = _gnutls_handshake_hash_pending (session)) < 0) { gnutls_assert (); return ret; } if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) { ret = _gnutls_ssl3_finished (session, session->security_parameters.entity, data); data_size = 36; } else { ret = _gnutls_finished (session, session->security_parameters.entity, data); data_size = 12; } if (ret < 0) { gnutls_assert (); return ret; } } ret = _gnutls_send_handshake (session, data, data_size, GNUTLS_HANDSHAKE_FINISHED); return ret; }",gnutls,,,196205208099979208449530746096495939712,0 636,[],"int dccp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len) { const struct dccp_sock *dp = dccp_sk(sk); const int flags = msg->msg_flags; const int noblock = flags & MSG_DONTWAIT; struct sk_buff *skb; int rc, size; long timeo; if (len > dp->dccps_mss_cache) return -EMSGSIZE; lock_sock(sk); if (sysctl_dccp_tx_qlen && (sk->sk_write_queue.qlen >= sysctl_dccp_tx_qlen)) { rc = -EAGAIN; goto out_release; } timeo = sock_sndtimeo(sk, noblock); if ((1 << sk->sk_state) & ~(DCCPF_OPEN | DCCPF_PARTOPEN | DCCPF_CLOSING)) if ((rc = sk_stream_wait_connect(sk, &timeo)) != 0) goto out_release; size = sk->sk_prot->max_header + len; release_sock(sk); skb = sock_alloc_send_skb(sk, size, noblock, &rc); lock_sock(sk); if (skb == NULL) goto out_release; skb_reserve(skb, sk->sk_prot->max_header); rc = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len); if (rc != 0) goto out_discard; skb_queue_tail(&sk->sk_write_queue, skb); dccp_write_xmit(sk,0); out_release: release_sock(sk); return rc ? : len; out_discard: kfree_skb(skb); goto out_release; }",linux-2.6,,,8449961324690290367174953191579492710,0 6051,['CWE-200'],"int addrconf_sysctl_forward(ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) { int *valp = ctl->data; int val = *valp; int ret; ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); if (write && valp != &ipv6_devconf_dflt.forwarding) { if (valp != &ipv6_devconf.forwarding) { if ((!*valp) ^ (!val)) { struct inet6_dev *idev = (struct inet6_dev *)ctl->extra1; if (idev == NULL) return ret; dev_forward_change(idev); } } else { ipv6_devconf_dflt.forwarding = ipv6_devconf.forwarding; addrconf_forward_change(); } if (*valp) rt6_purge_dflt_routers(); } return ret; }",linux-2.6,,,270911004288802298870751789253123134268,0 5019,CWE-125,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 4100,['CWE-399'],"static inline void bsg_set_block(struct bsg_device *bd, struct file *file) { if (file->f_flags & O_NONBLOCK) clear_bit(BSG_F_BLOCK, &bd->flags); else set_bit(BSG_F_BLOCK, &bd->flags); }",linux-2.6,,,338085698628115370467825784074629035393,0 6459,CWE-125,"jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr) { jp2_box_t *box; int found; jas_image_t *image; jp2_dec_t *dec; bool samedtype; int dtype; unsigned int i; jp2_cmap_t *cmapd; jp2_pclr_t *pclrd; jp2_cdef_t *cdefd; unsigned int channo; int newcmptno; int_fast32_t *lutents; #if 0 jp2_cdefchan_t *cdefent; int cmptno; #endif jp2_cmapent_t *cmapent; jas_icchdr_t icchdr; jas_iccprof_t *iccprof; dec = 0; box = 0; image = 0; JAS_DBGLOG(100, (""jp2_decode(%p, \""%s\"")\n"", in, optstr)); if (!(dec = jp2_dec_create())) { goto error; } if (!(box = jp2_box_get(in))) { jas_eprintf(""error: cannot get box\n""); goto error; } if (box->type != JP2_BOX_JP) { jas_eprintf(""error: expecting signature box\n""); goto error; } if (box->data.jp.magic != JP2_JP_MAGIC) { jas_eprintf(""incorrect magic number\n""); goto error; } jp2_box_destroy(box); box = 0; if (!(box = jp2_box_get(in))) { goto error; } if (box->type != JP2_BOX_FTYP) { jas_eprintf(""expecting file type box\n""); goto error; } jp2_box_destroy(box); box = 0; found = 0; while ((box = jp2_box_get(in))) { if (jas_getdbglevel() >= 1) { jas_eprintf(""got box type %s\n"", box->info->name); } switch (box->type) { case JP2_BOX_JP2C: found = 1; break; case JP2_BOX_IHDR: if (!dec->ihdr) { dec->ihdr = box; box = 0; } break; case JP2_BOX_BPCC: if (!dec->bpcc) { dec->bpcc = box; box = 0; } break; case JP2_BOX_CDEF: if (!dec->cdef) { dec->cdef = box; box = 0; } break; case JP2_BOX_PCLR: if (!dec->pclr) { dec->pclr = box; box = 0; } break; case JP2_BOX_CMAP: if (!dec->cmap) { dec->cmap = box; box = 0; } break; case JP2_BOX_COLR: if (!dec->colr) { dec->colr = box; box = 0; } break; } if (box) { jp2_box_destroy(box); box = 0; } if (found) { break; } } if (!found) { jas_eprintf(""error: no code stream found\n""); goto error; } if (!(dec->image = jpc_decode(in, optstr))) { jas_eprintf(""error: cannot decode code stream\n""); goto error; } if (!dec->ihdr) { jas_eprintf(""error: missing IHDR box\n""); goto error; } if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } samedtype = true; dtype = jas_image_cmptdtype(dec->image, 0); for (i = 1; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != dtype) { samedtype = false; break; } } if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) || (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) { jas_eprintf(""warning: component data type mismatch (IHDR)\n""); } if (dec->ihdr->data.ihdr.comptype != JP2_IHDR_COMPTYPE) { jas_eprintf(""error: unsupported compression type\n""); goto error; } if (dec->bpcc) { if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts( dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!samedtype) { for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) { jas_eprintf(""warning: component data type mismatch (BPCC)\n""); } } } else { jas_eprintf(""warning: superfluous BPCC box\n""); } } if (!dec->colr) { jas_eprintf(""error: no COLR box\n""); goto error; } switch (dec->colr->data.colr.method) { case JP2_COLR_ENUM: jas_image_setclrspc(dec->image, jp2_getcs(&dec->colr->data.colr)); break; case JP2_COLR_ICC: iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, dec->colr->data.colr.iccplen); if (!iccprof) { jas_eprintf(""error: failed to parse ICC profile\n""); goto error; } jas_iccprof_gethdr(iccprof, &icchdr); jas_eprintf(""ICC Profile CS %08x\n"", icchdr.colorspc); jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof); if (!dec->image->cmprof_) { jas_iccprof_destroy(iccprof); goto error; } jas_iccprof_destroy(iccprof); break; } if (dec->cmap && !dec->pclr) { jas_eprintf(""warning: missing PCLR box or superfluous CMAP box\n""); jp2_box_destroy(dec->cmap); dec->cmap = 0; } if (!dec->cmap && dec->pclr) { jas_eprintf(""warning: missing CMAP box or superfluous PCLR box\n""); jp2_box_destroy(dec->pclr); dec->pclr = 0; } dec->numchans = dec->cmap ? dec->cmap->data.cmap.numchans : JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); if (dec->cmap) { for (i = 0; i < dec->numchans; ++i) { if (dec->cmap->data.cmap.ents[i].cmptno >= JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""error: invalid component number in CMAP box\n""); goto error; } if (dec->cmap->data.cmap.ents[i].pcol >= dec->pclr->data.pclr.numchans) { jas_eprintf(""error: invalid CMAP LUT index\n""); goto error; } } } if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) { jas_eprintf(""error: no memory\n""); goto error; } if (!dec->cmap) { for (i = 0; i < dec->numchans; ++i) { dec->chantocmptlut[i] = i; } } else { cmapd = &dec->cmap->data.cmap; pclrd = &dec->pclr->data.pclr; cdefd = &dec->cdef->data.cdef; for (channo = 0; channo < cmapd->numchans; ++channo) { cmapent = &cmapd->ents[channo]; if (cmapent->map == JP2_CMAP_DIRECT) { dec->chantocmptlut[channo] = channo; } else if (cmapent->map == JP2_CMAP_PALETTE) { if (!pclrd->numlutents) { goto error; } lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); if (!lutents) { goto error; } for (i = 0; i < pclrd->numlutents; ++i) { lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; } newcmptno = jas_image_numcmpts(dec->image); jas_image_depalettize(dec->image, cmapent->cmptno, pclrd->numlutents, lutents, JP2_BPCTODTYPE(pclrd->bpc[cmapent->pcol]), newcmptno); dec->chantocmptlut[channo] = newcmptno; jas_free(lutents); #if 0 if (dec->cdef) { cdefent = jp2_cdef_lookup(cdefd, channo); if (!cdefent) { abort(); } jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), cdefent->type, cdefent->assoc)); } else { jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1)); } #else (void)cdefd; #endif } else { jas_eprintf(""error: invalid MTYP in CMAP box\n""); goto error; } } } if (dec->numchans != jas_image_numcmpts(dec->image)) { jas_eprintf(""error: mismatch in number of components (%d != %d)\n"", dec->numchans, jas_image_numcmpts(dec->image)); goto error; } for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) { jas_image_setcmpttype(dec->image, i, JAS_IMAGE_CT_UNKNOWN); } if (dec->cdef) { for (i = 0; i < dec->cdef->data.cdef.numchans; ++i) { if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { jas_eprintf(""error: invalid channel number in CDEF box\n""); goto error; } jas_image_setcmpttype(dec->image, dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], jp2_getct(jas_image_clrspc(dec->image), dec->cdef->data.cdef.ents[i].type, dec->cdef->data.cdef.ents[i].assoc)); } } else { for (i = 0; i < dec->numchans; ++i) { jas_image_setcmpttype(dec->image, dec->chantocmptlut[i], jp2_getct(jas_image_clrspc(dec->image), 0, i + 1)); } } for (i = jas_image_numcmpts(dec->image); i > 0; --i) { if (jas_image_cmpttype(dec->image, i - 1) == JAS_IMAGE_CT_UNKNOWN) { jas_image_delcmpt(dec->image, i - 1); } } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } #if 0 jas_eprintf(""no of components is %d\n"", jas_image_numcmpts(dec->image)); #endif image = dec->image; dec->image = 0; jp2_dec_destroy(dec); return image; error: if (box) { jp2_box_destroy(box); } if (dec) { jp2_dec_destroy(dec); } return 0; }",visit repo url,src/libjasper/jp2/jp2_dec.c,https://github.com/jasper-software/jasper,249263487627066,1 4010,CWE-119,"chunk_grow(chunk_t *chunk, size_t sz) { off_t offset; size_t memlen_orig = chunk->memlen; tor_assert(sz > chunk->memlen); offset = chunk->data - chunk->mem; chunk = tor_realloc(chunk, CHUNK_ALLOC_SIZE(sz)); chunk->memlen = sz; chunk->data = chunk->mem + offset; #ifdef DEBUG_CHUNK_ALLOC tor_assert(chunk->DBG_alloc == CHUNK_ALLOC_SIZE(memlen_orig)); chunk->DBG_alloc = CHUNK_ALLOC_SIZE(sz); #endif total_bytes_allocated_in_chunks += CHUNK_ALLOC_SIZE(sz) - CHUNK_ALLOC_SIZE(memlen_orig); return chunk; }",visit repo url,src/or/buffers.c,https://github.com/torproject/tor,63014976631087,1 828,CWE-20,"int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { struct sock *sk = sock->sk; struct rds_sock *rs = rds_sk_to_rs(sk); long timeo; int ret = 0, nonblock = msg_flags & MSG_DONTWAIT; struct sockaddr_in *sin; struct rds_incoming *inc = NULL; timeo = sock_rcvtimeo(sk, nonblock); rdsdebug(""size %zu flags 0x%x timeo %ld\n"", size, msg_flags, timeo); msg->msg_namelen = 0; if (msg_flags & MSG_OOB) goto out; while (1) { if (!list_empty(&rs->rs_notify_queue)) { ret = rds_notify_queue_get(rs, msg); break; } if (rs->rs_cong_notify) { ret = rds_notify_cong(rs, msg); break; } if (!rds_next_incoming(rs, &inc)) { if (nonblock) { ret = -EAGAIN; break; } timeo = wait_event_interruptible_timeout(*sk_sleep(sk), (!list_empty(&rs->rs_notify_queue) || rs->rs_cong_notify || rds_next_incoming(rs, &inc)), timeo); rdsdebug(""recvmsg woke inc %p timeo %ld\n"", inc, timeo); if (timeo > 0 || timeo == MAX_SCHEDULE_TIMEOUT) continue; ret = timeo; if (ret == 0) ret = -ETIMEDOUT; break; } rdsdebug(""copying inc %p from %pI4:%u to user\n"", inc, &inc->i_conn->c_faddr, ntohs(inc->i_hdr.h_sport)); ret = inc->i_conn->c_trans->inc_copy_to_user(inc, msg->msg_iov, size); if (ret < 0) break; if (!rds_still_queued(rs, inc, !(msg_flags & MSG_PEEK))) { rds_inc_put(inc); inc = NULL; rds_stats_inc(s_recv_deliver_raced); continue; } if (ret < be32_to_cpu(inc->i_hdr.h_len)) { if (msg_flags & MSG_TRUNC) ret = be32_to_cpu(inc->i_hdr.h_len); msg->msg_flags |= MSG_TRUNC; } if (rds_cmsg_recv(inc, msg)) { ret = -EFAULT; goto out; } rds_stats_inc(s_recv_delivered); sin = (struct sockaddr_in *)msg->msg_name; if (sin) { sin->sin_family = AF_INET; sin->sin_port = inc->i_hdr.h_sport; sin->sin_addr.s_addr = inc->i_saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); msg->msg_namelen = sizeof(*sin); } break; } if (inc) rds_inc_put(inc); out: return ret; }",visit repo url,net/rds/recv.c,https://github.com/torvalds/linux,53010977236851,1 5220,CWE-276,"try_resolve_op_from_metadata (FlatpakTransaction *self, FlatpakTransactionOperation *op, const char *checksum, GFile *sideload_path, FlatpakRemoteState *state) { g_autoptr(GBytes) metadata_bytes = NULL; guint64 download_size = 0; guint64 installed_size = 0; const char *metadata = NULL; VarMetadataRef sparse_cache; VarRefInfoRef info; g_autofree char *summary_checksum = NULL; if ((state->summary == NULL && state->index == NULL) || !flatpak_remote_state_lookup_ref (state, flatpak_decomposed_get_ref (op->ref), &summary_checksum, NULL, NULL, NULL, NULL) || strcmp (summary_checksum, checksum) != 0) return FALSE; if (!flatpak_remote_state_lookup_cache (state, flatpak_decomposed_get_ref (op->ref), &download_size, &installed_size, &metadata, NULL)) return FALSE; metadata_bytes = g_bytes_new (metadata, strlen (metadata)); if (flatpak_remote_state_lookup_ref (state, flatpak_decomposed_get_ref (op->ref), NULL, NULL, &info, NULL, NULL)) op->summary_metadata = var_metadata_dup_to_gvariant (var_ref_info_get_metadata (info)); op->installed_size = installed_size; op->download_size = download_size; op->token_type = state->default_token_type; if (flatpak_remote_state_lookup_sparse_cache (state, flatpak_decomposed_get_ref (op->ref), &sparse_cache, NULL)) { op->eol = g_strdup (var_metadata_lookup_string (sparse_cache, FLATPAK_SPARSE_CACHE_KEY_ENDOFLINE, NULL)); op->eol_rebase = g_strdup (var_metadata_lookup_string (sparse_cache, FLATPAK_SPARSE_CACHE_KEY_ENDOFLINE_REBASE, NULL)); op->token_type = GINT32_FROM_LE (var_metadata_lookup_int32 (sparse_cache, FLATPAK_SPARSE_CACHE_KEY_TOKEN_TYPE, op->token_type)); } resolve_op_end (self, op, checksum, sideload_path, metadata_bytes); return TRUE; }",visit repo url,common/flatpak-transaction.c,https://github.com/flatpak/flatpak,26365752791331,1 4354,NVD-CWE-Other,"int mg_http_parse(const char *s, size_t len, struct mg_http_message *hm) { int is_response, req_len = mg_http_get_request_len((unsigned char *) s, len); const char *end = s == NULL ? NULL : s + req_len, *qs; struct mg_str *cl; memset(hm, 0, sizeof(*hm)); if (req_len <= 0) return req_len; hm->message.ptr = hm->head.ptr = s; hm->body.ptr = end; hm->head.len = (size_t) req_len; hm->chunk.ptr = end; hm->message.len = hm->body.len = (size_t) ~0; s = skip(s, end, "" "", &hm->method); s = skip(s, end, "" "", &hm->uri); s = skip(s, end, ""\r\n"", &hm->proto); if (hm->method.len == 0 || hm->uri.len == 0) return -1; if ((qs = (const char *) memchr(hm->uri.ptr, '?', hm->uri.len)) != NULL) { hm->query.ptr = qs + 1; hm->query.len = (size_t) (&hm->uri.ptr[hm->uri.len] - (qs + 1)); hm->uri.len = (size_t) (qs - hm->uri.ptr); } mg_http_parse_headers(s, end, hm->headers, sizeof(hm->headers) / sizeof(hm->headers[0])); if ((cl = mg_http_get_header(hm, ""Content-Length"")) != NULL) { hm->body.len = (size_t) mg_to64(*cl); hm->message.len = (size_t) req_len + hm->body.len; } is_response = mg_ncasecmp(hm->method.ptr, ""HTTP/"", 5) == 0; if (hm->body.len == (size_t) ~0 && !is_response && mg_vcasecmp(&hm->method, ""PUT"") != 0 && mg_vcasecmp(&hm->method, ""POST"") != 0) { hm->body.len = 0; hm->message.len = (size_t) req_len; } if (hm->body.len == (size_t) ~0 && is_response && mg_vcasecmp(&hm->uri, ""204"") == 0) { hm->body.len = 0; hm->message.len = (size_t) req_len; } return req_len; }",visit repo url,src/http.c,https://github.com/cesanta/mongoose,175646241963357,1 5202,CWE-74,"handle_spawn (PortalFlatpak *object, GDBusMethodInvocation *invocation, GUnixFDList *fd_list, const gchar *arg_cwd_path, const gchar *const *arg_argv, GVariant *arg_fds, GVariant *arg_envs, guint arg_flags, GVariant *arg_options) { g_autoptr(GError) error = NULL; ChildSetupData child_setup_data = { NULL }; GPid pid; PidData *pid_data; InstanceIdReadData *instance_id_read_data = NULL; gsize i, j, n_fds, n_envs; const gint *fds = NULL; gint fds_len = 0; g_autofree FdMapEntry *fd_map = NULL; gchar **env; gint32 max_fd; GKeyFile *app_info; g_autoptr(GPtrArray) flatpak_argv = g_ptr_array_new_with_free_func (g_free); g_autofree char *app_id = NULL; g_autofree char *branch = NULL; g_autofree char *arch = NULL; g_autofree char *app_commit = NULL; g_autofree char *runtime_ref = NULL; g_auto(GStrv) runtime_parts = NULL; g_autofree char *runtime_commit = NULL; g_autofree char *instance_path = NULL; g_auto(GStrv) extra_args = NULL; g_auto(GStrv) shares = NULL; g_auto(GStrv) sockets = NULL; g_auto(GStrv) devices = NULL; g_auto(GStrv) sandbox_expose = NULL; g_auto(GStrv) sandbox_expose_ro = NULL; g_autoptr(GVariant) sandbox_expose_fd = NULL; g_autoptr(GVariant) sandbox_expose_fd_ro = NULL; g_autoptr(GOutputStream) instance_id_out_stream = NULL; guint sandbox_flags = 0; gboolean sandboxed; gboolean expose_pids; gboolean share_pids; gboolean notify_start; gboolean devel; child_setup_data.instance_id_fd = -1; if (fd_list != NULL) fds = g_unix_fd_list_peek_fds (fd_list, &fds_len); app_info = g_object_get_data (G_OBJECT (invocation), ""app-info""); g_assert (app_info != NULL); app_id = g_key_file_get_string (app_info, FLATPAK_METADATA_GROUP_APPLICATION, FLATPAK_METADATA_KEY_NAME, NULL); g_assert (app_id != NULL); g_debug (""spawn() called from app: '%s'"", app_id); if (*app_id == 0) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""org.freedesktop.portal.Flatpak.Spawn only works in a flatpak""); return G_DBUS_METHOD_INVOCATION_HANDLED; } if (*arg_cwd_path == 0) arg_cwd_path = NULL; if (arg_argv == NULL || *arg_argv == NULL) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""No command given""); return G_DBUS_METHOD_INVOCATION_HANDLED; } if ((arg_flags & ~FLATPAK_SPAWN_FLAGS_ALL) != 0) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""Unsupported flags enabled: 0x%x"", arg_flags & ~FLATPAK_SPAWN_FLAGS_ALL); return G_DBUS_METHOD_INVOCATION_HANDLED; } runtime_ref = g_key_file_get_string (app_info, FLATPAK_METADATA_GROUP_APPLICATION, FLATPAK_METADATA_KEY_RUNTIME, NULL); if (runtime_ref == NULL) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""No runtime found""); return G_DBUS_METHOD_INVOCATION_HANDLED; } runtime_parts = g_strsplit (runtime_ref, ""/"", -1); branch = g_key_file_get_string (app_info, FLATPAK_METADATA_GROUP_INSTANCE, FLATPAK_METADATA_KEY_BRANCH, NULL); instance_path = g_key_file_get_string (app_info, FLATPAK_METADATA_GROUP_INSTANCE, FLATPAK_METADATA_KEY_INSTANCE_PATH, NULL); arch = g_key_file_get_string (app_info, FLATPAK_METADATA_GROUP_INSTANCE, FLATPAK_METADATA_KEY_ARCH, NULL); extra_args = g_key_file_get_string_list (app_info, FLATPAK_METADATA_GROUP_INSTANCE, FLATPAK_METADATA_KEY_EXTRA_ARGS, NULL, NULL); app_commit = g_key_file_get_string (app_info, FLATPAK_METADATA_GROUP_INSTANCE, FLATPAK_METADATA_KEY_APP_COMMIT, NULL); runtime_commit = g_key_file_get_string (app_info, FLATPAK_METADATA_GROUP_INSTANCE, FLATPAK_METADATA_KEY_RUNTIME_COMMIT, NULL); shares = g_key_file_get_string_list (app_info, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_SHARED, NULL, NULL); sockets = g_key_file_get_string_list (app_info, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_SOCKETS, NULL, NULL); devices = g_key_file_get_string_list (app_info, FLATPAK_METADATA_GROUP_CONTEXT, FLATPAK_METADATA_KEY_DEVICES, NULL, NULL); devel = g_key_file_get_boolean (app_info, FLATPAK_METADATA_GROUP_INSTANCE, FLATPAK_METADATA_KEY_DEVEL, NULL); g_variant_lookup (arg_options, ""sandbox-expose"", ""^as"", &sandbox_expose); g_variant_lookup (arg_options, ""sandbox-expose-ro"", ""^as"", &sandbox_expose_ro); g_variant_lookup (arg_options, ""sandbox-flags"", ""u"", &sandbox_flags); sandbox_expose_fd = g_variant_lookup_value (arg_options, ""sandbox-expose-fd"", G_VARIANT_TYPE (""ah"")); sandbox_expose_fd_ro = g_variant_lookup_value (arg_options, ""sandbox-expose-fd-ro"", G_VARIANT_TYPE (""ah"")); if ((sandbox_flags & ~FLATPAK_SPAWN_SANDBOX_FLAGS_ALL) != 0) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""Unsupported sandbox flags enabled: 0x%x"", arg_flags & ~FLATPAK_SPAWN_SANDBOX_FLAGS_ALL); return G_DBUS_METHOD_INVOCATION_HANDLED; } if (instance_path == NULL && ((sandbox_expose != NULL && sandbox_expose[0] != NULL) || (sandbox_expose_ro != NULL && sandbox_expose_ro[0] != NULL))) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""Invalid sandbox expose, caller has no instance path""); return G_DBUS_METHOD_INVOCATION_HANDLED; } for (i = 0; sandbox_expose != NULL && sandbox_expose[i] != NULL; i++) { const char *expose = sandbox_expose[i]; g_debug (""exposing %s"", expose); if (!is_valid_expose (expose, &error)) { g_dbus_method_invocation_return_gerror (invocation, error); return G_DBUS_METHOD_INVOCATION_HANDLED; } } for (i = 0; sandbox_expose_ro != NULL && sandbox_expose_ro[i] != NULL; i++) { const char *expose = sandbox_expose_ro[i]; g_debug (""exposing %s"", expose); if (!is_valid_expose (expose, &error)) { g_dbus_method_invocation_return_gerror (invocation, error); return G_DBUS_METHOD_INVOCATION_HANDLED; } } g_debug (""Running spawn command %s"", arg_argv[0]); n_fds = 0; if (fds != NULL) n_fds = g_variant_n_children (arg_fds); fd_map = g_new0 (FdMapEntry, n_fds); child_setup_data.fd_map = fd_map; child_setup_data.fd_map_len = n_fds; max_fd = -1; for (i = 0; i < n_fds; i++) { gint32 handle, dest_fd; int handle_fd; g_variant_get_child (arg_fds, i, ""{uh}"", &dest_fd, &handle); if (handle >= fds_len || handle < 0) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""No file descriptor for handle %d"", handle); return G_DBUS_METHOD_INVOCATION_HANDLED; } handle_fd = fds[handle]; fd_map[i].to = dest_fd; fd_map[i].from = handle_fd; fd_map[i].final = fd_map[i].to; if ((dest_fd == 0 || dest_fd == 1 || dest_fd == 2) && !child_setup_data.set_tty && isatty (handle_fd)) { child_setup_data.set_tty = TRUE; child_setup_data.tty = handle_fd; } max_fd = MAX (max_fd, fd_map[i].to); max_fd = MAX (max_fd, fd_map[i].from); } for (i = 0; i < n_fds; i++) { int to_fd = fd_map[i].to; gboolean conflict = FALSE; for (j = i + 1; j < n_fds; j++) { int from_fd = fd_map[j].from; if (from_fd == to_fd) { conflict = TRUE; break; } } if (conflict) fd_map[i].to = ++max_fd; } if (arg_flags & FLATPAK_SPAWN_FLAGS_CLEAR_ENV) { char *empty[] = { NULL }; env = g_strdupv (empty); } else env = g_get_environ (); n_envs = g_variant_n_children (arg_envs); for (i = 0; i < n_envs; i++) { const char *var = NULL; const char *val = NULL; g_variant_get_child (arg_envs, i, ""{&s&s}"", &var, &val); env = g_environ_setenv (env, var, val, TRUE); } g_ptr_array_add (flatpak_argv, g_strdup (""flatpak"")); g_ptr_array_add (flatpak_argv, g_strdup (""run"")); sandboxed = (arg_flags & FLATPAK_SPAWN_FLAGS_SANDBOX) != 0; if (sandboxed) { g_ptr_array_add (flatpak_argv, g_strdup (""--sandbox"")); if (sandbox_flags & FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_DISPLAY) { if (sockets != NULL && g_strv_contains ((const char * const *) sockets, ""wayland"")) g_ptr_array_add (flatpak_argv, g_strdup (""--socket=wayland"")); if (sockets != NULL && g_strv_contains ((const char * const *) sockets, ""fallback-x11"")) g_ptr_array_add (flatpak_argv, g_strdup (""--socket=fallback-x11"")); if (sockets != NULL && g_strv_contains ((const char * const *) sockets, ""x11"")) g_ptr_array_add (flatpak_argv, g_strdup (""--socket=x11"")); if (shares != NULL && g_strv_contains ((const char * const *) shares, ""ipc"") && sockets != NULL && (g_strv_contains ((const char * const *) sockets, ""fallback-x11"") || g_strv_contains ((const char * const *) sockets, ""x11""))) g_ptr_array_add (flatpak_argv, g_strdup (""--share=ipc"")); } if (sandbox_flags & FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_SOUND) { if (sockets != NULL && g_strv_contains ((const char * const *) sockets, ""pulseaudio"")) g_ptr_array_add (flatpak_argv, g_strdup (""--socket=pulseaudio"")); } if (sandbox_flags & FLATPAK_SPAWN_SANDBOX_FLAGS_SHARE_GPU) { if (devices != NULL && (g_strv_contains ((const char * const *) devices, ""dri"") || g_strv_contains ((const char * const *) devices, ""all""))) g_ptr_array_add (flatpak_argv, g_strdup (""--device=dri"")); } if (sandbox_flags & FLATPAK_SPAWN_SANDBOX_FLAGS_ALLOW_DBUS) g_ptr_array_add (flatpak_argv, g_strdup (""--session-bus"")); if (sandbox_flags & FLATPAK_SPAWN_SANDBOX_FLAGS_ALLOW_A11Y) g_ptr_array_add (flatpak_argv, g_strdup (""--a11y-bus"")); } else { for (i = 0; extra_args != NULL && extra_args[i] != NULL; i++) g_ptr_array_add (flatpak_argv, g_strdup (extra_args[i])); } expose_pids = (arg_flags & FLATPAK_SPAWN_FLAGS_EXPOSE_PIDS) != 0; share_pids = (arg_flags & FLATPAK_SPAWN_FLAGS_SHARE_PIDS) != 0; if (expose_pids || share_pids) { g_autofree char *instance_id = NULL; int sender_pid1 = 0; if (!(supports & FLATPAK_SPAWN_SUPPORT_FLAGS_EXPOSE_PIDS)) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_NOT_SUPPORTED, ""Expose pids not supported with setuid bwrap""); return G_DBUS_METHOD_INVOCATION_HANDLED; } instance_id = g_key_file_get_string (app_info, FLATPAK_METADATA_GROUP_INSTANCE, FLATPAK_METADATA_KEY_INSTANCE_ID, NULL); if (instance_id) { g_autoptr(FlatpakInstance) instance = flatpak_instance_new_for_id (instance_id); sender_pid1 = flatpak_instance_get_child_pid (instance); } if (sender_pid1 == 0) { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""Could not find requesting pid""); return G_DBUS_METHOD_INVOCATION_HANDLED; } g_ptr_array_add (flatpak_argv, g_strdup_printf (""--parent-pid=%d"", sender_pid1)); if (share_pids) g_ptr_array_add (flatpak_argv, g_strdup (""--parent-share-pids"")); else g_ptr_array_add (flatpak_argv, g_strdup (""--parent-expose-pids"")); } notify_start = (arg_flags & FLATPAK_SPAWN_FLAGS_NOTIFY_START) != 0; if (notify_start) { int pipe_fds[2]; if (pipe (pipe_fds) == -1) { int errsv = errno; g_dbus_method_invocation_return_error (invocation, G_IO_ERROR, g_io_error_from_errno (errsv), ""Failed to create instance ID pipe: %s"", g_strerror (errsv)); return G_DBUS_METHOD_INVOCATION_HANDLED; } GInputStream *in_stream = G_INPUT_STREAM (g_unix_input_stream_new (pipe_fds[0], TRUE)); instance_id_out_stream = G_OUTPUT_STREAM (g_unix_output_stream_new (pipe_fds[1], TRUE)); instance_id_read_data = g_new0 (InstanceIdReadData, 1); g_input_stream_read_async (in_stream, instance_id_read_data->buffer, INSTANCE_ID_BUFFER_SIZE - 1, G_PRIORITY_DEFAULT, NULL, instance_id_read_finish, instance_id_read_data); g_ptr_array_add (flatpak_argv, g_strdup_printf (""--instance-id-fd=%d"", pipe_fds[1])); child_setup_data.instance_id_fd = pipe_fds[1]; } if (devel) g_ptr_array_add (flatpak_argv, g_strdup (""--devel"")); if (shares != NULL && g_strv_contains ((const char * const *) shares, ""network"") && !(arg_flags & FLATPAK_SPAWN_FLAGS_NO_NETWORK)) g_ptr_array_add (flatpak_argv, g_strdup (""--share=network"")); else g_ptr_array_add (flatpak_argv, g_strdup (""--unshare=network"")); if (instance_path) { for (i = 0; sandbox_expose != NULL && sandbox_expose[i] != NULL; i++) g_ptr_array_add (flatpak_argv, filesystem_sandbox_arg (instance_path, sandbox_expose[i], FALSE)); for (i = 0; sandbox_expose_ro != NULL && sandbox_expose_ro[i] != NULL; i++) g_ptr_array_add (flatpak_argv, filesystem_sandbox_arg (instance_path, sandbox_expose_ro[i], TRUE)); } for (i = 0; sandbox_expose_ro != NULL && sandbox_expose_ro[i] != NULL; i++) { const char *expose = sandbox_expose_ro[i]; g_debug (""exposing %s"", expose); } if (sandbox_expose_fd != NULL) { gsize len = g_variant_n_children (sandbox_expose_fd); for (i = 0; i < len; i++) { gint32 handle; g_variant_get_child (sandbox_expose_fd, i, ""h"", &handle); if (handle >= 0 && handle < fds_len) { int handle_fd = fds[handle]; g_autofree char *path = NULL; gboolean writable = FALSE; path = get_path_for_fd (handle_fd, &writable, &error); if (path) { g_ptr_array_add (flatpak_argv, filesystem_arg (path, !writable)); } else { g_debug (""unable to get path for sandbox-exposed fd %d, ignoring: %s"", handle_fd, error->message); g_clear_error (&error); } } else { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""No file descriptor for handle %d"", handle); return G_DBUS_METHOD_INVOCATION_HANDLED; } } } if (sandbox_expose_fd_ro != NULL) { gsize len = g_variant_n_children (sandbox_expose_fd_ro); for (i = 0; i < len; i++) { gint32 handle; g_variant_get_child (sandbox_expose_fd_ro, i, ""h"", &handle); if (handle >= 0 && handle < fds_len) { int handle_fd = fds[handle]; g_autofree char *path = NULL; gboolean writable = FALSE; path = get_path_for_fd (handle_fd, &writable, &error); if (path) { g_ptr_array_add (flatpak_argv, filesystem_arg (path, TRUE)); } else { g_debug (""unable to get path for sandbox-exposed fd %d, ignoring: %s"", handle_fd, error->message); g_clear_error (&error); } } else { g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ""No file descriptor for handle %d"", handle); return G_DBUS_METHOD_INVOCATION_HANDLED; } } } g_ptr_array_add (flatpak_argv, g_strdup_printf (""--runtime=%s"", runtime_parts[1])); g_ptr_array_add (flatpak_argv, g_strdup_printf (""--runtime-version=%s"", runtime_parts[3])); if ((arg_flags & FLATPAK_SPAWN_FLAGS_LATEST_VERSION) == 0) { if (app_commit) g_ptr_array_add (flatpak_argv, g_strdup_printf (""--commit=%s"", app_commit)); if (runtime_commit) g_ptr_array_add (flatpak_argv, g_strdup_printf (""--runtime-commit=%s"", runtime_commit)); } if (arg_cwd_path != NULL) g_ptr_array_add (flatpak_argv, g_strdup_printf (""--cwd=%s"", arg_cwd_path)); if (arg_argv[0][0] != 0) g_ptr_array_add (flatpak_argv, g_strdup_printf (""--command=%s"", arg_argv[0])); g_ptr_array_add (flatpak_argv, g_strdup_printf (""%s/%s/%s"", app_id, arch ? arch : """", branch ? branch : """")); for (i = 1; arg_argv[i] != NULL; i++) g_ptr_array_add (flatpak_argv, g_strdup (arg_argv[i])); g_ptr_array_add (flatpak_argv, NULL); if (opt_verbose) { g_autoptr(GString) cmd = g_string_new (""""); for (i = 0; flatpak_argv->pdata[i] != NULL; i++) { if (i > 0) g_string_append (cmd, "" ""); g_string_append (cmd, flatpak_argv->pdata[i]); } g_debug (""Starting: %s\n"", cmd->str); } if (!g_spawn_async_with_pipes (NULL, (char **) flatpak_argv->pdata, env, G_SPAWN_SEARCH_PATH | G_SPAWN_DO_NOT_REAP_CHILD | G_SPAWN_LEAVE_DESCRIPTORS_OPEN, child_setup_func, &child_setup_data, &pid, NULL, NULL, NULL, &error)) { gint code = G_DBUS_ERROR_FAILED; if (g_error_matches (error, G_SPAWN_ERROR, G_SPAWN_ERROR_ACCES)) code = G_DBUS_ERROR_ACCESS_DENIED; else if (g_error_matches (error, G_SPAWN_ERROR, G_SPAWN_ERROR_NOENT)) code = G_DBUS_ERROR_FILE_NOT_FOUND; g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, code, ""Failed to start command: %s"", error->message); return G_DBUS_METHOD_INVOCATION_HANDLED; } if (instance_id_read_data) instance_id_read_data->pid = pid; pid_data = g_new0 (PidData, 1); pid_data->pid = pid; pid_data->client = g_strdup (g_dbus_method_invocation_get_sender (invocation)); pid_data->watch_bus = (arg_flags & FLATPAK_SPAWN_FLAGS_WATCH_BUS) != 0; pid_data->expose_or_share_pids = (expose_pids || share_pids); pid_data->child_watch = g_child_watch_add_full (G_PRIORITY_DEFAULT, pid, child_watch_died, pid_data, NULL); g_debug (""Client Pid is %d"", pid_data->pid); g_hash_table_replace (client_pid_data_hash, GUINT_TO_POINTER (pid_data->pid), pid_data); portal_flatpak_complete_spawn (object, invocation, NULL, pid); return G_DBUS_METHOD_INVOCATION_HANDLED; }",visit repo url,portal/flatpak-portal.c,https://github.com/flatpak/flatpak,98227246800408,1 6476,CWE-362,"static void _handle_ack(gnrc_netif_hdr_t *netif_hdr, gnrc_pktsnip_t *pkt, unsigned page) { gnrc_sixlowpan_frag_vrb_t *vrbe; sixlowpan_sfr_ack_t *hdr = pkt->data; uint32_t recv_time = xtimer_now_usec(); (void)page; DEBUG(""6lo sfr: received ACK for datagram (%s, %02x): %02X%02X%02X%02X\n"", gnrc_netif_addr_to_str(gnrc_netif_hdr_get_src_addr(netif_hdr), netif_hdr->src_l2addr_len, addr_str), hdr->base.tag, hdr->bitmap[0], hdr->bitmap[1], hdr->bitmap[2], hdr->bitmap[3]); if ((vrbe = gnrc_sixlowpan_frag_vrb_reverse( gnrc_netif_hdr_get_netif(netif_hdr), gnrc_netif_hdr_get_src_addr(netif_hdr), netif_hdr->src_l2addr_len, hdr->base.tag)) != NULL) { sixlowpan_sfr_t mock_base = { .disp_ecn = hdr->base.disp_ecn, .tag = vrbe->super.tag }; DEBUG(""6lo sfr: forward ACK to (%s, %02x)\n"", gnrc_netif_addr_to_str(vrbe->super.src, vrbe->super.src_len, addr_str), vrbe->super.tag); _send_ack(vrbe->in_netif, vrbe->super.src, vrbe->super.src_len, &mock_base, hdr->bitmap); if (IS_USED(MODULE_GNRC_SIXLOWPAN_FRAG_SFR_STATS)) { _stats.acks.forwarded++; } if ((unaligned_get_u32(hdr->bitmap) == _full_bitmap.u32) || (unaligned_get_u32(hdr->bitmap) == _null_bitmap.u32)) { if (CONFIG_GNRC_SIXLOWPAN_FRAG_RBUF_DEL_TIMER > 0) { vrbe->super.arrival = recv_time - (CONFIG_GNRC_SIXLOWPAN_FRAG_VRB_TIMEOUT_US - CONFIG_GNRC_SIXLOWPAN_FRAG_RBUF_DEL_TIMER); } else { gnrc_sixlowpan_frag_vrb_rm(vrbe); } } else { vrbe->super.arrival = recv_time; } } else { gnrc_sixlowpan_frag_fb_t *fbuf; if ((fbuf = gnrc_sixlowpan_frag_fb_get_by_tag(hdr->base.tag)) != NULL) { DEBUG(""6lo sfr: cancelling ARQ timeout\n""); evtimer_del((evtimer_t *)(&_arq_timer), &fbuf->sfr.arq_timeout_event.event); fbuf->sfr.arq_timeout_event.msg.content.ptr = NULL; if ((unaligned_get_u32(hdr->bitmap) == _null_bitmap.u32)) { DEBUG(""6lo sfr: fragmentation canceled\n""); _retry_datagram(fbuf); } else { _check_failed_frags(hdr, fbuf, recv_time / US_PER_MS); } } else { DEBUG(""6lo sfr: no VRB or fragmentation buffer found\n""); } } gnrc_pktbuf_release(pkt); }",visit repo url,sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c,https://github.com/RIOT-OS/RIOT,93470701722843,1 1641,[],"static inline int rt_policy(int policy) { if (unlikely(policy == SCHED_FIFO) || unlikely(policy == SCHED_RR)) return 1; return 0; }",linux-2.6,,,313765955997773537369665077554883357356,0 5915,['CWE-909'],"void qdisc_put_stab(struct qdisc_size_table *tab) { if (!tab) return; spin_lock(&qdisc_stab_lock); if (--tab->refcnt == 0) { list_del(&tab->list); kfree(tab); } spin_unlock(&qdisc_stab_lock); }",linux-2.6,,,246953739700085924523673394452924335555,0 4396,['CWE-264'],"struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie) { struct dst_entry *dst = sk->sk_dst_cache; if (dst && dst->obsolete && dst->ops->check(dst, cookie) == NULL) { sk->sk_dst_cache = NULL; dst_release(dst); return NULL; } return dst; }",linux-2.6,,,312279769217050526301234197409993499869,0 1240,NVD-CWE-Other,"static inline int ip6_ufo_append_data(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), void *from, int length, int hh_len, int fragheaderlen, int transhdrlen, int mtu,unsigned int flags) { struct sk_buff *skb; int err; if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { skb = sock_alloc_send_skb(sk, hh_len + fragheaderlen + transhdrlen + 20, (flags & MSG_DONTWAIT), &err); if (skb == NULL) return -ENOMEM; skb_reserve(skb, hh_len); skb_put(skb,fragheaderlen + transhdrlen); skb_reset_network_header(skb); skb->transport_header = skb->network_header + fragheaderlen; skb->ip_summed = CHECKSUM_PARTIAL; skb->csum = 0; } err = skb_append_datato_frags(sk,skb, getfrag, from, (length - transhdrlen)); if (!err) { struct frag_hdr fhdr; skb_shinfo(skb)->gso_size = (mtu - fragheaderlen - sizeof(struct frag_hdr)) & ~7; skb_shinfo(skb)->gso_type = SKB_GSO_UDP; ipv6_select_ident(&fhdr); skb_shinfo(skb)->ip6_frag_id = fhdr.identification; __skb_queue_tail(&sk->sk_write_queue, skb); return 0; } kfree_skb(skb); return err; }",visit repo url,net/ipv6/ip6_output.c,https://github.com/torvalds/linux,173306184315758,1 3631,['CWE-287'],"struct sctp_transport *sctp_assoc_choose_init_transport( struct sctp_association *asoc) { struct sctp_transport *t; if (!asoc->init_last_sent_to) { t = asoc->peer.active_path; } else { if (asoc->init_last_sent_to == asoc->peer.retran_path) sctp_assoc_update_retran_path(asoc); t = asoc->peer.retran_path; } SCTP_DEBUG_PRINTK_IPADDR(""sctp_assoc_update_retran_path:association"" "" %p addr: "", "" port: %d\n"", asoc, (&t->ipaddr), ntohs(t->ipaddr.v4.sin_port)); return t; }",linux-2.6,,,52851479694914450313394762347776037682,0 3058,['CWE-189'],"int jas_iccprof_setattr(jas_iccprof_t *prof, jas_iccattrname_t name, jas_iccattrval_t *val) { int i; if ((i = jas_iccattrtab_lookup(prof->attrtab, name)) >= 0) { if (val) { if (jas_iccattrtab_replace(prof->attrtab, i, name, val)) goto error; } else { jas_iccattrtab_delete(prof->attrtab, i); } } else { if (val) { if (jas_iccattrtab_add(prof->attrtab, -1, name, val)) goto error; } else { } } return 0; error: return -1; }",jasper,,,168578794928712911955049982357428026828,0 5574,CWE-125,"obj2ast_expr(PyObject* obj, expr_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; int lineno; int col_offset; if (obj == Py_None) { *out = NULL; return 0; } if (_PyObject_HasAttrId(obj, &PyId_lineno)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_lineno); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from expr""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_col_offset)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_col_offset); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from expr""); return 1; } isinstance = PyObject_IsInstance(obj, (PyObject*)BoolOp_type); if (isinstance == -1) { return 1; } if (isinstance) { boolop_ty op; asdl_seq* values; if (_PyObject_HasAttrId(obj, &PyId_op)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_op); if (tmp == NULL) goto failed; res = obj2ast_boolop(tmp, &op, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""op\"" missing from BoolOp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_values)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_values); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""BoolOp field \""values\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); values = _Ta3_asdl_seq_new(len, arena); if (values == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""BoolOp field \""values\"" changed size during iteration""); goto failed; } asdl_seq_SET(values, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""values\"" missing from BoolOp""); return 1; } *out = BoolOp(op, values, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)BinOp_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty left; operator_ty op; expr_ty right; if (_PyObject_HasAttrId(obj, &PyId_left)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_left); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &left, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""left\"" missing from BinOp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_op)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_op); if (tmp == NULL) goto failed; res = obj2ast_operator(tmp, &op, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""op\"" missing from BinOp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_right)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_right); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &right, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""right\"" missing from BinOp""); return 1; } *out = BinOp(left, op, right, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)UnaryOp_type); if (isinstance == -1) { return 1; } if (isinstance) { unaryop_ty op; expr_ty operand; if (_PyObject_HasAttrId(obj, &PyId_op)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_op); if (tmp == NULL) goto failed; res = obj2ast_unaryop(tmp, &op, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""op\"" missing from UnaryOp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_operand)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_operand); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &operand, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""operand\"" missing from UnaryOp""); return 1; } *out = UnaryOp(op, operand, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Lambda_type); if (isinstance == -1) { return 1; } if (isinstance) { arguments_ty args; expr_ty body; if (_PyObject_HasAttrId(obj, &PyId_args)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_args); if (tmp == NULL) goto failed; res = obj2ast_arguments(tmp, &args, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from Lambda""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &body, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Lambda""); return 1; } *out = Lambda(args, body, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)IfExp_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; expr_ty body; expr_ty orelse; if (_PyObject_HasAttrId(obj, &PyId_test)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_test); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from IfExp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &body, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from IfExp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &orelse, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from IfExp""); return 1; } *out = IfExp(test, body, orelse, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Dict_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* keys; asdl_seq* values; if (_PyObject_HasAttrId(obj, &PyId_keys)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_keys); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Dict field \""keys\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); keys = _Ta3_asdl_seq_new(len, arena); if (keys == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Dict field \""keys\"" changed size during iteration""); goto failed; } asdl_seq_SET(keys, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""keys\"" missing from Dict""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_values)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_values); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Dict field \""values\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); values = _Ta3_asdl_seq_new(len, arena); if (values == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Dict field \""values\"" changed size during iteration""); goto failed; } asdl_seq_SET(values, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""values\"" missing from Dict""); return 1; } *out = Dict(keys, values, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Set_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* elts; if (_PyObject_HasAttrId(obj, &PyId_elts)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_elts); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Set field \""elts\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); elts = _Ta3_asdl_seq_new(len, arena); if (elts == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Set field \""elts\"" changed size during iteration""); goto failed; } asdl_seq_SET(elts, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""elts\"" missing from Set""); return 1; } *out = Set(elts, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ListComp_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty elt; asdl_seq* generators; if (_PyObject_HasAttrId(obj, &PyId_elt)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_elt); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &elt, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""elt\"" missing from ListComp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_generators)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_generators); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ListComp field \""generators\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); generators = _Ta3_asdl_seq_new(len, arena); if (generators == NULL) goto failed; for (i = 0; i < len; i++) { comprehension_ty value; res = obj2ast_comprehension(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ListComp field \""generators\"" changed size during iteration""); goto failed; } asdl_seq_SET(generators, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""generators\"" missing from ListComp""); return 1; } *out = ListComp(elt, generators, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)SetComp_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty elt; asdl_seq* generators; if (_PyObject_HasAttrId(obj, &PyId_elt)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_elt); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &elt, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""elt\"" missing from SetComp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_generators)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_generators); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""SetComp field \""generators\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); generators = _Ta3_asdl_seq_new(len, arena); if (generators == NULL) goto failed; for (i = 0; i < len; i++) { comprehension_ty value; res = obj2ast_comprehension(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""SetComp field \""generators\"" changed size during iteration""); goto failed; } asdl_seq_SET(generators, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""generators\"" missing from SetComp""); return 1; } *out = SetComp(elt, generators, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)DictComp_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty key; expr_ty value; asdl_seq* generators; if (_PyObject_HasAttrId(obj, &PyId_key)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_key); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &key, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""key\"" missing from DictComp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from DictComp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_generators)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_generators); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""DictComp field \""generators\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); generators = _Ta3_asdl_seq_new(len, arena); if (generators == NULL) goto failed; for (i = 0; i < len; i++) { comprehension_ty value; res = obj2ast_comprehension(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""DictComp field \""generators\"" changed size during iteration""); goto failed; } asdl_seq_SET(generators, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""generators\"" missing from DictComp""); return 1; } *out = DictComp(key, value, generators, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)GeneratorExp_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty elt; asdl_seq* generators; if (_PyObject_HasAttrId(obj, &PyId_elt)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_elt); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &elt, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""elt\"" missing from GeneratorExp""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_generators)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_generators); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""GeneratorExp field \""generators\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); generators = _Ta3_asdl_seq_new(len, arena); if (generators == NULL) goto failed; for (i = 0; i < len; i++) { comprehension_ty value; res = obj2ast_comprehension(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""GeneratorExp field \""generators\"" changed size during iteration""); goto failed; } asdl_seq_SET(generators, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""generators\"" missing from GeneratorExp""); return 1; } *out = GeneratorExp(elt, generators, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Await_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Await""); return 1; } *out = Await(value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Yield_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (exists_not_none(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { value = NULL; } *out = Yield(value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)YieldFrom_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from YieldFrom""); return 1; } *out = YieldFrom(value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Compare_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty left; asdl_int_seq* ops; asdl_seq* comparators; if (_PyObject_HasAttrId(obj, &PyId_left)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_left); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &left, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""left\"" missing from Compare""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_ops)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_ops); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Compare field \""ops\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); ops = _Ta3_asdl_int_seq_new(len, arena); if (ops == NULL) goto failed; for (i = 0; i < len; i++) { cmpop_ty value; res = obj2ast_cmpop(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Compare field \""ops\"" changed size during iteration""); goto failed; } asdl_seq_SET(ops, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""ops\"" missing from Compare""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_comparators)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_comparators); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Compare field \""comparators\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); comparators = _Ta3_asdl_seq_new(len, arena); if (comparators == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Compare field \""comparators\"" changed size during iteration""); goto failed; } asdl_seq_SET(comparators, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""comparators\"" missing from Compare""); return 1; } *out = Compare(left, ops, comparators, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Call_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty func; asdl_seq* args; asdl_seq* keywords; if (_PyObject_HasAttrId(obj, &PyId_func)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_func); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &func, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""func\"" missing from Call""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_args)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_args); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Call field \""args\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); args = _Ta3_asdl_seq_new(len, arena); if (args == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Call field \""args\"" changed size during iteration""); goto failed; } asdl_seq_SET(args, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from Call""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_keywords)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_keywords); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Call field \""keywords\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); keywords = _Ta3_asdl_seq_new(len, arena); if (keywords == NULL) goto failed; for (i = 0; i < len; i++) { keyword_ty value; res = obj2ast_keyword(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Call field \""keywords\"" changed size during iteration""); goto failed; } asdl_seq_SET(keywords, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""keywords\"" missing from Call""); return 1; } *out = Call(func, args, keywords, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Num_type); if (isinstance == -1) { return 1; } if (isinstance) { object n; if (_PyObject_HasAttrId(obj, &PyId_n)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_n); if (tmp == NULL) goto failed; res = obj2ast_object(tmp, &n, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""n\"" missing from Num""); return 1; } *out = Num(n, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Str_type); if (isinstance == -1) { return 1; } if (isinstance) { string s; string kind; if (_PyObject_HasAttrId(obj, &PyId_s)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_s); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &s, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""s\"" missing from Str""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_kind)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_kind); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &kind, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""kind\"" missing from Str""); return 1; } *out = Str(s, kind, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)FormattedValue_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; int conversion; expr_ty format_spec; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from FormattedValue""); return 1; } if (exists_not_none(obj, &PyId_conversion)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_conversion); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &conversion, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { conversion = 0; } if (exists_not_none(obj, &PyId_format_spec)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_format_spec); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &format_spec, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { format_spec = NULL; } *out = FormattedValue(value, conversion, format_spec, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)JoinedStr_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* values; if (_PyObject_HasAttrId(obj, &PyId_values)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_values); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""JoinedStr field \""values\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); values = _Ta3_asdl_seq_new(len, arena); if (values == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""JoinedStr field \""values\"" changed size during iteration""); goto failed; } asdl_seq_SET(values, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""values\"" missing from JoinedStr""); return 1; } *out = JoinedStr(values, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Bytes_type); if (isinstance == -1) { return 1; } if (isinstance) { bytes s; if (_PyObject_HasAttrId(obj, &PyId_s)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_s); if (tmp == NULL) goto failed; res = obj2ast_bytes(tmp, &s, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""s\"" missing from Bytes""); return 1; } *out = Bytes(s, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)NameConstant_type); if (isinstance == -1) { return 1; } if (isinstance) { singleton value; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_singleton(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from NameConstant""); return 1; } *out = NameConstant(value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Ellipsis_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Ellipsis(lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Constant_type); if (isinstance == -1) { return 1; } if (isinstance) { constant value; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_constant(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Constant""); return 1; } *out = Constant(value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Attribute_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; identifier attr; expr_context_ty ctx; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Attribute""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_attr)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_attr); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &attr, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""attr\"" missing from Attribute""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_ctx)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_ctx); if (tmp == NULL) goto failed; res = obj2ast_expr_context(tmp, &ctx, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""ctx\"" missing from Attribute""); return 1; } *out = Attribute(value, attr, ctx, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Subscript_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; slice_ty slice; expr_context_ty ctx; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Subscript""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_slice)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_slice); if (tmp == NULL) goto failed; res = obj2ast_slice(tmp, &slice, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""slice\"" missing from Subscript""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_ctx)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_ctx); if (tmp == NULL) goto failed; res = obj2ast_expr_context(tmp, &ctx, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""ctx\"" missing from Subscript""); return 1; } *out = Subscript(value, slice, ctx, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Starred_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; expr_context_ty ctx; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Starred""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_ctx)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_ctx); if (tmp == NULL) goto failed; res = obj2ast_expr_context(tmp, &ctx, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""ctx\"" missing from Starred""); return 1; } *out = Starred(value, ctx, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Name_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier id; expr_context_ty ctx; if (_PyObject_HasAttrId(obj, &PyId_id)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_id); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &id, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""id\"" missing from Name""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_ctx)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_ctx); if (tmp == NULL) goto failed; res = obj2ast_expr_context(tmp, &ctx, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""ctx\"" missing from Name""); return 1; } *out = Name(id, ctx, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)List_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* elts; expr_context_ty ctx; if (_PyObject_HasAttrId(obj, &PyId_elts)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_elts); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""List field \""elts\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); elts = _Ta3_asdl_seq_new(len, arena); if (elts == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""List field \""elts\"" changed size during iteration""); goto failed; } asdl_seq_SET(elts, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""elts\"" missing from List""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_ctx)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_ctx); if (tmp == NULL) goto failed; res = obj2ast_expr_context(tmp, &ctx, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""ctx\"" missing from List""); return 1; } *out = List(elts, ctx, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Tuple_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* elts; expr_context_ty ctx; if (_PyObject_HasAttrId(obj, &PyId_elts)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_elts); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Tuple field \""elts\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); elts = _Ta3_asdl_seq_new(len, arena); if (elts == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Tuple field \""elts\"" changed size during iteration""); goto failed; } asdl_seq_SET(elts, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""elts\"" missing from Tuple""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_ctx)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_ctx); if (tmp == NULL) goto failed; res = obj2ast_expr_context(tmp, &ctx, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""ctx\"" missing from Tuple""); return 1; } *out = Tuple(elts, ctx, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of expr, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,73399749638904,1 5636,['CWE-476'],"static int compat_udp_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen) { if (level != SOL_UDP) return compat_ip_setsockopt(sk, level, optname, optval, optlen); return do_udp_setsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,254554465486172647987411215573272671736,0 6405,['CWE-59'],"static int check_newline(const char *progname, const char *name) { char *s; for (s = ""\n""; *s; s++) { if (strchr(name, *s)) { fprintf(stderr, ""%s: illegal character 0x%02x in mount entry\n"", progname, *s); return EX_USAGE; } } return 0; }",samba,,,244748140468825263822084573243927991324,0 4803,['CWE-399'],"inotify_get_sb(struct file_system_type *fs_type, int flags, const char *dev_name, void *data, struct vfsmount *mnt) { return get_sb_pseudo(fs_type, ""inotify"", NULL, INOTIFYFS_SUPER_MAGIC, mnt); }",linux-2.6,,,153453123202235344516347348400508216252,0 5082,['CWE-20'],"static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id) { int err; struct vcpu_vmx *vmx = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL); int cpu; if (!vmx) return ERR_PTR(-ENOMEM); allocate_vpid(vmx); err = kvm_vcpu_init(&vmx->vcpu, kvm, id); if (err) goto free_vcpu; vmx->guest_msrs = kmalloc(PAGE_SIZE, GFP_KERNEL); if (!vmx->guest_msrs) { err = -ENOMEM; goto uninit_vcpu; } vmx->host_msrs = kmalloc(PAGE_SIZE, GFP_KERNEL); if (!vmx->host_msrs) goto free_guest_msrs; vmx->vmcs = alloc_vmcs(); if (!vmx->vmcs) goto free_msrs; vmcs_clear(vmx->vmcs); cpu = get_cpu(); vmx_vcpu_load(&vmx->vcpu, cpu); err = vmx_vcpu_setup(vmx); vmx_vcpu_put(&vmx->vcpu); put_cpu(); if (err) goto free_vmcs; if (vm_need_virtualize_apic_accesses(kvm)) if (alloc_apic_access_page(kvm) != 0) goto free_vmcs; if (vm_need_ept()) if (alloc_identity_pagetable(kvm) != 0) goto free_vmcs; return &vmx->vcpu; free_vmcs: free_vmcs(vmx->vmcs); free_msrs: kfree(vmx->host_msrs); free_guest_msrs: kfree(vmx->guest_msrs); uninit_vcpu: kvm_vcpu_uninit(&vmx->vcpu); free_vcpu: kmem_cache_free(kvm_vcpu_cache, vmx); return ERR_PTR(err); }",linux-2.6,,,73412510248442528195423191656071370753,0 4255,CWE-787,"static int hexagon_v6_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *buf, int len, RAnalOpMask mask) { HexInsn hi = {0};; ut32 data = 0; data = r_read_le32 (buf); int size = hexagon_disasm_instruction (data, &hi, (ut32) addr); op->size = size; if (size <= 0) { return size; } op->addr = addr; return hexagon_anal_instruction (&hi, op); }",visit repo url,libr/anal/p/anal_hexagon.c,https://github.com/radareorg/radare2,87451033817686,1 956,['CWE-189'],"ShmSetPixmapFormat( ScreenPtr pScreen, int format) { shmPixFormat[pScreen->myNum] = format; }",xserver,,,155814680958313671026584449752182547257,0 5583,[],"static int __init setup_print_fatal_signals(char *str) { get_option (&str, &print_fatal_signals); return 1; }",linux-2.6,,,168630853858277709219695140302086353160,0 2390,['CWE-119'],"static int check_pair_status(struct diff_filepair *p) { switch (p->status) { case DIFF_STATUS_UNKNOWN: return 0; case 0: die(""internal error in diff-resolve-rename-copy""); default: return 1; } }",git,,,248886361160173860666171929824453444734,0 3450,['CWE-20'],"_dbus_validate_member (const DBusString *str, int start, int len) { const unsigned char *s; const unsigned char *end; const unsigned char *member; _dbus_assert (start >= 0); _dbus_assert (len >= 0); _dbus_assert (start <= _dbus_string_get_length (str)); if (len > _dbus_string_get_length (str) - start) return FALSE; if (len > DBUS_MAXIMUM_NAME_LENGTH) return FALSE; if (len == 0) return FALSE; member = _dbus_string_get_const_data (str) + start; end = member + len; s = member; if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s))) return FALSE; else ++s; while (s != end) { if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s))) { return FALSE; } ++s; } return TRUE; }",dbus,,,328065107448287312910451784803032119227,0 6667,['CWE-200'],"import_vpn_cb (GtkButton *button, gpointer user_data) { vpn_import (import_success_cb, (ActionInfo *) user_data); }",network-manager-applet,,,176362451638013200640722511232258995750,0 4050,CWE-476,"static Sdb *store_versioninfo_gnu_verdef(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz) { const char *section_name = """"; const char *link_section_name = """"; char *end = NULL; Elf_(Shdr) *link_shdr = NULL; ut8 dfs[sizeof (Elf_(Verdef))] = {0}; Sdb *sdb; int cnt, i; if (shdr->sh_link > bin->ehdr.e_shnum) { return false; } link_shdr = &bin->shdr[shdr->sh_link]; if (shdr->sh_size < 1 || shdr->sh_size > SIZE_MAX) { return false; } Elf_(Verdef) *defs = calloc (shdr->sh_size, sizeof (char)); if (!defs) { return false; } if (bin->shstrtab && shdr->sh_name < bin->shstrtab_size) { section_name = &bin->shstrtab[shdr->sh_name]; } if (link_shdr && bin->shstrtab && link_shdr->sh_name < bin->shstrtab_size) { link_section_name = &bin->shstrtab[link_shdr->sh_name]; } if (!defs) { bprintf (""Warning: Cannot allocate memory (Check Elf_(Verdef))\n""); return NULL; } sdb = sdb_new0 (); end = (char *)defs + shdr->sh_size; sdb_set (sdb, ""section_name"", section_name, 0); sdb_num_set (sdb, ""entries"", shdr->sh_info, 0); sdb_num_set (sdb, ""addr"", shdr->sh_addr, 0); sdb_num_set (sdb, ""offset"", shdr->sh_offset, 0); sdb_num_set (sdb, ""link"", shdr->sh_link, 0); sdb_set (sdb, ""link_section_name"", link_section_name, 0); for (cnt = 0, i = 0; i >= 0 && cnt < shdr->sh_info && (end - (char *)defs > i); ++cnt) { Sdb *sdb_verdef = sdb_new0 (); char *vstart = ((char*)defs) + i; char key[32] = {0}; Elf_(Verdef) *verdef = (Elf_(Verdef)*)vstart; Elf_(Verdaux) aux = {0}; int j = 0; int isum = 0; r_buf_read_at (bin->b, shdr->sh_offset + i, dfs, sizeof (Elf_(Verdef))); verdef->vd_version = READ16 (dfs, j) verdef->vd_flags = READ16 (dfs, j) verdef->vd_ndx = READ16 (dfs, j) verdef->vd_cnt = READ16 (dfs, j) verdef->vd_hash = READ32 (dfs, j) verdef->vd_aux = READ32 (dfs, j) verdef->vd_next = READ32 (dfs, j) int vdaux = verdef->vd_aux; if (vdaux < 1 || (char *)UINTPTR_MAX - vstart < vdaux) { sdb_free (sdb_verdef); goto out_error; } vstart += vdaux; if (vstart > end || end - vstart < sizeof (Elf_(Verdaux))) { sdb_free (sdb_verdef); goto out_error; } j = 0; aux.vda_name = READ32 (vstart, j) aux.vda_next = READ32 (vstart, j) isum = i + verdef->vd_aux; if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); goto out_error; } sdb_num_set (sdb_verdef, ""idx"", i, 0); sdb_num_set (sdb_verdef, ""vd_version"", verdef->vd_version, 0); sdb_num_set (sdb_verdef, ""vd_ndx"", verdef->vd_ndx, 0); sdb_num_set (sdb_verdef, ""vd_cnt"", verdef->vd_cnt, 0); sdb_set (sdb_verdef, ""vda_name"", &bin->dynstr[aux.vda_name], 0); sdb_set (sdb_verdef, ""flags"", get_ver_flags (verdef->vd_flags), 0); for (j = 1; j < verdef->vd_cnt; ++j) { int k; Sdb *sdb_parent = sdb_new0 (); isum += aux.vda_next; vstart += aux.vda_next; if (vstart > end || end - vstart < sizeof (Elf_(Verdaux))) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } k = 0; aux.vda_name = READ32 (vstart, k) aux.vda_next = READ32 (vstart, k) if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } sdb_num_set (sdb_parent, ""idx"", isum, 0); sdb_num_set (sdb_parent, ""parent"", j, 0); sdb_set (sdb_parent, ""vda_name"", &bin->dynstr[aux.vda_name], 0); snprintf (key, sizeof (key), ""parent%d"", j - 1); sdb_ns_set (sdb_verdef, key, sdb_parent); } snprintf (key, sizeof (key), ""verdef%d"", cnt); sdb_ns_set (sdb, key, sdb_verdef); if (!verdef->vd_next) { sdb_free (sdb_verdef); goto out_error; } if ((st32)verdef->vd_next < 1) { eprintf (""Warning: Invalid vd_next in the ELF version\n""); break; } i += verdef->vd_next; } free (defs); return sdb; out_error: free (defs); sdb_free (sdb); return NULL; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radare/radare2,202106941682474,1 4266,['CWE-264'],"static int unshare_sighand(unsigned long unshare_flags, struct sighand_struct **new_sighp) { struct sighand_struct *sigh = current->sighand; if ((unshare_flags & CLONE_SIGHAND) && atomic_read(&sigh->count) > 1) return -EINVAL; else return 0; }",linux-2.6,,,146103888487977854274591906199280293739,0 4038,CWE-125,"struct _mdi *_WM_ParseNewXmi(uint8_t *xmi_data, uint32_t xmi_size) { struct _mdi *xmi_mdi = NULL; uint32_t xmi_tmpdata = 0; uint8_t xmi_formcnt = 0; uint32_t xmi_catlen = 0; uint32_t xmi_subformlen = 0; uint32_t i = 0; uint32_t j = 0; uint32_t xmi_evntlen = 0; uint32_t xmi_divisions = 60; uint32_t xmi_tempo = 500000; uint32_t xmi_sample_count = 0; float xmi_sample_count_f = 0.0; float xmi_sample_remainder = 0.0; float xmi_samples_per_delta_f = 0.0; uint8_t xmi_ch = 0; uint8_t xmi_note = 0; uint32_t *xmi_notelen = NULL; uint32_t setup_ret = 0; uint32_t xmi_delta = 0; uint32_t xmi_lowestdelta = 0; uint32_t xmi_evnt_cnt = 0; if (memcmp(xmi_data,""FORM"",4)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_XMI, NULL, 0); return NULL; } xmi_data += 4; xmi_size -= 4; xmi_tmpdata = *xmi_data++ << 24; xmi_tmpdata |= *xmi_data++ << 16; xmi_tmpdata |= *xmi_data++ << 8; xmi_tmpdata |= *xmi_data++; xmi_size -= 4; if (memcmp(xmi_data,""XDIRINFO"",8)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_XMI, NULL, 0); return NULL; } xmi_data += 8; xmi_size -= 8; xmi_data += 4; xmi_size -= 4; xmi_formcnt = *xmi_data++; if (xmi_formcnt == 0) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_XMI, NULL, 0); return NULL; } xmi_size--; xmi_tmpdata -= 13; xmi_data += xmi_tmpdata; xmi_size -= xmi_tmpdata; if (memcmp(xmi_data,""CAT "",4)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_XMI, NULL, 0); return NULL; } xmi_data += 4; xmi_size -= 4; xmi_catlen = *xmi_data++ << 24; xmi_catlen |= *xmi_data++ << 16; xmi_catlen |= *xmi_data++ << 8; xmi_catlen |= *xmi_data++; xmi_size -= 4; UNUSED(xmi_catlen); if (memcmp(xmi_data,""XMID"",4)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_XMI, NULL, 0); return NULL; } xmi_data += 4; xmi_size -= 4; xmi_mdi = _WM_initMDI(); _WM_midi_setup_divisions(xmi_mdi, xmi_divisions); _WM_midi_setup_tempo(xmi_mdi, xmi_tempo); xmi_samples_per_delta_f = _WM_GetSamplesPerTick(xmi_divisions, xmi_tempo); xmi_notelen = malloc(sizeof(uint32_t) * 16 * 128); memset(xmi_notelen, 0, (sizeof(uint32_t) * 16 * 128)); for (i = 0; i < xmi_formcnt; i++) { if (memcmp(xmi_data,""FORM"",4)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_XMI, NULL, 0); goto _xmi_end; } xmi_data += 4; xmi_size -= 4; xmi_subformlen = *xmi_data++ << 24; xmi_subformlen |= *xmi_data++ << 16; xmi_subformlen |= *xmi_data++ << 8; xmi_subformlen |= *xmi_data++; xmi_size -= 4; if (memcmp(xmi_data,""XMID"",4)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_XMI, NULL, 0); goto _xmi_end; } xmi_data += 4; xmi_size -= 4; xmi_subformlen -= 4; do { if (!memcmp(xmi_data,""TIMB"",4)) { xmi_data += 4; xmi_tmpdata = *xmi_data++ << 24; xmi_tmpdata |= *xmi_data++ << 16; xmi_tmpdata |= *xmi_data++ << 8; xmi_tmpdata |= *xmi_data++; xmi_data += xmi_tmpdata; xmi_size -= (8 + xmi_tmpdata); xmi_subformlen -= (8 + xmi_tmpdata); } else if (!memcmp(xmi_data,""RBRN"",4)) { xmi_data += 4; xmi_tmpdata = *xmi_data++ << 24; xmi_tmpdata |= *xmi_data++ << 16; xmi_tmpdata |= *xmi_data++ << 8; xmi_tmpdata |= *xmi_data++; xmi_data += xmi_tmpdata; xmi_size -= (8 + xmi_tmpdata); xmi_subformlen -= (8 + xmi_tmpdata); } else if (!memcmp(xmi_data,""EVNT"",4)) { xmi_data += 4; xmi_evnt_cnt++; xmi_evntlen = *xmi_data++ << 24; xmi_evntlen |= *xmi_data++ << 16; xmi_evntlen |= *xmi_data++ << 8; xmi_evntlen |= *xmi_data++; xmi_size -= 8; xmi_subformlen -= 8; do { if (*xmi_data < 0x80) { xmi_delta = 0; if (*xmi_data > 0x7f) { while (*xmi_data > 0x7f) { xmi_delta = (xmi_delta << 7) | (*xmi_data++ & 0x7f); xmi_size--; xmi_evntlen--; xmi_subformlen--; } } xmi_delta = (xmi_delta << 7) | (*xmi_data++ & 0x7f); xmi_size--; xmi_evntlen--; xmi_subformlen--; do { if ((xmi_lowestdelta != 0) && (xmi_lowestdelta <= xmi_delta)) { xmi_tmpdata = xmi_lowestdelta; } else { xmi_tmpdata = xmi_delta; } xmi_sample_count_f= (((float) xmi_tmpdata * xmi_samples_per_delta_f) + xmi_sample_remainder); xmi_sample_count = (uint32_t) xmi_sample_count_f; xmi_sample_remainder = xmi_sample_count_f - (float) xmi_sample_count; xmi_mdi->events[xmi_mdi->event_count - 1].samples_to_next += xmi_sample_count; xmi_mdi->extra_info.approx_total_samples += xmi_sample_count; xmi_lowestdelta = 0; for (j = 0; j < (16*128); j++) { if (xmi_notelen[j] == 0) continue; xmi_notelen[j] -= xmi_tmpdata; if (xmi_notelen[j] == 0) { xmi_ch = j / 128; xmi_note = j - (xmi_ch * 128); _WM_midi_setup_noteoff(xmi_mdi, xmi_ch, xmi_note, 0); } else { if ((xmi_lowestdelta == 0) || (xmi_lowestdelta > xmi_notelen[j])) { xmi_lowestdelta = xmi_notelen[j]; } } } xmi_delta -= xmi_tmpdata; } while (xmi_delta); } else { if ((xmi_data[0] == 0xff) && (xmi_data[1] == 0x51) && (xmi_data[2] == 0x03)) { setup_ret = 6; goto _XMI_Next_Event; } if ((setup_ret = _WM_SetupMidiEvent(xmi_mdi,xmi_data,0)) == 0) { goto _xmi_end; } if ((*xmi_data & 0xf0) == 0x90) { xmi_ch = *xmi_data & 0x0f; xmi_note = xmi_data[1]; xmi_data += setup_ret; xmi_size -= setup_ret; xmi_evntlen -= setup_ret; xmi_subformlen -= setup_ret; xmi_tmpdata = 0; if (*xmi_data > 0x7f) { while (*xmi_data > 0x7f) { xmi_tmpdata = (xmi_tmpdata << 7) | (*xmi_data++ & 0x7f); xmi_size--; xmi_evntlen--; xmi_subformlen--; } } xmi_tmpdata = (xmi_tmpdata << 7) | (*xmi_data++ & 0x7f); xmi_size--; xmi_evntlen--; xmi_subformlen--; xmi_notelen[128 * xmi_ch + xmi_note] = xmi_tmpdata; if ((xmi_tmpdata > 0) && ((xmi_lowestdelta == 0) || (xmi_tmpdata < xmi_lowestdelta))) { xmi_lowestdelta = xmi_tmpdata; } } else { _XMI_Next_Event: xmi_data += setup_ret; xmi_size -= setup_ret; xmi_evntlen -= setup_ret; xmi_subformlen -= setup_ret; } } } while (xmi_evntlen); } else { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_XMI, NULL, 0); goto _xmi_end; } } while (xmi_subformlen); } if ((xmi_mdi->reverb = _WM_init_reverb(_WM_SampleRate, _WM_reverb_room_width, _WM_reverb_room_length, _WM_reverb_listen_posx, _WM_reverb_listen_posy)) == NULL) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_MEM, ""to init reverb"", 0); goto _xmi_end; } xmi_mdi->extra_info.current_sample = 0; xmi_mdi->current_event = &xmi_mdi->events[0]; xmi_mdi->samples_to_mix = 0; xmi_mdi->note = NULL; if (xmi_evnt_cnt > 1) { xmi_mdi->is_type2 = 1; } _WM_ResetToStart(xmi_mdi); _xmi_end: if (xmi_notelen != NULL) free(xmi_notelen); if (xmi_mdi->reverb) return (xmi_mdi); _WM_freeMDI(xmi_mdi); return NULL; }",visit repo url,src/f_xmidi.c,https://github.com/Mindwerks/wildmidi,164010953828136,1 6678,CWE-330,"int mesg_make_query (u_char *qname, uint16_t qtype, uint16_t qclass, uint32_t id, int rd, u_char *buf, int buflen) { char *fn = ""mesg_make_query()""; u_char *ucp; int i, written_len; Mesg_Hdr *hdr; if (T.debug > 4) syslog (LOG_DEBUG, ""%s: (qtype: %s, id: %d): start"", fn, string_rtype (qtype), id); hdr = (Mesg_Hdr *) buf; hdr->id = id; hdr->opcode = OP_QUERY; hdr->rcode = RC_OK; hdr->rd = rd; hdr->qr = hdr->aa = hdr->tc = hdr->ra = hdr->zero = 0; hdr->qdcnt = ntohs (1); hdr->ancnt = hdr->nscnt = hdr->arcnt = ntohs (0); written_len = sizeof (Mesg_Hdr); ucp = (u_char *) (hdr + 1); if (T.debug > 4) syslog (LOG_DEBUG, ""%s: qname offset = %zd"", fn, ucp - buf); i = dname_copy (qname, ucp, buflen - written_len); if (i < 0) return -1; written_len += i; ucp += i; if (T.debug > 4) syslog (LOG_DEBUG, ""%s: qtype/qclass offset = %zd"", fn, ucp - buf); written_len += sizeof (uint16_t) * 2; if (written_len > buflen) return -1; PUTSHORT (qtype, ucp); PUTSHORT (qclass, ucp); return written_len; }",visit repo url,ne_mesg.c,https://github.com/fwdillema/totd,178664125465765,1 6063,CWE-190,"void bn_rec_slw(uint8_t *win, int *len, const bn_t k, int w) { int i, j, l, s; l = bn_bits(k); if (*len < l) { *len = 0; RLC_THROW(ERR_NO_BUFFER); return; } memset(win, 0, *len); i = l - 1; j = 0; while (i >= 0) { if (!bn_get_bit(k, i)) { i--; win[j++] = 0; } else { s = RLC_MAX(i - w + 1, 0); while (!bn_get_bit(k, s)) { s++; } win[j++] = get_bits(k, s, i); i = s - 1; } } *len = j; }",visit repo url,src/bn/relic_bn_rec.c,https://github.com/relic-toolkit/relic,215586061732637,1 2051,['CWE-269'],"void free_vfsmnt(struct vfsmount *mnt) { kfree(mnt->mnt_devname); kmem_cache_free(mnt_cache, mnt); }",linux-2.6,,,27819382331903353957620588205138347811,0 4933,CWE-787," yaffsfs_istat(TSK_FS_INFO *fs, TSK_FS_ISTAT_FLAG_ENUM flags, FILE * hFile, TSK_INUM_T inum, TSK_DADDR_T numblock, int32_t sec_skew) { TSK_FS_META *fs_meta; TSK_FS_FILE *fs_file; YAFFSFS_INFO *yfs = (YAFFSFS_INFO *)fs; char ls[12]; YAFFSFS_PRINT_ADDR print; char timeBuf[32]; YaffsCacheObject * obj = NULL; YaffsCacheVersion * version = NULL; YaffsHeader * header = NULL; yaffscache_version_find_by_inode(yfs, inum, &version, &obj); if ((fs_file = tsk_fs_file_open_meta(fs, NULL, inum)) == NULL) { return 1; } fs_meta = fs_file->meta; tsk_fprintf(hFile, ""inode: %"" PRIuINUM ""\n"", inum); tsk_fprintf(hFile, ""%sAllocated\n"", (fs_meta->flags & TSK_FS_META_FLAG_ALLOC) ? """" : ""Not ""); if (fs_meta->link) tsk_fprintf(hFile, ""symbolic link to: %s\n"", fs_meta->link); tsk_fprintf(hFile, ""uid / gid: %"" PRIuUID "" / %"" PRIuGID ""\n"", fs_meta->uid, fs_meta->gid); tsk_fs_meta_make_ls(fs_meta, ls, sizeof(ls)); tsk_fprintf(hFile, ""mode: %s\n"", ls); tsk_fprintf(hFile, ""size: %"" PRIdOFF ""\n"", fs_meta->size); tsk_fprintf(hFile, ""num of links: %d\n"", fs_meta->nlink); if(version != NULL){ yaffsfs_read_header(yfs, &header, version->ycv_header_chunk->ycc_offset); if(header != NULL){ tsk_fprintf(hFile, ""Name: %s\n"", header->name); } } if (sec_skew != 0) { tsk_fprintf(hFile, ""\nAdjusted Inode Times:\n""); fs_meta->mtime -= sec_skew; fs_meta->atime -= sec_skew; fs_meta->ctime -= sec_skew; tsk_fprintf(hFile, ""Accessed:\t%s\n"", tsk_fs_time_to_str(fs_meta->atime, timeBuf)); tsk_fprintf(hFile, ""File Modified:\t%s\n"", tsk_fs_time_to_str(fs_meta->mtime, timeBuf)); tsk_fprintf(hFile, ""Inode Modified:\t%s\n"", tsk_fs_time_to_str(fs_meta->ctime, timeBuf)); fs_meta->mtime += sec_skew; fs_meta->atime += sec_skew; fs_meta->ctime += sec_skew; tsk_fprintf(hFile, ""\nOriginal Inode Times:\n""); } else { tsk_fprintf(hFile, ""\nInode Times:\n""); } tsk_fprintf(hFile, ""Accessed:\t%s\n"", tsk_fs_time_to_str(fs_meta->atime, timeBuf)); tsk_fprintf(hFile, ""File Modified:\t%s\n"", tsk_fs_time_to_str(fs_meta->mtime, timeBuf)); tsk_fprintf(hFile, ""Inode Modified:\t%s\n"", tsk_fs_time_to_str(fs_meta->ctime, timeBuf)); if(version != NULL){ tsk_fprintf(hFile, ""\nHeader Chunk:\n""); tsk_fprintf(hFile, ""%"" PRIuDADDR ""\n"", (version->ycv_header_chunk->ycc_offset / (yfs->page_size + yfs->spare_size))); } if (numblock > 0) { TSK_OFF_T lower_size = numblock * fs->block_size; fs_meta->size = (lower_size < fs_meta->size)?(lower_size):(fs_meta->size); } tsk_fprintf(hFile, ""\nData Chunks:\n""); if (flags & TSK_FS_ISTAT_RUNLIST){ const TSK_FS_ATTR *fs_attr_default = tsk_fs_file_attr_get_type(fs_file, TSK_FS_ATTR_TYPE_DEFAULT, 0, 0); if (fs_attr_default && (fs_attr_default->flags & TSK_FS_ATTR_NONRES)) { if (tsk_fs_attr_print(fs_attr_default, hFile)) { tsk_fprintf(hFile, ""\nError creating run lists ""); tsk_error_print(hFile); tsk_error_reset(); } } } else { print.idx = 0; print.hFile = hFile; if (tsk_fs_file_walk(fs_file, TSK_FS_FILE_WALK_FLAG_AONLY, (TSK_FS_FILE_WALK_CB)print_addr_act, (void *)&print)) { tsk_fprintf(hFile, ""\nError reading file: ""); tsk_error_print(hFile); tsk_error_reset(); } else if (print.idx != 0) { tsk_fprintf(hFile, ""\n""); } } tsk_fs_file_close(fs_file); return 0; }",visit repo url,tsk/fs/yaffs.cpp,https://github.com/sleuthkit/sleuthkit,11228772560846,1 6285,CWE-295,"static int ssl_verify_cert(struct tunnel *tunnel) { int ret = -1; int cert_valid = 0; unsigned char digest[SHA256LEN]; unsigned int len; struct x509_digest *elem; char digest_str[SHA256STRLEN], *subject, *issuer; char *line; int i; X509_NAME *subj; SSL_set_verify(tunnel->ssl_handle, SSL_VERIFY_PEER, NULL); X509 *cert = SSL_get_peer_certificate(tunnel->ssl_handle); if (cert == NULL) { log_error(""Unable to get gateway certificate.\n""); return 1; } subj = X509_get_subject_name(cert); #ifdef HAVE_X509_CHECK_HOST if (X509_check_host(cert, tunnel->config->gateway_host, 0, 0, NULL) == 1) cert_valid = 1; #else char common_name[FIELD_SIZE + 1]; if (subj && X509_NAME_get_text_by_NID(subj, NID_commonName, common_name, FIELD_SIZE) > 0 && strncasecmp(common_name, tunnel->config->gateway_host, FIELD_SIZE) == 0) cert_valid = 1; #endif if (cert_valid && SSL_get_verify_result(tunnel->ssl_handle) == X509_V_OK) { log_debug(""Gateway certificate validation succeeded.\n""); ret = 0; goto free_cert; } log_debug(""Gateway certificate validation failed.\n""); if (X509_digest(cert, EVP_sha256(), digest, &len) <= 0 || len != SHA256LEN) { log_error(""Could not compute certificate sha256 digest.\n""); goto free_cert; } for (i = 0; i < SHA256LEN; i++) sprintf(&digest_str[2 * i], ""%02x"", digest[i]); digest_str[SHA256STRLEN - 1] = '\0'; for (elem = tunnel->config->cert_whitelist; elem != NULL; elem = elem->next) if (memcmp(digest_str, elem->data, SHA256STRLEN - 1) == 0) break; if (elem != NULL) { log_debug(""Gateway certificate digest found in white list.\n""); ret = 0; goto free_cert; } subject = X509_NAME_oneline(subj, NULL, 0); issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); log_error(""Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:\n""); log_error("" --trusted-cert %s\n"", digest_str); log_error(""or add this line to your config file:\n""); log_error("" trusted-cert = %s\n"", digest_str); log_error(""Gateway certificate:\n""); log_error("" subject:\n""); for (line = strtok(subject, ""/""); line != NULL; line = strtok(NULL, ""/"")) log_error("" %s\n"", line); log_error("" issuer:\n""); for (line = strtok(issuer, ""/""); line != NULL; line = strtok(NULL, ""/"")) log_error("" %s\n"", line); log_error("" sha256 digest:\n""); log_error("" %s\n"", digest_str); free_cert: X509_free(cert); return ret; }",visit repo url,src/tunnel.c,https://github.com/adrienverge/openfortivpn,200826576749544,1 3568,['CWE-20'],"static int sctp_process_hn_param(const struct sctp_association *asoc, union sctp_params param, struct sctp_chunk *chunk, struct sctp_chunk **errp) { __u16 len = ntohs(param.p->length); if (*errp) sctp_chunk_free(*errp); *errp = sctp_make_op_error_space(asoc, chunk, len); if (*errp) { sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); sctp_addto_chunk(*errp, len, param.v); } return 0; }",linux-2.6,,,136428051669142893648903810965290683735,0 1218,CWE-400,"void __perf_sw_event(u32 event_id, u64 nr, int nmi, struct pt_regs *regs, u64 addr) { struct perf_sample_data data; int rctx; preempt_disable_notrace(); rctx = perf_swevent_get_recursion_context(); if (rctx < 0) return; perf_sample_data_init(&data, addr); do_perf_sw_event(PERF_TYPE_SOFTWARE, event_id, nr, nmi, &data, regs); perf_swevent_put_recursion_context(rctx); preempt_enable_notrace(); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,163592591750426,1 5424,['CWE-476'],"static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data) { return kvm_set_msr(vcpu, index, *data); }",linux-2.6,,,129500620543648650966692404206142981198,0 5502,CWE-125,"Ta3Grammar_FindDFA(grammar *g, int type) { dfa *d; #if 1 d = &g->g_dfa[type - NT_OFFSET]; assert(d->d_type == type); return d; #else int i; for (i = g->g_ndfas, d = g->g_dfa; --i >= 0; d++) { if (d->d_type == type) return d; } assert(0); #endif }",visit repo url,ast3/Parser/grammar1.c,https://github.com/python/typed_ast,92397420052765,1 1269,[],"bad_argc (token_data *name, int argc, int min, int max) { bool isbad = false; if (min > 0 && argc < min) { if (!suppress_warnings) M4ERROR ((warning_status, 0, ""Warning: too few arguments to builtin `%s'"", TOKEN_DATA_TEXT (name))); isbad = true; } else if (max > 0 && argc > max && !suppress_warnings) M4ERROR ((warning_status, 0, ""Warning: excess arguments to builtin `%s' ignored"", TOKEN_DATA_TEXT (name))); return isbad; }",m4,,,306143719751827250952047518638361244558,0 3005,['CWE-189'],"void dump_layeringinfo(jpc_enc_t *enc) { jpc_enc_tcmpt_t *tcmpt; int tcmptno; jpc_enc_rlvl_t *rlvl; int rlvlno; jpc_enc_band_t *band; int bandno; jpc_enc_prc_t *prc; int prcno; jpc_enc_cblk_t *cblk; int cblkno; jpc_enc_pass_t *pass; int passno; int lyrno; jpc_enc_tile_t *tile; tile = enc->curtile; for (lyrno = 0; lyrno < tile->numlyrs; ++lyrno) { jas_eprintf(""lyrno = %02d\n"", lyrno); for (tcmptno = 0, tcmpt = tile->tcmpts; tcmptno < tile->numtcmpts; ++tcmptno, ++tcmpt) { for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls; ++rlvlno, ++rlvl) { if (!rlvl->bands) { continue; } for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; ++bandno, ++band) { if (!band->data) { continue; } for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno, ++prc) { if (!prc->cblks) { continue; } for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks; ++cblkno, ++cblk) { for (passno = 0, pass = cblk->passes; passno < cblk->numpasses && pass->lyrno == lyrno; ++passno, ++pass) { jas_eprintf(""lyrno=%02d cmptno=%02d rlvlno=%02d bandno=%02d prcno=%02d cblkno=%03d passno=%03d\n"", lyrno, tcmptno, rlvlno, bandno, prcno, cblkno, passno); } } } } } } } }",jasper,,,207710997828093007373250327702237866928,0 839,['CWE-119'],"isdn_close(struct inode *ino, struct file *filep) { uint minor = iminor(ino); lock_kernel(); if (minor == ISDN_MINOR_STATUS) { infostruct *p = dev->infochain; infostruct *q = NULL; while (p) { if (p->private == (char *) &(filep->private_data)) { if (q) q->next = p->next; else dev->infochain = (infostruct *) (p->next); kfree(p); goto out; } q = p; p = (infostruct *) (p->next); } printk(KERN_WARNING ""isdn: No private data while closing isdnctrl\n""); goto out; } isdn_unlock_drivers(); if (minor <= ISDN_MINOR_BMAX) goto out; if (minor <= ISDN_MINOR_CTRLMAX) { if (dev->profd == current) dev->profd = NULL; goto out; } #ifdef CONFIG_ISDN_PPP if (minor <= ISDN_MINOR_PPPMAX) isdn_ppp_release(minor - ISDN_MINOR_PPP, filep); #endif out: unlock_kernel(); return 0; }",linux-2.6,,,333432935537688081782703136027712187110,0 3392,CWE-787,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { #define ThrowTIFFException(severity,message) \ { \ if (pixel_info != (MemoryInfo *) NULL) \ pixel_info=RelinquishVirtualMemory(pixel_info); \ if (quantum_info != (QuantumInfo *) NULL) \ quantum_info=DestroyQuantumInfo(quantum_info); \ TIFFClose(tiff); \ ThrowReaderException(severity,message); \ } const char *option; float *chromaticity, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status; MagickBooleanType more_frames, status; MagickSizeType number_pixels; MemoryInfo *pixel_info = (MemoryInfo *) NULL; QuantumInfo *quantum_info; QuantumType quantum_type; register ssize_t i; size_t pad; ssize_t y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag, bits_per_sample, endian, extra_samples, interlace, max_sample_value, min_sample_value, orientation, pages, photometric, *sample_info, sample_format, samples_per_pixel, units, value; uint32 height, rows_per_strip, width; unsigned char *pixels; void *sans[2] = { NULL, NULL }; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info,exception); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } if (exception->severity > ErrorException) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t) TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } more_frames=MagickTrue; do { DisableMSCWarning(4127) if (0 && (image_info->verbose != MagickFalse)) TIFFPrintDirectory(tiff,stdout,MagickFalse); RestoreMSCWarning photometric=PHOTOMETRIC_RGB; if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value,sans) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (((sample_format != SAMPLEFORMAT_IEEEFP) || (bits_per_sample != 64)) && ((bits_per_sample <= 0) || (bits_per_sample > 32))) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""UnsupportedBitsPerPixel""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point"", exception); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black"", exception); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white"", exception); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette"",exception); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB"",exception); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB"",exception); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)"", exception); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV"",exception); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK"",exception); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated"",exception); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR"",exception); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown"",exception); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"", exception)); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb"",exception); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb"",exception); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) SetImageColorspace(image,GRAYColorspace,exception); if (photometric == PHOTOMETRIC_SEPARATED) SetImageColorspace(image,CMYKColorspace,exception); if (photometric == PHOTOMETRIC_CIELAB) SetImageColorspace(image,LabColorspace,exception); status=TIFFGetProfiles(tiff,image,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } status=TIFFGetProperties(tiff,image,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } option=GetImageOption(image_info,""tiff:exif-properties""); if (IsStringFalse(option) == MagickFalse) TIFFGetEXIFProperties(tiff,image,exception); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution,sans) == 1)) { image->resolution.x=x_resolution; image->resolution.y=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units,sans) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1)) { image->page.x=(ssize_t) ceil(x_position*image->resolution.x-0.5); image->page.y=(ssize_t) ceil(y_position*image->resolution.y-0.5); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MagickPathExtent]; uint16 horizontal, vertical; tiff_status=TIFFGetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,&horizontal, &vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MagickPathExtent, ""%dx%d"",horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor,exception); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; #if defined(COMPRESSION_WEBP) case COMPRESSION_WEBP: image->compression=WebPCompression; break; #endif #if defined(COMPRESSION_ZSTD) case COMPRESSION_ZSTD: image->compression=ZstdCompression; break; #endif default: image->compression=RLECompression; break; } quantum_info=(QuantumInfo *) NULL; if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors,exception) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } value=(unsigned short) image->scene; if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages,sans) == 1) image->scene=value; if (image->storage_class == PseudoClass) { size_t range; uint16 *blue_colormap, *green_colormap, *red_colormap; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } status=ResetImagePixels(image,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info,sans); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified"",exception); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->alpha_trait=BlendPixelTrait; } else for (i=0; i < extra_samples; i++) { image->alpha_trait=BlendPixelTrait; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated"", exception); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""unassociated"", exception); } } } if (image->alpha_trait != UndefinedPixelTrait) (void) SetImageAlphaChannel(image,OpaqueAlphaChannel,exception); method=ReadGenericMethod; rows_per_strip=(uint32) image->rows; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char buffer[MagickPathExtent]; (void) FormatLocaleString(buffer,MagickPathExtent,""%u"", (unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",buffer,exception); method=ReadStripMethod; if (rows_per_strip > (uint32) image->rows) rows_per_strip=(uint32) image->rows; } if (TIFFIsTiled(tiff) != MagickFalse) method=ReadTileMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); if (photometric == PHOTOMETRIC_LOGLUV) method=ReadGenericMethod; quantum_info->endian=LSBEndian; quantum_type=RGBQuantum; if (TIFFScanlineSize(tiff) <= 0) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if ((1.0*TIFFScanlineSize(tiff)) > (2.1*GetBlobSize(image))) ThrowTIFFException(CorruptImageError,""InsufficientImageDataInFile""); number_pixels=MagickMax(TIFFScanlineSize(tiff),MagickMax((ssize_t) image->columns*samples_per_pixel*pow(2.0,ceil(log(bits_per_sample)/ log(2.0))),image->columns*rows_per_strip)); pixel_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); (void) memset(pixels,0,number_pixels*sizeof(uint32)); quantum_type=IndexQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel-1,0); if (image->alpha_trait != UndefinedPixelTrait) { if (image->storage_class == PseudoClass) quantum_type=IndexAlphaQuantum; else quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; } else if (image->storage_class != PseudoClass) quantum_type=GrayQuantum; if ((samples_per_pixel > 2) && (interlace != PLANARCONFIG_SEPARATE)) { pad=(size_t) MagickMax((size_t) samples_per_pixel-3,0); quantum_type=RGBQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); } if (image->colorspace == CMYKColorspace) { pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); quantum_type=CMYKQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); } switch (method) { case ReadYCCKMethod: { for (y=0; y < (ssize_t) image->rows; y++) { register Quantum *magick_restrict q; register ssize_t x; unsigned char *p; tiff_status=TIFFReadPixels(tiff,0,y,(char *) pixels); if (tiff_status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456)),q); SetPixelMagenta(image,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984)),q); SetPixelYellow(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816)),q); SetPixelBlack(image,ScaleCharToQuantum((unsigned char) *(p+3)),q); q+=GetPixelChannels(image); p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { register unsigned char *p; size_t extent; ssize_t stride, strip_id; tsize_t strip_size; unsigned char *strip_pixels; extent=TIFFStripSize(tiff)+sizeof(uint32); if (photometric == PHOTOMETRIC_YCBCR) extent<<=1; strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*strip_pixels)); if (strip_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); stride=TIFFVStripSize(tiff,1); strip_id=0; p=strip_pixels; for (i=0; i < (ssize_t) samples_per_pixel; i++) { size_t rows_remaining; switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; } rows_remaining=0; for (y=0; y < (ssize_t) image->rows; y++) { register Quantum *magick_restrict q; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; if (rows_remaining == 0) { strip_size=TIFFReadEncodedStrip(tiff,strip_id,strip_pixels, TIFFStripSize(tiff)); if (strip_size == -1) break; rows_remaining=rows_per_strip; if ((y+rows_per_strip) > image->rows) rows_remaining=(rows_per_strip-(y+rows_per_strip- image->rows)); p=strip_pixels; strip_id++; } (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=stride; rows_remaining--; if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } strip_pixels=(unsigned char *) RelinquishMagickMemory(strip_pixels); break; } case ReadTileMethod: { register unsigned char *p; size_t extent; uint32 columns, rows; unsigned char *tile_pixels; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); if ((AcquireMagickResource(WidthResource,columns) == MagickFalse) || (AcquireMagickResource(HeightResource,rows) == MagickFalse)) ThrowTIFFException(ImageError,""WidthOrHeightExceedsLimit""); number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); extent=TIFFTileSize(tiff)+sizeof(uint32); tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*tile_pixels)); if (tile_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(tile_pixels,0,TIFFTileSize(tiff)*sizeof(*tile_pixels)); for (i=0; i < (ssize_t) samples_per_pixel; i++) { switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; } for (y=0; y < (ssize_t) image->rows; y+=rows) { register ssize_t x; size_t rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t columns_remaining, row; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; if (TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y,0,i) == 0) break; p=tile_pixels; for (row=0; row < rows_remaining; row++) { register Quantum *magick_restrict q; q=GetAuthenticPixels(image,x,y+row,columns_remaining,1, exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=TIFFTileRowSize(tiff); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } tile_pixels=(unsigned char *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *generic_info = (MemoryInfo * ) NULL; register uint32 *p; uint32 *pixels; if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=(MagickSizeType) image->columns*image->rows; generic_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (generic_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(uint32 *) GetVirtualMemoryBlob(generic_info); (void) TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32) image->rows,(uint32 *) pixels,0); p=pixels+number_pixels-1; for (y=0; y < (ssize_t) image->rows; y++) { register ssize_t x; register Quantum *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; q+=GetPixelChannels(image)*(image->columns-1); for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) TIFFGetA(*p)),q); p--; q-=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } generic_info=RelinquishVirtualMemory(generic_info); break; } } pixel_info=RelinquishVirtualMemory(pixel_info); SetQuantumImageType(image,quantum_type); next_tiff_frame: if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; more_frames=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (more_frames != MagickFalse) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { status=MagickFalse; break; } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while ((status != MagickFalse) && (more_frames != MagickFalse)); TIFFClose(tiff); TIFFReadPhotoshopLayers(image_info,image,exception); if ((image_info->number_scenes != 0) && (image_info->scene >= GetImageListLength(image))) status=MagickFalse; if (status == MagickFalse) return(DestroyImageList(image)); return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,125690627851571,1 2939,['CWE-189'],"static int jpc_dec_cp_setfromqcc(jpc_dec_cp_t *cp, jpc_qcc_t *qcc) { return jpc_dec_cp_setfromqcx(cp, &cp->ccps[qcc->compno], &qcc->compparms, JPC_QCC); }",jasper,,,29863001950920026510310940484162876101,0 3932,CWE-787,"do_addsub( int op_type, pos_T *pos, int length, linenr_T Prenum1) { int col; char_u *buf1; char_u buf2[NUMBUFLEN]; int pre; static int hexupper = FALSE; uvarnumber_T n; uvarnumber_T oldn; char_u *ptr; int c; int todel; int do_hex; int do_oct; int do_bin; int do_alpha; int do_unsigned; int firstdigit; int subtract; int negative = FALSE; int was_positive = TRUE; int visual = VIsual_active; int did_change = FALSE; pos_T save_cursor = curwin->w_cursor; int maxlen = 0; pos_T startpos; pos_T endpos; colnr_T save_coladd = 0; do_hex = (vim_strchr(curbuf->b_p_nf, 'x') != NULL); do_oct = (vim_strchr(curbuf->b_p_nf, 'o') != NULL); do_bin = (vim_strchr(curbuf->b_p_nf, 'b') != NULL); do_alpha = (vim_strchr(curbuf->b_p_nf, 'p') != NULL); do_unsigned = (vim_strchr(curbuf->b_p_nf, 'u') != NULL); if (virtual_active()) { save_coladd = pos->coladd; pos->coladd = 0; } curwin->w_cursor = *pos; ptr = ml_get(pos->lnum); col = pos->col; if (*ptr == NUL || col + !!save_coladd >= (int)STRLEN(ptr)) goto theend; if (!VIsual_active) { if (do_bin) while (col > 0 && vim_isbdigit(ptr[col])) { --col; if (has_mbyte) col -= (*mb_head_off)(ptr, ptr + col); } if (do_hex) while (col > 0 && vim_isxdigit(ptr[col])) { --col; if (has_mbyte) col -= (*mb_head_off)(ptr, ptr + col); } if ( do_bin && do_hex && ! ((col > 0 && (ptr[col] == 'X' || ptr[col] == 'x') && ptr[col - 1] == '0' && (!has_mbyte || !(*mb_head_off)(ptr, ptr + col - 1)) && vim_isxdigit(ptr[col + 1])))) { col = pos->col; while (col > 0 && vim_isdigit(ptr[col])) { col--; if (has_mbyte) col -= (*mb_head_off)(ptr, ptr + col); } } if (( do_hex && col > 0 && (ptr[col] == 'X' || ptr[col] == 'x') && ptr[col - 1] == '0' && (!has_mbyte || !(*mb_head_off)(ptr, ptr + col - 1)) && vim_isxdigit(ptr[col + 1])) || ( do_bin && col > 0 && (ptr[col] == 'B' || ptr[col] == 'b') && ptr[col - 1] == '0' && (!has_mbyte || !(*mb_head_off)(ptr, ptr + col - 1)) && vim_isbdigit(ptr[col + 1]))) { --col; if (has_mbyte) col -= (*mb_head_off)(ptr, ptr + col); } else { col = pos->col; while (ptr[col] != NUL && !vim_isdigit(ptr[col]) && !(do_alpha && ASCII_ISALPHA(ptr[col]))) col += mb_ptr2len(ptr + col); while (col > 0 && vim_isdigit(ptr[col - 1]) && !(do_alpha && ASCII_ISALPHA(ptr[col]))) { --col; if (has_mbyte) col -= (*mb_head_off)(ptr, ptr + col); } } } if (visual) { while (ptr[col] != NUL && length > 0 && !vim_isdigit(ptr[col]) && !(do_alpha && ASCII_ISALPHA(ptr[col]))) { int mb_len = mb_ptr2len(ptr + col); col += mb_len; length -= mb_len; } if (length == 0) goto theend; if (col > pos->col && ptr[col - 1] == '-' && (!has_mbyte || !(*mb_head_off)(ptr, ptr + col - 1)) && !do_unsigned) { negative = TRUE; was_positive = FALSE; } } firstdigit = ptr[col]; if (!VIM_ISDIGIT(firstdigit) && !(do_alpha && ASCII_ISALPHA(firstdigit))) { beep_flush(); goto theend; } if (do_alpha && ASCII_ISALPHA(firstdigit)) { if (op_type == OP_NR_SUB) { if (CharOrd(firstdigit) < Prenum1) { if (isupper(firstdigit)) firstdigit = 'A'; else firstdigit = 'a'; } else firstdigit -= Prenum1; } else { if (26 - CharOrd(firstdigit) - 1 < Prenum1) { if (isupper(firstdigit)) firstdigit = 'Z'; else firstdigit = 'z'; } else firstdigit += Prenum1; } curwin->w_cursor.col = col; if (!did_change) startpos = curwin->w_cursor; did_change = TRUE; (void)del_char(FALSE); ins_char(firstdigit); endpos = curwin->w_cursor; curwin->w_cursor.col = col; } else { pos_T save_pos; int i; if (col > 0 && ptr[col - 1] == '-' && (!has_mbyte || !(*mb_head_off)(ptr, ptr + col - 1)) && !visual && !do_unsigned) { --col; negative = TRUE; } if (visual && VIsual_mode != 'V') maxlen = (curbuf->b_visual.vi_curswant == MAXCOL ? (int)STRLEN(ptr) - col : length); int overflow = FALSE; vim_str2nr(ptr + col, &pre, &length, 0 + (do_bin ? STR2NR_BIN : 0) + (do_oct ? STR2NR_OCT : 0) + (do_hex ? STR2NR_HEX : 0), NULL, &n, maxlen, FALSE, &overflow); if (pre && negative) { ++col; --length; negative = FALSE; } subtract = FALSE; if (op_type == OP_NR_SUB) subtract ^= TRUE; if (negative) subtract ^= TRUE; oldn = n; if (!overflow) { if (subtract) n -= (uvarnumber_T)Prenum1; else n += (uvarnumber_T)Prenum1; } if (!pre) { if (subtract) { if (n > oldn) { n = 1 + (n ^ (uvarnumber_T)-1); negative ^= TRUE; } } else { if (n < oldn) { n = (n ^ (uvarnumber_T)-1); negative ^= TRUE; } } if (n == 0) negative = FALSE; } if (do_unsigned && negative) { if (subtract) n = (uvarnumber_T)0; else n = (uvarnumber_T)(-1); negative = FALSE; } if (visual && !was_positive && !negative && col > 0) { col--; length++; } curwin->w_cursor.col = col; if (!did_change) startpos = curwin->w_cursor; did_change = TRUE; todel = length; c = gchar_cursor(); if (c == '-') --length; save_pos = curwin->w_cursor; for (i = 0; i < todel; ++i) { if (c < 0x100 && isalpha(c)) { if (isupper(c)) hexupper = TRUE; else hexupper = FALSE; } inc_cursor(); c = gchar_cursor(); } curwin->w_cursor = save_pos; buf1 = alloc(length + NUMBUFLEN); if (buf1 == NULL) goto theend; ptr = buf1; if (negative && (!visual || was_positive)) *ptr++ = '-'; if (pre) { *ptr++ = '0'; --length; } if (pre == 'b' || pre == 'B' || pre == 'x' || pre == 'X') { *ptr++ = pre; --length; } if (pre == 'b' || pre == 'B') { int bit = 0; int bits = sizeof(uvarnumber_T) * 8; for (bit = bits; bit > 0; bit--) if ((n >> (bit - 1)) & 0x1) break; for (i = 0; bit > 0; bit--) buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0'; buf2[i] = '\0'; } else if (pre == 0) vim_snprintf((char *)buf2, NUMBUFLEN, ""%llu"", n); else if (pre == '0') vim_snprintf((char *)buf2, NUMBUFLEN, ""%llo"", n); else if (pre && hexupper) vim_snprintf((char *)buf2, NUMBUFLEN, ""%llX"", n); else vim_snprintf((char *)buf2, NUMBUFLEN, ""%llx"", n); length -= (int)STRLEN(buf2); if (firstdigit == '0' && !(do_oct && pre == 0)) while (length-- > 0) *ptr++ = '0'; *ptr = NUL; STRCAT(buf1, buf2); save_pos = curwin->w_cursor; if (todel > 0) inc_cursor(); ins_str(buf1); vim_free(buf1); if (todel > 0) { int bytes_after = (int)STRLEN(ml_get_curline()) - curwin->w_cursor.col; curwin->w_cursor = save_pos; (void)del_char(FALSE); curwin->w_cursor.col = (colnr_T)(STRLEN(ml_get_curline()) - bytes_after); --todel; } while (todel-- > 0) (void)del_char(FALSE); endpos = curwin->w_cursor; if (did_change && curwin->w_cursor.col) --curwin->w_cursor.col; } if (did_change && (cmdmod.cmod_flags & CMOD_LOCKMARKS) == 0) { curbuf->b_op_start = startpos; curbuf->b_op_end = endpos; if (curbuf->b_op_end.col > 0) --curbuf->b_op_end.col; } theend: if (visual) curwin->w_cursor = save_cursor; else if (did_change) curwin->w_set_curswant = TRUE; else if (virtual_active()) curwin->w_cursor.coladd = save_coladd; return did_change; }",visit repo url,src/ops.c,https://github.com/vim/vim,79602342713580,1 3325,[],"static inline struct nlmsghdr *nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq, int type, int payload, int flags) { if (unlikely(skb_tailroom(skb) < nlmsg_total_size(payload))) return NULL; return __nlmsg_put(skb, pid, seq, type, payload, flags); }",linux-2.6,,,114460222438286310085552839817598619595,0 328,['CWE-20'],"int do_syscall_trace(struct pt_regs *regs, int entryexit) { int is_sysemu = test_thread_flag(TIF_SYSCALL_EMU); int is_singlestep = !is_sysemu && test_thread_flag(TIF_SINGLESTEP); int ret = 0; if (!entryexit) secure_computing(regs->orig_eax); if (unlikely(current->audit_context)) { if (entryexit) audit_syscall_exit(AUDITSC_RESULT(regs->eax), regs->eax); else if (is_singlestep) goto out; } if (!(current->ptrace & PT_PTRACED)) goto out; if (is_sysemu && entryexit) return 0; if (is_singlestep) send_sigtrap(current, regs, 0); if (!test_thread_flag(TIF_SYSCALL_TRACE) && !is_sysemu) goto out; ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) ? 0x80:0)); if (current->exit_code) { send_sig(current->exit_code, current, 1); current->exit_code = 0; } ret = is_sysemu; out: if (unlikely(current->audit_context) && !entryexit) audit_syscall_entry(AUDIT_ARCH_I386, regs->orig_eax, regs->ebx, regs->ecx, regs->edx, regs->esi); if (ret == 0) return 0; regs->orig_eax = -1; if (unlikely(current->audit_context)) audit_syscall_exit(AUDITSC_RESULT(regs->eax), regs->eax); return 1; }",linux-2.6,,,30330687404126417438589876380677027741,0 877,['CWE-200'],"shmem_alloc_page(gfp_t gfp,struct shmem_inode_info *info, unsigned long idx) { return alloc_page(gfp); }",linux-2.6,,,56648250613058776725630145394447210615,0 615,CWE-17,"struct file *get_empty_filp(void) { const struct cred *cred = current_cred(); static long old_max; struct file *f; int error; if (get_nr_files() >= files_stat.max_files && !capable(CAP_SYS_ADMIN)) { if (percpu_counter_sum_positive(&nr_files) >= files_stat.max_files) goto over; } f = kmem_cache_zalloc(filp_cachep, GFP_KERNEL); if (unlikely(!f)) return ERR_PTR(-ENOMEM); percpu_counter_inc(&nr_files); f->f_cred = get_cred(cred); error = security_file_alloc(f); if (unlikely(error)) { file_free(f); return ERR_PTR(error); } INIT_LIST_HEAD(&f->f_u.fu_list); atomic_long_set(&f->f_count, 1); rwlock_init(&f->f_owner.lock); spin_lock_init(&f->f_lock); eventpoll_init_file(f); return f; over: if (get_nr_files() > old_max) { pr_info(""VFS: file-max limit %lu reached\n"", get_max_files()); old_max = get_nr_files(); } return ERR_PTR(-ENFILE); }",visit repo url,fs/file_table.c,https://github.com/torvalds/linux,62989753327685,1 4656,CWE-476,"static void naludmx_queue_param_set(GF_NALUDmxCtx *ctx, char *data, u32 size, u32 ps_type, s32 ps_id) { GF_List *list = NULL, *alt_list = NULL; GF_NALUFFParam *sl; u32 i, count; u32 crc = gf_crc_32(data, size); if (ctx->codecid==GF_CODECID_HEVC) { switch (ps_type) { case GF_HEVC_NALU_VID_PARAM: if (!ctx->vps) ctx->vps = gf_list_new(); list = ctx->vps; break; case GF_HEVC_NALU_SEQ_PARAM: list = ctx->sps; break; case GF_HEVC_NALU_PIC_PARAM: list = ctx->pps; break; default: assert(0); return; } } else if (ctx->codecid==GF_CODECID_VVC) { switch (ps_type) { case GF_VVC_NALU_VID_PARAM: if (!ctx->vps) ctx->vps = gf_list_new(); list = ctx->vps; break; case GF_VVC_NALU_SEQ_PARAM: list = ctx->sps; break; case GF_VVC_NALU_PIC_PARAM: list = ctx->pps; break; case GF_VVC_NALU_DEC_PARAM: if (!ctx->vvc_dci) ctx->vvc_dci = gf_list_new(); list = ctx->vvc_dci; break; case GF_VVC_NALU_APS_PREFIX: if (!ctx->vvc_aps_pre) ctx->vvc_aps_pre = gf_list_new(); list = ctx->vvc_aps_pre; break; default: assert(0); return; } } else { switch (ps_type) { case GF_AVC_NALU_SVC_SUBSEQ_PARAM: case GF_AVC_NALU_SEQ_PARAM: list = ctx->sps; break; case GF_AVC_NALU_PIC_PARAM: list = ctx->pps; alt_list = ctx->pps_svc; break; case GF_AVC_NALU_SEQ_PARAM_EXT: if (!ctx->sps_ext) ctx->sps_ext = gf_list_new(); list = ctx->sps_ext; break; default: assert(0); return; } } sl = NULL; count = gf_list_count(list); for (i=0; iid != ps_id) { sl = NULL; continue; } if (sl->crc == crc) return; break; } if (!sl && alt_list) { count = gf_list_count(alt_list); for (i=0; iid != ps_id) { sl = NULL; continue; } if (sl->crc == crc) return; break; } } if (sl) { sl->data = gf_realloc(sl->data, size); memcpy(sl->data, data, size); sl->size = size; sl->crc = crc; ctx->ps_modified = GF_TRUE; return; } GF_SAFEALLOC(sl, GF_NALUFFParam); if (!sl) return; sl->data = gf_malloc(sizeof(char) * size); if (!sl->data) { gf_free(sl); return; } memcpy(sl->data, data, size); sl->size = size; sl->id = ps_id; sl->crc = crc; ctx->ps_modified = GF_TRUE; gf_list_add(list, sl); }",visit repo url,src/filters/reframe_nalu.c,https://github.com/gpac/gpac,212186784928308,1 1090,CWE-399,"static inline void vma_adjust_trans_huge(struct vm_area_struct *vma, unsigned long start, unsigned long end, long adjust_next) { if (!vma->anon_vma || vma->vm_ops || vma->vm_file) return; __vma_adjust_trans_huge(vma, start, end, adjust_next); }",visit repo url,include/linux/huge_mm.h,https://github.com/torvalds/linux,90009454231139,1 3928,CWE-823,"fuzzy_match_recursive( char_u *fuzpat, char_u *str, int_u strIdx, int *outScore, char_u *strBegin, int strLen, int_u *srcMatches, int_u *matches, int maxMatches, int nextMatch, int *recursionCount) { int recursiveMatch = FALSE; int_u bestRecursiveMatches[MAX_FUZZY_MATCHES]; int bestRecursiveScore = 0; int first_match; int matched; ++*recursionCount; if (*recursionCount >= FUZZY_MATCH_RECURSION_LIMIT) return 0; if (*fuzpat == NUL || *str == NUL) return 0; first_match = TRUE; while (*fuzpat != NUL && *str != NUL) { int c1; int c2; c1 = PTR2CHAR(fuzpat); c2 = PTR2CHAR(str); if (vim_tolower(c1) == vim_tolower(c2)) { int_u recursiveMatches[MAX_FUZZY_MATCHES]; int recursiveScore = 0; char_u *next_char; if (nextMatch >= maxMatches) return 0; if (first_match && srcMatches) { memcpy(matches, srcMatches, nextMatch * sizeof(srcMatches[0])); first_match = FALSE; } if (has_mbyte) next_char = str + (*mb_ptr2len)(str); else next_char = str + 1; if (fuzzy_match_recursive(fuzpat, next_char, strIdx + 1, &recursiveScore, strBegin, strLen, matches, recursiveMatches, ARRAY_LENGTH(recursiveMatches), nextMatch, recursionCount)) { if (!recursiveMatch || recursiveScore > bestRecursiveScore) { memcpy(bestRecursiveMatches, recursiveMatches, MAX_FUZZY_MATCHES * sizeof(recursiveMatches[0])); bestRecursiveScore = recursiveScore; } recursiveMatch = TRUE; } matches[nextMatch++] = strIdx; if (has_mbyte) MB_PTR_ADV(fuzpat); else ++fuzpat; } if (has_mbyte) MB_PTR_ADV(str); else ++str; strIdx++; } matched = *fuzpat == NUL ? TRUE : FALSE; if (matched) *outScore = fuzzy_match_compute_score(strBegin, strLen, matches, nextMatch); if (recursiveMatch && (!matched || bestRecursiveScore > *outScore)) { memcpy(matches, bestRecursiveMatches, maxMatches * sizeof(matches[0])); *outScore = bestRecursiveScore; return nextMatch; } else if (matched) return nextMatch; return 0; }",visit repo url,src/search.c,https://github.com/vim/vim,238907776243529,1 2071,[],"void __init udplite4_register(void) { if (proto_register(&udplite_prot, 1)) goto out_register_err; if (inet_add_protocol(&udplite_protocol, IPPROTO_UDPLITE) < 0) goto out_unregister_proto; inet_register_protosw(&udplite4_protosw); #ifdef CONFIG_PROC_FS if (udp_proc_register(&udplite4_seq_afinfo)) printk(KERN_ERR ""%s: Cannot register /proc!\n"", __FUNCTION__); #endif return; out_unregister_proto: proto_unregister(&udplite_prot); out_register_err: printk(KERN_CRIT ""%s: Cannot add UDP-Lite protocol.\n"", __FUNCTION__); }",linux-2.6,,,126170341857771277418382096832753288766,0 1434,[],"static void update_avg(u64 *avg, u64 sample) { s64 diff = sample - *avg; *avg += diff >> 3; }",linux-2.6,,,162488323600736488376570386621285502229,0 5957,['CWE-200'],"static int rsvp_delete(struct tcf_proto *tp, unsigned long arg) { struct rsvp_filter **fp, *f = (struct rsvp_filter*)arg; unsigned h = f->handle; struct rsvp_session **sp; struct rsvp_session *s = f->sess; int i; for (fp = &s->ht[(h>>8)&0xFF]; *fp; fp = &(*fp)->next) { if (*fp == f) { tcf_tree_lock(tp); *fp = f->next; tcf_tree_unlock(tp); rsvp_delete_filter(tp, f); for (i=0; i<=16; i++) if (s->ht[i]) return 0; for (sp = &((struct rsvp_head*)tp->root)->ht[h&0xFF]; *sp; sp = &(*sp)->next) { if (*sp == s) { tcf_tree_lock(tp); *sp = s->next; tcf_tree_unlock(tp); kfree(s); return 0; } } return 0; } } return 0; }",linux-2.6,,,248534755473180593356944083330995360719,0 5244,CWE-125,"int main(int argc, char **argv) { l_int32 w, h; PIX *pixs, *pixg, *pixim, *pixgm, *pixmi, *pix1, *pix2; PIX *pixmr, *pixmg, *pixmb, *pixmri, *pixmgi, *pixmbi; PIXA *pixa; L_REGPARAMS *rp; if (regTestSetup(argc, argv, &rp)) return 1; lept_mkdir(""lept/adapt""); pixs = pixRead(""wet-day.jpg""); pixa = pixaCreate(0); pixg = pixConvertRGBToGray(pixs, 0.33, 0.34, 0.33); pixaAddPix(pixa, pixs, L_INSERT); pixaAddPix(pixa, pixg, L_INSERT); pixGetDimensions(pixs, &w, &h, NULL); startTimer(); pixim = pixCreate(w, h, 1); pixRasterop(pixim, XS, YS, WS, HS, PIX_SET, NULL, 0, 0); pixGetBackgroundGrayMap(pixg, pixim, SIZE_X, SIZE_Y, BINTHRESH, MINCOUNT, &pixgm); fprintf(stderr, ""Time for gray adaptmap gen: %7.3f\n"", stopTimer()); regTestWritePixAndCheck(rp, pixgm, IFF_PNG); pixaAddPix(pixa, pixgm, L_INSERT); startTimer(); pixmi = pixGetInvBackgroundMap(pixgm, BGVAL, SMOOTH_X, SMOOTH_Y); fprintf(stderr, ""Time for gray inv map generation: %7.3f\n"", stopTimer()); regTestWritePixAndCheck(rp, pixmi, IFF_PNG); pixaAddPix(pixa, pixmi, L_INSERT); startTimer(); pix1 = pixApplyInvBackgroundGrayMap(pixg, pixmi, SIZE_X, SIZE_Y); fprintf(stderr, ""Time to apply gray inv map: %7.3f\n"", stopTimer()); regTestWritePixAndCheck(rp, pix1, IFF_JFIF_JPEG); pixaAddPix(pixa, pix1, L_INSERT); pix2 = pixGammaTRCMasked(NULL, pix1, pixim, 1.0, 0, 190); pixInvert(pixim, pixim); pixGammaTRCMasked(pix2, pix2, pixim, 1.0, 60, 190); regTestWritePixAndCheck(rp, pix2, IFF_JFIF_JPEG); pixaAddPix(pixa, pix2, L_INSERT); pixDestroy(&pixim); startTimer(); pixim = pixCreate(w, h, 1); pixRasterop(pixim, XS, YS, WS, HS, PIX_SET, NULL, 0, 0); pixGetBackgroundRGBMap(pixs, pixim, NULL, SIZE_X, SIZE_Y, BINTHRESH, MINCOUNT, &pixmr, &pixmg, &pixmb); fprintf(stderr, ""Time for color adaptmap gen: %7.3f\n"", stopTimer()); regTestWritePixAndCheck(rp, pixmr, IFF_PNG); regTestWritePixAndCheck(rp, pixmg, IFF_PNG); regTestWritePixAndCheck(rp, pixmb, IFF_PNG); pixaAddPix(pixa, pixmr, L_INSERT); pixaAddPix(pixa, pixmg, L_INSERT); pixaAddPix(pixa, pixmb, L_INSERT); startTimer(); pixmri = pixGetInvBackgroundMap(pixmr, BGVAL, SMOOTH_X, SMOOTH_Y); pixmgi = pixGetInvBackgroundMap(pixmg, BGVAL, SMOOTH_X, SMOOTH_Y); pixmbi = pixGetInvBackgroundMap(pixmb, BGVAL, SMOOTH_X, SMOOTH_Y); fprintf(stderr, ""Time for color inv map generation: %7.3f\n"", stopTimer()); regTestWritePixAndCheck(rp, pixmri, IFF_PNG); regTestWritePixAndCheck(rp, pixmgi, IFF_PNG); regTestWritePixAndCheck(rp, pixmbi, IFF_PNG); pixaAddPix(pixa, pixmri, L_INSERT); pixaAddPix(pixa, pixmgi, L_INSERT); pixaAddPix(pixa, pixmbi, L_INSERT); startTimer(); pix1 = pixApplyInvBackgroundRGBMap(pixs, pixmri, pixmgi, pixmbi, SIZE_X, SIZE_Y); fprintf(stderr, ""Time to apply color inv maps: %7.3f\n"", stopTimer()); regTestWritePixAndCheck(rp, pix1, IFF_JFIF_JPEG); pixaAddPix(pixa, pix1, L_INSERT); pix2 = pixGammaTRCMasked(NULL, pix1, pixim, 1.0, 0, 190); pixInvert(pixim, pixim); pixGammaTRCMasked(pix2, pix2, pixim, 1.0, 60, 190); regTestWritePixAndCheck(rp, pix2, IFF_JFIF_JPEG); pixaAddPix(pixa, pix2, L_INSERT); pixDestroy(&pixim); startTimer(); pixim = pixCreate(w, h, 1); pixRasterop(pixim, XS, YS, WS, HS, PIX_SET, NULL, 0, 0); pix1 = pixBackgroundNorm(pixs, pixim, NULL, 5, 10, BINTHRESH, 20, BGVAL, SMOOTH_X, SMOOTH_Y); fprintf(stderr, ""Time for bg normalization: %7.3f\n"", stopTimer()); regTestWritePixAndCheck(rp, pix1, IFF_JFIF_JPEG); pixaAddPix(pixa, pix1, L_INSERT); pix2 = pixGammaTRCMasked(NULL, pix1, pixim, 1.0, 0, 190); pixInvert(pixim, pixim); pixGammaTRCMasked(pix2, pix2, pixim, 1.0, 60, 190); regTestWritePixAndCheck(rp, pix2, IFF_JFIF_JPEG); pixaAddPix(pixa, pix2, L_INSERT); pixDestroy(&pixim); pix1 = pixaDisplayTiledAndScaled(pixa, 32, 400, 4, 0, 20, 2); pixWrite(""/tmp/lept/adapt/results.jpg"", pix1, IFF_JFIF_JPEG); pixDisplayWithTitle(pix1, 100, 0, NULL, rp->display); pixDestroy(&pix1); pixaDestroy(&pixa); return regTestCleanup(rp); }",visit repo url,prog/adaptmap_reg.c,https://github.com/DanBloomberg/leptonica,17785122018838,1 4850,['CWE-189'],"static int ecryptfs_copy_filename(char **copied_name, size_t *copied_name_size, const char *name, size_t name_size) { int rc = 0; (*copied_name) = kmalloc((name_size + 1), GFP_KERNEL); if (!(*copied_name)) { rc = -ENOMEM; goto out; } memcpy((void *)(*copied_name), (void *)name, name_size); (*copied_name)[(name_size)] = '\0'; (*copied_name_size) = name_size; out: return rc; }",linux-2.6,,,164020293538235811798603430604465409380,0 6605,['CWE-200'],"static GtkWidget *nma_context_menu_create (NMApplet *applet) { GtkMenuShell *menu; GtkWidget *menu_item; GtkWidget *image; guint id; g_return_val_if_fail (applet != NULL, NULL); menu = GTK_MENU_SHELL (gtk_menu_new ()); applet->networking_enabled_item = gtk_check_menu_item_new_with_mnemonic (_(""Enable _Networking"")); id = g_signal_connect (applet->networking_enabled_item, ""toggled"", G_CALLBACK (nma_set_networking_enabled_cb), applet); applet->networking_enabled_toggled_id = id; gtk_menu_shell_append (menu, applet->networking_enabled_item); applet->wifi_enabled_item = gtk_check_menu_item_new_with_mnemonic (_(""Enable _Wireless"")); id = g_signal_connect (applet->wifi_enabled_item, ""toggled"", G_CALLBACK (nma_set_wireless_enabled_cb), applet); applet->wifi_enabled_toggled_id = id; gtk_menu_shell_append (menu, applet->wifi_enabled_item); nma_menu_add_separator_item (GTK_WIDGET (menu)); applet->notifications_enabled_item = gtk_check_menu_item_new_with_mnemonic (_(""Enable N_otifications"")); id = g_signal_connect (applet->notifications_enabled_item, ""toggled"", G_CALLBACK (nma_set_notifications_enabled_cb), applet); applet->notifications_enabled_toggled_id = id; gtk_menu_shell_append (menu, applet->notifications_enabled_item); nma_menu_add_separator_item (GTK_WIDGET (menu)); applet->info_menu_item = gtk_image_menu_item_new_with_mnemonic (_(""Connection _Information"")); g_signal_connect_swapped (applet->info_menu_item, ""activate"", G_CALLBACK (applet_connection_info_cb), applet); image = gtk_image_new_from_stock (GTK_STOCK_INFO, GTK_ICON_SIZE_MENU); gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (applet->info_menu_item), image); gtk_menu_shell_append (menu, applet->info_menu_item); applet->connections_menu_item = gtk_image_menu_item_new_with_mnemonic (_(""Edit Connections..."")); g_signal_connect (applet->connections_menu_item, ""activate"", G_CALLBACK (nma_edit_connections_cb), applet); image = gtk_image_new_from_stock (GTK_STOCK_EDIT, GTK_ICON_SIZE_MENU); gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (applet->connections_menu_item), image); gtk_menu_shell_append (menu, applet->connections_menu_item); nma_menu_add_separator_item (GTK_WIDGET (menu)); #if 0 menu_item = gtk_image_menu_item_new_with_mnemonic (_(""_Help"")); g_signal_connect (menu_item, ""activate"", G_CALLBACK (nma_help_cb), applet); image = gtk_image_new_from_stock (GTK_STOCK_HELP, GTK_ICON_SIZE_MENU); gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (menu_item), image); gtk_menu_shell_append (menu, menu_item); gtk_widget_set_sensitive (menu_item, FALSE); #endif menu_item = gtk_image_menu_item_new_with_mnemonic (_(""_About"")); g_signal_connect_swapped (menu_item, ""activate"", G_CALLBACK (applet_about_dialog_show), applet); image = gtk_image_new_from_stock (GTK_STOCK_ABOUT, GTK_ICON_SIZE_MENU); gtk_image_menu_item_set_image (GTK_IMAGE_MENU_ITEM (menu_item), image); gtk_menu_shell_append (menu, menu_item); gtk_widget_show_all (GTK_WIDGET (menu)); return GTK_WIDGET (menu); }",network-manager-applet,,,239101853119470477800881277831459680496,0 1641,CWE-362,"static long ext4_zero_range(struct file *file, loff_t offset, loff_t len, int mode) { struct inode *inode = file_inode(file); handle_t *handle = NULL; unsigned int max_blocks; loff_t new_size = 0; int ret = 0; int flags; int credits; int partial_begin, partial_end; loff_t start, end; ext4_lblk_t lblk; struct address_space *mapping = inode->i_mapping; unsigned int blkbits = inode->i_blkbits; trace_ext4_zero_range(inode, offset, len, mode); if (!S_ISREG(inode->i_mode)) return -EINVAL; if (ext4_should_journal_data(inode)) { ret = ext4_force_commit(inode->i_sb); if (ret) return ret; } if (mapping->nrpages && mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) { ret = filemap_write_and_wait_range(mapping, offset, offset + len - 1); if (ret) return ret; } start = round_up(offset, 1 << blkbits); end = round_down((offset + len), 1 << blkbits); if (start < offset || end > offset + len) return -EINVAL; partial_begin = offset & ((1 << blkbits) - 1); partial_end = (offset + len) & ((1 << blkbits) - 1); lblk = start >> blkbits; max_blocks = (end >> blkbits); if (max_blocks < lblk) max_blocks = 0; else max_blocks -= lblk; mutex_lock(&inode->i_mutex); if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) { ret = -EOPNOTSUPP; goto out_mutex; } if (!(mode & FALLOC_FL_KEEP_SIZE) && offset + len > i_size_read(inode)) { new_size = offset + len; ret = inode_newsize_ok(inode, new_size); if (ret) goto out_mutex; } flags = EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT; if (mode & FALLOC_FL_KEEP_SIZE) flags |= EXT4_GET_BLOCKS_KEEP_SIZE; if (partial_begin || partial_end) { ret = ext4_alloc_file_blocks(file, round_down(offset, 1 << blkbits) >> blkbits, (round_up((offset + len), 1 << blkbits) - round_down(offset, 1 << blkbits)) >> blkbits, new_size, flags, mode); if (ret) goto out_mutex; } if (max_blocks > 0) { flags |= (EXT4_GET_BLOCKS_CONVERT_UNWRITTEN | EXT4_EX_NOCACHE); truncate_pagecache_range(inode, start, end - 1); inode->i_mtime = inode->i_ctime = ext4_current_time(inode); ext4_inode_block_unlocked_dio(inode); inode_dio_wait(inode); ret = ext4_alloc_file_blocks(file, lblk, max_blocks, new_size, flags, mode); if (ret) goto out_dio; } if (!partial_begin && !partial_end) goto out_dio; credits = (2 * ext4_ext_index_trans_blocks(inode, 2)) + 1; if (ext4_should_journal_data(inode)) credits += 2; handle = ext4_journal_start(inode, EXT4_HT_MISC, credits); if (IS_ERR(handle)) { ret = PTR_ERR(handle); ext4_std_error(inode->i_sb, ret); goto out_dio; } inode->i_mtime = inode->i_ctime = ext4_current_time(inode); if (new_size) { ext4_update_inode_size(inode, new_size); } else { if ((offset + len) > i_size_read(inode)) ext4_set_inode_flag(inode, EXT4_INODE_EOFBLOCKS); } ext4_mark_inode_dirty(handle, inode); ret = ext4_zero_partial_blocks(handle, inode, offset, len); if (file->f_flags & O_SYNC) ext4_handle_sync(handle); ext4_journal_stop(handle); out_dio: ext4_inode_resume_unlocked_dio(inode); out_mutex: mutex_unlock(&inode->i_mutex); return ret; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,140788411813346,1 3329,[],"static inline int nla_type(const struct nlattr *nla) { return nla->nla_type & NLA_TYPE_MASK; }",linux-2.6,,,226581260445602980370878032411214811514,0 6038,CWE-203,"ldbm_config_search_entry_callback(Slapi_PBlock *pb __attribute__((unused)), Slapi_Entry *e, Slapi_Entry *entryAfter __attribute__((unused)), int *returncode, char *returntext, void *arg) { char buf[BUFSIZ]; struct berval *vals[2]; struct berval val; struct ldbminfo *li = (struct ldbminfo *)arg; config_info *config; int scope; vals[0] = &val; vals[1] = NULL; returntext[0] = '\0'; PR_Lock(li->li_config_mutex); if (pb) { slapi_pblock_get(pb, SLAPI_SEARCH_SCOPE, &scope); if (scope == LDAP_SCOPE_BASE) { char **attrs = NULL; slapi_pblock_get(pb, SLAPI_SEARCH_ATTRS, &attrs); if (attrs) { for (size_t i = 0; attrs[i]; i++) { if (ldbm_config_moved_attr(attrs[i])) { slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, ""at least one required attribute has been moved to the BDB scecific configuration entry""); break; } } } } } for (config = ldbm_config; config->config_name != NULL; config++) { if (!(config->config_flags & (CONFIG_FLAG_ALWAYS_SHOW | CONFIG_FLAG_PREVIOUSLY_SET))) { continue; } ldbm_config_get((void *)li, config, buf); val.bv_val = buf; val.bv_len = strlen(buf); slapi_entry_attr_replace(e, config->config_name, vals); } PR_Unlock(li->li_config_mutex); *returncode = LDAP_SUCCESS; return SLAPI_DSE_CALLBACK_OK; }",visit repo url,ldap/servers/slapd/back-ldbm/ldbm_config.c,https://github.com/389ds/389-ds-base,265495378622115,1 6604,['CWE-200'],"applet_connection_info_cb (NMApplet *applet) { applet_info_dialog_show (applet); }",network-manager-applet,,,72313842656941520257519547654605110956,0 401,[],"pfm_exit_smpl_buffer(pfm_buffer_fmt_t *fmt) { if (fmt == NULL) return; pfm_buf_fmt_exit(fmt, current, NULL, NULL); }",linux-2.6,,,19978477165198008040063065400489081834,0 2674,[],"SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t msg_len) { struct sctp_sock *sp; struct sctp_endpoint *ep; struct sctp_association *new_asoc=NULL, *asoc=NULL; struct sctp_transport *transport, *chunk_tp; struct sctp_chunk *chunk; union sctp_addr to; struct sockaddr *msg_name = NULL; struct sctp_sndrcvinfo default_sinfo = { 0 }; struct sctp_sndrcvinfo *sinfo; struct sctp_initmsg *sinit; sctp_assoc_t associd = 0; sctp_cmsgs_t cmsgs = { NULL }; int err; sctp_scope_t scope; long timeo; __u16 sinfo_flags = 0; struct sctp_datamsg *datamsg; int msg_flags = msg->msg_flags; SCTP_DEBUG_PRINTK(""sctp_sendmsg(sk: %p, msg: %p, msg_len: %zu)\n"", sk, msg, msg_len); err = 0; sp = sctp_sk(sk); ep = sp->ep; SCTP_DEBUG_PRINTK(""Using endpoint: %p.\n"", ep); if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) { err = -EPIPE; goto out_nounlock; } err = sctp_msghdr_parse(msg, &cmsgs); if (err) { SCTP_DEBUG_PRINTK(""msghdr parse err = %x\n"", err); goto out_nounlock; } if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) { int msg_namelen = msg->msg_namelen; err = sctp_verify_addr(sk, (union sctp_addr *)msg->msg_name, msg_namelen); if (err) return err; if (msg_namelen > sizeof(to)) msg_namelen = sizeof(to); memcpy(&to, msg->msg_name, msg_namelen); msg_name = msg->msg_name; } sinfo = cmsgs.info; sinit = cmsgs.init; if (sinfo) { sinfo_flags = sinfo->sinfo_flags; associd = sinfo->sinfo_assoc_id; } SCTP_DEBUG_PRINTK(""msg_len: %zu, sinfo_flags: 0x%x\n"", msg_len, sinfo_flags); if (sctp_style(sk, TCP) && (sinfo_flags & (SCTP_EOF | SCTP_ABORT))) { err = -EINVAL; goto out_nounlock; } if (((sinfo_flags & SCTP_EOF) && (msg_len > 0)) || (!(sinfo_flags & (SCTP_EOF|SCTP_ABORT)) && (msg_len == 0))) { err = -EINVAL; goto out_nounlock; } if ((sinfo_flags & SCTP_ADDR_OVER) && (!msg->msg_name)) { err = -EINVAL; goto out_nounlock; } transport = NULL; SCTP_DEBUG_PRINTK(""About to look up association.\n""); sctp_lock_sock(sk); if (msg_name) { asoc = sctp_endpoint_lookup_assoc(ep, &to, &transport); if (!asoc) { if ((sctp_style(sk, TCP) && sctp_sstate(sk, ESTABLISHED)) || sctp_endpoint_is_peeled_off(ep, &to)) { err = -EADDRNOTAVAIL; goto out_unlock; } } } else { asoc = sctp_id2assoc(sk, associd); if (!asoc) { err = -EPIPE; goto out_unlock; } } if (asoc) { SCTP_DEBUG_PRINTK(""Just looked up association: %p.\n"", asoc); if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP)) { err = -EPIPE; goto out_unlock; } if (sinfo_flags & SCTP_EOF) { SCTP_DEBUG_PRINTK(""Shutting down association: %p\n"", asoc); sctp_primitive_SHUTDOWN(asoc, NULL); err = 0; goto out_unlock; } if (sinfo_flags & SCTP_ABORT) { chunk = sctp_make_abort_user(asoc, msg, msg_len); if (!chunk) { err = -ENOMEM; goto out_unlock; } SCTP_DEBUG_PRINTK(""Aborting association: %p\n"", asoc); sctp_primitive_ABORT(asoc, chunk); err = 0; goto out_unlock; } } if (!asoc) { SCTP_DEBUG_PRINTK(""There is no association yet.\n""); if (sinfo_flags & (SCTP_EOF | SCTP_ABORT)) { err = -EINVAL; goto out_unlock; } if (sinfo) { if (!sinit || (sinit && !sinit->sinit_num_ostreams)) { if (sinfo->sinfo_stream >= sp->initmsg.sinit_num_ostreams) { err = -EINVAL; goto out_unlock; } } else { if (sinfo->sinfo_stream >= sinit->sinit_num_ostreams) { err = -EINVAL; goto out_unlock; } } } if (!ep->base.bind_addr.port) { if (sctp_autobind(sk)) { err = -EAGAIN; goto out_unlock; } } else { if (ep->base.bind_addr.port < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE)) { err = -EACCES; goto out_unlock; } } scope = sctp_scope(&to); new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL); if (!new_asoc) { err = -ENOMEM; goto out_unlock; } asoc = new_asoc; if (sinit) { if (sinit->sinit_num_ostreams) { asoc->c.sinit_num_ostreams = sinit->sinit_num_ostreams; } if (sinit->sinit_max_instreams) { asoc->c.sinit_max_instreams = sinit->sinit_max_instreams; } if (sinit->sinit_max_attempts) { asoc->max_init_attempts = sinit->sinit_max_attempts; } if (sinit->sinit_max_init_timeo) { asoc->max_init_timeo = msecs_to_jiffies(sinit->sinit_max_init_timeo); } } transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL, SCTP_UNKNOWN); if (!transport) { err = -ENOMEM; goto out_free; } err = sctp_assoc_set_bind_addr_from_ep(asoc, GFP_KERNEL); if (err < 0) { err = -ENOMEM; goto out_free; } } SCTP_DEBUG_PRINTK(""We have a valid association.\n""); if (!sinfo) { default_sinfo.sinfo_stream = asoc->default_stream; default_sinfo.sinfo_flags = asoc->default_flags; default_sinfo.sinfo_ppid = asoc->default_ppid; default_sinfo.sinfo_context = asoc->default_context; default_sinfo.sinfo_timetolive = asoc->default_timetolive; default_sinfo.sinfo_assoc_id = sctp_assoc2id(asoc); sinfo = &default_sinfo; } if (msg_len > sk->sk_sndbuf) { err = -EMSGSIZE; goto out_free; } if (asoc->pmtu_pending) sctp_assoc_pending_pmtu(asoc); if (sctp_sk(sk)->disable_fragments && (msg_len > asoc->frag_point)) { err = -EMSGSIZE; goto out_free; } if (sinfo) { if (sinfo->sinfo_stream >= asoc->c.sinit_num_ostreams) { err = -EINVAL; goto out_free; } } timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); if (!sctp_wspace(asoc)) { err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len); if (err) goto out_free; } if ((sctp_style(sk, TCP) && msg_name) || (sinfo_flags & SCTP_ADDR_OVER)) { chunk_tp = sctp_assoc_lookup_paddr(asoc, &to); if (!chunk_tp) { err = -EINVAL; goto out_free; } } else chunk_tp = NULL; if (sctp_state(asoc, CLOSED)) { err = sctp_primitive_ASSOCIATE(asoc, NULL); if (err < 0) goto out_free; SCTP_DEBUG_PRINTK(""We associated primitively.\n""); } datamsg = sctp_datamsg_from_user(asoc, sinfo, msg, msg_len); if (!datamsg) { err = -ENOMEM; goto out_free; } list_for_each_entry(chunk, &datamsg->chunks, frag_list) { sctp_chunk_hold(chunk); sctp_set_owner_w(chunk); chunk->transport = chunk_tp; err = sctp_primitive_SEND(asoc, chunk); if (err) sctp_chunk_free(chunk); SCTP_DEBUG_PRINTK(""We sent primitively.\n""); } sctp_datamsg_put(datamsg); if (err) goto out_free; else err = msg_len; goto out_unlock; out_free: if (new_asoc) sctp_association_free(asoc); out_unlock: sctp_release_sock(sk); out_nounlock: return sctp_error(sk, msg_flags, err); #if 0 do_sock_err: if (msg_len) err = msg_len; else err = sock_error(sk); goto out; do_interrupted: if (msg_len) err = msg_len; goto out; #endif }",linux-2.6,,,155301313661009241349119287530273794220,0 5897,['CWE-200'],"static struct sock *nr_find_socket(unsigned char index, unsigned char id) { struct sock *s; struct hlist_node *node; spin_lock_bh(&nr_list_lock); sk_for_each(s, node, &nr_list) { struct nr_sock *nr = nr_sk(s); if (nr->my_index == index && nr->my_id == id) { bh_lock_sock(s); goto found; } } s = NULL; found: spin_unlock_bh(&nr_list_lock); return s; }",linux-2.6,,,163018613188363056897878212863899032519,0 1942,CWE-401,"predicate_parse(const char *str, int nr_parens, int nr_preds, parse_pred_fn parse_pred, void *data, struct filter_parse_error *pe) { struct prog_entry *prog_stack; struct prog_entry *prog; const char *ptr = str; char *inverts = NULL; int *op_stack; int *top; int invert = 0; int ret = -ENOMEM; int len; int N = 0; int i; nr_preds += 2; op_stack = kmalloc_array(nr_parens, sizeof(*op_stack), GFP_KERNEL); if (!op_stack) return ERR_PTR(-ENOMEM); prog_stack = kcalloc(nr_preds, sizeof(*prog_stack), GFP_KERNEL); if (!prog_stack) { parse_error(pe, -ENOMEM, 0); goto out_free; } inverts = kmalloc_array(nr_preds, sizeof(*inverts), GFP_KERNEL); if (!inverts) { parse_error(pe, -ENOMEM, 0); goto out_free; } top = op_stack; prog = prog_stack; *top = 0; while (*ptr) { const char *next = ptr++; if (isspace(*next)) continue; switch (*next) { case '(': if (top - op_stack > nr_parens) return ERR_PTR(-EINVAL); *(++top) = invert; continue; case '!': if (!is_not(next)) break; invert = !invert; continue; } if (N >= nr_preds) { parse_error(pe, FILT_ERR_TOO_MANY_PREDS, next - str); goto out_free; } inverts[N] = invert; prog[N].target = N-1; len = parse_pred(next, data, ptr - str, pe, &prog[N].pred); if (len < 0) { ret = len; goto out_free; } ptr = next + len; N++; ret = -1; while (1) { next = ptr++; if (isspace(*next)) continue; switch (*next) { case ')': case '\0': break; case '&': case '|': if (next[1] == next[0]) { ptr++; break; } default: parse_error(pe, FILT_ERR_TOO_MANY_PREDS, next - str); goto out_free; } invert = *top & INVERT; if (*top & PROCESS_AND) { update_preds(prog, N - 1, invert); *top &= ~PROCESS_AND; } if (*next == '&') { *top |= PROCESS_AND; break; } if (*top & PROCESS_OR) { update_preds(prog, N - 1, !invert); *top &= ~PROCESS_OR; } if (*next == '|') { *top |= PROCESS_OR; break; } if (!*next) goto out; if (top == op_stack) { ret = -1; parse_error(pe, FILT_ERR_TOO_MANY_CLOSE, ptr - str); goto out_free; } top--; } } out: if (top != op_stack) { parse_error(pe, FILT_ERR_TOO_MANY_OPEN, ptr - str); goto out_free; } if (!N) { ret = -EINVAL; parse_error(pe, FILT_ERR_NO_FILTER, ptr - str); goto out_free; } prog[N].pred = NULL; prog[N].target = 1; prog[N+1].pred = NULL; prog[N+1].target = 0; prog[N-1].target = N; prog[N-1].when_to_branch = false; for (i = N-1 ; i--; ) { int target = prog[i].target; if (prog[i].when_to_branch == prog[target].when_to_branch) prog[i].target = prog[target].target; } for (i = 0; i < N; i++) { invert = inverts[i] ^ prog[i].when_to_branch; prog[i].when_to_branch = invert; if (WARN_ON(prog[i].target <= i)) { ret = -EINVAL; goto out_free; } } kfree(op_stack); kfree(inverts); return prog; out_free: kfree(op_stack); kfree(inverts); if (prog_stack) { for (i = 0; prog_stack[i].pred; i++) kfree(prog_stack[i].pred); kfree(prog_stack); } return ERR_PTR(ret); }",visit repo url,kernel/trace/trace_events_filter.c,https://github.com/torvalds/linux,142030152333237,1 2335,CWE-399,"void mono_reflection_destroy_dynamic_method (MonoReflectionDynamicMethod *mb) { g_assert (mb); if (mb->mhandle) mono_runtime_free_method ( mono_object_get_domain ((MonoObject*)mb), mb->mhandle);",visit repo url,mono/metadata/reflection.c,https://github.com/mono/mono,216297395507608,1 3831,[],"int cap_task_setioprio (struct task_struct *p, int ioprio) { return 0; }",linux-2.6,,,51234524216261210563976491815547180859,0 1980,CWE-120,"mt76_add_fragment(struct mt76_dev *dev, struct mt76_queue *q, void *data, int len, bool more) { struct page *page = virt_to_head_page(data); int offset = data - page_address(page); struct sk_buff *skb = q->rx_head; offset += q->buf_offset; skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page, offset, len, q->buf_size); if (more) return; q->rx_head = NULL; dev->drv->rx_skb(dev, q - dev->q_rx, skb); }",visit repo url,drivers/net/wireless/mediatek/mt76/dma.c,https://github.com/torvalds/linux,61571342853834,1 4389,['CWE-264'],"static __net_exit void proto_exit_net(struct net *net) { proc_net_remove(net, ""protocols""); }",linux-2.6,,,249114973108354062539445795375812082046,0 1284,[],"set_trace (symbol *sym, void *data) { SYMBOL_TRACED (sym) = data != NULL; if (SYMBOL_TYPE (sym) == TOKEN_VOID && data == NULL) lookup_symbol (SYMBOL_NAME (sym), SYMBOL_POPDEF); }",m4,,,259179692236591476287301252772090725652,0 6587,CWE-787,"LuacBinInfo *luac_build_info(LuaProto *proto) { if (!proto) { RZ_LOG_ERROR(""Invalid luac file\n""); return NULL; } LuacBinInfo *ret = RZ_NEW0(LuacBinInfo); if (!ret) { return NULL; } ret->entry_list = rz_list_newf((RzListFree)free_rz_addr); ret->symbol_list = rz_list_newf((RzListFree)rz_bin_symbol_free); ret->section_list = rz_list_newf((RzListFree)free_rz_section); ret->string_list = rz_list_newf((RzListFree)free_rz_string); if (!(ret->entry_list && ret->symbol_list && ret->section_list && ret->string_list)) { try_free_empty_list(ret->entry_list); try_free_empty_list(ret->symbol_list); try_free_empty_list(ret->section_list); try_free_empty_list(ret->string_list); } _luac_build_info(proto, ret); ut64 main_entry_offset; main_entry_offset = proto->code_offset + proto->code_skipped; luac_add_entry(ret->entry_list, main_entry_offset, RZ_BIN_ENTRY_TYPE_PROGRAM); return ret; }",visit repo url,librz/bin/format/luac/luac_bin.c,https://github.com/rizinorg/rizin,275045091328510,1 6414,CWE-20,"error_t am335xEthAddVlanEntry(uint_t port, uint_t vlanId) { error_t error; uint_t index; Am335xAleEntry entry; index = am335xEthFindVlanEntry(vlanId); if(index >= CPSW_ALE_MAX_ENTRIES) { index = am335xEthFindFreeEntry(); } if(index < CPSW_ALE_MAX_ENTRIES) { entry.word2 = 0; entry.word1 = CPSW_ALE_WORD1_ENTRY_TYPE_VLAN; entry.word0 = 0; entry.word1 |= CPSW_ALE_WORD1_VLAN_ID(vlanId); entry.word0 |= CPSW_ALE_WORD0_FORCE_UNTAG_EGRESS(1 << port) | CPSW_ALE_WORD0_FORCE_UNTAG_EGRESS(1 << CPSW_PORT0); entry.word0 |= CPSW_ALE_WORD0_VLAN_MEMBER_LIST(1 << port) | CPSW_ALE_WORD0_VLAN_MEMBER_LIST(1 << CPSW_PORT0); am335xEthWriteEntry(index, &entry); error = NO_ERROR; } else { error = ERROR_FAILURE; } return error; }",visit repo url,drivers/mac/am335x_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,73373250192717,1 312,[],"static int ppp_sock_fprog_ioctl_trans(unsigned int fd, unsigned int cmd, unsigned long arg) { struct sock_fprog32 __user *u_fprog32 = compat_ptr(arg); struct sock_fprog __user *u_fprog64 = compat_alloc_user_space(sizeof(struct sock_fprog)); void __user *fptr64; u32 fptr32; u16 flen; if (get_user(flen, &u_fprog32->len) || get_user(fptr32, &u_fprog32->filter)) return -EFAULT; fptr64 = compat_ptr(fptr32); if (put_user(flen, &u_fprog64->len) || put_user(fptr64, &u_fprog64->filter)) return -EFAULT; if (cmd == PPPIOCSPASS32) cmd = PPPIOCSPASS; else cmd = PPPIOCSACTIVE; return sys_ioctl(fd, cmd, (unsigned long) u_fprog64); }",linux-2.6,,,121582338303749436061574411152349797831,0 2332,CWE-119,"FUNC_DECODER(dissector_postgresql) { DECLARE_DISP_PTR(ptr); struct ec_session *s = NULL; void *ident = NULL; char tmp[MAX_ASCII_ADDR_LEN]; struct postgresql_status *conn_status; (void) DECODE_DATA; (void) DECODE_DATALEN; (void) DECODED_LEN; if (FROM_CLIENT(""postgresql"", PACKET)) { if (PACKET->DATA.len < 4) return NULL; dissect_create_ident(&ident, PACKET, DISSECT_CODE(dissector_postgresql)); if (session_get(&s, ident, DISSECT_IDENT_LEN) == -ENOTFOUND) { unsigned char *u = memmem(ptr, PACKET->DATA.len, ""user"", 4); unsigned char *d = memmem(ptr, PACKET->DATA.len, ""database"", 8); if (!memcmp(ptr + 4, ""\x00\x03\x00\x00"", 4) && u && d) { dissect_create_session(&s, PACKET, DISSECT_CODE(dissector_postgresql)); SAFE_CALLOC(s->data, 1, sizeof(struct postgresql_status)); conn_status = (struct postgresql_status *) s->data; conn_status->status = WAIT_AUTH; strncpy((char*)conn_status->user, (char*)(u + 5), 65); conn_status->user[64] = 0; strncpy((char*)conn_status->database, (char*)(d + 9), 65); conn_status->database[64] = 0; session_put(s); } } else { conn_status = (struct postgresql_status *) s->data; if (conn_status->status == WAIT_RESPONSE) { if (ptr[0] == 'p' && conn_status->type == MD5) { DEBUG_MSG(""\tDissector_postgresql RESPONSE type is MD5""); if(memcmp(ptr + 1, ""\x00\x00\x00\x28"", 4)) { DEBUG_MSG(""\tDissector_postgresql BUG, expected length is 40""); return NULL; } if (PACKET->DATA.len < 40) { DEBUG_MSG(""\tDissector_postgresql BUG, expected length is 40""); return NULL; } memcpy(conn_status->hash, ptr + 5 + 3, 32); conn_status->hash[32] = 0; DISSECT_MSG(""%s:$postgres$%s*%s*%s:%s:%d\n"", conn_status->user, conn_status->user, conn_status->salt, conn_status->hash, ip_addr_ntoa(&PACKET->L3.dst, tmp), ntohs(PACKET->L4.dst)); dissect_wipe_session(PACKET, DISSECT_CODE(dissector_postgresql)); } else if (ptr[0] == 'p' && conn_status->type == CT) { int length; DEBUG_MSG(""\tDissector_postgresql RESPONSE type is clear-text!""); GET_ULONG_BE(length, ptr, 1); strncpy((char*)conn_status->password, (char*)(ptr + 5), length - 4); conn_status->password[length - 4] = 0; DISSECT_MSG(""PostgreSQL credentials:%s-%d:%s:%s\n"", ip_addr_ntoa(&PACKET->L3.dst, tmp), ntohs(PACKET->L4.dst), conn_status->user, conn_status->password); dissect_wipe_session(PACKET, DISSECT_CODE(dissector_postgresql)); } } } } else { if (PACKET->DATA.len < 9) return NULL; dissect_create_ident(&ident, PACKET, DISSECT_CODE(dissector_postgresql)); if (session_get(&s, ident, DISSECT_IDENT_LEN) == ESUCCESS) { conn_status = (struct postgresql_status *) s->data; if (conn_status->status == WAIT_AUTH && ptr[0] == 'R' && !memcmp(ptr + 1, ""\x00\x00\x00\x0c"", 4) && !memcmp(ptr + 5, ""\x00\x00\x00\x05"", 4)) { conn_status->status = WAIT_RESPONSE; conn_status->type = MD5; DEBUG_MSG(""\tDissector_postgresql AUTH type is MD5""); hex_encode(ptr + 9, 4, conn_status->salt); } else if (conn_status->status == WAIT_AUTH && ptr[0] == 'R' && !memcmp(ptr + 1, ""\x00\x00\x00\x08"", 4) && !memcmp(ptr + 5, ""\x00\x00\x00\x03"", 4)) { conn_status->status = WAIT_RESPONSE; conn_status->type = CT; DEBUG_MSG(""\tDissector_postgresql AUTH type is clear-text!""); } } } SAFE_FREE(ident); return NULL; }",visit repo url,src/dissectors/ec_postgresql.c,https://github.com/Ettercap/ettercap,58106027107118,1 2585,CWE-119,"void lzxd_free(struct lzxd_stream *lzx) { struct mspack_system *sys; if (lzx) { sys = lzx->sys; sys->free(lzx->inbuf); sys->free(lzx->window); sys->free(lzx); } }",visit repo url,libclamav/libmspack-0.5alpha/mspack/lzxd.c,https://github.com/vrtadmin/clamav-devel,261332363193145,1 1176,CWE-400,"asmlinkage void __kprobes do_page_fault(struct pt_regs *regs, unsigned long write, unsigned long address) { struct vm_area_struct * vma = NULL; struct task_struct *tsk = current; struct mm_struct *mm = tsk->mm; const int field = sizeof(unsigned long) * 2; siginfo_t info; int fault; #if 0 printk(""Cpu%d[%s:%d:%0*lx:%ld:%0*lx]\n"", raw_smp_processor_id(), current->comm, current->pid, field, address, write, field, regs->cp0_epc); #endif #ifdef CONFIG_KPROBES if (notify_die(DIE_PAGE_FAULT, ""page fault"", regs, -1, (regs->cp0_cause >> 2) & 0x1f, SIGSEGV) == NOTIFY_STOP) return; #endif info.si_code = SEGV_MAPERR; #ifdef CONFIG_64BIT # define VMALLOC_FAULT_TARGET no_context #else # define VMALLOC_FAULT_TARGET vmalloc_fault #endif if (unlikely(address >= VMALLOC_START && address <= VMALLOC_END)) goto VMALLOC_FAULT_TARGET; #ifdef MODULE_START if (unlikely(address >= MODULE_START && address < MODULE_END)) goto VMALLOC_FAULT_TARGET; #endif if (in_atomic() || !mm) goto bad_area_nosemaphore; down_read(&mm->mmap_sem); vma = find_vma(mm, address); if (!vma) goto bad_area; if (vma->vm_start <= address) goto good_area; if (!(vma->vm_flags & VM_GROWSDOWN)) goto bad_area; if (expand_stack(vma, address)) goto bad_area; good_area: info.si_code = SEGV_ACCERR; if (write) { if (!(vma->vm_flags & VM_WRITE)) goto bad_area; } else { if (kernel_uses_smartmips_rixi) { if (address == regs->cp0_epc && !(vma->vm_flags & VM_EXEC)) { #if 0 pr_notice(""Cpu%d[%s:%d:%0*lx:%ld:%0*lx] XI violation\n"", raw_smp_processor_id(), current->comm, current->pid, field, address, write, field, regs->cp0_epc); #endif goto bad_area; } if (!(vma->vm_flags & VM_READ)) { #if 0 pr_notice(""Cpu%d[%s:%d:%0*lx:%ld:%0*lx] RI violation\n"", raw_smp_processor_id(), current->comm, current->pid, field, address, write, field, regs->cp0_epc); #endif goto bad_area; } } else { if (!(vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC))) goto bad_area; } } fault = handle_mm_fault(mm, vma, address, write ? FAULT_FLAG_WRITE : 0); perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, 0, regs, address); if (unlikely(fault & VM_FAULT_ERROR)) { if (fault & VM_FAULT_OOM) goto out_of_memory; else if (fault & VM_FAULT_SIGBUS) goto do_sigbus; BUG(); } if (fault & VM_FAULT_MAJOR) { perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, 0, regs, address); tsk->maj_flt++; } else { perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, 0, regs, address); tsk->min_flt++; } up_read(&mm->mmap_sem); return; bad_area: up_read(&mm->mmap_sem); bad_area_nosemaphore: if (user_mode(regs)) { tsk->thread.cp0_badvaddr = address; tsk->thread.error_code = write; #if 0 printk(""do_page_fault() #2: sending SIGSEGV to %s for "" ""invalid %s\n%0*lx (epc == %0*lx, ra == %0*lx)\n"", tsk->comm, write ? ""write access to"" : ""read access from"", field, address, field, (unsigned long) regs->cp0_epc, field, (unsigned long) regs->regs[31]); #endif info.si_signo = SIGSEGV; info.si_errno = 0; info.si_addr = (void __user *) address; force_sig_info(SIGSEGV, &info, tsk); return; } no_context: if (fixup_exception(regs)) { current->thread.cp0_baduaddr = address; return; } bust_spinlocks(1); printk(KERN_ALERT ""CPU %d Unable to handle kernel paging request at "" ""virtual address %0*lx, epc == %0*lx, ra == %0*lx\n"", raw_smp_processor_id(), field, address, field, regs->cp0_epc, field, regs->regs[31]); die(""Oops"", regs); out_of_memory: up_read(&mm->mmap_sem); pagefault_out_of_memory(); return; do_sigbus: up_read(&mm->mmap_sem); if (!user_mode(regs)) goto no_context; else #if 0 printk(""do_page_fault() #3: sending SIGBUS to %s for "" ""invalid %s\n%0*lx (epc == %0*lx, ra == %0*lx)\n"", tsk->comm, write ? ""write access to"" : ""read access from"", field, address, field, (unsigned long) regs->cp0_epc, field, (unsigned long) regs->regs[31]); #endif tsk->thread.cp0_badvaddr = address; info.si_signo = SIGBUS; info.si_errno = 0; info.si_code = BUS_ADRERR; info.si_addr = (void __user *) address; force_sig_info(SIGBUS, &info, tsk); return; #ifndef CONFIG_64BIT vmalloc_fault: { int offset = __pgd_offset(address); pgd_t *pgd, *pgd_k; pud_t *pud, *pud_k; pmd_t *pmd, *pmd_k; pte_t *pte_k; pgd = (pgd_t *) pgd_current[raw_smp_processor_id()] + offset; pgd_k = init_mm.pgd + offset; if (!pgd_present(*pgd_k)) goto no_context; set_pgd(pgd, *pgd_k); pud = pud_offset(pgd, address); pud_k = pud_offset(pgd_k, address); if (!pud_present(*pud_k)) goto no_context; pmd = pmd_offset(pud, address); pmd_k = pmd_offset(pud_k, address); if (!pmd_present(*pmd_k)) goto no_context; set_pmd(pmd, *pmd_k); pte_k = pte_offset_kernel(pmd_k, address); if (!pte_present(*pte_k)) goto no_context; return; } #endif }",visit repo url,arch/mips/mm/fault.c,https://github.com/torvalds/linux,201921439554247,1 3666,['CWE-264'],"__generic_file_splice_read(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { struct address_space *mapping = in->f_mapping; unsigned int loff, nr_pages, req_pages; struct page *pages[PIPE_BUFFERS]; struct partial_page partial[PIPE_BUFFERS]; struct page *page; pgoff_t index, end_index; loff_t isize; int error, page_nr; struct splice_pipe_desc spd = { .pages = pages, .partial = partial, .flags = flags, .ops = &page_cache_pipe_buf_ops, .spd_release = spd_release_page, }; index = *ppos >> PAGE_CACHE_SHIFT; loff = *ppos & ~PAGE_CACHE_MASK; req_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; nr_pages = min(req_pages, (unsigned)PIPE_BUFFERS); spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages); index += spd.nr_pages; if (spd.nr_pages < nr_pages) page_cache_sync_readahead(mapping, &in->f_ra, in, index, req_pages - spd.nr_pages); error = 0; while (spd.nr_pages < nr_pages) { page = find_get_page(mapping, index); if (!page) { page = page_cache_alloc_cold(mapping); if (!page) break; error = add_to_page_cache_lru(page, mapping, index, mapping_gfp_mask(mapping)); if (unlikely(error)) { page_cache_release(page); if (error == -EEXIST) continue; break; } unlock_page(page); } pages[spd.nr_pages++] = page; index++; } index = *ppos >> PAGE_CACHE_SHIFT; nr_pages = spd.nr_pages; spd.nr_pages = 0; for (page_nr = 0; page_nr < nr_pages; page_nr++) { unsigned int this_len; if (!len) break; this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff); page = pages[page_nr]; if (PageReadahead(page)) page_cache_async_readahead(mapping, &in->f_ra, in, page, index, req_pages - page_nr); if (!PageUptodate(page)) { if (flags & SPLICE_F_NONBLOCK) { if (!trylock_page(page)) { error = -EAGAIN; break; } } else lock_page(page); if (!page->mapping) { unlock_page(page); page = find_or_create_page(mapping, index, mapping_gfp_mask(mapping)); if (!page) { error = -ENOMEM; break; } page_cache_release(pages[page_nr]); pages[page_nr] = page; } if (PageUptodate(page)) { unlock_page(page); goto fill_it; } error = mapping->a_ops->readpage(in, page); if (unlikely(error)) { if (error == AOP_TRUNCATED_PAGE) error = 0; break; } } fill_it: isize = i_size_read(mapping->host); end_index = (isize - 1) >> PAGE_CACHE_SHIFT; if (unlikely(!isize || index > end_index)) break; if (end_index == index) { unsigned int plen; plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1; if (plen <= loff) break; this_len = min(this_len, plen - loff); len = this_len; } partial[page_nr].offset = loff; partial[page_nr].len = this_len; len -= this_len; loff = 0; spd.nr_pages++; index++; } while (page_nr < nr_pages) page_cache_release(pages[page_nr++]); in->f_ra.prev_pos = (loff_t)index << PAGE_CACHE_SHIFT; if (spd.nr_pages) return splice_to_pipe(pipe, &spd); return error; }",linux-2.6,,,161130281064624632812707780723363358143,0 1226,[],"m4_changecom (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 1, 3)) return; set_comment ((argc >= 2) ? TOKEN_DATA_TEXT (argv[1]) : NULL, (argc >= 3) ? TOKEN_DATA_TEXT (argv[2]) : NULL); }",m4,,,154015599330941810987244336204746681017,0 4463,['CWE-264'],"void mac_drv_rx_complete(struct s_smc *smc, volatile struct s_smt_fp_rxd *rxd, int frag_count, int len) { skfddi_priv *bp = &smc->os; struct sk_buff *skb; unsigned char *virt, *cp; unsigned short ri; u_int RifLength; PRINTK(KERN_INFO ""entering mac_drv_rx_complete (len=%d)\n"", len); if (frag_count != 1) { printk(""fddi: Multi-fragment receive!\n""); goto RequeueRxd; } skb = rxd->rxd_os.skb; if (!skb) { PRINTK(KERN_INFO ""No skb in rxd\n""); smc->os.MacStat.gen.rx_errors++; goto RequeueRxd; } virt = skb->data; dump_data(skb->data, len); if ((virt[1 + 6] & FDDI_RII) == 0) RifLength = 0; else { int n; PRINTK(KERN_INFO ""RIF found\n""); cp = virt + FDDI_MAC_HDR_LEN; ri = ntohs(*((__be16 *) cp)); RifLength = ri & FDDI_RCF_LEN_MASK; if (len < (int) (FDDI_MAC_HDR_LEN + RifLength)) { printk(""fddi: Invalid RIF.\n""); goto RequeueRxd; } virt[1 + 6] &= ~FDDI_RII; virt = cp + RifLength; for (n = FDDI_MAC_HDR_LEN; n; n--) *--virt = *--cp; skb_pull(skb, RifLength); len -= RifLength; RifLength = 0; } smc->os.MacStat.gen.rx_packets++; smc->os.MacStat.gen.rx_bytes+=len; if (virt[1] & 0x01) { smc->os.MacStat.gen.multicast++; } rxd->rxd_os.skb = NULL; skb_trim(skb, len); skb->protocol = fddi_type_trans(skb, bp->dev); netif_rx(skb); HWM_RX_CHECK(smc, RX_LOW_WATERMARK); return; RequeueRxd: PRINTK(KERN_INFO ""Rx: re-queue RXD.\n""); mac_drv_requeue_rxd(smc, rxd, frag_count); smc->os.MacStat.gen.rx_errors++; } ",linux-2.6,,,70809790548814115891298459059570077244,0 6262,['CWE-200'],"static struct net_device *ipmr_reg_vif(void) { struct net_device *dev; struct in_device *in_dev; dev = alloc_netdev(sizeof(struct net_device_stats), ""pimreg"", reg_vif_setup); if (dev == NULL) return NULL; if (register_netdevice(dev)) { free_netdev(dev); return NULL; } dev->iflink = 0; if ((in_dev = inetdev_init(dev)) == NULL) goto failure; in_dev->cnf.rp_filter = 0; if (dev_open(dev)) goto failure; return dev; failure: rtnl_unlock(); rtnl_lock(); unregister_netdevice(dev); return NULL; }",linux-2.6,,,259826944138007275834244382207270519289,0 6762,NVD-CWE-noinfo,"int ipfilter(struct pico_frame *f) { struct filter_node temp; struct pico_ipv4_hdr *ipv4_hdr = (struct pico_ipv4_hdr *) f->net_hdr; struct pico_trans *trans; struct pico_icmp4_hdr *icmp_hdr; memset(&temp, 0u, sizeof(struct filter_node)); temp.fdev = f->dev; temp.out_addr = ipv4_hdr->dst.addr; temp.in_addr = ipv4_hdr->src.addr; if ((ipv4_hdr->proto == PICO_PROTO_TCP) || (ipv4_hdr->proto == PICO_PROTO_UDP)) { trans = (struct pico_trans *) f->transport_hdr; temp.out_port = short_be(trans->dport); temp.in_port = short_be(trans->sport); } else if(ipv4_hdr->proto == PICO_PROTO_ICMP4) { icmp_hdr = (struct pico_icmp4_hdr *) f->transport_hdr; if(icmp_hdr->type == PICO_ICMP_UNREACH && icmp_hdr->code == PICO_ICMP_UNREACH_FILTER_PROHIB) return 0; } temp.proto = ipv4_hdr->proto; temp.priority = f->priority; temp.tos = ipv4_hdr->tos; return ipfilter_apply_filter(f, &temp); }",visit repo url,modules/pico_ipfilter.c,https://github.com/virtualsquare/picotcp,95694759512723,1 5601,[],"force_sig(int sig, struct task_struct *p) { force_sig_info(sig, SEND_SIG_PRIV, p); }",linux-2.6,,,107755942446701435107453646054666269006,0 4627,CWE-476,"GF_Err abst_box_read(GF_Box *s, GF_BitStream *bs) { GF_AdobeBootstrapInfoBox *ptr = (GF_AdobeBootstrapInfoBox *)s; int i; u32 tmp_strsize; char *tmp_str; Bool zfound=GF_FALSE; GF_Err e; ISOM_DECREASE_SIZE(ptr, 25) ptr->bootstrapinfo_version = gf_bs_read_u32(bs); ptr->profile = gf_bs_read_int(bs, 2); ptr->live = gf_bs_read_int(bs, 1); ptr->update = gf_bs_read_int(bs, 1); ptr->reserved = gf_bs_read_int(bs, 4); ptr->time_scale = gf_bs_read_u32(bs); ptr->current_media_time = gf_bs_read_u64(bs); ptr->smpte_time_code_offset = gf_bs_read_u64(bs); i=0; if (ptr->size<8) return GF_ISOM_INVALID_FILE; tmp_strsize =(u32)ptr->size; tmp_str = gf_malloc(sizeof(char)*tmp_strsize); if (!tmp_str) return GF_OUT_OF_MEM; memset(tmp_str, 0, sizeof(char)*tmp_strsize); while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) { zfound = GF_TRUE; break; } i++; } if (!zfound) return GF_ISOM_INVALID_FILE; if (i) { ptr->movie_identifier = gf_strdup(tmp_str); } ISOM_DECREASE_SIZE(ptr, 1) ptr->server_entry_count = gf_bs_read_u8(bs); for (i=0; iserver_entry_count; i++) { int j=0; zfound = GF_FALSE; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[j] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[j]) { zfound = GF_TRUE; break; } j++; } if (!zfound) return GF_ISOM_INVALID_FILE; if (j) { gf_list_insert(ptr->server_entry_table, gf_strdup(tmp_str), i); } } ISOM_DECREASE_SIZE(ptr, 1) ptr->quality_entry_count = gf_bs_read_u8(bs); for (i=0; iquality_entry_count; i++) { int j=0; zfound = GF_FALSE; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[j] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[j]) { zfound = GF_TRUE; break; } j++; } if (!zfound) return GF_ISOM_INVALID_FILE; if (j) { gf_list_insert(ptr->quality_entry_table, gf_strdup(tmp_str), i); } } i=0; tmp_strsize=(u32)ptr->size; zfound = GF_FALSE; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) { zfound = GF_TRUE; break; } i++; } if (!zfound) return GF_ISOM_INVALID_FILE; if (i) { ptr->drm_data = gf_strdup(tmp_str); } i=0; tmp_strsize=(u32)ptr->size; zfound = GF_FALSE; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) { zfound = GF_TRUE; break; } i++; } if (!zfound) return GF_ISOM_INVALID_FILE; if (i) { ptr->meta_data = gf_strdup(tmp_str); } ISOM_DECREASE_SIZE(ptr, 1) ptr->segment_run_table_count = gf_bs_read_u8(bs); for (i=0; isegment_run_table_count; i++) { GF_AdobeSegmentRunTableBox *asrt = NULL; e = gf_isom_box_parse((GF_Box **)&asrt, bs); if (e) { if (asrt) gf_isom_box_del((GF_Box*)asrt); gf_free(tmp_str); return e; } gf_list_add(ptr->segment_run_table_entries, asrt); } ISOM_DECREASE_SIZE(ptr, 1) ptr->fragment_run_table_count = gf_bs_read_u8(bs); for (i=0; ifragment_run_table_count; i++) { GF_AdobeFragmentRunTableBox *afrt = NULL; e = gf_isom_box_parse((GF_Box **)&afrt, bs); if (e) { if (afrt) gf_isom_box_del((GF_Box*)afrt); gf_free(tmp_str); return e; } gf_list_add(ptr->fragment_run_table_entries, afrt); } gf_free(tmp_str); return GF_OK; }",visit repo url,src/isomedia/box_code_adobe.c,https://github.com/gpac/gpac,34477602735502,1 4066,CWE-119,"static int search_old_relocation(struct reloc_struct_t *reloc_table, ut32 addr_to_patch, int n_reloc) { int i; for (i = 0; i < n_reloc; i++) { if (addr_to_patch == reloc_table[i].data_offset) { return i; } } return -1; }",visit repo url,libr/bin/p/bin_bflt.c,https://github.com/radare/radare2,59608589457034,1 4169,CWE-787,"ReadReason(rfbClient* client) { uint32_t reasonLen; char *reason; if (!ReadFromRFBServer(client, (char *)&reasonLen, 4)) return; reasonLen = rfbClientSwap32IfLE(reasonLen); reason = malloc((uint64_t)reasonLen+1); if (!ReadFromRFBServer(client, reason, reasonLen)) { free(reason); return; } reason[reasonLen]=0; rfbClientLog(""VNC connection failed: %s\n"",reason); free(reason); }",visit repo url,libvncclient/rfbproto.c,https://github.com/LibVNC/libvncserver,70937346865267,1 3514,['CWE-20'],"struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, const struct sctp_chunk *chunk) { struct sctp_chunk *retval; void *cookie; int cookie_len; cookie = asoc->peer.cookie; cookie_len = asoc->peer.cookie_len; retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); if (!retval) goto nodata; retval->subh.cookie_hdr = sctp_addto_chunk(retval, cookie_len, cookie); if (chunk) retval->transport = chunk->transport; nodata: return retval; }",linux-2.6,,,113179727241077495267350381603203499495,0 2615,CWE-415,"SPL_METHOD(SplDoublyLinkedList, offsetSet) { zval *zindex, *value; spl_dllist_object *intern; if (zend_parse_parameters(ZEND_NUM_ARGS(), ""zz"", &zindex, &value) == FAILURE) { return; } intern = Z_SPLDLLIST_P(getThis()); if (Z_TYPE_P(zindex) == IS_NULL) { spl_ptr_llist_push(intern->llist, value); } else { zend_long index; spl_ptr_llist_element *element; index = spl_offset_convert_to_long(zindex); if (index < 0 || index >= intern->llist->count) { zval_ptr_dtor(value); zend_throw_exception(spl_ce_OutOfRangeException, ""Offset invalid or out of range"", 0); return; } element = spl_ptr_llist_offset(intern->llist, index, intern->flags & SPL_DLLIST_IT_LIFO); if (element != NULL) { if (intern->llist->dtor) { intern->llist->dtor(element); } zval_ptr_dtor(&element->data); ZVAL_COPY_VALUE(&element->data, value); if (intern->llist->ctor) { intern->llist->ctor(element); } } else { zval_ptr_dtor(value); zend_throw_exception(spl_ce_OutOfRangeException, ""Offset invalid"", 0); return; } } } ",visit repo url,ext/spl/spl_dllist.c,https://github.com/php/php-src,64365425377377,1 6039,CWE-203,"send_ldap_result_ext( Slapi_PBlock *pb, int err, char *matched, char *text, int nentries, struct berval **urls, BerElement *ber) { Slapi_Operation *operation; passwdPolicy *pwpolicy = NULL; Connection *conn = NULL; Slapi_DN *sdn = NULL; const char *dn = NULL; ber_tag_t tag; int flush_ber_element = 1; ber_tag_t bind_method = 0; int internal_op; int i, rc, logit = 0; char *pbtext; slapi_pblock_get(pb, SLAPI_BIND_METHOD, &bind_method); slapi_pblock_get(pb, SLAPI_OPERATION, &operation); slapi_pblock_get(pb, SLAPI_CONNECTION, &conn); if (text) { pbtext = text; } else { slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &pbtext); } if (operation == NULL) { slapi_log_err(SLAPI_LOG_ERR, ""send_ldap_result_ext"", ""No operation found: slapi_search_internal_set_pb was incomplete (invalid 'base' ?)\n""); return; } if (operation->o_status == SLAPI_OP_STATUS_RESULT_SENT) { return; } if (ber != NULL) { flush_ber_element = 0; } if (err != LDAP_SUCCESS) { if (err == LDAP_INVALID_CREDENTIALS || err == LDAP_INAPPROPRIATE_AUTH || err == LDAP_AUTH_METHOD_NOT_SUPPORTED || err == LDAP_STRONG_AUTH_NOT_SUPPORTED || err == LDAP_STRONG_AUTH_REQUIRED || err == LDAP_CONFIDENTIALITY_REQUIRED || err == LDAP_INSUFFICIENT_ACCESS || err == LDAP_AUTH_UNKNOWN) { slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsSecurityErrors); } else if (err != LDAP_REFERRAL && err != LDAP_OPT_REFERRALS && err != LDAP_PARTIAL_RESULTS) { slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsErrors); } } slapi_log_err(SLAPI_LOG_TRACE, ""send_ldap_result_ext"", ""=> %d:%s:%s\n"", err, matched ? matched : """", text ? text : """"); switch (operation->o_tag) { case LBER_DEFAULT: tag = LBER_SEQUENCE; break; case LDAP_REQ_SEARCH: tag = LDAP_RES_SEARCH_RESULT; break; case LDAP_REQ_DELETE: tag = LDAP_RES_DELETE; break; case LDAP_REFERRAL: if (conn && conn->c_ldapversion > LDAP_VERSION2) { tag = LDAP_TAG_REFERRAL; break; } default: tag = operation->o_tag + 1; break; } internal_op = operation_is_flag_set(operation, OP_FLAG_INTERNAL); if ((conn == NULL) || (internal_op)) { if (operation->o_result_handler != NULL) { operation->o_result_handler(conn, operation, err, matched, text, nentries, urls); logit = 1; } goto log_and_return; } if ((err == LDAP_INVALID_CREDENTIALS) && (bind_method != LDAP_AUTH_SASL)) { slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn); dn = slapi_sdn_get_dn(sdn); pwpolicy = new_passwdPolicy(pb, dn); if (pwpolicy && (pwpolicy->pw_lockout == 1)) { if (update_pw_retry(pb) == LDAP_CONSTRAINT_VIOLATION && !pwpolicy->pw_is_legacy) { err = LDAP_CONSTRAINT_VIOLATION; text = ""Invalid credentials, you now have exceeded the password retry limit.""; } } } if (ber == NULL) { if ((ber = der_alloc()) == NULL) { slapi_log_err(SLAPI_LOG_ERR, ""send_ldap_result_ext"", ""ber_alloc failed\n""); goto log_and_return; } } if (err == LDAP_ADMINLIMIT_EXCEEDED && conn->c_ldapversion < LDAP_VERSION3) { err = LDAP_SIZELIMIT_EXCEEDED; } if (conn->c_ldapversion < LDAP_VERSION3 || urls == NULL) { char *save, *buf = NULL; if (urls != NULL) { int len; slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsReferrals); len = 10; for (i = 0; urls[i] != NULL; i++) { len += urls[i]->bv_len + 1; } if (text != NULL) { len += strlen(text) + 1; } buf = slapi_ch_malloc(len); *buf = '\0'; if (text != NULL) { strcpy(buf, text); strcat(buf, ""\n""); } strcat(buf, ""Referral:""); for (i = 0; urls[i] != NULL; i++) { strcat(buf, ""\n""); strcat(buf, urls[i]->bv_val); } save = text; text = buf; } if ((conn->c_ldapversion < LDAP_VERSION3 && err == LDAP_REFERRAL) || urls != NULL) { err = LDAP_PARTIAL_RESULTS; } rc = ber_printf(ber, ""{it{ess"", operation->o_msgid, tag, err, matched ? matched : """", pbtext ? pbtext : """"); if (rc != LBER_ERROR) { rc = check_and_send_extended_result(pb, tag, ber); } if (rc != LBER_ERROR) { rc = check_and_send_SASL_response(pb, tag, ber, conn); } if (rc != LBER_ERROR) { rc = ber_printf(ber, ""}""); } if (buf != NULL) { text = save; slapi_ch_free((void **)&buf); } } else { if (!config_check_referral_mode()) slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsReferrals); rc = ber_printf(ber, ""{it{esst{s"", operation->o_msgid, tag, err, matched ? matched : """", text ? text : """", LDAP_TAG_REFERRAL, urls[0]->bv_val); for (i = 1; urls[i] != NULL && rc != LBER_ERROR; i++) { rc = ber_printf(ber, ""s"", urls[i]->bv_val); } if (rc != LBER_ERROR) { rc = ber_printf(ber, ""}""); } if (rc != LBER_ERROR) { rc = check_and_send_extended_result(pb, tag, ber); } if (rc != LBER_ERROR) { rc = check_and_send_SASL_response(pb, tag, ber, conn); } if (rc != LBER_ERROR) { rc = ber_printf(ber, ""}""); } } if (err == LDAP_SUCCESS) { if (process_read_entry_controls(pb, LDAP_CONTROL_PRE_READ_ENTRY)) { err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; goto log_and_return; } if (process_read_entry_controls(pb, LDAP_CONTROL_POST_READ_ENTRY)) { err = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; goto log_and_return; } } if (operation->o_results.result_controls != NULL && conn->c_ldapversion >= LDAP_VERSION3 && write_controls(ber, operation->o_results.result_controls) != 0) { rc = (int)LBER_ERROR; } if (rc != LBER_ERROR) { rc = ber_put_seq(ber); } if (rc == LBER_ERROR) { slapi_log_err(SLAPI_LOG_ERR, ""send_ldap_result_ext"", ""ber_printf failed 1\n""); if (flush_ber_element == 1) { ber_free(ber, 1 ); } goto log_and_return; } if (flush_ber_element) { if (flush_ber(pb, conn, operation, ber, _LDAP_SEND_RESULT) == 0) { logit = 1; } } log_and_return: operation->o_status = SLAPI_OP_STATUS_RESULT_SENT; if (logit && (operation_is_flag_set(operation, OP_FLAG_ACTION_LOG_ACCESS) || (internal_op && config_get_plugin_logging()))) { log_result(pb, operation, err, tag, nentries); } slapi_log_err(SLAPI_LOG_TRACE, ""send_ldap_result_ext"", ""<= %d\n"", err); }",visit repo url,ldap/servers/slapd/result.c,https://github.com/389ds/389-ds-base,192061918837676,1 2167,CWE-362,"static void rds_tcp_kill_sock(struct net *net) { struct rds_tcp_connection *tc, *_tc; LIST_HEAD(tmp_list); struct rds_tcp_net *rtn = net_generic(net, rds_tcp_netid); struct socket *lsock = rtn->rds_tcp_listen_sock; rtn->rds_tcp_listen_sock = NULL; rds_tcp_listen_stop(lsock, &rtn->rds_tcp_accept_w); spin_lock_irq(&rds_tcp_conn_lock); list_for_each_entry_safe(tc, _tc, &rds_tcp_conn_list, t_tcp_node) { struct net *c_net = read_pnet(&tc->t_cpath->cp_conn->c_net); if (net != c_net || !tc->t_sock) continue; if (!list_has_conn(&tmp_list, tc->t_cpath->cp_conn)) { list_move_tail(&tc->t_tcp_node, &tmp_list); } else { list_del(&tc->t_tcp_node); tc->t_tcp_node_detached = true; } } spin_unlock_irq(&rds_tcp_conn_lock); list_for_each_entry_safe(tc, _tc, &tmp_list, t_tcp_node) rds_conn_destroy(tc->t_cpath->cp_conn); }",visit repo url,net/rds/tcp.c,https://github.com/torvalds/linux,144751352253608,1 4355,CWE-59,"static int fsmMkfile(rpmfi fi, const char *dest, rpmfiles files, rpmpsm psm, int nodigest, int *setmeta, int * firsthardlink) { int rc = 0; int numHardlinks = rpmfiFNlink(fi); if (numHardlinks > 1) { if (*firsthardlink < 0) { *firsthardlink = rpmfiFX(fi); rc = expandRegular(fi, dest, psm, nodigest, 1); } else { char *fn = rpmfilesFN(files, *firsthardlink); rc = link(fn, dest); if (rc < 0) { rc = RPMERR_LINK_FAILED; } free(fn); } } if (numHardlinks<=1) { if (!rc) rc = expandRegular(fi, dest, psm, nodigest, 0); } else if (rpmfiArchiveHasContent(fi)) { if (!rc) rc = expandRegular(fi, dest, psm, nodigest, 0); *firsthardlink = -1; } else { *setmeta = 0; } return rc; }",visit repo url,lib/fsm.c,https://github.com/rpm-software-management/rpm,194749487854002,1 4988,CWE-787,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 384,CWE-119,"static int hns_xgmac_get_sset_count(int stringset) { if (stringset == ETH_SS_STATS) return ARRAY_SIZE(g_xgmac_stats_string); return 0; }",visit repo url,drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c,https://github.com/torvalds/linux,234415554015961,1 4336,CWE-358,"static int DefragMfIpv4Test(void) { int retval = 0; int ip_id = 9; Packet *p = NULL; DefragInit(); Packet *p1 = BuildTestPacket(ip_id, 2, 1, 'C', 8); Packet *p2 = BuildTestPacket(ip_id, 0, 1, 'A', 8); Packet *p3 = BuildTestPacket(ip_id, 1, 0, 'B', 8); if (p1 == NULL || p2 == NULL || p3 == NULL) { goto end; } p = Defrag(NULL, NULL, p1, NULL); if (p != NULL) { goto end; } p = Defrag(NULL, NULL, p2, NULL); if (p != NULL) { goto end; } p = Defrag(NULL, NULL, p3, NULL); if (p == NULL) { goto end; } if (IPV4_GET_IPLEN(p) != 36) { goto end; } retval = 1; end: if (p1 != NULL) { SCFree(p1); } if (p2 != NULL) { SCFree(p2); } if (p3 != NULL) { SCFree(p3); } if (p != NULL) { SCFree(p); } DefragDestroy(); return retval; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,160715507885746,1 5283,['CWE-264'],"static void add_or_replace_ace(SEC_ACE *nt_ace_list, size_t *num_aces, const DOM_SID *sid, enum security_ace_type type, uint32_t mask, uint8_t flags) { int i; for (i = 0; i < *num_aces; i++) { if (sid_equal(&nt_ace_list[i].trustee, sid) && (nt_ace_list[i].flags == flags)) break; } if (i < *num_aces) { nt_ace_list[i].type = type; nt_ace_list[i].access_mask = mask; DEBUG(10, (""Replacing ACE %d with SID %s and flags %02x\n"", i, sid_string_dbg(sid), flags)); return; } init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags); }",samba,,,17949047440047270676870806645306991893,0 3264,['CWE-189'],"void *jas_alloc2(size_t num_elements, size_t element_size) { size_t size; if (!jas_safe_size_mul(num_elements, element_size, &size)) { return 0; } return jas_malloc(size); }",jasper,,,201958288555181321158236391296832501830,0 4338,['CWE-119'],"static int ima_adpcm_decode_block (ima_adpcm_data *ima, const uint8_t *encoded, int16_t *decoded) { int channelCount = ima->track->f.channelCount; struct adpcm_state state[channelCount]; for (int c=0; cframesPerBlock - 1, channelCount, state); return ima->framesPerBlock * channelCount * sizeof (int16_t); }",audiofile,,,247666179938069111306597232726375936573,0 1813,CWE-264,"static __init int hardware_setup(void) { int r = -ENOMEM, i, msr; rdmsrl_safe(MSR_EFER, &host_efer); for (i = 0; i < ARRAY_SIZE(vmx_msr_index); ++i) kvm_define_shared_msr(i, vmx_msr_index[i]); vmx_io_bitmap_a = (unsigned long *)__get_free_page(GFP_KERNEL); if (!vmx_io_bitmap_a) return r; vmx_io_bitmap_b = (unsigned long *)__get_free_page(GFP_KERNEL); if (!vmx_io_bitmap_b) goto out; vmx_msr_bitmap_legacy = (unsigned long *)__get_free_page(GFP_KERNEL); if (!vmx_msr_bitmap_legacy) goto out1; vmx_msr_bitmap_legacy_x2apic = (unsigned long *)__get_free_page(GFP_KERNEL); if (!vmx_msr_bitmap_legacy_x2apic) goto out2; vmx_msr_bitmap_longmode = (unsigned long *)__get_free_page(GFP_KERNEL); if (!vmx_msr_bitmap_longmode) goto out3; vmx_msr_bitmap_longmode_x2apic = (unsigned long *)__get_free_page(GFP_KERNEL); if (!vmx_msr_bitmap_longmode_x2apic) goto out4; if (nested) { vmx_msr_bitmap_nested = (unsigned long *)__get_free_page(GFP_KERNEL); if (!vmx_msr_bitmap_nested) goto out5; } vmx_vmread_bitmap = (unsigned long *)__get_free_page(GFP_KERNEL); if (!vmx_vmread_bitmap) goto out6; vmx_vmwrite_bitmap = (unsigned long *)__get_free_page(GFP_KERNEL); if (!vmx_vmwrite_bitmap) goto out7; memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE); memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE); memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE); clear_bit(0x80, vmx_io_bitmap_a); memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE); memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE); memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE); if (nested) memset(vmx_msr_bitmap_nested, 0xff, PAGE_SIZE); if (setup_vmcs_config(&vmcs_config) < 0) { r = -EIO; goto out8; } if (boot_cpu_has(X86_FEATURE_NX)) kvm_enable_efer_bits(EFER_NX); if (!cpu_has_vmx_vpid()) enable_vpid = 0; if (!cpu_has_vmx_shadow_vmcs()) enable_shadow_vmcs = 0; if (enable_shadow_vmcs) init_vmcs_shadow_fields(); if (!cpu_has_vmx_ept() || !cpu_has_vmx_ept_4levels()) { enable_ept = 0; enable_unrestricted_guest = 0; enable_ept_ad_bits = 0; } if (!cpu_has_vmx_ept_ad_bits()) enable_ept_ad_bits = 0; if (!cpu_has_vmx_unrestricted_guest()) enable_unrestricted_guest = 0; if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; if (!flexpriority_enabled) kvm_x86_ops->set_apic_access_page_addr = NULL; if (!cpu_has_vmx_tpr_shadow()) kvm_x86_ops->update_cr8_intercept = NULL; if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); if (!cpu_has_vmx_ple()) ple_gap = 0; if (!cpu_has_vmx_apicv()) enable_apicv = 0; if (cpu_has_vmx_tsc_scaling()) { kvm_has_tsc_control = true; kvm_max_tsc_scaling_ratio = KVM_VMX_TSC_MULTIPLIER_MAX; kvm_tsc_scaling_ratio_frac_bits = 48; } vmx_disable_intercept_for_msr(MSR_FS_BASE, false); vmx_disable_intercept_for_msr(MSR_GS_BASE, false); vmx_disable_intercept_for_msr(MSR_KERNEL_GS_BASE, true); vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_CS, false); vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_ESP, false); vmx_disable_intercept_for_msr(MSR_IA32_SYSENTER_EIP, false); vmx_disable_intercept_for_msr(MSR_IA32_BNDCFGS, true); memcpy(vmx_msr_bitmap_legacy_x2apic, vmx_msr_bitmap_legacy, PAGE_SIZE); memcpy(vmx_msr_bitmap_longmode_x2apic, vmx_msr_bitmap_longmode, PAGE_SIZE); set_bit(0, vmx_vpid_bitmap); if (enable_apicv) { for (msr = 0x800; msr <= 0x8ff; msr++) vmx_disable_intercept_msr_read_x2apic(msr); vmx_enable_intercept_msr_read_x2apic(0x802); vmx_enable_intercept_msr_read_x2apic(0x839); vmx_disable_intercept_msr_write_x2apic(0x808); vmx_disable_intercept_msr_write_x2apic(0x80b); vmx_disable_intercept_msr_write_x2apic(0x83f); } if (enable_ept) { kvm_mmu_set_mask_ptes(0ull, (enable_ept_ad_bits) ? VMX_EPT_ACCESS_BIT : 0ull, (enable_ept_ad_bits) ? VMX_EPT_DIRTY_BIT : 0ull, 0ull, VMX_EPT_EXECUTABLE_MASK); ept_set_mmio_spte_mask(); kvm_enable_tdp(); } else kvm_disable_tdp(); update_ple_window_actual_max(); if (!enable_ept || !enable_ept_ad_bits || !cpu_has_vmx_pml()) enable_pml = 0; if (!enable_pml) { kvm_x86_ops->slot_enable_log_dirty = NULL; kvm_x86_ops->slot_disable_log_dirty = NULL; kvm_x86_ops->flush_log_dirty = NULL; kvm_x86_ops->enable_log_dirty_pt_masked = NULL; } kvm_set_posted_intr_wakeup_handler(wakeup_handler); return alloc_kvm_area(); out8: free_page((unsigned long)vmx_vmwrite_bitmap); out7: free_page((unsigned long)vmx_vmread_bitmap); out6: if (nested) free_page((unsigned long)vmx_msr_bitmap_nested); out5: free_page((unsigned long)vmx_msr_bitmap_longmode_x2apic); out4: free_page((unsigned long)vmx_msr_bitmap_longmode); out3: free_page((unsigned long)vmx_msr_bitmap_legacy_x2apic); out2: free_page((unsigned long)vmx_msr_bitmap_legacy); out1: free_page((unsigned long)vmx_io_bitmap_b); out: free_page((unsigned long)vmx_io_bitmap_a); return r; }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,17138594649869,1 1912,['CWE-20'],"struct vm_area_struct *get_gate_vma(struct task_struct *tsk) { #ifdef AT_SYSINFO_EHDR return &gate_vma; #else return NULL; #endif }",linux-2.6,,,120175117455913580727104600658821778053,0 4976,['CWE-20'],"static void nfs_dentry_iput(struct dentry *dentry, struct inode *inode) { nfs_inode_return_delegation(inode); if (S_ISDIR(inode->i_mode)) NFS_I(inode)->cache_validity |= NFS_INO_INVALID_DATA; if (dentry->d_flags & DCACHE_NFSFS_RENAMED) { lock_kernel(); drop_nlink(inode); nfs_complete_unlink(dentry, inode); unlock_kernel(); } nfs_renew_times(dentry); iput(inode); }",linux-2.6,,,111269277153162601614210202675304562946,0 1120,['CWE-399'],"static int setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, struct pt_regs * regs) { void __user *restorer; struct sigframe __user *frame; int err = 0; int usig; frame = get_sigframe(ka, regs, sizeof(*frame)); if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) goto give_sigsegv; usig = current_thread_info()->exec_domain && current_thread_info()->exec_domain->signal_invmap && sig < 32 ? current_thread_info()->exec_domain->signal_invmap[sig] : sig; err = __put_user(usig, &frame->sig); if (err) goto give_sigsegv; err = setup_sigcontext(&frame->sc, &frame->fpstate, regs, set->sig[0]); if (err) goto give_sigsegv; if (_NSIG_WORDS > 1) { err = __copy_to_user(&frame->extramask, &set->sig[1], sizeof(frame->extramask)); if (err) goto give_sigsegv; } if (current->binfmt->hasvdso) restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn); else restorer = &frame->retcode; if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; err |= __put_user(restorer, &frame->pretcode); err |= __put_user(0xb858, (short __user *)(frame->retcode+0)); err |= __put_user(__NR_sigreturn, (int __user *)(frame->retcode+2)); err |= __put_user(0x80cd, (short __user *)(frame->retcode+6)); if (err) goto give_sigsegv; regs->sp = (unsigned long) frame; regs->ip = (unsigned long) ka->sa.sa_handler; regs->ax = (unsigned long) sig; regs->dx = (unsigned long) 0; regs->cx = (unsigned long) 0; regs->ds = __USER_DS; regs->es = __USER_DS; regs->ss = __USER_DS; regs->cs = __USER_CS; regs->flags &= ~(TF_MASK | X86_EFLAGS_DF); if (test_thread_flag(TIF_SINGLESTEP)) ptrace_notify(SIGTRAP); #if DEBUG_SIG printk(""SIG deliver (%s:%d): sp=%p pc=%p ra=%p\n"", current->comm, current->pid, frame, regs->ip, frame->pretcode); #endif return 0; give_sigsegv: force_sigsegv(sig, current); return -EFAULT; }",linux-2.6,,,172233590330466915841695118925594570140,0 1996,['CWE-20'],"static void remove_file_migration_ptes(struct page *old, struct page *new) { struct vm_area_struct *vma; struct address_space *mapping = page_mapping(new); struct prio_tree_iter iter; pgoff_t pgoff = new->index << (PAGE_CACHE_SHIFT - PAGE_SHIFT); if (!mapping) return; spin_lock(&mapping->i_mmap_lock); vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, pgoff, pgoff) remove_migration_pte(vma, old, new); spin_unlock(&mapping->i_mmap_lock); }",linux-2.6,,,63730897426079837830569886936399041705,0 577,CWE-399,"static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd) { struct socket *sock, *oldsock; struct vhost_virtqueue *vq; struct vhost_net_virtqueue *nvq; struct vhost_net_ubuf_ref *ubufs, *oldubufs = NULL; int r; mutex_lock(&n->dev.mutex); r = vhost_dev_check_owner(&n->dev); if (r) goto err; if (index >= VHOST_NET_VQ_MAX) { r = -ENOBUFS; goto err; } vq = &n->vqs[index].vq; nvq = &n->vqs[index]; mutex_lock(&vq->mutex); if (!vhost_vq_access_ok(vq)) { r = -EFAULT; goto err_vq; } sock = get_socket(fd); if (IS_ERR(sock)) { r = PTR_ERR(sock); goto err_vq; } oldsock = rcu_dereference_protected(vq->private_data, lockdep_is_held(&vq->mutex)); if (sock != oldsock) { ubufs = vhost_net_ubuf_alloc(vq, sock && vhost_sock_zcopy(sock)); if (IS_ERR(ubufs)) { r = PTR_ERR(ubufs); goto err_ubufs; } vhost_net_disable_vq(n, vq); rcu_assign_pointer(vq->private_data, sock); r = vhost_init_used(vq); if (r) goto err_used; r = vhost_net_enable_vq(n, vq); if (r) goto err_used; oldubufs = nvq->ubufs; nvq->ubufs = ubufs; n->tx_packets = 0; n->tx_zcopy_err = 0; n->tx_flush = false; } mutex_unlock(&vq->mutex); if (oldubufs) { vhost_net_ubuf_put_and_wait(oldubufs); mutex_lock(&vq->mutex); vhost_zerocopy_signal_used(n, vq); mutex_unlock(&vq->mutex); } if (oldsock) { vhost_net_flush_vq(n, index); fput(oldsock->file); } mutex_unlock(&n->dev.mutex); return 0; err_used: rcu_assign_pointer(vq->private_data, oldsock); vhost_net_enable_vq(n, vq); if (ubufs) vhost_net_ubuf_put_and_wait(ubufs); err_ubufs: fput(sock->file); err_vq: mutex_unlock(&vq->mutex); err: mutex_unlock(&n->dev.mutex); return r; }",visit repo url,drivers/vhost/net.c,https://github.com/torvalds/linux,46575686386154,1 2566,[],"static void handle_attr_line(struct attr_stack *res, const char *line, const char *src, int lineno, int macro_ok) { struct match_attr *a; a = parse_attr_line(line, src, lineno, macro_ok); if (!a) return; if (res->alloc <= res->num_matches) { res->alloc = alloc_nr(res->num_matches); res->attrs = xrealloc(res->attrs, sizeof(struct match_attr *) * res->alloc); } res->attrs[res->num_matches++] = a; }",git,,,36908121123449988058102364648782171724,0 6703,['CWE-200'],"applet_item_activate_info_destroy (AppletItemActivateInfo *info) { g_return_if_fail (info != NULL); if (info->device) g_object_unref (info->device); g_free (info->specific_object); memset (info, 0, sizeof (AppletItemActivateInfo)); g_free (info); }",network-manager-applet,,,79982208233136286032124956597374732795,0 4498,CWE-476,"static void gf_dump_vrml_simple_field(GF_SceneDumper *sdump, GF_FieldInfo field, GF_Node *parent) { u32 i, sf_type; GF_ChildNodeItem *list; void *slot_ptr; switch (field.fieldType) { case GF_SG_VRML_SFNODE: assert ( *(GF_Node **)field.far_ptr); gf_dump_vrml_node(sdump, *(GF_Node **)field.far_ptr, 0, NULL); return; case GF_SG_VRML_MFNODE: list = * ((GF_ChildNodeItem **) field.far_ptr); assert( list ); sdump->indent++; while (list) { gf_dump_vrml_node(sdump, list->node, 1, NULL); list = list->next; } sdump->indent--; return; case GF_SG_VRML_SFCOMMANDBUFFER: return; } if (gf_sg_vrml_is_sf_field(field.fieldType)) { if (sdump->XMLDump) StartAttribute(sdump, ""value""); gf_dump_vrml_sffield(sdump, field.fieldType, field.far_ptr, 0, parent); if (sdump->XMLDump) EndAttribute(sdump); } else { GenMFField *mffield; mffield = (GenMFField *) field.far_ptr; sf_type = gf_sg_vrml_get_sf_type(field.fieldType); if (!sdump->XMLDump) { gf_fprintf(sdump->trace, ""[""); } else if (sf_type==GF_SG_VRML_SFSTRING) { gf_fprintf(sdump->trace, "" value=\'""); } else { StartAttribute(sdump, ""value""); } for (i=0; icount; i++) { if (i) gf_fprintf(sdump->trace, "" ""); gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, 1, parent); } if (!sdump->XMLDump) { gf_fprintf(sdump->trace, ""]""); } else if (sf_type==GF_SG_VRML_SFSTRING) { gf_fprintf(sdump->trace, ""\'""); } else { EndAttribute(sdump); } } }",visit repo url,src/scene_manager/scene_dump.c,https://github.com/gpac/gpac,86728469048323,1 191,[],"static int atalk_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags) { struct sock *sk = sock->sk; struct atalk_sock *at = at_sk(sk); struct sockaddr_at *addr; sk->sk_state = TCP_CLOSE; sock->state = SS_UNCONNECTED; if (addr_len != sizeof(*addr)) return -EINVAL; addr = (struct sockaddr_at *)uaddr; if (addr->sat_family != AF_APPLETALK) return -EAFNOSUPPORT; if (addr->sat_addr.s_node == ATADDR_BCAST && !sock_flag(sk, SOCK_BROADCAST)) { #if 1 printk(KERN_WARNING ""%s is broken and did not set "" ""SO_BROADCAST. It will break when 2.2 is "" ""released.\n"", current->comm); #else return -EACCES; #endif } if (sk->sk_zapped) if (atalk_autobind(sk) < 0) return -EBUSY; if (!atrtr_get_dev(&addr->sat_addr)) return -ENETUNREACH; at->dest_port = addr->sat_port; at->dest_net = addr->sat_addr.s_net; at->dest_node = addr->sat_addr.s_node; sock->state = SS_CONNECTED; sk->sk_state = TCP_ESTABLISHED; return 0; }",history,,,334933792046427721934132198225768147592,0 5928,['CWE-909'],"static int qdisc_change(struct Qdisc *sch, struct nlattr **tca) { struct qdisc_size_table *stab = NULL; int err = 0; if (tca[TCA_OPTIONS]) { if (sch->ops->change == NULL) return -EINVAL; err = sch->ops->change(sch, tca[TCA_OPTIONS]); if (err) return err; } if (tca[TCA_STAB]) { stab = qdisc_get_stab(tca[TCA_STAB]); if (IS_ERR(stab)) return PTR_ERR(stab); } qdisc_put_stab(sch->stab); sch->stab = stab; if (tca[TCA_RATE]) gen_replace_estimator(&sch->bstats, &sch->rate_est, qdisc_root_sleeping_lock(sch), tca[TCA_RATE]); return 0; }",linux-2.6,,,91929159192947658395523573057195574013,0 6627,['CWE-200'],"nma_icons_load (NMApplet *applet) { int i, j; GError *err = NULL; g_return_val_if_fail (!applet->icons_loaded, FALSE); if (applet->size < 0) return FALSE; ICON_LOAD(applet->no_connection_icon, ""nm-no-connection""); ICON_LOAD(applet->wired_icon, ""nm-device-wired""); ICON_LOAD(applet->adhoc_icon, ""nm-adhoc""); ICON_LOAD(applet->wwan_icon, ""nm-device-wwan""); ICON_LOAD(applet->vpn_lock_icon, ""nm-vpn-active-lock""); ICON_LOAD(applet->wireless_00_icon, ""nm-signal-00""); ICON_LOAD(applet->wireless_25_icon, ""nm-signal-25""); ICON_LOAD(applet->wireless_50_icon, ""nm-signal-50""); ICON_LOAD(applet->wireless_75_icon, ""nm-signal-75""); ICON_LOAD(applet->wireless_100_icon, ""nm-signal-100""); for (i = 0; i < NUM_CONNECTING_STAGES; i++) { for (j = 0; j < NUM_CONNECTING_FRAMES; j++) { char *name; name = g_strdup_printf (""nm-stage%02d-connecting%02d"", i+1, j+1); ICON_LOAD(applet->network_connecting_icons[i][j], name); g_free (name); } } for (i = 0; i < NUM_VPN_CONNECTING_FRAMES; i++) { char *name; name = g_strdup_printf (""nm-vpn-connecting%02d"", i+1); ICON_LOAD(applet->vpn_connecting_icons[i], name); g_free (name); } applet->icons_loaded = TRUE; out: if (!applet->icons_loaded) { GtkWidget *dialog; dialog = applet_warning_dialog_show (_(""The NetworkManager applet could not find some required resources. It cannot continue.\n"")); gtk_dialog_run (GTK_DIALOG (dialog)); g_main_loop_quit (applet->loop); } return applet->icons_loaded; }",network-manager-applet,,,38764423334652312516926703522027059465,0 3060,CWE-22,"char *string_crypt(const char *key, const char *salt) { assert(key); assert(salt); char random_salt[12]; if (!*salt) { memcpy(random_salt,""$1$"",3); ito64(random_salt+3,rand(),8); random_salt[11] = '\0'; return string_crypt(key, random_salt); } if ((strlen(salt) > sizeof(""$2X$00$"")) && (salt[0] == '$') && (salt[1] == '2') && (salt[2] >= 'a') && (salt[2] <= 'z') && (salt[3] == '$') && (salt[4] >= '0') && (salt[4] <= '3') && (salt[5] >= '0') && (salt[5] <= '9') && (salt[6] == '$')) { char output[61]; if (php_crypt_blowfish_rn(key, salt, output, sizeof(output))) { return strdup(output); } } else { #ifdef USE_PHP_CRYPT_R return php_crypt_r(key, salt); #else static Mutex mutex; Lock lock(mutex); char *crypt_res = crypt(key,salt); if (crypt_res) { return strdup(crypt_res); } #endif } return ((salt[0] == '*') && (salt[1] == '0')) ? strdup(""*1"") : strdup(""*0""); }",visit repo url,hphp/zend/zend-string.cpp,https://github.com/facebook/hhvm,124316546725727,1 4387,['CWE-264'],"static char proto_method_implemented(const void *method) { return method == NULL ? 'n' : 'y'; }",linux-2.6,,,223818774076486296111206750522963189367,0 2461,CWE-89,"char *curl_easy_unescape(CURL *handle, const char *string, int length, int *olen) { int alloc = (length?length:(int)strlen(string))+1; char *ns = malloc(alloc); unsigned char in; int strindex=0; unsigned long hex; CURLcode res; if(!ns) return NULL; while(--alloc > 0) { in = *string; if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) { char hexstr[3]; char *ptr; hexstr[0] = string[1]; hexstr[1] = string[2]; hexstr[2] = 0; hex = strtoul(hexstr, &ptr, 16); in = curlx_ultouc(hex); res = Curl_convert_from_network(handle, &in, 1); if(res) { free(ns); return NULL; } string+=2; alloc-=2; } ns[strindex++] = in; string++; } ns[strindex]=0; if(olen) *olen = strindex; return ns; }",visit repo url,lib/escape.c,https://github.com/bagder/curl,235310886864952,1 6177,CWE-190,"void fb_exp_basic(fb_t c, const fb_t a, const bn_t b) { int i, l; fb_t r; if (bn_is_zero(b)) { fb_set_dig(c, 1); return; } fb_null(r); RLC_TRY { fb_new(r); l = bn_bits(b); fb_copy(r, a); for (i = l - 2; i >= 0; i--) { fb_sqr(r, r); if (bn_get_bit(b, i)) { fb_mul(r, r, a); } } if (bn_sign(b) == RLC_NEG) { fb_inv(c, r); } else { fb_copy(c, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fb_free(r); } }",visit repo url,src/fb/relic_fb_exp.c,https://github.com/relic-toolkit/relic,139883169791803,1 2964,CWE-20,"stf_status ikev2parent_inI1outR1(struct msg_digest *md) { struct state *st = md->st; lset_t policy = POLICY_IKEV2_ALLOW; struct connection *c = find_host_connection(&md->iface->ip_addr, md->iface->port, &md->sender, md->sender_port, POLICY_IKEV2_ALLOW); #if 0 if (c == NULL) { pb_stream pre_sa_pbs = sa_pd->pbs; policy = preparse_isakmp_sa_body(&pre_sa_pbs); c = find_host_connection(&md->iface->ip_addr, pluto_port, (ip_address*)NULL, md->sender_port, policy); } #endif if (c == NULL) { { struct connection *d; d = find_host_connection(&md->iface->ip_addr, pluto_port, (ip_address*)NULL, md->sender_port, policy); for (; d != NULL; d = d->hp_next) { if (d->kind == CK_GROUP) { } else { if (d->kind == CK_TEMPLATE && !(d->policy & POLICY_OPPO)) { c = d; break; } if (addrinsubnet(&md->sender, &d->spd.that.client) && (c == NULL || !subnetinsubnet(&c->spd.that. client, &d->spd.that. client))) c = d; } } } if (c == NULL) { loglog(RC_LOG_SERIOUS, ""initial parent SA message received on %s:%u"" "" but no connection has been authorized%s%s"", ip_str( &md->iface->ip_addr), ntohs(portof(&md->iface->ip_addr)), (policy != LEMPTY) ? "" with policy="" : """", (policy != LEMPTY) ? bitnamesof(sa_policy_bit_names, policy) : """"); return STF_FAIL + v2N_NO_PROPOSAL_CHOSEN; } if (c->kind != CK_TEMPLATE) { loglog(RC_LOG_SERIOUS, ""initial parent SA message received on %s:%u"" "" but \""%s\"" forbids connection"", ip_str( &md->iface->ip_addr), pluto_port, c->name); return STF_FAIL + v2N_NO_PROPOSAL_CHOSEN; } c = rw_instantiate(c, &md->sender, NULL, NULL); } else { if ((c->kind == CK_TEMPLATE) && c->spd.that.virt) { DBG(DBG_CONTROL, DBG_log( ""local endpoint has virt (vnet/vhost) set without wildcards - needs instantiation"")); c = rw_instantiate(c, &md->sender, NULL, NULL); } else if ((c->kind == CK_TEMPLATE) && (c->policy & POLICY_IKEV2_ALLOW_NARROWING)) { DBG(DBG_CONTROL, DBG_log( ""local endpoint has narrowing=yes - needs instantiation"")); c = rw_instantiate(c, &md->sender, NULL, NULL); } } DBG_log(""found connection: %s\n"", c ? c->name : """"); if (!st) { st = new_state(); memcpy(st->st_icookie, md->hdr.isa_icookie, COOKIE_SIZE); get_cookie(FALSE, st->st_rcookie, COOKIE_SIZE, &md->sender); initialize_new_state(st, c, policy, 0, NULL_FD, pcim_stranger_crypto); st->st_ikev2 = TRUE; change_state(st, STATE_PARENT_R1); st->st_msgid_lastack = INVALID_MSGID; st->st_msgid_nextuse = 0; md->st = st; md->from_state = STATE_IKEv2_BASE; } if (force_busy == TRUE) { u_char dcookie[SHA1_DIGEST_SIZE]; chunk_t dc; ikev2_get_dcookie( dcookie, st->st_ni, &md->sender, st->st_icookie); dc.ptr = dcookie; dc.len = SHA1_DIGEST_SIZE; if ( md->chain[ISAKMP_NEXT_v2KE] && md->chain[ISAKMP_NEXT_v2N] && (md->chain[ISAKMP_NEXT_v2N]->payload.v2n.isan_type == v2N_COOKIE)) { u_int8_t spisize; const pb_stream *dc_pbs; chunk_t blob; DBG(DBG_CONTROLMORE, DBG_log(""received a DOS cookie in I1 verify it"")); spisize = md->chain[ISAKMP_NEXT_v2N]->payload.v2n. isan_spisize; dc_pbs = &md->chain[ISAKMP_NEXT_v2N]->pbs; blob.ptr = dc_pbs->cur + spisize; blob.len = pbs_left(dc_pbs) - spisize; DBG(DBG_CONTROLMORE, DBG_dump_chunk(""dcookie received in I1 Packet"", blob); DBG_dump(""dcookie computed"", dcookie, SHA1_DIGEST_SIZE)); if (memcmp(blob.ptr, dcookie, SHA1_DIGEST_SIZE) != 0) { libreswan_log( ""mismatch in DOS v2N_COOKIE,send a new one""); SEND_NOTIFICATION_AA(v2N_COOKIE, &dc); return STF_FAIL + v2N_INVALID_IKE_SPI; } DBG(DBG_CONTROLMORE, DBG_log(""dcookie received match with computed one"")); } else { DBG(DBG_CONTROLMORE, DBG_log( ""busy mode on. receieved I1 without a valid dcookie""); DBG_log(""send a dcookie and forget this state"")); SEND_NOTIFICATION_AA(v2N_COOKIE, &dc); return STF_FAIL; } } else { DBG(DBG_CONTROLMORE, DBG_log(""will not send/process a dcookie"")); } { struct ikev2_ke *ke; ke = &md->chain[ISAKMP_NEXT_v2KE]->payload.v2ke; st->st_oakley.group = lookup_group(ke->isak_group); if (st->st_oakley.group == NULL) { char fromname[ADDRTOT_BUF]; addrtot(&md->sender, 0, fromname, ADDRTOT_BUF); libreswan_log( ""rejecting I1 from %s:%u, invalid DH group=%u"", fromname, md->sender_port, ke->isak_group); return v2N_INVALID_KE_PAYLOAD; } } { struct ke_continuation *ke = alloc_thing( struct ke_continuation, ""ikev2_inI1outR1 KE""); stf_status e; ke->md = md; set_suspended(st, ke->md); if (!st->st_sec_in_use) { pcrc_init(&ke->ke_pcrc); ke->ke_pcrc.pcrc_func = ikev2_parent_inI1outR1_continue; e = build_ke(&ke->ke_pcrc, st, st->st_oakley.group, pcim_stranger_crypto); if (e != STF_SUSPEND && e != STF_INLINE) { loglog(RC_CRYPTOFAILED, ""system too busy""); delete_state(st); } } else { e = ikev2_parent_inI1outR1_tail((struct pluto_crypto_req_cont *)ke, NULL); } reset_globals(); return e; } }",visit repo url,programs/pluto/ikev2_parent.c,https://github.com/libreswan/libreswan,274774288824813,1 3576,['CWE-20'],"static sctp_disposition_t sctp_sf_do_dupcook_c(const struct sctp_endpoint *ep, const struct sctp_association *asoc, struct sctp_chunk *chunk, sctp_cmd_seq_t *commands, struct sctp_association *new_asoc) { return SCTP_DISPOSITION_DISCARD; }",linux-2.6,,,23693779834112986066098580102208321414,0 1399,CWE-310,"static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_aead raead; struct aead_alg *aead = &alg->cra_aead; snprintf(raead.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""aead""); snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", aead->geniv ?: """"); raead.blocksize = alg->cra_blocksize; raead.maxauthsize = aead->maxauthsize; raead.ivsize = aead->ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(struct crypto_report_aead), &raead)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/aead.c,https://github.com/torvalds/linux,15737403031920,1 3390,CWE-125,"static inline Quantum GetPixelChannel(const Image *magick_restrict image, const PixelChannel channel,const Quantum *magick_restrict pixel) { if (image->channel_map[channel].traits == UndefinedPixelTrait) return((Quantum) 0); return(pixel[image->channel_map[channel].offset]); }",visit repo url,MagickCore/pixel-accessor.h,https://github.com/ImageMagick/ImageMagick,261072297064442,1 5604,[],"void flush_itimer_signals(void) { struct task_struct *tsk = current; unsigned long flags; spin_lock_irqsave(&tsk->sighand->siglock, flags); __flush_itimer_signals(&tsk->pending); __flush_itimer_signals(&tsk->signal->shared_pending); spin_unlock_irqrestore(&tsk->sighand->siglock, flags); }",linux-2.6,,,272658411832886748011608164647214822423,0 4295,['CWE-264'],"static inline int mm_alloc_pgd(struct mm_struct * mm) { mm->pgd = pgd_alloc(mm); if (unlikely(!mm->pgd)) return -ENOMEM; return 0; }",linux-2.6,,,334009042375736633862942283268801237667,0 6073,['CWE-200'],"static int cbq_graft(struct Qdisc *sch, unsigned long arg, struct Qdisc *new, struct Qdisc **old) { struct cbq_class *cl = (struct cbq_class*)arg; if (cl) { if (new == NULL) { if ((new = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops)) == NULL) return -ENOBUFS; } else { #ifdef CONFIG_NET_CLS_POLICE if (cl->police == TC_POLICE_RECLASSIFY) new->reshape_fail = cbq_reshape_fail; #endif } sch_tree_lock(sch); *old = cl->q; cl->q = new; sch->q.qlen -= (*old)->q.qlen; qdisc_reset(*old); sch_tree_unlock(sch); return 0; } return -ENOENT; }",linux-2.6,,,338880735240307795129484997837209868961,0 1466,CWE-17,"static int __mkroute_input(struct sk_buff *skb, const struct fib_result *res, struct in_device *in_dev, __be32 daddr, __be32 saddr, u32 tos) { struct fib_nh_exception *fnhe; struct rtable *rth; int err; struct in_device *out_dev; unsigned int flags = 0; bool do_cache; u32 itag = 0; out_dev = __in_dev_get_rcu(FIB_RES_DEV(*res)); if (out_dev == NULL) { net_crit_ratelimited(""Bug in ip_route_input_slow(). Please report.\n""); return -EINVAL; } err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); if (err < 0) { ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); goto cleanup; } do_cache = res->fi && !itag; if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) && (IN_DEV_SHARED_MEDIA(out_dev) || inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) { flags |= RTCF_DOREDIRECT; do_cache = false; } if (skb->protocol != htons(ETH_P_IP)) { if (out_dev == in_dev && IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) { err = -EINVAL; goto cleanup; } } fnhe = find_exception(&FIB_RES_NH(*res), daddr); if (do_cache) { if (fnhe != NULL) rth = rcu_dereference(fnhe->fnhe_rth_input); else rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input); if (rt_cache_valid(rth)) { skb_dst_set_noref(skb, &rth->dst); goto out; } } rth = rt_dst_alloc(out_dev->dev, IN_DEV_CONF_GET(in_dev, NOPOLICY), IN_DEV_CONF_GET(out_dev, NOXFRM), do_cache); if (!rth) { err = -ENOBUFS; goto cleanup; } rth->rt_genid = rt_genid_ipv4(dev_net(rth->dst.dev)); rth->rt_flags = flags; rth->rt_type = res->type; rth->rt_is_input = 1; rth->rt_iif = 0; rth->rt_pmtu = 0; rth->rt_gateway = 0; rth->rt_uses_gateway = 0; INIT_LIST_HEAD(&rth->rt_uncached); RT_CACHE_STAT_INC(in_slow_tot); rth->dst.input = ip_forward; rth->dst.output = ip_output; rt_set_nexthop(rth, daddr, res, fnhe, res->fi, res->type, itag); skb_dst_set(skb, &rth->dst); out: err = 0; cleanup: return err; }",visit repo url,net/ipv4/route.c,https://github.com/torvalds/linux,118753707988096,1 2005,CWE-125,"static bool vgacon_scroll(struct vc_data *c, unsigned int t, unsigned int b, enum con_scroll dir, unsigned int lines) { unsigned long oldo; unsigned int delta; if (t || b != c->vc_rows || vga_is_gfx || c->vc_mode != KD_TEXT) return false; if (!vga_hardscroll_enabled || lines >= c->vc_rows / 2) return false; vgacon_restore_screen(c); oldo = c->vc_origin; delta = lines * c->vc_size_row; if (dir == SM_UP) { vgacon_scrollback_update(c, t, lines); if (c->vc_scr_end + delta >= vga_vram_end) { scr_memcpyw((u16 *) vga_vram_base, (u16 *) (oldo + delta), c->vc_screenbuf_size - delta); c->vc_origin = vga_vram_base; vga_rolled_over = oldo - vga_vram_base; } else c->vc_origin += delta; scr_memsetw((u16 *) (c->vc_origin + c->vc_screenbuf_size - delta), c->vc_video_erase_char, delta); } else { if (oldo - delta < vga_vram_base) { scr_memmovew((u16 *) (vga_vram_end - c->vc_screenbuf_size + delta), (u16 *) oldo, c->vc_screenbuf_size - delta); c->vc_origin = vga_vram_end - c->vc_screenbuf_size; vga_rolled_over = 0; } else c->vc_origin -= delta; c->vc_scr_end = c->vc_origin + c->vc_screenbuf_size; scr_memsetw((u16 *) (c->vc_origin), c->vc_video_erase_char, delta); } c->vc_scr_end = c->vc_origin + c->vc_screenbuf_size; c->vc_visible_origin = c->vc_origin; vga_set_mem_top(c); c->vc_pos = (c->vc_pos - oldo) + c->vc_origin; return true; }",visit repo url,drivers/video/console/vgacon.c,https://github.com/torvalds/linux,240356355999224,1 1054,CWE-119,"static int __videobuf_mmap_mapper(struct videobuf_queue *q, struct vm_area_struct *vma) { struct videbuf_vmalloc_memory *mem; struct videobuf_mapping *map; unsigned int first; int retval; unsigned long offset = vma->vm_pgoff << PAGE_SHIFT; if (! (vma->vm_flags & VM_WRITE) || ! (vma->vm_flags & VM_SHARED)) return -EINVAL; for (first = 0; first < VIDEO_MAX_FRAME; first++) { if (NULL == q->bufs[first]) continue; if (V4L2_MEMORY_MMAP != q->bufs[first]->memory) continue; if (q->bufs[first]->boff == offset) break; } if (VIDEO_MAX_FRAME == first) { dprintk(1,""mmap app bug: offset invalid [offset=0x%lx]\n"", (vma->vm_pgoff << PAGE_SHIFT)); return -EINVAL; } map = q->bufs[first]->map = kmalloc(sizeof(struct videobuf_mapping),GFP_KERNEL); if (NULL == map) return -ENOMEM; map->start = vma->vm_start; map->end = vma->vm_end; map->q = q; q->bufs[first]->baddr = vma->vm_start; vma->vm_ops = &videobuf_vm_ops; vma->vm_flags |= VM_DONTEXPAND | VM_RESERVED; vma->vm_private_data = map; mem=q->bufs[first]->priv; BUG_ON (!mem); MAGIC_CHECK(mem->magic,MAGIC_VMAL_MEM); retval=remap_vmalloc_range(vma, mem->vmalloc,0); if (retval<0) { dprintk(1,""mmap: postponing remap_vmalloc_range\n""); mem->vma=kmalloc(sizeof(*vma),GFP_KERNEL); if (!mem->vma) { kfree(map); q->bufs[first]->map=NULL; return -ENOMEM; } memcpy(mem->vma,vma,sizeof(*vma)); } dprintk(1,""mmap %p: q=%p %08lx-%08lx (%lx) pgoff %08lx buf %d\n"", map,q,vma->vm_start,vma->vm_end, (long int) q->bufs[first]->bsize, vma->vm_pgoff,first); videobuf_vm_open(vma); return (0); }",visit repo url,drivers/media/video/videobuf-vmalloc.c,https://github.com/torvalds/linux,261265342338864,1 5080,['CWE-20'],"static int handle_rdmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { u32 ecx = vcpu->arch.regs[VCPU_REGS_RCX]; u64 data; if (vmx_get_msr(vcpu, ecx, &data)) { kvm_inject_gp(vcpu, 0); return 1; } KVMTRACE_3D(MSR_READ, vcpu, ecx, (u32)data, (u32)(data >> 32), handler); vcpu->arch.regs[VCPU_REGS_RAX] = data & -1u; vcpu->arch.regs[VCPU_REGS_RDX] = (data >> 32) & -1u; skip_emulated_instruction(vcpu); return 1; }",linux-2.6,,,124095357646199014740613903723468838321,0 5502,['CWE-119'],"parse_tag_11_packet(unsigned char *data, unsigned char *contents, size_t max_contents_bytes, size_t *tag_11_contents_size, size_t *packet_size, size_t max_packet_size) { size_t body_size; size_t length_size; int rc = 0; (*packet_size) = 0; (*tag_11_contents_size) = 0; if (max_packet_size < 16) { printk(KERN_ERR ""Maximum packet size too small\n""); rc = -EINVAL; goto out; } if (data[(*packet_size)++] != ECRYPTFS_TAG_11_PACKET_TYPE) { printk(KERN_WARNING ""Invalid tag 11 packet format\n""); rc = -EINVAL; goto out; } rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, &length_size); if (rc) { printk(KERN_WARNING ""Invalid tag 11 packet format\n""); goto out; } if (body_size < 14) { printk(KERN_WARNING ""Invalid body size ([%td])\n"", body_size); rc = -EINVAL; goto out; } (*packet_size) += length_size; (*tag_11_contents_size) = (body_size - 14); if (unlikely((*packet_size) + body_size + 1 > max_packet_size)) { printk(KERN_ERR ""Packet size exceeds max\n""); rc = -EINVAL; goto out; } if (unlikely((*tag_11_contents_size) > max_contents_bytes)) { printk(KERN_ERR ""Literal data section in tag 11 packet exceeds "" ""expected size\n""); rc = -EINVAL; goto out; } if (data[(*packet_size)++] != 0x62) { printk(KERN_WARNING ""Unrecognizable packet\n""); rc = -EINVAL; goto out; } if (data[(*packet_size)++] != 0x08) { printk(KERN_WARNING ""Unrecognizable packet\n""); rc = -EINVAL; goto out; } (*packet_size) += 12; memcpy(contents, &data[(*packet_size)], (*tag_11_contents_size)); (*packet_size) += (*tag_11_contents_size); out: if (rc) { (*packet_size) = 0; (*tag_11_contents_size) = 0; } return rc; }",linux-2.6,,,184548811020995567253390777157440827119,0 2257,CWE-362,"static int __init xfrm6_tunnel_init(void) { int rv; rv = xfrm_register_type(&xfrm6_tunnel_type, AF_INET6); if (rv < 0) goto err; rv = xfrm6_tunnel_register(&xfrm6_tunnel_handler, AF_INET6); if (rv < 0) goto unreg; rv = xfrm6_tunnel_register(&xfrm46_tunnel_handler, AF_INET); if (rv < 0) goto dereg6; rv = xfrm6_tunnel_spi_init(); if (rv < 0) goto dereg46; rv = register_pernet_subsys(&xfrm6_tunnel_net_ops); if (rv < 0) goto deregspi; return 0; deregspi: xfrm6_tunnel_spi_fini(); dereg46: xfrm6_tunnel_deregister(&xfrm46_tunnel_handler, AF_INET); dereg6: xfrm6_tunnel_deregister(&xfrm6_tunnel_handler, AF_INET6); unreg: xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6); err: return rv; }",visit repo url,net/ipv6/xfrm6_tunnel.c,https://github.com/torvalds/linux,111014509297717,1 2563,CWE-119,"int CLASS parse_jpeg(int offset) { int len, save, hlen, mark; fseek(ifp, offset, SEEK_SET); if (fgetc(ifp) != 0xff || fgetc(ifp) != 0xd8) return 0; while (fgetc(ifp) == 0xff && (mark = fgetc(ifp)) != 0xda) { order = 0x4d4d; len = get2() - 2; save = ftell(ifp); if (mark == 0xc0 || mark == 0xc3 || mark == 0xc9) { fgetc(ifp); raw_height = get2(); raw_width = get2(); } order = get2(); hlen = get4(); if (get4() == 0x48454150) { #ifdef LIBRAW_LIBRARY_BUILD imgdata.lens.makernotes.CameraMount = LIBRAW_MOUNT_FixedLens; imgdata.lens.makernotes.LensMount = LIBRAW_MOUNT_FixedLens; #endif parse_ciff(save + hlen, len - hlen, 0); } if (parse_tiff(save + 6)) apply_tiff(); fseek(ifp, save + len, SEEK_SET); } return 1; }",visit repo url,internal/dcraw_common.cpp,https://github.com/LibRaw/LibRaw,7360668486923,1 2843,['CWE-119'],"static int find_uid(struct posix_acl_state *state, struct posix_ace_state_array *a, uid_t uid) { int i; for (i = 0; i < a->n; i++) if (a->aces[i].uid == uid) return i; a->n++; a->aces[i].uid = uid; a->aces[i].perms.allow = state->everyone.allow; a->aces[i].perms.deny = state->everyone.deny; return i; }",linux-2.6,,,104323255552681114296727671750679389428,0 5500,CWE-125,"string_object_to_c_ast(const char *s, PyObject *filename, int start, PyCompilerFlags *flags, int feature_version, PyArena *arena) { mod_ty mod; PyCompilerFlags localflags; perrdetail err; int iflags = PARSER_FLAGS(flags); node *n = Ta3Parser_ParseStringObject(s, filename, &_Ta3Parser_Grammar, start, &err, &iflags); if (flags == NULL) { localflags.cf_flags = 0; flags = &localflags; } if (n) { flags->cf_flags |= iflags & PyCF_MASK; mod = Ta3AST_FromNodeObject(n, flags, filename, feature_version, arena); Ta3Node_Free(n); } else { err_input(&err); mod = NULL; } err_free(&err); return mod; }",visit repo url,ast3/Custom/typed_ast.c,https://github.com/python/typed_ast,81645105780682,1 3390,['CWE-264'],"int get_unused_fd(void) { struct files_struct * files = current->files; int fd, error; struct fdtable *fdt; error = -EMFILE; spin_lock(&files->file_lock); repeat: fdt = files_fdtable(files); fd = find_next_zero_bit(fdt->open_fds->fds_bits, fdt->max_fds, files->next_fd); if (fd >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur) goto out; error = expand_files(files, fd); if (error < 0) goto out; if (error) { error = -EMFILE; goto repeat; } FD_SET(fd, fdt->open_fds); FD_CLR(fd, fdt->close_on_exec); files->next_fd = fd + 1; #if 1 if (fdt->fd[fd] != NULL) { printk(KERN_WARNING ""get_unused_fd: slot %d not NULL!\n"", fd); fdt->fd[fd] = NULL; } #endif error = fd; out: spin_unlock(&files->file_lock); return error; }",linux-2.6,,,278164752933200123027184135892817992925,0 5256,['CWE-264'],"static canon_ace *dup_canon_ace( canon_ace *src_ace) { canon_ace *dst_ace = SMB_MALLOC_P(canon_ace); if (dst_ace == NULL) return NULL; *dst_ace = *src_ace; dst_ace->prev = dst_ace->next = NULL; return dst_ace; }",samba,,,128193764698414536032932113749724844004,0 4129,CWE-119,"static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) { unsigned long len; GET_STATE(self); Check_Type(array_nl, T_STRING); len = RSTRING_LEN(array_nl); if (len == 0) { if (state->array_nl) { ruby_xfree(state->array_nl); state->array_nl = NULL; } } else { if (state->array_nl) ruby_xfree(state->array_nl); state->array_nl = strdup(RSTRING_PTR(array_nl)); state->array_nl_len = len; } return Qnil; }",visit repo url,ext/json/ext/generator/generator.c,https://github.com/flori/json,16352477625078,1 4603,CWE-787,"s32 hevc_parse_slice_segment(GF_BitStream *bs, HEVCState *hevc, HEVCSliceInfo *si) { u32 i, j; u32 num_ref_idx_l0_active = 0, num_ref_idx_l1_active = 0; HEVC_PPS *pps; HEVC_SPS *sps; s32 pps_id; Bool RapPicFlag = GF_FALSE; Bool IDRPicFlag = GF_FALSE; si->first_slice_segment_in_pic_flag = gf_bs_read_int_log(bs, 1, ""first_slice_segment_in_pic_flag""); switch (si->nal_unit_type) { case GF_HEVC_NALU_SLICE_IDR_W_DLP: case GF_HEVC_NALU_SLICE_IDR_N_LP: IDRPicFlag = GF_TRUE; RapPicFlag = GF_TRUE; break; case GF_HEVC_NALU_SLICE_BLA_W_LP: case GF_HEVC_NALU_SLICE_BLA_W_DLP: case GF_HEVC_NALU_SLICE_BLA_N_LP: case GF_HEVC_NALU_SLICE_CRA: RapPicFlag = GF_TRUE; break; } if (RapPicFlag) { gf_bs_read_int_log(bs, 1, ""no_output_of_prior_pics_flag""); } pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if (pps_id >= 64) return -1; pps = &hevc->pps[pps_id]; sps = &hevc->sps[pps->sps_id]; si->sps = sps; si->pps = pps; if (!si->first_slice_segment_in_pic_flag && pps->dependent_slice_segments_enabled_flag) { si->dependent_slice_segment_flag = gf_bs_read_int_log(bs, 1, ""dependent_slice_segment_flag""); } else { si->dependent_slice_segment_flag = GF_FALSE; } if (!si->first_slice_segment_in_pic_flag) { si->slice_segment_address = gf_bs_read_int_log(bs, sps->bitsSliceSegmentAddress, ""slice_segment_address""); } else { si->slice_segment_address = 0; } if (!si->dependent_slice_segment_flag) { Bool deblocking_filter_override_flag = 0; Bool slice_temporal_mvp_enabled_flag = 0; Bool slice_sao_luma_flag = 0; Bool slice_sao_chroma_flag = 0; Bool slice_deblocking_filter_disabled_flag = 0; gf_bs_read_int_log(bs, pps->num_extra_slice_header_bits, ""slice_reserved_undetermined_flag""); si->slice_type = gf_bs_read_ue_log(bs, ""slice_type""); if (pps->output_flag_present_flag) gf_bs_read_int_log(bs, 1, ""pic_output_flag""); if (sps->separate_colour_plane_flag == 1) gf_bs_read_int_log(bs, 2, ""colour_plane_id""); if (IDRPicFlag) { si->poc_lsb = 0; if (!hevc->full_slice_header_parse) return 0; } else { si->poc_lsb = gf_bs_read_int_log(bs, sps->log2_max_pic_order_cnt_lsb, ""poc_lsb""); if (!hevc->full_slice_header_parse) return 0; if (gf_bs_read_int_log(bs, 1, ""short_term_ref_pic_set_sps_flag"") == 0) { Bool ret = hevc_parse_short_term_ref_pic_set(bs, sps, sps->num_short_term_ref_pic_sets); if (!ret) return -1; } else if (sps->num_short_term_ref_pic_sets > 1) { u32 numbits = 0; while ((u32)(1 << numbits) < sps->num_short_term_ref_pic_sets) numbits++; if (numbits > 0) gf_bs_read_int_log(bs, numbits, ""short_term_ref_pic_set_idx""); } if (sps->long_term_ref_pics_present_flag) { u8 DeltaPocMsbCycleLt[32]; u32 num_long_term_sps = 0; u32 num_long_term_pics = 0; memset(DeltaPocMsbCycleLt, 0, sizeof(u8) * 32); if (sps->num_long_term_ref_pic_sps > 0) { num_long_term_sps = gf_bs_read_ue_log(bs, ""num_long_term_sps""); } num_long_term_pics = gf_bs_read_ue_log(bs, ""num_long_term_pics""); for (i = 0; i < num_long_term_sps + num_long_term_pics; i++) { if (i < num_long_term_sps) { if (sps->num_long_term_ref_pic_sps > 1) gf_bs_read_int_log_idx(bs, gf_get_bit_size(sps->num_long_term_ref_pic_sps), ""lt_idx_sps"", i); } else { gf_bs_read_int_log_idx(bs, sps->log2_max_pic_order_cnt_lsb, ""PocLsbLt"", i); gf_bs_read_int_log_idx(bs, 1, ""UsedByCurrPicLt"", i); } if (gf_bs_read_int_log_idx(bs, 1, ""delta_poc_msb_present_flag"", i)) { if (i == 0 || i == num_long_term_sps) DeltaPocMsbCycleLt[i] = gf_bs_read_ue_log_idx(bs, ""DeltaPocMsbCycleLt"", i); else DeltaPocMsbCycleLt[i] = gf_bs_read_ue_log_idx(bs, ""DeltaPocMsbCycleLt"", i) + DeltaPocMsbCycleLt[i - 1]; } } } if (sps->temporal_mvp_enable_flag) slice_temporal_mvp_enabled_flag = gf_bs_read_int_log(bs, 1, ""slice_temporal_mvp_enabled_flag""); } if (sps->sample_adaptive_offset_enabled_flag) { u32 ChromaArrayType = sps->separate_colour_plane_flag ? 0 : sps->chroma_format_idc; slice_sao_luma_flag = gf_bs_read_int_log(bs, 1, ""slice_sao_luma_flag""); if (ChromaArrayType != 0) slice_sao_chroma_flag = gf_bs_read_int_log(bs, 1, ""slice_sao_chroma_flag""); } if (si->slice_type == GF_HEVC_SLICE_TYPE_P || si->slice_type == GF_HEVC_SLICE_TYPE_B) { num_ref_idx_l0_active = pps->num_ref_idx_l0_default_active; num_ref_idx_l1_active = 0; if (si->slice_type == GF_HEVC_SLICE_TYPE_B) num_ref_idx_l1_active = pps->num_ref_idx_l1_default_active; if (gf_bs_read_int_log(bs, 1, ""num_ref_idx_active_override_flag"")) { num_ref_idx_l0_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l0_active""); if (si->slice_type == GF_HEVC_SLICE_TYPE_B) num_ref_idx_l1_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l1_active""); } if (pps->lists_modification_present_flag ) { if (!ref_pic_lists_modification(bs, si->slice_type, num_ref_idx_l0_active, num_ref_idx_l1_active)) { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[hevc] ref_pic_lists_modification( ) not implemented\n"")); return -1; } } if (si->slice_type == GF_HEVC_SLICE_TYPE_B) gf_bs_read_int_log(bs, 1, ""mvd_l1_zero_flag""); if (pps->cabac_init_present_flag) gf_bs_read_int_log(bs, 1, ""cabac_init_flag""); if (slice_temporal_mvp_enabled_flag) { Bool collocated_from_l0_flag = 1; if (si->slice_type == GF_HEVC_SLICE_TYPE_B) collocated_from_l0_flag = gf_bs_read_int_log(bs, 1, ""collocated_from_l0_flag""); if ((collocated_from_l0_flag && (num_ref_idx_l0_active > 1)) || (!collocated_from_l0_flag && (num_ref_idx_l1_active > 1)) ) { gf_bs_read_ue_log(bs, ""collocated_ref_idx""); } } if ((pps->weighted_pred_flag && si->slice_type == GF_HEVC_SLICE_TYPE_P) || (pps->weighted_bipred_flag && si->slice_type == GF_HEVC_SLICE_TYPE_B) ) { hevc_pred_weight_table(bs, hevc, si, pps, sps, num_ref_idx_l0_active, num_ref_idx_l1_active); } gf_bs_read_ue_log(bs, ""five_minus_max_num_merge_cand""); } si->slice_qp_delta_start_bits = (s32) (gf_bs_get_position(bs) - 1) * 8 + gf_bs_get_bit_position(bs); si->slice_qp_delta = gf_bs_read_se_log(bs, ""slice_qp_delta""); if (pps->slice_chroma_qp_offsets_present_flag) { gf_bs_read_se_log(bs, ""slice_cb_qp_offset""); gf_bs_read_se_log(bs, ""slice_cr_qp_offset""); } if (pps->deblocking_filter_override_enabled_flag) { deblocking_filter_override_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_override_flag""); } if (deblocking_filter_override_flag) { slice_deblocking_filter_disabled_flag = gf_bs_read_int_log(bs, 1, ""slice_deblocking_filter_disabled_flag""); if (!slice_deblocking_filter_disabled_flag) { gf_bs_read_se_log(bs, ""slice_beta_offset_div2""); gf_bs_read_se_log(bs, ""slice_tc_offset_div2""); } } if (pps->loop_filter_across_slices_enabled_flag && (slice_sao_luma_flag || slice_sao_chroma_flag || !slice_deblocking_filter_disabled_flag) ) { gf_bs_read_int_log(bs, 1, ""slice_loop_filter_across_slices_enabled_flag""); } } else { if (!hevc->full_slice_header_parse) return 0; } si->entry_point_start_bits = ((u32)gf_bs_get_position(bs) - 1) * 8 + gf_bs_get_bit_position(bs); if (pps->tiles_enabled_flag || pps->entropy_coding_sync_enabled_flag) { u32 num_entry_point_offsets = gf_bs_read_ue_log(bs, ""num_entry_point_offsets""); if (num_entry_point_offsets > 0) { u32 offset = gf_bs_read_ue_log(bs, ""offset"") + 1; u32 segments = offset >> 4; s32 remain = (offset & 15); for (i = 0; i < num_entry_point_offsets; i++) { for (j = 0; j < segments; j++) { gf_bs_read_int(bs, 16); } if (remain) { gf_bs_read_int(bs, remain); } } } } if (pps->slice_segment_header_extension_present_flag) { u32 size_ext = gf_bs_read_ue_log(bs, ""size_ext""); while (size_ext) { gf_bs_read_int(bs, 8); size_ext--; } } si->header_size_bits = (gf_bs_get_position(bs) - 1) * 8 + gf_bs_get_bit_position(bs); if (gf_bs_read_int_log(bs, 1, ""byte_align"") == 0) { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""Error parsing slice header: byte_align not found at end of header !\n"")); } gf_bs_align(bs); si->payload_start_offset = (s32)gf_bs_get_position(bs); return 0; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,47224782058691,1 3086,NVD-CWE-Other,"int dtls1_get_record(SSL *s) { int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); dtls1_process_buffered_records(s); if (dtls1_get_processed_record(s)) return 1; again: if ( (s->rstate != SSL_ST_READ_BODY) || (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); if (n <= 0) return(n); if (s->packet_length != DTLS1_RT_HEADER_LENGTH) { s->packet_length = 0; goto again; } s->rstate=SSL_ST_READ_BODY; p=s->packet; if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); rr->type= *(p++); ssl_major= *(p++); ssl_minor= *(p++); version=(ssl_major<<8)|ssl_minor; n2s(p,rr->epoch); memcpy(&(s->s3->read_sequence[2]), p, 6); p+=6; n2s(p,rr->length); if (!s->first_packet) { if (version != s->version) { rr->length = 0; s->packet_length = 0; goto again; } } if ((version & 0xff00) != (s->version & 0xff00)) { rr->length = 0; s->packet_length = 0; goto again; } if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { rr->length = 0; s->packet_length = 0; goto again; } } if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH) { i=rr->length; n=ssl3_read_n(s,i,i,1); if ( n != i) { rr->length = 0; s->packet_length = 0; goto again; } } s->rstate=SSL_ST_READ_HEADER; bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); if ( bitmap == NULL) { rr->length = 0; s->packet_length = 0; goto again; } #ifndef OPENSSL_NO_SCTP if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) { #endif if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && *p == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; s->packet_length=0; goto again; } #ifndef OPENSSL_NO_SCTP } #endif if (rr->length == 0) goto again; if (is_next_epoch) { if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); } rr->length = 0; s->packet_length = 0; goto again; } if (!dtls1_process_record(s)) { rr->length = 0; s->packet_length = 0; goto again; } return(1); }",visit repo url,ssl/d1_pkt.c,https://github.com/openssl/openssl,27439058129002,1 1939,['CWE-20'],"int migrate_vmas(struct mm_struct *mm, const nodemask_t *to, const nodemask_t *from, unsigned long flags) { struct vm_area_struct *vma; int err = 0; for(vma = mm->mmap; vma->vm_next && !err; vma = vma->vm_next) { if (vma->vm_ops && vma->vm_ops->migrate) { err = vma->vm_ops->migrate(vma, to, from, flags); if (err) break; } } return err; }",linux-2.6,,,159978097079511865895314097964137290177,0 1215,['CWE-20'],"CairoFont *CairoFont::create(GfxFont *gfxFont, XRef *xref, FT_Library lib, GBool useCIDs) { Ref embRef; Object refObj, strObj; GooString *tmpFileName, *fileName,*tmpFileName2; DisplayFontParam *dfp; FILE *tmpFile; int c, i, n; GfxFontType fontType; char **enc; char *name; FoFiTrueType *ff; FoFiType1C *ff1c; Ref ref; static cairo_user_data_key_t cairo_font_face_key; cairo_font_face_t *cairo_font_face; FT_Face face; Gushort *codeToGID; int codeToGIDLen; dfp = NULL; codeToGID = NULL; codeToGIDLen = 0; cairo_font_face = NULL; ref = *gfxFont->getID(); fontType = gfxFont->getType(); tmpFileName = NULL; if (gfxFont->getEmbeddedFontID(&embRef)) { if (!openTempFile(&tmpFileName, &tmpFile, ""wb"", NULL)) { error(-1, ""Couldn't create temporary font file""); goto err2; } refObj.initRef(embRef.num, embRef.gen); refObj.fetch(xref, &strObj); refObj.free(); if (!strObj.isStream()) { error(-1, ""Embedded font object is wrong type""); strObj.free(); fclose(tmpFile); goto err2; } strObj.streamReset(); while ((c = strObj.streamGetChar()) != EOF) { fputc(c, tmpFile); } strObj.streamClose(); strObj.free(); fclose(tmpFile); fileName = tmpFileName; } else if (!(fileName = gfxFont->getExtFontFile())) { dfp = NULL; if (gfxFont->getName()) { dfp = globalParams->getDisplayFont(gfxFont); } if (!dfp) { error(-1, ""Couldn't find a font for '%s'"", gfxFont->getName() ? gfxFont->getName()->getCString() : ""(unnamed)""); goto err2; } switch (dfp->kind) { case displayFontT1: fileName = dfp->t1.fileName; fontType = gfxFont->isCIDFont() ? fontCIDType0 : fontType1; break; case displayFontTT: fileName = dfp->tt.fileName; fontType = gfxFont->isCIDFont() ? fontCIDType2 : fontTrueType; break; } } switch (fontType) { case fontType1: case fontType1C: if (FT_New_Face(lib, fileName->getCString(), 0, &face)) { error(-1, ""could not create type1 face""); goto err2; } enc = ((Gfx8BitFont *)gfxFont)->getEncoding(); codeToGID = (Gushort *)gmallocn(256, sizeof(int)); codeToGIDLen = 256; for (i = 0; i < 256; ++i) { codeToGID[i] = 0; if ((name = enc[i])) { codeToGID[i] = (Gushort)FT_Get_Name_Index(face, name); } } break; case fontCIDType2: codeToGID = NULL; n = 0; if (((GfxCIDFont *)gfxFont)->getCIDToGID()) { n = ((GfxCIDFont *)gfxFont)->getCIDToGIDLen(); if (n) { codeToGID = (Gushort *)gmallocn(n, sizeof(Gushort)); memcpy(codeToGID, ((GfxCIDFont *)gfxFont)->getCIDToGID(), n * sizeof(Gushort)); } } else { ff = FoFiTrueType::load(fileName->getCString()); if (! ff) goto err2; codeToGID = ((GfxCIDFont *)gfxFont)->getCodeToGIDMap(ff, &n); delete ff; } codeToGIDLen = n; case fontTrueType: if (!(ff = FoFiTrueType::load(fileName->getCString()))) { error(-1, ""failed to load truetype font\n""); goto err2; } if (fontType == fontTrueType) { codeToGID = ((Gfx8BitFont *)gfxFont)->getCodeToGIDMap(ff); codeToGIDLen = 256; } if (!openTempFile(&tmpFileName2, &tmpFile, ""wb"", NULL)) { delete ff; error(-1, ""failed to open truetype tempfile\n""); goto err2; } ff->writeTTF(&fileWrite, tmpFile); fclose(tmpFile); delete ff; if (FT_New_Face(lib, tmpFileName2->getCString(), 0, &face)) { error(-1, ""could not create truetype face\n""); goto err2; } unlink (tmpFileName2->getCString()); delete tmpFileName2; break; case fontCIDType0: case fontCIDType0C: codeToGID = NULL; codeToGIDLen = 0; if (!useCIDs) { if ((ff1c = FoFiType1C::load(fileName->getCString()))) { codeToGID = ff1c->getCIDToGIDMap(&codeToGIDLen); delete ff1c; } } if (FT_New_Face(lib, fileName->getCString(), 0, &face)) { gfree(codeToGID); codeToGID = NULL; error(-1, ""could not create cid face\n""); goto err2; } break; default: printf (""font type not handled\n""); goto err2; break; } if (fileName == tmpFileName) { unlink (fileName->getCString()); delete tmpFileName; } cairo_font_face = cairo_ft_font_face_create_for_ft_face (face, FT_LOAD_NO_HINTING | FT_LOAD_NO_BITMAP); if (cairo_font_face == NULL) { error(-1, ""could not create cairo font\n""); goto err2; } { CairoFont *ret = new CairoFont(ref, cairo_font_face, face, codeToGID, codeToGIDLen); cairo_font_face_set_user_data (cairo_font_face, &cairo_font_face_key, ret, cairo_font_face_destroy); return ret; } err2: printf (""some font thing failed\n""); return NULL; }",poppler,,,117103155606137295047808127184080162393,0 2868,CWE-119,"tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ tsize_t written=0; unsigned char* buffer=NULL; unsigned char* samplebuffer=NULL; tsize_t bufferoffset=0; tsize_t samplebufferoffset=0; tsize_t read=0; tstrip_t i=0; tstrip_t j=0; tstrip_t stripcount=0; tsize_t stripsize=0; tsize_t sepstripcount=0; tsize_t sepstripsize=0; #ifdef OJPEG_SUPPORT toff_t inputoffset=0; uint16 h_samp=1; uint16 v_samp=1; uint16 ri=1; uint32 rows=0; #endif #ifdef JPEG_SUPPORT unsigned char* jpt; float* xfloatp; uint64* sbc; unsigned char* stripbuffer; tsize_t striplength=0; uint32 max_striplength=0; #endif if (t2p->t2p_error != T2P_ERR_OK) return(0); if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){ #ifdef CCITT_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_G4){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if (buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for "" ""t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB){ TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef ZIP_SUPPORT if (t2p->pdf_compression == T2P_COMPRESS_ZIP) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB) { TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef OJPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_OJPEG) { if(t2p->tiff_dataoffset != 0) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if(t2p->pdf_ojpegiflength==0){ inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); t2pReadFile(input, (tdata_t) buffer, t2p->tiff_datasize); t2pSeekFile(input, inputoffset, SEEK_SET); t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } else { inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); bufferoffset = t2pReadFile(input, (tdata_t) buffer, t2p->pdf_ojpegiflength); t2p->pdf_ojpegiflength = 0; t2pSeekFile(input, inputoffset, SEEK_SET); TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &h_samp, &v_samp); buffer[bufferoffset++]= 0xff; buffer[bufferoffset++]= 0xdd; buffer[bufferoffset++]= 0x00; buffer[bufferoffset++]= 0x04; h_samp*=8; v_samp*=8; ri=(t2p->tiff_width+h_samp-1) / h_samp; TIFFGetField(input, TIFFTAG_ROWSPERSTRIP, &rows); ri*=(rows+v_samp-1)/v_samp; buffer[bufferoffset++]= (ri>>8) & 0xff; buffer[bufferoffset++]= ri & 0xff; stripcount=TIFFNumberOfStrips(input); for(i=0;ipdf_ojpegdata){ TIFFError(TIFF2PDF_MODULE, ""No support for OJPEG image %s with bad tables"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); _TIFFmemcpy(buffer, t2p->pdf_ojpegdata, t2p->pdf_ojpegdatalength); bufferoffset=t2p->pdf_ojpegdatalength; stripcount=TIFFNumberOfStrips(input); for(i=0;it2p_error = T2P_ERR_ERROR; return(0); #endif } } #endif #ifdef JPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_JPEG) { uint32 count = 0; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if (TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { if(count > 4) { _TIFFmemcpy(buffer, jpt, count); bufferoffset += count - 2; } } stripcount=TIFFNumberOfStrips(input); TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc); for(i=0;imax_striplength) max_striplength=sbc[i]; } stripbuffer = (unsigned char*) _TIFFmalloc(max_striplength); if(stripbuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s"", max_striplength, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } for(i=0;itiff_length)){ TIFFError(TIFF2PDF_MODULE, ""Can't process JPEG data in input file %s"", TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } } buffer[bufferoffset++]=0xff; buffer[bufferoffset++]=0xd9; t2pWriteFile(output, (tdata_t) buffer, bufferoffset); _TIFFfree(stripbuffer); _TIFFfree(buffer); return(bufferoffset); } #endif (void)0; } if(t2p->pdf_sample==T2P_SAMPLE_NOTHING){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } } else { if(t2p->pdf_sample & T2P_SAMPLE_PLANAR_SEPARATE_TO_CONTIG){ sepstripsize=TIFFStripSize(input); sepstripcount=TIFFNumberOfStrips(input); stripsize=sepstripsize*t2p->tiff_samplesperpixel; stripcount=sepstripcount/t2p->tiff_samplesperpixel; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); samplebuffer = (unsigned char*) _TIFFmalloc(stripsize); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } for(i=0;itiff_samplesperpixel;j++){ read = TIFFReadEncodedStrip(input, i + j*stripcount, (tdata_t) &(samplebuffer[samplebufferoffset]), TIFFmin(sepstripsize, stripsize - samplebufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i + j*stripcount, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } samplebufferoffset+=read; } t2p_sample_planar_separate_to_contig( t2p, &(buffer[bufferoffset]), samplebuffer, samplebufferoffset); bufferoffset+=samplebufferoffset; } _TIFFfree(samplebuffer); goto dataready; } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } if(t2p->pdf_sample & T2P_SAMPLE_REALIZE_PALETTE){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t) buffer, t2p->tiff_datasize * t2p->tiff_samplesperpixel); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; t2p->tiff_datasize *= t2p->tiff_samplesperpixel; } t2p_sample_realize_palette(t2p, buffer); } if(t2p->pdf_sample & T2P_SAMPLE_RGBA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgba_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_RGBAA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgbaa_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_YCBCR_TO_RGB){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length*4); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; } if(!TIFFReadRGBAImageOriented( input, t2p->tiff_width, t2p->tiff_length, (uint32*)buffer, ORIENTATION_TOPLEFT, 0)){ TIFFError(TIFF2PDF_MODULE, ""Can't use TIFFReadRGBAImageOriented to extract RGB image from %s"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } t2p->tiff_datasize=t2p_sample_abgr_to_rgb( (tdata_t) buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_LAB_SIGNED_TO_UNSIGNED){ t2p->tiff_datasize=t2p_sample_lab_signed_to_unsigned( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } } dataready: t2p_disable(output); TIFFSetField(output, TIFFTAG_PHOTOMETRIC, t2p->tiff_photometric); TIFFSetField(output, TIFFTAG_BITSPERSAMPLE, t2p->tiff_bitspersample); TIFFSetField(output, TIFFTAG_SAMPLESPERPIXEL, t2p->tiff_samplesperpixel); TIFFSetField(output, TIFFTAG_IMAGEWIDTH, t2p->tiff_width); TIFFSetField(output, TIFFTAG_IMAGELENGTH, t2p->tiff_length); TIFFSetField(output, TIFFTAG_ROWSPERSTRIP, t2p->tiff_length); TIFFSetField(output, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); TIFFSetField(output, TIFFTAG_FILLORDER, FILLORDER_MSB2LSB); switch(t2p->pdf_compression){ case T2P_COMPRESS_NONE: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_NONE); break; #ifdef CCITT_SUPPORT case T2P_COMPRESS_G4: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_CCITTFAX4); break; #endif #ifdef JPEG_SUPPORT case T2P_COMPRESS_JPEG: if(t2p->tiff_photometric==PHOTOMETRIC_YCBCR) { uint16 hor = 0, ver = 0; if (TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &hor, &ver) !=0 ) { if(hor != 0 && ver != 0){ TIFFSetField(output, TIFFTAG_YCBCRSUBSAMPLING, hor, ver); } } if(TIFFGetField(input, TIFFTAG_REFERENCEBLACKWHITE, &xfloatp)!=0){ TIFFSetField(output, TIFFTAG_REFERENCEBLACKWHITE, xfloatp); } } if(TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_JPEG)==0){ TIFFError(TIFF2PDF_MODULE, ""Unable to use JPEG compression for input %s and output %s"", TIFFFileName(input), TIFFFileName(output)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFSetField(output, TIFFTAG_JPEGTABLESMODE, 0); if(t2p->pdf_colorspace & (T2P_CS_RGB | T2P_CS_LAB)){ TIFFSetField(output, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_YCBCR); if(t2p->tiff_photometric != PHOTOMETRIC_YCBCR){ TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RAW); } } if(t2p->pdf_colorspace & T2P_CS_GRAY){ (void)0; } if(t2p->pdf_colorspace & T2P_CS_CMYK){ (void)0; } if(t2p->pdf_defaultcompressionquality != 0){ TIFFSetField(output, TIFFTAG_JPEGQUALITY, t2p->pdf_defaultcompressionquality); } break; #endif #ifdef ZIP_SUPPORT case T2P_COMPRESS_ZIP: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_DEFLATE); if(t2p->pdf_defaultcompressionquality%100 != 0){ TIFFSetField(output, TIFFTAG_PREDICTOR, t2p->pdf_defaultcompressionquality % 100); } if(t2p->pdf_defaultcompressionquality/100 != 0){ TIFFSetField(output, TIFFTAG_ZIPQUALITY, (t2p->pdf_defaultcompressionquality / 100)); } break; #endif default: break; } t2p_enable(output); t2p->outputwritten = 0; #ifdef JPEG_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_JPEG && t2p->tiff_photometric == PHOTOMETRIC_YCBCR){ bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, stripsize * stripcount); } else #endif { bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, t2p->tiff_datasize); } if (buffer != NULL) { _TIFFfree(buffer); buffer=NULL; } if (bufferoffset == (tsize_t)-1) { TIFFError(TIFF2PDF_MODULE, ""Error writing encoded strip to output PDF %s"", TIFFFileName(output)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } written = t2p->outputwritten; return(written); }",visit repo url,tools/tiff2pdf.c,https://github.com/vadz/libtiff,108893693056642,1 5659,['CWE-476'],"int udp_disconnect(struct sock *sk, int flags) { struct inet_sock *inet = inet_sk(sk); sk->sk_state = TCP_CLOSE; inet->daddr = 0; inet->dport = 0; sk->sk_bound_dev_if = 0; if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) inet_reset_saddr(sk); if (!(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) { sk->sk_prot->unhash(sk); inet->sport = 0; } sk_dst_reset(sk); return 0; }",linux-2.6,,,152922253814918142053250560837676852453,0 4368,CWE-787,"char *enl_ipc_get(const char *msg_data) { static char *message = NULL; static unsigned short len = 0; char buff[13], *ret_msg = NULL; register unsigned char i; unsigned char blen; if (msg_data == IPC_TIMEOUT) { return(IPC_TIMEOUT); } for (i = 0; i < 12; i++) { buff[i] = msg_data[i]; } buff[12] = 0; blen = strlen(buff); if (message != NULL) { len += blen; message = (char *) erealloc(message, len + 1); strcat(message, buff); } else { len = blen; message = (char *) emalloc(len + 1); strcpy(message, buff); } if (blen < 12) { ret_msg = message; message = NULL; D((""Received complete reply: \""%s\""\n"", ret_msg)); } return(ret_msg); }",visit repo url,src/wallpaper.c,https://github.com/derf/feh,91131814399366,1 3491,CWE-119,"static int is_integer(char *string) { if (isdigit(string[0]) || string[0] == '-' || string[0] == '+') { while (*++string && isdigit(*string)) ; if (!*string) return 1; } return 0; }",visit repo url,t1asm.c,https://github.com/kohler/t1utils,39159963495852,1 4978,CWE-125,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 5839,['CWE-200'],"static void aun_data_available(struct sock *sk, int slen) { int err; struct sk_buff *skb; unsigned char *data; struct aunhdr *ah; struct iphdr *ip; size_t len; while ((skb = skb_recv_datagram(sk, 0, 1, &err)) == NULL) { if (err == -EAGAIN) { printk(KERN_ERR ""AUN: no data available?!""); return; } printk(KERN_DEBUG ""AUN: recvfrom() error %d\n"", -err); } data = skb_transport_header(skb) + sizeof(struct udphdr); ah = (struct aunhdr *)data; len = skb->len - sizeof(struct udphdr); ip = ip_hdr(skb); switch (ah->code) { case 2: aun_incoming(skb, ah, len); break; case 3: aun_tx_ack(ah->handle, ECTYPE_TRANSMIT_OK); break; case 4: aun_tx_ack(ah->handle, ECTYPE_TRANSMIT_NOT_LISTENING); break; #if 0 case 5: aun_send_response(ip->saddr, ah->handle, 6, ah->cb); break; #endif default: printk(KERN_DEBUG ""unknown AUN packet (type %d)\n"", data[0]); } skb_free_datagram(sk, skb); }",linux-2.6,,,327748262450048668924854128865662539438,0 1715,CWE-19,"ext2_xattr_put_super(struct super_block *sb) { mb_cache_shrink(sb->s_bdev); }",visit repo url,fs/ext2/xattr.c,https://github.com/torvalds/linux,125724049917560,1 510,CWE-862,"static void construct_get_dest_keyring(struct key **_dest_keyring) { struct request_key_auth *rka; const struct cred *cred = current_cred(); struct key *dest_keyring = *_dest_keyring, *authkey; kenter(""%p"", dest_keyring); if (dest_keyring) { key_get(dest_keyring); } else { switch (cred->jit_keyring) { case KEY_REQKEY_DEFL_DEFAULT: case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: if (cred->request_key_auth) { authkey = cred->request_key_auth; down_read(&authkey->sem); rka = authkey->payload.data[0]; if (!test_bit(KEY_FLAG_REVOKED, &authkey->flags)) dest_keyring = key_get(rka->dest_keyring); up_read(&authkey->sem); if (dest_keyring) break; } case KEY_REQKEY_DEFL_THREAD_KEYRING: dest_keyring = key_get(cred->thread_keyring); if (dest_keyring) break; case KEY_REQKEY_DEFL_PROCESS_KEYRING: dest_keyring = key_get(cred->process_keyring); if (dest_keyring) break; case KEY_REQKEY_DEFL_SESSION_KEYRING: rcu_read_lock(); dest_keyring = key_get( rcu_dereference(cred->session_keyring)); rcu_read_unlock(); if (dest_keyring) break; case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: dest_keyring = key_get(cred->user->session_keyring); break; case KEY_REQKEY_DEFL_USER_KEYRING: dest_keyring = key_get(cred->user->uid_keyring); break; case KEY_REQKEY_DEFL_GROUP_KEYRING: default: BUG(); } } *_dest_keyring = dest_keyring; kleave("" [dk %d]"", key_serial(dest_keyring)); return; }",visit repo url,security/keys/request_key.c,https://github.com/torvalds/linux,44500961422014,1 6449,[],"lt_dlgetinfo (lt_dlhandle handle) { if (!handle) { LT__SETERROR (INVALID_HANDLE); return 0; } return &(handle->info); }",libtool,,,235254650816604996526474804246332006100,0 2646,[],"struct sctp_endpoint *sctp_endpoint_is_match(struct sctp_endpoint *ep, const union sctp_addr *laddr) { struct sctp_endpoint *retval = NULL; if (htons(ep->base.bind_addr.port) == laddr->v4.sin_port) { if (sctp_bind_addr_match(&ep->base.bind_addr, laddr, sctp_sk(ep->base.sk))) retval = ep; } return retval; }",linux-2.6,,,116521341511953643859927547744135367237,0 1880,['CWE-189'],"_gnutls_server_name_send_params (gnutls_session_t session, opaque * data, size_t _data_size) { uint16_t len; opaque *p; unsigned i; ssize_t data_size = _data_size; int total_size = 0; if (session->security_parameters.entity == GNUTLS_CLIENT) { if (session->security_parameters.extensions.server_names_size == 0) return 0; total_size = 2; for (i = 0; i < session->security_parameters.extensions.server_names_size; i++) { len = session->security_parameters.extensions.server_names[i]. name_length; total_size += 1 + 2 + len; } p = data; DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER); _gnutls_write_uint16 (total_size - 2, p); p += 2; for (i = 0; i < session->security_parameters.extensions.server_names_size; i++) { switch (session->security_parameters.extensions. server_names[i].type) { case GNUTLS_NAME_DNS: len = session->security_parameters.extensions. server_names[i].name_length; if (len == 0) break; DECR_LENGTH_RET (data_size, len + 3, GNUTLS_E_SHORT_MEMORY_BUFFER); *p = 0; p++; _gnutls_write_uint16 (len, p); p += 2; memcpy (p, session->security_parameters.extensions. server_names[i].name, len); p += len; break; default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } } } return total_size; }",gnutls,,,129338422426006887709724712967911146200,0 2395,['CWE-119'],"static void print_line_count(FILE *file, int count) { switch (count) { case 0: fprintf(file, ""0,0""); break; case 1: fprintf(file, ""1""); break; default: fprintf(file, ""1,%d"", count); break; } }",git,,,222345975012602285986371209580293119031,0 1263,[],"init_pattern_buffer (struct re_pattern_buffer *buf, struct re_registers *regs) { buf->translate = NULL; buf->fastmap = NULL; buf->buffer = NULL; buf->allocated = 0; if (regs) { regs->start = NULL; regs->end = NULL; } }",m4,,,5938506676838656954216911612718707517,0 5896,CWE-120,"static void handle_PORT(ctrl_t *ctrl, char *str) { int a, b, c, d, e, f; char addr[INET_ADDRSTRLEN]; struct sockaddr_in sin; if (ctrl->data_sd > 0) { uev_io_stop(&ctrl->data_watcher); close(ctrl->data_sd); ctrl->data_sd = -1; } sscanf(str, ""%d,%d,%d,%d,%d,%d"", &a, &b, &c, &d, &e, &f); sprintf(addr, ""%d.%d.%d.%d"", a, b, c, d); if (!inet_aton(addr, &(sin.sin_addr))) { ERR(0, ""Invalid address '%s' given to PORT command"", addr); send_msg(ctrl->sd, ""500 Illegal PORT command.\r\n""); return; } strlcpy(ctrl->data_address, addr, sizeof(ctrl->data_address)); ctrl->data_port = e * 256 + f; DBG(""Client PORT command accepted for %s:%d"", ctrl->data_address, ctrl->data_port); send_msg(ctrl->sd, ""200 PORT command successful.\r\n""); }",visit repo url,src/ftpcmd.c,https://github.com/troglobit/uftpd,220417524866891,1 3177,['CWE-189'],"jas_image_t *jp2_decode(jas_stream_t *in, char *optstr) { jp2_box_t *box; int found; jas_image_t *image; jp2_dec_t *dec; bool samedtype; int dtype; unsigned int i; jp2_cmap_t *cmapd; jp2_pclr_t *pclrd; jp2_cdef_t *cdefd; unsigned int channo; int newcmptno; int_fast32_t *lutents; #if 0 jp2_cdefchan_t *cdefent; int cmptno; #endif jp2_cmapent_t *cmapent; jas_icchdr_t icchdr; jas_iccprof_t *iccprof; dec = 0; box = 0; image = 0; if (!(dec = jp2_dec_create())) { goto error; } if (!(box = jp2_box_get(in))) { jas_eprintf(""error: cannot get box\n""); goto error; } if (box->type != JP2_BOX_JP) { jas_eprintf(""error: expecting signature box\n""); goto error; } if (box->data.jp.magic != JP2_JP_MAGIC) { jas_eprintf(""incorrect magic number\n""); goto error; } jp2_box_destroy(box); box = 0; if (!(box = jp2_box_get(in))) { goto error; } if (box->type != JP2_BOX_FTYP) { jas_eprintf(""expecting file type box\n""); goto error; } jp2_box_destroy(box); box = 0; found = 0; while ((box = jp2_box_get(in))) { if (jas_getdbglevel() >= 1) { jas_eprintf(""box type %s\n"", box->info->name); } switch (box->type) { case JP2_BOX_JP2C: found = 1; break; case JP2_BOX_IHDR: if (!dec->ihdr) { dec->ihdr = box; box = 0; } break; case JP2_BOX_BPCC: if (!dec->bpcc) { dec->bpcc = box; box = 0; } break; case JP2_BOX_CDEF: if (!dec->cdef) { dec->cdef = box; box = 0; } break; case JP2_BOX_PCLR: if (!dec->pclr) { dec->pclr = box; box = 0; } break; case JP2_BOX_CMAP: if (!dec->cmap) { dec->cmap = box; box = 0; } break; case JP2_BOX_COLR: if (!dec->colr) { dec->colr = box; box = 0; } break; } if (box) { jp2_box_destroy(box); box = 0; } if (found) { break; } } if (!found) { jas_eprintf(""error: no code stream found\n""); goto error; } if (!(dec->image = jpc_decode(in, optstr))) { jas_eprintf(""error: cannot decode code stream\n""); goto error; } if (!dec->ihdr) { jas_eprintf(""error: missing IHDR box\n""); goto error; } if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } samedtype = true; dtype = jas_image_cmptdtype(dec->image, 0); for (i = 1; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != dtype) { samedtype = false; break; } } if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) || (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) { jas_eprintf(""warning: component data type mismatch\n""); } if (dec->ihdr->data.ihdr.comptype != JP2_IHDR_COMPTYPE) { jas_eprintf(""error: unsupported compression type\n""); goto error; } if (dec->bpcc) { if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(uint, jas_image_numcmpts( dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!samedtype) { for (i = 0; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) { jas_eprintf(""warning: component data type mismatch\n""); } } } else { jas_eprintf(""warning: superfluous BPCC box\n""); } } if (!dec->colr) { jas_eprintf(""error: no COLR box\n""); goto error; } switch (dec->colr->data.colr.method) { case JP2_COLR_ENUM: jas_image_setclrspc(dec->image, jp2_getcs(&dec->colr->data.colr)); break; case JP2_COLR_ICC: iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, dec->colr->data.colr.iccplen); if (!iccprof) { jas_eprintf(""error: failed to parse ICC profile\n""); goto error; } jas_iccprof_gethdr(iccprof, &icchdr); jas_eprintf(""ICC Profile CS %08x\n"", icchdr.colorspc); jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof); assert(dec->image->cmprof_); jas_iccprof_destroy(iccprof); break; } if (dec->cmap && !dec->pclr) { jas_eprintf(""warning: missing PCLR box or superfluous CMAP box\n""); jp2_box_destroy(dec->cmap); dec->cmap = 0; } if (!dec->cmap && dec->pclr) { jas_eprintf(""warning: missing CMAP box or superfluous PCLR box\n""); jp2_box_destroy(dec->pclr); dec->pclr = 0; } dec->numchans = dec->cmap ? dec->cmap->data.cmap.numchans : JAS_CAST(uint, jas_image_numcmpts(dec->image)); if (dec->cmap) { for (i = 0; i < dec->numchans; ++i) { if (dec->cmap->data.cmap.ents[i].cmptno >= JAS_CAST(uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""error: invalid component number in CMAP box\n""); goto error; } if (dec->cmap->data.cmap.ents[i].pcol >= dec->pclr->data.pclr.numchans) { jas_eprintf(""error: invalid CMAP LUT index\n""); goto error; } } } if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) { jas_eprintf(""error: no memory\n""); goto error; } if (!dec->cmap) { for (i = 0; i < dec->numchans; ++i) { dec->chantocmptlut[i] = i; } } else { cmapd = &dec->cmap->data.cmap; pclrd = &dec->pclr->data.pclr; cdefd = &dec->cdef->data.cdef; for (channo = 0; channo < cmapd->numchans; ++channo) { cmapent = &cmapd->ents[channo]; if (cmapent->map == JP2_CMAP_DIRECT) { dec->chantocmptlut[channo] = channo; } else if (cmapent->map == JP2_CMAP_PALETTE) { lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); for (i = 0; i < pclrd->numlutents; ++i) { lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; } newcmptno = jas_image_numcmpts(dec->image); jas_image_depalettize(dec->image, cmapent->cmptno, pclrd->numlutents, lutents, JP2_BPCTODTYPE(pclrd->bpc[cmapent->pcol]), newcmptno); dec->chantocmptlut[channo] = newcmptno; jas_free(lutents); #if 0 if (dec->cdef) { cdefent = jp2_cdef_lookup(cdefd, channo); if (!cdefent) { abort(); } jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), cdefent->type, cdefent->assoc)); } else { jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1)); } #endif } } } for (i = 0; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { jas_image_setcmpttype(dec->image, i, JAS_IMAGE_CT_UNKNOWN); } if (dec->cdef) { for (i = 0; i < dec->numchans; ++i) { if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { jas_eprintf(""error: invalid channel number in CDEF box\n""); goto error; } jas_image_setcmpttype(dec->image, dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], jp2_getct(jas_image_clrspc(dec->image), dec->cdef->data.cdef.ents[i].type, dec->cdef->data.cdef.ents[i].assoc)); } } else { for (i = 0; i < dec->numchans; ++i) { jas_image_setcmpttype(dec->image, dec->chantocmptlut[i], jp2_getct(jas_image_clrspc(dec->image), 0, i + 1)); } } for (i = jas_image_numcmpts(dec->image); i > 0; --i) { if (jas_image_cmpttype(dec->image, i - 1) == JAS_IMAGE_CT_UNKNOWN) { jas_image_delcmpt(dec->image, i - 1); } } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } #if 0 jas_eprintf(""no of components is %d\n"", jas_image_numcmpts(dec->image)); #endif image = dec->image; dec->image = 0; jp2_dec_destroy(dec); return image; error: if (box) { jp2_box_destroy(box); } if (dec) { jp2_dec_destroy(dec); } return 0; }",jasper,,,44250030437075600245477405079230893062,0 5585,[],"SYSCALL_DEFINE4(rt_sigaction, int, sig, const struct sigaction __user *, act, struct sigaction __user *, oact, size_t, sigsetsize) { struct k_sigaction new_sa, old_sa; int ret = -EINVAL; if (sigsetsize != sizeof(sigset_t)) goto out; if (act) { if (copy_from_user(&new_sa.sa, act, sizeof(new_sa.sa))) return -EFAULT; } ret = do_sigaction(sig, act ? &new_sa : NULL, oact ? &old_sa : NULL); if (!ret && oact) { if (copy_to_user(oact, &old_sa.sa, sizeof(old_sa.sa))) return -EFAULT; } out: return ret; }",linux-2.6,,,161667503416342193581769366013421878024,0 1109,['CWE-399'],"get_stack(struct k_sigaction *ka, struct pt_regs *regs, unsigned long size) { unsigned long sp; sp = regs->sp - 128; if (ka->sa.sa_flags & SA_ONSTACK) { if (sas_ss_flags(sp) == 0) sp = current->sas_ss_sp + current->sas_ss_size; } return (void __user *)round_down(sp - size, 16); }",linux-2.6,,,3815536023096147187216266410993207430,0 5508,CWE-125,"tok_get(struct tok_state *tok, char **p_start, char **p_end) { int c; int blankline, nonascii; *p_start = *p_end = NULL; nextline: tok->start = NULL; blankline = 0; if (tok->atbol) { int col = 0; int altcol = 0; tok->atbol = 0; for (;;) { c = tok_nextc(tok); if (c == ' ') { col++, altcol++; } else if (c == '\t') { col = (col/tok->tabsize + 1) * tok->tabsize; altcol = (altcol/tok->alttabsize + 1) * tok->alttabsize; } else if (c == '\014') { col = altcol = 0; } else { break; } } tok_backup(tok, c); if (c == '#' || c == '\n') { if (col == 0 && c == '\n' && tok->prompt != NULL) { blankline = 0; } else { blankline = 1; } } if (!blankline && tok->level == 0) { if (col == tok->indstack[tok->indent]) { if (altcol != tok->altindstack[tok->indent]) { if (indenterror(tok)) { return ERRORTOKEN; } } } else if (col > tok->indstack[tok->indent]) { if (tok->indent+1 >= MAXINDENT) { tok->done = E_TOODEEP; tok->cur = tok->inp; return ERRORTOKEN; } if (altcol <= tok->altindstack[tok->indent]) { if (indenterror(tok)) { return ERRORTOKEN; } } tok->pendin++; tok->indstack[++tok->indent] = col; tok->altindstack[tok->indent] = altcol; } else { while (tok->indent > 0 && col < tok->indstack[tok->indent]) { tok->pendin--; tok->indent--; } if (col != tok->indstack[tok->indent]) { tok->done = E_DEDENT; tok->cur = tok->inp; return ERRORTOKEN; } if (altcol != tok->altindstack[tok->indent]) { if (indenterror(tok)) { return ERRORTOKEN; } } } } } tok->start = tok->cur; if (tok->pendin != 0) { if (tok->pendin < 0) { tok->pendin++; return DEDENT; } else { tok->pendin--; return INDENT; } } if (tok->async_def && !blankline && tok->level == 0 && tok->async_def_nl && tok->async_def_indent >= tok->indent) { tok->async_def = 0; tok->async_def_indent = 0; tok->async_def_nl = 0; } again: tok->start = NULL; do { c = tok_nextc(tok); } while (c == ' ' || c == '\t' || c == '\014'); tok->start = tok->cur - 1; if (c == '#') { const char *prefix, *p, *type_start; while (c != EOF && c != '\n') c = tok_nextc(tok); p = tok->start; prefix = type_comment_prefix; while (*prefix && p < tok->cur) { if (*prefix == ' ') { while (*p == ' ' || *p == '\t') p++; } else if (*prefix == *p) { p++; } else { break; } prefix++; } if (!*prefix) { int is_type_ignore = 1; tok_backup(tok, c); type_start = p; is_type_ignore = tok->cur >= p + 6 && memcmp(p, ""ignore"", 6) == 0; p += 6; while (is_type_ignore && p < tok->cur) { if (*p == '#') break; is_type_ignore = is_type_ignore && (*p == ' ' || *p == '\t'); p++; } if (is_type_ignore) { if (blankline) { tok_nextc(tok); tok->atbol = 1; } return TYPE_IGNORE; } else { *p_start = (char *) type_start; *p_end = tok->cur; return TYPE_COMMENT; } } } if (c == EOF) { return tok->done == E_EOF ? ENDMARKER : ERRORTOKEN; } nonascii = 0; if (is_potential_identifier_start(c)) { int saw_b = 0, saw_r = 0, saw_u = 0, saw_f = 0; while (1) { if (!(saw_b || saw_u || saw_f) && (c == 'b' || c == 'B')) saw_b = 1; else if (!(saw_b || saw_u || saw_r || saw_f) && (c == 'u'|| c == 'U')) { saw_u = 1; } else if (!(saw_r || saw_u) && (c == 'r' || c == 'R')) { saw_r = 1; } else if (!(saw_f || saw_b || saw_u) && (c == 'f' || c == 'F')) { saw_f = 1; } else { break; } c = tok_nextc(tok); if (c == '""' || c == '\'') { goto letter_quote; } } while (is_potential_identifier_char(c)) { if (c >= 128) { nonascii = 1; } c = tok_nextc(tok); } tok_backup(tok, c); if (nonascii && !verify_identifier(tok)) { return ERRORTOKEN; } *p_start = tok->start; *p_end = tok->cur; if (tok->cur - tok->start == 5) { if (tok->async_def) { if (memcmp(tok->start, ""async"", 5) == 0) { return ASYNC; } if (memcmp(tok->start, ""await"", 5) == 0) { return AWAIT; } } else if (memcmp(tok->start, ""async"", 5) == 0) { struct tok_state ahead_tok; char *ahead_tok_start = NULL, *ahead_tok_end = NULL; int ahead_tok_kind; memcpy(&ahead_tok, tok, sizeof(ahead_tok)); ahead_tok_kind = tok_get(&ahead_tok, &ahead_tok_start, &ahead_tok_end); if (ahead_tok_kind == NAME && ahead_tok.cur - ahead_tok.start == 3 && memcmp(ahead_tok.start, ""def"", 3) == 0) { tok->async_def_indent = tok->indent; tok->async_def = 1; return ASYNC; } } } return NAME; } if (c == '\n') { tok->atbol = 1; if (blankline || tok->level > 0) { goto nextline; } *p_start = tok->start; *p_end = tok->cur - 1; tok->cont_line = 0; if (tok->async_def) { tok->async_def_nl = 1; } return NEWLINE; } if (c == '.') { c = tok_nextc(tok); if (isdigit(c)) { goto fraction; } else if (c == '.') { c = tok_nextc(tok); if (c == '.') { *p_start = tok->start; *p_end = tok->cur; return ELLIPSIS; } else { tok_backup(tok, c); } tok_backup(tok, '.'); } else { tok_backup(tok, c); } *p_start = tok->start; *p_end = tok->cur; return DOT; } if (isdigit(c)) { if (c == '0') { c = tok_nextc(tok); if (c == 'x' || c == 'X') { c = tok_nextc(tok); do { if (c == '_') { c = tok_nextc(tok); } if (!isxdigit(c)) { tok->done = E_TOKEN; tok_backup(tok, c); return ERRORTOKEN; } do { c = tok_nextc(tok); } while (isxdigit(c)); } while (c == '_'); } else if (c == 'o' || c == 'O') { c = tok_nextc(tok); do { if (c == '_') { c = tok_nextc(tok); } if (c < '0' || c >= '8') { tok->done = E_TOKEN; tok_backup(tok, c); return ERRORTOKEN; } do { c = tok_nextc(tok); } while ('0' <= c && c < '8'); } while (c == '_'); } else if (c == 'b' || c == 'B') { c = tok_nextc(tok); do { if (c == '_') { c = tok_nextc(tok); } if (c != '0' && c != '1') { tok->done = E_TOKEN; tok_backup(tok, c); return ERRORTOKEN; } do { c = tok_nextc(tok); } while (c == '0' || c == '1'); } while (c == '_'); } else { int nonzero = 0; while (1) { if (c == '_') { c = tok_nextc(tok); if (!isdigit(c)) { tok->done = E_TOKEN; tok_backup(tok, c); return ERRORTOKEN; } } if (c != '0') { break; } c = tok_nextc(tok); } if (isdigit(c)) { nonzero = 1; c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } } if (c == '.') { c = tok_nextc(tok); goto fraction; } else if (c == 'e' || c == 'E') { goto exponent; } else if (c == 'j' || c == 'J') { goto imaginary; } else if (nonzero) { tok->done = E_TOKEN; tok_backup(tok, c); return ERRORTOKEN; } } } else { c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } { if (c == '.') { c = tok_nextc(tok); fraction: if (isdigit(c)) { c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } } } if (c == 'e' || c == 'E') { int e; exponent: e = c; c = tok_nextc(tok); if (c == '+' || c == '-') { c = tok_nextc(tok); if (!isdigit(c)) { tok->done = E_TOKEN; tok_backup(tok, c); return ERRORTOKEN; } } else if (!isdigit(c)) { tok_backup(tok, c); tok_backup(tok, e); *p_start = tok->start; *p_end = tok->cur; return NUMBER; } c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } } if (c == 'j' || c == 'J') { imaginary: c = tok_nextc(tok); } } } tok_backup(tok, c); *p_start = tok->start; *p_end = tok->cur; return NUMBER; } letter_quote: if (c == '\'' || c == '""') { int quote = c; int quote_size = 1; int end_quote_size = 0; c = tok_nextc(tok); if (c == quote) { c = tok_nextc(tok); if (c == quote) { quote_size = 3; } else { end_quote_size = 1; } } if (c != quote) { tok_backup(tok, c); } while (end_quote_size != quote_size) { c = tok_nextc(tok); if (c == EOF) { if (quote_size == 3) { tok->done = E_EOFS; } else { tok->done = E_EOLS; } tok->cur = tok->inp; return ERRORTOKEN; } if (quote_size == 1 && c == '\n') { tok->done = E_EOLS; tok->cur = tok->inp; return ERRORTOKEN; } if (c == quote) { end_quote_size += 1; } else { end_quote_size = 0; if (c == '\\') { tok_nextc(tok); } } } *p_start = tok->start; *p_end = tok->cur; return STRING; } if (c == '\\') { c = tok_nextc(tok); if (c != '\n') { tok->done = E_LINECONT; tok->cur = tok->inp; return ERRORTOKEN; } tok->cont_line = 1; goto again; } { int c2 = tok_nextc(tok); int token = Ta3Token_TwoChars(c, c2); if (token != OP) { int c3 = tok_nextc(tok); int token3 = Ta3Token_ThreeChars(c, c2, c3); if (token3 != OP) { token = token3; } else { tok_backup(tok, c3); } *p_start = tok->start; *p_end = tok->cur; return token; } tok_backup(tok, c2); } switch (c) { case '(': case '[': case '{': tok->level++; break; case ')': case ']': case '}': tok->level--; break; } *p_start = tok->start; *p_end = tok->cur; return Ta3Token_OneChar(c); }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,260480444705178,1 4821,['CWE-399'],"static void remove_kevent(struct inotify_device *dev, struct inotify_kernel_event *kevent) { list_del(&kevent->list); dev->event_count--; dev->queue_size -= sizeof(struct inotify_event) + kevent->event.len; }",linux-2.6,,,134945999827232404733959845678604196595,0 1280,CWE-119,"xlate_to_uni(const unsigned char *name, int len, unsigned char *outname, int *longlen, int *outlen, int escape, int utf8, struct nls_table *nls) { const unsigned char *ip; unsigned char nc; unsigned char *op; unsigned int ec; int i, k, fill; int charlen; if (utf8) { *outlen = utf8s_to_utf16s(name, len, (wchar_t *)outname); if (*outlen < 0) return *outlen; else if (*outlen > FAT_LFN_LEN) return -ENAMETOOLONG; op = &outname[*outlen * sizeof(wchar_t)]; } else { if (nls) { for (i = 0, ip = name, op = outname, *outlen = 0; i < len && *outlen <= FAT_LFN_LEN; *outlen += 1) { if (escape && (*ip == ':')) { if (i > len - 5) return -EINVAL; ec = 0; for (k = 1; k < 5; k++) { nc = ip[k]; ec <<= 4; if (nc >= '0' && nc <= '9') { ec |= nc - '0'; continue; } if (nc >= 'a' && nc <= 'f') { ec |= nc - ('a' - 10); continue; } if (nc >= 'A' && nc <= 'F') { ec |= nc - ('A' - 10); continue; } return -EINVAL; } *op++ = ec & 0xFF; *op++ = ec >> 8; ip += 5; i += 5; } else { if ((charlen = nls->char2uni(ip, len - i, (wchar_t *)op)) < 0) return -EINVAL; ip += charlen; i += charlen; op += 2; } } if (i < len) return -ENAMETOOLONG; } else { for (i = 0, ip = name, op = outname, *outlen = 0; i < len && *outlen <= FAT_LFN_LEN; i++, *outlen += 1) { *op++ = *ip++; *op++ = 0; } if (i < len) return -ENAMETOOLONG; } } *longlen = *outlen; if (*outlen % 13) { *op++ = 0; *op++ = 0; *outlen += 1; if (*outlen % 13) { fill = 13 - (*outlen % 13); for (i = 0; i < fill; i++) { *op++ = 0xff; *op++ = 0xff; } *outlen += fill; } } return 0; }",visit repo url,fs/fat/namei_vfat.c,https://github.com/torvalds/linux,105280556576136,1 4206,[]," if((pRcvBuf = malloc(MAXLINE * sizeof(char))) == NULL) { ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); }",rsyslog,,,100531028882851636889366035726846440862,0 2654,CWE-125,"PHP_FUNCTION(locale_filter_matches) { char* lang_tag = NULL; int lang_tag_len = 0; const char* loc_range = NULL; int loc_range_len = 0; int result = 0; char* token = 0; char* chrcheck = NULL; char* can_lang_tag = NULL; char* can_loc_range = NULL; char* cur_lang_tag = NULL; char* cur_loc_range = NULL; zend_bool boolCanonical = 0; UErrorCode status = U_ZERO_ERROR; intl_error_reset( NULL TSRMLS_CC ); if(zend_parse_parameters( ZEND_NUM_ARGS() TSRMLS_CC, ""ss|b"", &lang_tag, &lang_tag_len , &loc_range , &loc_range_len , &boolCanonical) == FAILURE) { intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ""locale_filter_matches: unable to parse input params"", 0 TSRMLS_CC ); RETURN_FALSE; } if(loc_range_len == 0) { loc_range = intl_locale_get_default(TSRMLS_C); } if( strcmp(loc_range,""*"")==0){ RETURN_TRUE; } if( boolCanonical ){ can_loc_range=get_icu_value_internal( loc_range , LOC_CANONICALIZE_TAG , &result , 0); if( result ==0) { intl_error_set( NULL, status, ""locale_filter_matches : unable to canonicalize loc_range"" , 0 TSRMLS_CC ); RETURN_FALSE; } can_lang_tag = get_icu_value_internal( lang_tag , LOC_CANONICALIZE_TAG , &result , 0); if( result ==0) { intl_error_set( NULL, status, ""locale_filter_matches : unable to canonicalize lang_tag"" , 0 TSRMLS_CC ); RETURN_FALSE; } cur_lang_tag = ecalloc( 1, strlen(can_lang_tag) + 1); result = strToMatch( can_lang_tag , cur_lang_tag); if( result == 0) { efree( cur_lang_tag ); efree( can_lang_tag ); RETURN_FALSE; } cur_loc_range = ecalloc( 1, strlen(can_loc_range) + 1); result = strToMatch( can_loc_range , cur_loc_range ); if( result == 0) { efree( cur_lang_tag ); efree( can_lang_tag ); efree( cur_loc_range ); efree( can_loc_range ); RETURN_FALSE; } token = strstr( cur_lang_tag , cur_loc_range ); if( token && (token==cur_lang_tag) ){ chrcheck = token + (strlen(cur_loc_range)); if( isIDSeparator(*chrcheck) || isEndOfTag(*chrcheck) ){ if( cur_lang_tag){ efree( cur_lang_tag ); } if( cur_loc_range){ efree( cur_loc_range ); } if( can_lang_tag){ efree( can_lang_tag ); } if( can_loc_range){ efree( can_loc_range ); } RETURN_TRUE; } } if( cur_lang_tag){ efree( cur_lang_tag ); } if( cur_loc_range){ efree( cur_loc_range ); } if( can_lang_tag){ efree( can_lang_tag ); } if( can_loc_range){ efree( can_loc_range ); } RETURN_FALSE; } else{ cur_lang_tag = ecalloc( 1, strlen(lang_tag ) + 1); result = strToMatch( lang_tag , cur_lang_tag); if( result == 0) { efree( cur_lang_tag ); RETURN_FALSE; } cur_loc_range = ecalloc( 1, strlen(loc_range ) + 1); result = strToMatch( loc_range , cur_loc_range ); if( result == 0) { efree( cur_lang_tag ); efree( cur_loc_range ); RETURN_FALSE; } token = strstr( cur_lang_tag , cur_loc_range ); if( token && (token==cur_lang_tag) ){ chrcheck = token + (strlen(cur_loc_range)); if( isIDSeparator(*chrcheck) || isEndOfTag(*chrcheck) ){ if( cur_lang_tag){ efree( cur_lang_tag ); } if( cur_loc_range){ efree( cur_loc_range ); } RETURN_TRUE; } } if( cur_lang_tag){ efree( cur_lang_tag ); } if( cur_loc_range){ efree( cur_loc_range ); } RETURN_FALSE; } }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,87965825099532,1 3072,['CWE-189'],"static jas_cmreal_t jas_cmshapmatlut_lookup(jas_cmshapmatlut_t *lut, jas_cmreal_t x) { jas_cmreal_t t; int lo; int hi; t = x * (lut->size - 1); lo = floor(t); if (lo < 0) return lut->data[0]; hi = ceil(t); if (hi >= lut->size) return lut->data[lut->size - 1]; return lut->data[lo] + (t - lo) * (lut->data[hi] - lut->data[lo]); }",jasper,,,2422413092323193689522867846753485380,0 6528,['CWE-200'],"check_sensitivity (ActionInfo *info, PolKitResult pk_result) { gboolean sensitive = TRUE; NMExportedConnection *exported = NULL; NMConnection *connection = NULL; exported = get_active_connection (info->treeview); if (exported) connection = nm_exported_connection_get_connection (exported); if (!connection) return FALSE; if (nm_connection_get_scope (connection) != NM_CONNECTION_SCOPE_SYSTEM) return TRUE; if (pk_result == POLKIT_RESULT_UNKNOWN) pk_result = polkit_gnome_action_get_polkit_result (info->gnome_action); if (pk_result == POLKIT_RESULT_NO || pk_result == POLKIT_RESULT_UNKNOWN) sensitive = FALSE; return sensitive; }",network-manager-applet,,,271474717324957128085274643468309762751,0 5905,CWE-190,"static Jsi_RC jsi_ArraySizeOfCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this,Jsi_Value **ret, Jsi_Func *funcPtr) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array object""); int i = Jsi_ObjGetLength(interp, _this->d.obj); Jsi_ValueMakeNumber(interp, ret, i); return JSI_OK; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,215481696189500,1 1503,[],"void aggregate_group_weight(struct task_group *tg, struct sched_domain *sd) { unsigned long rq_weight = 0; unsigned long task_weight = 0; int i; for_each_cpu_mask(i, sd->span) { rq_weight += tg->cfs_rq[i]->load.weight; task_weight += tg->cfs_rq[i]->task_weight; } aggregate(tg, sd)->rq_weight = rq_weight; aggregate(tg, sd)->task_weight = task_weight; }",linux-2.6,,,83570627571842513539110080681210742594,0 5501,['CWE-476'],"static int is_matching_cpuid_entry(struct kvm_cpuid_entry2 *e, u32 function, u32 index) { if (e->function != function) return 0; if ((e->flags & KVM_CPUID_FLAG_SIGNIFCANT_INDEX) && e->index != index) return 0; if ((e->flags & KVM_CPUID_FLAG_STATEFUL_FUNC) && !(e->flags & KVM_CPUID_FLAG_STATE_READ_NEXT)) return 0; return 1; }",linux-2.6,,,220499605797254256371182386912548387956,0 4642,CWE-120,"GF_Err stbl_AddDTS(GF_SampleTableBox *stbl, u64 DTS, u32 *sampleNumber, u32 LastAUDefDuration, u32 nb_packed_samples) { u32 i, j, sampNum; u64 *DTSs, curDTS; Bool inserted; GF_SttsEntry *ent; GF_TimeToSampleBox *stts = stbl->TimeToSample; stts->r_FirstSampleInEntry = 0; *sampleNumber = 0; if (!nb_packed_samples) nb_packed_samples=1; if (!stts->nb_entries) { if (DTS) return GF_BAD_PARAM; stts->alloc_size = 1; stts->nb_entries = 1; stts->entries = gf_malloc(sizeof(GF_SttsEntry)); if (!stts->entries) return GF_OUT_OF_MEM; stts->entries[0].sampleCount = nb_packed_samples; stts->entries[0].sampleDelta = (nb_packed_samples>1) ? 0 : LastAUDefDuration; (*sampleNumber) = 1; stts->w_currentSampleNum = nb_packed_samples; return GF_OK; } if (DTS >= stts->w_LastDTS) { u32 nb_extra = 0; ent = &stts->entries[stts->nb_entries-1]; if (!ent->sampleDelta && (ent->sampleCount>1)) { ent->sampleDelta = (u32) ( DTS / ent->sampleCount); stts->w_LastDTS = DTS - ent->sampleDelta; } if ((DTS == stts->w_LastDTS + ent->sampleDelta) || ((nb_packed_samples>1) && ((DTS == stts->w_LastDTS) || (DTS == stts->w_LastDTS + 2*ent->sampleDelta) )) ) { (*sampleNumber) = stts->w_currentSampleNum + 1; ent->sampleCount += nb_packed_samples; stts->w_currentSampleNum += nb_packed_samples; stts->w_LastDTS = DTS + ent->sampleDelta * (nb_packed_samples-1); return GF_OK; } if (ent->sampleCount == 1) { #if 0 if (stts->w_LastDTS) ent->sampleDelta += (u32) (DTS - stts->w_LastDTS); else ent->sampleDelta = (u32) DTS; #else ent->sampleDelta = (u32) (DTS - stts->w_LastDTS); #endif ent->sampleCount ++; if ((stts->nb_entries>=2) && (ent->sampleDelta== stts->entries[stts->nb_entries-2].sampleDelta)) { stts->entries[stts->nb_entries-2].sampleCount += ent->sampleCount; stts->nb_entries--; } stts->w_currentSampleNum ++; stts->w_LastDTS = DTS; (*sampleNumber) = stts->w_currentSampleNum; return GF_OK; } ent->sampleCount --; if (nb_packed_samples>1) nb_extra = 1; if (stts->alloc_size <= stts->nb_entries + nb_extra) { ALLOC_INC(stts->alloc_size); stts->entries = gf_realloc(stts->entries, sizeof(GF_SttsEntry)*stts->alloc_size); if (!stts->entries) return GF_OUT_OF_MEM; memset(&stts->entries[stts->nb_entries], 0, sizeof(GF_SttsEntry)*(stts->alloc_size-stts->nb_entries) ); } if (nb_extra) nb_extra = stts->entries[stts->nb_entries-1].sampleDelta; ent = &stts->entries[stts->nb_entries]; stts->nb_entries++; if (nb_packed_samples==1) { ent->sampleCount = 2; ent->sampleDelta = (u32) (DTS - stts->w_LastDTS); stts->w_LastDTS = DTS; (*sampleNumber) = stts->w_currentSampleNum+1; stts->w_currentSampleNum += 1; return GF_OK; } ent->sampleCount = 1; ent->sampleDelta = (u32) (DTS - stts->w_LastDTS); ent = &stts->entries[stts->nb_entries]; stts->nb_entries++; ent->sampleCount = nb_packed_samples; ent->sampleDelta = nb_extra; stts->w_LastDTS = DTS; (*sampleNumber) = stts->w_currentSampleNum + 1; stts->w_currentSampleNum += nb_packed_samples; return GF_OK; } DTSs = (u64*)gf_malloc(sizeof(u64) * (stbl->SampleSize->sampleCount+2) ); if (!DTSs) return GF_OUT_OF_MEM; curDTS = 0; sampNum = 0; ent = NULL; inserted = 0; for (i=0; inb_entries; i++) { ent = & stts->entries[i]; for (j = 0; jsampleCount; j++) { if (!inserted && (curDTS > DTS)) { DTSs[sampNum] = DTS; sampNum++; *sampleNumber = sampNum; inserted = 1; } DTSs[sampNum] = curDTS; curDTS += ent->sampleDelta; sampNum ++; } } if (!inserted) { gf_free(DTSs); return GF_BAD_PARAM; } if (stts->nb_entries+3 >= stts->alloc_size) { stts->alloc_size += 3; stts->entries = gf_realloc(stts->entries, sizeof(GF_SttsEntry)*stts->alloc_size); if (!stts->entries) return GF_OUT_OF_MEM; memset(&stts->entries[stts->nb_entries], 0, sizeof(GF_SttsEntry)*(stts->alloc_size - stts->nb_entries) ); } j=0; stts->nb_entries = 1; stts->entries[0].sampleCount = 1; stts->entries[0].sampleDelta = (u32) DTSs[1] ; for (i=1; iSampleSize->sampleCount+1; i++) { if (i == stbl->SampleSize->sampleCount) { stts->entries[j].sampleCount++; } else if (stts->entries[j].sampleDelta == (u32) ( DTSs[i+1] - DTSs[i]) ) { stts->entries[j].sampleCount ++; } else { stts->nb_entries ++; j++; stts->entries[j].sampleCount = 1; stts->entries[j].sampleDelta = (u32) (DTSs[i+1] - DTSs[i]); } } gf_free(DTSs); stts->w_currentSampleNum = stbl->SampleSize->sampleCount + 1; return GF_OK; }",visit repo url,src/isomedia/stbl_write.c,https://github.com/gpac/gpac,110198166039029,1 24,['CWE-264'],"static void php_sqlite3_func_callback(sqlite3_context *context, int argc, sqlite3_value **argv) { struct pdo_sqlite_func *func = (struct pdo_sqlite_func*)sqlite3_user_data(context); TSRMLS_FETCH(); do_callback(&func->afunc, func->func, argc, argv, context, 0 TSRMLS_CC); }",php-src,,,11926174938671080858056000715968975871,0 4684,['CWE-399'],"void ext4_delete_inode(struct inode *inode) { handle_t *handle; int err; if (ext4_should_order_data(inode)) ext4_begin_ordered_truncate(inode, 0); truncate_inode_pages(&inode->i_data, 0); if (is_bad_inode(inode)) goto no_delete; handle = ext4_journal_start(inode, blocks_for_truncate(inode)+3); if (IS_ERR(handle)) { ext4_std_error(inode->i_sb, PTR_ERR(handle)); ext4_orphan_del(NULL, inode); goto no_delete; } if (IS_SYNC(inode)) ext4_handle_sync(handle); inode->i_size = 0; err = ext4_mark_inode_dirty(handle, inode); if (err) { ext4_warning(inode->i_sb, __func__, ""couldn't mark inode dirty (err %d)"", err); goto stop_handle; } if (inode->i_blocks) ext4_truncate(inode); if (!ext4_handle_has_enough_credits(handle, 3)) { err = ext4_journal_extend(handle, 3); if (err > 0) err = ext4_journal_restart(handle, 3); if (err != 0) { ext4_warning(inode->i_sb, __func__, ""couldn't extend journal (err %d)"", err); stop_handle: ext4_journal_stop(handle); goto no_delete; } } ext4_orphan_del(handle, inode); EXT4_I(inode)->i_dtime = get_seconds(); if (ext4_mark_inode_dirty(handle, inode)) clear_inode(inode); else ext4_free_inode(handle, inode); ext4_journal_stop(handle); return; no_delete: clear_inode(inode); }",linux-2.6,,,161446285557147338260584107616866208015,0 2480,CWE-189,"void * calloc(size_t n, size_t lb) { if (lb && n > SIZE_MAX / lb) return NULL; # if defined(GC_LINUX_THREADS) { static GC_bool lib_bounds_set = FALSE; ptr_t caller = (ptr_t)__builtin_return_address(0); if (!EXPECT(lib_bounds_set, TRUE)) { GC_init_lib_bounds(); lib_bounds_set = TRUE; } if (((word)caller >= (word)GC_libpthread_start && (word)caller < (word)GC_libpthread_end) || ((word)caller >= (word)GC_libld_start && (word)caller < (word)GC_libld_end)) return GC_malloc_uncollectable(n*lb); } # endif return((void *)REDIRECT_MALLOC(n*lb)); }",visit repo url,malloc.c,https://github.com/ivmai/bdwgc,37087844632033,1 6027,['CWE-200'],"static void cbq_link_class(struct cbq_class *this) { struct cbq_sched_data *q = qdisc_priv(this->qdisc); unsigned h = cbq_hash(this->classid); struct cbq_class *parent = this->tparent; this->sibling = this; this->next = q->classes[h]; q->classes[h] = this; if (parent == NULL) return; if (parent->children == NULL) { parent->children = this; } else { this->sibling = parent->children->sibling; parent->children->sibling = this; } }",linux-2.6,,,155253433115661094969820107999111071875,0 2161,['CWE-400'],"static struct page *shmem_swapin(swp_entry_t entry, gfp_t gfp, struct shmem_inode_info *info, unsigned long idx) { struct mempolicy mpol, *spol; struct vm_area_struct pvma; struct page *page; spol = mpol_cond_copy(&mpol, mpol_shared_policy_lookup(&info->policy, idx)); pvma.vm_start = 0; pvma.vm_pgoff = idx; pvma.vm_ops = NULL; pvma.vm_policy = spol; page = swapin_readahead(entry, gfp, &pvma, 0); return page; }",linux-2.6,,,100209786685883300538005148413091514691,0 1831,['CWE-189'],"_gnutls_encrypt (gnutls_session_t session, const opaque * headers, size_t headers_size, const opaque * data, size_t data_size, opaque * ciphertext, size_t ciphertext_size, content_type_t type, int random_pad) { gnutls_datum_t plain; gnutls_datum_t comp; int ret; int free_comp = 1; plain.data = (opaque *) data; plain.size = data_size; if (plain.size == 0 || is_write_comp_null (session) == 0) { comp = plain; free_comp = 0; } else { ret = _gnutls_m_plaintext2compressed (session, &comp, &plain); if (ret < 0) { gnutls_assert (); return ret; } } ret = _gnutls_compressed2ciphertext (session, &ciphertext[headers_size], ciphertext_size - headers_size, comp, type, random_pad); if (free_comp) _gnutls_free_datum (&comp); if (ret < 0) { gnutls_assert (); return ret; } memcpy (ciphertext, headers, headers_size); _gnutls_write_uint16 (ret, &ciphertext[3]); return ret + headers_size; }",gnutls,,,78326501610093647174687903878031587645,0 372,CWE-416,"tcpmss_mangle_packet(struct sk_buff *skb, const struct xt_action_param *par, unsigned int family, unsigned int tcphoff, unsigned int minlen) { const struct xt_tcpmss_info *info = par->targinfo; struct tcphdr *tcph; int len, tcp_hdrlen; unsigned int i; __be16 oldval; u16 newmss; u8 *opt; if (par->fragoff != 0) return 0; if (!skb_make_writable(skb, skb->len)) return -1; len = skb->len - tcphoff; if (len < (int)sizeof(struct tcphdr)) return -1; tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); tcp_hdrlen = tcph->doff * 4; if (len < tcp_hdrlen) return -1; if (info->mss == XT_TCPMSS_CLAMP_PMTU) { struct net *net = xt_net(par); unsigned int in_mtu = tcpmss_reverse_mtu(net, skb, family); unsigned int min_mtu = min(dst_mtu(skb_dst(skb)), in_mtu); if (min_mtu <= minlen) { net_err_ratelimited(""unknown or invalid path-MTU (%u)\n"", min_mtu); return -1; } newmss = min_mtu - minlen; } else newmss = info->mss; opt = (u_int8_t *)tcph; for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) { if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) { u_int16_t oldmss; oldmss = (opt[i+2] << 8) | opt[i+3]; if (oldmss <= newmss) return 0; opt[i+2] = (newmss & 0xff00) >> 8; opt[i+3] = newmss & 0x00ff; inet_proto_csum_replace2(&tcph->check, skb, htons(oldmss), htons(newmss), false); return 0; } } if (len > tcp_hdrlen) return 0; if (skb_tailroom(skb) < TCPOLEN_MSS) { if (pskb_expand_head(skb, 0, TCPOLEN_MSS - skb_tailroom(skb), GFP_ATOMIC)) return -1; tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); } skb_put(skb, TCPOLEN_MSS); if (xt_family(par) == NFPROTO_IPV4) newmss = min(newmss, (u16)536); else newmss = min(newmss, (u16)1220); opt = (u_int8_t *)tcph + sizeof(struct tcphdr); memmove(opt + TCPOLEN_MSS, opt, len - sizeof(struct tcphdr)); inet_proto_csum_replace2(&tcph->check, skb, htons(len), htons(len + TCPOLEN_MSS), true); opt[0] = TCPOPT_MSS; opt[1] = TCPOLEN_MSS; opt[2] = (newmss & 0xff00) >> 8; opt[3] = newmss & 0x00ff; inet_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), false); oldval = ((__be16 *)tcph)[6]; tcph->doff += TCPOLEN_MSS/4; inet_proto_csum_replace2(&tcph->check, skb, oldval, ((__be16 *)tcph)[6], false); return TCPOLEN_MSS; }",visit repo url,net/netfilter/xt_TCPMSS.c,https://github.com/torvalds/linux,97648357526791,1 5295,['CWE-119'],"static ssize_t tun_chr_aio_read(struct kiocb *iocb, const struct iovec *iv, unsigned long count, loff_t pos) { struct file *file = iocb->ki_filp; struct tun_file *tfile = file->private_data; struct tun_struct *tun = __tun_get(tfile); DECLARE_WAITQUEUE(wait, current); struct sk_buff *skb; ssize_t len, ret = 0; if (!tun) return -EBADFD; DBG(KERN_INFO ""%s: tun_chr_read\n"", tun->dev->name); len = iov_length(iv, count); if (len < 0) { ret = -EINVAL; goto out; } add_wait_queue(&tun->socket.wait, &wait); while (len) { current->state = TASK_INTERRUPTIBLE; if (!(skb=skb_dequeue(&tun->readq))) { if (file->f_flags & O_NONBLOCK) { ret = -EAGAIN; break; } if (signal_pending(current)) { ret = -ERESTARTSYS; break; } if (tun->dev->reg_state != NETREG_REGISTERED) { ret = -EIO; break; } schedule(); continue; } netif_wake_queue(tun->dev); ret = tun_put_user(tun, skb, iv, len); kfree_skb(skb); break; } current->state = TASK_RUNNING; remove_wait_queue(&tun->socket.wait, &wait); out: tun_put(tun); return ret; }",linux-2.6,,,62250484676858879072084949701394334374,0 6628,NVD-CWE-noinfo,"njs_function_prototype_apply(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs, njs_index_t unused) { int64_t i, length; njs_int_t ret; njs_frame_t *frame; njs_value_t *this, *arr_like; njs_array_t *arr; njs_function_t *func; if (!njs_is_function(njs_argument(args, 0))) { njs_type_error(vm, ""\""this\"" argument is not a function""); return NJS_ERROR; } func = njs_function(njs_argument(args, 0)); this = njs_arg(args, nargs, 1); arr_like = njs_arg(args, nargs, 2); if (njs_is_null_or_undefined(arr_like)) { length = 0; goto activate; } else if (njs_is_array(arr_like)) { arr = arr_like->data.u.array; args = arr->start; length = arr->length; goto activate; } else if (njs_slow_path(!njs_is_object(arr_like))) { njs_type_error(vm, ""second argument is not an array-like object""); return NJS_ERROR; } ret = njs_object_length(vm, arr_like, &length); if (njs_slow_path(ret != NJS_OK)) { return ret; } arr = njs_array_alloc(vm, 1, length, NJS_ARRAY_SPARE); if (njs_slow_path(arr == NULL)) { return NJS_ERROR; } args = arr->start; for (i = 0; i < length; i++) { ret = njs_value_property_i64(vm, arr_like, i, &args[i]); if (njs_slow_path(ret == NJS_ERROR)) { return ret; } } activate: vm->top_frame->skip = 1; frame = (njs_frame_t *) vm->top_frame; ret = njs_function_frame(vm, func, this, args, length, 0); if (njs_slow_path(ret != NJS_OK)) { return ret; } ret = njs_function_frame_invoke(vm, frame->native.retval); if (njs_slow_path(ret != NJS_OK)) { return ret; } return NJS_DECLINED; }",visit repo url,src/njs_function.c,https://github.com/nginx/njs,106578003764109,1 4899,['CWE-20'],"static loff_t nfs_llseek_dir(struct file *filp, loff_t offset, int origin) { mutex_lock(&filp->f_path.dentry->d_inode->i_mutex); switch (origin) { case 1: offset += filp->f_pos; case 0: if (offset >= 0) break; default: offset = -EINVAL; goto out; } if (offset != filp->f_pos) { filp->f_pos = offset; ((struct nfs_open_context *)filp->private_data)->dir_cookie = 0; } out: mutex_unlock(&filp->f_path.dentry->d_inode->i_mutex); return offset; }",linux-2.6,,,140097295920612482698340428271026847745,0 4536,['CWE-20'],"static void dx_insert_block(struct dx_frame *frame, u32 hash, ext4_lblk_t block) { struct dx_entry *entries = frame->entries; struct dx_entry *old = frame->at, *new = old + 1; int count = dx_get_count(entries); assert(count < dx_get_limit(entries)); assert(old < entries + count); memmove(new + 1, new, (char *)(entries + count) - (char *)(new)); dx_set_hash(new, hash); dx_set_block(new, block); dx_set_count(entries, count + 1); }",linux-2.6,,,120872277190707968296977814746056898046,0 6761,['CWE-310'],"property_value_destroy (gpointer data) { GValue *value = (GValue *) data; g_value_unset (value); g_slice_free (GValue, data); }",network-manager-applet,,,255946686533519045840489534518810644923,0 2615,[],"static void sctp_skb_set_owner_r_frag(struct sk_buff *skb, struct sock *sk) { struct sk_buff *frag; if (!skb->data_len) goto done; for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) sctp_skb_set_owner_r_frag(frag, sk); done: sctp_skb_set_owner_r(skb, sk); }",linux-2.6,,,152767705757791484955730076147998630729,0 1031,CWE-20,"sctp_disposition_t sctp_sf_do_asconf(struct net *net, const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_chunk *asconf_ack = NULL; struct sctp_paramhdr *err_param = NULL; sctp_addiphdr_t *hdr; union sctp_addr_param *addr_param; __u32 serial; int length; if (!sctp_vtag_verify(chunk, asoc)) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, SCTP_NULL()); return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); } if (!net->sctp.addip_noauth && !chunk->auth) return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_addip_chunk_t))) return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, commands); hdr = (sctp_addiphdr_t *)chunk->skb->data; serial = ntohl(hdr->serial); addr_param = (union sctp_addr_param *)hdr->params; length = ntohs(addr_param->p.length); if (length < sizeof(sctp_paramhdr_t)) return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, (void *)addr_param, commands); if (!sctp_verify_asconf(asoc, (sctp_paramhdr_t *)((void *)addr_param + length), (void *)chunk->chunk_end, &err_param)) return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, (void *)err_param, commands); if (serial == asoc->peer.addip_serial + 1) { if (!chunk->has_asconf) sctp_assoc_clean_asconf_ack_cache(asoc); asconf_ack = sctp_process_asconf((struct sctp_association *) asoc, chunk); if (!asconf_ack) return SCTP_DISPOSITION_NOMEM; } else if (serial < asoc->peer.addip_serial + 1) { asconf_ack = sctp_assoc_lookup_asconf_ack(asoc, hdr->serial); if (!asconf_ack) return SCTP_DISPOSITION_DISCARD; asconf_ack->transport = NULL; } else { return SCTP_DISPOSITION_DISCARD; } asconf_ack->dest = chunk->source; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asconf_ack)); if (asoc->new_transport) { sctp_sf_heartbeat(ep, asoc, type, asoc->new_transport, commands); ((struct sctp_association *)asoc)->new_transport = NULL; } return SCTP_DISPOSITION_CONSUME; }",visit repo url,net/sctp/sm_statefuns.c,https://github.com/torvalds/linux,116245283201720,1 6200,CWE-190,"void fp_read_bin(fp_t a, const uint8_t *bin, int len) { bn_t t; bn_null(t); if (len != RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } RLC_TRY { bn_new(t); bn_read_bin(t, bin, len); if (bn_sign(t) == RLC_NEG || bn_cmp(t, &core_get()->prime) != RLC_LT) { RLC_THROW(ERR_NO_VALID); } else { if (bn_is_zero(t)) { fp_zero(a); } else { if (t->used == 1) { fp_prime_conv_dig(a, t->dp[0]); } else { fp_prime_conv(a, t); } } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/fp/relic_fp_util.c,https://github.com/relic-toolkit/relic,49185569828069,1 5603,CWE-125,"fstring_find_literal(const char **str, const char *end, int raw, PyObject **literal, int recurse_lvl, struct compiling *c, const node *n) { const char *literal_start = *str; const char *literal_end; int in_named_escape = 0; int result = 0; assert(*literal == NULL); for (; *str < end; (*str)++) { char ch = **str; if (!in_named_escape && ch == '{' && (*str)-literal_start >= 2 && *(*str-2) == '\\' && *(*str-1) == 'N') { in_named_escape = 1; } else if (in_named_escape && ch == '}') { in_named_escape = 0; } else if (ch == '{' || ch == '}') { if (recurse_lvl == 0) { if (*str+1 < end && *(*str+1) == ch) { literal_end = *str+1; *str += 2; result = 1; goto done; } if (ch == '}') { ast_error(c, n, ""f-string: single '}' is not allowed""); return -1; } } break; } } literal_end = *str; assert(*str <= end); assert(*str == end || **str == '{' || **str == '}'); done: if (literal_start != literal_end) { if (raw) *literal = PyUnicode_DecodeUTF8Stateful(literal_start, literal_end-literal_start, NULL, NULL); else *literal = decode_unicode_with_escapes(c, n, literal_start, literal_end-literal_start); if (!*literal) return -1; } return result; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,52802495419926,1 257,[],"static int fat_ioctl_readdir(struct inode *inode, struct file *filp, void __user *dirent, filldir_t filldir, int short_only, int both) { struct fat_ioctl_filldir_callback buf; int ret; buf.dirent = dirent; buf.result = 0; mutex_lock(&inode->i_mutex); ret = -ENOENT; if (!IS_DEADDIR(inode)) { ret = __fat_readdir(inode, filp, &buf, filldir, short_only, both); } mutex_unlock(&inode->i_mutex); if (ret >= 0) ret = buf.result; return ret; }",linux-2.6,,,240940524525553954510393597500314527955,0 4760,CWE-119,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 6089,['CWE-200'],"cbq_dequeue_1(struct Qdisc *sch) { struct cbq_sched_data *q = qdisc_priv(sch); struct sk_buff *skb; unsigned activemask; activemask = q->activemask&0xFF; while (activemask) { int prio = ffz(~activemask); activemask &= ~(1<fpos_first_frame); d = (ms_adpcm_data *) _af_malloc(sizeof (ms_adpcm_data)); d->track = track; d->fh = fh; d->track->frames2ignore = 0; d->track->fpos_next_frame = d->track->fpos_first_frame; pv = d->track->f.compressionParams; if (_af_pv_getlong(pv, _AF_MS_ADPCM_NUM_COEFFICIENTS, &l)) d->numCoefficients = l; else _af_error(AF_BAD_CODEC_CONFIG, ""number of coefficients not set""); if (_af_pv_getptr(pv, _AF_MS_ADPCM_COEFFICIENTS, &v)) memcpy(d->coefficients, v, sizeof (int16_t) * 256 * 2); else _af_error(AF_BAD_CODEC_CONFIG, ""coefficient array not set""); if (_af_pv_getlong(pv, _AF_FRAMES_PER_BLOCK, &l)) d->framesPerBlock = l; else _af_error(AF_BAD_CODEC_CONFIG, ""samples per block not set""); if (_af_pv_getlong(pv, _AF_BLOCK_SIZE, &l)) d->blockAlign = l; else _af_error(AF_BAD_CODEC_CONFIG, ""block size not set""); *chunkframes = d->framesPerBlock; ret.modspec = d; return ret; }",audiofile,,,335667227995644334911165331018595385764,0 840,CWE-20,"int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct rxrpc_skb_priv *sp; struct rxrpc_call *call = NULL, *continue_call = NULL; struct rxrpc_sock *rx = rxrpc_sk(sock->sk); struct sk_buff *skb; long timeo; int copy, ret, ullen, offset, copied = 0; u32 abort_code; DEFINE_WAIT(wait); _enter("",,,%zu,%d"", len, flags); if (flags & (MSG_OOB | MSG_TRUNC)) return -EOPNOTSUPP; ullen = msg->msg_flags & MSG_CMSG_COMPAT ? 4 : sizeof(unsigned long); timeo = sock_rcvtimeo(&rx->sk, flags & MSG_DONTWAIT); msg->msg_flags |= MSG_MORE; lock_sock(&rx->sk); for (;;) { if (RB_EMPTY_ROOT(&rx->calls)) { if (copied) goto out; if (rx->sk.sk_state != RXRPC_SERVER_LISTENING) { release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); return -ENODATA; } } skb = skb_peek(&rx->sk.sk_receive_queue); if (!skb) { if (copied && (msg->msg_flags & MSG_PEEK || timeo == 0)) goto out; release_sock(&rx->sk); prepare_to_wait_exclusive(sk_sleep(&rx->sk), &wait, TASK_INTERRUPTIBLE); ret = sock_error(&rx->sk); if (ret) goto wait_error; if (skb_queue_empty(&rx->sk.sk_receive_queue)) { if (signal_pending(current)) goto wait_interrupted; timeo = schedule_timeout(timeo); } finish_wait(sk_sleep(&rx->sk), &wait); lock_sock(&rx->sk); continue; } peek_next_packet: sp = rxrpc_skb(skb); call = sp->call; ASSERT(call != NULL); _debug(""next pkt %s"", rxrpc_pkts[sp->hdr.type]); spin_lock_bh(&call->lock); spin_unlock_bh(&call->lock); if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { _debug(""packet from released call""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); continue; } if (continue_call) { _debug(""maybe cont""); if (call != continue_call || skb->mark != RXRPC_SKB_MARK_DATA) { release_sock(&rx->sk); rxrpc_put_call(continue_call); _leave("" = %d [noncont]"", copied); return copied; } } rxrpc_get_call(call); if (!continue_call) { if (msg->msg_name && msg->msg_namelen > 0) memcpy(msg->msg_name, &call->conn->trans->peer->srx, sizeof(call->conn->trans->peer->srx)); sock_recv_ts_and_drops(msg, &rx->sk, skb); } if (skb->mark != RXRPC_SKB_MARK_DATA) goto receive_non_data_message; _debug(""recvmsg DATA #%u { %d, %d }"", ntohl(sp->hdr.seq), skb->len, sp->offset); if (!continue_call) { ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); } ASSERTCMP(ntohl(sp->hdr.seq), >=, call->rx_data_recv); ASSERTCMP(ntohl(sp->hdr.seq), <=, call->rx_data_recv + 1); call->rx_data_recv = ntohl(sp->hdr.seq); ASSERTCMP(ntohl(sp->hdr.seq), >, call->rx_data_eaten); offset = sp->offset; copy = skb->len - offset; if (copy > len - copied) copy = len - copied; if (skb->ip_summed == CHECKSUM_UNNECESSARY) { ret = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copy); } else { ret = skb_copy_and_csum_datagram_iovec(skb, offset, msg->msg_iov); if (ret == -EINVAL) goto csum_copy_error; } if (ret < 0) goto copy_error; _debug(""copied %d+%d"", copy, copied); offset += copy; copied += copy; if (!(flags & MSG_PEEK)) sp->offset = offset; if (sp->offset < skb->len) { _debug(""buffer full""); ASSERTCMP(copied, ==, len); break; } if (sp->hdr.flags & RXRPC_LAST_PACKET) { _debug(""last""); if (call->conn->out_clientflag) { ret = copied; goto terminal_message; } if (!(flags & MSG_PEEK)) { _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } msg->msg_flags &= ~MSG_MORE; break; } _debug(""next""); if (!continue_call) continue_call = sp->call; else rxrpc_put_call(call); call = NULL; if (flags & MSG_PEEK) { _debug(""peek next""); skb = skb->next; if (skb == (struct sk_buff *) &rx->sk.sk_receive_queue) break; goto peek_next_packet; } _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } _debug(""end rcv data""); out: release_sock(&rx->sk); if (call) rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d [data]"", copied); return copied; receive_non_data_message: _debug(""non-data""); if (skb->mark == RXRPC_SKB_MARK_NEW_CALL) { _debug(""RECV NEW CALL""); ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &abort_code); if (ret < 0) goto copy_error; if (!(flags & MSG_PEEK)) { if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } goto out; } ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); switch (skb->mark) { case RXRPC_SKB_MARK_DATA: BUG(); case RXRPC_SKB_MARK_FINAL_ACK: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &abort_code); break; case RXRPC_SKB_MARK_BUSY: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_BUSY, 0, &abort_code); break; case RXRPC_SKB_MARK_REMOTE_ABORT: abort_code = call->abort_code; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &abort_code); break; case RXRPC_SKB_MARK_NET_ERROR: _debug(""RECV NET ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NET_ERROR, 4, &abort_code); break; case RXRPC_SKB_MARK_LOCAL_ERROR: _debug(""RECV LOCAL ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_LOCAL_ERROR, 4, &abort_code); break; default: BUG(); break; } if (ret < 0) goto copy_error; terminal_message: _debug(""terminal""); msg->msg_flags &= ~MSG_MORE; msg->msg_flags |= MSG_EOR; if (!(flags & MSG_PEEK)) { _net(""free terminal skb %p"", skb); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); rxrpc_remove_user_ID(rx, call); } release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; copy_error: _debug(""copy error""); release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; csum_copy_error: _debug(""csum error""); release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); rxrpc_kill_skb(skb); skb_kill_datagram(&rx->sk, skb, flags); rxrpc_put_call(call); return -EAGAIN; wait_interrupted: ret = sock_intr_errno(timeo); wait_error: finish_wait(sk_sleep(&rx->sk), &wait); if (continue_call) rxrpc_put_call(continue_call); if (copied) copied = ret; _leave("" = %d [waitfail %d]"", copied, ret); return copied; }",visit repo url,net/rxrpc/ar-recvmsg.c,https://github.com/torvalds/linux,131822081142701,1 347,CWE-191,"static void edge_bulk_in_callback(struct urb *urb) { struct edgeport_port *edge_port = urb->context; struct device *dev = &edge_port->port->dev; unsigned char *data = urb->transfer_buffer; int retval = 0; int port_number; int status = urb->status; switch (status) { case 0: break; case -ECONNRESET: case -ENOENT: case -ESHUTDOWN: dev_dbg(&urb->dev->dev, ""%s - urb shutting down with status: %d\n"", __func__, status); return; default: dev_err(&urb->dev->dev, ""%s - nonzero read bulk status received: %d\n"", __func__, status); } if (status == -EPIPE) goto exit; if (status) { dev_err(&urb->dev->dev, ""%s - stopping read!\n"", __func__); return; } port_number = edge_port->port->port_number; if (edge_port->lsr_event) { edge_port->lsr_event = 0; dev_dbg(dev, ""%s ===== Port %u LSR Status = %02x, Data = %02x ======\n"", __func__, port_number, edge_port->lsr_mask, *data); handle_new_lsr(edge_port, 1, edge_port->lsr_mask, *data); --urb->actual_length; ++data; } if (urb->actual_length) { usb_serial_debug_data(dev, __func__, urb->actual_length, data); if (edge_port->close_pending) dev_dbg(dev, ""%s - close pending, dropping data on the floor\n"", __func__); else edge_tty_recv(edge_port->port, data, urb->actual_length); edge_port->port->icount.rx += urb->actual_length; } exit: spin_lock(&edge_port->ep_lock); if (edge_port->ep_read_urb_state == EDGE_READ_URB_RUNNING) retval = usb_submit_urb(urb, GFP_ATOMIC); else if (edge_port->ep_read_urb_state == EDGE_READ_URB_STOPPING) edge_port->ep_read_urb_state = EDGE_READ_URB_STOPPED; spin_unlock(&edge_port->ep_lock); if (retval) dev_err(dev, ""%s - usb_submit_urb failed with result %d\n"", __func__, retval); }",visit repo url,drivers/usb/serial/io_ti.c,https://github.com/torvalds/linux,146883903072586,1 3714,[],"static int unix_mkname(struct sockaddr_un * sunaddr, int len, unsigned *hashp) { if (len <= sizeof(short) || len > sizeof(*sunaddr)) return -EINVAL; if (!sunaddr || sunaddr->sun_family != AF_UNIX) return -EINVAL; if (sunaddr->sun_path[0]) { ((char *)sunaddr)[len]=0; len = strlen(sunaddr->sun_path)+1+sizeof(short); return len; } *hashp = unix_hash_fold(csum_partial((char*)sunaddr, len, 0)); return len; }",linux-2.6,,,281868960862260571094547601295492653337,0 4640,['CWE-399'],"int ext4_change_inode_journal_flag(struct inode *inode, int val) { journal_t *journal; handle_t *handle; int err; journal = EXT4_JOURNAL(inode); if (!journal) return 0; if (is_journal_aborted(journal)) return -EROFS; jbd2_journal_lock_updates(journal); jbd2_journal_flush(journal); if (val) EXT4_I(inode)->i_flags |= EXT4_JOURNAL_DATA_FL; else EXT4_I(inode)->i_flags &= ~EXT4_JOURNAL_DATA_FL; ext4_set_aops(inode); jbd2_journal_unlock_updates(journal); handle = ext4_journal_start(inode, 1); if (IS_ERR(handle)) return PTR_ERR(handle); err = ext4_mark_inode_dirty(handle, inode); ext4_handle_sync(handle); ext4_journal_stop(handle); ext4_std_error(inode->i_sb, err); return err; }",linux-2.6,,,271982745395137323102547765795899255776,0 2641,CWE-125,"PHP_FUNCTION(locale_compose) { smart_str loc_name_s = {0}; smart_str *loc_name = &loc_name_s; zval* arr = NULL; HashTable* hash_arr = NULL; int result = 0; intl_error_reset( NULL TSRMLS_CC ); if(zend_parse_parameters( ZEND_NUM_ARGS() TSRMLS_CC, ""a"", &arr) == FAILURE) { intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ""locale_compose: unable to parse input params"", 0 TSRMLS_CC ); RETURN_FALSE; } hash_arr = HASH_OF( arr ); if( !hash_arr || zend_hash_num_elements( hash_arr ) == 0 ) RETURN_FALSE; result = append_key_value(loc_name, hash_arr, LOC_GRANDFATHERED_LANG_TAG); if( result == SUCCESS){ RETURN_SMART_STR(loc_name); } if( !handleAppendResult( result, loc_name TSRMLS_CC)){ RETURN_FALSE; } result = append_key_value(loc_name, hash_arr , LOC_LANG_TAG); if( result == LOC_NOT_FOUND ){ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ""locale_compose: parameter array does not contain 'language' tag."", 0 TSRMLS_CC ); smart_str_free(loc_name); RETURN_FALSE; } if( !handleAppendResult( result, loc_name TSRMLS_CC)){ RETURN_FALSE; } result = append_multiple_key_values(loc_name, hash_arr , LOC_EXTLANG_TAG TSRMLS_CC); if( !handleAppendResult( result, loc_name TSRMLS_CC)){ RETURN_FALSE; } result = append_key_value(loc_name, hash_arr , LOC_SCRIPT_TAG); if( !handleAppendResult( result, loc_name TSRMLS_CC)){ RETURN_FALSE; } result = append_key_value( loc_name, hash_arr , LOC_REGION_TAG); if( !handleAppendResult( result, loc_name TSRMLS_CC)){ RETURN_FALSE; } result = append_multiple_key_values( loc_name, hash_arr , LOC_VARIANT_TAG TSRMLS_CC); if( !handleAppendResult( result, loc_name TSRMLS_CC)){ RETURN_FALSE; } result = append_multiple_key_values( loc_name, hash_arr , LOC_PRIVATE_TAG TSRMLS_CC); if( !handleAppendResult( result, loc_name TSRMLS_CC)){ RETURN_FALSE; } RETURN_SMART_STR(loc_name); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,199655267414606,1 1412,CWE-310,"static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_comp rcomp; snprintf(rcomp.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""compression""); if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, sizeof(struct crypto_report_comp), &rcomp)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user.c,https://github.com/torvalds/linux,133008035110244,1 4865,['CWE-189'],"int virt_to_scatterlist(const void *addr, int size, struct scatterlist *sg, int sg_size) { int i = 0; struct page *pg; int offset; int remainder_of_page; sg_init_table(sg, sg_size); while (size > 0 && i < sg_size) { pg = virt_to_page(addr); offset = offset_in_page(addr); if (sg) sg_set_page(&sg[i], pg, 0, offset); remainder_of_page = PAGE_CACHE_SIZE - offset; if (size >= remainder_of_page) { if (sg) sg[i].length = remainder_of_page; addr += remainder_of_page; size -= remainder_of_page; } else { if (sg) sg[i].length = size; addr += size; size = 0; } i++; } if (size > 0) return -ENOMEM; return i; }",linux-2.6,,,177263979817146619645509490018394809225,0 2161,CWE-326,"void __ip_select_ident(struct net *net, struct iphdr *iph, int segs) { static u32 ip_idents_hashrnd __read_mostly; u32 hash, id; net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd)); hash = jhash_3words((__force u32)iph->daddr, (__force u32)iph->saddr, iph->protocol ^ net_hash_mix(net), ip_idents_hashrnd); id = ip_idents_reserve(hash, segs); iph->id = htons(id); }",visit repo url,net/ipv4/route.c,https://github.com/torvalds/linux,10158339169685,1 1450,[],"void kick_process(struct task_struct *p) { int cpu; preempt_disable(); cpu = task_cpu(p); if ((cpu != smp_processor_id()) && task_curr(p)) smp_send_reschedule(cpu); preempt_enable(); }",linux-2.6,,,29030420330388327264434326312344027025,0 6439,[],"lt_dlclose (lt_dlhandle handle) { lt_dlhandle cur, last; int errors = 0; last = cur = handles; while (cur && handle != cur) { last = cur; cur = cur->next; } if (!cur) { LT__SETERROR (INVALID_HANDLE); ++errors; goto done; } cur = handle; cur->info.ref_count--; if (cur->info.ref_count <= 0 && !LT_DLIS_RESIDENT (cur)) { lt_user_data data = cur->vtable->dlloader_data; if (cur != handles) { last->next = cur->next; } else { handles = cur->next; } errors += cur->vtable->module_close (data, cur->module); errors += unload_deplibs (handle); FREE (cur->interface_data); FREE (cur->info.filename); FREE (cur->info.name); FREE (cur); goto done; } if (LT_DLIS_RESIDENT (handle)) { LT__SETERROR (CLOSE_RESIDENT_MODULE); ++errors; } done: return errors; }",libtool,,,61543333446132209511520718336523952827,0 5032,[],"static void schedule_async_request(struct winbindd_child *child) { struct winbindd_async_request *request = child->requests; if (request == NULL) { return; } if (child->event.flags != 0) { return; } if ((child->pid == 0) && (!fork_domain_child(child))) { while (request != NULL) { struct winbindd_async_request *next = request->next; request->continuation(request->private_data, False); request = next; } return; } request->child_pid = child->pid; setup_async_write(&child->event, request->request, sizeof(*request->request), async_main_request_sent, request); return; }",samba,,,265063508268353060047975417036961600243,0 2980,['CWE-189'],"static int jpc_dec_cp_setfromrgn(jpc_dec_cp_t *cp, jpc_rgn_t *rgn) { jpc_dec_ccp_t *ccp; ccp = &cp->ccps[rgn->compno]; ccp->roishift = rgn->roishift; return 0; }",jasper,,,14648406415244013729534083586372326340,0 911,CWE-20,"long kvm_arch_vcpu_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) { struct kvm_vcpu *vcpu = filp->private_data; void __user *argp = (void __user *)arg; int r; union { struct kvm_lapic_state *lapic; struct kvm_xsave *xsave; struct kvm_xcrs *xcrs; void *buffer; } u; u.buffer = NULL; switch (ioctl) { case KVM_GET_LAPIC: { r = -EINVAL; if (!vcpu->arch.apic) goto out; u.lapic = kzalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL); r = -ENOMEM; if (!u.lapic) goto out; r = kvm_vcpu_ioctl_get_lapic(vcpu, u.lapic); if (r) goto out; r = -EFAULT; if (copy_to_user(argp, u.lapic, sizeof(struct kvm_lapic_state))) goto out; r = 0; break; } case KVM_SET_LAPIC: { r = -EINVAL; if (!vcpu->arch.apic) goto out; u.lapic = memdup_user(argp, sizeof(*u.lapic)); if (IS_ERR(u.lapic)) return PTR_ERR(u.lapic); r = kvm_vcpu_ioctl_set_lapic(vcpu, u.lapic); break; } case KVM_INTERRUPT: { struct kvm_interrupt irq; r = -EFAULT; if (copy_from_user(&irq, argp, sizeof irq)) goto out; r = kvm_vcpu_ioctl_interrupt(vcpu, &irq); break; } case KVM_NMI: { r = kvm_vcpu_ioctl_nmi(vcpu); break; } case KVM_SET_CPUID: { struct kvm_cpuid __user *cpuid_arg = argp; struct kvm_cpuid cpuid; r = -EFAULT; if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid)) goto out; r = kvm_vcpu_ioctl_set_cpuid(vcpu, &cpuid, cpuid_arg->entries); break; } case KVM_SET_CPUID2: { struct kvm_cpuid2 __user *cpuid_arg = argp; struct kvm_cpuid2 cpuid; r = -EFAULT; if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid)) goto out; r = kvm_vcpu_ioctl_set_cpuid2(vcpu, &cpuid, cpuid_arg->entries); break; } case KVM_GET_CPUID2: { struct kvm_cpuid2 __user *cpuid_arg = argp; struct kvm_cpuid2 cpuid; r = -EFAULT; if (copy_from_user(&cpuid, cpuid_arg, sizeof cpuid)) goto out; r = kvm_vcpu_ioctl_get_cpuid2(vcpu, &cpuid, cpuid_arg->entries); if (r) goto out; r = -EFAULT; if (copy_to_user(cpuid_arg, &cpuid, sizeof cpuid)) goto out; r = 0; break; } case KVM_GET_MSRS: r = msr_io(vcpu, argp, kvm_get_msr, 1); break; case KVM_SET_MSRS: r = msr_io(vcpu, argp, do_set_msr, 0); break; case KVM_TPR_ACCESS_REPORTING: { struct kvm_tpr_access_ctl tac; r = -EFAULT; if (copy_from_user(&tac, argp, sizeof tac)) goto out; r = vcpu_ioctl_tpr_access_reporting(vcpu, &tac); if (r) goto out; r = -EFAULT; if (copy_to_user(argp, &tac, sizeof tac)) goto out; r = 0; break; }; case KVM_SET_VAPIC_ADDR: { struct kvm_vapic_addr va; r = -EINVAL; if (!irqchip_in_kernel(vcpu->kvm)) goto out; r = -EFAULT; if (copy_from_user(&va, argp, sizeof va)) goto out; r = 0; kvm_lapic_set_vapic_addr(vcpu, va.vapic_addr); break; } case KVM_X86_SETUP_MCE: { u64 mcg_cap; r = -EFAULT; if (copy_from_user(&mcg_cap, argp, sizeof mcg_cap)) goto out; r = kvm_vcpu_ioctl_x86_setup_mce(vcpu, mcg_cap); break; } case KVM_X86_SET_MCE: { struct kvm_x86_mce mce; r = -EFAULT; if (copy_from_user(&mce, argp, sizeof mce)) goto out; r = kvm_vcpu_ioctl_x86_set_mce(vcpu, &mce); break; } case KVM_GET_VCPU_EVENTS: { struct kvm_vcpu_events events; kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events); r = -EFAULT; if (copy_to_user(argp, &events, sizeof(struct kvm_vcpu_events))) break; r = 0; break; } case KVM_SET_VCPU_EVENTS: { struct kvm_vcpu_events events; r = -EFAULT; if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events))) break; r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events); break; } case KVM_GET_DEBUGREGS: { struct kvm_debugregs dbgregs; kvm_vcpu_ioctl_x86_get_debugregs(vcpu, &dbgregs); r = -EFAULT; if (copy_to_user(argp, &dbgregs, sizeof(struct kvm_debugregs))) break; r = 0; break; } case KVM_SET_DEBUGREGS: { struct kvm_debugregs dbgregs; r = -EFAULT; if (copy_from_user(&dbgregs, argp, sizeof(struct kvm_debugregs))) break; r = kvm_vcpu_ioctl_x86_set_debugregs(vcpu, &dbgregs); break; } case KVM_GET_XSAVE: { u.xsave = kzalloc(sizeof(struct kvm_xsave), GFP_KERNEL); r = -ENOMEM; if (!u.xsave) break; kvm_vcpu_ioctl_x86_get_xsave(vcpu, u.xsave); r = -EFAULT; if (copy_to_user(argp, u.xsave, sizeof(struct kvm_xsave))) break; r = 0; break; } case KVM_SET_XSAVE: { u.xsave = memdup_user(argp, sizeof(*u.xsave)); if (IS_ERR(u.xsave)) return PTR_ERR(u.xsave); r = kvm_vcpu_ioctl_x86_set_xsave(vcpu, u.xsave); break; } case KVM_GET_XCRS: { u.xcrs = kzalloc(sizeof(struct kvm_xcrs), GFP_KERNEL); r = -ENOMEM; if (!u.xcrs) break; kvm_vcpu_ioctl_x86_get_xcrs(vcpu, u.xcrs); r = -EFAULT; if (copy_to_user(argp, u.xcrs, sizeof(struct kvm_xcrs))) break; r = 0; break; } case KVM_SET_XCRS: { u.xcrs = memdup_user(argp, sizeof(*u.xcrs)); if (IS_ERR(u.xcrs)) return PTR_ERR(u.xcrs); r = kvm_vcpu_ioctl_x86_set_xcrs(vcpu, u.xcrs); break; } case KVM_SET_TSC_KHZ: { u32 user_tsc_khz; r = -EINVAL; user_tsc_khz = (u32)arg; if (user_tsc_khz >= kvm_max_guest_tsc_khz) goto out; if (user_tsc_khz == 0) user_tsc_khz = tsc_khz; kvm_set_tsc_khz(vcpu, user_tsc_khz); r = 0; goto out; } case KVM_GET_TSC_KHZ: { r = vcpu->arch.virtual_tsc_khz; goto out; } case KVM_KVMCLOCK_CTRL: { r = kvm_set_guest_paused(vcpu); goto out; } default: r = -EINVAL; } out: kfree(u.buffer); return r; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,180420346630774,1 4584,['CWE-399'],"static int do_journal_get_write_access(handle_t *handle, struct buffer_head *bh) { if (!buffer_mapped(bh) || buffer_freed(bh)) return 0; return ext4_journal_get_write_access(handle, bh); }",linux-2.6,,,276748075893882830239189759568836129681,0 6252,CWE-190,"static void pp_mil_k8(fp8_t r, ep2_t *t, ep2_t *q, ep_t *p, int m, bn_t a) { fp8_t l; ep_t *_p = RLC_ALLOCA(ep_t, m); ep2_t *_q = RLC_ALLOCA(ep2_t, m); int i, j, len = bn_bits(a) + 1; int8_t s[RLC_FP_BITS + 1]; if (m == 0) { return; } fp8_null(l); RLC_TRY { fp8_new(l); if (_p == NULL || _q == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (j = 0; j < m; j++) { ep_null(_p[j]); ep2_null(_q[j]); ep_new(_p[j]); ep2_new(_q[j]); ep2_copy(t[j], q[j]); ep2_neg(_q[j], q[j]); #if EP_ADD == BASIC ep_neg(_p[j], p[j]); #else fp_neg(_p[j]->x, p[j]->x); fp_copy(_p[j]->y, p[j]->y); #endif } fp8_zero(l); bn_rec_naf(s, &len, a, 2); for (i = len - 2; i >= 0; i--) { fp8_sqr(r, r); for (j = 0; j < m; j++) { pp_dbl_k8(l, t[j], t[j], _p[j]); fp8_mul(r, r, l); if (s[i] > 0) { pp_add_k8(l, t[j], q[j], _p[j]); fp8_mul_dxs(r, r, l); } if (s[i] < 0) { pp_add_k8(l, t[j], _q[j], _p[j]); fp8_mul_dxs(r, r, l); } } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp8_free(l); for (j = 0; j < m; j++) { ep_free(_p[j]); ep2_free(_q[j]); } RLC_FREE(_p); RLC_FREE(_q); } }",visit repo url,src/pp/relic_pp_map_k8.c,https://github.com/relic-toolkit/relic,139574749593518,1 2590,['CWE-189'],"void dccp_close(struct sock *sk, long timeout) { struct dccp_sock *dp = dccp_sk(sk); struct sk_buff *skb; u32 data_was_unread = 0; int state; lock_sock(sk); sk->sk_shutdown = SHUTDOWN_MASK; if (sk->sk_state == DCCP_LISTEN) { dccp_set_state(sk, DCCP_CLOSED); inet_csk_listen_stop(sk); goto adjudge_to_death; } sk_stop_timer(sk, &dp->dccps_xmit_timer); while ((skb = __skb_dequeue(&sk->sk_receive_queue)) != NULL) { data_was_unread += skb->len; __kfree_skb(skb); } if (data_was_unread) { DCCP_WARN(""DCCP: ABORT -- %u bytes unread\n"", data_was_unread); dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED); dccp_set_state(sk, DCCP_CLOSED); } else if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) { sk->sk_prot->disconnect(sk, 0); } else if (sk->sk_state != DCCP_CLOSED) { dccp_terminate_connection(sk); } sk_stream_wait_close(sk, timeout); adjudge_to_death: state = sk->sk_state; sock_hold(sk); sock_orphan(sk); atomic_inc(sk->sk_prot->orphan_count); release_sock(sk); local_bh_disable(); bh_lock_sock(sk); WARN_ON(sock_owned_by_user(sk)); if (state != DCCP_CLOSED && sk->sk_state == DCCP_CLOSED) goto out; if (sk->sk_state == DCCP_CLOSED) inet_csk_destroy_sock(sk); out: bh_unlock_sock(sk); local_bh_enable(); sock_put(sk); }",linux-2.6,,,7363945176387300202206317241558066165,0 6674,['CWE-200'],"applet_get_connection_for_active (NMApplet *applet, NMActiveConnection *active) { GSList *list, *iter; NMConnection *connection = NULL; NMConnectionScope scope; const char *path; scope = nm_active_connection_get_scope (active); g_return_val_if_fail (scope != NM_CONNECTION_SCOPE_UNKNOWN, NULL); path = nm_active_connection_get_connection (active); g_return_val_if_fail (path != NULL, NULL); list = applet_get_all_connections (applet); for (iter = list; iter; iter = g_slist_next (iter)) { NMConnection *candidate = NM_CONNECTION (iter->data); if ( (nm_connection_get_scope (candidate) == scope) && !strcmp (nm_connection_get_path (candidate), path)) { connection = candidate; break; } } g_slist_free (list); return connection; }",network-manager-applet,,,31519618146676622778204432170253837491,0 4079,['CWE-399'],"static void svc_disconnect(struct atm_vcc *vcc) { DEFINE_WAIT(wait); struct sk_buff *skb; struct sock *sk = sk_atm(vcc); pr_debug(""svc_disconnect %p\n"",vcc); if (test_bit(ATM_VF_REGIS,&vcc->flags)) { prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE); sigd_enq(vcc,as_close,NULL,NULL,NULL); while (!test_bit(ATM_VF_RELEASED,&vcc->flags) && sigd) { schedule(); prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE); } finish_wait(sk->sk_sleep, &wait); } while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { atm_return(vcc, skb->truesize); pr_debug(""LISTEN REL\n""); sigd_enq2(NULL,as_reject,vcc,NULL,NULL,&vcc->qos,0); dev_kfree_skb(skb); } clear_bit(ATM_VF_REGIS, &vcc->flags); }",linux-2.6,,,237799199011053294132742743450959019123,0 6670,NVD-CWE-noinfo,"static void asmlinkage smm_do_relocation(void *arg) { const struct smm_module_params *p; const struct smm_runtime *runtime; int cpu; uintptr_t curr_smbase; uintptr_t perm_smbase; p = arg; runtime = p->runtime; cpu = p->cpu; curr_smbase = runtime->smbase; if (cpu >= CONFIG_MAX_CPUS) { printk(BIOS_CRIT, ""Invalid CPU number assigned in SMM stub: %d\n"", cpu); return; } perm_smbase = mp_state.perm_smbase; perm_smbase -= cpu * runtime->save_state_size; printk(BIOS_DEBUG, ""New SMBASE 0x%08lx\n"", perm_smbase); mp_state.ops.relocation_handler(cpu, curr_smbase, perm_smbase); if (CONFIG(STM)) { uintptr_t mseg; mseg = mp_state.perm_smbase + (mp_state.perm_smsize - CONFIG_MSEG_SIZE); stm_setup(mseg, p->cpu, perm_smbase, mp_state.perm_smbase, runtime->start32_offset); } }",visit repo url,src/cpu/x86/mp_init.c,https://github.com/coreboot/coreboot,58490565213986,1 4603,['CWE-399'],"static int ext4_splice_branch(handle_t *handle, struct inode *inode, ext4_lblk_t block, Indirect *where, int num, int blks) { int i; int err = 0; ext4_fsblk_t current_block; if (where->bh) { BUFFER_TRACE(where->bh, ""get_write_access""); err = ext4_journal_get_write_access(handle, where->bh); if (err) goto err_out; } *where->p = where->key; if (num == 0 && blks > 1) { current_block = le32_to_cpu(where->key) + 1; for (i = 1; i < blks; i++) *(where->p + i) = cpu_to_le32(current_block++); } inode->i_ctime = ext4_current_time(inode); ext4_mark_inode_dirty(handle, inode); if (where->bh) { jbd_debug(5, ""splicing indirect only\n""); BUFFER_TRACE(where->bh, ""call ext4_handle_dirty_metadata""); err = ext4_handle_dirty_metadata(handle, inode, where->bh); if (err) goto err_out; } else { jbd_debug(5, ""splicing direct\n""); } return err; err_out: for (i = 1; i <= num; i++) { BUFFER_TRACE(where[i].bh, ""call jbd2_journal_forget""); ext4_journal_forget(handle, where[i].bh); ext4_free_blocks(handle, inode, le32_to_cpu(where[i-1].key), 1, 0); } ext4_free_blocks(handle, inode, le32_to_cpu(where[num].key), blks, 0); return err; }",linux-2.6,,,204717811332784583020056348620474432622,0 1875,['CWE-189'],"mac_init (digest_hd_st* td, gnutls_mac_algorithm_t mac, opaque * secret, int secret_size, int ver) { int ret = 0; if (mac == GNUTLS_MAC_NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; } if (ver == GNUTLS_SSL3) { ret = _gnutls_mac_init_ssl3 (td, mac, secret, secret_size); } else { ret = _gnutls_hmac_init (td, mac, secret, secret_size); } return ret; }",gnutls,,,72321256663876719380407405328540519601,0 4308,['CWE-264'],"static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) { struct fs_struct *fs = current->fs; if ((unshare_flags & CLONE_FS) && (fs && atomic_read(&fs->count) > 1)) { *new_fsp = __copy_fs_struct(current->fs); if (!*new_fsp) return -ENOMEM; } return 0; }",linux-2.6,,,332466854106413262743770580144759318174,0 1243,NVD-CWE-Other,"static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, u32 features) { struct sk_buff *segs = ERR_PTR(-EINVAL); unsigned int mss; unsigned int unfrag_ip6hlen, unfrag_len; struct frag_hdr *fptr; u8 *mac_start, *prevhdr; u8 nexthdr; u8 frag_hdr_sz = sizeof(struct frag_hdr); int offset; __wsum csum; mss = skb_shinfo(skb)->gso_size; if (unlikely(skb->len <= mss)) goto out; if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) { int type = skb_shinfo(skb)->gso_type; if (unlikely(type & ~(SKB_GSO_UDP | SKB_GSO_DODGY) || !(type & (SKB_GSO_UDP)))) goto out; skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss); segs = NULL; goto out; } offset = skb_checksum_start_offset(skb); csum = skb_checksum(skb, offset, skb->len- offset, 0); offset += skb->csum_offset; *(__sum16 *)(skb->data + offset) = csum_fold(csum); skb->ip_summed = CHECKSUM_NONE; if ((skb_mac_header(skb) < skb->head + frag_hdr_sz) && pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC)) goto out; unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr); nexthdr = *prevhdr; *prevhdr = NEXTHDR_FRAGMENT; unfrag_len = skb_network_header(skb) - skb_mac_header(skb) + unfrag_ip6hlen; mac_start = skb_mac_header(skb); memmove(mac_start-frag_hdr_sz, mac_start, unfrag_len); skb->mac_header -= frag_hdr_sz; skb->network_header -= frag_hdr_sz; fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen); fptr->nexthdr = nexthdr; fptr->reserved = 0; ipv6_select_ident(fptr); segs = skb_segment(skb, features); out: return segs; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,98521554307735,1 5517,['CWE-119'],"pki_encrypt_session_key(struct ecryptfs_auth_tok *auth_tok, struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_key_record *key_rec) { struct ecryptfs_msg_ctx *msg_ctx = NULL; char *payload = NULL; size_t payload_len; struct ecryptfs_message *msg; int rc; rc = write_tag_66_packet(auth_tok->token.private_key.signature, ecryptfs_code_for_cipher_string( crypt_stat->cipher, crypt_stat->key_size), crypt_stat, &payload, &payload_len); if (rc) { ecryptfs_printk(KERN_ERR, ""Error generating tag 66 packet\n""); goto out; } rc = ecryptfs_send_message(payload, payload_len, &msg_ctx); if (rc) { ecryptfs_printk(KERN_ERR, ""Error sending message to "" ""ecryptfsd\n""); goto out; } rc = ecryptfs_wait_for_response(msg_ctx, &msg); if (rc) { ecryptfs_printk(KERN_ERR, ""Failed to receive tag 67 packet "" ""from the user space daemon\n""); rc = -EIO; goto out; } rc = parse_tag_67_packet(key_rec, msg); if (rc) ecryptfs_printk(KERN_ERR, ""Error parsing tag 67 packet\n""); kfree(msg); out: kfree(payload); return rc; }",linux-2.6,,,207469411370081544186135889492668380999,0 3293,['CWE-189'],"jas_cmxform_t *jas_cmxform_create(jas_cmprof_t *inprof, jas_cmprof_t *outprof, jas_cmprof_t *prfprof, int op, int intent, int optimize) { jas_cmxform_t *xform; jas_cmpxformseq_t *inpxformseq; jas_cmpxformseq_t *outpxformseq; jas_cmpxformseq_t *altoutpxformseq; jas_cmpxformseq_t *prfpxformseq; int prfintent; optimize = 0; prfintent = intent; if (!(xform = jas_malloc(sizeof(jas_cmxform_t)))) goto error; if (!(xform->pxformseq = jas_cmpxformseq_create())) goto error; switch (op) { case JAS_CMXFORM_OP_FWD: inpxformseq = fwdpxformseq(inprof, intent); outpxformseq = revpxformseq(outprof, intent); if (!inpxformseq || !outpxformseq) goto error; if (jas_cmpxformseq_append(xform->pxformseq, inpxformseq) || jas_cmpxformseq_appendcnvt(xform->pxformseq, inprof->refclrspc, outprof->refclrspc) || jas_cmpxformseq_append(xform->pxformseq, outpxformseq)) goto error; xform->numinchans = jas_clrspc_numchans(inprof->clrspc); xform->numoutchans = jas_clrspc_numchans(outprof->clrspc); break; case JAS_CMXFORM_OP_REV: outpxformseq = fwdpxformseq(outprof, intent); inpxformseq = revpxformseq(inprof, intent); if (!outpxformseq || !inpxformseq) goto error; if (jas_cmpxformseq_append(xform->pxformseq, outpxformseq) || jas_cmpxformseq_appendcnvt(xform->pxformseq, outprof->refclrspc, inprof->refclrspc) || jas_cmpxformseq_append(xform->pxformseq, inpxformseq)) goto error; xform->numinchans = jas_clrspc_numchans(outprof->clrspc); xform->numoutchans = jas_clrspc_numchans(inprof->clrspc); break; case JAS_CMXFORM_OP_PROOF: assert(prfprof); inpxformseq = fwdpxformseq(inprof, intent); prfpxformseq = fwdpxformseq(prfprof, prfintent); if (!inpxformseq || !prfpxformseq) goto error; outpxformseq = simpxformseq(outprof, intent); altoutpxformseq = 0; if (!outpxformseq) { outpxformseq = revpxformseq(outprof, intent); altoutpxformseq = fwdpxformseq(outprof, intent); if (!outpxformseq || !altoutpxformseq) goto error; } if (jas_cmpxformseq_append(xform->pxformseq, inpxformseq) || jas_cmpxformseq_appendcnvt(xform->pxformseq, inprof->refclrspc, outprof->refclrspc)) goto error; if (altoutpxformseq) { if (jas_cmpxformseq_append(xform->pxformseq, outpxformseq) || jas_cmpxformseq_append(xform->pxformseq, altoutpxformseq)) goto error; } else { if (jas_cmpxformseq_append(xform->pxformseq, outpxformseq)) goto error; } if (jas_cmpxformseq_appendcnvt(xform->pxformseq, outprof->refclrspc, inprof->refclrspc) || jas_cmpxformseq_append(xform->pxformseq, prfpxformseq)) goto error; xform->numinchans = jas_clrspc_numchans(inprof->clrspc); xform->numoutchans = jas_clrspc_numchans(prfprof->clrspc); break; case JAS_CMXFORM_OP_GAMUT: inpxformseq = fwdpxformseq(inprof, intent); outpxformseq = gampxformseq(outprof); if (!inpxformseq || !outpxformseq) goto error; if (jas_cmpxformseq_append(xform->pxformseq, inpxformseq) || jas_cmpxformseq_appendcnvt(xform->pxformseq, inprof->refclrspc, outprof->refclrspc) || jas_cmpxformseq_append(xform->pxformseq, outpxformseq)) goto error; xform->numinchans = jas_clrspc_numchans(inprof->clrspc); xform->numoutchans = 1; break; } return xform; error: return 0; }",jasper,,,35260110134532949397230426511104644427,0 3737,[],"static struct sock *unix_find_socket_byinode(struct net *net, struct inode *i) { struct sock *s; struct hlist_node *node; spin_lock(&unix_table_lock); sk_for_each(s, node, &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) { struct dentry *dentry = unix_sk(s)->dentry; if (!net_eq(sock_net(s), net)) continue; if(dentry && dentry->d_inode == i) { sock_hold(s); goto found; } } s = NULL; found: spin_unlock(&unix_table_lock); return s; }",linux-2.6,,,60646265308030147326247922991082404088,0 5264,CWE-323,"static int oidc_cache_crypto_decrypt(request_rec *r, const char *cache_value, unsigned char *key, unsigned char **plaintext) { int len = -1; char *encoded_tag = strstr(cache_value, "".""); if (encoded_tag == NULL) { oidc_error(r, ""corrupted cache value: no tag separator found in encrypted value""); return FALSE; } cache_value = apr_pstrmemdup(r->pool, cache_value, strlen(cache_value) - strlen(encoded_tag)); encoded_tag++; char *d_bytes = NULL; int d_len = oidc_base64url_decode(r->pool, &d_bytes, cache_value); char *t_bytes = NULL; int t_len = oidc_base64url_decode(r->pool, &t_bytes, encoded_tag); if ((d_len > 0) && (t_len > 0)) { *plaintext = apr_pcalloc(r->pool, (d_len + EVP_CIPHER_block_size(OIDC_CACHE_CIPHER) - 1)); len = oidc_cache_crypto_decrypt_impl(r, (unsigned char *) d_bytes, d_len, OIDC_CACHE_CRYPTO_GCM_AAD, sizeof(OIDC_CACHE_CRYPTO_GCM_AAD), (unsigned char *) t_bytes, t_len, key, OIDC_CACHE_CRYPTO_GCM_IV, sizeof(OIDC_CACHE_CRYPTO_GCM_IV), *plaintext); if (len > -1) { (*plaintext)[len] = '\0'; } else { *plaintext = NULL; } } return len; }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,189701239536710,1 5944,['CWE-909'],"int register_qdisc(struct Qdisc_ops *qops) { struct Qdisc_ops *q, **qp; int rc = -EEXIST; write_lock(&qdisc_mod_lock); for (qp = &qdisc_base; (q = *qp) != NULL; qp = &q->next) if (!strcmp(qops->id, q->id)) goto out; if (qops->enqueue == NULL) qops->enqueue = noop_qdisc_ops.enqueue; if (qops->peek == NULL) { if (qops->dequeue == NULL) { qops->peek = noop_qdisc_ops.peek; } else { rc = -EINVAL; goto out; } } if (qops->dequeue == NULL) qops->dequeue = noop_qdisc_ops.dequeue; qops->next = NULL; *qp = qops; rc = 0; out: write_unlock(&qdisc_mod_lock); return rc; }",linux-2.6,,,103086550991496322559378745251320430769,0 5153,CWE-125,"ast_for_suite(struct compiling *c, const node *n) { asdl_seq *seq; stmt_ty s; int i, total, num, end, pos = 0; node *ch; REQ(n, suite); total = num_stmts(n); seq = _Py_asdl_seq_new(total, c->c_arena); if (!seq) return NULL; if (TYPE(CHILD(n, 0)) == simple_stmt) { n = CHILD(n, 0); end = NCH(n) - 1; if (TYPE(CHILD(n, end - 1)) == SEMI) end--; for (i = 0; i < end; i += 2) { ch = CHILD(n, i); s = ast_for_stmt(c, ch); if (!s) return NULL; asdl_seq_SET(seq, pos++, s); } } else { for (i = 2; i < (NCH(n) - 1); i++) { ch = CHILD(n, i); REQ(ch, stmt); num = num_stmts(ch); if (num == 1) { s = ast_for_stmt(c, ch); if (!s) return NULL; asdl_seq_SET(seq, pos++, s); } else { int j; ch = CHILD(ch, 0); REQ(ch, simple_stmt); for (j = 0; j < NCH(ch); j += 2) { if (NCH(CHILD(ch, j)) == 0) { assert((j + 1) == NCH(ch)); break; } s = ast_for_stmt(c, CHILD(ch, j)); if (!s) return NULL; asdl_seq_SET(seq, pos++, s); } } } } assert(pos == seq->size); return seq; }",visit repo url,Python/ast.c,https://github.com/python/cpython,216656466236229,1 6470,CWE-119,"void * pvPortMalloc( size_t xWantedSize ) { BlockLink_t * pxBlock, * pxPreviousBlock, * pxNewBlockLink; void * pvReturn = NULL; configASSERT( pxEnd ); vTaskSuspendAll(); { if( ( xWantedSize & xBlockAllocatedBit ) == 0 ) { if( xWantedSize > 0 ) { xWantedSize += xHeapStructSize; if( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) != 0x00 ) { xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); } else { mtCOVERAGE_TEST_MARKER(); } } else { mtCOVERAGE_TEST_MARKER(); } if( ( xWantedSize > 0 ) && ( xWantedSize <= xFreeBytesRemaining ) ) { pxPreviousBlock = &xStart; pxBlock = xStart.pxNextFreeBlock; while( ( pxBlock->xBlockSize < xWantedSize ) && ( pxBlock->pxNextFreeBlock != NULL ) ) { pxPreviousBlock = pxBlock; pxBlock = pxBlock->pxNextFreeBlock; } if( pxBlock != pxEnd ) { pvReturn = ( void * ) ( ( ( uint8_t * ) pxPreviousBlock->pxNextFreeBlock ) + xHeapStructSize ); pxPreviousBlock->pxNextFreeBlock = pxBlock->pxNextFreeBlock; if( ( pxBlock->xBlockSize - xWantedSize ) > heapMINIMUM_BLOCK_SIZE ) { pxNewBlockLink = ( void * ) ( ( ( uint8_t * ) pxBlock ) + xWantedSize ); pxNewBlockLink->xBlockSize = pxBlock->xBlockSize - xWantedSize; pxBlock->xBlockSize = xWantedSize; prvInsertBlockIntoFreeList( ( pxNewBlockLink ) ); } else { mtCOVERAGE_TEST_MARKER(); } xFreeBytesRemaining -= pxBlock->xBlockSize; if( xFreeBytesRemaining < xMinimumEverFreeBytesRemaining ) { xMinimumEverFreeBytesRemaining = xFreeBytesRemaining; } else { mtCOVERAGE_TEST_MARKER(); } pxBlock->xBlockSize |= xBlockAllocatedBit; pxBlock->pxNextFreeBlock = NULL; xNumberOfSuccessfulAllocations++; } else { mtCOVERAGE_TEST_MARKER(); } } else { mtCOVERAGE_TEST_MARKER(); } } else { mtCOVERAGE_TEST_MARKER(); } traceMALLOC( pvReturn, xWantedSize ); } ( void ) xTaskResumeAll(); #if ( configUSE_MALLOC_FAILED_HOOK == 1 ) { if( pvReturn == NULL ) { extern void vApplicationMallocFailedHook( void ); vApplicationMallocFailedHook(); } else { mtCOVERAGE_TEST_MARKER(); } } #endif return pvReturn; } ",visit repo url,portable/MemMang/heap_5.c,https://github.com/FreeRTOS/FreeRTOS-Kernel,51632007684792,1 1177,CWE-400,"static void perf_event_interrupt(struct pt_regs *regs) { int i; struct cpu_hw_events *cpuhw = &__get_cpu_var(cpu_hw_events); struct perf_event *event; unsigned long val; int found = 0; int nmi; if (cpuhw->n_limited) freeze_limited_counters(cpuhw, mfspr(SPRN_PMC5), mfspr(SPRN_PMC6)); perf_read_regs(regs); nmi = perf_intr_is_nmi(regs); if (nmi) nmi_enter(); else irq_enter(); for (i = 0; i < cpuhw->n_events; ++i) { event = cpuhw->event[i]; if (!event->hw.idx || is_limited_pmc(event->hw.idx)) continue; val = read_pmc(event->hw.idx); if ((int)val < 0) { found = 1; record_and_restart(event, val, regs, nmi); } } if (!found) { for (i = 0; i < ppmu->n_counter; ++i) { if (is_limited_pmc(i + 1)) continue; val = read_pmc(i + 1); if (pmc_overflow(val)) write_pmc(i + 1, 0); } } write_mmcr0(cpuhw, cpuhw->mmcr[0]); if (nmi) nmi_exit(); else irq_exit(); }",visit repo url,arch/powerpc/kernel/perf_event.c,https://github.com/torvalds/linux,223046003808317,1 4604,CWE-787,"static s32 gf_avc_read_pps_bs_internal(GF_BitStream *bs, AVCState *avc, u32 nal_hdr) { s32 pps_id; AVC_PPS *pps; gf_bs_enable_emulation_byte_removal(bs, GF_TRUE); if (!nal_hdr) { gf_bs_read_int_log(bs, 1, ""forbidden_zero_bit""); gf_bs_read_int_log(bs, 2, ""nal_ref_idc""); gf_bs_read_int_log(bs, 5, ""nal_unit_type""); } pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if (pps_id >= 255) { return -1; } pps = &avc->pps[pps_id]; pps->id = pps_id; if (!pps->status) pps->status = 1; pps->sps_id = gf_bs_read_ue_log(bs, ""sps_id""); if (pps->sps_id >= 32) { pps->sps_id = 0; return -1; } if (!avc->sps[pps->sps_id].state && !avc->sps[pps->sps_id + GF_SVC_SSPS_ID_SHIFT].state) { return -1; } avc->pps_active_idx = pps->id; avc->sps_active_idx = pps->sps_id; pps->entropy_coding_mode_flag = gf_bs_read_int_log(bs, 1, ""entropy_coding_mode_flag""); pps->pic_order_present = gf_bs_read_int_log(bs, 1, ""pic_order_present""); pps->slice_group_count = gf_bs_read_ue_log(bs, ""slice_group_count_minus1"") + 1; if (pps->slice_group_count > 1) { u32 iGroup; pps->mb_slice_group_map_type = gf_bs_read_ue_log(bs, ""mb_slice_group_map_type""); if (pps->mb_slice_group_map_type == 0) { for (iGroup = 0; iGroup <= pps->slice_group_count - 1; iGroup++) gf_bs_read_ue_log_idx(bs, ""run_length_minus1"", iGroup); } else if (pps->mb_slice_group_map_type == 2) { for (iGroup = 0; iGroup < pps->slice_group_count - 1; iGroup++) { gf_bs_read_ue_log_idx(bs, ""top_left"", iGroup); gf_bs_read_ue_log_idx(bs, ""bottom_right"", iGroup); } } else if (pps->mb_slice_group_map_type == 3 || pps->mb_slice_group_map_type == 4 || pps->mb_slice_group_map_type == 5) { gf_bs_read_int_log(bs, 1, ""slice_group_change_direction_flag""); gf_bs_read_ue_log(bs, ""slice_group_change_rate_minus1""); } else if (pps->mb_slice_group_map_type == 6) { u32 i; pps->pic_size_in_map_units_minus1 = gf_bs_read_ue_log(bs, ""pic_size_in_map_units_minus1""); for (i = 0; i <= pps->pic_size_in_map_units_minus1; i++) { gf_bs_read_int_log_idx(bs, (u32)ceil(log(pps->slice_group_count) / log(2)), ""slice_group_id"", i); } } } pps->num_ref_idx_l0_default_active_minus1 = gf_bs_read_ue_log(bs, ""num_ref_idx_l0_default_active_minus1""); pps->num_ref_idx_l1_default_active_minus1 = gf_bs_read_ue_log(bs, ""num_ref_idx_l1_default_active_minus1""); pps->weighted_pred_flag = gf_bs_read_int_log(bs, 1, ""weighted_pred_flag""); gf_bs_read_int_log(bs, 2, ""weighted_bipred_idc""); gf_bs_read_se_log(bs, ""init_qp_minus26""); gf_bs_read_se_log(bs, ""init_qs_minus26""); gf_bs_read_se_log(bs, ""chroma_qp_index_offset""); pps->deblocking_filter_control_present_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_control_present_flag""); gf_bs_read_int_log(bs, 1, ""constrained_intra_pred""); pps->redundant_pic_cnt_present = gf_bs_read_int_log(bs, 1, ""redundant_pic_cnt_present""); return pps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,48579927790107,1 2517,CWE-59,"archive_write_disk_set_acls(struct archive *a, int fd, const char *name, struct archive_acl *abstract_acl, __LA_MODE_T mode) { int ret = ARCHIVE_OK; (void)mode; if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) { ret = set_acl(a, fd, name, abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, ""posix1e""); return (ret); } #if ARCHIVE_ACL_SUNOS_NFS4 else if ((archive_acl_types(abstract_acl) & ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) { ret = set_acl(a, fd, name, abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4, ""nfs4""); } #endif return (ret); }",visit repo url,libarchive/archive_disk_acl_sunos.c,https://github.com/libarchive/libarchive,140083359702751,1 1523,CWE-362,"int prepare_binprm(struct linux_binprm *bprm) { struct inode *inode = file_inode(bprm->file); umode_t mode = inode->i_mode; int retval; bprm->cred->euid = current_euid(); bprm->cred->egid = current_egid(); if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) && !task_no_new_privs(current) && kuid_has_mapping(bprm->cred->user_ns, inode->i_uid) && kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) { if (mode & S_ISUID) { bprm->per_clear |= PER_CLEAR_ON_SETID; bprm->cred->euid = inode->i_uid; } if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { bprm->per_clear |= PER_CLEAR_ON_SETID; bprm->cred->egid = inode->i_gid; } } retval = security_bprm_set_creds(bprm); if (retval) return retval; bprm->cred_prepared = 1; memset(bprm->buf, 0, BINPRM_BUF_SIZE); return kernel_read(bprm->file, 0, bprm->buf, BINPRM_BUF_SIZE); }",visit repo url,fs/exec.c,https://github.com/torvalds/linux,189537276721302,1 5766,['CWE-200'],"static void rose_kill_by_device(struct net_device *dev) { struct sock *s; struct hlist_node *node; spin_lock_bh(&rose_list_lock); sk_for_each(s, node, &rose_list) { struct rose_sock *rose = rose_sk(s); if (rose->device == dev) { rose_disconnect(s, ENETUNREACH, ROSE_OUT_OF_ORDER, 0); rose->neighbour->use--; rose->device = NULL; } } spin_unlock_bh(&rose_list_lock); }",linux-2.6,,,137707312640107467378108978025007615905,0 3881,CWE-78,"f_histadd(typval_T *argvars UNUSED, typval_T *rettv) { #ifdef FEAT_CMDHIST int histype; char_u *str; char_u buf[NUMBUFLEN]; #endif rettv->vval.v_number = FALSE; if (check_restricted() || check_secure()) return; #ifdef FEAT_CMDHIST str = tv_get_string_chk(&argvars[0]); histype = str != NULL ? get_histtype(str) : -1; if (histype >= 0) { str = tv_get_string_buf(&argvars[1], buf); if (*str != NUL) { init_history(); add_to_history(histype, str, FALSE, NUL); rettv->vval.v_number = TRUE; return; } } #endif }",visit repo url,src/evalfunc.c,https://github.com/vim/vim,149598382849842,1 967,CWE-264,"xfs_file_splice_write( struct pipe_inode_info *pipe, struct file *outfilp, loff_t *ppos, size_t count, unsigned int flags) { struct inode *inode = outfilp->f_mapping->host; struct xfs_inode *ip = XFS_I(inode); int ioflags = 0; ssize_t ret; XFS_STATS_INC(xs_write_calls); if (outfilp->f_mode & FMODE_NOCMTIME) ioflags |= IO_INVIS; if (XFS_FORCED_SHUTDOWN(ip->i_mount)) return -EIO; xfs_ilock(ip, XFS_IOLOCK_EXCL); trace_xfs_file_splice_write(ip, count, *ppos, ioflags); ret = generic_file_splice_write(pipe, outfilp, ppos, count, flags); if (ret > 0) XFS_STATS_ADD(xs_write_bytes, ret); xfs_iunlock(ip, XFS_IOLOCK_EXCL); return ret; }",visit repo url,fs/xfs/xfs_file.c,https://github.com/torvalds/linux,68827261345149,1 5099,CWE-125,"PyParser_AddToken(parser_state *ps, int type, char *str, int lineno, int col_offset, int end_lineno, int end_col_offset, int *expected_ret) { int ilabel; int err; D(printf(""Token %s/'%s' ... "", _PyParser_TokenNames[type], str)); ilabel = classify(ps, type, str); if (ilabel < 0) return E_SYNTAX; for (;;) { dfa *d = ps->p_stack.s_top->s_dfa; state *s = &d->d_state[ps->p_stack.s_top->s_state]; D(printf("" DFA '%s', state %d:"", d->d_name, ps->p_stack.s_top->s_state)); if (s->s_lower <= ilabel && ilabel < s->s_upper) { int x = s->s_accel[ilabel - s->s_lower]; if (x != -1) { if (x & (1<<7)) { int nt = (x >> 8) + NT_OFFSET; int arrow = x & ((1<<7)-1); dfa *d1 = PyGrammar_FindDFA( ps->p_grammar, nt); if ((err = push(&ps->p_stack, nt, d1, arrow, lineno, col_offset, end_lineno, end_col_offset)) > 0) { D(printf("" MemError: push\n"")); return err; } D(printf("" Push ...\n"")); continue; } if ((err = shift(&ps->p_stack, type, str, x, lineno, col_offset, end_lineno, end_col_offset)) > 0) { D(printf("" MemError: shift.\n"")); return err; } D(printf("" Shift.\n"")); while (s = &d->d_state [ps->p_stack.s_top->s_state], s->s_accept && s->s_narcs == 1) { D(printf("" DFA '%s', state %d: "" ""Direct pop.\n"", d->d_name, ps->p_stack.s_top->s_state)); #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD #if 0 if (d->d_name[0] == 'i' && strcmp(d->d_name, ""import_stmt"") == 0) future_hack(ps); #endif #endif s_pop(&ps->p_stack); if (s_empty(&ps->p_stack)) { D(printf("" ACCEPT.\n"")); return E_DONE; } d = ps->p_stack.s_top->s_dfa; } return E_OK; } } if (s->s_accept) { #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD #if 0 if (d->d_name[0] == 'i' && strcmp(d->d_name, ""import_stmt"") == 0) future_hack(ps); #endif #endif s_pop(&ps->p_stack); D(printf("" Pop ...\n"")); if (s_empty(&ps->p_stack)) { D(printf("" Error: bottom of stack.\n"")); return E_SYNTAX; } continue; } D(printf("" Error.\n"")); if (expected_ret) { if (s->s_lower == s->s_upper - 1) { *expected_ret = ps->p_grammar-> g_ll.ll_label[s->s_lower].lb_type; } else *expected_ret = -1; } return E_SYNTAX; } }",visit repo url,Parser/parser.c,https://github.com/python/cpython,29358263927902,1 1435,CWE-264,"static __inline__ int scm_check_creds(struct ucred *creds) { const struct cred *cred = current_cred(); kuid_t uid = make_kuid(cred->user_ns, creds->uid); kgid_t gid = make_kgid(cred->user_ns, creds->gid); if (!uid_valid(uid) || !gid_valid(gid)) return -EINVAL; if ((creds->pid == task_tgid_vnr(current) || nsown_capable(CAP_SYS_ADMIN)) && ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) { return 0; } return -EPERM; }",visit repo url,net/core/scm.c,https://github.com/torvalds/linux,249002333146661,1 6483,[],"lt_argz_insertinorder (char **pargz, size_t *pargz_len, const char *entry) { char *before = 0; assert (pargz); assert (pargz_len); assert (entry && *entry); if (*pargz) while ((before = argz_next (*pargz, *pargz_len, before))) { int cmp = strcmp (entry, before); if (cmp < 0) break; if (cmp == 0) return 0; } return lt_argz_insert (pargz, pargz_len, before, entry); }",libtool,,,246799682220155377231966741501003097243,0 4142,CWE-20,"static int db_dict_iter_lookup_key_values(struct db_dict_value_iter *iter) { struct db_dict_iter_key *key; string_t *path; const char *error; int ret; array_sort(&iter->keys, db_dict_iter_key_cmp); path = t_str_new(128); str_append(path, DICT_PATH_SHARED); array_foreach_modifiable(&iter->keys, key) { if (!key->used) continue; str_truncate(path, strlen(DICT_PATH_SHARED)); ret = var_expand(path, key->key->key, iter->var_expand_table, &error); if (ret <= 0) { auth_request_log_error(iter->auth_request, AUTH_SUBSYS_DB, ""Failed to expand key %s: %s"", key->key->key, error); return -1; } ret = dict_lookup(iter->conn->dict, iter->pool, str_c(path), &key->value, &error); if (ret > 0) { auth_request_log_debug(iter->auth_request, AUTH_SUBSYS_DB, ""Lookup: %s = %s"", str_c(path), key->value); } else if (ret < 0) { auth_request_log_error(iter->auth_request, AUTH_SUBSYS_DB, ""Failed to lookup key %s: %s"", str_c(path), error); return -1; } else if (key->key->default_value != NULL) { auth_request_log_debug(iter->auth_request, AUTH_SUBSYS_DB, ""Lookup: %s not found, using default value %s"", str_c(path), key->key->default_value); key->value = key->key->default_value; } else { return 0; } } return 1; }",visit repo url,src/auth/db-dict.c,https://github.com/dovecot/core,35734265967779,1 4330,NVD-CWE-noinfo,"void CL_InitRef( void ) { refimport_t ri; refexport_t *ret; #ifdef USE_RENDERER_DLOPEN GetRefAPI_t GetRefAPI; char dllName[MAX_OSPATH]; #endif Com_Printf( ""----- Initializing Renderer ----\n"" ); #ifdef USE_RENDERER_DLOPEN cl_renderer = Cvar_Get(""cl_renderer"", ""opengl1"", CVAR_ARCHIVE | CVAR_LATCH); Com_sprintf(dllName, sizeof(dllName), ""renderer_mp_%s_"" ARCH_STRING DLL_EXT, cl_renderer->string); if(!(rendererLib = Sys_LoadDll(dllName, qfalse)) && strcmp(cl_renderer->string, cl_renderer->resetString)) { Com_Printf(""failed:\n\""%s\""\n"", Sys_LibraryError()); Cvar_ForceReset(""cl_renderer""); Com_sprintf(dllName, sizeof(dllName), ""renderer_mp_opengl1_"" ARCH_STRING DLL_EXT); rendererLib = Sys_LoadDll(dllName, qfalse); } if(!rendererLib) { Com_Printf(""failed:\n\""%s\""\n"", Sys_LibraryError()); Com_Error(ERR_FATAL, ""Failed to load renderer""); } GetRefAPI = Sys_LoadFunction(rendererLib, ""GetRefAPI""); if(!GetRefAPI) { Com_Error(ERR_FATAL, ""Can't load symbol GetRefAPI: '%s'"", Sys_LibraryError()); } #endif ri.Cmd_AddCommand = Cmd_AddCommand; ri.Cmd_RemoveCommand = Cmd_RemoveCommand; ri.Cmd_Argc = Cmd_Argc; ri.Cmd_Argv = Cmd_Argv; ri.Cmd_ExecuteText = Cbuf_ExecuteText; ri.Printf = CL_RefPrintf; ri.Error = Com_Error; ri.Milliseconds = CL_ScaledMilliseconds; #ifdef ZONE_DEBUG ri.Z_MallocDebug = CL_RefMallocDebug; #else ri.Z_Malloc = CL_RefMalloc; #endif ri.Free = Z_Free; ri.Tag_Free = CL_RefTagFree; ri.Hunk_Clear = Hunk_ClearToMark; #ifdef HUNK_DEBUG ri.Hunk_AllocDebug = Hunk_AllocDebug; #else ri.Hunk_Alloc = Hunk_Alloc; #endif ri.Hunk_AllocateTempMemory = Hunk_AllocateTempMemory; ri.Hunk_FreeTempMemory = Hunk_FreeTempMemory; ri.CM_ClusterPVS = CM_ClusterPVS; ri.CM_DrawDebugSurface = CM_DrawDebugSurface; ri.FS_ReadFile = FS_ReadFile; ri.FS_FreeFile = FS_FreeFile; ri.FS_WriteFile = FS_WriteFile; ri.FS_FreeFileList = FS_FreeFileList; ri.FS_ListFiles = FS_ListFiles; ri.FS_FileIsInPAK = FS_FileIsInPAK; ri.FS_FileExists = FS_FileExists; ri.Cvar_Get = Cvar_Get; ri.Cvar_Set = Cvar_Set; ri.Cvar_SetValue = Cvar_SetValue; ri.Cvar_CheckRange = Cvar_CheckRange; ri.Cvar_VariableIntegerValue = Cvar_VariableIntegerValue; ri.CIN_UploadCinematic = CIN_UploadCinematic; ri.CIN_PlayCinematic = CIN_PlayCinematic; ri.CIN_RunCinematic = CIN_RunCinematic; ri.CL_WriteAVIVideoFrame = CL_WriteAVIVideoFrame; ri.IN_Init = IN_Init; ri.IN_Shutdown = IN_Shutdown; ri.IN_Restart = IN_Restart; ri.ftol = Q_ftol; ri.Sys_SetEnv = Sys_SetEnv; ri.Sys_GLimpSafeInit = Sys_GLimpSafeInit; ri.Sys_GLimpInit = Sys_GLimpInit; ri.Sys_LowPhysicalMemory = Sys_LowPhysicalMemory; ret = GetRefAPI( REF_API_VERSION, &ri ); if ( !ret ) { Com_Error( ERR_FATAL, ""Couldn't initialize refresh"" ); } re = *ret; Com_Printf( ""---- Renderer Initialization Complete ----\n"" ); Cvar_Set( ""cl_paused"", ""0"" ); }",visit repo url,MP/code/client/cl_main.c,https://github.com/iortcw/iortcw,26757412303016,1 701,CWE-20,"int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int err = 0; size_t target, copied = 0; long timeo; if (flags & MSG_OOB) return -EOPNOTSUPP; msg->msg_namelen = 0; BT_DBG(""sk %p size %zu"", sk, size); lock_sock(sk); target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); do { struct sk_buff *skb; int chunk; skb = skb_dequeue(&sk->sk_receive_queue); if (!skb) { if (copied >= target) break; err = sock_error(sk); if (err) break; if (sk->sk_shutdown & RCV_SHUTDOWN) break; err = -EAGAIN; if (!timeo) break; timeo = bt_sock_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } continue; } chunk = min_t(unsigned int, skb->len, size); if (skb_copy_datagram_iovec(skb, 0, msg->msg_iov, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (!copied) copied = -EFAULT; break; } copied += chunk; size -= chunk; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { int skb_len = skb_headlen(skb); if (chunk <= skb_len) { __skb_pull(skb, chunk); } else { struct sk_buff *frag; __skb_pull(skb, skb_len); chunk -= skb_len; skb_walk_frags(skb, frag) { if (chunk <= frag->len) { skb->len -= chunk; skb->data_len -= chunk; __skb_pull(frag, chunk); break; } else if (frag->len) { chunk -= frag->len; skb->len -= frag->len; skb->data_len -= frag->len; __skb_pull(frag, frag->len); } } } if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); out: release_sock(sk); return copied ? : err; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,130876190644773,1 2114,[],"int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2) { struct inet_sock *inet1 = inet_sk(sk1), *inet2 = inet_sk(sk2); return ( !ipv6_only_sock(sk2) && (!inet1->rcv_saddr || !inet2->rcv_saddr || inet1->rcv_saddr == inet2->rcv_saddr )); }",linux-2.6,,,310977911565198488349143592002764082308,0 6029,CWE-476,"print_line_detail( Dwarf_Debug dbg, const char *prefix, int opcode, unsigned curr_line, struct Dwarf_Line_Registers_s * regs, Dwarf_Bool is_single_table, Dwarf_Bool is_actuals_table) { dwarfstring m1; dwarfstring_constructor_static(&m1,locallinebuf, sizeof(locallinebuf)); if(!is_single_table && is_actuals_table) { dwarfstring_append_printf_s(&m1,""%-15s "",(char *)prefix); dwarfstring_append_printf_i(&m1,""%3d "",opcode); dwarfstring_append_printf_u(&m1,""0x%"" DW_PR_XZEROS DW_PR_DUx , regs->lr_address); dwarfstring_append_printf_u(&m1,""/%01u"",regs->lr_op_index); dwarfstring_append_printf_u(&m1,"" %5lu"", regs->lr_line); dwarfstring_append_printf_u(&m1,"" %3d"",regs->lr_isa); dwarfstring_append_printf_i(&m1,"" %1d"", regs->lr_basic_block); dwarfstring_append_printf_i(&m1,""%1d\n"", regs->lr_end_sequence); _dwarf_printf(dbg,dwarfstring_string(&m1)); dwarfstring_destructor(&m1); return; } if(!is_single_table && !is_actuals_table) { dwarfstring_append_printf_i(&m1, ""[%3d] "" , curr_line); dwarfstring_append_printf_s(&m1, ""%-15s "",(char *)prefix); dwarfstring_append_printf_i(&m1, ""%3d "",opcode); dwarfstring_append_printf_u(&m1, ""x%"" DW_PR_XZEROS DW_PR_DUx, regs->lr_address); dwarfstring_append_printf_u(&m1, ""/%01u"", regs->lr_op_index); dwarfstring_append_printf_u(&m1,"" %2lu "",regs->lr_file); dwarfstring_append_printf_u(&m1,""%4lu "",regs->lr_line); dwarfstring_append_printf_u(&m1,""%1lu"",regs->lr_column); if (regs->lr_discriminator || regs->lr_prologue_end || regs->lr_epilogue_begin || regs->lr_isa || regs->lr_is_stmt || regs->lr_call_context || regs->lr_subprogram) { dwarfstring_append_printf_u(&m1, "" x%02"" DW_PR_DUx , regs->lr_discriminator); dwarfstring_append_printf_u(&m1, "" x%02"" DW_PR_DUx , regs->lr_call_context); dwarfstring_append_printf_u(&m1, "" x%02"" DW_PR_DUx , regs->lr_subprogram); dwarfstring_append_printf_i(&m1, "" %1d"", regs->lr_is_stmt); dwarfstring_append_printf_i(&m1, ""%1d"", (int) regs->lr_isa); dwarfstring_append_printf_i(&m1, ""%1d"", regs->lr_prologue_end); dwarfstring_append_printf_i(&m1, ""%1d"", regs->lr_epilogue_begin); } dwarfstring_append(&m1,""\n""); _dwarf_printf(dbg,dwarfstring_string(&m1)); dwarfstring_destructor(&m1); return; } dwarfstring_append_printf_s(&m1, ""%-15s "",(char *)prefix); dwarfstring_append_printf_i(&m1, ""%2d "",opcode); dwarfstring_append_printf_u(&m1, ""0x%"" DW_PR_XZEROS DW_PR_DUx "" "", regs->lr_address); dwarfstring_append_printf_u(&m1, ""%2lu "", regs->lr_file); dwarfstring_append_printf_u(&m1, ""%4lu "", regs->lr_line); dwarfstring_append_printf_u(&m1, ""%2lu "", regs->lr_column); dwarfstring_append_printf_i(&m1, ""%1d "",regs->lr_is_stmt); dwarfstring_append_printf_i(&m1, ""%1d "", regs->lr_basic_block); dwarfstring_append_printf_i(&m1, ""%1d"",regs->lr_end_sequence); if (regs->lr_discriminator || regs->lr_prologue_end || regs->lr_epilogue_begin || regs->lr_isa) { dwarfstring_append_printf_i(&m1, "" %1d"", regs->lr_prologue_end); dwarfstring_append_printf_i(&m1, "" %1d"", regs->lr_epilogue_begin); dwarfstring_append_printf_i(&m1, "" %1d"", regs->lr_isa); dwarfstring_append_printf_u(&m1, "" 0x%"" DW_PR_DUx , regs->lr_discriminator); } dwarfstring_append(&m1, ""\n""); _dwarf_printf(dbg,dwarfstring_string(&m1)); dwarfstring_destructor(&m1); }",visit repo url,libdwarf/dwarf_print_lines.c,https://github.com/davea42/libdwarf-code,200500713026641,1 5863,CWE-787,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_rpsi( const void *buf, pj_size_t length, pjmedia_rtcp_fb_rpsi *rpsi) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; pj_uint8_t *p; pj_uint8_t padlen; pj_size_t rpsi_len; PJ_ASSERT_RETURN(buf && rpsi, PJ_EINVAL); PJ_ASSERT_RETURN(length >= sizeof(pjmedia_rtcp_common), PJ_ETOOSMALL); if (hdr->pt != RTCP_PSFB || hdr->count != 3) return PJ_ENOTFOUND; rpsi_len = (pj_ntohs((pj_uint16_t)hdr->length)-2) * 4; if (length < rpsi_len + 12) return PJ_ETOOSMALL; p = (pj_uint8_t*)hdr + sizeof(*hdr); padlen = *p++; rpsi->pt = (*p++ & 0x7F); rpsi->rpsi_bit_len = rpsi_len*8 - 16 - padlen; pj_strset(&rpsi->rpsi, (char*)p, (rpsi->rpsi_bit_len + 7)/8); return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,62757712502521,1 3480,['CWE-20'],"sctp_disposition_t sctp_sf_do_8_5_1_E_sa(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); return sctp_sf_shut_8_4_5(ep, NULL, type, arg, commands); }",linux-2.6,,,12259639665384382207445387293556582620,0 6101,['CWE-200'],"static int cbq_set_fopt(struct cbq_class *cl, struct tc_cbq_fopt *fopt) { cbq_change_defmap(cl, fopt->split, fopt->defmap, fopt->defchange); return 0; }",linux-2.6,,,241569469800468740693775297300346301127,0 3659,['CWE-287'],"struct sctp_association *sctp_association_new(const struct sctp_endpoint *ep, const struct sock *sk, sctp_scope_t scope, gfp_t gfp) { struct sctp_association *asoc; asoc = t_new(struct sctp_association, gfp); if (!asoc) goto fail; if (!sctp_association_init(asoc, ep, sk, scope, gfp)) goto fail_init; asoc->base.malloced = 1; SCTP_DBG_OBJCNT_INC(assoc); SCTP_DEBUG_PRINTK(""Created asoc %p\n"", asoc); return asoc; fail_init: kfree(asoc); fail: return NULL; }",linux-2.6,,,280446935431278507541303657010353098835,0 6147,['CWE-200'],"void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data) { struct rtattr *rta; int size = RTA_LENGTH(attrlen); rta = (struct rtattr*)skb_put(skb, RTA_ALIGN(size)); rta->rta_type = attrtype; rta->rta_len = size; memcpy(RTA_DATA(rta), data, attrlen); memset(RTA_DATA(rta) + attrlen, 0, RTA_ALIGN(size) - size); }",linux-2.6,,,142444049233137041495560758292434329023,0 4715,CWE-78,"void imap_munge_mbox_name(struct ImapData *idata, char *dest, size_t dlen, const char *src) { char *buf = mutt_str_strdup(src); imap_utf_encode(idata, &buf); imap_quote_string(dest, dlen, buf); FREE(&buf); }",visit repo url,imap/util.c,https://github.com/neomutt/neomutt,148704621519325,1 485,CWE-125,"int usb_get_bos_descriptor(struct usb_device *dev) { struct device *ddev = &dev->dev; struct usb_bos_descriptor *bos; struct usb_dev_cap_header *cap; unsigned char *buffer; int length, total_len, num, i; int ret; bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL); if (!bos) return -ENOMEM; ret = usb_get_descriptor(dev, USB_DT_BOS, 0, bos, USB_DT_BOS_SIZE); if (ret < USB_DT_BOS_SIZE) { dev_err(ddev, ""unable to get BOS descriptor\n""); if (ret >= 0) ret = -ENOMSG; kfree(bos); return ret; } length = bos->bLength; total_len = le16_to_cpu(bos->wTotalLength); num = bos->bNumDeviceCaps; kfree(bos); if (total_len < length) return -EINVAL; dev->bos = kzalloc(sizeof(struct usb_host_bos), GFP_KERNEL); if (!dev->bos) return -ENOMEM; buffer = kzalloc(total_len, GFP_KERNEL); if (!buffer) { ret = -ENOMEM; goto err; } dev->bos->desc = (struct usb_bos_descriptor *)buffer; ret = usb_get_descriptor(dev, USB_DT_BOS, 0, buffer, total_len); if (ret < total_len) { dev_err(ddev, ""unable to get BOS descriptor set\n""); if (ret >= 0) ret = -ENOMSG; goto err; } total_len -= length; for (i = 0; i < num; i++) { buffer += length; cap = (struct usb_dev_cap_header *)buffer; length = cap->bLength; if (total_len < length) break; total_len -= length; if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) { dev_warn(ddev, ""descriptor type invalid, skip\n""); continue; } switch (cap->bDevCapabilityType) { case USB_CAP_TYPE_WIRELESS_USB: break; case USB_CAP_TYPE_EXT: dev->bos->ext_cap = (struct usb_ext_cap_descriptor *)buffer; break; case USB_SS_CAP_TYPE: dev->bos->ss_cap = (struct usb_ss_cap_descriptor *)buffer; break; case USB_SSP_CAP_TYPE: dev->bos->ssp_cap = (struct usb_ssp_cap_descriptor *)buffer; break; case CONTAINER_ID_TYPE: dev->bos->ss_id = (struct usb_ss_container_id_descriptor *)buffer; break; case USB_PTM_CAP_TYPE: dev->bos->ptm_cap = (struct usb_ptm_cap_descriptor *)buffer; default: break; } } return 0; err: usb_release_bos_descriptor(dev); return ret; }",visit repo url,drivers/usb/core/config.c,https://github.com/torvalds/linux,260080816606025,1 2990,CWE-399," switch (type) { #ifdef ELFCORE case ET_CORE: flags |= FLAGS_IS_CORE; if (dophn_core(ms, clazz, swap, fd, (off_t)elf_getu(swap, elfhdr.e_phoff), elf_getu16(swap, elfhdr.e_phnum), (size_t)elf_getu16(swap, elfhdr.e_phentsize), fsize, &flags) == -1) return -1; break; #endif case ET_EXEC: case ET_DYN: if (dophn_exec(ms, clazz, swap, fd, (off_t)elf_getu(swap, elfhdr.e_phoff), elf_getu16(swap, elfhdr.e_phnum), (size_t)elf_getu16(swap, elfhdr.e_phentsize), fsize, &flags, elf_getu16(swap, elfhdr.e_shnum)) == -1) return -1; case ET_REL: if (doshn(ms, clazz, swap, fd, (off_t)elf_getu(swap, elfhdr.e_shoff), elf_getu16(swap, elfhdr.e_shnum), (size_t)elf_getu16(swap, elfhdr.e_shentsize), fsize, &flags, elf_getu16(swap, elfhdr.e_machine), (int)elf_getu16(swap, elfhdr.e_shstrndx)) == -1) return -1; break; default: break; }",visit repo url,src/elfclass.h,https://github.com/file/file,76911748665246,1 2532,['CWE-119'],"void free_filespec(struct diff_filespec *spec) { if (!--spec->count) { diff_free_filespec_data(spec); free(spec); } }",git,,,183375280249790445301623553732585073308,0 2914,['CWE-189'],"static void jas_icclut16_dump(jas_iccattrval_t *attrval, FILE *out) { jas_icclut16_t *lut16 = &attrval->data.lut16; int i; int j; fprintf(out, ""numinchans=%d, numoutchans=%d, clutlen=%d\n"", lut16->numinchans, lut16->numoutchans, lut16->clutlen); for (i = 0; i < 3; ++i) { for (j = 0; j < 3; ++j) { fprintf(out, ""e[%d][%d]=%f "", i, j, lut16->e[i][j] / 65536.0); } fprintf(out, ""\n""); } fprintf(out, ""numintabents=%d, numouttabents=%d\n"", lut16->numintabents, lut16->numouttabents); }",jasper,,,283418313337136086946271222539907993044,0 1903,['CWE-20'],"static int remap_pte_range(struct mm_struct *mm, pmd_t *pmd, unsigned long addr, unsigned long end, unsigned long pfn, pgprot_t prot) { pte_t *pte; spinlock_t *ptl; pte = pte_alloc_map_lock(mm, pmd, addr, &ptl); if (!pte) return -ENOMEM; arch_enter_lazy_mmu_mode(); do { BUG_ON(!pte_none(*pte)); set_pte_at(mm, addr, pte, pte_mkspecial(pfn_pte(pfn, prot))); pfn++; } while (pte++, addr += PAGE_SIZE, addr != end); arch_leave_lazy_mmu_mode(); pte_unmap_unlock(pte - 1, ptl); return 0; }",linux-2.6,,,228179284422668835501967490113302144983,0 3625,CWE-617,"sonmp_decode(struct lldpd *cfg, char *frame, int s, struct lldpd_hardware *hardware, struct lldpd_chassis **newchassis, struct lldpd_port **newport) { const u_int8_t mcastaddr[] = SONMP_MULTICAST_ADDR; struct lldpd_chassis *chassis; struct lldpd_port *port; struct lldpd_mgmt *mgmt; int length, i; u_int8_t *pos; u_int8_t seg[3], rchassis; struct in_addr address; log_debug(""sonmp"", ""decode SONMP PDU from %s"", hardware->h_ifname); if ((chassis = calloc(1, sizeof(struct lldpd_chassis))) == NULL) { log_warn(""sonmp"", ""failed to allocate remote chassis""); return -1; } TAILQ_INIT(&chassis->c_mgmt); if ((port = calloc(1, sizeof(struct lldpd_port))) == NULL) { log_warn(""sonmp"", ""failed to allocate remote port""); free(chassis); return -1; } #ifdef ENABLE_DOT1 TAILQ_INIT(&port->p_vlans); #endif length = s; pos = (u_int8_t*)frame; if (length < SONMP_SIZE) { log_warnx(""sonmp"", ""too short SONMP frame received on %s"", hardware->h_ifname); goto malformed; } if (PEEK_CMP(mcastaddr, sizeof(mcastaddr)) != 0) goto malformed; PEEK_DISCARD(ETHER_ADDR_LEN); PEEK_DISCARD_UINT16; PEEK_DISCARD(6); if (PEEK_UINT16 != LLC_PID_SONMP_HELLO) { log_debug(""sonmp"", ""incorrect LLC protocol ID received for SONMP on %s"", hardware->h_ifname); goto malformed; } chassis->c_id_subtype = LLDP_CHASSISID_SUBTYPE_ADDR; if ((chassis->c_id = calloc(1, sizeof(struct in_addr) + 1)) == NULL) { log_warn(""sonmp"", ""unable to allocate memory for chassis id on %s"", hardware->h_ifname); goto malformed; } chassis->c_id_len = sizeof(struct in_addr) + 1; chassis->c_id[0] = 1; PEEK_BYTES(&address, sizeof(struct in_addr)); memcpy(chassis->c_id + 1, &address, sizeof(struct in_addr)); if (asprintf(&chassis->c_name, ""%s"", inet_ntoa(address)) == -1) { log_warnx(""sonmp"", ""unable to write chassis name for %s"", hardware->h_ifname); goto malformed; } PEEK_BYTES(seg, sizeof(seg)); rchassis = PEEK_UINT8; for (i=0; sonmp_chassis_types[i].type != 0; i++) { if (sonmp_chassis_types[i].type == rchassis) break; } if (asprintf(&chassis->c_descr, ""%s"", sonmp_chassis_types[i].description) == -1) { log_warnx(""sonmp"", ""unable to write chassis description for %s"", hardware->h_ifname); goto malformed; } mgmt = lldpd_alloc_mgmt(LLDPD_AF_IPV4, &address, sizeof(struct in_addr), 0); if (mgmt == NULL) { assert(errno == ENOMEM); log_warn(""sonmp"", ""unable to allocate memory for management address""); goto malformed; } TAILQ_INSERT_TAIL(&chassis->c_mgmt, mgmt, m_entries); chassis->c_ttl = cfg?(cfg->g_config.c_tx_interval * cfg->g_config.c_tx_hold): LLDPD_TTL; port->p_id_subtype = LLDP_PORTID_SUBTYPE_LOCAL; if (asprintf(&port->p_id, ""%02x-%02x-%02x"", seg[0], seg[1], seg[2]) == -1) { log_warn(""sonmp"", ""unable to allocate memory for port id on %s"", hardware->h_ifname); goto malformed; } port->p_id_len = strlen(port->p_id); if ((seg[0] == 0) && (seg[1] == 0)) { if (asprintf(&port->p_descr, ""port %d"", seg[2]) == -1) { log_warnx(""sonmp"", ""unable to write port description for %s"", hardware->h_ifname); goto malformed; } } else if (seg[0] == 0) { if (asprintf(&port->p_descr, ""port %d/%d"", seg[1], seg[2]) == -1) { log_warnx(""sonmp"", ""unable to write port description for %s"", hardware->h_ifname); goto malformed; } } else { if (asprintf(&port->p_descr, ""port %x:%x:%x"", seg[0], seg[1], seg[2]) == -1) { log_warnx(""sonmp"", ""unable to write port description for %s"", hardware->h_ifname); goto malformed; } } *newchassis = chassis; *newport = port; return 1; malformed: lldpd_chassis_cleanup(chassis, 1); lldpd_port_cleanup(port, 1); free(port); return -1; }",visit repo url,src/daemon/protocols/sonmp.c,https://github.com/vincentbernat/lldpd,204766971801755,1 2967,CWE-119,"cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs, size_t len, const cdf_header_t *h, cdf_secid_t id) { size_t ss = CDF_SHORT_SEC_SIZE(h); size_t pos = CDF_SHORT_SEC_POS(h, id); assert(ss == len); if (pos > CDF_SEC_SIZE(h) * sst->sst_len) { DPRINTF((""Out of bounds read %"" SIZE_T_FORMAT ""u > %"" SIZE_T_FORMAT ""u\n"", pos, CDF_SEC_SIZE(h) * sst->sst_len)); return -1; } (void)memcpy(((char *)buf) + offs, ((const char *)sst->sst_tab) + pos, len); return len; }",visit repo url,src/cdf.c,https://github.com/file/file,34610410403425,1 3748,[],"static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) { struct sock *sk = sock->sk; struct net *net = sock_net(sk); struct sockaddr_un *sunaddr=(struct sockaddr_un*)addr; struct sock *other; unsigned hash; int err; if (addr->sa_family != AF_UNSPEC) { err = unix_mkname(sunaddr, alen, &hash); if (err < 0) goto out; alen = err; if (test_bit(SOCK_PASSCRED, &sock->flags) && !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0) goto out; restart: other=unix_find_other(net, sunaddr, alen, sock->type, hash, &err); if (!other) goto out; unix_state_double_lock(sk, other); if (sock_flag(other, SOCK_DEAD)) { unix_state_double_unlock(sk, other); sock_put(other); goto restart; } err = -EPERM; if (!unix_may_send(sk, other)) goto out_unlock; err = security_unix_may_send(sk->sk_socket, other->sk_socket); if (err) goto out_unlock; } else { other = NULL; unix_state_double_lock(sk, other); } if (unix_peer(sk)) { struct sock *old_peer = unix_peer(sk); unix_peer(sk)=other; unix_state_double_unlock(sk, other); if (other != old_peer) unix_dgram_disconnected(sk, old_peer); sock_put(old_peer); } else { unix_peer(sk)=other; unix_state_double_unlock(sk, other); } return 0; out_unlock: unix_state_double_unlock(sk, other); sock_put(other); out: return err; }",linux-2.6,,,103816414804104871488865535196269588382,0 4319,['CWE-119'],"static int ms_adpcm_decode_block (ms_adpcm_data *msadpcm, const uint8_t *encoded, int16_t *decoded) { int i, outputLength, samplesRemaining; int channelCount; int16_t *coefficient[2]; ms_adpcm_state decoderState[2]; ms_adpcm_state *state[2]; outputLength = msadpcm->framesPerBlock * sizeof (int16_t) * msadpcm->track->f.channelCount; channelCount = msadpcm->track->f.channelCount; state[0] = &decoderState[0]; if (channelCount == 2) state[1] = &decoderState[1]; else state[1] = &decoderState[0]; for (i=0; ipredictor = *encoded++; assert(state[i]->predictor < msadpcm->numCoefficients); } for (i=0; idelta = (encoded[1]<<8) | encoded[0]; encoded += sizeof (uint16_t); } for (i=0; isample1 = (encoded[1]<<8) | encoded[0]; encoded += sizeof (uint16_t); } for (i=0; isample2 = (encoded[1]<<8) | encoded[0]; encoded += sizeof (uint16_t); } coefficient[0] = msadpcm->coefficients[state[0]->predictor]; coefficient[1] = msadpcm->coefficients[state[1]->predictor]; for (i=0; isample2; for (i=0; isample1; samplesRemaining = (msadpcm->framesPerBlock - 2) * msadpcm->track->f.channelCount; while (samplesRemaining > 0) { uint8_t code; int16_t newSample; code = *encoded >> 4; newSample = ms_adpcm_decode_sample(state[0], code, coefficient[0]); *decoded++ = newSample; code = *encoded & 0x0f; newSample = ms_adpcm_decode_sample(state[1], code, coefficient[1]); *decoded++ = newSample; encoded++; samplesRemaining -= 2; } return outputLength; }",audiofile,,,285542260213887030269426694745226287680,0 4825,['CWE-399'],"static int inotify_fasync(int fd, struct file *file, int on) { struct inotify_device *dev = file->private_data; return fasync_helper(fd, file, on, &dev->fa) >= 0 ? 0 : -EIO; }",linux-2.6,,,100665788069984376209430555150434324368,0 3607,['CWE-20'],"const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) { if (chunk->transport) { return &chunk->transport->ipaddr; } else { return &chunk->source; } }",linux-2.6,,,84508110134009603213842487995798226009,0 6318,CWE-295,"void options_free() { parse_global_option(CMD_FREE, NULL, NULL); }",visit repo url,src/options.c,https://github.com/mtrojnar/stunnel,252320112743479,1 4583,['CWE-399'],"static int ext4_get_blocks_handle(handle_t *handle, struct inode *inode, ext4_lblk_t iblock, unsigned int maxblocks, struct buffer_head *bh_result, int create, int extend_disksize) { int err = -EIO; ext4_lblk_t offsets[4]; Indirect chain[4]; Indirect *partial; ext4_fsblk_t goal; int indirect_blks; int blocks_to_boundary = 0; int depth; struct ext4_inode_info *ei = EXT4_I(inode); int count = 0; ext4_fsblk_t first_block = 0; loff_t disksize; J_ASSERT(!(EXT4_I(inode)->i_flags & EXT4_EXTENTS_FL)); J_ASSERT(handle != NULL || create == 0); depth = ext4_block_to_path(inode, iblock, offsets, &blocks_to_boundary); if (depth == 0) goto out; partial = ext4_get_branch(inode, depth, offsets, chain, &err); if (!partial) { first_block = le32_to_cpu(chain[depth - 1].key); clear_buffer_new(bh_result); count++; while (count < maxblocks && count <= blocks_to_boundary) { ext4_fsblk_t blk; blk = le32_to_cpu(*(chain[depth-1].p + count)); if (blk == first_block + count) count++; else break; } goto got_it; } if (!create || err == -EIO) goto cleanup; goal = ext4_find_goal(inode, iblock, partial); indirect_blks = (chain + depth) - partial - 1; count = ext4_blks_to_allocate(partial, indirect_blks, maxblocks, blocks_to_boundary); err = ext4_alloc_branch(handle, inode, iblock, indirect_blks, &count, goal, offsets + (partial - chain), partial); if (!err) err = ext4_splice_branch(handle, inode, iblock, partial, indirect_blks, count); if (!err && extend_disksize) { disksize = ((loff_t) iblock + count) << inode->i_blkbits; if (disksize > i_size_read(inode)) disksize = i_size_read(inode); if (disksize > ei->i_disksize) ei->i_disksize = disksize; } if (err) goto cleanup; set_buffer_new(bh_result); got_it: map_bh(bh_result, inode->i_sb, le32_to_cpu(chain[depth-1].key)); if (count > blocks_to_boundary) set_buffer_boundary(bh_result); err = count; partial = chain + depth - 1; cleanup: while (partial > chain) { BUFFER_TRACE(partial->bh, ""call brelse""); brelse(partial->bh); partial--; } BUFFER_TRACE(bh_result, ""returned""); out: return err; }",linux-2.6,,,219997241910423242270716279872120695408,0 2880,CWE-190,"tiffcp(TIFF* in, TIFF* out) { uint16 bitspersample, samplesperpixel; uint16 input_compression, input_photometric; copyFunc cf; uint32 width, length; struct cpTag* p; CopyField(TIFFTAG_IMAGEWIDTH, width); CopyField(TIFFTAG_IMAGELENGTH, length); CopyField(TIFFTAG_BITSPERSAMPLE, bitspersample); CopyField(TIFFTAG_SAMPLESPERPIXEL, samplesperpixel); if (compression != (uint16)-1) TIFFSetField(out, TIFFTAG_COMPRESSION, compression); else CopyField(TIFFTAG_COMPRESSION, compression); TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression); TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric); if (input_compression == COMPRESSION_JPEG) { TIFFSetField(in, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else if (input_photometric == PHOTOMETRIC_YCBCR) { uint16 subsamplinghor,subsamplingver; TIFFGetFieldDefaulted(in, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver); if (subsamplinghor!=1 || subsamplingver!=1) { fprintf(stderr, ""tiffcp: %s: Can't copy/convert subsampled image.\n"", TIFFFileName(in)); return FALSE; } } if (compression == COMPRESSION_JPEG) { if (input_photometric == PHOTOMETRIC_RGB && jpegcolormode == JPEGCOLORMODE_RGB) TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_YCBCR); else TIFFSetField(out, TIFFTAG_PHOTOMETRIC, input_photometric); } else if (compression == COMPRESSION_SGILOG || compression == COMPRESSION_SGILOG24) TIFFSetField(out, TIFFTAG_PHOTOMETRIC, samplesperpixel == 1 ? PHOTOMETRIC_LOGL : PHOTOMETRIC_LOGLUV); else if (input_compression == COMPRESSION_JPEG && samplesperpixel == 3 ) { TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_RGB); } else CopyTag(TIFFTAG_PHOTOMETRIC, 1, TIFF_SHORT); if (fillorder != 0) TIFFSetField(out, TIFFTAG_FILLORDER, fillorder); else CopyTag(TIFFTAG_FILLORDER, 1, TIFF_SHORT); TIFFGetFieldDefaulted(in, TIFFTAG_ORIENTATION, &orientation); switch (orientation) { case ORIENTATION_BOTRIGHT: case ORIENTATION_RIGHTBOT: TIFFWarning(TIFFFileName(in), ""using bottom-left orientation""); orientation = ORIENTATION_BOTLEFT; case ORIENTATION_LEFTBOT: case ORIENTATION_BOTLEFT: break; case ORIENTATION_TOPRIGHT: case ORIENTATION_RIGHTTOP: default: TIFFWarning(TIFFFileName(in), ""using top-left orientation""); orientation = ORIENTATION_TOPLEFT; case ORIENTATION_LEFTTOP: case ORIENTATION_TOPLEFT: break; } TIFFSetField(out, TIFFTAG_ORIENTATION, orientation); if (outtiled == -1) outtiled = TIFFIsTiled(in); if (outtiled) { if (tilewidth == (uint32) -1) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tilewidth); if (tilelength == (uint32) -1) TIFFGetField(in, TIFFTAG_TILELENGTH, &tilelength); TIFFDefaultTileSize(out, &tilewidth, &tilelength); TIFFSetField(out, TIFFTAG_TILEWIDTH, tilewidth); TIFFSetField(out, TIFFTAG_TILELENGTH, tilelength); } else { if (rowsperstrip == (uint32) 0) { if (!TIFFGetField(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip)) { rowsperstrip = TIFFDefaultStripSize(out, rowsperstrip); } if (rowsperstrip > length && rowsperstrip != (uint32)-1) rowsperstrip = length; } else if (rowsperstrip == (uint32) -1) rowsperstrip = length; TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, rowsperstrip); } if (config != (uint16) -1) TIFFSetField(out, TIFFTAG_PLANARCONFIG, config); else CopyField(TIFFTAG_PLANARCONFIG, config); if (samplesperpixel <= 4) CopyTag(TIFFTAG_TRANSFERFUNCTION, 4, TIFF_SHORT); CopyTag(TIFFTAG_COLORMAP, 4, TIFF_SHORT); switch (compression) { case COMPRESSION_JPEG: TIFFSetField(out, TIFFTAG_JPEGQUALITY, quality); TIFFSetField(out, TIFFTAG_JPEGCOLORMODE, jpegcolormode); break; case COMPRESSION_JBIG: CopyTag(TIFFTAG_FAXRECVPARAMS, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXRECVTIME, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXSUBADDRESS, 1, TIFF_ASCII); CopyTag(TIFFTAG_FAXDCS, 1, TIFF_ASCII); break; case COMPRESSION_LZW: case COMPRESSION_ADOBE_DEFLATE: case COMPRESSION_DEFLATE: case COMPRESSION_LZMA: if (predictor != (uint16)-1) TIFFSetField(out, TIFFTAG_PREDICTOR, predictor); else CopyField(TIFFTAG_PREDICTOR, predictor); if (preset != -1) { if (compression == COMPRESSION_ADOBE_DEFLATE || compression == COMPRESSION_DEFLATE) TIFFSetField(out, TIFFTAG_ZIPQUALITY, preset); else if (compression == COMPRESSION_LZMA) TIFFSetField(out, TIFFTAG_LZMAPRESET, preset); } break; case COMPRESSION_CCITTFAX3: case COMPRESSION_CCITTFAX4: if (compression == COMPRESSION_CCITTFAX3) { if (g3opts != (uint32) -1) TIFFSetField(out, TIFFTAG_GROUP3OPTIONS, g3opts); else CopyField(TIFFTAG_GROUP3OPTIONS, g3opts); } else CopyTag(TIFFTAG_GROUP4OPTIONS, 1, TIFF_LONG); CopyTag(TIFFTAG_BADFAXLINES, 1, TIFF_LONG); CopyTag(TIFFTAG_CLEANFAXDATA, 1, TIFF_LONG); CopyTag(TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXRECVPARAMS, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXRECVTIME, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXSUBADDRESS, 1, TIFF_ASCII); break; } { uint32 len32; void** data; if (TIFFGetField(in, TIFFTAG_ICCPROFILE, &len32, &data)) TIFFSetField(out, TIFFTAG_ICCPROFILE, len32, data); } { uint16 ninks; const char* inknames; if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { int inknameslen = strlen(inknames) + 1; const char* cp = inknames; while (ninks > 1) { cp = strchr(cp, '\0'); cp++; inknameslen += (strlen(cp) + 1); ninks--; } TIFFSetField(out, TIFFTAG_INKNAMES, inknameslen, inknames); } } } { unsigned short pg0, pg1; if (pageInSeq == 1) { if (pageNum < 0) { if (TIFFGetField(in, TIFFTAG_PAGENUMBER, &pg0, &pg1)) TIFFSetField(out, TIFFTAG_PAGENUMBER, pg0, pg1); } else TIFFSetField(out, TIFFTAG_PAGENUMBER, pageNum++, 0); } else { if (TIFFGetField(in, TIFFTAG_PAGENUMBER, &pg0, &pg1)) { if (pageNum < 0) TIFFSetField(out, TIFFTAG_PAGENUMBER, pg0, pg1); else TIFFSetField(out, TIFFTAG_PAGENUMBER, pageNum++, 0); } } } for (p = tags; p < &tags[NTAGS]; p++) CopyTag(p->tag, p->count, p->type); cf = pickCopyFunc(in, out, bitspersample, samplesperpixel); return (cf ? (*cf)(in, out, length, width, samplesperpixel) : FALSE); }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,219739177880047,1 1696,[],"long sys_sched_rr_get_interval(pid_t pid, struct timespec __user *interval) { struct task_struct *p; unsigned int time_slice; int retval; struct timespec t; if (pid < 0) return -EINVAL; retval = -ESRCH; read_lock(&tasklist_lock); p = find_process_by_pid(pid); if (!p) goto out_unlock; retval = security_task_getscheduler(p); if (retval) goto out_unlock; time_slice = 0; if (p->policy == SCHED_RR) { time_slice = DEF_TIMESLICE; } else if (p->policy != SCHED_FIFO) { struct sched_entity *se = &p->se; unsigned long flags; struct rq *rq; rq = task_rq_lock(p, &flags); if (rq->cfs.load.weight) time_slice = NS_TO_JIFFIES(sched_slice(&rq->cfs, se)); task_rq_unlock(rq, &flags); } read_unlock(&tasklist_lock); jiffies_to_timespec(time_slice, &t); retval = copy_to_user(interval, &t, sizeof(t)) ? -EFAULT : 0; return retval; out_unlock: read_unlock(&tasklist_lock); return retval; }",linux-2.6,,,45909621637522262576357572437089660054,0 1971,CWE-119,"static inline int fpregs_state_valid(struct fpu *fpu, unsigned int cpu) { return fpu == this_cpu_read_stable(fpu_fpregs_owner_ctx) && cpu == fpu->last_cpu; }",visit repo url,arch/x86/include/asm/fpu/internal.h,https://github.com/torvalds/linux,13122186742608,1 6411,['CWE-190'],"ToL (const guchar *puffer) { return (puffer[0] | puffer[1] << 8 | puffer[2] << 16 | puffer[3] << 24); }",gimp,,,223609812293590871388656137607631563077,0 3538,CWE-190,"static int jpc_pi_nextcprl(register jpc_pi_t *pi) { int rlvlno; jpc_pirlvl_t *pirlvl; jpc_pchg_t *pchg; int prchind; int prcvind; int *prclyrno; uint_fast32_t trx0; uint_fast32_t try0; uint_fast32_t r; uint_fast32_t rpx; uint_fast32_t rpy; pchg = pi->pchg; if (!pi->prgvolfirst) { goto skip; } else { pi->prgvolfirst = 0; } for (pi->compno = pchg->compnostart, pi->picomp = &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, ++pi->picomp) { pirlvl = pi->picomp->pirlvls; pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn + pi->picomp->numrlvls - 1)); pi->ystep = pi->picomp->vsamp * (1 << (pirlvl->prcheightexpn + pi->picomp->numrlvls - 1)); for (rlvlno = 1, pirlvl = &pi->picomp->pirlvls[1]; rlvlno < pi->picomp->numrlvls; ++rlvlno, ++pirlvl) { pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn + pi->picomp->numrlvls - rlvlno - 1))); pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp * (1 << (pirlvl->prcheightexpn + pi->picomp->numrlvls - rlvlno - 1))); } for (pi->y = pi->ystart; pi->y < pi->yend; pi->y += pi->ystep - (pi->y % pi->ystep)) { for (pi->x = pi->xstart; pi->x < pi->xend; pi->x += pi->xstep - (pi->x % pi->xstep)) { for (pi->rlvlno = pchg->rlvlnostart, pi->pirlvl = &pi->picomp->pirlvls[pi->rlvlno]; pi->rlvlno < pi->picomp->numrlvls && pi->rlvlno < pchg->rlvlnoend; ++pi->rlvlno, ++pi->pirlvl) { if (pi->pirlvl->numprcs == 0) { continue; } r = pi->picomp->numrlvls - 1 - pi->rlvlno; trx0 = JPC_CEILDIV(pi->xstart, pi->picomp->hsamp << r); try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r); rpx = r + pi->pirlvl->prcwidthexpn; rpy = r + pi->pirlvl->prcheightexpn; if (((pi->x == pi->xstart && ((trx0 << r) % (1 << rpx))) || !(pi->x % (pi->picomp->hsamp << rpx))) && ((pi->y == pi->ystart && ((try0 << r) % (1 << rpy))) || !(pi->y % (pi->picomp->vsamp << rpy)))) { prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn); prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn); pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind; assert(pi->prcno < pi->pirlvl->numprcs); for (pi->lyrno = 0; pi->lyrno < pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { prclyrno = &pi->pirlvl->prclyrnos[pi->prcno]; if (pi->lyrno >= *prclyrno) { ++(*prclyrno); return 0; } skip: ; } } } } } } return 1; }",visit repo url,src/libjasper/jpc/jpc_t2cod.c,https://github.com/mdadams/jasper,81849930659971,1 6000,['CWE-200'],"static __inline__ int cbq_dump_lss(struct sk_buff *skb, struct cbq_class *cl) { unsigned char *b = skb->tail; struct tc_cbq_lssopt opt; opt.flags = 0; if (cl->borrow == NULL) opt.flags |= TCF_CBQ_LSS_BOUNDED; if (cl->share == NULL) opt.flags |= TCF_CBQ_LSS_ISOLATED; opt.ewma_log = cl->ewma_log; opt.level = cl->level; opt.avpkt = cl->avpkt; opt.maxidle = cl->maxidle; opt.minidle = (u32)(-cl->minidle); opt.offtime = cl->offtime; opt.change = ~0; RTA_PUT(skb, TCA_CBQ_LSSOPT, sizeof(opt), &opt); return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,95838286875927025406075416571141787736,0 2358,CWE-617,"int ff_h263_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPacket *avpkt) { const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; MpegEncContext *s = avctx->priv_data; int ret; int slice_ret = 0; AVFrame *pict = data; if (buf_size == 0) { if (s->low_delay == 0 && s->next_picture_ptr) { if ((ret = av_frame_ref(pict, s->next_picture_ptr->f)) < 0) return ret; s->next_picture_ptr = NULL; *got_frame = 1; } return 0; } if (s->avctx->flags & AV_CODEC_FLAG_TRUNCATED) { int next; if (CONFIG_MPEG4_DECODER && s->codec_id == AV_CODEC_ID_MPEG4) { next = ff_mpeg4_find_frame_end(&s->parse_context, buf, buf_size); } else if (CONFIG_H263_DECODER && s->codec_id == AV_CODEC_ID_H263) { next = ff_h263_find_frame_end(&s->parse_context, buf, buf_size); } else if (CONFIG_H263P_DECODER && s->codec_id == AV_CODEC_ID_H263P) { next = ff_h263_find_frame_end(&s->parse_context, buf, buf_size); } else { av_log(s->avctx, AV_LOG_ERROR, ""this codec does not support truncated bitstreams\n""); return AVERROR(ENOSYS); } if (ff_combine_frame(&s->parse_context, next, (const uint8_t **)&buf, &buf_size) < 0) return buf_size; } retry: if (s->divx_packed && s->bitstream_buffer_size) { int i; for(i=0; i < buf_size-3; i++) { if (buf[i]==0 && buf[i+1]==0 && buf[i+2]==1) { if (buf[i+3]==0xB0) { av_log(s->avctx, AV_LOG_WARNING, ""Discarding excessive bitstream in packed xvid\n""); s->bitstream_buffer_size = 0; } break; } } } if (s->bitstream_buffer_size && (s->divx_packed || buf_size <= MAX_NVOP_SIZE)) ret = init_get_bits8(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size); else ret = init_get_bits8(&s->gb, buf, buf_size); s->bitstream_buffer_size = 0; if (ret < 0) return ret; if (!s->context_initialized) ff_mpv_idct_init(s); if (CONFIG_WMV2_DECODER && s->msmpeg4_version == 5) { ret = ff_wmv2_decode_picture_header(s); } else if (CONFIG_MSMPEG4_DECODER && s->msmpeg4_version) { ret = ff_msmpeg4_decode_picture_header(s); } else if (CONFIG_MPEG4_DECODER && avctx->codec_id == AV_CODEC_ID_MPEG4) { if (s->avctx->extradata_size && s->picture_number == 0) { GetBitContext gb; if (init_get_bits8(&gb, s->avctx->extradata, s->avctx->extradata_size) >= 0 ) ff_mpeg4_decode_picture_header(avctx->priv_data, &gb); } ret = ff_mpeg4_decode_picture_header(avctx->priv_data, &s->gb); } else if (CONFIG_H263I_DECODER && s->codec_id == AV_CODEC_ID_H263I) { ret = ff_intel_h263_decode_picture_header(s); } else if (CONFIG_FLV_DECODER && s->h263_flv) { ret = ff_flv_decode_picture_header(s); } else { ret = ff_h263_decode_picture_header(s); } if (ret < 0 || ret == FRAME_SKIPPED) { if ( s->width != avctx->coded_width || s->height != avctx->coded_height) { av_log(s->avctx, AV_LOG_WARNING, ""Reverting picture dimensions change due to header decoding failure\n""); s->width = avctx->coded_width; s->height= avctx->coded_height; } } if (ret == FRAME_SKIPPED) return get_consumed_bytes(s, buf_size); if (ret < 0) { av_log(s->avctx, AV_LOG_ERROR, ""header damaged\n""); return ret; } if (!s->context_initialized) { avctx->pix_fmt = h263_get_format(avctx); if ((ret = ff_mpv_common_init(s)) < 0) return ret; } if (!s->current_picture_ptr || s->current_picture_ptr->f->data[0]) { int i = ff_find_unused_picture(s->avctx, s->picture, 0); if (i < 0) return i; s->current_picture_ptr = &s->picture[i]; } avctx->has_b_frames = !s->low_delay; if (CONFIG_MPEG4_DECODER && avctx->codec_id == AV_CODEC_ID_MPEG4) { if (ff_mpeg4_workaround_bugs(avctx) == 1) goto retry; if (s->studio_profile != (s->idsp.idct == NULL)) ff_mpv_idct_init(s); } if (s->width != avctx->coded_width || s->height != avctx->coded_height || s->context_reinit) { s->context_reinit = 0; ret = ff_set_dimensions(avctx, s->width, s->height); if (ret < 0) return ret; ff_set_sar(avctx, avctx->sample_aspect_ratio); if ((ret = ff_mpv_common_frame_size_change(s))) return ret; if (avctx->pix_fmt != h263_get_format(avctx)) { av_log(avctx, AV_LOG_ERROR, ""format change not supported\n""); avctx->pix_fmt = AV_PIX_FMT_NONE; return AVERROR_UNKNOWN; } } if (s->codec_id == AV_CODEC_ID_H263 || s->codec_id == AV_CODEC_ID_H263P || s->codec_id == AV_CODEC_ID_H263I) s->gob_index = H263_GOB_HEIGHT(s->height); s->current_picture.f->pict_type = s->pict_type; s->current_picture.f->key_frame = s->pict_type == AV_PICTURE_TYPE_I; if (!s->last_picture_ptr && (s->pict_type == AV_PICTURE_TYPE_B || s->droppable)) return get_consumed_bytes(s, buf_size); if ((avctx->skip_frame >= AVDISCARD_NONREF && s->pict_type == AV_PICTURE_TYPE_B) || (avctx->skip_frame >= AVDISCARD_NONKEY && s->pict_type != AV_PICTURE_TYPE_I) || avctx->skip_frame >= AVDISCARD_ALL) return get_consumed_bytes(s, buf_size); if (s->next_p_frame_damaged) { if (s->pict_type == AV_PICTURE_TYPE_B) return get_consumed_bytes(s, buf_size); else s->next_p_frame_damaged = 0; } if ((!s->no_rounding) || s->pict_type == AV_PICTURE_TYPE_B) { s->me.qpel_put = s->qdsp.put_qpel_pixels_tab; s->me.qpel_avg = s->qdsp.avg_qpel_pixels_tab; } else { s->me.qpel_put = s->qdsp.put_no_rnd_qpel_pixels_tab; s->me.qpel_avg = s->qdsp.avg_qpel_pixels_tab; } if ((ret = ff_mpv_frame_start(s, avctx)) < 0) return ret; if (!s->divx_packed) ff_thread_finish_setup(avctx); if (avctx->hwaccel) { ret = avctx->hwaccel->start_frame(avctx, s->gb.buffer, s->gb.buffer_end - s->gb.buffer); if (ret < 0 ) return ret; } ff_mpeg_er_frame_start(s); if (CONFIG_WMV2_DECODER && s->msmpeg4_version == 5) { ret = ff_wmv2_decode_secondary_picture_header(s); if (ret < 0) return ret; if (ret == 1) goto frame_end; } s->mb_x = 0; s->mb_y = 0; slice_ret = decode_slice(s); while (s->mb_y < s->mb_height) { if (s->msmpeg4_version) { if (s->slice_height == 0 || s->mb_x != 0 || slice_ret < 0 || (s->mb_y % s->slice_height) != 0 || get_bits_left(&s->gb) < 0) break; } else { int prev_x = s->mb_x, prev_y = s->mb_y; if (ff_h263_resync(s) < 0) break; if (prev_y * s->mb_width + prev_x < s->mb_y * s->mb_width + s->mb_x) s->er.error_occurred = 1; } if (s->msmpeg4_version < 4 && s->h263_pred) ff_mpeg4_clean_buffers(s); if (decode_slice(s) < 0) slice_ret = AVERROR_INVALIDDATA; } if (s->msmpeg4_version && s->msmpeg4_version < 4 && s->pict_type == AV_PICTURE_TYPE_I) if (!CONFIG_MSMPEG4_DECODER || ff_msmpeg4_decode_ext_header(s, buf_size) < 0) s->er.error_status_table[s->mb_num - 1] = ER_MB_ERROR; av_assert1(s->bitstream_buffer_size == 0); frame_end: ff_er_frame_end(&s->er); if (avctx->hwaccel) { ret = avctx->hwaccel->end_frame(avctx); if (ret < 0) return ret; } ff_mpv_frame_end(s); if (CONFIG_MPEG4_DECODER && avctx->codec_id == AV_CODEC_ID_MPEG4) ff_mpeg4_frame_end(avctx, buf, buf_size); if (!s->divx_packed && avctx->hwaccel) ff_thread_finish_setup(avctx); av_assert1(s->current_picture.f->pict_type == s->current_picture_ptr->f->pict_type); av_assert1(s->current_picture.f->pict_type == s->pict_type); if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) { if ((ret = av_frame_ref(pict, s->current_picture_ptr->f)) < 0) return ret; ff_print_debug_info(s, s->current_picture_ptr, pict); ff_mpv_export_qp_table(s, pict, s->current_picture_ptr, FF_QSCALE_TYPE_MPEG1); } else if (s->last_picture_ptr) { if ((ret = av_frame_ref(pict, s->last_picture_ptr->f)) < 0) return ret; ff_print_debug_info(s, s->last_picture_ptr, pict); ff_mpv_export_qp_table(s, pict, s->last_picture_ptr, FF_QSCALE_TYPE_MPEG1); } if (s->last_picture_ptr || s->low_delay) { if ( pict->format == AV_PIX_FMT_YUV420P && (s->codec_tag == AV_RL32(""GEOV"") || s->codec_tag == AV_RL32(""GEOX""))) { int x, y, p; av_frame_make_writable(pict); for (p=0; p<3; p++) { int w = AV_CEIL_RSHIFT(pict-> width, !!p); int h = AV_CEIL_RSHIFT(pict->height, !!p); int linesize = pict->linesize[p]; for (y=0; y<(h>>1); y++) for (x=0; xdata[p][x + y*linesize], pict->data[p][x + (h-1-y)*linesize]); } } *got_frame = 1; } if (slice_ret < 0 && (avctx->err_recognition & AV_EF_EXPLODE)) return slice_ret; else return get_consumed_bytes(s, buf_size); }",visit repo url,libavcodec/h263dec.c,https://github.com/FFmpeg/FFmpeg,100484018720664,1 5339,NVD-CWE-noinfo,"static void parse_cfg(int flags, int argc, const char **argv, cfg_t *cfg) { int i; memset(cfg, 0, sizeof(cfg_t)); cfg->debug_file = stderr; for (i = 0; i < argc; i++) { if (strncmp(argv[i], ""max_devices="", 12) == 0) sscanf(argv[i], ""max_devices=%u"", &cfg->max_devs); if (strcmp(argv[i], ""manual"") == 0) cfg->manual = 1; if (strcmp(argv[i], ""debug"") == 0) cfg->debug = 1; if (strcmp(argv[i], ""nouserok"") == 0) cfg->nouserok = 1; if (strcmp(argv[i], ""openasuser"") == 0) cfg->openasuser = 1; if (strcmp(argv[i], ""alwaysok"") == 0) cfg->alwaysok = 1; if (strcmp(argv[i], ""interactive"") == 0) cfg->interactive = 1; if (strcmp(argv[i], ""cue"") == 0) cfg->cue = 1; if (strcmp(argv[i], ""nodetect"") == 0) cfg->nodetect = 1; if (strncmp(argv[i], ""authfile="", 9) == 0) cfg->auth_file = argv[i] + 9; if (strncmp(argv[i], ""authpending_file="", 17) == 0) cfg->authpending_file = argv[i] + 17; if (strncmp(argv[i], ""origin="", 7) == 0) cfg->origin = argv[i] + 7; if (strncmp(argv[i], ""appid="", 6) == 0) cfg->appid = argv[i] + 6; if (strncmp(argv[i], ""prompt="", 7) == 0) cfg->prompt = argv[i] + 7; if (strncmp (argv[i], ""debug_file="", 11) == 0) { const char *filename = argv[i] + 11; if(strncmp (filename, ""stdout"", 6) == 0) { cfg->debug_file = stdout; } else if(strncmp (filename, ""stderr"", 6) == 0) { cfg->debug_file = stderr; } else if( strncmp (filename, ""syslog"", 6) == 0) { cfg->debug_file = (FILE *)-1; } else { struct stat st; FILE *file; if(lstat(filename, &st) == 0) { if(S_ISREG(st.st_mode)) { file = fopen(filename, ""a""); if(file != NULL) { cfg->debug_file = file; } } } } } } if (cfg->debug) { D(cfg->debug_file, ""called.""); D(cfg->debug_file, ""flags %d argc %d"", flags, argc); for (i = 0; i < argc; i++) { D(cfg->debug_file, ""argv[%d]=%s"", i, argv[i]); } D(cfg->debug_file, ""max_devices=%d"", cfg->max_devs); D(cfg->debug_file, ""debug=%d"", cfg->debug); D(cfg->debug_file, ""interactive=%d"", cfg->interactive); D(cfg->debug_file, ""cue=%d"", cfg->cue); D(cfg->debug_file, ""nodetect=%d"", cfg->nodetect); D(cfg->debug_file, ""manual=%d"", cfg->manual); D(cfg->debug_file, ""nouserok=%d"", cfg->nouserok); D(cfg->debug_file, ""openasuser=%d"", cfg->openasuser); D(cfg->debug_file, ""alwaysok=%d"", cfg->alwaysok); D(cfg->debug_file, ""authfile=%s"", cfg->auth_file ? cfg->auth_file : ""(null)""); D(cfg->debug_file, ""authpending_file=%s"", cfg->authpending_file ? cfg->authpending_file : ""(null)""); D(cfg->debug_file, ""origin=%s"", cfg->origin ? cfg->origin : ""(null)""); D(cfg->debug_file, ""appid=%s"", cfg->appid ? cfg->appid : ""(null)""); D(cfg->debug_file, ""prompt=%s"", cfg->prompt ? cfg->prompt : ""(null)""); } }",visit repo url,pam-u2f.c,https://github.com/Yubico/pam-u2f,186915251678459,1 1506,[],"static inline void init_rq_hrtick(struct rq *rq) { rq->hrtick_flags = 0; hrtimer_init(&rq->hrtick_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); rq->hrtick_timer.function = hrtick; rq->hrtick_timer.cb_mode = HRTIMER_CB_IRQSAFE_NO_SOFTIRQ; }",linux-2.6,,,229079240335537922586132453981059155522,0 1511,CWE-17,"static long ext4_zero_range(struct file *file, loff_t offset, loff_t len, int mode) { struct inode *inode = file_inode(file); handle_t *handle = NULL; unsigned int max_blocks; loff_t new_size = 0; int ret = 0; int flags; int credits; int partial_begin, partial_end; loff_t start, end; ext4_lblk_t lblk; struct address_space *mapping = inode->i_mapping; unsigned int blkbits = inode->i_blkbits; trace_ext4_zero_range(inode, offset, len, mode); if (!S_ISREG(inode->i_mode)) return -EINVAL; if (ext4_should_journal_data(inode)) { ret = ext4_force_commit(inode->i_sb); if (ret) return ret; } if (mapping->nrpages && mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) { ret = filemap_write_and_wait_range(mapping, offset, offset + len - 1); if (ret) return ret; } start = round_up(offset, 1 << blkbits); end = round_down((offset + len), 1 << blkbits); if (start < offset || end > offset + len) return -EINVAL; partial_begin = offset & ((1 << blkbits) - 1); partial_end = (offset + len) & ((1 << blkbits) - 1); lblk = start >> blkbits; max_blocks = (end >> blkbits); if (max_blocks < lblk) max_blocks = 0; else max_blocks -= lblk; flags = EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT | EXT4_GET_BLOCKS_CONVERT_UNWRITTEN | EXT4_EX_NOCACHE; if (mode & FALLOC_FL_KEEP_SIZE) flags |= EXT4_GET_BLOCKS_KEEP_SIZE; mutex_lock(&inode->i_mutex); if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) { ret = -EOPNOTSUPP; goto out_mutex; } if (!(mode & FALLOC_FL_KEEP_SIZE) && offset + len > i_size_read(inode)) { new_size = offset + len; ret = inode_newsize_ok(inode, new_size); if (ret) goto out_mutex; if (partial_end) max_blocks += 1; } if (max_blocks > 0) { truncate_pagecache_range(inode, start, end - 1); inode->i_mtime = inode->i_ctime = ext4_current_time(inode); ext4_inode_block_unlocked_dio(inode); inode_dio_wait(inode); ret = ext4_alloc_file_blocks(file, lblk, max_blocks, new_size, flags, mode); if (ret) goto out_dio; ret = ext4_es_remove_extent(inode, 0, EXT_MAX_BLOCKS); if (ret) goto out_dio; } if (!partial_begin && !partial_end) goto out_dio; credits = (2 * ext4_ext_index_trans_blocks(inode, 2)) + 1; if (ext4_should_journal_data(inode)) credits += 2; handle = ext4_journal_start(inode, EXT4_HT_MISC, credits); if (IS_ERR(handle)) { ret = PTR_ERR(handle); ext4_std_error(inode->i_sb, ret); goto out_dio; } inode->i_mtime = inode->i_ctime = ext4_current_time(inode); if (new_size) { ext4_update_inode_size(inode, new_size); } else { if ((offset + len) > i_size_read(inode)) ext4_set_inode_flag(inode, EXT4_INODE_EOFBLOCKS); } ext4_mark_inode_dirty(handle, inode); ret = ext4_zero_partial_blocks(handle, inode, offset, len); if (file->f_flags & O_SYNC) ext4_handle_sync(handle); ext4_journal_stop(handle); out_dio: ext4_inode_resume_unlocked_dio(inode); out_mutex: mutex_unlock(&inode->i_mutex); return ret; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,140798025726460,1 4102,NVD-CWE-noinfo,"void CL_Init( void ) { Com_Printf( ""----- Client Initialization -----\n"" ); Con_Init (); if(!com_fullyInitialized) { CL_ClearState(); clc.state = CA_DISCONNECTED; cl_oldGameSet = qfalse; } cls.realtime = 0; CL_InitInput (); cl_noprint = Cvar_Get( ""cl_noprint"", ""0"", 0 ); #ifdef UPDATE_SERVER_NAME cl_motd = Cvar_Get (""cl_motd"", ""1"", 0); #endif cl_timeout = Cvar_Get (""cl_timeout"", ""200"", 0); cl_timeNudge = Cvar_Get (""cl_timeNudge"", ""0"", CVAR_TEMP ); cl_shownet = Cvar_Get (""cl_shownet"", ""0"", CVAR_TEMP ); cl_showSend = Cvar_Get (""cl_showSend"", ""0"", CVAR_TEMP ); cl_showTimeDelta = Cvar_Get (""cl_showTimeDelta"", ""0"", CVAR_TEMP ); cl_freezeDemo = Cvar_Get (""cl_freezeDemo"", ""0"", CVAR_TEMP ); rcon_client_password = Cvar_Get (""rconPassword"", """", CVAR_TEMP ); cl_activeAction = Cvar_Get( ""activeAction"", """", CVAR_TEMP ); cl_timedemo = Cvar_Get (""timedemo"", ""0"", 0); cl_timedemoLog = Cvar_Get (""cl_timedemoLog"", """", CVAR_ARCHIVE); cl_autoRecordDemo = Cvar_Get (""cl_autoRecordDemo"", ""0"", CVAR_ARCHIVE); cl_aviFrameRate = Cvar_Get (""cl_aviFrameRate"", ""25"", CVAR_ARCHIVE); cl_aviMotionJpeg = Cvar_Get (""cl_aviMotionJpeg"", ""1"", CVAR_ARCHIVE); cl_forceavidemo = Cvar_Get (""cl_forceavidemo"", ""0"", 0); rconAddress = Cvar_Get (""rconAddress"", """", 0); cl_yawspeed = Cvar_Get (""cl_yawspeed"", ""140"", CVAR_ARCHIVE); cl_pitchspeed = Cvar_Get (""cl_pitchspeed"", ""140"", CVAR_ARCHIVE); cl_anglespeedkey = Cvar_Get (""cl_anglespeedkey"", ""1.5"", 0); cl_maxpackets = Cvar_Get (""cl_maxpackets"", ""30"", CVAR_ARCHIVE ); cl_packetdup = Cvar_Get (""cl_packetdup"", ""1"", CVAR_ARCHIVE ); cl_run = Cvar_Get (""cl_run"", ""1"", CVAR_ARCHIVE); cl_sensitivity = Cvar_Get (""sensitivity"", ""5"", CVAR_ARCHIVE); cl_mouseAccel = Cvar_Get (""cl_mouseAccel"", ""0"", CVAR_ARCHIVE); cl_freelook = Cvar_Get( ""cl_freelook"", ""1"", CVAR_ARCHIVE ); cl_mouseAccelStyle = Cvar_Get( ""cl_mouseAccelStyle"", ""0"", CVAR_ARCHIVE ); cl_mouseAccelOffset = Cvar_Get( ""cl_mouseAccelOffset"", ""5"", CVAR_ARCHIVE ); Cvar_CheckRange(cl_mouseAccelOffset, 0.001f, 50000.0f, qfalse); cl_showMouseRate = Cvar_Get (""cl_showmouserate"", ""0"", 0); cl_allowDownload = Cvar_Get (""cl_allowDownload"", ""0"", CVAR_ARCHIVE); #ifdef USE_CURL_DLOPEN cl_cURLLib = Cvar_Get(""cl_cURLLib"", DEFAULT_CURL_LIB, CVAR_ARCHIVE); #endif cl_conXOffset = Cvar_Get (""cl_conXOffset"", ""0"", 0); #ifdef __APPLE__ cl_inGameVideo = Cvar_Get (""r_inGameVideo"", ""0"", CVAR_ARCHIVE); #else cl_inGameVideo = Cvar_Get (""r_inGameVideo"", ""1"", CVAR_ARCHIVE); #endif cl_serverStatusResendTime = Cvar_Get (""cl_serverStatusResendTime"", ""750"", 0); Cvar_Get (""cg_autoswitch"", ""1"", CVAR_ARCHIVE); m_pitch = Cvar_Get (""m_pitch"", ""0.022"", CVAR_ARCHIVE); m_yaw = Cvar_Get (""m_yaw"", ""0.022"", CVAR_ARCHIVE); m_forward = Cvar_Get (""m_forward"", ""0.25"", CVAR_ARCHIVE); m_side = Cvar_Get (""m_side"", ""0.25"", CVAR_ARCHIVE); #ifdef __APPLE__ m_filter = Cvar_Get (""m_filter"", ""1"", CVAR_ARCHIVE); #else m_filter = Cvar_Get (""m_filter"", ""0"", CVAR_ARCHIVE); #endif j_pitch = Cvar_Get (""j_pitch"", ""0.022"", CVAR_ARCHIVE); j_yaw = Cvar_Get (""j_yaw"", ""-0.022"", CVAR_ARCHIVE); j_forward = Cvar_Get (""j_forward"", ""-0.25"", CVAR_ARCHIVE); j_side = Cvar_Get (""j_side"", ""0.25"", CVAR_ARCHIVE); j_up = Cvar_Get (""j_up"", ""0"", CVAR_ARCHIVE); j_pitch_axis = Cvar_Get (""j_pitch_axis"", ""3"", CVAR_ARCHIVE); j_yaw_axis = Cvar_Get (""j_yaw_axis"", ""2"", CVAR_ARCHIVE); j_forward_axis = Cvar_Get (""j_forward_axis"", ""1"", CVAR_ARCHIVE); j_side_axis = Cvar_Get (""j_side_axis"", ""0"", CVAR_ARCHIVE); j_up_axis = Cvar_Get (""j_up_axis"", ""4"", CVAR_ARCHIVE); Cvar_CheckRange(j_pitch_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_yaw_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_forward_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_side_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_up_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); cl_motdString = Cvar_Get( ""cl_motdString"", """", CVAR_ROM ); Cvar_Get( ""cl_maxPing"", ""800"", CVAR_ARCHIVE ); cl_lanForcePackets = Cvar_Get (""cl_lanForcePackets"", ""1"", CVAR_ARCHIVE); cl_guidServerUniq = Cvar_Get (""cl_guidServerUniq"", ""1"", CVAR_ARCHIVE); cl_consoleKeys = Cvar_Get( ""cl_consoleKeys"", ""~ ` 0x7e 0x60"", CVAR_ARCHIVE); Cvar_Get (""name"", ""UnnamedPlayer"", CVAR_USERINFO | CVAR_ARCHIVE ); cl_rate = Cvar_Get (""rate"", ""25000"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""snaps"", ""20"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""model"", ""sarge"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""headmodel"", ""sarge"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""team_model"", ""james"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""team_headmodel"", ""*james"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""g_redTeam"", ""Stroggs"", CVAR_SERVERINFO | CVAR_ARCHIVE); Cvar_Get (""g_blueTeam"", ""Pagans"", CVAR_SERVERINFO | CVAR_ARCHIVE); Cvar_Get (""color1"", ""4"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""color2"", ""5"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""handicap"", ""100"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""teamtask"", ""0"", CVAR_USERINFO ); Cvar_Get (""sex"", ""male"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""cl_anonymous"", ""0"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get (""password"", """", CVAR_USERINFO); Cvar_Get (""cg_predictItems"", ""1"", CVAR_USERINFO | CVAR_ARCHIVE ); #ifdef USE_MUMBLE cl_useMumble = Cvar_Get (""cl_useMumble"", ""0"", CVAR_ARCHIVE | CVAR_LATCH); cl_mumbleScale = Cvar_Get (""cl_mumbleScale"", ""0.0254"", CVAR_ARCHIVE); #endif #ifdef USE_VOIP cl_voipSend = Cvar_Get (""cl_voipSend"", ""0"", 0); cl_voipSendTarget = Cvar_Get (""cl_voipSendTarget"", ""spatial"", 0); cl_voipGainDuringCapture = Cvar_Get (""cl_voipGainDuringCapture"", ""0.2"", CVAR_ARCHIVE); cl_voipCaptureMult = Cvar_Get (""cl_voipCaptureMult"", ""2.0"", CVAR_ARCHIVE); cl_voipUseVAD = Cvar_Get (""cl_voipUseVAD"", ""0"", CVAR_ARCHIVE); cl_voipVADThreshold = Cvar_Get (""cl_voipVADThreshold"", ""0.25"", CVAR_ARCHIVE); cl_voipShowMeter = Cvar_Get (""cl_voipShowMeter"", ""1"", CVAR_ARCHIVE); cl_voip = Cvar_Get (""cl_voip"", ""1"", CVAR_ARCHIVE); Cvar_CheckRange( cl_voip, 0, 1, qtrue ); cl_voipProtocol = Cvar_Get (""cl_voipProtocol"", cl_voip->integer ? ""opus"" : """", CVAR_USERINFO | CVAR_ROM); #endif Cvar_Get (""cg_viewsize"", ""100"", CVAR_ARCHIVE ); Cvar_Get (""cg_stereoSeparation"", ""0"", CVAR_ROM); Cmd_AddCommand (""cmd"", CL_ForwardToServer_f); Cmd_AddCommand (""configstrings"", CL_Configstrings_f); Cmd_AddCommand (""clientinfo"", CL_Clientinfo_f); Cmd_AddCommand (""snd_restart"", CL_Snd_Restart_f); Cmd_AddCommand (""vid_restart"", CL_Vid_Restart_f); Cmd_AddCommand (""disconnect"", CL_Disconnect_f); Cmd_AddCommand (""record"", CL_Record_f); Cmd_AddCommand (""demo"", CL_PlayDemo_f); Cmd_SetCommandCompletionFunc( ""demo"", CL_CompleteDemoName ); Cmd_AddCommand (""cinematic"", CL_PlayCinematic_f); Cmd_AddCommand (""stoprecord"", CL_StopRecord_f); Cmd_AddCommand (""connect"", CL_Connect_f); Cmd_AddCommand (""reconnect"", CL_Reconnect_f); Cmd_AddCommand (""localservers"", CL_LocalServers_f); Cmd_AddCommand (""globalservers"", CL_GlobalServers_f); Cmd_AddCommand (""rcon"", CL_Rcon_f); Cmd_SetCommandCompletionFunc( ""rcon"", CL_CompleteRcon ); Cmd_AddCommand (""ping"", CL_Ping_f ); Cmd_AddCommand (""serverstatus"", CL_ServerStatus_f ); Cmd_AddCommand (""showip"", CL_ShowIP_f ); Cmd_AddCommand (""fs_openedList"", CL_OpenedPK3List_f ); Cmd_AddCommand (""fs_referencedList"", CL_ReferencedPK3List_f ); Cmd_AddCommand (""model"", CL_SetModel_f ); Cmd_AddCommand (""video"", CL_Video_f ); Cmd_AddCommand (""stopvideo"", CL_StopVideo_f ); if( !com_dedicated->integer ) { Cmd_AddCommand (""sayto"", CL_Sayto_f ); Cmd_SetCommandCompletionFunc( ""sayto"", CL_CompletePlayerName ); } CL_InitRef(); SCR_Init (); Cvar_Set( ""cl_running"", ""1"" ); CL_GenerateQKey(); Cvar_Get( ""cl_guid"", """", CVAR_USERINFO | CVAR_ROM ); CL_UpdateGUID( NULL, 0 ); Com_Printf( ""----- Client Initialization Complete -----\n"" ); }",visit repo url,code/client/cl_main.c,https://github.com/ioquake/ioq3,19892672346238,1 4696,['CWE-20'],"static void ext4_handle_error(struct super_block *sb) { struct ext4_super_block *es = EXT4_SB(sb)->s_es; EXT4_SB(sb)->s_mount_state |= EXT4_ERROR_FS; es->s_state |= cpu_to_le16(EXT4_ERROR_FS); if (sb->s_flags & MS_RDONLY) return; if (!test_opt(sb, ERRORS_CONT)) { journal_t *journal = EXT4_SB(sb)->s_journal; EXT4_SB(sb)->s_mount_opt |= EXT4_MOUNT_ABORT; if (journal) jbd2_journal_abort(journal, -EIO); } if (test_opt(sb, ERRORS_RO)) { printk(KERN_CRIT ""Remounting filesystem read-only\n""); sb->s_flags |= MS_RDONLY; } ext4_commit_super(sb, es, 1); if (test_opt(sb, ERRORS_PANIC)) panic(""EXT4-fs (device %s): panic forced after error\n"", sb->s_id); }",linux-2.6,,,143268387270296883629134172212462864612,0 4646,CWE-120,"GF_Err stbl_AppendTime(GF_SampleTableBox *stbl, u32 duration, u32 nb_pack) { GF_TimeToSampleBox *stts = stbl->TimeToSample; if (!nb_pack) nb_pack = 1; if (stts->nb_entries) { if (stts->entries[stts->nb_entries-1].sampleDelta == duration) { stts->entries[stts->nb_entries-1].sampleCount += nb_pack; return GF_OK; } } if (stts->nb_entries==stts->alloc_size) { ALLOC_INC(stts->alloc_size); stts->entries = gf_realloc(stts->entries, sizeof(GF_SttsEntry)*stts->alloc_size); if (!stts->entries) return GF_OUT_OF_MEM; memset(&stts->entries[stts->nb_entries], 0, sizeof(GF_SttsEntry)*(stts->alloc_size-stts->nb_entries) ); } stts->entries[stts->nb_entries].sampleCount = nb_pack; stts->entries[stts->nb_entries].sampleDelta = duration; stts->nb_entries++; if (stts->max_ts_delta < duration ) stts->max_ts_delta = duration; return GF_OK; }",visit repo url,src/isomedia/stbl_write.c,https://github.com/gpac/gpac,5219339053926,1 4964,CWE-190,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 273,CWE-119,"int sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) { struct sock *sk = sock->sk; int val; int valbool; struct linger ling; int ret = 0; if (optname == SO_BINDTODEVICE) return sock_setbindtodevice(sk, optval, optlen); if (optlen < sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; valbool = val ? 1 : 0; lock_sock(sk); switch (optname) { case SO_DEBUG: if (val && !capable(CAP_NET_ADMIN)) ret = -EACCES; else sock_valbool_flag(sk, SOCK_DBG, valbool); break; case SO_REUSEADDR: sk->sk_reuse = (valbool ? SK_CAN_REUSE : SK_NO_REUSE); break; case SO_REUSEPORT: sk->sk_reuseport = valbool; break; case SO_TYPE: case SO_PROTOCOL: case SO_DOMAIN: case SO_ERROR: ret = -ENOPROTOOPT; break; case SO_DONTROUTE: sock_valbool_flag(sk, SOCK_LOCALROUTE, valbool); break; case SO_BROADCAST: sock_valbool_flag(sk, SOCK_BROADCAST, valbool); break; case SO_SNDBUF: val = min_t(u32, val, sysctl_wmem_max); set_sndbuf: sk->sk_userlocks |= SOCK_SNDBUF_LOCK; sk->sk_sndbuf = max_t(u32, val * 2, SOCK_MIN_SNDBUF); sk->sk_write_space(sk); break; case SO_SNDBUFFORCE: if (!capable(CAP_NET_ADMIN)) { ret = -EPERM; break; } goto set_sndbuf; case SO_RCVBUF: val = min_t(u32, val, sysctl_rmem_max); set_rcvbuf: sk->sk_userlocks |= SOCK_RCVBUF_LOCK; sk->sk_rcvbuf = max_t(u32, val * 2, SOCK_MIN_RCVBUF); break; case SO_RCVBUFFORCE: if (!capable(CAP_NET_ADMIN)) { ret = -EPERM; break; } goto set_rcvbuf; case SO_KEEPALIVE: #ifdef CONFIG_INET if (sk->sk_protocol == IPPROTO_TCP && sk->sk_type == SOCK_STREAM) tcp_set_keepalive(sk, valbool); #endif sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool); break; case SO_OOBINLINE: sock_valbool_flag(sk, SOCK_URGINLINE, valbool); break; case SO_NO_CHECK: sk->sk_no_check_tx = valbool; break; case SO_PRIORITY: if ((val >= 0 && val <= 6) || ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) sk->sk_priority = val; else ret = -EPERM; break; case SO_LINGER: if (optlen < sizeof(ling)) { ret = -EINVAL; break; } if (copy_from_user(&ling, optval, sizeof(ling))) { ret = -EFAULT; break; } if (!ling.l_onoff) sock_reset_flag(sk, SOCK_LINGER); else { #if (BITS_PER_LONG == 32) if ((unsigned int)ling.l_linger >= MAX_SCHEDULE_TIMEOUT/HZ) sk->sk_lingertime = MAX_SCHEDULE_TIMEOUT; else #endif sk->sk_lingertime = (unsigned int)ling.l_linger * HZ; sock_set_flag(sk, SOCK_LINGER); } break; case SO_BSDCOMPAT: sock_warn_obsolete_bsdism(""setsockopt""); break; case SO_PASSCRED: if (valbool) set_bit(SOCK_PASSCRED, &sock->flags); else clear_bit(SOCK_PASSCRED, &sock->flags); break; case SO_TIMESTAMP: case SO_TIMESTAMPNS: if (valbool) { if (optname == SO_TIMESTAMP) sock_reset_flag(sk, SOCK_RCVTSTAMPNS); else sock_set_flag(sk, SOCK_RCVTSTAMPNS); sock_set_flag(sk, SOCK_RCVTSTAMP); sock_enable_timestamp(sk, SOCK_TIMESTAMP); } else { sock_reset_flag(sk, SOCK_RCVTSTAMP); sock_reset_flag(sk, SOCK_RCVTSTAMPNS); } break; case SO_TIMESTAMPING: if (val & ~SOF_TIMESTAMPING_MASK) { ret = -EINVAL; break; } if (val & SOF_TIMESTAMPING_OPT_ID && !(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)) { if (sk->sk_protocol == IPPROTO_TCP && sk->sk_type == SOCK_STREAM) { if ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)) { ret = -EINVAL; break; } sk->sk_tskey = tcp_sk(sk)->snd_una; } else { sk->sk_tskey = 0; } } sk->sk_tsflags = val; if (val & SOF_TIMESTAMPING_RX_SOFTWARE) sock_enable_timestamp(sk, SOCK_TIMESTAMPING_RX_SOFTWARE); else sock_disable_timestamp(sk, (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE)); break; case SO_RCVLOWAT: if (val < 0) val = INT_MAX; sk->sk_rcvlowat = val ? : 1; break; case SO_RCVTIMEO: ret = sock_set_timeout(&sk->sk_rcvtimeo, optval, optlen); break; case SO_SNDTIMEO: ret = sock_set_timeout(&sk->sk_sndtimeo, optval, optlen); break; case SO_ATTACH_FILTER: ret = -EINVAL; if (optlen == sizeof(struct sock_fprog)) { struct sock_fprog fprog; ret = -EFAULT; if (copy_from_user(&fprog, optval, sizeof(fprog))) break; ret = sk_attach_filter(&fprog, sk); } break; case SO_ATTACH_BPF: ret = -EINVAL; if (optlen == sizeof(u32)) { u32 ufd; ret = -EFAULT; if (copy_from_user(&ufd, optval, sizeof(ufd))) break; ret = sk_attach_bpf(ufd, sk); } break; case SO_ATTACH_REUSEPORT_CBPF: ret = -EINVAL; if (optlen == sizeof(struct sock_fprog)) { struct sock_fprog fprog; ret = -EFAULT; if (copy_from_user(&fprog, optval, sizeof(fprog))) break; ret = sk_reuseport_attach_filter(&fprog, sk); } break; case SO_ATTACH_REUSEPORT_EBPF: ret = -EINVAL; if (optlen == sizeof(u32)) { u32 ufd; ret = -EFAULT; if (copy_from_user(&ufd, optval, sizeof(ufd))) break; ret = sk_reuseport_attach_bpf(ufd, sk); } break; case SO_DETACH_FILTER: ret = sk_detach_filter(sk); break; case SO_LOCK_FILTER: if (sock_flag(sk, SOCK_FILTER_LOCKED) && !valbool) ret = -EPERM; else sock_valbool_flag(sk, SOCK_FILTER_LOCKED, valbool); break; case SO_PASSSEC: if (valbool) set_bit(SOCK_PASSSEC, &sock->flags); else clear_bit(SOCK_PASSSEC, &sock->flags); break; case SO_MARK: if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) ret = -EPERM; else sk->sk_mark = val; break; case SO_RXQ_OVFL: sock_valbool_flag(sk, SOCK_RXQ_OVFL, valbool); break; case SO_WIFI_STATUS: sock_valbool_flag(sk, SOCK_WIFI_STATUS, valbool); break; case SO_PEEK_OFF: if (sock->ops->set_peek_off) ret = sock->ops->set_peek_off(sk, val); else ret = -EOPNOTSUPP; break; case SO_NOFCS: sock_valbool_flag(sk, SOCK_NOFCS, valbool); break; case SO_SELECT_ERR_QUEUE: sock_valbool_flag(sk, SOCK_SELECT_ERR_QUEUE, valbool); break; #ifdef CONFIG_NET_RX_BUSY_POLL case SO_BUSY_POLL: if ((val > sk->sk_ll_usec) && !capable(CAP_NET_ADMIN)) ret = -EPERM; else { if (val < 0) ret = -EINVAL; else sk->sk_ll_usec = val; } break; #endif case SO_MAX_PACING_RATE: sk->sk_max_pacing_rate = val; sk->sk_pacing_rate = min(sk->sk_pacing_rate, sk->sk_max_pacing_rate); break; case SO_INCOMING_CPU: sk->sk_incoming_cpu = val; break; case SO_CNX_ADVICE: if (val == 1) dst_negative_advice(sk); break; default: ret = -ENOPROTOOPT; break; } release_sock(sk); return ret; }",visit repo url,net/core/sock.c,https://github.com/torvalds/linux,31543589532764,1 5011,['CWE-120'],"int util_log_priority(const char *priority) { char *endptr; int prio; prio = strtol(priority, &endptr, 10); if (endptr[0] == '\0') return prio; if (strncasecmp(priority, ""err"", 3) == 0) return LOG_ERR; if (strcasecmp(priority, ""info"") == 0) return LOG_INFO; if (strcasecmp(priority, ""debug"") == 0) return LOG_DEBUG; return 0; }",udev,,,273694481383066363777690427139070587892,0 2037,['CWE-269'],"asmlinkage long sys_umount(char __user * name, int flags) { struct nameidata nd; int retval; retval = __user_walk(name, LOOKUP_FOLLOW, &nd); if (retval) goto out; retval = -EINVAL; if (nd.dentry != nd.mnt->mnt_root) goto dput_and_out; if (!check_mnt(nd.mnt)) goto dput_and_out; retval = -EPERM; if (!capable(CAP_SYS_ADMIN)) goto dput_and_out; retval = do_umount(nd.mnt, flags); dput_and_out: path_release_on_umount(&nd); out: return retval; }",linux-2.6,,,188123928080304682234308812946418114957,0 3626,CWE-400,"int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, char **ret, JsonVariant **ret_package_metadata) { _cleanup_close_pair_ int error_pipe[2] = { -1, -1 }, return_pipe[2] = { -1, -1 }, json_pipe[2] = { -1, -1 }; _cleanup_(json_variant_unrefp) JsonVariant *package_metadata = NULL; _cleanup_free_ char *buf = NULL; int r; assert(fd >= 0); r = dlopen_dw(); if (r < 0) return r; r = dlopen_elf(); if (r < 0) return r; r = RET_NERRNO(pipe2(error_pipe, O_CLOEXEC|O_NONBLOCK)); if (r < 0) return r; if (ret) { r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC)); if (r < 0) return r; } if (ret_package_metadata) { r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC)); if (r < 0) return r; } r = safe_fork_full(""(sd-parse-elf)"", (int[]){ fd, error_pipe[1], return_pipe[1], json_pipe[1] }, 4, FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE|FORK_NEW_USERNS|FORK_WAIT|FORK_REOPEN_LOG, NULL); if (r < 0) { if (r == -EPROTO) { int e, k; k = read(error_pipe[0], &e, sizeof(e)); if (k < 0 && errno != EAGAIN) return -errno; if (k == sizeof(e)) return e; if (k != 0) return -EIO; } return r; } if (r == 0) { if (fork_disable_dump) { r = RET_NERRNO(prctl(PR_SET_DUMPABLE, 0)); if (r < 0) goto child_fail; } r = parse_elf(fd, executable, ret ? &buf : NULL, ret_package_metadata ? &package_metadata : NULL); if (r < 0) goto child_fail; if (buf) { r = loop_write(return_pipe[1], buf, strlen(buf), false); if (r < 0) goto child_fail; return_pipe[1] = safe_close(return_pipe[1]); } if (package_metadata) { _cleanup_fclose_ FILE *json_out = NULL; json_out = take_fdopen(&json_pipe[1], ""w""); if (!json_out) { r = -errno; goto child_fail; } json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL); } _exit(EXIT_SUCCESS); child_fail: (void) write(error_pipe[1], &r, sizeof(r)); _exit(EXIT_FAILURE); } error_pipe[1] = safe_close(error_pipe[1]); return_pipe[1] = safe_close(return_pipe[1]); json_pipe[1] = safe_close(json_pipe[1]); if (ret) { _cleanup_fclose_ FILE *in = NULL; in = take_fdopen(&return_pipe[0], ""r""); if (!in) return -errno; r = read_full_stream(in, &buf, NULL); if (r < 0) return r; } if (ret_package_metadata) { _cleanup_fclose_ FILE *json_in = NULL; json_in = take_fdopen(&json_pipe[0], ""r""); if (!json_in) return -errno; r = json_parse_file(json_in, NULL, 0, &package_metadata, NULL, NULL); if (r < 0 && r != -ENODATA) return r; } if (ret) *ret = TAKE_PTR(buf); if (ret_package_metadata) *ret_package_metadata = TAKE_PTR(package_metadata); return 0; }",visit repo url,src/shared/elf-util.c,https://github.com/systemd/systemd,279230490481646,1 2266,['CWE-120'],"static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) { int error = 0; struct inode *target; if (new_dir != old_dir) { error = permission(old_dentry->d_inode, MAY_WRITE, NULL); if (error) return error; } error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); if (error) return error; target = new_dentry->d_inode; if (target) { mutex_lock(&target->i_mutex); dentry_unhash(new_dentry); } if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry)) error = -EBUSY; else error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); if (target) { if (!error) target->i_flags |= S_DEAD; mutex_unlock(&target->i_mutex); if (d_unhashed(new_dentry)) d_rehash(new_dentry); dput(new_dentry); } if (!error) if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) d_move(old_dentry,new_dentry); return error; }",linux-2.6,,,143741278809206512626198760804160173430,0 5922,['CWE-909'],"int tc_classify(struct sk_buff *skb, struct tcf_proto *tp, struct tcf_result *res) { int err = 0; __be16 protocol; #ifdef CONFIG_NET_CLS_ACT struct tcf_proto *otp = tp; reclassify: #endif protocol = skb->protocol; err = tc_classify_compat(skb, tp, res); #ifdef CONFIG_NET_CLS_ACT if (err == TC_ACT_RECLASSIFY) { u32 verd = G_TC_VERD(skb->tc_verd); tp = otp; if (verd++ >= MAX_REC_LOOP) { printk(""rule prio %u protocol %02x reclassify loop, "" ""packet dropped\n"", tp->prio&0xffff, ntohs(tp->protocol)); return TC_ACT_SHOT; } skb->tc_verd = SET_TC_VERD(skb->tc_verd, verd); goto reclassify; } #endif return err; }",linux-2.6,,,200482380230686622506749962912946789566,0 511,CWE-362,"static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) { struct inet_sock *inet = inet_sk(sk); struct net *net = sock_net(sk); struct ipcm_cookie ipc; struct rtable *rt = NULL; struct flowi4 fl4; int free = 0; __be32 daddr; __be32 saddr; u8 tos; int err; struct ip_options_data opt_copy; struct raw_frag_vec rfv; err = -EMSGSIZE; if (len > 0xFFFF) goto out; err = -EOPNOTSUPP; if (msg->msg_flags & MSG_OOB) goto out; if (msg->msg_namelen) { DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name); err = -EINVAL; if (msg->msg_namelen < sizeof(*usin)) goto out; if (usin->sin_family != AF_INET) { pr_info_once(""%s: %s forgot to set AF_INET. Fix it!\n"", __func__, current->comm); err = -EAFNOSUPPORT; if (usin->sin_family) goto out; } daddr = usin->sin_addr.s_addr; } else { err = -EDESTADDRREQ; if (sk->sk_state != TCP_ESTABLISHED) goto out; daddr = inet->inet_daddr; } ipc.sockc.tsflags = sk->sk_tsflags; ipc.addr = inet->inet_saddr; ipc.opt = NULL; ipc.tx_flags = 0; ipc.ttl = 0; ipc.tos = -1; ipc.oif = sk->sk_bound_dev_if; if (msg->msg_controllen) { err = ip_cmsg_send(sk, msg, &ipc, false); if (unlikely(err)) { kfree(ipc.opt); goto out; } if (ipc.opt) free = 1; } saddr = ipc.addr; ipc.addr = daddr; if (!ipc.opt) { struct ip_options_rcu *inet_opt; rcu_read_lock(); inet_opt = rcu_dereference(inet->inet_opt); if (inet_opt) { memcpy(&opt_copy, inet_opt, sizeof(*inet_opt) + inet_opt->opt.optlen); ipc.opt = &opt_copy.opt; } rcu_read_unlock(); } if (ipc.opt) { err = -EINVAL; if (inet->hdrincl) goto done; if (ipc.opt->opt.srr) { if (!daddr) goto done; daddr = ipc.opt->opt.faddr; } } tos = get_rtconn_flags(&ipc, sk); if (msg->msg_flags & MSG_DONTROUTE) tos |= RTO_ONLINK; if (ipv4_is_multicast(daddr)) { if (!ipc.oif) ipc.oif = inet->mc_index; if (!saddr) saddr = inet->mc_addr; } else if (!ipc.oif) ipc.oif = inet->uc_index; flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos, RT_SCOPE_UNIVERSE, inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol, inet_sk_flowi_flags(sk) | (inet->hdrincl ? FLOWI_FLAG_KNOWN_NH : 0), daddr, saddr, 0, 0, sk->sk_uid); if (!inet->hdrincl) { rfv.msg = msg; rfv.hlen = 0; err = raw_probe_proto_opt(&rfv, &fl4); if (err) goto done; } security_sk_classify_flow(sk, flowi4_to_flowi(&fl4)); rt = ip_route_output_flow(net, &fl4, sk); if (IS_ERR(rt)) { err = PTR_ERR(rt); rt = NULL; goto done; } err = -EACCES; if (rt->rt_flags & RTCF_BROADCAST && !sock_flag(sk, SOCK_BROADCAST)) goto done; if (msg->msg_flags & MSG_CONFIRM) goto do_confirm; back_from_confirm: if (inet->hdrincl) err = raw_send_hdrinc(sk, &fl4, msg, len, &rt, msg->msg_flags, &ipc.sockc); else { sock_tx_timestamp(sk, ipc.sockc.tsflags, &ipc.tx_flags); if (!ipc.addr) ipc.addr = fl4.daddr; lock_sock(sk); err = ip_append_data(sk, &fl4, raw_getfrag, &rfv, len, 0, &ipc, &rt, msg->msg_flags); if (err) ip_flush_pending_frames(sk); else if (!(msg->msg_flags & MSG_MORE)) { err = ip_push_pending_frames(sk, &fl4); if (err == -ENOBUFS && !inet->recverr) err = 0; } release_sock(sk); } done: if (free) kfree(ipc.opt); ip_rt_put(rt); out: if (err < 0) return err; return len; do_confirm: if (msg->msg_flags & MSG_PROBE) dst_confirm_neigh(&rt->dst, &fl4.daddr); if (!(msg->msg_flags & MSG_PROBE) || len) goto back_from_confirm; err = 0; goto done; }",visit repo url,net/ipv4/raw.c,https://github.com/torvalds/linux,130591738223366,1 818,['CWE-16'],"static int __init esp6_init(void) { if (xfrm_register_type(&esp6_type, AF_INET6) < 0) { printk(KERN_INFO ""ipv6 esp init: can't add xfrm type\n""); return -EAGAIN; } if (inet6_add_protocol(&esp6_protocol, IPPROTO_ESP) < 0) { printk(KERN_INFO ""ipv6 esp init: can't add protocol\n""); xfrm_unregister_type(&esp6_type, AF_INET6); return -EAGAIN; } return 0; }",linux-2.6,,,109379250962211651256202156775914883974,0 5453,CWE-617,"pci_cfgrw(struct vmctx *ctx, int vcpu, int in, int bus, int slot, int func, int coff, int bytes, uint32_t *eax) { struct businfo *bi; struct slotinfo *si; struct pci_vdev *dev; struct pci_vdev_ops *ops; int idx, needcfg; uint64_t addr, bar, mask; bool decode, ignore_reg_unreg = false; bi = pci_businfo[bus]; if (bi != NULL) { si = &bi->slotinfo[slot]; dev = si->si_funcs[func].fi_devi; } else dev = NULL; if (dev == NULL || (bytes != 1 && bytes != 2 && bytes != 4) || (coff & (bytes - 1)) != 0) { if (in) *eax = 0xffffffff; return; } ops = dev->dev_ops; if (strcmp(""passthru"", ops->class_name)) { if (coff >= PCI_REGMAX + 1) { if (in) { *eax = 0xffffffff; if (coff <= PCI_REGMAX + 4) *eax = 0x00000000; } return; } } if (in) { if (ops->vdev_cfgread != NULL) { needcfg = ops->vdev_cfgread(ctx, vcpu, dev, coff, bytes, eax); } else { needcfg = 1; } if (needcfg) *eax = CFGREAD(dev, coff, bytes); pci_emul_hdrtype_fixup(bus, slot, coff, bytes, eax); } else { if (ops->vdev_cfgwrite != NULL && (*ops->vdev_cfgwrite)(ctx, vcpu, dev, coff, bytes, *eax) == 0) return; if (coff >= PCIR_BAR(0) && coff < PCIR_BAR(PCI_BARMAX + 1)) { if (bytes != 4 || (coff & 0x3) != 0) return; idx = (coff - PCIR_BAR(0)) / 4; mask = ~(dev->bar[idx].size - 1); if (dev->bar[idx].type == PCIBAR_IO) decode = porten(dev); else decode = memen(dev); if (decode) { if (!dev->bar[idx].sizing && (*eax == ~0U)) { dev->bar[idx].sizing = true; ignore_reg_unreg = true; } else if (dev->bar[idx].sizing && (*eax != ~0U)) { dev->bar[idx].sizing = false; ignore_reg_unreg = true; } } switch (dev->bar[idx].type) { case PCIBAR_NONE: dev->bar[idx].addr = bar = 0; break; case PCIBAR_IO: addr = *eax & mask; addr &= 0xffff; bar = addr | PCIM_BAR_IO_SPACE; if (addr != dev->bar[idx].addr) { update_bar_address(ctx, dev, addr, idx, PCIBAR_IO, ignore_reg_unreg); } break; case PCIBAR_MEM32: addr = bar = *eax & mask; bar |= PCIM_BAR_MEM_SPACE | PCIM_BAR_MEM_32; if (addr != dev->bar[idx].addr) { update_bar_address(ctx, dev, addr, idx, PCIBAR_MEM32, ignore_reg_unreg); } break; case PCIBAR_MEM64: addr = bar = *eax & mask; bar |= PCIM_BAR_MEM_SPACE | PCIM_BAR_MEM_64 | PCIM_BAR_MEM_PREFETCH; if (addr != (uint32_t)dev->bar[idx].addr) { update_bar_address(ctx, dev, addr, idx, PCIBAR_MEM64, ignore_reg_unreg); } break; case PCIBAR_MEMHI64: assert(idx >= 1); mask = ~(dev->bar[idx - 1].size - 1); addr = ((uint64_t)*eax << 32) & mask; bar = addr >> 32; if (bar != dev->bar[idx - 1].addr >> 32) { update_bar_address(ctx, dev, addr, idx - 1, PCIBAR_MEMHI64, ignore_reg_unreg); } break; default: assert(0); } pci_set_cfgdata32(dev, coff, bar); } else if (coff == PCIR_BIOS) { } else if (pci_emul_iscap(dev, coff)) { pci_emul_capwrite(dev, coff, bytes, *eax); } else if (coff >= PCIR_COMMAND && coff < PCIR_REVID) { pci_emul_cmdsts_write(dev, coff, *eax, bytes); } else { CFGWRITE(dev, coff, *eax, bytes); } } }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,152441412761000,1 5918,['CWE-909'],"static struct Qdisc *qdisc_leaf(struct Qdisc *p, u32 classid) { unsigned long cl; struct Qdisc *leaf; const struct Qdisc_class_ops *cops = p->ops->cl_ops; if (cops == NULL) return NULL; cl = cops->get(p, classid); if (cl == 0) return NULL; leaf = cops->leaf(p, cl); cops->put(p, cl); return leaf; }",linux-2.6,,,222638836268317428815510028614725050139,0 5123,CWE-125,"obj2ast_arg(PyObject* obj, arg_ty* out, PyArena* arena) { PyObject* tmp = NULL; identifier arg; expr_ty annotation; int lineno; int col_offset; int end_lineno; int end_col_offset; if (_PyObject_LookupAttrId(obj, &PyId_arg, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""arg\"" missing from arg""); return 1; } else { int res; res = obj2ast_identifier(tmp, &arg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_annotation, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); annotation = NULL; } else { int res; res = obj2ast_expr(tmp, &annotation, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_lineno, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from arg""); return 1; } else { int res; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_col_offset, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from arg""); return 1; } else { int res; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_end_lineno, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); end_lineno = 0; } else { int res; res = obj2ast_int(tmp, &end_lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_end_col_offset, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); end_col_offset = 0; } else { int res; res = obj2ast_int(tmp, &end_col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = arg(arg, annotation, lineno, col_offset, end_lineno, end_col_offset, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,232807906730373,1 2560,CWE-119,"int CLASS parse_tiff_ifd(int base) { unsigned entries, tag, type, len, plen = 16, save; int ifd, use_cm = 0, cfa, i, j, c, ima_len = 0; char *cbuf, *cp; uchar cfa_pat[16], cfa_pc[] = {0, 1, 2, 3}, tab[256]; double fm[3][4], cc[4][4], cm[4][3], cam_xyz[4][3], num; double ab[] = {1, 1, 1, 1}, asn[] = {0, 0, 0, 0}, xyz[] = {1, 1, 1}; unsigned sony_curve[] = {0, 0, 0, 0, 0, 4095}; unsigned *buf, sony_offset = 0, sony_length = 0, sony_key = 0; struct jhead jh; int pana_raw = 0; #ifndef LIBRAW_LIBRARY_BUILD FILE *sfp; #endif if (tiff_nifds >= sizeof tiff_ifd / sizeof tiff_ifd[0]) return 1; ifd = tiff_nifds++; for (j = 0; j < 4; j++) for (i = 0; i < 4; i++) cc[j][i] = i == j; entries = get2(); if (entries > 512) return 1; #ifdef LIBRAW_LIBRARY_BUILD INT64 fsize = ifp->size(); #endif while (entries--) { tiff_get(base, &tag, &type, &len, &save); #ifdef LIBRAW_LIBRARY_BUILD INT64 savepos = ftell(ifp); if (len > 8 && len + savepos > fsize * 2) continue; if (callbacks.exif_cb) { callbacks.exif_cb(callbacks.exifparser_data, tag | (pana_raw ? 0x30000 : 0), type, len, order, ifp); fseek(ifp, savepos, SEEK_SET); } #endif #ifdef LIBRAW_LIBRARY_BUILD if (!strncasecmp(make, ""SONY"", 4) || (!strncasecmp(make, ""Hasselblad"", 10) && (!strncasecmp(model, ""Stellar"", 7) || !strncasecmp(model, ""Lunar"", 5) || !strncasecmp(model, ""HV"", 2)))) { switch (tag) { case 0x7300: for (int i = 0; i < 4 && i < len; i++) cblack[i] = get2(); break; case 0x7480: case 0x7820: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Daylight][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Daylight][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Daylight][1]; break; case 0x7481: case 0x7821: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Cloudy][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Cloudy][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Cloudy][1]; break; case 0x7482: case 0x7822: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][1]; break; case 0x7483: case 0x7823: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Flash][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Flash][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Flash][1]; break; case 0x7484: case 0x7824: imgdata.color.WBCT_Coeffs[0][0] = 4500; FORC3 imgdata.color.WBCT_Coeffs[0][c + 1] = get2(); imgdata.color.WBCT_Coeffs[0][4] = imgdata.color.WBCT_Coeffs[0][2]; break; case 0x7486: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Fluorescent][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Fluorescent][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Fluorescent][1]; break; case 0x7825: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][1]; break; case 0x7826: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][1]; break; case 0x7827: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_N][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_N][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_N][1]; break; case 0x7828: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][1]; break; case 0x7829: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][1]; break; case 0x782a: imgdata.color.WBCT_Coeffs[1][0] = 8500; FORC3 imgdata.color.WBCT_Coeffs[1][c + 1] = get2(); imgdata.color.WBCT_Coeffs[1][4] = imgdata.color.WBCT_Coeffs[1][2]; break; case 0x782b: imgdata.color.WBCT_Coeffs[2][0] = 6000; FORC3 imgdata.color.WBCT_Coeffs[2][c + 1] = get2(); imgdata.color.WBCT_Coeffs[2][4] = imgdata.color.WBCT_Coeffs[2][2]; break; case 0x782c: imgdata.color.WBCT_Coeffs[3][0] = 3200; FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_StudioTungsten][c] = imgdata.color.WBCT_Coeffs[3][c + 1] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_StudioTungsten][3] = imgdata.color.WBCT_Coeffs[3][4] = imgdata.color.WB_Coeffs[LIBRAW_WBI_StudioTungsten][1]; break; case 0x782d: imgdata.color.WBCT_Coeffs[4][0] = 2500; FORC3 imgdata.color.WBCT_Coeffs[4][c + 1] = get2(); imgdata.color.WBCT_Coeffs[4][4] = imgdata.color.WBCT_Coeffs[4][2]; break; case 0x787f: FORC3 imgdata.color.linear_max[c] = get2(); imgdata.color.linear_max[3] = imgdata.color.linear_max[1]; break; } } #endif switch (tag) { case 1: if (len == 4) pana_raw = get4(); break; case 5: width = get2(); break; case 6: height = get2(); break; case 7: width += get2(); break; case 9: if ((i = get2())) filters = i; #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw && len == 1 && type == 3) pana_black[3] += i; #endif break; case 8: case 10: #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw && len == 1 && type == 3) pana_black[3] += get2(); #endif break; case 14: case 15: case 16: #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw) { imgdata.color.linear_max[tag - 14] = get2(); if (tag == 15) imgdata.color.linear_max[3] = imgdata.color.linear_max[1]; } #endif break; case 17: case 18: if (type == 3 && len == 1) cam_mul[(tag - 17) * 2] = get2() / 256.0; break; #ifdef LIBRAW_LIBRARY_BUILD case 19: if (pana_raw) { ushort nWB, cnt, tWB; nWB = get2(); if (nWB > 0x100) break; for (cnt = 0; cnt < nWB; cnt++) { tWB = get2(); if (tWB < 0x100) { imgdata.color.WB_Coeffs[tWB][0] = get2(); imgdata.color.WB_Coeffs[tWB][2] = get2(); imgdata.color.WB_Coeffs[tWB][1] = imgdata.color.WB_Coeffs[tWB][3] = 0x100; } else get4(); } } break; #endif case 23: if (type == 3) iso_speed = get2(); break; case 28: case 29: case 30: #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw && len == 1 && type == 3) { pana_black[tag - 28] = get2(); } else #endif { cblack[tag - 28] = get2(); cblack[3] = cblack[1]; } break; case 36: case 37: case 38: cam_mul[tag - 36] = get2(); break; case 39: #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw) { ushort nWB, cnt, tWB; nWB = get2(); if (nWB > 0x100) break; for (cnt = 0; cnt < nWB; cnt++) { tWB = get2(); if (tWB < 0x100) { imgdata.color.WB_Coeffs[tWB][0] = get2(); imgdata.color.WB_Coeffs[tWB][1] = imgdata.color.WB_Coeffs[tWB][3] = get2(); imgdata.color.WB_Coeffs[tWB][2] = get2(); } else fseek(ifp, 6, SEEK_CUR); } } break; #endif if (len < 50 || cam_mul[0]) break; fseek(ifp, 12, SEEK_CUR); FORC3 cam_mul[c] = get2(); break; case 46: if (type != 7 || fgetc(ifp) != 0xff || fgetc(ifp) != 0xd8) break; thumb_offset = ftell(ifp) - 2; thumb_length = len; break; case 61440: fseek(ifp, get4() + base, SEEK_SET); parse_tiff_ifd(base); break; case 2: case 256: case 61441: tiff_ifd[ifd].t_width = getint(type); break; case 3: case 257: case 61442: tiff_ifd[ifd].t_height = getint(type); break; case 258: case 61443: tiff_ifd[ifd].samples = len & 7; tiff_ifd[ifd].bps = getint(type); if (tiff_bps < tiff_ifd[ifd].bps) tiff_bps = tiff_ifd[ifd].bps; break; case 61446: raw_height = 0; if (tiff_ifd[ifd].bps > 12) break; load_raw = &CLASS packed_load_raw; load_flags = get4() ? 24 : 80; break; case 259: tiff_ifd[ifd].comp = getint(type); break; case 262: tiff_ifd[ifd].phint = get2(); break; case 270: fread(desc, 512, 1, ifp); break; case 271: fgets(make, 64, ifp); break; case 272: fgets(model, 64, ifp); break; #ifdef LIBRAW_LIBRARY_BUILD case 278: tiff_ifd[ifd].rows_per_strip = getint(type); break; #endif case 280: if (type != 4) break; load_raw = &CLASS panasonic_load_raw; load_flags = 0x2008; case 273: #ifdef LIBRAW_LIBRARY_BUILD if (len > 1 && len < 16384) { off_t sav = ftell(ifp); tiff_ifd[ifd].strip_offsets = (int *)calloc(len, sizeof(int)); tiff_ifd[ifd].strip_offsets_count = len; for (int i = 0; i < len; i++) tiff_ifd[ifd].strip_offsets[i] = get4() + base; fseek(ifp, sav, SEEK_SET); } #endif case 513: case 61447: tiff_ifd[ifd].offset = get4() + base; if (!tiff_ifd[ifd].bps && tiff_ifd[ifd].offset > 0) { fseek(ifp, tiff_ifd[ifd].offset, SEEK_SET); if (ljpeg_start(&jh, 1)) { tiff_ifd[ifd].comp = 6; tiff_ifd[ifd].t_width = jh.wide; tiff_ifd[ifd].t_height = jh.high; tiff_ifd[ifd].bps = jh.bits; tiff_ifd[ifd].samples = jh.clrs; if (!(jh.sraw || (jh.clrs & 1))) tiff_ifd[ifd].t_width *= jh.clrs; if ((tiff_ifd[ifd].t_width > 4 * tiff_ifd[ifd].t_height) & ~jh.clrs) { tiff_ifd[ifd].t_width /= 2; tiff_ifd[ifd].t_height *= 2; } i = order; parse_tiff(tiff_ifd[ifd].offset + 12); order = i; } } break; case 274: tiff_ifd[ifd].t_flip = ""50132467""[get2() & 7] - '0'; break; case 277: tiff_ifd[ifd].samples = getint(type) & 7; break; case 279: #ifdef LIBRAW_LIBRARY_BUILD if (len > 1 && len < 16384) { off_t sav = ftell(ifp); tiff_ifd[ifd].strip_byte_counts = (int *)calloc(len, sizeof(int)); tiff_ifd[ifd].strip_byte_counts_count = len; for (int i = 0; i < len; i++) tiff_ifd[ifd].strip_byte_counts[i] = get4(); fseek(ifp, sav, SEEK_SET); } #endif case 514: case 61448: tiff_ifd[ifd].bytes = get4(); break; case 61454: FORC3 cam_mul[(4 - c) % 3] = getint(type); break; case 305: case 11: fgets(software, 64, ifp); if (!strncmp(software, ""Adobe"", 5) || !strncmp(software, ""dcraw"", 5) || !strncmp(software, ""UFRaw"", 5) || !strncmp(software, ""Bibble"", 6) || !strcmp(software, ""Digital Photo Professional"")) is_raw = 0; break; case 306: get_timestamp(0); break; case 315: fread(artist, 64, 1, ifp); break; case 317: tiff_ifd[ifd].predictor = getint(type); break; case 322: tiff_ifd[ifd].t_tile_width = getint(type); break; case 323: tiff_ifd[ifd].t_tile_length = getint(type); break; case 324: tiff_ifd[ifd].offset = len > 1 ? ftell(ifp) : get4(); if (len == 1) tiff_ifd[ifd].t_tile_width = tiff_ifd[ifd].t_tile_length = 0; if (len == 4) { load_raw = &CLASS sinar_4shot_load_raw; is_raw = 5; } break; case 325: tiff_ifd[ifd].bytes = len > 1 ? ftell(ifp) : get4(); break; case 330: if (!strcmp(model, ""DSLR-A100"") && tiff_ifd[ifd].t_width == 3872) { load_raw = &CLASS sony_arw_load_raw; data_offset = get4() + base; ifd++; break; } #ifdef LIBRAW_LIBRARY_BUILD if (!strncmp(make, ""Hasselblad"", 10) && libraw_internal_data.unpacker_data.hasselblad_parser_flag) { fseek(ifp, ftell(ifp) + 4, SEEK_SET); fseek(ifp, get4() + base, SEEK_SET); parse_tiff_ifd(base); break; } #endif if (len > 1000) len = 1000; while (len--) { i = ftell(ifp); fseek(ifp, get4() + base, SEEK_SET); if (parse_tiff_ifd(base)) break; fseek(ifp, i + 4, SEEK_SET); } break; case 339: tiff_ifd[ifd].sample_format = getint(type); break; case 400: strcpy(make, ""Sarnoff""); maximum = 0xfff; break; #ifdef LIBRAW_LIBRARY_BUILD case 700: if ((type == 1 || type == 2 || type == 6 || type == 7) && len > 1 && len < 5100000) { xmpdata = (char *)malloc(xmplen = len + 1); fread(xmpdata, len, 1, ifp); xmpdata[len] = 0; } break; #endif case 28688: FORC4 sony_curve[c + 1] = get2() >> 2 & 0xfff; for (i = 0; i < 5; i++) for (j = sony_curve[i] + 1; j <= sony_curve[i + 1]; j++) curve[j] = curve[j - 1] + (1 << i); break; case 29184: sony_offset = get4(); break; case 29185: sony_length = get4(); break; case 29217: sony_key = get4(); break; case 29264: parse_minolta(ftell(ifp)); raw_width = 0; break; case 29443: FORC4 cam_mul[c ^ (c < 2)] = get2(); break; case 29459: FORC4 cam_mul[c] = get2(); i = (cam_mul[1] == 1024 && cam_mul[2] == 1024) << 1; SWAP(cam_mul[i], cam_mul[i + 1]) break; #ifdef LIBRAW_LIBRARY_BUILD case 30720: for (i = 0; i < 3; i++) { float num = 0.0; for (c = 0; c < 3; c++) { imgdata.color.ccm[i][c] = (float)((short)get2()); num += imgdata.color.ccm[i][c]; } if (num > 0.01) FORC3 imgdata.color.ccm[i][c] = imgdata.color.ccm[i][c] / num; } break; #endif case 29456: FORC4 cblack[c ^ c >> 1] = get2(); i = cblack[3]; FORC3 if (i > cblack[c]) i = cblack[c]; FORC4 cblack[c] -= i; black = i; #ifdef DCRAW_VERBOSE if (verbose) fprintf(stderr, _(""...Sony black: %u cblack: %u %u %u %u\n""), black, cblack[0], cblack[1], cblack[2], cblack[3]); #endif break; case 33405: fgets(model2, 64, ifp); break; case 33421: if (get2() == 6 && get2() == 6) filters = 9; break; case 33422: if (filters == 9) { FORC(36)((char *)xtrans)[c] = fgetc(ifp) & 3; break; } case 64777: if (len == 36) { filters = 9; colors = 3; FORC(36) xtrans[0][c] = fgetc(ifp) & 3; } else if (len > 0) { if ((plen = len) > 16) plen = 16; fread(cfa_pat, 1, plen, ifp); for (colors = cfa = i = 0; i < plen && colors < 4; i++) { colors += !(cfa & (1 << cfa_pat[i])); cfa |= 1 << cfa_pat[i]; } if (cfa == 070) memcpy(cfa_pc, ""\003\004\005"", 3); if (cfa == 072) memcpy(cfa_pc, ""\005\003\004\001"", 4); goto guess_cfa_pc; } break; case 33424: case 65024: fseek(ifp, get4() + base, SEEK_SET); parse_kodak_ifd(base); break; case 33434: tiff_ifd[ifd].t_shutter = shutter = getreal(type); break; case 33437: aperture = getreal(type); break; #ifdef LIBRAW_LIBRARY_BUILD case 0xa405: imgdata.lens.FocalLengthIn35mmFormat = get2(); break; case 0xa431: case 0xc62f: stmread(imgdata.shootinginfo.BodySerial, len, ifp); break; case 0xa432: imgdata.lens.MinFocal = getreal(type); imgdata.lens.MaxFocal = getreal(type); imgdata.lens.MaxAp4MinFocal = getreal(type); imgdata.lens.MaxAp4MaxFocal = getreal(type); break; case 0xa435: stmread(imgdata.lens.LensSerial, len, ifp); break; case 0xc630: imgdata.lens.MinFocal = getreal(type); imgdata.lens.MaxFocal = getreal(type); imgdata.lens.MaxAp4MinFocal = getreal(type); imgdata.lens.MaxAp4MaxFocal = getreal(type); break; case 0xa433: stmread(imgdata.lens.LensMake, len, ifp); break; case 0xa434: stmread(imgdata.lens.Lens, len, ifp); if (!strncmp(imgdata.lens.Lens, ""----"", 4)) imgdata.lens.Lens[0] = 0; break; case 0x9205: imgdata.lens.EXIF_MaxAp = powf64(2.0f, (getreal(type) / 2.0f)); break; #endif case 34306: FORC4 cam_mul[c ^ 1] = 4096.0 / get2(); break; case 34307: fread(software, 1, 7, ifp); if (strncmp(software, ""MATRIX"", 6)) break; colors = 4; for (raw_color = i = 0; i < 3; i++) { FORC4 fscanf(ifp, ""%f"", &rgb_cam[i][c ^ 1]); if (!use_camera_wb) continue; num = 0; FORC4 num += rgb_cam[i][c]; FORC4 rgb_cam[i][c] /= MAX(1, num); } break; case 34310: parse_mos(ftell(ifp)); case 34303: strcpy(make, ""Leaf""); break; case 34665: fseek(ifp, get4() + base, SEEK_SET); parse_exif(base); break; case 34853: { unsigned pos; fseek(ifp, pos = (get4() + base), SEEK_SET); parse_gps(base); #ifdef LIBRAW_LIBRARY_BUILD fseek(ifp, pos, SEEK_SET); parse_gps_libraw(base); #endif } break; case 34675: case 50831: profile_offset = ftell(ifp); profile_length = len; break; case 37122: kodak_cbpp = get4(); break; case 37386: focal_len = getreal(type); break; case 37393: shot_order = getint(type); break; case 37400: for (raw_color = i = 0; i < 3; i++) { getreal(type); FORC3 rgb_cam[i][c] = getreal(type); } break; case 40976: strip_offset = get4(); switch (tiff_ifd[ifd].comp) { case 32770: load_raw = &CLASS samsung_load_raw; break; case 32772: load_raw = &CLASS samsung2_load_raw; break; case 32773: load_raw = &CLASS samsung3_load_raw; break; } break; case 46275: strcpy(make, ""Imacon""); data_offset = ftell(ifp); ima_len = len; break; case 46279: if (!ima_len) break; fseek(ifp, 38, SEEK_CUR); case 46274: fseek(ifp, 40, SEEK_CUR); raw_width = get4(); raw_height = get4(); left_margin = get4() & 7; width = raw_width - left_margin - (get4() & 7); top_margin = get4() & 7; height = raw_height - top_margin - (get4() & 7); if (raw_width == 7262 && ima_len == 234317952) { height = 5412; width = 7216; left_margin = 7; filters = 0; } else if (raw_width == 7262) { height = 5444; width = 7244; left_margin = 7; } fseek(ifp, 52, SEEK_CUR); FORC3 cam_mul[c] = getreal(11); fseek(ifp, 114, SEEK_CUR); flip = (get2() >> 7) * 90; if (width * height * 6 == ima_len) { if (flip % 180 == 90) SWAP(width, height); raw_width = width; raw_height = height; left_margin = top_margin = filters = flip = 0; } sprintf(model, ""Ixpress %d-Mp"", height * width / 1000000); load_raw = &CLASS imacon_full_load_raw; if (filters) { if (left_margin & 1) filters = 0x61616161; load_raw = &CLASS unpacked_load_raw; } maximum = 0xffff; break; case 50454: case 50455: if (len > 2560000 || !(cbuf = (char *)malloc(len))) break; #ifndef LIBRAW_LIBRARY_BUILD fread(cbuf, 1, len, ifp); #else if (fread(cbuf, 1, len, ifp) != len) throw LIBRAW_EXCEPTION_IO_CORRUPT; #endif cbuf[len - 1] = 0; for (cp = cbuf - 1; cp && cp < cbuf + len; cp = strchr(cp, '\n')) if (!strncmp(++cp, ""Neutral "", 8)) sscanf(cp + 8, ""%f %f %f"", cam_mul, cam_mul + 1, cam_mul + 2); free(cbuf); break; case 50458: if (!make[0]) strcpy(make, ""Hasselblad""); break; case 50459: #ifdef LIBRAW_LIBRARY_BUILD libraw_internal_data.unpacker_data.hasselblad_parser_flag = 1; #endif i = order; j = ftell(ifp); c = tiff_nifds; order = get2(); fseek(ifp, j + (get2(), get4()), SEEK_SET); parse_tiff_ifd(j); maximum = 0xffff; tiff_nifds = c; order = i; break; case 50706: FORC4 dng_version = (dng_version << 8) + fgetc(ifp); if (!make[0]) strcpy(make, ""DNG""); is_raw = 1; break; case 50708: #ifdef LIBRAW_LIBRARY_BUILD stmread(imgdata.color.UniqueCameraModel, len, ifp); imgdata.color.UniqueCameraModel[sizeof(imgdata.color.UniqueCameraModel) - 1] = 0; #endif if (model[0]) break; #ifndef LIBRAW_LIBRARY_BUILD fgets(make, 64, ifp); #else strncpy(make, imgdata.color.UniqueCameraModel, MIN(len, sizeof(imgdata.color.UniqueCameraModel))); #endif if ((cp = strchr(make, ' '))) { strcpy(model, cp + 1); *cp = 0; } break; case 50710: if (filters == 9) break; if (len > 4) len = 4; colors = len; fread(cfa_pc, 1, colors, ifp); guess_cfa_pc: FORCC tab[cfa_pc[c]] = c; cdesc[c] = 0; for (i = 16; i--;) filters = filters << 2 | tab[cfa_pat[i % plen]]; filters -= !filters; break; case 50711: if (get2() == 2) fuji_width = 1; break; case 291: case 50712: #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].lineartable_offset = ftell(ifp); tiff_ifd[ifd].lineartable_len = len; #endif linear_table(len); break; case 50713: #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_cblack[4] = #endif cblack[4] = get2(); #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_cblack[5] = #endif cblack[5] = get2(); if (cblack[4] * cblack[5] > (sizeof(cblack) / sizeof(cblack[0]) - 6)) #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_cblack[4] = tiff_ifd[ifd].dng_levels.dng_cblack[5] = #endif cblack[4] = cblack[5] = 1; break; #ifdef LIBRAW_LIBRARY_BUILD case 0xf00c: { unsigned fwb[4]; FORC4 fwb[c] = get4(); if (fwb[3] < 0x100) { imgdata.color.WB_Coeffs[fwb[3]][0] = fwb[1]; imgdata.color.WB_Coeffs[fwb[3]][1] = imgdata.color.WB_Coeffs[fwb[3]][3] = fwb[0]; imgdata.color.WB_Coeffs[fwb[3]][2] = fwb[2]; if ((fwb[3] == 17) && libraw_internal_data.unpacker_data.lenRAFData > 3 && libraw_internal_data.unpacker_data.lenRAFData < 10240000) { long long f_save = ftell(ifp); int fj, found = 0; ushort *rafdata = (ushort *)malloc(sizeof(ushort) * libraw_internal_data.unpacker_data.lenRAFData); fseek(ifp, libraw_internal_data.unpacker_data.posRAFData, SEEK_SET); fread(rafdata, sizeof(ushort), libraw_internal_data.unpacker_data.lenRAFData, ifp); fseek(ifp, f_save, SEEK_SET); for (int fi = 0; fi < (libraw_internal_data.unpacker_data.lenRAFData - 3); fi++) { if ((fwb[0] == rafdata[fi]) && (fwb[1] == rafdata[fi + 1]) && (fwb[2] == rafdata[fi + 2])) { if (rafdata[fi - 15] != fwb[0]) continue; fi = fi - 15; imgdata.color.WB_Coeffs[LIBRAW_WBI_FineWeather][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FineWeather][3] = rafdata[fi]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FineWeather][0] = rafdata[fi + 1]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FineWeather][2] = rafdata[fi + 2]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][3] = rafdata[fi + 3]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][0] = rafdata[fi + 4]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][2] = rafdata[fi + 5]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][3] = rafdata[fi + 6]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][0] = rafdata[fi + 7]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][2] = rafdata[fi + 8]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][3] = rafdata[fi + 9]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][0] = rafdata[fi + 10]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][2] = rafdata[fi + 11]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][3] = rafdata[fi + 12]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][0] = rafdata[fi + 13]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][2] = rafdata[fi + 14]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][3] = rafdata[fi + 15]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][0] = rafdata[fi + 16]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][2] = rafdata[fi + 17]; fi += 111; for (fj = fi; fj < (fi + 15); fj += 3) if (rafdata[fj] != rafdata[fi]) { found = 1; break; } if (found) { int FujiCCT_K[31] = {2500, 2550, 2650, 2700, 2800, 2850, 2950, 3000, 3100, 3200, 3300, 3400, 3600, 3700, 3800, 4000, 4200, 4300, 4500, 4800, 5000, 5300, 5600, 5900, 6300, 6700, 7100, 7700, 8300, 9100, 10000}; fj = fj - 93; for (int iCCT = 0; iCCT < 31; iCCT++) { imgdata.color.WBCT_Coeffs[iCCT][0] = FujiCCT_K[iCCT]; imgdata.color.WBCT_Coeffs[iCCT][1] = rafdata[iCCT * 3 + 1 + fj]; imgdata.color.WBCT_Coeffs[iCCT][2] = imgdata.color.WBCT_Coeffs[iCCT][4] = rafdata[iCCT * 3 + fj]; imgdata.color.WBCT_Coeffs[iCCT][3] = rafdata[iCCT * 3 + 2 + fj]; } } free(rafdata); break; } } } } FORC4 fwb[c] = get4(); if (fwb[3] < 0x100) { imgdata.color.WB_Coeffs[fwb[3]][0] = fwb[1]; imgdata.color.WB_Coeffs[fwb[3]][1] = imgdata.color.WB_Coeffs[fwb[3]][3] = fwb[0]; imgdata.color.WB_Coeffs[fwb[3]][2] = fwb[2]; } } break; #endif #ifdef LIBRAW_LIBRARY_BUILD case 50709: stmread(imgdata.color.LocalizedCameraModel, len, ifp); break; #endif case 61450: cblack[4] = cblack[5] = MIN(sqrt((double)len), 64); case 50714: #ifdef LIBRAW_LIBRARY_BUILD if (tiff_ifd[ifd].samples > 1 && tiff_ifd[ifd].samples == len) { for (i = 0; i < colors && i < 4 && i < len; i++) tiff_ifd[ifd].dng_levels.dng_cblack[i] = cblack[i] = getreal(type) + 0.5; tiff_ifd[ifd].dng_levels.dng_black = black = 0; } else #endif if ((cblack[4] * cblack[5] < 2) && len == 1) { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_black = #endif black = getreal(type); } else if (cblack[4] * cblack[5] <= len) { FORC(cblack[4] * cblack[5]) cblack[6 + c] = getreal(type); black = 0; FORC4 cblack[c] = 0; #ifdef LIBRAW_LIBRARY_BUILD if (tag == 50714) { FORC(cblack[4] * cblack[5]) tiff_ifd[ifd].dng_levels.dng_cblack[6 + c] = cblack[6 + c]; tiff_ifd[ifd].dng_levels.dng_black = 0; FORC4 tiff_ifd[ifd].dng_levels.dng_cblack[c] = 0; } #endif } break; case 50715: case 50716: for (num = i = 0; i < len && i < 65536; i++) num += getreal(type); black += num / len + 0.5; #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_black += num / len + 0.5; #endif break; case 50717: #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_whitelevel[0] = #endif maximum = getint(type); #ifdef LIBRAW_LIBRARY_BUILD if (tiff_ifd[ifd].samples > 1) for (i = 1; i < colors && i < 4 && i < len; i++) tiff_ifd[ifd].dng_levels.dng_whitelevel[i] = getint(type); #endif break; case 50718: pixel_aspect = getreal(type); pixel_aspect /= getreal(type); if (pixel_aspect > 0.995 && pixel_aspect < 1.005) pixel_aspect = 1.0; break; #ifdef LIBRAW_LIBRARY_BUILD case 50778: tiff_ifd[ifd].dng_color[0].illuminant = get2(); break; case 50779: tiff_ifd[ifd].dng_color[1].illuminant = get2(); break; #endif case 50721: case 50722: #ifdef LIBRAW_LIBRARY_BUILD i = tag == 50721 ? 0 : 1; #endif FORCC for (j = 0; j < 3; j++) { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_color[i].colormatrix[c][j] = #endif cm[c][j] = getreal(type); } use_cm = 1; break; case 0xc714: case 0xc715: #ifdef LIBRAW_LIBRARY_BUILD i = tag == 0xc714 ? 0 : 1; #endif for (j = 0; j < 3; j++) FORCC { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_color[i].forwardmatrix[j][c] = #endif fm[j][c] = getreal(type); } break; case 50723: case 50724: #ifdef LIBRAW_LIBRARY_BUILD j = tag == 50723 ? 0 : 1; #endif for (i = 0; i < colors; i++) FORCC { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_color[j].calibration[i][c] = #endif cc[i][c] = getreal(type); } break; case 50727: FORCC { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.analogbalance[c] = #endif ab[c] = getreal(type); } break; case 50728: FORCC asn[c] = getreal(type); break; case 50729: xyz[0] = getreal(type); xyz[1] = getreal(type); xyz[2] = 1 - xyz[0] - xyz[1]; FORC3 xyz[c] /= d65_white[c]; break; #ifdef LIBRAW_LIBRARY_BUILD case 50730: baseline_exposure = getreal(type); break; #endif case 50740: #ifdef LIBRAW_LIBRARY_BUILD { char mbuf[64]; unsigned short makernote_found = 0; INT64 curr_pos, start_pos = ftell(ifp); unsigned MakN_order, m_sorder = order; unsigned MakN_length; unsigned pos_in_original_raw; fread(mbuf, 1, 6, ifp); if (!strcmp(mbuf, ""Adobe"")) { order = 0x4d4d; curr_pos = start_pos + 6; while (curr_pos + 8 - start_pos <= len) { fread(mbuf, 1, 4, ifp); curr_pos += 8; if (!strncmp(mbuf, ""MakN"", 4)) { makernote_found = 1; MakN_length = get4(); MakN_order = get2(); pos_in_original_raw = get4(); order = MakN_order; parse_makernote_0xc634(curr_pos + 6 - pos_in_original_raw, 0, AdobeDNG); break; } } } else { fread(mbuf + 6, 1, 2, ifp); if (!strcmp(mbuf, ""PENTAX "") || !strcmp(mbuf, ""SAMSUNG"")) { makernote_found = 1; fseek(ifp, start_pos, SEEK_SET); parse_makernote_0xc634(base, 0, CameraDNG); } } fseek(ifp, start_pos, SEEK_SET); order = m_sorder; } #endif if (dng_version) break; parse_minolta(j = get4() + base); fseek(ifp, j, SEEK_SET); parse_tiff_ifd(base); break; case 50752: read_shorts(cr2_slice, 3); break; case 50829: top_margin = getint(type); left_margin = getint(type); height = getint(type) - top_margin; width = getint(type) - left_margin; break; case 50830: for (i = 0; i < len && i < 32; i++) ((int *)mask)[i] = getint(type); black = 0; break; case 51009: #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].opcode2_offset = #endif meta_offset = ftell(ifp); break; case 64772: if (len < 13) break; fseek(ifp, 16, SEEK_CUR); data_offset = get4(); fseek(ifp, 28, SEEK_CUR); data_offset += get4(); load_raw = &CLASS packed_load_raw; break; case 65026: if (type == 2) fgets(model2, 64, ifp); } fseek(ifp, save, SEEK_SET); } if (sony_length && sony_length < 10240000 && (buf = (unsigned *)malloc(sony_length))) { fseek(ifp, sony_offset, SEEK_SET); fread(buf, sony_length, 1, ifp); sony_decrypt(buf, sony_length / 4, 1, sony_key); #ifndef LIBRAW_LIBRARY_BUILD sfp = ifp; if ((ifp = tmpfile())) { fwrite(buf, sony_length, 1, ifp); fseek(ifp, 0, SEEK_SET); parse_tiff_ifd(-sony_offset); fclose(ifp); } ifp = sfp; #else if (!ifp->tempbuffer_open(buf, sony_length)) { parse_tiff_ifd(-sony_offset); ifp->tempbuffer_close(); } #endif free(buf); } for (i = 0; i < colors; i++) FORCC cc[i][c] *= ab[i]; if (use_cm) { FORCC for (i = 0; i < 3; i++) for (cam_xyz[c][i] = j = 0; j < colors; j++) cam_xyz[c][i] += cc[c][j] * cm[j][i] * xyz[i]; cam_xyz_coeff(cmatrix, cam_xyz); } if (asn[0]) { cam_mul[3] = 0; FORCC cam_mul[c] = 1 / asn[c]; } if (!use_cm) FORCC pre_mul[c] /= cc[c][c]; return 0; }",visit repo url,internal/dcraw_common.cpp,https://github.com/LibRaw/LibRaw,53214275065039,1 1901,CWE-416,"static void nft_lookup_activate(const struct nft_ctx *ctx, const struct nft_expr *expr) { struct nft_lookup *priv = nft_expr_priv(expr); priv->set->use++; }",visit repo url,net/netfilter/nft_lookup.c,https://github.com/torvalds/linux,107690259345543,1 246,CWE-125,"sctp_disposition_t sctp_sf_ootb(struct net *net, const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sk_buff *skb = chunk->skb; sctp_chunkhdr_t *ch; sctp_errhdr_t *err; __u8 *ch_end; int ootb_shut_ack = 0; int ootb_cookie_ack = 0; SCTP_INC_STATS(net, SCTP_MIB_OUTOFBLUES); ch = (sctp_chunkhdr_t *) chunk->chunk_hdr; do { if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t)) return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, commands); if (SCTP_CID_SHUTDOWN_ACK == ch->type) ootb_shut_ack = 1; if (SCTP_CID_ABORT == ch->type) return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); if (SCTP_CID_COOKIE_ACK == ch->type) ootb_cookie_ack = 1; if (SCTP_CID_ERROR == ch->type) { sctp_walk_errors(err, ch) { if (SCTP_ERROR_STALE_COOKIE == err->cause) { ootb_cookie_ack = 1; break; } } } ch_end = ((__u8 *)ch) + SCTP_PAD4(ntohs(ch->length)); if (ch_end > skb_tail_pointer(skb)) return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, commands); ch = (sctp_chunkhdr_t *) ch_end; } while (ch_end < skb_tail_pointer(skb)); if (ootb_shut_ack) return sctp_sf_shut_8_4_5(net, ep, asoc, type, arg, commands); else if (ootb_cookie_ack) return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); else return sctp_sf_tabort_8_4_8(net, ep, asoc, type, arg, commands); }",visit repo url,net/sctp/sm_statefuns.c,https://github.com/torvalds/linux,277926603123664,1 1695,[],"static int load_balance(int this_cpu, struct rq *this_rq, struct sched_domain *sd, enum cpu_idle_type idle, int *balance, cpumask_t *cpus) { int ld_moved, all_pinned = 0, active_balance = 0, sd_idle = 0; struct sched_group *group; unsigned long imbalance; struct rq *busiest; unsigned long flags; int unlock_aggregate; cpus_setall(*cpus); unlock_aggregate = get_aggregate(sd); if (idle != CPU_NOT_IDLE && sd->flags & SD_SHARE_CPUPOWER && !test_sd_parent(sd, SD_POWERSAVINGS_BALANCE)) sd_idle = 1; schedstat_inc(sd, lb_count[idle]); redo: group = find_busiest_group(sd, this_cpu, &imbalance, idle, &sd_idle, cpus, balance); if (*balance == 0) goto out_balanced; if (!group) { schedstat_inc(sd, lb_nobusyg[idle]); goto out_balanced; } busiest = find_busiest_queue(group, idle, imbalance, cpus); if (!busiest) { schedstat_inc(sd, lb_nobusyq[idle]); goto out_balanced; } BUG_ON(busiest == this_rq); schedstat_add(sd, lb_imbalance[idle], imbalance); ld_moved = 0; if (busiest->nr_running > 1) { local_irq_save(flags); double_rq_lock(this_rq, busiest); ld_moved = move_tasks(this_rq, this_cpu, busiest, imbalance, sd, idle, &all_pinned); double_rq_unlock(this_rq, busiest); local_irq_restore(flags); if (ld_moved && this_cpu != smp_processor_id()) resched_cpu(this_cpu); if (unlikely(all_pinned)) { cpu_clear(cpu_of(busiest), *cpus); if (!cpus_empty(*cpus)) goto redo; goto out_balanced; } } if (!ld_moved) { schedstat_inc(sd, lb_failed[idle]); sd->nr_balance_failed++; if (unlikely(sd->nr_balance_failed > sd->cache_nice_tries+2)) { spin_lock_irqsave(&busiest->lock, flags); if (!cpu_isset(this_cpu, busiest->curr->cpus_allowed)) { spin_unlock_irqrestore(&busiest->lock, flags); all_pinned = 1; goto out_one_pinned; } if (!busiest->active_balance) { busiest->active_balance = 1; busiest->push_cpu = this_cpu; active_balance = 1; } spin_unlock_irqrestore(&busiest->lock, flags); if (active_balance) wake_up_process(busiest->migration_thread); sd->nr_balance_failed = sd->cache_nice_tries+1; } } else sd->nr_balance_failed = 0; if (likely(!active_balance)) { sd->balance_interval = sd->min_interval; } else { if (sd->balance_interval < sd->max_interval) sd->balance_interval *= 2; } if (!ld_moved && !sd_idle && sd->flags & SD_SHARE_CPUPOWER && !test_sd_parent(sd, SD_POWERSAVINGS_BALANCE)) ld_moved = -1; goto out; out_balanced: schedstat_inc(sd, lb_balanced[idle]); sd->nr_balance_failed = 0; out_one_pinned: if ((all_pinned && sd->balance_interval < MAX_PINNED_INTERVAL) || (sd->balance_interval < sd->max_interval)) sd->balance_interval *= 2; if (!sd_idle && sd->flags & SD_SHARE_CPUPOWER && !test_sd_parent(sd, SD_POWERSAVINGS_BALANCE)) ld_moved = -1; else ld_moved = 0; out: if (unlock_aggregate) put_aggregate(sd); return ld_moved; }",linux-2.6,,,316590168115008660557826543626135157551,0 1856,['CWE-189'],"gnutls_server_name_get (gnutls_session_t session, void *data, size_t * data_length, unsigned int *type, unsigned int indx) { char *_data = data; if (session->security_parameters.entity == GNUTLS_CLIENT) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } if (indx + 1 > session->security_parameters.extensions.server_names_size) { return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } *type = session->security_parameters.extensions.server_names[indx].type; if (*data_length > session->security_parameters.extensions.server_names[indx].name_length) { *data_length = session->security_parameters.extensions.server_names[indx]. name_length; memcpy (data, session->security_parameters.extensions.server_names[indx]. name, *data_length); if (*type == GNUTLS_NAME_DNS) _data[(*data_length)] = 0; } else { *data_length = session->security_parameters.extensions.server_names[indx]. name_length; return GNUTLS_E_SHORT_MEMORY_BUFFER; } return 0; }",gnutls,,,208926496845343561543981682983165164036,0 3499,CWE-287,"static void start_auth_request(PgSocket *client, const char *username) { int res; PktBuf *buf; client->auth_user = client->db->auth_user; client->pool = get_pool(client->db, client->db->auth_user); if (!find_server(client)) { client->wait_for_user_conn = true; return; } slog_noise(client, ""Doing auth_conn query""); client->wait_for_user_conn = false; client->wait_for_user = true; if (!sbuf_pause(&client->sbuf)) { release_server(client->link); disconnect_client(client, true, ""pause failed""); return; } client->link->ready = 0; res = 0; buf = pktbuf_dynamic(512); if (buf) { pktbuf_write_ExtQuery(buf, cf_auth_query, 1, username); res = pktbuf_send_immediate(buf, client->link); pktbuf_free(buf); } if (!res) disconnect_server(client->link, false, ""unable to send login query""); }",visit repo url,src/client.c,https://github.com/pgbouncer/pgbouncer,41479010989660,1 6065,['CWE-200'],"int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) { const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr; const struct in6_addr *sk2_rcv_saddr6 = tcp_v6_rcv_saddr(sk2); u32 sk_rcv_saddr = inet_sk(sk)->rcv_saddr; u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2); int sk_ipv6only = ipv6_only_sock(sk); int sk2_ipv6only = tcp_v6_ipv6only(sk2); int addr_type = ipv6_addr_type(sk_rcv_saddr6); int addr_type2 = sk2_rcv_saddr6 ? ipv6_addr_type(sk2_rcv_saddr6) : IPV6_ADDR_MAPPED; if (!sk2_rcv_saddr && !sk_ipv6only) return 1; if (addr_type2 == IPV6_ADDR_ANY && !(sk2_ipv6only && addr_type == IPV6_ADDR_MAPPED)) return 1; if (addr_type == IPV6_ADDR_ANY && !(sk_ipv6only && addr_type2 == IPV6_ADDR_MAPPED)) return 1; if (sk2_rcv_saddr6 && ipv6_addr_equal(sk_rcv_saddr6, sk2_rcv_saddr6)) return 1; if (addr_type == IPV6_ADDR_MAPPED && !sk2_ipv6only && (!sk2_rcv_saddr || !sk_rcv_saddr || sk_rcv_saddr == sk2_rcv_saddr)) return 1; return 0; }",linux-2.6,,,126981917385109910430137556800453126997,0 774,CWE-20,"static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct iucv_sock *iucv = iucv_sk(sk); unsigned int copied, rlen; struct sk_buff *skb, *rskb, *cskb; int err = 0; u32 offset; msg->msg_namelen = 0; if ((sk->sk_state == IUCV_DISCONN) && skb_queue_empty(&iucv->backlog_skb_q) && skb_queue_empty(&sk->sk_receive_queue) && list_empty(&iucv->message_q.list)) return 0; if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } offset = IUCV_SKB_CB(skb)->offset; rlen = skb->len - offset; copied = min_t(unsigned int, rlen, len); if (!rlen) sk->sk_shutdown = sk->sk_shutdown | RCV_SHUTDOWN; cskb = skb; if (skb_copy_datagram_iovec(cskb, offset, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } if (sk->sk_type == SOCK_SEQPACKET) { if (copied < rlen) msg->msg_flags |= MSG_TRUNC; msg->msg_flags |= MSG_EOR; } err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, sizeof(IUCV_SKB_CB(skb)->class), (void *)&IUCV_SKB_CB(skb)->class); if (err) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return err; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM) { if (copied < rlen) { IUCV_SKB_CB(skb)->offset = offset + copied; goto done; } } kfree_skb(skb); if (iucv->transport == AF_IUCV_TRANS_HIPER) { atomic_inc(&iucv->msg_recv); if (atomic_read(&iucv->msg_recv) > iucv->msglimit) { WARN_ON(1); iucv_sock_close(sk); return -EFAULT; } } spin_lock_bh(&iucv->message_q.lock); rskb = skb_dequeue(&iucv->backlog_skb_q); while (rskb) { IUCV_SKB_CB(rskb)->offset = 0; if (sock_queue_rcv_skb(sk, rskb)) { skb_queue_head(&iucv->backlog_skb_q, rskb); break; } else { rskb = skb_dequeue(&iucv->backlog_skb_q); } } if (skb_queue_empty(&iucv->backlog_skb_q)) { if (!list_empty(&iucv->message_q.list)) iucv_process_message_q(sk); if (atomic_read(&iucv->msg_recv) >= iucv->msglimit / 2) { err = iucv_send_ctrl(sk, AF_IUCV_FLAG_WIN); if (err) { sk->sk_state = IUCV_DISCONN; sk->sk_state_change(sk); } } } spin_unlock_bh(&iucv->message_q.lock); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/iucv/af_iucv.c,https://github.com/torvalds/linux,252125006578245,1 2427,CWE-787,"static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPacket *avpkt) { PicContext *s = avctx->priv_data; AVFrame *frame = data; uint32_t *palette; int bits_per_plane, bpp, etype, esize, npal, pos_after_pal; int i, x, y, plane, tmp, ret, val; bytestream2_init(&s->g, avpkt->data, avpkt->size); if (bytestream2_get_bytes_left(&s->g) < 11) return AVERROR_INVALIDDATA; if (bytestream2_get_le16u(&s->g) != 0x1234) return AVERROR_INVALIDDATA; s->width = bytestream2_get_le16u(&s->g); s->height = bytestream2_get_le16u(&s->g); bytestream2_skip(&s->g, 4); tmp = bytestream2_get_byteu(&s->g); bits_per_plane = tmp & 0xF; s->nb_planes = (tmp >> 4) + 1; bpp = bits_per_plane * s->nb_planes; if (bits_per_plane > 8 || bpp < 1 || bpp > 32) { avpriv_request_sample(avctx, ""Unsupported bit depth""); return AVERROR_PATCHWELCOME; } if (bytestream2_peek_byte(&s->g) == 0xFF || bpp == 1 || bpp == 4 || bpp == 8) { bytestream2_skip(&s->g, 2); etype = bytestream2_get_le16(&s->g); esize = bytestream2_get_le16(&s->g); if (bytestream2_get_bytes_left(&s->g) < esize) return AVERROR_INVALIDDATA; } else { etype = -1; esize = 0; } avctx->pix_fmt = AV_PIX_FMT_PAL8; if (av_image_check_size(s->width, s->height, 0, avctx) < 0) return -1; if (s->width != avctx->width && s->height != avctx->height) { ret = ff_set_dimensions(avctx, s->width, s->height); if (ret < 0) return ret; } if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) return ret; memset(frame->data[0], 0, s->height * frame->linesize[0]); frame->pict_type = AV_PICTURE_TYPE_I; frame->palette_has_changed = 1; pos_after_pal = bytestream2_tell(&s->g) + esize; palette = (uint32_t*)frame->data[1]; if (etype == 1 && esize > 1 && bytestream2_peek_byte(&s->g) < 6) { int idx = bytestream2_get_byte(&s->g); npal = 4; for (i = 0; i < npal; i++) palette[i] = ff_cga_palette[ cga_mode45_index[idx][i] ]; } else if (etype == 2) { npal = FFMIN(esize, 16); for (i = 0; i < npal; i++) { int pal_idx = bytestream2_get_byte(&s->g); palette[i] = ff_cga_palette[FFMIN(pal_idx, 15)]; } } else if (etype == 3) { npal = FFMIN(esize, 16); for (i = 0; i < npal; i++) { int pal_idx = bytestream2_get_byte(&s->g); palette[i] = ff_ega_palette[FFMIN(pal_idx, 63)]; } } else if (etype == 4 || etype == 5) { npal = FFMIN(esize / 3, 256); for (i = 0; i < npal; i++) { palette[i] = bytestream2_get_be24(&s->g) << 2; palette[i] |= 0xFFU << 24 | palette[i] >> 6 & 0x30303; } } else { if (bpp == 1) { npal = 2; palette[0] = 0xFF000000; palette[1] = 0xFFFFFFFF; } else if (bpp == 2) { npal = 4; for (i = 0; i < npal; i++) palette[i] = ff_cga_palette[ cga_mode45_index[0][i] ]; } else { npal = 16; memcpy(palette, ff_cga_palette, npal * 4); } } memset(palette + npal, 0, AVPALETTE_SIZE - npal * 4); bytestream2_seek(&s->g, pos_after_pal, SEEK_SET); val = 0; y = s->height - 1; if (bytestream2_get_le16(&s->g)) { x = 0; plane = 0; while (bytestream2_get_bytes_left(&s->g) >= 6) { int stop_size, marker, t1, t2; t1 = bytestream2_get_bytes_left(&s->g); t2 = bytestream2_get_le16(&s->g); stop_size = t1 - FFMIN(t1, t2); bytestream2_skip(&s->g, 2); marker = bytestream2_get_byte(&s->g); while (plane < s->nb_planes && bytestream2_get_bytes_left(&s->g) > stop_size) { int run = 1; val = bytestream2_get_byte(&s->g); if (val == marker) { run = bytestream2_get_byte(&s->g); if (run == 0) run = bytestream2_get_le16(&s->g); val = bytestream2_get_byte(&s->g); } if (!bytestream2_get_bytes_left(&s->g)) break; if (bits_per_plane == 8) { picmemset_8bpp(s, frame, val, run, &x, &y); if (y < 0) goto finish; } else { picmemset(s, frame, val, run, &x, &y, &plane, bits_per_plane); } } } if (x < avctx->width) { int run = (y + 1) * avctx->width - x; if (bits_per_plane == 8) picmemset_8bpp(s, frame, val, run, &x, &y); else picmemset(s, frame, val, run / (8 / bits_per_plane), &x, &y, &plane, bits_per_plane); } } else { while (y >= 0 && bytestream2_get_bytes_left(&s->g) > 0) { memcpy(frame->data[0] + y * frame->linesize[0], s->g.buffer, FFMIN(avctx->width, bytestream2_get_bytes_left(&s->g))); bytestream2_skip(&s->g, avctx->width); y--; } } finish: *got_frame = 1; return avpkt->size; }",visit repo url,libavcodec/pictordec.c,https://github.com/FFmpeg/FFmpeg,4428968372045,1 3560,['CWE-20'],"sctp_disposition_t sctp_sf_t2_timer_expire(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *reply = NULL; SCTP_DEBUG_PRINTK(""Timer T2 expired.\n""); SCTP_INC_STATS(SCTP_MIB_T2_SHUTDOWN_EXPIREDS); ((struct sctp_association *)asoc)->shutdown_retries++; if (asoc->overall_error_count >= asoc->max_retrans) { sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ETIMEDOUT)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_NO_ERROR)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); return SCTP_DISPOSITION_DELETE_TCB; } switch (asoc->state) { case SCTP_STATE_SHUTDOWN_SENT: reply = sctp_make_shutdown(asoc, NULL); break; case SCTP_STATE_SHUTDOWN_ACK_SENT: reply = sctp_make_shutdown_ack(asoc, NULL); break; default: BUG(); break; } if (!reply) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(asoc->shutdown_last_sent_to)); sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply)); return SCTP_DISPOSITION_CONSUME; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,136589980454168623088132354208534284676,0 2631,CWE-125,"PHP_FUNCTION(locale_get_display_variant) { get_icu_disp_value_src_php( LOC_VARIANT_TAG , INTERNAL_FUNCTION_PARAM_PASSTHRU ); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,115132982668565,1 5380,CWE-125,"uint32_t *GetPayload(size_t handle, uint32_t *lastpayload, uint32_t index) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return NULL; uint32_t *MP4buffer = NULL; if (index < mp4->indexcount && mp4->mediafp) { MP4buffer = (uint32_t *)realloc((void *)lastpayload, mp4->metasizes[index]); if (MP4buffer) { LONGSEEK(mp4->mediafp, mp4->metaoffsets[index], SEEK_SET); fread(MP4buffer, 1, mp4->metasizes[index], mp4->mediafp); return MP4buffer; } } return NULL; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,120996069001588,1 803,CWE-20,"static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; size_t copied; struct sk_buff *skb; int er; lock_sock(sk); if (sk->sk_state != TCP_ESTABLISHED) { release_sock(sk); return -ENOTCONN; } if ((skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &er)) == NULL) { release_sock(sk); return er; } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } er = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (er < 0) { skb_free_datagram(sk, skb); release_sock(sk); return er; } if (sax != NULL) { memset(sax, 0, sizeof(*sax)); sax->sax25_family = AF_NETROM; skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, AX25_ADDR_LEN); } msg->msg_namelen = sizeof(*sax); skb_free_datagram(sk, skb); release_sock(sk); return copied; }",visit repo url,net/netrom/af_netrom.c,https://github.com/torvalds/linux,173317170707187,1 1142,CWE-264,"static ssize_t cm_write(struct file *file, const char __user * user_buf, size_t count, loff_t *ppos) { static char *buf; static u32 max_size; static u32 uncopied_bytes; struct acpi_table_header table; acpi_status status; if (!(*ppos)) { if (count <= sizeof(struct acpi_table_header)) return -EINVAL; if (copy_from_user(&table, user_buf, sizeof(struct acpi_table_header))) return -EFAULT; uncopied_bytes = max_size = table.length; buf = kzalloc(max_size, GFP_KERNEL); if (!buf) return -ENOMEM; } if (buf == NULL) return -EINVAL; if ((*ppos > max_size) || (*ppos + count > max_size) || (*ppos + count < count) || (count > uncopied_bytes)) return -EINVAL; if (copy_from_user(buf + (*ppos), user_buf, count)) { kfree(buf); buf = NULL; return -EFAULT; } uncopied_bytes -= count; *ppos += count; if (!uncopied_bytes) { status = acpi_install_method(buf); kfree(buf); buf = NULL; if (ACPI_FAILURE(status)) return -EINVAL; add_taint(TAINT_OVERRIDDEN_ACPI_TABLE); } return count; }",visit repo url,drivers/acpi/debugfs.c,https://github.com/torvalds/linux,34933237838810,1 4941,CWE-125,"exif_mnote_data_canon_load (ExifMnoteData *ne, const unsigned char *buf, unsigned int buf_size) { ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne; ExifShort c; size_t i, tcount, o, datao; if (!n || !buf || !buf_size) { exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifMnoteCanon"", ""Short MakerNote""); return; } datao = 6 + n->offset; if ((datao + 2 < datao) || (datao + 2 < 2) || (datao + 2 > buf_size)) { exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifMnoteCanon"", ""Short MakerNote""); return; } c = exif_get_short (buf + datao, n->order); datao += 2; exif_mnote_data_canon_clear (n); n->entries = exif_mem_alloc (ne->mem, sizeof (MnoteCanonEntry) * c); if (!n->entries) { EXIF_LOG_NO_MEMORY(ne->log, ""ExifMnoteCanon"", sizeof (MnoteCanonEntry) * c); return; } tcount = 0; for (i = c, o = datao; i; --i, o += 12) { size_t s; if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifMnoteCanon"", ""Short MakerNote""); break; } n->entries[tcount].tag = exif_get_short (buf + o, n->order); n->entries[tcount].format = exif_get_short (buf + o + 2, n->order); n->entries[tcount].components = exif_get_long (buf + o + 4, n->order); n->entries[tcount].order = n->order; exif_log (ne->log, EXIF_LOG_CODE_DEBUG, ""ExifMnoteCanon"", ""Loading entry 0x%x ('%s')..."", n->entries[tcount].tag, mnote_canon_tag_get_name (n->entries[tcount].tag)); s = exif_format_get_size (n->entries[tcount].format) * n->entries[tcount].components; n->entries[tcount].size = s; if (!s) { exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifMnoteCanon"", ""Invalid zero-length tag size""); continue; } else { size_t dataofs = o + 8; if (s > 4) dataofs = exif_get_long (buf + dataofs, n->order) + 6; if ((dataofs + s < s) || (dataofs + s < dataofs) || (dataofs + s > buf_size)) { exif_log (ne->log, EXIF_LOG_CODE_DEBUG, ""ExifMnoteCanon"", ""Tag data past end of buffer (%u > %u)"", (unsigned)(dataofs + s), buf_size); continue; } n->entries[tcount].data = exif_mem_alloc (ne->mem, s); if (!n->entries[tcount].data) { EXIF_LOG_NO_MEMORY(ne->log, ""ExifMnoteCanon"", s); continue; } memcpy (n->entries[tcount].data, buf + dataofs, s); } ++tcount; } n->count = tcount; }",visit repo url,libexif/canon/exif-mnote-data-canon.c,https://github.com/libexif/libexif,97185903655226,1 3289,['CWE-189'],"static int mif_hdr_growcmpts(mif_hdr_t *hdr, int maxcmpts) { int cmptno; mif_cmpt_t **newcmpts; assert(maxcmpts >= hdr->numcmpts); newcmpts = (!hdr->cmpts) ? jas_alloc2(maxcmpts, sizeof(mif_cmpt_t *)) : jas_realloc2(hdr->cmpts, maxcmpts, sizeof(mif_cmpt_t *)); if (!newcmpts) { return -1; } hdr->maxcmpts = maxcmpts; hdr->cmpts = newcmpts; for (cmptno = hdr->numcmpts; cmptno < hdr->maxcmpts; ++cmptno) { hdr->cmpts[cmptno] = 0; } return 0; }",jasper,,,11548020772731316968347644409646453196,0 2774,['CWE-264'],"indicate_pkt( struct net_device *dev ) { struct net_local *nl = (struct net_local *) dev->priv; struct sk_buff *skb = nl->rx_buf_p; skb_put( skb, nl->inppos ); #ifdef CONFIG_SBNI_MULTILINE skb->protocol = eth_type_trans( skb, nl->master ); netif_rx( skb ); dev->last_rx = jiffies; ++((struct net_local *) nl->master->priv)->stats.rx_packets; ((struct net_local *) nl->master->priv)->stats.rx_bytes += nl->inppos; #else skb->protocol = eth_type_trans( skb, dev ); netif_rx( skb ); dev->last_rx = jiffies; ++nl->stats.rx_packets; nl->stats.rx_bytes += nl->inppos; #endif nl->rx_buf_p = NULL; }",linux-2.6,,,223850997972423289837317705849111490993,0 2699,[],"static int sctp_setsockopt_disable_fragments(struct sock *sk, char __user *optval, int optlen) { int val; if (optlen < sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; sctp_sk(sk)->disable_fragments = (val == 0) ? 0 : 1; return 0; }",linux-2.6,,,202070633138047646958909070492317866628,0 2390,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *in) { DelogoContext *s = inlink->dst->priv; AVFilterLink *outlink = inlink->dst->outputs[0]; const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(inlink->format); AVFrame *out; int hsub0 = desc->log2_chroma_w; int vsub0 = desc->log2_chroma_h; int direct = 0; int plane; AVRational sar; if (av_frame_is_writable(in)) { direct = 1; out = in; } else { out = ff_get_video_buffer(outlink, outlink->w, outlink->h); if (!out) { av_frame_free(&in); return AVERROR(ENOMEM); } av_frame_copy_props(out, in); } sar = in->sample_aspect_ratio; if (!sar.num) sar.num = sar.den = 1; for (plane = 0; plane < 4 && in->data[plane]; plane++) { int hsub = plane == 1 || plane == 2 ? hsub0 : 0; int vsub = plane == 1 || plane == 2 ? vsub0 : 0; apply_delogo(out->data[plane], out->linesize[plane], in ->data[plane], in ->linesize[plane], FF_CEIL_RSHIFT(inlink->w, hsub), FF_CEIL_RSHIFT(inlink->h, vsub), sar, s->x>>hsub, s->y>>vsub, FF_CEIL_RSHIFT(s->w + (s->x & ((1<h + (s->y & ((1<band>>FFMIN(hsub, vsub), s->show, direct); } if (!direct) av_frame_free(&in); return ff_filter_frame(outlink, out); }",visit repo url,libavfilter/vf_delogo.c,https://github.com/FFmpeg/FFmpeg,135039113909684,1 230,[],"static void atalk_route_packet(struct sk_buff *skb, struct net_device *dev, struct ddpehdr *ddp, struct ddpebits *ddphv, int origlen) { struct atalk_route *rt; struct atalk_addr ta; if (skb->pkt_type != PACKET_HOST || !ddp->deh_dnet) { if (dev->type == ARPHRD_PPP) printk(KERN_DEBUG ""AppleTalk: didn't forward broadcast "" ""packet received from PPP iface\n""); goto free_it; } ta.s_net = ddp->deh_dnet; ta.s_node = ddp->deh_dnode; rt = atrtr_find(&ta); if (!rt || ddphv->deh_hops == DDP_MAXHOPS) goto free_it; ddphv->deh_hops++; if (rt->flags & RTF_GATEWAY) { ta.s_net = rt->gateway.s_net; ta.s_node = rt->gateway.s_node; } skb_trim(skb, min_t(unsigned int, origlen, (rt->dev->hard_header_len + ddp_dl->header_length + ddphv->deh_len))); *((__u16 *)ddp) = ntohs(*((__u16 *)ddphv)); if (skb_headroom(skb) < 22) { struct sk_buff *nskb = skb_realloc_headroom(skb, 32); kfree_skb(skb); if (!nskb) goto out; skb = nskb; } else skb = skb_unshare(skb, GFP_ATOMIC); if (skb && aarp_send_ddp(rt->dev, skb, &ta, NULL) == -1) goto free_it; out: return; free_it: kfree_skb(skb); }",history,,,55476537295083623280476069817882698885,0 3407,CWE-122,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { #define ThrowTIFFException(severity,message) \ { \ if (pixel_info != (MemoryInfo *) NULL) \ pixel_info=RelinquishVirtualMemory(pixel_info); \ if (quantum_info != (QuantumInfo *) NULL) \ quantum_info=DestroyQuantumInfo(quantum_info); \ TIFFClose(tiff); \ ThrowReaderException(severity,message); \ } const char *option; float *chromaticity, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status; MagickBooleanType more_frames, status; MagickSizeType number_pixels; MemoryInfo *pixel_info = (MemoryInfo *) NULL; QuantumInfo *quantum_info; QuantumType quantum_type; register ssize_t i; size_t pad; ssize_t y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag, bits_per_sample, endian, extra_samples, interlace, max_sample_value, min_sample_value, orientation, pages, photometric, *sample_info, sample_format, samples_per_pixel, units, value; uint32 height, rows_per_strip, width; unsigned char *pixels; void *sans[2] = { NULL, NULL }; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info,exception); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } if (exception->severity > ErrorException) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t) TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } more_frames=MagickTrue; do { photometric=PHOTOMETRIC_RGB; if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value,sans) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (((sample_format != SAMPLEFORMAT_IEEEFP) || (bits_per_sample != 64)) && ((bits_per_sample <= 0) || (bits_per_sample > 32))) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""UnsupportedBitsPerPixel""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point"", exception); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black"", exception); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white"", exception); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette"",exception); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB"",exception); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB"",exception); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)"", exception); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV"",exception); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK"",exception); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated"",exception); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR"",exception); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown"",exception); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"", exception)); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb"",exception); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb"",exception); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) image->colorspace=GRAYColorspace; if (photometric == PHOTOMETRIC_SEPARATED) image->colorspace=CMYKColorspace; if (photometric == PHOTOMETRIC_CIELAB) image->colorspace=LabColorspace; if ((photometric == PHOTOMETRIC_YCBCR) && (compress_tag != COMPRESSION_JPEG)) image->colorspace=YCbCrColorspace; status=TIFFGetProfiles(tiff,image,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } status=TIFFGetProperties(tiff,image,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } option=GetImageOption(image_info,""tiff:exif-properties""); if (IsStringFalse(option) == MagickFalse) TIFFGetEXIFProperties(tiff,image,exception); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution,sans) == 1)) { image->resolution.x=x_resolution; image->resolution.y=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units,sans,sans) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1)) { image->page.x=(ssize_t) ceil(x_position*image->resolution.x-0.5); image->page.y=(ssize_t) ceil(y_position*image->resolution.y-0.5); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MagickPathExtent]; uint16 horizontal, vertical; tiff_status=TIFFGetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,&horizontal, &vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MagickPathExtent, ""%dx%d"",horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor,exception); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; #if defined(COMPRESSION_WEBP) case COMPRESSION_WEBP: image->compression=WebPCompression; break; #endif #if defined(COMPRESSION_ZSTD) case COMPRESSION_ZSTD: image->compression=ZstdCompression; break; #endif default: image->compression=RLECompression; break; } quantum_info=(QuantumInfo *) NULL; if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors,exception) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } value=(unsigned short) image->scene; if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages,sans) == 1) image->scene=value; if (image->storage_class == PseudoClass) { size_t range; uint16 *blue_colormap, *green_colormap, *red_colormap; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } status=SetImageColorspace(image,image->colorspace,exception); status&=ResetImagePixels(image,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } extra_samples=0; tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info,sans); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified"",exception); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->alpha_trait=BlendPixelTrait; } else for (i=0; i < extra_samples; i++) { image->alpha_trait=BlendPixelTrait; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated"", exception); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""unassociated"", exception); } } } if (image->alpha_trait != UndefinedPixelTrait) (void) SetImageAlphaChannel(image,OpaqueAlphaChannel,exception); if (samples_per_pixel > MaxPixelChannels) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""MaximumChannelsExceeded""); } method=ReadGenericMethod; rows_per_strip=(uint32) image->rows; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char buffer[MagickPathExtent]; (void) FormatLocaleString(buffer,MagickPathExtent,""%u"", (unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",buffer,exception); method=ReadStripMethod; if (rows_per_strip > (uint32) image->rows) rows_per_strip=(uint32) image->rows; } if (TIFFIsTiled(tiff) != MagickFalse) { uint32 columns, rows; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); if ((AcquireMagickResource(WidthResource,columns) == MagickFalse) || (AcquireMagickResource(HeightResource,rows) == MagickFalse)) ThrowTIFFException(ImageError,""WidthOrHeightExceedsLimit""); method=ReadTileMethod; } if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); if (photometric == PHOTOMETRIC_LOGLUV) method=ReadGenericMethod; quantum_info->endian=LSBEndian; quantum_type=RGBQuantum; if (TIFFScanlineSize(tiff) <= 0) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if ((1.0*TIFFScanlineSize(tiff)) > (2.53*GetBlobSize(image))) ThrowTIFFException(CorruptImageError,""InsufficientImageDataInFile""); number_pixels=MagickMax(TIFFScanlineSize(tiff),MagickMax((ssize_t) image->columns*samples_per_pixel*pow(2.0,ceil(log(bits_per_sample)/ log(2.0))),image->columns*rows_per_strip)); pixel_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); (void) memset(pixels,0,number_pixels*sizeof(uint32)); quantum_type=IndexQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel-1,0); if (image->alpha_trait != UndefinedPixelTrait) { if (image->storage_class == PseudoClass) quantum_type=IndexAlphaQuantum; else quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; } else if (image->storage_class != PseudoClass) quantum_type=GrayQuantum; if ((samples_per_pixel > 2) && (interlace != PLANARCONFIG_SEPARATE)) { pad=(size_t) MagickMax((size_t) samples_per_pixel-3,0); quantum_type=RGBQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); } if (image->colorspace == CMYKColorspace) { pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); quantum_type=CMYKQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); } switch (method) { case ReadYCCKMethod: { for (y=0; y < (ssize_t) image->rows; y++) { register Quantum *magick_restrict q; register ssize_t x; unsigned char *p; tiff_status=TIFFReadPixels(tiff,0,y,(char *) pixels); if (tiff_status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456)),q); SetPixelMagenta(image,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984)),q); SetPixelYellow(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816)),q); SetPixelBlack(image,ScaleCharToQuantum((unsigned char) *(p+3)),q); q+=GetPixelChannels(image); p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { register unsigned char *p; size_t extent; ssize_t stride, strip_id; tsize_t strip_size; unsigned char *strip_pixels; extent=TIFFStripSize(tiff); #if defined(TIFF_VERSION_BIG) extent+=image->columns*sizeof(uint64); #else extent+=image->columns*sizeof(uint32); #endif strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*strip_pixels)); if (strip_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); stride=TIFFVStripSize(tiff,1); strip_id=0; p=strip_pixels; for (i=0; i < (ssize_t) samples_per_pixel; i++) { size_t rows_remaining; switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; } rows_remaining=0; for (y=0; y < (ssize_t) image->rows; y++) { register Quantum *magick_restrict q; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; if (rows_remaining == 0) { strip_size=TIFFReadEncodedStrip(tiff,strip_id,strip_pixels, TIFFStripSize(tiff)); if (strip_size == -1) break; rows_remaining=rows_per_strip; if ((y+rows_per_strip) > image->rows) rows_remaining=(rows_per_strip-(y+rows_per_strip- image->rows)); p=strip_pixels; strip_id++; } (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=stride; rows_remaining--; if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } strip_pixels=(unsigned char *) RelinquishMagickMemory(strip_pixels); break; } case ReadTileMethod: { register unsigned char *p; size_t extent; uint32 columns, rows; unsigned char *tile_pixels; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); extent=TIFFTileSize(tiff); #if defined(TIFF_VERSION_BIG) extent+=columns*sizeof(uint64); #else extent+=columns*sizeof(uint32); #endif tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*tile_pixels)); if (tile_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(tile_pixels,0,extent*sizeof(*tile_pixels)); for (i=0; i < (ssize_t) samples_per_pixel; i++) { switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; } for (y=0; y < (ssize_t) image->rows; y+=rows) { register ssize_t x; size_t rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t columns_remaining, row; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; if (TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y,0,i) == 0) break; p=tile_pixels; for (row=0; row < rows_remaining; row++) { register Quantum *magick_restrict q; q=GetAuthenticPixels(image,x,y+row,columns_remaining,1, exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=TIFFTileRowSize(tiff); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) i, samples_per_pixel); if (status == MagickFalse) break; } } tile_pixels=(unsigned char *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *generic_info = (MemoryInfo * ) NULL; register uint32 *p; uint32 *pixels; if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=(MagickSizeType) image->columns*image->rows; number_pixels+=image->columns*sizeof(uint32); generic_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (generic_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(uint32 *) GetVirtualMemoryBlob(generic_info); (void) TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32) image->rows,(uint32 *) pixels,0); p=pixels+(image->columns*image->rows)-1; for (y=0; y < (ssize_t) image->rows; y++) { register ssize_t x; register Quantum *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; q+=GetPixelChannels(image)*(image->columns-1); for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) TIFFGetA(*p)),q); p--; q-=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } generic_info=RelinquishVirtualMemory(generic_info); break; } } pixel_info=RelinquishVirtualMemory(pixel_info); SetQuantumImageType(image,quantum_type); next_tiff_frame: if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; more_frames=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (more_frames != MagickFalse) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { status=MagickFalse; break; } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while ((status != MagickFalse) && (more_frames != MagickFalse)); TIFFClose(tiff); if (status != MagickFalse) TIFFReadPhotoshopLayers(image_info,image,exception); if ((image_info->number_scenes != 0) && (image_info->scene >= GetImageListLength(image))) status=MagickFalse; if (status == MagickFalse) return(DestroyImageList(image)); return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,40744875221647,1 2313,['CWE-120'],"static int do_lookup(struct nameidata *nd, struct qstr *name, struct path *path) { struct vfsmount *mnt = nd->path.mnt; struct dentry *dentry = __d_lookup(nd->path.dentry, name); if (!dentry) goto need_lookup; if (dentry->d_op && dentry->d_op->d_revalidate) goto need_revalidate; done: path->mnt = mnt; path->dentry = dentry; __follow_mount(path); return 0; need_lookup: dentry = real_lookup(nd->path.dentry, name, nd); if (IS_ERR(dentry)) goto fail; goto done; need_revalidate: dentry = do_revalidate(dentry, nd); if (!dentry) goto need_lookup; if (IS_ERR(dentry)) goto fail; goto done; fail: return PTR_ERR(dentry); }",linux-2.6,,,292985024123658743088667821451386684199,0 5669,CWE-835,"dwg_free_object (Dwg_Object *obj) { int error = 0; long unsigned int j; Dwg_Data *dwg; Bit_Chain *dat = &pdat; if (obj && obj->parent) { dwg = obj->parent; dat->version = dwg->header.version; } else return; if (obj->type == DWG_TYPE_FREED || obj->tio.object == NULL) return; dat->from_version = dat->version; if (obj->supertype == DWG_SUPERTYPE_UNKNOWN) goto unhandled; switch (obj->type) { case DWG_TYPE_TEXT: dwg_free_TEXT (dat, obj); break; case DWG_TYPE_ATTRIB: dwg_free_ATTRIB (dat, obj); break; case DWG_TYPE_ATTDEF: dwg_free_ATTDEF (dat, obj); break; case DWG_TYPE_BLOCK: dwg_free_BLOCK (dat, obj); break; case DWG_TYPE_ENDBLK: dwg_free_ENDBLK (dat, obj); break; case DWG_TYPE_SEQEND: dwg_free_SEQEND (dat, obj); break; case DWG_TYPE_INSERT: dwg_free_INSERT (dat, obj); break; case DWG_TYPE_MINSERT: dwg_free_MINSERT (dat, obj); break; case DWG_TYPE_VERTEX_2D: dwg_free_VERTEX_2D (dat, obj); break; case DWG_TYPE_VERTEX_3D: dwg_free_VERTEX_3D (dat, obj); break; case DWG_TYPE_VERTEX_MESH: dwg_free_VERTEX_MESH (dat, obj); break; case DWG_TYPE_VERTEX_PFACE: dwg_free_VERTEX_PFACE (dat, obj); break; case DWG_TYPE_VERTEX_PFACE_FACE: dwg_free_VERTEX_PFACE_FACE (dat, obj); break; case DWG_TYPE_POLYLINE_2D: dwg_free_POLYLINE_2D (dat, obj); break; case DWG_TYPE_POLYLINE_3D: dwg_free_POLYLINE_3D (dat, obj); break; case DWG_TYPE_ARC: dwg_free_ARC (dat, obj); break; case DWG_TYPE_CIRCLE: dwg_free_CIRCLE (dat, obj); break; case DWG_TYPE_LINE: dwg_free_LINE (dat, obj); break; case DWG_TYPE_DIMENSION_ORDINATE: dwg_free_DIMENSION_ORDINATE (dat, obj); break; case DWG_TYPE_DIMENSION_LINEAR: dwg_free_DIMENSION_LINEAR (dat, obj); break; case DWG_TYPE_DIMENSION_ALIGNED: dwg_free_DIMENSION_ALIGNED (dat, obj); break; case DWG_TYPE_DIMENSION_ANG3PT: dwg_free_DIMENSION_ANG3PT (dat, obj); break; case DWG_TYPE_DIMENSION_ANG2LN: dwg_free_DIMENSION_ANG2LN (dat, obj); break; case DWG_TYPE_DIMENSION_RADIUS: dwg_free_DIMENSION_RADIUS (dat, obj); break; case DWG_TYPE_DIMENSION_DIAMETER: dwg_free_DIMENSION_DIAMETER (dat, obj); break; case DWG_TYPE_POINT: dwg_free_POINT (dat, obj); break; case DWG_TYPE__3DFACE: dwg_free__3DFACE (dat, obj); break; case DWG_TYPE_POLYLINE_PFACE: dwg_free_POLYLINE_PFACE (dat, obj); break; case DWG_TYPE_POLYLINE_MESH: dwg_free_POLYLINE_MESH (dat, obj); break; case DWG_TYPE_SOLID: dwg_free_SOLID (dat, obj); break; case DWG_TYPE_TRACE: dwg_free_TRACE (dat, obj); break; case DWG_TYPE_SHAPE: dwg_free_SHAPE (dat, obj); break; case DWG_TYPE_VIEWPORT: dwg_free_VIEWPORT (dat, obj); break; case DWG_TYPE_ELLIPSE: dwg_free_ELLIPSE (dat, obj); break; case DWG_TYPE_SPLINE: dwg_free_SPLINE (dat, obj); break; case DWG_TYPE_REGION: dwg_free_REGION (dat, obj); break; case DWG_TYPE__3DSOLID: dwg_free__3DSOLID (dat, obj); break; case DWG_TYPE_BODY: dwg_free_BODY (dat, obj); break; case DWG_TYPE_RAY: dwg_free_RAY (dat, obj); break; case DWG_TYPE_XLINE: dwg_free_XLINE (dat, obj); break; case DWG_TYPE_DICTIONARY: dwg_free_DICTIONARY (dat, obj); break; case DWG_TYPE_MTEXT: dwg_free_MTEXT (dat, obj); break; case DWG_TYPE_LEADER: dwg_free_LEADER (dat, obj); break; case DWG_TYPE_TOLERANCE: dwg_free_TOLERANCE (dat, obj); break; case DWG_TYPE_MLINE: dwg_free_MLINE (dat, obj); break; case DWG_TYPE_BLOCK_CONTROL: dwg_free_BLOCK_CONTROL (dat, obj); break; case DWG_TYPE_BLOCK_HEADER: dwg_free_BLOCK_HEADER (dat, obj); break; case DWG_TYPE_LAYER_CONTROL: dwg_free_LAYER_CONTROL (dat, obj); break; case DWG_TYPE_LAYER: dwg_free_LAYER (dat, obj); break; case DWG_TYPE_STYLE_CONTROL: dwg_free_STYLE_CONTROL (dat, obj); break; case DWG_TYPE_STYLE: dwg_free_STYLE (dat, obj); break; case DWG_TYPE_LTYPE_CONTROL: dwg_free_LTYPE_CONTROL (dat, obj); break; case DWG_TYPE_LTYPE: dwg_free_LTYPE (dat, obj); break; case DWG_TYPE_VIEW_CONTROL: dwg_free_VIEW_CONTROL (dat, obj); break; case DWG_TYPE_VIEW: dwg_free_VIEW (dat, obj); break; case DWG_TYPE_UCS_CONTROL: dwg_free_UCS_CONTROL (dat, obj); break; case DWG_TYPE_UCS: dwg_free_UCS (dat, obj); break; case DWG_TYPE_VPORT_CONTROL: dwg_free_VPORT_CONTROL (dat, obj); break; case DWG_TYPE_VPORT: dwg_free_VPORT (dat, obj); break; case DWG_TYPE_APPID_CONTROL: dwg_free_APPID_CONTROL (dat, obj); break; case DWG_TYPE_APPID: dwg_free_APPID (dat, obj); break; case DWG_TYPE_DIMSTYLE_CONTROL: dwg_free_DIMSTYLE_CONTROL (dat, obj); break; case DWG_TYPE_DIMSTYLE: dwg_free_DIMSTYLE (dat, obj); break; case DWG_TYPE_VPORT_ENTITY_CONTROL: dwg_free_VPORT_ENTITY_CONTROL (dat, obj); break; case DWG_TYPE_VPORT_ENTITY_HEADER: dwg_free_VPORT_ENTITY_HEADER (dat, obj); break; case DWG_TYPE_GROUP: dwg_free_GROUP (dat, obj); break; case DWG_TYPE_MLINESTYLE: dwg_free_MLINESTYLE (dat, obj); break; case DWG_TYPE_OLE2FRAME: dwg_free_OLE2FRAME (dat, obj); break; case DWG_TYPE_DUMMY: dwg_free_DUMMY (dat, obj); break; case DWG_TYPE_LONG_TRANSACTION: dwg_free_LONG_TRANSACTION (dat, obj); break; case DWG_TYPE_LWPOLYLINE: dwg_free_LWPOLYLINE (dat, obj); break; case DWG_TYPE_HATCH: dwg_free_HATCH (dat, obj); break; case DWG_TYPE_XRECORD: dwg_free_XRECORD (dat, obj); break; case DWG_TYPE_PLACEHOLDER: dwg_free_PLACEHOLDER (dat, obj); break; case DWG_TYPE_OLEFRAME: dwg_free_OLEFRAME (dat, obj); break; #ifdef DEBUG_VBA_PROJECT case DWG_TYPE_VBA_PROJECT: dwg_free_VBA_PROJECT (dat, obj); break; #endif case DWG_TYPE_LAYOUT: dwg_free_LAYOUT (dat, obj); break; case DWG_TYPE_PROXY_ENTITY: dwg_free_PROXY_ENTITY (dat, obj); break; case DWG_TYPE_PROXY_OBJECT: dwg_free_PROXY_OBJECT (dat, obj); break; default: if (obj->type == obj->parent->layout_type) { SINCE (R_13) { dwg_free_LAYOUT (dat, obj); } } else if ((error = dwg_free_variable_type (obj->parent, obj)) & DWG_ERR_UNHANDLEDCLASS) { int is_entity; int i; Dwg_Class *klass; unhandled: is_entity = 0; i = obj->type - 500; klass = NULL; dwg = obj->parent; if (dwg->dwg_class && i >= 0 && i < (int)dwg->num_classes) { klass = &dwg->dwg_class[i]; is_entity = klass ? dwg_class_is_entity (klass) : 0; } if (obj->fixedtype == DWG_TYPE_TABLE) { dwg_free_UNKNOWN_ENT (dat, obj); } else if (obj->fixedtype == DWG_TYPE_DATATABLE) { dwg_free_UNKNOWN_OBJ (dat, obj); } else if (klass && !is_entity) { dwg_free_UNKNOWN_OBJ (dat, obj); } else if (klass && is_entity) { dwg_free_UNKNOWN_ENT (dat, obj); } else { FREE_IF (obj->tio.unknown); } } } if (dwg->opts & DWG_OPTS_INDXF) FREE_IF (obj->dxfname); obj->type = DWG_TYPE_FREED; }",visit repo url,src/free.c,https://github.com/LibreDWG/libredwg,236970530717837,1 3570,CWE-190,"jpc_ms_t *jpc_getms(jas_stream_t *in, jpc_cstate_t *cstate) { jpc_ms_t *ms; jpc_mstabent_t *mstabent; jas_stream_t *tmpstream; if (!(ms = jpc_ms_create(0))) { return 0; } if (jpc_getuint16(in, &ms->id) || ms->id < JPC_MS_MIN || ms->id > JPC_MS_MAX) { jpc_ms_destroy(ms); return 0; } mstabent = jpc_mstab_lookup(ms->id); ms->ops = &mstabent->ops; if (JPC_MS_HASPARMS(ms->id)) { if (jpc_getuint16(in, &ms->len) || ms->len < 3) { jpc_ms_destroy(ms); return 0; } ms->len -= 2; if (!(tmpstream = jas_stream_memopen(0, 0))) { jpc_ms_destroy(ms); return 0; } if (jas_stream_copy(tmpstream, in, ms->len) || jas_stream_seek(tmpstream, 0, SEEK_SET) < 0) { jas_stream_close(tmpstream); jpc_ms_destroy(ms); return 0; } if ((*ms->ops->getparms)(ms, cstate, tmpstream)) { ms->ops = 0; jpc_ms_destroy(ms); jas_stream_close(tmpstream); return 0; } if (jas_getdbglevel() > 0) { jpc_ms_dump(ms, stderr); } if (JAS_CAST(ulong, jas_stream_tell(tmpstream)) != ms->len) { jas_eprintf( ""warning: trailing garbage in marker segment (%ld bytes)\n"", ms->len - jas_stream_tell(tmpstream)); } jas_stream_close(tmpstream); } else { ms->len = 0; if (jas_getdbglevel() > 0) { jpc_ms_dump(ms, stderr); } } if (ms->id == JPC_MS_SIZ) { cstate->numcomps = ms->parms.siz.numcomps; } return ms; }",visit repo url,src/libjasper/jpc/jpc_cs.c,https://github.com/mdadams/jasper,279704117302162,1 3847,CWE-125,"get_lisp_indent(void) { pos_T *pos, realpos, paren; int amount; char_u *that; colnr_T col; colnr_T firsttry; int parencount, quotecount; int vi_lisp; vi_lisp = (vim_strchr(p_cpo, CPO_LISP) != NULL); realpos = curwin->w_cursor; curwin->w_cursor.col = 0; if ((pos = findmatch(NULL, '(')) == NULL) pos = findmatch(NULL, '['); else { paren = *pos; pos = findmatch(NULL, '['); if (pos == NULL || LT_POSP(pos, &paren)) pos = &paren; } if (pos != NULL) { amount = -1; parencount = 0; while (--curwin->w_cursor.lnum >= pos->lnum) { if (linewhite(curwin->w_cursor.lnum)) continue; for (that = ml_get_curline(); *that != NUL; ++that) { if (*that == ';') { while (*(that + 1) != NUL) ++that; continue; } if (*that == '\\') { if (*(that + 1) != NUL) ++that; continue; } if (*that == '""' && *(that + 1) != NUL) { while (*++that && *that != '""') { if (*that == '\\') { if (*++that == NUL) break; if (that[1] == NUL) { ++that; break; } } } if (*that == NUL) break; } if (*that == '(' || *that == '[') ++parencount; else if (*that == ')' || *that == ']') --parencount; } if (parencount == 0) { amount = get_indent(); break; } } if (amount == -1) { curwin->w_cursor.lnum = pos->lnum; curwin->w_cursor.col = pos->col; col = pos->col; that = ml_get_curline(); if (vi_lisp && get_indent() == 0) amount = 2; else { char_u *line = that; amount = 0; while (*that && col) { amount += lbr_chartabsize_adv(line, &that, (colnr_T)amount); col--; } if (!vi_lisp && (*that == '(' || *that == '[') && lisp_match(that + 1)) amount += 2; else { that++; amount++; firsttry = amount; while (VIM_ISWHITE(*that)) { amount += lbr_chartabsize(line, that, (colnr_T)amount); ++that; } if (*that && *that != ';') { if (!vi_lisp && *that != '(' && *that != '[') firsttry++; parencount = 0; quotecount = 0; if (vi_lisp || (*that != '""' && *that != '\'' && *that != '#' && (*that < '0' || *that > '9'))) { while (*that && (!VIM_ISWHITE(*that) || quotecount || parencount) && (!((*that == '(' || *that == '[') && !quotecount && !parencount && vi_lisp))) { if (*that == '""') quotecount = !quotecount; if ((*that == '(' || *that == '[') && !quotecount) ++parencount; if ((*that == ')' || *that == ']') && !quotecount) --parencount; if (*that == '\\' && *(that+1) != NUL) amount += lbr_chartabsize_adv( line, &that, (colnr_T)amount); amount += lbr_chartabsize_adv( line, &that, (colnr_T)amount); } } while (VIM_ISWHITE(*that)) { amount += lbr_chartabsize( line, that, (colnr_T)amount); that++; } if (!*that || *that == ';') amount = firsttry; } } } } } else amount = 0; curwin->w_cursor = realpos; return amount; }",visit repo url,src/indent.c,https://github.com/vim/vim,182768379343480,1 49,['CWE-787'],"static inline void cirrus_cursor_compute_yrange(CirrusVGAState *s) { const uint8_t *src; uint32_t content; int y, y_min, y_max; src = s->vram_ptr + s->real_vram_size - 16 * 1024; if (s->sr[0x12] & CIRRUS_CURSOR_LARGE) { src += (s->sr[0x13] & 0x3c) * 256; y_min = 64; y_max = -1; for(y = 0; y < 64; y++) { content = ((uint32_t *)src)[0] | ((uint32_t *)src)[1] | ((uint32_t *)src)[2] | ((uint32_t *)src)[3]; if (content) { if (y < y_min) y_min = y; if (y > y_max) y_max = y; } src += 16; } } else { src += (s->sr[0x13] & 0x3f) * 256; y_min = 32; y_max = -1; for(y = 0; y < 32; y++) { content = ((uint32_t *)src)[0] | ((uint32_t *)(src + 128))[0]; if (content) { if (y < y_min) y_min = y; if (y > y_max) y_max = y; } src += 4; } } if (y_min > y_max) { s->last_hw_cursor_y_start = 0; s->last_hw_cursor_y_end = 0; } else { s->last_hw_cursor_y_start = y_min; s->last_hw_cursor_y_end = y_max + 1; } }",qemu,,,218282585088483254928439665750673403346,0 4459,CWE-682,"static void WritePixels(struct ngiflib_img * i, struct ngiflib_decode_context * context, const u8 * pixels, u16 n) { u16 tocopy; struct ngiflib_gif * p = i->parent; while(n > 0) { tocopy = (context->Xtogo < n) ? context->Xtogo : n; if(!i->gce.transparent_flag) { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif ngiflib_memcpy(context->frbuff_p.p8, pixels, tocopy); pixels += tocopy; context->frbuff_p.p8 += tocopy; #ifndef NGIFLIB_INDEXED_ONLY } else { int j; for(j = (int)tocopy; j > 0; j--) { *(context->frbuff_p.p32++) = GifIndexToTrueColor(i->palette, *pixels++); } } #endif } else { int j; #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif for(j = (int)tocopy; j > 0; j--) { if(*pixels != i->gce.transparent_color) *context->frbuff_p.p8 = *pixels; pixels++; context->frbuff_p.p8++; } #ifndef NGIFLIB_INDEXED_ONLY } else { for(j = (int)tocopy; j > 0; j--) { if(*pixels != i->gce.transparent_color) { *context->frbuff_p.p32 = GifIndexToTrueColor(i->palette, *pixels); } pixels++; context->frbuff_p.p32++; } } #endif } context->Xtogo -= tocopy; if(context->Xtogo == 0) { #ifdef NGIFLIB_ENABLE_CALLBACKS if(p->line_cb) p->line_cb(p, context->line_p, context->curY); #endif context->Xtogo = i->width; switch(context->pass) { case 0: context->curY++; break; case 1: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 4; } break; case 2: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 2; } break; case 3: context->curY += 4; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 1; } break; case 4: context->curY += 2; break; } #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width; context->frbuff_p.p8 = context->line_p.p8 + i->posX; #else context->frbuff_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width + i->posX; #endif #ifndef NGIFLIB_INDEXED_ONLY } else { #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width; context->frbuff_p.p32 = context->line_p.p32 + i->posX; #else context->frbuff_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width + i->posX; #endif } #endif } n -= tocopy; } }",visit repo url,ngiflib.c,https://github.com/miniupnp/ngiflib,251883954057110,1 4874,['CWE-189'],"int ecryptfs_destroy_crypto(void) { struct ecryptfs_key_tfm *key_tfm, *key_tfm_tmp; mutex_lock(&key_tfm_list_mutex); list_for_each_entry_safe(key_tfm, key_tfm_tmp, &key_tfm_list, key_tfm_list) { list_del(&key_tfm->key_tfm_list); if (key_tfm->key_tfm) crypto_free_blkcipher(key_tfm->key_tfm); kmem_cache_free(ecryptfs_key_tfm_cache, key_tfm); } mutex_unlock(&key_tfm_list_mutex); return 0; }",linux-2.6,,,199626280570732542619839392204473047101,0 6195,['CWE-200'],"int tc_classify(struct sk_buff *skb, struct tcf_proto *tp, struct tcf_result *res) { int err = 0; u32 protocol = skb->protocol; #ifdef CONFIG_NET_CLS_ACT struct tcf_proto *otp = tp; reclassify: #endif protocol = skb->protocol; for ( ; tp; tp = tp->next) { if ((tp->protocol == protocol || tp->protocol == __constant_htons(ETH_P_ALL)) && (err = tp->classify(skb, tp, res)) >= 0) { #ifdef CONFIG_NET_CLS_ACT if ( TC_ACT_RECLASSIFY == err) { __u32 verd = (__u32) G_TC_VERD(skb->tc_verd); tp = otp; if (MAX_REC_LOOP < verd++) { printk(""rule prio %d protocol %02x reclassify is buggy packet dropped\n"", tp->prio&0xffff, ntohs(tp->protocol)); return TC_ACT_SHOT; } skb->tc_verd = SET_TC_VERD(skb->tc_verd,verd); goto reclassify; } else { if (skb->tc_verd) skb->tc_verd = SET_TC_VERD(skb->tc_verd,0); return err; } #else return err; #endif } } return -1; }",linux-2.6,,,134673936351623462326438336649887882757,0 449,[],"pfm_save_regs(struct task_struct *task) { pfm_context_t *ctx; u64 psr; ctx = PFM_GET_CTX(task); if (ctx == NULL) return; psr = pfm_get_psr(); BUG_ON(psr & (IA64_PSR_I)); pfm_clear_psr_up(); ctx->ctx_saved_psr_up = psr & IA64_PSR_UP; }",linux-2.6,,,156440766967534904258497006820835045196,0 5195,['CWE-20'],"static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { u64 exit_qualification; gpa_t gpa; int gla_validity; exit_qualification = vmcs_read64(EXIT_QUALIFICATION); if (exit_qualification & (1 << 6)) { printk(KERN_ERR ""EPT: GPA exceeds GAW!\n""); return -ENOTSUPP; } gla_validity = (exit_qualification >> 7) & 0x3; if (gla_validity != 0x3 && gla_validity != 0x1 && gla_validity != 0) { printk(KERN_ERR ""EPT: Handling EPT violation failed!\n""); printk(KERN_ERR ""EPT: GPA: 0x%lx, GVA: 0x%lx\n"", (long unsigned int)vmcs_read64(GUEST_PHYSICAL_ADDRESS), (long unsigned int)vmcs_read64(GUEST_LINEAR_ADDRESS)); printk(KERN_ERR ""EPT: Exit qualification is 0x%lx\n"", (long unsigned int)exit_qualification); kvm_run->exit_reason = KVM_EXIT_UNKNOWN; kvm_run->hw.hardware_exit_reason = 0; return -ENOTSUPP; } gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS); return kvm_mmu_page_fault(vcpu, gpa & PAGE_MASK, 0); }",linux-2.6,,,185880914426972670697222377195040225233,0 1003,['CWE-94'],"static long do_splice(struct file *in, loff_t __user *off_in, struct file *out, loff_t __user *off_out, size_t len, unsigned int flags) { struct pipe_inode_info *pipe; loff_t offset, *off; long ret; pipe = pipe_info(in->f_path.dentry->d_inode); if (pipe) { if (off_in) return -ESPIPE; if (off_out) { if (out->f_op->llseek == no_llseek) return -EINVAL; if (copy_from_user(&offset, off_out, sizeof(loff_t))) return -EFAULT; off = &offset; } else off = &out->f_pos; ret = do_splice_from(pipe, out, off, len, flags); if (off_out && copy_to_user(off_out, off, sizeof(loff_t))) ret = -EFAULT; return ret; } pipe = pipe_info(out->f_path.dentry->d_inode); if (pipe) { if (off_out) return -ESPIPE; if (off_in) { if (in->f_op->llseek == no_llseek) return -EINVAL; if (copy_from_user(&offset, off_in, sizeof(loff_t))) return -EFAULT; off = &offset; } else off = &in->f_pos; ret = do_splice_to(in, off, pipe, len, flags); if (off_in && copy_to_user(off_in, off, sizeof(loff_t))) ret = -EFAULT; return ret; } return -EINVAL; }",linux-2.6,,,116505242455229038401435930689312083982,0 5085,CWE-125,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 163,CWE-190,"static int prealloc_elems_and_freelist(struct bpf_stack_map *smap) { u32 elem_size = sizeof(struct stack_map_bucket) + smap->map.value_size; int err; smap->elems = bpf_map_area_alloc(elem_size * smap->map.max_entries, smap->map.numa_node); if (!smap->elems) return -ENOMEM; err = pcpu_freelist_init(&smap->freelist); if (err) goto free_elems; pcpu_freelist_populate(&smap->freelist, smap->elems, elem_size, smap->map.max_entries); return 0; free_elems: bpf_map_area_free(smap->elems); return err; }",visit repo url,kernel/bpf/stackmap.c,https://github.com/torvalds/linux,138066698525105,1 4204,CWE-190,"alloc_limit_failure (char *fn_name, size_t size) { fprintf (stderr, ""%s: Maximum allocation size exceeded "" ""(maxsize = %lu; size = %lu).\n"", fn_name, (unsigned long)alloc_limit, (unsigned long)size); }",visit repo url,src/alloc.c,https://github.com/verdammelt/tnef,248602824646367,1 782,CWE-20,"static int pfkey_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct pfkey_sock *pfk = pfkey_sk(sk); struct sk_buff *skb; int copied, err; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) goto out; msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); err = (flags & MSG_TRUNC) ? skb->len : copied; if (pfk->dump.dump != NULL && 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) pfkey_do_dump(pfk); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/key/af_key.c,https://github.com/torvalds/linux,186000895945295,1 2821,CWE-125,"static UINT parallel_process_irp_create(PARALLEL_DEVICE* parallel, IRP* irp) { char* path = NULL; int status; UINT32 PathLength; Stream_Seek(irp->input, 28); Stream_Read_UINT32(irp->input, PathLength); status = ConvertFromUnicode(CP_UTF8, 0, (WCHAR*)Stream_Pointer(irp->input), PathLength / 2, &path, 0, NULL, NULL); if (status < 1) if (!(path = (char*)calloc(1, 1))) { WLog_ERR(TAG, ""calloc failed!""); return CHANNEL_RC_NO_MEMORY; } parallel->id = irp->devman->id_sequence++; parallel->file = open(parallel->path, O_RDWR); if (parallel->file < 0) { irp->IoStatus = STATUS_ACCESS_DENIED; parallel->id = 0; } else { if (fcntl(parallel->file, F_SETFL, O_NONBLOCK) == -1) { } } Stream_Write_UINT32(irp->output, parallel->id); Stream_Write_UINT8(irp->output, 0); free(path); return irp->Complete(irp); }",visit repo url,channels/parallel/client/parallel_main.c,https://github.com/FreeRDP/FreeRDP,238288563122613,1 3317,[],"static inline int nlmsg_unicast(struct sock *sk, struct sk_buff *skb, u32 pid) { int err; err = netlink_unicast(sk, skb, pid, MSG_DONTWAIT); if (err > 0) err = 0; return err; }",linux-2.6,,,233456013411004865698908362251935216429,0 3600,CWE-125,"int jpc_dec_decodepkts(jpc_dec_t *dec, jas_stream_t *pkthdrstream, jas_stream_t *in) { jpc_dec_tile_t *tile; jpc_pi_t *pi; int ret; tile = dec->curtile; pi = tile->pi; for (;;) { if (!tile->pkthdrstream || jas_stream_peekc(tile->pkthdrstream) == EOF) { switch (jpc_dec_lookahead(in)) { case JPC_MS_EOC: case JPC_MS_SOT: return 0; break; case JPC_MS_SOP: case JPC_MS_EPH: case 0: break; default: return -1; break; } } if ((ret = jpc_pi_next(pi))) { return ret; } if (dec->maxpkts >= 0 && dec->numpkts >= dec->maxpkts) { jas_eprintf(""warning: stopping decode prematurely as requested\n""); return 0; } if (jas_getdbglevel() >= 1) { jas_eprintf(""packet offset=%08ld prg=%d cmptno=%02d "" ""rlvlno=%02d prcno=%03d lyrno=%02d\n"", (long) jas_stream_getrwcount(in), jpc_pi_prg(pi), jpc_pi_cmptno(pi), jpc_pi_rlvlno(pi), jpc_pi_prcno(pi), jpc_pi_lyrno(pi)); } if (jpc_dec_decodepkt(dec, pkthdrstream, in, jpc_pi_cmptno(pi), jpc_pi_rlvlno(pi), jpc_pi_prcno(pi), jpc_pi_lyrno(pi))) { return -1; } ++dec->numpkts; } return 0; }",visit repo url,src/libjasper/jpc/jpc_t2dec.c,https://github.com/mdadams/jasper,246537559853346,1 3962,['CWE-362'],"static struct audit_rule *audit_krule_to_rule(struct audit_krule *krule) { struct audit_rule *rule; int i; rule = kzalloc(sizeof(*rule), GFP_KERNEL); if (unlikely(!rule)) return NULL; rule->flags = krule->flags | krule->listnr; rule->action = krule->action; rule->field_count = krule->field_count; for (i = 0; i < rule->field_count; i++) { rule->values[i] = krule->fields[i].val; rule->fields[i] = krule->fields[i].type; if (krule->vers_ops == 1) { if (krule->fields[i].op & AUDIT_NOT_EQUAL) rule->fields[i] |= AUDIT_NEGATE; } else { rule->fields[i] |= krule->fields[i].op; } } for (i = 0; i < AUDIT_BITMASK_SIZE; i++) rule->mask[i] = krule->mask[i]; return rule; }",linux-2.6,,,18561796769265336333511509090492334457,0 1207,['CWE-189'],"ktime_t ktime_get_real(void) { struct timespec now; getnstimeofday(&now); return timespec_to_ktime(now); }",linux-2.6,,,57602517761100047850395053529464016501,0 5708,CWE-125,"void luaT_getvarargs (lua_State *L, CallInfo *ci, StkId where, int wanted) { int i; int nextra = ci->u.l.nextraargs; if (wanted < 0) { wanted = nextra; checkstackp(L, nextra, where); L->top = where + nextra; } for (i = 0; i < wanted && i < nextra; i++) setobjs2s(L, where + i, ci->func - nextra + i); for (; i < wanted; i++) setnilvalue(s2v(where + i)); }",visit repo url,ltm.c,https://github.com/lua/lua,204885896458001,1 4580,CWE-476,"static void nhmldump_send_header(GF_NHMLDumpCtx *ctx) { GF_FilterPacket *dst_pck; char nhml[1024]; u32 size; u8 *output; const GF_PropertyValue *p; ctx->szRootName = ""NHNTStream""; if (ctx->dims) { ctx->szRootName = ""DIMSStream""; } if (!ctx->filep) { sprintf(nhml, ""\n""); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); } sprintf(nhml, ""<%s version=\""1.0\"" "", ctx->szRootName); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); NHML_PRINT_UINT(GF_PROP_PID_ID, NULL, ""trackID"") NHML_PRINT_UINT(GF_PROP_PID_TIMESCALE, NULL, ""timeScale"") p = gf_filter_pid_get_property(ctx->ipid, GF_PROP_PID_IN_IOD); if (p && p->value.boolean) { sprintf(nhml, ""inRootOD=\""yes\"" ""); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); } if (ctx->oti && (ctx->otistreamtype, ctx->oti); gf_bs_write_data(ctx->bs_w, nhml, (u32)strlen(nhml)); } else { p = gf_filter_pid_get_property(ctx->ipid, GF_PROP_PID_SUBTYPE); if (p) { sprintf(nhml, ""%s=\""%s\"" "", ""mediaType"", gf_4cc_to_str(p->value.uint)); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); NHML_PRINT_4CC(GF_PROP_PID_ISOM_SUBTYPE, ""mediaSubType"", ""mediaSubType"") } else { NHML_PRINT_4CC(GF_PROP_PID_CODECID, NULL, ""codecID"") } } if (ctx->w && ctx->h) { switch (ctx->streamtype) { case GF_STREAM_VISUAL: case GF_STREAM_SCENE: sprintf(nhml, ""width=\""%d\"" height=\""%d\"" "", ctx->w, ctx->h); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); break; default: break; } } else if (ctx->sr && ctx->chan) { sprintf(nhml, ""sampleRate=\""%d\"" numChannels=\""%d\"" "", ctx->sr, ctx->chan); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); sprintf(nhml, ""sampleRate=\""%d\"" numChannels=\""%d\"" "", ctx->sr, ctx->chan); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); p = gf_filter_pid_get_property(ctx->ipid, GF_PROP_PID_AUDIO_FORMAT); sprintf(nhml, ""bitsPerSample=\""%d\"" "", gf_audio_fmt_bit_depth(p->value.uint)); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); } NHML_PRINT_4CC(0, ""codec_vendor"", ""codecVendor"") NHML_PRINT_UINT(0, ""codec_version"", ""codecVersion"") NHML_PRINT_UINT(0, ""codec_revision"", ""codecRevision"") NHML_PRINT_STRING(0, ""compressor_name"", ""compressorName"") NHML_PRINT_UINT(0, ""temporal_quality"", ""temporalQuality"") NHML_PRINT_UINT(0, ""spatial_quality"", ""spatialQuality"") NHML_PRINT_UINT(0, ""hres"", ""horizontalResolution"") NHML_PRINT_UINT(0, ""vres"", ""verticalResolution"") NHML_PRINT_UINT(GF_PROP_PID_BIT_DEPTH_Y, NULL, ""bitDepth"") NHML_PRINT_STRING(0, ""meta:xmlns"", ""xml_namespace"") NHML_PRINT_STRING(0, ""meta:schemaloc"", ""xml_schema_location"") NHML_PRINT_STRING(0, ""meta:mime"", ""mime_type"") NHML_PRINT_STRING(0, ""meta:config"", ""config"") NHML_PRINT_STRING(0, ""meta:aux_mimes"", ""aux_mime_type"") if (ctx->codecid == GF_CODECID_DIMS) { if (gf_filter_pid_get_property_str(ctx->ipid, ""meta:xmlns"")==NULL) { sprintf(nhml, ""xmlns=\""http://www.3gpp.org/richmedia\"" ""); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); } NHML_PRINT_UINT(0, ""dims:profile"", ""profile"") NHML_PRINT_UINT(0, ""dims:level"", ""level"") NHML_PRINT_UINT(0, ""dims:pathComponents"", ""pathComponents"") p = gf_filter_pid_get_property_str(ctx->ipid, ""dims:fullRequestHost""); if (p) { sprintf(nhml, ""useFullRequestHost=\""%s\"" "", p->value.boolean ? ""yes"" : ""no""); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); } p = gf_filter_pid_get_property_str(ctx->ipid, ""dims:streamType""); if (p) { sprintf(nhml, ""stream_type=\""%s\"" "", p->value.boolean ? ""primary"" : ""secondary""); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); } p = gf_filter_pid_get_property_str(ctx->ipid, ""dims:redundant""); if (p) { sprintf(nhml, ""contains_redundant=\""%s\"" "", (p->value.uint==1) ? ""main"" : ((p->value.uint==1) ? ""redundant"" : ""main+redundant"") ); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); } NHML_PRINT_UINT(0, ""dims:scriptTypes"", ""scriptTypes"") } if (ctx->opid_info) { sprintf(nhml, ""specificInfoFile=\""%s\"" "", gf_file_basename(ctx->info_file) ); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); dst_pck = gf_filter_pck_new_shared(ctx->opid_info, ctx->dcfg, ctx->dcfg_size, NULL); gf_filter_pck_set_framing(dst_pck, GF_TRUE, GF_TRUE); gf_filter_pck_set_readonly(dst_pck); gf_filter_pck_send(dst_pck); } NHML_PRINT_STRING(0, ""meta:encoding"", ""encoding"") NHML_PRINT_STRING(0, ""meta:contentEncoding"", ""content_encoding"") ctx->uncompress = GF_FALSE; if (p) { if (!strcmp(p->value.string, ""deflate"")) ctx->uncompress = GF_TRUE; else { GF_LOG(GF_LOG_ERROR, GF_LOG_AUTHOR, (""[NHMLMx] content_encoding %s not supported\n"", p->value.string )); } } if (ctx->opid_mdia) { sprintf(nhml, ""baseMediaFile=\""%s\"" "", gf_file_basename(ctx->media_file) ); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); } sprintf(nhml, "">\n""); gf_bs_write_data(ctx->bs_w, nhml, (u32) strlen(nhml)); gf_bs_get_content_no_truncate(ctx->bs_w, &ctx->nhml_buffer, &size, &ctx->nhml_buffer_size); if (ctx->filep) { gf_fwrite(ctx->nhml_buffer, size, ctx->filep); return; } dst_pck = gf_filter_pck_new_alloc(ctx->opid_nhml, size, &output); memcpy(output, ctx->nhml_buffer, size); gf_filter_pck_set_framing(dst_pck, GF_TRUE, GF_FALSE); gf_filter_pck_send(dst_pck); }",visit repo url,src/filters/write_nhml.c,https://github.com/gpac/gpac,119200480655227,1 2092,[],"int __udp_lib_get_port(struct sock *sk, unsigned short snum, struct hlist_head udptable[], int (*saddr_comp)(const struct sock *sk1, const struct sock *sk2 ) ) { struct hlist_node *node; struct hlist_head *head; struct sock *sk2; int error = 1; write_lock_bh(&udp_hash_lock); if (!snum) { int i; int low = sysctl_local_port_range[0]; int high = sysctl_local_port_range[1]; unsigned rover, best, best_size_so_far; best_size_so_far = UINT_MAX; best = rover = net_random() % (high - low) + low; for (i = 0; i < UDP_HTABLE_SIZE; i++) { int size = 0; head = &udptable[rover & (UDP_HTABLE_SIZE - 1)]; if (hlist_empty(head)) goto gotit; sk_for_each(sk2, node, head) { if (++size >= best_size_so_far) goto next; } best_size_so_far = size; best = rover; next: if (++rover > high) rover = low + ((rover - low) & (UDP_HTABLE_SIZE - 1)); } rover = best; for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) { if (! __udp_lib_lport_inuse(rover, udptable)) goto gotit; rover += UDP_HTABLE_SIZE; if (rover > high) rover = low + ((rover - low) & (UDP_HTABLE_SIZE - 1)); } goto fail; gotit: snum = rover; } else { head = &udptable[snum & (UDP_HTABLE_SIZE - 1)]; sk_for_each(sk2, node, head) if (sk2->sk_hash == snum && sk2 != sk && (!sk2->sk_reuse || !sk->sk_reuse) && (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && (*saddr_comp)(sk, sk2) ) goto fail; } inet_sk(sk)->num = snum; sk->sk_hash = snum; if (sk_unhashed(sk)) { head = &udptable[snum & (UDP_HTABLE_SIZE - 1)]; sk_add_node(sk, head); sock_prot_inc_use(sk->sk_prot); } error = 0; fail: write_unlock_bh(&udp_hash_lock); return error; }",linux-2.6,,,207483341346624079611897850157397122560,0 5158,['CWE-20'],"static int __find_msr_index(struct vcpu_vmx *vmx, u32 msr) { int i; for (i = 0; i < vmx->nmsrs; ++i) if (vmx->guest_msrs[i].index == msr) return i; return -1; }",linux-2.6,,,305400744062423829705188944270585672509,0 1359,CWE-362,"ext4_ext_handle_uninitialized_extents(handle_t *handle, struct inode *inode, struct ext4_map_blocks *map, struct ext4_ext_path *path, int flags, unsigned int allocated, ext4_fsblk_t newblock) { int ret = 0; int err = 0; ext4_io_end_t *io = ext4_inode_aio(inode); ext_debug(""ext4_ext_handle_uninitialized_extents: inode %lu, logical "" ""block %llu, max_blocks %u, flags %x, allocated %u\n"", inode->i_ino, (unsigned long long)map->m_lblk, map->m_len, flags, allocated); ext4_ext_show_leaf(inode, path); trace_ext4_ext_handle_uninitialized_extents(inode, map, allocated, newblock); if ((flags & EXT4_GET_BLOCKS_PRE_IO)) { ret = ext4_split_unwritten_extents(handle, inode, map, path, flags); if (ret <= 0) goto out; if (io) ext4_set_io_unwritten_flag(inode, io); else ext4_set_inode_state(inode, EXT4_STATE_DIO_UNWRITTEN); if (ext4_should_dioread_nolock(inode)) map->m_flags |= EXT4_MAP_UNINIT; goto out; } if ((flags & EXT4_GET_BLOCKS_CONVERT)) { ret = ext4_convert_unwritten_extents_endio(handle, inode, path); if (ret >= 0) { ext4_update_inode_fsync_trans(handle, inode, 1); err = check_eofblocks_fl(handle, inode, map->m_lblk, path, map->m_len); } else err = ret; goto out2; } if (flags & EXT4_GET_BLOCKS_UNINIT_EXT) goto map_out; if ((flags & EXT4_GET_BLOCKS_CREATE) == 0) { map->m_flags |= EXT4_MAP_UNWRITTEN; goto out1; } ret = ext4_ext_convert_to_initialized(handle, inode, map, path); if (ret >= 0) ext4_update_inode_fsync_trans(handle, inode, 1); out: if (ret <= 0) { err = ret; goto out2; } else allocated = ret; map->m_flags |= EXT4_MAP_NEW; if (allocated > map->m_len) { unmap_underlying_metadata_blocks(inode->i_sb->s_bdev, newblock + map->m_len, allocated - map->m_len); allocated = map->m_len; } if (flags & EXT4_GET_BLOCKS_DELALLOC_RESERVE) { unsigned int reserved_clusters; reserved_clusters = get_reserved_cluster_alloc(inode, map->m_lblk, map->m_len); if (reserved_clusters) ext4_da_update_reserve_space(inode, reserved_clusters, 0); } map_out: map->m_flags |= EXT4_MAP_MAPPED; if ((flags & EXT4_GET_BLOCKS_KEEP_SIZE) == 0) { err = check_eofblocks_fl(handle, inode, map->m_lblk, path, map->m_len); if (err < 0) goto out2; } out1: if (allocated > map->m_len) allocated = map->m_len; ext4_ext_show_leaf(inode, path); map->m_pblk = newblock; map->m_len = allocated; out2: if (path) { ext4_ext_drop_refs(path); kfree(path); } return err ? err : allocated; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,252918872143852,1 3062,CWE-787,"static int xbuf_format_converter(char **outbuf, const char *fmt, va_list ap) { register char *s = nullptr; char *q; int s_len; register int min_width = 0; int precision = 0; enum { LEFT, RIGHT } adjust; char pad_char; char prefix_char; double fp_num; wide_int i_num = (wide_int) 0; u_wide_int ui_num; char num_buf[NUM_BUF_SIZE]; char char_buf[2]; #ifdef HAVE_LOCALE_H struct lconv *lconv = nullptr; #endif length_modifier_e modifier; boolean_e alternate_form; boolean_e print_sign; boolean_e print_blank; boolean_e adjust_precision; boolean_e adjust_width; int is_negative; int size = 240; char *result = (char *)malloc(size); int outpos = 0; while (*fmt) { if (*fmt != '%') { appendchar(&result, &outpos, &size, *fmt); } else { adjust = RIGHT; alternate_form = print_sign = print_blank = NO; pad_char = ' '; prefix_char = NUL; fmt++; if (isascii((int)*fmt) && !islower((int)*fmt)) { for (;; fmt++) { if (*fmt == '-') adjust = LEFT; else if (*fmt == '+') print_sign = YES; else if (*fmt == '#') alternate_form = YES; else if (*fmt == ' ') print_blank = YES; else if (*fmt == '0') pad_char = '0'; else break; } if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, min_width); adjust_width = YES; } else if (*fmt == '*') { min_width = va_arg(ap, int); fmt++; adjust_width = YES; if (min_width < 0) { adjust = LEFT; min_width = -min_width; } } else adjust_width = NO; if (*fmt == '.') { adjust_precision = YES; fmt++; if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, precision); } else if (*fmt == '*') { precision = va_arg(ap, int); fmt++; if (precision < 0) precision = 0; } else precision = 0; } else adjust_precision = NO; } else adjust_precision = adjust_width = NO; switch (*fmt) { case 'L': fmt++; modifier = LM_LONG_DOUBLE; break; case 'I': fmt++; #if SIZEOF_LONG_LONG if (*fmt == '6' && *(fmt+1) == '4') { fmt += 2; modifier = LM_LONG_LONG; } else #endif if (*fmt == '3' && *(fmt+1) == '2') { fmt += 2; modifier = LM_LONG; } else { #ifdef _WIN64 modifier = LM_LONG_LONG; #else modifier = LM_LONG; #endif } break; case 'l': fmt++; #if SIZEOF_LONG_LONG if (*fmt == 'l') { fmt++; modifier = LM_LONG_LONG; } else #endif modifier = LM_LONG; break; case 'z': fmt++; modifier = LM_SIZE_T; break; case 'j': fmt++; #if SIZEOF_INTMAX_T modifier = LM_INTMAX_T; #else modifier = LM_SIZE_T; #endif break; case 't': fmt++; #if SIZEOF_PTRDIFF_T modifier = LM_PTRDIFF_T; #else modifier = LM_SIZE_T; #endif break; case 'h': fmt++; if (*fmt == 'h') { fmt++; } default: modifier = LM_STD; break; } switch (*fmt) { case 'u': switch(modifier) { default: i_num = (wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: i_num = (wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } case 'd': case 'i': if ((*fmt) != 'u') { switch(modifier) { default: i_num = (wide_int) va_arg(ap, int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, long int); break; case LM_SIZE_T: #if SIZEOF_SSIZE_T i_num = (wide_int) va_arg(ap, ssize_t); #else i_num = (wide_int) va_arg(ap, size_t); #endif break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, intmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } } s = ap_php_conv_10(i_num, (*fmt) == 'u', &is_negative, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (*fmt != 'u') { if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'o': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 3, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && *s != '0') { *--s = '0'; s_len++; } break; case 'x': case 'X': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 4, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && i_num != 0) { *--s = *fmt; *--s = '0'; s_len += 2; } break; case 's': case 'v': s = va_arg(ap, char *); if (s != nullptr) { s_len = strlen(s); if (adjust_precision && precision < s_len) s_len = precision; } else { s = const_cast(s_null); s_len = S_NULL_LEN; } pad_char = ' '; break; case 'f': case 'F': case 'e': case 'E': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""nan""); s_len = 3; } else if (std::isinf(fp_num)) { s = const_cast(""inf""); s_len = 3; } else { #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_conv_fp((*fmt == 'f')?'F':*fmt, fp_num, alternate_form, (adjust_precision == NO) ? FLOAT_DIGITS : precision, (*fmt == 'f')?LCONV_DECIMAL_POINT:'.', &is_negative, &num_buf[1], &s_len); if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'g': case 'k': case 'G': case 'H': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""NAN""); s_len = 3; break; } else if (std::isinf(fp_num)) { if (fp_num > 0) { s = const_cast(""INF""); s_len = 3; } else { s = const_cast(""-INF""); s_len = 4; } break; } if (adjust_precision == NO) precision = FLOAT_DIGITS; else if (precision == 0) precision = 1; #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_gcvt(fp_num, precision, (*fmt=='H' || *fmt == 'k') ? '.' : LCONV_DECIMAL_POINT, (*fmt == 'G' || *fmt == 'H')?'E':'e', &num_buf[1]); if (*s == '-') prefix_char = *s++; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; s_len = strlen(s); if (alternate_form && (q = strchr(s, '.')) == nullptr) s[s_len++] = '.'; break; case 'c': char_buf[0] = (char) (va_arg(ap, int)); s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case '%': char_buf[0] = '%'; s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case 'n': *(va_arg(ap, int *)) = outpos; goto skip_output; case 'p': if (sizeof(char *) <= sizeof(u_wide_int)) { ui_num = (u_wide_int)((size_t) va_arg(ap, char *)); s = ap_php_conv_p2(ui_num, 4, 'x', &num_buf[NUM_BUF_SIZE], &s_len); if (ui_num != 0) { *--s = 'x'; *--s = '0'; s_len += 2; } } else { s = const_cast(""%p""); s_len = 2; } pad_char = ' '; break; case NUL: continue; fmt_error: throw Exception(""Illegal length modifier specified '%c'"", *fmt); default: char_buf[0] = '%'; char_buf[1] = *fmt; s = char_buf; s_len = 2; pad_char = ' '; break; } if (prefix_char != NUL) { *--s = prefix_char; s_len++; } if (adjust_width && adjust == RIGHT && min_width > s_len) { if (pad_char == '0' && prefix_char != NUL) { appendchar(&result, &outpos, &size, *s); s++; s_len--; min_width--; } for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } appendsimplestring(&result, &outpos, &size, s, s_len); if (adjust_width && adjust == LEFT && min_width > s_len) { for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } } skip_output: fmt++; } result[outpos] = NUL; *outbuf = result; return outpos; }",visit repo url,hphp/zend/zend-printf.cpp,https://github.com/facebook/hhvm,58531151562577,1 1765,[],"migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) { struct task_struct *p; int cpu = (long)hcpu; unsigned long flags; struct rq *rq; switch (action) { case CPU_UP_PREPARE: case CPU_UP_PREPARE_FROZEN: p = kthread_create(migration_thread, hcpu, ""migration/%d"", cpu); if (IS_ERR(p)) return NOTIFY_BAD; kthread_bind(p, cpu); rq = task_rq_lock(p, &flags); __setscheduler(rq, p, SCHED_FIFO, MAX_RT_PRIO-1); task_rq_unlock(rq, &flags); cpu_rq(cpu)->migration_thread = p; break; case CPU_ONLINE: case CPU_ONLINE_FROZEN: wake_up_process(cpu_rq(cpu)->migration_thread); rq = cpu_rq(cpu); spin_lock_irqsave(&rq->lock, flags); if (rq->rd) { BUG_ON(!cpu_isset(cpu, rq->rd->span)); cpu_set(cpu, rq->rd->online); } spin_unlock_irqrestore(&rq->lock, flags); break; #ifdef CONFIG_HOTPLUG_CPU case CPU_UP_CANCELED: case CPU_UP_CANCELED_FROZEN: if (!cpu_rq(cpu)->migration_thread) break; kthread_bind(cpu_rq(cpu)->migration_thread, any_online_cpu(cpu_online_map)); kthread_stop(cpu_rq(cpu)->migration_thread); cpu_rq(cpu)->migration_thread = NULL; break; case CPU_DEAD: case CPU_DEAD_FROZEN: cpuset_lock(); migrate_live_tasks(cpu); rq = cpu_rq(cpu); kthread_stop(rq->migration_thread); rq->migration_thread = NULL; spin_lock_irq(&rq->lock); update_rq_clock(rq); deactivate_task(rq, rq->idle, 0); rq->idle->static_prio = MAX_PRIO; __setscheduler(rq, rq->idle, SCHED_NORMAL, 0); rq->idle->sched_class = &idle_sched_class; migrate_dead_tasks(cpu); spin_unlock_irq(&rq->lock); cpuset_unlock(); migrate_nr_uninterruptible(rq); BUG_ON(rq->nr_running != 0); spin_lock_irq(&rq->lock); while (!list_empty(&rq->migration_queue)) { struct migration_req *req; req = list_entry(rq->migration_queue.next, struct migration_req, list); list_del_init(&req->list); complete(&req->done); } spin_unlock_irq(&rq->lock); break; case CPU_DYING: case CPU_DYING_FROZEN: rq = cpu_rq(cpu); spin_lock_irqsave(&rq->lock, flags); if (rq->rd) { BUG_ON(!cpu_isset(cpu, rq->rd->span)); cpu_clear(cpu, rq->rd->online); } spin_unlock_irqrestore(&rq->lock, flags); break; #endif } return NOTIFY_OK; }",linux-2.6,,,319422499476836328720680886220552555473,0 6450,CWE-20,"error_t ipv6ComputeSolicitedNodeAddr(const Ipv6Addr *ipAddr, Ipv6Addr *solicitedNodeAddr) { error_t error; if(!ipv6IsMulticastAddr(ipAddr)) { ipv6CopyAddr(solicitedNodeAddr, &IPV6_SOLICITED_NODE_ADDR_PREFIX); solicitedNodeAddr->b[13] = ipAddr->b[13]; solicitedNodeAddr->b[14] = ipAddr->b[14]; solicitedNodeAddr->b[15] = ipAddr->b[15]; error = NO_ERROR; } else { error = ERROR_INVALID_ADDRESS; } return error; }",visit repo url,ipv6/ipv6_misc.c,https://github.com/Oryx-Embedded/CycloneTCP,31130035064109,1 6594,CWE-787,"static char *dex_resolve_library(const char *library) { if (!library || library[0] != 'L') { return NULL; } char *demangled = strdup(library + 1); rz_str_replace_ch(demangled, '/', '.', 1); demangled[strlen(demangled) - 1] = 0; return demangled; }",visit repo url,librz/bin/format/dex/dex.c,https://github.com/rizinorg/rizin,166513619677220,1 2724,[],"static void sctp_hash(struct sock *sk) { }",linux-2.6,,,135202380176795701848456098920524608189,0 1912,CWE-416,"static int nfc_genl_llc_get_params(struct sk_buff *skb, struct genl_info *info) { struct nfc_dev *dev; struct nfc_llcp_local *local; int rc = 0; struct sk_buff *msg = NULL; u32 idx; if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || !info->attrs[NFC_ATTR_FIRMWARE_NAME]) return -EINVAL; idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); dev = nfc_get_device(idx); if (!dev) return -ENODEV; device_lock(&dev->dev); local = nfc_llcp_find_local(dev); if (!local) { rc = -ENODEV; goto exit; } msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); if (!msg) { rc = -ENOMEM; goto exit; } rc = nfc_genl_send_params(msg, local, info->snd_portid, info->snd_seq); exit: device_unlock(&dev->dev); nfc_put_device(dev); if (rc < 0) { if (msg) nlmsg_free(msg); return rc; } return genlmsg_reply(msg, info); }",visit repo url,net/nfc/netlink.c,https://github.com/torvalds/linux,162677240383046,1 3509,CWE-20,"static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, struct mschmd_header *chm, int entire) { unsigned int section, name_len, x, errors, num_chunks; unsigned char buf[0x54], *chunk = NULL, *name, *p, *end; struct mschmd_file *fi, *link = NULL; off_t offset, length; int num_entries; chm->files = NULL; chm->sysfiles = NULL; chm->chunk_cache = NULL; chm->sec0.base.chm = chm; chm->sec0.base.id = 0; chm->sec1.base.chm = chm; chm->sec1.base.id = 1; chm->sec1.content = NULL; chm->sec1.control = NULL; chm->sec1.spaninfo = NULL; chm->sec1.rtable = NULL; if (sys->read(fh, &buf[0], chmhead_SIZEOF) != chmhead_SIZEOF) { return MSPACK_ERR_READ; } if (EndGetI32(&buf[chmhead_Signature]) != 0x46535449) { return MSPACK_ERR_SIGNATURE; } if (mspack_memcmp(&buf[chmhead_GUID1], &guids[0], 32L) != 0) { D((""incorrect GUIDs"")) return MSPACK_ERR_SIGNATURE; } chm->version = EndGetI32(&buf[chmhead_Version]); chm->timestamp = EndGetM32(&buf[chmhead_Timestamp]); chm->language = EndGetI32(&buf[chmhead_LanguageID]); if (chm->version > 3) { sys->message(fh, ""WARNING; CHM version > 3""); } if (sys->read(fh, &buf[0], chmhst3_SIZEOF) != chmhst3_SIZEOF) { return MSPACK_ERR_READ; } if (read_off64(&offset, &buf[chmhst_OffsetHS0], sys, fh) || read_off64(&chm->dir_offset, &buf[chmhst_OffsetHS1], sys, fh) || read_off64(&chm->sec0.offset, &buf[chmhst3_OffsetCS0], sys, fh)) { return MSPACK_ERR_DATAFORMAT; } if (sys->seek(fh, offset, MSPACK_SYS_SEEK_START)) { return MSPACK_ERR_SEEK; } if (sys->read(fh, &buf[0], chmhs0_SIZEOF) != chmhs0_SIZEOF) { return MSPACK_ERR_READ; } if (read_off64(&chm->length, &buf[chmhs0_FileLen], sys, fh)) { return MSPACK_ERR_DATAFORMAT; } if (sys->seek(fh, chm->dir_offset, MSPACK_SYS_SEEK_START)) { return MSPACK_ERR_SEEK; } if (sys->read(fh, &buf[0], chmhs1_SIZEOF) != chmhs1_SIZEOF) { return MSPACK_ERR_READ; } chm->dir_offset = sys->tell(fh); chm->chunk_size = EndGetI32(&buf[chmhs1_ChunkSize]); chm->density = EndGetI32(&buf[chmhs1_Density]); chm->depth = EndGetI32(&buf[chmhs1_Depth]); chm->index_root = EndGetI32(&buf[chmhs1_IndexRoot]); chm->num_chunks = EndGetI32(&buf[chmhs1_NumChunks]); chm->first_pmgl = EndGetI32(&buf[chmhs1_FirstPMGL]); chm->last_pmgl = EndGetI32(&buf[chmhs1_LastPMGL]); if (chm->version < 3) { chm->sec0.offset = chm->dir_offset + (chm->chunk_size * chm->num_chunks); } if (chm->sec0.offset > chm->length) { D((""content section begins after file has ended"")) return MSPACK_ERR_DATAFORMAT; } if (chm->chunk_size < (pmgl_Entries + 2)) { D((""chunk size not large enough"")) return MSPACK_ERR_DATAFORMAT; } if (chm->num_chunks == 0) { D((""no chunks"")) return MSPACK_ERR_DATAFORMAT; } if (chm->num_chunks > 100000) { D((""more than 100,000 chunks"")) return MSPACK_ERR_DATAFORMAT; } if ((off_t)chm->chunk_size * (off_t)chm->num_chunks > chm->length) { D((""chunks larger than entire file"")) return MSPACK_ERR_DATAFORMAT; } if ((chm->chunk_size & (chm->chunk_size - 1)) != 0) { sys->message(fh, ""WARNING; chunk size is not a power of two""); } if (chm->first_pmgl != 0) { sys->message(fh, ""WARNING; first PMGL chunk is not zero""); } if (chm->first_pmgl > chm->last_pmgl) { D((""first pmgl chunk is after last pmgl chunk"")) return MSPACK_ERR_DATAFORMAT; } if (chm->index_root != 0xFFFFFFFF && chm->index_root > chm->num_chunks) { D((""index_root outside valid range"")) return MSPACK_ERR_DATAFORMAT; } if (!entire) { return MSPACK_ERR_OK; } if ((x = chm->first_pmgl) != 0) { if (sys->seek(fh,(off_t) (x * chm->chunk_size), MSPACK_SYS_SEEK_CUR)) { return MSPACK_ERR_SEEK; } } num_chunks = chm->last_pmgl - x + 1; if (!(chunk = (unsigned char *) sys->alloc(sys, (size_t)chm->chunk_size))) { return MSPACK_ERR_NOMEMORY; } errors = 0; while (num_chunks--) { if (sys->read(fh, chunk, (int)chm->chunk_size) != (int)chm->chunk_size) { sys->free(chunk); return MSPACK_ERR_READ; } if (EndGetI32(&chunk[pmgl_Signature]) != 0x4C474D50) continue; if (EndGetI32(&chunk[pmgl_QuickRefSize]) < 2) { sys->message(fh, ""WARNING; PMGL quickref area is too small""); } if (EndGetI32(&chunk[pmgl_QuickRefSize]) > ((int)chm->chunk_size - pmgl_Entries)) { sys->message(fh, ""WARNING; PMGL quickref area is too large""); } p = &chunk[pmgl_Entries]; end = &chunk[chm->chunk_size - 2]; num_entries = EndGetI16(end); while (num_entries--) { READ_ENCINT(name_len); if (name_len > (unsigned int) (end - p)) goto chunk_end; name = p; p += name_len; READ_ENCINT(section); READ_ENCINT(offset); READ_ENCINT(length); if ((offset == 0) && (length == 0)) { if ((name_len > 0) && (name[name_len-1] == '/')) continue; } if (section > 1) { sys->message(fh, ""invalid section number '%u'."", section); continue; } if (!(fi = (struct mschmd_file *) sys->alloc(sys, sizeof(struct mschmd_file) + name_len + 1))) { sys->free(chunk); return MSPACK_ERR_NOMEMORY; } fi->next = NULL; fi->filename = (char *) &fi[1]; fi->section = ((section == 0) ? (struct mschmd_section *) (&chm->sec0) : (struct mschmd_section *) (&chm->sec1)); fi->offset = offset; fi->length = length; sys->copy(name, fi->filename, (size_t) name_len); fi->filename[name_len] = '\0'; if (name[0] == ':' && name[1] == ':') { if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) { if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) { chm->sec1.content = fi; } else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) { chm->sec1.control = fi; } else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) { chm->sec1.spaninfo = fi; } else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) { chm->sec1.rtable = fi; } } fi->next = chm->sysfiles; chm->sysfiles = fi; } else { if (link) link->next = fi; else chm->files = fi; link = fi; } } chunk_end: if (num_entries >= 0) { D((""chunk ended before all entries could be read"")) errors++; } } sys->free(chunk); return (errors > 0) ? MSPACK_ERR_DATAFORMAT : MSPACK_ERR_OK; }",visit repo url,libmspack/mspack/chmd.c,https://github.com/kyz/libmspack,244776480139116,1 2735,[],"static int sctp_getsockopt_sctp_status(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_status status; struct sctp_association *asoc = NULL; struct sctp_transport *transport; sctp_assoc_t associd; int retval = 0; if (len < sizeof(status)) { retval = -EINVAL; goto out; } len = sizeof(status); if (copy_from_user(&status, optval, len)) { retval = -EFAULT; goto out; } associd = status.sstat_assoc_id; asoc = sctp_id2assoc(sk, associd); if (!asoc) { retval = -EINVAL; goto out; } transport = asoc->peer.primary_path; status.sstat_assoc_id = sctp_assoc2id(asoc); status.sstat_state = asoc->state; status.sstat_rwnd = asoc->peer.rwnd; status.sstat_unackdata = asoc->unack_data; status.sstat_penddata = sctp_tsnmap_pending(&asoc->peer.tsn_map); status.sstat_instrms = asoc->c.sinit_max_instreams; status.sstat_outstrms = asoc->c.sinit_num_ostreams; status.sstat_fragmentation_point = asoc->frag_point; status.sstat_primary.spinfo_assoc_id = sctp_assoc2id(transport->asoc); memcpy(&status.sstat_primary.spinfo_address, &transport->ipaddr, transport->af_specific->sockaddr_len); sctp_get_pf_specific(sk->sk_family)->addr_v4map(sctp_sk(sk), (union sctp_addr *)&status.sstat_primary.spinfo_address); status.sstat_primary.spinfo_state = transport->state; status.sstat_primary.spinfo_cwnd = transport->cwnd; status.sstat_primary.spinfo_srtt = transport->srtt; status.sstat_primary.spinfo_rto = jiffies_to_msecs(transport->rto); status.sstat_primary.spinfo_mtu = transport->pathmtu; if (status.sstat_primary.spinfo_state == SCTP_UNKNOWN) status.sstat_primary.spinfo_state = SCTP_ACTIVE; if (put_user(len, optlen)) { retval = -EFAULT; goto out; } SCTP_DEBUG_PRINTK(""sctp_getsockopt_sctp_status(%d): %d %d %d\n"", len, status.sstat_state, status.sstat_rwnd, status.sstat_assoc_id); if (copy_to_user(optval, &status, len)) { retval = -EFAULT; goto out; } out: return (retval); }",linux-2.6,,,264436229145268566676018625632313264514,0 6533,['CWE-200'],"applet_menu_item_activate_helper (NMDevice *device, NMConnection *connection, const char *specific_object, NMApplet *applet, gpointer dclass_data) { AppletItemActivateInfo *info; NMADeviceClass *dclass; g_return_if_fail (NM_IS_DEVICE (device)); info = g_malloc0 (sizeof (AppletItemActivateInfo)); info->applet = applet; info->specific_object = g_strdup (specific_object); info->device = g_object_ref (device); info->dclass_data = dclass_data; if (connection) { applet_menu_item_activate_helper_part2 (connection, FALSE, FALSE, info); return; } dclass = get_device_class (device, applet); g_assert (dclass); if (!dclass->new_auto_connection (device, dclass_data, applet_menu_item_activate_helper_part2, info)) { nm_warning (""Couldn't create default connection.""); applet_item_activate_info_destroy (info); } }",network-manager-applet,,,291282002886254581680909622248779509009,0 5428,['CWE-476'],"static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s) { vcpu_load(vcpu); memcpy(vcpu->arch.apic->regs, s->regs, sizeof *s); kvm_apic_post_state_restore(vcpu); vcpu_put(vcpu); return 0; }",linux-2.6,,,43130095296146648002580686390119829875,0 277,[],"static int do_blkbszget(unsigned int fd, unsigned int cmd, unsigned long arg) { return sys_ioctl(fd, BLKBSZGET, (unsigned long)compat_ptr(arg)); }",linux-2.6,,,296472789707406531653301600493985651166,0 4810,CWE-119,"static int gemsafe_get_cert_len(sc_card_t *card) { int r; u8 ibuf[GEMSAFE_MAX_OBJLEN]; u8 *iptr; struct sc_path path; struct sc_file *file; size_t objlen, certlen; unsigned int ind, i=0; sc_format_path(GEMSAFE_PATH, &path); r = sc_select_file(card, &path, &file); if (r != SC_SUCCESS || !file) return SC_ERROR_INTERNAL; r = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0); if (r < 0) return SC_ERROR_INTERNAL; objlen = (((size_t) ibuf[0]) << 8) | ibuf[1]; sc_log(card->ctx, ""Stored object is of size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); if (objlen < 1 || objlen > GEMSAFE_MAX_OBJLEN) { sc_log(card->ctx, ""Invalid object size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); return SC_ERROR_INTERNAL; } ind = 2; while (ibuf[ind] == 0x01) { if (ibuf[ind+1] == 0xFE) { gemsafe_prkeys[i].ref = ibuf[ind+4]; sc_log(card->ctx, ""Key container %d is allocated and uses key_ref %d"", i+1, gemsafe_prkeys[i].ref); ind += 9; } else { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; sc_log(card->ctx, ""Key container %d is unallocated"", i+1); ind += 8; } i++; } for (; i < gemsafe_cert_max; i++) { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } iptr = ibuf + GEMSAFE_READ_QUANTUM; while ((size_t)(iptr - ibuf) < objlen) { r = sc_read_binary(card, iptr - ibuf, iptr, MIN(GEMSAFE_READ_QUANTUM, objlen - (iptr - ibuf)), 0); if (r < 0) { sc_log(card->ctx, ""Could not read cert object""); return SC_ERROR_INTERNAL; } iptr += GEMSAFE_READ_QUANTUM; } i = 0; while (ind < objlen - 1) { if (ibuf[ind] == 0x30 && ibuf[ind+1] == 0x82) { while (i < gemsafe_cert_max && gemsafe_cert[i].label == NULL) i++; if (i == gemsafe_cert_max) { sc_log(card->ctx, ""Warning: Found orphaned certificate at offset %d"", ind); return SC_SUCCESS; } if (ind+3 >= sizeof ibuf) return SC_ERROR_INVALID_DATA; certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4; sc_log(card->ctx, ""Found certificate of key container %d at offset %d, len %""SC_FORMAT_LEN_SIZE_T""u"", i+1, ind, certlen); gemsafe_cert[i].index = ind; gemsafe_cert[i].count = certlen; ind += certlen; i++; } else ind++; } for (; i < gemsafe_cert_max; i++) { if (gemsafe_cert[i].label) { sc_log(card->ctx, ""Warning: Certificate of key container %d is missing"", i+1); gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-gemsafeV1.c,https://github.com/OpenSC/OpenSC,187411920034295,1 907,['CWE-200'],"static struct dentry *shmem_get_parent(struct dentry *child) { return ERR_PTR(-ESTALE); }",linux-2.6,,,120025768601144788024933229295703129159,0 502,CWE-787,"static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb) { struct shash_instance *inst; struct crypto_alg *alg; struct shash_alg *salg; int err; int ds; int ss; err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SHASH); if (err) return err; salg = shash_attr_alg(tb[1], 0, 0); if (IS_ERR(salg)) return PTR_ERR(salg); err = -EINVAL; ds = salg->digestsize; ss = salg->statesize; alg = &salg->base; if (ds > alg->cra_blocksize || ss < alg->cra_blocksize) goto out_put_alg; inst = shash_alloc_instance(""hmac"", alg); err = PTR_ERR(inst); if (IS_ERR(inst)) goto out_put_alg; err = crypto_init_shash_spawn(shash_instance_ctx(inst), salg, shash_crypto_instance(inst)); if (err) goto out_free_inst; inst->alg.base.cra_priority = alg->cra_priority; inst->alg.base.cra_blocksize = alg->cra_blocksize; inst->alg.base.cra_alignmask = alg->cra_alignmask; ss = ALIGN(ss, alg->cra_alignmask + 1); inst->alg.digestsize = ds; inst->alg.statesize = ss; inst->alg.base.cra_ctxsize = sizeof(struct hmac_ctx) + ALIGN(ss * 2, crypto_tfm_ctx_alignment()); inst->alg.base.cra_init = hmac_init_tfm; inst->alg.base.cra_exit = hmac_exit_tfm; inst->alg.init = hmac_init; inst->alg.update = hmac_update; inst->alg.final = hmac_final; inst->alg.finup = hmac_finup; inst->alg.export = hmac_export; inst->alg.import = hmac_import; inst->alg.setkey = hmac_setkey; err = shash_register_instance(tmpl, inst); if (err) { out_free_inst: shash_free_instance(shash_crypto_instance(inst)); } out_put_alg: crypto_mod_put(alg); return err; }",visit repo url,crypto/hmac.c,https://github.com/torvalds/linux,258659055624668,1 494,CWE-200,"static int walk_hugetlb_range(unsigned long addr, unsigned long end, struct mm_walk *walk) { struct vm_area_struct *vma = walk->vma; struct hstate *h = hstate_vma(vma); unsigned long next; unsigned long hmask = huge_page_mask(h); unsigned long sz = huge_page_size(h); pte_t *pte; int err = 0; do { next = hugetlb_entry_end(h, addr, end); pte = huge_pte_offset(walk->mm, addr & hmask, sz); if (pte && walk->hugetlb_entry) err = walk->hugetlb_entry(pte, hmask, addr, next, walk); if (err) break; } while (addr = next, addr != end); return err; }",visit repo url,mm/pagewalk.c,https://github.com/torvalds/linux,229960278009040,1 3033,CWE-125,"static inline LineContribType *_gdContributionsCalc(unsigned int line_size, unsigned int src_size, double scale_d, const interpolation_method pFilter) { double width_d; double scale_f_d = 1.0; const double filter_width_d = DEFAULT_BOX_RADIUS; int windows_size; unsigned int u; LineContribType *res; if (scale_d < 1.0) { width_d = filter_width_d / scale_d; scale_f_d = scale_d; } else { width_d= filter_width_d; } windows_size = 2 * (int)ceil(width_d) + 1; res = _gdContributionsAlloc(line_size, windows_size); for (u = 0; u < line_size; u++) { const double dCenter = (double)u / scale_d; register int iLeft = MAX(0, (int)floor (dCenter - width_d)); int iRight = MIN((int)ceil(dCenter + width_d), (int)src_size - 1); double dTotalWeight = 0.0; int iSrc; res->ContribRow[u].Left = iLeft; res->ContribRow[u].Right = iRight; if (iRight - iLeft + 1 > windows_size) { if (iLeft < ((int)src_size - 1 / 2)) { iLeft++; } else { iRight--; } } for (iSrc = iLeft; iSrc <= iRight; iSrc++) { dTotalWeight += (res->ContribRow[u].Weights[iSrc-iLeft] = scale_f_d * (*pFilter)(scale_f_d * (dCenter - (double)iSrc))); } if (dTotalWeight < 0.0) { _gdContributionsFree(res); return NULL; } if (dTotalWeight > 0.0) { for (iSrc = iLeft; iSrc <= iRight; iSrc++) { res->ContribRow[u].Weights[iSrc-iLeft] /= dTotalWeight; } } } return res; }",visit repo url,src/gd_interpolation.c,https://github.com/libgd/libgd,167494246270317,1 3744,[],"static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) { scm->secid = *UNIXSID(skb); }",linux-2.6,,,132268932398719767025749039881363351179,0 1436,CWE-399,"int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) { bool pr = false; u32 msr = msr_info->index; u64 data = msr_info->data; switch (msr) { case MSR_AMD64_NB_CFG: case MSR_IA32_UCODE_REV: case MSR_IA32_UCODE_WRITE: case MSR_VM_HSAVE_PA: case MSR_AMD64_PATCH_LOADER: case MSR_AMD64_BU_CFG2: break; case MSR_EFER: return set_efer(vcpu, data); case MSR_K7_HWCR: data &= ~(u64)0x40; data &= ~(u64)0x100; data &= ~(u64)0x8; if (data != 0) { vcpu_unimpl(vcpu, ""unimplemented HWCR wrmsr: 0x%llx\n"", data); return 1; } break; case MSR_FAM10H_MMIO_CONF_BASE: if (data != 0) { vcpu_unimpl(vcpu, ""unimplemented MMIO_CONF_BASE wrmsr: "" ""0x%llx\n"", data); return 1; } break; case MSR_IA32_DEBUGCTLMSR: if (!data) { break; } else if (data & ~(DEBUGCTLMSR_LBR | DEBUGCTLMSR_BTF)) { return 1; } vcpu_unimpl(vcpu, ""%s: MSR_IA32_DEBUGCTLMSR 0x%llx, nop\n"", __func__, data); break; case 0x200 ... 0x2ff: return set_msr_mtrr(vcpu, msr, data); case MSR_IA32_APICBASE: kvm_set_apic_base(vcpu, data); break; case APIC_BASE_MSR ... APIC_BASE_MSR + 0x3ff: return kvm_x2apic_msr_write(vcpu, msr, data); case MSR_IA32_TSCDEADLINE: kvm_set_lapic_tscdeadline_msr(vcpu, data); break; case MSR_IA32_TSC_ADJUST: if (guest_cpuid_has_tsc_adjust(vcpu)) { if (!msr_info->host_initiated) { u64 adj = data - vcpu->arch.ia32_tsc_adjust_msr; kvm_x86_ops->adjust_tsc_offset(vcpu, adj, true); } vcpu->arch.ia32_tsc_adjust_msr = data; } break; case MSR_IA32_MISC_ENABLE: vcpu->arch.ia32_misc_enable_msr = data; break; case MSR_KVM_WALL_CLOCK_NEW: case MSR_KVM_WALL_CLOCK: vcpu->kvm->arch.wall_clock = data; kvm_write_wall_clock(vcpu->kvm, data); break; case MSR_KVM_SYSTEM_TIME_NEW: case MSR_KVM_SYSTEM_TIME: { kvmclock_reset(vcpu); vcpu->arch.time = data; kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu); if (!(data & 1)) break; vcpu->arch.time_offset = data & ~(PAGE_MASK | 1); if (vcpu->arch.time_offset & (sizeof(struct pvclock_vcpu_time_info) - 1)) break; vcpu->arch.time_page = gfn_to_page(vcpu->kvm, data >> PAGE_SHIFT); if (is_error_page(vcpu->arch.time_page)) vcpu->arch.time_page = NULL; break; } case MSR_KVM_ASYNC_PF_EN: if (kvm_pv_enable_async_pf(vcpu, data)) return 1; break; case MSR_KVM_STEAL_TIME: if (unlikely(!sched_info_on())) return 1; if (data & KVM_STEAL_RESERVED_MASK) return 1; if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime, data & KVM_STEAL_VALID_BITS)) return 1; vcpu->arch.st.msr_val = data; if (!(data & KVM_MSR_ENABLED)) break; vcpu->arch.st.last_steal = current->sched_info.run_delay; preempt_disable(); accumulate_steal_time(vcpu); preempt_enable(); kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu); break; case MSR_KVM_PV_EOI_EN: if (kvm_lapic_enable_pv_eoi(vcpu, data)) return 1; break; case MSR_IA32_MCG_CTL: case MSR_IA32_MCG_STATUS: case MSR_IA32_MC0_CTL ... MSR_IA32_MC0_CTL + 4 * KVM_MAX_MCE_BANKS - 1: return set_msr_mce(vcpu, msr, data); case MSR_K7_EVNTSEL0: case MSR_K7_EVNTSEL1: case MSR_K7_EVNTSEL2: case MSR_K7_EVNTSEL3: if (data != 0) vcpu_unimpl(vcpu, ""unimplemented perfctr wrmsr: "" ""0x%x data 0x%llx\n"", msr, data); break; case MSR_K7_PERFCTR0: case MSR_K7_PERFCTR1: case MSR_K7_PERFCTR2: case MSR_K7_PERFCTR3: vcpu_unimpl(vcpu, ""unimplemented perfctr wrmsr: "" ""0x%x data 0x%llx\n"", msr, data); break; case MSR_P6_PERFCTR0: case MSR_P6_PERFCTR1: pr = true; case MSR_P6_EVNTSEL0: case MSR_P6_EVNTSEL1: if (kvm_pmu_msr(vcpu, msr)) return kvm_pmu_set_msr(vcpu, msr, data); if (pr || data != 0) vcpu_unimpl(vcpu, ""disabled perfctr wrmsr: "" ""0x%x data 0x%llx\n"", msr, data); break; case MSR_K7_CLK_CTL: break; case HV_X64_MSR_GUEST_OS_ID ... HV_X64_MSR_SINT15: if (kvm_hv_msr_partition_wide(msr)) { int r; mutex_lock(&vcpu->kvm->lock); r = set_msr_hyperv_pw(vcpu, msr, data); mutex_unlock(&vcpu->kvm->lock); return r; } else return set_msr_hyperv(vcpu, msr, data); break; case MSR_IA32_BBL_CR_CTL3: vcpu_unimpl(vcpu, ""ignored wrmsr: 0x%x data %llx\n"", msr, data); break; case MSR_AMD64_OSVW_ID_LENGTH: if (!guest_cpuid_has_osvw(vcpu)) return 1; vcpu->arch.osvw.length = data; break; case MSR_AMD64_OSVW_STATUS: if (!guest_cpuid_has_osvw(vcpu)) return 1; vcpu->arch.osvw.status = data; break; default: if (msr && (msr == vcpu->kvm->arch.xen_hvm_config.msr)) return xen_hvm_config(vcpu, data); if (kvm_pmu_msr(vcpu, msr)) return kvm_pmu_set_msr(vcpu, msr, data); if (!ignore_msrs) { vcpu_unimpl(vcpu, ""unhandled wrmsr: 0x%x data %llx\n"", msr, data); return 1; } else { vcpu_unimpl(vcpu, ""ignored wrmsr: 0x%x data %llx\n"", msr, data); break; } } return 0; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,159789940031906,1 5111,CWE-125,"FunctionDef(identifier name, arguments_ty args, asdl_seq * body, asdl_seq * decorator_list, expr_ty returns, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; if (!name) { PyErr_SetString(PyExc_ValueError, ""field name is required for FunctionDef""); return NULL; } if (!args) { PyErr_SetString(PyExc_ValueError, ""field args is required for FunctionDef""); return NULL; } p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = FunctionDef_kind; p->v.FunctionDef.name = name; p->v.FunctionDef.args = args; p->v.FunctionDef.body = body; p->v.FunctionDef.decorator_list = decorator_list; p->v.FunctionDef.returns = returns; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,262081031761430,1 4559,CWE-476,"static void get_info_for_all_streams (mpeg2ps_t *ps) { u8 stream_ix, max_ix, av; mpeg2ps_stream_t *sptr; u8 *buffer; u32 buflen; file_seek_to(ps->fd, 0); for (av = 0; av < 2; av++) { if (av == 0) max_ix = ps->video_cnt; else max_ix = ps->audio_cnt; for (stream_ix = 0; stream_ix < max_ix; stream_ix++) { if (av == 0) sptr = ps->video_streams[stream_ix]; else sptr = ps->audio_streams[stream_ix]; sptr->m_fd = ps->fd; clear_stream_buffer(sptr); if (mpeg2ps_stream_read_frame(sptr, &buffer, &buflen, 0) == 0) { sptr->m_stream_id = 0; sptr->m_fd = FDNULL; continue; } get_info_from_frame(sptr, buffer, buflen); if (sptr->first_pes_has_dts == 0) { u32 frames_from_beg = 0; Bool have_frame; do { advance_frame(sptr); have_frame = mpeg2ps_stream_read_frame(sptr, &buffer, &buflen, 0); frames_from_beg++; } while (have_frame && sptr->frame_ts.have_dts == 0 && sptr->frame_ts.have_pts == 0 && frames_from_beg < 1000); if (have_frame == 0 || (sptr->frame_ts.have_dts == 0 && sptr->frame_ts.have_pts == 0)) { } else { sptr->start_dts = sptr->frame_ts.have_dts ? sptr->frame_ts.dts : sptr->frame_ts.pts; if (sptr->is_video) { sptr->start_dts -= frames_from_beg * sptr->ticks_per_frame; } else { u64 conv; conv = sptr->samples_per_frame * 90000; conv /= (u64)sptr->freq; sptr->start_dts -= conv; } } } clear_stream_buffer(sptr); sptr->m_fd = FDNULL; } } }",visit repo url,src/media_tools/mpeg2_ps.c,https://github.com/gpac/gpac,184891350605998,1 3664,['CWE-264'],"static int page_cache_pipe_buf_steal(struct pipe_inode_info *pipe, struct pipe_buffer *buf) { struct page *page = buf->page; struct address_space *mapping; lock_page(page); mapping = page_mapping(page); if (mapping) { WARN_ON(!PageUptodate(page)); wait_on_page_writeback(page); if (PagePrivate(page) && !try_to_release_page(page, GFP_KERNEL)) goto out_unlock; if (remove_mapping(mapping, page)) { buf->flags |= PIPE_BUF_FLAG_LRU; return 0; } } out_unlock: unlock_page(page); return 1; }",linux-2.6,,,324023879189060509632540374678963268076,0 2863,['CWE-189'],"static mif_hdr_t *mif_hdr_get(jas_stream_t *in) { uchar magicbuf[MIF_MAGICLEN]; char buf[4096]; mif_hdr_t *hdr; bool done; jas_tvparser_t *tvp; int id; hdr = 0; if (jas_stream_read(in, magicbuf, MIF_MAGICLEN) != MIF_MAGICLEN) { goto error; } if (magicbuf[0] != (MIF_MAGIC >> 24) || magicbuf[1] != ((MIF_MAGIC >> 16) & 0xff) || magicbuf[2] != ((MIF_MAGIC >> 8) & 0xff) || magicbuf[3] != (MIF_MAGIC & 0xff)) { jas_eprintf(""error: bad signature\n""); goto error; } if (!(hdr = mif_hdr_create(0))) { goto error; } done = false; do { if (!mif_getline(in, buf, sizeof(buf))) { goto error; } if (buf[0] == '\0') { continue; } if (!(tvp = jas_tvparser_create(buf))) { goto error; } if (jas_tvparser_next(tvp)) { abort(); } id = jas_taginfo_nonull(jas_taginfos_lookup(mif_tags2, jas_tvparser_gettag(tvp)))->id; jas_tvparser_destroy(tvp); switch (id) { case MIF_CMPT: mif_process_cmpt(hdr, buf); break; case MIF_END: done = 1; break; } } while (!done); return hdr; error: if (hdr) { mif_hdr_destroy(hdr); } return 0; }",jasper,,,56953082279552467873981815300950448360,0 166,CWE-476,"static int dr_domain_init_resources(struct mlx5dr_domain *dmn) { int ret; dmn->ste_ctx = mlx5dr_ste_get_ctx(dmn->info.caps.sw_format_ver); if (!dmn->ste_ctx) { mlx5dr_err(dmn, ""SW Steering on this device is unsupported\n""); return -EOPNOTSUPP; } ret = mlx5_core_alloc_pd(dmn->mdev, &dmn->pdn); if (ret) { mlx5dr_err(dmn, ""Couldn't allocate PD, ret: %d"", ret); return ret; } dmn->uar = mlx5_get_uars_page(dmn->mdev); if (!dmn->uar) { mlx5dr_err(dmn, ""Couldn't allocate UAR\n""); ret = -ENOMEM; goto clean_pd; } dmn->ste_icm_pool = mlx5dr_icm_pool_create(dmn, DR_ICM_TYPE_STE); if (!dmn->ste_icm_pool) { mlx5dr_err(dmn, ""Couldn't get icm memory\n""); ret = -ENOMEM; goto clean_uar; } dmn->action_icm_pool = mlx5dr_icm_pool_create(dmn, DR_ICM_TYPE_MODIFY_ACTION); if (!dmn->action_icm_pool) { mlx5dr_err(dmn, ""Couldn't get action icm memory\n""); ret = -ENOMEM; goto free_ste_icm_pool; } ret = mlx5dr_send_ring_alloc(dmn); if (ret) { mlx5dr_err(dmn, ""Couldn't create send-ring\n""); goto free_action_icm_pool; } return 0; free_action_icm_pool: mlx5dr_icm_pool_destroy(dmn->action_icm_pool); free_ste_icm_pool: mlx5dr_icm_pool_destroy(dmn->ste_icm_pool); clean_uar: mlx5_put_uars_page(dmn->mdev, dmn->uar); clean_pd: mlx5_core_dealloc_pd(dmn->mdev, dmn->pdn); return ret; }",visit repo url,drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c,https://github.com/torvalds/linux,272289281826646,1 2035,CWE-665,"static __latent_entropy struct task_struct *copy_process( struct pid *pid, int trace, int node, struct kernel_clone_args *args) { int pidfd = -1, retval; struct task_struct *p; struct multiprocess_signals delayed; struct file *pidfile = NULL; u64 clone_flags = args->flags; struct nsproxy *nsp = current->nsproxy; if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS)) return ERR_PTR(-EINVAL); if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); if ((clone_flags & CLONE_THREAD) && !(clone_flags & CLONE_SIGHAND)) return ERR_PTR(-EINVAL); if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM)) return ERR_PTR(-EINVAL); if ((clone_flags & CLONE_PARENT) && current->signal->flags & SIGNAL_UNKILLABLE) return ERR_PTR(-EINVAL); if (clone_flags & CLONE_THREAD) { if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) || (task_active_pid_ns(current) != nsp->pid_ns_for_children)) return ERR_PTR(-EINVAL); } if (clone_flags & (CLONE_THREAD | CLONE_VM)) { if (nsp->time_ns != nsp->time_ns_for_children) return ERR_PTR(-EINVAL); } if (clone_flags & CLONE_PIDFD) { if (clone_flags & (CLONE_DETACHED | CLONE_THREAD)) return ERR_PTR(-EINVAL); } sigemptyset(&delayed.signal); INIT_HLIST_NODE(&delayed.node); spin_lock_irq(¤t->sighand->siglock); if (!(clone_flags & CLONE_THREAD)) hlist_add_head(&delayed.node, ¤t->signal->multiprocess); recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); retval = -ERESTARTNOINTR; if (signal_pending(current)) goto fork_out; retval = -ENOMEM; p = dup_task_struct(current, node); if (!p) goto fork_out; p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? args->child_tid : NULL; p->clear_child_tid = (clone_flags & CLONE_CHILD_CLEARTID) ? args->child_tid : NULL; ftrace_graph_init_task(p); rt_mutex_init_task(p); lockdep_assert_irqs_enabled(); #ifdef CONFIG_PROVE_LOCKING DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (p->real_cred->user != INIT_USER && !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) goto bad_fork_free; } current->flags &= ~PF_NPROC_EXCEEDED; retval = copy_creds(p, clone_flags); if (retval < 0) goto bad_fork_free; retval = -EAGAIN; if (data_race(nr_threads >= max_threads)) goto bad_fork_cleanup_count; delayacct_tsk_init(p); p->flags &= ~(PF_SUPERPRIV | PF_WQ_WORKER | PF_IDLE); p->flags |= PF_FORKNOEXEC; INIT_LIST_HEAD(&p->children); INIT_LIST_HEAD(&p->sibling); rcu_copy_process(p); p->vfork_done = NULL; spin_lock_init(&p->alloc_lock); init_sigpending(&p->pending); p->utime = p->stime = p->gtime = 0; #ifdef CONFIG_ARCH_HAS_SCALED_CPUTIME p->utimescaled = p->stimescaled = 0; #endif prev_cputime_init(&p->prev_cputime); #ifdef CONFIG_VIRT_CPU_ACCOUNTING_GEN seqcount_init(&p->vtime.seqcount); p->vtime.starttime = 0; p->vtime.state = VTIME_INACTIVE; #endif #ifdef CONFIG_IO_URING p->io_uring = NULL; #endif #if defined(SPLIT_RSS_COUNTING) memset(&p->rss_stat, 0, sizeof(p->rss_stat)); #endif p->default_timer_slack_ns = current->timer_slack_ns; #ifdef CONFIG_PSI p->psi_flags = 0; #endif task_io_accounting_init(&p->ioac); acct_clear_integrals(p); posix_cputimers_init(&p->posix_cputimers); p->io_context = NULL; audit_set_context(p, NULL); cgroup_fork(p); #ifdef CONFIG_NUMA p->mempolicy = mpol_dup(p->mempolicy); if (IS_ERR(p->mempolicy)) { retval = PTR_ERR(p->mempolicy); p->mempolicy = NULL; goto bad_fork_cleanup_threadgroup_lock; } #endif #ifdef CONFIG_CPUSETS p->cpuset_mem_spread_rotor = NUMA_NO_NODE; p->cpuset_slab_spread_rotor = NUMA_NO_NODE; seqcount_spinlock_init(&p->mems_allowed_seq, &p->alloc_lock); #endif #ifdef CONFIG_TRACE_IRQFLAGS memset(&p->irqtrace, 0, sizeof(p->irqtrace)); p->irqtrace.hardirq_disable_ip = _THIS_IP_; p->irqtrace.softirq_enable_ip = _THIS_IP_; p->softirqs_enabled = 1; p->softirq_context = 0; #endif p->pagefault_disabled = 0; #ifdef CONFIG_LOCKDEP lockdep_init_task(p); #endif #ifdef CONFIG_DEBUG_MUTEXES p->blocked_on = NULL; #endif #ifdef CONFIG_BCACHE p->sequential_io = 0; p->sequential_io_avg = 0; #endif retval = sched_fork(clone_flags, p); if (retval) goto bad_fork_cleanup_policy; retval = perf_event_init_task(p); if (retval) goto bad_fork_cleanup_policy; retval = audit_alloc(p); if (retval) goto bad_fork_cleanup_perf; shm_init_task(p); retval = security_task_alloc(p, clone_flags); if (retval) goto bad_fork_cleanup_audit; retval = copy_semundo(clone_flags, p); if (retval) goto bad_fork_cleanup_security; retval = copy_files(clone_flags, p); if (retval) goto bad_fork_cleanup_semundo; retval = copy_fs(clone_flags, p); if (retval) goto bad_fork_cleanup_files; retval = copy_sighand(clone_flags, p); if (retval) goto bad_fork_cleanup_fs; retval = copy_signal(clone_flags, p); if (retval) goto bad_fork_cleanup_sighand; retval = copy_mm(clone_flags, p); if (retval) goto bad_fork_cleanup_signal; retval = copy_namespaces(clone_flags, p); if (retval) goto bad_fork_cleanup_mm; retval = copy_io(clone_flags, p); if (retval) goto bad_fork_cleanup_namespaces; retval = copy_thread(clone_flags, args->stack, args->stack_size, p, args->tls); if (retval) goto bad_fork_cleanup_io; stackleak_task_init(p); if (pid != &init_struct_pid) { pid = alloc_pid(p->nsproxy->pid_ns_for_children, args->set_tid, args->set_tid_size); if (IS_ERR(pid)) { retval = PTR_ERR(pid); goto bad_fork_cleanup_thread; } } if (clone_flags & CLONE_PIDFD) { retval = get_unused_fd_flags(O_RDWR | O_CLOEXEC); if (retval < 0) goto bad_fork_free_pid; pidfd = retval; pidfile = anon_inode_getfile(""[pidfd]"", &pidfd_fops, pid, O_RDWR | O_CLOEXEC); if (IS_ERR(pidfile)) { put_unused_fd(pidfd); retval = PTR_ERR(pidfile); goto bad_fork_free_pid; } get_pid(pid); retval = put_user(pidfd, args->pidfd); if (retval) goto bad_fork_put_pidfd; } #ifdef CONFIG_BLOCK p->plug = NULL; #endif futex_init_task(p); if ((clone_flags & (CLONE_VM|CLONE_VFORK)) == CLONE_VM) sas_ss_reset(p); user_disable_single_step(p); clear_tsk_thread_flag(p, TIF_SYSCALL_TRACE); #ifdef TIF_SYSCALL_EMU clear_tsk_thread_flag(p, TIF_SYSCALL_EMU); #endif clear_tsk_latency_tracing(p); p->pid = pid_nr(pid); if (clone_flags & CLONE_THREAD) { p->exit_signal = -1; p->group_leader = current->group_leader; p->tgid = current->tgid; } else { if (clone_flags & CLONE_PARENT) p->exit_signal = current->group_leader->exit_signal; else p->exit_signal = args->exit_signal; p->group_leader = p; p->tgid = p->pid; } p->nr_dirtied = 0; p->nr_dirtied_pause = 128 >> (PAGE_SHIFT - 10); p->dirty_paused_when = 0; p->pdeath_signal = 0; INIT_LIST_HEAD(&p->thread_group); p->task_works = NULL; retval = cgroup_can_fork(p, args); if (retval) goto bad_fork_put_pidfd; p->start_time = ktime_get_ns(); p->start_boottime = ktime_get_boottime_ns(); write_lock_irq(&tasklist_lock); if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) { p->real_parent = current->real_parent; p->parent_exec_id = current->parent_exec_id; } else { p->real_parent = current; p->parent_exec_id = current->self_exec_id; } klp_copy_process(p); spin_lock(¤t->sighand->siglock); copy_seccomp(p); rseq_fork(p, clone_flags); if (unlikely(!(ns_of_pid(pid)->pid_allocated & PIDNS_ADDING))) { retval = -ENOMEM; goto bad_fork_cancel_cgroup; } if (fatal_signal_pending(current)) { retval = -EINTR; goto bad_fork_cancel_cgroup; } if (pidfile) fd_install(pidfd, pidfile); init_task_pid_links(p); if (likely(p->pid)) { ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); init_task_pid(p, PIDTYPE_PID, pid); if (thread_group_leader(p)) { init_task_pid(p, PIDTYPE_TGID, pid); init_task_pid(p, PIDTYPE_PGID, task_pgrp(current)); init_task_pid(p, PIDTYPE_SID, task_session(current)); if (is_child_reaper(pid)) { ns_of_pid(pid)->child_reaper = p; p->signal->flags |= SIGNAL_UNKILLABLE; } p->signal->shared_pending.signal = delayed.signal; p->signal->tty = tty_kref_get(current->signal->tty); p->signal->has_child_subreaper = p->real_parent->signal->has_child_subreaper || p->real_parent->signal->is_child_subreaper; list_add_tail(&p->sibling, &p->real_parent->children); list_add_tail_rcu(&p->tasks, &init_task.tasks); attach_pid(p, PIDTYPE_TGID); attach_pid(p, PIDTYPE_PGID); attach_pid(p, PIDTYPE_SID); __this_cpu_inc(process_counts); } else { current->signal->nr_threads++; atomic_inc(¤t->signal->live); refcount_inc(¤t->signal->sigcnt); task_join_group_stop(p); list_add_tail_rcu(&p->thread_group, &p->group_leader->thread_group); list_add_tail_rcu(&p->thread_node, &p->signal->thread_head); } attach_pid(p, PIDTYPE_PID); nr_threads++; } total_forks++; hlist_del_init(&delayed.node); spin_unlock(¤t->sighand->siglock); syscall_tracepoint_update(p); write_unlock_irq(&tasklist_lock); proc_fork_connector(p); sched_post_fork(p); cgroup_post_fork(p, args); perf_event_fork(p); trace_task_newtask(p, clone_flags); uprobe_copy_process(p, clone_flags); copy_oom_score_adj(clone_flags, p); return p; bad_fork_cancel_cgroup: spin_unlock(¤t->sighand->siglock); write_unlock_irq(&tasklist_lock); cgroup_cancel_fork(p, args); bad_fork_put_pidfd: if (clone_flags & CLONE_PIDFD) { fput(pidfile); put_unused_fd(pidfd); } bad_fork_free_pid: if (pid != &init_struct_pid) free_pid(pid); bad_fork_cleanup_thread: exit_thread(p); bad_fork_cleanup_io: if (p->io_context) exit_io_context(p); bad_fork_cleanup_namespaces: exit_task_namespaces(p); bad_fork_cleanup_mm: if (p->mm) { mm_clear_owner(p->mm, p); mmput(p->mm); } bad_fork_cleanup_signal: if (!(clone_flags & CLONE_THREAD)) free_signal_struct(p->signal); bad_fork_cleanup_sighand: __cleanup_sighand(p->sighand); bad_fork_cleanup_fs: exit_fs(p); bad_fork_cleanup_files: exit_files(p); bad_fork_cleanup_semundo: exit_sem(p); bad_fork_cleanup_security: security_task_free(p); bad_fork_cleanup_audit: audit_free(p); bad_fork_cleanup_perf: perf_event_free_task(p); bad_fork_cleanup_policy: lockdep_free_task(p); #ifdef CONFIG_NUMA mpol_put(p->mempolicy); bad_fork_cleanup_threadgroup_lock: #endif delayacct_tsk_free(p); bad_fork_cleanup_count: atomic_dec(&p->cred->user->processes); exit_creds(p); bad_fork_free: p->state = TASK_DEAD; put_task_stack(p); delayed_free_task(p); fork_out: spin_lock_irq(¤t->sighand->siglock); hlist_del_init(&delayed.node); spin_unlock_irq(¤t->sighand->siglock); return ERR_PTR(retval); }",visit repo url,kernel/fork.c,https://github.com/torvalds/linux,237125401899926,1 840,['CWE-119'],"isdn_readbchan_tty(int di, int channel, struct tty_struct *tty, int cisco_hack) { int count; int count_pull; int count_put; int dflag; struct sk_buff *skb; char last = 0; int len; if (!dev->drv[di]) return 0; if (skb_queue_empty(&dev->drv[di]->rpqueue[channel])) return 0; len = tty_buffer_request_room(tty, dev->drv[di]->rcvcount[channel]); if(len == 0) return len; count = 0; while (len) { if (!(skb = skb_peek(&dev->drv[di]->rpqueue[channel]))) break; #ifdef CONFIG_ISDN_AUDIO if (ISDN_AUDIO_SKB_LOCK(skb)) break; ISDN_AUDIO_SKB_LOCK(skb) = 1; if ((ISDN_AUDIO_SKB_DLECOUNT(skb)) || (dev->drv[di]->DLEflag & (1 << channel))) { char *p = skb->data; unsigned long DLEmask = (1 << channel); dflag = 0; count_pull = count_put = 0; while ((count_pull < skb->len) && (len > 0)) { len--; if (dev->drv[di]->DLEflag & DLEmask) { last = DLE; dev->drv[di]->DLEflag &= ~DLEmask; } else { last = *p; if (last == DLE) { dev->drv[di]->DLEflag |= DLEmask; (ISDN_AUDIO_SKB_DLECOUNT(skb))--; } p++; count_pull++; } count_put++; } if (count_pull >= skb->len) dflag = 1; } else { #endif dflag = 1; if ((count_pull = skb->len) > len) { count_pull = len; dflag = 0; } count_put = count_pull; if(count_put > 1) tty_insert_flip_string(tty, skb->data, count_put - 1); last = skb->data[count_put - 1]; len -= count_put; #ifdef CONFIG_ISDN_AUDIO } #endif count += count_put; if (dflag) { if(cisco_hack) tty_insert_flip_char(tty, last, 0xFF); else tty_insert_flip_char(tty, last, TTY_NORMAL); #ifdef CONFIG_ISDN_AUDIO ISDN_AUDIO_SKB_LOCK(skb) = 0; #endif skb = skb_dequeue(&dev->drv[di]->rpqueue[channel]); dev_kfree_skb(skb); } else { tty_insert_flip_char(tty, last, TTY_NORMAL); skb_pull(skb, count_pull); #ifdef CONFIG_ISDN_AUDIO ISDN_AUDIO_SKB_LOCK(skb) = 0; #endif } dev->drv[di]->rcvcount[channel] -= count_put; } return count; }",linux-2.6,,,178515367936594194186330582158881095422,0 2848,['CWE-119'],"sort_pacl_range(struct posix_acl *pacl, int start, int end) { int sorted = 0, i; struct posix_acl_entry tmp; while (!sorted) { sorted = 1; for (i = start; i < end; i++) { if (pacl->a_entries[i].e_id > pacl->a_entries[i+1].e_id) { sorted = 0; tmp = pacl->a_entries[i]; pacl->a_entries[i] = pacl->a_entries[i+1]; pacl->a_entries[i+1] = tmp; } } } }",linux-2.6,,,15352046403186471970031498119583872629,0 150,CWE-401,"static ssize_t available_instances_show(struct mdev_type *mtype, struct mdev_type_attribute *attr, char *buf) { const struct mbochs_type *type = &mbochs_types[mtype_get_type_group_id(mtype)]; int count = (max_mbytes - mbochs_used_mbytes) / type->mbytes; return sprintf(buf, ""%d\n"", count); }",visit repo url,samples/vfio-mdev/mbochs.c,https://github.com/torvalds/linux,18644541443426,1 3318,[],"static inline u64 nla_get_u64(struct nlattr *nla) { u64 tmp; nla_memcpy(&tmp, nla, sizeof(tmp)); return tmp; }",linux-2.6,,,169775753116589319863096733113459674629,0 5496,CWE-125,"ast_for_atom(struct compiling *c, const node *n) { node *ch = CHILD(n, 0); switch (TYPE(ch)) { case NAME: { PyObject *name = NEW_IDENTIFIER(ch); if (!name) return NULL; return Name(name, Load, LINENO(n), n->n_col_offset, c->c_arena); } case STRING: { PyObject *kind, *str = parsestrplus(c, n); const char *raw, *s = STR(CHILD(n, 0)); int quote = Py_CHARMASK(*s); char *ch, s_kind[3] = {0, 0, 0}; ch = s_kind; raw = s; while (*raw && *raw != '\'' && *raw != '""') { *ch++ = *raw++; } kind = PyUnicode_FromString(s_kind); if (!kind) { return NULL; } if (!str) { #ifdef Py_USING_UNICODE if (PyErr_ExceptionMatches(PyExc_UnicodeError)){ PyObject *type, *value, *tback, *errstr; PyErr_Fetch(&type, &value, &tback); errstr = PyObject_Str(value); if (errstr) { char *s = """"; char buf[128]; s = _PyUnicode_AsString(errstr); PyOS_snprintf(buf, sizeof(buf), ""(unicode error) %s"", s); ast_error(n, buf); Py_DECREF(errstr); } else { ast_error(n, ""(unicode error) unknown error""); } Py_DECREF(type); Py_DECREF(value); Py_XDECREF(tback); } #endif return NULL; } PyArena_AddPyObject(c->c_arena, str); return Str(str, kind, LINENO(n), n->n_col_offset, c->c_arena); } case NUMBER: { PyObject *pynum = parsenumber(c, STR(ch)); if (!pynum) return NULL; PyArena_AddPyObject(c->c_arena, pynum); return Num(pynum, LINENO(n), n->n_col_offset, c->c_arena); } case LPAR: ch = CHILD(n, 1); if (TYPE(ch) == RPAR) return Tuple(NULL, Load, LINENO(n), n->n_col_offset, c->c_arena); if (TYPE(ch) == yield_expr) return ast_for_expr(c, ch); return ast_for_testlist_comp(c, ch); case LSQB: ch = CHILD(n, 1); if (TYPE(ch) == RSQB) return List(NULL, Load, LINENO(n), n->n_col_offset, c->c_arena); REQ(ch, listmaker); if (NCH(ch) == 1 || TYPE(CHILD(ch, 1)) == COMMA) { asdl_seq *elts = seq_for_testlist(c, ch); if (!elts) return NULL; return List(elts, Load, LINENO(n), n->n_col_offset, c->c_arena); } else return ast_for_listcomp(c, ch); case LBRACE: { int i, size; asdl_seq *keys, *values; ch = CHILD(n, 1); if (TYPE(ch) == RBRACE) { return Dict(NULL, NULL, LINENO(n), n->n_col_offset, c->c_arena); } else if (NCH(ch) == 1 || TYPE(CHILD(ch, 1)) == COMMA) { asdl_seq *elts; size = (NCH(ch) + 1) / 2; elts = asdl_seq_new(size, c->c_arena); if (!elts) return NULL; for (i = 0; i < NCH(ch); i += 2) { expr_ty expression; expression = ast_for_expr(c, CHILD(ch, i)); if (!expression) return NULL; asdl_seq_SET(elts, i / 2, expression); } return Set(elts, LINENO(n), n->n_col_offset, c->c_arena); } else if (TYPE(CHILD(ch, 1)) == comp_for) { return ast_for_setcomp(c, ch); } else if (NCH(ch) > 3 && TYPE(CHILD(ch, 3)) == comp_for) { return ast_for_dictcomp(c, ch); } else { size = (NCH(ch) + 1) / 4; keys = asdl_seq_new(size, c->c_arena); if (!keys) return NULL; values = asdl_seq_new(size, c->c_arena); if (!values) return NULL; for (i = 0; i < NCH(ch); i += 4) { expr_ty expression; expression = ast_for_expr(c, CHILD(ch, i)); if (!expression) return NULL; asdl_seq_SET(keys, i / 4, expression); expression = ast_for_expr(c, CHILD(ch, i + 2)); if (!expression) return NULL; asdl_seq_SET(values, i / 4, expression); } return Dict(keys, values, LINENO(n), n->n_col_offset, c->c_arena); } } case BACKQUOTE: { expr_ty expression; if (Py_Py3kWarningFlag && !ast_warn(c, n, ""backquote not supported in 3.x; use repr()"")) return NULL; expression = ast_for_testlist(c, CHILD(n, 1)); if (!expression) return NULL; return Repr(expression, LINENO(n), n->n_col_offset, c->c_arena); } default: PyErr_Format(PyExc_SystemError, ""unhandled atom %d"", TYPE(ch)); return NULL; } }",visit repo url,ast27/Python/ast.c,https://github.com/python/typed_ast,57823178397411,1 979,['CWE-189'],"ShmExtensionInit(INITARGS) { ExtensionEntry *extEntry; int i; #ifdef MUST_CHECK_FOR_SHM_SYSCALL if (!CheckForShmSyscall()) { ErrorF(""MIT-SHM extension disabled due to lack of kernel support\n""); return; } #endif sharedPixmaps = xFalse; pixmapFormat = 0; { sharedPixmaps = xTrue; pixmapFormat = shmPixFormat[0]; for (i = 0; i < screenInfo.numScreens; i++) { if (!shmFuncs[i]) shmFuncs[i] = &miFuncs; if (!shmFuncs[i]->CreatePixmap) sharedPixmaps = xFalse; if (shmPixFormat[i] && (shmPixFormat[i] != pixmapFormat)) { sharedPixmaps = xFalse; pixmapFormat = 0; } } if (!pixmapFormat) pixmapFormat = ZPixmap; if (sharedPixmaps) for (i = 0; i < screenInfo.numScreens; i++) { destroyPixmap[i] = screenInfo.screens[i]->DestroyPixmap; screenInfo.screens[i]->DestroyPixmap = ShmDestroyPixmap; } } ShmSegType = CreateNewResourceType(ShmDetachSegment); if (ShmSegType && (extEntry = AddExtension(SHMNAME, ShmNumberEvents, ShmNumberErrors, ProcShmDispatch, SProcShmDispatch, ShmResetProc, StandardMinorOpcode))) { ShmReqCode = (unsigned char)extEntry->base; ShmCompletionCode = extEntry->eventBase; BadShmSegCode = extEntry->errorBase; EventSwapVector[ShmCompletionCode] = (EventSwapPtr) SShmCompletionEvent; } }",xserver,,,166140991433810122306359627718674300746,0 171,[],"compat_sys_readv(unsigned long fd, const struct compat_iovec __user *vec, unsigned long vlen) { struct file *file; ssize_t ret = -EBADF; file = fget(fd); if (!file) return -EBADF; if (!(file->f_mode & FMODE_READ)) goto out; ret = -EINVAL; if (!file->f_op || (!file->f_op->aio_read && !file->f_op->read)) goto out; ret = compat_do_readv_writev(READ, file, vec, vlen, &file->f_pos); out: fput(file); return ret; }",linux-2.6,,,76408149392831731124364730129129168734,0 2715,CWE-190,"SPL_METHOD(SplFileObject, current) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } if (!intern->u.file.current_line && !intern->u.file.current_zval) { spl_filesystem_file_read_line(getThis(), intern, 1 TSRMLS_CC); } if (intern->u.file.current_line && (!SPL_HAS_FLAG(intern->flags, SPL_FILE_OBJECT_READ_CSV) || !intern->u.file.current_zval)) { RETURN_STRINGL(intern->u.file.current_line, intern->u.file.current_line_len, 1); } else if (intern->u.file.current_zval) { RETURN_ZVAL(intern->u.file.current_zval, 1, 0); } RETURN_FALSE; } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,86180111960669,1 2811,CWE-119,"static void update_read_synchronize(rdpUpdate* update, wStream* s) { WINPR_UNUSED(update); Stream_Seek_UINT16(s); }",visit repo url,libfreerdp/core/update.c,https://github.com/FreeRDP/FreeRDP,277210963844125,1 6683,['CWE-200'],"applet_update_icon (gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); GdkPixbuf *pixbuf = NULL; NMState state; char *dev_tip = NULL, *vpn_tip = NULL; NMVPNConnectionState vpn_state = NM_VPN_SERVICE_STATE_UNKNOWN; gboolean nm_running; NMActiveConnection *active_vpn = NULL; applet->update_icon_id = 0; nm_running = nm_client_get_manager_running (applet->nm_client); gtk_status_icon_set_visible (applet->status_icon, nm_running); state = nm_client_get_state (applet->nm_client); if (!nm_running) state = NM_STATE_UNKNOWN; switch (state) { case NM_STATE_UNKNOWN: case NM_STATE_ASLEEP: pixbuf = applet->no_connection_icon; dev_tip = g_strdup (_(""Networking disabled"")); break; case NM_STATE_DISCONNECTED: pixbuf = applet->no_connection_icon; dev_tip = g_strdup (_(""No network connection"")); break; default: pixbuf = applet_get_device_icon_for_state (applet, &dev_tip); break; } foo_set_icon (applet, pixbuf, ICON_LAYER_LINK); pixbuf = NULL; active_vpn = applet_get_first_active_vpn_connection (applet, &vpn_state); if (active_vpn) { switch (vpn_state) { case NM_VPN_CONNECTION_STATE_ACTIVATED: pixbuf = applet->vpn_lock_icon; break; case NM_VPN_CONNECTION_STATE_PREPARE: case NM_VPN_CONNECTION_STATE_NEED_AUTH: case NM_VPN_CONNECTION_STATE_CONNECT: case NM_VPN_CONNECTION_STATE_IP_CONFIG_GET: pixbuf = applet->vpn_connecting_icons[applet->animation_step]; applet->animation_step++; if (applet->animation_step >= NUM_VPN_CONNECTING_FRAMES) applet->animation_step = 0; break; default: break; } vpn_tip = get_tip_for_vpn (active_vpn, vpn_state, applet); } foo_set_icon (applet, pixbuf, ICON_LAYER_VPN); if (applet->tip) { g_free (applet->tip); applet->tip = NULL; } if (dev_tip || vpn_tip) { GString *tip; tip = g_string_new (dev_tip); if (vpn_tip) g_string_append_printf (tip, ""%s%s"", tip->len ? ""\n"" : """", vpn_tip); if (tip->len) applet->tip = tip->str; g_free (vpn_tip); g_free (dev_tip); g_string_free (tip, FALSE); } #if GTK_CHECK_VERSION(2, 15, 0) gtk_status_icon_set_tooltip_text (applet->status_icon, applet->tip); #else gtk_status_icon_set_tooltip (applet->status_icon, applet->tip); #endif return FALSE; }",network-manager-applet,,,313206126591404646820104571060061974847,0 1092,CWE-399,"int hugepage_madvise(struct vm_area_struct *vma, unsigned long *vm_flags, int advice) { switch (advice) { case MADV_HUGEPAGE: if (*vm_flags & (VM_HUGEPAGE | VM_SHARED | VM_MAYSHARE | VM_PFNMAP | VM_IO | VM_DONTEXPAND | VM_RESERVED | VM_HUGETLB | VM_INSERTPAGE | VM_MIXEDMAP | VM_SAO)) return -EINVAL; *vm_flags &= ~VM_NOHUGEPAGE; *vm_flags |= VM_HUGEPAGE; if (unlikely(khugepaged_enter_vma_merge(vma))) return -ENOMEM; break; case MADV_NOHUGEPAGE: if (*vm_flags & (VM_NOHUGEPAGE | VM_SHARED | VM_MAYSHARE | VM_PFNMAP | VM_IO | VM_DONTEXPAND | VM_RESERVED | VM_HUGETLB | VM_INSERTPAGE | VM_MIXEDMAP | VM_SAO)) return -EINVAL; *vm_flags &= ~VM_HUGEPAGE; *vm_flags |= VM_NOHUGEPAGE; break; } return 0; }",visit repo url,mm/huge_memory.c,https://github.com/torvalds/linux,165102513805186,1 5379,CWE-787,"int main(int argc, char *argv[]) { int32_t ret = GPMF_OK; GPMF_stream metadata_stream, *ms = &metadata_stream; double metadatalength; uint32_t *payload = NULL; if (argc != 2) { printf(""usage: %s \n"", argv[0]); return -1; } size_t mp4 = OpenMP4Source(argv[1], MOV_GPMF_TRAK_TYPE, MOV_GPMF_TRAK_SUBTYPE); metadatalength = GetDuration(mp4); if (metadatalength > 0.0) { uint32_t index, payloads = GetNumberPayloads(mp4); #if 1 if (payloads == 1) { uint32_t payloadsize = GetPayloadSize(mp4,0); payload = GetPayload(mp4, payload, 0); if(payload == NULL) goto cleanup; ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; ret = GPMF_Validate(ms, GPMF_RECURSE_LEVELS); if (GPMF_OK != ret) { printf(""Invalid Structure\n""); goto cleanup; } GPMF_ResetState(ms); do { PrintGPMF(ms); } while (GPMF_OK == GPMF_Next(ms, GPMF_RECURSE_LEVELS)); GPMF_ResetState(ms); printf(""\n""); } #endif for (index = 0; index < payloads; index++) { uint32_t payloadsize = GetPayloadSize(mp4, index); float in = 0.0, out = 0.0; payload = GetPayload(mp4, payload, index); if (payload == NULL) goto cleanup; ret = GetPayloadTime(mp4, index, &in, &out); if (ret != GPMF_OK) goto cleanup; ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; #if 1 if (index == 0) { ret = GPMF_FindNext(ms, GPMF_KEY_STREAM, GPMF_RECURSE_LEVELS); while (GPMF_OK == ret) { ret = GPMF_SeekToSamples(ms); if (GPMF_OK == ret) { uint32_t key = GPMF_Key(ms); GPMF_SampleType type = GPMF_Type(ms); uint32_t elements = GPMF_ElementsInStruct(ms); uint32_t samples = GPMF_PayloadSampleCount(ms); if (samples) { printf("" STRM of %c%c%c%c "", PRINTF_4CC(key)); if (type == GPMF_TYPE_COMPLEX) { GPMF_stream find_stream; GPMF_CopyState(ms, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TYPE, GPMF_CURRENT_LEVEL)) { char tmp[64]; char *data = (char *)GPMF_RawData(&find_stream); int size = GPMF_RawDataSize(&find_stream); if (size < sizeof(tmp)) { memcpy(tmp, data, size); tmp[size] = 0; printf(""of type %s "", tmp); } } } else { printf(""of type %c "", type); } printf(""with %d sample%s "", samples, samples > 1 ? ""s"" : """"); if (elements > 1) printf(""-- %d elements per sample"", elements); printf(""\n""); } ret = GPMF_FindNext(ms, GPMF_KEY_STREAM, GPMF_RECURSE_LEVELS); } else { if (ret == GPMF_ERROR_BAD_STRUCTURE) { ret = GPMF_Next(ms, GPMF_CURRENT_LEVEL); } } } GPMF_ResetState(ms); printf(""\n""); } #endif #if 1 if (index == 0) { if (GPMF_OK == GPMF_FindNext(ms, STR2FOURCC(""GPS5""), GPMF_RECURSE_LEVELS) || GPMF_OK == GPMF_FindNext(ms, STR2FOURCC(""GPRI""), GPMF_RECURSE_LEVELS)) { uint32_t key = GPMF_Key(ms); uint32_t samples = GPMF_Repeat(ms); uint32_t elements = GPMF_ElementsInStruct(ms); uint32_t buffersize = samples * elements * sizeof(double); GPMF_stream find_stream; double *ptr, *tmpbuffer = malloc(buffersize); char units[10][6] = { """" }; uint32_t unit_samples = 1; printf(""MP4 Payload time %.3f to %.3f seconds\n"", in, out); if (tmpbuffer && samples) { uint32_t i, j; GPMF_CopyState(ms, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_SI_UNITS, GPMF_CURRENT_LEVEL) || GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_UNITS, GPMF_CURRENT_LEVEL)) { char *data = (char *)GPMF_RawData(&find_stream); int ssize = GPMF_StructSize(&find_stream); unit_samples = GPMF_Repeat(&find_stream); for (i = 0; i < unit_samples; i++) { memcpy(units[i], data, ssize); units[i][ssize] = 0; data += ssize; } } GPMF_ScaledData(ms, tmpbuffer, buffersize, 0, samples, GPMF_TYPE_DOUBLE); ptr = tmpbuffer; for (i = 0; i < samples; i++) { printf(""%c%c%c%c "", PRINTF_4CC(key)); for (j = 0; j < elements; j++) printf(""%.3f%s, "", *ptr++, units[j%unit_samples]); printf(""\n""); } free(tmpbuffer); } } GPMF_ResetState(ms); printf(""\n""); } #endif } #if 1 while (GPMF_OK == GPMF_FindNext(ms, GPMF_KEY_STREAM, GPMF_RECURSE_LEVELS)) { if (GPMF_OK == GPMF_SeekToSamples(ms)) { uint32_t fourcc = GPMF_Key(ms); double rate = GetGPMFSampleRate(mp4, fourcc, GPMF_SAMPLE_RATE_PRECISE); printf(""%c%c%c%c sampling rate = %f Hz\n"", PRINTF_4CC(fourcc), rate); } } #endif cleanup: if (payload) FreePayload(payload); payload = NULL; CloseSource(mp4); } return ret; }",visit repo url,demo/GPMF_demo.c,https://github.com/gopro/gpmf-parser,197991278856194,1 633,CWE-20,"static int raw_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); size_t copied = 0; int err = -EOPNOTSUPP; struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; struct sk_buff *skb; if (flags & MSG_OOB) goto out; if (addr_len) *addr_len = sizeof(*sin); if (flags & MSG_ERRQUEUE) { err = ip_recv_error(sk, msg, len); goto out; } skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_ts_and_drops(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; sin->sin_port = 0; memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); } if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); if (flags & MSG_TRUNC) copied = skb->len; done: skb_free_datagram(sk, skb); out: if (err) return err; return copied; }",visit repo url,net/ipv4/raw.c,https://github.com/torvalds/linux,209414896095457,1 5694,['CWE-476'],"static int udp_destroy_sock(struct sock *sk) { lock_sock(sk); udp_flush_pending_frames(sk); release_sock(sk); return 0; }",linux-2.6,,,174103540079588516673251336574029887837,0 1679,CWE-20,"static int snd_timer_start_slave(struct snd_timer_instance *timeri) { unsigned long flags; spin_lock_irqsave(&slave_active_lock, flags); timeri->flags |= SNDRV_TIMER_IFLG_RUNNING; if (timeri->master) list_add_tail(&timeri->active_list, &timeri->master->slave_active_head); spin_unlock_irqrestore(&slave_active_lock, flags); return 1; }",visit repo url,sound/core/timer.c,https://github.com/torvalds/linux,258161023447021,1 2811,['CWE-264'],"sbni_open( struct net_device *dev ) { struct net_local *nl = (struct net_local *) dev->priv; struct timer_list *w = &nl->watchdog; if( dev->base_addr < 0x400 ) { struct net_device **p = sbni_cards; for( ; *p && p < sbni_cards + SBNI_MAX_NUM_CARDS; ++p ) if( (*p)->irq == dev->irq && ((*p)->base_addr == dev->base_addr + 4 || (*p)->base_addr == dev->base_addr - 4) && (*p)->flags & IFF_UP ) { ((struct net_local *) ((*p)->priv)) ->second = dev; printk( KERN_NOTICE ""%s: using shared irq "" ""with %s\n"", dev->name, (*p)->name ); nl->state |= FL_SECONDARY; goto handler_attached; } } if( request_irq(dev->irq, sbni_interrupt, IRQF_SHARED, dev->name, dev) ) { printk( KERN_ERR ""%s: unable to get IRQ %d.\n"", dev->name, dev->irq ); return -EAGAIN; } handler_attached: spin_lock( &nl->lock ); memset( &nl->stats, 0, sizeof(struct net_device_stats) ); memset( &nl->in_stats, 0, sizeof(struct sbni_in_stats) ); card_start( dev ); netif_start_queue( dev ); init_timer( w ); w->expires = jiffies + SBNI_TIMEOUT; w->data = (unsigned long) dev; w->function = sbni_watchdog; add_timer( w ); spin_unlock( &nl->lock ); return 0; }",linux-2.6,,,271284905430393654689890860096321521265,0 5372,CWE-787,"void * adminchild(struct clientparam* param) { int i, res; char * buf; char username[256]; char *sb; char *req = NULL; struct printparam pp; int contentlen = 0; int isform = 0; pp.inbuf = 0; pp.cp = param; buf = myalloc(LINESIZE); if(!buf) {RETURN(555);} i = sockgetlinebuf(param, CLIENT, (unsigned char *)buf, LINESIZE - 1, '\n', conf.timeouts[STRING_S]); if(i<5 || ((buf[0]!='G' || buf[1]!='E' || buf[2]!='T' || buf[3]!=' ' || buf[4]!='/') && (buf[0]!='P' || buf[1]!='O' || buf[2]!='S' || buf[3]!='T' || buf[4]!=' ' || buf[5]!='/'))) { RETURN(701); } buf[i] = 0; sb = strchr(buf+5, ' '); if(!sb){ RETURN(702); } *sb = 0; req = mystrdup(buf + ((*buf == 'P')? 6 : 5)); while((i = sockgetlinebuf(param, CLIENT, (unsigned char *)buf, LINESIZE - 1, '\n', conf.timeouts[STRING_S])) > 2){ buf[i] = 0; if(i > 19 && (!strncasecmp(buf, ""authorization"", 13))){ sb = strchr(buf, ':'); if(!sb)continue; ++sb; while(isspace(*sb))sb++; if(!*sb || strncasecmp(sb, ""basic"", 5)){ continue; } sb+=5; while(isspace(*sb))sb++; i = de64((unsigned char *)sb, (unsigned char *)username, 255); if(i<=0)continue; username[i] = 0; sb = strchr((char *)username, ':'); if(sb){ *sb = 0; if(param->password)myfree(param->password); param->password = (unsigned char *)mystrdup(sb+1); } if(param->username) myfree(param->username); param->username = (unsigned char *)mystrdup(username); continue; } else if(i > 15 && (!strncasecmp(buf, ""content-length:"", 15))){ sb = buf + 15; while(isspace(*sb))sb++; contentlen = atoi(sb); } else if(i > 13 && (!strncasecmp(buf, ""content-type:"", 13))){ sb = buf + 13; while(isspace(*sb))sb++; if(!strncasecmp(sb, ""x-www-form-urlencoded"", 21)) isform = 1; } } param->operation = ADMIN; if(isform && contentlen) { printstr(&pp, ""HTTP/1.0 100 Continue\r\n\r\n""); stdpr(&pp, NULL, 0); } res = (*param->srv->authfunc)(param); if(res && res != 10) { printstr(&pp, authreq); RETURN(res); } if(param->srv->singlepacket || param->redirected){ if(*req == 'C') req[1] = 0; else *req = 0; } sprintf(buf, ok, conf.stringtable?(char *)conf.stringtable[2]:""3proxy"", conf.stringtable?(char *)conf.stringtable[2]:""3[APA3A] tiny proxy"", conf.stringtable?(char *)conf.stringtable[3]:""""); if(*req != 'S') printstr(&pp, buf); switch(*req){ case 'C': printstr(&pp, counters); { struct trafcount *cp; int num = 0; for(cp = conf.trafcounter; cp; cp = cp->next, num++){ int inbuf = 0; if(cp->ace && (param->srv->singlepacket || param->redirected)){ if(!ACLmatches(cp->ace, param))continue; } if(req[1] == 'S' && atoi(req+2) == num) cp->disabled=0; if(req[1] == 'D' && atoi(req+2) == num) cp->disabled=1; inbuf += sprintf(buf, """" ""%s%s"", (cp->comment)?cp->comment:"" "", (cp->disabled)?'S':'D', num, (cp->disabled)?""NO"":""YES"" ); if(!cp->ace || !cp->ace->users){ inbuf += sprintf(buf+inbuf, ""
ANY
""); } else { inbuf += printuserlist(buf+inbuf, LINESIZE-800, cp->ace->users, "",
\r\n""); } inbuf += sprintf(buf+inbuf, """"); if(!cp->ace || !cp->ace->src){ inbuf += sprintf(buf+inbuf, ""
ANY
""); } else { inbuf += printiplist(buf+inbuf, LINESIZE-512, cp->ace->src, "",
\r\n""); } inbuf += sprintf(buf+inbuf, """"); if(!cp->ace || !cp->ace->dst){ inbuf += sprintf(buf+inbuf, ""
ANY
""); } else { inbuf += printiplist(buf+inbuf, LINESIZE-512, cp->ace->dst, "",
\r\n""); } inbuf += sprintf(buf+inbuf, """"); if(!cp->ace || !cp->ace->ports){ inbuf += sprintf(buf+inbuf, ""
ANY
""); } else { inbuf += printportlist(buf+inbuf, LINESIZE-128, cp->ace->ports, "",
\r\n""); } if(cp->type == NONE) { inbuf += sprintf(buf+inbuf, ""exclude from limitation\r\n"" ); } else { inbuf += sprintf(buf+inbuf, ""%""PRINTF_INT64_MODIFIER""u"" ""MB%s"" ""%""PRINTF_INT64_MODIFIER""u"" ""%s"", cp->traflim64 / (1024 * 1024), rotations[cp->type], cp->traf64, cp->cleared?ctime(&cp->cleared):""never"" ); inbuf += sprintf(buf + inbuf, ""%s"" ""%i"" ""\r\n"", cp->updated?ctime(&cp->updated):""never"", cp->number ); } printstr(&pp, buf); } } printstr(&pp, counterstail); break; case 'R': conf.needreload = 1; printstr(&pp, ""

Reload scheduled

""); break; case 'S': { if(req[1] == 'X'){ printstr(&pp, style); break; } printstr(&pp, xml); printval(conf.services, TYPE_SERVER, 0, &pp); printstr(&pp, postxml); } break; case 'F': { FILE *fp; char buf[256]; fp = confopen(); if(!fp){ printstr(&pp, ""

Failed to open config file

""); break; } printstr(&pp, ""

Please be careful editing config file remotely

""); printstr(&pp, ""

""); break; } case 'U': { int l=0; int error = 0; if(!writable || fseek(writable, 0, 0)){ error = 1; } while((i = sockgetlinebuf(param, CLIENT, (unsigned char *)buf, LINESIZE - 1, '+', conf.timeouts[STRING_S])) > 0){ if(i > (contentlen - l)) i = (contentlen - l); buf[i] = 0; if(!l){ if(strncasecmp(buf, ""conffile="", 9)) error = 1; } if(!error){ decodeurl((unsigned char *)buf, 1); fprintf(writable, ""%s"", l? buf : buf + 9); } l += i; if(l >= contentlen) break; } if(writable && !error){ fflush(writable); #ifndef _WINCE ftruncate(fileno(writable), ftell(writable)); #endif } printstr(&pp, error? ""

Config file is not writable

Make sure you have \""writable\"" command in configuration file"": ""

Configuration updated

""); } break; default: printstr(&pp, (char *)conf.stringtable[WEBBANNERS]); break; } if(*req != 'S') printstr(&pp, tail); CLEANRET: printstr(&pp, NULL); if(buf) myfree(buf); (*param->srv->logfunc)(param, (unsigned char *)req); if(req)myfree(req); freeparam(param); return (NULL); }",visit repo url,src/webadmin.c,https://github.com/z3APA3A/3proxy,10156373104239,1 6564,CWE-476,"DU_getStringDOElement(DcmItem *obj, DcmTagKey t, char *s, size_t bufsize) { DcmByteString *elem; DcmStack stack; OFCondition ec = EC_Normal; char* aString; ec = obj->search(t, stack); elem = (DcmByteString*) stack.top(); if (ec == EC_Normal && elem != NULL) { if (elem->getLength() == 0) { s[0] = '\0'; } else { ec = elem->getString(aString); OFStandard::strlcpy(s, aString, bufsize); } } return (ec == EC_Normal); }",visit repo url,dcmnet/libsrc/diutil.cc,https://github.com/DCMTK/dcmtk,274232285902187,1 3902,CWE-416,"qf_jump_open_window( qf_info_T *qi, qfline_T *qf_ptr, int newwin, int *opened_window) { qf_list_T *qfl = qf_get_curlist(qi); int old_changedtick = qfl->qf_changedtick; int old_qf_curlist = qi->qf_curlist; qfltype_T qfl_type = qfl->qfl_type; if (qf_ptr->qf_type == 1 && (!bt_help(curwin->w_buffer) || cmdmod.cmod_tab != 0)) if (jump_to_help_window(qi, newwin, opened_window) == FAIL) return FAIL; if (old_qf_curlist != qi->qf_curlist || old_changedtick != qfl->qf_changedtick || !is_qf_entry_present(qfl, qf_ptr)) { if (qfl_type == QFLT_QUICKFIX) emsg(_(e_current_quickfix_list_was_changed)); else emsg(_(e_current_location_list_was_changed)); return FAIL; } if (bt_quickfix(curbuf) && !*opened_window) { if (qf_ptr->qf_fnum == 0) return NOTDONE; if (qf_jump_to_usable_window(qf_ptr->qf_fnum, newwin, opened_window) == FAIL) return FAIL; } if (old_qf_curlist != qi->qf_curlist || old_changedtick != qfl->qf_changedtick || !is_qf_entry_present(qfl, qf_ptr)) { if (qfl_type == QFLT_QUICKFIX) emsg(_(e_current_quickfix_list_was_changed)); else emsg(_(e_current_location_list_was_changed)); return FAIL; } return OK; }",visit repo url,src/quickfix.c,https://github.com/vim/vim,147249941867802,1 4379,CWE-125,"static void iwjpeg_scan_exif_ifd(struct iwjpegrcontext *rctx, struct iw_exif_state *e, iw_uint32 ifd) { unsigned int tag_count; unsigned int i; unsigned int tag_pos; unsigned int tag_id; unsigned int v; double v_dbl; if(ifd<8 || ifd>e->d_len-18) return; tag_count = iw_get_ui16_e(&e->d[ifd],e->endian); if(tag_count>1000) return; for(i=0;i e->d_len) return; tag_id = iw_get_ui16_e(&e->d[tag_pos],e->endian); switch(tag_id) { case 274: if(get_exif_tag_int_value(e,tag_pos,&v)) { rctx->exif_orientation = v; } break; case 296: if(get_exif_tag_int_value(e,tag_pos,&v)) { rctx->exif_density_unit = v; } break; case 282: if(get_exif_tag_dbl_value(e,tag_pos,&v_dbl)) { rctx->exif_density_x = v_dbl; } break; case 283: if(get_exif_tag_dbl_value(e,tag_pos,&v_dbl)) { rctx->exif_density_y = v_dbl; } break; } } }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,254890664792750,1 606,['CWE-200'],"static int __init htab_dt_scan_page_sizes(unsigned long node, const char *uname, int depth, void *data) { char *type = of_get_flat_dt_prop(node, ""device_type"", NULL); u32 *prop; unsigned long size = 0; if (type == NULL || strcmp(type, ""cpu"") != 0) return 0; prop = (u32 *)of_get_flat_dt_prop(node, ""ibm,segment-page-sizes"", &size); if (prop != NULL) { DBG(""Page sizes from device-tree:\n""); size /= 4; cur_cpu_spec->cpu_features &= ~(CPU_FTR_16M_PAGE); while(size > 0) { unsigned int shift = prop[0]; unsigned int slbenc = prop[1]; unsigned int lpnum = prop[2]; unsigned int lpenc = 0; struct mmu_psize_def *def; int idx = -1; size -= 3; prop += 3; while(size > 0 && lpnum) { if (prop[0] == shift) lpenc = prop[1]; prop += 2; size -= 2; lpnum--; } switch(shift) { case 0xc: idx = MMU_PAGE_4K; break; case 0x10: idx = MMU_PAGE_64K; break; case 0x14: idx = MMU_PAGE_1M; break; case 0x18: idx = MMU_PAGE_16M; cur_cpu_spec->cpu_features |= CPU_FTR_16M_PAGE; break; case 0x22: idx = MMU_PAGE_16G; break; } if (idx < 0) continue; def = &mmu_psize_defs[idx]; def->shift = shift; if (shift <= 23) def->avpnm = 0; else def->avpnm = (1 << (shift - 23)) - 1; def->sllp = slbenc; def->penc = lpenc; if (idx == MMU_PAGE_4K || idx == MMU_PAGE_64K) def->tlbiel = 1; else def->tlbiel = 0; DBG("" %d: shift=%02x, sllp=%04x, avpnm=%08x, "" ""tlbiel=%d, penc=%d\n"", idx, shift, def->sllp, def->avpnm, def->tlbiel, def->penc); } return 1; } return 0; }",linux-2.6,,,243852414571580466682782757541630289542,0 3048,['CWE-189'],"int jpc_enc_enccblks(jpc_enc_t *enc) { jpc_enc_tcmpt_t *tcmpt; jpc_enc_tcmpt_t *endcomps; jpc_enc_rlvl_t *lvl; jpc_enc_rlvl_t *endlvls; jpc_enc_band_t *band; jpc_enc_band_t *endbands; jpc_enc_cblk_t *cblk; jpc_enc_cblk_t *endcblks; int i; int j; int mx; int bmx; int v; jpc_enc_tile_t *tile; uint_fast32_t prcno; jpc_enc_prc_t *prc; tile = enc->curtile; endcomps = &tile->tcmpts[tile->numtcmpts]; for (tcmpt = tile->tcmpts; tcmpt != endcomps; ++tcmpt) { endlvls = &tcmpt->rlvls[tcmpt->numrlvls]; for (lvl = tcmpt->rlvls; lvl != endlvls; ++lvl) { if (!lvl->bands) { continue; } endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { continue; } for (prcno = 0, prc = band->prcs; prcno < lvl->numprcs; ++prcno, ++prc) { if (!prc->cblks) { continue; } bmx = 0; endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { mx = 0; for (i = 0; i < jas_matrix_numrows(cblk->data); ++i) { for (j = 0; j < jas_matrix_numcols(cblk->data); ++j) { v = abs(jas_matrix_get(cblk->data, i, j)); if (v > mx) { mx = v; } } } if (mx > bmx) { bmx = mx; } cblk->numbps = JAS_MAX(jpc_firstone(mx) + 1 - JPC_NUMEXTRABITS, 0); } for (cblk = prc->cblks; cblk != endcblks; ++cblk) { cblk->numimsbs = band->numbps - cblk->numbps; assert(cblk->numimsbs >= 0); } for (cblk = prc->cblks; cblk != endcblks; ++cblk) { if (jpc_enc_enccblk(enc, cblk->stream, tcmpt, band, cblk)) { return -1; } } } } } } return 0; }",jasper,,,301992746541631151742572643474846635794,0 5019,['CWE-120'],"static int utf8_unichar_valid_range(int unichar) { if (unichar > 0x10ffff) return 0; if ((unichar & 0xfffff800) == 0xd800) return 0; if ((unichar > 0xfdcf) && (unichar < 0xfdf0)) return 0; if ((unichar & 0xffff) == 0xffff) return 0; return 1; }",udev,,,195740263550096629321937696988533578169,0 811,['CWE-16'],"static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) { struct esp_data *esp = x->data; u32 blksize = ALIGN(crypto_aead_blocksize(esp->aead), 4); u32 align = max_t(u32, blksize, esp->padlen); u32 rem; mtu -= x->props.header_len + crypto_aead_authsize(esp->aead); rem = mtu & (align - 1); mtu &= ~(align - 1); if (x->props.mode != XFRM_MODE_TUNNEL) { u32 padsize = ((blksize - 1) & 7) + 1; mtu -= blksize - padsize; mtu += min_t(u32, blksize - padsize, rem); } return mtu - 2; }",linux-2.6,,,191976841145147485737883942388811637506,0 2619,CWE-190,"PHP_FUNCTION(get_html_translation_table) { long all = HTML_SPECIALCHARS, flags = ENT_COMPAT; int doctype; entity_table_opt entity_table; const enc_to_uni *to_uni_table = NULL; char *charset_hint = NULL; int charset_hint_len; enum entity_charset charset; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""|lls"", &all, &flags, &charset_hint, &charset_hint_len) == FAILURE) { return; } charset = determine_charset(charset_hint TSRMLS_CC); doctype = flags & ENT_HTML_DOC_TYPE_MASK; LIMIT_ALL(all, doctype, charset); array_init(return_value); entity_table = determine_entity_table(all, doctype); if (all && !CHARSET_UNICODE_COMPAT(charset)) { to_uni_table = enc_to_uni_index[charset]; } if (all) { const entity_stage1_row *ms_table = entity_table.ms_table; if (CHARSET_UNICODE_COMPAT(charset)) { unsigned i, j, k, max_i, max_j, max_k; if (CHARSET_SINGLE_BYTE(charset)) { max_i = 1; max_j = 4; max_k = 64; } else { max_i = 0x1E; max_j = 64; max_k = 64; } for (i = 0; i < max_i; i++) { if (ms_table[i] == empty_stage2_table) continue; for (j = 0; j < max_j; j++) { if (ms_table[i][j] == empty_stage3_table) continue; for (k = 0; k < max_k; k++) { const entity_stage3_row *r = &ms_table[i][j][k]; unsigned code; if (r->data.ent.entity == NULL) continue; code = ENT_CODE_POINT_FROM_STAGES(i, j, k); if (((code == '\'' && !(flags & ENT_HTML_QUOTE_SINGLE)) || (code == '""' && !(flags & ENT_HTML_QUOTE_DOUBLE)))) continue; write_s3row_data(r, code, charset, return_value); } } } } else { unsigned i; for (i = 0; i <= 0xFF; i++) { const entity_stage3_row *r; unsigned uni_cp; if (((i == '\'' && !(flags & ENT_HTML_QUOTE_SINGLE)) || (i == '""' && !(flags & ENT_HTML_QUOTE_DOUBLE)))) continue; map_to_unicode(i, to_uni_table, &uni_cp); r = &ms_table[ENT_STAGE1_INDEX(uni_cp)][ENT_STAGE2_INDEX(uni_cp)][ENT_STAGE3_INDEX(uni_cp)]; if (r->data.ent.entity == NULL) continue; write_s3row_data(r, i, charset, return_value); } } } else { unsigned j, numelems = sizeof(stage3_table_be_noapos_00000) / sizeof(*stage3_table_be_noapos_00000); for (j = 0; j < numelems; j++) { const entity_stage3_row *r = &entity_table.table[j]; if (r->data.ent.entity == NULL) continue; if (((j == '\'' && !(flags & ENT_HTML_QUOTE_SINGLE)) || (j == '""' && !(flags & ENT_HTML_QUOTE_DOUBLE)))) continue; write_s3row_data(r, j, cs_8859_1, return_value); } } }",visit repo url,ext/standard/html.c,https://github.com/php/php-src,165330747065275,1 1925,['CWE-20'],"int isolate_lru_page(struct page *page, struct list_head *pagelist) { int ret = -EBUSY; if (PageLRU(page)) { struct zone *zone = page_zone(page); spin_lock_irq(&zone->lru_lock); if (PageLRU(page) && get_page_unless_zero(page)) { ret = 0; ClearPageLRU(page); if (PageActive(page)) del_page_from_active_list(zone, page); else del_page_from_inactive_list(zone, page); list_add_tail(&page->lru, pagelist); } spin_unlock_irq(&zone->lru_lock); } return ret; }",linux-2.6,,,22073873672476043479869644345109833556,0 4287,['CWE-264'],"static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) { if (clone_flags & CLONE_FS) { atomic_inc(¤t->fs->count); return 0; } tsk->fs = __copy_fs_struct(current->fs); if (!tsk->fs) return -ENOMEM; return 0; }",linux-2.6,,,112370310778253699371930218711995594916,0 2259,['CWE-120'],"int may_open(struct nameidata *nd, int acc_mode, int flag) { struct dentry *dentry = nd->path.dentry; struct inode *inode = dentry->d_inode; int error; if (!inode) return -ENOENT; if (S_ISLNK(inode->i_mode)) return -ELOOP; if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE)) return -EISDIR; if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) { flag &= ~O_TRUNC; } else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) { if (nd->path.mnt->mnt_flags & MNT_NODEV) return -EACCES; flag &= ~O_TRUNC; } error = vfs_permission(nd, acc_mode); if (error) return error; if (IS_APPEND(inode)) { if ((flag & FMODE_WRITE) && !(flag & O_APPEND)) return -EPERM; if (flag & O_TRUNC) return -EPERM; } if (flag & O_NOATIME) if (!is_owner_or_cap(inode)) return -EPERM; error = break_lease(inode, flag); if (error) return error; if (flag & O_TRUNC) { error = get_write_access(inode); if (error) return error; error = locks_verify_locked(inode); if (!error) { DQUOT_INIT(inode); error = do_truncate(dentry, 0, ATTR_MTIME|ATTR_CTIME|ATTR_OPEN, NULL); } put_write_access(inode); if (error) return error; } else if (flag & FMODE_WRITE) DQUOT_INIT(inode); return 0; }",linux-2.6,,,91003255327521247792682379865598042237,0 1922,['CWE-20'],"static inline pte_t maybe_mkwrite(pte_t pte, struct vm_area_struct *vma) { if (likely(vma->vm_flags & VM_WRITE)) pte = pte_mkwrite(pte); return pte; }",linux-2.6,,,178236024591125160204300173754137363366,0 930,['CWE-200'],"shmem_alloc_page(gfp_t gfp, struct shmem_inode_info *info, unsigned long idx) { struct vm_area_struct pvma; struct page *page; memset(&pvma, 0, sizeof(struct vm_area_struct)); pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx); pvma.vm_pgoff = idx; pvma.vm_end = PAGE_SIZE; page = alloc_page_vma(gfp, &pvma, 0); mpol_free(pvma.vm_policy); return page; }",linux-2.6,,,290860088444188426495541931816257493575,0 1577,[],"unsigned long long cpu_clock(int cpu) { unsigned long long prev_cpu_time, time, delta_time; prev_cpu_time = per_cpu(prev_cpu_time, cpu); time = __cpu_clock(cpu) + per_cpu(time_offset, cpu); delta_time = time-prev_cpu_time; if (unlikely(delta_time > time_sync_thresh)) time = __sync_cpu_clock(time, cpu); return time; }",linux-2.6,,,144699497623798696084161873997151478637,0 4742,['CWE-20'],"static void ext4_clear_inode(struct inode *inode) { #ifdef CONFIG_EXT4_FS_POSIX_ACL if (EXT4_I(inode)->i_acl && EXT4_I(inode)->i_acl != EXT4_ACL_NOT_CACHED) { posix_acl_release(EXT4_I(inode)->i_acl); EXT4_I(inode)->i_acl = EXT4_ACL_NOT_CACHED; } if (EXT4_I(inode)->i_default_acl && EXT4_I(inode)->i_default_acl != EXT4_ACL_NOT_CACHED) { posix_acl_release(EXT4_I(inode)->i_default_acl); EXT4_I(inode)->i_default_acl = EXT4_ACL_NOT_CACHED; } #endif ext4_discard_preallocations(inode); if (EXT4_JOURNAL(inode)) jbd2_journal_release_jbd_inode(EXT4_SB(inode->i_sb)->s_journal, &EXT4_I(inode)->jinode); }",linux-2.6,,,237755608445158535224517107293419284276,0 2078,[],"int __init udp4_proc_init(void) { return udp_proc_register(&udp4_seq_afinfo); }",linux-2.6,,,302808978833597875423601410817731931481,0 2998,CWE-399,"toomany(struct magic_set *ms, const char *name, uint16_t num) { if (file_printf(ms, "", too many %s header sections (%u)"", name, num ) == -1) return -1; return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,166821456312661,1 6131,CWE-190,"void ep_mul_monty(ep_t r, const ep_t p, const bn_t k) { int i, j, bits; ep_t t[2]; bn_t n, l, _k; bn_null(n); bn_null(l); bn_null(_k); ep_null(t[0]); ep_null(t[1]); if (bn_is_zero(k) || ep_is_infty(p)) { ep_set_infty(r); return; } RLC_TRY { bn_new(n); bn_new(l); bn_new(_k); ep_new(t[0]); ep_new(t[1]); ep_curve_get_ord(n); bits = bn_bits(n); bn_mod(_k, k, n); bn_abs(l, _k); bn_add(l, l, n); bn_add(n, l, n); dv_swap_cond(l->dp, n->dp, RLC_MAX(l->used, n->used), bn_get_bit(l, bits) == 0); l->used = RLC_SEL(l->used, n->used, bn_get_bit(l, bits) == 0); ep_norm(t[0], p); ep_dbl(t[1], t[0]); ep_blind(t[0], t[0]); ep_blind(t[1], t[1]); for (i = bits - 1; i >= 0; i--) { j = bn_get_bit(l, i); dv_swap_cond(t[0]->x, t[1]->x, RLC_FP_DIGS, j ^ 1); dv_swap_cond(t[0]->y, t[1]->y, RLC_FP_DIGS, j ^ 1); dv_swap_cond(t[0]->z, t[1]->z, RLC_FP_DIGS, j ^ 1); ep_add(t[0], t[0], t[1]); ep_dbl(t[1], t[1]); dv_swap_cond(t[0]->x, t[1]->x, RLC_FP_DIGS, j ^ 1); dv_swap_cond(t[0]->y, t[1]->y, RLC_FP_DIGS, j ^ 1); dv_swap_cond(t[0]->z, t[1]->z, RLC_FP_DIGS, j ^ 1); } ep_norm(r, t[0]); ep_neg(t[0], r); dv_copy_cond(r->y, t[0]->y, RLC_FP_DIGS, bn_sign(_k) == RLC_NEG); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(l); bn_free(_k); ep_free(t[1]); ep_free(t[0]); } }",visit repo url,src/ep/relic_ep_mul.c,https://github.com/relic-toolkit/relic,120038981453816,1 1789,[],"static int dattrs_equal(struct sched_domain_attr *cur, int idx_cur, struct sched_domain_attr *new, int idx_new) { struct sched_domain_attr tmp; if (!new && !cur) return 1; tmp = SD_ATTR_INIT; return !memcmp(cur ? (cur + idx_cur) : &tmp, new ? (new + idx_new) : &tmp, sizeof(struct sched_domain_attr)); }",linux-2.6,,,316176624442201303063045358242008297935,0 6703,CWE-89,"static int edit_ext(char* editor, char* name, char* date, char* data) { int fd; int st; int sz; char* b; char* l; char buff[512]; pid_t pid; strcpy(buff,""/tmp/nodau.XXXXXX""); fd = mkstemp(buff); if (fd < 0) return 1; pid = fork(); if (pid < 0) { return 1; }else if (pid) { close(fd); waitpid(pid,&st,0); if (!st) { if ((fd = open(buff,O_RDONLY)) < 0) return 1; sz = lseek(fd,0,SEEK_END); lseek(fd,0,SEEK_SET); if (sz) { b = alloca(sz+1); if (sz != read(fd,b,sz)) return 1; close(fd); remove(buff); b[sz] = 0; l = strstr(b,""-----""); if (l) { l += 6; if (db_update(name,l)) return 1; printf(""%s saved\n"",name); } } } return st; } sz = strlen(name)+strlen(date)+strlen(data)+50; b = alloca(sz); sz = sprintf( b, ""%s (%s)\nText above this line is ignored\n-----\n%s"", name, date, data ); if (write(fd,b,sz) != sz) { exit(1); } fsync(fd); close(fd); st = execl(editor,editor,buff,(char*)NULL); exit(st); return 1; }",visit repo url,src/edit.c,https://github.com/TicklishHoneyBee/nodau,178077215252380,1 5397,['CWE-476'],"int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu) { struct page *page; struct kvm *kvm; int r; BUG_ON(vcpu->kvm == NULL); kvm = vcpu->kvm; vcpu->arch.mmu.root_hpa = INVALID_PAGE; if (!irqchip_in_kernel(kvm) || vcpu->vcpu_id == 0) vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; else vcpu->arch.mp_state = KVM_MP_STATE_UNINITIALIZED; page = alloc_page(GFP_KERNEL | __GFP_ZERO); if (!page) { r = -ENOMEM; goto fail; } vcpu->arch.pio_data = page_address(page); r = kvm_mmu_create(vcpu); if (r < 0) goto fail_free_pio_data; if (irqchip_in_kernel(kvm)) { r = kvm_create_lapic(vcpu); if (r < 0) goto fail_mmu_destroy; } return 0; fail_mmu_destroy: kvm_mmu_destroy(vcpu); fail_free_pio_data: free_page((unsigned long)vcpu->arch.pio_data); fail: return r; }",linux-2.6,,,240883564531655611555158375956773361824,0 468,CWE-20,"static int encrypted_update(struct key *key, struct key_preparsed_payload *prep) { struct encrypted_key_payload *epayload = key->payload.data[0]; struct encrypted_key_payload *new_epayload; char *buf; char *new_master_desc = NULL; const char *format = NULL; size_t datalen = prep->datalen; int ret = 0; if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) return -ENOKEY; if (datalen <= 0 || datalen > 32767 || !prep->data) return -EINVAL; buf = kmalloc(datalen + 1, GFP_KERNEL); if (!buf) return -ENOMEM; buf[datalen] = 0; memcpy(buf, prep->data, datalen); ret = datablob_parse(buf, &format, &new_master_desc, NULL, NULL); if (ret < 0) goto out; ret = valid_master_desc(new_master_desc, epayload->master_desc); if (ret < 0) goto out; new_epayload = encrypted_key_alloc(key, epayload->format, new_master_desc, epayload->datalen); if (IS_ERR(new_epayload)) { ret = PTR_ERR(new_epayload); goto out; } __ekey_init(new_epayload, epayload->format, new_master_desc, epayload->datalen); memcpy(new_epayload->iv, epayload->iv, ivsize); memcpy(new_epayload->payload_data, epayload->payload_data, epayload->payload_datalen); rcu_assign_keypointer(key, new_epayload); call_rcu(&epayload->rcu, encrypted_rcu_free); out: kzfree(buf); return ret; }",visit repo url,security/keys/encrypted-keys/encrypted.c,https://github.com/torvalds/linux,108513934035129,1 5991,['CWE-200'],"int unregister_inet6addr_notifier(struct notifier_block *nb) { return notifier_chain_unregister(&inet6addr_chain,nb); }",linux-2.6,,,164393924003335554449736173435884624057,0 4334,['CWE-119'],"static int16_t ms_adpcm_decode_sample (struct ms_adpcm_state *state, uint8_t code, const int16_t *coefficient) { const int32_t MAX_INT16 = 32767, MIN_INT16 = -32768; const int32_t adaptive[] = { 230, 230, 230, 230, 307, 409, 512, 614, 768, 614, 512, 409, 307, 230, 230, 230 }; int32_t linearSample, delta; linearSample = ((state->sample1 * coefficient[0]) + (state->sample2 * coefficient[1])) / 256; if (code & 0x08) linearSample += state->delta * (code-0x10); else linearSample += state->delta * code; if (linearSample < MIN_INT16) linearSample = MIN_INT16; else if (linearSample > MAX_INT16) linearSample = MAX_INT16; delta = ((int32_t) state->delta * adaptive[code])/256; if (delta < 16) { delta = 16; } state->delta = delta; state->sample2 = state->sample1; state->sample1 = linearSample; return (int16_t) linearSample; }",audiofile,,,245710492564733389261318163528679627556,0 2930,['CWE-189'],"jpc_pchg_t *jpc_pchglist_remove(jpc_pchglist_t *pchglist, int pchgno) { int i; jpc_pchg_t *pchg; assert(pchgno < pchglist->numpchgs); pchg = pchglist->pchgs[pchgno]; for (i = pchgno + 1; i < pchglist->numpchgs; ++i) { pchglist->pchgs[i - 1] = pchglist->pchgs[i]; } --pchglist->numpchgs; return pchg; }",jasper,,,56325302946694467980624178337726927479,0 3370,CWE-119,"MagickBooleanType sixel_decode(unsigned char *p, unsigned char **pixels, size_t *pwidth, size_t *pheight, unsigned char **palette, size_t *ncolors ) { int n, i, r, g, b, sixel_vertical_mask, c; int posision_x, posision_y; int max_x, max_y; int attributed_pan, attributed_pad; int attributed_ph, attributed_pv; int repeat_count, color_index, max_color_index = 2, background_color_index; int param[10]; int sixel_palet[SIXEL_PALETTE_MAX]; unsigned char *imbuf, *dmbuf; int imsx, imsy; int dmsx, dmsy; int y; posision_x = posision_y = 0; max_x = max_y = 0; attributed_pan = 2; attributed_pad = 1; attributed_ph = attributed_pv = 0; repeat_count = 1; color_index = 0; background_color_index = 0; imsx = 2048; imsy = 2048; imbuf = (unsigned char *) AcquireQuantumMemory(imsx * imsy,1); if (imbuf == NULL) { return(MagickFalse); } for (n = 0; n < 16; n++) { sixel_palet[n] = sixel_default_color_table[n]; } for (r = 0; r < 6; r++) { for (g = 0; g < 6; g++) { for (b = 0; b < 6; b++) { sixel_palet[n++] = SIXEL_RGB(r * 51, g * 51, b * 51); } } } for (i = 0; i < 24; i++) { sixel_palet[n++] = SIXEL_RGB(i * 11, i * 11, i * 11); } for (; n < SIXEL_PALETTE_MAX; n++) { sixel_palet[n] = SIXEL_RGB(255, 255, 255); } (void) ResetMagickMemory(imbuf, background_color_index, imsx * imsy); while (*p != '\0') { if ((p[0] == '\033' && p[1] == 'P') || *p == 0x90) { if (*p == '\033') { p++; } p = get_params(++p, param, &n); if (*p == 'q') { p++; if (n > 0) { switch(param[0]) { case 0: case 1: attributed_pad = 2; break; case 2: attributed_pad = 5; break; case 3: attributed_pad = 4; break; case 4: attributed_pad = 4; break; case 5: attributed_pad = 3; break; case 6: attributed_pad = 3; break; case 7: attributed_pad = 2; break; case 8: attributed_pad = 2; break; case 9: attributed_pad = 1; break; } } if (n > 2) { if (param[2] == 0) { param[2] = 10; } attributed_pan = attributed_pan * param[2] / 10; attributed_pad = attributed_pad * param[2] / 10; if (attributed_pan <= 0) attributed_pan = 1; if (attributed_pad <= 0) attributed_pad = 1; } } } else if ((p[0] == '\033' && p[1] == '\\') || *p == 0x9C) { break; } else if (*p == '""') { p = get_params(++p, param, &n); if (n > 0) attributed_pad = param[0]; if (n > 1) attributed_pan = param[1]; if (n > 2 && param[2] > 0) attributed_ph = param[2]; if (n > 3 && param[3] > 0) attributed_pv = param[3]; if (attributed_pan <= 0) attributed_pan = 1; if (attributed_pad <= 0) attributed_pad = 1; if (imsx < attributed_ph || imsy < attributed_pv) { dmsx = imsx > attributed_ph ? imsx : attributed_ph; dmsy = imsy > attributed_pv ? imsy : attributed_pv; dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx * dmsy,1); if (dmbuf == (unsigned char *) NULL) { imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); return (MagickFalse); } (void) ResetMagickMemory(dmbuf, background_color_index, dmsx * dmsy); for (y = 0; y < imsy; ++y) { (void) CopyMagickMemory(dmbuf + dmsx * y, imbuf + imsx * y, imsx); } imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); imsx = dmsx; imsy = dmsy; imbuf = dmbuf; } } else if (*p == '!') { p = get_params(++p, param, &n); if (n > 0) { repeat_count = param[0]; } } else if (*p == '#') { p = get_params(++p, param, &n); if (n > 0) { if ((color_index = param[0]) < 0) { color_index = 0; } else if (color_index >= SIXEL_PALETTE_MAX) { color_index = SIXEL_PALETTE_MAX - 1; } } if (n > 4) { if (param[1] == 1) { if (param[2] > 360) param[2] = 360; if (param[3] > 100) param[3] = 100; if (param[4] > 100) param[4] = 100; sixel_palet[color_index] = hls_to_rgb(param[2] * 100 / 360, param[3], param[4]); } else if (param[1] == 2) { if (param[2] > 100) param[2] = 100; if (param[3] > 100) param[3] = 100; if (param[4] > 100) param[4] = 100; sixel_palet[color_index] = SIXEL_XRGB(param[2], param[3], param[4]); } } } else if (*p == '$') { p++; posision_x = 0; repeat_count = 1; } else if (*p == '-') { p++; posision_x = 0; posision_y += 6; repeat_count = 1; } else if (*p >= '?' && *p <= '\177') { if (imsx < (posision_x + repeat_count) || imsy < (posision_y + 6)) { int nx = imsx * 2; int ny = imsy * 2; while (nx < (posision_x + repeat_count) || ny < (posision_y + 6)) { nx *= 2; ny *= 2; } dmsx = nx; dmsy = ny; dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx * dmsy,1); if (dmbuf == (unsigned char *) NULL) { imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); return (MagickFalse); } (void) ResetMagickMemory(dmbuf, background_color_index, dmsx * dmsy); for (y = 0; y < imsy; ++y) { (void) CopyMagickMemory(dmbuf + dmsx * y, imbuf + imsx * y, imsx); } imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); imsx = dmsx; imsy = dmsy; imbuf = dmbuf; } if (color_index > max_color_index) { max_color_index = color_index; } if ((b = *(p++) - '?') == 0) { posision_x += repeat_count; } else { sixel_vertical_mask = 0x01; if (repeat_count <= 1) { for (i = 0; i < 6; i++) { if ((b & sixel_vertical_mask) != 0) { imbuf[imsx * (posision_y + i) + posision_x] = color_index; if (max_x < posision_x) { max_x = posision_x; } if (max_y < (posision_y + i)) { max_y = posision_y + i; } } sixel_vertical_mask <<= 1; } posision_x += 1; } else { for (i = 0; i < 6; i++) { if ((b & sixel_vertical_mask) != 0) { c = sixel_vertical_mask << 1; for (n = 1; (i + n) < 6; n++) { if ((b & c) == 0) { break; } c <<= 1; } for (y = posision_y + i; y < posision_y + i + n; ++y) { (void) ResetMagickMemory(imbuf + imsx * y + posision_x, color_index, repeat_count); } if (max_x < (posision_x + repeat_count - 1)) { max_x = posision_x + repeat_count - 1; } if (max_y < (posision_y + i + n - 1)) { max_y = posision_y + i + n - 1; } i += (n - 1); sixel_vertical_mask <<= (n - 1); } sixel_vertical_mask <<= 1; } posision_x += repeat_count; } } repeat_count = 1; } else { p++; } } if (++max_x < attributed_ph) { max_x = attributed_ph; } if (++max_y < attributed_pv) { max_y = attributed_pv; } if (imsx > max_x || imsy > max_y) { dmsx = max_x; dmsy = max_y; if ((dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx * dmsy,1)) == NULL) { imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); return (MagickFalse); } for (y = 0; y < dmsy; ++y) { (void) CopyMagickMemory(dmbuf + dmsx * y, imbuf + imsx * y, dmsx); } imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); imsx = dmsx; imsy = dmsy; imbuf = dmbuf; } *pixels = imbuf; *pwidth = imsx; *pheight = imsy; *ncolors = max_color_index + 1; *palette = (unsigned char *) AcquireQuantumMemory(*ncolors,4); for (n = 0; n < (ssize_t) *ncolors; ++n) { (*palette)[n * 4 + 0] = sixel_palet[n] >> 16 & 0xff; (*palette)[n * 4 + 1] = sixel_palet[n] >> 8 & 0xff; (*palette)[n * 4 + 2] = sixel_palet[n] & 0xff; (*palette)[n * 4 + 3] = 0xff; } return(MagickTrue); }",visit repo url,coders/sixel.c,https://github.com/ImageMagick/ImageMagick,54849527919600,1 1393,CWE-310,"static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_blkcipher rblkcipher; snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""ablkcipher""); snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", alg->cra_ablkcipher.geniv ?: """"); rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize; rblkcipher.ivsize = alg->cra_ablkcipher.ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, sizeof(struct crypto_report_blkcipher), &rblkcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/ablkcipher.c,https://github.com/torvalds/linux,148442488089788,1 2934,CWE-310,"static void my_free(void *ptr) { free_called += 1; free(ptr); }",visit repo url,test/suites/api/test_memory_funcs.c,https://github.com/akheron/jansson,177603708763788,1 5422,['CWE-476'],"void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu) { kvm_free_lapic(vcpu); down_read(&vcpu->kvm->slots_lock); kvm_mmu_destroy(vcpu); up_read(&vcpu->kvm->slots_lock); free_page((unsigned long)vcpu->arch.pio_data); }",linux-2.6,,,188259969657085680600488146693424443680,0 6384,['CWE-200'],"static int __init tc_filter_init(void) { rtnl_register(PF_UNSPEC, RTM_NEWTFILTER, tc_ctl_tfilter, NULL); rtnl_register(PF_UNSPEC, RTM_DELTFILTER, tc_ctl_tfilter, NULL); rtnl_register(PF_UNSPEC, RTM_GETTFILTER, tc_ctl_tfilter, tc_dump_tfilter); return 0; }",linux-2.6,,,106518748101032706755196854199459102034,0 1808,NVD-CWE-Other,"static int asn1_find_indefinite_length(const unsigned char *data, size_t datalen, size_t *_dp, size_t *_len, const char **_errmsg) { unsigned char tag, tmp; size_t dp = *_dp, len, n; int indef_level = 1; next_tag: if (unlikely(datalen - dp < 2)) { if (datalen == dp) goto missing_eoc; goto data_overrun_error; } tag = data[dp++]; if (tag == 0) { if (data[dp++] != 0) goto invalid_eoc; if (--indef_level <= 0) { *_len = dp - *_dp; *_dp = dp; return 0; } goto next_tag; } if (unlikely((tag & 0x1f) == ASN1_LONG_TAG)) { do { if (unlikely(datalen - dp < 2)) goto data_overrun_error; tmp = data[dp++]; } while (tmp & 0x80); } len = data[dp++]; if (len <= 0x7f) { dp += len; goto next_tag; } if (unlikely(len == ASN1_INDEFINITE_LENGTH)) { if (unlikely((tag & ASN1_CONS_BIT) == ASN1_PRIM << 5)) goto indefinite_len_primitive; indef_level++; goto next_tag; } n = len - 0x80; if (unlikely(n > sizeof(size_t) - 1)) goto length_too_long; if (unlikely(n > datalen - dp)) goto data_overrun_error; for (len = 0; n > 0; n--) { len <<= 8; len |= data[dp++]; } dp += len; goto next_tag; length_too_long: *_errmsg = ""Unsupported length""; goto error; indefinite_len_primitive: *_errmsg = ""Indefinite len primitive not permitted""; goto error; invalid_eoc: *_errmsg = ""Invalid length EOC""; goto error; data_overrun_error: *_errmsg = ""Data overrun error""; goto error; missing_eoc: *_errmsg = ""Missing EOC in indefinite len cons""; error: *_dp = dp; return -1; }",visit repo url,lib/asn1_decoder.c,https://github.com/torvalds/linux,72140709444635,1 2917,CWE-190,"DECLAREreadFunc(readContigTilesIntoBuffer) { int status = 1; tsize_t tilesize = TIFFTileSize(in); tdata_t tilebuf; uint32 imagew = TIFFScanlineSize(in); uint32 tilew = TIFFTileRowSize(in); int iskew = imagew - tilew; uint8* bufp = (uint8*) buf; uint32 tw, tl; uint32 row; (void) spp; tilebuf = _TIFFmalloc(tilesize); if (tilebuf == 0) return 0; _TIFFmemset(tilebuf, 0, tilesize); (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); for (row = 0; row < imagelength; row += tl) { uint32 nrow = (row+tl > imagelength) ? imagelength-row : tl; uint32 colb = 0; uint32 col; for (col = 0; col < imagewidth && colb < imagew; col += tw) { if (TIFFReadTile(in, tilebuf, col, row, 0, 0) < 0 && !ignore) { TIFFError(TIFFFileName(in), ""Error, can't read tile at %lu %lu"", (unsigned long) col, (unsigned long) row); status = 0; goto done; } if (colb + tilew > imagew) { uint32 width = imagew - colb; uint32 oskew = tilew - width; cpStripToTile(bufp + colb, tilebuf, nrow, width, oskew + iskew, oskew ); } else cpStripToTile(bufp + colb, tilebuf, nrow, tilew, iskew, 0); colb += tilew; } bufp += imagew * nrow; } done: _TIFFfree(tilebuf); return status; }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,21521315972342,1 640,CWE-20,"static int rawv6_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)msg->msg_name; struct sk_buff *skb; size_t copied; int err; if (flags & MSG_OOB) return -EOPNOTSUPP; if (addr_len) *addr_len=sizeof(*sin6); if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len); if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len); skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } if (skb_csum_unnecessary(skb)) { err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); } else if (msg->msg_flags&MSG_TRUNC) { if (__skb_checksum_complete(skb)) goto csum_copy_err; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); } else { err = skb_copy_and_csum_datagram_iovec(skb, 0, msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (err) goto out_free; if (sin6) { sin6->sin6_family = AF_INET6; sin6->sin6_port = 0; sin6->sin6_addr = ipv6_hdr(skb)->saddr; sin6->sin6_flowinfo = 0; sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); } sock_recv_ts_and_drops(msg, sk, skb); if (np->rxopt.all) ip6_datagram_recv_ctl(sk, msg, skb); err = copied; if (flags & MSG_TRUNC) err = skb->len; out_free: skb_free_datagram(sk, skb); out: return err; csum_copy_err: skb_kill_datagram(sk, skb, flags); err = (flags&MSG_DONTWAIT) ? -EAGAIN : -EHOSTUNREACH; goto out; }",visit repo url,net/ipv6/raw.c,https://github.com/torvalds/linux,215034858141935,1 4839,CWE-119,"static int read_public_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I1012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_public_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,241413677709066,1 3680,['CWE-119'],"static void hfsplus_cat_build_key_uni(hfsplus_btree_key *key, u32 parent, struct hfsplus_unistr *name) { int ustrlen; ustrlen = be16_to_cpu(name->length); key->cat.parent = cpu_to_be32(parent); key->cat.name.length = cpu_to_be16(ustrlen); ustrlen *= 2; memcpy(key->cat.name.unicode, name->unicode, ustrlen); key->key_len = cpu_to_be16(6 + ustrlen); }",linux-2.6,,,334267312194882407173698861299571407775,0 6129,CWE-190,"void ep_map_from_field(ep_t p, const uint8_t *uniform_bytes, int len) { bn_t k; fp_t t; ep_t q; int neg; const int len_per_elm = (FP_PRIME + ep_param_level() + 7) / 8; bn_null(k); fp_null(t); ep_null(q); RLC_TRY { if (len != 2 * len_per_elm) { RLC_THROW(ERR_NO_VALID); } bn_new(k); fp_new(t); ep_new(q); const int abNeq0 = (ep_curve_opt_a() != RLC_ZERO) && (ep_curve_opt_b() != RLC_ZERO); void (*const map_fn)(ep_t, fp_t) =(ep_curve_is_ctmap() || abNeq0) ? ep_map_sswu : ep_map_svdw; #define EP_MAP_CONVERT_BYTES(IDX) \ do { \ bn_read_bin(k, uniform_bytes + IDX * len_per_elm, len_per_elm); \ fp_prime_conv(t, k); \ } while (0) #define EP_MAP_APPLY_MAP(PT) \ do { \ \ neg = fp_sgn0(t, k); \ \ map_fn(PT, t); \ \ neg = neg != fp_sgn0(PT->y, k); \ fp_neg(t, PT->y); \ dv_copy_cond(PT->y, t, RLC_FP_DIGS, neg); \ } while (0) EP_MAP_CONVERT_BYTES(0); EP_MAP_APPLY_MAP(p); TMPL_MAP_CALL_ISOMAP(ep, p); EP_MAP_CONVERT_BYTES(1); EP_MAP_APPLY_MAP(q); TMPL_MAP_CALL_ISOMAP(ep, q); #undef EP_MAP_CONVERT_BYTES #undef EP_MAP_APPLY_MAP ep_add(p, p, q); ep_norm(p, p); switch (ep_curve_is_pairf()) { case EP_BN: break; case EP_B12: case EP_B24: fp_prime_get_par(k); bn_neg(k, k); bn_add_dig(k, k, 1); if (bn_bits(k) < RLC_DIG) { ep_mul_dig(p, p, k->dp[0]); } else { ep_mul(p, p, k); } break; default: ep_curve_get_cof(k); if (bn_bits(k) < RLC_DIG) { ep_mul_dig(p, p, k->dp[0]); } else { ep_mul_basic(p, p, k); } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(k); fp_free(t); ep_free(q); } }",visit repo url,src/ep/relic_ep_map.c,https://github.com/relic-toolkit/relic,74506500364125,1 6200,['CWE-200'],"static int tc_dump_tclass(struct sk_buff *skb, struct netlink_callback *cb) { int t; int s_t; struct net_device *dev; struct Qdisc *q; struct tcmsg *tcm = (struct tcmsg*)NLMSG_DATA(cb->nlh); struct qdisc_dump_args arg; if (cb->nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*tcm))) return 0; if ((dev = dev_get_by_index(tcm->tcm_ifindex)) == NULL) return 0; s_t = cb->args[0]; t = 0; read_lock_bh(&qdisc_tree_lock); list_for_each_entry(q, &dev->qdisc_list, list) { if (t < s_t || !q->ops->cl_ops || (tcm->tcm_parent && TC_H_MAJ(tcm->tcm_parent) != q->handle)) { t++; continue; } if (t > s_t) memset(&cb->args[1], 0, sizeof(cb->args)-sizeof(cb->args[0])); arg.w.fn = qdisc_class_dump; arg.skb = skb; arg.cb = cb; arg.w.stop = 0; arg.w.skip = cb->args[1]; arg.w.count = 0; q->ops->cl_ops->walk(q, &arg.w); cb->args[1] = arg.w.count; if (arg.w.stop) break; t++; } read_unlock_bh(&qdisc_tree_lock); cb->args[0] = t; dev_put(dev); return skb->len; }",linux-2.6,,,329331558445025261915348011521391574153,0 4617,['CWE-399'],"static int write_end_fn(handle_t *handle, struct buffer_head *bh) { if (!buffer_mapped(bh) || buffer_freed(bh)) return 0; set_buffer_uptodate(bh); return ext4_handle_dirty_metadata(handle, NULL, bh); }",linux-2.6,,,98187511311357058778810996419022126555,0 974,['CWE-189'],"ShmRegisterFbFuncs(pScreen) ScreenPtr pScreen; { shmFuncs[pScreen->myNum] = &fbFuncs; }",xserver,,,179178977257715740563032894922895074376,0 2619,[],"static void sctp_endpoint_destroy(struct sctp_endpoint *ep) { SCTP_ASSERT(ep->base.dead, ""Endpoint is not dead"", return); crypto_free_hash(sctp_sk(ep->base.sk)->hmac); kfree(ep->digest); sctp_auth_destroy_keys(&ep->endpoint_shared_keys); kfree(ep->auth_hmacs_list); kfree(ep->auth_chunk_list); sctp_auth_destroy_hmacs(ep->auth_hmacs); sctp_inq_free(&ep->base.inqueue); sctp_bind_addr_free(&ep->base.bind_addr); if (sctp_sk(ep->base.sk)->bind_hash) sctp_put_port(ep->base.sk); if (ep->base.sk) sock_put(ep->base.sk); if (ep->base.malloced) { kfree(ep); SCTP_DBG_OBJCNT_DEC(ep); } }",linux-2.6,,,34484674891171604779685233787607973728,0 4700,['CWE-20'],"static int ext4_sync_fs(struct super_block *sb, int wait) { int ret = 0; trace_mark(ext4_sync_fs, ""dev %s wait %d"", sb->s_id, wait); sb->s_dirt = 0; if (EXT4_SB(sb)->s_journal) { if (wait) ret = ext4_force_commit(sb); else jbd2_journal_start_commit(EXT4_SB(sb)->s_journal, NULL); } else { ext4_commit_super(sb, EXT4_SB(sb)->s_es, wait); } return ret; }",linux-2.6,,,134088428260365016795117447775258145694,0 932,CWE-20,"int ib_update_cm_av(struct ib_cm_id *id, const u8 *smac, const u8 *alt_smac) { struct cm_id_private *cm_id_priv; cm_id_priv = container_of(id, struct cm_id_private, id); if (smac != NULL) memcpy(cm_id_priv->av.smac, smac, sizeof(cm_id_priv->av.smac)); if (alt_smac != NULL) memcpy(cm_id_priv->alt_av.smac, alt_smac, sizeof(cm_id_priv->alt_av.smac)); return 0; }",visit repo url,drivers/infiniband/core/cm.c,https://github.com/torvalds/linux,188161766993034,1 1597,[],"void init_rt_bandwidth(struct rt_bandwidth *rt_b, u64 period, u64 runtime) { rt_b->rt_period = ns_to_ktime(period); rt_b->rt_runtime = runtime; spin_lock_init(&rt_b->rt_runtime_lock); hrtimer_init(&rt_b->rt_period_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); rt_b->rt_period_timer.function = sched_rt_period_timer; rt_b->rt_period_timer.cb_mode = HRTIMER_CB_IRQSAFE_NO_SOFTIRQ; }",linux-2.6,,,250763065285877611509048063290910523426,0 2791,['CWE-264'],"sbni_close( struct net_device *dev ) { struct net_local *nl = (struct net_local *) dev->priv; if( nl->second && nl->second->flags & IFF_UP ) { printk( KERN_NOTICE ""Secondary channel (%s) is active!\n"", nl->second->name ); return -EBUSY; } #ifdef CONFIG_SBNI_MULTILINE if( nl->state & FL_SLAVE ) emancipate( dev ); else while( nl->link ) emancipate( nl->link ); #endif spin_lock( &nl->lock ); nl->second = NULL; drop_xmit_queue( dev ); netif_stop_queue( dev ); del_timer( &nl->watchdog ); outb( 0, dev->base_addr + CSR0 ); if( !(nl->state & FL_SECONDARY) ) free_irq( dev->irq, dev ); nl->state &= FL_SECONDARY; spin_unlock( &nl->lock ); return 0; }",linux-2.6,,,63847963107883768579666382197925458624,0 2902,CWE-119,"swabHorDiff32(TIFF* tif, uint8* cp0, tmsize_t cc) { uint32* wp = (uint32*) cp0; tmsize_t wc = cc / 4; horDiff32(tif, cp0, cc); TIFFSwabArrayOfLong(wp, wc); }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,58984633557354,1 4473,['CWE-264'],"void cfm_state_change(struct s_smc *smc, int c_state) { #ifdef DRIVERDEBUG char *s; switch (c_state) { case SC0_ISOLATED: s = ""SC0_ISOLATED""; break; case SC1_WRAP_A: s = ""SC1_WRAP_A""; break; case SC2_WRAP_B: s = ""SC2_WRAP_B""; break; case SC4_THRU_A: s = ""SC4_THRU_A""; break; case SC5_THRU_B: s = ""SC5_THRU_B""; break; case SC7_WRAP_S: s = ""SC7_WRAP_S""; break; case SC9_C_WRAP_A: s = ""SC9_C_WRAP_A""; break; case SC10_C_WRAP_B: s = ""SC10_C_WRAP_B""; break; case SC11_C_WRAP_S: s = ""SC11_C_WRAP_S""; break; default: PRINTK(KERN_INFO ""cfm_state_change: unknown %d\n"", c_state); return; } PRINTK(KERN_INFO ""cfm_state_change: %s\n"", s); #endif } ",linux-2.6,,,217998183624266144382413452796244282070,0 46,CWE-763,"spnego_gss_export_sec_context( OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t interprocess_token) { OM_uint32 ret; ret = gss_export_sec_context(minor_status, context_handle, interprocess_token); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,30446278733195,1 4907,['CWE-20'],"nfs_opendir(struct inode *inode, struct file *filp) { int res; dfprintk(VFS, ""NFS: opendir(%s/%ld)\n"", inode->i_sb->s_id, inode->i_ino); lock_kernel(); res = nfs_open(inode, filp); unlock_kernel(); return res; }",linux-2.6,,,230621074010847582825087919042835991458,0 4861,CWE-119,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 837,['CWE-119'],"isdn_receive_skb_callback(int di, int channel, struct sk_buff *skb) { int i; if ((i = isdn_dc2minor(di, channel)) == -1) { dev_kfree_skb(skb); return; } dev->ibytes[i] += skb->len; if (isdn_net_rcv_skb(i, skb)) return; if (dev->v110[i]) { atomic_inc(&dev->v110use[i]); skb = isdn_v110_decode(dev->v110[i], skb); atomic_dec(&dev->v110use[i]); if (!skb) return; } if (skb->len) { if (isdn_tty_rcv_skb(i, di, channel, skb)) return; wake_up_interruptible(&dev->drv[di]->rcv_waitq[channel]); } else dev_kfree_skb(skb); }",linux-2.6,,,75693923821006866355174137678707800211,0 6654,['CWE-200'],"list_response_cb (GtkDialog *dialog, gint response, gpointer user_data) { g_signal_emit (NM_CONNECTION_LIST (user_data), list_signals[LIST_DONE], 0, response); }",network-manager-applet,,,292232890686575272311922577226912901913,0 437,[],"pfm_reset_regs_masked(pfm_context_t *ctx, unsigned long *ovfl_regs, int is_long_reset) { unsigned long mask = ovfl_regs[0]; unsigned long reset_others = 0UL; unsigned long val; int i; mask >>= PMU_FIRST_COUNTER; for(i = PMU_FIRST_COUNTER; mask; i++, mask >>= 1) { if ((mask & 0x1UL) == 0UL) continue; ctx->ctx_pmds[i].val = val = pfm_new_counter_value(ctx->ctx_pmds+ i, is_long_reset); reset_others |= ctx->ctx_pmds[i].reset_pmds[0]; DPRINT_ovfl(("" %s reset ctx_pmds[%d]=%lx\n"", is_long_reset ? ""long"" : ""short"", i, val)); } for(i = 0; reset_others; i++, reset_others >>= 1) { if ((reset_others & 0x1) == 0) continue; ctx->ctx_pmds[i].val = val = pfm_new_counter_value(ctx->ctx_pmds + i, is_long_reset); DPRINT_ovfl((""%s reset_others pmd[%d]=%lx\n"", is_long_reset ? ""long"" : ""short"", i, val)); } }",linux-2.6,,,170038338907060284789382270630448463120,0 5541,CWE-125,"ast2obj_slice(void* _o) { slice_ty o = (slice_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case Slice_kind: result = PyType_GenericNew(Slice_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Slice.lower); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lower, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Slice.upper); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_upper, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Slice.step); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_step, value) == -1) goto failed; Py_DECREF(value); break; case ExtSlice_kind: result = PyType_GenericNew(ExtSlice_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.ExtSlice.dims, ast2obj_slice); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_dims, value) == -1) goto failed; Py_DECREF(value); break; case Index_kind: result = PyType_GenericNew(Index_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Index.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; } return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,64320799146499,1 2603,['CWE-189'],"void dccp_destroy_sock(struct sock *sk) { struct dccp_sock *dp = dccp_sk(sk); struct dccp_minisock *dmsk = dccp_msk(sk); if (sk->sk_send_head != NULL) { kfree_skb(sk->sk_send_head); sk->sk_send_head = NULL; } if (inet_csk(sk)->icsk_bind_hash != NULL) inet_put_port(sk); kfree(dp->dccps_service_list); dp->dccps_service_list = NULL; if (dmsk->dccpms_send_ack_vector) { dccp_ackvec_free(dp->dccps_hc_rx_ackvec); dp->dccps_hc_rx_ackvec = NULL; } ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); dp->dccps_hc_rx_ccid = dp->dccps_hc_tx_ccid = NULL; dccp_feat_clean(dmsk); }",linux-2.6,,,108132100807638766180361472032660457258,0 6551,CWE-120,"static json_t * check_attestation_fido_u2f(json_t * j_params, unsigned char * credential_id, size_t credential_id_len, unsigned char * cert_x, size_t cert_x_len, unsigned char * cert_y, size_t cert_y_len, cbor_item_t * att_stmt, unsigned char * rpid_hash, size_t rpid_hash_len, const unsigned char * client_data) { json_t * j_error = json_array(), * j_return; cbor_item_t * key = NULL, * x5c = NULL, * sig = NULL, * att_cert = NULL; int i, ret; char * message = NULL; gnutls_pubkey_t pubkey = NULL; gnutls_x509_crt_t cert = NULL; gnutls_datum_t cert_dat, data, signature, cert_issued_by; unsigned char data_signed[200], client_data_hash[32], cert_export[32], cert_export_b64[64]; size_t data_signed_offset = 0, client_data_hash_len = 32, cert_export_len = 32, cert_export_b64_len = 0; if (j_error != NULL) { do { if (gnutls_x509_crt_init(&cert)) { json_array_append_new(j_error, json_string(""check_attestation_fido_u2f - Error gnutls_x509_crt_init"")); break; } if (gnutls_pubkey_init(&pubkey)) { json_array_append_new(j_error, json_string(""check_attestation_fido_u2f - Error gnutls_pubkey_init"")); break; } if (att_stmt == NULL || !cbor_isa_map(att_stmt) || cbor_map_size(att_stmt) != 2) { json_array_append_new(j_error, json_string(""CBOR map value 'attStmt' invalid format"")); break; } for (i=0; i<2; i++) { key = cbor_map_handle(att_stmt)[i].key; if (cbor_isa_string(key)) { if (0 == o_strncmp((const char *)cbor_string_handle(key), ""x5c"", MIN(o_strlen(""x5c""), cbor_string_length(key)))) { x5c = cbor_map_handle(att_stmt)[i].value; } else if (0 == o_strncmp((const char *)cbor_string_handle(key), ""sig"", MIN(o_strlen(""sig""), cbor_string_length(key)))) { sig = cbor_map_handle(att_stmt)[i].value; } else { message = msprintf(""attStmt map element %d key is not valid: '%.*s'"", i, cbor_string_length(key), cbor_string_handle(key)); json_array_append_new(j_error, json_string(message)); o_free(message); break; } } else { message = msprintf(""attStmt map element %d key is not a string"", i); json_array_append_new(j_error, json_string(message)); o_free(message); break; } } if (x5c == NULL || !cbor_isa_array(x5c) || cbor_array_size(x5c) != 1) { json_array_append_new(j_error, json_string(""CBOR map value 'x5c' invalid format"")); break; } att_cert = cbor_array_get(x5c, 0); cert_dat.data = cbor_bytestring_handle(att_cert); cert_dat.size = cbor_bytestring_length(att_cert); if ((ret = gnutls_x509_crt_import(cert, &cert_dat, GNUTLS_X509_FMT_DER)) < 0) { json_array_append_new(j_error, json_string(""Error importing x509 certificate"")); y_log_message(Y_LOG_LEVEL_DEBUG, ""check_attestation_fido_u2f - Error gnutls_pcert_import_x509_raw: %d"", ret); break; } if (json_object_get(j_params, ""root-ca-list"") != json_null() && validate_certificate_from_root(j_params, cert, x5c) != G_OK) { json_array_append_new(j_error, json_string(""Unrecognized certificate authority"")); if (gnutls_x509_crt_get_issuer_dn2(cert, &cert_issued_by) >= 0) { message = msprintf(""Unrecognized certificate autohority: %.*s"", cert_issued_by.size, cert_issued_by.data); y_log_message(Y_LOG_LEVEL_DEBUG, ""check_attestation_fido_u2f - %s"", message); o_free(message); gnutls_free(cert_issued_by.data); } else { y_log_message(Y_LOG_LEVEL_DEBUG, ""check_attestation_fido_u2f - Unrecognized certificate autohority (unable to get issuer dn)""); } break; } if ((ret = gnutls_pubkey_import_x509(pubkey, cert, 0)) < 0) { json_array_append_new(j_error, json_string(""Error importing x509 certificate"")); y_log_message(Y_LOG_LEVEL_DEBUG, ""check_attestation_fido_u2f - Error gnutls_pubkey_import_x509: %d"", ret); break; } if ((ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, cert_export, &cert_export_len)) < 0) { json_array_append_new(j_error, json_string(""Error exporting x509 certificate"")); y_log_message(Y_LOG_LEVEL_DEBUG, ""check_attestation_fido_u2f - Error gnutls_x509_crt_get_key_id: %d"", ret); break; } if (!o_base64_encode(cert_export, cert_export_len, cert_export_b64, &cert_export_b64_len)) { json_array_append_new(j_error, json_string(""Internal error"")); y_log_message(Y_LOG_LEVEL_DEBUG, ""check_attestation_fido_u2f - Error o_base64_encode cert_export""); break; } if (!generate_digest_raw(digest_SHA256, client_data, o_strlen((char *)client_data), client_data_hash, &client_data_hash_len)) { json_array_append_new(j_error, json_string(""Internal error"")); y_log_message(Y_LOG_LEVEL_ERROR, ""check_attestation_fido_u2f - Error generate_digest_raw client_data""); break; } if (sig == NULL || !cbor_isa_bytestring(sig)) { json_array_append_new(j_error, json_string(""Error sig is not a bytestring"")); break; } data_signed[0] = 0x0; data_signed_offset = 1; memcpy(data_signed+data_signed_offset, rpid_hash, rpid_hash_len); data_signed_offset += rpid_hash_len; memcpy(data_signed+data_signed_offset, client_data_hash, client_data_hash_len); data_signed_offset+=client_data_hash_len; memcpy(data_signed+data_signed_offset, credential_id, credential_id_len); data_signed_offset+=credential_id_len; data_signed[data_signed_offset] = 0x04; data_signed_offset++; memcpy(data_signed+data_signed_offset, cert_x, cert_x_len); data_signed_offset+=cert_x_len; memcpy(data_signed+data_signed_offset, cert_y, cert_y_len); data_signed_offset+=cert_y_len; data.data = data_signed; data.size = data_signed_offset; signature.data = cbor_bytestring_handle(sig); signature.size = cbor_bytestring_length(sig); if (gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_ECDSA_SHA256, 0, &data, &signature)) { json_array_append_new(j_error, json_string(""Invalid signature"")); } } while (0); if (json_array_size(j_error)) { j_return = json_pack(""{sisO}"", ""result"", G_ERROR_PARAM, ""error"", j_error); } else { j_return = json_pack(""{sis{ss%}}"", ""result"", G_OK, ""data"", ""certificate"", cert_export_b64, cert_export_b64_len); } json_decref(j_error); gnutls_pubkey_deinit(pubkey); gnutls_x509_crt_deinit(cert); if (att_cert != NULL) { cbor_decref(&att_cert); } } else { y_log_message(Y_LOG_LEVEL_ERROR, ""check_attestation_fido_u2f - Error allocating resources for j_error""); j_return = json_pack(""{si}"", ""result"", G_ERROR); } return j_return; }",visit repo url,src/scheme/webauthn.c,https://github.com/babelouest/glewlwyd,193107011343479,1 3643,CWE-264,"static void setup_test_dir(char *tmp_dir, const char *files, ...) { va_list ap; assert_se(mkdtemp(tmp_dir) != NULL); va_start(ap, files); while (files != NULL) { _cleanup_free_ char *path = strappend(tmp_dir, files); assert_se(touch_file(path, true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0) == 0); files = va_arg(ap, const char *); } va_end(ap); }",visit repo url,src/test/test-conf-files.c,https://github.com/systemd/systemd,275756556359845,1 3261,['CWE-189'],"static int jas_icclut8_input(jas_iccattrval_t *attrval, jas_stream_t *in, int cnt) { int i; int j; int clutsize; jas_icclut8_t *lut8 = &attrval->data.lut8; lut8->clut = 0; lut8->intabs = 0; lut8->intabsbuf = 0; lut8->outtabs = 0; lut8->outtabsbuf = 0; if (jas_iccgetuint8(in, &lut8->numinchans) || jas_iccgetuint8(in, &lut8->numoutchans) || jas_iccgetuint8(in, &lut8->clutlen) || jas_stream_getc(in) == EOF) goto error; for (i = 0; i < 3; ++i) { for (j = 0; j < 3; ++j) { if (jas_iccgetsint32(in, &lut8->e[i][j])) goto error; } } if (jas_iccgetuint16(in, &lut8->numintabents) || jas_iccgetuint16(in, &lut8->numouttabents)) goto error; clutsize = jas_iccpowi(lut8->clutlen, lut8->numinchans) * lut8->numoutchans; if (!(lut8->clut = jas_alloc2(clutsize, sizeof(jas_iccuint8_t))) || !(lut8->intabsbuf = jas_alloc3(lut8->numinchans, lut8->numintabents, sizeof(jas_iccuint8_t))) || !(lut8->intabs = jas_alloc2(lut8->numinchans, sizeof(jas_iccuint8_t *)))) goto error; for (i = 0; i < lut8->numinchans; ++i) lut8->intabs[i] = &lut8->intabsbuf[i * lut8->numintabents]; if (!(lut8->outtabsbuf = jas_alloc3(lut8->numoutchans, lut8->numouttabents, sizeof(jas_iccuint8_t))) || !(lut8->outtabs = jas_alloc2(lut8->numoutchans, sizeof(jas_iccuint8_t *)))) goto error; for (i = 0; i < lut8->numoutchans; ++i) lut8->outtabs[i] = &lut8->outtabsbuf[i * lut8->numouttabents]; for (i = 0; i < lut8->numinchans; ++i) { for (j = 0; j < JAS_CAST(int, lut8->numintabents); ++j) { if (jas_iccgetuint8(in, &lut8->intabs[i][j])) goto error; } } for (i = 0; i < lut8->numoutchans; ++i) { for (j = 0; j < JAS_CAST(int, lut8->numouttabents); ++j) { if (jas_iccgetuint8(in, &lut8->outtabs[i][j])) goto error; } } for (i = 0; i < clutsize; ++i) { if (jas_iccgetuint8(in, &lut8->clut[i])) goto error; } if (JAS_CAST(int, 44 + lut8->numinchans * lut8->numintabents + lut8->numoutchans * lut8->numouttabents + jas_iccpowi(lut8->clutlen, lut8->numinchans) * lut8->numoutchans) != cnt) goto error; return 0; error: jas_icclut8_destroy(attrval); return -1; }",jasper,,,250552044796685615767211470009718360356,0 4945,CWE-401,"struct mosquitto *context__init(mosq_sock_t sock) { struct mosquitto *context; char address[1024]; context = mosquitto__calloc(1, sizeof(struct mosquitto)); if(!context) return NULL; #ifdef WITH_EPOLL context->ident = id_client; #else context->pollfd_index = -1; #endif mosquitto__set_state(context, mosq_cs_new); context->sock = sock; context->last_msg_in = db.now_s; context->next_msg_out = db.now_s + 60; context->keepalive = 60; context->clean_start = true; context->id = NULL; context->last_mid = 0; context->will = NULL; context->username = NULL; context->password = NULL; context->listener = NULL; context->acl_list = NULL; context->retain_available = true; context->is_bridge = false; context->in_packet.payload = NULL; packet__cleanup(&context->in_packet); context->out_packet = NULL; context->current_out_packet = NULL; context->out_packet_count = 0; context->address = NULL; if((int)sock >= 0){ if(!net__socket_get_address(sock, address, 1024, &context->remote_port)){ context->address = mosquitto__strdup(address); } if(!context->address){ mosquitto__free(context); return NULL; } } context->bridge = NULL; context->msgs_in.inflight_maximum = db.config->max_inflight_messages; context->msgs_out.inflight_maximum = db.config->max_inflight_messages; context->msgs_in.inflight_quota = db.config->max_inflight_messages; context->msgs_out.inflight_quota = db.config->max_inflight_messages; context->max_qos = 2; #ifdef WITH_TLS context->ssl = NULL; #endif if((int)context->sock >= 0){ HASH_ADD(hh_sock, db.contexts_by_sock, sock, sizeof(context->sock), context); } return context; }",visit repo url,src/context.c,https://github.com/eclipse/mosquitto,10669370849908,1 6314,['CWE-200'],"static int neigh_blackhole(struct sk_buff *skb) { kfree_skb(skb); return -ENETDOWN; }",linux-2.6,,,72332343428634384167577595110248712694,0 6230,['CWE-200'],"static void reg_vif_setup(struct net_device *dev) { dev->type = ARPHRD_PIMREG; dev->mtu = 1500 - sizeof(struct iphdr) - 8; dev->flags = IFF_NOARP; dev->hard_start_xmit = reg_vif_xmit; dev->get_stats = reg_vif_get_stats; dev->destructor = free_netdev; }",linux-2.6,,,85009424394654959729534754926467405890,0 3174,CWE-125,"juniper_mlppp_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { struct juniper_l2info_t l2info; l2info.pictype = DLT_JUNIPER_MLPPP; if (juniper_parse_header(ndo, p, h, &l2info) == 0) return l2info.header_len; if (ndo->ndo_eflag && EXTRACT_16BITS(&l2info.cookie) != PPP_OSI && EXTRACT_16BITS(&l2info.cookie) != (PPP_ADDRESS << 8 | PPP_CONTROL)) ND_PRINT((ndo, ""Bundle-ID %u: "", l2info.bundle)); p+=l2info.header_len; switch(l2info.proto) { case JUNIPER_LSQ_L3_PROTO_IPV4: if (l2info.cookie[4] == (JUNIPER_LSQ_COOKIE_RE|JUNIPER_LSQ_COOKIE_DIR)) ppp_print(ndo, p, l2info.length); else ip_print(ndo, p, l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(ndo, p,l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(ndo, p, l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_ISO: isoclns_print(ndo, p, l2info.length, l2info.caplen); return l2info.header_len; default: break; } switch (EXTRACT_16BITS(&l2info.cookie)) { case PPP_OSI: ppp_print(ndo, p - 2, l2info.length + 2); break; case (PPP_ADDRESS << 8 | PPP_CONTROL): default: ppp_print(ndo, p, l2info.length); break; } return l2info.header_len; }",visit repo url,print-juniper.c,https://github.com/the-tcpdump-group/tcpdump,41766415304840,1 6351,CWE-190,"image_load_gif(image_t *img, FILE *fp, int gray, int load_data) { uchar buf[1024]; gif_cmap_t cmap; int ncolors, transparent; fread(buf, 13, 1, fp); img->width = (buf[7] << 8) | buf[6]; img->height = (buf[9] << 8) | buf[8]; ncolors = 2 << (buf[10] & 0x07); if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767) return (-1); if (Encryption) img->use ++; if (buf[10] & GIF_COLORMAP) if (gif_read_cmap(fp, ncolors, cmap, &gray)) return (-1); transparent = -1; while (1) { switch (getc(fp)) { case ';' : return (-1); case '!' : buf[0] = (uchar)getc(fp); if (buf[0] == 0xf9) { gif_get_block(fp, buf); if (buf[0] & 1) transparent = buf[3]; } while (gif_get_block(fp, buf) != 0); break; case ',' : fread(buf, 9, 1, fp); if (buf[8] & GIF_COLORMAP) { ncolors = 2 << (buf[8] & 0x07); if (gif_read_cmap(fp, ncolors, cmap, &gray)) return (-1); } img->width = (buf[5] << 8) | buf[4]; img->height = (buf[7] << 8) | buf[6]; img->depth = gray ? 1 : 3; if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767) return (-1); if (transparent >= 0) { if (BodyColor[0]) { float rgb[3]; get_color((uchar *)BodyColor, rgb); cmap[transparent][0] = (uchar)(rgb[0] * 255.0f + 0.5f); cmap[transparent][1] = (uchar)(rgb[1] * 255.0f + 0.5f); cmap[transparent][2] = (uchar)(rgb[2] * 255.0f + 0.5f); } else { cmap[transparent][0] = 255; cmap[transparent][1] = 255; cmap[transparent][2] = 255; } image_need_mask(img); } if (!load_data) return (0); img->pixels = (uchar *)malloc((size_t)(img->width * img->height * img->depth)); if (img->pixels == NULL) return (-1); return (gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE, transparent)); } } }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,265950348613002,1 1097,['CWE-399'],"asmlinkage long sys32_sigsuspend(int history0, int history1, old_sigset_t mask) { mask &= _BLOCKABLE; spin_lock_irq(¤t->sighand->siglock); current->saved_sigmask = current->blocked; siginitset(¤t->blocked, mask); recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); current->state = TASK_INTERRUPTIBLE; schedule(); set_thread_flag(TIF_RESTORE_SIGMASK); return -ERESTARTNOHAND; }",linux-2.6,,,64991145092375253952054073013181743935,0 4986,CWE-787,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 6311,CWE-295,"DH *get_dh2048(void) { static unsigned char dhp_2048[] = { 0xD5, 0x75, 0xF1, 0x23, 0xC1, 0x81, 0x4B, 0x44, 0x23, 0xBE, 0x97, 0x81, 0x7A, 0xDA, 0x97, 0x1F, 0x1F, 0x0D, 0xD5, 0xEC, 0xC5, 0x5F, 0x86, 0x42, 0x7F, 0x38, 0xA3, 0x95, 0xEE, 0xA0, 0x52, 0x2C, 0xB7, 0x20, 0x29, 0xC1, 0xC7, 0xE6, 0x8E, 0x6F, 0xE5, 0xC1, 0x0D, 0xDD, 0x8A, 0xEF, 0x8D, 0xE7, 0xA8, 0x63, 0xB4, 0xF7, 0x58, 0x32, 0x0E, 0x24, 0xAC, 0x30, 0x94, 0xF5, 0xC7, 0x02, 0x81, 0x1B, 0xC7, 0x68, 0xE5, 0x71, 0xD7, 0x1E, 0x3D, 0xE4, 0x2E, 0x2F, 0xC0, 0x0A, 0xED, 0x34, 0xAC, 0xC0, 0x1F, 0x0A, 0x56, 0xA4, 0x12, 0x02, 0xFD, 0x68, 0xD2, 0x4D, 0x5E, 0x0A, 0x5D, 0x78, 0xE3, 0xA0, 0x85, 0x75, 0xD2, 0xA9, 0xC1, 0xF2, 0xAD, 0x65, 0x11, 0xDE, 0xE8, 0x05, 0x68, 0x36, 0x4C, 0x92, 0x99, 0x21, 0xB9, 0x69, 0xD0, 0x6F, 0xD8, 0xA3, 0xEA, 0x35, 0x13, 0x93, 0xDC, 0x1B, 0x13, 0x16, 0xB2, 0x15, 0x8E, 0x10, 0x22, 0xCE, 0x01, 0x1F, 0x1C, 0x09, 0x86, 0xD5, 0xE7, 0xCB, 0xCF, 0xFA, 0xED, 0x2F, 0xE2, 0x3A, 0x65, 0x14, 0xC9, 0xFA, 0x70, 0x99, 0xF7, 0xE0, 0x30, 0xBF, 0x7F, 0xEA, 0x84, 0x14, 0x8A, 0x51, 0xC9, 0xE9, 0x85, 0x73, 0x7F, 0xA1, 0xB0, 0xC3, 0x33, 0x9A, 0xAB, 0x69, 0x4E, 0x75, 0xFB, 0x12, 0xB0, 0x9E, 0xB1, 0xD9, 0xD1, 0xB9, 0x32, 0x1D, 0xC6, 0xD9, 0x2C, 0xAA, 0xB0, 0xC5, 0x3E, 0x69, 0x56, 0xA2, 0xB3, 0xA2, 0x81, 0xCA, 0x9D, 0x77, 0xBB, 0x52, 0x44, 0xA2, 0xED, 0xE0, 0xF0, 0x2A, 0x81, 0x85, 0x90, 0xB6, 0x04, 0x60, 0xEB, 0x09, 0x72, 0x08, 0x44, 0xAF, 0x28, 0xF5, 0x15, 0x34, 0x87, 0x5C, 0x8A, 0xB4, 0x5B, 0x15, 0x6A, 0xAD, 0x27, 0x4E, 0xA0, 0xDE, 0x99, 0x22, 0xCF, 0xAB, 0x4C, 0xFD, 0x75, 0x10, 0x5D, 0xFF, 0xE8, 0x81, 0x50, 0xC4, 0xC0, 0x4B }; static unsigned char dhg_2048[] = { 0x02 }; DH *dh = DH_new(); BIGNUM *p, *g; if (dh == NULL) return NULL; p = BN_bin2bn(dhp_2048, sizeof(dhp_2048), NULL); g = BN_bin2bn(dhg_2048, sizeof(dhg_2048), NULL); if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); return NULL; } return dh; }",visit repo url,src/dhparam.c,https://github.com/mtrojnar/stunnel,214565499315662,1 1685,CWE-20,"static int snd_hrtimer_start(struct snd_timer *t) { struct snd_hrtimer *stime = t->private_data; atomic_set(&stime->running, 0); hrtimer_cancel(&stime->hrt); hrtimer_start(&stime->hrt, ns_to_ktime(t->sticks * resolution), HRTIMER_MODE_REL); atomic_set(&stime->running, 1); return 0; }",visit repo url,sound/core/hrtimer.c,https://github.com/torvalds/linux,44436148060682,1 4178,CWE-787,"webSocketsHasDataInBuffer(rfbClientPtr cl) { ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx; if (wsctx && wsctx->readbuflen) return TRUE; return (cl->sslctx && rfbssl_pending(cl) > 0); }",visit repo url,libvncserver/websockets.c,https://github.com/LibVNC/libvncserver,163100495621673,1 5975,['CWE-200'],"static void sit_add_v4_addrs(struct inet6_dev *idev) { struct inet6_ifaddr * ifp; struct in6_addr addr; struct net_device *dev; int scope; ASSERT_RTNL(); memset(&addr, 0, sizeof(struct in6_addr)); memcpy(&addr.s6_addr32[3], idev->dev->dev_addr, 4); if (idev->dev->flags&IFF_POINTOPOINT) { addr.s6_addr32[0] = htonl(0xfe800000); scope = IFA_LINK; } else { scope = IPV6_ADDR_COMPATv4; } if (addr.s6_addr32[3]) { ifp = ipv6_add_addr(idev, &addr, 128, scope, IFA_F_PERMANENT); if (!IS_ERR(ifp)) { spin_lock_bh(&ifp->lock); ifp->flags &= ~IFA_F_TENTATIVE; spin_unlock_bh(&ifp->lock); ipv6_ifa_notify(RTM_NEWADDR, ifp); in6_ifa_put(ifp); } return; } for (dev = dev_base; dev != NULL; dev = dev->next) { struct in_device * in_dev = __in_dev_get(dev); if (in_dev && (dev->flags & IFF_UP)) { struct in_ifaddr * ifa; int flag = scope; for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) { int plen; addr.s6_addr32[3] = ifa->ifa_local; if (ifa->ifa_scope == RT_SCOPE_LINK) continue; if (ifa->ifa_scope >= RT_SCOPE_HOST) { if (idev->dev->flags&IFF_POINTOPOINT) continue; flag |= IFA_HOST; } if (idev->dev->flags&IFF_POINTOPOINT) plen = 64; else plen = 96; ifp = ipv6_add_addr(idev, &addr, plen, flag, IFA_F_PERMANENT); if (!IS_ERR(ifp)) { spin_lock_bh(&ifp->lock); ifp->flags &= ~IFA_F_TENTATIVE; spin_unlock_bh(&ifp->lock); ipv6_ifa_notify(RTM_NEWADDR, ifp); in6_ifa_put(ifp); } } } } }",linux-2.6,,,47615048803987586770077547347557833222,0 4212,['CWE-399'],"static int pfifo_fast_dump(struct Qdisc *qdisc, struct sk_buff *skb) { struct tc_prio_qopt opt = { .bands = PFIFO_FAST_BANDS }; memcpy(&opt.priomap, prio2band, TC_PRIO_MAX+1); NLA_PUT(skb, TCA_OPTIONS, sizeof(opt), &opt); return skb->len; nla_put_failure: return -1; }",linux-2.6,,,2283344504687852195797653747442490279,0 3563,CWE-20,"jas_image_t *jp2_decode(jas_stream_t *in, char *optstr) { jp2_box_t *box; int found; jas_image_t *image; jp2_dec_t *dec; bool samedtype; int dtype; unsigned int i; jp2_cmap_t *cmapd; jp2_pclr_t *pclrd; jp2_cdef_t *cdefd; unsigned int channo; int newcmptno; int_fast32_t *lutents; #if 0 jp2_cdefchan_t *cdefent; int cmptno; #endif jp2_cmapent_t *cmapent; jas_icchdr_t icchdr; jas_iccprof_t *iccprof; dec = 0; box = 0; image = 0; if (!(dec = jp2_dec_create())) { goto error; } if (!(box = jp2_box_get(in))) { jas_eprintf(""error: cannot get box\n""); goto error; } if (box->type != JP2_BOX_JP) { jas_eprintf(""error: expecting signature box\n""); goto error; } if (box->data.jp.magic != JP2_JP_MAGIC) { jas_eprintf(""incorrect magic number\n""); goto error; } jp2_box_destroy(box); box = 0; if (!(box = jp2_box_get(in))) { goto error; } if (box->type != JP2_BOX_FTYP) { jas_eprintf(""expecting file type box\n""); goto error; } jp2_box_destroy(box); box = 0; found = 0; while ((box = jp2_box_get(in))) { if (jas_getdbglevel() >= 1) { jas_eprintf(""got box type %s\n"", box->info->name); } switch (box->type) { case JP2_BOX_JP2C: found = 1; break; case JP2_BOX_IHDR: if (!dec->ihdr) { dec->ihdr = box; box = 0; } break; case JP2_BOX_BPCC: if (!dec->bpcc) { dec->bpcc = box; box = 0; } break; case JP2_BOX_CDEF: if (!dec->cdef) { dec->cdef = box; box = 0; } break; case JP2_BOX_PCLR: if (!dec->pclr) { dec->pclr = box; box = 0; } break; case JP2_BOX_CMAP: if (!dec->cmap) { dec->cmap = box; box = 0; } break; case JP2_BOX_COLR: if (!dec->colr) { dec->colr = box; box = 0; } break; } if (box) { jp2_box_destroy(box); box = 0; } if (found) { break; } } if (!found) { jas_eprintf(""error: no code stream found\n""); goto error; } if (!(dec->image = jpc_decode(in, optstr))) { jas_eprintf(""error: cannot decode code stream\n""); goto error; } if (!dec->ihdr) { jas_eprintf(""error: missing IHDR box\n""); goto error; } if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } samedtype = true; dtype = jas_image_cmptdtype(dec->image, 0); for (i = 1; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != dtype) { samedtype = false; break; } } if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) || (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) { jas_eprintf(""warning: component data type mismatch\n""); } if (dec->ihdr->data.ihdr.comptype != JP2_IHDR_COMPTYPE) { jas_eprintf(""error: unsupported compression type\n""); goto error; } if (dec->bpcc) { if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(uint, jas_image_numcmpts( dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!samedtype) { for (i = 0; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) { jas_eprintf(""warning: component data type mismatch\n""); } } } else { jas_eprintf(""warning: superfluous BPCC box\n""); } } if (!dec->colr) { jas_eprintf(""error: no COLR box\n""); goto error; } switch (dec->colr->data.colr.method) { case JP2_COLR_ENUM: jas_image_setclrspc(dec->image, jp2_getcs(&dec->colr->data.colr)); break; case JP2_COLR_ICC: iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, dec->colr->data.colr.iccplen); if (!iccprof) { jas_eprintf(""error: failed to parse ICC profile\n""); goto error; } jas_iccprof_gethdr(iccprof, &icchdr); jas_eprintf(""ICC Profile CS %08x\n"", icchdr.colorspc); jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof); assert(dec->image->cmprof_); jas_iccprof_destroy(iccprof); break; } if (dec->cmap && !dec->pclr) { jas_eprintf(""warning: missing PCLR box or superfluous CMAP box\n""); jp2_box_destroy(dec->cmap); dec->cmap = 0; } if (!dec->cmap && dec->pclr) { jas_eprintf(""warning: missing CMAP box or superfluous PCLR box\n""); jp2_box_destroy(dec->pclr); dec->pclr = 0; } dec->numchans = dec->cmap ? dec->cmap->data.cmap.numchans : JAS_CAST(uint, jas_image_numcmpts(dec->image)); if (dec->cmap) { for (i = 0; i < dec->numchans; ++i) { if (dec->cmap->data.cmap.ents[i].cmptno >= JAS_CAST(uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""error: invalid component number in CMAP box\n""); goto error; } if (dec->cmap->data.cmap.ents[i].pcol >= dec->pclr->data.pclr.numchans) { jas_eprintf(""error: invalid CMAP LUT index\n""); goto error; } } } if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) { jas_eprintf(""error: no memory\n""); goto error; } if (!dec->cmap) { for (i = 0; i < dec->numchans; ++i) { dec->chantocmptlut[i] = i; } } else { cmapd = &dec->cmap->data.cmap; pclrd = &dec->pclr->data.pclr; cdefd = &dec->cdef->data.cdef; for (channo = 0; channo < cmapd->numchans; ++channo) { cmapent = &cmapd->ents[channo]; if (cmapent->map == JP2_CMAP_DIRECT) { dec->chantocmptlut[channo] = channo; } else if (cmapent->map == JP2_CMAP_PALETTE) { lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); for (i = 0; i < pclrd->numlutents; ++i) { lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; } newcmptno = jas_image_numcmpts(dec->image); jas_image_depalettize(dec->image, cmapent->cmptno, pclrd->numlutents, lutents, JP2_BPCTODTYPE(pclrd->bpc[cmapent->pcol]), newcmptno); dec->chantocmptlut[channo] = newcmptno; jas_free(lutents); #if 0 if (dec->cdef) { cdefent = jp2_cdef_lookup(cdefd, channo); if (!cdefent) { abort(); } jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), cdefent->type, cdefent->assoc)); } else { jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1)); } #endif } } } for (i = 0; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { jas_image_setcmpttype(dec->image, i, JAS_IMAGE_CT_UNKNOWN); } if (dec->cdef) { for (i = 0; i < dec->numchans; ++i) { if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { jas_eprintf(""error: invalid channel number in CDEF box\n""); goto error; } jas_image_setcmpttype(dec->image, dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], jp2_getct(jas_image_clrspc(dec->image), dec->cdef->data.cdef.ents[i].type, dec->cdef->data.cdef.ents[i].assoc)); } } else { for (i = 0; i < dec->numchans; ++i) { jas_image_setcmpttype(dec->image, dec->chantocmptlut[i], jp2_getct(jas_image_clrspc(dec->image), 0, i + 1)); } } for (i = jas_image_numcmpts(dec->image); i > 0; --i) { if (jas_image_cmpttype(dec->image, i - 1) == JAS_IMAGE_CT_UNKNOWN) { jas_image_delcmpt(dec->image, i - 1); } } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } #if 0 jas_eprintf(""no of components is %d\n"", jas_image_numcmpts(dec->image)); #endif image = dec->image; dec->image = 0; jp2_dec_destroy(dec); return image; error: if (box) { jp2_box_destroy(box); } if (dec) { jp2_dec_destroy(dec); } return 0; }",visit repo url,src/libjasper/jp2/jp2_dec.c,https://github.com/mdadams/jasper,31285916644684,1 4609,CWE-190,"s32 vvc_parse_picture_header(GF_BitStream *bs, VVCState *vvc, VVCSliceInfo *si) { u32 pps_id; si->irap_or_gdr_pic = gf_bs_read_int_log(bs, 1, ""irap_or_gdr_pic""); si->non_ref_pic = gf_bs_read_int_log(bs, 1, ""non_ref_pic""); if (si->irap_or_gdr_pic) si->gdr_pic = gf_bs_read_int_log(bs, 1, ""gdr_pic""); if ((si->inter_slice_allowed_flag = gf_bs_read_int_log(bs, 1, ""inter_slice_allowed_flag""))) si->intra_slice_allowed_flag = gf_bs_read_int_log(bs, 1, ""intra_slice_allowed_flag""); pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if (pps_id >= 64) return -1; si->pps = &vvc->pps[pps_id]; si->sps = &vvc->sps[si->pps->sps_id]; si->poc_lsb = gf_bs_read_int_log(bs, si->sps->log2_max_poc_lsb, ""poc_lsb""); si->recovery_point_valid = 0; si->gdr_recovery_count = 0; if (si->gdr_pic) { si->recovery_point_valid = 1; si->gdr_recovery_count = gf_bs_read_ue_log(bs, ""gdr_recovery_count""); } gf_bs_read_int_log(bs, si->sps->ph_num_extra_bits, ""ph_extra_bits""); if (si->sps->poc_msb_cycle_flag) { if ( (si->poc_msb_cycle_present_flag = gf_bs_read_int_log(bs, 1, ""poc_msb_cycle_present_flag""))) { si->poc_msb_cycle = gf_bs_read_int_log(bs, si->sps->poc_msb_cycle_len, ""poc_msb_cycle""); } } return 0; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,139454496834564,1 4383,['CWE-264'],"void sk_reset_timer(struct sock *sk, struct timer_list* timer, unsigned long expires) { if (!mod_timer(timer, expires)) sock_hold(sk); }",linux-2.6,,,161723839207318907541818165665303085442,0 3887,CWE-122,"tabstop_set(char_u *var, int **array) { int valcount = 1; int t; char_u *cp; if (var[0] == NUL || (var[0] == '0' && var[1] == NUL)) { *array = NULL; return TRUE; } for (cp = var; *cp != NUL; ++cp) { if (cp == var || cp[-1] == ',') { char_u *end; if (strtol((char *)cp, (char **)&end, 10) <= 0) { if (cp != end) emsg(_(e_positive)); else emsg(_(e_invarg)); return FALSE; } } if (VIM_ISDIGIT(*cp)) continue; if (cp[0] == ',' && cp > var && cp[-1] != ',' && cp[1] != NUL) { ++valcount; continue; } emsg(_(e_invarg)); return FALSE; } *array = ALLOC_MULT(int, valcount + 1); if (*array == NULL) return FALSE; (*array)[0] = valcount; t = 1; for (cp = var; *cp != NUL;) { (*array)[t++] = atoi((char *)cp); while (*cp != NUL && *cp != ',') ++cp; if (*cp != NUL) ++cp; } return TRUE; }",visit repo url,src/indent.c,https://github.com/vim/vim,50699889793533,1 6538,['CWE-200'],"void applet_do_notify_with_pref (NMApplet *applet, const char *summary, const char *message, const char *icon, const char *pref) { if (gconf_client_get_bool (applet->gconf_client, pref, NULL)) return; applet_do_notify (applet, NOTIFY_URGENCY_LOW, summary, message, icon, pref, _(""Don't show this message again""), notify_connected_dont_show_cb, applet); }",network-manager-applet,,,104735842116085904258451804152526732152,0 2078,CWE-787,"xfs_dinode_verify( struct xfs_mount *mp, xfs_ino_t ino, struct xfs_dinode *dip) { xfs_failaddr_t fa; uint16_t mode; uint16_t flags; uint64_t flags2; uint64_t di_size; if (dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC)) return __this_address; if (dip->di_version >= 3) { if (!xfs_sb_version_hascrc(&mp->m_sb)) return __this_address; if (!xfs_verify_cksum((char *)dip, mp->m_sb.sb_inodesize, XFS_DINODE_CRC_OFF)) return __this_address; if (be64_to_cpu(dip->di_ino) != ino) return __this_address; if (!uuid_equal(&dip->di_uuid, &mp->m_sb.sb_meta_uuid)) return __this_address; } di_size = be64_to_cpu(dip->di_size); if (di_size & (1ULL << 63)) return __this_address; mode = be16_to_cpu(dip->di_mode); if (mode && xfs_mode_to_ftype(mode) == XFS_DIR3_FT_UNKNOWN) return __this_address; if ((S_ISLNK(mode) || S_ISDIR(mode)) && di_size == 0) return __this_address; if (mode && be32_to_cpu(dip->di_nextents) + be16_to_cpu(dip->di_anextents) > be64_to_cpu(dip->di_nblocks)) return __this_address; if (mode && XFS_DFORK_BOFF(dip) > mp->m_sb.sb_inodesize) return __this_address; flags = be16_to_cpu(dip->di_flags); if (mode && (flags & XFS_DIFLAG_REALTIME) && !mp->m_rtdev_targp) return __this_address; switch (mode & S_IFMT) { case S_IFIFO: case S_IFCHR: case S_IFBLK: case S_IFSOCK: if (dip->di_format != XFS_DINODE_FMT_DEV) return __this_address; break; case S_IFREG: case S_IFLNK: case S_IFDIR: switch (dip->di_format) { case XFS_DINODE_FMT_LOCAL: if (S_ISREG(mode)) return __this_address; if (di_size > XFS_DFORK_DSIZE(dip, mp)) return __this_address; if (dip->di_nextents) return __this_address; case XFS_DINODE_FMT_EXTENTS: case XFS_DINODE_FMT_BTREE: break; default: return __this_address; } break; case 0: break; default: return __this_address; } if (XFS_DFORK_Q(dip)) { switch (dip->di_aformat) { case XFS_DINODE_FMT_LOCAL: if (dip->di_anextents) return __this_address; case XFS_DINODE_FMT_EXTENTS: case XFS_DINODE_FMT_BTREE: break; default: return __this_address; } } else { switch (dip->di_aformat) { case 0: case XFS_DINODE_FMT_EXTENTS: break; default: return __this_address; } if (dip->di_anextents) return __this_address; } fa = xfs_inode_validate_extsize(mp, be32_to_cpu(dip->di_extsize), mode, flags); if (fa) return fa; if (dip->di_version < 3) return NULL; flags2 = be64_to_cpu(dip->di_flags2); if ((flags2 & (XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE)) && !xfs_sb_version_hasreflink(&mp->m_sb)) return __this_address; if ((flags2 & XFS_DIFLAG2_REFLINK) && (mode & S_IFMT) != S_IFREG) return __this_address; if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags & XFS_DIFLAG_REALTIME)) return __this_address; if ((flags2 & XFS_DIFLAG2_REFLINK) && (flags2 & XFS_DIFLAG2_DAX)) return __this_address; fa = xfs_inode_validate_cowextsize(mp, be32_to_cpu(dip->di_cowextsize), mode, flags, flags2); if (fa) return fa; return NULL; }",visit repo url,fs/xfs/libxfs/xfs_inode_buf.c,https://github.com/torvalds/linux,127747609800331,1 425,CWE-416,"static int snd_ctl_elem_read_user(struct snd_card *card, struct snd_ctl_elem_value __user *_control) { struct snd_ctl_elem_value *control; int result; control = memdup_user(_control, sizeof(*control)); if (IS_ERR(control)) return PTR_ERR(control); snd_power_lock(card); result = snd_power_wait(card, SNDRV_CTL_POWER_D0); if (result >= 0) result = snd_ctl_elem_read(card, control); snd_power_unlock(card); if (result >= 0) if (copy_to_user(_control, control, sizeof(*control))) result = -EFAULT; kfree(control); return result; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,197815005046972,1 6619,CWE-787,"static int MqttClient_WaitType(MqttClient *client, void *packet_obj, byte wait_type, word16 wait_packet_id, int timeout_ms) { int rc; word16 packet_id; MqttPacketType packet_type; #ifdef WOLFMQTT_MULTITHREAD MqttPendResp *pendResp; int readLocked; #endif MqttMsgStat* mms_stat; int waitMatchFound; if (client == NULL || packet_obj == NULL) { return MQTT_CODE_ERROR_BAD_ARG; } mms_stat = (MqttMsgStat*)packet_obj; wait_again: packet_id = 0; packet_type = MQTT_PACKET_TYPE_RESERVED; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; readLocked = 0; #endif waitMatchFound = 0; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Type %s (%d), ID %d"", MqttPacket_TypeDesc((MqttPacketType)wait_type), wait_type, wait_packet_id); #endif switch ((int)*mms_stat) { case MQTT_MSG_BEGIN: { #ifdef WOLFMQTT_MULTITHREAD rc = wm_SemLock(&client->lockRecv); if (rc != 0) { PRINTF(""MqttClient_WaitType: recv lock error!""); return rc; } readLocked = 1; #endif client->packet.stat = MQTT_PK_BEGIN; } FALL_THROUGH; #ifdef WOLFMQTT_V5 case MQTT_MSG_AUTH: #endif case MQTT_MSG_WAIT: { #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, (MqttPacketType)wait_type, wait_packet_id, &pendResp)) { if (pendResp->packetDone) { rc = pendResp->packet_ret; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp already Done %p: Rc %d"", pendResp, rc); #endif MqttClient_RespList_Remove(client, pendResp); wm_SemUnlock(&client->lockClient); wm_SemUnlock(&client->lockRecv); return rc; } } wm_SemUnlock(&client->lockClient); } else { break; } #endif *mms_stat = MQTT_MSG_WAIT; rc = MqttPacket_Read(client, client->rx_buf, client->rx_buf_len, timeout_ms); if (rc <= 0) { break; } client->packet.buf_len = rc; rc = MqttClient_DecodePacket(client, client->rx_buf, client->packet.buf_len, NULL, &packet_type, NULL, &packet_id); if (rc < 0) { break; } #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""Read Packet: Len %d, Type %d, ID %d"", client->packet.buf_len, packet_type, packet_id); #endif *mms_stat = MQTT_MSG_READ; } FALL_THROUGH; case MQTT_MSG_READ: case MQTT_MSG_READ_PAYLOAD: { MqttPacketType use_packet_type; void* use_packet_obj; #ifdef WOLFMQTT_MULTITHREAD readLocked = 1; #endif if (*mms_stat == MQTT_MSG_READ_PAYLOAD) { packet_type = MQTT_PACKET_TYPE_PUBLISH; } if ((wait_type == MQTT_PACKET_TYPE_ANY || wait_type == packet_type || MqttIsPubRespPacket(packet_type) == MqttIsPubRespPacket(wait_type)) && (wait_packet_id == 0 || wait_packet_id == packet_id)) { use_packet_obj = packet_obj; waitMatchFound = 1; } else { use_packet_obj = &client->msg; } use_packet_type = packet_type; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, packet_type, packet_id, &pendResp)) { pendResp->packetProcessing = 1; use_packet_obj = pendResp->packet_obj; use_packet_type = pendResp->packet_type; waitMatchFound = 0; } wm_SemUnlock(&client->lockClient); } else { break; } #endif rc = MqttClient_HandlePacket(client, use_packet_type, use_packet_obj, timeout_ms); #ifdef WOLFMQTT_NONBLOCK if (rc == MQTT_CODE_CONTINUE) { return rc; } #endif if (rc >= 0) { rc = MQTT_CODE_SUCCESS; } #ifdef WOLFMQTT_MULTITHREAD if (pendResp) { if (wm_SemLock(&client->lockClient) == 0) { pendResp->packetDone = 1; pendResp->packet_ret = rc; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp Done %p"", pendResp); #endif pendResp = NULL; wm_SemUnlock(&client->lockClient); } } #endif break; } case MQTT_MSG_WRITE: case MQTT_MSG_WRITE_PAYLOAD: default: { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Invalid state %d!"", *mms_stat); #endif rc = MQTT_CODE_ERROR_STAT; break; } } #ifdef WOLFMQTT_NONBLOCK if (rc != MQTT_CODE_CONTINUE) #endif { *mms_stat = MQTT_MSG_BEGIN; } #ifdef WOLFMQTT_MULTITHREAD if (readLocked) { wm_SemUnlock(&client->lockRecv); } #endif if (rc < 0) { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Failure: %s (%d)"", MqttClient_ReturnCodeToString(rc), rc); #endif return rc; } if (!waitMatchFound) { goto wait_again; } return rc; }",visit repo url,src/mqtt_client.c,https://github.com/wolfSSL/wolfMQTT,278703091752165,1 5781,CWE-125,"snmp_ber_encode_length(unsigned char *out, uint32_t *out_len, uint8_t length) { *out-- = length; (*out_len)++; return out; }",visit repo url,os/net/app-layer/snmp/snmp-ber.c,https://github.com/contiki-ng/contiki-ng,177446723989591,1 4261,CWE-787,"static VariableLocation *parse_dwarf_location (Context *ctx, const RBinDwarfAttrValue *loc, const RBinDwarfAttrValue *frame_base) { if (loc->kind != DW_AT_KIND_BLOCK && loc->kind != DW_AT_KIND_LOCLISTPTR && loc->kind != DW_AT_KIND_REFERENCE && loc->kind != DW_AT_KIND_CONSTANT) { return NULL; } RBinDwarfBlock block; if (loc->kind == DW_AT_KIND_LOCLISTPTR || loc->kind == DW_AT_KIND_REFERENCE || loc->kind == DW_AT_KIND_CONSTANT) { ut64 offset = loc->reference; RBinDwarfLocList *range_list = ht_up_find (ctx->locations, offset, NULL); if (!range_list) { return NULL; } RBinDwarfLocRange *range = find_largest_loc_range (range_list->list); if (!range) { return NULL; } block = *range->expression; } else { block = loc->block; } VariableLocationKind kind = LOCATION_UNKNOWN; st64 offset = 0; ut64 address = 0; ut64 reg_num = -1; const char *reg_name = NULL; size_t i; for (i = 0; i < block.length; i++) { switch (block.data[i]) { case DW_OP_fbreg: { if (i == block.length - 1) { return NULL; } const ut8 *dump = &block.data[++i]; offset = r_sleb128 (&dump, &block.data[loc->block.length]); if (frame_base) { VariableLocation *location = parse_dwarf_location (ctx, frame_base, NULL); if (location) { location->offset += offset; return location; } return NULL; } else { return NULL; } break; } case DW_OP_reg0: case DW_OP_reg1: case DW_OP_reg2: case DW_OP_reg3: case DW_OP_reg4: case DW_OP_reg5: case DW_OP_reg6: case DW_OP_reg7: case DW_OP_reg8: case DW_OP_reg9: case DW_OP_reg10: case DW_OP_reg11: case DW_OP_reg12: case DW_OP_reg13: case DW_OP_reg14: case DW_OP_reg15: case DW_OP_reg16: case DW_OP_reg17: case DW_OP_reg18: case DW_OP_reg19: case DW_OP_reg20: case DW_OP_reg21: case DW_OP_reg22: case DW_OP_reg23: case DW_OP_reg24: case DW_OP_reg25: case DW_OP_reg26: case DW_OP_reg27: case DW_OP_reg28: case DW_OP_reg29: case DW_OP_reg30: case DW_OP_reg31: { reg_num = block.data[i] - DW_OP_reg0; reg_name = get_dwarf_reg_name (ctx->anal->cpu, reg_num, &kind, ctx->anal->bits); break; } case DW_OP_breg0: case DW_OP_breg1: case DW_OP_breg2: case DW_OP_breg3: case DW_OP_breg4: case DW_OP_breg5: case DW_OP_breg6: case DW_OP_breg7: case DW_OP_breg8: case DW_OP_breg9: case DW_OP_breg10: case DW_OP_breg11: case DW_OP_breg12: case DW_OP_breg13: case DW_OP_breg14: case DW_OP_breg15: case DW_OP_breg16: case DW_OP_breg17: case DW_OP_breg18: case DW_OP_breg19: case DW_OP_breg20: case DW_OP_breg21: case DW_OP_breg22: case DW_OP_breg23: case DW_OP_breg24: case DW_OP_breg25: case DW_OP_breg26: case DW_OP_breg27: case DW_OP_breg28: case DW_OP_breg29: case DW_OP_breg30: case DW_OP_breg31: { if (i == block.length - 1) { return NULL; } reg_num = block.data[i] - DW_OP_breg0; const ut8 *buffer = &block.data[++i]; offset = r_sleb128 (&buffer, &block.data[block.length]); i += buffer - &block.data[0]; reg_name = get_dwarf_reg_name (ctx->anal->cpu, reg_num, &kind, ctx->anal->bits); break; } case DW_OP_bregx: { if (i == block.length - 1) { return NULL; } const ut8 *buffer = &block.data[++i]; const ut8 *buf_end = &block.data[block.length]; buffer = r_uleb128 (buffer, buf_end - buffer, ®_num, NULL); if (buffer == buf_end) { return NULL; } offset = r_sleb128 (&buffer, buf_end); reg_name = get_dwarf_reg_name (ctx->anal->cpu, reg_num, &kind, ctx->anal->bits); break; } case DW_OP_addr: { const int addr_size = ctx->anal->bits / 8; const ut8 *dump = &block.data[++i]; if (block.length - i < addr_size) { return NULL; } switch (addr_size) { case 1: address = r_read_ble8 (dump); break; case 2: address = r_read_ble16 (dump, ctx->anal->big_endian); break; case 4: address = r_read_ble32 (dump, ctx->anal->big_endian); break; case 8: address = r_read_ble64 (dump, ctx->anal->big_endian); break; default: r_warn_if_reached (); return NULL; } kind = LOCATION_GLOBAL; break; } case DW_OP_call_frame_cfa: { kind = LOCATION_BP; offset += 16; break; } default: break; } } if (kind == LOCATION_UNKNOWN) { return NULL; } VariableLocation *location = R_NEW0 (VariableLocation); if (location) { location->reg_name = reg_name; location->reg_num = reg_num; location->kind = kind; location->offset = offset; location->address = address; } return location; }",visit repo url,libr/anal/dwarf_process.c,https://github.com/radareorg/radare2,153878539548890,1 1531,CWE-476,"static inline int crypto_rng_generate(struct crypto_rng *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int dlen) { return tfm->generate(tfm, src, slen, dst, dlen); }",visit repo url,include/crypto/rng.h,https://github.com/torvalds/linux,93480513251208,1 5020,CWE-125,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 5646,CWE-120,"choose_windows(s) const char *s; { register int i; for (i = 0; winchoices[i].procs; i++) { if ('+' == winchoices[i].procs->name[0]) continue; if ('-' == winchoices[i].procs->name[0]) continue; if (!strcmpi(s, winchoices[i].procs->name)) { windowprocs = *winchoices[i].procs; if (last_winchoice && last_winchoice->ini_routine) (*last_winchoice->ini_routine)(WININIT_UNDO); if (winchoices[i].ini_routine) (*winchoices[i].ini_routine)(WININIT); last_winchoice = &winchoices[i]; return; } } if (!windowprocs.win_raw_print) windowprocs.win_raw_print = def_raw_print; if (!windowprocs.win_wait_synch) windowprocs.win_wait_synch = def_wait_synch; if (!winchoices[0].procs) { raw_printf(""No window types?""); nh_terminate(EXIT_FAILURE); } if (!winchoices[1].procs) { config_error_add( ""Window type %s not recognized. The only choice is: %s"", s, winchoices[0].procs->name); } else { char buf[BUFSZ]; boolean first = TRUE; buf[0] = '\0'; for (i = 0; winchoices[i].procs; i++) { if ('+' == winchoices[i].procs->name[0]) continue; if ('-' == winchoices[i].procs->name[0]) continue; Sprintf(eos(buf), ""%s%s"", first ? """" : "", "", winchoices[i].procs->name); first = FALSE; } config_error_add(""Window type %s not recognized. Choices are: %s"", s, buf); } if (windowprocs.win_raw_print == def_raw_print || WINDOWPORT(""safe-startup"")) nh_terminate(EXIT_SUCCESS); }",visit repo url,src/windows.c,https://github.com/NetHack/NetHack,33347180604746,1 2503,CWE-20,"int dsOpen(void) { struct stat sb; int retval; char *path = server.diskstore_path; if ((retval = stat(path,&sb) == -1) && errno != ENOENT) { redisLog(REDIS_WARNING, ""Error opening disk store at %s: %s"", path, strerror(errno)); return REDIS_ERR; } if (retval == 0 && S_ISDIR(sb.st_mode)) return REDIS_OK; if (retval == 0 && !S_ISDIR(sb.st_mode)) { redisLog(REDIS_WARNING,""Disk store at %s is not a directory"", path); return REDIS_ERR; } if (mkdir(path) == -1) { redisLog(REDIS_WARNING,""Disk store init failed creating dir %s: %s"", path, strerror(errno)); return REDIS_ERR; } return REDIS_OK; }",visit repo url,src/diskstore.c,https://github.com/antirez/redis,252763289356897,1 3431,['CWE-264'],"generic_file_splice_write_nolock(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags) { struct address_space *mapping = out->f_mapping; struct inode *inode = mapping->host; ssize_t ret; int err; err = remove_suid(out->f_dentry); if (unlikely(err)) return err; ret = __splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file); if (ret > 0) { *ppos += ret; if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) { err = generic_osync_inode(inode, mapping, OSYNC_METADATA|OSYNC_DATA); if (err) ret = err; } } return ret; }",linux-2.6,,,195538903160511041418085515045806750525,0 870,CWE-20,"static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); int noblock = flags & MSG_DONTWAIT; struct sk_buff *skb; int err; int peeked, skip; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); goto out; } skip = sk_peek_offset(sk, flags); skb = __skb_recv_datagram(sk, flags, &peeked, &skip, &err); if (!skb) { unix_state_lock(sk); if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && (sk->sk_shutdown & RCV_SHUTDOWN)) err = 0; unix_state_unlock(sk); goto out_unlock; } wake_up_interruptible_sync_poll(&u->peer_wait, POLLOUT | POLLWRNORM | POLLWRBAND); if (msg->msg_name) unix_copy_addr(msg, skb->sk); if (size > skb->len - skip) size = skb->len - skip; else if (size < skb->len - skip) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, skip, msg->msg_iov, size); if (err) goto out_free; if (sock_flag(sk, SOCK_RCVTSTAMP)) __sock_recv_timestamp(msg, sk, skb); if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); unix_set_secdata(siocb->scm, skb); if (!(flags & MSG_PEEK)) { if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); sk_peek_offset_bwd(sk, skb->len); } else { sk_peek_offset_fwd(sk, size); if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); } err = (flags & MSG_TRUNC) ? skb->len - skip : size; scm_recv(sock, msg, siocb->scm, flags); out_free: skb_free_datagram(sk, skb); out_unlock: mutex_unlock(&u->readlock); out: return err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,179527283060615,1 4760,['CWE-20'],"void ext4_abort(struct super_block *sb, const char *function, const char *fmt, ...) { va_list args; printk(KERN_CRIT ""ext4_abort called.\n""); va_start(args, fmt); printk(KERN_CRIT ""EXT4-fs error (device %s): %s: "", sb->s_id, function); vprintk(fmt, args); printk(""\n""); va_end(args); if (test_opt(sb, ERRORS_PANIC)) panic(""EXT4-fs panic from previous error\n""); if (sb->s_flags & MS_RDONLY) return; printk(KERN_CRIT ""Remounting filesystem read-only\n""); EXT4_SB(sb)->s_mount_state |= EXT4_ERROR_FS; sb->s_flags |= MS_RDONLY; EXT4_SB(sb)->s_mount_opt |= EXT4_MOUNT_ABORT; if (EXT4_SB(sb)->s_journal) jbd2_journal_abort(EXT4_SB(sb)->s_journal, -EIO); }",linux-2.6,,,38591902033864897091380235653912337697,0 6585,CWE-787,"void _luac_build_info(LuaProto *proto, LuacBinInfo *info) { char *section_name; char *symbol_name; char *proto_name; RzListIter *iter; ut64 current_offset; ut64 current_size; int i = 0; if (proto->name_size == 0 || proto->proto_name == NULL) { proto_name = rz_str_newf(""fcn.%08llx"", proto->offset); } else { proto_name = rz_str_new((char *)proto->proto_name); } current_offset = proto->offset; current_size = proto->size; section_name = rz_str_newf(""%s.header"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); current_offset = proto->code_offset; current_size = proto->code_size; section_name = rz_str_newf(""%s.code"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, true); RZ_FREE(section_name); current_offset = proto->const_offset; current_size = proto->const_size; section_name = rz_str_newf(""%s.const"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); current_offset = proto->upvalue_offset; current_size = proto->upvalue_size; section_name = rz_str_newf(""%s.upvalues"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); current_offset = proto->inner_proto_offset; current_size = proto->inner_proto_size; section_name = rz_str_newf(""%s.protos"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); current_offset = proto->debug_offset; current_size = proto->debug_size; section_name = rz_str_newf(""%s.debug"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); LuaLocalVarEntry *local_var_entry; rz_list_foreach (proto->local_var_info_entries, iter, local_var_entry) { luac_add_string( info->string_list, (char *)local_var_entry->varname, local_var_entry->offset, local_var_entry->varname_len); } char **upvalue_names; int real_upvalue_cnt; LuaDbgUpvalueEntry *debug_upv_entry; real_upvalue_cnt = rz_list_length(proto->upvalue_entries); upvalue_names = RZ_NEWS0(char *, real_upvalue_cnt); if (!upvalue_names) { return; } rz_list_foreach (proto->dbg_upvalue_entries, iter, debug_upv_entry) { upvalue_names[i] = (char *)debug_upv_entry->upvalue_name; luac_add_string( info->string_list, upvalue_names[i], debug_upv_entry->offset, debug_upv_entry->name_len); } LuaConstEntry *const_entry; rz_list_foreach (proto->const_entries, iter, const_entry) { symbol_name = get_constant_symbol_name(proto_name, const_entry); luac_add_symbol( info->symbol_list, symbol_name, const_entry->offset, const_entry->data_len, get_tag_string(const_entry->tag)); if (const_entry->tag == LUA_VLNGSTR || const_entry->tag == LUA_VSHRSTR) { luac_add_string( info->string_list, (char *)const_entry->data, const_entry->offset, const_entry->data_len); } RZ_FREE(symbol_name); } LuaUpvalueEntry *upvalue_entry; i = 0; rz_list_foreach (proto->upvalue_entries, iter, upvalue_entry) { symbol_name = get_upvalue_symbol_name(proto_name, upvalue_entry, upvalue_names[i++]); luac_add_symbol( info->symbol_list, symbol_name, upvalue_entry->offset, 3, ""UPVALUE""); RZ_FREE(symbol_name); } LuaProto *sub_proto; rz_list_foreach (proto->proto_entries, iter, sub_proto) { _luac_build_info(sub_proto, info); } RZ_FREE(proto_name); }",visit repo url,librz/bin/format/luac/luac_bin.c,https://github.com/rizinorg/rizin,126911026391002,1 2565,[],"static unsigned hash_name(const char *name, int namelen) { unsigned val = 0; unsigned char c; while (namelen--) { c = *name++; val = ((val << 7) | (val >> 22)) ^ c; } return val; }",git,,,309743749569172214498016791517276294671,0 3375,['CWE-399'],"static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf, struct splice_desc *sd) { char *src; int ret; ret = buf->ops->confirm(pipe, buf); if (unlikely(ret)) return ret; if (!fault_in_pages_writeable(sd->u.userptr, sd->len)) { src = buf->ops->map(pipe, buf, 1); ret = __copy_to_user_inatomic(sd->u.userptr, src + buf->offset, sd->len); buf->ops->unmap(pipe, buf, src); if (!ret) { ret = sd->len; goto out; } } src = buf->ops->map(pipe, buf, 0); ret = sd->len; if (copy_to_user(sd->u.userptr, src + buf->offset, sd->len)) ret = -EFAULT; out: if (ret > 0) sd->u.userptr += ret; buf->ops->unmap(pipe, buf, src); return ret; }",linux-2.6,,,281207981771723839344556865478718563843,0 1044,['CWE-20'],"asmlinkage long sys_getcpu(unsigned __user *cpup, unsigned __user *nodep, struct getcpu_cache __user *cache) { int err = 0; int cpu = raw_smp_processor_id(); if (cpup) err |= put_user(cpu, cpup); if (nodep) err |= put_user(cpu_to_node(cpu), nodep); if (cache) { unsigned long t0, t1; get_user(t0, &cache->blob[0]); get_user(t1, &cache->blob[1]); t0++; t1++; put_user(t0, &cache->blob[0]); put_user(t1, &cache->blob[1]); } return err ? -EFAULT : 0; }",linux-2.6,,,51735987761803245319511619446735419929,0 1701,CWE-19,"static int ext4_fill_super(struct super_block *sb, void *data, int silent) { char *orig_data = kstrdup(data, GFP_KERNEL); struct buffer_head *bh; struct ext4_super_block *es = NULL; struct ext4_sb_info *sbi; ext4_fsblk_t block; ext4_fsblk_t sb_block = get_sb_block(&data); ext4_fsblk_t logical_sb_block; unsigned long offset = 0; unsigned long journal_devnum = 0; unsigned long def_mount_opts; struct inode *root; const char *descr; int ret = -ENOMEM; int blocksize, clustersize; unsigned int db_count; unsigned int i; int needs_recovery, has_huge_files, has_bigalloc; __u64 blocks_count; int err = 0; unsigned int journal_ioprio = DEFAULT_JOURNAL_IOPRIO; ext4_group_t first_not_zeroed; sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); if (!sbi) goto out_free_orig; sbi->s_blockgroup_lock = kzalloc(sizeof(struct blockgroup_lock), GFP_KERNEL); if (!sbi->s_blockgroup_lock) { kfree(sbi); goto out_free_orig; } sb->s_fs_info = sbi; sbi->s_sb = sb; sbi->s_inode_readahead_blks = EXT4_DEF_INODE_READAHEAD_BLKS; sbi->s_sb_block = sb_block; if (sb->s_bdev->bd_part) sbi->s_sectors_written_start = part_stat_read(sb->s_bdev->bd_part, sectors[1]); strreplace(sb->s_id, '/', '!'); ret = -EINVAL; blocksize = sb_min_blocksize(sb, EXT4_MIN_BLOCK_SIZE); if (!blocksize) { ext4_msg(sb, KERN_ERR, ""unable to set blocksize""); goto out_fail; } if (blocksize != EXT4_MIN_BLOCK_SIZE) { logical_sb_block = sb_block * EXT4_MIN_BLOCK_SIZE; offset = do_div(logical_sb_block, blocksize); } else { logical_sb_block = sb_block; } if (!(bh = sb_bread_unmovable(sb, logical_sb_block))) { ext4_msg(sb, KERN_ERR, ""unable to read superblock""); goto out_fail; } es = (struct ext4_super_block *) (bh->b_data + offset); sbi->s_es = es; sb->s_magic = le16_to_cpu(es->s_magic); if (sb->s_magic != EXT4_SUPER_MAGIC) goto cantfind_ext4; sbi->s_kbytes_written = le64_to_cpu(es->s_kbytes_written); if (ext4_has_feature_metadata_csum(sb) && ext4_has_feature_gdt_csum(sb)) ext4_warning(sb, ""metadata_csum and uninit_bg are "" ""redundant flags; please run fsck.""); if (!ext4_verify_csum_type(sb, es)) { ext4_msg(sb, KERN_ERR, ""VFS: Found ext4 filesystem with "" ""unknown checksum algorithm.""); silent = 1; goto cantfind_ext4; } if (ext4_has_feature_metadata_csum(sb)) { sbi->s_chksum_driver = crypto_alloc_shash(""crc32c"", 0, 0); if (IS_ERR(sbi->s_chksum_driver)) { ext4_msg(sb, KERN_ERR, ""Cannot load crc32c driver.""); ret = PTR_ERR(sbi->s_chksum_driver); sbi->s_chksum_driver = NULL; goto failed_mount; } } if (!ext4_superblock_csum_verify(sb, es)) { ext4_msg(sb, KERN_ERR, ""VFS: Found ext4 filesystem with "" ""invalid superblock checksum. Run e2fsck?""); silent = 1; ret = -EFSBADCRC; goto cantfind_ext4; } if (ext4_has_feature_csum_seed(sb)) sbi->s_csum_seed = le32_to_cpu(es->s_checksum_seed); else if (ext4_has_metadata_csum(sb)) sbi->s_csum_seed = ext4_chksum(sbi, ~0, es->s_uuid, sizeof(es->s_uuid)); def_mount_opts = le32_to_cpu(es->s_default_mount_opts); set_opt(sb, INIT_INODE_TABLE); if (def_mount_opts & EXT4_DEFM_DEBUG) set_opt(sb, DEBUG); if (def_mount_opts & EXT4_DEFM_BSDGROUPS) set_opt(sb, GRPID); if (def_mount_opts & EXT4_DEFM_UID16) set_opt(sb, NO_UID32); set_opt(sb, XATTR_USER); #ifdef CONFIG_EXT4_FS_POSIX_ACL set_opt(sb, POSIX_ACL); #endif if (ext4_has_metadata_csum(sb)) set_opt(sb, JOURNAL_CHECKSUM); if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_DATA) set_opt(sb, JOURNAL_DATA); else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_ORDERED) set_opt(sb, ORDERED_DATA); else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_WBACK) set_opt(sb, WRITEBACK_DATA); if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC) set_opt(sb, ERRORS_PANIC); else if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_CONTINUE) set_opt(sb, ERRORS_CONT); else set_opt(sb, ERRORS_RO); set_opt(sb, BLOCK_VALIDITY); if (def_mount_opts & EXT4_DEFM_DISCARD) set_opt(sb, DISCARD); sbi->s_resuid = make_kuid(&init_user_ns, le16_to_cpu(es->s_def_resuid)); sbi->s_resgid = make_kgid(&init_user_ns, le16_to_cpu(es->s_def_resgid)); sbi->s_commit_interval = JBD2_DEFAULT_MAX_COMMIT_AGE * HZ; sbi->s_min_batch_time = EXT4_DEF_MIN_BATCH_TIME; sbi->s_max_batch_time = EXT4_DEF_MAX_BATCH_TIME; if ((def_mount_opts & EXT4_DEFM_NOBARRIER) == 0) set_opt(sb, BARRIER); if (!IS_EXT3_SB(sb) && !IS_EXT2_SB(sb) && ((def_mount_opts & EXT4_DEFM_NODELALLOC) == 0)) set_opt(sb, DELALLOC); sbi->s_li_wait_mult = EXT4_DEF_LI_WAIT_MULT; if (!parse_options((char *) sbi->s_es->s_mount_opts, sb, &journal_devnum, &journal_ioprio, 0)) { ext4_msg(sb, KERN_WARNING, ""failed to parse options in superblock: %s"", sbi->s_es->s_mount_opts); } sbi->s_def_mount_opt = sbi->s_mount_opt; if (!parse_options((char *) data, sb, &journal_devnum, &journal_ioprio, 0)) goto failed_mount; if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) { printk_once(KERN_WARNING ""EXT4-fs: Warning: mounting "" ""with data=journal disables delayed "" ""allocation and O_DIRECT support!\n""); if (test_opt2(sb, EXPLICIT_DELALLOC)) { ext4_msg(sb, KERN_ERR, ""can't mount with "" ""both data=journal and delalloc""); goto failed_mount; } if (test_opt(sb, DIOREAD_NOLOCK)) { ext4_msg(sb, KERN_ERR, ""can't mount with "" ""both data=journal and dioread_nolock""); goto failed_mount; } if (test_opt(sb, DAX)) { ext4_msg(sb, KERN_ERR, ""can't mount with "" ""both data=journal and dax""); goto failed_mount; } if (test_opt(sb, DELALLOC)) clear_opt(sb, DELALLOC); } else { sb->s_iflags |= SB_I_CGROUPWB; } sb->s_flags = (sb->s_flags & ~MS_POSIXACL) | (test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0); if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV && (ext4_has_compat_features(sb) || ext4_has_ro_compat_features(sb) || ext4_has_incompat_features(sb))) ext4_msg(sb, KERN_WARNING, ""feature flags set on rev 0 fs, "" ""running e2fsck is recommended""); if (es->s_creator_os == cpu_to_le32(EXT4_OS_HURD)) { set_opt2(sb, HURD_COMPAT); if (ext4_has_feature_64bit(sb)) { ext4_msg(sb, KERN_ERR, ""The Hurd can't support 64-bit file systems""); goto failed_mount; } } if (IS_EXT2_SB(sb)) { if (ext2_feature_set_ok(sb)) ext4_msg(sb, KERN_INFO, ""mounting ext2 file system "" ""using the ext4 subsystem""); else { ext4_msg(sb, KERN_ERR, ""couldn't mount as ext2 due "" ""to feature incompatibilities""); goto failed_mount; } } if (IS_EXT3_SB(sb)) { if (ext3_feature_set_ok(sb)) ext4_msg(sb, KERN_INFO, ""mounting ext3 file system "" ""using the ext4 subsystem""); else { ext4_msg(sb, KERN_ERR, ""couldn't mount as ext3 due "" ""to feature incompatibilities""); goto failed_mount; } } if (!ext4_feature_set_ok(sb, (sb->s_flags & MS_RDONLY))) goto failed_mount; blocksize = BLOCK_SIZE << le32_to_cpu(es->s_log_block_size); if (blocksize < EXT4_MIN_BLOCK_SIZE || blocksize > EXT4_MAX_BLOCK_SIZE) { ext4_msg(sb, KERN_ERR, ""Unsupported filesystem blocksize %d"", blocksize); goto failed_mount; } if (sbi->s_mount_opt & EXT4_MOUNT_DAX) { if (blocksize != PAGE_SIZE) { ext4_msg(sb, KERN_ERR, ""error: unsupported blocksize for dax""); goto failed_mount; } if (!sb->s_bdev->bd_disk->fops->direct_access) { ext4_msg(sb, KERN_ERR, ""error: device does not support dax""); goto failed_mount; } } if (ext4_has_feature_encrypt(sb) && es->s_encryption_level) { ext4_msg(sb, KERN_ERR, ""Unsupported encryption level %d"", es->s_encryption_level); goto failed_mount; } if (sb->s_blocksize != blocksize) { if (!sb_set_blocksize(sb, blocksize)) { ext4_msg(sb, KERN_ERR, ""bad block size %d"", blocksize); goto failed_mount; } brelse(bh); logical_sb_block = sb_block * EXT4_MIN_BLOCK_SIZE; offset = do_div(logical_sb_block, blocksize); bh = sb_bread_unmovable(sb, logical_sb_block); if (!bh) { ext4_msg(sb, KERN_ERR, ""Can't read superblock on 2nd try""); goto failed_mount; } es = (struct ext4_super_block *)(bh->b_data + offset); sbi->s_es = es; if (es->s_magic != cpu_to_le16(EXT4_SUPER_MAGIC)) { ext4_msg(sb, KERN_ERR, ""Magic mismatch, very weird!""); goto failed_mount; } } has_huge_files = ext4_has_feature_huge_file(sb); sbi->s_bitmap_maxbytes = ext4_max_bitmap_size(sb->s_blocksize_bits, has_huge_files); sb->s_maxbytes = ext4_max_size(sb->s_blocksize_bits, has_huge_files); if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV) { sbi->s_inode_size = EXT4_GOOD_OLD_INODE_SIZE; sbi->s_first_ino = EXT4_GOOD_OLD_FIRST_INO; } else { sbi->s_inode_size = le16_to_cpu(es->s_inode_size); sbi->s_first_ino = le32_to_cpu(es->s_first_ino); if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) || (!is_power_of_2(sbi->s_inode_size)) || (sbi->s_inode_size > blocksize)) { ext4_msg(sb, KERN_ERR, ""unsupported inode size: %d"", sbi->s_inode_size); goto failed_mount; } if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) sb->s_time_gran = 1 << (EXT4_EPOCH_BITS - 2); } sbi->s_desc_size = le16_to_cpu(es->s_desc_size); if (ext4_has_feature_64bit(sb)) { if (sbi->s_desc_size < EXT4_MIN_DESC_SIZE_64BIT || sbi->s_desc_size > EXT4_MAX_DESC_SIZE || !is_power_of_2(sbi->s_desc_size)) { ext4_msg(sb, KERN_ERR, ""unsupported descriptor size %lu"", sbi->s_desc_size); goto failed_mount; } } else sbi->s_desc_size = EXT4_MIN_DESC_SIZE; sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group); sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group); if (EXT4_INODE_SIZE(sb) == 0 || EXT4_INODES_PER_GROUP(sb) == 0) goto cantfind_ext4; sbi->s_inodes_per_block = blocksize / EXT4_INODE_SIZE(sb); if (sbi->s_inodes_per_block == 0) goto cantfind_ext4; sbi->s_itb_per_group = sbi->s_inodes_per_group / sbi->s_inodes_per_block; sbi->s_desc_per_block = blocksize / EXT4_DESC_SIZE(sb); sbi->s_sbh = bh; sbi->s_mount_state = le16_to_cpu(es->s_state); sbi->s_addr_per_block_bits = ilog2(EXT4_ADDR_PER_BLOCK(sb)); sbi->s_desc_per_block_bits = ilog2(EXT4_DESC_PER_BLOCK(sb)); for (i = 0; i < 4; i++) sbi->s_hash_seed[i] = le32_to_cpu(es->s_hash_seed[i]); sbi->s_def_hash_version = es->s_def_hash_version; if (ext4_has_feature_dir_index(sb)) { i = le32_to_cpu(es->s_flags); if (i & EXT2_FLAGS_UNSIGNED_HASH) sbi->s_hash_unsigned = 3; else if ((i & EXT2_FLAGS_SIGNED_HASH) == 0) { #ifdef __CHAR_UNSIGNED__ if (!(sb->s_flags & MS_RDONLY)) es->s_flags |= cpu_to_le32(EXT2_FLAGS_UNSIGNED_HASH); sbi->s_hash_unsigned = 3; #else if (!(sb->s_flags & MS_RDONLY)) es->s_flags |= cpu_to_le32(EXT2_FLAGS_SIGNED_HASH); #endif } } clustersize = BLOCK_SIZE << le32_to_cpu(es->s_log_cluster_size); has_bigalloc = ext4_has_feature_bigalloc(sb); if (has_bigalloc) { if (clustersize < blocksize) { ext4_msg(sb, KERN_ERR, ""cluster size (%d) smaller than "" ""block size (%d)"", clustersize, blocksize); goto failed_mount; } sbi->s_cluster_bits = le32_to_cpu(es->s_log_cluster_size) - le32_to_cpu(es->s_log_block_size); sbi->s_clusters_per_group = le32_to_cpu(es->s_clusters_per_group); if (sbi->s_clusters_per_group > blocksize * 8) { ext4_msg(sb, KERN_ERR, ""#clusters per group too big: %lu"", sbi->s_clusters_per_group); goto failed_mount; } if (sbi->s_blocks_per_group != (sbi->s_clusters_per_group * (clustersize / blocksize))) { ext4_msg(sb, KERN_ERR, ""blocks per group (%lu) and "" ""clusters per group (%lu) inconsistent"", sbi->s_blocks_per_group, sbi->s_clusters_per_group); goto failed_mount; } } else { if (clustersize != blocksize) { ext4_warning(sb, ""fragment/cluster size (%d) != "" ""block size (%d)"", clustersize, blocksize); clustersize = blocksize; } if (sbi->s_blocks_per_group > blocksize * 8) { ext4_msg(sb, KERN_ERR, ""#blocks per group too big: %lu"", sbi->s_blocks_per_group); goto failed_mount; } sbi->s_clusters_per_group = sbi->s_blocks_per_group; sbi->s_cluster_bits = 0; } sbi->s_cluster_ratio = clustersize / blocksize; if (sbi->s_inodes_per_group > blocksize * 8) { ext4_msg(sb, KERN_ERR, ""#inodes per group too big: %lu"", sbi->s_inodes_per_group); goto failed_mount; } if (sbi->s_blocks_per_group == clustersize << 3) set_opt2(sb, STD_GROUP_SIZE); err = generic_check_addressable(sb->s_blocksize_bits, ext4_blocks_count(es)); if (err) { ext4_msg(sb, KERN_ERR, ""filesystem"" "" too large to mount safely on this system""); if (sizeof(sector_t) < 8) ext4_msg(sb, KERN_WARNING, ""CONFIG_LBDAF not enabled""); goto failed_mount; } if (EXT4_BLOCKS_PER_GROUP(sb) == 0) goto cantfind_ext4; blocks_count = sb->s_bdev->bd_inode->i_size >> sb->s_blocksize_bits; if (blocks_count && ext4_blocks_count(es) > blocks_count) { ext4_msg(sb, KERN_WARNING, ""bad geometry: block count %llu "" ""exceeds size of device (%llu blocks)"", ext4_blocks_count(es), blocks_count); goto failed_mount; } if (le32_to_cpu(es->s_first_data_block) >= ext4_blocks_count(es)) { ext4_msg(sb, KERN_WARNING, ""bad geometry: first data "" ""block %u is beyond end of filesystem (%llu)"", le32_to_cpu(es->s_first_data_block), ext4_blocks_count(es)); goto failed_mount; } blocks_count = (ext4_blocks_count(es) - le32_to_cpu(es->s_first_data_block) + EXT4_BLOCKS_PER_GROUP(sb) - 1); do_div(blocks_count, EXT4_BLOCKS_PER_GROUP(sb)); if (blocks_count > ((uint64_t)1<<32) - EXT4_DESC_PER_BLOCK(sb)) { ext4_msg(sb, KERN_WARNING, ""groups count too large: %u "" ""(block count %llu, first data block %u, "" ""blocks per group %lu)"", sbi->s_groups_count, ext4_blocks_count(es), le32_to_cpu(es->s_first_data_block), EXT4_BLOCKS_PER_GROUP(sb)); goto failed_mount; } sbi->s_groups_count = blocks_count; sbi->s_blockfile_groups = min_t(ext4_group_t, sbi->s_groups_count, (EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb))); db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) / EXT4_DESC_PER_BLOCK(sb); sbi->s_group_desc = ext4_kvmalloc(db_count * sizeof(struct buffer_head *), GFP_KERNEL); if (sbi->s_group_desc == NULL) { ext4_msg(sb, KERN_ERR, ""not enough memory""); ret = -ENOMEM; goto failed_mount; } bgl_lock_init(sbi->s_blockgroup_lock); for (i = 0; i < db_count; i++) { block = descriptor_loc(sb, logical_sb_block, i); sbi->s_group_desc[i] = sb_bread_unmovable(sb, block); if (!sbi->s_group_desc[i]) { ext4_msg(sb, KERN_ERR, ""can't read group descriptor %d"", i); db_count = i; goto failed_mount2; } } if (!ext4_check_descriptors(sb, &first_not_zeroed)) { ext4_msg(sb, KERN_ERR, ""group descriptors corrupted!""); ret = -EFSCORRUPTED; goto failed_mount2; } sbi->s_gdb_count = db_count; get_random_bytes(&sbi->s_next_generation, sizeof(u32)); spin_lock_init(&sbi->s_next_gen_lock); setup_timer(&sbi->s_err_report, print_daily_error_info, (unsigned long) sb); if (ext4_es_register_shrinker(sbi)) goto failed_mount3; sbi->s_stripe = ext4_get_stripe_size(sbi); sbi->s_extent_max_zeroout_kb = 32; sb->s_op = &ext4_sops; sb->s_export_op = &ext4_export_ops; sb->s_xattr = ext4_xattr_handlers; #ifdef CONFIG_QUOTA sb->dq_op = &ext4_quota_operations; if (ext4_has_feature_quota(sb)) sb->s_qcop = &dquot_quotactl_sysfile_ops; else sb->s_qcop = &ext4_qctl_operations; sb->s_quota_types = QTYPE_MASK_USR | QTYPE_MASK_GRP | QTYPE_MASK_PRJ; #endif memcpy(sb->s_uuid, es->s_uuid, sizeof(es->s_uuid)); INIT_LIST_HEAD(&sbi->s_orphan); mutex_init(&sbi->s_orphan_lock); sb->s_root = NULL; needs_recovery = (es->s_last_orphan != 0 || ext4_has_feature_journal_needs_recovery(sb)); if (ext4_has_feature_mmp(sb) && !(sb->s_flags & MS_RDONLY)) if (ext4_multi_mount_protect(sb, le64_to_cpu(es->s_mmp_block))) goto failed_mount3a; if (!test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb)) { if (ext4_load_journal(sb, es, journal_devnum)) goto failed_mount3a; } else if (test_opt(sb, NOLOAD) && !(sb->s_flags & MS_RDONLY) && ext4_has_feature_journal_needs_recovery(sb)) { ext4_msg(sb, KERN_ERR, ""required journal recovery "" ""suppressed and not mounted read-only""); goto failed_mount_wq; } else { if (test_opt2(sb, EXPLICIT_JOURNAL_CHECKSUM)) { ext4_msg(sb, KERN_ERR, ""can't mount with "" ""journal_checksum, fs mounted w/o journal""); goto failed_mount_wq; } if (test_opt(sb, JOURNAL_ASYNC_COMMIT)) { ext4_msg(sb, KERN_ERR, ""can't mount with "" ""journal_async_commit, fs mounted w/o journal""); goto failed_mount_wq; } if (sbi->s_commit_interval != JBD2_DEFAULT_MAX_COMMIT_AGE*HZ) { ext4_msg(sb, KERN_ERR, ""can't mount with "" ""commit=%lu, fs mounted w/o journal"", sbi->s_commit_interval / HZ); goto failed_mount_wq; } if (EXT4_MOUNT_DATA_FLAGS & (sbi->s_mount_opt ^ sbi->s_def_mount_opt)) { ext4_msg(sb, KERN_ERR, ""can't mount with "" ""data=, fs mounted w/o journal""); goto failed_mount_wq; } sbi->s_def_mount_opt &= EXT4_MOUNT_JOURNAL_CHECKSUM; clear_opt(sb, JOURNAL_CHECKSUM); clear_opt(sb, DATA_FLAGS); sbi->s_journal = NULL; needs_recovery = 0; goto no_journal; } if (ext4_has_feature_64bit(sb) && !jbd2_journal_set_features(EXT4_SB(sb)->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_64BIT)) { ext4_msg(sb, KERN_ERR, ""Failed to set 64-bit journal feature""); goto failed_mount_wq; } if (!set_journal_csum_feature_set(sb)) { ext4_msg(sb, KERN_ERR, ""Failed to set journal checksum "" ""feature set""); goto failed_mount_wq; } switch (test_opt(sb, DATA_FLAGS)) { case 0: if (jbd2_journal_check_available_features (sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_REVOKE)) set_opt(sb, ORDERED_DATA); else set_opt(sb, JOURNAL_DATA); break; case EXT4_MOUNT_ORDERED_DATA: case EXT4_MOUNT_WRITEBACK_DATA: if (!jbd2_journal_check_available_features (sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_REVOKE)) { ext4_msg(sb, KERN_ERR, ""Journal does not support "" ""requested data journaling mode""); goto failed_mount_wq; } default: break; } set_task_ioprio(sbi->s_journal->j_task, journal_ioprio); sbi->s_journal->j_commit_callback = ext4_journal_commit_callback; no_journal: if (ext4_mballoc_ready) { sbi->s_mb_cache = ext4_xattr_create_cache(sb->s_id); if (!sbi->s_mb_cache) { ext4_msg(sb, KERN_ERR, ""Failed to create an mb_cache""); goto failed_mount_wq; } } if ((DUMMY_ENCRYPTION_ENABLED(sbi) || ext4_has_feature_encrypt(sb)) && (blocksize != PAGE_CACHE_SIZE)) { ext4_msg(sb, KERN_ERR, ""Unsupported blocksize for fs encryption""); goto failed_mount_wq; } if (DUMMY_ENCRYPTION_ENABLED(sbi) && !(sb->s_flags & MS_RDONLY) && !ext4_has_feature_encrypt(sb)) { ext4_set_feature_encrypt(sb); ext4_commit_super(sb, 1); } if (es->s_overhead_clusters) sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters); else { err = ext4_calculate_overhead(sb); if (err) goto failed_mount_wq; } EXT4_SB(sb)->rsv_conversion_wq = alloc_workqueue(""ext4-rsv-conversion"", WQ_MEM_RECLAIM | WQ_UNBOUND, 1); if (!EXT4_SB(sb)->rsv_conversion_wq) { printk(KERN_ERR ""EXT4-fs: failed to create workqueue\n""); ret = -ENOMEM; goto failed_mount4; } root = ext4_iget(sb, EXT4_ROOT_INO); if (IS_ERR(root)) { ext4_msg(sb, KERN_ERR, ""get root inode failed""); ret = PTR_ERR(root); root = NULL; goto failed_mount4; } if (!S_ISDIR(root->i_mode) || !root->i_blocks || !root->i_size) { ext4_msg(sb, KERN_ERR, ""corrupt root inode, run e2fsck""); iput(root); goto failed_mount4; } sb->s_root = d_make_root(root); if (!sb->s_root) { ext4_msg(sb, KERN_ERR, ""get root dentry failed""); ret = -ENOMEM; goto failed_mount4; } if (ext4_setup_super(sb, es, sb->s_flags & MS_RDONLY)) sb->s_flags |= MS_RDONLY; if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; if (ext4_has_feature_extra_isize(sb)) { if (sbi->s_want_extra_isize < le16_to_cpu(es->s_want_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_want_extra_isize); if (sbi->s_want_extra_isize < le16_to_cpu(es->s_min_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_min_extra_isize); } } if (EXT4_GOOD_OLD_INODE_SIZE + sbi->s_want_extra_isize > sbi->s_inode_size) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; ext4_msg(sb, KERN_INFO, ""required extra inode space not"" ""available""); } ext4_set_resv_clusters(sb); err = ext4_setup_system_zone(sb); if (err) { ext4_msg(sb, KERN_ERR, ""failed to initialize system "" ""zone (%d)"", err); goto failed_mount4a; } ext4_ext_init(sb); err = ext4_mb_init(sb); if (err) { ext4_msg(sb, KERN_ERR, ""failed to initialize mballoc (%d)"", err); goto failed_mount5; } block = ext4_count_free_clusters(sb); ext4_free_blocks_count_set(sbi->s_es, EXT4_C2B(sbi, block)); err = percpu_counter_init(&sbi->s_freeclusters_counter, block, GFP_KERNEL); if (!err) { unsigned long freei = ext4_count_free_inodes(sb); sbi->s_es->s_free_inodes_count = cpu_to_le32(freei); err = percpu_counter_init(&sbi->s_freeinodes_counter, freei, GFP_KERNEL); } if (!err) err = percpu_counter_init(&sbi->s_dirs_counter, ext4_count_dirs(sb), GFP_KERNEL); if (!err) err = percpu_counter_init(&sbi->s_dirtyclusters_counter, 0, GFP_KERNEL); if (err) { ext4_msg(sb, KERN_ERR, ""insufficient memory""); goto failed_mount6; } if (ext4_has_feature_flex_bg(sb)) if (!ext4_fill_flex_info(sb)) { ext4_msg(sb, KERN_ERR, ""unable to initialize "" ""flex_bg meta info!""); goto failed_mount6; } err = ext4_register_li_request(sb, first_not_zeroed); if (err) goto failed_mount6; err = ext4_register_sysfs(sb); if (err) goto failed_mount7; #ifdef CONFIG_QUOTA if (ext4_has_feature_quota(sb) && !(sb->s_flags & MS_RDONLY)) { err = ext4_enable_quotas(sb); if (err) goto failed_mount8; } #endif EXT4_SB(sb)->s_mount_state |= EXT4_ORPHAN_FS; ext4_orphan_cleanup(sb, es); EXT4_SB(sb)->s_mount_state &= ~EXT4_ORPHAN_FS; if (needs_recovery) { ext4_msg(sb, KERN_INFO, ""recovery complete""); ext4_mark_recovery_complete(sb, es); } if (EXT4_SB(sb)->s_journal) { if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) descr = "" journalled data mode""; else if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_ORDERED_DATA) descr = "" ordered data mode""; else descr = "" writeback data mode""; } else descr = ""out journal""; if (test_opt(sb, DISCARD)) { struct request_queue *q = bdev_get_queue(sb->s_bdev); if (!blk_queue_discard(q)) ext4_msg(sb, KERN_WARNING, ""mounting with \""discard\"" option, but "" ""the device does not support discard""); } if (___ratelimit(&ext4_mount_msg_ratelimit, ""EXT4-fs mount"")) ext4_msg(sb, KERN_INFO, ""mounted filesystem with%s. "" ""Opts: %s%s%s"", descr, sbi->s_es->s_mount_opts, *sbi->s_es->s_mount_opts ? ""; "" : """", orig_data); if (es->s_error_count) mod_timer(&sbi->s_err_report, jiffies + 300*HZ); ratelimit_state_init(&sbi->s_err_ratelimit_state, 5 * HZ, 10); ratelimit_state_init(&sbi->s_warning_ratelimit_state, 5 * HZ, 10); ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); kfree(orig_data); return 0; cantfind_ext4: if (!silent) ext4_msg(sb, KERN_ERR, ""VFS: Can't find ext4 filesystem""); goto failed_mount; #ifdef CONFIG_QUOTA failed_mount8: ext4_unregister_sysfs(sb); #endif failed_mount7: ext4_unregister_li_request(sb); failed_mount6: ext4_mb_release(sb); if (sbi->s_flex_groups) kvfree(sbi->s_flex_groups); percpu_counter_destroy(&sbi->s_freeclusters_counter); percpu_counter_destroy(&sbi->s_freeinodes_counter); percpu_counter_destroy(&sbi->s_dirs_counter); percpu_counter_destroy(&sbi->s_dirtyclusters_counter); failed_mount5: ext4_ext_release(sb); ext4_release_system_zone(sb); failed_mount4a: dput(sb->s_root); sb->s_root = NULL; failed_mount4: ext4_msg(sb, KERN_ERR, ""mount failed""); if (EXT4_SB(sb)->rsv_conversion_wq) destroy_workqueue(EXT4_SB(sb)->rsv_conversion_wq); failed_mount_wq: if (sbi->s_journal) { jbd2_journal_destroy(sbi->s_journal); sbi->s_journal = NULL; } failed_mount3a: ext4_es_unregister_shrinker(sbi); failed_mount3: del_timer_sync(&sbi->s_err_report); if (sbi->s_mmp_tsk) kthread_stop(sbi->s_mmp_tsk); failed_mount2: for (i = 0; i < db_count; i++) brelse(sbi->s_group_desc[i]); kvfree(sbi->s_group_desc); failed_mount: if (sbi->s_chksum_driver) crypto_free_shash(sbi->s_chksum_driver); #ifdef CONFIG_QUOTA for (i = 0; i < EXT4_MAXQUOTAS; i++) kfree(sbi->s_qf_names[i]); #endif ext4_blkdev_remove(sbi); brelse(bh); out_fail: sb->s_fs_info = NULL; kfree(sbi->s_blockgroup_lock); kfree(sbi); out_free_orig: kfree(orig_data); return err ? err : ret; }",visit repo url,fs/ext4/super.c,https://github.com/torvalds/linux,199740925263312,1 1313,['CWE-119'],"static unsigned char asn1_id_decode(struct asn1_ctx *ctx, unsigned int *cls, unsigned int *con, unsigned int *tag) { unsigned char ch; if (!asn1_octet_decode(ctx, &ch)) return 0; *cls = (ch & 0xC0) >> 6; *con = (ch & 0x20) >> 5; *tag = (ch & 0x1F); if (*tag == 0x1F) { if (!asn1_tag_decode(ctx, tag)) return 0; } return 1; }",linux-2.6,,,150653200646725429656574229905871257853,0 4338,CWE-358,"DefragInOrderSimpleTest(void) { Packet *p1 = NULL, *p2 = NULL, *p3 = NULL; Packet *reassembled = NULL; int id = 12; int i; int ret = 0; DefragInit(); p1 = BuildTestPacket(id, 0, 1, 'A', 8); if (p1 == NULL) goto end; p2 = BuildTestPacket(id, 1, 1, 'B', 8); if (p2 == NULL) goto end; p3 = BuildTestPacket(id, 2, 0, 'C', 3); if (p3 == NULL) goto end; if (Defrag(NULL, NULL, p1, NULL) != NULL) goto end; if (Defrag(NULL, NULL, p2, NULL) != NULL) goto end; reassembled = Defrag(NULL, NULL, p3, NULL); if (reassembled == NULL) { goto end; } if (IPV4_GET_HLEN(reassembled) != 20) { goto end; } if (IPV4_GET_IPLEN(reassembled) != 39) { goto end; } for (i = 20; i < 20 + 8; i++) { if (GET_PKT_DATA(reassembled)[i] != 'A') { goto end; } } for (i = 28; i < 28 + 8; i++) { if (GET_PKT_DATA(reassembled)[i] != 'B') { goto end; } } for (i = 36; i < 36 + 3; i++) { if (GET_PKT_DATA(reassembled)[i] != 'C') goto end; } ret = 1; end: if (p1 != NULL) SCFree(p1); if (p2 != NULL) SCFree(p2); if (p3 != NULL) SCFree(p3); if (reassembled != NULL) SCFree(reassembled); DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,182055900019311,1 6704,CWE-125,"sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { char sav, *epass; char *pw_epasswd = auth->data; size_t pw_len; int matched = 0; debug_decl(sudo_passwd_verify, SUDOERS_DEBUG_AUTH); if (pass[0] == '\0') debug_return_int(pw_epasswd[0] ? AUTH_FAILURE : AUTH_SUCCESS); sav = pass[8]; pw_len = strlen(pw_epasswd); if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) pass[8] = '\0'; epass = (char *) crypt(pass, pw_epasswd); pass[8] = sav; if (epass != NULL) { if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) matched = !strncmp(pw_epasswd, epass, DESLEN); else matched = !strcmp(pw_epasswd, epass); } debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE); }",visit repo url,plugins/sudoers/auth/passwd.c,https://github.com/sudo-project/sudo,101280797531577,1 5284,CWE-601,"static apr_byte_t oidc_validate_redirect_url(request_rec *r, oidc_cfg *c, const char *redirect_to_url, apr_byte_t restrict_to_host, char **err_str, char **err_desc) { apr_uri_t uri; const char *c_host = NULL; apr_hash_index_t *hi = NULL; size_t i = 0; char *url = apr_pstrndup(r->pool, redirect_to_url, OIDC_MAX_URL_LENGTH); for (i = 0; i < strlen(url); i++) if (url[i] == '\\') url[i] = '/'; if (apr_uri_parse(r->pool, url, &uri) != APR_SUCCESS) { *err_str = apr_pstrdup(r->pool, ""Malformed URL""); *err_desc = apr_psprintf(r->pool, ""not a valid URL value: %s"", url); oidc_error(r, ""%s: %s"", *err_str, *err_desc); return FALSE; } if (c->redirect_urls_allowed != NULL) { for (hi = apr_hash_first(NULL, c->redirect_urls_allowed); hi; hi = apr_hash_next(hi)) { apr_hash_this(hi, (const void**) &c_host, NULL, NULL); if (oidc_util_regexp_first_match(r->pool, url, c_host, NULL, err_str) == TRUE) break; } if (hi == NULL) { *err_str = apr_pstrdup(r->pool, ""URL not allowed""); *err_desc = apr_psprintf(r->pool, ""value does not match the list of allowed redirect URLs: %s"", url); oidc_error(r, ""%s: %s"", *err_str, *err_desc); return FALSE; } } else if ((uri.hostname != NULL) && (restrict_to_host == TRUE)) { c_host = oidc_get_current_url_host(r); if ((strstr(c_host, uri.hostname) == NULL) || (strstr(uri.hostname, c_host) == NULL)) { *err_str = apr_pstrdup(r->pool, ""Invalid Request""); *err_desc = apr_psprintf(r->pool, ""URL value \""%s\"" does not match the hostname of the current request \""%s\"""", apr_uri_unparse(r->pool, &uri, 0), c_host); oidc_error(r, ""%s: %s"", *err_str, *err_desc); return FALSE; } } if ((uri.hostname == NULL) && (strstr(url, ""/"") != url)) { *err_str = apr_pstrdup(r->pool, ""Malformed URL""); *err_desc = apr_psprintf(r->pool, ""No hostname was parsed and it does not seem to be relative, i.e starting with '/': %s"", url); oidc_error(r, ""%s: %s"", *err_str, *err_desc); return FALSE; } else if ((uri.hostname == NULL) && (strstr(url, ""//"") == url)) { *err_str = apr_pstrdup(r->pool, ""Malformed URL""); *err_desc = apr_psprintf(r->pool, ""No hostname was parsed and starting with '//': %s"", url); oidc_error(r, ""%s: %s"", *err_str, *err_desc); return FALSE; } else if ((uri.hostname == NULL) && (strstr(url, ""/\\"") == url)) { *err_str = apr_pstrdup(r->pool, ""Malformed URL""); *err_desc = apr_psprintf(r->pool, ""No hostname was parsed and starting with '/\\': %s"", url); oidc_error(r, ""%s: %s"", *err_str, *err_desc); return FALSE; } if (((strstr(url, ""\n"") != NULL) || strstr(url, ""\r"") != NULL)) { *err_str = apr_pstrdup(r->pool, ""Invalid URL""); *err_desc = apr_psprintf(r->pool, ""URL value \""%s\"" contains illegal \""\n\"" or \""\r\"" character(s)"", url); oidc_error(r, ""%s: %s"", *err_str, *err_desc); return FALSE; } return TRUE; }",visit repo url,src/mod_auth_openidc.c,https://github.com/zmartzone/mod_auth_openidc,262313044589451,1 3717,CWE-428,"sshsk_open(const char *path) { struct sshsk_provider *ret = NULL; uint32_t version; if (path == NULL || *path == '\0') { error(""No FIDO SecurityKeyProvider specified""); return NULL; } if ((ret = calloc(1, sizeof(*ret))) == NULL) { error_f(""calloc failed""); return NULL; } if ((ret->path = strdup(path)) == NULL) { error_f(""strdup failed""); goto fail; } if (strcasecmp(ret->path, ""internal"") == 0) { ret->sk_enroll = ssh_sk_enroll; ret->sk_sign = ssh_sk_sign; ret->sk_load_resident_keys = ssh_sk_load_resident_keys; return ret; } if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) { error(""Provider \""%s\"" dlopen failed: %s"", path, dlerror()); goto fail; } if ((ret->sk_api_version = dlsym(ret->dlhandle, ""sk_api_version"")) == NULL) { error(""Provider \""%s\"" dlsym(sk_api_version) failed: %s"", path, dlerror()); goto fail; } version = ret->sk_api_version(); debug_f(""provider %s implements version 0x%08lx"", ret->path, (u_long)version); if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) { error(""Provider \""%s\"" implements unsupported "" ""version 0x%08lx (supported: 0x%08lx)"", path, (u_long)version, (u_long)SSH_SK_VERSION_MAJOR); goto fail; } if ((ret->sk_enroll = dlsym(ret->dlhandle, ""sk_enroll"")) == NULL) { error(""Provider %s dlsym(sk_enroll) failed: %s"", path, dlerror()); goto fail; } if ((ret->sk_sign = dlsym(ret->dlhandle, ""sk_sign"")) == NULL) { error(""Provider \""%s\"" dlsym(sk_sign) failed: %s"", path, dlerror()); goto fail; } if ((ret->sk_load_resident_keys = dlsym(ret->dlhandle, ""sk_load_resident_keys"")) == NULL) { error(""Provider \""%s\"" dlsym(sk_load_resident_keys) "" ""failed: %s"", path, dlerror()); goto fail; } return ret; fail: sshsk_free(ret); return NULL; }",visit repo url,usr.bin/ssh/ssh-sk.c,https://github.com/openbsd/src,16980888616290,1 4375,CWE-682,"IW_IMPL(unsigned int) iw_get_ui32le(const iw_byte *b) { return b[0] | (b[1]<<8) | (b[2]<<16) | (b[3]<<24); }",visit repo url,src/imagew-util.c,https://github.com/jsummers/imageworsener,55891578340366,1 6701,['CWE-200'],"nm_connection_list_set_type (NMConnectionList *self, GType ctype) { GtkNotebook *notebook; int i; g_return_if_fail (NM_IS_CONNECTION_LIST (self)); notebook = GTK_NOTEBOOK (glade_xml_get_widget (self->gui, ""list_notebook"")); for (i = 0; i < gtk_notebook_get_n_pages (notebook); i++) { GtkWidget *child; GType child_type; child = gtk_notebook_get_nth_page (notebook, i); child_type = GPOINTER_TO_UINT (g_object_get_data (G_OBJECT (child), TV_TYPE_TAG)); if (child_type == ctype) { gtk_notebook_set_current_page (notebook, i); break; } } nm_connection_list_present (self); }",network-manager-applet,,,140536585346277131372745359437493809122,0 2818,CWE-125,"static BOOL nsc_rle_decode(BYTE* in, BYTE* out, UINT32 outSize, UINT32 originalSize) { UINT32 left = originalSize; while (left > 4) { const BYTE value = *in++; UINT32 len = 0; if (left == 5) { if (outSize < 1) return FALSE; outSize--; *out++ = value; left--; } else if (value == *in) { in++; if (*in < 0xFF) { len = (UINT32)*in++; len += 2; } else { in++; len = ((UINT32)(*in++)); len |= ((UINT32)(*in++)) << 8U; len |= ((UINT32)(*in++)) << 16U; len |= ((UINT32)(*in++)) << 24U; } if (outSize < len) return FALSE; outSize -= len; FillMemory(out, len, value); out += len; left -= len; } else { if (outSize < 1) return FALSE; outSize--; *out++ = value; left--; } } if ((outSize < 4) || (left < 4)) return FALSE; memcpy(out, in, 4); return TRUE; }",visit repo url,libfreerdp/codec/nsc.c,https://github.com/FreeRDP/FreeRDP,244018269330219,1 1727,[],"static enum hrtimer_restart sched_rt_period_timer(struct hrtimer *timer) { struct rt_bandwidth *rt_b = container_of(timer, struct rt_bandwidth, rt_period_timer); ktime_t now; int overrun; int idle = 0; for (;;) { now = hrtimer_cb_get_time(timer); overrun = hrtimer_forward(timer, now, rt_b->rt_period); if (!overrun) break; idle = do_sched_rt_period_timer(rt_b, overrun); } return idle ? HRTIMER_NORESTART : HRTIMER_RESTART; }",linux-2.6,,,335754363116334238283629699069357029664,0 5109,['CWE-20'],"static int handle_nmi_window(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { u32 cpu_based_vm_exec_control; cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL); cpu_based_vm_exec_control &= ~CPU_BASED_VIRTUAL_NMI_PENDING; vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control); ++vcpu->stat.nmi_window_exits; return 1; }",linux-2.6,,,178172019041307539804660330647373953010,0 2953,['CWE-189'],"int jpc_mqenc_dump(jpc_mqenc_t *mqenc, FILE *out) { fprintf(out, ""AREG = %08x, CREG = %08x, CTREG = %d\n"", mqenc->areg, mqenc->creg, mqenc->ctreg); fprintf(out, ""IND = %02d, MPS = %d, QEVAL = %04x\n"", *mqenc->curctx - jpc_mqstates, (*mqenc->curctx)->mps, (*mqenc->curctx)->qeval); return 0; }",jasper,,,279512385696181108642479035002616988183,0 251,[],"fat_short2uni(struct nls_table *t, unsigned char *c, int clen, wchar_t *uni) { int charlen; charlen = t->char2uni(c, clen, uni); if (charlen < 0) { *uni = 0x003f; charlen = 1; } return charlen; }",linux-2.6,,,56834027340580822241628439953815140084,0 3766,[],"static struct sock *next_unix_socket(int *i, struct sock *s) { struct sock *next = sk_next(s); if (next) return next; for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) { if (!hlist_empty(&unix_socket_table[*i])) return __sk_head(&unix_socket_table[*i]); } return NULL; }",linux-2.6,,,96033696132806105788965053296038183026,0 4739,CWE-347,"static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, bigint *modulus, bigint *pub_exp) { int i, size; bigint *decrypted_bi, *dat_bi; bigint *bir = NULL; uint8_t *block = (uint8_t *)malloc(sig_len); dat_bi = bi_import(ctx, sig, sig_len); ctx->mod_offset = BIGINT_M_OFFSET; decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp); bi_export(ctx, decrypted_bi, block, sig_len); ctx->mod_offset = BIGINT_M_OFFSET; i = 10; while (block[i++] && i < sig_len); size = sig_len - i; if (size > 0) { int len; const uint8_t *sig_ptr = get_signature(&block[i], &len); if (sig_ptr) { bir = bi_import(ctx, sig_ptr, len); } } free(block); bi_clear_cache(ctx); return bir; }",visit repo url,ssl/x509.c,https://github.com/igrr/axtls-8266,125222013541284,1 655,CWE-200,"static int pn_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct sk_buff *skb = NULL; struct sockaddr_pn sa; int rval = -EOPNOTSUPP; int copylen; if (flags & ~(MSG_PEEK|MSG_TRUNC|MSG_DONTWAIT|MSG_NOSIGNAL| MSG_CMSG_COMPAT)) goto out_nofree; if (addr_len) *addr_len = sizeof(sa); skb = skb_recv_datagram(sk, flags, noblock, &rval); if (skb == NULL) goto out_nofree; pn_skb_get_src_sockaddr(skb, &sa); copylen = skb->len; if (len < copylen) { msg->msg_flags |= MSG_TRUNC; copylen = len; } rval = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copylen); if (rval) { rval = -EFAULT; goto out; } rval = (flags & MSG_TRUNC) ? skb->len : copylen; if (msg->msg_name != NULL) memcpy(msg->msg_name, &sa, sizeof(struct sockaddr_pn)); out: skb_free_datagram(sk, skb); out_nofree: return rval; }",visit repo url,net/phonet/datagram.c,https://github.com/torvalds/linux,163310526685294,1 1830,CWE-367,"int nfc_disable_se(struct nfc_dev *dev, u32 se_idx) { struct nfc_se *se; int rc; pr_debug(""%s se index %d\n"", dev_name(&dev->dev), se_idx); device_lock(&dev->dev); if (!device_is_registered(&dev->dev)) { rc = -ENODEV; goto error; } if (!dev->dev_up) { rc = -ENODEV; goto error; } if (!dev->ops->enable_se || !dev->ops->disable_se) { rc = -EOPNOTSUPP; goto error; } se = nfc_find_se(dev, se_idx); if (!se) { rc = -EINVAL; goto error; } if (se->state == NFC_SE_DISABLED) { rc = -EALREADY; goto error; } rc = dev->ops->disable_se(dev, se_idx); if (rc >= 0) se->state = NFC_SE_DISABLED; error: device_unlock(&dev->dev); return rc; }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,58076293069672,1 5880,['CWE-200'],"static struct sock *nr_make_new(struct sock *osk) { struct sock *sk; struct nr_sock *nr, *onr; if (osk->sk_type != SOCK_SEQPACKET) return NULL; sk = sk_alloc(sock_net(osk), PF_NETROM, GFP_ATOMIC, osk->sk_prot); if (sk == NULL) return NULL; nr = nr_sk(sk); sock_init_data(NULL, sk); sk->sk_type = osk->sk_type; sk->sk_priority = osk->sk_priority; sk->sk_protocol = osk->sk_protocol; sk->sk_rcvbuf = osk->sk_rcvbuf; sk->sk_sndbuf = osk->sk_sndbuf; sk->sk_state = TCP_ESTABLISHED; sock_copy_flags(sk, osk); skb_queue_head_init(&nr->ack_queue); skb_queue_head_init(&nr->reseq_queue); skb_queue_head_init(&nr->frag_queue); nr_init_timers(sk); onr = nr_sk(osk); nr->t1 = onr->t1; nr->t2 = onr->t2; nr->n2 = onr->n2; nr->t4 = onr->t4; nr->idle = onr->idle; nr->window = onr->window; nr->device = onr->device; nr->bpqext = onr->bpqext; return sk; }",linux-2.6,,,67555618069822512503119935266171044627,0 4032,['CWE-362'],"static int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp, struct nameidata *ndw) { struct audit_watch *watch = krule->watch; struct inotify_watch *i_watch; struct audit_parent *parent; int ret = 0; if (ndw) { watch->dev = ndw->path.dentry->d_inode->i_sb->s_dev; watch->ino = ndw->path.dentry->d_inode->i_ino; } mutex_unlock(&audit_filter_mutex); if (inotify_find_watch(audit_ih, ndp->path.dentry->d_inode, &i_watch) < 0) { parent = audit_init_parent(ndp); if (IS_ERR(parent)) { mutex_lock(&audit_filter_mutex); return PTR_ERR(parent); } } else parent = container_of(i_watch, struct audit_parent, wdata); mutex_lock(&audit_filter_mutex); if (parent->flags & AUDIT_PARENT_INVALID) ret = -ENOENT; else audit_add_to_parent(krule, parent); put_inotify_watch(&parent->wdata); return ret; }",linux-2.6,,,93156156910540245223022250848952592354,0 1006,CWE-399,"static void __udf_read_inode(struct inode *inode) { struct buffer_head *bh = NULL; struct fileEntry *fe; struct extendedFileEntry *efe; uint16_t ident; struct udf_inode_info *iinfo = UDF_I(inode); struct udf_sb_info *sbi = UDF_SB(inode->i_sb); unsigned int link_count; bh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 0, &ident); if (!bh) { udf_err(inode->i_sb, ""(ino %ld) failed !bh\n"", inode->i_ino); make_bad_inode(inode); return; } if (ident != TAG_IDENT_FE && ident != TAG_IDENT_EFE && ident != TAG_IDENT_USE) { udf_err(inode->i_sb, ""(ino %ld) failed ident=%d\n"", inode->i_ino, ident); brelse(bh); make_bad_inode(inode); return; } fe = (struct fileEntry *)bh->b_data; efe = (struct extendedFileEntry *)bh->b_data; if (fe->icbTag.strategyType == cpu_to_le16(4096)) { struct buffer_head *ibh; ibh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 1, &ident); if (ident == TAG_IDENT_IE && ibh) { struct buffer_head *nbh = NULL; struct kernel_lb_addr loc; struct indirectEntry *ie; ie = (struct indirectEntry *)ibh->b_data; loc = lelb_to_cpu(ie->indirectICB.extLocation); if (ie->indirectICB.extLength && (nbh = udf_read_ptagged(inode->i_sb, &loc, 0, &ident))) { if (ident == TAG_IDENT_FE || ident == TAG_IDENT_EFE) { memcpy(&iinfo->i_location, &loc, sizeof(struct kernel_lb_addr)); brelse(bh); brelse(ibh); brelse(nbh); __udf_read_inode(inode); return; } brelse(nbh); } } brelse(ibh); } else if (fe->icbTag.strategyType != cpu_to_le16(4)) { udf_err(inode->i_sb, ""unsupported strategy type: %d\n"", le16_to_cpu(fe->icbTag.strategyType)); brelse(bh); make_bad_inode(inode); return; } if (fe->icbTag.strategyType == cpu_to_le16(4)) iinfo->i_strat4096 = 0; else iinfo->i_strat4096 = 1; iinfo->i_alloc_type = le16_to_cpu(fe->icbTag.flags) & ICBTAG_FLAG_AD_MASK; iinfo->i_unique = 0; iinfo->i_lenEAttr = 0; iinfo->i_lenExtents = 0; iinfo->i_lenAlloc = 0; iinfo->i_next_alloc_block = 0; iinfo->i_next_alloc_goal = 0; if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_EFE)) { iinfo->i_efe = 1; iinfo->i_use = 0; if (udf_alloc_i_data(inode, inode->i_sb->s_blocksize - sizeof(struct extendedFileEntry))) { make_bad_inode(inode); return; } memcpy(iinfo->i_ext.i_data, bh->b_data + sizeof(struct extendedFileEntry), inode->i_sb->s_blocksize - sizeof(struct extendedFileEntry)); } else if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_FE)) { iinfo->i_efe = 0; iinfo->i_use = 0; if (udf_alloc_i_data(inode, inode->i_sb->s_blocksize - sizeof(struct fileEntry))) { make_bad_inode(inode); return; } memcpy(iinfo->i_ext.i_data, bh->b_data + sizeof(struct fileEntry), inode->i_sb->s_blocksize - sizeof(struct fileEntry)); } else if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_USE)) { iinfo->i_efe = 0; iinfo->i_use = 1; iinfo->i_lenAlloc = le32_to_cpu( ((struct unallocSpaceEntry *)bh->b_data)-> lengthAllocDescs); if (udf_alloc_i_data(inode, inode->i_sb->s_blocksize - sizeof(struct unallocSpaceEntry))) { make_bad_inode(inode); return; } memcpy(iinfo->i_ext.i_data, bh->b_data + sizeof(struct unallocSpaceEntry), inode->i_sb->s_blocksize - sizeof(struct unallocSpaceEntry)); return; } read_lock(&sbi->s_cred_lock); i_uid_write(inode, le32_to_cpu(fe->uid)); if (!uid_valid(inode->i_uid) || UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_UID_IGNORE) || UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_UID_SET)) inode->i_uid = UDF_SB(inode->i_sb)->s_uid; i_gid_write(inode, le32_to_cpu(fe->gid)); if (!gid_valid(inode->i_gid) || UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_GID_IGNORE) || UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_GID_SET)) inode->i_gid = UDF_SB(inode->i_sb)->s_gid; if (fe->icbTag.fileType != ICBTAG_FILE_TYPE_DIRECTORY && sbi->s_fmode != UDF_INVALID_MODE) inode->i_mode = sbi->s_fmode; else if (fe->icbTag.fileType == ICBTAG_FILE_TYPE_DIRECTORY && sbi->s_dmode != UDF_INVALID_MODE) inode->i_mode = sbi->s_dmode; else inode->i_mode = udf_convert_permissions(fe); inode->i_mode &= ~sbi->s_umask; read_unlock(&sbi->s_cred_lock); link_count = le16_to_cpu(fe->fileLinkCount); if (!link_count) link_count = 1; set_nlink(inode, link_count); inode->i_size = le64_to_cpu(fe->informationLength); iinfo->i_lenExtents = inode->i_size; if (iinfo->i_efe == 0) { inode->i_blocks = le64_to_cpu(fe->logicalBlocksRecorded) << (inode->i_sb->s_blocksize_bits - 9); if (!udf_disk_stamp_to_time(&inode->i_atime, fe->accessTime)) inode->i_atime = sbi->s_record_time; if (!udf_disk_stamp_to_time(&inode->i_mtime, fe->modificationTime)) inode->i_mtime = sbi->s_record_time; if (!udf_disk_stamp_to_time(&inode->i_ctime, fe->attrTime)) inode->i_ctime = sbi->s_record_time; iinfo->i_unique = le64_to_cpu(fe->uniqueID); iinfo->i_lenEAttr = le32_to_cpu(fe->lengthExtendedAttr); iinfo->i_lenAlloc = le32_to_cpu(fe->lengthAllocDescs); iinfo->i_checkpoint = le32_to_cpu(fe->checkpoint); } else { inode->i_blocks = le64_to_cpu(efe->logicalBlocksRecorded) << (inode->i_sb->s_blocksize_bits - 9); if (!udf_disk_stamp_to_time(&inode->i_atime, efe->accessTime)) inode->i_atime = sbi->s_record_time; if (!udf_disk_stamp_to_time(&inode->i_mtime, efe->modificationTime)) inode->i_mtime = sbi->s_record_time; if (!udf_disk_stamp_to_time(&iinfo->i_crtime, efe->createTime)) iinfo->i_crtime = sbi->s_record_time; if (!udf_disk_stamp_to_time(&inode->i_ctime, efe->attrTime)) inode->i_ctime = sbi->s_record_time; iinfo->i_unique = le64_to_cpu(efe->uniqueID); iinfo->i_lenEAttr = le32_to_cpu(efe->lengthExtendedAttr); iinfo->i_lenAlloc = le32_to_cpu(efe->lengthAllocDescs); iinfo->i_checkpoint = le32_to_cpu(efe->checkpoint); } switch (fe->icbTag.fileType) { case ICBTAG_FILE_TYPE_DIRECTORY: inode->i_op = &udf_dir_inode_operations; inode->i_fop = &udf_dir_operations; inode->i_mode |= S_IFDIR; inc_nlink(inode); break; case ICBTAG_FILE_TYPE_REALTIME: case ICBTAG_FILE_TYPE_REGULAR: case ICBTAG_FILE_TYPE_UNDEF: case ICBTAG_FILE_TYPE_VAT20: if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) inode->i_data.a_ops = &udf_adinicb_aops; else inode->i_data.a_ops = &udf_aops; inode->i_op = &udf_file_inode_operations; inode->i_fop = &udf_file_operations; inode->i_mode |= S_IFREG; break; case ICBTAG_FILE_TYPE_BLOCK: inode->i_mode |= S_IFBLK; break; case ICBTAG_FILE_TYPE_CHAR: inode->i_mode |= S_IFCHR; break; case ICBTAG_FILE_TYPE_FIFO: init_special_inode(inode, inode->i_mode | S_IFIFO, 0); break; case ICBTAG_FILE_TYPE_SOCKET: init_special_inode(inode, inode->i_mode | S_IFSOCK, 0); break; case ICBTAG_FILE_TYPE_SYMLINK: inode->i_data.a_ops = &udf_symlink_aops; inode->i_op = &udf_symlink_inode_operations; inode->i_mode = S_IFLNK | S_IRWXUGO; break; case ICBTAG_FILE_TYPE_MAIN: udf_debug(""METADATA FILE-----\n""); break; case ICBTAG_FILE_TYPE_MIRROR: udf_debug(""METADATA MIRROR FILE-----\n""); break; case ICBTAG_FILE_TYPE_BITMAP: udf_debug(""METADATA BITMAP FILE-----\n""); break; default: udf_err(inode->i_sb, ""(ino %ld) failed unknown file type=%d\n"", inode->i_ino, fe->icbTag.fileType); make_bad_inode(inode); return; } if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode)) { struct deviceSpec *dsea = (struct deviceSpec *)udf_get_extendedattr(inode, 12, 1); if (dsea) { init_special_inode(inode, inode->i_mode, MKDEV(le32_to_cpu(dsea->majorDeviceIdent), le32_to_cpu(dsea->minorDeviceIdent))); } else make_bad_inode(inode); } brelse(bh); }",visit repo url,fs/udf/inode.c,https://github.com/torvalds/linux,208510195251590,1 1620,[],"static void pull_task(struct rq *src_rq, struct task_struct *p, struct rq *this_rq, int this_cpu) { deactivate_task(src_rq, p, 0); set_task_cpu(p, this_cpu); activate_task(this_rq, p, 0); check_preempt_curr(this_rq, p); }",linux-2.6,,,292066787253961330175265226785776549091,0 4992,['CWE-346'],"struct udev_monitor *udev_monitor_new_from_netlink(struct udev *udev, const char *name) { struct udev_monitor *udev_monitor; unsigned int group; if (udev == NULL) return NULL; if (name == NULL) return NULL; if (strcmp(name, ""kernel"") == 0) group = UDEV_MONITOR_KERNEL; else if (strcmp(name, ""udev"") == 0) group = UDEV_MONITOR_UDEV; else return NULL; udev_monitor = calloc(1, sizeof(struct udev_monitor)); if (udev_monitor == NULL) return NULL; udev_monitor->refcount = 1; udev_monitor->udev = udev; udev_monitor->sock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT); if (udev_monitor->sock == -1) { err(udev, ""error getting socket: %m\n""); free(udev_monitor); return NULL; } util_set_fd_cloexec(udev_monitor->sock); udev_monitor->snl.nl_family = AF_NETLINK; udev_monitor->snl.nl_groups = group; udev_monitor->snl_peer.nl_family = AF_NETLINK; udev_monitor->snl_peer.nl_groups = UDEV_MONITOR_UDEV; dbg(udev, ""monitor %p created with NETLINK_KOBJECT_UEVENT (%u)\n"", udev_monitor, group); return udev_monitor; }",udev,,,65214894931604984841578203076022734852,0 6433,[],"lt_dlinit (void) { int errors = 0; if (++initialized == 1) { lt__alloc_die = lt__alloc_die_callback; handles = 0; user_search_path = 0; errors += loader_init (get_vtable, 0); #ifdef HAVE_LIBDLLOADER if (!errors) { errors += lt_dlpreload (&preloaded_symbols); } if (!errors) { errors += lt_dlpreload_open (LT_STR(LTDLOPEN), loader_init_callback); } #endif } #ifdef LT_DEBUG_LOADERS lt_dlloader_dump(); #endif return errors; }",libtool,,,335980512213849339313442511132600124308,0 5141,CWE-125,"ast_for_expr_stmt(struct compiling *c, const node *n) { REQ(n, expr_stmt); if (NCH(n) == 1) { expr_ty e = ast_for_testlist(c, CHILD(n, 0)); if (!e) return NULL; return Expr(e, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else if (TYPE(CHILD(n, 1)) == augassign) { expr_ty expr1, expr2; operator_ty newoperator; node *ch = CHILD(n, 0); expr1 = ast_for_testlist(c, ch); if (!expr1) return NULL; if(!set_context(c, expr1, Store, ch)) return NULL; switch (expr1->kind) { case Name_kind: case Attribute_kind: case Subscript_kind: break; default: ast_error(c, ch, ""illegal expression for augmented assignment""); return NULL; } ch = CHILD(n, 2); if (TYPE(ch) == testlist) expr2 = ast_for_testlist(c, ch); else expr2 = ast_for_expr(c, ch); if (!expr2) return NULL; newoperator = ast_for_augassign(c, CHILD(n, 1)); if (!newoperator) return NULL; return AugAssign(expr1, newoperator, expr2, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else if (TYPE(CHILD(n, 1)) == annassign) { expr_ty expr1, expr2, expr3; node *ch = CHILD(n, 0); node *deep, *ann = CHILD(n, 1); int simple = 1; deep = ch; while (NCH(deep) == 1) { deep = CHILD(deep, 0); } if (NCH(deep) > 0 && TYPE(CHILD(deep, 0)) == LPAR) { simple = 0; } expr1 = ast_for_testlist(c, ch); if (!expr1) { return NULL; } switch (expr1->kind) { case Name_kind: if (forbidden_name(c, expr1->v.Name.id, n, 0)) { return NULL; } expr1->v.Name.ctx = Store; break; case Attribute_kind: if (forbidden_name(c, expr1->v.Attribute.attr, n, 1)) { return NULL; } expr1->v.Attribute.ctx = Store; break; case Subscript_kind: expr1->v.Subscript.ctx = Store; break; case List_kind: ast_error(c, ch, ""only single target (not list) can be annotated""); return NULL; case Tuple_kind: ast_error(c, ch, ""only single target (not tuple) can be annotated""); return NULL; default: ast_error(c, ch, ""illegal target for annotation""); return NULL; } if (expr1->kind != Name_kind) { simple = 0; } ch = CHILD(ann, 1); expr2 = ast_for_expr(c, ch); if (!expr2) { return NULL; } if (NCH(ann) == 2) { return AnnAssign(expr1, expr2, NULL, simple, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else { ch = CHILD(ann, 3); if (TYPE(ch) == testlist) { expr3 = ast_for_testlist(c, ch); } else { expr3 = ast_for_expr(c, ch); } if (!expr3) { return NULL; } return AnnAssign(expr1, expr2, expr3, simple, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } } else { int i; asdl_seq *targets; node *value; expr_ty expression; REQ(CHILD(n, 1), EQUAL); targets = _Py_asdl_seq_new(NCH(n) / 2, c->c_arena); if (!targets) return NULL; for (i = 0; i < NCH(n) - 2; i += 2) { expr_ty e; node *ch = CHILD(n, i); if (TYPE(ch) == yield_expr) { ast_error(c, ch, ""assignment to yield expression not possible""); return NULL; } e = ast_for_testlist(c, ch); if (!e) return NULL; if (!set_context(c, e, Store, CHILD(n, i))) return NULL; asdl_seq_SET(targets, i / 2, e); } value = CHILD(n, NCH(n) - 1); if (TYPE(value) == testlist_star_expr) expression = ast_for_testlist(c, value); else expression = ast_for_expr(c, value); if (!expression) return NULL; return Assign(targets, expression, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } }",visit repo url,Python/ast.c,https://github.com/python/cpython,51199671006440,1 120,CWE-22,"static int target_xcopy_locate_se_dev_e4_iter(struct se_device *se_dev, void *data) { struct xcopy_dev_search_info *info = data; unsigned char tmp_dev_wwn[XCOPY_NAA_IEEE_REGEX_LEN]; int rc; if (!se_dev->dev_attrib.emulate_3pc) return 0; memset(&tmp_dev_wwn[0], 0, XCOPY_NAA_IEEE_REGEX_LEN); target_xcopy_gen_naa_ieee(se_dev, &tmp_dev_wwn[0]); rc = memcmp(&tmp_dev_wwn[0], info->dev_wwn, XCOPY_NAA_IEEE_REGEX_LEN); if (rc != 0) return 0; info->found_dev = se_dev; pr_debug(""XCOPY 0xe4: located se_dev: %p\n"", se_dev); rc = target_depend_item(&se_dev->dev_group.cg_item); if (rc != 0) { pr_err(""configfs_depend_item attempt failed: %d for se_dev: %p\n"", rc, se_dev); return rc; } pr_debug(""Called configfs_depend_item for se_dev: %p se_dev->se_dev_group: %p\n"", se_dev, &se_dev->dev_group); return 1; }",visit repo url,drivers/target/target_core_xcopy.c,https://github.com/torvalds/linux,60755413336033,1 6100,['CWE-200'],"cbq_classify(struct sk_buff *skb, struct Qdisc *sch, int *qerr) { struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *head = &q->link; struct cbq_class **defmap; struct cbq_class *cl = NULL; u32 prio = skb->priority; struct tcf_result res; if (TC_H_MAJ(prio^sch->handle) == 0 && (cl = cbq_class_lookup(q, prio)) != NULL) return cl; *qerr = NET_XMIT_DROP; for (;;) { int result = 0; defmap = head->defaults; if (!head->filter_list || (result = tc_classify(skb, head->filter_list, &res)) < 0) goto fallback; if ((cl = (void*)res.class) == NULL) { if (TC_H_MAJ(res.classid)) cl = cbq_class_lookup(q, res.classid); else if ((cl = defmap[res.classid&TC_PRIO_MAX]) == NULL) cl = defmap[TC_PRIO_BESTEFFORT]; if (cl == NULL || cl->level >= head->level) goto fallback; } #ifdef CONFIG_NET_CLS_ACT switch (result) { case TC_ACT_QUEUED: case TC_ACT_STOLEN: *qerr = NET_XMIT_SUCCESS; case TC_ACT_SHOT: return NULL; } #elif defined(CONFIG_NET_CLS_POLICE) switch (result) { case TC_POLICE_RECLASSIFY: return cbq_reclassify(skb, cl); case TC_POLICE_SHOT: return NULL; default: break; } #endif if (cl->level == 0) return cl; head = cl; } fallback: cl = head; if (TC_H_MAJ(prio) == 0 && !(cl = head->defaults[prio&TC_PRIO_MAX]) && !(cl = head->defaults[TC_PRIO_BESTEFFORT])) return head; return cl; }",linux-2.6,,,13695112594786589538541699906306079409,0 1814,[],"static void cfs_rq_set_shares(struct cfs_rq *cfs_rq, unsigned long shares) { }",linux-2.6,,,310798630054439490939148472137038915887,0 6555,['CWE-200'],"finalize (GObject *object) { NMAGConfConnectionPrivate *priv = NMA_GCONF_CONNECTION_GET_PRIVATE (object); g_free (priv->dir); G_OBJECT_CLASS (nma_gconf_connection_parent_class)->finalize (object); }",network-manager-applet,,,110949079714968086966948027933052125537,0 3958,['CWE-362'],"static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule) { unsigned listnr; struct audit_entry *entry; int i, err; err = -EINVAL; listnr = rule->flags & ~AUDIT_FILTER_PREPEND; switch(listnr) { default: goto exit_err; case AUDIT_FILTER_USER: case AUDIT_FILTER_TYPE: #ifdef CONFIG_AUDITSYSCALL case AUDIT_FILTER_ENTRY: case AUDIT_FILTER_EXIT: case AUDIT_FILTER_TASK: #endif ; } if (unlikely(rule->action == AUDIT_POSSIBLE)) { printk(KERN_ERR ""AUDIT_POSSIBLE is deprecated\n""); goto exit_err; } if (rule->action != AUDIT_NEVER && rule->action != AUDIT_ALWAYS) goto exit_err; if (rule->field_count > AUDIT_MAX_FIELDS) goto exit_err; err = -ENOMEM; entry = audit_init_entry(rule->field_count); if (!entry) goto exit_err; entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND; entry->rule.listnr = listnr; entry->rule.action = rule->action; entry->rule.field_count = rule->field_count; for (i = 0; i < AUDIT_BITMASK_SIZE; i++) entry->rule.mask[i] = rule->mask[i]; for (i = 0; i < AUDIT_SYSCALL_CLASSES; i++) { int bit = AUDIT_BITMASK_SIZE * 32 - i - 1; __u32 *p = &entry->rule.mask[AUDIT_WORD(bit)]; __u32 *class; if (!(*p & AUDIT_BIT(bit))) continue; *p &= ~AUDIT_BIT(bit); class = classes[i]; if (class) { int j; for (j = 0; j < AUDIT_BITMASK_SIZE; j++) entry->rule.mask[j] |= class[j]; } } return entry; exit_err: return ERR_PTR(err); }",linux-2.6,,,48746732130712955931205303749996871317,0 2128,CWE-189,"static int sanitize_ptr_alu(struct bpf_verifier_env *env, struct bpf_insn *insn, const struct bpf_reg_state *ptr_reg, struct bpf_reg_state *dst_reg, bool off_is_neg) { struct bpf_verifier_state *vstate = env->cur_state; struct bpf_insn_aux_data *aux = cur_aux(env); bool ptr_is_dst_reg = ptr_reg == dst_reg; u8 opcode = BPF_OP(insn->code); u32 alu_state, alu_limit; struct bpf_reg_state tmp; bool ret; if (env->allow_ptr_leaks || BPF_SRC(insn->code) == BPF_K) return 0; if (vstate->speculative) goto do_sim; alu_state = off_is_neg ? BPF_ALU_NEG_VALUE : 0; alu_state |= ptr_is_dst_reg ? BPF_ALU_SANITIZE_SRC : BPF_ALU_SANITIZE_DST; if (retrieve_ptr_limit(ptr_reg, &alu_limit, opcode, off_is_neg)) return 0; if (aux->alu_state && (aux->alu_state != alu_state || aux->alu_limit != alu_limit)) return -EACCES; aux->alu_state = alu_state; aux->alu_limit = alu_limit; do_sim: if (!ptr_is_dst_reg) { tmp = *dst_reg; *dst_reg = *ptr_reg; } ret = push_stack(env, env->insn_idx + 1, env->insn_idx, true); if (!ptr_is_dst_reg) *dst_reg = tmp; return !ret ? -EFAULT : 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,194943728044932,1 2726,[],"static int sctp_setsockopt_default_send_param(struct sock *sk, char __user *optval, int optlen) { struct sctp_sndrcvinfo info; struct sctp_association *asoc; struct sctp_sock *sp = sctp_sk(sk); if (optlen != sizeof(struct sctp_sndrcvinfo)) return -EINVAL; if (copy_from_user(&info, optval, optlen)) return -EFAULT; asoc = sctp_id2assoc(sk, info.sinfo_assoc_id); if (!asoc && info.sinfo_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (asoc) { asoc->default_stream = info.sinfo_stream; asoc->default_flags = info.sinfo_flags; asoc->default_ppid = info.sinfo_ppid; asoc->default_context = info.sinfo_context; asoc->default_timetolive = info.sinfo_timetolive; } else { sp->default_stream = info.sinfo_stream; sp->default_flags = info.sinfo_flags; sp->default_ppid = info.sinfo_ppid; sp->default_context = info.sinfo_context; sp->default_timetolive = info.sinfo_timetolive; } return 0; }",linux-2.6,,,34197219948803047972242897461939509421,0 40,['CWE-787'],"static void cirrus_vga_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t mem_value) { CirrusVGAState *s = opaque; unsigned bank_index; unsigned bank_offset; unsigned mode; if ((s->sr[0x07] & 0x01) == 0) { vga_mem_writeb(s, addr, mem_value); return; } addr &= 0x1ffff; if (addr < 0x10000) { if (s->cirrus_srcptr != s->cirrus_srcptr_end) { *s->cirrus_srcptr++ = (uint8_t) mem_value; if (s->cirrus_srcptr >= s->cirrus_srcptr_end) { cirrus_bitblt_cputovideo_next(s); } } else { bank_index = addr >> 15; bank_offset = addr & 0x7fff; if (bank_offset < s->cirrus_bank_limit[bank_index]) { bank_offset += s->cirrus_bank_base[bank_index]; if ((s->gr[0x0B] & 0x14) == 0x14) { bank_offset <<= 4; } else if (s->gr[0x0B] & 0x02) { bank_offset <<= 3; } bank_offset &= s->cirrus_addr_mask; mode = s->gr[0x05] & 0x7; if (mode < 4 || mode > 5 || ((s->gr[0x0B] & 0x4) == 0)) { *(s->vram_ptr + bank_offset) = mem_value; cpu_physical_memory_set_dirty(s->vram_offset + bank_offset); } else { if ((s->gr[0x0B] & 0x14) != 0x14) { cirrus_mem_writeb_mode4and5_8bpp(s, mode, bank_offset, mem_value); } else { cirrus_mem_writeb_mode4and5_16bpp(s, mode, bank_offset, mem_value); } } } } } else if (addr >= 0x18000 && addr < 0x18100) { if ((s->sr[0x17] & 0x44) == 0x04) { cirrus_mmio_blt_write(s, addr & 0xff, mem_value); } } else { #ifdef DEBUG_CIRRUS printf(""cirrus: mem_writeb %06x value %02x\n"", addr, mem_value); #endif } }",qemu,,,325319156759451925306778559778856459338,0 5392,CWE-125,"size_t OpenMP4Source(char *filename, uint32_t traktype, uint32_t traksubtype) { mp4object *mp4 = (mp4object *)malloc(sizeof(mp4object)); if (mp4 == NULL) return 0; memset(mp4, 0, sizeof(mp4object)); #ifdef _WINDOWS fopen_s(&mp4->mediafp, filename, ""rb""); #else mp4->mediafp = fopen(filename, ""rb""); #endif if (mp4->mediafp) { uint32_t qttag, qtsize32, skip, type = 0, subtype = 0, num; size_t len; int32_t nest = 0; uint64_t nestsize[MAX_NEST_LEVEL] = { 0 }; uint64_t lastsize = 0, qtsize; do { len = fread(&qtsize32, 1, 4, mp4->mediafp); len += fread(&qttag, 1, 4, mp4->mediafp); if (len == 8) { if (!VALID_FOURCC(qttag)) { LONGSEEK(mp4->mediafp, lastsize - 8 - 8, SEEK_CUR); NESTSIZE(lastsize - 8); continue; } qtsize32 = BYTESWAP32(qtsize32); if (qtsize32 == 1) { fread(&qtsize, 1, 8, mp4->mediafp); qtsize = BYTESWAP64(qtsize) - 8; } else qtsize = qtsize32; nest++; if (qtsize < 8) break; if (nest >= MAX_NEST_LEVEL) break; nestsize[nest] = qtsize; lastsize = qtsize; #if PRINT_MP4_STRUCTURE for (int i = 1; i < nest; i++) printf("" ""); printf(""%c%c%c%c (%lld)\n"", (qttag & 0xff), ((qttag >> 8) & 0xff), ((qttag >> 16) & 0xff), ((qttag >> 24) & 0xff), qtsize); if (qttag == MAKEID('m', 'd', 'a', 't') || qttag == MAKEID('f', 't', 'y', 'p') || qttag == MAKEID('u', 'd', 't', 'a')) { LONGSEEK(mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); continue; } #else if (qttag != MAKEID('m', 'o', 'o', 'v') && qttag != MAKEID('m', 'v', 'h', 'd') && qttag != MAKEID('t', 'r', 'a', 'k') && qttag != MAKEID('m', 'd', 'i', 'a') && qttag != MAKEID('m', 'd', 'h', 'd') && qttag != MAKEID('m', 'i', 'n', 'f') && qttag != MAKEID('g', 'm', 'i', 'n') && qttag != MAKEID('d', 'i', 'n', 'f') && qttag != MAKEID('a', 'l', 'i', 's') && qttag != MAKEID('s', 't', 's', 'd') && qttag != MAKEID('a', 'l', 'i', 's') && qttag != MAKEID('a', 'l', 'i', 's') && qttag != MAKEID('s', 't', 'b', 'l') && qttag != MAKEID('s', 't', 't', 's') && qttag != MAKEID('s', 't', 's', 'c') && qttag != MAKEID('s', 't', 's', 'z') && qttag != MAKEID('s', 't', 'c', 'o') && qttag != MAKEID('c', 'o', '6', '4') && qttag != MAKEID('h', 'd', 'l', 'r')) { LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else #endif if (qttag == MAKEID('m', 'v', 'h', 'd')) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&mp4->clockdemon, 1, 4, mp4->mediafp); mp4->clockdemon = BYTESWAP32(mp4->clockdemon); len += fread(&mp4->clockcount, 1, 4, mp4->mediafp); mp4->clockcount = BYTESWAP32(mp4->clockcount); LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('m', 'd', 'h', 'd')) { media_header md; len = fread(&md, 1, sizeof(md), mp4->mediafp); if (len == sizeof(md)) { md.creation_time = BYTESWAP32(md.creation_time); md.modification_time = BYTESWAP32(md.modification_time); md.time_scale = BYTESWAP32(md.time_scale); md.duration = BYTESWAP32(md.duration); mp4->trak_clockdemon = md.time_scale; mp4->trak_clockcount = md.duration; if (mp4->videolength == 0.0) { mp4->videolength = (float)((double)mp4->trak_clockcount / (double)mp4->trak_clockdemon); } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('h', 'd', 'l', 'r')) { uint32_t temp; len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&temp, 1, 4, mp4->mediafp); if (temp != MAKEID('a', 'l', 'i', 's')) type = temp; LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 's', 'd')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&subtype, 1, 4, mp4->mediafp); if (len == 16) { if (subtype != traksubtype) { type = 0; } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 's', 'c')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 12 <= qtsize - 8 - len) { mp4->metastsc_count = num; if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = (SampleToChunk *)malloc(num * 12); if (mp4->metastsc) { uint32_t total_stsc = num; len += fread(mp4->metastsc, 1, num * sizeof(SampleToChunk), mp4->mediafp); do { num--; mp4->metastsc[num].chunk_num = BYTESWAP32(mp4->metastsc[num].chunk_num); mp4->metastsc[num].samples = BYTESWAP32(mp4->metastsc[num].samples); mp4->metastsc[num].id = BYTESWAP32(mp4->metastsc[num].id); } while (num > 0); } if (mp4->metastsc_count == 1 && mp4->metastsc[0].samples == 1) { if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = NULL; mp4->metastsc_count = 0; } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 's', 'z')) { if (type == traktype) { uint32_t equalsamplesize; len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&equalsamplesize, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 4 <= qtsize - 8 - len) { mp4->metasize_count = num; if (mp4->metasizes) free(mp4->metasizes); mp4->metasizes = (uint32_t *)malloc(num * 4); if (mp4->metasizes) { if (equalsamplesize == 0) { len += fread(mp4->metasizes, 1, num * 4, mp4->mediafp); do { num--; mp4->metasizes[num] = BYTESWAP32(mp4->metasizes[num]); } while (num > 0); } else { equalsamplesize = BYTESWAP32(equalsamplesize); do { num--; mp4->metasizes[num] = equalsamplesize; } while (num > 0); } } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 'c', 'o')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 4 <= qtsize - 8 - len) { if (mp4->metastsc_count > 0 && num != mp4->metasize_count) { mp4->indexcount = mp4->metasize_count; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(mp4->metasize_count * 8); if (mp4->metaoffsets) { uint32_t *metaoffsets32 = NULL; metaoffsets32 = (uint32_t *)malloc(num * 4); if (metaoffsets32) { uint64_t fileoffset = 0; int stsc_pos = 0; int stco_pos = 0; int repeat = 1; len += fread(metaoffsets32, 1, num * 4, mp4->mediafp); do { num--; metaoffsets32[num] = BYTESWAP32(metaoffsets32[num]); } while (num > 0); mp4->metaoffsets[0] = fileoffset = metaoffsets32[stco_pos]; num = 1; while (num < mp4->metasize_count) { if (stsc_pos + 1 < (int)mp4->metastsc_count && num == stsc_pos) { stco_pos++; stsc_pos++; fileoffset = (uint64_t)metaoffsets32[stco_pos]; repeat = 1; } else if (repeat == mp4->metastsc[stsc_pos].samples) { stco_pos++; fileoffset = (uint64_t)metaoffsets32[stco_pos]; repeat = 1; } else { fileoffset += (uint64_t)mp4->metasizes[num - 1]; repeat++; } mp4->metaoffsets[num] = fileoffset; num++; } if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = NULL; mp4->metastsc_count = 0; free(metaoffsets32); } } } else { mp4->indexcount = num; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(num * 8); if (mp4->metaoffsets) { uint32_t *metaoffsets32 = NULL; metaoffsets32 = (uint32_t *)malloc(num * 4); if (metaoffsets32) { size_t readlen = fread(metaoffsets32, 1, num * 4, mp4->mediafp); len += readlen; do { num--; mp4->metaoffsets[num] = BYTESWAP32(metaoffsets32[num]); } while (num > 0); free(metaoffsets32); } } } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('c', 'o', '6', '4')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 8 <= qtsize - 8 - len) { if (mp4->metastsc_count > 0 && num != mp4->metasize_count) { mp4->indexcount = mp4->metasize_count; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(mp4->metasize_count * 8); if (mp4->metaoffsets) { uint64_t *metaoffsets64 = NULL; metaoffsets64 = (uint64_t *)malloc(num * 8); if (metaoffsets64) { uint64_t fileoffset = 0; int stsc_pos = 0; int stco_pos = 0; len += fread(metaoffsets64, 1, num * 8, mp4->mediafp); do { num--; metaoffsets64[num] = BYTESWAP64(metaoffsets64[num]); } while (num > 0); fileoffset = metaoffsets64[0]; mp4->metaoffsets[0] = fileoffset; num = 1; while (num < mp4->metasize_count) { if (num != mp4->metastsc[stsc_pos].chunk_num - 1 && 0 == (num - (mp4->metastsc[stsc_pos].chunk_num - 1)) % mp4->metastsc[stsc_pos].samples) { stco_pos++; fileoffset = (uint64_t)metaoffsets64[stco_pos]; } else { fileoffset += (uint64_t)mp4->metasizes[num - 1]; } mp4->metaoffsets[num] = fileoffset; num++; } if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = NULL; mp4->metastsc_count = 0; free(metaoffsets64); } } } else { mp4->indexcount = num; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(num * 8); if (mp4->metaoffsets) { len += fread(mp4->metaoffsets, 1, num * 8, mp4->mediafp); do { num--; mp4->metaoffsets[num] = BYTESWAP64(mp4->metaoffsets[num]); } while (num > 0); } } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 't', 's')) { if (type == traktype) { uint32_t totaldur = 0, samples = 0; int32_t entries = 0; len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 8 <= qtsize - 8 - len) { entries = num; mp4->meta_clockdemon = mp4->trak_clockdemon; mp4->meta_clockcount = mp4->trak_clockcount; while (entries > 0) { int32_t samplecount; int32_t duration; len += fread(&samplecount, 1, 4, mp4->mediafp); samplecount = BYTESWAP32(samplecount); len += fread(&duration, 1, 4, mp4->mediafp); duration = BYTESWAP32(duration); samples += samplecount; entries--; totaldur += duration; mp4->metadatalength += (double)((double)samplecount * (double)duration / (double)mp4->meta_clockdemon); } mp4->basemetadataduration = mp4->metadatalength * (double)mp4->meta_clockdemon / (double)samples; } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else { NESTSIZE(8); } } else { break; } } while (len > 0); } else { free(mp4); mp4 = NULL; } return (size_t)mp4; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,247196757099773,1 4920,['CWE-20'],"nfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *dentry) { struct inode *inode = old_dentry->d_inode; int error; dfprintk(VFS, ""NFS: link(%s/%s -> %s/%s)\n"", old_dentry->d_parent->d_name.name, old_dentry->d_name.name, dentry->d_parent->d_name.name, dentry->d_name.name); lock_kernel(); nfs_begin_data_update(dir); nfs_begin_data_update(inode); error = NFS_PROTO(dir)->link(inode, dir, &dentry->d_name); if (error == 0) { atomic_inc(&inode->i_count); d_instantiate(dentry, inode); } nfs_end_data_update(inode); nfs_end_data_update(dir); unlock_kernel(); return error; }",linux-2.6,,,131421750890299490038688707459889980426,0 3998,CWE-125,"x86_reg X86_insn_reg_intel(unsigned int id, enum cs_ac_type *access) { unsigned int first = 0; unsigned int last = ARR_SIZE(insn_regs_intel) - 1; unsigned int mid = ARR_SIZE(insn_regs_intel) / 2; if (!intel_regs_sorted) { memcpy(insn_regs_intel_sorted, insn_regs_intel, sizeof(insn_regs_intel_sorted)); qsort(insn_regs_intel_sorted, ARR_SIZE(insn_regs_intel_sorted), sizeof(struct insn_reg), regs_cmp); intel_regs_sorted = true; } while (first <= last) { if (insn_regs_intel_sorted[mid].insn < id) { first = mid + 1; } else if (insn_regs_intel_sorted[mid].insn == id) { if (access) { *access = insn_regs_intel_sorted[mid].access; } return insn_regs_intel_sorted[mid].reg; } else { if (mid == 0) break; last = mid - 1; } mid = (first + last) / 2; } return 0; }",visit repo url,arch/X86/X86Mapping.c,https://github.com/aquynh/capstone,245311233926045,1 171,CWE-476,"static int dwc3_qcom_probe(struct platform_device *pdev) { struct device_node *np = pdev->dev.of_node; struct device *dev = &pdev->dev; struct dwc3_qcom *qcom; struct resource *res, *parent_res = NULL; int ret, i; bool ignore_pipe_clk; qcom = devm_kzalloc(&pdev->dev, sizeof(*qcom), GFP_KERNEL); if (!qcom) return -ENOMEM; platform_set_drvdata(pdev, qcom); qcom->dev = &pdev->dev; if (has_acpi_companion(dev)) { qcom->acpi_pdata = acpi_device_get_match_data(dev); if (!qcom->acpi_pdata) { dev_err(&pdev->dev, ""no supporting ACPI device data\n""); return -EINVAL; } } qcom->resets = devm_reset_control_array_get_optional_exclusive(dev); if (IS_ERR(qcom->resets)) { ret = PTR_ERR(qcom->resets); dev_err(&pdev->dev, ""failed to get resets, err=%d\n"", ret); return ret; } ret = reset_control_assert(qcom->resets); if (ret) { dev_err(&pdev->dev, ""failed to assert resets, err=%d\n"", ret); return ret; } usleep_range(10, 1000); ret = reset_control_deassert(qcom->resets); if (ret) { dev_err(&pdev->dev, ""failed to deassert resets, err=%d\n"", ret); goto reset_assert; } ret = dwc3_qcom_clk_init(qcom, of_clk_get_parent_count(np)); if (ret) { dev_err(dev, ""failed to get clocks\n""); goto reset_assert; } res = platform_get_resource(pdev, IORESOURCE_MEM, 0); if (np) { parent_res = res; } else { parent_res = kmemdup(res, sizeof(struct resource), GFP_KERNEL); if (!parent_res) return -ENOMEM; parent_res->start = res->start + qcom->acpi_pdata->qscratch_base_offset; parent_res->end = parent_res->start + qcom->acpi_pdata->qscratch_base_size; if (qcom->acpi_pdata->is_urs) { qcom->urs_usb = dwc3_qcom_create_urs_usb_platdev(dev); if (!qcom->urs_usb) { dev_err(dev, ""failed to create URS USB platdev\n""); return -ENODEV; } } } qcom->qscratch_base = devm_ioremap_resource(dev, parent_res); if (IS_ERR(qcom->qscratch_base)) { ret = PTR_ERR(qcom->qscratch_base); goto clk_disable; } ret = dwc3_qcom_setup_irq(pdev); if (ret) { dev_err(dev, ""failed to setup IRQs, err=%d\n"", ret); goto clk_disable; } ignore_pipe_clk = device_property_read_bool(dev, ""qcom,select-utmi-as-pipe-clk""); if (ignore_pipe_clk) dwc3_qcom_select_utmi_clk(qcom); if (np) ret = dwc3_qcom_of_register_core(pdev); else ret = dwc3_qcom_acpi_register_core(pdev); if (ret) { dev_err(dev, ""failed to register DWC3 Core, err=%d\n"", ret); goto depopulate; } ret = dwc3_qcom_interconnect_init(qcom); if (ret) goto depopulate; qcom->mode = usb_get_dr_mode(&qcom->dwc3->dev); if (qcom->mode == USB_DR_MODE_PERIPHERAL) dwc3_qcom_vbus_override_enable(qcom, true); ret = dwc3_qcom_register_extcon(qcom); if (ret) goto interconnect_exit; device_init_wakeup(&pdev->dev, 1); qcom->is_suspended = false; pm_runtime_set_active(dev); pm_runtime_enable(dev); pm_runtime_forbid(dev); return 0; interconnect_exit: dwc3_qcom_interconnect_exit(qcom); depopulate: if (np) of_platform_depopulate(&pdev->dev); else platform_device_put(pdev); clk_disable: for (i = qcom->num_clocks - 1; i >= 0; i--) { clk_disable_unprepare(qcom->clks[i]); clk_put(qcom->clks[i]); } reset_assert: reset_control_assert(qcom->resets); return ret; }",visit repo url,drivers/usb/dwc3/dwc3-qcom.c,https://github.com/torvalds/linux,264402823269159,1 1171,['CWE-189'],"static void enqueue_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, int reprogram) { struct rb_node **link = &base->active.rb_node; struct rb_node *parent = NULL; struct hrtimer *entry; while (*link) { parent = *link; entry = rb_entry(parent, struct hrtimer, node); if (timer->expires.tv64 < entry->expires.tv64) link = &(*link)->rb_left; else link = &(*link)->rb_right; } if (!base->first || timer->expires.tv64 < rb_entry(base->first, struct hrtimer, node)->expires.tv64) { if (reprogram && hrtimer_enqueue_reprogram(timer, base)) return; base->first = &timer->node; } rb_link_node(&timer->node, parent, link); rb_insert_color(&timer->node, &base->active); timer->state |= HRTIMER_STATE_ENQUEUED; }",linux-2.6,,,261477176622635474677065421369786451993,0 3732,[],"static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { struct sock *sk = sock->sk; struct net *net = sock_net(sk); struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr=(struct sockaddr_un *)uaddr; struct dentry * dentry = NULL; struct nameidata nd; int err; unsigned hash; struct unix_address *addr; struct hlist_head *list; err = -EINVAL; if (sunaddr->sun_family != AF_UNIX) goto out; if (addr_len==sizeof(short)) { err = unix_autobind(sock); goto out; } err = unix_mkname(sunaddr, addr_len, &hash); if (err < 0) goto out; addr_len = err; mutex_lock(&u->readlock); err = -EINVAL; if (u->addr) goto out_up; err = -ENOMEM; addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL); if (!addr) goto out_up; memcpy(addr->name, sunaddr, addr_len); addr->len = addr_len; addr->hash = hash ^ sk->sk_type; atomic_set(&addr->refcnt, 1); if (sunaddr->sun_path[0]) { unsigned int mode; err = 0; err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd); if (err) goto out_mknod_parent; dentry = lookup_create(&nd, 0); err = PTR_ERR(dentry); if (IS_ERR(dentry)) goto out_mknod_unlock; mode = S_IFSOCK | (SOCK_INODE(sock)->i_mode & ~current->fs->umask); err = mnt_want_write(nd.path.mnt); if (err) goto out_mknod_dput; err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0); mnt_drop_write(nd.path.mnt); if (err) goto out_mknod_dput; mutex_unlock(&nd.path.dentry->d_inode->i_mutex); dput(nd.path.dentry); nd.path.dentry = dentry; addr->hash = UNIX_HASH_SIZE; } spin_lock(&unix_table_lock); if (!sunaddr->sun_path[0]) { err = -EADDRINUSE; if (__unix_find_socket_byname(net, sunaddr, addr_len, sk->sk_type, hash)) { unix_release_addr(addr); goto out_unlock; } list = &unix_socket_table[addr->hash]; } else { list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)]; u->dentry = nd.path.dentry; u->mnt = nd.path.mnt; } err = 0; __unix_remove_socket(sk); u->addr = addr; __unix_insert_socket(list, sk); out_unlock: spin_unlock(&unix_table_lock); out_up: mutex_unlock(&u->readlock); out: return err; out_mknod_dput: dput(dentry); out_mknod_unlock: mutex_unlock(&nd.path.dentry->d_inode->i_mutex); path_put(&nd.path); out_mknod_parent: if (err==-EEXIST) err=-EADDRINUSE; unix_release_addr(addr); goto out_up; }",linux-2.6,,,339700231077174483775312568833450975389,0 5519,['CWE-119'],"decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, struct ecryptfs_crypt_stat *crypt_stat) { struct scatterlist dst_sg[2]; struct scatterlist src_sg[2]; struct mutex *tfm_mutex; struct blkcipher_desc desc = { .flags = CRYPTO_TFM_REQ_MAY_SLEEP }; int rc = 0; if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk( KERN_DEBUG, ""Session key encryption key (size [%d]):\n"", auth_tok->token.password.session_key_encryption_key_bytes); ecryptfs_dump_hex( auth_tok->token.password.session_key_encryption_key, auth_tok->token.password.session_key_encryption_key_bytes); } rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, crypt_stat->cipher); if (unlikely(rc)) { printk(KERN_ERR ""Internal error whilst attempting to get "" ""tfm and mutex for cipher name [%s]; rc = [%d]\n"", crypt_stat->cipher, rc); goto out; } rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key, auth_tok->session_key.encrypted_key_size, src_sg, 2); if (rc < 1 || rc > 2) { printk(KERN_ERR ""Internal error whilst attempting to convert "" ""auth_tok->session_key.encrypted_key to scatterlist; "" ""expected rc = 1; got rc = [%d]. "" ""auth_tok->session_key.encrypted_key_size = [%d]\n"", rc, auth_tok->session_key.encrypted_key_size); goto out; } auth_tok->session_key.decrypted_key_size = auth_tok->session_key.encrypted_key_size; rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key, auth_tok->session_key.decrypted_key_size, dst_sg, 2); if (rc < 1 || rc > 2) { printk(KERN_ERR ""Internal error whilst attempting to convert "" ""auth_tok->session_key.decrypted_key to scatterlist; "" ""expected rc = 1; got rc = [%d]\n"", rc); goto out; } mutex_lock(tfm_mutex); rc = crypto_blkcipher_setkey( desc.tfm, auth_tok->token.password.session_key_encryption_key, crypt_stat->key_size); if (unlikely(rc < 0)) { mutex_unlock(tfm_mutex); printk(KERN_ERR ""Error setting key for crypto context\n""); rc = -EINVAL; goto out; } rc = crypto_blkcipher_decrypt(&desc, dst_sg, src_sg, auth_tok->session_key.encrypted_key_size); mutex_unlock(tfm_mutex); if (unlikely(rc)) { printk(KERN_ERR ""Error decrypting; rc = [%d]\n"", rc); goto out; } auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, auth_tok->session_key.decrypted_key_size); crypt_stat->flags |= ECRYPTFS_KEY_VALID; if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""FEK of size [%d]:\n"", crypt_stat->key_size); ecryptfs_dump_hex(crypt_stat->key, crypt_stat->key_size); } out: return rc; }",linux-2.6,,,281272478414182272808798094225773523564,0 5199,['CWE-20'],"static inline int is_external_interrupt(u32 intr_info) { return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK)) == (INTR_TYPE_EXT_INTR | INTR_INFO_VALID_MASK); }",linux-2.6,,,322773994024113406921930388707499977869,0 4994,['CWE-346'],"void udev_monitor_unref(struct udev_monitor *udev_monitor) { if (udev_monitor == NULL) return; udev_monitor->refcount--; if (udev_monitor->refcount > 0) return; if (udev_monitor->sock >= 0) close(udev_monitor->sock); dbg(udev_monitor->udev, ""monitor %p released\n"", udev_monitor); free(udev_monitor); }",udev,,,251237869382365474342477753825207907699,0 6479,[],"lt_dlinsertsearchdir (const char *before, const char *search_dir) { int errors = 0; if (before) { if ((before < user_search_path) || (before >= user_search_path + LT_STRLEN (user_search_path))) { LT__SETERROR (INVALID_POSITION); return 1; } } if (search_dir && *search_dir) { if (lt_dlpath_insertdir (&user_search_path, (char *) before, search_dir) != 0) { ++errors; } } return errors; }",libtool,,,120075593649913410975522318167557143841,0 2690,[],"static int sctp_setsockopt_rtoinfo(struct sock *sk, char __user *optval, int optlen) { struct sctp_rtoinfo rtoinfo; struct sctp_association *asoc; if (optlen != sizeof (struct sctp_rtoinfo)) return -EINVAL; if (copy_from_user(&rtoinfo, optval, optlen)) return -EFAULT; asoc = sctp_id2assoc(sk, rtoinfo.srto_assoc_id); if (!asoc && rtoinfo.srto_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (asoc) { if (rtoinfo.srto_initial != 0) asoc->rto_initial = msecs_to_jiffies(rtoinfo.srto_initial); if (rtoinfo.srto_max != 0) asoc->rto_max = msecs_to_jiffies(rtoinfo.srto_max); if (rtoinfo.srto_min != 0) asoc->rto_min = msecs_to_jiffies(rtoinfo.srto_min); } else { struct sctp_sock *sp = sctp_sk(sk); if (rtoinfo.srto_initial != 0) sp->rtoinfo.srto_initial = rtoinfo.srto_initial; if (rtoinfo.srto_max != 0) sp->rtoinfo.srto_max = rtoinfo.srto_max; if (rtoinfo.srto_min != 0) sp->rtoinfo.srto_min = rtoinfo.srto_min; } return 0; }",linux-2.6,,,212487359825275806965291229352661270141,0 1254,NVD-CWE-Other,"u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport) { struct keydata *keyptr = get_keyptr(); u32 hash[4]; hash[0] = (__force u32)saddr; hash[1] = (__force u32)daddr; hash[2] = (__force u32)dport ^ keyptr->secret[10]; hash[3] = keyptr->secret[11]; return half_md4_transform(hash, keyptr->secret); }",visit repo url,drivers/char/random.c,https://github.com/torvalds/linux,156314552709771,1 4720,CWE-20,"static int cmd_handle_untagged(struct ImapData *idata) { unsigned int count = 0; char *s = imap_next_word(idata->buf); char *pn = imap_next_word(s); if ((idata->state >= IMAP_SELECTED) && isdigit((unsigned char) *s)) { pn = s; s = imap_next_word(s); if (mutt_str_strncasecmp(""EXISTS"", s, 6) == 0) { mutt_debug(2, ""Handling EXISTS\n""); if (mutt_str_atoui(pn, &count) < 0) { mutt_debug(1, ""Malformed EXISTS: '%s'\n"", pn); } if (!(idata->reopen & IMAP_EXPUNGE_PENDING) && count < idata->max_msn) { mutt_debug(1, ""Message count is out of sync\n""); return 0; } else if (count == idata->max_msn) mutt_debug(3, ""superfluous EXISTS message.\n""); else { if (!(idata->reopen & IMAP_EXPUNGE_PENDING)) { mutt_debug(2, ""New mail in %s - %d messages total.\n"", idata->mailbox, count); idata->reopen |= IMAP_NEWMAIL_PENDING; } idata->new_mail_count = count; } } else if (mutt_str_strncasecmp(""EXPUNGE"", s, 7) == 0) cmd_parse_expunge(idata, pn); else if (mutt_str_strncasecmp(""FETCH"", s, 5) == 0) cmd_parse_fetch(idata, pn); } else if (mutt_str_strncasecmp(""CAPABILITY"", s, 10) == 0) cmd_parse_capability(idata, s); else if (mutt_str_strncasecmp(""OK [CAPABILITY"", s, 14) == 0) cmd_parse_capability(idata, pn); else if (mutt_str_strncasecmp(""OK [CAPABILITY"", pn, 14) == 0) cmd_parse_capability(idata, imap_next_word(pn)); else if (mutt_str_strncasecmp(""LIST"", s, 4) == 0) cmd_parse_list(idata, s); else if (mutt_str_strncasecmp(""LSUB"", s, 4) == 0) cmd_parse_lsub(idata, s); else if (mutt_str_strncasecmp(""MYRIGHTS"", s, 8) == 0) cmd_parse_myrights(idata, s); else if (mutt_str_strncasecmp(""SEARCH"", s, 6) == 0) cmd_parse_search(idata, s); else if (mutt_str_strncasecmp(""STATUS"", s, 6) == 0) cmd_parse_status(idata, s); else if (mutt_str_strncasecmp(""ENABLED"", s, 7) == 0) cmd_parse_enabled(idata, s); else if (mutt_str_strncasecmp(""BYE"", s, 3) == 0) { mutt_debug(2, ""Handling BYE\n""); if (idata->status == IMAP_BYE) return 0; s += 3; SKIPWS(s); mutt_error(""%s"", s); cmd_handle_fatal(idata); return -1; } else if (ImapServernoise && (mutt_str_strncasecmp(""NO"", s, 2) == 0)) { mutt_debug(2, ""Handling untagged NO\n""); mutt_error(""%s"", s + 3); } return 0; }",visit repo url,imap/command.c,https://github.com/neomutt/neomutt,113181707440279,1 6724,['CWE-310'],"copy_one_setting_value_to_gconf (NMSetting *setting, const char *key, const GValue *value, GParamFlags flags, gpointer user_data) { CopyOneSettingValueInfo *info = (CopyOneSettingValueInfo *) user_data; const char *setting_name; GType type = G_VALUE_TYPE (value); GParamSpec *pspec; if (NM_IS_SETTING_802_1X (setting)) { if (string_in_list (key, applet_8021x_ignore_keys)) return; } else if (NM_IS_SETTING_VPN (setting)) { if (string_in_list (key, vpn_ignore_keys)) return; } if (flags & NM_SETTING_PARAM_SECRET) return; if ( NM_IS_SETTING_CONNECTION (setting) && !strcmp (key, NM_SETTING_CONNECTION_READ_ONLY)) return; setting_name = nm_setting_get_name (setting); pspec = g_object_class_find_property (G_OBJECT_GET_CLASS (setting), key); if (pspec) { if (g_param_value_defaults (pspec, (GValue *) value)) { char *path; path = g_strdup_printf (""%s/%s/%s"", info->dir, setting_name, key); if (path) gconf_client_unset (info->client, path, NULL); g_free (path); return; } } if (type == G_TYPE_STRING) { nm_gconf_set_string_helper (info->client, info->dir, key, setting_name, g_value_get_string (value)); } else if (type == G_TYPE_UINT) { nm_gconf_set_int_helper (info->client, info->dir, key, setting_name, g_value_get_uint (value)); } else if (type == G_TYPE_INT) { nm_gconf_set_int_helper (info->client, info->dir, key, setting_name, g_value_get_int (value)); } else if (type == G_TYPE_UINT64) { char *numstr; numstr = g_strdup_printf (""%"" G_GUINT64_FORMAT, g_value_get_uint64 (value)); nm_gconf_set_string_helper (info->client, info->dir, key, setting_name, numstr); g_free (numstr); } else if (type == G_TYPE_BOOLEAN) { nm_gconf_set_bool_helper (info->client, info->dir, key, setting_name, g_value_get_boolean (value)); } else if (type == G_TYPE_CHAR) { nm_gconf_set_int_helper (info->client, info->dir, key, setting_name, g_value_get_char (value)); } else if (type == DBUS_TYPE_G_UCHAR_ARRAY) { nm_gconf_set_bytearray_helper (info->client, info->dir, key, setting_name, (GByteArray *) g_value_get_boxed (value)); } else if (type == DBUS_TYPE_G_LIST_OF_STRING) { nm_gconf_set_stringlist_helper (info->client, info->dir, key, setting_name, (GSList *) g_value_get_boxed (value)); #if UNUSED } else if (type == DBUS_TYPE_G_MAP_OF_VARIANT) { nm_gconf_set_valuehash_helper (info->client, info->dir, setting_name, (GHashTable *) g_value_get_boxed (value)); #endif } else if (type == DBUS_TYPE_G_MAP_OF_STRING) { nm_gconf_set_stringhash_helper (info->client, info->dir, setting_name, (GHashTable *) g_value_get_boxed (value)); } else if (type == DBUS_TYPE_G_UINT_ARRAY) { nm_gconf_set_uint_array_helper (info->client, info->dir, key, setting_name, (GArray *) g_value_get_boxed (value)); } else if (type == DBUS_TYPE_G_ARRAY_OF_ARRAY_OF_UINT) { guint32 tuple_len = 0; if (!strcmp (key, NM_SETTING_IP4_CONFIG_ADDRESSES)) tuple_len = 3; else if (!strcmp (key, NM_SETTING_IP4_CONFIG_ROUTES)) tuple_len = 4; nm_gconf_set_ip4_helper (info->client, info->dir, key, setting_name, tuple_len, (GPtrArray *) g_value_get_boxed (value)); } else g_warning (""Unhandled setting property type (write) '%s/%s' : '%s'"", setting_name, key, g_type_name (type)); }",network-manager-applet,,,208916826391226302082277744282044272941,0 1378,[],"static void hrtick_start_fair(struct rq *rq, struct task_struct *p) { int requeue = rq->curr == p; struct sched_entity *se = &p->se; struct cfs_rq *cfs_rq = cfs_rq_of(se); WARN_ON(task_rq(p) != rq); if (hrtick_enabled(rq) && cfs_rq->nr_running > 1) { u64 slice = sched_slice(cfs_rq, se); u64 ran = se->sum_exec_runtime - se->prev_sum_exec_runtime; s64 delta = slice - ran; if (delta < 0) { if (rq->curr == p) resched_task(p); return; } if (!requeue) delta = max(10000LL, delta); hrtick_start(rq, delta, requeue); } }",linux-2.6,,,260794341266086273875800715603629251002,0 5061,['CWE-20'],"static int handle_vmcall(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { skip_emulated_instruction(vcpu); kvm_emulate_hypercall(vcpu); return 1; }",linux-2.6,,,44049192003866988899133939107449156341,0 117,NVD-CWE-Other,"int tipc_link_xmit(struct tipc_link *l, struct sk_buff_head *list, struct sk_buff_head *xmitq) { struct tipc_msg *hdr = buf_msg(skb_peek(list)); struct sk_buff_head *backlogq = &l->backlogq; struct sk_buff_head *transmq = &l->transmq; struct sk_buff *skb, *_skb; u16 bc_ack = l->bc_rcvlink->rcv_nxt - 1; u16 ack = l->rcv_nxt - 1; u16 seqno = l->snd_nxt; int pkt_cnt = skb_queue_len(list); int imp = msg_importance(hdr); unsigned int mss = tipc_link_mss(l); unsigned int cwin = l->window; unsigned int mtu = l->mtu; bool new_bundle; int rc = 0; if (unlikely(msg_size(hdr) > mtu)) { pr_warn(""Too large msg, purging xmit list %d %d %d %d %d!\n"", skb_queue_len(list), msg_user(hdr), msg_type(hdr), msg_size(hdr), mtu); __skb_queue_purge(list); return -EMSGSIZE; } if (unlikely(l->backlog[imp].len >= l->backlog[imp].limit)) { if (imp == TIPC_SYSTEM_IMPORTANCE) { pr_warn(""%s<%s>, link overflow"", link_rst_msg, l->name); return -ENOBUFS; } rc = link_schedule_user(l, hdr); } if (pkt_cnt > 1) { l->stats.sent_fragmented++; l->stats.sent_fragments += pkt_cnt; } while ((skb = __skb_dequeue(list))) { if (likely(skb_queue_len(transmq) < cwin)) { hdr = buf_msg(skb); msg_set_seqno(hdr, seqno); msg_set_ack(hdr, ack); msg_set_bcast_ack(hdr, bc_ack); _skb = skb_clone(skb, GFP_ATOMIC); if (!_skb) { kfree_skb(skb); __skb_queue_purge(list); return -ENOBUFS; } __skb_queue_tail(transmq, skb); tipc_link_set_skb_retransmit_time(skb, l); __skb_queue_tail(xmitq, _skb); TIPC_SKB_CB(skb)->ackers = l->ackers; l->rcv_unacked = 0; l->stats.sent_pkts++; seqno++; continue; } if (tipc_msg_try_bundle(l->backlog[imp].target_bskb, &skb, mss, l->addr, &new_bundle)) { if (skb) { l->backlog[imp].target_bskb = skb; l->backlog[imp].len++; __skb_queue_tail(backlogq, skb); } else { if (new_bundle) { l->stats.sent_bundles++; l->stats.sent_bundled++; } l->stats.sent_bundled++; } continue; } l->backlog[imp].target_bskb = NULL; l->backlog[imp].len += (1 + skb_queue_len(list)); __skb_queue_tail(backlogq, skb); skb_queue_splice_tail_init(list, backlogq); } l->snd_nxt = seqno; return rc; }",visit repo url,net/tipc/link.c,https://github.com/torvalds/linux,245892924825683,1 2970,['CWE-189'],"static int jas_icclut8_copy(jas_iccattrval_t *attrval, jas_iccattrval_t *othattrval) { jas_icclut8_t *lut8 = &attrval->data.lut8; attrval = 0; othattrval = 0; lut8 = 0; abort(); return -1; }",jasper,,,50861280315476555882988892446702152369,0 6350,CWE-125,"gif_read_lzw(FILE *fp, int first_time, int input_code_size) { int i, code, incode; static short fresh = 0, code_size = 0, set_code_size = 0, max_code = 0, max_code_size = 0, firstcode = 0, oldcode = 0, clear_code = 0, end_code = 0, table[2][4096], stack[8192], *sp = stack; if (first_time) { set_code_size = (short)input_code_size; code_size = set_code_size + 1; clear_code = (short)(1 << set_code_size); end_code = clear_code + 1; max_code_size = 2 * clear_code; max_code = clear_code + 2; gif_get_code(fp, 0, 1); fresh = 1; for (i = 0; i < clear_code; i ++) { table[0][i] = 0; table[1][i] = (short)i; } for (; i < 4096; i ++) table[0][i] = table[1][0] = 0; sp = stack; return (0); } else if (fresh) { fresh = 0; do firstcode = oldcode = (short)gif_get_code(fp, code_size, 0); while (firstcode == clear_code); return (firstcode); } if (sp > stack) return (*--sp); while ((code = gif_get_code (fp, code_size, 0)) >= 0) { if (code == clear_code) { for (i = 0; i < clear_code; i ++) { table[0][i] = 0; table[1][i] = (short)i; } for (; i < 4096; i ++) table[0][i] = table[1][i] = 0; code_size = set_code_size + 1; max_code_size = 2 * clear_code; max_code = clear_code + 2; sp = stack; firstcode = oldcode = (short)gif_get_code(fp, code_size, 0); return (firstcode); } else if (code == end_code) { uchar buf[260]; if (!gif_eof) while (gif_get_block(fp, buf) > 0); return (-2); } incode = code; if (code >= max_code) { *sp++ = firstcode; code = oldcode; } while (code >= clear_code) { *sp++ = table[1][code]; if (code == table[0][code]) return (255); code = table[0][code]; } *sp++ = firstcode = table[1][code]; code = max_code; if (code < 4096) { table[0][code] = oldcode; table[1][code] = firstcode; max_code ++; if (max_code >= max_code_size && max_code_size < 4096) { max_code_size *= 2; code_size ++; } } oldcode = (short)incode; if (sp > stack) return (*--sp); } return (code); }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,42591166103825,1 5856,CWE-787,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_build_sli( pjmedia_rtcp_session *session, void *buf, pj_size_t *length, unsigned sli_cnt, const pjmedia_rtcp_fb_sli sli[]) { pjmedia_rtcp_common *hdr; pj_uint8_t *p; unsigned len, i; PJ_ASSERT_RETURN(session && buf && length && sli_cnt && sli, PJ_EINVAL); len = (3 + sli_cnt) * 4; if (len > *length) return PJ_ETOOSMALL; hdr = (pjmedia_rtcp_common*)buf; pj_memcpy(hdr, &session->rtcp_rr_pkt.common, sizeof(*hdr)); hdr->pt = RTCP_PSFB; hdr->count = 2; hdr->length = pj_htons((pj_uint16_t)(len/4 - 1)); p = (pj_uint8_t*)hdr + sizeof(*hdr); for (i = 0; i < sli_cnt; ++i) { *p++ = (pj_uint8_t)((sli[i].first >> 5) & 0xFF); *p = (pj_uint8_t)((sli[i].first & 31) << 3); *p++ |= (pj_uint8_t)((sli[i].number >> 10) & 7); *p++ = (pj_uint8_t)((sli[i].number >> 2) & 0xFF); *p = (pj_uint8_t)((sli[i].number & 3) << 6); *p++ |= (sli[i].pict_id & 63); } *length = len; return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,151866096947785,1 1606,CWE-264,"int inet6_sk_rebuild_header(struct sock *sk) { struct ipv6_pinfo *np = inet6_sk(sk); struct dst_entry *dst; dst = __sk_dst_check(sk, np->dst_cookie); if (!dst) { struct inet_sock *inet = inet_sk(sk); struct in6_addr *final_p, final; struct flowi6 fl6; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_proto = sk->sk_protocol; fl6.daddr = sk->sk_v6_daddr; fl6.saddr = np->saddr; fl6.flowlabel = np->flow_label; fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = sk->sk_mark; fl6.fl6_dport = inet->inet_dport; fl6.fl6_sport = inet->inet_sport; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); final_p = fl6_update_dst(&fl6, np->opt, &final); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { sk->sk_route_caps = 0; sk->sk_err_soft = -PTR_ERR(dst); return PTR_ERR(dst); } __ip6_dst_store(sk, dst, NULL, NULL); } return 0; }",visit repo url,net/ipv6/af_inet6.c,https://github.com/torvalds/linux,100453078732465,1 2662,[],"static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_association *asoc; int cnt = 0; struct sctp_getaddrs getaddrs; struct sctp_transport *from; void __user *to; union sctp_addr temp; struct sctp_sock *sp = sctp_sk(sk); int addrlen; size_t space_left; int bytes_copied; if (len < sizeof(struct sctp_getaddrs)) return -EINVAL; if (copy_from_user(&getaddrs, optval, sizeof(struct sctp_getaddrs))) return -EFAULT; asoc = sctp_id2assoc(sk, getaddrs.assoc_id); if (!asoc) return -EINVAL; to = optval + offsetof(struct sctp_getaddrs,addrs); space_left = len - offsetof(struct sctp_getaddrs,addrs); list_for_each_entry(from, &asoc->peer.transport_addr_list, transports) { memcpy(&temp, &from->ipaddr, sizeof(temp)); sctp_get_pf_specific(sk->sk_family)->addr_v4map(sp, &temp); addrlen = sctp_get_af_specific(sk->sk_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; if (copy_to_user(to, &temp, addrlen)) return -EFAULT; to += addrlen; cnt++; space_left -= addrlen; } if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num)) return -EFAULT; bytes_copied = ((char __user *)to) - optval; if (put_user(bytes_copied, optlen)) return -EFAULT; return 0; }",linux-2.6,,,101725253140673663424136342169734506699,0 6689,CWE-125,"void TestGatherNd(int* param_dims, const ParamType* param_data, int* index_dims, const IndexType* index_data, int* output_dims, ParamType* output_data, const ParamType* expected_output_data) { TfLiteIntArray* pdims = IntArrayFromInts(param_dims); TfLiteIntArray* idims = IntArrayFromInts(index_dims); TfLiteIntArray* odims = IntArrayFromInts(output_dims); constexpr int inputs_size = 2; constexpr int outputs_size = 1; constexpr int tensors_size = inputs_size + outputs_size; TfLiteTensor tensors[tensors_size] = { CreateTensor(param_data, pdims), CreateTensor(index_data, idims), CreateTensor(output_data, odims), }; int inputs_array_data[] = {2, 0, 1}; TfLiteIntArray* inputs_array = IntArrayFromInts(inputs_array_data); int outputs_array_data[] = {1, 2}; TfLiteIntArray* outputs_array = IntArrayFromInts(outputs_array_data); const TfLiteRegistration registration = Register_GATHER_ND(); micro::KernelRunner runner(registration, tensors, tensors_size, inputs_array, outputs_array, nullptr); TF_LITE_MICRO_EXPECT_EQ(kTfLiteOk, runner.InitAndPrepare()); TF_LITE_MICRO_EXPECT_EQ(kTfLiteOk, runner.Invoke()); TfLiteTensor* actual_output_tensor = &tensors[2]; TfLiteIntArray* actual_output_dims = actual_output_tensor->dims; const int output_size = ElementCount(*actual_output_dims); for (int i = 0; i < output_size; ++i) { TF_LITE_MICRO_EXPECT_EQ(expected_output_data[i], output_data[i]); } }",visit repo url,tensorflow/lite/micro/kernels/gather_nd_test.cc,https://github.com/tensorflow/tflite-micro,266832186640771,1 6582,CWE-1333,"module.exports = function( a , b ) { var re = /(^([+-]?(?:\d*)(?:\.\d*)?(?:[eE][+-]?\d+)?)?$|^0x[\da-fA-F]+$|\d+)/g , sre = /^\s+|\s+$/g , snre = /\s+/g , dre = /(^([\w ]+,?[\w ]+)?[\w ]+,?[\w ]+\d+:\d+(:\d+)?[\w ]?|^\d{1,4}[/-]\d{1,4}[/-]\d{1,4}|^\w+, \w+ \d+, \d{4})/ , hre = /^0x[0-9a-f]+$/i , ore = /^0/ , i = function( s ) { return ( '' + s ).toLowerCase().replace( sre , '' ) ; } , x = i( a ) || '' , y = i( b ) || '' , xN = x.replace( re , '\0$1\0' ).replace( /\0$/ , '' ) .replace( /^\0/ , '' ) .split( '\0' ) , yN = y.replace( re , '\0$1\0' ).replace( /\0$/ , '' ) .replace( /^\0/ , '' ) .split( '\0' ) , xD = parseInt( x.match( hre ) , 16 ) || ( xN.length !== 1 && Date.parse( x ) ) , yD = parseInt( y.match( hre ) , 16 ) || xD && y.match( dre ) && Date.parse( y ) || null , normChunk = function( s , l ) { return ( ! s.match( ore ) || l === 1 ) && parseFloat( s ) || s.replace( snre , ' ' ).replace( sre , '' ) || 0 ; } , oFxNcL , oFyNcL ; if ( yD ) { if ( xD < yD ) { return -1 ; } else if ( xD > yD ) { return 1 ; } } for( var cLoc = 0 , xNl = xN.length , yNl = yN.length , numS = Math.max( xNl , yNl ) ; cLoc < numS ; cLoc ++ ) { oFxNcL = normChunk( xN[cLoc] , xNl ) ; oFyNcL = normChunk( yN[cLoc] , yNl ) ; if ( isNaN( oFxNcL ) !== isNaN( oFyNcL ) ) { return ( isNaN( oFxNcL ) ) ? 1 : -1 ; } else if ( typeof oFxNcL !== typeof oFyNcL ) { oFxNcL += '' ; oFyNcL += '' ; } if ( oFxNcL < oFyNcL ) { return -1 ; } if ( oFxNcL > oFyNcL ) { return 1 ; } } return 0 ; } ;",visit repo url,lib/naturalSort.js,https://github.com/cronvel/string-kit,199668920492668,1 3520,CWE-20,"init_util(void) { filegen_register(statsdir, ""peerstats"", &peerstats); filegen_register(statsdir, ""loopstats"", &loopstats); filegen_register(statsdir, ""clockstats"", &clockstats); filegen_register(statsdir, ""rawstats"", &rawstats); filegen_register(statsdir, ""sysstats"", &sysstats); filegen_register(statsdir, ""protostats"", &protostats); #ifdef AUTOKEY filegen_register(statsdir, ""cryptostats"", &cryptostats); #endif #ifdef DEBUG_TIMING filegen_register(statsdir, ""timingstats"", &timingstats); #endif step_callback = &ntpd_time_stepped; #ifdef DEBUG atexit(&uninit_util); #endif }",visit repo url,ntpd/ntp_util.c,https://github.com/ntp-project/ntp,153400410815951,1 3580,CWE-190,"int jpg_validate(jas_stream_t *in) { uchar buf[JPG_MAGICLEN]; int i; int n; assert(JAS_STREAM_MAXPUTBACK >= JPG_MAGICLEN); if ((n = jas_stream_read(in, buf, JPG_MAGICLEN)) < 0) { return -1; } for (i = n - 1; i >= 0; --i) { if (jas_stream_ungetc(in, buf[i]) == EOF) { return -1; } } if (n < JPG_MAGICLEN) { return -1; } if (buf[0] != (JPG_MAGIC >> 8) || buf[1] != (JPG_MAGIC & 0xff)) { return -1; } return 0; }",visit repo url,src/libjasper/jpg/jpg_val.c,https://github.com/mdadams/jasper,149609285908012,1 889,['CWE-200'],"shmem_get_inode(struct super_block *sb, int mode, dev_t dev) { struct inode *inode; struct shmem_inode_info *info; struct shmem_sb_info *sbinfo = SHMEM_SB(sb); if (sbinfo->max_inodes) { spin_lock(&sbinfo->stat_lock); if (!sbinfo->free_inodes) { spin_unlock(&sbinfo->stat_lock); return NULL; } sbinfo->free_inodes--; spin_unlock(&sbinfo->stat_lock); } inode = new_inode(sb); if (inode) { inode->i_mode = mode; inode->i_uid = current->fsuid; inode->i_gid = current->fsgid; inode->i_blocks = 0; inode->i_mapping->a_ops = &shmem_aops; inode->i_mapping->backing_dev_info = &shmem_backing_dev_info; inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; inode->i_generation = get_seconds(); info = SHMEM_I(inode); memset(info, 0, (char *)inode - (char *)info); spin_lock_init(&info->lock); INIT_LIST_HEAD(&info->swaplist); switch (mode & S_IFMT) { default: inode->i_op = &shmem_special_inode_operations; init_special_inode(inode, mode, dev); break; case S_IFREG: inode->i_op = &shmem_inode_operations; inode->i_fop = &shmem_file_operations; mpol_shared_policy_init(&info->policy, sbinfo->policy, &sbinfo->policy_nodes); break; case S_IFDIR: inc_nlink(inode); inode->i_size = 2 * BOGO_DIRENT_SIZE; inode->i_op = &shmem_dir_inode_operations; inode->i_fop = &simple_dir_operations; break; case S_IFLNK: mpol_shared_policy_init(&info->policy, MPOL_DEFAULT, NULL); break; } } else if (sbinfo->max_inodes) { spin_lock(&sbinfo->stat_lock); sbinfo->free_inodes++; spin_unlock(&sbinfo->stat_lock); } return inode; }",linux-2.6,,,162582241852813651458601747880207475952,0 4507,CWE-476,"static void gf_dump_vrml_field(GF_SceneDumper *sdump, GF_Node *node, GF_FieldInfo field) { u32 i, sf_type; Bool needs_field_container; GF_ChildNodeItem *list; void *slot_ptr; switch (field.fieldType) { case GF_SG_VRML_SFNODE: assert ( *(GF_Node **)field.far_ptr); if (sdump->XMLDump) { if (!sdump->X3DDump) { StartElement(sdump, (char *) field.name); EndElementHeader(sdump, 1); sdump->indent++; } } else { StartAttribute(sdump, field.name); } gf_dump_vrml_node(sdump, *(GF_Node **)field.far_ptr, 0, NULL); if (sdump->XMLDump) { if (!sdump->X3DDump) { sdump->indent--; EndElement(sdump, (char *) field.name, 1); } } else { EndAttribute(sdump); } return; case GF_SG_VRML_MFNODE: needs_field_container = 0; if (sdump->XMLDump && sdump->X3DDump) { u32 count, nb_ndt; GF_FieldInfo info; if (!strcmp(field.name, ""children"")) { needs_field_container = 0; } else { nb_ndt = 0; count = gf_node_get_field_count(node); for (i=0; i1) ? 1 : 0; } } #ifndef GPAC_DISABLE_X3D if (!sdump->X3DDump) { if (gf_node_get_tag(node)==TAG_X3D_Switch) field.name = ""choice""; } #endif list = * ((GF_ChildNodeItem **) field.far_ptr); assert(list); if (!sdump->XMLDump || !sdump->X3DDump) StartList(sdump, field.name); sdump->indent++; while (list) { gf_dump_vrml_node(sdump, list->node, 1, needs_field_container ? (char *) field.name : NULL); list = list->next; } sdump->indent--; if (!sdump->XMLDump || !sdump->X3DDump) EndList(sdump, field.name); return; case GF_SG_VRML_SFCOMMANDBUFFER: { SFCommandBuffer *cb = (SFCommandBuffer *)field.far_ptr; StartElement(sdump, (char *) field.name); EndElementHeader(sdump, 1); sdump->indent++; if (!gf_list_count(cb->commandList)) { if (sdump->trace && cb->bufferSize) { if (sdump->XMLDump) gf_fprintf(sdump->trace, ""\n""); else gf_fprintf(sdump->trace, ""#SFCommandBuffer cannot be dumped while playing - use MP4Box instead\n""); } } else { gf_sm_dump_command_list(sdump, cb->commandList, sdump->indent, 0); } sdump->indent--; EndElement(sdump, (char *) field.name, 1); } return; case GF_SG_VRML_MFATTRREF: if (sdump->XMLDump) { MFAttrRef *ar = (MFAttrRef *)field.far_ptr; StartElement(sdump, (char *) field.name); EndElementHeader(sdump, 1); sdump->indent++; for (i=0; icount; i++) { if (ar->vals[i].node) { GF_FieldInfo pinfo; DUMP_IND(sdump); gf_node_get_field(ar->vals[i].node, ar->vals[i].fieldIndex, &pinfo); gf_fprintf(sdump->trace, ""vals[i].node); gf_fprintf(sdump->trace, ""\"" field=\""%s\""/>\n"", pinfo.name); } } sdump->indent--; EndElement(sdump, (char *) field.name, 1); return; } break; } if (gf_sg_vrml_is_sf_field(field.fieldType)) { StartAttribute(sdump, field.name); gf_dump_vrml_sffield(sdump, field.fieldType, field.far_ptr, 0, node); EndAttribute(sdump); } else { GenMFField *mffield = (GenMFField *) field.far_ptr; sf_type = gf_sg_vrml_get_sf_type(field.fieldType); if (sdump->XMLDump && sdump->X3DDump) { switch (sf_type) { case GF_SG_VRML_SFSTRING: case GF_SG_VRML_SFSCRIPT: case GF_SG_VRML_SFURL: gf_fprintf(sdump->trace, "" %s=\'"", (char *) field.name); break; default: StartAttribute(sdump, field.name); break; } } else { StartAttribute(sdump, field.name); } if (!sdump->XMLDump) gf_fprintf(sdump->trace, ""[""); if (mffield) { for (i=0; icount; i++) { if (i) gf_fprintf(sdump->trace, "" ""); gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, 1, node); } } if (!sdump->XMLDump) gf_fprintf(sdump->trace, ""]""); if (sdump->XMLDump && sdump->X3DDump) { switch (sf_type) { case GF_SG_VRML_SFSTRING: case GF_SG_VRML_SFSCRIPT: case GF_SG_VRML_SFURL: gf_fprintf(sdump->trace, ""\'""); break; default: EndAttribute(sdump); break; } } else { EndAttribute(sdump); } } }",visit repo url,src/scene_manager/scene_dump.c,https://github.com/gpac/gpac,193915742535645,1 3857,CWE-122,"ins_compl_add_infercase( char_u *str_arg, int len, int icase, char_u *fname, int dir, int cont_s_ipos) { char_u *str = str_arg; char_u *p; int actual_len; int actual_compl_length; int min_len; int flags = 0; if (p_ic && curbuf->b_p_inf && len > 0) { if (has_mbyte) { p = str; actual_len = 0; while (*p != NUL) { MB_PTR_ADV(p); ++actual_len; } } else actual_len = len; if (has_mbyte) { p = compl_orig_text; actual_compl_length = 0; while (*p != NUL) { MB_PTR_ADV(p); ++actual_compl_length; } } else actual_compl_length = compl_length; min_len = actual_len < actual_compl_length ? actual_len : actual_compl_length; str = ins_compl_infercase_gettext(str, actual_len, actual_compl_length, min_len); } if (cont_s_ipos) flags |= CP_CONT_S_IPOS; if (icase) flags |= CP_ICASE; return ins_compl_add(str, len, fname, NULL, NULL, dir, flags, FALSE); }",visit repo url,src/insexpand.c,https://github.com/vim/vim,278395685891770,1 453,[],"pfm_task_incompatible(pfm_context_t *ctx, struct task_struct *task) { if (task->mm == NULL) { DPRINT((""task [%d] has not memory context (kernel thread)\n"", task->pid)); return -EPERM; } if (pfm_bad_permissions(task)) { DPRINT((""no permission to attach to [%d]\n"", task->pid)); return -EPERM; } if (CTX_OVFL_NOBLOCK(ctx) == 0 && task == current) { DPRINT((""cannot load a blocking context on self for [%d]\n"", task->pid)); return -EINVAL; } if (task->exit_state == EXIT_ZOMBIE) { DPRINT((""cannot attach to zombie task [%d]\n"", task->pid)); return -EBUSY; } if (task == current) return 0; if ((task->state != TASK_STOPPED) && (task->state != TASK_TRACED)) { DPRINT((""cannot attach to non-stopped task [%d] state=%ld\n"", task->pid, task->state)); return -EBUSY; } wait_task_inactive(task); return 0; }",linux-2.6,,,97681766225766093054018545956064219499,0 3387,CWE-416,"static Image *ReadMATImage(const ImageInfo *image_info,ExceptionInfo *exception) { Image *image, *image2=NULL, *rotated_image; register Quantum *q; unsigned int status; MATHeader MATLAB_HDR; size_t size; size_t CellType; QuantumInfo *quantum_info; ImageInfo *clone_info; int i; ssize_t ldblk; unsigned char *BImgBuff = NULL; double MinVal, MaxVal; unsigned z, z2; unsigned Frames; int logging; int sample_size; MagickOffsetType filepos=0x80; BlobInfo *blob; size_t one; unsigned int (*ReadBlobXXXLong)(Image *image); unsigned short (*ReadBlobXXXShort)(Image *image); void (*ReadBlobDoublesXXX)(Image * image, size_t len, double *data); void (*ReadBlobFloatsXXX)(Image * image, size_t len, float *data); assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); logging = LogMagickEvent(CoderEvent,GetMagickModule(),""enter""); image = AcquireImage(image_info,exception); status = OpenBlob(image_info, image, ReadBinaryBlobMode, exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } quantum_info=(QuantumInfo *) NULL; clone_info=(ImageInfo *) NULL; if (ReadBlob(image,124,(unsigned char *) &MATLAB_HDR.identific) != 124) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (strncmp(MATLAB_HDR.identific,""MATLAB"",6) != 0) { image2=ReadMATImageV4(image_info,image,exception); if (image2 == NULL) goto MATLAB_KO; image=image2; goto END_OF_READING; } MATLAB_HDR.Version = ReadBlobLSBShort(image); if(ReadBlob(image,2,(unsigned char *) &MATLAB_HDR.EndianIndicator) != 2) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (logging) (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" Endian %c%c"", MATLAB_HDR.EndianIndicator[0],MATLAB_HDR.EndianIndicator[1]); if (!strncmp(MATLAB_HDR.EndianIndicator, ""IM"", 2)) { ReadBlobXXXLong = ReadBlobLSBLong; ReadBlobXXXShort = ReadBlobLSBShort; ReadBlobDoublesXXX = ReadBlobDoublesLSB; ReadBlobFloatsXXX = ReadBlobFloatsLSB; image->endian = LSBEndian; } else if (!strncmp(MATLAB_HDR.EndianIndicator, ""MI"", 2)) { ReadBlobXXXLong = ReadBlobMSBLong; ReadBlobXXXShort = ReadBlobMSBShort; ReadBlobDoublesXXX = ReadBlobDoublesMSB; ReadBlobFloatsXXX = ReadBlobFloatsMSB; image->endian = MSBEndian; } else goto MATLAB_KO; if (strncmp(MATLAB_HDR.identific, ""MATLAB"", 6)) { MATLAB_KO: if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } filepos = TellBlob(image); while(!EOFBlob(image)) { Frames = 1; (void) SeekBlob(image,filepos,SEEK_SET); MATLAB_HDR.DataType = ReadBlobXXXLong(image); if(EOFBlob(image)) break; MATLAB_HDR.ObjectSize = ReadBlobXXXLong(image); if(EOFBlob(image)) break; if((MagickSizeType) (MATLAB_HDR.ObjectSize+filepos) > GetBlobSize(image)) goto MATLAB_KO; filepos += MATLAB_HDR.ObjectSize + 4 + 4; clone_info=CloneImageInfo(image_info); image2 = image; #if defined(MAGICKCORE_ZLIB_DELEGATE) if(MATLAB_HDR.DataType == miCOMPRESSED) { image2 = decompress_block(image,&MATLAB_HDR.ObjectSize,clone_info,exception); if(image2==NULL) continue; MATLAB_HDR.DataType = ReadBlobXXXLong(image2); } #endif if (MATLAB_HDR.DataType!=miMATRIX) { clone_info=DestroyImageInfo(clone_info); continue; } MATLAB_HDR.unknown1 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown2 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown5 = ReadBlobXXXLong(image2); MATLAB_HDR.StructureClass = MATLAB_HDR.unknown5 & 0xFF; MATLAB_HDR.StructureFlag = (MATLAB_HDR.unknown5>>8) & 0xFF; MATLAB_HDR.unknown3 = ReadBlobXXXLong(image2); if(image!=image2) MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.DimFlag = ReadBlobXXXLong(image2); MATLAB_HDR.SizeX = ReadBlobXXXLong(image2); MATLAB_HDR.SizeY = ReadBlobXXXLong(image2); switch(MATLAB_HDR.DimFlag) { case 8: z2=z=1; break; case 12: z2=z = ReadBlobXXXLong(image2); (void) ReadBlobXXXLong(image2); if(z!=3) ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); break; case 16: z2=z = ReadBlobXXXLong(image2); if(z!=3 && z!=1) ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); Frames = ReadBlobXXXLong(image2); if (Frames == 0) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); break; default: if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); } MATLAB_HDR.Flag1 = ReadBlobXXXShort(image2); MATLAB_HDR.NameFlag = ReadBlobXXXShort(image2); if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.StructureClass %d"",MATLAB_HDR.StructureClass); if (MATLAB_HDR.StructureClass != mxCHAR_CLASS && MATLAB_HDR.StructureClass != mxSINGLE_CLASS && MATLAB_HDR.StructureClass != mxDOUBLE_CLASS && MATLAB_HDR.StructureClass != mxINT8_CLASS && MATLAB_HDR.StructureClass != mxUINT8_CLASS && MATLAB_HDR.StructureClass != mxINT16_CLASS && MATLAB_HDR.StructureClass != mxUINT16_CLASS && MATLAB_HDR.StructureClass != mxINT32_CLASS && MATLAB_HDR.StructureClass != mxUINT32_CLASS && MATLAB_HDR.StructureClass != mxINT64_CLASS && MATLAB_HDR.StructureClass != mxUINT64_CLASS) ThrowReaderException(CoderError,""UnsupportedCellTypeInTheMatrix""); switch (MATLAB_HDR.NameFlag) { case 0: size = ReadBlobXXXLong(image2); size = 4 * (ssize_t) ((size + 3 + 1) / 4); (void) SeekBlob(image2, size, SEEK_CUR); break; case 1: case 2: case 3: case 4: (void) ReadBlob(image2, 4, (unsigned char *) &size); break; default: goto MATLAB_KO; } CellType = ReadBlobXXXLong(image2); if (logging) (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.CellType: %.20g"",(double) CellType); (void) ReadBlob(image2, 4, (unsigned char *) &size); NEXT_FRAME: switch (CellType) { case miINT8: case miUINT8: sample_size = 8; if(MATLAB_HDR.StructureFlag & FLAG_LOGICAL) image->depth = 1; else image->depth = 8; ldblk = (ssize_t) MATLAB_HDR.SizeX; break; case miINT16: case miUINT16: sample_size = 16; image->depth = 16; ldblk = (ssize_t) (2 * MATLAB_HDR.SizeX); break; case miINT32: case miUINT32: sample_size = 32; image->depth = 32; ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miINT64: case miUINT64: sample_size = 64; image->depth = 64; ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; case miSINGLE: sample_size = 32; image->depth = 32; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miDOUBLE: sample_size = 64; image->depth = 64; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); DisableMSCWarning(4127) if (sizeof(double) != 8) RestoreMSCWarning ThrowReaderException(CoderError, ""IncompatibleSizeOfDouble""); if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; default: if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); if (clone_info) clone_info=DestroyImageInfo(clone_info); ThrowReaderException(CoderError, ""UnsupportedCellTypeInTheMatrix""); } (void) sample_size; image->columns = MATLAB_HDR.SizeX; image->rows = MATLAB_HDR.SizeY; one=1; image->colors = one << image->depth; if (image->columns == 0 || image->rows == 0) goto MATLAB_KO; if((unsigned long)ldblk*MATLAB_HDR.SizeY > MATLAB_HDR.ObjectSize) goto MATLAB_KO; if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) { image->type=GrayscaleType; SetImageColorspace(image,GRAYColorspace,exception); } if (image_info->ping) { size_t temp = image->columns; image->columns = image->rows; image->rows = temp; goto done_reading; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) { if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); return(DestroyImageList(image)); } quantum_info=AcquireQuantumInfo(clone_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); BImgBuff = (unsigned char *) AcquireQuantumMemory((size_t) (ldblk),sizeof(double)); if (BImgBuff == NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); (void) ResetMagickMemory(BImgBuff,0,ldblk*sizeof(double)); MinVal = 0; MaxVal = 0; if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2, image_info->endian, MATLAB_HDR.SizeX, MATLAB_HDR.SizeY, CellType, ldblk, BImgBuff, &quantum_info->minimum, &quantum_info->maximum); } if(z==1) z=0; do { for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { q=GetAuthenticPixels(image,0,MATLAB_HDR.SizeY-i-1,image->columns,1,exception); if (q == (Quantum *) NULL) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT set image pixels returns unexpected NULL on a row %u."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto done_reading; } if(ReadBlob(image2,ldblk,(unsigned char *)BImgBuff) != (ssize_t) ldblk) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT cannot read scanrow %u from a file."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } if((CellType==miINT8 || CellType==miUINT8) && (MATLAB_HDR.StructureFlag & FLAG_LOGICAL)) { FixLogical((unsigned char *)BImgBuff,ldblk); if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) { ImportQuantumPixelsFailed: if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to ImportQuantumPixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); break; } } else { if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) goto ImportQuantumPixelsFailed; if (z<=1 && (CellType==miINT8 || CellType==miINT16 || CellType==miINT32 || CellType==miINT64)) FixSignedValues(image,q,MATLAB_HDR.SizeX); } if (!SyncAuthenticPixels(image,exception)) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to sync image pixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } } } while(z-- >= 2); ExitLoop: if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { CellType = ReadBlobXXXLong(image2); i = ReadBlobXXXLong(image2); if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2, image_info->endian, MATLAB_HDR.SizeX, MATLAB_HDR.SizeY, CellType, ldblk, BImgBuff, &MinVal, &MaxVal); } if (CellType==miDOUBLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobDoublesXXX(image2, ldblk, (double *)BImgBuff); InsertComplexDoubleRow(image, (double *)BImgBuff, i, MinVal, MaxVal, exception); } if (CellType==miSINGLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobFloatsXXX(image2, ldblk, (float *)BImgBuff); InsertComplexFloatRow(image,(float *)BImgBuff,i,MinVal,MaxVal, exception); } } if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) image->type=GrayscaleType; if (image->depth == 1) image->type=BilevelType; if(image2==image) image2 = NULL; rotated_image = RotateImage(image, 90.0, exception); if (rotated_image != (Image *) NULL) { rotated_image->page.x=0; rotated_image->page.y=0; blob = rotated_image->blob; rotated_image->blob = image->blob; rotated_image->colors = image->colors; image->blob = blob; AppendImageToList(&image,rotated_image); DeleteImageFromList(&image); } done_reading: if(image2!=NULL) if(image2!=image) { DeleteImageFromList(&image2); if(clone_info) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } AcquireNextImage(image_info,image,exception); if (image->next == (Image *) NULL) break; image=SyncNextImageInList(image); image->columns=image->rows=0; image->colors=0; RelinquishMagickMemory(BImgBuff); BImgBuff = NULL; if(--Frames>0) { z = z2; if(image2==NULL) image2 = image; goto NEXT_FRAME; } if ((image2!=NULL) && (image2!=image)) { DeleteImageFromList(&image2); if(clone_info) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (clone_info) clone_info=DestroyImageInfo(clone_info); } RelinquishMagickMemory(BImgBuff); if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); END_OF_READING: if (clone_info) clone_info=DestroyImageInfo(clone_info); CloseBlob(image); { Image *p; ssize_t scene=0; p=image; image=NULL; while (p != (Image *) NULL) { Image *tmp=p; if ((p->rows == 0) || (p->columns == 0)) { p=p->previous; DeleteImageFromList(&tmp); } else { image=p; p=p->previous; } } for (p=image; p != (Image *) NULL; p=p->next) p->scene=scene++; } if(clone_info != NULL) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } DestroyImageInfo(clone_info); clone_info = NULL; } if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(),""return""); if (image==NULL) ThrowReaderException(CorruptImageError,""ImproperImageHeader"") else if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); return (image); }",visit repo url,coders/mat.c,https://github.com/ImageMagick/ImageMagick,157570169930270,1 6663,['CWE-200'],"get_vpn_connections (NMApplet *applet) { GSList *all_connections; GSList *iter; GSList *list = NULL; all_connections = applet_get_all_connections (applet); for (iter = all_connections; iter; iter = iter->next) { NMConnection *connection = NM_CONNECTION (iter->data); NMSettingConnection *s_con; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); if (strcmp (nm_setting_connection_get_connection_type (s_con), NM_SETTING_VPN_SETTING_NAME)) continue; if (!nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN)) { g_warning (""%s: VPN connection '%s' didn't have requires vpn setting."", __func__, nm_setting_get_name (NM_SETTING (s_con))); continue; } list = g_slist_prepend (list, connection); } g_slist_free (all_connections); return g_slist_sort (list, sort_vpn_connections); }",network-manager-applet,,,320324192525873235661335159575364278128,0 4447,['CWE-264'],"void __init sk_init(void) { if (num_physpages <= 4096) { sysctl_wmem_max = 32767; sysctl_rmem_max = 32767; sysctl_wmem_default = 32767; sysctl_rmem_default = 32767; } else if (num_physpages >= 131072) { sysctl_wmem_max = 131071; sysctl_rmem_max = 131071; } }",linux-2.6,,,100048336775958401399273103865347590248,0 2334,['CWE-120'],"static inline int check_sticky(struct inode *dir, struct inode *inode) { if (!(dir->i_mode & S_ISVTX)) return 0; if (inode->i_uid == current->fsuid) return 0; if (dir->i_uid == current->fsuid) return 0; return !capable(CAP_FOWNER); }",linux-2.6,,,205374947786262451223455239416973367500,0 669,[],"static int jpc_sot_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_sot_t *sot = &ms->parms.sot; fprintf(out, ""tileno = %d; len = %d; partno = %d; numparts = %d\n"", sot->tileno, sot->len, sot->partno, sot->numparts); return 0; }",jasper,,,119087915885239126707077759395399254307,0 216,[],"static inline void atalk_insert_socket(struct sock *sk) { write_lock_bh(&atalk_sockets_lock); __atalk_insert_socket(sk); write_unlock_bh(&atalk_sockets_lock); }",history,,,130151652560112295281871579974969233490,0 2369,CWE-908,"static int aa_read_header(AVFormatContext *s) { int i, j, idx, largest_idx = -1; uint32_t nkey, nval, toc_size, npairs, header_seed = 0, start; char key[128], val[128], codec_name[64] = {0}; uint8_t output[24], dst[8], src[8]; int64_t largest_size = -1, current_size = -1, chapter_pos; struct toc_entry { uint32_t offset; uint32_t size; } TOC[MAX_TOC_ENTRIES]; uint32_t header_key_part[4]; uint8_t header_key[16] = {0}; AADemuxContext *c = s->priv_data; AVIOContext *pb = s->pb; AVStream *st; avio_skip(pb, 4); avio_skip(pb, 4); toc_size = avio_rb32(pb); avio_skip(pb, 4); if (toc_size > MAX_TOC_ENTRIES) return AVERROR_INVALIDDATA; for (i = 0; i < toc_size; i++) { avio_skip(pb, 4); TOC[i].offset = avio_rb32(pb); TOC[i].size = avio_rb32(pb); } avio_skip(pb, 24); npairs = avio_rb32(pb); if (npairs > MAX_DICTIONARY_ENTRIES) return AVERROR_INVALIDDATA; for (i = 0; i < npairs; i++) { memset(val, 0, sizeof(val)); memset(key, 0, sizeof(key)); avio_skip(pb, 1); nkey = avio_rb32(pb); nval = avio_rb32(pb); avio_get_str(pb, nkey, key, sizeof(key)); avio_get_str(pb, nval, val, sizeof(val)); if (!strcmp(key, ""codec"")) { av_log(s, AV_LOG_DEBUG, ""Codec is <%s>\n"", val); strncpy(codec_name, val, sizeof(codec_name) - 1); } else if (!strcmp(key, ""HeaderSeed"")) { av_log(s, AV_LOG_DEBUG, ""HeaderSeed is <%s>\n"", val); header_seed = atoi(val); } else if (!strcmp(key, ""HeaderKey"")) { av_log(s, AV_LOG_DEBUG, ""HeaderKey is <%s>\n"", val); sscanf(val, ""%""SCNu32""%""SCNu32""%""SCNu32""%""SCNu32, &header_key_part[0], &header_key_part[1], &header_key_part[2], &header_key_part[3]); for (idx = 0; idx < 4; idx++) { AV_WB32(&header_key[idx * 4], header_key_part[idx]); } av_log(s, AV_LOG_DEBUG, ""Processed HeaderKey is ""); for (i = 0; i < 16; i++) av_log(s, AV_LOG_DEBUG, ""%02x"", header_key[i]); av_log(s, AV_LOG_DEBUG, ""\n""); } else { av_dict_set(&s->metadata, key, val, 0); } } if (c->aa_fixed_key_len != 16) { av_log(s, AV_LOG_ERROR, ""aa_fixed_key value needs to be 16 bytes!\n""); return AVERROR(EINVAL); } if ((c->codec_second_size = get_second_size(codec_name)) == -1) { av_log(s, AV_LOG_ERROR, ""unknown codec <%s>!\n"", codec_name); return AVERROR(EINVAL); } c->tea_ctx = av_tea_alloc(); if (!c->tea_ctx) return AVERROR(ENOMEM); av_tea_init(c->tea_ctx, c->aa_fixed_key, 16); output[0] = output[1] = 0; memcpy(output + 2, header_key, 16); idx = 0; for (i = 0; i < 3; i++) { AV_WB32(src, header_seed); AV_WB32(src + 4, header_seed + 1); header_seed += 2; av_tea_crypt(c->tea_ctx, dst, src, 1, NULL, 0); for (j = 0; j < TEA_BLOCK_SIZE && idx < 18; j+=1, idx+=1) { output[idx] = output[idx] ^ dst[j]; } } memcpy(c->file_key, output + 2, 16); av_log(s, AV_LOG_DEBUG, ""File key is ""); for (i = 0; i < 16; i++) av_log(s, AV_LOG_DEBUG, ""%02x"", c->file_key[i]); av_log(s, AV_LOG_DEBUG, ""\n""); st = avformat_new_stream(s, NULL); if (!st) { av_freep(&c->tea_ctx); return AVERROR(ENOMEM); } st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; if (!strcmp(codec_name, ""mp332"")) { st->codecpar->codec_id = AV_CODEC_ID_MP3; st->codecpar->sample_rate = 22050; st->need_parsing = AVSTREAM_PARSE_FULL_RAW; avpriv_set_pts_info(st, 64, 8, 32000 * TIMEPREC); } else if (!strcmp(codec_name, ""acelp85"")) { st->codecpar->codec_id = AV_CODEC_ID_SIPR; st->codecpar->block_align = 19; st->codecpar->channels = 1; st->codecpar->sample_rate = 8500; st->codecpar->bit_rate = 8500; st->need_parsing = AVSTREAM_PARSE_FULL_RAW; avpriv_set_pts_info(st, 64, 8, 8500 * TIMEPREC); } else if (!strcmp(codec_name, ""acelp16"")) { st->codecpar->codec_id = AV_CODEC_ID_SIPR; st->codecpar->block_align = 20; st->codecpar->channels = 1; st->codecpar->sample_rate = 16000; st->codecpar->bit_rate = 16000; st->need_parsing = AVSTREAM_PARSE_FULL_RAW; avpriv_set_pts_info(st, 64, 8, 16000 * TIMEPREC); } for (i = 1; i < toc_size; i++) { current_size = TOC[i].size; if (current_size > largest_size) { largest_idx = i; largest_size = current_size; } } start = TOC[largest_idx].offset; avio_seek(pb, start, SEEK_SET); st->start_time = 0; c->content_start = start; c->content_end = start + largest_size; while ((chapter_pos = avio_tell(pb)) >= 0 && chapter_pos < c->content_end) { int chapter_idx = s->nb_chapters; uint32_t chapter_size = avio_rb32(pb); if (chapter_size == 0) break; chapter_pos -= start + CHAPTER_HEADER_SIZE * chapter_idx; avio_skip(pb, 4 + chapter_size); if (!avpriv_new_chapter(s, chapter_idx, st->time_base, chapter_pos * TIMEPREC, (chapter_pos + chapter_size) * TIMEPREC, NULL)) return AVERROR(ENOMEM); } st->duration = (largest_size - CHAPTER_HEADER_SIZE * s->nb_chapters) * TIMEPREC; ff_update_cur_dts(s, st, 0); avio_seek(pb, start, SEEK_SET); c->current_chapter_size = 0; c->seek_offset = 0; return 0; }",visit repo url,libavformat/aadec.c,https://github.com/FFmpeg/FFmpeg,77970293737199,1 6180,['CWE-200'],"void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags) { struct neigh_seq_state *state = seq->private; loff_t pos_minus_one; state->tbl = tbl; state->bucket = 0; state->flags = (neigh_seq_flags & ~NEIGH_SEQ_IS_PNEIGH); read_lock_bh(&tbl->lock); pos_minus_one = *pos - 1; return *pos ? neigh_get_idx_any(seq, &pos_minus_one) : SEQ_START_TOKEN; }",linux-2.6,,,248812507908279603730672042995033475640,0 284,CWE-532,"static int klsi_105_get_line_state(struct usb_serial_port *port, unsigned long *line_state_p) { int rc; u8 *status_buf; __u16 status; dev_info(&port->serial->dev->dev, ""sending SIO Poll request\n""); status_buf = kmalloc(KLSI_STATUSBUF_LEN, GFP_KERNEL); if (!status_buf) return -ENOMEM; status_buf[0] = 0xff; status_buf[1] = 0xff; rc = usb_control_msg(port->serial->dev, usb_rcvctrlpipe(port->serial->dev, 0), KL5KUSB105A_SIO_POLL, USB_TYPE_VENDOR | USB_DIR_IN, 0, 0, status_buf, KLSI_STATUSBUF_LEN, 10000 ); if (rc < 0) dev_err(&port->dev, ""Reading line status failed (error = %d)\n"", rc); else { status = get_unaligned_le16(status_buf); dev_info(&port->serial->dev->dev, ""read status %x %x\n"", status_buf[0], status_buf[1]); *line_state_p = klsi_105_status2linestate(status); } kfree(status_buf); return rc; }",visit repo url,drivers/usb/serial/kl5kusb105.c,https://github.com/torvalds/linux,219602316479745,1 2543,CWE-399,"cib_remote_msg(gpointer data) { const char *value = NULL; xmlNode *command = NULL; cib_client_t *client = data; crm_trace(""%s callback"", client->encrypted ? ""secure"" : ""clear-text""); command = crm_recv_remote_msg(client->session, client->encrypted); if (command == NULL) { return -1; } value = crm_element_name(command); if (safe_str_neq(value, ""cib_command"")) { crm_log_xml_trace(command, ""Bad command: ""); goto bail; } if (client->name == NULL) { value = crm_element_value(command, F_CLIENTNAME); if (value == NULL) { client->name = strdup(client->id); } else { client->name = strdup(value); } } if (client->callback_id == NULL) { value = crm_element_value(command, F_CIB_CALLBACK_TOKEN); if (value != NULL) { client->callback_id = strdup(value); crm_trace(""Callback channel for %s is %s"", client->id, client->callback_id); } else { client->callback_id = strdup(client->id); } } xml_remove_prop(command, F_ORIG); xml_remove_prop(command, F_CIB_HOST); xml_remove_prop(command, F_CIB_GLOBAL_UPDATE); crm_xml_add(command, F_TYPE, T_CIB); crm_xml_add(command, F_CIB_CLIENTID, client->id); crm_xml_add(command, F_CIB_CLIENTNAME, client->name); #if ENABLE_ACL crm_xml_add(command, F_CIB_USER, client->user); #endif if (crm_element_value(command, F_CIB_CALLID) == NULL) { char *call_uuid = crm_generate_uuid(); crm_xml_add(command, F_CIB_CALLID, call_uuid); free(call_uuid); } if (crm_element_value(command, F_CIB_CALLOPTS) == NULL) { crm_xml_add_int(command, F_CIB_CALLOPTS, 0); } crm_log_xml_trace(command, ""Remote command: ""); cib_common_callback_worker(0, 0, command, client, TRUE); bail: free_xml(command); command = NULL; return 0; }",visit repo url,cib/remote.c,https://github.com/ClusterLabs/pacemaker,219369299432375,1 2651,[],"static int sctp_setsockopt_auth_chunk(struct sock *sk, char __user *optval, int optlen) { struct sctp_authchunk val; if (!sctp_auth_enable) return -EACCES; if (optlen != sizeof(struct sctp_authchunk)) return -EINVAL; if (copy_from_user(&val, optval, optlen)) return -EFAULT; switch (val.sauth_chunk) { case SCTP_CID_INIT: case SCTP_CID_INIT_ACK: case SCTP_CID_SHUTDOWN_COMPLETE: case SCTP_CID_AUTH: return -EINVAL; } return sctp_auth_ep_add_chunkid(sctp_sk(sk)->ep, val.sauth_chunk); }",linux-2.6,,,320731781941826868232439430429010676127,0 4359,['CWE-399'],"long keyctl_keyring_search(key_serial_t ringid, const char __user *_type, const char __user *_description, key_serial_t destringid) { struct key_type *ktype; key_ref_t keyring_ref, key_ref, dest_ref; char type[32], *description; long ret; ret = key_get_type_from_user(type, _type, sizeof(type)); if (ret < 0) goto error; description = strndup_user(_description, PAGE_SIZE); if (IS_ERR(description)) { ret = PTR_ERR(description); goto error; } keyring_ref = lookup_user_key(ringid, 0, 0, KEY_SEARCH); if (IS_ERR(keyring_ref)) { ret = PTR_ERR(keyring_ref); goto error2; } dest_ref = NULL; if (destringid) { dest_ref = lookup_user_key(destringid, 1, 0, KEY_WRITE); if (IS_ERR(dest_ref)) { ret = PTR_ERR(dest_ref); goto error3; } } ktype = key_type_lookup(type); if (IS_ERR(ktype)) { ret = PTR_ERR(ktype); goto error4; } key_ref = keyring_search(keyring_ref, ktype, description); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); if (ret == -EAGAIN) ret = -ENOKEY; goto error5; } if (dest_ref) { ret = key_permission(key_ref, KEY_LINK); if (ret < 0) goto error6; ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); if (ret < 0) goto error6; } ret = key_ref_to_ptr(key_ref)->serial; error6: key_ref_put(key_ref); error5: key_type_put(ktype); error4: key_ref_put(dest_ref); error3: key_ref_put(keyring_ref); error2: kfree(description); error: return ret; } ",linux-2.6,,,136954597648938882227344971017374396858,0 3621,CWE-617,"lldpd_alloc_mgmt(int family, void *addrptr, size_t addrsize, u_int32_t iface) { struct lldpd_mgmt *mgmt; log_debug(""alloc"", ""allocate a new management address (family: %d)"", family); if (family <= LLDPD_AF_UNSPEC || family >= LLDPD_AF_LAST) { errno = EAFNOSUPPORT; return NULL; } if (addrsize > LLDPD_MGMT_MAXADDRSIZE) { errno = EOVERFLOW; return NULL; } mgmt = calloc(1, sizeof(struct lldpd_mgmt)); if (mgmt == NULL) { errno = ENOMEM; return NULL; } mgmt->m_family = family; assert(addrsize <= LLDPD_MGMT_MAXADDRSIZE); memcpy(&mgmt->m_addr, addrptr, addrsize); mgmt->m_addrsize = addrsize; mgmt->m_iface = iface; return mgmt; }",visit repo url,src/daemon/lldpd.c,https://github.com/vincentbernat/lldpd,252311159847500,1 6306,['CWE-200'],"void rtnl_unlock(void) { rtnl_shunlock(); netdev_run_todo(); }",linux-2.6,,,30908929663895882735268418930356538906,0 1497,CWE-362,"int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len) { size_t off; ssize_t n; int npages, i; n = iov_iter_get_pages(iter, sgl->pages, len, ALG_MAX_PAGES, &off); if (n < 0) return n; npages = PAGE_ALIGN(off + n); if (WARN_ON(npages == 0)) return -EINVAL; sg_init_table(sgl->sg, npages); for (i = 0, len = n; i < npages; i++) { int plen = min_t(int, len, PAGE_SIZE - off); sg_set_page(sgl->sg + i, sgl->pages[i], plen, off); off = 0; len -= plen; } return n; }",visit repo url,crypto/af_alg.c,https://github.com/torvalds/linux,120519683813335,1 4420,CWE-122,"gen_values(codegen_scope *s, node *t, int val, int limit) { int n = 0; int first = 1; int slimit = GEN_VAL_STACK_MAX; if (limit == 0) limit = GEN_LIT_ARY_MAX; if (cursp() >= slimit) slimit = INT16_MAX; if (!val) { while (t) { codegen(s, t->car, NOVAL); n++; t = t->cdr; } return n; } while (t) { int is_splat = nint(t->car->car) == NODE_SPLAT; if (is_splat || n > limit || cursp() >= slimit) { pop_n(n); if (first) { if (n == 0) { genop_1(s, OP_LOADNIL, cursp()); } else { genop_2(s, OP_ARRAY, cursp(), n); } push(); first = 0; limit = GEN_LIT_ARY_MAX; } else if (n > 0) { pop(); genop_2(s, OP_ARYPUSH, cursp(), n); push(); } n = 0; } codegen(s, t->car, val); if (is_splat) { pop(); pop(); genop_1(s, OP_ARYCAT, cursp()); push(); } else { n++; } t = t->cdr; } if (!first) { pop(); if (n > 0) { pop_n(n); genop_2(s, OP_ARYPUSH, cursp(), n); } return -1; } return n; }",visit repo url,mrbgems/mruby-compiler/core/codegen.c,https://github.com/mruby/mruby,218755728710498,1 3828,['CWE-120'],"static int uvc_scan_chain_forward(struct uvc_video_device *video, struct uvc_entity *entity, struct uvc_entity *prev) { struct uvc_entity *forward; int found; forward = NULL; found = 0; while (1) { forward = uvc_entity_by_reference(video->dev, entity->id, forward); if (forward == NULL) break; if (UVC_ENTITY_TYPE(forward) != VC_EXTENSION_UNIT || forward == prev) continue; if (forward->extension.bNrInPins != 1) { uvc_trace(UVC_TRACE_DESCR, ""Extension unit %d has"" ""more than 1 input pin.\n"", entity->id); return -1; } list_add_tail(&forward->chain, &video->extensions); if (uvc_trace_param & UVC_TRACE_PROBE) { if (!found) printk("" (-> XU""); printk("" %d"", forward->id); found = 1; } } if (found) printk("")""); return 0; }",linux-2.6,,,221937274244843057188079573829864963762,0 5349,['CWE-476'],"static uint32_t div_frac(uint32_t dividend, uint32_t divisor) { uint32_t quotient, remainder; __asm__ ( ""divl %4"" : ""=a"" (quotient), ""=d"" (remainder) : ""0"" (0), ""1"" (dividend), ""r"" (divisor) ); return quotient; }",linux-2.6,,,125460081711792235106008212106480665537,0 1824,CWE-367,"int nfc_stop_poll(struct nfc_dev *dev) { int rc = 0; pr_debug(""dev_name=%s\n"", dev_name(&dev->dev)); device_lock(&dev->dev); if (!device_is_registered(&dev->dev)) { rc = -ENODEV; goto error; } if (!dev->polling) { rc = -EINVAL; goto error; } dev->ops->stop_poll(dev); dev->polling = false; dev->rf_mode = NFC_RF_NONE; error: device_unlock(&dev->dev); return rc; }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,142846176049745,1 6428,CWE-20,"uint16_t lpc546xxEthReadPhyReg(uint8_t opcode, uint8_t phyAddr, uint8_t regAddr) { uint16_t data; uint32_t temp; if(opcode == SMI_OPCODE_READ) { temp = ENET->MAC_MDIO_ADDR & ENET_MAC_MDIO_ADDR_CR_MASK; temp |= ENET_MAC_MDIO_ADDR_MOC(3) | ENET_MAC_MDIO_ADDR_MB_MASK; temp |= ENET_MAC_MDIO_ADDR_PA(phyAddr); temp |= ENET_MAC_MDIO_ADDR_RDA(regAddr); ENET->MAC_MDIO_ADDR = temp; while((ENET->MAC_MDIO_ADDR & ENET_MAC_MDIO_ADDR_MB_MASK) != 0) { } data = ENET->MAC_MDIO_DATA & ENET_MAC_MDIO_DATA_MD_MASK; } else { data = 0; } return data; }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,32937138811054,1 742,['CWE-119'],"isdn_net_getpeer(isdn_net_ioctl_phone *phone, isdn_net_ioctl_phone __user *peer) { isdn_net_dev *p = isdn_net_findif(phone->name); int ch, dv, idx; if (!p) return -ENODEV; ch = p->local->isdn_channel; dv = p->local->isdn_device; if(ch < 0 && dv < 0) return -ENOTCONN; idx = isdn_dc2minor(dv, ch); if (idx <0 ) return -ENODEV; if (strncmp(dev->num[idx], ""???"", 3) == 0) return -ENOTCONN; strncpy(phone->phone, dev->num[idx], ISDN_MSNLEN); phone->outgoing = USG_OUTGOING(dev->usage[idx]); if (copy_to_user(peer, phone, sizeof(*peer))) return -EFAULT; return 0; }",linux-2.6,,,27072445319805661265416334944835903745,0 4572,['CWE-399'],"} static inline void set_bitmap_uptodate(struct buffer_head *bh) { set_bit(BH_BITMAP_UPTODATE, &(bh)->b_state);",linux-2.6,,,102705094378407878156317092287889616191,0 5338,CWE-415,"void DDGifSlurp(GifInfo *info, bool decode, bool exitAfterFrame) { GifRecordType RecordType; GifByteType *ExtData; int ExtFunction; GifFileType *gifFilePtr; gifFilePtr = info->gifFilePtr; uint_fast32_t lastAllocatedGCBIndex = 0; do { if (DGifGetRecordType(gifFilePtr, &RecordType) == GIF_ERROR) { break; } bool isInitialPass = !decode && !exitAfterFrame; switch (RecordType) { case IMAGE_DESC_RECORD_TYPE: if (DGifGetImageDesc(gifFilePtr, isInitialPass) == GIF_ERROR) { break; } if (isInitialPass) { int_fast32_t widthOverflow = gifFilePtr->Image.Width - gifFilePtr->SWidth; int_fast32_t heightOverflow = gifFilePtr->Image.Height - gifFilePtr->SHeight; if (widthOverflow > 0 || heightOverflow > 0) { gifFilePtr->SWidth += widthOverflow; gifFilePtr->SHeight += heightOverflow; } SavedImage *sp = &gifFilePtr->SavedImages[gifFilePtr->ImageCount - 1]; int_fast32_t topOverflow = gifFilePtr->Image.Top + gifFilePtr->Image.Height - gifFilePtr->SHeight; if (topOverflow > 0) { sp->ImageDesc.Top -= topOverflow; } int_fast32_t leftOverflow = gifFilePtr->Image.Left + gifFilePtr->Image.Width - gifFilePtr->SWidth; if (leftOverflow > 0) { sp->ImageDesc.Left -= leftOverflow; } if (!updateGCB(info, &lastAllocatedGCBIndex)) { break; } } if (decode) { int_fast32_t widthOverflow = gifFilePtr->Image.Width - info->originalWidth; int_fast32_t heightOverflow = gifFilePtr->Image.Height - info->originalHeight; const uint_fast32_t newRasterSize = gifFilePtr->Image.Width * gifFilePtr->Image.Height; if (newRasterSize > info->rasterSize || widthOverflow > 0 || heightOverflow > 0) { void *tmpRasterBits = reallocarray(info->rasterBits, newRasterSize, sizeof(GifPixelType)); if (tmpRasterBits == NULL) { gifFilePtr->Error = D_GIF_ERR_NOT_ENOUGH_MEM; break; } info->rasterBits = tmpRasterBits; info->rasterSize = newRasterSize; } if (gifFilePtr->Image.Interlace) { uint_fast16_t i, j; uint_fast8_t InterlacedOffset[] = {0, 4, 2, 1}; uint_fast8_t InterlacedJumps[] = {8, 8, 4, 2}; for (i = 0; i < 4; i++) for (j = InterlacedOffset[i]; j < gifFilePtr->Image.Height; j += InterlacedJumps[i]) { if (DGifGetLine(gifFilePtr, info->rasterBits + j * gifFilePtr->Image.Width, gifFilePtr->Image.Width) == GIF_ERROR) break; } } else { if (DGifGetLine(gifFilePtr, info->rasterBits, gifFilePtr->Image.Width * gifFilePtr->Image.Height) == GIF_ERROR) { break; } } if (info->sampleSize > 1) { unsigned char *dst = info->rasterBits; unsigned char *src = info->rasterBits; unsigned char *const srcEndImage = info->rasterBits + gifFilePtr->Image.Width * gifFilePtr->Image.Height; do { unsigned char *srcNextLineStart = src + gifFilePtr->Image.Width * info->sampleSize; unsigned char *const srcEndLine = src + gifFilePtr->Image.Width; unsigned char *dstEndLine = dst + gifFilePtr->Image.Width / info->sampleSize; do { *dst = *src; dst++; src += info->sampleSize; } while (src < srcEndLine); dst = dstEndLine; src = srcNextLineStart; } while (src < srcEndImage); } return; } else { do { if (DGifGetCodeNext(gifFilePtr, &ExtData) == GIF_ERROR) { break; } } while (ExtData != NULL); if (exitAfterFrame) { return; } } break; case EXTENSION_RECORD_TYPE: if (DGifGetExtension(gifFilePtr, &ExtFunction, &ExtData) == GIF_ERROR) { break; } if (isInitialPass) { updateGCB(info, &lastAllocatedGCBIndex); if (readExtensions(ExtFunction, ExtData, info) == GIF_ERROR) { break; } } while (ExtData != NULL) { if (DGifGetExtensionNext(gifFilePtr, &ExtData) == GIF_ERROR) { break; } if (isInitialPass && readExtensions(ExtFunction, ExtData, info) == GIF_ERROR) { break; } } break; case TERMINATE_RECORD_TYPE: break; default: break; } } while (RecordType != TERMINATE_RECORD_TYPE); info->rewindFunction(info); }",visit repo url,android-gif-drawable/src/main/c/decoding.c,https://github.com/koral--/android-gif-drawable,52373925282853,1 1803,[],"sleep_on_common(wait_queue_head_t *q, int state, long timeout) { unsigned long flags; wait_queue_t wait; init_waitqueue_entry(&wait, current); __set_current_state(state); spin_lock_irqsave(&q->lock, flags); __add_wait_queue(q, &wait); spin_unlock(&q->lock); timeout = schedule_timeout(timeout); spin_lock_irq(&q->lock); __remove_wait_queue(q, &wait); spin_unlock_irqrestore(&q->lock, flags); return timeout; }",linux-2.6,,,71501067355669737865160098180048172699,0 1897,CWE-203,"spectre_v2_user_select_mitigation(void) { enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE; bool smt_possible = IS_ENABLED(CONFIG_SMP); enum spectre_v2_user_cmd cmd; if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) return; if (cpu_smt_control == CPU_SMT_FORCE_DISABLED || cpu_smt_control == CPU_SMT_NOT_SUPPORTED) smt_possible = false; cmd = spectre_v2_parse_user_cmdline(); switch (cmd) { case SPECTRE_V2_USER_CMD_NONE: goto set_mode; case SPECTRE_V2_USER_CMD_FORCE: mode = SPECTRE_V2_USER_STRICT; break; case SPECTRE_V2_USER_CMD_AUTO: case SPECTRE_V2_USER_CMD_PRCTL: case SPECTRE_V2_USER_CMD_PRCTL_IBPB: mode = SPECTRE_V2_USER_PRCTL; break; case SPECTRE_V2_USER_CMD_SECCOMP: case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: if (IS_ENABLED(CONFIG_SECCOMP)) mode = SPECTRE_V2_USER_SECCOMP; else mode = SPECTRE_V2_USER_PRCTL; break; } if (boot_cpu_has(X86_FEATURE_IBPB)) { setup_force_cpu_cap(X86_FEATURE_USE_IBPB); spectre_v2_user_ibpb = mode; switch (cmd) { case SPECTRE_V2_USER_CMD_FORCE: case SPECTRE_V2_USER_CMD_PRCTL_IBPB: case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: static_branch_enable(&switch_mm_always_ibpb); spectre_v2_user_ibpb = SPECTRE_V2_USER_STRICT; break; case SPECTRE_V2_USER_CMD_PRCTL: case SPECTRE_V2_USER_CMD_AUTO: case SPECTRE_V2_USER_CMD_SECCOMP: static_branch_enable(&switch_mm_cond_ibpb); break; default: break; } pr_info(""mitigation: Enabling %s Indirect Branch Prediction Barrier\n"", static_key_enabled(&switch_mm_always_ibpb) ? ""always-on"" : ""conditional""); } if (!boot_cpu_has(X86_FEATURE_STIBP) || !smt_possible || spectre_v2_in_ibrs_mode(spectre_v2_enabled)) return; if (mode != SPECTRE_V2_USER_STRICT && boot_cpu_has(X86_FEATURE_AMD_STIBP_ALWAYS_ON)) mode = SPECTRE_V2_USER_STRICT_PREFERRED; if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET || retbleed_mitigation == RETBLEED_MITIGATION_IBPB) { if (mode != SPECTRE_V2_USER_STRICT && mode != SPECTRE_V2_USER_STRICT_PREFERRED) pr_info(""Selecting STIBP always-on mode to complement retbleed mitigation\n""); mode = SPECTRE_V2_USER_STRICT_PREFERRED; } spectre_v2_user_stibp = mode; set_mode: pr_info(""%s\n"", spectre_v2_user_strings[mode]); }",visit repo url,arch/x86/kernel/cpu/bugs.c,https://github.com/torvalds/linux,262809658716524,1 1667,CWE-119,"void unix_inflight(struct file *fp) { struct sock *s = unix_get_socket(fp); if (s) { struct unix_sock *u = unix_sk(s); spin_lock(&unix_gc_lock); if (atomic_long_inc_return(&u->inflight) == 1) { BUG_ON(!list_empty(&u->link)); list_add_tail(&u->link, &gc_inflight_list); } else { BUG_ON(list_empty(&u->link)); } unix_tot_inflight++; spin_unlock(&unix_gc_lock); } }",visit repo url,net/unix/garbage.c,https://github.com/torvalds/linux,135278329049346,1 2739,['CWE-189'],"void sctp_auth_calculate_hmac(const struct sctp_association *asoc, struct sk_buff *skb, struct sctp_auth_chunk *auth, gfp_t gfp) { struct scatterlist sg; struct hash_desc desc; struct sctp_auth_bytes *asoc_key; __u16 key_id, hmac_id; __u8 *digest; unsigned char *end; int free_key = 0; key_id = ntohs(auth->auth_hdr.shkey_id); hmac_id = ntohs(auth->auth_hdr.hmac_id); if (key_id == asoc->active_key_id) asoc_key = asoc->asoc_shared_key; else { struct sctp_shared_key *ep_key; ep_key = sctp_auth_get_shkey(asoc, key_id); if (!ep_key) return; asoc_key = sctp_auth_asoc_create_secret(asoc, ep_key, gfp); if (!asoc_key) return; free_key = 1; } end = skb_tail_pointer(skb); sg_init_one(&sg, auth, end - (unsigned char *)auth); desc.tfm = asoc->ep->auth_hmacs[hmac_id]; desc.flags = 0; digest = auth->auth_hdr.hmac; if (crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len)) goto free; crypto_hash_digest(&desc, &sg, sg.length, digest); free: if (free_key) sctp_auth_key_put(asoc_key); }",linux-2.6,,,69297651776223782216125660765846351999,0 4764,CWE-119,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 5909,['CWE-909'],"static int tc_fill_tclass(struct sk_buff *skb, struct Qdisc *q, unsigned long cl, u32 pid, u32 seq, u16 flags, int event) { struct tcmsg *tcm; struct nlmsghdr *nlh; unsigned char *b = skb_tail_pointer(skb); struct gnet_dump d; const struct Qdisc_class_ops *cl_ops = q->ops->cl_ops; nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags); tcm = NLMSG_DATA(nlh); tcm->tcm_family = AF_UNSPEC; tcm->tcm__pad1 = 0; tcm->tcm__pad2 = 0; tcm->tcm_ifindex = qdisc_dev(q)->ifindex; tcm->tcm_parent = q->handle; tcm->tcm_handle = q->handle; tcm->tcm_info = 0; NLA_PUT_STRING(skb, TCA_KIND, q->ops->id); if (cl_ops->dump && cl_ops->dump(q, cl, skb, tcm) < 0) goto nla_put_failure; if (gnet_stats_start_copy_compat(skb, TCA_STATS2, TCA_STATS, TCA_XSTATS, qdisc_root_sleeping_lock(q), &d) < 0) goto nla_put_failure; if (cl_ops->dump_stats && cl_ops->dump_stats(q, cl, &d) < 0) goto nla_put_failure; if (gnet_stats_finish_copy(&d) < 0) goto nla_put_failure; nlh->nlmsg_len = skb_tail_pointer(skb) - b; return skb->len; nlmsg_failure: nla_put_failure: nlmsg_trim(skb, b); return -1; }",linux-2.6,,,249088918676693539675571238039292530611,0 2523,CWE-19,"cleanup_pathname(struct archive_write_disk *a) { char *dest, *src; char separator = '\0'; dest = src = a->name; if (*src == '\0') { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Invalid empty pathname""); return (ARCHIVE_FAILED); } #if defined(__CYGWIN__) cleanup_pathname_win(a); #endif if (*src == '/') { if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Path is absolute""); return (ARCHIVE_FAILED); } separator = *src++; } for (;;) { if (src[0] == '\0') { break; } else if (src[0] == '/') { src++; continue; } else if (src[0] == '.') { if (src[1] == '\0') { break; } else if (src[1] == '/') { src += 2; continue; } else if (src[1] == '.') { if (src[2] == '/' || src[2] == '\0') { if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Path contains '..'""); return (ARCHIVE_FAILED); } } } } if (separator) *dest++ = '/'; while (*src != '\0' && *src != '/') { *dest++ = *src++; } if (*src == '\0') break; separator = *src++; } if (dest == a->name) { if (separator) *dest++ = '/'; else *dest++ = '.'; } *dest = '\0'; return (ARCHIVE_OK); }",visit repo url,libarchive/archive_write_disk_posix.c,https://github.com/libarchive/libarchive,186733801828152,1 6474,CWE-362,"void gnrc_sixlowpan_frag_sfr_arq_timeout(gnrc_sixlowpan_frag_fb_t *fbuf) { uint32_t now = xtimer_now_usec() / US_PER_MS; _frag_desc_t *frag_desc = (_frag_desc_t *)fbuf->sfr.window.next; uint32_t next_arq_offset = fbuf->sfr.arq_timeout; bool reschedule_arq_timeout = false; int error_no = ETIMEDOUT; DEBUG(""6lo sfr: ARQ timeout for datagram %u\n"", fbuf->tag); fbuf->sfr.arq_timeout_event.msg.content.ptr = NULL; if (IS_ACTIVE(CONFIG_GNRC_SIXLOWPAN_SFR_MOCK_ARQ_TIMER)) { now -= (fbuf->sfr.arq_timeout * US_PER_MS) + 1; } if (IS_USED(MODULE_GNRC_SIXLOWPAN_FRAG_SFR_CONGURE) && frag_desc) { gnrc_sixlowpan_frag_sfr_congure_snd_report_frags_timeout(fbuf); _shrink_window(fbuf); frag_desc = (_frag_desc_t *)fbuf->sfr.window.next; } _frag_desc_t * const head = frag_desc; if (frag_desc) { do { uint32_t diff; frag_desc = (_frag_desc_t *)frag_desc->super.super.next; diff = now - frag_desc->super.send_time; if (diff < fbuf->sfr.arq_timeout) { uint32_t offset = fbuf->sfr.arq_timeout - diff; DEBUG(""6lo sfr: wait for fragment %u in next reschedule\n"", _frag_seq(frag_desc)); if (offset < next_arq_offset) { next_arq_offset = offset; DEBUG("" (next ARQ timeout in %lu)\n"", (long unsigned)next_arq_offset); } reschedule_arq_timeout = true; } else if (_frag_ack_req(frag_desc)) { if ((frag_desc->super.resends++) < CONFIG_GNRC_SIXLOWPAN_SFR_FRAG_RETRIES) { DEBUG(""6lo sfr: %u retries left for fragment (tag: %u, "" ""X: %i, seq: %u, frag_size: %u, offset: %u)\n"", CONFIG_GNRC_SIXLOWPAN_SFR_FRAG_RETRIES - (frag_desc->super.resends - 1), (uint8_t)fbuf->tag, _frag_ack_req(frag_desc), _frag_seq(frag_desc), _frag_size(frag_desc), frag_desc->offset); if (_resend_frag(&frag_desc->super.super, fbuf) != 0) { error_no = ENOMEM; goto error; } else { if (IS_USED(MODULE_GNRC_SIXLOWPAN_FRAG_SFR_CONGURE)) { gnrc_sixlowpan_frag_sfr_congure_snd_report_frag_sent(fbuf); } if (IS_USED(MODULE_GNRC_SIXLOWPAN_FRAG_SFR_STATS)) { _stats.fragment_resends.by_timeout++; } } reschedule_arq_timeout = true; } else { DEBUG(""6lo sfr: no retries left for fragment "" ""(tag: %u, X: %i, seq: %u, frag_size: %u, "" ""offset: %u)\n"", (uint8_t)fbuf->tag, _frag_ack_req(frag_desc), _frag_seq(frag_desc), _frag_size(frag_desc), frag_desc->offset); _retry_datagram(fbuf); return; } } else { DEBUG(""6lo sfr: nothing to do for fragment %u\n"", _frag_seq(frag_desc)); } } while (frag_desc != head); clist_foreach(&fbuf->sfr.window, _report_non_ack_req_window_sent, fbuf); } else { error_no = GNRC_NETERR_SUCCESS; } assert(fbuf->sfr.frags_sent == clist_count(&fbuf->sfr.window)); if (reschedule_arq_timeout) { _sched_arq_timeout(fbuf, next_arq_offset); return; } error: _send_abort_frag(fbuf->pkt, fbuf, false, 0); _clean_up_fbuf(fbuf, error_no); }",visit repo url,sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c,https://github.com/RIOT-OS/RIOT,178644034088418,1 2975,['CWE-189'],"static jpc_enc_cp_t *cp_create(char *optstr, jas_image_t *image) { jpc_enc_cp_t *cp; jas_tvparser_t *tvp; int ret; int numilyrrates; double *ilyrrates; int i; int tagid; jpc_enc_tcp_t *tcp; jpc_enc_tccp_t *tccp; jpc_enc_ccp_t *ccp; int cmptno; uint_fast16_t rlvlno; uint_fast16_t prcwidthexpn; uint_fast16_t prcheightexpn; bool enablemct; uint_fast32_t jp2overhead; uint_fast16_t lyrno; uint_fast32_t hsteplcm; uint_fast32_t vsteplcm; bool mctvalid; tvp = 0; cp = 0; ilyrrates = 0; numilyrrates = 0; if (!(cp = jas_malloc(sizeof(jpc_enc_cp_t)))) { goto error; } prcwidthexpn = 15; prcheightexpn = 15; enablemct = true; jp2overhead = 0; cp->ccps = 0; cp->debug = 0; cp->imgareatlx = UINT_FAST32_MAX; cp->imgareatly = UINT_FAST32_MAX; cp->refgrdwidth = 0; cp->refgrdheight = 0; cp->tilegrdoffx = UINT_FAST32_MAX; cp->tilegrdoffy = UINT_FAST32_MAX; cp->tilewidth = 0; cp->tileheight = 0; cp->numcmpts = jas_image_numcmpts(image); hsteplcm = 1; vsteplcm = 1; for (cmptno = 0; cmptno < jas_image_numcmpts(image); ++cmptno) { if (jas_image_cmptbrx(image, cmptno) + jas_image_cmpthstep(image, cmptno) <= jas_image_brx(image) || jas_image_cmptbry(image, cmptno) + jas_image_cmptvstep(image, cmptno) <= jas_image_bry(image)) { jas_eprintf(""unsupported image type\n""); goto error; } hsteplcm *= jas_image_cmpthstep(image, cmptno); vsteplcm *= jas_image_cmptvstep(image, cmptno); } if (!(cp->ccps = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_ccp_t)))) { goto error; } for (cmptno = 0, ccp = cp->ccps; cmptno < JAS_CAST(int, cp->numcmpts); ++cmptno, ++ccp) { ccp->sampgrdstepx = jas_image_cmpthstep(image, cmptno); ccp->sampgrdstepy = jas_image_cmptvstep(image, cmptno); ccp->sampgrdsubstepx = 0; ccp->sampgrdsubstepx = 0; ccp->prec = jas_image_cmptprec(image, cmptno); ccp->sgnd = jas_image_cmptsgnd(image, cmptno); ccp->numstepsizes = 0; memset(ccp->stepsizes, 0, sizeof(ccp->stepsizes)); } cp->rawsize = jas_image_rawsize(image); cp->totalsize = UINT_FAST32_MAX; tcp = &cp->tcp; tcp->csty = 0; tcp->intmode = true; tcp->prg = JPC_COD_LRCPPRG; tcp->numlyrs = 1; tcp->ilyrrates = 0; tccp = &cp->tccp; tccp->csty = 0; tccp->maxrlvls = 6; tccp->cblkwidthexpn = 6; tccp->cblkheightexpn = 6; tccp->cblksty = 0; tccp->numgbits = 2; if (!(tvp = jas_tvparser_create(optstr ? optstr : """"))) { goto error; } while (!(ret = jas_tvparser_next(tvp))) { switch (jas_taginfo_nonull(jas_taginfos_lookup(encopts, jas_tvparser_gettag(tvp)))->id) { case OPT_DEBUG: cp->debug = atoi(jas_tvparser_getval(tvp)); break; case OPT_IMGAREAOFFX: cp->imgareatlx = atoi(jas_tvparser_getval(tvp)); break; case OPT_IMGAREAOFFY: cp->imgareatly = atoi(jas_tvparser_getval(tvp)); break; case OPT_TILEGRDOFFX: cp->tilegrdoffx = atoi(jas_tvparser_getval(tvp)); break; case OPT_TILEGRDOFFY: cp->tilegrdoffy = atoi(jas_tvparser_getval(tvp)); break; case OPT_TILEWIDTH: cp->tilewidth = atoi(jas_tvparser_getval(tvp)); break; case OPT_TILEHEIGHT: cp->tileheight = atoi(jas_tvparser_getval(tvp)); break; case OPT_PRCWIDTH: prcwidthexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp))); break; case OPT_PRCHEIGHT: prcheightexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp))); break; case OPT_CBLKWIDTH: tccp->cblkwidthexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp))); break; case OPT_CBLKHEIGHT: tccp->cblkheightexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp))); break; case OPT_MODE: if ((tagid = jas_taginfo_nonull(jas_taginfos_lookup(modetab, jas_tvparser_getval(tvp)))->id) < 0) { jas_eprintf(""ignoring invalid mode %s\n"", jas_tvparser_getval(tvp)); } else { tcp->intmode = (tagid == MODE_INT); } break; case OPT_PRG: if ((tagid = jas_taginfo_nonull(jas_taginfos_lookup(prgordtab, jas_tvparser_getval(tvp)))->id) < 0) { jas_eprintf(""ignoring invalid progression order %s\n"", jas_tvparser_getval(tvp)); } else { tcp->prg = tagid; } break; case OPT_NOMCT: enablemct = false; break; case OPT_MAXRLVLS: tccp->maxrlvls = atoi(jas_tvparser_getval(tvp)); break; case OPT_SOP: cp->tcp.csty |= JPC_COD_SOP; break; case OPT_EPH: cp->tcp.csty |= JPC_COD_EPH; break; case OPT_LAZY: tccp->cblksty |= JPC_COX_LAZY; break; case OPT_TERMALL: tccp->cblksty |= JPC_COX_TERMALL; break; case OPT_SEGSYM: tccp->cblksty |= JPC_COX_SEGSYM; break; case OPT_VCAUSAL: tccp->cblksty |= JPC_COX_VSC; break; case OPT_RESET: tccp->cblksty |= JPC_COX_RESET; break; case OPT_PTERM: tccp->cblksty |= JPC_COX_PTERM; break; case OPT_NUMGBITS: cp->tccp.numgbits = atoi(jas_tvparser_getval(tvp)); break; case OPT_RATE: if (ratestrtosize(jas_tvparser_getval(tvp), cp->rawsize, &cp->totalsize)) { jas_eprintf(""ignoring bad rate specifier %s\n"", jas_tvparser_getval(tvp)); } break; case OPT_ILYRRATES: if (jpc_atoaf(jas_tvparser_getval(tvp), &numilyrrates, &ilyrrates)) { jas_eprintf(""warning: invalid intermediate layer rates specifier ignored (%s)\n"", jas_tvparser_getval(tvp)); } break; case OPT_JP2OVERHEAD: jp2overhead = atoi(jas_tvparser_getval(tvp)); break; default: jas_eprintf(""warning: ignoring invalid option %s\n"", jas_tvparser_gettag(tvp)); break; } } jas_tvparser_destroy(tvp); tvp = 0; if (cp->totalsize != UINT_FAST32_MAX) { cp->totalsize = (cp->totalsize > jp2overhead) ? (cp->totalsize - jp2overhead) : 0; } if (cp->imgareatlx == UINT_FAST32_MAX) { cp->imgareatlx = 0; } else { if (hsteplcm != 1) { jas_eprintf(""warning: overriding imgareatlx value\n""); } cp->imgareatlx *= hsteplcm; } if (cp->imgareatly == UINT_FAST32_MAX) { cp->imgareatly = 0; } else { if (vsteplcm != 1) { jas_eprintf(""warning: overriding imgareatly value\n""); } cp->imgareatly *= vsteplcm; } cp->refgrdwidth = cp->imgareatlx + jas_image_width(image); cp->refgrdheight = cp->imgareatly + jas_image_height(image); if (cp->tilegrdoffx == UINT_FAST32_MAX) { cp->tilegrdoffx = cp->imgareatlx; } if (cp->tilegrdoffy == UINT_FAST32_MAX) { cp->tilegrdoffy = cp->imgareatly; } if (!cp->tilewidth) { cp->tilewidth = cp->refgrdwidth - cp->tilegrdoffx; } if (!cp->tileheight) { cp->tileheight = cp->refgrdheight - cp->tilegrdoffy; } if (cp->numcmpts == 3) { mctvalid = true; for (cmptno = 0; cmptno < jas_image_numcmpts(image); ++cmptno) { if (jas_image_cmptprec(image, cmptno) != jas_image_cmptprec(image, 0) || jas_image_cmptsgnd(image, cmptno) != jas_image_cmptsgnd(image, 0) || jas_image_cmptwidth(image, cmptno) != jas_image_cmptwidth(image, 0) || jas_image_cmptheight(image, cmptno) != jas_image_cmptheight(image, 0)) { mctvalid = false; } } } else { mctvalid = false; } if (mctvalid && enablemct && jas_clrspc_fam(jas_image_clrspc(image)) != JAS_CLRSPC_FAM_RGB) { jas_eprintf(""warning: color space apparently not RGB\n""); } if (mctvalid && enablemct && jas_clrspc_fam(jas_image_clrspc(image)) == JAS_CLRSPC_FAM_RGB) { tcp->mctid = (tcp->intmode) ? (JPC_MCT_RCT) : (JPC_MCT_ICT); } else { tcp->mctid = JPC_MCT_NONE; } tccp->qmfbid = (tcp->intmode) ? (JPC_COX_RFT) : (JPC_COX_INS); for (rlvlno = 0; rlvlno < tccp->maxrlvls; ++rlvlno) { tccp->prcwidthexpns[rlvlno] = prcwidthexpn; tccp->prcheightexpns[rlvlno] = prcheightexpn; } if (prcwidthexpn != 15 || prcheightexpn != 15) { tccp->csty |= JPC_COX_PRT; } if (!cp->tilewidth) { jas_eprintf(""invalid tile width %lu\n"", (unsigned long) cp->tilewidth); goto error; } if (!cp->tileheight) { jas_eprintf(""invalid tile height %lu\n"", (unsigned long) cp->tileheight); goto error; } if (cp->tilegrdoffx > cp->imgareatlx || cp->tilegrdoffy > cp->imgareatly || cp->tilegrdoffx + cp->tilewidth < cp->imgareatlx || cp->tilegrdoffy + cp->tileheight < cp->imgareatly) { jas_eprintf(""invalid tile grid offset (%lu, %lu)\n"", (unsigned long) cp->tilegrdoffx, (unsigned long) cp->tilegrdoffy); goto error; } cp->numhtiles = JPC_CEILDIV(cp->refgrdwidth - cp->tilegrdoffx, cp->tilewidth); cp->numvtiles = JPC_CEILDIV(cp->refgrdheight - cp->tilegrdoffy, cp->tileheight); cp->numtiles = cp->numhtiles * cp->numvtiles; if (ilyrrates && numilyrrates > 0) { tcp->numlyrs = numilyrrates + 1; if (!(tcp->ilyrrates = jas_alloc2((tcp->numlyrs - 1), sizeof(jpc_fix_t)))) { goto error; } for (i = 0; i < JAS_CAST(int, tcp->numlyrs - 1); ++i) { tcp->ilyrrates[i] = jpc_dbltofix(ilyrrates[i]); } } if (cp->totalsize == UINT_FAST32_MAX && (!cp->tcp.intmode)) { jas_eprintf(""cannot use real mode for lossless coding\n""); goto error; } if (prcwidthexpn > 15) { jas_eprintf(""invalid precinct width\n""); goto error; } if (prcheightexpn > 15) { jas_eprintf(""invalid precinct height\n""); goto error; } if (cp->tccp.cblkwidthexpn < 2 || cp->tccp.cblkwidthexpn > 12) { jas_eprintf(""invalid code block width %d\n"", JPC_POW2(cp->tccp.cblkwidthexpn)); goto error; } if (cp->tccp.cblkheightexpn < 2 || cp->tccp.cblkheightexpn > 12) { jas_eprintf(""invalid code block height %d\n"", JPC_POW2(cp->tccp.cblkheightexpn)); goto error; } if (cp->tccp.cblkwidthexpn + cp->tccp.cblkheightexpn > 12) { jas_eprintf(""code block size too large\n""); goto error; } if (cp->tcp.numlyrs > 16384) { jas_eprintf(""too many layers\n""); goto error; } if (cp->tccp.maxrlvls < 1) { jas_eprintf(""must be at least one resolution level\n""); goto error; } if (cp->tccp.numgbits > 8) { jas_eprintf(""invalid number of guard bits\n""); goto error; } if (cp->totalsize != UINT_FAST32_MAX && cp->totalsize > cp->rawsize) { jas_eprintf(""warning: specified rate is unreasonably large (%lu > %lu)\n"", (unsigned long) cp->totalsize, (unsigned long) cp->rawsize); } if (tcp->numlyrs > 1) { for (lyrno = 0; lyrno + 2 < tcp->numlyrs; ++lyrno) { if (tcp->ilyrrates[lyrno] >= tcp->ilyrrates[lyrno + 1]) { jas_eprintf(""intermediate layer rates must increase monotonically\n""); goto error; } } if (cp->totalsize != UINT_FAST32_MAX) { for (lyrno = 0; lyrno < tcp->numlyrs - 1; ++lyrno) { if (jpc_fixtodbl(tcp->ilyrrates[lyrno]) > ((double) cp->totalsize) / cp->rawsize) { jas_eprintf(""warning: intermediate layer rates must be less than overall rate\n""); goto error; } } } } if (ilyrrates) { jas_free(ilyrrates); } return cp; error: if (ilyrrates) { jas_free(ilyrrates); } if (tvp) { jas_tvparser_destroy(tvp); } if (cp) { jpc_enc_cp_destroy(cp); } return 0; }",jasper,,,249238926149914628989294835822564668062,0 5072,CWE-191,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 4155,CWE-787,"static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s) { struct jbg_dec_state decoder; int decodeStatus = 0; unsigned char* pImage = NULL; (void) size, (void) s; if (isFillOrder(tif, tif->tif_dir.td_fillorder)) { TIFFReverseBits(tif->tif_rawdata, tif->tif_rawdatasize); } jbg_dec_init(&decoder); #if defined(HAVE_JBG_NEWLEN) jbg_newlen(tif->tif_rawdata, (size_t)tif->tif_rawdatasize); #endif decodeStatus = jbg_dec_in(&decoder, (unsigned char*)tif->tif_rawdata, (size_t)tif->tif_rawdatasize, NULL); if (JBG_EOK != decodeStatus) { TIFFErrorExt(tif->tif_clientdata, ""JBIG"", ""Error (%d) decoding: %s"", decodeStatus, #if defined(JBG_EN) jbg_strerror(decodeStatus, JBG_EN) #else jbg_strerror(decodeStatus) #endif ); jbg_dec_free(&decoder); return 0; } pImage = jbg_dec_getimage(&decoder, 0); _TIFFmemcpy(buffer, pImage, jbg_dec_getsize(&decoder)); jbg_dec_free(&decoder); return 1; }",visit repo url,libtiff/tif_jbig.c,https://gitlab.com/libtiff/libtiff,31546096022507,1 4024,['CWE-362'],"static inline void inotify_init_watch(struct inotify_watch *watch) { }",linux-2.6,,,305946038282302803761544276663624850060,0 6693,['CWE-200'],"update (NMExportedConnection *exported, GHashTable *new_settings, GError **error) { NMAGConfConnectionPrivate *priv = NMA_GCONF_CONNECTION_GET_PRIVATE (exported); NMConnection *tmp; gboolean success = FALSE; DBusGMethodInvocation *context; context = g_object_get_data (G_OBJECT (exported), NM_EXPORTED_CONNECTION_DBUS_METHOD_INVOCATION); if (context && !is_user_request_authorized (context, error)) { nm_warning (""%s.%d - Connection update permission denied: (%d) %s"", __FILE__, __LINE__, (*error)->code, (*error)->message); return FALSE; } tmp = nm_connection_new_from_hash (new_settings, error); if (!tmp) { nm_warning (""%s: Invalid connection: '%s' / '%s' invalid: %d"", __func__, g_type_name (nm_connection_lookup_setting_type_by_quark ((*error)->domain)), (*error)->message, (*error)->code); } else { nm_gconf_copy_private_connection_values (tmp, nm_exported_connection_get_connection (exported)); nm_gconf_write_connection (tmp, priv->client, priv->dir); g_object_unref (tmp); gconf_client_notify (priv->client, priv->dir); gconf_client_suggest_sync (priv->client, NULL); success = TRUE; } return success; }",network-manager-applet,,,241340851385222631931092848270076119170,0 1389,CWE-399,"static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, struct sk_buff *skb, struct gnttab_copy **gopp) { struct gnttab_copy *gop = *gopp; u16 pending_idx = *((u16 *)skb->data); struct pending_tx_info *pending_tx_info = netbk->pending_tx_info; struct xenvif *vif = pending_tx_info[pending_idx].vif; struct xen_netif_tx_request *txp; struct skb_shared_info *shinfo = skb_shinfo(skb); int nr_frags = shinfo->nr_frags; int i, err, start; err = gop->status; if (unlikely(err)) { pending_ring_idx_t index; index = pending_index(netbk->pending_prod++); txp = &pending_tx_info[pending_idx].req; make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); netbk->pending_ring[index] = pending_idx; xenvif_put(vif); } start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx); for (i = start; i < nr_frags; i++) { int j, newerr; pending_ring_idx_t index; pending_idx = frag_get_pending_idx(&shinfo->frags[i]); newerr = (++gop)->status; if (likely(!newerr)) { if (unlikely(err)) xen_netbk_idx_release(netbk, pending_idx); continue; } txp = &netbk->pending_tx_info[pending_idx].req; make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); index = pending_index(netbk->pending_prod++); netbk->pending_ring[index] = pending_idx; xenvif_put(vif); if (err) continue; pending_idx = *((u16 *)skb->data); xen_netbk_idx_release(netbk, pending_idx); for (j = start; j < i; j++) { pending_idx = frag_get_pending_idx(&shinfo->frags[j]); xen_netbk_idx_release(netbk, pending_idx); } err = newerr; } *gopp = gop + 1; return err; }",visit repo url,drivers/net/xen-netback/netback.c,https://github.com/torvalds/linux,95623070216802,1 1485,CWE-264,"SYSCALL_DEFINE5(perf_event_open, struct perf_event_attr __user *, attr_uptr, pid_t, pid, int, cpu, int, group_fd, unsigned long, flags) { struct perf_event *group_leader = NULL, *output_event = NULL; struct perf_event *event, *sibling; struct perf_event_attr attr; struct perf_event_context *ctx; struct file *event_file = NULL; struct fd group = {NULL, 0}; struct task_struct *task = NULL; struct pmu *pmu; int event_fd; int move_group = 0; int err; int f_flags = O_RDWR; if (flags & ~PERF_FLAG_ALL) return -EINVAL; err = perf_copy_attr(attr_uptr, &attr); if (err) return err; if (!attr.exclude_kernel) { if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) return -EACCES; } if (attr.freq) { if (attr.sample_freq > sysctl_perf_event_sample_rate) return -EINVAL; } else { if (attr.sample_period & (1ULL << 63)) return -EINVAL; } if ((flags & PERF_FLAG_PID_CGROUP) && (pid == -1 || cpu == -1)) return -EINVAL; if (flags & PERF_FLAG_FD_CLOEXEC) f_flags |= O_CLOEXEC; event_fd = get_unused_fd_flags(f_flags); if (event_fd < 0) return event_fd; if (group_fd != -1) { err = perf_fget_light(group_fd, &group); if (err) goto err_fd; group_leader = group.file->private_data; if (flags & PERF_FLAG_FD_OUTPUT) output_event = group_leader; if (flags & PERF_FLAG_FD_NO_GROUP) group_leader = NULL; } if (pid != -1 && !(flags & PERF_FLAG_PID_CGROUP)) { task = find_lively_task_by_vpid(pid); if (IS_ERR(task)) { err = PTR_ERR(task); goto err_group_fd; } } if (task && group_leader && group_leader->attr.inherit != attr.inherit) { err = -EINVAL; goto err_task; } get_online_cpus(); event = perf_event_alloc(&attr, cpu, task, group_leader, NULL, NULL, NULL); if (IS_ERR(event)) { err = PTR_ERR(event); goto err_cpus; } if (flags & PERF_FLAG_PID_CGROUP) { err = perf_cgroup_connect(pid, event, &attr, group_leader); if (err) { __free_event(event); goto err_cpus; } } if (is_sampling_event(event)) { if (event->pmu->capabilities & PERF_PMU_CAP_NO_INTERRUPT) { err = -ENOTSUPP; goto err_alloc; } } account_event(event); pmu = event->pmu; if (group_leader && (is_software_event(event) != is_software_event(group_leader))) { if (is_software_event(event)) { pmu = group_leader->pmu; } else if (is_software_event(group_leader) && (group_leader->group_flags & PERF_GROUP_SOFTWARE)) { move_group = 1; } } ctx = find_get_context(pmu, task, event->cpu); if (IS_ERR(ctx)) { err = PTR_ERR(ctx); goto err_alloc; } if (task) { put_task_struct(task); task = NULL; } if (group_leader) { err = -EINVAL; if (group_leader->group_leader != group_leader) goto err_context; if (move_group) { if (group_leader->ctx->task != ctx->task) goto err_context; if (group_leader->cpu != event->cpu) goto err_context; } else { if (group_leader->ctx != ctx) goto err_context; } if (attr.exclusive || attr.pinned) goto err_context; } if (output_event) { err = perf_event_set_output(event, output_event); if (err) goto err_context; } event_file = anon_inode_getfile(""[perf_event]"", &perf_fops, event, f_flags); if (IS_ERR(event_file)) { err = PTR_ERR(event_file); goto err_context; } if (move_group) { struct perf_event_context *gctx = group_leader->ctx; mutex_lock(&gctx->mutex); perf_remove_from_context(group_leader, false); perf_event__state_init(group_leader); list_for_each_entry(sibling, &group_leader->sibling_list, group_entry) { perf_remove_from_context(sibling, false); perf_event__state_init(sibling); put_ctx(gctx); } mutex_unlock(&gctx->mutex); put_ctx(gctx); } WARN_ON_ONCE(ctx->parent_ctx); mutex_lock(&ctx->mutex); if (move_group) { synchronize_rcu(); perf_install_in_context(ctx, group_leader, group_leader->cpu); get_ctx(ctx); list_for_each_entry(sibling, &group_leader->sibling_list, group_entry) { perf_install_in_context(ctx, sibling, sibling->cpu); get_ctx(ctx); } } perf_install_in_context(ctx, event, event->cpu); perf_unpin_context(ctx); mutex_unlock(&ctx->mutex); put_online_cpus(); event->owner = current; mutex_lock(¤t->perf_event_mutex); list_add_tail(&event->owner_entry, ¤t->perf_event_list); mutex_unlock(¤t->perf_event_mutex); perf_event__header_size(event); perf_event__id_header_size(event); fdput(group); fd_install(event_fd, event_file); return event_fd; err_context: perf_unpin_context(ctx); put_ctx(ctx); err_alloc: free_event(event); err_cpus: put_online_cpus(); err_task: if (task) put_task_struct(task); err_group_fd: fdput(group); err_fd: put_unused_fd(event_fd); return err; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,214499302658304,1 4403,CWE-125,"match_at(regex_t* reg, const UChar* str, const UChar* end, #ifdef USE_MATCH_RANGE_MUST_BE_INSIDE_OF_SPECIFIED_RANGE const UChar* right_range, #endif const UChar* sstart, UChar* sprev, OnigMatchArg* msa) { static UChar FinishCode[] = { OP_FINISH }; int i, n, num_mem, best_len, pop_level; LengthType tlen, tlen2; MemNumType mem; RelAddrType addr; UChar *s, *q, *sbegin; int is_alloca; char *alloc_base; OnigStackType *stk_base, *stk, *stk_end; OnigStackType *stkp; OnigStackIndex si; OnigStackIndex *repeat_stk; OnigStackIndex *mem_start_stk, *mem_end_stk; #ifdef USE_COMBINATION_EXPLOSION_CHECK int scv; unsigned char* state_check_buff = msa->state_check_buff; int num_comb_exp_check = reg->num_comb_exp_check; #endif UChar *p = reg->p; OnigOptionType option = reg->options; OnigEncoding encode = reg->enc; OnigCaseFoldType case_fold_flag = reg->case_fold_flag; pop_level = reg->stack_pop_level; num_mem = reg->num_mem; STACK_INIT(INIT_MATCH_STACK_SIZE); UPDATE_FOR_STACK_REALLOC; for (i = 1; i <= num_mem; i++) { mem_start_stk[i] = mem_end_stk[i] = INVALID_STACK_INDEX; } #ifdef ONIG_DEBUG_MATCH fprintf(stderr, ""match_at: str: %d, end: %d, start: %d, sprev: %d\n"", (int )str, (int )end, (int )sstart, (int )sprev); fprintf(stderr, ""size: %d, start offset: %d\n"", (int )(end - str), (int )(sstart - str)); #endif STACK_PUSH_ENSURED(STK_ALT, FinishCode); best_len = ONIG_MISMATCH; s = (UChar* )sstart; while (1) { #ifdef ONIG_DEBUG_MATCH { UChar *q, *bp, buf[50]; int len; fprintf(stderr, ""%4d> \"""", (int )(s - str)); bp = buf; for (i = 0, q = s; i < 7 && q < end; i++) { len = enclen(encode, q); while (len-- > 0) *bp++ = *q++; } if (q < end) { xmemcpy(bp, ""...\"""", 4); bp += 4; } else { xmemcpy(bp, ""\"""", 1); bp += 1; } *bp = 0; fputs((char* )buf, stderr); for (i = 0; i < 20 - (bp - buf); i++) fputc(' ', stderr); onig_print_compiled_byte_code(stderr, p, NULL, encode); fprintf(stderr, ""\n""); } #endif sbegin = s; switch (*p++) { case OP_END: MOP_IN(OP_END); n = s - sstart; if (n > best_len) { OnigRegion* region; #ifdef USE_FIND_LONGEST_SEARCH_ALL_OF_RANGE if (IS_FIND_LONGEST(option)) { if (n > msa->best_len) { msa->best_len = n; msa->best_s = (UChar* )sstart; } else goto end_best_len; } #endif best_len = n; region = msa->region; if (region) { #ifdef USE_POSIX_API_REGION_OPTION if (IS_POSIX_REGION(msa->options)) { posix_regmatch_t* rmt = (posix_regmatch_t* )region; rmt[0].rm_so = sstart - str; rmt[0].rm_eo = s - str; for (i = 1; i <= num_mem; i++) { if (mem_end_stk[i] != INVALID_STACK_INDEX) { if (BIT_STATUS_AT(reg->bt_mem_start, i)) rmt[i].rm_so = STACK_AT(mem_start_stk[i])->u.mem.pstr - str; else rmt[i].rm_so = (UChar* )((void* )(mem_start_stk[i])) - str; rmt[i].rm_eo = (BIT_STATUS_AT(reg->bt_mem_end, i) ? STACK_AT(mem_end_stk[i])->u.mem.pstr : (UChar* )((void* )mem_end_stk[i])) - str; } else { rmt[i].rm_so = rmt[i].rm_eo = ONIG_REGION_NOTPOS; } } } else { #endif region->beg[0] = sstart - str; region->end[0] = s - str; for (i = 1; i <= num_mem; i++) { if (mem_end_stk[i] != INVALID_STACK_INDEX) { if (BIT_STATUS_AT(reg->bt_mem_start, i)) region->beg[i] = STACK_AT(mem_start_stk[i])->u.mem.pstr - str; else region->beg[i] = (UChar* )((void* )mem_start_stk[i]) - str; region->end[i] = (BIT_STATUS_AT(reg->bt_mem_end, i) ? STACK_AT(mem_end_stk[i])->u.mem.pstr : (UChar* )((void* )mem_end_stk[i])) - str; } else { region->beg[i] = region->end[i] = ONIG_REGION_NOTPOS; } } #ifdef USE_CAPTURE_HISTORY if (reg->capture_history != 0) { int r; OnigCaptureTreeNode* node; if (IS_NULL(region->history_root)) { region->history_root = node = history_node_new(); CHECK_NULL_RETURN_MEMERR(node); } else { node = region->history_root; history_tree_clear(node); } node->group = 0; node->beg = sstart - str; node->end = s - str; stkp = stk_base; r = make_capture_history_tree(region->history_root, &stkp, stk, (UChar* )str, reg); if (r < 0) { best_len = r; goto finish; } } #endif #ifdef USE_POSIX_API_REGION_OPTION } #endif } } #ifdef USE_FIND_LONGEST_SEARCH_ALL_OF_RANGE end_best_len: #endif MOP_OUT; if (IS_FIND_CONDITION(option)) { if (IS_FIND_NOT_EMPTY(option) && s == sstart) { best_len = ONIG_MISMATCH; goto fail; } if (IS_FIND_LONGEST(option) && DATA_ENSURE_CHECK1) { goto fail; } } goto finish; break; case OP_EXACT1: MOP_IN(OP_EXACT1); #if 0 DATA_ENSURE(1); if (*p != *s) goto fail; p++; s++; #endif if (*p != *s++) goto fail; DATA_ENSURE(0); p++; MOP_OUT; break; case OP_EXACT1_IC: MOP_IN(OP_EXACT1_IC); { int len; UChar *q, lowbuf[ONIGENC_MBC_CASE_FOLD_MAXLEN]; DATA_ENSURE(1); len = ONIGENC_MBC_CASE_FOLD(encode, case_fold_flag, &s, end, lowbuf); DATA_ENSURE(0); q = lowbuf; while (len-- > 0) { if (*p != *q) { goto fail; } p++; q++; } } MOP_OUT; break; case OP_EXACT2: MOP_IN(OP_EXACT2); DATA_ENSURE(2); if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; sprev = s; p++; s++; MOP_OUT; continue; break; case OP_EXACT3: MOP_IN(OP_EXACT3); DATA_ENSURE(3); if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; sprev = s; p++; s++; MOP_OUT; continue; break; case OP_EXACT4: MOP_IN(OP_EXACT4); DATA_ENSURE(4); if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; sprev = s; p++; s++; MOP_OUT; continue; break; case OP_EXACT5: MOP_IN(OP_EXACT5); DATA_ENSURE(5); if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; sprev = s; p++; s++; MOP_OUT; continue; break; case OP_EXACTN: MOP_IN(OP_EXACTN); GET_LENGTH_INC(tlen, p); DATA_ENSURE(tlen); while (tlen-- > 0) { if (*p++ != *s++) goto fail; } sprev = s - 1; MOP_OUT; continue; break; case OP_EXACTN_IC: MOP_IN(OP_EXACTN_IC); { int len; UChar *q, *endp, lowbuf[ONIGENC_MBC_CASE_FOLD_MAXLEN]; GET_LENGTH_INC(tlen, p); endp = p + tlen; while (p < endp) { sprev = s; DATA_ENSURE(1); len = ONIGENC_MBC_CASE_FOLD(encode, case_fold_flag, &s, end, lowbuf); DATA_ENSURE(0); q = lowbuf; while (len-- > 0) { if (*p != *q) goto fail; p++; q++; } } } MOP_OUT; continue; break; case OP_EXACTMB2N1: MOP_IN(OP_EXACTMB2N1); DATA_ENSURE(2); if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; MOP_OUT; break; case OP_EXACTMB2N2: MOP_IN(OP_EXACTMB2N2); DATA_ENSURE(4); if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; sprev = s; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; MOP_OUT; continue; break; case OP_EXACTMB2N3: MOP_IN(OP_EXACTMB2N3); DATA_ENSURE(6); if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; sprev = s; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; MOP_OUT; continue; break; case OP_EXACTMB2N: MOP_IN(OP_EXACTMB2N); GET_LENGTH_INC(tlen, p); DATA_ENSURE(tlen * 2); while (tlen-- > 0) { if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; } sprev = s - 2; MOP_OUT; continue; break; case OP_EXACTMB3N: MOP_IN(OP_EXACTMB3N); GET_LENGTH_INC(tlen, p); DATA_ENSURE(tlen * 3); while (tlen-- > 0) { if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; if (*p != *s) goto fail; p++; s++; } sprev = s - 3; MOP_OUT; continue; break; case OP_EXACTMBN: MOP_IN(OP_EXACTMBN); GET_LENGTH_INC(tlen, p); GET_LENGTH_INC(tlen2, p); tlen2 *= tlen; DATA_ENSURE(tlen2); while (tlen2-- > 0) { if (*p != *s) goto fail; p++; s++; } sprev = s - tlen; MOP_OUT; continue; break; case OP_CCLASS: MOP_IN(OP_CCLASS); DATA_ENSURE(1); if (BITSET_AT(((BitSetRef )p), *s) == 0) goto fail; p += SIZE_BITSET; s += enclen(encode, s); MOP_OUT; break; case OP_CCLASS_MB: MOP_IN(OP_CCLASS_MB); if (! ONIGENC_IS_MBC_HEAD(encode, s)) goto fail; cclass_mb: GET_LENGTH_INC(tlen, p); { OnigCodePoint code; UChar *ss; int mb_len; DATA_ENSURE(1); mb_len = enclen(encode, s); DATA_ENSURE(mb_len); ss = s; s += mb_len; code = ONIGENC_MBC_TO_CODE(encode, ss, s); #ifdef PLATFORM_UNALIGNED_WORD_ACCESS if (! onig_is_in_code_range(p, code)) goto fail; #else q = p; ALIGNMENT_RIGHT(q); if (! onig_is_in_code_range(q, code)) goto fail; #endif } p += tlen; MOP_OUT; break; case OP_CCLASS_MIX: MOP_IN(OP_CCLASS_MIX); DATA_ENSURE(1); if (ONIGENC_IS_MBC_HEAD(encode, s)) { p += SIZE_BITSET; goto cclass_mb; } else { if (BITSET_AT(((BitSetRef )p), *s) == 0) goto fail; p += SIZE_BITSET; GET_LENGTH_INC(tlen, p); p += tlen; s++; } MOP_OUT; break; case OP_CCLASS_NOT: MOP_IN(OP_CCLASS_NOT); DATA_ENSURE(1); if (BITSET_AT(((BitSetRef )p), *s) != 0) goto fail; p += SIZE_BITSET; s += enclen(encode, s); MOP_OUT; break; case OP_CCLASS_MB_NOT: MOP_IN(OP_CCLASS_MB_NOT); DATA_ENSURE(1); if (! ONIGENC_IS_MBC_HEAD(encode, s)) { s++; GET_LENGTH_INC(tlen, p); p += tlen; goto cc_mb_not_success; } cclass_mb_not: GET_LENGTH_INC(tlen, p); { OnigCodePoint code; UChar *ss; int mb_len = enclen(encode, s); if (! DATA_ENSURE_CHECK(mb_len)) { DATA_ENSURE(1); s = (UChar* )end; p += tlen; goto cc_mb_not_success; } ss = s; s += mb_len; code = ONIGENC_MBC_TO_CODE(encode, ss, s); #ifdef PLATFORM_UNALIGNED_WORD_ACCESS if (onig_is_in_code_range(p, code)) goto fail; #else q = p; ALIGNMENT_RIGHT(q); if (onig_is_in_code_range(q, code)) goto fail; #endif } p += tlen; cc_mb_not_success: MOP_OUT; break; case OP_CCLASS_MIX_NOT: MOP_IN(OP_CCLASS_MIX_NOT); DATA_ENSURE(1); if (ONIGENC_IS_MBC_HEAD(encode, s)) { p += SIZE_BITSET; goto cclass_mb_not; } else { if (BITSET_AT(((BitSetRef )p), *s) != 0) goto fail; p += SIZE_BITSET; GET_LENGTH_INC(tlen, p); p += tlen; s++; } MOP_OUT; break; case OP_CCLASS_NODE: MOP_IN(OP_CCLASS_NODE); { OnigCodePoint code; void *node; int mb_len; UChar *ss; DATA_ENSURE(1); GET_POINTER_INC(node, p); mb_len = enclen(encode, s); ss = s; s += mb_len; DATA_ENSURE(0); code = ONIGENC_MBC_TO_CODE(encode, ss, s); if (onig_is_code_in_cc_len(mb_len, code, node) == 0) goto fail; } MOP_OUT; break; case OP_ANYCHAR: MOP_IN(OP_ANYCHAR); DATA_ENSURE(1); n = enclen(encode, s); DATA_ENSURE(n); if (ONIGENC_IS_MBC_NEWLINE(encode, s, end)) goto fail; s += n; MOP_OUT; break; case OP_ANYCHAR_ML: MOP_IN(OP_ANYCHAR_ML); DATA_ENSURE(1); n = enclen(encode, s); DATA_ENSURE(n); s += n; MOP_OUT; break; case OP_ANYCHAR_STAR: MOP_IN(OP_ANYCHAR_STAR); while (DATA_ENSURE_CHECK1) { STACK_PUSH_ALT(p, s, sprev); n = enclen(encode, s); DATA_ENSURE(n); if (ONIGENC_IS_MBC_NEWLINE(encode, s, end)) goto fail; sprev = s; s += n; } MOP_OUT; break; case OP_ANYCHAR_ML_STAR: MOP_IN(OP_ANYCHAR_ML_STAR); while (DATA_ENSURE_CHECK1) { STACK_PUSH_ALT(p, s, sprev); n = enclen(encode, s); if (n > 1) { DATA_ENSURE(n); sprev = s; s += n; } else { sprev = s; s++; } } MOP_OUT; break; case OP_ANYCHAR_STAR_PEEK_NEXT: MOP_IN(OP_ANYCHAR_STAR_PEEK_NEXT); while (DATA_ENSURE_CHECK1) { if (*p == *s) { STACK_PUSH_ALT(p + 1, s, sprev); } n = enclen(encode, s); DATA_ENSURE(n); if (ONIGENC_IS_MBC_NEWLINE(encode, s, end)) goto fail; sprev = s; s += n; } p++; MOP_OUT; break; case OP_ANYCHAR_ML_STAR_PEEK_NEXT:MOP_IN(OP_ANYCHAR_ML_STAR_PEEK_NEXT); while (DATA_ENSURE_CHECK1) { if (*p == *s) { STACK_PUSH_ALT(p + 1, s, sprev); } n = enclen(encode, s); if (n > 1) { DATA_ENSURE(n); sprev = s; s += n; } else { sprev = s; s++; } } p++; MOP_OUT; break; #ifdef USE_COMBINATION_EXPLOSION_CHECK case OP_STATE_CHECK_ANYCHAR_STAR: MOP_IN(OP_STATE_CHECK_ANYCHAR_STAR); GET_STATE_CHECK_NUM_INC(mem, p); while (DATA_ENSURE_CHECK1) { STATE_CHECK_VAL(scv, mem); if (scv) goto fail; STACK_PUSH_ALT_WITH_STATE_CHECK(p, s, sprev, mem); n = enclen(encode, s); DATA_ENSURE(n); if (ONIGENC_IS_MBC_NEWLINE(encode, s, end)) goto fail; sprev = s; s += n; } MOP_OUT; break; case OP_STATE_CHECK_ANYCHAR_ML_STAR: MOP_IN(OP_STATE_CHECK_ANYCHAR_ML_STAR); GET_STATE_CHECK_NUM_INC(mem, p); while (DATA_ENSURE_CHECK1) { STATE_CHECK_VAL(scv, mem); if (scv) goto fail; STACK_PUSH_ALT_WITH_STATE_CHECK(p, s, sprev, mem); n = enclen(encode, s); if (n > 1) { DATA_ENSURE(n); sprev = s; s += n; } else { sprev = s; s++; } } MOP_OUT; break; #endif case OP_WORD: MOP_IN(OP_WORD); DATA_ENSURE(1); if (! ONIGENC_IS_MBC_WORD(encode, s, end)) goto fail; s += enclen(encode, s); MOP_OUT; break; case OP_NOT_WORD: MOP_IN(OP_NOT_WORD); DATA_ENSURE(1); if (ONIGENC_IS_MBC_WORD(encode, s, end)) goto fail; s += enclen(encode, s); MOP_OUT; break; case OP_WORD_BOUND: MOP_IN(OP_WORD_BOUND); if (ON_STR_BEGIN(s)) { DATA_ENSURE(1); if (! ONIGENC_IS_MBC_WORD(encode, s, end)) goto fail; } else if (ON_STR_END(s)) { if (! ONIGENC_IS_MBC_WORD(encode, sprev, end)) goto fail; } else { if (ONIGENC_IS_MBC_WORD(encode, s, end) == ONIGENC_IS_MBC_WORD(encode, sprev, end)) goto fail; } MOP_OUT; continue; break; case OP_NOT_WORD_BOUND: MOP_IN(OP_NOT_WORD_BOUND); if (ON_STR_BEGIN(s)) { if (DATA_ENSURE_CHECK1 && ONIGENC_IS_MBC_WORD(encode, s, end)) goto fail; } else if (ON_STR_END(s)) { if (ONIGENC_IS_MBC_WORD(encode, sprev, end)) goto fail; } else { if (ONIGENC_IS_MBC_WORD(encode, s, end) != ONIGENC_IS_MBC_WORD(encode, sprev, end)) goto fail; } MOP_OUT; continue; break; #ifdef USE_WORD_BEGIN_END case OP_WORD_BEGIN: MOP_IN(OP_WORD_BEGIN); if (DATA_ENSURE_CHECK1 && ONIGENC_IS_MBC_WORD(encode, s, end)) { if (ON_STR_BEGIN(s) || !ONIGENC_IS_MBC_WORD(encode, sprev, end)) { MOP_OUT; continue; } } goto fail; break; case OP_WORD_END: MOP_IN(OP_WORD_END); if (!ON_STR_BEGIN(s) && ONIGENC_IS_MBC_WORD(encode, sprev, end)) { if (ON_STR_END(s) || !ONIGENC_IS_MBC_WORD(encode, s, end)) { MOP_OUT; continue; } } goto fail; break; #endif case OP_BEGIN_BUF: MOP_IN(OP_BEGIN_BUF); if (! ON_STR_BEGIN(s)) goto fail; MOP_OUT; continue; break; case OP_END_BUF: MOP_IN(OP_END_BUF); if (! ON_STR_END(s)) goto fail; MOP_OUT; continue; break; case OP_BEGIN_LINE: MOP_IN(OP_BEGIN_LINE); if (ON_STR_BEGIN(s)) { if (IS_NOTBOL(msa->options)) goto fail; MOP_OUT; continue; } else if (ONIGENC_IS_MBC_NEWLINE(encode, sprev, end) && !ON_STR_END(s)) { MOP_OUT; continue; } goto fail; break; case OP_END_LINE: MOP_IN(OP_END_LINE); if (ON_STR_END(s)) { #ifndef USE_NEWLINE_AT_END_OF_STRING_HAS_EMPTY_LINE if (IS_EMPTY_STR || !ONIGENC_IS_MBC_NEWLINE(encode, sprev, end)) { #endif if (IS_NOTEOL(msa->options)) goto fail; MOP_OUT; continue; #ifndef USE_NEWLINE_AT_END_OF_STRING_HAS_EMPTY_LINE } #endif } else if (ONIGENC_IS_MBC_NEWLINE(encode, s, end)) { MOP_OUT; continue; } #ifdef USE_CRNL_AS_LINE_TERMINATOR else if (ONIGENC_IS_MBC_CRNL(encode, s, end)) { MOP_OUT; continue; } #endif goto fail; break; case OP_SEMI_END_BUF: MOP_IN(OP_SEMI_END_BUF); if (ON_STR_END(s)) { #ifndef USE_NEWLINE_AT_END_OF_STRING_HAS_EMPTY_LINE if (IS_EMPTY_STR || !ONIGENC_IS_MBC_NEWLINE(encode, sprev, end)) { #endif if (IS_NOTEOL(msa->options)) goto fail; MOP_OUT; continue; #ifndef USE_NEWLINE_AT_END_OF_STRING_HAS_EMPTY_LINE } #endif } else if (ONIGENC_IS_MBC_NEWLINE(encode, s, end) && ON_STR_END(s + enclen(encode, s))) { MOP_OUT; continue; } #ifdef USE_CRNL_AS_LINE_TERMINATOR else if (ONIGENC_IS_MBC_CRNL(encode, s, end)) { UChar* ss = s + enclen(encode, s); ss += enclen(encode, ss); if (ON_STR_END(ss)) { MOP_OUT; continue; } } #endif goto fail; break; case OP_BEGIN_POSITION: MOP_IN(OP_BEGIN_POSITION); if (s != msa->start) goto fail; MOP_OUT; continue; break; case OP_MEMORY_START_PUSH: MOP_IN(OP_MEMORY_START_PUSH); GET_MEMNUM_INC(mem, p); STACK_PUSH_MEM_START(mem, s); MOP_OUT; continue; break; case OP_MEMORY_START: MOP_IN(OP_MEMORY_START); GET_MEMNUM_INC(mem, p); mem_start_stk[mem] = (OnigStackIndex )((void* )s); MOP_OUT; continue; break; case OP_MEMORY_END_PUSH: MOP_IN(OP_MEMORY_END_PUSH); GET_MEMNUM_INC(mem, p); STACK_PUSH_MEM_END(mem, s); MOP_OUT; continue; break; case OP_MEMORY_END: MOP_IN(OP_MEMORY_END); GET_MEMNUM_INC(mem, p); mem_end_stk[mem] = (OnigStackIndex )((void* )s); MOP_OUT; continue; break; #ifdef USE_SUBEXP_CALL case OP_MEMORY_END_PUSH_REC: MOP_IN(OP_MEMORY_END_PUSH_REC); GET_MEMNUM_INC(mem, p); STACK_GET_MEM_START(mem, stkp); STACK_PUSH_MEM_END(mem, s); mem_start_stk[mem] = GET_STACK_INDEX(stkp); MOP_OUT; continue; break; case OP_MEMORY_END_REC: MOP_IN(OP_MEMORY_END_REC); GET_MEMNUM_INC(mem, p); mem_end_stk[mem] = (OnigStackIndex )((void* )s); STACK_GET_MEM_START(mem, stkp); if (BIT_STATUS_AT(reg->bt_mem_start, mem)) mem_start_stk[mem] = GET_STACK_INDEX(stkp); else mem_start_stk[mem] = (OnigStackIndex )((void* )stkp->u.mem.pstr); STACK_PUSH_MEM_END_MARK(mem); MOP_OUT; continue; break; #endif case OP_BACKREF1: MOP_IN(OP_BACKREF1); mem = 1; goto backref; break; case OP_BACKREF2: MOP_IN(OP_BACKREF2); mem = 2; goto backref; break; case OP_BACKREFN: MOP_IN(OP_BACKREFN); GET_MEMNUM_INC(mem, p); backref: { int len; UChar *pstart, *pend; if (mem > num_mem) goto fail; if (mem_end_stk[mem] == INVALID_STACK_INDEX) goto fail; if (mem_start_stk[mem] == INVALID_STACK_INDEX) goto fail; if (BIT_STATUS_AT(reg->bt_mem_start, mem)) pstart = STACK_AT(mem_start_stk[mem])->u.mem.pstr; else pstart = (UChar* )((void* )mem_start_stk[mem]); pend = (BIT_STATUS_AT(reg->bt_mem_end, mem) ? STACK_AT(mem_end_stk[mem])->u.mem.pstr : (UChar* )((void* )mem_end_stk[mem])); n = pend - pstart; DATA_ENSURE(n); sprev = s; STRING_CMP(pstart, s, n); while (sprev + (len = enclen(encode, sprev)) < s) sprev += len; MOP_OUT; continue; } break; case OP_BACKREFN_IC: MOP_IN(OP_BACKREFN_IC); GET_MEMNUM_INC(mem, p); { int len; UChar *pstart, *pend; if (mem > num_mem) goto fail; if (mem_end_stk[mem] == INVALID_STACK_INDEX) goto fail; if (mem_start_stk[mem] == INVALID_STACK_INDEX) goto fail; if (BIT_STATUS_AT(reg->bt_mem_start, mem)) pstart = STACK_AT(mem_start_stk[mem])->u.mem.pstr; else pstart = (UChar* )((void* )mem_start_stk[mem]); pend = (BIT_STATUS_AT(reg->bt_mem_end, mem) ? STACK_AT(mem_end_stk[mem])->u.mem.pstr : (UChar* )((void* )mem_end_stk[mem])); n = pend - pstart; DATA_ENSURE(n); sprev = s; STRING_CMP_IC(case_fold_flag, pstart, &s, n); while (sprev + (len = enclen(encode, sprev)) < s) sprev += len; MOP_OUT; continue; } break; case OP_BACKREF_MULTI: MOP_IN(OP_BACKREF_MULTI); { int len, is_fail; UChar *pstart, *pend, *swork; GET_LENGTH_INC(tlen, p); for (i = 0; i < tlen; i++) { GET_MEMNUM_INC(mem, p); if (mem_end_stk[mem] == INVALID_STACK_INDEX) continue; if (mem_start_stk[mem] == INVALID_STACK_INDEX) continue; if (BIT_STATUS_AT(reg->bt_mem_start, mem)) pstart = STACK_AT(mem_start_stk[mem])->u.mem.pstr; else pstart = (UChar* )((void* )mem_start_stk[mem]); pend = (BIT_STATUS_AT(reg->bt_mem_end, mem) ? STACK_AT(mem_end_stk[mem])->u.mem.pstr : (UChar* )((void* )mem_end_stk[mem])); n = pend - pstart; DATA_ENSURE(n); sprev = s; swork = s; STRING_CMP_VALUE(pstart, swork, n, is_fail); if (is_fail) continue; s = swork; while (sprev + (len = enclen(encode, sprev)) < s) sprev += len; p += (SIZE_MEMNUM * (tlen - i - 1)); break; } if (i == tlen) goto fail; MOP_OUT; continue; } break; case OP_BACKREF_MULTI_IC: MOP_IN(OP_BACKREF_MULTI_IC); { int len, is_fail; UChar *pstart, *pend, *swork; GET_LENGTH_INC(tlen, p); for (i = 0; i < tlen; i++) { GET_MEMNUM_INC(mem, p); if (mem_end_stk[mem] == INVALID_STACK_INDEX) continue; if (mem_start_stk[mem] == INVALID_STACK_INDEX) continue; if (BIT_STATUS_AT(reg->bt_mem_start, mem)) pstart = STACK_AT(mem_start_stk[mem])->u.mem.pstr; else pstart = (UChar* )((void* )mem_start_stk[mem]); pend = (BIT_STATUS_AT(reg->bt_mem_end, mem) ? STACK_AT(mem_end_stk[mem])->u.mem.pstr : (UChar* )((void* )mem_end_stk[mem])); n = pend - pstart; DATA_ENSURE(n); sprev = s; swork = s; STRING_CMP_VALUE_IC(case_fold_flag, pstart, &swork, n, is_fail); if (is_fail) continue; s = swork; while (sprev + (len = enclen(encode, sprev)) < s) sprev += len; p += (SIZE_MEMNUM * (tlen - i - 1)); break; } if (i == tlen) goto fail; MOP_OUT; continue; } break; #ifdef USE_BACKREF_WITH_LEVEL case OP_BACKREF_WITH_LEVEL: { int len; OnigOptionType ic; LengthType level; GET_OPTION_INC(ic, p); GET_LENGTH_INC(level, p); GET_LENGTH_INC(tlen, p); sprev = s; if (backref_match_at_nested_level(reg, stk, stk_base, ic , case_fold_flag, (int )level, (int )tlen, p, &s, end)) { while (sprev + (len = enclen(encode, sprev)) < s) sprev += len; p += (SIZE_MEMNUM * tlen); } else goto fail; MOP_OUT; continue; } break; #endif #if 0 case OP_SET_OPTION_PUSH: MOP_IN(OP_SET_OPTION_PUSH); GET_OPTION_INC(option, p); STACK_PUSH_ALT(p, s, sprev); p += SIZE_OP_SET_OPTION + SIZE_OP_FAIL; MOP_OUT; continue; break; case OP_SET_OPTION: MOP_IN(OP_SET_OPTION); GET_OPTION_INC(option, p); MOP_OUT; continue; break; #endif case OP_NULL_CHECK_START: MOP_IN(OP_NULL_CHECK_START); GET_MEMNUM_INC(mem, p); STACK_PUSH_NULL_CHECK_START(mem, s); MOP_OUT; continue; break; case OP_NULL_CHECK_END: MOP_IN(OP_NULL_CHECK_END); { int isnull; GET_MEMNUM_INC(mem, p); STACK_NULL_CHECK(isnull, mem, s); if (isnull) { #ifdef ONIG_DEBUG_MATCH fprintf(stderr, ""NULL_CHECK_END: skip id:%d, s:%d\n"", (int )mem, (int )s); #endif null_check_found: switch (*p++) { case OP_JUMP: case OP_PUSH: p += SIZE_RELADDR; break; case OP_REPEAT_INC: case OP_REPEAT_INC_NG: case OP_REPEAT_INC_SG: case OP_REPEAT_INC_NG_SG: p += SIZE_MEMNUM; break; default: goto unexpected_bytecode_error; break; } } } MOP_OUT; continue; break; #ifdef USE_MONOMANIAC_CHECK_CAPTURES_IN_ENDLESS_REPEAT case OP_NULL_CHECK_END_MEMST: MOP_IN(OP_NULL_CHECK_END_MEMST); { int isnull; GET_MEMNUM_INC(mem, p); STACK_NULL_CHECK_MEMST(isnull, mem, s, reg); if (isnull) { #ifdef ONIG_DEBUG_MATCH fprintf(stderr, ""NULL_CHECK_END_MEMST: skip id:%d, s:%d\n"", (int )mem, (int )s); #endif if (isnull == -1) goto fail; goto null_check_found; } } MOP_OUT; continue; break; #endif #ifdef USE_SUBEXP_CALL case OP_NULL_CHECK_END_MEMST_PUSH: MOP_IN(OP_NULL_CHECK_END_MEMST_PUSH); { int isnull; GET_MEMNUM_INC(mem, p); #ifdef USE_MONOMANIAC_CHECK_CAPTURES_IN_ENDLESS_REPEAT STACK_NULL_CHECK_MEMST_REC(isnull, mem, s, reg); #else STACK_NULL_CHECK_REC(isnull, mem, s); #endif if (isnull) { #ifdef ONIG_DEBUG_MATCH fprintf(stderr, ""NULL_CHECK_END_MEMST_PUSH: skip id:%d, s:%d\n"", (int )mem, (int )s); #endif if (isnull == -1) goto fail; goto null_check_found; } else { STACK_PUSH_NULL_CHECK_END(mem); } } MOP_OUT; continue; break; #endif case OP_JUMP: MOP_IN(OP_JUMP); GET_RELADDR_INC(addr, p); p += addr; MOP_OUT; CHECK_INTERRUPT_IN_MATCH_AT; continue; break; case OP_PUSH: MOP_IN(OP_PUSH); GET_RELADDR_INC(addr, p); STACK_PUSH_ALT(p + addr, s, sprev); MOP_OUT; continue; break; #ifdef USE_COMBINATION_EXPLOSION_CHECK case OP_STATE_CHECK_PUSH: MOP_IN(OP_STATE_CHECK_PUSH); GET_STATE_CHECK_NUM_INC(mem, p); STATE_CHECK_VAL(scv, mem); if (scv) goto fail; GET_RELADDR_INC(addr, p); STACK_PUSH_ALT_WITH_STATE_CHECK(p + addr, s, sprev, mem); MOP_OUT; continue; break; case OP_STATE_CHECK_PUSH_OR_JUMP: MOP_IN(OP_STATE_CHECK_PUSH_OR_JUMP); GET_STATE_CHECK_NUM_INC(mem, p); GET_RELADDR_INC(addr, p); STATE_CHECK_VAL(scv, mem); if (scv) { p += addr; } else { STACK_PUSH_ALT_WITH_STATE_CHECK(p + addr, s, sprev, mem); } MOP_OUT; continue; break; case OP_STATE_CHECK: MOP_IN(OP_STATE_CHECK); GET_STATE_CHECK_NUM_INC(mem, p); STATE_CHECK_VAL(scv, mem); if (scv) goto fail; STACK_PUSH_STATE_CHECK(s, mem); MOP_OUT; continue; break; #endif case OP_POP: MOP_IN(OP_POP); STACK_POP_ONE; MOP_OUT; continue; break; case OP_PUSH_OR_JUMP_EXACT1: MOP_IN(OP_PUSH_OR_JUMP_EXACT1); GET_RELADDR_INC(addr, p); if (*p == *s && DATA_ENSURE_CHECK1) { p++; STACK_PUSH_ALT(p + addr, s, sprev); MOP_OUT; continue; } p += (addr + 1); MOP_OUT; continue; break; case OP_PUSH_IF_PEEK_NEXT: MOP_IN(OP_PUSH_IF_PEEK_NEXT); GET_RELADDR_INC(addr, p); if (*p == *s) { p++; STACK_PUSH_ALT(p + addr, s, sprev); MOP_OUT; continue; } p++; MOP_OUT; continue; break; case OP_REPEAT: MOP_IN(OP_REPEAT); { GET_MEMNUM_INC(mem, p); GET_RELADDR_INC(addr, p); STACK_ENSURE(1); repeat_stk[mem] = GET_STACK_INDEX(stk); STACK_PUSH_REPEAT(mem, p); if (reg->repeat_range[mem].lower == 0) { STACK_PUSH_ALT(p + addr, s, sprev); } } MOP_OUT; continue; break; case OP_REPEAT_NG: MOP_IN(OP_REPEAT_NG); { GET_MEMNUM_INC(mem, p); GET_RELADDR_INC(addr, p); STACK_ENSURE(1); repeat_stk[mem] = GET_STACK_INDEX(stk); STACK_PUSH_REPEAT(mem, p); if (reg->repeat_range[mem].lower == 0) { STACK_PUSH_ALT(p, s, sprev); p += addr; } } MOP_OUT; continue; break; case OP_REPEAT_INC: MOP_IN(OP_REPEAT_INC); GET_MEMNUM_INC(mem, p); si = repeat_stk[mem]; stkp = STACK_AT(si); repeat_inc: stkp->u.repeat.count++; if (stkp->u.repeat.count >= reg->repeat_range[mem].upper) { } else if (stkp->u.repeat.count >= reg->repeat_range[mem].lower) { STACK_PUSH_ALT(p, s, sprev); p = STACK_AT(si)->u.repeat.pcode; } else { p = stkp->u.repeat.pcode; } STACK_PUSH_REPEAT_INC(si); MOP_OUT; CHECK_INTERRUPT_IN_MATCH_AT; continue; break; case OP_REPEAT_INC_SG: MOP_IN(OP_REPEAT_INC_SG); GET_MEMNUM_INC(mem, p); STACK_GET_REPEAT(mem, stkp); si = GET_STACK_INDEX(stkp); goto repeat_inc; break; case OP_REPEAT_INC_NG: MOP_IN(OP_REPEAT_INC_NG); GET_MEMNUM_INC(mem, p); si = repeat_stk[mem]; stkp = STACK_AT(si); repeat_inc_ng: stkp->u.repeat.count++; if (stkp->u.repeat.count < reg->repeat_range[mem].upper) { if (stkp->u.repeat.count >= reg->repeat_range[mem].lower) { UChar* pcode = stkp->u.repeat.pcode; STACK_PUSH_REPEAT_INC(si); STACK_PUSH_ALT(pcode, s, sprev); } else { p = stkp->u.repeat.pcode; STACK_PUSH_REPEAT_INC(si); } } else if (stkp->u.repeat.count == reg->repeat_range[mem].upper) { STACK_PUSH_REPEAT_INC(si); } MOP_OUT; CHECK_INTERRUPT_IN_MATCH_AT; continue; break; case OP_REPEAT_INC_NG_SG: MOP_IN(OP_REPEAT_INC_NG_SG); GET_MEMNUM_INC(mem, p); STACK_GET_REPEAT(mem, stkp); si = GET_STACK_INDEX(stkp); goto repeat_inc_ng; break; case OP_PUSH_POS: MOP_IN(OP_PUSH_POS); STACK_PUSH_POS(s, sprev); MOP_OUT; continue; break; case OP_POP_POS: MOP_IN(OP_POP_POS); { STACK_POS_END(stkp); s = stkp->u.state.pstr; sprev = stkp->u.state.pstr_prev; } MOP_OUT; continue; break; case OP_PUSH_POS_NOT: MOP_IN(OP_PUSH_POS_NOT); GET_RELADDR_INC(addr, p); STACK_PUSH_POS_NOT(p + addr, s, sprev); MOP_OUT; continue; break; case OP_FAIL_POS: MOP_IN(OP_FAIL_POS); STACK_POP_TIL_POS_NOT; goto fail; break; case OP_PUSH_STOP_BT: MOP_IN(OP_PUSH_STOP_BT); STACK_PUSH_STOP_BT; MOP_OUT; continue; break; case OP_POP_STOP_BT: MOP_IN(OP_POP_STOP_BT); STACK_STOP_BT_END; MOP_OUT; continue; break; case OP_LOOK_BEHIND: MOP_IN(OP_LOOK_BEHIND); GET_LENGTH_INC(tlen, p); s = (UChar* )ONIGENC_STEP_BACK(encode, str, s, (int )tlen); if (IS_NULL(s)) goto fail; sprev = (UChar* )onigenc_get_prev_char_head(encode, str, s); MOP_OUT; continue; break; case OP_PUSH_LOOK_BEHIND_NOT: MOP_IN(OP_PUSH_LOOK_BEHIND_NOT); GET_RELADDR_INC(addr, p); GET_LENGTH_INC(tlen, p); q = (UChar* )ONIGENC_STEP_BACK(encode, str, s, (int )tlen); if (IS_NULL(q)) { p += addr; } else { STACK_PUSH_LOOK_BEHIND_NOT(p + addr, s, sprev); s = q; sprev = (UChar* )onigenc_get_prev_char_head(encode, str, s); } MOP_OUT; continue; break; case OP_FAIL_LOOK_BEHIND_NOT: MOP_IN(OP_FAIL_LOOK_BEHIND_NOT); STACK_POP_TIL_LOOK_BEHIND_NOT; goto fail; break; #ifdef USE_SUBEXP_CALL case OP_CALL: MOP_IN(OP_CALL); GET_ABSADDR_INC(addr, p); STACK_PUSH_CALL_FRAME(p); p = reg->p + addr; MOP_OUT; continue; break; case OP_RETURN: MOP_IN(OP_RETURN); STACK_RETURN(p); STACK_PUSH_RETURN; MOP_OUT; continue; break; #endif case OP_FINISH: goto finish; break; fail: MOP_OUT; case OP_FAIL: MOP_IN(OP_FAIL); STACK_POP; p = stk->u.state.pcode; s = stk->u.state.pstr; sprev = stk->u.state.pstr_prev; #ifdef USE_COMBINATION_EXPLOSION_CHECK if (stk->u.state.state_check != 0) { stk->type = STK_STATE_CHECK_MARK; stk++; } #endif MOP_OUT; continue; break; default: goto bytecode_error; } sprev = sbegin; } finish: STACK_SAVE; return best_len; #ifdef ONIG_DEBUG stack_error: STACK_SAVE; return ONIGERR_STACK_BUG; #endif bytecode_error: STACK_SAVE; return ONIGERR_UNDEFINED_BYTECODE; unexpected_bytecode_error: STACK_SAVE; return ONIGERR_UNEXPECTED_BYTECODE; }",visit repo url,src/regexec.c,https://github.com/kkos/oniguruma,233213274380012,1 2200,['CWE-193'],"asmlinkage ssize_t sys_readahead(int fd, loff_t offset, size_t count) { ssize_t ret; struct file *file; ret = -EBADF; file = fget(fd); if (file) { if (file->f_mode & FMODE_READ) { struct address_space *mapping = file->f_mapping; pgoff_t start = offset >> PAGE_CACHE_SHIFT; pgoff_t end = (offset + count - 1) >> PAGE_CACHE_SHIFT; unsigned long len = end - start + 1; ret = do_readahead(mapping, file, start, len); } fput(file); } return ret; }",linux-2.6,,,169461602936136993296237105740623394913,0 5236,['CWE-264'],"static bool get_inherited_flag(struct pai_val *pal, canon_ace *ace_entry, bool default_ace) { struct pai_entry *paie; if (!pal) return False; for (paie = (default_ace ? pal->def_entry_list : pal->entry_list); paie; paie = paie->next) { if (ace_entry->owner_type == paie->owner_type && get_entry_val(ace_entry) == get_pai_entry_val(paie)) return True; } return False; }",samba,,,175342679048871600769669697284449309287,0 3446,['CWE-20'],"run_validity_tests (const ValidityTest *tests, int n_tests, DBusValidity (* func) (const DBusString*,int,int)) { int i; for (i = 0; i < n_tests; i++) { DBusString str; DBusValidity v; _dbus_string_init_const (&str, tests[i].data); v = (*func) (&str, 0, _dbus_string_get_length (&str)); if (v != tests[i].expected) { _dbus_warn (""Improper validation result %d for '%s'\n"", v, tests[i].data); _dbus_assert_not_reached (""test failed""); } ++i; } }",dbus,,,287422166101857955379324402097061326614,0 3802,CWE-122,"compile_get_env(char_u **arg, cctx_T *cctx) { char_u *start = *arg; int len; int ret; char_u *name; ++*arg; len = get_env_len(arg); if (len == 0) { semsg(_(e_syntax_error_at_str), start - 1); return FAIL; } name = vim_strnsave(start, len + 1); ret = generate_LOAD(cctx, ISN_LOADENV, 0, name, &t_string); vim_free(name); return ret; }",visit repo url,src/vim9expr.c,https://github.com/vim/vim,228228089063206,1 3295,['CWE-189'],"void jpc_ppxstabent_destroy(jpc_ppxstabent_t *ent) { if (ent->data) { jas_free(ent->data); } jas_free(ent); }",jasper,,,324844966789788167598296682967815552360,0 2608,CWE-415,"void gdImageWBMPCtx (gdImagePtr image, int fg, gdIOCtx * out) { int x, y, pos; Wbmp *wbmp; if ((wbmp = createwbmp (gdImageSX (image), gdImageSY (image), WBMP_WHITE)) == NULL) { gd_error(""Could not create WBMP""); return; } pos = 0; for (y = 0; y < gdImageSY(image); y++) { for (x = 0; x < gdImageSX(image); x++) { if (gdImageGetPixel (image, x, y) == fg) { wbmp->bitmap[pos] = WBMP_BLACK; } pos++; } } if (writewbmp (wbmp, &gd_putout, out)) { gd_error(""Could not save WBMP""); } freewbmp(wbmp); }",visit repo url,ext/gd/libgd/gd_wbmp.c,https://github.com/php/php-src,164317273152755,1 5429,CWE-190,"gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) { TIFF* tif = img->tif; tileSeparateRoutine put = img->put.separate; unsigned char *buf = NULL; unsigned char *p0 = NULL, *p1 = NULL, *p2 = NULL, *pa = NULL; uint32 row, y, nrow, rowstoread; tmsize_t pos; tmsize_t scanline; uint32 rowsperstrip, offset_row; uint32 imagewidth = img->width; tmsize_t stripsize; tmsize_t bufsize; int32 fromskew, toskew; int alpha = img->alpha; int ret = 1, flip; uint16 colorchannels; stripsize = TIFFStripSize(tif); bufsize = _TIFFMultiplySSize(tif,alpha?4:3,stripsize, ""gtStripSeparate""); if (bufsize == 0) { return (0); } flip = setorientation(img); if (flip & FLIP_VERTICALLY) { y = h - 1; toskew = -(int32)(w + w); } else { y = 0; toskew = -(int32)(w - w); } switch( img->photometric ) { case PHOTOMETRIC_MINISWHITE: case PHOTOMETRIC_MINISBLACK: case PHOTOMETRIC_PALETTE: colorchannels = 1; break; default: colorchannels = 3; break; } TIFFGetFieldDefaulted(tif, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); scanline = TIFFScanlineSize(tif); fromskew = (w < imagewidth ? imagewidth - w : 0); for (row = 0; row < h; row += nrow) { rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip; nrow = (row + rowstoread > h ? h - row : rowstoread); offset_row = row + img->row_offset; if( buf == NULL ) { if (_TIFFReadEncodedStripAndAllocBuffer( tif, TIFFComputeStrip(tif, offset_row, 0), (void**) &buf, bufsize, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && (buf == NULL || img->stoponerr)) { ret = 0; break; } p0 = buf; if( colorchannels == 1 ) { p2 = p1 = p0; pa = (alpha?(p0+3*stripsize):NULL); } else { p1 = p0 + stripsize; p2 = p1 + stripsize; pa = (alpha?(p2+stripsize):NULL); } } else if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0), p0, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } if (colorchannels > 1 && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 1), p1, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } if (colorchannels > 1 && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 2), p2, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } if (alpha) { if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, colorchannels), pa, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } } pos = ((row + img->row_offset) % rowsperstrip) * scanline + \ ((tmsize_t) img->col_offset * img->samplesperpixel); (*put)(img, raster+y*w, 0, y, w, nrow, fromskew, toskew, p0 + pos, p1 + pos, p2 + pos, (alpha?(pa+pos):NULL)); y += ((flip & FLIP_VERTICALLY) ? -(int32) nrow : (int32) nrow); } if (flip & FLIP_HORIZONTALLY) { uint32 line; for (line = 0; line < h; line++) { uint32 *left = raster + (line * w); uint32 *right = left + w - 1; while ( left < right ) { uint32 temp = *left; *left = *right; *right = temp; left++; right--; } } } _TIFFfree(buf); return (ret); }",visit repo url,gdal/frmts/gtiff/libtiff/tif_getimage.c,https://github.com/OSGeo/gdal,59943543133499,1 4841,CWE-119,"static int read_public_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I1012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_public_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,241413677709066,1 1481,[],"void __init sched_init_smp(void) { #if defined(CONFIG_NUMA) sched_group_nodes_bycpu = kzalloc(nr_cpu_ids * sizeof(void **), GFP_KERNEL); BUG_ON(sched_group_nodes_bycpu == NULL); #endif sched_init_granularity(); }",linux-2.6,,,301694161017755659819096177173151016404,0 1687,[],"static void fire_sched_in_preempt_notifiers(struct task_struct *curr) { }",linux-2.6,,,293494300319869948614180368511797882193,0 2569,CWE-416,"static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, size_t size, bool no_rss) { VirtIONet *n = qemu_get_nic_opaque(nc); VirtIONetQueue *q = virtio_net_get_subqueue(nc); VirtIODevice *vdev = VIRTIO_DEVICE(n); struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE]; struct virtio_net_hdr_mrg_rxbuf mhdr; unsigned mhdr_cnt = 0; size_t offset, i, guest_offset; if (!virtio_net_can_receive(nc)) { return -1; } if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) { int index = virtio_net_process_rss(nc, buf, size); if (index >= 0) { NetClientState *nc2 = qemu_get_subqueue(n->nic, index); return virtio_net_receive_rcu(nc2, buf, size, true); } } if (!virtio_net_has_buffers(q, size + n->guest_hdr_len - n->host_hdr_len)) { return 0; } if (!receive_filter(n, buf, size)) return size; offset = i = 0; while (offset < size) { VirtQueueElement *elem; int len, total; const struct iovec *sg; total = 0; elem = virtqueue_pop(q->rx_vq, sizeof(VirtQueueElement)); if (!elem) { if (i) { virtio_error(vdev, ""virtio-net unexpected empty queue: "" ""i %zd mergeable %d offset %zd, size %zd, "" ""guest hdr len %zd, host hdr len %zd "" ""guest features 0x%"" PRIx64, i, n->mergeable_rx_bufs, offset, size, n->guest_hdr_len, n->host_hdr_len, vdev->guest_features); } return -1; } if (elem->in_num < 1) { virtio_error(vdev, ""virtio-net receive queue contains no in buffers""); virtqueue_detach_element(q->rx_vq, elem, 0); g_free(elem); return -1; } sg = elem->in_sg; if (i == 0) { assert(offset == 0); if (n->mergeable_rx_bufs) { mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg), sg, elem->in_num, offsetof(typeof(mhdr), num_buffers), sizeof(mhdr.num_buffers)); } receive_header(n, sg, elem->in_num, buf, size); if (n->rss_data.populate_hash) { offset = sizeof(mhdr); iov_from_buf(sg, elem->in_num, offset, buf + offset, n->host_hdr_len - sizeof(mhdr)); } offset = n->host_hdr_len; total += n->guest_hdr_len; guest_offset = n->guest_hdr_len; } else { guest_offset = 0; } len = iov_from_buf(sg, elem->in_num, guest_offset, buf + offset, size - offset); total += len; offset += len; if (!n->mergeable_rx_bufs && offset < size) { virtqueue_unpop(q->rx_vq, elem, total); g_free(elem); return size; } virtqueue_fill(q->rx_vq, elem, total, i++); g_free(elem); } if (mhdr_cnt) { virtio_stw_p(vdev, &mhdr.num_buffers, i); iov_from_buf(mhdr_sg, mhdr_cnt, 0, &mhdr.num_buffers, sizeof mhdr.num_buffers); } virtqueue_flush(q->rx_vq, i); virtio_notify(vdev, q->rx_vq); return size; }",visit repo url,hw/net/virtio-net.c,https://github.com/qemu/qemu,97841320327665,1 2329,NVD-CWE-Other,"dispatch_cmd(conn c) { int r, i, timeout = -1; size_t z; unsigned int count; job j; unsigned char type; char *size_buf, *delay_buf, *ttr_buf, *pri_buf, *end_buf, *name; unsigned int pri, body_size; usec delay, ttr; uint64_t id; tube t = NULL; c->cmd[c->cmd_len - 2] = '\0'; if (strlen(c->cmd) != c->cmd_len - 2) { return reply_msg(c, MSG_BAD_FORMAT); } type = which_cmd(c); dprintf(""got %s command: \""%s\""\n"", op_names[(int) type], c->cmd); switch (type) { case OP_PUT: r = read_pri(&pri, c->cmd + 4, &delay_buf); if (r) return reply_msg(c, MSG_BAD_FORMAT); r = read_delay(&delay, delay_buf, &ttr_buf); if (r) return reply_msg(c, MSG_BAD_FORMAT); r = read_ttr(&ttr, ttr_buf, &size_buf); if (r) return reply_msg(c, MSG_BAD_FORMAT); errno = 0; body_size = strtoul(size_buf, &end_buf, 10); if (errno) return reply_msg(c, MSG_BAD_FORMAT); if (body_size > job_data_size_limit) { return reply_msg(c, MSG_JOB_TOO_BIG); } if (end_buf[0] != '\0') return reply_msg(c, MSG_BAD_FORMAT); conn_set_producer(c); c->in_job = make_job(pri, delay, ttr ? : 1, body_size + 2, c->use); if (!c->in_job) { twarnx(""server error: "" MSG_OUT_OF_MEMORY); return skip(c, body_size + 2, MSG_OUT_OF_MEMORY); } fill_extra_data(c); maybe_enqueue_incoming_job(c); break; case OP_PEEK_READY: if (c->cmd_len != CMD_PEEK_READY_LEN + 2) { return reply_msg(c, MSG_BAD_FORMAT); } op_ct[type]++; j = job_copy(pq_peek(&c->use->ready)); if (!j) return reply(c, MSG_NOTFOUND, MSG_NOTFOUND_LEN, STATE_SENDWORD); reply_job(c, j, MSG_FOUND); break; case OP_PEEK_DELAYED: if (c->cmd_len != CMD_PEEK_DELAYED_LEN + 2) { return reply_msg(c, MSG_BAD_FORMAT); } op_ct[type]++; j = job_copy(pq_peek(&c->use->delay)); if (!j) return reply(c, MSG_NOTFOUND, MSG_NOTFOUND_LEN, STATE_SENDWORD); reply_job(c, j, MSG_FOUND); break; case OP_PEEK_BURIED: if (c->cmd_len != CMD_PEEK_BURIED_LEN + 2) { return reply_msg(c, MSG_BAD_FORMAT); } op_ct[type]++; j = job_copy(buried_job_p(c->use)? j = c->use->buried.next : NULL); if (!j) return reply(c, MSG_NOTFOUND, MSG_NOTFOUND_LEN, STATE_SENDWORD); reply_job(c, j, MSG_FOUND); break; case OP_PEEKJOB: errno = 0; id = strtoull(c->cmd + CMD_PEEKJOB_LEN, &end_buf, 10); if (errno) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; j = job_copy(peek_job(id)); if (!j) return reply(c, MSG_NOTFOUND, MSG_NOTFOUND_LEN, STATE_SENDWORD); reply_job(c, j, MSG_FOUND); break; case OP_RESERVE_TIMEOUT: errno = 0; timeout = strtol(c->cmd + CMD_RESERVE_TIMEOUT_LEN, &end_buf, 10); if (errno) return reply_msg(c, MSG_BAD_FORMAT); case OP_RESERVE: if (type == OP_RESERVE && c->cmd_len != CMD_RESERVE_LEN + 2) { return reply_msg(c, MSG_BAD_FORMAT); } op_ct[type]++; conn_set_worker(c); if (conn_has_close_deadline(c) && !conn_ready(c)) { return reply_msg(c, MSG_DEADLINE_SOON); } wait_for_job(c, timeout); process_queue(); break; case OP_DELETE: errno = 0; id = strtoull(c->cmd + CMD_DELETE_LEN, &end_buf, 10); if (errno) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; j = job_find(id); j = remove_reserved_job(c, j) ? : remove_ready_job(j) ? : remove_buried_job(j); if (!j) return reply(c, MSG_NOTFOUND, MSG_NOTFOUND_LEN, STATE_SENDWORD); j->state = JOB_STATE_INVALID; r = binlog_write_job(j); job_free(j); if (!r) return reply_serr(c, MSG_INTERNAL_ERROR); reply(c, MSG_DELETED, MSG_DELETED_LEN, STATE_SENDWORD); break; case OP_RELEASE: errno = 0; id = strtoull(c->cmd + CMD_RELEASE_LEN, &pri_buf, 10); if (errno) return reply_msg(c, MSG_BAD_FORMAT); r = read_pri(&pri, pri_buf, &delay_buf); if (r) return reply_msg(c, MSG_BAD_FORMAT); r = read_delay(&delay, delay_buf, NULL); if (r) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; j = remove_reserved_job(c, job_find(id)); if (!j) return reply(c, MSG_NOTFOUND, MSG_NOTFOUND_LEN, STATE_SENDWORD); if (delay) { z = binlog_reserve_space_update(j); if (!z) return reply_serr(c, MSG_OUT_OF_MEMORY); j->reserved_binlog_space += z; } j->pri = pri; j->delay = delay; j->release_ct++; r = enqueue_job(j, delay, !!delay); if (r < 0) return reply_serr(c, MSG_INTERNAL_ERROR); if (r == 1) { return reply(c, MSG_RELEASED, MSG_RELEASED_LEN, STATE_SENDWORD); } bury_job(j, 0); reply(c, MSG_BURIED, MSG_BURIED_LEN, STATE_SENDWORD); break; case OP_BURY: errno = 0; id = strtoull(c->cmd + CMD_BURY_LEN, &pri_buf, 10); if (errno) return reply_msg(c, MSG_BAD_FORMAT); r = read_pri(&pri, pri_buf, NULL); if (r) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; j = remove_reserved_job(c, job_find(id)); if (!j) return reply(c, MSG_NOTFOUND, MSG_NOTFOUND_LEN, STATE_SENDWORD); j->pri = pri; r = bury_job(j, 1); if (!r) return reply_serr(c, MSG_INTERNAL_ERROR); reply(c, MSG_BURIED, MSG_BURIED_LEN, STATE_SENDWORD); break; case OP_KICK: errno = 0; count = strtoul(c->cmd + CMD_KICK_LEN, &end_buf, 10); if (end_buf == c->cmd + CMD_KICK_LEN) { return reply_msg(c, MSG_BAD_FORMAT); } if (errno) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; i = kick_jobs(c->use, count); return reply_line(c, STATE_SENDWORD, ""KICKED %u\r\n"", i); case OP_TOUCH: errno = 0; id = strtoull(c->cmd + CMD_TOUCH_LEN, &end_buf, 10); if (errno) return twarn(""strtoull""), reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; j = touch_job(c, job_find(id)); if (j) { reply(c, MSG_TOUCHED, MSG_TOUCHED_LEN, STATE_SENDWORD); } else { return reply(c, MSG_NOTFOUND, MSG_NOTFOUND_LEN, STATE_SENDWORD); } break; case OP_STATS: if (c->cmd_len != CMD_STATS_LEN + 2) { return reply_msg(c, MSG_BAD_FORMAT); } op_ct[type]++; do_stats(c, fmt_stats, NULL); break; case OP_JOBSTATS: errno = 0; id = strtoull(c->cmd + CMD_JOBSTATS_LEN, &end_buf, 10); if (errno) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; j = peek_job(id); if (!j) return reply(c, MSG_NOTFOUND, MSG_NOTFOUND_LEN, STATE_SENDWORD); if (!j->tube) return reply_serr(c, MSG_INTERNAL_ERROR); do_stats(c, (fmt_fn) fmt_job_stats, j); break; case OP_STATS_TUBE: name = c->cmd + CMD_STATS_TUBE_LEN; if (!name_is_ok(name, 200)) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; t = tube_find(name); if (!t) return reply_msg(c, MSG_NOTFOUND); do_stats(c, (fmt_fn) fmt_stats_tube, t); t = NULL; break; case OP_LIST_TUBES: if (c->cmd_len != CMD_LIST_TUBES_LEN + 2) { return reply_msg(c, MSG_BAD_FORMAT); } op_ct[type]++; do_list_tubes(c, &tubes); break; case OP_LIST_TUBE_USED: if (c->cmd_len != CMD_LIST_TUBE_USED_LEN + 2) { return reply_msg(c, MSG_BAD_FORMAT); } op_ct[type]++; reply_line(c, STATE_SENDWORD, ""USING %s\r\n"", c->use->name); break; case OP_LIST_TUBES_WATCHED: if (c->cmd_len != CMD_LIST_TUBES_WATCHED_LEN + 2) { return reply_msg(c, MSG_BAD_FORMAT); } op_ct[type]++; do_list_tubes(c, &c->watch); break; case OP_USE: name = c->cmd + CMD_USE_LEN; if (!name_is_ok(name, 200)) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; TUBE_ASSIGN(t, tube_find_or_make(name)); if (!t) return reply_serr(c, MSG_OUT_OF_MEMORY); c->use->using_ct--; TUBE_ASSIGN(c->use, t); TUBE_ASSIGN(t, NULL); c->use->using_ct++; reply_line(c, STATE_SENDWORD, ""USING %s\r\n"", c->use->name); break; case OP_WATCH: name = c->cmd + CMD_WATCH_LEN; if (!name_is_ok(name, 200)) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; TUBE_ASSIGN(t, tube_find_or_make(name)); if (!t) return reply_serr(c, MSG_OUT_OF_MEMORY); r = 1; if (!ms_contains(&c->watch, t)) r = ms_append(&c->watch, t); TUBE_ASSIGN(t, NULL); if (!r) return reply_serr(c, MSG_OUT_OF_MEMORY); reply_line(c, STATE_SENDWORD, ""WATCHING %d\r\n"", c->watch.used); break; case OP_IGNORE: name = c->cmd + CMD_IGNORE_LEN; if (!name_is_ok(name, 200)) return reply_msg(c, MSG_BAD_FORMAT); op_ct[type]++; t = NULL; for (i = 0; i < c->watch.used; i++) { t = c->watch.items[i]; if (strncmp(t->name, name, MAX_TUBE_NAME_LEN) == 0) break; t = NULL; } if (t && c->watch.used < 2) return reply_msg(c, MSG_NOT_IGNORED); if (t) ms_remove(&c->watch, t); t = NULL; reply_line(c, STATE_SENDWORD, ""WATCHING %d\r\n"", c->watch.used); break; case OP_QUIT: conn_close(c); break; case OP_PAUSE_TUBE: op_ct[type]++; r = read_tube_name(&name, c->cmd + CMD_PAUSE_TUBE_LEN, &delay_buf); if (r) return reply_msg(c, MSG_BAD_FORMAT); r = read_delay(&delay, delay_buf, NULL); if (r) return reply_msg(c, MSG_BAD_FORMAT); *delay_buf = '\0'; t = tube_find(name); if (!t) return reply_msg(c, MSG_NOTFOUND); t->deadline_at = now_usec() + delay; t->pause = delay; t->stat.pause_ct++; set_main_delay_timeout(); reply_line(c, STATE_SENDWORD, ""PAUSED\r\n""); break; default: return reply_msg(c, MSG_UNKNOWN_COMMAND); } }",visit repo url,prot.c,https://github.com/kr/beanstalkd,127529511974345,1 4610,CWE-190,"static s32 gf_media_vvc_read_pps_bs_internal(GF_BitStream *bs, VVCState *vvc) { u32 i; s32 pps_id; VVC_PPS *pps; pps_id = gf_bs_read_int_log(bs, 6, ""pps_id""); if ((pps_id < 0) || (pps_id >= 64)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] wrong PPS ID %d in PPS\n"", pps_id)); return -1; } pps = &vvc->pps[pps_id]; if (!pps->state) { pps->id = pps_id; pps->state = 1; } pps->sps_id = gf_bs_read_int_log(bs, 4, ""sps_id""); if (pps->sps_id >= 16) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] wrong SPS ID %d in PPS\n"", pps->sps_id)); pps->sps_id=0; return -1; } vvc->sps_active_idx = pps->sps_id; pps->mixed_nal_types = gf_bs_read_int_log(bs, 1, ""mixed_nal_types""); pps->width = gf_bs_read_ue_log(bs, ""width""); pps->height = gf_bs_read_ue_log(bs, ""height""); pps->conf_window = gf_bs_read_int_log(bs, 1, ""conformance_window_flag""); if (pps->conf_window) { pps->cw_left = gf_bs_read_ue_log(bs, ""conf_win_left_offset""); pps->cw_right = gf_bs_read_ue_log(bs, ""conf_win_right_offset""); pps->cw_top = gf_bs_read_ue_log(bs, ""conf_win_top_offset""); pps->cw_bottom = gf_bs_read_ue_log(bs, ""conf_win_bottom_offset""); } if (gf_bs_read_int_log(bs, 1, ""scaling_window_explicit_signalling_flag"")) { gf_bs_read_se_log(bs, ""scaling_win_left_offset""); gf_bs_read_se_log(bs, ""scaling_win_right_offset""); gf_bs_read_se_log(bs, ""scaling_win_top_offset""); gf_bs_read_se_log(bs, ""scaling_win_bottom_offset""); } pps->output_flag_present_flag = gf_bs_read_int_log(bs, 1, ""output_flag_present_flag""); pps->no_pic_partition_flag = gf_bs_read_int_log(bs, 1, ""no_pic_partition_flag""); pps->subpic_id_mapping_present_flag = gf_bs_read_int_log(bs, 1, ""subpic_id_mapping_present_flag""); if (pps->subpic_id_mapping_present_flag) { u32 pps_subpic_id_len, pps_num_subpics=0; if (!pps->no_pic_partition_flag) { pps_num_subpics = 1+gf_bs_read_ue_log(bs, ""pps_num_subpics_minus1""); } pps_subpic_id_len = 1 + gf_bs_read_ue(bs); for (i=0; ino_pic_partition_flag) { gf_bs_read_int_log(bs, 2, ""pps_log2_ctu_size_minus5""); u32 num_exp_tile_columns = 1 + gf_bs_read_ue_log(bs, ""num_exp_tile_columns_minus1""); u32 num_exp_tile_rows = 1 + gf_bs_read_ue_log(bs, ""num_exp_tile_rows_minus1""); for (i=0; icpu_ases[asidx].memory_dispatch); for (;;) { section = address_space_translate_internal(d, addr, &addr, plen, false); iommu_mr = memory_region_get_iommu(section->mr); if (!iommu_mr) { break; } imrc = memory_region_get_iommu_class_nocheck(iommu_mr); iommu_idx = imrc->attrs_to_index(iommu_mr, attrs); tcg_register_iommu_notifier(cpu, iommu_mr, iommu_idx); iotlb = imrc->translate(iommu_mr, addr, IOMMU_NONE, iommu_idx); addr = ((iotlb.translated_addr & ~iotlb.addr_mask) | (addr & iotlb.addr_mask)); if (!(iotlb.perm & IOMMU_RO)) { *prot &= ~(PAGE_READ | PAGE_EXEC); } if (!(iotlb.perm & IOMMU_WO)) { *prot &= ~PAGE_WRITE; } if (!*prot) { goto translate_fail; } d = flatview_to_dispatch(address_space_to_flatview(iotlb.target_as)); } assert(!memory_region_is_iommu(section->mr)); *xlat = addr; return section; translate_fail: return &d->map.sections[PHYS_SECTION_UNASSIGNED]; }",visit repo url,softmmu/physmem.c,https://github.com/qemu/qemu,150935904656847,1 6586,CWE-787,"static void try_free_empty_list(RzList *list) { if (list != NULL) { rz_list_free(list); } }",visit repo url,librz/bin/format/luac/luac_bin.c,https://github.com/rizinorg/rizin,258220829175043,1 5525,['CWE-119'],"write_tag_1_packet(char *dest, size_t *remaining_bytes, struct ecryptfs_auth_tok *auth_tok, struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_key_record *key_rec, size_t *packet_size) { size_t i; size_t encrypted_session_key_valid = 0; size_t packet_size_length; size_t max_packet_size; int rc = 0; (*packet_size) = 0; ecryptfs_from_hex(key_rec->sig, auth_tok->token.private_key.signature, ECRYPTFS_SIG_SIZE); encrypted_session_key_valid = 0; for (i = 0; i < crypt_stat->key_size; i++) encrypted_session_key_valid |= auth_tok->session_key.encrypted_key[i]; if (encrypted_session_key_valid) { memcpy(key_rec->enc_key, auth_tok->session_key.encrypted_key, auth_tok->session_key.encrypted_key_size); goto encrypted_session_key_set; } if (auth_tok->session_key.encrypted_key_size == 0) auth_tok->session_key.encrypted_key_size = auth_tok->token.private_key.key_size; rc = pki_encrypt_session_key(auth_tok, crypt_stat, key_rec); if (rc) { printk(KERN_ERR ""Failed to encrypt session key via a key "" ""module; rc = [%d]\n"", rc); goto out; } if (ecryptfs_verbosity > 0) { ecryptfs_printk(KERN_DEBUG, ""Encrypted key:\n""); ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size); } encrypted_session_key_set: max_packet_size = (1 + 3 + 1 + ECRYPTFS_SIG_SIZE + 1 + key_rec->enc_key_size); if (max_packet_size > (*remaining_bytes)) { printk(KERN_ERR ""Packet length larger than maximum allowable; "" ""need up to [%td] bytes, but there are only [%td] "" ""available\n"", max_packet_size, (*remaining_bytes)); rc = -EINVAL; goto out; } dest[(*packet_size)++] = ECRYPTFS_TAG_1_PACKET_TYPE; rc = ecryptfs_write_packet_length(&dest[(*packet_size)], (max_packet_size - 4), &packet_size_length); if (rc) { ecryptfs_printk(KERN_ERR, ""Error generating tag 1 packet "" ""header; cannot generate packet length\n""); goto out; } (*packet_size) += packet_size_length; dest[(*packet_size)++] = 0x03; memcpy(&dest[(*packet_size)], key_rec->sig, ECRYPTFS_SIG_SIZE); (*packet_size) += ECRYPTFS_SIG_SIZE; dest[(*packet_size)++] = RFC2440_CIPHER_RSA; memcpy(&dest[(*packet_size)], key_rec->enc_key, key_rec->enc_key_size); (*packet_size) += key_rec->enc_key_size; out: if (rc) (*packet_size) = 0; else (*remaining_bytes) -= (*packet_size); return rc; }",linux-2.6,,,56779712200169454156345801019226979633,0 4591,['CWE-399'],"static int ext4_indirect_calc_metadata_amount(struct inode *inode, int blocks) { int icap = EXT4_ADDR_PER_BLOCK(inode->i_sb); int ind_blks, dind_blks, tind_blks; ind_blks = (blocks + icap - 1) / icap; dind_blks = (ind_blks + icap - 1) / icap; tind_blks = 1; return ind_blks + dind_blks + tind_blks; }",linux-2.6,,,42989840575804216626184114287939381358,0 4149,['CWE-399'],"static void register_stuff(AvahiServer *s) { assert(s); server_set_state(s, AVAHI_SERVER_REGISTERING); s->n_host_rr_pending ++; register_hinfo(s); register_browse_domain(s); avahi_interface_monitor_update_rrs(s->monitor, 0); s->n_host_rr_pending --; if (s->n_host_rr_pending == 0) server_set_state(s, AVAHI_SERVER_RUNNING); }",avahi,,,317644118001998510867287348007030291492,0 5961,['CWE-200'],"static void if6_seq_stop(struct seq_file *seq, void *v) { read_unlock_bh(&addrconf_hash_lock); }",linux-2.6,,,111419308571475510761417551941138219792,0 4987,['CWE-20'],"static inline unsigned int nfs_lookup_check_intent(struct nameidata *nd, unsigned int mask) { if (nd->flags & (LOOKUP_CONTINUE|LOOKUP_PARENT)) return 0; return nd->flags & mask; }",linux-2.6,,,42302536856254995480179566138941053010,0 5717,CWE-125,"static void youngcollection (lua_State *L, global_State *g) { GCObject **psurvival; lua_assert(g->gcstate == GCSpropagate); markold(g, g->survival, g->reallyold); markold(g, g->finobj, g->finobjrold); atomic(L); psurvival = sweepgen(L, g, &g->allgc, g->survival); sweepgen(L, g, psurvival, g->reallyold); g->reallyold = g->old; g->old = *psurvival; g->survival = g->allgc; psurvival = sweepgen(L, g, &g->finobj, g->finobjsur); sweepgen(L, g, psurvival, g->finobjrold); g->finobjrold = g->finobjold; g->finobjold = *psurvival; g->finobjsur = g->finobj; sweepgen(L, g, &g->tobefnz, NULL); finishgencycle(L, g); }",visit repo url,lgc.c,https://github.com/lua/lua,12210168463728,1 1300,['CWE-119'],"static int __init nf_nat_snmp_basic_init(void) { int ret = 0; ret = nf_conntrack_helper_register(&snmp_helper); if (ret < 0) return ret; ret = nf_conntrack_helper_register(&snmp_trap_helper); if (ret < 0) { nf_conntrack_helper_unregister(&snmp_helper); return ret; } return ret; }",linux-2.6,,,45281578597437355621966991784589415076,0 1333,['CWE-399'],"static void __exit sit_cleanup(void) { xfrm4_tunnel_deregister(&sit_handler, AF_INET6); unregister_pernet_gen_device(sit_net_id, &sit_net_ops); }",linux-2.6,,,246331852264673020982605922241734911999,0 984,['CWE-94'],"long do_splice_direct(struct file *in, loff_t *ppos, struct file *out, size_t len, unsigned int flags) { struct splice_desc sd = { .len = len, .total_len = len, .flags = flags, .pos = *ppos, .u.file = out, }; long ret; ret = splice_direct_to_actor(in, &sd, direct_splice_actor); if (ret > 0) *ppos += ret; return ret; }",linux-2.6,,,277460701057427313450168587245046097701,0 1060,['CWE-20'],"static int set_one_prio(struct task_struct *p, int niceval, int error) { int no_nice; if (p->uid != current->euid && p->euid != current->euid && !capable(CAP_SYS_NICE)) { error = -EPERM; goto out; } if (niceval < task_nice(p) && !can_nice(p, niceval)) { error = -EACCES; goto out; } no_nice = security_task_setnice(p, niceval); if (no_nice) { error = no_nice; goto out; } if (error == -ESRCH) error = 0; set_user_nice(p, niceval); out: return error; }",linux-2.6,,,175074766187818791589639418717951159110,0 462,[],"pfm_set_psr_pp(void) { ia64_ssm(IA64_PSR_PP); ia64_srlz_i(); }",linux-2.6,,,100449065389072552191415226764410816602,0 275,[],"static int do_smb_getmountuid(unsigned int fd, unsigned int cmd, unsigned long arg) { mm_segment_t old_fs = get_fs(); __kernel_uid_t kuid; int err; cmd = SMB_IOC_GETMOUNTUID; set_fs(KERNEL_DS); err = sys_ioctl(fd, cmd, (unsigned long)&kuid); set_fs(old_fs); if (err >= 0) err = put_user(kuid, (compat_uid_t __user *)compat_ptr(arg)); return err; }",linux-2.6,,,52948473480378926117473004230228603961,0 2505,['CWE-119'],"static void diff_filespec_check_attr(struct diff_filespec *one) { struct git_attr_check attr_diff_check; int check_from_data = 0; if (one->checked_attr) return; setup_diff_attr_check(&attr_diff_check); one->is_binary = 0; one->funcname_pattern_ident = NULL; if (!git_checkattr(one->path, 1, &attr_diff_check)) { const char *value; value = attr_diff_check.value; if (ATTR_TRUE(value)) ; else if (ATTR_FALSE(value)) one->is_binary = 1; else check_from_data = 1; if (ATTR_TRUE(value) || ATTR_FALSE(value) || ATTR_UNSET(value)) ; else one->funcname_pattern_ident = value; } if (check_from_data) { if (!one->data && DIFF_FILE_VALID(one)) diff_populate_filespec(one, 0); if (one->data) one->is_binary = buffer_is_binary(one->data, one->size); } }",git,,,14295310191066043825714877308163607714,0 1790,CWE-415,"static int amd_gpio_remove(struct platform_device *pdev) { struct amd_gpio *gpio_dev; gpio_dev = platform_get_drvdata(pdev); gpiochip_remove(&gpio_dev->gc); pinctrl_unregister(gpio_dev->pctrl); return 0; }",visit repo url,drivers/pinctrl/pinctrl-amd.c,https://github.com/torvalds/linux,94270563647298,1 2023,CWE-476,"evtchn_port_t evtchn_from_irq(unsigned irq) { if (WARN(irq >= nr_irqs, ""Invalid irq %d!\n"", irq)) return 0; return info_for_irq(irq)->evtchn; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,114975906427438,1 2544,['CWE-119'],"int git_diff_basic_config(const char *var, const char *value, void *cb) { if (!prefixcmp(var, ""diff.color."") || !prefixcmp(var, ""color.diff."")) { int slot = parse_diff_color_slot(var, 11); if (!value) return config_error_nonbool(var); color_parse(value, var, diff_colors[slot]); return 0; } if (!prefixcmp(var, ""diff."")) { const char *ep = strrchr(var, '.'); if (ep != var + 4) { if (!strcmp(ep, "".funcname"")) { if (!value) return config_error_nonbool(var); return parse_funcname_pattern(var, ep, value); } } } return git_color_default_config(var, value, cb); }",git,,,277274396693657093593724474228895978326,0 5127,CWE-125,"obj2ast_mod(PyObject* obj, mod_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; if (obj == Py_None) { *out = NULL; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Module_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Module""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Module field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Module field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = Module(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Interactive_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Interactive""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Interactive field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Interactive field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = Interactive(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Expression_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty body; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Expression""); return 1; } else { int res; res = obj2ast_expr(tmp, &body, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Expression(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Suite_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Suite""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Suite field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Suite field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = Suite(body, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of mod, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,58566336039806,1 1868,CWE-787,"int smb_inherit_dacl(struct ksmbd_conn *conn, struct path *path, unsigned int uid, unsigned int gid) { const struct smb_sid *psid, *creator = NULL; struct smb_ace *parent_aces, *aces; struct smb_acl *parent_pdacl; struct smb_ntsd *parent_pntsd = NULL; struct smb_sid owner_sid, group_sid; struct dentry *parent = path->dentry->d_parent; struct user_namespace *user_ns = mnt_user_ns(path->mnt); int inherited_flags = 0, flags = 0, i, ace_cnt = 0, nt_size = 0; int rc = 0, num_aces, dacloffset, pntsd_type, acl_len; char *aces_base; bool is_dir = S_ISDIR(d_inode(path->dentry)->i_mode); acl_len = ksmbd_vfs_get_sd_xattr(conn, user_ns, parent, &parent_pntsd); if (acl_len <= 0) return -ENOENT; dacloffset = le32_to_cpu(parent_pntsd->dacloffset); if (!dacloffset) { rc = -EINVAL; goto free_parent_pntsd; } parent_pdacl = (struct smb_acl *)((char *)parent_pntsd + dacloffset); num_aces = le32_to_cpu(parent_pdacl->num_aces); pntsd_type = le16_to_cpu(parent_pntsd->type); aces_base = kmalloc(sizeof(struct smb_ace) * num_aces * 2, GFP_KERNEL); if (!aces_base) { rc = -ENOMEM; goto free_parent_pntsd; } aces = (struct smb_ace *)aces_base; parent_aces = (struct smb_ace *)((char *)parent_pdacl + sizeof(struct smb_acl)); if (pntsd_type & DACL_AUTO_INHERITED) inherited_flags = INHERITED_ACE; for (i = 0; i < num_aces; i++) { flags = parent_aces->flags; if (!smb_inherit_flags(flags, is_dir)) goto pass; if (is_dir) { flags &= ~(INHERIT_ONLY_ACE | INHERITED_ACE); if (!(flags & CONTAINER_INHERIT_ACE)) flags |= INHERIT_ONLY_ACE; if (flags & NO_PROPAGATE_INHERIT_ACE) flags = 0; } else { flags = 0; } if (!compare_sids(&creator_owner, &parent_aces->sid)) { creator = &creator_owner; id_to_sid(uid, SIDOWNER, &owner_sid); psid = &owner_sid; } else if (!compare_sids(&creator_group, &parent_aces->sid)) { creator = &creator_group; id_to_sid(gid, SIDUNIX_GROUP, &group_sid); psid = &group_sid; } else { creator = NULL; psid = &parent_aces->sid; } if (is_dir && creator && flags & CONTAINER_INHERIT_ACE) { smb_set_ace(aces, psid, parent_aces->type, inherited_flags, parent_aces->access_req); nt_size += le16_to_cpu(aces->size); ace_cnt++; aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); flags |= INHERIT_ONLY_ACE; psid = creator; } else if (is_dir && !(parent_aces->flags & NO_PROPAGATE_INHERIT_ACE)) { psid = &parent_aces->sid; } smb_set_ace(aces, psid, parent_aces->type, flags | inherited_flags, parent_aces->access_req); nt_size += le16_to_cpu(aces->size); aces = (struct smb_ace *)((char *)aces + le16_to_cpu(aces->size)); ace_cnt++; pass: parent_aces = (struct smb_ace *)((char *)parent_aces + le16_to_cpu(parent_aces->size)); } if (nt_size > 0) { struct smb_ntsd *pntsd; struct smb_acl *pdacl; struct smb_sid *powner_sid = NULL, *pgroup_sid = NULL; int powner_sid_size = 0, pgroup_sid_size = 0, pntsd_size; if (parent_pntsd->osidoffset) { powner_sid = (struct smb_sid *)((char *)parent_pntsd + le32_to_cpu(parent_pntsd->osidoffset)); powner_sid_size = 1 + 1 + 6 + (powner_sid->num_subauth * 4); } if (parent_pntsd->gsidoffset) { pgroup_sid = (struct smb_sid *)((char *)parent_pntsd + le32_to_cpu(parent_pntsd->gsidoffset)); pgroup_sid_size = 1 + 1 + 6 + (pgroup_sid->num_subauth * 4); } pntsd = kzalloc(sizeof(struct smb_ntsd) + powner_sid_size + pgroup_sid_size + sizeof(struct smb_acl) + nt_size, GFP_KERNEL); if (!pntsd) { rc = -ENOMEM; goto free_aces_base; } pntsd->revision = cpu_to_le16(1); pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PRESENT); if (le16_to_cpu(parent_pntsd->type) & DACL_AUTO_INHERITED) pntsd->type |= cpu_to_le16(DACL_AUTO_INHERITED); pntsd_size = sizeof(struct smb_ntsd); pntsd->osidoffset = parent_pntsd->osidoffset; pntsd->gsidoffset = parent_pntsd->gsidoffset; pntsd->dacloffset = parent_pntsd->dacloffset; if (pntsd->osidoffset) { struct smb_sid *owner_sid = (struct smb_sid *)((char *)pntsd + le32_to_cpu(pntsd->osidoffset)); memcpy(owner_sid, powner_sid, powner_sid_size); pntsd_size += powner_sid_size; } if (pntsd->gsidoffset) { struct smb_sid *group_sid = (struct smb_sid *)((char *)pntsd + le32_to_cpu(pntsd->gsidoffset)); memcpy(group_sid, pgroup_sid, pgroup_sid_size); pntsd_size += pgroup_sid_size; } if (pntsd->dacloffset) { struct smb_ace *pace; pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset)); pdacl->revision = cpu_to_le16(2); pdacl->size = cpu_to_le16(sizeof(struct smb_acl) + nt_size); pdacl->num_aces = cpu_to_le32(ace_cnt); pace = (struct smb_ace *)((char *)pdacl + sizeof(struct smb_acl)); memcpy(pace, aces_base, nt_size); pntsd_size += sizeof(struct smb_acl) + nt_size; } ksmbd_vfs_set_sd_xattr(conn, user_ns, path->dentry, pntsd, pntsd_size); kfree(pntsd); } free_aces_base: kfree(aces_base); free_parent_pntsd: kfree(parent_pntsd); return rc; }",visit repo url,fs/ksmbd/smbacl.c,https://github.com/torvalds/linux,235572282292308,1 2597,['CWE-189'],"static inline int dccp_mib_init(void) { return snmp_mib_init((void**)dccp_statistics, sizeof(struct dccp_mib)); }",linux-2.6,,,164086936351459293495267536318594293464,0 5886,CWE-120,"static void parse_origin(pj_scanner *scanner, pjmedia_sdp_session *ses, volatile parse_context *ctx) { pj_str_t str; ctx->last_error = PJMEDIA_SDP_EINORIGIN; if (*(scanner->curptr+1) != '=') { on_scanner_error(scanner); return; } pj_scan_advance_n(scanner, 2, SKIP_WS); pj_scan_get_until_ch(scanner, ' ', &ses->origin.user); pj_scan_get_char(scanner); pj_scan_get_until_ch(scanner, ' ', &str); ses->origin.id = pj_strtoul(&str); pj_scan_get_char(scanner); pj_scan_get_until_ch(scanner, ' ', &str); ses->origin.version = pj_strtoul(&str); pj_scan_get_char(scanner); pj_scan_get_until_ch(scanner, ' ', &ses->origin.net_type); pj_scan_get_char(scanner); pj_scan_get_until_ch(scanner, ' ', &ses->origin.addr_type); pj_scan_get_char(scanner); pj_scan_get_until_chr(scanner, "" \t\r\n"", &ses->origin.addr); pj_scan_skip_line(scanner); }",visit repo url,pjmedia/src/pjmedia/sdp.c,https://github.com/pjsip/pjproject,276427581319673,1 3860,CWE-416,"ex_substitute(exarg_T *eap) { linenr_T lnum; long i = 0; regmmatch_T regmatch; static subflags_T subflags = {FALSE, FALSE, FALSE, TRUE, FALSE, FALSE, FALSE, 0}; #ifdef FEAT_EVAL subflags_T subflags_save; #endif int save_do_all; int save_do_ask; char_u *pat = NULL, *sub = NULL; char_u *sub_copy = NULL; int delimiter; int sublen; int got_quit = FALSE; int got_match = FALSE; int temp; int which_pat; char_u *cmd; int save_State; linenr_T first_line = 0; linenr_T last_line= 0; linenr_T old_line_count = curbuf->b_ml.ml_line_count; linenr_T line2; long nmatch; char_u *sub_firstline; int endcolumn = FALSE; pos_T old_cursor = curwin->w_cursor; int start_nsubs; #ifdef FEAT_EVAL int save_ma = 0; int save_sandbox = 0; #endif cmd = eap->arg; if (!global_busy) { sub_nsubs = 0; sub_nlines = 0; } start_nsubs = sub_nsubs; if (eap->cmdidx == CMD_tilde) which_pat = RE_LAST; else which_pat = RE_SUBST; if (eap->cmd[0] == 's' && *cmd != NUL && !VIM_ISWHITE(*cmd) && vim_strchr((char_u *)""0123456789cegriIp|\"""", *cmd) == NULL) { if (check_regexp_delim(*cmd) == FAIL) return; #ifdef FEAT_EVAL if (in_vim9script() && check_global_and_subst(eap->cmd, eap->arg) == FAIL) return; #endif if (*cmd == '\\') { if (in_vim9script()) { emsg(_(e_cannot_use_s_backslash_in_vim9_script)); return; } ++cmd; if (vim_strchr((char_u *)""/?&"", *cmd) == NULL) { emsg(_(e_backslash_should_be_followed_by)); return; } if (*cmd != '&') which_pat = RE_SEARCH; pat = (char_u *)""""; delimiter = *cmd++; } else { which_pat = RE_LAST; delimiter = *cmd++; pat = cmd; cmd = skip_regexp_ex(cmd, delimiter, magic_isset(), &eap->arg, NULL, NULL); if (cmd[0] == delimiter) *cmd++ = NUL; } sub = cmd; cmd = skip_substitute(cmd, delimiter); if (!eap->skip) { if (STRCMP(sub, ""%"") == 0 && vim_strchr(p_cpo, CPO_SUBPERCENT) != NULL) { if (old_sub == NULL) { emsg(_(e_no_previous_substitute_regular_expression)); return; } sub = old_sub; } else { vim_free(old_sub); old_sub = vim_strsave(sub); } } } else if (!eap->skip) { if (old_sub == NULL) { emsg(_(e_no_previous_substitute_regular_expression)); return; } pat = NULL; sub = old_sub; endcolumn = (curwin->w_curswant == MAXCOL); } if (pat != NULL && STRCMP(pat, ""\\n"") == 0 && *sub == NUL && (*cmd == NUL || (cmd[1] == NUL && (*cmd == 'g' || *cmd == 'l' || *cmd == 'p' || *cmd == '#')))) { linenr_T joined_lines_count; if (eap->skip) return; curwin->w_cursor.lnum = eap->line1; if (*cmd == 'l') eap->flags = EXFLAG_LIST; else if (*cmd == '#') eap->flags = EXFLAG_NR; else if (*cmd == 'p') eap->flags = EXFLAG_PRINT; joined_lines_count = eap->line2 - eap->line1 + 1; if (eap->line2 < curbuf->b_ml.ml_line_count) ++joined_lines_count; if (joined_lines_count > 1) { (void)do_join(joined_lines_count, FALSE, TRUE, FALSE, TRUE); sub_nsubs = joined_lines_count - 1; sub_nlines = 1; (void)do_sub_msg(FALSE); ex_may_print(eap); } if ((cmdmod.cmod_flags & CMOD_KEEPPATTERNS) == 0) save_re_pat(RE_SUBST, pat, magic_isset()); add_to_history(HIST_SEARCH, pat, TRUE, NUL); return; } if (*cmd == '&') ++cmd; else { #ifdef FEAT_EVAL if (in_vim9script()) { subflags.do_all = FALSE; subflags.do_ask = FALSE; } else #endif if (!p_ed) { if (p_gd) subflags.do_all = TRUE; else subflags.do_all = FALSE; subflags.do_ask = FALSE; } subflags.do_error = TRUE; subflags.do_print = FALSE; subflags.do_list = FALSE; subflags.do_count = FALSE; subflags.do_number = FALSE; subflags.do_ic = 0; } while (*cmd) { if (*cmd == 'g') subflags.do_all = !subflags.do_all; else if (*cmd == 'c') subflags.do_ask = !subflags.do_ask; else if (*cmd == 'n') subflags.do_count = TRUE; else if (*cmd == 'e') subflags.do_error = !subflags.do_error; else if (*cmd == 'r') which_pat = RE_LAST; else if (*cmd == 'p') subflags.do_print = TRUE; else if (*cmd == '#') { subflags.do_print = TRUE; subflags.do_number = TRUE; } else if (*cmd == 'l') { subflags.do_print = TRUE; subflags.do_list = TRUE; } else if (*cmd == 'i') subflags.do_ic = 'i'; else if (*cmd == 'I') subflags.do_ic = 'I'; else break; ++cmd; } if (subflags.do_count) subflags.do_ask = FALSE; save_do_all = subflags.do_all; save_do_ask = subflags.do_ask; cmd = skipwhite(cmd); if (VIM_ISDIGIT(*cmd)) { i = getdigits(&cmd); if (i <= 0 && !eap->skip && subflags.do_error) { emsg(_(e_positive_count_required)); return; } eap->line1 = eap->line2; eap->line2 += i - 1; if (eap->line2 > curbuf->b_ml.ml_line_count) eap->line2 = curbuf->b_ml.ml_line_count; } cmd = skipwhite(cmd); if (*cmd && *cmd != '""') { set_nextcmd(eap, cmd); if (eap->nextcmd == NULL) { semsg(_(e_trailing_characters_str), cmd); return; } } if (eap->skip) return; if (!subflags.do_count && !curbuf->b_p_ma) { emsg(_(e_cannot_make_changes_modifiable_is_off)); return; } if (search_regcomp(pat, RE_SUBST, which_pat, SEARCH_HIS, ®match) == FAIL) { if (subflags.do_error) emsg(_(e_invalid_command)); return; } if (subflags.do_ic == 'i') regmatch.rmm_ic = TRUE; else if (subflags.do_ic == 'I') regmatch.rmm_ic = FALSE; sub_firstline = NULL; if (sub[0] == '\\' && sub[1] == '=') { sub = vim_strsave(sub); if (sub == NULL) return; sub_copy = sub; } else sub = regtilde(sub, magic_isset()); line2 = eap->line2; for (lnum = eap->line1; lnum <= line2 && !(got_quit #if defined(FEAT_EVAL) || aborting() #endif ); ++lnum) { nmatch = vim_regexec_multi(®match, curwin, curbuf, lnum, (colnr_T)0, NULL); if (nmatch) { colnr_T copycol; colnr_T matchcol; colnr_T prev_matchcol = MAXCOL; char_u *new_end, *new_start = NULL; unsigned new_start_len = 0; char_u *p1; int did_sub = FALSE; int lastone; int len, copy_len, needed_len; long nmatch_tl = 0; int do_again; int skip_match = FALSE; linenr_T sub_firstlnum; #ifdef FEAT_PROP_POPUP int apc_flags = APC_SAVE_FOR_UNDO | APC_SUBSTITUTE; colnr_T total_added = 0; #endif sub_firstlnum = lnum; copycol = 0; matchcol = 0; if (!got_match) { setpcmark(); got_match = TRUE; } for (;;) { if (regmatch.startpos[0].lnum > 0) { lnum += regmatch.startpos[0].lnum; sub_firstlnum += regmatch.startpos[0].lnum; nmatch -= regmatch.startpos[0].lnum; VIM_CLEAR(sub_firstline); } if (lnum > curbuf->b_ml.ml_line_count) break; if (sub_firstline == NULL) { sub_firstline = vim_strsave(ml_get(sub_firstlnum)); if (sub_firstline == NULL) { vim_free(new_start); goto outofmem; } } curwin->w_cursor.lnum = lnum; do_again = FALSE; if (matchcol == prev_matchcol && regmatch.endpos[0].lnum == 0 && matchcol == regmatch.endpos[0].col) { if (sub_firstline[matchcol] == NUL) skip_match = TRUE; else { if (has_mbyte) matchcol += mb_ptr2len(sub_firstline + matchcol); else ++matchcol; } goto skip; } matchcol = regmatch.endpos[0].col; prev_matchcol = matchcol; if (subflags.do_count) { if (nmatch > 1) { matchcol = (colnr_T)STRLEN(sub_firstline); nmatch = 1; skip_match = TRUE; } sub_nsubs++; did_sub = TRUE; #ifdef FEAT_EVAL if (!(sub[0] == '\\' && sub[1] == '=')) #endif goto skip; } if (subflags.do_ask) { int typed = 0; save_State = State; State = MODE_CONFIRM; setmouse(); curwin->w_cursor.col = regmatch.startpos[0].col; if (curwin->w_p_crb) do_check_cursorbind(); if (vim_strchr(p_cpo, CPO_UNDO) != NULL) ++no_u_sync; while (subflags.do_ask) { if (exmode_active) { char_u *resp; colnr_T sc, ec; print_line_no_prefix(lnum, subflags.do_number, subflags.do_list); getvcol(curwin, &curwin->w_cursor, &sc, NULL, NULL); curwin->w_cursor.col = regmatch.endpos[0].col - 1; if (curwin->w_cursor.col < 0) curwin->w_cursor.col = 0; getvcol(curwin, &curwin->w_cursor, NULL, NULL, &ec); curwin->w_cursor.col = regmatch.startpos[0].col; if (subflags.do_number || curwin->w_p_nu) { int numw = number_width(curwin) + 1; sc += numw; ec += numw; } msg_start(); for (i = 0; i < (long)sc; ++i) msg_putchar(' '); for ( ; i <= (long)ec; ++i) msg_putchar('^'); resp = getexmodeline('?', NULL, 0, TRUE); if (resp != NULL) { typed = *resp; vim_free(resp); if (ex_normal_busy && typed == NUL) typed = 'q'; } } else { char_u *orig_line = NULL; int len_change = 0; int save_p_lz = p_lz; #ifdef FEAT_FOLDING int save_p_fen = curwin->w_p_fen; curwin->w_p_fen = FALSE; #endif temp = RedrawingDisabled; RedrawingDisabled = 0; p_lz = FALSE; if (new_start != NULL) { orig_line = vim_strsave(ml_get(lnum)); if (orig_line != NULL) { char_u *new_line = concat_str(new_start, sub_firstline + copycol); if (new_line == NULL) VIM_CLEAR(orig_line); else { len_change = (int)STRLEN(new_line) - (int)STRLEN(orig_line); curwin->w_cursor.col += len_change; ml_replace(lnum, new_line, FALSE); } } } search_match_lines = regmatch.endpos[0].lnum - regmatch.startpos[0].lnum; search_match_endcol = regmatch.endpos[0].col + len_change; highlight_match = TRUE; update_topline(); validate_cursor(); update_screen(SOME_VALID); highlight_match = FALSE; redraw_later(SOME_VALID); #ifdef FEAT_FOLDING curwin->w_p_fen = save_p_fen; #endif if (msg_row == Rows - 1) msg_didout = FALSE; msg_starthere(); i = msg_scroll; msg_scroll = 0; msg_no_more = TRUE; smsg_attr(HL_ATTR(HLF_R), _(""replace with %s (y/n/a/q/l/^E/^Y)?""), sub); msg_no_more = FALSE; msg_scroll = i; showruler(TRUE); windgoto(msg_row, msg_col); RedrawingDisabled = temp; #ifdef USE_ON_FLY_SCROLL dont_scroll = FALSE; #endif ++no_mapping; ++allow_keys; typed = plain_vgetc(); --allow_keys; --no_mapping; msg_didout = FALSE; msg_col = 0; gotocmdline(TRUE); p_lz = save_p_lz; if (orig_line != NULL) ml_replace(lnum, orig_line, FALSE); } need_wait_return = FALSE; if (typed == 'q' || typed == ESC || typed == Ctrl_C #ifdef UNIX || typed == intr_char #endif ) { got_quit = TRUE; break; } if (typed == 'n') break; if (typed == 'y') break; if (typed == 'l') { subflags.do_all = FALSE; line2 = lnum; break; } if (typed == 'a') { subflags.do_ask = FALSE; break; } if (typed == Ctrl_E) scrollup_clamp(); else if (typed == Ctrl_Y) scrolldown_clamp(); } State = save_State; setmouse(); if (vim_strchr(p_cpo, CPO_UNDO) != NULL) --no_u_sync; if (typed == 'n') { if (nmatch > 1) { matchcol = (colnr_T)STRLEN(sub_firstline); skip_match = TRUE; } goto skip; } if (got_quit) goto skip; } curwin->w_cursor.col = regmatch.startpos[0].col; #ifdef FEAT_EVAL save_ma = curbuf->b_p_ma; save_sandbox = sandbox; if (subflags.do_count) { curbuf->b_p_ma = FALSE; sandbox++; } subflags_save = subflags; ++textlock; #endif sublen = vim_regsub_multi(®match, sub_firstlnum - regmatch.startpos[0].lnum, sub, sub_firstline, 0, REGSUB_BACKSLASH | (magic_isset() ? REGSUB_MAGIC : 0)); #ifdef FEAT_EVAL --textlock; subflags = subflags_save; if (sublen == 0 || aborting() || subflags.do_count) { curbuf->b_p_ma = save_ma; sandbox = save_sandbox; goto skip; } #endif if (nmatch > curbuf->b_ml.ml_line_count - sub_firstlnum + 1) { nmatch = curbuf->b_ml.ml_line_count - sub_firstlnum + 1; skip_match = TRUE; } if (nmatch == 1) { p1 = sub_firstline; #ifdef FEAT_PROP_POPUP if (curbuf->b_has_textprop) { int bytes_added = sublen - 1 - (regmatch.endpos[0].col - regmatch.startpos[0].col); if (adjust_prop_columns(lnum, total_added + regmatch.startpos[0].col, bytes_added, apc_flags)) apc_flags &= ~APC_SAVE_FOR_UNDO; total_added += bytes_added; } #endif } else { p1 = ml_get(sub_firstlnum + nmatch - 1); nmatch_tl += nmatch - 1; } copy_len = regmatch.startpos[0].col - copycol; needed_len = copy_len + ((unsigned)STRLEN(p1) - regmatch.endpos[0].col) + sublen + 1; if (new_start == NULL) { new_start_len = needed_len + 50; if ((new_start = alloc(new_start_len)) == NULL) goto outofmem; *new_start = NUL; new_end = new_start; } else { len = (unsigned)STRLEN(new_start); needed_len += len; if (needed_len > (int)new_start_len) { new_start_len = needed_len + 50; if ((p1 = alloc(new_start_len)) == NULL) { vim_free(new_start); goto outofmem; } mch_memmove(p1, new_start, (size_t)(len + 1)); vim_free(new_start); new_start = p1; } new_end = new_start + len; } mch_memmove(new_end, sub_firstline + copycol, (size_t)copy_len); new_end += copy_len; #ifdef FEAT_EVAL ++textlock; #endif (void)vim_regsub_multi(®match, sub_firstlnum - regmatch.startpos[0].lnum, sub, new_end, sublen, REGSUB_COPY | REGSUB_BACKSLASH | (magic_isset() ? REGSUB_MAGIC : 0)); #ifdef FEAT_EVAL --textlock; #endif sub_nsubs++; did_sub = TRUE; curwin->w_cursor.col = 0; if (nmatch > 1) { sub_firstlnum += nmatch - 1; vim_free(sub_firstline); sub_firstline = vim_strsave(ml_get(sub_firstlnum)); if (sub_firstlnum <= line2) do_again = TRUE; else subflags.do_all = FALSE; } copycol = regmatch.endpos[0].col; if (skip_match) { vim_free(sub_firstline); sub_firstline = vim_strsave((char_u *)""""); copycol = 0; } for (p1 = new_end; *p1; ++p1) { if (p1[0] == '\\' && p1[1] != NUL) { STRMOVE(p1, p1 + 1); #ifdef FEAT_PROP_POPUP if (curbuf->b_has_textprop) { if (adjust_prop_columns(lnum, (colnr_T)(p1 - new_start), -1, apc_flags)) apc_flags &= ~APC_SAVE_FOR_UNDO; } #endif } else if (*p1 == CAR) { if (u_inssub(lnum) == OK) { colnr_T plen = (colnr_T)(p1 - new_start + 1); *p1 = NUL; ml_append(lnum - 1, new_start, plen, FALSE); mark_adjust(lnum + 1, (linenr_T)MAXLNUM, 1L, 0L); if (subflags.do_ask) appended_lines(lnum - 1, 1L); else { if (first_line == 0) first_line = lnum; last_line = lnum + 1; } #ifdef FEAT_PROP_POPUP adjust_props_for_split(lnum + 1, lnum, plen, 1); #endif ++sub_firstlnum; ++lnum; ++line2; ++curwin->w_cursor.lnum; STRMOVE(new_start, p1 + 1); p1 = new_start - 1; } } else if (has_mbyte) p1 += (*mb_ptr2len)(p1) - 1; } skip: lastone = (skip_match || got_int || got_quit || lnum > line2 || !(subflags.do_all || do_again) || (sub_firstline[matchcol] == NUL && nmatch <= 1 && !re_multiline(regmatch.regprog))); nmatch = -1; if (lastone || nmatch_tl > 0 || (nmatch = vim_regexec_multi(®match, curwin, curbuf, sub_firstlnum, matchcol, NULL)) == 0 || regmatch.startpos[0].lnum > 0) { if (new_start != NULL) { STRCAT(new_start, sub_firstline + copycol); matchcol = (colnr_T)STRLEN(sub_firstline) - matchcol; prev_matchcol = (colnr_T)STRLEN(sub_firstline) - prev_matchcol; if (u_savesub(lnum) != OK) break; ml_replace(lnum, new_start, TRUE); if (nmatch_tl > 0) { ++lnum; if (u_savedel(lnum, nmatch_tl) != OK) break; for (i = 0; i < nmatch_tl; ++i) ml_delete(lnum); mark_adjust(lnum, lnum + nmatch_tl - 1, (long)MAXLNUM, -nmatch_tl); if (subflags.do_ask) deleted_lines(lnum, nmatch_tl); --lnum; line2 -= nmatch_tl; nmatch_tl = 0; } if (subflags.do_ask) changed_bytes(lnum, 0); else { if (first_line == 0) first_line = lnum; last_line = lnum + 1; } sub_firstlnum = lnum; vim_free(sub_firstline); sub_firstline = new_start; new_start = NULL; matchcol = (colnr_T)STRLEN(sub_firstline) - matchcol; prev_matchcol = (colnr_T)STRLEN(sub_firstline) - prev_matchcol; copycol = 0; } if (nmatch == -1 && !lastone) nmatch = vim_regexec_multi(®match, curwin, curbuf, sub_firstlnum, matchcol, NULL); if (nmatch <= 0) { if (nmatch == -1) lnum -= regmatch.startpos[0].lnum; break; } } line_breakcheck(); } if (did_sub) ++sub_nlines; vim_free(new_start); VIM_CLEAR(sub_firstline); } line_breakcheck(); } if (first_line != 0) { i = curbuf->b_ml.ml_line_count - old_line_count; changed_lines(first_line, 0, last_line - i, i); } outofmem: vim_free(sub_firstline); if (subflags.do_count) curwin->w_cursor = old_cursor; if (sub_nsubs > start_nsubs) { if ((cmdmod.cmod_flags & CMOD_LOCKMARKS) == 0) { curbuf->b_op_start.lnum = eap->line1; curbuf->b_op_end.lnum = line2; curbuf->b_op_start.col = curbuf->b_op_end.col = 0; } if (!global_busy) { if (!subflags.do_ask) { if (endcolumn) coladvance((colnr_T)MAXCOL); else beginline(BL_WHITE | BL_FIX); } if (!do_sub_msg(subflags.do_count) && subflags.do_ask) msg(""""); } else global_need_beginline = TRUE; if (subflags.do_print) print_line(curwin->w_cursor.lnum, subflags.do_number, subflags.do_list); } else if (!global_busy) { if (got_int) emsg(_(e_interrupted)); else if (got_match) msg(""""); else if (subflags.do_error) semsg(_(e_pattern_not_found_str), get_search_pat()); } #ifdef FEAT_FOLDING if (subflags.do_ask && hasAnyFolding(curwin)) changed_window_setting(); #endif vim_regfree(regmatch.regprog); vim_free(sub_copy); subflags.do_all = save_do_all; subflags.do_ask = save_do_ask; }",visit repo url,src/ex_cmds.c,https://github.com/vim/vim,222225891647071,1 6537,CWE-552,"static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s) { int rc = 0; unsigned int maj, min; char *p; fs->flags |= MNT_FS_KERNEL; s = next_s32(s, &fs->id, &rc); if (!s || !*s || rc) { DBG(TAB, ul_debug(""tab parse error: [id]"")); goto fail; } s = skip_separator(s); s = next_s32(s, &fs->parent, &rc); if (!s || !*s || rc) { DBG(TAB, ul_debug(""tab parse error: [parent]"")); goto fail; } s = skip_separator(s); if (sscanf(s, ""%u:%u"", &maj, &min) != 2) { DBG(TAB, ul_debug(""tab parse error: [maj:min]"")); goto fail; } fs->devno = makedev(maj, min); s = skip_nonspearator(s); s = skip_separator(s); fs->root = unmangle(s, &s); if (!fs->root) { DBG(TAB, ul_debug(""tab parse error: [mountroot]"")); goto fail; } s = skip_separator(s); fs->target = unmangle(s, &s); if (!fs->target) { DBG(TAB, ul_debug(""tab parse error: [target]"")); goto fail; } p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX); if (p && *p) { *p = '\0'; fs->flags |= MNT_FS_DELETED; } s = skip_separator(s); fs->vfs_optstr = unmangle(s, &s); if (!fs->vfs_optstr) { DBG(TAB, ul_debug(""tab parse error: [VFS options]"")); goto fail; } p = strstr(s, "" - ""); if (!p) { DBG(TAB, ul_debug(""mountinfo parse error: separator not found"")); return -EINVAL; } if (p > s + 1) fs->opt_fields = strndup(s + 1, p - s - 1); s = skip_separator(p + 3); p = unmangle(s, &s); if (!p || (rc = __mnt_fs_set_fstype_ptr(fs, p))) { DBG(TAB, ul_debug(""tab parse error: [fstype]"")); free(p); goto fail; } if (!s || !*s) { DBG(TAB, ul_debug(""tab parse error: [source]"")); goto fail; } else if (*s == ' ' && *(s+1) == ' ') { if ((rc = mnt_fs_set_source(fs, """"))) { DBG(TAB, ul_debug(""tab parse error: [empty source]"")); goto fail; } } else { s = skip_separator(s); p = unmangle(s, &s); if (!p || (rc = __mnt_fs_set_source_ptr(fs, p))) { DBG(TAB, ul_debug(""tab parse error: [regular source]"")); free(p); goto fail; } } s = skip_separator(s); fs->fs_optstr = unmangle(s, &s); if (!fs->fs_optstr) { DBG(TAB, ul_debug(""tab parse error: [FS options]"")); goto fail; } fs->optstr = mnt_fs_strdup_options(fs); if (!fs->optstr) { rc = -ENOMEM; DBG(TAB, ul_debug(""tab parse error: [merge VFS and FS options]"")); goto fail; } return 0; fail: if (rc == 0) rc = -EINVAL; DBG(TAB, ul_debug(""tab parse error on: '%s' [rc=%d]"", s, rc)); return rc; }",visit repo url,libmount/src/tab_parse.c,https://github.com/util-linux/util-linux,113498699513918,1 6316,CWE-295,"void options_defaults() { SERVICE_OPTIONS *service; memset(&new_global_options, 0, sizeof(GLOBAL_OPTIONS)); memset(&new_service_options, 0, sizeof(SERVICE_OPTIONS)); new_service_options.next=NULL; parse_global_option(CMD_SET_DEFAULTS, NULL, NULL); service=&new_service_options; parse_service_option(CMD_SET_DEFAULTS, &service, NULL, NULL); }",visit repo url,src/options.c,https://github.com/mtrojnar/stunnel,177225236501109,1 3001,['CWE-189'],"static int jas_cmshapmatlut_invert(jas_cmshapmatlut_t *invlut, jas_cmshapmatlut_t *lut, int n) { int i; int j; int k; jas_cmreal_t ax; jas_cmreal_t ay; jas_cmreal_t bx; jas_cmreal_t by; jas_cmreal_t sx; jas_cmreal_t sy; assert(n >= 2); if (invlut->data) { jas_free(invlut->data); invlut->data = 0; } for (i = 1; i < lut->size; ++i) { if (lut->data[i - 1] > lut->data[i]) { assert(0); return -1; } } if (!(invlut->data = jas_alloc2(n, sizeof(jas_cmreal_t)))) return -1; invlut->size = n; for (i = 0; i < invlut->size; ++i) { sy = ((double) i) / (invlut->size - 1); sx = 1.0; for (j = 0; j < lut->size; ++j) { ay = lut->data[j]; if (sy == ay) { for (k = j + 1; k < lut->size; ++k) { by = lut->data[k]; if (by != sy) break; #if 0 assert(0); #endif } if (k < lut->size) { --k; ax = ((double) j) / (lut->size - 1); bx = ((double) k) / (lut->size - 1); sx = (ax + bx) / 2.0; } break; } if (j < lut->size - 1) { by = lut->data[j + 1]; if (sy > ay && sy < by) { ax = ((double) j) / (lut->size - 1); bx = ((double) j + 1) / (lut->size - 1); sx = ax + (sy - ay) / (by - ay) * (bx - ax); break; } } } invlut->data[i] = sx; } #if 0 for (i=0;isize;++i) jas_eprintf(""lut[%d]=%f "", i, lut->data[i]); for (i=0;isize;++i) jas_eprintf(""invlut[%d]=%f "", i, invlut->data[i]); #endif return 0; }",jasper,,,174067106391873240980342375944082141340,0 6481,CWE-476,"vi_pci_read(UNUSED int vcpu, struct pci_devinst *pi, int baridx, uint64_t offset, int size) { struct virtio_softc *vs = pi->pi_arg; struct virtio_consts *vc; struct config_reg *cr; uint64_t virtio_config_size, max; const char *name; uint32_t newoff; uint32_t value; int error; if (vs->vs_flags & VIRTIO_USE_MSIX) { if (baridx == pci_msix_table_bar(pi) || baridx == pci_msix_pba_bar(pi)) { return (pci_emul_msix_tread(pi, offset, size)); } } assert(baridx == 0); if (vs->vs_mtx) pthread_mutex_lock(vs->vs_mtx); vc = vs->vs_vc; name = vc->vc_name; value = size == 1 ? 0xff : size == 2 ? 0xffff : 0xffffffff; if (size != 1 && size != 2 && size != 4) goto bad; if (pci_msix_enabled(pi)) virtio_config_size = VTCFG_R_CFG1; else virtio_config_size = VTCFG_R_CFG0; if (offset >= virtio_config_size) { newoff = (uint32_t) (offset - virtio_config_size); max = vc->vc_cfgsize ? vc->vc_cfgsize : 0x100000000; if ((newoff + ((unsigned) size)) > max) goto bad; error = (*vc->vc_cfgread)(DEV_SOFTC(vs), ((int) newoff), size, &value); if (!error) goto done; } bad: cr = vi_find_cr((int) offset); if (cr == NULL || cr->cr_size != size) { if (cr != NULL) { fprintf(stderr, ""%s: read from %s: bad size %d\r\n"", name, cr->cr_name, size); } else { fprintf(stderr, ""%s: read from bad offset/size %jd/%d\r\n"", name, (uintmax_t)offset, size); } goto done; } switch (offset) { case VTCFG_R_HOSTCAP: value = (uint32_t) vc->vc_hv_caps; break; case VTCFG_R_GUESTCAP: value = vs->vs_negotiated_caps; break; case VTCFG_R_PFN: if (vs->vs_curq < vc->vc_nvq) value = vs->vs_queues[vs->vs_curq].vq_pfn; break; case VTCFG_R_QNUM: value = vs->vs_curq < vc->vc_nvq ? vs->vs_queues[vs->vs_curq].vq_qsize : 0; break; case VTCFG_R_QSEL: value = (uint32_t) (vs->vs_curq); break; case VTCFG_R_QNOTIFY: value = 0; break; case VTCFG_R_STATUS: value = vs->vs_status; break; case VTCFG_R_ISR: value = vs->vs_isr; vs->vs_isr = 0; if (value) pci_lintr_deassert(pi); break; case VTCFG_R_CFGVEC: value = vs->vs_msix_cfg_idx; break; case VTCFG_R_QVEC: value = vs->vs_curq < vc->vc_nvq ? vs->vs_queues[vs->vs_curq].vq_msix_idx : VIRTIO_MSI_NO_VECTOR; break; } done: if (vs->vs_mtx) pthread_mutex_unlock(vs->vs_mtx); return (value); }",visit repo url,src/lib/virtio.c,https://github.com/moby/hyperkit,60520439018487,1 2910,CWE-125,"PixarLogClose(TIFF* tif) { TIFFDirectory *td = &tif->tif_dir; td->td_bitspersample = 8; td->td_sampleformat = SAMPLEFORMAT_UINT; }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,49213292780240,1 4483,CWE-787,"static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, WC_RNG* rng, enum wc_HashType hType, int mgf, int saltLen, int bits, void* heap) { int ret = 0; int hLen, i, o, maskLen, hiBits; byte* m; byte* s; #if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER) #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) byte salt[RSA_MAX_SIZE/8 + RSA_PSS_PAD_SZ]; #else byte* salt = NULL; #endif #else byte salt[WC_MAX_DIGEST_SIZE]; #endif #if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER) if (pkcsBlockLen > RSA_MAX_SIZE/8) { return MEMORY_E; } #endif hLen = wc_HashGetDigestSize(hType); if (hLen < 0) return hLen; if ((int)inputLen != hLen) { return BAD_FUNC_ARG; } hiBits = (bits - 1) & 0x7; if (hiBits == 0) { *(pkcsBlock++) = 0; pkcsBlockLen--; } if (saltLen == RSA_PSS_SALT_LEN_DEFAULT) { saltLen = hLen; #ifdef WOLFSSL_SHA512 if (bits == 1024 && hLen == WC_SHA512_DIGEST_SIZE) { saltLen = RSA_PSS_SALT_MAX_SZ; } #endif } #ifndef WOLFSSL_PSS_LONG_SALT else if (saltLen > hLen) { return PSS_SALTLEN_E; } #endif #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER else if (saltLen < RSA_PSS_SALT_LEN_DEFAULT) { return PSS_SALTLEN_E; } #else else if (saltLen == RSA_PSS_SALT_LEN_DISCOVER) { saltLen = (int)pkcsBlockLen - hLen - 2; if (saltLen < 0) { return PSS_SALTLEN_E; } } else if (saltLen < RSA_PSS_SALT_LEN_DISCOVER) { return PSS_SALTLEN_E; } #endif if ((int)pkcsBlockLen - hLen < saltLen + 2) { return PSS_SALTLEN_E; } maskLen = pkcsBlockLen - 1 - hLen; #if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER) #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) salt = (byte*)XMALLOC(RSA_PSS_PAD_SZ + inputLen + saltLen, heap, DYNAMIC_TYPE_RSA_BUFFER); if (salt == NULL) { return MEMORY_E; } #endif s = m = salt; XMEMSET(m, 0, RSA_PSS_PAD_SZ); m += RSA_PSS_PAD_SZ; XMEMCPY(m, input, inputLen); m += inputLen; o = (int)(m - s); if (saltLen > 0) { ret = wc_RNG_GenerateBlock(rng, m, saltLen); if (ret == 0) { m += saltLen; } } #else s = m = pkcsBlock; XMEMSET(m, 0, RSA_PSS_PAD_SZ); m += RSA_PSS_PAD_SZ; XMEMCPY(m, input, inputLen); m += inputLen; o = 0; if (saltLen > 0) { ret = wc_RNG_GenerateBlock(rng, salt, saltLen); if (ret == 0) { XMEMCPY(m, salt, saltLen); m += saltLen; } } #endif if (ret == 0) { ret = wc_Hash(hType, s, (word32)(m - s), pkcsBlock + maskLen, hLen); } if (ret == 0) { pkcsBlock[pkcsBlockLen - 1] = RSA_PSS_PAD_TERM; ret = RsaMGF(mgf, pkcsBlock + maskLen, hLen, pkcsBlock, maskLen, heap); } if (ret == 0) { if (hiBits) pkcsBlock[0] &= (1 << hiBits) - 1; m = pkcsBlock + maskLen - saltLen - 1; *(m++) ^= 0x01; for (i = 0; i < saltLen; i++) { m[i] ^= salt[o + i]; } } #if defined(WOLFSSL_PSS_LONG_SALT) || defined(WOLFSSL_PSS_SALT_LEN_DISCOVER) #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) if (salt != NULL) { XFREE(salt, heap, DYNAMIC_TYPE_RSA_BUFFER); } #endif #endif return ret; }",visit repo url,wolfcrypt/src/rsa.c,https://github.com/wolfSSL/wolfssl,146816057118843,1 2285,CWE-119,"static void unqueue_me_pi(struct futex_q *q) { WARN_ON(plist_node_empty(&q->list)); plist_del(&q->list, &q->list.plist); BUG_ON(!q->pi_state); free_pi_state(q->pi_state); q->pi_state = NULL; spin_unlock(q->lock_ptr); drop_futex_key_refs(&q->key); }",visit repo url,kernel/futex.c,https://github.com/torvalds/linux,173713691114546,1 3160,CWE-77,"static int parse_token(char **name, char **value, char **cp) { char *end; if (!name || !value || !cp) return -BLKID_ERR_PARAM; if (!(*value = strchr(*cp, '='))) return 0; **value = '\0'; *name = strip_line(*cp); *value = skip_over_blank(*value + 1); if (**value == '""') { end = strchr(*value + 1, '""'); if (!end) { DBG(READ, ul_debug(""unbalanced quotes at: %s"", *value)); *cp = *value; return -BLKID_ERR_CACHE; } (*value)++; *end = '\0'; end++; } else { end = skip_over_word(*value); if (*end) { *end = '\0'; end++; } } *cp = end; return 1; }",visit repo url,libblkid/src/read.c,https://github.com/karelzak/util-linux,87067873799776,1 2452,CWE-119,"static void scsi_write_data(SCSIRequest *req) { SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); uint32_t n; assert(r->req.aiocb == NULL); if (r->req.cmd.mode != SCSI_XFER_TO_DEV) { DPRINTF(""Data transfer direction invalid\n""); scsi_write_complete(r, -EINVAL); return; } n = r->iov.iov_len / 512; if (n) { if (s->tray_open) { scsi_write_complete(r, -ENOMEDIUM); } qemu_iovec_init_external(&r->qiov, &r->iov, 1); bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_WRITE); r->req.aiocb = bdrv_aio_writev(s->bs, r->sector, &r->qiov, n, scsi_write_complete, r); if (r->req.aiocb == NULL) { scsi_write_complete(r, -ENOMEM); } } else { scsi_write_complete(r, 0); } }",visit repo url,hw/scsi-disk.c,https://github.com/bonzini/qemu,48194265418409,1 294,CWE-200,"static void pipe_advance(struct iov_iter *i, size_t size) { struct pipe_inode_info *pipe = i->pipe; struct pipe_buffer *buf; int idx = i->idx; size_t off = i->iov_offset, orig_sz; if (unlikely(i->count < size)) size = i->count; orig_sz = size; if (size) { if (off) size += off - pipe->bufs[idx].offset; while (1) { buf = &pipe->bufs[idx]; if (size <= buf->len) break; size -= buf->len; idx = next_idx(idx, pipe); } buf->len = size; i->idx = idx; off = i->iov_offset = buf->offset + size; } if (off) idx = next_idx(idx, pipe); if (pipe->nrbufs) { int unused = (pipe->curbuf + pipe->nrbufs) & (pipe->buffers - 1); while (idx != unused) { pipe_buf_release(pipe, &pipe->bufs[idx]); idx = next_idx(idx, pipe); pipe->nrbufs--; } } i->count -= orig_sz; }",visit repo url,lib/iov_iter.c,https://github.com/torvalds/linux,147938370674250,1 5334,['CWE-476'],"void kvm_inject_nmi(struct kvm_vcpu *vcpu) { vcpu->arch.nmi_pending = 1; }",linux-2.6,,,162312071510017662262657241801826125509,0 383,[],"pfm_write_ibr_dbr(int mode, pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { struct thread_struct *thread = NULL; struct task_struct *task; pfarg_dbreg_t *req = (pfarg_dbreg_t *)arg; unsigned long flags; dbreg_t dbreg; unsigned int rnum; int first_time; int ret = 0, state; int i, can_access_pmu = 0; int is_system, is_loaded; if (pmu_conf->use_rr_dbregs == 0) return -EINVAL; state = ctx->ctx_state; is_loaded = state == PFM_CTX_LOADED ? 1 : 0; is_system = ctx->ctx_fl_system; task = ctx->ctx_task; if (state == PFM_CTX_ZOMBIE) return -EINVAL; if (is_loaded) { thread = &task->thread; if (unlikely(is_system && ctx->ctx_cpu != smp_processor_id())) { DPRINT((""should be running on CPU%d\n"", ctx->ctx_cpu)); return -EBUSY; } can_access_pmu = GET_PMU_OWNER() == task || is_system ? 1 : 0; } first_time = ctx->ctx_fl_using_dbreg == 0; if (is_loaded && (thread->flags & IA64_THREAD_DBG_VALID) != 0) { DPRINT((""debug registers already in use for [%d]\n"", task->pid)); return -EBUSY; } if (is_loaded) { LOCK_PFS(flags); if (first_time && is_system) { if (pfm_sessions.pfs_ptrace_use_dbregs) ret = -EBUSY; else pfm_sessions.pfs_sys_use_dbregs++; } UNLOCK_PFS(flags); } if (ret != 0) return ret; ctx->ctx_fl_using_dbreg = 1; if (first_time && can_access_pmu) { DPRINT((""[%d] clearing ibrs, dbrs\n"", task->pid)); for (i=0; i < pmu_conf->num_ibrs; i++) { ia64_set_ibr(i, 0UL); ia64_dv_serialize_instruction(); } ia64_srlz_i(); for (i=0; i < pmu_conf->num_dbrs; i++) { ia64_set_dbr(i, 0UL); ia64_dv_serialize_data(); } ia64_srlz_d(); } for (i = 0; i < count; i++, req++) { rnum = req->dbreg_num; dbreg.val = req->dbreg_value; ret = -EINVAL; if ((mode == PFM_CODE_RR && rnum >= PFM_NUM_IBRS) || ((mode == PFM_DATA_RR) && rnum >= PFM_NUM_DBRS)) { DPRINT((""invalid register %u val=0x%lx mode=%d i=%d count=%d\n"", rnum, dbreg.val, mode, i, count)); goto abort_mission; } if (rnum & 0x1) { if (mode == PFM_CODE_RR) dbreg.ibr.ibr_x = 0; else dbreg.dbr.dbr_r = dbreg.dbr.dbr_w = 0; } PFM_REG_RETFLAG_SET(req->dbreg_flags, 0); if (mode == PFM_CODE_RR) { CTX_USED_IBR(ctx, rnum); if (can_access_pmu) { ia64_set_ibr(rnum, dbreg.val); ia64_dv_serialize_instruction(); } ctx->ctx_ibrs[rnum] = dbreg.val; DPRINT((""write ibr%u=0x%lx used_ibrs=0x%x ld=%d apmu=%d\n"", rnum, dbreg.val, ctx->ctx_used_ibrs[0], is_loaded, can_access_pmu)); } else { CTX_USED_DBR(ctx, rnum); if (can_access_pmu) { ia64_set_dbr(rnum, dbreg.val); ia64_dv_serialize_data(); } ctx->ctx_dbrs[rnum] = dbreg.val; DPRINT((""write dbr%u=0x%lx used_dbrs=0x%x ld=%d apmu=%d\n"", rnum, dbreg.val, ctx->ctx_used_dbrs[0], is_loaded, can_access_pmu)); } } return 0; abort_mission: if (first_time) { LOCK_PFS(flags); if (ctx->ctx_fl_system) { pfm_sessions.pfs_sys_use_dbregs--; } UNLOCK_PFS(flags); ctx->ctx_fl_using_dbreg = 0; } PFM_REG_RETFLAG_SET(req->dbreg_flags, PFM_REG_RETFL_EINVAL); return ret; }",linux-2.6,,,210103969725396928831589847079003227478,0 3047,CWE-189,"txid_snapshot_recv(PG_FUNCTION_ARGS) { StringInfo buf = (StringInfo) PG_GETARG_POINTER(0); TxidSnapshot *snap; txid last = 0; int nxip; int i; int avail; int expect; txid xmin, xmax; nxip = pq_getmsgint(buf, 4); avail = buf->len - buf->cursor; expect = 8 + 8 + nxip * 8; if (nxip < 0 || nxip > avail || expect > avail) goto bad_format; xmin = pq_getmsgint64(buf); xmax = pq_getmsgint64(buf); if (xmin == 0 || xmax == 0 || xmin > xmax || xmax > MAX_TXID) goto bad_format; snap = palloc(TXID_SNAPSHOT_SIZE(nxip)); snap->xmin = xmin; snap->xmax = xmax; snap->nxip = nxip; SET_VARSIZE(snap, TXID_SNAPSHOT_SIZE(nxip)); for (i = 0; i < nxip; i++) { txid cur = pq_getmsgint64(buf); if (cur <= last || cur < xmin || cur >= xmax) goto bad_format; snap->xip[i] = cur; last = cur; } PG_RETURN_POINTER(snap); bad_format: elog(ERROR, ""invalid snapshot data""); return (Datum) NULL; }",visit repo url,src/backend/utils/adt/txid.c,https://github.com/postgres/postgres,114849825684704,1 6728,CWE-78,"call_backend(char *uri, int argc, char **argv, char *filename) { const char *cups_serverbin; char scheme[1024], *ptr, cmdline[65536]; int retval; strncpy(scheme, uri, sizeof(scheme) - 1); if (strlen(uri) > 1023) scheme[1023] = '\0'; if ((ptr = strchr(scheme, ':')) != NULL) *ptr = '\0'; if ((cups_serverbin = getenv(""CUPS_SERVERBIN"")) == NULL) cups_serverbin = CUPS_SERVERBIN; if (!strncasecmp(uri, ""file:"", 5) || uri[0] == '/') { fprintf(stderr, ""ERROR: beh: Direct output into a file not supported.\n""); exit (CUPS_BACKEND_FAILED); } else snprintf(cmdline, sizeof(cmdline), ""%s/backend/%s '%s' '%s' '%s' '%s' '%s' %s"", cups_serverbin, scheme, argv[1], argv[2], argv[3], (argc == 6 ? ""1"" : argv[4]), argv[5], filename); setenv(""DEVICE_URI"", uri, 1); fprintf(stderr, ""DEBUG: beh: Executing backend command line \""%s\""...\n"", cmdline); fprintf(stderr, ""DEBUG: beh: Using device URI: %s\n"", uri); retval = system(cmdline) >> 8; if (retval == -1) fprintf(stderr, ""ERROR: Unable to execute backend command line: %s\n"", strerror(errno)); return (retval); }",visit repo url,backend/beh.c,https://github.com/OpenPrinting/cups-filters,5102291465444,1 3243,['CWE-189'],"static jas_seqent_t bitstoint(uint_fast32_t v, int prec, bool sgnd) { jas_seqent_t ret; v &= JAS_ONES(prec); ret = (sgnd && (v & (1 << (prec - 1)))) ? (v - (1 << prec)) : v; return ret; }",jasper,,,55096526448545639942686457967459340687,0 627,['CWE-189'],"static int ieee80211_read_qos_param_element(struct ieee80211_qos_parameter_info *element_param, struct ieee80211_info_element *info_element) { int ret = 0; u16 size = sizeof(struct ieee80211_qos_parameter_info) - 2; if ((info_element == NULL) || (element_param == NULL)) return -1; if (info_element->id == QOS_ELEMENT_ID && info_element->len == size) { memcpy(element_param->info_element.qui, info_element->data, info_element->len); element_param->info_element.elementID = info_element->id; element_param->info_element.length = info_element->len; } else ret = -1; if (ret == 0) ret = ieee80211_verify_qos_info(&element_param->info_element, QOS_OUI_PARAM_SUB_TYPE); return ret; }",linux-2.6,,,15474214910652289730757624019351272441,0 5015,['CWE-120'],"ssize_t util_get_sys_subsystem(struct udev *udev, const char *syspath, char *subsystem, size_t size) { return get_sys_link(udev, ""subsystem"", syspath, subsystem, size); }",udev,,,59667652336681995129715824807812589835,0 1114,CWE-362,"int ip_options_get_from_user(struct net *net, struct ip_options **optp, unsigned char __user *data, int optlen) { struct ip_options *opt = ip_options_get_alloc(optlen); if (!opt) return -ENOMEM; if (optlen && copy_from_user(opt->__data, data, optlen)) { kfree(opt); return -EFAULT; } return ip_options_get_finish(net, optp, opt, optlen); }",visit repo url,net/ipv4/ip_options.c,https://github.com/torvalds/linux,68066817405723,1 1351,['CWE-399'],"static int ipip6_fb_tunnel_init(struct net_device *dev) { struct ip_tunnel *tunnel = netdev_priv(dev); struct iphdr *iph = &tunnel->parms.iph; struct net *net = dev_net(dev); struct sit_net *sitn = net_generic(net, sit_net_id); tunnel->dev = dev; strcpy(tunnel->parms.name, dev->name); iph->version = 4; iph->protocol = IPPROTO_IPV6; iph->ihl = 5; iph->ttl = 64; dev_hold(dev); sitn->tunnels_wc[0] = tunnel; return 0; }",linux-2.6,,,227258954287281987590828897398983030645,0 2552,['CWE-119'],"static void copy_file_with_prefix(FILE *file, int prefix, const char *data, int size, const char *set, const char *reset) { int ch, nl_just_seen = 1; while (0 < size--) { ch = *data++; if (nl_just_seen) { fputs(set, file); putc(prefix, file); } if (ch == '\n') { nl_just_seen = 1; fputs(reset, file); } else nl_just_seen = 0; putc(ch, file); } if (!nl_just_seen) fprintf(file, ""%s\n\\ No newline at end of file\n"", reset); }",git,,,47149343836944118104679565197193827784,0 1817,CWE-416,"static void outbound_phy_packet_callback(struct fw_packet *packet, struct fw_card *card, int status) { struct outbound_phy_packet_event *e = container_of(packet, struct outbound_phy_packet_event, p); switch (status) { case ACK_COMPLETE: e->phy_packet.rcode = RCODE_COMPLETE; break; case ACK_PENDING: e->phy_packet.rcode = RCODE_COMPLETE; break; case ACK_BUSY_X: case ACK_BUSY_A: case ACK_BUSY_B: e->phy_packet.rcode = RCODE_BUSY; break; case ACK_DATA_ERROR: e->phy_packet.rcode = RCODE_DATA_ERROR; break; case ACK_TYPE_ERROR: e->phy_packet.rcode = RCODE_TYPE_ERROR; break; default: e->phy_packet.rcode = status; break; } e->phy_packet.data[0] = packet->timestamp; queue_event(e->client, &e->event, &e->phy_packet, sizeof(e->phy_packet) + e->phy_packet.length, NULL, 0); client_put(e->client); }",visit repo url,drivers/firewire/core-cdev.c,https://github.com/torvalds/linux,142760171658209,1 1715,[],"unsigned long long nr_context_switches(void) { int i; unsigned long long sum = 0; for_each_possible_cpu(i) sum += cpu_rq(i)->nr_switches; return sum; }",linux-2.6,,,62044131681238043267937009339574284833,0 3945,CWE-476,"term_and_job_init( term_T *term, typval_T *argvar, char **argv UNUSED, jobopt_T *opt, jobopt_T *orig_opt) { WCHAR *cmd_wchar = NULL; WCHAR *cwd_wchar = NULL; WCHAR *env_wchar = NULL; channel_T *channel = NULL; job_T *job = NULL; DWORD error; HANDLE jo = NULL; HANDLE child_process_handle; HANDLE child_thread_handle; void *winpty_err = NULL; void *spawn_config = NULL; garray_T ga_cmd, ga_env; char_u *cmd = NULL; if (dyn_winpty_init(TRUE) == FAIL) return FAIL; ga_init2(&ga_cmd, (int)sizeof(char*), 20); ga_init2(&ga_env, (int)sizeof(char*), 20); if (argvar->v_type == VAR_STRING) { cmd = argvar->vval.v_string; } else if (argvar->v_type == VAR_LIST) { if (win32_build_cmd(argvar->vval.v_list, &ga_cmd) == FAIL) goto failed; cmd = ga_cmd.ga_data; } if (cmd == NULL || *cmd == NUL) { EMSG(_(e_invarg)); goto failed; } cmd_wchar = enc_to_utf16(cmd, NULL); ga_clear(&ga_cmd); if (cmd_wchar == NULL) goto failed; if (opt->jo_cwd != NULL) cwd_wchar = enc_to_utf16(opt->jo_cwd, NULL); win32_build_env(opt->jo_env, &ga_env, TRUE); env_wchar = ga_env.ga_data; term->tl_winpty_config = winpty_config_new(0, &winpty_err); if (term->tl_winpty_config == NULL) goto failed; winpty_config_set_mouse_mode(term->tl_winpty_config, WINPTY_MOUSE_MODE_FORCE); winpty_config_set_initial_size(term->tl_winpty_config, term->tl_cols, term->tl_rows); term->tl_winpty = winpty_open(term->tl_winpty_config, &winpty_err); if (term->tl_winpty == NULL) goto failed; spawn_config = winpty_spawn_config_new( WINPTY_SPAWN_FLAG_AUTO_SHUTDOWN | WINPTY_SPAWN_FLAG_EXIT_AFTER_SHUTDOWN, NULL, cmd_wchar, cwd_wchar, env_wchar, &winpty_err); if (spawn_config == NULL) goto failed; channel = add_channel(); if (channel == NULL) goto failed; job = job_alloc(); if (job == NULL) goto failed; if (argvar->v_type == VAR_STRING) { int argc; build_argv_from_string(cmd, &job->jv_argv, &argc); } else { int argc; build_argv_from_list(argvar->vval.v_list, &job->jv_argv, &argc); } if (opt->jo_set & JO_IN_BUF) job->jv_in_buf = buflist_findnr(opt->jo_io_buf[PART_IN]); if (!winpty_spawn(term->tl_winpty, spawn_config, &child_process_handle, &child_thread_handle, &error, &winpty_err)) goto failed; channel_set_pipes(channel, (sock_T)CreateFileW( winpty_conin_name(term->tl_winpty), GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL), (sock_T)CreateFileW( winpty_conout_name(term->tl_winpty), GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL), (sock_T)CreateFileW( winpty_conerr_name(term->tl_winpty), GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL)); channel->ch_write_text_mode = TRUE; jo = CreateJobObject(NULL, NULL); if (jo == NULL) goto failed; if (!AssignProcessToJobObject(jo, child_process_handle)) { CloseHandle(jo); jo = NULL; } winpty_spawn_config_free(spawn_config); vim_free(cmd_wchar); vim_free(cwd_wchar); vim_free(env_wchar); create_vterm(term, term->tl_rows, term->tl_cols); #if defined(FEAT_GUI) || defined(FEAT_TERMGUICOLORS) if (opt->jo_set2 & JO2_ANSI_COLORS) set_vterm_palette(term->tl_vterm, opt->jo_ansi_colors); else init_vterm_ansi_colors(term->tl_vterm); #endif channel_set_job(channel, job, opt); job_set_options(job, opt); job->jv_channel = channel; job->jv_proc_info.hProcess = child_process_handle; job->jv_proc_info.dwProcessId = GetProcessId(child_process_handle); job->jv_job_object = jo; job->jv_status = JOB_STARTED; job->jv_tty_in = utf16_to_enc( (short_u*)winpty_conin_name(term->tl_winpty), NULL); job->jv_tty_out = utf16_to_enc( (short_u*)winpty_conout_name(term->tl_winpty), NULL); ++job->jv_refcount; term->tl_job = job; if (orig_opt->jo_io[PART_OUT] == JIO_FILE) { char_u *fname = opt->jo_io_name[PART_OUT]; ch_log(channel, ""Opening output file %s"", fname); term->tl_out_fd = mch_fopen((char *)fname, WRITEBIN); if (term->tl_out_fd == NULL) EMSG2(_(e_notopen), fname); } return OK; failed: ga_clear(&ga_cmd); ga_clear(&ga_env); vim_free(cmd_wchar); vim_free(cwd_wchar); if (spawn_config != NULL) winpty_spawn_config_free(spawn_config); if (channel != NULL) channel_clear(channel); if (job != NULL) { job->jv_channel = NULL; job_cleanup(job); } term->tl_job = NULL; if (jo != NULL) CloseHandle(jo); if (term->tl_winpty != NULL) winpty_free(term->tl_winpty); term->tl_winpty = NULL; if (term->tl_winpty_config != NULL) winpty_config_free(term->tl_winpty_config); term->tl_winpty_config = NULL; if (winpty_err != NULL) { char_u *msg = utf16_to_enc( (short_u *)winpty_error_msg(winpty_err), NULL); EMSG(msg); winpty_error_free(winpty_err); } return FAIL; }",visit repo url,src/terminal.c,https://github.com/vim/vim,232816964893148,1 2105,[],"int udp_disconnect(struct sock *sk, int flags) { struct inet_sock *inet = inet_sk(sk); sk->sk_state = TCP_CLOSE; inet->daddr = 0; inet->dport = 0; sk->sk_bound_dev_if = 0; if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) inet_reset_saddr(sk); if (!(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) { sk->sk_prot->unhash(sk); inet->sport = 0; } sk_dst_reset(sk); return 0; }",linux-2.6,,,280271353864928156948422351792780607461,0 107,CWE-674,"decode_sequence_of(const uint8_t *asn1, size_t len, const struct atype_info *elemtype, void **seq_out, size_t *count_out) { krb5_error_code ret; void *seq = NULL, *elem, *newseq; const uint8_t *contents; size_t clen, count = 0; taginfo t; *seq_out = NULL; *count_out = 0; while (len > 0) { ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len); if (ret) goto error; if (!check_atype_tag(elemtype, &t)) { ret = ASN1_BAD_ID; goto error; } newseq = realloc(seq, (count + 1) * elemtype->size); if (newseq == NULL) { ret = ENOMEM; goto error; } seq = newseq; elem = (char *)seq + count * elemtype->size; memset(elem, 0, elemtype->size); ret = decode_atype(&t, contents, clen, elemtype, elem); if (ret) goto error; count++; } *seq_out = seq; *count_out = count; return 0; error: free_sequence_of(elemtype, seq, count); free(seq); return ret; }",visit repo url,src/lib/krb5/asn.1/asn1_encode.c,https://github.com/krb5/krb5,24592398450430,1 5537,['CWE-20'],"int inflate() { int e; int r; unsigned h; wp = 0; bk = 0; bb = 0; h = 0; do { hufts = 0; if ((r = inflate_block(&e)) != 0) return r; if (hufts > h) h = hufts; } while (!e); while (bk >= 8) { bk -= 8; inptr--; } flush_output(wp); Trace ((stderr, ""<%u> "", h)); return 0; }",gzip,,,69603009847870677715326580238343521584,0 2640,CWE-125,"PHP_NAMED_FUNCTION(zif_locale_set_default) { char* locale_name = NULL; int len=0; if(zend_parse_parameters( ZEND_NUM_ARGS() TSRMLS_CC, ""s"", &locale_name ,&len ) == FAILURE) { intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ""locale_set_default: unable to parse input params"", 0 TSRMLS_CC ); RETURN_FALSE; } if(len == 0) { locale_name = (char *)uloc_getDefault() ; len = strlen(locale_name); } zend_alter_ini_entry(LOCALE_INI_NAME, sizeof(LOCALE_INI_NAME), locale_name, len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); RETURN_TRUE; }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,199468041251255,1 2368,['CWE-200'],"snd_seq_oss_synth_unregister(struct snd_seq_device *dev) { int index; struct seq_oss_synth *rec = dev->driver_data; unsigned long flags; spin_lock_irqsave(®ister_lock, flags); for (index = 0; index < max_synth_devs; index++) { if (synth_devs[index] == rec) break; } if (index >= max_synth_devs) { spin_unlock_irqrestore(®ister_lock, flags); snd_printk(KERN_ERR ""can't unregister synth\n""); return -EINVAL; } synth_devs[index] = NULL; if (index == max_synth_devs - 1) { for (index--; index >= 0; index--) { if (synth_devs[index]) break; } max_synth_devs = index + 1; } spin_unlock_irqrestore(®ister_lock, flags); #ifdef SNDRV_OSS_INFO_DEV_SYNTH if (rec->seq_device < SNDRV_CARDS) snd_oss_info_unregister(SNDRV_OSS_INFO_DEV_SYNTH, rec->seq_device); #endif snd_use_lock_sync(&rec->use_lock); kfree(rec); return 0; }",linux-2.6,,,94155107213429983818028185032420689009,0 1211,['CWE-20'],"CairoFontEngine::getFont(GfxFont *gfxFont, XRef *xref) { int i, j; Ref ref; CairoFont *font; GfxFontType fontType; fontType = gfxFont->getType(); if (fontType == fontType3) { } ref = *gfxFont->getID(); for (i = 0; i < cairoFontCacheSize; ++i) { font = fontCache[i]; if (font && font->matches(ref)) { for (j = i; j > 0; --j) { fontCache[j] = fontCache[j-1]; } fontCache[0] = font; return font; } } font = CairoFont::create (gfxFont, xref, lib, useCIDs); if (fontCache[cairoFontCacheSize - 1]) { delete fontCache[cairoFontCacheSize - 1]; } for (j = cairoFontCacheSize - 1; j > 0; --j) { fontCache[j] = fontCache[j-1]; } fontCache[0] = font; return font; }",poppler,,,223837065428052086418626781249921633736,0 3867,CWE-125,"cstrchr(char_u *s, int c) { char_u *p; int cc; if (!rex.reg_ic || (!enc_utf8 && mb_char2len(c) > 1)) return vim_strchr(s, c); if (enc_utf8 && c > 0x80) cc = utf_fold(c); else if (MB_ISUPPER(c)) cc = MB_TOLOWER(c); else if (MB_ISLOWER(c)) cc = MB_TOUPPER(c); else return vim_strchr(s, c); if (has_mbyte) { for (p = s; *p != NUL; p += (*mb_ptr2len)(p)) { if (enc_utf8 && c > 0x80) { if (utf_fold(utf_ptr2char(p)) == cc) return p; } else if (*p == c || *p == cc) return p; } } else for (p = s; *p != NUL; ++p) if (*p == c || *p == cc) return p; return NULL; }",visit repo url,src/regexp.c,https://github.com/vim/vim,205493094088920,1 2149,CWE-476,"int btrfs_get_dev_stats(struct btrfs_fs_info *fs_info, struct btrfs_ioctl_get_dev_stats *stats) { struct btrfs_device *dev; struct btrfs_fs_devices *fs_devices = fs_info->fs_devices; int i; mutex_lock(&fs_devices->device_list_mutex); dev = btrfs_find_device(fs_info->fs_devices, stats->devid, NULL, NULL); mutex_unlock(&fs_devices->device_list_mutex); if (!dev) { btrfs_warn(fs_info, ""get dev_stats failed, device not found""); return -ENODEV; } else if (!dev->dev_stats_valid) { btrfs_warn(fs_info, ""get dev_stats failed, not yet valid""); return -ENODEV; } else if (stats->flags & BTRFS_DEV_STATS_RESET) { for (i = 0; i < BTRFS_DEV_STAT_VALUES_MAX; i++) { if (stats->nr_items > i) stats->values[i] = btrfs_dev_stat_read_and_reset(dev, i); else btrfs_dev_stat_reset(dev, i); } } else { for (i = 0; i < BTRFS_DEV_STAT_VALUES_MAX; i++) if (stats->nr_items > i) stats->values[i] = btrfs_dev_stat_read(dev, i); } if (stats->nr_items > BTRFS_DEV_STAT_VALUES_MAX) stats->nr_items = BTRFS_DEV_STAT_VALUES_MAX; return 0; }",visit repo url,fs/btrfs/volumes.c,https://github.com/torvalds/linux,44314684474063,1 1367,[],"static inline struct sched_entity *__pick_last_entity(struct cfs_rq *cfs_rq) { struct rb_node *last = rb_last(&cfs_rq->tasks_timeline); if (!last) return NULL; return rb_entry(last, struct sched_entity, run_node); }",linux-2.6,,,23053885557868723334915425690059459153,0 1563,CWE-362,"static inline bool is_flush_request(struct request *rq, struct blk_flush_queue *fq, unsigned int tag) { return ((rq->cmd_flags & REQ_FLUSH_SEQ) && fq->flush_rq->tag == tag); }",visit repo url,block/blk-mq.c,https://github.com/torvalds/linux,174922815264187,1 6409,['CWE-59'],"check_setuid(void) { if (getuid() && !geteuid()) { printf(""This mount.cifs program has been built with the "" ""ability to run as a setuid root program disabled.\n"" ""mount.cifs has not been well audited for security "" ""holes. Therefore the Samba team does not recommend "" ""installing it as a setuid root program.\n""); return 1; } return 0; }",samba,,,3906085102117259960612488937708377890,0 5036,[],"static void child_msg_online(int msg_type, struct process_id src, void *buf, size_t len, void *private_data) { struct winbindd_domain *domain; const char *domainname = (const char *)buf; if (buf == NULL || len == 0) { return; } DEBUG(5,(""child_msg_online received for domain %s.\n"", domainname)); if (!lp_winbind_offline_logon()) { DEBUG(10,(""child_msg_online: rejecting online message.\n"")); return; } set_global_winbindd_state_online(); for (domain = domain_list(); domain; domain = domain->next) { if (domain->internal) { continue; } if (strequal(domain->name, domainname)) { DEBUG(5,(""child_msg_online: requesting %s to go online.\n"", domain->name)); winbindd_flush_negative_conn_cache(domain); set_domain_online_request(domain); } } }",samba,,,717255259009500524076100506270044661,0 82,['CWE-787'],"static void cirrus_write_hidden_dac(CirrusVGAState * s, int reg_value) { if (s->cirrus_hidden_dac_lockindex == 4) { s->cirrus_hidden_dac_data = reg_value; #if defined(DEBUG_CIRRUS) printf(""cirrus: outport hidden DAC, value %02x\n"", reg_value); #endif } s->cirrus_hidden_dac_lockindex = 0; }",qemu,,,75705275470431853245511359370476170974,0 6120,['CWE-200'],"static void cbq_ovl_delay(struct cbq_class *cl) { struct cbq_sched_data *q = qdisc_priv(cl->qdisc); psched_tdiff_t delay = PSCHED_TDIFF(cl->undertime, q->now); if (!cl->delayed) { unsigned long sched = jiffies; delay += cl->offtime; if (cl->avgidle < 0) delay -= (-cl->avgidle) - ((-cl->avgidle) >> cl->ewma_log); if (cl->avgidle < cl->minidle) cl->avgidle = cl->minidle; PSCHED_TADD2(q->now, delay, cl->undertime); if (delay > 0) { sched += PSCHED_US2JIFFIE(delay) + cl->penalty; cl->penalized = sched; cl->cpriority = TC_CBQ_MAXPRIO; q->pmask |= (1<delay_timer) && (long)(q->delay_timer.expires - sched) > 0) q->delay_timer.expires = sched; add_timer(&q->delay_timer); cl->delayed = 1; cl->xstats.overactions++; return; } delay = 1; } if (q->wd_expires == 0 || q->wd_expires > delay) q->wd_expires = delay; }",linux-2.6,,,214275598385958484421122716134561114531,0 6461,[],"lt_dlmakeresident (lt_dlhandle handle) { int errors = 0; if (!handle) { LT__SETERROR (INVALID_HANDLE); ++errors; } else { handle->info.is_resident = 1; } return errors; }",libtool,,,189742502252546360600810152439209631770,0 1394,[],"static void enqueue_task_fair(struct rq *rq, struct task_struct *p, int wakeup) { struct cfs_rq *cfs_rq; struct sched_entity *se = &p->se; for_each_sched_entity(se) { if (se->on_rq) break; cfs_rq = cfs_rq_of(se); enqueue_entity(cfs_rq, se, wakeup); wakeup = 1; } hrtick_start_fair(rq, rq->curr); }",linux-2.6,,,216653817135185636420461493189577130010,0 2556,['CWE-119'],"static struct object *get_reference(struct rev_info *revs, const char *name, const unsigned char *sha1, unsigned int flags) { struct object *object; object = parse_object(sha1); if (!object) die(""bad object %s"", name); object->flags |= flags; return object; }",git,,,292304381375968051879266638792283928701,0 2728,[],"SCTP_STATIC int sctp_disconnect(struct sock *sk, int flags) { return -EOPNOTSUPP; }",linux-2.6,,,276335164946322518309277788495716377575,0 6035,['CWE-200'],"static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev) { int err = -1; struct inet6_ifaddr *ifp; read_lock_bh(&idev->lock); for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) { if (ifp->scope == IFA_LINK && !(ifp->flags&IFA_F_TENTATIVE)) { memcpy(eui, ifp->addr.s6_addr+8, 8); err = 0; break; } } read_unlock_bh(&idev->lock); return err; }",linux-2.6,,,141846449824708633723647497810682501555,0 589,CWE-264,"static int persistent_prepare_exception(struct dm_exception_store *store, struct dm_exception *e) { struct pstore *ps = get_info(store); uint32_t stride; chunk_t next_free; sector_t size = get_dev_size(dm_snap_cow(store->snap)->bdev); if (size < ((ps->next_free + 1) * store->chunk_size)) return -ENOSPC; e->new_chunk = ps->next_free; stride = (ps->exceptions_per_area + 1); next_free = ++ps->next_free; if (sector_div(next_free, stride) == 1) ps->next_free++; atomic_inc(&ps->pending_count); return 0; }",visit repo url,drivers/md/dm-snap-persistent.c,https://github.com/torvalds/linux,232383738609457,1 5599,[],"long do_sigpending(void __user *set, unsigned long sigsetsize) { long error = -EINVAL; sigset_t pending; if (sigsetsize > sizeof(sigset_t)) goto out; spin_lock_irq(¤t->sighand->siglock); sigorsets(&pending, ¤t->pending.signal, ¤t->signal->shared_pending.signal); spin_unlock_irq(¤t->sighand->siglock); sigandsets(&pending, ¤t->blocked, &pending); error = -EFAULT; if (!copy_to_user(set, &pending, sigsetsize)) error = 0; out: return error; } ",linux-2.6,,,330009348740986953486924099986937437214,0 1016,['CWE-20'],"asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) { int old_ruid, old_euid, old_suid, new_ruid, new_euid; int retval; retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); if (retval) return retval; new_ruid = old_ruid = current->uid; new_euid = old_euid = current->euid; old_suid = current->suid; if (ruid != (uid_t) -1) { new_ruid = ruid; if ((old_ruid != ruid) && (current->euid != ruid) && !capable(CAP_SETUID)) return -EPERM; } if (euid != (uid_t) -1) { new_euid = euid; if ((old_ruid != euid) && (current->euid != euid) && (current->suid != euid) && !capable(CAP_SETUID)) return -EPERM; } if (new_ruid != old_ruid && set_user(new_ruid, new_euid != old_euid) < 0) return -EAGAIN; if (new_euid != old_euid) { current->mm->dumpable = suid_dumpable; smp_wmb(); } current->fsuid = current->euid = new_euid; if (ruid != (uid_t) -1 || (euid != (uid_t) -1 && euid != old_ruid)) current->suid = current->euid; current->fsuid = current->euid; key_fsuid_changed(current); proc_id_connector(current, PROC_EVENT_UID); return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); }",linux-2.6,,,131382344309723337389965582934489184285,0 6392,['CWE-59'],"static void mount_cifs_usage(FILE *stream) { fprintf(stream, ""\nUsage: %s -o \n"", thisprogram); fprintf(stream, ""\nMount the remote target, specified as a UNC name,""); fprintf(stream, "" to a local directory.\n\nOptions:\n""); fprintf(stream, ""\tuser=\n\tpass=\n\tdom=\n""); fprintf(stream, ""\nLess commonly used options:""); fprintf(stream, ""\n\tcredentials=,guest,perm,noperm,setuids,nosetuids,rw,ro,""); fprintf(stream, ""\n\tsep=,iocharset=,suid,nosuid,exec,noexec,serverino,""); fprintf(stream, ""\n\tmapchars,nomapchars,nolock,servernetbiosname=""); fprintf(stream, ""\n\tdirectio,nounix,cifsacl,sec=,sign""); fprintf(stream, ""\n\nOptions not needed for servers supporting CIFS Unix extensions""); fprintf(stream, ""\n\t(e.g. unneeded for mounts to most Samba versions):""); fprintf(stream, ""\n\tuid=,gid=,dir_mode=,file_mode=,sfu""); fprintf(stream, ""\n\nRarely used options:""); fprintf(stream, ""\n\tport=,rsize=,wsize=,unc=,ip=,""); fprintf(stream, ""\n\tdev,nodev,nouser_xattr,netbiosname=,hard,soft,intr,""); fprintf(stream, ""\n\tnointr,ignorecase,noposixpaths,noacl,prefixpath=,nobrl""); fprintf(stream, ""\n\nOptions are described in more detail in the manual page""); fprintf(stream, ""\n\tman 8 mount.cifs\n""); fprintf(stream, ""\nTo display the version number of the mount helper:""); fprintf(stream, ""\n\t%s -V\n"",thisprogram); SAFE_FREE(mountpassword); if (stream == stderr) exit(EX_USAGE); exit(0); }",samba,,,251445309440496895686207596838038289558,0 5387,['CWE-476'],"unsigned long segment_base(u16 selector) { struct descriptor_table gdt; struct desc_struct *d; unsigned long table_base; unsigned long v; if (selector == 0) return 0; asm(""sgdt %0"" : ""=m""(gdt)); table_base = gdt.base; if (selector & 4) { u16 ldt_selector; asm(""sldt %0"" : ""=g""(ldt_selector)); table_base = segment_base(ldt_selector); } d = (struct desc_struct *)(table_base + (selector & ~7)); v = d->base0 | ((unsigned long)d->base1 << 16) | ((unsigned long)d->base2 << 24); #ifdef CONFIG_X86_64 if (d->s == 0 && (d->type == 2 || d->type == 9 || d->type == 11)) v |= ((unsigned long)((struct ldttss_desc64 *)d)->base3) << 32; #endif return v; }",linux-2.6,,,180046407051401949858980022483500138598,0 5805,['CWE-200'],"static int atalk_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { struct sockaddr_at *addr = (struct sockaddr_at *)uaddr; struct sock *sk = sock->sk; struct atalk_sock *at = at_sk(sk); if (!sock_flag(sk, SOCK_ZAPPED) || addr_len != sizeof(struct sockaddr_at)) return -EINVAL; if (addr->sat_family != AF_APPLETALK) return -EAFNOSUPPORT; if (addr->sat_addr.s_net == htons(ATADDR_ANYNET)) { struct atalk_addr *ap = atalk_find_primary(); if (!ap) return -EADDRNOTAVAIL; at->src_net = addr->sat_addr.s_net = ap->s_net; at->src_node = addr->sat_addr.s_node= ap->s_node; } else { if (!atalk_find_interface(addr->sat_addr.s_net, addr->sat_addr.s_node)) return -EADDRNOTAVAIL; at->src_net = addr->sat_addr.s_net; at->src_node = addr->sat_addr.s_node; } if (addr->sat_port == ATADDR_ANYPORT) { int n = atalk_pick_and_bind_port(sk, addr); if (n < 0) return n; } else { at->src_port = addr->sat_port; if (atalk_find_or_insert_socket(sk, addr)) return -EADDRINUSE; } sock_reset_flag(sk, SOCK_ZAPPED); return 0; }",linux-2.6,,,118687965561098076375994628594292771551,0 6517,CWE-787,"int main(int argc, char **argv, char **envp) { #ifdef DYNLOAD if (!uc_dyn_load(NULL, 0)) { printf(""Error dynamically loading shared library.\n""); printf(""Please check that unicorn.dll/unicorn.so is available as well as\n""); printf(""any other dependent dll/so files.\n""); printf(""The easiest way is to place them in the same directory as this app.\n""); return 1; } #endif test_arm(); printf(""==========================\n""); test_thumb(); #ifdef DYNLOAD uc_dyn_free(); #endif return 0; }",visit repo url,samples/sample_arm.c,https://github.com/unicorn-engine/unicorn,115036524298146,1 5406,['CWE-476'],"u64 kvm_get_apic_base(struct kvm_vcpu *vcpu) { if (irqchip_in_kernel(vcpu->kvm)) return vcpu->arch.apic_base; else return vcpu->arch.apic_base; }",linux-2.6,,,317102745573918568529314799157293984962,0 3769,[],"static int unix_socketpair(struct socket *socka, struct socket *sockb) { struct sock *ska=socka->sk, *skb = sockb->sk; sock_hold(ska); sock_hold(skb); unix_peer(ska)=skb; unix_peer(skb)=ska; ska->sk_peercred.pid = skb->sk_peercred.pid = current->tgid; ska->sk_peercred.uid = skb->sk_peercred.uid = current->euid; ska->sk_peercred.gid = skb->sk_peercred.gid = current->egid; if (ska->sk_type != SOCK_DGRAM) { ska->sk_state = TCP_ESTABLISHED; skb->sk_state = TCP_ESTABLISHED; socka->state = SS_CONNECTED; sockb->state = SS_CONNECTED; } return 0; }",linux-2.6,,,274972210010264535395177495461249426484,0 3780,[],"static int unix_release_sock (struct sock *sk, int embrion) { struct unix_sock *u = unix_sk(sk); struct dentry *dentry; struct vfsmount *mnt; struct sock *skpair; struct sk_buff *skb; int state; unix_remove_socket(sk); unix_state_lock(sk); sock_orphan(sk); sk->sk_shutdown = SHUTDOWN_MASK; dentry = u->dentry; u->dentry = NULL; mnt = u->mnt; u->mnt = NULL; state = sk->sk_state; sk->sk_state = TCP_CLOSE; unix_state_unlock(sk); wake_up_interruptible_all(&u->peer_wait); skpair=unix_peer(sk); if (skpair!=NULL) { if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) { unix_state_lock(skpair); skpair->sk_shutdown = SHUTDOWN_MASK; if (!skb_queue_empty(&sk->sk_receive_queue) || embrion) skpair->sk_err = ECONNRESET; unix_state_unlock(skpair); skpair->sk_state_change(skpair); read_lock(&skpair->sk_callback_lock); sk_wake_async(skpair,1,POLL_HUP); read_unlock(&skpair->sk_callback_lock); } sock_put(skpair); unix_peer(sk) = NULL; } while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { if (state==TCP_LISTEN) unix_release_sock(skb->sk, 1); kfree_skb(skb); } if (dentry) { dput(dentry); mntput(mnt); } sock_put(sk); if (atomic_read(&unix_tot_inflight)) unix_gc(); return 0; }",linux-2.6,,,224145984964990154497684729853187615217,0 565,CWE-20,"static int dispatch_discard_io(struct xen_blkif *blkif, struct blkif_request *req) { int err = 0; int status = BLKIF_RSP_OKAY; struct block_device *bdev = blkif->vbd.bdev; unsigned long secure; blkif->st_ds_req++; xen_blkif_get(blkif); secure = (blkif->vbd.discard_secure && (req->u.discard.flag & BLKIF_DISCARD_SECURE)) ? BLKDEV_DISCARD_SECURE : 0; err = blkdev_issue_discard(bdev, req->u.discard.sector_number, req->u.discard.nr_sectors, GFP_KERNEL, secure); if (err == -EOPNOTSUPP) { pr_debug(DRV_PFX ""discard op failed, not supported\n""); status = BLKIF_RSP_EOPNOTSUPP; } else if (err) status = BLKIF_RSP_ERROR; make_response(blkif, req->u.discard.id, req->operation, status); xen_blkif_put(blkif); return err; }",visit repo url,drivers/block/xen-blkback/blkback.c,https://github.com/torvalds/linux,51586000712724,1 1265,NVD-CWE-Other,"static inline __u32 dccp_v6_init_sequence(struct sk_buff *skb) { return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, ipv6_hdr(skb)->saddr.s6_addr32, dccp_hdr(skb)->dccph_dport, dccp_hdr(skb)->dccph_sport ); }",visit repo url,net/dccp/ipv6.c,https://github.com/torvalds/linux,190025436331234,1 1713,CWE-19,"static void ext2_put_super (struct super_block * sb) { int db_count; int i; struct ext2_sb_info *sbi = EXT2_SB(sb); dquot_disable(sb, -1, DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); ext2_xattr_put_super(sb); if (!(sb->s_flags & MS_RDONLY)) { struct ext2_super_block *es = sbi->s_es; spin_lock(&sbi->s_lock); es->s_state = cpu_to_le16(sbi->s_mount_state); spin_unlock(&sbi->s_lock); ext2_sync_super(sb, es, 1); } db_count = sbi->s_gdb_count; for (i = 0; i < db_count; i++) if (sbi->s_group_desc[i]) brelse (sbi->s_group_desc[i]); kfree(sbi->s_group_desc); kfree(sbi->s_debts); percpu_counter_destroy(&sbi->s_freeblocks_counter); percpu_counter_destroy(&sbi->s_freeinodes_counter); percpu_counter_destroy(&sbi->s_dirs_counter); brelse (sbi->s_sbh); sb->s_fs_info = NULL; kfree(sbi->s_blockgroup_lock); kfree(sbi); }",visit repo url,fs/ext2/super.c,https://github.com/torvalds/linux,267037573746829,1 1173,CWE-400,"static void emulate_load_store_insn(struct pt_regs *regs, void __user *addr, unsigned int __user *pc) { union mips_instruction insn; unsigned long value; unsigned int res; perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); __get_user(insn.word, pc); switch (insn.i_format.opcode) { case ll_op: case lld_op: case sc_op: case scd_op: case ldl_op: case ldr_op: case lwl_op: case lwr_op: case sdl_op: case sdr_op: case swl_op: case swr_op: case lb_op: case lbu_op: case sb_op: goto sigbus; case lh_op: if (!access_ok(VERIFY_READ, addr, 2)) goto sigbus; __asm__ __volatile__ ("".set\tnoat\n"" #ifdef __BIG_ENDIAN ""1:\tlb\t%0, 0(%2)\n"" ""2:\tlbu\t$1, 1(%2)\n\t"" #endif #ifdef __LITTLE_ENDIAN ""1:\tlb\t%0, 1(%2)\n"" ""2:\tlbu\t$1, 0(%2)\n\t"" #endif ""sll\t%0, 0x8\n\t"" ""or\t%0, $1\n\t"" ""li\t%1, 0\n"" ""3:\t.set\tat\n\t"" "".section\t.fixup,\""ax\""\n\t"" ""4:\tli\t%1, %3\n\t"" ""j\t3b\n\t"" "".previous\n\t"" "".section\t__ex_table,\""a\""\n\t"" STR(PTR)""\t1b, 4b\n\t"" STR(PTR)""\t2b, 4b\n\t"" "".previous"" : ""=&r"" (value), ""=r"" (res) : ""r"" (addr), ""i"" (-EFAULT)); if (res) goto fault; compute_return_epc(regs); regs->regs[insn.i_format.rt] = value; break; case lw_op: if (!access_ok(VERIFY_READ, addr, 4)) goto sigbus; __asm__ __volatile__ ( #ifdef __BIG_ENDIAN ""1:\tlwl\t%0, (%2)\n"" ""2:\tlwr\t%0, 3(%2)\n\t"" #endif #ifdef __LITTLE_ENDIAN ""1:\tlwl\t%0, 3(%2)\n"" ""2:\tlwr\t%0, (%2)\n\t"" #endif ""li\t%1, 0\n"" ""3:\t.section\t.fixup,\""ax\""\n\t"" ""4:\tli\t%1, %3\n\t"" ""j\t3b\n\t"" "".previous\n\t"" "".section\t__ex_table,\""a\""\n\t"" STR(PTR)""\t1b, 4b\n\t"" STR(PTR)""\t2b, 4b\n\t"" "".previous"" : ""=&r"" (value), ""=r"" (res) : ""r"" (addr), ""i"" (-EFAULT)); if (res) goto fault; compute_return_epc(regs); regs->regs[insn.i_format.rt] = value; break; case lhu_op: if (!access_ok(VERIFY_READ, addr, 2)) goto sigbus; __asm__ __volatile__ ( "".set\tnoat\n"" #ifdef __BIG_ENDIAN ""1:\tlbu\t%0, 0(%2)\n"" ""2:\tlbu\t$1, 1(%2)\n\t"" #endif #ifdef __LITTLE_ENDIAN ""1:\tlbu\t%0, 1(%2)\n"" ""2:\tlbu\t$1, 0(%2)\n\t"" #endif ""sll\t%0, 0x8\n\t"" ""or\t%0, $1\n\t"" ""li\t%1, 0\n"" ""3:\t.set\tat\n\t"" "".section\t.fixup,\""ax\""\n\t"" ""4:\tli\t%1, %3\n\t"" ""j\t3b\n\t"" "".previous\n\t"" "".section\t__ex_table,\""a\""\n\t"" STR(PTR)""\t1b, 4b\n\t"" STR(PTR)""\t2b, 4b\n\t"" "".previous"" : ""=&r"" (value), ""=r"" (res) : ""r"" (addr), ""i"" (-EFAULT)); if (res) goto fault; compute_return_epc(regs); regs->regs[insn.i_format.rt] = value; break; case lwu_op: #ifdef CONFIG_64BIT if (!access_ok(VERIFY_READ, addr, 4)) goto sigbus; __asm__ __volatile__ ( #ifdef __BIG_ENDIAN ""1:\tlwl\t%0, (%2)\n"" ""2:\tlwr\t%0, 3(%2)\n\t"" #endif #ifdef __LITTLE_ENDIAN ""1:\tlwl\t%0, 3(%2)\n"" ""2:\tlwr\t%0, (%2)\n\t"" #endif ""dsll\t%0, %0, 32\n\t"" ""dsrl\t%0, %0, 32\n\t"" ""li\t%1, 0\n"" ""3:\t.section\t.fixup,\""ax\""\n\t"" ""4:\tli\t%1, %3\n\t"" ""j\t3b\n\t"" "".previous\n\t"" "".section\t__ex_table,\""a\""\n\t"" STR(PTR)""\t1b, 4b\n\t"" STR(PTR)""\t2b, 4b\n\t"" "".previous"" : ""=&r"" (value), ""=r"" (res) : ""r"" (addr), ""i"" (-EFAULT)); if (res) goto fault; compute_return_epc(regs); regs->regs[insn.i_format.rt] = value; break; #endif goto sigill; case ld_op: #ifdef CONFIG_64BIT if (!access_ok(VERIFY_READ, addr, 8)) goto sigbus; __asm__ __volatile__ ( #ifdef __BIG_ENDIAN ""1:\tldl\t%0, (%2)\n"" ""2:\tldr\t%0, 7(%2)\n\t"" #endif #ifdef __LITTLE_ENDIAN ""1:\tldl\t%0, 7(%2)\n"" ""2:\tldr\t%0, (%2)\n\t"" #endif ""li\t%1, 0\n"" ""3:\t.section\t.fixup,\""ax\""\n\t"" ""4:\tli\t%1, %3\n\t"" ""j\t3b\n\t"" "".previous\n\t"" "".section\t__ex_table,\""a\""\n\t"" STR(PTR)""\t1b, 4b\n\t"" STR(PTR)""\t2b, 4b\n\t"" "".previous"" : ""=&r"" (value), ""=r"" (res) : ""r"" (addr), ""i"" (-EFAULT)); if (res) goto fault; compute_return_epc(regs); regs->regs[insn.i_format.rt] = value; break; #endif goto sigill; case sh_op: if (!access_ok(VERIFY_WRITE, addr, 2)) goto sigbus; value = regs->regs[insn.i_format.rt]; __asm__ __volatile__ ( #ifdef __BIG_ENDIAN "".set\tnoat\n"" ""1:\tsb\t%1, 1(%2)\n\t"" ""srl\t$1, %1, 0x8\n"" ""2:\tsb\t$1, 0(%2)\n\t"" "".set\tat\n\t"" #endif #ifdef __LITTLE_ENDIAN "".set\tnoat\n"" ""1:\tsb\t%1, 0(%2)\n\t"" ""srl\t$1,%1, 0x8\n"" ""2:\tsb\t$1, 1(%2)\n\t"" "".set\tat\n\t"" #endif ""li\t%0, 0\n"" ""3:\n\t"" "".section\t.fixup,\""ax\""\n\t"" ""4:\tli\t%0, %3\n\t"" ""j\t3b\n\t"" "".previous\n\t"" "".section\t__ex_table,\""a\""\n\t"" STR(PTR)""\t1b, 4b\n\t"" STR(PTR)""\t2b, 4b\n\t"" "".previous"" : ""=r"" (res) : ""r"" (value), ""r"" (addr), ""i"" (-EFAULT)); if (res) goto fault; compute_return_epc(regs); break; case sw_op: if (!access_ok(VERIFY_WRITE, addr, 4)) goto sigbus; value = regs->regs[insn.i_format.rt]; __asm__ __volatile__ ( #ifdef __BIG_ENDIAN ""1:\tswl\t%1,(%2)\n"" ""2:\tswr\t%1, 3(%2)\n\t"" #endif #ifdef __LITTLE_ENDIAN ""1:\tswl\t%1, 3(%2)\n"" ""2:\tswr\t%1, (%2)\n\t"" #endif ""li\t%0, 0\n"" ""3:\n\t"" "".section\t.fixup,\""ax\""\n\t"" ""4:\tli\t%0, %3\n\t"" ""j\t3b\n\t"" "".previous\n\t"" "".section\t__ex_table,\""a\""\n\t"" STR(PTR)""\t1b, 4b\n\t"" STR(PTR)""\t2b, 4b\n\t"" "".previous"" : ""=r"" (res) : ""r"" (value), ""r"" (addr), ""i"" (-EFAULT)); if (res) goto fault; compute_return_epc(regs); break; case sd_op: #ifdef CONFIG_64BIT if (!access_ok(VERIFY_WRITE, addr, 8)) goto sigbus; value = regs->regs[insn.i_format.rt]; __asm__ __volatile__ ( #ifdef __BIG_ENDIAN ""1:\tsdl\t%1,(%2)\n"" ""2:\tsdr\t%1, 7(%2)\n\t"" #endif #ifdef __LITTLE_ENDIAN ""1:\tsdl\t%1, 7(%2)\n"" ""2:\tsdr\t%1, (%2)\n\t"" #endif ""li\t%0, 0\n"" ""3:\n\t"" "".section\t.fixup,\""ax\""\n\t"" ""4:\tli\t%0, %3\n\t"" ""j\t3b\n\t"" "".previous\n\t"" "".section\t__ex_table,\""a\""\n\t"" STR(PTR)""\t1b, 4b\n\t"" STR(PTR)""\t2b, 4b\n\t"" "".previous"" : ""=r"" (res) : ""r"" (value), ""r"" (addr), ""i"" (-EFAULT)); if (res) goto fault; compute_return_epc(regs); break; #endif goto sigill; case lwc1_op: case ldc1_op: case swc1_op: case sdc1_op: goto sigbus; case lwc2_op: cu2_notifier_call_chain(CU2_LWC2_OP, regs); break; case ldc2_op: cu2_notifier_call_chain(CU2_LDC2_OP, regs); break; case swc2_op: cu2_notifier_call_chain(CU2_SWC2_OP, regs); break; case sdc2_op: cu2_notifier_call_chain(CU2_SDC2_OP, regs); break; default: goto sigill; } #ifdef CONFIG_DEBUG_FS unaligned_instructions++; #endif return; fault: if (fixup_exception(regs)) return; die_if_kernel(""Unhandled kernel unaligned access"", regs); force_sig(SIGSEGV, current); return; sigbus: die_if_kernel(""Unhandled kernel unaligned access"", regs); force_sig(SIGBUS, current); return; sigill: die_if_kernel(""Unhandled kernel unaligned access or invalid instruction"", regs); force_sig(SIGILL, current); }",visit repo url,arch/mips/kernel/unaligned.c,https://github.com/torvalds/linux,104830477836212,1 5580,CWE-125,"obj2ast_arg(PyObject* obj, arg_ty* out, PyArena* arena) { PyObject* tmp = NULL; identifier arg; expr_ty annotation; string type_comment; int lineno; int col_offset; if (_PyObject_HasAttrId(obj, &PyId_arg)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_arg); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &arg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""arg\"" missing from arg""); return 1; } if (exists_not_none(obj, &PyId_annotation)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_annotation); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &annotation, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { annotation = NULL; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } if (_PyObject_HasAttrId(obj, &PyId_lineno)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_lineno); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from arg""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_col_offset)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_col_offset); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from arg""); return 1; } *out = arg(arg, annotation, type_comment, lineno, col_offset, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,91534473871733,1 216,CWE-119,"brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev, struct cfg80211_ap_settings *settings) { s32 ie_offset; struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy); struct brcmf_if *ifp = netdev_priv(ndev); const struct brcmf_tlv *ssid_ie; const struct brcmf_tlv *country_ie; struct brcmf_ssid_le ssid_le; s32 err = -EPERM; const struct brcmf_tlv *rsn_ie; const struct brcmf_vs_tlv *wpa_ie; struct brcmf_join_params join_params; enum nl80211_iftype dev_role; struct brcmf_fil_bss_enable_le bss_enable; u16 chanspec = chandef_to_chanspec(&cfg->d11inf, &settings->chandef); bool mbss; int is_11d; brcmf_dbg(TRACE, ""ctrlchn=%d, center=%d, bw=%d, beacon_interval=%d, dtim_period=%d,\n"", settings->chandef.chan->hw_value, settings->chandef.center_freq1, settings->chandef.width, settings->beacon_interval, settings->dtim_period); brcmf_dbg(TRACE, ""ssid=%s(%zu), auth_type=%d, inactivity_timeout=%d\n"", settings->ssid, settings->ssid_len, settings->auth_type, settings->inactivity_timeout); dev_role = ifp->vif->wdev.iftype; mbss = ifp->vif->mbss; brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_REGULATORY, &ifp->vif->is_11d); country_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail, settings->beacon.tail_len, WLAN_EID_COUNTRY); is_11d = country_ie ? 1 : 0; memset(&ssid_le, 0, sizeof(ssid_le)); if (settings->ssid == NULL || settings->ssid_len == 0) { ie_offset = DOT11_MGMT_HDR_LEN + DOT11_BCN_PRB_FIXED_LEN; ssid_ie = brcmf_parse_tlvs( (u8 *)&settings->beacon.head[ie_offset], settings->beacon.head_len - ie_offset, WLAN_EID_SSID); if (!ssid_ie) return -EINVAL; memcpy(ssid_le.SSID, ssid_ie->data, ssid_ie->len); ssid_le.SSID_len = cpu_to_le32(ssid_ie->len); brcmf_dbg(TRACE, ""SSID is (%s) in Head\n"", ssid_le.SSID); } else { memcpy(ssid_le.SSID, settings->ssid, settings->ssid_len); ssid_le.SSID_len = cpu_to_le32((u32)settings->ssid_len); } if (!mbss) { brcmf_set_mpc(ifp, 0); brcmf_configure_arp_nd_offload(ifp, false); } rsn_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail, settings->beacon.tail_len, WLAN_EID_RSN); wpa_ie = brcmf_find_wpaie((u8 *)settings->beacon.tail, settings->beacon.tail_len); if ((wpa_ie != NULL || rsn_ie != NULL)) { brcmf_dbg(TRACE, ""WPA(2) IE is found\n""); if (wpa_ie != NULL) { err = brcmf_configure_wpaie(ifp, wpa_ie, false); if (err < 0) goto exit; } else { struct brcmf_vs_tlv *tmp_ie; tmp_ie = (struct brcmf_vs_tlv *)rsn_ie; err = brcmf_configure_wpaie(ifp, tmp_ie, true); if (err < 0) goto exit; } } else { brcmf_dbg(TRACE, ""No WPA(2) IEs found\n""); brcmf_configure_opensecurity(ifp); } brcmf_config_ap_mgmt_ie(ifp->vif, &settings->beacon); if (!mbss) { if (is_11d != ifp->vif->is_11d) { err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY, is_11d); if (err < 0) { brcmf_err(""Regulatory Set Error, %d\n"", err); goto exit; } } if (settings->beacon_interval) { err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD, settings->beacon_interval); if (err < 0) { brcmf_err(""Beacon Interval Set Error, %d\n"", err); goto exit; } } if (settings->dtim_period) { err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_DTIMPRD, settings->dtim_period); if (err < 0) { brcmf_err(""DTIM Interval Set Error, %d\n"", err); goto exit; } } if ((dev_role == NL80211_IFTYPE_AP) && ((ifp->ifidx == 0) || !brcmf_feat_is_enabled(ifp, BRCMF_FEAT_RSDB))) { err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1); if (err < 0) { brcmf_err(""BRCMF_C_DOWN error %d\n"", err); goto exit; } brcmf_fil_iovar_int_set(ifp, ""apsta"", 0); } err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 1); if (err < 0) { brcmf_err(""SET INFRA error %d\n"", err); goto exit; } } else if (WARN_ON(is_11d != ifp->vif->is_11d)) { err = -EINVAL; goto exit; } if (dev_role == NL80211_IFTYPE_AP) { if ((brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) && (!mbss)) brcmf_fil_iovar_int_set(ifp, ""mbss"", 1); err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 1); if (err < 0) { brcmf_err(""setting AP mode failed %d\n"", err); goto exit; } if (!mbss) { err = brcmf_fil_iovar_int_set(ifp, ""chanspec"", chanspec); if (err < 0) { brcmf_err(""Set Channel failed: chspec=%d, %d\n"", chanspec, err); goto exit; } } err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1); if (err < 0) { brcmf_err(""BRCMF_C_UP error (%d)\n"", err); goto exit; } brcmf_cfg80211_reconfigure_wep(ifp); memset(&join_params, 0, sizeof(join_params)); memcpy(&join_params.ssid_le, &ssid_le, sizeof(ssid_le)); err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID, &join_params, sizeof(join_params)); if (err < 0) { brcmf_err(""SET SSID error (%d)\n"", err); goto exit; } if (settings->hidden_ssid) { err = brcmf_fil_iovar_int_set(ifp, ""closednet"", 1); if (err) { brcmf_err(""closednet error (%d)\n"", err); goto exit; } } brcmf_dbg(TRACE, ""AP mode configuration complete\n""); } else if (dev_role == NL80211_IFTYPE_P2P_GO) { err = brcmf_fil_iovar_int_set(ifp, ""chanspec"", chanspec); if (err < 0) { brcmf_err(""Set Channel failed: chspec=%d, %d\n"", chanspec, err); goto exit; } err = brcmf_fil_bsscfg_data_set(ifp, ""ssid"", &ssid_le, sizeof(ssid_le)); if (err < 0) { brcmf_err(""setting ssid failed %d\n"", err); goto exit; } bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx); bss_enable.enable = cpu_to_le32(1); err = brcmf_fil_iovar_data_set(ifp, ""bss"", &bss_enable, sizeof(bss_enable)); if (err < 0) { brcmf_err(""bss_enable config failed %d\n"", err); goto exit; } brcmf_dbg(TRACE, ""GO mode configuration complete\n""); } else { WARN_ON(1); } set_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state); brcmf_net_setcarrier(ifp, true); exit: if ((err) && (!mbss)) { brcmf_set_mpc(ifp, 1); brcmf_configure_arp_nd_offload(ifp, true); } return err; }",visit repo url,drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c,https://github.com/torvalds/linux,70244846225670,1 3459,CWE-362,"int ha_myisam::repair(THD *thd, MI_CHECK ¶m, bool do_optimize) { int error=0; uint local_testflag=param.testflag; bool optimize_done= !do_optimize, statistics_done=0; const char *old_proc_info=thd->proc_info; char fixed_name[FN_REFLEN]; MYISAM_SHARE* share = file->s; ha_rows rows= file->state->records; DBUG_ENTER(""ha_myisam::repair""); param.db_name= table->s->db.str; param.table_name= table->alias; param.using_global_keycache = 1; param.thd= thd; param.tmpdir= &mysql_tmpdir_list; param.out_flag= 0; strmov(fixed_name,file->filename); ha_release_temporary_latches(thd); if (! thd->locked_tables_mode && mi_lock_database(file, table->s->tmp_table ? F_EXTRA_LCK : F_WRLCK)) { mi_check_print_error(¶m,ER(ER_CANT_LOCK),my_errno); DBUG_RETURN(HA_ADMIN_FAILED); } if (!do_optimize || ((file->state->del || share->state.split != file->state->records) && (!(param.testflag & T_QUICK) || !(share->state.changed & STATE_NOT_OPTIMIZED_KEYS)))) { ulonglong key_map= ((local_testflag & T_CREATE_MISSING_KEYS) ? mi_get_mask_all_keys_active(share->base.keys) : share->state.key_map); uint testflag=param.testflag; #ifdef HAVE_MMAP bool remap= test(share->file_map); if (remap) mi_munmap_file(file); #endif if (mi_test_if_sort_rep(file,file->state->records,key_map,0) && (local_testflag & T_REP_BY_SORT)) { local_testflag|= T_STATISTICS; param.testflag|= T_STATISTICS; statistics_done=1; if (THDVAR(thd, repair_threads)>1) { char buf[40]; my_snprintf(buf, 40, ""Repair with %d threads"", my_count_bits(key_map)); thd_proc_info(thd, buf); error = mi_repair_parallel(¶m, file, fixed_name, param.testflag & T_QUICK); thd_proc_info(thd, ""Repair done""); } else { thd_proc_info(thd, ""Repair by sorting""); error = mi_repair_by_sort(¶m, file, fixed_name, param.testflag & T_QUICK); } } else { thd_proc_info(thd, ""Repair with keycache""); param.testflag &= ~T_REP_BY_SORT; error= mi_repair(¶m, file, fixed_name, param.testflag & T_QUICK); } #ifdef HAVE_MMAP if (remap) mi_dynmap_file(file, file->state->data_file_length); #endif param.testflag=testflag; optimize_done=1; } if (!error) { if ((local_testflag & T_SORT_INDEX) && (share->state.changed & STATE_NOT_SORTED_PAGES)) { optimize_done=1; thd_proc_info(thd, ""Sorting index""); error=mi_sort_index(¶m,file,fixed_name); } if (!statistics_done && (local_testflag & T_STATISTICS)) { if (share->state.changed & STATE_NOT_ANALYZED) { optimize_done=1; thd_proc_info(thd, ""Analyzing""); error = chk_key(¶m, file); } else local_testflag&= ~T_STATISTICS; } } thd_proc_info(thd, ""Saving state""); if (!error) { if ((share->state.changed & STATE_CHANGED) || mi_is_crashed(file)) { share->state.changed&= ~(STATE_CHANGED | STATE_CRASHED | STATE_CRASHED_ON_REPAIR); file->update|=HA_STATE_CHANGED | HA_STATE_ROW_CHANGED; } if (file->state != &file->s->state.state) file->s->state.state = *file->state; if (file->s->base.auto_key) update_auto_increment_key(¶m, file, 1); if (optimize_done) error = update_state_info(¶m, file, UPDATE_TIME | UPDATE_OPEN_COUNT | (local_testflag & T_STATISTICS ? UPDATE_STAT : 0)); info(HA_STATUS_NO_LOCK | HA_STATUS_TIME | HA_STATUS_VARIABLE | HA_STATUS_CONST); if (rows != file->state->records && ! (param.testflag & T_VERY_SILENT)) { char llbuff[22],llbuff2[22]; mi_check_print_warning(¶m,""Number of rows changed from %s to %s"", llstr(rows,llbuff), llstr(file->state->records,llbuff2)); } } else { mi_mark_crashed_on_repair(file); file->update |= HA_STATE_CHANGED | HA_STATE_ROW_CHANGED; update_state_info(¶m, file, 0); } thd_proc_info(thd, old_proc_info); if (! thd->locked_tables_mode) mi_lock_database(file,F_UNLCK); DBUG_RETURN(error ? HA_ADMIN_FAILED : !optimize_done ? HA_ADMIN_ALREADY_DONE : HA_ADMIN_OK); }",visit repo url,storage/myisam/ha_myisam.cc,https://github.com/mysql/mysql-server,86599158725404,1 1126,CWE-362,"static struct ip_options *tcp_v4_save_options(struct sock *sk, struct sk_buff *skb) { struct ip_options *opt = &(IPCB(skb)->opt); struct ip_options *dopt = NULL; if (opt && opt->optlen) { int opt_size = optlength(opt); dopt = kmalloc(opt_size, GFP_ATOMIC); if (dopt) { if (ip_options_echo(dopt, skb)) { kfree(dopt); dopt = NULL; } } } return dopt; }",visit repo url,net/ipv4/tcp_ipv4.c,https://github.com/torvalds/linux,246302981106498,1 3827,['CWE-120'],"static int __init uvc_init(void) { int result; INIT_LIST_HEAD(&uvc_driver.devices); INIT_LIST_HEAD(&uvc_driver.controls); mutex_init(&uvc_driver.open_mutex); mutex_init(&uvc_driver.ctrl_mutex); uvc_ctrl_init(); result = usb_register(&uvc_driver.driver); if (result == 0) printk(KERN_INFO DRIVER_DESC "" ("" DRIVER_VERSION "")\n""); return result; }",linux-2.6,,,108397049106568876874065466379544564461,0 5662,CWE-415,"usm_free_usmStateReference(void *old) { struct usmStateReference *old_ref = (struct usmStateReference *) old; if (old_ref) { if (old_ref->usr_name_length) SNMP_FREE(old_ref->usr_name); if (old_ref->usr_engine_id_length) SNMP_FREE(old_ref->usr_engine_id); if (old_ref->usr_auth_protocol_length) SNMP_FREE(old_ref->usr_auth_protocol); if (old_ref->usr_priv_protocol_length) SNMP_FREE(old_ref->usr_priv_protocol); if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) { SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length); SNMP_FREE(old_ref->usr_auth_key); } if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) { SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length); SNMP_FREE(old_ref->usr_priv_key); } SNMP_ZERO(old_ref, sizeof(*old_ref)); SNMP_FREE(old_ref); } } ",visit repo url,snmplib/snmpusm.c,https://github.com/net-snmp/net-snmp,77485600668044,1 6119,['CWE-200'],"static int cbq_dump(struct Qdisc *sch, struct sk_buff *skb) { struct cbq_sched_data *q = qdisc_priv(sch); unsigned char *b = skb->tail; struct rtattr *rta; rta = (struct rtattr*)b; RTA_PUT(skb, TCA_OPTIONS, 0, NULL); if (cbq_dump_attr(skb, &q->link) < 0) goto rtattr_failure; rta->rta_len = skb->tail - b; return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,223292219180890826982570853870907061818,0 6504,CWE-787,"void sealHexSEK(int *errStatus, char *errString, uint8_t *encrypted_sek, uint32_t *enc_len, char *sek_hex) { CALL_ONCE LOG_INFO(__FUNCTION__); INIT_ERROR_STATE CHECK_STATE(encrypted_sek); CHECK_STATE(sek_hex); CHECK_STATE(strnlen(sek_hex, 33) == 32) uint64_t plaintextLen = strlen(sek_hex) + 1; uint64_t sealedLen = sgx_calc_sealed_data_size(0, plaintextLen); sgx_attributes_t attribute_mask; attribute_mask.flags = 0xfffffffffffffff3; attribute_mask.xfrm = 0x0; sgx_misc_select_t misc = 0xF0000000; sgx_status_t status = sgx_seal_data_ex(SGX_KEYPOLICY_MRENCLAVE, attribute_mask, misc, 0, NULL, plaintextLen, (uint8_t *) sek_hex, sealedLen, (sgx_sealed_data_t *) encrypted_sek); CHECK_STATUS(""seal SEK failed after SEK generation""); uint32_t encrypt_text_length = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)encrypted_sek); CHECK_STATE(encrypt_text_length = plaintextLen); SAFE_CHAR_BUF(unsealedKey, BUF_LEN); uint32_t decLen = BUF_LEN; uint32_t add_text_length = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)encrypted_sek); CHECK_STATE(add_text_length == 0); CHECK_STATE(sgx_is_within_enclave(encrypted_sek,sizeof(sgx_sealed_data_t))); status = sgx_unseal_data((const sgx_sealed_data_t *)encrypted_sek, NULL, NULL, (uint8_t *) unsealedKey, &decLen ); CHECK_STATUS(""seal/unseal SEK failed after SEK generation in unseal""); *enc_len = sealedLen; SET_SUCCESS clean: LOG_INFO(__FUNCTION__ ); LOG_INFO(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,247103979598111,1 6701,CWE-90,"errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx, const char *input, char **sanitized, const char *ignore) { char *output; size_t i = 0; size_t j = 0; char *allowed; output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1); if (!output) { return ENOMEM; } while (input[i]) { if (ignore == NULL) { allowed = NULL; } else { allowed = strchr(ignore, input[i]); } if (allowed) { output[j++] = input[i++]; continue; } switch(input[i]) { case '\t': output[j++] = '\\'; output[j++] = '0'; output[j++] = '9'; break; case ' ': output[j++] = '\\'; output[j++] = '2'; output[j++] = '0'; break; case '*': output[j++] = '\\'; output[j++] = '2'; output[j++] = 'a'; break; case '(': output[j++] = '\\'; output[j++] = '2'; output[j++] = '8'; break; case ')': output[j++] = '\\'; output[j++] = '2'; output[j++] = '9'; break; case '\\': output[j++] = '\\'; output[j++] = '5'; output[j++] = 'c'; break; case '\r': output[j++] = '\\'; output[j++] = '0'; output[j++] = 'd'; break; case '\n': output[j++] = '\\'; output[j++] = '0'; output[j++] = 'a'; break; default: output[j++] = input[i]; } i++; } output[j] = '\0'; *sanitized = talloc_realloc(mem_ctx, output, char, j+1); if (!*sanitized) { talloc_free(output); return ENOMEM; } return EOK; }",visit repo url,src/util/util.c,https://github.com/SSSD/sssd,275586090574277,1 2118,['CWE-119'],"static inline unsigned long get_desc_base(const struct desc_struct *desc) { return desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24); }",linux-2.6,,,295419287373361735188143854302481853365,0 3226,CWE-125,"l_strnstart(const char *tstr1, u_int tl1, const char *str2, u_int l2) { if (tl1 > l2) return 0; return (strncmp(tstr1, str2, tl1) == 0 ? 1 : 0); }",visit repo url,print-beep.c,https://github.com/the-tcpdump-group/tcpdump,278199812514855,1 4679,['CWE-399'],"static int ext4_journalled_set_page_dirty(struct page *page) { SetPageChecked(page); return __set_page_dirty_nobuffers(page); }",linux-2.6,,,124425457855865858517799009112989267745,0 2274,NVD-CWE-Other,"static ext4_io_end_t *ext4_init_io_end (struct inode *inode) { ext4_io_end_t *io = NULL; io = kmalloc(sizeof(*io), GFP_NOFS); if (io) { igrab(inode); io->inode = inode; io->flag = 0; io->offset = 0; io->size = 0; io->error = 0; INIT_WORK(&io->work, ext4_end_io_work); INIT_LIST_HEAD(&io->list); } return io; }",visit repo url,fs/ext4/inode.c,https://github.com/torvalds/linux,79042191870799,1 2596,CWE-119,"rad_get_vendor_attr(u_int32_t *vendor, const void **data, size_t *len) { struct vendor_attribute *attr; attr = (struct vendor_attribute *)*data; *vendor = ntohl(attr->vendor_value); *data = attr->attrib_data; *len = attr->attrib_len - 2; return (attr->attrib_type); }",visit repo url,radlib.c,https://github.com/LawnGnome/php-radius,237226727733053,1 901,['CWE-200'],"static void shmem_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) { if (!IS_ERR(nd_get_link(nd))) { struct page *page = cookie; kunmap(page); mark_page_accessed(page); page_cache_release(page); } }",linux-2.6,,,16477256819279175270884575281757554812,0 4305,['CWE-264'],"void __put_task_struct(struct task_struct *tsk) { WARN_ON(!tsk->exit_state); WARN_ON(atomic_read(&tsk->usage)); WARN_ON(tsk == current); put_cred(tsk->real_cred); put_cred(tsk->cred); delayacct_tsk_free(tsk); if (!profile_handoff_task(tsk)) free_task(tsk); }",linux-2.6,,,266254595506837959547452088453364844485,0 4095,CWE-835,"gsm_xsmp_client_connect (GsmXSMPClient *client, SmsConn conn, unsigned long *mask_ret, SmsCallbacks *callbacks_ret) { client->priv->conn = conn; if (client->priv->protocol_timeout) { g_source_remove (client->priv->protocol_timeout); client->priv->protocol_timeout = 0; } g_debug (""GsmXSMPClient: Initializing client %s"", client->priv->description); *mask_ret = 0; *mask_ret |= SmsRegisterClientProcMask; callbacks_ret->register_client.callback = register_client_callback; callbacks_ret->register_client.manager_data = client; *mask_ret |= SmsInteractRequestProcMask; callbacks_ret->interact_request.callback = interact_request_callback; callbacks_ret->interact_request.manager_data = client; *mask_ret |= SmsInteractDoneProcMask; callbacks_ret->interact_done.callback = interact_done_callback; callbacks_ret->interact_done.manager_data = client; *mask_ret |= SmsSaveYourselfRequestProcMask; callbacks_ret->save_yourself_request.callback = save_yourself_request_callback; callbacks_ret->save_yourself_request.manager_data = client; *mask_ret |= SmsSaveYourselfP2RequestProcMask; callbacks_ret->save_yourself_phase2_request.callback = save_yourself_phase2_request_callback; callbacks_ret->save_yourself_phase2_request.manager_data = client; *mask_ret |= SmsSaveYourselfDoneProcMask; callbacks_ret->save_yourself_done.callback = save_yourself_done_callback; callbacks_ret->save_yourself_done.manager_data = client; *mask_ret |= SmsCloseConnectionProcMask; callbacks_ret->close_connection.callback = close_connection_callback; callbacks_ret->close_connection.manager_data = client; *mask_ret |= SmsSetPropertiesProcMask; callbacks_ret->set_properties.callback = set_properties_callback; callbacks_ret->set_properties.manager_data = client; *mask_ret |= SmsDeletePropertiesProcMask; callbacks_ret->delete_properties.callback = delete_properties_callback; callbacks_ret->delete_properties.manager_data = client; *mask_ret |= SmsGetPropertiesProcMask; callbacks_ret->get_properties.callback = get_properties_callback; callbacks_ret->get_properties.manager_data = client; }",visit repo url,gnome-session/gsm-xsmp-client.c,https://github.com/GNOME/gnome-session,12364670057529,1 5438,CWE-787,"int amqp_handle_input(amqp_connection_state_t state, amqp_bytes_t received_data, amqp_frame_t *decoded_frame) { size_t bytes_consumed; void *raw_frame; decoded_frame->frame_type = 0; if (received_data.len == 0) { return AMQP_STATUS_OK; } if (state->state == CONNECTION_STATE_IDLE) { state->state = CONNECTION_STATE_HEADER; } bytes_consumed = consume_data(state, &received_data); if (state->inbound_offset < state->target_size) { return (int)bytes_consumed; } raw_frame = state->inbound_buffer.bytes; switch (state->state) { case CONNECTION_STATE_INITIAL: if (memcmp(raw_frame, ""AMQP"", 4) == 0) { decoded_frame->frame_type = AMQP_PSEUDOFRAME_PROTOCOL_HEADER; decoded_frame->channel = 0; decoded_frame->payload.protocol_header.transport_high = amqp_d8(amqp_offset(raw_frame, 4)); decoded_frame->payload.protocol_header.transport_low = amqp_d8(amqp_offset(raw_frame, 5)); decoded_frame->payload.protocol_header.protocol_version_major = amqp_d8(amqp_offset(raw_frame, 6)); decoded_frame->payload.protocol_header.protocol_version_minor = amqp_d8(amqp_offset(raw_frame, 7)); return_to_idle(state); return (int)bytes_consumed; } case CONNECTION_STATE_HEADER: { amqp_channel_t channel; amqp_pool_t *channel_pool; channel = amqp_d16(amqp_offset(raw_frame, 1)); state->target_size = amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE; if ((size_t)state->frame_max < state->target_size) { return AMQP_STATUS_BAD_AMQP_DATA; } channel_pool = amqp_get_or_create_channel_pool(state, channel); if (NULL == channel_pool) { return AMQP_STATUS_NO_MEMORY; } amqp_pool_alloc_bytes(channel_pool, state->target_size, &state->inbound_buffer); if (NULL == state->inbound_buffer.bytes) { return AMQP_STATUS_NO_MEMORY; } memcpy(state->inbound_buffer.bytes, state->header_buffer, HEADER_SIZE); raw_frame = state->inbound_buffer.bytes; state->state = CONNECTION_STATE_BODY; bytes_consumed += consume_data(state, &received_data); if (state->inbound_offset < state->target_size) { return (int)bytes_consumed; } } case CONNECTION_STATE_BODY: { amqp_bytes_t encoded; int res; amqp_pool_t *channel_pool; if (amqp_d8(amqp_offset(raw_frame, state->target_size - 1)) != AMQP_FRAME_END) { return AMQP_STATUS_BAD_AMQP_DATA; } decoded_frame->frame_type = amqp_d8(amqp_offset(raw_frame, 0)); decoded_frame->channel = amqp_d16(amqp_offset(raw_frame, 1)); channel_pool = amqp_get_or_create_channel_pool(state, decoded_frame->channel); if (NULL == channel_pool) { return AMQP_STATUS_NO_MEMORY; } switch (decoded_frame->frame_type) { case AMQP_FRAME_METHOD: decoded_frame->payload.method.id = amqp_d32(amqp_offset(raw_frame, HEADER_SIZE)); encoded.bytes = amqp_offset(raw_frame, HEADER_SIZE + 4); encoded.len = state->target_size - HEADER_SIZE - 4 - FOOTER_SIZE; res = amqp_decode_method(decoded_frame->payload.method.id, channel_pool, encoded, &decoded_frame->payload.method.decoded); if (res < 0) { return res; } break; case AMQP_FRAME_HEADER: decoded_frame->payload.properties.class_id = amqp_d16(amqp_offset(raw_frame, HEADER_SIZE)); decoded_frame->payload.properties.body_size = amqp_d64(amqp_offset(raw_frame, HEADER_SIZE + 4)); encoded.bytes = amqp_offset(raw_frame, HEADER_SIZE + 12); encoded.len = state->target_size - HEADER_SIZE - 12 - FOOTER_SIZE; decoded_frame->payload.properties.raw = encoded; res = amqp_decode_properties( decoded_frame->payload.properties.class_id, channel_pool, encoded, &decoded_frame->payload.properties.decoded); if (res < 0) { return res; } break; case AMQP_FRAME_BODY: decoded_frame->payload.body_fragment.len = state->target_size - HEADER_SIZE - FOOTER_SIZE; decoded_frame->payload.body_fragment.bytes = amqp_offset(raw_frame, HEADER_SIZE); break; case AMQP_FRAME_HEARTBEAT: break; default: decoded_frame->frame_type = 0; break; } return_to_idle(state); return (int)bytes_consumed; } default: amqp_abort(""Internal error: invalid amqp_connection_state_t->state %d"", state->state); } }",visit repo url,librabbitmq/amqp_connection.c,https://github.com/alanxz/rabbitmq-c,199227209344626,1 3296,CWE-476,"static int add_push_report_sideband_pkt(git_push *push, git_pkt_data *data_pkt, git_buf *data_pkt_buf) { git_pkt *pkt; const char *line, *line_end = NULL; size_t line_len; int error; int reading_from_buf = data_pkt_buf->size > 0; if (reading_from_buf) { git_buf_put(data_pkt_buf, data_pkt->data, data_pkt->len); line = data_pkt_buf->ptr; line_len = data_pkt_buf->size; } else { line = data_pkt->data; line_len = data_pkt->len; } while (line_len > 0) { error = git_pkt_parse_line(&pkt, line, &line_end, line_len); if (error == GIT_EBUFS) { if (!reading_from_buf) git_buf_put(data_pkt_buf, line, line_len); error = 0; goto done; } else if (error < 0) goto done; line_len -= (line_end - line); line = line_end; if (pkt == NULL) continue; error = add_push_report_pkt(push, pkt); git_pkt_free(pkt); if (error < 0 && error != GIT_ITEROVER) goto done; } error = 0; done: if (reading_from_buf) git_buf_consume(data_pkt_buf, line_end); return error; }",visit repo url,src/transports/smart_protocol.c,https://github.com/libgit2/libgit2,125384900721350,1 1353,['CWE-399'],"static void sit_exit_net(struct net *net) { struct sit_net *sitn; sitn = net_generic(net, sit_net_id); rtnl_lock(); sit_destroy_tunnels(sitn); unregister_netdevice(sitn->fb_tunnel_dev); rtnl_unlock(); kfree(sitn); }",linux-2.6,,,136983634834489839148422314106689973937,0 1231,[],"m4_errprint (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 2, -1)) return; dump_args (obs, argc, argv, "" "", false); obstack_1grow (obs, '\0'); debug_flush_files (); xfprintf (stderr, ""%s"", (char *) obstack_finish (obs)); fflush (stderr); }",m4,,,172730516335655307943575423445126559219,0 4873,['CWE-189'],"static int ecryptfs_calculate_md5(char *dst, struct ecryptfs_crypt_stat *crypt_stat, char *src, int len) { struct scatterlist sg; struct hash_desc desc = { .tfm = crypt_stat->hash_tfm, .flags = CRYPTO_TFM_REQ_MAY_SLEEP }; int rc = 0; mutex_lock(&crypt_stat->cs_hash_tfm_mutex); sg_init_one(&sg, (u8 *)src, len); if (!desc.tfm) { desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(desc.tfm)) { rc = PTR_ERR(desc.tfm); ecryptfs_printk(KERN_ERR, ""Error attempting to "" ""allocate crypto context; rc = [%d]\n"", rc); goto out; } crypt_stat->hash_tfm = desc.tfm; } rc = crypto_hash_init(&desc); if (rc) { printk(KERN_ERR ""%s: Error initializing crypto hash; rc = [%d]\n"", __func__, rc); goto out; } rc = crypto_hash_update(&desc, &sg, len); if (rc) { printk(KERN_ERR ""%s: Error updating crypto hash; rc = [%d]\n"", __func__, rc); goto out; } rc = crypto_hash_final(&desc, dst); if (rc) { printk(KERN_ERR ""%s: Error finalizing crypto hash; rc = [%d]\n"", __func__, rc); goto out; } out: mutex_unlock(&crypt_stat->cs_hash_tfm_mutex); return rc; }",linux-2.6,,,191774055951855200143392096436885601671,0 4396,CWE-476,"compile_length_bag_node(BagNode* node, regex_t* reg) { int len; int tlen; if (node->type == BAG_OPTION) return compile_length_option_node(node, reg); if (NODE_BAG_BODY(node)) { tlen = compile_length_tree(NODE_BAG_BODY(node), reg); if (tlen < 0) return tlen; } else tlen = 0; switch (node->type) { case BAG_MEMORY: #ifdef USE_CALL if (node->m.regnum == 0 && NODE_IS_CALLED(node)) { len = tlen + SIZE_OP_CALL + SIZE_OP_JUMP + SIZE_OP_RETURN; return len; } if (NODE_IS_CALLED(node)) { len = SIZE_OP_MEMORY_START_PUSH + tlen + SIZE_OP_CALL + SIZE_OP_JUMP + SIZE_OP_RETURN; if (MEM_STATUS_AT0(reg->bt_mem_end, node->m.regnum)) len += (NODE_IS_RECURSION(node) ? SIZE_OP_MEMORY_END_PUSH_REC : SIZE_OP_MEMORY_END_PUSH); else len += (NODE_IS_RECURSION(node) ? SIZE_OP_MEMORY_END_REC : SIZE_OP_MEMORY_END); } else if (NODE_IS_RECURSION(node)) { len = SIZE_OP_MEMORY_START_PUSH; len += tlen + (MEM_STATUS_AT0(reg->bt_mem_end, node->m.regnum) ? SIZE_OP_MEMORY_END_PUSH_REC : SIZE_OP_MEMORY_END_REC); } else #endif { if (MEM_STATUS_AT0(reg->bt_mem_start, node->m.regnum)) len = SIZE_OP_MEMORY_START_PUSH; else len = SIZE_OP_MEMORY_START; len += tlen + (MEM_STATUS_AT0(reg->bt_mem_end, node->m.regnum) ? SIZE_OP_MEMORY_END_PUSH : SIZE_OP_MEMORY_END); } break; case BAG_STOP_BACKTRACK: if (NODE_IS_STOP_BT_SIMPLE_REPEAT(node)) { int v; QuantNode* qn; qn = QUANT_(NODE_BAG_BODY(node)); tlen = compile_length_tree(NODE_QUANT_BODY(qn), reg); if (tlen < 0) return tlen; v = onig_positive_int_multiply(qn->lower, tlen); if (v < 0) return ONIGERR_TOO_BIG_NUMBER_FOR_REPEAT_RANGE; len = v + SIZE_OP_PUSH + tlen + SIZE_OP_POP_OUT + SIZE_OP_JUMP; } else { len = SIZE_OP_ATOMIC_START + tlen + SIZE_OP_ATOMIC_END; } break; case BAG_IF_ELSE: { Node* cond = NODE_BAG_BODY(node); Node* Then = node->te.Then; Node* Else = node->te.Else; len = compile_length_tree(cond, reg); if (len < 0) return len; len += SIZE_OP_PUSH; len += SIZE_OP_ATOMIC_START + SIZE_OP_ATOMIC_END; if (IS_NOT_NULL(Then)) { tlen = compile_length_tree(Then, reg); if (tlen < 0) return tlen; len += tlen; } if (IS_NOT_NULL(Else)) { len += SIZE_OP_JUMP; tlen = compile_length_tree(Else, reg); if (tlen < 0) return tlen; len += tlen; } } break; case BAG_OPTION: len = 0; break; } return len; }",visit repo url,src/regcomp.c,https://github.com/kkos/oniguruma,133744789076644,1 2817,[],"static int dio_bio_end_aio(struct bio *bio, unsigned int bytes_done, int error) { struct dio *dio = bio->bi_private; unsigned long remaining; unsigned long flags; if (bio->bi_size) return 1; dio_bio_complete(dio, bio); spin_lock_irqsave(&dio->bio_lock, flags); remaining = --dio->refcount; if (remaining == 1 && dio->waiter) wake_up_process(dio->waiter); spin_unlock_irqrestore(&dio->bio_lock, flags); if (remaining == 0) { int ret = dio_complete(dio, dio->iocb->ki_pos, 0); aio_complete(dio->iocb, ret, 0); kfree(dio); } return 0; }",linux-2.6,,,332736481109182988645168744918369540220,0 5211,['CWE-20'],"static bool tr_valid(struct kvm_vcpu *vcpu) { struct kvm_segment tr; vmx_get_segment(vcpu, &tr, VCPU_SREG_TR); if (tr.unusable) return false; if (tr.selector & SELECTOR_TI_MASK) return false; if (tr.type != 3 && tr.type != 11) return false; if (!tr.present) return false; return true; }",linux-2.6,,,33096818074330284485554039875113378380,0 3230,CWE-125,"wb_prep(netdissect_options *ndo, const struct pkt_prep *prep, u_int len) { int n; const struct pgstate *ps; const u_char *ep = ndo->ndo_snapend; ND_PRINT((ndo, "" wb-prep:"")); if (len < sizeof(*prep)) { return (-1); } n = EXTRACT_32BITS(&prep->pp_n); ps = (const struct pgstate *)(prep + 1); while (--n >= 0 && ND_TTEST(*ps)) { const struct id_off *io, *ie; char c = '<'; ND_PRINT((ndo, "" %u/%s:%u"", EXTRACT_32BITS(&ps->slot), ipaddr_string(ndo, &ps->page.p_sid), EXTRACT_32BITS(&ps->page.p_uid))); io = (const struct id_off *)(ps + 1); for (ie = io + ps->nid; io < ie && ND_TTEST(*io); ++io) { ND_PRINT((ndo, ""%c%s:%u"", c, ipaddr_string(ndo, &io->id), EXTRACT_32BITS(&io->off))); c = ','; } ND_PRINT((ndo, "">"")); ps = (const struct pgstate *)io; } return ((const u_char *)ps <= ep? 0 : -1); }",visit repo url,print-wb.c,https://github.com/the-tcpdump-group/tcpdump,244214410356634,1 4785,CWE-119,"static int tcos_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { sc_context_t *ctx; sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; unsigned int i; int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x04); switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) return SC_ERROR_INVALID_ARGUMENTS; case SC_PATH_TYPE_FROM_CURRENT: apdu.p1 = 9; break; case SC_PATH_TYPE_DF_NAME: apdu.p1 = 4; break; case SC_PATH_TYPE_PATH: apdu.p1 = 8; if (pathlen >= 2 && memcmp(path, ""\x3F\x00"", 2) == 0) path += 2, pathlen -= 2; if (pathlen == 0) apdu.p1 = 0; break; case SC_PATH_TYPE_PARENT: apdu.p1 = 3; pathlen = 0; break; default: SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; apdu.lc = pathlen; apdu.data = path; apdu.datalen = pathlen; if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); apdu.le = 256; } else { apdu.resplen = 0; apdu.le = 0; apdu.p2 = 0x0C; apdu.cse = (pathlen == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; } r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, ""APDU transmit failed""); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""received invalid template %02X\n"", apdu.resp[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); *file_out = file; file->path = *in_path; for(i=2; i+1size=0; for(j=0; jsize = (file->size<<8) | d[j]; break; case 0x82: file->shareable = (d[0] & 0x40) ? 1 : 0; file->ef_structure = d[0] & 7; switch ((d[0]>>3) & 7) { case 0: file->type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""invalid file type %02X in file descriptor\n"", d[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: file->id = (d[0]<<8) | d[1]; break; case 0x84: memcpy(file->name, d, len); file->namelen = len; break; case 0x86: sc_file_set_sec_attr(file, d, len); break; default: if (len>0) sc_file_set_prop_attr(file, d, len); } } file->magic = SC_FILE_MAGIC; parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len); return 0; }",visit repo url,src/libopensc/card-tcos.c,https://github.com/OpenSC/OpenSC,13139987058975,1 1220,['CWE-20'],"CairoFont::getFontFace(void) { return cairo_font_face; }",poppler,,,323015100661207937116175854641991929127,0 3805,CWE-787,"block_insert( oparg_T *oap, char_u *s, int b_insert, struct block_def *bdp) { int ts_val; int count = 0; int spaces = 0; colnr_T offset; colnr_T startcol; unsigned s_len; char_u *newp, *oldp; linenr_T lnum; int oldstate = State; State = INSERT; s_len = (unsigned)STRLEN(s); for (lnum = oap->start.lnum + 1; lnum <= oap->end.lnum; lnum++) { block_prep(oap, bdp, lnum, TRUE); if (bdp->is_short && b_insert) continue; oldp = ml_get(lnum); if (b_insert) { ts_val = bdp->start_char_vcols; spaces = bdp->startspaces; if (spaces != 0) count = ts_val - 1; offset = bdp->textcol; } else { ts_val = bdp->end_char_vcols; if (!bdp->is_short) { spaces = (bdp->endspaces ? ts_val - bdp->endspaces : 0); if (spaces != 0) count = ts_val - 1; offset = bdp->textcol + bdp->textlen - (spaces != 0); } else { if (!bdp->is_MAX) spaces = (oap->end_vcol - bdp->end_vcol) + 1; count = spaces; offset = bdp->textcol + bdp->textlen; } } if (has_mbyte && spaces > 0) { int off; if (b_insert) { off = (*mb_head_off)(oldp, oldp + offset + spaces); spaces -= off; count -= off; } else { off = (*mb_head_off)(oldp, oldp + offset); offset -= off; } } if (spaces < 0) spaces = 0; newp = alloc(STRLEN(oldp) + spaces + s_len + (spaces > 0 && !bdp->is_short ? ts_val - spaces : 0) + count + 1); if (newp == NULL) continue; mch_memmove(newp, oldp, (size_t)offset); oldp += offset; vim_memset(newp + offset, ' ', (size_t)spaces); startcol = offset + spaces; mch_memmove(newp + startcol, s, (size_t)s_len); offset += s_len; if (spaces > 0 && !bdp->is_short) { if (*oldp == TAB) { vim_memset(newp + offset + spaces, ' ', (size_t)(ts_val - spaces)); oldp++; count++; } else count = spaces; } if (spaces > 0) offset += count; STRMOVE(newp + offset, oldp); ml_replace(lnum, newp, FALSE); if (b_insert) inserted_bytes(lnum, startcol, s_len); if (lnum == oap->end.lnum) { curbuf->b_op_end.lnum = oap->end.lnum; curbuf->b_op_end.col = offset; } } changed_lines(oap->start.lnum + 1, 0, oap->end.lnum + 1, 0L); State = oldstate; }",visit repo url,src/ops.c,https://github.com/vim/vim,14850814749322,1 1768,CWE-119,"static bool check_underflow(const struct ipt_entry *e) { const struct xt_entry_target *t; unsigned int verdict; if (!unconditional(&e->ip)) return false; t = ipt_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct xt_standard_target *)t)->verdict; verdict = -verdict - 1; return verdict == NF_DROP || verdict == NF_ACCEPT; }",visit repo url,net/ipv4/netfilter/ip_tables.c,https://github.com/torvalds/linux,278870435998165,1 1302,['CWE-119'],"static unsigned char asn1_uint_decode(struct asn1_ctx *ctx, unsigned char *eoc, unsigned int *integer) { unsigned char ch; unsigned int len; if (!asn1_octet_decode(ctx, &ch)) return 0; *integer = ch; if (ch == 0) len = 0; else len = 1; while (ctx->pointer < eoc) { if (++len > sizeof (unsigned int)) { ctx->error = ASN1_ERR_DEC_BADVALUE; return 0; } if (!asn1_octet_decode(ctx, &ch)) return 0; *integer <<= 8; *integer |= ch; } return 1; }",linux-2.6,,,21900917959800656188191552225664701813,0 1282,CWE-119,"void pid_ns_release_proc(struct pid_namespace *ns) { mntput(ns->proc_mnt); }",visit repo url,fs/proc/root.c,https://github.com/torvalds/linux,149156632274279,1 3508,CWE-20,"static unsigned char *read_chunk(struct mschm_decompressor_p *self, struct mschmd_header *chm, struct mspack_file *fh, unsigned int chunk_num) { struct mspack_system *sys = self->system; unsigned char *buf; if (chunk_num > chm->num_chunks) return NULL; if (!chm->chunk_cache) { size_t size = sizeof(unsigned char *) * chm->num_chunks; if (!(chm->chunk_cache = (unsigned char **) sys->alloc(sys, size))) { self->error = MSPACK_ERR_NOMEMORY; return NULL; } memset(chm->chunk_cache, 0, size); } if (chm->chunk_cache[chunk_num]) return chm->chunk_cache[chunk_num]; if (!(buf = (unsigned char *) sys->alloc(sys, chm->chunk_size))) { self->error = MSPACK_ERR_NOMEMORY; return NULL; } if (sys->seek(fh, (off_t) (chm->dir_offset + (chunk_num * chm->chunk_size)), MSPACK_SYS_SEEK_START)) { self->error = MSPACK_ERR_SEEK; sys->free(buf); return NULL; } if (sys->read(fh, buf, (int)chm->chunk_size) != (int)chm->chunk_size) { self->error = MSPACK_ERR_READ; sys->free(buf); return NULL; } if (!((buf[0] == 0x50) && (buf[1] == 0x4D) && (buf[2] == 0x47) && ((buf[3] == 0x4C) || (buf[3] == 0x49)))) { self->error = MSPACK_ERR_SEEK; sys->free(buf); return NULL; } return chm->chunk_cache[chunk_num] = buf; }",visit repo url,libmspack/mspack/chmd.c,https://github.com/kyz/libmspack,194513908246299,1 2174,CWE-125,"static void ttm_put_pages(struct page **pages, unsigned npages, int flags, enum ttm_caching_state cstate) { struct ttm_page_pool *pool = ttm_get_pool(flags, false, cstate); #ifdef CONFIG_TRANSPARENT_HUGEPAGE struct ttm_page_pool *huge = ttm_get_pool(flags, true, cstate); #endif unsigned long irq_flags; unsigned i; if (pool == NULL) { i = 0; while (i < npages) { #ifdef CONFIG_TRANSPARENT_HUGEPAGE struct page *p = pages[i]; #endif unsigned order = 0, j; if (!pages[i]) { ++i; continue; } #ifdef CONFIG_TRANSPARENT_HUGEPAGE if (!(flags & TTM_PAGE_FLAG_DMA32) && (npages - i) >= HPAGE_PMD_NR) { for (j = 1; j < HPAGE_PMD_NR; ++j) if (p++ != pages[i + j]) break; if (j == HPAGE_PMD_NR) order = HPAGE_PMD_ORDER; } #endif if (page_count(pages[i]) != 1) pr_err(""Erroneous page count. Leaking pages.\n""); __free_pages(pages[i], order); j = 1 << order; while (j) { pages[i++] = NULL; --j; } } return; } i = 0; #ifdef CONFIG_TRANSPARENT_HUGEPAGE if (huge) { unsigned max_size, n2free; spin_lock_irqsave(&huge->lock, irq_flags); while ((npages - i) >= HPAGE_PMD_NR) { struct page *p = pages[i]; unsigned j; if (!p) break; for (j = 1; j < HPAGE_PMD_NR; ++j) if (p++ != pages[i + j]) break; if (j != HPAGE_PMD_NR) break; list_add_tail(&pages[i]->lru, &huge->list); for (j = 0; j < HPAGE_PMD_NR; ++j) pages[i++] = NULL; huge->npages++; } max_size = _manager->options.max_size; max_size /= HPAGE_PMD_NR; if (huge->npages > max_size) n2free = huge->npages - max_size; else n2free = 0; spin_unlock_irqrestore(&huge->lock, irq_flags); if (n2free) ttm_page_pool_free(huge, n2free, false); } #endif spin_lock_irqsave(&pool->lock, irq_flags); while (i < npages) { if (pages[i]) { if (page_count(pages[i]) != 1) pr_err(""Erroneous page count. Leaking pages.\n""); list_add_tail(&pages[i]->lru, &pool->list); pages[i] = NULL; pool->npages++; } ++i; } npages = 0; if (pool->npages > _manager->options.max_size) { npages = pool->npages - _manager->options.max_size; if (npages < NUM_PAGES_TO_ALLOC) npages = NUM_PAGES_TO_ALLOC; } spin_unlock_irqrestore(&pool->lock, irq_flags); if (npages) ttm_page_pool_free(pool, npages, false); }",visit repo url,drivers/gpu/drm/ttm/ttm_page_alloc.c,https://github.com/torvalds/linux,253651763291689,1 6370,[],"sanitize_filename (const gchar *filename) { gchar * sanitized_name; sanitized_name = g_path_get_basename (filename); if (sanitized_name == NULL || !g_strcmp0 (sanitized_name, ""."")) { g_free (sanitized_name); return NULL; } else { return g_strdelimit (sanitized_name, "" "", '_'); } }",evolution,,,334495307758883755657030748664619123881,0 452,CWE-119,"static ssize_t userfaultfd_ctx_read(struct userfaultfd_ctx *ctx, int no_wait, struct uffd_msg *msg) { ssize_t ret; DECLARE_WAITQUEUE(wait, current); struct userfaultfd_wait_queue *uwq; LIST_HEAD(fork_event); struct userfaultfd_ctx *fork_nctx = NULL; spin_lock(&ctx->fd_wqh.lock); __add_wait_queue(&ctx->fd_wqh, &wait); for (;;) { set_current_state(TASK_INTERRUPTIBLE); spin_lock(&ctx->fault_pending_wqh.lock); uwq = find_userfault(ctx); if (uwq) { write_seqcount_begin(&ctx->refile_seq); list_del(&uwq->wq.entry); __add_wait_queue(&ctx->fault_wqh, &uwq->wq); write_seqcount_end(&ctx->refile_seq); *msg = uwq->msg; spin_unlock(&ctx->fault_pending_wqh.lock); ret = 0; break; } spin_unlock(&ctx->fault_pending_wqh.lock); spin_lock(&ctx->event_wqh.lock); uwq = find_userfault_evt(ctx); if (uwq) { *msg = uwq->msg; if (uwq->msg.event == UFFD_EVENT_FORK) { fork_nctx = (struct userfaultfd_ctx *) (unsigned long) uwq->msg.arg.reserved.reserved1; list_move(&uwq->wq.entry, &fork_event); spin_unlock(&ctx->event_wqh.lock); ret = 0; break; } userfaultfd_event_complete(ctx, uwq); spin_unlock(&ctx->event_wqh.lock); ret = 0; break; } spin_unlock(&ctx->event_wqh.lock); if (signal_pending(current)) { ret = -ERESTARTSYS; break; } if (no_wait) { ret = -EAGAIN; break; } spin_unlock(&ctx->fd_wqh.lock); schedule(); spin_lock(&ctx->fd_wqh.lock); } __remove_wait_queue(&ctx->fd_wqh, &wait); __set_current_state(TASK_RUNNING); spin_unlock(&ctx->fd_wqh.lock); if (!ret && msg->event == UFFD_EVENT_FORK) { ret = resolve_userfault_fork(ctx, fork_nctx, msg); if (!ret) { spin_lock(&ctx->event_wqh.lock); if (!list_empty(&fork_event)) { uwq = list_first_entry(&fork_event, typeof(*uwq), wq.entry); list_del(&uwq->wq.entry); __add_wait_queue(&ctx->event_wqh, &uwq->wq); userfaultfd_event_complete(ctx, uwq); } spin_unlock(&ctx->event_wqh.lock); } } return ret; }",visit repo url,fs/userfaultfd.c,https://github.com/torvalds/linux,15936777476629,1 1168,['CWE-189'],"int hrtimer_cancel(struct hrtimer *timer) { for (;;) { int ret = hrtimer_try_to_cancel(timer); if (ret >= 0) return ret; cpu_relax(); } }",linux-2.6,,,337582601652652115100348502415524992763,0 5304,['CWE-119'],"static u32 tun_get_rx_csum(struct net_device *dev) { struct tun_struct *tun = netdev_priv(dev); return (tun->flags & TUN_NOCHECKSUM) == 0; }",linux-2.6,,,320560088833564959681052990272780254660,0 13,NVD-CWE-Other,"krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_OID desired_object, gss_buffer_set_t *data_set) { krb5_gss_ctx_id_rec *ctx; size_t i; if (minor_status == NULL) return GSS_S_CALL_INACCESSIBLE_WRITE; *minor_status = 0; if (desired_object == GSS_C_NO_OID) return GSS_S_CALL_INACCESSIBLE_READ; if (data_set == NULL) return GSS_S_CALL_INACCESSIBLE_WRITE; *data_set = GSS_C_NO_BUFFER_SET; ctx = (krb5_gss_ctx_id_rec *) context_handle; if (!ctx->established) return GSS_S_NO_CONTEXT; for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/ sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) { if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_sec_context_by_oid_ops[i].oid)) { return (*krb5_gss_inquire_sec_context_by_oid_ops[i].func)(minor_status, context_handle, desired_object, data_set); } } *minor_status = EINVAL; return GSS_S_UNAVAILABLE; }",visit repo url,src/lib/gssapi/krb5/gssapi_krb5.c,https://github.com/krb5/krb5,164290181660741,1 1385,CWE-20,"static int netbk_count_requests(struct xenvif *vif, struct xen_netif_tx_request *first, struct xen_netif_tx_request *txp, int work_to_do) { RING_IDX cons = vif->tx.req_cons; int frags = 0; if (!(first->flags & XEN_NETTXF_more_data)) return 0; do { if (frags >= work_to_do) { netdev_dbg(vif->dev, ""Need more frags\n""); return -frags; } if (unlikely(frags >= MAX_SKB_FRAGS)) { netdev_dbg(vif->dev, ""Too many frags\n""); return -frags; } memcpy(txp, RING_GET_REQUEST(&vif->tx, cons + frags), sizeof(*txp)); if (txp->size > first->size) { netdev_dbg(vif->dev, ""Frags galore\n""); return -frags; } first->size -= txp->size; frags++; if (unlikely((txp->offset + txp->size) > PAGE_SIZE)) { netdev_dbg(vif->dev, ""txp->offset: %x, size: %u\n"", txp->offset, txp->size); return -frags; } } while ((txp++)->flags & XEN_NETTXF_more_data); return frags; }",visit repo url,drivers/net/xen-netback/netback.c,https://github.com/torvalds/linux,82527964855282,1 3326,CWE-119,"header_put_byte (SF_PRIVATE *psf, char x) { if (psf->headindex < SIGNED_SIZEOF (psf->header) - 1) psf->header [psf->headindex++] = x ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,88183010420216,1 4600,['CWE-399'],"static int ext4_da_reserve_space(struct inode *inode, int nrblocks) { int retries = 0; struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); unsigned long md_needed, mdblocks, total = 0; repeat: spin_lock(&EXT4_I(inode)->i_block_reservation_lock); total = EXT4_I(inode)->i_reserved_data_blocks + nrblocks; mdblocks = ext4_calc_metadata_amount(inode, total); BUG_ON(mdblocks < EXT4_I(inode)->i_reserved_meta_blocks); md_needed = mdblocks - EXT4_I(inode)->i_reserved_meta_blocks; total = md_needed + nrblocks; if (ext4_claim_free_blocks(sbi, total)) { spin_unlock(&EXT4_I(inode)->i_block_reservation_lock); if (ext4_should_retry_alloc(inode->i_sb, &retries)) { yield(); goto repeat; } return -ENOSPC; } EXT4_I(inode)->i_reserved_data_blocks += nrblocks; EXT4_I(inode)->i_reserved_meta_blocks = mdblocks; spin_unlock(&EXT4_I(inode)->i_block_reservation_lock); return 0; }",linux-2.6,,,173880804670921986017911736476892073465,0 1674,CWE-362,"static int snd_timer_user_tselect(struct file *file, struct snd_timer_select __user *_tselect) { struct snd_timer_user *tu; struct snd_timer_select tselect; char str[32]; int err = 0; tu = file->private_data; mutex_lock(&tu->tread_sem); if (tu->timeri) { snd_timer_close(tu->timeri); tu->timeri = NULL; } if (copy_from_user(&tselect, _tselect, sizeof(tselect))) { err = -EFAULT; goto __err; } sprintf(str, ""application %i"", current->pid); if (tselect.id.dev_class != SNDRV_TIMER_CLASS_SLAVE) tselect.id.dev_sclass = SNDRV_TIMER_SCLASS_APPLICATION; err = snd_timer_open(&tu->timeri, str, &tselect.id, current->pid); if (err < 0) goto __err; kfree(tu->queue); tu->queue = NULL; kfree(tu->tqueue); tu->tqueue = NULL; if (tu->tread) { tu->tqueue = kmalloc(tu->queue_size * sizeof(struct snd_timer_tread), GFP_KERNEL); if (tu->tqueue == NULL) err = -ENOMEM; } else { tu->queue = kmalloc(tu->queue_size * sizeof(struct snd_timer_read), GFP_KERNEL); if (tu->queue == NULL) err = -ENOMEM; } if (err < 0) { snd_timer_close(tu->timeri); tu->timeri = NULL; } else { tu->timeri->flags |= SNDRV_TIMER_IFLG_FAST; tu->timeri->callback = tu->tread ? snd_timer_user_tinterrupt : snd_timer_user_interrupt; tu->timeri->ccallback = snd_timer_user_ccallback; tu->timeri->callback_data = (void *)tu; } __err: mutex_unlock(&tu->tread_sem); return err; }",visit repo url,sound/core/timer.c,https://github.com/torvalds/linux,239387513727770,1 5791,['CWE-200'],"static int atalk_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { int rc = -ENOIOCTLCMD; struct sock *sk = sock->sk; void __user *argp = (void __user *)arg; switch (cmd) { case TIOCOUTQ: { long amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk); if (amount < 0) amount = 0; rc = put_user(amount, (int __user *)argp); break; } case TIOCINQ: { struct sk_buff *skb = skb_peek(&sk->sk_receive_queue); long amount = 0; if (skb) amount = skb->len - sizeof(struct ddpehdr); rc = put_user(amount, (int __user *)argp); break; } case SIOCGSTAMP: rc = sock_get_timestamp(sk, argp); break; case SIOCGSTAMPNS: rc = sock_get_timestampns(sk, argp); break; case SIOCADDRT: case SIOCDELRT: rc = -EPERM; if (capable(CAP_NET_ADMIN)) rc = atrtr_ioctl(cmd, argp); break; case SIOCGIFADDR: case SIOCSIFADDR: case SIOCGIFBRDADDR: case SIOCATALKDIFADDR: case SIOCDIFADDR: case SIOCSARP: case SIOCDARP: rtnl_lock(); rc = atif_ioctl(cmd, argp); rtnl_unlock(); break; } return rc; }",linux-2.6,,,134364753918784329228227293333428037518,0 2321,CWE-400,"void out_string(conn *c, const char *str) { size_t len; mc_resp *resp = c->resp; assert(c != NULL); resp_reset(resp); if (c->noreply) { resp->skip = true; if (settings.verbose > 1) fprintf(stderr, "">%d NOREPLY %s\n"", c->sfd, str); conn_set_state(c, conn_new_cmd); return; } if (settings.verbose > 1) fprintf(stderr, "">%d %s\n"", c->sfd, str); len = strlen(str); if ((len + 2) > WRITE_BUFFER_SIZE) { str = ""SERVER_ERROR output line too long""; len = strlen(str); } memcpy(resp->wbuf, str, len); memcpy(resp->wbuf + len, ""\r\n"", 2); resp_add_iov(resp, resp->wbuf, len + 2); conn_set_state(c, conn_new_cmd); return; }",visit repo url,memcached.c,https://github.com/memcached/memcached,280878771485302,1 5195,CWE-190,"TfLiteIntArray* TfLiteIntArrayCreate(int size) { TfLiteIntArray* ret = (TfLiteIntArray*)malloc(TfLiteIntArrayGetSizeInBytes(size)); ret->size = size; return ret; }",visit repo url,tensorflow/lite/c/common.c,https://github.com/tensorflow/tensorflow,30420426648480,1 4303,['CWE-264'],"static inline void mm_free_pgd(struct mm_struct * mm) { pgd_free(mm, mm->pgd); }",linux-2.6,,,265054843506455202369982475824884899195,0 6633,['CWE-200'],"do_edit (ActionInfo *info) { NMExportedConnection *exported; NMConnection *connection; NMConnectionEditor *editor; EditConnectionInfo *edit_info; GError *error = NULL; const char *message = _(""The connection editor dialog could not be initialized due to an unknown error.""); exported = get_active_connection (info->treeview); g_return_if_fail (exported != NULL); editor = NM_CONNECTION_EDITOR (g_hash_table_lookup (info->list->editors, exported)); if (editor) { nm_connection_editor_present (editor); return; } connection = nm_gconf_connection_duplicate (nm_exported_connection_get_connection (exported)); editor = nm_connection_editor_new (connection, nm_dbus_settings_system_get_can_modify (info->list->system_settings), &error); g_object_unref (connection); if (!editor) { error_dialog (info->list_window, _(""Could not edit connection""), ""%s"", (error && error->message) ? error->message : message); return; } edit_info = g_new (EditConnectionInfo, 1); edit_info->list = info->list; edit_info->original_connection = g_object_ref (exported); g_signal_connect (editor, ""done"", G_CALLBACK (edit_done_cb), edit_info); g_hash_table_insert (info->list->editors, exported, editor); nm_connection_editor_run (editor); }",network-manager-applet,,,5409614318399800068197807982234732527,0 3050,CWE-189,"varbit_in(PG_FUNCTION_ARGS) { char *input_string = PG_GETARG_CSTRING(0); #ifdef NOT_USED Oid typelem = PG_GETARG_OID(1); #endif int32 atttypmod = PG_GETARG_INT32(2); VarBit *result; char *sp; bits8 *r; int len, bitlen, slen; bool bit_not_hex; int bc; bits8 x = 0; if (input_string[0] == 'b' || input_string[0] == 'B') { bit_not_hex = true; sp = input_string + 1; } else if (input_string[0] == 'x' || input_string[0] == 'X') { bit_not_hex = false; sp = input_string + 1; } else { bit_not_hex = true; sp = input_string; } slen = strlen(sp); if (bit_not_hex) bitlen = slen; else bitlen = slen * 4; if (atttypmod <= 0) atttypmod = bitlen; else if (bitlen > atttypmod) ereport(ERROR, (errcode(ERRCODE_STRING_DATA_RIGHT_TRUNCATION), errmsg(""bit string too long for type bit varying(%d)"", atttypmod))); len = VARBITTOTALLEN(bitlen); result = (VarBit *) palloc0(len); SET_VARSIZE(result, len); VARBITLEN(result) = Min(bitlen, atttypmod); r = VARBITS(result); if (bit_not_hex) { x = HIGHBIT; for (; *sp; sp++) { if (*sp == '1') *r |= x; else if (*sp != '0') ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""\""%c\"" is not a valid binary digit"", *sp))); x >>= 1; if (x == 0) { x = HIGHBIT; r++; } } } else { for (bc = 0; *sp; sp++) { if (*sp >= '0' && *sp <= '9') x = (bits8) (*sp - '0'); else if (*sp >= 'A' && *sp <= 'F') x = (bits8) (*sp - 'A') + 10; else if (*sp >= 'a' && *sp <= 'f') x = (bits8) (*sp - 'a') + 10; else ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""\""%c\"" is not a valid hexadecimal digit"", *sp))); if (bc) { *r++ |= x; bc = 0; } else { *r = x << 4; bc = 1; } } } PG_RETURN_VARBIT_P(result); }",visit repo url,src/backend/utils/adt/varbit.c,https://github.com/postgres/postgres,23387350775144,1 2079,CWE-190,"static void bump_cpu_timer(struct k_itimer *timer, u64 now) { int i; u64 delta, incr; if (timer->it.cpu.incr == 0) return; if (now < timer->it.cpu.expires) return; incr = timer->it.cpu.incr; delta = now + incr - timer->it.cpu.expires; for (i = 0; incr < delta - incr; i++) incr = incr << 1; for (; i >= 0; incr >>= 1, i--) { if (delta < incr) continue; timer->it.cpu.expires += incr; timer->it_overrun += 1 << i; delta -= incr; } }",visit repo url,kernel/time/posix-cpu-timers.c,https://github.com/torvalds/linux,264060287002565,1 3886,CWE-122,"ex_retab(exarg_T *eap) { linenr_T lnum; int got_tab = FALSE; long num_spaces = 0; long num_tabs; long len; long col; long vcol; long start_col = 0; long start_vcol = 0; long old_len; char_u *ptr; char_u *new_line = (char_u *)1; int did_undo; #ifdef FEAT_VARTABS int *new_vts_array = NULL; char_u *new_ts_str; #else int temp; int new_ts; #endif int save_list; linenr_T first_line = 0; linenr_T last_line = 0; save_list = curwin->w_p_list; curwin->w_p_list = 0; #ifdef FEAT_VARTABS new_ts_str = eap->arg; if (!tabstop_set(eap->arg, &new_vts_array)) return; while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',') ++(eap->arg); if (new_vts_array == NULL) { new_vts_array = curbuf->b_p_vts_array; new_ts_str = NULL; } else new_ts_str = vim_strnsave(new_ts_str, eap->arg - new_ts_str); #else new_ts = getdigits(&(eap->arg)); if (new_ts < 0) { emsg(_(e_positive)); return; } if (new_ts == 0) new_ts = curbuf->b_p_ts; #endif for (lnum = eap->line1; !got_int && lnum <= eap->line2; ++lnum) { ptr = ml_get(lnum); col = 0; vcol = 0; did_undo = FALSE; for (;;) { if (VIM_ISWHITE(ptr[col])) { if (!got_tab && num_spaces == 0) { start_vcol = vcol; start_col = col; } if (ptr[col] == ' ') num_spaces++; else got_tab = TRUE; } else { if (got_tab || (eap->forceit && num_spaces > 1)) { len = num_spaces = vcol - start_vcol; num_tabs = 0; if (!curbuf->b_p_et) { #ifdef FEAT_VARTABS int t, s; tabstop_fromto(start_vcol, vcol, curbuf->b_p_ts, new_vts_array, &t, &s); num_tabs = t; num_spaces = s; #else temp = new_ts - (start_vcol % new_ts); if (num_spaces >= temp) { num_spaces -= temp; num_tabs++; } num_tabs += num_spaces / new_ts; num_spaces -= (num_spaces / new_ts) * new_ts; #endif } if (curbuf->b_p_et || got_tab || (num_spaces + num_tabs < len)) { if (did_undo == FALSE) { did_undo = TRUE; if (u_save((linenr_T)(lnum - 1), (linenr_T)(lnum + 1)) == FAIL) { new_line = NULL; break; } } len = num_spaces + num_tabs; old_len = (long)STRLEN(ptr); new_line = alloc(old_len - col + start_col + len + 1); if (new_line == NULL) break; if (start_col > 0) mch_memmove(new_line, ptr, (size_t)start_col); mch_memmove(new_line + start_col + len, ptr + col, (size_t)(old_len - col + 1)); ptr = new_line + start_col; for (col = 0; col < len; col++) ptr[col] = (col < num_tabs) ? '\t' : ' '; if (ml_replace(lnum, new_line, FALSE) == OK) new_line = curbuf->b_ml.ml_line_ptr; if (first_line == 0) first_line = lnum; last_line = lnum; ptr = new_line; col = start_col + len; } } got_tab = FALSE; num_spaces = 0; } if (ptr[col] == NUL) break; vcol += chartabsize(ptr + col, (colnr_T)vcol); if (has_mbyte) col += (*mb_ptr2len)(ptr + col); else ++col; } if (new_line == NULL) break; line_breakcheck(); } if (got_int) emsg(_(e_interr)); #ifdef FEAT_VARTABS if (tabstop_count(curbuf->b_p_vts_array) == 0 && tabstop_count(new_vts_array) == 1 && curbuf->b_p_ts == tabstop_first(new_vts_array)) ; else if (tabstop_count(curbuf->b_p_vts_array) > 0 && tabstop_eq(curbuf->b_p_vts_array, new_vts_array)) ; else redraw_curbuf_later(NOT_VALID); #else if (curbuf->b_p_ts != new_ts) redraw_curbuf_later(NOT_VALID); #endif if (first_line != 0) changed_lines(first_line, 0, last_line + 1, 0L); curwin->w_p_list = save_list; #ifdef FEAT_VARTABS if (new_ts_str != NULL) { int *old_vts_ary = curbuf->b_p_vts_array; if (tabstop_count(old_vts_ary) > 0 || tabstop_count(new_vts_array) > 1) { set_string_option_direct((char_u *)""vts"", -1, new_ts_str, OPT_FREE|OPT_LOCAL, 0); curbuf->b_p_vts_array = new_vts_array; vim_free(old_vts_ary); } else { curbuf->b_p_ts = tabstop_first(new_vts_array); vim_free(new_vts_array); } vim_free(new_ts_str); } #else curbuf->b_p_ts = new_ts; #endif coladvance(curwin->w_curswant); u_clearline(); }",visit repo url,src/indent.c,https://github.com/vim/vim,236817144885262,1 4119,CWE-287,"static int x509_crt_verify_child( mbedtls_x509_crt *child, mbedtls_x509_crt *parent, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, int path_cnt, int self_cnt, uint32_t *flags, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { int ret; uint32_t parent_flags = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; mbedtls_x509_crt *grandparent; const mbedtls_md_info_t *md_info; if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 ) self_cnt++; if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) { *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); } if( mbedtls_x509_time_is_past( &child->valid_to ) ) *flags |= MBEDTLS_X509_BADCERT_EXPIRED; if( mbedtls_x509_time_is_future( &child->valid_from ) ) *flags |= MBEDTLS_X509_BADCERT_FUTURE; if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_MD; if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_PK; md_info = mbedtls_md_info_from_type( child->sig_md ); if( md_info == NULL ) { *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; } else { mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ); if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, child->sig_md, hash, mbedtls_md_get_size( md_info ), child->sig.p, child->sig.len ) != 0 ) { *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; } } #if defined(MBEDTLS_X509_CRL_PARSE_C) *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); #endif for( grandparent = trust_ca; grandparent != NULL; grandparent = grandparent->next ) { if( x509_crt_check_parent( parent, grandparent, 0, path_cnt == 0 ) == 0 ) break; } if( grandparent != NULL ) { ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile, path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } else { for( grandparent = parent->next; grandparent != NULL; grandparent = grandparent->next ) { if( grandparent->max_pathlen > 0 && grandparent->max_pathlen < 2 + path_cnt - self_cnt ) { continue; } if( x509_crt_check_parent( parent, grandparent, 0, path_cnt == 0 ) == 0 ) break; } if( grandparent != NULL ) { ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl, profile, path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } else { ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile, path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } } if( NULL != f_vrfy ) if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 ) return( ret ); *flags |= parent_flags; return( 0 ); }",visit repo url,library/x509_crt.c,https://github.com/ARMmbed/mbedtls,46729485477194,1 2593,['CWE-189'],"int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized) { struct dccp_sock *dp = dccp_sk(sk); struct dccp_minisock *dmsk = dccp_msk(sk); struct inet_connection_sock *icsk = inet_csk(sk); dccp_minisock_init(&dp->dccps_minisock); icsk->icsk_rto = DCCP_TIMEOUT_INIT; icsk->icsk_syn_retries = sysctl_dccp_request_retries; sk->sk_state = DCCP_CLOSED; sk->sk_write_space = dccp_write_space; icsk->icsk_sync_mss = dccp_sync_mss; dp->dccps_mss_cache = 536; dp->dccps_rate_last = jiffies; dp->dccps_role = DCCP_ROLE_UNDEFINED; dp->dccps_service = DCCP_SERVICE_CODE_IS_ABSENT; dp->dccps_l_ack_ratio = dp->dccps_r_ack_ratio = 1; dccp_init_xmit_timers(sk); if (likely(ctl_sock_initialized)) { int rc = dccp_feat_init(dmsk); if (rc) return rc; if (dmsk->dccpms_send_ack_vector) { dp->dccps_hc_rx_ackvec = dccp_ackvec_alloc(GFP_KERNEL); if (dp->dccps_hc_rx_ackvec == NULL) return -ENOMEM; } dp->dccps_hc_rx_ccid = ccid_hc_rx_new(dmsk->dccpms_rx_ccid, sk, GFP_KERNEL); dp->dccps_hc_tx_ccid = ccid_hc_tx_new(dmsk->dccpms_tx_ccid, sk, GFP_KERNEL); if (unlikely(dp->dccps_hc_rx_ccid == NULL || dp->dccps_hc_tx_ccid == NULL)) { ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); if (dmsk->dccpms_send_ack_vector) { dccp_ackvec_free(dp->dccps_hc_rx_ackvec); dp->dccps_hc_rx_ackvec = NULL; } dp->dccps_hc_rx_ccid = dp->dccps_hc_tx_ccid = NULL; return -ENOMEM; } } else { INIT_LIST_HEAD(&dmsk->dccpms_pending); INIT_LIST_HEAD(&dmsk->dccpms_conf); } return 0; }",linux-2.6,,,129772578103166993397624869197589157312,0 2412,['CWE-119'],"static void diff_words_append(char *line, unsigned long len, struct diff_words_buffer *buffer) { if (buffer->text.size + len > buffer->alloc) { buffer->alloc = (buffer->text.size + len) * 3 / 2; buffer->text.ptr = xrealloc(buffer->text.ptr, buffer->alloc); } line++; len--; memcpy(buffer->text.ptr + buffer->text.size, line, len); buffer->text.size += len; }",git,,,28917152713002626698851669648193517818,0 6004,['CWE-200'],"cbq_dump_class_stats(struct Qdisc *sch, unsigned long arg, struct gnet_dump *d) { struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *cl = (struct cbq_class*)arg; cl->qstats.qlen = cl->q->q.qlen; cl->xstats.avgidle = cl->avgidle; cl->xstats.undertime = 0; if (!PSCHED_IS_PASTPERFECT(cl->undertime)) cl->xstats.undertime = PSCHED_TDIFF(cl->undertime, q->now); if (gnet_stats_copy_basic(d, &cl->bstats) < 0 || #ifdef CONFIG_NET_ESTIMATOR gnet_stats_copy_rate_est(d, &cl->rate_est) < 0 || #endif gnet_stats_copy_queue(d, &cl->qstats) < 0) return -1; return gnet_stats_copy_app(d, &cl->xstats, sizeof(cl->xstats)); }",linux-2.6,,,290384988686278248097754257887529414553,0 5401,['CWE-476'],"gfn_t unalias_gfn(struct kvm *kvm, gfn_t gfn) { int i; struct kvm_mem_alias *alias; for (i = 0; i < kvm->arch.naliases; ++i) { alias = &kvm->arch.aliases[i]; if (gfn >= alias->base_gfn && gfn < alias->base_gfn + alias->npages) return alias->target_gfn + gfn - alias->base_gfn; } return gfn; }",linux-2.6,,,289500174024052947379721927452725788015,0 530,['CWE-399'],"static ssize_t pwc_video_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { struct video_device *vdev = file->private_data; struct pwc_device *pdev; int noblock = file->f_flags & O_NONBLOCK; DECLARE_WAITQUEUE(wait, current); int bytes_to_read; void *image_buffer_addr; PWC_DEBUG_READ(""pwc_video_read(vdev=0x%p, buf=%p, count=%zd) called.\n"", vdev, buf, count); if (vdev == NULL) return -EFAULT; pdev = vdev->priv; if (pdev == NULL) return -EFAULT; if (pdev->error_status) return -pdev->error_status; if (pdev->image_read_pos == 0) { add_wait_queue(&pdev->frameq, &wait); while (pdev->full_frames == NULL) { if (pdev->error_status) { remove_wait_queue(&pdev->frameq, &wait); set_current_state(TASK_RUNNING); return -pdev->error_status ; } if (noblock) { remove_wait_queue(&pdev->frameq, &wait); set_current_state(TASK_RUNNING); return -EWOULDBLOCK; } if (signal_pending(current)) { remove_wait_queue(&pdev->frameq, &wait); set_current_state(TASK_RUNNING); return -ERESTARTSYS; } schedule(); set_current_state(TASK_INTERRUPTIBLE); } remove_wait_queue(&pdev->frameq, &wait); set_current_state(TASK_RUNNING); if (pwc_handle_frame(pdev)) return -EFAULT; } PWC_DEBUG_READ(""Copying data to user space.\n""); if (pdev->vpalette == VIDEO_PALETTE_RAW) bytes_to_read = pdev->frame_size + sizeof(struct pwc_raw_frame); else bytes_to_read = pdev->view.size; if (count + pdev->image_read_pos > bytes_to_read) count = bytes_to_read - pdev->image_read_pos; image_buffer_addr = pdev->image_data; image_buffer_addr += pdev->images[pdev->fill_image].offset; image_buffer_addr += pdev->image_read_pos; if (copy_to_user(buf, image_buffer_addr, count)) return -EFAULT; pdev->image_read_pos += count; if (pdev->image_read_pos >= bytes_to_read) { pdev->image_read_pos = 0; pwc_next_image(pdev); } return count; }",linux-2.6,,,232240323913305676760818904246720838785,0 4858,['CWE-189'],"void ecryptfs_encode_for_filename(unsigned char *dst, size_t *dst_size, unsigned char *src, size_t src_size) { size_t num_blocks; size_t block_num = 0; size_t dst_offset = 0; unsigned char last_block[3]; if (src_size == 0) { (*dst_size) = 0; goto out; } num_blocks = (src_size / 3); if ((src_size % 3) == 0) { memcpy(last_block, (&src[src_size - 3]), 3); } else { num_blocks++; last_block[2] = 0x00; switch (src_size % 3) { case 1: last_block[0] = src[src_size - 1]; last_block[1] = 0x00; break; case 2: last_block[0] = src[src_size - 2]; last_block[1] = src[src_size - 1]; } } (*dst_size) = (num_blocks * 4); if (!dst) goto out; while (block_num < num_blocks) { unsigned char *src_block; unsigned char dst_block[4]; if (block_num == (num_blocks - 1)) src_block = last_block; else src_block = &src[block_num * 3]; dst_block[0] = ((src_block[0] >> 2) & 0x3F); dst_block[1] = (((src_block[0] << 4) & 0x30) | ((src_block[1] >> 4) & 0x0F)); dst_block[2] = (((src_block[1] << 2) & 0x3C) | ((src_block[2] >> 6) & 0x03)); dst_block[3] = (src_block[2] & 0x3F); dst[dst_offset++] = portable_filename_chars[dst_block[0]]; dst[dst_offset++] = portable_filename_chars[dst_block[1]]; dst[dst_offset++] = portable_filename_chars[dst_block[2]]; dst[dst_offset++] = portable_filename_chars[dst_block[3]]; block_num++; } out: return; }",linux-2.6,,,203162188491581322879804691909878577788,0 347,['CWE-20'],"static int is_setting_trap_flag(struct task_struct *child, struct pt_regs *regs) { int i, copied; unsigned char opcode[15]; unsigned long addr = convert_rip_to_linear(child, regs); copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0); for (i = 0; i < copied; i++) { switch (opcode[i]) { case 0x9d: case 0xcf: return 1; case 0x66: case 0x67: continue; case 0x26: case 0x2e: case 0x36: case 0x3e: case 0x64: case 0x65: case 0xf2: case 0xf3: continue; case 0x40 ... 0x4f: if (regs->cs != __USER_CS) return 0; continue; case 0x9c: default: return 0; } } return 0; }",linux-2.6,,,103165961675828318730766049555687402976,0 3208,['CWE-189'],"int mif_validate(jas_stream_t *in) { uchar buf[MIF_MAGICLEN]; uint_fast32_t magic; int i; int n; assert(JAS_STREAM_MAXPUTBACK >= MIF_MAGICLEN); if ((n = jas_stream_read(in, buf, MIF_MAGICLEN)) < 0) { return -1; } for (i = n - 1; i >= 0; --i) { if (jas_stream_ungetc(in, buf[i]) == EOF) { return -1; } } if (n < MIF_MAGICLEN) { return -1; } magic = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; if (magic != MIF_MAGIC) { return -1; } return 0; }",jasper,,,177164700899065995328463766294496356244,0 1837,NVD-CWE-noinfo,"int nfc_genl_fw_download_done(struct nfc_dev *dev, const char *firmware_name, u32 result) { struct sk_buff *msg; void *hdr; msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); if (!msg) return -ENOMEM; hdr = genlmsg_put(msg, 0, 0, &nfc_genl_family, 0, NFC_CMD_FW_DOWNLOAD); if (!hdr) goto free_msg; if (nla_put_string(msg, NFC_ATTR_FIRMWARE_NAME, firmware_name) || nla_put_u32(msg, NFC_ATTR_FIRMWARE_DOWNLOAD_STATUS, result) || nla_put_u32(msg, NFC_ATTR_DEVICE_INDEX, dev->idx)) goto nla_put_failure; genlmsg_end(msg, hdr); genlmsg_multicast(&nfc_genl_family, msg, 0, 0, GFP_KERNEL); return 0; nla_put_failure: free_msg: nlmsg_free(msg); return -EMSGSIZE; }",visit repo url,net/nfc/netlink.c,https://github.com/torvalds/linux,41096022910394,1 4161,CWE-787,"gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) { TIFF* tif = img->tif; tileSeparateRoutine put = img->put.separate; unsigned char *buf = NULL; unsigned char *p0 = NULL, *p1 = NULL, *p2 = NULL, *pa = NULL; uint32 row, y, nrow, rowstoread; tmsize_t pos; tmsize_t scanline; uint32 rowsperstrip, offset_row; uint32 imagewidth = img->width; tmsize_t stripsize; tmsize_t bufsize; int32 fromskew, toskew; int alpha = img->alpha; int ret = 1, flip; uint16 colorchannels; stripsize = TIFFStripSize(tif); bufsize = _TIFFMultiplySSize(tif,alpha?4:3,stripsize, ""gtStripSeparate""); if (bufsize == 0) { return (0); } flip = setorientation(img); if (flip & FLIP_VERTICALLY) { y = h - 1; toskew = -(int32)(w + w); } else { y = 0; toskew = -(int32)(w - w); } switch( img->photometric ) { case PHOTOMETRIC_MINISWHITE: case PHOTOMETRIC_MINISBLACK: case PHOTOMETRIC_PALETTE: colorchannels = 1; break; default: colorchannels = 3; break; } TIFFGetFieldDefaulted(tif, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); scanline = TIFFScanlineSize(tif); fromskew = (w < imagewidth ? imagewidth - w : 0); for (row = 0; row < h; row += nrow) { rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip; nrow = (row + rowstoread > h ? h - row : rowstoread); offset_row = row + img->row_offset; if( buf == NULL ) { if (_TIFFReadEncodedStripAndAllocBuffer( tif, TIFFComputeStrip(tif, offset_row, 0), (void**) &buf, bufsize, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && (buf == NULL || img->stoponerr)) { ret = 0; break; } p0 = buf; if( colorchannels == 1 ) { p2 = p1 = p0; pa = (alpha?(p0+3*stripsize):NULL); } else { p1 = p0 + stripsize; p2 = p1 + stripsize; pa = (alpha?(p2+stripsize):NULL); } } else if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0), p0, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } if (colorchannels > 1 && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 1), p1, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } if (colorchannels > 1 && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 2), p2, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } if (alpha) { if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, colorchannels), pa, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) && img->stoponerr) { ret = 0; break; } } pos = ((row + img->row_offset) % rowsperstrip) * scanline + \ ((tmsize_t) img->col_offset * img->samplesperpixel); (*put)(img, raster+y*w, 0, y, w, nrow, fromskew, toskew, p0 + pos, p1 + pos, p2 + pos, (alpha?(pa+pos):NULL)); y += ((flip & FLIP_VERTICALLY) ? -(int32) nrow : (int32) nrow); } if (flip & FLIP_HORIZONTALLY) { uint32 line; for (line = 0; line < h; line++) { uint32 *left = raster + (line * w); uint32 *right = left + w - 1; while ( left < right ) { uint32 temp = *left; *left = *right; *right = temp; left++; right--; } } } _TIFFfree(buf); return (ret); }",visit repo url,libtiff/tif_getimage.c,https://gitlab.com/libtiff/libtiff,115257244389917,1 6606,CWE-476,"static int on_part_data_end(multipart_parser *parser) { multipart_parser_data_t *data = NULL; ogs_assert(parser); data = multipart_parser_get_data(parser); ogs_assert(data); data->num_of_part++; return 0; }",visit repo url,lib/sbi/message.c,https://github.com/open5gs/open5gs,87735542465857,1 5588,[],"force_sig_specific(int sig, struct task_struct *t) { force_sig_info(sig, SEND_SIG_FORCED, t); }",linux-2.6,,,275278005035708902843459907156437002716,0 6109,CWE-190,"void eb_mul_sim_joint(eb_t r, const eb_t p, const bn_t k, const eb_t q, const bn_t m) { eb_t t[5]; int i, u_i, len, offset; int8_t jsf[2 * (RLC_FB_BITS + 1)]; if (bn_is_zero(k) || eb_is_infty(p)) { eb_mul(r, q, m); return; } if (bn_is_zero(m) || eb_is_infty(q)) { eb_mul(r, p, k); return; } RLC_TRY { for (i = 0; i < 5; i++) { eb_null(t[i]); eb_new(t[i]); } eb_set_infty(t[0]); eb_copy(t[1], q); if (bn_sign(m) == RLC_NEG) { eb_neg(t[1], t[1]); } eb_copy(t[2], p); if (bn_sign(k) == RLC_NEG) { eb_neg(t[2], t[2]); } eb_add(t[3], t[2], t[1]); eb_sub(t[4], t[2], t[1]); #if defined(EB_MIXED) eb_norm_sim(t + 3, (const eb_t*)(t + 3), 2); #endif len = 2 * (RLC_FB_BITS + 1); bn_rec_jsf(jsf, &len, k, m); eb_set_infty(r); offset = RLC_MAX(bn_bits(k), bn_bits(m)) + 1; for (i = len - 1; i >= 0; i--) { eb_dbl(r, r); if (jsf[i] != 0 && jsf[i] == -jsf[i + offset]) { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { eb_sub(r, r, t[4]); } else { eb_add(r, r, t[4]); } } else { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { eb_sub(r, r, t[-u_i]); } else { eb_add(r, r, t[u_i]); } } } eb_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < 5; i++) { eb_free(t[i]); } } }",visit repo url,src/eb/relic_eb_mul_sim.c,https://github.com/relic-toolkit/relic,170318062524217,1 1662,[],"static inline void update_last_tick_seen(struct rq *rq) { rq->last_tick_seen = jiffies; }",linux-2.6,,,107035985649165477028752003244924896643,0 6519,['CWE-20'],"address_mask(struct decode_cache *c, unsigned long reg) { if (c->ad_bytes == sizeof(unsigned long)) return reg; else return reg & ad_mask(c); }",kvm,,,314783583295724005250806133874716821162,0 4404,CWE-476,"forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, UChar* range, UChar** low, UChar** high, UChar** low_prev) { UChar *p, *pprev = (UChar* )NULL; #ifdef ONIG_DEBUG_SEARCH fprintf(stderr, ""forward_search_range: str: %d, end: %d, s: %d, range: %d\n"", (int )str, (int )end, (int )s, (int )range); #endif p = s; if (reg->dmin > 0) { if (ONIGENC_IS_SINGLEBYTE(reg->enc)) { p += reg->dmin; } else { UChar *q = p + reg->dmin; if (q >= end) return 0; while (p < q) p += enclen(reg->enc, p); } } retry: switch (reg->optimize) { case ONIG_OPTIMIZE_EXACT: p = slow_search(reg->enc, reg->exact, reg->exact_end, p, end, range); break; case ONIG_OPTIMIZE_EXACT_IC: p = slow_search_ic(reg->enc, reg->case_fold_flag, reg->exact, reg->exact_end, p, end, range); break; case ONIG_OPTIMIZE_EXACT_BM: p = bm_search(reg, reg->exact, reg->exact_end, p, end, range); break; case ONIG_OPTIMIZE_EXACT_BM_NOT_REV: p = bm_search_notrev(reg, reg->exact, reg->exact_end, p, end, range); break; case ONIG_OPTIMIZE_MAP: p = map_search(reg->enc, reg->map, p, range); break; } if (p && p < range) { if (p - reg->dmin < s) { retry_gate: pprev = p; p += enclen(reg->enc, p); goto retry; } if (reg->sub_anchor) { UChar* prev; switch (reg->sub_anchor) { case ANCHOR_BEGIN_LINE: if (!ON_STR_BEGIN(p)) { prev = onigenc_get_prev_char_head(reg->enc, (pprev ? pprev : str), p); if (!ONIGENC_IS_MBC_NEWLINE(reg->enc, prev, end)) goto retry_gate; } break; case ANCHOR_END_LINE: if (ON_STR_END(p)) { #ifndef USE_NEWLINE_AT_END_OF_STRING_HAS_EMPTY_LINE prev = (UChar* )onigenc_get_prev_char_head(reg->enc, (pprev ? pprev : str), p); if (prev && ONIGENC_IS_MBC_NEWLINE(reg->enc, prev, end)) goto retry_gate; #endif } else if (! ONIGENC_IS_MBC_NEWLINE(reg->enc, p, end) #ifdef USE_CRNL_AS_LINE_TERMINATOR && ! ONIGENC_IS_MBC_CRNL(reg->enc, p, end) #endif ) goto retry_gate; break; } } if (reg->dmax == 0) { *low = p; if (low_prev) { if (*low > s) *low_prev = onigenc_get_prev_char_head(reg->enc, s, p); else *low_prev = onigenc_get_prev_char_head(reg->enc, (pprev ? pprev : str), p); } } else { if (reg->dmax != ONIG_INFINITE_DISTANCE) { *low = p - reg->dmax; if (*low > s) { *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, *low, (const UChar** )low_prev); if (low_prev && IS_NULL(*low_prev)) *low_prev = onigenc_get_prev_char_head(reg->enc, (pprev ? pprev : s), *low); } else { if (low_prev) *low_prev = onigenc_get_prev_char_head(reg->enc, (pprev ? pprev : str), *low); } } } *high = p - reg->dmin; #ifdef ONIG_DEBUG_SEARCH fprintf(stderr, ""forward_search_range success: low: %d, high: %d, dmin: %d, dmax: %d\n"", (int )(*low - str), (int )(*high - str), reg->dmin, reg->dmax); #endif return 1; } return 0; }",visit repo url,src/regexec.c,https://github.com/kkos/oniguruma,62781470294295,1 1513,NVD-CWE-Other,"void pin_remove(struct fs_pin *pin) { spin_lock(&pin_lock); hlist_del(&pin->m_list); hlist_del(&pin->s_list); spin_unlock(&pin_lock); spin_lock_irq(&pin->wait.lock); pin->done = 1; wake_up_locked(&pin->wait); spin_unlock_irq(&pin->wait.lock); }",visit repo url,fs/fs_pin.c,https://github.com/torvalds/linux,59052072976679,1 4056,['CWE-362'],"void inotify_unmount_inodes(struct list_head *list) { struct inode *inode, *next_i, *need_iput = NULL; list_for_each_entry_safe(inode, next_i, list, i_sb_list) { struct inotify_watch *watch, *next_w; struct inode *need_iput_tmp; struct list_head *watches; if (!atomic_read(&inode->i_count)) continue; if (inode->i_state & (I_CLEAR | I_FREEING | I_WILL_FREE)) continue; need_iput_tmp = need_iput; need_iput = NULL; if (inode != need_iput_tmp) __iget(inode); else need_iput_tmp = NULL; if ((&next_i->i_sb_list != list) && atomic_read(&next_i->i_count) && !(next_i->i_state & (I_CLEAR | I_FREEING | I_WILL_FREE))) { __iget(next_i); need_iput = next_i; } spin_unlock(&inode_lock); if (need_iput_tmp) iput(need_iput_tmp); mutex_lock(&inode->inotify_mutex); watches = &inode->inotify_watches; list_for_each_entry_safe(watch, next_w, watches, i_list) { struct inotify_handle *ih= watch->ih; mutex_lock(&ih->mutex); ih->in_ops->handle_event(watch, watch->wd, IN_UNMOUNT, 0, NULL, NULL); inotify_remove_watch_locked(ih, watch); mutex_unlock(&ih->mutex); } mutex_unlock(&inode->inotify_mutex); iput(inode); spin_lock(&inode_lock); } }",linux-2.6,,,148756513903978965015052062685933512582,0 6449,CWE-20,"error_t httpParseRequestLine(HttpConnection *connection, char_t *requestLine) { error_t error; char_t *token; char_t *p; char_t *s; token = osStrtok_r(requestLine, "" \r\n"", &p); if(token == NULL) return ERROR_INVALID_REQUEST; error = strSafeCopy(connection->request.method, token, HTTP_SERVER_METHOD_MAX_LEN); if(error) return ERROR_INVALID_REQUEST; token = osStrtok_r(NULL, "" \r\n"", &p); if(token == NULL) return ERROR_INVALID_REQUEST; s = strchr(token, '?'); if(s != NULL) { *s = '\0'; error = httpDecodePercentEncodedString(token, connection->request.uri, HTTP_SERVER_URI_MAX_LEN); if(error) return ERROR_INVALID_REQUEST; if(osStrlen(s + 1) > HTTP_SERVER_QUERY_STRING_MAX_LEN) return ERROR_INVALID_REQUEST; osStrcpy(connection->request.queryString, s + 1); } else { error = httpDecodePercentEncodedString(token, connection->request.uri, HTTP_SERVER_URI_MAX_LEN); if(error) return ERROR_INVALID_REQUEST; connection->request.queryString[0] = '\0'; } if(!osStrcasecmp(connection->request.uri, ""/"")) osStrcpy(connection->request.uri, connection->settings->defaultDocument); pathCanonicalize(connection->request.uri); token = osStrtok_r(NULL, "" \r\n"", &p); if(token == NULL) { connection->request.version = HTTP_VERSION_0_9; connection->request.keepAlive = FALSE; } else if(!osStrcasecmp(token, ""HTTP/1.0"")) { connection->request.version = HTTP_VERSION_1_0; connection->request.keepAlive = FALSE; } else if(!osStrcasecmp(token, ""HTTP/1.1"")) { connection->request.version = HTTP_VERSION_1_1; connection->request.keepAlive = TRUE; } else { return ERROR_INVALID_REQUEST; } return NO_ERROR; }",visit repo url,http/http_server_misc.c,https://github.com/Oryx-Embedded/CycloneTCP,242291283677363,1 4961,['CWE-20'],"static void nfs_access_free_entry(struct nfs_access_entry *entry) { put_rpccred(entry->cred); kfree(entry); smp_mb__before_atomic_dec(); atomic_long_dec(&nfs_access_nr_entries); smp_mb__after_atomic_dec(); }",linux-2.6,,,112772121912274357449114791537206392624,0 6651,CWE-125,"SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length, uint32_t *dataoffset, uint16_t *hdrflags, uint8_t *hdrversion, bool quiet) { blobheader *bh = (blobheader *)data; if (length < sizeof(bh)) { if (!quiet) logprintf(STDERR_FILENO, ""not enough bytes for header: %u\n"", length); return TPM_BAD_PARAMETER; } if (ntohl(bh->totlen) != length) { if (!quiet) logprintf(STDERR_FILENO, ""broken header: bh->totlen %u != %u\n"", htonl(bh->totlen), length); return TPM_BAD_PARAMETER; } if (bh->min_version > BLOB_HEADER_VERSION) { if (!quiet) logprintf(STDERR_FILENO, ""Minimum required version for the blob is %d, we "" ""only support version %d\n"", bh->min_version, BLOB_HEADER_VERSION); return TPM_BAD_VERSION; } *hdrversion = bh->version; *dataoffset = ntohs(bh->hdrsize); *hdrflags = ntohs(bh->flags); return TPM_SUCCESS; }",visit repo url,src/swtpm/swtpm_nvstore.c,https://github.com/stefanberger/swtpm,45372579613233,1 6458,CWE-20,"error_t webSocketParseAuthenticateField(WebSocket *webSocket, char_t *value) { #if (WEB_SOCKET_BASIC_AUTH_SUPPORT == ENABLED || WEB_SOCKET_DIGEST_AUTH_SUPPORT == ENABLED) size_t n; char_t *p; char_t *token; char_t *separator; char_t *name; WebSocketAuthContext *authContext; authContext = &webSocket->authContext; token = osStrtok_r(value, "" \t"", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; if(!osStrcasecmp(token, ""Basic"")) { authContext->requiredAuthMode = WS_AUTH_MODE_BASIC; } else if(!osStrcasecmp(token, ""Digest"")) { authContext->requiredAuthMode = WS_AUTH_MODE_DIGEST; } else { return ERROR_INVALID_SYNTAX; } token = osStrtok_r(NULL, "","", &p); while(token != NULL) { separator = strchr(token, '='); if(separator != NULL) { *separator = '\0'; name = strTrimWhitespace(token); value = strTrimWhitespace(separator + 1); n = osStrlen(value); if(n > 0 && value[n - 1] == '\""') value[n - 1] = '\0'; if(value[0] == '\""') value++; if(!osStrcasecmp(name, ""realm"")) { strSafeCopy(authContext->realm, value, WEB_SOCKET_REALM_MAX_LEN); } #if (WEB_SOCKET_DIGEST_AUTH_SUPPORT == ENABLED) else if(!osStrcasecmp(name, ""nonce"")) { strSafeCopy(authContext->nonce, value, WEB_SOCKET_NONCE_MAX_LEN + 1); } else if(!osStrcasecmp(name, ""opaque"")) { strSafeCopy(authContext->opaque, value, WEB_SOCKET_OPAQUE_MAX_LEN + 1); } else if(!osStrcasecmp(name, ""stale"")) { if(!osStrcasecmp(value, ""true"")) authContext->stale = TRUE; else authContext->stale = FALSE; } #endif token = osStrtok_r(NULL, "","", &p); } } #endif return NO_ERROR; }",visit repo url,web_socket/web_socket_auth.c,https://github.com/Oryx-Embedded/CycloneTCP,219376651280501,1 6713,CWE-116,"list_session(char *log_dir, regex_t *re, const char *user, const char *tty) { char idbuf[7], *idstr, *cp; struct eventlog *evlog = NULL; const char *timestr; int ret = -1; debug_decl(list_session, SUDO_DEBUG_UTIL); if ((evlog = iolog_parse_loginfo(-1, log_dir)) == NULL) goto done; if (evlog->command == NULL || evlog->submituser == NULL || evlog->runuser == NULL) { goto done; } if (!STAILQ_EMPTY(&search_expr) && !match_expr(&search_expr, evlog, true)) goto done; cp = log_dir + strlen(session_dir) + 1; if (IS_IDLOG(cp)) { idbuf[0] = cp[0]; idbuf[1] = cp[1]; idbuf[2] = cp[3]; idbuf[3] = cp[4]; idbuf[4] = cp[6]; idbuf[5] = cp[7]; idbuf[6] = '\0'; idstr = idbuf; } else { idstr = cp; } timestr = get_timestr(evlog->submit_time.tv_sec, 1); printf(""%s : %s : "", timestr ? timestr : ""invalid date"", evlog->submituser); if (evlog->submithost != NULL) printf(""HOST=%s ; "", evlog->submithost); if (evlog->ttyname != NULL) printf(""TTY=%s ; "", evlog->ttyname); if (evlog->runchroot != NULL) printf(""CHROOT=%s ; "", evlog->runchroot); if (evlog->runcwd != NULL || evlog->cwd != NULL) printf(""CWD=%s ; "", evlog->runcwd ? evlog->runcwd : evlog->cwd); printf(""USER=%s ; "", evlog->runuser); if (evlog->rungroup != NULL) printf(""GROUP=%s ; "", evlog->rungroup); printf(""TSID=%s ; COMMAND=%s\n"", idstr, evlog->command); ret = 0; done: eventlog_free(evlog); debug_return_int(ret); }",visit repo url,plugins/sudoers/sudoreplay.c,https://github.com/sudo-project/sudo,183092709117970,1 3919,['CWE-399'],"static int ta8874z_getmode(struct CHIPSTATE *chip) { int val, mode; val = chip_read(chip); mode = V4L2_TUNER_MODE_MONO; if (val & TA8874Z_B1){ mode |= V4L2_TUNER_MODE_LANG1 | V4L2_TUNER_MODE_LANG2; }else if (!(val & TA8874Z_B0)){ mode |= V4L2_TUNER_MODE_STEREO; } return mode; }",linux-2.6,,,11115339382101486179915187441293748518,0 6006,CWE-120,"static CYTHON_SMALL_CODE int __pyx_pymod_exec_bufferedwriter(PyObject *__pyx_pyinit_module) #endif #endif { PyObject *__pyx_t_1 = NULL; PyObject *__pyx_t_2 = NULL; __Pyx_RefNannyDeclarations #if CYTHON_PEP489_MULTI_PHASE_INIT if (__pyx_m) { if (__pyx_m == __pyx_pyinit_module) return 0; PyErr_SetString(PyExc_RuntimeError, ""Module 'bufferedwriter' has already been imported. Re-initialisation is not supported.""); return -1; } #elif PY_MAJOR_VERSION >= 3 if (__pyx_m) return __Pyx_NewRef(__pyx_m); #endif #if CYTHON_REFNANNY __Pyx_RefNanny = __Pyx_RefNannyImportAPI(""refnanny""); if (!__Pyx_RefNanny) { PyErr_Clear(); __Pyx_RefNanny = __Pyx_RefNannyImportAPI(""Cython.Runtime.refnanny""); if (!__Pyx_RefNanny) Py_FatalError(""failed to import 'refnanny' module""); } #endif __Pyx_RefNannySetupContext(""__Pyx_PyMODINIT_FUNC PyInit_bufferedwriter(void)"", 0); if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #ifdef __Pxy_PyFrame_Initialize_Offsets __Pxy_PyFrame_Initialize_Offsets(); #endif __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error) __pyx_empty_bytes = PyBytes_FromStringAndSize("""", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error) __pyx_empty_unicode = PyUnicode_FromStringAndSize("""", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error) #ifdef __Pyx_CyFunction_USED if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_FusedFunction_USED if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_Coroutine_USED if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_Generator_USED if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_AsyncGen_USED if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_StopAsyncIteration_USED if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #if defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS #ifdef WITH_THREAD PyEval_InitThreads(); #endif #endif #if CYTHON_PEP489_MULTI_PHASE_INIT __pyx_m = __pyx_pyinit_module; Py_INCREF(__pyx_m); #else #if PY_MAJOR_VERSION < 3 __pyx_m = Py_InitModule4(""bufferedwriter"", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m); #else __pyx_m = PyModule_Create(&__pyx_moduledef); #endif if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error) #endif __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error) Py_INCREF(__pyx_d); __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error) Py_INCREF(__pyx_b); __pyx_cython_runtime = PyImport_AddModule((char *) ""cython_runtime""); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error) Py_INCREF(__pyx_cython_runtime); if (PyObject_SetAttrString(__pyx_m, ""__builtins__"", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error); if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT) if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif if (__pyx_module_is_main_clickhouse_driver__bufferedwriter) { if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error) } #if PY_MAJOR_VERSION >= 3 { PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error) if (!PyDict_GetItemString(modules, ""clickhouse_driver.bufferedwriter"")) { if (unlikely(PyDict_SetItemString(modules, ""clickhouse_driver.bufferedwriter"", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error) } } #endif if (__Pyx_InitCachedBuiltins() < 0) goto __pyx_L1_error; if (__Pyx_InitCachedConstants() < 0) goto __pyx_L1_error; (void)__Pyx_modinit_global_init_code(); (void)__Pyx_modinit_variable_export_code(); (void)__Pyx_modinit_function_export_code(); if (unlikely(__Pyx_modinit_type_init_code() != 0)) goto __pyx_L1_error; if (unlikely(__Pyx_modinit_type_import_code() != 0)) goto __pyx_L1_error; (void)__Pyx_modinit_variable_import_code(); (void)__Pyx_modinit_function_import_code(); #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED) if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif __pyx_t_1 = PyList_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_INCREF(__pyx_n_s_write_varint); __Pyx_GIVEREF(__pyx_n_s_write_varint); PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_write_varint); __pyx_t_2 = __Pyx_Import(__pyx_n_s_varint, __pyx_t_1, 1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_write_varint); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); if (PyDict_SetItem(__pyx_d, __pyx_n_s_write_varint, __pyx_t_1) < 0) __PYX_ERR(0, 5, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_17clickhouse_driver_14bufferedwriter_1__pyx_unpickle_BufferedWriter, NULL, __pyx_n_s_clickhouse_driver_bufferedwriter); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); if (PyDict_SetItem(__pyx_d, __pyx_n_s_pyx_unpickle_BufferedWriter, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_17clickhouse_driver_14bufferedwriter_3__pyx_unpickle_BufferedSocketWriter, NULL, __pyx_n_s_clickhouse_driver_bufferedwriter); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); if (PyDict_SetItem(__pyx_d, __pyx_n_s_pyx_unpickle_BufferedSocketWri, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_17clickhouse_driver_14bufferedwriter_5__pyx_unpickle_CompressedBufferedWriter, NULL, __pyx_n_s_clickhouse_driver_bufferedwriter); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); if (PyDict_SetItem(__pyx_d, __pyx_n_s_pyx_unpickle_CompressedBuffere, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error) __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error) __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_2); if (__pyx_m) { if (__pyx_d) { __Pyx_AddTraceback(""init clickhouse_driver.bufferedwriter"", __pyx_clineno, __pyx_lineno, __pyx_filename); } Py_CLEAR(__pyx_m); } else if (!PyErr_Occurred()) { PyErr_SetString(PyExc_ImportError, ""init clickhouse_driver.bufferedwriter""); } __pyx_L0:; __Pyx_RefNannyFinishContext(); #if CYTHON_PEP489_MULTI_PHASE_INIT return (__pyx_m != NULL) ? 0 : -1; #elif PY_MAJOR_VERSION >= 3 return __pyx_m; #else return; #endif }",visit repo url,clickhouse_driver/bufferedwriter.c,https://github.com/mymarilyn/clickhouse-driver,256334583372563,1 30,['CWE-264'],"static void php_sqlite3_func_final_callback(sqlite3_context *context) { struct pdo_sqlite_func *func = (struct pdo_sqlite_func*)sqlite3_user_data(context); TSRMLS_FETCH(); do_callback(&func->afini, func->fini, 0, NULL, context, 1 TSRMLS_CC); }",php-src,,,29609921108140928211629866847724199753,0 4448,CWE-125,"static int xar_get_numeric_from_xml_element(xmlTextReaderPtr reader, long * value) { const xmlChar * numstr; if (xmlTextReaderRead(reader) == 1 && xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT) { numstr = xmlTextReaderConstValue(reader); if (numstr) { *value = atol((const char *)numstr); if (*value < 0) { cli_dbgmsg(""cli_scanxar: XML element value %li\n"", *value); return CL_EFORMAT; } return CL_SUCCESS; } } cli_dbgmsg(""cli_scanxar: No text for XML element\n""); return CL_EFORMAT; }",visit repo url,libclamav/xar.c,https://github.com/Cisco-Talos/clamav-devel,174891983246737,1 214,CWE-362,"static int audit_log_single_execve_arg(struct audit_context *context, struct audit_buffer **ab, int arg_num, size_t *len_sent, const char __user *p, char *buf) { char arg_num_len_buf[12]; const char __user *tmp_p = p; size_t arg_num_len = snprintf(arg_num_len_buf, 12, ""%d"", arg_num) + 5; size_t len, len_left, to_send; size_t max_execve_audit_len = MAX_EXECVE_AUDIT_LEN; unsigned int i, has_cntl = 0, too_long = 0; int ret; len_left = len = strnlen_user(p, MAX_ARG_STRLEN) - 1; if (WARN_ON_ONCE(len < 0 || len > MAX_ARG_STRLEN - 1)) { send_sig(SIGKILL, current, 0); return -1; } do { if (len_left > MAX_EXECVE_AUDIT_LEN) to_send = MAX_EXECVE_AUDIT_LEN; else to_send = len_left; ret = copy_from_user(buf, tmp_p, to_send); if (ret) { WARN_ON(1); send_sig(SIGKILL, current, 0); return -1; } buf[to_send] = '\0'; has_cntl = audit_string_contains_control(buf, to_send); if (has_cntl) { max_execve_audit_len = MAX_EXECVE_AUDIT_LEN / 2; break; } len_left -= to_send; tmp_p += to_send; } while (len_left > 0); len_left = len; if (len > max_execve_audit_len) too_long = 1; for (i = 0; len_left > 0; i++) { int room_left; if (len_left > max_execve_audit_len) to_send = max_execve_audit_len; else to_send = len_left; room_left = MAX_EXECVE_AUDIT_LEN - arg_num_len - *len_sent; if (has_cntl) room_left -= (to_send * 2); else room_left -= to_send; if (room_left < 0) { *len_sent = 0; audit_log_end(*ab); *ab = audit_log_start(context, GFP_KERNEL, AUDIT_EXECVE); if (!*ab) return 0; } if ((i == 0) && (too_long)) audit_log_format(*ab, "" a%d_len=%zu"", arg_num, has_cntl ? 2*len : len); if (len >= max_execve_audit_len) ret = copy_from_user(buf, p, to_send); else ret = 0; if (ret) { WARN_ON(1); send_sig(SIGKILL, current, 0); return -1; } buf[to_send] = '\0'; audit_log_format(*ab, "" a%d"", arg_num); if (too_long) audit_log_format(*ab, ""[%d]"", i); audit_log_format(*ab, ""=""); if (has_cntl) audit_log_n_hex(*ab, buf, to_send); else audit_log_string(*ab, buf); p += to_send; len_left -= to_send; *len_sent += arg_num_len; if (has_cntl) *len_sent += to_send * 2; else *len_sent += to_send; } return len + 1; }",visit repo url,kernel/auditsc.c,https://github.com/torvalds/linux,133909629280427,1 2931,['CWE-189'],"int jp2_encode(jas_image_t *image, jas_stream_t *out, char *optstr) { jp2_box_t *box; jp2_ftyp_t *ftyp; jp2_ihdr_t *ihdr; jas_stream_t *tmpstream; int allcmptssame; jp2_bpcc_t *bpcc; long len; uint_fast16_t cmptno; jp2_colr_t *colr; char buf[4096]; uint_fast32_t overhead; jp2_cdefchan_t *cdefchanent; jp2_cdef_t *cdef; int i; uint_fast32_t typeasoc; jas_iccprof_t *iccprof; jas_stream_t *iccstream; int pos; int needcdef; int prec; int sgnd; box = 0; tmpstream = 0; allcmptssame = 1; sgnd = jas_image_cmptsgnd(image, 0); prec = jas_image_cmptprec(image, 0); for (i = 1; i < jas_image_numcmpts(image); ++i) { if (jas_image_cmptsgnd(image, i) != sgnd || jas_image_cmptprec(image, i) != prec) { allcmptssame = 0; break; } } if (!(box = jp2_box_create(JP2_BOX_JP))) { goto error; } box->data.jp.magic = JP2_JP_MAGIC; if (jp2_box_put(box, out)) { goto error; } jp2_box_destroy(box); box = 0; if (!(box = jp2_box_create(JP2_BOX_FTYP))) { goto error; } ftyp = &box->data.ftyp; ftyp->majver = JP2_FTYP_MAJVER; ftyp->minver = JP2_FTYP_MINVER; ftyp->numcompatcodes = 1; ftyp->compatcodes[0] = JP2_FTYP_COMPATCODE; if (jp2_box_put(box, out)) { goto error; } jp2_box_destroy(box); box = 0; if (!(tmpstream = jas_stream_memopen(0, 0))) { goto error; } if (!(box = jp2_box_create(JP2_BOX_IHDR))) { goto error; } ihdr = &box->data.ihdr; ihdr->width = jas_image_width(image); ihdr->height = jas_image_height(image); ihdr->numcmpts = jas_image_numcmpts(image); ihdr->bpc = allcmptssame ? JP2_SPTOBPC(jas_image_cmptsgnd(image, 0), jas_image_cmptprec(image, 0)) : JP2_IHDR_BPCNULL; ihdr->comptype = JP2_IHDR_COMPTYPE; ihdr->csunk = 0; ihdr->ipr = 0; if (jp2_box_put(box, tmpstream)) { goto error; } jp2_box_destroy(box); box = 0; if (!allcmptssame) { if (!(box = jp2_box_create(JP2_BOX_BPCC))) { goto error; } bpcc = &box->data.bpcc; bpcc->numcmpts = jas_image_numcmpts(image); if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) { goto error; } for (cmptno = 0; cmptno < bpcc->numcmpts; ++cmptno) { bpcc->bpcs[cmptno] = JP2_SPTOBPC(jas_image_cmptsgnd(image, cmptno), jas_image_cmptprec(image, cmptno)); } if (jp2_box_put(box, tmpstream)) { goto error; } jp2_box_destroy(box); box = 0; } if (!(box = jp2_box_create(JP2_BOX_COLR))) { goto error; } colr = &box->data.colr; switch (jas_image_clrspc(image)) { case JAS_CLRSPC_SRGB: case JAS_CLRSPC_SYCBCR: case JAS_CLRSPC_SGRAY: colr->method = JP2_COLR_ENUM; colr->csid = clrspctojp2(jas_image_clrspc(image)); colr->pri = JP2_COLR_PRI; colr->approx = 0; break; default: colr->method = JP2_COLR_ICC; colr->pri = JP2_COLR_PRI; colr->approx = 0; iccprof = jas_iccprof_createfromcmprof(jas_image_cmprof(image)); assert(iccprof); iccstream = jas_stream_memopen(0, 0); assert(iccstream); if (jas_iccprof_save(iccprof, iccstream)) abort(); if ((pos = jas_stream_tell(iccstream)) < 0) abort(); colr->iccplen = pos; colr->iccp = jas_malloc(pos); assert(colr->iccp); jas_stream_rewind(iccstream); if (jas_stream_read(iccstream, colr->iccp, colr->iccplen) != colr->iccplen) abort(); jas_stream_close(iccstream); jas_iccprof_destroy(iccprof); break; } if (jp2_box_put(box, tmpstream)) { goto error; } jp2_box_destroy(box); box = 0; needcdef = 1; switch (jas_clrspc_fam(jas_image_clrspc(image))) { case JAS_CLRSPC_FAM_RGB: if (jas_image_cmpttype(image, 0) == JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_R) && jas_image_cmpttype(image, 1) == JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_G) && jas_image_cmpttype(image, 2) == JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_B)) needcdef = 0; break; case JAS_CLRSPC_FAM_YCBCR: if (jas_image_cmpttype(image, 0) == JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_YCBCR_Y) && jas_image_cmpttype(image, 1) == JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_YCBCR_CB) && jas_image_cmpttype(image, 2) == JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_YCBCR_CR)) needcdef = 0; break; case JAS_CLRSPC_FAM_GRAY: if (jas_image_cmpttype(image, 0) == JAS_IMAGE_CT_COLOR(JAS_IMAGE_CT_GRAY_Y)) needcdef = 0; break; default: abort(); break; } if (needcdef) { if (!(box = jp2_box_create(JP2_BOX_CDEF))) { goto error; } cdef = &box->data.cdef; cdef->numchans = jas_image_numcmpts(image); cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)); for (i = 0; i < jas_image_numcmpts(image); ++i) { cdefchanent = &cdef->ents[i]; cdefchanent->channo = i; typeasoc = jp2_gettypeasoc(jas_image_clrspc(image), jas_image_cmpttype(image, i)); cdefchanent->type = typeasoc >> 16; cdefchanent->assoc = typeasoc & 0x7fff; } if (jp2_box_put(box, tmpstream)) { goto error; } jp2_box_destroy(box); box = 0; } len = jas_stream_tell(tmpstream); jas_stream_rewind(tmpstream); if (!(box = jp2_box_create(JP2_BOX_JP2H))) { goto error; } box->len = len + JP2_BOX_HDRLEN(false); if (jp2_box_put(box, out)) { goto error; } jp2_box_destroy(box); box = 0; if (jas_stream_copy(out, tmpstream, len)) { goto error; } jas_stream_close(tmpstream); tmpstream = 0; if (!(box = jp2_box_create(JP2_BOX_JP2C))) { goto error; } box->len = 0; if (jp2_box_put(box, out)) { goto error; } jp2_box_destroy(box); box = 0; overhead = jas_stream_getrwcount(out); sprintf(buf, ""%s\n_jp2overhead=%lu\n"", (optstr ? optstr : """"), (unsigned long) overhead); if (jpc_encode(image, out, buf)) { goto error; } return 0; error: if (box) { jp2_box_destroy(box); } if (tmpstream) { jas_stream_close(tmpstream); } return -1; }",jasper,,,101969887952750400002912557309841649679,0 1238,NVD-CWE-Other,"static __inline__ void ipv6_select_ident(struct frag_hdr *fhdr) { static u32 ipv6_fragmentation_id = 1; static DEFINE_SPINLOCK(ip6_id_lock); spin_lock_bh(&ip6_id_lock); fhdr->identification = htonl(ipv6_fragmentation_id); if (++ipv6_fragmentation_id == 0) ipv6_fragmentation_id = 1; spin_unlock_bh(&ip6_id_lock); }",visit repo url,include/net/ipv6.h,https://github.com/torvalds/linux,103764996160422,1 3864,[],"int cap_inode_killpriv(struct dentry *dentry) { return 0; }",linux-2.6,,,26679906988368439843575228816251759238,0 2131,CWE-319,"static int mincore_unmapped_range(unsigned long addr, unsigned long end, struct mm_walk *walk) { walk->private += __mincore_unmapped_range(addr, end, walk->vma, walk->private); return 0; }",visit repo url,mm/mincore.c,https://github.com/torvalds/linux,78239123283808,1 1767,CWE-119,"mark_source_chains(const struct xt_table_info *newinfo, unsigned int valid_hooks, void *entry0) { unsigned int hook; for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) { unsigned int pos = newinfo->hook_entry[hook]; struct ipt_entry *e = (struct ipt_entry *)(entry0 + pos); if (!(valid_hooks & (1 << hook))) continue; e->counters.pcnt = pos; for (;;) { const struct xt_standard_target *t = (void *)ipt_get_target_c(e); int visited = e->comefrom & (1 << hook); if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { pr_err(""iptables: loop hook %u pos %u %08X.\n"", hook, pos, e->comefrom); return 0; } e->comefrom |= ((1 << hook) | (1 << NF_INET_NUMHOOKS)); if ((e->target_offset == sizeof(struct ipt_entry) && (strcmp(t->target.u.user.name, XT_STANDARD_TARGET) == 0) && t->verdict < 0 && unconditional(&e->ip)) || visited) { unsigned int oldpos, size; if ((strcmp(t->target.u.user.name, XT_STANDARD_TARGET) == 0) && t->verdict < -NF_MAX_VERDICT - 1) { duprintf(""mark_source_chains: bad "" ""negative verdict (%i)\n"", t->verdict); return 0; } do { e->comefrom ^= (1<comefrom & (1 << NF_INET_NUMHOOKS)) { duprintf(""Back unset "" ""on hook %u "" ""rule %u\n"", hook, pos); } #endif oldpos = pos; pos = e->counters.pcnt; e->counters.pcnt = 0; if (pos == oldpos) goto next; e = (struct ipt_entry *) (entry0 + pos); } while (oldpos == pos + e->next_offset); size = e->next_offset; e = (struct ipt_entry *) (entry0 + pos + size); e->counters.pcnt = pos; pos += size; } else { int newpos = t->verdict; if (strcmp(t->target.u.user.name, XT_STANDARD_TARGET) == 0 && newpos >= 0) { if (newpos > newinfo->size - sizeof(struct ipt_entry)) { duprintf(""mark_source_chains: "" ""bad verdict (%i)\n"", newpos); return 0; } duprintf(""Jump rule %u -> %u\n"", pos, newpos); } else { newpos = pos + e->next_offset; } e = (struct ipt_entry *) (entry0 + newpos); e->counters.pcnt = pos; pos = newpos; } } next: duprintf(""Finished chain %u\n"", hook); } return 1; }",visit repo url,net/ipv4/netfilter/ip_tables.c,https://github.com/torvalds/linux,17622005594250,1 1825,CWE-367,"int nfc_enable_se(struct nfc_dev *dev, u32 se_idx) { struct nfc_se *se; int rc; pr_debug(""%s se index %d\n"", dev_name(&dev->dev), se_idx); device_lock(&dev->dev); if (!device_is_registered(&dev->dev)) { rc = -ENODEV; goto error; } if (!dev->dev_up) { rc = -ENODEV; goto error; } if (dev->polling) { rc = -EBUSY; goto error; } if (!dev->ops->enable_se || !dev->ops->disable_se) { rc = -EOPNOTSUPP; goto error; } se = nfc_find_se(dev, se_idx); if (!se) { rc = -EINVAL; goto error; } if (se->state == NFC_SE_ENABLED) { rc = -EALREADY; goto error; } rc = dev->ops->enable_se(dev, se_idx); if (rc >= 0) se->state = NFC_SE_ENABLED; error: device_unlock(&dev->dev); return rc; }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,146819541048893,1 4136,CWE-20,"mark_trusted_task_done (GObject *source_object, GAsyncResult *res, gpointer user_data) { MarkTrustedJob *job = user_data; g_object_unref (job->file); if (job->done_callback) { job->done_callback (!job_aborted ((CommonJob *) job), job->done_callback_data); } finalize_common ((CommonJob *) job); }",visit repo url,src/nautilus-file-operations.c,https://github.com/GNOME/nautilus,219405355603043,1 2884,CWE-119,"DECLAREwriteFunc(writeBufferToContigTiles) { uint32 imagew = TIFFScanlineSize(out); uint32 tilew = TIFFTileRowSize(out); int iskew = imagew - tilew; tsize_t tilesize = TIFFTileSize(out); tdata_t obuf; uint8* bufp = (uint8*) buf; uint32 tl, tw; uint32 row; (void) spp; obuf = _TIFFmalloc(TIFFTileSize(out)); if (obuf == NULL) return 0; _TIFFmemset(obuf, 0, tilesize); (void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl); (void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw); for (row = 0; row < imagelength; row += tilelength) { uint32 nrow = (row+tl > imagelength) ? imagelength-row : tl; uint32 colb = 0; uint32 col; for (col = 0; col < imagewidth; col += tw) { if (colb + tilew > imagew) { uint32 width = imagew - colb; int oskew = tilew - width; cpStripToTile(obuf, bufp + colb, nrow, width, oskew, oskew + iskew); } else cpStripToTile(obuf, bufp + colb, nrow, tilew, 0, iskew); if (TIFFWriteTile(out, obuf, col, row, 0, 0) < 0) { TIFFError(TIFFFileName(out), ""Error, can't write tile at %lu %lu"", (unsigned long) col, (unsigned long) row); _TIFFfree(obuf); return 0; } colb += tilew; } bufp += nrow * imagew; } _TIFFfree(obuf); return 1; }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,272288957196435,1 6445,CWE-20,"error_t httpClientParseHeaderField(HttpClientContext *context, char_t *line, size_t length) { error_t error; char_t *name; size_t nameLen; char_t *value; size_t valueLen; char_t *separator; line[length] = '\0'; TRACE_DEBUG(""%s\r\n"", line); error = httpCheckCharset(line, length, HTTP_CHARSET_TEXT); if(error) return error; if(line[0] == ' ' || line[0] == '\t') { if(context->bufferPos == 0) return ERROR_INVALID_SYNTAX; value = strTrimWhitespace(line); valueLen = osStrlen(value); if(valueLen > 0) { context->buffer[context->bufferPos - 1] = ' '; osMemmove(context->buffer + context->bufferPos, value, valueLen + 1); context->bufferLen = context->bufferPos + valueLen + 1; } } else { separator = strchr(line, ':'); if(separator == NULL) return ERROR_INVALID_SYNTAX; *separator = '\0'; name = strTrimWhitespace(line); value = strTrimWhitespace(separator + 1); nameLen = osStrlen(name); valueLen = osStrlen(value); if(nameLen == 0) return ERROR_INVALID_SYNTAX; if(!osStrcasecmp(name, ""Connection"")) { httpClientParseConnectionField(context, value); } else if(!osStrcasecmp(name, ""Transfer-Encoding"")) { httpClientParseTransferEncodingField(context, value); } else if(!osStrcasecmp(name, ""Content-Length"")) { httpClientParseContentLengthField(context, value); } #if (HTTP_CLIENT_AUTH_SUPPORT == ENABLED) else if(!osStrcasecmp(name, ""WWW-Authenticate"")) { httpClientParseWwwAuthenticateField(context, value); } #endif else { } osMemmove(context->buffer + context->bufferPos, name, nameLen + 1); osMemmove(context->buffer + context->bufferPos + nameLen + 1, value, valueLen + 1); context->bufferLen = context->bufferPos + nameLen + valueLen + 2; } context->bufferPos = context->bufferLen; return NO_ERROR; }",visit repo url,http/http_client_misc.c,https://github.com/Oryx-Embedded/CycloneTCP,110822379438757,1 2076,NVD-CWE-noinfo,"static int handle_vmptrst(struct kvm_vcpu *vcpu) { unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); u32 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO); gva_t vmcs_gva; struct x86_exception e; if (!nested_vmx_check_permission(vcpu)) return 1; if (get_vmx_mem_address(vcpu, exit_qualification, vmx_instruction_info, true, &vmcs_gva)) return 1; if (kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, vmcs_gva, (void *)&to_vmx(vcpu)->nested.current_vmptr, sizeof(u64), &e)) { kvm_inject_page_fault(vcpu, &e); return 1; } nested_vmx_succeed(vcpu); return kvm_skip_emulated_instruction(vcpu); }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,96500436007935,1 4284,['CWE-264'],"static struct task_struct *copy_process(unsigned long clone_flags, unsigned long stack_start, struct pt_regs *regs, unsigned long stack_size, int __user *child_tidptr, struct pid *pid, int trace) { int retval; struct task_struct *p; int cgroup_callbacks_done = 0; if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS)) return ERR_PTR(-EINVAL); if ((clone_flags & CLONE_THREAD) && !(clone_flags & CLONE_SIGHAND)) return ERR_PTR(-EINVAL); if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM)) return ERR_PTR(-EINVAL); retval = security_task_create(clone_flags); if (retval) goto fork_out; retval = -ENOMEM; p = dup_task_struct(current); if (!p) goto fork_out; rt_mutex_init_task(p); #ifdef CONFIG_PROVE_LOCKING DEBUG_LOCKS_WARN_ON(!p->hardirqs_enabled); DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; if (atomic_read(&p->real_cred->user->processes) >= p->signal->rlim[RLIMIT_NPROC].rlim_cur) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && p->real_cred->user != INIT_USER) goto bad_fork_free; } retval = copy_creds(p, clone_flags); if (retval < 0) goto bad_fork_free; retval = -EAGAIN; if (nr_threads >= max_threads) goto bad_fork_cleanup_count; if (!try_module_get(task_thread_info(p)->exec_domain->module)) goto bad_fork_cleanup_count; if (p->binfmt && !try_module_get(p->binfmt->module)) goto bad_fork_cleanup_put_domain; p->did_exec = 0; delayacct_tsk_init(p); copy_flags(clone_flags, p); INIT_LIST_HEAD(&p->children); INIT_LIST_HEAD(&p->sibling); #ifdef CONFIG_PREEMPT_RCU p->rcu_read_lock_nesting = 0; p->rcu_flipctr_idx = 0; #endif p->vfork_done = NULL; spin_lock_init(&p->alloc_lock); clear_tsk_thread_flag(p, TIF_SIGPENDING); init_sigpending(&p->pending); p->utime = cputime_zero; p->stime = cputime_zero; p->gtime = cputime_zero; p->utimescaled = cputime_zero; p->stimescaled = cputime_zero; p->prev_utime = cputime_zero; p->prev_stime = cputime_zero; p->default_timer_slack_ns = current->timer_slack_ns; #ifdef CONFIG_DETECT_SOFTLOCKUP p->last_switch_count = 0; p->last_switch_timestamp = 0; #endif task_io_accounting_init(&p->ioac); acct_clear_integrals(p); posix_cpu_timers_init(p); p->lock_depth = -1; do_posix_clock_monotonic_gettime(&p->start_time); p->real_start_time = p->start_time; monotonic_to_bootbased(&p->real_start_time); p->io_context = NULL; p->audit_context = NULL; cgroup_fork(p); #ifdef CONFIG_NUMA p->mempolicy = mpol_dup(p->mempolicy); if (IS_ERR(p->mempolicy)) { retval = PTR_ERR(p->mempolicy); p->mempolicy = NULL; goto bad_fork_cleanup_cgroup; } mpol_fix_fork_child_flag(p); #endif #ifdef CONFIG_TRACE_IRQFLAGS p->irq_events = 0; #ifdef __ARCH_WANT_INTERRUPTS_ON_CTXSW p->hardirqs_enabled = 1; #else p->hardirqs_enabled = 0; #endif p->hardirq_enable_ip = 0; p->hardirq_enable_event = 0; p->hardirq_disable_ip = _THIS_IP_; p->hardirq_disable_event = 0; p->softirqs_enabled = 1; p->softirq_enable_ip = _THIS_IP_; p->softirq_enable_event = 0; p->softirq_disable_ip = 0; p->softirq_disable_event = 0; p->hardirq_context = 0; p->softirq_context = 0; #endif #ifdef CONFIG_LOCKDEP p->lockdep_depth = 0; p->curr_chain_key = 0; p->lockdep_recursion = 0; #endif #ifdef CONFIG_DEBUG_MUTEXES p->blocked_on = NULL; #endif if (unlikely(current->ptrace)) ptrace_fork(p, clone_flags); sched_fork(p, clone_flags); if ((retval = audit_alloc(p))) goto bad_fork_cleanup_policy; if ((retval = copy_semundo(clone_flags, p))) goto bad_fork_cleanup_audit; if ((retval = copy_files(clone_flags, p))) goto bad_fork_cleanup_semundo; if ((retval = copy_fs(clone_flags, p))) goto bad_fork_cleanup_files; if ((retval = copy_sighand(clone_flags, p))) goto bad_fork_cleanup_fs; if ((retval = copy_signal(clone_flags, p))) goto bad_fork_cleanup_sighand; if ((retval = copy_mm(clone_flags, p))) goto bad_fork_cleanup_signal; if ((retval = copy_namespaces(clone_flags, p))) goto bad_fork_cleanup_mm; if ((retval = copy_io(clone_flags, p))) goto bad_fork_cleanup_namespaces; retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); if (retval) goto bad_fork_cleanup_io; if (pid != &init_struct_pid) { retval = -ENOMEM; pid = alloc_pid(p->nsproxy->pid_ns); if (!pid) goto bad_fork_cleanup_io; if (clone_flags & CLONE_NEWPID) { retval = pid_ns_prepare_proc(p->nsproxy->pid_ns); if (retval < 0) goto bad_fork_free_pid; } } ftrace_graph_init_task(p); p->pid = pid_nr(pid); p->tgid = p->pid; if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; if (current->nsproxy != p->nsproxy) { retval = ns_cgroup_clone(p, pid); if (retval) goto bad_fork_free_graph; } p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; p->clear_child_tid = (clone_flags & CLONE_CHILD_CLEARTID) ? child_tidptr: NULL; #ifdef CONFIG_FUTEX p->robust_list = NULL; #ifdef CONFIG_COMPAT p->compat_robust_list = NULL; #endif INIT_LIST_HEAD(&p->pi_state_list); p->pi_state_cache = NULL; #endif if ((clone_flags & (CLONE_VM|CLONE_VFORK)) == CLONE_VM) p->sas_ss_sp = p->sas_ss_size = 0; clear_tsk_thread_flag(p, TIF_SYSCALL_TRACE); #ifdef TIF_SYSCALL_EMU clear_tsk_thread_flag(p, TIF_SYSCALL_EMU); #endif clear_all_latency_tracing(p); p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL); p->pdeath_signal = 0; p->exit_state = 0; p->group_leader = p; INIT_LIST_HEAD(&p->thread_group); cgroup_fork_callbacks(p); cgroup_callbacks_done = 1; write_lock_irq(&tasklist_lock); p->cpus_allowed = current->cpus_allowed; p->rt.nr_cpus_allowed = current->rt.nr_cpus_allowed; if (unlikely(!cpu_isset(task_cpu(p), p->cpus_allowed) || !cpu_online(task_cpu(p)))) set_task_cpu(p, smp_processor_id()); if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) { p->real_parent = current->real_parent; p->parent_exec_id = current->parent_exec_id; } else { p->real_parent = current; p->parent_exec_id = current->self_exec_id; } spin_lock(¤t->sighand->siglock); recalc_sigpending(); if (signal_pending(current)) { spin_unlock(¤t->sighand->siglock); write_unlock_irq(&tasklist_lock); retval = -ERESTARTNOINTR; goto bad_fork_free_graph; } if (clone_flags & CLONE_THREAD) { p->group_leader = current->group_leader; list_add_tail_rcu(&p->thread_group, &p->group_leader->thread_group); } if (likely(p->pid)) { list_add_tail(&p->sibling, &p->real_parent->children); tracehook_finish_clone(p, clone_flags, trace); if (thread_group_leader(p)) { if (clone_flags & CLONE_NEWPID) p->nsproxy->pid_ns->child_reaper = p; p->signal->leader_pid = pid; tty_kref_put(p->signal->tty); p->signal->tty = tty_kref_get(current->signal->tty); set_task_pgrp(p, task_pgrp_nr(current)); set_task_session(p, task_session_nr(current)); attach_pid(p, PIDTYPE_PGID, task_pgrp(current)); attach_pid(p, PIDTYPE_SID, task_session(current)); list_add_tail_rcu(&p->tasks, &init_task.tasks); __get_cpu_var(process_counts)++; } attach_pid(p, PIDTYPE_PID, pid); nr_threads++; } total_forks++; spin_unlock(¤t->sighand->siglock); write_unlock_irq(&tasklist_lock); proc_fork_connector(p); cgroup_post_fork(p); return p; bad_fork_free_graph: ftrace_graph_exit_task(p); bad_fork_free_pid: if (pid != &init_struct_pid) free_pid(pid); bad_fork_cleanup_io: put_io_context(p->io_context); bad_fork_cleanup_namespaces: exit_task_namespaces(p); bad_fork_cleanup_mm: if (p->mm) mmput(p->mm); bad_fork_cleanup_signal: cleanup_signal(p); bad_fork_cleanup_sighand: __cleanup_sighand(p->sighand); bad_fork_cleanup_fs: exit_fs(p); bad_fork_cleanup_files: exit_files(p); bad_fork_cleanup_semundo: exit_sem(p); bad_fork_cleanup_audit: audit_free(p); bad_fork_cleanup_policy: #ifdef CONFIG_NUMA mpol_put(p->mempolicy); bad_fork_cleanup_cgroup: #endif cgroup_exit(p, cgroup_callbacks_done); delayacct_tsk_free(p); if (p->binfmt) module_put(p->binfmt->module); bad_fork_cleanup_put_domain: module_put(task_thread_info(p)->exec_domain->module); bad_fork_cleanup_count: atomic_dec(&p->cred->user->processes); put_cred(p->real_cred); put_cred(p->cred); bad_fork_free: free_task(p); fork_out: return ERR_PTR(retval); }",linux-2.6,,,286272198661693641395277962990019399358,0 4485,['CWE-264'],"void smt_stat_counter(struct s_smc *smc, int stat) { PRINTK(KERN_INFO ""smt_stat_counter\n""); switch (stat) { case 0: PRINTK(KERN_INFO ""Ring operational change.\n""); break; case 1: PRINTK(KERN_INFO ""Receive fifo overflow.\n""); smc->os.MacStat.gen.rx_errors++; break; default: PRINTK(KERN_INFO ""Unknown status (%d).\n"", stat); break; } } ",linux-2.6,,,268863007773768411093568302479990614906,0 2901,CWE-119,"fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc) { tmsize_t stride = PredictorState(tif)->stride; uint32 bps = tif->tif_dir.td_bitspersample / 8; tmsize_t wc = cc / bps; tmsize_t count; uint8 *cp = (uint8 *) cp0; uint8 *tmp = (uint8 *)_TIFFmalloc(cc); assert((cc%(bps*stride))==0); if (!tmp) return; _TIFFmemcpy(tmp, cp0, cc); for (count = 0; count < wc; count++) { uint32 byte; for (byte = 0; byte < bps; byte++) { #if WORDS_BIGENDIAN cp[byte * wc + count] = tmp[bps * count + byte]; #else cp[(bps - byte - 1) * wc + count] = tmp[bps * count + byte]; #endif } } _TIFFfree(tmp); cp = (uint8 *) cp0; cp += cc - stride - 1; for (count = cc; count > stride; count -= stride) REPEAT4(stride, cp[stride] = (unsigned char)((cp[stride] - cp[0])&0xff); cp--) }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,35299655374180,1 1576,[],"static void cpuacct_charge(struct task_struct *tsk, u64 cputime) { struct cpuacct *ca; if (!cpuacct_subsys.active) return; ca = task_ca(tsk); if (ca) { u64 *cpuusage = percpu_ptr(ca->cpuusage, task_cpu(tsk)); *cpuusage += cputime; } }",linux-2.6,,,55088256841435262834567105760262736210,0 4490,CWE-476,"GF_Err ilst_item_box_read(GF_Box *s,GF_BitStream *bs) { GF_Err e; u32 sub_type; GF_Box *a = NULL; GF_ListItemBox *ptr = (GF_ListItemBox *)s; sub_type = gf_bs_peek_bits(bs, 32, 4); if (sub_type == GF_ISOM_BOX_TYPE_DATA ) { e = gf_isom_box_parse(&a, bs); if (!e && ptr->size < a->size) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[isom] not enough bytes in box %s: %d left, reading %d (file %s, line %d)\n"", gf_4cc_to_str(ptr->type), ptr->size, a->size, __FILE__, __LINE__ )); \ e = GF_ISOM_INVALID_FILE; } if (e) { if (a) gf_isom_box_del(a); return e; } ISOM_DECREASE_SIZE(ptr, a->size); if (a && ptr->data) gf_isom_box_del_parent(&ptr->child_boxes, (GF_Box *) ptr->data); if (a && a->size > 4 && a->type != GF_ISOM_BOX_TYPE_VOID) { ptr->data = (GF_DataBox *)a; if (!ptr->child_boxes) ptr->child_boxes = gf_list_new(); gf_list_add(ptr->child_boxes, ptr->data); } else { ptr->data = NULL; gf_isom_box_del(a); } } else { u64 pos = gf_bs_get_position(bs); u64 prev_size = s->size; e = gf_isom_box_array_read(s, bs, NULL); if (e==GF_OK) return GF_OK; gf_isom_box_array_del(s->child_boxes); s->child_boxes=NULL; gf_bs_seek(bs, pos); s->size = prev_size; ptr->data = (GF_DataBox *)gf_isom_box_new_parent(&ptr->child_boxes, GF_ISOM_BOX_TYPE_DATA); ptr->data->qt_style = GF_TRUE; ISOM_DECREASE_SIZE(ptr, 2); ptr->data->dataSize = gf_bs_read_u16(bs); gf_bs_read_u16(bs); ptr->data->data = (char *) gf_malloc(sizeof(char)*(ptr->data->dataSize + 1)); gf_bs_read_data(bs, ptr->data->data, ptr->data->dataSize); ptr->data->data[ptr->data->dataSize] = 0; ISOM_DECREASE_SIZE(ptr, ptr->data->dataSize); } return GF_OK; }",visit repo url,src/isomedia/box_code_apple.c,https://github.com/gpac/gpac,134734610014884,1 4836,CWE-119,"static int read_private_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; const sc_acl_entry_t *e; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I0012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select private key file: %s\n"", sc_strerror(r)); return 2; } e = sc_file_get_acl_entry(file, SC_AC_OP_READ); if (e == NULL || e->method == SC_AC_NEVER) return 10; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read private key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_private_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,178422530736789,1 3249,CWE-125,"frag6_print(netdissect_options *ndo, register const u_char *bp, register const u_char *bp2) { register const struct ip6_frag *dp; register const struct ip6_hdr *ip6; dp = (const struct ip6_frag *)bp; ip6 = (const struct ip6_hdr *)bp2; ND_TCHECK(dp->ip6f_offlg); if (ndo->ndo_vflag) { ND_PRINT((ndo, ""frag (0x%08x:%d|%ld)"", EXTRACT_32BITS(&dp->ip6f_ident), EXTRACT_16BITS(&dp->ip6f_offlg) & IP6F_OFF_MASK, sizeof(struct ip6_hdr) + EXTRACT_16BITS(&ip6->ip6_plen) - (long)(bp - bp2) - sizeof(struct ip6_frag))); } else { ND_PRINT((ndo, ""frag (%d|%ld)"", EXTRACT_16BITS(&dp->ip6f_offlg) & IP6F_OFF_MASK, sizeof(struct ip6_hdr) + EXTRACT_16BITS(&ip6->ip6_plen) - (long)(bp - bp2) - sizeof(struct ip6_frag))); } if ((EXTRACT_16BITS(&dp->ip6f_offlg) & IP6F_OFF_MASK) != 0) return -1; else { ND_PRINT((ndo, "" "")); return sizeof(struct ip6_frag); } trunc: ND_PRINT((ndo, ""[|frag]"")); return -1; }",visit repo url,print-frag6.c,https://github.com/the-tcpdump-group/tcpdump,74382965700854,1 3660,['CWE-264'],"static int link_pipe(struct pipe_inode_info *ipipe, struct pipe_inode_info *opipe, size_t len, unsigned int flags) { struct pipe_buffer *ibuf, *obuf; int ret = 0, i = 0, nbuf; inode_double_lock(ipipe->inode, opipe->inode); do { if (!opipe->readers) { send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; break; } if (i >= ipipe->nrbufs || opipe->nrbufs >= PIPE_BUFFERS) break; ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1)); nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1); ibuf->ops->get(ipipe, ibuf); obuf = opipe->bufs + nbuf; *obuf = *ibuf; obuf->flags &= ~PIPE_BUF_FLAG_GIFT; if (obuf->len > len) obuf->len = len; opipe->nrbufs++; ret += obuf->len; len -= obuf->len; i++; } while (len); if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK)) ret = -EAGAIN; inode_double_unlock(ipipe->inode, opipe->inode); if (ret > 0) { smp_mb(); if (waitqueue_active(&opipe->wait)) wake_up_interruptible(&opipe->wait); kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN); } return ret; }",linux-2.6,,,141532576654689884749924235982892294199,0 4967,CWE-787,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 5448,CWE-617,"pci_emul_mem_handler(struct vmctx *ctx, int vcpu, int dir, uint64_t addr, int size, uint64_t *val, void *arg1, long arg2) { struct pci_vdev *pdi = arg1; struct pci_vdev_ops *ops = pdi->dev_ops; uint64_t offset; int bidx = (int) arg2; assert(bidx <= PCI_BARMAX); assert(pdi->bar[bidx].type == PCIBAR_MEM32 || pdi->bar[bidx].type == PCIBAR_MEM64); assert(addr >= pdi->bar[bidx].addr && addr + size <= pdi->bar[bidx].addr + pdi->bar[bidx].size); offset = addr - pdi->bar[bidx].addr; if (dir == MEM_F_WRITE) { if (size == 8) { (*ops->vdev_barwrite)(ctx, vcpu, pdi, bidx, offset, 4, *val & 0xffffffff); (*ops->vdev_barwrite)(ctx, vcpu, pdi, bidx, offset + 4, 4, *val >> 32); } else { (*ops->vdev_barwrite)(ctx, vcpu, pdi, bidx, offset, size, bar_value(size, *val)); } } else { if (size == 8) { uint64_t val_lo, val_hi; val_lo = (*ops->vdev_barread)(ctx, vcpu, pdi, bidx, offset, 4); val_lo = bar_value(4, val_lo); val_hi = (*ops->vdev_barread)(ctx, vcpu, pdi, bidx, offset + 4, 4); *val = val_lo | (val_hi << 32); } else { *val = (*ops->vdev_barread)(ctx, vcpu, pdi, bidx, offset, size); *val = bar_value(size, *val); } } return 0; }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,107097116556761,1 4381,CWE-125,"static int get_exif_tag_int_value(struct iw_exif_state *e, unsigned int tag_pos, unsigned int *pv) { unsigned int field_type; unsigned int value_count; field_type = iw_get_ui16_e(&e->d[tag_pos+2],e->endian); value_count = iw_get_ui32_e(&e->d[tag_pos+4],e->endian); if(value_count!=1) return 0; if(field_type==3) { *pv = iw_get_ui16_e(&e->d[tag_pos+8],e->endian); return 1; } else if(field_type==4) { *pv = iw_get_ui32_e(&e->d[tag_pos+8],e->endian); return 1; } return 0; }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,102653325511732,1 5686,CWE-416,"void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) { COMPS_HSList *tmplist, *tmp_subnodes; COMPS_HSListItem *it; COMPS_ObjListIt *it2; struct Pair { COMPS_HSList * subnodes; char * key; char added; } *pair, *parent_pair; pair = malloc(sizeof(struct Pair)); pair->subnodes = rt2->subnodes; pair->key = NULL; tmplist = comps_hslist_create(); comps_hslist_init(tmplist, NULL, NULL, &free); comps_hslist_append(tmplist, pair, 0); while (tmplist->first != NULL) { it = tmplist->first; comps_hslist_remove(tmplist, tmplist->first); tmp_subnodes = ((struct Pair*)it->data)->subnodes; parent_pair = (struct Pair*) it->data; free(it); pair->added = 0; for (it = tmp_subnodes->first; it != NULL; it=it->next) { pair = malloc(sizeof(struct Pair)); pair->subnodes = ((COMPS_ObjMRTreeData*)it->data)->subnodes; if (parent_pair->key != NULL) { pair->key = malloc(sizeof(char) * (strlen(((COMPS_ObjMRTreeData*)it->data)->key) + strlen(parent_pair->key) + 1)); memcpy(pair->key, parent_pair->key, sizeof(char) * strlen(parent_pair->key)); memcpy(pair->key+strlen(parent_pair->key), ((COMPS_ObjMRTreeData*)it->data)->key, sizeof(char)*(strlen(((COMPS_ObjMRTreeData*)it->data)->key)+1)); } else { pair->key = malloc(sizeof(char)* (strlen(((COMPS_ObjMRTreeData*)it->data)->key) + 1)); memcpy(pair->key, ((COMPS_ObjMRTreeData*)it->data)->key, sizeof(char)*(strlen(((COMPS_ObjMRTreeData*)it->data)->key)+1)); } if (((COMPS_ObjMRTreeData*)it->data)->data->first != NULL) { for (it2 = ((COMPS_ObjMRTreeData*)it->data)->data->first; it2 != NULL; it2 = it2->next) { comps_objmrtree_set(rt1, pair->key, it2->comps_obj); } if (((COMPS_ObjMRTreeData*)it->data)->subnodes->first) { comps_hslist_append(tmplist, pair, 0); } else { free(pair->key); free(pair); } } else { if (((COMPS_ObjMRTreeData*)it->data)->subnodes->first) { comps_hslist_append(tmplist, pair, 0); } else { free(pair->key); free(pair); } } } free(parent_pair->key); free(parent_pair); } comps_hslist_destroy(&tmplist); }",visit repo url,libcomps/src/comps_objmradix.c,https://github.com/rpm-software-management/libcomps,137095212303666,1 4500,['CWE-20'],"static void update_backups(struct super_block *sb, int blk_off, char *data, int size) { struct ext4_sb_info *sbi = EXT4_SB(sb); const ext4_group_t last = sbi->s_groups_count; const int bpg = EXT4_BLOCKS_PER_GROUP(sb); unsigned three = 1; unsigned five = 5; unsigned seven = 7; ext4_group_t group; int rest = sb->s_blocksize - size; handle_t *handle; int err = 0, err2; handle = ext4_journal_start_sb(sb, EXT4_MAX_TRANS_DATA); if (IS_ERR(handle)) { group = 1; err = PTR_ERR(handle); goto exit_err; } while ((group = ext4_list_backups(sb, &three, &five, &seven)) < last) { struct buffer_head *bh; if (ext4_handle_valid(handle) && handle->h_buffer_credits == 0 && ext4_journal_extend(handle, EXT4_MAX_TRANS_DATA) && (err = ext4_journal_restart(handle, EXT4_MAX_TRANS_DATA))) break; bh = sb_getblk(sb, group * bpg + blk_off); if (!bh) { err = -EIO; break; } ext4_debug(""update metadata backup %#04lx\n"", (unsigned long)bh->b_blocknr); if ((err = ext4_journal_get_write_access(handle, bh))) break; lock_buffer(bh); memcpy(bh->b_data, data, size); if (rest) memset(bh->b_data + size, 0, rest); set_buffer_uptodate(bh); unlock_buffer(bh); ext4_handle_dirty_metadata(handle, NULL, bh); brelse(bh); } if ((err2 = ext4_journal_stop(handle)) && !err) err = err2; exit_err: if (err) { ext4_warning(sb, __func__, ""can't update backup for group %u (err %d), "" ""forcing fsck on next reboot"", group, err); sbi->s_mount_state &= ~EXT4_VALID_FS; sbi->s_es->s_state &= cpu_to_le16(~EXT4_VALID_FS); mark_buffer_dirty(sbi->s_sbh); } }",linux-2.6,,,44020648151160495114819576471010928671,0 5464,CWE-617,"pci_get_vdev_info(int slot) { struct businfo *bi; struct slotinfo *si; struct pci_vdev *dev = NULL; bi = pci_businfo[0]; assert(bi != NULL); si = &bi->slotinfo[slot]; if (si != NULL) dev = si->si_funcs[0].fi_devi; else fprintf(stderr, ""slot=%d is empty!\n"", slot); return dev; }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,232541589852603,1 6312,['CWE-200'],"static int ipmr_mfc_delete(struct mfcctl *mfc) { int line; struct mfc_cache *c, **cp; line=MFC_HASH(mfc->mfcc_mcastgrp.s_addr, mfc->mfcc_origin.s_addr); for (cp=&mfc_cache_array[line]; (c=*cp) != NULL; cp = &c->next) { if (c->mfc_origin == mfc->mfcc_origin.s_addr && c->mfc_mcastgrp == mfc->mfcc_mcastgrp.s_addr) { write_lock_bh(&mrt_lock); *cp = c->next; write_unlock_bh(&mrt_lock); kmem_cache_free(mrt_cachep, c); return 0; } } return -ENOENT; }",linux-2.6,,,230765787828237333494864909034528448208,0 5750,CWE-787,"int ndpi_netbios_name_interpret(char *in, size_t in_len, char *out, u_int out_len) { u_int ret = 0, len, idx = in_len, out_idx = 0; len = (*in++)/2; out_len--; out[out_idx] = 0; if((len > out_len) || (len < 1) || ((2*len) > in_len)) return(-1); while((len--) && (out_idx < out_len)) { if((idx < 2) || (in[0] < 'A') || (in[0] > 'P') || (in[1] < 'A') || (in[1] > 'P')) { out[out_idx] = 0; break; } out[out_idx] = ((in[0] - 'A') << 4) + (in[1] - 'A'); in += 2, idx -= 2; if(isprint(out[out_idx])) out_idx++, ret++; } if(out_idx > 0) { out[out_idx] = 0; out_idx--; while((out_idx > 0) && (out[out_idx] == ' ')) { out[out_idx] = 0; out_idx--; } } return(ret); }",visit repo url,src/lib/protocols/netbios.c,https://github.com/ntop/nDPI,222960922438757,1 5309,['CWE-119'],"static void tun_cleanup(void) { misc_deregister(&tun_miscdev); rtnl_link_unregister(&tun_link_ops); }",linux-2.6,,,115472856040605464627308089765695043749,0 1104,CWE-362,"int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) { struct ip_options *opt; opt = inet_sk(sk)->opt; if (opt == NULL || opt->cipso == 0) return -ENOMSG; return cipso_v4_getattr(opt->__data + opt->cipso - sizeof(struct iphdr), secattr); }",visit repo url,net/ipv4/cipso_ipv4.c,https://github.com/torvalds/linux,46768444066745,1 364,[],"pfm_remove_smpl_mapping(struct task_struct *task, void *vaddr, unsigned long size) { int r; if (task->mm == NULL || size == 0UL || vaddr == NULL) { printk(KERN_ERR ""perfmon: pfm_remove_smpl_mapping [%d] invalid context mm=%p\n"", task->pid, task->mm); return -EINVAL; } DPRINT((""smpl_vaddr=%p size=%lu\n"", vaddr, size)); down_write(&task->mm->mmap_sem); DPRINT((""down_write done smpl_vaddr=%p size=%lu\n"", vaddr, size)); r = pfm_do_munmap(task->mm, (unsigned long)vaddr, size, 0); up_write(&task->mm->mmap_sem); if (r !=0) { printk(KERN_ERR ""perfmon: [%d] unable to unmap sampling buffer @%p size=%lu\n"", task->pid, vaddr, size); } DPRINT((""do_unmap(%p, %lu)=%d\n"", vaddr, size, r)); return 0; }",linux-2.6,,,145293909141465402496193116486771709941,0 2927,CWE-310,"static JSON_INLINE size_t num_buckets(hashtable_t *hashtable) { return primes[hashtable->num_buckets]; }",visit repo url,src/hashtable.c,https://github.com/akheron/jansson,250759631978950,1 3029,CWE-399,"gdImageScaleTwoPass(const gdImagePtr src, const unsigned int new_width, const unsigned int new_height) { const unsigned int src_width = src->sx; const unsigned int src_height = src->sy; gdImagePtr tmp_im = NULL; gdImagePtr dst = NULL; if (src_width == new_width && src_height == new_height) { return gdImageClone(src); } if (!src->trueColor) { gdImagePaletteToTrueColor(src); } if (src_width == new_width) { tmp_im = src; } else { tmp_im = gdImageCreateTrueColor(new_width, src_height); if (tmp_im == NULL) { return NULL; } gdImageSetInterpolationMethod(tmp_im, src->interpolation_id); _gdScalePass(src, src_width, tmp_im, new_width, src_height, HORIZONTAL); } if (src_height == new_height) { assert(tmp_im != src); return tmp_im; } dst = gdImageCreateTrueColor(new_width, new_height); if (dst != NULL) { gdImageSetInterpolationMethod(dst, src->interpolation_id); _gdScalePass(tmp_im, src_height, dst, new_height, new_width, VERTICAL); } if (src != tmp_im) { gdFree(tmp_im); } return dst; } ",visit repo url,src/gd_interpolation.c,https://github.com/libgd/libgd,3485657310246,1 3464,CWE-362,"static int myisamchk(MI_CHECK *param, char * filename) { int error,lock_type,recreate; int rep_quick= param->testflag & (T_QUICK | T_FORCE_UNIQUENESS); MI_INFO *info; File datafile; char llbuff[22],llbuff2[22]; my_bool state_updated=0; MYISAM_SHARE *share; DBUG_ENTER(""myisamchk""); param->out_flag=error=param->warning_printed=param->error_printed= recreate=0; datafile=0; param->isam_file_name=filename; if (!(info=mi_open(filename, (param->testflag & (T_DESCRIPT | T_READONLY)) ? O_RDONLY : O_RDWR, HA_OPEN_FOR_REPAIR | ((param->testflag & T_WAIT_FOREVER) ? HA_OPEN_WAIT_IF_LOCKED : (param->testflag & T_DESCRIPT) ? HA_OPEN_IGNORE_IF_LOCKED : HA_OPEN_ABORT_IF_LOCKED)))) { param->error_printed=1; switch (my_errno) { case HA_ERR_CRASHED: mi_check_print_error(param,""'%s' doesn't have a correct index definition. You need to recreate it before you can do a repair"",filename); break; case HA_ERR_NOT_A_TABLE: mi_check_print_error(param,""'%s' is not a MyISAM-table"",filename); break; case HA_ERR_CRASHED_ON_USAGE: mi_check_print_error(param,""'%s' is marked as crashed"",filename); break; case HA_ERR_CRASHED_ON_REPAIR: mi_check_print_error(param,""'%s' is marked as crashed after last repair"",filename); break; case HA_ERR_OLD_FILE: mi_check_print_error(param,""'%s' is an old type of MyISAM-table"", filename); break; case HA_ERR_END_OF_FILE: mi_check_print_error(param,""Couldn't read complete header from '%s'"", filename); break; case EAGAIN: mi_check_print_error(param,""'%s' is locked. Use -w to wait until unlocked"",filename); break; case ENOENT: mi_check_print_error(param,""File '%s' doesn't exist"",filename); break; case EACCES: mi_check_print_error(param,""You don't have permission to use '%s'"",filename); break; default: mi_check_print_error(param,""%d when opening MyISAM-table '%s'"", my_errno,filename); break; } DBUG_RETURN(1); } share=info->s; share->options&= ~HA_OPTION_READ_ONLY_DATA; share->tot_locks-= share->r_locks; share->r_locks=0; if (param->testflag & (T_FAST | T_CHECK_ONLY_CHANGED)) { my_bool need_to_check= mi_is_crashed(info) || share->state.open_count != 0; if ((param->testflag & (T_REP_ANY | T_SORT_RECORDS)) && ((share->state.changed & (STATE_CHANGED | STATE_CRASHED | STATE_CRASHED_ON_REPAIR) || !(param->testflag & T_CHECK_ONLY_CHANGED)))) need_to_check=1; if (info->s->base.keys && info->state->records) { if ((param->testflag & T_STATISTICS) && (share->state.changed & STATE_NOT_ANALYZED)) need_to_check=1; if ((param->testflag & T_SORT_INDEX) && (share->state.changed & STATE_NOT_SORTED_PAGES)) need_to_check=1; if ((param->testflag & T_REP_BY_SORT) && (share->state.changed & STATE_NOT_OPTIMIZED_KEYS)) need_to_check=1; } if ((param->testflag & T_CHECK_ONLY_CHANGED) && (share->state.changed & (STATE_CHANGED | STATE_CRASHED | STATE_CRASHED_ON_REPAIR))) need_to_check=1; if (!need_to_check) { if (!(param->testflag & T_SILENT) || param->testflag & T_INFO) printf(""MyISAM file: %s is already checked\n"",filename); if (mi_close(info)) { mi_check_print_error(param,""%d when closing MyISAM-table '%s'"", my_errno,filename); DBUG_RETURN(1); } DBUG_RETURN(0); } } if ((param->testflag & (T_REP_ANY | T_STATISTICS | T_SORT_RECORDS | T_SORT_INDEX)) && (((param->testflag & T_UNPACK) && share->data_file_type == COMPRESSED_RECORD) || mi_uint2korr(share->state.header.state_info_length) != MI_STATE_INFO_SIZE || mi_uint2korr(share->state.header.base_info_length) != MI_BASE_INFO_SIZE || mi_is_any_intersect_keys_active(param->keys_in_use, share->base.keys, ~share->state.key_map) || test_if_almost_full(info) || info->s->state.header.file_version[3] != myisam_file_magic[3] || (set_collation && set_collation->number != share->state.header.language) || myisam_block_size != MI_KEY_BLOCK_LENGTH)) { if (set_collation) param->language= set_collation->number; if (recreate_table(param, &info,filename)) { (void) fprintf(stderr, ""MyISAM-table '%s' is not fixed because of errors\n"", filename); return(-1); } recreate=1; if (!(param->testflag & T_REP_ANY)) { param->testflag|=T_REP_BY_SORT; if (!(param->testflag & T_SILENT)) printf(""- '%s' has old table-format. Recreating index\n"",filename); rep_quick|=T_QUICK; } share=info->s; share->tot_locks-= share->r_locks; share->r_locks=0; } if (param->testflag & T_DESCRIPT) { param->total_files++; param->total_records+=info->state->records; param->total_deleted+=info->state->del; descript(param, info, filename); } else { if (!stopwords_inited++) ft_init_stopwords(); if (!(param->testflag & T_READONLY)) lock_type = F_WRLCK; else lock_type= F_RDLCK; if (info->lock_type == F_RDLCK) info->lock_type=F_UNLCK; if (_mi_readinfo(info,lock_type,0)) { mi_check_print_error(param,""Can't lock indexfile of '%s', error: %d"", filename,my_errno); param->error_printed=0; goto end2; } mi_lock_database(info, F_EXTRA_LCK); datafile=info->dfile; if (param->testflag & (T_REP_ANY | T_SORT_RECORDS | T_SORT_INDEX)) { if (param->testflag & T_REP_ANY) { ulonglong tmp=share->state.key_map; mi_copy_keys_active(share->state.key_map, share->base.keys, param->keys_in_use); if (tmp != share->state.key_map) info->update|=HA_STATE_CHANGED; } if (rep_quick && chk_del(param, info, param->testflag & ~T_VERBOSE)) { if (param->testflag & T_FORCE_CREATE) { rep_quick=0; mi_check_print_info(param,""Creating new data file\n""); } else { error=1; mi_check_print_error(param, ""Quick-recover aborted; Run recovery without switch 'q'""); } } if (!error) { if ((param->testflag & (T_REP_BY_SORT | T_REP_PARALLEL)) && (mi_is_any_key_active(share->state.key_map) || (rep_quick && !param->keys_in_use && !recreate)) && mi_test_if_sort_rep(info, info->state->records, info->s->state.key_map, param->force_sort)) { if (param->testflag & T_REP_BY_SORT) error=mi_repair_by_sort(param,info,filename,rep_quick); else error=mi_repair_parallel(param,info,filename,rep_quick); state_updated=1; } else if (param->testflag & T_REP_ANY) error=mi_repair(param, info,filename,rep_quick); } if (!error && param->testflag & T_SORT_RECORDS) { #ifndef TO_BE_REMOVED if (param->out_flag & O_NEW_DATA) { (void) my_close(info->dfile,MYF(MY_WME)); error|=change_to_newfile(filename, MI_NAME_DEXT, DATA_TMP_EXT, MYF(0)); if (mi_open_datafile(info,info->s, NULL, -1)) error=1; param->out_flag&= ~O_NEW_DATA; param->read_cache.file=info->dfile; } #endif if (! error) { uint key; my_bool update_index=1; for (key=0 ; key < share->base.keys; key++) if (share->keyinfo[key].flag & (HA_BINARY_PACK_KEY|HA_FULLTEXT)) update_index=0; error=mi_sort_records(param,info,filename,param->opt_sort_key, (my_bool) !(param->testflag & T_REP), update_index); datafile=info->dfile; if (!error && !update_index) { if (param->verbose) puts(""Table had a compressed index; We must now recreate the index""); error=mi_repair_by_sort(param,info,filename,1); } } } if (!error && param->testflag & T_SORT_INDEX) error=mi_sort_index(param,info,filename); if (!error) share->state.changed&= ~(STATE_CHANGED | STATE_CRASHED | STATE_CRASHED_ON_REPAIR); else mi_mark_crashed(info); } else if ((param->testflag & T_CHECK) || !(param->testflag & T_AUTO_INC)) { if (!(param->testflag & T_SILENT) || param->testflag & T_INFO) printf(""Checking MyISAM file: %s\n"",filename); if (!(param->testflag & T_SILENT)) printf(""Data records: %7s Deleted blocks: %7s\n"", llstr(info->state->records,llbuff), llstr(info->state->del,llbuff2)); error =chk_status(param,info); mi_intersect_keys_active(share->state.key_map, param->keys_in_use); error =chk_size(param,info); if (!error || !(param->testflag & (T_FAST | T_FORCE_CREATE))) error|=chk_del(param, info,param->testflag); if ((!error || (!(param->testflag & (T_FAST | T_FORCE_CREATE)) && !param->start_check_pos))) { error|=chk_key(param, info); if (!error && (param->testflag & (T_STATISTICS | T_AUTO_INC))) error=update_state_info(param, info, ((param->testflag & T_STATISTICS) ? UPDATE_STAT : 0) | ((param->testflag & T_AUTO_INC) ? UPDATE_AUTO_INC : 0)); } if ((!rep_quick && !error) || !(param->testflag & (T_FAST | T_FORCE_CREATE))) { if (param->testflag & (T_EXTEND | T_MEDIUM)) (void) init_key_cache(dflt_key_cache,opt_key_cache_block_size, param->use_buffers, 0, 0); (void) init_io_cache(¶m->read_cache,datafile, (uint) param->read_buffer_length, READ_CACHE, (param->start_check_pos ? param->start_check_pos : share->pack.header_length), 1, MYF(MY_WME)); lock_memory(param); if ((info->s->options & (HA_OPTION_PACK_RECORD | HA_OPTION_COMPRESS_RECORD)) || (param->testflag & (T_EXTEND | T_MEDIUM))) error|=chk_data_link(param, info, param->testflag & T_EXTEND); error|=flush_blocks(param, share->key_cache, share->kfile); (void) end_io_cache(¶m->read_cache); } if (!error) { if ((share->state.changed & STATE_CHANGED) && (param->testflag & T_UPDATE_STATE)) info->update|=HA_STATE_CHANGED | HA_STATE_ROW_CHANGED; share->state.changed&= ~(STATE_CHANGED | STATE_CRASHED | STATE_CRASHED_ON_REPAIR); } else if (!mi_is_crashed(info) && (param->testflag & T_UPDATE_STATE)) { mi_mark_crashed(info); info->update|=HA_STATE_CHANGED | HA_STATE_ROW_CHANGED; } } } if ((param->testflag & T_AUTO_INC) || ((param->testflag & T_REP_ANY) && info->s->base.auto_key)) update_auto_increment_key(param, info, (my_bool) !test(param->testflag & T_AUTO_INC)); if (!(param->testflag & T_DESCRIPT)) { if (info->update & HA_STATE_CHANGED && ! (param->testflag & T_READONLY)) error|=update_state_info(param, info, UPDATE_OPEN_COUNT | (((param->testflag & T_REP_ANY) ? UPDATE_TIME : 0) | (state_updated ? UPDATE_STAT : 0) | ((param->testflag & T_SORT_RECORDS) ? UPDATE_SORT : 0))); (void) lock_file(param, share->kfile,0L,F_UNLCK,""indexfile"",filename); info->update&= ~HA_STATE_CHANGED; } mi_lock_database(info, F_UNLCK); end2: if (mi_close(info)) { mi_check_print_error(param,""%d when closing MyISAM-table '%s'"",my_errno,filename); DBUG_RETURN(1); } if (error == 0) { if (param->out_flag & O_NEW_DATA) error|=change_to_newfile(filename,MI_NAME_DEXT,DATA_TMP_EXT, ((param->testflag & T_BACKUP_DATA) ? MYF(MY_REDEL_MAKE_BACKUP) : MYF(0))); if (param->out_flag & O_NEW_INDEX) error|=change_to_newfile(filename, MI_NAME_IEXT, INDEX_TMP_EXT, MYF(0)); } (void) fflush(stdout); (void) fflush(stderr); if (param->error_printed) { if (param->testflag & (T_REP_ANY | T_SORT_RECORDS | T_SORT_INDEX)) { (void) fprintf(stderr, ""MyISAM-table '%s' is not fixed because of errors\n"", filename); if (param->testflag & T_REP_ANY) (void) fprintf(stderr, ""Try fixing it by using the --safe-recover (-o), the --force (-f) option or by not using the --quick (-q) flag\n""); } else if (!(param->error_printed & 2) && !(param->testflag & T_FORCE_CREATE)) (void) fprintf(stderr, ""MyISAM-table '%s' is corrupted\nFix it using switch \""-r\"" or \""-o\""\n"", filename); } else if (param->warning_printed && ! (param->testflag & (T_REP_ANY | T_SORT_RECORDS | T_SORT_INDEX | T_FORCE_CREATE))) (void) fprintf(stderr, ""MyISAM-table '%s' is usable but should be fixed\n"", filename); (void) fflush(stderr); DBUG_RETURN(error); } ",visit repo url,storage/myisam/myisamchk.c,https://github.com/mysql/mysql-server,256326581178156,1 1599,CWE-269,"int user_update(struct key *key, struct key_preparsed_payload *prep) { struct user_key_payload *upayload, *zap; size_t datalen = prep->datalen; int ret; ret = -EINVAL; if (datalen <= 0 || datalen > 32767 || !prep->data) goto error; ret = -ENOMEM; upayload = kmalloc(sizeof(*upayload) + datalen, GFP_KERNEL); if (!upayload) goto error; upayload->datalen = datalen; memcpy(upayload->data, prep->data, datalen); zap = upayload; ret = key_payload_reserve(key, datalen); if (ret == 0) { zap = key->payload.data[0]; rcu_assign_keypointer(key, upayload); key->expiry = 0; } if (zap) kfree_rcu(zap, rcu); error: return ret; }",visit repo url,security/keys/user_defined.c,https://github.com/torvalds/linux,73961341022708,1 4979,['CWE-20'],"static int nfs_safe_remove(struct dentry *dentry) { struct inode *dir = dentry->d_parent->d_inode; struct inode *inode = dentry->d_inode; int error = -EBUSY; dfprintk(VFS, ""NFS: safe_remove(%s/%s)\n"", dentry->d_parent->d_name.name, dentry->d_name.name); if (dentry->d_flags & DCACHE_NFSFS_RENAMED) { error = 0; goto out; } nfs_begin_data_update(dir); if (inode != NULL) { nfs_inode_return_delegation(inode); nfs_begin_data_update(inode); error = NFS_PROTO(dir)->remove(dir, &dentry->d_name); if (error == 0) drop_nlink(inode); nfs_mark_for_revalidate(inode); nfs_end_data_update(inode); } else error = NFS_PROTO(dir)->remove(dir, &dentry->d_name); nfs_end_data_update(dir); out: return error; }",linux-2.6,,,325378596516127499772819541475142696865,0 3288,CWE-787,"static void zep_print_ts(netdissect_options *ndo, const u_char *p) { int32_t i; uint32_t uf; uint32_t f; float ff; i = GET_BE_U_4(p); uf = GET_BE_U_4(p + 4); ff = (float) uf; if (ff < 0.0) ff += FMAXINT; ff = (float) (ff / FMAXINT); f = (uint32_t) (ff * 1000000000.0); ND_PRINT(""%u.%09d"", i, f); if (i) { time_t seconds = i - JAN_1970; struct tm *tm; char time_buf[128]; tm = localtime(&seconds); strftime(time_buf, sizeof (time_buf), ""%Y/%m/%d %H:%M:%S"", tm); ND_PRINT("" (%s)"", time_buf); } }",visit repo url,print-zep.c,https://github.com/the-tcpdump-group/tcpdump,264061087893967,1 2445,CWE-834,"static av_cold int rl2_read_header(AVFormatContext *s) { AVIOContext *pb = s->pb; AVStream *st; unsigned int frame_count; unsigned int audio_frame_counter = 0; unsigned int video_frame_counter = 0; unsigned int back_size; unsigned short sound_rate; unsigned short rate; unsigned short channels; unsigned short def_sound_size; unsigned int signature; unsigned int pts_den = 11025; unsigned int pts_num = 1103; unsigned int* chunk_offset = NULL; int* chunk_size = NULL; int* audio_size = NULL; int i; int ret = 0; avio_skip(pb,4); back_size = avio_rl32(pb); signature = avio_rb32(pb); avio_skip(pb, 4); frame_count = avio_rl32(pb); if(back_size > INT_MAX/2 || frame_count > INT_MAX / sizeof(uint32_t)) return AVERROR_INVALIDDATA; avio_skip(pb, 2); sound_rate = avio_rl16(pb); rate = avio_rl16(pb); channels = avio_rl16(pb); def_sound_size = avio_rl16(pb); st = avformat_new_stream(s, NULL); if(!st) return AVERROR(ENOMEM); st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO; st->codecpar->codec_id = AV_CODEC_ID_RL2; st->codecpar->codec_tag = 0; st->codecpar->width = 320; st->codecpar->height = 200; st->codecpar->extradata_size = EXTRADATA1_SIZE; if(signature == RLV3_TAG && back_size > 0) st->codecpar->extradata_size += back_size; if(ff_get_extradata(s, st->codecpar, pb, st->codecpar->extradata_size) < 0) return AVERROR(ENOMEM); if(sound_rate){ if (!channels || channels > 42) { av_log(s, AV_LOG_ERROR, ""Invalid number of channels: %d\n"", channels); return AVERROR_INVALIDDATA; } pts_num = def_sound_size; pts_den = rate; st = avformat_new_stream(s, NULL); if (!st) return AVERROR(ENOMEM); st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; st->codecpar->codec_id = AV_CODEC_ID_PCM_U8; st->codecpar->codec_tag = 1; st->codecpar->channels = channels; st->codecpar->bits_per_coded_sample = 8; st->codecpar->sample_rate = rate; st->codecpar->bit_rate = st->codecpar->channels * st->codecpar->sample_rate * st->codecpar->bits_per_coded_sample; st->codecpar->block_align = st->codecpar->channels * st->codecpar->bits_per_coded_sample / 8; avpriv_set_pts_info(st,32,1,rate); } avpriv_set_pts_info(s->streams[0], 32, pts_num, pts_den); chunk_size = av_malloc(frame_count * sizeof(uint32_t)); audio_size = av_malloc(frame_count * sizeof(uint32_t)); chunk_offset = av_malloc(frame_count * sizeof(uint32_t)); if(!chunk_size || !audio_size || !chunk_offset){ av_free(chunk_size); av_free(audio_size); av_free(chunk_offset); return AVERROR(ENOMEM); } for(i=0; i < frame_count;i++) chunk_size[i] = avio_rl32(pb); for(i=0; i < frame_count;i++) chunk_offset[i] = avio_rl32(pb); for(i=0; i < frame_count;i++) audio_size[i] = avio_rl32(pb) & 0xFFFF; for(i=0;i chunk_size[i]){ ret = AVERROR_INVALIDDATA; break; } if(sound_rate && audio_size[i]){ av_add_index_entry(s->streams[1], chunk_offset[i], audio_frame_counter,audio_size[i], 0, AVINDEX_KEYFRAME); audio_frame_counter += audio_size[i] / channels; } av_add_index_entry(s->streams[0], chunk_offset[i] + audio_size[i], video_frame_counter,chunk_size[i]-audio_size[i],0,AVINDEX_KEYFRAME); ++video_frame_counter; } av_free(chunk_size); av_free(audio_size); av_free(chunk_offset); return ret; }",visit repo url,libavformat/rl2.c,https://github.com/FFmpeg/FFmpeg,127101385687821,1 4257,['CWE-119'],"sctp_disposition_t sctp_sf_do_5_1B_init(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_chunk *repl; struct sctp_association *new_asoc; struct sctp_chunk *err_chunk; struct sctp_packet *packet; sctp_unrecognized_param_t *unk_param; int len; if (!chunk->singleton) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (ep == sctp_sk((sctp_get_ctl_sock()))->ep) { SCTP_INC_STATS(SCTP_MIB_OUTOFBLUES); return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); } if (chunk->sctp_hdr->vtag != 0) return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_init_chunk_t))) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); err_chunk = NULL; if (!sctp_verify_init(asoc, chunk->chunk_hdr->type, (sctp_init_chunk_t *)chunk->chunk_hdr, chunk, &err_chunk)) { if (err_chunk) { packet = sctp_abort_pkt_new(ep, asoc, arg, (__u8 *)(err_chunk->chunk_hdr) + sizeof(sctp_chunkhdr_t), ntohs(err_chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t)); sctp_chunk_free(err_chunk); if (packet) { sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(packet)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); return SCTP_DISPOSITION_CONSUME; } else { return SCTP_DISPOSITION_NOMEM; } } else { return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); } } chunk->subh.init_hdr = (sctp_inithdr_t *)chunk->skb->data; chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t)); new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC); if (!new_asoc) goto nomem; if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, sctp_source(chunk), (sctp_init_chunk_t *)chunk->chunk_hdr, GFP_ATOMIC)) goto nomem_init; len = 0; if (err_chunk) len = ntohs(err_chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0) goto nomem_init; repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len); if (!repl) goto nomem_init; if (err_chunk) { unk_param = (sctp_unrecognized_param_t *) ((__u8 *)(err_chunk->chunk_hdr) + sizeof(sctp_chunkhdr_t)); sctp_addto_chunk(repl, len, unk_param); sctp_chunk_free(err_chunk); } sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); return SCTP_DISPOSITION_DELETE_TCB; nomem_init: sctp_association_free(new_asoc); nomem: if (err_chunk) sctp_chunk_free(err_chunk); return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,123295421428994009941534248584965596738,0 1512,NVD-CWE-Other,"struct vfsmount *collect_mounts(struct path *path) { struct mount *tree; namespace_lock(); tree = copy_tree(real_mount(path->mnt), path->dentry, CL_COPY_ALL | CL_PRIVATE); namespace_unlock(); if (IS_ERR(tree)) return ERR_CAST(tree); return &tree->mnt; }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,14484551190121,1 6405,CWE-20,"error_t enc624j600Init(NetInterface *interface) { uint16_t temp; Enc624j600Context *context; TRACE_INFO(""Initializing ENC624J600 Ethernet controller...\r\n""); interface->spiDriver->init(); interface->extIntDriver->init(); context = (Enc624j600Context *) interface->nicContext; context->nextPacket = ENC624J600_RX_BUFFER_START; context->rxBuffer = memPoolAlloc(ETH_MAX_FRAME_SIZE); if(context->rxBuffer == NULL) { return ERROR_OUT_OF_MEMORY; } enc624j600SoftReset(interface); enc624j600WriteReg(interface, ENC624J600_REG_ECON2, ECON2_ETHEN | ECON2_STRCH); if(macCompAddr(&interface->macAddr, &MAC_UNSPECIFIED_ADDR)) { temp = enc624j600ReadReg(interface, ENC624J600_REG_MAADR1); interface->macAddr.w[0] = letoh16(temp); temp = enc624j600ReadReg(interface, ENC624J600_REG_MAADR2); interface->macAddr.w[1] = letoh16(temp); temp = enc624j600ReadReg(interface, ENC624J600_REG_MAADR3); interface->macAddr.w[2] = letoh16(temp); macAddrToEui64(&interface->macAddr, &interface->eui64); } else { temp = htole16(interface->macAddr.w[0]); enc624j600WriteReg(interface, ENC624J600_REG_MAADR1, temp); temp = htole16(interface->macAddr.w[1]); enc624j600WriteReg(interface, ENC624J600_REG_MAADR2, temp); temp = htole16(interface->macAddr.w[2]); enc624j600WriteReg(interface, ENC624J600_REG_MAADR3, temp); } enc624j600WriteReg(interface, ENC624J600_REG_ERXST, ENC624J600_RX_BUFFER_START); enc624j600WriteReg(interface, ENC624J600_REG_ERXTAIL, ENC624J600_RX_BUFFER_STOP); enc624j600WriteReg(interface, ENC624J600_REG_ERXFCON, ERXFCON_HTEN | ERXFCON_CRCEN | ERXFCON_RUNTEN | ERXFCON_UCEN | ERXFCON_BCEN); enc624j600WriteReg(interface, ENC624J600_REG_EHT1, 0x0000); enc624j600WriteReg(interface, ENC624J600_REG_EHT2, 0x0000); enc624j600WriteReg(interface, ENC624J600_REG_EHT3, 0x0000); enc624j600WriteReg(interface, ENC624J600_REG_EHT4, 0x0000); enc624j600WriteReg(interface, ENC624J600_REG_MACON2, MACON2_DEFER | MACON2_PADCFG0 | MACON2_TXCRCEN | MACON2_R1); enc624j600WriteReg(interface, ENC624J600_REG_MAMXFL, ETH_MAX_FRAME_SIZE); enc624j600WritePhyReg(interface, ENC624J600_PHY_REG_PHANA, PHANA_ADPAUS0 | PHANA_AD100FD | PHANA_AD100 | PHANA_AD10FD | PHANA_AD10 | PHANA_ADIEEE0); enc624j600WriteReg(interface, ENC624J600_REG_EIR, 0x0000); enc624j600WriteReg(interface, ENC624J600_REG_EIE, EIE_INTIE | EIE_LINKIE | EIE_PKTIE | EIE_TXIE | EIE_TXABTIE); enc624j600SetBit(interface, ENC624J600_REG_ECON1, ECON1_RXEN); enc624j600DumpReg(interface); enc624j600DumpPhyReg(interface); osSetEvent(&interface->nicTxEvent); interface->nicEvent = TRUE; osSetEvent(&netEvent); return NO_ERROR; }",visit repo url,drivers/eth/enc624j600_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,33003698545690,1 4917,CWE-59,"parse_cmdline(int argc, char **argv) { int c; bool reopen_log = false; int signum; struct utsname uname_buf; int longindex; int curind; bool bad_option = false; unsigned facility; mode_t new_umask_val; struct option long_options[] = { {""use-file"", required_argument, NULL, 'f'}, #if defined _WITH_VRRP_ && defined _WITH_LVS_ {""vrrp"", no_argument, NULL, 'P'}, {""check"", no_argument, NULL, 'C'}, #endif #ifdef _WITH_BFD_ {""no_bfd"", no_argument, NULL, 'B'}, #endif {""all"", no_argument, NULL, 3 }, {""log-console"", no_argument, NULL, 'l'}, {""log-detail"", no_argument, NULL, 'D'}, {""log-facility"", required_argument, NULL, 'S'}, {""log-file"", optional_argument, NULL, 'g'}, {""flush-log-file"", no_argument, NULL, 2 }, {""no-syslog"", no_argument, NULL, 'G'}, {""umask"", required_argument, NULL, 'u'}, #ifdef _WITH_VRRP_ {""release-vips"", no_argument, NULL, 'X'}, {""dont-release-vrrp"", no_argument, NULL, 'V'}, #endif #ifdef _WITH_LVS_ {""dont-release-ipvs"", no_argument, NULL, 'I'}, #endif {""dont-respawn"", no_argument, NULL, 'R'}, {""dont-fork"", no_argument, NULL, 'n'}, {""dump-conf"", no_argument, NULL, 'd'}, {""pid"", required_argument, NULL, 'p'}, #ifdef _WITH_VRRP_ {""vrrp_pid"", required_argument, NULL, 'r'}, #endif #ifdef _WITH_LVS_ {""checkers_pid"", required_argument, NULL, 'c'}, {""address-monitoring"", no_argument, NULL, 'a'}, #endif #ifdef _WITH_BFD_ {""bfd_pid"", required_argument, NULL, 'b'}, #endif #ifdef _WITH_SNMP_ {""snmp"", no_argument, NULL, 'x'}, {""snmp-agent-socket"", required_argument, NULL, 'A'}, #endif {""core-dump"", no_argument, NULL, 'm'}, {""core-dump-pattern"", optional_argument, NULL, 'M'}, #ifdef _MEM_CHECK_LOG_ {""mem-check-log"", no_argument, NULL, 'L'}, #endif #if HAVE_DECL_CLONE_NEWNET {""namespace"", required_argument, NULL, 's'}, #endif {""config-id"", required_argument, NULL, 'i'}, {""signum"", required_argument, NULL, 4 }, {""config-test"", optional_argument, NULL, 't'}, #ifdef _WITH_PERF_ {""perf"", optional_argument, NULL, 5 }, #endif #ifdef WITH_DEBUG_OPTIONS {""debug"", optional_argument, NULL, 6 }, #endif {""version"", no_argument, NULL, 'v'}, {""help"", no_argument, NULL, 'h'}, {NULL, 0, NULL, 0 } }; curind = optind; while (longindex = -1, (c = getopt_long(argc, argv, "":vhlndu:DRS:f:p:i:mM::g::Gt::"" #if defined _WITH_VRRP_ && defined _WITH_LVS_ ""PC"" #endif #ifdef _WITH_VRRP_ ""r:VX"" #endif #ifdef _WITH_LVS_ ""ac:I"" #endif #ifdef _WITH_BFD_ ""Bb:"" #endif #ifdef _WITH_SNMP_ ""xA:"" #endif #ifdef _MEM_CHECK_LOG_ ""L"" #endif #if HAVE_DECL_CLONE_NEWNET ""s:"" #endif , long_options, &longindex)) != -1) { if (longindex >= 0 && long_options[longindex].has_arg == required_argument && optarg && !optarg[0]) { c = ':'; optarg = NULL; } switch (c) { case 'v': fprintf(stderr, ""%s"", version_string); #ifdef GIT_COMMIT fprintf(stderr, "", git commit %s"", GIT_COMMIT); #endif fprintf(stderr, ""\n\n%s\n\n"", COPYRIGHT_STRING); fprintf(stderr, ""Built with kernel headers for Linux %d.%d.%d\n"", (LINUX_VERSION_CODE >> 16) & 0xff, (LINUX_VERSION_CODE >> 8) & 0xff, (LINUX_VERSION_CODE ) & 0xff); uname(&uname_buf); fprintf(stderr, ""Running on %s %s %s\n\n"", uname_buf.sysname, uname_buf.release, uname_buf.version); fprintf(stderr, ""configure options: %s\n\n"", KEEPALIVED_CONFIGURE_OPTIONS); fprintf(stderr, ""Config options: %s\n\n"", CONFIGURATION_OPTIONS); fprintf(stderr, ""System options: %s\n"", SYSTEM_OPTIONS); exit(0); break; case 'h': usage(argv[0]); exit(0); break; case 'l': __set_bit(LOG_CONSOLE_BIT, &debug); reopen_log = true; break; case 'n': __set_bit(DONT_FORK_BIT, &debug); break; case 'd': __set_bit(DUMP_CONF_BIT, &debug); break; #ifdef _WITH_VRRP_ case 'V': __set_bit(DONT_RELEASE_VRRP_BIT, &debug); break; #endif #ifdef _WITH_LVS_ case 'I': __set_bit(DONT_RELEASE_IPVS_BIT, &debug); break; #endif case 'D': if (__test_bit(LOG_DETAIL_BIT, &debug)) __set_bit(LOG_EXTRA_DETAIL_BIT, &debug); else __set_bit(LOG_DETAIL_BIT, &debug); break; case 'R': __set_bit(DONT_RESPAWN_BIT, &debug); break; #ifdef _WITH_VRRP_ case 'X': __set_bit(RELEASE_VIPS_BIT, &debug); break; #endif case 'S': if (!read_unsigned(optarg, &facility, 0, LOG_FACILITY_MAX, false)) fprintf(stderr, ""Invalid log facility '%s'\n"", optarg); else { log_facility = LOG_FACILITY[facility].facility; reopen_log = true; } break; case 'g': if (optarg && optarg[0]) log_file_name = optarg; else log_file_name = ""/tmp/keepalived.log""; open_log_file(log_file_name, NULL, NULL, NULL); break; case 'G': __set_bit(NO_SYSLOG_BIT, &debug); reopen_log = true; break; case 'u': new_umask_val = set_umask(optarg); if (umask_cmdline) umask_val = new_umask_val; break; case 't': __set_bit(CONFIG_TEST_BIT, &debug); __set_bit(DONT_RESPAWN_BIT, &debug); __set_bit(DONT_FORK_BIT, &debug); __set_bit(NO_SYSLOG_BIT, &debug); if (optarg && optarg[0]) { int fd = open(optarg, O_WRONLY | O_APPEND | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (fd == -1) { fprintf(stderr, ""Unable to open config-test log file %s\n"", optarg); exit(EXIT_FAILURE); } dup2(fd, STDERR_FILENO); close(fd); } break; case 'f': conf_file = optarg; break; case 2: set_flush_log_file(); break; #if defined _WITH_VRRP_ && defined _WITH_LVS_ case 'P': __clear_bit(DAEMON_CHECKERS, &daemon_mode); break; case 'C': __clear_bit(DAEMON_VRRP, &daemon_mode); break; #endif #ifdef _WITH_BFD_ case 'B': __clear_bit(DAEMON_BFD, &daemon_mode); break; #endif case 'p': main_pidfile = optarg; break; #ifdef _WITH_LVS_ case 'c': checkers_pidfile = optarg; break; case 'a': __set_bit(LOG_ADDRESS_CHANGES, &debug); break; #endif #ifdef _WITH_VRRP_ case 'r': vrrp_pidfile = optarg; break; #endif #ifdef _WITH_BFD_ case 'b': bfd_pidfile = optarg; break; #endif #ifdef _WITH_SNMP_ case 'x': snmp = 1; break; case 'A': snmp_socket = optarg; break; #endif case 'M': set_core_dump_pattern = true; if (optarg && optarg[0]) core_dump_pattern = optarg; case 'm': create_core_dump = true; break; #ifdef _MEM_CHECK_LOG_ case 'L': __set_bit(MEM_CHECK_LOG_BIT, &debug); break; #endif #if HAVE_DECL_CLONE_NEWNET case 's': override_namespace = MALLOC(strlen(optarg) + 1); strcpy(override_namespace, optarg); break; #endif case 'i': FREE_PTR(config_id); config_id = MALLOC(strlen(optarg) + 1); strcpy(config_id, optarg); break; case 4: signum = get_signum(optarg); if (signum == -1) { fprintf(stderr, ""Unknown sigfunc %s\n"", optarg); exit(1); } printf(""%d\n"", signum); exit(0); break; case 3: __set_bit(RUN_ALL_CHILDREN, &daemon_mode); #ifdef _WITH_VRRP_ __set_bit(DAEMON_VRRP, &daemon_mode); #endif #ifdef _WITH_LVS_ __set_bit(DAEMON_CHECKERS, &daemon_mode); #endif #ifdef _WITH_BFD_ __set_bit(DAEMON_BFD, &daemon_mode); #endif break; #ifdef _WITH_PERF_ case 5: if (optarg && optarg[0]) { if (!strcmp(optarg, ""run"")) perf_run = PERF_RUN; else if (!strcmp(optarg, ""all"")) perf_run = PERF_ALL; else if (!strcmp(optarg, ""end"")) perf_run = PERF_END; else log_message(LOG_INFO, ""Unknown perf start point %s"", optarg); } else perf_run = PERF_RUN; break; #endif #ifdef WITH_DEBUG_OPTIONS case 6: set_debug_options(optarg && optarg[0] ? optarg : NULL); break; #endif case '?': if (optopt && argv[curind][1] != '-') fprintf(stderr, ""Unknown option -%c\n"", optopt); else fprintf(stderr, ""Unknown option %s\n"", argv[curind]); bad_option = true; break; case ':': if (optopt && argv[curind][1] != '-') fprintf(stderr, ""Missing parameter for option -%c\n"", optopt); else fprintf(stderr, ""Missing parameter for option --%s\n"", long_options[longindex].name); bad_option = true; break; default: exit(1); break; } curind = optind; } if (optind < argc) { printf(""Unexpected argument(s): ""); while (optind < argc) printf(""%s "", argv[optind++]); printf(""\n""); } if (bad_option) exit(1); return reopen_log; }",visit repo url,keepalived/core/main.c,https://github.com/acassen/keepalived,225028957565784,1 4698,['CWE-20'],"static int ext4_show_options(struct seq_file *seq, struct vfsmount *vfs) { int def_errors; unsigned long def_mount_opts; struct super_block *sb = vfs->mnt_sb; struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_super_block *es = sbi->s_es; def_mount_opts = le32_to_cpu(es->s_default_mount_opts); def_errors = le16_to_cpu(es->s_errors); if (sbi->s_sb_block != 1) seq_printf(seq, "",sb=%llu"", sbi->s_sb_block); if (test_opt(sb, MINIX_DF)) seq_puts(seq, "",minixdf""); if (test_opt(sb, GRPID) && !(def_mount_opts & EXT4_DEFM_BSDGROUPS)) seq_puts(seq, "",grpid""); if (!test_opt(sb, GRPID) && (def_mount_opts & EXT4_DEFM_BSDGROUPS)) seq_puts(seq, "",nogrpid""); if (sbi->s_resuid != EXT4_DEF_RESUID || le16_to_cpu(es->s_def_resuid) != EXT4_DEF_RESUID) { seq_printf(seq, "",resuid=%u"", sbi->s_resuid); } if (sbi->s_resgid != EXT4_DEF_RESGID || le16_to_cpu(es->s_def_resgid) != EXT4_DEF_RESGID) { seq_printf(seq, "",resgid=%u"", sbi->s_resgid); } if (test_opt(sb, ERRORS_RO)) { if (def_errors == EXT4_ERRORS_PANIC || def_errors == EXT4_ERRORS_CONTINUE) { seq_puts(seq, "",errors=remount-ro""); } } if (test_opt(sb, ERRORS_CONT) && def_errors != EXT4_ERRORS_CONTINUE) seq_puts(seq, "",errors=continue""); if (test_opt(sb, ERRORS_PANIC) && def_errors != EXT4_ERRORS_PANIC) seq_puts(seq, "",errors=panic""); if (test_opt(sb, NO_UID32) && !(def_mount_opts & EXT4_DEFM_UID16)) seq_puts(seq, "",nouid32""); if (test_opt(sb, DEBUG) && !(def_mount_opts & EXT4_DEFM_DEBUG)) seq_puts(seq, "",debug""); if (test_opt(sb, OLDALLOC)) seq_puts(seq, "",oldalloc""); #ifdef CONFIG_EXT4_FS_XATTR if (test_opt(sb, XATTR_USER) && !(def_mount_opts & EXT4_DEFM_XATTR_USER)) seq_puts(seq, "",user_xattr""); if (!test_opt(sb, XATTR_USER) && (def_mount_opts & EXT4_DEFM_XATTR_USER)) { seq_puts(seq, "",nouser_xattr""); } #endif #ifdef CONFIG_EXT4_FS_POSIX_ACL if (test_opt(sb, POSIX_ACL) && !(def_mount_opts & EXT4_DEFM_ACL)) seq_puts(seq, "",acl""); if (!test_opt(sb, POSIX_ACL) && (def_mount_opts & EXT4_DEFM_ACL)) seq_puts(seq, "",noacl""); #endif if (!test_opt(sb, RESERVATION)) seq_puts(seq, "",noreservation""); if (sbi->s_commit_interval != JBD2_DEFAULT_MAX_COMMIT_AGE*HZ) { seq_printf(seq, "",commit=%u"", (unsigned) (sbi->s_commit_interval / HZ)); } if (sbi->s_min_batch_time != EXT4_DEF_MIN_BATCH_TIME) { seq_printf(seq, "",min_batch_time=%u"", (unsigned) sbi->s_min_batch_time); } if (sbi->s_max_batch_time != EXT4_DEF_MAX_BATCH_TIME) { seq_printf(seq, "",max_batch_time=%u"", (unsigned) sbi->s_min_batch_time); } seq_puts(seq, "",barrier=""); seq_puts(seq, test_opt(sb, BARRIER) ? ""1"" : ""0""); if (test_opt(sb, JOURNAL_ASYNC_COMMIT)) seq_puts(seq, "",journal_async_commit""); if (test_opt(sb, NOBH)) seq_puts(seq, "",nobh""); if (!test_opt(sb, EXTENTS)) seq_puts(seq, "",noextents""); if (test_opt(sb, I_VERSION)) seq_puts(seq, "",i_version""); if (!test_opt(sb, DELALLOC)) seq_puts(seq, "",nodelalloc""); if (sbi->s_stripe) seq_printf(seq, "",stripe=%lu"", sbi->s_stripe); if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) seq_puts(seq, "",data=journal""); else if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_ORDERED_DATA) seq_puts(seq, "",data=ordered""); else if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_WRITEBACK_DATA) seq_puts(seq, "",data=writeback""); if (sbi->s_inode_readahead_blks != EXT4_DEF_INODE_READAHEAD_BLKS) seq_printf(seq, "",inode_readahead_blks=%u"", sbi->s_inode_readahead_blks); if (test_opt(sb, DATA_ERR_ABORT)) seq_puts(seq, "",data_err=abort""); ext4_show_quota_options(seq, sb); return 0; }",linux-2.6,,,263878643325319018165784146055630696043,0 4315,['CWE-119'],"static void ima_adpcm_reset1 (_AFmoduleinst *i) { ima_adpcm_data *d = (ima_adpcm_data *) i->modspec; int framesPerBlock = d->framesPerBlock; AFframecount nextTrackFrame = d->track->nextfframe; d->track->nextfframe = (nextTrackFrame / framesPerBlock) * framesPerBlock; d->framesToIgnore = nextTrackFrame - d->track->nextfframe; }",audiofile,,,162214745196181217941883142771122499045,0 2492,CWE-190,"static size_t optsize (lua_State *L, char opt, const char **fmt) { switch (opt) { case 'B': case 'b': return sizeof(char); case 'H': case 'h': return sizeof(short); case 'L': case 'l': return sizeof(long); case 'T': return sizeof(size_t); case 'f': return sizeof(float); case 'd': return sizeof(double); case 'x': return 1; case 'c': return getnum(L, fmt, 1); case 'i': case 'I': { int sz = getnum(L, fmt, sizeof(int)); if (sz > MAXINTSIZE) luaL_error(L, ""integral size %d is larger than limit of %d"", sz, MAXINTSIZE); return sz; } default: return 0; } }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,197889532561149,1 3412,['CWE-264'],"long do_sys_open(int dfd, const char __user *filename, int flags, int mode) { char *tmp = getname(filename); int fd = PTR_ERR(tmp); if (!IS_ERR(tmp)) { fd = get_unused_fd(); if (fd >= 0) { struct file *f = do_filp_open(dfd, tmp, flags, mode); if (IS_ERR(f)) { put_unused_fd(fd); fd = PTR_ERR(f); } else { fsnotify_open(f->f_path.dentry); fd_install(fd, f); } } putname(tmp); } return fd; }",linux-2.6,,,138512950279872707576618778511574213761,0 4068,CWE-125,"static int dex_loadcode(RBinFile *arch, RBinDexObj *bin) { struct r_bin_t *rbin = arch->rbin; int i; int *methods = NULL; int sym_count = 0; if (!bin || bin->methods_list) { return false; } bin->code_from = UT64_MAX; bin->code_to = 0; bin->methods_list = r_list_newf ((RListFree)free); if (!bin->methods_list) { return false; } bin->imports_list = r_list_newf ((RListFree)free); if (!bin->imports_list) { r_list_free (bin->methods_list); return false; } bin->classes_list = r_list_newf ((RListFree)__r_bin_class_free); if (!bin->classes_list) { r_list_free (bin->methods_list); r_list_free (bin->imports_list); return false; } if (bin->header.method_size>bin->size) { bin->header.method_size = 0; return false; } bin->header.method_size = R_MIN (bin->header.method_size, bin->size); bin->header.class_size = R_MIN (bin->header.class_size, bin->size); bin->header.strings_size = R_MIN (bin->header.strings_size, bin->size); if (bin->header.strings_size > bin->size) { eprintf (""Invalid strings size\n""); return false; } if (bin->classes) { ut64 amount = sizeof (int) * bin->header.method_size; if (amount > UT32_MAX || amount < bin->header.method_size) { return false; } methods = calloc (1, amount + 1); for (i = 0; i < bin->header.class_size; i++) { char *super_name, *class_name; struct dex_class_t *c = &bin->classes[i]; class_name = dex_class_name (bin, c); super_name = dex_class_super_name (bin, c); if (dexdump) { rbin->cb_printf (""Class #%d -\n"", i); } parse_class (arch, bin, c, i, methods, &sym_count); free (class_name); free (super_name); } } if (methods) { int import_count = 0; int sym_count = bin->methods_list->length; for (i = 0; i < bin->header.method_size; i++) { int len = 0; if (methods[i]) { continue; } if (bin->methods[i].class_id > bin->header.types_size - 1) { continue; } if (is_class_idx_in_code_classes(bin, bin->methods[i].class_id)) { continue; } char *class_name = getstr ( bin, bin->types[bin->methods[i].class_id] .descriptor_id); if (!class_name) { free (class_name); continue; } len = strlen (class_name); if (len < 1) { continue; } class_name[len - 1] = 0; char *method_name = dex_method_name (bin, i); char *signature = dex_method_signature (bin, i); if (method_name && *method_name) { RBinImport *imp = R_NEW0 (RBinImport); imp->name = r_str_newf (""%s.method.%s%s"", class_name, method_name, signature); imp->type = r_str_const (""FUNC""); imp->bind = r_str_const (""NONE""); imp->ordinal = import_count++; r_list_append (bin->imports_list, imp); RBinSymbol *sym = R_NEW0 (RBinSymbol); sym->name = r_str_newf (""imp.%s"", imp->name); sym->type = r_str_const (""FUNC""); sym->bind = r_str_const (""NONE""); sym->paddr = sym->vaddr = bin->b->base + bin->header.method_offset + (sizeof (struct dex_method_t) * i) ; sym->ordinal = sym_count++; r_list_append (bin->methods_list, sym); sdb_num_set (mdb, sdb_fmt (0, ""method.%d"", i), sym->paddr, 0); } free (method_name); free (signature); free (class_name); } free (methods); } return true; }",visit repo url,libr/bin/p/bin_dex.c,https://github.com/radare/radare2,276172744797629,1 3445,['CWE-20'],"_dbus_marshal_validate_test (void) { DBusString str; int i; const char *valid_paths[] = { ""/"", ""/foo/bar"", ""/foo"", ""/foo/bar/baz"" }; const char *invalid_paths[] = { ""bar"", ""bar/baz"", ""/foo/bar/"", ""/foo/"" ""foo/"", ""boo//blah"", ""//"", ""///"", ""foo///blah/"", ""Hello World"", """", "" "", ""foo bar"" }; const char *valid_interfaces[] = { ""org.freedesktop.Foo"", ""Bar.Baz"", ""Blah.Blah.Blah.Blah.Blah"", ""a.b"", ""a.b.c.d.e.f.g"", ""a0.b1.c2.d3.e4.f5.g6"", ""abc123.foo27"" }; const char *invalid_interfaces[] = { ""."", """", "".."", "".Foo.Bar"", ""..Foo.Bar"", ""Foo.Bar."", ""Foo.Bar.."", ""Foo"", ""9foo.bar.baz"", ""foo.bar..baz"", ""foo.bar...baz"", ""foo.bar.b..blah"", "":"", "":0-1"", ""10"", "":11.34324"", ""0.0.0"", ""0..0"", ""foo.Bar.%"", ""foo.Bar!!"", ""!Foo.bar.bz"", ""foo.$.blah"", """", "" "", ""foo bar"" }; const char *valid_unique_names[] = { "":0"", "":a"", "":"", "":.a"", "":.1"", "":0.1"", "":000.2222"", "":.blah"", "":abce.freedesktop.blah"" }; const char *invalid_unique_names[] = { "":!"", "":blah."", "":blah."", "":blah..org"", "":blah.org.."", "":..blah.org"", """", "" "", ""foo bar"" }; const char *valid_members[] = { ""Hello"", ""Bar"", ""foobar"", ""_foobar"", ""foo89"" }; const char *invalid_members[] = { ""9Hello"", ""10"", ""1"", ""foo-bar"", ""blah.org"", "".blah"", ""blah."", ""Hello."", ""!foo"", """", "" "", ""foo bar"" }; const char *valid_signatures[] = { """", ""sss"", ""i"", ""b"" }; const char *invalid_signatures[] = { "" "", ""not a valid signature"", ""123"", ""."", ""("" ""a{(ii)i}"" }; run_validity_tests (signature_tests, _DBUS_N_ELEMENTS (signature_tests), _dbus_validate_signature_with_reason); i = 0; while (i < (int) _DBUS_N_ELEMENTS (valid_paths)) { _dbus_string_init_const (&str, valid_paths[i]); if (!_dbus_validate_path (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Path \""%s\"" should have been valid\n"", valid_paths[i]); _dbus_assert_not_reached (""invalid path""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (invalid_paths)) { _dbus_string_init_const (&str, invalid_paths[i]); if (_dbus_validate_path (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Path \""%s\"" should have been invalid\n"", invalid_paths[i]); _dbus_assert_not_reached (""valid path""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (valid_interfaces)) { _dbus_string_init_const (&str, valid_interfaces[i]); if (!_dbus_validate_interface (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Interface \""%s\"" should have been valid\n"", valid_interfaces[i]); _dbus_assert_not_reached (""invalid interface""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (invalid_interfaces)) { _dbus_string_init_const (&str, invalid_interfaces[i]); if (_dbus_validate_interface (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Interface \""%s\"" should have been invalid\n"", invalid_interfaces[i]); _dbus_assert_not_reached (""valid interface""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (valid_interfaces)) { _dbus_string_init_const (&str, valid_interfaces[i]); if (!_dbus_validate_bus_name (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Bus name \""%s\"" should have been valid\n"", valid_interfaces[i]); _dbus_assert_not_reached (""invalid bus name""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (invalid_interfaces)) { if (invalid_interfaces[i][0] != ':') { _dbus_string_init_const (&str, invalid_interfaces[i]); if (_dbus_validate_bus_name (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Bus name \""%s\"" should have been invalid\n"", invalid_interfaces[i]); _dbus_assert_not_reached (""valid bus name""); } } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (valid_unique_names)) { _dbus_string_init_const (&str, valid_unique_names[i]); if (!_dbus_validate_bus_name (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Bus name \""%s\"" should have been valid\n"", valid_unique_names[i]); _dbus_assert_not_reached (""invalid unique name""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (invalid_unique_names)) { _dbus_string_init_const (&str, invalid_unique_names[i]); if (_dbus_validate_bus_name (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Bus name \""%s\"" should have been invalid\n"", invalid_unique_names[i]); _dbus_assert_not_reached (""valid unique name""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (valid_interfaces)) { _dbus_string_init_const (&str, valid_interfaces[i]); if (!_dbus_validate_error_name (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Error name \""%s\"" should have been valid\n"", valid_interfaces[i]); _dbus_assert_not_reached (""invalid error name""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (invalid_interfaces)) { if (invalid_interfaces[i][0] != ':') { _dbus_string_init_const (&str, invalid_interfaces[i]); if (_dbus_validate_error_name (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Error name \""%s\"" should have been invalid\n"", invalid_interfaces[i]); _dbus_assert_not_reached (""valid error name""); } } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (valid_members)) { _dbus_string_init_const (&str, valid_members[i]); if (!_dbus_validate_member (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Member \""%s\"" should have been valid\n"", valid_members[i]); _dbus_assert_not_reached (""invalid member""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (invalid_members)) { _dbus_string_init_const (&str, invalid_members[i]); if (_dbus_validate_member (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Member \""%s\"" should have been invalid\n"", invalid_members[i]); _dbus_assert_not_reached (""valid member""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (valid_signatures)) { _dbus_string_init_const (&str, valid_signatures[i]); if (!_dbus_validate_signature (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Signature \""%s\"" should have been valid\n"", valid_signatures[i]); _dbus_assert_not_reached (""invalid signature""); } ++i; } i = 0; while (i < (int) _DBUS_N_ELEMENTS (invalid_signatures)) { _dbus_string_init_const (&str, invalid_signatures[i]); if (_dbus_validate_signature (&str, 0, _dbus_string_get_length (&str))) { _dbus_warn (""Signature \""%s\"" should have been invalid\n"", invalid_signatures[i]); _dbus_assert_not_reached (""valid signature""); } ++i; } _dbus_string_init_const (&str, ""abc.efg""); if (_dbus_validate_bus_name (&str, 0, 8)) _dbus_assert_not_reached (""validated too-long string""); if (_dbus_validate_interface (&str, 0, 8)) _dbus_assert_not_reached (""validated too-long string""); if (_dbus_validate_error_name (&str, 0, 8)) _dbus_assert_not_reached (""validated too-long string""); _dbus_string_init_const (&str, ""abc""); if (_dbus_validate_member (&str, 0, 4)) _dbus_assert_not_reached (""validated too-long string""); _dbus_string_init_const (&str, ""sss""); if (_dbus_validate_signature (&str, 0, 4)) _dbus_assert_not_reached (""validated too-long signature""); if (!_dbus_string_init (&str)) _dbus_assert_not_reached (""no memory""); while (_dbus_string_get_length (&str) <= DBUS_MAXIMUM_NAME_LENGTH) if (!_dbus_string_append (&str, ""abc.def"")) _dbus_assert_not_reached (""no memory""); if (_dbus_validate_bus_name (&str, 0, _dbus_string_get_length (&str))) _dbus_assert_not_reached (""validated overmax string""); if (_dbus_validate_interface (&str, 0, _dbus_string_get_length (&str))) _dbus_assert_not_reached (""validated overmax string""); if (_dbus_validate_error_name (&str, 0, _dbus_string_get_length (&str))) _dbus_assert_not_reached (""validated overmax string""); _dbus_string_set_length (&str, 0); while (_dbus_string_get_length (&str) <= DBUS_MAXIMUM_NAME_LENGTH) if (!_dbus_string_append (&str, ""abc"")) _dbus_assert_not_reached (""no memory""); if (_dbus_validate_member (&str, 0, _dbus_string_get_length (&str))) _dbus_assert_not_reached (""validated overmax string""); _dbus_string_set_length (&str, 0); _dbus_string_append (&str, "":""); while (_dbus_string_get_length (&str) <= DBUS_MAXIMUM_NAME_LENGTH) if (!_dbus_string_append (&str, ""abc"")) _dbus_assert_not_reached (""no memory""); if (_dbus_validate_bus_name (&str, 0, _dbus_string_get_length (&str))) _dbus_assert_not_reached (""validated overmax string""); _dbus_string_free (&str); { int sequence; DBusString signature; DBusString body; if (!_dbus_string_init (&signature) || !_dbus_string_init (&body)) _dbus_assert_not_reached (""oom""); sequence = 0; while (dbus_internal_do_not_use_generate_bodies (sequence, DBUS_LITTLE_ENDIAN, &signature, &body)) { DBusValidity validity; validity = _dbus_validate_body_with_reason (&signature, 0, DBUS_LITTLE_ENDIAN, NULL, &body, 0, _dbus_string_get_length (&body)); if (validity != DBUS_VALID) { _dbus_warn (""invalid code %d expected valid on sequence %d little endian\n"", validity, sequence); _dbus_verbose_bytes_of_string (&signature, 0, _dbus_string_get_length (&signature)); _dbus_verbose_bytes_of_string (&body, 0, _dbus_string_get_length (&body)); _dbus_assert_not_reached (""test failed""); } _dbus_string_set_length (&signature, 0); _dbus_string_set_length (&body, 0); ++sequence; } sequence = 0; while (dbus_internal_do_not_use_generate_bodies (sequence, DBUS_BIG_ENDIAN, &signature, &body)) { DBusValidity validity; validity = _dbus_validate_body_with_reason (&signature, 0, DBUS_BIG_ENDIAN, NULL, &body, 0, _dbus_string_get_length (&body)); if (validity != DBUS_VALID) { _dbus_warn (""invalid code %d expected valid on sequence %d big endian\n"", validity, sequence); _dbus_verbose_bytes_of_string (&signature, 0, _dbus_string_get_length (&signature)); _dbus_verbose_bytes_of_string (&body, 0, _dbus_string_get_length (&body)); _dbus_assert_not_reached (""test failed""); } _dbus_string_set_length (&signature, 0); _dbus_string_set_length (&body, 0); ++sequence; } _dbus_string_free (&signature); _dbus_string_free (&body); } return TRUE; }",dbus,,,68481608422978057317662083509674440693,0 4234,CWE-415,"R_API void r_core_fini(RCore *c) { if (!c) { return; } r_core_task_break_all (&c->tasks); r_core_task_join (&c->tasks, NULL, -1); r_core_wait (c); r_list_free (c->ropchain); r_event_free (c->ev); free (c->cmdlog); free (c->lastsearch); R_FREE (c->cons->pager); free (c->cmdqueue); free (c->lastcmd); free (c->stkcmd); r_list_free (c->visual.tabs); free (c->block); r_core_autocomplete_free (c->autocomplete); r_list_free (c->gadgets); r_list_free (c->undos); r_num_free (c->num); free (c->table_query); r_list_free (c->files); r_list_free (c->watchers); r_list_free (c->scriptstack); r_core_task_scheduler_fini (&c->tasks); c->rcmd = r_cmd_free (c->rcmd); r_list_free (c->cmd_descriptors); c->anal = r_anal_free (c->anal); r_asm_free (c->assembler); c->assembler = NULL; c->print = r_print_free (c->print); c->bin = (r_bin_free (c->bin), NULL); c->lang = (r_lang_free (c->lang), NULL); c->dbg = (r_debug_free (c->dbg), NULL); r_io_free (c->io); r_config_free (c->config); r_cons_free (); r_cons_singleton ()->teefile = NULL; r_search_free (c->search); r_flag_free (c->flags); r_fs_free (c->fs); r_egg_free (c->egg); r_lib_free (c->lib); r_buf_free (c->yank_buf); r_agraph_free (c->graph); free (c->asmqjmps); sdb_free (c->sdb); r_core_log_free (c->log); r_parse_free (c->parser); free (c->times); }",visit repo url,libr/core/core.c,https://github.com/radareorg/radare2,71436360938913,1 4249,CWE-369,"static void rebase_buffer(struct MACH0_(obj_t) *obj, ut64 off, RIODesc *fd, ut8 *buf, int count) { if (obj->rebasing_buffer) { return; } obj->rebasing_buffer = true; ut64 eob = off + count; int i = 0; for (; i < obj->nsegs; i++) { if (!obj->chained_starts[i]) { continue; } ut64 page_size = obj->chained_starts[i]->page_size; ut64 start = obj->segs[i].fileoff; ut64 end = start + obj->segs[i].filesize; if (end >= off && start <= eob) { ut64 page_idx = (R_MAX (start, off) - start) / page_size; ut64 page_end_idx = (R_MIN (eob, end) - start) / page_size; for (; page_idx <= page_end_idx; page_idx++) { if (page_idx >= obj->chained_starts[i]->page_count) { break; } ut16 page_start = obj->chained_starts[i]->page_start[page_idx]; if (page_start == DYLD_CHAINED_PTR_START_NONE) { continue; } ut64 cursor = start + page_idx * page_size + page_start; while (cursor < eob && cursor < end) { ut8 tmp[8]; if (r_buf_read_at (obj->b, cursor, tmp, 8) != 8) { break; } ut64 raw_ptr = r_read_le64 (tmp); bool is_auth = IS_PTR_AUTH (raw_ptr); bool is_bind = IS_PTR_BIND (raw_ptr); ut64 ptr_value = raw_ptr; ut64 delta; if (is_auth && is_bind) { struct dyld_chained_ptr_arm64e_auth_bind *p = (struct dyld_chained_ptr_arm64e_auth_bind *) &raw_ptr; delta = p->next; } else if (!is_auth && is_bind) { struct dyld_chained_ptr_arm64e_bind *p = (struct dyld_chained_ptr_arm64e_bind *) &raw_ptr; delta = p->next; } else if (is_auth && !is_bind) { struct dyld_chained_ptr_arm64e_auth_rebase *p = (struct dyld_chained_ptr_arm64e_auth_rebase *) &raw_ptr; delta = p->next; ptr_value = p->target + obj->baddr; } else { struct dyld_chained_ptr_arm64e_rebase *p = (struct dyld_chained_ptr_arm64e_rebase *) &raw_ptr; delta = p->next; ptr_value = ((ut64)p->high8 << 56) | p->target; } ut64 in_buf = cursor - off; if (cursor >= off && cursor <= eob - 8) { r_write_le64 (&buf[in_buf], ptr_value); } cursor += delta * 8; if (!delta) { break; } } } } } obj->rebasing_buffer = false; }",visit repo url,libr/bin/p/bin_mach0.c,https://github.com/radareorg/radare2,262194465903861,1 3785,[],"static void inc_inflight(struct sock *sk) { atomic_inc(&unix_sk(sk)->inflight); }",linux-2.6,,,310831352493380269152755035815633700362,0 454,[],"pfm_reset_msgq(pfm_context_t *ctx) { ctx->ctx_msgq_head = ctx->ctx_msgq_tail = 0; DPRINT((""ctx=%p msgq reset\n"", ctx)); }",linux-2.6,,,233378435429133363154200048646695576049,0 3150,['CWE-189'],"uint_fast32_t jas_image_rawsize(jas_image_t *image) { uint_fast32_t rawsize; int cmptno; jas_image_cmpt_t *cmpt; rawsize = 0; for (cmptno = 0; cmptno < image->numcmpts_; ++cmptno) { cmpt = image->cmpts_[cmptno]; rawsize += (cmpt->width_ * cmpt->height_ * cmpt->prec_ + 7) / 8; } return rawsize; }",jasper,,,329891998423580844156464650887899767554,0 3615,[],"void rtc_dev_prepare(struct rtc_device *rtc) { if (!rtc_devt) return; if (rtc->id >= RTC_DEV_MAX) { pr_debug(""%s: too many RTC devices\n"", rtc->name); return; } rtc->dev.devt = MKDEV(MAJOR(rtc_devt), rtc->id); #ifdef CONFIG_RTC_INTF_DEV_UIE_EMUL INIT_WORK(&rtc->uie_task, rtc_uie_task); setup_timer(&rtc->uie_timer, rtc_uie_timer, (unsigned long)rtc); #endif cdev_init(&rtc->char_dev, &rtc_dev_fops); rtc->char_dev.owner = rtc->owner; }",linux-2.6,,,189571562307464059662135079442712027206,0 1398,CWE-310,"static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_aead raead; struct aead_alg *aead = &alg->cra_aead; snprintf(raead.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""nivaead""); snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", aead->geniv); raead.blocksize = alg->cra_blocksize; raead.maxauthsize = aead->maxauthsize; raead.ivsize = aead->ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(struct crypto_report_aead), &raead)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/aead.c,https://github.com/torvalds/linux,196202653783542,1 4086,CWE-119,"grub_ext4_find_leaf (struct grub_ext2_data *data, char *buf, struct grub_ext4_extent_header *ext_block, grub_uint32_t fileblock) { struct grub_ext4_extent_idx *index; while (1) { int i; grub_disk_addr_t block; index = (struct grub_ext4_extent_idx *) (ext_block + 1); if (grub_le_to_cpu16(ext_block->magic) != EXT4_EXT_MAGIC) return 0; if (ext_block->depth == 0) return ext_block; for (i = 0; i < grub_le_to_cpu16 (ext_block->entries); i++) { if (fileblock < grub_le_to_cpu32(index[i].block)) break; } if (--i < 0) return 0; block = grub_le_to_cpu16 (index[i].leaf_hi); block = (block << 32) + grub_le_to_cpu32 (index[i].leaf); if (grub_disk_read (data->disk, block << LOG2_EXT2_BLOCK_SIZE (data), 0, EXT2_BLOCK_SIZE(data), buf)) return 0; ext_block = (struct grub_ext4_extent_header *) buf; } }",visit repo url,shlr/grub/fs/ext2.c,https://github.com/radare/radare2,247673582593611,1 1476,[],"int __sched _cond_resched(void) { if (need_resched() && !(preempt_count() & PREEMPT_ACTIVE) && system_state == SYSTEM_RUNNING) { __cond_resched(); return 1; } return 0; }",linux-2.6,,,18401551072728991674574495674694618022,0 5197,CWE-190,"TfLiteIntArray* TfLiteIntArrayCreate(int size) { int alloc_size = TfLiteIntArrayGetSizeInBytes(size); if (alloc_size <= 0) return NULL; TfLiteIntArray* ret = (TfLiteIntArray*)malloc(alloc_size); if (!ret) return ret; ret->size = size; return ret; }",visit repo url,tensorflow/lite/c/common.c,https://github.com/tensorflow/tensorflow,66807248247012,1 6068,['CWE-200'],"static void cbq_ovl_lowprio(struct cbq_class *cl) { struct cbq_sched_data *q = qdisc_priv(cl->qdisc); cl->penalized = jiffies + cl->penalty; if (cl->cpriority != cl->priority2) { cl->cpriority = cl->priority2; q->pmask |= (1<cpriority); cl->xstats.overactions++; } cbq_ovl_classic(cl); }",linux-2.6,,,248704859434325191294760497287811620853,0 3444,['CWE-20'],"_dbus_validate_signature_with_reason (const DBusString *type_str, int type_pos, int len) { const unsigned char *p; const unsigned char *end; int last; int struct_depth; int array_depth; int dict_entry_depth; DBusValidity result; int element_count; DBusList *element_count_stack; result = DBUS_VALID; element_count_stack = NULL; if (!_dbus_list_append (&element_count_stack, _DBUS_INT_TO_POINTER (0))) { result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR; goto out; } _dbus_assert (type_str != NULL); _dbus_assert (type_pos < _DBUS_INT32_MAX - len); _dbus_assert (len >= 0); _dbus_assert (type_pos >= 0); if (len > DBUS_MAXIMUM_SIGNATURE_LENGTH) { result = DBUS_INVALID_SIGNATURE_TOO_LONG; goto out; } p = _dbus_string_get_const_data_len (type_str, type_pos, 0); end = _dbus_string_get_const_data_len (type_str, type_pos + len, 0); struct_depth = 0; array_depth = 0; dict_entry_depth = 0; last = DBUS_TYPE_INVALID; while (p != end) { switch (*p) { case DBUS_TYPE_BYTE: case DBUS_TYPE_BOOLEAN: case DBUS_TYPE_INT16: case DBUS_TYPE_UINT16: case DBUS_TYPE_INT32: case DBUS_TYPE_UINT32: case DBUS_TYPE_INT64: case DBUS_TYPE_UINT64: case DBUS_TYPE_DOUBLE: case DBUS_TYPE_STRING: case DBUS_TYPE_OBJECT_PATH: case DBUS_TYPE_SIGNATURE: case DBUS_TYPE_VARIANT: break; case DBUS_TYPE_ARRAY: array_depth += 1; if (array_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH) { result = DBUS_INVALID_EXCEEDED_MAXIMUM_ARRAY_RECURSION; goto out; } break; case DBUS_STRUCT_BEGIN_CHAR: struct_depth += 1; if (struct_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH) { result = DBUS_INVALID_EXCEEDED_MAXIMUM_STRUCT_RECURSION; goto out; } if (!_dbus_list_append (&element_count_stack, _DBUS_INT_TO_POINTER (0))) { result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR; goto out; } break; case DBUS_STRUCT_END_CHAR: if (struct_depth == 0) { result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED; goto out; } if (last == DBUS_STRUCT_BEGIN_CHAR) { result = DBUS_INVALID_STRUCT_HAS_NO_FIELDS; goto out; } _dbus_list_pop_last (&element_count_stack); struct_depth -= 1; break; case DBUS_DICT_ENTRY_BEGIN_CHAR: if (last != DBUS_TYPE_ARRAY) { result = DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY; goto out; } dict_entry_depth += 1; if (dict_entry_depth > DBUS_MAXIMUM_TYPE_RECURSION_DEPTH) { result = DBUS_INVALID_EXCEEDED_MAXIMUM_DICT_ENTRY_RECURSION; goto out; } if (!_dbus_list_append (&element_count_stack, _DBUS_INT_TO_POINTER (0))) { result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR; goto out; } break; case DBUS_DICT_ENTRY_END_CHAR: if (dict_entry_depth == 0) { result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED; goto out; } dict_entry_depth -= 1; element_count = _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack)); if (element_count != 2) { if (element_count == 0) result = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS; else if (element_count == 1) result = DBUS_INVALID_DICT_ENTRY_HAS_ONLY_ONE_FIELD; else result = DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS; goto out; } break; case DBUS_TYPE_STRUCT: case DBUS_TYPE_DICT_ENTRY: default: result = DBUS_INVALID_UNKNOWN_TYPECODE; goto out; } if (*p != DBUS_TYPE_ARRAY && *p != DBUS_DICT_ENTRY_BEGIN_CHAR && *p != DBUS_STRUCT_BEGIN_CHAR) { element_count = _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack)); ++element_count; if (!_dbus_list_append (&element_count_stack, _DBUS_INT_TO_POINTER (element_count))) { result = DBUS_VALIDITY_UNKNOWN_OOM_ERROR; goto out; } } if (array_depth > 0) { if (*p == DBUS_TYPE_ARRAY && p != end) { const char *p1; p1 = p + 1; if (*p1 == DBUS_STRUCT_END_CHAR || *p1 == DBUS_DICT_ENTRY_END_CHAR) { result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE; goto out; } } else { array_depth = 0; } } if (last == DBUS_DICT_ENTRY_BEGIN_CHAR && _dbus_type_is_valid (*p) && !dbus_type_is_basic (*p)) { result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE; goto out; } last = *p; ++p; } if (array_depth > 0) { result = DBUS_INVALID_MISSING_ARRAY_ELEMENT_TYPE; goto out; } if (struct_depth > 0) { result = DBUS_INVALID_STRUCT_STARTED_BUT_NOT_ENDED; goto out; } if (dict_entry_depth > 0) { result = DBUS_INVALID_DICT_ENTRY_STARTED_BUT_NOT_ENDED; goto out; } _dbus_assert (last != DBUS_TYPE_ARRAY); _dbus_assert (last != DBUS_STRUCT_BEGIN_CHAR); _dbus_assert (last != DBUS_DICT_ENTRY_BEGIN_CHAR); result = DBUS_VALID; out: _dbus_list_clear (&element_count_stack); return result; }",dbus,,,2546293437883812620465091390877859088,0 5690,['CWE-476'],"static void udp_v4_unhash(struct sock *sk) { write_lock_bh(&udp_hash_lock); if (sk_del_node_init(sk)) { inet_sk(sk)->num = 0; sock_prot_dec_use(sk->sk_prot); } write_unlock_bh(&udp_hash_lock); }",linux-2.6,,,224121233013750089293787901958894899873,0 6643,['CWE-200'],"clear_animation_timeout (NMApplet *applet) { if (applet->animation_id) { g_source_remove (applet->animation_id); applet->animation_id = 0; applet->animation_step = 0; } }",network-manager-applet,,,321256424116235675451237555580980424436,0 3083,['CWE-189'],"static int jpc_dec_cp_setfromcod(jpc_dec_cp_t *cp, jpc_cod_t *cod) { jpc_dec_ccp_t *ccp; int compno; cp->flags |= JPC_CSET; cp->prgord = cod->prg; if (cod->mctrans) { cp->mctid = (cod->compparms.qmfbid == JPC_COX_INS) ? (JPC_MCT_ICT) : (JPC_MCT_RCT); } else { cp->mctid = JPC_MCT_NONE; } cp->numlyrs = cod->numlyrs; cp->csty = cod->csty & (JPC_COD_SOP | JPC_COD_EPH); for (compno = 0, ccp = cp->ccps; compno < cp->numcomps; ++compno, ++ccp) { jpc_dec_cp_setfromcox(cp, ccp, &cod->compparms, 0); } cp->flags |= JPC_CSET; return 0; }",jasper,,,126847841085806045856989373229807734770,0 3678,CWE-787,"hb_set_union (hb_set_t *set, const hb_set_t *other) { if (unlikely (hb_object_is_immutable (set))) return; set->union_ (*other); }",visit repo url,src/hb-set.cc,https://github.com/harfbuzz/harfbuzz,28852169254147,1 914,CWE-189,"static void recalculate_apic_map(struct kvm *kvm) { struct kvm_apic_map *new, *old = NULL; struct kvm_vcpu *vcpu; int i; new = kzalloc(sizeof(struct kvm_apic_map), GFP_KERNEL); mutex_lock(&kvm->arch.apic_map_lock); if (!new) goto out; new->ldr_bits = 8; new->cid_shift = 8; new->cid_mask = 0; new->lid_mask = 0xff; kvm_for_each_vcpu(i, vcpu, kvm) { struct kvm_lapic *apic = vcpu->arch.apic; u16 cid, lid; u32 ldr; if (!kvm_apic_present(vcpu)) continue; if (apic_x2apic_mode(apic)) { new->ldr_bits = 32; new->cid_shift = 16; new->cid_mask = new->lid_mask = 0xffff; } else if (kvm_apic_sw_enabled(apic) && !new->cid_mask && kvm_apic_get_reg(apic, APIC_DFR) == APIC_DFR_CLUSTER) { new->cid_shift = 4; new->cid_mask = 0xf; new->lid_mask = 0xf; } new->phys_map[kvm_apic_id(apic)] = apic; ldr = kvm_apic_get_reg(apic, APIC_LDR); cid = apic_cluster_id(new, ldr); lid = apic_logical_id(new, ldr); if (lid) new->logical_map[cid][ffs(lid) - 1] = apic; } out: old = rcu_dereference_protected(kvm->arch.apic_map, lockdep_is_held(&kvm->arch.apic_map_lock)); rcu_assign_pointer(kvm->arch.apic_map, new); mutex_unlock(&kvm->arch.apic_map_lock); if (old) kfree_rcu(old, rcu); kvm_vcpu_request_scan_ioapic(kvm); }",visit repo url,arch/x86/kvm/lapic.c,https://github.com/torvalds/linux,41272023112582,1 23,CWE-200,"svcauth_gss_accept_sec_context(struct svc_req *rqst, struct rpc_gss_init_res *gr) { struct svc_rpc_gss_data *gd; struct rpc_gss_cred *gc; gss_buffer_desc recv_tok, seqbuf; gss_OID mech; OM_uint32 maj_stat = 0, min_stat = 0, ret_flags, seq; log_debug(""in svcauth_gss_accept_context()""); gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth); gc = (struct rpc_gss_cred *)rqst->rq_clntcred; memset(gr, 0, sizeof(*gr)); memset(&recv_tok, 0, sizeof(recv_tok)); if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args, (caddr_t)&recv_tok)) return (FALSE); gr->gr_major = gss_accept_sec_context(&gr->gr_minor, &gd->ctx, svcauth_gss_creds, &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &gd->client_name, &mech, &gr->gr_token, &ret_flags, NULL, NULL); svc_freeargs(rqst->rq_xprt, xdr_rpc_gss_init_args, (caddr_t)&recv_tok); log_status(""accept_sec_context"", gr->gr_major, gr->gr_minor); if (gr->gr_major != GSS_S_COMPLETE && gr->gr_major != GSS_S_CONTINUE_NEEDED) { badauth(gr->gr_major, gr->gr_minor, rqst->rq_xprt); gd->ctx = GSS_C_NO_CONTEXT; goto errout; } if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) { fprintf(stderr, ""svcauth_gss_accept_context: out of memory\n""); goto errout; } memcpy(gr->gr_ctx.value, gd->ctx, sizeof(gss_union_ctx_id_desc)); gr->gr_ctx.length = sizeof(gss_union_ctx_id_desc); gr->gr_win = sizeof(gd->seqmask) * 8; gd->sec.mech = mech; gd->sec.qop = GSS_C_QOP_DEFAULT; gd->sec.svc = gc->gc_svc; gd->seq = gc->gc_seq; gd->win = gr->gr_win; if (gr->gr_major == GSS_S_COMPLETE) { #ifdef SPKM if(!g_OID_equal(gss_mech_spkm3, mech)) { #endif maj_stat = gss_display_name(&min_stat, gd->client_name, &gd->cname, &gd->sec.mech); #ifdef SPKM } #endif if (maj_stat != GSS_S_COMPLETE) { log_status(""display_name"", maj_stat, min_stat); goto errout; } #ifdef DEBUG #ifdef HAVE_HEIMDAL log_debug(""accepted context for %.*s with "" """", gd->cname.length, (char *)gd->cname.value, gd->sec.qop, gd->sec.svc); #else { gss_buffer_desc mechname; gss_oid_to_str(&min_stat, mech, &mechname); log_debug(""accepted context for %.*s with "" """", gd->cname.length, (char *)gd->cname.value, mechname.length, (char *)mechname.value, gd->sec.qop, gd->sec.svc); gss_release_buffer(&min_stat, &mechname); } #endif #endif seq = htonl(gr->gr_win); seqbuf.value = &seq; seqbuf.length = sizeof(seq); gss_release_buffer(&min_stat, &gd->checksum); maj_stat = gss_sign(&min_stat, gd->ctx, GSS_C_QOP_DEFAULT, &seqbuf, &gd->checksum); if (maj_stat != GSS_S_COMPLETE) { goto errout; } rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS; rqst->rq_xprt->xp_verf.oa_base = gd->checksum.value; rqst->rq_xprt->xp_verf.oa_length = gd->checksum.length; } return (TRUE); errout: gss_release_buffer(&min_stat, &gr->gr_token); return (FALSE); }",visit repo url,src/lib/rpc/svc_auth_gss.c,https://github.com/krb5/krb5,138589474907639,1 5938,CWE-120,"static void dbEvalSetColumnJSON(DbEvalContext *p, int iCol, Jsi_DString *dStr) { Jsi_Interp *interp = p->jdb->interp; char nbuf[200]; sqlite3_stmt *pStmt = p->pPreStmt->pStmt; switch( sqlite3_column_type(pStmt, iCol) ) { case SQLITE_BLOB: { int bytes = sqlite3_column_bytes(pStmt, iCol); const char *zBlob = (char*)sqlite3_column_blob(pStmt, iCol); if( !zBlob ) { Jsi_DSAppend(dStr, ""null"", NULL); return; } Jsi_JSONQuote(interp, zBlob, bytes, dStr); return; } case SQLITE_INTEGER: { sqlite_int64 v = sqlite3_column_int64(pStmt, iCol); if (v==0 || v==1) { const char *dectyp = sqlite3_column_decltype(pStmt, iCol); if (dectyp && !Jsi_Strncasecmp(dectyp,""bool"", 4)) { Jsi_DSAppend(dStr, (v?""true"":""false""), NULL); return; } } #ifdef __WIN32 snprintf(nbuf, sizeof(nbuf), ""%"" PRId64, (Jsi_Wide)v); #else snprintf(nbuf, sizeof(nbuf), ""%lld"", v); #endif Jsi_DSAppend(dStr, nbuf, NULL); return; } case SQLITE_FLOAT: { Jsi_NumberToString(interp, sqlite3_column_double(pStmt, iCol), nbuf, sizeof(nbuf)); Jsi_DSAppend(dStr, nbuf, NULL); return; } case SQLITE_NULL: { Jsi_DSAppend(dStr, ""null"", NULL); return; } } const char *str = (char*)sqlite3_column_text(pStmt, iCol ); if (!str) str = p->jdb->optPtr->nullvalue; Jsi_JSONQuote(interp, str?str:"""", -1, dStr); }",visit repo url,src/jsiSqlite.c,https://github.com/pcmacdon/jsish,141167638438360,1 3504,['CWE-20'],"sctp_disposition_t sctp_sf_do_5_1C_ack(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; sctp_init_chunk_t *initchunk; struct sctp_chunk *err_chunk; struct sctp_packet *packet; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!chunk->singleton) return sctp_sf_violation_chunk(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_initack_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data; err_chunk = NULL; if (!sctp_verify_init(asoc, chunk->chunk_hdr->type, (sctp_init_chunk_t *)chunk->chunk_hdr, chunk, &err_chunk)) { sctp_error_t error = SCTP_ERROR_NO_RESOURCE; if (err_chunk) { packet = sctp_abort_pkt_new(ep, asoc, arg, (__u8 *)(err_chunk->chunk_hdr) + sizeof(sctp_chunkhdr_t), ntohs(err_chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t)); sctp_chunk_free(err_chunk); if (packet) { sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(packet)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); error = SCTP_ERROR_INV_PARAM; } } if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); return sctp_stop_t1_and_abort(commands, error, ECONNREFUSED, asoc, chunk->transport); } chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t)); initchunk = (sctp_init_chunk_t *) chunk->chunk_hdr; sctp_add_cmd_sf(commands, SCTP_CMD_PEER_INIT, SCTP_PEER_INIT(initchunk)); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_RESET, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_COOKIE_ECHOED)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_SHKEY, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_GEN_COOKIE_ECHO, SCTP_CHUNK(err_chunk)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,337001189602414160418806225361028892363,0 2295,CWE-362,"static int handle_emulation_failure(struct kvm_vcpu *vcpu) { ++vcpu->stat.insn_emulation_fail; trace_kvm_emulate_insn_failed(vcpu); vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION; vcpu->run->internal.ndata = 0; kvm_queue_exception(vcpu, UD_VECTOR); return EMULATE_FAIL; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,52340554245194,1 1310,CWE-189,"static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen) { struct page *pages[NFS4ACL_MAXPAGES] = {NULL, }; struct nfs_getaclargs args = { .fh = NFS_FH(inode), .acl_pages = pages, .acl_len = buflen, }; struct nfs_getaclres res = { .acl_len = buflen, }; void *resp_buf; struct rpc_message msg = { .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_GETACL], .rpc_argp = &args, .rpc_resp = &res, }; int ret = -ENOMEM, npages, i, acl_len = 0; npages = (buflen + PAGE_SIZE - 1) >> PAGE_SHIFT; if (npages == 0) npages = 1; for (i = 0; i < npages; i++) { pages[i] = alloc_page(GFP_KERNEL); if (!pages[i]) goto out_free; } if (npages > 1) { res.acl_scratch = alloc_page(GFP_KERNEL); if (!res.acl_scratch) goto out_free; } args.acl_len = npages * PAGE_SIZE; args.acl_pgbase = 0; if (buf == NULL) res.acl_flags |= NFS4_ACL_LEN_REQUEST; resp_buf = page_address(pages[0]); dprintk(""%s buf %p buflen %zu npages %d args.acl_len %zu\n"", __func__, buf, buflen, npages, args.acl_len); ret = nfs4_call_sync(NFS_SERVER(inode)->client, NFS_SERVER(inode), &msg, &args.seq_args, &res.seq_res, 0); if (ret) goto out_free; acl_len = res.acl_len - res.acl_data_offset; if (acl_len > args.acl_len) nfs4_write_cached_acl(inode, NULL, acl_len); else nfs4_write_cached_acl(inode, resp_buf + res.acl_data_offset, acl_len); if (buf) { ret = -ERANGE; if (acl_len > buflen) goto out_free; _copy_from_pages(buf, pages, res.acl_data_offset, res.acl_len); } ret = acl_len; out_free: for (i = 0; i < npages; i++) if (pages[i]) __free_page(pages[i]); if (res.acl_scratch) __free_page(res.acl_scratch); return ret; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,79949653788789,1 5125,CWE-125,"FunctionDef(identifier name, arguments_ty args, asdl_seq * body, asdl_seq * decorator_list, expr_ty returns, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; if (!name) { PyErr_SetString(PyExc_ValueError, ""field name is required for FunctionDef""); return NULL; } if (!args) { PyErr_SetString(PyExc_ValueError, ""field args is required for FunctionDef""); return NULL; } p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = FunctionDef_kind; p->v.FunctionDef.name = name; p->v.FunctionDef.args = args; p->v.FunctionDef.body = body; p->v.FunctionDef.decorator_list = decorator_list; p->v.FunctionDef.returns = returns; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,262081031761430,1 5239,CWE-787,"gplotRead(const char *filename) { char buf[L_BUF_SIZE]; char *rootname, *title, *xlabel, *ylabel, *ignores; l_int32 outformat, ret, version, ignore; FILE *fp; GPLOT *gplot; PROCNAME(""gplotRead""); if (!filename) return (GPLOT *)ERROR_PTR(""filename not defined"", procName, NULL); if ((fp = fopenReadStream(filename)) == NULL) return (GPLOT *)ERROR_PTR(""stream not opened"", procName, NULL); ret = fscanf(fp, ""Gplot Version %d\n"", &version); if (ret != 1) { fclose(fp); return (GPLOT *)ERROR_PTR(""not a gplot file"", procName, NULL); } if (version != GPLOT_VERSION_NUMBER) { fclose(fp); return (GPLOT *)ERROR_PTR(""invalid gplot version"", procName, NULL); } ignore = fscanf(fp, ""Rootname: %s\n"", buf); rootname = stringNew(buf); ignore = fscanf(fp, ""Output format: %d\n"", &outformat); ignores = fgets(buf, L_BUF_SIZE, fp); title = stringNew(buf + 7); title[strlen(title) - 1] = '\0'; ignores = fgets(buf, L_BUF_SIZE, fp); xlabel = stringNew(buf + 14); xlabel[strlen(xlabel) - 1] = '\0'; ignores = fgets(buf, L_BUF_SIZE, fp); ylabel = stringNew(buf + 14); ylabel[strlen(ylabel) - 1] = '\0'; gplot = gplotCreate(rootname, outformat, title, xlabel, ylabel); LEPT_FREE(rootname); LEPT_FREE(title); LEPT_FREE(xlabel); LEPT_FREE(ylabel); if (!gplot) { fclose(fp); return (GPLOT *)ERROR_PTR(""gplot not made"", procName, NULL); } sarrayDestroy(&gplot->cmddata); sarrayDestroy(&gplot->datanames); sarrayDestroy(&gplot->plotdata); sarrayDestroy(&gplot->plottitles); numaDestroy(&gplot->plotstyles); ignore = fscanf(fp, ""Commandfile name: %s\n"", buf); stringReplace(&gplot->cmdname, buf); ignore = fscanf(fp, ""\nCommandfile data:""); gplot->cmddata = sarrayReadStream(fp); ignore = fscanf(fp, ""\nDatafile names:""); gplot->datanames = sarrayReadStream(fp); ignore = fscanf(fp, ""\nPlot data:""); gplot->plotdata = sarrayReadStream(fp); ignore = fscanf(fp, ""\nPlot titles:""); gplot->plottitles = sarrayReadStream(fp); ignore = fscanf(fp, ""\nPlot styles:""); gplot->plotstyles = numaReadStream(fp); ignore = fscanf(fp, ""Number of plots: %d\n"", &gplot->nplots); ignore = fscanf(fp, ""Output file name: %s\n"", buf); stringReplace(&gplot->outname, buf); ignore = fscanf(fp, ""Axis scaling: %d\n"", &gplot->scaling); fclose(fp); return gplot; }",visit repo url,src/gplot.c,https://github.com/DanBloomberg/leptonica,159916662928442,1 4698,CWE-120,"int mutt_from_base64 (char *out, const char *in) { int len = 0; register unsigned char digit1, digit2, digit3, digit4; do { digit1 = in[0]; if (digit1 > 127 || base64val (digit1) == BAD) return -1; digit2 = in[1]; if (digit2 > 127 || base64val (digit2) == BAD) return -1; digit3 = in[2]; if (digit3 > 127 || ((digit3 != '=') && (base64val (digit3) == BAD))) return -1; digit4 = in[3]; if (digit4 > 127 || ((digit4 != '=') && (base64val (digit4) == BAD))) return -1; in += 4; *out++ = (base64val(digit1) << 2) | (base64val(digit2) >> 4); len++; if (digit3 != '=') { *out++ = ((base64val(digit2) << 4) & 0xf0) | (base64val(digit3) >> 2); len++; if (digit4 != '=') { *out++ = ((base64val(digit3) << 6) & 0xc0) | base64val(digit4); len++; } } } while (*in && digit4 != '='); return len; }",visit repo url,base64.c,https://gitlab.com/muttmua/mutt,47099101784312,1 2020,CWE-416,"static void clear_evtchn_to_irq_row(unsigned row) { unsigned col; for (col = 0; col < EVTCHN_PER_ROW; col++) evtchn_to_irq[row][col] = -1; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,272758822395205,1 697,[],"static int jpc_qcd_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_qcxcp_t *compparms = &ms->parms.qcd.compparms; return jpc_qcx_putcompparms(compparms, cstate, out); }",jasper,,,216515920968236488622086000697601401916,0 5040,[],"static void recvfrom_child(void *private_data_data, BOOL success) { struct winbindd_cli_state *state = talloc_get_type_abort(private_data_data, struct winbindd_cli_state); enum winbindd_result result = state->response.result; state->response.result = WINBINDD_PENDING; if ((!success) || (result != WINBINDD_OK)) { request_error(state); return; } request_ok(state); }",samba,,,321349236388977970704065587649287132306,0 2863,CWE-787,"horizontalDifferenceF(float *ip, int n, int stride, uint16 *wp, uint16 *FromLT2) { int32 r1, g1, b1, a1, r2, g2, b2, a2, mask; float fltsize = Fltsize; #define CLAMP(v) ( (v<(float)0.) ? 0 \ : (v<(float)2.) ? FromLT2[(int)(v*fltsize)] \ : (v>(float)24.2) ? 2047 \ : LogK1*log(v*LogK2) + 0.5 ) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); a2 = wp[3] = (uint16) CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = (int32) CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,249185675440749,1 1778,[],"void sched_move_task(struct task_struct *tsk) { int on_rq, running; unsigned long flags; struct rq *rq; rq = task_rq_lock(tsk, &flags); update_rq_clock(rq); running = task_current(rq, tsk); on_rq = tsk->se.on_rq; if (on_rq) dequeue_task(rq, tsk, 0); if (unlikely(running)) tsk->sched_class->put_prev_task(rq, tsk); set_task_rq(tsk, task_cpu(tsk)); #ifdef CONFIG_FAIR_GROUP_SCHED if (tsk->sched_class->moved_group) tsk->sched_class->moved_group(tsk); #endif if (unlikely(running)) tsk->sched_class->set_curr_task(rq); if (on_rq) enqueue_task(rq, tsk, 0); task_rq_unlock(rq, &flags); }",linux-2.6,,,137015133558980618423241376854536575,0 4613,CWE-190,"s32 hevc_parse_slice_segment(GF_BitStream *bs, HEVCState *hevc, HEVCSliceInfo *si) { u32 i, j; u32 num_ref_idx_l0_active = 0, num_ref_idx_l1_active = 0; HEVC_PPS *pps; HEVC_SPS *sps; s32 pps_id; Bool RapPicFlag = GF_FALSE; Bool IDRPicFlag = GF_FALSE; si->first_slice_segment_in_pic_flag = gf_bs_read_int_log(bs, 1, ""first_slice_segment_in_pic_flag""); switch (si->nal_unit_type) { case GF_HEVC_NALU_SLICE_IDR_W_DLP: case GF_HEVC_NALU_SLICE_IDR_N_LP: IDRPicFlag = GF_TRUE; RapPicFlag = GF_TRUE; break; case GF_HEVC_NALU_SLICE_BLA_W_LP: case GF_HEVC_NALU_SLICE_BLA_W_DLP: case GF_HEVC_NALU_SLICE_BLA_N_LP: case GF_HEVC_NALU_SLICE_CRA: RapPicFlag = GF_TRUE; break; } if (RapPicFlag) { gf_bs_read_int_log(bs, 1, ""no_output_of_prior_pics_flag""); } pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if (pps_id >= 64) return -1; pps = &hevc->pps[pps_id]; sps = &hevc->sps[pps->sps_id]; si->sps = sps; si->pps = pps; if (!si->first_slice_segment_in_pic_flag && pps->dependent_slice_segments_enabled_flag) { si->dependent_slice_segment_flag = gf_bs_read_int_log(bs, 1, ""dependent_slice_segment_flag""); } else { si->dependent_slice_segment_flag = GF_FALSE; } if (!si->first_slice_segment_in_pic_flag) { si->slice_segment_address = gf_bs_read_int_log(bs, sps->bitsSliceSegmentAddress, ""slice_segment_address""); } else { si->slice_segment_address = 0; } if (!si->dependent_slice_segment_flag) { Bool deblocking_filter_override_flag = 0; Bool slice_temporal_mvp_enabled_flag = 0; Bool slice_sao_luma_flag = 0; Bool slice_sao_chroma_flag = 0; Bool slice_deblocking_filter_disabled_flag = 0; gf_bs_read_int_log(bs, pps->num_extra_slice_header_bits, ""slice_reserved_undetermined_flag""); si->slice_type = gf_bs_read_ue_log(bs, ""slice_type""); if (pps->output_flag_present_flag) gf_bs_read_int_log(bs, 1, ""pic_output_flag""); if (sps->separate_colour_plane_flag == 1) gf_bs_read_int_log(bs, 2, ""colour_plane_id""); if (IDRPicFlag) { si->poc_lsb = 0; if (!hevc->full_slice_header_parse) return 0; } else { si->poc_lsb = gf_bs_read_int_log(bs, sps->log2_max_pic_order_cnt_lsb, ""poc_lsb""); if (!hevc->full_slice_header_parse) return 0; if (gf_bs_read_int_log(bs, 1, ""short_term_ref_pic_set_sps_flag"") == 0) { Bool ret = hevc_parse_short_term_ref_pic_set(bs, sps, sps->num_short_term_ref_pic_sets); if (!ret) return -1; } else if (sps->num_short_term_ref_pic_sets > 1) { u32 numbits = 0; while ((u32)(1 << numbits) < sps->num_short_term_ref_pic_sets) numbits++; if (numbits > 0) gf_bs_read_int_log(bs, numbits, ""short_term_ref_pic_set_idx""); } if (sps->long_term_ref_pics_present_flag) { u8 DeltaPocMsbCycleLt[32]; u32 num_long_term_sps = 0; u32 num_long_term_pics = 0; memset(DeltaPocMsbCycleLt, 0, sizeof(u8) * 32); if (sps->num_long_term_ref_pic_sps > 0) { num_long_term_sps = gf_bs_read_ue_log(bs, ""num_long_term_sps""); } num_long_term_pics = gf_bs_read_ue_log(bs, ""num_long_term_pics""); for (i = 0; i < num_long_term_sps + num_long_term_pics; i++) { if (i < num_long_term_sps) { if (sps->num_long_term_ref_pic_sps > 1) gf_bs_read_int_log_idx(bs, gf_get_bit_size(sps->num_long_term_ref_pic_sps), ""lt_idx_sps"", i); } else { gf_bs_read_int_log_idx(bs, sps->log2_max_pic_order_cnt_lsb, ""PocLsbLt"", i); gf_bs_read_int_log_idx(bs, 1, ""UsedByCurrPicLt"", i); } if (gf_bs_read_int_log_idx(bs, 1, ""delta_poc_msb_present_flag"", i)) { if (i == 0 || i == num_long_term_sps) DeltaPocMsbCycleLt[i] = gf_bs_read_ue_log_idx(bs, ""DeltaPocMsbCycleLt"", i); else DeltaPocMsbCycleLt[i] = gf_bs_read_ue_log_idx(bs, ""DeltaPocMsbCycleLt"", i) + DeltaPocMsbCycleLt[i - 1]; } } } if (sps->temporal_mvp_enable_flag) slice_temporal_mvp_enabled_flag = gf_bs_read_int_log(bs, 1, ""slice_temporal_mvp_enabled_flag""); } if (sps->sample_adaptive_offset_enabled_flag) { u32 ChromaArrayType = sps->separate_colour_plane_flag ? 0 : sps->chroma_format_idc; slice_sao_luma_flag = gf_bs_read_int_log(bs, 1, ""slice_sao_luma_flag""); if (ChromaArrayType != 0) slice_sao_chroma_flag = gf_bs_read_int_log(bs, 1, ""slice_sao_chroma_flag""); } if (si->slice_type == GF_HEVC_SLICE_TYPE_P || si->slice_type == GF_HEVC_SLICE_TYPE_B) { num_ref_idx_l0_active = pps->num_ref_idx_l0_default_active; num_ref_idx_l1_active = 0; if (si->slice_type == GF_HEVC_SLICE_TYPE_B) num_ref_idx_l1_active = pps->num_ref_idx_l1_default_active; if (gf_bs_read_int_log(bs, 1, ""num_ref_idx_active_override_flag"")) { num_ref_idx_l0_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l0_active""); if (si->slice_type == GF_HEVC_SLICE_TYPE_B) num_ref_idx_l1_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l1_active""); } if (pps->lists_modification_present_flag ) { if (!ref_pic_lists_modification(bs, si->slice_type, num_ref_idx_l0_active, num_ref_idx_l1_active)) { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[hevc] ref_pic_lists_modification( ) not implemented\n"")); return -1; } } if (si->slice_type == GF_HEVC_SLICE_TYPE_B) gf_bs_read_int_log(bs, 1, ""mvd_l1_zero_flag""); if (pps->cabac_init_present_flag) gf_bs_read_int_log(bs, 1, ""cabac_init_flag""); if (slice_temporal_mvp_enabled_flag) { Bool collocated_from_l0_flag = 1; if (si->slice_type == GF_HEVC_SLICE_TYPE_B) collocated_from_l0_flag = gf_bs_read_int_log(bs, 1, ""collocated_from_l0_flag""); if ((collocated_from_l0_flag && (num_ref_idx_l0_active > 1)) || (!collocated_from_l0_flag && (num_ref_idx_l1_active > 1)) ) { gf_bs_read_ue_log(bs, ""collocated_ref_idx""); } } if ((pps->weighted_pred_flag && si->slice_type == GF_HEVC_SLICE_TYPE_P) || (pps->weighted_bipred_flag && si->slice_type == GF_HEVC_SLICE_TYPE_B) ) { hevc_pred_weight_table(bs, hevc, si, pps, sps, num_ref_idx_l0_active, num_ref_idx_l1_active); } gf_bs_read_ue_log(bs, ""five_minus_max_num_merge_cand""); } si->slice_qp_delta_start_bits = (s32) (gf_bs_get_position(bs) - 1) * 8 + gf_bs_get_bit_position(bs); si->slice_qp_delta = gf_bs_read_se_log(bs, ""slice_qp_delta""); if (pps->slice_chroma_qp_offsets_present_flag) { gf_bs_read_se_log(bs, ""slice_cb_qp_offset""); gf_bs_read_se_log(bs, ""slice_cr_qp_offset""); } if (pps->deblocking_filter_override_enabled_flag) { deblocking_filter_override_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_override_flag""); } if (deblocking_filter_override_flag) { slice_deblocking_filter_disabled_flag = gf_bs_read_int_log(bs, 1, ""slice_deblocking_filter_disabled_flag""); if (!slice_deblocking_filter_disabled_flag) { gf_bs_read_se_log(bs, ""slice_beta_offset_div2""); gf_bs_read_se_log(bs, ""slice_tc_offset_div2""); } } if (pps->loop_filter_across_slices_enabled_flag && (slice_sao_luma_flag || slice_sao_chroma_flag || !slice_deblocking_filter_disabled_flag) ) { gf_bs_read_int_log(bs, 1, ""slice_loop_filter_across_slices_enabled_flag""); } } else { if (!hevc->full_slice_header_parse) return 0; } si->entry_point_start_bits = ((u32)gf_bs_get_position(bs) - 1) * 8 + gf_bs_get_bit_position(bs); if (pps->tiles_enabled_flag || pps->entropy_coding_sync_enabled_flag) { u32 num_entry_point_offsets = gf_bs_read_ue_log(bs, ""num_entry_point_offsets""); if (num_entry_point_offsets > 0) { u32 offset = gf_bs_read_ue_log(bs, ""offset"") + 1; u32 segments = offset >> 4; s32 remain = (offset & 15); for (i = 0; i < num_entry_point_offsets; i++) { for (j = 0; j < segments; j++) { gf_bs_read_int(bs, 16); } if (remain) { gf_bs_read_int(bs, remain); } } } } if (pps->slice_segment_header_extension_present_flag) { u32 size_ext = gf_bs_read_ue_log(bs, ""size_ext""); while (size_ext) { gf_bs_read_int(bs, 8); size_ext--; } } si->header_size_bits = (gf_bs_get_position(bs) - 1) * 8 + gf_bs_get_bit_position(bs); if (gf_bs_read_int_log(bs, 1, ""byte_align"") == 0) { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""Error parsing slice header: byte_align not found at end of header !\n"")); } gf_bs_align(bs); si->payload_start_offset = (s32)gf_bs_get_position(bs); return 0; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,47224782058691,1 1766,CWE-119,"static inline bool unconditional(const struct ipt_ip *ip) { static const struct ipt_ip uncond; return memcmp(ip, &uncond, sizeof(uncond)) == 0; #undef FWINV }",visit repo url,net/ipv4/netfilter/ip_tables.c,https://github.com/torvalds/linux,168977823920861,1 2825,CWE-125,"static wStream* rdg_receive_packet(rdpRdg* rdg) { wStream* s; const size_t header = sizeof(RdgPacketHeader); size_t packetLength; assert(header <= INT_MAX); s = Stream_New(NULL, 1024); if (!s) return NULL; if (!rdg_read_all(rdg->tlsOut, Stream_Buffer(s), header)) { Stream_Free(s, TRUE); return NULL; } Stream_Seek(s, 4); Stream_Read_UINT32(s, packetLength); if ((packetLength > INT_MAX) || !Stream_EnsureCapacity(s, packetLength)) { Stream_Free(s, TRUE); return NULL; } if (!rdg_read_all(rdg->tlsOut, Stream_Buffer(s) + header, (int)packetLength - (int)header)) { Stream_Free(s, TRUE); return NULL; } Stream_SetLength(s, packetLength); return s; }",visit repo url,libfreerdp/core/gateway/rdg.c,https://github.com/FreeRDP/FreeRDP,183015514966990,1 2844,CWE-787,"NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s) { static const char module[] = ""NeXTDecode""; unsigned char *bp, *op; tmsize_t cc; uint8* row; tmsize_t scanline, n; (void) s; for (op = (unsigned char*) buf, cc = occ; cc-- > 0;) *op++ = 0xff; bp = (unsigned char *)tif->tif_rawcp; cc = tif->tif_rawcc; scanline = tif->tif_scanlinesize; if (occ % scanline) { TIFFErrorExt(tif->tif_clientdata, module, ""Fractional scanlines cannot be read""); return (0); } for (row = buf; cc > 0 && occ > 0; occ -= scanline, row += scanline) { n = *bp++, cc--; switch (n) { case LITERALROW: if (cc < scanline) goto bad; _TIFFmemcpy(row, bp, scanline); bp += scanline; cc -= scanline; break; case LITERALSPAN: { tmsize_t off; if( cc < 4 ) goto bad; off = (bp[0] * 256) + bp[1]; n = (bp[2] * 256) + bp[3]; if (cc < 4+n || off+n > scanline) goto bad; _TIFFmemcpy(row+off, bp+4, n); bp += 4+n; cc -= 4+n; break; } default: { uint32 npixels = 0, grey; uint32 imagewidth = tif->tif_dir.td_imagewidth; if( isTiled(tif) ) imagewidth = tif->tif_dir.td_tilewidth; op = row; for (;;) { grey = (uint32)((n>>6) & 0x3); n &= 0x3f; while (n-- > 0 && npixels < imagewidth) SETPIXEL(op, grey); if (npixels >= imagewidth) break; if (cc == 0) goto bad; n = *bp++, cc--; } break; } } } tif->tif_rawcp = (uint8*) bp; tif->tif_rawcc = cc; return (1); bad: TIFFErrorExt(tif->tif_clientdata, module, ""Not enough data for scanline %ld"", (long) tif->tif_row); return (0); }",visit repo url,libtiff/tif_next.c,https://github.com/vadz/libtiff,168114903996941,1 1170,CWE-400,"static int simulate_sync(struct pt_regs *regs, unsigned int opcode) { if ((opcode & OPCODE) == SPEC0 && (opcode & FUNC) == SYNC) { perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); return 0; } return -1; }",visit repo url,arch/mips/kernel/traps.c,https://github.com/torvalds/linux,132691082148589,1 3583,['CWE-20'],"static struct sctp_packet *sctp_abort_pkt_new(const struct sctp_endpoint *ep, const struct sctp_association *asoc, struct sctp_chunk *chunk, const void *payload, size_t paylen) { struct sctp_packet *packet; struct sctp_chunk *abort; packet = sctp_ootb_pkt_new(asoc, chunk); if (packet) { abort = sctp_make_abort(asoc, chunk, paylen); if (!abort) { sctp_ootb_pkt_free(packet); return NULL; } if (sctp_test_T_bit(abort)) packet->vtag = ntohl(chunk->sctp_hdr->vtag); sctp_addto_chunk(abort, paylen, payload); abort->skb->sk = ep->base.sk; sctp_packet_append_chunk(packet, abort); } return packet; }",linux-2.6,,,317154103954401293710465734428859119379,0 3341,NVD-CWE-noinfo,"sd2_parse_rsrc_fork (SF_PRIVATE *psf) { SD2_RSRC rsrc ; int k, marker, error = 0 ; psf_use_rsrc (psf, SF_TRUE) ; memset (&rsrc, 0, sizeof (rsrc)) ; rsrc.rsrc_len = psf_get_filelen (psf) ; psf_log_printf (psf, ""Resource length : %d (0x%04X)\n"", rsrc.rsrc_len, rsrc.rsrc_len) ; if (rsrc.rsrc_len > SIGNED_SIZEOF (psf->header)) { rsrc.rsrc_data = calloc (1, rsrc.rsrc_len) ; rsrc.need_to_free_rsrc_data = SF_TRUE ; } else { rsrc.rsrc_data = psf->header ; rsrc.need_to_free_rsrc_data = SF_FALSE ; } ; psf_fread (rsrc.rsrc_data, rsrc.rsrc_len, 1, psf) ; psf->headindex = psf->headend = rsrc.rsrc_len ; rsrc.data_offset = read_rsrc_int (&rsrc, 0) ; rsrc.map_offset = read_rsrc_int (&rsrc, 4) ; rsrc.data_length = read_rsrc_int (&rsrc, 8) ; rsrc.map_length = read_rsrc_int (&rsrc, 12) ; if (rsrc.data_offset == 0x51607 && rsrc.map_offset == 0x20000) { psf_log_printf (psf, ""Trying offset of 0x52 bytes.\n"") ; rsrc.data_offset = read_rsrc_int (&rsrc, 0x52 + 0) + 0x52 ; rsrc.map_offset = read_rsrc_int (&rsrc, 0x52 + 4) + 0x52 ; rsrc.data_length = read_rsrc_int (&rsrc, 0x52 + 8) ; rsrc.map_length = read_rsrc_int (&rsrc, 0x52 + 12) ; } ; psf_log_printf (psf, "" data offset : 0x%04X\n map offset : 0x%04X\n"" "" data length : 0x%04X\n map length : 0x%04X\n"", rsrc.data_offset, rsrc.map_offset, rsrc.data_length, rsrc.map_length) ; if (rsrc.data_offset > rsrc.rsrc_len) { psf_log_printf (psf, ""Error : rsrc.data_offset (%d, 0x%x) > len\n"", rsrc.data_offset, rsrc.data_offset) ; error = SFE_SD2_BAD_DATA_OFFSET ; goto parse_rsrc_fork_cleanup ; } ; if (rsrc.map_offset > rsrc.rsrc_len) { psf_log_printf (psf, ""Error : rsrc.map_offset > len\n"") ; error = SFE_SD2_BAD_MAP_OFFSET ; goto parse_rsrc_fork_cleanup ; } ; if (rsrc.data_length > rsrc.rsrc_len) { psf_log_printf (psf, ""Error : rsrc.data_length > len\n"") ; error = SFE_SD2_BAD_DATA_LENGTH ; goto parse_rsrc_fork_cleanup ; } ; if (rsrc.map_length > rsrc.rsrc_len) { psf_log_printf (psf, ""Error : rsrc.map_length > len\n"") ; error = SFE_SD2_BAD_MAP_LENGTH ; goto parse_rsrc_fork_cleanup ; } ; if (rsrc.data_offset + rsrc.data_length != rsrc.map_offset || rsrc.map_offset + rsrc.map_length != rsrc.rsrc_len) { psf_log_printf (psf, ""Error : This does not look like a MacOSX resource fork.\n"") ; error = SFE_SD2_BAD_RSRC ; goto parse_rsrc_fork_cleanup ; } ; if (rsrc.map_offset + 28 >= rsrc.rsrc_len) { psf_log_printf (psf, ""Bad map offset (%d + 28 > %d).\n"", rsrc.map_offset, rsrc.rsrc_len) ; error = SFE_SD2_BAD_RSRC ; goto parse_rsrc_fork_cleanup ; } ; rsrc.string_offset = rsrc.map_offset + read_rsrc_short (&rsrc, rsrc.map_offset + 26) ; if (rsrc.string_offset > rsrc.rsrc_len) { psf_log_printf (psf, ""Bad string offset (%d).\n"", rsrc.string_offset) ; error = SFE_SD2_BAD_RSRC ; goto parse_rsrc_fork_cleanup ; } ; rsrc.type_offset = rsrc.map_offset + 30 ; rsrc.type_count = read_rsrc_short (&rsrc, rsrc.map_offset + 28) + 1 ; if (rsrc.type_count < 1) { psf_log_printf (psf, ""Bad type count.\n"") ; error = SFE_SD2_BAD_RSRC ; goto parse_rsrc_fork_cleanup ; } ; rsrc.item_offset = rsrc.type_offset + rsrc.type_count * 8 ; if (rsrc.item_offset < 0 || rsrc.item_offset > rsrc.rsrc_len) { psf_log_printf (psf, ""Bad item offset (%d).\n"", rsrc.item_offset) ; error = SFE_SD2_BAD_RSRC ; goto parse_rsrc_fork_cleanup ; } ; rsrc.str_index = -1 ; for (k = 0 ; k < rsrc.type_count ; k ++) { marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ; if (marker == STR_MARKER) { rsrc.str_index = k ; rsrc.str_count = read_rsrc_short (&rsrc, rsrc.type_offset + k * 8 + 4) + 1 ; error = parse_str_rsrc (psf, &rsrc) ; goto parse_rsrc_fork_cleanup ; } ; } ; psf_log_printf (psf, ""No 'STR ' resource.\n"") ; error = SFE_SD2_BAD_RSRC ; parse_rsrc_fork_cleanup : psf_use_rsrc (psf, SF_FALSE) ; if (rsrc.need_to_free_rsrc_data) free (rsrc.rsrc_data) ; return error ; } ",visit repo url,src/sd2.c,https://github.com/erikd/libsndfile,275940553955719,1 2289,['CWE-120'],"int __user_walk_fd(int dfd, const char __user *name, unsigned flags, struct nameidata *nd) { char *tmp = getname(name); int err = PTR_ERR(tmp); if (!IS_ERR(tmp)) { err = do_path_lookup(dfd, tmp, flags, nd); putname(tmp); } return err; }",linux-2.6,,,2631437506624253088944040359574070346,0 2411,['CWE-119'],"static void run_external_diff(const char *pgm, const char *name, const char *other, struct diff_filespec *one, struct diff_filespec *two, const char *xfrm_msg, int complete_rewrite) { const char *spawn_arg[10]; struct diff_tempfile *temp = diff_temp; int retval; static int atexit_asked = 0; const char *othername; const char **arg = &spawn_arg[0]; othername = (other? other : name); if (one && two) { prepare_temp_file(name, &temp[0], one); prepare_temp_file(othername, &temp[1], two); if (! atexit_asked && (temp[0].name == temp[0].tmp_path || temp[1].name == temp[1].tmp_path)) { atexit_asked = 1; atexit(remove_tempfile); } signal(SIGINT, remove_tempfile_on_signal); } if (one && two) { *arg++ = pgm; *arg++ = name; *arg++ = temp[0].name; *arg++ = temp[0].hex; *arg++ = temp[0].mode; *arg++ = temp[1].name; *arg++ = temp[1].hex; *arg++ = temp[1].mode; if (other) { *arg++ = other; *arg++ = xfrm_msg; } } else { *arg++ = pgm; *arg++ = name; } *arg = NULL; fflush(NULL); retval = run_command_v_opt(spawn_arg, 0); remove_tempfile(); if (retval) { fprintf(stderr, ""external diff died, stopping at %s.\n"", name); exit(1); } }",git,,,197791001025886324629358662145859658269,0 3663,CWE-190,"static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no, OPJ_BOOL isEncoder, OPJ_FLOAT32 fraction, OPJ_SIZE_T sizeof_block) { OPJ_UINT32 (*l_gain_ptr)(OPJ_UINT32) = 00; OPJ_UINT32 compno, resno, bandno, precno, cblkno; opj_tcp_t * l_tcp = 00; opj_cp_t * l_cp = 00; opj_tcd_tile_t * l_tile = 00; opj_tccp_t *l_tccp = 00; opj_tcd_tilecomp_t *l_tilec = 00; opj_image_comp_t * l_image_comp = 00; opj_tcd_resolution_t *l_res = 00; opj_tcd_band_t *l_band = 00; opj_stepsize_t * l_step_size = 00; opj_tcd_precinct_t *l_current_precinct = 00; opj_image_t *l_image = 00; OPJ_UINT32 p,q; OPJ_UINT32 l_level_no; OPJ_UINT32 l_pdx, l_pdy; OPJ_UINT32 l_gain; OPJ_INT32 l_x0b, l_y0b; OPJ_INT32 l_tl_prc_x_start, l_tl_prc_y_start, l_br_prc_x_end, l_br_prc_y_end; OPJ_UINT32 l_nb_precincts; OPJ_UINT32 l_nb_precinct_size; OPJ_UINT32 l_nb_code_blocks; OPJ_UINT32 l_nb_code_blocks_size; OPJ_UINT32 l_data_size; l_cp = p_tcd->cp; l_tcp = &(l_cp->tcps[p_tile_no]); l_tile = p_tcd->tcd_image->tiles; l_tccp = l_tcp->tccps; l_tilec = l_tile->comps; l_image = p_tcd->image; l_image_comp = p_tcd->image->comps; p = p_tile_no % l_cp->tw; q = p_tile_no / l_cp->tw; l_tile->x0 = opj_int_max((OPJ_INT32)(l_cp->tx0 + p * l_cp->tdx), (OPJ_INT32)l_image->x0); l_tile->y0 = opj_int_max((OPJ_INT32)(l_cp->ty0 + q * l_cp->tdy), (OPJ_INT32)l_image->y0); l_tile->x1 = opj_int_min((OPJ_INT32)(l_cp->tx0 + (p + 1) * l_cp->tdx), (OPJ_INT32)l_image->x1); l_tile->y1 = opj_int_min((OPJ_INT32)(l_cp->ty0 + (q + 1) * l_cp->tdy), (OPJ_INT32)l_image->y1); if (l_tccp->numresolutions == 0) { fprintf(stderr, ""tiles require at least one resolution\n""); return OPJ_FALSE; } for (compno = 0; compno < l_tile->numcomps; ++compno) { l_image_comp->resno_decoded = 0; l_tilec->x0 = opj_int_ceildiv(l_tile->x0, (OPJ_INT32)l_image_comp->dx); l_tilec->y0 = opj_int_ceildiv(l_tile->y0, (OPJ_INT32)l_image_comp->dy); l_tilec->x1 = opj_int_ceildiv(l_tile->x1, (OPJ_INT32)l_image_comp->dx); l_tilec->y1 = opj_int_ceildiv(l_tile->y1, (OPJ_INT32)l_image_comp->dy); l_data_size = (OPJ_UINT32)(l_tilec->x1 - l_tilec->x0); if ((((OPJ_UINT32)-1) / l_data_size) < (OPJ_UINT32)(l_tilec->y1 - l_tilec->y0)) { return OPJ_FALSE; } l_data_size = l_data_size * (OPJ_UINT32)(l_tilec->y1 - l_tilec->y0); if ((((OPJ_UINT32)-1) / (OPJ_UINT32)sizeof(OPJ_UINT32)) < l_data_size) { return OPJ_FALSE; } l_data_size = l_data_size * (OPJ_UINT32)sizeof(OPJ_UINT32); l_tilec->numresolutions = l_tccp->numresolutions; if (l_tccp->numresolutions < l_cp->m_specific_param.m_dec.m_reduce) { l_tilec->minimum_num_resolutions = 1; } else { l_tilec->minimum_num_resolutions = l_tccp->numresolutions - l_cp->m_specific_param.m_dec.m_reduce; } l_tilec->data_size_needed = l_data_size; if (p_tcd->m_is_decoder && !opj_alloc_tile_component_data(l_tilec)) { return OPJ_FALSE; } l_data_size = l_tilec->numresolutions * (OPJ_UINT32)sizeof(opj_tcd_resolution_t); if (l_tilec->resolutions == 00) { l_tilec->resolutions = (opj_tcd_resolution_t *) opj_malloc(l_data_size); if (! l_tilec->resolutions ) { return OPJ_FALSE; } l_tilec->resolutions_size = l_data_size; memset(l_tilec->resolutions,0,l_data_size); } else if (l_data_size > l_tilec->resolutions_size) { opj_tcd_resolution_t* new_resolutions = (opj_tcd_resolution_t *) opj_realloc(l_tilec->resolutions, l_data_size); if (! new_resolutions) { fprintf(stderr, ""Not enough memory to tile resolutions\n""); opj_free(l_tilec->resolutions); l_tilec->resolutions = NULL; l_tilec->resolutions_size = 0; return OPJ_FALSE; } l_tilec->resolutions = new_resolutions; memset(((OPJ_BYTE*) l_tilec->resolutions)+l_tilec->resolutions_size,0,l_data_size - l_tilec->resolutions_size); l_tilec->resolutions_size = l_data_size; } l_level_no = l_tilec->numresolutions - 1; l_res = l_tilec->resolutions; l_step_size = l_tccp->stepsizes; if (l_tccp->qmfbid == 0) { l_gain_ptr = &opj_dwt_getgain_real; } else { l_gain_ptr = &opj_dwt_getgain; } for (resno = 0; resno < l_tilec->numresolutions; ++resno) { OPJ_INT32 tlcbgxstart, tlcbgystart ; OPJ_UINT32 cbgwidthexpn, cbgheightexpn; OPJ_UINT32 cblkwidthexpn, cblkheightexpn; l_res->x0 = opj_int_ceildivpow2(l_tilec->x0, (OPJ_INT32)l_level_no); l_res->y0 = opj_int_ceildivpow2(l_tilec->y0, (OPJ_INT32)l_level_no); l_res->x1 = opj_int_ceildivpow2(l_tilec->x1, (OPJ_INT32)l_level_no); l_res->y1 = opj_int_ceildivpow2(l_tilec->y1, (OPJ_INT32)l_level_no); l_pdx = l_tccp->prcw[resno]; l_pdy = l_tccp->prch[resno]; l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx; l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy; l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT32)l_pdx) << l_pdx; l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT32)l_pdy) << l_pdy; l_res->pw = (l_res->x0 == l_res->x1) ? 0 : (OPJ_UINT32)((l_br_prc_x_end - l_tl_prc_x_start) >> l_pdx); l_res->ph = (l_res->y0 == l_res->y1) ? 0 : (OPJ_UINT32)((l_br_prc_y_end - l_tl_prc_y_start) >> l_pdy); l_nb_precincts = l_res->pw * l_res->ph; l_nb_precinct_size = l_nb_precincts * (OPJ_UINT32)sizeof(opj_tcd_precinct_t); if (resno == 0) { tlcbgxstart = l_tl_prc_x_start; tlcbgystart = l_tl_prc_y_start; cbgwidthexpn = l_pdx; cbgheightexpn = l_pdy; l_res->numbands = 1; } else { tlcbgxstart = opj_int_ceildivpow2(l_tl_prc_x_start, 1); tlcbgystart = opj_int_ceildivpow2(l_tl_prc_y_start, 1); cbgwidthexpn = l_pdx - 1; cbgheightexpn = l_pdy - 1; l_res->numbands = 3; } cblkwidthexpn = opj_uint_min(l_tccp->cblkw, cbgwidthexpn); cblkheightexpn = opj_uint_min(l_tccp->cblkh, cbgheightexpn); l_band = l_res->bands; for (bandno = 0; bandno < l_res->numbands; ++bandno) { OPJ_INT32 numbps; if (resno == 0) { l_band->bandno = 0 ; l_band->x0 = opj_int_ceildivpow2(l_tilec->x0, (OPJ_INT32)l_level_no); l_band->y0 = opj_int_ceildivpow2(l_tilec->y0, (OPJ_INT32)l_level_no); l_band->x1 = opj_int_ceildivpow2(l_tilec->x1, (OPJ_INT32)l_level_no); l_band->y1 = opj_int_ceildivpow2(l_tilec->y1, (OPJ_INT32)l_level_no); } else { l_band->bandno = bandno + 1; l_x0b = l_band->bandno&1; l_y0b = (OPJ_INT32)((l_band->bandno)>>1); l_band->x0 = opj_int_ceildivpow2(l_tilec->x0 - (1 << l_level_no) * l_x0b, (OPJ_INT32)(l_level_no + 1)); l_band->y0 = opj_int_ceildivpow2(l_tilec->y0 - (1 << l_level_no) * l_y0b, (OPJ_INT32)(l_level_no + 1)); l_band->x1 = opj_int_ceildivpow2(l_tilec->x1 - (1 << l_level_no) * l_x0b, (OPJ_INT32)(l_level_no + 1)); l_band->y1 = opj_int_ceildivpow2(l_tilec->y1 - (1 << l_level_no) * l_y0b, (OPJ_INT32)(l_level_no + 1)); } l_gain = (*l_gain_ptr) (l_band->bandno); numbps = (OPJ_INT32)(l_image_comp->prec + l_gain); l_band->stepsize = (OPJ_FLOAT32)(((1.0 + l_step_size->mant / 2048.0) * pow(2.0, (OPJ_INT32) (numbps - l_step_size->expn)))) * fraction; l_band->numbps = l_step_size->expn + (OPJ_INT32)l_tccp->numgbits - 1; if (! l_band->precincts) { l_band->precincts = (opj_tcd_precinct_t *) opj_malloc( l_nb_precinct_size); if (! l_band->precincts) { return OPJ_FALSE; } memset(l_band->precincts,0,l_nb_precinct_size); l_band->precincts_data_size = l_nb_precinct_size; } else if (l_band->precincts_data_size < l_nb_precinct_size) { opj_tcd_precinct_t * new_precincts = (opj_tcd_precinct_t *) opj_realloc(l_band->precincts, l_nb_precinct_size); if (! new_precincts) { fprintf(stderr, ""Not enough memory to handle band precints\n""); opj_free(l_band->precincts); l_band->precincts = NULL; l_band->precincts_data_size = 0; return OPJ_FALSE; } l_band->precincts = new_precincts; memset(((OPJ_BYTE *) l_band->precincts) + l_band->precincts_data_size,0,l_nb_precinct_size - l_band->precincts_data_size); l_band->precincts_data_size = l_nb_precinct_size; } l_current_precinct = l_band->precincts; for (precno = 0; precno < l_nb_precincts; ++precno) { OPJ_INT32 tlcblkxstart, tlcblkystart, brcblkxend, brcblkyend; OPJ_INT32 cbgxstart = tlcbgxstart + (OPJ_INT32)(precno % l_res->pw) * (1 << cbgwidthexpn); OPJ_INT32 cbgystart = tlcbgystart + (OPJ_INT32)(precno / l_res->pw) * (1 << cbgheightexpn); OPJ_INT32 cbgxend = cbgxstart + (1 << cbgwidthexpn); OPJ_INT32 cbgyend = cbgystart + (1 << cbgheightexpn); l_current_precinct->x0 = opj_int_max(cbgxstart, l_band->x0); l_current_precinct->y0 = opj_int_max(cbgystart, l_band->y0); l_current_precinct->x1 = opj_int_min(cbgxend, l_band->x1); l_current_precinct->y1 = opj_int_min(cbgyend, l_band->y1); tlcblkxstart = opj_int_floordivpow2(l_current_precinct->x0, (OPJ_INT32)cblkwidthexpn) << cblkwidthexpn; tlcblkystart = opj_int_floordivpow2(l_current_precinct->y0, (OPJ_INT32)cblkheightexpn) << cblkheightexpn; brcblkxend = opj_int_ceildivpow2(l_current_precinct->x1, (OPJ_INT32)cblkwidthexpn) << cblkwidthexpn; brcblkyend = opj_int_ceildivpow2(l_current_precinct->y1, (OPJ_INT32)cblkheightexpn) << cblkheightexpn; l_current_precinct->cw = (OPJ_UINT32)((brcblkxend - tlcblkxstart) >> cblkwidthexpn); l_current_precinct->ch = (OPJ_UINT32)((brcblkyend - tlcblkystart) >> cblkheightexpn); l_nb_code_blocks = l_current_precinct->cw * l_current_precinct->ch; l_nb_code_blocks_size = l_nb_code_blocks * (OPJ_UINT32)sizeof_block; if (! l_current_precinct->cblks.blocks) { l_current_precinct->cblks.blocks = opj_malloc(l_nb_code_blocks_size); if (! l_current_precinct->cblks.blocks ) { return OPJ_FALSE; } memset(l_current_precinct->cblks.blocks,0,l_nb_code_blocks_size); l_current_precinct->block_size = l_nb_code_blocks_size; } else if (l_nb_code_blocks_size > l_current_precinct->block_size) { void *new_blocks = opj_realloc(l_current_precinct->cblks.blocks, l_nb_code_blocks_size); if (! new_blocks) { opj_free(l_current_precinct->cblks.blocks); l_current_precinct->cblks.blocks = NULL; l_current_precinct->block_size = 0; fprintf(stderr, ""Not enough memory for current precinct codeblock element\n""); return OPJ_FALSE; } l_current_precinct->cblks.blocks = new_blocks; memset(((OPJ_BYTE *) l_current_precinct->cblks.blocks) + l_current_precinct->block_size ,0 ,l_nb_code_blocks_size - l_current_precinct->block_size); l_current_precinct->block_size = l_nb_code_blocks_size; } if (! l_current_precinct->incltree) { l_current_precinct->incltree = opj_tgt_create(l_current_precinct->cw, l_current_precinct->ch); } else{ l_current_precinct->incltree = opj_tgt_init(l_current_precinct->incltree, l_current_precinct->cw, l_current_precinct->ch); } if (! l_current_precinct->incltree) { fprintf(stderr, ""WARNING: No incltree created.\n""); } if (! l_current_precinct->imsbtree) { l_current_precinct->imsbtree = opj_tgt_create( l_current_precinct->cw, l_current_precinct->ch); } else { l_current_precinct->imsbtree = opj_tgt_init( l_current_precinct->imsbtree, l_current_precinct->cw, l_current_precinct->ch); } if (! l_current_precinct->imsbtree) { fprintf(stderr, ""WARNING: No imsbtree created.\n""); } for (cblkno = 0; cblkno < l_nb_code_blocks; ++cblkno) { OPJ_INT32 cblkxstart = tlcblkxstart + (OPJ_INT32)(cblkno % l_current_precinct->cw) * (1 << cblkwidthexpn); OPJ_INT32 cblkystart = tlcblkystart + (OPJ_INT32)(cblkno / l_current_precinct->cw) * (1 << cblkheightexpn); OPJ_INT32 cblkxend = cblkxstart + (1 << cblkwidthexpn); OPJ_INT32 cblkyend = cblkystart + (1 << cblkheightexpn); if (isEncoder) { opj_tcd_cblk_enc_t* l_code_block = l_current_precinct->cblks.enc + cblkno; if (! opj_tcd_code_block_enc_allocate(l_code_block)) { return OPJ_FALSE; } l_code_block->x0 = opj_int_max(cblkxstart, l_current_precinct->x0); l_code_block->y0 = opj_int_max(cblkystart, l_current_precinct->y0); l_code_block->x1 = opj_int_min(cblkxend, l_current_precinct->x1); l_code_block->y1 = opj_int_min(cblkyend, l_current_precinct->y1); if (! opj_tcd_code_block_enc_allocate_data(l_code_block)) { return OPJ_FALSE; } } else { opj_tcd_cblk_dec_t* l_code_block = l_current_precinct->cblks.dec + cblkno; if (! opj_tcd_code_block_dec_allocate(l_code_block)) { return OPJ_FALSE; } l_code_block->x0 = opj_int_max(cblkxstart, l_current_precinct->x0); l_code_block->y0 = opj_int_max(cblkystart, l_current_precinct->y0); l_code_block->x1 = opj_int_min(cblkxend, l_current_precinct->x1); l_code_block->y1 = opj_int_min(cblkyend, l_current_precinct->y1); } } ++l_current_precinct; } ++l_band; ++l_step_size; } ++l_res; --l_level_no; } ++l_tccp; ++l_tilec; ++l_image_comp; } return OPJ_TRUE; }",visit repo url,src/lib/openjp2/tcd.c,https://github.com/uclouvain/openjpeg,196377981259441,1 2928,CWE-310,"void hashtable_clear(hashtable_t *hashtable) { size_t i; hashtable_do_clear(hashtable); for(i = 0; i < num_buckets(hashtable); i++) { hashtable->buckets[i].first = hashtable->buckets[i].last = &hashtable->list; } list_init(&hashtable->list); hashtable->size = 0; }",visit repo url,src/hashtable.c,https://github.com/akheron/jansson,257878935736291,1 4082,['CWE-399'],"static inline int blk_send_start_stop(struct request_queue *q, struct gendisk *bd_disk, int data) { return __blk_send_generic(q, bd_disk, GPCMD_START_STOP_UNIT, data); }",linux-2.6,,,339360253931272405690936692790556733227,0 5121,CWE-125,"With(asdl_seq * items, asdl_seq * body, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = With_kind; p->v.With.items = items; p->v.With.body = body; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,209920470455215,1 4979,CWE-191,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 597,CWE-189,"int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma) { struct au1100fb_device *fbdev; unsigned int len; unsigned long start=0, off; fbdev = to_au1100fb_device(fbi); if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) { return -EINVAL; } start = fbdev->fb_phys & PAGE_MASK; len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len); off = vma->vm_pgoff << PAGE_SHIFT; if ((vma->vm_end - vma->vm_start + off) > len) { return -EINVAL; } off += start; vma->vm_pgoff = off >> PAGE_SHIFT; vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); pgprot_val(vma->vm_page_prot) |= (6 << 9); if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, vma->vm_end - vma->vm_start, vma->vm_page_prot)) { return -EAGAIN; } return 0; }",visit repo url,drivers/video/au1100fb.c,https://github.com/torvalds/linux,17069054268362,1 5605,[],"int next_signal(struct sigpending *pending, sigset_t *mask) { unsigned long i, *s, *m, x; int sig = 0; s = pending->signal.sig; m = mask->sig; switch (_NSIG_WORDS) { default: for (i = 0; i < _NSIG_WORDS; ++i, ++s, ++m) if ((x = *s &~ *m) != 0) { sig = ffz(~x) + i*_NSIG_BPW + 1; break; } break; case 2: if ((x = s[0] &~ m[0]) != 0) sig = 1; else if ((x = s[1] &~ m[1]) != 0) sig = _NSIG_BPW + 1; else break; sig += ffz(~x); break; case 1: if ((x = *s &~ *m) != 0) sig = ffz(~x) + 1; break; } return sig; }",linux-2.6,,,313046512592112464672566080047474305268,0 2929,['CWE-189'],"jas_image_t *jas_image_decode(jas_stream_t *in, int fmt, char *optstr) { jas_image_fmtinfo_t *fmtinfo; jas_image_t *image; image = 0; if (fmt < 0) { if ((fmt = jas_image_getfmt(in)) < 0) goto error; } if (!(fmtinfo = jas_image_lookupfmtbyid(fmt))) goto error; if (!fmtinfo->ops.decode) goto error; if (!(image = (*fmtinfo->ops.decode)(in, optstr))) goto error; if (!jas_clrspc_isunknown(image->clrspc_) && !jas_clrspc_isgeneric(image->clrspc_) && !image->cmprof_) { if (!(image->cmprof_ = jas_cmprof_createfromclrspc(jas_image_clrspc(image)))) goto error; } return image; error: if (image) jas_image_destroy(image); return 0; }",jasper,,,23165137019131574131887635265398205759,0 3348,[],"static inline int nla_parse_nested(struct nlattr *tb[], int maxtype, struct nlattr *nla, const struct nla_policy *policy) { return nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy); }",linux-2.6,,,63981334408000227755149564062307566159,0 3143,['CWE-189'],"int jas_iccprof_save(jas_iccprof_t *prof, jas_stream_t *out) { long curoff; long reloff; long newoff; int i; int j; jas_icctagtabent_t *tagtabent; jas_icctagtabent_t *sharedtagtabent; jas_icctagtabent_t *tmptagtabent; jas_iccuint32_t attrname; jas_iccattrval_t *attrval; jas_icctagtab_t *tagtab; tagtab = &prof->tagtab; if (!(tagtab->ents = jas_alloc2(prof->attrtab->numattrs, sizeof(jas_icctagtabent_t)))) goto error; tagtab->numents = prof->attrtab->numattrs; curoff = JAS_ICC_HDRLEN + 4 + 12 * tagtab->numents; for (i = 0; i < JAS_CAST(int, tagtab->numents); ++i) { tagtabent = &tagtab->ents[i]; if (jas_iccattrtab_get(prof->attrtab, i, &attrname, &attrval)) goto error; assert(attrval->ops->output); tagtabent->tag = attrname; tagtabent->data = &attrval->data; sharedtagtabent = 0; for (j = 0; j < i; ++j) { tmptagtabent = &tagtab->ents[j]; if (tagtabent->data == tmptagtabent->data) { sharedtagtabent = tmptagtabent; break; } } if (sharedtagtabent) { tagtabent->off = sharedtagtabent->off; tagtabent->len = sharedtagtabent->len; tagtabent->first = sharedtagtabent; } else { tagtabent->off = curoff; tagtabent->len = (*attrval->ops->getsize)(attrval) + 8; tagtabent->first = 0; if (i < JAS_CAST(int, tagtab->numents - 1)) { curoff = jas_iccpadtomult(curoff + tagtabent->len, 4); } else { curoff += tagtabent->len; } } jas_iccattrval_destroy(attrval); } prof->hdr.size = curoff; if (jas_iccprof_writehdr(out, &prof->hdr)) goto error; if (jas_iccprof_puttagtab(out, &prof->tagtab)) goto error; curoff = JAS_ICC_HDRLEN + 4 + 12 * tagtab->numents; for (i = 0; i < JAS_CAST(int, tagtab->numents);) { tagtabent = &tagtab->ents[i]; assert(curoff == JAS_CAST(long, tagtabent->off)); if (jas_iccattrtab_get(prof->attrtab, i, &attrname, &attrval)) goto error; if (jas_iccputuint32(out, attrval->type) || jas_stream_pad(out, 4, 0) != 4) goto error; if ((*attrval->ops->output)(attrval, out)) goto error; jas_iccattrval_destroy(attrval); curoff += tagtabent->len; ++i; while (i < JAS_CAST(int, tagtab->numents) && tagtab->ents[i].first) ++i; newoff = (i < JAS_CAST(int, tagtab->numents)) ? tagtab->ents[i].off : prof->hdr.size; reloff = newoff - curoff; assert(reloff >= 0); if (reloff > 0) { if (jas_stream_pad(out, reloff, 0) != reloff) goto error; curoff += reloff; } } return 0; error: return -1; }",jasper,,,190444856715888666581769452280930404714,0 5736,CWE-212,"int secure_decrypt(void *data, unsigned int data_length, int is_signed) { at91_aes_key_size_t key_size; unsigned int cmac_key[8], cipher_key[8]; unsigned int iv[AT91_AES_IV_SIZE_WORD]; unsigned int computed_cmac[AT91_AES_BLOCK_SIZE_WORD]; unsigned int fixed_length; const unsigned int *cmac; int rc = -1; init_keys(&key_size, cipher_key, cmac_key, iv); at91_aes_init(); if (is_signed) { if (at91_aes_cmac(data_length, data, computed_cmac, key_size, cmac_key)) goto exit; fixed_length = at91_aes_roundup(data_length); cmac = (const unsigned int *)((char *)data + fixed_length); if (!consttime_memequal(cmac, computed_cmac, AT91_AES_BLOCK_SIZE_BYTE)) goto exit; } if (at91_aes_cbc(data_length, data, data, 0, key_size, cipher_key, iv)) goto exit; rc = 0; exit: at91_aes_cleanup(); memset(cmac_key, 0, sizeof(cmac_key)); memset(cipher_key, 0, sizeof(cipher_key)); memset(iv, 0, sizeof(iv)); return rc; }",visit repo url,driver/secure.c,https://github.com/linux4sam/at91bootstrap,109936088808840,1 793,CWE-20,"static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sockaddr_llc *uaddr = (struct sockaddr_llc *)msg->msg_name; const int nonblock = flags & MSG_DONTWAIT; struct sk_buff *skb = NULL; struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); unsigned long cpu_flags; size_t copied = 0; u32 peek_seq = 0; u32 *seq; unsigned long used; int target; long timeo; msg->msg_namelen = 0; lock_sock(sk); copied = -ENOTCONN; if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) goto out; timeo = sock_rcvtimeo(sk, nonblock); seq = &llc->copied_seq; if (flags & MSG_PEEK) { peek_seq = llc->copied_seq; seq = &peek_seq; } target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); copied = 0; do { u32 offset; if (signal_pending(current)) { if (copied) break; copied = timeo ? sock_intr_errno(timeo) : -EAGAIN; break; } skb = skb_peek(&sk->sk_receive_queue); if (skb) { offset = *seq; goto found_ok_skb; } if (copied >= target && !sk->sk_backlog.tail) break; if (copied) { if (sk->sk_err || sk->sk_state == TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN) || !timeo || (flags & MSG_PEEK)) break; } else { if (sock_flag(sk, SOCK_DONE)) break; if (sk->sk_err) { copied = sock_error(sk); break; } if (sk->sk_shutdown & RCV_SHUTDOWN) break; if (sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_CLOSE) { if (!sock_flag(sk, SOCK_DONE)) { copied = -ENOTCONN; break; } break; } if (!timeo) { copied = -EAGAIN; break; } } if (copied >= target) { release_sock(sk); lock_sock(sk); } else sk_wait_data(sk, &timeo); if ((flags & MSG_PEEK) && peek_seq != llc->copied_seq) { net_dbg_ratelimited(""LLC(%s:%d): Application bug, race in MSG_PEEK\n"", current->comm, task_pid_nr(current)); peek_seq = llc->copied_seq; } continue; found_ok_skb: used = skb->len - offset; if (len < used) used = len; if (!(flags & MSG_TRUNC)) { int rc = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, used); if (rc) { if (!copied) copied = -EFAULT; break; } } *seq += used; copied += used; len -= used; if (sk->sk_type != SOCK_STREAM) goto copy_uaddr; if (!(flags & MSG_PEEK)) { spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags); sk_eat_skb(sk, skb, false); spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags); *seq = 0; } if (used + offset < skb->len) continue; } while (len > 0); out: release_sock(sk); return copied; copy_uaddr: if (uaddr != NULL && skb != NULL) { memcpy(uaddr, llc_ui_skb_cb(skb), sizeof(*uaddr)); msg->msg_namelen = sizeof(*uaddr); } if (llc_sk(sk)->cmsg_flags) llc_cmsg_rcv(msg, skb); if (!(flags & MSG_PEEK)) { spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags); sk_eat_skb(sk, skb, false); spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags); *seq = 0; } goto out; }",visit repo url,net/llc/af_llc.c,https://github.com/torvalds/linux,150059117372885,1 4065,['CWE-399'],"static int svc_dropparty(struct socket *sock, int ep_ref) { DEFINE_WAIT(wait); struct sock *sk = sock->sk; struct atm_vcc *vcc = ATM_SD(sock); int error; lock_sock(sk); set_bit(ATM_VF_WAITING, &vcc->flags); prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); sigd_enq2(vcc, as_dropparty, NULL, NULL, NULL, NULL, ep_ref); while (test_bit(ATM_VF_WAITING, &vcc->flags) && sigd) { schedule(); prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); } finish_wait(sk->sk_sleep, &wait); if (!sigd) { error = -EUNATCH; goto out; } error = xchg(&sk->sk_err_soft, 0); out: release_sock(sk); return error; }",linux-2.6,,,278646426101153247093343300348525713056,0 5884,CWE-120,"static void parse_generic_line(pj_scanner *scanner, pj_str_t *str, volatile parse_context *ctx) { ctx->last_error = PJMEDIA_SDP_EINSDP; if (*(scanner->curptr+1) != '=') { on_scanner_error(scanner); return; } pj_scan_advance_n(scanner, 2, SKIP_WS); pj_scan_get_until_chr(scanner, ""\r\n"", str); pj_scan_get_newline(scanner); }",visit repo url,pjmedia/src/pjmedia/sdp.c,https://github.com/pjsip/pjproject,14543012812196,1 5932,['CWE-909'],"void qdisc_calculate_pkt_len(struct sk_buff *skb, struct qdisc_size_table *stab) { int pkt_len, slot; pkt_len = skb->len + stab->szopts.overhead; if (unlikely(!stab->szopts.tsize)) goto out; slot = pkt_len + stab->szopts.cell_align; if (unlikely(slot < 0)) slot = 0; slot >>= stab->szopts.cell_log; if (likely(slot < stab->szopts.tsize)) pkt_len = stab->data[slot]; else pkt_len = stab->data[stab->szopts.tsize - 1] * (slot / stab->szopts.tsize) + stab->data[slot % stab->szopts.tsize]; pkt_len <<= stab->szopts.size_log; out: if (unlikely(pkt_len < 1)) pkt_len = 1; qdisc_skb_cb(skb)->pkt_len = pkt_len; }",linux-2.6,,,182392235898944945484316041592175093069,0 2024,['CWE-269'],"static void detach_mnt(struct vfsmount *mnt, struct nameidata *old_nd) { old_nd->dentry = mnt->mnt_mountpoint; old_nd->mnt = mnt->mnt_parent; mnt->mnt_parent = mnt; mnt->mnt_mountpoint = mnt->mnt_root; list_del_init(&mnt->mnt_child); list_del_init(&mnt->mnt_hash); old_nd->dentry->d_mounted--; }",linux-2.6,,,108436907603225679466945050597254324304,0 545,CWE-189,"static int newary(struct ipc_namespace *ns, struct ipc_params *params) { int id; int retval; struct sem_array *sma; int size; key_t key = params->key; int nsems = params->u.nsems; int semflg = params->flg; int i; if (!nsems) return -EINVAL; if (ns->used_sems + nsems > ns->sc_semmns) return -ENOSPC; size = sizeof (*sma) + nsems * sizeof (struct sem); sma = ipc_rcu_alloc(size); if (!sma) { return -ENOMEM; } memset (sma, 0, size); sma->sem_perm.mode = (semflg & S_IRWXUGO); sma->sem_perm.key = key; sma->sem_perm.security = NULL; retval = security_sem_alloc(sma); if (retval) { ipc_rcu_putref(sma); return retval; } id = ipc_addid(&sem_ids(ns), &sma->sem_perm, ns->sc_semmni); if (id < 0) { security_sem_free(sma); ipc_rcu_putref(sma); return id; } ns->used_sems += nsems; sma->sem_base = (struct sem *) &sma[1]; for (i = 0; i < nsems; i++) INIT_LIST_HEAD(&sma->sem_base[i].sem_pending); sma->complex_count = 0; INIT_LIST_HEAD(&sma->sem_pending); INIT_LIST_HEAD(&sma->list_id); sma->sem_nsems = nsems; sma->sem_ctime = get_seconds(); sem_unlock(sma); return sma->sem_perm.id; }",visit repo url,ipc/sem.c,https://github.com/torvalds/linux,177302219885803,1 5264,['CWE-264'],"static struct pai_val *create_pai_val(char *buf, size_t size) { char *entry_offset; struct pai_val *paiv = NULL; int i; if (!check_pai_ok(buf, size)) return NULL; paiv = SMB_MALLOC_P(struct pai_val); if (!paiv) return NULL; memset(paiv, '\0', sizeof(struct pai_val)); paiv->pai_protected = (CVAL(buf,PAI_FLAG_OFFSET) == PAI_ACL_FLAG_PROTECTED); paiv->num_entries = SVAL(buf,PAI_NUM_ENTRIES_OFFSET); paiv->num_def_entries = SVAL(buf,PAI_NUM_DEFAULT_ENTRIES_OFFSET); entry_offset = buf + PAI_ENTRIES_BASE; DEBUG(10,(""create_pai_val:%s num_entries = %u, num_def_entries = %u\n"", paiv->pai_protected ? "" (pai_protected)"" : """", paiv->num_entries, paiv->num_def_entries )); for (i = 0; i < paiv->num_entries; i++) { struct pai_entry *paie; paie = SMB_MALLOC_P(struct pai_entry); if (!paie) { free_inherited_info(paiv); return NULL; } paie->owner_type = (enum ace_owner)CVAL(entry_offset,0); switch( paie->owner_type) { case UID_ACE: paie->unix_ug.uid = (uid_t)IVAL(entry_offset,1); DEBUG(10,(""create_pai_val: uid = %u\n"", (unsigned int)paie->unix_ug.uid )); break; case GID_ACE: paie->unix_ug.gid = (gid_t)IVAL(entry_offset,1); DEBUG(10,(""create_pai_val: gid = %u\n"", (unsigned int)paie->unix_ug.gid )); break; case WORLD_ACE: paie->unix_ug.world = -1; DEBUG(10,(""create_pai_val: world ace\n"")); break; default: free_inherited_info(paiv); return NULL; } entry_offset += PAI_ENTRY_LENGTH; DLIST_ADD(paiv->entry_list, paie); } for (i = 0; i < paiv->num_def_entries; i++) { struct pai_entry *paie; paie = SMB_MALLOC_P(struct pai_entry); if (!paie) { free_inherited_info(paiv); return NULL; } paie->owner_type = (enum ace_owner)CVAL(entry_offset,0); switch( paie->owner_type) { case UID_ACE: paie->unix_ug.uid = (uid_t)IVAL(entry_offset,1); DEBUG(10,(""create_pai_val: (def) uid = %u\n"", (unsigned int)paie->unix_ug.uid )); break; case GID_ACE: paie->unix_ug.gid = (gid_t)IVAL(entry_offset,1); DEBUG(10,(""create_pai_val: (def) gid = %u\n"", (unsigned int)paie->unix_ug.gid )); break; case WORLD_ACE: paie->unix_ug.world = -1; DEBUG(10,(""create_pai_val: (def) world ace\n"")); break; default: free_inherited_info(paiv); return NULL; } entry_offset += PAI_ENTRY_LENGTH; DLIST_ADD(paiv->def_entry_list, paie); } return paiv; }",samba,,,80658184537613043336267339431111254315,0 2247,CWE-400,"static inline void exit_io_context(void) { }",visit repo url,include/linux/iocontext.h,https://github.com/torvalds/linux,168999249885970,1 1546,CWE-476,"static int rfcomm_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) { struct sockaddr_rc *sa = (struct sockaddr_rc *) addr; struct sock *sk = sock->sk; int chan = sa->rc_channel; int err = 0; BT_DBG(""sk %p %pMR"", sk, &sa->rc_bdaddr); if (!addr || addr->sa_family != AF_BLUETOOTH) return -EINVAL; lock_sock(sk); if (sk->sk_state != BT_OPEN) { err = -EBADFD; goto done; } if (sk->sk_type != SOCK_STREAM) { err = -EINVAL; goto done; } write_lock(&rfcomm_sk_list.lock); if (chan && __rfcomm_get_listen_sock_by_addr(chan, &sa->rc_bdaddr)) { err = -EADDRINUSE; } else { bacpy(&rfcomm_pi(sk)->src, &sa->rc_bdaddr); rfcomm_pi(sk)->channel = chan; sk->sk_state = BT_BOUND; } write_unlock(&rfcomm_sk_list.lock); done: release_sock(sk); return err; }",visit repo url,net/bluetooth/rfcomm/sock.c,https://github.com/torvalds/linux,235436362652005,1 3319,[],"static inline int nla_put_msecs(struct sk_buff *skb, int attrtype, unsigned long jiffies) { u64 tmp = jiffies_to_msecs(jiffies); return nla_put(skb, attrtype, sizeof(u64), &tmp); }",linux-2.6,,,101859916229626143152948452764238316337,0 2936,['CWE-189'],"static int jpc_dec_process_ppt(jpc_dec_t *dec, jpc_ms_t *ms) { jpc_ppt_t *ppt = &ms->parms.ppt; jpc_dec_tile_t *tile; jpc_ppxstabent_t *pptstabent; tile = dec->curtile; if (!tile->pptstab) { if (!(tile->pptstab = jpc_ppxstab_create())) { return -1; } } if (!(pptstabent = jpc_ppxstabent_create())) { return -1; } pptstabent->ind = ppt->ind; pptstabent->data = ppt->data; ppt->data = 0; pptstabent->len = ppt->len; if (jpc_ppxstab_insert(tile->pptstab, pptstabent)) { return -1; } return 0; }",jasper,,,110122781081095951078930962935339103998,0 225,CWE-285,"static int __f2fs_set_acl(struct inode *inode, int type, struct posix_acl *acl, struct page *ipage) { int name_index; void *value = NULL; size_t size = 0; int error; switch (type) { case ACL_TYPE_ACCESS: name_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS; if (acl) { error = posix_acl_equiv_mode(acl, &inode->i_mode); if (error < 0) return error; set_acl_inode(inode, inode->i_mode); if (error == 0) acl = NULL; } break; case ACL_TYPE_DEFAULT: name_index = F2FS_XATTR_INDEX_POSIX_ACL_DEFAULT; if (!S_ISDIR(inode->i_mode)) return acl ? -EACCES : 0; break; default: return -EINVAL; } if (acl) { value = f2fs_acl_to_disk(acl, &size); if (IS_ERR(value)) { clear_inode_flag(inode, FI_ACL_MODE); return (int)PTR_ERR(value); } } error = f2fs_setxattr(inode, name_index, """", value, size, ipage, 0); kfree(value); if (!error) set_cached_acl(inode, type, acl); clear_inode_flag(inode, FI_ACL_MODE); return error; }",visit repo url,fs/f2fs/acl.c,https://github.com/torvalds/linux,87377424275197,1 2312,['CWE-120'],"static int path_walk(const char *name, struct nameidata *nd) { current->total_link_count = 0; return link_path_walk(name, nd); }",linux-2.6,,,175663697714013778809533803183227826061,0 4460,CWE-682,"static void WritePixel(struct ngiflib_img * i, struct ngiflib_decode_context * context, u8 v) { struct ngiflib_gif * p = i->parent; if(v!=i->gce.transparent_color || !i->gce.transparent_flag) { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif *context->frbuff_p.p8 = v; #ifndef NGIFLIB_INDEXED_ONLY } else *context->frbuff_p.p32 = GifIndexToTrueColor(i->palette, v); #endif } if(--(context->Xtogo) <= 0) { #ifdef NGIFLIB_ENABLE_CALLBACKS if(p->line_cb) p->line_cb(p, context->line_p, context->curY); #endif context->Xtogo = i->width; switch(context->pass) { case 0: context->curY++; break; case 1: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 4; } break; case 2: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 2; } break; case 3: context->curY += 4; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 1; } break; case 4: context->curY += 2; break; } #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width; context->frbuff_p.p8 = context->line_p.p8 + i->posX; #else context->frbuff_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width + i->posX; #endif #ifndef NGIFLIB_INDEXED_ONLY } else { #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width; context->frbuff_p.p32 = context->line_p.p32 + i->posX; #else context->frbuff_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width + i->posX; #endif } #endif } else { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif context->frbuff_p.p8++; #ifndef NGIFLIB_INDEXED_ONLY } else { context->frbuff_p.p32++; } #endif } }",visit repo url,ngiflib.c,https://github.com/miniupnp/ngiflib,7890393301892,1 3565,['CWE-20'],"int sctp_process_asconf_ack(struct sctp_association *asoc, struct sctp_chunk *asconf_ack) { struct sctp_chunk *asconf = asoc->addip_last_asconf; union sctp_addr_param *addr_param; sctp_addip_param_t *asconf_param; int length = 0; int asconf_len = asconf->skb->len; int all_param_pass = 0; int no_err = 1; int retval = 0; __be16 err_code = SCTP_ERROR_NO_ERROR; length = sizeof(sctp_addip_chunk_t); addr_param = (union sctp_addr_param *)(asconf->skb->data + length); asconf_len -= length; length = ntohs(addr_param->v4.param_hdr.length); asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); asconf_len -= length; if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) all_param_pass = 1; while (asconf_len > 0) { if (all_param_pass) err_code = SCTP_ERROR_NO_ERROR; else { err_code = sctp_get_asconf_response(asconf_ack, asconf_param, no_err); if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) no_err = 0; } switch (err_code) { case SCTP_ERROR_NO_ERROR: retval = sctp_asconf_param_success(asoc, asconf_param); break; case SCTP_ERROR_RSRC_LOW: retval = 1; break; case SCTP_ERROR_INV_PARAM: asoc->peer.addip_disabled_mask |= asconf_param->param_hdr.type; break; case SCTP_ERROR_REQ_REFUSED: case SCTP_ERROR_DEL_LAST_IP: case SCTP_ERROR_DEL_SRC_IP: default: break; } length = ntohs(asconf_param->param_hdr.length); asconf_param = (sctp_addip_param_t *)((void *)asconf_param + length); asconf_len -= length; } list_del_init(&asconf->transmitted_list); sctp_chunk_free(asconf); asoc->addip_last_asconf = NULL; if (!list_empty(&asoc->addip_chunk_list)) { struct list_head *entry = asoc->addip_chunk_list.next; asconf = list_entry(entry, struct sctp_chunk, list); list_del_init(entry); sctp_chunk_hold(asconf); if (sctp_primitive_ASCONF(asoc, asconf)) sctp_chunk_free(asconf); else asoc->addip_last_asconf = asconf; } return retval; }",linux-2.6,,,237883456462870253468859342155312005073,0 2545,['CWE-119'],"static void show_stats(struct diffstat_t* data, struct diff_options *options) { int i, len, add, del, total, adds = 0, dels = 0; int max_change = 0, max_len = 0; int total_files = data->nr; int width, name_width; const char *reset, *set, *add_c, *del_c; if (data->nr == 0) return; width = options->stat_width ? options->stat_width : 80; name_width = options->stat_name_width ? options->stat_name_width : 50; if (width < name_width + 15) { if (name_width <= 25) width = name_width + 15; else name_width = width - 15; } reset = diff_get_color_opt(options, DIFF_RESET); set = diff_get_color_opt(options, DIFF_PLAIN); add_c = diff_get_color_opt(options, DIFF_FILE_NEW); del_c = diff_get_color_opt(options, DIFF_FILE_OLD); for (i = 0; i < data->nr; i++) { struct diffstat_file *file = data->files[i]; int change = file->added + file->deleted; fill_print_name(file); len = strlen(file->print_name); if (max_len < len) max_len = len; if (file->is_binary || file->is_unmerged) continue; if (max_change < change) max_change = change; } name_width = (name_width < max_len) ? name_width : max_len; if (width < (name_width + 10) + max_change) width = width - (name_width + 10); else width = max_change; for (i = 0; i < data->nr; i++) { const char *prefix = """"; char *name = data->files[i]->print_name; int added = data->files[i]->added; int deleted = data->files[i]->deleted; int name_len; len = name_width; name_len = strlen(name); if (name_width < name_len) { char *slash; prefix = ""...""; len -= 3; name += name_len - len; slash = strchr(name, '/'); if (slash) name = slash; } if (data->files[i]->is_binary) { show_name(options->file, prefix, name, len, reset, set); fprintf(options->file, "" Bin ""); fprintf(options->file, ""%s%d%s"", del_c, deleted, reset); fprintf(options->file, "" -> ""); fprintf(options->file, ""%s%d%s"", add_c, added, reset); fprintf(options->file, "" bytes""); fprintf(options->file, ""\n""); continue; } else if (data->files[i]->is_unmerged) { show_name(options->file, prefix, name, len, reset, set); fprintf(options->file, "" Unmerged\n""); continue; } else if (!data->files[i]->is_renamed && (added + deleted == 0)) { total_files--; continue; } add = added; del = deleted; total = add + del; adds += add; dels += del; if (width <= max_change) { add = scale_linear(add, width, max_change); del = scale_linear(del, width, max_change); total = add + del; } show_name(options->file, prefix, name, len, reset, set); fprintf(options->file, ""%5d "", added + deleted); show_graph(options->file, '+', add, add_c, reset); show_graph(options->file, '-', del, del_c, reset); fprintf(options->file, ""\n""); } fprintf(options->file, ""%s %d files changed, %d insertions(+), %d deletions(-)%s\n"", set, total_files, adds, dels, reset); }",git,,,176335482267313147775623553006578100391,0 2665,CWE-190,"zend_object_iterator *spl_filesystem_dir_get_iterator(zend_class_entry *ce, zval *object, int by_ref TSRMLS_DC) { spl_filesystem_iterator *iterator; spl_filesystem_object *dir_object; if (by_ref) { zend_error(E_ERROR, ""An iterator cannot be used with foreach by reference""); } dir_object = (spl_filesystem_object*)zend_object_store_get_object(object TSRMLS_CC); iterator = spl_filesystem_object_to_iterator(dir_object); if (iterator->intern.data == NULL) { iterator->intern.data = object; iterator->intern.funcs = &spl_filesystem_dir_it_funcs; iterator->current = object; } zval_add_ref(&object); return (zend_object_iterator*)iterator; }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,127339181932781,1 3647,CWE-119,"CAMLprim value caml_alloc_dummy_float (value size) { mlsize_t wosize = Int_val(size) * Double_wosize; if (wosize == 0) return Atom(0); return caml_alloc (wosize, 0); }",visit repo url,byterun/alloc.c,https://github.com/ocaml/ocaml,203611356361219,1 1608,[],"unsigned long long __attribute__((weak)) sched_clock(void) { return (unsigned long long)jiffies * (NSEC_PER_SEC / HZ); }",linux-2.6,,,239463041975406072337310176719619407303,0 605,CWE-189,"static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, netdev_features_t features) { struct sk_buff *segs = ERR_PTR(-EINVAL); unsigned int mss; unsigned int unfrag_ip6hlen, unfrag_len; struct frag_hdr *fptr; u8 *packet_start, *prevhdr; u8 nexthdr; u8 frag_hdr_sz = sizeof(struct frag_hdr); int offset; __wsum csum; int tnl_hlen; mss = skb_shinfo(skb)->gso_size; if (unlikely(skb->len <= mss)) goto out; if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) { int type = skb_shinfo(skb)->gso_type; if (unlikely(type & ~(SKB_GSO_UDP | SKB_GSO_DODGY | SKB_GSO_UDP_TUNNEL | SKB_GSO_GRE | SKB_GSO_IPIP | SKB_GSO_SIT | SKB_GSO_MPLS) || !(type & (SKB_GSO_UDP)))) goto out; skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss); segs = NULL; goto out; } if (skb->encapsulation && skb_shinfo(skb)->gso_type & SKB_GSO_UDP_TUNNEL) segs = skb_udp_tunnel_segment(skb, features); else { offset = skb_checksum_start_offset(skb); csum = skb_checksum(skb, offset, skb->len - offset, 0); offset += skb->csum_offset; *(__sum16 *)(skb->data + offset) = csum_fold(csum); skb->ip_summed = CHECKSUM_NONE; tnl_hlen = skb_tnl_header_len(skb); if (skb_headroom(skb) < (tnl_hlen + frag_hdr_sz)) { if (gso_pskb_expand_head(skb, tnl_hlen + frag_hdr_sz)) goto out; } unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr); nexthdr = *prevhdr; *prevhdr = NEXTHDR_FRAGMENT; unfrag_len = (skb_network_header(skb) - skb_mac_header(skb)) + unfrag_ip6hlen + tnl_hlen; packet_start = (u8 *) skb->head + SKB_GSO_CB(skb)->mac_offset; memmove(packet_start-frag_hdr_sz, packet_start, unfrag_len); SKB_GSO_CB(skb)->mac_offset -= frag_hdr_sz; skb->mac_header -= frag_hdr_sz; skb->network_header -= frag_hdr_sz; fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen); fptr->nexthdr = nexthdr; fptr->reserved = 0; ipv6_select_ident(fptr, (struct rt6_info *)skb_dst(skb)); segs = skb_segment(skb, features); } out: return segs; }",visit repo url,net/ipv6/udp_offload.c,https://github.com/torvalds/linux,211231244098944,1 5749,['CWE-200'],"static int irda_open_tsap(struct irda_sock *self, __u8 tsap_sel, char *name) { notify_t notify; if (self->tsap) { IRDA_WARNING(""%s: busy!\n"", __func__); return -EBUSY; } irda_notify_init(¬ify); notify.connect_confirm = irda_connect_confirm; notify.connect_indication = irda_connect_indication; notify.disconnect_indication = irda_disconnect_indication; notify.data_indication = irda_data_indication; notify.udata_indication = irda_data_indication; notify.flow_indication = irda_flow_indication; notify.instance = self; strncpy(notify.name, name, NOTIFY_MAX_NAME); self->tsap = irttp_open_tsap(tsap_sel, DEFAULT_INITIAL_CREDIT, ¬ify); if (self->tsap == NULL) { IRDA_DEBUG(0, ""%s(), Unable to allocate TSAP!\n"", __func__); return -ENOMEM; } self->stsap_sel = self->tsap->stsap_sel; return 0; }",linux-2.6,,,151399063179959870107808211715452404236,0 1977,CWE-416,"static int may_create_in_sticky(struct dentry * const dir, struct inode * const inode) { if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) || (!sysctl_protected_regular && S_ISREG(inode->i_mode)) || likely(!(dir->d_inode->i_mode & S_ISVTX)) || uid_eq(inode->i_uid, dir->d_inode->i_uid) || uid_eq(current_fsuid(), inode->i_uid)) return 0; if (likely(dir->d_inode->i_mode & 0002) || (dir->d_inode->i_mode & 0020 && ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) || (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) { const char *operation = S_ISFIFO(inode->i_mode) ? ""sticky_create_fifo"" : ""sticky_create_regular""; audit_log_path_denied(AUDIT_ANOM_CREAT, operation); return -EACCES; } return 0; }",visit repo url,fs/namei.c,https://github.com/torvalds/linux,13755939342902,1 456,CWE-362,"static int snd_seq_ioctl_create_port(struct snd_seq_client *client, void *arg) { struct snd_seq_port_info *info = arg; struct snd_seq_client_port *port; struct snd_seq_port_callback *callback; if (info->addr.client != client->number) return -EPERM; port = snd_seq_create_port(client, (info->flags & SNDRV_SEQ_PORT_FLG_GIVEN_PORT) ? info->addr.port : -1); if (port == NULL) return -ENOMEM; if (client->type == USER_CLIENT && info->kernel) { snd_seq_delete_port(client, port->addr.port); return -EINVAL; } if (client->type == KERNEL_CLIENT) { if ((callback = info->kernel) != NULL) { if (callback->owner) port->owner = callback->owner; port->private_data = callback->private_data; port->private_free = callback->private_free; port->event_input = callback->event_input; port->c_src.open = callback->subscribe; port->c_src.close = callback->unsubscribe; port->c_dest.open = callback->use; port->c_dest.close = callback->unuse; } } info->addr = port->addr; snd_seq_set_port_info(port, info); snd_seq_system_client_ev_port_start(port->addr.client, port->addr.port); return 0; }",visit repo url,sound/core/seq/seq_clientmgr.c,https://github.com/torvalds/linux,87954522610749,1 5074,['CWE-20'],"static inline int vm_need_virtualize_apic_accesses(struct kvm *kvm) { return ((cpu_has_vmx_virtualize_apic_accesses()) && (irqchip_in_kernel(kvm))); }",linux-2.6,,,267898251848719901321006779574296231118,0 4116,['CWE-399'],"static int blk_complete_sgv4_hdr_rq(struct request *rq, struct sg_io_v4 *hdr, struct bio *bio, struct bio *bidi_bio) { int ret = 0; dprintk(""rq %p bio %p %u\n"", rq, bio, rq->errors); hdr->device_status = status_byte(rq->errors); hdr->transport_status = host_byte(rq->errors); hdr->driver_status = driver_byte(rq->errors); hdr->info = 0; if (hdr->device_status || hdr->transport_status || hdr->driver_status) hdr->info |= SG_INFO_CHECK; hdr->response_len = 0; if (rq->sense_len && hdr->response) { int len = min_t(unsigned int, hdr->max_response_len, rq->sense_len); ret = copy_to_user((void*)(unsigned long)hdr->response, rq->sense, len); if (!ret) hdr->response_len = len; else ret = -EFAULT; } if (rq->next_rq) { hdr->dout_resid = rq->data_len; hdr->din_resid = rq->next_rq->data_len; blk_rq_unmap_user(bidi_bio); blk_put_request(rq->next_rq); } else if (rq_data_dir(rq) == READ) hdr->din_resid = rq->data_len; else hdr->dout_resid = rq->data_len; if (!ret && rq->errors < 0) ret = rq->errors; blk_rq_unmap_user(bio); if (rq->cmd != rq->__cmd) kfree(rq->cmd); blk_put_request(rq); return ret; }",linux-2.6,,,145122499490416616630680913220530206224,0 1164,CWE-400,"xscale1pmu_handle_irq(int irq_num, void *dev) { unsigned long pmnc; struct perf_sample_data data; struct cpu_hw_events *cpuc; struct pt_regs *regs; int idx; pmnc = xscale1pmu_read_pmnc(); xscale1pmu_write_pmnc(pmnc & ~XSCALE_PMU_ENABLE); if (!(pmnc & XSCALE1_OVERFLOWED_MASK)) return IRQ_NONE; regs = get_irq_regs(); perf_sample_data_init(&data, 0); cpuc = &__get_cpu_var(cpu_hw_events); for (idx = 0; idx <= armpmu->num_events; ++idx) { struct perf_event *event = cpuc->events[idx]; struct hw_perf_event *hwc; if (!test_bit(idx, cpuc->active_mask)) continue; if (!xscale1_pmnc_counter_has_overflowed(pmnc, idx)) continue; hwc = &event->hw; armpmu_event_update(event, hwc, idx, 1); data.period = event->hw.last_period; if (!armpmu_event_set_period(event, hwc, idx)) continue; if (perf_event_overflow(event, 0, &data, regs)) armpmu->disable(hwc, idx); } irq_work_run(); pmnc = xscale1pmu_read_pmnc() | XSCALE_PMU_ENABLE; xscale1pmu_write_pmnc(pmnc); return IRQ_HANDLED; }",visit repo url,arch/arm/kernel/perf_event_xscale.c,https://github.com/torvalds/linux,193070681178008,1 6511,['CWE-20'],"static int emulate_popa(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) { struct decode_cache *c = &ctxt->decode; int rc = 0; int reg = VCPU_REGS_RDI; while (reg >= VCPU_REGS_RAX) { if (reg == VCPU_REGS_RSP) { register_address_increment(c, &c->regs[VCPU_REGS_RSP], c->op_bytes); --reg; } rc = emulate_pop(ctxt, ops, &c->regs[reg], c->op_bytes); if (rc != 0) break; --reg; } return rc; }",kvm,,,75298110751489036347391123146682052275,0 6510,CWE-697,"static void uc_invalidate_tb(struct uc_struct *uc, uint64_t start_addr, size_t len) { tb_page_addr_t start, end; start = get_page_addr_code(uc->cpu->env_ptr, start_addr) & (target_ulong)(-1); end = (start + len) & (target_ulong)(-1); if (start > end) { return; } tb_invalidate_phys_range(uc, start, end); }",visit repo url,qemu/accel/tcg/translate-all.c,https://github.com/unicorn-engine/unicorn,270764579118690,1 51,['CWE-787'],"static void cirrus_mmio_blt_write(CirrusVGAState * s, unsigned address, uint8_t value) { switch (address) { case (CIRRUS_MMIO_BLTBGCOLOR + 0): cirrus_hook_write_gr(s, 0x00, value); break; case (CIRRUS_MMIO_BLTBGCOLOR + 1): cirrus_hook_write_gr(s, 0x10, value); break; case (CIRRUS_MMIO_BLTBGCOLOR + 2): cirrus_hook_write_gr(s, 0x12, value); break; case (CIRRUS_MMIO_BLTBGCOLOR + 3): cirrus_hook_write_gr(s, 0x14, value); break; case (CIRRUS_MMIO_BLTFGCOLOR + 0): cirrus_hook_write_gr(s, 0x01, value); break; case (CIRRUS_MMIO_BLTFGCOLOR + 1): cirrus_hook_write_gr(s, 0x11, value); break; case (CIRRUS_MMIO_BLTFGCOLOR + 2): cirrus_hook_write_gr(s, 0x13, value); break; case (CIRRUS_MMIO_BLTFGCOLOR + 3): cirrus_hook_write_gr(s, 0x15, value); break; case (CIRRUS_MMIO_BLTWIDTH + 0): cirrus_hook_write_gr(s, 0x20, value); break; case (CIRRUS_MMIO_BLTWIDTH + 1): cirrus_hook_write_gr(s, 0x21, value); break; case (CIRRUS_MMIO_BLTHEIGHT + 0): cirrus_hook_write_gr(s, 0x22, value); break; case (CIRRUS_MMIO_BLTHEIGHT + 1): cirrus_hook_write_gr(s, 0x23, value); break; case (CIRRUS_MMIO_BLTDESTPITCH + 0): cirrus_hook_write_gr(s, 0x24, value); break; case (CIRRUS_MMIO_BLTDESTPITCH + 1): cirrus_hook_write_gr(s, 0x25, value); break; case (CIRRUS_MMIO_BLTSRCPITCH + 0): cirrus_hook_write_gr(s, 0x26, value); break; case (CIRRUS_MMIO_BLTSRCPITCH + 1): cirrus_hook_write_gr(s, 0x27, value); break; case (CIRRUS_MMIO_BLTDESTADDR + 0): cirrus_hook_write_gr(s, 0x28, value); break; case (CIRRUS_MMIO_BLTDESTADDR + 1): cirrus_hook_write_gr(s, 0x29, value); break; case (CIRRUS_MMIO_BLTDESTADDR + 2): cirrus_hook_write_gr(s, 0x2a, value); break; case (CIRRUS_MMIO_BLTDESTADDR + 3): break; case (CIRRUS_MMIO_BLTSRCADDR + 0): cirrus_hook_write_gr(s, 0x2c, value); break; case (CIRRUS_MMIO_BLTSRCADDR + 1): cirrus_hook_write_gr(s, 0x2d, value); break; case (CIRRUS_MMIO_BLTSRCADDR + 2): cirrus_hook_write_gr(s, 0x2e, value); break; case CIRRUS_MMIO_BLTWRITEMASK: cirrus_hook_write_gr(s, 0x2f, value); break; case CIRRUS_MMIO_BLTMODE: cirrus_hook_write_gr(s, 0x30, value); break; case CIRRUS_MMIO_BLTROP: cirrus_hook_write_gr(s, 0x32, value); break; case CIRRUS_MMIO_BLTMODEEXT: cirrus_hook_write_gr(s, 0x33, value); break; case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0): cirrus_hook_write_gr(s, 0x34, value); break; case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1): cirrus_hook_write_gr(s, 0x35, value); break; case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0): cirrus_hook_write_gr(s, 0x38, value); break; case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1): cirrus_hook_write_gr(s, 0x39, value); break; case CIRRUS_MMIO_BLTSTATUS: cirrus_hook_write_gr(s, 0x31, value); break; default: #ifdef DEBUG_CIRRUS printf(""cirrus: mmio write - addr 0x%04x val 0x%02x (ignored)\n"", address, value); #endif break; } }",qemu,,,247476223324605392633727640251935904726,0 1094,CWE-399,"static unsigned int khugepaged_scan_mm_slot(unsigned int pages, struct page **hpage) { struct mm_slot *mm_slot; struct mm_struct *mm; struct vm_area_struct *vma; int progress = 0; VM_BUG_ON(!pages); VM_BUG_ON(!spin_is_locked(&khugepaged_mm_lock)); if (khugepaged_scan.mm_slot) mm_slot = khugepaged_scan.mm_slot; else { mm_slot = list_entry(khugepaged_scan.mm_head.next, struct mm_slot, mm_node); khugepaged_scan.address = 0; khugepaged_scan.mm_slot = mm_slot; } spin_unlock(&khugepaged_mm_lock); mm = mm_slot->mm; down_read(&mm->mmap_sem); if (unlikely(khugepaged_test_exit(mm))) vma = NULL; else vma = find_vma(mm, khugepaged_scan.address); progress++; for (; vma; vma = vma->vm_next) { unsigned long hstart, hend; cond_resched(); if (unlikely(khugepaged_test_exit(mm))) { progress++; break; } if ((!(vma->vm_flags & VM_HUGEPAGE) && !khugepaged_always()) || (vma->vm_flags & VM_NOHUGEPAGE)) { skip: progress++; continue; } if (!vma->anon_vma || vma->vm_ops || vma->vm_file) goto skip; if (is_vma_temporary_stack(vma)) goto skip; VM_BUG_ON(is_linear_pfn_mapping(vma) || is_pfn_mapping(vma)); hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK; hend = vma->vm_end & HPAGE_PMD_MASK; if (hstart >= hend) goto skip; if (khugepaged_scan.address > hend) goto skip; if (khugepaged_scan.address < hstart) khugepaged_scan.address = hstart; VM_BUG_ON(khugepaged_scan.address & ~HPAGE_PMD_MASK); while (khugepaged_scan.address < hend) { int ret; cond_resched(); if (unlikely(khugepaged_test_exit(mm))) goto breakouterloop; VM_BUG_ON(khugepaged_scan.address < hstart || khugepaged_scan.address + HPAGE_PMD_SIZE > hend); ret = khugepaged_scan_pmd(mm, vma, khugepaged_scan.address, hpage); khugepaged_scan.address += HPAGE_PMD_SIZE; progress += HPAGE_PMD_NR; if (ret) goto breakouterloop_mmap_sem; if (progress >= pages) goto breakouterloop; } } breakouterloop: up_read(&mm->mmap_sem); breakouterloop_mmap_sem: spin_lock(&khugepaged_mm_lock); VM_BUG_ON(khugepaged_scan.mm_slot != mm_slot); if (khugepaged_test_exit(mm) || !vma) { if (mm_slot->mm_node.next != &khugepaged_scan.mm_head) { khugepaged_scan.mm_slot = list_entry( mm_slot->mm_node.next, struct mm_slot, mm_node); khugepaged_scan.address = 0; } else { khugepaged_scan.mm_slot = NULL; khugepaged_full_scans++; } collect_mm_slot(mm_slot); } return progress; }",visit repo url,mm/huge_memory.c,https://github.com/torvalds/linux,68005144809456,1 1385,[],"static void task_new_fair(struct rq *rq, struct task_struct *p) { struct cfs_rq *cfs_rq = task_cfs_rq(p); struct sched_entity *se = &p->se, *curr = cfs_rq->curr; int this_cpu = smp_processor_id(); sched_info_queued(p); update_curr(cfs_rq); place_entity(cfs_rq, se, 1); if (sysctl_sched_child_runs_first && this_cpu == task_cpu(p) && curr && curr->vruntime < se->vruntime) { swap(curr->vruntime, se->vruntime); } enqueue_task_fair(rq, p, 0); resched_task(rq->curr); }",linux-2.6,,,20302769891696014071032141641376931856,0 4804,CWE-119,"static int gemsafe_get_cert_len(sc_card_t *card) { int r; u8 ibuf[GEMSAFE_MAX_OBJLEN]; u8 *iptr; struct sc_path path; struct sc_file *file; size_t objlen, certlen; unsigned int ind, i=0; sc_format_path(GEMSAFE_PATH, &path); r = sc_select_file(card, &path, &file); if (r != SC_SUCCESS || !file) return SC_ERROR_INTERNAL; r = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0); if (r < 0) return SC_ERROR_INTERNAL; objlen = (((size_t) ibuf[0]) << 8) | ibuf[1]; sc_log(card->ctx, ""Stored object is of size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); if (objlen < 1 || objlen > GEMSAFE_MAX_OBJLEN) { sc_log(card->ctx, ""Invalid object size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); return SC_ERROR_INTERNAL; } ind = 2; while (ibuf[ind] == 0x01) { if (ibuf[ind+1] == 0xFE) { gemsafe_prkeys[i].ref = ibuf[ind+4]; sc_log(card->ctx, ""Key container %d is allocated and uses key_ref %d"", i+1, gemsafe_prkeys[i].ref); ind += 9; } else { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; sc_log(card->ctx, ""Key container %d is unallocated"", i+1); ind += 8; } i++; } for (; i < gemsafe_cert_max; i++) { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } iptr = ibuf + GEMSAFE_READ_QUANTUM; while ((size_t)(iptr - ibuf) < objlen) { r = sc_read_binary(card, iptr - ibuf, iptr, MIN(GEMSAFE_READ_QUANTUM, objlen - (iptr - ibuf)), 0); if (r < 0) { sc_log(card->ctx, ""Could not read cert object""); return SC_ERROR_INTERNAL; } iptr += GEMSAFE_READ_QUANTUM; } i = 0; while (ind < objlen - 1) { if (ibuf[ind] == 0x30 && ibuf[ind+1] == 0x82) { while (i < gemsafe_cert_max && gemsafe_cert[i].label == NULL) i++; if (i == gemsafe_cert_max) { sc_log(card->ctx, ""Warning: Found orphaned certificate at offset %d"", ind); return SC_SUCCESS; } if (ind+3 >= sizeof ibuf) return SC_ERROR_INVALID_DATA; certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4; sc_log(card->ctx, ""Found certificate of key container %d at offset %d, len %""SC_FORMAT_LEN_SIZE_T""u"", i+1, ind, certlen); gemsafe_cert[i].index = ind; gemsafe_cert[i].count = certlen; ind += certlen; i++; } else ind++; } for (; i < gemsafe_cert_max; i++) { if (gemsafe_cert[i].label) { sc_log(card->ctx, ""Warning: Certificate of key container %d is missing"", i+1); gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-gemsafeV1.c,https://github.com/OpenSC/OpenSC,187411920034295,1 6275,['CWE-200'],"static struct Qdisc_ops *qdisc_lookup_ops(struct rtattr *kind) { struct Qdisc_ops *q = NULL; if (kind) { read_lock(&qdisc_mod_lock); for (q = qdisc_base; q; q = q->next) { if (rtattr_strcmp(kind, q->id) == 0) { if (!try_module_get(q->owner)) q = NULL; break; } } read_unlock(&qdisc_mod_lock); } return q; }",linux-2.6,,,310847918606954425139289286389661815946,0 5455,['CWE-476'],"static int msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs __user *user_msrs, int (*do_msr)(struct kvm_vcpu *vcpu, unsigned index, u64 *data), int writeback) { struct kvm_msrs msrs; struct kvm_msr_entry *entries; int r, n; unsigned size; r = -EFAULT; if (copy_from_user(&msrs, user_msrs, sizeof msrs)) goto out; r = -E2BIG; if (msrs.nmsrs >= MAX_IO_MSRS) goto out; r = -ENOMEM; size = sizeof(struct kvm_msr_entry) * msrs.nmsrs; entries = vmalloc(size); if (!entries) goto out; r = -EFAULT; if (copy_from_user(entries, user_msrs->entries, size)) goto out_free; r = n = __msr_io(vcpu, &msrs, entries, do_msr); if (r < 0) goto out_free; r = -EFAULT; if (writeback && copy_to_user(user_msrs->entries, entries, size)) goto out_free; r = n; out_free: vfree(entries); out: return r; }",linux-2.6,,,275885616134243974872963937957623721786,0 5671,['CWE-476'],"static struct sock *udp_get_idx(struct seq_file *seq, loff_t pos) { struct sock *sk = udp_get_first(seq); if (sk) while(pos && (sk = udp_get_next(seq, sk)) != NULL) --pos; return pos ? NULL : sk; }",linux-2.6,,,95448783252805770374762767980301286950,0 1321,CWE-399,"static void hugetlb_vm_op_close(struct vm_area_struct *vma) { struct hstate *h = hstate_vma(vma); struct resv_map *reservations = vma_resv_map(vma); struct hugepage_subpool *spool = subpool_vma(vma); unsigned long reserve; unsigned long start; unsigned long end; if (reservations) { start = vma_hugecache_offset(h, vma, vma->vm_start); end = vma_hugecache_offset(h, vma, vma->vm_end); reserve = (end - start) - region_count(&reservations->regions, start, end); kref_put(&reservations->refs, resv_map_release); if (reserve) { hugetlb_acct_memory(h, -reserve); hugepage_subpool_put_pages(spool, reserve); } } }",visit repo url,mm/hugetlb.c,https://github.com/torvalds/linux,245837221816304,1 2381,['CWE-119'],"static unsigned long sane_truncate_line(struct emit_callback *ecb, char *line, unsigned long len) { const char *cp; unsigned long allot; size_t l = len; if (ecb->truncate) return ecb->truncate(line, len); cp = line; allot = l; while (0 < l) { (void) utf8_width(&cp, &l); if (!cp) break; } return allot - l; }",git,,,65024324567824516316286766461894567670,0 6466,[],"lt_dlcaller_get_data (lt_dlinterface_id key, lt_dlhandle handle) { void *result = (void *) 0; lt_dlhandle cur = handle; if (cur->interface_data) { int i; for (i = 0; cur->interface_data[i].key; ++i) { if (cur->interface_data[i].key == key) { result = cur->interface_data[i].data; break; } } } return result; }",libtool,,,80962387826696071151953124759064997339,0 3283,['CWE-189'],"int jp2_box_put(jp2_box_t *box, jas_stream_t *out) { jas_stream_t *tmpstream; bool extlen; bool dataflag; tmpstream = 0; dataflag = !(box->info->flags & (JP2_BOX_SUPER | JP2_BOX_NODATA)); if (dataflag) { tmpstream = jas_stream_memopen(0, 0); if (box->ops->putdata) { if ((*box->ops->putdata)(box, tmpstream)) { goto error; } } box->len = jas_stream_tell(tmpstream) + JP2_BOX_HDRLEN(false); jas_stream_rewind(tmpstream); } extlen = (box->len >= (((uint_fast64_t)1) << 32)) != 0; if (jp2_putuint32(out, extlen ? 1 : box->len)) { goto error; } if (jp2_putuint32(out, box->type)) { goto error; } if (extlen) { if (jp2_putuint64(out, box->len)) { goto error; } } if (dataflag) { if (jas_stream_copy(out, tmpstream, box->len - JP2_BOX_HDRLEN(false))) { goto error; } jas_stream_close(tmpstream); } return 0; error: if (tmpstream) { jas_stream_close(tmpstream); } return -1; }",jasper,,,189414930389170276442754322728871988759,0 260,CWE-125,"static void rtc_irq_eoi_tracking_reset(struct kvm_ioapic *ioapic) { ioapic->rtc_status.pending_eoi = 0; bitmap_zero(ioapic->rtc_status.dest_map.map, KVM_MAX_VCPUS); }",visit repo url,arch/x86/kvm/ioapic.c,https://github.com/torvalds/linux,25495571592702,1 1628,CWE-264,"struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) { struct tcp_options_received tcp_opt; struct inet_request_sock *ireq; struct tcp_request_sock *treq; struct ipv6_pinfo *np = inet6_sk(sk); struct tcp_sock *tp = tcp_sk(sk); const struct tcphdr *th = tcp_hdr(skb); __u32 cookie = ntohl(th->ack_seq) - 1; struct sock *ret = sk; struct request_sock *req; int mss; struct dst_entry *dst; __u8 rcv_wscale; if (!sysctl_tcp_syncookies || !th->ack || th->rst) goto out; if (tcp_synq_no_recent_overflow(sk)) goto out; mss = __cookie_v6_check(ipv6_hdr(skb), th, cookie); if (mss == 0) { NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); goto out; } NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESRECV); memset(&tcp_opt, 0, sizeof(tcp_opt)); tcp_parse_options(skb, &tcp_opt, 0, NULL); if (!cookie_timestamp_decode(&tcp_opt)) goto out; ret = NULL; req = inet_reqsk_alloc(&tcp6_request_sock_ops, sk, false); if (!req) goto out; ireq = inet_rsk(req); treq = tcp_rsk(req); treq->tfo_listener = false; if (security_inet_conn_request(sk, skb, req)) goto out_free; req->mss = mss; ireq->ir_rmt_port = th->source; ireq->ir_num = ntohs(th->dest); ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) || np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { atomic_inc(&skb->users); ireq->pktopts = skb; } ireq->ir_iif = sk->sk_bound_dev_if; if (!sk->sk_bound_dev_if && ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL) ireq->ir_iif = tcp_v6_iif(skb); ireq->ir_mark = inet_request_mark(sk, skb); req->num_retrans = 0; ireq->snd_wscale = tcp_opt.snd_wscale; ireq->sack_ok = tcp_opt.sack_ok; ireq->wscale_ok = tcp_opt.wscale_ok; ireq->tstamp_ok = tcp_opt.saw_tstamp; req->ts_recent = tcp_opt.saw_tstamp ? tcp_opt.rcv_tsval : 0; treq->snt_synack.v64 = 0; treq->rcv_isn = ntohl(th->seq) - 1; treq->snt_isn = cookie; { struct in6_addr *final_p, final; struct flowi6 fl6; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_proto = IPPROTO_TCP; fl6.daddr = ireq->ir_v6_rmt_addr; final_p = fl6_update_dst(&fl6, np->opt, &final); fl6.saddr = ireq->ir_v6_loc_addr; fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = ireq->ir_mark; fl6.fl6_dport = ireq->ir_rmt_port; fl6.fl6_sport = inet_sk(sk)->inet_sport; security_req_classify_flow(req, flowi6_to_flowi(&fl6)); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) goto out_free; } req->rsk_window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); tcp_select_initial_window(tcp_full_space(sk), req->mss, &req->rsk_rcv_wnd, &req->rsk_window_clamp, ireq->wscale_ok, &rcv_wscale, dst_metric(dst, RTAX_INITRWND)); ireq->rcv_wscale = rcv_wscale; ireq->ecn_ok = cookie_ecn_ok(&tcp_opt, sock_net(sk), dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); out: return ret; out_free: reqsk_free(req); return NULL; }",visit repo url,net/ipv6/syncookies.c,https://github.com/torvalds/linux,256855057637539,1 5404,CWE-787,"static void rfbProcessClientNormalMessage(rfbClientPtr cl) { int n; rfbClientToServerMsg msg; char *str; READ((char *)&msg, 1) switch (msg.type) { case rfbSetPixelFormat: READ(((char *)&msg) + 1, sz_rfbSetPixelFormatMsg - 1) cl->format.bitsPerPixel = msg.spf.format.bitsPerPixel; cl->format.depth = msg.spf.format.depth; cl->format.bigEndian = (msg.spf.format.bigEndian ? 1 : 0); cl->format.trueColour = (msg.spf.format.trueColour ? 1 : 0); cl->format.redMax = Swap16IfLE(msg.spf.format.redMax); cl->format.greenMax = Swap16IfLE(msg.spf.format.greenMax); cl->format.blueMax = Swap16IfLE(msg.spf.format.blueMax); cl->format.redShift = msg.spf.format.redShift; cl->format.greenShift = msg.spf.format.greenShift; cl->format.blueShift = msg.spf.format.blueShift; cl->readyForSetColourMapEntries = TRUE; rfbSetTranslateFunction(cl); return; case rfbFixColourMapEntries: READ(((char *)&msg) + 1, sz_rfbFixColourMapEntriesMsg - 1) rfbLog(""rfbProcessClientNormalMessage: FixColourMapEntries unsupported\n""); rfbCloseClient(cl); return; case rfbSetEncodings: { int i; CARD32 enc; Bool firstFence = !cl->enableFence; Bool firstCU = !cl->enableCU; Bool firstGII = !cl->enableGII; Bool logTightCompressLevel = FALSE; READ(((char *)&msg) + 1, sz_rfbSetEncodingsMsg - 1) msg.se.nEncodings = Swap16IfLE(msg.se.nEncodings); cl->preferredEncoding = -1; cl->useCopyRect = FALSE; cl->enableCursorShapeUpdates = FALSE; cl->enableCursorPosUpdates = FALSE; cl->enableLastRectEncoding = FALSE; cl->tightCompressLevel = TIGHT_DEFAULT_COMPRESSION; cl->tightSubsampLevel = TIGHT_DEFAULT_SUBSAMP; cl->tightQualityLevel = -1; cl->imageQualityLevel = -1; for (i = 0; i < msg.se.nEncodings; i++) { READ((char *)&enc, 4) enc = Swap32IfLE(enc); switch (enc) { case rfbEncodingCopyRect: cl->useCopyRect = TRUE; break; case rfbEncodingRaw: if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; rfbLog(""Using raw encoding for client %s\n"", cl->host); } break; case rfbEncodingRRE: if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; rfbLog(""Using rre encoding for client %s\n"", cl->host); } break; case rfbEncodingCoRRE: if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; rfbLog(""Using CoRRE encoding for client %s\n"", cl->host); } break; case rfbEncodingHextile: if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; rfbLog(""Using hextile encoding for client %s\n"", cl->host); } break; case rfbEncodingZlib: if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; rfbLog(""Using zlib encoding for client %s\n"", cl->host); } break; case rfbEncodingZRLE: if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; rfbLog(""Using ZRLE encoding for client %s\n"", cl->host); } break; case rfbEncodingZYWRLE: if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; rfbLog(""Using ZYWRLE encoding for client %s\n"", cl->host); } break; case rfbEncodingTight: if (cl->preferredEncoding == -1) { cl->preferredEncoding = enc; rfbLog(""Using tight encoding for client %s\n"", cl->host); } break; case rfbEncodingXCursor: if (!cl->enableCursorShapeUpdates) { rfbLog(""Enabling X-style cursor updates for client %s\n"", cl->host); cl->enableCursorShapeUpdates = TRUE; cl->useRichCursorEncoding = FALSE; cl->cursorWasChanged = TRUE; } break; case rfbEncodingRichCursor: if (!cl->enableCursorShapeUpdates) { rfbLog(""Enabling full-color cursor updates for client %s\n"", cl->host); cl->enableCursorShapeUpdates = TRUE; cl->useRichCursorEncoding = TRUE; cl->cursorWasChanged = TRUE; } break; case rfbEncodingPointerPos: if (!cl->enableCursorPosUpdates) { rfbLog(""Enabling cursor position updates for client %s\n"", cl->host); cl->enableCursorPosUpdates = TRUE; cl->cursorWasMoved = TRUE; cl->cursorX = -1; cl->cursorY = -1; } break; case rfbEncodingLastRect: if (!cl->enableLastRectEncoding) { rfbLog(""Enabling LastRect protocol extension for client %s\n"", cl->host); cl->enableLastRectEncoding = TRUE; } break; case rfbEncodingFence: if (!cl->enableFence) { rfbLog(""Enabling Fence protocol extension for client %s\n"", cl->host); cl->enableFence = TRUE; } break; case rfbEncodingContinuousUpdates: if (!cl->enableCU) { rfbLog(""Enabling Continuous Updates protocol extension for client %s\n"", cl->host); cl->enableCU = TRUE; } break; case rfbEncodingNewFBSize: if (!cl->enableDesktopSize) { if (!rfbAuthDisableRemoteResize) { rfbLog(""Enabling Desktop Size protocol extension for client %s\n"", cl->host); cl->enableDesktopSize = TRUE; } else rfbLog(""WARNING: Remote desktop resizing disabled per system policy.\n""); } break; case rfbEncodingExtendedDesktopSize: if (!cl->enableExtDesktopSize) { if (!rfbAuthDisableRemoteResize) { rfbLog(""Enabling Extended Desktop Size protocol extension for client %s\n"", cl->host); cl->enableExtDesktopSize = TRUE; } else rfbLog(""WARNING: Remote desktop resizing disabled per system policy.\n""); } break; case rfbEncodingGII: if (!cl->enableGII) { rfbLog(""Enabling GII extension for client %s\n"", cl->host); cl->enableGII = TRUE; } break; default: if (enc >= (CARD32)rfbEncodingCompressLevel0 && enc <= (CARD32)rfbEncodingCompressLevel9) { cl->zlibCompressLevel = enc & 0x0F; cl->tightCompressLevel = enc & 0x0F; if (cl->preferredEncoding == rfbEncodingTight) logTightCompressLevel = TRUE; else rfbLog(""Using compression level %d for client %s\n"", cl->tightCompressLevel, cl->host); if (rfbInterframe == -1) { if (cl->tightCompressLevel >= 5) { if (!InterframeOn(cl)) { rfbCloseClient(cl); return; } } else InterframeOff(cl); } } else if (enc >= (CARD32)rfbEncodingSubsamp1X && enc <= (CARD32)rfbEncodingSubsampGray) { cl->tightSubsampLevel = enc & 0xFF; rfbLog(""Using JPEG subsampling %d for client %s\n"", cl->tightSubsampLevel, cl->host); } else if (enc >= (CARD32)rfbEncodingQualityLevel0 && enc <= (CARD32)rfbEncodingQualityLevel9) { cl->tightQualityLevel = JPEG_QUAL[enc & 0x0F]; cl->tightSubsampLevel = JPEG_SUBSAMP[enc & 0x0F]; cl->imageQualityLevel = enc & 0x0F; if (cl->preferredEncoding == rfbEncodingTight) rfbLog(""Using JPEG subsampling %d, Q%d for client %s\n"", cl->tightSubsampLevel, cl->tightQualityLevel, cl->host); else rfbLog(""Using image quality level %d for client %s\n"", cl->imageQualityLevel, cl->host); } else if (enc >= (CARD32)rfbEncodingFineQualityLevel0 + 1 && enc <= (CARD32)rfbEncodingFineQualityLevel100) { cl->tightQualityLevel = enc & 0xFF; rfbLog(""Using JPEG quality %d for client %s\n"", cl->tightQualityLevel, cl->host); } else { rfbLog(""rfbProcessClientNormalMessage: ignoring unknown encoding %d (%x)\n"", (int)enc, (int)enc); } } } if (cl->preferredEncoding == -1) cl->preferredEncoding = rfbEncodingTight; if (cl->preferredEncoding == rfbEncodingTight && logTightCompressLevel) rfbLog(""Using Tight compression level %d for client %s\n"", rfbTightCompressLevel(cl), cl->host); if (cl->enableCursorPosUpdates && !cl->enableCursorShapeUpdates) { rfbLog(""Disabling cursor position updates for client %s\n"", cl->host); cl->enableCursorPosUpdates = FALSE; } if (cl->enableFence && firstFence) { if (!rfbSendFence(cl, rfbFenceFlagRequest, 0, NULL)) return; } if (cl->enableCU && cl->enableFence && firstCU) { if (!rfbSendEndOfCU(cl)) return; } if (cl->enableGII && firstGII) { rfbGIIServerVersionMsg msg; msg.type = rfbGIIServer; msg.endianAndSubType = rfbGIIVersion | rfbGIIBE; msg.length = Swap16IfLE(sz_rfbGIIServerVersionMsg - 4); msg.maximumVersion = msg.minimumVersion = Swap16IfLE(1); if (WriteExact(cl, (char *)&msg, sz_rfbGIIServerVersionMsg) < 0) { rfbLogPerror(""rfbProcessClientNormalMessage: write""); rfbCloseClient(cl); return; } } return; } case rfbFramebufferUpdateRequest: { RegionRec tmpRegion; BoxRec box; READ(((char *)&msg) + 1, sz_rfbFramebufferUpdateRequestMsg - 1) box.x1 = Swap16IfLE(msg.fur.x); box.y1 = Swap16IfLE(msg.fur.y); box.x2 = box.x1 + Swap16IfLE(msg.fur.w); box.y2 = box.y1 + Swap16IfLE(msg.fur.h); SAFE_REGION_INIT(pScreen, &tmpRegion, &box, 0); if (!msg.fur.incremental || !cl->continuousUpdates) REGION_UNION(pScreen, &cl->requestedRegion, &cl->requestedRegion, &tmpRegion); if (!cl->readyForSetColourMapEntries) { cl->readyForSetColourMapEntries = TRUE; if (!cl->format.trueColour) { if (!rfbSetClientColourMap(cl, 0, 0)) { REGION_UNINIT(pScreen, &tmpRegion); return; } } } if (!msg.fur.incremental) { REGION_UNION(pScreen, &cl->modifiedRegion, &cl->modifiedRegion, &tmpRegion); REGION_SUBTRACT(pScreen, &cl->copyRegion, &cl->copyRegion, &tmpRegion); REGION_UNION(pScreen, &cl->ifRegion, &cl->ifRegion, &tmpRegion); cl->pendingExtDesktopResize = TRUE; } if (FB_UPDATE_PENDING(cl) && (!cl->deferredUpdateScheduled || rfbDeferUpdateTime == 0 || gettime() - cl->deferredUpdateStart >= (double)rfbDeferUpdateTime)) { if (rfbSendFramebufferUpdate(cl)) cl->deferredUpdateScheduled = FALSE; } REGION_UNINIT(pScreen, &tmpRegion); return; } case rfbKeyEvent: cl->rfbKeyEventsRcvd++; READ(((char *)&msg) + 1, sz_rfbKeyEventMsg - 1) if (!rfbViewOnly && !cl->viewOnly) KeyEvent((KeySym)Swap32IfLE(msg.ke.key), msg.ke.down); return; case rfbPointerEvent: cl->rfbPointerEventsRcvd++; READ(((char *)&msg) + 1, sz_rfbPointerEventMsg - 1) if (pointerClient && (pointerClient != cl)) return; if (msg.pe.buttonMask == 0) pointerClient = NULL; else pointerClient = cl; if (!rfbViewOnly && !cl->viewOnly) { cl->cursorX = (int)Swap16IfLE(msg.pe.x); cl->cursorY = (int)Swap16IfLE(msg.pe.y); PtrAddEvent(msg.pe.buttonMask, cl->cursorX, cl->cursorY, cl); } return; case rfbClientCutText: { int ignoredBytes = 0; READ(((char *)&msg) + 1, sz_rfbClientCutTextMsg - 1) msg.cct.length = Swap32IfLE(msg.cct.length); if (msg.cct.length > rfbMaxClipboard) { rfbLog(""Truncating %d-byte clipboard update to %d bytes.\n"", msg.cct.length, rfbMaxClipboard); ignoredBytes = msg.cct.length - rfbMaxClipboard; msg.cct.length = rfbMaxClipboard; } if (msg.cct.length <= 0) return; str = (char *)malloc(msg.cct.length); if (str == NULL) { rfbLogPerror(""rfbProcessClientNormalMessage: rfbClientCutText out of memory""); rfbCloseClient(cl); return; } if ((n = ReadExact(cl, str, msg.cct.length)) <= 0) { if (n != 0) rfbLogPerror(""rfbProcessClientNormalMessage: read""); free(str); rfbCloseClient(cl); return; } if (ignoredBytes > 0) { if ((n = SkipExact(cl, ignoredBytes)) <= 0) { if (n != 0) rfbLogPerror(""rfbProcessClientNormalMessage: read""); free(str); rfbCloseClient(cl); return; } } if (!rfbViewOnly && !cl->viewOnly && !rfbAuthDisableCBRecv) { vncClientCutText(str, msg.cct.length); if (rfbSyncCutBuffer) rfbSetXCutText(str, msg.cct.length); } free(str); return; } case rfbEnableContinuousUpdates: { BoxRec box; READ(((char *)&msg) + 1, sz_rfbEnableContinuousUpdatesMsg - 1) if (!cl->enableFence || !cl->enableCU) { rfbLog(""Ignoring request to enable continuous updates because the client does not\n""); rfbLog(""support the flow control extensions.\n""); return; } box.x1 = Swap16IfLE(msg.ecu.x); box.y1 = Swap16IfLE(msg.ecu.y); box.x2 = box.x1 + Swap16IfLE(msg.ecu.w); box.y2 = box.y1 + Swap16IfLE(msg.ecu.h); SAFE_REGION_INIT(pScreen, &cl->cuRegion, &box, 0); cl->continuousUpdates = msg.ecu.enable; if (cl->continuousUpdates) { REGION_EMPTY(pScreen, &cl->requestedRegion); if (!rfbSendFramebufferUpdate(cl)) return; } else { if (!rfbSendEndOfCU(cl)) return; } rfbLog(""Continuous updates %s\n"", cl->continuousUpdates ? ""enabled"" : ""disabled""); return; } case rfbFence: { CARD32 flags; char data[64]; READ(((char *)&msg) + 1, sz_rfbFenceMsg - 1) flags = Swap32IfLE(msg.f.flags); READ(data, msg.f.length) if (msg.f.length > sizeof(data)) rfbLog(""Ignoring fence. Payload of %d bytes is too large.\n"", msg.f.length); else HandleFence(cl, flags, msg.f.length, data); return; } #define EDSERROR(format, args...) { \ if (!strlen(errMsg)) \ snprintf(errMsg, 256, ""Desktop resize ERROR: ""format""\n"", args); \ result = rfbEDSResultInvalid; \ } case rfbSetDesktopSize: { int i; struct xorg_list newScreens; rfbClientPtr cl2; int result = rfbEDSResultSuccess; char errMsg[256] = ""\0""; ScreenPtr pScreen = screenInfo.screens[0]; READ(((char *)&msg) + 1, sz_rfbSetDesktopSizeMsg - 1) if (msg.sds.numScreens < 1) EDSERROR(""Requested number of screens %d is invalid"", msg.sds.numScreens); msg.sds.w = Swap16IfLE(msg.sds.w); msg.sds.h = Swap16IfLE(msg.sds.h); if (msg.sds.w < 1 || msg.sds.h < 1) EDSERROR(""Requested framebuffer dimensions %dx%d are invalid"", msg.sds.w, msg.sds.h); xorg_list_init(&newScreens); for (i = 0; i < msg.sds.numScreens; i++) { rfbScreenInfo *screen = rfbNewScreen(0, 0, 0, 0, 0, 0); READ((char *)&screen->s, sizeof(rfbScreenDesc)) screen->s.id = Swap32IfLE(screen->s.id); screen->s.x = Swap16IfLE(screen->s.x); screen->s.y = Swap16IfLE(screen->s.y); screen->s.w = Swap16IfLE(screen->s.w); screen->s.h = Swap16IfLE(screen->s.h); screen->s.flags = Swap32IfLE(screen->s.flags); if (screen->s.w < 1 || screen->s.h < 1) EDSERROR(""Screen 0x%.8x requested dimensions %dx%d are invalid"", (unsigned int)screen->s.id, screen->s.w, screen->s.h); if (screen->s.x >= msg.sds.w || screen->s.y >= msg.sds.h || screen->s.x + screen->s.w > msg.sds.w || screen->s.y + screen->s.h > msg.sds.h) EDSERROR(""Screen 0x%.8x requested geometry %dx%d+%d+%d exceeds requested framebuffer dimensions"", (unsigned int)screen->s.id, screen->s.w, screen->s.h, screen->s.x, screen->s.y); if (rfbFindScreenID(&newScreens, screen->s.id)) { EDSERROR(""Screen 0x%.8x duplicate ID"", (unsigned int)screen->s.id); free(screen); } else rfbAddScreen(&newScreens, screen); } if (cl->viewOnly) { rfbLog(""NOTICE: Ignoring remote desktop resize request from a view-only client.\n""); result = rfbEDSResultProhibited; } else if (result == rfbEDSResultSuccess) { result = ResizeDesktop(pScreen, cl, msg.sds.w, msg.sds.h, &newScreens); if (result == rfbEDSResultSuccess) return; } else rfbLog(errMsg); rfbRemoveScreens(&newScreens); for (cl2 = rfbClientHead; cl2; cl2 = cl2->next) { if (cl2 == cl) { cl2->pendingExtDesktopResize = TRUE; cl2->reason = rfbEDSReasonClient; cl2->result = result; rfbSendFramebufferUpdate(cl2); break; } } return; } case rfbGIIClient: { CARD8 endianAndSubType, littleEndian, subType; READ((char *)&endianAndSubType, 1); littleEndian = (endianAndSubType & rfbGIIBE) ? 0 : 1; subType = endianAndSubType & ~rfbGIIBE; switch (subType) { case rfbGIIVersion: READ((char *)&msg.giicv.length, sz_rfbGIIClientVersionMsg - 2); if (littleEndian != *(const char *)&rfbEndianTest) { msg.giicv.length = Swap16(msg.giicv.length); msg.giicv.version = Swap16(msg.giicv.version); } if (msg.giicv.length != sz_rfbGIIClientVersionMsg - 4 || msg.giicv.version < 1) { rfbLog(""ERROR: Malformed GII client version message\n""); rfbCloseClient(cl); return; } rfbLog(""Client supports GII version %d\n"", msg.giicv.version); break; case rfbGIIDeviceCreate: { int i; rfbDevInfo dev; rfbGIIDeviceCreatedMsg dcmsg; memset(&dev, 0, sizeof(dev)); dcmsg.deviceOrigin = 0; READ((char *)&msg.giidc.length, sz_rfbGIIDeviceCreateMsg - 2); if (littleEndian != *(const char *)&rfbEndianTest) { msg.giidc.length = Swap16(msg.giidc.length); msg.giidc.vendorID = Swap32(msg.giidc.vendorID); msg.giidc.productID = Swap32(msg.giidc.productID); msg.giidc.canGenerate = Swap32(msg.giidc.canGenerate); msg.giidc.numRegisters = Swap32(msg.giidc.numRegisters); msg.giidc.numValuators = Swap32(msg.giidc.numValuators); msg.giidc.numButtons = Swap32(msg.giidc.numButtons); } rfbLog(""GII Device Create: %s\n"", msg.giidc.deviceName); #ifdef GII_DEBUG rfbLog("" Vendor ID: %d\n"", msg.giidc.vendorID); rfbLog("" Product ID: %d\n"", msg.giidc.productID); rfbLog("" Event mask: %.8x\n"", msg.giidc.canGenerate); rfbLog("" Registers: %d\n"", msg.giidc.numRegisters); rfbLog("" Valuators: %d\n"", msg.giidc.numValuators); rfbLog("" Buttons: %d\n"", msg.giidc.numButtons); #endif if (msg.giidc.length != sz_rfbGIIDeviceCreateMsg - 4 + msg.giidc.numValuators * sz_rfbGIIValuator) { rfbLog(""ERROR: Malformed GII device create message\n""); rfbCloseClient(cl); return; } if (msg.giidc.numButtons > MAX_BUTTONS) { rfbLog(""GII device create ERROR: %d buttons exceeds max of %d\n"", msg.giidc.numButtons, MAX_BUTTONS); SKIP(msg.giidc.numValuators * sz_rfbGIIValuator); goto sendMessage; } if (msg.giidc.numValuators > MAX_VALUATORS) { rfbLog(""GII device create ERROR: %d valuators exceeds max of %d\n"", msg.giidc.numValuators, MAX_VALUATORS); SKIP(msg.giidc.numValuators * sz_rfbGIIValuator); goto sendMessage; } memcpy(&dev.name, msg.giidc.deviceName, 32); dev.numButtons = msg.giidc.numButtons; dev.numValuators = msg.giidc.numValuators; dev.eventMask = msg.giidc.canGenerate; dev.mode = (dev.eventMask & rfbGIIValuatorAbsoluteMask) ? Absolute : Relative; dev.productID = msg.giidc.productID; if (dev.mode == Relative) { rfbLog(""GII device create ERROR: relative valuators not supported (yet)\n""); SKIP(msg.giidc.numValuators * sz_rfbGIIValuator); goto sendMessage; } for (i = 0; i < dev.numValuators; i++) { rfbGIIValuator *v = &dev.valuators[i]; READ((char *)v, sz_rfbGIIValuator); if (littleEndian != *(const char *)&rfbEndianTest) { v->index = Swap32(v->index); v->rangeMin = Swap32((CARD32)v->rangeMin); v->rangeCenter = Swap32((CARD32)v->rangeCenter); v->rangeMax = Swap32((CARD32)v->rangeMax); v->siUnit = Swap32(v->siUnit); v->siAdd = Swap32((CARD32)v->siAdd); v->siMul = Swap32((CARD32)v->siMul); v->siDiv = Swap32((CARD32)v->siDiv); v->siShift = Swap32((CARD32)v->siShift); } #ifdef GII_DEBUG rfbLog("" Valuator: %s (%s)\n"", v->longName, v->shortName); rfbLog("" Index: %d\n"", v->index); rfbLog("" Range: min = %d, center = %d, max = %d\n"", v->rangeMin, v->rangeCenter, v->rangeMax); rfbLog("" SI unit: %d\n"", v->siUnit); rfbLog("" SI add: %d\n"", v->siAdd); rfbLog("" SI multiply: %d\n"", v->siMul); rfbLog("" SI divide: %d\n"", v->siDiv); rfbLog("" SI shift: %d\n"", v->siShift); #endif } for (i = 0; i < cl->numDevices; i++) { if (!strcmp(dev.name, cl->devices[i].name)) { rfbLog(""Device \'%s\' already exists with GII device ID %d\n"", dev.name, i + 1); dcmsg.deviceOrigin = Swap32IfLE(i + 1); goto sendMessage; } } if (rfbVirtualTablet || AddExtInputDevice(&dev)) { memcpy(&cl->devices[cl->numDevices], &dev, sizeof(dev)); cl->numDevices++; dcmsg.deviceOrigin = Swap32IfLE(cl->numDevices); } rfbLog(""GII device ID = %d\n"", cl->numDevices); sendMessage: dcmsg.type = rfbGIIServer; dcmsg.endianAndSubType = rfbGIIDeviceCreate | rfbGIIBE; dcmsg.length = Swap16IfLE(sz_rfbGIIDeviceCreatedMsg - 4); if (WriteExact(cl, (char *)&dcmsg, sz_rfbGIIDeviceCreatedMsg) < 0) { rfbLogPerror(""rfbProcessClientNormalMessage: write""); rfbCloseClient(cl); return; } break; } case rfbGIIDeviceDestroy: READ((char *)&msg.giidd.length, sz_rfbGIIDeviceDestroyMsg - 2); if (littleEndian != *(const char *)&rfbEndianTest) { msg.giidd.length = Swap16(msg.giidd.length); msg.giidd.deviceOrigin = Swap32(msg.giidd.deviceOrigin); } if (msg.giidd.length != sz_rfbGIIDeviceDestroyMsg - 4) { rfbLog(""ERROR: Malformed GII device create message\n""); rfbCloseClient(cl); return; } RemoveExtInputDevice(cl, msg.giidd.deviceOrigin - 1); break; case rfbGIIEvent: { CARD16 length; READ((char *)&length, sizeof(CARD16)); if (littleEndian != *(const char *)&rfbEndianTest) length = Swap16(length); while (length > 0) { CARD8 eventSize, eventType; READ((char *)&eventSize, 1); READ((char *)&eventType, 1); switch (eventType) { case rfbGIIButtonPress: case rfbGIIButtonRelease: { rfbGIIButtonEvent b; rfbDevInfo *dev; READ((char *)&b.pad, sz_rfbGIIButtonEvent - 2); if (littleEndian != *(const char *)&rfbEndianTest) { b.deviceOrigin = Swap32(b.deviceOrigin); b.buttonNumber = Swap32(b.buttonNumber); } if (eventSize != sz_rfbGIIButtonEvent || b.deviceOrigin <= 0 || b.buttonNumber < 1) { rfbLog(""ERROR: Malformed GII button event\n""); rfbCloseClient(cl); return; } if (eventSize > length) { rfbLog(""ERROR: Malformed GII event message\n""); rfbCloseClient(cl); return; } length -= eventSize; if (b.deviceOrigin < 1 || b.deviceOrigin > cl->numDevices) { rfbLog(""ERROR: GII button event from non-existent device %d\n"", b.deviceOrigin); rfbCloseClient(cl); return; } dev = &cl->devices[b.deviceOrigin - 1]; if ((eventType == rfbGIIButtonPress && (dev->eventMask & rfbGIIButtonPressMask) == 0) || (eventType == rfbGIIButtonRelease && (dev->eventMask & rfbGIIButtonReleaseMask) == 0)) { rfbLog(""ERROR: Device %d can't generate GII button events\n"", b.deviceOrigin); rfbCloseClient(cl); return; } if (b.buttonNumber > dev->numButtons) { rfbLog(""ERROR: GII button %d event for device %d exceeds button count (%d)\n"", b.buttonNumber, b.deviceOrigin, dev->numButtons); rfbCloseClient(cl); return; } #ifdef GII_DEBUG rfbLog(""Device %d button %d %s\n"", b.deviceOrigin, b.buttonNumber, eventType == rfbGIIButtonPress ? ""PRESS"" : ""release""); fflush(stderr); #endif ExtInputAddEvent(dev, eventType == rfbGIIButtonPress ? ButtonPress : ButtonRelease, b.buttonNumber); break; } case rfbGIIValuatorRelative: case rfbGIIValuatorAbsolute: { rfbGIIValuatorEvent v; int i; rfbDevInfo *dev; READ((char *)&v.pad, sz_rfbGIIValuatorEvent - 2); if (littleEndian != *(const char *)&rfbEndianTest) { v.deviceOrigin = Swap32(v.deviceOrigin); v.first = Swap32(v.first); v.count = Swap32(v.count); } if (eventSize != sz_rfbGIIValuatorEvent + sizeof(int) * v.count) { rfbLog(""ERROR: Malformed GII valuator event\n""); rfbCloseClient(cl); return; } if (eventSize > length) { rfbLog(""ERROR: Malformed GII event message\n""); rfbCloseClient(cl); return; } length -= eventSize; if (v.deviceOrigin < 1 || v.deviceOrigin > cl->numDevices) { rfbLog(""ERROR: GII valuator event from non-existent device %d\n"", v.deviceOrigin); rfbCloseClient(cl); return; } dev = &cl->devices[v.deviceOrigin - 1]; if ((eventType == rfbGIIValuatorRelative && (dev->eventMask & rfbGIIValuatorRelativeMask) == 0) || (eventType == rfbGIIValuatorAbsolute && (dev->eventMask & rfbGIIValuatorAbsoluteMask) == 0)) { rfbLog(""ERROR: Device %d cannot generate GII valuator events\n"", v.deviceOrigin); rfbCloseClient(cl); return; } if (v.first + v.count > dev->numValuators) { rfbLog(""ERROR: GII valuator event for device %d exceeds valuator count (%d)\n"", v.deviceOrigin, dev->numValuators); rfbCloseClient(cl); return; } #ifdef GII_DEBUG rfbLog(""Device %d Valuator %s first=%d count=%d:\n"", v.deviceOrigin, eventType == rfbGIIValuatorRelative ? ""rel"" : ""ABS"", v.first, v.count); #endif for (i = v.first; i < v.first + v.count; i++) { READ((char *)&dev->values[i], sizeof(int)); if (littleEndian != *(const char *)&rfbEndianTest) dev->values[i] = Swap32((CARD32)dev->values[i]); #ifdef GII_DEBUG fprintf(stderr, ""v[%d]=%d "", i, dev->values[i]); #endif } #ifdef GII_DEBUG fprintf(stderr, ""\n""); #endif if (v.count > 0) { dev->valFirst = v.first; dev->valCount = v.count; dev->mode = eventType == rfbGIIValuatorAbsolute ? Absolute : Relative; ExtInputAddEvent(dev, MotionNotify, 0); } break; } default: rfbLog(""ERROR: This server cannot handle GII event type %d\n"", eventType); rfbCloseClient(cl); return; } } if (length != 0) { rfbLog(""ERROR: Malformed GII event message\n""); rfbCloseClient(cl); return; } break; } } return; } default: rfbLog(""rfbProcessClientNormalMessage: unknown message type %d\n"", msg.type); rfbLog("" ... closing connection\n""); rfbCloseClient(cl); return; } }",visit repo url,unix/Xvnc/programs/Xserver/hw/vnc/rfbserver.c,https://github.com/TurboVNC/turbovnc,111234055986139,1 3480,CWE-295,"static MYSQL *db_connect(char *host, char *database, char *user, char *passwd) { MYSQL *mysql; if (verbose) fprintf(stdout, ""Connecting to %s\n"", host ? host : ""localhost""); if (!(mysql= mysql_init(NULL))) return 0; if (opt_compress) mysql_options(mysql,MYSQL_OPT_COMPRESS,NullS); if (opt_local_file) mysql_options(mysql,MYSQL_OPT_LOCAL_INFILE, (char*) &opt_local_file); #ifdef HAVE_OPENSSL if (opt_use_ssl) { mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } mysql_options(mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (char*)&opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); if (opt_bind_addr) mysql_options(mysql,MYSQL_OPT_BIND,opt_bind_addr); #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) if (shared_memory_base_name) mysql_options(mysql,MYSQL_SHARED_MEMORY_BASE_NAME,shared_memory_base_name); #endif if (opt_plugin_dir && *opt_plugin_dir) mysql_options(mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir); if (opt_default_auth && *opt_default_auth) mysql_options(mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset); mysql_options(mysql, MYSQL_OPT_CONNECT_ATTR_RESET, 0); mysql_options4(mysql, MYSQL_OPT_CONNECT_ATTR_ADD, ""program_name"", ""mysqlimport""); if (!(mysql_real_connect(mysql,host,user,passwd, database,opt_mysql_port,opt_mysql_unix_port, 0))) { ignore_errors=0; db_error(mysql); } mysql->reconnect= 0; if (verbose) fprintf(stdout, ""Selecting database %s\n"", database); if (mysql_select_db(mysql, database)) { ignore_errors=0; db_error(mysql); } return mysql; }",visit repo url,client/mysqlimport.c,https://github.com/mysql/mysql-server,214895394764707,1 2151,CWE-476,"static noinline struct btrfs_device *device_list_add(const char *path, struct btrfs_super_block *disk_super, bool *new_device_added) { struct btrfs_device *device; struct btrfs_fs_devices *fs_devices = NULL; struct rcu_string *name; u64 found_transid = btrfs_super_generation(disk_super); u64 devid = btrfs_stack_device_id(&disk_super->dev_item); bool has_metadata_uuid = (btrfs_super_incompat_flags(disk_super) & BTRFS_FEATURE_INCOMPAT_METADATA_UUID); bool fsid_change_in_progress = (btrfs_super_flags(disk_super) & BTRFS_SUPER_FLAG_CHANGING_FSID_V2); if (fsid_change_in_progress) { if (!has_metadata_uuid) { fs_devices = find_fsid_inprogress(disk_super); if (!fs_devices) fs_devices = find_fsid(disk_super->fsid, NULL); } else { fs_devices = find_fsid_changed(disk_super); } } else if (has_metadata_uuid) { fs_devices = find_fsid(disk_super->fsid, disk_super->metadata_uuid); } else { fs_devices = find_fsid(disk_super->fsid, NULL); } if (!fs_devices) { if (has_metadata_uuid) fs_devices = alloc_fs_devices(disk_super->fsid, disk_super->metadata_uuid); else fs_devices = alloc_fs_devices(disk_super->fsid, NULL); if (IS_ERR(fs_devices)) return ERR_CAST(fs_devices); fs_devices->fsid_change = fsid_change_in_progress; mutex_lock(&fs_devices->device_list_mutex); list_add(&fs_devices->fs_list, &fs_uuids); device = NULL; } else { mutex_lock(&fs_devices->device_list_mutex); device = find_device(fs_devices, devid, disk_super->dev_item.uuid); if (has_metadata_uuid && fs_devices->fsid_change && found_transid > fs_devices->latest_generation) { memcpy(fs_devices->fsid, disk_super->fsid, BTRFS_FSID_SIZE); memcpy(fs_devices->metadata_uuid, disk_super->metadata_uuid, BTRFS_FSID_SIZE); fs_devices->fsid_change = false; } } if (!device) { if (fs_devices->opened) { mutex_unlock(&fs_devices->device_list_mutex); return ERR_PTR(-EBUSY); } device = btrfs_alloc_device(NULL, &devid, disk_super->dev_item.uuid); if (IS_ERR(device)) { mutex_unlock(&fs_devices->device_list_mutex); return device; } name = rcu_string_strdup(path, GFP_NOFS); if (!name) { btrfs_free_device(device); mutex_unlock(&fs_devices->device_list_mutex); return ERR_PTR(-ENOMEM); } rcu_assign_pointer(device->name, name); list_add_rcu(&device->dev_list, &fs_devices->devices); fs_devices->num_devices++; device->fs_devices = fs_devices; *new_device_added = true; if (disk_super->label[0]) pr_info(""BTRFS: device label %s devid %llu transid %llu %s\n"", disk_super->label, devid, found_transid, path); else pr_info(""BTRFS: device fsid %pU devid %llu transid %llu %s\n"", disk_super->fsid, devid, found_transid, path); } else if (!device->name || strcmp(device->name->str, path)) { if (!fs_devices->opened && found_transid < device->generation) { mutex_unlock(&fs_devices->device_list_mutex); return ERR_PTR(-EEXIST); } if (device->bdev) { struct block_device *path_bdev; path_bdev = lookup_bdev(path); if (IS_ERR(path_bdev)) { mutex_unlock(&fs_devices->device_list_mutex); return ERR_CAST(path_bdev); } if (device->bdev != path_bdev) { bdput(path_bdev); mutex_unlock(&fs_devices->device_list_mutex); btrfs_warn_in_rcu(device->fs_info, ""duplicate device fsid:devid for %pU:%llu old:%s new:%s"", disk_super->fsid, devid, rcu_str_deref(device->name), path); return ERR_PTR(-EEXIST); } bdput(path_bdev); btrfs_info_in_rcu(device->fs_info, ""device fsid %pU devid %llu moved old:%s new:%s"", disk_super->fsid, devid, rcu_str_deref(device->name), path); } name = rcu_string_strdup(path, GFP_NOFS); if (!name) { mutex_unlock(&fs_devices->device_list_mutex); return ERR_PTR(-ENOMEM); } rcu_string_free(device->name); rcu_assign_pointer(device->name, name); if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) { fs_devices->missing_devices--; clear_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state); } } if (!fs_devices->opened) { device->generation = found_transid; fs_devices->latest_generation = max_t(u64, found_transid, fs_devices->latest_generation); } fs_devices->total_devices = btrfs_super_num_devices(disk_super); mutex_unlock(&fs_devices->device_list_mutex); return device; }",visit repo url,fs/btrfs/volumes.c,https://github.com/torvalds/linux,58774381016967,1 4276,['CWE-264'],"void __init fork_init(unsigned long mempages) { #ifndef __HAVE_ARCH_TASK_STRUCT_ALLOCATOR #ifndef ARCH_MIN_TASKALIGN #define ARCH_MIN_TASKALIGN L1_CACHE_BYTES #endif task_struct_cachep = kmem_cache_create(""task_struct"", sizeof(struct task_struct), ARCH_MIN_TASKALIGN, SLAB_PANIC, NULL); #endif arch_task_cache_init(); max_threads = mempages / (8 * THREAD_SIZE / PAGE_SIZE); if(max_threads < 20) max_threads = 20; init_task.signal->rlim[RLIMIT_NPROC].rlim_cur = max_threads/2; init_task.signal->rlim[RLIMIT_NPROC].rlim_max = max_threads/2; init_task.signal->rlim[RLIMIT_SIGPENDING] = init_task.signal->rlim[RLIMIT_NPROC]; }",linux-2.6,,,88749989008141939423260179573488053765,0 1515,CWE-284,"static void umount_tree(struct mount *mnt, enum umount_tree_flags how) { LIST_HEAD(tmp_list); struct mount *p; if (how & UMOUNT_PROPAGATE) propagate_mount_unlock(mnt); for (p = mnt; p; p = next_mnt(p, mnt)) { p->mnt.mnt_flags |= MNT_UMOUNT; list_move(&p->mnt_list, &tmp_list); } list_for_each_entry(p, &tmp_list, mnt_list) { list_del_init(&p->mnt_child); } if (how & UMOUNT_PROPAGATE) propagate_umount(&tmp_list); while (!list_empty(&tmp_list)) { p = list_first_entry(&tmp_list, struct mount, mnt_list); list_del_init(&p->mnt_expire); list_del_init(&p->mnt_list); __touch_mnt_namespace(p->mnt_ns); p->mnt_ns = NULL; if (how & UMOUNT_SYNC) p->mnt.mnt_flags |= MNT_SYNC_UMOUNT; pin_insert_group(&p->mnt_umount, &p->mnt_parent->mnt, &unmounted); if (mnt_has_parent(p)) { mnt_add_count(p->mnt_parent, -1); umount_mnt(p); } change_mnt_propagation(p, MS_PRIVATE); } }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,163732414262762,1 419,CWE-476,"static void i8042_stop(struct serio *serio) { struct i8042_port *port = serio->port_data; port->exists = false; synchronize_irq(I8042_AUX_IRQ); synchronize_irq(I8042_KBD_IRQ); port->serio = NULL; }",visit repo url,drivers/input/serio/i8042.c,https://github.com/torvalds/linux,83957264698408,1 2960,CWE-20,"static void ikev2_parent_inI2outR2_continue(struct pluto_crypto_req_cont *pcrc, struct pluto_crypto_req *r, err_t ugh) { struct dh_continuation *dh = (struct dh_continuation *)pcrc; struct msg_digest *md = dh->md; struct state *const st = md->st; stf_status e; DBG(DBG_CONTROLMORE, DBG_log(""ikev2 parent inI2outR2: calculating g^{xy}, sending R2"")); if (st == NULL) { loglog(RC_LOG_SERIOUS, ""%s: Request was disconnected from state"", __FUNCTION__); if (dh->md) release_md(dh->md); return; } passert(ugh == NULL); passert(cur_state == NULL); passert(st != NULL); passert(st->st_suspended_md == dh->md); set_suspended(st, NULL); set_cur_state(st); st->st_calculating = FALSE; e = ikev2_parent_inI2outR2_tail(pcrc, r); if ( e > STF_FAIL) { int v2_notify_num = e - STF_FAIL; DBG_log( ""ikev2_parent_inI2outR2_tail returned STF_FAIL with %s"", enum_name(&ikev2_notify_names, v2_notify_num)); } else if ( e != STF_OK) { DBG_log(""ikev2_parent_inI2outR2_tail returned %s"", enum_name(&stfstatus_name, e)); } if (dh->md != NULL) { complete_v2_state_transition(&dh->md, e); if (dh->md) release_md(dh->md); } reset_globals(); passert(GLOBALS_ARE_RESET()); }",visit repo url,programs/pluto/ikev2_parent.c,https://github.com/libreswan/libreswan,112767117926677,1 1406,CWE-310,"static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_blkcipher rblkcipher; snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""blkcipher""); snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", alg->cra_blkcipher.geniv ?: """"); rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; rblkcipher.max_keysize = alg->cra_blkcipher.max_keysize; rblkcipher.ivsize = alg->cra_blkcipher.ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, sizeof(struct crypto_report_blkcipher), &rblkcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/blkcipher.c,https://github.com/torvalds/linux,113758900849201,1 3472,['CWE-20'],"sctp_disposition_t sctp_sf_shutdown_ack_sent_abort( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { return sctp_sf_shutdown_sent_abort(ep, asoc, type, arg, commands); }",linux-2.6,,,29471396895761318336421984896153660943,0 740,['CWE-119'],"isdn_net_ciscohdlck_slarp_send_request(isdn_net_local *lp) { struct sk_buff *skb; unsigned char *p; skb = isdn_net_ciscohdlck_alloc_skb(lp, 4 + 14); if (!skb) return; p = skb_put(skb, 4 + 14); p += put_u8 (p, CISCO_ADDR_UNICAST); p += put_u8 (p, CISCO_CTRL); p += put_u16(p, CISCO_TYPE_SLARP); p += put_u32(p, CISCO_SLARP_REQUEST); p += put_u32(p, 0); p += put_u32(p, 0); p += put_u16(p, 0); isdn_net_write_super(lp, skb); }",linux-2.6,,,165930313472570868639361871893713161095,0 1051,CWE-119,"static int netlbl_cipsov4_add_common(struct genl_info *info, struct cipso_v4_doi *doi_def) { struct nlattr *nla; int nla_rem; u32 iter = 0; doi_def->doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_TAGLST], NLBL_CIPSOV4_A_MAX, netlbl_cipsov4_genl_policy) != 0) return -EINVAL; nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem) if (nla->nla_type == NLBL_CIPSOV4_A_TAG) { if (iter > CIPSO_V4_TAG_MAXCNT) return -EINVAL; doi_def->tags[iter++] = nla_get_u8(nla); } if (iter < CIPSO_V4_TAG_MAXCNT) doi_def->tags[iter] = CIPSO_V4_TAG_INVALID; return 0; }",visit repo url,net/netlabel/netlabel_cipso_v4.c,https://github.com/torvalds/linux,193078336597941,1 6575,CWE-401,"destroyPresentationContextList(LST_HEAD ** l) { PRV_PRESENTATIONCONTEXTITEM * prvCtx; DUL_SUBITEM * subItem; if (*l == NULL) return; prvCtx = (PRV_PRESENTATIONCONTEXTITEM*)LST_Dequeue(l); while (prvCtx != NULL) { subItem = (DUL_SUBITEM*)LST_Dequeue(&prvCtx->transferSyntaxList); while (subItem != NULL) { free(subItem); subItem = (DUL_SUBITEM*)LST_Dequeue(&prvCtx->transferSyntaxList); } LST_Destroy(&prvCtx->transferSyntaxList); free(prvCtx); prvCtx = (PRV_PRESENTATIONCONTEXTITEM*)LST_Dequeue(l); } LST_Destroy(l); }",visit repo url,dcmnet/libsrc/dulfsm.cc,https://github.com/DCMTK/dcmtk,246343253915530,1 1344,['CWE-399'],"static struct ip_tunnel * ipip6_tunnel_lookup(struct net *net, __be32 remote, __be32 local) { unsigned h0 = HASH(remote); unsigned h1 = HASH(local); struct ip_tunnel *t; struct sit_net *sitn = net_generic(net, sit_net_id); for (t = sitn->tunnels_r_l[h0^h1]; t; t = t->next) { if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP)) return t; } for (t = sitn->tunnels_r[h0]; t; t = t->next) { if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP)) return t; } for (t = sitn->tunnels_l[h1]; t; t = t->next) { if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP)) return t; } if ((t = sitn->tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP)) return t; return NULL; }",linux-2.6,,,232886725155018532276843430003540670348,0 6444,CWE-20,"void httpClientParseQopParam(const HttpParam *param, HttpWwwAuthenticateHeader *authHeader) { #if (HTTP_CLIENT_DIGEST_AUTH_SUPPORT == ENABLED) size_t i; size_t n; authHeader->qop = HTTP_AUTH_QOP_NONE; for(i = 0; i < param->valueLen; i += (n + 1)) { for(n = 0; (i + n) < param->valueLen; n++) { if(strchr("", \t"", param->value[i + n])) break; } if(n == 4 && !osStrncasecmp(param->value + i, ""auth"", 4)) { authHeader->qop = HTTP_AUTH_QOP_AUTH; } } if(authHeader->qop == HTTP_AUTH_QOP_NONE) { authHeader->mode = HTTP_AUTH_MODE_NONE; } #endif }",visit repo url,http/http_client_auth.c,https://github.com/Oryx-Embedded/CycloneTCP,232928411185935,1 830,CWE-20,"int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { struct sock *sk = sock->sk; struct rds_sock *rs = rds_sk_to_rs(sk); long timeo; int ret = 0, nonblock = msg_flags & MSG_DONTWAIT; struct sockaddr_in *sin; struct rds_incoming *inc = NULL; timeo = sock_rcvtimeo(sk, nonblock); rdsdebug(""size %zu flags 0x%x timeo %ld\n"", size, msg_flags, timeo); msg->msg_namelen = 0; if (msg_flags & MSG_OOB) goto out; while (1) { if (!list_empty(&rs->rs_notify_queue)) { ret = rds_notify_queue_get(rs, msg); break; } if (rs->rs_cong_notify) { ret = rds_notify_cong(rs, msg); break; } if (!rds_next_incoming(rs, &inc)) { if (nonblock) { ret = -EAGAIN; break; } timeo = wait_event_interruptible_timeout(*sk_sleep(sk), (!list_empty(&rs->rs_notify_queue) || rs->rs_cong_notify || rds_next_incoming(rs, &inc)), timeo); rdsdebug(""recvmsg woke inc %p timeo %ld\n"", inc, timeo); if (timeo > 0 || timeo == MAX_SCHEDULE_TIMEOUT) continue; ret = timeo; if (ret == 0) ret = -ETIMEDOUT; break; } rdsdebug(""copying inc %p from %pI4:%u to user\n"", inc, &inc->i_conn->c_faddr, ntohs(inc->i_hdr.h_sport)); ret = inc->i_conn->c_trans->inc_copy_to_user(inc, msg->msg_iov, size); if (ret < 0) break; if (!rds_still_queued(rs, inc, !(msg_flags & MSG_PEEK))) { rds_inc_put(inc); inc = NULL; rds_stats_inc(s_recv_deliver_raced); continue; } if (ret < be32_to_cpu(inc->i_hdr.h_len)) { if (msg_flags & MSG_TRUNC) ret = be32_to_cpu(inc->i_hdr.h_len); msg->msg_flags |= MSG_TRUNC; } if (rds_cmsg_recv(inc, msg)) { ret = -EFAULT; goto out; } rds_stats_inc(s_recv_delivered); sin = (struct sockaddr_in *)msg->msg_name; if (sin) { sin->sin_family = AF_INET; sin->sin_port = inc->i_hdr.h_sport; sin->sin_addr.s_addr = inc->i_saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); msg->msg_namelen = sizeof(*sin); } break; } if (inc) rds_inc_put(inc); out: return ret; }",visit repo url,net/rds/recv.c,https://github.com/torvalds/linux,53010977236851,1 2677,CWE-190,"static int spl_filesystem_file_read_csv(spl_filesystem_object *intern, char delimiter, char enclosure, char escape, zval *return_value TSRMLS_DC) { int ret = SUCCESS; do { ret = spl_filesystem_file_read(intern, 1 TSRMLS_CC); } while (ret == SUCCESS && !intern->u.file.current_line_len && SPL_HAS_FLAG(intern->flags, SPL_FILE_OBJECT_SKIP_EMPTY)); if (ret == SUCCESS) { size_t buf_len = intern->u.file.current_line_len; char *buf = estrndup(intern->u.file.current_line, buf_len); if (intern->u.file.current_zval) { zval_ptr_dtor(&intern->u.file.current_zval); } ALLOC_INIT_ZVAL(intern->u.file.current_zval); php_fgetcsv(intern->u.file.stream, delimiter, enclosure, escape, buf_len, buf, intern->u.file.current_zval TSRMLS_CC); if (return_value) { if (Z_TYPE_P(return_value) != IS_NULL) { zval_dtor(return_value); ZVAL_NULL(return_value); } ZVAL_ZVAL(return_value, intern->u.file.current_zval, 1, 0); } } return ret; }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,17164779280463,1 217,CWE-119,"static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb, struct scsi_cmnd *cmd) { char *buffer; unsigned short use_sg; int retvalue = 0, transfer_len = 0; unsigned long flags; struct CMD_MESSAGE_FIELD *pcmdmessagefld; uint32_t controlcode = (uint32_t)cmd->cmnd[5] << 24 | (uint32_t)cmd->cmnd[6] << 16 | (uint32_t)cmd->cmnd[7] << 8 | (uint32_t)cmd->cmnd[8]; struct scatterlist *sg; use_sg = scsi_sg_count(cmd); sg = scsi_sglist(cmd); buffer = kmap_atomic(sg_page(sg)) + sg->offset; if (use_sg > 1) { retvalue = ARCMSR_MESSAGE_FAIL; goto message_out; } transfer_len += sg->length; if (transfer_len > sizeof(struct CMD_MESSAGE_FIELD)) { retvalue = ARCMSR_MESSAGE_FAIL; pr_info(""%s: ARCMSR_MESSAGE_FAIL!\n"", __func__); goto message_out; } pcmdmessagefld = (struct CMD_MESSAGE_FIELD *)buffer; switch (controlcode) { case ARCMSR_MESSAGE_READ_RQBUFFER: { unsigned char *ver_addr; uint8_t *ptmpQbuffer; uint32_t allxfer_len = 0; ver_addr = kmalloc(ARCMSR_API_DATA_BUFLEN, GFP_ATOMIC); if (!ver_addr) { retvalue = ARCMSR_MESSAGE_FAIL; pr_info(""%s: memory not enough!\n"", __func__); goto message_out; } ptmpQbuffer = ver_addr; spin_lock_irqsave(&acb->rqbuffer_lock, flags); if (acb->rqbuf_getIndex != acb->rqbuf_putIndex) { unsigned int tail = acb->rqbuf_getIndex; unsigned int head = acb->rqbuf_putIndex; unsigned int cnt_to_end = CIRC_CNT_TO_END(head, tail, ARCMSR_MAX_QBUFFER); allxfer_len = CIRC_CNT(head, tail, ARCMSR_MAX_QBUFFER); if (allxfer_len > ARCMSR_API_DATA_BUFLEN) allxfer_len = ARCMSR_API_DATA_BUFLEN; if (allxfer_len <= cnt_to_end) memcpy(ptmpQbuffer, acb->rqbuffer + tail, allxfer_len); else { memcpy(ptmpQbuffer, acb->rqbuffer + tail, cnt_to_end); memcpy(ptmpQbuffer + cnt_to_end, acb->rqbuffer, allxfer_len - cnt_to_end); } acb->rqbuf_getIndex = (acb->rqbuf_getIndex + allxfer_len) % ARCMSR_MAX_QBUFFER; } memcpy(pcmdmessagefld->messagedatabuffer, ver_addr, allxfer_len); if (acb->acb_flags & ACB_F_IOPDATA_OVERFLOW) { struct QBUFFER __iomem *prbuffer; acb->acb_flags &= ~ACB_F_IOPDATA_OVERFLOW; prbuffer = arcmsr_get_iop_rqbuffer(acb); if (arcmsr_Read_iop_rqbuffer_data(acb, prbuffer) == 0) acb->acb_flags |= ACB_F_IOPDATA_OVERFLOW; } spin_unlock_irqrestore(&acb->rqbuffer_lock, flags); kfree(ver_addr); pcmdmessagefld->cmdmessage.Length = allxfer_len; if (acb->fw_flag == FW_DEADLOCK) pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_BUS_HANG_ON; else pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_OK; break; } case ARCMSR_MESSAGE_WRITE_WQBUFFER: { unsigned char *ver_addr; int32_t user_len, cnt2end; uint8_t *pQbuffer, *ptmpuserbuffer; ver_addr = kmalloc(ARCMSR_API_DATA_BUFLEN, GFP_ATOMIC); if (!ver_addr) { retvalue = ARCMSR_MESSAGE_FAIL; goto message_out; } ptmpuserbuffer = ver_addr; user_len = pcmdmessagefld->cmdmessage.Length; memcpy(ptmpuserbuffer, pcmdmessagefld->messagedatabuffer, user_len); spin_lock_irqsave(&acb->wqbuffer_lock, flags); if (acb->wqbuf_putIndex != acb->wqbuf_getIndex) { struct SENSE_DATA *sensebuffer = (struct SENSE_DATA *)cmd->sense_buffer; arcmsr_write_ioctldata2iop(acb); sensebuffer->ErrorCode = SCSI_SENSE_CURRENT_ERRORS; sensebuffer->SenseKey = ILLEGAL_REQUEST; sensebuffer->AdditionalSenseLength = 0x0A; sensebuffer->AdditionalSenseCode = 0x20; sensebuffer->Valid = 1; retvalue = ARCMSR_MESSAGE_FAIL; } else { pQbuffer = &acb->wqbuffer[acb->wqbuf_putIndex]; cnt2end = ARCMSR_MAX_QBUFFER - acb->wqbuf_putIndex; if (user_len > cnt2end) { memcpy(pQbuffer, ptmpuserbuffer, cnt2end); ptmpuserbuffer += cnt2end; user_len -= cnt2end; acb->wqbuf_putIndex = 0; pQbuffer = acb->wqbuffer; } memcpy(pQbuffer, ptmpuserbuffer, user_len); acb->wqbuf_putIndex += user_len; acb->wqbuf_putIndex %= ARCMSR_MAX_QBUFFER; if (acb->acb_flags & ACB_F_MESSAGE_WQBUFFER_CLEARED) { acb->acb_flags &= ~ACB_F_MESSAGE_WQBUFFER_CLEARED; arcmsr_write_ioctldata2iop(acb); } } spin_unlock_irqrestore(&acb->wqbuffer_lock, flags); kfree(ver_addr); if (acb->fw_flag == FW_DEADLOCK) pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_BUS_HANG_ON; else pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_OK; break; } case ARCMSR_MESSAGE_CLEAR_RQBUFFER: { uint8_t *pQbuffer = acb->rqbuffer; arcmsr_clear_iop2drv_rqueue_buffer(acb); spin_lock_irqsave(&acb->rqbuffer_lock, flags); acb->acb_flags |= ACB_F_MESSAGE_RQBUFFER_CLEARED; acb->rqbuf_getIndex = 0; acb->rqbuf_putIndex = 0; memset(pQbuffer, 0, ARCMSR_MAX_QBUFFER); spin_unlock_irqrestore(&acb->rqbuffer_lock, flags); if (acb->fw_flag == FW_DEADLOCK) pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_BUS_HANG_ON; else pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_OK; break; } case ARCMSR_MESSAGE_CLEAR_WQBUFFER: { uint8_t *pQbuffer = acb->wqbuffer; spin_lock_irqsave(&acb->wqbuffer_lock, flags); acb->acb_flags |= (ACB_F_MESSAGE_WQBUFFER_CLEARED | ACB_F_MESSAGE_WQBUFFER_READED); acb->wqbuf_getIndex = 0; acb->wqbuf_putIndex = 0; memset(pQbuffer, 0, ARCMSR_MAX_QBUFFER); spin_unlock_irqrestore(&acb->wqbuffer_lock, flags); if (acb->fw_flag == FW_DEADLOCK) pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_BUS_HANG_ON; else pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_OK; break; } case ARCMSR_MESSAGE_CLEAR_ALLQBUFFER: { uint8_t *pQbuffer; arcmsr_clear_iop2drv_rqueue_buffer(acb); spin_lock_irqsave(&acb->rqbuffer_lock, flags); acb->acb_flags |= ACB_F_MESSAGE_RQBUFFER_CLEARED; acb->rqbuf_getIndex = 0; acb->rqbuf_putIndex = 0; pQbuffer = acb->rqbuffer; memset(pQbuffer, 0, sizeof(struct QBUFFER)); spin_unlock_irqrestore(&acb->rqbuffer_lock, flags); spin_lock_irqsave(&acb->wqbuffer_lock, flags); acb->acb_flags |= (ACB_F_MESSAGE_WQBUFFER_CLEARED | ACB_F_MESSAGE_WQBUFFER_READED); acb->wqbuf_getIndex = 0; acb->wqbuf_putIndex = 0; pQbuffer = acb->wqbuffer; memset(pQbuffer, 0, sizeof(struct QBUFFER)); spin_unlock_irqrestore(&acb->wqbuffer_lock, flags); if (acb->fw_flag == FW_DEADLOCK) pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_BUS_HANG_ON; else pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_OK; break; } case ARCMSR_MESSAGE_RETURN_CODE_3F: { if (acb->fw_flag == FW_DEADLOCK) pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_BUS_HANG_ON; else pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_3F; break; } case ARCMSR_MESSAGE_SAY_HELLO: { int8_t *hello_string = ""Hello! I am ARCMSR""; if (acb->fw_flag == FW_DEADLOCK) pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_BUS_HANG_ON; else pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_OK; memcpy(pcmdmessagefld->messagedatabuffer, hello_string, (int16_t)strlen(hello_string)); break; } case ARCMSR_MESSAGE_SAY_GOODBYE: { if (acb->fw_flag == FW_DEADLOCK) pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_BUS_HANG_ON; else pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_OK; arcmsr_iop_parking(acb); break; } case ARCMSR_MESSAGE_FLUSH_ADAPTER_CACHE: { if (acb->fw_flag == FW_DEADLOCK) pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_BUS_HANG_ON; else pcmdmessagefld->cmdmessage.ReturnCode = ARCMSR_MESSAGE_RETURNCODE_OK; arcmsr_flush_adapter_cache(acb); break; } default: retvalue = ARCMSR_MESSAGE_FAIL; pr_info(""%s: unknown controlcode!\n"", __func__); } message_out: if (use_sg) { struct scatterlist *sg = scsi_sglist(cmd); kunmap_atomic(buffer - sg->offset); } return retvalue; }",visit repo url,drivers/scsi/arcmsr/arcmsr_hba.c,https://github.com/torvalds/linux,226660199464457,1 6341,['CWE-200'],"int iw_handler_set_spy(struct net_device * dev, struct iw_request_info * info, union iwreq_data * wrqu, char * extra) { struct iw_spy_data * spydata = get_spydata(dev); struct sockaddr * address = (struct sockaddr *) extra; if(!dev->wireless_data) printk(KERN_DEBUG ""%s (WE) : Driver using old/buggy spy support, please fix driver !\n"", dev->name); if(!spydata) return -EOPNOTSUPP; spydata->spy_number = 0; wmb(); if(wrqu->data.length > 0) { int i; for(i = 0; i < wrqu->data.length; i++) memcpy(spydata->spy_address[i], address[i].sa_data, ETH_ALEN); memset(spydata->spy_stat, 0, sizeof(struct iw_quality) * IW_MAX_SPY); #ifdef WE_SPY_DEBUG printk(KERN_DEBUG ""iw_handler_set_spy() : offset %ld, spydata %p, num %d\n"", dev->wireless_handlers->spy_offset, spydata, wrqu->data.length); for (i = 0; i < wrqu->data.length; i++) printk(KERN_DEBUG ""%02X:%02X:%02X:%02X:%02X:%02X \n"", spydata->spy_address[i][0], spydata->spy_address[i][1], spydata->spy_address[i][2], spydata->spy_address[i][3], spydata->spy_address[i][4], spydata->spy_address[i][5]); #endif } wmb(); spydata->spy_number = wrqu->data.length; return 0; }",linux-2.6,,,249100142599190408034569054414692394010,0 6025,['CWE-200'],"static unsigned gen_handle(struct tcf_proto *tp, unsigned salt) { struct rsvp_head *data = tp->root; int i = 0xFFFF; while (i-- > 0) { u32 h; if ((data->hgenerator += 0x10000) == 0) data->hgenerator = 0x10000; h = data->hgenerator|salt; if (rsvp_get(tp, h) == 0) return h; } return 0; }",linux-2.6,,,170101137156179410984152383906607568518,0 283,NVD-CWE-noinfo,"int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type) { int error; if (type == ACL_TYPE_ACCESS) { error = posix_acl_equiv_mode(acl, &inode->i_mode); if (error < 0) return 0; if (error == 0) acl = NULL; } inode->i_ctime = current_time(inode); set_cached_acl(inode, type, acl); return 0; }",visit repo url,fs/posix_acl.c,https://github.com/torvalds/linux,107132823768979,1 134,CWE-843,"static int check_cond_jmp_op(struct bpf_verifier_env *env, struct bpf_insn *insn, int *insn_idx) { struct bpf_verifier_state *this_branch = env->cur_state; struct bpf_verifier_state *other_branch; struct bpf_reg_state *regs = this_branch->frame[this_branch->curframe]->regs; struct bpf_reg_state *dst_reg, *other_branch_regs, *src_reg = NULL; u8 opcode = BPF_OP(insn->code); bool is_jmp32; int pred = -1; int err; if (opcode == BPF_JA || opcode > BPF_JSLE) { verbose(env, ""invalid BPF_JMP/JMP32 opcode %x\n"", opcode); return -EINVAL; } if (BPF_SRC(insn->code) == BPF_X) { if (insn->imm != 0) { verbose(env, ""BPF_JMP/JMP32 uses reserved fields\n""); return -EINVAL; } err = check_reg_arg(env, insn->src_reg, SRC_OP); if (err) return err; if (is_pointer_value(env, insn->src_reg)) { verbose(env, ""R%d pointer comparison prohibited\n"", insn->src_reg); return -EACCES; } src_reg = ®s[insn->src_reg]; } else { if (insn->src_reg != BPF_REG_0) { verbose(env, ""BPF_JMP/JMP32 uses reserved fields\n""); return -EINVAL; } } err = check_reg_arg(env, insn->dst_reg, SRC_OP); if (err) return err; dst_reg = ®s[insn->dst_reg]; is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; if (BPF_SRC(insn->code) == BPF_K) { pred = is_branch_taken(dst_reg, insn->imm, opcode, is_jmp32); } else if (src_reg->type == SCALAR_VALUE && is_jmp32 && tnum_is_const(tnum_subreg(src_reg->var_off))) { pred = is_branch_taken(dst_reg, tnum_subreg(src_reg->var_off).value, opcode, is_jmp32); } else if (src_reg->type == SCALAR_VALUE && !is_jmp32 && tnum_is_const(src_reg->var_off)) { pred = is_branch_taken(dst_reg, src_reg->var_off.value, opcode, is_jmp32); } else if (reg_is_pkt_pointer_any(dst_reg) && reg_is_pkt_pointer_any(src_reg) && !is_jmp32) { pred = is_pkt_ptr_branch_taken(dst_reg, src_reg, opcode); } if (pred >= 0) { if (!__is_pointer_value(false, dst_reg)) err = mark_chain_precision(env, insn->dst_reg); if (BPF_SRC(insn->code) == BPF_X && !err && !__is_pointer_value(false, src_reg)) err = mark_chain_precision(env, insn->src_reg); if (err) return err; } if (pred == 1) { *insn_idx += insn->off; return 0; } else if (pred == 0) { return 0; } other_branch = push_stack(env, *insn_idx + insn->off + 1, *insn_idx, false); if (!other_branch) return -EFAULT; other_branch_regs = other_branch->frame[other_branch->curframe]->regs; if (BPF_SRC(insn->code) == BPF_X) { struct bpf_reg_state *src_reg = ®s[insn->src_reg]; if (dst_reg->type == SCALAR_VALUE && src_reg->type == SCALAR_VALUE) { if (tnum_is_const(src_reg->var_off) || (is_jmp32 && tnum_is_const(tnum_subreg(src_reg->var_off)))) reg_set_min_max(&other_branch_regs[insn->dst_reg], dst_reg, src_reg->var_off.value, tnum_subreg(src_reg->var_off).value, opcode, is_jmp32); else if (tnum_is_const(dst_reg->var_off) || (is_jmp32 && tnum_is_const(tnum_subreg(dst_reg->var_off)))) reg_set_min_max_inv(&other_branch_regs[insn->src_reg], src_reg, dst_reg->var_off.value, tnum_subreg(dst_reg->var_off).value, opcode, is_jmp32); else if (!is_jmp32 && (opcode == BPF_JEQ || opcode == BPF_JNE)) reg_combine_min_max(&other_branch_regs[insn->src_reg], &other_branch_regs[insn->dst_reg], src_reg, dst_reg, opcode); if (src_reg->id && !WARN_ON_ONCE(src_reg->id != other_branch_regs[insn->src_reg].id)) { find_equal_scalars(this_branch, src_reg); find_equal_scalars(other_branch, &other_branch_regs[insn->src_reg]); } } } else if (dst_reg->type == SCALAR_VALUE) { reg_set_min_max(&other_branch_regs[insn->dst_reg], dst_reg, insn->imm, (u32)insn->imm, opcode, is_jmp32); } if (dst_reg->type == SCALAR_VALUE && dst_reg->id && !WARN_ON_ONCE(dst_reg->id != other_branch_regs[insn->dst_reg].id)) { find_equal_scalars(this_branch, dst_reg); find_equal_scalars(other_branch, &other_branch_regs[insn->dst_reg]); } if (!is_jmp32 && BPF_SRC(insn->code) == BPF_K && insn->imm == 0 && (opcode == BPF_JEQ || opcode == BPF_JNE) && reg_type_may_be_null(dst_reg->type)) { mark_ptr_or_null_regs(this_branch, insn->dst_reg, opcode == BPF_JNE); mark_ptr_or_null_regs(other_branch, insn->dst_reg, opcode == BPF_JEQ); } else if (!try_match_pkt_pointers(insn, dst_reg, ®s[insn->src_reg], this_branch, other_branch) && is_pointer_value(env, insn->dst_reg)) { verbose(env, ""R%d pointer comparison prohibited\n"", insn->dst_reg); return -EACCES; } if (env->log.level & BPF_LOG_LEVEL) print_verifier_state(env, this_branch->frame[this_branch->curframe]); return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,105393026451105,1 3642,['CWE-287'],"void sctp_assoc_set_primary(struct sctp_association *asoc, struct sctp_transport *transport) { int changeover = 0; if (asoc->peer.primary_path != NULL && asoc->peer.primary_path != transport) changeover = 1 ; asoc->peer.primary_path = transport; memcpy(&asoc->peer.primary_addr, &transport->ipaddr, sizeof(union sctp_addr)); if ((transport->state == SCTP_ACTIVE) || (transport->state == SCTP_UNKNOWN)) asoc->peer.active_path = transport; if (transport->cacc.changeover_active) transport->cacc.cycling_changeover = changeover; transport->cacc.changeover_active = changeover; transport->cacc.next_tsn_at_change = asoc->next_tsn; }",linux-2.6,,,13957312873839815321727492047190176885,0 2210,NVD-CWE-noinfo,"static void __update_open_stateid(struct nfs4_state *state, nfs4_stateid *open_stateid, const nfs4_stateid *deleg_stateid, int open_flags) { write_seqlock(&state->seqlock); if (deleg_stateid != NULL) { memcpy(state->stateid.data, deleg_stateid->data, sizeof(state->stateid.data)); set_bit(NFS_DELEGATED_STATE, &state->flags); } if (open_stateid != NULL) nfs_set_open_stateid_locked(state, open_stateid, open_flags); write_sequnlock(&state->seqlock); spin_lock(&state->owner->so_lock); update_open_stateflags(state, open_flags); spin_unlock(&state->owner->so_lock); }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,131350221122147,1 4404,['CWE-264'],"static inline void release_proto_idx(struct proto *prot) { }",linux-2.6,,,65360246658114882445293218879137663852,0 1351,CWE-200,"static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn, struct xfrm_replay_state_esn **preplay_esn, struct nlattr *rta) { struct xfrm_replay_state_esn *p, *pp, *up; if (!rta) return 0; up = nla_data(rta); p = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); if (!p) return -ENOMEM; pp = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); if (!pp) { kfree(p); return -ENOMEM; } *replay_esn = p; *preplay_esn = pp; return 0; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/torvalds/linux,105765969794232,1 4707,['CWE-20'],"static int ext4dev_get_sb(struct file_system_type *fs_type, int flags, const char *dev_name, void *data, struct vfsmount *mnt) { printk(KERN_WARNING ""EXT4-fs: Update your userspace programs "" ""to mount using ext4\n""); printk(KERN_WARNING ""EXT4-fs: ext4dev backwards compatibility "" ""will go away by 2.6.31\n""); return get_sb_bdev(fs_type, flags, dev_name, data, ext4_fill_super, mnt); }",linux-2.6,,,116857459284963077367200334758430151535,0 423,[],"pfm_do_munmap(struct mm_struct *mm, unsigned long addr, size_t len, int acct) { return do_munmap(mm, addr, len); }",linux-2.6,,,309309408549855220755103483046508572840,0 6472,[],"lt_dlinterface_register (const char *id_string, lt_dlhandle_interface *iface) { lt__interface_id *interface_id = (lt__interface_id *) lt__malloc (sizeof *interface_id); if (interface_id) { interface_id->id_string = lt__strdup (id_string); if (!interface_id->id_string) FREE (interface_id); else interface_id->iface = iface; } return (lt_dlinterface_id) interface_id; }",libtool,,,175684537030363664953877747092641252988,0 3186,CWE-125,"icmp_print(netdissect_options *ndo, const u_char *bp, u_int plen, const u_char *bp2, int fragmented) { char *cp; const struct icmp *dp; const struct icmp_ext_t *ext_dp; const struct ip *ip; const char *str, *fmt; const struct ip *oip; const struct udphdr *ouh; const uint8_t *obj_tptr; uint32_t raw_label; const u_char *snapend_save; const struct icmp_mpls_ext_object_header_t *icmp_mpls_ext_object_header; u_int hlen, dport, mtu, obj_tlen, obj_class_num, obj_ctype; char buf[MAXHOSTNAMELEN + 100]; struct cksum_vec vec[1]; dp = (const struct icmp *)bp; ext_dp = (const struct icmp_ext_t *)bp; ip = (const struct ip *)bp2; str = buf; ND_TCHECK(dp->icmp_code); switch (dp->icmp_type) { case ICMP_ECHO: case ICMP_ECHOREPLY: ND_TCHECK(dp->icmp_seq); (void)snprintf(buf, sizeof(buf), ""echo %s, id %u, seq %u"", dp->icmp_type == ICMP_ECHO ? ""request"" : ""reply"", EXTRACT_16BITS(&dp->icmp_id), EXTRACT_16BITS(&dp->icmp_seq)); break; case ICMP_UNREACH: ND_TCHECK(dp->icmp_ip.ip_dst); switch (dp->icmp_code) { case ICMP_UNREACH_PROTOCOL: ND_TCHECK(dp->icmp_ip.ip_p); (void)snprintf(buf, sizeof(buf), ""%s protocol %d unreachable"", ipaddr_string(ndo, &dp->icmp_ip.ip_dst), dp->icmp_ip.ip_p); break; case ICMP_UNREACH_PORT: ND_TCHECK(dp->icmp_ip.ip_p); oip = &dp->icmp_ip; hlen = IP_HL(oip) * 4; ouh = (const struct udphdr *)(((const u_char *)oip) + hlen); ND_TCHECK(ouh->uh_dport); dport = EXTRACT_16BITS(&ouh->uh_dport); switch (oip->ip_p) { case IPPROTO_TCP: (void)snprintf(buf, sizeof(buf), ""%s tcp port %s unreachable"", ipaddr_string(ndo, &oip->ip_dst), tcpport_string(ndo, dport)); break; case IPPROTO_UDP: (void)snprintf(buf, sizeof(buf), ""%s udp port %s unreachable"", ipaddr_string(ndo, &oip->ip_dst), udpport_string(ndo, dport)); break; default: (void)snprintf(buf, sizeof(buf), ""%s protocol %d port %d unreachable"", ipaddr_string(ndo, &oip->ip_dst), oip->ip_p, dport); break; } break; case ICMP_UNREACH_NEEDFRAG: { register const struct mtu_discovery *mp; mp = (const struct mtu_discovery *)(const u_char *)&dp->icmp_void; mtu = EXTRACT_16BITS(&mp->nexthopmtu); if (mtu) { (void)snprintf(buf, sizeof(buf), ""%s unreachable - need to frag (mtu %d)"", ipaddr_string(ndo, &dp->icmp_ip.ip_dst), mtu); } else { (void)snprintf(buf, sizeof(buf), ""%s unreachable - need to frag"", ipaddr_string(ndo, &dp->icmp_ip.ip_dst)); } } break; default: fmt = tok2str(unreach2str, ""#%d %%s unreachable"", dp->icmp_code); (void)snprintf(buf, sizeof(buf), fmt, ipaddr_string(ndo, &dp->icmp_ip.ip_dst)); break; } break; case ICMP_REDIRECT: ND_TCHECK(dp->icmp_ip.ip_dst); fmt = tok2str(type2str, ""redirect-#%d %%s to net %%s"", dp->icmp_code); (void)snprintf(buf, sizeof(buf), fmt, ipaddr_string(ndo, &dp->icmp_ip.ip_dst), ipaddr_string(ndo, &dp->icmp_gwaddr)); break; case ICMP_ROUTERADVERT: { register const struct ih_rdiscovery *ihp; register const struct id_rdiscovery *idp; u_int lifetime, num, size; (void)snprintf(buf, sizeof(buf), ""router advertisement""); cp = buf + strlen(buf); ihp = (const struct ih_rdiscovery *)&dp->icmp_void; ND_TCHECK(*ihp); (void)strncpy(cp, "" lifetime "", sizeof(buf) - (cp - buf)); cp = buf + strlen(buf); lifetime = EXTRACT_16BITS(&ihp->ird_lifetime); if (lifetime < 60) { (void)snprintf(cp, sizeof(buf) - (cp - buf), ""%u"", lifetime); } else if (lifetime < 60 * 60) { (void)snprintf(cp, sizeof(buf) - (cp - buf), ""%u:%02u"", lifetime / 60, lifetime % 60); } else { (void)snprintf(cp, sizeof(buf) - (cp - buf), ""%u:%02u:%02u"", lifetime / 3600, (lifetime % 3600) / 60, lifetime % 60); } cp = buf + strlen(buf); num = ihp->ird_addrnum; (void)snprintf(cp, sizeof(buf) - (cp - buf), "" %d:"", num); cp = buf + strlen(buf); size = ihp->ird_addrsiz; if (size != 2) { (void)snprintf(cp, sizeof(buf) - (cp - buf), "" [size %d]"", size); break; } idp = (const struct id_rdiscovery *)&dp->icmp_data; while (num-- > 0) { ND_TCHECK(*idp); (void)snprintf(cp, sizeof(buf) - (cp - buf), "" {%s %u}"", ipaddr_string(ndo, &idp->ird_addr), EXTRACT_32BITS(&idp->ird_pref)); cp = buf + strlen(buf); ++idp; } } break; case ICMP_TIMXCEED: ND_TCHECK(dp->icmp_ip.ip_dst); switch (dp->icmp_code) { case ICMP_TIMXCEED_INTRANS: str = ""time exceeded in-transit""; break; case ICMP_TIMXCEED_REASS: str = ""ip reassembly time exceeded""; break; default: (void)snprintf(buf, sizeof(buf), ""time exceeded-#%d"", dp->icmp_code); break; } break; case ICMP_PARAMPROB: if (dp->icmp_code) (void)snprintf(buf, sizeof(buf), ""parameter problem - code %d"", dp->icmp_code); else { ND_TCHECK(dp->icmp_pptr); (void)snprintf(buf, sizeof(buf), ""parameter problem - octet %d"", dp->icmp_pptr); } break; case ICMP_MASKREPLY: ND_TCHECK(dp->icmp_mask); (void)snprintf(buf, sizeof(buf), ""address mask is 0x%08x"", EXTRACT_32BITS(&dp->icmp_mask)); break; case ICMP_TSTAMP: ND_TCHECK(dp->icmp_seq); (void)snprintf(buf, sizeof(buf), ""time stamp query id %u seq %u"", EXTRACT_16BITS(&dp->icmp_id), EXTRACT_16BITS(&dp->icmp_seq)); break; case ICMP_TSTAMPREPLY: ND_TCHECK(dp->icmp_ttime); (void)snprintf(buf, sizeof(buf), ""time stamp reply id %u seq %u: org %s"", EXTRACT_16BITS(&dp->icmp_id), EXTRACT_16BITS(&dp->icmp_seq), icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_otime))); (void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"", recv %s"", icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_rtime))); (void)snprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),"", xmit %s"", icmp_tstamp_print(EXTRACT_32BITS(&dp->icmp_ttime))); break; default: str = tok2str(icmp2str, ""type-#%d"", dp->icmp_type); break; } ND_PRINT((ndo, ""ICMP %s, length %u"", str, plen)); if (ndo->ndo_vflag && !fragmented) { uint16_t sum, icmp_sum; if (ND_TTEST2(*bp, plen)) { vec[0].ptr = (const uint8_t *)(const void *)dp; vec[0].len = plen; sum = in_cksum(vec, 1); if (sum != 0) { icmp_sum = EXTRACT_16BITS(&dp->icmp_cksum); ND_PRINT((ndo, "" (wrong icmp cksum %x (->%x)!)"", icmp_sum, in_cksum_shouldbe(icmp_sum, sum))); } } } if (ndo->ndo_vflag >= 1 && ICMP_ERRTYPE(dp->icmp_type)) { bp += 8; ND_PRINT((ndo, ""\n\t"")); ip = (const struct ip *)bp; snapend_save = ndo->ndo_snapend; ip_print(ndo, bp, EXTRACT_16BITS(&ip->ip_len)); ndo->ndo_snapend = snapend_save; } if (ndo->ndo_vflag >= 1 && plen > ICMP_EXTD_MINLEN && ICMP_MPLS_EXT_TYPE(dp->icmp_type)) { ND_TCHECK(*ext_dp); if (!ext_dp->icmp_length) { vec[0].ptr = (const uint8_t *)(const void *)&ext_dp->icmp_ext_version_res; vec[0].len = plen - ICMP_EXTD_MINLEN; if (in_cksum(vec, 1)) { return; } } ND_PRINT((ndo, ""\n\tMPLS extension v%u"", ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)))); if (ICMP_MPLS_EXT_EXTRACT_VERSION(*(ext_dp->icmp_ext_version_res)) != ICMP_MPLS_EXT_VERSION) { ND_PRINT((ndo, "" packet not supported"")); return; } hlen = plen - ICMP_EXTD_MINLEN; vec[0].ptr = (const uint8_t *)(const void *)&ext_dp->icmp_ext_version_res; vec[0].len = hlen; ND_PRINT((ndo, "", checksum 0x%04x (%scorrect), length %u"", EXTRACT_16BITS(ext_dp->icmp_ext_checksum), in_cksum(vec, 1) ? ""in"" : """", hlen)); hlen -= 4; obj_tptr = (const uint8_t *)ext_dp->icmp_ext_data; while (hlen > sizeof(struct icmp_mpls_ext_object_header_t)) { icmp_mpls_ext_object_header = (const struct icmp_mpls_ext_object_header_t *)obj_tptr; ND_TCHECK(*icmp_mpls_ext_object_header); obj_tlen = EXTRACT_16BITS(icmp_mpls_ext_object_header->length); obj_class_num = icmp_mpls_ext_object_header->class_num; obj_ctype = icmp_mpls_ext_object_header->ctype; obj_tptr += sizeof(struct icmp_mpls_ext_object_header_t); ND_PRINT((ndo, ""\n\t %s Object (%u), Class-Type: %u, length %u"", tok2str(icmp_mpls_ext_obj_values,""unknown"",obj_class_num), obj_class_num, obj_ctype, obj_tlen)); hlen-=sizeof(struct icmp_mpls_ext_object_header_t); if ((obj_class_num == 0) || (obj_tlen < sizeof(struct icmp_mpls_ext_object_header_t))) { return; } obj_tlen-=sizeof(struct icmp_mpls_ext_object_header_t); switch (obj_class_num) { case 1: switch(obj_ctype) { case 1: ND_TCHECK2(*obj_tptr, 4); raw_label = EXTRACT_32BITS(obj_tptr); ND_PRINT((ndo, ""\n\t label %u, exp %u"", MPLS_LABEL(raw_label), MPLS_EXP(raw_label))); if (MPLS_STACK(raw_label)) ND_PRINT((ndo, "", [S]"")); ND_PRINT((ndo, "", ttl %u"", MPLS_TTL(raw_label))); break; default: print_unknown_data(ndo, obj_tptr, ""\n\t "", obj_tlen); } break; case 2: default: print_unknown_data(ndo, obj_tptr, ""\n\t "", obj_tlen); break; } if (hlen < obj_tlen) break; hlen -= obj_tlen; obj_tptr += obj_tlen; } } return; trunc: ND_PRINT((ndo, ""[|icmp]"")); }",visit repo url,print-icmp.c,https://github.com/the-tcpdump-group/tcpdump,257419613142310,1 5848,CWE-125,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_build_sli( pjmedia_rtcp_session *session, void *buf, pj_size_t *length, unsigned sli_cnt, const pjmedia_rtcp_fb_sli sli[]) { pjmedia_rtcp_common *hdr; pj_uint8_t *p; unsigned len, i; PJ_ASSERT_RETURN(session && buf && length && sli_cnt && sli, PJ_EINVAL); len = (3 + sli_cnt) * 4; if (len > *length) return PJ_ETOOSMALL; hdr = (pjmedia_rtcp_common*)buf; pj_memcpy(hdr, &session->rtcp_rr_pkt.common, sizeof(*hdr)); hdr->pt = RTCP_PSFB; hdr->count = 2; hdr->length = pj_htons((pj_uint16_t)(len/4 - 1)); p = (pj_uint8_t*)hdr + sizeof(*hdr); for (i = 0; i < sli_cnt; ++i) { *p++ = (pj_uint8_t)((sli[i].first >> 5) & 0xFF); *p = (pj_uint8_t)((sli[i].first & 31) << 3); *p++ |= (pj_uint8_t)((sli[i].number >> 10) & 7); *p++ = (pj_uint8_t)((sli[i].number >> 2) & 0xFF); *p = (pj_uint8_t)((sli[i].number & 3) << 6); *p++ |= (sli[i].pict_id & 63); } *length = len; return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,151866096947785,1 3820,['CWE-120'],"void uvc_delete(struct kref *kref) { struct uvc_device *dev = container_of(kref, struct uvc_device, kref); struct list_head *p, *n; uvc_unregister_video(dev); usb_put_intf(dev->intf); usb_put_dev(dev->udev); uvc_status_cleanup(dev); uvc_ctrl_cleanup_device(dev); list_for_each_safe(p, n, &dev->entities) { struct uvc_entity *entity; entity = list_entry(p, struct uvc_entity, list); kfree(entity); } list_for_each_safe(p, n, &dev->streaming) { struct uvc_streaming *streaming; streaming = list_entry(p, struct uvc_streaming, list); usb_driver_release_interface(&uvc_driver.driver, streaming->intf); usb_put_intf(streaming->intf); kfree(streaming->format); kfree(streaming->header.bmaControls); kfree(streaming); } kfree(dev); }",linux-2.6,,,66606679156429709290226700655401805499,0 6306,CWE-295,"NOEXPORT void transfer(CLI *c) { int timeout; int pending; #if OPENSSL_VERSION_NUMBER >= 0x10100000L int has_pending=0, prev_has_pending; #endif int watchdog=0; ssize_t num; int err; int sock_open_rd=1, sock_open_wr=1; int shutdown_wants_read=0, shutdown_wants_write=0; int read_wants_read=0, read_wants_write=0; int write_wants_read=0, write_wants_write=0; int sock_can_rd, sock_can_wr, ssl_can_rd, ssl_can_wr; #ifdef USE_WIN32 unsigned long bytes; #else int bytes; #endif c->sock_ptr=c->ssl_ptr=0; do { read_wants_read|=!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN) && c->ssl_ptrssl)&SSL_SENT_SHUTDOWN) && c->sock_ptr && !write_wants_read; s_poll_init(c->fds, 0); if(sock_open_rd) s_poll_add(c->fds, c->sock_rfd->fd, c->sock_ptrfds, c->sock_wfd->fd, 0, c->ssl_ptr>0); if(SSL_get_shutdown(c->ssl)!= (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) { s_poll_add(c->fds, c->ssl_rfd->fd, read_wants_read || write_wants_read || shutdown_wants_read, 0); s_poll_add(c->fds, c->ssl_wfd->fd, 0, read_wants_write || write_wants_write || shutdown_wants_write); } pending=SSL_pending(c->ssl); #if OPENSSL_VERSION_NUMBER >= 0x10100000L prev_has_pending=has_pending; has_pending=SSL_has_pending(c->ssl); pending=pending || (has_pending && !prev_has_pending); #endif if(read_wants_read && pending) { timeout=0; } else if((sock_open_rd && !(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN)) || c->ssl_ptr || c->sock_ptr ) { timeout=c->opt->timeout_idle; } else { timeout=c->opt->timeout_close; } err=s_poll_wait(c->fds, timeout, 0); switch(err) { case -1: sockerror(""transfer: s_poll_wait""); throw_exception(c, 1); case 0: if(read_wants_read && pending) break; if((sock_open_rd && !(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN)) || c->ssl_ptr || c->sock_ptr) { s_log(LOG_INFO, ""transfer: s_poll_wait:"" "" TIMEOUTidle exceeded: sending reset""); s_poll_dump(c->fds, LOG_DEBUG); throw_exception(c, 1); } s_log(LOG_ERR, ""transfer: s_poll_wait:"" "" TIMEOUTclose exceeded: closing""); s_poll_dump(c->fds, LOG_DEBUG); return; } sock_can_rd=s_poll_canread(c->fds, c->sock_rfd->fd); sock_can_wr=s_poll_canwrite(c->fds, c->sock_wfd->fd); ssl_can_rd=s_poll_canread(c->fds, c->ssl_rfd->fd); ssl_can_wr=s_poll_canwrite(c->fds, c->ssl_wfd->fd); if(c->sock_rfd->fd==c->sock_wfd->fd) { if((sock_can_rd || sock_can_wr) && s_poll_err(c->fds, c->sock_rfd->fd)) { err=get_socket_error(c->sock_rfd->fd); if(err) log_error(LOG_INFO, err, ""socket fd""); } } else { if(sock_can_rd && s_poll_err(c->fds, c->sock_rfd->fd)) { err=get_socket_error(c->sock_rfd->fd); if(err) log_error(LOG_INFO, err, ""socket rfd""); } if(sock_can_wr && s_poll_err(c->fds, c->sock_wfd->fd)) { err=get_socket_error(c->sock_wfd->fd); if(err) log_error(LOG_INFO, err, ""socket wfd""); } } if(c->ssl_rfd->fd==c->ssl_wfd->fd) { if((ssl_can_rd || ssl_can_wr) && s_poll_err(c->fds, c->ssl_rfd->fd)) { err=get_socket_error(c->ssl_rfd->fd); if(err) log_error(LOG_INFO, err, ""TLS fd""); } } else { if(ssl_can_rd && s_poll_err(c->fds, c->ssl_rfd->fd)) { err=get_socket_error(c->ssl_rfd->fd); if(err) log_error(LOG_INFO, err, ""TLS rfd""); } if(c->ssl_rfd->fd!=c->ssl_wfd->fd && ssl_can_wr && s_poll_err(c->fds, c->ssl_wfd->fd)) { err=get_socket_error(c->ssl_wfd->fd); if(err) log_error(LOG_INFO, err, ""TLS wfd""); } } if(!(sock_can_rd || sock_can_wr || ssl_can_rd || ssl_can_wr)) { if(s_poll_hup(c->fds, c->sock_rfd->fd) || s_poll_hup(c->fds, c->sock_wfd->fd)) { if(c->ssl_ptr) { s_log(LOG_ERR, ""Socket closed (HUP) with %ld unsent byte(s)"", (long)c->ssl_ptr); throw_exception(c, 1); } s_log(LOG_INFO, ""Socket closed (HUP)""); sock_open_rd=sock_open_wr=0; } else if(s_poll_hup(c->fds, c->ssl_rfd->fd) || s_poll_hup(c->fds, c->ssl_wfd->fd)) { if(c->sock_ptr) { s_log(LOG_ERR, ""TLS socket closed (HUP) with %ld unsent byte(s)"", (long)c->sock_ptr); throw_exception(c, 1); } s_log(LOG_INFO, ""TLS socket closed (HUP)""); SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); } } if(c->reneg_state==RENEG_DETECTED && !c->opt->option.renegotiation) { s_log(LOG_ERR, ""Aborting due to renegotiation request""); throw_exception(c, 1); } if(shutdown_wants_read || shutdown_wants_write) { num=SSL_shutdown(c->ssl); if(num<0) err=SSL_get_error(c->ssl, (int)num); else err=SSL_ERROR_NONE; switch(err) { case SSL_ERROR_NONE: s_log(LOG_INFO, ""SSL_shutdown successfully sent close_notify alert""); shutdown_wants_read=shutdown_wants_write=0; break; case SSL_ERROR_SYSCALL: if(parse_socket_error(c, ""SSL_shutdown"")) break; SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); shutdown_wants_read=shutdown_wants_write=0; break; case SSL_ERROR_ZERO_RETURN: SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); shutdown_wants_read=shutdown_wants_write=0; break; case SSL_ERROR_WANT_WRITE: s_log(LOG_DEBUG, ""SSL_shutdown returned WANT_WRITE: retrying""); shutdown_wants_read=0; shutdown_wants_write=1; break; case SSL_ERROR_WANT_READ: s_log(LOG_DEBUG, ""SSL_shutdown returned WANT_READ: retrying""); shutdown_wants_read=1; shutdown_wants_write=0; break; case SSL_ERROR_SSL: sslerror(""SSL_shutdown""); throw_exception(c, 1); default: s_log(LOG_ERR, ""SSL_shutdown/SSL_get_error returned %d"", err); throw_exception(c, 1); } } if(sock_open_wr && sock_can_wr) { num=writesocket(c->sock_wfd->fd, c->ssl_buff, c->ssl_ptr); switch(num) { case -1: if(parse_socket_error(c, ""writesocket"")) break; sock_open_rd=sock_open_wr=0; break; case 0: s_log(LOG_DEBUG, ""writesocket returned 0""); break; default: memmove(c->ssl_buff, c->ssl_buff+num, c->ssl_ptr-(size_t)num); c->ssl_ptr-=(size_t)num; memset(c->ssl_buff+c->ssl_ptr, 0, (size_t)num); c->sock_bytes+=(size_t)num; watchdog=0; } } if(sock_open_rd && sock_can_rd) { num=readsocket(c->sock_rfd->fd, c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); switch(num) { case -1: if(parse_socket_error(c, ""readsocket"")) break; sock_open_rd=sock_open_wr=0; break; case 0: s_log(LOG_INFO, ""Read socket closed (readsocket)""); sock_open_rd=0; break; default: c->sock_ptr+=(size_t)num; watchdog=0; } } read_wants_read|=!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN) && c->ssl_ptrssl)&SSL_SENT_SHUTDOWN) && c->sock_ptr && !write_wants_read; if((write_wants_read && ssl_can_rd) || (write_wants_write && ssl_can_wr)) { write_wants_read=0; write_wants_write=0; num=SSL_write(c->ssl, c->sock_buff, (int)(c->sock_ptr)); switch(err=SSL_get_error(c->ssl, (int)num)) { case SSL_ERROR_NONE: if(num==0) { s_log(LOG_DEBUG, ""SSL_write returned 0""); break; } memmove(c->sock_buff, c->sock_buff+num, c->sock_ptr-(size_t)num); c->sock_ptr-=(size_t)num; memset(c->sock_buff+c->sock_ptr, 0, (size_t)num); c->ssl_bytes+=(size_t)num; watchdog=0; break; case SSL_ERROR_WANT_WRITE: s_log(LOG_DEBUG, ""SSL_write returned WANT_WRITE: retrying""); write_wants_write=1; break; case SSL_ERROR_WANT_READ: s_log(LOG_DEBUG, ""SSL_write returned WANT_READ: retrying""); write_wants_read=1; break; case SSL_ERROR_WANT_X509_LOOKUP: s_log(LOG_DEBUG, ""SSL_write returned WANT_X509_LOOKUP: retrying""); break; case SSL_ERROR_SYSCALL: if(num && parse_socket_error(c, ""SSL_write"")) break; if(c->sock_ptr) { s_log(LOG_ERR, ""TLS socket closed (SSL_write) with %ld unsent byte(s)"", (long)c->sock_ptr); throw_exception(c, 1); } s_log(LOG_INFO, ""TLS socket closed (SSL_write)""); SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); break; case SSL_ERROR_ZERO_RETURN: s_log(LOG_INFO, ""TLS closed (SSL_write)""); if(SSL_version(c->ssl)==SSL2_VERSION) SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); break; case SSL_ERROR_SSL: sslerror(""SSL_write""); throw_exception(c, 1); default: s_log(LOG_ERR, ""SSL_write/SSL_get_error returned %d"", err); throw_exception(c, 1); } } if((read_wants_read && (ssl_can_rd || pending)) || (read_wants_write && ssl_can_wr)) { read_wants_read=0; read_wants_write=0; num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, (int)(BUFFSIZE-c->ssl_ptr)); switch(err=SSL_get_error(c->ssl, (int)num)) { case SSL_ERROR_NONE: if(num==0) { s_log(LOG_DEBUG, ""SSL_read returned 0""); break; } c->ssl_ptr+=(size_t)num; watchdog=0; break; case SSL_ERROR_WANT_WRITE: s_log(LOG_DEBUG, ""SSL_read returned WANT_WRITE: retrying""); read_wants_write=1; break; case SSL_ERROR_WANT_READ: #if 0 s_log(LOG_DEBUG, ""SSL_read returned WANT_READ: retrying""); #endif read_wants_read=1; break; case SSL_ERROR_WANT_X509_LOOKUP: s_log(LOG_DEBUG, ""SSL_read returned WANT_X509_LOOKUP: retrying""); break; case SSL_ERROR_SYSCALL: if(num && parse_socket_error(c, ""SSL_read"")) break; if(c->sock_ptr || write_wants_write) { s_log(LOG_ERR, ""TLS socket closed (SSL_read) with %ld unsent byte(s)"", (long)c->sock_ptr); throw_exception(c, 1); } s_log(LOG_INFO, ""TLS socket closed (SSL_read)""); SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); break; case SSL_ERROR_ZERO_RETURN: s_log(LOG_INFO, ""TLS closed (SSL_read)""); if(SSL_version(c->ssl)==SSL2_VERSION) SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); break; case SSL_ERROR_SSL: sslerror(""SSL_read""); throw_exception(c, 1); default: s_log(LOG_ERR, ""SSL_read/SSL_get_error returned %d"", err); throw_exception(c, 1); } } if(sock_open_rd && s_poll_rdhup(c->fds, c->sock_rfd->fd) && (ioctlsocket(c->sock_rfd->fd, FIONREAD, &bytes) || !bytes)) { s_log(LOG_INFO, ""Read socket closed (read hangup)""); sock_open_rd=0; } if(sock_open_wr && s_poll_hup(c->fds, c->sock_wfd->fd)) { if(c->ssl_ptr) { s_log(LOG_ERR, ""Write socket closed (write hangup) with %ld unsent byte(s)"", (long)c->ssl_ptr); throw_exception(c, 1); } s_log(LOG_INFO, ""Write socket closed (write hangup)""); sock_open_wr=0; } if(!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN) && s_poll_rdhup(c->fds, c->ssl_rfd->fd) && (ioctlsocket(c->ssl_rfd->fd, FIONREAD, &bytes) || !bytes)) { s_log(LOG_INFO, ""TLS socket closed (read hangup)""); SSL_set_shutdown(c->ssl, SSL_get_shutdown(c->ssl)|SSL_RECEIVED_SHUTDOWN); } if(!(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN) && s_poll_hup(c->fds, c->ssl_wfd->fd)) { if(c->sock_ptr || write_wants_write) { s_log(LOG_ERR, ""TLS socket closed (write hangup) with %ld unsent byte(s)"", (long)c->sock_ptr); throw_exception(c, 1); } s_log(LOG_INFO, ""TLS socket closed (write hangup)""); SSL_set_shutdown(c->ssl, SSL_get_shutdown(c->ssl)|SSL_SENT_SHUTDOWN); } if(sock_open_wr && SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN && !c->ssl_ptr) { sock_open_wr=0; if(!c->sock_wfd->is_socket) { s_log(LOG_DEBUG, ""Closing the file descriptor""); sock_open_rd=0; } else if(!shutdown(c->sock_wfd->fd, SHUT_WR)) { s_log(LOG_DEBUG, ""Sent socket write shutdown""); } else { s_log(LOG_DEBUG, ""Failed to send socket write shutdown""); sock_open_rd=0; } } if(!(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN) && !sock_open_rd && !c->sock_ptr && !write_wants_write) { if(SSL_version(c->ssl)!=SSL2_VERSION) { s_log(LOG_DEBUG, ""Sending close_notify alert""); shutdown_wants_write=1; } else { s_log(LOG_DEBUG, ""Closing SSLv2 socket""); if(c->ssl_rfd->is_socket) shutdown(c->ssl_rfd->fd, SHUT_RD); if(c->ssl_wfd->is_socket) shutdown(c->ssl_wfd->fd, SHUT_WR); SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); } } if(++watchdog>100) { s_log(LOG_ERR, ""transfer() loop executes not transferring any data""); s_log(LOG_ERR, ""please report the problem to Michal.Trojnara@stunnel.org""); stunnel_info(LOG_ERR); #if OPENSSL_VERSION_NUMBER >= 0x10100000L s_log(LOG_ERR, ""protocol=%s, SSL_pending=%d, SSL_has_pending=%d"", SSL_get_version(c->ssl), SSL_pending(c->ssl), SSL_has_pending(c->ssl)); #else s_log(LOG_ERR, ""protocol=%s, SSL_pending=%d"", SSL_get_version(c->ssl), SSL_pending(c->ssl)); #endif s_log(LOG_ERR, ""sock_open_rd=%s, sock_open_wr=%s"", sock_open_rd ? ""Y"" : ""n"", sock_open_wr ? ""Y"" : ""n""); s_log(LOG_ERR, ""SSL_RECEIVED_SHUTDOWN=%s, SSL_SENT_SHUTDOWN=%s"", (SSL_get_shutdown(c->ssl) & SSL_RECEIVED_SHUTDOWN) ? ""Y"" : ""n"", (SSL_get_shutdown(c->ssl) & SSL_SENT_SHUTDOWN) ? ""Y"" : ""n""); s_log(LOG_ERR, ""sock_can_rd=%s, sock_can_wr=%s"", sock_can_rd ? ""Y"" : ""n"", sock_can_wr ? ""Y"" : ""n""); s_log(LOG_ERR, ""ssl_can_rd=%s, ssl_can_wr=%s"", ssl_can_rd ? ""Y"" : ""n"", ssl_can_wr ? ""Y"" : ""n""); s_log(LOG_ERR, ""read_wants_read=%s, read_wants_write=%s"", read_wants_read ? ""Y"" : ""n"", read_wants_write ? ""Y"" : ""n""); s_log(LOG_ERR, ""write_wants_read=%s, write_wants_write=%s"", write_wants_read ? ""Y"" : ""n"", write_wants_write ? ""Y"" : ""n""); s_log(LOG_ERR, ""shutdown_wants_read=%s, shutdown_wants_write=%s"", shutdown_wants_read ? ""Y"" : ""n"", shutdown_wants_write ? ""Y"" : ""n""); s_log(LOG_ERR, ""socket input buffer: %ld byte(s), "" ""TLS input buffer: %ld byte(s)"", (long)c->sock_ptr, (long)c->ssl_ptr); throw_exception(c, 1); } } while(sock_open_wr || !(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN) || shutdown_wants_read || shutdown_wants_write); }",visit repo url,src/client.c,https://github.com/mtrojnar/stunnel,248629162979675,1 954,CWE-200,"bool __net_get_random_once(void *buf, int nbytes, bool *done, struct static_key *done_key) { static DEFINE_SPINLOCK(lock); unsigned long flags; spin_lock_irqsave(&lock, flags); if (*done) { spin_unlock_irqrestore(&lock, flags); return false; } get_random_bytes(buf, nbytes); *done = true; spin_unlock_irqrestore(&lock, flags); __net_random_once_disable_jump(done_key); return true; }",visit repo url,net/core/utils.c,https://github.com/torvalds/linux,166645926337066,1 714,CWE-20,"static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied, err; BT_DBG(""sock %p, sk %p"", sock, sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == BT_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) return err; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); switch (hci_pi(sk)->channel) { case HCI_CHANNEL_RAW: hci_sock_cmsg(sk, msg, skb); break; case HCI_CHANNEL_USER: case HCI_CHANNEL_CONTROL: case HCI_CHANNEL_MONITOR: sock_recv_timestamp(msg, sk, skb); break; } skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/hci_sock.c,https://github.com/torvalds/linux,129040150037285,1 4997,['CWE-346'],"struct udev *udev_monitor_get_udev(struct udev_monitor *udev_monitor) { if (udev_monitor == NULL) return NULL; return udev_monitor->udev; }",udev,,,238514057776322986855284812810178246518,0 2699,CWE-190,"void spl_filesystem_info_set_filename(spl_filesystem_object *intern, char *path, int len, int use_copy TSRMLS_DC) { char *p1, *p2; if (intern->file_name) { efree(intern->file_name); } intern->file_name = use_copy ? estrndup(path, len) : path; intern->file_name_len = len; while(IS_SLASH_AT(intern->file_name, intern->file_name_len-1) && intern->file_name_len > 1) { intern->file_name[intern->file_name_len-1] = 0; intern->file_name_len--; } p1 = strrchr(intern->file_name, '/'); #if defined(PHP_WIN32) || defined(NETWARE) p2 = strrchr(intern->file_name, '\\'); #else p2 = 0; #endif if (p1 || p2) { intern->_path_len = (p1 > p2 ? p1 : p2) - intern->file_name; } else { intern->_path_len = 0; } if (intern->_path) { efree(intern->_path); } intern->_path = estrndup(path, intern->_path_len); } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,259002855233079,1 3564,['CWE-20'],"sctp_disposition_t sctp_sf_do_ecne(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { sctp_ecnehdr_t *ecne; struct sctp_chunk *chunk = arg; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_ecne_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); ecne = (sctp_ecnehdr_t *) chunk->skb->data; skb_pull(chunk->skb, sizeof(sctp_ecnehdr_t)); sctp_add_cmd_sf(commands, SCTP_CMD_ECN_ECNE, SCTP_U32(ntohl(ecne->lowest_tsn))); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,251868108725517354942635392967021529658,0 4683,CWE-78,"static void cmd_parse_lsub (IMAP_DATA* idata, char* s) { char buf[STRING]; char errstr[STRING]; BUFFER err, token; ciss_url_t url; IMAP_LIST list; if (idata->cmddata && idata->cmdtype == IMAP_CT_LIST) { cmd_parse_list (idata, s); return; } if (!option (OPTIMAPCHECKSUBSCRIBED)) return; idata->cmdtype = IMAP_CT_LIST; idata->cmddata = &list; cmd_parse_list (idata, s); idata->cmddata = NULL; if (!list.name || list.noselect) return; dprint (3, (debugfile, ""Subscribing to %s\n"", list.name)); strfcpy (buf, ""mailboxes \"""", sizeof (buf)); mutt_account_tourl (&idata->conn->account, &url); imap_quote_string(errstr, sizeof (errstr), list.name); url.path = errstr + 1; url.path[strlen(url.path) - 1] = '\0'; if (!mutt_strcmp (url.user, ImapUser)) url.user = NULL; url_ciss_tostring (&url, buf + 11, sizeof (buf) - 10, 0); safe_strcat (buf, sizeof (buf), ""\""""); mutt_buffer_init (&token); mutt_buffer_init (&err); err.data = errstr; err.dsize = sizeof (errstr); if (mutt_parse_rc_line (buf, &token, &err)) dprint (1, (debugfile, ""Error adding subscribed mailbox: %s\n"", errstr)); FREE (&token.data); }",visit repo url,imap/command.c,https://gitlab.com/muttmua/mutt,61321800986972,1 6163,CWE-190,"void ep2_read_bin(ep2_t a, const uint8_t *bin, int len) { if (len == 1) { if (bin[0] == 0) { ep2_set_infty(a); return; } else { RLC_THROW(ERR_NO_BUFFER); return; } } if (len != (2 * RLC_FP_BYTES + 1) && len != (4 * RLC_FP_BYTES + 1)) { RLC_THROW(ERR_NO_BUFFER); return; } a->coord = BASIC; fp2_set_dig(a->z, 1); fp2_read_bin(a->x, bin + 1, 2 * RLC_FP_BYTES); if (len == 2 * RLC_FP_BYTES + 1) { switch(bin[0]) { case 2: fp2_zero(a->y); break; case 3: fp2_zero(a->y); fp_set_bit(a->y[0], 0, 1); fp_zero(a->y[1]); break; default: RLC_THROW(ERR_NO_VALID); break; } ep2_upk(a, a); } if (len == 4 * RLC_FP_BYTES + 1) { if (bin[0] == 4) { fp2_read_bin(a->y, bin + 2 * RLC_FP_BYTES + 1, 2 * RLC_FP_BYTES); } else { RLC_THROW(ERR_NO_VALID); return; } } if (!ep2_on_curve(a)) { RLC_THROW(ERR_NO_VALID); } }",visit repo url,src/epx/relic_ep2_util.c,https://github.com/relic-toolkit/relic,28764895631736,1 2694,[],"static int sctp_getsockopt_hmac_ident(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_hmacalgo __user *p = (void __user *)optval; struct sctp_hmac_algo_param *hmacs; __u16 data_len = 0; u32 num_idents; if (!sctp_auth_enable) return -EACCES; hmacs = sctp_sk(sk)->ep->auth_hmacs_list; data_len = ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t); if (len < sizeof(struct sctp_hmacalgo) + data_len) return -EINVAL; len = sizeof(struct sctp_hmacalgo) + data_len; num_idents = data_len / sizeof(u16); if (put_user(len, optlen)) return -EFAULT; if (put_user(num_idents, &p->shmac_num_idents)) return -EFAULT; if (copy_to_user(p->shmac_idents, hmacs->hmac_ids, data_len)) return -EFAULT; return 0; }",linux-2.6,,,143569549659727829378818505826425056966,0 1850,['CWE-189'],"mac_deinit (digest_hd_st *td, opaque * res, int ver) { if (ver == GNUTLS_SSL3) { _gnutls_mac_deinit_ssl3 (td, res); } else { _gnutls_hmac_deinit (td, res); } }",gnutls,,,23717312029069236136062290136964807782,0 4037,CWE-125,"_WM_ParseNewMidi(uint8_t *midi_data, uint32_t midi_size) { struct _mdi *mdi; uint32_t tmp_val; uint32_t midi_type; uint32_t track_size; uint8_t **tracks; uint32_t end_of_tracks = 0; uint32_t no_tracks; uint32_t i; uint32_t divisions = 96; uint32_t tempo = 500000; float samples_per_delta_f = 0.0; uint32_t sample_count = 0; float sample_count_f = 0.0; float sample_remainder = 0.0; uint8_t *sysex_store = NULL; uint32_t *track_delta; uint8_t *track_end; uint32_t smallest_delta = 0; uint32_t subtract_delta = 0; uint8_t *running_event; uint32_t setup_ret = 0; if (midi_size < 14) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(too short)"", 0); return (NULL); } if (!memcmp(midi_data, ""RIFF"", 4)) { if (midi_size < 34) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(too short)"", 0); return (NULL); } midi_data += 20; midi_size -= 20; } if (memcmp(midi_data, ""MThd"", 4)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_MIDI, NULL, 0); return (NULL); } midi_data += 4; midi_size -= 4; tmp_val = *midi_data++ << 24; tmp_val |= *midi_data++ << 16; tmp_val |= *midi_data++ << 8; tmp_val |= *midi_data++; midi_size -= 4; if (tmp_val != 6) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, NULL, 0); return (NULL); } tmp_val = *midi_data++ << 8; tmp_val |= *midi_data++; midi_size -= 2; if (tmp_val > 2) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_INVALID, NULL, 0); return (NULL); } midi_type = tmp_val; tmp_val = *midi_data++ << 8; tmp_val |= *midi_data++; midi_size -= 2; if (tmp_val < 1) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(no tracks)"", 0); return (NULL); } no_tracks = tmp_val; if ((midi_type == 0) && (no_tracks > 1)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_INVALID, ""(expected 1 track for type 0 midi file, found more)"", 0); return (NULL); } divisions = *midi_data++ << 8; divisions |= *midi_data++; midi_size -= 2; if (divisions & 0x00008000) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_INVALID, NULL, 0); return (NULL); } samples_per_delta_f = _WM_GetSamplesPerTick(divisions, tempo); mdi = _WM_initMDI(); _WM_midi_setup_divisions(mdi,divisions); tracks = malloc(sizeof(uint8_t *) * no_tracks); track_delta = malloc(sizeof(uint32_t) * no_tracks); track_end = malloc(sizeof(uint8_t) * no_tracks); running_event = malloc(sizeof(uint8_t) * no_tracks); smallest_delta = 0xffffffff; for (i = 0; i < no_tracks; i++) { if (midi_size < 8) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(too short)"", 0); goto _end; } if (memcmp(midi_data, ""MTrk"", 4) != 0) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(missing track header)"", 0); goto _end; } midi_data += 4; midi_size -= 4; track_size = *midi_data++ << 24; track_size |= *midi_data++ << 16; track_size |= *midi_data++ << 8; track_size |= *midi_data++; midi_size -= 4; if (midi_size < track_size) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(too short)"", 0); goto _end; } if (track_size < 3) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(bad track size)"", 0); goto _end; } if ((midi_data[track_size - 3] != 0xFF) || (midi_data[track_size - 2] != 0x2F) || (midi_data[track_size - 1] != 0x00)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(missing EOT)"", 0); goto _end; } tracks[i] = midi_data; midi_data += track_size; midi_size -= track_size; track_end[i] = 0; running_event[i] = 0; track_delta[i] = 0; while (*tracks[i] > 0x7F) { track_delta[i] = (track_delta[i] << 7) + (*tracks[i] & 0x7F); tracks[i]++; } track_delta[i] = (track_delta[i] << 7) + (*tracks[i] & 0x7F); tracks[i]++; if (midi_type == 1 ) { if (track_delta[i] < smallest_delta) { smallest_delta = track_delta[i]; } } else { if (i == 0) smallest_delta = track_delta[i]; } } subtract_delta = smallest_delta; sample_count_f = (((float) smallest_delta * samples_per_delta_f) + sample_remainder); sample_count = (uint32_t) sample_count_f; sample_remainder = sample_count_f - (float) sample_count; mdi->events[mdi->event_count - 1].samples_to_next += sample_count; mdi->extra_info.approx_total_samples += sample_count; if (midi_type == 1) { while (end_of_tracks != no_tracks) { smallest_delta = 0; for (i = 0; i < no_tracks; i++) { if (track_end[i]) continue; if (track_delta[i]) { track_delta[i] -= subtract_delta; if (track_delta[i]) { if ((!smallest_delta) || (smallest_delta > track_delta[i])) { smallest_delta = track_delta[i]; } continue; } } do { setup_ret = _WM_SetupMidiEvent(mdi, tracks[i], running_event[i]); if (setup_ret == 0) { goto _end; } if (tracks[i][0] > 0x7f) { if (tracks[i][0] < 0xf0) { running_event[i] = tracks[i][0]; } else if ((tracks[i][0] == 0xf0) || (tracks[i][0] == 0xf7)) { running_event[i] = 0; } else if ((tracks[i][0] == 0xff) && (tracks[i][1] == 0x2f) && (tracks[i][2] == 0x00)) { end_of_tracks++; track_end[i] = 1; tracks[i] += 3; goto NEXT_TRACK; } else if ((tracks[i][0] == 0xff) && (tracks[i][1] == 0x51) && (tracks[i][2] == 0x03)) { tempo = (tracks[i][3] << 16) + (tracks[i][4] << 8)+ tracks[i][5]; if (!tempo) tempo = 500000; samples_per_delta_f = _WM_GetSamplesPerTick(divisions, tempo); } } tracks[i] += setup_ret; if (*tracks[i] > 0x7f) { do { track_delta[i] = (track_delta[i] << 7) + (*tracks[i] & 0x7F); tracks[i]++; } while (*tracks[i] > 0x7f); } track_delta[i] = (track_delta[i] << 7) + (*tracks[i] & 0x7F); tracks[i]++; } while (!track_delta[i]); if ((!smallest_delta) || (smallest_delta > track_delta[i])) { smallest_delta = track_delta[i]; } NEXT_TRACK: continue; } subtract_delta = smallest_delta; sample_count_f = (((float) smallest_delta * samples_per_delta_f) + sample_remainder); sample_count = (uint32_t) sample_count_f; sample_remainder = sample_count_f - (float) sample_count; mdi->events[mdi->event_count - 1].samples_to_next += sample_count; mdi->extra_info.approx_total_samples += sample_count; } } else { if (midi_type == 2) { mdi->is_type2 = 1; } sample_remainder = 0.0; for (i = 0; i < no_tracks; i++) { running_event[i] = 0; do { setup_ret = _WM_SetupMidiEvent(mdi, tracks[i], running_event[i]); if (setup_ret == 0) { goto _end; } if (tracks[i][0] > 0x7f) { if (tracks[i][0] < 0xf0) { running_event[i] = tracks[i][0]; } else if ((tracks[i][0] == 0xf0) || (tracks[i][0] == 0xf7)) { running_event[i] = 0; } else if ((tracks[i][0] == 0xff) && (tracks[i][1] == 0x2f) && (tracks[i][2] == 0x00)) { track_end[i] = 1; goto NEXT_TRACK2; } else if ((tracks[i][0] == 0xff) && (tracks[i][1] == 0x51) && (tracks[i][2] == 0x03)) { tempo = (tracks[i][3] << 16) + (tracks[i][4] << 8)+ tracks[i][5]; if (!tempo) tempo = 500000; samples_per_delta_f = _WM_GetSamplesPerTick(divisions, tempo); } } tracks[i] += setup_ret; track_delta[i] = 0; if (*tracks[i] > 0x7f) { do { track_delta[i] = (track_delta[i] << 7) + (*tracks[i] & 0x7F); tracks[i]++; } while (*tracks[i] > 0x7f); } track_delta[i] = (track_delta[i] << 7) + (*tracks[i] & 0x7F); tracks[i]++; sample_count_f = (((float) track_delta[i] * samples_per_delta_f) + sample_remainder); sample_count = (uint32_t) sample_count_f; sample_remainder = sample_count_f - (float) sample_count; mdi->events[mdi->event_count - 1].samples_to_next += sample_count; mdi->extra_info.approx_total_samples += sample_count; NEXT_TRACK2: smallest_delta = track_delta[i]; UNUSED(smallest_delta); } while (track_end[i] == 0); } } if ((mdi->reverb = _WM_init_reverb(_WM_SampleRate, _WM_reverb_room_width, _WM_reverb_room_length, _WM_reverb_listen_posx, _WM_reverb_listen_posy)) == NULL) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_MEM, ""to init reverb"", 0); goto _end; } mdi->extra_info.current_sample = 0; mdi->current_event = &mdi->events[0]; mdi->samples_to_mix = 0; mdi->note = NULL; _WM_ResetToStart(mdi); _end: free(sysex_store); free(track_end); free(track_delta); free(running_event); free(tracks); if (mdi->reverb) return (mdi); _WM_freeMDI(mdi); return (NULL); }",visit repo url,src/f_midi.c,https://github.com/Mindwerks/wildmidi,83279019539896,1 5893,['CWE-200'],"void nr_destroy_socket(struct sock *sk) { struct sk_buff *skb; nr_remove_socket(sk); nr_stop_heartbeat(sk); nr_stop_t1timer(sk); nr_stop_t2timer(sk); nr_stop_t4timer(sk); nr_stop_idletimer(sk); nr_clear_queues(sk); while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) { if (skb->sk != sk) { sock_set_flag(skb->sk, SOCK_DEAD); nr_start_heartbeat(skb->sk); nr_sk(skb->sk)->state = NR_STATE_0; } kfree_skb(skb); } if (sk_has_allocations(sk)) { sk->sk_timer.function = nr_destroy_timer; sk->sk_timer.expires = jiffies + 2 * HZ; add_timer(&sk->sk_timer); } else sock_put(sk); }",linux-2.6,,,224899870335311872616560783371227120375,0 3756,CWE-674,"static void yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, void *yyscanner, HEX_LEX_ENVIRONMENT *lex_env) { YYUSE (yyvaluep); YYUSE (yyscanner); YYUSE (lex_env); if (!yymsg) yymsg = ""Deleting""; YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN switch (yytype) { case 16: #line 94 ""hex_grammar.y"" { yr_re_node_destroy(((*yyvaluep).re_node)); } #line 1023 ""hex_grammar.c"" break; case 17: #line 95 ""hex_grammar.y"" { yr_re_node_destroy(((*yyvaluep).re_node)); } #line 1029 ""hex_grammar.c"" break; case 18: #line 96 ""hex_grammar.y"" { yr_re_node_destroy(((*yyvaluep).re_node)); } #line 1035 ""hex_grammar.c"" break; case 19: #line 97 ""hex_grammar.y"" { yr_re_node_destroy(((*yyvaluep).re_node)); } #line 1041 ""hex_grammar.c"" break; case 21: #line 100 ""hex_grammar.y"" { yr_re_node_destroy(((*yyvaluep).re_node)); } #line 1047 ""hex_grammar.c"" break; case 22: #line 99 ""hex_grammar.y"" { yr_re_node_destroy(((*yyvaluep).re_node)); } #line 1053 ""hex_grammar.c"" break; case 23: #line 98 ""hex_grammar.y"" { yr_re_node_destroy(((*yyvaluep).re_node)); } #line 1059 ""hex_grammar.c"" break; default: break; }",visit repo url,libyara/hex_grammar.c,https://github.com/VirusTotal/yara,55884195890234,1 4133,[],"static int ibwdt_set_heartbeat(int t) { int i; if ((t < 0) || (t > 30)) return -EINVAL; for (i = 0x0F; i > -1; i--) if (wd_times[i] >= t) break; wd_margin = i; return 0; }",linux-2.6,,,133021313050549917784207579224424397557,0 3763,CWE-476,"#else static int input (yyscan_t yyscanner) #endif { int c; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; *yyg->yy_c_buf_p = yyg->yy_hold_char; if ( *yyg->yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) { if ( yyg->yy_c_buf_p < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars] ) *yyg->yy_c_buf_p = '\0'; else { yy_size_t offset = yyg->yy_c_buf_p - yyg->yytext_ptr; ++yyg->yy_c_buf_p; switch ( yy_get_next_buffer( yyscanner ) ) { case EOB_ACT_LAST_MATCH: re_yyrestart(yyin ,yyscanner); case EOB_ACT_END_OF_FILE: { if ( re_yywrap(yyscanner ) ) return EOF; if ( ! yyg->yy_did_buffer_switch_on_eof ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(yyscanner); #else return input(yyscanner); #endif } case EOB_ACT_CONTINUE_SCAN: yyg->yy_c_buf_p = yyg->yytext_ptr + offset; break; } } } c = *(unsigned char *) yyg->yy_c_buf_p; *yyg->yy_c_buf_p = '\0'; yyg->yy_hold_char = *++yyg->yy_c_buf_p; if ( c == '\n' ) do{ yylineno++; yycolumn=0; }while(0) ; return c;",visit repo url,libyara/re_lexer.c,https://github.com/VirusTotal/yara,214942996333719,1 5830,['CWE-200'],"static void __exit econet_proto_exit(void) { #ifdef CONFIG_ECONET_AUNUDP del_timer(&ab_cleanup_timer); if (udpsock) sock_release(udpsock); #endif unregister_netdevice_notifier(&econet_netdev_notifier); #ifdef CONFIG_ECONET_NATIVE dev_remove_pack(&econet_packet_type); #endif sock_unregister(econet_family_ops.family); proto_unregister(&econet_proto); }",linux-2.6,,,48886177057718570449218940355811215109,0 1384,CWE-20,"static int xen_netbk_get_extras(struct xenvif *vif, struct xen_netif_extra_info *extras, int work_to_do) { struct xen_netif_extra_info extra; RING_IDX cons = vif->tx.req_cons; do { if (unlikely(work_to_do-- <= 0)) { netdev_dbg(vif->dev, ""Missing extra info\n""); return -EBADR; } memcpy(&extra, RING_GET_REQUEST(&vif->tx, cons), sizeof(extra)); if (unlikely(!extra.type || extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) { vif->tx.req_cons = ++cons; netdev_dbg(vif->dev, ""Invalid extra type: %d\n"", extra.type); return -EINVAL; } memcpy(&extras[extra.type - 1], &extra, sizeof(extra)); vif->tx.req_cons = ++cons; } while (extra.flags & XEN_NETIF_EXTRA_FLAG_MORE); return work_to_do; }",visit repo url,drivers/net/xen-netback/netback.c,https://github.com/torvalds/linux,247983993820493,1 5836,CWE-125,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_pli( const void *buf, pj_size_t length) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; PJ_ASSERT_RETURN(buf, PJ_EINVAL); PJ_ASSERT_RETURN(length >= 12, PJ_ETOOSMALL); if (hdr->pt != RTCP_PSFB || hdr->count != 1) return PJ_ENOTFOUND; return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,103673442193547,1 4637,['CWE-399'],"static int ext4_da_get_block_prep(struct inode *inode, sector_t iblock, struct buffer_head *bh_result, int create) { int ret = 0; BUG_ON(create == 0); BUG_ON(bh_result->b_size != inode->i_sb->s_blocksize); ret = ext4_get_blocks_wrap(NULL, inode, iblock, 1, bh_result, 0, 0, 0); if ((ret == 0) && !buffer_delay(bh_result)) { ret = ext4_da_reserve_space(inode, 1); if (ret) return ret; map_bh(bh_result, inode->i_sb, 0); set_buffer_new(bh_result); set_buffer_delay(bh_result); } else if (ret > 0) { bh_result->b_size = (ret << inode->i_blkbits); ret = 0; } return ret; }",linux-2.6,,,187117884299863116405340266268688482562,0 1980,['CWE-20'],"static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, int write_access) { struct page *page; spinlock_t *ptl; pte_t entry; pte_unmap(page_table); if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); if (!page) goto oom; __SetPageUptodate(page); if (mem_cgroup_charge(page, mm, GFP_KERNEL)) goto oom_free_page; entry = mk_pte(page, vma->vm_page_prot); entry = maybe_mkwrite(pte_mkdirty(entry), vma); page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (!pte_none(*page_table)) goto release; inc_mm_counter(mm, anon_rss); lru_cache_add_active(page); page_add_new_anon_rmap(page, vma, address); set_pte_at(mm, address, page_table, entry); update_mmu_cache(vma, address, entry); unlock: pte_unmap_unlock(page_table, ptl); return 0; release: mem_cgroup_uncharge_page(page); page_cache_release(page); goto unlock; oom_free_page: page_cache_release(page); oom: return VM_FAULT_OOM; }",linux-2.6,,,222853138201018929479023733056813526796,0 2507,['CWE-119'],"static void remove_tempfile(void) { int i; for (i = 0; i < 2; i++) if (diff_temp[i].name == diff_temp[i].tmp_path) { unlink(diff_temp[i].name); diff_temp[i].name = NULL; } }",git,,,287252913916417538886289964539281325190,0 1519,NVD-CWE-Other,"static ssize_t aio_setup_single_vector(struct kiocb *kiocb, int rw, char __user *buf, unsigned long *nr_segs, size_t len, struct iovec *iovec) { if (unlikely(!access_ok(!rw, buf, len))) return -EFAULT; iovec->iov_base = buf; iovec->iov_len = len; *nr_segs = 1; return 0; }",visit repo url,fs/aio.c,https://github.com/torvalds/linux,39647919141001,1 3962,CWE-20,"parse_toshiba_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info) { union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header; char line[TOSHIBA_LINE_LENGTH]; int num_items_scanned; int pkt_len, pktnum, hr, min, sec, csec; char channel[10], direction[10]; int i, hex_lines; guint8 *pd; if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) { *err = file_error(fh, err_info); if (*err == 0) { *err = WTAP_ERR_SHORT_READ; } return FALSE; } num_items_scanned = sscanf(line, ""%9d] %2d:%2d:%2d.%9d %9s %9s"", &pktnum, &hr, &min, &sec, &csec, channel, direction); if (num_items_scanned != 7) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""toshiba: record header isn't valid""); return FALSE; } do { if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) { *err = file_error(fh, err_info); if (*err == 0) { *err = WTAP_ERR_SHORT_READ; } return FALSE; } line[16] = '\0'; } while (strcmp(line, ""OFFSET 0001-0203"") != 0); num_items_scanned = sscanf(line+64, ""LEN=%9d"", &pkt_len); if (num_items_scanned != 1) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""toshiba: OFFSET line doesn't have valid LEN item""); return FALSE; } phdr->rec_type = REC_TYPE_PACKET; phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN; phdr->ts.secs = hr * 3600 + min * 60 + sec; phdr->ts.nsecs = csec * 10000000; phdr->caplen = pkt_len; phdr->len = pkt_len; switch (channel[0]) { case 'B': phdr->pkt_encap = WTAP_ENCAP_ISDN; pseudo_header->isdn.uton = (direction[0] == 'T'); pseudo_header->isdn.channel = (guint8) strtol(&channel[1], NULL, 10); break; case 'D': phdr->pkt_encap = WTAP_ENCAP_ISDN; pseudo_header->isdn.uton = (direction[0] == 'T'); pseudo_header->isdn.channel = 0; break; default: phdr->pkt_encap = WTAP_ENCAP_ETHERNET; pseudo_header->eth.fcs_len = -1; break; } ws_buffer_assure_space(buf, TOSHIBA_MAX_PACKET_LEN); pd = ws_buffer_start_ptr(buf); hex_lines = pkt_len / 16 + ((pkt_len % 16) ? 1 : 0); for (i = 0; i < hex_lines; i++) { if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) { *err = file_error(fh, err_info); if (*err == 0) { *err = WTAP_ERR_SHORT_READ; } return FALSE; } if (!parse_single_hex_dump_line(line, pd, i * 16)) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""toshiba: hex dump not valid""); return FALSE; } } return TRUE; }",visit repo url,wiretap/toshiba.c,https://github.com/wireshark/wireshark,187738125019759,1 5138,['CWE-20'],"static int vmx_get_irq(struct kvm_vcpu *vcpu) { if (!vcpu->arch.interrupt.pending) return -1; return vcpu->arch.interrupt.nr; }",linux-2.6,,,94887723658355014651221833233844736014,0 2225,['CWE-193'],"int filemap_fault(struct vm_area_struct *vma, struct vm_fault *vmf) { int error; struct file *file = vma->vm_file; struct address_space *mapping = file->f_mapping; struct file_ra_state *ra = &file->f_ra; struct inode *inode = mapping->host; struct page *page; pgoff_t size; int did_readaround = 0; int ret = 0; size = (i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; if (vmf->pgoff >= size) return VM_FAULT_SIGBUS; if (VM_RandomReadHint(vma)) goto no_cached_page; retry_find: page = find_lock_page(mapping, vmf->pgoff); if (VM_SequentialReadHint(vma)) { if (!page) { page_cache_sync_readahead(mapping, ra, file, vmf->pgoff, 1); page = find_lock_page(mapping, vmf->pgoff); if (!page) goto no_cached_page; } if (PageReadahead(page)) { page_cache_async_readahead(mapping, ra, file, page, vmf->pgoff, 1); } } if (!page) { unsigned long ra_pages; ra->mmap_miss++; if (ra->mmap_miss > MMAP_LOTSAMISS) goto no_cached_page; if (!did_readaround) { ret = VM_FAULT_MAJOR; count_vm_event(PGMAJFAULT); } did_readaround = 1; ra_pages = max_sane_readahead(file->f_ra.ra_pages); if (ra_pages) { pgoff_t start = 0; if (vmf->pgoff > ra_pages / 2) start = vmf->pgoff - ra_pages / 2; do_page_cache_readahead(mapping, file, start, ra_pages); } page = find_lock_page(mapping, vmf->pgoff); if (!page) goto no_cached_page; } if (!did_readaround) ra->mmap_miss--; if (unlikely(!PageUptodate(page))) goto page_not_uptodate; size = (i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; if (unlikely(vmf->pgoff >= size)) { unlock_page(page); page_cache_release(page); return VM_FAULT_SIGBUS; } mark_page_accessed(page); ra->prev_pos = (loff_t)page->index << PAGE_CACHE_SHIFT; vmf->page = page; return ret | VM_FAULT_LOCKED; no_cached_page: error = page_cache_read(file, vmf->pgoff); if (error >= 0) goto retry_find; if (error == -ENOMEM) return VM_FAULT_OOM; return VM_FAULT_SIGBUS; page_not_uptodate: if (!did_readaround) { ret = VM_FAULT_MAJOR; count_vm_event(PGMAJFAULT); } ClearPageError(page); error = mapping->a_ops->readpage(file, page); if (!error) { wait_on_page_locked(page); if (!PageUptodate(page)) error = -EIO; } page_cache_release(page); if (!error || error == AOP_TRUNCATED_PAGE) goto retry_find; shrink_readahead_size_eio(file, ra); return VM_FAULT_SIGBUS; }",linux-2.6,,,235434225927780363735246606440090851647,0 629,['CWE-189'],"static inline int is_same_network(struct ieee80211_network *src, struct ieee80211_network *dst) { return ((src->ssid_len == dst->ssid_len) && (src->channel == dst->channel) && !compare_ether_addr(src->bssid, dst->bssid) && !memcmp(src->ssid, dst->ssid, src->ssid_len)); }",linux-2.6,,,217867464488415602210966962712628808447,0 2323,['CWE-120'],"static inline int open_to_namei_flags(int flag) { if ((flag+1) & O_ACCMODE) flag++; return flag; }",linux-2.6,,,134781373985387470039820714537147120444,0 3364,CWE-252,"static Image *ReadGROUP4Image(const ImageInfo *image_info, ExceptionInfo *exception) { char filename[MagickPathExtent]; FILE *file; Image *image; ImageInfo *read_info; int c, unique_file; MagickBooleanType status; size_t length; ssize_t offset, strip_offset; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info,exception); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } file=(FILE *) NULL; unique_file=AcquireUniqueFileResource(filename); if (unique_file != -1) file=fdopen(unique_file,""wb""); if ((unique_file == -1) || (file == (FILE *) NULL)) ThrowImageException(FileOpenError,""UnableToCreateTemporaryFile""); length=fwrite(""\111\111\052\000\010\000\000\000\016\000"",1,10,file); length=fwrite(""\376\000\003\000\001\000\000\000\000\000\000\000"",1,12,file); length=fwrite(""\000\001\004\000\001\000\000\000"",1,8,file); length=WriteLSBLong(file,image->columns); length=fwrite(""\001\001\004\000\001\000\000\000"",1,8,file); length=WriteLSBLong(file,image->rows); length=fwrite(""\002\001\003\000\001\000\000\000\001\000\000\000"",1,12,file); length=fwrite(""\003\001\003\000\001\000\000\000\004\000\000\000"",1,12,file); length=fwrite(""\006\001\003\000\001\000\000\000\000\000\000\000"",1,12,file); length=fwrite(""\021\001\003\000\001\000\000\000"",1,8,file); strip_offset=10+(12*14)+4+8; length=WriteLSBLong(file,(size_t) strip_offset); length=fwrite(""\022\001\003\000\001\000\000\000"",1,8,file); length=WriteLSBLong(file,(size_t) image_info->orientation); length=fwrite(""\025\001\003\000\001\000\000\000\001\000\000\000"",1,12,file); length=fwrite(""\026\001\004\000\001\000\000\000"",1,8,file); length=WriteLSBLong(file,image->rows); length=fwrite(""\027\001\004\000\001\000\000\000\000\000\000\000"",1,12,file); offset=(ssize_t) ftell(file)-4; length=fwrite(""\032\001\005\000\001\000\000\000"",1,8,file); length=WriteLSBLong(file,(size_t) (strip_offset-8)); length=fwrite(""\033\001\005\000\001\000\000\000"",1,8,file); length=WriteLSBLong(file,(size_t) (strip_offset-8)); length=fwrite(""\050\001\003\000\001\000\000\000\002\000\000\000"",1,12,file); length=fwrite(""\000\000\000\000"",1,4,file); length=WriteLSBLong(file,(long) image->resolution.x); length=WriteLSBLong(file,1); for (length=0; (c=ReadBlobByte(image)) != EOF; length++) (void) fputc(c,file); offset=(ssize_t) fseek(file,(ssize_t) offset,SEEK_SET); length=WriteLSBLong(file,(unsigned int) length); (void) fclose(file); (void) CloseBlob(image); image=DestroyImage(image); read_info=CloneImageInfo((ImageInfo *) NULL); (void) FormatLocaleString(read_info->filename,MagickPathExtent,""%s"",filename); image=ReadTIFFImage(read_info,exception); read_info=DestroyImageInfo(read_info); if (image != (Image *) NULL) { (void) CopyMagickString(image->filename,image_info->filename, MagickPathExtent); (void) CopyMagickString(image->magick_filename,image_info->filename, MagickPathExtent); (void) CopyMagickString(image->magick,""GROUP4"",MagickPathExtent); } (void) RelinquishUniqueFileResource(filename); return(image); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,74365244494416,1 1492,CWE-264,"static int perf_event_read_group(struct perf_event *event, u64 read_format, char __user *buf) { struct perf_event *leader = event->group_leader, *sub; int n = 0, size = 0, ret = -EFAULT; struct perf_event_context *ctx = leader->ctx; u64 values[5]; u64 count, enabled, running; mutex_lock(&ctx->mutex); count = perf_event_read_value(leader, &enabled, &running); values[n++] = 1 + leader->nr_siblings; if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) values[n++] = enabled; if (read_format & PERF_FORMAT_TOTAL_TIME_RUNNING) values[n++] = running; values[n++] = count; if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(leader); size = n * sizeof(u64); if (copy_to_user(buf, values, size)) goto unlock; ret = size; list_for_each_entry(sub, &leader->sibling_list, group_entry) { n = 0; values[n++] = perf_event_read_value(sub, &enabled, &running); if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(sub); size = n * sizeof(u64); if (copy_to_user(buf + ret, values, size)) { ret = -EFAULT; goto unlock; } ret += size; } unlock: mutex_unlock(&ctx->mutex); return ret; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,52377704495617,1 6719,['CWE-310'],"nm_gconf_set_valuehash_helper (GConfClient *client, const char *path, const char *setting, GHashTable *value) { char *gc_key; WritePropertiesInfo info; g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (value != NULL, FALSE); gc_key = g_strdup_printf (""%s/%s"", path, setting); if (!gc_key) { g_warning (""Not enough memory to create gconf path""); return FALSE; } info.client = client; info.path = gc_key; g_hash_table_foreach (value, write_properties_valuehash, &info); g_free (gc_key); return TRUE; }",network-manager-applet,,,95059828403776848489677809362568156799,0 1645,CWE-362,"static int ext4_dax_pmd_fault(struct vm_area_struct *vma, unsigned long addr, pmd_t *pmd, unsigned int flags) { int result; handle_t *handle = NULL; struct inode *inode = file_inode(vma->vm_file); struct super_block *sb = inode->i_sb; bool write = flags & FAULT_FLAG_WRITE; if (write) { sb_start_pagefault(sb); file_update_time(vma->vm_file); handle = ext4_journal_start_sb(sb, EXT4_HT_WRITE_PAGE, ext4_chunk_trans_blocks(inode, PMD_SIZE / PAGE_SIZE)); } if (IS_ERR(handle)) result = VM_FAULT_SIGBUS; else result = __dax_pmd_fault(vma, addr, pmd, flags, ext4_get_block_dax, ext4_end_io_unwritten); if (write) { if (!IS_ERR(handle)) ext4_journal_stop(handle); sb_end_pagefault(sb); } return result; }",visit repo url,fs/ext4/file.c,https://github.com/torvalds/linux,66368052628591,1 6763,CWE-120,"_blackbox_vlogger(int32_t target, struct qb_log_callsite *cs, struct timespec *timestamp, va_list ap) { size_t max_size; size_t actual_size; uint32_t fn_size; char *chunk; char *msg_len_pt; uint32_t msg_len; struct qb_log_target *t = qb_log_target_get(target); if (t->instance == NULL) { return; } fn_size = strlen(cs->function) + 1; actual_size = 4 * sizeof(uint32_t) + sizeof(uint8_t) + fn_size + sizeof(struct timespec); max_size = actual_size + t->max_line_length; chunk = qb_rb_chunk_alloc(t->instance, max_size); if (chunk == NULL) { qb_util_perror(LOG_ERR, ""Blackbox allocation error, aborting blackbox log %s"", t->filename); qb_rb_close(qb_rb_lastref_and_ret( (struct qb_ringbuffer_s **) &t->instance )); return; } memcpy(chunk, &cs->lineno, sizeof(uint32_t)); chunk += sizeof(uint32_t); memcpy(chunk, &cs->tags, sizeof(uint32_t)); chunk += sizeof(uint32_t); memcpy(chunk, &cs->priority, sizeof(uint8_t)); chunk += sizeof(uint8_t); memcpy(chunk, &fn_size, sizeof(uint32_t)); chunk += sizeof(uint32_t); memcpy(chunk, cs->function, fn_size); chunk += fn_size; memcpy(chunk, timestamp, sizeof(struct timespec)); chunk += sizeof(struct timespec); msg_len_pt = chunk; chunk += sizeof(uint32_t); msg_len = qb_vsnprintf_serialize(chunk, max_size, cs->format, ap); if (msg_len >= max_size) { chunk = msg_len_pt + sizeof(uint32_t); msg_len = qb_vsnprintf_serialize(chunk, QB_LOG_MAX_LEN, ""Log message too long to be stored in the blackbox. ""\ ""Maximum is QB_LOG_MAX_LEN"" , ap); } actual_size += msg_len; memcpy(msg_len_pt, &msg_len, sizeof(uint32_t)); (void)qb_rb_chunk_commit(t->instance, actual_size); }",visit repo url,lib/log_blackbox.c,https://github.com/ClusterLabs/libqb,143026238180388,1 4654,CWE-415,"GF_Err iloc_box_read(GF_Box *s, GF_BitStream *bs) { u32 item_count, extent_count, i, j; GF_ItemLocationBox *ptr = (GF_ItemLocationBox *)s; ISOM_DECREASE_SIZE(ptr, 2) ptr->offset_size = gf_bs_read_int(bs, 4); ptr->length_size = gf_bs_read_int(bs, 4); ptr->base_offset_size = gf_bs_read_int(bs, 4); if (ptr->version == 1 || ptr->version == 2) { ptr->index_size = gf_bs_read_int(bs, 4); } else { gf_bs_read_int(bs, 4); } if (ptr->version < 2) { ISOM_DECREASE_SIZE(ptr, 2) item_count = gf_bs_read_u16(bs); } else { ISOM_DECREASE_SIZE(ptr, 4) item_count = gf_bs_read_u32(bs); } for (i = 0; i < item_count; i++) { GF_ItemLocationEntry *location_entry = (GF_ItemLocationEntry *)gf_malloc(sizeof(GF_ItemLocationEntry)); if (!location_entry) return GF_OUT_OF_MEM; gf_list_add(ptr->location_entries, location_entry); if (ptr->version < 2) { ISOM_DECREASE_SIZE(ptr, 2) location_entry->item_ID = gf_bs_read_u16(bs); } else { ISOM_DECREASE_SIZE(ptr, 4) location_entry->item_ID = gf_bs_read_u32(bs); } if (ptr->version == 1 || ptr->version == 2) { ISOM_DECREASE_SIZE(ptr, 2) location_entry->construction_method = gf_bs_read_u16(bs); } else { location_entry->construction_method = 0; } ISOM_DECREASE_SIZE(ptr, (2 + ptr->base_offset_size) ) location_entry->data_reference_index = gf_bs_read_u16(bs); location_entry->base_offset = gf_bs_read_int(bs, 8*ptr->base_offset_size); #ifndef GPAC_DISABLE_ISOM_WRITE location_entry->original_base_offset = location_entry->base_offset; #endif ISOM_DECREASE_SIZE(ptr, 2) extent_count = gf_bs_read_u16(bs); location_entry->extent_entries = gf_list_new(); for (j = 0; j < extent_count; j++) { GF_ItemExtentEntry *extent_entry = (GF_ItemExtentEntry *)gf_malloc(sizeof(GF_ItemExtentEntry)); if (!extent_entry) return GF_OUT_OF_MEM; gf_list_add(location_entry->extent_entries, extent_entry); if ((ptr->version == 1 || ptr->version == 2) && ptr->index_size > 0) { ISOM_DECREASE_SIZE(ptr, ptr->index_size) extent_entry->extent_index = gf_bs_read_int(bs, 8 * ptr->index_size); } else { extent_entry->extent_index = 0; } ISOM_DECREASE_SIZE(ptr, (ptr->offset_size+ptr->length_size) ) extent_entry->extent_offset = gf_bs_read_int(bs, 8*ptr->offset_size); extent_entry->extent_length = gf_bs_read_int(bs, 8*ptr->length_size); #ifndef GPAC_DISABLE_ISOM_WRITE extent_entry->original_extent_offset = extent_entry->extent_offset; #endif } } return GF_OK; }",visit repo url,src/isomedia/box_code_meta.c,https://github.com/gpac/gpac,240485290450447,1 1757,[],"balance_tasks(struct rq *this_rq, int this_cpu, struct rq *busiest, unsigned long max_load_move, struct sched_domain *sd, enum cpu_idle_type idle, int *all_pinned, int *this_best_prio, struct rq_iterator *iterator) { int loops = 0, pulled = 0, pinned = 0, skip_for_load; struct task_struct *p; long rem_load_move = max_load_move; if (max_load_move == 0) goto out; pinned = 1; p = iterator->start(iterator->arg); next: if (!p || loops++ > sysctl_sched_nr_migrate) goto out; skip_for_load = (p->se.load.weight >> 1) > rem_load_move + SCHED_LOAD_SCALE_FUZZ; if ((skip_for_load && p->prio >= *this_best_prio) || !can_migrate_task(p, busiest, this_cpu, sd, idle, &pinned)) { p = iterator->next(iterator->arg); goto next; } pull_task(busiest, p, this_rq, this_cpu); pulled++; rem_load_move -= p->se.load.weight; if (rem_load_move > 0) { if (p->prio < *this_best_prio) *this_best_prio = p->prio; p = iterator->next(iterator->arg); goto next; } out: schedstat_add(sd, lb_gained[idle], pulled); if (all_pinned) *all_pinned = pinned; return max_load_move - rem_load_move; }",linux-2.6,,,97292948986615543393871948207100083627,0 6148,CWE-190,"void ep2_map_dst(ep2_t p, const uint8_t *msg, int len, const uint8_t *dst, int dst_len) { const int len_per_elm = (FP_PRIME + ep_param_level() + 7) / 8; uint8_t *pseudo_random_bytes = RLC_ALLOCA(uint8_t, 4 * len_per_elm); RLC_TRY { md_xmd(pseudo_random_bytes, 4 * len_per_elm, msg, len, dst, dst_len); ep2_map_from_field(p, pseudo_random_bytes, 2 * len_per_elm); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { RLC_FREE(pseudo_random_bytes); } }",visit repo url,src/epx/relic_ep2_map.c,https://github.com/relic-toolkit/relic,247308259186254,1 1782,[],"static void init_numa_sched_groups_power(struct sched_group *group_head) { struct sched_group *sg = group_head; int j; if (!sg) return; do { for_each_cpu_mask(j, sg->cpumask) { struct sched_domain *sd; sd = &per_cpu(phys_domains, j); if (j != first_cpu(sd->groups->cpumask)) { continue; } sg_inc_cpu_power(sg, sd->groups->__cpu_power); } sg = sg->next; } while (sg != group_head); }",linux-2.6,,,71872838000653654257423987795081172402,0 4966,['CWE-20'],"void nfs_access_zap_cache(struct inode *inode) { if (test_and_clear_bit(NFS_INO_ACL_LRU_SET, &NFS_FLAGS(inode))) { spin_lock(&nfs_access_lru_lock); list_del_init(&NFS_I(inode)->access_cache_inode_lru); spin_unlock(&nfs_access_lru_lock); } spin_lock(&inode->i_lock); __nfs_access_zap_cache(inode); }",linux-2.6,,,264423125513845822073307062432228486819,0 2832,CWE-125,"BOOL update_write_cache_bitmap_v3_order(wStream* s, CACHE_BITMAP_V3_ORDER* cache_bitmap_v3, UINT16* flags) { BYTE bitsPerPixelId; BITMAP_DATA_EX* bitmapData; if (!Stream_EnsureRemainingCapacity( s, update_approximate_cache_bitmap_v3_order(cache_bitmap_v3, flags))) return FALSE; bitmapData = &cache_bitmap_v3->bitmapData; bitsPerPixelId = BPP_CBR23[cache_bitmap_v3->bpp]; *flags = (cache_bitmap_v3->cacheId & 0x00000003) | ((cache_bitmap_v3->flags << 7) & 0x0000FF80) | ((bitsPerPixelId << 3) & 0x00000078); Stream_Write_UINT16(s, cache_bitmap_v3->cacheIndex); Stream_Write_UINT32(s, cache_bitmap_v3->key1); Stream_Write_UINT32(s, cache_bitmap_v3->key2); Stream_Write_UINT8(s, bitmapData->bpp); Stream_Write_UINT8(s, 0); Stream_Write_UINT8(s, 0); Stream_Write_UINT8(s, bitmapData->codecID); Stream_Write_UINT16(s, bitmapData->width); Stream_Write_UINT16(s, bitmapData->height); Stream_Write_UINT32(s, bitmapData->length); Stream_Write(s, bitmapData->data, bitmapData->length); return TRUE; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,213084013635260,1 5415,CWE-125,"doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, int tok, const char *next, const char **nextPtr, XML_Bool haveMore) { #ifdef XML_DTD static const XML_Char externalSubsetName[] = {ASCII_HASH, '\0'}; #endif static const XML_Char atypeCDATA[] = {ASCII_C, ASCII_D, ASCII_A, ASCII_T, ASCII_A, '\0'}; static const XML_Char atypeID[] = {ASCII_I, ASCII_D, '\0'}; static const XML_Char atypeIDREF[] = {ASCII_I, ASCII_D, ASCII_R, ASCII_E, ASCII_F, '\0'}; static const XML_Char atypeIDREFS[] = {ASCII_I, ASCII_D, ASCII_R, ASCII_E, ASCII_F, ASCII_S, '\0'}; static const XML_Char atypeENTITY[] = {ASCII_E, ASCII_N, ASCII_T, ASCII_I, ASCII_T, ASCII_Y, '\0'}; static const XML_Char atypeENTITIES[] = {ASCII_E, ASCII_N, ASCII_T, ASCII_I, ASCII_T, ASCII_I, ASCII_E, ASCII_S, '\0'}; static const XML_Char atypeNMTOKEN[] = {ASCII_N, ASCII_M, ASCII_T, ASCII_O, ASCII_K, ASCII_E, ASCII_N, '\0'}; static const XML_Char atypeNMTOKENS[] = {ASCII_N, ASCII_M, ASCII_T, ASCII_O, ASCII_K, ASCII_E, ASCII_N, ASCII_S, '\0'}; static const XML_Char notationPrefix[] = {ASCII_N, ASCII_O, ASCII_T, ASCII_A, ASCII_T, ASCII_I, ASCII_O, ASCII_N, ASCII_LPAREN, '\0'}; static const XML_Char enumValueSep[] = {ASCII_PIPE, '\0'}; static const XML_Char enumValueStart[] = {ASCII_LPAREN, '\0'}; DTD *const dtd = parser->m_dtd; const char **eventPP; const char **eventEndPP; enum XML_Content_Quant quant; if (enc == parser->m_encoding) { eventPP = &parser->m_eventPtr; eventEndPP = &parser->m_eventEndPtr; } else { eventPP = &(parser->m_openInternalEntities->internalEventPtr); eventEndPP = &(parser->m_openInternalEntities->internalEventEndPtr); } for (;;) { int role; XML_Bool handleDefault = XML_TRUE; *eventPP = s; *eventEndPP = next; if (tok <= 0) { if (haveMore && tok != XML_TOK_INVALID) { *nextPtr = s; return XML_ERROR_NONE; } switch (tok) { case XML_TOK_INVALID: *eventPP = next; return XML_ERROR_INVALID_TOKEN; case XML_TOK_PARTIAL: return XML_ERROR_UNCLOSED_TOKEN; case XML_TOK_PARTIAL_CHAR: return XML_ERROR_PARTIAL_CHAR; case -XML_TOK_PROLOG_S: tok = -tok; break; case XML_TOK_NONE: #ifdef XML_DTD if (enc != parser->m_encoding && ! parser->m_openInternalEntities->betweenDecl) { *nextPtr = s; return XML_ERROR_NONE; } if (parser->m_isParamEntity || enc != parser->m_encoding) { if (XmlTokenRole(&parser->m_prologState, XML_TOK_NONE, end, end, enc) == XML_ROLE_ERROR) return XML_ERROR_INCOMPLETE_PE; *nextPtr = s; return XML_ERROR_NONE; } #endif return XML_ERROR_NO_ELEMENTS; default: tok = -tok; next = end; break; } } role = XmlTokenRole(&parser->m_prologState, tok, s, next, enc); switch (role) { case XML_ROLE_XML_DECL: { enum XML_Error result = processXmlDecl(parser, 0, s, next); if (result != XML_ERROR_NONE) return result; enc = parser->m_encoding; handleDefault = XML_FALSE; } break; case XML_ROLE_DOCTYPE_NAME: if (parser->m_startDoctypeDeclHandler) { parser->m_doctypeName = poolStoreString(&parser->m_tempPool, enc, s, next); if (! parser->m_doctypeName) return XML_ERROR_NO_MEMORY; poolFinish(&parser->m_tempPool); parser->m_doctypePubid = NULL; handleDefault = XML_FALSE; } parser->m_doctypeSysid = NULL; break; case XML_ROLE_DOCTYPE_INTERNAL_SUBSET: if (parser->m_startDoctypeDeclHandler) { parser->m_startDoctypeDeclHandler( parser->m_handlerArg, parser->m_doctypeName, parser->m_doctypeSysid, parser->m_doctypePubid, 1); parser->m_doctypeName = NULL; poolClear(&parser->m_tempPool); handleDefault = XML_FALSE; } break; #ifdef XML_DTD case XML_ROLE_TEXT_DECL: { enum XML_Error result = processXmlDecl(parser, 1, s, next); if (result != XML_ERROR_NONE) return result; enc = parser->m_encoding; handleDefault = XML_FALSE; } break; #endif case XML_ROLE_DOCTYPE_PUBLIC_ID: #ifdef XML_DTD parser->m_useForeignDTD = XML_FALSE; parser->m_declEntity = (ENTITY *)lookup( parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (! parser->m_declEntity) return XML_ERROR_NO_MEMORY; #endif dtd->hasParamEntityRefs = XML_TRUE; if (parser->m_startDoctypeDeclHandler) { XML_Char *pubId; if (! XmlIsPublicId(enc, s, next, eventPP)) return XML_ERROR_PUBLICID; pubId = poolStoreString(&parser->m_tempPool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! pubId) return XML_ERROR_NO_MEMORY; normalizePublicId(pubId); poolFinish(&parser->m_tempPool); parser->m_doctypePubid = pubId; handleDefault = XML_FALSE; goto alreadyChecked; } case XML_ROLE_ENTITY_PUBLIC_ID: if (! XmlIsPublicId(enc, s, next, eventPP)) return XML_ERROR_PUBLICID; alreadyChecked: if (dtd->keepProcessing && parser->m_declEntity) { XML_Char *tem = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! tem) return XML_ERROR_NO_MEMORY; normalizePublicId(tem); parser->m_declEntity->publicId = tem; poolFinish(&dtd->pool); if (parser->m_entityDeclHandler && role == XML_ROLE_ENTITY_PUBLIC_ID) handleDefault = XML_FALSE; } break; case XML_ROLE_DOCTYPE_CLOSE: if (parser->m_doctypeName) { parser->m_startDoctypeDeclHandler( parser->m_handlerArg, parser->m_doctypeName, parser->m_doctypeSysid, parser->m_doctypePubid, 0); poolClear(&parser->m_tempPool); handleDefault = XML_FALSE; } #ifdef XML_DTD if (parser->m_doctypeSysid || parser->m_useForeignDTD) { XML_Bool hadParamEntityRefs = dtd->hasParamEntityRefs; dtd->hasParamEntityRefs = XML_TRUE; if (parser->m_paramEntityParsing && parser->m_externalEntityRefHandler) { ENTITY *entity = (ENTITY *)lookup(parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (! entity) { return XML_ERROR_NO_MEMORY; } if (parser->m_useForeignDTD) entity->base = parser->m_curBase; dtd->paramEntityRead = XML_FALSE; if (! parser->m_externalEntityRefHandler( parser->m_externalEntityRefHandlerArg, 0, entity->base, entity->systemId, entity->publicId)) return XML_ERROR_EXTERNAL_ENTITY_HANDLING; if (dtd->paramEntityRead) { if (! dtd->standalone && parser->m_notStandaloneHandler && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) return XML_ERROR_NOT_STANDALONE; } else if (! parser->m_doctypeSysid) dtd->hasParamEntityRefs = hadParamEntityRefs; } parser->m_useForeignDTD = XML_FALSE; } #endif if (parser->m_endDoctypeDeclHandler) { parser->m_endDoctypeDeclHandler(parser->m_handlerArg); handleDefault = XML_FALSE; } break; case XML_ROLE_INSTANCE_START: #ifdef XML_DTD if (parser->m_useForeignDTD) { XML_Bool hadParamEntityRefs = dtd->hasParamEntityRefs; dtd->hasParamEntityRefs = XML_TRUE; if (parser->m_paramEntityParsing && parser->m_externalEntityRefHandler) { ENTITY *entity = (ENTITY *)lookup(parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (! entity) return XML_ERROR_NO_MEMORY; entity->base = parser->m_curBase; dtd->paramEntityRead = XML_FALSE; if (! parser->m_externalEntityRefHandler( parser->m_externalEntityRefHandlerArg, 0, entity->base, entity->systemId, entity->publicId)) return XML_ERROR_EXTERNAL_ENTITY_HANDLING; if (dtd->paramEntityRead) { if (! dtd->standalone && parser->m_notStandaloneHandler && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) return XML_ERROR_NOT_STANDALONE; } else dtd->hasParamEntityRefs = hadParamEntityRefs; } } #endif parser->m_processor = contentProcessor; return contentProcessor(parser, s, end, nextPtr); case XML_ROLE_ATTLIST_ELEMENT_NAME: parser->m_declElementType = getElementType(parser, enc, s, next); if (! parser->m_declElementType) return XML_ERROR_NO_MEMORY; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_NAME: parser->m_declAttributeId = getAttributeId(parser, enc, s, next); if (! parser->m_declAttributeId) return XML_ERROR_NO_MEMORY; parser->m_declAttributeIsCdata = XML_FALSE; parser->m_declAttributeType = NULL; parser->m_declAttributeIsId = XML_FALSE; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_CDATA: parser->m_declAttributeIsCdata = XML_TRUE; parser->m_declAttributeType = atypeCDATA; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_ID: parser->m_declAttributeIsId = XML_TRUE; parser->m_declAttributeType = atypeID; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_IDREF: parser->m_declAttributeType = atypeIDREF; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_IDREFS: parser->m_declAttributeType = atypeIDREFS; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_ENTITY: parser->m_declAttributeType = atypeENTITY; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_ENTITIES: parser->m_declAttributeType = atypeENTITIES; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_NMTOKEN: parser->m_declAttributeType = atypeNMTOKEN; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_NMTOKENS: parser->m_declAttributeType = atypeNMTOKENS; checkAttListDeclHandler: if (dtd->keepProcessing && parser->m_attlistDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_ATTRIBUTE_ENUM_VALUE: case XML_ROLE_ATTRIBUTE_NOTATION_VALUE: if (dtd->keepProcessing && parser->m_attlistDeclHandler) { const XML_Char *prefix; if (parser->m_declAttributeType) { prefix = enumValueSep; } else { prefix = (role == XML_ROLE_ATTRIBUTE_NOTATION_VALUE ? notationPrefix : enumValueStart); } if (! poolAppendString(&parser->m_tempPool, prefix)) return XML_ERROR_NO_MEMORY; if (! poolAppend(&parser->m_tempPool, enc, s, next)) return XML_ERROR_NO_MEMORY; parser->m_declAttributeType = parser->m_tempPool.start; handleDefault = XML_FALSE; } break; case XML_ROLE_IMPLIED_ATTRIBUTE_VALUE: case XML_ROLE_REQUIRED_ATTRIBUTE_VALUE: if (dtd->keepProcessing) { if (! defineAttribute(parser->m_declElementType, parser->m_declAttributeId, parser->m_declAttributeIsCdata, parser->m_declAttributeIsId, 0, parser)) return XML_ERROR_NO_MEMORY; if (parser->m_attlistDeclHandler && parser->m_declAttributeType) { if (*parser->m_declAttributeType == XML_T(ASCII_LPAREN) || (*parser->m_declAttributeType == XML_T(ASCII_N) && parser->m_declAttributeType[1] == XML_T(ASCII_O))) { if (! poolAppendChar(&parser->m_tempPool, XML_T(ASCII_RPAREN)) || ! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) return XML_ERROR_NO_MEMORY; parser->m_declAttributeType = parser->m_tempPool.start; poolFinish(&parser->m_tempPool); } *eventEndPP = s; parser->m_attlistDeclHandler( parser->m_handlerArg, parser->m_declElementType->name, parser->m_declAttributeId->name, parser->m_declAttributeType, 0, role == XML_ROLE_REQUIRED_ATTRIBUTE_VALUE); poolClear(&parser->m_tempPool); handleDefault = XML_FALSE; } } break; case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE: case XML_ROLE_FIXED_ATTRIBUTE_VALUE: if (dtd->keepProcessing) { const XML_Char *attVal; enum XML_Error result = storeAttributeValue( parser, enc, parser->m_declAttributeIsCdata, s + enc->minBytesPerChar, next - enc->minBytesPerChar, &dtd->pool); if (result) return result; attVal = poolStart(&dtd->pool); poolFinish(&dtd->pool); if (! defineAttribute( parser->m_declElementType, parser->m_declAttributeId, parser->m_declAttributeIsCdata, XML_FALSE, attVal, parser)) return XML_ERROR_NO_MEMORY; if (parser->m_attlistDeclHandler && parser->m_declAttributeType) { if (*parser->m_declAttributeType == XML_T(ASCII_LPAREN) || (*parser->m_declAttributeType == XML_T(ASCII_N) && parser->m_declAttributeType[1] == XML_T(ASCII_O))) { if (! poolAppendChar(&parser->m_tempPool, XML_T(ASCII_RPAREN)) || ! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) return XML_ERROR_NO_MEMORY; parser->m_declAttributeType = parser->m_tempPool.start; poolFinish(&parser->m_tempPool); } *eventEndPP = s; parser->m_attlistDeclHandler( parser->m_handlerArg, parser->m_declElementType->name, parser->m_declAttributeId->name, parser->m_declAttributeType, attVal, role == XML_ROLE_FIXED_ATTRIBUTE_VALUE); poolClear(&parser->m_tempPool); handleDefault = XML_FALSE; } } break; case XML_ROLE_ENTITY_VALUE: if (dtd->keepProcessing) { enum XML_Error result = storeEntityValue( parser, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (parser->m_declEntity) { parser->m_declEntity->textPtr = poolStart(&dtd->entityValuePool); parser->m_declEntity->textLen = (int)(poolLength(&dtd->entityValuePool)); poolFinish(&dtd->entityValuePool); if (parser->m_entityDeclHandler) { *eventEndPP = s; parser->m_entityDeclHandler( parser->m_handlerArg, parser->m_declEntity->name, parser->m_declEntity->is_param, parser->m_declEntity->textPtr, parser->m_declEntity->textLen, parser->m_curBase, 0, 0, 0); handleDefault = XML_FALSE; } } else poolDiscard(&dtd->entityValuePool); if (result != XML_ERROR_NONE) return result; } break; case XML_ROLE_DOCTYPE_SYSTEM_ID: #ifdef XML_DTD parser->m_useForeignDTD = XML_FALSE; #endif dtd->hasParamEntityRefs = XML_TRUE; if (parser->m_startDoctypeDeclHandler) { parser->m_doctypeSysid = poolStoreString(&parser->m_tempPool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (parser->m_doctypeSysid == NULL) return XML_ERROR_NO_MEMORY; poolFinish(&parser->m_tempPool); handleDefault = XML_FALSE; } #ifdef XML_DTD else parser->m_doctypeSysid = externalSubsetName; #endif if (! dtd->standalone #ifdef XML_DTD && ! parser->m_paramEntityParsing #endif && parser->m_notStandaloneHandler && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) return XML_ERROR_NOT_STANDALONE; #ifndef XML_DTD break; #else if (! parser->m_declEntity) { parser->m_declEntity = (ENTITY *)lookup( parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (! parser->m_declEntity) return XML_ERROR_NO_MEMORY; parser->m_declEntity->publicId = NULL; } #endif case XML_ROLE_ENTITY_SYSTEM_ID: if (dtd->keepProcessing && parser->m_declEntity) { parser->m_declEntity->systemId = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! parser->m_declEntity->systemId) return XML_ERROR_NO_MEMORY; parser->m_declEntity->base = parser->m_curBase; poolFinish(&dtd->pool); if (parser->m_entityDeclHandler && role == XML_ROLE_ENTITY_SYSTEM_ID) handleDefault = XML_FALSE; } break; case XML_ROLE_ENTITY_COMPLETE: if (dtd->keepProcessing && parser->m_declEntity && parser->m_entityDeclHandler) { *eventEndPP = s; parser->m_entityDeclHandler( parser->m_handlerArg, parser->m_declEntity->name, parser->m_declEntity->is_param, 0, 0, parser->m_declEntity->base, parser->m_declEntity->systemId, parser->m_declEntity->publicId, 0); handleDefault = XML_FALSE; } break; case XML_ROLE_ENTITY_NOTATION_NAME: if (dtd->keepProcessing && parser->m_declEntity) { parser->m_declEntity->notation = poolStoreString(&dtd->pool, enc, s, next); if (! parser->m_declEntity->notation) return XML_ERROR_NO_MEMORY; poolFinish(&dtd->pool); if (parser->m_unparsedEntityDeclHandler) { *eventEndPP = s; parser->m_unparsedEntityDeclHandler( parser->m_handlerArg, parser->m_declEntity->name, parser->m_declEntity->base, parser->m_declEntity->systemId, parser->m_declEntity->publicId, parser->m_declEntity->notation); handleDefault = XML_FALSE; } else if (parser->m_entityDeclHandler) { *eventEndPP = s; parser->m_entityDeclHandler( parser->m_handlerArg, parser->m_declEntity->name, 0, 0, 0, parser->m_declEntity->base, parser->m_declEntity->systemId, parser->m_declEntity->publicId, parser->m_declEntity->notation); handleDefault = XML_FALSE; } } break; case XML_ROLE_GENERAL_ENTITY_NAME: { if (XmlPredefinedEntityName(enc, s, next)) { parser->m_declEntity = NULL; break; } if (dtd->keepProcessing) { const XML_Char *name = poolStoreString(&dtd->pool, enc, s, next); if (! name) return XML_ERROR_NO_MEMORY; parser->m_declEntity = (ENTITY *)lookup(parser, &dtd->generalEntities, name, sizeof(ENTITY)); if (! parser->m_declEntity) return XML_ERROR_NO_MEMORY; if (parser->m_declEntity->name != name) { poolDiscard(&dtd->pool); parser->m_declEntity = NULL; } else { poolFinish(&dtd->pool); parser->m_declEntity->publicId = NULL; parser->m_declEntity->is_param = XML_FALSE; parser->m_declEntity->is_internal = ! (parser->m_parentParser || parser->m_openInternalEntities); if (parser->m_entityDeclHandler) handleDefault = XML_FALSE; } } else { poolDiscard(&dtd->pool); parser->m_declEntity = NULL; } } break; case XML_ROLE_PARAM_ENTITY_NAME: #ifdef XML_DTD if (dtd->keepProcessing) { const XML_Char *name = poolStoreString(&dtd->pool, enc, s, next); if (! name) return XML_ERROR_NO_MEMORY; parser->m_declEntity = (ENTITY *)lookup(parser, &dtd->paramEntities, name, sizeof(ENTITY)); if (! parser->m_declEntity) return XML_ERROR_NO_MEMORY; if (parser->m_declEntity->name != name) { poolDiscard(&dtd->pool); parser->m_declEntity = NULL; } else { poolFinish(&dtd->pool); parser->m_declEntity->publicId = NULL; parser->m_declEntity->is_param = XML_TRUE; parser->m_declEntity->is_internal = ! (parser->m_parentParser || parser->m_openInternalEntities); if (parser->m_entityDeclHandler) handleDefault = XML_FALSE; } } else { poolDiscard(&dtd->pool); parser->m_declEntity = NULL; } #else parser->m_declEntity = NULL; #endif break; case XML_ROLE_NOTATION_NAME: parser->m_declNotationPublicId = NULL; parser->m_declNotationName = NULL; if (parser->m_notationDeclHandler) { parser->m_declNotationName = poolStoreString(&parser->m_tempPool, enc, s, next); if (! parser->m_declNotationName) return XML_ERROR_NO_MEMORY; poolFinish(&parser->m_tempPool); handleDefault = XML_FALSE; } break; case XML_ROLE_NOTATION_PUBLIC_ID: if (! XmlIsPublicId(enc, s, next, eventPP)) return XML_ERROR_PUBLICID; if (parser ->m_declNotationName) { XML_Char *tem = poolStoreString(&parser->m_tempPool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! tem) return XML_ERROR_NO_MEMORY; normalizePublicId(tem); parser->m_declNotationPublicId = tem; poolFinish(&parser->m_tempPool); handleDefault = XML_FALSE; } break; case XML_ROLE_NOTATION_SYSTEM_ID: if (parser->m_declNotationName && parser->m_notationDeclHandler) { const XML_Char *systemId = poolStoreString(&parser->m_tempPool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! systemId) return XML_ERROR_NO_MEMORY; *eventEndPP = s; parser->m_notationDeclHandler( parser->m_handlerArg, parser->m_declNotationName, parser->m_curBase, systemId, parser->m_declNotationPublicId); handleDefault = XML_FALSE; } poolClear(&parser->m_tempPool); break; case XML_ROLE_NOTATION_NO_SYSTEM_ID: if (parser->m_declNotationPublicId && parser->m_notationDeclHandler) { *eventEndPP = s; parser->m_notationDeclHandler( parser->m_handlerArg, parser->m_declNotationName, parser->m_curBase, 0, parser->m_declNotationPublicId); handleDefault = XML_FALSE; } poolClear(&parser->m_tempPool); break; case XML_ROLE_ERROR: switch (tok) { case XML_TOK_PARAM_ENTITY_REF: return XML_ERROR_PARAM_ENTITY_REF; case XML_TOK_XML_DECL: return XML_ERROR_MISPLACED_XML_PI; default: return XML_ERROR_SYNTAX; } #ifdef XML_DTD case XML_ROLE_IGNORE_SECT: { enum XML_Error result; if (parser->m_defaultHandler) reportDefault(parser, enc, s, next); handleDefault = XML_FALSE; result = doIgnoreSection(parser, enc, &next, end, nextPtr, haveMore); if (result != XML_ERROR_NONE) return result; else if (! next) { parser->m_processor = ignoreSectionProcessor; return result; } } break; #endif case XML_ROLE_GROUP_OPEN: if (parser->m_prologState.level >= parser->m_groupSize) { if (parser->m_groupSize) { { char *const new_connector = (char *)REALLOC( parser, parser->m_groupConnector, parser->m_groupSize *= 2); if (new_connector == NULL) { parser->m_groupSize /= 2; return XML_ERROR_NO_MEMORY; } parser->m_groupConnector = new_connector; } if (dtd->scaffIndex) { int *const new_scaff_index = (int *)REALLOC( parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int)); if (new_scaff_index == NULL) return XML_ERROR_NO_MEMORY; dtd->scaffIndex = new_scaff_index; } } else { parser->m_groupConnector = (char *)MALLOC(parser, parser->m_groupSize = 32); if (! parser->m_groupConnector) { parser->m_groupSize = 0; return XML_ERROR_NO_MEMORY; } } } parser->m_groupConnector[parser->m_prologState.level] = 0; if (dtd->in_eldecl) { int myindex = nextScaffoldPart(parser); if (myindex < 0) return XML_ERROR_NO_MEMORY; assert(dtd->scaffIndex != NULL); dtd->scaffIndex[dtd->scaffLevel] = myindex; dtd->scaffLevel++; dtd->scaffold[myindex].type = XML_CTYPE_SEQ; if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; } break; case XML_ROLE_GROUP_SEQUENCE: if (parser->m_groupConnector[parser->m_prologState.level] == ASCII_PIPE) return XML_ERROR_SYNTAX; parser->m_groupConnector[parser->m_prologState.level] = ASCII_COMMA; if (dtd->in_eldecl && parser->m_elementDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_GROUP_CHOICE: if (parser->m_groupConnector[parser->m_prologState.level] == ASCII_COMMA) return XML_ERROR_SYNTAX; if (dtd->in_eldecl && ! parser->m_groupConnector[parser->m_prologState.level] && (dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]].type != XML_CTYPE_MIXED)) { dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]].type = XML_CTYPE_CHOICE; if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; } parser->m_groupConnector[parser->m_prologState.level] = ASCII_PIPE; break; case XML_ROLE_PARAM_ENTITY_REF: #ifdef XML_DTD case XML_ROLE_INNER_PARAM_ENTITY_REF: dtd->hasParamEntityRefs = XML_TRUE; if (! parser->m_paramEntityParsing) dtd->keepProcessing = dtd->standalone; else { const XML_Char *name; ENTITY *entity; name = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! name) return XML_ERROR_NO_MEMORY; entity = (ENTITY *)lookup(parser, &dtd->paramEntities, name, 0); poolDiscard(&dtd->pool); if (parser->m_prologState.documentEntity && (dtd->standalone ? ! parser->m_openInternalEntities : ! dtd->hasParamEntityRefs)) { if (! entity) return XML_ERROR_UNDEFINED_ENTITY; else if (! entity->is_internal) { return XML_ERROR_ENTITY_DECLARED_IN_PE; } } else if (! entity) { dtd->keepProcessing = dtd->standalone; if ((role == XML_ROLE_PARAM_ENTITY_REF) && parser->m_skippedEntityHandler) { parser->m_skippedEntityHandler(parser->m_handlerArg, name, 1); handleDefault = XML_FALSE; } break; } if (entity->open) return XML_ERROR_RECURSIVE_ENTITY_REF; if (entity->textPtr) { enum XML_Error result; XML_Bool betweenDecl = (role == XML_ROLE_PARAM_ENTITY_REF ? XML_TRUE : XML_FALSE); result = processInternalEntity(parser, entity, betweenDecl); if (result != XML_ERROR_NONE) return result; handleDefault = XML_FALSE; break; } if (parser->m_externalEntityRefHandler) { dtd->paramEntityRead = XML_FALSE; entity->open = XML_TRUE; if (! parser->m_externalEntityRefHandler( parser->m_externalEntityRefHandlerArg, 0, entity->base, entity->systemId, entity->publicId)) { entity->open = XML_FALSE; return XML_ERROR_EXTERNAL_ENTITY_HANDLING; } entity->open = XML_FALSE; handleDefault = XML_FALSE; if (! dtd->paramEntityRead) { dtd->keepProcessing = dtd->standalone; break; } } else { dtd->keepProcessing = dtd->standalone; break; } } #endif if (! dtd->standalone && parser->m_notStandaloneHandler && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) return XML_ERROR_NOT_STANDALONE; break; case XML_ROLE_ELEMENT_NAME: if (parser->m_elementDeclHandler) { parser->m_declElementType = getElementType(parser, enc, s, next); if (! parser->m_declElementType) return XML_ERROR_NO_MEMORY; dtd->scaffLevel = 0; dtd->scaffCount = 0; dtd->in_eldecl = XML_TRUE; handleDefault = XML_FALSE; } break; case XML_ROLE_CONTENT_ANY: case XML_ROLE_CONTENT_EMPTY: if (dtd->in_eldecl) { if (parser->m_elementDeclHandler) { XML_Content *content = (XML_Content *)MALLOC(parser, sizeof(XML_Content)); if (! content) return XML_ERROR_NO_MEMORY; content->quant = XML_CQUANT_NONE; content->name = NULL; content->numchildren = 0; content->children = NULL; content->type = ((role == XML_ROLE_CONTENT_ANY) ? XML_CTYPE_ANY : XML_CTYPE_EMPTY); *eventEndPP = s; parser->m_elementDeclHandler( parser->m_handlerArg, parser->m_declElementType->name, content); handleDefault = XML_FALSE; } dtd->in_eldecl = XML_FALSE; } break; case XML_ROLE_CONTENT_PCDATA: if (dtd->in_eldecl) { dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]].type = XML_CTYPE_MIXED; if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; } break; case XML_ROLE_CONTENT_ELEMENT: quant = XML_CQUANT_NONE; goto elementContent; case XML_ROLE_CONTENT_ELEMENT_OPT: quant = XML_CQUANT_OPT; goto elementContent; case XML_ROLE_CONTENT_ELEMENT_REP: quant = XML_CQUANT_REP; goto elementContent; case XML_ROLE_CONTENT_ELEMENT_PLUS: quant = XML_CQUANT_PLUS; elementContent: if (dtd->in_eldecl) { ELEMENT_TYPE *el; const XML_Char *name; int nameLen; const char *nxt = (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar); int myindex = nextScaffoldPart(parser); if (myindex < 0) return XML_ERROR_NO_MEMORY; dtd->scaffold[myindex].type = XML_CTYPE_NAME; dtd->scaffold[myindex].quant = quant; el = getElementType(parser, enc, s, nxt); if (! el) return XML_ERROR_NO_MEMORY; name = el->name; dtd->scaffold[myindex].name = name; nameLen = 0; for (; name[nameLen++];) ; dtd->contentStringLen += nameLen; if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; } break; case XML_ROLE_GROUP_CLOSE: quant = XML_CQUANT_NONE; goto closeGroup; case XML_ROLE_GROUP_CLOSE_OPT: quant = XML_CQUANT_OPT; goto closeGroup; case XML_ROLE_GROUP_CLOSE_REP: quant = XML_CQUANT_REP; goto closeGroup; case XML_ROLE_GROUP_CLOSE_PLUS: quant = XML_CQUANT_PLUS; closeGroup: if (dtd->in_eldecl) { if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; dtd->scaffLevel--; dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel]].quant = quant; if (dtd->scaffLevel == 0) { if (! handleDefault) { XML_Content *model = build_model(parser); if (! model) return XML_ERROR_NO_MEMORY; *eventEndPP = s; parser->m_elementDeclHandler( parser->m_handlerArg, parser->m_declElementType->name, model); } dtd->in_eldecl = XML_FALSE; dtd->contentStringLen = 0; } } break; case XML_ROLE_PI: if (! reportProcessingInstruction(parser, enc, s, next)) return XML_ERROR_NO_MEMORY; handleDefault = XML_FALSE; break; case XML_ROLE_COMMENT: if (! reportComment(parser, enc, s, next)) return XML_ERROR_NO_MEMORY; handleDefault = XML_FALSE; break; case XML_ROLE_NONE: switch (tok) { case XML_TOK_BOM: handleDefault = XML_FALSE; break; } break; case XML_ROLE_DOCTYPE_NONE: if (parser->m_startDoctypeDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_ENTITY_NONE: if (dtd->keepProcessing && parser->m_entityDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_NOTATION_NONE: if (parser->m_notationDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_ATTLIST_NONE: if (dtd->keepProcessing && parser->m_attlistDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_ELEMENT_NONE: if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; break; } if (handleDefault && parser->m_defaultHandler) reportDefault(parser, enc, s, next); switch (parser->m_parsingStatus.parsing) { case XML_SUSPENDED: *nextPtr = next; return XML_ERROR_NONE; case XML_FINISHED: return XML_ERROR_ABORTED; default: s = next; tok = XmlPrologTok(enc, s, end, &next); } } }",visit repo url,expat/lib/xmlparse.c,https://github.com/libexpat/libexpat,21563893428938,1 6099,CWE-190,"int cp_vbnn_gen_prv(bn_t sk, ec_t pk, const bn_t msk, const uint8_t *id, size_t id_len) { uint8_t hash[RLC_MD_LEN]; int len, result = RLC_OK; uint8_t *buf = NULL; bn_t n, r; bn_null(n); bn_null(r); RLC_TRY { bn_new(n); bn_new(r); ec_curve_get_ord(n); bn_rand_mod(r, n); ec_mul_gen(pk, r); len = id_len + ec_size_bin(pk, 1); buf = RLC_ALLOCA(uint8_t, len); if (buf == NULL) { RLC_THROW(ERR_NO_MEMORY); } memcpy(buf, id, id_len); ec_write_bin(buf + id_len, ec_size_bin(pk, 1), pk, 1); md_map(hash, buf, len); bn_read_bin(sk, hash, RLC_MD_LEN); bn_mod(sk, sk, n); bn_mul(sk, sk, msk); bn_add(sk, sk, r); bn_mod(sk, sk, n); } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(n); bn_free(r); RLC_FREE(buf); } return result; }",visit repo url,src/cp/relic_cp_vbnn.c,https://github.com/relic-toolkit/relic,11486960599439,1 3529,CWE-476,"jp2_box_t *jp2_box_get(jas_stream_t *in) { jp2_box_t *box; jp2_boxinfo_t *boxinfo; jas_stream_t *tmpstream; uint_fast32_t len; uint_fast64_t extlen; bool dataflag; box = 0; tmpstream = 0; if (!(box = jas_malloc(sizeof(jp2_box_t)))) { goto error; } box->ops = &jp2_boxinfo_unk.ops; if (jp2_getuint32(in, &len) || jp2_getuint32(in, &box->type)) { goto error; } boxinfo = jp2_boxinfolookup(box->type); box->info = boxinfo; box->ops = &boxinfo->ops; box->len = len; JAS_DBGLOG(10, ( ""preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n"", '""', boxinfo->name, '""', box->type, box->len )); if (box->len == 1) { if (jp2_getuint64(in, &extlen)) { goto error; } if (extlen > 0xffffffffUL) { jas_eprintf(""warning: cannot handle large 64-bit box length\n""); extlen = 0xffffffffUL; } box->len = extlen; box->datalen = extlen - JP2_BOX_HDRLEN(true); } else { box->datalen = box->len - JP2_BOX_HDRLEN(false); } if (box->len != 0 && box->len < 8) { goto error; } dataflag = !(box->info->flags & (JP2_BOX_SUPER | JP2_BOX_NODATA)); if (dataflag) { if (!(tmpstream = jas_stream_memopen(0, 0))) { goto error; } if (jas_stream_copy(tmpstream, in, box->datalen)) { box->ops = &jp2_boxinfo_unk.ops; jas_eprintf(""cannot copy box data\n""); goto error; } jas_stream_rewind(tmpstream); if (box->ops->getdata) { if ((*box->ops->getdata)(box, tmpstream)) { jas_eprintf(""cannot parse box data\n""); goto error; } } jas_stream_close(tmpstream); } if (jas_getdbglevel() >= 1) { jp2_box_dump(box, stderr); } return box; error: if (box) { jp2_box_destroy(box); } if (tmpstream) { jas_stream_close(tmpstream); } return 0; }",visit repo url,src/libjasper/jp2/jp2_cod.c,https://github.com/mdadams/jasper,267061665783824,1 4621,CWE-476,"void gf_isom_cenc_get_default_info_internal(GF_TrackBox *trak, u32 sampleDescriptionIndex, u32 *container_type, Bool *default_IsEncrypted, u8 *crypt_byte_block, u8 *skip_byte_block, const u8 **key_info, u32 *key_info_size) { GF_ProtectionSchemeInfoBox *sinf; if (default_IsEncrypted) *default_IsEncrypted = GF_FALSE; if (crypt_byte_block) *crypt_byte_block = 0; if (skip_byte_block) *skip_byte_block = 0; if (container_type) *container_type = 0; if (key_info) *key_info = NULL; if (key_info_size) *key_info_size = 0; sinf = isom_get_sinf_entry(trak, sampleDescriptionIndex, GF_ISOM_CENC_SCHEME, NULL); if (!sinf) sinf = isom_get_sinf_entry(trak, sampleDescriptionIndex, GF_ISOM_CBC_SCHEME, NULL); if (!sinf) sinf = isom_get_sinf_entry(trak, sampleDescriptionIndex, GF_ISOM_CENS_SCHEME, NULL); if (!sinf) sinf = isom_get_sinf_entry(trak, sampleDescriptionIndex, GF_ISOM_CBCS_SCHEME, NULL); if (!sinf) sinf = isom_get_sinf_entry(trak, sampleDescriptionIndex, GF_ISOM_PIFF_SCHEME, NULL); if (!sinf) { u32 i, nb_stsd = gf_list_count(trak->Media->information->sampleTable->SampleDescription->child_boxes); for (i=0; iMedia->information->sampleTable->SampleDescription->child_boxes, i); a_sinf = (GF_ProtectionSchemeInfoBox *) gf_isom_box_find_child(sentry->child_boxes, GF_ISOM_BOX_TYPE_SINF); if (!a_sinf) continue; return; } } if (sinf && sinf->info && sinf->info->tenc) { if (default_IsEncrypted) *default_IsEncrypted = sinf->info->tenc->isProtected; if (crypt_byte_block) *crypt_byte_block = sinf->info->tenc->crypt_byte_block; if (skip_byte_block) *skip_byte_block = sinf->info->tenc->skip_byte_block; if (key_info) *key_info = sinf->info->tenc->key_info; if (key_info_size) { *key_info_size = 20; if (!sinf->info->tenc->key_info[3]) *key_info_size += 1 + sinf->info->tenc->key_info[20]; } if (container_type) *container_type = GF_ISOM_BOX_TYPE_SENC; } else if (sinf && sinf->info && sinf->info->piff_tenc) { if (default_IsEncrypted) *default_IsEncrypted = GF_TRUE; if (key_info) *key_info = sinf->info->piff_tenc->key_info; if (key_info_size) *key_info_size = 19; if (container_type) *container_type = GF_ISOM_BOX_UUID_PSEC; } else { u32 i, count = 0; GF_CENCSampleEncryptionGroupEntry *seig_entry = NULL; if (!trak->moov->mov->is_smooth) count = gf_list_count(trak->Media->information->sampleTable->sampleGroupsDescription); for (i=0; iMedia->information->sampleTable->sampleGroupsDescription, i); if (sgdesc->grouping_type!=GF_ISOM_SAMPLE_GROUP_SEIG) continue; if (sgdesc->default_description_index) seig_entry = gf_list_get(sgdesc->group_descriptions, sgdesc->default_description_index-1); else seig_entry = gf_list_get(sgdesc->group_descriptions, 0); if (!seig_entry->key_info[0]) seig_entry = NULL; break; } if (seig_entry) { if (default_IsEncrypted) *default_IsEncrypted = seig_entry->IsProtected; if (crypt_byte_block) *crypt_byte_block = seig_entry->crypt_byte_block; if (skip_byte_block) *skip_byte_block = seig_entry->skip_byte_block; if (key_info) *key_info = seig_entry->key_info; if (key_info_size) *key_info_size = seig_entry->key_info_size; if (container_type) *container_type = GF_ISOM_BOX_TYPE_SENC; } else { if (! trak->moov->mov->is_smooth ) { trak->moov->mov->is_smooth = GF_TRUE; GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] senc box without tenc, assuming MS smooth+piff\n"")); } if (default_IsEncrypted) *default_IsEncrypted = GF_TRUE; if (container_type) *container_type = GF_ISOM_BOX_UUID_PSEC; } } if (container_type && trak->sample_encryption) { if (trak->sample_encryption->type == GF_ISOM_BOX_TYPE_SENC) *container_type = GF_ISOM_BOX_TYPE_SENC; else if (trak->sample_encryption->type == GF_ISOM_BOX_TYPE_UUID) *container_type = ((GF_UUIDBox*)trak->sample_encryption)->internal_4cc; } }",visit repo url,src/isomedia/drm_sample.c,https://github.com/gpac/gpac,136482810898425,1 2302,NVD-CWE-noinfo,"long do_rt_tgsigqueueinfo(pid_t tgid, pid_t pid, int sig, siginfo_t *info) { if (pid <= 0 || tgid <= 0) return -EINVAL; if (info->si_code >= 0) return -EPERM; info->si_signo = sig; return do_send_specific(tgid, pid, sig, info); }",visit repo url,kernel/signal.c,https://github.com/torvalds/linux,174225342523742,1 6375,[],"void fprintUserProp (TNEFStruct *tnef, FILE *fptr, DWORD proptype, DWORD propid, const gchar text[]) { variableLength *vl; if ((vl=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (proptype, propid))) != MAPI_UNDEFINED) { if (vl->size > 0) { if ((vl->size == 1) && (vl->data[0] == 0)) { } else { fprintf (fptr, text, vl->data); } } } }",evolution,,,32381130083840317079880808990446153735,0 15,['CWE-264'],"static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, unsigned int *len TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; char *id; id = php_pdo_int64_to_str(sqlite3_last_insert_rowid(H->db) TSRMLS_CC); *len = strlen(id); return id; }",php-src,,,34411627759894123717536527345619247660,0 1640,CWE-264,"int ovl_setattr(struct dentry *dentry, struct iattr *attr) { int err; struct dentry *upperdentry; err = ovl_want_write(dentry); if (err) goto out; upperdentry = ovl_dentry_upper(dentry); if (upperdentry) { mutex_lock(&upperdentry->d_inode->i_mutex); err = notify_change(upperdentry, attr, NULL); mutex_unlock(&upperdentry->d_inode->i_mutex); } else { err = ovl_copy_up_last(dentry, attr, false); } ovl_drop_write(dentry); out: return err; }",visit repo url,fs/overlayfs/inode.c,https://github.com/torvalds/linux,111857108685854,1 4516,CWE-404,"static void svg_parse_preserveaspectratio(SVG_PreserveAspectRatio *par, char *attribute_content, GF_Err *out_e) { char *content = attribute_content; while (*content == ' ') content++; if (strstr(content, ""defer"")) { par->defer = 1; content += 4; } else { content = attribute_content; } while (*content == ' ') content++; if (strstr(content, ""none"")) { par->align = SVG_PRESERVEASPECTRATIO_NONE; content+=4; } else if (strstr(content, ""xMinYMin"")) { par->align = SVG_PRESERVEASPECTRATIO_XMINYMIN; content+=8; } else if (strstr(content, ""xMidYMin"")) { par->align = SVG_PRESERVEASPECTRATIO_XMIDYMIN; content+=8; } else if (strstr(content, ""xMaxYMin"")) { par->align = SVG_PRESERVEASPECTRATIO_XMAXYMIN; content+=8; } else if (strstr(content, ""xMinYMid"")) { par->align = SVG_PRESERVEASPECTRATIO_XMINYMID; content+=8; } else if (strstr(content, ""xMidYMid"")) { par->align = SVG_PRESERVEASPECTRATIO_XMIDYMID; content+=8; } else if (strstr(content, ""xMaxYMid"")) { par->align = SVG_PRESERVEASPECTRATIO_XMAXYMID; content+=8; } else if (strstr(content, ""xMinYMax"")) { par->align = SVG_PRESERVEASPECTRATIO_XMINYMAX; content+=8; } else if (strstr(content, ""xMidYMax"")) { par->align = SVG_PRESERVEASPECTRATIO_XMIDYMAX; content+=8; } else if (strstr(content, ""xMaxYMax"")) { par->align = SVG_PRESERVEASPECTRATIO_XMAXYMAX; content+=8; } else { *out_e = GF_NON_COMPLIANT_BITSTREAM; } while (*content == ' ') content++; if (*content == 0) return; if (strstr(content, ""meet"")) { par->meetOrSlice = SVG_MEETORSLICE_MEET; } else if (strstr(content, ""slice"")) { par->meetOrSlice = SVG_MEETORSLICE_SLICE; } else { *out_e = GF_NON_COMPLIANT_BITSTREAM; } }",visit repo url,src/scenegraph/svg_attributes.c,https://github.com/gpac/gpac,68727043661889,1 2347,CWE-824,"int init_aliases(void) { FILE *fp; char alias[MAXALIASLEN + 1U]; char dir[PATH_MAX + 1U]; if ((fp = fopen(ALIASES_FILE, ""r"")) == NULL) { return 0; } while (fgets(alias, sizeof alias, fp) != NULL) { if (*alias == '#' || *alias == '\n' || *alias == 0) { continue; } { char * const z = alias + strlen(alias) - 1U; if (*z != '\n') { goto bad; } *z = 0; } do { if (fgets(dir, sizeof dir, fp) == NULL || *dir == 0) { goto bad; } { char * const z = dir + strlen(dir) - 1U; if (*z == '\n') { *z = 0; } } } while (*dir == '#' || *dir == 0); if (head == NULL) { if ((head = tail = malloc(sizeof *head)) == NULL || (tail->alias = strdup(alias)) == NULL || (tail->dir = strdup(dir)) == NULL) { die_mem(); } tail->next = NULL; } else { DirAlias *curr; if ((curr = malloc(sizeof *curr)) == NULL || (curr->alias = strdup(alias)) == NULL || (curr->dir = strdup(dir)) == NULL) { die_mem(); } tail->next = curr; tail = curr; } } fclose(fp); aliases_up++; return 0; bad: fclose(fp); logfile(LOG_ERR, MSG_ALIASES_BROKEN_FILE "" ["" ALIASES_FILE ""]""); return -1; }",visit repo url,src/diraliases.c,https://github.com/jedisct1/pure-ftpd,177584633028803,1 5073,['CWE-20'],"static inline int is_page_fault(u32 intr_info) { return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VECTOR_MASK | INTR_INFO_VALID_MASK)) == (INTR_TYPE_HARD_EXCEPTION | PF_VECTOR | INTR_INFO_VALID_MASK); }",linux-2.6,,,243363506933002383292942026987707725866,0 853,['CWE-119'],"isdn_all_eaz(int di, int ch) { isdn_ctrl cmd; if (di < 0) return; cmd.driver = di; cmd.arg = ch; cmd.command = ISDN_CMD_SETEAZ; cmd.parm.num[0] = '\0'; isdn_command(&cmd); }",linux-2.6,,,75835416945189929747494669911261231005,0 1922,CWE-269,"static void ptrace_link(struct task_struct *child, struct task_struct *new_parent) { rcu_read_lock(); __ptrace_link(child, new_parent, __task_cred(new_parent)); rcu_read_unlock(); }",visit repo url,kernel/ptrace.c,https://github.com/torvalds/linux,254987462387474,1 1347,['CWE-399'],"ipip6_tunnel_del_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a) { struct ip_tunnel_prl_entry *x, **p; int err = 0; write_lock(&ipip6_lock); if (a && a->addr != htonl(INADDR_ANY)) { for (p = &t->prl; *p; p = &(*p)->next) { if ((*p)->addr == a->addr) { x = *p; *p = x->next; kfree(x); t->prl_count--; goto out; } } err = -ENXIO; } else { while (t->prl) { x = t->prl; t->prl = t->prl->next; kfree(x); t->prl_count--; } } out: write_unlock(&ipip6_lock); return 0; }",linux-2.6,,,238637657051534131051358113805051974249,0 3766,CWE-476," while ( 1 ) { yy_cp = yyg->yy_c_buf_p; *yy_cp = yyg->yy_hold_char; yy_bp = yy_cp; yy_current_state = yyg->yy_start; yy_match: do { YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; yyg->yy_last_accepting_cpos = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 45 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } while ( yy_current_state != 44 ); yy_cp = yyg->yy_last_accepting_cpos; yy_current_state = yyg->yy_last_accepting_state; yy_find_action: yy_act = yy_accept[yy_current_state]; YY_DO_BEFORE_ACTION; if ( yy_act != YY_END_OF_BUFFER && yy_rule_can_match_eol[yy_act] ) { yy_size_t yyl; for ( yyl = 0; yyl < yyleng; ++yyl ) if ( yytext[yyl] == '\n' ) do{ yylineno++; yycolumn=0; }while(0) ; } do_action: switch ( yy_act ) { case 0: *yy_cp = yyg->yy_hold_char; yy_cp = yyg->yy_last_accepting_cpos; yy_current_state = yyg->yy_last_accepting_state; goto yy_find_action; case 1: YY_RULE_SETUP #line 101 ""re_lexer.l"" { int hi_bound; int lo_bound = atoi(yytext + 1); char* comma = strchr(yytext, ','); if (comma - yytext == strlen(yytext) - 2) hi_bound = INT16_MAX; else hi_bound = atoi(comma + 1); if (hi_bound > INT16_MAX) { yyerror(yyscanner, lex_env, ""repeat interval too large""); yyterminate(); } if (hi_bound < lo_bound || hi_bound < 0 || lo_bound < 0) { yyerror(yyscanner, lex_env, ""bad repeat interval""); yyterminate(); } yylval->range = (hi_bound << 16) | lo_bound; return _RANGE_; } YY_BREAK case 2: YY_RULE_SETUP #line 135 ""re_lexer.l"" { int value = atoi(yytext + 1); if (value > INT16_MAX) { yyerror(yyscanner, lex_env, ""repeat interval too large""); yyterminate(); } yylval->range = (value << 16) | value; return _RANGE_; } YY_BREAK case 3: YY_RULE_SETUP #line 153 ""re_lexer.l"" { BEGIN(char_class); memset(LEX_ENV->class_vector, 0, 32); LEX_ENV->negated_class = TRUE; } YY_BREAK case 4: YY_RULE_SETUP #line 162 ""re_lexer.l"" { BEGIN(char_class); memset(LEX_ENV->class_vector, 0, 32); LEX_ENV->negated_class = TRUE; LEX_ENV->class_vector[']' / 8] |= 1 << ']' % 8; } YY_BREAK case 5: YY_RULE_SETUP #line 175 ""re_lexer.l"" { BEGIN(char_class); memset(LEX_ENV->class_vector, 0, 32); LEX_ENV->negated_class = FALSE; LEX_ENV->class_vector[']' / 8] |= 1 << ']' % 8; } YY_BREAK case 6: YY_RULE_SETUP #line 188 ""re_lexer.l"" { BEGIN(char_class); memset(LEX_ENV->class_vector, 0, 32); LEX_ENV->negated_class = FALSE; } YY_BREAK case 7: YY_RULE_SETUP #line 198 ""re_lexer.l"" { yylval->integer = yytext[0]; return _CHAR_; } YY_BREAK case 8: YY_RULE_SETUP #line 207 ""re_lexer.l"" { return _WORD_CHAR_; } YY_BREAK case 9: YY_RULE_SETUP #line 212 ""re_lexer.l"" { return _NON_WORD_CHAR_; } YY_BREAK case 10: YY_RULE_SETUP #line 217 ""re_lexer.l"" { return _SPACE_; } YY_BREAK case 11: YY_RULE_SETUP #line 222 ""re_lexer.l"" { return _NON_SPACE_; } YY_BREAK case 12: YY_RULE_SETUP #line 227 ""re_lexer.l"" { return _DIGIT_; } YY_BREAK case 13: YY_RULE_SETUP #line 232 ""re_lexer.l"" { return _NON_DIGIT_; } YY_BREAK case 14: YY_RULE_SETUP #line 237 ""re_lexer.l"" { return _WORD_BOUNDARY_; } YY_BREAK case 15: YY_RULE_SETUP #line 241 ""re_lexer.l"" { return _NON_WORD_BOUNDARY_; } YY_BREAK case 16: YY_RULE_SETUP #line 246 ""re_lexer.l"" { yyerror(yyscanner, lex_env, ""backreferences are not allowed""); yyterminate(); } YY_BREAK case 17: YY_RULE_SETUP #line 253 ""re_lexer.l"" { uint8_t c; if (read_escaped_char(yyscanner, &c)) { yylval->integer = c; return _CHAR_; } else { yyerror(yyscanner, lex_env, ""unexpected end of buffer""); yyterminate(); } } YY_BREAK case 18: YY_RULE_SETUP #line 270 ""re_lexer.l"" { int i; yylval->class_vector = (uint8_t*) yr_malloc(32); memcpy(yylval->class_vector, LEX_ENV->class_vector, 32); if (LEX_ENV->negated_class) { for(i = 0; i < 32; i++) yylval->class_vector[i] = ~yylval->class_vector[i]; } BEGIN(INITIAL); return _CLASS_; } YY_BREAK case 19: YY_RULE_SETUP #line 291 ""re_lexer.l"" { uint16_t c; uint8_t start = yytext[0]; uint8_t end = yytext[2]; if (start == '\\') { start = escaped_char_value(yytext); if (yytext[1] == 'x') end = yytext[5]; else end = yytext[3]; } if (end == '\\') { if (!read_escaped_char(yyscanner, &end)) { yyerror(yyscanner, lex_env, ""unexpected end of buffer""); yyterminate(); } } if (end < start) { yyerror(yyscanner, lex_env, ""bad character range""); yyterminate(); } for (c = start; c <= end; c++) { LEX_ENV->class_vector[c / 8] |= 1 << c % 8; } } YY_BREAK case 20: YY_RULE_SETUP #line 333 ""re_lexer.l"" { int i; for (i = 0; i < 32; i++) LEX_ENV->class_vector[i] |= word_chars[i]; } YY_BREAK case 21: YY_RULE_SETUP #line 342 ""re_lexer.l"" { int i; for (i = 0; i < 32; i++) LEX_ENV->class_vector[i] |= ~word_chars[i]; } YY_BREAK case 22: YY_RULE_SETUP #line 351 ""re_lexer.l"" { LEX_ENV->class_vector[' ' / 8] |= 1 << ' ' % 8; LEX_ENV->class_vector['\t' / 8] |= 1 << '\t' % 8; } YY_BREAK case 23: YY_RULE_SETUP #line 358 ""re_lexer.l"" { int i; for (i = 0; i < 32; i++) { if (i == ' ' / 8) LEX_ENV->class_vector[i] |= ~(1 << ' ' % 8); else if (i == '\t' / 8) LEX_ENV->class_vector[i] |= ~(1 << '\t' % 8); else LEX_ENV->class_vector[i] = 0xFF; } } YY_BREAK case 24: YY_RULE_SETUP #line 374 ""re_lexer.l"" { char c; for (c = '0'; c <= '9'; c++) LEX_ENV->class_vector[c / 8] |= 1 << c % 8; } YY_BREAK case 25: YY_RULE_SETUP #line 383 ""re_lexer.l"" { int i; for (i = 0; i < 32; i++) { if (i == 6) continue; if (i == 7) LEX_ENV->class_vector[i] |= 0xFC; else LEX_ENV->class_vector[i] = 0xFF; } } YY_BREAK case 26: YY_RULE_SETUP #line 403 ""re_lexer.l"" { uint8_t c; if (read_escaped_char(yyscanner, &c)) { LEX_ENV->class_vector[c / 8] |= 1 << c % 8; } else { yyerror(yyscanner, lex_env, ""unexpected end of buffer""); yyterminate(); } } YY_BREAK case 27: YY_RULE_SETUP #line 419 ""re_lexer.l"" { if (yytext[0] >= 32 && yytext[0] < 127) { LEX_ENV->class_vector[yytext[0] / 8] |= 1 << yytext[0] % 8; } else { yyerror(yyscanner, lex_env, ""non-ascii character""); yyterminate(); } } YY_BREAK case YY_STATE_EOF(char_class): #line 436 ""re_lexer.l"" { yyerror(yyscanner, lex_env, ""missing terminating ] for character class""); yyterminate(); } YY_BREAK case 28: YY_RULE_SETUP #line 445 ""re_lexer.l"" { if (yytext[0] >= 32 && yytext[0] < 127) { return yytext[0]; } else { yyerror(yyscanner, lex_env, ""non-ascii character""); yyterminate(); } } YY_BREAK case YY_STATE_EOF(INITIAL): #line 459 ""re_lexer.l"" { yyterminate(); } YY_BREAK case 29: YY_RULE_SETUP #line 464 ""re_lexer.l"" ECHO; YY_BREAK #line 1358 ""re_lexer.c"" case YY_END_OF_BUFFER: { int yy_amount_of_matched_text = (int) (yy_cp - yyg->yytext_ptr) - 1; *yy_cp = yyg->yy_hold_char; YY_RESTORE_YY_MORE_OFFSET if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } if ( yyg->yy_c_buf_p <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars] ) { yy_state_type yy_next_state; yyg->yy_c_buf_p = yyg->yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( yyscanner ); yy_next_state = yy_try_NUL_trans( yy_current_state , yyscanner); yy_bp = yyg->yytext_ptr + YY_MORE_ADJ; if ( yy_next_state ) { yy_cp = ++yyg->yy_c_buf_p; yy_current_state = yy_next_state; goto yy_match; } else { yy_cp = yyg->yy_last_accepting_cpos; yy_current_state = yyg->yy_last_accepting_state; goto yy_find_action; } } else switch ( yy_get_next_buffer( yyscanner ) ) { case EOB_ACT_END_OF_FILE: { yyg->yy_did_buffer_switch_on_eof = 0; if ( re_yywrap(yyscanner ) ) { yyg->yy_c_buf_p = yyg->yytext_ptr + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if ( ! yyg->yy_did_buffer_switch_on_eof ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: yyg->yy_c_buf_p = yyg->yytext_ptr + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( yyscanner ); yy_cp = yyg->yy_c_buf_p; yy_bp = yyg->yytext_ptr + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: yyg->yy_c_buf_p = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars]; yy_current_state = yy_get_previous_state( yyscanner ); yy_cp = yyg->yy_c_buf_p; yy_bp = yyg->yytext_ptr + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( ""fatal flex scanner internal error--no action found"" ); } ",visit repo url,libyara/re_lexer.c,https://github.com/VirusTotal/yara,25152913507257,1 5017,['CWE-120'],"int udev_util_replace_whitespace(const char *str, char *to, size_t len) { size_t i, j; len = strnlen(str, len); while (len && isspace(str[len-1])) len--; i = 0; while (isspace(str[i]) && (i < len)) i++; j = 0; while (i < len) { if (isspace(str[i])) { while (isspace(str[i])) i++; to[j++] = '_'; } to[j++] = str[i++]; } to[j] = '\0'; return 0; }",udev,,,88884199138926280324446302621973893051,0 2616,[],"void sctp_endpoint_free(struct sctp_endpoint *ep) { ep->base.dead = 1; ep->base.sk->sk_state = SCTP_SS_CLOSED; sctp_unhash_endpoint(ep); sctp_endpoint_put(ep); }",linux-2.6,,,196527692641039436299445877120615817334,0 4850,CWE-119,"static int read_private_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; const sc_acl_entry_t *e; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I0012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select private key file: %s\n"", sc_strerror(r)); return 2; } e = sc_file_get_acl_entry(file, SC_AC_OP_READ); if (e == NULL || e->method == SC_AC_NEVER) return 10; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read private key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_private_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,178422530736789,1 4030,['CWE-362'],"static void insert_hash(struct audit_chunk *chunk) { struct list_head *list = chunk_hash(chunk->watch.inode); list_add_rcu(&chunk->hash, list); }",linux-2.6,,,57937008914569644948384991792357643164,0 573,CWE-399,"static void ip6_append_data_mtu(int *mtu, int *maxfraglen, unsigned int fragheaderlen, struct sk_buff *skb, struct rt6_info *rt) { if (!(rt->dst.flags & DST_XFRM_TUNNEL)) { if (skb == NULL) { *mtu = *mtu - rt->dst.header_len; } else { *mtu = dst_mtu(rt->dst.path); } *maxfraglen = ((*mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); } }",visit repo url,net/ipv6/ip6_output.c,https://github.com/torvalds/linux,114799007495732,1 4323,['CWE-119'],"static void ms_adpcm_run_pull (_AFmoduleinst *module) { ms_adpcm_data *d = (ms_adpcm_data *) module->modspec; AFframecount frames2read = module->outc->nframes; AFframecount nframes = 0; int i, framesPerBlock, blockCount; ssize_t blocksRead, bytesDecoded; framesPerBlock = d->framesPerBlock; assert(module->outc->nframes % framesPerBlock == 0); blockCount = module->outc->nframes / framesPerBlock; blocksRead = af_fread(module->inc->buf, d->blockAlign, blockCount, d->fh); for (i=0; iinc->buf + i * d->blockAlign, (int16_t *) module->outc->buf + i * d->framesPerBlock * d->track->f.channelCount); nframes += framesPerBlock; } d->track->nextfframe += nframes; if (blocksRead > 0) d->track->fpos_next_frame += blocksRead * d->blockAlign; assert(af_ftell(d->fh) == d->track->fpos_next_frame); if (d->track->totalfframes != -1 && nframes != frames2read) { if (d->track->filemodhappy) { _af_error(AF_BAD_READ, ""file missing data -- read %d frames, should be %d"", d->track->nextfframe, d->track->totalfframes); d->track->filemodhappy = AF_FALSE; } } module->outc->nframes = nframes; }",audiofile,,,149711718563730899598101059870273981049,0 6388,CWE-20,"error_t enc28j60ReceivePacket(NetInterface *interface) { error_t error; uint16_t n; uint16_t status; Enc28j60Context *context; context = (Enc28j60Context *) interface->nicContext; if(enc28j60ReadReg(interface, ENC28J60_REG_EPKTCNT)) { enc28j60WriteReg(interface, ENC28J60_REG_ERDPTL, LSB(context->nextPacket)); enc28j60WriteReg(interface, ENC28J60_REG_ERDPTH, MSB(context->nextPacket)); enc28j60ReadBuffer(interface, (uint8_t *) &context->nextPacket, sizeof(uint16_t)); enc28j60ReadBuffer(interface, (uint8_t *) &n, sizeof(uint16_t)); enc28j60ReadBuffer(interface, (uint8_t *) &status, sizeof(uint16_t)); if((status & RSV_RECEIVED_OK) != 0) { n = MIN(n, ETH_MAX_FRAME_SIZE); enc28j60ReadBuffer(interface, context->rxBuffer, n); error = NO_ERROR; } else { error = ERROR_INVALID_PACKET; } if(context->nextPacket == ENC28J60_RX_BUFFER_START) { enc28j60WriteReg(interface, ENC28J60_REG_ERXRDPTL, LSB(ENC28J60_RX_BUFFER_STOP)); enc28j60WriteReg(interface, ENC28J60_REG_ERXRDPTH, MSB(ENC28J60_RX_BUFFER_STOP)); } else { enc28j60WriteReg(interface, ENC28J60_REG_ERXRDPTL, LSB(context->nextPacket - 1)); enc28j60WriteReg(interface, ENC28J60_REG_ERXRDPTH, MSB(context->nextPacket - 1)); } enc28j60SetBit(interface, ENC28J60_REG_ECON2, ECON2_PKTDEC); } else { error = ERROR_BUFFER_EMPTY; } if(!error) { NetRxAncillary ancillary; ancillary = NET_DEFAULT_RX_ANCILLARY; nicProcessPacket(interface, context->rxBuffer, n, &ancillary); } return error; }",visit repo url,drivers/eth/enc28j60_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,158339776273147,1 823,CWE-20,"static int packet_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied, err; struct sockaddr_ll *sll; int vnet_hdr_len = 0; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT|MSG_ERRQUEUE)) goto out; #if 0 if (pkt_sk(sk)->ifindex < 0) return -ENODEV; #endif if (flags & MSG_ERRQUEUE) { err = sock_recv_errqueue(sk, msg, len, SOL_PACKET, PACKET_TX_TIMESTAMP); goto out; } skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (pkt_sk(sk)->has_vnet_hdr) { struct virtio_net_hdr vnet_hdr = { 0 }; err = -EINVAL; vnet_hdr_len = sizeof(vnet_hdr); if (len < vnet_hdr_len) goto out_free; len -= vnet_hdr_len; if (skb_is_gso(skb)) { struct skb_shared_info *sinfo = skb_shinfo(skb); vnet_hdr.hdr_len = skb_headlen(skb); vnet_hdr.gso_size = sinfo->gso_size; if (sinfo->gso_type & SKB_GSO_TCPV4) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV4; else if (sinfo->gso_type & SKB_GSO_TCPV6) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV6; else if (sinfo->gso_type & SKB_GSO_UDP) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_UDP; else if (sinfo->gso_type & SKB_GSO_FCOE) goto out_free; else BUG(); if (sinfo->gso_type & SKB_GSO_TCP_ECN) vnet_hdr.gso_type |= VIRTIO_NET_HDR_GSO_ECN; } else vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE; if (skb->ip_summed == CHECKSUM_PARTIAL) { vnet_hdr.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; vnet_hdr.csum_start = skb_checksum_start_offset(skb); vnet_hdr.csum_offset = skb->csum_offset; } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) { vnet_hdr.flags = VIRTIO_NET_HDR_F_DATA_VALID; } err = memcpy_toiovec(msg->msg_iov, (void *)&vnet_hdr, vnet_hdr_len); if (err < 0) goto out_free; } sll = &PACKET_SKB_CB(skb)->sa.ll; if (sock->type == SOCK_PACKET) msg->msg_namelen = sizeof(struct sockaddr_pkt); else msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr); copied = skb->len; if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, msg->msg_namelen); if (pkt_sk(sk)->auxdata) { struct tpacket_auxdata aux; aux.tp_status = TP_STATUS_USER; if (skb->ip_summed == CHECKSUM_PARTIAL) aux.tp_status |= TP_STATUS_CSUMNOTREADY; aux.tp_len = PACKET_SKB_CB(skb)->origlen; aux.tp_snaplen = skb->len; aux.tp_mac = 0; aux.tp_net = skb_network_offset(skb); if (vlan_tx_tag_present(skb)) { aux.tp_vlan_tci = vlan_tx_tag_get(skb); aux.tp_status |= TP_STATUS_VLAN_VALID; } else { aux.tp_vlan_tci = 0; } aux.tp_padding = 0; put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux); } err = vnet_hdr_len + ((flags&MSG_TRUNC) ? skb->len : copied); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,197620869737506,1 20,['CWE-264'],"static int pdo_sqlite_get_attribute(pdo_dbh_t *dbh, long attr, zval *return_value TSRMLS_DC) { switch (attr) { case PDO_ATTR_CLIENT_VERSION: case PDO_ATTR_SERVER_VERSION: ZVAL_STRING(return_value, (char *)sqlite3_libversion(), 1); break; default: return 0; } return 1; }",php-src,,,76678409708639294148128101502589936922,0 1134,['CWE-399'],"static int __poke_user(struct task_struct *child, addr_t addr, addr_t data) { struct user *dummy = NULL; addr_t offset; if (addr < (addr_t) &dummy->regs.acrs) { if (addr == (addr_t) &dummy->regs.psw.mask && #ifdef CONFIG_COMPAT data != PSW_MASK_MERGE(psw_user32_bits, data) && #endif data != PSW_MASK_MERGE(psw_user_bits, data)) return -EINVAL; #ifndef CONFIG_64BIT if (addr == (addr_t) &dummy->regs.psw.addr) data |= PSW_ADDR_AMODE; #endif *(addr_t *)((addr_t) &task_pt_regs(child)->psw + addr) = data; } else if (addr < (addr_t) (&dummy->regs.orig_gpr2)) { offset = addr - (addr_t) &dummy->regs.acrs; #ifdef CONFIG_64BIT if (addr == (addr_t) &dummy->regs.acrs[15]) child->thread.acrs[15] = (unsigned int) (data >> 32); else #endif *(addr_t *)((addr_t) &child->thread.acrs + offset) = data; } else if (addr == (addr_t) &dummy->regs.orig_gpr2) { task_pt_regs(child)->orig_gpr2 = data; } else if (addr < (addr_t) &dummy->regs.fp_regs) { return 0; } else if (addr < (addr_t) (&dummy->regs.fp_regs + 1)) { if (addr == (addr_t) &dummy->regs.fp_regs.fpc && (data & ~((unsigned long) FPC_VALID_MASK << (BITS_PER_LONG - 32))) != 0) return -EINVAL; offset = addr - (addr_t) &dummy->regs.fp_regs; *(addr_t *)((addr_t) &child->thread.fp_regs + offset) = data; } else if (addr < (addr_t) (&dummy->regs.per_info + 1)) { offset = addr - (addr_t) &dummy->regs.per_info; *(addr_t *)((addr_t) &child->thread.per_info + offset) = data; } FixPerRegisters(child); return 0; }",linux-2.6,,,321512267718254513880731726842944248424,0 6727,['CWE-310'],"pre_keyring_callback (void) { GnomeKeyringInfo *info = NULL; if (!pre_keyring_cb) return; if (gnome_keyring_get_info_sync (NULL, &info) == GNOME_KEYRING_RESULT_OK) { if (gnome_keyring_info_get_is_locked (info)) (*pre_keyring_cb) (pre_keyring_user_data); gnome_keyring_info_free (info); } else (*pre_keyring_cb) (pre_keyring_user_data); }",network-manager-applet,,,85401145432644187559609237947677942576,0 2764,CWE-189,"static size_t exif_convert_any_to_int(void *value, int format, int motorola_intel TSRMLS_DC) { int s_den; unsigned u_den; switch(format) { case TAG_FMT_SBYTE: return *(signed char *)value; case TAG_FMT_BYTE: return *(uchar *)value; case TAG_FMT_USHORT: return php_ifd_get16u(value, motorola_intel); case TAG_FMT_ULONG: return php_ifd_get32u(value, motorola_intel); case TAG_FMT_URATIONAL: u_den = php_ifd_get32u(4+(char *)value, motorola_intel); if (u_den == 0) { return 0; } else { return php_ifd_get32u(value, motorola_intel) / u_den; } case TAG_FMT_SRATIONAL: s_den = php_ifd_get32s(4+(char *)value, motorola_intel); if (s_den == 0) { return 0; } else { return php_ifd_get32s(value, motorola_intel) / s_den; } case TAG_FMT_SSHORT: return php_ifd_get16u(value, motorola_intel); case TAG_FMT_SLONG: return php_ifd_get32s(value, motorola_intel); case TAG_FMT_SINGLE: #ifdef EXIF_DEBUG php_error_docref(NULL TSRMLS_CC, E_NOTICE, ""Found value of type single""); #endif return (size_t)*(float *)value; case TAG_FMT_DOUBLE: #ifdef EXIF_DEBUG php_error_docref(NULL TSRMLS_CC, E_NOTICE, ""Found value of type double""); #endif return (size_t)*(double *)value; } return 0; }",visit repo url,ext/exif/exif.c,https://github.com/php/php-src,234560506334009,1 4512,['CWE-20'],"static struct ext4_dir_entry_2* dx_pack_dirents(char *base, int size) { struct ext4_dir_entry_2 *next, *to, *prev, *de = (struct ext4_dir_entry_2 *) base; unsigned rec_len = 0; prev = to = de; while ((char*)de < base + size) { next = ext4_next_entry(de); if (de->inode && de->name_len) { rec_len = EXT4_DIR_REC_LEN(de->name_len); if (de > to) memmove(to, de, rec_len); to->rec_len = ext4_rec_len_to_disk(rec_len); prev = to; to = (struct ext4_dir_entry_2 *) (((char *) to) + rec_len); } de = next; } return prev; }",linux-2.6,,,125996416519842368052561750755820863273,0 3536,NVD-CWE-Other,"static int jpc_siz_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_siz_t *siz = &ms->parms.siz; unsigned int i; uint_fast8_t tmp; cstate = 0; if (jpc_getuint16(in, &siz->caps) || jpc_getuint32(in, &siz->width) || jpc_getuint32(in, &siz->height) || jpc_getuint32(in, &siz->xoff) || jpc_getuint32(in, &siz->yoff) || jpc_getuint32(in, &siz->tilewidth) || jpc_getuint32(in, &siz->tileheight) || jpc_getuint32(in, &siz->tilexoff) || jpc_getuint32(in, &siz->tileyoff) || jpc_getuint16(in, &siz->numcomps)) { return -1; } if (!siz->width || !siz->height || !siz->tilewidth || !siz->tileheight || !siz->numcomps || siz->numcomps > 16384) { return -1; } if (siz->tilexoff >= siz->width || siz->tileyoff >= siz->height) { jas_eprintf(""all tiles are outside the image area\n""); return -1; } if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { return -1; } for (i = 0; i < siz->numcomps; ++i) { if (jpc_getuint8(in, &tmp) || jpc_getuint8(in, &siz->comps[i].hsamp) || jpc_getuint8(in, &siz->comps[i].vsamp)) { jas_free(siz->comps); return -1; } if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) { jas_eprintf(""invalid XRsiz value %d\n"", siz->comps[i].hsamp); jas_free(siz->comps); return -1; } if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) { jas_eprintf(""invalid YRsiz value %d\n"", siz->comps[i].vsamp); jas_free(siz->comps); return -1; } siz->comps[i].sgnd = (tmp >> 7) & 1; siz->comps[i].prec = (tmp & 0x7f) + 1; } if (jas_stream_eof(in)) { jas_free(siz->comps); return -1; } return 0; }",visit repo url,src/libjasper/jpc/jpc_cs.c,https://github.com/mdadams/jasper,143784807566874,1 697,CWE-20,"static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int err = 0; lock_sock(sk); if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) { err = -ENOTCONN; goto out; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (!ax25_sk(sk)->pidincl) skb_pull(skb, 1); skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (msg->msg_namelen != 0) { struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; ax25_digi digi; ax25_address src; const unsigned char *mac = skb_mac_header(skb); memset(sax, 0, sizeof(struct full_sockaddr_ax25)); ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, &digi, NULL, NULL); sax->sax25_family = AF_AX25; sax->sax25_ndigis = digi.ndigi; sax->sax25_call = src; if (sax->sax25_ndigis != 0) { int ct; struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax; for (ct = 0; ct < digi.ndigi; ct++) fsa->fsa_digipeater[ct] = digi.calls[ct]; } msg->msg_namelen = sizeof(struct full_sockaddr_ax25); } skb_free_datagram(sk, skb); err = copied; out: release_sock(sk); return err; }",visit repo url,net/ax25/af_ax25.c,https://github.com/torvalds/linux,113629503405761,1 2875,['CWE-189'],"static jas_cmpxformseq_t *jas_cmpxformseq_copy(jas_cmpxformseq_t *pxformseq) { jas_cmpxformseq_t *newpxformseq; if (!(newpxformseq = jas_cmpxformseq_create())) goto error; if (jas_cmpxformseq_append(newpxformseq, pxformseq)) goto error; return newpxformseq; error: return 0; }",jasper,,,320362050078479613485635705129207298396,0 4008,['CWE-362'],"static struct audit_entry *audit_find_rule(struct audit_entry *entry, struct list_head *list) { struct audit_entry *e, *found = NULL; int h; if (entry->rule.watch) { for (h = 0; h < AUDIT_INODE_BUCKETS; h++) { list = &audit_inode_hash[h]; list_for_each_entry(e, list, list) if (!audit_compare_rule(&entry->rule, &e->rule)) { found = e; goto out; } } goto out; } list_for_each_entry(e, list, list) if (!audit_compare_rule(&entry->rule, &e->rule)) { found = e; goto out; } out: return found; }",linux-2.6,,,295433689585871450535181960809825711902,0 6448,CWE-20,"error_t httpReadRequestHeader(HttpConnection *connection) { error_t error; size_t length; error = socketSetTimeout(connection->socket, HTTP_SERVER_IDLE_TIMEOUT); if(error) return error; error = httpReceive(connection, connection->buffer, HTTP_SERVER_BUFFER_SIZE - 1, &length, SOCKET_FLAG_BREAK_CRLF); if(error) return error; error = socketSetTimeout(connection->socket, HTTP_SERVER_TIMEOUT); if(error) return error; connection->buffer[length] = '\0'; TRACE_INFO(""%s"", connection->buffer); error = httpParseRequestLine(connection, connection->buffer); if(error) return error; connection->request.chunkedEncoding = FALSE; connection->request.contentLength = 0; #if (HTTP_SERVER_WEB_SOCKET_SUPPORT == ENABLED) connection->request.upgradeWebSocket = FALSE; connection->request.connectionUpgrade = FALSE; osStrcpy(connection->request.clientKey, """"); #endif if(connection->request.version >= HTTP_VERSION_1_0) { char_t firstChar; char_t *separator; char_t *name; char_t *value; firstChar = '\0'; while(1) { error = httpReadHeaderField(connection, connection->buffer, HTTP_SERVER_BUFFER_SIZE, &firstChar); if(error) return error; TRACE_DEBUG(""%s"", connection->buffer); if(!osStrcmp(connection->buffer, ""\r\n"")) break; separator = strchr(connection->buffer, ':'); if(separator != NULL) { *separator = '\0'; name = strTrimWhitespace(connection->buffer); value = strTrimWhitespace(separator + 1); httpParseHeaderField(connection, name, value); } } } if(connection->request.chunkedEncoding) { connection->request.byteCount = 0; connection->request.firstChunk = TRUE; connection->request.lastChunk = FALSE; } else { connection->request.byteCount = connection->request.contentLength; } return NO_ERROR; }",visit repo url,http/http_server_misc.c,https://github.com/Oryx-Embedded/CycloneTCP,217289577958821,1 5937,['CWE-909'],"static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg) { struct net *net = sock_net(skb->sk); struct tcmsg *tcm; struct nlattr *tca[TCA_MAX + 1]; struct net_device *dev; u32 clid; struct Qdisc *q, *p; int err; if (net != &init_net) return -EINVAL; replay: tcm = NLMSG_DATA(n); clid = tcm->tcm_parent; q = p = NULL; if ((dev = __dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL) return -ENODEV; err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); if (err < 0) return err; if (clid) { if (clid != TC_H_ROOT) { if (clid != TC_H_INGRESS) { if ((p = qdisc_lookup(dev, TC_H_MAJ(clid))) == NULL) return -ENOENT; q = qdisc_leaf(p, clid); } else { q = dev->rx_queue.qdisc_sleeping; } } else { struct netdev_queue *dev_queue; dev_queue = netdev_get_tx_queue(dev, 0); q = dev_queue->qdisc_sleeping; } if (q && q->handle == 0) q = NULL; if (!q || !tcm->tcm_handle || q->handle != tcm->tcm_handle) { if (tcm->tcm_handle) { if (q && !(n->nlmsg_flags&NLM_F_REPLACE)) return -EEXIST; if (TC_H_MIN(tcm->tcm_handle)) return -EINVAL; if ((q = qdisc_lookup(dev, tcm->tcm_handle)) == NULL) goto create_n_graft; if (n->nlmsg_flags&NLM_F_EXCL) return -EEXIST; if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], q->ops->id)) return -EINVAL; if (q == p || (p && check_loop(q, p, 0))) return -ELOOP; atomic_inc(&q->refcnt); goto graft; } else { if (q == NULL) goto create_n_graft; if ((n->nlmsg_flags&NLM_F_CREATE) && (n->nlmsg_flags&NLM_F_REPLACE) && ((n->nlmsg_flags&NLM_F_EXCL) || (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], q->ops->id)))) goto create_n_graft; } } } else { if (!tcm->tcm_handle) return -EINVAL; q = qdisc_lookup(dev, tcm->tcm_handle); } if (q == NULL) return -ENOENT; if (n->nlmsg_flags&NLM_F_EXCL) return -EEXIST; if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], q->ops->id)) return -EINVAL; err = qdisc_change(q, tca); if (err == 0) qdisc_notify(skb, n, clid, NULL, q); return err; create_n_graft: if (!(n->nlmsg_flags&NLM_F_CREATE)) return -ENOENT; if (clid == TC_H_INGRESS) q = qdisc_create(dev, &dev->rx_queue, tcm->tcm_parent, tcm->tcm_parent, tca, &err); else q = qdisc_create(dev, netdev_get_tx_queue(dev, 0), tcm->tcm_parent, tcm->tcm_handle, tca, &err); if (q == NULL) { if (err == -EAGAIN) goto replay; return err; } graft: err = qdisc_graft(dev, p, skb, n, clid, q, NULL); if (err) { if (q) qdisc_destroy(q); return err; } return 0; }",linux-2.6,,,105603111369970468188280624604629101031,0 4801,CWE-415,"sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; unsigned char buff[128]; int r, i; size_t field_length = 0, modulus_length = 0; sc_path_t tmppath; set_string (&p15card->tokeninfo->label, ""ID-kaart""); set_string (&p15card->tokeninfo->manufacturer_id, ""AS Sertifitseerimiskeskus""); sc_format_path (""3f00eeee5044"", &tmppath); r = sc_select_file (card, &tmppath, NULL); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""select esteid PD failed""); r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""read document number failed""); buff[r] = '\0'; set_string (&p15card->tokeninfo->serial_number, (const char *) buff); p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT | SC_PKCS15_TOKEN_READONLY; for (i = 0; i < 2; i++) { static const char *esteid_cert_names[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; static char const *esteid_cert_paths[2] = { ""3f00eeeeaace"", ""3f00eeeeddce""}; static int esteid_cert_ids[2] = {1, 2}; struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); cert_info.id.value[0] = esteid_cert_ids[i]; cert_info.id.len = 1; sc_format_path(esteid_cert_paths[i], &cert_info.path); strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label)); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; if (i == 0) { sc_pkcs15_cert_t *cert = NULL; r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); if (r < 0) return SC_ERROR_INTERNAL; if (cert->key->algorithm == SC_ALGORITHM_EC) field_length = cert->key->u.ec.params.field_length; else modulus_length = cert->key->u.rsa.modulus.len * 8; if (r == SC_SUCCESS) { static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }}; u8 *cn_name = NULL; size_t cn_len = 0; sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len); if (cn_len > 0) { char *token_name = malloc(cn_len+1); if (token_name) { memcpy(token_name, cn_name, cn_len); token_name[cn_len] = '\0'; set_string(&p15card->tokeninfo->label, (const char*)token_name); free(token_name); } } free(cn_name); sc_pkcs15_free_certificate(cert); } } } sc_format_path (""3f000016"", &tmppath); r = sc_select_file (card, &tmppath, NULL); if (r < 0) return SC_ERROR_INTERNAL; for (i = 0; i < 3; i++) { unsigned char tries_left; static const char *esteid_pin_names[3] = { ""PIN1"", ""PIN2"", ""PUK"" }; static const int esteid_pin_min[3] = {4, 5, 8}; static const int esteid_pin_ref[3] = {1, 2, 0}; static const int esteid_pin_authid[3] = {1, 2, 3}; static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN}; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = esteid_pin_authid[i]; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = esteid_pin_ref[i]; pin_info.attrs.pin.flags = esteid_pin_flags[i]; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = esteid_pin_min[i]; pin_info.attrs.pin.stored_length = 12; pin_info.attrs.pin.max_length = 12; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = (int)tries_left; pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; if (i < 2) { pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 3; } r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) return SC_ERROR_INTERNAL; } for (i = 0; i < 2; i++) { static int prkey_pin[2] = {1, 2}; static const char *prkey_name[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); prkey_info.id.len = 1; prkey_info.id.value[0] = prkey_pin[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; prkey_info.field_length = field_length; prkey_info.modulus_length = modulus_length; if (i == 1) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; else if(field_length > 0) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE; else prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; prkey_obj.auth_id.value[0] = prkey_pin[i]; prkey_obj.user_consent = 0; prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; if(field_length > 0) r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); else r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if (r < 0) return SC_ERROR_INTERNAL; } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-esteid.c,https://github.com/OpenSC/OpenSC,125994446105878,1 2531,['CWE-119'],"static unsigned char *deflate_it(char *data, unsigned long size, unsigned long *result_size) { int bound; unsigned char *deflated; z_stream stream; memset(&stream, 0, sizeof(stream)); deflateInit(&stream, zlib_compression_level); bound = deflateBound(&stream, size); deflated = xmalloc(bound); stream.next_out = deflated; stream.avail_out = bound; stream.next_in = (unsigned char *)data; stream.avail_in = size; while (deflate(&stream, Z_FINISH) == Z_OK) ; deflateEnd(&stream); *result_size = stream.total_out; return deflated; }",git,,,291695036668052481377364792295677267095,0 3803,CWE-787,"op_insert(oparg_T *oap, long count1) { long ins_len, pre_textlen = 0; char_u *firstline, *ins_text; colnr_T ind_pre_col = 0, ind_post_col; int ind_pre_vcol = 0, ind_post_vcol = 0; struct block_def bd; int i; pos_T t1; pos_T start_insert; int offset = 0; bd.is_MAX = (curwin->w_curswant == MAXCOL); curwin->w_cursor.lnum = oap->start.lnum; update_screen(INVERTED); if (oap->block_mode) { if (curwin->w_cursor.coladd > 0) { int old_ve_flags = curwin->w_ve_flags; if (u_save_cursor() == FAIL) return; curwin->w_ve_flags = VE_ALL; coladvance_force(oap->op_type == OP_APPEND ? oap->end_vcol + 1 : getviscol()); if (oap->op_type == OP_APPEND) --curwin->w_cursor.col; curwin->w_ve_flags = old_ve_flags; } block_prep(oap, &bd, oap->start.lnum, TRUE); ind_pre_col = (colnr_T)getwhitecols_curline(); ind_pre_vcol = get_indent(); firstline = ml_get(oap->start.lnum) + bd.textcol; if (oap->op_type == OP_APPEND) firstline += bd.textlen; pre_textlen = (long)STRLEN(firstline); } if (oap->op_type == OP_APPEND) { if (oap->block_mode && curwin->w_cursor.coladd == 0) { curwin->w_set_curswant = TRUE; while (*ml_get_cursor() != NUL && (curwin->w_cursor.col < bd.textcol + bd.textlen)) ++curwin->w_cursor.col; if (bd.is_short && !bd.is_MAX) { if (u_save_cursor() == FAIL) return; for (i = 0; i < bd.endspaces; ++i) ins_char(' '); bd.textlen += bd.endspaces; } } else { curwin->w_cursor = oap->end; check_cursor_col(); if (!LINEEMPTY(curwin->w_cursor.lnum) && oap->start_vcol != oap->end_vcol) inc_cursor(); } } t1 = oap->start; start_insert = curwin->w_cursor; (void)edit(NUL, FALSE, (linenr_T)count1); if (t1.lnum == curbuf->b_op_start_orig.lnum && LT_POS(curbuf->b_op_start_orig, t1)) oap->start = curbuf->b_op_start_orig; if (curwin->w_cursor.lnum != oap->start.lnum || got_int) return; if (oap->block_mode) { struct block_def bd2; int did_indent = FALSE; size_t len; int add; ind_post_col = (colnr_T)getwhitecols_curline(); if (curbuf->b_op_start.col > ind_pre_col && ind_post_col > ind_pre_col) { bd.textcol += ind_post_col - ind_pre_col; ind_post_vcol = get_indent(); bd.start_vcol += ind_post_vcol - ind_pre_vcol; did_indent = TRUE; } if (oap->start.lnum == curbuf->b_op_start_orig.lnum && !bd.is_MAX && !did_indent) { int t = getviscol2(curbuf->b_op_start_orig.col, curbuf->b_op_start_orig.coladd); if (!bd.is_MAX) { if (oap->op_type == OP_INSERT && oap->start.col + oap->start.coladd != curbuf->b_op_start_orig.col + curbuf->b_op_start_orig.coladd) { oap->start.col = curbuf->b_op_start_orig.col; pre_textlen -= t - oap->start_vcol; oap->start_vcol = t; } else if (oap->op_type == OP_APPEND && oap->end.col + oap->end.coladd >= curbuf->b_op_start_orig.col + curbuf->b_op_start_orig.coladd) { oap->start.col = curbuf->b_op_start_orig.col; pre_textlen += bd.textlen; pre_textlen -= t - oap->start_vcol; oap->start_vcol = t; oap->op_type = OP_INSERT; } } else if (bd.is_MAX && oap->op_type == OP_APPEND) { pre_textlen += bd.textlen; pre_textlen -= t - oap->start_vcol; } } if (did_indent && bd.textcol - ind_post_col > 0) { oap->start.col += ind_post_col - ind_pre_col; oap->start_vcol += ind_post_vcol - ind_pre_vcol; oap->end.col += ind_post_col - ind_pre_col; oap->end_vcol += ind_post_vcol - ind_pre_vcol; } block_prep(oap, &bd2, oap->start.lnum, TRUE); if (did_indent && bd.textcol - ind_post_col > 0) { oap->start.col -= ind_post_col - ind_pre_col; oap->start_vcol -= ind_post_vcol - ind_pre_vcol; oap->end.col -= ind_post_col - ind_pre_col; oap->end_vcol -= ind_post_vcol - ind_pre_vcol; } if (!bd.is_MAX || bd2.textlen < bd.textlen) { if (oap->op_type == OP_APPEND) { pre_textlen += bd2.textlen - bd.textlen; if (bd2.endspaces) --bd2.textlen; } bd.textcol = bd2.textcol; bd.textlen = bd2.textlen; } firstline = ml_get(oap->start.lnum); len = STRLEN(firstline); add = bd.textcol; if (oap->op_type == OP_APPEND) { add += bd.textlen; if (bd.is_MAX && (start_insert.lnum == Insstart.lnum && start_insert.col > Insstart.col)) { offset = (start_insert.col - Insstart.col); add -= offset; if (oap->end_vcol > offset) oap->end_vcol -= (offset + 1); else return; } } if ((size_t)add > len) firstline += len; else firstline += add; if (pre_textlen >= 0 && (ins_len = (long)STRLEN(firstline) - pre_textlen - offset) > 0) { ins_text = vim_strnsave(firstline, ins_len); if (ins_text != NULL) { if (u_save(oap->start.lnum, (linenr_T)(oap->end.lnum + 1)) == OK) block_insert(oap, ins_text, (oap->op_type == OP_INSERT), &bd); curwin->w_cursor.col = oap->start.col; check_cursor(); vim_free(ins_text); } } } }",visit repo url,src/ops.c,https://github.com/vim/vim,185452113234708,1 5471,['CWE-476'],"void kvm_arch_flush_shadow(struct kvm *kvm) { kvm_mmu_zap_all(kvm); }",linux-2.6,,,162422074419029498359669648730353354343,0 3421,['CWE-264'],"asmlinkage long sys_fchdir(unsigned int fd) { struct file *file; struct dentry *dentry; struct inode *inode; struct vfsmount *mnt; int error; error = -EBADF; file = fget(fd); if (!file) goto out; dentry = file->f_path.dentry; mnt = file->f_path.mnt; inode = dentry->d_inode; error = -ENOTDIR; if (!S_ISDIR(inode->i_mode)) goto out_putf; error = file_permission(file, MAY_EXEC); if (!error) set_fs_pwd(current->fs, mnt, dentry); out_putf: fput(file); out: return error; }",linux-2.6,,,143036949850920534390386112937807554743,0 5265,CWE-323,"static char *oidc_cache_get_hashed_key(request_rec *r, const char *passphrase, const char *key) { char *input = apr_psprintf(r->pool, ""%s:%s"", passphrase, key); char *output = NULL; if (oidc_util_hash_string_and_base64url_encode(r, OIDC_JOSE_ALG_SHA256, input, &output) == FALSE) { oidc_error(r, ""oidc_util_hash_string_and_base64url_encode returned an error""); return NULL; } return output; }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,227439705145900,1 4030,CWE-119,"static bool glfs_check_config(const char *cfgstring, char **reason) { char *path; glfs_t *fs = NULL; glfs_fd_t *gfd = NULL; gluster_server *hosts = NULL; bool result = true; path = strchr(cfgstring, '/'); if (!path) { if (asprintf(reason, ""No path found"") == -1) *reason = NULL; result = false; goto done; } path += 1; fs = tcmu_create_glfs_object(path, &hosts); if (!fs) { tcmu_err(""tcmu_create_glfs_object failed\n""); goto done; } gfd = glfs_open(fs, hosts->path, ALLOWED_BSOFLAGS); if (!gfd) { if (asprintf(reason, ""glfs_open failed: %m"") == -1) *reason = NULL; result = false; goto unref; } if (glfs_access(fs, hosts->path, R_OK|W_OK) == -1) { if (asprintf(reason, ""glfs_access file not present, or not writable"") == -1) *reason = NULL; result = false; goto unref; } goto done; unref: gluster_cache_refresh(fs, path); done: if (gfd) glfs_close(gfd); gluster_free_server(&hosts); return result; }",visit repo url,glfs.c,https://github.com/open-iscsi/tcmu-runner,122639515072987,1 1620,CWE-264,"static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen, unsigned int flags) { struct ipv6_pinfo *np = inet6_sk(sk); int len; int val; if (ip6_mroute_opt(optname)) return ip6_mroute_getsockopt(sk, optname, optval, optlen); if (get_user(len, optlen)) return -EFAULT; switch (optname) { case IPV6_ADDRFORM: if (sk->sk_protocol != IPPROTO_UDP && sk->sk_protocol != IPPROTO_UDPLITE && sk->sk_protocol != IPPROTO_TCP) return -ENOPROTOOPT; if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; val = sk->sk_family; break; case MCAST_MSFILTER: { struct group_filter gsf; int err; if (len < GROUP_FILTER_SIZE(0)) return -EINVAL; if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) return -EFAULT; if (gsf.gf_group.ss_family != AF_INET6) return -EADDRNOTAVAIL; lock_sock(sk); err = ip6_mc_msfget(sk, &gsf, (struct group_filter __user *)optval, optlen); release_sock(sk); return err; } case IPV6_2292PKTOPTIONS: { struct msghdr msg; struct sk_buff *skb; if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; msg.msg_control = optval; msg.msg_controllen = len; msg.msg_flags = flags; lock_sock(sk); skb = np->pktoptions; if (skb) ip6_datagram_recv_ctl(sk, &msg, skb); release_sock(sk); if (!skb) { if (np->rxopt.bits.rxinfo) { struct in6_pktinfo src_info; src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : np->sticky_pktinfo.ipi6_ifindex; src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr; put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info); } if (np->rxopt.bits.rxhlim) { int hlim = np->mcast_hops; put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim); } if (np->rxopt.bits.rxtclass) { int tclass = (int)ip6_tclass(np->rcv_flowinfo); put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass); } if (np->rxopt.bits.rxoinfo) { struct in6_pktinfo src_info; src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif : np->sticky_pktinfo.ipi6_ifindex; src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr; put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info); } if (np->rxopt.bits.rxohlim) { int hlim = np->mcast_hops; put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim); } if (np->rxopt.bits.rxflow) { __be32 flowinfo = np->rcv_flowinfo; put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo); } } len -= msg.msg_controllen; return put_user(len, optlen); } case IPV6_MTU: { struct dst_entry *dst; val = 0; rcu_read_lock(); dst = __sk_dst_get(sk); if (dst) val = dst_mtu(dst); rcu_read_unlock(); if (!val) return -ENOTCONN; break; } case IPV6_V6ONLY: val = sk->sk_ipv6only; break; case IPV6_RECVPKTINFO: val = np->rxopt.bits.rxinfo; break; case IPV6_2292PKTINFO: val = np->rxopt.bits.rxoinfo; break; case IPV6_RECVHOPLIMIT: val = np->rxopt.bits.rxhlim; break; case IPV6_2292HOPLIMIT: val = np->rxopt.bits.rxohlim; break; case IPV6_RECVRTHDR: val = np->rxopt.bits.srcrt; break; case IPV6_2292RTHDR: val = np->rxopt.bits.osrcrt; break; case IPV6_HOPOPTS: case IPV6_RTHDRDSTOPTS: case IPV6_RTHDR: case IPV6_DSTOPTS: { lock_sock(sk); len = ipv6_getsockopt_sticky(sk, np->opt, optname, optval, len); release_sock(sk); if (len < 0) return len; return put_user(len, optlen); } case IPV6_RECVHOPOPTS: val = np->rxopt.bits.hopopts; break; case IPV6_2292HOPOPTS: val = np->rxopt.bits.ohopopts; break; case IPV6_RECVDSTOPTS: val = np->rxopt.bits.dstopts; break; case IPV6_2292DSTOPTS: val = np->rxopt.bits.odstopts; break; case IPV6_TCLASS: val = np->tclass; break; case IPV6_RECVTCLASS: val = np->rxopt.bits.rxtclass; break; case IPV6_FLOWINFO: val = np->rxopt.bits.rxflow; break; case IPV6_RECVPATHMTU: val = np->rxopt.bits.rxpmtu; break; case IPV6_PATHMTU: { struct dst_entry *dst; struct ip6_mtuinfo mtuinfo; if (len < sizeof(mtuinfo)) return -EINVAL; len = sizeof(mtuinfo); memset(&mtuinfo, 0, sizeof(mtuinfo)); rcu_read_lock(); dst = __sk_dst_get(sk); if (dst) mtuinfo.ip6m_mtu = dst_mtu(dst); rcu_read_unlock(); if (!mtuinfo.ip6m_mtu) return -ENOTCONN; if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &mtuinfo, len)) return -EFAULT; return 0; } case IPV6_TRANSPARENT: val = inet_sk(sk)->transparent; break; case IPV6_RECVORIGDSTADDR: val = np->rxopt.bits.rxorigdstaddr; break; case IPV6_UNICAST_HOPS: case IPV6_MULTICAST_HOPS: { struct dst_entry *dst; if (optname == IPV6_UNICAST_HOPS) val = np->hop_limit; else val = np->mcast_hops; if (val < 0) { rcu_read_lock(); dst = __sk_dst_get(sk); if (dst) val = ip6_dst_hoplimit(dst); rcu_read_unlock(); } if (val < 0) val = sock_net(sk)->ipv6.devconf_all->hop_limit; break; } case IPV6_MULTICAST_LOOP: val = np->mc_loop; break; case IPV6_MULTICAST_IF: val = np->mcast_oif; break; case IPV6_UNICAST_IF: val = (__force int)htonl((__u32) np->ucast_oif); break; case IPV6_MTU_DISCOVER: val = np->pmtudisc; break; case IPV6_RECVERR: val = np->recverr; break; case IPV6_FLOWINFO_SEND: val = np->sndflow; break; case IPV6_FLOWLABEL_MGR: { struct in6_flowlabel_req freq; int flags; if (len < sizeof(freq)) return -EINVAL; if (copy_from_user(&freq, optval, sizeof(freq))) return -EFAULT; if (freq.flr_action != IPV6_FL_A_GET) return -EINVAL; len = sizeof(freq); flags = freq.flr_flags; memset(&freq, 0, sizeof(freq)); val = ipv6_flowlabel_opt_get(sk, &freq, flags); if (val < 0) return val; if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &freq, len)) return -EFAULT; return 0; } case IPV6_ADDR_PREFERENCES: val = 0; if (np->srcprefs & IPV6_PREFER_SRC_TMP) val |= IPV6_PREFER_SRC_TMP; else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC) val |= IPV6_PREFER_SRC_PUBLIC; else { val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT; } if (np->srcprefs & IPV6_PREFER_SRC_COA) val |= IPV6_PREFER_SRC_COA; else val |= IPV6_PREFER_SRC_HOME; break; case IPV6_MINHOPCOUNT: val = np->min_hopcount; break; case IPV6_DONTFRAG: val = np->dontfrag; break; case IPV6_AUTOFLOWLABEL: val = np->autoflowlabel; break; default: return -ENOPROTOOPT; } len = min_t(unsigned int, sizeof(int), len); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) return -EFAULT; return 0; }",visit repo url,net/ipv6/ipv6_sockglue.c,https://github.com/torvalds/linux,154642880320158,1 3718,CWE-862,"wsemul_sun_output_control(struct wsemul_sun_emuldata *edp, struct wsemul_inputstate *instate) { int oargs; int rc; switch (instate->inchar) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': if (edp->nargs > SUN_EMUL_NARGS - 1) { bcopy(edp->args + 1, edp->args, (SUN_EMUL_NARGS - 1) * sizeof(edp->args[0])); edp->args[edp->nargs = SUN_EMUL_NARGS - 1] = 0; } edp->args[edp->nargs] = (edp->args[edp->nargs] * 10) + (instate->inchar - '0'); break; case ';': edp->nargs++; break; default: oargs = edp->nargs++; if (edp->nargs > SUN_EMUL_NARGS) edp->nargs = SUN_EMUL_NARGS; rc = wsemul_sun_control(edp, instate); if (rc != 0) { edp->nargs = oargs; return rc; } edp->state = SUN_EMUL_STATE_NORMAL; break; } return 0; }",visit repo url,sys/dev/wscons/wsemul_sun.c,https://github.com/openbsd/src,206120499340719,1 5297,['CWE-119'],"static void tun_sock_destruct(struct sock *sk) { free_netdev(container_of(sk, struct tun_sock, sk)->tun->dev); }",linux-2.6,,,111647766808065923395724727571818619860,0 2143,['CWE-119'],"static inline void _set_gate(int gate, unsigned type, void *addr, unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; pack_gate(&s, type, (unsigned long)addr, dpl, ist, seg); write_idt_entry(idt_table, gate, &s); }",linux-2.6,,,29117269849685902067376424727851108968,0 6142,['CWE-200'],"static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg) { struct tcmsg *tcm; struct rtattr **tca; struct net_device *dev; u32 clid; struct Qdisc *q, *p; int err; replay: tcm = NLMSG_DATA(n); tca = arg; clid = tcm->tcm_parent; q = p = NULL; if ((dev = __dev_get_by_index(tcm->tcm_ifindex)) == NULL) return -ENODEV; if (clid) { if (clid != TC_H_ROOT) { if (clid != TC_H_INGRESS) { if ((p = qdisc_lookup(dev, TC_H_MAJ(clid))) == NULL) return -ENOENT; q = qdisc_leaf(p, clid); } else { q = dev->qdisc_ingress; } } else { q = dev->qdisc_sleeping; } if (q && q->handle == 0) q = NULL; if (!q || !tcm->tcm_handle || q->handle != tcm->tcm_handle) { if (tcm->tcm_handle) { if (q && !(n->nlmsg_flags&NLM_F_REPLACE)) return -EEXIST; if (TC_H_MIN(tcm->tcm_handle)) return -EINVAL; if ((q = qdisc_lookup(dev, tcm->tcm_handle)) == NULL) goto create_n_graft; if (n->nlmsg_flags&NLM_F_EXCL) return -EEXIST; if (tca[TCA_KIND-1] && rtattr_strcmp(tca[TCA_KIND-1], q->ops->id)) return -EINVAL; if (q == p || (p && check_loop(q, p, 0))) return -ELOOP; atomic_inc(&q->refcnt); goto graft; } else { if (q == NULL) goto create_n_graft; if ((n->nlmsg_flags&NLM_F_CREATE) && (n->nlmsg_flags&NLM_F_REPLACE) && ((n->nlmsg_flags&NLM_F_EXCL) || (tca[TCA_KIND-1] && rtattr_strcmp(tca[TCA_KIND-1], q->ops->id)))) goto create_n_graft; } } } else { if (!tcm->tcm_handle) return -EINVAL; q = qdisc_lookup(dev, tcm->tcm_handle); } if (q == NULL) return -ENOENT; if (n->nlmsg_flags&NLM_F_EXCL) return -EEXIST; if (tca[TCA_KIND-1] && rtattr_strcmp(tca[TCA_KIND-1], q->ops->id)) return -EINVAL; err = qdisc_change(q, tca); if (err == 0) qdisc_notify(skb, n, clid, NULL, q); return err; create_n_graft: if (!(n->nlmsg_flags&NLM_F_CREATE)) return -ENOENT; if (clid == TC_H_INGRESS) q = qdisc_create(dev, tcm->tcm_parent, tca, &err); else q = qdisc_create(dev, tcm->tcm_handle, tca, &err); if (q == NULL) { if (err == -EAGAIN) goto replay; return err; } graft: if (1) { struct Qdisc *old_q = NULL; err = qdisc_graft(dev, p, clid, q, &old_q); if (err) { if (q) { spin_lock_bh(&dev->queue_lock); qdisc_destroy(q); spin_unlock_bh(&dev->queue_lock); } return err; } qdisc_notify(skb, n, clid, old_q, q); if (old_q) { spin_lock_bh(&dev->queue_lock); qdisc_destroy(old_q); spin_unlock_bh(&dev->queue_lock); } } return 0; }",linux-2.6,,,260795284154780473793237735226929227845,0 4959,CWE-787,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 2572,CWE-119,"static void stellaris_enet_save(QEMUFile *f, void *opaque) { stellaris_enet_state *s = (stellaris_enet_state *)opaque; int i; qemu_put_be32(f, s->ris); qemu_put_be32(f, s->im); qemu_put_be32(f, s->rctl); qemu_put_be32(f, s->tctl); qemu_put_be32(f, s->thr); qemu_put_be32(f, s->mctl); qemu_put_be32(f, s->mdv); qemu_put_be32(f, s->mtxd); qemu_put_be32(f, s->mrxd); qemu_put_be32(f, s->np); qemu_put_be32(f, s->tx_fifo_len); qemu_put_buffer(f, s->tx_fifo, sizeof(s->tx_fifo)); for (i = 0; i < 31; i++) { qemu_put_be32(f, s->rx[i].len); qemu_put_buffer(f, s->rx[i].data, sizeof(s->rx[i].data)); } qemu_put_be32(f, s->next_packet); qemu_put_be32(f, s->rx_fifo_offset); }",visit repo url,hw/net/stellaris_enet.c,https://github.com/qemu/qemu,4032969178368,1 4468,CWE-476,"merged_2v_upsample(j_decompress_ptr cinfo, JSAMPIMAGE input_buf, JDIMENSION *in_row_group_ctr, JDIMENSION in_row_groups_avail, JSAMPARRAY output_buf, JDIMENSION *out_row_ctr, JDIMENSION out_rows_avail) { my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; JSAMPROW work_ptrs[2]; JDIMENSION num_rows; if (upsample->spare_full) { JDIMENSION size = upsample->out_row_width; if (cinfo->out_color_space == JCS_RGB565) size = cinfo->output_width * 2; jcopy_sample_rows(&upsample->spare_row, 0, output_buf + *out_row_ctr, 0, 1, size); num_rows = 1; upsample->spare_full = FALSE; } else { num_rows = 2; if (num_rows > upsample->rows_to_go) num_rows = upsample->rows_to_go; out_rows_avail -= *out_row_ctr; if (num_rows > out_rows_avail) num_rows = out_rows_avail; work_ptrs[0] = output_buf[*out_row_ctr]; if (num_rows > 1) { work_ptrs[1] = output_buf[*out_row_ctr + 1]; } else { work_ptrs[1] = upsample->spare_row; upsample->spare_full = TRUE; } (*upsample->upmethod) (cinfo, input_buf, *in_row_group_ctr, work_ptrs); } *out_row_ctr += num_rows; upsample->rows_to_go -= num_rows; if (!upsample->spare_full) (*in_row_group_ctr)++; }",visit repo url,jdmerge.c,https://github.com/libjpeg-turbo/libjpeg-turbo,255179925902511,1 4709,CWE-22,"static int pop_sync_mailbox(struct Context *ctx, int *index_hint) { int i, j, ret = 0; char buf[LONG_STRING]; struct PopData *pop_data = (struct PopData *) ctx->data; struct Progress progress; #ifdef USE_HCACHE header_cache_t *hc = NULL; #endif pop_data->check_time = 0; while (true) { if (pop_reconnect(ctx) < 0) return -1; mutt_progress_init(&progress, _(""Marking messages deleted...""), MUTT_PROGRESS_MSG, WriteInc, ctx->deleted); #ifdef USE_HCACHE hc = pop_hcache_open(pop_data, ctx->path); #endif for (i = 0, j = 0, ret = 0; ret == 0 && i < ctx->msgcount; i++) { if (ctx->hdrs[i]->deleted && ctx->hdrs[i]->refno != -1) { j++; if (!ctx->quiet) mutt_progress_update(&progress, j, -1); snprintf(buf, sizeof(buf), ""DELE %d\r\n"", ctx->hdrs[i]->refno); ret = pop_query(pop_data, buf, sizeof(buf)); if (ret == 0) { mutt_bcache_del(pop_data->bcache, ctx->hdrs[i]->data); #ifdef USE_HCACHE mutt_hcache_delete(hc, ctx->hdrs[i]->data, strlen(ctx->hdrs[i]->data)); #endif } } #ifdef USE_HCACHE if (ctx->hdrs[i]->changed) { mutt_hcache_store(hc, ctx->hdrs[i]->data, strlen(ctx->hdrs[i]->data), ctx->hdrs[i], 0); } #endif } #ifdef USE_HCACHE mutt_hcache_close(hc); #endif if (ret == 0) { mutt_str_strfcpy(buf, ""QUIT\r\n"", sizeof(buf)); ret = pop_query(pop_data, buf, sizeof(buf)); } if (ret == 0) { pop_data->clear_cache = true; pop_clear_cache(pop_data); pop_data->status = POP_DISCONNECTED; return 0; } if (ret == -2) { mutt_error(""%s"", pop_data->err_msg); return -1; } } }",visit repo url,pop.c,https://github.com/neomutt/neomutt,164685958259298,1 2761,CWE-416,"PHP_FUNCTION(unserialize) { char *buf = NULL; size_t buf_len; const unsigned char *p; php_unserialize_data_t var_hash; zval *options = NULL, *classes = NULL; HashTable *class_hash = NULL; if (zend_parse_parameters(ZEND_NUM_ARGS(), ""s|a"", &buf, &buf_len, &options) == FAILURE) { RETURN_FALSE; } if (buf_len == 0) { RETURN_FALSE; } p = (const unsigned char*) buf; PHP_VAR_UNSERIALIZE_INIT(var_hash); if(options != NULL) { classes = zend_hash_str_find(Z_ARRVAL_P(options), ""allowed_classes"", sizeof(""allowed_classes"")-1); if(classes && (Z_TYPE_P(classes) == IS_ARRAY || !zend_is_true(classes))) { ALLOC_HASHTABLE(class_hash); zend_hash_init(class_hash, (Z_TYPE_P(classes) == IS_ARRAY)?zend_hash_num_elements(Z_ARRVAL_P(classes)):0, NULL, NULL, 0); } if(class_hash && Z_TYPE_P(classes) == IS_ARRAY) { zval *entry; zend_string *lcname; ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(classes), entry) { convert_to_string_ex(entry); lcname = zend_string_tolower(Z_STR_P(entry)); zend_hash_add_empty_element(class_hash, lcname); zend_string_release(lcname); } ZEND_HASH_FOREACH_END(); } } if (!php_var_unserialize_ex(return_value, &p, p + buf_len, &var_hash, class_hash)) { PHP_VAR_UNSERIALIZE_DESTROY(var_hash); if (class_hash) { zend_hash_destroy(class_hash); FREE_HASHTABLE(class_hash); } zval_ptr_dtor(return_value); if (!EG(exception)) { php_error_docref(NULL, E_NOTICE, ""Error at offset "" ZEND_LONG_FMT "" of %zd bytes"", (zend_long)((char*)p - buf), buf_len); } RETURN_FALSE; } var_push_dtor(&var_hash, return_value); PHP_VAR_UNSERIALIZE_DESTROY(var_hash); if (class_hash) { zend_hash_destroy(class_hash); FREE_HASHTABLE(class_hash); } }",visit repo url,ext/standard/var.c,https://github.com/php/php-src,41483678569691,1 1324,['CWE-119'],"static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx, unsigned char *eoc, unsigned long *integer) { unsigned char ch; unsigned int len; if (!asn1_octet_decode(ctx, &ch)) return 0; *integer = ch; if (ch == 0) len = 0; else len = 1; while (ctx->pointer < eoc) { if (++len > sizeof (unsigned long)) { ctx->error = ASN1_ERR_DEC_BADVALUE; return 0; } if (!asn1_octet_decode(ctx, &ch)) return 0; *integer <<= 8; *integer |= ch; } return 1; }",linux-2.6,,,97834245860993133839003687505554491351,0 1341,CWE-287,"static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock_iocb *siocb = kiocb_to_siocb(kiocb); struct sock *sk = sock->sk; struct net *net = sock_net(sk); struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr = msg->msg_name; struct sock *other = NULL; int namelen = 0; int err; unsigned int hash; struct sk_buff *skb; long timeo; struct scm_cookie tmp_scm; int max_level; int data_len = 0; if (NULL == siocb->scm) siocb->scm = &tmp_scm; wait_for_unix_gc(); err = scm_send(sock, msg, siocb->scm); if (err < 0) return err; err = -EOPNOTSUPP; if (msg->msg_flags&MSG_OOB) goto out; if (msg->msg_namelen) { err = unix_mkname(sunaddr, msg->msg_namelen, &hash); if (err < 0) goto out; namelen = err; } else { sunaddr = NULL; err = -ENOTCONN; other = unix_peer_get(sk); if (!other) goto out; } if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr && (err = unix_autobind(sock)) != 0) goto out; err = -EMSGSIZE; if (len > sk->sk_sndbuf - 32) goto out; if (len > SKB_MAX_ALLOC) data_len = min_t(size_t, len - SKB_MAX_ALLOC, MAX_SKB_FRAGS * PAGE_SIZE); skb = sock_alloc_send_pskb(sk, len - data_len, data_len, msg->msg_flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; err = unix_scm_to_skb(siocb->scm, skb, true); if (err < 0) goto out_free; max_level = err + 1; unix_get_secdata(siocb->scm, skb); skb_put(skb, len - data_len); skb->data_len = data_len; skb->len = len; err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, len); if (err) goto out_free; timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); restart: if (!other) { err = -ECONNRESET; if (sunaddr == NULL) goto out_free; other = unix_find_other(net, sunaddr, namelen, sk->sk_type, hash, &err); if (other == NULL) goto out_free; } if (sk_filter(other, skb) < 0) { err = len; goto out_free; } unix_state_lock(other); err = -EPERM; if (!unix_may_send(sk, other)) goto out_unlock; if (sock_flag(other, SOCK_DEAD)) { unix_state_unlock(other); sock_put(other); err = 0; unix_state_lock(sk); if (unix_peer(sk) == other) { unix_peer(sk) = NULL; unix_state_unlock(sk); unix_dgram_disconnected(sk, other); sock_put(other); err = -ECONNREFUSED; } else { unix_state_unlock(sk); } other = NULL; if (err) goto out_free; goto restart; } err = -EPIPE; if (other->sk_shutdown & RCV_SHUTDOWN) goto out_unlock; if (sk->sk_type != SOCK_SEQPACKET) { err = security_unix_may_send(sk->sk_socket, other->sk_socket); if (err) goto out_unlock; } if (unix_peer(other) != sk && unix_recvq_full(other)) { if (!timeo) { err = -EAGAIN; goto out_unlock; } timeo = unix_wait_for_peer(other, timeo); err = sock_intr_errno(timeo); if (signal_pending(current)) goto out_free; goto restart; } if (sock_flag(other, SOCK_RCVTSTAMP)) __net_timestamp(skb); maybe_add_creds(skb, sock, other); skb_queue_tail(&other->sk_receive_queue, skb); if (max_level > unix_sk(other)->recursion_level) unix_sk(other)->recursion_level = max_level; unix_state_unlock(other); other->sk_data_ready(other, len); sock_put(other); scm_destroy(siocb->scm); return len; out_unlock: unix_state_unlock(other); out_free: kfree_skb(skb); out: if (other) sock_put(other); scm_destroy(siocb->scm); return err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,112782124729593,1 1455,CWE-17,"static int udf_symlink_filler(struct file *file, struct page *page) { struct inode *inode = page->mapping->host; struct buffer_head *bh = NULL; unsigned char *symlink; int err; unsigned char *p = kmap(page); struct udf_inode_info *iinfo; uint32_t pos; if (inode->i_size > inode->i_sb->s_blocksize) { err = -ENAMETOOLONG; goto out_unmap; } iinfo = UDF_I(inode); pos = udf_block_map(inode, 0); down_read(&iinfo->i_data_sem); if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) { symlink = iinfo->i_ext.i_data + iinfo->i_lenEAttr; } else { bh = sb_bread(inode->i_sb, pos); if (!bh) { err = -EIO; goto out_unlock_inode; } symlink = bh->b_data; } udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p); brelse(bh); up_read(&iinfo->i_data_sem); SetPageUptodate(page); kunmap(page); unlock_page(page); return 0; out_unlock_inode: up_read(&iinfo->i_data_sem); SetPageError(page); out_unmap: kunmap(page); unlock_page(page); return err; }",visit repo url,fs/udf/symlink.c,https://github.com/torvalds/linux,87504717750188,1 4025,['CWE-362'],"extern inline void unpin_inotify_watch(struct inotify_watch *watch) { }",linux-2.6,,,76697903400298254917787415453516854256,0 2476,['CWE-119'],"static void run_diffstat(struct diff_filepair *p, struct diff_options *o, struct diffstat_t *diffstat) { const char *name; const char *other; int complete_rewrite = 0; if (DIFF_PAIR_UNMERGED(p)) { builtin_diffstat(p->one->path, NULL, NULL, NULL, diffstat, o, 0); return; } name = p->one->path; other = (strcmp(name, p->two->path) ? p->two->path : NULL); if (o->prefix_length) strip_prefix(o->prefix_length, &name, &other); diff_fill_sha1_info(p->one); diff_fill_sha1_info(p->two); if (p->status == DIFF_STATUS_MODIFIED && p->score) complete_rewrite = 1; builtin_diffstat(name, other, p->one, p->two, diffstat, o, complete_rewrite); }",git,,,133472718788424514204022016231465108165,0 6736,['CWE-310'],"nm_gconf_get_int_helper (GConfClient *client, const char *path, const char *key, const char *setting, int *value) { char * gc_key; GConfValue * gc_value; gboolean success = FALSE; g_return_val_if_fail (key != NULL, FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (value != NULL, FALSE); gc_key = g_strdup_printf (""%s/%s/%s"", path, setting, key); if ((gc_value = gconf_client_get (client, gc_key, NULL))) { if (gc_value->type == GCONF_VALUE_INT) { *value = gconf_value_get_int (gc_value); success = TRUE; } gconf_value_free (gc_value); } g_free (gc_key); return success; }",network-manager-applet,,,102985395528998425446231508866703553897,0 941,['CWE-200'],"static void init_once(struct kmem_cache *cachep, void *foo) { struct shmem_inode_info *p = (struct shmem_inode_info *) foo; inode_init_once(&p->vfs_inode); #ifdef CONFIG_TMPFS_POSIX_ACL p->i_acl = NULL; p->i_default_acl = NULL; #endif }",linux-2.6,,,136536032557980731231673061879079761987,0 4859,CWE-119,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 128,CWE-476,"netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb, struct net_device *dev) { struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); struct ieee80211_chanctx_conf *chanctx_conf; struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); struct ieee80211_hdr *hdr; struct ieee80211_sub_if_data *tmp_sdata, *sdata; struct cfg80211_chan_def *chandef; u16 len_rthdr; int hdrlen; memset(info, 0, sizeof(*info)); info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS | IEEE80211_TX_CTL_INJECTED; if (!ieee80211_parse_tx_radiotap(skb, dev)) goto fail; len_rthdr = ieee80211_get_radiotap_len(skb->data); skb_set_mac_header(skb, len_rthdr); skb_set_network_header(skb, len_rthdr); skb_set_transport_header(skb, len_rthdr); if (skb->len < len_rthdr + 2) goto fail; hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr); hdrlen = ieee80211_hdrlen(hdr->frame_control); if (skb->len < len_rthdr + hdrlen) goto fail; if (ieee80211_is_data(hdr->frame_control) && skb->len >= len_rthdr + hdrlen + sizeof(rfc1042_header) + 2) { u8 *payload = (u8 *)hdr + hdrlen; if (ether_addr_equal(payload, rfc1042_header)) skb->protocol = cpu_to_be16((payload[6] << 8) | payload[7]); } rcu_read_lock(); sdata = IEEE80211_DEV_TO_SUB_IF(dev); list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) { if (!ieee80211_sdata_running(tmp_sdata)) continue; if (tmp_sdata->vif.type == NL80211_IFTYPE_MONITOR || tmp_sdata->vif.type == NL80211_IFTYPE_AP_VLAN) continue; if (ether_addr_equal(tmp_sdata->vif.addr, hdr->addr2)) { sdata = tmp_sdata; break; } } chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); if (!chanctx_conf) { tmp_sdata = rcu_dereference(local->monitor_sdata); if (tmp_sdata) chanctx_conf = rcu_dereference(tmp_sdata->vif.chanctx_conf); } if (chanctx_conf) chandef = &chanctx_conf->def; else if (!local->use_chanctx) chandef = &local->_oper_chandef; else goto fail_rcu; if (!cfg80211_reg_can_beacon(local->hw.wiphy, chandef, sdata->vif.type)) goto fail_rcu; info->band = chandef->chan->band; ieee80211_select_queue_80211(sdata, skb, hdr); skb_set_queue_mapping(skb, ieee80211_ac_from_tid(skb->priority)); skb_pull(skb, len_rthdr); ieee80211_xmit(sdata, NULL, skb); rcu_read_unlock(); return NETDEV_TX_OK; fail_rcu: rcu_read_unlock(); fail: dev_kfree_skb(skb); return NETDEV_TX_OK; }",visit repo url,net/mac80211/tx.c,https://github.com/torvalds/linux,4285075051670,1 5428,CWE-190,"gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) { TIFF* tif = img->tif; tileContigRoutine put = img->put.contig; uint32 row, y, nrow, nrowsub, rowstoread; tmsize_t pos; unsigned char* buf = NULL; uint32 rowsperstrip; uint16 subsamplinghor,subsamplingver; uint32 imagewidth = img->width; tmsize_t scanline; int32 fromskew, toskew; int ret = 1, flip; tmsize_t maxstripsize; TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver); if( subsamplingver == 0 ) { TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), ""Invalid vertical YCbCr subsampling""); return (0); } maxstripsize = TIFFStripSize(tif); flip = setorientation(img); if (flip & FLIP_VERTICALLY) { y = h - 1; toskew = -(int32)(w + w); } else { y = 0; toskew = -(int32)(w - w); } TIFFGetFieldDefaulted(tif, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); scanline = TIFFScanlineSize(tif); fromskew = (w < imagewidth ? imagewidth - w : 0); for (row = 0; row < h; row += nrow) { rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip; nrow = (row + rowstoread > h ? h - row : rowstoread); nrowsub = nrow; if ((nrowsub%subsamplingver)!=0) nrowsub+=subsamplingver-nrowsub%subsamplingver; if (_TIFFReadEncodedStripAndAllocBuffer(tif, TIFFComputeStrip(tif,row+img->row_offset, 0), (void**)(&buf), maxstripsize, ((row + img->row_offset)%rowsperstrip + nrowsub) * scanline)==(tmsize_t)(-1) && (buf == NULL || img->stoponerr)) { ret = 0; break; } pos = ((row + img->row_offset) % rowsperstrip) * scanline + \ ((tmsize_t) img->col_offset * img->samplesperpixel); (*put)(img, raster+y*w, 0, y, w, nrow, fromskew, toskew, buf + pos); y += ((flip & FLIP_VERTICALLY) ? -(int32) nrow : (int32) nrow); } if (flip & FLIP_HORIZONTALLY) { uint32 line; for (line = 0; line < h; line++) { uint32 *left = raster + (line * w); uint32 *right = left + w - 1; while ( left < right ) { uint32 temp = *left; *left = *right; *right = temp; left++; right--; } } } _TIFFfree(buf); return (ret); }",visit repo url,gdal/frmts/gtiff/libtiff/tif_getimage.c,https://github.com/OSGeo/gdal,26233543714369,1 5526,CWE-125,"PyInit__ast3(void) { PyObject *m, *d; if (!init_types()) return NULL; m = PyModule_Create(&_astmodule3); if (!m) return NULL; d = PyModule_GetDict(m); if (PyDict_SetItemString(d, ""AST"", (PyObject*)&AST_type) < 0) return NULL; if (PyModule_AddIntMacro(m, PyCF_ONLY_AST) < 0) return NULL; if (PyDict_SetItemString(d, ""mod"", (PyObject*)mod_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Module"", (PyObject*)Module_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Interactive"", (PyObject*)Interactive_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Expression"", (PyObject*)Expression_type) < 0) return NULL; if (PyDict_SetItemString(d, ""FunctionType"", (PyObject*)FunctionType_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Suite"", (PyObject*)Suite_type) < 0) return NULL; if (PyDict_SetItemString(d, ""stmt"", (PyObject*)stmt_type) < 0) return NULL; if (PyDict_SetItemString(d, ""FunctionDef"", (PyObject*)FunctionDef_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AsyncFunctionDef"", (PyObject*)AsyncFunctionDef_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ClassDef"", (PyObject*)ClassDef_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Return"", (PyObject*)Return_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Delete"", (PyObject*)Delete_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Assign"", (PyObject*)Assign_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AugAssign"", (PyObject*)AugAssign_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AnnAssign"", (PyObject*)AnnAssign_type) < 0) return NULL; if (PyDict_SetItemString(d, ""For"", (PyObject*)For_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AsyncFor"", (PyObject*)AsyncFor_type) < 0) return NULL; if (PyDict_SetItemString(d, ""While"", (PyObject*)While_type) < 0) return NULL; if (PyDict_SetItemString(d, ""If"", (PyObject*)If_type) < 0) return NULL; if (PyDict_SetItemString(d, ""With"", (PyObject*)With_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AsyncWith"", (PyObject*)AsyncWith_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Raise"", (PyObject*)Raise_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Try"", (PyObject*)Try_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Assert"", (PyObject*)Assert_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Import"", (PyObject*)Import_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ImportFrom"", (PyObject*)ImportFrom_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Global"", (PyObject*)Global_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Nonlocal"", (PyObject*)Nonlocal_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Expr"", (PyObject*)Expr_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Pass"", (PyObject*)Pass_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Break"", (PyObject*)Break_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Continue"", (PyObject*)Continue_type) < 0) return NULL; if (PyDict_SetItemString(d, ""expr"", (PyObject*)expr_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BoolOp"", (PyObject*)BoolOp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BinOp"", (PyObject*)BinOp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""UnaryOp"", (PyObject*)UnaryOp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Lambda"", (PyObject*)Lambda_type) < 0) return NULL; if (PyDict_SetItemString(d, ""IfExp"", (PyObject*)IfExp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Dict"", (PyObject*)Dict_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Set"", (PyObject*)Set_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ListComp"", (PyObject*)ListComp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""SetComp"", (PyObject*)SetComp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""DictComp"", (PyObject*)DictComp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""GeneratorExp"", (PyObject*)GeneratorExp_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Await"", (PyObject*)Await_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Yield"", (PyObject*)Yield_type) < 0) return NULL; if (PyDict_SetItemString(d, ""YieldFrom"", (PyObject*)YieldFrom_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Compare"", (PyObject*)Compare_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Call"", (PyObject*)Call_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Num"", (PyObject*)Num_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Str"", (PyObject*)Str_type) < 0) return NULL; if (PyDict_SetItemString(d, ""FormattedValue"", (PyObject*)FormattedValue_type) < 0) return NULL; if (PyDict_SetItemString(d, ""JoinedStr"", (PyObject*)JoinedStr_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Bytes"", (PyObject*)Bytes_type) < 0) return NULL; if (PyDict_SetItemString(d, ""NameConstant"", (PyObject*)NameConstant_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Ellipsis"", (PyObject*)Ellipsis_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Constant"", (PyObject*)Constant_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Attribute"", (PyObject*)Attribute_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Subscript"", (PyObject*)Subscript_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Starred"", (PyObject*)Starred_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Name"", (PyObject*)Name_type) < 0) return NULL; if (PyDict_SetItemString(d, ""List"", (PyObject*)List_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Tuple"", (PyObject*)Tuple_type) < 0) return NULL; if (PyDict_SetItemString(d, ""expr_context"", (PyObject*)expr_context_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Load"", (PyObject*)Load_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Store"", (PyObject*)Store_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Del"", (PyObject*)Del_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AugLoad"", (PyObject*)AugLoad_type) < 0) return NULL; if (PyDict_SetItemString(d, ""AugStore"", (PyObject*)AugStore_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Param"", (PyObject*)Param_type) < 0) return NULL; if (PyDict_SetItemString(d, ""slice"", (PyObject*)slice_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Slice"", (PyObject*)Slice_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ExtSlice"", (PyObject*)ExtSlice_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Index"", (PyObject*)Index_type) < 0) return NULL; if (PyDict_SetItemString(d, ""boolop"", (PyObject*)boolop_type) < 0) return NULL; if (PyDict_SetItemString(d, ""And"", (PyObject*)And_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Or"", (PyObject*)Or_type) < 0) return NULL; if (PyDict_SetItemString(d, ""operator"", (PyObject*)operator_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Add"", (PyObject*)Add_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Sub"", (PyObject*)Sub_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Mult"", (PyObject*)Mult_type) < 0) return NULL; if (PyDict_SetItemString(d, ""MatMult"", (PyObject*)MatMult_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Div"", (PyObject*)Div_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Mod"", (PyObject*)Mod_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Pow"", (PyObject*)Pow_type) < 0) return NULL; if (PyDict_SetItemString(d, ""LShift"", (PyObject*)LShift_type) < 0) return NULL; if (PyDict_SetItemString(d, ""RShift"", (PyObject*)RShift_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BitOr"", (PyObject*)BitOr_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BitXor"", (PyObject*)BitXor_type) < 0) return NULL; if (PyDict_SetItemString(d, ""BitAnd"", (PyObject*)BitAnd_type) < 0) return NULL; if (PyDict_SetItemString(d, ""FloorDiv"", (PyObject*)FloorDiv_type) < 0) return NULL; if (PyDict_SetItemString(d, ""unaryop"", (PyObject*)unaryop_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Invert"", (PyObject*)Invert_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Not"", (PyObject*)Not_type) < 0) return NULL; if (PyDict_SetItemString(d, ""UAdd"", (PyObject*)UAdd_type) < 0) return NULL; if (PyDict_SetItemString(d, ""USub"", (PyObject*)USub_type) < 0) return NULL; if (PyDict_SetItemString(d, ""cmpop"", (PyObject*)cmpop_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Eq"", (PyObject*)Eq_type) < 0) return NULL; if (PyDict_SetItemString(d, ""NotEq"", (PyObject*)NotEq_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Lt"", (PyObject*)Lt_type) < 0) return NULL; if (PyDict_SetItemString(d, ""LtE"", (PyObject*)LtE_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Gt"", (PyObject*)Gt_type) < 0) return NULL; if (PyDict_SetItemString(d, ""GtE"", (PyObject*)GtE_type) < 0) return NULL; if (PyDict_SetItemString(d, ""Is"", (PyObject*)Is_type) < 0) return NULL; if (PyDict_SetItemString(d, ""IsNot"", (PyObject*)IsNot_type) < 0) return NULL; if (PyDict_SetItemString(d, ""In"", (PyObject*)In_type) < 0) return NULL; if (PyDict_SetItemString(d, ""NotIn"", (PyObject*)NotIn_type) < 0) return NULL; if (PyDict_SetItemString(d, ""comprehension"", (PyObject*)comprehension_type) < 0) return NULL; if (PyDict_SetItemString(d, ""excepthandler"", (PyObject*)excepthandler_type) < 0) return NULL; if (PyDict_SetItemString(d, ""ExceptHandler"", (PyObject*)ExceptHandler_type) < 0) return NULL; if (PyDict_SetItemString(d, ""arguments"", (PyObject*)arguments_type) < 0) return NULL; if (PyDict_SetItemString(d, ""arg"", (PyObject*)arg_type) < 0) return NULL; if (PyDict_SetItemString(d, ""keyword"", (PyObject*)keyword_type) < 0) return NULL; if (PyDict_SetItemString(d, ""alias"", (PyObject*)alias_type) < 0) return NULL; if (PyDict_SetItemString(d, ""withitem"", (PyObject*)withitem_type) < 0) return NULL; if (PyDict_SetItemString(d, ""type_ignore"", (PyObject*)type_ignore_type) < 0) return NULL; if (PyDict_SetItemString(d, ""TypeIgnore"", (PyObject*)TypeIgnore_type) < 0) return NULL; return m; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,19279496775193,1 3000,['CWE-189'],"int jpc_pi_addpchg(jpc_pi_t *pi, jpc_pocpchg_t *pchg) { return jpc_pchglist_insert(pi->pchglist, -1, pchg); }",jasper,,,236699352132443724677284000173879722828,0 768,['CWE-119'],"isdn_net_log_skb(struct sk_buff * skb, isdn_net_local * lp) { const u_char *p = skb_network_header(skb); unsigned short proto = ntohs(skb->protocol); int data_ofs; ip_ports *ipp; char addinfo[100]; addinfo[0] = '\0'; if (p < skb->data || skb->network_header >= skb->tail) { char * buf = skb->data; printk(KERN_DEBUG ""isdn_net: protocol %04x is buggy, dev %s\n"", skb->protocol, lp->netdev->dev->name); p = buf; proto = ETH_P_IP; switch (lp->p_encap) { case ISDN_NET_ENCAP_IPTYP: proto = ntohs(*(unsigned short *) &buf[0]); p = &buf[2]; break; case ISDN_NET_ENCAP_ETHER: proto = ntohs(*(unsigned short *) &buf[12]); p = &buf[14]; break; case ISDN_NET_ENCAP_CISCOHDLC: proto = ntohs(*(unsigned short *) &buf[2]); p = &buf[4]; break; #ifdef CONFIG_ISDN_PPP case ISDN_NET_ENCAP_SYNCPPP: proto = ntohs(skb->protocol); p = &buf[IPPP_MAX_HEADER]; break; #endif } } data_ofs = ((p[0] & 15) * 4); switch (proto) { case ETH_P_IP: switch (p[9]) { case 1: strcpy(addinfo, "" ICMP""); break; case 2: strcpy(addinfo, "" IGMP""); break; case 4: strcpy(addinfo, "" IPIP""); break; case 6: ipp = (ip_ports *) (&p[data_ofs]); sprintf(addinfo, "" TCP, port: %d -> %d"", ntohs(ipp->source), ntohs(ipp->dest)); break; case 8: strcpy(addinfo, "" EGP""); break; case 12: strcpy(addinfo, "" PUP""); break; case 17: ipp = (ip_ports *) (&p[data_ofs]); sprintf(addinfo, "" UDP, port: %d -> %d"", ntohs(ipp->source), ntohs(ipp->dest)); break; case 22: strcpy(addinfo, "" IDP""); break; } printk(KERN_INFO ""OPEN: %d.%d.%d.%d -> %d.%d.%d.%d%s\n"", p[12], p[13], p[14], p[15], p[16], p[17], p[18], p[19], addinfo); break; case ETH_P_ARP: printk(KERN_INFO ""OPEN: ARP %d.%d.%d.%d -> *.*.*.* ?%d.%d.%d.%d\n"", p[14], p[15], p[16], p[17], p[24], p[25], p[26], p[27]); break; } }",linux-2.6,,,328575691563289800287682981692369505127,0 4956,CWE-191,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 3570,['CWE-20'],"struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, const struct sctp_chunk *chunk, gfp_t gfp, int unkparam_len) { sctp_inithdr_t initack; struct sctp_chunk *retval; union sctp_params addrs; int addrs_len; sctp_cookie_param_t *cookie; int cookie_len; size_t chunksize; sctp_adaptation_ind_param_t aiparam; sctp_supported_ext_param_t ext_param; int num_ext = 0; __u8 extensions[3]; sctp_paramhdr_t *auth_chunks = NULL, *auth_hmacs = NULL, *auth_random = NULL; retval = NULL; addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); initack.init_tag = htonl(asoc->c.my_vtag); initack.a_rwnd = htonl(asoc->rwnd); initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); initack.initial_tsn = htonl(asoc->c.initial_tsn); cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, addrs.v, addrs_len); if (!cookie) goto nomem_cookie; chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; if (asoc->peer.ecn_capable) chunksize += sizeof(ecap_param); if (sctp_prsctp_enable) chunksize += sizeof(prsctp_param); if (sctp_addip_enable) { extensions[num_ext] = SCTP_CID_ASCONF; extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; num_ext += 2; } chunksize += sizeof(aiparam); if (asoc->peer.auth_capable) { auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; chunksize += ntohs(auth_random->length); auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; if (auth_hmacs->length) chunksize += ntohs(auth_hmacs->length); else auth_hmacs = NULL; auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; if (auth_chunks->length) chunksize += ntohs(auth_chunks->length); else auth_chunks = NULL; extensions[num_ext] = SCTP_CID_AUTH; num_ext += 1; } if (num_ext) chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); if (!retval) goto nomem_chunk; retval->transport = chunk->transport; retval->subh.init_hdr = sctp_addto_chunk(retval, sizeof(initack), &initack); retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); sctp_addto_chunk(retval, cookie_len, cookie); if (asoc->peer.ecn_capable) sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); if (num_ext) { ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; ext_param.param_hdr.length = htons(sizeof(sctp_supported_ext_param_t) + num_ext); sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), &ext_param); sctp_addto_param(retval, num_ext, extensions); } if (asoc->peer.prsctp_capable) sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; aiparam.param_hdr.length = htons(sizeof(aiparam)); aiparam.adaptation_ind = htonl(sctp_sk(asoc->base.sk)->adaptation_ind); sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); if (asoc->peer.auth_capable) { sctp_addto_chunk(retval, ntohs(auth_random->length), auth_random); if (auth_hmacs) sctp_addto_chunk(retval, ntohs(auth_hmacs->length), auth_hmacs); if (auth_chunks) sctp_addto_chunk(retval, ntohs(auth_chunks->length), auth_chunks); } retval->asoc = (struct sctp_association *) asoc; if (chunk) retval->transport = chunk->transport; nomem_chunk: kfree(cookie); nomem_cookie: kfree(addrs.v); return retval; }",linux-2.6,,,337719389796036432231556180689521223555,0 5934,['CWE-909'],"static struct Qdisc_ops *qdisc_lookup_ops(struct nlattr *kind) { struct Qdisc_ops *q = NULL; if (kind) { read_lock(&qdisc_mod_lock); for (q = qdisc_base; q; q = q->next) { if (nla_strcmp(kind, q->id) == 0) { if (!try_module_get(q->owner)) q = NULL; break; } } read_unlock(&qdisc_mod_lock); } return q; }",linux-2.6,,,325375201795089003976158854907050091391,0 2871,['CWE-189'],"static int jas_cmpxformseq_insertpxform(jas_cmpxformseq_t *pxformseq, int i, jas_cmpxform_t *pxform) { jas_cmpxform_t *tmppxform; int n; if (i < 0) i = pxformseq->numpxforms; assert(i >= 0 && i <= pxformseq->numpxforms); if (pxformseq->numpxforms >= pxformseq->maxpxforms) { if (jas_cmpxformseq_resize(pxformseq, pxformseq->numpxforms + 16)) goto error; } assert(pxformseq->numpxforms < pxformseq->maxpxforms); if (!(tmppxform = jas_cmpxform_copy(pxform))) goto error; n = pxformseq->numpxforms - i; if (n > 0) { memmove(&pxformseq->pxforms[i + 1], &pxformseq->pxforms[i], n * sizeof(jas_cmpxform_t *)); } pxformseq->pxforms[i] = tmppxform; ++pxformseq->numpxforms; return 0; error: return -1; }",jasper,,,31229435382858855945262000393056851507,0 2559,CWE-125,"int LibRaw::ljpeg_start(struct jhead *jh, int info_only) { ushort c, tag, len; int cnt = 0; uchar data[0x10000]; const uchar *dp; memset(jh, 0, sizeof *jh); jh->restart = INT_MAX; if ((fgetc(ifp), fgetc(ifp)) != 0xd8) return 0; do { if (feof(ifp)) return 0; if (cnt++ > 1024) return 0; if (!fread(data, 2, 2, ifp)) return 0; tag = data[0] << 8 | data[1]; len = (data[2] << 8 | data[3]) - 2; if (tag <= 0xff00) return 0; fread(data, 1, len, ifp); switch (tag) { case 0xffc3: jh->sraw = ((data[7] >> 4) * (data[7] & 15) - 1) & 3; case 0xffc1: case 0xffc0: jh->algo = tag & 0xff; jh->bits = data[0]; jh->high = data[1] << 8 | data[2]; jh->wide = data[3] << 8 | data[4]; jh->clrs = data[5] + jh->sraw; if (len == 9 && !dng_version) getc(ifp); break; case 0xffc4: if (info_only) break; for (dp = data; dp < data + len && !((c = *dp++) & -20);) jh->free[c] = jh->huff[c] = make_decoder_ref(&dp); break; case 0xffda: jh->psv = data[1 + data[0] * 2]; jh->bits -= data[3 + data[0] * 2] & 15; break; case 0xffdb: FORC(64) jh->quant[c] = data[c * 2 + 1] << 8 | data[c * 2 + 2]; break; case 0xffdd: jh->restart = data[0] << 8 | data[1]; } } while (tag != 0xffda); if (jh->bits > 16 || jh->clrs > 6 || !jh->bits || !jh->high || !jh->wide || !jh->clrs) return 0; if (info_only) return 1; if (!jh->huff[0]) return 0; FORC(19) if (!jh->huff[c + 1]) jh->huff[c + 1] = jh->huff[c]; if (jh->sraw) { FORC(4) jh->huff[2 + c] = jh->huff[1]; FORC(jh->sraw) jh->huff[1 + c] = jh->huff[0]; } jh->row = (ushort *)calloc(jh->wide * jh->clrs, 4); merror(jh->row, ""ljpeg_start()""); return zero_after_ff = 1; }",visit repo url,src/decoders/decoders_dcraw.cpp,https://github.com/LibRaw/LibRaw,266821917756556,1 5043,CWE-125,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 3126,['CWE-189'],"static int jas_icctxtdesc_output(jas_iccattrval_t *attrval, jas_stream_t *out) { jas_icctxtdesc_t *txtdesc = &attrval->data.txtdesc; if (jas_iccputuint32(out, txtdesc->asclen) || jas_stream_puts(out, txtdesc->ascdata) || jas_stream_putc(out, 0) == EOF || jas_iccputuint32(out, txtdesc->uclangcode) || jas_iccputuint32(out, txtdesc->uclen) || jas_stream_write(out, txtdesc->ucdata, txtdesc->uclen * 2) != JAS_CAST(int, txtdesc->uclen * 2) || jas_iccputuint16(out, txtdesc->sccode) || jas_stream_putc(out, txtdesc->maclen) == EOF) goto error; if (txtdesc->maclen > 0) { if (jas_stream_write(out, txtdesc->macdata, 67) != 67) goto error; } else { if (jas_stream_pad(out, 67, 0) != 67) goto error; } return 0; error: return -1; }",jasper,,,55398993152380417333941970261437503325,0 4022,CWE-787,"local void init_block(s) deflate_state *s; { int n; for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0; for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0; for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0; s->dyn_ltree[END_BLOCK].Freq = 1; s->opt_len = s->static_len = 0L; s->last_lit = s->matches = 0; }",visit repo url,trees.c,https://github.com/madler/zlib,191489831465879,1 5209,CWE-276,"flatpak_dir_deploy (FlatpakDir *self, const char *origin, FlatpakDecomposed *ref, const char *checksum_or_latest, const char * const * subpaths, const char * const * previous_ids, GCancellable *cancellable, GError **error) { g_autofree char *resolved_ref = NULL; g_autofree char *ref_id = NULL; g_autoptr(GFile) root = NULL; g_autoptr(GFile) deploy_base = NULL; g_autoptr(GFile) checkoutdir = NULL; g_autoptr(GFile) bindir = NULL; g_autofree char *checkoutdirpath = NULL; g_autoptr(GFile) real_checkoutdir = NULL; g_autoptr(GFile) dotref = NULL; g_autoptr(GFile) files_etc = NULL; g_autoptr(GFile) deploy_data_file = NULL; g_autoptr(GVariant) commit_data = NULL; g_autoptr(GBytes) deploy_data = NULL; g_autoptr(GFile) export = NULL; g_autoptr(GFile) extradir = NULL; g_autoptr(GKeyFile) keyfile = NULL; guint64 installed_size = 0; OstreeRepoCheckoutAtOptions options = { 0, }; const char *checksum; glnx_autofd int checkoutdir_dfd = -1; g_autoptr(GFile) tmp_dir_template = NULL; g_autofree char *tmp_dir_path = NULL; const char *xa_ref = NULL; g_autofree char *checkout_basename = NULL; gboolean created_extra_data = FALSE; g_autoptr(GVariant) commit_metadata = NULL; g_auto(GLnxLockFile) lock = { 0, }; g_autoptr(GFile) metadata_file = NULL; g_autofree char *metadata_contents = NULL; gboolean is_oci; const char *flatpak; if (!flatpak_dir_ensure_repo (self, cancellable, error)) return FALSE; ref_id = flatpak_decomposed_dup_id (ref); if (!flatpak_dir_repo_lock (self, &lock, LOCK_SH, cancellable, error)) return FALSE; deploy_base = flatpak_dir_get_deploy_dir (self, ref); if (checksum_or_latest == NULL) { g_debug (""No checksum specified, getting tip of %s from origin %s"", flatpak_decomposed_get_ref (ref), origin); resolved_ref = flatpak_dir_read_latest (self, origin, flatpak_decomposed_get_ref (ref), NULL, cancellable, error); if (resolved_ref == NULL) { g_prefix_error (error, _(""While trying to resolve ref %s: ""), flatpak_decomposed_get_ref (ref)); return FALSE; } checksum = resolved_ref; g_debug (""tip resolved to: %s"", checksum); } else { checksum = checksum_or_latest; g_debug (""Looking for checksum %s in local repo"", checksum); if (!ostree_repo_read_commit (self->repo, checksum, NULL, NULL, cancellable, NULL)) return flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA, _(""%s is not available""), flatpak_decomposed_get_ref (ref)); } if (!ostree_repo_load_commit (self->repo, checksum, &commit_data, NULL, error)) return FALSE; commit_metadata = g_variant_get_child_value (commit_data, 0); checkout_basename = flatpak_dir_get_deploy_subdir (self, checksum, subpaths); real_checkoutdir = g_file_get_child (deploy_base, checkout_basename); if (g_file_query_exists (real_checkoutdir, cancellable)) return flatpak_fail_error (error, FLATPAK_ERROR_ALREADY_INSTALLED, _(""%s commit %s already installed""), flatpak_decomposed_get_ref (ref), checksum); g_autofree char *template = g_strdup_printf ("".%s-XXXXXX"", checkout_basename); tmp_dir_template = g_file_get_child (deploy_base, template); tmp_dir_path = g_file_get_path (tmp_dir_template); if (g_mkdtemp_full (tmp_dir_path, 0755) == NULL) { g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, _(""Can't create deploy directory"")); return FALSE; } checkoutdir = g_file_new_for_path (tmp_dir_path); if (!ostree_repo_read_commit (self->repo, checksum, &root, NULL, cancellable, error)) { g_prefix_error (error, _(""Failed to read commit %s: ""), checksum); return FALSE; } if (!flatpak_repo_collect_sizes (self->repo, root, &installed_size, NULL, cancellable, error)) return FALSE; options.mode = OSTREE_REPO_CHECKOUT_MODE_USER; options.overwrite_mode = OSTREE_REPO_CHECKOUT_OVERWRITE_UNION_FILES; options.enable_fsync = FALSE; options.bareuseronly_dirs = TRUE; checkoutdirpath = g_file_get_path (checkoutdir); if (subpaths == NULL || *subpaths == NULL) { if (!ostree_repo_checkout_at (self->repo, &options, AT_FDCWD, checkoutdirpath, checksum, cancellable, error)) { g_prefix_error (error, _(""While trying to checkout %s into %s: ""), checksum, checkoutdirpath); return FALSE; } } else { g_autoptr(GFile) files = g_file_get_child (checkoutdir, ""files""); int i; if (!g_file_make_directory_with_parents (files, cancellable, error)) return FALSE; options.subpath = ""/metadata""; if (!ostree_repo_checkout_at (self->repo, &options, AT_FDCWD, checkoutdirpath, checksum, cancellable, error)) { g_prefix_error (error, _(""While trying to checkout metadata subpath: "")); return FALSE; } for (i = 0; subpaths[i] != NULL; i++) { g_autofree char *subpath = g_build_filename (""/files"", subpaths[i], NULL); g_autofree char *dstpath = g_build_filename (checkoutdirpath, ""/files"", subpaths[i], NULL); g_autofree char *dstpath_parent = g_path_get_dirname (dstpath); g_autoptr(GFile) child = NULL; child = g_file_resolve_relative_path (root, subpath); if (!g_file_query_exists (child, cancellable)) { g_debug (""subpath %s not in tree"", subpaths[i]); continue; } if (g_mkdir_with_parents (dstpath_parent, 0755)) { glnx_set_error_from_errno (error); return FALSE; } options.subpath = subpath; if (!ostree_repo_checkout_at (self->repo, &options, AT_FDCWD, dstpath, checksum, cancellable, error)) { g_prefix_error (error, _(""While trying to checkout subpath ‘%s’: ""), subpath); return FALSE; } } } extradir = g_file_resolve_relative_path (checkoutdir, ""files/extra""); if (!flatpak_rm_rf (extradir, cancellable, error)) { g_prefix_error (error, _(""While trying to remove existing extra dir: "")); return FALSE; } if (!extract_extra_data (self, checksum, extradir, &created_extra_data, cancellable, error)) return FALSE; if (created_extra_data) { if (!apply_extra_data (self, checkoutdir, cancellable, error)) { g_prefix_error (error, _(""While trying to apply extra data: "")); return FALSE; } } g_variant_lookup (commit_metadata, ""xa.ref"", ""&s"", &xa_ref); if (xa_ref != NULL) { gboolean gpg_verify_summary; if (!ostree_repo_remote_get_gpg_verify_summary (self->repo, origin, &gpg_verify_summary, error)) return FALSE; if (gpg_verify_summary) { FlatpakDecomposed *checkout_ref = ref; g_autoptr(FlatpakDecomposed) commit_ref = NULL; commit_ref = flatpak_decomposed_new_from_ref (xa_ref, error); if (commit_ref == NULL) { g_prefix_error (error, _(""Invalid commit ref %s: ""), xa_ref); return FALSE; } if (!flatpak_decomposed_equal_except_branch (checkout_ref, commit_ref)) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED, _(""Deployed ref %s does not match commit (%s)""), flatpak_decomposed_get_ref (ref), xa_ref); return FALSE; } if (strcmp (flatpak_decomposed_get_branch (checkout_ref), flatpak_decomposed_get_branch (commit_ref)) != 0) g_warning (_(""Deployed ref %s branch does not match commit (%s)""), flatpak_decomposed_get_ref (ref), xa_ref); } else if (strcmp (flatpak_decomposed_get_ref (ref), xa_ref) != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED, _(""Deployed ref %s does not match commit (%s)""), flatpak_decomposed_get_ref (ref), xa_ref); return FALSE; } } keyfile = g_key_file_new (); metadata_file = g_file_resolve_relative_path (checkoutdir, ""metadata""); if (g_file_load_contents (metadata_file, NULL, &metadata_contents, NULL, NULL, NULL)) { if (!g_key_file_load_from_data (keyfile, metadata_contents, -1, 0, error)) return FALSE; if (!flatpak_check_required_version (flatpak_decomposed_get_ref (ref), keyfile, error)) return FALSE; } is_oci = flatpak_dir_get_remote_oci (self, origin); if (!validate_commit_metadata (commit_data, flatpak_decomposed_get_ref (ref), metadata_contents, !is_oci, error)) return FALSE; dotref = g_file_resolve_relative_path (checkoutdir, ""files/.ref""); if (!g_file_replace_contents (dotref, """", 0, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, cancellable, error)) return FALSE; export = g_file_get_child (checkoutdir, ""export""); bindir = g_file_get_child (export, ""bin""); if (!flatpak_rm_rf (bindir, cancellable, error)) return FALSE; if (flatpak_decomposed_is_runtime (ref)) { files_etc = g_file_resolve_relative_path (checkoutdir, ""files/etc""); if (g_file_query_exists (files_etc, cancellable)) { char *etcfiles[] = {""passwd"", ""group"", ""machine-id"" }; g_autoptr(GFile) etc_resolve_conf = g_file_get_child (files_etc, ""resolv.conf""); int i; for (i = 0; i < G_N_ELEMENTS (etcfiles); i++) { g_autoptr(GFile) etc_file = g_file_get_child (files_etc, etcfiles[i]); GFileType type; type = g_file_query_file_type (etc_file, G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, cancellable); if (type == G_FILE_TYPE_REGULAR) continue; if (type != G_FILE_TYPE_UNKNOWN) { if (!g_file_delete (etc_file, cancellable, error)) return FALSE; } if (!g_file_replace_contents (etc_file, """", 0, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, cancellable, error)) return FALSE; } if (g_file_query_exists (etc_resolve_conf, cancellable) && !g_file_delete (etc_resolve_conf, cancellable, error)) return FALSE; if (!g_file_make_symbolic_link (etc_resolve_conf, ""/run/host/monitor/resolv.conf"", cancellable, error)) return FALSE; } if (!flatpak_rm_rf (export, cancellable, error)) return FALSE; } else { g_autofree char *ref_arch = flatpak_decomposed_dup_arch (ref); g_autofree char *ref_branch = flatpak_decomposed_dup_branch (ref); g_autoptr(GFile) wrapper = g_file_get_child (bindir, ref_id); g_autofree char *escaped_app = maybe_quote (ref_id); g_autofree char *escaped_branch = maybe_quote (ref_branch); g_autofree char *escaped_arch = maybe_quote (ref_arch); g_autofree char *bin_data = NULL; int r; if (!flatpak_mkdir_p (bindir, cancellable, error)) return FALSE; if (!flatpak_rewrite_export_dir (ref_id, ref_branch, ref_arch, keyfile, previous_ids, export, cancellable, error)) return FALSE; if ((flatpak = g_getenv (""FLATPAK_BINARY"")) == NULL) flatpak = FLATPAK_BINDIR ""/flatpak""; bin_data = g_strdup_printf (""#!/bin/sh\nexec %s run --branch=%s --arch=%s %s \""$@\""\n"", flatpak, escaped_branch, escaped_arch, escaped_app); if (!g_file_replace_contents (wrapper, bin_data, strlen (bin_data), NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, cancellable, error)) return FALSE; do r = fchmodat (AT_FDCWD, flatpak_file_get_path_cached (wrapper), 0755, 0); while (G_UNLIKELY (r == -1 && errno == EINTR)); if (r == -1) return glnx_throw_errno_prefix (error, ""fchmodat""); } deploy_data = flatpak_dir_new_deploy_data (self, checkoutdir, commit_data, commit_metadata, keyfile, ref_id, origin, checksum, (char **) subpaths, installed_size, previous_ids); if (!flatpak_dir_check_parental_controls (self, flatpak_decomposed_get_ref (ref), deploy_data, cancellable, error)) return FALSE; deploy_data_file = g_file_get_child (checkoutdir, ""deploy""); if (!flatpak_bytes_save (deploy_data_file, deploy_data, cancellable, error)) return FALSE; if (!glnx_opendirat (AT_FDCWD, checkoutdirpath, TRUE, &checkoutdir_dfd, error)) return FALSE; if (syncfs (checkoutdir_dfd) != 0) { glnx_set_error_from_errno (error); return FALSE; } if (!g_file_move (checkoutdir, real_checkoutdir, G_FILE_COPY_NO_FALLBACK_FOR_MOVE, cancellable, NULL, NULL, error)) return FALSE; if (!flatpak_dir_set_active (self, ref, checkout_basename, cancellable, error)) return FALSE; if (!flatpak_dir_update_deploy_ref (self, flatpak_decomposed_get_ref (ref), checksum, error)) return FALSE; return TRUE; }",visit repo url,common/flatpak-dir.c,https://github.com/flatpak/flatpak,60039401805820,1 5291,CWE-787,"TEE_Result syscall_cryp_obj_populate(unsigned long obj, struct utee_attribute *usr_attrs, unsigned long attr_count) { TEE_Result res; struct tee_ta_session *sess; struct tee_obj *o; const struct tee_cryp_obj_type_props *type_props; TEE_Attribute *attrs = NULL; res = tee_ta_get_current_session(&sess); if (res != TEE_SUCCESS) return res; res = tee_obj_get(to_user_ta_ctx(sess->ctx), tee_svc_uref_to_vaddr(obj), &o); if (res != TEE_SUCCESS) return res; if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) return TEE_ERROR_BAD_PARAMETERS; if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) return TEE_ERROR_BAD_PARAMETERS; type_props = tee_svc_find_type_props(o->info.objectType); if (!type_props) return TEE_ERROR_NOT_IMPLEMENTED; attrs = malloc(sizeof(TEE_Attribute) * attr_count); if (!attrs) return TEE_ERROR_OUT_OF_MEMORY; res = copy_in_attrs(to_user_ta_ctx(sess->ctx), usr_attrs, attr_count, attrs); if (res != TEE_SUCCESS) goto out; res = tee_svc_cryp_check_attr(ATTR_USAGE_POPULATE, type_props, attrs, attr_count); if (res != TEE_SUCCESS) goto out; res = tee_svc_cryp_obj_populate_type(o, type_props, attrs, attr_count); if (res == TEE_SUCCESS) o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; out: free(attrs); return res; }",visit repo url,core/tee/tee_svc_cryp.c,https://github.com/OP-TEE/optee_os,253248905321167,1 6720,['CWE-310'],"nm_gconf_get_bool_helper (GConfClient *client, const char *path, const char *key, const char *setting, gboolean *value) { char * gc_key; GConfValue * gc_value; gboolean success = FALSE; g_return_val_if_fail (key != NULL, FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (value != NULL, FALSE); gc_key = g_strdup_printf (""%s/%s/%s"", path, setting, key); if ((gc_value = gconf_client_get (client, gc_key, NULL))) { if (gc_value->type == GCONF_VALUE_BOOL) { *value = gconf_value_get_bool (gc_value); success = TRUE; } else if (gc_value->type == GCONF_VALUE_STRING && !*gconf_value_get_string (gc_value)) { *value = TRUE; success = TRUE; } gconf_value_free (gc_value); } g_free (gc_key); return success; }",network-manager-applet,,,148205377347628518429140268583031511934,0 3482,['CWE-20'],"int sctp_chunk_iif(const struct sctp_chunk *chunk) { struct sctp_af *af; int iif = 0; af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); if (af) iif = af->skb_iif(chunk->skb); return iif; }",linux-2.6,,,155047425348838562287478813865517789145,0 131,NVD-CWE-noinfo,"struct nfs_client *nfs4_alloc_client(const struct nfs_client_initdata *cl_init) { int err; struct nfs_client *clp = nfs_alloc_client(cl_init); if (IS_ERR(clp)) return clp; err = nfs_get_cb_ident_idr(clp, cl_init->minorversion); if (err) goto error; if (cl_init->minorversion > NFS4_MAX_MINOR_VERSION) { err = -EINVAL; goto error; } spin_lock_init(&clp->cl_lock); INIT_DELAYED_WORK(&clp->cl_renewd, nfs4_renew_state); INIT_LIST_HEAD(&clp->cl_ds_clients); rpc_init_wait_queue(&clp->cl_rpcwaitq, ""NFS client""); clp->cl_state = 1 << NFS4CLNT_LEASE_EXPIRED; clp->cl_mvops = nfs_v4_minor_ops[cl_init->minorversion]; clp->cl_mig_gen = 1; #if IS_ENABLED(CONFIG_NFS_V4_1) init_waitqueue_head(&clp->cl_lock_waitq); #endif INIT_LIST_HEAD(&clp->pending_cb_stateids); return clp; error: nfs_free_client(clp); return ERR_PTR(err); }",visit repo url,fs/nfs/nfs4client.c,https://github.com/torvalds/linux,44458562124985,1 2875,CWE-119,"loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned char **read_ptr) { uint32 i; float xres = 0.0, yres = 0.0; uint16 nstrips = 0, ntiles = 0, planar = 0; uint16 bps = 0, spp = 0, res_unit = 0; uint16 orientation = 0; uint16 input_compression = 0, input_photometric = 0; uint16 subsampling_horiz, subsampling_vert; uint32 width = 0, length = 0; uint32 stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; uint32 tw = 0, tl = 0; uint32 tile_rowsize = 0; unsigned char *read_buff = NULL; unsigned char *new_buff = NULL; int readunit = 0; static uint32 prev_readsize = 0; TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); TIFFGetFieldDefaulted(in, TIFFTAG_ORIENTATION, &orientation); if (! TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric)) TIFFError(""loadImage"",""Image lacks Photometric interpreation tag""); if (! TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width)) TIFFError(""loadimage"",""Image lacks image width tag""); if(! TIFFGetField(in, TIFFTAG_IMAGELENGTH, &length)) TIFFError(""loadimage"",""Image lacks image length tag""); TIFFGetFieldDefaulted(in, TIFFTAG_XRESOLUTION, &xres); TIFFGetFieldDefaulted(in, TIFFTAG_YRESOLUTION, &yres); if (!TIFFGetFieldDefaulted(in, TIFFTAG_RESOLUTIONUNIT, &res_unit)) res_unit = RESUNIT_INCH; if (!TIFFGetField(in, TIFFTAG_COMPRESSION, &input_compression)) input_compression = COMPRESSION_NONE; #ifdef DEBUG2 char compressionid[16]; switch (input_compression) { case COMPRESSION_NONE: strcpy (compressionid, ""None/dump""); break; case COMPRESSION_CCITTRLE: strcpy (compressionid, ""Huffman RLE""); break; case COMPRESSION_CCITTFAX3: strcpy (compressionid, ""Group3 Fax""); break; case COMPRESSION_CCITTFAX4: strcpy (compressionid, ""Group4 Fax""); break; case COMPRESSION_LZW: strcpy (compressionid, ""LZW""); break; case COMPRESSION_OJPEG: strcpy (compressionid, ""Old Jpeg""); break; case COMPRESSION_JPEG: strcpy (compressionid, ""New Jpeg""); break; case COMPRESSION_NEXT: strcpy (compressionid, ""Next RLE""); break; case COMPRESSION_CCITTRLEW: strcpy (compressionid, ""CITTRLEW""); break; case COMPRESSION_PACKBITS: strcpy (compressionid, ""Mac Packbits""); break; case COMPRESSION_THUNDERSCAN: strcpy (compressionid, ""Thunderscan""); break; case COMPRESSION_IT8CTPAD: strcpy (compressionid, ""IT8 padded""); break; case COMPRESSION_IT8LW: strcpy (compressionid, ""IT8 RLE""); break; case COMPRESSION_IT8MP: strcpy (compressionid, ""IT8 mono""); break; case COMPRESSION_IT8BL: strcpy (compressionid, ""IT8 lineart""); break; case COMPRESSION_PIXARFILM: strcpy (compressionid, ""Pixar 10 bit""); break; case COMPRESSION_PIXARLOG: strcpy (compressionid, ""Pixar 11bit""); break; case COMPRESSION_DEFLATE: strcpy (compressionid, ""Deflate""); break; case COMPRESSION_ADOBE_DEFLATE: strcpy (compressionid, ""Adobe deflate""); break; default: strcpy (compressionid, ""None/unknown""); break; } TIFFError(""loadImage"", ""Input compression %s"", compressionid); #endif scanlinesize = TIFFScanlineSize(in); image->bps = bps; image->spp = spp; image->planar = planar; image->width = width; image->length = length; image->xres = xres; image->yres = yres; image->res_unit = res_unit; image->compression = input_compression; image->photometric = input_photometric; #ifdef DEBUG2 char photometricid[12]; switch (input_photometric) { case PHOTOMETRIC_MINISWHITE: strcpy (photometricid, ""MinIsWhite""); break; case PHOTOMETRIC_MINISBLACK: strcpy (photometricid, ""MinIsBlack""); break; case PHOTOMETRIC_RGB: strcpy (photometricid, ""RGB""); break; case PHOTOMETRIC_PALETTE: strcpy (photometricid, ""Palette""); break; case PHOTOMETRIC_MASK: strcpy (photometricid, ""Mask""); break; case PHOTOMETRIC_SEPARATED: strcpy (photometricid, ""Separated""); break; case PHOTOMETRIC_YCBCR: strcpy (photometricid, ""YCBCR""); break; case PHOTOMETRIC_CIELAB: strcpy (photometricid, ""CIELab""); break; case PHOTOMETRIC_ICCLAB: strcpy (photometricid, ""ICCLab""); break; case PHOTOMETRIC_ITULAB: strcpy (photometricid, ""ITULab""); break; case PHOTOMETRIC_LOGL: strcpy (photometricid, ""LogL""); break; case PHOTOMETRIC_LOGLUV: strcpy (photometricid, ""LOGLuv""); break; default: strcpy (photometricid, ""Unknown""); break; } TIFFError(""loadImage"", ""Input photometric interpretation %s"", photometricid); #endif image->orientation = orientation; switch (orientation) { case 0: case ORIENTATION_TOPLEFT: image->adjustments = 0; break; case ORIENTATION_TOPRIGHT: image->adjustments = MIRROR_HORIZ; break; case ORIENTATION_BOTRIGHT: image->adjustments = ROTATECW_180; break; case ORIENTATION_BOTLEFT: image->adjustments = MIRROR_VERT; break; case ORIENTATION_LEFTTOP: image->adjustments = MIRROR_VERT | ROTATECW_90; break; case ORIENTATION_RIGHTTOP: image->adjustments = ROTATECW_90; break; case ORIENTATION_RIGHTBOT: image->adjustments = MIRROR_VERT | ROTATECW_270; break; case ORIENTATION_LEFTBOT: image->adjustments = ROTATECW_270; break; default: image->adjustments = 0; image->orientation = ORIENTATION_TOPLEFT; } if ((bps == 0) || (spp == 0)) { TIFFError(""loadImage"", ""Invalid samples per pixel (%d) or bits per sample (%d)"", spp, bps); return (-1); } if (TIFFIsTiled(in)) { readunit = TILE; tlsize = TIFFTileSize(in); ntiles = TIFFNumberOfTiles(in); TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); tile_rowsize = TIFFTileRowSize(in); if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) { TIFFError(""loadImage"", ""File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.""); exit(-1); } buffsize = tlsize * ntiles; if (tlsize != (buffsize / ntiles)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) { buffsize = ntiles * tl * tile_rowsize; if (ntiles != (buffsize / tl / tile_rowsize)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } #ifdef DEBUG2 TIFFError(""loadImage"", ""Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu"", tlsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Tilesize: %u, Number of Tiles: %u, Tile row size: %u"", tlsize, ntiles, tile_rowsize); } else { uint32 buffsize_check; readunit = STRIP; TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); stsize = TIFFStripSize(in); nstrips = TIFFNumberOfStrips(in); if (nstrips == 0 || stsize == 0) { TIFFError(""loadImage"", ""File appears to be striped, but the number of stipes or stripe size is zero.""); exit(-1); } buffsize = stsize * nstrips; if (stsize != (buffsize / nstrips)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } buffsize_check = ((length * width * spp * bps) + 7); if (length != ((buffsize_check - 7) / width / spp / bps)) { TIFFError(""loadImage"", ""Integer overflow detected.""); exit(-1); } if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) { buffsize = ((length * width * spp * bps) + 7) / 8; #ifdef DEBUG2 TIFFError(""loadImage"", ""Stripsize %u is too small, using imagelength * width * spp * bps / 8 = %lu"", stsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Stripsize: %u, Number of Strips: %u, Rows per Strip: %u, Scanline size: %u"", stsize, nstrips, rowsperstrip, scanlinesize); } if (input_compression == COMPRESSION_JPEG) { jpegcolormode = JPEGCOLORMODE_RGB; TIFFSetField(in, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { if (input_photometric == PHOTOMETRIC_YCBCR) { TIFFGetFieldDefaulted(in, TIFFTAG_YCBCRSUBSAMPLING, &subsampling_horiz, &subsampling_vert); if (subsampling_horiz != 1 || subsampling_vert != 1) { TIFFError(""loadImage"", ""Can't copy/convert subsampled image with subsampling %d horiz %d vert"", subsampling_horiz, subsampling_vert); return (-1); } } } read_buff = *read_ptr; if (!read_buff) read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); else { if (prev_readsize < buffsize) { new_buff = _TIFFrealloc(read_buff, buffsize+3); if (!new_buff) { free (read_buff); read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); } else read_buff = new_buff; } } if (!read_buff) { TIFFError(""loadImage"", ""Unable to allocate/reallocate read buffer""); return (-1); } read_buff[buffsize] = 0; read_buff[buffsize+1] = 0; read_buff[buffsize+2] = 0; prev_readsize = buffsize; *read_ptr = read_buff; switch (readunit) { case STRIP: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigStripsIntoBuffer(in, read_buff))) { TIFFError(""loadImage"", ""Unable to read contiguous strips into buffer""); return (-1); } } else { if (!(readSeparateStripsIntoBuffer(in, read_buff, length, width, spp, dump))) { TIFFError(""loadImage"", ""Unable to read separate strips into buffer""); return (-1); } } break; case TILE: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read contiguous tiles into buffer""); return (-1); } } else { if (!(readSeparateTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read separate tiles into buffer""); return (-1); } } break; default: TIFFError(""loadImage"", ""Unsupported image file format""); return (-1); break; } if ((dump->infile != NULL) && (dump->level == 2)) { dump_info (dump->infile, dump->format, ""loadImage"", ""Image width %d, length %d, Raw image data, %4d bytes"", width, length, buffsize); dump_info (dump->infile, dump->format, """", ""Bits per sample %d, Samples per pixel %d"", bps, spp); for (i = 0; i < length; i++) dump_buffer(dump->infile, dump->format, 1, scanlinesize, i, read_buff + (i * scanlinesize)); } return (0); } ",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,240254658313187,1 5816,CWE-120,"struct l2tp_packet_t *l2tp_packet_alloc(int ver, int msg_type, const struct sockaddr_in *addr, int H, const char *secret, size_t secret_len) { struct l2tp_packet_t *pack = mempool_alloc(pack_pool); if (!pack) return NULL; memset(pack, 0, sizeof(*pack)); INIT_LIST_HEAD(&pack->attrs); pack->hdr.ver = ver; pack->hdr.T = 1; pack->hdr.L = 1; pack->hdr.S = 1; memcpy(&pack->addr, addr, sizeof(*addr)); pack->hide_avps = H; pack->secret = secret; pack->secret_len = secret_len; if (msg_type) { if (l2tp_packet_add_int16(pack, Message_Type, msg_type, 1)) { mempool_free(pack); return NULL; } } return pack; }",visit repo url,accel-pppd/ctrl/l2tp/packet.c,https://github.com/accel-ppp/accel-ppp,120852636491816,1 5834,['CWE-200'],"static void econet_remove_socket(struct hlist_head *list, struct sock *sk) { write_lock_bh(&econet_lock); sk_del_node_init(sk); write_unlock_bh(&econet_lock); }",linux-2.6,,,315225425829128308676515938642606348184,0 4310,CWE-787,"RCoreSymCacheElement *r_coresym_cache_element_new(RBinFile *bf, RBuffer *buf, ut64 off, int bits, char * file_name) { RCoreSymCacheElement *result = NULL; ut8 *b = NULL; RCoreSymCacheElementHdr *hdr = r_coresym_cache_element_header_new (buf, off, bits); if (!hdr) { return NULL; } if (hdr->version != 1) { eprintf (""Unsupported CoreSymbolication cache version (%d)\n"", hdr->version); goto beach; } if (hdr->size == 0 || hdr->size > r_buf_size (buf) - off) { eprintf (""Corrupted CoreSymbolication header: size out of bounds (0x%x)\n"", hdr->size); goto beach; } result = R_NEW0 (RCoreSymCacheElement); if (!result) { goto beach; } result->hdr = hdr; b = malloc (hdr->size); if (!b) { goto beach; } if (r_buf_read_at (buf, off, b, hdr->size) != hdr->size) { goto beach; } ut8 *end = b + hdr->size; if (file_name) { result->file_name = file_name; } else if (hdr->file_name_off) { result->file_name = str_dup_safe (b, b + (size_t)hdr->file_name_off, end); } if (hdr->version_off) { result->binary_version = str_dup_safe (b, b + (size_t)hdr->version_off, end); } const size_t word_size = bits / 8; const ut64 start_of_sections = (ut64)hdr->n_segments * R_CS_EL_SIZE_SEG + R_CS_EL_OFF_SEGS; const ut64 sect_size = (bits == 32) ? R_CS_EL_SIZE_SECT_32 : R_CS_EL_SIZE_SECT_64; const ut64 start_of_symbols = start_of_sections + (ut64)hdr->n_sections * sect_size; const ut64 start_of_lined_symbols = start_of_symbols + (ut64)hdr->n_symbols * R_CS_EL_SIZE_SYM; const ut64 start_of_line_info = start_of_lined_symbols + (ut64)hdr->n_lined_symbols * R_CS_EL_SIZE_LSYM; const ut64 start_of_unknown_pairs = start_of_line_info + (ut64)hdr->n_line_info * R_CS_EL_SIZE_LINFO; const ut64 start_of_strings = start_of_unknown_pairs + (ut64)hdr->n_symbols * 8; ut64 page_zero_size = 0; size_t page_zero_idx = 0; if (UT32_MUL_OVFCHK (hdr->n_segments, sizeof (RCoreSymCacheElementSegment))) { goto beach; } else if (UT32_MUL_OVFCHK (hdr->n_sections, sizeof (RCoreSymCacheElementSection))) { goto beach; } else if (UT32_MUL_OVFCHK (hdr->n_symbols, sizeof (RCoreSymCacheElementSymbol))) { goto beach; } else if (UT32_MUL_OVFCHK (hdr->n_lined_symbols, sizeof (RCoreSymCacheElementLinedSymbol))) { goto beach; } else if (UT32_MUL_OVFCHK (hdr->n_line_info, sizeof (RCoreSymCacheElementLineInfo))) { goto beach; } if (hdr->n_segments > 0) { result->segments = R_NEWS0 (RCoreSymCacheElementSegment, hdr->n_segments); if (!result->segments) { goto beach; } size_t i; ut8 *cursor = b + R_CS_EL_OFF_SEGS; for (i = 0; i < hdr->n_segments && cursor + sizeof (RCoreSymCacheElementSegment) < end; i++) { RCoreSymCacheElementSegment *seg = &result->segments[i]; seg->paddr = seg->vaddr = r_read_le64 (cursor); cursor += 8; if (cursor >= end) { break; } seg->size = seg->vsize = r_read_le64 (cursor); cursor += 8; if (cursor >= end) { break; } seg->name = str_dup_safe_fixed (b, cursor, 16, end); cursor += 16; if (!seg->name) { continue; } if (!strcmp (seg->name, ""__PAGEZERO"")) { page_zero_size = seg->size; page_zero_idx = i; seg->paddr = seg->vaddr = 0; seg->size = 0; } } for (i = 0; i < hdr->n_segments && page_zero_size > 0; i++) { if (i == page_zero_idx) { continue; } RCoreSymCacheElementSegment *seg = &result->segments[i]; if (seg->vaddr < page_zero_size) { seg->vaddr += page_zero_size; } } } bool relative_to_strings = false; ut8* string_origin; if (hdr->n_sections > 0) { result->sections = R_NEWS0 (RCoreSymCacheElementSection, hdr->n_sections); if (!result->sections) { goto beach; } size_t i; ut8 *cursor = b + start_of_sections; for (i = 0; i < hdr->n_sections && cursor < end; i++) { ut8 *sect_start = cursor; RCoreSymCacheElementSection *sect = &result->sections[i]; sect->vaddr = sect->paddr = r_read_ble (cursor, false, bits); if (sect->vaddr < page_zero_size) { sect->vaddr += page_zero_size; } cursor += word_size; if (cursor >= end) { break; } sect->size = r_read_ble (cursor, false, bits); cursor += word_size; if (cursor >= end) { break; } ut64 sect_name_off = r_read_ble (cursor, false, bits); if (!i && !sect_name_off) { relative_to_strings = true; } cursor += word_size; if (bits == 32) { cursor += word_size; } string_origin = relative_to_strings? b + start_of_strings : sect_start; sect->name = str_dup_safe (b, string_origin + (size_t)sect_name_off, end); } } if (hdr->n_symbols) { result->symbols = R_NEWS0 (RCoreSymCacheElementSymbol, hdr->n_symbols); if (!result->symbols) { goto beach; } size_t i; ut8 *cursor = b + start_of_symbols; for (i = 0; i < hdr->n_symbols && cursor + R_CS_EL_SIZE_SYM <= end; i++) { RCoreSymCacheElementSymbol *sym = &result->symbols[i]; sym->paddr = r_read_le32 (cursor); sym->size = r_read_le32 (cursor + 0x4); sym->unk1 = r_read_le32 (cursor + 0x8); size_t name_off = r_read_le32 (cursor + 0xc); size_t mangled_name_off = r_read_le32 (cursor + 0x10); sym->unk2 = (st32)r_read_le32 (cursor + 0x14); string_origin = relative_to_strings? b + start_of_strings : cursor; sym->name = str_dup_safe (b, string_origin + name_off, end); if (!sym->name) { cursor += R_CS_EL_SIZE_SYM; continue; } string_origin = relative_to_strings? b + start_of_strings : cursor; sym->mangled_name = str_dup_safe (b, string_origin + mangled_name_off, end); if (!sym->mangled_name) { cursor += R_CS_EL_SIZE_SYM; continue; } cursor += R_CS_EL_SIZE_SYM; } } if (hdr->n_lined_symbols) { result->lined_symbols = R_NEWS0 (RCoreSymCacheElementLinedSymbol, hdr->n_lined_symbols); if (!result->lined_symbols) { goto beach; } size_t i; ut8 *cursor = b + start_of_lined_symbols; for (i = 0; i < hdr->n_lined_symbols && cursor + R_CS_EL_SIZE_LSYM <= end; i++) { RCoreSymCacheElementLinedSymbol *lsym = &result->lined_symbols[i]; lsym->sym.paddr = r_read_le32 (cursor); lsym->sym.size = r_read_le32 (cursor + 0x4); lsym->sym.unk1 = r_read_le32 (cursor + 0x8); size_t name_off = r_read_le32 (cursor + 0xc); size_t mangled_name_off = r_read_le32 (cursor + 0x10); lsym->sym.unk2 = (st32)r_read_le32 (cursor + 0x14); size_t file_name_off = r_read_le32 (cursor + 0x18); lsym->flc.line = r_read_le32 (cursor + 0x1c); lsym->flc.col = r_read_le32 (cursor + 0x20); string_origin = relative_to_strings? b + start_of_strings : cursor; lsym->sym.name = str_dup_safe (b, string_origin + name_off, end); if (!lsym->sym.name) { cursor += R_CS_EL_SIZE_LSYM; continue; } string_origin = relative_to_strings? b + start_of_strings : cursor; lsym->sym.mangled_name = str_dup_safe (b, string_origin + mangled_name_off, end); if (!lsym->sym.mangled_name) { cursor += R_CS_EL_SIZE_LSYM; continue; } string_origin = relative_to_strings? b + start_of_strings : cursor; lsym->flc.file = str_dup_safe (b, string_origin + file_name_off, end); if (!lsym->flc.file) { cursor += R_CS_EL_SIZE_LSYM; continue; } cursor += R_CS_EL_SIZE_LSYM; meta_add_fileline (bf, r_coresym_cache_element_pa2va (result, lsym->sym.paddr), lsym->sym.size, &lsym->flc); } } if (hdr->n_line_info) { result->line_info = R_NEWS0 (RCoreSymCacheElementLineInfo, hdr->n_line_info); if (!result->line_info) { goto beach; } size_t i; ut8 *cursor = b + start_of_line_info; for (i = 0; i < hdr->n_line_info && cursor + R_CS_EL_SIZE_LINFO <= end; i++) { RCoreSymCacheElementLineInfo *info = &result->line_info[i]; info->paddr = r_read_le32 (cursor); info->size = r_read_le32 (cursor + 4); size_t file_name_off = r_read_le32 (cursor + 8); info->flc.line = r_read_le32 (cursor + 0xc); info->flc.col = r_read_le32 (cursor + 0x10); string_origin = relative_to_strings? b + start_of_strings : cursor; info->flc.file = str_dup_safe (b, string_origin + file_name_off, end); if (!info->flc.file) { break; } cursor += R_CS_EL_SIZE_LINFO; meta_add_fileline (bf, r_coresym_cache_element_pa2va (result, info->paddr), info->size, &info->flc); } } beach: free (b); return result; }",visit repo url,libr/bin/format/mach0/coresymbolication.c,https://github.com/radareorg/radare2,40946868161733,1 5660,['CWE-476'],"static int do_udpv6_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen) { struct udp_sock *up = udp_sk(sk); int val; int err = 0; if(optlencorkflag = 1; } else { up->corkflag = 0; lock_sock(sk); udp_v6_push_pending_frames(sk, up); release_sock(sk); } break; case UDP_ENCAP: switch (val) { case 0: up->encap_type = val; break; default: err = -ENOPROTOOPT; break; } break; default: err = -ENOPROTOOPT; break; }; return err; }",linux-2.6,,,175679654407430056299822396294824653972,0 3922,CWE-122,"nv_gotofile(cmdarg_T *cap) { char_u *ptr; linenr_T lnum = -1; if (check_text_locked(cap->oap)) return; if (curbuf_locked()) { clearop(cap->oap); return; } #ifdef FEAT_PROP_POPUP if (ERROR_IF_TERM_POPUP_WINDOW) return; #endif ptr = grab_file_name(cap->count1, &lnum); if (ptr != NULL) { if (curbufIsChanged() && curbuf->b_nwindows <= 1 && !buf_hide(curbuf)) (void)autowrite(curbuf, FALSE); setpcmark(); if (do_ecmd(0, ptr, NULL, NULL, ECMD_LAST, buf_hide(curbuf) ? ECMD_HIDE : 0, curwin) == OK && cap->nchar == 'F' && lnum >= 0) { curwin->w_cursor.lnum = lnum; check_cursor_lnum(); beginline(BL_SOL | BL_FIX); } vim_free(ptr); } else clearop(cap->oap); }",visit repo url,src/normal.c,https://github.com/vim/vim,84739296635115,1 1475,[],"static inline void sched_init_granularity(void) { unsigned int factor = 1 + ilog2(num_online_cpus()); const unsigned long limit = 200000000; sysctl_sched_min_granularity *= factor; if (sysctl_sched_min_granularity > limit) sysctl_sched_min_granularity = limit; sysctl_sched_latency *= factor; if (sysctl_sched_latency > limit) sysctl_sched_latency = limit; sysctl_sched_wakeup_granularity *= factor; }",linux-2.6,,,213650495090180049142560051069237744105,0 291,[],"int siocdevprivate_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ifreq __user *u_ifreq64; struct ifreq32 __user *u_ifreq32 = compat_ptr(arg); char tmp_buf[IFNAMSIZ]; void __user *data64; u32 data32; if (copy_from_user(&tmp_buf[0], &(u_ifreq32->ifr_ifrn.ifrn_name[0]), IFNAMSIZ)) return -EFAULT; if (__get_user(data32, &u_ifreq32->ifr_ifru.ifru_data)) return -EFAULT; data64 = compat_ptr(data32); u_ifreq64 = compat_alloc_user_space(sizeof(*u_ifreq64)); if (copy_to_user(&u_ifreq64->ifr_ifrn.ifrn_name[0], &tmp_buf[0], IFNAMSIZ)) return -EFAULT; if (__put_user(data64, &u_ifreq64->ifr_ifru.ifru_data)) return -EFAULT; return sys_ioctl(fd, cmd, (unsigned long) u_ifreq64); }",linux-2.6,,,133706469571919548694334136824025677251,0 128,[],"asmlinkage long compat_sys_getdents(unsigned int fd, struct compat_linux_dirent __user *dirent, unsigned int count) { struct file * file; struct compat_linux_dirent __user * lastdirent; struct compat_getdents_callback buf; int error; error = -EFAULT; if (!access_ok(VERIFY_WRITE, dirent, count)) goto out; error = -EBADF; file = fget(fd); if (!file) goto out; buf.current_dir = dirent; buf.previous = NULL; buf.count = count; buf.error = 0; error = vfs_readdir(file, compat_filldir, &buf); if (error < 0) goto out_putf; error = buf.error; lastdirent = buf.previous; if (lastdirent) { if (put_user(file->f_pos, &lastdirent->d_off)) error = -EFAULT; else error = count - buf.count; } out_putf: fput(file); out: return error; }",linux-2.6,,,251231344100562270645112726312672768448,0 2723,[],"static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, int optlen) { struct sctp_association *asoc; struct sctp_sock *sp = sctp_sk(sk); int val; if (optlen < sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; if ((val != 0) && ((val < 8) || (val > SCTP_MAX_CHUNK_LEN))) return -EINVAL; sp->user_frag = val; list_for_each_entry(asoc, &(sp->ep->asocs), asocs) { asoc->frag_point = sctp_frag_point(sp, asoc->pathmtu); } return 0; }",linux-2.6,,,149230224468208698064249005545327555088,0 4412,CWE-476,"mrb_proc_copy(struct RProc *a, struct RProc *b) { if (a->body.irep) { return; } a->flags = b->flags; a->body = b->body; if (!MRB_PROC_CFUNC_P(a) && a->body.irep) { mrb_irep_incref(NULL, (mrb_irep*)a->body.irep); } a->upper = b->upper; a->e.env = b->e.env; }",visit repo url,src/proc.c,https://github.com/mruby/mruby,60234247539518,1 2525,['CWE-119'],"static void checkdiff_consume(void *priv, char *line, unsigned long len) { struct checkdiff_t *data = priv; const char *ws = diff_get_color(data->color_diff, DIFF_WHITESPACE); const char *reset = diff_get_color(data->color_diff, DIFF_RESET); const char *set = diff_get_color(data->color_diff, DIFF_FILE_NEW); char *err; if (line[0] == '+') { unsigned bad; data->lineno++; bad = check_and_emit_line(line + 1, len - 1, data->ws_rule, NULL, NULL, NULL, NULL); if (!bad) return; data->status |= bad; err = whitespace_error_string(bad); fprintf(data->file, ""%s:%d: %s.\n"", data->filename, data->lineno, err); free(err); emit_line(data->file, set, reset, line, 1); (void)check_and_emit_line(line + 1, len - 1, data->ws_rule, data->file, set, reset, ws); } else if (line[0] == ' ') data->lineno++; else if (line[0] == '@') { char *plus = strchr(line, '+'); if (plus) data->lineno = strtol(plus, NULL, 10) - 1; else die(""invalid diff""); } }",git,,,249854866224959412647957075564204006921,0 1232,CWE-400,"int perf_output_begin(struct perf_output_handle *handle, struct perf_event *event, unsigned int size, int nmi, int sample) { struct ring_buffer *rb; unsigned long tail, offset, head; int have_lost; struct perf_sample_data sample_data; struct { struct perf_event_header header; u64 id; u64 lost; } lost_event; rcu_read_lock(); if (event->parent) event = event->parent; rb = rcu_dereference(event->rb); if (!rb) goto out; handle->rb = rb; handle->event = event; handle->nmi = nmi; handle->sample = sample; if (!rb->nr_pages) goto out; have_lost = local_read(&rb->lost); if (have_lost) { lost_event.header.size = sizeof(lost_event); perf_event_header__init_id(&lost_event.header, &sample_data, event); size += lost_event.header.size; } perf_output_get_handle(handle); do { tail = ACCESS_ONCE(rb->user_page->data_tail); smp_rmb(); offset = head = local_read(&rb->head); head += size; if (unlikely(!perf_output_space(rb, tail, offset, head))) goto fail; } while (local_cmpxchg(&rb->head, offset, head) != offset); if (head - local_read(&rb->wakeup) > rb->watermark) local_add(rb->watermark, &rb->wakeup); handle->page = offset >> (PAGE_SHIFT + page_order(rb)); handle->page &= rb->nr_pages - 1; handle->size = offset & ((PAGE_SIZE << page_order(rb)) - 1); handle->addr = rb->data_pages[handle->page]; handle->addr += handle->size; handle->size = (PAGE_SIZE << page_order(rb)) - handle->size; if (have_lost) { lost_event.header.type = PERF_RECORD_LOST; lost_event.header.misc = 0; lost_event.id = event->id; lost_event.lost = local_xchg(&rb->lost, 0); perf_output_put(handle, lost_event); perf_event__output_id_sample(event, handle, &sample_data); } return 0; fail: local_inc(&rb->lost); perf_output_put_handle(handle); out: rcu_read_unlock(); return -ENOSPC; }",visit repo url,kernel/events/ring_buffer.c,https://github.com/torvalds/linux,41342794045240,1 6482,CWE-476,"vi_pci_write(UNUSED int vcpu, struct pci_devinst *pi, int baridx, uint64_t offset, int size, uint64_t value) { struct virtio_softc *vs = pi->pi_arg; struct vqueue_info *vq; struct virtio_consts *vc; struct config_reg *cr; uint64_t virtio_config_size, max; const char *name; uint32_t newoff; int error; if (vs->vs_flags & VIRTIO_USE_MSIX) { if (baridx == pci_msix_table_bar(pi) || baridx == pci_msix_pba_bar(pi)) { pci_emul_msix_twrite(pi, offset, size, value); return; } } assert(baridx == 0); if (vs->vs_mtx) pthread_mutex_lock(vs->vs_mtx); vc = vs->vs_vc; name = vc->vc_name; if (size != 1 && size != 2 && size != 4) goto bad; if (pci_msix_enabled(pi)) virtio_config_size = VTCFG_R_CFG1; else virtio_config_size = VTCFG_R_CFG0; if (offset >= virtio_config_size) { newoff = (uint32_t) (offset - virtio_config_size); max = vc->vc_cfgsize ? vc->vc_cfgsize : 0x100000000; if ((newoff + ((unsigned) size)) > max) goto bad; error = (*vc->vc_cfgwrite)(DEV_SOFTC(vs), ((int) newoff), size, ((uint32_t) value)); if (!error) goto done; } bad: cr = vi_find_cr((int) offset); if (cr == NULL || cr->cr_size != size || cr->cr_ro) { if (cr != NULL) { if (cr->cr_size != size) fprintf(stderr, ""%s: write to %s: bad size %d\r\n"", name, cr->cr_name, size); if (cr->cr_ro) fprintf(stderr, ""%s: write to read-only reg %s\r\n"", name, cr->cr_name); } else { fprintf(stderr, ""%s: write to bad offset/size %jd/%d\r\n"", name, (uintmax_t)offset, size); } goto done; } switch (offset) { case VTCFG_R_GUESTCAP: vs->vs_negotiated_caps = (uint32_t) (value & vc->vc_hv_caps); if (vc->vc_apply_features) (*vc->vc_apply_features)(DEV_SOFTC(vs), vs->vs_negotiated_caps); break; case VTCFG_R_PFN: if (vs->vs_curq >= vc->vc_nvq) goto bad_qindex; vi_vq_init(vs, ((uint32_t) value)); break; case VTCFG_R_QSEL: vs->vs_curq = (int) value; break; case VTCFG_R_QNOTIFY: if (value >= ((uint64_t) vc->vc_nvq)) { fprintf(stderr, ""%s: queue %d notify out of range\r\n"", name, (int)value); goto done; } vq = &vs->vs_queues[value]; if (vq->vq_notify) (*vq->vq_notify)(DEV_SOFTC(vs), vq); else if (vc->vc_qnotify) (*vc->vc_qnotify)(DEV_SOFTC(vs), vq); else fprintf(stderr, ""%s: qnotify queue %d: missing vq/vc notify\r\n"", name, (int)value); break; case VTCFG_R_STATUS: vs->vs_status = (uint8_t) value; if (value == 0) (*vc->vc_reset)(DEV_SOFTC(vs)); break; case VTCFG_R_CFGVEC: vs->vs_msix_cfg_idx = (uint16_t) value; break; case VTCFG_R_QVEC: if (vs->vs_curq >= vc->vc_nvq) goto bad_qindex; vq = &vs->vs_queues[vs->vs_curq]; vq->vq_msix_idx = (uint16_t) value; break; } goto done; bad_qindex: fprintf(stderr, ""%s: write config reg %s: curq %d >= max %d\r\n"", name, cr->cr_name, vs->vs_curq, vc->vc_nvq); done: if (vs->vs_mtx) pthread_mutex_unlock(vs->vs_mtx); }",visit repo url,src/lib/virtio.c,https://github.com/moby/hyperkit,9472953253047,1 1447,CWE-269,"void __init trap_init(void) { int i; #ifdef CONFIG_EISA void __iomem *p = early_ioremap(0x0FFFD9, 4); if (readl(p) == 'E' + ('I'<<8) + ('S'<<16) + ('A'<<24)) EISA_bus = 1; early_iounmap(p, 4); #endif set_intr_gate(X86_TRAP_DE, divide_error); set_intr_gate_ist(X86_TRAP_NMI, &nmi, NMI_STACK); set_system_intr_gate(X86_TRAP_OF, &overflow); set_intr_gate(X86_TRAP_BR, bounds); set_intr_gate(X86_TRAP_UD, invalid_op); set_intr_gate(X86_TRAP_NM, device_not_available); #ifdef CONFIG_X86_32 set_task_gate(X86_TRAP_DF, GDT_ENTRY_DOUBLEFAULT_TSS); #else set_intr_gate_ist(X86_TRAP_DF, &double_fault, DOUBLEFAULT_STACK); #endif set_intr_gate(X86_TRAP_OLD_MF, coprocessor_segment_overrun); set_intr_gate(X86_TRAP_TS, invalid_TSS); set_intr_gate(X86_TRAP_NP, segment_not_present); set_intr_gate_ist(X86_TRAP_SS, &stack_segment, STACKFAULT_STACK); set_intr_gate(X86_TRAP_GP, general_protection); set_intr_gate(X86_TRAP_SPURIOUS, spurious_interrupt_bug); set_intr_gate(X86_TRAP_MF, coprocessor_error); set_intr_gate(X86_TRAP_AC, alignment_check); #ifdef CONFIG_X86_MCE set_intr_gate_ist(X86_TRAP_MC, &machine_check, MCE_STACK); #endif set_intr_gate(X86_TRAP_XF, simd_coprocessor_error); for (i = 0; i < FIRST_EXTERNAL_VECTOR; i++) set_bit(i, used_vectors); #ifdef CONFIG_IA32_EMULATION set_system_intr_gate(IA32_SYSCALL_VECTOR, ia32_syscall); set_bit(IA32_SYSCALL_VECTOR, used_vectors); #endif #ifdef CONFIG_X86_32 set_system_trap_gate(SYSCALL_VECTOR, &system_call); set_bit(SYSCALL_VECTOR, used_vectors); #endif __set_fixmap(FIX_RO_IDT, __pa_symbol(idt_table), PAGE_KERNEL_RO); idt_descr.address = fix_to_virt(FIX_RO_IDT); cpu_init(); x86_init.irqs.trap_init(); #ifdef CONFIG_X86_64 memcpy(&debug_idt_table, &idt_table, IDT_ENTRIES * 16); set_nmi_gate(X86_TRAP_DB, &debug); set_nmi_gate(X86_TRAP_BP, &int3); #endif }",visit repo url,arch/x86/kernel/traps.c,https://github.com/torvalds/linux,4977558412746,1 239,[],"static int fat_zeroed_cluster(struct inode *dir, sector_t blknr, int nr_used, struct buffer_head **bhs, int nr_bhs) { struct super_block *sb = dir->i_sb; sector_t last_blknr = blknr + MSDOS_SB(sb)->sec_per_clus; int err, i, n; blknr += nr_used; n = nr_used; while (blknr < last_blknr) { bhs[n] = sb_getblk(sb, blknr); if (!bhs[n]) { err = -ENOMEM; goto error; } memset(bhs[n]->b_data, 0, sb->s_blocksize); set_buffer_uptodate(bhs[n]); mark_buffer_dirty(bhs[n]); n++; blknr++; if (n == nr_bhs) { if (IS_DIRSYNC(dir)) { err = fat_sync_bhs(bhs, n); if (err) goto error; } for (i = 0; i < n; i++) brelse(bhs[i]); n = 0; } } if (IS_DIRSYNC(dir)) { err = fat_sync_bhs(bhs, n); if (err) goto error; } for (i = 0; i < n; i++) brelse(bhs[i]); return 0; error: for (i = 0; i < n; i++) bforget(bhs[i]); return err; }",linux-2.6,,,173474113211646427571171048102461246892,0 6327,['CWE-200'],"static int psched_show(struct seq_file *seq, void *v) { seq_printf(seq, ""%08x %08x %08x %08x\n"", psched_tick_per_us, psched_us_per_tick, 1000000, HZ); return 0; }",linux-2.6,,,176127683756553920789557660702141016101,0 5397,CWE-787,"double GetGPMFSampleRate(size_t handle, uint32_t fourcc, uint32_t flags) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return 0.0; GPMF_stream metadata_stream, *ms = &metadata_stream; uint32_t teststart = 0; uint32_t testend = mp4->indexcount; double rate = 0.0; if (mp4->indexcount < 1) return 0.0; if (mp4->indexcount > 3) { teststart++; testend--; } uint32_t *payload = GetPayload(handle, NULL, teststart); uint32_t payloadsize = GetPayloadSize(handle, teststart); int32_t ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; { uint32_t startsamples = 0; uint32_t endsamples = 0; uint32_t missing_samples = 0; while (ret == GPMF_OK && GPMF_OK != GPMF_FindNext(ms, fourcc, GPMF_RECURSE_LEVELS)) { missing_samples = 1; teststart++; payload = GetPayload(handle, payload, teststart); payloadsize = GetPayloadSize(handle, teststart); ret = GPMF_Init(ms, payload, payloadsize); } if (missing_samples) { teststart++; payload = GetPayload(handle, payload, teststart); payloadsize = GetPayloadSize(handle, teststart); ret = GPMF_Init(ms, payload, payloadsize); } if (ret == GPMF_OK) { uint32_t samples = GPMF_Repeat(ms); GPMF_stream find_stream; GPMF_CopyState(ms, &find_stream); if (!(flags & GPMF_SAMPLE_RATE_PRECISE) && GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TOTAL_SAMPLES, GPMF_CURRENT_LEVEL)) { startsamples = BYTESWAP32(*(uint32_t *)GPMF_RawData(&find_stream)) - samples; payload = GetPayload(handle, payload, testend); payloadsize = GetPayloadSize(handle, testend); ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; if (GPMF_OK == GPMF_FindNext(ms, fourcc, GPMF_RECURSE_LEVELS)) { GPMF_CopyState(ms, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TOTAL_SAMPLES, GPMF_CURRENT_LEVEL)) { endsamples = BYTESWAP32(*(uint32_t *)GPMF_RawData(&find_stream)); rate = (double)(endsamples - startsamples) / (mp4->metadatalength * ((double)(testend - teststart + 1)) / (double)mp4->indexcount); goto cleanup; } } rate = (double)(samples) / (mp4->metadatalength * ((double)(testend - teststart + 1)) / (double)mp4->indexcount); } else { uint32_t payloadpos = 0, payloadcount = 0; double slope, top = 0.0, bot = 0.0, meanX = 0, meanY = 0; uint32_t *repeatarray = malloc(mp4->indexcount * 4 + 4); memset(repeatarray, 0, mp4->indexcount * 4 + 4); samples = 0; for (payloadpos = teststart; payloadpos < testend; payloadcount++, payloadpos++) { payload = GetPayload(handle, payload, payloadpos); payloadsize = GetPayloadSize(handle, payloadpos); ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; if (GPMF_OK == GPMF_FindNext(ms, fourcc, GPMF_RECURSE_LEVELS)) { GPMF_stream find_stream2; GPMF_CopyState(ms, &find_stream2); if (GPMF_OK == GPMF_FindNext(&find_stream2, fourcc, GPMF_CURRENT_LEVEL)) { if (repeatarray) { float in, out; do { samples++; } while (GPMF_OK == GPMF_FindNext(ms, fourcc, GPMF_CURRENT_LEVEL)); repeatarray[payloadpos] = samples; meanY += (double)samples; GetPayloadTime(handle, payloadpos, &in, &out); meanX += out; } } else { uint32_t repeat = GPMF_Repeat(ms); samples += repeat; if (repeatarray) { float in, out; repeatarray[payloadpos] = samples; meanY += (double)samples; GetPayloadTime(handle, payloadpos, &in, &out); meanX += out; } } } } if (repeatarray) { meanY /= (double)payloadcount; meanX /= (double)payloadcount; for (payloadpos = teststart; payloadpos < testend; payloadpos++) { float in, out; GetPayloadTime(handle, payloadpos, &in, &out); top += ((double)out - meanX)*((double)repeatarray[payloadpos] - meanY); bot += ((double)out - meanX)*((double)out - meanX); } slope = top / bot; #if 0 { double intercept; intercept = meanY - slope*meanX; printf(""%c%c%c%c start offset = %f (%.3fms)\n"", PRINTF_4CC(fourcc), intercept, 1000.0 * intercept / slope); } #endif rate = slope; } else { rate = (double)(samples) / (mp4->metadatalength * ((double)(testend - teststart + 1)) / (double)mp4->indexcount); } free(repeatarray); goto cleanup; } } } cleanup: if (payload) { FreePayload(payload); payload = NULL; } return rate; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,227559842246580,1 6680,['CWE-200'],"applet_settings_new_secrets_requested_cb (NMAGConfSettings *settings, NMAGConfConnection *exported, const char *setting_name, const char **hints, gboolean ask_user, DBusGMethodInvocation *context, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); NMActiveConnection *active_connection = NULL; NMConnection *connection; NMSettingConnection *s_con; NMDevice *device; NMADeviceClass *dclass; GError *error = NULL; connection = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (exported)); g_return_if_fail (connection != NULL); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_return_if_fail (s_con != NULL); if (!strcmp (nm_setting_connection_get_connection_type (s_con), NM_SETTING_VPN_SETTING_NAME)) { nma_vpn_request_password (NM_EXPORTED_CONNECTION (exported), ask_user, context); return; } device = find_active_device (exported, applet, &active_connection); if (!device || !active_connection) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INTERNAL_ERROR, ""%s.%d (%s): couldn't find details for connection"", __FILE__, __LINE__, __func__); goto error; } dclass = get_device_class (device, applet); if (!dclass) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INTERNAL_ERROR, ""%s.%d (%s): device type unknown"", __FILE__, __LINE__, __func__); goto error; } if (!dclass->get_secrets) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_SECRETS_UNAVAILABLE, ""%s.%d (%s): no secrets found"", __FILE__, __LINE__, __func__); goto error; } if (!dclass->get_secrets (device, connection, active_connection, setting_name, hints, context, applet, &error)) goto error; return; error: g_warning (""%s"", error->message); dbus_g_method_return_error (context, error); g_error_free (error); }",network-manager-applet,,,2487304751134762302184734676727188501,0 2288,['CWE-120'],"static int __path_lookup_intent_open(int dfd, const char *name, unsigned int lookup_flags, struct nameidata *nd, int open_flags, int create_mode) { struct file *filp = get_empty_filp(); int err; if (filp == NULL) return -ENFILE; nd->intent.open.file = filp; nd->intent.open.flags = open_flags; nd->intent.open.create_mode = create_mode; err = do_path_lookup(dfd, name, lookup_flags|LOOKUP_OPEN, nd); if (IS_ERR(nd->intent.open.file)) { if (err == 0) { err = PTR_ERR(nd->intent.open.file); path_put(&nd->path); } } else if (err != 0) release_open_intent(nd); return err; }",linux-2.6,,,121417302514028618180418384696687458513,0 6030,CWE-476,"print_include_directory_details(Dwarf_Debug dbg, unsigned int line_version, Dwarf_Line_Context line_context) { Dwarf_Unsigned u = 0; dwarfstring m4; Dwarf_Unsigned indexbase = 0; Dwarf_Unsigned indexlimit = 0; dwarfstring_constructor_static(&m4,locallinebuf, sizeof(locallinebuf)); if (line_version == DW_LINE_VERSION5) { unsigned i = 0; unsigned dfcount = line_context->lc_directory_entry_format_count; dwarfstring_constructor(&m4); dwarfstring_append_printf_u(&m4, "" directory entry format count %u\n"",dfcount); _dwarf_printf(dbg,dwarfstring_string(&m4)); dwarfstring_reset(&m4); for ( ; i < dfcount;++i) { struct Dwarf_Unsigned_Pair_s *valpair = 0; const char *tname = 0; const char *fname = 0; int res; valpair = line_context->lc_directory_format_values +i; dwarfstring_append_printf_u(&m4, "" format [%2u] "",i); res = dwarf_get_LNCT_name(valpair->up_first, &tname); if ( res != DW_DLV_OK) { tname = """"; } dwarfstring_append_printf_u (&m4, "" type 0x%"" DW_PR_XZEROS DW_PR_DUx ,valpair->up_first); dwarfstring_append_printf_s (&m4, "" %-20s\n"",(char *)tname); res = dwarf_get_FORM_name(valpair->up_second,&fname); if ( res != DW_DLV_OK) { fname = """"; } dwarfstring_append_printf_u(&m4, "" code 0x%"" DW_PR_XZEROS DW_PR_DUx , valpair->up_second); dwarfstring_append_printf_s(&m4, "" %-20s\n"", (char *)fname); _dwarf_printf(dbg,dwarfstring_string(&m4)); dwarfstring_reset(&m4); } } if (line_version == DW_LINE_VERSION5) { dwarfstring_append_printf_i(&m4, "" include directories count %d\n"", (int) line_context->lc_include_directories_count); } else { if(!line_context->lc_include_directories_count) { dwarfstring_append_printf_i(&m4, "" include directories count %d\n"", (int) line_context->lc_include_directories_count); } else { dwarfstring_append_printf_i(&m4, "" include directories count %d"" "" (index starts at 1)\n"", (int) line_context->lc_include_directories_count); } } _dwarf_printf(dbg,dwarfstring_string(&m4)); dwarfstring_reset(&m4); if (line_version == DW_LINE_VERSION5) { indexbase = 0; indexlimit = line_context->lc_include_directories_count; } else { indexbase = 1; indexlimit = 1 + line_context->lc_include_directories_count; } for (u = indexbase; u < indexlimit; ++u) { dwarfstring_append_printf_u(&m4, "" include dir[%u] "",u); dwarfstring_append_printf_s(&m4, ""%s\n"",(char *) line_context->lc_include_directories[u-indexbase]); _dwarf_printf(dbg,dwarfstring_string(&m4)); dwarfstring_reset(&m4); } dwarfstring_destructor(&m4); }",visit repo url,libdwarf/dwarf_print_lines.c,https://github.com/davea42/libdwarf-code,51375161478289,1 6673,['CWE-200'],"connection_remove_done (NMExportedConnection *exported, gboolean success, gpointer user_data) { if (success) { NMConnectionList *list = (NMConnectionList *) user_data; g_hash_table_remove (list->editors, exported); } }",network-manager-applet,,,43827422914084361912016527179967377739,0 1058,CWE-20,"static void __iov_iter_advance_iov(struct iov_iter *i, size_t bytes) { if (likely(i->nr_segs == 1)) { i->iov_offset += bytes; } else { const struct iovec *iov = i->iov; size_t base = i->iov_offset; while (bytes) { int copy = min(bytes, iov->iov_len - base); bytes -= copy; base += copy; if (iov->iov_len == base) { iov++; base = 0; } } i->iov = iov; i->iov_offset = base; } }",visit repo url,mm/filemap.c,https://github.com/torvalds/linux,92080831594360,1 672,[],"static int jpc_crg_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_crg_t *crg = &ms->parms.crg; jpc_crgcomp_t *comp; uint_fast16_t compno; crg->numcomps = cstate->numcomps; if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) { return -1; } for (compno = 0, comp = crg->comps; compno < cstate->numcomps; ++compno, ++comp) { if (jpc_getuint16(in, &comp->hoff) || jpc_getuint16(in, &comp->voff)) { jpc_crg_destroyparms(ms); return -1; } } return 0; }",jasper,,,1641875753800472216137290978981035765,0 1991,CWE-787,"static int xdp_umem_reg(struct xdp_umem *umem, struct xdp_umem_reg *mr) { bool unaligned_chunks = mr->flags & XDP_UMEM_UNALIGNED_CHUNK_FLAG; u32 chunk_size = mr->chunk_size, headroom = mr->headroom; unsigned int chunks, chunks_per_page; u64 addr = mr->addr, size = mr->len; int size_chk, err; if (chunk_size < XDP_UMEM_MIN_CHUNK_SIZE || chunk_size > PAGE_SIZE) { return -EINVAL; } if (mr->flags & ~(XDP_UMEM_UNALIGNED_CHUNK_FLAG | XDP_UMEM_USES_NEED_WAKEUP)) return -EINVAL; if (!unaligned_chunks && !is_power_of_2(chunk_size)) return -EINVAL; if (!PAGE_ALIGNED(addr)) { return -EINVAL; } if ((addr + size) < addr) return -EINVAL; chunks = (unsigned int)div_u64(size, chunk_size); if (chunks == 0) return -EINVAL; if (!unaligned_chunks) { chunks_per_page = PAGE_SIZE / chunk_size; if (chunks < chunks_per_page || chunks % chunks_per_page) return -EINVAL; } size_chk = chunk_size - headroom - XDP_PACKET_HEADROOM; if (size_chk < 0) return -EINVAL; umem->address = (unsigned long)addr; umem->chunk_mask = unaligned_chunks ? XSK_UNALIGNED_BUF_ADDR_MASK : ~((u64)chunk_size - 1); umem->size = size; umem->headroom = headroom; umem->chunk_size_nohr = chunk_size - headroom; umem->npgs = size / PAGE_SIZE; umem->pgs = NULL; umem->user = NULL; umem->flags = mr->flags; INIT_LIST_HEAD(&umem->xsk_list); spin_lock_init(&umem->xsk_list_lock); refcount_set(&umem->users, 1); err = xdp_umem_account_pages(umem); if (err) return err; err = xdp_umem_pin_pages(umem); if (err) goto out_account; umem->pages = kvcalloc(umem->npgs, sizeof(*umem->pages), GFP_KERNEL_ACCOUNT); if (!umem->pages) { err = -ENOMEM; goto out_pin; } err = xdp_umem_map_pages(umem); if (!err) return 0; kvfree(umem->pages); out_pin: xdp_umem_unpin_pages(umem); out_account: xdp_umem_unaccount_pages(umem); return err; }",visit repo url,net/xdp/xdp_umem.c,https://github.com/torvalds/linux,218737894316926,1 2246,CWE-400,"void exit_io_context(void) { struct io_context *ioc; task_lock(current); ioc = current->io_context; current->io_context = NULL; task_unlock(current); if (atomic_dec_and_test(&ioc->nr_tasks)) { if (ioc->aic && ioc->aic->exit) ioc->aic->exit(ioc->aic); cfq_exit(ioc); } put_io_context(ioc); }",visit repo url,block/blk-ioc.c,https://github.com/torvalds/linux,111325624455354,1 624,CWE-20,"static int dgram_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { size_t copied = 0; int err = -EOPNOTSUPP; struct sk_buff *skb; struct sockaddr_ieee802154 *saddr; saddr = (struct sockaddr_ieee802154 *)msg->msg_name; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_ts_and_drops(msg, sk, skb); if (saddr) { saddr->family = AF_IEEE802154; saddr->addr = mac_cb(skb)->sa; } if (addr_len) *addr_len = sizeof(*saddr); if (flags & MSG_TRUNC) copied = skb->len; done: skb_free_datagram(sk, skb); out: if (err) return err; return copied; }",visit repo url,net/ieee802154/dgram.c,https://github.com/torvalds/linux,200215486943825,1 2340,CWE-772,"batchCopyElem(batch_obj_t *pDest, batch_obj_t *pSrc) { memcpy(pDest, pSrc, sizeof(batch_obj_t)); }",visit repo url,runtime/batch.h,https://github.com/rsyslog/rsyslog,150655118647828,1 5420,CWE-776,"doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, int tok, const char *next, const char **nextPtr, XML_Bool haveMore) { #ifdef XML_DTD static const XML_Char externalSubsetName[] = {ASCII_HASH, '\0'}; #endif static const XML_Char atypeCDATA[] = {ASCII_C, ASCII_D, ASCII_A, ASCII_T, ASCII_A, '\0'}; static const XML_Char atypeID[] = {ASCII_I, ASCII_D, '\0'}; static const XML_Char atypeIDREF[] = {ASCII_I, ASCII_D, ASCII_R, ASCII_E, ASCII_F, '\0'}; static const XML_Char atypeIDREFS[] = {ASCII_I, ASCII_D, ASCII_R, ASCII_E, ASCII_F, ASCII_S, '\0'}; static const XML_Char atypeENTITY[] = {ASCII_E, ASCII_N, ASCII_T, ASCII_I, ASCII_T, ASCII_Y, '\0'}; static const XML_Char atypeENTITIES[] = {ASCII_E, ASCII_N, ASCII_T, ASCII_I, ASCII_T, ASCII_I, ASCII_E, ASCII_S, '\0'}; static const XML_Char atypeNMTOKEN[] = {ASCII_N, ASCII_M, ASCII_T, ASCII_O, ASCII_K, ASCII_E, ASCII_N, '\0'}; static const XML_Char atypeNMTOKENS[] = {ASCII_N, ASCII_M, ASCII_T, ASCII_O, ASCII_K, ASCII_E, ASCII_N, ASCII_S, '\0'}; static const XML_Char notationPrefix[] = {ASCII_N, ASCII_O, ASCII_T, ASCII_A, ASCII_T, ASCII_I, ASCII_O, ASCII_N, ASCII_LPAREN, '\0'}; static const XML_Char enumValueSep[] = {ASCII_PIPE, '\0'}; static const XML_Char enumValueStart[] = {ASCII_LPAREN, '\0'}; DTD *const dtd = parser->m_dtd; const char **eventPP; const char **eventEndPP; enum XML_Content_Quant quant; if (enc == parser->m_encoding) { eventPP = &parser->m_eventPtr; eventEndPP = &parser->m_eventEndPtr; } else { eventPP = &(parser->m_openInternalEntities->internalEventPtr); eventEndPP = &(parser->m_openInternalEntities->internalEventEndPtr); } for (;;) { int role; XML_Bool handleDefault = XML_TRUE; *eventPP = s; *eventEndPP = next; if (tok <= 0) { if (haveMore && tok != XML_TOK_INVALID) { *nextPtr = s; return XML_ERROR_NONE; } switch (tok) { case XML_TOK_INVALID: *eventPP = next; return XML_ERROR_INVALID_TOKEN; case XML_TOK_PARTIAL: return XML_ERROR_UNCLOSED_TOKEN; case XML_TOK_PARTIAL_CHAR: return XML_ERROR_PARTIAL_CHAR; case -XML_TOK_PROLOG_S: tok = -tok; break; case XML_TOK_NONE: #ifdef XML_DTD if (enc != parser->m_encoding && ! parser->m_openInternalEntities->betweenDecl) { *nextPtr = s; return XML_ERROR_NONE; } if (parser->m_isParamEntity || enc != parser->m_encoding) { if (XmlTokenRole(&parser->m_prologState, XML_TOK_NONE, end, end, enc) == XML_ROLE_ERROR) return XML_ERROR_INCOMPLETE_PE; *nextPtr = s; return XML_ERROR_NONE; } #endif return XML_ERROR_NO_ELEMENTS; default: tok = -tok; next = end; break; } } role = XmlTokenRole(&parser->m_prologState, tok, s, next, enc); switch (role) { case XML_ROLE_XML_DECL: { enum XML_Error result = processXmlDecl(parser, 0, s, next); if (result != XML_ERROR_NONE) return result; enc = parser->m_encoding; handleDefault = XML_FALSE; } break; case XML_ROLE_DOCTYPE_NAME: if (parser->m_startDoctypeDeclHandler) { parser->m_doctypeName = poolStoreString(&parser->m_tempPool, enc, s, next); if (! parser->m_doctypeName) return XML_ERROR_NO_MEMORY; poolFinish(&parser->m_tempPool); parser->m_doctypePubid = NULL; handleDefault = XML_FALSE; } parser->m_doctypeSysid = NULL; break; case XML_ROLE_DOCTYPE_INTERNAL_SUBSET: if (parser->m_startDoctypeDeclHandler) { parser->m_startDoctypeDeclHandler( parser->m_handlerArg, parser->m_doctypeName, parser->m_doctypeSysid, parser->m_doctypePubid, 1); parser->m_doctypeName = NULL; poolClear(&parser->m_tempPool); handleDefault = XML_FALSE; } break; #ifdef XML_DTD case XML_ROLE_TEXT_DECL: { enum XML_Error result = processXmlDecl(parser, 1, s, next); if (result != XML_ERROR_NONE) return result; enc = parser->m_encoding; handleDefault = XML_FALSE; } break; #endif case XML_ROLE_DOCTYPE_PUBLIC_ID: #ifdef XML_DTD parser->m_useForeignDTD = XML_FALSE; parser->m_declEntity = (ENTITY *)lookup( parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (! parser->m_declEntity) return XML_ERROR_NO_MEMORY; #endif dtd->hasParamEntityRefs = XML_TRUE; if (parser->m_startDoctypeDeclHandler) { XML_Char *pubId; if (! XmlIsPublicId(enc, s, next, eventPP)) return XML_ERROR_PUBLICID; pubId = poolStoreString(&parser->m_tempPool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! pubId) return XML_ERROR_NO_MEMORY; normalizePublicId(pubId); poolFinish(&parser->m_tempPool); parser->m_doctypePubid = pubId; handleDefault = XML_FALSE; goto alreadyChecked; } case XML_ROLE_ENTITY_PUBLIC_ID: if (! XmlIsPublicId(enc, s, next, eventPP)) return XML_ERROR_PUBLICID; alreadyChecked: if (dtd->keepProcessing && parser->m_declEntity) { XML_Char *tem = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! tem) return XML_ERROR_NO_MEMORY; normalizePublicId(tem); parser->m_declEntity->publicId = tem; poolFinish(&dtd->pool); if (parser->m_entityDeclHandler && role == XML_ROLE_ENTITY_PUBLIC_ID) handleDefault = XML_FALSE; } break; case XML_ROLE_DOCTYPE_CLOSE: if (parser->m_doctypeName) { parser->m_startDoctypeDeclHandler( parser->m_handlerArg, parser->m_doctypeName, parser->m_doctypeSysid, parser->m_doctypePubid, 0); poolClear(&parser->m_tempPool); handleDefault = XML_FALSE; } #ifdef XML_DTD if (parser->m_doctypeSysid || parser->m_useForeignDTD) { XML_Bool hadParamEntityRefs = dtd->hasParamEntityRefs; dtd->hasParamEntityRefs = XML_TRUE; if (parser->m_paramEntityParsing && parser->m_externalEntityRefHandler) { ENTITY *entity = (ENTITY *)lookup(parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (! entity) { return XML_ERROR_NO_MEMORY; } if (parser->m_useForeignDTD) entity->base = parser->m_curBase; dtd->paramEntityRead = XML_FALSE; if (! parser->m_externalEntityRefHandler( parser->m_externalEntityRefHandlerArg, 0, entity->base, entity->systemId, entity->publicId)) return XML_ERROR_EXTERNAL_ENTITY_HANDLING; if (dtd->paramEntityRead) { if (! dtd->standalone && parser->m_notStandaloneHandler && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) return XML_ERROR_NOT_STANDALONE; } else if (! parser->m_doctypeSysid) dtd->hasParamEntityRefs = hadParamEntityRefs; } parser->m_useForeignDTD = XML_FALSE; } #endif if (parser->m_endDoctypeDeclHandler) { parser->m_endDoctypeDeclHandler(parser->m_handlerArg); handleDefault = XML_FALSE; } break; case XML_ROLE_INSTANCE_START: #ifdef XML_DTD if (parser->m_useForeignDTD) { XML_Bool hadParamEntityRefs = dtd->hasParamEntityRefs; dtd->hasParamEntityRefs = XML_TRUE; if (parser->m_paramEntityParsing && parser->m_externalEntityRefHandler) { ENTITY *entity = (ENTITY *)lookup(parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (! entity) return XML_ERROR_NO_MEMORY; entity->base = parser->m_curBase; dtd->paramEntityRead = XML_FALSE; if (! parser->m_externalEntityRefHandler( parser->m_externalEntityRefHandlerArg, 0, entity->base, entity->systemId, entity->publicId)) return XML_ERROR_EXTERNAL_ENTITY_HANDLING; if (dtd->paramEntityRead) { if (! dtd->standalone && parser->m_notStandaloneHandler && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) return XML_ERROR_NOT_STANDALONE; } else dtd->hasParamEntityRefs = hadParamEntityRefs; } } #endif parser->m_processor = contentProcessor; return contentProcessor(parser, s, end, nextPtr); case XML_ROLE_ATTLIST_ELEMENT_NAME: parser->m_declElementType = getElementType(parser, enc, s, next); if (! parser->m_declElementType) return XML_ERROR_NO_MEMORY; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_NAME: parser->m_declAttributeId = getAttributeId(parser, enc, s, next); if (! parser->m_declAttributeId) return XML_ERROR_NO_MEMORY; parser->m_declAttributeIsCdata = XML_FALSE; parser->m_declAttributeType = NULL; parser->m_declAttributeIsId = XML_FALSE; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_CDATA: parser->m_declAttributeIsCdata = XML_TRUE; parser->m_declAttributeType = atypeCDATA; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_ID: parser->m_declAttributeIsId = XML_TRUE; parser->m_declAttributeType = atypeID; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_IDREF: parser->m_declAttributeType = atypeIDREF; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_IDREFS: parser->m_declAttributeType = atypeIDREFS; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_ENTITY: parser->m_declAttributeType = atypeENTITY; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_ENTITIES: parser->m_declAttributeType = atypeENTITIES; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_NMTOKEN: parser->m_declAttributeType = atypeNMTOKEN; goto checkAttListDeclHandler; case XML_ROLE_ATTRIBUTE_TYPE_NMTOKENS: parser->m_declAttributeType = atypeNMTOKENS; checkAttListDeclHandler: if (dtd->keepProcessing && parser->m_attlistDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_ATTRIBUTE_ENUM_VALUE: case XML_ROLE_ATTRIBUTE_NOTATION_VALUE: if (dtd->keepProcessing && parser->m_attlistDeclHandler) { const XML_Char *prefix; if (parser->m_declAttributeType) { prefix = enumValueSep; } else { prefix = (role == XML_ROLE_ATTRIBUTE_NOTATION_VALUE ? notationPrefix : enumValueStart); } if (! poolAppendString(&parser->m_tempPool, prefix)) return XML_ERROR_NO_MEMORY; if (! poolAppend(&parser->m_tempPool, enc, s, next)) return XML_ERROR_NO_MEMORY; parser->m_declAttributeType = parser->m_tempPool.start; handleDefault = XML_FALSE; } break; case XML_ROLE_IMPLIED_ATTRIBUTE_VALUE: case XML_ROLE_REQUIRED_ATTRIBUTE_VALUE: if (dtd->keepProcessing) { if (! defineAttribute(parser->m_declElementType, parser->m_declAttributeId, parser->m_declAttributeIsCdata, parser->m_declAttributeIsId, 0, parser)) return XML_ERROR_NO_MEMORY; if (parser->m_attlistDeclHandler && parser->m_declAttributeType) { if (*parser->m_declAttributeType == XML_T(ASCII_LPAREN) || (*parser->m_declAttributeType == XML_T(ASCII_N) && parser->m_declAttributeType[1] == XML_T(ASCII_O))) { if (! poolAppendChar(&parser->m_tempPool, XML_T(ASCII_RPAREN)) || ! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) return XML_ERROR_NO_MEMORY; parser->m_declAttributeType = parser->m_tempPool.start; poolFinish(&parser->m_tempPool); } *eventEndPP = s; parser->m_attlistDeclHandler( parser->m_handlerArg, parser->m_declElementType->name, parser->m_declAttributeId->name, parser->m_declAttributeType, 0, role == XML_ROLE_REQUIRED_ATTRIBUTE_VALUE); poolClear(&parser->m_tempPool); handleDefault = XML_FALSE; } } break; case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE: case XML_ROLE_FIXED_ATTRIBUTE_VALUE: if (dtd->keepProcessing) { const XML_Char *attVal; enum XML_Error result = storeAttributeValue( parser, enc, parser->m_declAttributeIsCdata, s + enc->minBytesPerChar, next - enc->minBytesPerChar, &dtd->pool); if (result) return result; attVal = poolStart(&dtd->pool); poolFinish(&dtd->pool); if (! defineAttribute( parser->m_declElementType, parser->m_declAttributeId, parser->m_declAttributeIsCdata, XML_FALSE, attVal, parser)) return XML_ERROR_NO_MEMORY; if (parser->m_attlistDeclHandler && parser->m_declAttributeType) { if (*parser->m_declAttributeType == XML_T(ASCII_LPAREN) || (*parser->m_declAttributeType == XML_T(ASCII_N) && parser->m_declAttributeType[1] == XML_T(ASCII_O))) { if (! poolAppendChar(&parser->m_tempPool, XML_T(ASCII_RPAREN)) || ! poolAppendChar(&parser->m_tempPool, XML_T('\0'))) return XML_ERROR_NO_MEMORY; parser->m_declAttributeType = parser->m_tempPool.start; poolFinish(&parser->m_tempPool); } *eventEndPP = s; parser->m_attlistDeclHandler( parser->m_handlerArg, parser->m_declElementType->name, parser->m_declAttributeId->name, parser->m_declAttributeType, attVal, role == XML_ROLE_FIXED_ATTRIBUTE_VALUE); poolClear(&parser->m_tempPool); handleDefault = XML_FALSE; } } break; case XML_ROLE_ENTITY_VALUE: if (dtd->keepProcessing) { enum XML_Error result = storeEntityValue( parser, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (parser->m_declEntity) { parser->m_declEntity->textPtr = poolStart(&dtd->entityValuePool); parser->m_declEntity->textLen = (int)(poolLength(&dtd->entityValuePool)); poolFinish(&dtd->entityValuePool); if (parser->m_entityDeclHandler) { *eventEndPP = s; parser->m_entityDeclHandler( parser->m_handlerArg, parser->m_declEntity->name, parser->m_declEntity->is_param, parser->m_declEntity->textPtr, parser->m_declEntity->textLen, parser->m_curBase, 0, 0, 0); handleDefault = XML_FALSE; } } else poolDiscard(&dtd->entityValuePool); if (result != XML_ERROR_NONE) return result; } break; case XML_ROLE_DOCTYPE_SYSTEM_ID: #ifdef XML_DTD parser->m_useForeignDTD = XML_FALSE; #endif dtd->hasParamEntityRefs = XML_TRUE; if (parser->m_startDoctypeDeclHandler) { parser->m_doctypeSysid = poolStoreString(&parser->m_tempPool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (parser->m_doctypeSysid == NULL) return XML_ERROR_NO_MEMORY; poolFinish(&parser->m_tempPool); handleDefault = XML_FALSE; } #ifdef XML_DTD else parser->m_doctypeSysid = externalSubsetName; #endif if (! dtd->standalone #ifdef XML_DTD && ! parser->m_paramEntityParsing #endif && parser->m_notStandaloneHandler && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) return XML_ERROR_NOT_STANDALONE; #ifndef XML_DTD break; #else if (! parser->m_declEntity) { parser->m_declEntity = (ENTITY *)lookup( parser, &dtd->paramEntities, externalSubsetName, sizeof(ENTITY)); if (! parser->m_declEntity) return XML_ERROR_NO_MEMORY; parser->m_declEntity->publicId = NULL; } #endif case XML_ROLE_ENTITY_SYSTEM_ID: if (dtd->keepProcessing && parser->m_declEntity) { parser->m_declEntity->systemId = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! parser->m_declEntity->systemId) return XML_ERROR_NO_MEMORY; parser->m_declEntity->base = parser->m_curBase; poolFinish(&dtd->pool); if (parser->m_entityDeclHandler && role == XML_ROLE_ENTITY_SYSTEM_ID) handleDefault = XML_FALSE; } break; case XML_ROLE_ENTITY_COMPLETE: if (dtd->keepProcessing && parser->m_declEntity && parser->m_entityDeclHandler) { *eventEndPP = s; parser->m_entityDeclHandler( parser->m_handlerArg, parser->m_declEntity->name, parser->m_declEntity->is_param, 0, 0, parser->m_declEntity->base, parser->m_declEntity->systemId, parser->m_declEntity->publicId, 0); handleDefault = XML_FALSE; } break; case XML_ROLE_ENTITY_NOTATION_NAME: if (dtd->keepProcessing && parser->m_declEntity) { parser->m_declEntity->notation = poolStoreString(&dtd->pool, enc, s, next); if (! parser->m_declEntity->notation) return XML_ERROR_NO_MEMORY; poolFinish(&dtd->pool); if (parser->m_unparsedEntityDeclHandler) { *eventEndPP = s; parser->m_unparsedEntityDeclHandler( parser->m_handlerArg, parser->m_declEntity->name, parser->m_declEntity->base, parser->m_declEntity->systemId, parser->m_declEntity->publicId, parser->m_declEntity->notation); handleDefault = XML_FALSE; } else if (parser->m_entityDeclHandler) { *eventEndPP = s; parser->m_entityDeclHandler( parser->m_handlerArg, parser->m_declEntity->name, 0, 0, 0, parser->m_declEntity->base, parser->m_declEntity->systemId, parser->m_declEntity->publicId, parser->m_declEntity->notation); handleDefault = XML_FALSE; } } break; case XML_ROLE_GENERAL_ENTITY_NAME: { if (XmlPredefinedEntityName(enc, s, next)) { parser->m_declEntity = NULL; break; } if (dtd->keepProcessing) { const XML_Char *name = poolStoreString(&dtd->pool, enc, s, next); if (! name) return XML_ERROR_NO_MEMORY; parser->m_declEntity = (ENTITY *)lookup(parser, &dtd->generalEntities, name, sizeof(ENTITY)); if (! parser->m_declEntity) return XML_ERROR_NO_MEMORY; if (parser->m_declEntity->name != name) { poolDiscard(&dtd->pool); parser->m_declEntity = NULL; } else { poolFinish(&dtd->pool); parser->m_declEntity->publicId = NULL; parser->m_declEntity->is_param = XML_FALSE; parser->m_declEntity->is_internal = ! (parser->m_parentParser || parser->m_openInternalEntities); if (parser->m_entityDeclHandler) handleDefault = XML_FALSE; } } else { poolDiscard(&dtd->pool); parser->m_declEntity = NULL; } } break; case XML_ROLE_PARAM_ENTITY_NAME: #ifdef XML_DTD if (dtd->keepProcessing) { const XML_Char *name = poolStoreString(&dtd->pool, enc, s, next); if (! name) return XML_ERROR_NO_MEMORY; parser->m_declEntity = (ENTITY *)lookup(parser, &dtd->paramEntities, name, sizeof(ENTITY)); if (! parser->m_declEntity) return XML_ERROR_NO_MEMORY; if (parser->m_declEntity->name != name) { poolDiscard(&dtd->pool); parser->m_declEntity = NULL; } else { poolFinish(&dtd->pool); parser->m_declEntity->publicId = NULL; parser->m_declEntity->is_param = XML_TRUE; parser->m_declEntity->is_internal = ! (parser->m_parentParser || parser->m_openInternalEntities); if (parser->m_entityDeclHandler) handleDefault = XML_FALSE; } } else { poolDiscard(&dtd->pool); parser->m_declEntity = NULL; } #else parser->m_declEntity = NULL; #endif break; case XML_ROLE_NOTATION_NAME: parser->m_declNotationPublicId = NULL; parser->m_declNotationName = NULL; if (parser->m_notationDeclHandler) { parser->m_declNotationName = poolStoreString(&parser->m_tempPool, enc, s, next); if (! parser->m_declNotationName) return XML_ERROR_NO_MEMORY; poolFinish(&parser->m_tempPool); handleDefault = XML_FALSE; } break; case XML_ROLE_NOTATION_PUBLIC_ID: if (! XmlIsPublicId(enc, s, next, eventPP)) return XML_ERROR_PUBLICID; if (parser ->m_declNotationName) { XML_Char *tem = poolStoreString(&parser->m_tempPool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! tem) return XML_ERROR_NO_MEMORY; normalizePublicId(tem); parser->m_declNotationPublicId = tem; poolFinish(&parser->m_tempPool); handleDefault = XML_FALSE; } break; case XML_ROLE_NOTATION_SYSTEM_ID: if (parser->m_declNotationName && parser->m_notationDeclHandler) { const XML_Char *systemId = poolStoreString(&parser->m_tempPool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! systemId) return XML_ERROR_NO_MEMORY; *eventEndPP = s; parser->m_notationDeclHandler( parser->m_handlerArg, parser->m_declNotationName, parser->m_curBase, systemId, parser->m_declNotationPublicId); handleDefault = XML_FALSE; } poolClear(&parser->m_tempPool); break; case XML_ROLE_NOTATION_NO_SYSTEM_ID: if (parser->m_declNotationPublicId && parser->m_notationDeclHandler) { *eventEndPP = s; parser->m_notationDeclHandler( parser->m_handlerArg, parser->m_declNotationName, parser->m_curBase, 0, parser->m_declNotationPublicId); handleDefault = XML_FALSE; } poolClear(&parser->m_tempPool); break; case XML_ROLE_ERROR: switch (tok) { case XML_TOK_PARAM_ENTITY_REF: return XML_ERROR_PARAM_ENTITY_REF; case XML_TOK_XML_DECL: return XML_ERROR_MISPLACED_XML_PI; default: return XML_ERROR_SYNTAX; } #ifdef XML_DTD case XML_ROLE_IGNORE_SECT: { enum XML_Error result; if (parser->m_defaultHandler) reportDefault(parser, enc, s, next); handleDefault = XML_FALSE; result = doIgnoreSection(parser, enc, &next, end, nextPtr, haveMore); if (result != XML_ERROR_NONE) return result; else if (! next) { parser->m_processor = ignoreSectionProcessor; return result; } } break; #endif case XML_ROLE_GROUP_OPEN: if (parser->m_prologState.level >= parser->m_groupSize) { if (parser->m_groupSize) { { char *const new_connector = (char *)REALLOC( parser, parser->m_groupConnector, parser->m_groupSize *= 2); if (new_connector == NULL) { parser->m_groupSize /= 2; return XML_ERROR_NO_MEMORY; } parser->m_groupConnector = new_connector; } if (dtd->scaffIndex) { int *const new_scaff_index = (int *)REALLOC( parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int)); if (new_scaff_index == NULL) return XML_ERROR_NO_MEMORY; dtd->scaffIndex = new_scaff_index; } } else { parser->m_groupConnector = (char *)MALLOC(parser, parser->m_groupSize = 32); if (! parser->m_groupConnector) { parser->m_groupSize = 0; return XML_ERROR_NO_MEMORY; } } } parser->m_groupConnector[parser->m_prologState.level] = 0; if (dtd->in_eldecl) { int myindex = nextScaffoldPart(parser); if (myindex < 0) return XML_ERROR_NO_MEMORY; assert(dtd->scaffIndex != NULL); dtd->scaffIndex[dtd->scaffLevel] = myindex; dtd->scaffLevel++; dtd->scaffold[myindex].type = XML_CTYPE_SEQ; if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; } break; case XML_ROLE_GROUP_SEQUENCE: if (parser->m_groupConnector[parser->m_prologState.level] == ASCII_PIPE) return XML_ERROR_SYNTAX; parser->m_groupConnector[parser->m_prologState.level] = ASCII_COMMA; if (dtd->in_eldecl && parser->m_elementDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_GROUP_CHOICE: if (parser->m_groupConnector[parser->m_prologState.level] == ASCII_COMMA) return XML_ERROR_SYNTAX; if (dtd->in_eldecl && ! parser->m_groupConnector[parser->m_prologState.level] && (dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]].type != XML_CTYPE_MIXED)) { dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]].type = XML_CTYPE_CHOICE; if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; } parser->m_groupConnector[parser->m_prologState.level] = ASCII_PIPE; break; case XML_ROLE_PARAM_ENTITY_REF: #ifdef XML_DTD case XML_ROLE_INNER_PARAM_ENTITY_REF: dtd->hasParamEntityRefs = XML_TRUE; if (! parser->m_paramEntityParsing) dtd->keepProcessing = dtd->standalone; else { const XML_Char *name; ENTITY *entity; name = poolStoreString(&dtd->pool, enc, s + enc->minBytesPerChar, next - enc->minBytesPerChar); if (! name) return XML_ERROR_NO_MEMORY; entity = (ENTITY *)lookup(parser, &dtd->paramEntities, name, 0); poolDiscard(&dtd->pool); if (parser->m_prologState.documentEntity && (dtd->standalone ? ! parser->m_openInternalEntities : ! dtd->hasParamEntityRefs)) { if (! entity) return XML_ERROR_UNDEFINED_ENTITY; else if (! entity->is_internal) { return XML_ERROR_ENTITY_DECLARED_IN_PE; } } else if (! entity) { dtd->keepProcessing = dtd->standalone; if ((role == XML_ROLE_PARAM_ENTITY_REF) && parser->m_skippedEntityHandler) { parser->m_skippedEntityHandler(parser->m_handlerArg, name, 1); handleDefault = XML_FALSE; } break; } if (entity->open) return XML_ERROR_RECURSIVE_ENTITY_REF; if (entity->textPtr) { enum XML_Error result; XML_Bool betweenDecl = (role == XML_ROLE_PARAM_ENTITY_REF ? XML_TRUE : XML_FALSE); result = processInternalEntity(parser, entity, betweenDecl); if (result != XML_ERROR_NONE) return result; handleDefault = XML_FALSE; break; } if (parser->m_externalEntityRefHandler) { dtd->paramEntityRead = XML_FALSE; entity->open = XML_TRUE; if (! parser->m_externalEntityRefHandler( parser->m_externalEntityRefHandlerArg, 0, entity->base, entity->systemId, entity->publicId)) { entity->open = XML_FALSE; return XML_ERROR_EXTERNAL_ENTITY_HANDLING; } entity->open = XML_FALSE; handleDefault = XML_FALSE; if (! dtd->paramEntityRead) { dtd->keepProcessing = dtd->standalone; break; } } else { dtd->keepProcessing = dtd->standalone; break; } } #endif if (! dtd->standalone && parser->m_notStandaloneHandler && ! parser->m_notStandaloneHandler(parser->m_handlerArg)) return XML_ERROR_NOT_STANDALONE; break; case XML_ROLE_ELEMENT_NAME: if (parser->m_elementDeclHandler) { parser->m_declElementType = getElementType(parser, enc, s, next); if (! parser->m_declElementType) return XML_ERROR_NO_MEMORY; dtd->scaffLevel = 0; dtd->scaffCount = 0; dtd->in_eldecl = XML_TRUE; handleDefault = XML_FALSE; } break; case XML_ROLE_CONTENT_ANY: case XML_ROLE_CONTENT_EMPTY: if (dtd->in_eldecl) { if (parser->m_elementDeclHandler) { XML_Content *content = (XML_Content *)MALLOC(parser, sizeof(XML_Content)); if (! content) return XML_ERROR_NO_MEMORY; content->quant = XML_CQUANT_NONE; content->name = NULL; content->numchildren = 0; content->children = NULL; content->type = ((role == XML_ROLE_CONTENT_ANY) ? XML_CTYPE_ANY : XML_CTYPE_EMPTY); *eventEndPP = s; parser->m_elementDeclHandler( parser->m_handlerArg, parser->m_declElementType->name, content); handleDefault = XML_FALSE; } dtd->in_eldecl = XML_FALSE; } break; case XML_ROLE_CONTENT_PCDATA: if (dtd->in_eldecl) { dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel - 1]].type = XML_CTYPE_MIXED; if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; } break; case XML_ROLE_CONTENT_ELEMENT: quant = XML_CQUANT_NONE; goto elementContent; case XML_ROLE_CONTENT_ELEMENT_OPT: quant = XML_CQUANT_OPT; goto elementContent; case XML_ROLE_CONTENT_ELEMENT_REP: quant = XML_CQUANT_REP; goto elementContent; case XML_ROLE_CONTENT_ELEMENT_PLUS: quant = XML_CQUANT_PLUS; elementContent: if (dtd->in_eldecl) { ELEMENT_TYPE *el; const XML_Char *name; int nameLen; const char *nxt = (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar); int myindex = nextScaffoldPart(parser); if (myindex < 0) return XML_ERROR_NO_MEMORY; dtd->scaffold[myindex].type = XML_CTYPE_NAME; dtd->scaffold[myindex].quant = quant; el = getElementType(parser, enc, s, nxt); if (! el) return XML_ERROR_NO_MEMORY; name = el->name; dtd->scaffold[myindex].name = name; nameLen = 0; for (; name[nameLen++];) ; dtd->contentStringLen += nameLen; if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; } break; case XML_ROLE_GROUP_CLOSE: quant = XML_CQUANT_NONE; goto closeGroup; case XML_ROLE_GROUP_CLOSE_OPT: quant = XML_CQUANT_OPT; goto closeGroup; case XML_ROLE_GROUP_CLOSE_REP: quant = XML_CQUANT_REP; goto closeGroup; case XML_ROLE_GROUP_CLOSE_PLUS: quant = XML_CQUANT_PLUS; closeGroup: if (dtd->in_eldecl) { if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; dtd->scaffLevel--; dtd->scaffold[dtd->scaffIndex[dtd->scaffLevel]].quant = quant; if (dtd->scaffLevel == 0) { if (! handleDefault) { XML_Content *model = build_model(parser); if (! model) return XML_ERROR_NO_MEMORY; *eventEndPP = s; parser->m_elementDeclHandler( parser->m_handlerArg, parser->m_declElementType->name, model); } dtd->in_eldecl = XML_FALSE; dtd->contentStringLen = 0; } } break; case XML_ROLE_PI: if (! reportProcessingInstruction(parser, enc, s, next)) return XML_ERROR_NO_MEMORY; handleDefault = XML_FALSE; break; case XML_ROLE_COMMENT: if (! reportComment(parser, enc, s, next)) return XML_ERROR_NO_MEMORY; handleDefault = XML_FALSE; break; case XML_ROLE_NONE: switch (tok) { case XML_TOK_BOM: handleDefault = XML_FALSE; break; } break; case XML_ROLE_DOCTYPE_NONE: if (parser->m_startDoctypeDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_ENTITY_NONE: if (dtd->keepProcessing && parser->m_entityDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_NOTATION_NONE: if (parser->m_notationDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_ATTLIST_NONE: if (dtd->keepProcessing && parser->m_attlistDeclHandler) handleDefault = XML_FALSE; break; case XML_ROLE_ELEMENT_NONE: if (parser->m_elementDeclHandler) handleDefault = XML_FALSE; break; } if (handleDefault && parser->m_defaultHandler) reportDefault(parser, enc, s, next); switch (parser->m_parsingStatus.parsing) { case XML_SUSPENDED: *nextPtr = next; return XML_ERROR_NONE; case XML_FINISHED: return XML_ERROR_ABORTED; default: s = next; tok = XmlPrologTok(enc, s, end, &next); } } }",visit repo url,expat/lib/xmlparse.c,https://github.com/libexpat/libexpat,21563893428938,1 2573,[],"static int path_matches(const char *pathname, int pathlen, const char *pattern, const char *base, int baselen) { if (!strchr(pattern, '/')) { const char *basename = strrchr(pathname, '/'); basename = basename ? basename + 1 : pathname; return (fnmatch(pattern, basename, 0) == 0); } if (*pattern == '/') pattern++; if (pathlen < baselen || (baselen && pathname[baselen] != '/') || strncmp(pathname, base, baselen)) return 0; if (baselen != 0) baselen++; return fnmatch(pattern, pathname + baselen, FNM_PATHNAME) == 0; }",git,,,154222886376744723771396739936399142364,0 536,['CWE-399'],"void pwc_next_image(struct pwc_device *pdev) { pdev->image_used[pdev->fill_image] = 0; pdev->fill_image = (pdev->fill_image + 1) % pwc_mbufs; }",linux-2.6,,,158025949914184379373405049169572287922,0 1103,CWE-362,"static int cipso_v4_delopt(struct ip_options **opt_ptr) { int hdr_delta = 0; struct ip_options *opt = *opt_ptr; if (opt->srr || opt->rr || opt->ts || opt->router_alert) { u8 cipso_len; u8 cipso_off; unsigned char *cipso_ptr; int iter; int optlen_new; cipso_off = opt->cipso - sizeof(struct iphdr); cipso_ptr = &opt->__data[cipso_off]; cipso_len = cipso_ptr[1]; if (opt->srr > opt->cipso) opt->srr -= cipso_len; if (opt->rr > opt->cipso) opt->rr -= cipso_len; if (opt->ts > opt->cipso) opt->ts -= cipso_len; if (opt->router_alert > opt->cipso) opt->router_alert -= cipso_len; opt->cipso = 0; memmove(cipso_ptr, cipso_ptr + cipso_len, opt->optlen - cipso_off - cipso_len); iter = 0; optlen_new = 0; while (iter < opt->optlen) if (opt->__data[iter] != IPOPT_NOP) { iter += opt->__data[iter + 1]; optlen_new = iter; } else iter++; hdr_delta = opt->optlen; opt->optlen = (optlen_new + 3) & ~3; hdr_delta -= opt->optlen; } else { *opt_ptr = NULL; hdr_delta = opt->optlen; kfree(opt); } return hdr_delta; }",visit repo url,net/ipv4/cipso_ipv4.c,https://github.com/torvalds/linux,177721723755386,1 76,CWE-772,"chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ, arg->keepold, arg->n_ks_tuple, arg->ks_tuple, arg->pass); } else if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_CHANGEPW, arg->princ, NULL)) { ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ, arg->keepold, arg->n_ks_tuple, arg->ks_tuple, arg->pass); } else { log_unauth(""kadm5_chpass_principal"", prime_arg, &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_CHANGEPW; } if(ret.code != KADM5_AUTH_CHANGEPW) { if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_chpass_principal"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,202059054052825,1 421,[],"pfm_write_soft_counter(pfm_context_t *ctx, int i, unsigned long val) { unsigned long ovfl_val = pmu_conf->ovfl_val; ctx->ctx_pmds[i].val = val & ~ovfl_val; ia64_set_pmd(i, val & ovfl_val); }",linux-2.6,,,151065921361807744556529905765584362168,0 137,CWE-120,"temac_start_xmit(struct sk_buff *skb, struct net_device *ndev) { struct temac_local *lp = netdev_priv(ndev); struct cdmac_bd *cur_p; dma_addr_t tail_p, skb_dma_addr; int ii; unsigned long num_frag; skb_frag_t *frag; num_frag = skb_shinfo(skb)->nr_frags; frag = &skb_shinfo(skb)->frags[0]; cur_p = &lp->tx_bd_v[lp->tx_bd_tail]; if (temac_check_tx_bd_space(lp, num_frag + 1)) { if (netif_queue_stopped(ndev)) return NETDEV_TX_BUSY; netif_stop_queue(ndev); smp_mb(); if (temac_check_tx_bd_space(lp, num_frag)) return NETDEV_TX_BUSY; netif_wake_queue(ndev); } cur_p->app0 = 0; if (skb->ip_summed == CHECKSUM_PARTIAL) { unsigned int csum_start_off = skb_checksum_start_offset(skb); unsigned int csum_index_off = csum_start_off + skb->csum_offset; cur_p->app0 |= cpu_to_be32(0x000001); cur_p->app1 = cpu_to_be32((csum_start_off << 16) | csum_index_off); cur_p->app2 = 0; } cur_p->app0 |= cpu_to_be32(STS_CTRL_APP0_SOP); skb_dma_addr = dma_map_single(ndev->dev.parent, skb->data, skb_headlen(skb), DMA_TO_DEVICE); cur_p->len = cpu_to_be32(skb_headlen(skb)); if (WARN_ON_ONCE(dma_mapping_error(ndev->dev.parent, skb_dma_addr))) { dev_kfree_skb_any(skb); ndev->stats.tx_dropped++; return NETDEV_TX_OK; } cur_p->phys = cpu_to_be32(skb_dma_addr); for (ii = 0; ii < num_frag; ii++) { if (++lp->tx_bd_tail >= lp->tx_bd_num) lp->tx_bd_tail = 0; cur_p = &lp->tx_bd_v[lp->tx_bd_tail]; skb_dma_addr = dma_map_single(ndev->dev.parent, skb_frag_address(frag), skb_frag_size(frag), DMA_TO_DEVICE); if (dma_mapping_error(ndev->dev.parent, skb_dma_addr)) { if (--lp->tx_bd_tail < 0) lp->tx_bd_tail = lp->tx_bd_num - 1; cur_p = &lp->tx_bd_v[lp->tx_bd_tail]; while (--ii >= 0) { --frag; dma_unmap_single(ndev->dev.parent, be32_to_cpu(cur_p->phys), skb_frag_size(frag), DMA_TO_DEVICE); if (--lp->tx_bd_tail < 0) lp->tx_bd_tail = lp->tx_bd_num - 1; cur_p = &lp->tx_bd_v[lp->tx_bd_tail]; } dma_unmap_single(ndev->dev.parent, be32_to_cpu(cur_p->phys), skb_headlen(skb), DMA_TO_DEVICE); dev_kfree_skb_any(skb); ndev->stats.tx_dropped++; return NETDEV_TX_OK; } cur_p->phys = cpu_to_be32(skb_dma_addr); cur_p->len = cpu_to_be32(skb_frag_size(frag)); cur_p->app0 = 0; frag++; } cur_p->app0 |= cpu_to_be32(STS_CTRL_APP0_EOP); ptr_to_txbd((void *)skb, cur_p); tail_p = lp->tx_bd_p + sizeof(*lp->tx_bd_v) * lp->tx_bd_tail; lp->tx_bd_tail++; if (lp->tx_bd_tail >= lp->tx_bd_num) lp->tx_bd_tail = 0; skb_tx_timestamp(skb); wmb(); lp->dma_out(lp, TX_TAILDESC_PTR, tail_p); return NETDEV_TX_OK; }",visit repo url,drivers/net/ethernet/xilinx/ll_temac_main.c,https://github.com/torvalds/linux,129245754590221,1 3349,[],"static inline void nla_nest_cancel(struct sk_buff *skb, struct nlattr *start) { nlmsg_trim(skb, start); }",linux-2.6,,,138081499893419767587834781446742645764,0 6212,CWE-190,"void fp24_exp_cyc_sps(fp24_t c, const fp24_t a, const int *b, int len, int sign) { int i, j, k, w = len; fp24_t t, *u = RLC_ALLOCA(fp24_t, w); if (len == 0) { RLC_FREE(u); fp24_set_dig(c, 1); return; } fp24_null(t); RLC_TRY { if (u == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (i = 0; i < w; i++) { fp24_null(u[i]); fp24_new(u[i]); } fp24_new(t); fp24_copy(t, a); if (b[0] == 0) { for (j = 0, i = 1; i < len; i++) { k = (b[i] < 0 ? -b[i] : b[i]); for (; j < k; j++) { fp24_sqr_pck(t, t); } if (b[i] < 0) { fp24_inv_cyc(u[i - 1], t); } else { fp24_copy(u[i - 1], t); } } fp24_back_cyc_sim(u, u, w - 1); fp24_copy(c, a); for (i = 0; i < w - 1; i++) { fp24_mul(c, c, u[i]); } } else { for (j = 0, i = 0; i < len; i++) { k = (b[i] < 0 ? -b[i] : b[i]); for (; j < k; j++) { fp24_sqr_pck(t, t); } if (b[i] < 0) { fp24_inv_cyc(u[i], t); } else { fp24_copy(u[i], t); } } fp24_back_cyc_sim(u, u, w); fp24_copy(c, u[0]); for (i = 1; i < w; i++) { fp24_mul(c, c, u[i]); } } if (sign == RLC_NEG) { fp24_inv_cyc(c, c); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < w; i++) { fp24_free(u[i]); } fp24_free(t); RLC_FREE(u); } }",visit repo url,src/fpx/relic_fpx_cyc.c,https://github.com/relic-toolkit/relic,94426034160061,1 6129,['CWE-200'],"static struct inet6_ifaddr *if6_get_next(struct seq_file *seq, struct inet6_ifaddr *ifa) { struct if6_iter_state *state = seq->private; ifa = ifa->lst_next; try_again: if (!ifa && ++state->bucket < IN6_ADDR_HSIZE) { ifa = inet6_addr_lst[state->bucket]; goto try_again; } return ifa; }",linux-2.6,,,143084928682479868561031145956654745566,0 5525,CWE-125,"ast2obj_stmt(void* _o) { stmt_ty o = (stmt_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case FunctionDef_kind: result = PyType_GenericNew(FunctionDef_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.FunctionDef.name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_arguments(o->v.FunctionDef.args); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.FunctionDef.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.FunctionDef.decorator_list, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_decorator_list, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.FunctionDef.returns); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_returns, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.FunctionDef.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case AsyncFunctionDef_kind: result = PyType_GenericNew(AsyncFunctionDef_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.AsyncFunctionDef.name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_arguments(o->v.AsyncFunctionDef.args); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncFunctionDef.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncFunctionDef.decorator_list, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_decorator_list, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AsyncFunctionDef.returns); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_returns, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.AsyncFunctionDef.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case ClassDef_kind: result = PyType_GenericNew(ClassDef_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.ClassDef.name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ClassDef.bases, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_bases, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ClassDef.keywords, ast2obj_keyword); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_keywords, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ClassDef.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ClassDef.decorator_list, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_decorator_list, value) == -1) goto failed; Py_DECREF(value); break; case Return_kind: result = PyType_GenericNew(Return_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Return.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Delete_kind: result = PyType_GenericNew(Delete_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Delete.targets, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_targets, value) == -1) goto failed; Py_DECREF(value); break; case Assign_kind: result = PyType_GenericNew(Assign_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Assign.targets, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_targets, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Assign.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.Assign.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case AugAssign_kind: result = PyType_GenericNew(AugAssign_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.AugAssign.target); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_target, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_operator(o->v.AugAssign.op); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_op, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AugAssign.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case AnnAssign_kind: result = PyType_GenericNew(AnnAssign_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.AnnAssign.target); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_target, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AnnAssign.annotation); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_annotation, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AnnAssign.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_int(o->v.AnnAssign.simple); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_simple, value) == -1) goto failed; Py_DECREF(value); break; case For_kind: result = PyType_GenericNew(For_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.For.target); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_target, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.For.iter); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_iter, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.For.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.For.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.For.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case AsyncFor_kind: result = PyType_GenericNew(AsyncFor_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.AsyncFor.target); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_target, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AsyncFor.iter); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_iter, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncFor.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncFor.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.AsyncFor.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case While_kind: result = PyType_GenericNew(While_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.While.test); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_test, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.While.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.While.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); break; case If_kind: result = PyType_GenericNew(If_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.If.test); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_test, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.If.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.If.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); break; case With_kind: result = PyType_GenericNew(With_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.With.items, ast2obj_withitem); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_items, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.With.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.With.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case AsyncWith_kind: result = PyType_GenericNew(AsyncWith_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.AsyncWith.items, ast2obj_withitem); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_items, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncWith.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.AsyncWith.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case Raise_kind: result = PyType_GenericNew(Raise_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Raise.exc); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_exc, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Raise.cause); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_cause, value) == -1) goto failed; Py_DECREF(value); break; case Try_kind: result = PyType_GenericNew(Try_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Try.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Try.handlers, ast2obj_excepthandler); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_handlers, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Try.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Try.finalbody, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_finalbody, value) == -1) goto failed; Py_DECREF(value); break; case Assert_kind: result = PyType_GenericNew(Assert_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Assert.test); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_test, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Assert.msg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_msg, value) == -1) goto failed; Py_DECREF(value); break; case Import_kind: result = PyType_GenericNew(Import_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Import.names, ast2obj_alias); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_names, value) == -1) goto failed; Py_DECREF(value); break; case ImportFrom_kind: result = PyType_GenericNew(ImportFrom_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.ImportFrom.module); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_module, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ImportFrom.names, ast2obj_alias); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_names, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_int(o->v.ImportFrom.level); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_level, value) == -1) goto failed; Py_DECREF(value); break; case Global_kind: result = PyType_GenericNew(Global_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Global.names, ast2obj_identifier); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_names, value) == -1) goto failed; Py_DECREF(value); break; case Nonlocal_kind: result = PyType_GenericNew(Nonlocal_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Nonlocal.names, ast2obj_identifier); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_names, value) == -1) goto failed; Py_DECREF(value); break; case Expr_kind: result = PyType_GenericNew(Expr_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Expr.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Pass_kind: result = PyType_GenericNew(Pass_type, NULL, NULL); if (!result) goto failed; break; case Break_kind: result = PyType_GenericNew(Break_type, NULL, NULL); if (!result) goto failed; break; case Continue_kind: result = PyType_GenericNew(Continue_type, NULL, NULL); if (!result) goto failed; break; } value = ast2obj_int(o->lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) < 0) goto failed; Py_DECREF(value); value = ast2obj_int(o->col_offset); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_col_offset, value) < 0) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,189172979788209,1 5531,CWE-125,"obj2ast_comprehension(PyObject* obj, comprehension_ty* out, PyArena* arena) { PyObject* tmp = NULL; expr_ty target; expr_ty iter; asdl_seq* ifs; int is_async; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from comprehension""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_iter)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_iter); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from comprehension""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_ifs)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_ifs); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""comprehension field \""ifs\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); ifs = _Ta3_asdl_seq_new(len, arena); if (ifs == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""comprehension field \""ifs\"" changed size during iteration""); goto failed; } asdl_seq_SET(ifs, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""ifs\"" missing from comprehension""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_is_async)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_is_async); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &is_async, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""is_async\"" missing from comprehension""); return 1; } *out = comprehension(target, iter, ifs, is_async, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,216646173510751,1 4179,CWE-787,"webSocketsDecodeHybi(rfbClientPtr cl, char *dst, int len) { char *buf, *payload; uint32_t *payload32; int ret = -1, result = -1; int total = 0; ws_mask_t mask; ws_header_t *header; int i; unsigned char opcode; ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx; int flength, fhlen; if (wsctx->readbuflen) { if (wsctx->readbuflen > len) { memcpy(dst, wsctx->readbuf + wsctx->readbufstart, len); result = len; wsctx->readbuflen -= len; wsctx->readbufstart += len; } else { memcpy(dst, wsctx->readbuf + wsctx->readbufstart, wsctx->readbuflen); result = wsctx->readbuflen; wsctx->readbuflen = 0; wsctx->readbufstart = 0; } goto spor; } buf = wsctx->codeBufDecode; header = (ws_header_t *)wsctx->codeBufDecode; ret = ws_peek(cl, buf, B64LEN(len) + WSHLENMAX); if (ret < 2) { if (-1 == ret) { int olderrno = errno; rfbErr(""%s: peek; %m\n"", __func__); errno = olderrno; } else if (0 == ret) { result = 0; } else { errno = EAGAIN; } goto spor; } opcode = header->b0 & 0x0f; flength = header->b1 & 0x7f; if (!(header->b1 & 0x80)) { rfbErr(""%s: got frame without mask\n"", __func__, ret); errno = EIO; goto spor; } if (flength < 126) { fhlen = 2; mask = header->u.m; } else if (flength == 126 && 4 <= ret) { flength = WS_NTOH16(header->u.s16.l16); fhlen = 4; mask = header->u.s16.m16; } else if (flength == 127 && 10 <= ret) { flength = WS_NTOH64(header->u.s64.l64); fhlen = 10; mask = header->u.s64.m64; } else { rfbErr(""%s: incomplete frame header\n"", __func__, ret); errno = EIO; goto spor; } total = fhlen + flength + 4; payload = buf + fhlen + 4; if (-1 == (ret = ws_read(cl, buf, total))) { int olderrno = errno; rfbErr(""%s: read; %m"", __func__); errno = olderrno; return ret; } else if (ret < total) { rfbLog(""%s: read; got partial data\n"", __func__); } else { buf[ret] = '\0'; } payload32 = (uint32_t *)payload; for (i = 0; i < flength / 4; i++) { payload32[i] ^= mask.u; } for (i*=4; i < flength; i++) { payload[i] ^= mask.c[i % 4]; } switch (opcode) { case WS_OPCODE_CLOSE: rfbLog(""got closure, reason %d\n"", WS_NTOH16(((uint16_t *)payload)[0])); errno = ECONNRESET; break; case WS_OPCODE_TEXT_FRAME: if (-1 == (flength = b64_pton(payload, (unsigned char *)wsctx->codeBufDecode, sizeof(wsctx->codeBufDecode)))) { rfbErr(""%s: Base64 decode error; %m\n"", __func__); break; } payload = wsctx->codeBufDecode; case WS_OPCODE_BINARY_FRAME: if (flength > len) { memcpy(wsctx->readbuf, payload + len, flength - len); wsctx->readbufstart = 0; wsctx->readbuflen = flength - len; flength = len; } memcpy(dst, payload, flength); result = flength; break; default: rfbErr(""%s: unhandled opcode %d, b0: %02x, b1: %02x\n"", __func__, (int)opcode, header->b0, header->b1); } spor: return result; }",visit repo url,libvncserver/websockets.c,https://github.com/LibVNC/libvncserver,203235444401976,1 2719,[],"static int sctp_getsockopt_nodelay(struct sock *sk, int len, char __user *optval, int __user *optlen) { int val; if (len < sizeof(int)) return -EINVAL; len = sizeof(int); val = (sctp_sk(sk)->nodelay == 1); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) return -EFAULT; return 0; }",linux-2.6,,,244870515434188786894558156529370932225,0 2306,['CWE-120'],"static struct dentry * cached_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd) { struct dentry * dentry = __d_lookup(parent, name); if (!dentry) dentry = d_lookup(parent, name); if (dentry && dentry->d_op && dentry->d_op->d_revalidate) dentry = do_revalidate(dentry, nd); return dentry; }",linux-2.6,,,170518765649763240798591028503726422999,0 206,[],"static void atrtr_set_default(struct net_device *dev) { atrtr_default.dev = dev; atrtr_default.flags = RTF_UP; atrtr_default.gateway.s_net = htons(0); atrtr_default.gateway.s_node = 0; }",history,,,46612160884692706063411735560032705672,0 2258,[],"void __cpuinit check_efer(void) { unsigned long efer; rdmsrl(MSR_EFER, efer); if (!(efer & EFER_NX) || do_not_nx) { __supported_pte_mask &= ~_PAGE_NX; } }",linux-2.6,,,232720688255009760025759149337582862759,0 49,CWE-763,"spnego_gss_pseudo_random(OM_uint32 *minor_status, gss_ctx_id_t context, int prf_key, const gss_buffer_t prf_in, ssize_t desired_output_len, gss_buffer_t prf_out) { OM_uint32 ret; ret = gss_pseudo_random(minor_status, context, prf_key, prf_in, desired_output_len, prf_out); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,60257848355119,1 5093,['CWE-20'],"static void vmx_decache_cr4_guest_bits(struct kvm_vcpu *vcpu) { vcpu->arch.cr4 &= KVM_GUEST_CR4_MASK; vcpu->arch.cr4 |= vmcs_readl(GUEST_CR4) & ~KVM_GUEST_CR4_MASK; }",linux-2.6,,,129582178792199785057348978228687267360,0 902,['CWE-200'],"static int init_inodecache(void) { shmem_inode_cachep = kmem_cache_create(""shmem_inode_cache"", sizeof(struct shmem_inode_info), 0, SLAB_PANIC, init_once); return 0; }",linux-2.6,,,246253118275473546606911821164038398938,0 1293,CWE-264,"static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, unsigned long arg) { struct scsi_device *sdev = scsi_disk(bdev->bd_disk)->device; if (!scsi_block_when_processing_errors(sdev)) return -ENODEV; if (sdev->host->hostt->compat_ioctl) { int ret; ret = sdev->host->hostt->compat_ioctl(sdev, cmd, (void __user *)arg); return ret; } return -ENOIOCTLCMD; }",visit repo url,drivers/scsi/sd.c,https://github.com/torvalds/linux,96428134663296,1 4160,CWE-787,"gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) { TIFF* tif = img->tif; tileContigRoutine put = img->put.contig; uint32 row, y, nrow, nrowsub, rowstoread; tmsize_t pos; unsigned char* buf = NULL; uint32 rowsperstrip; uint16 subsamplinghor,subsamplingver; uint32 imagewidth = img->width; tmsize_t scanline; int32 fromskew, toskew; int ret = 1, flip; tmsize_t maxstripsize; TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver); if( subsamplingver == 0 ) { TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), ""Invalid vertical YCbCr subsampling""); return (0); } maxstripsize = TIFFStripSize(tif); flip = setorientation(img); if (flip & FLIP_VERTICALLY) { y = h - 1; toskew = -(int32)(w + w); } else { y = 0; toskew = -(int32)(w - w); } TIFFGetFieldDefaulted(tif, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); scanline = TIFFScanlineSize(tif); fromskew = (w < imagewidth ? imagewidth - w : 0); for (row = 0; row < h; row += nrow) { rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip; nrow = (row + rowstoread > h ? h - row : rowstoread); nrowsub = nrow; if ((nrowsub%subsamplingver)!=0) nrowsub+=subsamplingver-nrowsub%subsamplingver; if (_TIFFReadEncodedStripAndAllocBuffer(tif, TIFFComputeStrip(tif,row+img->row_offset, 0), (void**)(&buf), maxstripsize, ((row + img->row_offset)%rowsperstrip + nrowsub) * scanline)==(tmsize_t)(-1) && (buf == NULL || img->stoponerr)) { ret = 0; break; } pos = ((row + img->row_offset) % rowsperstrip) * scanline + \ ((tmsize_t) img->col_offset * img->samplesperpixel); (*put)(img, raster+y*w, 0, y, w, nrow, fromskew, toskew, buf + pos); y += ((flip & FLIP_VERTICALLY) ? -(int32) nrow : (int32) nrow); } if (flip & FLIP_HORIZONTALLY) { uint32 line; for (line = 0; line < h; line++) { uint32 *left = raster + (line * w); uint32 *right = left + w - 1; while ( left < right ) { uint32 temp = *left; *left = *right; *right = temp; left++; right--; } } } _TIFFfree(buf); return (ret); }",visit repo url,libtiff/tif_getimage.c,https://gitlab.com/libtiff/libtiff,106741379555609,1 1556,CWE-362,"static bool blk_kick_flush(struct request_queue *q, struct blk_flush_queue *fq) { struct list_head *pending = &fq->flush_queue[fq->flush_pending_idx]; struct request *first_rq = list_first_entry(pending, struct request, flush.list); struct request *flush_rq = fq->flush_rq; if (fq->flush_pending_idx != fq->flush_running_idx || list_empty(pending)) return false; if (!list_empty(&fq->flush_data_in_flight) && time_before(jiffies, fq->flush_pending_since + FLUSH_PENDING_TIMEOUT)) return false; fq->flush_pending_idx ^= 1; blk_rq_init(q, flush_rq); if (q->mq_ops) { flush_rq->mq_ctx = first_rq->mq_ctx; flush_rq->tag = first_rq->tag; } flush_rq->cmd_type = REQ_TYPE_FS; flush_rq->cmd_flags = WRITE_FLUSH | REQ_FLUSH_SEQ; flush_rq->rq_disk = first_rq->rq_disk; flush_rq->end_io = flush_end_io; return blk_flush_queue_rq(flush_rq, false); }",visit repo url,block/blk-flush.c,https://github.com/torvalds/linux,245530075803102,1 2073,CWE-362,"void sock_release(struct socket *sock) { if (sock->ops) { struct module *owner = sock->ops->owner; sock->ops->release(sock); sock->ops = NULL; module_put(owner); } if (rcu_dereference_protected(sock->wq, 1)->fasync_list) pr_err(""%s: fasync list not empty!\n"", __func__); if (!sock->file) { iput(SOCK_INODE(sock)); return; } sock->file = NULL; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,194805050330779,1 856,CWE-20,"SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, unsigned int, flags, struct sockaddr __user *, addr, int __user *, addr_len) { struct socket *sock; struct iovec iov; struct msghdr msg; struct sockaddr_storage address; int err, err2; int fput_needed; if (size > INT_MAX) size = INT_MAX; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_iovlen = 1; msg.msg_iov = &iov; iov.iov_len = size; iov.iov_base = ubuf; msg.msg_name = (struct sockaddr *)&address; msg.msg_namelen = sizeof(address); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = sock_recvmsg(sock, &msg, size, flags); if (err >= 0 && addr != NULL) { err2 = move_addr_to_user(&address, msg.msg_namelen, addr, addr_len); if (err2 < 0) err = err2; } fput_light(sock->file, fput_needed); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,89843130858034,1 5366,['CWE-476'],"int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) { u64 data; switch (msr) { case 0xc0010010: case 0xc0010015: case MSR_IA32_PLATFORM_ID: case MSR_IA32_P5_MC_ADDR: case MSR_IA32_P5_MC_TYPE: case MSR_IA32_MC0_CTL: case MSR_IA32_MCG_STATUS: case MSR_IA32_MCG_CAP: case MSR_IA32_MCG_CTL: case MSR_IA32_MC0_MISC: case MSR_IA32_MC0_MISC+4: case MSR_IA32_MC0_MISC+8: case MSR_IA32_MC0_MISC+12: case MSR_IA32_MC0_MISC+16: case MSR_IA32_MC0_MISC+20: case MSR_IA32_UCODE_REV: case MSR_IA32_EBL_CR_POWERON: case MSR_IA32_DEBUGCTLMSR: case MSR_IA32_LASTBRANCHFROMIP: case MSR_IA32_LASTBRANCHTOIP: case MSR_IA32_LASTINTFROMIP: case MSR_IA32_LASTINTTOIP: case MSR_VM_HSAVE_PA: case MSR_P6_EVNTSEL0: case MSR_P6_EVNTSEL1: data = 0; break; case MSR_MTRRcap: data = 0x500 | KVM_NR_VAR_MTRR; break; case 0x200 ... 0x2ff: return get_msr_mtrr(vcpu, msr, pdata); case 0xcd: data = 3; break; case MSR_IA32_APICBASE: data = kvm_get_apic_base(vcpu); break; case MSR_IA32_MISC_ENABLE: data = vcpu->arch.ia32_misc_enable_msr; break; case MSR_IA32_PERF_STATUS: data = 1000ULL; data |= (((uint64_t)4ULL) << 40); break; case MSR_EFER: data = vcpu->arch.shadow_efer; break; case MSR_KVM_WALL_CLOCK: data = vcpu->kvm->arch.wall_clock; break; case MSR_KVM_SYSTEM_TIME: data = vcpu->arch.time; break; default: pr_unimpl(vcpu, ""unhandled rdmsr: 0x%x\n"", msr); return 1; } *pdata = data; return 0; }",linux-2.6,,,285558381498591709939174436080346549102,0 4536,CWE-122,"GF_Err gf_isom_get_sample_for_media_time(GF_ISOFile *the_file, u32 trackNumber, u64 desiredTime, u32 *StreamDescriptionIndex, GF_ISOSearchMode SearchMode, GF_ISOSample **sample, u32 *SampleNum, u64 *data_offset) { GF_Err e; u32 sampleNumber, prevSampleNumber, syncNum, shadowSync; GF_TrackBox *trak; GF_ISOSample *shadow; GF_SampleTableBox *stbl; Bool static_sample = GF_FALSE; u8 useShadow, IsSync; if (SampleNum) *SampleNum = 0; trak = gf_isom_get_track_from_file(the_file, trackNumber); if (!trak) return GF_BAD_PARAM; stbl = trak->Media->information->sampleTable; #ifndef GPAC_DISABLE_ISOM_FRAGMENTS if (desiredTime < trak->dts_at_seg_start) { desiredTime = 0; } else { desiredTime -= trak->dts_at_seg_start; } #endif e = stbl_findEntryForTime(stbl, desiredTime, 0, &sampleNumber, &prevSampleNumber); if (e) return e; useShadow = 0; if (!stbl->ShadowSync && (SearchMode == GF_ISOM_SEARCH_SYNC_SHADOW)) SearchMode = GF_ISOM_SEARCH_SYNC_BACKWARD; if (! trak->Media->information->sampleTable->SyncSample) { if (SearchMode == GF_ISOM_SEARCH_SYNC_FORWARD) SearchMode = GF_ISOM_SEARCH_FORWARD; if (SearchMode == GF_ISOM_SEARCH_SYNC_BACKWARD) SearchMode = GF_ISOM_SEARCH_BACKWARD; } if (!sampleNumber && !prevSampleNumber) { if (SearchMode == GF_ISOM_SEARCH_SYNC_BACKWARD || SearchMode == GF_ISOM_SEARCH_BACKWARD) { sampleNumber = trak->Media->information->sampleTable->SampleSize->sampleCount; } if (!sampleNumber) return GF_EOS; } IsSync = 0; switch (SearchMode) { case GF_ISOM_SEARCH_SYNC_FORWARD: IsSync = 1; case GF_ISOM_SEARCH_FORWARD: if (!sampleNumber) { if (prevSampleNumber != stbl->SampleSize->sampleCount) { sampleNumber = prevSampleNumber + 1; } else { sampleNumber = prevSampleNumber; } } break; case GF_ISOM_SEARCH_SYNC_BACKWARD: IsSync = 1; case GF_ISOM_SEARCH_SYNC_SHADOW: case GF_ISOM_SEARCH_BACKWARD: default: if (!sampleNumber && !prevSampleNumber) { sampleNumber = stbl->SampleSize->sampleCount; } else if (!sampleNumber) { sampleNumber = prevSampleNumber; } break; } if (IsSync) { e = Media_FindSyncSample(trak->Media->information->sampleTable, sampleNumber, &syncNum, SearchMode); if (e) return e; if (syncNum) sampleNumber = syncNum; syncNum = 0; } else if (SearchMode == GF_ISOM_SEARCH_SYNC_SHADOW) { e = Media_FindSyncSample(trak->Media->information->sampleTable, sampleNumber, &syncNum, GF_ISOM_SEARCH_SYNC_BACKWARD); if (e) return e; } if (sample) { if (*sample) { static_sample = GF_TRUE; } else { *sample = gf_isom_sample_new(); if (*sample == NULL) return GF_OUT_OF_MEM; } } if (SearchMode == GF_ISOM_SEARCH_SYNC_SHADOW) { stbl_GetSampleShadow(stbl->ShadowSync, &sampleNumber, &shadowSync); if ((sampleNumber < syncNum) || (!shadowSync)) { sampleNumber = syncNum; } else { useShadow = 1; } } e = Media_GetSample(trak->Media, sampleNumber, sample, StreamDescriptionIndex, GF_FALSE, data_offset); if (e) { if (!static_sample) gf_isom_sample_del(sample); else if (! (*sample)->alloc_size && (*sample)->data && (*sample)->dataLength ) (*sample)->alloc_size = (*sample)->dataLength; return e; } if (sample && ! (*sample)->IsRAP) { Bool is_rap; GF_ISOSampleRollType roll_type; e = gf_isom_get_sample_rap_roll_info(the_file, trackNumber, sampleNumber, &is_rap, &roll_type, NULL); if (e) return e; if (is_rap) (*sample)->IsRAP = SAP_TYPE_3; } if (SampleNum) { *SampleNum = sampleNumber; #ifndef GPAC_DISABLE_ISOM_FRAGMENTS *SampleNum += trak->sample_count_at_seg_start; #endif } if (sample && useShadow) { shadow = gf_isom_get_sample(the_file, trackNumber, shadowSync, StreamDescriptionIndex); if (!shadow) return GF_OK; (*sample)->IsRAP = RAP; gf_free((*sample)->data); (*sample)->dataLength = shadow->dataLength; (*sample)->data = shadow->data; shadow->dataLength = 0; gf_isom_sample_del(&shadow); } if (static_sample && ! (*sample)->alloc_size ) (*sample)->alloc_size = (*sample)->dataLength; return GF_OK; }",visit repo url,src/isomedia/isom_read.c,https://github.com/gpac/gpac,30210158729862,1 1204,['CWE-189'],"lock_hrtimer_base(const struct hrtimer *timer, unsigned long *flags) { struct hrtimer_clock_base *base = timer->base; spin_lock_irqsave(&base->cpu_base->lock, *flags); return base; }",linux-2.6,,,230853645945832986318424656578484554616,0 1938,CWE-755,"struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi6 *fl6, const struct sk_buff *skb, int flags, pol_lookup_t lookup) { struct rt6_info *rt; rt = lookup(net, net->ipv6.fib6_main_tbl, fl6, skb, flags); if (rt->dst.error == -EAGAIN) { ip6_rt_put_flags(rt, flags); rt = net->ipv6.ip6_null_entry; if (!(flags | RT6_LOOKUP_F_DST_NOREF)) dst_hold(&rt->dst); } return &rt->dst; }",visit repo url,net/ipv6/ip6_fib.c,https://github.com/torvalds/linux,266103128954021,1 3417,CWE-119,"static void record_recent_object(struct object *obj, struct strbuf *path, const char *last, void *data) { sha1_array_append(&recent_objects, obj->oid.hash); }",visit repo url,builtin/pack-objects.c,https://github.com/git/git,63399151830367,1 562,NVD-CWE-noinfo,"asmlinkage void bad_mode(struct pt_regs *regs, int reason, unsigned int esr) { console_verbose(); pr_crit(""Bad mode in %s handler detected, code 0x%08x\n"", handler[reason], esr); die(""Oops - bad mode"", regs, 0); local_irq_disable(); panic(""bad mode""); }",visit repo url,arch/arm64/kernel/traps.c,https://github.com/torvalds/linux,219656291013721,1 1373,CWE-200,"static int load_script(struct linux_binprm *bprm) { const char *i_arg, *i_name; char *cp; struct file *file; char interp[BINPRM_BUF_SIZE]; int retval; if ((bprm->buf[0] != '#') || (bprm->buf[1] != '!')) return -ENOEXEC; allow_write_access(bprm->file); fput(bprm->file); bprm->file = NULL; bprm->buf[BINPRM_BUF_SIZE - 1] = '\0'; if ((cp = strchr(bprm->buf, '\n')) == NULL) cp = bprm->buf+BINPRM_BUF_SIZE-1; *cp = '\0'; while (cp > bprm->buf) { cp--; if ((*cp == ' ') || (*cp == '\t')) *cp = '\0'; else break; } for (cp = bprm->buf+2; (*cp == ' ') || (*cp == '\t'); cp++); if (*cp == '\0') return -ENOEXEC; i_name = cp; i_arg = NULL; for ( ; *cp && (*cp != ' ') && (*cp != '\t'); cp++) ; while ((*cp == ' ') || (*cp == '\t')) *cp++ = '\0'; if (*cp) i_arg = cp; strcpy (interp, i_name); retval = remove_arg_zero(bprm); if (retval) return retval; retval = copy_strings_kernel(1, &bprm->interp, bprm); if (retval < 0) return retval; bprm->argc++; if (i_arg) { retval = copy_strings_kernel(1, &i_arg, bprm); if (retval < 0) return retval; bprm->argc++; } retval = copy_strings_kernel(1, &i_name, bprm); if (retval) return retval; bprm->argc++; bprm->interp = interp; file = open_exec(interp); if (IS_ERR(file)) return PTR_ERR(file); bprm->file = file; retval = prepare_binprm(bprm); if (retval < 0) return retval; return search_binary_handler(bprm); }",visit repo url,fs/binfmt_script.c,https://github.com/torvalds/linux,271927720811326,1 6145,CWE-190,"void ep_read_bin(ep_t a, const uint8_t *bin, int len) { if (len == 1) { if (bin[0] == 0) { ep_set_infty(a); return; } else { RLC_THROW(ERR_NO_BUFFER); return; } } if (len != (RLC_FP_BYTES + 1) && len != (2 * RLC_FP_BYTES + 1)) { RLC_THROW(ERR_NO_BUFFER); return; } a->coord = BASIC; fp_set_dig(a->z, 1); fp_read_bin(a->x, bin + 1, RLC_FP_BYTES); if (len == RLC_FP_BYTES + 1) { switch(bin[0]) { case 2: fp_zero(a->y); break; case 3: fp_zero(a->y); fp_set_bit(a->y, 0, 1); break; default: RLC_THROW(ERR_NO_VALID); break; } ep_upk(a, a); } if (len == 2 * RLC_FP_BYTES + 1) { if (bin[0] == 4) { fp_read_bin(a->y, bin + RLC_FP_BYTES + 1, RLC_FP_BYTES); } else { RLC_THROW(ERR_NO_VALID); return; } } if (!ep_on_curve(a)) { RLC_THROW(ERR_NO_VALID); return; } }",visit repo url,src/ep/relic_ep_util.c,https://github.com/relic-toolkit/relic,171396394161175,1 4423,['CWE-264'],"static void sock_disable_timestamp(struct sock *sk) { if (sock_flag(sk, SOCK_TIMESTAMP)) { sock_reset_flag(sk, SOCK_TIMESTAMP); net_disable_timestamp(); } }",linux-2.6,,,117968585061640482461115114815487685339,0 529,CWE-200,"int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; size_t copied; int err; BT_DBG(""sock %p sk %p len %zu"", sock, sk, len); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err == 0) sock_recv_ts_and_drops(msg, sk, skb); skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,25305350694947,1 5912,['CWE-909'],"static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n, void *arg) { struct net *net = sock_net(skb->sk); struct tcmsg *tcm = NLMSG_DATA(n); struct nlattr *tca[TCA_MAX + 1]; struct net_device *dev; u32 clid = tcm->tcm_parent; struct Qdisc *q = NULL; struct Qdisc *p = NULL; int err; if (net != &init_net) return -EINVAL; if ((dev = __dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL) return -ENODEV; err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); if (err < 0) return err; if (clid) { if (clid != TC_H_ROOT) { if (TC_H_MAJ(clid) != TC_H_MAJ(TC_H_INGRESS)) { if ((p = qdisc_lookup(dev, TC_H_MAJ(clid))) == NULL) return -ENOENT; q = qdisc_leaf(p, clid); } else { q = dev->rx_queue.qdisc_sleeping; } } else { struct netdev_queue *dev_queue; dev_queue = netdev_get_tx_queue(dev, 0); q = dev_queue->qdisc_sleeping; } if (!q) return -ENOENT; if (tcm->tcm_handle && q->handle != tcm->tcm_handle) return -EINVAL; } else { if ((q = qdisc_lookup(dev, tcm->tcm_handle)) == NULL) return -ENOENT; } if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], q->ops->id)) return -EINVAL; if (n->nlmsg_type == RTM_DELQDISC) { if (!clid) return -EINVAL; if (q->handle == 0) return -ENOENT; if ((err = qdisc_graft(dev, p, skb, n, clid, NULL, q)) != 0) return err; } else { qdisc_notify(skb, n, clid, NULL, q); } return 0; }",linux-2.6,,,51374598304605170552284490499848426734,0 4506,['CWE-20'],"static int reserve_backup_gdb(handle_t *handle, struct inode *inode, struct ext4_new_group_data *input) { struct super_block *sb = inode->i_sb; int reserved_gdb =le16_to_cpu(EXT4_SB(sb)->s_es->s_reserved_gdt_blocks); struct buffer_head **primary; struct buffer_head *dind; struct ext4_iloc iloc; ext4_fsblk_t blk; __le32 *data, *end; int gdbackups = 0; int res, i; int err; primary = kmalloc(reserved_gdb * sizeof(*primary), GFP_NOFS); if (!primary) return -ENOMEM; data = EXT4_I(inode)->i_data + EXT4_DIND_BLOCK; dind = sb_bread(sb, le32_to_cpu(*data)); if (!dind) { err = -EIO; goto exit_free; } blk = EXT4_SB(sb)->s_sbh->b_blocknr + 1 + EXT4_SB(sb)->s_gdb_count; data = (__le32 *)dind->b_data + (EXT4_SB(sb)->s_gdb_count % EXT4_ADDR_PER_BLOCK(sb)); end = (__le32 *)dind->b_data + EXT4_ADDR_PER_BLOCK(sb); for (res = 0; res < reserved_gdb; res++, blk++) { if (le32_to_cpu(*data) != blk) { ext4_warning(sb, __func__, ""reserved block %llu"" "" not at offset %ld"", blk, (long)(data - (__le32 *)dind->b_data)); err = -EINVAL; goto exit_bh; } primary[res] = sb_bread(sb, blk); if (!primary[res]) { err = -EIO; goto exit_bh; } if ((gdbackups = verify_reserved_gdb(sb, primary[res])) < 0) { brelse(primary[res]); err = gdbackups; goto exit_bh; } if (++data >= end) data = (__le32 *)dind->b_data; } for (i = 0; i < reserved_gdb; i++) { if ((err = ext4_journal_get_write_access(handle, primary[i]))) { goto exit_bh; } } if ((err = ext4_reserve_inode_write(handle, inode, &iloc))) goto exit_bh; blk = input->group * EXT4_BLOCKS_PER_GROUP(sb); for (i = 0; i < reserved_gdb; i++) { int err2; data = (__le32 *)primary[i]->b_data; data[gdbackups] = cpu_to_le32(blk + primary[i]->b_blocknr); err2 = ext4_handle_dirty_metadata(handle, NULL, primary[i]); if (!err) err = err2; } inode->i_blocks += reserved_gdb * sb->s_blocksize >> 9; ext4_mark_iloc_dirty(handle, inode, &iloc); exit_bh: while (--res >= 0) brelse(primary[res]); brelse(dind); exit_free: kfree(primary); return err; }",linux-2.6,,,53564046847221204145026812978118434897,0 1566,CWE-254,"static void follow_dotdot(struct nameidata *nd) { if (!nd->root.mnt) set_root(nd); while(1) { struct dentry *old = nd->path.dentry; if (nd->path.dentry == nd->root.dentry && nd->path.mnt == nd->root.mnt) { break; } if (nd->path.dentry != nd->path.mnt->mnt_root) { nd->path.dentry = dget_parent(nd->path.dentry); dput(old); break; } if (!follow_up(&nd->path)) break; } follow_mount(&nd->path); nd->inode = nd->path.dentry->d_inode; }",visit repo url,fs/namei.c,https://github.com/torvalds/linux,207935150736141,1 3400,['CWE-264'],"int generic_file_open(struct inode * inode, struct file * filp) { if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS) return -EFBIG; return 0; }",linux-2.6,,,225746290853391165576300307278901053703,0 400,[],"pfm_alt_restore_pmu_state(void *data) { struct pt_regs *regs; regs = task_pt_regs(current); DPRINT((""called\n"")); pfm_clear_psr_up(); pfm_clear_psr_pp(); ia64_psr(regs)->pp = 0; pfm_unfreeze_pmu(); ia64_srlz_d(); }",linux-2.6,,,340281914521452237538264912560306868474,0 2182,['CWE-193'],"struct page *read_cache_page_async(struct address_space *mapping, pgoff_t index, int (*filler)(void *,struct page*), void *data) { struct page *page; int err; retry: page = __read_cache_page(mapping, index, filler, data); if (IS_ERR(page)) return page; if (PageUptodate(page)) goto out; lock_page(page); if (!page->mapping) { unlock_page(page); page_cache_release(page); goto retry; } if (PageUptodate(page)) { unlock_page(page); goto out; } err = filler(data, page); if (err < 0) { page_cache_release(page); return ERR_PTR(err); } out: mark_page_accessed(page); return page; }",linux-2.6,,,295283199433014069272022563969141534433,0 2994,['CWE-189'],"static void jas_cmpxformseq_destroy(jas_cmpxformseq_t *pxformseq) { while (pxformseq->numpxforms > 0) jas_cmpxformseq_delete(pxformseq, pxformseq->numpxforms - 1); if (pxformseq->pxforms) jas_free(pxformseq->pxforms); jas_free(pxformseq); }",jasper,,,249459207373932365139509888305130755169,0 448,[],"pfm_context_free(pfm_context_t *ctx) { if (ctx) { DPRINT((""free ctx @%p\n"", ctx)); kfree(ctx); } }",linux-2.6,,,56068589015909522301899952490351161075,0 240,CWE-190,"static long vfio_pci_ioctl(void *device_data, unsigned int cmd, unsigned long arg) { struct vfio_pci_device *vdev = device_data; unsigned long minsz; if (cmd == VFIO_DEVICE_GET_INFO) { struct vfio_device_info info; minsz = offsetofend(struct vfio_device_info, num_irqs); if (copy_from_user(&info, (void __user *)arg, minsz)) return -EFAULT; if (info.argsz < minsz) return -EINVAL; info.flags = VFIO_DEVICE_FLAGS_PCI; if (vdev->reset_works) info.flags |= VFIO_DEVICE_FLAGS_RESET; info.num_regions = VFIO_PCI_NUM_REGIONS + vdev->num_regions; info.num_irqs = VFIO_PCI_NUM_IRQS; return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } else if (cmd == VFIO_DEVICE_GET_REGION_INFO) { struct pci_dev *pdev = vdev->pdev; struct vfio_region_info info; struct vfio_info_cap caps = { .buf = NULL, .size = 0 }; int i, ret; minsz = offsetofend(struct vfio_region_info, offset); if (copy_from_user(&info, (void __user *)arg, minsz)) return -EFAULT; if (info.argsz < minsz) return -EINVAL; switch (info.index) { case VFIO_PCI_CONFIG_REGION_INDEX: info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = pdev->cfg_size; info.flags = VFIO_REGION_INFO_FLAG_READ | VFIO_REGION_INFO_FLAG_WRITE; break; case VFIO_PCI_BAR0_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX: info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = pci_resource_len(pdev, info.index); if (!info.size) { info.flags = 0; break; } info.flags = VFIO_REGION_INFO_FLAG_READ | VFIO_REGION_INFO_FLAG_WRITE; if (vdev->bar_mmap_supported[info.index]) { info.flags |= VFIO_REGION_INFO_FLAG_MMAP; if (info.index == vdev->msix_bar) { ret = msix_sparse_mmap_cap(vdev, &caps); if (ret) return ret; } } break; case VFIO_PCI_ROM_REGION_INDEX: { void __iomem *io; size_t size; info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.flags = 0; info.size = pci_resource_len(pdev, info.index); if (!info.size) { if (pdev->resource[PCI_ROM_RESOURCE].flags & IORESOURCE_ROM_SHADOW) info.size = 0x20000; else break; } io = pci_map_rom(pdev, &size); if (!io || !size) { info.size = 0; break; } pci_unmap_rom(pdev, io); info.flags = VFIO_REGION_INFO_FLAG_READ; break; } case VFIO_PCI_VGA_REGION_INDEX: if (!vdev->has_vga) return -EINVAL; info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = 0xc0000; info.flags = VFIO_REGION_INFO_FLAG_READ | VFIO_REGION_INFO_FLAG_WRITE; break; default: if (info.index >= VFIO_PCI_NUM_REGIONS + vdev->num_regions) return -EINVAL; i = info.index - VFIO_PCI_NUM_REGIONS; info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = vdev->region[i].size; info.flags = vdev->region[i].flags; ret = region_type_cap(vdev, &caps, vdev->region[i].type, vdev->region[i].subtype); if (ret) return ret; } if (caps.size) { info.flags |= VFIO_REGION_INFO_FLAG_CAPS; if (info.argsz < sizeof(info) + caps.size) { info.argsz = sizeof(info) + caps.size; info.cap_offset = 0; } else { vfio_info_cap_shift(&caps, sizeof(info)); if (copy_to_user((void __user *)arg + sizeof(info), caps.buf, caps.size)) { kfree(caps.buf); return -EFAULT; } info.cap_offset = sizeof(info); } kfree(caps.buf); } return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } else if (cmd == VFIO_DEVICE_GET_IRQ_INFO) { struct vfio_irq_info info; minsz = offsetofend(struct vfio_irq_info, count); if (copy_from_user(&info, (void __user *)arg, minsz)) return -EFAULT; if (info.argsz < minsz || info.index >= VFIO_PCI_NUM_IRQS) return -EINVAL; switch (info.index) { case VFIO_PCI_INTX_IRQ_INDEX ... VFIO_PCI_MSIX_IRQ_INDEX: case VFIO_PCI_REQ_IRQ_INDEX: break; case VFIO_PCI_ERR_IRQ_INDEX: if (pci_is_pcie(vdev->pdev)) break; default: return -EINVAL; } info.flags = VFIO_IRQ_INFO_EVENTFD; info.count = vfio_pci_get_irq_count(vdev, info.index); if (info.index == VFIO_PCI_INTX_IRQ_INDEX) info.flags |= (VFIO_IRQ_INFO_MASKABLE | VFIO_IRQ_INFO_AUTOMASKED); else info.flags |= VFIO_IRQ_INFO_NORESIZE; return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } else if (cmd == VFIO_DEVICE_SET_IRQS) { struct vfio_irq_set hdr; u8 *data = NULL; int ret = 0; minsz = offsetofend(struct vfio_irq_set, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; if (hdr.argsz < minsz || hdr.index >= VFIO_PCI_NUM_IRQS || hdr.flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK | VFIO_IRQ_SET_ACTION_TYPE_MASK)) return -EINVAL; if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) { size_t size; int max = vfio_pci_get_irq_count(vdev, hdr.index); if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL) size = sizeof(uint8_t); else if (hdr.flags & VFIO_IRQ_SET_DATA_EVENTFD) size = sizeof(int32_t); else return -EINVAL; if (hdr.argsz - minsz < hdr.count * size || hdr.start >= max || hdr.start + hdr.count > max) return -EINVAL; data = memdup_user((void __user *)(arg + minsz), hdr.count * size); if (IS_ERR(data)) return PTR_ERR(data); } mutex_lock(&vdev->igate); ret = vfio_pci_set_irqs_ioctl(vdev, hdr.flags, hdr.index, hdr.start, hdr.count, data); mutex_unlock(&vdev->igate); kfree(data); return ret; } else if (cmd == VFIO_DEVICE_RESET) { return vdev->reset_works ? pci_try_reset_function(vdev->pdev) : -EINVAL; } else if (cmd == VFIO_DEVICE_GET_PCI_HOT_RESET_INFO) { struct vfio_pci_hot_reset_info hdr; struct vfio_pci_fill_info fill = { 0 }; struct vfio_pci_dependent_device *devices = NULL; bool slot = false; int ret = 0; minsz = offsetofend(struct vfio_pci_hot_reset_info, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; if (hdr.argsz < minsz) return -EINVAL; hdr.flags = 0; if (!pci_probe_reset_slot(vdev->pdev->slot)) slot = true; else if (pci_probe_reset_bus(vdev->pdev->bus)) return -ENODEV; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_count_devs, &fill.max, slot); if (ret) return ret; WARN_ON(!fill.max); if (hdr.argsz < sizeof(hdr) + (fill.max * sizeof(*devices))) { ret = -ENOSPC; hdr.count = fill.max; goto reset_info_exit; } devices = kcalloc(fill.max, sizeof(*devices), GFP_KERNEL); if (!devices) return -ENOMEM; fill.devices = devices; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_fill_devs, &fill, slot); if (!ret) hdr.count = fill.cur; reset_info_exit: if (copy_to_user((void __user *)arg, &hdr, minsz)) ret = -EFAULT; if (!ret) { if (copy_to_user((void __user *)(arg + minsz), devices, hdr.count * sizeof(*devices))) ret = -EFAULT; } kfree(devices); return ret; } else if (cmd == VFIO_DEVICE_PCI_HOT_RESET) { struct vfio_pci_hot_reset hdr; int32_t *group_fds; struct vfio_pci_group_entry *groups; struct vfio_pci_group_info info; bool slot = false; int i, count = 0, ret = 0; minsz = offsetofend(struct vfio_pci_hot_reset, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; if (hdr.argsz < minsz || hdr.flags) return -EINVAL; if (!pci_probe_reset_slot(vdev->pdev->slot)) slot = true; else if (pci_probe_reset_bus(vdev->pdev->bus)) return -ENODEV; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_count_devs, &count, slot); if (ret) return ret; if (!hdr.count || hdr.count > count) return -EINVAL; group_fds = kcalloc(hdr.count, sizeof(*group_fds), GFP_KERNEL); groups = kcalloc(hdr.count, sizeof(*groups), GFP_KERNEL); if (!group_fds || !groups) { kfree(group_fds); kfree(groups); return -ENOMEM; } if (copy_from_user(group_fds, (void __user *)(arg + minsz), hdr.count * sizeof(*group_fds))) { kfree(group_fds); kfree(groups); return -EFAULT; } for (i = 0; i < hdr.count; i++) { struct vfio_group *group; struct fd f = fdget(group_fds[i]); if (!f.file) { ret = -EBADF; break; } group = vfio_group_get_external_user(f.file); fdput(f); if (IS_ERR(group)) { ret = PTR_ERR(group); break; } groups[i].group = group; groups[i].id = vfio_external_user_iommu_id(group); } kfree(group_fds); if (ret) goto hot_reset_release; info.count = hdr.count; info.groups = groups; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_validate_devs, &info, slot); if (!ret) ret = slot ? pci_try_reset_slot(vdev->pdev->slot) : pci_try_reset_bus(vdev->pdev->bus); hot_reset_release: for (i--; i >= 0; i--) vfio_group_put_external_user(groups[i].group); kfree(groups); return ret; } return -ENOTTY; }",visit repo url,drivers/vfio/pci/vfio_pci.c,https://github.com/torvalds/linux,69856396326648,1 1413,CWE-310,"static int crypto_report_one(struct crypto_alg *alg, struct crypto_user_alg *ualg, struct sk_buff *skb) { memcpy(&ualg->cru_name, &alg->cra_name, sizeof(ualg->cru_name)); memcpy(&ualg->cru_driver_name, &alg->cra_driver_name, sizeof(ualg->cru_driver_name)); memcpy(&ualg->cru_module_name, module_name(alg->cra_module), CRYPTO_MAX_ALG_NAME); ualg->cru_flags = alg->cra_flags; ualg->cru_refcnt = atomic_read(&alg->cra_refcnt); if (nla_put_u32(skb, CRYPTOCFGA_PRIORITY_VAL, alg->cra_priority)) goto nla_put_failure; if (alg->cra_flags & CRYPTO_ALG_LARVAL) { struct crypto_report_larval rl; snprintf(rl.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""larval""); if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL, sizeof(struct crypto_report_larval), &rl)) goto nla_put_failure; goto out; } if (alg->cra_type && alg->cra_type->report) { if (alg->cra_type->report(skb, alg)) goto nla_put_failure; goto out; } switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) { case CRYPTO_ALG_TYPE_CIPHER: if (crypto_report_cipher(skb, alg)) goto nla_put_failure; break; case CRYPTO_ALG_TYPE_COMPRESS: if (crypto_report_comp(skb, alg)) goto nla_put_failure; break; } out: return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user.c,https://github.com/torvalds/linux,140209224756124,1 6324,CWE-295,"void main_cleanup() { #ifdef USE_OS_THREADS CLI *c; unsigned i, threads; THREAD_ID *thread_list; CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_THREAD_LIST]); threads=0; for(c=thread_head; c; c=c->thread_next) threads++; thread_list=str_alloc((threads+1)*sizeof(THREAD_ID)); i=0; for(c=thread_head; c; c=c->thread_next) { thread_list[i++]=c->thread_id; s_log(LOG_DEBUG, ""Terminating a thread for [%s]"", c->opt->servname); } if(cron_thread_id) { thread_list[threads++]=cron_thread_id; s_log(LOG_DEBUG, ""Terminating the cron thread""); } CRYPTO_THREAD_unlock(stunnel_locks[LOCK_THREAD_LIST]); if(threads) { s_log(LOG_NOTICE, ""Terminating %u service thread(s)"", threads); writesocket(terminate_pipe[1], """", 1); for(i=0; inr_uninterruptible--; enqueue_task(rq, p, wakeup); inc_nr_running(rq); }",linux-2.6,,,64814573960331459762908118293815420894,0 5098,['CWE-20'],"static u64 vmx_get_segment_base(struct kvm_vcpu *vcpu, int seg) { struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; return vmcs_readl(sf->base); }",linux-2.6,,,141265771580043325768505446890126063251,0 1535,CWE-416,"static struct file *path_openat(int dfd, struct filename *pathname, struct nameidata *nd, const struct open_flags *op, int flags) { struct file *file; struct path path; int opened = 0; int error; file = get_empty_filp(); if (IS_ERR(file)) return file; file->f_flags = op->open_flag; if (unlikely(file->f_flags & __O_TMPFILE)) { error = do_tmpfile(dfd, pathname, nd, flags, op, file, &opened); goto out; } error = path_init(dfd, pathname, flags, nd); if (unlikely(error)) goto out; error = do_last(nd, &path, file, op, &opened, pathname); while (unlikely(error > 0)) { struct path link = path; void *cookie; if (!(nd->flags & LOOKUP_FOLLOW)) { path_put_conditional(&path, nd); path_put(&nd->path); error = -ELOOP; break; } error = may_follow_link(&link, nd); if (unlikely(error)) break; nd->flags |= LOOKUP_PARENT; nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL); error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; error = do_last(nd, &path, file, op, &opened, pathname); put_link(nd, &link, cookie); } out: path_cleanup(nd); if (!(opened & FILE_OPENED)) { BUG_ON(!error); put_filp(file); } if (unlikely(error)) { if (error == -EOPENSTALE) { if (flags & LOOKUP_RCU) error = -ECHILD; else error = -ESTALE; } file = ERR_PTR(error); } return file; }",visit repo url,fs/namei.c,https://github.com/torvalds/linux,270825241977575,1 2089,[],"static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh, int proto) { const struct iphdr *iph; int err; UDP_SKB_CB(skb)->partial_cov = 0; UDP_SKB_CB(skb)->cscov = skb->len; if (proto == IPPROTO_UDPLITE) { err = udplite_checksum_init(skb, uh); if (err) return err; } iph = ip_hdr(skb); if (uh->check == 0) { skb->ip_summed = CHECKSUM_UNNECESSARY; } else if (skb->ip_summed == CHECKSUM_COMPLETE) { if (!csum_tcpudp_magic(iph->saddr, iph->daddr, skb->len, proto, skb->csum)) skb->ip_summed = CHECKSUM_UNNECESSARY; } if (!skb_csum_unnecessary(skb)) skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr, skb->len, proto, 0); return 0; }",linux-2.6,,,291948121527534515596063444485024758216,0 4334,CWE-358,"IPV6DefragInOrderSimpleTest(void) { Packet *p1 = NULL, *p2 = NULL, *p3 = NULL; Packet *reassembled = NULL; int id = 12; int i; int ret = 0; DefragInit(); p1 = IPV6BuildTestPacket(id, 0, 1, 'A', 8); if (p1 == NULL) goto end; p2 = IPV6BuildTestPacket(id, 1, 1, 'B', 8); if (p2 == NULL) goto end; p3 = IPV6BuildTestPacket(id, 2, 0, 'C', 3); if (p3 == NULL) goto end; if (Defrag(NULL, NULL, p1, NULL) != NULL) goto end; if (Defrag(NULL, NULL, p2, NULL) != NULL) goto end; reassembled = Defrag(NULL, NULL, p3, NULL); if (reassembled == NULL) goto end; if (IPV6_GET_PLEN(reassembled) != 19) goto end; for (i = 40; i < 40 + 8; i++) { if (GET_PKT_DATA(reassembled)[i] != 'A') goto end; } for (i = 48; i < 48 + 8; i++) { if (GET_PKT_DATA(reassembled)[i] != 'B') goto end; } for (i = 56; i < 56 + 3; i++) { if (GET_PKT_DATA(reassembled)[i] != 'C') goto end; } ret = 1; end: if (p1 != NULL) SCFree(p1); if (p2 != NULL) SCFree(p2); if (p3 != NULL) SCFree(p3); if (reassembled != NULL) SCFree(reassembled); DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,12344266668317,1 1991,['CWE-20'],"static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, pgoff_t pgoff, unsigned int flags, pte_t orig_pte) { pte_t *page_table; spinlock_t *ptl; struct page *page; pte_t entry; int anon = 0; struct page *dirty_page = NULL; struct vm_fault vmf; int ret; int page_mkwrite = 0; vmf.virtual_address = (void __user *)(address & PAGE_MASK); vmf.pgoff = pgoff; vmf.flags = flags; vmf.page = NULL; ret = vma->vm_ops->fault(vma, &vmf); if (unlikely(ret & (VM_FAULT_ERROR | VM_FAULT_NOPAGE))) return ret; if (unlikely(!(ret & VM_FAULT_LOCKED))) lock_page(vmf.page); else VM_BUG_ON(!PageLocked(vmf.page)); page = vmf.page; if (flags & FAULT_FLAG_WRITE) { if (!(vma->vm_flags & VM_SHARED)) { anon = 1; if (unlikely(anon_vma_prepare(vma))) { ret = VM_FAULT_OOM; goto out; } page = alloc_page_vma(GFP_HIGHUSER_MOVABLE, vma, address); if (!page) { ret = VM_FAULT_OOM; goto out; } copy_user_highpage(page, vmf.page, address, vma); __SetPageUptodate(page); } else { if (vma->vm_ops->page_mkwrite) { unlock_page(page); if (vma->vm_ops->page_mkwrite(vma, page) < 0) { ret = VM_FAULT_SIGBUS; anon = 1; goto out_unlocked; } lock_page(page); if (!page->mapping) { ret = 0; anon = 1; goto out; } page_mkwrite = 1; } } } if (mem_cgroup_charge(page, mm, GFP_KERNEL)) { ret = VM_FAULT_OOM; goto out; } page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) entry = maybe_mkwrite(pte_mkdirty(entry), vma); set_pte_at(mm, address, page_table, entry); if (anon) { inc_mm_counter(mm, anon_rss); lru_cache_add_active(page); page_add_new_anon_rmap(page, vma, address); } else { inc_mm_counter(mm, file_rss); page_add_file_rmap(page); if (flags & FAULT_FLAG_WRITE) { dirty_page = page; get_page(dirty_page); } } update_mmu_cache(vma, address, entry); } else { mem_cgroup_uncharge_page(page); if (anon) page_cache_release(page); else anon = 1; } pte_unmap_unlock(page_table, ptl); out: unlock_page(vmf.page); out_unlocked: if (anon) page_cache_release(vmf.page); else if (dirty_page) { if (vma->vm_file) file_update_time(vma->vm_file); set_page_dirty_balance(dirty_page, page_mkwrite); put_page(dirty_page); } return ret; }",linux-2.6,,,152789904693604927084702539249122043481,0 1510,CWE-17,"static void ndisc_router_discovery(struct sk_buff *skb) { struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); struct neighbour *neigh = NULL; struct inet6_dev *in6_dev; struct rt6_info *rt = NULL; int lifetime; struct ndisc_options ndopts; int optlen; unsigned int pref = 0; __u8 *opt = (__u8 *)(ra_msg + 1); optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) - sizeof(struct ra_msg); ND_PRINTK(2, info, ""RA: %s, dev: %s\n"", __func__, skb->dev->name); if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { ND_PRINTK(2, warn, ""RA: source address is not link-local\n""); return; } if (optlen < 0) { ND_PRINTK(2, warn, ""RA: packet too short\n""); return; } #ifdef CONFIG_IPV6_NDISC_NODETYPE if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { ND_PRINTK(2, warn, ""RA: from host or unauthorized router\n""); return; } #endif in6_dev = __in6_dev_get(skb->dev); if (in6_dev == NULL) { ND_PRINTK(0, err, ""RA: can't find inet6 device for %s\n"", skb->dev->name); return; } if (!ndisc_parse_options(opt, optlen, &ndopts)) { ND_PRINTK(2, warn, ""RA: invalid ND options\n""); return; } if (!ipv6_accept_ra(in6_dev)) { ND_PRINTK(2, info, ""RA: %s, did not accept ra for dev: %s\n"", __func__, skb->dev->name); goto skip_linkparms; } #ifdef CONFIG_IPV6_NDISC_NODETYPE if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { ND_PRINTK(2, info, ""RA: %s, nodetype is NODEFAULT, dev: %s\n"", __func__, skb->dev->name); goto skip_linkparms; } #endif if (in6_dev->if_flags & IF_RS_SENT) { in6_dev->if_flags |= IF_RA_RCVD; } in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | IF_RA_OTHERCONF)) | (ra_msg->icmph.icmp6_addrconf_managed ? IF_RA_MANAGED : 0) | (ra_msg->icmph.icmp6_addrconf_other ? IF_RA_OTHERCONF : 0); if (!in6_dev->cnf.accept_ra_defrtr) { ND_PRINTK(2, info, ""RA: %s, defrtr is false for dev: %s\n"", __func__, skb->dev->name); goto skip_defrtr; } if (!in6_dev->cnf.accept_ra_from_local && ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) { ND_PRINTK(2, info, ""RA from local address detected on dev: %s: default router ignored\n"", skb->dev->name); goto skip_defrtr; } lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); #ifdef CONFIG_IPV6_ROUTER_PREF pref = ra_msg->icmph.icmp6_router_pref; if (pref == ICMPV6_ROUTER_PREF_INVALID || !in6_dev->cnf.accept_ra_rtr_pref) pref = ICMPV6_ROUTER_PREF_MEDIUM; #endif rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); if (rt) { neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); if (!neigh) { ND_PRINTK(0, err, ""RA: %s got default router without neighbour\n"", __func__); ip6_rt_put(rt); return; } } if (rt && lifetime == 0) { ip6_del_rt(rt); rt = NULL; } ND_PRINTK(3, info, ""RA: rt: %p lifetime: %d, for dev: %s\n"", rt, lifetime, skb->dev->name); if (rt == NULL && lifetime) { ND_PRINTK(3, info, ""RA: adding default router\n""); rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); if (rt == NULL) { ND_PRINTK(0, err, ""RA: %s failed to add default route\n"", __func__); return; } neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); if (neigh == NULL) { ND_PRINTK(0, err, ""RA: %s got default router without neighbour\n"", __func__); ip6_rt_put(rt); return; } neigh->flags |= NTF_ROUTER; } else if (rt) { rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); } if (rt) rt6_set_expires(rt, jiffies + (HZ * lifetime)); if (ra_msg->icmph.icmp6_hop_limit) { in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; if (rt) dst_metric_set(&rt->dst, RTAX_HOPLIMIT, ra_msg->icmph.icmp6_hop_limit); } skip_defrtr: if (in6_dev->nd_parms) { unsigned long rtime = ntohl(ra_msg->retrans_timer); if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { rtime = (rtime*HZ)/1000; if (rtime < HZ/10) rtime = HZ/10; NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime); in6_dev->tstamp = jiffies; inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); } rtime = ntohl(ra_msg->reachable_time); if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { rtime = (rtime*HZ)/1000; if (rtime < HZ/10) rtime = HZ/10; if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) { NEIGH_VAR_SET(in6_dev->nd_parms, BASE_REACHABLE_TIME, rtime); NEIGH_VAR_SET(in6_dev->nd_parms, GC_STALETIME, 3 * rtime); in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); in6_dev->tstamp = jiffies; inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); } } } skip_linkparms: if (!neigh) neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, skb->dev, 1); if (neigh) { u8 *lladdr = NULL; if (ndopts.nd_opts_src_lladdr) { lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, skb->dev); if (!lladdr) { ND_PRINTK(2, warn, ""RA: invalid link-layer address length\n""); goto out; } } neigh_update(neigh, lladdr, NUD_STALE, NEIGH_UPDATE_F_WEAK_OVERRIDE| NEIGH_UPDATE_F_OVERRIDE| NEIGH_UPDATE_F_OVERRIDE_ISROUTER| NEIGH_UPDATE_F_ISROUTER); } if (!ipv6_accept_ra(in6_dev)) { ND_PRINTK(2, info, ""RA: %s, accept_ra is false for dev: %s\n"", __func__, skb->dev->name); goto out; } #ifdef CONFIG_IPV6_ROUTE_INFO if (!in6_dev->cnf.accept_ra_from_local && ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) { ND_PRINTK(2, info, ""RA from local address detected on dev: %s: router info ignored.\n"", skb->dev->name); goto skip_routeinfo; } if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { struct nd_opt_hdr *p; for (p = ndopts.nd_opts_ri; p; p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { struct route_info *ri = (struct route_info *)p; #ifdef CONFIG_IPV6_NDISC_NODETYPE if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && ri->prefix_len == 0) continue; #endif if (ri->prefix_len == 0 && !in6_dev->cnf.accept_ra_defrtr) continue; if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) continue; rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3, &ipv6_hdr(skb)->saddr); } } skip_routeinfo: #endif #ifdef CONFIG_IPV6_NDISC_NODETYPE if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { ND_PRINTK(2, info, ""RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n"", __func__, skb->dev->name); goto out; } #endif if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { struct nd_opt_hdr *p; for (p = ndopts.nd_opts_pi; p; p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { addrconf_prefix_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3, ndopts.nd_opts_src_lladdr != NULL); } } if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) { __be32 n; u32 mtu; memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); mtu = ntohl(n); if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { ND_PRINTK(2, warn, ""RA: invalid mtu: %d\n"", mtu); } else if (in6_dev->cnf.mtu6 != mtu) { in6_dev->cnf.mtu6 = mtu; if (rt) dst_metric_set(&rt->dst, RTAX_MTU, mtu); rt6_mtu_change(skb->dev, mtu); } } if (ndopts.nd_useropts) { struct nd_opt_hdr *p; for (p = ndopts.nd_useropts; p; p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { ndisc_ra_useropt(skb, p); } } if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { ND_PRINTK(2, warn, ""RA: invalid RA options\n""); } out: ip6_rt_put(rt); if (neigh) neigh_release(neigh); }",visit repo url,net/ipv6/ndisc.c,https://github.com/torvalds/linux,115604802796649,1 5860,['CWE-200'],"static inline struct raw_sock *raw_sk(const struct sock *sk) { return (struct raw_sock *)sk; }",linux-2.6,,,258711737839641773986685691851951818137,0 5006,['CWE-120'],"int udev_util_encode_string(const char *str, char *str_enc, size_t len) { size_t i, j; if (str == NULL || str_enc == NULL || len == 0) return -1; str_enc[0] = '\0'; for (i = 0, j = 0; str[i] != '\0'; i++) { int seqlen; seqlen = utf8_encoded_valid_unichar(&str[i]); if (seqlen > 1) { memcpy(&str_enc[j], &str[i], seqlen); j += seqlen; i += (seqlen-1); } else if (str[i] == '\\' || !is_whitelisted(str[i], NULL)) { sprintf(&str_enc[j], ""\\x%02x"", (unsigned char) str[i]); j += 4; } else { str_enc[j] = str[i]; j++; } if (j+3 >= len) goto err; } str_enc[j] = '\0'; return 0; err: return -1; }",udev,,,128389350005845428979590129521706681485,0 1329,CWE-787,"static int udf_load_logicalvol(struct super_block *sb, sector_t block, struct kernel_lb_addr *fileset) { struct logicalVolDesc *lvd; int i, j, offset; uint8_t type; struct udf_sb_info *sbi = UDF_SB(sb); struct genericPartitionMap *gpm; uint16_t ident; struct buffer_head *bh; int ret = 0; bh = udf_read_tagged(sb, block, block, &ident); if (!bh) return 1; BUG_ON(ident != TAG_IDENT_LVD); lvd = (struct logicalVolDesc *)bh->b_data; ret = udf_sb_alloc_partition_maps(sb, le32_to_cpu(lvd->numPartitionMaps)); if (ret) goto out_bh; for (i = 0, offset = 0; i < sbi->s_partitions && offset < le32_to_cpu(lvd->mapTableLength); i++, offset += gpm->partitionMapLength) { struct udf_part_map *map = &sbi->s_partmaps[i]; gpm = (struct genericPartitionMap *) &(lvd->partitionMaps[offset]); type = gpm->partitionMapType; if (type == 1) { struct genericPartitionMap1 *gpm1 = (struct genericPartitionMap1 *)gpm; map->s_partition_type = UDF_TYPE1_MAP15; map->s_volumeseqnum = le16_to_cpu(gpm1->volSeqNum); map->s_partition_num = le16_to_cpu(gpm1->partitionNum); map->s_partition_func = NULL; } else if (type == 2) { struct udfPartitionMap2 *upm2 = (struct udfPartitionMap2 *)gpm; if (!strncmp(upm2->partIdent.ident, UDF_ID_VIRTUAL, strlen(UDF_ID_VIRTUAL))) { u16 suf = le16_to_cpu(((__le16 *)upm2->partIdent. identSuffix)[0]); if (suf < 0x0200) { map->s_partition_type = UDF_VIRTUAL_MAP15; map->s_partition_func = udf_get_pblock_virt15; } else { map->s_partition_type = UDF_VIRTUAL_MAP20; map->s_partition_func = udf_get_pblock_virt20; } } else if (!strncmp(upm2->partIdent.ident, UDF_ID_SPARABLE, strlen(UDF_ID_SPARABLE))) { uint32_t loc; struct sparingTable *st; struct sparablePartitionMap *spm = (struct sparablePartitionMap *)gpm; map->s_partition_type = UDF_SPARABLE_MAP15; map->s_type_specific.s_sparing.s_packet_len = le16_to_cpu(spm->packetLength); for (j = 0; j < spm->numSparingTables; j++) { struct buffer_head *bh2; loc = le32_to_cpu( spm->locSparingTable[j]); bh2 = udf_read_tagged(sb, loc, loc, &ident); map->s_type_specific.s_sparing. s_spar_map[j] = bh2; if (bh2 == NULL) continue; st = (struct sparingTable *)bh2->b_data; if (ident != 0 || strncmp( st->sparingIdent.ident, UDF_ID_SPARING, strlen(UDF_ID_SPARING))) { brelse(bh2); map->s_type_specific.s_sparing. s_spar_map[j] = NULL; } } map->s_partition_func = udf_get_pblock_spar15; } else if (!strncmp(upm2->partIdent.ident, UDF_ID_METADATA, strlen(UDF_ID_METADATA))) { struct udf_meta_data *mdata = &map->s_type_specific.s_metadata; struct metadataPartitionMap *mdm = (struct metadataPartitionMap *) &(lvd->partitionMaps[offset]); udf_debug(""Parsing Logical vol part %d type %d id=%s\n"", i, type, UDF_ID_METADATA); map->s_partition_type = UDF_METADATA_MAP25; map->s_partition_func = udf_get_pblock_meta25; mdata->s_meta_file_loc = le32_to_cpu(mdm->metadataFileLoc); mdata->s_mirror_file_loc = le32_to_cpu(mdm->metadataMirrorFileLoc); mdata->s_bitmap_file_loc = le32_to_cpu(mdm->metadataBitmapFileLoc); mdata->s_alloc_unit_size = le32_to_cpu(mdm->allocUnitSize); mdata->s_align_unit_size = le16_to_cpu(mdm->alignUnitSize); if (mdm->flags & 0x01) mdata->s_flags |= MF_DUPLICATE_MD; udf_debug(""Metadata Ident suffix=0x%x\n"", le16_to_cpu(*(__le16 *) mdm->partIdent.identSuffix)); udf_debug(""Metadata part num=%d\n"", le16_to_cpu(mdm->partitionNum)); udf_debug(""Metadata part alloc unit size=%d\n"", le32_to_cpu(mdm->allocUnitSize)); udf_debug(""Metadata file loc=%d\n"", le32_to_cpu(mdm->metadataFileLoc)); udf_debug(""Mirror file loc=%d\n"", le32_to_cpu(mdm->metadataMirrorFileLoc)); udf_debug(""Bitmap file loc=%d\n"", le32_to_cpu(mdm->metadataBitmapFileLoc)); udf_debug(""Flags: %d %d\n"", mdata->s_flags, mdm->flags); } else { udf_debug(""Unknown ident: %s\n"", upm2->partIdent.ident); continue; } map->s_volumeseqnum = le16_to_cpu(upm2->volSeqNum); map->s_partition_num = le16_to_cpu(upm2->partitionNum); } udf_debug(""Partition (%d:%d) type %d on volume %d\n"", i, map->s_partition_num, type, map->s_volumeseqnum); } if (fileset) { struct long_ad *la = (struct long_ad *)&(lvd->logicalVolContentsUse[0]); *fileset = lelb_to_cpu(la->extLocation); udf_debug(""FileSet found in LogicalVolDesc at block=%d, partition=%d\n"", fileset->logicalBlockNum, fileset->partitionReferenceNum); } if (lvd->integritySeqExt.extLength) udf_load_logicalvolint(sb, leea_to_cpu(lvd->integritySeqExt)); out_bh: brelse(bh); return ret; }",visit repo url,fs/udf/super.c,https://github.com/torvalds/linux,10451631822189,1 6067,['CWE-200'],"static int addrconf_notify(struct notifier_block *this, unsigned long event, void * data) { struct net_device *dev = (struct net_device *) data; struct inet6_dev *idev = __in6_dev_get(dev); switch(event) { case NETDEV_UP: switch(dev->type) { case ARPHRD_SIT: addrconf_sit_config(dev); break; case ARPHRD_TUNNEL6: addrconf_ip6_tnl_config(dev); break; case ARPHRD_LOOPBACK: init_loopback(dev); break; default: addrconf_dev_config(dev); break; }; if (idev) { if (idev->cnf.mtu6 != dev->mtu && dev->mtu >= IPV6_MIN_MTU) { rt6_mtu_change(dev, dev->mtu); idev->cnf.mtu6 = dev->mtu; } idev->tstamp = jiffies; inet6_ifinfo_notify(RTM_NEWLINK, idev); if (dev->mtu < IPV6_MIN_MTU) addrconf_ifdown(dev, event != NETDEV_DOWN); } break; case NETDEV_CHANGEMTU: if ( idev && dev->mtu >= IPV6_MIN_MTU) { rt6_mtu_change(dev, dev->mtu); idev->cnf.mtu6 = dev->mtu; break; } case NETDEV_DOWN: case NETDEV_UNREGISTER: addrconf_ifdown(dev, event != NETDEV_DOWN); break; case NETDEV_CHANGE: break; case NETDEV_CHANGENAME: #ifdef CONFIG_SYSCTL if (idev) { addrconf_sysctl_unregister(&idev->cnf); neigh_sysctl_unregister(idev->nd_parms); neigh_sysctl_register(dev, idev->nd_parms, NET_IPV6, NET_IPV6_NEIGH, ""ipv6"", &ndisc_ifinfo_sysctl_change, NULL); addrconf_sysctl_register(idev, &idev->cnf); } #endif break; }; return NOTIFY_OK; }",linux-2.6,,,281923309699485294538057821453887890599,0 5806,['CWE-200'],"static int atalk_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags) { struct sock *sk = sock->sk; struct atalk_sock *at = at_sk(sk); struct sockaddr_at *addr; sk->sk_state = TCP_CLOSE; sock->state = SS_UNCONNECTED; if (addr_len != sizeof(*addr)) return -EINVAL; addr = (struct sockaddr_at *)uaddr; if (addr->sat_family != AF_APPLETALK) return -EAFNOSUPPORT; if (addr->sat_addr.s_node == ATADDR_BCAST && !sock_flag(sk, SOCK_BROADCAST)) { #if 1 printk(KERN_WARNING ""%s is broken and did not set "" ""SO_BROADCAST. It will break when 2.2 is "" ""released.\n"", current->comm); #else return -EACCES; #endif } if (sock_flag(sk, SOCK_ZAPPED)) if (atalk_autobind(sk) < 0) return -EBUSY; if (!atrtr_get_dev(&addr->sat_addr)) return -ENETUNREACH; at->dest_port = addr->sat_port; at->dest_net = addr->sat_addr.s_net; at->dest_node = addr->sat_addr.s_node; sock->state = SS_CONNECTED; sk->sk_state = TCP_ESTABLISHED; return 0; }",linux-2.6,,,78773267144846311143864684858644157339,0 3568,CWE-190,"static int jpc_ppm_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_ppm_t *ppm = &ms->parms.ppm; cstate = 0; if (JAS_CAST(uint, jas_stream_write(out, (char *) ppm->data, ppm->len)) != ppm->len) { return -1; } return 0; }",visit repo url,src/libjasper/jpc/jpc_cs.c,https://github.com/mdadams/jasper,118581758324632,1 820,CWE-20,"static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int rc; pr_debug(""sock=%p sk=%p len=%zu flags=%d\n"", sock, sk, len, flags); skb = skb_recv_datagram(sk, flags, noblock, &rc); if (!skb) return rc; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); return rc ? : copied; }",visit repo url,net/nfc/rawsock.c,https://github.com/torvalds/linux,193439535934568,1 3203,CWE-125,"extract_header_length(uint16_t fc) { int len = 0; switch ((fc >> 10) & 0x3) { case 0x00: if (fc & (1 << 6)) return -1; break; case 0x01: return -1; case 0x02: len += 4; break; case 0x03: len += 10; break; } switch ((fc >> 14) & 0x3) { case 0x00: break; case 0x01: return -1; case 0x02: len += 4; break; case 0x03: len += 10; break; } if (fc & (1 << 6)) { if (len < 2) return -1; len -= 2; } return len; }",visit repo url,print-802_15_4.c,https://github.com/the-tcpdump-group/tcpdump,74472204275100,1 957,['CWE-189'],"SProcShmCreatePixmap(client) ClientPtr client; { register int n; REQUEST(xShmCreatePixmapReq); swaps(&stuff->length, n); REQUEST_SIZE_MATCH(xShmCreatePixmapReq); swapl(&stuff->pid, n); swapl(&stuff->drawable, n); swaps(&stuff->width, n); swaps(&stuff->height, n); swapl(&stuff->shmseg, n); swapl(&stuff->offset, n); return ProcShmCreatePixmap(client); }",xserver,,,180369885436067962755677022098818084617,0 4752,CWE-119,"static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* serial) { cac_private_data_t * priv = CAC_DATA(card); SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->serialnr.len) { *serial = card->serialnr; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } if (priv->cac_id_len) { serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR); memcpy(serial->value, priv->cac_id, priv->cac_id_len); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); }",visit repo url,src/libopensc/card-cac.c,https://github.com/OpenSC/OpenSC,194185458772061,1 6016,CWE-415,"static bool disconnect_cb(struct io *io, void *user_data) { struct bt_att_chan *chan = user_data; struct bt_att *att = chan->att; int err; socklen_t len; len = sizeof(err); if (getsockopt(chan->fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0) { util_debug(chan->att->debug_callback, chan->att->debug_data, ""(chan %p) Failed to obtain disconnect"" "" error: %s"", chan, strerror(errno)); err = 0; } util_debug(chan->att->debug_callback, chan->att->debug_data, ""Channel %p disconnected: %s"", chan, strerror(err)); queue_remove(att->chans, chan); queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op); queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op); queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op); if (chan->pending_req) { disc_att_send_op(chan->pending_req); chan->pending_req = NULL; } if (chan->pending_ind) { disc_att_send_op(chan->pending_ind); chan->pending_ind = NULL; } bt_att_chan_free(chan); if (!queue_isempty(att->chans)) return false; bt_att_ref(att); queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err)); bt_att_unregister_all(att); bt_att_unref(att); return false; }",visit repo url,src/shared/att.c,https://github.com/bluez/bluez,231818204585399,1 2931,CWE-310,"int hashtable_set(hashtable_t *hashtable, const char *key, size_t serial, json_t *value) { pair_t *pair; bucket_t *bucket; size_t hash, index; if(hashtable->size >= num_buckets(hashtable)) if(hashtable_do_rehash(hashtable)) return -1; hash = hash_str(key); index = hash % num_buckets(hashtable); bucket = &hashtable->buckets[index]; pair = hashtable_find_pair(hashtable, bucket, key, hash); if(pair) { json_decref(pair->value); pair->value = value; } else { pair = jsonp_malloc(offsetof(pair_t, key) + strlen(key) + 1); if(!pair) return -1; pair->hash = hash; pair->serial = serial; strcpy(pair->key, key); pair->value = value; list_init(&pair->list); insert_to_bucket(hashtable, bucket, &pair->list); hashtable->size++; } return 0; }",visit repo url,src/hashtable.c,https://github.com/akheron/jansson,61002653497007,1 5866,CWE-835,"static pj_status_t avi_get_frame(pjmedia_port *this_port, pjmedia_frame *frame) { struct avi_reader_port *fport = (struct avi_reader_port*)this_port; pj_status_t status = PJ_SUCCESS; pj_ssize_t size_read = 0, size_to_read = 0; pj_assert(fport->base.info.signature == SIGNATURE); if (fport->eof) { PJ_LOG(5,(THIS_FILE, ""File port %.*s EOF"", (int)fport->base.info.name.slen, fport->base.info.name.ptr)); if (fport->cb2) { pj_bool_t no_loop = (fport->options & PJMEDIA_AVI_FILE_NO_LOOP); if (!fport->subscribed) { status = pjmedia_event_subscribe(NULL, &file_on_event, fport, fport); fport->subscribed = (status == PJ_SUCCESS)? PJ_TRUE: PJ_FALSE; } if (fport->subscribed && fport->eof != 2) { pjmedia_event event; if (no_loop) { fport->eof = 2; } else { fport->eof = PJ_FALSE; pj_file_setpos(fport->fd, fport->start_data, PJ_SEEK_SET); } pjmedia_event_init(&event, PJMEDIA_EVENT_CALLBACK, NULL, fport); pjmedia_event_publish(NULL, fport, &event, PJMEDIA_EVENT_PUBLISH_POST_EVENT); } frame->type = PJMEDIA_FRAME_TYPE_NONE; frame->size = 0; return (no_loop? PJ_EEOF: PJ_SUCCESS); } else if (fport->cb) { status = (*fport->cb)(this_port, fport->base.port_data.pdata); } if ((status != PJ_SUCCESS) || (fport->options & PJMEDIA_AVI_FILE_NO_LOOP)) { frame->type = PJMEDIA_FRAME_TYPE_NONE; frame->size = 0; return PJ_EEOF; } PJ_LOG(5,(THIS_FILE, ""File port %.*s rewinding.."", (int)fport->base.info.name.slen, fport->base.info.name.ptr)); fport->eof = PJ_FALSE; pj_file_setpos(fport->fd, fport->start_data, PJ_SEEK_SET); } if (fport->base.info.fmt.type == PJMEDIA_TYPE_AUDIO && (fport->fmt_id == PJMEDIA_FORMAT_PCMA || fport->fmt_id == PJMEDIA_FORMAT_PCMU)) { frame->size >>= 1; } size_to_read = frame->size; do { pjmedia_avi_subchunk ch = {0, 0}; char *cid; unsigned stream_id; if (fport->size_left > 0 && fport->size_left < size_to_read) { status = file_read3(fport->fd, frame->buf, fport->size_left, fport->bits_per_sample, &size_read); if (status != PJ_SUCCESS) goto on_error2; size_to_read -= fport->size_left; fport->size_left = 0; } if (fport->size_left == 0) { pj_off_t pos; pj_file_getpos(fport->fd, &pos); if (fport->pad) { status = pj_file_setpos(fport->fd, fport->pad, PJ_SEEK_CUR); fport->pad = 0; } status = file_read(fport->fd, &ch, sizeof(pjmedia_avi_subchunk)); if (status != PJ_SUCCESS) { size_read = 0; goto on_error2; } cid = (char *)&ch.id; if (cid[0] >= '0' && cid[0] <= '9' && cid[1] >= '0' && cid[1] <= '9') { stream_id = (cid[0] - '0') * 10 + (cid[1] - '0'); } else stream_id = 100; fport->pad = (pj_uint8_t)ch.len & 1; TRACE_((THIS_FILE, ""Reading movi data at pos %u (%x), id: %.*s, "" ""length: %u"", (unsigned long)pos, (unsigned long)pos, 4, cid, ch.len)); if (stream_id != fport->stream_id) { if (COMPARE_TAG(ch.id, PJMEDIA_AVI_LIST_TAG)) PJ_LOG(5, (THIS_FILE, ""Unsupported LIST tag found in "" ""the movi data."")); else if (COMPARE_TAG(ch.id, PJMEDIA_AVI_RIFF_TAG)) { PJ_LOG(3, (THIS_FILE, ""Unsupported format: multiple "" ""AVIs in a single file."")); status = AVI_EOF; goto on_error2; } status = pj_file_setpos(fport->fd, ch.len, PJ_SEEK_CUR); continue; } fport->size_left = ch.len; } frame->type = (fport->base.info.fmt.type == PJMEDIA_TYPE_VIDEO ? PJMEDIA_FRAME_TYPE_VIDEO : PJMEDIA_FRAME_TYPE_AUDIO); if (frame->type == PJMEDIA_FRAME_TYPE_AUDIO) { if (size_to_read > fport->size_left) size_to_read = fport->size_left; status = file_read3(fport->fd, (char *)frame->buf + frame->size - size_to_read, size_to_read, fport->bits_per_sample, &size_read); if (status != PJ_SUCCESS) goto on_error2; fport->size_left -= size_to_read; } else { pj_assert(frame->size >= ch.len); status = file_read3(fport->fd, frame->buf, ch.len, 0, &size_read); if (status != PJ_SUCCESS) goto on_error2; frame->size = ch.len; fport->size_left = 0; } break; } while(1); frame->timestamp.u64 = fport->next_ts.u64; if (frame->type == PJMEDIA_FRAME_TYPE_AUDIO) { if (fport->fmt_id == PJMEDIA_FORMAT_PCMA || fport->fmt_id == PJMEDIA_FORMAT_PCMU) { unsigned i; pj_uint16_t *dst; pj_uint8_t *src; dst = (pj_uint16_t*)frame->buf + frame->size - 1; src = (pj_uint8_t*)frame->buf + frame->size - 1; if (fport->fmt_id == PJMEDIA_FORMAT_PCMU) { for (i = 0; i < frame->size; ++i) { *dst-- = (pj_uint16_t) pjmedia_ulaw2linear(*src--); } } else { for (i = 0; i < frame->size; ++i) { *dst-- = (pj_uint16_t) pjmedia_alaw2linear(*src--); } } frame->size <<= 1; } if (fport->usec_per_frame) { fport->next_ts.u64 += (fport->usec_per_frame * fport->base.info.fmt.det.aud.clock_rate / 1000000); } else { fport->next_ts.u64 += (frame->size * fport->base.info.fmt.det.aud.clock_rate / (fport->base.info.fmt.det.aud.avg_bps / 8)); } } else { if (fport->usec_per_frame) { fport->next_ts.u64 += (fport->usec_per_frame * VIDEO_CLOCK_RATE / 1000000); } else { fport->next_ts.u64 += (frame->size * VIDEO_CLOCK_RATE / (fport->base.info.fmt.det.vid.avg_bps / 8)); } } return PJ_SUCCESS; on_error2: if (status == AVI_EOF) { fport->eof = PJ_TRUE; size_to_read -= size_read; if (size_to_read == (pj_ssize_t)frame->size) { frame->type = PJMEDIA_FRAME_TYPE_NONE; frame->size = 0; return PJ_EEOF; } pj_bzero((char *)frame->buf + frame->size - size_to_read, size_to_read); return PJ_SUCCESS; } return status; }",visit repo url,pjmedia/src/pjmedia/avi_player.c,https://github.com/pjsip/pjproject,185032141454614,1 1355,['CWE-399'],"static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) { if (INET_ECN_is_ce(iph->tos)) IP6_ECN_set_ce(ipv6_hdr(skb)); }",linux-2.6,,,73836368338022276132391947450862608091,0 3140,['CWE-189'],"int jas_image_addfmt(int id, char *name, char *ext, char *desc, jas_image_fmtops_t *ops) { jas_image_fmtinfo_t *fmtinfo; assert(id >= 0 && name && ext && ops); if (jas_image_numfmts >= JAS_IMAGE_MAXFMTS) { return -1; } fmtinfo = &jas_image_fmtinfos[jas_image_numfmts]; fmtinfo->id = id; if (!(fmtinfo->name = jas_strdup(name))) { return -1; } if (!(fmtinfo->ext = jas_strdup(ext))) { jas_free(fmtinfo->name); return -1; } if (!(fmtinfo->desc = jas_strdup(desc))) { jas_free(fmtinfo->name); jas_free(fmtinfo->ext); return -1; } fmtinfo->ops = *ops; ++jas_image_numfmts; return 0; }",jasper,,,6016339438507191741337923741973004852,0 2891,['CWE-189'],"void jpc_pchglist_destroy(jpc_pchglist_t *pchglist) { int pchgno; if (pchglist->pchgs) { for (pchgno = 0; pchgno < pchglist->numpchgs; ++pchgno) { jpc_pchg_destroy(pchglist->pchgs[pchgno]); } jas_free(pchglist->pchgs); } jas_free(pchglist); }",jasper,,,62185532455164158368249470046919995937,0 5899,CWE-787,"gif_process_raster( gif_context_t *s, gif_t *g ) { SIXELSTATUS status = SIXEL_FALSE; unsigned char lzw_cs; signed int len, code; unsigned int first; signed int codesize, codemask, avail, oldcode, bits, valid_bits, clear; gif_lzw *p; lzw_cs = gif_get8(s); clear = 1 << lzw_cs; first = 1; codesize = lzw_cs + 1; codemask = (1 << codesize) - 1; bits = 0; valid_bits = 0; for (code = 0; code < clear; code++) { g->codes[code].prefix = -1; g->codes[code].first = (unsigned char) code; g->codes[code].suffix = (unsigned char) code; } avail = clear + 2; oldcode = (-1); len = 0; for(;;) { if (valid_bits < codesize) { if (len == 0) { len = gif_get8(s); if (len == 0) { return SIXEL_OK; } } --len; bits |= (signed int) gif_get8(s) << valid_bits; valid_bits += 8; } else { code = bits & codemask; bits >>= codesize; valid_bits -= codesize; if (code == clear) { codesize = lzw_cs + 1; codemask = (1 << codesize) - 1; avail = clear + 2; oldcode = -1; first = 0; } else if (code == clear + 1) { s->img_buffer += len; while ((len = gif_get8(s)) > 0) { s->img_buffer += len; } return SIXEL_OK; } else if (code <= avail) { if (first) { sixel_helper_set_additional_message( ""corrupt GIF (reason: no clear code).""); status = SIXEL_RUNTIME_ERROR; goto end; } if (oldcode >= 0) { if (avail < 4096) { p = &g->codes[avail++]; p->prefix = (signed short) oldcode; p->first = g->codes[oldcode].first; p->suffix = (code == avail) ? p->first : g->codes[code].first; } } else if (code == avail) { sixel_helper_set_additional_message( ""corrupt GIF (reason: illegal code in raster).""); status = SIXEL_RUNTIME_ERROR; goto end; } gif_out_code(g, (unsigned short) code); if ((avail & codemask) == 0 && avail <= 0x0FFF) { codesize++; codemask = (1 << codesize) - 1; } oldcode = code; } else { sixel_helper_set_additional_message( ""corrupt GIF (reason: illegal code in raster).""); status = SIXEL_RUNTIME_ERROR; goto end; } } } status = SIXEL_OK; end: return status; }",visit repo url,src/fromgif.c,https://github.com/saitoha/libsixel,9887182352602,1 2287,['CWE-120'],"asmlinkage long sys_mkdir(const char __user *pathname, int mode) { return sys_mkdirat(AT_FDCWD, pathname, mode); }",linux-2.6,,,211212898393589118721546860616085064820,0 2274,['CWE-120'],"asmlinkage long sys_mkdirat(int dfd, const char __user *pathname, int mode) { int error = 0; char * tmp; struct dentry *dentry; struct nameidata nd; tmp = getname(pathname); error = PTR_ERR(tmp); if (IS_ERR(tmp)) goto out_err; error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd); if (error) goto out; dentry = lookup_create(&nd, 1); error = PTR_ERR(dentry); if (IS_ERR(dentry)) goto out_unlock; if (!IS_POSIXACL(nd.path.dentry->d_inode)) mode &= ~current->fs->umask; error = mnt_want_write(nd.path.mnt); if (error) goto out_dput; error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode); mnt_drop_write(nd.path.mnt); out_dput: dput(dentry); out_unlock: mutex_unlock(&nd.path.dentry->d_inode->i_mutex); path_put(&nd.path); out: putname(tmp); out_err: return error; }",linux-2.6,,,102796622629321348565651410627951018061,0 6372,[],"org_gnome_format_tnef (gpointer ep, EMFormatHookTarget *t) { gchar *tmpdir, *name; CamelStream *out; struct dirent *d; DIR *dir; CamelMultipart *mp; CamelMimePart *mainpart; CamelDataWrapper *content; gint len; TNEFStruct tnef; tmpdir = e_mkdtemp(""tnef-attachment-XXXXXX""); if (tmpdir == NULL) return; name = g_build_filename(tmpdir, "".evo-attachment.tnef"", NULL); out = camel_stream_fs_new_with_name (name, O_RDWR|O_CREAT, 0666, NULL); if (out == NULL) goto fail; content = camel_medium_get_content ((CamelMedium *)t->part); if (content == NULL) goto fail; if (camel_data_wrapper_decode_to_stream_sync (content, out, NULL, NULL) == -1 || camel_stream_close (out, NULL, NULL) == -1) { g_object_unref (out); goto fail; } g_object_unref (out); TNEFInitialize (&tnef); tnef.Debug = verbose; if (TNEFParseFile (name, &tnef) == -1) { printf(""ERROR processing file\n""); } processTnef (&tnef, tmpdir); TNEFFree (&tnef); dir = opendir (tmpdir); if (dir == NULL) goto fail; mainpart = camel_mime_part_new (); mp = camel_multipart_new (); camel_data_wrapper_set_mime_type((CamelDataWrapper *)mp, ""multipart/mixed""); camel_multipart_set_boundary (mp, NULL); camel_medium_set_content ((CamelMedium *)mainpart, (CamelDataWrapper *)mp); while ((d = readdir (dir))) { CamelMimePart *part; CamelDataWrapper *content; CamelStream *stream; gchar *path; const gchar *type; if (!strcmp(d->d_name, ""."") || !strcmp(d->d_name, "".."") || !strcmp(d->d_name, "".evo-attachment.tnef"")) continue; path = g_build_filename (tmpdir, d->d_name, NULL); stream = camel_stream_fs_new_with_name (path, O_RDONLY, 0, NULL); content = camel_data_wrapper_new (); camel_data_wrapper_construct_from_stream_sync ( content, stream, NULL, NULL); g_object_unref (stream); part = camel_mime_part_new (); camel_mime_part_set_encoding (part, CAMEL_TRANSFER_ENCODING_BINARY); camel_medium_set_content ((CamelMedium *)part, content); g_object_unref (content); type = em_format_snoop_type (part); if (type) camel_data_wrapper_set_mime_type ((CamelDataWrapper *)part, type); camel_mime_part_set_filename (part, d->d_name); g_free (path); camel_multipart_add_part (mp, part); g_object_unref (part); } closedir (dir); len = t->format->part_id->len; g_string_append_printf(t->format->part_id, "".tnef""); if (camel_multipart_get_number (mp) > 0) em_format_part_as ( t->format, t->stream, mainpart, ""multipart/mixed"", NULL); else if (t->item->handler.old) t->item->handler.old->handler ( t->format, t->stream, t->part, t->item->handler.old, NULL, FALSE); g_string_truncate (t->format->part_id, len); g_object_unref (mp); g_object_unref (mainpart); goto ok; fail: if (t->item->handler.old) t->item->handler.old->handler ( t->format, t->stream, t->part, t->item->handler.old, NULL, FALSE); ok: g_free (name); g_free (tmpdir); }",evolution,,,92741043431780911686949114633024072575,0 2365,['CWE-200'],"is_midi_dev(struct seq_oss_devinfo *dp, int dev) { if (dev < 0 || dev >= dp->max_synthdev) return 0; if (dp->synths[dev].is_midi) return 1; return 0; }",linux-2.6,,,72584795862229584843888457808922271644,0 4048,CWE-125,"static int string_scan_range(RList *list, const ut8 *buf, int min, const ut64 from, const ut64 to, int type) { ut8 tmp[R_STRING_SCAN_BUFFER_SIZE]; ut64 str_start, needle = from; int count = 0, i, rc, runes; int str_type = R_STRING_TYPE_DETECT; if (type == -1) { type = R_STRING_TYPE_DETECT; } if (!buf || !min) { return -1; } while (needle < to) { rc = r_utf8_decode (buf + needle, to - needle, NULL); if (!rc) { needle++; continue; } if (type == R_STRING_TYPE_DETECT) { char *w = (char *)buf + needle + rc; if ((to - needle) > 4) { bool is_wide32 = needle + rc + 2 < to && !w[0] && !w[1] && !w[2] && w[3] && !w[4]; if (is_wide32) { str_type = R_STRING_TYPE_WIDE32; } else { bool is_wide = needle + rc + 2 < to && !w[0] && w[1] && !w[2]; str_type = is_wide? R_STRING_TYPE_WIDE: R_STRING_TYPE_ASCII; } } else { str_type = R_STRING_TYPE_ASCII; } } else { str_type = type; } runes = 0; str_start = needle; for (rc = i = 0; i < sizeof (tmp) - 3 && needle < to; i += rc) { RRune r = {0}; if (str_type == R_STRING_TYPE_WIDE32) { rc = r_utf32le_decode (buf + needle, to - needle, &r); if (rc) { rc = 4; } } else if (str_type == R_STRING_TYPE_WIDE) { rc = r_utf16le_decode (buf + needle, to - needle, &r); if (rc == 1) { rc = 2; } } else { rc = r_utf8_decode (buf + needle, to - needle, &r); if (rc > 1) { str_type = R_STRING_TYPE_UTF8; } } if (!rc) { needle++; break; } needle += rc; if (r_isprint (r)) { if (str_type == R_STRING_TYPE_WIDE32) { if (r == 0xff) { r = 0; } } rc = r_utf8_encode (&tmp[i], r); runes++; } else if (r && r < 0x100 && strchr (""\b\v\f\n\r\t\a\e"", (char)r)) { if ((i + 32) < sizeof (tmp) && r < 28) { tmp[i + 0] = '\\'; tmp[i + 1] = "" abtnvfr e""[r]; } else { break; } rc = 2; runes++; } else { break; } } tmp[i++] = '\0'; if (runes >= min) { if (str_type == R_STRING_TYPE_ASCII) { int j; for (j = 0; j < i; j++) { char ch = tmp[j]; if (ch != '\n' && ch != '\r' && ch != '\t') { if (!IS_PRINTABLE (tmp[j])) { continue; } } } } if (list) { RBinString *new = R_NEW0 (RBinString); if (!new) { break; } new->type = str_type; new->length = runes; new->size = needle - str_start; new->ordinal = count++; switch (str_type) { case R_STRING_TYPE_WIDE: { const ut8 *p = buf + str_start - 2; if (p[0] == 0xff && p[1] == 0xfe) { str_start -= 2; } } break; case R_STRING_TYPE_WIDE32: { const ut8 *p = buf + str_start - 4; if (p[0] == 0xff && p[1] == 0xfe) { str_start -= 4; } } break; } new->paddr = new->vaddr = str_start; new->string = r_str_ndup ((const char *)tmp, i); r_list_append (list, new); } else { printf (""0x%08"" PFMT64x "" %s\n"", str_start, tmp); } } } return count; }",visit repo url,libr/bin/bin.c,https://github.com/radare/radare2,82885877789935,1 673,[],"static int jpc_crg_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_crg_t *crg = &ms->parms.crg; int compno; jpc_crgcomp_t *comp; for (compno = 0, comp = crg->comps; compno < crg->numcomps; ++compno, ++comp) { fprintf(out, ""hoff[%d] = %d; voff[%d] = %d\n"", compno, comp->hoff, compno, comp->voff); } return 0; }",jasper,,,308564314468290369911546370727631302073,0 5569,CWE-125,"ast2obj_comprehension(void* _o) { comprehension_ty o = (comprehension_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(comprehension_type, NULL, NULL); if (!result) return NULL; value = ast2obj_expr(o->target); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_target, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->iter); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_iter, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->ifs, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ifs, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_int(o->is_async); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_is_async, value) == -1) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,271519012214704,1 2627,[],"static int sctp_setsockopt_context(struct sock *sk, char __user *optval, int optlen) { struct sctp_assoc_value params; struct sctp_sock *sp; struct sctp_association *asoc; if (optlen != sizeof(struct sctp_assoc_value)) return -EINVAL; if (copy_from_user(¶ms, optval, optlen)) return -EFAULT; sp = sctp_sk(sk); if (params.assoc_id != 0) { asoc = sctp_id2assoc(sk, params.assoc_id); if (!asoc) return -EINVAL; asoc->default_rcv_context = params.assoc_value; } else { sp->default_rcv_context = params.assoc_value; } return 0; }",linux-2.6,,,269234422992743764755944232084470427002,0 3411,['CWE-264'],"asmlinkage long sys_statfs64(const char __user *path, size_t sz, struct statfs64 __user *buf) { struct nameidata nd; long error; if (sz != sizeof(*buf)) return -EINVAL; error = user_path_walk(path, &nd); if (!error) { struct statfs64 tmp; error = vfs_statfs64(nd.dentry, &tmp); if (!error && copy_to_user(buf, &tmp, sizeof(tmp))) error = -EFAULT; path_release(&nd); } return error; }",linux-2.6,,,34202552789686318757777554305781881695,0 6356,['CWE-200'],"void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev) { int i; write_lock_bh(&tbl->lock); for (i=0; i <= tbl->hash_mask; i++) { struct neighbour *n, **np; np = &tbl->hash_buckets[i]; while ((n = *np) != NULL) { if (dev && n->dev != dev) { np = &n->next; continue; } *np = n->next; write_lock_bh(&n->lock); n->dead = 1; neigh_del_timer(n); write_unlock_bh(&n->lock); neigh_release(n); } } write_unlock_bh(&tbl->lock); }",linux-2.6,,,324256316935261495873573172795943237800,0 3830,[],"int cap_bprm_set_security (struct linux_binprm *bprm) { int ret; ret = get_file_caps(bprm); if (!issecure(SECURE_NOROOT)) { if (bprm->e_uid == 0 || current->uid == 0) { bprm->cap_post_exec_permitted = cap_combine( current->cap_bset, current->cap_inheritable ); bprm->cap_effective = (bprm->e_uid == 0); ret = 0; } } return ret; }",linux-2.6,,,180666316448388857416535723227118589547,0 4848,['CWE-189'],"ecryptfs_encrypt_filename(struct ecryptfs_filename *filename, struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_mount_crypt_stat *mount_crypt_stat) { int rc = 0; filename->encrypted_filename = NULL; filename->encrypted_filename_size = 0; if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCFN_USE_MOUNT_FNEK)) || (mount_crypt_stat && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) { size_t packet_size; size_t remaining_bytes; rc = ecryptfs_write_tag_70_packet( NULL, NULL, &filename->encrypted_filename_size, mount_crypt_stat, NULL, filename->filename_size); if (rc) { printk(KERN_ERR ""%s: Error attempting to get packet "" ""size for tag 72; rc = [%d]\n"", __func__, rc); filename->encrypted_filename_size = 0; goto out; } filename->encrypted_filename = kmalloc(filename->encrypted_filename_size, GFP_KERNEL); if (!filename->encrypted_filename) { printk(KERN_ERR ""%s: Out of memory whilst attempting "" ""to kmalloc [%zd] bytes\n"", __func__, filename->encrypted_filename_size); rc = -ENOMEM; goto out; } remaining_bytes = filename->encrypted_filename_size; rc = ecryptfs_write_tag_70_packet(filename->encrypted_filename, &remaining_bytes, &packet_size, mount_crypt_stat, filename->filename, filename->filename_size); if (rc) { printk(KERN_ERR ""%s: Error attempting to generate "" ""tag 70 packet; rc = [%d]\n"", __func__, rc); kfree(filename->encrypted_filename); filename->encrypted_filename = NULL; filename->encrypted_filename_size = 0; goto out; } filename->encrypted_filename_size = packet_size; } else { printk(KERN_ERR ""%s: No support for requested filename "" ""encryption method in this release\n"", __func__); rc = -ENOTSUPP; goto out; } out: return rc; }",linux-2.6,,,299969045469775266398487507671417192239,0 1499,CWE-264,"static unsigned int stack_maxrandom_size(void) { unsigned int max = 0; if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { max = ((-1U) & STACK_RND_MASK) << PAGE_SHIFT; } return max; }",visit repo url,arch/x86/mm/mmap.c,https://github.com/torvalds/linux,212269737677068,1 473,CWE-20,"int key_reject_and_link(struct key *key, unsigned timeout, unsigned error, struct key *keyring, struct key *authkey) { struct assoc_array_edit *edit; struct timespec now; int ret, awaken, link_ret = 0; key_check(key); key_check(keyring); awaken = 0; ret = -EBUSY; if (keyring) { if (keyring->restrict_link) return -EPERM; link_ret = __key_link_begin(keyring, &key->index_key, &edit); } mutex_lock(&key_construction_mutex); if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { atomic_inc(&key->user->nikeys); key->reject_error = -error; smp_wmb(); set_bit(KEY_FLAG_NEGATIVE, &key->flags); set_bit(KEY_FLAG_INSTANTIATED, &key->flags); now = current_kernel_time(); key->expiry = now.tv_sec + timeout; key_schedule_gc(key->expiry + key_gc_delay); if (test_and_clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags)) awaken = 1; ret = 0; if (keyring && link_ret == 0) __key_link(key, &edit); if (authkey) key_revoke(authkey); } mutex_unlock(&key_construction_mutex); if (keyring && link_ret == 0) __key_link_end(keyring, &key->index_key, edit); if (awaken) wake_up_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT); return ret == 0 ? link_ret : ret; }",visit repo url,security/keys/key.c,https://github.com/torvalds/linux,85871888251795,1 2211,NVD-CWE-noinfo,"static int nfs4_intent_set_file(struct nameidata *nd, struct path *path, struct nfs4_state *state) { struct file *filp; int ret; if (nd->intent.open.flags & FMODE_EXEC) { ret = nfs_may_open(state->inode, state->owner->so_cred, nd->intent.open.flags); if (ret < 0) goto out_close; } filp = lookup_instantiate_filp(nd, path->dentry, NULL); if (!IS_ERR(filp)) { struct nfs_open_context *ctx; ctx = nfs_file_open_context(filp); ctx->state = state; return 0; } ret = PTR_ERR(filp); out_close: nfs4_close_sync(path, state, nd->intent.open.flags); return ret; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,134533287804549,1 676,[],"void jpc_ms_dump(jpc_ms_t *ms, FILE *out) { jpc_mstabent_t *mstabent; mstabent = jpc_mstab_lookup(ms->id); fprintf(out, ""type = 0x%04x (%s);"", ms->id, mstabent->name); if (JPC_MS_HASPARMS(ms->id)) { fprintf(out, "" len = %d;"", ms->len + 2); if (ms->ops->dumpparms) { (*ms->ops->dumpparms)(ms, out); } else { fprintf(out, ""\n""); } } else { fprintf(out, ""\n""); } }",jasper,,,83186496692336333107858069454642956905,0 5260,CWE-476,"vips_foreign_load_start( VipsImage *out, void *a, void *b ) { VipsForeignLoad *load = VIPS_FOREIGN_LOAD( b ); VipsForeignLoadClass *class = VIPS_FOREIGN_LOAD_GET_CLASS( load ); if( !load->real ) { if( !(load->real = vips_foreign_load_temp( load )) ) return( NULL ); #ifdef DEBUG printf( ""vips_foreign_load_start: triggering ->load()\n"" ); #endif load->real->progress_signal = load->out; g_object_set_qdata( G_OBJECT( load->real ), vips__foreign_load_operation, load ); if( class->load( load ) || vips_image_pio_input( load->real ) ) return( NULL ); if( !vips_foreign_load_iscompat( load->real, out ) ) return( NULL ); vips_image_pipelinev( load->out, load->out->dhint, load->real, NULL ); } return( vips_region_new( load->real ) ); }",visit repo url,libvips/foreign/foreign.c,https://github.com/jcupitt/libvips,220928657930084,1 4994,CWE-125,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 6301,CWE-295,"static LUA_FUNCTION(openssl_x509_check_email) { X509 * cert = CHECK_OBJECT(1, X509, ""openssl.x509""); if (lua_isstring(L, 2)) { const char *email = lua_tostring(L, 2); lua_pushboolean(L, X509_check_email(cert, email, strlen(email), 0)); } else { lua_pushboolean(L, 0); } return 1; }",visit repo url,src/x509.c,https://github.com/zhaozg/lua-openssl,220394121189620,1 6256,['CWE-200'],"static void *ipmr_mfc_seq_next(struct seq_file *seq, void *v, loff_t *pos) { struct mfc_cache *mfc = v; struct ipmr_mfc_iter *it = seq->private; ++*pos; if (v == SEQ_START_TOKEN) return ipmr_mfc_seq_idx(seq->private, 0); if (mfc->next) return mfc->next; if (it->cache == &mfc_unres_queue) goto end_of_list; BUG_ON(it->cache != mfc_cache_array); while (++it->ct < MFC_LINES) { mfc = mfc_cache_array[it->ct]; if (mfc) return mfc; } read_unlock(&mrt_lock); it->cache = &mfc_unres_queue; it->ct = 0; spin_lock_bh(&mfc_unres_lock); mfc = mfc_unres_queue; if (mfc) return mfc; end_of_list: spin_unlock_bh(&mfc_unres_lock); it->cache = NULL; return NULL; }",linux-2.6,,,161159901408982519952390525935442826311,0 2964,['CWE-189'],"int jpc_encode(jas_image_t *image, jas_stream_t *out, char *optstr) { jpc_enc_t *enc; jpc_enc_cp_t *cp; enc = 0; cp = 0; jpc_initluts(); if (!(cp = cp_create(optstr, image))) { jas_eprintf(""invalid JP encoder options\n""); goto error; } if (!(enc = jpc_enc_create(cp, out, image))) { goto error; } cp = 0; if (jpc_enc_encodemainhdr(enc)) { goto error; } if (jpc_enc_encodemainbody(enc)) { goto error; } if (!(enc->mrk = jpc_ms_create(JPC_MS_EOC))) { goto error; } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write EOI marker\n""); goto error; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (jas_stream_flush(enc->out)) { goto error; } jpc_enc_destroy(enc); return 0; error: if (cp) { jpc_enc_cp_destroy(cp); } if (enc) { jpc_enc_destroy(enc); } return -1; }",jasper,,,64364247553923177849495779513971769047,0 3730,CWE-125,"static int read_new_config_info (WavpackContext *wpc, WavpackMetadata *wpmd) { int bytecnt = wpmd->byte_length; unsigned char *byteptr = wpmd->data; wpc->version_five = 1; wpc->file_format = wpc->config.qmode = wpc->channel_layout = 0; if (wpc->channel_reordering) { free (wpc->channel_reordering); wpc->channel_reordering = NULL; } if (bytecnt) { wpc->file_format = *byteptr++; wpc->config.qmode = (wpc->config.qmode & ~0xff) | *byteptr++; bytecnt -= 2; if (bytecnt) { int nchans, i; wpc->channel_layout = (int32_t) *byteptr++ << 16; bytecnt--; if (bytecnt) { wpc->channel_layout += nchans = *byteptr++; bytecnt--; if (bytecnt) { if (bytecnt > nchans) return FALSE; wpc->channel_reordering = malloc (nchans); if (wpc->channel_reordering) { for (i = 0; i < nchans; ++i) if (bytecnt) { wpc->channel_reordering [i] = *byteptr++; bytecnt--; } else wpc->channel_reordering [i] = i; } } } else wpc->channel_layout += wpc->config.num_channels; } } return TRUE; }",visit repo url,src/open_utils.c,https://github.com/dbry/WavPack,215536530621628,1 6736,CWE-835,"ssize_t mgs_transport_read(gnutls_transport_ptr_t ptr, void *buffer, size_t len) { mgs_handle_t *ctxt = ptr; apr_size_t in = len; apr_read_type_e block = ctxt->input_block; ctxt->input_rc = APR_SUCCESS; if (!len || buffer == NULL) { return 0; } if (!ctxt->input_bb) { ctxt->input_rc = APR_EOF; gnutls_transport_set_errno(ctxt->session, ECONNABORTED); return -1; } if (APR_BRIGADE_EMPTY(ctxt->input_bb)) { apr_status_t rc = ap_get_brigade(ctxt->input_filter->next, ctxt->input_bb, AP_MODE_READBYTES, ctxt->input_block, in); if (APR_STATUS_IS_EAGAIN(rc) || APR_STATUS_IS_EINTR(rc) || (rc == APR_SUCCESS && APR_BRIGADE_EMPTY(ctxt->input_bb))) { ctxt->input_rc = (rc != APR_SUCCESS ? rc : APR_EINTR); gnutls_transport_set_errno(ctxt->session, EAI_APR_TO_RAW(ctxt->input_rc)); return -1; } if (ctxt->input_block == APR_BLOCK_READ && APR_STATUS_IS_TIMEUP(rc) && APR_BRIGADE_EMPTY(ctxt->input_bb)) { ctxt->input_rc = rc; gnutls_transport_set_errno(ctxt->session, EAGAIN); return -1; } if (rc != APR_SUCCESS) { ap_log_cerror(APLOG_MARK, APLOG_INFO, rc, ctxt->c, ""%s: Unexpected error!"", __func__); apr_brigade_cleanup(ctxt->input_bb); ctxt->input_bb = NULL; gnutls_transport_set_errno(ctxt->session, EIO); return -1; } } ctxt->input_rc = brigade_consume(ctxt->input_bb, block, buffer, &len); if (ctxt->input_rc == APR_SUCCESS) { return (ssize_t) len; } if (APR_STATUS_IS_EAGAIN(ctxt->input_rc) || APR_STATUS_IS_EINTR(ctxt->input_rc)) { if (len == 0) { gnutls_transport_set_errno(ctxt->session, EAI_APR_TO_RAW(ctxt->input_rc)); return -1; } return (ssize_t) len; } apr_brigade_cleanup(ctxt->input_bb); ctxt->input_bb = NULL; if (APR_STATUS_IS_EOF(ctxt->input_rc) && len) { return (ssize_t) len; } gnutls_transport_set_errno(ctxt->session, EIO); return -1; }",visit repo url,src/gnutls_io.c,https://github.com/airtower-luna/mod_gnutls,266008724436121,1 2596,['CWE-189'],"int dccp_disconnect(struct sock *sk, int flags) { struct inet_connection_sock *icsk = inet_csk(sk); struct inet_sock *inet = inet_sk(sk); int err = 0; const int old_state = sk->sk_state; if (old_state != DCCP_CLOSED) dccp_set_state(sk, DCCP_CLOSED); if (old_state == DCCP_LISTEN) { inet_csk_listen_stop(sk); } else if (dccp_need_reset(old_state)) { dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED); sk->sk_err = ECONNRESET; } else if (old_state == DCCP_REQUESTING) sk->sk_err = ECONNRESET; dccp_clear_xmit_timers(sk); __skb_queue_purge(&sk->sk_receive_queue); if (sk->sk_send_head != NULL) { __kfree_skb(sk->sk_send_head); sk->sk_send_head = NULL; } inet->dport = 0; if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) inet_reset_saddr(sk); sk->sk_shutdown = 0; sock_reset_flag(sk, SOCK_DONE); icsk->icsk_backoff = 0; inet_csk_delack_init(sk); __sk_dst_reset(sk); WARN_ON(inet->num && !icsk->icsk_bind_hash); sk->sk_error_report(sk); return err; }",linux-2.6,,,339397173603021568996625147420261506996,0 3267,['CWE-189'],"static void jpc_picomp_destroy(jpc_picomp_t *picomp) { int rlvlno; jpc_pirlvl_t *pirlvl; if (picomp->pirlvls) { for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl) { pirlvl_destroy(pirlvl); } jas_free(picomp->pirlvls); } }",jasper,,,85830772558964364351847281708121089444,0 2388,['CWE-119'],"static void emit_line(FILE *file, const char *set, const char *reset, const char *line, int len) { int has_trailing_newline = (len > 0 && line[len-1] == '\n'); if (has_trailing_newline) len--; fputs(set, file); fwrite(line, len, 1, file); fputs(reset, file); if (has_trailing_newline) fputc('\n', file); }",git,,,212090543560942940220266400417917180942,0 5008,CWE-125,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 6018,['CWE-200'],"int ipv6_dev_get_saddr(struct net_device *dev, struct in6_addr *daddr, struct in6_addr *saddr) { struct inet6_ifaddr *ifp = NULL; struct inet6_ifaddr *match = NULL; struct inet6_dev *idev; int scope; int err; int hiscore = -1, score; scope = ipv6_addr_scope(daddr); if (dev) { if (dev->flags & IFF_LOOPBACK) scope = IFA_HOST; read_lock(&addrconf_lock); idev = __in6_dev_get(dev); if (idev) { read_lock_bh(&idev->lock); for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) { if (ifp->scope == scope) { if (ifp->flags&IFA_F_TENTATIVE) continue; #ifdef CONFIG_IPV6_PRIVACY score = ipv6_saddr_pref(ifp, idev->cnf.use_tempaddr > 1 ? IFA_F_TEMPORARY : 0); #else score = ipv6_saddr_pref(ifp, 0); #endif if (score <= hiscore) continue; if (match) in6_ifa_put(match); match = ifp; hiscore = score; in6_ifa_hold(ifp); if (IPV6_GET_SADDR_MAXSCORE(score)) { read_unlock_bh(&idev->lock); read_unlock(&addrconf_lock); goto out; } } } read_unlock_bh(&idev->lock); } read_unlock(&addrconf_lock); } if (scope == IFA_LINK) goto out; read_lock(&dev_base_lock); read_lock(&addrconf_lock); for (dev = dev_base; dev; dev=dev->next) { idev = __in6_dev_get(dev); if (idev) { read_lock_bh(&idev->lock); for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) { if (ifp->scope == scope) { if (ifp->flags&IFA_F_TENTATIVE) continue; #ifdef CONFIG_IPV6_PRIVACY score = ipv6_saddr_pref(ifp, idev->cnf.use_tempaddr > 1 ? IFA_F_TEMPORARY : 0); #else score = ipv6_saddr_pref(ifp, 0); #endif if (score <= hiscore) continue; if (match) in6_ifa_put(match); match = ifp; hiscore = score; in6_ifa_hold(ifp); if (IPV6_GET_SADDR_MAXSCORE(score)) { read_unlock_bh(&idev->lock); goto out_unlock_base; } } } read_unlock_bh(&idev->lock); } } out_unlock_base: read_unlock(&addrconf_lock); read_unlock(&dev_base_lock); out: err = -EADDRNOTAVAIL; if (match) { ipv6_addr_copy(saddr, &match->addr); err = 0; in6_ifa_put(match); } return err; }",linux-2.6,,,138640581385757409580829826782711812120,0 5164,['CWE-20'],"static int vmx_get_mt_mask_shift(void) { return VMX_EPT_MT_EPTE_SHIFT; }",linux-2.6,,,147753000783817139502503518018145265096,0 2859,['CWE-119'],"int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl, struct posix_acl **pacl, struct posix_acl **dpacl, unsigned int flags) { struct posix_acl_state effective_acl_state, default_acl_state; struct nfs4_ace *ace; int ret; ret = init_state(&effective_acl_state, acl->naces); if (ret) return ret; ret = init_state(&default_acl_state, acl->naces); if (ret) goto out_estate; ret = -EINVAL; for (ace = acl->aces; ace < acl->aces + acl->naces; ace++) { if (ace->type != NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE && ace->type != NFS4_ACE_ACCESS_DENIED_ACE_TYPE) goto out_dstate; if (ace->flag & ~NFS4_SUPPORTED_FLAGS) goto out_dstate; if ((ace->flag & NFS4_INHERITANCE_FLAGS) == 0) { process_one_v4_ace(&effective_acl_state, ace); continue; } if (!(flags & NFS4_ACL_DIR)) goto out_dstate; process_one_v4_ace(&default_acl_state, ace); if (!(ace->flag & NFS4_ACE_INHERIT_ONLY_ACE)) process_one_v4_ace(&effective_acl_state, ace); } *pacl = posix_state_to_acl(&effective_acl_state, flags); if (IS_ERR(*pacl)) { ret = PTR_ERR(*pacl); *pacl = NULL; goto out_dstate; } *dpacl = posix_state_to_acl(&default_acl_state, flags | NFS4_ACL_TYPE_DEFAULT); if (IS_ERR(*dpacl)) { ret = PTR_ERR(*dpacl); *dpacl = NULL; posix_acl_release(*pacl); *pacl = NULL; goto out_dstate; } sort_pacl(*pacl); sort_pacl(*dpacl); ret = 0; out_dstate: free_state(&default_acl_state); out_estate: free_state(&effective_acl_state); return ret; }",linux-2.6,,,232241552094274923803868026476691693737,0 5809,CWE-476,"service_info *FindServiceEventURLPath( service_table *table, const char *eventURLPath) { service_info *finger = NULL; uri_type parsed_url; uri_type parsed_url_in; if (table && parse_uri(eventURLPath, strlen(eventURLPath), &parsed_url_in) == HTTP_SUCCESS) { finger = table->serviceList; while (finger) { if (finger->eventURL) { if (parse_uri(finger->eventURL, strlen(finger->eventURL), &parsed_url) == HTTP_SUCCESS) { if (!token_cmp(&parsed_url.pathquery, &parsed_url_in.pathquery)) { return finger; } } } finger = finger->next; } } return NULL; }",visit repo url,upnp/src/genlib/service_table/service_table.c,https://github.com/pupnp/pupnp,218294258363151,1 2732,[],"static int sctp_setsockopt_nodelay(struct sock *sk, char __user *optval, int optlen) { int val; if (optlen < sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; sctp_sk(sk)->nodelay = (val == 0) ? 0 : 1; return 0; }",linux-2.6,,,10414734317686679701659906905322281763,0 255,[],"fat_short2lower_uni(struct nls_table *t, unsigned char *c, int clen, wchar_t *uni) { int charlen; wchar_t wc; charlen = t->char2uni(c, clen, &wc); if (charlen < 0) { *uni = 0x003f; charlen = 1; } else if (charlen <= 1) { unsigned char nc = t->charset2lower[*c]; if (!nc) nc = *c; if ( (charlen = t->char2uni(&nc, 1, uni)) < 0) { *uni = 0x003f; charlen = 1; } } else *uni = wc; return charlen; }",linux-2.6,,,213008848159762026595205031270196425690,0 3527,['CWE-20'],"sctp_disposition_t sctp_sf_pdiscard(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { SCTP_INC_STATS(SCTP_MIB_IN_PKT_DISCARDS); sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL()); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,96596794325061057374543042440251767509,0 3917,['CWE-399'],"static int tda985x_getmode(struct CHIPSTATE *chip) { int mode; mode = ((TDA985x_STP | TDA985x_SAPP) & chip_read(chip)) >> 4; return mode | V4L2_TUNER_MODE_MONO; }",linux-2.6,,,140425515685801120095870561592319247887,0 5421,CWE-776,"prologProcessor(XML_Parser parser, const char *s, const char *end, const char **nextPtr) { const char *next = s; int tok = XmlPrologTok(parser->m_encoding, s, end, &next); return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, (XML_Bool)! parser->m_parsingStatus.finalBuffer); }",visit repo url,expat/lib/xmlparse.c,https://github.com/libexpat/libexpat,246307924374930,1 1961,['CWE-20'],"int migrate_pages(struct list_head *from, new_page_t get_new_page, unsigned long private) { int retry = 1; int nr_failed = 0; int pass = 0; struct page *page; struct page *page2; int swapwrite = current->flags & PF_SWAPWRITE; int rc; if (!swapwrite) current->flags |= PF_SWAPWRITE; for(pass = 0; pass < 10 && retry; pass++) { retry = 0; list_for_each_entry_safe(page, page2, from, lru) { cond_resched(); rc = unmap_and_move(get_new_page, private, page, pass > 2); switch(rc) { case -ENOMEM: goto out; case -EAGAIN: retry++; break; case 0: break; default: nr_failed++; break; } } } rc = 0; out: if (!swapwrite) current->flags &= ~PF_SWAPWRITE; putback_lru_pages(from); if (rc) return rc; return nr_failed + retry; }",linux-2.6,,,143537591120570056369312203206023488771,0 4121,CWE-125,"static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, unsigned char **p, unsigned char *end ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t len; ((void) ssl); if( (*p) > end - 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message "" ""(psk_identity_hint length)"" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } len = (*p)[0] << 8 | (*p)[1]; *p += 2; if( (*p) + len > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message "" ""(psk_identity_hint length)"" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } *p += len; ret = 0; return( ret ); }",visit repo url,library/ssl_cli.c,https://github.com/ARMmbed/mbedtls,171510245479659,1 986,['CWE-94'],"static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe, struct pipe_buffer *buf) { struct page *page = buf->page; int err; if (!PageUptodate(page)) { lock_page(page); if (!page->mapping) { err = -ENODATA; goto error; } if (!PageUptodate(page)) { err = -EIO; goto error; } unlock_page(page); } return 0; error: unlock_page(page); return err; }",linux-2.6,,,323910665139930306049722872126192246061,0 2834,[],"static int dio_bio_reap(struct dio *dio) { int ret = 0; if (dio->reap_counter++ >= 64) { while (dio->bio_list) { unsigned long flags; struct bio *bio; int ret2; spin_lock_irqsave(&dio->bio_lock, flags); bio = dio->bio_list; dio->bio_list = bio->bi_private; spin_unlock_irqrestore(&dio->bio_lock, flags); ret2 = dio_bio_complete(dio, bio); if (ret == 0) ret = ret2; } dio->reap_counter = 0; } return ret; }",linux-2.6,,,176312567257391645759233639398871819614,0 1239,NVD-CWE-Other,"struct inet_peer *inet_getpeer(struct inetpeer_addr *daddr, int create) { struct inet_peer __rcu **stack[PEER_MAXDEPTH], ***stackptr; struct inet_peer_base *base = family_to_base(daddr->family); struct inet_peer *p; unsigned int sequence; int invalidated, gccnt = 0; rcu_read_lock(); sequence = read_seqbegin(&base->lock); p = lookup_rcu(daddr, base); invalidated = read_seqretry(&base->lock, sequence); rcu_read_unlock(); if (p) return p; if (!create && !invalidated) return NULL; write_seqlock_bh(&base->lock); relookup: p = lookup(daddr, stack, base); if (p != peer_avl_empty) { atomic_inc(&p->refcnt); write_sequnlock_bh(&base->lock); return p; } if (!gccnt) { gccnt = inet_peer_gc(base, stack, stackptr); if (gccnt && create) goto relookup; } p = create ? kmem_cache_alloc(peer_cachep, GFP_ATOMIC) : NULL; if (p) { p->daddr = *daddr; atomic_set(&p->refcnt, 1); atomic_set(&p->rid, 0); atomic_set(&p->ip_id_count, secure_ip_id(daddr->addr.a4)); p->tcp_ts_stamp = 0; p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW; p->rate_tokens = 0; p->rate_last = 0; p->pmtu_expires = 0; p->pmtu_orig = 0; memset(&p->redirect_learned, 0, sizeof(p->redirect_learned)); link_to_pool(p, base); base->total++; } write_sequnlock_bh(&base->lock); return p; }",visit repo url,net/ipv4/inetpeer.c,https://github.com/torvalds/linux,198564318696690,1 5242,CWE-787,"ptaReadStream(FILE *fp) { char typestr[128]; l_int32 i, n, ix, iy, type, version; l_float32 x, y; PTA *pta; PROCNAME(""ptaReadStream""); if (!fp) return (PTA *)ERROR_PTR(""stream not defined"", procName, NULL); if (fscanf(fp, ""\n Pta Version %d\n"", &version) != 1) return (PTA *)ERROR_PTR(""not a pta file"", procName, NULL); if (version != PTA_VERSION_NUMBER) return (PTA *)ERROR_PTR(""invalid pta version"", procName, NULL); if (fscanf(fp, "" Number of pts = %d; format = %s\n"", &n, typestr) != 2) return (PTA *)ERROR_PTR(""not a pta file"", procName, NULL); if (!strcmp(typestr, ""float"")) type = 0; else type = 1; if ((pta = ptaCreate(n)) == NULL) return (PTA *)ERROR_PTR(""pta not made"", procName, NULL); for (i = 0; i < n; i++) { if (type == 0) { if (fscanf(fp, "" (%f, %f)\n"", &x, &y) != 2) { ptaDestroy(&pta); return (PTA *)ERROR_PTR(""error reading floats"", procName, NULL); } ptaAddPt(pta, x, y); } else { if (fscanf(fp, "" (%d, %d)\n"", &ix, &iy) != 2) { ptaDestroy(&pta); return (PTA *)ERROR_PTR(""error reading ints"", procName, NULL); } ptaAddPt(pta, ix, iy); } } return pta; }",visit repo url,src/ptabasic.c,https://github.com/DanBloomberg/leptonica,147386766932266,1 6058,CWE-190,"void bn_gen_prime_basic(bn_t a, int bits) { while (1) { do { bn_rand(a, RLC_POS, bits); } while (bn_bits(a) != bits); if (bn_is_prime(a)) { return; } } }",visit repo url,src/bn/relic_bn_prime.c,https://github.com/relic-toolkit/relic,275399469096595,1 4860,['CWE-189'],"static void ecryptfs_copy_mount_wide_flags_to_inode_flags( struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_mount_crypt_stat *mount_crypt_stat) { if (mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) { crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES; if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK) crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK; else if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCFN_USE_FEK) crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK; } }",linux-2.6,,,281506798891054053130707203242543280591,0 34,['CWE-264'],"static int pdo_sqlite_fetch_error_func(pdo_dbh_t *dbh, pdo_stmt_t *stmt, zval *info TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; pdo_sqlite_error_info *einfo = &H->einfo; if (einfo->errcode) { add_next_index_long(info, einfo->errcode); add_next_index_string(info, einfo->errmsg, 1); } return 1; }",php-src,,,220287018858754287341244796263905306090,0 766,CWE-20,"static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); struct sk_buff *skb; size_t copied; int err; IRDA_DEBUG(4, ""%s()\n"", __func__); msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) return err; skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { IRDA_DEBUG(2, ""%s(), Received truncated frame (%zd < %zd)!\n"", __func__, copied, size); copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",visit repo url,net/irda/af_irda.c,https://github.com/torvalds/linux,97188153830666,1 3459,['CWE-20'],"sctp_disposition_t sctp_sf_do_9_2_prm_shutdown( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { int disposition; sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD)); disposition = SCTP_DISPOSITION_CONSUME; if (sctp_outq_is_empty(&asoc->outqueue)) { disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type, arg, commands); } return disposition; }",linux-2.6,,,143824810113462736675820601664544084961,0 3574,CWE-190,"static int jpc_enc_encodemainhdr(jpc_enc_t *enc) { jpc_siz_t *siz; jpc_cod_t *cod; jpc_qcd_t *qcd; int i; long startoff; long mainhdrlen; jpc_enc_cp_t *cp; jpc_qcc_t *qcc; jpc_enc_tccp_t *tccp; uint_fast16_t cmptno; jpc_tsfb_band_t bandinfos[JPC_MAXBANDS]; jpc_fix_t mctsynweight; jpc_enc_tcp_t *tcp; jpc_tsfb_t *tsfb; jpc_tsfb_band_t *bandinfo; uint_fast16_t numbands; uint_fast16_t bandno; uint_fast16_t rlvlno; uint_fast16_t analgain; jpc_fix_t absstepsize; char buf[1024]; jpc_com_t *com; cp = enc->cp; startoff = jas_stream_getrwcount(enc->out); if (!(enc->mrk = jpc_ms_create(JPC_MS_SOC))) { return -1; } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write SOC marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (!(enc->mrk = jpc_ms_create(JPC_MS_SIZ))) { return -1; } siz = &enc->mrk->parms.siz; siz->caps = 0; siz->xoff = cp->imgareatlx; siz->yoff = cp->imgareatly; siz->width = cp->refgrdwidth; siz->height = cp->refgrdheight; siz->tilexoff = cp->tilegrdoffx; siz->tileyoff = cp->tilegrdoffy; siz->tilewidth = cp->tilewidth; siz->tileheight = cp->tileheight; siz->numcomps = cp->numcmpts; siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)); assert(siz->comps); for (i = 0; i < JAS_CAST(int, cp->numcmpts); ++i) { siz->comps[i].prec = cp->ccps[i].prec; siz->comps[i].sgnd = cp->ccps[i].sgnd; siz->comps[i].hsamp = cp->ccps[i].sampgrdstepx; siz->comps[i].vsamp = cp->ccps[i].sampgrdstepy; } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write SIZ marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (!(enc->mrk = jpc_ms_create(JPC_MS_COM))) { return -1; } sprintf(buf, ""Creator: JasPer Version %s"", jas_getversion()); com = &enc->mrk->parms.com; com->len = JAS_CAST(uint_fast16_t, strlen(buf)); com->regid = JPC_COM_LATIN; if (!(com->data = JAS_CAST(uchar *, jas_strdup(buf)))) { abort(); } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write COM marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; #if 0 if (!(enc->mrk = jpc_ms_create(JPC_MS_CRG))) { return -1; } crg = &enc->mrk->parms.crg; crg->comps = jas_alloc2(crg->numcomps, sizeof(jpc_crgcomp_t)); if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write CRG marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; #endif tcp = &cp->tcp; tccp = &cp->tccp; for (cmptno = 0; cmptno < cp->numcmpts; ++cmptno) { tsfb = jpc_cod_gettsfb(tccp->qmfbid, tccp->maxrlvls - 1); jpc_tsfb_getbands(tsfb, 0, 0, 1 << tccp->maxrlvls, 1 << tccp->maxrlvls, bandinfos); jpc_tsfb_destroy(tsfb); mctsynweight = jpc_mct_getsynweight(tcp->mctid, cmptno); numbands = 3 * tccp->maxrlvls - 2; for (bandno = 0, bandinfo = bandinfos; bandno < numbands; ++bandno, ++bandinfo) { rlvlno = (bandno) ? ((bandno - 1) / 3 + 1) : 0; analgain = JPC_NOMINALGAIN(tccp->qmfbid, tccp->maxrlvls, rlvlno, bandinfo->orient); if (!tcp->intmode) { absstepsize = jpc_fix_div(jpc_inttofix(1 << (analgain + 1)), bandinfo->synenergywt); } else { absstepsize = jpc_inttofix(1); } cp->ccps[cmptno].stepsizes[bandno] = jpc_abstorelstepsize(absstepsize, cp->ccps[cmptno].prec + analgain); } cp->ccps[cmptno].numstepsizes = numbands; } if (!(enc->mrk = jpc_ms_create(JPC_MS_COD))) { return -1; } cod = &enc->mrk->parms.cod; cod->csty = cp->tccp.csty | cp->tcp.csty; cod->compparms.csty = cp->tccp.csty | cp->tcp.csty; cod->compparms.numdlvls = cp->tccp.maxrlvls - 1; cod->compparms.numrlvls = cp->tccp.maxrlvls; cod->prg = cp->tcp.prg; cod->numlyrs = cp->tcp.numlyrs; cod->compparms.cblkwidthval = JPC_COX_CBLKSIZEEXPN(cp->tccp.cblkwidthexpn); cod->compparms.cblkheightval = JPC_COX_CBLKSIZEEXPN(cp->tccp.cblkheightexpn); cod->compparms.cblksty = cp->tccp.cblksty; cod->compparms.qmfbid = cp->tccp.qmfbid; cod->mctrans = (cp->tcp.mctid != JPC_MCT_NONE); if (tccp->csty & JPC_COX_PRT) { for (rlvlno = 0; rlvlno < tccp->maxrlvls; ++rlvlno) { cod->compparms.rlvls[rlvlno].parwidthval = tccp->prcwidthexpns[rlvlno]; cod->compparms.rlvls[rlvlno].parheightval = tccp->prcheightexpns[rlvlno]; } } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write COD marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (!(enc->mrk = jpc_ms_create(JPC_MS_QCD))) { return -1; } qcd = &enc->mrk->parms.qcd; qcd->compparms.qntsty = (tccp->qmfbid == JPC_COX_INS) ? JPC_QCX_SEQNT : JPC_QCX_NOQNT; qcd->compparms.numstepsizes = cp->ccps[0].numstepsizes; qcd->compparms.numguard = cp->tccp.numgbits; qcd->compparms.stepsizes = cp->ccps[0].stepsizes; if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { return -1; } qcd->compparms.stepsizes = 0; jpc_ms_destroy(enc->mrk); enc->mrk = 0; tccp = &cp->tccp; for (cmptno = 1; cmptno < cp->numcmpts; ++cmptno) { if (!(enc->mrk = jpc_ms_create(JPC_MS_QCC))) { return -1; } qcc = &enc->mrk->parms.qcc; qcc->compno = cmptno; qcc->compparms.qntsty = (tccp->qmfbid == JPC_COX_INS) ? JPC_QCX_SEQNT : JPC_QCX_NOQNT; qcc->compparms.numstepsizes = cp->ccps[cmptno].numstepsizes; qcc->compparms.numguard = cp->tccp.numgbits; qcc->compparms.stepsizes = cp->ccps[cmptno].stepsizes; if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { return -1; } qcc->compparms.stepsizes = 0; jpc_ms_destroy(enc->mrk); enc->mrk = 0; } #define MAINTLRLEN 2 mainhdrlen = jas_stream_getrwcount(enc->out) - startoff; enc->len += mainhdrlen; if (enc->cp->totalsize != UINT_FAST32_MAX) { uint_fast32_t overhead; overhead = mainhdrlen + MAINTLRLEN; enc->mainbodysize = (enc->cp->totalsize >= overhead) ? (enc->cp->totalsize - overhead) : 0; } else { enc->mainbodysize = UINT_FAST32_MAX; } return 0; }",visit repo url,src/libjasper/jpc/jpc_enc.c,https://github.com/mdadams/jasper,59504939398017,1 1775,[]," __releases(rq->lock) { struct mm_struct *mm = rq->prev_mm; long prev_state; rq->prev_mm = NULL; prev_state = prev->state; finish_arch_switch(prev); finish_lock_switch(rq, prev); #ifdef CONFIG_SMP if (current->sched_class->post_schedule) current->sched_class->post_schedule(rq); #endif fire_sched_in_preempt_notifiers(current); if (mm) mmdrop(mm); if (unlikely(prev_state == TASK_DEAD)) { kprobe_flush_task(prev); put_task_struct(prev); } }",linux-2.6,,,299428797011040809814653247391955742028,0 35,CWE-763,"acc_ctx_hints(OM_uint32 *minor_status, gss_ctx_id_t *ctx, spnego_gss_cred_id_t spcred, gss_buffer_t *mechListMIC, OM_uint32 *negState, send_token_flag *return_token) { OM_uint32 tmpmin, ret; gss_OID_set supported_mechSet; spnego_gss_ctx_id_t sc = NULL; *mechListMIC = GSS_C_NO_BUFFER; supported_mechSet = GSS_C_NO_OID_SET; *return_token = NO_TOKEN_SEND; *negState = REJECT; *minor_status = 0; if (*ctx != GSS_C_NO_CONTEXT) return GSS_S_DEFECTIVE_TOKEN; ret = get_negotiable_mechs(minor_status, spcred, GSS_C_ACCEPT, &supported_mechSet); if (ret != GSS_S_COMPLETE) goto cleanup; ret = make_NegHints(minor_status, mechListMIC); if (ret != GSS_S_COMPLETE) goto cleanup; sc = create_spnego_ctx(); if (sc == NULL) { ret = GSS_S_FAILURE; goto cleanup; } if (put_mech_set(supported_mechSet, &sc->DER_mechTypes) < 0) { ret = GSS_S_FAILURE; goto cleanup; } sc->internal_mech = GSS_C_NO_OID; *negState = ACCEPT_INCOMPLETE; *return_token = INIT_TOKEN_SEND; sc->firstpass = 1; *ctx = (gss_ctx_id_t)sc; sc = NULL; ret = GSS_S_COMPLETE; cleanup: release_spnego_ctx(&sc); gss_release_oid_set(&tmpmin, &supported_mechSet); return ret; }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,174273638323155,1 2330,CWE-120,"void gtkui_conf_read(void) { FILE *fd; const char *path; char line[100], name[30]; short value; #ifdef OS_WINDOWS path = ec_win_get_user_dir(); #else path = g_get_tmp_dir(); #endif filename = g_build_filename(path, "".ettercap_gtk"", NULL); DEBUG_MSG(""gtkui_conf_read: %s"", filename); fd = fopen(filename, ""r""); if(!fd) return; while(fgets(line, 100, fd)) { sscanf(line, ""%s = %hd"", name, &value); gtkui_conf_set(name, value); } fclose(fd); }",visit repo url,src/interfaces/gtk/ec_gtk_conf.c,https://github.com/Ettercap/ettercap,54560368107546,1 161,[],"static inline void compat_nfs_string(struct nfs_string *dst, struct compat_nfs_string *src) { dst->data = compat_ptr(src->data); dst->len = src->len; }",linux-2.6,,,109793380188742715891151899538145883373,0 2913,['CWE-189'],"jas_image_t *jas_image_chclrspc(jas_image_t *image, jas_cmprof_t *outprof, int intent) { jas_image_t *inimage; int minhstep; int minvstep; int i; int j; int k; int n; int hstep; int vstep; int numinauxchans; int numoutauxchans; int numinclrchans; int numoutclrchans; int prec; jas_image_t *outimage; int cmpttype; int numoutchans; jas_cmprof_t *inprof; jas_cmprof_t *tmpprof; jas_image_cmptparm_t cmptparm; int width; int height; jas_cmxform_t *xform; jas_cmpixmap_t inpixmap; jas_cmpixmap_t outpixmap; jas_cmcmptfmt_t *incmptfmts; jas_cmcmptfmt_t *outcmptfmts; #if 0 jas_eprintf(""IMAGE\n""); jas_image_dump(image, stderr); #endif if (!(inimage = jas_image_copy(image))) goto error; image = 0; if (!jas_image_ishomosamp(inimage)) { minhstep = jas_image_cmpthstep(inimage, 0); minvstep = jas_image_cmptvstep(inimage, 0); for (i = 1; i < jas_image_numcmpts(inimage); ++i) { hstep = jas_image_cmpthstep(inimage, i); vstep = jas_image_cmptvstep(inimage, i); if (hstep < minhstep) minhstep = hstep; if (vstep < minvstep) minvstep = vstep; } n = jas_image_numcmpts(inimage); for (i = 0; i < n; ++i) { cmpttype = jas_image_cmpttype(inimage, i); if (jas_image_sampcmpt(inimage, i, i + 1, 0, 0, minhstep, minvstep, jas_image_cmptsgnd(inimage, i), jas_image_cmptprec(inimage, i))) goto error; jas_image_setcmpttype(inimage, i + 1, cmpttype); jas_image_delcmpt(inimage, i); } } width = jas_image_cmptwidth(inimage, 0); height = jas_image_cmptheight(inimage, 0); hstep = jas_image_cmpthstep(inimage, 0); vstep = jas_image_cmptvstep(inimage, 0); inprof = jas_image_cmprof(inimage); assert(inprof); numinclrchans = jas_clrspc_numchans(jas_cmprof_clrspc(inprof)); numinauxchans = jas_image_numcmpts(inimage) - numinclrchans; numoutclrchans = jas_clrspc_numchans(jas_cmprof_clrspc(outprof)); numoutauxchans = 0; numoutchans = numoutclrchans + numoutauxchans; prec = 8; if (!(outimage = jas_image_create0())) goto error; for (i = 0; i < numoutclrchans; ++i) { cmptparm.tlx = 0; cmptparm.tly = 0; cmptparm.hstep = hstep; cmptparm.vstep = vstep; cmptparm.width = width; cmptparm.height = height; cmptparm.prec = prec; cmptparm.sgnd = 0; if (jas_image_addcmpt(outimage, -1, &cmptparm)) goto error; jas_image_setcmpttype(outimage, i, JAS_IMAGE_CT_COLOR(i)); } #if 0 for (i = 0; i < jas_image_numcmpts(inimage); ++i) { if (!ISCOLOR(jas_image_cmpttype(inimage, i))) { jas_image_copycmpt(outimage, -1, inimage, i); } } #endif if (!(tmpprof = jas_cmprof_copy(outprof))) goto error; assert(!jas_image_cmprof(outimage)); jas_image_setcmprof(outimage, tmpprof); tmpprof = 0; jas_image_setclrspc(outimage, jas_cmprof_clrspc(outprof)); if (!(xform = jas_cmxform_create(inprof, outprof, 0, JAS_CMXFORM_OP_FWD, intent, 0))) goto error; inpixmap.numcmpts = numinclrchans; incmptfmts = malloc(numinclrchans * sizeof(jas_cmcmptfmt_t)); assert(incmptfmts); inpixmap.cmptfmts = incmptfmts; for (i = 0; i < numinclrchans; ++i) { j = jas_image_getcmptbytype(inimage, JAS_IMAGE_CT_COLOR(i)); assert(j >= 0); if (!(incmptfmts[i].buf = malloc(width * sizeof(long)))) goto error; incmptfmts[i].prec = jas_image_cmptprec(inimage, j); incmptfmts[i].sgnd = jas_image_cmptsgnd(inimage, j); incmptfmts[i].width = width; incmptfmts[i].height = 1; } outpixmap.numcmpts = numoutclrchans; outcmptfmts = malloc(numoutclrchans * sizeof(jas_cmcmptfmt_t)); assert(outcmptfmts); outpixmap.cmptfmts = outcmptfmts; for (i = 0; i < numoutclrchans; ++i) { j = jas_image_getcmptbytype(outimage, JAS_IMAGE_CT_COLOR(i)); assert(j >= 0); if (!(outcmptfmts[i].buf = malloc(width * sizeof(long)))) goto error; outcmptfmts[i].prec = jas_image_cmptprec(outimage, j); outcmptfmts[i].sgnd = jas_image_cmptsgnd(outimage, j); outcmptfmts[i].width = width; outcmptfmts[i].height = 1; } for (i = 0; i < height; ++i) { for (j = 0; j < numinclrchans; ++j) { k = jas_image_getcmptbytype(inimage, JAS_IMAGE_CT_COLOR(j)); if (jas_image_readcmpt2(inimage, k, 0, i, width, 1, incmptfmts[j].buf)) goto error; } jas_cmxform_apply(xform, &inpixmap, &outpixmap); for (j = 0; j < numoutclrchans; ++j) { k = jas_image_getcmptbytype(outimage, JAS_IMAGE_CT_COLOR(j)); if (jas_image_writecmpt2(outimage, k, 0, i, width, 1, outcmptfmts[j].buf)) goto error; } } for (i = 0; i < numoutclrchans; ++i) jas_free(outcmptfmts[i].buf); jas_free(outcmptfmts); for (i = 0; i < numinclrchans; ++i) jas_free(incmptfmts[i].buf); jas_free(incmptfmts); jas_cmxform_destroy(xform); jas_image_destroy(inimage); #if 0 jas_eprintf(""INIMAGE\n""); jas_image_dump(inimage, stderr); jas_eprintf(""OUTIMAGE\n""); jas_image_dump(outimage, stderr); #endif return outimage; error: return 0; }",jasper,,,291120294607828319329903776735532835544,0 3356,CWE-119,"void xmlrpc_char_encode(char *outbuffer, const char *s1) { long unsigned int i; unsigned char c; char buf2[15]; mowgli_string_t *s = mowgli_string_create(); *buf2 = '\0'; *outbuffer = '\0'; if ((!(s1) || (*(s1) == '\0'))) { return; } for (i = 0; s1[i] != '\0'; i++) { c = s1[i]; if (c > 127) { snprintf(buf2, sizeof buf2, ""&#%d;"", c); s->append(s, buf2, strlen(buf2)); } else if (c == '&') { s->append(s, ""&"", 5); } else if (c == '<') { s->append(s, ""<"", 4); } else if (c == '>') { s->append(s, "">"", 4); } else if (c == '""') { s->append(s, """"", 6); } else { s->append_char(s, c); } } memcpy(outbuffer, s->str, XMLRPC_BUFSIZE); }",visit repo url,modules/transport/xmlrpc/xmlrpclib.c,https://github.com/atheme/atheme,97231526078962,1 3610,CWE-264,"static void start_daemon() { struct usb_sock_t *usb_sock; if (g_options.noprinter_mode == 0) { usb_sock = usb_open(); if (usb_sock == NULL) goto cleanup_usb; } else usb_sock = NULL; uint16_t desired_port = g_options.desired_port; struct tcp_sock_t *tcp_socket; while ((tcp_socket = tcp_open(desired_port)) == NULL && g_options.only_desired_port == 0) { desired_port ++; if (desired_port == 1 || desired_port == 0) desired_port = 49152; } if (tcp_socket == NULL) goto cleanup_tcp; uint16_t real_port = tcp_port_number_get(tcp_socket); if (desired_port != 0 && g_options.only_desired_port == 1 && desired_port != real_port) { ERR(""Received port number did not match requested port number."" "" The requested port number may be too high.""); goto cleanup_tcp; } printf(""%u|"", real_port); fflush(stdout); uint16_t pid; if (!g_options.nofork_mode && (pid = fork()) > 0) { printf(""%u|"", pid); exit(0); } if (usb_can_callback(usb_sock)) usb_register_callback(usb_sock); for (;;) { struct service_thread_param *args = calloc(1, sizeof(*args)); if (args == NULL) { ERR(""Failed to alloc space for thread args""); goto cleanup_thread; } args->usb_sock = usb_sock; args->tcp = tcp_conn_accept(tcp_socket); if (args->tcp == NULL) { ERR(""Failed to open tcp connection""); goto cleanup_thread; } int status = pthread_create(&args->thread_handle, NULL, &service_connection, args); if (status) { ERR(""Failed to spawn thread, error %d"", status); goto cleanup_thread; } continue; cleanup_thread: if (args != NULL) { if (args->tcp != NULL) tcp_conn_close(args->tcp); free(args); } break; } cleanup_tcp: if (tcp_socket!= NULL) tcp_close(tcp_socket); cleanup_usb: if (usb_sock != NULL) usb_close(usb_sock); return; }",visit repo url,src/ippusbxd.c,https://github.com/tillkamppeter/ippusbxd,181912730825456,1 6130,CWE-190,"void ep_map(ep_t p, const uint8_t *msg, int len) { ep_map_dst(p, msg, len, (const uint8_t *)""RELIC"", 5); }",visit repo url,src/ep/relic_ep_map.c,https://github.com/relic-toolkit/relic,80658664070056,1 1334,NVD-CWE-Other,"int __ref online_pages(unsigned long pfn, unsigned long nr_pages) { unsigned long onlined_pages = 0; struct zone *zone; int need_zonelists_rebuild = 0; int nid; int ret; struct memory_notify arg; lock_memory_hotplug(); arg.start_pfn = pfn; arg.nr_pages = nr_pages; arg.status_change_nid = -1; nid = page_to_nid(pfn_to_page(pfn)); if (node_present_pages(nid) == 0) arg.status_change_nid = nid; ret = memory_notify(MEM_GOING_ONLINE, &arg); ret = notifier_to_errno(ret); if (ret) { memory_notify(MEM_CANCEL_ONLINE, &arg); unlock_memory_hotplug(); return ret; } zone = page_zone(pfn_to_page(pfn)); mutex_lock(&zonelists_mutex); if (!populated_zone(zone)) need_zonelists_rebuild = 1; ret = walk_system_ram_range(pfn, nr_pages, &onlined_pages, online_pages_range); if (ret) { mutex_unlock(&zonelists_mutex); printk(KERN_DEBUG ""online_pages [mem %#010llx-%#010llx] failed\n"", (unsigned long long) pfn << PAGE_SHIFT, (((unsigned long long) pfn + nr_pages) << PAGE_SHIFT) - 1); memory_notify(MEM_CANCEL_ONLINE, &arg); unlock_memory_hotplug(); return ret; } zone->present_pages += onlined_pages; zone->zone_pgdat->node_present_pages += onlined_pages; if (need_zonelists_rebuild) build_all_zonelists(NULL, zone); else zone_pcp_update(zone); mutex_unlock(&zonelists_mutex); init_per_zone_wmark_min(); if (onlined_pages) { kswapd_run(zone_to_nid(zone)); node_set_state(zone_to_nid(zone), N_HIGH_MEMORY); } vm_total_pages = nr_free_pagecache_pages(); writeback_set_ratelimit(); if (onlined_pages) memory_notify(MEM_ONLINE, &arg); unlock_memory_hotplug(); return 0; }",visit repo url,mm/memory_hotplug.c,https://github.com/torvalds/linux,109267662158990,1 3411,CWE-522,"static int check_submodule_url(const char *url) { const char *curl_url; if (looks_like_command_line_option(url)) return -1; if (submodule_url_is_relative(url)) { char *decoded = url_decode(url); int has_nl = !!strchr(decoded, '\n'); free(decoded); if (has_nl) return -1; } else if (url_to_curl_url(url, &curl_url)) { struct credential c = CREDENTIAL_INIT; int ret = credential_from_url_gently(&c, curl_url, 1); credential_clear(&c); return ret; } return 0; }",visit repo url,fsck.c,https://github.com/git/git,90028229791949,1 3798,[],"static void unix_sock_destructor(struct sock *sk) { struct unix_sock *u = unix_sk(sk); skb_queue_purge(&sk->sk_receive_queue); BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); BUG_TRAP(sk_unhashed(sk)); BUG_TRAP(!sk->sk_socket); if (!sock_flag(sk, SOCK_DEAD)) { printk(""Attempt to release alive unix socket: %p\n"", sk); return; } if (u->addr) unix_release_addr(u->addr); atomic_dec(&unix_nr_socks); #ifdef UNIX_REFCNT_DEBUG printk(KERN_DEBUG ""UNIX %p is destroyed, %d are still alive.\n"", sk, atomic_read(&unix_nr_socks)); #endif }",linux-2.6,,,146433225830647560160950747519915952918,0 3699,[],"static void scan_children(struct sock *x, void (*func)(struct unix_sock *), struct sk_buff_head *hitlist) { if (x->sk_state != TCP_LISTEN) scan_inflight(x, func, hitlist); else { struct sk_buff *skb; struct sk_buff *next; struct unix_sock *u; LIST_HEAD(embryos); spin_lock(&x->sk_receive_queue.lock); receive_queue_for_each_skb(x, next, skb) { u = unix_sk(skb->sk); BUG_ON(!list_empty(&u->link)); list_add_tail(&u->link, &embryos); } spin_unlock(&x->sk_receive_queue.lock); while (!list_empty(&embryos)) { u = list_entry(embryos.next, struct unix_sock, link); scan_inflight(&u->sk, func, hitlist); list_del_init(&u->link); } } }",linux-2.6,,,297069545225935149521755379713961066942,0 5229,['CWE-264'],"static size_t count_canon_ace_list( canon_ace *list_head ) { size_t count = 0; canon_ace *ace; for (ace = list_head; ace; ace = ace->next) count++; return count; }",samba,,,282716403550304356069203783282955369845,0 6214,['CWE-200'],"static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos) { struct ipmr_mfc_iter *it = seq->private; it->cache = NULL; it->ct = 0; return *pos ? ipmr_mfc_seq_idx(seq->private, *pos - 1) : SEQ_START_TOKEN; }",linux-2.6,,,143579931916107662801785419497086916304,0 3693,CWE-119,"newkeys_to_blob(struct sshbuf *m, struct ssh *ssh, int mode) { struct sshbuf *b; struct sshcipher_ctx *cc; struct sshcomp *comp; struct sshenc *enc; struct sshmac *mac; struct newkeys *newkey; int r; if ((newkey = ssh->state->newkeys[mode]) == NULL) return SSH_ERR_INTERNAL_ERROR; enc = &newkey->enc; mac = &newkey->mac; comp = &newkey->comp; cc = (mode == MODE_OUT) ? ssh->state->send_context : ssh->state->receive_context; if ((r = cipher_get_keyiv(cc, enc->iv, enc->iv_len)) != 0) return r; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshbuf_put_cstring(b, enc->name)) != 0 || (r = sshbuf_put(b, &enc->cipher, sizeof(enc->cipher))) != 0 || (r = sshbuf_put_u32(b, enc->enabled)) != 0 || (r = sshbuf_put_u32(b, enc->block_size)) != 0 || (r = sshbuf_put_string(b, enc->key, enc->key_len)) != 0 || (r = sshbuf_put_string(b, enc->iv, enc->iv_len)) != 0) goto out; if (cipher_authlen(enc->cipher) == 0) { if ((r = sshbuf_put_cstring(b, mac->name)) != 0 || (r = sshbuf_put_u32(b, mac->enabled)) != 0 || (r = sshbuf_put_string(b, mac->key, mac->key_len)) != 0) goto out; } if ((r = sshbuf_put_u32(b, comp->type)) != 0 || (r = sshbuf_put_u32(b, comp->enabled)) != 0 || (r = sshbuf_put_cstring(b, comp->name)) != 0) goto out; r = sshbuf_put_stringb(m, b); out: sshbuf_free(b); return r; }",visit repo url,usr.bin/ssh/packet.c,https://github.com/openbsd/src,52252504211393,1 633,[],"void dccp_set_state(struct sock *sk, const int state) { const int oldstate = sk->sk_state; dccp_pr_debug(""%s(%p) %-10.10s -> %s\n"", dccp_role(sk), sk, dccp_state_name(oldstate), dccp_state_name(state)); WARN_ON(state == oldstate); switch (state) { case DCCP_OPEN: if (oldstate != DCCP_OPEN) DCCP_INC_STATS(DCCP_MIB_CURRESTAB); break; case DCCP_CLOSED: if (oldstate == DCCP_CLOSING || oldstate == DCCP_OPEN) DCCP_INC_STATS(DCCP_MIB_ESTABRESETS); sk->sk_prot->unhash(sk); if (inet_csk(sk)->icsk_bind_hash != NULL && !(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) inet_put_port(&dccp_hashinfo, sk); default: if (oldstate == DCCP_OPEN) DCCP_DEC_STATS(DCCP_MIB_CURRESTAB); } sk->sk_state = state; }",linux-2.6,,,242456740544669452888609454824710488224,0 3949,['CWE-362'],"int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op) { if (pathname[0] != '/' || rule->listnr != AUDIT_FILTER_EXIT || op & ~AUDIT_EQUAL || rule->inode_f || rule->watch || rule->tree) return -EINVAL; rule->tree = alloc_tree(pathname); if (!rule->tree) return -ENOMEM; return 0; }",linux-2.6,,,21911749286920604129559704566366988100,0 763,['CWE-119'],"isdn_net_reset(struct net_device *dev) { #ifdef CONFIG_ISDN_X25 struct concap_device_ops * dops = ( (isdn_net_local *) dev->priv ) -> dops; struct concap_proto * cprot = ( (isdn_net_local *) dev->priv ) -> netdev -> cprot; #endif #ifdef CONFIG_ISDN_X25 if( cprot && cprot -> pops && dops ) cprot -> pops -> restart ( cprot, dev, dops ); #endif }",linux-2.6,,,305385541222408411946069460454248946011,0 2719,CWE-190,"PHP_MINIT_FUNCTION(spl_directory) { REGISTER_SPL_STD_CLASS_EX(SplFileInfo, spl_filesystem_object_new, spl_SplFileInfo_functions); memcpy(&spl_filesystem_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); spl_filesystem_object_handlers.clone_obj = spl_filesystem_object_clone; spl_filesystem_object_handlers.cast_object = spl_filesystem_object_cast; spl_filesystem_object_handlers.get_debug_info = spl_filesystem_object_get_debug_info; spl_ce_SplFileInfo->serialize = zend_class_serialize_deny; spl_ce_SplFileInfo->unserialize = zend_class_unserialize_deny; REGISTER_SPL_SUB_CLASS_EX(DirectoryIterator, SplFileInfo, spl_filesystem_object_new, spl_DirectoryIterator_functions); zend_class_implements(spl_ce_DirectoryIterator TSRMLS_CC, 1, zend_ce_iterator); REGISTER_SPL_IMPLEMENTS(DirectoryIterator, SeekableIterator); spl_ce_DirectoryIterator->get_iterator = spl_filesystem_dir_get_iterator; REGISTER_SPL_SUB_CLASS_EX(FilesystemIterator, DirectoryIterator, spl_filesystem_object_new, spl_FilesystemIterator_functions); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""CURRENT_MODE_MASK"", SPL_FILE_DIR_CURRENT_MODE_MASK); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""CURRENT_AS_PATHNAME"", SPL_FILE_DIR_CURRENT_AS_PATHNAME); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""CURRENT_AS_FILEINFO"", SPL_FILE_DIR_CURRENT_AS_FILEINFO); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""CURRENT_AS_SELF"", SPL_FILE_DIR_CURRENT_AS_SELF); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""KEY_MODE_MASK"", SPL_FILE_DIR_KEY_MODE_MASK); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""KEY_AS_PATHNAME"", SPL_FILE_DIR_KEY_AS_PATHNAME); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""FOLLOW_SYMLINKS"", SPL_FILE_DIR_FOLLOW_SYMLINKS); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""KEY_AS_FILENAME"", SPL_FILE_DIR_KEY_AS_FILENAME); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""NEW_CURRENT_AND_KEY"", SPL_FILE_DIR_KEY_AS_FILENAME|SPL_FILE_DIR_CURRENT_AS_FILEINFO); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""OTHER_MODE_MASK"", SPL_FILE_DIR_OTHERS_MASK); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""SKIP_DOTS"", SPL_FILE_DIR_SKIPDOTS); REGISTER_SPL_CLASS_CONST_LONG(FilesystemIterator, ""UNIX_PATHS"", SPL_FILE_DIR_UNIXPATHS); spl_ce_FilesystemIterator->get_iterator = spl_filesystem_tree_get_iterator; REGISTER_SPL_SUB_CLASS_EX(RecursiveDirectoryIterator, FilesystemIterator, spl_filesystem_object_new, spl_RecursiveDirectoryIterator_functions); REGISTER_SPL_IMPLEMENTS(RecursiveDirectoryIterator, RecursiveIterator); memcpy(&spl_filesystem_object_check_handlers, &spl_filesystem_object_handlers, sizeof(zend_object_handlers)); spl_filesystem_object_check_handlers.get_method = spl_filesystem_object_get_method_check; #ifdef HAVE_GLOB REGISTER_SPL_SUB_CLASS_EX(GlobIterator, FilesystemIterator, spl_filesystem_object_new_check, spl_GlobIterator_functions); REGISTER_SPL_IMPLEMENTS(GlobIterator, Countable); #endif REGISTER_SPL_SUB_CLASS_EX(SplFileObject, SplFileInfo, spl_filesystem_object_new_check, spl_SplFileObject_functions); REGISTER_SPL_IMPLEMENTS(SplFileObject, RecursiveIterator); REGISTER_SPL_IMPLEMENTS(SplFileObject, SeekableIterator); REGISTER_SPL_CLASS_CONST_LONG(SplFileObject, ""DROP_NEW_LINE"", SPL_FILE_OBJECT_DROP_NEW_LINE); REGISTER_SPL_CLASS_CONST_LONG(SplFileObject, ""READ_AHEAD"", SPL_FILE_OBJECT_READ_AHEAD); REGISTER_SPL_CLASS_CONST_LONG(SplFileObject, ""SKIP_EMPTY"", SPL_FILE_OBJECT_SKIP_EMPTY); REGISTER_SPL_CLASS_CONST_LONG(SplFileObject, ""READ_CSV"", SPL_FILE_OBJECT_READ_CSV); REGISTER_SPL_SUB_CLASS_EX(SplTempFileObject, SplFileObject, spl_filesystem_object_new_check, spl_SplTempFileObject_functions); return SUCCESS; }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,91507012602063,1 3586,CWE-20,"int pgx_validate(jas_stream_t *in) { uchar buf[PGX_MAGICLEN]; uint_fast32_t magic; int i; int n; assert(JAS_STREAM_MAXPUTBACK >= PGX_MAGICLEN); if ((n = jas_stream_read(in, buf, PGX_MAGICLEN)) < 0) { return -1; } for (i = n - 1; i >= 0; --i) { if (jas_stream_ungetc(in, buf[i]) == EOF) { return -1; } } if (n < PGX_MAGICLEN) { return -1; } magic = (buf[0] << 8) | buf[1]; if (magic != PGX_MAGIC) { return -1; } return 0; }",visit repo url,src/libjasper/pgx/pgx_dec.c,https://github.com/mdadams/jasper,80934911255587,1 4526,CWE-190,"GF_Err Q_DecCoordOnUnitSphere(GF_BifsDecoder *codec, GF_BitStream *bs, u32 NbBits, u32 NbComp, Fixed *m_ft) { u32 i, orient, sign; s32 value; Fixed tang[4], delta; s32 dir; if (NbComp != 2 && NbComp != 3) return GF_BAD_PARAM; dir = 1; if(NbComp == 2) dir -= 2 * gf_bs_read_int(bs, 1); orient = gf_bs_read_int(bs, 2); if ((orient==3) && (NbComp==2)) return GF_NON_COMPLIANT_BITSTREAM; for(i=0; i= 0) ? 1 : -1; m_ft[i] = sign * Q_InverseQuantize(0, 1, NbBits-1, sign*value); } delta = 1; for (i=0; i INT_MAX) size = INT_MAX; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_iovlen = 1; msg.msg_iov = &iov; iov.iov_len = size; iov.iov_base = ubuf; msg.msg_name = (struct sockaddr *)&address; msg.msg_namelen = sizeof(address); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = sock_recvmsg(sock, &msg, size, flags); if (err >= 0 && addr != NULL) { err2 = move_addr_to_user(&address, msg.msg_namelen, addr, addr_len); if (err2 < 0) err = err2; } fput_light(sock->file, fput_needed); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,89843130858034,1 3287,['CWE-189'],"static int jas_iccxyz_getsize(jas_iccattrval_t *attrval) { attrval = 0; return 12; }",jasper,,,312820950495397545905635346979965908980,0 339,CWE-119,"static int tt_s2_4600_frontend_attach(struct dvb_usb_adapter *adap) { struct dvb_usb_device *d = adap->dev; struct dw2102_state *state = d->priv; u8 obuf[3] = { 0xe, 0x80, 0 }; u8 ibuf[] = { 0 }; struct i2c_adapter *i2c_adapter; struct i2c_client *client; struct i2c_board_info board_info; struct m88ds3103_platform_data m88ds3103_pdata = {}; struct ts2020_config ts2020_config = {}; if (dvb_usb_generic_rw(d, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); obuf[0] = 0xe; obuf[1] = 0x02; obuf[2] = 1; if (dvb_usb_generic_rw(d, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); msleep(300); obuf[0] = 0xe; obuf[1] = 0x83; obuf[2] = 0; if (dvb_usb_generic_rw(d, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); obuf[0] = 0xe; obuf[1] = 0x83; obuf[2] = 1; if (dvb_usb_generic_rw(d, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); obuf[0] = 0x51; if (dvb_usb_generic_rw(d, obuf, 1, ibuf, 1, 0) < 0) err(""command 0x51 transfer failed.""); m88ds3103_pdata.clk = 27000000; m88ds3103_pdata.i2c_wr_max = 33; m88ds3103_pdata.ts_mode = M88DS3103_TS_CI; m88ds3103_pdata.ts_clk = 16000; m88ds3103_pdata.ts_clk_pol = 0; m88ds3103_pdata.spec_inv = 0; m88ds3103_pdata.agc = 0x99; m88ds3103_pdata.agc_inv = 0; m88ds3103_pdata.clk_out = M88DS3103_CLOCK_OUT_ENABLED; m88ds3103_pdata.envelope_mode = 0; m88ds3103_pdata.lnb_hv_pol = 1; m88ds3103_pdata.lnb_en_pol = 0; memset(&board_info, 0, sizeof(board_info)); strlcpy(board_info.type, ""m88ds3103"", I2C_NAME_SIZE); board_info.addr = 0x68; board_info.platform_data = &m88ds3103_pdata; request_module(""m88ds3103""); client = i2c_new_device(&d->i2c_adap, &board_info); if (client == NULL || client->dev.driver == NULL) return -ENODEV; if (!try_module_get(client->dev.driver->owner)) { i2c_unregister_device(client); return -ENODEV; } adap->fe_adap[0].fe = m88ds3103_pdata.get_dvb_frontend(client); i2c_adapter = m88ds3103_pdata.get_i2c_adapter(client); state->i2c_client_demod = client; ts2020_config.fe = adap->fe_adap[0].fe; memset(&board_info, 0, sizeof(board_info)); strlcpy(board_info.type, ""ts2022"", I2C_NAME_SIZE); board_info.addr = 0x60; board_info.platform_data = &ts2020_config; request_module(""ts2020""); client = i2c_new_device(i2c_adapter, &board_info); if (client == NULL || client->dev.driver == NULL) { dvb_frontend_detach(adap->fe_adap[0].fe); return -ENODEV; } if (!try_module_get(client->dev.driver->owner)) { i2c_unregister_device(client); dvb_frontend_detach(adap->fe_adap[0].fe); return -ENODEV; } adap->fe_adap[0].fe->ops.read_signal_strength = adap->fe_adap[0].fe->ops.tuner_ops.get_rf_strength; state->i2c_client_tuner = client; state->fe_read_status = adap->fe_adap[0].fe->ops.read_status; adap->fe_adap[0].fe->ops.read_status = tt_s2_4600_read_status; state->last_lock = 0; return 0; }",visit repo url,drivers/media/usb/dvb-usb/dw2102.c,https://github.com/torvalds/linux,20236267008797,1 169,NVD-CWE-noinfo,"static int dwc3_qcom_acpi_register_core(struct platform_device *pdev) { struct dwc3_qcom *qcom = platform_get_drvdata(pdev); struct device *dev = &pdev->dev; struct resource *res, *child_res = NULL; struct platform_device *pdev_irq = qcom->urs_usb ? qcom->urs_usb : pdev; int irq; int ret; qcom->dwc3 = platform_device_alloc(""dwc3"", PLATFORM_DEVID_AUTO); if (!qcom->dwc3) return -ENOMEM; qcom->dwc3->dev.parent = dev; qcom->dwc3->dev.type = dev->type; qcom->dwc3->dev.dma_mask = dev->dma_mask; qcom->dwc3->dev.dma_parms = dev->dma_parms; qcom->dwc3->dev.coherent_dma_mask = dev->coherent_dma_mask; child_res = kcalloc(2, sizeof(*child_res), GFP_KERNEL); if (!child_res) return -ENOMEM; res = platform_get_resource(pdev, IORESOURCE_MEM, 0); if (!res) { dev_err(&pdev->dev, ""failed to get memory resource\n""); ret = -ENODEV; goto out; } child_res[0].flags = res->flags; child_res[0].start = res->start; child_res[0].end = child_res[0].start + qcom->acpi_pdata->dwc3_core_base_size; irq = platform_get_irq(pdev_irq, 0); if (irq < 0) { ret = irq; goto out; } child_res[1].flags = IORESOURCE_IRQ; child_res[1].start = child_res[1].end = irq; ret = platform_device_add_resources(qcom->dwc3, child_res, 2); if (ret) { dev_err(&pdev->dev, ""failed to add resources\n""); goto out; } ret = device_add_software_node(&qcom->dwc3->dev, &dwc3_qcom_swnode); if (ret < 0) { dev_err(&pdev->dev, ""failed to add properties\n""); goto out; } ret = platform_device_add(qcom->dwc3); if (ret) { dev_err(&pdev->dev, ""failed to add device\n""); device_remove_software_node(&qcom->dwc3->dev); } out: kfree(child_res); return ret; }",visit repo url,drivers/usb/dwc3/dwc3-qcom.c,https://github.com/torvalds/linux,249485280759748,1 5656,CWE-59,"netsnmp_mibindex_load( void ) { DIR *dir; struct dirent *file; FILE *fp; char tmpbuf[ 300]; char tmpbuf2[300]; int i; char *cp; snprintf( tmpbuf, sizeof(tmpbuf), ""%s/mib_indexes"", get_persistent_directory()); tmpbuf[sizeof(tmpbuf)-1] = 0; dir = opendir( tmpbuf ); if ( dir == NULL ) { DEBUGMSGTL((""mibindex"", ""load: (new)\n"")); mkdirhier( tmpbuf, NETSNMP_AGENT_DIRECTORY_MODE, 0); return; } while ((file = readdir( dir ))) { if ( !isdigit((unsigned char)(file->d_name[0]))) continue; i = atoi( file->d_name ); snprintf( tmpbuf, sizeof(tmpbuf), ""%s/mib_indexes/%d"", get_persistent_directory(), i ); tmpbuf[sizeof(tmpbuf)-1] = 0; fp = fopen( tmpbuf, ""r"" ); if (!fp) continue; cp = fgets( tmpbuf2, sizeof(tmpbuf2), fp ); fclose( fp ); if ( !cp ) { DEBUGMSGTL((""mibindex"", ""Empty MIB index (%d)\n"", i)); continue; } if ( strncmp( tmpbuf2, ""DIR "", 4 ) != 0 ) { DEBUGMSGTL((""mibindex"", ""Malformed MIB index (%d)\n"", i)); continue; } tmpbuf2[strlen(tmpbuf2)-1] = 0; DEBUGMSGTL((""mibindex"", ""load: (%d) %s\n"", i, tmpbuf2)); (void)_mibindex_add( tmpbuf2+4, i ); } closedir( dir ); }",visit repo url,snmplib/mib.c,https://github.com/net-snmp/net-snmp,265502413819698,1 1189,CWE-400,"static int misaligned_store(struct pt_regs *regs, __u32 opcode, int displacement_not_indexed, int width_shift) { int error; int srcreg; __u64 address; error = generate_and_check_address(regs, opcode, displacement_not_indexed, width_shift, &address); if (error < 0) { return error; } perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, 0, regs, address); srcreg = (opcode >> 4) & 0x3f; if (user_mode(regs)) { __u64 buffer; if (!access_ok(VERIFY_WRITE, (unsigned long) address, 1UL<regs[srcreg]; break; case 2: *(__u32 *) &buffer = (__u32) regs->regs[srcreg]; break; case 3: buffer = regs->regs[srcreg]; break; default: printk(""Unexpected width_shift %d in misaligned_store, PC=%08lx\n"", width_shift, (unsigned long) regs->pc); break; } if (__copy_user((void *)(int)address, &buffer, (1 << width_shift)) > 0) { return -1; } } else { __u64 val = regs->regs[srcreg]; switch (width_shift) { case 1: misaligned_kernel_word_store(address, val); break; case 2: asm (""stlo.l %1, 0, %0"" : : ""r"" (val), ""r"" (address)); asm (""sthi.l %1, 3, %0"" : : ""r"" (val), ""r"" (address)); break; case 3: asm (""stlo.q %1, 0, %0"" : : ""r"" (val), ""r"" (address)); asm (""sthi.q %1, 7, %0"" : : ""r"" (val), ""r"" (address)); break; default: printk(""Unexpected width_shift %d in misaligned_store, PC=%08lx\n"", width_shift, (unsigned long) regs->pc); break; } } return 0; }",visit repo url,arch/sh/kernel/traps_64.c,https://github.com/torvalds/linux,46622959965832,1 3178,['CWE-189'],"void jpc_ft_invlift_colgrp(jpc_fix_t *a, int numrows, int stride, int parity) { jpc_fix_t *lptr; jpc_fix_t *hptr; register jpc_fix_t *lptr2; register jpc_fix_t *hptr2; register int n; register int i; int llen; llen = (numrows + 1 - parity) >> 1; if (numrows > 1) { lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] -= (hptr2[0] + 1) >> 1; ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] -= (hptr2[0] + hptr2[stride] + 2) >> 2; ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] -= (hptr2[0] + 1) >> 1; ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { hptr2[0] += lptr2[0]; ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { hptr2[0] += (lptr2[0] + lptr2[stride]) >> 1; ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { hptr2[0] += lptr2[0]; ++lptr2; ++hptr2; } } } else { if (parity) { lptr2 = &a[0]; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] >>= 1; ++lptr2; } } } }",jasper,,,247774543752252811107739607130527909802,0 4417,['CWE-264'],"void proto_unregister(struct proto *prot) { write_lock(&proto_list_lock); release_proto_idx(prot); list_del(&prot->node); write_unlock(&proto_list_lock); if (prot->slab != NULL) { kmem_cache_destroy(prot->slab); prot->slab = NULL; } if (prot->rsk_prot != NULL && prot->rsk_prot->slab != NULL) { kmem_cache_destroy(prot->rsk_prot->slab); kfree(prot->rsk_prot->slab_name); prot->rsk_prot->slab = NULL; } if (prot->twsk_prot != NULL && prot->twsk_prot->twsk_slab != NULL) { kmem_cache_destroy(prot->twsk_prot->twsk_slab); kfree(prot->twsk_prot->twsk_slab_name); prot->twsk_prot->twsk_slab = NULL; } }",linux-2.6,,,93529703199075715335861014093728064242,0 5143,CWE-125,"ast_for_atom(struct compiling *c, const node *n) { node *ch = CHILD(n, 0); switch (TYPE(ch)) { case NAME: { PyObject *name; const char *s = STR(ch); size_t len = strlen(s); if (len >= 4 && len <= 5) { if (!strcmp(s, ""None"")) return Constant(Py_None, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); if (!strcmp(s, ""True"")) return Constant(Py_True, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); if (!strcmp(s, ""False"")) return Constant(Py_False, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } name = new_identifier(s, c); if (!name) return NULL; return Name(name, Load, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } case STRING: { expr_ty str = parsestrplus(c, n); if (!str) { const char *errtype = NULL; if (PyErr_ExceptionMatches(PyExc_UnicodeError)) errtype = ""unicode error""; else if (PyErr_ExceptionMatches(PyExc_ValueError)) errtype = ""value error""; if (errtype) { PyObject *type, *value, *tback, *errstr; PyErr_Fetch(&type, &value, &tback); errstr = PyObject_Str(value); if (errstr) { ast_error(c, n, ""(%s) %U"", errtype, errstr); Py_DECREF(errstr); } else { PyErr_Clear(); ast_error(c, n, ""(%s) unknown error"", errtype); } Py_DECREF(type); Py_XDECREF(value); Py_XDECREF(tback); } return NULL; } return str; } case NUMBER: { PyObject *pynum = parsenumber(c, STR(ch)); if (!pynum) return NULL; if (PyArena_AddPyObject(c->c_arena, pynum) < 0) { Py_DECREF(pynum); return NULL; } return Constant(pynum, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } case ELLIPSIS: return Constant(Py_Ellipsis, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); case LPAR: ch = CHILD(n, 1); if (TYPE(ch) == RPAR) return Tuple(NULL, Load, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); if (TYPE(ch) == yield_expr) return ast_for_expr(c, ch); if (NCH(ch) == 1) { return ast_for_testlist(c, ch); } if (TYPE(CHILD(ch, 1)) == comp_for) { return copy_location(ast_for_genexp(c, ch), n); } else { return copy_location(ast_for_testlist(c, ch), n); } case LSQB: ch = CHILD(n, 1); if (TYPE(ch) == RSQB) return List(NULL, Load, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); REQ(ch, testlist_comp); if (NCH(ch) == 1 || TYPE(CHILD(ch, 1)) == COMMA) { asdl_seq *elts = seq_for_testlist(c, ch); if (!elts) return NULL; return List(elts, Load, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else { return copy_location(ast_for_listcomp(c, ch), n); } case LBRACE: { expr_ty res; ch = CHILD(n, 1); if (TYPE(ch) == RBRACE) { return Dict(NULL, NULL, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else { int is_dict = (TYPE(CHILD(ch, 0)) == DOUBLESTAR); if (NCH(ch) == 1 || (NCH(ch) > 1 && TYPE(CHILD(ch, 1)) == COMMA)) { res = ast_for_setdisplay(c, ch); } else if (NCH(ch) > 1 && TYPE(CHILD(ch, 1)) == comp_for) { res = ast_for_setcomp(c, ch); } else if (NCH(ch) > 3 - is_dict && TYPE(CHILD(ch, 3 - is_dict)) == comp_for) { if (is_dict) { ast_error(c, n, ""dict unpacking cannot be used in "" ""dict comprehension""); return NULL; } res = ast_for_dictcomp(c, ch); } else { res = ast_for_dictdisplay(c, ch); } return copy_location(res, n); } } default: PyErr_Format(PyExc_SystemError, ""unhandled atom %d"", TYPE(ch)); return NULL; } }",visit repo url,Python/ast.c,https://github.com/python/cpython,67607919392624,1 4890,CWE-787,"static MagickBooleanType EncodeImage(const ImageInfo *image_info,Image *image, const size_t data_size) { #define MaxCode(number_bits) ((one << (number_bits))-1) #define MaxHashTable 5003 #define MaxGIFBits 12UL #define MaxGIFTable (1UL << MaxGIFBits) #define GIFOutputCode(code) \ { \ \ if (bits > 0) \ datum|=(size_t) (code) << bits; \ else \ datum=(size_t) (code); \ bits+=number_bits; \ while (bits >= 8) \ { \ \ packet[length++]=(unsigned char) (datum & 0xff); \ if (length >= 254) \ { \ (void) WriteBlobByte(image,(unsigned char) length); \ (void) WriteBlob(image,length,packet); \ length=0; \ } \ datum>>=8; \ bits-=8; \ } \ if (free_code > max_code) \ { \ number_bits++; \ if (number_bits == MaxGIFBits) \ max_code=MaxGIFTable; \ else \ max_code=MaxCode(number_bits); \ } \ } IndexPacket index; short *hash_code, *hash_prefix, waiting_code; size_t bits, clear_code, datum, end_of_information_code, free_code, length, max_code, next_pixel, number_bits, one, pass; ssize_t displacement, offset, k, y; unsigned char *packet, *hash_suffix; assert(image != (Image *) NULL); one=1; packet=(unsigned char *) AcquireQuantumMemory(256,sizeof(*packet)); hash_code=(short *) AcquireQuantumMemory(MaxHashTable,sizeof(*hash_code)); hash_prefix=(short *) AcquireQuantumMemory(MaxHashTable,sizeof(*hash_prefix)); hash_suffix=(unsigned char *) AcquireQuantumMemory(MaxHashTable, sizeof(*hash_suffix)); if ((packet == (unsigned char *) NULL) || (hash_code == (short *) NULL) || (hash_prefix == (short *) NULL) || (hash_suffix == (unsigned char *) NULL)) { if (packet != (unsigned char *) NULL) packet=(unsigned char *) RelinquishMagickMemory(packet); if (hash_code != (short *) NULL) hash_code=(short *) RelinquishMagickMemory(hash_code); if (hash_prefix != (short *) NULL) hash_prefix=(short *) RelinquishMagickMemory(hash_prefix); if (hash_suffix != (unsigned char *) NULL) hash_suffix=(unsigned char *) RelinquishMagickMemory(hash_suffix); return(MagickFalse); } (void) memset(packet,0,256*sizeof(*packet)); (void) memset(hash_code,0,MaxHashTable*sizeof(*hash_code)); (void) memset(hash_prefix,0,MaxHashTable*sizeof(*hash_prefix)); (void) memset(hash_suffix,0,MaxHashTable*sizeof(*hash_suffix)); number_bits=data_size; max_code=MaxCode(number_bits); clear_code=((short) one << (data_size-1)); end_of_information_code=clear_code+1; free_code=clear_code+2; length=0; datum=0; bits=0; GIFOutputCode(clear_code); offset=0; pass=0; waiting_code=0; for (y=0; y < (ssize_t) image->rows; y++) { register const IndexPacket *magick_restrict indexes; register const PixelPacket *magick_restrict p; register ssize_t x; p=GetVirtualPixels(image,0,offset,image->columns,1,&image->exception); if (p == (const PixelPacket *) NULL) break; indexes=GetVirtualIndexQueue(image); if (y == 0) { waiting_code=(short) (*indexes); p++; } for (x=(ssize_t) (y == 0 ? 1 : 0); x < (ssize_t) image->columns; x++) { index=(IndexPacket) ((size_t) GetPixelIndex(indexes+x) & 0xff); p++; k=(ssize_t) (((size_t) index << (MaxGIFBits-8))+waiting_code); if (k >= MaxHashTable) k-=MaxHashTable; next_pixel=MagickFalse; displacement=1; if (hash_code[k] > 0) { if ((hash_prefix[k] == waiting_code) && (hash_suffix[k] == (unsigned char) index)) { waiting_code=hash_code[k]; continue; } if (k != 0) displacement=MaxHashTable-k; for ( ; ; ) { k-=displacement; if (k < 0) k+=MaxHashTable; if (hash_code[k] == 0) break; if ((hash_prefix[k] == waiting_code) && (hash_suffix[k] == (unsigned char) index)) { waiting_code=hash_code[k]; next_pixel=MagickTrue; break; } } if (next_pixel != MagickFalse) continue; } GIFOutputCode(waiting_code); if (free_code < MaxGIFTable) { hash_code[k]=(short) free_code++; hash_prefix[k]=waiting_code; hash_suffix[k]=(unsigned char) index; } else { for (k=0; k < MaxHashTable; k++) hash_code[k]=0; free_code=clear_code+2; GIFOutputCode(clear_code); number_bits=data_size; max_code=MaxCode(number_bits); } waiting_code=(short) index; } if (image_info->interlace == NoInterlace) offset++; else switch (pass) { case 0: default: { offset+=8; if (offset >= (ssize_t) image->rows) { pass++; offset=4; } break; } case 1: { offset+=8; if (offset >= (ssize_t) image->rows) { pass++; offset=2; } break; } case 2: { offset+=4; if (offset >= (ssize_t) image->rows) { pass++; offset=1; } break; } case 3: { offset+=2; break; } } } GIFOutputCode(waiting_code); GIFOutputCode(end_of_information_code); if (bits > 0) { packet[length++]=(unsigned char) (datum & 0xff); if (length >= 254) { (void) WriteBlobByte(image,(unsigned char) length); (void) WriteBlob(image,length,packet); length=0; } } if (length > 0) { (void) WriteBlobByte(image,(unsigned char) length); (void) WriteBlob(image,length,packet); } hash_suffix=(unsigned char *) RelinquishMagickMemory(hash_suffix); hash_prefix=(short *) RelinquishMagickMemory(hash_prefix); hash_code=(short *) RelinquishMagickMemory(hash_code); packet=(unsigned char *) RelinquishMagickMemory(packet); return(MagickTrue); }",visit repo url,coders/gif.c,https://github.com/ImageMagick/ImageMagick6,115422685570193,1 1521,CWE-190,"sg_start_req(Sg_request *srp, unsigned char *cmd) { int res; struct request *rq; Sg_fd *sfp = srp->parentfp; sg_io_hdr_t *hp = &srp->header; int dxfer_len = (int) hp->dxfer_len; int dxfer_dir = hp->dxfer_direction; unsigned int iov_count = hp->iovec_count; Sg_scatter_hold *req_schp = &srp->data; Sg_scatter_hold *rsv_schp = &sfp->reserve; struct request_queue *q = sfp->parentdp->device->request_queue; struct rq_map_data *md, map_data; int rw = hp->dxfer_direction == SG_DXFER_TO_DEV ? WRITE : READ; unsigned char *long_cmdp = NULL; SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, ""sg_start_req: dxfer_len=%d\n"", dxfer_len)); if (hp->cmd_len > BLK_MAX_CDB) { long_cmdp = kzalloc(hp->cmd_len, GFP_KERNEL); if (!long_cmdp) return -ENOMEM; } rq = blk_get_request(q, rw, GFP_KERNEL); if (IS_ERR(rq)) { kfree(long_cmdp); return PTR_ERR(rq); } blk_rq_set_block_pc(rq); if (hp->cmd_len > BLK_MAX_CDB) rq->cmd = long_cmdp; memcpy(rq->cmd, cmd, hp->cmd_len); rq->cmd_len = hp->cmd_len; srp->rq = rq; rq->end_io_data = srp; rq->sense = srp->sense_b; rq->retries = SG_DEFAULT_RETRIES; if ((dxfer_len <= 0) || (dxfer_dir == SG_DXFER_NONE)) return 0; if (sg_allow_dio && hp->flags & SG_FLAG_DIRECT_IO && dxfer_dir != SG_DXFER_UNKNOWN && !iov_count && !sfp->parentdp->device->host->unchecked_isa_dma && blk_rq_aligned(q, (unsigned long)hp->dxferp, dxfer_len)) md = NULL; else md = &map_data; if (md) { if (!sg_res_in_use(sfp) && dxfer_len <= rsv_schp->bufflen) sg_link_reserve(sfp, srp, dxfer_len); else { res = sg_build_indirect(req_schp, sfp, dxfer_len); if (res) return res; } md->pages = req_schp->pages; md->page_order = req_schp->page_order; md->nr_entries = req_schp->k_use_sg; md->offset = 0; md->null_mapped = hp->dxferp ? 0 : 1; if (dxfer_dir == SG_DXFER_TO_FROM_DEV) md->from_user = 1; else md->from_user = 0; } if (unlikely(iov_count > MAX_UIOVEC)) return -EINVAL; if (iov_count) { int size = sizeof(struct iovec) * iov_count; struct iovec *iov; struct iov_iter i; iov = memdup_user(hp->dxferp, size); if (IS_ERR(iov)) return PTR_ERR(iov); iov_iter_init(&i, rw, iov, iov_count, min_t(size_t, hp->dxfer_len, iov_length(iov, iov_count))); res = blk_rq_map_user_iov(q, rq, md, &i, GFP_ATOMIC); kfree(iov); } else res = blk_rq_map_user(q, rq, md, hp->dxferp, hp->dxfer_len, GFP_ATOMIC); if (!res) { srp->bio = rq->bio; if (!md) { req_schp->dio_in_use = 1; hp->info |= SG_INFO_DIRECT_IO; } } return res; }",visit repo url,drivers/scsi/sg.c,https://github.com/torvalds/linux,30904560688024,1 5108,CWE-125,"For(expr_ty target, expr_ty iter, asdl_seq * body, asdl_seq * orelse, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; if (!target) { PyErr_SetString(PyExc_ValueError, ""field target is required for For""); return NULL; } if (!iter) { PyErr_SetString(PyExc_ValueError, ""field iter is required for For""); return NULL; } p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = For_kind; p->v.For.target = target; p->v.For.iter = iter; p->v.For.body = body; p->v.For.orelse = orelse; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,218939010902208,1 2071,CWE-476,"xfs_attr_shortform_to_leaf( struct xfs_da_args *args, struct xfs_buf **leaf_bp) { xfs_inode_t *dp; xfs_attr_shortform_t *sf; xfs_attr_sf_entry_t *sfe; xfs_da_args_t nargs; char *tmpbuffer; int error, i, size; xfs_dablk_t blkno; struct xfs_buf *bp; xfs_ifork_t *ifp; trace_xfs_attr_sf_to_leaf(args); dp = args->dp; ifp = dp->i_afp; sf = (xfs_attr_shortform_t *)ifp->if_u1.if_data; size = be16_to_cpu(sf->hdr.totsize); tmpbuffer = kmem_alloc(size, KM_SLEEP); ASSERT(tmpbuffer != NULL); memcpy(tmpbuffer, ifp->if_u1.if_data, size); sf = (xfs_attr_shortform_t *)tmpbuffer; xfs_idata_realloc(dp, -size, XFS_ATTR_FORK); xfs_bmap_local_to_extents_empty(dp, XFS_ATTR_FORK); bp = NULL; error = xfs_da_grow_inode(args, &blkno); if (error) { if (error == -EIO) goto out; xfs_idata_realloc(dp, size, XFS_ATTR_FORK); memcpy(ifp->if_u1.if_data, tmpbuffer, size); goto out; } ASSERT(blkno == 0); error = xfs_attr3_leaf_create(args, blkno, &bp); if (error) { error = xfs_da_shrink_inode(args, 0, bp); bp = NULL; if (error) goto out; xfs_idata_realloc(dp, size, XFS_ATTR_FORK); memcpy(ifp->if_u1.if_data, tmpbuffer, size); goto out; } memset((char *)&nargs, 0, sizeof(nargs)); nargs.dp = dp; nargs.geo = args->geo; nargs.firstblock = args->firstblock; nargs.dfops = args->dfops; nargs.total = args->total; nargs.whichfork = XFS_ATTR_FORK; nargs.trans = args->trans; nargs.op_flags = XFS_DA_OP_OKNOENT; sfe = &sf->list[0]; for (i = 0; i < sf->hdr.count; i++) { nargs.name = sfe->nameval; nargs.namelen = sfe->namelen; nargs.value = &sfe->nameval[nargs.namelen]; nargs.valuelen = sfe->valuelen; nargs.hashval = xfs_da_hashname(sfe->nameval, sfe->namelen); nargs.flags = XFS_ATTR_NSP_ONDISK_TO_ARGS(sfe->flags); error = xfs_attr3_leaf_lookup_int(bp, &nargs); ASSERT(error == -ENOATTR); error = xfs_attr3_leaf_add(bp, &nargs); ASSERT(error != -ENOSPC); if (error) goto out; sfe = XFS_ATTR_SF_NEXTENTRY(sfe); } error = 0; *leaf_bp = bp; out: kmem_free(tmpbuffer); return error; }",visit repo url,fs/xfs/libxfs/xfs_attr_leaf.c,https://github.com/torvalds/linux,53291506297704,1 545,['CWE-399'],"static int pwc_allocate_buffers(struct pwc_device *pdev) { int i, err; void *kbuf; PWC_DEBUG_MEMORY("">> pwc_allocate_buffers(pdev = 0x%p)\n"", pdev); if (pdev == NULL) return -ENXIO; for (i = 0; i < MAX_ISO_BUFS; i++) { if (pdev->sbuf[i].data == NULL) { kbuf = kzalloc(ISO_BUFFER_SIZE, GFP_KERNEL); if (kbuf == NULL) { PWC_ERROR(""Failed to allocate iso buffer %d.\n"", i); return -ENOMEM; } PWC_DEBUG_MEMORY(""Allocated iso buffer at %p.\n"", kbuf); pdev->sbuf[i].data = kbuf; } } if (pdev->fbuf == NULL) { kbuf = kzalloc(default_fbufs * sizeof(struct pwc_frame_buf), GFP_KERNEL); if (kbuf == NULL) { PWC_ERROR(""Failed to allocate frame buffer structure.\n""); return -ENOMEM; } PWC_DEBUG_MEMORY(""Allocated frame buffer structure at %p.\n"", kbuf); pdev->fbuf = kbuf; } for (i = 0; i < default_fbufs; i++) { if (pdev->fbuf[i].data == NULL) { kbuf = vmalloc(PWC_FRAME_SIZE); if (kbuf == NULL) { PWC_ERROR(""Failed to allocate frame buffer %d.\n"", i); return -ENOMEM; } PWC_DEBUG_MEMORY(""Allocated frame buffer %d at %p.\n"", i, kbuf); pdev->fbuf[i].data = kbuf; memset(kbuf, 0, PWC_FRAME_SIZE); } } if (DEVICE_USE_CODEC1(pdev->type)) err = pwc_dec1_alloc(pdev); else err = pwc_dec23_alloc(pdev); if (err) { PWC_ERROR(""Failed to allocate decompress table.\n""); return err; } kbuf = pwc_rvmalloc(pwc_mbufs * pdev->len_per_image); if (kbuf == NULL) { PWC_ERROR(""Failed to allocate image buffer(s). needed (%d)\n"", pwc_mbufs * pdev->len_per_image); return -ENOMEM; } PWC_DEBUG_MEMORY(""Allocated image buffer at %p.\n"", kbuf); pdev->image_data = kbuf; for (i = 0; i < pwc_mbufs; i++) { pdev->images[i].offset = i * pdev->len_per_image; pdev->images[i].vma_use_count = 0; } for (; i < MAX_IMAGES; i++) { pdev->images[i].offset = 0; } kbuf = NULL; PWC_DEBUG_MEMORY(""<< pwc_allocate_buffers()\n""); return 0; }",linux-2.6,,,110452235157251649654097675031538902984,0 4074,CWE-125,"static RList *r_bin_wasm_get_data_entries (RBinWasmObj *bin, RBinWasmSection *sec) { RList *ret = NULL; RBinWasmDataEntry *ptr = NULL; if (!(ret = r_list_newf ((RListFree)free))) { return NULL; } ut8* buf = bin->buf->buf + (ut32)sec->payload_data; ut32 len = sec->payload_len; ut32 count = sec->count; ut32 i = 0, r = 0; size_t n = 0; while (i < len && r < count) { if (!(ptr = R_NEW0 (RBinWasmDataEntry))) { return ret; } if (!(consume_u32 (buf + i, buf + len, &ptr->index, &i))) { free (ptr); return ret; } if (!(n = consume_init_expr (buf + i, buf + len, R_BIN_WASM_END_OF_CODE, NULL, &i))) { free (ptr); return ret; } ptr->offset.len = n; if (!(consume_u32 (buf + i, buf + len, &ptr->size, &i))) { free (ptr); return ret; } ptr->data = sec->payload_data + i; r_list_append (ret, ptr); r += 1; } return ret; }",visit repo url,libr/bin/format/wasm/wasm.c,https://github.com/radare/radare2,234938829304172,1 1968,['CWE-20'],"void print_bad_pte(struct vm_area_struct *vma, pte_t pte, unsigned long vaddr) { printk(KERN_ERR ""Bad pte = %08llx, process = %s, "" ""vm_flags = %lx, vaddr = %lx\n"", (long long)pte_val(pte), (vma->vm_mm == current->mm ? current->comm : ""???""), vma->vm_flags, vaddr); dump_stack(); }",linux-2.6,,,8797847536599088123339172687103189469,0 3918,CWE-122,"get_var_dest( char_u *name, assign_dest_T *dest, cmdidx_T cmdidx, int *option_scope, int *vimvaridx, type_T **type, cctx_T *cctx) { char_u *p; if (*name == '&') { int cc; long numval; getoption_T opt_type; int opt_p_flags; *dest = dest_option; if (cmdidx == CMD_final || cmdidx == CMD_const) { emsg(_(e_cannot_lock_option)); return FAIL; } p = name; p = find_option_end(&p, option_scope); if (p == NULL) { emsg(_(e_unexpected_characters_in_assignment)); return FAIL; } cc = *p; *p = NUL; opt_type = get_option_value(skip_option_env_lead(name), &numval, NULL, &opt_p_flags, *option_scope); *p = cc; switch (opt_type) { case gov_unknown: semsg(_(e_unknown_option_str), name); return FAIL; case gov_string: case gov_hidden_string: if (opt_p_flags & P_FUNC) { *type = &t_any; *dest = dest_func_option; } else { *type = &t_string; } break; case gov_bool: case gov_hidden_bool: *type = &t_bool; break; case gov_number: case gov_hidden_number: *type = &t_number; break; } } else if (*name == '$') { *dest = dest_env; *type = &t_string; } else if (*name == '@') { if (name[1] != '@' && (!valid_yank_reg(name[1], FALSE) || name[1] == '.')) { emsg_invreg(name[1]); return FAIL; } *dest = dest_reg; *type = name[1] == '#' ? &t_number_or_string : &t_string; } else if (STRNCMP(name, ""g:"", 2) == 0) { *dest = dest_global; } else if (STRNCMP(name, ""b:"", 2) == 0) { *dest = dest_buffer; } else if (STRNCMP(name, ""w:"", 2) == 0) { *dest = dest_window; } else if (STRNCMP(name, ""t:"", 2) == 0) { *dest = dest_tab; } else if (STRNCMP(name, ""v:"", 2) == 0) { typval_T *vtv; int di_flags; *vimvaridx = find_vim_var(name + 2, &di_flags); if (*vimvaridx < 0) { semsg(_(e_variable_not_found_str), name); return FAIL; } if (var_check_ro(di_flags, name, FALSE)) return FAIL; *dest = dest_vimvar; vtv = get_vim_var_tv(*vimvaridx); *type = typval2type_vimvar(vtv, cctx->ctx_type_list); } return OK; }",visit repo url,src/vim9compile.c,https://github.com/vim/vim,221137468426055,1 2145,['CWE-119'],"static inline void set_system_gate(unsigned int n, void *addr) { BUG_ON((unsigned)n > 0xFF); #ifdef CONFIG_X86_32 _set_gate(n, GATE_TRAP, addr, 0x3, 0, __KERNEL_CS); #else _set_gate(n, GATE_INTERRUPT, addr, 0x3, 0, __KERNEL_CS); #endif }",linux-2.6,,,4141226704768637959798475574145832646,0 1309,CWE-399,"static struct page *alloc_huge_page(struct vm_area_struct *vma, unsigned long addr, int avoid_reserve) { struct hstate *h = hstate_vma(vma); struct page *page; struct address_space *mapping = vma->vm_file->f_mapping; struct inode *inode = mapping->host; long chg; chg = vma_needs_reservation(h, vma, addr); if (chg < 0) return ERR_PTR(-VM_FAULT_OOM); if (chg) if (hugetlb_get_quota(inode->i_mapping, chg)) return ERR_PTR(-VM_FAULT_SIGBUS); spin_lock(&hugetlb_lock); page = dequeue_huge_page_vma(h, vma, addr, avoid_reserve); spin_unlock(&hugetlb_lock); if (!page) { page = alloc_buddy_huge_page(h, NUMA_NO_NODE); if (!page) { hugetlb_put_quota(inode->i_mapping, chg); return ERR_PTR(-VM_FAULT_SIGBUS); } } set_page_private(page, (unsigned long) mapping); vma_commit_reservation(h, vma, addr); return page; }",visit repo url,mm/hugetlb.c,https://github.com/torvalds/linux,72297377619824,1 2047,['CWE-269'],"static int do_remount(struct nameidata *nd, int flags, int mnt_flags, void *data) { int err; struct super_block *sb = nd->mnt->mnt_sb; if (!capable(CAP_SYS_ADMIN)) return -EPERM; if (!check_mnt(nd->mnt)) return -EINVAL; if (nd->dentry != nd->mnt->mnt_root) return -EINVAL; down_write(&sb->s_umount); err = do_remount_sb(sb, flags, data, 0); if (!err) nd->mnt->mnt_flags = mnt_flags; up_write(&sb->s_umount); if (!err) security_sb_post_remount(nd->mnt, flags, data); return err; }",linux-2.6,,,21120410410274130002925164720852596121,0 4353,['CWE-399'],"long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) { const struct cred *cred = current_cred(); struct request_key_auth *rka; struct key *instkey, *dest_keyring; long ret; kenter(""%d,%u,%d"", id, timeout, ringid); ret = -EPERM; instkey = cred->request_key_auth; if (!instkey) goto error; rka = instkey->payload.data; if (rka->target_key->serial != id) goto error; ret = get_instantiation_keyring(ringid, rka, &dest_keyring); if (ret < 0) goto error; ret = key_negate_and_link(rka->target_key, timeout, dest_keyring, instkey); key_put(dest_keyring); if (ret == 0) keyctl_change_reqkey_auth(NULL); error: return ret; } ",linux-2.6,,,284999265039911125895160804685909373889,0 4555,['CWE-20'],"static void dx_release (struct dx_frame *frames) { if (frames[0].bh == NULL) return; if (((struct dx_root *) frames[0].bh->b_data)->info.indirect_levels) brelse(frames[1].bh); brelse(frames[0].bh); }",linux-2.6,,,159414555785723400092028632695822450100,0 6021,CWE-326,"void flash_option_bytes_init(int boot_from_dfu) { uint32_t val = 0xfffff8aa; if (boot_from_dfu){ val &= ~(1<<27); } else { if (solo_is_locked()) { val = 0xfffff8cc; } } val &= ~(1<<26); val &= ~(1<<25); val &= ~(1<<24); if (FLASH->OPTR == val) { return; } __disable_irq(); while (FLASH->SR & (1<<16)) ; flash_unlock(); if (FLASH->CR & (1<<30)) { FLASH->OPTKEYR = 0x08192A3B; FLASH->OPTKEYR = 0x4C5D6E7F; } FLASH->OPTR =val; FLASH->CR |= (1<<17); while (FLASH->SR & (1<<16)) ; flash_lock(); __enable_irq(); }",visit repo url,targets/stm32l432/src/flash.c,https://github.com/solokeys/solo,259480831702921,1 6262,CWE-190,"static int square_root(void) { int bits, code = RLC_ERR; bn_t a, b, c; bn_null(a); bn_null(b); bn_null(c); RLC_TRY { bn_new(a); bn_new(b); bn_new(c); TEST_ONCE(""square root extraction is correct"") { for (bits = 0; bits < RLC_BN_BITS / 2; bits++) { bn_rand(a, RLC_POS, bits); bn_sqr(c, a); bn_srt(b, c); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } for (bits = 0; bits < RLC_BN_BITS; bits++) { bn_rand(a, RLC_POS, bits); bn_srt(b, a); bn_sqr(c, b); TEST_ASSERT(bn_cmp(c, a) != RLC_GT, end); } } TEST_END; TEST_ONCE(""square root of powers of 2 is correct"") { for (bits = 0; bits < RLC_BN_BITS / 2; bits++) { bn_set_2b(a, bits); bn_sqr(c, a); bn_srt(b, c); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } } TEST_END; } RLC_CATCH_ANY { RLC_ERROR(end); } code = RLC_OK; end: bn_free(a); bn_free(b); bn_free(c); return code; }",visit repo url,test/test_bn.c,https://github.com/relic-toolkit/relic,262989411902946,1 6677,['CWE-200'],"dispose (GObject *object) { NMAGConfConnectionPrivate *priv = NMA_GCONF_CONNECTION_GET_PRIVATE (object); if (priv->disposed) return; priv->disposed = TRUE; g_object_unref (priv->client); G_OBJECT_CLASS (nma_gconf_connection_parent_class)->dispose (object); }",network-manager-applet,,,335049800510846345353451897446881595676,0 5716,CWE-787,"void luaV_execute (lua_State *L, CallInfo *ci) { LClosure *cl; TValue *k; StkId base; const Instruction *pc; int trap; #if LUA_USE_JUMPTABLE #include ""ljumptab.h"" #endif tailcall: trap = L->hookmask; cl = clLvalue(s2v(ci->func)); k = cl->p->k; pc = ci->u.l.savedpc; if (trap) { if (cl->p->is_vararg) trap = 0; else if (pc == cl->p->code) luaD_hookcall(L, ci); ci->u.l.trap = 1; } base = ci->func + 1; for (;;) { Instruction i; StkId ra; vmfetch(); lua_assert(base == ci->func + 1); lua_assert(base <= L->top && L->top < L->stack + L->stacksize); lua_assert(isIT(i) || (cast_void(L->top = base), 1)); vmdispatch (GET_OPCODE(i)) { vmcase(OP_MOVE) { setobjs2s(L, ra, RB(i)); vmbreak; } vmcase(OP_LOADI) { lua_Integer b = GETARG_sBx(i); setivalue(s2v(ra), b); vmbreak; } vmcase(OP_LOADF) { int b = GETARG_sBx(i); setfltvalue(s2v(ra), cast_num(b)); vmbreak; } vmcase(OP_LOADK) { TValue *rb = k + GETARG_Bx(i); setobj2s(L, ra, rb); vmbreak; } vmcase(OP_LOADKX) { TValue *rb; rb = k + GETARG_Ax(*pc); pc++; setobj2s(L, ra, rb); vmbreak; } vmcase(OP_LOADFALSE) { setbfvalue(s2v(ra)); vmbreak; } vmcase(OP_LFALSESKIP) { setbfvalue(s2v(ra)); pc++; vmbreak; } vmcase(OP_LOADTRUE) { setbtvalue(s2v(ra)); vmbreak; } vmcase(OP_LOADNIL) { int b = GETARG_B(i); do { setnilvalue(s2v(ra++)); } while (b--); vmbreak; } vmcase(OP_GETUPVAL) { int b = GETARG_B(i); setobj2s(L, ra, cl->upvals[b]->v); vmbreak; } vmcase(OP_SETUPVAL) { UpVal *uv = cl->upvals[GETARG_B(i)]; setobj(L, uv->v, s2v(ra)); luaC_barrier(L, uv, s2v(ra)); vmbreak; } vmcase(OP_GETTABUP) { const TValue *slot; TValue *upval = cl->upvals[GETARG_B(i)]->v; TValue *rc = KC(i); TString *key = tsvalue(rc); if (luaV_fastget(L, upval, key, slot, luaH_getshortstr)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, upval, rc, ra, slot)); vmbreak; } vmcase(OP_GETTABLE) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = vRC(i); lua_Unsigned n; if (ttisinteger(rc) ? (cast_void(n = ivalue(rc)), luaV_fastgeti(L, rb, n, slot)) : luaV_fastget(L, rb, rc, slot, luaH_get)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, rb, rc, ra, slot)); vmbreak; } vmcase(OP_GETI) { const TValue *slot; TValue *rb = vRB(i); int c = GETARG_C(i); if (luaV_fastgeti(L, rb, c, slot)) { setobj2s(L, ra, slot); } else { TValue key; setivalue(&key, c); Protect(luaV_finishget(L, rb, &key, ra, slot)); } vmbreak; } vmcase(OP_GETFIELD) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = KC(i); TString *key = tsvalue(rc); if (luaV_fastget(L, rb, key, slot, luaH_getshortstr)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, rb, rc, ra, slot)); vmbreak; } vmcase(OP_SETTABUP) { const TValue *slot; TValue *upval = cl->upvals[GETARG_A(i)]->v; TValue *rb = KB(i); TValue *rc = RKC(i); TString *key = tsvalue(rb); if (luaV_fastget(L, upval, key, slot, luaH_getshortstr)) { luaV_finishfastset(L, upval, slot, rc); } else Protect(luaV_finishset(L, upval, rb, rc, slot)); vmbreak; } vmcase(OP_SETTABLE) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = RKC(i); lua_Unsigned n; if (ttisinteger(rb) ? (cast_void(n = ivalue(rb)), luaV_fastgeti(L, s2v(ra), n, slot)) : luaV_fastget(L, s2v(ra), rb, slot, luaH_get)) { luaV_finishfastset(L, s2v(ra), slot, rc); } else Protect(luaV_finishset(L, s2v(ra), rb, rc, slot)); vmbreak; } vmcase(OP_SETI) { const TValue *slot; int c = GETARG_B(i); TValue *rc = RKC(i); if (luaV_fastgeti(L, s2v(ra), c, slot)) { luaV_finishfastset(L, s2v(ra), slot, rc); } else { TValue key; setivalue(&key, c); Protect(luaV_finishset(L, s2v(ra), &key, rc, slot)); } vmbreak; } vmcase(OP_SETFIELD) { const TValue *slot; TValue *rb = KB(i); TValue *rc = RKC(i); TString *key = tsvalue(rb); if (luaV_fastget(L, s2v(ra), key, slot, luaH_getshortstr)) { luaV_finishfastset(L, s2v(ra), slot, rc); } else Protect(luaV_finishset(L, s2v(ra), rb, rc, slot)); vmbreak; } vmcase(OP_NEWTABLE) { int b = GETARG_B(i); int c = GETARG_C(i); Table *t; if (b > 0) b = 1 << (b - 1); lua_assert((!TESTARG_k(i)) == (GETARG_Ax(*pc) == 0)); if (TESTARG_k(i)) c += GETARG_Ax(*pc) * (MAXARG_C + 1); pc++; L->top = ra + 1; t = luaH_new(L); sethvalue2s(L, ra, t); if (b != 0 || c != 0) luaH_resize(L, t, c, b); checkGC(L, ra + 1); vmbreak; } vmcase(OP_SELF) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = RKC(i); TString *key = tsvalue(rc); setobj2s(L, ra + 1, rb); if (luaV_fastget(L, rb, key, slot, luaH_getstr)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, rb, rc, ra, slot)); vmbreak; } vmcase(OP_ADDI) { op_arithI(L, l_addi, luai_numadd); vmbreak; } vmcase(OP_ADDK) { op_arithK(L, l_addi, luai_numadd); vmbreak; } vmcase(OP_SUBK) { op_arithK(L, l_subi, luai_numsub); vmbreak; } vmcase(OP_MULK) { op_arithK(L, l_muli, luai_nummul); vmbreak; } vmcase(OP_MODK) { op_arithK(L, luaV_mod, luaV_modf); vmbreak; } vmcase(OP_POWK) { op_arithfK(L, luai_numpow); vmbreak; } vmcase(OP_DIVK) { op_arithfK(L, luai_numdiv); vmbreak; } vmcase(OP_IDIVK) { op_arithK(L, luaV_idiv, luai_numidiv); vmbreak; } vmcase(OP_BANDK) { op_bitwiseK(L, l_band); vmbreak; } vmcase(OP_BORK) { op_bitwiseK(L, l_bor); vmbreak; } vmcase(OP_BXORK) { op_bitwiseK(L, l_bxor); vmbreak; } vmcase(OP_SHRI) { TValue *rb = vRB(i); int ic = GETARG_sC(i); lua_Integer ib; if (tointegerns(rb, &ib)) { pc++; setivalue(s2v(ra), luaV_shiftl(ib, -ic)); } vmbreak; } vmcase(OP_SHLI) { TValue *rb = vRB(i); int ic = GETARG_sC(i); lua_Integer ib; if (tointegerns(rb, &ib)) { pc++; setivalue(s2v(ra), luaV_shiftl(ic, ib)); } vmbreak; } vmcase(OP_ADD) { op_arith(L, l_addi, luai_numadd); vmbreak; } vmcase(OP_SUB) { op_arith(L, l_subi, luai_numsub); vmbreak; } vmcase(OP_MUL) { op_arith(L, l_muli, luai_nummul); vmbreak; } vmcase(OP_MOD) { op_arith(L, luaV_mod, luaV_modf); vmbreak; } vmcase(OP_POW) { op_arithf(L, luai_numpow); vmbreak; } vmcase(OP_DIV) { op_arithf(L, luai_numdiv); vmbreak; } vmcase(OP_IDIV) { op_arith(L, luaV_idiv, luai_numidiv); vmbreak; } vmcase(OP_BAND) { op_bitwise(L, l_band); vmbreak; } vmcase(OP_BOR) { op_bitwise(L, l_bor); vmbreak; } vmcase(OP_BXOR) { op_bitwise(L, l_bxor); vmbreak; } vmcase(OP_SHR) { op_bitwise(L, luaV_shiftr); vmbreak; } vmcase(OP_SHL) { op_bitwise(L, luaV_shiftl); vmbreak; } vmcase(OP_MMBIN) { Instruction pi = *(pc - 2); TValue *rb = vRB(i); TMS tm = (TMS)GETARG_C(i); StkId result = RA(pi); lua_assert(OP_ADD <= GET_OPCODE(pi) && GET_OPCODE(pi) <= OP_SHR); Protect(luaT_trybinTM(L, s2v(ra), rb, result, tm)); vmbreak; } vmcase(OP_MMBINI) { Instruction pi = *(pc - 2); int imm = GETARG_sB(i); TMS tm = (TMS)GETARG_C(i); int flip = GETARG_k(i); StkId result = RA(pi); Protect(luaT_trybiniTM(L, s2v(ra), imm, flip, result, tm)); vmbreak; } vmcase(OP_MMBINK) { Instruction pi = *(pc - 2); TValue *imm = KB(i); TMS tm = (TMS)GETARG_C(i); int flip = GETARG_k(i); StkId result = RA(pi); Protect(luaT_trybinassocTM(L, s2v(ra), imm, flip, result, tm)); vmbreak; } vmcase(OP_UNM) { TValue *rb = vRB(i); lua_Number nb; if (ttisinteger(rb)) { lua_Integer ib = ivalue(rb); setivalue(s2v(ra), intop(-, 0, ib)); } else if (tonumberns(rb, nb)) { setfltvalue(s2v(ra), luai_numunm(L, nb)); } else Protect(luaT_trybinTM(L, rb, rb, ra, TM_UNM)); vmbreak; } vmcase(OP_BNOT) { TValue *rb = vRB(i); lua_Integer ib; if (tointegerns(rb, &ib)) { setivalue(s2v(ra), intop(^, ~l_castS2U(0), ib)); } else Protect(luaT_trybinTM(L, rb, rb, ra, TM_BNOT)); vmbreak; } vmcase(OP_NOT) { TValue *rb = vRB(i); if (l_isfalse(rb)) setbtvalue(s2v(ra)); else setbfvalue(s2v(ra)); vmbreak; } vmcase(OP_LEN) { Protect(luaV_objlen(L, ra, vRB(i))); vmbreak; } vmcase(OP_CONCAT) { int n = GETARG_B(i); L->top = ra + n; ProtectNT(luaV_concat(L, n)); checkGC(L, L->top); vmbreak; } vmcase(OP_CLOSE) { Protect(luaF_close(L, ra, LUA_OK)); vmbreak; } vmcase(OP_TBC) { halfProtect(luaF_newtbcupval(L, ra)); vmbreak; } vmcase(OP_JMP) { dojump(ci, i, 0); vmbreak; } vmcase(OP_EQ) { int cond; TValue *rb = vRB(i); Protect(cond = luaV_equalobj(L, s2v(ra), rb)); docondjump(); vmbreak; } vmcase(OP_LT) { op_order(L, l_lti, LTnum, lessthanothers); vmbreak; } vmcase(OP_LE) { op_order(L, l_lei, LEnum, lessequalothers); vmbreak; } vmcase(OP_EQK) { TValue *rb = KB(i); int cond = luaV_rawequalobj(s2v(ra), rb); docondjump(); vmbreak; } vmcase(OP_EQI) { int cond; int im = GETARG_sB(i); if (ttisinteger(s2v(ra))) cond = (ivalue(s2v(ra)) == im); else if (ttisfloat(s2v(ra))) cond = luai_numeq(fltvalue(s2v(ra)), cast_num(im)); else cond = 0; docondjump(); vmbreak; } vmcase(OP_LTI) { op_orderI(L, l_lti, luai_numlt, 0, TM_LT); vmbreak; } vmcase(OP_LEI) { op_orderI(L, l_lei, luai_numle, 0, TM_LE); vmbreak; } vmcase(OP_GTI) { op_orderI(L, l_gti, luai_numgt, 1, TM_LT); vmbreak; } vmcase(OP_GEI) { op_orderI(L, l_gei, luai_numge, 1, TM_LE); vmbreak; } vmcase(OP_TEST) { int cond = !l_isfalse(s2v(ra)); docondjump(); vmbreak; } vmcase(OP_TESTSET) { TValue *rb = vRB(i); if (l_isfalse(rb) == GETARG_k(i)) pc++; else { setobj2s(L, ra, rb); donextjump(ci); } vmbreak; } vmcase(OP_CALL) { int b = GETARG_B(i); int nresults = GETARG_C(i) - 1; if (b != 0) L->top = ra + b; ProtectNT(luaD_call(L, ra, nresults)); vmbreak; } vmcase(OP_TAILCALL) { int b = GETARG_B(i); int nparams1 = GETARG_C(i); int delta = (nparams1) ? ci->u.l.nextraargs + nparams1 : 0; if (b != 0) L->top = ra + b; else b = cast_int(L->top - ra); savepc(ci); if (TESTARG_k(i)) { luaF_close(L, base, NOCLOSINGMETH); lua_assert(base == ci->func + 1); } while (!ttisfunction(s2v(ra))) { luaD_tryfuncTM(L, ra); b++; checkstackp(L, 1, ra); } if (!ttisLclosure(s2v(ra))) { luaD_call(L, ra, LUA_MULTRET); updatetrap(ci); updatestack(ci); ci->func -= delta; luaD_poscall(L, ci, cast_int(L->top - ra)); return; } ci->func -= delta; luaD_pretailcall(L, ci, ra, b); goto tailcall; } vmcase(OP_RETURN) { int n = GETARG_B(i) - 1; int nparams1 = GETARG_C(i); if (n < 0) n = cast_int(L->top - ra); savepc(ci); if (TESTARG_k(i)) { if (L->top < ci->top) L->top = ci->top; luaF_close(L, base, LUA_OK); updatetrap(ci); updatestack(ci); } if (nparams1) ci->func -= ci->u.l.nextraargs + nparams1; L->top = ra + n; luaD_poscall(L, ci, n); return; } vmcase(OP_RETURN0) { if (L->hookmask) { L->top = ra; halfProtectNT(luaD_poscall(L, ci, 0)); } else { int nres = ci->nresults; L->ci = ci->previous; L->top = base - 1; while (nres-- > 0) setnilvalue(s2v(L->top++)); } return; } vmcase(OP_RETURN1) { if (L->hookmask) { L->top = ra + 1; halfProtectNT(luaD_poscall(L, ci, 1)); } else { int nres = ci->nresults; L->ci = ci->previous; if (nres == 0) L->top = base - 1; else { setobjs2s(L, base - 1, ra); L->top = base; while (--nres > 0) setnilvalue(s2v(L->top++)); } } return; } vmcase(OP_FORLOOP) { if (ttisinteger(s2v(ra + 2))) { lua_Unsigned count = l_castS2U(ivalue(s2v(ra + 1))); if (count > 0) { lua_Integer step = ivalue(s2v(ra + 2)); lua_Integer idx = ivalue(s2v(ra)); chgivalue(s2v(ra + 1), count - 1); idx = intop(+, idx, step); chgivalue(s2v(ra), idx); setivalue(s2v(ra + 3), idx); pc -= GETARG_Bx(i); } } else if (floatforloop(ra)) pc -= GETARG_Bx(i); updatetrap(ci); vmbreak; } vmcase(OP_FORPREP) { savestate(L, ci); if (forprep(L, ra)) pc += GETARG_Bx(i) + 1; vmbreak; } vmcase(OP_TFORPREP) { halfProtect(luaF_newtbcupval(L, ra + 3)); pc += GETARG_Bx(i); i = *(pc++); lua_assert(GET_OPCODE(i) == OP_TFORCALL && ra == RA(i)); goto l_tforcall; } vmcase(OP_TFORCALL) { l_tforcall: memcpy(ra + 4, ra, 3 * sizeof(*ra)); L->top = ra + 4 + 3; ProtectNT(luaD_call(L, ra + 4, GETARG_C(i))); updatestack(ci); i = *(pc++); lua_assert(GET_OPCODE(i) == OP_TFORLOOP && ra == RA(i)); goto l_tforloop; } vmcase(OP_TFORLOOP) { l_tforloop: if (!ttisnil(s2v(ra + 4))) { setobjs2s(L, ra + 2, ra + 4); pc -= GETARG_Bx(i); } vmbreak; } vmcase(OP_SETLIST) { int n = GETARG_B(i); unsigned int last = GETARG_C(i); Table *h = hvalue(s2v(ra)); if (n == 0) n = cast_int(L->top - ra) - 1; else L->top = ci->top; last += n; if (TESTARG_k(i)) { last += GETARG_Ax(*pc) * (MAXARG_C + 1); pc++; } if (last > luaH_realasize(h)) luaH_resizearray(L, h, last); for (; n > 0; n--) { TValue *val = s2v(ra + n); setobj2t(L, &h->array[last - 1], val); last--; luaC_barrierback(L, obj2gco(h), val); } vmbreak; } vmcase(OP_CLOSURE) { Proto *p = cl->p->p[GETARG_Bx(i)]; halfProtect(pushclosure(L, p, cl->upvals, base, ra)); checkGC(L, ra + 1); vmbreak; } vmcase(OP_VARARG) { int n = GETARG_C(i) - 1; Protect(luaT_getvarargs(L, ci, ra, n)); vmbreak; } vmcase(OP_VARARGPREP) { luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p); updatetrap(ci); if (trap) { luaD_hookcall(L, ci); L->oldpc = pc + 1; } updatebase(ci); vmbreak; } vmcase(OP_EXTRAARG) { lua_assert(0); vmbreak; } } } }",visit repo url,lvm.c,https://github.com/lua/lua,61224653283891,1 1999,['CWE-20'],"static int fallback_migrate_page(struct address_space *mapping, struct page *newpage, struct page *page) { if (PageDirty(page)) return writeout(mapping, page); if (PagePrivate(page) && !try_to_release_page(page, GFP_KERNEL)) return -EAGAIN; return migrate_page(mapping, newpage, page); }",linux-2.6,,,161306267534402045097791073721777317040,0 2158,CWE-401,"int hsr_dev_finalize(struct net_device *hsr_dev, struct net_device *slave[2], unsigned char multicast_spec, u8 protocol_version) { struct hsr_priv *hsr; struct hsr_port *port; int res; hsr = netdev_priv(hsr_dev); INIT_LIST_HEAD(&hsr->ports); INIT_LIST_HEAD(&hsr->node_db); INIT_LIST_HEAD(&hsr->self_node_db); ether_addr_copy(hsr_dev->dev_addr, slave[0]->dev_addr); res = hsr_create_self_node(&hsr->self_node_db, hsr_dev->dev_addr, slave[1]->dev_addr); if (res < 0) return res; spin_lock_init(&hsr->seqnr_lock); hsr->sequence_nr = HSR_SEQNR_START; hsr->sup_sequence_nr = HSR_SUP_SEQNR_START; timer_setup(&hsr->announce_timer, hsr_announce, 0); timer_setup(&hsr->prune_timer, hsr_prune_nodes, 0); ether_addr_copy(hsr->sup_multicast_addr, def_multicast_addr); hsr->sup_multicast_addr[ETH_ALEN - 1] = multicast_spec; hsr->protVersion = protocol_version; netif_carrier_off(hsr_dev); res = hsr_add_port(hsr, hsr_dev, HSR_PT_MASTER); if (res) return res; res = register_netdevice(hsr_dev); if (res) goto fail; res = hsr_add_port(hsr, slave[0], HSR_PT_SLAVE_A); if (res) goto fail; res = hsr_add_port(hsr, slave[1], HSR_PT_SLAVE_B); if (res) goto fail; mod_timer(&hsr->prune_timer, jiffies + msecs_to_jiffies(PRUNE_PERIOD)); return 0; fail: hsr_for_each_port(hsr, port) hsr_del_port(port); return res; }",visit repo url,net/hsr/hsr_device.c,https://github.com/torvalds/linux,102841178316391,1 6408,['CWE-59'],"check_setuid(void) { return 0; }",samba,,,37285802063340876359509849507799833113,0 2587,[],"static int grep_file(struct grep_opt *opt, const char *filename) { struct stat st; int i; char *data; size_t sz; if (lstat(filename, &st) < 0) { err_ret: if (errno != ENOENT) error(""'%s': %s"", filename, strerror(errno)); return 0; } if (!st.st_size) return 0; if (!S_ISREG(st.st_mode)) return 0; sz = xsize_t(st.st_size); i = open(filename, O_RDONLY); if (i < 0) goto err_ret; data = xmalloc(sz + 1); if (st.st_size != read_in_full(i, data, sz)) { error(""'%s': short read %s"", filename, strerror(errno)); close(i); free(data); return 0; } close(i); if (opt->relative && opt->prefix_length) filename += opt->prefix_length; i = grep_buffer(opt, filename, data, sz); free(data); return i; }",git,,,294513509190234181962848035130136997941,0 2986,['CWE-189'],"static int jas_iccxyz_input(jas_iccattrval_t *attrval, jas_stream_t *in, int len) { if (len != 4 * 3) abort(); return jas_iccgetxyz(in, &attrval->data.xyz); }",jasper,,,281069881513716172227780795267917437798,0 1364,[],"static u64 sched_vslice(struct cfs_rq *cfs_rq) { return __sched_vslice(cfs_rq->load.weight, cfs_rq->nr_running); }",linux-2.6,,,66924666336464472275558158451676018296,0 3443,['CWE-20'],"_dbus_validate_body_with_reason (const DBusString *expected_signature, int expected_signature_start, int byte_order, int *bytes_remaining, const DBusString *value_str, int value_pos, int len) { DBusTypeReader reader; const unsigned char *p; const unsigned char *end; DBusValidity validity; _dbus_assert (len >= 0); _dbus_assert (value_pos >= 0); _dbus_assert (value_pos <= _dbus_string_get_length (value_str) - len); _dbus_verbose (""validating body from pos %d len %d sig '%s'\n"", value_pos, len, _dbus_string_get_const_data_len (expected_signature, expected_signature_start, 0)); _dbus_type_reader_init_types_only (&reader, expected_signature, expected_signature_start); p = _dbus_string_get_const_data_len (value_str, value_pos, len); end = p + len; validity = validate_body_helper (&reader, byte_order, TRUE, p, end, &p); if (validity != DBUS_VALID) return validity; if (bytes_remaining) { *bytes_remaining = end - p; return DBUS_VALID; } else if (p < end) return DBUS_INVALID_TOO_MUCH_DATA; else { _dbus_assert (p == end); return DBUS_VALID; } }",dbus,,,85121118716209134904638499762805654375,0 432,CWE-617,"static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq, uint32_t guest_irq, bool set) { struct kvm_kernel_irq_routing_entry *e; struct kvm_irq_routing_table *irq_rt; struct kvm_lapic_irq irq; struct kvm_vcpu *vcpu; struct vcpu_data vcpu_info; int idx, ret = -EINVAL; if (!kvm_arch_has_assigned_device(kvm) || !irq_remapping_cap(IRQ_POSTING_CAP) || !kvm_vcpu_apicv_active(kvm->vcpus[0])) return 0; idx = srcu_read_lock(&kvm->irq_srcu); irq_rt = srcu_dereference(kvm->irq_routing, &kvm->irq_srcu); BUG_ON(guest_irq >= irq_rt->nr_rt_entries); hlist_for_each_entry(e, &irq_rt->map[guest_irq], link) { if (e->type != KVM_IRQ_ROUTING_MSI) continue; kvm_set_msi_irq(kvm, e, &irq); if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) { ret = irq_set_vcpu_affinity(host_irq, NULL); if (ret < 0) { printk(KERN_INFO ""failed to back to remapped mode, irq: %u\n"", host_irq); goto out; } continue; } vcpu_info.pi_desc_addr = __pa(vcpu_to_pi_desc(vcpu)); vcpu_info.vector = irq.vector; trace_kvm_pi_irte_update(vcpu->vcpu_id, host_irq, e->gsi, vcpu_info.vector, vcpu_info.pi_desc_addr, set); if (set) ret = irq_set_vcpu_affinity(host_irq, &vcpu_info); else { pi_set_sn(vcpu_to_pi_desc(vcpu)); ret = irq_set_vcpu_affinity(host_irq, NULL); pi_clear_sn(vcpu_to_pi_desc(vcpu)); } if (ret < 0) { printk(KERN_INFO ""%s: failed to update PI IRTE\n"", __func__); goto out; } } ret = 0; out: srcu_read_unlock(&kvm->irq_srcu, idx); return ret; }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,153518360153919,1 5661,CWE-415,"usm_malloc_usmStateReference(void) { struct usmStateReference *retval = (struct usmStateReference *) calloc(1, sizeof(struct usmStateReference)); return retval; } ",visit repo url,snmplib/snmpusm.c,https://github.com/net-snmp/net-snmp,236681252423007,1 2938,['CWE-189'],"static int jas_cmpxformseq_append(jas_cmpxformseq_t *pxformseq, jas_cmpxformseq_t *othpxformseq) { int n; int i; jas_cmpxform_t *pxform; jas_cmpxform_t *othpxform; n = pxformseq->numpxforms + othpxformseq->numpxforms; if (n > pxformseq->maxpxforms) { if (jas_cmpxformseq_resize(pxformseq, n)) goto error; } for (i = 0; i < othpxformseq->numpxforms; ++i) { othpxform = othpxformseq->pxforms[i]; if (!(pxform = jas_cmpxform_copy(othpxform))) goto error; pxformseq->pxforms[pxformseq->numpxforms] = pxform; ++pxformseq->numpxforms; } return 0; error: return -1; }",jasper,,,280458447763681420127534480710999536211,0 5850,['CWE-200'],"static int raw_init(struct sock *sk) { struct raw_sock *ro = raw_sk(sk); ro->bound = 0; ro->ifindex = 0; ro->dfilter.can_id = 0; ro->dfilter.can_mask = MASK_ALL; ro->filter = &ro->dfilter; ro->count = 1; ro->loopback = 1; ro->recv_own_msgs = 0; ro->notifier.notifier_call = raw_notifier; register_netdevice_notifier(&ro->notifier); return 0; }",linux-2.6,,,92530859079591238051931103286962152031,0 1188,['CWE-189'],"long hrtimer_nanosleep(struct timespec *rqtp, struct timespec __user *rmtp, const enum hrtimer_mode mode, const clockid_t clockid) { struct restart_block *restart; struct hrtimer_sleeper t; struct timespec tu; ktime_t rem; hrtimer_init(&t.timer, clockid, mode); t.timer.expires = timespec_to_ktime(*rqtp); if (do_nanosleep(&t, mode)) return 0; if (mode == HRTIMER_MODE_ABS) return -ERESTARTNOHAND; if (rmtp) { rem = ktime_sub(t.timer.expires, t.timer.base->get_time()); if (rem.tv64 <= 0) return 0; tu = ktime_to_timespec(rem); if (copy_to_user(rmtp, &tu, sizeof(tu))) return -EFAULT; } restart = ¤t_thread_info()->restart_block; restart->fn = hrtimer_nanosleep_restart; restart->arg0 = (unsigned long) t.timer.base->index; restart->arg1 = (unsigned long) rmtp; restart->arg2 = t.timer.expires.tv64 & 0xFFFFFFFF; restart->arg3 = t.timer.expires.tv64 >> 32; return -ERESTART_RESTARTBLOCK; }",linux-2.6,,,209349901603779967397864609966791344161,0 388,[],"pfm_unregister_buffer_fmt(pfm_uuid_t uuid) { pfm_buffer_fmt_t *fmt; int ret = 0; spin_lock(&pfm_buffer_fmt_lock); fmt = __pfm_find_buffer_fmt(uuid); if (!fmt) { printk(KERN_ERR ""perfmon: cannot unregister format, not found\n""); ret = -EINVAL; goto out; } list_del_init(&fmt->fmt_list); printk(KERN_INFO ""perfmon: removed sampling format: %s\n"", fmt->fmt_name); out: spin_unlock(&pfm_buffer_fmt_lock); return ret; }",linux-2.6,,,166427346827380650747812319587363609354,0 3004,CWE-399,"donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, int clazz, int swap, size_t align, int *flags, uint16_t *notecount) { Elf32_Nhdr nh32; Elf64_Nhdr nh64; size_t noff, doff; uint32_t namesz, descsz; unsigned char *nbuf = CAST(unsigned char *, vbuf); if (*notecount == 0) return 0; --*notecount; if (xnh_sizeof + offset > size) { return xnh_sizeof + offset; } (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); offset += xnh_sizeof; namesz = xnh_namesz; descsz = xnh_descsz; if ((namesz == 0) && (descsz == 0)) { return (offset >= size) ? offset : size; } if (namesz & 0x80000000) { (void)file_printf(ms, "", bad note name size 0x%lx"", (unsigned long)namesz); return 0; } if (descsz & 0x80000000) { (void)file_printf(ms, "", bad note description size 0x%lx"", (unsigned long)descsz); return 0; } noff = offset; doff = ELF_ALIGN(offset + namesz); if (offset + namesz > size) { return doff; } offset = ELF_ALIGN(doff + descsz); if (doff + descsz > size) { return (offset >= size) ? offset : size; } if ((*flags & FLAGS_DID_OS_NOTE) == 0) { if (do_os_note(ms, nbuf, xnh_type, swap, namesz, descsz, noff, doff, flags)) return size; } if ((*flags & FLAGS_DID_BUILD_ID) == 0) { if (do_bid_note(ms, nbuf, xnh_type, swap, namesz, descsz, noff, doff, flags)) return size; } if ((*flags & FLAGS_DID_NETBSD_PAX) == 0) { if (do_pax_note(ms, nbuf, xnh_type, swap, namesz, descsz, noff, doff, flags)) return size; } if ((*flags & FLAGS_DID_CORE) == 0) { if (do_core_note(ms, nbuf, xnh_type, swap, namesz, descsz, noff, doff, flags, size, clazz)) return size; } if (namesz == 7 && strcmp((char *)&nbuf[noff], ""NetBSD"") == 0) { switch (xnh_type) { case NT_NETBSD_VERSION: return size; case NT_NETBSD_MARCH: if (*flags & FLAGS_DID_NETBSD_MARCH) return size; if (file_printf(ms, "", compiled for: %.*s"", (int)descsz, (const char *)&nbuf[doff]) == -1) return size; break; case NT_NETBSD_CMODEL: if (*flags & FLAGS_DID_NETBSD_CMODEL) return size; if (file_printf(ms, "", compiler model: %.*s"", (int)descsz, (const char *)&nbuf[doff]) == -1) return size; break; default: if (*flags & FLAGS_DID_NETBSD_UNKNOWN) return size; if (file_printf(ms, "", note=%u"", xnh_type) == -1) return size; break; } return size; } return offset; }",visit repo url,src/readelf.c,https://github.com/file/file,143586010461973,1 6109,['CWE-200'],"static int cbq_dump_attr(struct sk_buff *skb, struct cbq_class *cl) { if (cbq_dump_lss(skb, cl) < 0 || cbq_dump_rate(skb, cl) < 0 || cbq_dump_wrr(skb, cl) < 0 || cbq_dump_ovl(skb, cl) < 0 || #ifdef CONFIG_NET_CLS_POLICE cbq_dump_police(skb, cl) < 0 || #endif cbq_dump_fopt(skb, cl) < 0) return -1; return 0; }",linux-2.6,,,317852479016762434913285048170332107209,0 2775,['CWE-264'],"prepare_to_send( struct sk_buff *skb, struct net_device *dev ) { struct net_local *nl = (struct net_local *) dev->priv; unsigned int len; if( nl->tx_buf_p ) printk( KERN_ERR ""%s: memory leak!\n"", dev->name ); nl->outpos = 0; nl->state &= ~(FL_WAIT_ACK | FL_NEED_RESEND); len = skb->len; if( len < SBNI_MIN_LEN ) len = SBNI_MIN_LEN; nl->tx_buf_p = skb; nl->tx_frameno = (len + nl->maxframe - 1) / nl->maxframe; nl->framelen = len < nl->maxframe ? len : nl->maxframe; outb( inb( dev->base_addr + CSR0 ) | TR_REQ, dev->base_addr + CSR0 ); #ifdef CONFIG_SBNI_MULTILINE nl->master->trans_start = jiffies; #else dev->trans_start = jiffies; #endif }",linux-2.6,,,312681056206290907550351528478972050193,0 1447,[],"load_balance_fair(struct rq *this_rq, int this_cpu, struct rq *busiest, unsigned long max_load_move, struct sched_domain *sd, enum cpu_idle_type idle, int *all_pinned, int *this_best_prio) { long rem_load_move = max_load_move; int busiest_cpu = cpu_of(busiest); struct task_group *tg; rcu_read_lock(); list_for_each_entry(tg, &task_groups, list) { long imbalance; unsigned long this_weight, busiest_weight; long rem_load, max_load, moved_load; if (!aggregate(tg, sd)->task_weight) continue; rem_load = rem_load_move * aggregate(tg, sd)->rq_weight; rem_load /= aggregate(tg, sd)->load + 1; this_weight = tg->cfs_rq[this_cpu]->task_weight; busiest_weight = tg->cfs_rq[busiest_cpu]->task_weight; imbalance = (busiest_weight - this_weight) / 2; if (imbalance < 0) imbalance = busiest_weight; max_load = max(rem_load, imbalance); moved_load = __load_balance_fair(this_rq, this_cpu, busiest, max_load, sd, idle, all_pinned, this_best_prio, tg->cfs_rq[busiest_cpu]); if (!moved_load) continue; move_group_shares(tg, sd, busiest_cpu, this_cpu); moved_load *= aggregate(tg, sd)->load; moved_load /= aggregate(tg, sd)->rq_weight + 1; rem_load_move -= moved_load; if (rem_load_move < 0) break; } rcu_read_unlock(); return max_load_move - rem_load_move; }",linux-2.6,,,280430966476784959170924997129727326820,0 6191,['CWE-200'],"void rtmsg_ifinfo(int type, struct net_device *dev, unsigned change) { struct sk_buff *skb; int size = NLMSG_SPACE(sizeof(struct ifinfomsg) + sizeof(struct rtnl_link_ifmap) + sizeof(struct rtnl_link_stats) + 128); skb = alloc_skb(size, GFP_KERNEL); if (!skb) return; if (rtnetlink_fill_ifinfo(skb, dev, type, current->pid, 0, change, 0) < 0) { kfree_skb(skb); return; } NETLINK_CB(skb).dst_groups = RTMGRP_LINK; netlink_broadcast(rtnl, skb, 0, RTMGRP_LINK, GFP_KERNEL); }",linux-2.6,,,166557725971023417214243200747886263205,0 2862,CWE-119,"horizontalDifference8(unsigned char *ip, int n, int stride, unsigned short *wp, uint16 *From8) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) (From8[(v)]) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; r1 = CLAMP(ip[3]); wp[3] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[4]); wp[4] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[5]); wp[5] = (uint16)((b1-b2) & mask); b2 = b1; wp += 3; ip += 3; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; r1 = CLAMP(ip[4]); wp[4] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[5]); wp[5] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[6]); wp[6] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[7]); wp[7] = (uint16)((a1-a2) & mask); a2 = a1; wp += 4; ip += 4; } } else { wp += n + stride - 1; ip += n + stride - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,90993586991407,1 428,[],"pfm_ctx_getsize(void *arg, size_t *sz) { pfarg_context_t *req = (pfarg_context_t *)arg; pfm_buffer_fmt_t *fmt; *sz = 0; if (!pfm_uuid_cmp(req->ctx_smpl_buf_id, pfm_null_uuid)) return 0; fmt = pfm_find_buffer_fmt(req->ctx_smpl_buf_id); if (fmt == NULL) { DPRINT((""cannot find buffer format\n"")); return -EINVAL; } *sz = fmt->fmt_arg_size; DPRINT((""arg_size=%lu\n"", *sz)); return 0; }",linux-2.6,,,63242264702106261332115039143479782136,0 438,CWE-119,"static void flush_tmregs_to_thread(struct task_struct *tsk) { if (tsk != current) return; if (MSR_TM_SUSPENDED(mfmsr())) { tm_reclaim_current(TM_CAUSE_SIGNAL); } else { tm_enable(); tm_save_sprs(&(tsk->thread)); } }",visit repo url,arch/powerpc/kernel/ptrace.c,https://github.com/torvalds/linux,30376780582740,1 4155,['CWE-399'],"static void withdraw_entry(AvahiServer *s, AvahiEntry *e) { assert(s); assert(e); if (e->dead) return; if (e->group) { AvahiEntry *k; for (k = e->group->entries; k; k = k->by_group_next) if (!k->dead) { avahi_goodbye_entry(s, k, 0, 1); k->dead = 1; } e->group->n_probing = 0; avahi_s_entry_group_change_state(e->group, AVAHI_ENTRY_GROUP_COLLISION); } else { avahi_goodbye_entry(s, e, 0, 1); e->dead = 1; } s->need_entry_cleanup = 1; }",avahi,,,164163956489772293885805756382888444876,0 4741,CWE-347,"int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, int *pathLenConstraint) { int ret = X509_OK, i = 0; bigint *cert_sig; X509_CTX *next_cert = NULL; BI_CTX *ctx = NULL; bigint *mod = NULL, *expn = NULL; int match_ca_cert = 0; struct timeval tv; uint8_t is_self_signed = 0; if (cert == NULL) { ret = X509_VFY_ERROR_NO_TRUSTED_CERT; goto end_verify; } if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0) { is_self_signed = 1; ctx = cert->rsa_ctx->bi_ctx; mod = cert->rsa_ctx->m; expn = cert->rsa_ctx->e; } gettimeofday(&tv, NULL); if (tv.tv_sec < cert->not_before) { ret = X509_VFY_ERROR_NOT_YET_VALID; goto end_verify; } if (tv.tv_sec > cert->not_after) { ret = X509_VFY_ERROR_EXPIRED; goto end_verify; } if (cert->basic_constraint_present) { if (!cert->basic_constraint_cA && IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) { ret = X509_VFY_ERROR_BASIC_CONSTRAINT; goto end_verify; } if (cert->basic_constraint_cA && (!cert->key_usage_present || IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) && (cert->basic_constraint_pathLenConstraint+1) < *pathLenConstraint) { ret = X509_VFY_ERROR_BASIC_CONSTRAINT; goto end_verify; } } next_cert = cert->next; if (next_cert == NULL) { if (ca_cert_ctx != NULL) { while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) { if (cert->basic_constraint_present && !ca_cert_ctx->cert[i]->basic_constraint_cA) continue; if (asn1_compare_dn(cert->ca_cert_dn, ca_cert_ctx->cert[i]->cert_dn) == 0) { match_ca_cert = true; ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx; mod = ca_cert_ctx->cert[i]->rsa_ctx->m; expn = ca_cert_ctx->cert[i]->rsa_ctx->e; break; } i++; } } if (!match_ca_cert && !is_self_signed) { ret = X509_VFY_ERROR_NO_TRUSTED_CERT; goto end_verify; } } else if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0) { ret = X509_VFY_ERROR_INVALID_CHAIN; goto end_verify; } else { ctx = next_cert->rsa_ctx->bi_ctx; mod = next_cert->rsa_ctx->m; expn = next_cert->rsa_ctx->e; } if (!match_ca_cert && is_self_signed) { ret = X509_VFY_ERROR_SELF_SIGNED; goto end_verify; } cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, bi_clone(ctx, mod), bi_clone(ctx, expn)); if (cert_sig && cert->digest) { if (bi_compare(cert_sig, cert->digest) != 0) ret = X509_VFY_ERROR_BAD_SIGNATURE; bi_free(ctx, cert_sig); } else { ret = X509_VFY_ERROR_BAD_SIGNATURE; } bi_clear_cache(ctx); if (ret) goto end_verify; if (next_cert != NULL) { (*pathLenConstraint)++; ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint); } end_verify: return ret; }",visit repo url,ssl/x509.c,https://github.com/igrr/axtls-8266,8851597120481,1 5704,CWE-787,"void luaD_shrinkstack (lua_State *L) { int inuse = stackinuse(L); int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK; if (goodsize > LUAI_MAXSTACK) goodsize = LUAI_MAXSTACK; if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize) luaD_reallocstack(L, goodsize, 0); else condmovestack(L,{},{}); luaE_shrinkCI(L); }",visit repo url,ldo.c,https://github.com/lua/lua,93153615327379,1 5473,['CWE-476'],"static void set_efer(struct kvm_vcpu *vcpu, u64 efer) { if (efer & efer_reserved_bits) { printk(KERN_DEBUG ""set_efer: 0x%llx #GP, reserved bits\n"", efer); kvm_inject_gp(vcpu, 0); return; } if (is_paging(vcpu) && (vcpu->arch.shadow_efer & EFER_LME) != (efer & EFER_LME)) { printk(KERN_DEBUG ""set_efer: #GP, change LME while paging\n""); kvm_inject_gp(vcpu, 0); return; } if (efer & EFER_FFXSR) { struct kvm_cpuid_entry2 *feat; feat = kvm_find_cpuid_entry(vcpu, 0x80000001, 0); if (!feat || !(feat->edx & bit(X86_FEATURE_FXSR_OPT))) { printk(KERN_DEBUG ""set_efer: #GP, enable FFXSR w/o CPUID capability\n""); kvm_inject_gp(vcpu, 0); return; } } if (efer & EFER_SVME) { struct kvm_cpuid_entry2 *feat; feat = kvm_find_cpuid_entry(vcpu, 0x80000001, 0); if (!feat || !(feat->ecx & bit(X86_FEATURE_SVM))) { printk(KERN_DEBUG ""set_efer: #GP, enable SVM w/o SVM\n""); kvm_inject_gp(vcpu, 0); return; } } kvm_x86_ops->set_efer(vcpu, efer); efer &= ~EFER_LMA; efer |= vcpu->arch.shadow_efer & EFER_LMA; vcpu->arch.shadow_efer = efer; vcpu->arch.mmu.base_role.nxe = (efer & EFER_NX) && !tdp_enabled; kvm_mmu_reset_context(vcpu); }",linux-2.6,,,310125125731674718582770445130588799442,0 3637,CWE-416,"static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *userdata) { DnsStream *s = userdata; int r; assert(s); #if ENABLE_DNS_OVER_TLS if (s->encrypted) { r = dnstls_stream_on_io(s, revents); if (r == DNSTLS_STREAM_CLOSED) return 0; if (r == -EAGAIN) return dns_stream_update_io(s); if (r < 0) return dns_stream_complete(s, -r); r = dns_stream_update_io(s); if (r < 0) return r; } #endif if (s->tfo_salen == 0) { r = dns_stream_identify(s); if (r < 0) return dns_stream_complete(s, -r); } if ((revents & EPOLLOUT) && s->write_packet && s->n_written < sizeof(s->write_size) + s->write_packet->size) { struct iovec iov[2]; ssize_t ss; iov[0] = IOVEC_MAKE(&s->write_size, sizeof(s->write_size)); iov[1] = IOVEC_MAKE(DNS_PACKET_DATA(s->write_packet), s->write_packet->size); IOVEC_INCREMENT(iov, 2, s->n_written); ss = dns_stream_writev(s, iov, 2, 0); if (ss < 0) { if (!IN_SET(-ss, EINTR, EAGAIN)) return dns_stream_complete(s, -ss); } else s->n_written += ss; if (s->n_written >= sizeof(s->write_size) + s->write_packet->size) { r = dns_stream_update_io(s); if (r < 0) return dns_stream_complete(s, -r); } } if ((revents & (EPOLLIN|EPOLLHUP|EPOLLRDHUP)) && (!s->read_packet || s->n_read < sizeof(s->read_size) + s->read_packet->size)) { if (s->n_read < sizeof(s->read_size)) { ssize_t ss; ss = dns_stream_read(s, (uint8_t*) &s->read_size + s->n_read, sizeof(s->read_size) - s->n_read); if (ss < 0) { if (!IN_SET(-ss, EINTR, EAGAIN)) return dns_stream_complete(s, -ss); } else if (ss == 0) return dns_stream_complete(s, ECONNRESET); else s->n_read += ss; } if (s->n_read >= sizeof(s->read_size)) { if (be16toh(s->read_size) < DNS_PACKET_HEADER_SIZE) return dns_stream_complete(s, EBADMSG); if (s->n_read < sizeof(s->read_size) + be16toh(s->read_size)) { ssize_t ss; if (!s->read_packet) { r = dns_packet_new(&s->read_packet, s->protocol, be16toh(s->read_size), DNS_PACKET_SIZE_MAX); if (r < 0) return dns_stream_complete(s, -r); s->read_packet->size = be16toh(s->read_size); s->read_packet->ipproto = IPPROTO_TCP; s->read_packet->family = s->peer.sa.sa_family; s->read_packet->ttl = s->ttl; s->read_packet->ifindex = s->ifindex; if (s->read_packet->family == AF_INET) { s->read_packet->sender.in = s->peer.in.sin_addr; s->read_packet->sender_port = be16toh(s->peer.in.sin_port); s->read_packet->destination.in = s->local.in.sin_addr; s->read_packet->destination_port = be16toh(s->local.in.sin_port); } else { assert(s->read_packet->family == AF_INET6); s->read_packet->sender.in6 = s->peer.in6.sin6_addr; s->read_packet->sender_port = be16toh(s->peer.in6.sin6_port); s->read_packet->destination.in6 = s->local.in6.sin6_addr; s->read_packet->destination_port = be16toh(s->local.in6.sin6_port); if (s->read_packet->ifindex == 0) s->read_packet->ifindex = s->peer.in6.sin6_scope_id; if (s->read_packet->ifindex == 0) s->read_packet->ifindex = s->local.in6.sin6_scope_id; } } ss = dns_stream_read(s, (uint8_t*) DNS_PACKET_DATA(s->read_packet) + s->n_read - sizeof(s->read_size), sizeof(s->read_size) + be16toh(s->read_size) - s->n_read); if (ss < 0) { if (!IN_SET(-ss, EINTR, EAGAIN)) return dns_stream_complete(s, -ss); } else if (ss == 0) return dns_stream_complete(s, ECONNRESET); else s->n_read += ss; } if (s->n_read >= sizeof(s->read_size) + be16toh(s->read_size)) { if (s->on_packet) { r = s->on_packet(s); if (r < 0) return r; } r = dns_stream_update_io(s); if (r < 0) return dns_stream_complete(s, -r); } } } if ((s->write_packet && s->n_written >= sizeof(s->write_size) + s->write_packet->size) && (s->read_packet && s->n_read >= sizeof(s->read_size) + s->read_packet->size)) return dns_stream_complete(s, 0); return 0; }",visit repo url,src/resolve/resolved-dns-stream.c,https://github.com/systemd/systemd,185743036125339,1 2624,[],"static inline int sctp_verify_addr(struct sock *sk, union sctp_addr *addr, int len) { struct sctp_af *af; af = sctp_sockaddr_af(sctp_sk(sk), addr, len); if (!af) return -EINVAL; if (!af->addr_valid(addr, sctp_sk(sk), NULL)) return -EINVAL; if (!sctp_sk(sk)->pf->send_verify(sctp_sk(sk), (addr))) return -EINVAL; return 0; }",linux-2.6,,,88816118310446520440142412398059940431,0 4834,['CWE-189'],"u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes) { int i; u8 code = 0; struct ecryptfs_cipher_code_str_map_elem *map = ecryptfs_cipher_code_str_map; if (strcmp(cipher_name, ""aes"") == 0) { switch (key_bytes) { case 16: code = RFC2440_CIPHER_AES_128; break; case 24: code = RFC2440_CIPHER_AES_192; break; case 32: code = RFC2440_CIPHER_AES_256; } } else { for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++) if (strcmp(cipher_name, map[i].cipher_str) == 0) { code = map[i].cipher_code; break; } } return code; }",linux-2.6,,,307117010069998420173403679994627557320,0 266,CWE-787,"static unsigned int ipv6_defrag(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { int err; #if IS_ENABLED(CONFIG_NF_CONNTRACK) if (skb->nfct && !nf_ct_is_template((struct nf_conn *)skb->nfct)) return NF_ACCEPT; #endif err = nf_ct_frag6_gather(state->net, skb, nf_ct6_defrag_user(state->hook, skb)); if (err == -EINPROGRESS) return NF_STOLEN; return NF_ACCEPT; }",visit repo url,net/ipv6/netfilter/nf_defrag_ipv6_hooks.c,https://github.com/torvalds/linux,149273976227371,1 6006,['CWE-200'],"static void cbq_change_defmap(struct cbq_class *cl, u32 splitid, u32 def, u32 mask) { struct cbq_class *split = NULL; if (splitid == 0) { if ((split = cl->split) == NULL) return; splitid = split->classid; } if (split == NULL || split->classid != splitid) { for (split = cl->tparent; split; split = split->tparent) if (split->classid == splitid) break; } if (split == NULL) return; if (cl->split != split) { cl->defmap = 0; cbq_sync_defmap(cl); cl->split = split; cl->defmap = def&mask; } else cl->defmap = (cl->defmap&~mask)|(def&mask); cbq_sync_defmap(cl); }",linux-2.6,,,303936349184217179856350212402010030183,0 4285,['CWE-264'],"static int copy_files(unsigned long clone_flags, struct task_struct * tsk) { struct files_struct *oldf, *newf; int error = 0; oldf = current->files; if (!oldf) goto out; if (clone_flags & CLONE_FILES) { atomic_inc(&oldf->count); goto out; } newf = dup_fd(oldf, &error); if (!newf) goto out; tsk->files = newf; error = 0; out: return error; }",linux-2.6,,,170410153424536365285557869658433715977,0 6697,['CWE-200'],"start_animation_timeout (NMApplet *applet) { if (applet->animation_id == 0) { applet->animation_step = 0; applet->animation_id = g_timeout_add (100, animation_timeout, applet); } }",network-manager-applet,,,182839416436198319982470458416604549380,0 2383,['CWE-119'],"static const char *external_diff(void) { static const char *external_diff_cmd = NULL; static int done_preparing = 0; if (done_preparing) return external_diff_cmd; external_diff_cmd = getenv(""GIT_EXTERNAL_DIFF""); if (!external_diff_cmd) external_diff_cmd = external_diff_cmd_cfg; done_preparing = 1; return external_diff_cmd; }",git,,,98198868431250245567357109009835177123,0 2970,CWE-119,"cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, size_t count, const uint64_t clsid[2]) { size_t i; cdf_timestamp_t tp; struct timespec ts; char buf[64]; const char *str = NULL; const char *s; int len; if (!NOTMIME(ms)) str = cdf_clsid_to_mime(clsid, clsid2mime); for (i = 0; i < count; i++) { cdf_print_property_name(buf, sizeof(buf), info[i].pi_id); switch (info[i].pi_type) { case CDF_NULL: break; case CDF_SIGNED16: if (NOTMIME(ms) && file_printf(ms, "", %s: %hd"", buf, info[i].pi_s16) == -1) return -1; break; case CDF_SIGNED32: if (NOTMIME(ms) && file_printf(ms, "", %s: %d"", buf, info[i].pi_s32) == -1) return -1; break; case CDF_UNSIGNED32: if (NOTMIME(ms) && file_printf(ms, "", %s: %u"", buf, info[i].pi_u32) == -1) return -1; break; case CDF_FLOAT: if (NOTMIME(ms) && file_printf(ms, "", %s: %g"", buf, info[i].pi_f) == -1) return -1; break; case CDF_DOUBLE: if (NOTMIME(ms) && file_printf(ms, "", %s: %g"", buf, info[i].pi_d) == -1) return -1; break; case CDF_LENGTH32_STRING: case CDF_LENGTH32_WSTRING: len = info[i].pi_str.s_len; if (len > 1) { char vbuf[1024]; size_t j, k = 1; if (info[i].pi_type == CDF_LENGTH32_WSTRING) k++; s = info[i].pi_str.s_buf; for (j = 0; j < sizeof(vbuf) && len--; j++, s += k) { if (*s == '\0') break; if (isprint((unsigned char)*s)) vbuf[j] = *s; } if (j == sizeof(vbuf)) --j; vbuf[j] = '\0'; if (NOTMIME(ms)) { if (vbuf[0]) { if (file_printf(ms, "", %s: %s"", buf, vbuf) == -1) return -1; } } else if (str == NULL && info[i].pi_id == CDF_PROPERTY_NAME_OF_APPLICATION) { str = cdf_app_to_mime(vbuf, app2mime); } } break; case CDF_FILETIME: tp = info[i].pi_tp; if (tp != 0) { char tbuf[64]; if (tp < 1000000000000000LL) { cdf_print_elapsed_time(tbuf, sizeof(tbuf), tp); if (NOTMIME(ms) && file_printf(ms, "", %s: %s"", buf, tbuf) == -1) return -1; } else { char *c, *ec; cdf_timestamp_to_timespec(&ts, tp); c = cdf_ctime(&ts.tv_sec, tbuf); if (c != NULL && (ec = strchr(c, '\n')) != NULL) *ec = '\0'; if (NOTMIME(ms) && file_printf(ms, "", %s: %s"", buf, c) == -1) return -1; } } break; case CDF_CLIPBOARD: break; default: return -1; } } if (!NOTMIME(ms)) { if (str == NULL) return 0; if (file_printf(ms, ""application/%s"", str) == -1) return -1; } return 1; }",visit repo url,src/readcdf.c,https://github.com/file/file,8811812434182,1 3542,['CWE-20'],"sctp_disposition_t sctp_sf_unk_chunk(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *unk_chunk = arg; struct sctp_chunk *err_chunk; sctp_chunkhdr_t *hdr; SCTP_DEBUG_PRINTK(""Processing the unknown chunk id %d.\n"", type.chunk); if (!sctp_vtag_verify(unk_chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(unk_chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); switch (type.chunk & SCTP_CID_ACTION_MASK) { case SCTP_CID_ACTION_DISCARD: return sctp_sf_pdiscard(ep, asoc, type, arg, commands); break; case SCTP_CID_ACTION_DISCARD_ERR: hdr = unk_chunk->chunk_hdr; err_chunk = sctp_make_op_error(asoc, unk_chunk, SCTP_ERROR_UNKNOWN_CHUNK, hdr, WORD_ROUND(ntohs(hdr->length))); if (err_chunk) { sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(err_chunk)); } sctp_sf_pdiscard(ep, asoc, type, arg, commands); return SCTP_DISPOSITION_CONSUME; break; case SCTP_CID_ACTION_SKIP: return SCTP_DISPOSITION_DISCARD; break; case SCTP_CID_ACTION_SKIP_ERR: hdr = unk_chunk->chunk_hdr; err_chunk = sctp_make_op_error(asoc, unk_chunk, SCTP_ERROR_UNKNOWN_CHUNK, hdr, WORD_ROUND(ntohs(hdr->length))); if (err_chunk) { sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(err_chunk)); } return SCTP_DISPOSITION_CONSUME; break; default: break; } return SCTP_DISPOSITION_DISCARD; }",linux-2.6,,,66980017148550109825851859656790582389,0 4645,['CWE-399'],"static inline void ext4_isize_set(struct ext4_inode *raw_inode, loff_t i_size) { raw_inode->i_size_lo = cpu_to_le32(i_size); raw_inode->i_size_high = cpu_to_le32(i_size >> 32);",linux-2.6,,,11652208628828391916568159876050489373,0 4526,['CWE-20'],"static int ext4_add_entry(handle_t *handle, struct dentry *dentry, struct inode *inode) { struct inode *dir = dentry->d_parent->d_inode; struct buffer_head *bh; struct ext4_dir_entry_2 *de; struct super_block *sb; int retval; int dx_fallback=0; unsigned blocksize; ext4_lblk_t block, blocks; sb = dir->i_sb; blocksize = sb->s_blocksize; if (!dentry->d_name.len) return -EINVAL; if (is_dx(dir)) { retval = ext4_dx_add_entry(handle, dentry, inode); if (!retval || (retval != ERR_BAD_DX_DIR)) return retval; EXT4_I(dir)->i_flags &= ~EXT4_INDEX_FL; dx_fallback++; ext4_mark_inode_dirty(handle, dir); } blocks = dir->i_size >> sb->s_blocksize_bits; for (block = 0; block < blocks; block++) { bh = ext4_bread(handle, dir, block, 0, &retval); if(!bh) return retval; retval = add_dirent_to_buf(handle, dentry, inode, NULL, bh); if (retval != -ENOSPC) return retval; if (blocks == 1 && !dx_fallback && EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_DIR_INDEX)) return make_indexed_dir(handle, dentry, inode, bh); brelse(bh); } bh = ext4_append(handle, dir, &block, &retval); if (!bh) return retval; de = (struct ext4_dir_entry_2 *) bh->b_data; de->inode = 0; de->rec_len = ext4_rec_len_to_disk(blocksize); return add_dirent_to_buf(handle, dentry, inode, de, bh); }",linux-2.6,,,25423751547942372470302185706440737412,0 3714,NVD-CWE-noinfo,"ascii_load_sockaddr(struct sockaddr_storage *ss, char *buf) { struct sockaddr_in6 ssin6; struct sockaddr_in ssin; memset(&ssin, 0, sizeof ssin); memset(&ssin6, 0, sizeof ssin6); if (!strcmp(""local"", buf)) { ss->ss_family = AF_LOCAL; } else if (buf[0] == '[' && buf[strlen(buf)-1] == ']') { buf[strlen(buf)-1] = '\0'; if (inet_pton(AF_INET6, buf+1, &ssin6.sin6_addr) != 1) return 0; ssin6.sin6_family = AF_INET6; memcpy(ss, &ssin6, sizeof(ssin6)); ss->ss_len = sizeof(struct sockaddr_in6); } else { if (inet_pton(AF_INET, buf, &ssin.sin_addr) != 1) return 0; ssin.sin_family = AF_INET; memcpy(ss, &ssin, sizeof(ssin)); ss->ss_len = sizeof(struct sockaddr_in); } return 1; }",visit repo url,usr.sbin/smtpd/envelope.c,https://github.com/openbsd/src,232043273080620,1 127,CWE-476,"bool ieee80211_parse_tx_radiotap(struct sk_buff *skb, struct net_device *dev) { struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); struct ieee80211_radiotap_iterator iterator; struct ieee80211_radiotap_header *rthdr = (struct ieee80211_radiotap_header *) skb->data; struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); struct ieee80211_supported_band *sband = local->hw.wiphy->bands[info->band]; int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len, NULL); u16 txflags; u16 rate = 0; bool rate_found = false; u8 rate_retries = 0; u16 rate_flags = 0; u8 mcs_known, mcs_flags, mcs_bw; u16 vht_known; u8 vht_mcs = 0, vht_nss = 0; int i; if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header))) return false; if (unlikely(rthdr->it_version)) return false; if (unlikely(skb->len < ieee80211_get_radiotap_len(skb->data))) return false; info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | IEEE80211_TX_CTL_DONTFRAG; while (!ret) { ret = ieee80211_radiotap_iterator_next(&iterator); if (ret) continue; switch (iterator.this_arg_index) { case IEEE80211_RADIOTAP_FLAGS: if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) { if (skb->len < (iterator._max_length + FCS_LEN)) return false; skb_trim(skb, skb->len - FCS_LEN); } if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP) info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT; if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG) info->flags &= ~IEEE80211_TX_CTL_DONTFRAG; break; case IEEE80211_RADIOTAP_TX_FLAGS: txflags = get_unaligned_le16(iterator.this_arg); if (txflags & IEEE80211_RADIOTAP_F_TX_NOACK) info->flags |= IEEE80211_TX_CTL_NO_ACK; if (txflags & IEEE80211_RADIOTAP_F_TX_NOSEQNO) info->control.flags |= IEEE80211_TX_CTRL_NO_SEQNO; if (txflags & IEEE80211_RADIOTAP_F_TX_ORDER) info->control.flags |= IEEE80211_TX_CTRL_DONT_REORDER; break; case IEEE80211_RADIOTAP_RATE: rate = *iterator.this_arg; rate_flags = 0; rate_found = true; break; case IEEE80211_RADIOTAP_DATA_RETRIES: rate_retries = *iterator.this_arg; break; case IEEE80211_RADIOTAP_MCS: mcs_known = iterator.this_arg[0]; mcs_flags = iterator.this_arg[1]; if (!(mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_MCS)) break; rate_found = true; rate = iterator.this_arg[2]; rate_flags = IEEE80211_TX_RC_MCS; if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_GI && mcs_flags & IEEE80211_RADIOTAP_MCS_SGI) rate_flags |= IEEE80211_TX_RC_SHORT_GI; mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK; if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW && mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40) rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_FEC && mcs_flags & IEEE80211_RADIOTAP_MCS_FEC_LDPC) info->flags |= IEEE80211_TX_CTL_LDPC; if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_STBC) { u8 stbc = u8_get_bits(mcs_flags, IEEE80211_RADIOTAP_MCS_STBC_MASK); info->flags |= u32_encode_bits(stbc, IEEE80211_TX_CTL_STBC); } break; case IEEE80211_RADIOTAP_VHT: vht_known = get_unaligned_le16(iterator.this_arg); rate_found = true; rate_flags = IEEE80211_TX_RC_VHT_MCS; if ((vht_known & IEEE80211_RADIOTAP_VHT_KNOWN_GI) && (iterator.this_arg[2] & IEEE80211_RADIOTAP_VHT_FLAG_SGI)) rate_flags |= IEEE80211_TX_RC_SHORT_GI; if (vht_known & IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH) { if (iterator.this_arg[3] == 1) rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; else if (iterator.this_arg[3] == 4) rate_flags |= IEEE80211_TX_RC_80_MHZ_WIDTH; else if (iterator.this_arg[3] == 11) rate_flags |= IEEE80211_TX_RC_160_MHZ_WIDTH; } vht_mcs = iterator.this_arg[4] >> 4; vht_nss = iterator.this_arg[4] & 0xF; break; default: break; } } if (ret != -ENOENT) return false; if (rate_found) { info->control.flags |= IEEE80211_TX_CTRL_RATE_INJECT; for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { info->control.rates[i].idx = -1; info->control.rates[i].flags = 0; info->control.rates[i].count = 0; } if (rate_flags & IEEE80211_TX_RC_MCS) { info->control.rates[0].idx = rate; } else if (rate_flags & IEEE80211_TX_RC_VHT_MCS) { ieee80211_rate_set_vht(info->control.rates, vht_mcs, vht_nss); } else { for (i = 0; i < sband->n_bitrates; i++) { if (rate * 5 != sband->bitrates[i].bitrate) continue; info->control.rates[0].idx = i; break; } } if (info->control.rates[0].idx < 0) info->control.flags &= ~IEEE80211_TX_CTRL_RATE_INJECT; info->control.rates[0].flags = rate_flags; info->control.rates[0].count = min_t(u8, rate_retries + 1, local->hw.max_rate_tries); } return true; }",visit repo url,net/mac80211/tx.c,https://github.com/torvalds/linux,271851821301299,1 1469,CWE-264,"void perf_event_disable(struct perf_event *event) { struct perf_event_context *ctx = event->ctx; struct task_struct *task = ctx->task; if (!task) { cpu_function_call(event->cpu, __perf_event_disable, event); return; } retry: if (!task_function_call(task, __perf_event_disable, event)) return; raw_spin_lock_irq(&ctx->lock); if (event->state == PERF_EVENT_STATE_ACTIVE) { raw_spin_unlock_irq(&ctx->lock); task = ctx->task; goto retry; } if (event->state == PERF_EVENT_STATE_INACTIVE) { update_group_times(event); event->state = PERF_EVENT_STATE_OFF; } raw_spin_unlock_irq(&ctx->lock); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,13429183114201,1 105,CWE-674,"k5_asn1_full_decode(const krb5_data *code, const struct atype_info *a, void **retrep) { krb5_error_code ret; const uint8_t *contents, *remainder; size_t clen, rlen; taginfo t; *retrep = NULL; ret = get_tag((uint8_t *)code->data, code->length, &t, &contents, &clen, &remainder, &rlen); if (ret) return ret; if (!check_atype_tag(a, &t)) return ASN1_BAD_ID; return decode_atype_to_ptr(&t, contents, clen, a, retrep); }",visit repo url,src/lib/krb5/asn.1/asn1_encode.c,https://github.com/krb5/krb5,13643551351533,1 2888,CWE-125,"static int readContigTilesIntoBuffer (TIFF* in, uint8* buf, uint32 imagelength, uint32 imagewidth, uint32 tw, uint32 tl, tsample_t spp, uint16 bps) { int status = 1; tsample_t sample = 0; tsample_t count = spp; uint32 row, col, trow; uint32 nrow, ncol; uint32 dst_rowsize, shift_width; uint32 bytes_per_sample, bytes_per_pixel; uint32 trailing_bits, prev_trailing_bits; uint32 tile_rowsize = TIFFTileRowSize(in); uint32 src_offset, dst_offset; uint32 row_offset, col_offset; uint8 *bufp = (uint8*) buf; unsigned char *src = NULL; unsigned char *dst = NULL; tsize_t tbytes = 0, tile_buffsize = 0; tsize_t tilesize = TIFFTileSize(in); unsigned char *tilebuf = NULL; bytes_per_sample = (bps + 7) / 8; bytes_per_pixel = ((bps * spp) + 7) / 8; if ((bps % 8) == 0) shift_width = 0; else { if (bytes_per_pixel < (bytes_per_sample + 1)) shift_width = bytes_per_pixel; else shift_width = bytes_per_sample + 1; } tile_buffsize = tilesize; if (tilesize == 0 || tile_rowsize == 0) { TIFFError(""readContigTilesIntoBuffer"", ""Tile size or tile rowsize is zero""); exit(-1); } if (tilesize < (tsize_t)(tl * tile_rowsize)) { #ifdef DEBUG2 TIFFError(""readContigTilesIntoBuffer"", ""Tilesize %lu is too small, using alternate calculation %u"", tilesize, tl * tile_rowsize); #endif tile_buffsize = tl * tile_rowsize; if (tl != (tile_buffsize / tile_rowsize)) { TIFFError(""readContigTilesIntoBuffer"", ""Integer overflow when calculating buffer size.""); exit(-1); } } tilebuf = _TIFFmalloc(tile_buffsize); if (tilebuf == 0) return 0; dst_rowsize = ((imagewidth * bps * spp) + 7) / 8; for (row = 0; row < imagelength; row += tl) { nrow = (row + tl > imagelength) ? imagelength - row : tl; for (col = 0; col < imagewidth; col += tw) { tbytes = TIFFReadTile(in, tilebuf, col, row, 0, 0); if (tbytes < tilesize && !ignore) { TIFFError(TIFFFileName(in), ""Error, can't read tile at row %lu col %lu, Read %lu bytes of %lu"", (unsigned long) col, (unsigned long) row, (unsigned long)tbytes, (unsigned long)tilesize); status = 0; _TIFFfree(tilebuf); return status; } row_offset = row * dst_rowsize; col_offset = ((col * bps * spp) + 7)/ 8; bufp = buf + row_offset + col_offset; if (col + tw > imagewidth) ncol = imagewidth - col; else ncol = tw; if (((bps % 8) == 0) && (count == spp)) { for (trow = 0; trow < nrow; trow++) { src_offset = trow * tile_rowsize; _TIFFmemcpy (bufp, tilebuf + src_offset, (ncol * spp * bps) / 8); bufp += (imagewidth * bps * spp) / 8; } } else { prev_trailing_bits = trailing_bits = 0; trailing_bits = (ncol * bps * spp) % 8; for (trow = 0; trow < nrow; trow++) { src_offset = trow * tile_rowsize; src = tilebuf + src_offset; dst_offset = (row + trow) * dst_rowsize; dst = buf + dst_offset + col_offset; switch (shift_width) { case 0: if (extractContigSamplesBytes (src, dst, ncol, sample, spp, bps, count, 0, ncol)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; case 1: if (bps == 1) { if (extractContigSamplesShifted8bits (src, dst, ncol, sample, spp, bps, count, 0, ncol, prev_trailing_bits)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; } else if (extractContigSamplesShifted16bits (src, dst, ncol, sample, spp, bps, count, 0, ncol, prev_trailing_bits)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; case 2: if (extractContigSamplesShifted24bits (src, dst, ncol, sample, spp, bps, count, 0, ncol, prev_trailing_bits)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; case 3: case 4: case 5: if (extractContigSamplesShifted32bits (src, dst, ncol, sample, spp, bps, count, 0, ncol, prev_trailing_bits)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; default: TIFFError(""readContigTilesIntoBuffer"", ""Unsupported bit depth %d"", bps); return 1; } } prev_trailing_bits += trailing_bits; } } } _TIFFfree(tilebuf); return status; }",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,260775928809453,1 6110,['CWE-200'],"static void rsvp_destroy(struct tcf_proto *tp) { struct rsvp_head *data = xchg(&tp->root, NULL); struct rsvp_session **sht; int h1, h2; if (data == NULL) return; sht = data->ht; for (h1=0; h1<256; h1++) { struct rsvp_session *s; while ((s = sht[h1]) != NULL) { sht[h1] = s->next; for (h2=0; h2<=16; h2++) { struct rsvp_filter *f; while ((f = s->ht[h2]) != NULL) { s->ht[h2] = f->next; rsvp_delete_filter(tp, f); } } kfree(s); } } kfree(data); }",linux-2.6,,,84548466222539585163382999973730736493,0 6340,CWE-190,"void setrangeCommand(client *c) { robj *o; long offset; sds value = c->argv[3]->ptr; if (getLongFromObjectOrReply(c,c->argv[2],&offset,NULL) != C_OK) return; if (offset < 0) { addReplyError(c,""offset is out of range""); return; } o = lookupKeyWrite(c->db,c->argv[1]); if (o == NULL) { if (sdslen(value) == 0) { addReply(c,shared.czero); return; } if (checkStringLength(c,offset+sdslen(value)) != C_OK) return; o = createObject(OBJ_STRING,sdsnewlen(NULL, offset+sdslen(value))); dbAdd(c->db,c->argv[1],o); } else { size_t olen; if (checkType(c,o,OBJ_STRING)) return; olen = stringObjectLen(o); if (sdslen(value) == 0) { addReplyLongLong(c,olen); return; } if (checkStringLength(c,offset+sdslen(value)) != C_OK) return; o = dbUnshareStringValue(c->db,c->argv[1],o); } if (sdslen(value) > 0) { o->ptr = sdsgrowzero(o->ptr,offset+sdslen(value)); memcpy((char*)o->ptr+offset,value,sdslen(value)); signalModifiedKey(c,c->db,c->argv[1]); notifyKeyspaceEvent(NOTIFY_STRING, ""setrange"",c->argv[1],c->db->id); server.dirty++; } addReplyLongLong(c,sdslen(o->ptr)); }",visit repo url,src/t_string.c,https://github.com/redis/redis,74137923126674,1 1362,[],"static inline struct rq *rq_of(struct cfs_rq *cfs_rq) { return container_of(cfs_rq, struct rq, cfs); }",linux-2.6,,,151422379133570413132222863509893174380,0 1995,CWE-674,"static int validate_nla(const struct nlattr *nla, int maxtype, const struct nla_policy *policy, unsigned int validate, struct netlink_ext_ack *extack) { u16 strict_start_type = policy[0].strict_start_type; const struct nla_policy *pt; int minlen = 0, attrlen = nla_len(nla), type = nla_type(nla); int err = -ERANGE; if (strict_start_type && type >= strict_start_type) validate |= NL_VALIDATE_STRICT; if (type <= 0 || type > maxtype) return 0; pt = &policy[type]; BUG_ON(pt->type > NLA_TYPE_MAX); if ((nla_attr_len[pt->type] && attrlen != nla_attr_len[pt->type]) || (pt->type == NLA_EXACT_LEN_WARN && attrlen != pt->len)) { pr_warn_ratelimited(""netlink: '%s': attribute type %d has an invalid length.\n"", current->comm, type); if (validate & NL_VALIDATE_STRICT_ATTRS) { NL_SET_ERR_MSG_ATTR(extack, nla, ""invalid attribute length""); return -EINVAL; } } if (validate & NL_VALIDATE_NESTED) { if ((pt->type == NLA_NESTED || pt->type == NLA_NESTED_ARRAY) && !(nla->nla_type & NLA_F_NESTED)) { NL_SET_ERR_MSG_ATTR(extack, nla, ""NLA_F_NESTED is missing""); return -EINVAL; } if (pt->type != NLA_NESTED && pt->type != NLA_NESTED_ARRAY && pt->type != NLA_UNSPEC && (nla->nla_type & NLA_F_NESTED)) { NL_SET_ERR_MSG_ATTR(extack, nla, ""NLA_F_NESTED not expected""); return -EINVAL; } } switch (pt->type) { case NLA_EXACT_LEN: if (attrlen != pt->len) goto out_err; break; case NLA_REJECT: if (extack && pt->reject_message) { NL_SET_BAD_ATTR(extack, nla); extack->_msg = pt->reject_message; return -EINVAL; } err = -EINVAL; goto out_err; case NLA_FLAG: if (attrlen > 0) goto out_err; break; case NLA_BITFIELD32: if (attrlen != sizeof(struct nla_bitfield32)) goto out_err; err = validate_nla_bitfield32(nla, pt->bitfield32_valid); if (err) goto out_err; break; case NLA_NUL_STRING: if (pt->len) minlen = min_t(int, attrlen, pt->len + 1); else minlen = attrlen; if (!minlen || memchr(nla_data(nla), '\0', minlen) == NULL) { err = -EINVAL; goto out_err; } case NLA_STRING: if (attrlen < 1) goto out_err; if (pt->len) { char *buf = nla_data(nla); if (buf[attrlen - 1] == '\0') attrlen--; if (attrlen > pt->len) goto out_err; } break; case NLA_BINARY: if (pt->len && attrlen > pt->len) goto out_err; break; case NLA_NESTED: if (attrlen == 0) break; if (attrlen < NLA_HDRLEN) goto out_err; if (pt->nested_policy) { err = __nla_validate(nla_data(nla), nla_len(nla), pt->len, pt->nested_policy, validate, extack); if (err < 0) { return err; } } break; case NLA_NESTED_ARRAY: if (attrlen == 0) break; if (attrlen < NLA_HDRLEN) goto out_err; if (pt->nested_policy) { int err; err = nla_validate_array(nla_data(nla), nla_len(nla), pt->len, pt->nested_policy, extack, validate); if (err < 0) { return err; } } break; case NLA_UNSPEC: if (validate & NL_VALIDATE_UNSPEC) { NL_SET_ERR_MSG_ATTR(extack, nla, ""Unsupported attribute""); return -EINVAL; } case NLA_MIN_LEN: if (attrlen < pt->len) goto out_err; break; default: if (pt->len) minlen = pt->len; else minlen = nla_attr_minlen[pt->type]; if (attrlen < minlen) goto out_err; } switch (pt->validation_type) { case NLA_VALIDATE_NONE: break; case NLA_VALIDATE_RANGE: case NLA_VALIDATE_MIN: case NLA_VALIDATE_MAX: err = nla_validate_int_range(pt, nla, extack); if (err) return err; break; case NLA_VALIDATE_FUNCTION: if (pt->validate) { err = pt->validate(nla, extack); if (err) return err; } break; } return 0; out_err: NL_SET_ERR_MSG_ATTR(extack, nla, ""Attribute failed policy validation""); return err; }",visit repo url,lib/nlattr.c,https://github.com/torvalds/linux,273820854368101,1 130,[],"long asmlinkage compat_sys_nfsservctl(int cmd, void *notused, void *notused2) { return sys_ni_syscall(); }",linux-2.6,,,305195630096239366917491700759047874528,0 4852,CWE-415,"static int read_private_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; const sc_acl_entry_t *e; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I0012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select private key file: %s\n"", sc_strerror(r)); return 2; } e = sc_file_get_acl_entry(file, SC_AC_OP_READ); if (e == NULL || e->method == SC_AC_NEVER) return 10; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read private key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_private_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,178422530736789,1 52,CWE-763,"spnego_gss_verify_mic( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t msg_buffer, const gss_buffer_t token_buffer, gss_qop_t *qop_state) { OM_uint32 ret; ret = gss_verify_mic(minor_status, context_handle, msg_buffer, token_buffer, qop_state); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,77046485251682,1 6550,['CWE-200'],"foo_client_setup (NMApplet *applet) { applet->nm_client = nm_client_new (); if (!applet->nm_client) return; g_signal_connect (applet->nm_client, ""notify::state"", G_CALLBACK (foo_client_state_changed_cb), applet); g_signal_connect (applet->nm_client, ""notify::active-connections"", G_CALLBACK (foo_active_connections_changed_cb), applet); g_signal_connect (applet->nm_client, ""device-added"", G_CALLBACK (foo_device_added_cb), applet); g_signal_connect (applet->nm_client, ""notify::manager-running"", G_CALLBACK (foo_manager_running_cb), applet); if (nm_client_get_manager_running (applet->nm_client)) g_idle_add (foo_set_initial_state, applet); }",network-manager-applet,,,144468251061191761677013501846411913334,0 2626,CWE-190,"static entity_table_opt determine_entity_table(int all, int doctype) { entity_table_opt retval = {NULL}; assert(!(doctype == ENT_HTML_DOC_XML1 && all)); if (all) { retval.ms_table = (doctype == ENT_HTML_DOC_HTML5) ? entity_ms_table_html5 : entity_ms_table_html4; } else { retval.table = (doctype == ENT_HTML_DOC_HTML401) ? stage3_table_be_noapos_00000 : stage3_table_be_apos_00000; } return retval; }",visit repo url,ext/standard/html.c,https://github.com/php/php-src,35192482033558,1 6045,CWE-190,"#define N 2 static int psi(void) { int result, code = RLC_ERR; bn_t g, n, q, r, p[M], x[M], v[N], w[N], y[N], z[M]; g1_t u[M], ss; g2_t d[M + 1], s[M + 1]; gt_t t[M]; crt_t crt; size_t l; bn_null(g); bn_null(n); bn_null(q); bn_null(r); g1_null(ss); crt_null(crt); RLC_TRY { bn_new(g); bn_new(n); bn_new(q); bn_new(r); g1_new(ss); for (int i = 0; i < M; i++) { bn_null(p[i]); bn_null(x[i]); bn_null(z[i]); g2_null(d[i]); g2_null(s[i]); bn_new(p[i]); bn_new(x[i]); bn_new(z[i]); g2_new(d[i]); g2_new(s[i]); } g2_null(s[M]); g2_new(s[M]); g2_null(d[M]); g2_new(d[M]); for (int i = 0; i < N; i++) { bn_null(v[i]); bn_null(w[i]); bn_null(y[i]); g1_null(u[i]); gt_null(t[i]); bn_new(v[i]); bn_new(w[i]); bn_new(y[i]); g1_new(u[i]); gt_new(t[i]); } crt_new(crt); result = cp_rsapsi_gen(g, n, RLC_BN_BITS); TEST_CASE(""factoring-based laconic private set intersection is correct"") { TEST_ASSERT(result == RLC_OK, end); for (int j = 0; j < M; j++) { bn_rand_mod(x[j], n); } for (int j = 0; j < N; j++) { bn_rand_mod(y[j], n); } TEST_ASSERT(cp_rsapsi_ask(q, r, p, g, n, x, M) == RLC_OK, end); for (int k = 0; k <= N; k++) { for (int j = 0; j < k; j++) { bn_copy(y[j], x[j]); } TEST_ASSERT(cp_rsapsi_ans(v, w, q, g, n, y, N) == RLC_OK, end); TEST_ASSERT(cp_rsapsi_int(z, &l, r, p, n, x, M, v, w, N) == RLC_OK, end); TEST_ASSERT(l == k, end); } } TEST_END; result = cp_shipsi_gen(g, crt, RLC_BN_BITS); TEST_CASE(""factoring-based size-hiding private set intersection is correct"") { TEST_ASSERT(result == RLC_OK, end); for (int j = 0; j < M; j++) { bn_rand_mod(x[j], crt->n); } for (int j = 0; j < N; j++) { bn_rand_mod(y[j], crt->n); } TEST_ASSERT(cp_shipsi_ask(q, r, p, g, crt->n, x, M) == RLC_OK, end); for (int k = 0; k <= N; k++) { for (int j = 0; j < k; j++) { bn_copy(y[j], x[j]); } TEST_ASSERT(cp_shipsi_ans(v, w[0], q, g, crt, y, N) == RLC_OK, end); TEST_ASSERT(cp_shipsi_int(z, &l, r, p, crt->n, x, M, v, w[0], N) == RLC_OK, end); TEST_ASSERT(l == k, end); } } TEST_END; TEST_CASE(""pairing-based laconic private set intersection is correct"") { pc_get_ord(q); for (int j = 0; j < M; j++) { bn_rand_mod(x[j], q); } for (int j = 0; j < N; j++) { bn_rand_mod(y[j], q); } TEST_ASSERT(cp_pbpsi_gen(q, ss, s, M) == RLC_OK, end); TEST_ASSERT(cp_pbpsi_ask(d, r, x, s, M) == RLC_OK, end); for (int k = 0; k <= N; k++) { for (int j = 0; j < k; j++) { bn_copy(y[j], x[j]); } TEST_ASSERT(cp_pbpsi_ans(t, u, ss, d[0], y, N) == RLC_OK, end); TEST_ASSERT(cp_pbpsi_int(z, &l, d, x, M, t, u, N) == RLC_OK, end); TEST_ASSERT(l == k, end); } } TEST_END; } RLC_CATCH_ANY { RLC_ERROR(end); } code = RLC_OK; end: bn_free(g); bn_free(n); bn_free(q); bn_free(r); g1_free(ss); for (int i = 0; i < M; i++) { bn_free(p[i]); bn_free(x[i]); bn_free(z[i]); g2_free(d[i]); g2_free(s[i]); } g2_free(d[M]); g2_free(s[M]); for (int i = 0; i < N; i++) { bn_free(v[i]); bn_free(w[i]); bn_free(y[i]); g1_free(u[i]); gt_free(t[i]); } crt_free(crt);",visit repo url,test/test_cp.c,https://github.com/relic-toolkit/relic,36251607626472,1 1453,CWE-17,"static int udf_readdir(struct file *file, struct dir_context *ctx) { struct inode *dir = file_inode(file); struct udf_inode_info *iinfo = UDF_I(dir); struct udf_fileident_bh fibh = { .sbh = NULL, .ebh = NULL}; struct fileIdentDesc *fi = NULL; struct fileIdentDesc cfi; int block, iblock; loff_t nf_pos; int flen; unsigned char *fname = NULL; unsigned char *nameptr; uint16_t liu; uint8_t lfi; loff_t size = udf_ext0_offset(dir) + dir->i_size; struct buffer_head *tmp, *bha[16]; struct kernel_lb_addr eloc; uint32_t elen; sector_t offset; int i, num, ret = 0; struct extent_position epos = { NULL, 0, {0, 0} }; if (ctx->pos == 0) { if (!dir_emit_dot(file, ctx)) return 0; ctx->pos = 1; } nf_pos = (ctx->pos - 1) << 2; if (nf_pos >= size) goto out; fname = kmalloc(UDF_NAME_LEN, GFP_NOFS); if (!fname) { ret = -ENOMEM; goto out; } if (nf_pos == 0) nf_pos = udf_ext0_offset(dir); fibh.soffset = fibh.eoffset = nf_pos & (dir->i_sb->s_blocksize - 1); if (iinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB) { if (inode_bmap(dir, nf_pos >> dir->i_sb->s_blocksize_bits, &epos, &eloc, &elen, &offset) != (EXT_RECORDED_ALLOCATED >> 30)) { ret = -ENOENT; goto out; } block = udf_get_lb_pblock(dir->i_sb, &eloc, offset); if ((++offset << dir->i_sb->s_blocksize_bits) < elen) { if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_SHORT) epos.offset -= sizeof(struct short_ad); else if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_LONG) epos.offset -= sizeof(struct long_ad); } else { offset = 0; } if (!(fibh.sbh = fibh.ebh = udf_tread(dir->i_sb, block))) { ret = -EIO; goto out; } if (!(offset & ((16 >> (dir->i_sb->s_blocksize_bits - 9)) - 1))) { i = 16 >> (dir->i_sb->s_blocksize_bits - 9); if (i + offset > (elen >> dir->i_sb->s_blocksize_bits)) i = (elen >> dir->i_sb->s_blocksize_bits) - offset; for (num = 0; i > 0; i--) { block = udf_get_lb_pblock(dir->i_sb, &eloc, offset + i); tmp = udf_tgetblk(dir->i_sb, block); if (tmp && !buffer_uptodate(tmp) && !buffer_locked(tmp)) bha[num++] = tmp; else brelse(tmp); } if (num) { ll_rw_block(READA, num, bha); for (i = 0; i < num; i++) brelse(bha[i]); } } } while (nf_pos < size) { struct kernel_lb_addr tloc; ctx->pos = (nf_pos >> 2) + 1; fi = udf_fileident_read(dir, &nf_pos, &fibh, &cfi, &epos, &eloc, &elen, &offset); if (!fi) goto out; liu = le16_to_cpu(cfi.lengthOfImpUse); lfi = cfi.lengthFileIdent; if (fibh.sbh == fibh.ebh) { nameptr = fi->fileIdent + liu; } else { int poffset; poffset = fibh.soffset + sizeof(struct fileIdentDesc) + liu + lfi; if (poffset >= lfi) { nameptr = (char *)(fibh.ebh->b_data + poffset - lfi); } else { nameptr = fname; memcpy(nameptr, fi->fileIdent + liu, lfi - poffset); memcpy(nameptr + lfi - poffset, fibh.ebh->b_data, poffset); } } if ((cfi.fileCharacteristics & FID_FILE_CHAR_DELETED) != 0) { if (!UDF_QUERY_FLAG(dir->i_sb, UDF_FLAG_UNDELETE)) continue; } if ((cfi.fileCharacteristics & FID_FILE_CHAR_HIDDEN) != 0) { if (!UDF_QUERY_FLAG(dir->i_sb, UDF_FLAG_UNHIDE)) continue; } if (cfi.fileCharacteristics & FID_FILE_CHAR_PARENT) { if (!dir_emit_dotdot(file, ctx)) goto out; continue; } flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); if (!flen) continue; tloc = lelb_to_cpu(cfi.icb.extLocation); iblock = udf_get_lb_pblock(dir->i_sb, &tloc, 0); if (!dir_emit(ctx, fname, flen, iblock, DT_UNKNOWN)) goto out; } ctx->pos = (nf_pos >> 2) + 1; out: if (fibh.sbh != fibh.ebh) brelse(fibh.ebh); brelse(fibh.sbh); brelse(epos.bh); kfree(fname); return ret; }",visit repo url,fs/udf/dir.c,https://github.com/torvalds/linux,188189814543548,1 335,CWE-119,"static int gs_usb_probe(struct usb_interface *intf, const struct usb_device_id *id) { struct gs_usb *dev; int rc = -ENOMEM; unsigned int icount, i; struct gs_host_config hconf = { .byte_order = 0x0000beef, }; struct gs_device_config dconf; rc = usb_control_msg(interface_to_usbdev(intf), usb_sndctrlpipe(interface_to_usbdev(intf), 0), GS_USB_BREQ_HOST_FORMAT, USB_DIR_OUT|USB_TYPE_VENDOR|USB_RECIP_INTERFACE, 1, intf->altsetting[0].desc.bInterfaceNumber, &hconf, sizeof(hconf), 1000); if (rc < 0) { dev_err(&intf->dev, ""Couldn't send data format (err=%d)\n"", rc); return rc; } rc = usb_control_msg(interface_to_usbdev(intf), usb_rcvctrlpipe(interface_to_usbdev(intf), 0), GS_USB_BREQ_DEVICE_CONFIG, USB_DIR_IN|USB_TYPE_VENDOR|USB_RECIP_INTERFACE, 1, intf->altsetting[0].desc.bInterfaceNumber, &dconf, sizeof(dconf), 1000); if (rc < 0) { dev_err(&intf->dev, ""Couldn't get device config: (err=%d)\n"", rc); return rc; } icount = dconf.icount + 1; dev_info(&intf->dev, ""Configuring for %d interfaces\n"", icount); if (icount > GS_MAX_INTF) { dev_err(&intf->dev, ""Driver cannot handle more that %d CAN interfaces\n"", GS_MAX_INTF); return -EINVAL; } dev = kzalloc(sizeof(*dev), GFP_KERNEL); if (!dev) return -ENOMEM; init_usb_anchor(&dev->rx_submitted); atomic_set(&dev->active_channels, 0); usb_set_intfdata(intf, dev); dev->udev = interface_to_usbdev(intf); for (i = 0; i < icount; i++) { dev->canch[i] = gs_make_candev(i, intf, &dconf); if (IS_ERR_OR_NULL(dev->canch[i])) { rc = PTR_ERR(dev->canch[i]); icount = i; for (i = 0; i < icount; i++) gs_destroy_candev(dev->canch[i]); usb_kill_anchored_urbs(&dev->rx_submitted); kfree(dev); return rc; } dev->canch[i]->parent = dev; } return 0; }",visit repo url,drivers/net/can/usb/gs_usb.c,https://github.com/torvalds/linux,7172319443162,1 3674,CWE-787,"hb_set_intersect (hb_set_t *set, const hb_set_t *other) { if (unlikely (hb_object_is_immutable (set))) return; set->intersect (*other); }",visit repo url,src/hb-set.cc,https://github.com/harfbuzz/harfbuzz,115667620568076,1 4482,CWE-200,"int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, ecc_key* key, mp_int *r, mp_int *s) { int err; #ifndef WOLFSSL_SP_MATH mp_int* e; #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V) mp_int e_lcl; #endif #endif DECLARE_CURVE_SPECS(1) if (in == NULL || r == NULL || s == NULL || key == NULL || rng == NULL) return ECC_BAD_ARG_E; if (key->type != ECC_PRIVATEKEY && key->type != ECC_PRIVATEKEY_ONLY) { return ECC_BAD_ARG_E; } if (wc_ecc_is_valid_idx(key->idx) != 1) { return ECC_BAD_ARG_E; } #ifdef WOLFSSL_SP_MATH if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, key->heap); else return WC_KEY_SIZE_E; #else #ifdef WOLFSSL_HAVE_SP_ECC #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ defined(WOLFSSL_ASYNC_CRYPT_TEST) if (key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_ECC) #endif { #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) return sp_ecc_sign_256(in, inlen, rng, &key->k, r, s, key->heap); #endif } #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ defined(WOLFSSL_ASYNC_CRYPT_TEST) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { if (wc_AsyncTestInit(&key->asyncDev, ASYNC_TEST_ECC_SIGN)) { WC_ASYNC_TEST* testDev = &key->asyncDev.test; testDev->eccSign.in = in; testDev->eccSign.inSz = inlen; testDev->eccSign.rng = rng; testDev->eccSign.key = key; testDev->eccSign.r = r; testDev->eccSign.s = s; return WC_PENDING_E; } } #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM_V) err = wc_ecc_alloc_mpint(key, &key->e); if (err != 0) return err; e = key->e; #else e = &e_lcl; #endif if ((err = mp_init(e)) != MP_OKAY) { return err; } err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ORDER); if (err == MP_OKAY) { word32 orderBits = mp_count_bits(curve->order); if ((WOLFSSL_BIT_SIZE * inlen) > orderBits) inlen = (orderBits + WOLFSSL_BIT_SIZE - 1) / WOLFSSL_BIT_SIZE; err = mp_read_unsigned_bin(e, (byte*)in, inlen); if (err == MP_OKAY && (WOLFSSL_BIT_SIZE * inlen) > orderBits) mp_rshb(e, WOLFSSL_BIT_SIZE - (orderBits & 0x7)); } if (err == MP_OKAY) { int loop_check = 0; ecc_key pubkey; #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA) #ifdef HAVE_CAVIUM_V if (NitroxEccIsCurveSupported(key)) #endif { word32 keySz = key->dp->size; mp_int* k; #ifdef HAVE_CAVIUM_V err = wc_ecc_alloc_mpint(key, &key->signK); if (err != 0) return err; k = key->signK; #else mp_int k_lcl; k = &k_lcl; #endif err = mp_init(k); #ifdef HAVE_CAVIUM_V if (err == MP_OKAY) err = wc_bigint_alloc(&key->r->raw, NitroxEccGetSize(key)*2); if (err == MP_OKAY) err = wc_ecc_curve_load(key->dp, &curve, (ECC_CURVE_FIELD_PRIME | ECC_CURVE_FIELD_ORDER)); #else if (err == MP_OKAY) err = wc_bigint_alloc(&key->r->raw, key->dp->size); if (err == MP_OKAY) err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ALL); #endif if (err == MP_OKAY) err = wc_bigint_alloc(&key->s->raw, key->dp->size); if (err == MP_OKAY) err = wc_mp_to_bigint_sz(e, &e->raw, keySz); if (err == MP_OKAY) err = wc_mp_to_bigint_sz(&key->k, &key->k.raw, keySz); if (err == MP_OKAY) err = wc_ecc_gen_k(rng, key->dp->size, k, curve->order); if (err == MP_OKAY) err = wc_mp_to_bigint_sz(k, &k->raw, keySz); #ifdef HAVE_CAVIUM_V if (err == MP_OKAY) err = NitroxEcdsaSign(key, &e->raw, &key->k.raw, &k->raw, &r->raw, &s->raw, &curve->prime->raw, &curve->order->raw); #else if (err == MP_OKAY) err = IntelQaEcdsaSign(&key->asyncDev, &e->raw, &key->k.raw, &k->raw, &r->raw, &s->raw, &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw, &curve->order->raw, &curve->Gx->raw, &curve->Gy->raw); #endif #ifndef HAVE_CAVIUM_V mp_clear(e); mp_clear(k); #endif wc_ecc_curve_free(curve); return err; } #endif } #endif if ((err = wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID)) == MP_OKAY) { #ifdef WOLFSSL_CUSTOM_CURVES if (key->idx == ECC_CUSTOM_IDX) { err = wc_ecc_set_custom_curve(&pubkey, key->dp); } #endif for (; err == MP_OKAY;) { if (++loop_check > 64) { err = RNG_FAILURE_E; break; } err = wc_ecc_make_key_ex(rng, key->dp->size, &pubkey, key->dp->id); if (err != MP_OKAY) break; err = mp_mod(pubkey.pubkey.x, curve->order, r); if (err != MP_OKAY) break; if (mp_iszero(r) == MP_YES) { #ifndef ALT_ECC_SIZE mp_clear(pubkey.pubkey.x); mp_clear(pubkey.pubkey.y); mp_clear(pubkey.pubkey.z); #endif mp_forcezero(&pubkey.k); } else { err = mp_invmod(&pubkey.k, curve->order, &pubkey.k); if (err != MP_OKAY) break; err = mp_mulmod(&key->k, r, curve->order, s); if (err != MP_OKAY) break; err = mp_add(e, s, s); if (err != MP_OKAY) break; err = mp_mod(s, curve->order, s); if (err != MP_OKAY) break; err = mp_mulmod(s, &pubkey.k, curve->order, s); if (mp_iszero(s) == MP_NO) break; } } wc_ecc_free(&pubkey); } } mp_clear(e); wc_ecc_curve_free(curve); #endif return err; }",visit repo url,wolfcrypt/src/ecc.c,https://github.com/wolfSSL/wolfssl,18846369531387,1 2445,['CWE-119'],"static void emit_binary_diff(FILE *file, mmfile_t *one, mmfile_t *two) { fprintf(file, ""GIT binary patch\n""); emit_binary_diff_body(file, one, two); emit_binary_diff_body(file, two, one); }",git,,,220520822644708548704338793454800342081,0 5575,CWE-125,"ast2obj_withitem(void* _o) { withitem_ty o = (withitem_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(withitem_type, NULL, NULL); if (!result) return NULL; value = ast2obj_expr(o->context_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_context_expr, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->optional_vars); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_optional_vars, value) == -1) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,73855277347068,1 958,['CWE-189'],"ShmResetProc (extEntry) ExtensionEntry *extEntry; { int i; for (i = 0; i < MAXSCREENS; i++) { shmFuncs[i] = (ShmFuncsPtr)NULL; shmPixFormat[i] = 0; } }",xserver,,,275111279898448530102353602664043318616,0 1233,CWE-400,"void set_task_cpu(struct task_struct *p, unsigned int new_cpu) { #ifdef CONFIG_SCHED_DEBUG WARN_ON_ONCE(p->state != TASK_RUNNING && p->state != TASK_WAKING && !(task_thread_info(p)->preempt_count & PREEMPT_ACTIVE)); #ifdef CONFIG_LOCKDEP WARN_ON_ONCE(debug_locks && !(lockdep_is_held(&p->pi_lock) || lockdep_is_held(&task_rq(p)->lock))); #endif #endif trace_sched_migrate_task(p, new_cpu); if (task_cpu(p) != new_cpu) { p->se.nr_migrations++; perf_sw_event(PERF_COUNT_SW_CPU_MIGRATIONS, 1, 1, NULL, 0); } __set_task_cpu(p, new_cpu); }",visit repo url,kernel/sched.c,https://github.com/torvalds/linux,212575687567805,1 6417,['CWE-190'],"convert_16_bit (const gchar *src, gchar *dst, guint32 len) { gint i; IFDBG(3) g_debug (""Start 16 bit conversion""); for (i = 0; i < len >> 1; ++i) { *dst = *src; dst++; src += 2; } IFDBG(3) g_debug (""End 16 bit conversion""); }",gimp,,,215234323256205767549222470449398610722,0 2021,['CWE-269'],"static int do_loopback(struct nameidata *nd, char *old_name, int recurse) { struct nameidata old_nd; struct vfsmount *mnt = NULL; int err = mount_is_safe(nd); if (err) return err; if (!old_name || !*old_name) return -EINVAL; err = path_lookup(old_name, LOOKUP_FOLLOW, &old_nd); if (err) return err; down_write(&namespace_sem); err = -EINVAL; if (IS_MNT_UNBINDABLE(old_nd.mnt)) goto out; if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt)) goto out; err = -ENOMEM; if (recurse) mnt = copy_tree(old_nd.mnt, old_nd.dentry, 0); else mnt = clone_mnt(old_nd.mnt, old_nd.dentry, 0); if (!mnt) goto out; err = graft_tree(mnt, nd); if (err) { LIST_HEAD(umount_list); spin_lock(&vfsmount_lock); umount_tree(mnt, 0, &umount_list); spin_unlock(&vfsmount_lock); release_mounts(&umount_list); } out: up_write(&namespace_sem); path_release(&old_nd); return err; }",linux-2.6,,,105127218133340093534031925119528470616,0 4739,['CWE-20'],"static int ext4_quota_on(struct super_block *sb, int type, int format_id, char *name, int remount) { int err; struct path path; if (!test_opt(sb, QUOTA)) return -EINVAL; if (remount) return vfs_quota_on(sb, type, format_id, name, remount); err = kern_path(name, LOOKUP_FOLLOW, &path); if (err) return err; if (path.mnt->mnt_sb != sb) { path_put(&path); return -EXDEV; } if (EXT4_SB(sb)->s_qf_names[type]) { if (path.dentry->d_parent != sb->s_root) printk(KERN_WARNING ""EXT4-fs: Quota file not on filesystem root. "" ""Journaled quota will not work.\n""); } if (EXT4_SB(sb)->s_journal && ext4_should_journal_data(path.dentry->d_inode)) { jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); err = jbd2_journal_flush(EXT4_SB(sb)->s_journal); jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); if (err) { path_put(&path); return err; } } err = vfs_quota_on_path(sb, type, format_id, &path); path_put(&path); return err; }",linux-2.6,,,244280198979023837681230571319840560244,0 1486,CWE-264,"static void perf_event_reset(struct perf_event *event) { (void)perf_event_read(event); local64_set(&event->count, 0); perf_event_update_userpage(event); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,246150513135368,1 4051,CWE-476,"static Sdb *store_versioninfo_gnu_verdef(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz) { const char *section_name = """"; const char *link_section_name = """"; char *end = NULL; Elf_(Shdr) *link_shdr = NULL; ut8 dfs[sizeof (Elf_(Verdef))] = {0}; Sdb *sdb; int cnt, i; if (shdr->sh_link > bin->ehdr.e_shnum) { return false; } link_shdr = &bin->shdr[shdr->sh_link]; if ((int)shdr->sh_size < 1) { return false; } Elf_(Verdef) *defs = calloc (shdr->sh_size, sizeof (char)); if (!defs) { return false; } if (bin->shstrtab && shdr->sh_name < bin->shstrtab_size) { section_name = &bin->shstrtab[shdr->sh_name]; } if (link_shdr && bin->shstrtab && link_shdr->sh_name < bin->shstrtab_size) { link_section_name = &bin->shstrtab[link_shdr->sh_name]; } if (!defs) { bprintf (""Warning: Cannot allocate memory (Check Elf_(Verdef))\n""); return NULL; } sdb = sdb_new0 (); end = (char *)defs + shdr->sh_size; sdb_set (sdb, ""section_name"", section_name, 0); sdb_num_set (sdb, ""entries"", shdr->sh_info, 0); sdb_num_set (sdb, ""addr"", shdr->sh_addr, 0); sdb_num_set (sdb, ""offset"", shdr->sh_offset, 0); sdb_num_set (sdb, ""link"", shdr->sh_link, 0); sdb_set (sdb, ""link_section_name"", link_section_name, 0); for (cnt = 0, i = 0; i >= 0 && cnt < shdr->sh_info && ((char *)defs + i < end); ++cnt) { Sdb *sdb_verdef = sdb_new0 (); char *vstart = ((char*)defs) + i; char key[32] = {0}; Elf_(Verdef) *verdef = (Elf_(Verdef)*)vstart; Elf_(Verdaux) aux = {0}; int j = 0; int isum = 0; r_buf_read_at (bin->b, shdr->sh_offset + i, dfs, sizeof (Elf_(Verdef))); verdef->vd_version = READ16 (dfs, j) verdef->vd_flags = READ16 (dfs, j) verdef->vd_ndx = READ16 (dfs, j) verdef->vd_cnt = READ16 (dfs, j) verdef->vd_hash = READ32 (dfs, j) verdef->vd_aux = READ32 (dfs, j) verdef->vd_next = READ32 (dfs, j) int vdaux = verdef->vd_aux; if (vdaux < 1 || vstart + vdaux < vstart) { sdb_free (sdb_verdef); goto out_error; } vstart += vdaux; if (vstart > end || vstart + sizeof (Elf_(Verdaux)) > end) { sdb_free (sdb_verdef); goto out_error; } j = 0; aux.vda_name = READ32 (vstart, j) aux.vda_next = READ32 (vstart, j) isum = i + verdef->vd_aux; if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); goto out_error; } sdb_num_set (sdb_verdef, ""idx"", i, 0); sdb_num_set (sdb_verdef, ""vd_version"", verdef->vd_version, 0); sdb_num_set (sdb_verdef, ""vd_ndx"", verdef->vd_ndx, 0); sdb_num_set (sdb_verdef, ""vd_cnt"", verdef->vd_cnt, 0); sdb_set (sdb_verdef, ""vda_name"", &bin->dynstr[aux.vda_name], 0); sdb_set (sdb_verdef, ""flags"", get_ver_flags (verdef->vd_flags), 0); for (j = 1; j < verdef->vd_cnt; ++j) { int k; Sdb *sdb_parent = sdb_new0 (); isum += aux.vda_next; vstart += aux.vda_next; if (vstart > end || vstart + sizeof (Elf_(Verdaux)) > end) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } k = 0; aux.vda_name = READ32 (vstart, k) aux.vda_next = READ32 (vstart, k) if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } sdb_num_set (sdb_parent, ""idx"", isum, 0); sdb_num_set (sdb_parent, ""parent"", j, 0); sdb_set (sdb_parent, ""vda_name"", &bin->dynstr[aux.vda_name], 0); snprintf (key, sizeof (key), ""parent%d"", j - 1); sdb_ns_set (sdb_verdef, key, sdb_parent); } snprintf (key, sizeof (key), ""verdef%d"", cnt); sdb_ns_set (sdb, key, sdb_verdef); if (!verdef->vd_next) { sdb_free (sdb_verdef); goto out_error; } if ((st32)verdef->vd_next < 1) { eprintf (""Warning: Invalid vd_next in the ELF version\n""); break; } i += verdef->vd_next; } free (defs); return sdb; out_error: free (defs); sdb_free (sdb); return NULL; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radare/radare2,153160951832956,1 5096,CWE-190,"_Unpickler_MemoGet(UnpicklerObject *self, Py_ssize_t idx) { if (idx < 0 || idx >= self->memo_size) return NULL; return self->memo[idx]; }",visit repo url,Modules/_pickle.c,https://github.com/python/cpython,64426202940159,1 4881,['CWE-189'],"int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode) { struct dentry *lower_dentry = ecryptfs_inode_to_private(ecryptfs_inode)->lower_file->f_dentry; ssize_t size; int rc = 0; size = ecryptfs_getxattr_lower(lower_dentry, ECRYPTFS_XATTR_NAME, page_virt, ECRYPTFS_DEFAULT_EXTENT_SIZE); if (size < 0) { if (unlikely(ecryptfs_verbosity > 0)) printk(KERN_INFO ""Error attempting to read the [%s] "" ""xattr from the lower file; return value = "" ""[%zd]\n"", ECRYPTFS_XATTR_NAME, size); rc = -EINVAL; goto out; } out: return rc; }",linux-2.6,,,134451557958631518601837398582934823999,0 1184,CWE-400,"void ptrace_triggered(struct perf_event *bp, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { struct perf_event_attr attr; attr = bp->attr; attr.disabled = true; modify_user_hw_breakpoint(bp, &attr); }",visit repo url,arch/sh/kernel/ptrace_32.c,https://github.com/torvalds/linux,3675341062406,1 5250,CWE-369,"pixBlockconvTiled(PIX *pix, l_int32 wc, l_int32 hc, l_int32 nx, l_int32 ny) { l_int32 i, j, w, h, d, xrat, yrat; PIX *pixs, *pixd, *pixc, *pixt; PIX *pixr, *pixrc, *pixg, *pixgc, *pixb, *pixbc; PIXTILING *pt; PROCNAME(""pixBlockconvTiled""); if (!pix) return (PIX *)ERROR_PTR(""pix not defined"", procName, NULL); if (wc < 0) wc = 0; if (hc < 0) hc = 0; pixGetDimensions(pix, &w, &h, &d); if (w < 2 * wc + 3 || h < 2 * hc + 3) { wc = L_MAX(0, L_MIN(wc, (w - 3) / 2)); hc = L_MAX(0, L_MIN(hc, (h - 3) / 2)); L_WARNING(""kernel too large; reducing!\n"", procName); L_INFO(""wc = %d, hc = %d\n"", procName, wc, hc); } if (wc == 0 && hc == 0) return pixCopy(NULL, pix); if (nx <= 1 && ny <= 1) return pixBlockconv(pix, wc, hc); xrat = w / nx; yrat = h / ny; if (xrat < wc + 2) { nx = w / (wc + 2); L_WARNING(""tile width too small; nx reduced to %d\n"", procName, nx); } if (yrat < hc + 2) { ny = h / (hc + 2); L_WARNING(""tile height too small; ny reduced to %d\n"", procName, ny); } if ((d == 2 || d == 4 || d == 8) && pixGetColormap(pix)) { L_WARNING(""pix has colormap; removing\n"", procName); pixs = pixRemoveColormap(pix, REMOVE_CMAP_BASED_ON_SRC); d = pixGetDepth(pixs); } else { pixs = pixClone(pix); } if (d != 8 && d != 32) { pixDestroy(&pixs); return (PIX *)ERROR_PTR(""depth not 8 or 32 bpp"", procName, NULL); } if ((pixd = pixCreateTemplate(pixs)) == NULL) { pixDestroy(&pixs); return (PIX *)ERROR_PTR(""pixd not made"", procName, NULL); } pt = pixTilingCreate(pixs, nx, ny, 0, 0, wc + 2, hc + 2); for (i = 0; i < ny; i++) { for (j = 0; j < nx; j++) { pixt = pixTilingGetTile(pt, i, j); if (d == 8) { pixc = pixBlockconvGrayTile(pixt, NULL, wc, hc); } else { pixr = pixGetRGBComponent(pixt, COLOR_RED); pixrc = pixBlockconvGrayTile(pixr, NULL, wc, hc); pixDestroy(&pixr); pixg = pixGetRGBComponent(pixt, COLOR_GREEN); pixgc = pixBlockconvGrayTile(pixg, NULL, wc, hc); pixDestroy(&pixg); pixb = pixGetRGBComponent(pixt, COLOR_BLUE); pixbc = pixBlockconvGrayTile(pixb, NULL, wc, hc); pixDestroy(&pixb); pixc = pixCreateRGBImage(pixrc, pixgc, pixbc); pixDestroy(&pixrc); pixDestroy(&pixgc); pixDestroy(&pixbc); } pixTilingPaintTile(pixd, i, j, pixc, pt); pixDestroy(&pixt); pixDestroy(&pixc); } } pixDestroy(&pixs); pixTilingDestroy(&pt); return pixd; }",visit repo url,src/convolve.c,https://github.com/DanBloomberg/leptonica,29401388069846,1 6569,CWE-401,"ASC_destroyAssociation(T_ASC_Association ** association) { OFCondition cond = EC_Normal; if (association == NULL) return EC_Normal; if (*association == NULL) return EC_Normal; if ((*association)->DULassociation != NULL) { ASC_dropAssociation(*association); } if ((*association)->params != NULL) { cond = ASC_destroyAssociationParameters(&(*association)->params); if (cond.bad()) return cond; } if ((*association)->sendPDVBuffer != NULL) free((*association)->sendPDVBuffer); free(*association); *association = NULL; return EC_Normal; }",visit repo url,dcmnet/libsrc/assoc.cc,https://github.com/DCMTK/dcmtk,119321269297063,1 2580,CWE-269,"uint32_t virtio_config_readl(VirtIODevice *vdev, uint32_t addr) { VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); uint32_t val; k->get_config(vdev, vdev->config); if (addr > (vdev->config_len - sizeof(val))) return (uint32_t)-1; val = ldl_p(vdev->config + addr); return val; }",visit repo url,hw/virtio/virtio.c,https://github.com/qemu/qemu,263798363933587,1 2321,['CWE-120'],"int file_permission(struct file *file, int mask) { return permission(file->f_path.dentry->d_inode, mask, NULL); }",linux-2.6,,,34118175351931232869661404256753179669,0 6069,['CWE-200'],"static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) { read_lock_bh(&addrconf_lock); if (likely(ifp->idev->dead == 0)) __ipv6_ifa_notify(event, ifp); read_unlock_bh(&addrconf_lock); }",linux-2.6,,,159971169731390531708218475519494792946,0 1478,CWE-264,"static void perf_remove_from_owner(struct perf_event *event) { struct task_struct *owner; rcu_read_lock(); owner = ACCESS_ONCE(event->owner); smp_read_barrier_depends(); if (owner) { get_task_struct(owner); } rcu_read_unlock(); if (owner) { mutex_lock(&owner->perf_event_mutex); if (event->owner) list_del_init(&event->owner_entry); mutex_unlock(&owner->perf_event_mutex); put_task_struct(owner); } }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,4097899704487,1 2117,CWE-416,"nvkm_uvmm_mthd_map(struct nvkm_uvmm *uvmm, void *argv, u32 argc) { struct nvkm_client *client = uvmm->object.client; union { struct nvif_vmm_map_v0 v0; } *args = argv; u64 addr, size, handle, offset; struct nvkm_vmm *vmm = uvmm->vmm; struct nvkm_vma *vma; struct nvkm_memory *memory; int ret = -ENOSYS; if (!(ret = nvif_unpack(ret, &argv, &argc, args->v0, 0, 0, true))) { addr = args->v0.addr; size = args->v0.size; handle = args->v0.memory; offset = args->v0.offset; } else return ret; memory = nvkm_umem_search(client, handle); if (IS_ERR(memory)) { VMM_DEBUG(vmm, ""memory %016llx %ld\n"", handle, PTR_ERR(memory)); return PTR_ERR(memory); } mutex_lock(&vmm->mutex); if (ret = -ENOENT, !(vma = nvkm_vmm_node_search(vmm, addr))) { VMM_DEBUG(vmm, ""lookup %016llx"", addr); goto fail; } if (ret = -ENOENT, (!vma->user && !client->super) || vma->busy) { VMM_DEBUG(vmm, ""denied %016llx: %d %d %d"", addr, vma->user, !client->super, vma->busy); goto fail; } if (ret = -EINVAL, vma->addr != addr || vma->size != size) { if (addr + size > vma->addr + vma->size || vma->memory || (vma->refd == NVKM_VMA_PAGE_NONE && !vma->mapref)) { VMM_DEBUG(vmm, ""split %d %d %d "" ""%016llx %016llx %016llx %016llx"", !!vma->memory, vma->refd, vma->mapref, addr, size, vma->addr, (u64)vma->size); goto fail; } if (vma->addr != addr) { const u64 tail = vma->size + vma->addr - addr; if (ret = -ENOMEM, !(vma = nvkm_vma_tail(vma, tail))) goto fail; vma->part = true; nvkm_vmm_node_insert(vmm, vma); } if (vma->size != size) { const u64 tail = vma->size - size; struct nvkm_vma *tmp; if (ret = -ENOMEM, !(tmp = nvkm_vma_tail(vma, tail))) { nvkm_vmm_unmap_region(vmm, vma); goto fail; } tmp->part = true; nvkm_vmm_node_insert(vmm, tmp); } } vma->busy = true; mutex_unlock(&vmm->mutex); ret = nvkm_memory_map(memory, offset, vmm, vma, argv, argc); if (ret == 0) { nvkm_memory_unref(&memory); return 0; } mutex_lock(&vmm->mutex); vma->busy = false; nvkm_vmm_unmap_region(vmm, vma); fail: mutex_unlock(&vmm->mutex); nvkm_memory_unref(&memory); return ret; }",visit repo url,drivers/gpu/drm/nouveau/nvkm/subdev/mmu/uvmm.c,https://github.com/torvalds/linux,106697560015562,1 5499,CWE-125,"string_object_to_c_ast(const char *s, PyObject *filename, int start, PyCompilerFlags *flags, int feature_version, PyArena *arena) { mod_ty mod; PyCompilerFlags localflags; perrdetail err; int iflags = PARSER_FLAGS(flags); node *n = Ta3Parser_ParseStringObject(s, filename, &_Ta3Parser_Grammar, start, &err, &iflags); if (flags == NULL) { localflags.cf_flags = 0; flags = &localflags; } if (n) { flags->cf_flags |= iflags & PyCF_MASK; mod = Ta3AST_FromNodeObject(n, flags, filename, feature_version, arena); Ta3Node_Free(n); } else { err_input(&err); mod = NULL; } err_free(&err); return mod; }",visit repo url,ast3/Custom/typed_ast.c,https://github.com/python/typed_ast,81645105780682,1 3196,CWE-835,"resp_get_length(netdissect_options *ndo, register const u_char *bp, int len, const u_char **endp) { int result; u_char c; int saw_digit; int neg; int too_large; if (len == 0) goto trunc; ND_TCHECK(*bp); too_large = 0; neg = 0; if (*bp == '-') { neg = 1; bp++; len--; } result = 0; saw_digit = 0; for (;;) { if (len == 0) goto trunc; ND_TCHECK(*bp); c = *bp; if (!(c >= '0' && c <= '9')) { if (!saw_digit) goto invalid; break; } c -= '0'; if (result > (INT_MAX / 10)) { too_large = 1; } else { result *= 10; if (result == INT_MAX && c > (INT_MAX % 10)) { too_large = 1; } else result += c; } bp++; len--; saw_digit = 1; } if (!saw_digit) goto invalid; if (len == 0) goto trunc; ND_TCHECK(*bp); if (*bp != '\r') goto invalid; bp++; len--; if (len == 0) goto trunc; ND_TCHECK(*bp); if (*bp != '\n') goto invalid; bp++; len--; *endp = bp; if (neg) { if (too_large || result != 1) return (-4); result = -1; } return (too_large ? -3 : result); trunc: return (-2); invalid: return (-5); }",visit repo url,print-resp.c,https://github.com/the-tcpdump-group/tcpdump,151172232377697,1 2664,CWE-190,"SPL_METHOD(SplFileObject, getMaxLineLen) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } RETURN_LONG((long)intern->u.file.max_line_len); } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,126959719943889,1 4556,['CWE-20'],"static inline void dx_set_limit(struct dx_entry *entries, unsigned value) { ((struct dx_countlimit *) entries)->limit = cpu_to_le16(value); }",linux-2.6,,,331298205938840912379930619675003519357,0 845,['CWE-119'],"static void __exit isdn_exit(void) { #ifdef CONFIG_ISDN_PPP isdn_ppp_cleanup(); #endif if (isdn_net_rmall() < 0) { printk(KERN_WARNING ""isdn: net-device busy, remove cancelled\n""); return; } isdn_tty_exit(); unregister_chrdev(ISDN_MAJOR, ""isdn""); del_timer(&dev->timer); vfree(dev); printk(KERN_NOTICE ""ISDN-subsystem unloaded\n""); }",linux-2.6,,,215371804414235223243661020836674059741,0 994,CWE-399,"int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) { int result = parse_rock_ridge_inode_internal(de, inode, 0); if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1) && (ISOFS_SB(inode->i_sb)->s_rock == 2)) { result = parse_rock_ridge_inode_internal(de, inode, 14); } return result; }",visit repo url,fs/isofs/rock.c,https://github.com/torvalds/linux,111691240116390,1 6738,['CWE-310'],"idle_check_avail_access_point_notification (gpointer datap) { struct ap_notification_data *data = datap; NMApplet *applet = data->applet; NMDeviceWifi *device = data->device; int i; const GPtrArray *aps; GSList *all_connections; GSList *connections; GTimeVal timeval; gboolean have_unused_access_point = FALSE; gboolean have_no_autoconnect_points = TRUE; if (nm_client_get_state (data->applet->nm_client) != NM_STATE_DISCONNECTED) return FALSE; if (nm_device_get_state (NM_DEVICE (device)) != NM_DEVICE_STATE_DISCONNECTED) return FALSE; g_get_current_time (&timeval); if ((timeval.tv_sec - data->last_notification_time) < 60*60) return FALSE; all_connections = applet_get_all_connections (applet); connections = utils_filter_connections_for_device (NM_DEVICE (device), all_connections); g_slist_free (all_connections); all_connections = NULL; aps = nm_device_wifi_get_access_points (device); for (i = 0; aps && (i < aps->len); i++) { NMAccessPoint *ap = aps->pdata[i]; GSList *ap_connections = filter_connections_for_access_point (connections, device, ap); GSList *iter; gboolean is_autoconnect = FALSE; for (iter = ap_connections; iter; iter = g_slist_next (iter)) { NMConnection *connection = NM_CONNECTION (iter->data); NMSettingConnection *s_con; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); if (nm_setting_connection_get_autoconnect (s_con)) { is_autoconnect = TRUE; break; } } g_slist_free (ap_connections); if (!is_autoconnect) have_unused_access_point = TRUE; else have_no_autoconnect_points = FALSE; } if (!(have_unused_access_point && have_no_autoconnect_points)) return FALSE; g_get_current_time (&timeval); data->last_notification_time = timeval.tv_sec; applet_do_notify (applet, NOTIFY_URGENCY_LOW, _(""Wireless Networks Available""), _(""Click on this icon to connect to a wireless network""), ""nm-device-wireless"", ""dont-show"", _(""Don't show this message again""), wifi_available_dont_show_cb, applet); return FALSE; }",network-manager-applet,,,26254475386013298036746443597755675154,0 1819,[],"cpu_to_core_group(int cpu, const cpumask_t *cpu_map, struct sched_group **sg, cpumask_t *mask) { int group; *mask = per_cpu(cpu_sibling_map, cpu); cpus_and(*mask, *mask, *cpu_map); group = first_cpu(*mask); if (sg) *sg = &per_cpu(sched_group_core, group); return group; }",linux-2.6,,,69909134804049549025184800426941104237,0 21,NVD-CWE-Other,"bool_t auth_gssapi_unwrap_data( OM_uint32 *major, OM_uint32 *minor, gss_ctx_id_t context, uint32_t seq_num, XDR *in_xdrs, bool_t (*xdr_func)(), caddr_t xdr_ptr) { gss_buffer_desc in_buf, out_buf; XDR temp_xdrs; uint32_t verf_seq_num; int conf, qop; unsigned int length; PRINTF((""gssapi_unwrap_data: starting\n"")); *major = GSS_S_COMPLETE; *minor = 0; in_buf.value = NULL; out_buf.value = NULL; if (! xdr_bytes(in_xdrs, (char **) &in_buf.value, &length, (unsigned int) -1)) { PRINTF((""gssapi_unwrap_data: deserializing encrypted data failed\n"")); temp_xdrs.x_op = XDR_FREE; (void)xdr_bytes(&temp_xdrs, (char **) &in_buf.value, &length, (unsigned int) -1); return FALSE; } in_buf.length = length; *major = gss_unseal(minor, context, &in_buf, &out_buf, &conf, &qop); free(in_buf.value); if (*major != GSS_S_COMPLETE) return FALSE; PRINTF((""gssapi_unwrap_data: %llu bytes data, %llu bytes sealed\n"", (unsigned long long)out_buf.length, (unsigned long long)in_buf.length)); xdrmem_create(&temp_xdrs, out_buf.value, out_buf.length, XDR_DECODE); if (! xdr_u_int32(&temp_xdrs, &verf_seq_num)) { PRINTF((""gssapi_unwrap_data: deserializing verf_seq_num failed\n"")); gss_release_buffer(minor, &out_buf); XDR_DESTROY(&temp_xdrs); return FALSE; } if (verf_seq_num != seq_num) { PRINTF((""gssapi_unwrap_data: seq %d specified, read %d\n"", seq_num, verf_seq_num)); gss_release_buffer(minor, &out_buf); XDR_DESTROY(&temp_xdrs); return FALSE; } PRINTF((""gssapi_unwrap_data: unwrap seq_num %d okay\n"", verf_seq_num)); if (! (*xdr_func)(&temp_xdrs, xdr_ptr)) { PRINTF((""gssapi_unwrap_data: deserializing arguments failed\n"")); gss_release_buffer(minor, &out_buf); xdr_free(xdr_func, xdr_ptr); XDR_DESTROY(&temp_xdrs); return FALSE; } PRINTF((""gssapi_unwrap_data: succeeding\n\n"")); gss_release_buffer(minor, &out_buf); XDR_DESTROY(&temp_xdrs); return TRUE; }",visit repo url,src/lib/rpc/auth_gssapi_misc.c,https://github.com/krb5/krb5,183325713614870,1 5843,['CWE-200'],"static void aun_send_response(__u32 addr, unsigned long seq, int code, int cb) { struct sockaddr_in sin = { .sin_family = AF_INET, .sin_port = htons(AUN_PORT), .sin_addr = {.s_addr = addr} }; struct aunhdr ah = {.code = code, .cb = cb, .handle = seq}; struct kvec iov = {.iov_base = (void *)&ah, .iov_len = sizeof(ah)}; struct msghdr udpmsg; udpmsg.msg_name = (void *)&sin; udpmsg.msg_namelen = sizeof(sin); udpmsg.msg_control = NULL; udpmsg.msg_controllen = 0; udpmsg.msg_flags=0; kernel_sendmsg(udpsock, &udpmsg, &iov, 1, sizeof(ah)); }",linux-2.6,,,237029857616248489137106442732615206326,0 6381,['CWE-200'],"static int tfilter_notify(struct sk_buff *oskb, struct nlmsghdr *n, struct tcf_proto *tp, unsigned long fh, int event) { struct sk_buff *skb; u32 pid = oskb ? NETLINK_CB(oskb).pid : 0; skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) return -ENOBUFS; if (tcf_fill_node(skb, tp, fh, pid, n->nlmsg_seq, 0, event) <= 0) { kfree_skb(skb); return -EINVAL; } return rtnetlink_send(skb, &init_net, pid, RTNLGRP_TC, n->nlmsg_flags & NLM_F_ECHO); }",linux-2.6,,,141004511222355785067073981898735498100,0 3610,['CWE-20'],"sctp_disposition_t sctp_sf_beat_8_3(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_chunk *reply; size_t paylen = 0; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_heartbeat_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); chunk->subh.hb_hdr = (sctp_heartbeathdr_t *) chunk->skb->data; paylen = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); if (!pskb_pull(chunk->skb, paylen)) goto nomem; reply = sctp_make_heartbeat_ack(asoc, chunk, chunk->subh.hb_hdr, paylen); if (!reply) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply)); return SCTP_DISPOSITION_CONSUME; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,179226736282921999042303669452994126163,0 6207,['CWE-200'],"tcf_action_dump(struct sk_buff *skb, struct tc_action *act, int bind, int ref) { struct tc_action *a; int err = -EINVAL; unsigned char *b = skb->tail; struct rtattr *r ; while ((a = act) != NULL) { r = (struct rtattr*) skb->tail; act = a->next; RTA_PUT(skb, a->order, 0, NULL); err = tcf_action_dump_1(skb, a, bind, ref); if (err < 0) goto rtattr_failure; r->rta_len = skb->tail - (u8*)r; } return 0; rtattr_failure: skb_trim(skb, b - skb->data); return -err; }",linux-2.6,,,196934250722942670636629018208239016862,0 3000,CWE-399,"donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size, int clazz, int swap, size_t align, int *flags) { Elf32_Nhdr nh32; Elf64_Nhdr nh64; size_t noff, doff; #ifdef ELFCORE int os_style = -1; #endif uint32_t namesz, descsz; unsigned char *nbuf = CAST(unsigned char *, vbuf); char sbuf[512]; if (xnh_sizeof + offset > size) { return xnh_sizeof + offset; } (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); offset += xnh_sizeof; namesz = xnh_namesz; descsz = xnh_descsz; if ((namesz == 0) && (descsz == 0)) { return (offset >= size) ? offset : size; } if (namesz & 0x80000000) { (void)file_printf(ms, "", bad note name size 0x%lx"", (unsigned long)namesz); return 0; } if (descsz & 0x80000000) { (void)file_printf(ms, "", bad note description size 0x%lx"", (unsigned long)descsz); return 0; } noff = offset; doff = ELF_ALIGN(offset + namesz); if (offset + namesz > size) { return doff; } offset = ELF_ALIGN(doff + descsz); if (doff + descsz > size) { return (offset >= size) ? offset : size; } if ((*flags & (FLAGS_DID_NOTE|FLAGS_DID_BUILD_ID)) == (FLAGS_DID_NOTE|FLAGS_DID_BUILD_ID)) goto core; if (namesz == 5 && strcmp((char *)&nbuf[noff], ""SuSE"") == 0 && xnh_type == NT_GNU_VERSION && descsz == 2) { file_printf(ms, "", for SuSE %d.%d"", nbuf[doff], nbuf[doff + 1]); } if (namesz == 4 && strcmp((char *)&nbuf[noff], ""GNU"") == 0 && xnh_type == NT_GNU_VERSION && descsz == 16) { uint32_t desc[4]; (void)memcpy(desc, &nbuf[doff], sizeof(desc)); if (file_printf(ms, "", for GNU/"") == -1) return size; switch (elf_getu32(swap, desc[0])) { case GNU_OS_LINUX: if (file_printf(ms, ""Linux"") == -1) return size; break; case GNU_OS_HURD: if (file_printf(ms, ""Hurd"") == -1) return size; break; case GNU_OS_SOLARIS: if (file_printf(ms, ""Solaris"") == -1) return size; break; case GNU_OS_KFREEBSD: if (file_printf(ms, ""kFreeBSD"") == -1) return size; break; case GNU_OS_KNETBSD: if (file_printf(ms, ""kNetBSD"") == -1) return size; break; default: if (file_printf(ms, """") == -1) return size; } if (file_printf(ms, "" %d.%d.%d"", elf_getu32(swap, desc[1]), elf_getu32(swap, desc[2]), elf_getu32(swap, desc[3])) == -1) return size; *flags |= FLAGS_DID_NOTE; return size; } if (namesz == 4 && strcmp((char *)&nbuf[noff], ""GNU"") == 0 && xnh_type == NT_GNU_BUILD_ID && (descsz == 16 || descsz == 20)) { uint8_t desc[20]; uint32_t i; if (file_printf(ms, "", BuildID[%s]="", descsz == 16 ? ""md5/uuid"" : ""sha1"") == -1) return size; (void)memcpy(desc, &nbuf[doff], descsz); for (i = 0; i < descsz; i++) if (file_printf(ms, ""%02x"", desc[i]) == -1) return size; *flags |= FLAGS_DID_BUILD_ID; } if (namesz == 4 && strcmp((char *)&nbuf[noff], ""PaX"") == 0 && xnh_type == NT_NETBSD_PAX && descsz == 4) { static const char *pax[] = { ""+mprotect"", ""-mprotect"", ""+segvguard"", ""-segvguard"", ""+ASLR"", ""-ASLR"", }; uint32_t desc; size_t i; int did = 0; (void)memcpy(&desc, &nbuf[doff], sizeof(desc)); desc = elf_getu32(swap, desc); if (desc && file_printf(ms, "", PaX: "") == -1) return size; for (i = 0; i < __arraycount(pax); i++) { if (((1 << i) & desc) == 0) continue; if (file_printf(ms, ""%s%s"", did++ ? "","" : """", pax[i]) == -1) return size; } } if (namesz == 7 && strcmp((char *)&nbuf[noff], ""NetBSD"") == 0) { switch (xnh_type) { case NT_NETBSD_VERSION: if (descsz == 4) { do_note_netbsd_version(ms, swap, &nbuf[doff]); *flags |= FLAGS_DID_NOTE; return size; } break; case NT_NETBSD_MARCH: if (file_printf(ms, "", compiled for: %.*s"", (int)descsz, (const char *)&nbuf[doff]) == -1) return size; break; case NT_NETBSD_CMODEL: if (file_printf(ms, "", compiler model: %.*s"", (int)descsz, (const char *)&nbuf[doff]) == -1) return size; break; default: if (file_printf(ms, "", note=%u"", xnh_type) == -1) return size; break; } return size; } if (namesz == 8 && strcmp((char *)&nbuf[noff], ""FreeBSD"") == 0) { if (xnh_type == NT_FREEBSD_VERSION && descsz == 4) { do_note_freebsd_version(ms, swap, &nbuf[doff]); *flags |= FLAGS_DID_NOTE; return size; } } if (namesz == 8 && strcmp((char *)&nbuf[noff], ""OpenBSD"") == 0 && xnh_type == NT_OPENBSD_VERSION && descsz == 4) { if (file_printf(ms, "", for OpenBSD"") == -1) return size; *flags |= FLAGS_DID_NOTE; return size; } if (namesz == 10 && strcmp((char *)&nbuf[noff], ""DragonFly"") == 0 && xnh_type == NT_DRAGONFLY_VERSION && descsz == 4) { uint32_t desc; if (file_printf(ms, "", for DragonFly"") == -1) return size; (void)memcpy(&desc, &nbuf[doff], sizeof(desc)); desc = elf_getu32(swap, desc); if (file_printf(ms, "" %d.%d.%d"", desc / 100000, desc / 10000 % 10, desc % 10000) == -1) return size; *flags |= FLAGS_DID_NOTE; return size; } core: if ((namesz == 4 && strncmp((char *)&nbuf[noff], ""CORE"", 4) == 0) || (namesz == 5 && strcmp((char *)&nbuf[noff], ""CORE"") == 0)) { os_style = OS_STYLE_SVR4; } if ((namesz == 8 && strcmp((char *)&nbuf[noff], ""FreeBSD"") == 0)) { os_style = OS_STYLE_FREEBSD; } if ((namesz >= 11 && strncmp((char *)&nbuf[noff], ""NetBSD-CORE"", 11) == 0)) { os_style = OS_STYLE_NETBSD; } #ifdef ELFCORE if ((*flags & FLAGS_DID_CORE) != 0) return size; if (os_style != -1 && (*flags & FLAGS_DID_CORE_STYLE) == 0) { if (file_printf(ms, "", %s-style"", os_style_names[os_style]) == -1) return size; *flags |= FLAGS_DID_CORE_STYLE; } switch (os_style) { case OS_STYLE_NETBSD: if (xnh_type == NT_NETBSD_CORE_PROCINFO) { uint32_t signo; if (file_printf(ms, "", from '%.31s'"", file_printable(sbuf, sizeof(sbuf), (const char *)&nbuf[doff + 0x7c])) == -1) return size; (void)memcpy(&signo, &nbuf[doff + 0x08], sizeof(signo)); if (file_printf(ms, "" (signal %u)"", elf_getu32(swap, signo)) == -1) return size; *flags |= FLAGS_DID_CORE; return size; } break; default: if (xnh_type == NT_PRPSINFO && *flags & FLAGS_IS_CORE) { size_t i, j; unsigned char c; for (i = 0; i < NOFFSETS; i++) { unsigned char *cname, *cp; size_t reloffset = prpsoffsets(i); size_t noffset = doff + reloffset; size_t k; for (j = 0; j < 16; j++, noffset++, reloffset++) { if (noffset >= size) goto tryanother; if (reloffset >= descsz) goto tryanother; c = nbuf[noffset]; if (c == '\0') { if (j == 0) goto tryanother; else break; } else { if (!isprint(c) || isquote(c)) goto tryanother; } } for (k = i + 1 ; k < NOFFSETS ; k++) { size_t no; int adjust = 1; if (prpsoffsets(k) >= prpsoffsets(i)) continue; for (no = doff + prpsoffsets(k); no < doff + prpsoffsets(i); no++) adjust = adjust && isprint(nbuf[no]); if (adjust) i = k; } cname = (unsigned char *) &nbuf[doff + prpsoffsets(i)]; for (cp = cname; *cp && isprint(*cp); cp++) continue; while (cp > cname && isspace(cp[-1])) cp--; if (file_printf(ms, "", from '%.*s'"", (int)(cp - cname), cname) == -1) return size; *flags |= FLAGS_DID_CORE; return size; tryanother: ; } } break; } #endif return offset; }",visit repo url,src/readelf.c,https://github.com/file/file,262340042112580,1 3571,['CWE-20'],"void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) { struct sctp_datamsg *msg; struct sctp_chunk *lchunk; struct sctp_stream *stream; __u16 ssn; __u16 sid; if (chunk->has_ssn) return; sid = ntohs(chunk->subh.data_hdr->stream); stream = &chunk->asoc->ssnmap->out; msg = chunk->msg; list_for_each_entry(lchunk, &msg->chunks, frag_list) { if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { ssn = 0; } else { if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) ssn = sctp_ssn_next(stream, sid); else ssn = sctp_ssn_peek(stream, sid); } lchunk->subh.data_hdr->ssn = htons(ssn); lchunk->has_ssn = 1; } }",linux-2.6,,,138410242090657863877071064206452809553,0 6438,[],"find_file_callback (char *filename, void *data1, void *data2) { char **pdir = (char **) data1; FILE **pfile = (FILE **) data2; int is_done = 0; assert (filename && *filename); assert (pdir); assert (pfile); if ((*pfile = fopen (filename, LT_READTEXT_MODE))) { char *dirend = strrchr (filename, '/'); if (dirend > filename) *dirend = LT_EOS_CHAR; FREE (*pdir); *pdir = lt__strdup (filename); is_done = (*pdir == 0) ? -1 : 1; } return is_done; }",libtool,,,193011104002551012285548288715369814780,0 71,CWE-772,"get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) { static gprincs_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_gprincs_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } prime_arg = arg->exp; if (prime_arg == NULL) prime_arg = ""*""; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_LIST, NULL, NULL)) { ret.code = KADM5_AUTH_LIST; log_unauth(""kadm5_get_principals"", prime_arg, &client_name, &service_name, rqstp); } else { ret.code = kadm5_get_principals((void *)handle, arg->exp, &ret.princs, &ret.count); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_get_principals"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,132266047538156,1 6049,['CWE-200'],"static void cbq_destroy_filters(struct cbq_class *cl) { struct tcf_proto *tp; while ((tp = cl->filter_list) != NULL) { cl->filter_list = tp->next; tcf_destroy(tp); } }",linux-2.6,,,164571550583789366133398046036524109908,0 4472,CWE-476,"h2v1_merged_upsample_565_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf, JDIMENSION in_row_group_ctr, JSAMPARRAY output_buf) { my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; register int y, cred, cgreen, cblue; int cb, cr; register JSAMPROW outptr; JSAMPROW inptr0, inptr1, inptr2; JDIMENSION col; register JSAMPLE *range_limit = cinfo->sample_range_limit; int *Crrtab = upsample->Cr_r_tab; int *Cbbtab = upsample->Cb_b_tab; JLONG *Crgtab = upsample->Cr_g_tab; JLONG *Cbgtab = upsample->Cb_g_tab; unsigned int r, g, b; JLONG rgb; SHIFT_TEMPS inptr0 = input_buf[0][in_row_group_ctr]; inptr1 = input_buf[1][in_row_group_ctr]; inptr2 = input_buf[2][in_row_group_ctr]; outptr = output_buf[0]; for (col = cinfo->output_width >> 1; col > 0; col--) { cb = GETJSAMPLE(*inptr1++); cr = GETJSAMPLE(*inptr2++); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr0++); r = range_limit[y + cred]; g = range_limit[y + cgreen]; b = range_limit[y + cblue]; rgb = PACK_SHORT_565(r, g, b); y = GETJSAMPLE(*inptr0++); r = range_limit[y + cred]; g = range_limit[y + cgreen]; b = range_limit[y + cblue]; rgb = PACK_TWO_PIXELS(rgb, PACK_SHORT_565(r, g, b)); WRITE_TWO_PIXELS(outptr, rgb); outptr += 4; } if (cinfo->output_width & 1) { cb = GETJSAMPLE(*inptr1); cr = GETJSAMPLE(*inptr2); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr0); r = range_limit[y + cred]; g = range_limit[y + cgreen]; b = range_limit[y + cblue]; rgb = PACK_SHORT_565(r, g, b); *(INT16 *)outptr = (INT16)rgb; } }",visit repo url,jdmrg565.c,https://github.com/libjpeg-turbo/libjpeg-turbo,209506413458128,1 1226,CWE-400,"static void perf_event_output(struct perf_event *event, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { struct perf_output_handle handle; struct perf_event_header header; rcu_read_lock(); perf_prepare_sample(&header, data, event, regs); if (perf_output_begin(&handle, event, header.size, nmi, 1)) goto exit; perf_output_sample(&handle, &header, data, event); perf_output_end(&handle); exit: rcu_read_unlock(); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,37207659541582,1 6497,CWE-787,"void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, uint8_t *encryptedPrivateKey, uint32_t *enc_len) { LOG_INFO(__FUNCTION__); *errString = 0; *errStatus = UNKNOWN_ERROR; CHECK_STATE(key); CHECK_STATE(encryptedPrivateKey); *errStatus = UNKNOWN_ERROR; int status = AES_encrypt_DH((char *)key, encryptedPrivateKey, BUF_LEN); CHECK_STATUS2(""AES encrypt failed with status %d""); *enc_len = strlen(key) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; SAFE_CHAR_BUF(decryptedKey, BUF_LEN); status = AES_decrypt_DH(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN); CHECK_STATUS2(""trustedDecryptKey failed with status %d""); uint64_t decryptedKeyLen = strnlen(decryptedKey, MAX_KEY_LENGTH); if (decryptedKeyLen == MAX_KEY_LENGTH) { snprintf(errString, BUF_LEN, ""Decrypted key is not null terminated""); LOG_ERROR(errString); goto clean; } *errStatus = -8; if (strncmp(key, decryptedKey, MAX_KEY_LENGTH) != 0) { snprintf(errString, BUF_LEN, ""Decrypted key does not match original key""); LOG_ERROR(errString); goto clean; } SET_SUCCESS clean: ; LOG_INFO(__FUNCTION__ ); LOG_INFO(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,158500353943171,1 4474,['CWE-264'],"void mac_drv_clear_rxd(struct s_smc *smc, volatile struct s_smt_fp_rxd *rxd, int frag_count) { struct sk_buff *skb; PRINTK(""entering mac_drv_clear_rxd\n""); if (frag_count != 1) printk(""fddi: Multi-fragment clear!\n""); for (; frag_count > 0; frag_count--) { skb = rxd->rxd_os.skb; if (skb != NULL) { skfddi_priv *bp = &smc->os; int MaxFrameSize = bp->MaxFrameSize; pci_unmap_single(&bp->pdev, rxd->rxd_os.dma_addr, MaxFrameSize, PCI_DMA_FROMDEVICE); dev_kfree_skb(skb); rxd->rxd_os.skb = NULL; } rxd = rxd->rxd_next; } } ",linux-2.6,,,232965136172922126761406771136438567310,0 1245,[],"m4_divnum (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 1, 1)) return; shipout_int (obs, current_diversion); }",m4,,,170059899802126804519620430663893441509,0 3724,[],"static inline struct sk_buff *sock_queue_head(struct sock *sk) { return (struct sk_buff *) &sk->sk_receive_queue; }",linux-2.6,,,194003469038085928555631709568244698077,0 6741,CWE-125,"static void mrled(u8 * RESTRICT in, u8 * RESTRICT out, s32 outlen) { s32 op = 0, ip = 0; s32 c, pc = -1; s32 t[256] = { 0 }; s32 run = 0; for (s32 i = 0; i < 32; ++i) { c = in[ip++]; for (s32 j = 0; j < 8; ++j) t[i * 8 + j] = (c >> j) & 1; } while (op < outlen) { c = in[ip++]; if (t[c]) { for (run = 0; (pc = in[ip++]) == 255; run += 255) ; run += pc + 1; for (; run > 0 && op < outlen; --run) out[op++] = c; } else out[op++] = c; } }",visit repo url,src/libbz3.c,https://github.com/kspalaiologos/bzip3,185153065121755,1 6337,CWE-190,"void sortCommandGeneric(client *c, int readonly) { list *operations; unsigned int outputlen = 0; int desc = 0, alpha = 0; long limit_start = 0, limit_count = -1, start, end; int j, dontsort = 0, vectorlen; int getop = 0; int int_conversion_error = 0; int syntax_error = 0; robj *sortval, *sortby = NULL, *storekey = NULL; redisSortObject *vector; int user_has_full_key_access = 0; operations = listCreate(); listSetFreeMethod(operations,zfree); j = 2; user_has_full_key_access = ACLUserCheckCmdWithUnrestrictedKeyAccess(c->user, c->cmd, c->argv, c->argc, CMD_KEY_ACCESS); while(j < c->argc) { int leftargs = c->argc-j-1; if (!strcasecmp(c->argv[j]->ptr,""asc"")) { desc = 0; } else if (!strcasecmp(c->argv[j]->ptr,""desc"")) { desc = 1; } else if (!strcasecmp(c->argv[j]->ptr,""alpha"")) { alpha = 1; } else if (!strcasecmp(c->argv[j]->ptr,""limit"") && leftargs >= 2) { if ((getLongFromObjectOrReply(c, c->argv[j+1], &limit_start, NULL) != C_OK) || (getLongFromObjectOrReply(c, c->argv[j+2], &limit_count, NULL) != C_OK)) { syntax_error++; break; } j+=2; } else if (readonly == 0 && !strcasecmp(c->argv[j]->ptr,""store"") && leftargs >= 1) { storekey = c->argv[j+1]; j++; } else if (!strcasecmp(c->argv[j]->ptr,""by"") && leftargs >= 1) { sortby = c->argv[j+1]; if (strchr(c->argv[j+1]->ptr,'*') == NULL) { dontsort = 1; } else { if (server.cluster_enabled) { addReplyError(c,""BY option of SORT denied in Cluster mode.""); syntax_error++; break; } if (!user_has_full_key_access) { addReplyError(c,""BY option of SORT denied due to insufficient ACL permissions.""); syntax_error++; break; } } j++; } else if (!strcasecmp(c->argv[j]->ptr,""get"") && leftargs >= 1) { if (server.cluster_enabled) { addReplyError(c,""GET option of SORT denied in Cluster mode.""); syntax_error++; break; } if (!user_has_full_key_access) { addReplyError(c,""GET option of SORT denied due to insufficient ACL permissions.""); syntax_error++; break; } listAddNodeTail(operations,createSortOperation( SORT_OP_GET,c->argv[j+1])); getop++; j++; } else { addReplyErrorObject(c,shared.syntaxerr); syntax_error++; break; } j++; } if (syntax_error) { listRelease(operations); return; } sortval = lookupKeyRead(c->db, c->argv[1]); if (sortval && sortval->type != OBJ_SET && sortval->type != OBJ_LIST && sortval->type != OBJ_ZSET) { listRelease(operations); addReplyErrorObject(c,shared.wrongtypeerr); return; } if (sortval) incrRefCount(sortval); else sortval = createQuicklistObject(); if (dontsort && sortval->type == OBJ_SET && (storekey || c->flags & CLIENT_SCRIPT)) { dontsort = 0; alpha = 1; sortby = NULL; } if (sortval->type == OBJ_ZSET) zsetConvert(sortval, OBJ_ENCODING_SKIPLIST); switch(sortval->type) { case OBJ_LIST: vectorlen = listTypeLength(sortval); break; case OBJ_SET: vectorlen = setTypeSize(sortval); break; case OBJ_ZSET: vectorlen = dictSize(((zset*)sortval->ptr)->dict); break; default: vectorlen = 0; serverPanic(""Bad SORT type""); } start = (limit_start < 0) ? 0 : limit_start; end = (limit_count < 0) ? vectorlen-1 : start+limit_count-1; if (start >= vectorlen) { start = vectorlen-1; end = vectorlen-2; } if (end >= vectorlen) end = vectorlen-1; if ((sortval->type == OBJ_ZSET || sortval->type == OBJ_LIST) && dontsort && (start != 0 || end != vectorlen-1)) { vectorlen = end-start+1; } vector = zmalloc(sizeof(redisSortObject)*vectorlen); j = 0; if (sortval->type == OBJ_LIST && dontsort) { if (end >= start) { listTypeIterator *li; listTypeEntry entry; li = listTypeInitIterator(sortval, desc ? (long)(listTypeLength(sortval) - start - 1) : start, desc ? LIST_HEAD : LIST_TAIL); while(j < vectorlen && listTypeNext(li,&entry)) { vector[j].obj = listTypeGet(&entry); vector[j].u.score = 0; vector[j].u.cmpobj = NULL; j++; } listTypeReleaseIterator(li); end -= start; start = 0; } } else if (sortval->type == OBJ_LIST) { listTypeIterator *li = listTypeInitIterator(sortval,0,LIST_TAIL); listTypeEntry entry; while(listTypeNext(li,&entry)) { vector[j].obj = listTypeGet(&entry); vector[j].u.score = 0; vector[j].u.cmpobj = NULL; j++; } listTypeReleaseIterator(li); } else if (sortval->type == OBJ_SET) { setTypeIterator *si = setTypeInitIterator(sortval); sds sdsele; while((sdsele = setTypeNextObject(si)) != NULL) { vector[j].obj = createObject(OBJ_STRING,sdsele); vector[j].u.score = 0; vector[j].u.cmpobj = NULL; j++; } setTypeReleaseIterator(si); } else if (sortval->type == OBJ_ZSET && dontsort) { zset *zs = sortval->ptr; zskiplist *zsl = zs->zsl; zskiplistNode *ln; sds sdsele; int rangelen = vectorlen; if (desc) { long zsetlen = dictSize(((zset*)sortval->ptr)->dict); ln = zsl->tail; if (start > 0) ln = zslGetElementByRank(zsl,zsetlen-start); } else { ln = zsl->header->level[0].forward; if (start > 0) ln = zslGetElementByRank(zsl,start+1); } while(rangelen--) { serverAssertWithInfo(c,sortval,ln != NULL); sdsele = ln->ele; vector[j].obj = createStringObject(sdsele,sdslen(sdsele)); vector[j].u.score = 0; vector[j].u.cmpobj = NULL; j++; ln = desc ? ln->backward : ln->level[0].forward; } end -= start; start = 0; } else if (sortval->type == OBJ_ZSET) { dict *set = ((zset*)sortval->ptr)->dict; dictIterator *di; dictEntry *setele; sds sdsele; di = dictGetIterator(set); while((setele = dictNext(di)) != NULL) { sdsele = dictGetKey(setele); vector[j].obj = createStringObject(sdsele,sdslen(sdsele)); vector[j].u.score = 0; vector[j].u.cmpobj = NULL; j++; } dictReleaseIterator(di); } else { serverPanic(""Unknown type""); } serverAssertWithInfo(c,sortval,j == vectorlen); if (!dontsort) { for (j = 0; j < vectorlen; j++) { robj *byval; if (sortby) { byval = lookupKeyByPattern(c->db,sortby,vector[j].obj); if (!byval) continue; } else { byval = vector[j].obj; } if (alpha) { if (sortby) vector[j].u.cmpobj = getDecodedObject(byval); } else { if (sdsEncodedObject(byval)) { char *eptr; vector[j].u.score = strtod(byval->ptr,&eptr); if (eptr[0] != '\0' || errno == ERANGE || isnan(vector[j].u.score)) { int_conversion_error = 1; } } else if (byval->encoding == OBJ_ENCODING_INT) { vector[j].u.score = (long)byval->ptr; } else { serverAssertWithInfo(c,sortval,1 != 1); } } if (sortby) { decrRefCount(byval); } } server.sort_desc = desc; server.sort_alpha = alpha; server.sort_bypattern = sortby ? 1 : 0; server.sort_store = storekey ? 1 : 0; if (sortby && (start != 0 || end != vectorlen-1)) pqsort(vector,vectorlen,sizeof(redisSortObject),sortCompare, start,end); else qsort(vector,vectorlen,sizeof(redisSortObject),sortCompare); } outputlen = getop ? getop*(end-start+1) : end-start+1; if (int_conversion_error) { addReplyError(c,""One or more scores can't be converted into double""); } else if (storekey == NULL) { addReplyArrayLen(c,outputlen); for (j = start; j <= end; j++) { listNode *ln; listIter li; if (!getop) addReplyBulk(c,vector[j].obj); listRewind(operations,&li); while((ln = listNext(&li))) { redisSortOperation *sop = ln->value; robj *val = lookupKeyByPattern(c->db,sop->pattern, vector[j].obj); if (sop->type == SORT_OP_GET) { if (!val) { addReplyNull(c); } else { addReplyBulk(c,val); decrRefCount(val); } } else { serverAssertWithInfo(c,sortval,sop->type == SORT_OP_GET); } } } } else { robj *sobj = createQuicklistObject(); for (j = start; j <= end; j++) { listNode *ln; listIter li; if (!getop) { listTypePush(sobj,vector[j].obj,LIST_TAIL); } else { listRewind(operations,&li); while((ln = listNext(&li))) { redisSortOperation *sop = ln->value; robj *val = lookupKeyByPattern(c->db,sop->pattern, vector[j].obj); if (sop->type == SORT_OP_GET) { if (!val) val = createStringObject("""",0); listTypePush(sobj,val,LIST_TAIL); decrRefCount(val); } else { serverAssertWithInfo(c,sortval,sop->type == SORT_OP_GET); } } } } if (outputlen) { listTypeTryConversion(sobj,LIST_CONV_AUTO,NULL,NULL); setKey(c,c->db,storekey,sobj,0); notifyKeyspaceEvent(NOTIFY_LIST,""sortstore"",storekey, c->db->id); server.dirty += outputlen; } else if (dbDelete(c->db,storekey)) { signalModifiedKey(c,c->db,storekey); notifyKeyspaceEvent(NOTIFY_GENERIC,""del"",storekey,c->db->id); server.dirty++; } decrRefCount(sobj); addReplyLongLong(c,outputlen); } for (j = 0; j < vectorlen; j++) decrRefCount(vector[j].obj); decrRefCount(sortval); listRelease(operations); for (j = 0; j < vectorlen; j++) { if (alpha && vector[j].u.cmpobj) decrRefCount(vector[j].u.cmpobj); } zfree(vector); }",visit repo url,src/sort.c,https://github.com/redis/redis,83565029783060,1 4244,CWE-78,"R_API char *r_socket_http_get(const char *url, int *code, int *rlen) { char *curl_env = r_sys_getenv (""R2_CURL""); if (curl_env && *curl_env) { char *encoded_url = r_str_escape (url); char *res = r_sys_cmd_strf (""curl '%s'"", encoded_url); free (encoded_url); if (res) { if (code) { *code = 200; } if (rlen) { *rlen = strlen (res); } } free (curl_env); return res; } free (curl_env); RSocket *s; int ssl = r_str_startswith (url, ""https://""); char *response, *host, *path, *port = ""80""; char *uri = strdup (url); if (!uri) { return NULL; } if (code) { *code = 0; } if (rlen) { *rlen = 0; } host = strstr (uri, ""://""); if (!host) { free (uri); eprintf (""r_socket_http_get: Invalid URI""); return NULL; } host += 3; port = strchr (host, ':'); if (!port) { port = ssl? ""443"": ""80""; path = host; } else { *port++ = 0; path = port; } path = strchr (path, '/'); if (!path) { path = """"; } else { *path++ = 0; } s = r_socket_new (ssl); if (!s) { eprintf (""r_socket_http_get: Cannot create socket\n""); free (uri); return NULL; } if (r_socket_connect_tcp (s, host, port, 0)) { r_socket_printf (s, ""GET /%s HTTP/1.1\r\n"" ""User-Agent: radare2 ""R2_VERSION""\r\n"" ""Accept: */*\r\n"" ""Host: %s:%s\r\n"" ""\r\n"", path, host, port); response = r_socket_http_answer (s, code, rlen); } else { eprintf (""Cannot connect to %s:%s\n"", host, port); response = NULL; } free (uri); r_socket_free (s); return response; }",visit repo url,libr/socket/socket_http.c,https://github.com/radareorg/radare2,229352835466702,1 5122,CWE-125,"For(expr_ty target, expr_ty iter, asdl_seq * body, asdl_seq * orelse, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; if (!target) { PyErr_SetString(PyExc_ValueError, ""field target is required for For""); return NULL; } if (!iter) { PyErr_SetString(PyExc_ValueError, ""field iter is required for For""); return NULL; } p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = For_kind; p->v.For.target = target; p->v.For.iter = iter; p->v.For.body = body; p->v.For.orelse = orelse; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,218939010902208,1 242,CWE-190,"static int vfio_msi_enable(struct vfio_pci_device *vdev, int nvec, bool msix) { struct pci_dev *pdev = vdev->pdev; unsigned int flag = msix ? PCI_IRQ_MSIX : PCI_IRQ_MSI; int ret; if (!is_irq_none(vdev)) return -EINVAL; vdev->ctx = kzalloc(nvec * sizeof(struct vfio_pci_irq_ctx), GFP_KERNEL); if (!vdev->ctx) return -ENOMEM; ret = pci_alloc_irq_vectors(pdev, 1, nvec, flag); if (ret < nvec) { if (ret > 0) pci_free_irq_vectors(pdev); kfree(vdev->ctx); return ret; } vdev->num_ctx = nvec; vdev->irq_type = msix ? VFIO_PCI_MSIX_IRQ_INDEX : VFIO_PCI_MSI_IRQ_INDEX; if (!msix) { vdev->msi_qmax = fls(nvec * 2 - 1) - 1; } return 0; }",visit repo url,drivers/vfio/pci/vfio_pci_intrs.c,https://github.com/torvalds/linux,1788425737561,1 2753,['CWE-189'],"struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc) { struct sctp_hmac_algo_param *hmacs; __u16 n_elt; __u16 id = 0; int i; if (asoc->default_hmac_id) return &sctp_hmac_list[asoc->default_hmac_id]; hmacs = asoc->peer.peer_hmacs; if (!hmacs) return NULL; n_elt = (ntohs(hmacs->param_hdr.length) - sizeof(sctp_paramhdr_t)) >> 1; for (i = 0; i < n_elt; i++) { id = ntohs(hmacs->hmac_ids[i]); if (id > SCTP_AUTH_HMAC_ID_MAX) continue; if (!sctp_hmac_list[id].hmac_name) continue; break; } if (id == 0) return NULL; return &sctp_hmac_list[id]; }",linux-2.6,,,85072002094709849620851736506095772497,0 4492,CWE-125,"static void gf_m2ts_process_pmt(GF_M2TS_Demuxer *ts, GF_M2TS_SECTION_ES *pmt, GF_List *sections, u8 table_id, u16 ex_table_id, u8 version_number, u8 last_section_number, u32 status) { u32 info_length, pos, desc_len, evt_type, nb_es,i; u32 nb_sections; u32 data_size; u32 nb_hevc, nb_hevc_temp, nb_shvc, nb_shvc_temp, nb_mhvc, nb_mhvc_temp; unsigned char *data; GF_M2TS_Section *section; GF_Err e = GF_OK; if (!(status&GF_M2TS_TABLE_END)) return; nb_es = 0; if ((status&GF_M2TS_TABLE_REPEAT) && !(status&GF_M2TS_TABLE_UPDATE)) { if (ts->on_event) ts->on_event(ts, GF_M2TS_EVT_PMT_REPEAT, pmt->program); return; } if (pmt->sec->demux_restarted) { pmt->sec->demux_restarted = 0; return; } GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[MPEG-2 TS] PMT Found or updated\n"")); nb_sections = gf_list_count(sections); if (nb_sections > 1) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""PMT on multiple sections not supported\n"")); } section = (GF_M2TS_Section *)gf_list_get(sections, 0); data = section->data; data_size = section->data_size; pmt->program->pcr_pid = ((data[0] & 0x1f) << 8) | data[1]; info_length = ((data[2]&0xf)<<8) | data[3]; if (info_length != 0) { u8 tag, len; u32 first_loop_len = 0; tag = data[4]; len = data[5]; while (info_length > first_loop_len) { if (tag == GF_M2TS_MPEG4_IOD_DESCRIPTOR) { u32 size; GF_BitStream *iod_bs; iod_bs = gf_bs_new((char *)data+8, len-2, GF_BITSTREAM_READ); if (pmt->program->pmt_iod) gf_odf_desc_del((GF_Descriptor *)pmt->program->pmt_iod); e = gf_odf_parse_descriptor(iod_bs , (GF_Descriptor **) &pmt->program->pmt_iod, &size); gf_bs_del(iod_bs ); if (e==GF_OK) { if (pmt->program->pmt_iod) pmt->program->pmt_iod->ServiceID = pmt->program->number; if (!gf_list_count(pmt->program->pmt_iod->ESDescriptors)) { gf_odf_desc_del((GF_Descriptor *)pmt->program->pmt_iod); pmt->program->pmt_iod = NULL; } } } else if (tag == GF_M2TS_METADATA_POINTER_DESCRIPTOR) { GF_BitStream *metadatapd_bs; GF_M2TS_MetadataPointerDescriptor *metapd; metadatapd_bs = gf_bs_new((char *)data+6, len, GF_BITSTREAM_READ); metapd = gf_m2ts_read_metadata_pointer_descriptor(metadatapd_bs, len); gf_bs_del(metadatapd_bs); if (metapd->application_format_identifier == GF_M2TS_META_ID3 && metapd->format_identifier == GF_M2TS_META_ID3 && metapd->carriage_flag == METADATA_CARRIAGE_SAME_TS) { pmt->program->metadata_pointer_descriptor = metapd; } else { gf_m2ts_metadata_pointer_descriptor_del(metapd); } } else { GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[MPEG-2 TS] Skipping descriptor (0x%x) and others not supported\n"", tag)); } first_loop_len += 2 + len; } } if (data_size <= 4 + info_length) return; data += 4 + info_length; data_size -= 4 + info_length; pos = 0; for(i=0; iprograms); i++) { GF_M2TS_Program *prog = (GF_M2TS_Program *)gf_list_get(ts->programs,i); if(prog->pmt_pid == pmt->pid) { break; } } nb_hevc = nb_hevc_temp = nb_shvc = nb_shvc_temp = nb_mhvc = nb_mhvc_temp = 0; while (poscc = -1; pes->flags = GF_M2TS_ES_IS_PES; if (inherit_pcr) pes->flags |= GF_M2TS_INHERIT_PCR; es = (GF_M2TS_ES *)pes; break; case GF_M2TS_PRIVATE_DATA: GF_SAFEALLOC(pes, GF_M2TS_PES); if (!pes) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[MPEG2TS] Failed to allocate ES for pid %d\n"", pid)); return; } pes->cc = -1; pes->flags = GF_M2TS_ES_IS_PES; es = (GF_M2TS_ES *)pes; break; case GF_M2TS_SYSTEMS_MPEG4_SECTIONS: GF_SAFEALLOC(ses, GF_M2TS_SECTION_ES); if (!ses) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[MPEG2TS] Failed to allocate ES for pid %d\n"", pid)); return; } es = (GF_M2TS_ES *)ses; es->flags |= GF_M2TS_ES_IS_SECTION; if (stream_type == GF_M2TS_SYSTEMS_MPEG4_SECTIONS) { ses->sec = gf_m2ts_section_filter_new(gf_m2ts_process_mpeg4section, 0); if (!pmt->program->additional_ods) { pmt->program->additional_ods = gf_list_new(); ts->has_4on2 = 1; } } break; case GF_M2TS_13818_6_ANNEX_A: case GF_M2TS_13818_6_ANNEX_B: case GF_M2TS_13818_6_ANNEX_C: case GF_M2TS_13818_6_ANNEX_D: case GF_M2TS_PRIVATE_SECTION: case GF_M2TS_QUALITY_SEC: case GF_M2TS_MORE_SEC: GF_SAFEALLOC(ses, GF_M2TS_SECTION_ES); if (!ses) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[MPEG2TS] Failed to allocate ES for pid %d\n"", pid)); return; } es = (GF_M2TS_ES *)ses; es->flags |= GF_M2TS_ES_IS_SECTION; es->pid = pid; es->service_id = pmt->program->number; if (stream_type == GF_M2TS_PRIVATE_SECTION) { GF_LOG(GF_LOG_INFO, GF_LOG_CONTAINER, (""AIT sections on pid %d\n"", pid)); } else if (stream_type == GF_M2TS_QUALITY_SEC) { GF_LOG(GF_LOG_INFO, GF_LOG_CONTAINER, (""Quality metadata sections on pid %d\n"", pid)); } else if (stream_type == GF_M2TS_MORE_SEC) { GF_LOG(GF_LOG_INFO, GF_LOG_CONTAINER, (""MORE sections on pid %d\n"", pid)); } else { GF_LOG(GF_LOG_INFO, GF_LOG_CONTAINER, (""stream type DSM CC user private sections on pid %d \n"", pid)); } ses->sec = gf_m2ts_section_filter_new(NULL, 1); break; case GF_M2TS_MPE_SECTIONS: if (! ts->prefix_present) { GF_LOG(GF_LOG_INFO, GF_LOG_CONTAINER, (""stream type MPE found : pid = %d \n"", pid)); #ifdef GPAC_ENABLE_MPE es = gf_dvb_mpe_section_new(); if (es->flags & GF_M2TS_ES_IS_SECTION) { ((GF_M2TS_SECTION_ES*)es)->sec = gf_m2ts_section_filter_new(NULL, 1); } #endif break; } default: GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[MPEG-2 TS] Stream type (0x%x) for PID %d not supported\n"", stream_type, pid ) ); break; } if (es) { es->stream_type = (stream_type==GF_M2TS_PRIVATE_DATA) ? 0 : stream_type; es->program = pmt->program; es->pid = pid; es->component_tag = -1; } pos += 5; data += 5; while (desc_len) { u8 tag = data[0]; u32 len = data[1]; if (es) { switch (tag) { case GF_M2TS_ISO_639_LANGUAGE_DESCRIPTOR: if (pes) pes->lang = GF_4CC(' ', data[2], data[3], data[4]); break; case GF_M2TS_MPEG4_SL_DESCRIPTOR: es->mpeg4_es_id = ( (u32) data[2] & 0x1f) << 8 | data[3]; es->flags |= GF_M2TS_ES_IS_SL; break; case GF_M2TS_REGISTRATION_DESCRIPTOR: reg_desc_format = GF_4CC(data[2], data[3], data[4], data[5]); switch (reg_desc_format) { case GF_M2TS_RA_STREAM_AC3: es->stream_type = GF_M2TS_AUDIO_AC3; break; case GF_M2TS_RA_STREAM_VC1: es->stream_type = GF_M2TS_VIDEO_VC1; break; case GF_M2TS_RA_STREAM_GPAC: if (len==8) { es->stream_type = GF_4CC(data[6], data[7], data[8], data[9]); es->flags |= GF_M2TS_GPAC_CODEC_ID; break; } default: GF_LOG(GF_LOG_INFO, GF_LOG_CONTAINER, (""Unknown registration descriptor %s\n"", gf_4cc_to_str(reg_desc_format) )); break; } break; case GF_M2TS_DVB_EAC3_DESCRIPTOR: es->stream_type = GF_M2TS_AUDIO_EC3; break; case GF_M2TS_DVB_DATA_BROADCAST_ID_DESCRIPTOR: { u32 id = data[2]<<8 | data[3]; if ((id == 0xB) && ses && !ses->sec) { ses->sec = gf_m2ts_section_filter_new(NULL, 1); } } break; case GF_M2TS_DVB_SUBTITLING_DESCRIPTOR: if (pes) { pes->sub.language[0] = data[2]; pes->sub.language[1] = data[3]; pes->sub.language[2] = data[4]; pes->sub.type = data[5]; pes->sub.composition_page_id = (data[6]<<8) | data[7]; pes->sub.ancillary_page_id = (data[8]<<8) | data[9]; } es->stream_type = GF_M2TS_DVB_SUBTITLE; break; case GF_M2TS_DVB_STREAM_IDENTIFIER_DESCRIPTOR: { es->component_tag = data[2]; GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""Component Tag: %d on Program %d\n"", es->component_tag, es->program->number)); } break; case GF_M2TS_DVB_TELETEXT_DESCRIPTOR: es->stream_type = GF_M2TS_DVB_TELETEXT; break; case GF_M2TS_DVB_VBI_DATA_DESCRIPTOR: es->stream_type = GF_M2TS_DVB_VBI; break; case GF_M2TS_HIERARCHY_DESCRIPTOR: if (pes) { u8 hierarchy_embedded_layer_index; GF_BitStream *hbs = gf_bs_new((const char *)data, data_size, GF_BITSTREAM_READ); gf_bs_read_int(hbs, 16); gf_bs_read_int(hbs, 1); gf_bs_read_int(hbs, 1); gf_bs_read_int(hbs, 1); gf_bs_read_int(hbs, 1); gf_bs_read_int(hbs, 4); gf_bs_read_int(hbs, 2); gf_bs_read_int(hbs, 6); gf_bs_read_int(hbs, 1); gf_bs_read_int(hbs, 1); hierarchy_embedded_layer_index = gf_bs_read_int(hbs, 6); gf_bs_read_int(hbs, 2); gf_bs_read_int(hbs, 6); gf_bs_del(hbs); pes->depends_on_pid = 1+hierarchy_embedded_layer_index; } break; case GF_M2TS_METADATA_DESCRIPTOR: { GF_BitStream *metadatad_bs; GF_M2TS_MetadataDescriptor *metad; metadatad_bs = gf_bs_new((char *)data+2, len, GF_BITSTREAM_READ); metad = gf_m2ts_read_metadata_descriptor(metadatad_bs, len); gf_bs_del(metadatad_bs); if (metad->application_format_identifier == GF_M2TS_META_ID3 && metad->format_identifier == GF_M2TS_META_ID3) { if (pes) { pes->metadata_descriptor = metad; pes->stream_type = GF_M2TS_METADATA_ID3_HLS; } } else { gf_m2ts_metadata_descriptor_del(metad); } } break; default: GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[MPEG-2 TS] skipping descriptor (0x%x) not supported\n"", tag)); break; } } data += len+2; pos += len+2; if (desc_len < len+2) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[MPEG-2 TS] Invalid PMT es descriptor size for PID %d\n"", pid ) ); break; } desc_len-=len+2; } if (es && !es->stream_type) { gf_free(es); es = NULL; GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[MPEG-2 TS] Private Stream type (0x%x) for PID %d not supported\n"", stream_type, pid ) ); } if (!es) continue; if (ts->ess[pid]) { if (status & GF_M2TS_TABLE_FOUND) { GF_LOG(GF_LOG_INFO, GF_LOG_CONTAINER, (""[MPEG-2 TS] PID %d reused across programs %d and %d, not completely supported\n"", pid, ts->ess[pid]->program->number, es->program->number ) ); gf_list_add(pmt->program->streams, es); if (!(es->flags & GF_M2TS_ES_IS_SECTION) ) gf_m2ts_set_pes_framing(pes, GF_M2TS_PES_FRAMING_SKIP); nb_es++; es = NULL; } else { GF_M2TS_ES *o_es = ts->ess[es->pid]; if ((o_es->stream_type == es->stream_type) && ((o_es->flags & GF_M2TS_ES_STATIC_FLAGS_MASK) == (es->flags & GF_M2TS_ES_STATIC_FLAGS_MASK)) && (o_es->mpeg4_es_id == es->mpeg4_es_id) && ((o_es->flags & GF_M2TS_ES_IS_SECTION) || ((GF_M2TS_PES *)o_es)->lang == ((GF_M2TS_PES *)es)->lang) ) { gf_free(es); es = NULL; } else { gf_m2ts_es_del(o_es, ts); ts->ess[es->pid] = NULL; } } } if (es) { ts->ess[es->pid] = es; gf_list_add(pmt->program->streams, es); if (!(es->flags & GF_M2TS_ES_IS_SECTION) ) gf_m2ts_set_pes_framing(pes, GF_M2TS_PES_FRAMING_SKIP); nb_es++; } if (es->stream_type == GF_M2TS_VIDEO_HEVC) nb_hevc++; else if (es->stream_type == GF_M2TS_VIDEO_HEVC_TEMPORAL) nb_hevc_temp++; else if (es->stream_type == GF_M2TS_VIDEO_SHVC) nb_shvc++; else if (es->stream_type == GF_M2TS_VIDEO_SHVC_TEMPORAL) nb_shvc_temp++; else if (es->stream_type == GF_M2TS_VIDEO_MHVC) nb_mhvc++; else if (es->stream_type == GF_M2TS_VIDEO_MHVC_TEMPORAL) nb_mhvc_temp++; } if (nb_hevc_temp + nb_shvc + nb_shvc_temp + nb_mhvc+ nb_mhvc_temp) { for (i=0; iprogram->streams); i++) { GF_M2TS_PES *es = (GF_M2TS_PES *)gf_list_get(pmt->program->streams, i); if ( !(es->flags & GF_M2TS_ES_IS_PES)) continue; if (es->depends_on_pid) continue; switch (es->stream_type) { case GF_M2TS_VIDEO_HEVC_TEMPORAL: es->depends_on_pid = 1; break; case GF_M2TS_VIDEO_SHVC: if (!nb_hevc_temp) es->depends_on_pid = 1; else es->depends_on_pid = 2; break; case GF_M2TS_VIDEO_SHVC_TEMPORAL: es->depends_on_pid = 3; break; case GF_M2TS_VIDEO_MHVC: if (!nb_hevc_temp) es->depends_on_pid = 1; else es->depends_on_pid = 2; break; case GF_M2TS_VIDEO_MHVC_TEMPORAL: if (!nb_hevc_temp) es->depends_on_pid = 2; else es->depends_on_pid = 3; break; } } } if (nb_es) { u32 i; for (i=0; iprogram->streams); i++) { GF_M2TS_PES *an_es = NULL; GF_M2TS_PES *es = (GF_M2TS_PES *)gf_list_get(pmt->program->streams, i); if ( !(es->flags & GF_M2TS_ES_IS_PES)) continue; if (!es->depends_on_pid) continue; an_es = (GF_M2TS_PES *)gf_list_get(pmt->program->streams, es->depends_on_pid); if (an_es) { es->depends_on_pid = an_es->pid; } else { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[M2TS] Wrong dependency index in hierarchy descriptor, assuming non-scalable stream\n"")); es->depends_on_pid = 0; } } evt_type = (status&GF_M2TS_TABLE_FOUND) ? GF_M2TS_EVT_PMT_FOUND : GF_M2TS_EVT_PMT_UPDATE; if (ts->on_event) ts->on_event(ts, evt_type, pmt->program); } else { if (ts->on_event) ts->on_event(ts, GF_M2TS_EVT_PMT_REPEAT, pmt->program); } }",visit repo url,src/media_tools/mpegts.c,https://github.com/gpac/gpac,153098243609176,1 2569,[],"static struct attr_stack *read_attr(const char *path, int macro_ok) { struct attr_stack *res; char *buf, *sp; int lineno = 0; res = read_attr_from_file(path, macro_ok); if (res) return res; res = xcalloc(1, sizeof(*res)); buf = read_index_data(path); if (!buf) return res; for (sp = buf; *sp; ) { char *ep; int more; for (ep = sp; *ep && *ep != '\n'; ep++) ; more = (*ep == '\n'); *ep = '\0'; handle_attr_line(res, sp, path, ++lineno, macro_ok); sp = ep + more; } free(buf); return res; }",git,,,140217016897056959887035847322795397164,0 5251,CWE-369,"pixBlockconvGrayUnnormalized(PIX *pixs, l_int32 wc, l_int32 hc) { l_int32 i, j, w, h, d, wpla, wpld, jmax; l_uint32 *linemina, *linemaxa, *lined, *dataa, *datad; PIX *pixsb, *pixacc, *pixd; PROCNAME(""pixBlockconvGrayUnnormalized""); if (!pixs) return (PIX *)ERROR_PTR(""pixs not defined"", procName, NULL); pixGetDimensions(pixs, &w, &h, &d); if (d != 8) return (PIX *)ERROR_PTR(""pixs not 8 bpp"", procName, NULL); if (wc < 0) wc = 0; if (hc < 0) hc = 0; if (w < 2 * wc + 1 || h < 2 * hc + 1) { wc = L_MIN(wc, (w - 1) / 2); hc = L_MIN(hc, (h - 1) / 2); L_WARNING(""kernel too large; reducing!\n"", procName); L_INFO(""wc = %d, hc = %d\n"", procName, wc, hc); } if (wc == 0 && hc == 0) return pixCopy(NULL, pixs); if ((pixsb = pixAddMirroredBorder(pixs, wc + 1, wc, hc + 1, hc)) == NULL) return (PIX *)ERROR_PTR(""pixsb not made"", procName, NULL); pixacc = pixBlockconvAccum(pixsb); pixDestroy(&pixsb); if (!pixacc) return (PIX *)ERROR_PTR(""pixacc not made"", procName, NULL); if ((pixd = pixCreate(w, h, 32)) == NULL) { pixDestroy(&pixacc); return (PIX *)ERROR_PTR(""pixd not made"", procName, NULL); } wpla = pixGetWpl(pixacc); wpld = pixGetWpl(pixd); datad = pixGetData(pixd); dataa = pixGetData(pixacc); for (i = 0; i < h; i++) { lined = datad + i * wpld; linemina = dataa + i * wpla; linemaxa = dataa + (i + 2 * hc + 1) * wpla; for (j = 0; j < w; j++) { jmax = j + 2 * wc + 1; lined[j] = linemaxa[jmax] - linemaxa[j] - linemina[jmax] + linemina[j]; } } pixDestroy(&pixacc); return pixd; }",visit repo url,src/convolve.c,https://github.com/DanBloomberg/leptonica,79315517187391,1 2913,CWE-119,"static int readContigStripsIntoBuffer (TIFF* in, uint8* buf) { uint8* bufp = buf; int32 bytes_read = 0; uint32 strip, nstrips = TIFFNumberOfStrips(in); uint32 stripsize = TIFFStripSize(in); uint32 rows = 0; uint32 rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); tsize_t scanline_size = TIFFScanlineSize(in); if (scanline_size == 0) { TIFFError("""", ""TIFF scanline size is zero!""); return 0; } for (strip = 0; strip < nstrips; strip++) { bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1); rows = bytes_read / scanline_size; if ((strip < (nstrips - 1)) && (bytes_read != (int32)stripsize)) TIFFError("""", ""Strip %d: read %lu bytes, strip size %lu"", (int)strip + 1, (unsigned long) bytes_read, (unsigned long)stripsize); if (bytes_read < 0 && !ignore) { TIFFError("""", ""Error reading strip %lu after %lu rows"", (unsigned long) strip, (unsigned long)rows); return 0; } bufp += bytes_read; } return 1; } ",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,143442995004612,1 5920,CWE-120,"Jsi_RC jsi_PkgDumpInfo(Jsi_Interp *interp, const char *name, Jsi_Value **ret) { jsi_PkgInfo *ptr; Jsi_HashEntry *hPtr = Jsi_HashEntryFind(interp->packageHash, name); if (hPtr && ((ptr = (jsi_PkgInfo*)Jsi_HashValueGet(hPtr)))) { Jsi_Obj *nobj = Jsi_ObjNew(interp); Jsi_ValueMakeObject(interp, ret, nobj); Jsi_ObjInsert(interp, nobj, ""name"", Jsi_ValueNewStringDup(interp, name), 0); Jsi_ObjInsert(interp, nobj, ""version"", Jsi_ValueNewNumber(interp, ptr->version), 0); Jsi_ObjInsert(interp, nobj, ""lastReq"", Jsi_ValueNewNumber(interp, ptr->lastReq), 0); char buf[200]; jsi_VersionNormalize(ptr->version, buf, sizeof(buf)); Jsi_ObjInsert(interp, nobj, ""verStr"", Jsi_ValueNewStringDup(interp, buf), 0); const char *cp = (ptr->loadFile?ptr->loadFile:""""); Jsi_ObjInsert(interp, nobj, ""loadFile"", Jsi_ValueNewStringDup(interp, cp), 0); Jsi_Value *fval2, *fval = Jsi_NameLookup(interp, name); if (!fval || !Jsi_ValueIsFunction(interp, fval)) fval = Jsi_ValueNewNull(interp); Jsi_ObjInsert(interp, nobj, ""func"", fval, 0); fval = ptr->popts.info; if (!fval) fval = interp->NullValue; if (!Jsi_ValueIsObjType(interp, fval, JSI_OT_FUNCTION)) Jsi_ObjInsert(interp, nobj, ""info"", fval, 0); else { fval2 = Jsi_ValueNew1(interp); Jsi_RC rc = Jsi_FunctionInvoke(interp, fval, NULL, &fval2, NULL); if (rc != JSI_OK) Jsi_LogWarn(""status call failed""); Jsi_ObjInsert(interp, nobj, ""info"", fval2, 0); Jsi_DecrRefCount(interp, fval2); } fval = interp->NullValue; if (ptr->popts.spec && ptr->popts.data) { fval = Jsi_ValueNew1(interp); Jsi_OptionsConf(interp, ptr->popts.spec, ptr->popts.data, NULL, &fval, 0); } Jsi_ObjInsert(interp, nobj, ""status"", fval, 0); if (fval != interp->NullValue) Jsi_DecrRefCount(interp, fval); fval = Jsi_ValueNew1(interp); Jsi_OptionsConf(interp, jsiModuleOptions, &ptr->popts.modConf, NULL, &fval, 0); Jsi_ObjInsert(interp, nobj, ""moduleOpts"", fval, 0); Jsi_DecrRefCount(interp, fval); return JSI_OK; } return JSI_ERROR; }",visit repo url,src/jsiCmds.c,https://github.com/pcmacdon/jsish,145087769993261,1 6100,CWE-190,"int cp_vbnn_sig(ec_t r, bn_t z, bn_t h, const uint8_t *id, size_t id_len, const uint8_t *msg, int msg_len, const bn_t sk, const ec_t pk) { int len, result = RLC_OK; uint8_t *buf = NULL, *buf_i, hash[RLC_MD_LEN]; bn_t n, y; ec_t t; bn_null(n); bn_null(y); ec_null(t); RLC_TRY { bn_new(n); bn_new(y); ec_new(t); ec_curve_get_ord(n); bn_rand_mod(y, n); ec_mul_gen(t, y); len = id_len + msg_len + ec_size_bin(t, 1) + ec_size_bin(pk, 1); buf = RLC_ALLOCA(uint8_t, len); if (buf == NULL) { RLC_THROW(ERR_NO_MEMORY); } buf_i = buf; memcpy(buf_i, id, id_len); buf_i += id_len; memcpy(buf_i, msg, msg_len); buf_i += msg_len; ec_write_bin(buf_i, ec_size_bin(pk, 1), pk, 1); buf_i += ec_size_bin(pk, 1); ec_write_bin(buf_i, ec_size_bin(t, 1), t, 1); md_map(hash, buf, len); bn_read_bin(h, hash, RLC_MD_LEN); bn_mod(h, h, n); bn_mul(z, h, sk); bn_add(z, z, y); bn_mod(z, z, n); ec_copy(r, pk); } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(n); bn_free(y); ec_free(t); RLC_FREE(buf); } return result; }",visit repo url,src/cp/relic_cp_vbnn.c,https://github.com/relic-toolkit/relic,60944955300035,1 6352,['CWE-200'],"int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, u32 flags) { u8 old; int err; #ifdef CONFIG_ARPD int notify = 0; #endif struct net_device *dev; int update_isrouter = 0; write_lock_bh(&neigh->lock); dev = neigh->dev; old = neigh->nud_state; err = -EPERM; if (!(flags & NEIGH_UPDATE_F_ADMIN) && (old & (NUD_NOARP | NUD_PERMANENT))) goto out; if (!(new & NUD_VALID)) { neigh_del_timer(neigh); if (old & NUD_CONNECTED) neigh_suspect(neigh); neigh->nud_state = new; err = 0; #ifdef CONFIG_ARPD notify = old & NUD_VALID; #endif goto out; } if (!dev->addr_len) { lladdr = neigh->ha; } else if (lladdr) { if ((old & NUD_VALID) && !memcmp(lladdr, neigh->ha, dev->addr_len)) lladdr = neigh->ha; } else { err = -EINVAL; if (!(old & NUD_VALID)) goto out; lladdr = neigh->ha; } if (new & NUD_CONNECTED) neigh->confirmed = jiffies; neigh->updated = jiffies; err = 0; update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER; if (old & NUD_VALID) { if (lladdr != neigh->ha && !(flags & NEIGH_UPDATE_F_OVERRIDE)) { update_isrouter = 0; if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) && (old & NUD_CONNECTED)) { lladdr = neigh->ha; new = NUD_STALE; } else goto out; } else { if (lladdr == neigh->ha && new == NUD_STALE && ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) || (old & NUD_CONNECTED)) ) new = old; } } if (new != old) { neigh_del_timer(neigh); if (new & NUD_IN_TIMER) { neigh_hold(neigh); neigh->timer.expires = jiffies + ((new & NUD_REACHABLE) ? neigh->parms->reachable_time : 0); add_timer(&neigh->timer); } neigh->nud_state = new; } if (lladdr != neigh->ha) { memcpy(&neigh->ha, lladdr, dev->addr_len); neigh_update_hhs(neigh); if (!(new & NUD_CONNECTED)) neigh->confirmed = jiffies - (neigh->parms->base_reachable_time << 1); #ifdef CONFIG_ARPD notify = 1; #endif } if (new == old) goto out; if (new & NUD_CONNECTED) neigh_connect(neigh); else neigh_suspect(neigh); if (!(old & NUD_VALID)) { struct sk_buff *skb; while (neigh->nud_state & NUD_VALID && (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) { struct neighbour *n1 = neigh; write_unlock_bh(&neigh->lock); if (skb->dst && skb->dst->neighbour) n1 = skb->dst->neighbour; n1->output(skb); write_lock_bh(&neigh->lock); } skb_queue_purge(&neigh->arp_queue); } out: if (update_isrouter) { neigh->flags = (flags & NEIGH_UPDATE_F_ISROUTER) ? (neigh->flags | NTF_ROUTER) : (neigh->flags & ~NTF_ROUTER); } write_unlock_bh(&neigh->lock); #ifdef CONFIG_ARPD if (notify && neigh->parms->app_probes) neigh_app_notify(neigh); #endif return err; }",linux-2.6,,,118474312233034143187101523023732913923,0 5719,['CWE-200'],"static int llc_ui_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); int val = 0, len = 0, rc = -EINVAL; lock_sock(sk); if (unlikely(level != SOL_LLC)) goto out; rc = get_user(len, optlen); if (rc) goto out; rc = -EINVAL; if (len != sizeof(int)) goto out; switch (optname) { case LLC_OPT_RETRY: val = llc->n2; break; case LLC_OPT_SIZE: val = llc->n1; break; case LLC_OPT_ACK_TMR_EXP: val = llc->ack_timer.expire / HZ; break; case LLC_OPT_P_TMR_EXP: val = llc->pf_cycle_timer.expire / HZ; break; case LLC_OPT_REJ_TMR_EXP: val = llc->rej_sent_timer.expire / HZ; break; case LLC_OPT_BUSY_TMR_EXP: val = llc->busy_state_timer.expire / HZ; break; case LLC_OPT_TX_WIN: val = llc->k; break; case LLC_OPT_RX_WIN: val = llc->rw; break; default: rc = -ENOPROTOOPT; goto out; } rc = 0; if (put_user(len, optlen) || copy_to_user(optval, &val, len)) rc = -EFAULT; out: release_sock(sk); return rc; }",linux-2.6,,,134287141524227138211331385050035987780,0 4892,CWE-190,"static MagickRealType ApplyEvaluateOperator(RandomInfo *random_info, const Quantum pixel,const MagickEvaluateOperator op, const MagickRealType value) { MagickRealType result; result=0.0; switch (op) { case UndefinedEvaluateOperator: break; case AbsEvaluateOperator: { result=(MagickRealType) fabs((double) (pixel+value)); break; } case AddEvaluateOperator: { result=(MagickRealType) (pixel+value); break; } case AddModulusEvaluateOperator: { result=pixel+value; result-=(QuantumRange+1.0)*floor((double) result/(QuantumRange+1.0)); break; } case AndEvaluateOperator: { result=(MagickRealType) ((size_t) pixel & (size_t) (value+0.5)); break; } case CosineEvaluateOperator: { result=(MagickRealType) (QuantumRange*(0.5*cos((double) (2.0*MagickPI* QuantumScale*pixel*value))+0.5)); break; } case DivideEvaluateOperator: { result=pixel/(value == 0.0 ? 1.0 : value); break; } case ExponentialEvaluateOperator: { result=(MagickRealType) (QuantumRange*exp((double) (value*QuantumScale* pixel))); break; } case GaussianNoiseEvaluateOperator: { result=(MagickRealType) GenerateDifferentialNoise(random_info,pixel, GaussianNoise,value); break; } case ImpulseNoiseEvaluateOperator: { result=(MagickRealType) GenerateDifferentialNoise(random_info,pixel, ImpulseNoise,value); break; } case LaplacianNoiseEvaluateOperator: { result=(MagickRealType) GenerateDifferentialNoise(random_info,pixel, LaplacianNoise,value); break; } case LeftShiftEvaluateOperator: { result=(MagickRealType) ((size_t) pixel << (size_t) (value+0.5)); break; } case LogEvaluateOperator: { if ((QuantumScale*pixel) >= MagickEpsilon) result=(MagickRealType) (QuantumRange*log((double) (QuantumScale*value* pixel+1.0))/log((double) (value+1.0))); break; } case MaxEvaluateOperator: { result=(MagickRealType) EvaluateMax((double) pixel,value); break; } case MeanEvaluateOperator: { result=(MagickRealType) (pixel+value); break; } case MedianEvaluateOperator: { result=(MagickRealType) (pixel+value); break; } case MinEvaluateOperator: { result=(MagickRealType) MagickMin((double) pixel,value); break; } case MultiplicativeNoiseEvaluateOperator: { result=(MagickRealType) GenerateDifferentialNoise(random_info,pixel, MultiplicativeGaussianNoise,value); break; } case MultiplyEvaluateOperator: { result=(MagickRealType) (value*pixel); break; } case OrEvaluateOperator: { result=(MagickRealType) ((size_t) pixel | (size_t) (value+0.5)); break; } case PoissonNoiseEvaluateOperator: { result=(MagickRealType) GenerateDifferentialNoise(random_info,pixel, PoissonNoise,value); break; } case PowEvaluateOperator: { result=(MagickRealType) (QuantumRange*pow((double) (QuantumScale*pixel), (double) value)); break; } case RightShiftEvaluateOperator: { result=(MagickRealType) ((size_t) pixel >> (size_t) (value+0.5)); break; } case RootMeanSquareEvaluateOperator: { result=(MagickRealType) (pixel*pixel+value); break; } case SetEvaluateOperator: { result=value; break; } case SineEvaluateOperator: { result=(MagickRealType) (QuantumRange*(0.5*sin((double) (2.0*MagickPI* QuantumScale*pixel*value))+0.5)); break; } case SubtractEvaluateOperator: { result=(MagickRealType) (pixel-value); break; } case SumEvaluateOperator: { result=(MagickRealType) (pixel+value); break; } case ThresholdEvaluateOperator: { result=(MagickRealType) (((MagickRealType) pixel <= value) ? 0 : QuantumRange); break; } case ThresholdBlackEvaluateOperator: { result=(MagickRealType) (((MagickRealType) pixel <= value) ? 0 : pixel); break; } case ThresholdWhiteEvaluateOperator: { result=(MagickRealType) (((MagickRealType) pixel > value) ? QuantumRange : pixel); break; } case UniformNoiseEvaluateOperator: { result=(MagickRealType) GenerateDifferentialNoise(random_info,pixel, UniformNoise,value); break; } case XorEvaluateOperator: { result=(MagickRealType) ((size_t) pixel ^ (size_t) (value+0.5)); break; } } return(result); }",visit repo url,magick/statistic.c,https://github.com/ImageMagick/ImageMagick6,37219493118535,1 1245,NVD-CWE-noinfo,"int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev) { struct bonding *bond = netdev_priv(bond_dev); const struct net_device_ops *slave_ops = slave_dev->netdev_ops; struct slave *new_slave = NULL; struct netdev_hw_addr *ha; struct sockaddr addr; int link_reporting; int res = 0; if (!bond->params.use_carrier && slave_dev->ethtool_ops == NULL && slave_ops->ndo_do_ioctl == NULL) { pr_warning(""%s: Warning: no link monitoring support for %s\n"", bond_dev->name, slave_dev->name); } if (slave_dev->flags & IFF_SLAVE) { pr_debug(""Error, Device was already enslaved\n""); return -EBUSY; } if (slave_dev->features & NETIF_F_VLAN_CHALLENGED) { pr_debug(""%s: NETIF_F_VLAN_CHALLENGED\n"", slave_dev->name); if (bond_vlan_used(bond)) { pr_err(""%s: Error: cannot enslave VLAN challenged slave %s on VLAN enabled bond %s\n"", bond_dev->name, slave_dev->name, bond_dev->name); return -EPERM; } else { pr_warning(""%s: Warning: enslaved VLAN challenged slave %s. Adding VLANs will be blocked as long as %s is part of bond %s\n"", bond_dev->name, slave_dev->name, slave_dev->name, bond_dev->name); } } else { pr_debug(""%s: ! NETIF_F_VLAN_CHALLENGED\n"", slave_dev->name); } if ((slave_dev->flags & IFF_UP)) { pr_err(""%s is up. This may be due to an out of date ifenslave.\n"", slave_dev->name); res = -EPERM; goto err_undo_flags; } if (bond->slave_cnt == 0) { if (bond_dev->type != slave_dev->type) { pr_debug(""%s: change device type from %d to %d\n"", bond_dev->name, bond_dev->type, slave_dev->type); res = netdev_bonding_change(bond_dev, NETDEV_PRE_TYPE_CHANGE); res = notifier_to_errno(res); if (res) { pr_err(""%s: refused to change device type\n"", bond_dev->name); res = -EBUSY; goto err_undo_flags; } dev_uc_flush(bond_dev); dev_mc_flush(bond_dev); if (slave_dev->type != ARPHRD_ETHER) bond_setup_by_slave(bond_dev, slave_dev); else ether_setup(bond_dev); netdev_bonding_change(bond_dev, NETDEV_POST_TYPE_CHANGE); } } else if (bond_dev->type != slave_dev->type) { pr_err(""%s ether type (%d) is different from other slaves (%d), can not enslave it.\n"", slave_dev->name, slave_dev->type, bond_dev->type); res = -EINVAL; goto err_undo_flags; } if (slave_ops->ndo_set_mac_address == NULL) { if (bond->slave_cnt == 0) { pr_warning(""%s: Warning: The first slave device specified does not support setting the MAC address. Setting fail_over_mac to active."", bond_dev->name); bond->params.fail_over_mac = BOND_FOM_ACTIVE; } else if (bond->params.fail_over_mac != BOND_FOM_ACTIVE) { pr_err(""%s: Error: The slave device specified does not support setting the MAC address, but fail_over_mac is not set to active.\n"", bond_dev->name); res = -EOPNOTSUPP; goto err_undo_flags; } } call_netdevice_notifiers(NETDEV_JOIN, slave_dev); if (is_zero_ether_addr(bond->dev->dev_addr)) memcpy(bond->dev->dev_addr, slave_dev->dev_addr, slave_dev->addr_len); new_slave = kzalloc(sizeof(struct slave), GFP_KERNEL); if (!new_slave) { res = -ENOMEM; goto err_undo_flags; } new_slave->queue_id = 0; new_slave->original_mtu = slave_dev->mtu; res = dev_set_mtu(slave_dev, bond->dev->mtu); if (res) { pr_debug(""Error %d calling dev_set_mtu\n"", res); goto err_free; } memcpy(new_slave->perm_hwaddr, slave_dev->dev_addr, ETH_ALEN); if (!bond->params.fail_over_mac) { memcpy(addr.sa_data, bond_dev->dev_addr, bond_dev->addr_len); addr.sa_family = slave_dev->type; res = dev_set_mac_address(slave_dev, &addr); if (res) { pr_debug(""Error %d calling set_mac_address\n"", res); goto err_restore_mtu; } } res = netdev_set_bond_master(slave_dev, bond_dev); if (res) { pr_debug(""Error %d calling netdev_set_bond_master\n"", res); goto err_restore_mac; } res = dev_open(slave_dev); if (res) { pr_debug(""Opening slave %s failed\n"", slave_dev->name); goto err_unset_master; } new_slave->bond = bond; new_slave->dev = slave_dev; slave_dev->priv_flags |= IFF_BONDING; if (bond_is_lb(bond)) { res = bond_alb_init_slave(bond, new_slave); if (res) goto err_close; } if (!USES_PRIMARY(bond->params.mode)) { if (bond_dev->flags & IFF_PROMISC) { res = dev_set_promiscuity(slave_dev, 1); if (res) goto err_close; } if (bond_dev->flags & IFF_ALLMULTI) { res = dev_set_allmulti(slave_dev, 1); if (res) goto err_close; } netif_addr_lock_bh(bond_dev); netdev_for_each_mc_addr(ha, bond_dev) dev_mc_add(slave_dev, ha->addr); netif_addr_unlock_bh(bond_dev); } if (bond->params.mode == BOND_MODE_8023AD) { u8 lacpdu_multicast[ETH_ALEN] = MULTICAST_LACPDU_ADDR; dev_mc_add(slave_dev, lacpdu_multicast); } bond_add_vlans_on_slave(bond, slave_dev); write_lock_bh(&bond->lock); bond_attach_slave(bond, new_slave); new_slave->delay = 0; new_slave->link_failure_count = 0; write_unlock_bh(&bond->lock); bond_compute_features(bond); read_lock(&bond->lock); new_slave->last_arp_rx = jiffies; if (bond->params.miimon && !bond->params.use_carrier) { link_reporting = bond_check_dev_link(bond, slave_dev, 1); if ((link_reporting == -1) && !bond->params.arp_interval) { pr_warning(""%s: Warning: MII and ETHTOOL support not available for interface %s, and arp_interval/arp_ip_target module parameters not specified, thus bonding will not detect link failures! see bonding.txt for details.\n"", bond_dev->name, slave_dev->name); } else if (link_reporting == -1) { pr_warning(""%s: Warning: can't get link status from interface %s; the network driver associated with this interface does not support MII or ETHTOOL link status reporting, thus miimon has no effect on this interface.\n"", bond_dev->name, slave_dev->name); } } if (!bond->params.miimon || (bond_check_dev_link(bond, slave_dev, 0) == BMSR_LSTATUS)) { if (bond->params.updelay) { pr_debug(""Initial state of slave_dev is BOND_LINK_BACK\n""); new_slave->link = BOND_LINK_BACK; new_slave->delay = bond->params.updelay; } else { pr_debug(""Initial state of slave_dev is BOND_LINK_UP\n""); new_slave->link = BOND_LINK_UP; } new_slave->jiffies = jiffies; } else { pr_debug(""Initial state of slave_dev is BOND_LINK_DOWN\n""); new_slave->link = BOND_LINK_DOWN; } if (bond_update_speed_duplex(new_slave) && (new_slave->link != BOND_LINK_DOWN)) { pr_warning(""%s: Warning: failed to get speed and duplex from %s, assumed to be 100Mb/sec and Full.\n"", bond_dev->name, new_slave->dev->name); if (bond->params.mode == BOND_MODE_8023AD) { pr_warning(""%s: Warning: Operation of 802.3ad mode requires ETHTOOL support in base driver for proper aggregator selection.\n"", bond_dev->name); } } if (USES_PRIMARY(bond->params.mode) && bond->params.primary[0]) { if (strcmp(bond->params.primary, new_slave->dev->name) == 0) { bond->primary_slave = new_slave; bond->force_primary = true; } } write_lock_bh(&bond->curr_slave_lock); switch (bond->params.mode) { case BOND_MODE_ACTIVEBACKUP: bond_set_slave_inactive_flags(new_slave); bond_select_active_slave(bond); break; case BOND_MODE_8023AD: bond_set_slave_inactive_flags(new_slave); if (bond->slave_cnt == 1) { SLAVE_AD_INFO(new_slave).id = 1; bond_3ad_initialize(bond, 1000/AD_TIMER_INTERVAL); } else { SLAVE_AD_INFO(new_slave).id = SLAVE_AD_INFO(new_slave->prev).id + 1; } bond_3ad_bind_slave(new_slave); break; case BOND_MODE_TLB: case BOND_MODE_ALB: bond_set_active_slave(new_slave); bond_set_slave_inactive_flags(new_slave); bond_select_active_slave(bond); break; default: pr_debug(""This slave is always active in trunk mode\n""); bond_set_active_slave(new_slave); if (!bond->curr_active_slave) bond->curr_active_slave = new_slave; break; } write_unlock_bh(&bond->curr_slave_lock); bond_set_carrier(bond); #ifdef CONFIG_NET_POLL_CONTROLLER slave_dev->npinfo = bond_netpoll_info(bond); if (slave_dev->npinfo) { if (slave_enable_netpoll(new_slave)) { read_unlock(&bond->lock); pr_info(""Error, %s: master_dev is using netpoll, "" ""but new slave device does not support netpoll.\n"", bond_dev->name); res = -EBUSY; goto err_close; } } #endif read_unlock(&bond->lock); res = bond_create_slave_symlinks(bond_dev, slave_dev); if (res) goto err_close; res = netdev_rx_handler_register(slave_dev, bond_handle_frame, new_slave); if (res) { pr_debug(""Error %d calling netdev_rx_handler_register\n"", res); goto err_dest_symlinks; } pr_info(""%s: enslaving %s as a%s interface with a%s link.\n"", bond_dev->name, slave_dev->name, bond_is_active_slave(new_slave) ? ""n active"" : "" backup"", new_slave->link != BOND_LINK_DOWN ? ""n up"" : "" down""); return 0; err_dest_symlinks: bond_destroy_slave_symlinks(bond_dev, slave_dev); err_close: dev_close(slave_dev); err_unset_master: netdev_set_bond_master(slave_dev, NULL); err_restore_mac: if (!bond->params.fail_over_mac) { memcpy(addr.sa_data, new_slave->perm_hwaddr, ETH_ALEN); addr.sa_family = slave_dev->type; dev_set_mac_address(slave_dev, &addr); } err_restore_mtu: dev_set_mtu(slave_dev, new_slave->original_mtu); err_free: kfree(new_slave); err_undo_flags: bond_compute_features(bond); return res; }",visit repo url,drivers/net/bonding/bond_main.c,https://github.com/torvalds/linux,42378594506047,1 2814,[],"static int dio_bio_complete(struct dio *dio, struct bio *bio) { const int uptodate = test_bit(BIO_UPTODATE, &bio->bi_flags); struct bio_vec *bvec = bio->bi_io_vec; int page_no; if (!uptodate) dio->io_error = -EIO; if (dio->is_async && dio->rw == READ) { bio_check_pages_dirty(bio); } else { for (page_no = 0; page_no < bio->bi_vcnt; page_no++) { struct page *page = bvec[page_no].bv_page; if (dio->rw == READ && !PageCompound(page)) set_page_dirty_lock(page); page_cache_release(page); } bio_put(bio); } return uptodate ? 0 : -EIO; }",linux-2.6,,,37991280988042726528219728532451905061,0 5894,['CWE-200'],"static int nr_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) { struct full_sockaddr_ax25 *sax = (struct full_sockaddr_ax25 *)uaddr; struct sock *sk = sock->sk; struct nr_sock *nr = nr_sk(sk); lock_sock(sk); if (peer != 0) { if (sk->sk_state != TCP_ESTABLISHED) { release_sock(sk); return -ENOTCONN; } sax->fsa_ax25.sax25_family = AF_NETROM; sax->fsa_ax25.sax25_ndigis = 1; sax->fsa_ax25.sax25_call = nr->user_addr; memset(sax->fsa_digipeater, 0, sizeof(sax->fsa_digipeater)); sax->fsa_digipeater[0] = nr->dest_addr; *uaddr_len = sizeof(struct full_sockaddr_ax25); } else { sax->fsa_ax25.sax25_family = AF_NETROM; sax->fsa_ax25.sax25_ndigis = 0; sax->fsa_ax25.sax25_call = nr->source_addr; *uaddr_len = sizeof(struct sockaddr_ax25); } release_sock(sk); return 0; }",linux-2.6,,,135792446410806661872932566432268692341,0 4680,['CWE-399'],"static int mpage_da_submit_io(struct mpage_da_data *mpd) { long pages_skipped; struct pagevec pvec; unsigned long index, end; int ret = 0, err, nr_pages, i; struct inode *inode = mpd->inode; struct address_space *mapping = inode->i_mapping; BUG_ON(mpd->next_page <= mpd->first_page); index = mpd->first_page; end = mpd->next_page - 1; pagevec_init(&pvec, 0); while (index <= end) { nr_pages = pagevec_lookup(&pvec, mapping, index, PAGEVEC_SIZE); if (nr_pages == 0) break; for (i = 0; i < nr_pages; i++) { struct page *page = pvec.pages[i]; index = page->index; if (index > end) break; index++; BUG_ON(!PageLocked(page)); BUG_ON(PageWriteback(page)); pages_skipped = mpd->wbc->pages_skipped; err = mapping->a_ops->writepage(page, mpd->wbc); if (!err && (pages_skipped == mpd->wbc->pages_skipped)) mpd->pages_written++; if (ret == 0) ret = err; } pagevec_release(&pvec); } return ret; }",linux-2.6,,,249075349711931403399037157422073348905,0 4675,['CWE-399'],"static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino) { return ino == EXT4_ROOT_INO || ino == EXT4_JOURNAL_INO || ino == EXT4_RESIZE_INO || (ino >= EXT4_FIRST_INO(sb) && ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count));",linux-2.6,,,197778265414366490782934245476842074081,0 6751,['CWE-310'],"connection_valid_for_cdma (NMConnection *connection, NMSettingConnection *s_con, NMDevice *device, gpointer specific_object) { NMSettingCdma *s_cdma; if (strcmp (nm_setting_connection_get_connection_type (s_con), NM_SETTING_CDMA_SETTING_NAME)) return FALSE; s_cdma = NM_SETTING_CDMA (nm_connection_get_setting (connection, NM_TYPE_SETTING_CDMA)); g_return_val_if_fail (s_cdma != NULL, FALSE); return TRUE; }",network-manager-applet,,,194228070341431455389965181108674532732,0 5938,['CWE-909'],"static void notify_and_destroy(struct sk_buff *skb, struct nlmsghdr *n, u32 clid, struct Qdisc *old, struct Qdisc *new) { if (new || old) qdisc_notify(skb, n, clid, old, new); if (old) qdisc_destroy(old); }",linux-2.6,,,138517764129540636054057628523223772368,0 6210,CWE-190,"void fp24_exp_cyc(fp24_t c, const fp24_t a, const bn_t b) { int i, j, k, w = bn_ham(b); if (bn_is_zero(b)) { fp24_set_dig(c, 1); return; } if ((bn_bits(b) > RLC_DIG) && ((w << 3) > bn_bits(b))) { int l, _l[8]; int8_t naf[8][RLC_FP_BITS + 1]; fp24_t t[8]; bn_t _b[8], n, x; bn_null(n); bn_null(x); RLC_TRY { bn_new(n); bn_new(x); for (i = 0; i < 8; i++) { bn_null(_b[i]); bn_new(_b[i]); fp24_null(t[i]); fp24_new(t[i]); } ep_curve_get_ord(n); fp_prime_get_par(x); bn_rec_frb(_b, 8, b, x, n, ep_curve_is_pairf() == EP_BN); if (ep_curve_is_pairf()) { l = 0; fp24_copy(t[0], a); for (i = 0; i < 8; i++) { _l[i] = RLC_FP_BITS + 1; bn_rec_naf(naf[i], &_l[i], _b[i], 2); l = RLC_MAX(l, _l[i]); if (i > 0) { fp24_frb(t[i], t[i - 1], 1); } } for (i = 0; i < 8; i++) { if (bn_sign(_b[i]) == RLC_NEG) { fp24_inv_cyc(t[i], t[i]); } } fp24_set_dig(c, 1); for (i = l - 1; i >= 0; i--) { fp24_sqr_cyc(c, c); for (j = 0; j < 8; j++) { if (naf[j][i] > 0) { fp24_mul(c, c, t[j]); } if (naf[j][i] < 0) { fp24_inv_cyc(t[j], t[j]); fp24_mul(c, c, t[j]); fp24_inv_cyc(t[j], t[j]); } } } } else { fp24_copy(t[0], a); for (i = bn_bits(b) - 2; i >= 0; i--) { fp24_sqr_cyc(t[0], t[0]); if (bn_get_bit(b, i)) { fp24_mul(t[0], t[0], a); } } fp24_copy(c, t[0]); if (bn_sign(b) == RLC_NEG) { fp24_inv_cyc(c, c); } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(x); for (i = 0; i < 8; i++) { bn_free(_b[i]); fp24_free(t[i]); } } } else { fp24_t t, *u = RLC_ALLOCA(fp24_t, w); fp24_null(t); RLC_TRY { if (u == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (i = 0; i < w; i++) { fp24_null(u[i]); fp24_new(u[i]); } fp24_new(t); j = 0; fp24_copy(t, a); for (i = 1; i < bn_bits(b); i++) { fp24_sqr_pck(t, t); if (bn_get_bit(b, i)) { fp24_copy(u[j++], t); } } if (!bn_is_even(b)) { j = 0; k = w - 1; } else { j = 1; k = w; } fp24_back_cyc_sim(u, u, k); if (!bn_is_even(b)) { fp24_copy(c, a); } else { fp24_copy(c, u[0]); } for (i = j; i < k; i++) { fp24_mul(c, c, u[i]); } if (bn_sign(b) == RLC_NEG) { fp24_inv_cyc(c, c); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < w; i++) { fp24_free(u[i]); } fp24_free(t); RLC_FREE(u); } } }",visit repo url,src/fpx/relic_fpx_cyc.c,https://github.com/relic-toolkit/relic,64968313791489,1 4786,[],"int selinux_netlbl_socket_connect(struct sock *sk, struct sockaddr *addr) { int rc; struct sk_security_struct *sksec = sk->sk_security; struct netlbl_lsm_secattr *secattr; if (sksec->nlbl_state != NLBL_REQSKB && sksec->nlbl_state != NLBL_CONNLABELED) return 0; local_bh_disable(); bh_lock_sock_nested(sk); if (addr->sa_family == AF_UNSPEC) { netlbl_sock_delattr(sk); sksec->nlbl_state = NLBL_REQSKB; rc = 0; goto socket_connect_return; } secattr = selinux_netlbl_sock_genattr(sk); if (secattr == NULL) { rc = -ENOMEM; goto socket_connect_return; } rc = netlbl_conn_setattr(sk, addr, secattr); if (rc == 0) sksec->nlbl_state = NLBL_CONNLABELED; socket_connect_return: bh_unlock_sock(sk); local_bh_enable(); return rc; }",linux-2.6,,,81018414894986454493137912663056402786,0 5113,CWE-125,"obj2ast_mod(PyObject* obj, mod_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; if (obj == Py_None) { *out = NULL; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Module_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Module""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Module field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Module field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = Module(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Interactive_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Interactive""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Interactive field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Interactive field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = Interactive(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Expression_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty body; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Expression""); return 1; } else { int res; res = obj2ast_expr(tmp, &body, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Expression(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Suite_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Suite""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Suite field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Suite field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = Suite(body, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of mod, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,58566336039806,1 1900,['CWE-20'],"int apply_to_page_range(struct mm_struct *mm, unsigned long addr, unsigned long size, pte_fn_t fn, void *data) { pgd_t *pgd; unsigned long next; unsigned long end = addr + size; int err; BUG_ON(addr >= end); pgd = pgd_offset(mm, addr); do { next = pgd_addr_end(addr, end); err = apply_to_pud_range(mm, pgd, addr, next, fn, data); if (err) break; } while (pgd++, addr = next, addr != end); return err; }",linux-2.6,,,327655975622239153851484666087793816886,0 482,[],"sys_perfmonctl (int fd, int cmd, void *arg, int count) { return -ENOSYS; }",linux-2.6,,,263427672052380859961360852277633872410,0 4478,CWE-125,"get_word_gray_row(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) { ppm_source_ptr source = (ppm_source_ptr)sinfo; register JSAMPROW ptr; register U_CHAR *bufferptr; register JSAMPLE *rescale = source->rescale; JDIMENSION col; unsigned int maxval = source->maxval; if (!ReadOK(source->pub.input_file, source->iobuffer, source->buffer_width)) ERREXIT(cinfo, JERR_INPUT_EOF); ptr = source->pub.buffer[0]; bufferptr = source->iobuffer; for (col = cinfo->image_width; col > 0; col--) { register unsigned int temp; temp = UCH(*bufferptr++) << 8; temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_TOOLARGE); *ptr++ = rescale[temp]; } return 1; }",visit repo url,rdppm.c,https://github.com/libjpeg-turbo/libjpeg-turbo,238969342150739,1 2396,['CWE-119'],"static void show_entry(struct diff_options *opt, const char *prefix, struct tree_desc *desc, const char *base, int baselen) { unsigned mode; const char *path; const unsigned char *sha1 = tree_entry_extract(desc, &path, &mode); int pathlen = tree_entry_len(path, sha1); if (DIFF_OPT_TST(opt, RECURSIVE) && S_ISDIR(mode)) { enum object_type type; char *newbase = malloc_base(base, baselen, path, pathlen); struct tree_desc inner; void *tree; unsigned long size; tree = read_sha1_file(sha1, &type, &size); if (!tree || type != OBJ_TREE) die(""corrupt tree sha %s"", sha1_to_hex(sha1)); init_tree_desc(&inner, tree, size); show_tree(opt, prefix, &inner, newbase, baselen + 1 + pathlen); free(tree); free(newbase); } else { char *fullname = malloc_fullname(base, baselen, path, pathlen); opt->add_remove(opt, prefix[0], mode, sha1, fullname); free(fullname); } }",git,,,33846817028892628286781739197684961667,0 1548,[],"do_sched_setscheduler(pid_t pid, int policy, struct sched_param __user *param) { struct sched_param lparam; struct task_struct *p; int retval; if (!param || pid < 0) return -EINVAL; if (copy_from_user(&lparam, param, sizeof(struct sched_param))) return -EFAULT; rcu_read_lock(); retval = -ESRCH; p = find_process_by_pid(pid); if (p != NULL) retval = sched_setscheduler(p, policy, &lparam); rcu_read_unlock(); return retval; }",linux-2.6,,,238092870072605176294517377221198990618,0 4348,['CWE-399'],"long keyctl_assume_authority(key_serial_t id) { struct key *authkey; long ret; ret = -EINVAL; if (id < 0) goto error; if (id == 0) { ret = keyctl_change_reqkey_auth(NULL); goto error; } authkey = key_get_instantiation_authkey(id); if (IS_ERR(authkey)) { ret = PTR_ERR(authkey); goto error; } ret = keyctl_change_reqkey_auth(authkey); if (ret < 0) goto error; key_put(authkey); ret = authkey->serial; error: return ret; } ",linux-2.6,,,332237672067899443533427244219450595291,0 4005,['CWE-362'],"static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) { int i; if (a->flags != b->flags || a->listnr != b->listnr || a->action != b->action || a->field_count != b->field_count) return 1; for (i = 0; i < a->field_count; i++) { if (a->fields[i].type != b->fields[i].type || a->fields[i].op != b->fields[i].op) return 1; switch(a->fields[i].type) { case AUDIT_SUBJ_USER: case AUDIT_SUBJ_ROLE: case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: case AUDIT_OBJ_USER: case AUDIT_OBJ_ROLE: case AUDIT_OBJ_TYPE: case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: if (strcmp(a->fields[i].lsm_str, b->fields[i].lsm_str)) return 1; break; case AUDIT_WATCH: if (strcmp(a->watch->path, b->watch->path)) return 1; break; case AUDIT_DIR: if (strcmp(audit_tree_path(a->tree), audit_tree_path(b->tree))) return 1; break; case AUDIT_FILTERKEY: if (strcmp(a->filterkey, b->filterkey)) return 1; break; default: if (a->fields[i].val != b->fields[i].val) return 1; } } for (i = 0; i < AUDIT_BITMASK_SIZE; i++) if (a->mask[i] != b->mask[i]) return 1; return 0; }",linux-2.6,,,259145719944584465221960153321125647999,0 1104,['CWE-399'],"do_notify_resume(struct pt_regs *regs, void *unused, __u32 thread_info_flags) { #ifdef DEBUG_SIG printk(""do_notify_resume flags:%x ip:%lx sp:%lx caller:%p pending:%x\n"", thread_info_flags, regs->ip, regs->sp, __builtin_return_address(0),signal_pending(current)); #endif if (thread_info_flags & _TIF_SINGLESTEP) { regs->flags |= X86_EFLAGS_TF; clear_thread_flag(TIF_SINGLESTEP); } #ifdef CONFIG_X86_MCE if (thread_info_flags & _TIF_MCE_NOTIFY) mce_notify_user(); #endif if (thread_info_flags & (_TIF_SIGPENDING|_TIF_RESTORE_SIGMASK)) do_signal(regs); if (thread_info_flags & _TIF_HRTICK_RESCHED) hrtick_resched(); }",linux-2.6,,,163969579611720246587829144869825291609,0 2999,CWE-399,"doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, size_t size, off_t fsize, int *flags, int mach, int strtab) { Elf32_Shdr sh32; Elf64_Shdr sh64; int stripped = 1; size_t nbadcap = 0; void *nbuf; off_t noff, coff, name_off; uint64_t cap_hw1 = 0; uint64_t cap_sf1 = 0; char name[50]; ssize_t namesize; if (size != xsh_sizeof) { if (file_printf(ms, "", corrupted section header size"") == -1) return -1; return 0; } if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) < (ssize_t)xsh_sizeof) { file_badread(ms); return -1; } name_off = xsh_offset; for ( ; num; num--) { if ((namesize = pread(fd, name, sizeof(name) - 1, name_off + xsh_name)) == -1) { file_badread(ms); return -1; } name[namesize] = '\0'; if (strcmp(name, "".debug_info"") == 0) stripped = 0; if (pread(fd, xsh_addr, xsh_sizeof, off) < (ssize_t)xsh_sizeof) { file_badread(ms); return -1; } off += size; switch (xsh_type) { case SHT_SYMTAB: #if 0 case SHT_DYNSYM: #endif stripped = 0; break; default: if (fsize != SIZE_UNKNOWN && xsh_offset > fsize) { continue; } break; } switch (xsh_type) { case SHT_NOTE: if ((nbuf = malloc(xsh_size)) == NULL) { file_error(ms, errno, ""Cannot allocate memory"" "" for note""); return -1; } if (pread(fd, nbuf, xsh_size, xsh_offset) < (ssize_t)xsh_size) { file_badread(ms); free(nbuf); return -1; } noff = 0; for (;;) { if (noff >= (off_t)xsh_size) break; noff = donote(ms, nbuf, (size_t)noff, xsh_size, clazz, swap, 4, flags); if (noff == 0) break; } free(nbuf); break; case SHT_SUNW_cap: switch (mach) { case EM_SPARC: case EM_SPARCV9: case EM_IA_64: case EM_386: case EM_AMD64: break; default: goto skip; } if (nbadcap > 5) break; if (lseek(fd, xsh_offset, SEEK_SET) == (off_t)-1) { file_badseek(ms); return -1; } coff = 0; for (;;) { Elf32_Cap cap32; Elf64_Cap cap64; char cbuf[ MAX(sizeof cap32, sizeof cap64)]; if ((coff += xcap_sizeof) > (off_t)xsh_size) break; if (read(fd, cbuf, (size_t)xcap_sizeof) != (ssize_t)xcap_sizeof) { file_badread(ms); return -1; } if (cbuf[0] == 'A') { #ifdef notyet char *p = cbuf + 1; uint32_t len, tag; memcpy(&len, p, sizeof(len)); p += 4; len = getu32(swap, len); if (memcmp(""gnu"", p, 3) != 0) { if (file_printf(ms, "", unknown capability %.3s"", p) == -1) return -1; break; } p += strlen(p) + 1; tag = *p++; memcpy(&len, p, sizeof(len)); p += 4; len = getu32(swap, len); if (tag != 1) { if (file_printf(ms, "", unknown gnu"" "" capability tag %d"", tag) == -1) return -1; break; } #endif break; } (void)memcpy(xcap_addr, cbuf, xcap_sizeof); switch (xcap_tag) { case CA_SUNW_NULL: break; case CA_SUNW_HW_1: cap_hw1 |= xcap_val; break; case CA_SUNW_SF_1: cap_sf1 |= xcap_val; break; default: if (file_printf(ms, "", with unknown capability "" ""0x%"" INT64_T_FORMAT ""x = 0x%"" INT64_T_FORMAT ""x"", (unsigned long long)xcap_tag, (unsigned long long)xcap_val) == -1) return -1; if (nbadcap++ > 2) coff = xsh_size; break; } } skip: default: break; } } if (file_printf(ms, "", %sstripped"", stripped ? """" : ""not "") == -1) return -1; if (cap_hw1) { const cap_desc_t *cdp; switch (mach) { case EM_SPARC: case EM_SPARC32PLUS: case EM_SPARCV9: cdp = cap_desc_sparc; break; case EM_386: case EM_IA_64: case EM_AMD64: cdp = cap_desc_386; break; default: cdp = NULL; break; } if (file_printf(ms, "", uses"") == -1) return -1; if (cdp) { while (cdp->cd_name) { if (cap_hw1 & cdp->cd_mask) { if (file_printf(ms, "" %s"", cdp->cd_name) == -1) return -1; cap_hw1 &= ~cdp->cd_mask; } ++cdp; } if (cap_hw1) if (file_printf(ms, "" unknown hardware capability 0x%"" INT64_T_FORMAT ""x"", (unsigned long long)cap_hw1) == -1) return -1; } else { if (file_printf(ms, "" hardware capability 0x%"" INT64_T_FORMAT ""x"", (unsigned long long)cap_hw1) == -1) return -1; } } if (cap_sf1) { if (cap_sf1 & SF1_SUNW_FPUSED) { if (file_printf(ms, (cap_sf1 & SF1_SUNW_FPKNWN) ? "", uses frame pointer"" : "", not known to use frame pointer"") == -1) return -1; } cap_sf1 &= ~SF1_SUNW_MASK; if (cap_sf1) if (file_printf(ms, "", with unknown software capability 0x%"" INT64_T_FORMAT ""x"", (unsigned long long)cap_sf1) == -1) return -1; } return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,212660563238025,1 3885,CWE-416,"win_enter_ext( win_T *wp, int undo_sync, int curwin_invalid, int trigger_new_autocmds, int trigger_enter_autocmds, int trigger_leave_autocmds) { int other_buffer = FALSE; if (wp == curwin && !curwin_invalid) return; #ifdef FEAT_JOB_CHANNEL if (!curwin_invalid) leaving_window(curwin); #endif if (!curwin_invalid && trigger_leave_autocmds) { if (wp->w_buffer != curbuf) { apply_autocmds(EVENT_BUFLEAVE, NULL, NULL, FALSE, curbuf); other_buffer = TRUE; if (!win_valid(wp)) return; } apply_autocmds(EVENT_WINLEAVE, NULL, NULL, FALSE, curbuf); if (!win_valid(wp)) return; #ifdef FEAT_EVAL if (aborting()) return; #endif } if (undo_sync && curbuf != wp->w_buffer) u_sync(FALSE); update_topline(); if (wp->w_buffer != curbuf) buf_copy_options(wp->w_buffer, BCO_ENTER | BCO_NOHELP); if (!curwin_invalid) { prevwin = curwin; curwin->w_redr_status = TRUE; } curwin = wp; curbuf = wp->w_buffer; check_cursor(); if (!virtual_active()) curwin->w_cursor.coladd = 0; changed_line_abv_curs(); if (curwin->w_localdir != NULL || curtab->tp_localdir != NULL) { char_u *dirname; if (globaldir == NULL) { char_u cwd[MAXPATHL]; if (mch_dirname(cwd, MAXPATHL) == OK) globaldir = vim_strsave(cwd); } if (curwin->w_localdir != NULL) dirname = curwin->w_localdir; else dirname = curtab->tp_localdir; if (mch_chdir((char *)dirname) == 0) shorten_fnames(TRUE); } else if (globaldir != NULL) { vim_ignored = mch_chdir((char *)globaldir); VIM_CLEAR(globaldir); shorten_fnames(TRUE); } #ifdef FEAT_JOB_CHANNEL entering_window(curwin); #endif if (trigger_new_autocmds) apply_autocmds(EVENT_WINNEW, NULL, NULL, FALSE, curbuf); if (trigger_enter_autocmds) { apply_autocmds(EVENT_WINENTER, NULL, NULL, FALSE, curbuf); if (other_buffer) apply_autocmds(EVENT_BUFENTER, NULL, NULL, FALSE, curbuf); } #ifdef FEAT_TITLE maketitle(); #endif curwin->w_redr_status = TRUE; #ifdef FEAT_TERMINAL if (bt_terminal(wp->w_buffer)) redraw_mode = TRUE; #endif redraw_tabline = TRUE; if (restart_edit) redraw_later(VALID); if (curwin->w_height < p_wh && !curwin->w_p_wfh #ifdef FEAT_TEXT_PROP && !popup_is_popup(curwin) #endif ) win_setheight((int)p_wh); else if (curwin->w_height == 0) win_setheight(1); if (curwin->w_width < p_wiw && !curwin->w_p_wfw) win_setwidth((int)p_wiw); setmouse(); DO_AUTOCHDIR; }",visit repo url,src/window.c,https://github.com/vim/vim,238200704609226,1 3595,['CWE-20'],"static int sctp_sf_send_restart_abort(union sctp_addr *ssa, struct sctp_chunk *init, sctp_cmd_seq_t *commands) { int len; struct sctp_packet *pkt; union sctp_addr_param *addrparm; struct sctp_errhdr *errhdr; struct sctp_endpoint *ep; char buffer[sizeof(struct sctp_errhdr)+sizeof(union sctp_addr_param)]; struct sctp_af *af = sctp_get_af_specific(ssa->v4.sin_family); errhdr = (struct sctp_errhdr *)buffer; addrparm = (union sctp_addr_param *)errhdr->variable; len = af->to_addr_param(ssa, addrparm); len += sizeof(sctp_errhdr_t); errhdr->cause = SCTP_ERROR_RESTART; errhdr->length = htons(len); ep = sctp_sk((sctp_get_ctl_sock()))->ep; pkt = sctp_abort_pkt_new(ep, NULL, init, errhdr, len); if (!pkt) goto out; sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(pkt)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL()); out: return 0; }",linux-2.6,,,203638611630951767846508725859713890960,0 2902,['CWE-189'],"jpc_enc_tile_t *jpc_enc_tile_create(jpc_enc_cp_t *cp, jas_image_t *image, int tileno) { jpc_enc_tile_t *tile; uint_fast32_t htileno; uint_fast32_t vtileno; uint_fast16_t lyrno; uint_fast16_t cmptno; jpc_enc_tcmpt_t *tcmpt; if (!(tile = jas_malloc(sizeof(jpc_enc_tile_t)))) { goto error; } tile->tcmpts = 0; tile->lyrsizes = 0; tile->numtcmpts = cp->numcmpts; tile->pi = 0; tile->tileno = tileno; htileno = tileno % cp->numhtiles; vtileno = tileno / cp->numhtiles; tile->tlx = JAS_MAX(cp->tilegrdoffx + htileno * cp->tilewidth, cp->imgareatlx); tile->tly = JAS_MAX(cp->tilegrdoffy + vtileno * cp->tileheight, cp->imgareatly); tile->brx = JAS_MIN(cp->tilegrdoffx + (htileno + 1) * cp->tilewidth, cp->refgrdwidth); tile->bry = JAS_MIN(cp->tilegrdoffy + (vtileno + 1) * cp->tileheight, cp->refgrdheight); tile->intmode = cp->tcp.intmode; tile->csty = cp->tcp.csty; tile->prg = cp->tcp.prg; tile->mctid = cp->tcp.mctid; tile->numlyrs = cp->tcp.numlyrs; if (!(tile->lyrsizes = jas_alloc2(tile->numlyrs, sizeof(uint_fast32_t)))) { goto error; } for (lyrno = 0; lyrno < tile->numlyrs; ++lyrno) { tile->lyrsizes[lyrno] = 0; } if (!(tile->tcmpts = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_tcmpt_t)))) { goto error; } for (cmptno = 0, tcmpt = tile->tcmpts; cmptno < cp->numcmpts; ++cmptno, ++tcmpt) { tcmpt->rlvls = 0; tcmpt->tsfb = 0; tcmpt->data = 0; } for (cmptno = 0, tcmpt = tile->tcmpts; cmptno < cp->numcmpts; ++cmptno, ++tcmpt) { if (!tcmpt_create(tcmpt, cp, image, tile)) { goto error; } } switch (tile->mctid) { case JPC_MCT_RCT: tile->tcmpts[0].synweight = jpc_dbltofix(sqrt(3.0)); tile->tcmpts[1].synweight = jpc_dbltofix(sqrt(0.6875)); tile->tcmpts[2].synweight = jpc_dbltofix(sqrt(0.6875)); break; case JPC_MCT_ICT: tile->tcmpts[0].synweight = jpc_dbltofix(sqrt(3.0000)); tile->tcmpts[1].synweight = jpc_dbltofix(sqrt(3.2584)); tile->tcmpts[2].synweight = jpc_dbltofix(sqrt(2.4755)); break; default: case JPC_MCT_NONE: for (cmptno = 0, tcmpt = tile->tcmpts; cmptno < cp->numcmpts; ++cmptno, ++tcmpt) { tcmpt->synweight = JPC_FIX_ONE; } break; } if (!(tile->pi = jpc_enc_pi_create(cp, tile))) { goto error; } return tile; error: if (tile) { jpc_enc_tile_destroy(tile); } return 0; }",jasper,,,329536833624359225044426630656490634594,0 374,[],"pfm_restore_ibrs(unsigned long *ibrs, unsigned int nibrs) { int i; for (i=0; i < nibrs; i++) { ia64_set_ibr(i, ibrs[i]); ia64_dv_serialize_instruction(); } ia64_srlz_i(); }",linux-2.6,,,209814791299942763031643543910111688913,0 156,[],"static int compat_nfs_clnt_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg) { if (!access_ok(VERIFY_READ, &arg->ca32_client, sizeof(arg->ca32_client)) || get_user(karg->ca_version, &arg->ca32_version) || __copy_from_user(&karg->ca_client.cl_ident[0], &arg->ca32_client.cl32_ident[0], NFSCLNT_IDMAX) || __get_user(karg->ca_client.cl_naddr, &arg->ca32_client.cl32_naddr) || __copy_from_user(&karg->ca_client.cl_addrlist[0], &arg->ca32_client.cl32_addrlist[0], (sizeof(struct in_addr) * NFSCLNT_ADDRMAX)) || __get_user(karg->ca_client.cl_fhkeytype, &arg->ca32_client.cl32_fhkeytype) || __get_user(karg->ca_client.cl_fhkeylen, &arg->ca32_client.cl32_fhkeylen) || __copy_from_user(&karg->ca_client.cl_fhkey[0], &arg->ca32_client.cl32_fhkey[0], NFSCLNT_KEYMAX)) return -EFAULT; return 0; }",linux-2.6,,,174846593984039282040068752212081833864,0 912,['CWE-200'],"static int shmem_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) { struct inode *inode = old_dentry->d_inode; int they_are_dirs = S_ISDIR(inode->i_mode); if (!simple_empty(new_dentry)) return -ENOTEMPTY; if (new_dentry->d_inode) { (void) shmem_unlink(new_dir, new_dentry); if (they_are_dirs) drop_nlink(old_dir); } else if (they_are_dirs) { drop_nlink(old_dir); inc_nlink(new_dir); } old_dir->i_size -= BOGO_DIRENT_SIZE; new_dir->i_size += BOGO_DIRENT_SIZE; old_dir->i_ctime = old_dir->i_mtime = new_dir->i_ctime = new_dir->i_mtime = inode->i_ctime = CURRENT_TIME; return 0; }",linux-2.6,,,132896491565981615172215934355338594070,0 4268,['CWE-264'],"static int __init coredump_filter_setup(char *s) { default_dump_filter = (simple_strtoul(s, NULL, 0) << MMF_DUMP_FILTER_SHIFT) & MMF_DUMP_FILTER_MASK; return 1; }",linux-2.6,,,288372764472864210654886100109977818742,0 5027,CWE-787,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 5946,['CWE-909'],"static int tc_dump_qdisc(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); int idx, q_idx; int s_idx, s_q_idx; struct net_device *dev; if (net != &init_net) return 0; s_idx = cb->args[0]; s_q_idx = q_idx = cb->args[1]; read_lock(&dev_base_lock); idx = 0; for_each_netdev(&init_net, dev) { struct netdev_queue *dev_queue; if (idx < s_idx) goto cont; if (idx > s_idx) s_q_idx = 0; q_idx = 0; dev_queue = netdev_get_tx_queue(dev, 0); if (tc_dump_qdisc_root(dev_queue->qdisc_sleeping, skb, cb, &q_idx, s_q_idx) < 0) goto done; dev_queue = &dev->rx_queue; if (tc_dump_qdisc_root(dev_queue->qdisc_sleeping, skb, cb, &q_idx, s_q_idx) < 0) goto done; cont: idx++; } done: read_unlock(&dev_base_lock); cb->args[0] = idx; cb->args[1] = q_idx; return skb->len; }",linux-2.6,,,254999014260245425622443271318538868788,0 5972,['CWE-200'],"static int __init cbq_module_init(void) { return register_qdisc(&cbq_qdisc_ops); }",linux-2.6,,,44637891232676275852383020517232360914,0 4054,CWE-125,"static int string_scan_range(RList *list, RBinFile *bf, int min, const ut64 from, const ut64 to, int type) { ut8 tmp[R_STRING_SCAN_BUFFER_SIZE]; ut64 str_start, needle = from; int count = 0, i, rc, runes; int str_type = R_STRING_TYPE_DETECT; if (type == -1) { type = R_STRING_TYPE_DETECT; } if (from >= to) { eprintf (""Invalid range to find strings 0x%llx .. 0x%llx\n"", from, to); return -1; } ut8 *buf = calloc (to - from, 1); if (!buf || !min) { return -1; } r_buf_read_at (bf->buf, from, buf, to - from); while (needle < to) { rc = r_utf8_decode (buf + needle - from, to - needle, NULL); if (!rc) { needle++; continue; } if (type == R_STRING_TYPE_DETECT) { char *w = (char *)buf + needle + rc - from; if ((to - needle) > 5) { bool is_wide32 = needle + rc + 2 < to && !w[0] && !w[1] && !w[2] && w[3] && !w[4]; if (is_wide32) { str_type = R_STRING_TYPE_WIDE32; } else { bool is_wide = needle + rc + 2 < to && !w[0] && w[1] && !w[2]; str_type = is_wide? R_STRING_TYPE_WIDE: R_STRING_TYPE_ASCII; } } else { str_type = R_STRING_TYPE_ASCII; } } else { str_type = type; } runes = 0; str_start = needle; for (rc = i = 0; i < sizeof (tmp) - 3 && needle < to; i += rc) { RRune r = {0}; if (str_type == R_STRING_TYPE_WIDE32) { rc = r_utf32le_decode (buf + needle - from, to - needle, &r); if (rc) { rc = 4; } } else if (str_type == R_STRING_TYPE_WIDE) { rc = r_utf16le_decode (buf + needle - from, to - needle, &r); if (rc == 1) { rc = 2; } } else { rc = r_utf8_decode (buf + needle - from, to - needle, &r); if (rc > 1) { str_type = R_STRING_TYPE_UTF8; } } if (!rc) { needle++; break; } needle += rc; if (r_isprint (r) && r != '\\') { if (str_type == R_STRING_TYPE_WIDE32) { if (r == 0xff) { r = 0; } } rc = r_utf8_encode (&tmp[i], r); runes++; } else if (r && r < 0x100 && strchr (""\b\v\f\n\r\t\a\033\\"", (char)r)) { if ((i + 32) < sizeof (tmp) && r < 93) { tmp[i + 0] = '\\'; tmp[i + 1] = "" abtnvfr e "" "" "" "" "" "" \\""[r]; } else { break; } rc = 2; runes++; } else { break; } } tmp[i++] = '\0'; if (runes >= min) { if (str_type == R_STRING_TYPE_ASCII) { int j; for (j = 0; j < i; j++) { char ch = tmp[j]; if (ch != '\n' && ch != '\r' && ch != '\t') { if (!IS_PRINTABLE (tmp[j])) { continue; } } } } RBinString *bs = R_NEW0 (RBinString); if (!bs) { break; } bs->type = str_type; bs->length = runes; bs->size = needle - str_start; bs->ordinal = count++; switch (str_type) { case R_STRING_TYPE_WIDE: if (str_start -from> 1) { const ut8 *p = buf + str_start - 2 - from; if (p[0] == 0xff && p[1] == 0xfe) { str_start -= 2; } } break; case R_STRING_TYPE_WIDE32: if (str_start -from> 3) { const ut8 *p = buf + str_start - 4 - from; if (p[0] == 0xff && p[1] == 0xfe) { str_start -= 4; } } break; } bs->paddr = bs->vaddr = str_start; bs->string = r_str_ndup ((const char *)tmp, i); if (list) { r_list_append (list, bs); } else { print_string (bs, bf); r_bin_string_free (bs); } } } free (buf); return count; }",visit repo url,libr/bin/file.c,https://github.com/radare/radare2,255227193079203,1 113,['CWE-787'],"static uint32_t cirrus_vga_mem_readw(void *opaque, target_phys_addr_t addr) { uint32_t v; #ifdef TARGET_WORDS_BIGENDIAN v = cirrus_vga_mem_readb(opaque, addr) << 8; v |= cirrus_vga_mem_readb(opaque, addr + 1); #else v = cirrus_vga_mem_readb(opaque, addr); v |= cirrus_vga_mem_readb(opaque, addr + 1) << 8; #endif return v; }",qemu,,,77170989280376340109474595822457340372,0 5068,CWE-190,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 4774,['CWE-20'],"ext4_fsblk_t ext4_block_bitmap(struct super_block *sb, struct ext4_group_desc *bg) { return le32_to_cpu(bg->bg_block_bitmap_lo) | (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT ? (ext4_fsblk_t)le32_to_cpu(bg->bg_block_bitmap_hi) << 32 : 0); }",linux-2.6,,,149123724696132305601177775954368083564,0 4768,CWE-415,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 1311,CWE-189,"i915_gem_execbuffer2(struct drm_device *dev, void *data, struct drm_file *file) { struct drm_i915_gem_execbuffer2 *args = data; struct drm_i915_gem_exec_object2 *exec2_list = NULL; int ret; if (args->buffer_count < 1) { DRM_DEBUG(""execbuf2 with %d buffers\n"", args->buffer_count); return -EINVAL; } exec2_list = kmalloc(sizeof(*exec2_list)*args->buffer_count, GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY); if (exec2_list == NULL) exec2_list = drm_malloc_ab(sizeof(*exec2_list), args->buffer_count); if (exec2_list == NULL) { DRM_DEBUG(""Failed to allocate exec list for %d buffers\n"", args->buffer_count); return -ENOMEM; } ret = copy_from_user(exec2_list, (struct drm_i915_relocation_entry __user *) (uintptr_t) args->buffers_ptr, sizeof(*exec2_list) * args->buffer_count); if (ret != 0) { DRM_DEBUG(""copy %d exec entries failed %d\n"", args->buffer_count, ret); drm_free_large(exec2_list); return -EFAULT; } ret = i915_gem_do_execbuffer(dev, data, file, args, exec2_list); if (!ret) { ret = copy_to_user((struct drm_i915_relocation_entry __user *) (uintptr_t) args->buffers_ptr, exec2_list, sizeof(*exec2_list) * args->buffer_count); if (ret) { ret = -EFAULT; DRM_DEBUG(""failed to copy %d exec entries "" ""back to user (%d)\n"", args->buffer_count, ret); } } drm_free_large(exec2_list); return ret; }",visit repo url,drivers/gpu/drm/i915/i915_gem_execbuffer.c,https://github.com/torvalds/linux,123081056873947,1 3375,CWE-369,"static MagickBooleanType WriteTIFFImage(const ImageInfo *image_info, Image *image,ExceptionInfo *exception) { #if !defined(TIFFDefaultStripSize) #define TIFFDefaultStripSize(tiff,request) (8192UL/TIFFScanlineSize(tiff)) #endif const char *mode, *option; CompressionType compression; EndianType endian_type; MagickBooleanType debug, status; MagickOffsetType scene; QuantumInfo *quantum_info; QuantumType quantum_type; register ssize_t i; size_t length; ssize_t y; TIFF *tiff; TIFFInfo tiff_info; uint16 bits_per_sample, compress_tag, endian, photometric; uint32 rows_per_strip; unsigned char *pixels; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(image != (Image *) NULL); assert(image->signature == MagickCoreSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception); if (status == MagickFalse) return(status); (void) SetMagickThreadValue(tiff_exception,exception); endian_type=UndefinedEndian; option=GetImageOption(image_info,""tiff:endian""); if (option != (const char *) NULL) { if (LocaleNCompare(option,""msb"",3) == 0) endian_type=MSBEndian; if (LocaleNCompare(option,""lsb"",3) == 0) endian_type=LSBEndian;; } switch (endian_type) { case LSBEndian: mode=""wl""; break; case MSBEndian: mode=""wb""; break; default: mode=""w""; break; } #if defined(TIFF_VERSION_BIG) if (LocaleCompare(image_info->magick,""TIFF64"") == 0) switch (endian_type) { case LSBEndian: mode=""wl8""; break; case MSBEndian: mode=""wb8""; break; default: mode=""w8""; break; } #endif tiff=TIFFClientOpen(image->filename,mode,(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) return(MagickFalse); scene=0; debug=IsEventLogging(); (void) debug; do { if ((image_info->type != UndefinedType) && (image_info->type != OptimizeType)) (void) SetImageType(image,image_info->type,exception); compression=UndefinedCompression; if (image->compression != JPEGCompression) compression=image->compression; if (image_info->compression != UndefinedCompression) compression=image_info->compression; switch (compression) { case FaxCompression: case Group4Compression: { (void) SetImageType(image,BilevelType,exception); (void) SetImageDepth(image,1,exception); break; } case JPEGCompression: { (void) SetImageStorageClass(image,DirectClass,exception); (void) SetImageDepth(image,8,exception); break; } default: break; } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); if ((image->storage_class != PseudoClass) && (image->depth >= 32) && (quantum_info->format == UndefinedQuantumFormat) && (IsHighDynamicRangeImage(image,exception) != MagickFalse)) { status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); } if ((LocaleCompare(image_info->magick,""PTIF"") == 0) && (GetPreviousImageInList(image) != (Image *) NULL)) (void) TIFFSetField(tiff,TIFFTAG_SUBFILETYPE,FILETYPE_REDUCEDIMAGE); if ((image->columns != (uint32) image->columns) || (image->rows != (uint32) image->rows)) ThrowWriterException(ImageError,""WidthOrHeightExceedsLimit""); (void) TIFFSetField(tiff,TIFFTAG_IMAGELENGTH,(uint32) image->rows); (void) TIFFSetField(tiff,TIFFTAG_IMAGEWIDTH,(uint32) image->columns); switch (compression) { case FaxCompression: { compress_tag=COMPRESSION_CCITTFAX3; SetQuantumMinIsWhite(quantum_info,MagickTrue); break; } case Group4Compression: { compress_tag=COMPRESSION_CCITTFAX4; SetQuantumMinIsWhite(quantum_info,MagickTrue); break; } #if defined(COMPRESSION_JBIG) case JBIG1Compression: { compress_tag=COMPRESSION_JBIG; break; } #endif case JPEGCompression: { compress_tag=COMPRESSION_JPEG; break; } #if defined(COMPRESSION_LZMA) case LZMACompression: { compress_tag=COMPRESSION_LZMA; break; } #endif case LZWCompression: { compress_tag=COMPRESSION_LZW; break; } case RLECompression: { compress_tag=COMPRESSION_PACKBITS; break; } case ZipCompression: { compress_tag=COMPRESSION_ADOBE_DEFLATE; break; } case NoCompression: default: { compress_tag=COMPRESSION_NONE; break; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { (void) ThrowMagickException(exception,GetMagickModule(),CoderError, ""CompressionNotSupported"",""`%s'"",CommandOptionToMnemonic( MagickCompressOptions,(ssize_t) compression)); compress_tag=COMPRESSION_NONE; compression=NoCompression; } #else switch (compress_tag) { #if defined(CCITT_SUPPORT) case COMPRESSION_CCITTFAX3: case COMPRESSION_CCITTFAX4: #endif #if defined(YCBCR_SUPPORT) && defined(JPEG_SUPPORT) case COMPRESSION_JPEG: #endif #if defined(LZMA_SUPPORT) && defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: #endif #if defined(LZW_SUPPORT) case COMPRESSION_LZW: #endif #if defined(PACKBITS_SUPPORT) case COMPRESSION_PACKBITS: #endif #if defined(ZIP_SUPPORT) case COMPRESSION_ADOBE_DEFLATE: #endif case COMPRESSION_NONE: break; default: { (void) ThrowMagickException(exception,GetMagickModule(),CoderError, ""CompressionNotSupported"",""`%s'"",CommandOptionToMnemonic( MagickCompressOptions,(ssize_t) compression)); compress_tag=COMPRESSION_NONE; compression=NoCompression; break; } } #endif if (image->colorspace == CMYKColorspace) { photometric=PHOTOMETRIC_SEPARATED; (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,4); (void) TIFFSetField(tiff,TIFFTAG_INKSET,INKSET_CMYK); } else { if (image->colorspace == LabColorspace) { photometric=PHOTOMETRIC_CIELAB; EncodeLabImage(image,exception); } else if (image->colorspace == YCbCrColorspace) { photometric=PHOTOMETRIC_YCBCR; (void) TIFFSetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,1,1); (void) SetImageStorageClass(image,DirectClass,exception); (void) SetImageDepth(image,8,exception); } else photometric=PHOTOMETRIC_RGB; (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,3); if ((image_info->type != TrueColorType) && (image_info->type != TrueColorAlphaType)) { if ((image_info->type != PaletteType) && (SetImageGray(image,exception) != MagickFalse)) { photometric=(uint16) (quantum_info->min_is_white != MagickFalse ? PHOTOMETRIC_MINISWHITE : PHOTOMETRIC_MINISBLACK); (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,1); if ((image->depth == 1) && (image->alpha_trait == UndefinedPixelTrait)) SetImageMonochrome(image,exception); } else if (image->storage_class == PseudoClass) { size_t depth; (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,1); photometric=PHOTOMETRIC_PALETTE; depth=1; while ((GetQuantumRange(depth)+1) < image->colors) depth<<=1; status=SetQuantumDepth(image,quantum_info,depth); if (status == MagickFalse) ThrowWriterException(ResourceLimitError, ""MemoryAllocationFailed""); } } } (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian); if ((compress_tag == COMPRESSION_CCITTFAX3) && (photometric != PHOTOMETRIC_MINISWHITE)) { compress_tag=COMPRESSION_NONE; endian=FILLORDER_MSB2LSB; } else if ((compress_tag == COMPRESSION_CCITTFAX4) && (photometric != PHOTOMETRIC_MINISWHITE)) { compress_tag=COMPRESSION_NONE; endian=FILLORDER_MSB2LSB; } option=GetImageOption(image_info,""tiff:fill-order""); if (option != (const char *) NULL) { if (LocaleNCompare(option,""msb"",3) == 0) endian=FILLORDER_MSB2LSB; if (LocaleNCompare(option,""lsb"",3) == 0) endian=FILLORDER_LSB2MSB; } (void) TIFFSetField(tiff,TIFFTAG_COMPRESSION,compress_tag); (void) TIFFSetField(tiff,TIFFTAG_FILLORDER,endian); (void) TIFFSetField(tiff,TIFFTAG_BITSPERSAMPLE,quantum_info->depth); if (image->alpha_trait != UndefinedPixelTrait) { uint16 extra_samples, sample_info[1], samples_per_pixel; extra_samples=1; sample_info[0]=EXTRASAMPLE_UNASSALPHA; option=GetImageOption(image_info,""tiff:alpha""); if (option != (const char *) NULL) { if (LocaleCompare(option,""associated"") == 0) sample_info[0]=EXTRASAMPLE_ASSOCALPHA; else if (LocaleCompare(option,""unspecified"") == 0) sample_info[0]=EXTRASAMPLE_UNSPECIFIED; } (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL, &samples_per_pixel); (void) TIFFSetField(tiff,TIFFTAG_SAMPLESPERPIXEL,samples_per_pixel+1); (void) TIFFSetField(tiff,TIFFTAG_EXTRASAMPLES,extra_samples, &sample_info); if (sample_info[0] == EXTRASAMPLE_ASSOCALPHA) SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); } (void) TIFFSetField(tiff,TIFFTAG_PHOTOMETRIC,photometric); switch (quantum_info->format) { case FloatingPointQuantumFormat: { (void) TIFFSetField(tiff,TIFFTAG_SAMPLEFORMAT,SAMPLEFORMAT_IEEEFP); (void) TIFFSetField(tiff,TIFFTAG_SMINSAMPLEVALUE,quantum_info->minimum); (void) TIFFSetField(tiff,TIFFTAG_SMAXSAMPLEVALUE,quantum_info->maximum); break; } case SignedQuantumFormat: { (void) TIFFSetField(tiff,TIFFTAG_SAMPLEFORMAT,SAMPLEFORMAT_INT); break; } case UnsignedQuantumFormat: { (void) TIFFSetField(tiff,TIFFTAG_SAMPLEFORMAT,SAMPLEFORMAT_UINT); break; } default: break; } (void) TIFFSetField(tiff,TIFFTAG_ORIENTATION,ORIENTATION_TOPLEFT); (void) TIFFSetField(tiff,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG); if (photometric == PHOTOMETRIC_RGB) if ((image_info->interlace == PlaneInterlace) || (image_info->interlace == PartitionInterlace)) (void) TIFFSetField(tiff,TIFFTAG_PLANARCONFIG,PLANARCONFIG_SEPARATE); rows_per_strip=TIFFDefaultStripSize(tiff,0); option=GetImageOption(image_info,""tiff:rows-per-strip""); if (option != (const char *) NULL) rows_per_strip=(size_t) strtol(option,(char **) NULL,10); switch (compress_tag) { case COMPRESSION_JPEG: { #if defined(JPEG_SUPPORT) const char *sampling_factor; GeometryInfo geometry_info; MagickStatusType flags; rows_per_strip+=(16-(rows_per_strip % 16)); if (image_info->quality != UndefinedCompressionQuality) (void) TIFFSetField(tiff,TIFFTAG_JPEGQUALITY,image_info->quality); (void) TIFFSetField(tiff,TIFFTAG_JPEGCOLORMODE,JPEGCOLORMODE_RAW); if (IssRGBCompatibleColorspace(image->colorspace) != MagickFalse) { const char *value; (void) TIFFSetField(tiff,TIFFTAG_JPEGCOLORMODE,JPEGCOLORMODE_RGB); sampling_factor=(const char *) NULL; value=GetImageProperty(image,""jpeg:sampling-factor"",exception); if (value != (char *) NULL) { sampling_factor=value; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Input sampling-factors=%s"",sampling_factor); } if (image_info->sampling_factor != (char *) NULL) sampling_factor=image_info->sampling_factor; if (sampling_factor != (const char *) NULL) { flags=ParseGeometry(sampling_factor,&geometry_info); if ((flags & SigmaValue) == 0) geometry_info.sigma=geometry_info.rho; if (image->colorspace == YCbCrColorspace) (void) TIFFSetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,(uint16) geometry_info.rho,(uint16) geometry_info.sigma); } } (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE, &bits_per_sample); if (bits_per_sample == 12) (void) TIFFSetField(tiff,TIFFTAG_JPEGTABLESMODE,JPEGTABLESMODE_QUANT); #endif break; } case COMPRESSION_ADOBE_DEFLATE: { rows_per_strip=(uint32) image->rows; (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE, &bits_per_sample); if (((photometric == PHOTOMETRIC_RGB) || (photometric == PHOTOMETRIC_MINISBLACK)) && ((bits_per_sample == 8) || (bits_per_sample == 16))) (void) TIFFSetField(tiff,TIFFTAG_PREDICTOR,PREDICTOR_HORIZONTAL); (void) TIFFSetField(tiff,TIFFTAG_ZIPQUALITY,(long) ( image_info->quality == UndefinedCompressionQuality ? 7 : MagickMin((ssize_t) image_info->quality/10,9))); break; } case COMPRESSION_CCITTFAX3: { rows_per_strip=(uint32) image->rows; (void) TIFFSetField(tiff,TIFFTAG_GROUP3OPTIONS,4); break; } case COMPRESSION_CCITTFAX4: { rows_per_strip=(uint32) image->rows; break; } #if defined(LZMA_SUPPORT) && defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: { if (((photometric == PHOTOMETRIC_RGB) || (photometric == PHOTOMETRIC_MINISBLACK)) && ((bits_per_sample == 8) || (bits_per_sample == 16))) (void) TIFFSetField(tiff,TIFFTAG_PREDICTOR,PREDICTOR_HORIZONTAL); (void) TIFFSetField(tiff,TIFFTAG_LZMAPRESET,(long) ( image_info->quality == UndefinedCompressionQuality ? 7 : MagickMin((ssize_t) image_info->quality/10,9))); break; } #endif case COMPRESSION_LZW: { (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE, &bits_per_sample); if (((photometric == PHOTOMETRIC_RGB) || (photometric == PHOTOMETRIC_MINISBLACK)) && ((bits_per_sample == 8) || (bits_per_sample == 16))) (void) TIFFSetField(tiff,TIFFTAG_PREDICTOR,PREDICTOR_HORIZONTAL); break; } default: break; } if (rows_per_strip < 1) rows_per_strip=1; if ((image->rows/rows_per_strip) >= (1UL << 15)) rows_per_strip=(uint32) (image->rows >> 15); (void) TIFFSetField(tiff,TIFFTAG_ROWSPERSTRIP,rows_per_strip); if ((image->resolution.x != 0.0) && (image->resolution.y != 0.0)) { unsigned short units; units=RESUNIT_NONE; if (image->units == PixelsPerInchResolution) units=RESUNIT_INCH; if (image->units == PixelsPerCentimeterResolution) units=RESUNIT_CENTIMETER; (void) TIFFSetField(tiff,TIFFTAG_RESOLUTIONUNIT,(uint16) units); (void) TIFFSetField(tiff,TIFFTAG_XRESOLUTION,image->resolution.x); (void) TIFFSetField(tiff,TIFFTAG_YRESOLUTION,image->resolution.y); if ((image->page.x < 0) || (image->page.y < 0)) (void) ThrowMagickException(exception,GetMagickModule(),CoderError, ""TIFF: negative image positions unsupported"",""%s"",image->filename); if ((image->page.x > 0) && (image->resolution.x > 0.0)) { (void) TIFFSetField(tiff,TIFFTAG_XPOSITION,(float) image->page.x/ image->resolution.x); } if ((image->page.y > 0) && (image->resolution.y > 0.0)) { (void) TIFFSetField(tiff,TIFFTAG_YPOSITION,(float) image->page.y/ image->resolution.y); } } if (image->chromaticity.white_point.x != 0.0) { float chromaticity[6]; chromaticity[0]=(float) image->chromaticity.red_primary.x; chromaticity[1]=(float) image->chromaticity.red_primary.y; chromaticity[2]=(float) image->chromaticity.green_primary.x; chromaticity[3]=(float) image->chromaticity.green_primary.y; chromaticity[4]=(float) image->chromaticity.blue_primary.x; chromaticity[5]=(float) image->chromaticity.blue_primary.y; (void) TIFFSetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,chromaticity); chromaticity[0]=(float) image->chromaticity.white_point.x; chromaticity[1]=(float) image->chromaticity.white_point.y; (void) TIFFSetField(tiff,TIFFTAG_WHITEPOINT,chromaticity); } if ((LocaleCompare(image_info->magick,""PTIF"") != 0) && (image_info->adjoin != MagickFalse) && (GetImageListLength(image) > 1)) { (void) TIFFSetField(tiff,TIFFTAG_SUBFILETYPE,FILETYPE_PAGE); if (image->scene != 0) (void) TIFFSetField(tiff,TIFFTAG_PAGENUMBER,(uint16) image->scene, GetImageListLength(image)); } if (image->orientation != UndefinedOrientation) (void) TIFFSetField(tiff,TIFFTAG_ORIENTATION,(uint16) image->orientation); (void) TIFFSetProfiles(tiff,image); { uint16 page, pages; page=(uint16) scene; pages=(uint16) GetImageListLength(image); if ((LocaleCompare(image_info->magick,""PTIF"") != 0) && (image_info->adjoin != MagickFalse) && (pages > 1)) (void) TIFFSetField(tiff,TIFFTAG_SUBFILETYPE,FILETYPE_PAGE); (void) TIFFSetField(tiff,TIFFTAG_PAGENUMBER,page,pages); } (void) TIFFSetProperties(tiff,image_info,image,exception); DisableMSCWarning(4127) if (0) RestoreMSCWarning (void) TIFFSetEXIFProperties(tiff,image,exception); if (GetTIFFInfo(image_info,tiff,&tiff_info) == MagickFalse) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); quantum_info->endian=LSBEndian; pixels=(unsigned char *) GetQuantumPixels(quantum_info); tiff_info.scanline=(unsigned char *) GetQuantumPixels(quantum_info); switch (photometric) { case PHOTOMETRIC_CIELAB: case PHOTOMETRIC_YCBCR: case PHOTOMETRIC_RGB: { switch (image_info->interlace) { case NoInterlace: default: { quantum_type=RGBQuantum; if (image->alpha_trait != UndefinedPixelTrait) quantum_type=RGBAQuantum; for (y=0; y < (ssize_t) image->rows; y++) { register const Quantum *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; length=ExportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); (void) length; if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y,image->rows); if (status == MagickFalse) break; } } break; } case PlaneInterlace: case PartitionInterlace: { for (y=0; y < (ssize_t) image->rows; y++) { register const Quantum *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; length=ExportQuantumPixels(image,(CacheView *) NULL,quantum_info, RedQuantum,pixels,exception); if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,100,400); if (status == MagickFalse) break; } for (y=0; y < (ssize_t) image->rows; y++) { register const Quantum *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; length=ExportQuantumPixels(image,(CacheView *) NULL,quantum_info, GreenQuantum,pixels,exception); if (TIFFWritePixels(tiff,&tiff_info,y,1,image) == -1) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,200,400); if (status == MagickFalse) break; } for (y=0; y < (ssize_t) image->rows; y++) { register const Quantum *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; length=ExportQuantumPixels(image,(CacheView *) NULL,quantum_info, BlueQuantum,pixels,exception); if (TIFFWritePixels(tiff,&tiff_info,y,2,image) == -1) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,300,400); if (status == MagickFalse) break; } if (image->alpha_trait != UndefinedPixelTrait) for (y=0; y < (ssize_t) image->rows; y++) { register const Quantum *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; length=ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,AlphaQuantum,pixels,exception); if (TIFFWritePixels(tiff,&tiff_info,y,3,image) == -1) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,400,400); if (status == MagickFalse) break; } break; } } break; } case PHOTOMETRIC_SEPARATED: { quantum_type=CMYKQuantum; if (image->alpha_trait != UndefinedPixelTrait) quantum_type=CMYKAQuantum; if (image->colorspace != CMYKColorspace) (void) TransformImageColorspace(image,CMYKColorspace,exception); for (y=0; y < (ssize_t) image->rows; y++) { register const Quantum *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; length=ExportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case PHOTOMETRIC_PALETTE: { uint16 *blue, *green, *red; red=(uint16 *) AcquireQuantumMemory(65536,sizeof(*red)); green=(uint16 *) AcquireQuantumMemory(65536,sizeof(*green)); blue=(uint16 *) AcquireQuantumMemory(65536,sizeof(*blue)); if ((red == (uint16 *) NULL) || (green == (uint16 *) NULL) || (blue == (uint16 *) NULL)) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); (void) ResetMagickMemory(red,0,65536*sizeof(*red)); (void) ResetMagickMemory(green,0,65536*sizeof(*green)); (void) ResetMagickMemory(blue,0,65536*sizeof(*blue)); for (i=0; i < (ssize_t) image->colors; i++) { red[i]=ScaleQuantumToShort(image->colormap[i].red); green[i]=ScaleQuantumToShort(image->colormap[i].green); blue[i]=ScaleQuantumToShort(image->colormap[i].blue); } (void) TIFFSetField(tiff,TIFFTAG_COLORMAP,red,green,blue); red=(uint16 *) RelinquishMagickMemory(red); green=(uint16 *) RelinquishMagickMemory(green); blue=(uint16 *) RelinquishMagickMemory(blue); } default: { quantum_type=IndexQuantum; if (image->alpha_trait != UndefinedPixelTrait) { if (photometric != PHOTOMETRIC_PALETTE) quantum_type=GrayAlphaQuantum; else quantum_type=IndexAlphaQuantum; } else if (photometric != PHOTOMETRIC_PALETTE) quantum_type=GrayQuantum; for (y=0; y < (ssize_t) image->rows; y++) { register const Quantum *magick_restrict p; p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; length=ExportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (TIFFWritePixels(tiff,&tiff_info,y,0,image) == -1) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } } quantum_info=DestroyQuantumInfo(quantum_info); if (image->colorspace == LabColorspace) DecodeLabImage(image,exception); DestroyTIFFInfo(&tiff_info); DisableMSCWarning(4127) if (0 && (image_info->verbose != MagickFalse)) RestoreMSCWarning TIFFPrintDirectory(tiff,stdout,MagickFalse); (void) TIFFWriteDirectory(tiff); image=SyncNextImageInList(image); if (image == (Image *) NULL) break; status=SetImageProgress(image,SaveImagesTag,scene++, GetImageListLength(image)); if (status == MagickFalse) break; } while (image_info->adjoin != MagickFalse); TIFFClose(tiff); return(MagickTrue); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,42987021938224,1 4381,['CWE-264'],"int sock_no_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) { return -EOPNOTSUPP; }",linux-2.6,,,147564103036382672459172352746656768150,0 135,CWE-843,"static int sanitize_ptr_alu(struct bpf_verifier_env *env, struct bpf_insn *insn, const struct bpf_reg_state *ptr_reg, const struct bpf_reg_state *off_reg, struct bpf_reg_state *dst_reg, struct bpf_sanitize_info *info, const bool commit_window) { struct bpf_insn_aux_data *aux = commit_window ? cur_aux(env) : &info->aux; struct bpf_verifier_state *vstate = env->cur_state; bool off_is_imm = tnum_is_const(off_reg->var_off); bool off_is_neg = off_reg->smin_value < 0; bool ptr_is_dst_reg = ptr_reg == dst_reg; u8 opcode = BPF_OP(insn->code); u32 alu_state, alu_limit; struct bpf_reg_state tmp; bool ret; int err; if (can_skip_alu_sanitation(env, insn)) return 0; if (vstate->speculative) goto do_sim; if (!commit_window) { if (!tnum_is_const(off_reg->var_off) && (off_reg->smin_value < 0) != (off_reg->smax_value < 0)) return REASON_BOUNDS; info->mask_to_left = (opcode == BPF_ADD && off_is_neg) || (opcode == BPF_SUB && !off_is_neg); } err = retrieve_ptr_limit(ptr_reg, &alu_limit, info->mask_to_left); if (err < 0) return err; if (commit_window) { alu_state = info->aux.alu_state; alu_limit = abs(info->aux.alu_limit - alu_limit); } else { alu_state = off_is_neg ? BPF_ALU_NEG_VALUE : 0; alu_state |= off_is_imm ? BPF_ALU_IMMEDIATE : 0; alu_state |= ptr_is_dst_reg ? BPF_ALU_SANITIZE_SRC : BPF_ALU_SANITIZE_DST; } err = update_alu_sanitation_state(aux, alu_state, alu_limit); if (err < 0) return err; do_sim: if (commit_window || off_is_imm) return 0; if (!ptr_is_dst_reg) { tmp = *dst_reg; *dst_reg = *ptr_reg; } ret = push_stack(env, env->insn_idx + 1, env->insn_idx, true); if (!ptr_is_dst_reg && ret) *dst_reg = tmp; return !ret ? REASON_STACK : 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,754916586362,1 104,['CWE-787'],"static void cirrus_get_resolution(VGAState *s, int *pwidth, int *pheight) { int width, height; width = (s->cr[0x01] + 1) * 8; height = s->cr[0x12] | ((s->cr[0x07] & 0x02) << 7) | ((s->cr[0x07] & 0x40) << 3); height = (height + 1); if (s->cr[0x1a] & 0x01) height = height * 2; *pwidth = width; *pheight = height; }",qemu,,,52429946156722761972727445043146990526,0 1985,['CWE-20'],"static void migrate_page_copy(struct page *newpage, struct page *page) { copy_highpage(newpage, page); if (PageError(page)) SetPageError(newpage); if (PageReferenced(page)) SetPageReferenced(newpage); if (PageUptodate(page)) SetPageUptodate(newpage); if (PageActive(page)) SetPageActive(newpage); if (PageChecked(page)) SetPageChecked(newpage); if (PageMappedToDisk(page)) SetPageMappedToDisk(newpage); if (PageDirty(page)) { clear_page_dirty_for_io(page); __set_page_dirty_nobuffers(newpage); } #ifdef CONFIG_SWAP ClearPageSwapCache(page); #endif ClearPageActive(page); ClearPagePrivate(page); set_page_private(page, 0); page->mapping = NULL; if (PageWriteback(newpage)) end_page_writeback(newpage); }",linux-2.6,,,106148789377545520819544840724772887203,0 970,['CWE-189'],"fbShmCreatePixmap (pScreen, width, height, depth, addr) ScreenPtr pScreen; int width; int height; int depth; char *addr; { register PixmapPtr pPixmap; pPixmap = (*pScreen->CreatePixmap)(pScreen, 0, 0, pScreen->rootDepth, 0); if (!pPixmap) return NullPixmap; if (!(*pScreen->ModifyPixmapHeader)(pPixmap, width, height, depth, BitsPerPixel(depth), PixmapBytePad(width, depth), (pointer)addr)) { (*pScreen->DestroyPixmap)(pPixmap); return NullPixmap; } return pPixmap; }",xserver,,,40851158827191750035710423154527573520,0 3110,CWE-476,"GetOutboundPinholeTimeout(struct upnphttp * h, const char * action, const char * ns) { int r; static const char resp[] = """" ""%d"" """"; char body[512]; int bodylen; struct NameValueParserData data; char * int_ip, * int_port, * rem_host, * rem_port, * protocol; int opt=0; unsigned short iport, rport; if (GETFLAG(IPV6FCFWDISABLEDMASK)) { SoapError(h, 702, ""FirewallDisabled""); return; } ParseNameValue(h->req_buf + h->req_contentoff, h->req_contentlen, &data); int_ip = GetValueFromNameValueList(&data, ""InternalClient""); int_port = GetValueFromNameValueList(&data, ""InternalPort""); rem_host = GetValueFromNameValueList(&data, ""RemoteHost""); rem_port = GetValueFromNameValueList(&data, ""RemotePort""); protocol = GetValueFromNameValueList(&data, ""Protocol""); if (!int_port || !ext_port || !protocol) { ClearNameValueList(&data); SoapError(h, 402, ""Invalid Args""); return; } rport = (unsigned short)atoi(rem_port); iport = (unsigned short)atoi(int_port); syslog(LOG_INFO, ""%s: retrieving timeout for outbound pinhole from [%s]:%hu to [%s]:%hu protocol %s"", action, int_ip, iport,rem_host, rport, protocol); r = -1; switch(r) { case 1: bodylen = snprintf(body, sizeof(body), resp, action, ns , opt, action); BuildSendAndCloseSoapResp(h, body, bodylen); break; case -5: SoapError(h, 705, ""ProtocolNotSupported""); break; default: SoapError(h, 501, ""ActionFailed""); } ClearNameValueList(&data); }",visit repo url,miniupnpd/upnpsoap.c,https://github.com/miniupnp/miniupnp,205998267915652,1 5548,CWE-125,"ast2obj_excepthandler(void* _o) { excepthandler_ty o = (excepthandler_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case ExceptHandler_kind: result = PyType_GenericNew(ExceptHandler_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.ExceptHandler.type); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_identifier(o->v.ExceptHandler.name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ExceptHandler.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; } value = ast2obj_int(o->lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) < 0) goto failed; Py_DECREF(value); value = ast2obj_int(o->col_offset); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_col_offset, value) < 0) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,84888941853243,1 5698,CWE-125,"bgp_open_receive (struct peer *peer, bgp_size_t size) { int ret; u_char version; u_char optlen; u_int16_t holdtime; u_int16_t send_holdtime; as_t remote_as; struct peer *realpeer; struct in_addr remote_id; int capability; u_int8_t notify_data_remote_as[2]; u_int8_t notify_data_remote_id[4]; realpeer = NULL; version = stream_getc (peer->ibuf); memcpy (notify_data_remote_as, stream_pnt (peer->ibuf), 2); remote_as = stream_getw (peer->ibuf); holdtime = stream_getw (peer->ibuf); memcpy (notify_data_remote_id, stream_pnt (peer->ibuf), 4); remote_id.s_addr = stream_get_ipv4 (peer->ibuf); if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s rcv OPEN, version %d, remote-as %d, holdtime %d, id %s"", peer->host, version, remote_as, holdtime, inet_ntoa (remote_id)); if (CHECK_FLAG (peer->sflags, PEER_STATUS_ACCEPT_PEER)) { int as = 0; realpeer = peer_lookup_with_open (&peer->su, remote_as, &remote_id, &as); if (! realpeer) { if (as) { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s bad OPEN, wrong router identifier %s"", peer->host, inet_ntoa (remote_id)); bgp_notify_send_with_data (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_BAD_BGP_IDENT, notify_data_remote_id, 4); } else { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s bad OPEN, remote AS is %d, expected %d"", peer->host, remote_as, peer->as); bgp_notify_send_with_data (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_BAD_PEER_AS, notify_data_remote_as, 2); } return -1; } } ret = bgp_collision_detect (peer, remote_id); if (ret < 0) return ret; if (CHECK_FLAG (peer->sflags, PEER_STATUS_ACCEPT_PEER)) { if (realpeer->status == Established && CHECK_FLAG (realpeer->sflags, PEER_STATUS_NSF_MODE)) { realpeer->last_reset = PEER_DOWN_NSF_CLOSE_SESSION; SET_FLAG (realpeer->sflags, PEER_STATUS_NSF_WAIT); } else if (ret == 0 && realpeer->status != Active && realpeer->status != OpenSent && realpeer->status != OpenConfirm) { if (BGP_DEBUG (events, EVENTS)) zlog_debug (""%s peer status is %s close connection"", realpeer->host, LOOKUP (bgp_status_msg, realpeer->status)); bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONNECT_REJECT); return -1; } if (BGP_DEBUG (events, EVENTS)) zlog_debug (""%s [Event] Transfer temporary BGP peer to existing one"", peer->host); bgp_stop (realpeer); realpeer->fd = peer->fd; peer->fd = -1; stream_free (realpeer->ibuf); realpeer->ibuf = peer->ibuf; realpeer->packet_size = peer->packet_size; peer->ibuf = NULL; realpeer->status = peer->status; bgp_stop (peer); peer = realpeer; bgp_open_send (peer); if (peer->fd < 0) { zlog_err (""bgp_open_receive peer's fd is negative value %d"", peer->fd); return -1; } BGP_READ_ON (peer->t_read, bgp_read, peer->fd); } if (remote_id.s_addr == 0 || ntohl (remote_id.s_addr) >= 0xe0000000 || ntohl (peer->local_id.s_addr) == ntohl (remote_id.s_addr)) { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s bad OPEN, wrong router identifier %s"", peer->host, inet_ntoa (remote_id)); bgp_notify_send_with_data (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_BAD_BGP_IDENT, notify_data_remote_id, 4); return -1; } peer->remote_id = remote_id; if (version != BGP_VERSION_4) { u_int8_t maxver = BGP_VERSION_4; if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s bad protocol version, remote requested %d, local request %d"", peer->host, version, BGP_VERSION_4); bgp_notify_send_with_data (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_UNSUP_VERSION, &maxver, 1); return -1; } if (remote_as != peer->as) { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s bad OPEN, remote AS is %d, expected %d"", peer->host, remote_as, peer->as); bgp_notify_send_with_data (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_BAD_PEER_AS, notify_data_remote_as, 2); return -1; } if (holdtime < 3 && holdtime != 0) { bgp_notify_send (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_UNACEP_HOLDTIME); return -1; } if (CHECK_FLAG (peer->config, PEER_CONFIG_TIMER)) send_holdtime = peer->holdtime; else send_holdtime = peer->bgp->default_holdtime; if (holdtime < send_holdtime) peer->v_holdtime = holdtime; else peer->v_holdtime = send_holdtime; peer->v_keepalive = peer->v_holdtime / 3; capability = 0; optlen = stream_getc (peer->ibuf); if (optlen != 0) { ret = bgp_open_option_parse (peer, optlen, &capability); if (ret < 0) return ret; stream_forward_getp (peer->ibuf, optlen); } else { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s rcvd OPEN w/ OPTION parameter len: 0"", peer->host); } if (! capability || CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) { peer->afc_nego[AFI_IP][SAFI_UNICAST] = peer->afc[AFI_IP][SAFI_UNICAST]; peer->afc_nego[AFI_IP][SAFI_MULTICAST] = peer->afc[AFI_IP][SAFI_MULTICAST]; peer->afc_nego[AFI_IP6][SAFI_UNICAST] = peer->afc[AFI_IP6][SAFI_UNICAST]; peer->afc_nego[AFI_IP6][SAFI_MULTICAST] = peer->afc[AFI_IP6][SAFI_MULTICAST]; } bgp_getsockname (peer); BGP_EVENT_ADD (peer, Receive_OPEN_message); peer->packet_size = 0; if (peer->ibuf) stream_reset (peer->ibuf); return 0; }",visit repo url,bgpd/bgp_packet.c,https://github.com/FRRouting/frr,194934583975499,1 1452,[],"static int __build_sched_domains(const cpumask_t *cpu_map, struct sched_domain_attr *attr) { int i; struct root_domain *rd; SCHED_CPUMASK_DECLARE(allmasks); cpumask_t *tmpmask; #ifdef CONFIG_NUMA struct sched_group **sched_group_nodes = NULL; int sd_allnodes = 0; sched_group_nodes = kcalloc(MAX_NUMNODES, sizeof(struct sched_group *), GFP_KERNEL); if (!sched_group_nodes) { printk(KERN_WARNING ""Can not alloc sched group node list\n""); return -ENOMEM; } #endif rd = alloc_rootdomain(); if (!rd) { printk(KERN_WARNING ""Cannot alloc root domain\n""); #ifdef CONFIG_NUMA kfree(sched_group_nodes); #endif return -ENOMEM; } #if SCHED_CPUMASK_ALLOC allmasks = kmalloc(sizeof(*allmasks), GFP_KERNEL); if (!allmasks) { printk(KERN_WARNING ""Cannot alloc cpumask array\n""); kfree(rd); #ifdef CONFIG_NUMA kfree(sched_group_nodes); #endif return -ENOMEM; } #endif tmpmask = (cpumask_t *)allmasks; #ifdef CONFIG_NUMA sched_group_nodes_bycpu[first_cpu(*cpu_map)] = sched_group_nodes; #endif for_each_cpu_mask(i, *cpu_map) { struct sched_domain *sd = NULL, *p; SCHED_CPUMASK_VAR(nodemask, allmasks); *nodemask = node_to_cpumask(cpu_to_node(i)); cpus_and(*nodemask, *nodemask, *cpu_map); #ifdef CONFIG_NUMA if (cpus_weight(*cpu_map) > SD_NODES_PER_DOMAIN*cpus_weight(*nodemask)) { sd = &per_cpu(allnodes_domains, i); SD_INIT(sd, ALLNODES); set_domain_attribute(sd, attr); sd->span = *cpu_map; sd->first_cpu = first_cpu(sd->span); cpu_to_allnodes_group(i, cpu_map, &sd->groups, tmpmask); p = sd; sd_allnodes = 1; } else p = NULL; sd = &per_cpu(node_domains, i); SD_INIT(sd, NODE); set_domain_attribute(sd, attr); sched_domain_node_span(cpu_to_node(i), &sd->span); sd->first_cpu = first_cpu(sd->span); sd->parent = p; if (p) p->child = sd; cpus_and(sd->span, sd->span, *cpu_map); #endif p = sd; sd = &per_cpu(phys_domains, i); SD_INIT(sd, CPU); set_domain_attribute(sd, attr); sd->span = *nodemask; sd->first_cpu = first_cpu(sd->span); sd->parent = p; if (p) p->child = sd; cpu_to_phys_group(i, cpu_map, &sd->groups, tmpmask); #ifdef CONFIG_SCHED_MC p = sd; sd = &per_cpu(core_domains, i); SD_INIT(sd, MC); set_domain_attribute(sd, attr); sd->span = cpu_coregroup_map(i); sd->first_cpu = first_cpu(sd->span); cpus_and(sd->span, sd->span, *cpu_map); sd->parent = p; p->child = sd; cpu_to_core_group(i, cpu_map, &sd->groups, tmpmask); #endif #ifdef CONFIG_SCHED_SMT p = sd; sd = &per_cpu(cpu_domains, i); SD_INIT(sd, SIBLING); set_domain_attribute(sd, attr); sd->span = per_cpu(cpu_sibling_map, i); sd->first_cpu = first_cpu(sd->span); cpus_and(sd->span, sd->span, *cpu_map); sd->parent = p; p->child = sd; cpu_to_cpu_group(i, cpu_map, &sd->groups, tmpmask); #endif } #ifdef CONFIG_SCHED_SMT for_each_cpu_mask(i, *cpu_map) { SCHED_CPUMASK_VAR(this_sibling_map, allmasks); SCHED_CPUMASK_VAR(send_covered, allmasks); *this_sibling_map = per_cpu(cpu_sibling_map, i); cpus_and(*this_sibling_map, *this_sibling_map, *cpu_map); if (i != first_cpu(*this_sibling_map)) continue; init_sched_build_groups(this_sibling_map, cpu_map, &cpu_to_cpu_group, send_covered, tmpmask); } #endif #ifdef CONFIG_SCHED_MC for_each_cpu_mask(i, *cpu_map) { SCHED_CPUMASK_VAR(this_core_map, allmasks); SCHED_CPUMASK_VAR(send_covered, allmasks); *this_core_map = cpu_coregroup_map(i); cpus_and(*this_core_map, *this_core_map, *cpu_map); if (i != first_cpu(*this_core_map)) continue; init_sched_build_groups(this_core_map, cpu_map, &cpu_to_core_group, send_covered, tmpmask); } #endif for (i = 0; i < MAX_NUMNODES; i++) { SCHED_CPUMASK_VAR(nodemask, allmasks); SCHED_CPUMASK_VAR(send_covered, allmasks); *nodemask = node_to_cpumask(i); cpus_and(*nodemask, *nodemask, *cpu_map); if (cpus_empty(*nodemask)) continue; init_sched_build_groups(nodemask, cpu_map, &cpu_to_phys_group, send_covered, tmpmask); } #ifdef CONFIG_NUMA if (sd_allnodes) { SCHED_CPUMASK_VAR(send_covered, allmasks); init_sched_build_groups(cpu_map, cpu_map, &cpu_to_allnodes_group, send_covered, tmpmask); } for (i = 0; i < MAX_NUMNODES; i++) { struct sched_group *sg, *prev; SCHED_CPUMASK_VAR(nodemask, allmasks); SCHED_CPUMASK_VAR(domainspan, allmasks); SCHED_CPUMASK_VAR(covered, allmasks); int j; *nodemask = node_to_cpumask(i); cpus_clear(*covered); cpus_and(*nodemask, *nodemask, *cpu_map); if (cpus_empty(*nodemask)) { sched_group_nodes[i] = NULL; continue; } sched_domain_node_span(i, domainspan); cpus_and(*domainspan, *domainspan, *cpu_map); sg = kmalloc_node(sizeof(struct sched_group), GFP_KERNEL, i); if (!sg) { printk(KERN_WARNING ""Can not alloc domain group for "" ""node %d\n"", i); goto error; } sched_group_nodes[i] = sg; for_each_cpu_mask(j, *nodemask) { struct sched_domain *sd; sd = &per_cpu(node_domains, j); sd->groups = sg; } sg->__cpu_power = 0; sg->cpumask = *nodemask; sg->next = sg; cpus_or(*covered, *covered, *nodemask); prev = sg; for (j = 0; j < MAX_NUMNODES; j++) { SCHED_CPUMASK_VAR(notcovered, allmasks); int n = (i + j) % MAX_NUMNODES; node_to_cpumask_ptr(pnodemask, n); cpus_complement(*notcovered, *covered); cpus_and(*tmpmask, *notcovered, *cpu_map); cpus_and(*tmpmask, *tmpmask, *domainspan); if (cpus_empty(*tmpmask)) break; cpus_and(*tmpmask, *tmpmask, *pnodemask); if (cpus_empty(*tmpmask)) continue; sg = kmalloc_node(sizeof(struct sched_group), GFP_KERNEL, i); if (!sg) { printk(KERN_WARNING ""Can not alloc domain group for node %d\n"", j); goto error; } sg->__cpu_power = 0; sg->cpumask = *tmpmask; sg->next = prev->next; cpus_or(*covered, *covered, *tmpmask); prev->next = sg; prev = sg; } } #endif #ifdef CONFIG_SCHED_SMT for_each_cpu_mask(i, *cpu_map) { struct sched_domain *sd = &per_cpu(cpu_domains, i); init_sched_groups_power(i, sd); } #endif #ifdef CONFIG_SCHED_MC for_each_cpu_mask(i, *cpu_map) { struct sched_domain *sd = &per_cpu(core_domains, i); init_sched_groups_power(i, sd); } #endif for_each_cpu_mask(i, *cpu_map) { struct sched_domain *sd = &per_cpu(phys_domains, i); init_sched_groups_power(i, sd); } #ifdef CONFIG_NUMA for (i = 0; i < MAX_NUMNODES; i++) init_numa_sched_groups_power(sched_group_nodes[i]); if (sd_allnodes) { struct sched_group *sg; cpu_to_allnodes_group(first_cpu(*cpu_map), cpu_map, &sg, tmpmask); init_numa_sched_groups_power(sg); } #endif for_each_cpu_mask(i, *cpu_map) { struct sched_domain *sd; #ifdef CONFIG_SCHED_SMT sd = &per_cpu(cpu_domains, i); #elif defined(CONFIG_SCHED_MC) sd = &per_cpu(core_domains, i); #else sd = &per_cpu(phys_domains, i); #endif cpu_attach_domain(sd, rd, i); } SCHED_CPUMASK_FREE((void *)allmasks); return 0; #ifdef CONFIG_NUMA error: free_sched_groups(cpu_map, tmpmask); SCHED_CPUMASK_FREE((void *)allmasks); return -ENOMEM; #endif }",linux-2.6,,,268340266175428769960831924534521437827,0 3712,CWE-295,"x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, struct x509_verify_chain *chain, char *name) { size_t depth; X509 *last = x509_verify_chain_last(chain); X509 *leaf = x509_verify_chain_leaf(chain); depth = sk_X509_num(chain->certs); if (depth > 0) depth--; if (ctx->chains_count >= ctx->max_chains) return x509_verify_cert_error(ctx, last, depth, X509_V_ERR_CERT_CHAIN_TOO_LONG, 0); if (chain->cert_errors[depth] == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) chain->cert_errors[depth] = X509_V_OK; if (!x509_verify_ctx_validate_legacy_chain(ctx, chain, depth)) return 0; if ((ctx->chains[ctx->chains_count] = x509_verify_chain_dup(chain)) == NULL) { return x509_verify_cert_error(ctx, last, depth, X509_V_ERR_OUT_OF_MEM, 0); } if (!x509_verify_cert_valid(ctx, leaf, NULL)) return 0; if (!x509_verify_cert_hostname(ctx, leaf, name)) return 0; ctx->chains_count++; ctx->error = X509_V_OK; ctx->error_depth = depth; return 1; }",visit repo url,lib/libcrypto/x509/x509_verify.c,https://github.com/openbsd/src,36992300057820,1 508,CWE-476,"static int __rds_rdma_map(struct rds_sock *rs, struct rds_get_mr_args *args, u64 *cookie_ret, struct rds_mr **mr_ret) { struct rds_mr *mr = NULL, *found; unsigned int nr_pages; struct page **pages = NULL; struct scatterlist *sg; void *trans_private; unsigned long flags; rds_rdma_cookie_t cookie; unsigned int nents; long i; int ret; if (rs->rs_bound_addr == 0) { ret = -ENOTCONN; goto out; } if (!rs->rs_transport->get_mr) { ret = -EOPNOTSUPP; goto out; } nr_pages = rds_pages_in_vec(&args->vec); if (nr_pages == 0) { ret = -EINVAL; goto out; } if ((nr_pages - 1) > (RDS_MAX_MSG_SIZE >> PAGE_SHIFT)) { ret = -EMSGSIZE; goto out; } rdsdebug(""RDS: get_mr addr %llx len %llu nr_pages %u\n"", args->vec.addr, args->vec.bytes, nr_pages); pages = kcalloc(nr_pages, sizeof(struct page *), GFP_KERNEL); if (!pages) { ret = -ENOMEM; goto out; } mr = kzalloc(sizeof(struct rds_mr), GFP_KERNEL); if (!mr) { ret = -ENOMEM; goto out; } refcount_set(&mr->r_refcount, 1); RB_CLEAR_NODE(&mr->r_rb_node); mr->r_trans = rs->rs_transport; mr->r_sock = rs; if (args->flags & RDS_RDMA_USE_ONCE) mr->r_use_once = 1; if (args->flags & RDS_RDMA_INVALIDATE) mr->r_invalidate = 1; if (args->flags & RDS_RDMA_READWRITE) mr->r_write = 1; ret = rds_pin_pages(args->vec.addr, nr_pages, pages, 1); if (ret < 0) goto out; nents = ret; sg = kcalloc(nents, sizeof(*sg), GFP_KERNEL); if (!sg) { ret = -ENOMEM; goto out; } WARN_ON(!nents); sg_init_table(sg, nents); for (i = 0 ; i < nents; i++) sg_set_page(&sg[i], pages[i], PAGE_SIZE, 0); rdsdebug(""RDS: trans_private nents is %u\n"", nents); trans_private = rs->rs_transport->get_mr(sg, nents, rs, &mr->r_key); if (IS_ERR(trans_private)) { for (i = 0 ; i < nents; i++) put_page(sg_page(&sg[i])); kfree(sg); ret = PTR_ERR(trans_private); goto out; } mr->r_trans_private = trans_private; rdsdebug(""RDS: get_mr put_user key is %x cookie_addr %p\n"", mr->r_key, (void *)(unsigned long) args->cookie_addr); cookie = rds_rdma_make_cookie(mr->r_key, args->vec.addr & ~PAGE_MASK); if (cookie_ret) *cookie_ret = cookie; if (args->cookie_addr && put_user(cookie, (u64 __user *)(unsigned long) args->cookie_addr)) { ret = -EFAULT; goto out; } spin_lock_irqsave(&rs->rs_rdma_lock, flags); found = rds_mr_tree_walk(&rs->rs_rdma_keys, mr->r_key, mr); spin_unlock_irqrestore(&rs->rs_rdma_lock, flags); BUG_ON(found && found != mr); rdsdebug(""RDS: get_mr key is %x\n"", mr->r_key); if (mr_ret) { refcount_inc(&mr->r_refcount); *mr_ret = mr; } ret = 0; out: kfree(pages); if (mr) rds_mr_put(mr); return ret; }",visit repo url,net/rds/rdma.c,https://github.com/torvalds/linux,86135451227574,1 6743,CWE-119,"BZIP3_API s32 bz3_decode_block(struct bz3_state * state, u8 * buffer, s32 data_size, s32 orig_size) { u32 crc32 = read_neutral_s32(buffer); s32 bwt_idx = read_neutral_s32(buffer + 4); if (data_size > bz3_bound(state->block_size) || data_size < 0) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } if (bwt_idx == -1) { if (data_size - 8 > 64) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } memmove(buffer, buffer + 8, data_size - 8); if (crc32sum(1, buffer, data_size - 8) != crc32) { state->last_error = BZ3_ERR_CRC; return -1; } return data_size - 8; } s8 model = buffer[8]; s32 lzp_size = -1, rle_size = -1, p = 0; if (model & 2) lzp_size = read_neutral_s32(buffer + 9 + 4 * p++); if (model & 4) rle_size = read_neutral_s32(buffer + 9 + 4 * p++); p += 2; data_size -= p * 4 + 1; if (((model & 2) && (lzp_size > bz3_bound(state->block_size) || lzp_size < 0)) || ((model & 4) && (rle_size > bz3_bound(state->block_size) || rle_size < 0))) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } if (orig_size > bz3_bound(state->block_size) || orig_size < 0) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } u8 *b1 = buffer, *b2 = state->swap_buffer; begin(state->cm_state); state->cm_state->in_queue = b1 + p * 4 + 1; state->cm_state->input_ptr = 0; state->cm_state->input_max = data_size; s32 size_src; if (model & 2) size_src = lzp_size; else if (model & 4) size_src = rle_size; else size_src = orig_size; decode_bytes(state->cm_state, b2, size_src); swap(b1, b2); if (bwt_idx >= size_src) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } if (libsais_unbwt(b1, b2, state->sais_array, size_src, NULL, bwt_idx) < 0) { state->last_error = BZ3_ERR_BWT; return -1; } swap(b1, b2); if (model & 2) { size_src = lzp_decompress(b1, b2, lzp_size, bz3_bound(state->block_size), state->lzp_lut); if (size_src == -1) { state->last_error = BZ3_ERR_CRC; return -1; } swap(b1, b2); } if (model & 4) { int err = mrled(b1, b2, orig_size, size_src); if(err) { state->last_error = BZ3_ERR_CRC; return -1; } size_src = orig_size; swap(b1, b2); } state->last_error = BZ3_OK; if (size_src > bz3_bound(state->block_size) || size_src < 0) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } if (b1 != buffer) memcpy(buffer, b1, size_src); if (crc32 != crc32sum(1, buffer, size_src)) { state->last_error = BZ3_ERR_CRC; return -1; } return size_src; }",visit repo url,src/libbz3.c,https://github.com/kspalaiologos/bzip3,269154009444617,1 1147,['CWE-362'],"static int __init dnotify_init(void) { dn_cache = kmem_cache_create(""dnotify_cache"", sizeof(struct dnotify_struct), 0, SLAB_PANIC, NULL); return 0; }",linux-2.6,,,328109132220322921418489475069567699429,0 6133,CWE-190,"static void ep_mul_reg_imp(ep_t r, const ep_t p, const bn_t k) { bn_t _k; int i, j, l, n; int8_t s, reg[1 + RLC_CEIL(RLC_FP_BITS + 1, EP_WIDTH - 1)]; ep_t t[1 << (EP_WIDTH - 2)], u, v; if (bn_is_zero(k)) { ep_set_infty(r); return; } bn_null(_k); RLC_TRY { bn_new(_k); ep_new(u); ep_new(v); for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep_null(t[i]); ep_new(t[i]); } ep_tab(t, p, EP_WIDTH); ep_curve_get_ord(_k); n = bn_bits(_k); bn_abs(_k, k); _k->dp[0] |= 1; l = RLC_CEIL(n, EP_WIDTH - 1) + 1; bn_rec_reg(reg, &l, _k, n, EP_WIDTH); #if defined(EP_MIXED) fp_set_dig(u->z, 1); u->coord = BASIC; #else u->coord = EP_ADD; #endif ep_set_infty(r); for (i = l - 1; i >= 0; i--) { for (j = 0; j < EP_WIDTH - 1; j++) { ep_dbl(r, r); } n = reg[i]; s = (n >> 7); n = ((n ^ s) - s) >> 1; for (j = 0; j < (1 << (EP_WIDTH - 2)); j++) { dv_copy_cond(u->x, t[j]->x, RLC_FP_DIGS, j == n); dv_copy_cond(u->y, t[j]->y, RLC_FP_DIGS, j == n); #if !defined(EP_MIXED) dv_copy_cond(u->z, t[j]->z, RLC_FP_DIGS, j == n); #endif } ep_neg(v, u); dv_copy_cond(u->y, v->y, RLC_FP_DIGS, s != 0); ep_add(r, r, u); } ep_sub(u, r, t[0]); dv_copy_cond(r->x, u->x, RLC_FP_DIGS, bn_is_even(k)); dv_copy_cond(r->y, u->y, RLC_FP_DIGS, bn_is_even(k)); dv_copy_cond(r->z, u->z, RLC_FP_DIGS, bn_is_even(k)); ep_norm(r, r); ep_neg(u, r); dv_copy_cond(r->y, u->y, RLC_FP_DIGS, bn_sign(k) == RLC_NEG); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep_free(t[i]); } bn_free(_k); ep_free(u); ep_free(v); } }",visit repo url,src/ep/relic_ep_mul.c,https://github.com/relic-toolkit/relic,215410664046741,1 5334,CWE-787,"static void cstm(JF, js_Ast *stm) { js_Ast *target; int loop, cont, then, end; emitline(J, F, stm); switch (stm->type) { case AST_FUNDEC: break; case STM_BLOCK: cstmlist(J, F, stm->a); break; case STM_EMPTY: if (F->script) { emitline(J, F, stm); emit(J, F, OP_POP); emit(J, F, OP_UNDEF); } break; case STM_VAR: cvarinit(J, F, stm->a); break; case STM_IF: if (stm->c) { cexp(J, F, stm->a); emitline(J, F, stm); then = emitjump(J, F, OP_JTRUE); cstm(J, F, stm->c); emitline(J, F, stm); end = emitjump(J, F, OP_JUMP); label(J, F, then); cstm(J, F, stm->b); label(J, F, end); } else { cexp(J, F, stm->a); emitline(J, F, stm); end = emitjump(J, F, OP_JFALSE); cstm(J, F, stm->b); label(J, F, end); } break; case STM_DO: loop = here(J, F); cstm(J, F, stm->a); cont = here(J, F); cexp(J, F, stm->b); emitline(J, F, stm); emitjumpto(J, F, OP_JTRUE, loop); labeljumps(J, F, stm->jumps, here(J,F), cont); break; case STM_WHILE: loop = here(J, F); cexp(J, F, stm->a); emitline(J, F, stm); end = emitjump(J, F, OP_JFALSE); cstm(J, F, stm->b); emitline(J, F, stm); emitjumpto(J, F, OP_JUMP, loop); label(J, F, end); labeljumps(J, F, stm->jumps, here(J,F), loop); break; case STM_FOR: case STM_FOR_VAR: if (stm->type == STM_FOR_VAR) { cvarinit(J, F, stm->a); } else { if (stm->a) { cexp(J, F, stm->a); emit(J, F, OP_POP); } } loop = here(J, F); if (stm->b) { cexp(J, F, stm->b); emitline(J, F, stm); end = emitjump(J, F, OP_JFALSE); } else { end = 0; } cstm(J, F, stm->d); cont = here(J, F); if (stm->c) { cexp(J, F, stm->c); emit(J, F, OP_POP); } emitline(J, F, stm); emitjumpto(J, F, OP_JUMP, loop); if (end) label(J, F, end); labeljumps(J, F, stm->jumps, here(J,F), cont); break; case STM_FOR_IN: case STM_FOR_IN_VAR: cexp(J, F, stm->b); emitline(J, F, stm); emit(J, F, OP_ITERATOR); loop = here(J, F); { emitline(J, F, stm); emit(J, F, OP_NEXTITER); end = emitjump(J, F, OP_JFALSE); cassignforin(J, F, stm); if (F->script) { emit(J, F, OP_ROT2); cstm(J, F, stm->c); emit(J, F, OP_ROT2); } else { cstm(J, F, stm->c); } emitline(J, F, stm); emitjumpto(J, F, OP_JUMP, loop); } label(J, F, end); labeljumps(J, F, stm->jumps, here(J,F), loop); break; case STM_SWITCH: cswitch(J, F, stm->a, stm->b); labeljumps(J, F, stm->jumps, here(J,F), 0); break; case STM_LABEL: cstm(J, F, stm->b); while (stm->type == STM_LABEL) stm = stm->b; if (!isloop(stm->type) && stm->type != STM_SWITCH) labeljumps(J, F, stm->jumps, here(J,F), 0); break; case STM_BREAK: if (stm->a) { checkfutureword(J, F, stm->a); target = breaktarget(J, F, stm->parent, stm->a->string); if (!target) jsC_error(J, stm, ""break label '%s' not found"", stm->a->string); } else { target = breaktarget(J, F, stm->parent, NULL); if (!target) jsC_error(J, stm, ""unlabelled break must be inside loop or switch""); } cexit(J, F, STM_BREAK, stm, target); emitline(J, F, stm); addjump(J, F, STM_BREAK, target, emitjump(J, F, OP_JUMP)); break; case STM_CONTINUE: if (stm->a) { checkfutureword(J, F, stm->a); target = continuetarget(J, F, stm->parent, stm->a->string); if (!target) jsC_error(J, stm, ""continue label '%s' not found"", stm->a->string); } else { target = continuetarget(J, F, stm->parent, NULL); if (!target) jsC_error(J, stm, ""continue must be inside loop""); } cexit(J, F, STM_CONTINUE, stm, target); emitline(J, F, stm); addjump(J, F, STM_CONTINUE, target, emitjump(J, F, OP_JUMP)); break; case STM_RETURN: if (stm->a) cexp(J, F, stm->a); else emit(J, F, OP_UNDEF); target = returntarget(J, F, stm->parent); if (!target) jsC_error(J, stm, ""return not in function""); cexit(J, F, STM_RETURN, stm, target); emitline(J, F, stm); emit(J, F, OP_RETURN); break; case STM_THROW: cexp(J, F, stm->a); emitline(J, F, stm); emit(J, F, OP_THROW); break; case STM_WITH: F->lightweight = 0; if (F->strict) jsC_error(J, stm->a, ""'with' statements are not allowed in strict mode""); cexp(J, F, stm->a); emitline(J, F, stm); emit(J, F, OP_WITH); cstm(J, F, stm->b); emitline(J, F, stm); emit(J, F, OP_ENDWITH); break; case STM_TRY: emitline(J, F, stm); if (stm->b && stm->c) { F->lightweight = 0; if (stm->d) ctrycatchfinally(J, F, stm->a, stm->b, stm->c, stm->d); else ctrycatch(J, F, stm->a, stm->b, stm->c); } else { ctryfinally(J, F, stm->a, stm->d); } break; case STM_DEBUGGER: emitline(J, F, stm); emit(J, F, OP_DEBUGGER); break; default: if (F->script) { emitline(J, F, stm); emit(J, F, OP_POP); cexp(J, F, stm); } else { cexp(J, F, stm); emitline(J, F, stm); emit(J, F, OP_POP); } break; } }",visit repo url,jscompile.c,https://github.com/ccxvii/mujs,26925673048529,1 6745,['CWE-310'],"add_connection (NMConnectionList *self, NMConnectionEditor *editor, NMConnection *connection, ConnectionAddedFn callback, gpointer user_data) { NMExportedConnection *exported = NULL; NMConnectionScope scope; gboolean success = FALSE; GError *error = NULL; scope = nm_connection_get_scope (connection); if (scope == NM_CONNECTION_SCOPE_SYSTEM) { success = utils_fill_connection_certs (connection, &error); if (success) { success = nm_dbus_settings_system_add_connection (self->system_settings, connection, &error); utils_clear_filled_connection_certs (connection); } if (!success) { gboolean pending_auth = FALSE; GtkWindow *parent; parent = nm_connection_editor_get_window (editor); if (pk_helper_is_permission_denied_error (error)) { ConnectionAddInfo *info; GError *auth_error = NULL; info = g_slice_new (ConnectionAddInfo); info->list = self; info->editor = editor; info->connection = g_object_ref (connection); info->callback = callback; info->user_data = user_data; pending_auth = pk_helper_obtain_auth (error, parent, add_connection_cb, info, &auth_error); if (auth_error) { error_dialog (parent, _(""Could not add connection""), ""%s"", auth_error->message); g_error_free (auth_error); } if (!pending_auth) { g_object_unref (info->connection); g_slice_free (ConnectionAddInfo, info); } } else { error_dialog (parent, _(""Could not add connection""), ""%s"", error->message); } g_error_free (error); if (pending_auth) return; } } else if (scope == NM_CONNECTION_SCOPE_USER) { exported = (NMExportedConnection *) nma_gconf_settings_add_connection (self->gconf_settings, connection); success = exported != NULL; if (success && editor) nm_connection_editor_save_vpn_secrets (editor); } else g_warning (""%s: unhandled connection scope %d!"", __func__, scope); if (callback) callback (exported, success, user_data); if (exported) g_object_unref (exported); }",network-manager-applet,,,44671805515288112074692234293499578413,0 4249,['CWE-119'],"sctp_disposition_t sctp_sf_do_9_2_shut_ctsn(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; sctp_shutdownhdr_t *sdh; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_shutdown_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); sdh = (sctp_shutdownhdr_t *)chunk->skb->data; if (!TSN_lt(ntohl(sdh->cum_tsn_ack), asoc->next_tsn)) return sctp_sf_violation_ctsn(ep, asoc, type, arg, commands); sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_CTSN, SCTP_BE32(sdh->cum_tsn_ack)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,290383404489431380622757504451458067501,0 5820,['CWE-200'],"static int econet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { struct sockaddr_ec *sec = (struct sockaddr_ec *)uaddr; struct sock *sk; struct econet_sock *eo; if (addr_len < sizeof(struct sockaddr_ec) || sec->sec_family != AF_ECONET) return -EINVAL; mutex_lock(&econet_mutex); sk = sock->sk; eo = ec_sk(sk); eo->cb = sec->cb; eo->port = sec->port; eo->station = sec->addr.station; eo->net = sec->addr.net; mutex_unlock(&econet_mutex); return 0; }",linux-2.6,,,72473236791753185101829264130217860248,0 434,[],"pfm_probe_pmu(void) { pmu_config_t **p; int family; family = local_cpu_data->family; p = pmu_confs; while(*p) { if ((*p)->probe) { if ((*p)->probe() == 0) goto found; } else if ((*p)->pmu_family == family || (*p)->pmu_family == 0xff) { goto found; } p++; } return -1; found: pmu_conf = *p; return 0; }",linux-2.6,,,42512750305727949405757255134077325323,0 73,CWE-772,"purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg, *funcname; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; funcname = ""kadm5_purgekeys""; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (!cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, arg->princ, NULL))) { ret.code = KADM5_AUTH_MODIFY; log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp); } else { ret.code = kadm5_purgekeys((void *)handle, arg->princ, arg->keepkvno); if (ret.code != 0) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(funcname, prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,193145990773544,1 6467,[],"lt_dlhandle_map (lt_dlinterface_id iface, int (*func) (lt_dlhandle handle, void *data), void *data) { lt__interface_id *iterator = (lt__interface_id *) iface; lt_dlhandle cur = handles; assert (iface); while (cur) { int errorcode = 0; while (cur && iterator->iface && ((*iterator->iface) (cur, iterator->id_string) != 0)) { cur = cur->next; } if ((errorcode = (*func) (cur, data)) != 0) return errorcode; } return 0; }",libtool,,,178980128024429270725180570945302275418,0 2559,[],"static int macroexpand(struct attr_stack *stk, int rem) { int i; struct git_attr_check *check = check_all_attr; for (i = stk->num_matches - 1; 0 < rem && 0 <= i; i--) { struct match_attr *a = stk->attrs[i]; if (!a->is_macro) continue; if (check[a->u.attr->attr_nr].value != ATTR__TRUE) continue; rem = fill_one(""expand"", a, rem); } return rem; }",git,,,289192753288879129678793031128692357082,0 3795,CWE-416,"lambda_function_body( char_u **arg, typval_T *rettv, evalarg_T *evalarg, garray_T *newargs, garray_T *argtypes, int varargs, garray_T *default_args, char_u *ret_type) { int evaluate = (evalarg->eval_flags & EVAL_EVALUATE); garray_T *gap = &evalarg->eval_ga; garray_T *freegap = &evalarg->eval_freega; ufunc_T *ufunc = NULL; exarg_T eap; garray_T newlines; char_u *cmdline = NULL; int ret = FAIL; char_u *line_to_free = NULL; partial_T *pt; char_u *name; int lnum_save = -1; linenr_T sourcing_lnum_top = SOURCING_LNUM; if (!ends_excmd2(*arg, skipwhite(*arg + 1))) { semsg(_(e_trailing_characters_str), *arg + 1); return FAIL; } CLEAR_FIELD(eap); eap.cmdidx = CMD_block; eap.forceit = FALSE; eap.cmdlinep = &cmdline; eap.skip = !evaluate; if (evalarg->eval_cctx != NULL) fill_exarg_from_cctx(&eap, evalarg->eval_cctx); else { eap.getline = evalarg->eval_getline; eap.cookie = evalarg->eval_cookie; } ga_init2(&newlines, (int)sizeof(char_u *), 10); if (get_function_body(&eap, &newlines, NULL, &line_to_free) == FAIL) { if (cmdline != line_to_free) vim_free(cmdline); goto erret; } evalarg->eval_break_count += newlines.ga_len; if (gap->ga_itemsize > 0) { int idx; char_u *last; size_t plen; char_u *pnl; for (idx = 0; idx < newlines.ga_len; ++idx) { char_u *p = skipwhite(((char_u **)newlines.ga_data)[idx]); if (ga_grow(gap, 1) == FAIL || ga_grow(freegap, 1) == FAIL) goto erret; if (*p == NUL || vim9_comment_start(p)) p = (char_u *)""""; plen = STRLEN(p); pnl = vim_strnsave((char_u *)""\n"", plen + 1); if (pnl != NULL) mch_memmove(pnl + 1, p, plen + 1); ((char_u **)gap->ga_data)[gap->ga_len++] = pnl; ((char_u **)freegap->ga_data)[freegap->ga_len++] = pnl; } if (ga_grow(gap, 1) == FAIL || ga_grow(freegap, 1) == FAIL) goto erret; if (eap.nextcmd != NULL) last = cmdline; else last = (char_u *)""}""; plen = STRLEN(last); pnl = vim_strnsave((char_u *)""\n"", plen + 1); if (pnl != NULL) mch_memmove(pnl + 1, last, plen + 1); ((char_u **)gap->ga_data)[gap->ga_len++] = pnl; ((char_u **)freegap->ga_data)[freegap->ga_len++] = pnl; } if (eap.nextcmd != NULL) { garray_T *tfgap = &evalarg->eval_tofree_ga; *arg = eap.nextcmd; if (ga_grow(tfgap, 1) == OK) { ((char_u **)(tfgap->ga_data))[tfgap->ga_len++] = cmdline; evalarg->eval_using_cmdline = TRUE; if (cmdline == line_to_free) line_to_free = NULL; } } else *arg = (char_u *)""""; if (!evaluate) { ret = OK; goto erret; } name = get_lambda_name(); ufunc = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); if (ufunc == NULL) goto erret; set_ufunc_name(ufunc, name); if (hash_add(&func_hashtab, UF2HIKEY(ufunc)) == FAIL) goto erret; ufunc->uf_flags = FC_LAMBDA; ufunc->uf_refcount = 1; ufunc->uf_args = *newargs; newargs->ga_data = NULL; ufunc->uf_def_args = *default_args; default_args->ga_data = NULL; ufunc->uf_func_type = &t_func_any; lnum_save = SOURCING_LNUM; SOURCING_LNUM = sourcing_lnum_top; if (parse_argument_types(ufunc, argtypes, varargs) == FAIL) { SOURCING_LNUM = lnum_save; goto erret; } if (parse_return_type(ufunc, ret_type) == FAIL) goto erret; pt = ALLOC_CLEAR_ONE(partial_T); if (pt == NULL) goto erret; pt->pt_func = ufunc; pt->pt_refcount = 1; ufunc->uf_lines = newlines; newlines.ga_data = NULL; if (sandbox) ufunc->uf_flags |= FC_SANDBOX; if (!ASCII_ISUPPER(*ufunc->uf_name)) ufunc->uf_flags |= FC_VIM9; ufunc->uf_script_ctx = current_sctx; ufunc->uf_script_ctx_version = current_sctx.sc_version; ufunc->uf_script_ctx.sc_lnum += sourcing_lnum_top; set_function_type(ufunc); function_using_block_scopes(ufunc, evalarg->eval_cstack); rettv->vval.v_partial = pt; rettv->v_type = VAR_PARTIAL; ufunc = NULL; ret = OK; erret: if (lnum_save >= 0) SOURCING_LNUM = lnum_save; vim_free(line_to_free); ga_clear_strings(&newlines); if (newargs != NULL) ga_clear_strings(newargs); ga_clear_strings(default_args); if (ufunc != NULL) { func_clear(ufunc, TRUE); func_free(ufunc, TRUE); } return ret; }",visit repo url,src/userfunc.c,https://github.com/vim/vim,133088585761124,1 2659,[],"static int sctp_setsockopt_partial_delivery_point(struct sock *sk, char __user *optval, int optlen) { u32 val; if (optlen != sizeof(u32)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; sctp_sk(sk)->pd_point = val; return 0; }",linux-2.6,,,60657552168287375471940559259537491944,0 2571,[],"int git_checkattr(const char *path, int num, struct git_attr_check *check) { struct attr_stack *stk; const char *cp; int dirlen, pathlen, i, rem; bootstrap_attr_stack(); for (i = 0; i < attr_nr; i++) check_all_attr[i].value = ATTR__UNKNOWN; pathlen = strlen(path); cp = strrchr(path, '/'); if (!cp) dirlen = 0; else dirlen = cp - path; prepare_attr_stack(path, dirlen); rem = attr_nr; for (stk = attr_stack; 0 < rem && stk; stk = stk->prev) rem = fill(path, pathlen, stk, rem); for (stk = attr_stack; 0 < rem && stk; stk = stk->prev) rem = macroexpand(stk, rem); for (i = 0; i < num; i++) { const char *value = check_all_attr[check[i].attr->attr_nr].value; if (value == ATTR__UNKNOWN) value = ATTR__UNSET; check[i].value = value; } return 0; }",git,,,214283649297373209349769029848282735252,0 630,['CWE-189'],"static const char *get_info_element_string(u16 id) { switch (id) { MFIE_STRING(SSID); MFIE_STRING(RATES); MFIE_STRING(FH_SET); MFIE_STRING(DS_SET); MFIE_STRING(CF_SET); MFIE_STRING(TIM); MFIE_STRING(IBSS_SET); MFIE_STRING(COUNTRY); MFIE_STRING(HOP_PARAMS); MFIE_STRING(HOP_TABLE); MFIE_STRING(REQUEST); MFIE_STRING(CHALLENGE); MFIE_STRING(POWER_CONSTRAINT); MFIE_STRING(POWER_CAPABILITY); MFIE_STRING(TPC_REQUEST); MFIE_STRING(TPC_REPORT); MFIE_STRING(SUPP_CHANNELS); MFIE_STRING(CSA); MFIE_STRING(MEASURE_REQUEST); MFIE_STRING(MEASURE_REPORT); MFIE_STRING(QUIET); MFIE_STRING(IBSS_DFS); MFIE_STRING(ERP_INFO); MFIE_STRING(RSN); MFIE_STRING(RATES_EX); MFIE_STRING(GENERIC); MFIE_STRING(QOS_PARAMETER); default: return ""UNKNOWN""; } }",linux-2.6,,,213324770685370939337385154359392358847,0 823,['CWE-16'],"static int esp_input_done2(struct sk_buff *skb, int err) { struct iphdr *iph; struct xfrm_state *x = xfrm_input_state(skb); struct esp_data *esp = x->data; struct crypto_aead *aead = esp->aead; int alen = crypto_aead_authsize(aead); int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); int elen = skb->len - hlen; int ihl; u8 nexthdr[2]; int padlen; kfree(ESP_SKB_CB(skb)->tmp); if (unlikely(err)) goto out; if (skb_copy_bits(skb, skb->len-alen-2, nexthdr, 2)) BUG(); err = -EINVAL; padlen = nexthdr[0]; if (padlen + 2 + alen >= elen) goto out; iph = ip_hdr(skb); ihl = iph->ihl * 4; if (x->encap) { struct xfrm_encap_tmpl *encap = x->encap; struct udphdr *uh = (void *)(skb_network_header(skb) + ihl); if (iph->saddr != x->props.saddr.a4 || uh->source != encap->encap_sport) { xfrm_address_t ipaddr; ipaddr.a4 = iph->saddr; km_new_mapping(x, &ipaddr, uh->source); } if (x->props.mode == XFRM_MODE_TRANSPORT) skb->ip_summed = CHECKSUM_UNNECESSARY; } pskb_trim(skb, skb->len - alen - padlen - 2); __skb_pull(skb, hlen); skb_set_transport_header(skb, -ihl); err = nexthdr[1]; if (err == IPPROTO_NONE) err = -EINVAL; out: return err; }",linux-2.6,,,144110627644527992970720016190703260807,0 3842,[],"int cap_ptrace_traceme(struct task_struct *parent) { if (cap_issubset(current->cap_permitted, parent->cap_permitted)) return 0; if (has_capability(parent, CAP_SYS_PTRACE)) return 0; return -EPERM; }",linux-2.6,,,81131893495168589621422017011373833967,0 455,[],"pfm_set_task_notify(struct task_struct *task) { struct thread_info *info; info = (struct thread_info *) ((char *) task + IA64_TASK_SIZE); set_bit(TIF_NOTIFY_RESUME, &info->flags); }",linux-2.6,,,154108096540234126776008345128478454876,0 4224,['CWE-399'],"struct Qdisc * qdisc_create_dflt(struct net_device *dev, struct Qdisc_ops *ops, unsigned int parentid) { struct Qdisc *sch; sch = qdisc_alloc(dev, ops); if (IS_ERR(sch)) goto errout; sch->stats_lock = &dev->queue_lock; sch->parent = parentid; if (!ops->init || ops->init(sch, NULL) == 0) return sch; qdisc_destroy(sch); errout: return NULL; }",linux-2.6,,,52614530388873993034772144655827610672,0 1490,[],"int idle_cpu(int cpu) { return cpu_curr(cpu) == cpu_rq(cpu)->idle; }",linux-2.6,,,242319714686278670471203562035698501888,0 811,CWE-20,"static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; unsigned int copied, rlen; struct sk_buff *skb, *cskb; int err = 0; pr_debug(""%p %zu\n"", sk, len); msg->msg_namelen = 0; lock_sock(sk); if (sk->sk_state == LLCP_CLOSED && skb_queue_empty(&sk->sk_receive_queue)) { release_sock(sk); return 0; } release_sock(sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { pr_err(""Recv datagram failed state %d %d %d"", sk->sk_state, err, sock_error(sk)); if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } rlen = skb->len; copied = min_t(unsigned int, rlen, len); cskb = skb; if (skb_copy_datagram_iovec(cskb, 0, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } sock_recv_timestamp(msg, sk, skb); if (sk->sk_type == SOCK_DGRAM && msg->msg_name) { struct nfc_llcp_ui_cb *ui_cb = nfc_llcp_ui_skb_cb(skb); struct sockaddr_nfc_llcp *sockaddr = (struct sockaddr_nfc_llcp *) msg->msg_name; msg->msg_namelen = sizeof(struct sockaddr_nfc_llcp); pr_debug(""Datagram socket %d %d\n"", ui_cb->dsap, ui_cb->ssap); memset(sockaddr, 0, sizeof(*sockaddr)); sockaddr->sa_family = AF_NFC; sockaddr->nfc_protocol = NFC_PROTO_NFC_DEP; sockaddr->dsap = ui_cb->dsap; sockaddr->ssap = ui_cb->ssap; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) { skb_pull(skb, copied); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); goto done; } } kfree_skb(skb); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/nfc/llcp_sock.c,https://github.com/torvalds/linux,259541481085604,1 837,CWE-20,"static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct rose_sock *rose = rose_sk(sk); struct sockaddr_rose *srose = (struct sockaddr_rose *)msg->msg_name; size_t copied; unsigned char *asmptr; struct sk_buff *skb; int n, er, qbit; if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; if ((skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &er)) == NULL) return er; qbit = (skb->data[0] & ROSE_Q_BIT) == ROSE_Q_BIT; skb_pull(skb, ROSE_MIN_LEN); if (rose->qbitincl) { asmptr = skb_push(skb, 1); *asmptr = qbit; } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (srose != NULL) { memset(srose, 0, msg->msg_namelen); srose->srose_family = AF_ROSE; srose->srose_addr = rose->dest_addr; srose->srose_call = rose->dest_call; srose->srose_ndigis = rose->dest_ndigis; if (msg->msg_namelen >= sizeof(struct full_sockaddr_rose)) { struct full_sockaddr_rose *full_srose = (struct full_sockaddr_rose *)msg->msg_name; for (n = 0 ; n < rose->dest_ndigis ; n++) full_srose->srose_digis[n] = rose->dest_digis[n]; msg->msg_namelen = sizeof(struct full_sockaddr_rose); } else { if (rose->dest_ndigis >= 1) { srose->srose_ndigis = 1; srose->srose_digi = rose->dest_digis[0]; } msg->msg_namelen = sizeof(struct sockaddr_rose); } } skb_free_datagram(sk, skb); return copied; }",visit repo url,net/rose/af_rose.c,https://github.com/torvalds/linux,102675711192841,1 6617,CWE-787,"static int MqttClient_WaitType(MqttClient *client, void *packet_obj, byte wait_type, word16 wait_packet_id, int timeout_ms) { int rc; word16 packet_id; MqttPacketType packet_type; #ifdef WOLFMQTT_MULTITHREAD MqttPendResp *pendResp; int readLocked; #endif MqttMsgStat* mms_stat; int waitMatchFound; if (client == NULL || packet_obj == NULL) { return MQTT_CODE_ERROR_BAD_ARG; } mms_stat = (MqttMsgStat*)packet_obj; wait_again: packet_id = 0; packet_type = MQTT_PACKET_TYPE_RESERVED; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; readLocked = 0; #endif waitMatchFound = 0; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Type %s (%d), ID %d"", MqttPacket_TypeDesc((MqttPacketType)wait_type), wait_type, wait_packet_id); #endif switch ((int)*mms_stat) { case MQTT_MSG_BEGIN: { #ifdef WOLFMQTT_MULTITHREAD rc = wm_SemLock(&client->lockRecv); if (rc != 0) { PRINTF(""MqttClient_WaitType: recv lock error!""); return rc; } readLocked = 1; #endif client->packet.stat = MQTT_PK_BEGIN; } FALL_THROUGH; #ifdef WOLFMQTT_V5 case MQTT_MSG_AUTH: #endif case MQTT_MSG_WAIT: { #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, (MqttPacketType)wait_type, wait_packet_id, &pendResp)) { if (pendResp->packetDone) { rc = pendResp->packet_ret; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp already Done %p: Rc %d"", pendResp, rc); #endif MqttClient_RespList_Remove(client, pendResp); wm_SemUnlock(&client->lockClient); wm_SemUnlock(&client->lockRecv); return rc; } } wm_SemUnlock(&client->lockClient); } else { break; } #endif *mms_stat = MQTT_MSG_WAIT; rc = MqttPacket_Read(client, client->rx_buf, client->rx_buf_len, timeout_ms); if (rc <= 0) { break; } client->packet.buf_len = rc; rc = MqttClient_DecodePacket(client, client->rx_buf, client->packet.buf_len, NULL, &packet_type, NULL, &packet_id); if (rc < 0) { break; } #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""Read Packet: Len %d, Type %d, ID %d"", client->packet.buf_len, packet_type, packet_id); #endif *mms_stat = MQTT_MSG_READ; } FALL_THROUGH; case MQTT_MSG_READ: case MQTT_MSG_READ_PAYLOAD: { MqttPacketType use_packet_type; void* use_packet_obj; #ifdef WOLFMQTT_MULTITHREAD readLocked = 1; #endif if (*mms_stat == MQTT_MSG_READ_PAYLOAD) { packet_type = MQTT_PACKET_TYPE_PUBLISH; } if ((wait_type == MQTT_PACKET_TYPE_ANY || wait_type == packet_type || MqttIsPubRespPacket(packet_type) == MqttIsPubRespPacket(wait_type)) && (wait_packet_id == 0 || wait_packet_id == packet_id)) { use_packet_obj = packet_obj; waitMatchFound = 1; } else { use_packet_obj = &client->msg; } use_packet_type = packet_type; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, packet_type, packet_id, &pendResp)) { pendResp->packetProcessing = 1; use_packet_obj = pendResp->packet_obj; use_packet_type = pendResp->packet_type; waitMatchFound = 0; } wm_SemUnlock(&client->lockClient); } else { break; } #endif rc = MqttClient_HandlePacket(client, use_packet_type, use_packet_obj, timeout_ms); #ifdef WOLFMQTT_NONBLOCK if (rc == MQTT_CODE_CONTINUE) { return rc; } #endif if (rc >= 0) { rc = MQTT_CODE_SUCCESS; } #ifdef WOLFMQTT_MULTITHREAD if (pendResp) { if (wm_SemLock(&client->lockClient) == 0) { pendResp->packetDone = 1; pendResp->packet_ret = rc; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp Done %p"", pendResp); #endif pendResp = NULL; wm_SemUnlock(&client->lockClient); } } #endif break; } case MQTT_MSG_WRITE: case MQTT_MSG_WRITE_PAYLOAD: default: { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Invalid state %d!"", *mms_stat); #endif rc = MQTT_CODE_ERROR_STAT; break; } } #ifdef WOLFMQTT_NONBLOCK if (rc != MQTT_CODE_CONTINUE) #endif { *mms_stat = MQTT_MSG_BEGIN; } #ifdef WOLFMQTT_MULTITHREAD if (readLocked) { wm_SemUnlock(&client->lockRecv); } #endif if (rc < 0) { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Failure: %s (%d)"", MqttClient_ReturnCodeToString(rc), rc); #endif return rc; } if (!waitMatchFound) { goto wait_again; } return rc; }",visit repo url,src/mqtt_client.c,https://github.com/wolfSSL/wolfMQTT,278703091752165,1 4304,CWE-787,"RList *r_bin_ne_get_entrypoints(r_bin_ne_obj_t *bin) { RList *entries = r_list_newf (free); if (!entries) { return NULL; } RBinAddr *entry; RList *segments = r_bin_ne_get_segments (bin); if (!segments) { r_list_free (entries); return NULL; } if (bin->ne_header->csEntryPoint) { entry = R_NEW0 (RBinAddr); if (!entry) { r_list_free (entries); return NULL; } entry->bits = 16; RBinSection *s = r_list_get_n (segments, bin->ne_header->csEntryPoint - 1); entry->paddr = bin->ne_header->ipEntryPoint + (s? s->paddr: 0); r_list_append (entries, entry); } int off = 0; while (off < bin->ne_header->EntryTableLength) { ut8 bundle_length = *(ut8 *)(bin->entry_table + off); if (!bundle_length) { break; } off++; ut8 bundle_type = *(ut8 *)(bin->entry_table + off); off++; int i; for (i = 0; i < bundle_length; i++) { entry = R_NEW0 (RBinAddr); if (!entry) { r_list_free (entries); return NULL; } off++; if (!bundle_type) { off--; free (entry); break; } else if (bundle_type == 0xFF) { off += 2; ut8 segnum = *(bin->entry_table + off); off++; ut16 segoff = *(ut16 *)(bin->entry_table + off); entry->paddr = (ut64)bin->segment_entries[segnum - 1].offset * bin->alignment + segoff; } else { entry->paddr = (ut64)bin->segment_entries[bundle_type - 1].offset * bin->alignment + *(ut16 *)(bin->entry_table + off); } off += 2; r_list_append (entries, entry); } } r_list_free (segments); bin->entries = entries; return entries; }",visit repo url,libr/bin/format/ne/ne.c,https://github.com/radareorg/radare2,262971153015385,1 1664,[],"void aggregate_group_set_shares(struct task_group *tg, struct sched_domain *sd) { unsigned long shares = aggregate(tg, sd)->shares; int i; for_each_cpu_mask(i, sd->span) { struct rq *rq = cpu_rq(i); unsigned long flags; spin_lock_irqsave(&rq->lock, flags); __update_group_shares_cpu(tg, sd, i); spin_unlock_irqrestore(&rq->lock, flags); } aggregate_group_shares(tg, sd); shares -= aggregate(tg, sd)->shares; if (shares) { tg->cfs_rq[sd->first_cpu]->shares += shares; aggregate(tg, sd)->shares += shares; } }",linux-2.6,,,117995517500189519234834054337171713928,0 6078,['CWE-200'],"static void addrconf_verify(unsigned long foo) { struct inet6_ifaddr *ifp; unsigned long now, next; int i; spin_lock_bh(&addrconf_verify_lock); now = jiffies; next = now + ADDR_CHECK_FREQUENCY; del_timer(&addr_chk_timer); for (i=0; i < IN6_ADDR_HSIZE; i++) { restart: write_lock(&addrconf_hash_lock); for (ifp=inet6_addr_lst[i]; ifp; ifp=ifp->lst_next) { unsigned long age; #ifdef CONFIG_IPV6_PRIVACY unsigned long regen_advance; #endif if (ifp->flags & IFA_F_PERMANENT) continue; spin_lock(&ifp->lock); age = (now - ifp->tstamp) / HZ; #ifdef CONFIG_IPV6_PRIVACY regen_advance = ifp->idev->cnf.regen_max_retry * ifp->idev->cnf.dad_transmits * ifp->idev->nd_parms->retrans_time / HZ; #endif if (age >= ifp->valid_lft) { spin_unlock(&ifp->lock); in6_ifa_hold(ifp); write_unlock(&addrconf_hash_lock); ipv6_del_addr(ifp); goto restart; } else if (age >= ifp->prefered_lft) { int deprecate = 0; if (!(ifp->flags&IFA_F_DEPRECATED)) { deprecate = 1; ifp->flags |= IFA_F_DEPRECATED; } if (time_before(ifp->tstamp + ifp->valid_lft * HZ, next)) next = ifp->tstamp + ifp->valid_lft * HZ; spin_unlock(&ifp->lock); if (deprecate) { in6_ifa_hold(ifp); write_unlock(&addrconf_hash_lock); ipv6_ifa_notify(0, ifp); in6_ifa_put(ifp); goto restart; } #ifdef CONFIG_IPV6_PRIVACY } else if ((ifp->flags&IFA_F_TEMPORARY) && !(ifp->flags&IFA_F_TENTATIVE)) { if (age >= ifp->prefered_lft - regen_advance) { struct inet6_ifaddr *ifpub = ifp->ifpub; if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next)) next = ifp->tstamp + ifp->prefered_lft * HZ; if (!ifp->regen_count && ifpub) { ifp->regen_count++; in6_ifa_hold(ifp); in6_ifa_hold(ifpub); spin_unlock(&ifp->lock); write_unlock(&addrconf_hash_lock); ipv6_create_tempaddr(ifpub, ifp); in6_ifa_put(ifpub); in6_ifa_put(ifp); goto restart; } } else if (time_before(ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ, next)) next = ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ; spin_unlock(&ifp->lock); #endif } else { if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next)) next = ifp->tstamp + ifp->prefered_lft * HZ; spin_unlock(&ifp->lock); } } write_unlock(&addrconf_hash_lock); } addr_chk_timer.expires = time_before(next, jiffies + HZ) ? jiffies + HZ : next; add_timer(&addr_chk_timer); spin_unlock_bh(&addrconf_verify_lock); }",linux-2.6,,,267428320103367492785103718654807874279,0 1771,CWE-119,"static bool check_underflow(const struct ip6t_entry *e) { const struct xt_entry_target *t; unsigned int verdict; if (!unconditional(&e->ipv6)) return false; t = ip6t_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct xt_standard_target *)t)->verdict; verdict = -verdict - 1; return verdict == NF_DROP || verdict == NF_ACCEPT; }",visit repo url,net/ipv6/netfilter/ip6_tables.c,https://github.com/torvalds/linux,23026521219944,1 1728,[],"static void sched_domain_node_span(int node, cpumask_t *span) { nodemask_t used_nodes; node_to_cpumask_ptr(nodemask, node); int i; cpus_clear(*span); nodes_clear(used_nodes); cpus_or(*span, *span, *nodemask); node_set(node, used_nodes); for (i = 1; i < SD_NODES_PER_DOMAIN; i++) { int next_node = find_next_best_node(node, &used_nodes); node_to_cpumask_ptr_next(nodemask, next_node); cpus_or(*span, *span, *nodemask); } }",linux-2.6,,,176801812873337391064267276692713285261,0 3926,['CWE-399'],"static int chip_legacy_probe(struct i2c_adapter *adap) { if ((adap->id == I2C_HW_SAA7146)) return 0; if (adap->class & I2C_CLASS_TV_ANALOG) return 1; return 0; }",linux-2.6,,,110772613665789067854347274926903678566,0 5080,CWE-787,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 4421,CWE-119,"mrb_vm_exec(mrb_state *mrb, const struct RProc *proc, const mrb_code *pc) { const mrb_irep *irep = proc->body.irep; const mrb_pool_value *pool = irep->pool; const mrb_sym *syms = irep->syms; mrb_code insn; int ai = mrb_gc_arena_save(mrb); struct mrb_jmpbuf *prev_jmp = mrb->jmp; struct mrb_jmpbuf c_jmp; uint32_t a; uint16_t b; uint16_t c; mrb_sym mid; const struct mrb_irep_catch_handler *ch; #ifdef DIRECT_THREADED static const void * const optable[] = { #define OPCODE(x,_) &&L_OP_ ## x, #include ""mruby/ops.h"" #undef OPCODE }; #endif mrb_bool exc_catched = FALSE; RETRY_TRY_BLOCK: MRB_TRY(&c_jmp) { if (exc_catched) { exc_catched = FALSE; mrb_gc_arena_restore(mrb, ai); if (mrb->exc && mrb->exc->tt == MRB_TT_BREAK) goto L_BREAK; goto L_RAISE; } mrb->jmp = &c_jmp; mrb_vm_ci_proc_set(mrb->c->ci, proc); #define regs (mrb->c->ci->stack) INIT_DISPATCH { CASE(OP_NOP, Z) { NEXT; } CASE(OP_MOVE, BB) { regs[a] = regs[b]; NEXT; } CASE(OP_LOADL, BB) { switch (pool[b].tt) { case IREP_TT_INT32: regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i32); break; case IREP_TT_INT64: #if defined(MRB_INT64) regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; #else #if defined(MRB_64BIT) if (INT32_MIN <= pool[b].u.i64 && pool[b].u.i64 <= INT32_MAX) { regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; } #endif goto L_INT_OVERFLOW; #endif case IREP_TT_BIGINT: goto L_INT_OVERFLOW; #ifndef MRB_NO_FLOAT case IREP_TT_FLOAT: regs[a] = mrb_float_value(mrb, pool[b].u.f); break; #endif default: regs[a] = mrb_nil_value(); break; } NEXT; } CASE(OP_LOADI, BB) { SET_FIXNUM_VALUE(regs[a], b); NEXT; } CASE(OP_LOADINEG, BB) { SET_FIXNUM_VALUE(regs[a], -b); NEXT; } CASE(OP_LOADI__1,B) goto L_LOADI; CASE(OP_LOADI_0,B) goto L_LOADI; CASE(OP_LOADI_1,B) goto L_LOADI; CASE(OP_LOADI_2,B) goto L_LOADI; CASE(OP_LOADI_3,B) goto L_LOADI; CASE(OP_LOADI_4,B) goto L_LOADI; CASE(OP_LOADI_5,B) goto L_LOADI; CASE(OP_LOADI_6,B) goto L_LOADI; CASE(OP_LOADI_7, B) { L_LOADI: SET_FIXNUM_VALUE(regs[a], (mrb_int)insn - (mrb_int)OP_LOADI_0); NEXT; } CASE(OP_LOADI16, BS) { SET_FIXNUM_VALUE(regs[a], (mrb_int)(int16_t)b); NEXT; } CASE(OP_LOADI32, BSS) { SET_INT_VALUE(mrb, regs[a], (int32_t)(((uint32_t)b<<16)+c)); NEXT; } CASE(OP_LOADSYM, BB) { SET_SYM_VALUE(regs[a], syms[b]); NEXT; } CASE(OP_LOADNIL, B) { SET_NIL_VALUE(regs[a]); NEXT; } CASE(OP_LOADSELF, B) { regs[a] = regs[0]; NEXT; } CASE(OP_LOADT, B) { SET_TRUE_VALUE(regs[a]); NEXT; } CASE(OP_LOADF, B) { SET_FALSE_VALUE(regs[a]); NEXT; } CASE(OP_GETGV, BB) { mrb_value val = mrb_gv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETGV, BB) { mrb_gv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETSV, BB) { mrb_value val = mrb_vm_special_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETSV, BB) { mrb_vm_special_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIV, BB) { regs[a] = mrb_iv_get(mrb, regs[0], syms[b]); NEXT; } CASE(OP_SETIV, BB) { mrb_iv_set(mrb, regs[0], syms[b], regs[a]); NEXT; } CASE(OP_GETCV, BB) { mrb_value val; val = mrb_vm_cv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETCV, BB) { mrb_vm_cv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIDX, B) { mrb_value va = regs[a], vb = regs[a+1]; switch (mrb_type(va)) { case MRB_TT_ARRAY: if (!mrb_integer_p(vb)) goto getidx_fallback; regs[a] = mrb_ary_entry(va, mrb_integer(vb)); break; case MRB_TT_HASH: regs[a] = mrb_hash_get(mrb, va, vb); break; case MRB_TT_STRING: switch (mrb_type(vb)) { case MRB_TT_INTEGER: case MRB_TT_STRING: case MRB_TT_RANGE: regs[a] = mrb_str_aref(mrb, va, vb, mrb_undef_value()); break; default: goto getidx_fallback; } break; default: getidx_fallback: mid = MRB_OPSYM(aref); goto L_SEND_SYM; } NEXT; } CASE(OP_SETIDX, B) { c = 2; mid = MRB_OPSYM(aset); SET_NIL_VALUE(regs[a+3]); goto L_SENDB_SYM; } CASE(OP_GETCONST, BB) { regs[a] = mrb_vm_const_get(mrb, syms[b]); NEXT; } CASE(OP_SETCONST, BB) { mrb_vm_const_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETMCNST, BB) { regs[a] = mrb_const_get(mrb, regs[a], syms[b]); NEXT; } CASE(OP_SETMCNST, BB) { mrb_const_set(mrb, regs[a+1], syms[b], regs[a]); NEXT; } CASE(OP_GETUPVAR, BBB) { mrb_value *regs_a = regs + a; struct REnv *e = uvenv(mrb, c); if (e && b < MRB_ENV_LEN(e)) { *regs_a = e->stack[b]; } else { *regs_a = mrb_nil_value(); } NEXT; } CASE(OP_SETUPVAR, BBB) { struct REnv *e = uvenv(mrb, c); if (e) { mrb_value *regs_a = regs + a; if (b < MRB_ENV_LEN(e)) { e->stack[b] = *regs_a; mrb_write_barrier(mrb, (struct RBasic*)e); } } NEXT; } CASE(OP_JMP, S) { pc += (int16_t)a; JUMP; } CASE(OP_JMPIF, BS) { if (mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNOT, BS) { if (!mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNIL, BS) { if (mrb_nil_p(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPUW, S) { a = (uint32_t)((pc - irep->iseq) + (int16_t)a); CHECKPOINT_RESTORE(RBREAK_TAG_JUMP) { struct RBreak *brk = (struct RBreak*)mrb->exc; mrb_value target = mrb_break_value_get(brk); mrb_assert(mrb_integer_p(target)); a = (uint32_t)mrb_integer(target); mrb_assert(a >= 0 && a < irep->ilen); } CHECKPOINT_MAIN(RBREAK_TAG_JUMP) { ch = catch_handler_find(mrb, mrb->c->ci, pc, MRB_CATCH_FILTER_ENSURE); if (ch) { if (a < mrb_irep_catch_handler_unpack(ch->begin) || a >= mrb_irep_catch_handler_unpack(ch->end)) { THROW_TAGGED_BREAK(mrb, RBREAK_TAG_JUMP, proc, mrb_fixnum_value(a)); } } } CHECKPOINT_END(RBREAK_TAG_JUMP); mrb->exc = NULL; pc = irep->iseq + a; JUMP; } CASE(OP_EXCEPT, B) { mrb_value exc; if (mrb->exc == NULL) { exc = mrb_nil_value(); } else { switch (mrb->exc->tt) { case MRB_TT_BREAK: case MRB_TT_EXCEPTION: exc = mrb_obj_value(mrb->exc); break; default: mrb_assert(!""bad mrb_type""); exc = mrb_nil_value(); break; } mrb->exc = NULL; } regs[a] = exc; NEXT; } CASE(OP_RESCUE, BB) { mrb_value exc = regs[a]; mrb_value e = regs[b]; struct RClass *ec; switch (mrb_type(e)) { case MRB_TT_CLASS: case MRB_TT_MODULE: break; default: { mrb_value exc; exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""class or module required for rescue clause""); mrb_exc_set(mrb, exc); goto L_RAISE; } } ec = mrb_class_ptr(e); regs[b] = mrb_bool_value(mrb_obj_is_kind_of(mrb, exc, ec)); NEXT; } CASE(OP_RAISEIF, B) { mrb_value exc = regs[a]; if (mrb_break_p(exc)) { mrb->exc = mrb_obj_ptr(exc); goto L_BREAK; } mrb_exc_set(mrb, exc); if (mrb->exc) { goto L_RAISE; } NEXT; } CASE(OP_SSEND, BBB) { regs[a] = regs[0]; insn = OP_SEND; } goto L_SENDB; CASE(OP_SSENDB, BBB) { regs[a] = regs[0]; } goto L_SENDB; CASE(OP_SEND, BBB) goto L_SENDB; L_SEND_SYM: c = 1; SET_NIL_VALUE(regs[a+2]); goto L_SENDB_SYM; CASE(OP_SENDB, BBB) L_SENDB: mid = syms[b]; L_SENDB_SYM: { mrb_callinfo *ci = mrb->c->ci; mrb_method_t m; struct RClass *cls; mrb_value recv, blk; ARGUMENT_NORMALIZE(a, &c, insn); recv = regs[a]; cls = mrb_class(mrb, recv); m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &c, blk, 0); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, c); if (MRB_METHOD_CFUNC_P(m)) { if (MRB_METHOD_PROC_P(m)) { struct RProc *p = MRB_METHOD_PROC(m); mrb_vm_ci_proc_set(ci, p); recv = p->body.func(mrb, recv); } else { if (MRB_METHOD_NOARG_P(m)) { check_method_noarg(mrb, ci); } recv = MRB_METHOD_FUNC(m)(mrb, recv); } mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (p && !MRB_PROC_STRICT_P(p) && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } if (!ci->u.target_class) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return recv; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } ci->stack[0] = recv; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } } JUMP; CASE(OP_CALL, Z) { mrb_callinfo *ci = mrb->c->ci; mrb_value recv = ci->stack[0]; struct RProc *m = mrb_proc_ptr(recv); ci->u.target_class = MRB_PROC_TARGET_CLASS(m); mrb_vm_ci_proc_set(ci, m); if (MRB_PROC_ENV_P(m)) { ci->mid = MRB_PROC_ENV(m)->mid; } if (MRB_PROC_CFUNC_P(m)) { recv = MRB_PROC_CFUNC(m)(mrb, recv); mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = cipop(mrb); pc = ci->pc; ci[1].stack[0] = recv; irep = mrb->c->ci->proc->body.irep; } else { proc = m; irep = m->body.irep; if (!irep) { mrb->c->ci->stack[0] = mrb_nil_value(); a = 0; c = OP_R_NORMAL; goto L_OP_RETURN_BODY; } mrb_int nargs = mrb_ci_bidx(ci)+1; if (nargs < irep->nregs) { mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+nargs, irep->nregs-nargs); } if (MRB_PROC_ENV_P(m)) { regs[0] = MRB_PROC_ENV(m)->stack[0]; } pc = irep->iseq; } pool = irep->pool; syms = irep->syms; JUMP; } CASE(OP_SUPER, BB) { mrb_method_t m; struct RClass *cls; mrb_callinfo *ci = mrb->c->ci; mrb_value recv, blk; const struct RProc *p = ci->proc; mrb_sym mid = ci->mid; struct RClass* target_class = MRB_PROC_TARGET_CLASS(p); if (MRB_PROC_ENV_P(p) && p->e.env->mid && p->e.env->mid != mid) { mid = p->e.env->mid; } if (mid == 0 || !target_class) { mrb_value exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (target_class->flags & MRB_FL_CLASS_IS_PREPENDED) { target_class = mrb_vm_ci_target_class(ci); } else if (target_class->tt == MRB_TT_MODULE) { target_class = mrb_vm_ci_target_class(ci); if (target_class->tt != MRB_TT_ICLASS) { goto super_typeerror; } } recv = regs[0]; if (!mrb_obj_is_kind_of(mrb, recv, target_class)) { super_typeerror: ; mrb_value exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""self has wrong type to call super in this context""); mrb_exc_set(mrb, exc); goto L_RAISE; } ARGUMENT_NORMALIZE(a, &b, OP_SUPER); cls = target_class->super; m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &b, blk, 1); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, b); ci->stack[0] = recv; if (MRB_METHOD_CFUNC_P(m)) { mrb_value v; if (MRB_METHOD_PROC_P(m)) { mrb_vm_ci_proc_set(ci, MRB_METHOD_PROC(m)); } v = MRB_METHOD_CFUNC(m)(mrb, recv); mrb_gc_arena_restore(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; mrb_assert(!mrb_break_p(v)); if (!mrb_vm_ci_target_class(ci)) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return v; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } mrb->c->ci->stack[0] = v; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } JUMP; } CASE(OP_ARGARY, BS) { mrb_int m1 = (b>>11)&0x3f; mrb_int r = (b>>10)&0x1; mrb_int m2 = (b>>5)&0x1f; mrb_int kd = (b>>4)&0x1; mrb_int lv = (b>>0)&0xf; mrb_value *stack; if (mrb->c->ci->mid == 0 || mrb_vm_ci_target_class(mrb->c->ci) == NULL) { mrb_value exc; L_NOSUPER: exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e) goto L_NOSUPER; if (MRB_ENV_LEN(e) <= m1+r+m2+1) goto L_NOSUPER; stack = e->stack + 1; } if (r == 0) { regs[a] = mrb_ary_new_from_values(mrb, m1+m2, stack); } else { mrb_value *pp = NULL; struct RArray *rest; mrb_int len = 0; if (mrb_array_p(stack[m1])) { struct RArray *ary = mrb_ary_ptr(stack[m1]); pp = ARY_PTR(ary); len = ARY_LEN(ary); } regs[a] = mrb_ary_new_capa(mrb, m1+len+m2); rest = mrb_ary_ptr(regs[a]); if (m1 > 0) { stack_copy(ARY_PTR(rest), stack, m1); } if (len > 0) { stack_copy(ARY_PTR(rest)+m1, pp, len); } if (m2 > 0) { stack_copy(ARY_PTR(rest)+m1+len, stack+m1+1, m2); } ARY_SET_LEN(rest, m1+len+m2); } if (kd) { regs[a+1] = stack[m1+r+m2]; regs[a+2] = stack[m1+r+m2+1]; } else { regs[a+1] = stack[m1+r+m2]; } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ENTER, W) { mrb_int m1 = MRB_ASPEC_REQ(a); mrb_int o = MRB_ASPEC_OPT(a); mrb_int r = MRB_ASPEC_REST(a); mrb_int m2 = MRB_ASPEC_POST(a); mrb_int kd = (MRB_ASPEC_KEY(a) > 0 || MRB_ASPEC_KDICT(a))? 1 : 0; mrb_int const len = m1 + o + r + m2; mrb_callinfo *ci = mrb->c->ci; mrb_int argc = ci->n; mrb_value *argv = regs+1; mrb_value * const argv0 = argv; mrb_int const kw_pos = len + kd; mrb_int const blk_pos = kw_pos + 1; mrb_value blk = regs[mrb_ci_bidx(ci)]; mrb_value kdict = mrb_nil_value(); if (ci->nk > 0) { mrb_int kidx = mrb_ci_kidx(ci); kdict = regs[kidx]; if (!mrb_hash_p(kdict) || mrb_hash_size(mrb, kdict) == 0) { kdict = mrb_nil_value(); ci->nk = 0; } } if (!kd && !mrb_nil_p(kdict)) { if (argc < 14) { ci->n++; argc++; } else if (argc == 14) { regs[1] = mrb_ary_new_from_values(mrb, argc+1, ®s[1]); argc = ci->n = 15; } else { mrb_ary_push(mrb, regs[1], regs[2]); } ci->nk = 0; } if (kd && MRB_ASPEC_KEY(a) > 0 && mrb_hash_p(kdict)) { kdict = mrb_hash_dup(mrb, kdict); } if (argc == 15) { struct RArray *ary = mrb_ary_ptr(regs[1]); argv = ARY_PTR(ary); argc = (int)ARY_LEN(ary); mrb_gc_protect(mrb, regs[1]); } if (ci->proc && MRB_PROC_STRICT_P(ci->proc)) { if (argc < m1 + m2 || (r == 0 && argc > len)) { argnum_error(mrb, m1+m2); goto L_RAISE; } } else if (len > 1 && argc == 1 && mrb_array_p(argv[0])) { mrb_gc_protect(mrb, argv[0]); argc = (int)RARRAY_LEN(argv[0]); argv = RARRAY_PTR(argv[0]); } mrb_value rest = mrb_nil_value(); if (argc < len) { mrb_int mlen = m2; if (argc < m1+m2) { mlen = m1 < argc ? argc - m1 : 0; } if (argv0 != argv && argv) { value_move(®s[1], argv, argc-mlen); } if (argc < m1) { stack_clear(®s[argc+1], m1-argc); } if (mlen) { value_move(®s[len-m2+1], &argv[argc-mlen], mlen); } if (mlen < m2) { stack_clear(®s[len-m2+mlen+1], m2-mlen); } if (r) { rest = mrb_ary_new_capa(mrb, 0); regs[m1+o+1] = rest; } if (o > 0 && argc > m1+m2) pc += (argc - m1 - m2)*3; } else { mrb_int rnum = 0; if (argv0 != argv) { value_move(®s[1], argv, m1+o); } if (r) { rnum = argc-m1-o-m2; rest = mrb_ary_new_from_values(mrb, rnum, argv+m1+o); regs[m1+o+1] = rest; } if (m2 > 0 && argc-m2 > m1) { value_move(®s[m1+o+r+1], &argv[m1+o+rnum], m2); } pc += o*3; } regs[blk_pos] = blk; if (kd) { if (mrb_nil_p(kdict)) kdict = mrb_hash_new_capa(mrb, 0); regs[kw_pos] = kdict; } mrb->c->ci->n = len; if (irep->nlocals-blk_pos-1 > 0) { stack_clear(®s[blk_pos+1], irep->nlocals-blk_pos-1); } JUMP; } CASE(OP_KARG, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx < 0 || !mrb_hash_p(kdict=regs[kidx]) || !mrb_hash_key_p(mrb, kdict, k)) { mrb_value str = mrb_format(mrb, ""missing keyword: %v"", k); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } regs[a] = mrb_hash_get(mrb, kdict, k); mrb_hash_delete_key(mrb, kdict, k); NEXT; } CASE(OP_KEY_P, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; mrb_bool key_p = FALSE; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx])) { key_p = mrb_hash_key_p(mrb, kdict, k); } regs[a] = mrb_bool_value(key_p); NEXT; } CASE(OP_KEYEND, Z) { mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx]) && !mrb_hash_empty_p(mrb, kdict)) { mrb_value keys = mrb_hash_keys(mrb, kdict); mrb_value key1 = RARRAY_PTR(keys)[0]; mrb_value str = mrb_format(mrb, ""unknown keyword: %v"", key1); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } NEXT; } CASE(OP_BREAK, B) { c = OP_R_BREAK; goto L_RETURN; } CASE(OP_RETURN_BLK, B) { c = OP_R_RETURN; goto L_RETURN; } CASE(OP_RETURN, B) c = OP_R_NORMAL; L_RETURN: { mrb_callinfo *ci; ci = mrb->c->ci; if (ci->mid) { mrb_value blk = regs[mrb_ci_bidx(ci)]; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p) && ci > mrb->c->cibase && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } } if (mrb->exc) { L_RAISE: ci = mrb->c->ci; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) goto L_FTOP; goto L_CATCH; } while ((ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL)) == NULL) { ci = cipop(mrb); if (ci[1].cci == CINFO_SKIP && prev_jmp) { mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } pc = ci[0].pc; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) { L_FTOP: if (mrb->c == mrb->root_c) { mrb->c->ci->stack = mrb->c->stbase; goto L_STOP; } else { struct mrb_context *c = mrb->c; c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; c->prev = NULL; goto L_RAISE; } } break; } } L_CATCH: if (ch == NULL) goto L_STOP; if (FALSE) { L_CATCH_TAGGED_BREAK: ci = mrb->c->ci; } proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); pc = irep->iseq + mrb_irep_catch_handler_unpack(ch->target); } else { mrb_int acc; mrb_value v; ci = mrb->c->ci; v = regs[a]; mrb_gc_protect(mrb, v); switch (c) { case OP_R_RETURN: if (ci->cci == CINFO_NONE && MRB_PROC_ENV_P(proc) && !MRB_PROC_STRICT_P(proc)) { const struct RProc *dst; mrb_callinfo *cibase; cibase = mrb->c->cibase; dst = top_proc(mrb, proc); if (MRB_PROC_ENV_P(dst)) { struct REnv *e = MRB_PROC_ENV(dst); if (!MRB_ENV_ONSTACK_P(e) || (e->cxt && e->cxt != mrb->c)) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } } while (cibase <= ci && ci->proc != dst) { if (ci->cci > CINFO_NONE) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci--; } if (ci <= cibase) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci = mrb->c->ci; while (cibase <= ci && ci->proc != dst) { CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_BLOCK) { cibase = mrb->c->cibase; dst = top_proc(mrb, proc); } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_BLOCK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_BLOCK, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_BLOCK); ci = cipop(mrb); pc = ci->pc; } proc = ci->proc; mrb->exc = NULL; break; } case OP_R_NORMAL: NORMAL_RETURN: if (ci == mrb->c->cibase) { struct mrb_context *c; c = mrb->c; if (!c->prev) { regs[irep->nlocals] = v; goto CHECKPOINT_LABEL_MAKE(RBREAK_TAG_STOP); } if (!c->vmexec && c->prev->ci == c->prev->cibase) { mrb_value exc = mrb_exc_new_lit(mrb, E_FIBER_ERROR, ""double resume""); mrb_exc_set(mrb, exc); goto L_RAISE; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_TOPLEVEL) { c = mrb->c; } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_TOPLEVEL) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_TOPLEVEL, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_TOPLEVEL); c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; mrb->c->status = MRB_FIBER_RUNNING; c->prev = NULL; if (c->vmexec) { mrb_gc_arena_restore(mrb, ai); c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } ci = mrb->c->ci; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN) { } CHECKPOINT_MAIN(RBREAK_TAG_RETURN) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN); mrb->exc = NULL; break; case OP_R_BREAK: if (MRB_PROC_STRICT_P(proc)) goto NORMAL_RETURN; if (MRB_PROC_ORPHAN_P(proc)) { mrb_value exc; L_BREAK_ERROR: exc = mrb_exc_new_lit(mrb, E_LOCALJUMP_ERROR, ""break from proc-closure""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (!MRB_PROC_ENV_P(proc) || !MRB_ENV_ONSTACK_P(MRB_PROC_ENV(proc))) { goto L_BREAK_ERROR; } else { struct REnv *e = MRB_PROC_ENV(proc); if (e->cxt != mrb->c) { goto L_BREAK_ERROR; } } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK); if (ci == mrb->c->cibase && ci->pc) { struct mrb_context *c = mrb->c; mrb->c = c->prev; c->prev = NULL; ci = mrb->c->ci; } if (ci->cci > CINFO_NONE) { ci = cipop(mrb); mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } if (FALSE) { struct RBreak *brk; L_BREAK: brk = (struct RBreak*)mrb->exc; proc = mrb_break_proc_get(brk); v = mrb_break_value_get(brk); ci = mrb->c->ci; switch (mrb_break_tag_get(brk)) { #define DISPATCH_CHECKPOINTS(n, i) case n: goto CHECKPOINT_LABEL_MAKE(n); RBREAK_TAG_FOREACH(DISPATCH_CHECKPOINTS) #undef DISPATCH_CHECKPOINTS default: mrb_assert(!""wrong break tag""); } } while (mrb->c->cibase < ci && ci[-1].proc != proc->upper) { if (ci[-1].cci == CINFO_SKIP) { goto L_BREAK_ERROR; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_UPPER) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_UPPER) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_UPPER, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_UPPER); ci = cipop(mrb); pc = ci->pc; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_INTARGET) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_INTARGET) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_INTARGET, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_INTARGET); if (ci == mrb->c->cibase) { goto L_BREAK_ERROR; } mrb->exc = NULL; break; default: break; } mrb_assert(ci == mrb->c->ci); mrb_assert(mrb->exc == NULL); if (mrb->c->vmexec && !mrb_vm_ci_target_class(ci)) { mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } acc = ci->cci; ci = cipop(mrb); if (acc == CINFO_SKIP || acc == CINFO_DIRECT) { mrb_gc_arena_restore(mrb, ai); mrb->jmp = prev_jmp; return v; } pc = ci->pc; DEBUG(fprintf(stderr, ""from :%s\n"", mrb_sym_name(mrb, ci->mid))); proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; ci[1].stack[0] = v; mrb_gc_arena_restore(mrb, ai); } JUMP; } CASE(OP_BLKPUSH, BS) { int m1 = (b>>11)&0x3f; int r = (b>>10)&0x1; int m2 = (b>>5)&0x1f; int kd = (b>>4)&0x1; int lv = (b>>0)&0xf; mrb_value *stack; if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e || (!MRB_ENV_ONSTACK_P(e) && e->mid == 0) || MRB_ENV_LEN(e) <= m1+r+m2+1) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } stack = e->stack + 1; } if (mrb_nil_p(stack[m1+r+m2+kd])) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } regs[a] = stack[m1+r+m2+kd]; NEXT; } L_INT_OVERFLOW: { mrb_value exc = mrb_exc_new_lit(mrb, E_RANGE_ERROR, ""integer overflow""); mrb_exc_set(mrb, exc); } goto L_RAISE; #define TYPES2(a,b) ((((uint16_t)(a))<<8)|(((uint16_t)(b))&0xff)) #define OP_MATH(op_name) \ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { \ OP_MATH_CASE_INTEGER(op_name); \ OP_MATH_CASE_FLOAT(op_name, integer, float); \ OP_MATH_CASE_FLOAT(op_name, float, integer); \ OP_MATH_CASE_FLOAT(op_name, float, float); \ OP_MATH_CASE_STRING_##op_name(); \ default: \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATH_CASE_INTEGER(op_name) \ case TYPES2(MRB_TT_INTEGER, MRB_TT_INTEGER): \ { \ mrb_int x = mrb_integer(regs[a]), y = mrb_integer(regs[a+1]), z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATH_CASE_FLOAT(op_name, t1, t2) (void)0 #else #define OP_MATH_CASE_FLOAT(op_name, t1, t2) \ case TYPES2(OP_MATH_TT_##t1, OP_MATH_TT_##t2): \ { \ mrb_float z = mrb_##t1(regs[a]) OP_MATH_OP_##op_name mrb_##t2(regs[a+1]); \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif #define OP_MATH_OVERFLOW_INT() goto L_INT_OVERFLOW #define OP_MATH_CASE_STRING_add() \ case TYPES2(MRB_TT_STRING, MRB_TT_STRING): \ regs[a] = mrb_str_plus(mrb, regs[a], regs[a+1]); \ mrb_gc_arena_restore(mrb, ai); \ break #define OP_MATH_CASE_STRING_sub() (void)0 #define OP_MATH_CASE_STRING_mul() (void)0 #define OP_MATH_OP_add + #define OP_MATH_OP_sub - #define OP_MATH_OP_mul * #define OP_MATH_TT_integer MRB_TT_INTEGER #define OP_MATH_TT_float MRB_TT_FLOAT CASE(OP_ADD, B) { OP_MATH(add); } CASE(OP_SUB, B) { OP_MATH(sub); } CASE(OP_MUL, B) { OP_MATH(mul); } CASE(OP_DIV, B) { #ifndef MRB_NO_FLOAT mrb_float x, y, f; #endif switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER): { mrb_int x = mrb_integer(regs[a]); mrb_int y = mrb_integer(regs[a+1]); mrb_int div = mrb_div_int(mrb, x, y); SET_INT_VALUE(mrb, regs[a], div); } NEXT; #ifndef MRB_NO_FLOAT case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT): x = (mrb_float)mrb_integer(regs[a]); y = mrb_float(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER): x = mrb_float(regs[a]); y = (mrb_float)mrb_integer(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): x = mrb_float(regs[a]); y = mrb_float(regs[a+1]); break; #endif default: mid = MRB_OPSYM(div); goto L_SEND_SYM; } #ifndef MRB_NO_FLOAT f = mrb_div_float(x, y); SET_FLOAT_VALUE(mrb, regs[a], f); #endif NEXT; } #define OP_MATHI(op_name) \ \ switch (mrb_type(regs[a])) { \ OP_MATHI_CASE_INTEGER(op_name); \ OP_MATHI_CASE_FLOAT(op_name); \ default: \ SET_INT_VALUE(mrb,regs[a+1], b); \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATHI_CASE_INTEGER(op_name) \ case MRB_TT_INTEGER: \ { \ mrb_int x = mrb_integer(regs[a]), y = (mrb_int)b, z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATHI_CASE_FLOAT(op_name) (void)0 #else #define OP_MATHI_CASE_FLOAT(op_name) \ case MRB_TT_FLOAT: \ { \ mrb_float z = mrb_float(regs[a]) OP_MATH_OP_##op_name b; \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif CASE(OP_ADDI, BB) { OP_MATHI(add); } CASE(OP_SUBI, BB) { OP_MATHI(sub); } #define OP_CMP_BODY(op,v1,v2) (v1(regs[a]) op v2(regs[a+1])) #ifdef MRB_NO_FLOAT #define OP_CMP(op,sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #else #define OP_CMP(op, sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_float);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_float,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_float,mrb_float);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #endif CASE(OP_EQ, B) { if (mrb_obj_eq(mrb, regs[a], regs[a+1])) { SET_TRUE_VALUE(regs[a]); } else { OP_CMP(==,eq); } NEXT; } CASE(OP_LT, B) { OP_CMP(<,lt); NEXT; } CASE(OP_LE, B) { OP_CMP(<=,le); NEXT; } CASE(OP_GT, B) { OP_CMP(>,gt); NEXT; } CASE(OP_GE, B) { OP_CMP(>=,ge); NEXT; } CASE(OP_ARRAY, BB) { regs[a] = mrb_ary_new_from_values(mrb, b, ®s[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARRAY2, BBB) { regs[a] = mrb_ary_new_from_values(mrb, c, ®s[b]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYCAT, B) { mrb_value splat = mrb_ary_splat(mrb, regs[a+1]); if (mrb_nil_p(regs[a])) { regs[a] = splat; } else { mrb_assert(mrb_array_p(regs[a])); mrb_ary_concat(mrb, regs[a], splat); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYPUSH, BB) { mrb_assert(mrb_array_p(regs[a])); for (mrb_int i=0; i pre + post) { v = mrb_ary_new_from_values(mrb, len - pre - post, ARY_PTR(ary)+pre); regs[a++] = v; while (post--) { regs[a++] = ARY_PTR(ary)[len-post-1]; } } else { v = mrb_ary_new_capa(mrb, 0); regs[a++] = v; for (idx=0; idx+pre> 2; if (pool[b].tt & IREP_TT_SFLAG) { sym = mrb_intern_static(mrb, pool[b].u.str, len); } else { sym = mrb_intern(mrb, pool[b].u.str, len); } regs[a] = mrb_symbol_value(sym); NEXT; } CASE(OP_STRING, BB) { size_t len; mrb_assert((pool[b].tt&IREP_TT_NFLAG)==0); len = pool[b].tt >> 2; if (pool[b].tt & IREP_TT_SFLAG) { regs[a] = mrb_str_new_static(mrb, pool[b].u.str, len); } else { regs[a] = mrb_str_new(mrb, pool[b].u.str, len); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_STRCAT, B) { mrb_assert(mrb_string_p(regs[a])); mrb_str_concat(mrb, regs[a], regs[a+1]); NEXT; } CASE(OP_HASH, BB) { mrb_value hash = mrb_hash_new_capa(mrb, b); int i; int lim = a+b*2; for (i=a; ireps[b]; if (c & OP_L_CAPTURE) { p = mrb_closure_new(mrb, nirep); } else { p = mrb_proc_new(mrb, nirep); p->flags |= MRB_PROC_SCOPE; } if (c & OP_L_STRICT) p->flags |= MRB_PROC_STRICT; regs[a] = mrb_obj_value(p); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_BLOCK, BB) { c = OP_L_BLOCK; goto L_MAKE_LAMBDA; } CASE(OP_METHOD, BB) { c = OP_L_METHOD; goto L_MAKE_LAMBDA; } CASE(OP_RANGE_INC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], FALSE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_RANGE_EXC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], TRUE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_OCLASS, B) { regs[a] = mrb_obj_value(mrb->object_class); NEXT; } CASE(OP_CLASS, BB) { struct RClass *c = 0, *baseclass; mrb_value base, super; mrb_sym id = syms[b]; base = regs[a]; super = regs[a+1]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } c = mrb_vm_define_class(mrb, base, super, id); regs[a] = mrb_obj_value(c); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_MODULE, BB) { struct RClass *cls = 0, *baseclass; mrb_value base; mrb_sym id = syms[b]; base = regs[a]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } cls = mrb_vm_define_module(mrb, base, id); regs[a] = mrb_obj_value(cls); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_EXEC, BB) { mrb_value recv = regs[a]; struct RProc *p; const mrb_irep *nirep = irep->reps[b]; p = mrb_proc_new(mrb, nirep); p->c = NULL; mrb_field_write_barrier(mrb, (struct RBasic*)p, (struct RBasic*)proc); MRB_PROC_SET_TARGET_CLASS(p, mrb_class_ptr(recv)); p->flags |= MRB_PROC_SCOPE; cipush(mrb, a, 0, mrb_class_ptr(recv), p, 0, 0); irep = p->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+1, irep->nregs-1); pc = irep->iseq; JUMP; } CASE(OP_DEF, BB) { struct RClass *target = mrb_class_ptr(regs[a]); struct RProc *p = mrb_proc_ptr(regs[a+1]); mrb_method_t m; mrb_sym mid = syms[b]; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, target, mid, m); mrb_method_added(mrb, target, mid); mrb_gc_arena_restore(mrb, ai); regs[a] = mrb_symbol_value(mid); NEXT; } CASE(OP_SCLASS, B) { regs[a] = mrb_singleton_class(mrb, regs[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_TCLASS, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; regs[a] = mrb_obj_value(target); NEXT; } CASE(OP_ALIAS, BB) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_alias_method(mrb, target, syms[a], syms[b]); mrb_method_added(mrb, target, syms[a]); NEXT; } CASE(OP_UNDEF, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_undef_method_id(mrb, target, syms[a]); NEXT; } CASE(OP_DEBUG, Z) { FETCH_BBB(); #ifdef MRB_USE_DEBUG_HOOK mrb->debug_op_hook(mrb, irep, pc, regs); #else #ifndef MRB_NO_STDIO printf(""OP_DEBUG %d %d %d\n"", a, b, c); #else abort(); #endif #endif NEXT; } CASE(OP_ERR, B) { size_t len = pool[a].tt >> 2; mrb_value exc; mrb_assert((pool[a].tt&IREP_TT_NFLAG)==0); exc = mrb_exc_new(mrb, E_LOCALJUMP_ERROR, pool[a].u.str, len); mrb_exc_set(mrb, exc); goto L_RAISE; } CASE(OP_EXT1, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _1(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT2, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _2(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT3, Z) { uint8_t insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _3(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_STOP, Z) { CHECKPOINT_RESTORE(RBREAK_TAG_STOP) { } CHECKPOINT_MAIN(RBREAK_TAG_STOP) { UNWIND_ENSURE(mrb, mrb->c->ci, pc, RBREAK_TAG_STOP, proc, mrb_nil_value()); } CHECKPOINT_END(RBREAK_TAG_STOP); L_STOP: mrb->jmp = prev_jmp; if (mrb->exc) { mrb_assert(mrb->exc->tt == MRB_TT_EXCEPTION); return mrb_obj_value(mrb->exc); } return regs[irep->nlocals]; } } END_DISPATCH; #undef regs } MRB_CATCH(&c_jmp) { mrb_callinfo *ci = mrb->c->ci; while (ci > mrb->c->cibase && ci->cci == CINFO_DIRECT) { ci = cipop(mrb); } exc_catched = TRUE; pc = ci->pc; goto RETRY_TRY_BLOCK; } MRB_END_EXC(&c_jmp); }",visit repo url,src/vm.c,https://github.com/mruby/mruby,131986444842577,1 2166,['CWE-400'],"static void *shmem_follow_link(struct dentry *dentry, struct nameidata *nd) { struct page *page = NULL; int res = shmem_getpage(dentry->d_inode, 0, &page, SGP_READ, NULL); nd_set_link(nd, res ? ERR_PTR(res) : kmap(page)); if (page) unlock_page(page); return page; }",linux-2.6,,,114492484713598654741758930843406549667,0 2467,CWE-200,"raptor_libxml_resolveEntity(void* user_data, const xmlChar *publicId, const xmlChar *systemId) { raptor_sax2* sax2 = (raptor_sax2*)user_data; return libxml2_resolveEntity(sax2->xc, publicId, systemId); }",visit repo url,src/raptor_libxml.c,https://github.com/dajobe/raptor,38302070890571,1 3734,[],"static void unix_destruct_fds(struct sk_buff *skb) { struct scm_cookie scm; memset(&scm, 0, sizeof(scm)); unix_detach_fds(&scm, skb); scm_destroy(&scm); sock_wfree(skb); }",linux-2.6,,,115887289948918046290273811108537230769,0 350,['CWE-20'],"static int putreg(struct task_struct *child, unsigned long regno, unsigned long value) { switch (regno >> 2) { case GS: if (value && (value & 3) != 3) return -EIO; child->thread.gs = value; return 0; case DS: case ES: case FS: if (value && (value & 3) != 3) return -EIO; value &= 0xffff; break; case SS: case CS: if ((value & 3) != 3) return -EIO; value &= 0xffff; break; case EFL: value &= FLAG_MASK; value |= get_stack_long(child, EFL_OFFSET) & ~FLAG_MASK; break; } if (regno > FS*4) regno -= 1*4; put_stack_long(child, regno, value); return 0; }",linux-2.6,,,9729222086253031522663545482133495741,0 4104,CWE-119,"void Huff_Compress(msg_t *mbuf, int offset) { int i, ch, size; byte seq[65536]; byte* buffer; huff_t huff; size = mbuf->cursize - offset; buffer = mbuf->data+ + offset; if (size<=0) { return; } Com_Memset(&huff, 0, sizeof(huff_t)); huff.tree = huff.lhead = huff.loc[NYT] = &(huff.nodeList[huff.blocNode++]); huff.tree->symbol = NYT; huff.tree->weight = 0; huff.lhead->next = huff.lhead->prev = NULL; huff.tree->parent = huff.tree->left = huff.tree->right = NULL; seq[0] = (size>>8); seq[1] = size&0xff; bloc = 16; for (i=0; icursize = (bloc>>3) + offset; Com_Memcpy(mbuf->data+offset, seq, (bloc>>3)); }",visit repo url,code/qcommon/huffman.c,https://github.com/ioquake/ioq3,114573770179634,1 5688,CWE-416,"void comps_rtree_unite(COMPS_RTree *rt1, COMPS_RTree *rt2) { COMPS_HSList *tmplist, *tmp_subnodes; COMPS_HSListItem *it; struct Pair { COMPS_HSList * subnodes; char * key; char added; } *pair, *parent_pair; pair = malloc(sizeof(struct Pair)); pair->subnodes = rt2->subnodes; pair->key = NULL; tmplist = comps_hslist_create(); comps_hslist_init(tmplist, NULL, NULL, &free); comps_hslist_append(tmplist, pair, 0); while (tmplist->first != NULL) { it = tmplist->first; comps_hslist_remove(tmplist, tmplist->first); tmp_subnodes = ((struct Pair*)it->data)->subnodes; parent_pair = (struct Pair*) it->data; free(it); for (it = tmp_subnodes->first; it != NULL; it=it->next) { pair = malloc(sizeof(struct Pair)); pair->subnodes = ((COMPS_RTreeData*)it->data)->subnodes; if (parent_pair->key != NULL) { pair->key = malloc(sizeof(char) * (strlen(((COMPS_RTreeData*)it->data)->key) + strlen(parent_pair->key) + 1)); memcpy(pair->key, parent_pair->key, sizeof(char) * strlen(parent_pair->key)); memcpy(pair->key + strlen(parent_pair->key), ((COMPS_RTreeData*)it->data)->key, sizeof(char)*(strlen(((COMPS_RTreeData*)it->data)->key)+1)); } else { pair->key = malloc(sizeof(char)* (strlen(((COMPS_RTreeData*)it->data)->key) +1)); memcpy(pair->key, ((COMPS_RTreeData*)it->data)->key, sizeof(char)*(strlen(((COMPS_RTreeData*)it->data)->key)+1)); } if (((COMPS_RTreeData*)it->data)->data != NULL) { comps_rtree_set(rt1, pair->key, rt2->data_cloner(((COMPS_RTreeData*)it->data)->data)); } if (((COMPS_RTreeData*)it->data)->subnodes->first) { comps_hslist_append(tmplist, pair, 0); } else { free(pair->key); free(pair); } } free(parent_pair->key); free(parent_pair); } comps_hslist_destroy(&tmplist); }",visit repo url,libcomps/src/comps_radix.c,https://github.com/rpm-software-management/libcomps,214816204829377,1 3304,['CWE-189'],"static int jas_iccputtime(jas_stream_t *out, jas_icctime_t *time) { jas_iccputuint16(out, time->year); jas_iccputuint16(out, time->month); jas_iccputuint16(out, time->day); jas_iccputuint16(out, time->hour); jas_iccputuint16(out, time->min); jas_iccputuint16(out, time->sec); return 0; }",jasper,,,182713124994362968867059105907452377243,0 255,CWE-362,"static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct inet_sock *inet = inet_sk(sk); struct sockaddr_l2tpip *addr = (struct sockaddr_l2tpip *) uaddr; struct net *net = sock_net(sk); int ret; int chk_addr_ret; if (!sock_flag(sk, SOCK_ZAPPED)) return -EINVAL; if (addr_len < sizeof(struct sockaddr_l2tpip)) return -EINVAL; if (addr->l2tp_family != AF_INET) return -EINVAL; ret = -EADDRINUSE; read_lock_bh(&l2tp_ip_lock); if (__l2tp_ip_bind_lookup(net, addr->l2tp_addr.s_addr, sk->sk_bound_dev_if, addr->l2tp_conn_id)) goto out_in_use; read_unlock_bh(&l2tp_ip_lock); lock_sock(sk); if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_l2tpip)) goto out; chk_addr_ret = inet_addr_type(net, addr->l2tp_addr.s_addr); ret = -EADDRNOTAVAIL; if (addr->l2tp_addr.s_addr && chk_addr_ret != RTN_LOCAL && chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST) goto out; if (addr->l2tp_addr.s_addr) inet->inet_rcv_saddr = inet->inet_saddr = addr->l2tp_addr.s_addr; if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST) inet->inet_saddr = 0; sk_dst_reset(sk); l2tp_ip_sk(sk)->conn_id = addr->l2tp_conn_id; write_lock_bh(&l2tp_ip_lock); sk_add_bind_node(sk, &l2tp_ip_bind_table); sk_del_node_init(sk); write_unlock_bh(&l2tp_ip_lock); ret = 0; sock_reset_flag(sk, SOCK_ZAPPED); out: release_sock(sk); return ret; out_in_use: read_unlock_bh(&l2tp_ip_lock); return ret; }",visit repo url,net/l2tp/l2tp_ip.c,https://github.com/torvalds/linux,96348929524646,1 4114,CWE-416,"_zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, bool local, zip_error_t *error) { zip_uint8_t buf[CDENTRYSIZE]; zip_uint16_t dostime, dosdate; zip_uint32_t size, variable_size; zip_uint16_t filename_len, comment_len, ef_len; bool from_buffer = (buffer != NULL); size = local ? LENTRYSIZE : CDENTRYSIZE; if (buffer) { if (_zip_buffer_left(buffer) < size) { zip_error_set(error, ZIP_ER_NOZIP, 0); return -1; } } else { if ((buffer = _zip_buffer_new_from_source(src, size, buf, error)) == NULL) { return -1; } } if (memcmp(_zip_buffer_get(buffer, 4), (local ? LOCAL_MAGIC : CENTRAL_MAGIC), 4) != 0) { zip_error_set(error, ZIP_ER_NOZIP, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } _zip_dirent_init(zde); if (!local) zde->version_madeby = _zip_buffer_get_16(buffer); else zde->version_madeby = 0; zde->version_needed = _zip_buffer_get_16(buffer); zde->bitflags = _zip_buffer_get_16(buffer); zde->comp_method = _zip_buffer_get_16(buffer); dostime = _zip_buffer_get_16(buffer); dosdate = _zip_buffer_get_16(buffer); zde->last_mod = _zip_d2u_time(dostime, dosdate); zde->crc = _zip_buffer_get_32(buffer); zde->comp_size = _zip_buffer_get_32(buffer); zde->uncomp_size = _zip_buffer_get_32(buffer); filename_len = _zip_buffer_get_16(buffer); ef_len = _zip_buffer_get_16(buffer); if (local) { comment_len = 0; zde->disk_number = 0; zde->int_attrib = 0; zde->ext_attrib = 0; zde->offset = 0; } else { comment_len = _zip_buffer_get_16(buffer); zde->disk_number = _zip_buffer_get_16(buffer); zde->int_attrib = _zip_buffer_get_16(buffer); zde->ext_attrib = _zip_buffer_get_32(buffer); zde->offset = _zip_buffer_get_32(buffer); } if (!_zip_buffer_ok(buffer)) { zip_error_set(error, ZIP_ER_INTERNAL, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (zde->bitflags & ZIP_GPBF_ENCRYPTED) { if (zde->bitflags & ZIP_GPBF_STRONG_ENCRYPTION) { zde->encryption_method = ZIP_EM_UNKNOWN; } else { zde->encryption_method = ZIP_EM_TRAD_PKWARE; } } else { zde->encryption_method = ZIP_EM_NONE; } zde->filename = NULL; zde->extra_fields = NULL; zde->comment = NULL; variable_size = (zip_uint32_t)filename_len+(zip_uint32_t)ef_len+(zip_uint32_t)comment_len; if (from_buffer) { if (_zip_buffer_left(buffer) < variable_size) { zip_error_set(error, ZIP_ER_INCONS, 0); return -1; } } else { _zip_buffer_free(buffer); if ((buffer = _zip_buffer_new_from_source(src, variable_size, NULL, error)) == NULL) { return -1; } } if (filename_len) { zde->filename = _zip_read_string(buffer, src, filename_len, 1, error); if (!zde->filename) { if (zip_error_code_zip(error) == ZIP_ER_EOF) { zip_error_set(error, ZIP_ER_INCONS, 0); } if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (zde->bitflags & ZIP_GPBF_ENCODING_UTF_8) { if (_zip_guess_encoding(zde->filename, ZIP_ENCODING_UTF8_KNOWN) == ZIP_ENCODING_ERROR) { zip_error_set(error, ZIP_ER_INCONS, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } } } if (ef_len) { zip_uint8_t *ef = _zip_read_data(buffer, src, ef_len, 0, error); if (ef == NULL) { if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (!_zip_ef_parse(ef, ef_len, local ? ZIP_EF_LOCAL : ZIP_EF_CENTRAL, &zde->extra_fields, error)) { free(ef); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } free(ef); if (local) zde->local_extra_fields_read = 1; } if (comment_len) { zde->comment = _zip_read_string(buffer, src, comment_len, 0, error); if (!zde->comment) { if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (zde->bitflags & ZIP_GPBF_ENCODING_UTF_8) { if (_zip_guess_encoding(zde->comment, ZIP_ENCODING_UTF8_KNOWN) == ZIP_ENCODING_ERROR) { zip_error_set(error, ZIP_ER_INCONS, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } } } zde->filename = _zip_dirent_process_ef_utf_8(zde, ZIP_EF_UTF_8_NAME, zde->filename); zde->comment = _zip_dirent_process_ef_utf_8(zde, ZIP_EF_UTF_8_COMMENT, zde->comment); if (zde->uncomp_size == ZIP_UINT32_MAX || zde->comp_size == ZIP_UINT32_MAX || zde->offset == ZIP_UINT32_MAX) { zip_uint16_t got_len; zip_buffer_t *ef_buffer; const zip_uint8_t *ef = _zip_ef_get_by_id(zde->extra_fields, &got_len, ZIP_EF_ZIP64, 0, local ? ZIP_EF_LOCAL : ZIP_EF_CENTRAL, error); if (ef == NULL) { if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if ((ef_buffer = _zip_buffer_new((zip_uint8_t *)ef, got_len)) == NULL) { zip_error_set(error, ZIP_ER_MEMORY, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (zde->uncomp_size == ZIP_UINT32_MAX) zde->uncomp_size = _zip_buffer_get_64(ef_buffer); else if (local) { (void)_zip_buffer_skip(ef_buffer, 8); } if (zde->comp_size == ZIP_UINT32_MAX) zde->comp_size = _zip_buffer_get_64(ef_buffer); if (!local) { if (zde->offset == ZIP_UINT32_MAX) zde->offset = _zip_buffer_get_64(ef_buffer); if (zde->disk_number == ZIP_UINT16_MAX) zde->disk_number = _zip_buffer_get_32(buffer); } if (!_zip_buffer_eof(ef_buffer)) { zip_error_set(error, ZIP_ER_INCONS, 0); _zip_buffer_free(ef_buffer); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } _zip_buffer_free(ef_buffer); } if (!_zip_buffer_ok(buffer)) { zip_error_set(error, ZIP_ER_INTERNAL, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (!from_buffer) { _zip_buffer_free(buffer); } if (zde->offset > ZIP_INT64_MAX) { zip_error_set(error, ZIP_ER_SEEK, EFBIG); return -1; } if (!_zip_dirent_process_winzip_aes(zde, error)) { if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } zde->extra_fields = _zip_ef_remove_internal(zde->extra_fields); return (zip_int64_t)(size + variable_size); }",visit repo url,lib/zip_dirent.c,https://github.com/nih-at/libzip,91723824183531,1 860,CWE-20,"static int recv_msg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t buf_len, int flags) { struct sock *sk = sock->sk; struct tipc_port *tport = tipc_sk_port(sk); struct sk_buff *buf; struct tipc_msg *msg; long timeout; unsigned int sz; u32 err; int res; if (unlikely(!buf_len)) return -EINVAL; lock_sock(sk); if (unlikely(sock->state == SS_UNCONNECTED)) { res = -ENOTCONN; goto exit; } m->msg_namelen = 0; timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); restart: while (skb_queue_empty(&sk->sk_receive_queue)) { if (sock->state == SS_DISCONNECTING) { res = -ENOTCONN; goto exit; } if (timeout <= 0L) { res = timeout ? timeout : -EWOULDBLOCK; goto exit; } release_sock(sk); timeout = wait_event_interruptible_timeout(*sk_sleep(sk), tipc_rx_ready(sock), timeout); lock_sock(sk); } buf = skb_peek(&sk->sk_receive_queue); msg = buf_msg(buf); sz = msg_data_sz(msg); err = msg_errcode(msg); if ((!sz) && (!err)) { advance_rx_queue(sk); goto restart; } set_orig_addr(m, msg); res = anc_data_recv(m, msg, tport); if (res) goto exit; if (!err) { if (unlikely(buf_len < sz)) { sz = buf_len; m->msg_flags |= MSG_TRUNC; } res = skb_copy_datagram_iovec(buf, msg_hdr_sz(msg), m->msg_iov, sz); if (res) goto exit; res = sz; } else { if ((sock->state == SS_READY) || ((err == TIPC_CONN_SHUTDOWN) || m->msg_control)) res = 0; else res = -ECONNRESET; } if (likely(!(flags & MSG_PEEK))) { if ((sock->state != SS_READY) && (++tport->conn_unacked >= TIPC_FLOW_CONTROL_WIN)) tipc_acknowledge(tport->ref, tport->conn_unacked); advance_rx_queue(sk); } exit: release_sock(sk); return res; }",visit repo url,net/tipc/socket.c,https://github.com/torvalds/linux,44234552273427,1 5580,[],"static inline int has_pending_signals(sigset_t *signal, sigset_t *blocked) { unsigned long ready; long i; switch (_NSIG_WORDS) { default: for (i = _NSIG_WORDS, ready = 0; --i >= 0 ;) ready |= signal->sig[i] &~ blocked->sig[i]; break; case 4: ready = signal->sig[3] &~ blocked->sig[3]; ready |= signal->sig[2] &~ blocked->sig[2]; ready |= signal->sig[1] &~ blocked->sig[1]; ready |= signal->sig[0] &~ blocked->sig[0]; break; case 2: ready = signal->sig[1] &~ blocked->sig[1]; ready |= signal->sig[0] &~ blocked->sig[0]; break; case 1: ready = signal->sig[0] &~ blocked->sig[0]; } return ready != 0; }",linux-2.6,,,85273992490003447006975923416429662015,0 4071,CWE-125,"static RList *r_bin_wasm_get_element_entries (RBinWasmObj *bin, RBinWasmSection *sec) { RList *ret = NULL; RBinWasmElementEntry *ptr = NULL; if (!(ret = r_list_newf ((RListFree)free))) { return NULL; } ut8* buf = bin->buf->buf + (ut32)sec->payload_data; ut32 len = sec->payload_len; ut32 count = sec->count; ut32 i = 0, r = 0; while (i < len && r < count) { if (!(ptr = R_NEW0 (RBinWasmElementEntry))) { return ret; } if (!(consume_u32 (buf + i, buf + len, &ptr->index, &i))) { free (ptr); return ret; } if (!(consume_init_expr (buf + i, buf + len, R_BIN_WASM_END_OF_CODE, NULL, &i))) { free (ptr); return ret; } if (!(consume_u32 (buf + i, buf + len, &ptr->num_elem, &i))) { free (ptr); return ret; } ut32 j = 0; while (i < len && j < ptr->num_elem ) { ut32 e; if (!(consume_u32 (buf + i, buf + len, &e, &i))) { free (ptr); return ret; } } r_list_append (ret, ptr); r += 1; } return ret; }",visit repo url,libr/bin/format/wasm/wasm.c,https://github.com/radare/radare2,100756134048599,1 4435,['CWE-264'],"void sock_prot_inuse_add(struct net *net, struct proto *prot, int val) { __get_cpu_var(prot_inuse).val[prot->inuse_idx] += val; }",linux-2.6,,,180789438444492851607026005889939895,0 6435,[],"lt_dladvise_resident (lt_dladvise *padvise) { assert (padvise && *padvise); (*padvise)->is_resident = 1; return 0; }",libtool,,,175562667016187919912057007861293873608,0 5186,CWE-125,"TfLiteStatus Prepare(TfLiteContext* context, TfLiteNode* node) { const auto* params = reinterpret_cast( node->builtin_data); TF_LITE_ENSURE_EQ(context, node->inputs->size, 12); TF_LITE_ENSURE_EQ(context, node->outputs->size, params->merge_outputs ? 1 : 2); const TfLiteTensor* input = GetInput(context, node, kInputTensor); const TfLiteTensor* fw_input_weights = GetInput(context, node, kFwWeightsTensor); const TfLiteTensor* fw_recurrent_weights = GetInput(context, node, kFwRecurrentWeightsTensor); const TfLiteTensor* fw_bias = GetInput(context, node, kFwBiasTensor); const TfLiteTensor* fw_hidden_state = GetInput(context, node, kFwHiddenStateTensor); const TfLiteTensor* bw_input_weights = GetInput(context, node, kBwWeightsTensor); const TfLiteTensor* bw_recurrent_weights = GetInput(context, node, kBwRecurrentWeightsTensor); const TfLiteTensor* bw_bias = GetInput(context, node, kBwBiasTensor); const TfLiteTensor* bw_hidden_state = GetInput(context, node, kBwHiddenStateTensor); const TfLiteTensor* aux_input = GetOptionalInputTensor(context, node, kAuxInputTensor); const TfLiteTensor* fw_aux_input_weights = GetOptionalInputTensor(context, node, kFwAuxWeightsTensor); const TfLiteTensor* bw_aux_input_weights = GetOptionalInputTensor(context, node, kBwAuxWeightsTensor); const bool aux_inputs_weights_or_none = ((fw_aux_input_weights != nullptr) && (bw_aux_input_weights != nullptr)) || ((fw_aux_input_weights == nullptr) && (bw_aux_input_weights == nullptr)); TF_LITE_ENSURE(context, aux_inputs_weights_or_none); const bool has_aux_input = (fw_aux_input_weights != nullptr); TF_LITE_ENSURE_TYPES_EQ(context, input->type, kTfLiteFloat32); TF_LITE_ENSURE_EQ(context, input->dims->size, 3); const bool time_major = params->time_major; const int batch_size = (time_major) ? input->dims->data[1] : input->dims->data[0]; const int max_time = (time_major) ? input->dims->data[0] : input->dims->data[1]; const int fw_num_units = fw_input_weights->dims->data[0]; const int bw_num_units = bw_input_weights->dims->data[0]; TF_LITE_ENSURE_EQ(context, input->dims->data[2], fw_input_weights->dims->data[1]); TF_LITE_ENSURE_EQ(context, input->dims->data[2], bw_input_weights->dims->data[1]); TF_LITE_ENSURE_EQ(context, fw_input_weights->dims->data[0], fw_bias->dims->data[0]); TF_LITE_ENSURE_EQ(context, bw_input_weights->dims->data[0], bw_bias->dims->data[0]); TF_LITE_ENSURE_EQ(context, fw_recurrent_weights->dims->data[0], fw_bias->dims->data[0]); TF_LITE_ENSURE_EQ(context, bw_recurrent_weights->dims->data[1], bw_bias->dims->data[0]); TF_LITE_ENSURE_EQ(context, NumDimensions(fw_hidden_state), 2); TF_LITE_ENSURE_EQ(context, fw_hidden_state->dims->data[0], batch_size); TF_LITE_ENSURE_EQ(context, fw_hidden_state->dims->data[1], fw_num_units); TF_LITE_ENSURE_EQ(context, NumDimensions(bw_hidden_state), 2); TF_LITE_ENSURE_EQ(context, bw_hidden_state->dims->data[0], batch_size); TF_LITE_ENSURE_EQ(context, bw_hidden_state->dims->data[1], bw_num_units); if (has_aux_input) { TF_LITE_ASSERT_EQ(aux_input->dims->data[0], input->dims->data[0]); TF_LITE_ASSERT_EQ(aux_input->dims->data[1], input->dims->data[1]); TF_LITE_ASSERT_EQ(fw_aux_input_weights->dims->data[0], fw_num_units); TF_LITE_ASSERT_EQ(bw_aux_input_weights->dims->data[0], bw_num_units); TF_LITE_ASSERT_EQ(aux_input->dims->data[2], fw_aux_input_weights->dims->data[1]); TF_LITE_ASSERT_EQ(aux_input->dims->data[2], bw_aux_input_weights->dims->data[1]); } if (IsHybridOp(input, fw_input_weights)) { OpData* op_data = reinterpret_cast(node->user_data); op_data->fw_compute_row_sums = true; op_data->bw_compute_row_sums = true; TfLiteIntArrayFree(node->temporaries); if (has_aux_input) { node->temporaries = TfLiteIntArrayCreate(kNumTemporaryTensors); } else { node->temporaries = TfLiteIntArrayCreate(kNumTemporaryTensors - 1); } node->temporaries->data[kInputQuantized] = op_data->scratch_tensor_index + kInputQuantized; TfLiteTensor* input_quantized = GetTemporary(context, node, kInputQuantized); input_quantized->type = fw_input_weights->type; input_quantized->allocation_type = kTfLiteArenaRw; if (!TfLiteIntArrayEqual(input_quantized->dims, input->dims)) { TfLiteIntArray* input_quantized_size = TfLiteIntArrayCopy(input->dims); TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, input_quantized, input_quantized_size)); } node->temporaries->data[kFwHiddenStateQuantized] = op_data->scratch_tensor_index + kFwHiddenStateQuantized; TfLiteTensor* fw_hidden_state_quantized = GetTemporary(context, node, kFwHiddenStateQuantized); fw_hidden_state_quantized->type = fw_input_weights->type; fw_hidden_state_quantized->allocation_type = kTfLiteArenaRw; if (!TfLiteIntArrayEqual(fw_hidden_state_quantized->dims, fw_hidden_state->dims)) { TfLiteIntArray* fw_hidden_state_quantized_size = TfLiteIntArrayCopy(fw_hidden_state->dims); TF_LITE_ENSURE_OK( context, context->ResizeTensor(context, fw_hidden_state_quantized, fw_hidden_state_quantized_size)); } node->temporaries->data[kBwHiddenStateQuantized] = op_data->scratch_tensor_index + kBwHiddenStateQuantized; TfLiteTensor* bw_hidden_state_quantized = GetTemporary(context, node, kBwHiddenStateQuantized); bw_hidden_state_quantized->type = fw_input_weights->type; bw_hidden_state_quantized->allocation_type = kTfLiteArenaRw; if (!TfLiteIntArrayEqual(bw_hidden_state_quantized->dims, bw_hidden_state->dims)) { TfLiteIntArray* bw_hidden_state_quantized_size = TfLiteIntArrayCopy(bw_hidden_state->dims); TF_LITE_ENSURE_OK( context, context->ResizeTensor(context, bw_hidden_state_quantized, bw_hidden_state_quantized_size)); } node->temporaries->data[kScalingFactors] = op_data->scratch_tensor_index + kScalingFactors; TfLiteTensor* scaling_factors = GetTemporary(context, node, kScalingFactors); scaling_factors->type = kTfLiteFloat32; scaling_factors->allocation_type = kTfLiteArenaRw; int scaling_dims[1] = {batch_size}; if (!TfLiteIntArrayEqualsArray(scaling_factors->dims, 1, scaling_dims)) { TfLiteIntArray* scaling_factors_size = TfLiteIntArrayCreate(1); scaling_factors_size->data[0] = batch_size; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, scaling_factors, scaling_factors_size)); } node->temporaries->data[kAccumScratch] = op_data->scratch_tensor_index + kAccumScratch; TfLiteTensor* accum_scratch = GetTemporary(context, node, kAccumScratch); accum_scratch->type = kTfLiteInt32; accum_scratch->allocation_type = kTfLiteArenaRw; int accum_scratch_dims[2] = {std::max(fw_num_units, bw_num_units), batch_size}; if (!TfLiteIntArrayEqualsArray(accum_scratch->dims, 2, accum_scratch_dims)) { TfLiteIntArray* accum_scratch_size = TfLiteIntArrayCreate(2); accum_scratch_size->data[0] = accum_scratch_dims[0]; accum_scratch_size->data[1] = accum_scratch_dims[1]; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, accum_scratch, accum_scratch_size)); } node->temporaries->data[kZeroPoints] = op_data->scratch_tensor_index + kZeroPoints; TfLiteTensor* zero_points = GetTemporary(context, node, kZeroPoints); zero_points->type = kTfLiteInt32; zero_points->allocation_type = kTfLiteArenaRw; int zero_points_dims[1] = {batch_size}; if (!TfLiteIntArrayEqualsArray(zero_points->dims, 1, zero_points_dims)) { TfLiteIntArray* zero_points_size = TfLiteIntArrayCreate(1); zero_points_size->data[0] = batch_size; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, zero_points, zero_points_size)); } const int num_row_sums = has_aux_input ? 3 : 2; node->temporaries->data[kFwRowSums] = op_data->scratch_tensor_index + kFwRowSums; TfLiteTensor* fw_row_sums = GetTemporary(context, node, kFwRowSums); fw_row_sums->type = kTfLiteInt32; fw_row_sums->allocation_type = kTfLiteArenaRwPersistent; int fw_row_sums_dims[2] = {num_row_sums, fw_num_units}; if (!TfLiteIntArrayEqualsArray(fw_row_sums->dims, 2, fw_row_sums_dims)) { TfLiteIntArray* fw_row_sums_size = TfLiteIntArrayCreate(2); fw_row_sums_size->data[0] = fw_row_sums_dims[0]; fw_row_sums_size->data[1] = fw_row_sums_dims[1]; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, fw_row_sums, fw_row_sums_size)); } node->temporaries->data[kBwRowSums] = op_data->scratch_tensor_index + kBwRowSums; TfLiteTensor* bw_row_sums = GetTemporary(context, node, kBwRowSums); bw_row_sums->type = kTfLiteInt32; bw_row_sums->allocation_type = kTfLiteArenaRwPersistent; int bw_row_sums_dims[2] = {num_row_sums, bw_num_units}; if (!TfLiteIntArrayEqualsArray(bw_row_sums->dims, 2, bw_row_sums_dims)) { TfLiteIntArray* bw_row_sums_size = TfLiteIntArrayCreate(2); bw_row_sums_size->data[0] = bw_row_sums_dims[0]; bw_row_sums_size->data[1] = bw_row_sums_dims[1]; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, bw_row_sums, bw_row_sums_size)); } if (has_aux_input) { node->temporaries->data[kAuxInputQuantized] = op_data->scratch_tensor_index + kAuxInputQuantized; TfLiteTensor* aux_input_quantized = GetTemporary(context, node, kAuxInputQuantized); aux_input_quantized->type = fw_input_weights->type; aux_input_quantized->allocation_type = kTfLiteArenaRw; if (!TfLiteIntArrayEqual(aux_input_quantized->dims, aux_input->dims)) { TfLiteIntArray* aux_input_quantized_size = TfLiteIntArrayCopy(aux_input->dims); TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, aux_input_quantized, aux_input_quantized_size)); } } } TfLiteTensor* fw_output = GetOutput(context, node, kFwOutputTensor); TfLiteIntArray* fw_output_size_array = TfLiteIntArrayCreate(3); fw_output_size_array->data[0] = (time_major) ? max_time : batch_size; fw_output_size_array->data[1] = (time_major) ? batch_size : max_time; fw_output_size_array->data[2] = params->merge_outputs ? fw_num_units + bw_num_units : fw_num_units; TF_LITE_ENSURE_OK( context, context->ResizeTensor(context, fw_output, fw_output_size_array)); if (!params->merge_outputs) { TfLiteTensor* bw_output = GetOutput(context, node, kBwOutputTensor); TfLiteIntArray* bw_output_size_array = TfLiteIntArrayCreate(3); bw_output_size_array->data[0] = batch_size; bw_output_size_array->data[1] = max_time; bw_output_size_array->data[2] = bw_num_units; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, bw_output, bw_output_size_array)); } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/bidirectional_sequence_rnn.cc,https://github.com/tensorflow/tensorflow,59136426851253,1 1107,CWE-362,"void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) { struct iphdr *iph; int room; struct icmp_bxm icmp_param; struct rtable *rt = skb_rtable(skb_in); struct ipcm_cookie ipc; __be32 saddr; u8 tos; struct net *net; struct sock *sk; if (!rt) goto out; net = dev_net(rt->dst.dev); iph = ip_hdr(skb_in); if ((u8 *)iph < skb_in->head || (skb_in->network_header + sizeof(*iph)) > skb_in->tail) goto out; if (skb_in->pkt_type != PACKET_HOST) goto out; if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) goto out; if (iph->frag_off & htons(IP_OFFSET)) goto out; if (icmp_pointers[type].error) { if (iph->protocol == IPPROTO_ICMP) { u8 _inner_type, *itp; itp = skb_header_pointer(skb_in, skb_network_header(skb_in) + (iph->ihl << 2) + offsetof(struct icmphdr, type) - skb_in->data, sizeof(_inner_type), &_inner_type); if (itp == NULL) goto out; if (*itp > NR_ICMP_TYPES || icmp_pointers[*itp].error) goto out; } } sk = icmp_xmit_lock(net); if (sk == NULL) return; saddr = iph->daddr; if (!(rt->rt_flags & RTCF_LOCAL)) { struct net_device *dev = NULL; rcu_read_lock(); if (rt_is_input_route(rt) && net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr) dev = dev_get_by_index_rcu(net, rt->rt_iif); if (dev) saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK); else saddr = 0; rcu_read_unlock(); } tos = icmp_pointers[type].error ? ((iph->tos & IPTOS_TOS_MASK) | IPTOS_PREC_INTERNETCONTROL) : iph->tos; if (ip_options_echo(&icmp_param.replyopts, skb_in)) goto out_unlock; icmp_param.data.icmph.type = type; icmp_param.data.icmph.code = code; icmp_param.data.icmph.un.gateway = info; icmp_param.data.icmph.checksum = 0; icmp_param.skb = skb_in; icmp_param.offset = skb_network_offset(skb_in); inet_sk(sk)->tos = tos; ipc.addr = iph->saddr; ipc.opt = &icmp_param.replyopts; ipc.tx_flags = 0; rt = icmp_route_lookup(net, skb_in, iph, saddr, tos, type, code, &icmp_param); if (IS_ERR(rt)) goto out_unlock; if (!icmpv4_xrlim_allow(net, rt, type, code)) goto ende; room = dst_mtu(&rt->dst); if (room > 576) room = 576; room -= sizeof(struct iphdr) + icmp_param.replyopts.optlen; room -= sizeof(struct icmphdr); icmp_param.data_len = skb_in->len - icmp_param.offset; if (icmp_param.data_len > room) icmp_param.data_len = room; icmp_param.head_len = sizeof(struct icmphdr); icmp_push_reply(&icmp_param, &ipc, &rt); ende: ip_rt_put(rt); out_unlock: icmp_xmit_unlock(sk); out:; }",visit repo url,net/ipv4/icmp.c,https://github.com/torvalds/linux,139672409883503,1 4006,CWE-787,"static int decode_font(ASS_Track *track) { unsigned char *p; unsigned char *q; size_t i; size_t size; size_t dsize; unsigned char *buf = 0; ass_msg(track->library, MSGL_V, ""Font: %d bytes encoded data"", track->parser_priv->fontdata_used); size = track->parser_priv->fontdata_used; if (size % 4 == 1) { ass_msg(track->library, MSGL_ERR, ""Bad encoded data size""); goto error_decode_font; } buf = malloc(size / 4 * 3 + FFMAX(size % 4 - 1, 0)); if (!buf) goto error_decode_font; q = buf; for (i = 0, p = (unsigned char *) track->parser_priv->fontdata; i < size / 4; i++, p += 4) { q = decode_chars(p, q, 4); } if (size % 4 == 2) { q = decode_chars(p, q, 2); } else if (size % 4 == 3) { q = decode_chars(p, q, 3); } dsize = q - buf; assert(dsize == size / 4 * 3 + FFMAX(size % 4 - 1, 0)); if (track->library->extract_fonts) { ass_add_font(track->library, track->parser_priv->fontname, (char *) buf, dsize); } error_decode_font: free(buf); reset_embedded_font_parsing(track->parser_priv); return 0; }",visit repo url,libass/ass.c,https://github.com/libass/libass,240713828885715,1 2919,['CWE-189'],"static int jas_iccputxyz(jas_stream_t *out, jas_iccxyz_t *xyz) { jas_iccputuint32(out, xyz->x); jas_iccputuint32(out, xyz->y); jas_iccputuint32(out, xyz->z); return 0; }",jasper,,,130253500748917801308666795632082295385,0 5649,['CWE-476'],"static int udpv6_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { if (level != SOL_UDP) return ipv6_getsockopt(sk, level, optname, optval, optlen); return do_udpv6_getsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,187455200946553606102850697733114609092,0 5771,['CWE-200'],"static void __exit rose_exit(void) { int i; proc_net_remove(&init_net, ""rose""); proc_net_remove(&init_net, ""rose_neigh""); proc_net_remove(&init_net, ""rose_nodes""); proc_net_remove(&init_net, ""rose_routes""); rose_loopback_clear(); rose_rt_free(); ax25_protocol_release(AX25_P_ROSE); ax25_linkfail_release(&rose_linkfail_notifier); if (ax25cmp(&rose_callsign, &null_ax25_address) != 0) ax25_listen_release(&rose_callsign, NULL); #ifdef CONFIG_SYSCTL rose_unregister_sysctl(); #endif unregister_netdevice_notifier(&rose_dev_notifier); sock_unregister(PF_ROSE); for (i = 0; i < rose_ndevs; i++) { struct net_device *dev = dev_rose[i]; if (dev) { unregister_netdev(dev); free_netdev(dev); } } kfree(dev_rose); proto_unregister(&rose_proto); }",linux-2.6,,,76749254056112988543645188377922290661,0 5891,['CWE-200'],"static void nr_remove_socket(struct sock *sk) { spin_lock_bh(&nr_list_lock); sk_del_node_init(sk); spin_unlock_bh(&nr_list_lock); }",linux-2.6,,,171323064697436185405029715344915054853,0 3834,CWE-122,"skip_string(char_u *p) { int i; for ( ; ; ++p) { if (p[0] == '\'') { if (p[1] == NUL) break; i = 2; if (p[1] == '\\' && p[2] != NUL) { ++i; while (vim_isdigit(p[i - 1])) ++i; } if (p[i] == '\'') { p += i; continue; } } else if (p[0] == '""') { for (++p; p[0]; ++p) { if (p[0] == '\\' && p[1] != NUL) ++p; else if (p[0] == '""') break; } if (p[0] == '""') continue; } else if (p[0] == 'R' && p[1] == '""') { char_u *delim = p + 2; char_u *paren = vim_strchr(delim, '('); if (paren != NULL) { size_t delim_len = paren - delim; for (p += 3; *p; ++p) if (p[0] == ')' && STRNCMP(p + 1, delim, delim_len) == 0 && p[delim_len + 1] == '""') { p += delim_len + 1; break; } if (p[0] == '""') continue; } } break; } if (!*p) --p; return p; }",visit repo url,src/cindent.c,https://github.com/vim/vim,59574482629001,1 6580,NVD-CWE-Other,"static char *clean_path(char *path) { char *ch; char *ch2; char *str; str = xmalloc(strlen(path)); ch = path; ch2 = str; while (true) { *ch2 = *ch; ch++; ch2++; if (!*(ch-1)) break; while (*(ch - 1) == '/' && *ch == '/') ch++; } while ((ch = strrchr(str, '/'))) { if (ch == str) break; if (!*(ch+1)) *ch = 0; else break; } return str; }",visit repo url,src/rc/checkpath.c,https://github.com/OpenRC/openrc,122966127694324,1 2036,CWE-416,"static irqreturn_t sunkbd_interrupt(struct serio *serio, unsigned char data, unsigned int flags) { struct sunkbd *sunkbd = serio_get_drvdata(serio); if (sunkbd->reset <= -1) { sunkbd->reset = data; wake_up_interruptible(&sunkbd->wait); goto out; } if (sunkbd->layout == -1) { sunkbd->layout = data; wake_up_interruptible(&sunkbd->wait); goto out; } switch (data) { case SUNKBD_RET_RESET: schedule_work(&sunkbd->tq); sunkbd->reset = -1; break; case SUNKBD_RET_LAYOUT: sunkbd->layout = -1; break; case SUNKBD_RET_ALLUP: break; default: if (!sunkbd->enabled) break; if (sunkbd->keycode[data & SUNKBD_KEY]) { input_report_key(sunkbd->dev, sunkbd->keycode[data & SUNKBD_KEY], !(data & SUNKBD_RELEASE)); input_sync(sunkbd->dev); } else { printk(KERN_WARNING ""sunkbd.c: Unknown key (scancode %#x) %s.\n"", data & SUNKBD_KEY, data & SUNKBD_RELEASE ? ""released"" : ""pressed""); } } out: return IRQ_HANDLED; }",visit repo url,drivers/input/keyboard/sunkbd.c,https://github.com/torvalds/linux,107117930795457,1 3747,[],"static inline void unix_release_addr(struct unix_address *addr) { if (atomic_dec_and_test(&addr->refcnt)) kfree(addr); }",linux-2.6,,,281557260140213488863299228596964347739,0 3465,NVD-CWE-noinfo,"static void usage(void) { PRINT_VERSION; puts(""Copyright (c) 2011, Oracle and/or its affiliates. "" ""All rights reserved.\n""); puts(""Enable or disable plugins.""); printf(""\nUsage: %s [options] ENABLE|DISABLE\n\nOptions:\n"", my_progname); my_print_help(my_long_options); puts(""\n""); }",visit repo url,client/mysql_plugin.c,https://github.com/mysql/mysql-server,274694815395046,1 5163,CWE-125,"ast_for_arguments(struct compiling *c, const node *n) { int i, j, k, nposargs = 0, nkwonlyargs = 0; int nposdefaults = 0, found_default = 0; asdl_seq *posargs, *posdefaults, *kwonlyargs, *kwdefaults; arg_ty vararg = NULL, kwarg = NULL; arg_ty arg = NULL; node *ch; if (TYPE(n) == parameters) { if (NCH(n) == 2) return arguments(NULL, NULL, NULL, NULL, NULL, NULL, c->c_arena); n = CHILD(n, 1); } assert(TYPE(n) == typedargslist || TYPE(n) == varargslist); for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == STAR) { i++; if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { i++; } break; } if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == vfpdef || TYPE(ch) == tfpdef) nposargs++; if (TYPE(ch) == EQUAL) nposdefaults++; } for ( ; i < NCH(n); ++i) { ch = CHILD(n, i); if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == tfpdef || TYPE(ch) == vfpdef) nkwonlyargs++; } posargs = (nposargs ? _Py_asdl_seq_new(nposargs, c->c_arena) : NULL); if (!posargs && nposargs) return NULL; kwonlyargs = (nkwonlyargs ? _Py_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwonlyargs && nkwonlyargs) return NULL; posdefaults = (nposdefaults ? _Py_asdl_seq_new(nposdefaults, c->c_arena) : NULL); if (!posdefaults && nposdefaults) return NULL; kwdefaults = (nkwonlyargs ? _Py_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwdefaults && nkwonlyargs) return NULL; i = 0; j = 0; k = 0; while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case tfpdef: case vfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expr_ty expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) return NULL; assert(posdefaults != NULL); asdl_seq_SET(posdefaults, j++, expression); i += 2; found_default = 1; } else if (found_default) { ast_error(c, n, ""non-default argument follows default argument""); return NULL; } arg = ast_for_arg(c, ch); if (!arg) return NULL; asdl_seq_SET(posargs, k++, arg); i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; break; case STAR: if (i+1 >= NCH(n) || (i+2 == NCH(n) && (TYPE(CHILD(n, i+1)) == COMMA || TYPE(CHILD(n, i+1)) == TYPE_COMMENT))) { ast_error(c, CHILD(n, i), ""named arguments must follow bare *""); return NULL; } ch = CHILD(n, i+1); if (TYPE(ch) == COMMA) { int res = 0; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { ast_error(c, CHILD(n, i), ""bare * has associated type comment""); return NULL; } res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } else { vararg = ast_for_arg(c, ch); if (!vararg) return NULL; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { vararg->type_comment = NEW_TYPE_COMMENT(CHILD(n, i)); if (!vararg->type_comment) return NULL; i += 1; } if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { int res = 0; res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } } break; case DOUBLESTAR: ch = CHILD(n, i+1); assert(TYPE(ch) == tfpdef || TYPE(ch) == vfpdef); kwarg = ast_for_arg(c, ch); if (!kwarg) return NULL; i += 2; if (TYPE(CHILD(n, i)) == COMMA) i += 1; break; case TYPE_COMMENT: assert(i); if (kwarg) arg = kwarg; arg->type_comment = NEW_TYPE_COMMENT(ch); if (!arg->type_comment) return NULL; i += 1; break; default: PyErr_Format(PyExc_SystemError, ""unexpected node in varargslist: %d @ %d"", TYPE(ch), i); return NULL; } } return arguments(posargs, vararg, kwonlyargs, kwdefaults, kwarg, posdefaults, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,99696554721392,1 5263,CWE-323,"static int oidc_cache_crypto_encrypt_impl(request_rec *r, unsigned char *plaintext, int plaintext_len, const unsigned char *aad, int aad_len, unsigned char *key, const unsigned char *iv, int iv_len, unsigned char *ciphertext, const unsigned char *tag, int tag_len) { EVP_CIPHER_CTX *ctx; int len; int ciphertext_len; if (!(ctx = EVP_CIPHER_CTX_new())) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_new""); return -1; } if (!EVP_EncryptInit_ex(ctx, OIDC_CACHE_CIPHER, NULL, NULL, NULL)) { oidc_cache_crypto_openssl_error(r, ""EVP_EncryptInit_ex""); return -1; } if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_SET_IVLEN, iv_len, NULL)) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_ctrl""); return -1; } if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) { oidc_cache_crypto_openssl_error(r, ""EVP_EncryptInit_ex""); return -1; } if (!EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptUpdate aad: aad_len=%d"", aad_len); return -1; } if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) { oidc_cache_crypto_openssl_error(r, ""EVP_EncryptUpdate ciphertext""); return -1; } ciphertext_len = len; if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) { oidc_cache_crypto_openssl_error(r, ""EVP_EncryptFinal_ex""); return -1; } ciphertext_len += len; if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_GET_TAG, tag_len, (void *) tag)) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_ctrl""); return -1; } EVP_CIPHER_CTX_free(ctx); return ciphertext_len; }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,176856116245140,1 5390,CWE-125,"double GetGPMFSampleRate(size_t handle, uint32_t fourcc, uint32_t flags) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return 0.0; GPMF_stream metadata_stream, *ms = &metadata_stream; uint32_t teststart = 0; uint32_t testend = mp4->indexcount; double rate = 0.0; if (mp4->indexcount < 1) return 0.0; if (mp4->indexcount > 3) { teststart++; testend--; } uint32_t *payload = GetPayload(handle, NULL, teststart); uint32_t payloadsize = GetPayloadSize(handle, teststart); int32_t ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; { uint32_t startsamples = 0; uint32_t endsamples = 0; uint32_t missing_samples = 0; while (ret == GPMF_OK && GPMF_OK != GPMF_FindNext(ms, fourcc, GPMF_RECURSE_LEVELS)) { missing_samples = 1; teststart++; payload = GetPayload(handle, payload, teststart); payloadsize = GetPayloadSize(handle, teststart); ret = GPMF_Init(ms, payload, payloadsize); } if (missing_samples) { teststart++; payload = GetPayload(handle, payload, teststart); payloadsize = GetPayloadSize(handle, teststart); ret = GPMF_Init(ms, payload, payloadsize); } if (ret == GPMF_OK) { uint32_t samples = GPMF_Repeat(ms); GPMF_stream find_stream; GPMF_CopyState(ms, &find_stream); if (!(flags & GPMF_SAMPLE_RATE_PRECISE) && GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TOTAL_SAMPLES, GPMF_CURRENT_LEVEL)) { startsamples = BYTESWAP32(*(uint32_t *)GPMF_RawData(&find_stream)) - samples; payload = GetPayload(handle, payload, testend); payloadsize = GetPayloadSize(handle, testend); ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; if (GPMF_OK == GPMF_FindNext(ms, fourcc, GPMF_RECURSE_LEVELS)) { GPMF_CopyState(ms, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TOTAL_SAMPLES, GPMF_CURRENT_LEVEL)) { endsamples = BYTESWAP32(*(uint32_t *)GPMF_RawData(&find_stream)); rate = (double)(endsamples - startsamples) / (mp4->metadatalength * ((double)(testend - teststart + 1)) / (double)mp4->indexcount); goto cleanup; } } rate = (double)(samples) / (mp4->metadatalength * ((double)(testend - teststart + 1)) / (double)mp4->indexcount); } else { uint32_t payloadpos = 0, payloadcount = 0; double slope, top = 0.0, bot = 0.0, meanX = 0, meanY = 0; uint32_t *repeatarray = malloc(mp4->indexcount * 4 + 4); memset(repeatarray, 0, mp4->indexcount * 4 + 4); samples = 0; for (payloadpos = teststart; payloadpos < testend; payloadcount++, payloadpos++) { payload = GetPayload(handle, payload, payloadpos); payloadsize = GetPayloadSize(handle, payloadpos); ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; if (GPMF_OK == GPMF_FindNext(ms, fourcc, GPMF_RECURSE_LEVELS)) { GPMF_stream find_stream2; GPMF_CopyState(ms, &find_stream2); if (GPMF_OK == GPMF_FindNext(&find_stream2, fourcc, GPMF_CURRENT_LEVEL)) { if (repeatarray) { float in, out; do { samples++; } while (GPMF_OK == GPMF_FindNext(ms, fourcc, GPMF_CURRENT_LEVEL)); repeatarray[payloadpos] = samples; meanY += (double)samples; GetPayloadTime(handle, payloadpos, &in, &out); meanX += out; } } else { uint32_t repeat = GPMF_Repeat(ms); samples += repeat; if (repeatarray) { float in, out; repeatarray[payloadpos] = samples; meanY += (double)samples; GetPayloadTime(handle, payloadpos, &in, &out); meanX += out; } } } } if (repeatarray) { meanY /= (double)payloadcount; meanX /= (double)payloadcount; for (payloadpos = teststart; payloadpos < testend; payloadpos++) { float in, out; GetPayloadTime(handle, payloadpos, &in, &out); top += ((double)out - meanX)*((double)repeatarray[payloadpos] - meanY); bot += ((double)out - meanX)*((double)out - meanX); } slope = top / bot; #if 0 { double intercept; intercept = meanY - slope*meanX; printf(""%c%c%c%c start offset = %f (%.3fms)\n"", PRINTF_4CC(fourcc), intercept, 1000.0 * intercept / slope); } #endif rate = slope; } else { rate = (double)(samples) / (mp4->metadatalength * ((double)(testend - teststart + 1)) / (double)mp4->indexcount); } free(repeatarray); goto cleanup; } } } cleanup: if (payload) { FreePayload(payload); payload = NULL; } return rate; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,227559842246580,1 3451,['CWE-20'],"_dbus_validate_signature (const DBusString *str, int start, int len) { _dbus_assert (start >= 0); _dbus_assert (start <= _dbus_string_get_length (str)); _dbus_assert (len >= 0); if (len > _dbus_string_get_length (str) - start) return FALSE; return _dbus_validate_signature_with_reason (str, start, len) == DBUS_VALID; }",dbus,,,184226274172129119848831716458113257391,0 4634,['CWE-399'],"static int mpage_da_map_blocks(struct mpage_da_data *mpd) { int err = 0; struct buffer_head new; struct buffer_head *lbh = &mpd->lbh; sector_t next; if (buffer_mapped(lbh) && !buffer_delay(lbh)) return 0; new.b_state = lbh->b_state; new.b_blocknr = 0; new.b_size = lbh->b_size; next = lbh->b_blocknr; if (!new.b_size) return 0; err = mpd->get_block(mpd->inode, next, &new, 1); if (err) { if (err == -EAGAIN) return 0; if (err == -ENOSPC && ext4_count_free_blocks(mpd->inode->i_sb)) { mpd->retval = err; return 0; } printk(KERN_EMERG ""%s block allocation failed for inode %lu "" ""at logical offset %llu with max blocks "" ""%zd with error %d\n"", __func__, mpd->inode->i_ino, (unsigned long long)next, lbh->b_size >> mpd->inode->i_blkbits, err); printk(KERN_EMERG ""This should not happen.!! "" ""Data will be lost\n""); if (err == -ENOSPC) { ext4_print_free_blocks(mpd->inode); } ext4_da_block_invalidatepages(mpd, next, lbh->b_size >> mpd->inode->i_blkbits); return err; } BUG_ON(new.b_size == 0); if (buffer_new(&new)) __unmap_underlying_blocks(mpd->inode, &new); if (buffer_delay(lbh) || buffer_unwritten(lbh)) mpage_put_bnr_to_bhs(mpd, next, &new); return 0; }",linux-2.6,,,171007103853912304262138766964325451199,0 4569,CWE-119,"int mp4client_main(int argc, char **argv) { char c; const char *str; int ret_val = 0; u32 i, times[100], nb_times, dump_mode; u32 simulation_time_in_ms = 0; u32 initial_service_id = 0; Bool auto_exit = GF_FALSE; Bool logs_set = GF_FALSE; Bool start_fs = GF_FALSE; Bool use_rtix = GF_FALSE; Bool pause_at_first = GF_FALSE; Bool no_cfg_save = GF_FALSE; Bool is_cfg_only = GF_FALSE; Double play_from = 0; #ifdef GPAC_MEMORY_TRACKING GF_MemTrackerType mem_track = GF_MemTrackerNone; #endif Double fps = GF_IMPORT_DEFAULT_FPS; Bool fill_ar, visible, do_uncache, has_command; char *url_arg, *out_arg, *the_cfg, *rti_file, *views, *mosaic; FILE *logfile = NULL; Float scale = 1; #ifndef WIN32 dlopen(NULL, RTLD_NOW|RTLD_GLOBAL); #endif strcpy(the_url, "".""); memset(&user, 0, sizeof(GF_User)); dump_mode = DUMP_NONE; fill_ar = visible = do_uncache = has_command = GF_FALSE; url_arg = out_arg = the_cfg = rti_file = views = mosaic = NULL; nb_times = 0; times[0] = 0; for (i=1; i<(u32) argc; i++) { char *arg = argv[i]; if (!strcmp(arg, ""-c"") || !strcmp(arg, ""-cfg"")) { the_cfg = argv[i+1]; i++; } else if (!strcmp(arg, ""-mem-track"") || !strcmp(arg, ""-mem-track-stack"")) { #ifdef GPAC_MEMORY_TRACKING mem_track = !strcmp(arg, ""-mem-track-stack"") ? GF_MemTrackerBackTrace : GF_MemTrackerSimple; #else fprintf(stderr, ""WARNING - GPAC not compiled with Memory Tracker - ignoring \""%s\""\n"", arg); #endif } else if (!strcmp(arg, ""-gui"")) { gui_mode = 1; } else if (!strcmp(arg, ""-guid"")) { gui_mode = 2; } else if (!strcmp(arg, ""-h"") || !strcmp(arg, ""-help"")) { PrintUsage(); return 0; } } #ifdef GPAC_MEMORY_TRACKING gf_sys_init(mem_track); #else gf_sys_init(GF_MemTrackerNone); #endif gf_sys_set_args(argc, (const char **) argv); cfg_file = gf_cfg_init(the_cfg, NULL); if (!cfg_file) { fprintf(stderr, ""Error: Configuration File not found\n""); return 1; } if (gf_log_set_tools_levels( gf_cfg_get_key(cfg_file, ""General"", ""Logs"") ) != GF_OK) { return 1; } if( gf_cfg_get_key(cfg_file, ""General"", ""Logs"") != NULL ) { logs_set = GF_TRUE; } if (!gui_mode) { str = gf_cfg_get_key(cfg_file, ""General"", ""ForceGUI""); if (str && !strcmp(str, ""yes"")) gui_mode = 1; } for (i=1; i<(u32) argc; i++) { char *arg = argv[i]; if (!strcmp(arg, ""-rti"")) { rti_file = argv[i+1]; i++; } else if (!strcmp(arg, ""-rtix"")) { rti_file = argv[i+1]; i++; use_rtix = GF_TRUE; } else if (!stricmp(arg, ""-size"")) { if (sscanf(argv[i+1], ""%dx%d"", &forced_width, &forced_height) != 2) { forced_width = forced_height = 0; } i++; } else if (!strcmp(arg, ""-quiet"")) { be_quiet = 1; } else if (!strcmp(arg, ""-strict-error"")) { gf_log_set_strict_error(1); } else if (!strcmp(arg, ""-log-file"") || !strcmp(arg, ""-lf"")) { logfile = gf_fopen(argv[i+1], ""wt""); gf_log_set_callback(logfile, on_gpac_log); i++; } else if (!strcmp(arg, ""-logs"") ) { if (gf_log_set_tools_levels(argv[i+1]) != GF_OK) { return 1; } logs_set = GF_TRUE; i++; } else if (!strcmp(arg, ""-log-clock"") || !strcmp(arg, ""-lc"")) { log_time_start = 1; } else if (!strcmp(arg, ""-log-utc"") || !strcmp(arg, ""-lu"")) { log_utc_time = 1; } #if defined(__DARWIN__) || defined(__APPLE__) else if (!strcmp(arg, ""-thread"")) threading_flags = 0; #else else if (!strcmp(arg, ""-no-thread"")) threading_flags = GF_TERM_NO_DECODER_THREAD | GF_TERM_NO_COMPOSITOR_THREAD | GF_TERM_WINDOW_NO_THREAD; #endif else if (!strcmp(arg, ""-no-cthread"") || !strcmp(arg, ""-no-compositor-thread"")) threading_flags |= GF_TERM_NO_COMPOSITOR_THREAD; else if (!strcmp(arg, ""-no-audio"")) no_audio = 1; else if (!strcmp(arg, ""-no-regulation"")) no_regulation = 1; else if (!strcmp(arg, ""-fs"")) start_fs = 1; else if (!strcmp(arg, ""-opt"")) { set_cfg_option(argv[i+1]); i++; } else if (!strcmp(arg, ""-conf"")) { set_cfg_option(argv[i+1]); is_cfg_only=GF_TRUE; i++; } else if (!strcmp(arg, ""-ifce"")) { gf_cfg_set_key(cfg_file, ""Network"", ""DefaultMCastInterface"", argv[i+1]); i++; } else if (!stricmp(arg, ""-help"")) { PrintUsage(); return 1; } else if (!stricmp(arg, ""-noprog"")) { no_prog=1; gf_set_progress_callback(NULL, progress_quiet); } else if (!stricmp(arg, ""-no-save"") || !stricmp(arg, ""--no-save"") ) { no_cfg_save=1; } else if (!stricmp(arg, ""-ntp-shift"")) { s32 shift = atoi(argv[i+1]); i++; gf_net_set_ntp_shift(shift); } else if (!stricmp(arg, ""-run-for"")) { simulation_time_in_ms = atoi(argv[i+1]) * 1000; if (!simulation_time_in_ms) simulation_time_in_ms = 1; i++; } else if (!strcmp(arg, ""-out"")) { out_arg = argv[i+1]; i++; } else if (!stricmp(arg, ""-fps"")) { fps = atof(argv[i+1]); i++; } else if (!strcmp(arg, ""-avi"") || !strcmp(arg, ""-sha"")) { dump_mode &= 0xFFFF0000; if (!strcmp(arg, ""-sha"")) dump_mode |= DUMP_SHA1; else dump_mode |= DUMP_AVI; if ((url_arg || (i+2<(u32)argc)) && get_time_list(argv[i+1], times, &nb_times)) { if (!strcmp(arg, ""-avi"") && (nb_times!=2) ) { fprintf(stderr, ""Only one time arg found for -avi - check usage\n""); return 1; } i++; } } else if (!strcmp(arg, ""-rgbds"")) { dump_mode |= DUMP_RGB_DEPTH_SHAPE; } else if (!strcmp(arg, ""-rgbd"")) { dump_mode |= DUMP_RGB_DEPTH; } else if (!strcmp(arg, ""-depth"")) { dump_mode |= DUMP_DEPTH_ONLY; } else if (!strcmp(arg, ""-bmp"")) { dump_mode &= 0xFFFF0000; dump_mode |= DUMP_BMP; if ((url_arg || (i+2<(u32)argc)) && get_time_list(argv[i+1], times, &nb_times)) i++; } else if (!strcmp(arg, ""-png"")) { dump_mode &= 0xFFFF0000; dump_mode |= DUMP_PNG; if ((url_arg || (i+2<(u32)argc)) && get_time_list(argv[i+1], times, &nb_times)) i++; } else if (!strcmp(arg, ""-raw"")) { dump_mode &= 0xFFFF0000; dump_mode |= DUMP_RAW; if ((url_arg || (i+2<(u32)argc)) && get_time_list(argv[i+1], times, &nb_times)) i++; } else if (!stricmp(arg, ""-scale"")) { sscanf(argv[i+1], ""%f"", &scale); i++; } else if (!strcmp(arg, ""-c"") || !strcmp(arg, ""-cfg"")) { i++; } if (!gui_mode) { if (arg[0] != '-') { if (url_arg) { fprintf(stderr, ""Several input URLs provided (\""%s\"", \""%s\""). Check your command-line.\n"", url_arg, arg); return 1; } url_arg = arg; } else if (!strcmp(arg, ""-loop"")) loop_at_end = 1; else if (!strcmp(arg, ""-bench"")) bench_mode = 1; else if (!strcmp(arg, ""-vbench"")) bench_mode = 2; else if (!strcmp(arg, ""-sbench"")) bench_mode = 3; else if (!strcmp(arg, ""-no-addon"")) enable_add_ons = GF_FALSE; else if (!strcmp(arg, ""-pause"")) pause_at_first = 1; else if (!strcmp(arg, ""-play-from"")) { play_from = atof((const char *) argv[i+1]); i++; } else if (!strcmp(arg, ""-speed"")) { playback_speed = FLT2FIX( atof((const char *) argv[i+1]) ); if (playback_speed <= 0) playback_speed = FIX_ONE; i++; } else if (!strcmp(arg, ""-no-wnd"")) user.init_flags |= GF_TERM_WINDOWLESS; else if (!strcmp(arg, ""-no-back"")) user.init_flags |= GF_TERM_WINDOW_TRANSPARENT; else if (!strcmp(arg, ""-align"")) { if (argv[i+1][0]=='m') align_mode = 1; else if (argv[i+1][0]=='b') align_mode = 2; align_mode <<= 8; if (argv[i+1][1]=='m') align_mode |= 1; else if (argv[i+1][1]=='r') align_mode |= 2; i++; } else if (!strcmp(arg, ""-fill"")) { fill_ar = GF_TRUE; } else if (!strcmp(arg, ""-show"")) { visible = 1; } else if (!strcmp(arg, ""-uncache"")) { do_uncache = GF_TRUE; } else if (!strcmp(arg, ""-exit"")) auto_exit = GF_TRUE; else if (!stricmp(arg, ""-views"")) { views = argv[i+1]; i++; } else if (!stricmp(arg, ""-mosaic"")) { mosaic = argv[i+1]; i++; } else if (!stricmp(arg, ""-com"")) { has_command = GF_TRUE; i++; } else if (!stricmp(arg, ""-service"")) { initial_service_id = atoi(argv[i+1]); i++; } } } if (is_cfg_only) { gf_cfg_del(cfg_file); fprintf(stderr, ""GPAC Config updated\n""); return 0; } if (do_uncache) { const char *cache_dir = gf_cfg_get_key(cfg_file, ""General"", ""CacheDirectory""); do_flatten_cache(cache_dir); fprintf(stderr, ""GPAC Cache dir %s flattened\n"", cache_dir); gf_cfg_del(cfg_file); return 0; } if (dump_mode && !url_arg ) { FILE *test; url_arg = (char *)gf_cfg_get_key(cfg_file, ""General"", ""StartupFile""); test = url_arg ? gf_fopen(url_arg, ""rt"") : NULL; if (!test) url_arg = NULL; else gf_fclose(test); if (!url_arg) { fprintf(stderr, ""Missing argument for dump\n""); PrintUsage(); if (logfile) gf_fclose(logfile); return 1; } } if (!gui_mode && !url_arg && (gf_cfg_get_key(cfg_file, ""General"", ""StartupFile"") != NULL)) { gui_mode=1; } #ifdef WIN32 if (gui_mode==1) { const char *opt; TCHAR buffer[1024]; DWORD res = GetCurrentDirectory(1024, buffer); buffer[res] = 0; opt = gf_cfg_get_key(cfg_file, ""General"", ""ModulesDirectory""); if (strstr(opt, buffer)) { gui_mode=1; } else { gui_mode=2; } } #endif if (gui_mode==1) { hide_shell(1); } if (gui_mode) { no_prog=1; gf_set_progress_callback(NULL, progress_quiet); } if (!url_arg && simulation_time_in_ms) simulation_time_in_ms += gf_sys_clock(); #if defined(__DARWIN__) || defined(__APPLE__) carbon_init(); #endif if (dump_mode) rti_file = NULL; if (!logs_set) { gf_log_set_tool_level(GF_LOG_ALL, GF_LOG_WARNING); } if (rti_file || logfile || log_utc_time || log_time_start) gf_log_set_callback(NULL, on_gpac_log); if (rti_file) init_rti_logs(rti_file, url_arg, use_rtix); { GF_SystemRTInfo rti; if (gf_sys_get_rti(0, &rti, 0)) fprintf(stderr, ""System info: %d MB RAM - %d cores\n"", (u32) (rti.physical_memory/1024/1024), rti.nb_cores); } if (dump_mode) { user.init_flags |= GF_TERM_NO_DECODER_THREAD | GF_TERM_NO_COMPOSITOR_THREAD | GF_TERM_NO_REGULATION; if (!visible) user.init_flags |= GF_TERM_INIT_HIDE; gf_cfg_set_key(cfg_file, ""Audio"", ""DriverName"", ""Raw Audio Output""); no_cfg_save=GF_TRUE; } else { init_w = forced_width; init_h = forced_height; } user.modules = gf_modules_new(NULL, cfg_file); if (user.modules) i = gf_modules_get_count(user.modules); if (!i || !user.modules) { fprintf(stderr, ""Error: no modules found - exiting\n""); if (user.modules) gf_modules_del(user.modules); gf_cfg_del(cfg_file); gf_sys_close(); if (logfile) gf_fclose(logfile); return 1; } fprintf(stderr, ""Modules Found : %d \n"", i); str = gf_cfg_get_key(cfg_file, ""General"", ""GPACVersion""); if (!str || strcmp(str, GPAC_FULL_VERSION)) { gf_cfg_del_section(cfg_file, ""PluginsCache""); gf_cfg_set_key(cfg_file, ""General"", ""GPACVersion"", GPAC_FULL_VERSION); } user.config = cfg_file; user.EventProc = GPAC_EventProc; user.opaque = user.modules; if (threading_flags) user.init_flags |= threading_flags; if (no_audio) user.init_flags |= GF_TERM_NO_AUDIO; if (no_regulation) user.init_flags |= GF_TERM_NO_REGULATION; if (threading_flags & (GF_TERM_NO_DECODER_THREAD|GF_TERM_NO_COMPOSITOR_THREAD) ) term_step = GF_TRUE; if (dump_mode) user.init_flags |= GF_TERM_USE_AUDIO_HW_CLOCK; if (bench_mode) { gf_cfg_discard_changes(user.config); auto_exit = GF_TRUE; gf_cfg_set_key(user.config, ""Audio"", ""DriverName"", ""Raw Audio Output""); if (bench_mode!=2) { gf_cfg_set_key(user.config, ""Video"", ""DriverName"", ""Raw Video Output""); gf_cfg_set_key(user.config, ""RAWVideo"", ""RawOutput"", ""null""); gf_cfg_set_key(user.config, ""Compositor"", ""OpenGLMode"", ""disable""); } else { gf_cfg_set_key(user.config, ""Video"", ""DisableVSync"", ""yes""); } } { char dim[50]; sprintf(dim, ""%d"", forced_width); gf_cfg_set_key(user.config, ""Compositor"", ""DefaultWidth"", forced_width ? dim : NULL); sprintf(dim, ""%d"", forced_height); gf_cfg_set_key(user.config, ""Compositor"", ""DefaultHeight"", forced_height ? dim : NULL); } fprintf(stderr, ""Loading GPAC Terminal\n""); i = gf_sys_clock(); term = gf_term_new(&user); if (!term) { fprintf(stderr, ""\nInit error - check you have at least one video out and one rasterizer...\nFound modules:\n""); list_modules(user.modules); gf_modules_del(user.modules); gf_cfg_discard_changes(cfg_file); gf_cfg_del(cfg_file); gf_sys_close(); if (logfile) gf_fclose(logfile); return 1; } fprintf(stderr, ""Terminal Loaded in %d ms\n"", gf_sys_clock()-i); if (bench_mode) { display_rti = 2; gf_term_set_option(term, GF_OPT_VIDEO_BENCH, (bench_mode==3) ? 2 : 1); if (bench_mode==1) bench_mode=2; } if (dump_mode) { if (fill_ar) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_FILL_SCREEN); } else { str = gf_cfg_get_key(cfg_file, ""Video"", ""DriverName""); if (!bench_mode && !strcmp(str, ""Raw Video Output"")) fprintf(stderr, ""WARNING: using raw output video (memory only) - no display used\n""); str = gf_cfg_get_key(cfg_file, ""Audio"", ""DriverName""); if (!str || !strcmp(str, ""No Audio Output Available"")) fprintf(stderr, ""WARNING: no audio output available - make sure no other program is locking the sound card\n""); str = gf_cfg_get_key(cfg_file, ""General"", ""NoMIMETypeFetch""); no_mime_check = (str && !stricmp(str, ""yes"")) ? 1 : 0; } str = gf_cfg_get_key(cfg_file, ""HTTPProxy"", ""Enabled""); if (str && !strcmp(str, ""yes"")) { str = gf_cfg_get_key(cfg_file, ""HTTPProxy"", ""Name""); if (str) fprintf(stderr, ""HTTP Proxy %s enabled\n"", str); } if (rti_file) { str = gf_cfg_get_key(cfg_file, ""General"", ""RTIRefreshPeriod""); if (str) { rti_update_time_ms = atoi(str); } else { gf_cfg_set_key(cfg_file, ""General"", ""RTIRefreshPeriod"", ""200""); } UpdateRTInfo(""At GPAC load time\n""); } Run = 1; if (dump_mode) { if (!nb_times) { times[0] = 0; nb_times++; } ret_val = dump_file(url_arg, out_arg, dump_mode, fps, forced_width, forced_height, scale, times, nb_times); Run = 0; } else if (views) { } else if (!gui_mode && url_arg) { char *ext; strcpy(the_url, url_arg); ext = strrchr(the_url, '.'); if (ext && (!stricmp(ext, "".m3u"") || !stricmp(ext, "".pls""))) { GF_Err e = GF_OK; fprintf(stderr, ""Opening Playlist %s\n"", the_url); strcpy(pl_path, the_url); if (!strncmp(""http:"", the_url, 5)) { GF_DownloadSession *sess = gf_dm_sess_new(term->downloader, the_url, GF_NETIO_SESSION_NOT_THREADED, NULL, NULL, &e); if (sess) { e = gf_dm_sess_process(sess); if (!e) strcpy(the_url, gf_dm_sess_get_cache_name(sess)); gf_dm_sess_del(sess); } } playlist = e ? NULL : gf_fopen(the_url, ""rt""); readonly_playlist = 1; if (playlist) { request_next_playlist_item = GF_TRUE; } else { if (e) fprintf(stderr, ""Failed to open playlist %s: %s\n"", the_url, gf_error_to_string(e) ); fprintf(stderr, ""Hit 'h' for help\n\n""); } } else { fprintf(stderr, ""Opening URL %s\n"", the_url); if (pause_at_first) fprintf(stderr, ""[Status: Paused]\n""); gf_term_connect_from_time(term, the_url, (u64) (play_from*1000), pause_at_first); } } else { fprintf(stderr, ""Hit 'h' for help\n\n""); str = gf_cfg_get_key(cfg_file, ""General"", ""StartupFile""); if (str) { strcpy(the_url, ""MP4Client ""GPAC_FULL_VERSION); gf_term_connect(term, str); startup_file = 1; is_connected = 1; } } if (gui_mode==2) gui_mode=0; if (start_fs) gf_term_set_option(term, GF_OPT_FULLSCREEN, 1); if (views) { char szTemp[4046]; sprintf(szTemp, ""views://%s"", views); gf_term_connect(term, szTemp); } if (mosaic) { char szTemp[4046]; sprintf(szTemp, ""mosaic://%s"", mosaic); gf_term_connect(term, szTemp); } if (bench_mode) { rti_update_time_ms = 500; bench_mode_start = gf_sys_clock(); } while (Run) { if ((gui_mode==1) || !gf_prompt_has_input()) { if (reload) { reload = 0; gf_term_disconnect(term); gf_term_connect(term, startup_file ? gf_cfg_get_key(cfg_file, ""General"", ""StartupFile"") : the_url); } if (restart && gf_term_get_option(term, GF_OPT_IS_OVER)) { restart = 0; gf_term_play_from_time(term, 0, 0); } if (request_next_playlist_item) { c = '\n'; request_next_playlist_item = 0; goto force_input; } if (has_command && is_connected) { has_command = GF_FALSE; for (i=0; i<(u32)argc; i++) { if (!strcmp(argv[i], ""-com"")) { gf_term_scene_update(term, NULL, argv[i+1]); i++; } } } if (initial_service_id && is_connected) { GF_ObjectManager *root_od = gf_term_get_root_object(term); if (root_od) { gf_term_select_service(term, root_od, initial_service_id); initial_service_id = 0; } } if (!use_rtix || display_rti) UpdateRTInfo(NULL); if (term_step) { gf_term_process_step(term); } else { gf_sleep(rti_update_time_ms); } if (auto_exit && eos_seen && gf_term_get_option(term, GF_OPT_IS_OVER)) { Run = GF_FALSE; } if (simulation_time_in_ms && ( (gf_term_get_elapsed_time_in_ms(term)>simulation_time_in_ms) || (!url_arg && gf_sys_clock()>simulation_time_in_ms)) ) { Run = GF_FALSE; } continue; } c = gf_prompt_get_char(); force_input: switch (c) { case 'q': { GF_Event evt; memset(&evt, 0, sizeof(GF_Event)); evt.type = GF_EVENT_QUIT; gf_term_send_event(term, &evt); } break; case 'X': exit(0); break; case 'Q': break; case 'o': startup_file = 0; gf_term_disconnect(term); fprintf(stderr, ""Enter the absolute URL\n""); if (1 > scanf(""%s"", the_url)) { fprintf(stderr, ""Cannot read absolute URL, aborting\n""); break; } if (rti_file) init_rti_logs(rti_file, the_url, use_rtix); gf_term_connect(term, the_url); break; case 'O': gf_term_disconnect(term); fprintf(stderr, ""Enter the absolute URL to the playlist\n""); if (1 > scanf(""%s"", the_url)) { fprintf(stderr, ""Cannot read the absolute URL, aborting.\n""); break; } playlist = gf_fopen(the_url, ""rt""); if (playlist) { if (1 > fscanf(playlist, ""%s"", the_url)) { fprintf(stderr, ""Cannot read any URL from playlist, aborting.\n""); gf_fclose( playlist); break; } fprintf(stderr, ""Opening URL %s\n"", the_url); gf_term_connect(term, the_url); } break; case '\n': case 'N': if (playlist) { int res; gf_term_disconnect(term); res = fscanf(playlist, ""%s"", the_url); if ((res == EOF) && loop_at_end) { fseek(playlist, 0, SEEK_SET); res = fscanf(playlist, ""%s"", the_url); } if (res == EOF) { fprintf(stderr, ""No more items - exiting\n""); Run = 0; } else if (the_url[0] == '#') { request_next_playlist_item = GF_TRUE; } else { fprintf(stderr, ""Opening URL %s\n"", the_url); gf_term_connect_with_path(term, the_url, pl_path); } } break; case 'P': if (playlist) { u32 count; gf_term_disconnect(term); if (1 > scanf(""%u"", &count)) { fprintf(stderr, ""Cannot read number, aborting.\n""); break; } while (count) { if (fscanf(playlist, ""%s"", the_url)) { fprintf(stderr, ""Failed to read line, aborting\n""); break; } count--; } fprintf(stderr, ""Opening URL %s\n"", the_url); gf_term_connect(term, the_url); } break; case 'r': if (is_connected) reload = 1; break; case 'D': if (is_connected) gf_term_disconnect(term); break; case 'p': if (is_connected) { Bool is_pause = gf_term_get_option(term, GF_OPT_PLAY_STATE); fprintf(stderr, ""[Status: %s]\n"", is_pause ? ""Playing"" : ""Paused""); gf_term_set_option(term, GF_OPT_PLAY_STATE, is_pause ? GF_STATE_PLAYING : GF_STATE_PAUSED); } break; case 's': if (is_connected) { gf_term_set_option(term, GF_OPT_PLAY_STATE, GF_STATE_STEP_PAUSE); fprintf(stderr, ""Step time: ""); PrintTime(gf_term_get_time_in_ms(term)); fprintf(stderr, ""\n""); } break; case 'z': case 'T': if (!CanSeek || (Duration<=2000)) { fprintf(stderr, ""scene not seekable\n""); } else { Double res; s32 seekTo; fprintf(stderr, ""Duration: ""); PrintTime(Duration); res = gf_term_get_time_in_ms(term); if (c=='z') { res *= 100; res /= (s64)Duration; fprintf(stderr, "" (current %.2f %%)\nEnter Seek percentage:\n"", res); if (scanf(""%d"", &seekTo) == 1) { if (seekTo > 100) seekTo = 100; res = (Double)(s64)Duration; res /= 100; res *= seekTo; gf_term_play_from_time(term, (u64) (s64) res, 0); } } else { u32 r, h, m, s; fprintf(stderr, "" - Current Time: ""); PrintTime((u64) res); fprintf(stderr, ""\nEnter seek time (Format: s, m:s or h:m:s):\n""); h = m = s = 0; r =scanf(""%d:%d:%d"", &h, &m, &s); if (r==2) { s = m; m = h; h = 0; } else if (r==1) { s = h; m = h = 0; } if (r && (r<=3)) { u64 time = h*3600 + m*60 + s; gf_term_play_from_time(term, time*1000, 0); } } } break; case 't': { if (is_connected) { fprintf(stderr, ""Current Time: ""); PrintTime(gf_term_get_time_in_ms(term)); fprintf(stderr, "" - Duration: ""); PrintTime(Duration); fprintf(stderr, ""\n""); } } break; case 'w': if (is_connected) PrintWorldInfo(term); break; case 'v': if (is_connected) PrintODList(term, NULL, 0, 0, ""Root""); break; case 'i': if (is_connected) { u32 ID; fprintf(stderr, ""Enter OD ID (0 for main OD): ""); fflush(stderr); if (scanf(""%ud"", &ID) == 1) { ViewOD(term, ID, (u32)-1, NULL); } else { char str_url[GF_MAX_PATH]; if (scanf(""%s"", str_url) == 1) ViewOD(term, 0, (u32)-1, str_url); } } break; case 'j': if (is_connected) { u32 num; do { fprintf(stderr, ""Enter OD number (0 for main OD): ""); fflush(stderr); } while( 1 > scanf(""%ud"", &num)); ViewOD(term, (u32)-1, num, NULL); } break; case 'b': if (is_connected) ViewODs(term, 1); break; case 'm': if (is_connected) ViewODs(term, 0); break; case 'l': list_modules(user.modules); break; case 'n': if (is_connected) set_navigation(); break; case 'x': if (is_connected) gf_term_set_option(term, GF_OPT_NAVIGATION_TYPE, 0); break; case 'd': if (is_connected) { GF_ObjectManager *odm = NULL; char radname[GF_MAX_PATH], *sExt; GF_Err e; u32 i, count, odid; Bool xml_dump, std_out; radname[0] = 0; do { fprintf(stderr, ""Enter Inline OD ID if any or 0 : ""); fflush(stderr); } while( 1 > scanf(""%ud"", &odid)); if (odid) { GF_ObjectManager *root_odm = gf_term_get_root_object(term); if (!root_odm) break; count = gf_term_get_object_count(term, root_odm); for (i=0; iobjectDescriptorID==odid) break; } odm = NULL; } } do { fprintf(stderr, ""Enter file radical name (+\'.x\' for XML dumping) - \""std\"" for stderr: ""); fflush(stderr); } while( 1 > scanf(""%s"", radname)); sExt = strrchr(radname, '.'); xml_dump = 0; if (sExt) { if (!stricmp(sExt, "".x"")) xml_dump = 1; sExt[0] = 0; } std_out = strnicmp(radname, ""std"", 3) ? 0 : 1; e = gf_term_dump_scene(term, std_out ? NULL : radname, NULL, xml_dump, 0, odm); fprintf(stderr, ""Dump done (%s)\n"", gf_error_to_string(e)); } break; case 'c': PrintGPACConfig(); break; case '3': { Bool use_3d = !gf_term_get_option(term, GF_OPT_USE_OPENGL); if (gf_term_set_option(term, GF_OPT_USE_OPENGL, use_3d)==GF_OK) { fprintf(stderr, ""Using %s for 2D drawing\n"", use_3d ? ""OpenGL"" : ""2D rasterizer""); } } break; case 'k': { Bool opt = gf_term_get_option(term, GF_OPT_STRESS_MODE); opt = !opt; fprintf(stderr, ""Turning stress mode %s\n"", opt ? ""on"" : ""off""); gf_term_set_option(term, GF_OPT_STRESS_MODE, opt); } break; case '4': gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_4_3); break; case '5': gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_16_9); break; case '6': gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_FILL_SCREEN); break; case '7': gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_KEEP); break; case 'C': switch (gf_term_get_option(term, GF_OPT_MEDIA_CACHE)) { case GF_MEDIA_CACHE_DISABLED: gf_term_set_option(term, GF_OPT_MEDIA_CACHE, GF_MEDIA_CACHE_ENABLED); break; case GF_MEDIA_CACHE_ENABLED: gf_term_set_option(term, GF_OPT_MEDIA_CACHE, GF_MEDIA_CACHE_DISABLED); break; case GF_MEDIA_CACHE_RUNNING: fprintf(stderr, ""Streaming Cache is running - please stop it first\n""); continue; } switch (gf_term_get_option(term, GF_OPT_MEDIA_CACHE)) { case GF_MEDIA_CACHE_ENABLED: fprintf(stderr, ""Streaming Cache Enabled\n""); break; case GF_MEDIA_CACHE_DISABLED: fprintf(stderr, ""Streaming Cache Disabled\n""); break; case GF_MEDIA_CACHE_RUNNING: fprintf(stderr, ""Streaming Cache Running\n""); break; } break; case 'S': case 'A': if (gf_term_get_option(term, GF_OPT_MEDIA_CACHE)==GF_MEDIA_CACHE_RUNNING) { gf_term_set_option(term, GF_OPT_MEDIA_CACHE, (c=='S') ? GF_MEDIA_CACHE_DISABLED : GF_MEDIA_CACHE_DISCARD); fprintf(stderr, ""Streaming Cache stopped\n""); } else { fprintf(stderr, ""Streaming Cache not running\n""); } break; case 'R': display_rti = !display_rti; ResetCaption(); break; case 'F': if (display_rti) display_rti = 0; else display_rti = 2; ResetCaption(); break; case 'u': { GF_Err e; char szCom[8192]; fprintf(stderr, ""Enter command to send:\n""); fflush(stdin); szCom[0] = 0; if (1 > scanf(""%[^\t\n]"", szCom)) { fprintf(stderr, ""Cannot read command to send, aborting.\n""); break; } e = gf_term_scene_update(term, NULL, szCom); if (e) fprintf(stderr, ""Processing command failed: %s\n"", gf_error_to_string(e)); } break; case 'e': { GF_Err e; char jsCode[8192]; fprintf(stderr, ""Enter JavaScript code to evaluate:\n""); fflush(stdin); jsCode[0] = 0; if (1 > scanf(""%[^\t\n]"", jsCode)) { fprintf(stderr, ""Cannot read code to evaluate, aborting.\n""); break; } e = gf_term_scene_update(term, ""application/ecmascript"", jsCode); if (e) fprintf(stderr, ""Processing JS code failed: %s\n"", gf_error_to_string(e)); } break; case 'L': { char szLog[1024], *cur_logs; cur_logs = gf_log_get_tools_levels(); fprintf(stderr, ""Enter new log level (current tools %s):\n"", cur_logs); gf_free(cur_logs); if (scanf(""%s"", szLog) < 1) { fprintf(stderr, ""Cannot read new log level, aborting.\n""); break; } gf_log_modify_tools_levels(szLog); } break; case 'g': { GF_SystemRTInfo rti; gf_sys_get_rti(rti_update_time_ms, &rti, 0); fprintf(stderr, ""GPAC allocated memory ""LLD""\n"", rti.gpac_memory); } break; case 'M': { u32 size; do { fprintf(stderr, ""Enter new video cache memory in kBytes (current %ud):\n"", gf_term_get_option(term, GF_OPT_VIDEO_CACHE_SIZE)); } while (1 > scanf(""%ud"", &size)); gf_term_set_option(term, GF_OPT_VIDEO_CACHE_SIZE, size); } break; case 'H': { u32 http_bitrate = gf_term_get_option(term, GF_OPT_HTTP_MAX_RATE); do { fprintf(stderr, ""Enter new http bitrate in bps (0 for none) - current limit: %d\n"", http_bitrate); } while (1 > scanf(""%ud"", &http_bitrate)); gf_term_set_option(term, GF_OPT_HTTP_MAX_RATE, http_bitrate); } break; case 'E': gf_term_set_option(term, GF_OPT_RELOAD_CONFIG, 1); break; case 'B': switch_bench(!bench_mode); break; case 'Y': { char szOpt[8192]; fprintf(stderr, ""Enter option to set (Section:Name=Value):\n""); fflush(stdin); szOpt[0] = 0; if (1 > scanf(""%[^\t\n]"", szOpt)) { fprintf(stderr, ""Cannot read option\n""); break; } set_cfg_option(szOpt); } break; case 'Z': { char szFileName[100]; u32 nb_pass, nb_views, offscreen_view = 0; GF_VideoSurface fb; GF_Err e; nb_pass = 1; nb_views = gf_term_get_option(term, GF_OPT_NUM_STEREO_VIEWS); if (nb_views>1) { fprintf(stderr, ""Auto-stereo mode detected - type number of view to dump (0 is main output, 1 to %d offscreen view, %d for all offscreen, %d for all offscreen and main)\n"", nb_views, nb_views+1, nb_views+2); if (scanf(""%d"", &offscreen_view) != 1) { offscreen_view = 0; } if (offscreen_view==nb_views+1) { offscreen_view = 1; nb_pass = nb_views; } else if (offscreen_view==nb_views+2) { offscreen_view = 0; nb_pass = nb_views+1; } } while (nb_pass) { nb_pass--; if (offscreen_view) { sprintf(szFileName, ""view%d_dump.png"", offscreen_view); e = gf_term_get_offscreen_buffer(term, &fb, offscreen_view-1, 0); } else { sprintf(szFileName, ""gpac_video_dump_""LLU"".png"", gf_net_get_utc() ); e = gf_term_get_screen_buffer(term, &fb); } offscreen_view++; if (e) { fprintf(stderr, ""Error dumping screen buffer %s\n"", gf_error_to_string(e) ); nb_pass = 0; } else { #ifndef GPAC_DISABLE_AV_PARSERS u32 dst_size = fb.width*fb.height*4; char *dst = (char*)gf_malloc(sizeof(char)*dst_size); e = gf_img_png_enc(fb.video_buffer, fb.width, fb.height, fb.pitch_y, fb.pixel_format, dst, &dst_size); if (e) { fprintf(stderr, ""Error encoding PNG %s\n"", gf_error_to_string(e) ); nb_pass = 0; } else { FILE *png = gf_fopen(szFileName, ""wb""); if (!png) { fprintf(stderr, ""Error writing file %s\n"", szFileName); nb_pass = 0; } else { gf_fwrite(dst, dst_size, 1, png); gf_fclose(png); fprintf(stderr, ""Dump to %s\n"", szFileName); } } if (dst) gf_free(dst); gf_term_release_screen_buffer(term, &fb); #endif } } fprintf(stderr, ""Done: %s\n"", szFileName); } break; case 'G': { GF_ObjectManager *root_od, *odm; u32 index; char szOpt[8192]; fprintf(stderr, ""Enter 0-based index of object to select or service ID:\n""); fflush(stdin); szOpt[0] = 0; if (1 > scanf(""%[^\t\n]"", szOpt)) { fprintf(stderr, ""Cannot read OD ID\n""); break; } index = atoi(szOpt); odm = NULL; root_od = gf_term_get_root_object(term); if (root_od) { if ( gf_term_find_service(term, root_od, index)) { gf_term_select_service(term, root_od, index); } else { fprintf(stderr, ""Cannot find service %d - trying with object index\n"", index); odm = gf_term_get_object(term, root_od, index); if (odm) { gf_term_select_object(term, odm); } else { fprintf(stderr, ""Cannot find object at index %d\n"", index); } } } } break; case 'h': PrintHelp(); break; default: break; } } if (bench_mode) { PrintAVInfo(GF_TRUE); } if (simulation_time_in_ms) { gf_log_set_strict_error(0); } i = gf_sys_clock(); gf_term_disconnect(term); if (rti_file) UpdateRTInfo(""Disconnected\n""); fprintf(stderr, ""Deleting terminal... ""); if (playlist) gf_fclose(playlist); #if defined(__DARWIN__) || defined(__APPLE__) carbon_uninit(); #endif gf_term_del(term); fprintf(stderr, ""done (in %d ms) - ran for %d ms\n"", gf_sys_clock() - i, gf_sys_clock()); fprintf(stderr, ""GPAC cleanup ...\n""); gf_modules_del(user.modules); if (no_cfg_save) gf_cfg_discard_changes(cfg_file); gf_cfg_del(cfg_file); gf_sys_close(); if (rti_logs) gf_fclose(rti_logs); if (logfile) gf_fclose(logfile); if (gui_mode) { hide_shell(2); } #ifdef GPAC_MEMORY_TRACKING if (mem_track && (gf_memory_size() || gf_file_handles_count() )) { gf_log_set_tool_level(GF_LOG_MEMORY, GF_LOG_INFO); gf_memory_print(); return 2; } #endif return ret_val; }",visit repo url,applications/mp4client/main.c,https://github.com/gpac/gpac,242394218598973,1 2416,CWE-119,"static int http_proxy_open(URLContext *h, const char *uri, int flags) { HTTPContext *s = h->priv_data; char hostname[1024], hoststr[1024]; char auth[1024], pathbuf[1024], *path; char lower_url[100]; int port, ret = 0, attempts = 0; HTTPAuthType cur_auth_type; char *authstr; int new_loc; if( s->seekable == 1 ) h->is_streamed = 0; else h->is_streamed = 1; av_url_split(NULL, 0, auth, sizeof(auth), hostname, sizeof(hostname), &port, pathbuf, sizeof(pathbuf), uri); ff_url_join(hoststr, sizeof(hoststr), NULL, NULL, hostname, port, NULL); path = pathbuf; if (*path == '/') path++; ff_url_join(lower_url, sizeof(lower_url), ""tcp"", NULL, hostname, port, NULL); redo: ret = ffurl_open_whitelist(&s->hd, lower_url, AVIO_FLAG_READ_WRITE, &h->interrupt_callback, NULL, h->protocol_whitelist, h->protocol_blacklist, h); if (ret < 0) return ret; authstr = ff_http_auth_create_response(&s->proxy_auth_state, auth, path, ""CONNECT""); snprintf(s->buffer, sizeof(s->buffer), ""CONNECT %s HTTP/1.1\r\n"" ""Host: %s\r\n"" ""Connection: close\r\n"" ""%s%s"" ""\r\n"", path, hoststr, authstr ? ""Proxy-"" : """", authstr ? authstr : """"); av_freep(&authstr); if ((ret = ffurl_write(s->hd, s->buffer, strlen(s->buffer))) < 0) goto fail; s->buf_ptr = s->buffer; s->buf_end = s->buffer; s->line_count = 0; s->filesize = -1; cur_auth_type = s->proxy_auth_state.auth_type; ret = http_read_header(h, &new_loc); if (ret < 0) goto fail; attempts++; if (s->http_code == 407 && (cur_auth_type == HTTP_AUTH_NONE || s->proxy_auth_state.stale) && s->proxy_auth_state.auth_type != HTTP_AUTH_NONE && attempts < 2) { ffurl_closep(&s->hd); goto redo; } if (s->http_code < 400) return 0; ret = ff_http_averror(s->http_code, AVERROR(EIO)); fail: http_proxy_close(h); return ret; }",visit repo url,libavformat/http.c,https://github.com/FFmpeg/FFmpeg,16975679834108,1 4459,['CWE-264'],"int sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { struct sock *sk = sock->sk; union { int val; struct linger ling; struct timeval tm; } v; unsigned int lv = sizeof(int); int len; if (get_user(len, optlen)) return -EFAULT; if (len < 0) return -EINVAL; memset(&v, 0, sizeof(v)); switch(optname) { case SO_DEBUG: v.val = sock_flag(sk, SOCK_DBG); break; case SO_DONTROUTE: v.val = sock_flag(sk, SOCK_LOCALROUTE); break; case SO_BROADCAST: v.val = !!sock_flag(sk, SOCK_BROADCAST); break; case SO_SNDBUF: v.val = sk->sk_sndbuf; break; case SO_RCVBUF: v.val = sk->sk_rcvbuf; break; case SO_REUSEADDR: v.val = sk->sk_reuse; break; case SO_KEEPALIVE: v.val = !!sock_flag(sk, SOCK_KEEPOPEN); break; case SO_TYPE: v.val = sk->sk_type; break; case SO_ERROR: v.val = -sock_error(sk); if (v.val==0) v.val = xchg(&sk->sk_err_soft, 0); break; case SO_OOBINLINE: v.val = !!sock_flag(sk, SOCK_URGINLINE); break; case SO_NO_CHECK: v.val = sk->sk_no_check; break; case SO_PRIORITY: v.val = sk->sk_priority; break; case SO_LINGER: lv = sizeof(v.ling); v.ling.l_onoff = !!sock_flag(sk, SOCK_LINGER); v.ling.l_linger = sk->sk_lingertime / HZ; break; case SO_BSDCOMPAT: sock_warn_obsolete_bsdism(""getsockopt""); break; case SO_TIMESTAMP: v.val = sock_flag(sk, SOCK_RCVTSTAMP) && !sock_flag(sk, SOCK_RCVTSTAMPNS); break; case SO_TIMESTAMPNS: v.val = sock_flag(sk, SOCK_RCVTSTAMPNS); break; case SO_RCVTIMEO: lv=sizeof(struct timeval); if (sk->sk_rcvtimeo == MAX_SCHEDULE_TIMEOUT) { v.tm.tv_sec = 0; v.tm.tv_usec = 0; } else { v.tm.tv_sec = sk->sk_rcvtimeo / HZ; v.tm.tv_usec = ((sk->sk_rcvtimeo % HZ) * 1000000) / HZ; } break; case SO_SNDTIMEO: lv=sizeof(struct timeval); if (sk->sk_sndtimeo == MAX_SCHEDULE_TIMEOUT) { v.tm.tv_sec = 0; v.tm.tv_usec = 0; } else { v.tm.tv_sec = sk->sk_sndtimeo / HZ; v.tm.tv_usec = ((sk->sk_sndtimeo % HZ) * 1000000) / HZ; } break; case SO_RCVLOWAT: v.val = sk->sk_rcvlowat; break; case SO_SNDLOWAT: v.val=1; break; case SO_PASSCRED: v.val = test_bit(SOCK_PASSCRED, &sock->flags) ? 1 : 0; break; case SO_PEERCRED: if (len > sizeof(sk->sk_peercred)) len = sizeof(sk->sk_peercred); if (copy_to_user(optval, &sk->sk_peercred, len)) return -EFAULT; goto lenout; case SO_PEERNAME: { char address[128]; if (sock->ops->getname(sock, (struct sockaddr *)address, &lv, 2)) return -ENOTCONN; if (lv < len) return -EINVAL; if (copy_to_user(optval, address, len)) return -EFAULT; goto lenout; } case SO_ACCEPTCONN: v.val = sk->sk_state == TCP_LISTEN; break; case SO_PASSSEC: v.val = test_bit(SOCK_PASSSEC, &sock->flags) ? 1 : 0; break; case SO_PEERSEC: return security_socket_getpeersec_stream(sock, optval, optlen, len); case SO_MARK: v.val = sk->sk_mark; break; default: return -ENOPROTOOPT; } if (len > lv) len = lv; if (copy_to_user(optval, &v, len)) return -EFAULT; lenout: if (put_user(len, optlen)) return -EFAULT; return 0; }",linux-2.6,,,43701343279350227734583123578015590540,0 5142,['CWE-20'],"static bool code_segment_valid(struct kvm_vcpu *vcpu) { struct kvm_segment cs; unsigned int cs_rpl; vmx_get_segment(vcpu, &cs, VCPU_SREG_CS); cs_rpl = cs.selector & SELECTOR_RPL_MASK; if (cs.unusable) return false; if (~cs.type & (AR_TYPE_CODE_MASK|AR_TYPE_ACCESSES_MASK)) return false; if (!cs.s) return false; if (cs.type & AR_TYPE_WRITEABLE_MASK) { if (cs.dpl > cs_rpl) return false; } else { if (cs.dpl != cs_rpl) return false; } if (!cs.present) return false; return true; }",linux-2.6,,,15501032962439116409820687223138746054,0 2579,[],"static int grep_sha1(struct grep_opt *opt, const unsigned char *sha1, const char *name, int tree_name_len) { unsigned long size; char *data; enum object_type type; char *to_free = NULL; int hit; data = read_sha1_file(sha1, &type, &size); if (!data) { error(""'%s': unable to read %s"", name, sha1_to_hex(sha1)); return 0; } if (opt->relative && opt->prefix_length) { static char name_buf[PATH_MAX]; char *cp; int name_len = strlen(name) - opt->prefix_length + 1; if (!tree_name_len) name += opt->prefix_length; else { if (ARRAY_SIZE(name_buf) <= name_len) cp = to_free = xmalloc(name_len); else cp = name_buf; memcpy(cp, name, tree_name_len); strcpy(cp + tree_name_len, name + tree_name_len + opt->prefix_length); name = cp; } } hit = grep_buffer(opt, name, data, size); free(data); free(to_free); return hit; }",git,,,95371693657462032066726749150265119181,0 4322,CWE-125,"size_t compile_tree(struct filter_op **fop) { int i = 1; struct filter_op *array = NULL; struct unfold_elm *ue; BUG_IF(tree_root == NULL); fprintf(stdout, "" Unfolding the meta-tree ""); fflush(stdout); unfold_blk(&tree_root); fprintf(stdout, "" done.\n\n""); labels_to_offsets(); TAILQ_FOREACH(ue, &unfolded_tree, next) { if (ue->label == 0) { SAFE_REALLOC(array, i * sizeof(struct filter_op)); memcpy(&array[i - 1], &ue->fop, sizeof(struct filter_op)); i++; } } SAFE_REALLOC(array, i * sizeof(struct filter_op)); array[i - 1].opcode = FOP_EXIT; *fop = array; return (i); }",visit repo url,utils/etterfilter/ef_compiler.c,https://github.com/LocutusOfBorg/ettercap,110325517311445,1 634,[],"const char *dccp_state_name(const int state) { static char *dccp_state_names[] = { [DCCP_OPEN] = ""OPEN"", [DCCP_REQUESTING] = ""REQUESTING"", [DCCP_PARTOPEN] = ""PARTOPEN"", [DCCP_LISTEN] = ""LISTEN"", [DCCP_RESPOND] = ""RESPOND"", [DCCP_CLOSING] = ""CLOSING"", [DCCP_TIME_WAIT] = ""TIME_WAIT"", [DCCP_CLOSED] = ""CLOSED"", }; if (state >= DCCP_MAX_STATES) return ""INVALID STATE!""; else return dccp_state_names[state]; }",linux-2.6,,,45866079977005330704299577920076827788,0 5828,CWE-362,"static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock, pj_status_t status) { if (ssock->timer.id == TIMER_HANDSHAKE_TIMEOUT) { pj_timer_heap_cancel(ssock->param.timer_heap, &ssock->timer); ssock->timer.id = TIMER_NONE; } if (status == PJ_SUCCESS) ssl_update_certs_info(ssock); if (ssock->is_server) { if (status != PJ_SUCCESS) { char buf[PJ_INET6_ADDRSTRLEN+10]; PJ_PERROR(3,(ssock->pool->obj_name, status, ""Handshake failed in accepting %s"", pj_sockaddr_print(&ssock->rem_addr, buf, sizeof(buf), 3))); if (ssock->param.cb.on_accept_complete2) { (*ssock->param.cb.on_accept_complete2) (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr, pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr), status); } #if 1 if (ssock->param.timer_heap) { pj_time_val interval = {0, PJ_SSL_SOCK_DELAYED_CLOSE_TIMEOUT}; pj_status_t status1; ssock->ssl_state = SSL_STATE_NULL; ssl_close_sockets(ssock); if (ssock->timer.id != TIMER_NONE) { pj_timer_heap_cancel(ssock->param.timer_heap, &ssock->timer); } pj_time_val_normalize(&interval); status1 = pj_timer_heap_schedule_w_grp_lock( ssock->param.timer_heap, &ssock->timer, &interval, TIMER_CLOSE, ssock->param.grp_lock); if (status1 != PJ_SUCCESS) { PJ_PERROR(3,(ssock->pool->obj_name, status, ""Failed to schedule a delayed close. "" ""Race condition may occur."")); ssock->timer.id = TIMER_NONE; pj_ssl_sock_close(ssock); } } else { pj_ssl_sock_close(ssock); } #else { pj_ssl_sock_close(ssock); } #endif return PJ_FALSE; } if (ssock->param.cb.on_accept_complete2) { pj_bool_t ret; ret = (*ssock->param.cb.on_accept_complete2) (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr, pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr), status); if (ret == PJ_FALSE) return PJ_FALSE; } else if (ssock->param.cb.on_accept_complete) { pj_bool_t ret; ret = (*ssock->param.cb.on_accept_complete) (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr, pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr)); if (ret == PJ_FALSE) return PJ_FALSE; } } else { if (status != PJ_SUCCESS) { ssl_reset_sock_state(ssock); } if (ssock->param.cb.on_connect_complete) { pj_bool_t ret; ret = (*ssock->param.cb.on_connect_complete)(ssock, status); if (ret == PJ_FALSE) return PJ_FALSE; } } return PJ_TRUE; }",visit repo url,pjlib/src/pj/ssl_sock_imp_common.c,https://github.com/pjsip/pjproject,183556826081753,1 5146,CWE-125,"PyAST_FromNodeObject(const node *n, PyCompilerFlags *flags, PyObject *filename, PyArena *arena) { int i, j, k, num; asdl_seq *stmts = NULL; stmt_ty s; node *ch; struct compiling c; mod_ty res = NULL; c.c_arena = arena; c.c_filename = filename; c.c_normalize = NULL; if (TYPE(n) == encoding_decl) n = CHILD(n, 0); k = 0; switch (TYPE(n)) { case file_input: stmts = _Py_asdl_seq_new(num_stmts(n), arena); if (!stmts) goto out; for (i = 0; i < NCH(n) - 1; i++) { ch = CHILD(n, i); if (TYPE(ch) == NEWLINE) continue; REQ(ch, stmt); num = num_stmts(ch); if (num == 1) { s = ast_for_stmt(&c, ch); if (!s) goto out; asdl_seq_SET(stmts, k++, s); } else { ch = CHILD(ch, 0); REQ(ch, simple_stmt); for (j = 0; j < num; j++) { s = ast_for_stmt(&c, CHILD(ch, j * 2)); if (!s) goto out; asdl_seq_SET(stmts, k++, s); } } } res = Module(stmts, arena); break; case eval_input: { expr_ty testlist_ast; testlist_ast = ast_for_testlist(&c, CHILD(n, 0)); if (!testlist_ast) goto out; res = Expression(testlist_ast, arena); break; } case single_input: if (TYPE(CHILD(n, 0)) == NEWLINE) { stmts = _Py_asdl_seq_new(1, arena); if (!stmts) goto out; asdl_seq_SET(stmts, 0, Pass(n->n_lineno, n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, arena)); if (!asdl_seq_GET(stmts, 0)) goto out; res = Interactive(stmts, arena); } else { n = CHILD(n, 0); num = num_stmts(n); stmts = _Py_asdl_seq_new(num, arena); if (!stmts) goto out; if (num == 1) { s = ast_for_stmt(&c, n); if (!s) goto out; asdl_seq_SET(stmts, 0, s); } else { REQ(n, simple_stmt); for (i = 0; i < NCH(n); i += 2) { if (TYPE(CHILD(n, i)) == NEWLINE) break; s = ast_for_stmt(&c, CHILD(n, i)); if (!s) goto out; asdl_seq_SET(stmts, i / 2, s); } } res = Interactive(stmts, arena); } break; default: PyErr_Format(PyExc_SystemError, ""invalid node %d for PyAST_FromNode"", TYPE(n)); goto out; } out: if (c.c_normalize) { Py_DECREF(c.c_normalize); } return res; }",visit repo url,Python/ast.c,https://github.com/python/cpython,126056246113001,1 5908,CWE-190,"static Jsi_RC jsi_ArrayUnshiftCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this,Jsi_Value **ret, Jsi_Func *funcPtr) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array object""); Jsi_Obj *obj = _this->d.obj; int argc = Jsi_ValueGetLength(interp, args); int curlen = Jsi_ObjGetLength(interp, obj); if (curlen < 0) { Jsi_ObjSetLength(interp, obj, 0); } if (argc <= 0) { Jsi_ValueMakeNumber(interp, ret, 0); return JSI_OK; } Jsi_ObjListifyArray(interp, obj); if (Jsi_ObjArraySizer(interp, obj, curlen+argc)<=0) return Jsi_LogError(""too long""); memmove(obj->arr+argc, obj->arr, (curlen)*sizeof(Jsi_Value*)); obj->arrCnt += argc; int i; for (i = 0; i < argc; ++i) { Jsi_Value *ov = Jsi_ValueArrayIndex(interp, args, i); obj->arr[i] = NULL; if (!ov) { Jsi_LogBug(""Arguments Error""); continue; } obj->arr[i] = ov; Jsi_IncrRefCount(interp, ov); } Jsi_ObjSetLength(interp, obj, curlen+argc); Jsi_ValueMakeNumber(interp, ret, Jsi_ObjGetLength(interp, obj)); return JSI_OK; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,24129134284377,1 4756,CWE-415,"static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* serial) { cac_private_data_t * priv = CAC_DATA(card); SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->serialnr.len) { *serial = card->serialnr; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } if (priv->cac_id_len) { serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR); memcpy(serial->value, priv->cac_id, priv->cac_id_len); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); }",visit repo url,src/libopensc/card-cac.c,https://github.com/OpenSC/OpenSC,194185458772061,1 6658,CWE-787,"static SDL_Surface* Create_Surface_Shaded(int width, int height, SDL_Color fg, SDL_Color bg, Uint32 *color) { const int alignment = Get_Alignement() - 1; SDL_Surface *textbuf; Sint64 size; Uint8 bg_alpha = bg.a; void *pixels, *ptr; Sint64 pitch = width + alignment; pitch += alignment; pitch &= ~alignment; size = height * pitch + sizeof (void *) + alignment; if (size < 0 || size > SDL_MAX_SINT32) { return NULL; } ptr = SDL_malloc((size_t)size); if (ptr == NULL) { return NULL; } pixels = (void *)(((uintptr_t)ptr + sizeof(void *) + alignment) & ~alignment); ((void **)pixels)[-1] = ptr; textbuf = SDL_CreateRGBSurfaceWithFormatFrom(pixels, width, height, 0, pitch, SDL_PIXELFORMAT_INDEX8); if (textbuf == NULL) { SDL_free(ptr); return NULL; } textbuf->flags &= ~SDL_PREALLOC; textbuf->flags |= SDL_SIMD_ALIGNED; SDL_memset(pixels, 0, height * pitch); *color = NUM_GRAYS - 1; if (fg.a != SDL_ALPHA_OPAQUE || bg.a != SDL_ALPHA_OPAQUE) { SDL_SetSurfaceBlendMode(textbuf, SDL_BLENDMODE_BLEND); if (bg.a == SDL_ALPHA_OPAQUE) { bg.a = 0; } } { SDL_Palette *palette = textbuf->format->palette; int rdiff = fg.r - bg.r; int gdiff = fg.g - bg.g; int bdiff = fg.b - bg.b; int adiff = fg.a - bg.a; int sign_r = (rdiff >= 0) ? 1 : 255; int sign_g = (gdiff >= 0) ? 1 : 255; int sign_b = (bdiff >= 0) ? 1 : 255; int sign_a = (adiff >= 0) ? 1 : 255; int i; for (i = 0; i < NUM_GRAYS; ++i) { int tmp_r = i * rdiff; int tmp_g = i * gdiff; int tmp_b = i * bdiff; int tmp_a = i * adiff; palette->colors[i].r = (Uint8)(bg.r + DIVIDE_BY_255_SIGNED(tmp_r, sign_r)); palette->colors[i].g = (Uint8)(bg.g + DIVIDE_BY_255_SIGNED(tmp_g, sign_g)); palette->colors[i].b = (Uint8)(bg.b + DIVIDE_BY_255_SIGNED(tmp_b, sign_b)); palette->colors[i].a = (Uint8)(bg.a + DIVIDE_BY_255_SIGNED(tmp_a, sign_a)); } palette->colors[0].a = bg_alpha; } return textbuf;",visit repo url,SDL_ttf.c,https://github.com/libsdl-org/SDL_ttf,1534688818179,1 267,CWE-264,"static int kvm_ioctl_create_device(struct kvm *kvm, struct kvm_create_device *cd) { struct kvm_device_ops *ops = NULL; struct kvm_device *dev; bool test = cd->flags & KVM_CREATE_DEVICE_TEST; int ret; if (cd->type >= ARRAY_SIZE(kvm_device_ops_table)) return -ENODEV; ops = kvm_device_ops_table[cd->type]; if (ops == NULL) return -ENODEV; if (test) return 0; dev = kzalloc(sizeof(*dev), GFP_KERNEL); if (!dev) return -ENOMEM; dev->ops = ops; dev->kvm = kvm; mutex_lock(&kvm->lock); ret = ops->create(dev, cd->type); if (ret < 0) { mutex_unlock(&kvm->lock); kfree(dev); return ret; } list_add(&dev->vm_node, &kvm->devices); mutex_unlock(&kvm->lock); if (ops->init) ops->init(dev); ret = anon_inode_getfd(ops->name, &kvm_device_fops, dev, O_RDWR | O_CLOEXEC); if (ret < 0) { ops->destroy(dev); mutex_lock(&kvm->lock); list_del(&dev->vm_node); mutex_unlock(&kvm->lock); return ret; } kvm_get_kvm(kvm); cd->fd = ret; return 0; }",visit repo url,virt/kvm/kvm_main.c,https://github.com/torvalds/linux,198685750352073,1 4427,['CWE-264'],"int sock_no_accept(struct socket *sock, struct socket *newsock, int flags) { return -EOPNOTSUPP; }",linux-2.6,,,303953480907564073702468664456362756816,0 5819,CWE-120,"int l2tp_recv(int fd, struct l2tp_packet_t **p, struct in_pktinfo *pkt_info, const char *secret, size_t secret_len) { int n, length; uint8_t *buf; struct l2tp_hdr_t *hdr; struct l2tp_avp_t *avp; struct l2tp_dict_attr_t *da; struct l2tp_attr_t *attr, *RV = NULL; uint8_t *ptr; struct l2tp_packet_t *pack; struct sockaddr_in addr; socklen_t len = sizeof(addr); struct msghdr msg; char msg_control[128]; struct cmsghdr *cmsg; uint16_t orig_avp_len; void *orig_avp_val; *p = NULL; if (pkt_info) { memset(&msg, 0, sizeof(msg)); msg.msg_control = msg_control; msg.msg_controllen = 128; n = recvmsg(fd, &msg, MSG_PEEK); if (n < 0) { if (errno == EAGAIN) return -1; log_error(""l2tp: recvmsg: %s\n"", strerror(errno)); return 0; } for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; cmsg = CMSG_NXTHDR(&msg, cmsg)) { if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_PKTINFO) { memcpy(pkt_info, CMSG_DATA(cmsg), sizeof(*pkt_info)); break; } } } buf = mempool_alloc(buf_pool); if (!buf) { log_emerg(""l2tp: out of memory\n""); return 0; } hdr = (struct l2tp_hdr_t *)buf; ptr = (uint8_t *)(hdr + 1); n = recvfrom(fd, buf, L2TP_MAX_PACKET_SIZE, 0, &addr, &len); if (n < 0) { mempool_free(buf); if (errno == EAGAIN) { return -1; } else if (errno == ECONNREFUSED) { return -2; } log_error(""l2tp: recv: %s\n"", strerror(errno)); return 0; } if (n < 6) { if (conf_verbose) log_warn(""l2tp: short packet received (%i/%zu)\n"", n, sizeof(*hdr)); goto out_err_hdr; } if (hdr->T == 0) goto out_err_hdr; if (n < ntohs(hdr->length)) { if (conf_verbose) log_warn(""l2tp: short packet received (%i/%i)\n"", n, ntohs(hdr->length)); goto out_err_hdr; } if (hdr->ver == 2) { if (hdr->L == 0) { if (conf_verbose) log_warn(""l2tp: incorrect message received (L=0)\n""); if (!conf_avp_permissive) goto out_err_hdr; } if (hdr->S == 0) { if (conf_verbose) log_warn(""l2tp: incorrect message received (S=0)\n""); if (!conf_avp_permissive) goto out_err_hdr; } if (hdr->O == 1) { if (conf_verbose) log_warn(""l2tp: incorrect message received (O=1)\n""); if (!conf_avp_permissive) goto out_err_hdr; } } else if (hdr->ver != 3) { if (conf_verbose) log_warn(""l2tp: protocol version %i is not supported\n"", hdr->ver); goto out_err_hdr; } pack = mempool_alloc(pack_pool); if (!pack) { log_emerg(""l2tp: out of memory\n""); goto out_err_hdr; } memset(pack, 0, sizeof(*pack)); INIT_LIST_HEAD(&pack->attrs); memcpy(&pack->addr, &addr, sizeof(addr)); memcpy(&pack->hdr, hdr, sizeof(*hdr)); length = ntohs(hdr->length) - sizeof(*hdr); while (length) { *(uint16_t *)ptr = ntohs(*(uint16_t *)ptr); avp = (struct l2tp_avp_t *)ptr; if (avp->length > length) { if (conf_verbose) log_warn(""l2tp: incorrect avp received (exceeds message length)\n""); goto out_err; } if (avp->vendor) goto skip; da = l2tp_dict_find_attr_by_id(ntohs(avp->type)); if (!da) { if (conf_verbose) log_warn(""l2tp: unknown avp received (type=%i, M=%u)\n"", ntohs(avp->type), avp->M); if (avp->M && !conf_avp_permissive) goto out_err; } else { if (da->M != -1 && da->M != avp->M) { if (conf_verbose) log_warn(""l2tp: incorrect avp received (type=%i, M=%i, must be %i)\n"", ntohs(avp->type), avp->M, da->M); if (!conf_avp_permissive) goto out_err; } if (da->H != -1 && da->H != avp->H) { if (conf_verbose) log_warn(""l2tp: incorrect avp received (type=%i, H=%i, must be %i)\n"", ntohs(avp->type), avp->H, da->H); if (!conf_avp_permissive) goto out_err; } if (avp->H) { if (!RV) { if (conf_verbose) log_warn(""l2tp: incorrect avp received (type=%i, H=1, but Random-Vector is not received)\n"", ntohs(avp->type)); goto out_err; } if (secret == NULL || secret_len == 0) { log_error(""l2tp: impossible to decode"" "" hidden avp (type %hu): no"" "" secret set)\n"", ntohs(avp->type)); goto out_err; } if (decode_avp(avp, RV, secret, secret_len) < 0) goto out_err; } attr = mempool_alloc(attr_pool); memset(attr, 0, sizeof(*attr)); list_add_tail(&attr->entry, &pack->attrs); if (avp->H) { orig_avp_len = ntohs(*(uint16_t *)avp->val) + sizeof(*avp); orig_avp_val = avp->val + sizeof(uint16_t); } else { orig_avp_len = avp->length; orig_avp_val = avp->val; } attr->attr = da; attr->M = avp->M; attr->H = 0; attr->length = orig_avp_len - sizeof(*avp); if (attr->attr->id == Random_Vector) RV = attr; switch (da->type) { case ATTR_TYPE_INT16: if (orig_avp_len != sizeof(*avp) + 2) goto out_err_len; attr->val.uint16 = ntohs(*(uint16_t *)orig_avp_val); break; case ATTR_TYPE_INT32: if (orig_avp_len != sizeof(*avp) + 4) goto out_err_len; attr->val.uint32 = ntohl(*(uint32_t *)orig_avp_val); break; case ATTR_TYPE_INT64: if (orig_avp_len != sizeof(*avp) + 8) goto out_err_len; attr->val.uint64 = be64toh(*(uint64_t *)orig_avp_val); break; case ATTR_TYPE_OCTETS: attr->val.octets = _malloc(attr->length); if (!attr->val.octets) goto out_err_mem; memcpy(attr->val.octets, orig_avp_val, attr->length); break; case ATTR_TYPE_STRING: attr->val.string = _malloc(attr->length + 1); if (!attr->val.string) goto out_err_mem; memcpy(attr->val.string, orig_avp_val, attr->length); attr->val.string[attr->length] = 0; break; } } skip: ptr += avp->length; length -= avp->length; } *p = pack; mempool_free(buf); return 0; out_err: l2tp_packet_free(pack); out_err_hdr: mempool_free(buf); return 0; out_err_len: if (conf_verbose) log_warn(""l2tp: incorrect avp received (type=%i, incorrect length %i)\n"", ntohs(avp->type), orig_avp_len); goto out_err; out_err_mem: log_emerg(""l2tp: out of memory\n""); goto out_err; }",visit repo url,accel-pppd/ctrl/l2tp/packet.c,https://github.com/accel-ppp/accel-ppp,280151433510241,1 3960,CWE-284,"int socket_accept(int fd, uint16_t port) { #ifdef WIN32 int addr_len; #else socklen_t addr_len; #endif int result; struct sockaddr_in addr; memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_addr.s_addr = htonl(INADDR_ANY); addr.sin_port = htons(port); addr_len = sizeof(addr); result = accept(fd, (struct sockaddr*)&addr, &addr_len); return result; }",visit repo url,common/socket.c,https://github.com/libimobiledevice/libimobiledevice,226358350879951,1 5901,['CWE-909'],"void qdisc_class_hash_remove(struct Qdisc_class_hash *clhash, struct Qdisc_class_common *cl) { hlist_del(&cl->hnode); clhash->hashelems--; }",linux-2.6,,,156825512019296654766985468126144633434,0 560,CWE-119,"int iscsi_decode_text_input( u8 phase, u8 sender, char *textbuf, u32 length, struct iscsi_conn *conn) { struct iscsi_param_list *param_list = conn->param_list; char *tmpbuf, *start = NULL, *end = NULL; tmpbuf = kzalloc(length + 1, GFP_KERNEL); if (!tmpbuf) { pr_err(""Unable to allocate memory for tmpbuf.\n""); return -1; } memcpy(tmpbuf, textbuf, length); tmpbuf[length] = '\0'; start = tmpbuf; end = (start + length); while (start < end) { char *key, *value; struct iscsi_param *param; if (iscsi_extract_key_value(start, &key, &value) < 0) { kfree(tmpbuf); return -1; } pr_debug(""Got key: %s=%s\n"", key, value); if (phase & PHASE_SECURITY) { if (iscsi_check_for_auth_key(key) > 0) { char *tmpptr = key + strlen(key); *tmpptr = '='; kfree(tmpbuf); return 1; } } param = iscsi_check_key(key, phase, sender, param_list); if (!param) { if (iscsi_add_notunderstood_response(key, value, param_list) < 0) { kfree(tmpbuf); return -1; } start += strlen(key) + strlen(value) + 2; continue; } if (iscsi_check_value(param, value) < 0) { kfree(tmpbuf); return -1; } start += strlen(key) + strlen(value) + 2; if (IS_PSTATE_PROPOSER(param)) { if (iscsi_check_proposer_state(param, value) < 0) { kfree(tmpbuf); return -1; } SET_PSTATE_RESPONSE_GOT(param); } else { if (iscsi_check_acceptor_state(param, value, conn) < 0) { kfree(tmpbuf); return -1; } SET_PSTATE_ACCEPTOR(param); } } kfree(tmpbuf); return 0; }",visit repo url,drivers/target/iscsi/iscsi_target_parameters.c,https://github.com/torvalds/linux,10528568080041,1 1802,CWE-200,"static int rtnl_fill_link_ifmap(struct sk_buff *skb, struct net_device *dev) { struct rtnl_link_ifmap map = { .mem_start = dev->mem_start, .mem_end = dev->mem_end, .base_addr = dev->base_addr, .irq = dev->irq, .dma = dev->dma, .port = dev->if_port, }; if (nla_put(skb, IFLA_MAP, sizeof(map), &map)) return -EMSGSIZE; return 0; }",visit repo url,net/core/rtnetlink.c,https://github.com/torvalds/linux,27799453012467,1 2606,['CWE-189'],"static inline int dccp_need_reset(int state) { return state != DCCP_CLOSED && state != DCCP_LISTEN && state != DCCP_REQUESTING; }",linux-2.6,,,283310195510144542404399853561096698260,0 3503,CWE-22,"static char *create_output_name(unsigned char *fname, unsigned char *dir, int lower, int isunix, int utf8) { unsigned char *p, *name, c, *fe, sep, slash; unsigned int x; sep = (isunix) ? '/' : '\\'; slash = (isunix) ? '\\' : '/'; x = strlen((char *) fname); if (utf8) x *= 3; if (dir) x += strlen((char *) dir); if (!(name = (unsigned char *) malloc(x + 2))) { fprintf(stderr, ""out of memory!\n""); return NULL; } *name = '\0'; if (dir) { strcpy((char *) name, (char *) dir); strcat((char *) name, ""/""); } while (*fname == sep) fname++; p = &name[strlen((char *)name)]; fe = &fname[strlen((char *)fname)]; if (utf8) { do { if (fname >= fe) { free(name); return NULL; } if ((c = *fname++) < 0x80) x = c; else { if ((c >= 0xC0) && (c < 0xE0)) { x = (c & 0x1F) << 6; x |= *fname++ & 0x3F; } else if ((c >= 0xE0) && (c < 0xF0)) { x = (c & 0xF) << 12; x |= (*fname++ & 0x3F) << 6; x |= *fname++ & 0x3F; } else x = '?'; } if (x == sep) x = '/'; else if (x == slash) x = '\\'; else if (lower) x = (unsigned int) tolower((int) x); if (x < 0x80) { *p++ = (unsigned char) x; } else if (x < 0x800) { *p++ = 0xC0 | (x >> 6); *p++ = 0x80 | (x & 0x3F); } else { *p++ = 0xE0 | (x >> 12); *p++ = 0x80 | ((x >> 6) & 0x3F); *p++ = 0x80 | (x & 0x3F); } } while (x); } else { do { c = *fname++; if (c == sep) c = '/'; else if (c == slash) c = '\\'; else if (lower) c = (unsigned char) tolower((int) c); } while ((*p++ = c)); } return (char *) name; }",visit repo url,libmspack/src/chmextract.c,https://github.com/kyz/libmspack,139926169124176,1 3937,CWE-668,"readfile( char_u *fname, char_u *sfname, linenr_T from, linenr_T lines_to_skip, linenr_T lines_to_read, exarg_T *eap, int flags) { int fd = 0; int newfile = (flags & READ_NEW); int check_readonly; int filtering = (flags & READ_FILTER); int read_stdin = (flags & READ_STDIN); int read_buffer = (flags & READ_BUFFER); int read_fifo = (flags & READ_FIFO); int set_options = newfile || read_buffer || (eap != NULL && eap->read_edit); linenr_T read_buf_lnum = 1; colnr_T read_buf_col = 0; char_u c; linenr_T lnum = from; char_u *ptr = NULL; char_u *buffer = NULL; char_u *new_buffer = NULL; char_u *line_start = NULL; int wasempty; colnr_T len; long size = 0; char_u *p; off_T filesize = 0; int skip_read = FALSE; #ifdef FEAT_CRYPT char_u *cryptkey = NULL; int did_ask_for_key = FALSE; #endif #ifdef FEAT_PERSISTENT_UNDO context_sha256_T sha_ctx; int read_undo_file = FALSE; #endif int split = 0; #define UNKNOWN 0x0fffffff linenr_T linecnt; int error = FALSE; int ff_error = EOL_UNKNOWN; long linerest = 0; #ifdef UNIX int perm = 0; int swap_mode = -1; #else int perm; #endif int fileformat = 0; int keep_fileformat = FALSE; stat_T st; int file_readonly; linenr_T skip_count = 0; linenr_T read_count = 0; int msg_save = msg_scroll; linenr_T read_no_eol_lnum = 0; int try_mac; int try_dos; int try_unix; int file_rewind = FALSE; #ifdef FEAT_MBYTE int can_retry; linenr_T conv_error = 0; linenr_T illegal_byte = 0; int keep_dest_enc = FALSE; int bad_char_behavior = BAD_REPLACE; char_u *tmpname = NULL; int fio_flags = 0; char_u *fenc; int fenc_alloced; char_u *fenc_next = NULL; int advance_fenc = FALSE; long real_size = 0; # ifdef USE_ICONV iconv_t iconv_fd = (iconv_t)-1; # ifdef FEAT_EVAL int did_iconv = FALSE; # endif # endif int converted = FALSE; int notconverted = FALSE; char_u conv_rest[CONV_RESTLEN]; int conv_restlen = 0; #endif #ifdef FEAT_AUTOCMD buf_T *old_curbuf; char_u *old_b_ffname; char_u *old_b_fname; int using_b_ffname; int using_b_fname; #endif #ifdef FEAT_AUTOCMD au_did_filetype = FALSE; #endif curbuf->b_no_eol_lnum = 0; if (curbuf->b_ffname == NULL && !filtering && fname != NULL && vim_strchr(p_cpo, CPO_FNAMER) != NULL && !(flags & READ_DUMMY)) { if (set_rw_fname(fname, sfname) == FAIL) return FAIL; } #ifdef FEAT_AUTOCMD old_curbuf = curbuf; old_b_ffname = curbuf->b_ffname; old_b_fname = curbuf->b_fname; using_b_ffname = (fname == curbuf->b_ffname) || (sfname == curbuf->b_ffname); using_b_fname = (fname == curbuf->b_fname) || (sfname == curbuf->b_fname); #endif ex_no_reprint = TRUE; need_fileinfo = FALSE; if (sfname == NULL) sfname = fname; #if defined(UNIX) fname = sfname; #endif #ifdef FEAT_AUTOCMD if (!filtering && !read_stdin && !read_buffer) { pos_T pos; pos = curbuf->b_op_start; curbuf->b_op_start.lnum = ((from == 0) ? 1 : from); curbuf->b_op_start.col = 0; if (newfile) { if (apply_autocmds_exarg(EVENT_BUFREADCMD, NULL, sfname, FALSE, curbuf, eap)) #ifdef FEAT_EVAL return aborting() ? FAIL : OK; #else return OK; #endif } else if (apply_autocmds_exarg(EVENT_FILEREADCMD, sfname, sfname, FALSE, NULL, eap)) #ifdef FEAT_EVAL return aborting() ? FAIL : OK; #else return OK; #endif curbuf->b_op_start = pos; } #endif if ((shortmess(SHM_OVER) || curbuf->b_help) && p_verbose == 0) msg_scroll = FALSE; else msg_scroll = TRUE; if (fname != NULL && *fname != NUL) { p = fname + STRLEN(fname); if (after_pathsep(fname, p) || STRLEN(fname) >= MAXPATHL) { filemess(curbuf, fname, (char_u *)_(""Illegal file name""), 0); msg_end(); msg_scroll = msg_save; return FAIL; } } if (!read_stdin && !read_buffer && !read_fifo) { #ifdef UNIX perm = mch_getperm(fname); if (perm >= 0 && !S_ISREG(perm) # ifdef S_ISFIFO && !S_ISFIFO(perm) # endif # ifdef S_ISSOCK && !S_ISSOCK(perm) # endif # ifdef OPEN_CHR_FILES && !(S_ISCHR(perm) && is_dev_fd_file(fname)) # endif ) { int retval = FAIL; if (S_ISDIR(perm)) { filemess(curbuf, fname, (char_u *)_(""is a directory""), 0); retval = NOTDONE; } else filemess(curbuf, fname, (char_u *)_(""is not a file""), 0); msg_end(); msg_scroll = msg_save; return retval; } #endif #if defined(MSWIN) if (!p_odev && mch_nodetype(fname) == NODE_WRITABLE) { filemess(curbuf, fname, (char_u *)_(""is a device (disabled with 'opendevice' option)""), 0); msg_end(); msg_scroll = msg_save; return FAIL; } #endif } set_file_options(set_options, eap); check_readonly = (newfile && (curbuf->b_flags & BF_CHECK_RO)); if (check_readonly && !readonlymode) curbuf->b_p_ro = FALSE; if (newfile && !read_stdin && !read_buffer && !read_fifo) { if (mch_stat((char *)fname, &st) >= 0) { buf_store_time(curbuf, &st, fname); curbuf->b_mtime_read = curbuf->b_mtime; #ifdef UNIX swap_mode = (st.st_mode & 0644) | 0600; #endif #ifdef FEAT_CW_EDITOR (void)GetFSSpecFromPath(curbuf->b_ffname, &curbuf->b_FSSpec); #endif #ifdef VMS curbuf->b_fab_rfm = st.st_fab_rfm; curbuf->b_fab_rat = st.st_fab_rat; curbuf->b_fab_mrs = st.st_fab_mrs; #endif } else { curbuf->b_mtime = 0; curbuf->b_mtime_read = 0; curbuf->b_orig_size = 0; curbuf->b_orig_mode = 0; } curbuf->b_flags &= ~(BF_NEW | BF_NEW_W); } file_readonly = FALSE; if (read_stdin) { #if defined(MSWIN) setmode(0, O_BINARY); #endif } else if (!read_buffer) { #ifdef USE_MCH_ACCESS if ( # ifdef UNIX !(perm & 0222) || # endif mch_access((char *)fname, W_OK)) file_readonly = TRUE; fd = mch_open((char *)fname, O_RDONLY | O_EXTRA, 0); #else if (!newfile || readonlymode || (fd = mch_open((char *)fname, O_RDWR | O_EXTRA, 0)) < 0) { file_readonly = TRUE; fd = mch_open((char *)fname, O_RDONLY | O_EXTRA, 0); } #endif } if (fd < 0) { #ifndef UNIX int isdir_f; #endif msg_scroll = msg_save; #ifndef UNIX isdir_f = (mch_isdir(fname)); perm = mch_getperm(fname); if (isdir_f) { filemess(curbuf, sfname, (char_u *)_(""is a directory""), 0); curbuf->b_p_ro = TRUE; } else #endif if (newfile) { if (perm < 0 #ifdef ENOENT && errno == ENOENT #endif ) { curbuf->b_flags |= BF_NEW; #ifdef FEAT_QUICKFIX if (!bt_dontwrite(curbuf)) #endif { check_need_swap(newfile); #ifdef FEAT_AUTOCMD if (curbuf != old_curbuf || (using_b_ffname && (old_b_ffname != curbuf->b_ffname)) || (using_b_fname && (old_b_fname != curbuf->b_fname))) { EMSG(_(e_auchangedbuf)); return FAIL; } #endif } if (dir_of_file_exists(fname)) filemess(curbuf, sfname, (char_u *)_(""[New File]""), 0); else filemess(curbuf, sfname, (char_u *)_(""[New DIRECTORY]""), 0); #ifdef FEAT_VIMINFO check_marks_read(); #endif #ifdef FEAT_MBYTE if (eap != NULL) set_forced_fenc(eap); #endif #ifdef FEAT_AUTOCMD apply_autocmds_exarg(EVENT_BUFNEWFILE, sfname, sfname, FALSE, curbuf, eap); #endif save_file_ff(curbuf); #if defined(FEAT_AUTOCMD) && defined(FEAT_EVAL) if (aborting()) return FAIL; #endif return OK; } else { filemess(curbuf, sfname, (char_u *)( # ifdef EFBIG (errno == EFBIG) ? _(""[File too big]"") : # endif # ifdef EOVERFLOW (errno == EOVERFLOW) ? _(""[File too big]"") : # endif _(""[Permission Denied]"")), 0); curbuf->b_p_ro = TRUE; } } return FAIL; } if ((check_readonly && file_readonly) || curbuf->b_help) curbuf->b_p_ro = TRUE; if (set_options) { if (!read_buffer) { curbuf->b_p_eol = TRUE; curbuf->b_start_eol = TRUE; } #ifdef FEAT_MBYTE curbuf->b_p_bomb = FALSE; curbuf->b_start_bomb = FALSE; #endif } #ifdef FEAT_QUICKFIX if (!bt_dontwrite(curbuf)) #endif { check_need_swap(newfile); #ifdef FEAT_AUTOCMD if (!read_stdin && (curbuf != old_curbuf || (using_b_ffname && (old_b_ffname != curbuf->b_ffname)) || (using_b_fname && (old_b_fname != curbuf->b_fname)))) { EMSG(_(e_auchangedbuf)); if (!read_buffer) close(fd); return FAIL; } #endif #ifdef UNIX if (swap_mode > 0 && curbuf->b_ml.ml_mfp != NULL && curbuf->b_ml.ml_mfp->mf_fname != NULL) (void)mch_setperm(curbuf->b_ml.ml_mfp->mf_fname, (long)swap_mode); #endif } #if defined(HAS_SWAP_EXISTS_ACTION) if (swap_exists_action == SEA_QUIT) { if (!read_buffer && !read_stdin) close(fd); return FAIL; } #endif ++no_wait_return; curbuf->b_op_start.lnum = ((from == 0) ? 1 : from); curbuf->b_op_start.col = 0; try_mac = (vim_strchr(p_ffs, 'm') != NULL); try_dos = (vim_strchr(p_ffs, 'd') != NULL); try_unix = (vim_strchr(p_ffs, 'x') != NULL); #ifdef FEAT_AUTOCMD if (!read_buffer) { int m = msg_scroll; int n = msg_scrolled; if (!read_stdin) close(fd); msg_scroll = TRUE; if (filtering) apply_autocmds_exarg(EVENT_FILTERREADPRE, NULL, sfname, FALSE, curbuf, eap); else if (read_stdin) apply_autocmds_exarg(EVENT_STDINREADPRE, NULL, sfname, FALSE, curbuf, eap); else if (newfile) apply_autocmds_exarg(EVENT_BUFREADPRE, NULL, sfname, FALSE, curbuf, eap); else apply_autocmds_exarg(EVENT_FILEREADPRE, sfname, sfname, FALSE, NULL, eap); try_mac = (vim_strchr(p_ffs, 'm') != NULL); try_dos = (vim_strchr(p_ffs, 'd') != NULL); try_unix = (vim_strchr(p_ffs, 'x') != NULL); if (msg_scrolled == n) msg_scroll = m; #ifdef FEAT_EVAL if (aborting()) { --no_wait_return; msg_scroll = msg_save; curbuf->b_p_ro = TRUE; return FAIL; } #endif if (!read_stdin && (curbuf != old_curbuf || (using_b_ffname && (old_b_ffname != curbuf->b_ffname)) || (using_b_fname && (old_b_fname != curbuf->b_fname)) || (fd = mch_open((char *)fname, O_RDONLY | O_EXTRA, 0)) < 0)) { --no_wait_return; msg_scroll = msg_save; if (fd < 0) EMSG(_(""E200: *ReadPre autocommands made the file unreadable"")); else EMSG(_(""E201: *ReadPre autocommands must not change current buffer"")); curbuf->b_p_ro = TRUE; return FAIL; } } #endif wasempty = (curbuf->b_ml.ml_flags & ML_EMPTY); if (!recoverymode && !filtering && !(flags & READ_DUMMY)) { if (read_stdin) { #ifndef ALWAYS_USE_GUI mch_msg(_(""Vim: Reading from stdin...\n"")); #endif #ifdef FEAT_GUI if (gui.in_use && !gui.dying && !gui.starting) { p = (char_u *)_(""Reading from stdin...""); gui_write(p, (int)STRLEN(p)); } #endif } else if (!read_buffer) filemess(curbuf, sfname, (char_u *)"""", 0); } msg_scroll = FALSE; linecnt = curbuf->b_ml.ml_line_count; #ifdef FEAT_MBYTE if (eap != NULL && eap->bad_char != 0) { bad_char_behavior = eap->bad_char; if (set_options) curbuf->b_bad_char = eap->bad_char; } else curbuf->b_bad_char = 0; if (eap != NULL && eap->force_enc != 0) { fenc = enc_canonize(eap->cmd + eap->force_enc); fenc_alloced = TRUE; keep_dest_enc = TRUE; } else if (curbuf->b_p_bin) { fenc = (char_u *)""""; fenc_alloced = FALSE; } else if (curbuf->b_help) { char_u firstline[80]; int fc; fenc = (char_u *)""latin1""; c = enc_utf8; if (!c && !read_stdin) { fc = fname[STRLEN(fname) - 1]; if (TOLOWER_ASC(fc) == 'x') { len = read_eintr(fd, firstline, 80); vim_lseek(fd, (off_T)0L, SEEK_SET); for (p = firstline; p < firstline + len; ++p) if (*p >= 0x80) { c = TRUE; break; } } } if (c) { fenc_next = fenc; fenc = (char_u *)""utf-8""; if (!enc_utf8) keep_dest_enc = TRUE; } fenc_alloced = FALSE; } else if (*p_fencs == NUL) { fenc = curbuf->b_p_fenc; fenc_alloced = FALSE; } else { fenc_next = p_fencs; fenc = next_fenc(&fenc_next); fenc_alloced = TRUE; } #endif retry: if (file_rewind) { if (read_buffer) { read_buf_lnum = 1; read_buf_col = 0; } else if (read_stdin || vim_lseek(fd, (off_T)0L, SEEK_SET) != 0) { error = TRUE; goto failed; } while (lnum > from) ml_delete(lnum--, FALSE); file_rewind = FALSE; #ifdef FEAT_MBYTE if (set_options) { curbuf->b_p_bomb = FALSE; curbuf->b_start_bomb = FALSE; } conv_error = 0; #endif } if (keep_fileformat) keep_fileformat = FALSE; else { if (eap != NULL && eap->force_ff != 0) { fileformat = get_fileformat_force(curbuf, eap); try_unix = try_dos = try_mac = FALSE; } else if (curbuf->b_p_bin) fileformat = EOL_UNIX; else if (*p_ffs == NUL) fileformat = get_fileformat(curbuf); else fileformat = EOL_UNKNOWN; } #ifdef FEAT_MBYTE # ifdef USE_ICONV if (iconv_fd != (iconv_t)-1) { iconv_close(iconv_fd); iconv_fd = (iconv_t)-1; } # endif if (advance_fenc) { advance_fenc = FALSE; if (eap != NULL && eap->force_enc != 0) { notconverted = TRUE; conv_error = 0; if (fenc_alloced) vim_free(fenc); fenc = (char_u *)""""; fenc_alloced = FALSE; } else { if (fenc_alloced) vim_free(fenc); if (fenc_next != NULL) { fenc = next_fenc(&fenc_next); fenc_alloced = (fenc_next != NULL); } else { fenc = (char_u *)""""; fenc_alloced = FALSE; } } if (tmpname != NULL) { mch_remove(tmpname); vim_free(tmpname); tmpname = NULL; } } fio_flags = 0; converted = need_conversion(fenc); if (converted) { if (STRCMP(fenc, ENC_UCSBOM) == 0) fio_flags = FIO_UCSBOM; else if (enc_utf8 || STRCMP(p_enc, ""latin1"") == 0) fio_flags = get_fio_flags(fenc); # ifdef WIN3264 if (fio_flags == 0) fio_flags = get_win_fio_flags(fenc); # endif # ifdef MACOS_CONVERT if (fio_flags == 0) fio_flags = get_mac_fio_flags(fenc); # endif # ifdef USE_ICONV if (fio_flags == 0 # ifdef FEAT_EVAL && !did_iconv # endif ) iconv_fd = (iconv_t)my_iconv_open( enc_utf8 ? (char_u *)""utf-8"" : p_enc, fenc); # endif # ifdef FEAT_EVAL if (fio_flags == 0 && !read_stdin && !read_buffer && *p_ccv != NUL && !read_fifo # ifdef USE_ICONV && iconv_fd == (iconv_t)-1 # endif ) { # ifdef USE_ICONV did_iconv = FALSE; # endif if (tmpname == NULL) { tmpname = readfile_charconvert(fname, fenc, &fd); if (tmpname == NULL) { advance_fenc = TRUE; if (fd < 0) { EMSG(_(""E202: Conversion made file unreadable!"")); error = TRUE; goto failed; } goto retry; } } } else # endif { if (fio_flags == 0 # ifdef USE_ICONV && iconv_fd == (iconv_t)-1 # endif ) { advance_fenc = TRUE; goto retry; } } } can_retry = (*fenc != NUL && !read_stdin && !read_fifo && !keep_dest_enc); #endif if (!skip_read) { linerest = 0; filesize = 0; skip_count = lines_to_skip; read_count = lines_to_read; #ifdef FEAT_MBYTE conv_restlen = 0; #endif #ifdef FEAT_PERSISTENT_UNDO read_undo_file = (newfile && (flags & READ_KEEP_UNDO) == 0 && curbuf->b_ffname != NULL && curbuf->b_p_udf && !filtering && !read_fifo && !read_stdin && !read_buffer); if (read_undo_file) sha256_start(&sha_ctx); #endif #ifdef FEAT_CRYPT if (curbuf->b_cryptstate != NULL) { crypt_free_state(curbuf->b_cryptstate); curbuf->b_cryptstate = NULL; } #endif } while (!error && !got_int) { #if VIM_SIZEOF_INT <= 2 if (linerest >= 0x7ff0) { ++split; *ptr = NL; size = 1; } else #endif { if (!skip_read) { #if VIM_SIZEOF_INT > 2 # if defined(SSIZE_MAX) && (SSIZE_MAX < 0x10000L) size = SSIZE_MAX; # else size = 0x10000L; # endif #else size = 0x7ff0L - linerest; #endif for ( ; size >= 10; size = (long)((long_u)size >> 1)) { if ((new_buffer = lalloc((long_u)(size + linerest + 1), FALSE)) != NULL) break; } if (new_buffer == NULL) { do_outofmem_msg((long_u)(size * 2 + linerest + 1)); error = TRUE; break; } if (linerest) mch_memmove(new_buffer, ptr - linerest, (size_t)linerest); vim_free(buffer); buffer = new_buffer; ptr = buffer + linerest; line_start = buffer; #ifdef FEAT_MBYTE real_size = (int)size; # ifdef USE_ICONV if (iconv_fd != (iconv_t)-1) size = size / ICONV_MULT; else # endif if (fio_flags & FIO_LATIN1) size = size / 2; else if (fio_flags & (FIO_UCS2 | FIO_UTF16)) size = (size * 2 / 3) & ~1; else if (fio_flags & FIO_UCS4) size = (size * 2 / 3) & ~3; else if (fio_flags == FIO_UCSBOM) size = size / ICONV_MULT; # ifdef WIN3264 else if (fio_flags & FIO_CODEPAGE) size = size / ICONV_MULT; # endif # ifdef MACOS_CONVERT else if (fio_flags & FIO_MACROMAN) size = size / ICONV_MULT; # endif #endif #ifdef FEAT_MBYTE if (conv_restlen > 0) { mch_memmove(ptr, conv_rest, conv_restlen); ptr += conv_restlen; size -= conv_restlen; } #endif if (read_buffer) { if (read_buf_lnum > from) size = 0; else { int n, ni; long tlen; tlen = 0; for (;;) { p = ml_get(read_buf_lnum) + read_buf_col; n = (int)STRLEN(p); if ((int)tlen + n + 1 > size) { n = (int)(size - tlen); for (ni = 0; ni < n; ++ni) { if (p[ni] == NL) ptr[tlen++] = NUL; else ptr[tlen++] = p[ni]; } read_buf_col += n; break; } else { for (ni = 0; ni < n; ++ni) { if (p[ni] == NL) ptr[tlen++] = NUL; else ptr[tlen++] = p[ni]; } ptr[tlen++] = NL; read_buf_col = 0; if (++read_buf_lnum > from) { if (!curbuf->b_p_eol) --tlen; size = tlen; break; } } } } } else { size = read_eintr(fd, ptr, size); } #ifdef FEAT_CRYPT if (filesize == 0 && size > 0) cryptkey = check_for_cryptkey(cryptkey, ptr, &size, &filesize, newfile, sfname, &did_ask_for_key); if (cryptkey != NULL && curbuf->b_cryptstate != NULL && size > 0) { if (crypt_works_inplace(curbuf->b_cryptstate)) { crypt_decode_inplace(curbuf->b_cryptstate, ptr, size); } else { char_u *newptr = NULL; int decrypted_size; decrypted_size = crypt_decode_alloc( curbuf->b_cryptstate, ptr, size, &newptr); if (size > 0 && decrypted_size == 0) continue; if (linerest == 0) { new_buffer = newptr; } else { long_u new_size; new_size = (long_u)(decrypted_size + linerest + 1); new_buffer = lalloc(new_size, FALSE); if (new_buffer == NULL) { do_outofmem_msg(new_size); error = TRUE; break; } mch_memmove(new_buffer, buffer, linerest); if (newptr != NULL) mch_memmove(new_buffer + linerest, newptr, decrypted_size); } if (new_buffer != NULL) { vim_free(buffer); buffer = new_buffer; new_buffer = NULL; line_start = buffer; ptr = buffer + linerest; } size = decrypted_size; } } #endif if (size <= 0) { if (size < 0) error = TRUE; #ifdef FEAT_MBYTE else if (conv_restlen > 0) { if (fio_flags != 0 # ifdef USE_ICONV || iconv_fd != (iconv_t)-1 # endif ) { if (can_retry) goto rewind_retry; if (conv_error == 0) conv_error = curbuf->b_ml.ml_line_count - linecnt + 1; } else if (illegal_byte == 0) illegal_byte = curbuf->b_ml.ml_line_count - linecnt + 1; if (bad_char_behavior == BAD_DROP) { *(ptr - conv_restlen) = NUL; conv_restlen = 0; } else { if (bad_char_behavior != BAD_KEEP && (fio_flags != 0 # ifdef USE_ICONV || iconv_fd != (iconv_t)-1 # endif )) { while (conv_restlen > 0) { *(--ptr) = bad_char_behavior; --conv_restlen; } } fio_flags = 0; # ifdef USE_ICONV if (iconv_fd != (iconv_t)-1) { iconv_close(iconv_fd); iconv_fd = (iconv_t)-1; } # endif } } #endif } } skip_read = FALSE; #ifdef FEAT_MBYTE if ((filesize == 0 # ifdef FEAT_CRYPT || (cryptkey != NULL && filesize == crypt_get_header_len( crypt_get_method_nr(curbuf))) # endif ) && (fio_flags == FIO_UCSBOM || (!curbuf->b_p_bomb && tmpname == NULL && (*fenc == 'u' || (*fenc == NUL && enc_utf8))))) { char_u *ccname; int blen; if (size < 2 || curbuf->b_p_bin) ccname = NULL; else ccname = check_for_bom(ptr, size, &blen, fio_flags == FIO_UCSBOM ? FIO_ALL : get_fio_flags(fenc)); if (ccname != NULL) { filesize += blen; size -= blen; mch_memmove(ptr, ptr + blen, (size_t)size); if (set_options) { curbuf->b_p_bomb = TRUE; curbuf->b_start_bomb = TRUE; } } if (fio_flags == FIO_UCSBOM) { if (ccname == NULL) { advance_fenc = TRUE; } else { if (fenc_alloced) vim_free(fenc); fenc = ccname; fenc_alloced = FALSE; } skip_read = TRUE; goto retry; } } ptr -= conv_restlen; size += conv_restlen; conv_restlen = 0; #endif if (size <= 0) break; #ifdef FEAT_MBYTE # ifdef USE_ICONV if (iconv_fd != (iconv_t)-1) { const char *fromp; char *top; size_t from_size; size_t to_size; fromp = (char *)ptr; from_size = size; ptr += size; top = (char *)ptr; to_size = real_size - size; while ((iconv(iconv_fd, (void *)&fromp, &from_size, &top, &to_size) == (size_t)-1 && ICONV_ERRNO != ICONV_EINVAL) || from_size > CONV_RESTLEN) { if (can_retry) goto rewind_retry; if (conv_error == 0) conv_error = readfile_linenr(linecnt, ptr, (char_u *)top); ++fromp; --from_size; if (bad_char_behavior == BAD_KEEP) { *top++ = *(fromp - 1); --to_size; } else if (bad_char_behavior != BAD_DROP) { *top++ = bad_char_behavior; --to_size; } } if (from_size > 0) { mch_memmove(conv_rest, (char_u *)fromp, from_size); conv_restlen = (int)from_size; } line_start = ptr - linerest; mch_memmove(line_start, buffer, (size_t)linerest); size = (long)((char_u *)top - ptr); } # endif # ifdef WIN3264 if (fio_flags & FIO_CODEPAGE) { char_u *src, *dst; WCHAR ucs2buf[3]; int ucs2len; int codepage = FIO_GET_CP(fio_flags); int bytelen; int found_bad; char replstr[2]; if (bad_char_behavior > 0) replstr[0] = bad_char_behavior; else replstr[0] = '?'; replstr[1] = NUL; src = ptr + real_size - size; mch_memmove(src, ptr, size); dst = ptr; size = size; while (size > 0) { found_bad = FALSE; # ifdef CP_UTF8 if (codepage == CP_UTF8) { bytelen = (int)utf_ptr2len_len(src, size); if (bytelen > size) { if (bytelen <= CONV_RESTLEN) break; bytelen = size; found_bad = TRUE; } else { int u8c = utf_ptr2char(src); if (u8c > 0xffff || (*src >= 0x80 && bytelen == 1)) found_bad = TRUE; ucs2buf[0] = u8c; ucs2len = 1; } } else # endif { for (bytelen = 1; bytelen <= size && bytelen <= 3; ++bytelen) { ucs2len = MultiByteToWideChar(codepage, MB_ERR_INVALID_CHARS, (LPCSTR)src, bytelen, ucs2buf, 3); if (ucs2len > 0) break; } if (ucs2len == 0) { if (size == 1) break; found_bad = TRUE; bytelen = 1; } } if (!found_bad) { int i; if (enc_utf8) { for (i = 0; i < ucs2len; ++i) dst += utf_char2bytes(ucs2buf[i], dst); } else { BOOL bad = FALSE; int dstlen; dstlen = WideCharToMultiByte(enc_codepage, 0, (LPCWSTR)ucs2buf, ucs2len, (LPSTR)dst, (int)(src - dst), replstr, &bad); if (bad) found_bad = TRUE; else dst += dstlen; } } if (found_bad) { if (can_retry) goto rewind_retry; if (conv_error == 0) conv_error = readfile_linenr(linecnt, ptr, dst); if (bad_char_behavior != BAD_DROP) { if (bad_char_behavior == BAD_KEEP) { mch_memmove(dst, src, bytelen); dst += bytelen; } else *dst++ = bad_char_behavior; } } src += bytelen; size -= bytelen; } if (size > 0) { mch_memmove(conv_rest, src, size); conv_restlen = size; } size = (long)(dst - ptr); } else # endif # ifdef MACOS_CONVERT if (fio_flags & FIO_MACROMAN) { if (macroman2enc(ptr, &size, real_size) == FAIL) goto rewind_retry; } else # endif if (fio_flags != 0) { int u8c; char_u *dest; char_u *tail = NULL; dest = ptr + real_size; if (fio_flags == FIO_LATIN1 || fio_flags == FIO_UTF8) { p = ptr + size; if (fio_flags == FIO_UTF8) { tail = ptr + size - 1; while (tail > ptr && (*tail & 0xc0) == 0x80) --tail; if (tail + utf_byte2len(*tail) <= ptr + size) tail = NULL; else p = tail; } } else if (fio_flags & (FIO_UCS2 | FIO_UTF16)) { p = ptr + (size & ~1); if (size & 1) tail = p; if ((fio_flags & FIO_UTF16) && p > ptr) { if (fio_flags & FIO_ENDIAN_L) { u8c = (*--p << 8); u8c += *--p; } else { u8c = *--p; u8c += (*--p << 8); } if (u8c >= 0xd800 && u8c <= 0xdbff) tail = p; else p += 2; } } else { p = ptr + (size & ~3); if (size & 3) tail = p; } if (tail != NULL) { conv_restlen = (int)((ptr + size) - tail); mch_memmove(conv_rest, (char_u *)tail, conv_restlen); size -= conv_restlen; } while (p > ptr) { if (fio_flags & FIO_LATIN1) u8c = *--p; else if (fio_flags & (FIO_UCS2 | FIO_UTF16)) { if (fio_flags & FIO_ENDIAN_L) { u8c = (*--p << 8); u8c += *--p; } else { u8c = *--p; u8c += (*--p << 8); } if ((fio_flags & FIO_UTF16) && u8c >= 0xdc00 && u8c <= 0xdfff) { int u16c; if (p == ptr) { if (can_retry) goto rewind_retry; if (conv_error == 0) conv_error = readfile_linenr(linecnt, ptr, p); if (bad_char_behavior == BAD_DROP) continue; if (bad_char_behavior != BAD_KEEP) u8c = bad_char_behavior; } if (fio_flags & FIO_ENDIAN_L) { u16c = (*--p << 8); u16c += *--p; } else { u16c = *--p; u16c += (*--p << 8); } u8c = 0x10000 + ((u16c & 0x3ff) << 10) + (u8c & 0x3ff); if (u16c < 0xd800 || u16c > 0xdbff) { if (can_retry) goto rewind_retry; if (conv_error == 0) conv_error = readfile_linenr(linecnt, ptr, p); if (bad_char_behavior == BAD_DROP) continue; if (bad_char_behavior != BAD_KEEP) u8c = bad_char_behavior; } } } else if (fio_flags & FIO_UCS4) { if (fio_flags & FIO_ENDIAN_L) { u8c = (unsigned)*--p << 24; u8c += (unsigned)*--p << 16; u8c += (unsigned)*--p << 8; u8c += *--p; } else { u8c = *--p; u8c += (unsigned)*--p << 8; u8c += (unsigned)*--p << 16; u8c += (unsigned)*--p << 24; } } else { if (*--p < 0x80) u8c = *p; else { len = utf_head_off(ptr, p); p -= len; u8c = utf_ptr2char(p); if (len == 0) { if (can_retry) goto rewind_retry; if (conv_error == 0) conv_error = readfile_linenr(linecnt, ptr, p); if (bad_char_behavior == BAD_DROP) continue; if (bad_char_behavior != BAD_KEEP) u8c = bad_char_behavior; } } } if (enc_utf8) { dest -= utf_char2len(u8c); (void)utf_char2bytes(u8c, dest); } else { --dest; if (u8c >= 0x100) { if (can_retry) goto rewind_retry; if (conv_error == 0) conv_error = readfile_linenr(linecnt, ptr, p); if (bad_char_behavior == BAD_DROP) ++dest; else if (bad_char_behavior == BAD_KEEP) *dest = u8c; else if (eap != NULL && eap->bad_char != 0) *dest = bad_char_behavior; else *dest = 0xBF; } else *dest = u8c; } } line_start = dest - linerest; mch_memmove(line_start, buffer, (size_t)linerest); size = (long)((ptr + real_size) - dest); ptr = dest; } else if (enc_utf8 && !curbuf->b_p_bin) { int incomplete_tail = FALSE; for (p = ptr; ; ++p) { int todo = (int)((ptr + size) - p); int l; if (todo <= 0) break; if (*p >= 0x80) { l = utf_ptr2len_len(p, todo); if (l > todo && !incomplete_tail) { if (p > ptr || filesize > 0) incomplete_tail = TRUE; if (p > ptr) { conv_restlen = todo; mch_memmove(conv_rest, p, conv_restlen); size -= conv_restlen; break; } } if (l == 1 || l > todo) { if (can_retry && !incomplete_tail) break; # ifdef USE_ICONV if (iconv_fd != (iconv_t)-1 && conv_error == 0) conv_error = readfile_linenr(linecnt, ptr, p); # endif if (conv_error == 0 && illegal_byte == 0) illegal_byte = readfile_linenr(linecnt, ptr, p); if (bad_char_behavior == BAD_DROP) { mch_memmove(p, p + 1, todo - 1); --p; --size; } else if (bad_char_behavior != BAD_KEEP) *p = bad_char_behavior; } else p += l - 1; } } if (p < ptr + size && !incomplete_tail) { rewind_retry: # if defined(FEAT_EVAL) && defined(USE_ICONV) if (*p_ccv != NUL && iconv_fd != (iconv_t)-1) did_iconv = TRUE; else # endif advance_fenc = TRUE; file_rewind = TRUE; goto retry; } } #endif filesize += size; if (fileformat == EOL_UNKNOWN) { if (try_dos || try_unix) { if (try_mac) try_mac = 1; for (p = ptr; p < ptr + size; ++p) { if (*p == NL) { if (!try_unix || (try_dos && p > ptr && p[-1] == CAR)) fileformat = EOL_DOS; else fileformat = EOL_UNIX; break; } else if (*p == CAR && try_mac) try_mac++; } if (fileformat == EOL_UNIX && try_mac) { try_mac = 1; try_unix = 1; for (; p >= ptr && *p != CAR; p--) ; if (p >= ptr) { for (p = ptr; p < ptr + size; ++p) { if (*p == NL) try_unix++; else if (*p == CAR) try_mac++; } if (try_mac > try_unix) fileformat = EOL_MAC; } } else if (fileformat == EOL_UNKNOWN && try_mac == 1) fileformat = default_fileformat(); } if (fileformat == EOL_UNKNOWN && try_mac) fileformat = EOL_MAC; if (fileformat == EOL_UNKNOWN) fileformat = default_fileformat(); if (set_options) set_fileformat(fileformat, OPT_LOCAL); } } if (fileformat == EOL_MAC) { --ptr; while (++ptr, --size >= 0) { if ((c = *ptr) != NUL && c != CAR && c != NL) continue; if (c == NUL) *ptr = NL; else if (c == NL) *ptr = CAR; else { if (skip_count == 0) { *ptr = NUL; len = (colnr_T) (ptr - line_start + 1); if (ml_append(lnum, line_start, len, newfile) == FAIL) { error = TRUE; break; } #ifdef FEAT_PERSISTENT_UNDO if (read_undo_file) sha256_update(&sha_ctx, line_start, len); #endif ++lnum; if (--read_count == 0) { error = TRUE; line_start = ptr; break; } } else --skip_count; line_start = ptr + 1; } } } else { --ptr; while (++ptr, --size >= 0) { if ((c = *ptr) != NUL && c != NL) continue; if (c == NUL) *ptr = NL; else { if (skip_count == 0) { *ptr = NUL; len = (colnr_T)(ptr - line_start + 1); if (fileformat == EOL_DOS) { if (ptr > line_start && ptr[-1] == CAR) { ptr[-1] = NUL; --len; } else if (ff_error != EOL_DOS) { if ( try_unix && !read_stdin && (read_buffer || vim_lseek(fd, (off_T)0L, SEEK_SET) == 0)) { fileformat = EOL_UNIX; if (set_options) set_fileformat(EOL_UNIX, OPT_LOCAL); file_rewind = TRUE; keep_fileformat = TRUE; goto retry; } ff_error = EOL_DOS; } } if (ml_append(lnum, line_start, len, newfile) == FAIL) { error = TRUE; break; } #ifdef FEAT_PERSISTENT_UNDO if (read_undo_file) sha256_update(&sha_ctx, line_start, len); #endif ++lnum; if (--read_count == 0) { error = TRUE; line_start = ptr; break; } } else --skip_count; line_start = ptr + 1; } } } linerest = (long)(ptr - line_start); ui_breakcheck(); } failed: if (error && read_count == 0) error = FALSE; if (!error && !got_int && linerest != 0 && !(!curbuf->b_p_bin && fileformat == EOL_DOS && *line_start == Ctrl_Z && ptr == line_start + 1)) { if (set_options) curbuf->b_p_eol = FALSE; *ptr = NUL; len = (colnr_T)(ptr - line_start + 1); if (ml_append(lnum, line_start, len, newfile) == FAIL) error = TRUE; else { #ifdef FEAT_PERSISTENT_UNDO if (read_undo_file) sha256_update(&sha_ctx, line_start, len); #endif read_no_eol_lnum = ++lnum; } } if (set_options) save_file_ff(curbuf); #ifdef FEAT_CRYPT if (curbuf->b_cryptstate != NULL) { crypt_free_state(curbuf->b_cryptstate); curbuf->b_cryptstate = NULL; } if (cryptkey != NULL && cryptkey != curbuf->b_p_key) crypt_free_key(cryptkey); #endif #ifdef FEAT_MBYTE if (set_options) set_string_option_direct((char_u *)""fenc"", -1, fenc, OPT_FREE|OPT_LOCAL, 0); if (fenc_alloced) vim_free(fenc); # ifdef USE_ICONV if (iconv_fd != (iconv_t)-1) { iconv_close(iconv_fd); iconv_fd = (iconv_t)-1; } # endif #endif if (!read_buffer && !read_stdin) close(fd); #ifdef HAVE_FD_CLOEXEC else { int fdflags = fcntl(fd, F_GETFD); if (fdflags >= 0 && (fdflags & FD_CLOEXEC) == 0) (void)fcntl(fd, F_SETFD, fdflags | FD_CLOEXEC); } #endif vim_free(buffer); #ifdef HAVE_DUP if (read_stdin) { close(0); ignored = dup(2); } #endif #ifdef FEAT_MBYTE if (tmpname != NULL) { mch_remove(tmpname); vim_free(tmpname); } #endif --no_wait_return; if (!recoverymode) { if (newfile && wasempty && !(curbuf->b_ml.ml_flags & ML_EMPTY)) { #ifdef FEAT_NETBEANS_INTG netbeansFireChanges = 0; #endif ml_delete(curbuf->b_ml.ml_line_count, FALSE); #ifdef FEAT_NETBEANS_INTG netbeansFireChanges = 1; #endif --linecnt; } linecnt = curbuf->b_ml.ml_line_count - linecnt; if (filesize == 0) linecnt = 0; if (newfile || read_buffer) { redraw_curbuf_later(NOT_VALID); #ifdef FEAT_DIFF diff_invalidate(curbuf); #endif #ifdef FEAT_FOLDING foldUpdateAll(curwin); #endif } else if (linecnt) appended_lines_mark(from, linecnt); #ifndef ALWAYS_USE_GUI if (read_stdin) { settmode(TMODE_RAW); starttermcap(); screenclear(); } #endif if (got_int) { if (!(flags & READ_DUMMY)) { filemess(curbuf, sfname, (char_u *)_(e_interr), 0); if (newfile) curbuf->b_p_ro = TRUE; } msg_scroll = msg_save; #ifdef FEAT_VIMINFO check_marks_read(); #endif return OK; } if (!filtering && !(flags & READ_DUMMY)) { msg_add_fname(curbuf, sfname); c = FALSE; #ifdef UNIX # ifdef S_ISFIFO if (S_ISFIFO(perm)) { STRCAT(IObuff, _(""[fifo/socket]"")); c = TRUE; } # else # ifdef S_IFIFO if ((perm & S_IFMT) == S_IFIFO) { STRCAT(IObuff, _(""[fifo]"")); c = TRUE; } # endif # ifdef S_IFSOCK if ((perm & S_IFMT) == S_IFSOCK) { STRCAT(IObuff, _(""[socket]"")); c = TRUE; } # endif # endif # ifdef OPEN_CHR_FILES if (S_ISCHR(perm)) { STRCAT(IObuff, _(""[character special]"")); c = TRUE; } # endif #endif if (curbuf->b_p_ro) { STRCAT(IObuff, shortmess(SHM_RO) ? _(""[RO]"") : _(""[readonly]"")); c = TRUE; } if (read_no_eol_lnum) { msg_add_eol(); c = TRUE; } if (ff_error == EOL_DOS) { STRCAT(IObuff, _(""[CR missing]"")); c = TRUE; } if (split) { STRCAT(IObuff, _(""[long lines split]"")); c = TRUE; } #ifdef FEAT_MBYTE if (notconverted) { STRCAT(IObuff, _(""[NOT converted]"")); c = TRUE; } else if (converted) { STRCAT(IObuff, _(""[converted]"")); c = TRUE; } #endif #ifdef FEAT_CRYPT if (cryptkey != NULL) { crypt_append_msg(curbuf); c = TRUE; } #endif #ifdef FEAT_MBYTE if (conv_error != 0) { sprintf((char *)IObuff + STRLEN(IObuff), _(""[CONVERSION ERROR in line %ld]""), (long)conv_error); c = TRUE; } else if (illegal_byte > 0) { sprintf((char *)IObuff + STRLEN(IObuff), _(""[ILLEGAL BYTE in line %ld]""), (long)illegal_byte); c = TRUE; } else #endif if (error) { STRCAT(IObuff, _(""[READ ERRORS]"")); c = TRUE; } if (msg_add_fileformat(fileformat)) c = TRUE; #ifdef FEAT_CRYPT if (cryptkey != NULL) msg_add_lines(c, (long)linecnt, filesize - crypt_get_header_len(crypt_get_method_nr(curbuf))); else #endif msg_add_lines(c, (long)linecnt, filesize); vim_free(keep_msg); keep_msg = NULL; msg_scrolled_ign = TRUE; #ifdef ALWAYS_USE_GUI if (read_stdin || read_buffer) p = msg_may_trunc(FALSE, IObuff); else #endif p = msg_trunc_attr(IObuff, FALSE, 0); if (read_stdin || read_buffer || restart_edit != 0 || (msg_scrolled != 0 && !need_wait_return)) set_keep_msg(p, 0); msg_scrolled_ign = FALSE; } if (newfile && (error #ifdef FEAT_MBYTE || conv_error != 0 || (illegal_byte > 0 && bad_char_behavior != BAD_KEEP) #endif )) curbuf->b_p_ro = TRUE; u_clearline(); if (exmode_active) curwin->w_cursor.lnum = from + linecnt; else curwin->w_cursor.lnum = from + 1; check_cursor_lnum(); beginline(BL_WHITE | BL_FIX); curbuf->b_op_start.lnum = from + 1; curbuf->b_op_start.col = 0; curbuf->b_op_end.lnum = from + linecnt; curbuf->b_op_end.col = 0; #ifdef WIN32 if (newfile && !read_stdin && !read_buffer && mch_stat((char *)fname, &st) >= 0) { buf_store_time(curbuf, &st, fname); curbuf->b_mtime_read = curbuf->b_mtime; } #endif } msg_scroll = msg_save; #ifdef FEAT_VIMINFO check_marks_read(); #endif curbuf->b_no_eol_lnum = read_no_eol_lnum; if (flags & READ_KEEP_UNDO) u_find_first_changed(); #ifdef FEAT_PERSISTENT_UNDO if (read_undo_file) { char_u hash[UNDO_HASH_SIZE]; sha256_finish(&sha_ctx, hash); u_read_undo(NULL, hash, fname); } #endif #ifdef FEAT_AUTOCMD if (!read_stdin && !read_fifo && (!read_buffer || sfname != NULL)) { int m = msg_scroll; int n = msg_scrolled; if (set_options) save_file_ff(curbuf); msg_scroll = TRUE; if (filtering) apply_autocmds_exarg(EVENT_FILTERREADPOST, NULL, sfname, FALSE, curbuf, eap); else if (newfile || (read_buffer && sfname != NULL)) { apply_autocmds_exarg(EVENT_BUFREADPOST, NULL, sfname, FALSE, curbuf, eap); if (!au_did_filetype && *curbuf->b_p_ft != NUL) apply_autocmds(EVENT_FILETYPE, curbuf->b_p_ft, curbuf->b_fname, TRUE, curbuf); } else apply_autocmds_exarg(EVENT_FILEREADPOST, sfname, sfname, FALSE, NULL, eap); if (msg_scrolled == n) msg_scroll = m; # ifdef FEAT_EVAL if (aborting()) return FAIL; # endif } #endif if (recoverymode && error) return FAIL; return OK; }",visit repo url,src/fileio.c,https://github.com/vim/vim,207993457669885,1 5618,CWE-125,"count_comp_fors(struct compiling *c, const node *n) { int n_fors = 0; int is_async; count_comp_for: is_async = 0; n_fors++; REQ(n, comp_for); if (TYPE(CHILD(n, 0)) == ASYNC) { is_async = 1; } if (NCH(n) == (5 + is_async)) { n = CHILD(n, 4 + is_async); } else { return n_fors; } count_comp_iter: REQ(n, comp_iter); n = CHILD(n, 0); if (TYPE(n) == comp_for) goto count_comp_for; else if (TYPE(n) == comp_if) { if (NCH(n) == 3) { n = CHILD(n, 2); goto count_comp_iter; } else return n_fors; } PyErr_SetString(PyExc_SystemError, ""logic error in count_comp_fors""); return -1; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,135759560825698,1 2139,CWE-416,"int __mdiobus_register(struct mii_bus *bus, struct module *owner) { struct mdio_device *mdiodev; int i, err; struct gpio_desc *gpiod; if (NULL == bus || NULL == bus->name || NULL == bus->read || NULL == bus->write) return -EINVAL; BUG_ON(bus->state != MDIOBUS_ALLOCATED && bus->state != MDIOBUS_UNREGISTERED); bus->owner = owner; bus->dev.parent = bus->parent; bus->dev.class = &mdio_bus_class; bus->dev.groups = NULL; dev_set_name(&bus->dev, ""%s"", bus->id); err = device_register(&bus->dev); if (err) { pr_err(""mii_bus %s failed to register\n"", bus->id); put_device(&bus->dev); return -EINVAL; } mutex_init(&bus->mdio_lock); gpiod = devm_gpiod_get_optional(&bus->dev, ""reset"", GPIOD_OUT_LOW); if (IS_ERR(gpiod)) { dev_err(&bus->dev, ""mii_bus %s couldn't get reset GPIO\n"", bus->id); device_del(&bus->dev); return PTR_ERR(gpiod); } else if (gpiod) { bus->reset_gpiod = gpiod; gpiod_set_value_cansleep(gpiod, 1); udelay(bus->reset_delay_us); gpiod_set_value_cansleep(gpiod, 0); } if (bus->reset) bus->reset(bus); for (i = 0; i < PHY_MAX_ADDR; i++) { if ((bus->phy_mask & (1 << i)) == 0) { struct phy_device *phydev; phydev = mdiobus_scan(bus, i); if (IS_ERR(phydev) && (PTR_ERR(phydev) != -ENODEV)) { err = PTR_ERR(phydev); goto error; } } } mdiobus_setup_mdiodev_from_board_info(bus, mdiobus_create_device); bus->state = MDIOBUS_REGISTERED; pr_info(""%s: probed\n"", bus->name); return 0; error: while (--i >= 0) { mdiodev = bus->mdio_map[i]; if (!mdiodev) continue; mdiodev->device_remove(mdiodev); mdiodev->device_free(mdiodev); } if (bus->reset_gpiod) gpiod_set_value_cansleep(bus->reset_gpiod, 1); device_del(&bus->dev); return err; }",visit repo url,drivers/net/phy/mdio_bus.c,https://github.com/torvalds/linux,236818755368416,1 2205,['CWE-193'],"void __lock_page_nosync(struct page *page) { DEFINE_WAIT_BIT(wait, &page->flags, PG_locked); __wait_on_bit_lock(page_waitqueue(page), &wait, __sleep_on_page_lock, TASK_UNINTERRUPTIBLE); }",linux-2.6,,,295422316328881173515950076370243110725,0 2418,['CWE-119'],"static void add_header_grep(struct rev_info *revs, const char *field, const char *pattern) { char *pat; const char *prefix; int patlen, fldlen; fldlen = strlen(field); patlen = strlen(pattern); pat = xmalloc(patlen + fldlen + 10); prefix = "".*""; if (*pattern == '^') { prefix = """"; pattern++; } sprintf(pat, ""^%s %s%s"", field, prefix, pattern); add_grep(revs, pat, GREP_PATTERN_HEAD); }",git,,,123032034370783943808646078507069339541,0 3952,CWE-337,"void scramble(FILE* keyFile){ for (int j = 0; j < 16; ++j) { char temp = 0; for (int i = 0; i < 256; ++i) { scrambleAsciiTables[j][i] = i; } if (keyFile != NULL){ int size; char extractedString[BUFFER_SIZE] = """"; while((size = fread(extractedString, 1, BUFFER_SIZE, keyFile)) > 0){ for (int i = 0; i < size; ++i) { temp = scrambleAsciiTables[j][i%256]; scrambleAsciiTables[j][i%256] = scrambleAsciiTables[j][(unsigned char)(extractedString[i])]; scrambleAsciiTables[j][(unsigned char)(extractedString[i])] = temp; } } rewind(keyFile); } else { unsigned char random256; for (int i = 0; i < 10 * 256; ++i) { random256 = generateNumber() ^ passPhrase[passIndex]; passIndex++; passIndex %= 16384; temp = scrambleAsciiTables[j][i%256]; scrambleAsciiTables[j][i%256] = scrambleAsciiTables[j][random256]; scrambleAsciiTables[j][random256] = temp; } } } }",visit repo url,main.c,https://github.com/pfmonville/enigmaX,28140279219783,1 2685,CWE-190,"SPL_METHOD(SplTempFileObject, __construct) { long max_memory = PHP_STREAM_MAX_MEM; char tmp_fname[48]; spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); zend_error_handling error_handling; zend_replace_error_handling(EH_THROW, spl_ce_RuntimeException, &error_handling TSRMLS_CC); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""|l"", &max_memory) == FAILURE) { zend_restore_error_handling(&error_handling TSRMLS_CC); return; } if (max_memory < 0) { intern->file_name = ""php://memory""; intern->file_name_len = 12; } else if (ZEND_NUM_ARGS()) { intern->file_name_len = slprintf(tmp_fname, sizeof(tmp_fname), ""php://temp/maxmemory:%ld"", max_memory); intern->file_name = tmp_fname; } else { intern->file_name = ""php://temp""; intern->file_name_len = 10; } intern->u.file.open_mode = ""wb""; intern->u.file.open_mode_len = 1; intern->u.file.zcontext = NULL; if (spl_filesystem_file_open(intern, 0, 0 TSRMLS_CC) == SUCCESS) { intern->_path_len = 0; intern->_path = estrndup("""", 0); } zend_restore_error_handling(&error_handling TSRMLS_CC); } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,191647847958216,1 5112,['CWE-20'],"static void vmx_set_idt(struct kvm_vcpu *vcpu, struct descriptor_table *dt) { vmcs_write32(GUEST_IDTR_LIMIT, dt->limit); vmcs_writel(GUEST_IDTR_BASE, dt->base); }",linux-2.6,,,295803626261427450500997651381468283253,0 4479,['CWE-264'],"static int __init skfd_init(void) { return pci_register_driver(&skfddi_pci_driver); }",linux-2.6,,,75931167258031332098927641047574193102,0 1325,['CWE-119'],"compare_oid(unsigned long *oid1, unsigned int oid1len, unsigned long *oid2, unsigned int oid2len) { unsigned int i; if (oid1len != oid2len) return 0; else { for (i = 0; i < oid1len; i++) { if (oid1[i] != oid2[i]) return 0; } return 1; } }",linux-2.6,,,283918654010796858097613865317306369469,0 2804,['CWE-264'],"sbni_get_stats( struct net_device *dev ) { return &((struct net_local *) dev->priv)->stats; }",linux-2.6,,,49894935740525396647264216931433876008,0 2782,['CWE-264'],"send_frame( struct net_device *dev ) { struct net_local *nl = (struct net_local *) dev->priv; u32 crc = CRC32_INITIAL; if( nl->state & FL_NEED_RESEND ) { if( nl->trans_errors ) { --nl->trans_errors; if( nl->framelen != 0 ) nl->in_stats.resend_tx_number++; } else { #ifdef CONFIG_SBNI_MULTILINE if( (nl->state & FL_SLAVE) || nl->link ) #endif nl->state |= FL_LINE_DOWN; drop_xmit_queue( dev ); goto do_send; } } else nl->trans_errors = TR_ERROR_COUNT; send_frame_header( dev, &crc ); nl->state |= FL_NEED_RESEND; if( nl->framelen ) { download_data( dev, &crc ); nl->in_stats.all_tx_number++; nl->state |= FL_WAIT_ACK; } outsb( dev->base_addr + DAT, (u8 *)&crc, sizeof crc ); do_send: outb( inb( dev->base_addr + CSR0 ) & ~TR_REQ, dev->base_addr + CSR0 ); if( nl->tx_frameno ) outb( inb( dev->base_addr + CSR0 ) | TR_REQ, dev->base_addr + CSR0 ); }",linux-2.6,,,316419050248934049665807142186174800951,0 5374,CWE-125,"GPMF_ERR IsValidSize(GPMF_stream *ms, uint32_t size) { if (ms) { int32_t nestsize = (int32_t)ms->nest_size[ms->nest_level]; if (nestsize == 0 && ms->nest_level == 0) nestsize = ms->buffer_size_longs; if (size + 2 <= nestsize) return GPMF_OK; } return GPMF_ERROR_BAD_STRUCTURE; }",visit repo url,GPMF_parser.c,https://github.com/gopro/gpmf-parser,203812939871895,1 3397,['CWE-264'],"struct file *nameidata_to_filp(struct nameidata *nd, int flags) { struct file *filp; filp = nd->intent.open.file; if (filp->f_path.dentry == NULL) filp = __dentry_open(nd->dentry, nd->mnt, flags, filp, NULL); else path_release(nd); return filp; }",linux-2.6,,,213284746202509214153035593645995437524,0 5024,CWE-125,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 3113,CWE-125,"void processRequest(struct reqelem * req) { ssize_t n; unsigned int l, m; unsigned char buf[2048]; const unsigned char * p; enum request_type type; struct device * d = devlist; unsigned char rbuf[RESPONSE_BUFFER_SIZE]; unsigned char * rp; unsigned char nrep = 0; time_t t; struct service * newserv = NULL; struct service * serv; n = read(req->socket, buf, sizeof(buf)); if(n<0) { if(errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) return; syslog(LOG_ERR, ""(s=%d) processRequest(): read(): %m"", req->socket); goto error; } if(n==0) { syslog(LOG_INFO, ""(s=%d) request connection closed"", req->socket); goto error; } t = time(NULL); type = buf[0]; p = buf + 1; DECODELENGTH_CHECKLIMIT(l, p, buf + n); if(p+l > buf+n) { syslog(LOG_WARNING, ""bad request (length encoding l=%u n=%u)"", l, (unsigned)n); goto error; } if(l == 0 && type != MINISSDPD_SEARCH_ALL && type != MINISSDPD_GET_VERSION && type != MINISSDPD_NOTIF) { syslog(LOG_WARNING, ""bad request (length=0, type=%d)"", type); goto error; } syslog(LOG_INFO, ""(s=%d) request type=%d str='%.*s'"", req->socket, type, l, p); switch(type) { case MINISSDPD_GET_VERSION: rp = rbuf; CODELENGTH((sizeof(MINISSDPD_VERSION) - 1), rp); memcpy(rp, MINISSDPD_VERSION, sizeof(MINISSDPD_VERSION) - 1); rp += (sizeof(MINISSDPD_VERSION) - 1); if(write_or_buffer(req, rbuf, rp - rbuf) < 0) { syslog(LOG_ERR, ""(s=%d) write: %m"", req->socket); goto error; } break; case MINISSDPD_SEARCH_TYPE: case MINISSDPD_SEARCH_USN: case MINISSDPD_SEARCH_ALL: rp = rbuf+1; while(d && (nrep < 255)) { if(d->t < t) { syslog(LOG_INFO, ""outdated device""); } else { if(d->headers[HEADER_LOCATION].l + d->headers[HEADER_NT].l + d->headers[HEADER_USN].l + 6 + (rp - rbuf) >= (int)sizeof(rbuf)) break; if( (type==MINISSDPD_SEARCH_TYPE && 0==memcmp(d->headers[HEADER_NT].p, p, l)) ||(type==MINISSDPD_SEARCH_USN && 0==memcmp(d->headers[HEADER_USN].p, p, l)) ||(type==MINISSDPD_SEARCH_ALL) ) { m = d->headers[HEADER_LOCATION].l; CODELENGTH(m, rp); memcpy(rp, d->headers[HEADER_LOCATION].p, d->headers[HEADER_LOCATION].l); rp += d->headers[HEADER_LOCATION].l; m = d->headers[HEADER_NT].l; CODELENGTH(m, rp); memcpy(rp, d->headers[HEADER_NT].p, d->headers[HEADER_NT].l); rp += d->headers[HEADER_NT].l; m = d->headers[HEADER_USN].l; CODELENGTH(m, rp); memcpy(rp, d->headers[HEADER_USN].p, d->headers[HEADER_USN].l); rp += d->headers[HEADER_USN].l; nrep++; } } d = d->next; } for(serv = servicelisthead.lh_first; serv && (nrep < 255); serv = serv->entries.le_next) { if(strlen(serv->location) + strlen(serv->st) + strlen(serv->usn) + 6 + (rp - rbuf) >= sizeof(rbuf)) break; if( (type==MINISSDPD_SEARCH_TYPE && 0==strncmp(serv->st, (const char *)p, l)) ||(type==MINISSDPD_SEARCH_USN && 0==strncmp(serv->usn, (const char *)p, l)) ||(type==MINISSDPD_SEARCH_ALL) ) { m = strlen(serv->location); CODELENGTH(m, rp); memcpy(rp, serv->location, m); rp += m; m = strlen(serv->st); CODELENGTH(m, rp); memcpy(rp, serv->st, m); rp += m; m = strlen(serv->usn); CODELENGTH(m, rp); memcpy(rp, serv->usn, m); rp += m; nrep++; } } rbuf[0] = nrep; syslog(LOG_DEBUG, ""(s=%d) response : %d device%s"", req->socket, nrep, (nrep > 1) ? ""s"" : """"); if(write_or_buffer(req, rbuf, rp - rbuf) < 0) { syslog(LOG_ERR, ""(s=%d) write: %m"", req->socket); goto error; } break; case MINISSDPD_SUBMIT: newserv = malloc(sizeof(struct service)); if(!newserv) { syslog(LOG_ERR, ""cannot allocate memory""); goto error; } memset(newserv, 0, sizeof(struct service)); if(containsForbiddenChars(p, l)) { syslog(LOG_ERR, ""bad request (st contains forbidden chars)""); goto error; } newserv->st = malloc(l + 1); if(!newserv->st) { syslog(LOG_ERR, ""cannot allocate memory""); goto error; } memcpy(newserv->st, p, l); newserv->st[l] = '\0'; p += l; if(p >= buf + n) { syslog(LOG_WARNING, ""bad request (missing usn)""); goto error; } DECODELENGTH_CHECKLIMIT(l, p, buf + n); if(p+l > buf+n) { syslog(LOG_WARNING, ""bad request (length encoding)""); goto error; } if(containsForbiddenChars(p, l)) { syslog(LOG_ERR, ""bad request (usn contains forbidden chars)""); goto error; } syslog(LOG_INFO, ""usn='%.*s'"", l, p); newserv->usn = malloc(l + 1); if(!newserv->usn) { syslog(LOG_ERR, ""cannot allocate memory""); goto error; } memcpy(newserv->usn, p, l); newserv->usn[l] = '\0'; p += l; DECODELENGTH_CHECKLIMIT(l, p, buf + n); if(p+l > buf+n) { syslog(LOG_WARNING, ""bad request (length encoding)""); goto error; } if(containsForbiddenChars(p, l)) { syslog(LOG_ERR, ""bad request (server contains forbidden chars)""); goto error; } syslog(LOG_INFO, ""server='%.*s'"", l, p); newserv->server = malloc(l + 1); if(!newserv->server) { syslog(LOG_ERR, ""cannot allocate memory""); goto error; } memcpy(newserv->server, p, l); newserv->server[l] = '\0'; p += l; DECODELENGTH_CHECKLIMIT(l, p, buf + n); if(p+l > buf+n) { syslog(LOG_WARNING, ""bad request (length encoding)""); goto error; } if(containsForbiddenChars(p, l)) { syslog(LOG_ERR, ""bad request (location contains forbidden chars)""); goto error; } syslog(LOG_INFO, ""location='%.*s'"", l, p); newserv->location = malloc(l + 1); if(!newserv->location) { syslog(LOG_ERR, ""cannot allocate memory""); goto error; } memcpy(newserv->location, p, l); newserv->location[l] = '\0'; for(serv = servicelisthead.lh_first; serv; serv = serv->entries.le_next) { if(0 == strcmp(newserv->usn, serv->usn) && 0 == strcmp(newserv->st, serv->st)) { syslog(LOG_INFO, ""Service already in the list. Updating...""); free(newserv->st); free(newserv->usn); free(serv->server); serv->server = newserv->server; free(serv->location); serv->location = newserv->location; free(newserv); newserv = NULL; return; } } LIST_INSERT_HEAD(&servicelisthead, newserv, entries); sendNotifications(NOTIF_NEW, NULL, newserv); newserv = NULL; break; case MINISSDPD_NOTIF: rbuf[0] = '\0'; if(write_or_buffer(req, rbuf, 1) < 0) { syslog(LOG_ERR, ""(s=%d) write: %m"", req->socket); goto error; } req->is_notify = 1; break; default: syslog(LOG_WARNING, ""Unknown request type %d"", type); rbuf[0] = '\0'; if(write_or_buffer(req, rbuf, 1) < 0) { syslog(LOG_ERR, ""(s=%d) write: %m"", req->socket); goto error; } } return; error: if(newserv) { free(newserv->st); free(newserv->usn); free(newserv->server); free(newserv->location); free(newserv); newserv = NULL; } close(req->socket); req->socket = -1; return; }",visit repo url,minissdpd/minissdpd.c,https://github.com/miniupnp/miniupnp,198611038774040,1 1263,NVD-CWE-Other,"__u32 secure_ip_id(__be32 daddr) { struct keydata *keyptr; __u32 hash[4]; keyptr = get_keyptr(); hash[0] = (__force __u32)daddr; hash[1] = keyptr->secret[9]; hash[2] = keyptr->secret[10]; hash[3] = keyptr->secret[11]; return half_md4_transform(hash, keyptr->secret); }",visit repo url,drivers/char/random.c,https://github.com/torvalds/linux,42838898267815,1 4497,CWE-476,"void gitn_box_del(GF_Box *s) { u32 i; GroupIdToNameBox *ptr = (GroupIdToNameBox *)s; if (ptr == NULL) return; for (i=0; inb_entries; i++) { if (ptr->entries[i].name) gf_free(ptr->entries[i].name); } if (ptr->entries) gf_free(ptr->entries); gf_free(ptr);",visit repo url,src/isomedia/box_code_base.c,https://github.com/gpac/gpac,113231560299700,1 4457,CWE-787,"static void WritePixels(struct ngiflib_img * i, struct ngiflib_decode_context * context, const u8 * pixels, u16 n) { u16 tocopy; struct ngiflib_gif * p = i->parent; while(n > 0) { tocopy = (context->Xtogo < n) ? context->Xtogo : n; if(!i->gce.transparent_flag) { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif ngiflib_memcpy(context->frbuff_p.p8, pixels, tocopy); pixels += tocopy; context->frbuff_p.p8 += tocopy; #ifndef NGIFLIB_INDEXED_ONLY } else { int j; for(j = (int)tocopy; j > 0; j--) { *(context->frbuff_p.p32++) = GifIndexToTrueColor(i->palette, *pixels++); } } #endif } else { int j; #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif for(j = (int)tocopy; j > 0; j--) { if(*pixels != i->gce.transparent_color) *context->frbuff_p.p8 = *pixels; pixels++; context->frbuff_p.p8++; } #ifndef NGIFLIB_INDEXED_ONLY } else { for(j = (int)tocopy; j > 0; j--) { if(*pixels != i->gce.transparent_color) { *context->frbuff_p.p32 = GifIndexToTrueColor(i->palette, *pixels); } pixels++; context->frbuff_p.p32++; } } #endif } context->Xtogo -= tocopy; if(context->Xtogo == 0) { #ifdef NGIFLIB_ENABLE_CALLBACKS if(p->line_cb) p->line_cb(p, context->line_p, context->curY); #endif context->Xtogo = i->width; switch(context->pass) { case 0: context->curY++; break; case 1: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 4; } break; case 2: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 2; } break; case 3: context->curY += 4; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 1; } break; case 4: context->curY += 2; break; } #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width; context->frbuff_p.p8 = context->line_p.p8 + i->posX; #else context->frbuff_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width + i->posX; #endif #ifndef NGIFLIB_INDEXED_ONLY } else { #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width; context->frbuff_p.p32 = context->line_p.p32 + i->posX; #else context->frbuff_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width + i->posX; #endif } #endif } n -= tocopy; } }",visit repo url,ngiflib.c,https://github.com/miniupnp/ngiflib,251883954057110,1 1326,CWE-119,"static __u8 *nci_extract_rf_params_nfcb_passive_poll(struct nci_dev *ndev, struct rf_tech_specific_params_nfcb_poll *nfcb_poll, __u8 *data) { nfcb_poll->sensb_res_len = *data++; pr_debug(""sensb_res_len %d\n"", nfcb_poll->sensb_res_len); memcpy(nfcb_poll->sensb_res, data, nfcb_poll->sensb_res_len); data += nfcb_poll->sensb_res_len; return data; }",visit repo url,net/nfc/nci/ntf.c,https://github.com/torvalds/linux,144493197076013,1 3498,CWE-119,"t1mac_output_ascii(char *s, int len) { if (blocktyp == POST_BINARY) { output_current_post(); blocktyp = POST_ASCII; } if (len > 0 && s[len-1] == '\n') s[len-1] = '\r'; t1mac_output_data((byte *)s, len); if (strncmp(s, ""/FontName"", 9) == 0) { for (s += 9; isspace(*s); s++) ; if (*s == '/') { const char *t = ++s; while (*t && !isspace(*t)) t++; free(font_name); font_name = (char *)malloc(t - s + 1); memcpy(font_name, s, t - s); font_name[t - s] = 0; } } }",visit repo url,t1mac.c,https://github.com/kohler/t1utils,238320213801099,1 945,['CWE-200'],"static inline void shmem_unacct_blocks(unsigned long flags, long pages) { if (!(flags & VM_ACCOUNT)) vm_unacct_memory(pages * VM_ACCT(PAGE_CACHE_SIZE)); }",linux-2.6,,,272113203082001298952720303422826356954,0 1206,['CWE-189'],"static int __sched do_nanosleep(struct hrtimer_sleeper *t, enum hrtimer_mode mode) { hrtimer_init_sleeper(t, current); do { set_current_state(TASK_INTERRUPTIBLE); hrtimer_start(&t->timer, t->timer.expires, mode); if (likely(t->task)) schedule(); hrtimer_cancel(&t->timer); mode = HRTIMER_MODE_ABS; } while (t->task && !signal_pending(current)); return t->task == NULL; }",linux-2.6,,,206938670380781174086809870583443854893,0 322,CWE-362,"static void fanout_release(struct sock *sk) { struct packet_sock *po = pkt_sk(sk); struct packet_fanout *f; f = po->fanout; if (!f) return; mutex_lock(&fanout_mutex); po->fanout = NULL; if (atomic_dec_and_test(&f->sk_ref)) { list_del(&f->list); dev_remove_pack(&f->prot_hook); fanout_release_data(f); kfree(f); } mutex_unlock(&fanout_mutex); if (po->rollover) kfree_rcu(po->rollover, rcu); }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,275294292619058,1 2165,CWE-326,"static inline u32 net_hash_mix(const struct net *net) { #ifdef CONFIG_NET_NS return (u32)(((unsigned long)net) >> ilog2(sizeof(*net))); #else return 0; #endif }",visit repo url,include/net/netns/hash.h,https://github.com/torvalds/linux,228240872492288,1 4934,['CWE-20'],"static int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname) { struct pagevec lru_pvec; struct page *page; char *kaddr; struct iattr attr; unsigned int pathlen = strlen(symname); int error; dfprintk(VFS, ""NFS: symlink(%s/%ld, %s, %s)\n"", dir->i_sb->s_id, dir->i_ino, dentry->d_name.name, symname); if (pathlen > PAGE_SIZE) return -ENAMETOOLONG; attr.ia_mode = S_IFLNK | S_IRWXUGO; attr.ia_valid = ATTR_MODE; lock_kernel(); page = alloc_page(GFP_HIGHUSER); if (!page) { unlock_kernel(); return -ENOMEM; } kaddr = kmap_atomic(page, KM_USER0); memcpy(kaddr, symname, pathlen); if (pathlen < PAGE_SIZE) memset(kaddr + pathlen, 0, PAGE_SIZE - pathlen); kunmap_atomic(kaddr, KM_USER0); nfs_begin_data_update(dir); error = NFS_PROTO(dir)->symlink(dir, dentry, page, pathlen, &attr); nfs_end_data_update(dir); if (error != 0) { dfprintk(VFS, ""NFS: symlink(%s/%ld, %s, %s) error %d\n"", dir->i_sb->s_id, dir->i_ino, dentry->d_name.name, symname, error); d_drop(dentry); __free_page(page); unlock_kernel(); return error; } pagevec_init(&lru_pvec, 0); if (!add_to_page_cache(page, dentry->d_inode->i_mapping, 0, GFP_KERNEL)) { pagevec_add(&lru_pvec, page); pagevec_lru_add(&lru_pvec); SetPageUptodate(page); unlock_page(page); } else __free_page(page); unlock_kernel(); return 0; }",linux-2.6,,,143703669511342842137846431129513612611,0 6515,['CWE-20'],"emulate_syscall(struct x86_emulate_ctxt *ctxt) { struct decode_cache *c = &ctxt->decode; struct kvm_segment cs, ss; u64 msr_data; if (c->lock_prefix || ctxt->mode == X86EMUL_MODE_REAL || !(ctxt->vcpu->arch.cr0 & X86_CR0_PE)) return -1; setup_syscalls_segments(ctxt, &cs, &ss); kvm_x86_ops->get_msr(ctxt->vcpu, MSR_STAR, &msr_data); msr_data >>= 32; cs.selector = (u16)(msr_data & 0xfffc); ss.selector = (u16)(msr_data + 8); if (is_long_mode(ctxt->vcpu)) { cs.db = 0; cs.l = 1; } kvm_x86_ops->set_segment(ctxt->vcpu, &cs, VCPU_SREG_CS); kvm_x86_ops->set_segment(ctxt->vcpu, &ss, VCPU_SREG_SS); c->regs[VCPU_REGS_RCX] = c->eip; if (is_long_mode(ctxt->vcpu)) { #ifdef CONFIG_X86_64 c->regs[VCPU_REGS_R11] = ctxt->eflags & ~EFLG_RF; kvm_x86_ops->get_msr(ctxt->vcpu, ctxt->mode == X86EMUL_MODE_PROT64 ? MSR_LSTAR : MSR_CSTAR, &msr_data); c->eip = msr_data; kvm_x86_ops->get_msr(ctxt->vcpu, MSR_SYSCALL_MASK, &msr_data); ctxt->eflags &= ~(msr_data | EFLG_RF); #endif } else { kvm_x86_ops->get_msr(ctxt->vcpu, MSR_STAR, &msr_data); c->eip = (u32)msr_data; ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF); } return 0; }",kvm,,,82639604199765421715150639369474835811,0 2291,CWE-835,"static void check_preempt_curr(struct rq *rq, struct task_struct *p, int flags) { const struct sched_class *class; if (p->sched_class == rq->curr->sched_class) { rq->curr->sched_class->check_preempt_curr(rq, p, flags); } else { for_each_class(class) { if (class == rq->curr->sched_class) break; if (class == p->sched_class) { resched_task(rq->curr); break; } } } if (test_tsk_need_resched(rq->curr)) rq->skip_clock_update = 1; }",visit repo url,kernel/sched.c,https://github.com/torvalds/linux,209059550296917,1 5677,['CWE-476'],"static int udpv6_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct inet_sock *inet = inet_sk(sk); struct sk_buff *skb; size_t copied; int err; if (addr_len) *addr_len=sizeof(struct sockaddr_in6); if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len); try_again: skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len - sizeof(struct udphdr); if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } if (skb->ip_summed==CHECKSUM_UNNECESSARY) { err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov, copied); } else if (msg->msg_flags&MSG_TRUNC) { if (__skb_checksum_complete(skb)) goto csum_copy_err; err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov, copied); } else { err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (err) goto out_free; sock_recv_timestamp(msg, sk, skb); if (msg->msg_name) { struct sockaddr_in6 *sin6; sin6 = (struct sockaddr_in6 *) msg->msg_name; sin6->sin6_family = AF_INET6; sin6->sin6_port = skb->h.uh->source; sin6->sin6_flowinfo = 0; sin6->sin6_scope_id = 0; if (skb->protocol == htons(ETH_P_IP)) ipv6_addr_set(&sin6->sin6_addr, 0, 0, htonl(0xffff), skb->nh.iph->saddr); else { ipv6_addr_copy(&sin6->sin6_addr, &skb->nh.ipv6h->saddr); if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LINKLOCAL) sin6->sin6_scope_id = IP6CB(skb)->iif; } } if (skb->protocol == htons(ETH_P_IP)) { if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); } else { if (np->rxopt.all) datagram_recv_ctl(sk, msg, skb); } err = copied; if (flags & MSG_TRUNC) err = skb->len - sizeof(struct udphdr); out_free: skb_free_datagram(sk, skb); out: return err; csum_copy_err: skb_kill_datagram(sk, skb, flags); if (flags & MSG_DONTWAIT) { UDP6_INC_STATS_USER(UDP_MIB_INERRORS); return -EAGAIN; } goto try_again; }",linux-2.6,,,187467262876147532298738976915303162808,0 6620,CWE-787,"static int MqttClient_WaitType(MqttClient *client, void *packet_obj, byte wait_type, word16 wait_packet_id, int timeout_ms) { int rc; word16 packet_id; MqttPacketType packet_type; #ifdef WOLFMQTT_MULTITHREAD MqttPendResp *pendResp; int readLocked; #endif MqttMsgStat* mms_stat; int waitMatchFound; if (client == NULL || packet_obj == NULL) { return MQTT_CODE_ERROR_BAD_ARG; } mms_stat = (MqttMsgStat*)packet_obj; wait_again: packet_id = 0; packet_type = MQTT_PACKET_TYPE_RESERVED; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; readLocked = 0; #endif waitMatchFound = 0; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Type %s (%d), ID %d"", MqttPacket_TypeDesc((MqttPacketType)wait_type), wait_type, wait_packet_id); #endif switch ((int)*mms_stat) { case MQTT_MSG_BEGIN: { #ifdef WOLFMQTT_MULTITHREAD rc = wm_SemLock(&client->lockRecv); if (rc != 0) { PRINTF(""MqttClient_WaitType: recv lock error!""); return rc; } readLocked = 1; #endif client->packet.stat = MQTT_PK_BEGIN; } FALL_THROUGH; #ifdef WOLFMQTT_V5 case MQTT_MSG_AUTH: #endif case MQTT_MSG_WAIT: { #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, (MqttPacketType)wait_type, wait_packet_id, &pendResp)) { if (pendResp->packetDone) { rc = pendResp->packet_ret; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp already Done %p: Rc %d"", pendResp, rc); #endif MqttClient_RespList_Remove(client, pendResp); wm_SemUnlock(&client->lockClient); wm_SemUnlock(&client->lockRecv); return rc; } } wm_SemUnlock(&client->lockClient); } else { break; } #endif *mms_stat = MQTT_MSG_WAIT; rc = MqttPacket_Read(client, client->rx_buf, client->rx_buf_len, timeout_ms); if (rc <= 0) { break; } client->packet.buf_len = rc; rc = MqttClient_DecodePacket(client, client->rx_buf, client->packet.buf_len, NULL, &packet_type, NULL, &packet_id); if (rc < 0) { break; } #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""Read Packet: Len %d, Type %d, ID %d"", client->packet.buf_len, packet_type, packet_id); #endif *mms_stat = MQTT_MSG_READ; } FALL_THROUGH; case MQTT_MSG_READ: case MQTT_MSG_READ_PAYLOAD: { MqttPacketType use_packet_type; void* use_packet_obj; #ifdef WOLFMQTT_MULTITHREAD readLocked = 1; #endif if (*mms_stat == MQTT_MSG_READ_PAYLOAD) { packet_type = MQTT_PACKET_TYPE_PUBLISH; } if ((wait_type == MQTT_PACKET_TYPE_ANY || wait_type == packet_type || MqttIsPubRespPacket(packet_type) == MqttIsPubRespPacket(wait_type)) && (wait_packet_id == 0 || wait_packet_id == packet_id)) { use_packet_obj = packet_obj; waitMatchFound = 1; } else { use_packet_obj = &client->msg; } use_packet_type = packet_type; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, packet_type, packet_id, &pendResp)) { pendResp->packetProcessing = 1; use_packet_obj = pendResp->packet_obj; use_packet_type = pendResp->packet_type; waitMatchFound = 0; } wm_SemUnlock(&client->lockClient); } else { break; } #endif rc = MqttClient_HandlePacket(client, use_packet_type, use_packet_obj, timeout_ms); #ifdef WOLFMQTT_NONBLOCK if (rc == MQTT_CODE_CONTINUE) { return rc; } #endif if (rc >= 0) { rc = MQTT_CODE_SUCCESS; } #ifdef WOLFMQTT_MULTITHREAD if (pendResp) { if (wm_SemLock(&client->lockClient) == 0) { pendResp->packetDone = 1; pendResp->packet_ret = rc; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp Done %p"", pendResp); #endif pendResp = NULL; wm_SemUnlock(&client->lockClient); } } #endif break; } case MQTT_MSG_WRITE: case MQTT_MSG_WRITE_PAYLOAD: default: { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Invalid state %d!"", *mms_stat); #endif rc = MQTT_CODE_ERROR_STAT; break; } } #ifdef WOLFMQTT_NONBLOCK if (rc != MQTT_CODE_CONTINUE) #endif { *mms_stat = MQTT_MSG_BEGIN; } #ifdef WOLFMQTT_MULTITHREAD if (readLocked) { wm_SemUnlock(&client->lockRecv); } #endif if (rc < 0) { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Failure: %s (%d)"", MqttClient_ReturnCodeToString(rc), rc); #endif return rc; } if (!waitMatchFound) { goto wait_again; } return rc; }",visit repo url,src/mqtt_client.c,https://github.com/wolfSSL/wolfMQTT,278703091752165,1 3667,['CWE-264'],"static int get_iovec_page_array(const struct iovec __user *iov, unsigned int nr_vecs, struct page **pages, struct partial_page *partial, int aligned) { int buffers = 0, error = 0; while (nr_vecs) { unsigned long off, npages; struct iovec entry; void __user *base; size_t len; int i; error = -EFAULT; if (copy_from_user(&entry, iov, sizeof(entry))) break; base = entry.iov_base; len = entry.iov_len; error = 0; if (unlikely(!len)) break; error = -EFAULT; if (!access_ok(VERIFY_READ, base, len)) break; off = (unsigned long) base & ~PAGE_MASK; error = -EINVAL; if (aligned && (off || len & ~PAGE_MASK)) break; npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT; if (npages > PIPE_BUFFERS - buffers) npages = PIPE_BUFFERS - buffers; error = get_user_pages_fast((unsigned long)base, npages, 0, &pages[buffers]); if (unlikely(error <= 0)) break; for (i = 0; i < error; i++) { const int plen = min_t(size_t, len, PAGE_SIZE - off); partial[buffers].offset = off; partial[buffers].len = plen; off = 0; len -= plen; buffers++; } if (len) break; if (error < npages || buffers == PIPE_BUFFERS) break; nr_vecs--; iov++; } if (buffers) return buffers; return error; }",linux-2.6,,,272683815822860003118434837373065240912,0 11,NVD-CWE-Other,"krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, char **db_args) { int l=0, kerberos_principal_object_type=0; unsigned int ntrees=0, tre=0; krb5_error_code st=0, tempst=0; LDAP *ld=NULL; LDAPMessage *result=NULL, *ent=NULL; char **subtreelist = NULL; char *user=NULL, *subtree=NULL, *principal_dn=NULL; char **values=NULL, *strval[10]={NULL}, errbuf[1024]; char *filtuser=NULL; struct berval **bersecretkey=NULL; LDAPMod **mods=NULL; krb5_boolean create_standalone_prinicipal=FALSE; krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE; char *standalone_principal_dn=NULL; krb5_tl_data *tl_data=NULL; krb5_key_data **keys=NULL; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; osa_princ_ent_rec princ_ent = {0}; xargs_t xargs = {0}; char *polname = NULL; OPERATION optype; krb5_boolean found_entry = FALSE; krb5_clear_error_message(context); SETUP_CONTEXT(); if (ldap_context->lrparams == NULL || ldap_context->container_dn == NULL) return EINVAL; GET_HANDLE(); if (!is_principal_in_realm(ldap_context, entry->princ)) { st = EINVAL; k5_setmsg(context, st, _(""Principal does not belong to the default realm"")); goto cleanup; } if (((st=krb5_unparse_name(context, entry->princ, &user)) != 0) || ((st=krb5_ldap_unparse_principal_name(user)) != 0)) goto cleanup; filtuser = ldap_filter_correct(user); if (filtuser == NULL) { st = ENOMEM; goto cleanup; } if (entry->mask & KADM5_PRINCIPAL) optype = ADD_PRINCIPAL; else optype = MODIFY_PRINCIPAL; if (((st=krb5_get_princ_type(context, entry, &kerberos_principal_object_type)) != 0) || ((st=krb5_get_userdn(context, entry, &principal_dn)) != 0)) goto cleanup; if ((st=process_db_args(context, db_args, &xargs, optype)) != 0) goto cleanup; if (entry->mask & KADM5_LOAD) { unsigned int tree = 0; int numlentries = 0; char *filter = NULL; if (asprintf(&filter, FILTER""%s))"", filtuser) < 0) { filter = NULL; st = ENOMEM; goto cleanup; } if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0) goto cleanup; found_entry = FALSE; for (tree = 0; found_entry == FALSE && tree < ntrees; ++tree) { if (principal_dn == NULL) { LDAP_SEARCH_1(subtreelist[tree], ldap_context->lrparams->search_scope, filter, principal_attributes, IGNORE_STATUS); } else { LDAP_SEARCH_1(principal_dn, LDAP_SCOPE_BASE, filter, principal_attributes, IGNORE_STATUS); } if (st == LDAP_SUCCESS) { numlentries = ldap_count_entries(ld, result); if (numlentries > 1) { free(filter); st = EINVAL; k5_setmsg(context, st, _(""operation can not continue, more than one "" ""entry with principal name \""%s\"" found""), user); goto cleanup; } else if (numlentries == 1) { found_entry = TRUE; if (principal_dn == NULL) { ent = ldap_first_entry(ld, result); if (ent != NULL) { if ((principal_dn = ldap_get_dn(ld, ent)) == NULL) { ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st); st = set_ldap_error (context, st, 0); free(filter); goto cleanup; } } } } } else if (st != LDAP_NO_SUCH_OBJECT) { st = set_ldap_error (context, st, 0); free(filter); goto cleanup; } ldap_msgfree(result); result = NULL; } free(filter); if (found_entry == FALSE && principal_dn != NULL) { create_standalone_prinicipal = TRUE; standalone_principal_dn = strdup(principal_dn); CHECK_NULL(standalone_principal_dn); } } if (principal_dn == NULL && xargs.dn == NULL) { if (entry->princ->length == 2 && entry->princ->data[0].length == strlen(""krbtgt"") && strncmp(entry->princ->data[0].data, ""krbtgt"", entry->princ->data[0].length) == 0) { subtree = strdup(ldap_context->lrparams->realmdn); } else if (xargs.containerdn) { if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) { if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) { int ost = st; st = EINVAL; k5_prependmsg(context, ost, st, _(""'%s' not found""), xargs.containerdn); } goto cleanup; } subtree = strdup(xargs.containerdn); } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) { subtree = strdup(ldap_context->lrparams->containerref); } else { subtree = strdup(ldap_context->lrparams->realmdn); } CHECK_NULL(subtree); if (asprintf(&standalone_principal_dn, ""krbprincipalname=%s,%s"", filtuser, subtree) < 0) standalone_principal_dn = NULL; CHECK_NULL(standalone_principal_dn); create_standalone_prinicipal = TRUE; free(subtree); subtree = NULL; } if (xargs.dn_from_kbd == TRUE) { int dnlen=0, subtreelen=0; char *dn=NULL; krb5_boolean outofsubtree=TRUE; if (xargs.dn != NULL) { dn = xargs.dn; } else if (xargs.linkdn != NULL) { dn = xargs.linkdn; } else if (standalone_principal_dn != NULL) { dn = standalone_principal_dn; } if (subtreelist == NULL) { st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees); if (st) goto cleanup; } for (tre=0; tre= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) { outofsubtree = FALSE; break; } } } if (outofsubtree == TRUE) { st = EINVAL; k5_setmsg(context, st, _(""DN is out of the realm subtree"")); goto cleanup; } if (standalone_principal_dn == NULL) { char *attributes[]={""krbticketpolicyreference"", ""krbprincipalname"", NULL}; ldap_msgfree(result); result = NULL; LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS); if (st == LDAP_SUCCESS) { ent = ldap_first_entry(ld, result); if (ent != NULL) { if ((values=ldap_get_values(ld, ent, ""krbticketpolicyreference"")) != NULL) { ldap_value_free(values); } if ((values=ldap_get_values(ld, ent, ""krbprincipalname"")) != NULL) { krb_identity_exists = TRUE; ldap_value_free(values); } } } else { st = set_ldap_error(context, st, OP_SEARCH); goto cleanup; } } } if (xargs.dn != NULL && krb_identity_exists == TRUE) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _(""ldap object is already kerberized"")); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } if (xargs.linkdn != NULL) { if (optype == MODIFY_PRINCIPAL && kerberos_principal_object_type != KDB_STANDALONE_PRINCIPAL_OBJECT) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _(""link information can not be set/updated as the "" ""kerberos principal belongs to an ldap object"")); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } { char **linkdns=NULL; int j=0; if ((st=krb5_get_linkdn(context, entry, &linkdns)) != 0) { snprintf(errbuf, sizeof(errbuf), _(""Failed getting object references"")); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } if (linkdns != NULL) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _(""kerberos principal is already linked to a ldap "" ""object"")); k5_setmsg(context, st, ""%s"", errbuf); for (j=0; linkdns[j] != NULL; ++j) free (linkdns[j]); free (linkdns); goto cleanup; } } establish_links = TRUE; } if (entry->mask & KADM5_LAST_SUCCESS) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->last_success)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastSuccessfulAuth"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_LAST_FAILED) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->last_failed)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastFailedAuth"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free(strval[0]); } if (entry->mask & KADM5_FAIL_AUTH_COUNT) { krb5_kvno fail_auth_count; fail_auth_count = entry->fail_auth_count; if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) fail_auth_count++; st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_REPLACE, fail_auth_count); if (st != 0) goto cleanup; } else if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) { int attr_mask = 0; krb5_boolean has_fail_count; st = krb5_get_attributes_mask(context, entry, &attr_mask); if (st != 0) goto cleanup; has_fail_count = ((attr_mask & KDB_FAIL_AUTH_COUNT_ATTR) != 0); #ifdef LDAP_MOD_INCREMENT if (ldap_server_handle->server_info->modify_increment && has_fail_count) { st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_INCREMENT, 1); if (st != 0) goto cleanup; } else { #endif if (has_fail_count) { st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_DELETE, entry->fail_auth_count); if (st != 0) goto cleanup; } st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_ADD, entry->fail_auth_count + 1); if (st != 0) goto cleanup; #ifdef LDAP_MOD_INCREMENT } #endif } else if (optype == ADD_PRINCIPAL) { st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_ADD, 0); } if (entry->mask & KADM5_MAX_LIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, ""krbmaxticketlife"", LDAP_MOD_REPLACE, entry->max_life)) != 0) goto cleanup; } if (entry->mask & KADM5_MAX_RLIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, ""krbmaxrenewableage"", LDAP_MOD_REPLACE, entry->max_renewable_life)) != 0) goto cleanup; } if (entry->mask & KADM5_ATTRIBUTES) { if ((st=krb5_add_int_mem_ldap_mod(&mods, ""krbticketflags"", LDAP_MOD_REPLACE, entry->attributes)) != 0) goto cleanup; } if (entry->mask & KADM5_PRINCIPAL) { memset(strval, 0, sizeof(strval)); strval[0] = user; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbprincipalname"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } if (entry->mask & KADM5_PRINC_EXPIRE_TIME) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbprincipalexpiration"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_PW_EXPIRATION) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpasswordexpiration"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_POLICY) { memset(&princ_ent, 0, sizeof(princ_ent)); for (tl_data=entry->tl_data; tl_data; tl_data=tl_data->tl_data_next) { if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) { if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) { goto cleanup; } break; } } if (princ_ent.aux_attributes & KADM5_POLICY) { memset(strval, 0, sizeof(strval)); if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0) goto cleanup; strval[0] = polname; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpwdpolicyreference"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } else { st = EINVAL; k5_setmsg(context, st, ""Password policy value null""); goto cleanup; } } else if (entry->mask & KADM5_LOAD && found_entry == TRUE) { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpwdpolicyreference"", LDAP_MOD_REPLACE, NULL)) != 0) goto cleanup; } if (entry->mask & KADM5_POLICY_CLR) { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpwdpolicyreference"", LDAP_MOD_DELETE, NULL)) != 0) goto cleanup; } if (entry->mask & KADM5_KEY_DATA || entry->mask & KADM5_KVNO) { krb5_kvno mkvno; if ((st=krb5_dbe_lookup_mkvno(context, entry, &mkvno)) != 0) goto cleanup; bersecretkey = krb5_encode_krbsecretkey (entry->key_data, entry->n_key_data, mkvno); if ((st=krb5_add_ber_mem_ldap_mod(&mods, ""krbprincipalkey"", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0) goto cleanup; if (!(entry->mask & KADM5_PRINCIPAL)) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpasswordexpiration"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } { krb5_timestamp last_pw_changed; if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0) goto cleanup; memset(strval, 0, sizeof(strval)); if ((strval[0] = getstringtime(last_pw_changed)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastPwdChange"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } } if (entry->tl_data != NULL) { int count = 0; struct berval **ber_tl_data = NULL; krb5_tl_data *ptr; krb5_timestamp unlock_time; for (ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) { if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE #ifdef SECURID || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA || ptr->tl_data_type == KDB_TL_USER_INFO || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK) continue; count++; } if (count != 0) { int j; ber_tl_data = (struct berval **) calloc (count + 1, sizeof (struct berval*)); if (ber_tl_data == NULL) { st = ENOMEM; goto cleanup; } for (j = 0, ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) { if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE #ifdef SECURID || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA || ptr->tl_data_type == KDB_TL_USER_INFO || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK) continue; if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0) break; j++; } if (st == 0) { ber_tl_data[count] = NULL; st=krb5_add_ber_mem_ldap_mod(&mods, ""krbExtraData"", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, ber_tl_data); } for (j = 0; ber_tl_data[j] != NULL; j++) { free(ber_tl_data[j]->bv_val); free(ber_tl_data[j]); } free(ber_tl_data); if (st != 0) goto cleanup; } if ((st=krb5_dbe_lookup_last_admin_unlock(context, entry, &unlock_time)) != 0) goto cleanup; if (unlock_time != 0) { memset(strval, 0, sizeof(strval)); if ((strval[0] = getstringtime(unlock_time)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastAdminUnlock"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } } if (xargs.tktpolicydn != NULL) { int tmask=0; if (strlen(xargs.tktpolicydn) != 0) { st = checkattributevalue(ld, xargs.tktpolicydn, ""objectclass"", policyclass, &tmask); CHECK_CLASS_VALIDITY(st, tmask, _(""ticket policy object value: "")); strval[0] = xargs.tktpolicydn; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbticketpolicyreference"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } else { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbticketpolicyreference"", LDAP_MOD_DELETE, NULL)) != 0) goto cleanup; } } if (establish_links == TRUE) { memset(strval, 0, sizeof(strval)); strval[0] = xargs.linkdn; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbObjectReferences"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } if (mods == NULL) goto cleanup; if (create_standalone_prinicipal == TRUE) { memset(strval, 0, sizeof(strval)); strval[0] = ""krbprincipal""; strval[1] = ""krbprincipalaux""; strval[2] = ""krbTicketPolicyAux""; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""objectclass"", LDAP_MOD_ADD, strval)) != 0) goto cleanup; st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL); if (st == LDAP_ALREADY_EXISTS && entry->mask & KADM5_LOAD) { st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL); if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _(""Principal delete failed (trying to replace "" ""entry): %s""), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } else { st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL); } } if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _(""Principal add failed: %s""), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } } else { { char *attrvalues[] = {""krbprincipalaux"", ""krbTicketPolicyAux"", NULL}; int p, q, r=0, amask=0; if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn, ""objectclass"", attrvalues, &amask)) != 0) goto cleanup; memset(strval, 0, sizeof(strval)); for (p=1, q=0; p<=2; p<<=1, ++q) { if ((p & amask) == 0) strval[r++] = attrvalues[q]; } if (r != 0) { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""objectclass"", LDAP_MOD_ADD, strval)) != 0) goto cleanup; } } if (xargs.dn != NULL) st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL); else st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL); if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _(""User modification failed: %s""), ldap_err2string(st)); st = translate_ldap_error (st, OP_MOD); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) entry->fail_auth_count++; } cleanup: if (user) free(user); if (filtuser) free(filtuser); free_xargs(xargs); if (standalone_principal_dn) free(standalone_principal_dn); if (principal_dn) free (principal_dn); if (polname != NULL) free(polname); for (tre = 0; tre < ntrees; tre++) free(subtreelist[tre]); free(subtreelist); if (subtree) free (subtree); if (bersecretkey) { for (l=0; bersecretkey[l]; ++l) { if (bersecretkey[l]->bv_val) free (bersecretkey[l]->bv_val); free (bersecretkey[l]); } free (bersecretkey); } if (keys) free (keys); ldap_mods_free(mods, 1); ldap_osa_free_princ_ent(&princ_ent); ldap_msgfree(result); krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return(st); }",visit repo url,src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c,https://github.com/krb5/krb5,81435144245853,1 3888,CWE-122,"didset_options2(void) { (void)highlight_changed(); check_opt_wim(); (void)set_chars_option(curwin, &curwin->w_p_lcs); (void)set_chars_option(curwin, &p_fcs); #ifdef FEAT_CLIPBOARD (void)check_clipboard_option(); #endif #ifdef FEAT_VARTABS vim_free(curbuf->b_p_vsts_array); tabstop_set(curbuf->b_p_vsts, &curbuf->b_p_vsts_array); vim_free(curbuf->b_p_vts_array); tabstop_set(curbuf->b_p_vts, &curbuf->b_p_vts_array); #endif }",visit repo url,src/option.c,https://github.com/vim/vim,171722471750810,1 5873,['CWE-200'],"static void *nr_info_next(struct seq_file *seq, void *v, loff_t *pos) { ++*pos; return (v == SEQ_START_TOKEN) ? sk_head(&nr_list) : sk_next((struct sock *)v); }",linux-2.6,,,253244941029927695459232391100104376723,0 4963,['CWE-20'],"void nfs_access_add_cache(struct inode *inode, struct nfs_access_entry *set) { struct nfs_access_entry *cache = kmalloc(sizeof(*cache), GFP_KERNEL); if (cache == NULL) return; RB_CLEAR_NODE(&cache->rb_node); cache->jiffies = set->jiffies; cache->cred = get_rpccred(set->cred); cache->mask = set->mask; nfs_access_add_rbtree(inode, cache); smp_mb__before_atomic_inc(); atomic_long_inc(&nfs_access_nr_entries); smp_mb__after_atomic_inc(); if (!test_and_set_bit(NFS_INO_ACL_LRU_SET, &NFS_FLAGS(inode))) { spin_lock(&nfs_access_lru_lock); list_add_tail(&NFS_I(inode)->access_cache_inode_lru, &nfs_access_lru_list); spin_unlock(&nfs_access_lru_lock); } }",linux-2.6,,,115355617402210196569005465570650641408,0 2446,['CWE-119'],"void diff_free_filespec_data(struct diff_filespec *s) { diff_free_filespec_blob(s); free(s->cnt_data); s->cnt_data = NULL; }",git,,,90279407518235543610011554154427003326,0 3185,['CWE-189'],"static jpc_dec_mstabent_t *jpc_dec_mstab_lookup(uint_fast16_t id) { jpc_dec_mstabent_t *mstabent; for (mstabent = jpc_dec_mstab; mstabent->id != 0; ++mstabent) { if (mstabent->id == id) { break; } } return mstabent; }",jasper,,,76451182387496986788521807615157302370,0 3848,[],"static inline int cap_block_setpcap(struct task_struct *target) { return (target != current); }",linux-2.6,,,236755873548910939760901770490110637116,0 3733,[],"static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb) { }",linux-2.6,,,130771919786500815582900793825156890573,0 5082,CWE-787,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 5509,['CWE-119'],"write_tag_64_packet(char *signature, struct ecryptfs_session_key *session_key, char **packet, size_t *packet_len) { size_t i = 0; size_t data_len; size_t packet_size_len; char *message; int rc; data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + session_key->encrypted_key_size); *packet = kmalloc(data_len, GFP_KERNEL); message = *packet; if (!message) { ecryptfs_printk(KERN_ERR, ""Unable to allocate memory\n""); rc = -ENOMEM; goto out; } message[i++] = ECRYPTFS_TAG_64_PACKET_TYPE; rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, &packet_size_len); if (rc) { ecryptfs_printk(KERN_ERR, ""Error generating tag 64 packet "" ""header; cannot generate packet length\n""); goto out; } i += packet_size_len; memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); i += ECRYPTFS_SIG_SIZE_HEX; rc = ecryptfs_write_packet_length(&message[i], session_key->encrypted_key_size, &packet_size_len); if (rc) { ecryptfs_printk(KERN_ERR, ""Error generating tag 64 packet "" ""header; cannot generate packet length\n""); goto out; } i += packet_size_len; memcpy(&message[i], session_key->encrypted_key, session_key->encrypted_key_size); i += session_key->encrypted_key_size; *packet_len = i; out: return rc; }",linux-2.6,,,18673344423398484639279013557060830853,0 5402,CWE-119,"void faad_resetbits(bitfile *ld, int bits) { uint32_t tmp; int words = bits >> 5; int remainder = bits & 0x1F; ld->bytes_left = ld->buffer_size - words*4; if (ld->bytes_left >= 4) { tmp = getdword(&ld->start[words]); ld->bytes_left -= 4; } else { tmp = getdword_n(&ld->start[words], ld->bytes_left); ld->bytes_left = 0; } ld->bufa = tmp; if (ld->bytes_left >= 4) { tmp = getdword(&ld->start[words+1]); ld->bytes_left -= 4; } else { tmp = getdword_n(&ld->start[words+1], ld->bytes_left); ld->bytes_left = 0; } ld->bufb = tmp; ld->bits_left = 32 - remainder; ld->tail = &ld->start[words+2]; ld->error = 0; }",visit repo url,libfaad/bits.c,https://github.com/knik0/faad2,211394547238936,1 2019,CWE-416,"evtchn_port_t evtchn_from_irq(unsigned irq) { if (WARN(irq >= nr_irqs, ""Invalid irq %d!\n"", irq)) return 0; return info_for_irq(irq)->evtchn; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,114975906427438,1 5061,CWE-125,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 3433,CWE-119,"static void test_show_object(struct object *object, struct strbuf *path, const char *last, void *data) { struct bitmap_test_data *tdata = data; int bitmap_pos; bitmap_pos = bitmap_position(object->oid.hash); if (bitmap_pos < 0) die(""Object not in bitmap: %s\n"", oid_to_hex(&object->oid)); bitmap_set(tdata->base, bitmap_pos); display_progress(tdata->prg, ++tdata->seen); }",visit repo url,pack-bitmap.c,https://github.com/git/git,94983213207532,1 5684,CWE-404,"void AICast_ScriptParse( cast_state_t *cs ) { gentity_t *ent; char *pScript; char *token; qboolean wantName; qboolean inScript; int eventNum; int numEventItems; cast_script_event_t *curEvent; char params[MAX_QPATH]; cast_script_stack_action_t *action; int i; int bracketLevel; qboolean buildScript; if ( !level.scriptAI ) { return; } ent = &g_entities[cs->entityNum]; if ( !ent->aiName ) { return; } buildScript = qtrue; pScript = level.scriptAI; wantName = qtrue; inScript = qfalse; COM_BeginParseSession( ""AICast_ScriptParse"" ); bracketLevel = 0; numEventItems = 0; memset( cast_temp_events, 0, sizeof( cast_temp_events ) ); while ( 1 ) { token = COM_Parse( &pScript ); if ( !token[0] ) { if ( !wantName ) { G_Error( ""AICast_ScriptParse(), Error (line %d): '}' expected, end of script found.\n"", COM_GetCurrentParseLine() ); } break; } if ( token[0] == '}' ) { if ( inScript ) { break; } if ( wantName ) { G_Error( ""AICast_ScriptParse(), Error (line %d): '}' found, but not expected.\n"", COM_GetCurrentParseLine() ); } wantName = qtrue; } else if ( token[0] == '{' ) { if ( wantName ) { G_Error( ""AICast_ScriptParse(), Error (line %d): '{' found, NAME expected.\n"", COM_GetCurrentParseLine() ); } } else if ( wantName ) { if ( !Q_strcasecmp( ent->aiName, token ) ) { inScript = qtrue; numEventItems = 0; } wantName = qfalse; } else if ( inScript ) { if ( !Q_strcasecmp( token, ""attributes"" ) ) { AICast_CheckLevelAttributes( cs, ent, &pScript ); continue; } eventNum = AICast_EventForString( token ); if ( eventNum < 0 ) { G_Error( ""AICast_ScriptParse(), Error (line %d): unknown event: %s.\n"", COM_GetCurrentParseLine(), token ); } if ( numEventItems >= MAX_SCRIPT_EVENTS ) { G_Error( ""AICast_ScriptParse(), Error (line %d): MAX_SCRIPT_EVENTS reached (%d)\n"", COM_GetCurrentParseLine(), MAX_SCRIPT_EVENTS ); } if ( !Q_stricmp( token, ""friendlysightcorpse"" ) ) { cs->aiFlags &= ~AIFL_CORPSESIGHTING; } curEvent = &cast_temp_events[numEventItems]; curEvent->eventNum = eventNum; memset( params, 0, sizeof( params ) ); while ( ( token = COM_Parse( &pScript ) ) && ( token[0] != '{' ) ) { if ( !token[0] ) { G_Error( ""AICast_ScriptParse(), Error (line %d): '}' expected, end of script found.\n"", COM_GetCurrentParseLine() ); } if ( eventNum == 13 ) { if ( strlen( token ) > 1 ) { if ( BG_IndexForString( token, animStateStr, qtrue ) < 0 ) { G_Error( ""AICast_ScriptParse(), Error (line %d): unknown state type '%s'.\n"", COM_GetCurrentParseLine(), token ); } } } if ( strlen( params ) ) { Q_strcat( params, sizeof( params ), "" "" ); } Q_strcat( params, sizeof( params ), token ); } if ( strlen( params ) ) { curEvent->params = G_Alloc( strlen( params ) + 1 ); Q_strncpyz( curEvent->params, params, strlen( params ) + 1 ); } while ( ( token = COM_Parse( &pScript ) ) && ( token[0] != '}' ) ) { if ( !token[0] ) { G_Error( ""AICast_ScriptParse(), Error (line %d): '}' expected, end of script found.\n"", COM_GetCurrentParseLine() ); } action = AICast_ActionForString( cs, token ); if ( !action ) { G_Error( ""AICast_ScriptParse(), Error (line %d): unknown action: %s.\n"", COM_GetCurrentParseLine(), token ); } curEvent->stack.items[curEvent->stack.numItems].action = action; memset( params, 0, sizeof( params ) ); token = COM_ParseExt( &pScript, qfalse ); for ( i = 0; token[0]; i++ ) { if ( strlen( params ) ) { Q_strcat( params, sizeof( params ), "" "" ); } if ( i == 0 ) { if ( !Q_stricmp( action->actionString, ""playsound"" ) ) { G_SoundIndex( token ); } if ( buildScript && ( !Q_stricmp( action->actionString, ""mu_start"" ) || !Q_stricmp( action->actionString, ""mu_play"" ) || !Q_stricmp( action->actionString, ""mu_queue"" ) || !Q_stricmp( action->actionString, ""startcam"" ) || !Q_stricmp( action->actionString, ""startcamblack"" ) ) ) { if ( strlen( token ) ) { trap_SendServerCommand( cs->entityNum, va( ""addToBuild %s\n"", token ) ); } } if ( !Q_stricmp( action->actionString, ""giveweapon"" ) ) { gitem_t *weap = BG_FindItem2( token ); RegisterItem( weap ); } if ( !Q_stricmp( action->actionString, ""changelevel"" ) ) { Q_strncpyz( level.nextMap, token, sizeof( level.nextMap ) ); trap_Cvar_Set( ""nextmap"", level.nextMap ); } } if ( strrchr( token,' ' ) ) { Q_strcat( params, sizeof( params ), ""\"""" ); } Q_strcat( params, sizeof( params ), token ); if ( strrchr( token,' ' ) ) { Q_strcat( params, sizeof( params ), ""\"""" ); } token = COM_ParseExt( &pScript, qfalse ); } if ( strlen( params ) ) { curEvent->stack.items[curEvent->stack.numItems].params = G_Alloc( strlen( params ) + 1 ); Q_strncpyz( curEvent->stack.items[curEvent->stack.numItems].params, params, strlen( params ) + 1 ); } curEvent->stack.numItems++; if ( curEvent->stack.numItems >= AICAST_MAX_SCRIPT_STACK_ITEMS ) { G_Error( ""AICast_ScriptParse(): script exceeded MAX_SCRIPT_ITEMS (%d), line %d\n"", AICAST_MAX_SCRIPT_STACK_ITEMS, COM_GetCurrentParseLine() ); } } numEventItems++; } else { while ( ( token = COM_Parse( &pScript ) ) ) { if ( !token[0] ) { G_Error( ""AICast_ScriptParse(), Error (line %d): '}' expected, end of script found.\n"", COM_GetCurrentParseLine() ); } else if ( token[0] == '{' ) { bracketLevel++; } else if ( token[0] == '}' ) { if ( !--bracketLevel ) { break; } } } } } if ( numEventItems > 0 ) { cs->castScriptEvents = G_Alloc( sizeof( cast_script_event_t ) * numEventItems ); memcpy( cs->castScriptEvents, cast_temp_events, sizeof( cast_script_event_t ) * numEventItems ); cs->numCastScriptEvents = numEventItems; cs->castScriptStatus.castScriptEventIndex = -1; } }",visit repo url,code/game/ai_cast_script.c,https://github.com/rtcwcoop/rtcwcoop,50116370756944,1 3055,['CWE-189'],"void jas_matrix_asr(jas_matrix_t *matrix, int n) { int i; int j; jas_seqent_t *rowstart; int rowstep; jas_seqent_t *data; assert(n >= 0); if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) { assert(matrix->rows_); rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { for (j = matrix->numcols_, data = rowstart; j > 0; --j, ++data) { *data >>= n; } } } }",jasper,,,99948030597626019948201497493583648897,0 5983,['CWE-200'],"static void addrconf_sysctl_unregister(struct ipv6_devconf *p) { if (p->sysctl) { struct addrconf_sysctl_table *t = p->sysctl; p->sysctl = NULL; unregister_sysctl_table(t->sysctl_header); kfree(t->addrconf_dev[0].procname); kfree(t); } }",linux-2.6,,,108239761800203562057544473814695109073,0 1909,CWE-416,"static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, int len, int flags) { struct sock *sk = sock->sk; struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk); struct sockaddr_nfc_llcp *addr = (struct sockaddr_nfc_llcp *)_addr; struct nfc_dev *dev; struct nfc_llcp_local *local; int ret = 0; pr_debug(""sock %p sk %p flags 0x%x\n"", sock, sk, flags); if (!addr || len < sizeof(*addr) || addr->sa_family != AF_NFC) return -EINVAL; if (addr->service_name_len == 0 && addr->dsap == 0) return -EINVAL; pr_debug(""addr dev_idx=%u target_idx=%u protocol=%u\n"", addr->dev_idx, addr->target_idx, addr->nfc_protocol); lock_sock(sk); if (sk->sk_state == LLCP_CONNECTED) { ret = -EISCONN; goto error; } if (sk->sk_state == LLCP_CONNECTING) { ret = -EINPROGRESS; goto error; } dev = nfc_get_device(addr->dev_idx); if (dev == NULL) { ret = -ENODEV; goto error; } local = nfc_llcp_find_local(dev); if (local == NULL) { ret = -ENODEV; goto put_dev; } device_lock(&dev->dev); if (dev->dep_link_up == false) { ret = -ENOLINK; device_unlock(&dev->dev); goto put_dev; } device_unlock(&dev->dev); if (local->rf_mode == NFC_RF_INITIATOR && addr->target_idx != local->target_idx) { ret = -ENOLINK; goto put_dev; } llcp_sock->dev = dev; llcp_sock->local = nfc_llcp_local_get(local); llcp_sock->ssap = nfc_llcp_get_local_ssap(local); if (llcp_sock->ssap == LLCP_SAP_MAX) { ret = -ENOMEM; goto sock_llcp_put_local; } llcp_sock->reserved_ssap = llcp_sock->ssap; if (addr->service_name_len == 0) llcp_sock->dsap = addr->dsap; else llcp_sock->dsap = LLCP_SAP_SDP; llcp_sock->nfc_protocol = addr->nfc_protocol; llcp_sock->service_name_len = min_t(unsigned int, addr->service_name_len, NFC_LLCP_MAX_SERVICE_NAME); llcp_sock->service_name = kmemdup(addr->service_name, llcp_sock->service_name_len, GFP_KERNEL); if (!llcp_sock->service_name) { ret = -ENOMEM; goto sock_llcp_release; } nfc_llcp_sock_link(&local->connecting_sockets, sk); ret = nfc_llcp_send_connect(llcp_sock); if (ret) goto sock_unlink; sk->sk_state = LLCP_CONNECTING; ret = sock_wait_state(sk, LLCP_CONNECTED, sock_sndtimeo(sk, flags & O_NONBLOCK)); if (ret && ret != -EINPROGRESS) goto sock_unlink; release_sock(sk); return ret; sock_unlink: nfc_llcp_sock_unlink(&local->connecting_sockets, sk); kfree(llcp_sock->service_name); llcp_sock->service_name = NULL; sock_llcp_release: nfc_llcp_put_ssap(local, llcp_sock->ssap); sock_llcp_put_local: nfc_llcp_local_put(llcp_sock->local); llcp_sock->local = NULL; llcp_sock->dev = NULL; put_dev: nfc_put_device(dev); error: release_sock(sk); return ret; }",visit repo url,net/nfc/llcp_sock.c,https://github.com/torvalds/linux,144622589061142,1 748,CWE-20,"int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, struct sockaddr_storage *kern_address, int mode) { int tot_len; if (kern_msg->msg_namelen) { if (mode == VERIFY_READ) { int err = move_addr_to_kernel(kern_msg->msg_name, kern_msg->msg_namelen, kern_address); if (err < 0) return err; } kern_msg->msg_name = kern_address; } else kern_msg->msg_name = NULL; tot_len = iov_from_user_compat_to_kern(kern_iov, (struct compat_iovec __user *)kern_msg->msg_iov, kern_msg->msg_iovlen); if (tot_len >= 0) kern_msg->msg_iov = kern_iov; return tot_len; }",visit repo url,net/compat.c,https://github.com/torvalds/linux,209053982154124,1 2564,[],"static void debug_set(const char *what, const char *match, struct git_attr *attr, const void *v) { const char *value = v; if (ATTR_TRUE(value)) value = ""set""; else if (ATTR_FALSE(value)) value = ""unset""; else if (ATTR_UNSET(value)) value = ""unspecified""; fprintf(stderr, ""%s: %s => %s (%s)\n"", what, attr->name, (char *) value, match); }",git,,,50784916390693698672668287400938670511,0 3335,[],"static inline void nlmsg_cancel(struct sk_buff *skb, struct nlmsghdr *nlh) { nlmsg_trim(skb, nlh); }",linux-2.6,,,177000946865058295544463318068820019416,0 4562,['CWE-20'],"static inline void dx_set_block(struct dx_entry *entry, ext4_lblk_t value) { entry->block = cpu_to_le32(value); }",linux-2.6,,,64019472998423741080826756896182050617,0 5613,CWE-125,"ast_for_expr(struct compiling *c, const node *n) { asdl_seq *seq; int i; loop: switch (TYPE(n)) { case test: case test_nocond: if (TYPE(CHILD(n, 0)) == lambdef || TYPE(CHILD(n, 0)) == lambdef_nocond) return ast_for_lambdef(c, CHILD(n, 0)); else if (NCH(n) > 1) return ast_for_ifexpr(c, n); case or_test: case and_test: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } seq = _Ta3_asdl_seq_new((NCH(n) + 1) / 2, c->c_arena); if (!seq) return NULL; for (i = 0; i < NCH(n); i += 2) { expr_ty e = ast_for_expr(c, CHILD(n, i)); if (!e) return NULL; asdl_seq_SET(seq, i / 2, e); } if (!strcmp(STR(CHILD(n, 1)), ""and"")) return BoolOp(And, seq, LINENO(n), n->n_col_offset, c->c_arena); assert(!strcmp(STR(CHILD(n, 1)), ""or"")); return BoolOp(Or, seq, LINENO(n), n->n_col_offset, c->c_arena); case not_test: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } else { expr_ty expression = ast_for_expr(c, CHILD(n, 1)); if (!expression) return NULL; return UnaryOp(Not, expression, LINENO(n), n->n_col_offset, c->c_arena); } case comparison: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } else { expr_ty expression; asdl_int_seq *ops; asdl_seq *cmps; ops = _Ta3_asdl_int_seq_new(NCH(n) / 2, c->c_arena); if (!ops) return NULL; cmps = _Ta3_asdl_seq_new(NCH(n) / 2, c->c_arena); if (!cmps) { return NULL; } for (i = 1; i < NCH(n); i += 2) { cmpop_ty newoperator; newoperator = ast_for_comp_op(c, CHILD(n, i)); if (!newoperator) { return NULL; } expression = ast_for_expr(c, CHILD(n, i + 1)); if (!expression) { return NULL; } asdl_seq_SET(ops, i / 2, newoperator); asdl_seq_SET(cmps, i / 2, expression); } expression = ast_for_expr(c, CHILD(n, 0)); if (!expression) { return NULL; } return Compare(expression, ops, cmps, LINENO(n), n->n_col_offset, c->c_arena); } break; case star_expr: return ast_for_starred(c, n); case expr: case xor_expr: case and_expr: case shift_expr: case arith_expr: case term: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } return ast_for_binop(c, n); case yield_expr: { node *an = NULL; node *en = NULL; int is_from = 0; expr_ty exp = NULL; if (NCH(n) > 1) an = CHILD(n, 1); if (an) { en = CHILD(an, NCH(an) - 1); if (NCH(an) == 2) { is_from = 1; exp = ast_for_expr(c, en); } else exp = ast_for_testlist(c, en); if (!exp) return NULL; } if (is_from) return YieldFrom(exp, LINENO(n), n->n_col_offset, c->c_arena); return Yield(exp, LINENO(n), n->n_col_offset, c->c_arena); } case factor: if (NCH(n) == 1) { n = CHILD(n, 0); goto loop; } return ast_for_factor(c, n); case power: return ast_for_power(c, n); default: PyErr_Format(PyExc_SystemError, ""unhandled expr: %d"", TYPE(n)); return NULL; } return NULL; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,123349320927948,1 1463,[],"int sched_group_set_shares(struct task_group *tg, unsigned long shares) { int i; unsigned long flags; if (!tg->se[0]) return -EINVAL; if (shares < MIN_SHARES) shares = MIN_SHARES; mutex_lock(&shares_mutex); if (tg->shares == shares) goto done; spin_lock_irqsave(&task_group_lock, flags); for_each_possible_cpu(i) unregister_fair_sched_group(tg, i); list_del_rcu(&tg->siblings); spin_unlock_irqrestore(&task_group_lock, flags); synchronize_sched(); tg->shares = shares; for_each_possible_cpu(i) { cfs_rq_set_shares(tg->cfs_rq[i], 0); set_se_shares(tg->se[i], shares/nr_cpu_ids); } spin_lock_irqsave(&task_group_lock, flags); for_each_possible_cpu(i) register_fair_sched_group(tg, i); list_add_rcu(&tg->siblings, &tg->parent->children); spin_unlock_irqrestore(&task_group_lock, flags); done: mutex_unlock(&shares_mutex); return 0; }",linux-2.6,,,290054200303842741755443460206699372313,0 2959,CWE-862,"static int rename_in_ns(int pid, char *oldname, char **newnamep) { int fd = -1, ofd = -1, ret, ifindex = -1; bool grab_newname = false; ofd = lxc_preserve_ns(getpid(), ""net""); if (ofd < 0) { fprintf(stderr, ""Failed opening network namespace path for '%d'."", getpid()); return -1; } fd = lxc_preserve_ns(pid, ""net""); if (fd < 0) { fprintf(stderr, ""Failed opening network namespace path for '%d'."", pid); return -1; } if (setns(fd, 0) < 0) { fprintf(stderr, ""setns to container network namespace\n""); goto out_err; } close(fd); fd = -1; if (!*newnamep) { grab_newname = true; *newnamep = VETH_DEF_NAME; if (!(ifindex = if_nametoindex(oldname))) { fprintf(stderr, ""failed to get netdev index\n""); goto out_err; } } if ((ret = lxc_netdev_rename_by_name(oldname, *newnamep)) < 0) { fprintf(stderr, ""Error %d renaming netdev %s to %s in container\n"", ret, oldname, *newnamep); goto out_err; } if (grab_newname) { char ifname[IFNAMSIZ], *namep = ifname; if (!if_indextoname(ifindex, namep)) { fprintf(stderr, ""Failed to get new netdev name\n""); goto out_err; } *newnamep = strdup(namep); if (!*newnamep) goto out_err; } if (setns(ofd, 0) < 0) { fprintf(stderr, ""Error returning to original netns\n""); close(ofd); return -1; } close(ofd); return 0; out_err: if (ofd >= 0) close(ofd); if (setns(ofd, 0) < 0) fprintf(stderr, ""Error returning to original network namespace\n""); if (fd >= 0) close(fd); return -1; }",visit repo url,src/lxc/lxc_user_nic.c,https://github.com/lxc/lxc,126797136945451,1 1652,[],"asmlinkage long sys_sched_getaffinity(pid_t pid, unsigned int len, unsigned long __user *user_mask_ptr) { int ret; cpumask_t mask; if (len < sizeof(cpumask_t)) return -EINVAL; ret = sched_getaffinity(pid, &mask); if (ret < 0) return ret; if (copy_to_user(user_mask_ptr, &mask, sizeof(cpumask_t))) return -EFAULT; return sizeof(cpumask_t); }",linux-2.6,,,20644700589442987758719294383521386646,0 6042,['CWE-200'],"int ipv6_chk_same_addr(const struct in6_addr *addr, struct net_device *dev) { struct inet6_ifaddr * ifp; u8 hash = ipv6_addr_hash(addr); for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) { if (ipv6_addr_equal(&ifp->addr, addr)) { if (dev == NULL || ifp->idev->dev == dev) break; } } return ifp != NULL; }",linux-2.6,,,142498284500722318101254516044000962020,0 203,[],"void atrtr_device_down(struct net_device *dev) { struct atalk_route **r = &atalk_routes; struct atalk_route *tmp; write_lock_bh(&atalk_routes_lock); while ((tmp = *r) != NULL) { if (tmp->dev == dev) { *r = tmp->next; dev_put(dev); kfree(tmp); } else r = &tmp->next; } write_unlock_bh(&atalk_routes_lock); if (atrtr_default.dev == dev) atrtr_set_default(NULL); }",history,,,77692243570289853741252130783720768128,0 6240,CWE-190,"void md_map_b2s256(uint8_t *hash, const uint8_t *msg, int len) { memset(hash, 0, RLC_MD_LEN_B2S256); blake2s(hash, RLC_MD_LEN_B2S256, msg, len, NULL, 0); }",visit repo url,src/md/relic_md_blake2s.c,https://github.com/relic-toolkit/relic,136819826172514,1 5977,['CWE-200'],"static struct inet6_ifaddr *if6_get_idx(struct seq_file *seq, loff_t pos) { struct inet6_ifaddr *ifa = if6_get_first(seq); if (ifa) while(pos && (ifa = if6_get_next(seq, ifa)) != NULL) --pos; return pos ? NULL : ifa; }",linux-2.6,,,248480701697130546504205933061392527678,0 2359,['CWE-200'],"snd_seq_oss_synth_init(void) { snd_use_lock_init(&midi_synth_dev.use_lock); }",linux-2.6,,,305690325044407216499284786091751402337,0 3939,['CWE-362'],"int audit_add_tree_rule(struct audit_krule *rule) { struct audit_tree *seed = rule->tree, *tree; struct path path; struct vfsmount *mnt, *p; struct list_head list; int err; list_for_each_entry(tree, &tree_list, list) { if (!strcmp(seed->pathname, tree->pathname)) { put_tree(seed); rule->tree = tree; list_add(&rule->rlist, &tree->rules); return 0; } } tree = seed; list_add(&tree->list, &tree_list); list_add(&rule->rlist, &tree->rules); mutex_unlock(&audit_filter_mutex); err = kern_path(tree->pathname, 0, &path); if (err) goto Err; mnt = collect_mounts(path.mnt, path.dentry); path_put(&path); if (!mnt) { err = -ENOMEM; goto Err; } list_add_tail(&list, &mnt->mnt_list); get_tree(tree); list_for_each_entry(p, &list, mnt_list) { err = tag_chunk(p->mnt_root->d_inode, tree); if (err) break; } list_del(&list); drop_collected_mounts(mnt); if (!err) { struct node *node; spin_lock(&hash_lock); list_for_each_entry(node, &tree->chunks, list) node->index &= ~(1U<<31); spin_unlock(&hash_lock); } else { trim_marked(tree); goto Err; } mutex_lock(&audit_filter_mutex); if (list_empty(&rule->rlist)) { put_tree(tree); return -ENOENT; } rule->tree = tree; put_tree(tree); return 0; Err: mutex_lock(&audit_filter_mutex); list_del_init(&tree->list); list_del_init(&tree->rules); put_tree(tree); return err; }",linux-2.6,,,125676854463979794883794198262802416224,0 3606,['CWE-20'],"struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, const struct sctp_transport *transport, const void *payload, const size_t paylen) { struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 0, paylen); if (!retval) goto nodata; retval->transport = (struct sctp_transport *) transport; retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); nodata: return retval; }",linux-2.6,,,286984736103661259629275589645847844496,0 2003,CWE-125,"static int vgacon_switch(struct vc_data *c) { int x = c->vc_cols * VGA_FONTWIDTH; int y = c->vc_rows * c->vc_font.height; int rows = screen_info.orig_video_lines * vga_default_font_height/ c->vc_font.height; vga_video_num_columns = c->vc_cols; vga_video_num_lines = c->vc_rows; if (!vga_is_gfx) { scr_memcpyw((u16 *) c->vc_origin, (u16 *) c->vc_screenbuf, c->vc_screenbuf_size > vga_vram_size ? vga_vram_size : c->vc_screenbuf_size); if ((vgacon_xres != x || vgacon_yres != y) && (!(vga_video_num_columns % 2) && vga_video_num_columns <= screen_info.orig_video_cols && vga_video_num_lines <= rows)) vgacon_doresize(c, c->vc_cols, c->vc_rows); } vgacon_scrollback_switch(c->vc_num); return 0; }",visit repo url,drivers/video/console/vgacon.c,https://github.com/torvalds/linux,192213915619923,1 1053,['CWE-20'],"int in_egroup_p(gid_t grp) { int retval = 1; if (grp != current->egid) retval = groups_search(current->group_info, grp); return retval; }",linux-2.6,,,137780121146391841743085491620691108992,0 775,['CWE-119'],"isdn_net_stat_callback(int idx, isdn_ctrl *c) { isdn_net_dev *p = dev->st_netdev[idx]; int cmd = c->command; if (p) { isdn_net_local *lp = p->local; #ifdef CONFIG_ISDN_X25 struct concap_proto *cprot = lp->netdev->cprot; struct concap_proto_ops *pops = cprot ? cprot->pops : NULL; #endif switch (cmd) { case ISDN_STAT_BSENT: if ((lp->flags & ISDN_NET_CONNECTED) && (!lp->dialstate)) { isdn_net_dec_frame_cnt(lp); lp->stats.tx_packets++; lp->stats.tx_bytes += c->parm.length; } return 1; case ISDN_STAT_DCONN: switch (lp->dialstate) { case 4: case 7: case 8: lp->dialstate++; return 1; case 12: lp->dialstate = 5; return 1; } break; case ISDN_STAT_DHUP: #ifdef CONFIG_ISDN_X25 if( !(lp->flags & ISDN_NET_CONNECTED) && pops && pops -> disconn_ind ) pops -> disconn_ind(cprot); #endif if ((!lp->dialstate) && (lp->flags & ISDN_NET_CONNECTED)) { if (lp->p_encap == ISDN_NET_ENCAP_CISCOHDLCK) isdn_net_ciscohdlck_disconnected(lp); #ifdef CONFIG_ISDN_PPP if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP) isdn_ppp_free(lp); #endif isdn_net_lp_disconnected(lp); isdn_all_eaz(lp->isdn_device, lp->isdn_channel); printk(KERN_INFO ""%s: remote hangup\n"", p->dev->name); printk(KERN_INFO ""%s: Chargesum is %d\n"", p->dev->name, lp->charge); isdn_net_unbind_channel(lp); return 1; } break; #ifdef CONFIG_ISDN_X25 case ISDN_STAT_BHUP: if( pops && pops -> disconn_ind ){ pops -> disconn_ind(cprot); return 1; } break; #endif case ISDN_STAT_BCONN: isdn_net_zero_frame_cnt(lp); switch (lp->dialstate) { case 5: case 6: case 7: case 8: case 9: case 10: case 12: if (lp->dialstate <= 6) { dev->usage[idx] |= ISDN_USAGE_OUTGOING; isdn_info_update(); } else dev->rx_netdev[idx] = p; lp->dialstate = 0; isdn_timer_ctrl(ISDN_TIMER_NETHANGUP, 1); if (lp->p_encap == ISDN_NET_ENCAP_CISCOHDLCK) isdn_net_ciscohdlck_connected(lp); if (lp->p_encap != ISDN_NET_ENCAP_SYNCPPP) { if (lp->master) { isdn_net_dev *nd = ((isdn_net_local *)lp->master->priv)->netdev; isdn_net_add_to_bundle(nd, lp); } } printk(KERN_INFO ""isdn_net: %s connected\n"", p->dev->name); lp->chargetime = jiffies; lp->dialstarted = 0; lp->dialwait_timer = 0; #ifdef CONFIG_ISDN_PPP if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP) isdn_ppp_wakeup_daemon(lp); #endif #ifdef CONFIG_ISDN_X25 if( pops ) if( pops->connect_ind) pops->connect_ind(cprot); #endif if (lp->p_encap != ISDN_NET_ENCAP_SYNCPPP) isdn_net_device_wake_queue(lp); return 1; } break; case ISDN_STAT_NODCH: if (lp->dialstate == 4) { lp->dialstate--; return 1; } break; case ISDN_STAT_CINF: lp->charge++; if (lp->hupflags & ISDN_HAVECHARGE) { lp->hupflags &= ~ISDN_WAITCHARGE; lp->chargeint = jiffies - lp->chargetime - (2 * HZ); } if (lp->hupflags & ISDN_WAITCHARGE) lp->hupflags |= ISDN_HAVECHARGE; lp->chargetime = jiffies; printk(KERN_DEBUG ""isdn_net: Got CINF chargetime of %s now %lu\n"", p->dev->name, lp->chargetime); return 1; } } return 0; }",linux-2.6,,,242027138811438556605247848455430387110,0 5958,['CWE-200'],"cbq_dump_stats(struct Qdisc *sch, struct gnet_dump *d) { struct cbq_sched_data *q = qdisc_priv(sch); q->link.xstats.avgidle = q->link.avgidle; return gnet_stats_copy_app(d, &q->link.xstats, sizeof(q->link.xstats)); }",linux-2.6,,,272405791589872205563516805950815155683,0 2945,CWE-59,"static int mount_entry(const char *fsname, const char *target, const char *fstype, unsigned long mountflags, const char *data, int optional) { #ifdef HAVE_STATVFS struct statvfs sb; #endif if (mount(fsname, target, fstype, mountflags & ~MS_REMOUNT, data)) { if (optional) { INFO(""failed to mount '%s' on '%s' (optional): %s"", fsname, target, strerror(errno)); return 0; } else { SYSERROR(""failed to mount '%s' on '%s'"", fsname, target); return -1; } } if ((mountflags & MS_REMOUNT) || (mountflags & MS_BIND)) { DEBUG(""remounting %s on %s to respect bind or remount options"", fsname ? fsname : ""(none)"", target ? target : ""(none)""); unsigned long rqd_flags = 0; if (mountflags & MS_RDONLY) rqd_flags |= MS_RDONLY; #ifdef HAVE_STATVFS if (statvfs(fsname, &sb) == 0) { unsigned long required_flags = rqd_flags; if (sb.f_flag & MS_NOSUID) required_flags |= MS_NOSUID; if (sb.f_flag & MS_NODEV) required_flags |= MS_NODEV; if (sb.f_flag & MS_RDONLY) required_flags |= MS_RDONLY; if (sb.f_flag & MS_NOEXEC) required_flags |= MS_NOEXEC; DEBUG(""(at remount) flags for %s was %lu, required extra flags are %lu"", fsname, sb.f_flag, required_flags); if (!(mountflags & MS_REMOUNT)) { if (!(required_flags & ~mountflags) && rqd_flags == 0) { DEBUG(""mountflags already was %lu, skipping remount"", mountflags); goto skipremount; } } mountflags |= required_flags; } #endif if (mount(fsname, target, fstype, mountflags | MS_REMOUNT, data)) { if (optional) { INFO(""failed to mount '%s' on '%s' (optional): %s"", fsname, target, strerror(errno)); return 0; } else { SYSERROR(""failed to mount '%s' on '%s'"", fsname, target); return -1; } } } #ifdef HAVE_STATVFS skipremount: #endif DEBUG(""mounted '%s' on '%s', type '%s'"", fsname, target, fstype); return 0; }",visit repo url,src/lxc/conf.c,https://github.com/lxc/lxc,25266665185904,1 5377,CWE-125,"int main(int argc, char *argv[]) { int32_t ret = GPMF_OK; GPMF_stream metadata_stream, *ms = &metadata_stream; double metadatalength; uint32_t *payload = NULL; if (argc != 2) { printf(""usage: %s \n"", argv[0]); return -1; } size_t mp4 = OpenMP4Source(argv[1], MOV_GPMF_TRAK_TYPE, MOV_GPMF_TRAK_SUBTYPE); metadatalength = GetDuration(mp4); if (metadatalength > 0.0) { uint32_t index, payloads = GetNumberPayloads(mp4); #if 1 if (payloads == 1) { uint32_t payloadsize = GetPayloadSize(mp4,0); payload = GetPayload(mp4, payload, 0); if(payload == NULL) goto cleanup; ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; ret = GPMF_Validate(ms, GPMF_RECURSE_LEVELS); if (GPMF_OK != ret) { printf(""Invalid Structure\n""); goto cleanup; } GPMF_ResetState(ms); do { PrintGPMF(ms); } while (GPMF_OK == GPMF_Next(ms, GPMF_RECURSE_LEVELS)); GPMF_ResetState(ms); printf(""\n""); } #endif for (index = 0; index < payloads; index++) { uint32_t payloadsize = GetPayloadSize(mp4, index); float in = 0.0, out = 0.0; payload = GetPayload(mp4, payload, index); if (payload == NULL) goto cleanup; ret = GetPayloadTime(mp4, index, &in, &out); if (ret != GPMF_OK) goto cleanup; ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; #if 1 if (index == 0) { ret = GPMF_FindNext(ms, GPMF_KEY_STREAM, GPMF_RECURSE_LEVELS); while (GPMF_OK == ret) { ret = GPMF_SeekToSamples(ms); if (GPMF_OK == ret) { uint32_t key = GPMF_Key(ms); GPMF_SampleType type = GPMF_Type(ms); uint32_t elements = GPMF_ElementsInStruct(ms); uint32_t samples = GPMF_PayloadSampleCount(ms); if (samples) { printf("" STRM of %c%c%c%c "", PRINTF_4CC(key)); if (type == GPMF_TYPE_COMPLEX) { GPMF_stream find_stream; GPMF_CopyState(ms, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TYPE, GPMF_CURRENT_LEVEL)) { char tmp[64]; char *data = (char *)GPMF_RawData(&find_stream); int size = GPMF_RawDataSize(&find_stream); if (size < sizeof(tmp)) { memcpy(tmp, data, size); tmp[size] = 0; printf(""of type %s "", tmp); } } } else { printf(""of type %c "", type); } printf(""with %d sample%s "", samples, samples > 1 ? ""s"" : """"); if (elements > 1) printf(""-- %d elements per sample"", elements); printf(""\n""); } ret = GPMF_FindNext(ms, GPMF_KEY_STREAM, GPMF_RECURSE_LEVELS); } else { if (ret == GPMF_ERROR_BAD_STRUCTURE) { ret = GPMF_Next(ms, GPMF_CURRENT_LEVEL); } } } GPMF_ResetState(ms); printf(""\n""); } #endif #if 1 if (index == 0) { if (GPMF_OK == GPMF_FindNext(ms, STR2FOURCC(""GPS5""), GPMF_RECURSE_LEVELS) || GPMF_OK == GPMF_FindNext(ms, STR2FOURCC(""GPRI""), GPMF_RECURSE_LEVELS)) { uint32_t key = GPMF_Key(ms); uint32_t samples = GPMF_Repeat(ms); uint32_t elements = GPMF_ElementsInStruct(ms); uint32_t buffersize = samples * elements * sizeof(double); GPMF_stream find_stream; double *ptr, *tmpbuffer = malloc(buffersize); char units[10][6] = { """" }; uint32_t unit_samples = 1; printf(""MP4 Payload time %.3f to %.3f seconds\n"", in, out); if (tmpbuffer && samples) { uint32_t i, j; GPMF_CopyState(ms, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_SI_UNITS, GPMF_CURRENT_LEVEL) || GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_UNITS, GPMF_CURRENT_LEVEL)) { char *data = (char *)GPMF_RawData(&find_stream); int ssize = GPMF_StructSize(&find_stream); unit_samples = GPMF_Repeat(&find_stream); for (i = 0; i < unit_samples; i++) { memcpy(units[i], data, ssize); units[i][ssize] = 0; data += ssize; } } GPMF_ScaledData(ms, tmpbuffer, buffersize, 0, samples, GPMF_TYPE_DOUBLE); ptr = tmpbuffer; for (i = 0; i < samples; i++) { printf(""%c%c%c%c "", PRINTF_4CC(key)); for (j = 0; j < elements; j++) printf(""%.3f%s, "", *ptr++, units[j%unit_samples]); printf(""\n""); } free(tmpbuffer); } } GPMF_ResetState(ms); printf(""\n""); } #endif } #if 1 while (GPMF_OK == GPMF_FindNext(ms, GPMF_KEY_STREAM, GPMF_RECURSE_LEVELS)) { if (GPMF_OK == GPMF_SeekToSamples(ms)) { uint32_t fourcc = GPMF_Key(ms); double rate = GetGPMFSampleRate(mp4, fourcc, GPMF_SAMPLE_RATE_PRECISE); printf(""%c%c%c%c sampling rate = %f Hz\n"", PRINTF_4CC(fourcc), rate); } } #endif cleanup: if (payload) FreePayload(payload); payload = NULL; CloseSource(mp4); } return ret; }",visit repo url,demo/GPMF_demo.c,https://github.com/gopro/gpmf-parser,197991278856194,1 5353,['CWE-476'],"static void save_state_to_tss32(struct kvm_vcpu *vcpu, struct tss_segment_32 *tss) { tss->cr3 = vcpu->arch.cr3; tss->eip = kvm_rip_read(vcpu); tss->eflags = kvm_x86_ops->get_rflags(vcpu); tss->eax = kvm_register_read(vcpu, VCPU_REGS_RAX); tss->ecx = kvm_register_read(vcpu, VCPU_REGS_RCX); tss->edx = kvm_register_read(vcpu, VCPU_REGS_RDX); tss->ebx = kvm_register_read(vcpu, VCPU_REGS_RBX); tss->esp = kvm_register_read(vcpu, VCPU_REGS_RSP); tss->ebp = kvm_register_read(vcpu, VCPU_REGS_RBP); tss->esi = kvm_register_read(vcpu, VCPU_REGS_RSI); tss->edi = kvm_register_read(vcpu, VCPU_REGS_RDI); tss->es = get_segment_selector(vcpu, VCPU_SREG_ES); tss->cs = get_segment_selector(vcpu, VCPU_SREG_CS); tss->ss = get_segment_selector(vcpu, VCPU_SREG_SS); tss->ds = get_segment_selector(vcpu, VCPU_SREG_DS); tss->fs = get_segment_selector(vcpu, VCPU_SREG_FS); tss->gs = get_segment_selector(vcpu, VCPU_SREG_GS); tss->ldt_selector = get_segment_selector(vcpu, VCPU_SREG_LDTR); }",linux-2.6,,,165637306489041103045553775944494063989,0 5585,CWE-125,"handle_keywordonly_args(struct compiling *c, const node *n, int start, asdl_seq *kwonlyargs, asdl_seq *kwdefaults) { PyObject *argname; node *ch; expr_ty expression, annotation; arg_ty arg; int i = start; int j = 0; if (kwonlyargs == NULL) { ast_error(c, CHILD(n, start), ""named arguments must follow bare *""); return -1; } assert(kwdefaults != NULL); while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case vfpdef: case tfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) goto error; asdl_seq_SET(kwdefaults, j, expression); i += 2; } else { asdl_seq_SET(kwdefaults, j, NULL); } if (NCH(ch) == 3) { annotation = ast_for_expr(c, CHILD(ch, 2)); if (!annotation) goto error; } else { annotation = NULL; } ch = CHILD(ch, 0); argname = NEW_IDENTIFIER(ch); if (!argname) goto error; if (forbidden_name(c, argname, ch, 0)) goto error; arg = arg(argname, annotation, NULL, LINENO(ch), ch->n_col_offset, c->c_arena); if (!arg) goto error; asdl_seq_SET(kwonlyargs, j++, arg); i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; break; case TYPE_COMMENT: arg->type_comment = NEW_TYPE_COMMENT(ch); i += 1; break; case DOUBLESTAR: return i; default: ast_error(c, ch, ""unexpected node""); goto error; } } return i; error: return -1; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,128017593026688,1 4139,[],"static void ibwdt_disable(void) { spin_lock(&ibwdt_lock); outb_p(0, WDT_STOP); spin_unlock(&ibwdt_lock); }",linux-2.6,,,66512631462333935769060055305778852213,0 5648,['CWE-476'],"static int udpv6_destroy_sock(struct sock *sk) { lock_sock(sk); udp_v6_flush_pending_frames(sk); release_sock(sk); inet6_destroy_sock(sk); return 0; }",linux-2.6,,,89430041289434714537565600173527057967,0 3635,['CWE-287'],"__u32 sctp_association_get_next_tsn(struct sctp_association *asoc) { __u32 retval = asoc->next_tsn; asoc->next_tsn++; asoc->unack_data++; return retval; }",linux-2.6,,,152480921929145653519778455977396968944,0 273,[],"static int bond_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ifreq kifr; struct ifreq __user *uifr; struct ifreq32 __user *ifr32 = compat_ptr(arg); mm_segment_t old_fs; int err; u32 data; void __user *datap; switch (cmd) { case SIOCBONDENSLAVE: case SIOCBONDRELEASE: case SIOCBONDSETHWADDR: case SIOCBONDCHANGEACTIVE: if (copy_from_user(&kifr, ifr32, sizeof(struct ifreq32))) return -EFAULT; old_fs = get_fs(); set_fs (KERNEL_DS); err = sys_ioctl (fd, cmd, (unsigned long)&kifr); set_fs (old_fs); return err; case SIOCBONDSLAVEINFOQUERY: case SIOCBONDINFOQUERY: uifr = compat_alloc_user_space(sizeof(*uifr)); if (copy_in_user(&uifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; if (get_user(data, &ifr32->ifr_ifru.ifru_data)) return -EFAULT; datap = compat_ptr(data); if (put_user(datap, &uifr->ifr_ifru.ifru_data)) return -EFAULT; return sys_ioctl (fd, cmd, (unsigned long)uifr); default: return -EINVAL; }; }",linux-2.6,,,50591992990878201551433767884117492693,0 6534,['CWE-200'],"constructor (GType type, guint n_props, GObjectConstructParam *construct_props) { NMApplet *applet; AppletDBusManager *dbus_mgr; GList *server_caps, *iter; applet = NM_APPLET (G_OBJECT_CLASS (nma_parent_class)->constructor (type, n_props, construct_props)); g_set_application_name (_(""NetworkManager Applet"")); gtk_window_set_default_icon_name (GTK_STOCK_NETWORK); applet->glade_file = g_build_filename (GLADEDIR, ""applet.glade"", NULL); if (!applet->glade_file || !g_file_test (applet->glade_file, G_FILE_TEST_IS_REGULAR)) { GtkWidget *dialog; dialog = applet_warning_dialog_show (_(""The NetworkManager Applet could not find some required resources (the glade file was not found)."")); gtk_dialog_run (GTK_DIALOG (dialog)); goto error; } applet->info_dialog_xml = glade_xml_new (applet->glade_file, ""info_dialog"", NULL); if (!applet->info_dialog_xml) goto error; applet->gconf_client = gconf_client_get_default (); if (!applet->gconf_client) goto error; if (!setup_widgets (applet)) goto error; nma_icons_init (applet); if (!notify_is_initted ()) notify_init (""NetworkManager""); server_caps = notify_get_server_caps(); applet->notify_with_actions = FALSE; for (iter = server_caps; iter; iter = g_list_next (iter)) { if (!strcmp ((const char *) iter->data, NOTIFY_CAPS_ACTIONS_KEY)) applet->notify_with_actions = TRUE; } g_list_foreach (server_caps, (GFunc) g_free, NULL); g_list_free (server_caps); dbus_mgr = applet_dbus_manager_get (); if (dbus_mgr == NULL) { nm_warning (""Couldn't initialize the D-Bus manager.""); g_object_unref (applet); return NULL; } g_signal_connect (G_OBJECT (dbus_mgr), ""exit-now"", G_CALLBACK (exit_cb), applet); applet->dbus_settings = (NMDBusSettings *) nm_dbus_settings_system_new (applet_dbus_manager_get_connection (dbus_mgr)); applet->gconf_settings = nma_gconf_settings_new (applet_dbus_manager_get_connection (dbus_mgr)); g_signal_connect (applet->gconf_settings, ""new-secrets-requested"", G_CALLBACK (applet_settings_new_secrets_requested_cb), applet); if (!applet_dbus_manager_start_service (dbus_mgr)) { g_object_unref (applet); return NULL; } applet->wired_class = applet_device_wired_get_class (applet); g_assert (applet->wired_class); applet->wifi_class = applet_device_wifi_get_class (applet); g_assert (applet->wifi_class); applet->gsm_class = applet_device_gsm_get_class (applet); g_assert (applet->gsm_class); applet->cdma_class = applet_device_cdma_get_class (applet); g_assert (applet->cdma_class); foo_client_setup (applet); applet->update_timestamps_id = g_timeout_add_seconds (300, (GSourceFunc) periodic_update_active_connection_timestamps, applet); nm_gconf_set_pre_keyring_callback (applet_pre_keyring_callback, applet); return G_OBJECT (applet); error: g_object_unref (applet); return NULL; }",network-manager-applet,,,249490432355718365213951468245610554289,0 5170,CWE-787,"int my_csr_reader( const char* i_csr_file_in, unsigned int** o_row_idx, unsigned int** o_column_idx, REALTYPE** o_values, unsigned int* o_row_count, unsigned int* o_column_count, unsigned int* o_element_count ) { FILE *l_csr_file_handle; const unsigned int l_line_length = 512; char l_line[512 +1]; unsigned int l_header_read = 0; unsigned int* l_row_idx_id = NULL; unsigned int l_i = 0; l_csr_file_handle = fopen( i_csr_file_in, ""r"" ); if ( l_csr_file_handle == NULL ) { fprintf( stderr, ""cannot open CSR file!\n"" ); return -1; } while (fgets(l_line, l_line_length, l_csr_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { fprintf( stderr, ""could not read file length!\n"" ); return -1; } if ( l_line[0] == '%' ) { continue; } else { if ( l_header_read == 0 ) { if ( sscanf(l_line, ""%u %u %u"", o_row_count, o_column_count, o_element_count) == 3 ) { *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count + 1)); *o_values = (REALTYPE*) malloc(sizeof(double) * (*o_element_count)); l_row_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count)); if ( ( *o_row_idx == NULL ) || ( *o_column_idx == NULL ) || ( *o_values == NULL ) || ( l_row_idx_id == NULL ) ) { fprintf( stderr, ""could not allocate sp data!\n"" ); return -1; } memset(*o_row_idx, 0, sizeof(unsigned int)*(*o_row_count + 1)); memset(*o_column_idx, 0, sizeof(unsigned int)*(*o_element_count)); memset(*o_values, 0, sizeof(double)*(*o_element_count)); memset(l_row_idx_id, 0, sizeof(unsigned int)*(*o_row_count)); for ( l_i = 0; l_i < (*o_row_count + 1); l_i++) (*o_row_idx)[l_i] = (*o_element_count); (*o_row_idx)[0] = 0; l_i = 0; l_header_read = 1; } else { fprintf( stderr, ""could not csr description!\n"" ); return -1; } } else { unsigned int l_row, l_column; REALTYPE l_value; if ( sscanf(l_line, ""%u %u %lf"", &l_row, &l_column, &l_value) != 3 ) { fprintf( stderr, ""could not read element!\n"" ); return -1; } l_row--; l_column--; (*o_column_idx)[l_i] = l_column; (*o_values)[l_i] = l_value; l_i++; l_row_idx_id[l_row] = 1; (*o_row_idx)[l_row+1] = l_i; } } } fclose( l_csr_file_handle ); if ( l_i != (*o_element_count) ) { fprintf( stderr, ""we were not able to read all elements!\n"" ); return -1; } for ( l_i = 0; l_i < (*o_row_count); l_i++) { if ( l_row_idx_id[l_i] == 0 ) { (*o_row_idx)[l_i+1] = (*o_row_idx)[l_i]; } } if ( l_row_idx_id != NULL ) { free( l_row_idx_id ); } return 0; }",visit repo url,samples/pyfr/pyfr_driver_asp_reg.c,https://github.com/hfp/libxsmm,975514415115,1 4135,[],"static ssize_t ibwdt_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { if (count) { if (!nowayout) { size_t i; expect_close = 0; for (i = 0; i != count; i++) { char c; if (get_user(c, buf + i)) return -EFAULT; if (c == 'V') expect_close = 42; } } ibwdt_ping(); } return count; }",linux-2.6,,,257250865928142529077885574307182738833,0 551,CWE-189,"static inline struct sem_array *sem_obtain_lock(struct ipc_namespace *ns, int id) { struct kern_ipc_perm *ipcp; struct sem_array *sma; rcu_read_lock(); ipcp = ipc_obtain_object(&sem_ids(ns), id); if (IS_ERR(ipcp)) { sma = ERR_CAST(ipcp); goto err; } spin_lock(&ipcp->lock); if (!ipcp->deleted) return container_of(ipcp, struct sem_array, sem_perm); spin_unlock(&ipcp->lock); sma = ERR_PTR(-EINVAL); err: rcu_read_unlock(); return sma; }",visit repo url,ipc/sem.c,https://github.com/torvalds/linux,263125364453675,1 2362,CWE-125,"static int mxf_parse_structural_metadata(MXFContext *mxf) { MXFPackage *material_package = NULL; int i, j, k, ret; av_log(mxf->fc, AV_LOG_TRACE, ""metadata sets count %d\n"", mxf->metadata_sets_count); for (i = 0; i < mxf->packages_count; i++) { material_package = mxf_resolve_strong_ref(mxf, &mxf->packages_refs[i], MaterialPackage); if (material_package) break; } if (!material_package) { av_log(mxf->fc, AV_LOG_ERROR, ""no material package found\n""); return AVERROR_INVALIDDATA; } mxf_add_umid_metadata(&mxf->fc->metadata, ""material_package_umid"", material_package); if (material_package->name && material_package->name[0]) av_dict_set(&mxf->fc->metadata, ""material_package_name"", material_package->name, 0); mxf_parse_package_comments(mxf, &mxf->fc->metadata, material_package); for (i = 0; i < material_package->tracks_count; i++) { MXFPackage *source_package = NULL; MXFTrack *material_track = NULL; MXFTrack *source_track = NULL; MXFTrack *temp_track = NULL; MXFDescriptor *descriptor = NULL; MXFStructuralComponent *component = NULL; MXFTimecodeComponent *mxf_tc = NULL; UID *essence_container_ul = NULL; const MXFCodecUL *codec_ul = NULL; const MXFCodecUL *container_ul = NULL; const MXFCodecUL *pix_fmt_ul = NULL; AVStream *st; AVTimecode tc; int flags; if (!(material_track = mxf_resolve_strong_ref(mxf, &material_package->tracks_refs[i], Track))) { av_log(mxf->fc, AV_LOG_ERROR, ""could not resolve material track strong ref\n""); continue; } if ((component = mxf_resolve_strong_ref(mxf, &material_track->sequence_ref, TimecodeComponent))) { mxf_tc = (MXFTimecodeComponent*)component; flags = mxf_tc->drop_frame == 1 ? AV_TIMECODE_FLAG_DROPFRAME : 0; if (av_timecode_init(&tc, mxf_tc->rate, flags, mxf_tc->start_frame, mxf->fc) == 0) { mxf_add_timecode_metadata(&mxf->fc->metadata, ""timecode"", &tc); } } if (!(material_track->sequence = mxf_resolve_strong_ref(mxf, &material_track->sequence_ref, Sequence))) { av_log(mxf->fc, AV_LOG_ERROR, ""could not resolve material track sequence strong ref\n""); continue; } for (j = 0; j < material_track->sequence->structural_components_count; j++) { component = mxf_resolve_strong_ref(mxf, &material_track->sequence->structural_components_refs[j], TimecodeComponent); if (!component) continue; mxf_tc = (MXFTimecodeComponent*)component; flags = mxf_tc->drop_frame == 1 ? AV_TIMECODE_FLAG_DROPFRAME : 0; if (av_timecode_init(&tc, mxf_tc->rate, flags, mxf_tc->start_frame, mxf->fc) == 0) { mxf_add_timecode_metadata(&mxf->fc->metadata, ""timecode"", &tc); break; } } if(material_track->sequence->structural_components_count > 1) av_log(mxf->fc, AV_LOG_WARNING, ""material track %d: has %d components\n"", material_track->track_id, material_track->sequence->structural_components_count); for (j = 0; j < material_track->sequence->structural_components_count; j++) { component = mxf_resolve_sourceclip(mxf, &material_track->sequence->structural_components_refs[j]); if (!component) continue; source_package = mxf_resolve_source_package(mxf, component->source_package_ul, component->source_package_uid); if (!source_package) { av_log(mxf->fc, AV_LOG_TRACE, ""material track %d: no corresponding source package found\n"", material_track->track_id); continue; } for (k = 0; k < source_package->tracks_count; k++) { if (!(temp_track = mxf_resolve_strong_ref(mxf, &source_package->tracks_refs[k], Track))) { av_log(mxf->fc, AV_LOG_ERROR, ""could not resolve source track strong ref\n""); ret = AVERROR_INVALIDDATA; goto fail_and_free; } if (temp_track->track_id == component->source_track_id) { source_track = temp_track; break; } } if (!source_track) { av_log(mxf->fc, AV_LOG_ERROR, ""material track %d: no corresponding source track found\n"", material_track->track_id); break; } for (k = 0; k < mxf->essence_container_data_count; k++) { MXFEssenceContainerData *essence_data; if (!(essence_data = mxf_resolve_strong_ref(mxf, &mxf->essence_container_data_refs[k], EssenceContainerData))) { av_log(mxf, AV_LOG_TRACE, ""could not resolve essence container data strong ref\n""); continue; } if (!memcmp(component->source_package_ul, essence_data->package_ul, sizeof(UID)) && !memcmp(component->source_package_uid, essence_data->package_uid, sizeof(UID))) { source_track->body_sid = essence_data->body_sid; source_track->index_sid = essence_data->index_sid; break; } } if(source_track && component) break; } if (!source_track || !component || !source_package) { if((ret = mxf_add_metadata_stream(mxf, material_track))) goto fail_and_free; continue; } if (!(source_track->sequence = mxf_resolve_strong_ref(mxf, &source_track->sequence_ref, Sequence))) { av_log(mxf->fc, AV_LOG_ERROR, ""could not resolve source track sequence strong ref\n""); ret = AVERROR_INVALIDDATA; goto fail_and_free; } if (memcmp(material_track->sequence->data_definition_ul, source_track->sequence->data_definition_ul, 16)) { av_log(mxf->fc, AV_LOG_ERROR, ""material track %d: DataDefinition mismatch\n"", material_track->track_id); continue; } st = avformat_new_stream(mxf->fc, NULL); if (!st) { av_log(mxf->fc, AV_LOG_ERROR, ""could not allocate stream\n""); ret = AVERROR(ENOMEM); goto fail_and_free; } st->id = material_track->track_id; st->priv_data = source_track; source_package->descriptor = mxf_resolve_strong_ref(mxf, &source_package->descriptor_ref, AnyType); descriptor = mxf_resolve_multidescriptor(mxf, source_package->descriptor, source_track->track_id); if (descriptor && descriptor->duration != AV_NOPTS_VALUE) source_track->original_duration = st->duration = FFMIN(descriptor->duration, component->duration); else source_track->original_duration = st->duration = component->duration; if (st->duration == -1) st->duration = AV_NOPTS_VALUE; st->start_time = component->start_position; if (material_track->edit_rate.num <= 0 || material_track->edit_rate.den <= 0) { av_log(mxf->fc, AV_LOG_WARNING, ""Invalid edit rate (%d/%d) found on stream #%d, "" ""defaulting to 25/1\n"", material_track->edit_rate.num, material_track->edit_rate.den, st->index); material_track->edit_rate = (AVRational){25, 1}; } avpriv_set_pts_info(st, 64, material_track->edit_rate.den, material_track->edit_rate.num); source_track->edit_rate = material_track->edit_rate; PRINT_KEY(mxf->fc, ""data definition ul"", source_track->sequence->data_definition_ul); codec_ul = mxf_get_codec_ul(ff_mxf_data_definition_uls, &source_track->sequence->data_definition_ul); st->codecpar->codec_type = codec_ul->id; if (!descriptor) { av_log(mxf->fc, AV_LOG_INFO, ""source track %d: stream %d, no descriptor found\n"", source_track->track_id, st->index); continue; } PRINT_KEY(mxf->fc, ""essence codec ul"", descriptor->essence_codec_ul); PRINT_KEY(mxf->fc, ""essence container ul"", descriptor->essence_container_ul); essence_container_ul = &descriptor->essence_container_ul; source_track->wrapping = (mxf->op == OPAtom) ? ClipWrapped : mxf_get_wrapping_kind(essence_container_ul); if (source_track->wrapping == UnknownWrapped) av_log(mxf->fc, AV_LOG_INFO, ""wrapping of stream %d is unknown\n"", st->index); if (IS_KLV_KEY(essence_container_ul, mxf_encrypted_essence_container)) { av_log(mxf->fc, AV_LOG_INFO, ""broken encrypted mxf file\n""); for (k = 0; k < mxf->metadata_sets_count; k++) { MXFMetadataSet *metadata = mxf->metadata_sets[k]; if (metadata->type == CryptoContext) { essence_container_ul = &((MXFCryptoContext *)metadata)->source_container_ul; break; } } } codec_ul = mxf_get_codec_ul(ff_mxf_codec_uls, &descriptor->essence_codec_ul); st->codecpar->codec_id = (enum AVCodecID)codec_ul->id; if (st->codecpar->codec_id == AV_CODEC_ID_NONE) { codec_ul = mxf_get_codec_ul(ff_mxf_codec_uls, &descriptor->codec_ul); st->codecpar->codec_id = (enum AVCodecID)codec_ul->id; } av_log(mxf->fc, AV_LOG_VERBOSE, ""%s: Universal Label: "", avcodec_get_name(st->codecpar->codec_id)); for (k = 0; k < 16; k++) { av_log(mxf->fc, AV_LOG_VERBOSE, ""%.2x"", descriptor->essence_codec_ul[k]); if (!(k+1 & 19) || k == 5) av_log(mxf->fc, AV_LOG_VERBOSE, "".""); } av_log(mxf->fc, AV_LOG_VERBOSE, ""\n""); mxf_add_umid_metadata(&st->metadata, ""file_package_umid"", source_package); if (source_package->name && source_package->name[0]) av_dict_set(&st->metadata, ""file_package_name"", source_package->name, 0); if (material_track->name && material_track->name[0]) av_dict_set(&st->metadata, ""track_name"", material_track->name, 0); mxf_parse_physical_source_package(mxf, source_track, st); if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) { source_track->intra_only = mxf_is_intra_only(descriptor); container_ul = mxf_get_codec_ul(mxf_picture_essence_container_uls, essence_container_ul); if (st->codecpar->codec_id == AV_CODEC_ID_NONE) st->codecpar->codec_id = container_ul->id; st->codecpar->width = descriptor->width; st->codecpar->height = descriptor->height; switch (descriptor->frame_layout) { case FullFrame: st->codecpar->field_order = AV_FIELD_PROGRESSIVE; break; case OneField: av_log(mxf->fc, AV_LOG_INFO, ""OneField frame layout isn't currently supported\n""); break; case MixedFields: break; case SegmentedFrame: st->codecpar->field_order = AV_FIELD_PROGRESSIVE; case SeparateFields: av_log(mxf->fc, AV_LOG_DEBUG, ""video_line_map: (%d, %d), field_dominance: %d\n"", descriptor->video_line_map[0], descriptor->video_line_map[1], descriptor->field_dominance); if ((descriptor->video_line_map[0] > 0) && (descriptor->video_line_map[1] > 0)) { if ((descriptor->video_line_map[0] + descriptor->video_line_map[1]) % 2) { switch (descriptor->field_dominance) { case MXF_FIELD_DOMINANCE_DEFAULT: case MXF_FIELD_DOMINANCE_FF: st->codecpar->field_order = AV_FIELD_TT; break; case MXF_FIELD_DOMINANCE_FL: st->codecpar->field_order = AV_FIELD_TB; break; default: avpriv_request_sample(mxf->fc, ""Field dominance %d support"", descriptor->field_dominance); } } else { switch (descriptor->field_dominance) { case MXF_FIELD_DOMINANCE_DEFAULT: case MXF_FIELD_DOMINANCE_FF: st->codecpar->field_order = AV_FIELD_BB; break; case MXF_FIELD_DOMINANCE_FL: st->codecpar->field_order = AV_FIELD_BT; break; default: avpriv_request_sample(mxf->fc, ""Field dominance %d support"", descriptor->field_dominance); } } } st->codecpar->height *= 2; break; default: av_log(mxf->fc, AV_LOG_INFO, ""Unknown frame layout type: %d\n"", descriptor->frame_layout); } if (st->codecpar->codec_id == AV_CODEC_ID_RAWVIDEO) { st->codecpar->format = descriptor->pix_fmt; if (st->codecpar->format == AV_PIX_FMT_NONE) { pix_fmt_ul = mxf_get_codec_ul(ff_mxf_pixel_format_uls, &descriptor->essence_codec_ul); st->codecpar->format = (enum AVPixelFormat)pix_fmt_ul->id; if (st->codecpar->format== AV_PIX_FMT_NONE) { st->codecpar->codec_tag = mxf_get_codec_ul(ff_mxf_codec_tag_uls, &descriptor->essence_codec_ul)->id; if (!st->codecpar->codec_tag) { if (descriptor->horiz_subsampling == 2 && descriptor->vert_subsampling == 1 && descriptor->component_depth == 8) { st->codecpar->format = AV_PIX_FMT_UYVY422; } } } } } st->need_parsing = AVSTREAM_PARSE_HEADERS; if (material_track->sequence->origin) { av_dict_set_int(&st->metadata, ""material_track_origin"", material_track->sequence->origin, 0); } if (source_track->sequence->origin) { av_dict_set_int(&st->metadata, ""source_track_origin"", source_track->sequence->origin, 0); } if (descriptor->aspect_ratio.num && descriptor->aspect_ratio.den) st->display_aspect_ratio = descriptor->aspect_ratio; } else if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO) { container_ul = mxf_get_codec_ul(mxf_sound_essence_container_uls, essence_container_ul); if (st->codecpar->codec_id == AV_CODEC_ID_NONE || (st->codecpar->codec_id == AV_CODEC_ID_PCM_ALAW && (enum AVCodecID)container_ul->id != AV_CODEC_ID_NONE)) st->codecpar->codec_id = (enum AVCodecID)container_ul->id; st->codecpar->channels = descriptor->channels; st->codecpar->bits_per_coded_sample = descriptor->bits_per_sample; if (descriptor->sample_rate.den > 0) { st->codecpar->sample_rate = descriptor->sample_rate.num / descriptor->sample_rate.den; avpriv_set_pts_info(st, 64, descriptor->sample_rate.den, descriptor->sample_rate.num); } else { av_log(mxf->fc, AV_LOG_WARNING, ""invalid sample rate (%d/%d) "" ""found for stream #%d, time base forced to 1/48000\n"", descriptor->sample_rate.num, descriptor->sample_rate.den, st->index); avpriv_set_pts_info(st, 64, 1, 48000); } if (st->duration != AV_NOPTS_VALUE) st->duration = av_rescale_q(st->duration, av_inv_q(material_track->edit_rate), st->time_base); if (st->codecpar->codec_id == AV_CODEC_ID_PCM_S16LE) { if (descriptor->bits_per_sample > 16 && descriptor->bits_per_sample <= 24) st->codecpar->codec_id = AV_CODEC_ID_PCM_S24LE; else if (descriptor->bits_per_sample == 32) st->codecpar->codec_id = AV_CODEC_ID_PCM_S32LE; } else if (st->codecpar->codec_id == AV_CODEC_ID_PCM_S16BE) { if (descriptor->bits_per_sample > 16 && descriptor->bits_per_sample <= 24) st->codecpar->codec_id = AV_CODEC_ID_PCM_S24BE; else if (descriptor->bits_per_sample == 32) st->codecpar->codec_id = AV_CODEC_ID_PCM_S32BE; } else if (st->codecpar->codec_id == AV_CODEC_ID_MP2) { st->need_parsing = AVSTREAM_PARSE_FULL; } } else if (st->codecpar->codec_type == AVMEDIA_TYPE_DATA) { enum AVMediaType type; container_ul = mxf_get_codec_ul(mxf_data_essence_container_uls, essence_container_ul); if (st->codecpar->codec_id == AV_CODEC_ID_NONE) st->codecpar->codec_id = container_ul->id; type = avcodec_get_type(st->codecpar->codec_id); if (type == AVMEDIA_TYPE_SUBTITLE) st->codecpar->codec_type = type; if (container_ul->desc) av_dict_set(&st->metadata, ""data_type"", container_ul->desc, 0); } if (descriptor->extradata) { if (!ff_alloc_extradata(st->codecpar, descriptor->extradata_size)) { memcpy(st->codecpar->extradata, descriptor->extradata, descriptor->extradata_size); } } else if (st->codecpar->codec_id == AV_CODEC_ID_H264) { int coded_width = mxf_get_codec_ul(mxf_intra_only_picture_coded_width, &descriptor->essence_codec_ul)->id; if (coded_width) st->codecpar->width = coded_width; ret = ff_generate_avci_extradata(st); if (ret < 0) return ret; } if (st->codecpar->codec_type != AVMEDIA_TYPE_DATA && source_track->wrapping != FrameWrapped) { st->need_parsing = AVSTREAM_PARSE_TIMESTAMPS; } } ret = 0; fail_and_free: return ret; }",visit repo url,libavformat/mxfdec.c,https://github.com/FFmpeg/FFmpeg,212664378043448,1 5194,['CWE-20'],"static void vmx_save_host_state(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); if (vmx->host_state.loaded) return; vmx->host_state.loaded = 1; vmx->host_state.ldt_sel = kvm_read_ldt(); vmx->host_state.gs_ldt_reload_needed = vmx->host_state.ldt_sel; vmx->host_state.fs_sel = kvm_read_fs(); if (!(vmx->host_state.fs_sel & 7)) { vmcs_write16(HOST_FS_SELECTOR, vmx->host_state.fs_sel); vmx->host_state.fs_reload_needed = 0; } else { vmcs_write16(HOST_FS_SELECTOR, 0); vmx->host_state.fs_reload_needed = 1; } vmx->host_state.gs_sel = kvm_read_gs(); if (!(vmx->host_state.gs_sel & 7)) vmcs_write16(HOST_GS_SELECTOR, vmx->host_state.gs_sel); else { vmcs_write16(HOST_GS_SELECTOR, 0); vmx->host_state.gs_ldt_reload_needed = 1; } #ifdef CONFIG_X86_64 vmcs_writel(HOST_FS_BASE, read_msr(MSR_FS_BASE)); vmcs_writel(HOST_GS_BASE, read_msr(MSR_GS_BASE)); #else vmcs_writel(HOST_FS_BASE, segment_base(vmx->host_state.fs_sel)); vmcs_writel(HOST_GS_BASE, segment_base(vmx->host_state.gs_sel)); #endif #ifdef CONFIG_X86_64 if (is_long_mode(&vmx->vcpu)) save_msrs(vmx->host_msrs + vmx->msr_offset_kernel_gs_base, 1); #endif load_msrs(vmx->guest_msrs, vmx->save_nmsrs); load_transition_efer(vmx); }",linux-2.6,,,262155445489963869534247397994033729509,0 5173,['CWE-20'],"static void ept_load_pdptrs(struct kvm_vcpu *vcpu) { if (is_paging(vcpu) && is_pae(vcpu) && !is_long_mode(vcpu)) { if (!load_pdptrs(vcpu, vcpu->arch.cr3)) { printk(KERN_ERR ""EPT: Fail to load pdptrs!\n""); return; } vmcs_write64(GUEST_PDPTR0, vcpu->arch.pdptrs[0]); vmcs_write64(GUEST_PDPTR1, vcpu->arch.pdptrs[1]); vmcs_write64(GUEST_PDPTR2, vcpu->arch.pdptrs[2]); vmcs_write64(GUEST_PDPTR3, vcpu->arch.pdptrs[3]); } }",linux-2.6,,,16979738077834864609455537273558555924,0 4728,CWE-755,"int imap_open_connection(struct ImapAccountData *adata) { if (mutt_socket_open(adata->conn) < 0) return -1; adata->state = IMAP_CONNECTED; if (imap_cmd_step(adata) != IMAP_RES_OK) { imap_close_connection(adata); return -1; } if (mutt_istr_startswith(adata->buf, ""* OK"")) { if (!mutt_istr_startswith(adata->buf, ""* OK [CAPABILITY"") && check_capabilities(adata)) { goto bail; } #ifdef USE_SSL if ((adata->conn->ssf == 0) && (C_SslForceTls || (adata->capabilities & IMAP_CAP_STARTTLS))) { enum QuadOption ans; if (C_SslForceTls) ans = MUTT_YES; else if ((ans = query_quadoption(C_SslStarttls, _(""Secure connection with TLS?""))) == MUTT_ABORT) { goto err_close_conn; } if (ans == MUTT_YES) { enum ImapExecResult rc = imap_exec(adata, ""STARTTLS"", IMAP_CMD_SINGLE); mutt_socket_empty(adata->conn); if (rc == IMAP_EXEC_FATAL) goto bail; if (rc != IMAP_EXEC_ERROR) { if (mutt_ssl_starttls(adata->conn)) { mutt_error(_(""Could not negotiate TLS connection"")); goto err_close_conn; } else { if (imap_exec(adata, ""CAPABILITY"", IMAP_CMD_NO_FLAGS)) goto bail; } } } } if (C_SslForceTls && (adata->conn->ssf == 0)) { mutt_error(_(""Encrypted connection unavailable"")); goto err_close_conn; } #endif } else if (mutt_istr_startswith(adata->buf, ""* PREAUTH"")) { #ifdef USE_SSL if ((adata->conn->ssf == 0) && C_SslForceTls) { mutt_error(_(""Encrypted connection unavailable"")); goto err_close_conn; } #endif adata->state = IMAP_AUTHENTICATED; if (check_capabilities(adata) != 0) goto bail; FREE(&adata->capstr); } else { imap_error(""imap_open_connection()"", adata->buf); goto bail; } return 0; #ifdef USE_SSL err_close_conn: imap_close_connection(adata); #endif bail: FREE(&adata->capstr); return -1; }",visit repo url,imap/imap.c,https://github.com/neomutt/neomutt,111591152947075,1 3340,CWE-119,"aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword) { const AIFF_CAF_CHANNEL_MAP * map_info ; unsigned channel_bitmap, channel_decriptions, bytesread ; int layout_tag ; bytesread = psf_binheader_readf (psf, ""444"", &layout_tag, &channel_bitmap, &channel_decriptions) ; if ((map_info = aiff_caf_of_channel_layout_tag (layout_tag)) == NULL) return 0 ; psf_log_printf (psf, "" Tag : %x\n"", layout_tag) ; if (map_info) psf_log_printf (psf, "" Layout : %s\n"", map_info->name) ; if (bytesread < dword) psf_binheader_readf (psf, ""j"", dword - bytesread) ; if (map_info->channel_map != NULL) { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ; free (psf->channel_map) ; if ((psf->channel_map = malloc (chanmap_size)) == NULL) return SFE_MALLOC_FAILED ; memcpy (psf->channel_map, map_info->channel_map, chanmap_size) ; } ; return 0 ; } ",visit repo url,src/aiff.c,https://github.com/erikd/libsndfile,246523816517999,1 2318,['CWE-120'],"int generic_permission(struct inode *inode, int mask, int (*check_acl)(struct inode *inode, int mask)) { umode_t mode = inode->i_mode; if (current->fsuid == inode->i_uid) mode >>= 6; else { if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { int error = check_acl(inode, mask); if (error == -EACCES) goto check_capabilities; else if (error != -EAGAIN) return error; } if (in_group_p(inode->i_gid)) mode >>= 3; } if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask)) return 0; check_capabilities: if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode)) if (capable(CAP_DAC_OVERRIDE)) return 0; if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) if (capable(CAP_DAC_READ_SEARCH)) return 0; return -EACCES; }",linux-2.6,,,59543549285907746913293125215261488587,0 578,[],"static ssize_t bad_file_write(struct file *filp, const char __user *buf, size_t siz, loff_t *ppos) { return -EIO; }",linux-2.6,,,245417778943235014485587902732762126587,0 4394,CWE-369,"IW_IMPL(int) iw_get_input_density(struct iw_context *ctx, double *px, double *py, int *pcode) { *px = 1.0; *py = 1.0; *pcode = ctx->img1.density_code; if(ctx->img1.density_code!=IW_DENSITY_UNKNOWN) { *px = ctx->img1.density_x; *py = ctx->img1.density_y; return 1; } return 0; }",visit repo url,src/imagew-api.c,https://github.com/jsummers/imageworsener,128994679242352,1 2330,['CWE-120'],"struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) { int err; struct qstr this; err = __lookup_one_len(name, &this, base, len); if (err) return ERR_PTR(err); err = permission(base->d_inode, MAY_EXEC, NULL); if (err) return ERR_PTR(err); return __lookup_hash(&this, base, NULL); }",linux-2.6,,,34336918359007983078332593623688168553,0 3423,CWE-119,"static void process_blob(struct rev_info *revs, struct blob *blob, show_object_fn show, struct strbuf *path, const char *name, void *cb_data) { struct object *obj = &blob->object; if (!revs->blob_objects) return; if (!obj) die(""bad blob object""); if (obj->flags & (UNINTERESTING | SEEN)) return; obj->flags |= SEEN; show(obj, path, name, cb_data); }",visit repo url,list-objects.c,https://github.com/git/git,221094371885859,1 4605,['CWE-399'],"int ext4_get_inode_loc(struct inode *inode, struct ext4_iloc *iloc) { return __ext4_get_inode_loc(inode, iloc, !(EXT4_I(inode)->i_state & EXT4_STATE_XATTR)); }",linux-2.6,,,322029092253848537426297886716200596695,0 2352,['CWE-120'],"static __always_inline int __do_follow_link(struct path *path, struct nameidata *nd) { int error; void *cookie; struct dentry *dentry = path->dentry; touch_atime(path->mnt, dentry); nd_set_link(nd, NULL); if (path->mnt != nd->path.mnt) { path_to_nameidata(path, nd); dget(dentry); } mntget(path->mnt); cookie = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(cookie); if (!IS_ERR(cookie)) { char *s = nd_get_link(nd); error = 0; if (s) error = __vfs_follow_link(nd, s); if (dentry->d_inode->i_op->put_link) dentry->d_inode->i_op->put_link(dentry, nd, cookie); } path_put(path); return error; }",linux-2.6,,,336609845976666112474669648603471956696,0 1125,['CWE-399'],"const struct user_regset_view *task_user_regset_view(struct task_struct *task) { #ifdef CONFIG_COMPAT if (test_tsk_thread_flag(task, TIF_31BIT)) return &user_s390_compat_view; #endif return &user_s390_view; }",linux-2.6,,,80467162085777492886369688433487508738,0 884,CWE-20,"static void unix_copy_addr(struct msghdr *msg, struct sock *sk) { struct unix_sock *u = unix_sk(sk); msg->msg_namelen = 0; if (u->addr) { msg->msg_namelen = u->addr->len; memcpy(msg->msg_name, u->addr->name, u->addr->len); } }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,153126031543195,1 2189,CWE-416,"SMB2_write(const unsigned int xid, struct cifs_io_parms *io_parms, unsigned int *nbytes, struct kvec *iov, int n_vec) { struct smb_rqst rqst; int rc = 0; struct smb2_write_req *req = NULL; struct smb2_write_rsp *rsp = NULL; int resp_buftype; struct kvec rsp_iov; int flags = 0; unsigned int total_len; *nbytes = 0; if (n_vec < 1) return rc; rc = smb2_plain_req_init(SMB2_WRITE, io_parms->tcon, (void **) &req, &total_len); if (rc) return rc; if (io_parms->tcon->ses->server == NULL) return -ECONNABORTED; if (smb3_encryption_required(io_parms->tcon)) flags |= CIFS_TRANSFORM_REQ; req->sync_hdr.ProcessId = cpu_to_le32(io_parms->pid); req->PersistentFileId = io_parms->persistent_fid; req->VolatileFileId = io_parms->volatile_fid; req->WriteChannelInfoOffset = 0; req->WriteChannelInfoLength = 0; req->Channel = 0; req->Length = cpu_to_le32(io_parms->length); req->Offset = cpu_to_le64(io_parms->offset); req->DataOffset = cpu_to_le16( offsetof(struct smb2_write_req, Buffer)); req->RemainingBytes = 0; trace_smb3_write_enter(xid, io_parms->persistent_fid, io_parms->tcon->tid, io_parms->tcon->ses->Suid, io_parms->offset, io_parms->length); iov[0].iov_base = (char *)req; iov[0].iov_len = total_len - 1; memset(&rqst, 0, sizeof(struct smb_rqst)); rqst.rq_iov = iov; rqst.rq_nvec = n_vec + 1; rc = cifs_send_recv(xid, io_parms->tcon->ses, &rqst, &resp_buftype, flags, &rsp_iov); cifs_small_buf_release(req); rsp = (struct smb2_write_rsp *)rsp_iov.iov_base; if (rc) { trace_smb3_write_err(xid, req->PersistentFileId, io_parms->tcon->tid, io_parms->tcon->ses->Suid, io_parms->offset, io_parms->length, rc); cifs_stats_fail_inc(io_parms->tcon, SMB2_WRITE_HE); cifs_dbg(VFS, ""Send error in write = %d\n"", rc); } else { *nbytes = le32_to_cpu(rsp->DataLength); trace_smb3_write_done(xid, req->PersistentFileId, io_parms->tcon->tid, io_parms->tcon->ses->Suid, io_parms->offset, *nbytes); } free_rsp_buf(resp_buftype, rsp); return rc; }",visit repo url,fs/cifs/smb2pdu.c,https://github.com/torvalds/linux,28012514695400,1 2477,CWE-119,"cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs, size_t len, const cdf_header_t *h, cdf_secid_t id) { size_t ss = CDF_SEC_SIZE(h); size_t pos = CDF_SHORT_SEC_POS(h, id); assert(ss == len); if (pos > ss * sst->sst_len) { DPRINTF((""Out of bounds read %"" SIZE_T_FORMAT ""u > %"" SIZE_T_FORMAT ""u\n"", pos, ss * sst->sst_len)); return -1; } (void)memcpy(((char *)buf) + offs, ((const char *)sst->sst_tab) + pos, len); return len; }",visit repo url,src/cdf.c,https://github.com/glensc/file,171453780481396,1 2027,['CWE-269'],"void mnt_unpin(struct vfsmount *mnt) { spin_lock(&vfsmount_lock); if (mnt->mnt_pinned) { atomic_inc(&mnt->mnt_count); mnt->mnt_pinned--; } spin_unlock(&vfsmount_lock); }",linux-2.6,,,250256666827153176012538508817981837933,0 5723,['CWE-200'],"int __init irsock_init(void) { int rc = proto_register(&irda_proto, 0); if (rc == 0) rc = sock_register(&irda_family_ops); return rc; }",linux-2.6,,,7816117133850523872528537130225270848,0 2973,CWE-399,"private int magiccheck(struct magic_set *ms, struct magic *m) { uint64_t l = m->value.q; uint64_t v; float fl, fv; double dl, dv; int matched; union VALUETYPE *p = &ms->ms_value; switch (m->type) { case FILE_BYTE: v = p->b; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: v = p->h; break; case FILE_LONG: case FILE_BELONG: case FILE_LELONG: case FILE_MELONG: case FILE_DATE: case FILE_BEDATE: case FILE_LEDATE: case FILE_MEDATE: case FILE_LDATE: case FILE_BELDATE: case FILE_LELDATE: case FILE_MELDATE: v = p->l; break; case FILE_QUAD: case FILE_LEQUAD: case FILE_BEQUAD: case FILE_QDATE: case FILE_BEQDATE: case FILE_LEQDATE: case FILE_QLDATE: case FILE_BEQLDATE: case FILE_LEQLDATE: case FILE_QWDATE: case FILE_BEQWDATE: case FILE_LEQWDATE: v = p->q; break; case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: fl = m->value.f; fv = p->f; switch (m->reln) { case 'x': matched = 1; break; case '!': matched = fv != fl; break; case '=': matched = fv == fl; break; case '>': matched = fv > fl; break; case '<': matched = fv < fl; break; default: file_magerror(ms, ""cannot happen with float: invalid relation `%c'"", m->reln); return -1; } return matched; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: dl = m->value.d; dv = p->d; switch (m->reln) { case 'x': matched = 1; break; case '!': matched = dv != dl; break; case '=': matched = dv == dl; break; case '>': matched = dv > dl; break; case '<': matched = dv < dl; break; default: file_magerror(ms, ""cannot happen with double: invalid relation `%c'"", m->reln); return -1; } return matched; case FILE_DEFAULT: case FILE_CLEAR: l = 0; v = 0; break; case FILE_STRING: case FILE_PSTRING: l = 0; v = file_strncmp(m->value.s, p->s, (size_t)m->vallen, m->str_flags); break; case FILE_BESTRING16: case FILE_LESTRING16: l = 0; v = file_strncmp16(m->value.s, p->s, (size_t)m->vallen, m->str_flags); break; case FILE_SEARCH: { size_t slen; size_t idx; if (ms->search.s == NULL) return 0; slen = MIN(m->vallen, sizeof(m->value.s)); l = 0; v = 0; for (idx = 0; m->str_range == 0 || idx < m->str_range; idx++) { if (slen + idx > ms->search.s_len) break; v = file_strncmp(m->value.s, ms->search.s + idx, slen, m->str_flags); if (v == 0) { ms->search.offset += idx; break; } } break; } case FILE_REGEX: { int rc; file_regex_t rx; if (ms->search.s == NULL) return 0; l = 0; rc = file_regcomp(&rx, m->value.s, REG_EXTENDED|REG_NEWLINE| ((m->str_flags & STRING_IGNORE_CASE) ? REG_ICASE : 0)); if (rc) { file_regerror(&rx, rc, ms); v = (uint64_t)-1; } else { regmatch_t pmatch[1]; #ifndef REG_STARTEND #define REG_STARTEND 0 size_t l = ms->search.s_len - 1; char c = ms->search.s[l]; ((char *)(intptr_t)ms->search.s)[l] = '\0'; #else pmatch[0].rm_so = 0; pmatch[0].rm_eo = ms->search.s_len; #endif rc = file_regexec(&rx, (const char *)ms->search.s, 1, pmatch, REG_STARTEND); #if REG_STARTEND == 0 ((char *)(intptr_t)ms->search.s)[l] = c; #endif switch (rc) { case 0: ms->search.s += (int)pmatch[0].rm_so; ms->search.offset += (size_t)pmatch[0].rm_so; ms->search.rm_len = (size_t)(pmatch[0].rm_eo - pmatch[0].rm_so); v = 0; break; case REG_NOMATCH: v = 1; break; default: file_regerror(&rx, rc, ms); v = (uint64_t)-1; break; } } file_regfree(&rx); if (v == (uint64_t)-1) return -1; break; } case FILE_INDIRECT: case FILE_USE: case FILE_NAME: return 1; default: file_magerror(ms, ""invalid type %d in magiccheck()"", m->type); return -1; } v = file_signextend(ms, m, v); switch (m->reln) { case 'x': if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u == *any* = 1\n"", (unsigned long long)v); matched = 1; break; case '!': matched = v != l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u != %"" INT64_T_FORMAT ""u = %d\n"", (unsigned long long)v, (unsigned long long)l, matched); break; case '=': matched = v == l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u == %"" INT64_T_FORMAT ""u = %d\n"", (unsigned long long)v, (unsigned long long)l, matched); break; case '>': if (m->flag & UNSIGNED) { matched = v > l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u > %"" INT64_T_FORMAT ""u = %d\n"", (unsigned long long)v, (unsigned long long)l, matched); } else { matched = (int64_t) v > (int64_t) l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""d > %"" INT64_T_FORMAT ""d = %d\n"", (long long)v, (long long)l, matched); } break; case '<': if (m->flag & UNSIGNED) { matched = v < l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u < %"" INT64_T_FORMAT ""u = %d\n"", (unsigned long long)v, (unsigned long long)l, matched); } else { matched = (int64_t) v < (int64_t) l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""d < %"" INT64_T_FORMAT ""d = %d\n"", (long long)v, (long long)l, matched); } break; case '&': matched = (v & l) == l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""((%"" INT64_T_FORMAT ""x & %"" INT64_T_FORMAT ""x) == %"" INT64_T_FORMAT ""x) = %d\n"", (unsigned long long)v, (unsigned long long)l, (unsigned long long)l, matched); break; case '^': matched = (v & l) != l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""((%"" INT64_T_FORMAT ""x & %"" INT64_T_FORMAT ""x) != %"" INT64_T_FORMAT ""x) = %d\n"", (unsigned long long)v, (unsigned long long)l, (unsigned long long)l, matched); break; default: file_magerror(ms, ""cannot happen: invalid relation `%c'"", m->reln); return -1; }",visit repo url,src/softmagic.c,https://github.com/file/file,26628139794870,1 2778,CWE-125,"int ntlm_read_message_fields(wStream* s, NTLM_MESSAGE_FIELDS* fields) { if (Stream_GetRemainingLength(s) < 8) return -1; Stream_Read_UINT16(s, fields->Len); Stream_Read_UINT16(s, fields->MaxLen); Stream_Read_UINT32(s, fields->BufferOffset); return 1; }",visit repo url,winpr/libwinpr/sspi/NTLM/ntlm_message.c,https://github.com/FreeRDP/FreeRDP,151297604018791,1 1741,CWE-264,"static int ion_handle_put(struct ion_handle *handle) { struct ion_client *client = handle->client; int ret; mutex_lock(&client->lock); ret = kref_put(&handle->ref, ion_handle_destroy); mutex_unlock(&client->lock); return ret; }",visit repo url,drivers/staging/android/ion/ion.c,https://github.com/torvalds/linux,86441793159461,1 5133,CWE-125,"ast_for_call(struct compiling *c, const node *n, expr_ty func, const node *maybegenbeg, const node *closepar) { int i, nargs, nkeywords; int ndoublestars; asdl_seq *args; asdl_seq *keywords; REQ(n, arglist); nargs = 0; nkeywords = 0; for (i = 0; i < NCH(n); i++) { node *ch = CHILD(n, i); if (TYPE(ch) == argument) { if (NCH(ch) == 1) nargs++; else if (TYPE(CHILD(ch, 1)) == comp_for) { nargs++; if (!maybegenbeg) { ast_error(c, ch, ""invalid syntax""); return NULL; } if (NCH(n) > 1) { ast_error(c, ch, ""Generator expression must be parenthesized""); return NULL; } } else if (TYPE(CHILD(ch, 0)) == STAR) nargs++; else if (TYPE(CHILD(ch, 1)) == COLONEQUAL) { nargs++; } else nkeywords++; } } args = _Py_asdl_seq_new(nargs, c->c_arena); if (!args) return NULL; keywords = _Py_asdl_seq_new(nkeywords, c->c_arena); if (!keywords) return NULL; nargs = 0; nkeywords = 0; ndoublestars = 0; for (i = 0; i < NCH(n); i++) { node *ch = CHILD(n, i); if (TYPE(ch) == argument) { expr_ty e; node *chch = CHILD(ch, 0); if (NCH(ch) == 1) { if (nkeywords) { if (ndoublestars) { ast_error(c, chch, ""positional argument follows "" ""keyword argument unpacking""); } else { ast_error(c, chch, ""positional argument follows "" ""keyword argument""); } return NULL; } e = ast_for_expr(c, chch); if (!e) return NULL; asdl_seq_SET(args, nargs++, e); } else if (TYPE(chch) == STAR) { expr_ty starred; if (ndoublestars) { ast_error(c, chch, ""iterable argument unpacking follows "" ""keyword argument unpacking""); return NULL; } e = ast_for_expr(c, CHILD(ch, 1)); if (!e) return NULL; starred = Starred(e, Load, LINENO(chch), chch->n_col_offset, chch->n_end_lineno, chch->n_end_col_offset, c->c_arena); if (!starred) return NULL; asdl_seq_SET(args, nargs++, starred); } else if (TYPE(chch) == DOUBLESTAR) { keyword_ty kw; i++; e = ast_for_expr(c, CHILD(ch, 1)); if (!e) return NULL; kw = keyword(NULL, e, c->c_arena); asdl_seq_SET(keywords, nkeywords++, kw); ndoublestars++; } else if (TYPE(CHILD(ch, 1)) == comp_for) { e = copy_location(ast_for_genexp(c, ch), maybegenbeg); if (!e) return NULL; asdl_seq_SET(args, nargs++, e); } else if (TYPE(CHILD(ch, 1)) == COLONEQUAL) { if (nkeywords) { if (ndoublestars) { ast_error(c, chch, ""positional argument follows "" ""keyword argument unpacking""); } else { ast_error(c, chch, ""positional argument follows "" ""keyword argument""); } return NULL; } e = ast_for_namedexpr(c, ch); if (!e) return NULL; asdl_seq_SET(args, nargs++, e); } else { keyword_ty kw; identifier key, tmp; int k; static const int name_tree[] = { test, or_test, and_test, not_test, comparison, expr, xor_expr, and_expr, shift_expr, arith_expr, term, factor, power, atom_expr, atom, 0, }; node *expr_node = chch; for (int i = 0; name_tree[i]; i++) { if (TYPE(expr_node) != name_tree[i]) break; if (NCH(expr_node) != 1) break; expr_node = CHILD(expr_node, 0); } if (TYPE(expr_node) != NAME) { ast_error(c, chch, ""expression cannot contain assignment, "" ""perhaps you meant \""==\""?""); return NULL; } key = new_identifier(STR(expr_node), c); if (key == NULL) { return NULL; } if (forbidden_name(c, key, chch, 1)) { return NULL; } for (k = 0; k < nkeywords; k++) { tmp = ((keyword_ty)asdl_seq_GET(keywords, k))->arg; if (tmp && !PyUnicode_Compare(tmp, key)) { ast_error(c, chch, ""keyword argument repeated""); return NULL; } } e = ast_for_expr(c, CHILD(ch, 2)); if (!e) return NULL; kw = keyword(key, e, c->c_arena); if (!kw) return NULL; asdl_seq_SET(keywords, nkeywords++, kw); } } } return Call(func, args, keywords, func->lineno, func->col_offset, closepar->n_end_lineno, closepar->n_end_col_offset, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,173223090794300,1 5696,CWE-125,"bgp_capability_orf (struct peer *peer, struct capability *cap, u_char *pnt) { afi_t afi = ntohs(cap->mpc.afi); safi_t safi = cap->mpc.safi; u_char number_of_orfs; u_char type; u_char mode; u_int16_t sm_cap = 0; u_int16_t rm_cap = 0; int i; if (cap->length < 7) { zlog_info (""%s ORF Capability length error %d"", peer->host, cap->length); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s OPEN has ORF CAP(%s) for afi/safi: %u/%u"", peer->host, (cap->code == CAPABILITY_CODE_ORF ? ""new"" : ""old""), afi, safi); if ((afi != AFI_IP && afi != AFI_IP6) || (safi != SAFI_UNICAST && safi != SAFI_MULTICAST && safi != BGP_SAFI_VPNV4)) { zlog_info (""%s Addr-family %d/%d not supported. Ignoring the ORF capability"", peer->host, afi, safi); return -1; } number_of_orfs = *pnt++; for (i = 0 ; i < number_of_orfs ; i++) { type = *pnt++; mode = *pnt++; if (mode != ORF_MODE_BOTH && mode != ORF_MODE_SEND && mode != ORF_MODE_RECEIVE) { bgp_capability_orf_not_support (peer, afi, safi, type, mode); continue; } if (cap->code == CAPABILITY_CODE_ORF) { if (type == ORF_TYPE_PREFIX && ((afi == AFI_IP && safi == SAFI_UNICAST) || (afi == AFI_IP && safi == SAFI_MULTICAST) || (afi == AFI_IP6 && safi == SAFI_UNICAST))) { sm_cap = PEER_CAP_ORF_PREFIX_SM_RCV; rm_cap = PEER_CAP_ORF_PREFIX_RM_RCV; if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s OPEN has Prefixlist ORF(%d) capability as %s for afi/safi: %d/%d"", peer->host, ORF_TYPE_PREFIX, (mode == ORF_MODE_SEND ? ""SEND"" : mode == ORF_MODE_RECEIVE ? ""RECEIVE"" : ""BOTH"") , afi, safi); } else { bgp_capability_orf_not_support (peer, afi, safi, type, mode); continue; } } else if (cap->code == CAPABILITY_CODE_ORF_OLD) { if (type == ORF_TYPE_PREFIX_OLD && ((afi == AFI_IP && safi == SAFI_UNICAST) || (afi == AFI_IP && safi == SAFI_MULTICAST) || (afi == AFI_IP6 && safi == SAFI_UNICAST))) { sm_cap = PEER_CAP_ORF_PREFIX_SM_OLD_RCV; rm_cap = PEER_CAP_ORF_PREFIX_RM_OLD_RCV; if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s OPEN has Prefixlist ORF(%d) capability as %s for afi/safi: %d/%d"", peer->host, ORF_TYPE_PREFIX_OLD, (mode == ORF_MODE_SEND ? ""SEND"" : mode == ORF_MODE_RECEIVE ? ""RECEIVE"" : ""BOTH"") , afi, safi); } else { bgp_capability_orf_not_support (peer, afi, safi, type, mode); continue; } } else { bgp_capability_orf_not_support (peer, afi, safi, type, mode); continue; } switch (mode) { case ORF_MODE_BOTH: SET_FLAG (peer->af_cap[afi][safi], sm_cap); SET_FLAG (peer->af_cap[afi][safi], rm_cap); break; case ORF_MODE_SEND: SET_FLAG (peer->af_cap[afi][safi], sm_cap); break; case ORF_MODE_RECEIVE: SET_FLAG (peer->af_cap[afi][safi], rm_cap); break; } } return 0; }",visit repo url,bgpd/bgp_open.c,https://github.com/FRRouting/frr,222136991786542,1 1737,[],"static inline u64 max_skipped_ticks(struct rq *rq) { return nohz_on(cpu_of(rq)) ? jiffies - rq->last_tick_seen + 2 : 1; }",linux-2.6,,,322238855423400028574701931341604057515,0 4427,CWE-416,"mark_context_stack(mrb_state *mrb, struct mrb_context *c) { size_t i; size_t e; if (c->stack == NULL) return; e = c->stack - c->stbase; if (c->ci) e += c->ci->nregs; if (c->stbase + e > c->stend) e = c->stend - c->stbase; for (i=0; istbase[i]; if (!mrb_immediate_p(v)) { if (mrb_basic_ptr(v)->tt == MRB_TT_FREE) { c->stbase[i] = mrb_nil_value(); } else { mrb_gc_mark(mrb, mrb_basic_ptr(v)); } } } }",visit repo url,src/gc.c,https://github.com/mruby/mruby,183075378059171,1 6260,['CWE-200'],"static int vif_delete(int vifi) { struct vif_device *v; struct net_device *dev; struct in_device *in_dev; if (vifi < 0 || vifi >= maxvif) return -EADDRNOTAVAIL; v = &vif_table[vifi]; write_lock_bh(&mrt_lock); dev = v->dev; v->dev = NULL; if (!dev) { write_unlock_bh(&mrt_lock); return -EADDRNOTAVAIL; } #ifdef CONFIG_IP_PIMSM if (vifi == reg_vif_num) reg_vif_num = -1; #endif if (vifi+1 == maxvif) { int tmp; for (tmp=vifi-1; tmp>=0; tmp--) { if (VIF_EXISTS(tmp)) break; } maxvif = tmp+1; } write_unlock_bh(&mrt_lock); dev_set_allmulti(dev, -1); if ((in_dev = __in_dev_get(dev)) != NULL) { in_dev->cnf.mc_forwarding--; ip_rt_multicast_event(in_dev); } if (v->flags&(VIFF_TUNNEL|VIFF_REGISTER)) unregister_netdevice(dev); dev_put(dev); return 0; }",linux-2.6,,,239347610709859796352841109022148942882,0 1812,[],"static struct task_struct *load_balance_start_fair(void *arg) { struct cfs_rq *cfs_rq = arg; return __load_balance_iterator(cfs_rq, cfs_rq->tasks.next); }",linux-2.6,,,114425537127135031260185570271994620048,0 2081,[],"int udp_lib_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { struct udp_sock *up = udp_sk(sk); int val, len; if (get_user(len,optlen)) return -EFAULT; len = min_t(unsigned int, len, sizeof(int)); if (len < 0) return -EINVAL; switch (optname) { case UDP_CORK: val = up->corkflag; break; case UDP_ENCAP: val = up->encap_type; break; case UDPLITE_SEND_CSCOV: val = up->pcslen; break; case UDPLITE_RECV_CSCOV: val = up->pcrlen; break; default: return -ENOPROTOOPT; } if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val,len)) return -EFAULT; return 0; }",linux-2.6,,,247890646814250405453962155174508630814,0 4843,['CWE-189'],"ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm, char *cipher_name, size_t *key_size) { char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; char *full_alg_name; int rc; *key_tfm = NULL; if (*key_size > ECRYPTFS_MAX_KEY_BYTES) { rc = -EINVAL; printk(KERN_ERR ""Requested key size is [%zd] bytes; maximum "" ""allowable is [%d]\n"", *key_size, ECRYPTFS_MAX_KEY_BYTES); goto out; } rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name, cipher_name, ""ecb""); if (rc) goto out; *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); kfree(full_alg_name); if (IS_ERR(*key_tfm)) { rc = PTR_ERR(*key_tfm); printk(KERN_ERR ""Unable to allocate crypto cipher with name "" ""[%s]; rc = [%d]\n"", cipher_name, rc); goto out; } crypto_blkcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); if (*key_size == 0) { struct blkcipher_alg *alg = crypto_blkcipher_alg(*key_tfm); *key_size = alg->max_keysize; } get_random_bytes(dummy_key, *key_size); rc = crypto_blkcipher_setkey(*key_tfm, dummy_key, *key_size); if (rc) { printk(KERN_ERR ""Error attempting to set key of size [%zd] for "" ""cipher [%s]; rc = [%d]\n"", *key_size, cipher_name, rc); rc = -EINVAL; goto out; } out: return rc; }",linux-2.6,,,154034022067648369101579356939689954551,0 643,CWE-200,"static int rawv6_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)msg->msg_name; struct sk_buff *skb; size_t copied; int err; if (flags & MSG_OOB) return -EOPNOTSUPP; if (addr_len) *addr_len=sizeof(*sin6); if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len); if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len); skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } if (skb_csum_unnecessary(skb)) { err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); } else if (msg->msg_flags&MSG_TRUNC) { if (__skb_checksum_complete(skb)) goto csum_copy_err; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); } else { err = skb_copy_and_csum_datagram_iovec(skb, 0, msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (err) goto out_free; if (sin6) { sin6->sin6_family = AF_INET6; sin6->sin6_port = 0; sin6->sin6_addr = ipv6_hdr(skb)->saddr; sin6->sin6_flowinfo = 0; sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); } sock_recv_ts_and_drops(msg, sk, skb); if (np->rxopt.all) ip6_datagram_recv_ctl(sk, msg, skb); err = copied; if (flags & MSG_TRUNC) err = skb->len; out_free: skb_free_datagram(sk, skb); out: return err; csum_copy_err: skb_kill_datagram(sk, skb, flags); err = (flags&MSG_DONTWAIT) ? -EAGAIN : -EHOSTUNREACH; goto out; }",visit repo url,net/ipv6/raw.c,https://github.com/torvalds/linux,215034858141935,1 449,CWE-20,"int f2fs_trim_fs(struct f2fs_sb_info *sbi, struct fstrim_range *range) { __u64 start = F2FS_BYTES_TO_BLK(range->start); __u64 end = start + F2FS_BYTES_TO_BLK(range->len) - 1; unsigned int start_segno, end_segno; struct cp_control cpc; int err = 0; if (start >= MAX_BLKADDR(sbi) || range->len < sbi->blocksize) return -EINVAL; cpc.trimmed = 0; if (end <= MAIN_BLKADDR(sbi)) goto out; if (is_sbi_flag_set(sbi, SBI_NEED_FSCK)) { f2fs_msg(sbi->sb, KERN_WARNING, ""Found FS corruption, run fsck to fix.""); goto out; } start_segno = (start <= MAIN_BLKADDR(sbi)) ? 0 : GET_SEGNO(sbi, start); end_segno = (end >= MAX_BLKADDR(sbi)) ? MAIN_SEGS(sbi) - 1 : GET_SEGNO(sbi, end); cpc.reason = CP_DISCARD; cpc.trim_minlen = max_t(__u64, 1, F2FS_BYTES_TO_BLK(range->minlen)); for (; start_segno <= end_segno; start_segno = cpc.trim_end + 1) { cpc.trim_start = start_segno; if (sbi->discard_blks == 0) break; else if (sbi->discard_blks < BATCHED_TRIM_BLOCKS(sbi)) cpc.trim_end = end_segno; else cpc.trim_end = min_t(unsigned int, rounddown(start_segno + BATCHED_TRIM_SEGMENTS(sbi), sbi->segs_per_sec) - 1, end_segno); mutex_lock(&sbi->gc_mutex); err = write_checkpoint(sbi, &cpc); mutex_unlock(&sbi->gc_mutex); if (err) break; schedule(); } mark_discard_range_all(sbi); f2fs_wait_discard_bios(sbi); out: range->len = F2FS_BLK_TO_BYTES(cpc.trimmed); return err; }",visit repo url,fs/f2fs/segment.c,https://github.com/torvalds/linux,238880620189382,1 4342,CWE-358,"DefragVlanQinQTest(void) { Packet *p1 = NULL, *p2 = NULL, *r = NULL; int ret = 0; DefragInit(); p1 = BuildTestPacket(1, 0, 1, 'A', 8); if (p1 == NULL) goto end; p2 = BuildTestPacket(1, 1, 0, 'B', 8); if (p2 == NULL) goto end; if ((r = Defrag(NULL, NULL, p1, NULL)) != NULL) goto end; if ((r = Defrag(NULL, NULL, p2, NULL)) == NULL) goto end; SCFree(r); p1->vlan_id[0] = 1; p2->vlan_id[0] = 1; p1->vlan_id[1] = 1; p2->vlan_id[1] = 2; if ((r = Defrag(NULL, NULL, p1, NULL)) != NULL) goto end; if ((r = Defrag(NULL, NULL, p2, NULL)) != NULL) goto end; ret = 1; end: if (p1 != NULL) SCFree(p1); if (p2 != NULL) SCFree(p2); DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,252068483402258,1 4346,['CWE-399'],"SYSCALL_DEFINE4(request_key, const char __user *, _type, const char __user *, _description, const char __user *, _callout_info, key_serial_t, destringid) { struct key_type *ktype; struct key *key; key_ref_t dest_ref; size_t callout_len; char type[32], *description, *callout_info; long ret; ret = key_get_type_from_user(type, _type, sizeof(type)); if (ret < 0) goto error; description = strndup_user(_description, PAGE_SIZE); if (IS_ERR(description)) { ret = PTR_ERR(description); goto error; } callout_info = NULL; callout_len = 0; if (_callout_info) { callout_info = strndup_user(_callout_info, PAGE_SIZE); if (IS_ERR(callout_info)) { ret = PTR_ERR(callout_info); goto error2; } callout_len = strlen(callout_info); } dest_ref = NULL; if (destringid) { dest_ref = lookup_user_key(destringid, 1, 0, KEY_WRITE); if (IS_ERR(dest_ref)) { ret = PTR_ERR(dest_ref); goto error3; } } ktype = key_type_lookup(type); if (IS_ERR(ktype)) { ret = PTR_ERR(ktype); goto error4; } key = request_key_and_link(ktype, description, callout_info, callout_len, NULL, key_ref_to_ptr(dest_ref), KEY_ALLOC_IN_QUOTA); if (IS_ERR(key)) { ret = PTR_ERR(key); goto error5; } ret = key->serial; key_put(key); error5: key_type_put(ktype); error4: key_ref_put(dest_ref); error3: kfree(callout_info); error2: kfree(description); error: return ret; } ",linux-2.6,,,186716717975688609989385038159095009585,0 3187,['CWE-189'],"static int jp2_getuint64(jas_stream_t *in, uint_fast64_t *val) { uint_fast64_t tmpval; int i; int c; tmpval = 0; for (i = 0; i < 8; ++i) { tmpval <<= 8; if ((c = jas_stream_getc(in)) == EOF) { return -1; } tmpval |= (c & 0xff); } *val = tmpval; return 0; }",jasper,,,319455211617817817896103266917865611676,0 1787,[],"static void dec_nr_running(struct rq *rq) { rq->nr_running--; }",linux-2.6,,,41784142744255501149399761131174428620,0 1989,CWE-909,"static void slc_bump(struct slcan *sl) { struct sk_buff *skb; struct can_frame cf; int i, tmp; u32 tmpid; char *cmd = sl->rbuff; cf.can_id = 0; switch (*cmd) { case 'r': cf.can_id = CAN_RTR_FLAG; case 't': cf.can_dlc = sl->rbuff[SLC_CMD_LEN + SLC_SFF_ID_LEN]; sl->rbuff[SLC_CMD_LEN + SLC_SFF_ID_LEN] = 0; cmd += SLC_CMD_LEN + SLC_SFF_ID_LEN + 1; break; case 'R': cf.can_id = CAN_RTR_FLAG; case 'T': cf.can_id |= CAN_EFF_FLAG; cf.can_dlc = sl->rbuff[SLC_CMD_LEN + SLC_EFF_ID_LEN]; sl->rbuff[SLC_CMD_LEN + SLC_EFF_ID_LEN] = 0; cmd += SLC_CMD_LEN + SLC_EFF_ID_LEN + 1; break; default: return; } if (kstrtou32(sl->rbuff + SLC_CMD_LEN, 16, &tmpid)) return; cf.can_id |= tmpid; if (cf.can_dlc >= '0' && cf.can_dlc < '9') cf.can_dlc -= '0'; else return; *(u64 *) (&cf.data) = 0; if (!(cf.can_id & CAN_RTR_FLAG)) { for (i = 0; i < cf.can_dlc; i++) { tmp = hex_to_bin(*cmd++); if (tmp < 0) return; cf.data[i] = (tmp << 4); tmp = hex_to_bin(*cmd++); if (tmp < 0) return; cf.data[i] |= tmp; } } skb = dev_alloc_skb(sizeof(struct can_frame) + sizeof(struct can_skb_priv)); if (!skb) return; skb->dev = sl->dev; skb->protocol = htons(ETH_P_CAN); skb->pkt_type = PACKET_BROADCAST; skb->ip_summed = CHECKSUM_UNNECESSARY; can_skb_reserve(skb); can_skb_prv(skb)->ifindex = sl->dev->ifindex; can_skb_prv(skb)->skbcnt = 0; skb_put_data(skb, &cf, sizeof(struct can_frame)); sl->dev->stats.rx_packets++; sl->dev->stats.rx_bytes += cf.can_dlc; netif_rx_ni(skb); }",visit repo url,drivers/net/can/slcan.c,https://github.com/torvalds/linux,100453987938936,1 3777,[],"static struct sock *__unix_find_socket_byname(struct sockaddr_un *sunname, int len, int type, unsigned hash) { struct sock *s; struct hlist_node *node; sk_for_each(s, node, &unix_socket_table[hash ^ type]) { struct unix_sock *u = unix_sk(s); if (u->addr->len == len && !memcmp(u->addr->name, sunname, len)) goto found; } s = NULL; found: return s; }",linux-2.6,,,311670190850449412841848110124999761113,0 5459,CWE-617,"pci_emul_dinit(struct vmctx *ctx, struct pci_vdev *dev, char *opts) { int error; struct pci_emul_dummy *dummy; dummy = calloc(1, sizeof(struct pci_emul_dummy)); dev->arg = dummy; pci_set_cfgdata16(dev, PCIR_DEVICE, 0x0001); pci_set_cfgdata16(dev, PCIR_VENDOR, 0x10DD); pci_set_cfgdata8(dev, PCIR_CLASS, 0x02); error = pci_emul_add_msicap(dev, PCI_EMUL_MSI_MSGS); assert(error == 0); error = pci_emul_alloc_bar(dev, 0, PCIBAR_IO, DIOSZ); assert(error == 0); error = pci_emul_alloc_bar(dev, 1, PCIBAR_MEM32, DMEMSZ); assert(error == 0); error = pci_emul_alloc_bar(dev, 2, PCIBAR_MEM32, DMEMSZ); assert(error == 0); return 0; }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,200867557194560,1 798,['CWE-119'],"isdn_net_receive(struct net_device *ndev, struct sk_buff *skb) { isdn_net_local *lp = (isdn_net_local *) ndev->priv; isdn_net_local *olp = lp; #ifdef CONFIG_ISDN_X25 struct concap_proto *cprot = lp -> netdev -> cprot; #endif lp->transcount += skb->len; lp->stats.rx_packets++; lp->stats.rx_bytes += skb->len; if (lp->master) { ndev = lp->master; lp = (isdn_net_local *) ndev->priv; lp->stats.rx_packets++; lp->stats.rx_bytes += skb->len; } skb->dev = ndev; skb->pkt_type = PACKET_HOST; skb_reset_mac_header(skb); #ifdef ISDN_DEBUG_NET_DUMP isdn_dumppkt(""R:"", skb->data, skb->len, 40); #endif switch (lp->p_encap) { case ISDN_NET_ENCAP_ETHER: olp->huptimer = 0; lp->huptimer = 0; skb->protocol = isdn_net_type_trans(skb, ndev); break; case ISDN_NET_ENCAP_UIHDLC: olp->huptimer = 0; lp->huptimer = 0; skb_pull(skb, 2); case ISDN_NET_ENCAP_RAWIP: olp->huptimer = 0; lp->huptimer = 0; skb->protocol = htons(ETH_P_IP); break; case ISDN_NET_ENCAP_CISCOHDLCK: isdn_net_ciscohdlck_receive(lp, skb); return; case ISDN_NET_ENCAP_CISCOHDLC: skb_pull(skb, 2); case ISDN_NET_ENCAP_IPTYP: olp->huptimer = 0; lp->huptimer = 0; skb->protocol = *(unsigned short *) &(skb->data[0]); skb_pull(skb, 2); if (*(unsigned short *) skb->data == 0xFFFF) skb->protocol = htons(ETH_P_802_3); break; #ifdef CONFIG_ISDN_PPP case ISDN_NET_ENCAP_SYNCPPP: isdn_ppp_receive(lp->netdev, olp, skb); return; #endif default: #ifdef CONFIG_ISDN_X25 if(cprot) if(cprot -> pops) if( cprot -> pops -> data_ind){ cprot -> pops -> data_ind(cprot,skb); return; }; #endif printk(KERN_WARNING ""%s: unknown encapsulation, dropping\n"", lp->netdev->dev->name); kfree_skb(skb); return; } netif_rx(skb); return; }",linux-2.6,,,41800670933287252622298533026803313133,0 5300,CWE-787,"TEE_Result tee_mmu_check_access_rights(const struct user_ta_ctx *utc, uint32_t flags, uaddr_t uaddr, size_t len) { uaddr_t a; size_t addr_incr = MIN(CORE_MMU_USER_CODE_SIZE, CORE_MMU_USER_PARAM_SIZE); if (ADD_OVERFLOW(uaddr, len, &a)) return TEE_ERROR_ACCESS_DENIED; if ((flags & TEE_MEMORY_ACCESS_NONSECURE) && (flags & TEE_MEMORY_ACCESS_SECURE)) return TEE_ERROR_ACCESS_DENIED; if (!(flags & TEE_MEMORY_ACCESS_ANY_OWNER) && !tee_mmu_is_vbuf_inside_ta_private(utc, (void *)uaddr, len)) return TEE_ERROR_ACCESS_DENIED; for (a = uaddr; a < (uaddr + len); a += addr_incr) { uint32_t attr; TEE_Result res; res = tee_mmu_user_va2pa_attr(utc, (void *)a, NULL, &attr); if (res != TEE_SUCCESS) return res; if ((flags & TEE_MEMORY_ACCESS_NONSECURE) && (attr & TEE_MATTR_SECURE)) return TEE_ERROR_ACCESS_DENIED; if ((flags & TEE_MEMORY_ACCESS_SECURE) && !(attr & TEE_MATTR_SECURE)) return TEE_ERROR_ACCESS_DENIED; if ((flags & TEE_MEMORY_ACCESS_WRITE) && !(attr & TEE_MATTR_UW)) return TEE_ERROR_ACCESS_DENIED; if ((flags & TEE_MEMORY_ACCESS_READ) && !(attr & TEE_MATTR_UR)) return TEE_ERROR_ACCESS_DENIED; } return TEE_SUCCESS; }",visit repo url,core/arch/arm/mm/tee_mmu.c,https://github.com/OP-TEE/optee_os,195031816381435,1 6071,CWE-190,"void bn_rsh(bn_t c, const bn_t a, int bits) { int digits = 0; bn_copy(c, a); if (bits <= 0) { return; } RLC_RIP(bits, digits, bits); if (digits > 0) { dv_rshd(c->dp, a->dp, a->used, digits); } c->used = a->used - digits; c->sign = a->sign; if (c->used > 0 && bits > 0) { if (digits == 0 && c != a) { bn_rshb_low(c->dp, a->dp + digits, a->used - digits, bits); } else { bn_rshb_low(c->dp, c->dp, c->used, bits); } } bn_trim(c); }",visit repo url,src/bn/relic_bn_shift.c,https://github.com/relic-toolkit/relic,106930284440566,1 1578,CWE-362,"int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size) { kuid_t euid; kgid_t egid; int id; int next_id = ids->next_id; if (size > IPCMNI) size = IPCMNI; if (ids->in_use >= size) return -ENOSPC; idr_preload(GFP_KERNEL); spin_lock_init(&new->lock); new->deleted = false; rcu_read_lock(); spin_lock(&new->lock); id = idr_alloc(&ids->ipcs_idr, new, (next_id < 0) ? 0 : ipcid_to_idx(next_id), 0, GFP_NOWAIT); idr_preload_end(); if (id < 0) { spin_unlock(&new->lock); rcu_read_unlock(); return id; } ids->in_use++; current_euid_egid(&euid, &egid); new->cuid = new->uid = euid; new->gid = new->cgid = egid; if (next_id < 0) { new->seq = ids->seq++; if (ids->seq > IPCID_SEQ_MAX) ids->seq = 0; } else { new->seq = ipcid_to_seqx(next_id); ids->next_id = -1; } new->id = ipc_buildid(id, new->seq); return id; }",visit repo url,ipc/util.c,https://github.com/torvalds/linux,277798951152250,1 6269,CWE-120,"static int pad_pkcs2(bn_t m, int *p_len, int m_len, int k_len, int operation) { uint8_t pad, h1[RLC_MD_LEN], h2[RLC_MD_LEN]; uint8_t *mask = RLC_ALLOCA(uint8_t, k_len); int result = RLC_OK; bn_t t; bn_null(t); RLC_TRY { bn_new(t); switch (operation) { case RSA_ENC: md_map(h1, NULL, 0); bn_read_bin(m, h1, RLC_MD_LEN); *p_len = k_len - 2 * RLC_MD_LEN - 2 - m_len; bn_lsh(m, m, *p_len * 8); bn_lsh(m, m, 8); bn_add_dig(m, m, 0x01); bn_lsh(m, m, m_len * 8); break; case RSA_ENC_FIN: rand_bytes(h1, RLC_MD_LEN); md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < t->used; i++) { m->dp[i] ^= t->dp[i]; } bn_write_bin(mask, k_len - RLC_MD_LEN - 1, m); md_mgf(h2, RLC_MD_LEN, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < RLC_MD_LEN; i++) { h1[i] ^= h2[i]; } bn_read_bin(t, h1, RLC_MD_LEN); bn_lsh(t, t, 8 * (k_len - RLC_MD_LEN - 1)); bn_add(t, t, m); bn_copy(m, t); break; case RSA_DEC: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } m_len -= RLC_MD_LEN; bn_rsh(t, m, 8 * m_len); bn_write_bin(h1, RLC_MD_LEN, t); bn_mod_2b(m, m, 8 * m_len); bn_write_bin(mask, m_len, m); md_mgf(h2, RLC_MD_LEN, mask, m_len); for (int i = 0; i < RLC_MD_LEN; i++) { h1[i] ^= h2[i]; } md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < t->used; i++) { m->dp[i] ^= t->dp[i]; } m_len -= RLC_MD_LEN; bn_rsh(t, m, 8 * m_len); bn_write_bin(h2, RLC_MD_LEN, t); md_map(h1, NULL, 0); pad = 0; for (int i = 0; i < RLC_MD_LEN; i++) { pad |= h1[i] - h2[i]; } if (result == RLC_OK) { result = (pad ? RLC_ERR : RLC_OK); } bn_mod_2b(m, m, 8 * m_len); *p_len = bn_size_bin(m); (*p_len)--; bn_rsh(t, m, *p_len * 8); if (bn_cmp_dig(t, 1) != RLC_EQ) { result = RLC_ERR; } bn_mod_2b(m, m, *p_len * 8); *p_len = k_len - *p_len; break; case RSA_SIG: case RSA_SIG_HASH: bn_zero(m); bn_lsh(m, m, 64); bn_lsh(m, m, RLC_MD_LEN * 8); break; case RSA_SIG_FIN: memset(mask, 0, 8); bn_write_bin(mask + 8, RLC_MD_LEN, m); md_map(h1, mask, RLC_MD_LEN + 8); bn_read_bin(m, h1, RLC_MD_LEN); md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); t->dp[0] ^= 0x01; bn_lsh(t, t, 8 * RLC_MD_LEN); bn_add(m, t, m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PSS); for (int i = m_len - 1; i < 8 * k_len; i++) { bn_set_bit(m, i, 0); } break; case RSA_VER: case RSA_VER_HASH: bn_mod_2b(t, m, 8); if (bn_cmp_dig(t, RSA_PSS) != RLC_EQ) { result = RLC_ERR; } else { for (int i = m_len; i < 8 * k_len; i++) { if (bn_get_bit(m, i) != 0) { result = RLC_ERR; } } bn_rsh(m, m, 8); bn_mod_2b(t, m, 8 * RLC_MD_LEN); bn_write_bin(h2, RLC_MD_LEN, t); bn_rsh(m, m, 8 * RLC_MD_LEN); bn_write_bin(h1, RLC_MD_LEN, t); md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < t->used; i++) { m->dp[i] ^= t->dp[i]; } m->dp[0] ^= 0x01; for (int i = m_len - 1; i < 8 * k_len; i++) { bn_set_bit(m, i - ((RLC_MD_LEN + 1) * 8), 0); } if (!bn_is_zero(m)) { result = RLC_ERR; } bn_read_bin(m, h2, RLC_MD_LEN); *p_len = k_len - RLC_MD_LEN; } break; } } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(t); } RLC_FREE(mask); return result; }",visit repo url,src/cp/relic_cp_rsa.c,https://github.com/relic-toolkit/relic,197869994325309,1 6122,['CWE-200'],"cbq_dequeue(struct Qdisc *sch) { struct sk_buff *skb; struct cbq_sched_data *q = qdisc_priv(sch); psched_time_t now; psched_tdiff_t incr; PSCHED_GET_TIME(now); incr = PSCHED_TDIFF(now, q->now_rt); if (q->tx_class) { psched_tdiff_t incr2; incr2 = L2T(&q->link, q->tx_len); PSCHED_TADD(q->now, incr2); cbq_update(q); if ((incr -= incr2) < 0) incr = 0; } PSCHED_TADD(q->now, incr); q->now_rt = now; for (;;) { q->wd_expires = 0; skb = cbq_dequeue_1(sch); if (skb) { sch->q.qlen--; sch->flags &= ~TCQ_F_THROTTLED; return skb; } if (q->toplevel == TC_CBQ_MAXLEVEL && PSCHED_IS_PASTPERFECT(q->link.undertime)) break; q->toplevel = TC_CBQ_MAXLEVEL; PSCHED_SET_PASTPERFECT(q->link.undertime); } if (sch->q.qlen) { sch->qstats.overlimits++; if (q->wd_expires) { long delay = PSCHED_US2JIFFIE(q->wd_expires); if (delay <= 0) delay = 1; mod_timer(&q->wd_timer, jiffies + delay); sch->flags |= TCQ_F_THROTTLED; } } return NULL; }",linux-2.6,,,307784794907499462737560635188775461585,0 6243,CWE-190,"void md_mgf(uint8_t *key, int key_len, const uint8_t *in, int in_len) { uint32_t i, j, d; uint8_t *buffer = RLC_ALLOCA(uint8_t, in_len + sizeof(uint32_t)); uint8_t *t = RLC_ALLOCA(uint8_t, key_len + RLC_MD_LEN); if (buffer == NULL || t == NULL) { RLC_FREE(buffer); RLC_FREE(t); RLC_THROW(ERR_NO_MEMORY); return; } d = RLC_CEIL(key_len, RLC_MD_LEN); memcpy(buffer, in, in_len); for (i = 0; i < d; i++) { j = util_conv_big(i); memcpy(buffer + in_len, &j, sizeof(uint32_t)); md_map(t + i * RLC_MD_LEN, buffer, in_len + sizeof(uint32_t)); } memcpy(key, t, key_len); RLC_FREE(buffer); RLC_FREE(t); }",visit repo url,src/md/relic_md_mgf.c,https://github.com/relic-toolkit/relic,32331382611886,1 5490,['CWE-476'],"void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr) { WARN_ON(vcpu->arch.exception.pending); vcpu->arch.exception.pending = true; vcpu->arch.exception.has_error_code = false; vcpu->arch.exception.nr = nr; }",linux-2.6,,,80970051387703105717337991578060357646,0 6559,CWE-134,"int econn_message_encode(char **strp, const struct econn_message *msg) { struct json_object *jobj = NULL; char *str = NULL; int err; if (!strp || !msg) return EINVAL; err = jzon_creatf(&jobj, ""sss"", ""version"", econn_proto_version, ""type"", econn_msg_name(msg->msg_type), ""sessid"", msg->sessid_sender); if (err) return err; if (str_isset(msg->src_userid)) { err = jzon_add_str(jobj, ""src_userid"", ""%s"", msg->src_userid); if (err) goto out; } if (str_isset(msg->src_clientid)) { err = jzon_add_str(jobj, ""src_clientid"", ""%s"", msg->src_clientid); if (err) goto out; } if (str_isset(msg->dest_userid)) { err = jzon_add_str(jobj, ""dest_userid"", ""%s"", msg->dest_userid); if (err) goto out; } if (str_isset(msg->dest_clientid)) { err = jzon_add_str(jobj, ""dest_clientid"", ""%s"", msg->dest_clientid); if (err) goto out; } err = jzon_add_bool(jobj, ""resp"", msg->resp); if (err) goto out; switch (msg->msg_type) { case ECONN_SETUP: case ECONN_GROUP_SETUP: case ECONN_UPDATE: err = jzon_add_str(jobj, ""sdp"", ""%s"", msg->u.setup.sdp_msg); if (err) goto out; if (msg->u.setup.props) { err = econn_props_encode(jobj, msg->u.setup.props); if (err) goto out; } if (msg->u.setup.url) { err = jzon_add_str(jobj, ""url"", ""%s"", msg->u.setup.url); if (err) goto out; } break; case ECONN_CANCEL: break; case ECONN_HANGUP: break; case ECONN_REJECT: break; case ECONN_PROPSYNC: if (!msg->u.propsync.props) { warning(""propsync: missing props\n""); err = EINVAL; goto out; } err = econn_props_encode(jobj, msg->u.propsync.props); if (err) goto out; break; case ECONN_GROUP_START: if (msg->u.groupstart.props) { err = econn_props_encode(jobj, msg->u.groupstart.props); if (err) goto out; } break; case ECONN_GROUP_LEAVE: case ECONN_GROUP_CHECK: break; case ECONN_CONF_CONN: if (msg->u.confconn.turnc > 0) { err = zapi_iceservers_encode(jobj, msg->u.confconn.turnv, msg->u.confconn.turnc); if (err) goto out; } jzon_add_bool(jobj, ""update"", msg->u.confconn.update); jzon_add_str(jobj, ""tool"", msg->u.confconn.tool); jzon_add_str(jobj, ""toolver"", msg->u.confconn.toolver); jzon_add_int(jobj, ""status"", msg->u.confconn.status); jzon_add_bool(jobj, ""selective_audio"", msg->u.confconn.selective_audio); jzon_add_bool(jobj, ""selective_video"", msg->u.confconn.selective_video); jzon_add_int(jobj, ""vstreams"", msg->u.confconn.vstreams); break; case ECONN_CONF_START: jzon_add_str(jobj, ""sft_url"", ""%s"", msg->u.confstart.sft_url); jzon_add_base64(jobj, ""secret"", msg->u.confstart.secret, msg->u.confstart.secretlen); jzon_add_str(jobj, ""timestamp"", ""%llu"", msg->u.confstart.timestamp); jzon_add_str(jobj, ""seqno"", ""%u"", msg->u.confstart.seqno); if (msg->u.confstart.props) { err = econn_props_encode(jobj, msg->u.confstart.props); if (err) goto out; } break; case ECONN_CONF_CHECK: jzon_add_str(jobj, ""sft_url"", ""%s"", msg->u.confcheck.sft_url); jzon_add_base64(jobj, ""secret"", msg->u.confcheck.secret, msg->u.confcheck.secretlen); jzon_add_str(jobj, ""timestamp"", ""%llu"", msg->u.confcheck.timestamp); jzon_add_str(jobj, ""seqno"", ""%u"", msg->u.confcheck.seqno); break; case ECONN_CONF_END: break; case ECONN_CONF_PART: jzon_add_bool(jobj, ""should_start"", msg->u.confpart.should_start); jzon_add_str(jobj, ""timestamp"", ""%llu"", msg->u.confpart.timestamp); jzon_add_str(jobj, ""seqno"", ""%u"", msg->u.confpart.seqno); jzon_add_base64(jobj, ""entropy"", msg->u.confpart.entropy, msg->u.confpart.entropylen); econn_parts_encode(jobj, &msg->u.confpart.partl); break; case ECONN_CONF_KEY: econn_keys_encode(jobj, &msg->u.confkey.keyl); break; case ECONN_DEVPAIR_PUBLISH: err = zapi_iceservers_encode(jobj, msg->u.devpair_publish.turnv, msg->u.devpair_publish.turnc); if (err) goto out; err = jzon_add_str(jobj, ""sdp"", ""%s"", msg->u.devpair_publish.sdp); err |= jzon_add_str(jobj, ""username"", ""%s"", msg->u.devpair_publish.username); if (err) goto out; break; case ECONN_DEVPAIR_ACCEPT: err = jzon_add_str(jobj, ""sdp"", ""%s"", msg->u.devpair_accept.sdp); if (err) goto out; break; case ECONN_ALERT: err = jzon_add_int(jobj, ""level"", msg->u.alert.level); err |= jzon_add_str(jobj, ""descr"", ""%s"", msg->u.alert.descr); if (err) goto out; break; case ECONN_PING: break; default: warning(""econn: dont know how to encode %d\n"", msg->msg_type); err = EBADMSG; break; } if (err) goto out; err = jzon_encode(&str, jobj); if (err) goto out; out: mem_deref(jobj); if (err) mem_deref(str); else *strp = str; return err; }",visit repo url,src/econn_fmt/msg.c,https://github.com/wireapp/wire-avs,214374093563582,1 4299,['CWE-264'],"struct mm_struct *dup_mm(struct task_struct *tsk) { struct mm_struct *mm, *oldmm = current->mm; int err; if (!oldmm) return NULL; mm = allocate_mm(); if (!mm) goto fail_nomem; memcpy(mm, oldmm, sizeof(*mm)); mm->token_priority = 0; mm->last_interval = 0; if (!mm_init(mm, tsk)) goto fail_nomem; if (init_new_context(tsk, mm)) goto fail_nocontext; dup_mm_exe_file(oldmm, mm); err = dup_mmap(mm, oldmm); if (err) goto free_pt; mm->hiwater_rss = get_mm_rss(mm); mm->hiwater_vm = mm->total_vm; return mm; free_pt: mmput(mm); fail_nomem: return NULL; fail_nocontext: mm_free_pgd(mm); free_mm(mm); return NULL; }",linux-2.6,,,260306388469011266337823655991833666660,0 4724,CWE-120,"enum ImapAuthRes imap_auth_gss(struct ImapData *idata, const char *method) { gss_buffer_desc request_buf, send_token; gss_buffer_t sec_token; gss_name_t target_name; gss_ctx_id_t context; gss_OID mech_name; char server_conf_flags; gss_qop_t quality; int cflags; OM_uint32 maj_stat, min_stat; char buf1[GSS_BUFSIZE], buf2[GSS_BUFSIZE]; unsigned long buf_size; int rc; if (!mutt_bit_isset(idata->capabilities, AGSSAPI)) return IMAP_AUTH_UNAVAIL; if (mutt_account_getuser(&idata->conn->account) < 0) return IMAP_AUTH_FAILURE; snprintf(buf1, sizeof(buf1), ""imap@%s"", idata->conn->account.host); request_buf.value = buf1; request_buf.length = strlen(buf1); maj_stat = gss_import_name(&min_stat, &request_buf, gss_nt_service_name, &target_name); if (maj_stat != GSS_S_COMPLETE) { mutt_debug(2, ""Couldn't get service name for [%s]\n"", buf1); return IMAP_AUTH_UNAVAIL; } else if (DebugLevel >= 2) { gss_display_name(&min_stat, target_name, &request_buf, &mech_name); mutt_debug(2, ""Using service name [%s]\n"", (char *) request_buf.value); gss_release_buffer(&min_stat, &request_buf); } sec_token = GSS_C_NO_BUFFER; context = GSS_C_NO_CONTEXT; maj_stat = gss_init_sec_context(&min_stat, GSS_C_NO_CREDENTIAL, &context, target_name, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS, sec_token, NULL, &send_token, (unsigned int *) &cflags, NULL); if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { print_gss_error(maj_stat, min_stat); mutt_debug(1, ""Error acquiring credentials - no TGT?\n""); gss_release_name(&min_stat, &target_name); return IMAP_AUTH_UNAVAIL; } mutt_message(_(""Authenticating (GSSAPI)..."")); imap_cmd_start(idata, ""AUTHENTICATE GSSAPI""); do rc = imap_cmd_step(idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { mutt_debug(2, ""Invalid response from server: %s\n"", buf1); gss_release_name(&min_stat, &target_name); goto bail; } mutt_debug(2, ""Sending credentials\n""); mutt_b64_encode(buf1, send_token.value, send_token.length, sizeof(buf1) - 2); gss_release_buffer(&min_stat, &send_token); mutt_str_strcat(buf1, sizeof(buf1), ""\r\n""); mutt_socket_send(idata->conn, buf1); while (maj_stat == GSS_S_CONTINUE_NEEDED) { do rc = imap_cmd_step(idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { mutt_debug(1, ""#1 Error receiving server response.\n""); gss_release_name(&min_stat, &target_name); goto bail; } request_buf.length = mutt_b64_decode(buf2, idata->buf + 2); request_buf.value = buf2; sec_token = &request_buf; maj_stat = gss_init_sec_context( &min_stat, GSS_C_NO_CREDENTIAL, &context, target_name, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS, sec_token, NULL, &send_token, (unsigned int *) &cflags, NULL); if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { print_gss_error(maj_stat, min_stat); mutt_debug(1, ""Error exchanging credentials\n""); gss_release_name(&min_stat, &target_name); goto err_abort_cmd; } mutt_b64_encode(buf1, send_token.value, send_token.length, sizeof(buf1) - 2); gss_release_buffer(&min_stat, &send_token); mutt_str_strcat(buf1, sizeof(buf1), ""\r\n""); mutt_socket_send(idata->conn, buf1); } gss_release_name(&min_stat, &target_name); do rc = imap_cmd_step(idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { mutt_debug(1, ""#2 Error receiving server response.\n""); goto bail; } request_buf.length = mutt_b64_decode(buf2, idata->buf + 2); request_buf.value = buf2; maj_stat = gss_unwrap(&min_stat, context, &request_buf, &send_token, &cflags, &quality); if (maj_stat != GSS_S_COMPLETE) { print_gss_error(maj_stat, min_stat); mutt_debug(2, ""Couldn't unwrap security level data\n""); gss_release_buffer(&min_stat, &send_token); goto err_abort_cmd; } mutt_debug(2, ""Credential exchange complete\n""); server_conf_flags = ((char *) send_token.value)[0]; if (!(((char *) send_token.value)[0] & GSS_AUTH_P_NONE)) { mutt_debug(2, ""Server requires integrity or privacy\n""); gss_release_buffer(&min_stat, &send_token); goto err_abort_cmd; } ((char *) send_token.value)[0] = '\0'; buf_size = ntohl(*((long *) send_token.value)); gss_release_buffer(&min_stat, &send_token); mutt_debug(2, ""Unwrapped security level flags: %c%c%c\n"", (server_conf_flags & GSS_AUTH_P_NONE) ? 'N' : '-', (server_conf_flags & GSS_AUTH_P_INTEGRITY) ? 'I' : '-', (server_conf_flags & GSS_AUTH_P_PRIVACY) ? 'P' : '-'); mutt_debug(2, ""Maximum GSS token size is %ld\n"", buf_size); buf_size = htonl(buf_size); memcpy(buf1, &buf_size, 4); buf1[0] = GSS_AUTH_P_NONE; strncpy(buf1 + 4, idata->conn->account.user, sizeof(buf1) - 4); request_buf.value = buf1; request_buf.length = 4 + strlen(idata->conn->account.user); maj_stat = gss_wrap(&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf, &cflags, &send_token); if (maj_stat != GSS_S_COMPLETE) { mutt_debug(2, ""Error creating login request\n""); goto err_abort_cmd; } mutt_b64_encode(buf1, send_token.value, send_token.length, sizeof(buf1) - 2); mutt_debug(2, ""Requesting authorisation as %s\n"", idata->conn->account.user); mutt_str_strcat(buf1, sizeof(buf1), ""\r\n""); mutt_socket_send(idata->conn, buf1); do rc = imap_cmd_step(idata); while (rc == IMAP_CMD_CONTINUE); if (rc == IMAP_CMD_RESPOND) { mutt_debug(1, ""Unexpected server continuation request.\n""); goto err_abort_cmd; } if (imap_code(idata->buf)) { mutt_debug(2, ""Releasing GSS credentials\n""); maj_stat = gss_delete_sec_context(&min_stat, &context, &send_token); if (maj_stat != GSS_S_COMPLETE) mutt_debug(1, ""Error releasing credentials\n""); gss_release_buffer(&min_stat, &send_token); return IMAP_AUTH_SUCCESS; } else goto bail; err_abort_cmd: mutt_socket_send(idata->conn, ""*\r\n""); do rc = imap_cmd_step(idata); while (rc == IMAP_CMD_CONTINUE); bail: mutt_error(_(""GSSAPI authentication failed."")); return IMAP_AUTH_FAILURE; }",visit repo url,imap/auth_gss.c,https://github.com/neomutt/neomutt,38629886528762,1 1007,CWE-119,"static int process_one_ticket(struct ceph_auth_client *ac, struct ceph_crypto_key *secret, void **p, void *end, void *dbuf, void *ticket_buf) { struct ceph_x_info *xi = ac->private; int type; u8 tkt_struct_v, blob_struct_v; struct ceph_x_ticket_handler *th; void *dp, *dend; int dlen; char is_enc; struct timespec validity; struct ceph_crypto_key old_key; void *tp, *tpend; struct ceph_timespec new_validity; struct ceph_crypto_key new_session_key; struct ceph_buffer *new_ticket_blob; unsigned long new_expires, new_renew_after; u64 new_secret_id; int ret; ceph_decode_need(p, end, sizeof(u32) + 1, bad); type = ceph_decode_32(p); dout("" ticket type %d %s\n"", type, ceph_entity_type_name(type)); tkt_struct_v = ceph_decode_8(p); if (tkt_struct_v != 1) goto bad; th = get_ticket_handler(ac, type); if (IS_ERR(th)) { ret = PTR_ERR(th); goto out; } dlen = ceph_x_decrypt(secret, p, end, dbuf, TEMP_TICKET_BUF_LEN); if (dlen <= 0) { ret = dlen; goto out; } dout("" decrypted %d bytes\n"", dlen); dp = dbuf; dend = dp + dlen; tkt_struct_v = ceph_decode_8(&dp); if (tkt_struct_v != 1) goto bad; memcpy(&old_key, &th->session_key, sizeof(old_key)); ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); if (ret) goto out; ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); ceph_decode_timespec(&validity, &new_validity); new_expires = get_seconds() + validity.tv_sec; new_renew_after = new_expires - (validity.tv_sec / 4); dout("" expires=%lu renew_after=%lu\n"", new_expires, new_renew_after); ceph_decode_8_safe(p, end, is_enc, bad); tp = ticket_buf; if (is_enc) { dout("" encrypted ticket\n""); dlen = ceph_x_decrypt(&old_key, p, end, ticket_buf, TEMP_TICKET_BUF_LEN); if (dlen < 0) { ret = dlen; goto out; } dlen = ceph_decode_32(&tp); } else { ceph_decode_32_safe(p, end, dlen, bad); ceph_decode_need(p, end, dlen, bad); ceph_decode_copy(p, ticket_buf, dlen); } tpend = tp + dlen; dout("" ticket blob is %d bytes\n"", dlen); ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); blob_struct_v = ceph_decode_8(&tp); new_secret_id = ceph_decode_64(&tp); ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); if (ret) goto out; ceph_crypto_key_destroy(&th->session_key); if (th->ticket_blob) ceph_buffer_put(th->ticket_blob); th->session_key = new_session_key; th->ticket_blob = new_ticket_blob; th->validity = new_validity; th->secret_id = new_secret_id; th->expires = new_expires; th->renew_after = new_renew_after; dout("" got ticket service %d (%s) secret_id %lld len %d\n"", type, ceph_entity_type_name(type), th->secret_id, (int)th->ticket_blob->vec.iov_len); xi->have_keys |= th->service; out: return ret; bad: ret = -EINVAL; goto out; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,103239916982661,1 5139,['CWE-20'],"static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { unsigned long exit_qualification; int cr; int reg; exit_qualification = vmcs_readl(EXIT_QUALIFICATION); cr = exit_qualification & 15; reg = (exit_qualification >> 8) & 15; switch ((exit_qualification >> 4) & 3) { case 0: KVMTRACE_3D(CR_WRITE, vcpu, (u32)cr, (u32)kvm_register_read(vcpu, reg), (u32)((u64)kvm_register_read(vcpu, reg) >> 32), handler); switch (cr) { case 0: kvm_set_cr0(vcpu, kvm_register_read(vcpu, reg)); skip_emulated_instruction(vcpu); return 1; case 3: kvm_set_cr3(vcpu, kvm_register_read(vcpu, reg)); skip_emulated_instruction(vcpu); return 1; case 4: kvm_set_cr4(vcpu, kvm_register_read(vcpu, reg)); skip_emulated_instruction(vcpu); return 1; case 8: kvm_set_cr8(vcpu, kvm_register_read(vcpu, reg)); skip_emulated_instruction(vcpu); if (irqchip_in_kernel(vcpu->kvm)) return 1; kvm_run->exit_reason = KVM_EXIT_SET_TPR; return 0; }; break; case 2: vmx_fpu_deactivate(vcpu); vcpu->arch.cr0 &= ~X86_CR0_TS; vmcs_writel(CR0_READ_SHADOW, vcpu->arch.cr0); vmx_fpu_activate(vcpu); KVMTRACE_0D(CLTS, vcpu, handler); skip_emulated_instruction(vcpu); return 1; case 1: switch (cr) { case 3: kvm_register_write(vcpu, reg, vcpu->arch.cr3); KVMTRACE_3D(CR_READ, vcpu, (u32)cr, (u32)kvm_register_read(vcpu, reg), (u32)((u64)kvm_register_read(vcpu, reg) >> 32), handler); skip_emulated_instruction(vcpu); return 1; case 8: kvm_register_write(vcpu, reg, kvm_get_cr8(vcpu)); KVMTRACE_2D(CR_READ, vcpu, (u32)cr, (u32)kvm_register_read(vcpu, reg), handler); skip_emulated_instruction(vcpu); return 1; } break; case 3: kvm_lmsw(vcpu, (exit_qualification >> LMSW_SOURCE_DATA_SHIFT) & 0x0f); skip_emulated_instruction(vcpu); return 1; default: break; } kvm_run->exit_reason = 0; pr_unimpl(vcpu, ""unhandled control register: op %d cr %d\n"", (int)(exit_qualification >> 4) & 3, cr); return 0; }",linux-2.6,,,136425437603824766521999216625208294062,0 3487,['CWE-20'],"struct sctp_chunk *sctp_make_shutdown_complete( const struct sctp_association *asoc, const struct sctp_chunk *chunk) { struct sctp_chunk *retval; __u8 flags = 0; flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); if (retval && chunk) retval->transport = chunk->transport; return retval; }",linux-2.6,,,167509507853463904624856578680006997254,0 1552,CWE-200,"static int get_bitmap_file(struct mddev *mddev, void __user * arg) { mdu_bitmap_file_t *file = NULL; char *ptr; int err; file = kmalloc(sizeof(*file), GFP_NOIO); if (!file) return -ENOMEM; err = 0; spin_lock(&mddev->lock); if (!mddev->bitmap_info.file) file->pathname[0] = '\0'; else if ((ptr = file_path(mddev->bitmap_info.file, file->pathname, sizeof(file->pathname))), IS_ERR(ptr)) err = PTR_ERR(ptr); else memmove(file->pathname, ptr, sizeof(file->pathname)-(ptr-file->pathname)); spin_unlock(&mddev->lock); if (err == 0 && copy_to_user(arg, file, sizeof(*file))) err = -EFAULT; kfree(file); return err; }",visit repo url,drivers/md/md.c,https://github.com/torvalds/linux,250914092620669,1 6764,['CWE-310'],"read_one_setting_value_from_gconf (NMSetting *setting, const char *key, const GValue *value, GParamFlags flags, gpointer user_data) { ReadFromGConfInfo *info = (ReadFromGConfInfo *) user_data; const char *setting_name; GType type = G_VALUE_TYPE (value); if (!strcmp (key, NM_SETTING_NAME)) return; if (flags & NM_SETTING_PARAM_SECRET) return; if ( NM_IS_SETTING_CONNECTION (setting) && !strcmp (key, NM_SETTING_CONNECTION_READ_ONLY)) return; setting_name = nm_setting_get_name (setting); if (NM_IS_SETTING_802_1X (setting)) { if (string_in_list (key, applet_8021x_ignore_keys)) return; } else if (NM_IS_SETTING_VPN (setting)) { if (string_in_list (key, vpn_ignore_keys)) return; } if (type == G_TYPE_STRING) { char *str_val = NULL; if (nm_gconf_get_string_helper (info->client, info->dir, key, setting_name, &str_val)) { g_object_set (setting, key, str_val, NULL); g_free (str_val); } } else if (type == G_TYPE_UINT) { int int_val = 0; if (nm_gconf_get_int_helper (info->client, info->dir, key, setting_name, &int_val)) { if (int_val < 0) g_warning (""Casting negative value (%i) to uint"", int_val); g_object_set (setting, key, int_val, NULL); } } else if (type == G_TYPE_INT) { int int_val; if (nm_gconf_get_int_helper (info->client, info->dir, key, setting_name, &int_val)) g_object_set (setting, key, int_val, NULL); } else if (type == G_TYPE_UINT64) { char *tmp_str = NULL; if (nm_gconf_get_string_helper (info->client, info->dir, key, setting_name, &tmp_str) && tmp_str) { guint64 uint_val = g_ascii_strtoull (tmp_str, NULL, 10); if (!(uint_val == G_MAXUINT64 && errno == ERANGE)) g_object_set (setting, key, uint_val, NULL); g_free (tmp_str); } } else if (type == G_TYPE_BOOLEAN) { gboolean bool_val; if (nm_gconf_get_bool_helper (info->client, info->dir, key, setting_name, &bool_val)) g_object_set (setting, key, bool_val, NULL); } else if (type == G_TYPE_CHAR) { int int_val = 0; if (nm_gconf_get_int_helper (info->client, info->dir, key, setting_name, &int_val)) { if (int_val < G_MININT8 || int_val > G_MAXINT8) g_warning (""Casting value (%i) to char"", int_val); g_object_set (setting, key, int_val, NULL); } } else if (type == DBUS_TYPE_G_UCHAR_ARRAY) { GByteArray *ba_val = NULL; if (nm_gconf_get_bytearray_helper (info->client, info->dir, key, setting_name, &ba_val)) { g_object_set (setting, key, ba_val, NULL); g_byte_array_free (ba_val, TRUE); } } else if (type == DBUS_TYPE_G_LIST_OF_STRING) { GSList *sa_val = NULL; if (nm_gconf_get_stringlist_helper (info->client, info->dir, key, setting_name, &sa_val)) { g_object_set (setting, key, sa_val, NULL); g_slist_foreach (sa_val, (GFunc) g_free, NULL); g_slist_free (sa_val); } #if UNUSED } else if (type == DBUS_TYPE_G_MAP_OF_VARIANT) { GHashTable *vh_val = NULL; if (nm_gconf_get_valuehash_helper (info->client, info->dir, setting_name, &vh_val)) { g_object_set (setting, key, vh_val, NULL); g_hash_table_destroy (vh_val); } #endif } else if (type == DBUS_TYPE_G_MAP_OF_STRING) { GHashTable *sh_val = NULL; if (nm_gconf_get_stringhash_helper (info->client, info->dir, setting_name, &sh_val)) { g_object_set (setting, key, sh_val, NULL); g_hash_table_destroy (sh_val); } } else if (type == DBUS_TYPE_G_UINT_ARRAY) { GArray *a_val = NULL; if (nm_gconf_get_uint_array_helper (info->client, info->dir, key, setting_name, &a_val)) { g_object_set (setting, key, a_val, NULL); g_array_free (a_val, TRUE); } } else if (type == DBUS_TYPE_G_ARRAY_OF_ARRAY_OF_UINT) { GPtrArray *pa_val = NULL; guint32 tuple_len = 0; if (!strcmp (key, NM_SETTING_IP4_CONFIG_ADDRESSES)) tuple_len = 3; else if (!strcmp (key, NM_SETTING_IP4_CONFIG_ROUTES)) tuple_len = 4; if (nm_gconf_get_ip4_helper (info->client, info->dir, key, setting_name, tuple_len, &pa_val)) { g_object_set (setting, key, pa_val, NULL); g_ptr_array_foreach (pa_val, (GFunc) free_one_addr, NULL); g_ptr_array_free (pa_val, TRUE); } } else { g_warning (""Unhandled setting property type (read): '%s/%s' : '%s'"", setting_name, key, G_VALUE_TYPE_NAME (value)); } }",network-manager-applet,,,160004032762526803680312631186149113466,0 2363,CWE-119,"static int parse_video_info(AVIOContext *pb, AVStream *st) { uint16_t size_asf; uint32_t size_bmp; unsigned int tag; st->codecpar->width = avio_rl32(pb); st->codecpar->height = avio_rl32(pb); avio_skip(pb, 1); size_asf = avio_rl16(pb); tag = ff_get_bmp_header(pb, st, &size_bmp); st->codecpar->codec_tag = tag; st->codecpar->codec_id = ff_codec_get_id(ff_codec_bmp_tags, tag); size_bmp = FFMAX(size_asf, size_bmp); if (size_bmp > BMP_HEADER_SIZE) { int ret; st->codecpar->extradata_size = size_bmp - BMP_HEADER_SIZE; if (!(st->codecpar->extradata = av_malloc(st->codecpar->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE))) { st->codecpar->extradata_size = 0; return AVERROR(ENOMEM); } memset(st->codecpar->extradata + st->codecpar->extradata_size , 0, AV_INPUT_BUFFER_PADDING_SIZE); if ((ret = avio_read(pb, st->codecpar->extradata, st->codecpar->extradata_size)) < 0) return ret; } return 0; }",visit repo url,libavformat/asfdec_o.c,https://github.com/FFmpeg/FFmpeg,108654516777738,1 4018,CWE-787,"local block_state deflate_fast(s, flush) deflate_state *s; int flush; { IPos hash_head; int bflush; for (;;) { if (s->lookahead < MIN_LOOKAHEAD) { fill_window(s); if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { return need_more; } if (s->lookahead == 0) break; } hash_head = NIL; if (s->lookahead >= MIN_MATCH) { INSERT_STRING(s, s->strstart, hash_head); } if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) { s->match_length = longest_match (s, hash_head); } if (s->match_length >= MIN_MATCH) { check_match(s, s->strstart, s->match_start, s->match_length); _tr_tally_dist(s, s->strstart - s->match_start, s->match_length - MIN_MATCH, bflush); s->lookahead -= s->match_length; #ifndef FASTEST if (s->match_length <= s->max_insert_length && s->lookahead >= MIN_MATCH) { s->match_length--; do { s->strstart++; INSERT_STRING(s, s->strstart, hash_head); } while (--s->match_length != 0); s->strstart++; } else #endif { s->strstart += s->match_length; s->match_length = 0; s->ins_h = s->window[s->strstart]; UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); #if MIN_MATCH != 3 Call UPDATE_HASH() MIN_MATCH-3 more times #endif } } else { Tracevv((stderr,""%c"", s->window[s->strstart])); _tr_tally_lit (s, s->window[s->strstart], bflush); s->lookahead--; s->strstart++; } if (bflush) FLUSH_BLOCK(s, 0); } s->insert = s->strstart < MIN_MATCH-1 ? s->strstart : MIN_MATCH-1; if (flush == Z_FINISH) { FLUSH_BLOCK(s, 1); return finish_done; } if (s->last_lit) FLUSH_BLOCK(s, 0); return block_done; }",visit repo url,deflate.c,https://github.com/madler/zlib,274451019213271,1 2364,CWE-416,"static int rm_read_multi(AVFormatContext *s, AVIOContext *pb, AVStream *st, char *mime) { int number_of_streams = avio_rb16(pb); int number_of_mdpr; int i, ret; unsigned size2; for (i = 0; i 0) { st2 = avformat_new_stream(s, NULL); if (!st2) { ret = AVERROR(ENOMEM); return ret; } st2->id = st->id + (i<<16); st2->codecpar->bit_rate = st->codecpar->bit_rate; st2->start_time = st->start_time; st2->duration = st->duration; st2->codecpar->codec_type = AVMEDIA_TYPE_DATA; st2->priv_data = ff_rm_alloc_rmstream(); if (!st2->priv_data) return AVERROR(ENOMEM); } else st2 = st; size2 = avio_rb32(pb); ret = ff_rm_read_mdpr_codecdata(s, s->pb, st2, st2->priv_data, size2, mime); if (ret < 0) return ret; } return 0; }",visit repo url,libavformat/rmdec.c,https://github.com/FFmpeg/FFmpeg,235698479669069,1 6294,['CWE-200'],"static __inline__ void wireless_seq_printf_stats(struct seq_file *seq, struct net_device *dev) { struct iw_statistics *stats = get_wireless_stats(dev); if (stats) { seq_printf(seq, ""%6s: %04x %3d%c %3d%c %3d%c %6d %6d %6d "" ""%6d %6d %6d\n"", dev->name, stats->status, stats->qual.qual, stats->qual.updated & IW_QUAL_QUAL_UPDATED ? '.' : ' ', ((__u8) stats->qual.level), stats->qual.updated & IW_QUAL_LEVEL_UPDATED ? '.' : ' ', ((__u8) stats->qual.noise), stats->qual.updated & IW_QUAL_NOISE_UPDATED ? '.' : ' ', stats->discard.nwid, stats->discard.code, stats->discard.fragment, stats->discard.retries, stats->discard.misc, stats->miss.beacon); stats->qual.updated = 0; } }",linux-2.6,,,186039791429220455060867701746148108866,0 3075,CWE-399,"static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) { unsigned char buf[4096]; int r = 0, i; BIO *tmpout = NULL; if (out == NULL) tmpout = BIO_new(BIO_s_null()); else if (flags & CMS_TEXT) { tmpout = BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(tmpout, 0); } else tmpout = out; if(!tmpout) { CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE); goto err; } for (;;) { i=BIO_read(in,buf,sizeof(buf)); if (i <= 0) { if (BIO_method_type(in) == BIO_TYPE_CIPHER) { if (!BIO_get_cipher_status(in)) goto err; } if (i < 0) goto err; break; } if (tmpout && (BIO_write(tmpout, buf, i) != i)) goto err; } if(flags & CMS_TEXT) { if(!SMIME_text(tmpout, out)) { CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR); goto err; } } r = 1; err: if (tmpout && (tmpout != out)) BIO_free(tmpout); return r; }",visit repo url,crypto/cms/cms_smime.c,https://github.com/openssl/openssl,10923252544196,1 1283,[],"m4___file__ (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 1, 1)) return; obstack_grow (obs, lquote.string, lquote.length); obstack_grow (obs, current_file, strlen (current_file)); obstack_grow (obs, rquote.string, rquote.length); }",m4,,,47262853343511071932370012596346353171,0 406,CWE-125,"void snd_msndmidi_input_read(void *mpuv) { unsigned long flags; struct snd_msndmidi *mpu = mpuv; void *pwMIDQData = mpu->dev->mappedbase + MIDQ_DATA_BUFF; spin_lock_irqsave(&mpu->input_lock, flags); while (readw(mpu->dev->MIDQ + JQS_wTail) != readw(mpu->dev->MIDQ + JQS_wHead)) { u16 wTmp, val; val = readw(pwMIDQData + 2 * readw(mpu->dev->MIDQ + JQS_wHead)); if (test_bit(MSNDMIDI_MODE_BIT_INPUT_TRIGGER, &mpu->mode)) snd_rawmidi_receive(mpu->substream_input, (unsigned char *)&val, 1); wTmp = readw(mpu->dev->MIDQ + JQS_wHead) + 1; if (wTmp > readw(mpu->dev->MIDQ + JQS_wSize)) writew(0, mpu->dev->MIDQ + JQS_wHead); else writew(wTmp, mpu->dev->MIDQ + JQS_wHead); } spin_unlock_irqrestore(&mpu->input_lock, flags); }",visit repo url,sound/isa/msnd/msnd_midi.c,https://github.com/torvalds/linux,4504394644521,1 92,CWE-476,"validate_as_request(kdc_realm_t *kdc_active_realm, register krb5_kdc_req *request, krb5_db_entry client, krb5_db_entry server, krb5_timestamp kdc_time, const char **status, krb5_pa_data ***e_data) { int errcode; krb5_error_code ret; if (request->kdc_options & AS_INVALID_OPTIONS) { *status = ""INVALID AS OPTIONS""; return KDC_ERR_BADOPTION; } if (client.expiration && client.expiration < kdc_time) { *status = ""CLIENT EXPIRED""; if (vague_errors) return(KRB_ERR_GENERIC); else return(KDC_ERR_NAME_EXP); } if (client.pw_expiration && client.pw_expiration < kdc_time && !isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) { *status = ""CLIENT KEY EXPIRED""; if (vague_errors) return(KRB_ERR_GENERIC); else return(KDC_ERR_KEY_EXP); } if (server.expiration && server.expiration < kdc_time) { *status = ""SERVICE EXPIRED""; return(KDC_ERR_SERVICE_EXP); } if (isflagset(client.attributes, KRB5_KDB_REQUIRES_PWCHANGE) && !isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) { *status = ""REQUIRED PWCHANGE""; return(KDC_ERR_KEY_EXP); } if ((isflagset(request->kdc_options, KDC_OPT_ALLOW_POSTDATE) || isflagset(request->kdc_options, KDC_OPT_POSTDATED)) && (isflagset(client.attributes, KRB5_KDB_DISALLOW_POSTDATED) || isflagset(server.attributes, KRB5_KDB_DISALLOW_POSTDATED))) { *status = ""POSTDATE NOT ALLOWED""; return(KDC_ERR_CANNOT_POSTDATE); } if (isflagset(request->kdc_options, KDC_OPT_PROXIABLE) && (isflagset(client.attributes, KRB5_KDB_DISALLOW_PROXIABLE) || isflagset(server.attributes, KRB5_KDB_DISALLOW_PROXIABLE))) { *status = ""PROXIABLE NOT ALLOWED""; return(KDC_ERR_POLICY); } if (isflagset(client.attributes, KRB5_KDB_DISALLOW_ALL_TIX)) { *status = ""CLIENT LOCKED OUT""; return(KDC_ERR_CLIENT_REVOKED); } if (isflagset(server.attributes, KRB5_KDB_DISALLOW_ALL_TIX)) { *status = ""SERVICE LOCKED OUT""; return(KDC_ERR_S_PRINCIPAL_UNKNOWN); } if (isflagset(server.attributes, KRB5_KDB_DISALLOW_SVR)) { *status = ""SERVICE NOT ALLOWED""; return(KDC_ERR_MUST_USE_USER2USER); } if (check_anon(kdc_active_realm, request->client, request->server) != 0) { *status = ""ANONYMOUS NOT ALLOWED""; return(KDC_ERR_POLICY); } ret = krb5_db_check_policy_as(kdc_context, request, &client, &server, kdc_time, status, e_data); if (ret && ret != KRB5_PLUGIN_OP_NOTSUPP) return errcode_to_protocol(ret); errcode = against_local_policy_as(request, client, server, kdc_time, status, e_data); if (errcode) return errcode; return 0; }",visit repo url,src/kdc/kdc_util.c,https://github.com/krb5/krb5,158192632818038,1 5441,CWE-20,"void svhandler_flash_pgm_blk(void) { uint32_t beginAddr = _param_1; uint32_t data = _param_2; uint32_t length = _param_3; if (beginAddr + length < beginAddr) return; if (((beginAddr >= BSTRP_FLASH_SECT_START) && (beginAddr <= (BSTRP_FLASH_SECT_START + BSTRP_FLASH_SECT_LEN - 1))) || (((beginAddr + length) >= BSTRP_FLASH_SECT_START) && ((beginAddr + length) <= (BSTRP_FLASH_SECT_START + BSTRP_FLASH_SECT_LEN - 1)))) { return; } if (((beginAddr >= BLDR_FLASH_SECT_START) && (beginAddr <= (BLDR_FLASH_SECT_START + 2 * BLDR_FLASH_SECT_LEN - 1))) || (((beginAddr + length) >= BLDR_FLASH_SECT_START) && ((beginAddr + length) <= (BLDR_FLASH_SECT_START + 2 * BLDR_FLASH_SECT_LEN - 1)))) { return; } flash_clear_status_flags(); flash_unlock(); flash_program(beginAddr, (uint8_t *)data, length); _param_1 = !!flash_chk_status(); _param_2 = 0; _param_3 = 0; flash_wait_for_last_operation(); FLASH_CR &= ~FLASH_CR_PG; FLASH_CR |= FLASH_CR_LOCK; }",visit repo url,lib/board/supervise.c,https://github.com/keepkey/keepkey-firmware,248433601893074,1 825,CWE-20,"static int packet_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied, err; struct sockaddr_ll *sll; int vnet_hdr_len = 0; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT|MSG_ERRQUEUE)) goto out; #if 0 if (pkt_sk(sk)->ifindex < 0) return -ENODEV; #endif if (flags & MSG_ERRQUEUE) { err = sock_recv_errqueue(sk, msg, len, SOL_PACKET, PACKET_TX_TIMESTAMP); goto out; } skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (pkt_sk(sk)->has_vnet_hdr) { struct virtio_net_hdr vnet_hdr = { 0 }; err = -EINVAL; vnet_hdr_len = sizeof(vnet_hdr); if (len < vnet_hdr_len) goto out_free; len -= vnet_hdr_len; if (skb_is_gso(skb)) { struct skb_shared_info *sinfo = skb_shinfo(skb); vnet_hdr.hdr_len = skb_headlen(skb); vnet_hdr.gso_size = sinfo->gso_size; if (sinfo->gso_type & SKB_GSO_TCPV4) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV4; else if (sinfo->gso_type & SKB_GSO_TCPV6) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV6; else if (sinfo->gso_type & SKB_GSO_UDP) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_UDP; else if (sinfo->gso_type & SKB_GSO_FCOE) goto out_free; else BUG(); if (sinfo->gso_type & SKB_GSO_TCP_ECN) vnet_hdr.gso_type |= VIRTIO_NET_HDR_GSO_ECN; } else vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE; if (skb->ip_summed == CHECKSUM_PARTIAL) { vnet_hdr.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; vnet_hdr.csum_start = skb_checksum_start_offset(skb); vnet_hdr.csum_offset = skb->csum_offset; } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) { vnet_hdr.flags = VIRTIO_NET_HDR_F_DATA_VALID; } err = memcpy_toiovec(msg->msg_iov, (void *)&vnet_hdr, vnet_hdr_len); if (err < 0) goto out_free; } sll = &PACKET_SKB_CB(skb)->sa.ll; if (sock->type == SOCK_PACKET) msg->msg_namelen = sizeof(struct sockaddr_pkt); else msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr); copied = skb->len; if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, msg->msg_namelen); if (pkt_sk(sk)->auxdata) { struct tpacket_auxdata aux; aux.tp_status = TP_STATUS_USER; if (skb->ip_summed == CHECKSUM_PARTIAL) aux.tp_status |= TP_STATUS_CSUMNOTREADY; aux.tp_len = PACKET_SKB_CB(skb)->origlen; aux.tp_snaplen = skb->len; aux.tp_mac = 0; aux.tp_net = skb_network_offset(skb); if (vlan_tx_tag_present(skb)) { aux.tp_vlan_tci = vlan_tx_tag_get(skb); aux.tp_status |= TP_STATUS_VLAN_VALID; } else { aux.tp_vlan_tci = 0; } aux.tp_padding = 0; put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux); } err = vnet_hdr_len + ((flags&MSG_TRUNC) ? skb->len : copied); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,197620869737506,1 3207,CWE-125,"lmp_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) { const struct lmp_common_header *lmp_com_header; const struct lmp_object_header *lmp_obj_header; const u_char *tptr,*obj_tptr; int tlen,lmp_obj_len,lmp_obj_ctype,obj_tlen; int hexdump; int offset,subobj_type,subobj_len,total_subobj_len; int link_type; union { float f; uint32_t i; } bw; tptr=pptr; lmp_com_header = (const struct lmp_common_header *)pptr; ND_TCHECK(*lmp_com_header); if (LMP_EXTRACT_VERSION(lmp_com_header->version_res[0]) != LMP_VERSION) { ND_PRINT((ndo, ""LMP version %u packet not supported"", LMP_EXTRACT_VERSION(lmp_com_header->version_res[0]))); return; } if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, ""LMPv%u %s Message, length: %u"", LMP_EXTRACT_VERSION(lmp_com_header->version_res[0]), tok2str(lmp_msg_type_values, ""unknown (%u)"",lmp_com_header->msg_type), len)); return; } tlen=EXTRACT_16BITS(lmp_com_header->length); ND_PRINT((ndo, ""\n\tLMPv%u, msg-type: %s, Flags: [%s], length: %u"", LMP_EXTRACT_VERSION(lmp_com_header->version_res[0]), tok2str(lmp_msg_type_values, ""unknown, type: %u"",lmp_com_header->msg_type), bittok2str(lmp_header_flag_values,""none"",lmp_com_header->flags), tlen)); tptr+=sizeof(const struct lmp_common_header); tlen-=sizeof(const struct lmp_common_header); while(tlen>0) { ND_TCHECK2(*tptr, sizeof(struct lmp_object_header)); lmp_obj_header = (const struct lmp_object_header *)tptr; lmp_obj_len=EXTRACT_16BITS(lmp_obj_header->length); lmp_obj_ctype=(lmp_obj_header->ctype)&0x7f; if(lmp_obj_len % 4 || lmp_obj_len < 4) return; ND_PRINT((ndo, ""\n\t %s Object (%u), Class-Type: %s (%u) Flags: [%snegotiable], length: %u"", tok2str(lmp_obj_values, ""Unknown"", lmp_obj_header->class_num), lmp_obj_header->class_num, tok2str(lmp_ctype_values, ""Unknown"", ((lmp_obj_header->class_num)<<8)+lmp_obj_ctype), lmp_obj_ctype, (lmp_obj_header->ctype)&0x80 ? """" : ""non-"", lmp_obj_len)); obj_tptr=tptr+sizeof(struct lmp_object_header); obj_tlen=lmp_obj_len-sizeof(struct lmp_object_header); ND_TCHECK2(*tptr, lmp_obj_len); hexdump=FALSE; switch(lmp_obj_header->class_num) { case LMP_OBJ_CC_ID: switch(lmp_obj_ctype) { case LMP_CTYPE_LOC: case LMP_CTYPE_RMT: ND_PRINT((ndo, ""\n\t Control Channel ID: %u (0x%08x)"", EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr))); break; default: hexdump=TRUE; } break; case LMP_OBJ_LINK_ID: case LMP_OBJ_INTERFACE_ID: switch(lmp_obj_ctype) { case LMP_CTYPE_IPV4_LOC: case LMP_CTYPE_IPV4_RMT: ND_PRINT((ndo, ""\n\t IPv4 Link ID: %s (0x%08x)"", ipaddr_string(ndo, obj_tptr), EXTRACT_32BITS(obj_tptr))); break; case LMP_CTYPE_IPV6_LOC: case LMP_CTYPE_IPV6_RMT: ND_PRINT((ndo, ""\n\t IPv6 Link ID: %s (0x%08x)"", ip6addr_string(ndo, obj_tptr), EXTRACT_32BITS(obj_tptr))); break; case LMP_CTYPE_UNMD_LOC: case LMP_CTYPE_UNMD_RMT: ND_PRINT((ndo, ""\n\t Link ID: %u (0x%08x)"", EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr))); break; default: hexdump=TRUE; } break; case LMP_OBJ_MESSAGE_ID: switch(lmp_obj_ctype) { case LMP_CTYPE_1: ND_PRINT((ndo, ""\n\t Message ID: %u (0x%08x)"", EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr))); break; case LMP_CTYPE_2: ND_PRINT((ndo, ""\n\t Message ID Ack: %u (0x%08x)"", EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr))); break; default: hexdump=TRUE; } break; case LMP_OBJ_NODE_ID: switch(lmp_obj_ctype) { case LMP_CTYPE_LOC: case LMP_CTYPE_RMT: ND_PRINT((ndo, ""\n\t Node ID: %s (0x%08x)"", ipaddr_string(ndo, obj_tptr), EXTRACT_32BITS(obj_tptr))); break; default: hexdump=TRUE; } break; case LMP_OBJ_CONFIG: switch(lmp_obj_ctype) { case LMP_CTYPE_HELLO_CONFIG: ND_PRINT((ndo, ""\n\t Hello Interval: %u\n\t Hello Dead Interval: %u"", EXTRACT_16BITS(obj_tptr), EXTRACT_16BITS(obj_tptr+2))); break; default: hexdump=TRUE; } break; case LMP_OBJ_HELLO: switch(lmp_obj_ctype) { case LMP_CTYPE_HELLO: ND_PRINT((ndo, ""\n\t Tx Seq: %u, Rx Seq: %u"", EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr+4))); break; default: hexdump=TRUE; } break; case LMP_OBJ_TE_LINK: ND_PRINT((ndo, ""\n\t Flags: [%s]"", bittok2str(lmp_obj_te_link_flag_values, ""none"", EXTRACT_16BITS(obj_tptr)>>8))); switch(lmp_obj_ctype) { case LMP_CTYPE_IPV4: ND_PRINT((ndo, ""\n\t Local Link-ID: %s (0x%08x)"" ""\n\t Remote Link-ID: %s (0x%08x)"", ipaddr_string(ndo, obj_tptr+4), EXTRACT_32BITS(obj_tptr+4), ipaddr_string(ndo, obj_tptr+8), EXTRACT_32BITS(obj_tptr+8))); break; case LMP_CTYPE_IPV6: case LMP_CTYPE_UNMD: default: hexdump=TRUE; } break; case LMP_OBJ_DATA_LINK: ND_PRINT((ndo, ""\n\t Flags: [%s]"", bittok2str(lmp_obj_data_link_flag_values, ""none"", EXTRACT_16BITS(obj_tptr)>>8))); switch(lmp_obj_ctype) { case LMP_CTYPE_IPV4: case LMP_CTYPE_UNMD: ND_PRINT((ndo, ""\n\t Local Interface ID: %s (0x%08x)"" ""\n\t Remote Interface ID: %s (0x%08x)"", ipaddr_string(ndo, obj_tptr+4), EXTRACT_32BITS(obj_tptr+4), ipaddr_string(ndo, obj_tptr+8), EXTRACT_32BITS(obj_tptr+8))); total_subobj_len = lmp_obj_len - 16; offset = 12; while (total_subobj_len > 0 && hexdump == FALSE ) { subobj_type = EXTRACT_16BITS(obj_tptr+offset)>>8; subobj_len = EXTRACT_16BITS(obj_tptr+offset)&0x00FF; ND_PRINT((ndo, ""\n\t Subobject, Type: %s (%u), Length: %u"", tok2str(lmp_data_link_subobj, ""Unknown"", subobj_type), subobj_type, subobj_len)); switch(subobj_type) { case INT_SWITCHING_TYPE_SUBOBJ: ND_PRINT((ndo, ""\n\t Switching Type: %s (%u)"", tok2str(gmpls_switch_cap_values, ""Unknown"", EXTRACT_16BITS(obj_tptr+offset+2)>>8), EXTRACT_16BITS(obj_tptr+offset+2)>>8)); ND_PRINT((ndo, ""\n\t Encoding Type: %s (%u)"", tok2str(gmpls_encoding_values, ""Unknown"", EXTRACT_16BITS(obj_tptr+offset+2)&0x00FF), EXTRACT_16BITS(obj_tptr+offset+2)&0x00FF)); bw.i = EXTRACT_32BITS(obj_tptr+offset+4); ND_PRINT((ndo, ""\n\t Min Reservable Bandwidth: %.3f Mbps"", bw.f*8/1000000)); bw.i = EXTRACT_32BITS(obj_tptr+offset+8); ND_PRINT((ndo, ""\n\t Max Reservable Bandwidth: %.3f Mbps"", bw.f*8/1000000)); break; case WAVELENGTH_SUBOBJ: ND_PRINT((ndo, ""\n\t Wavelength: %u"", EXTRACT_32BITS(obj_tptr+offset+4))); break; default: hexdump=TRUE; break; } total_subobj_len-=subobj_len; offset+=subobj_len; } break; case LMP_CTYPE_IPV6: default: hexdump=TRUE; } break; case LMP_OBJ_VERIFY_BEGIN: switch(lmp_obj_ctype) { case LMP_CTYPE_1: ND_PRINT((ndo, ""\n\t Flags: %s"", bittok2str(lmp_obj_begin_verify_flag_values, ""none"", EXTRACT_16BITS(obj_tptr)))); ND_PRINT((ndo, ""\n\t Verify Interval: %u"", EXTRACT_16BITS(obj_tptr+2))); ND_PRINT((ndo, ""\n\t Data links: %u"", EXTRACT_32BITS(obj_tptr+4))); ND_PRINT((ndo, ""\n\t Encoding type: %s"", tok2str(gmpls_encoding_values, ""Unknown"", *(obj_tptr+8)))); ND_PRINT((ndo, ""\n\t Verify Transport Mechanism: %u (0x%x)%s"", EXTRACT_16BITS(obj_tptr+10), EXTRACT_16BITS(obj_tptr+10), EXTRACT_16BITS(obj_tptr+10)&8000 ? "" (Payload test messages capable)"" : """")); bw.i = EXTRACT_32BITS(obj_tptr+12); ND_PRINT((ndo, ""\n\t Transmission Rate: %.3f Mbps"",bw.f*8/1000000)); ND_PRINT((ndo, ""\n\t Wavelength: %u"", EXTRACT_32BITS(obj_tptr+16))); break; default: hexdump=TRUE; } break; case LMP_OBJ_VERIFY_BEGIN_ACK: switch(lmp_obj_ctype) { case LMP_CTYPE_1: ND_PRINT((ndo, ""\n\t Verify Dead Interval: %u"" ""\n\t Verify Transport Response: %u"", EXTRACT_16BITS(obj_tptr), EXTRACT_16BITS(obj_tptr+2))); break; default: hexdump=TRUE; } break; case LMP_OBJ_VERIFY_ID: switch(lmp_obj_ctype) { case LMP_CTYPE_1: ND_PRINT((ndo, ""\n\t Verify ID: %u"", EXTRACT_32BITS(obj_tptr))); break; default: hexdump=TRUE; } break; case LMP_OBJ_CHANNEL_STATUS: switch(lmp_obj_ctype) { case LMP_CTYPE_IPV4: case LMP_CTYPE_UNMD: offset = 0; while (offset < (lmp_obj_len-(int)sizeof(struct lmp_object_header)) ) { ND_PRINT((ndo, ""\n\t Interface ID: %s (0x%08x)"", ipaddr_string(ndo, obj_tptr+offset), EXTRACT_32BITS(obj_tptr+offset))); ND_PRINT((ndo, ""\n\t\t Active: %s (%u)"", (EXTRACT_32BITS(obj_tptr+offset+4)>>31) ? ""Allocated"" : ""Non-allocated"", (EXTRACT_32BITS(obj_tptr+offset+4)>>31))); ND_PRINT((ndo, ""\n\t\t Direction: %s (%u)"", (EXTRACT_32BITS(obj_tptr+offset+4)>>30)&0x1 ? ""Transmit"" : ""Receive"", (EXTRACT_32BITS(obj_tptr+offset+4)>>30)&0x1)); ND_PRINT((ndo, ""\n\t\t Channel Status: %s (%u)"", tok2str(lmp_obj_channel_status_values, ""Unknown"", EXTRACT_32BITS(obj_tptr+offset+4)&0x3FFFFFF), EXTRACT_32BITS(obj_tptr+offset+4)&0x3FFFFFF)); offset+=8; } break; case LMP_CTYPE_IPV6: default: hexdump=TRUE; } break; case LMP_OBJ_CHANNEL_STATUS_REQ: switch(lmp_obj_ctype) { case LMP_CTYPE_IPV4: case LMP_CTYPE_UNMD: offset = 0; while (offset < (lmp_obj_len-(int)sizeof(struct lmp_object_header)) ) { ND_PRINT((ndo, ""\n\t Interface ID: %s (0x%08x)"", ipaddr_string(ndo, obj_tptr+offset), EXTRACT_32BITS(obj_tptr+offset))); offset+=4; } break; case LMP_CTYPE_IPV6: default: hexdump=TRUE; } break; case LMP_OBJ_ERROR_CODE: switch(lmp_obj_ctype) { case LMP_CTYPE_BEGIN_VERIFY_ERROR: ND_PRINT((ndo, ""\n\t Error Code: %s"", bittok2str(lmp_obj_begin_verify_error_values, ""none"", EXTRACT_32BITS(obj_tptr)))); break; case LMP_CTYPE_LINK_SUMMARY_ERROR: ND_PRINT((ndo, ""\n\t Error Code: %s"", bittok2str(lmp_obj_link_summary_error_values, ""none"", EXTRACT_32BITS(obj_tptr)))); break; default: hexdump=TRUE; } break; case LMP_OBJ_SERVICE_CONFIG: switch (lmp_obj_ctype) { case LMP_CTYPE_SERVICE_CONFIG_SP: ND_PRINT((ndo, ""\n\t Flags: %s"", bittok2str(lmp_obj_service_config_sp_flag_values, ""none"", EXTRACT_16BITS(obj_tptr)>>8))); ND_PRINT((ndo, ""\n\t UNI Version: %u"", EXTRACT_16BITS(obj_tptr) & 0x00FF)); break; case LMP_CTYPE_SERVICE_CONFIG_CPSA: link_type = EXTRACT_16BITS(obj_tptr)>>8; ND_PRINT((ndo, ""\n\t Link Type: %s (%u)"", tok2str(lmp_sd_service_config_cpsa_link_type_values, ""Unknown"", link_type), link_type)); if (link_type == LMP_SD_SERVICE_CONFIG_CPSA_LINK_TYPE_SDH) { ND_PRINT((ndo, ""\n\t Signal Type: %s (%u)"", tok2str(lmp_sd_service_config_cpsa_signal_type_sdh_values, ""Unknown"", EXTRACT_16BITS(obj_tptr) & 0x00FF), EXTRACT_16BITS(obj_tptr) & 0x00FF)); } if (link_type == LMP_SD_SERVICE_CONFIG_CPSA_LINK_TYPE_SONET) { ND_PRINT((ndo, ""\n\t Signal Type: %s (%u)"", tok2str(lmp_sd_service_config_cpsa_signal_type_sonet_values, ""Unknown"", EXTRACT_16BITS(obj_tptr) & 0x00FF), EXTRACT_16BITS(obj_tptr) & 0x00FF)); } ND_PRINT((ndo, ""\n\t Transparency: %s"", bittok2str(lmp_obj_service_config_cpsa_tp_flag_values, ""none"", EXTRACT_16BITS(obj_tptr+2)>>8))); ND_PRINT((ndo, ""\n\t Contiguous Concatenation Types: %s"", bittok2str(lmp_obj_service_config_cpsa_cct_flag_values, ""none"", EXTRACT_16BITS(obj_tptr+2)>>8 & 0x00FF))); ND_PRINT((ndo, ""\n\t Minimum NCC: %u"", EXTRACT_16BITS(obj_tptr+4))); ND_PRINT((ndo, ""\n\t Maximum NCC: %u"", EXTRACT_16BITS(obj_tptr+6))); ND_PRINT((ndo, ""\n\t Minimum NVC:%u"", EXTRACT_16BITS(obj_tptr+8))); ND_PRINT((ndo, ""\n\t Maximum NVC:%u"", EXTRACT_16BITS(obj_tptr+10))); ND_PRINT((ndo, ""\n\t Local Interface ID: %s (0x%08x)"", ipaddr_string(ndo, obj_tptr+12), EXTRACT_32BITS(obj_tptr+12))); break; case LMP_CTYPE_SERVICE_CONFIG_TRANSPARENCY_TCM: ND_PRINT((ndo, ""\n\t Transparency Flags: %s"", bittok2str( lmp_obj_service_config_nsa_transparency_flag_values, ""none"", EXTRACT_32BITS(obj_tptr)))); ND_PRINT((ndo, ""\n\t TCM Monitoring Flags: %s"", bittok2str( lmp_obj_service_config_nsa_tcm_flag_values, ""none"", EXTRACT_16BITS(obj_tptr+6) & 0x00FF))); break; case LMP_CTYPE_SERVICE_CONFIG_NETWORK_DIVERSITY: ND_PRINT((ndo, ""\n\t Diversity: Flags: %s"", bittok2str( lmp_obj_service_config_nsa_network_diversity_flag_values, ""none"", EXTRACT_16BITS(obj_tptr+2) & 0x00FF))); break; default: hexdump = TRUE; } break; default: if (ndo->ndo_vflag <= 1) print_unknown_data(ndo,obj_tptr,""\n\t "",obj_tlen); break; } if (ndo->ndo_vflag > 1 || hexdump==TRUE) print_unknown_data(ndo,tptr+sizeof(struct lmp_object_header),""\n\t "", lmp_obj_len-sizeof(struct lmp_object_header)); tptr+=lmp_obj_len; tlen-=lmp_obj_len; } return; trunc: ND_PRINT((ndo, ""\n\t\t packet exceeded snapshot"")); }",visit repo url,print-lmp.c,https://github.com/the-tcpdump-group/tcpdump,46310679814715,1 1860,['CWE-189'],"gnutls_rehandshake (gnutls_session_t session) { int ret; if (session->security_parameters.entity == GNUTLS_CLIENT) return GNUTLS_E_INVALID_REQUEST; ret = _gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST, AGAIN (STATE50)); STATE = STATE50; if (ret < 0) { gnutls_assert (); return ret; } STATE = STATE0; return 0; }",gnutls,,,152051129810287433938137079743377169328,0 5607,CWE-125,"ast_for_trailer(struct compiling *c, const node *n, expr_ty left_expr) { REQ(n, trailer); if (TYPE(CHILD(n, 0)) == LPAR) { if (NCH(n) == 2) return Call(left_expr, NULL, NULL, LINENO(n), n->n_col_offset, c->c_arena); else return ast_for_call(c, CHILD(n, 1), left_expr); } else if (TYPE(CHILD(n, 0)) == DOT) { PyObject *attr_id = NEW_IDENTIFIER(CHILD(n, 1)); if (!attr_id) return NULL; return Attribute(left_expr, attr_id, Load, LINENO(n), n->n_col_offset, c->c_arena); } else { REQ(CHILD(n, 0), LSQB); REQ(CHILD(n, 2), RSQB); n = CHILD(n, 1); if (NCH(n) == 1) { slice_ty slc = ast_for_slice(c, CHILD(n, 0)); if (!slc) return NULL; return Subscript(left_expr, slc, Load, LINENO(n), n->n_col_offset, c->c_arena); } else { int j; slice_ty slc; expr_ty e; int simple = 1; asdl_seq *slices, *elts; slices = _Ta3_asdl_seq_new((NCH(n) + 1) / 2, c->c_arena); if (!slices) return NULL; for (j = 0; j < NCH(n); j += 2) { slc = ast_for_slice(c, CHILD(n, j)); if (!slc) return NULL; if (slc->kind != Index_kind) simple = 0; asdl_seq_SET(slices, j / 2, slc); } if (!simple) { return Subscript(left_expr, ExtSlice(slices, c->c_arena), Load, LINENO(n), n->n_col_offset, c->c_arena); } elts = _Ta3_asdl_seq_new(asdl_seq_LEN(slices), c->c_arena); if (!elts) return NULL; for (j = 0; j < asdl_seq_LEN(slices); ++j) { slc = (slice_ty)asdl_seq_GET(slices, j); assert(slc->kind == Index_kind && slc->v.Index.value); asdl_seq_SET(elts, j, slc->v.Index.value); } e = Tuple(elts, Load, LINENO(n), n->n_col_offset, c->c_arena); if (!e) return NULL; return Subscript(left_expr, Index(e, c->c_arena), Load, LINENO(n), n->n_col_offset, c->c_arena); } } }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,74779696884580,1 5363,CWE-787,"int pdf_load_xrefs(FILE *fp, pdf_t *pdf) { int i, ver, is_linear; long pos, pos_count; char x, *c, buf[256]; c = NULL; pdf->n_xrefs = 0; fseek(fp, 0, SEEK_SET); while (get_next_eof(fp) >= 0) ++pdf->n_xrefs; if (!pdf->n_xrefs) return 0; fseek(fp, 0, SEEK_SET); pdf->xrefs = calloc(1, sizeof(xref_t) * pdf->n_xrefs); ver = 1; for (i=0; in_xrefs; i++) { if ((pos = get_next_eof(fp)) < 0) break; pdf->xrefs[i].version = ver++; pos_count = 0; while (SAFE_F(fp, ((x = fgetc(fp)) != 'f'))) fseek(fp, pos - (++pos_count), SEEK_SET); if (pos_count >= sizeof(buf)) { ERR(""Failed to locate the startxref token. "" ""This might be a corrupt PDF.\n""); return -1; } memset(buf, 0, sizeof(buf)); SAFE_E(fread(buf, 1, pos_count, fp), pos_count, ""Failed to read startxref.\n""); c = buf; while (*c == ' ' || *c == '\n' || *c == '\r') ++c; pdf->xrefs[i].start = atol(c); if (pdf->xrefs[i].start == 0) get_xref_linear_skipped(fp, &pdf->xrefs[i]); else { pos = ftell(fp); fseek(fp, pdf->xrefs[i].start, SEEK_SET); pdf->xrefs[i].end = get_next_eof(fp); fseek(fp, pos, SEEK_SET); } if (!is_valid_xref(fp, pdf, &pdf->xrefs[i])) { is_linear = pdf->xrefs[i].is_linear; memset(&pdf->xrefs[i], 0, sizeof(xref_t)); pdf->xrefs[i].is_linear = is_linear; rewind(fp); get_next_eof(fp); continue; } load_xref_entries(fp, &pdf->xrefs[i]); } if (pdf->xrefs[0].is_linear) resolve_linearized_pdf(pdf); load_creator(fp, pdf); return pdf->n_xrefs; }",visit repo url,pdf.c,https://github.com/enferex/pdfresurrect,93564003732825,1 3634,['CWE-287'],"static inline int sctp_peer_needs_update(struct sctp_association *asoc) { switch (asoc->state) { case SCTP_STATE_ESTABLISHED: case SCTP_STATE_SHUTDOWN_PENDING: case SCTP_STATE_SHUTDOWN_RECEIVED: case SCTP_STATE_SHUTDOWN_SENT: if ((asoc->rwnd > asoc->a_rwnd) && ((asoc->rwnd - asoc->a_rwnd) >= min_t(__u32, (asoc->base.sk->sk_rcvbuf >> 1), asoc->pathmtu))) return 1; break; default: break; } return 0; }",linux-2.6,,,76248221053476505852576459051319258138,0 2248,CWE-400,"NORET_TYPE void do_exit(long code) { struct task_struct *tsk = current; int group_dead; profile_task_exit(tsk); WARN_ON(atomic_read(&tsk->fs_excl)); if (unlikely(in_interrupt())) panic(""Aiee, killing interrupt handler!""); if (unlikely(!tsk->pid)) panic(""Attempted to kill the idle task!""); tracehook_report_exit(&code); validate_creds_for_do_exit(tsk); if (unlikely(tsk->flags & PF_EXITING)) { printk(KERN_ALERT ""Fixing recursive fault but reboot is needed!\n""); tsk->flags |= PF_EXITPIDONE; set_current_state(TASK_UNINTERRUPTIBLE); schedule(); } exit_irq_thread(); exit_signals(tsk); smp_mb(); spin_unlock_wait(&tsk->pi_lock); if (unlikely(in_atomic())) printk(KERN_INFO ""note: %s[%d] exited with preempt_count %d\n"", current->comm, task_pid_nr(current), preempt_count()); acct_update_integrals(tsk); group_dead = atomic_dec_and_test(&tsk->signal->live); if (group_dead) { hrtimer_cancel(&tsk->signal->real_timer); exit_itimers(tsk->signal); if (tsk->mm) setmax_mm_hiwater_rss(&tsk->signal->maxrss, tsk->mm); } acct_collect(code, group_dead); if (group_dead) tty_audit_exit(); if (unlikely(tsk->audit_context)) audit_free(tsk); tsk->exit_code = code; taskstats_exit(tsk, group_dead); exit_mm(tsk); if (group_dead) acct_process(); trace_sched_process_exit(tsk); exit_sem(tsk); exit_files(tsk); exit_fs(tsk); check_stack_usage(); exit_thread(); cgroup_exit(tsk, 1); if (group_dead && tsk->signal->leader) disassociate_ctty(1); module_put(task_thread_info(tsk)->exec_domain->module); proc_exit_connector(tsk); perf_event_exit_task(tsk); exit_notify(tsk, group_dead); #ifdef CONFIG_NUMA mpol_put(tsk->mempolicy); tsk->mempolicy = NULL; #endif #ifdef CONFIG_FUTEX if (unlikely(current->pi_state_cache)) kfree(current->pi_state_cache); #endif debug_check_no_locks_held(tsk); tsk->flags |= PF_EXITPIDONE; if (tsk->io_context) exit_io_context(); if (tsk->splice_pipe) __free_pipe_info(tsk->splice_pipe); validate_creds_for_do_exit(tsk); preempt_disable(); exit_rcu(); tsk->state = TASK_DEAD; schedule(); BUG(); for (;;) cpu_relax(); }",visit repo url,kernel/exit.c,https://github.com/torvalds/linux,172038047155372,1 1585,CWE-415,"sg_common_write(Sg_fd * sfp, Sg_request * srp, unsigned char *cmnd, int timeout, int blocking) { int k, at_head; Sg_device *sdp = sfp->parentdp; sg_io_hdr_t *hp = &srp->header; srp->data.cmd_opcode = cmnd[0]; hp->status = 0; hp->masked_status = 0; hp->msg_status = 0; hp->info = 0; hp->host_status = 0; hp->driver_status = 0; hp->resid = 0; SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, ""sg_common_write: scsi opcode=0x%02x, cmd_size=%d\n"", (int) cmnd[0], (int) hp->cmd_len)); k = sg_start_req(srp, cmnd); if (k) { SCSI_LOG_TIMEOUT(1, sg_printk(KERN_INFO, sfp->parentdp, ""sg_common_write: start_req err=%d\n"", k)); sg_finish_rem_req(srp); return k; } if (atomic_read(&sdp->detaching)) { if (srp->bio) blk_end_request_all(srp->rq, -EIO); sg_finish_rem_req(srp); return -ENODEV; } hp->duration = jiffies_to_msecs(jiffies); if (hp->interface_id != '\0' && (SG_FLAG_Q_AT_TAIL & hp->flags)) at_head = 0; else at_head = 1; srp->rq->timeout = timeout; kref_get(&sfp->f_ref); blk_execute_rq_nowait(sdp->device->request_queue, sdp->disk, srp->rq, at_head, sg_rq_end_io); return 0; }",visit repo url,drivers/scsi/sg.c,https://github.com/torvalds/linux,153559001277278,1 4954,['CWE-20'],"int nfs_access_get_cached(struct inode *inode, struct rpc_cred *cred, struct nfs_access_entry *res) { struct nfs_inode *nfsi = NFS_I(inode); struct nfs_access_entry *cache; int err = -ENOENT; spin_lock(&inode->i_lock); if (nfsi->cache_validity & NFS_INO_INVALID_ACCESS) goto out_zap; cache = nfs_access_search_rbtree(inode, cred); if (cache == NULL) goto out; if (time_after(jiffies, cache->jiffies + NFS_ATTRTIMEO(inode))) goto out_stale; res->jiffies = cache->jiffies; res->cred = cache->cred; res->mask = cache->mask; list_move_tail(&cache->lru, &nfsi->access_cache_entry_lru); err = 0; out: spin_unlock(&inode->i_lock); return err; out_stale: rb_erase(&cache->rb_node, &nfsi->access_cache); list_del(&cache->lru); spin_unlock(&inode->i_lock); nfs_access_free_entry(cache); return -ENOENT; out_zap: __nfs_access_zap_cache(inode); return -ENOENT; }",linux-2.6,,,316966427764200595635823442600594994346,0 6287,['CWE-200'],"struct Qdisc *qdisc_lookup(struct net_device *dev, u32 handle) { struct Qdisc *q; read_lock_bh(&qdisc_tree_lock); list_for_each_entry(q, &dev->qdisc_list, list) { if (q->handle == handle) { read_unlock_bh(&qdisc_tree_lock); return q; } } read_unlock_bh(&qdisc_tree_lock); return NULL; }",linux-2.6,,,116981024603985597644714718486401698137,0 1982,CWE-476,"static int sd_isoc_init(struct gspca_dev *gspca_dev) { struct usb_host_interface *alt; int max_packet_size; switch (gspca_dev->pixfmt.width) { case 160: max_packet_size = 450; break; case 176: max_packet_size = 600; break; default: max_packet_size = 1022; break; } alt = &gspca_dev->dev->actconfig->intf_cache[0]->altsetting[1]; alt->endpoint[0].desc.wMaxPacketSize = cpu_to_le16(max_packet_size); return 0; }",visit repo url,drivers/media/usb/gspca/xirlink_cit.c,https://github.com/torvalds/linux,16636013606435,1 4887,['CWE-399'],"clear_selection(void) { highlight_pointer(-1); if (sel_start != -1) { highlight(sel_start, sel_end); sel_start = -1; } }",linux-2.6,,,29590775343466724773208350767976850708,0 3836,[],"int cap_ptrace_may_access(struct task_struct *child, unsigned int mode) { if (cap_issubset(child->cap_permitted, current->cap_permitted)) return 0; if (capable(CAP_SYS_PTRACE)) return 0; return -EPERM; }",linux-2.6,,,194157329590515260159254034364443589619,0 1554,[],"__setscheduler(struct rq *rq, struct task_struct *p, int policy, int prio) { BUG_ON(p->se.on_rq); p->policy = policy; switch (p->policy) { case SCHED_NORMAL: case SCHED_BATCH: case SCHED_IDLE: p->sched_class = &fair_sched_class; break; case SCHED_FIFO: case SCHED_RR: p->sched_class = &rt_sched_class; break; } p->rt_priority = prio; p->normal_prio = normal_prio(p); p->prio = rt_mutex_getprio(p); set_load_weight(p); }",linux-2.6,,,49256867179603550933321106200102353181,0 4142,['CWE-399'],"static void register_browse_domain(AvahiServer *s) { assert(s); if (!s->config.publish_domain) return; if (avahi_domain_equal(s->domain_name, ""local"")) return; if (s->browse_domain_entry_group) assert(avahi_s_entry_group_is_empty(s->browse_domain_entry_group)); else s->browse_domain_entry_group = avahi_s_entry_group_new(s, NULL, NULL); if (!s->browse_domain_entry_group) { avahi_log_warn(""Failed to create browse domain entry group: %s"", avahi_strerror(s->error)); return; } if (avahi_server_add_ptr(s, s->browse_domain_entry_group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, 0, AVAHI_DEFAULT_TTL, ""b._dns-sd._udp.local"", s->domain_name) < 0) { avahi_log_warn(""Failed to add browse domain RR: %s"", avahi_strerror(s->error)); return; } if (avahi_s_entry_group_commit(s->browse_domain_entry_group) < 0) avahi_log_warn(""Failed to commit browse domain entry group: %s"", avahi_strerror(s->error)); }",avahi,,,285310174489951318827492610416780367684,0 4178,['CWE-399'],"int avahi_server_is_service_local(AvahiServer *s, AvahiIfIndex interface, AvahiProtocol protocol, const char *name) { AvahiKey *key = NULL; AvahiEntry *e; assert(s); assert(name); if (!s->host_name_fqdn) return 0; if (!(key = avahi_key_new(name, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_SRV))) return 0; e = find_entry(s, interface, protocol, key); avahi_key_unref(key); if (!e) return 0; return avahi_domain_equal(s->host_name_fqdn, e->record->data.srv.name); }",avahi,,,259163207958001001942151664188117120725,0 5888,['CWE-200'],"static unsigned short nr_find_next_circuit(void) { unsigned short id = circuit; unsigned char i, j; struct sock *sk; for (;;) { i = id / 256; j = id % 256; if (i != 0 && j != 0) { if ((sk=nr_find_socket(i, j)) == NULL) break; bh_unlock_sock(sk); } id++; } return id; }",linux-2.6,,,68881671152329709637490025712258966461,0 1920,['CWE-20'],"static void remove_anon_migration_ptes(struct page *old, struct page *new) { struct anon_vma *anon_vma; struct vm_area_struct *vma; unsigned long mapping; mapping = (unsigned long)new->mapping; if (!mapping || (mapping & PAGE_MAPPING_ANON) == 0) return; anon_vma = (struct anon_vma *) (mapping - PAGE_MAPPING_ANON); spin_lock(&anon_vma->lock); list_for_each_entry(vma, &anon_vma->head, anon_vma_node) remove_migration_pte(vma, old, new); spin_unlock(&anon_vma->lock); }",linux-2.6,,,190753955089899488658210703472231124440,0 4036,['CWE-362'],"u32 inotify_get_cookie(void) { return atomic_inc_return(&inotify_cookie); }",linux-2.6,,,274778923358129734905256329536306875662,0 2428,['CWE-119'],"int diff_tree(struct tree_desc *t1, struct tree_desc *t2, const char *base, struct diff_options *opt) { int baselen = strlen(base); for (;;) { if (DIFF_OPT_TST(opt, QUIET) && DIFF_OPT_TST(opt, HAS_CHANGES)) break; if (opt->nr_paths) { skip_uninteresting(t1, base, baselen, opt); skip_uninteresting(t2, base, baselen, opt); } if (!t1->size) { if (!t2->size) break; show_entry(opt, ""+"", t2, base, baselen); update_tree_entry(t2); continue; } if (!t2->size) { show_entry(opt, ""-"", t1, base, baselen); update_tree_entry(t1); continue; } switch (compare_tree_entry(t1, t2, base, baselen, opt)) { case -1: update_tree_entry(t1); continue; case 0: update_tree_entry(t1); case 1: update_tree_entry(t2); continue; } die(""git-diff-tree: internal error""); } return 0; }",git,,,305270654038148333741880745786905210144,0 1132,NVD-CWE-noinfo,"static int ext4_ext_convert_to_initialized(handle_t *handle, struct inode *inode, struct ext4_map_blocks *map, struct ext4_ext_path *path) { struct ext4_extent *ex, newex, orig_ex; struct ext4_extent *ex1 = NULL; struct ext4_extent *ex2 = NULL; struct ext4_extent *ex3 = NULL; struct ext4_extent_header *eh; ext4_lblk_t ee_block, eof_block; unsigned int allocated, ee_len, depth; ext4_fsblk_t newblock; int err = 0; int ret = 0; int may_zeroout; ext_debug(""ext4_ext_convert_to_initialized: inode %lu, logical"" ""block %llu, max_blocks %u\n"", inode->i_ino, (unsigned long long)map->m_lblk, map->m_len); eof_block = (inode->i_size + inode->i_sb->s_blocksize - 1) >> inode->i_sb->s_blocksize_bits; if (eof_block < map->m_lblk + map->m_len) eof_block = map->m_lblk + map->m_len; depth = ext_depth(inode); eh = path[depth].p_hdr; ex = path[depth].p_ext; ee_block = le32_to_cpu(ex->ee_block); ee_len = ext4_ext_get_actual_len(ex); allocated = ee_len - (map->m_lblk - ee_block); newblock = map->m_lblk - ee_block + ext4_ext_pblock(ex); ex2 = ex; orig_ex.ee_block = ex->ee_block; orig_ex.ee_len = cpu_to_le16(ee_len); ext4_ext_store_pblock(&orig_ex, ext4_ext_pblock(ex)); may_zeroout = ee_block + ee_len <= eof_block; err = ext4_ext_get_access(handle, inode, path + depth); if (err) goto out; if (ee_len <= 2*EXT4_EXT_ZERO_LEN && may_zeroout) { err = ext4_ext_zeroout(inode, &orig_ex); if (err) goto fix_extent_len; ex->ee_block = orig_ex.ee_block; ex->ee_len = orig_ex.ee_len; ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_dirty(handle, inode, path + depth); return allocated; } if (map->m_lblk > ee_block) { ex1 = ex; ex1->ee_len = cpu_to_le16(map->m_lblk - ee_block); ext4_ext_mark_uninitialized(ex1); ex2 = &newex; } if (!ex1 && allocated > map->m_len) ex2->ee_len = cpu_to_le16(map->m_len); if (allocated > map->m_len) { unsigned int newdepth; if (allocated <= EXT4_EXT_ZERO_LEN && may_zeroout) { ex->ee_block = orig_ex.ee_block; ex->ee_len = cpu_to_le16(ee_len - allocated); ext4_ext_mark_uninitialized(ex); ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_dirty(handle, inode, path + depth); ex3 = &newex; ex3->ee_block = cpu_to_le32(map->m_lblk); ext4_ext_store_pblock(ex3, newblock); ex3->ee_len = cpu_to_le16(allocated); err = ext4_ext_insert_extent(handle, inode, path, ex3, 0); if (err == -ENOSPC) { err = ext4_ext_zeroout(inode, &orig_ex); if (err) goto fix_extent_len; ex->ee_block = orig_ex.ee_block; ex->ee_len = orig_ex.ee_len; ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_dirty(handle, inode, path + depth); return allocated; } else if (err) goto fix_extent_len; err = ext4_ext_zeroout(inode, ex3); if (err) { depth = ext_depth(inode); ext4_ext_drop_refs(path); path = ext4_ext_find_extent(inode, map->m_lblk, path); if (IS_ERR(path)) { err = PTR_ERR(path); return err; } ex = path[depth].p_ext; err = ext4_ext_get_access(handle, inode, path + depth); if (err) return err; ext4_ext_mark_uninitialized(ex); ext4_ext_dirty(handle, inode, path + depth); return err; } return allocated; } ex3 = &newex; ex3->ee_block = cpu_to_le32(map->m_lblk + map->m_len); ext4_ext_store_pblock(ex3, newblock + map->m_len); ex3->ee_len = cpu_to_le16(allocated - map->m_len); ext4_ext_mark_uninitialized(ex3); err = ext4_ext_insert_extent(handle, inode, path, ex3, 0); if (err == -ENOSPC && may_zeroout) { err = ext4_ext_zeroout(inode, &orig_ex); if (err) goto fix_extent_len; ex->ee_block = orig_ex.ee_block; ex->ee_len = orig_ex.ee_len; ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_dirty(handle, inode, path + depth); return allocated; } else if (err) goto fix_extent_len; newdepth = ext_depth(inode); ee_len -= ext4_ext_get_actual_len(ex3); orig_ex.ee_len = cpu_to_le16(ee_len); may_zeroout = ee_block + ee_len <= eof_block; depth = newdepth; ext4_ext_drop_refs(path); path = ext4_ext_find_extent(inode, map->m_lblk, path); if (IS_ERR(path)) { err = PTR_ERR(path); goto out; } eh = path[depth].p_hdr; ex = path[depth].p_ext; if (ex2 != &newex) ex2 = ex; err = ext4_ext_get_access(handle, inode, path + depth); if (err) goto out; allocated = map->m_len; if (le16_to_cpu(orig_ex.ee_len) <= EXT4_EXT_ZERO_LEN && map->m_lblk != ee_block && may_zeroout) { err = ext4_ext_zeroout(inode, &orig_ex); if (err) goto fix_extent_len; ex->ee_block = orig_ex.ee_block; ex->ee_len = orig_ex.ee_len; ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_dirty(handle, inode, path + depth); return allocated; } } if (ex1 && ex1 != ex) { ex1 = ex; ex1->ee_len = cpu_to_le16(map->m_lblk - ee_block); ext4_ext_mark_uninitialized(ex1); ex2 = &newex; } ex2->ee_block = cpu_to_le32(map->m_lblk); ext4_ext_store_pblock(ex2, newblock); ex2->ee_len = cpu_to_le16(allocated); if (ex2 != ex) goto insert; if (ex2 > EXT_FIRST_EXTENT(eh)) { ret = ext4_ext_try_to_merge(inode, path, ex2 - 1); if (ret) { err = ext4_ext_correct_indexes(handle, inode, path); if (err) goto out; depth = ext_depth(inode); ex2--; } } if (!ex3) { ret = ext4_ext_try_to_merge(inode, path, ex2); if (ret) { err = ext4_ext_correct_indexes(handle, inode, path); if (err) goto out; } } err = ext4_ext_dirty(handle, inode, path + depth); goto out; insert: err = ext4_ext_insert_extent(handle, inode, path, &newex, 0); if (err == -ENOSPC && may_zeroout) { err = ext4_ext_zeroout(inode, &orig_ex); if (err) goto fix_extent_len; ex->ee_block = orig_ex.ee_block; ex->ee_len = orig_ex.ee_len; ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_dirty(handle, inode, path + depth); return allocated; } else if (err) goto fix_extent_len; out: ext4_ext_show_leaf(inode, path); return err ? err : allocated; fix_extent_len: ex->ee_block = orig_ex.ee_block; ex->ee_len = orig_ex.ee_len; ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_mark_uninitialized(ex); ext4_ext_dirty(handle, inode, path + depth); return err; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,116132205117840,1 4215,CWE-125,"static bool r_bin_mdmp_init_directory(struct r_bin_mdmp_obj *obj) { int i; ut8 *directory_base; struct minidump_directory *entry; directory_base = obj->b->buf + obj->hdr->stream_directory_rva; sdb_num_set (obj->kv, ""mdmp_directory.offset"", obj->hdr->stream_directory_rva, 0); sdb_set (obj->kv, ""mdmp_directory.format"", ""[4]E? "" ""(mdmp_stream_type)StreamType "" ""(mdmp_location_descriptor)Location"", 0); for (i = 0; i < (int)obj->hdr->number_of_streams; i++) { entry = (struct minidump_directory *)(directory_base + (i * sizeof (struct minidump_directory))); r_bin_mdmp_init_directory_entry (obj, entry); } return true; }",visit repo url,libr/bin/format/mdmp/mdmp.c,https://github.com/radareorg/radare2,151117945286647,1 71,['CWE-787'],"glue(glue(cirrus_bitblt_rop_fwd_transp_, ROP_NAME),_16)(CirrusVGAState *s, uint8_t *dst,const uint8_t *src, int dstpitch,int srcpitch, int bltwidth,int bltheight) { int x,y; uint8_t p1, p2; dstpitch -= bltwidth; srcpitch -= bltwidth; for (y = 0; y < bltheight; y++) { for (x = 0; x < bltwidth; x+=2) { p1 = *dst; p2 = *(dst+1); ROP_OP(p1, *src); ROP_OP(p2, *(src+1)); if ((p1 != s->gr[0x34]) || (p2 != s->gr[0x35])) { *dst = p1; *(dst+1) = p2; } dst+=2; src+=2; } dst += dstpitch; src += srcpitch; } }",qemu,,,309776445459440605011341672792989943208,0 569,[],"static int bad_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { return -EIO; }",linux-2.6,,,89948358154001139027924220874220103014,0 4112,CWE-74,"int valid_field (const char *field, const char *illegal) { const char *cp; int err = 0; if (NULL == field) { return -1; } for (cp = field; '\0' != *cp; cp++) { if (strchr (illegal, *cp) != NULL) { err = -1; break; } } if (0 == err) { for (cp = field; '\0' != *cp; cp++) { if (!isprint (*cp)) { err = 1; break; } } } return err; }",visit repo url,lib/fields.c,https://github.com/shadow-maint/shadow,174764108206109,1 3382,['CWE-264'],"asmlinkage long sys_fchmodat(int dfd, const char __user *filename, mode_t mode) { struct nameidata nd; struct inode * inode; int error; struct iattr newattrs; error = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW, &nd); if (error) goto out; inode = nd.dentry->d_inode; error = -EROFS; if (IS_RDONLY(inode)) goto dput_and_out; error = -EPERM; if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) goto dput_and_out; mutex_lock(&inode->i_mutex); if (mode == (mode_t) -1) mode = inode->i_mode; newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; error = notify_change(nd.dentry, &newattrs); mutex_unlock(&inode->i_mutex); dput_and_out: path_release(&nd); out: return error; }",linux-2.6,,,100580457573581164184430691571487706698,0 6751,CWE-787,"int dns_add_rr_nested_memcpy(struct dns_rr_nested *rr_nested, void *data, int data_len) { if (rr_nested == NULL || data == NULL || data_len <= 0) { return -1; } if (_dns_left_len(&rr_nested->context) < data_len) { return -1; } memcpy(rr_nested->context.ptr, data, data_len); rr_nested->context.ptr += data_len; return 0; }",visit repo url,src/dns.c,https://github.com/pymumu/smartdns,67504593431377,1 515,['CWE-399'],"static struct pwc_device *cd_to_pwc(struct class_device *cd) { struct video_device *vdev = to_video_device(cd); return video_get_drvdata(vdev); }",linux-2.6,,,14818336876125544800755324162434155872,0 2927,['CWE-189'],"static int jas_iccprof_gettagtab(jas_stream_t *in, jas_icctagtab_t *tagtab) { int i; jas_icctagtabent_t *tagtabent; if (tagtab->ents) { jas_free(tagtab->ents); tagtab->ents = 0; } if (jas_iccgetuint32(in, &tagtab->numents)) goto error; if (!(tagtab->ents = jas_alloc2(tagtab->numents, sizeof(jas_icctagtabent_t)))) goto error; tagtabent = tagtab->ents; for (i = 0; i < JAS_CAST(long, tagtab->numents); ++i) { if (jas_iccgetuint32(in, &tagtabent->tag) || jas_iccgetuint32(in, &tagtabent->off) || jas_iccgetuint32(in, &tagtabent->len)) goto error; ++tagtabent; } return 0; error: if (tagtab->ents) { jas_free(tagtab->ents); tagtab->ents = 0; } return -1; }",jasper,,,169880265719600139801022780803466268266,0 4833,CWE-415,"int sc_file_set_sec_attr(sc_file_t *file, const u8 *sec_attr, size_t sec_attr_len) { u8 *tmp; if (!sc_file_valid(file)) { return SC_ERROR_INVALID_ARGUMENTS; } if (sec_attr == NULL) { if (file->sec_attr != NULL) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return 0; } tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); if (!tmp) { if (file->sec_attr) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; return 0; }",visit repo url,src/libopensc/sc.c,https://github.com/OpenSC/OpenSC,171861329616562,1 2493,CWE-190,"static int b_unpack (lua_State *L) { Header h; const char *fmt = luaL_checkstring(L, 1); size_t ld; const char *data = luaL_checklstring(L, 2, &ld); size_t pos = luaL_optinteger(L, 3, 1) - 1; defaultoptions(&h); lua_settop(L, 2); while (*fmt) { int opt = *fmt++; size_t size = optsize(L, opt, &fmt); pos += gettoalign(pos, &h, opt, size); luaL_argcheck(L, pos+size <= ld, 2, ""data string too short""); luaL_checkstack(L, 1, ""too many results""); switch (opt) { case 'b': case 'B': case 'h': case 'H': case 'l': case 'L': case 'T': case 'i': case 'I': { int issigned = islower(opt); lua_Number res = getinteger(data+pos, h.endian, issigned, size); lua_pushnumber(L, res); break; } case 'x': { break; } case 'f': { float f; memcpy(&f, data+pos, size); correctbytes((char *)&f, sizeof(f), h.endian); lua_pushnumber(L, f); break; } case 'd': { double d; memcpy(&d, data+pos, size); correctbytes((char *)&d, sizeof(d), h.endian); lua_pushnumber(L, d); break; } case 'c': { if (size == 0) { if (!lua_isnumber(L, -1)) luaL_error(L, ""format `c0' needs a previous size""); size = lua_tonumber(L, -1); lua_pop(L, 1); luaL_argcheck(L, pos+size <= ld, 2, ""data string too short""); } lua_pushlstring(L, data+pos, size); break; } case 's': { const char *e = (const char *)memchr(data+pos, '\0', ld - pos); if (e == NULL) luaL_error(L, ""unfinished string in data""); size = (e - (data+pos)) + 1; lua_pushlstring(L, data+pos, size - 1); break; } default: controloptions(L, opt, &fmt, &h); } pos += size; } lua_pushinteger(L, pos + 1); return lua_gettop(L) - 2; }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,255424934653550,1 3921,CWE-122,"normal_cmd( oparg_T *oap, int toplevel UNUSED) { cmdarg_T ca; int c; int ctrl_w = FALSE; int old_col = curwin->w_curswant; int need_flushbuf = FALSE; pos_T old_pos; int mapped_len; static int old_mapped_len = 0; int idx; int set_prevcount = FALSE; int save_did_cursorhold = did_cursorhold; CLEAR_FIELD(ca); ca.oap = oap; ca.opcount = opcount; #ifdef CURSOR_SHAPE c = finish_op; #endif finish_op = (oap->op_type != OP_NOP); #ifdef CURSOR_SHAPE if (finish_op != c) { ui_cursor_shape(); # ifdef FEAT_MOUSESHAPE update_mouseshape(-1); # endif } #endif may_trigger_modechanged(); if (!finish_op && !oap->regname) { ca.opcount = 0; #ifdef FEAT_EVAL set_prevcount = TRUE; #endif } if (oap->prev_opcount > 0 || oap->prev_count0 > 0) { ca.opcount = oap->prev_opcount; ca.count0 = oap->prev_count0; oap->prev_opcount = 0; oap->prev_count0 = 0; } mapped_len = typebuf_maplen(); State = MODE_NORMAL_BUSY; #ifdef USE_ON_FLY_SCROLL dont_scroll = FALSE; #endif #ifdef FEAT_EVAL if (toplevel && readbuf1_empty()) set_vcount_ca(&ca, &set_prevcount); #endif c = safe_vgetc(); LANGMAP_ADJUST(c, get_real_state() != MODE_SELECT); if (restart_edit == 0) old_mapped_len = 0; else if (old_mapped_len || (VIsual_active && mapped_len == 0 && typebuf_maplen() > 0)) old_mapped_len = typebuf_maplen(); if (c == NUL) c = K_ZERO; if (VIsual_active && VIsual_select && (vim_isprintc(c) || c == NL || c == CAR || c == K_KENTER)) { int len; len = ins_char_typebuf(vgetc_char, vgetc_mod_mask); if (KeyTyped) ungetchars(len); if (restart_edit != 0) c = 'd'; else c = 'c'; msg_nowait = TRUE; old_mapped_len = 0; } if (KeyTyped && !KeyStuffed) win_ensure_size(); need_flushbuf = add_to_showcmd(c); c = normal_cmd_get_count(&ca, c, toplevel, set_prevcount, &ctrl_w, &need_flushbuf); if (ctrl_w) { ca.nchar = c; ca.cmdchar = Ctrl_W; } else ca.cmdchar = c; idx = find_command(ca.cmdchar); if (idx < 0) { clearopbeep(oap); goto normal_end; } if ((nv_cmds[idx].cmd_flags & NV_NCW) && (check_text_locked(oap) || curbuf_locked())) goto normal_end; if (VIsual_active) { if (km_stopsel && (nv_cmds[idx].cmd_flags & NV_STS) && !(mod_mask & MOD_MASK_SHIFT)) { end_visual_mode(); redraw_curbuf_later(UPD_INVERTED); } if (km_startsel) { if (nv_cmds[idx].cmd_flags & NV_SS) { unshift_special(&ca); idx = find_command(ca.cmdchar); if (idx < 0) { clearopbeep(oap); goto normal_end; } } else if ((nv_cmds[idx].cmd_flags & NV_SSS) && (mod_mask & MOD_MASK_SHIFT)) mod_mask &= ~MOD_MASK_SHIFT; } } #ifdef FEAT_RIGHTLEFT if (curwin->w_p_rl && KeyTyped && !KeyStuffed && (nv_cmds[idx].cmd_flags & NV_RL)) { switch (ca.cmdchar) { case 'l': ca.cmdchar = 'h'; break; case K_RIGHT: ca.cmdchar = K_LEFT; break; case K_S_RIGHT: ca.cmdchar = K_S_LEFT; break; case K_C_RIGHT: ca.cmdchar = K_C_LEFT; break; case 'h': ca.cmdchar = 'l'; break; case K_LEFT: ca.cmdchar = K_RIGHT; break; case K_S_LEFT: ca.cmdchar = K_S_RIGHT; break; case K_C_LEFT: ca.cmdchar = K_C_RIGHT; break; case '>': ca.cmdchar = '<'; break; case '<': ca.cmdchar = '>'; break; } idx = find_command(ca.cmdchar); } #endif if (normal_cmd_needs_more_chars(&ca, nv_cmds[idx].cmd_flags)) idx = normal_cmd_get_more_chars(idx, &ca, &need_flushbuf); if (need_flushbuf) out_flush(); if (ca.cmdchar != K_IGNORE) { if (ex_normal_busy) did_cursorhold = save_did_cursorhold; else did_cursorhold = FALSE; } State = MODE_NORMAL; if (ca.nchar == ESC) { clearop(oap); if (restart_edit == 0 && goto_im()) restart_edit = 'a'; goto normal_end; } if (ca.cmdchar != K_IGNORE) { msg_didout = FALSE; msg_col = 0; } old_pos = curwin->w_cursor; if (!VIsual_active && km_startsel) { if (nv_cmds[idx].cmd_flags & NV_SS) { start_selection(); unshift_special(&ca); idx = find_command(ca.cmdchar); } else if ((nv_cmds[idx].cmd_flags & NV_SSS) && (mod_mask & MOD_MASK_SHIFT)) { start_selection(); mod_mask &= ~MOD_MASK_SHIFT; } } ca.arg = nv_cmds[idx].cmd_arg; (nv_cmds[idx].cmd_func)(&ca); if (!finish_op && !oap->op_type && (idx < 0 || !(nv_cmds[idx].cmd_flags & NV_KEEPREG))) { clearop(oap); #ifdef FEAT_EVAL reset_reg_var(); #endif } if (old_mapped_len > 0) old_mapped_len = typebuf_maplen(); if (ca.cmdchar != K_IGNORE && ca.cmdchar != K_MOUSEMOVE) do_pending_operator(&ca, old_col, FALSE); if (normal_cmd_need_to_wait_for_msg(&ca, &old_pos)) normal_cmd_wait_for_msg(); normal_end: msg_nowait = FALSE; #ifdef FEAT_EVAL if (finish_op) reset_reg_var(); #endif #ifdef CURSOR_SHAPE c = finish_op; #endif finish_op = FALSE; may_trigger_modechanged(); #ifdef CURSOR_SHAPE if (c || ca.cmdchar == 'r') { ui_cursor_shape(); # ifdef FEAT_MOUSESHAPE update_mouseshape(-1); # endif } #endif if (oap->op_type == OP_NOP && oap->regname == 0 && ca.cmdchar != K_CURSORHOLD) clear_showcmd(); checkpcmark(); vim_free(ca.searchbuf); if (has_mbyte) mb_adjust_cursor(); if (curwin->w_p_scb && toplevel) { validate_cursor(); do_check_scrollbind(TRUE); } if (curwin->w_p_crb && toplevel) { validate_cursor(); do_check_cursorbind(); } #ifdef FEAT_TERMINAL if (term_job_running(curbuf->b_term)) restart_edit = 0; #endif if ( oap->op_type == OP_NOP && ((restart_edit != 0 && !VIsual_active && old_mapped_len == 0) || restart_VIsual_select == 1) && !(ca.retval & CA_COMMAND_BUSY) && stuff_empty() && oap->regname == 0) { if (restart_VIsual_select == 1) { VIsual_select = TRUE; may_trigger_modechanged(); showmode(); restart_VIsual_select = 0; VIsual_select_reg = 0; } if (restart_edit != 0 && !VIsual_active && old_mapped_len == 0) (void)edit(restart_edit, FALSE, 1L); } if (restart_VIsual_select == 2) restart_VIsual_select = 1; opcount = ca.opcount; }",visit repo url,src/normal.c,https://github.com/vim/vim,57174438604764,1 212,[],"static struct atalk_iface *atalk_find_anynet(int node, struct net_device *dev) { struct atalk_iface *iface = dev->atalk_ptr; if (!iface || iface->status & ATIF_PROBE) goto out_err; if (node != ATADDR_BCAST && iface->address.s_node != node && node != ATADDR_ANYNODE) goto out_err; out: return iface; out_err: iface = NULL; goto out; }",history,,,146664585421768071204044038200164781302,0 399,[],"pfm_install_alt_pmu_interrupt(pfm_intr_handler_desc_t *hdl) { int ret, i; int reserve_cpu; if (hdl == NULL || hdl->handler == NULL) return -EINVAL; if (pfm_alt_intr_handler) return -EBUSY; if (!spin_trylock(&pfm_alt_install_check)) { return -EBUSY; } for_each_online_cpu(reserve_cpu) { ret = pfm_reserve_session(NULL, 1, reserve_cpu); if (ret) goto cleanup_reserve; } ret = on_each_cpu(pfm_alt_save_pmu_state, NULL, 0, 1); if (ret) { DPRINT((""on_each_cpu() failed: %d\n"", ret)); goto cleanup_reserve; } pfm_alt_intr_handler = hdl; spin_unlock(&pfm_alt_install_check); return 0; cleanup_reserve: for_each_online_cpu(i) { if (i >= reserve_cpu) break; pfm_unreserve_session(NULL, 1, i); } spin_unlock(&pfm_alt_install_check); return ret; }",linux-2.6,,,30707919006474799005947014953870966103,0 4597,['CWE-399'],"static int ext4_calc_metadata_amount(struct inode *inode, int blocks) { if (!blocks) return 0; if (EXT4_I(inode)->i_flags & EXT4_EXTENTS_FL) return ext4_ext_calc_metadata_amount(inode, blocks); return ext4_indirect_calc_metadata_amount(inode, blocks); }",linux-2.6,,,87206095020575084337160562330974132747,0 1391,[],"static struct task_struct *pick_next_task_fair(struct rq *rq) { struct task_struct *p; struct cfs_rq *cfs_rq = &rq->cfs; struct sched_entity *se; if (unlikely(!cfs_rq->nr_running)) return NULL; do { se = pick_next_entity(cfs_rq); cfs_rq = group_cfs_rq(se); } while (cfs_rq); p = task_of(se); hrtick_start_fair(rq, p); return p; }",linux-2.6,,,108963055352993174809418442026381291644,0 4677,CWE-732,"M_fs_error_t M_fs_delete(const char *path, M_bool remove_children, M_fs_progress_cb_t cb, M_uint32 progress_flags) { char *norm_path; char *join_path; M_fs_dir_entries_t *entries; const M_fs_dir_entry_t *entry; M_fs_info_t *info; M_fs_progress_t *progress = NULL; M_fs_dir_walk_filter_t filter = M_FS_DIR_WALK_FILTER_ALL|M_FS_DIR_WALK_FILTER_RECURSE; M_fs_type_t type; M_fs_error_t res; M_fs_error_t res2; size_t len; size_t i; M_uint64 total_size = 0; M_uint64 total_size_progress = 0; M_uint64 entry_size; res = M_fs_path_norm(&norm_path, path, M_FS_PATH_NORM_HOME, M_FS_SYSTEM_AUTO); if (res != M_FS_ERROR_SUCCESS) { M_free(norm_path); return res; } res = M_fs_info(&info, norm_path, M_FS_PATH_INFO_FLAGS_BASIC); if (res != M_FS_ERROR_SUCCESS) { M_free(norm_path); return res; } type = M_fs_info_get_type(info); if (type == M_FS_TYPE_UNKNOWN) { M_fs_info_destroy(info); M_free(norm_path); return M_FS_ERROR_GENERIC; } entries = M_fs_dir_entries_create(); if (type == M_FS_TYPE_DIR && remove_children) { if (cb && progress_flags & (M_FS_PROGRESS_SIZE_TOTAL|M_FS_PROGRESS_SIZE_CUR)) { filter |= M_FS_DIR_WALK_FILTER_READ_INFO_BASIC; } M_fs_dir_entries_merge(&entries, M_fs_dir_walk_entries(norm_path, NULL, filter)); } M_fs_dir_entries_insert(entries, M_fs_dir_walk_fill_entry(norm_path, NULL, type, info, M_FS_DIR_WALK_FILTER_READ_INFO_BASIC)); len = M_fs_dir_entries_len(entries); if (cb) { progress = M_fs_progress_create(); if (progress_flags & M_FS_PROGRESS_SIZE_TOTAL) { for (i=0; i= 3) default_branch = argv[2]; if (argc > 3) return usage_error (context, _(""Too many arguments""), error); kinds = FLATPAK_KINDS_APP | FLATPAK_KINDS_RUNTIME; if (!opt_user && !opt_system && opt_installations == NULL) search_all = TRUE; dir = flatpak_find_installed_pref (pref, kinds, opt_arch, default_branch, search_all, opt_user, opt_system, opt_installations, &ref, cancellable, error); if (dir == NULL) return FALSE; deploy_data = flatpak_dir_get_deploy_data (dir, ref, FLATPAK_DEPLOY_VERSION_CURRENT, cancellable, error); if (deploy_data == NULL) return FALSE; deploy = flatpak_dir_load_deployed (dir, ref, NULL, cancellable, error); if (deploy == NULL) return FALSE; commit = flatpak_deploy_data_get_commit (deploy_data); alt_id = flatpak_deploy_data_get_alt_id (deploy_data); origin = flatpak_deploy_data_get_origin (deploy_data); size = flatpak_deploy_data_get_installed_size (deploy_data); formatted_size = g_format_size (size); deploy_dir = flatpak_deploy_get_dir (deploy); path = flatpak_file_get_path_cached (deploy_dir); subpaths = flatpak_deploy_data_get_subpaths (deploy_data); eol = flatpak_deploy_data_get_eol (deploy_data); eol_rebase = flatpak_deploy_data_get_eol_rebase (deploy_data); name = flatpak_deploy_data_get_appdata_name (deploy_data); summary = flatpak_deploy_data_get_appdata_summary (deploy_data); version = flatpak_deploy_data_get_appdata_version (deploy_data); license = flatpak_deploy_data_get_appdata_license (deploy_data); metakey = flatpak_deploy_get_metadata (deploy); if (opt_show_ref || opt_show_origin || opt_show_commit || opt_show_size || opt_show_metadata || opt_show_permissions || opt_file_access || opt_show_location || opt_show_runtime || opt_show_sdk) friendly = FALSE; if (friendly) { g_autoptr(GVariant) commit_v = NULL; VarMetadataRef commit_metadata; guint64 timestamp; g_autofree char *formatted_timestamp = NULL; const gchar *subject = NULL; g_autofree char *parent = NULL; g_autofree char *latest = NULL; const char *xa_metadata = NULL; const char *collection_id = NULL; flatpak_get_window_size (&rows, &cols); if (name) { if (summary) print_wrapped (MIN (cols, 80), ""\n%s - %s\n"", name, summary); else print_wrapped (MIN (cols, 80), ""\n%s\n"", name); } latest = flatpak_dir_read_latest (dir, origin, flatpak_decomposed_get_ref (ref), NULL, NULL, NULL); if (latest == NULL) latest = g_strdup (_(""ref not present in origin"")); if (ostree_repo_load_commit (flatpak_dir_get_repo (dir), commit, &commit_v, NULL, NULL)) { VarCommitRef var_commit = var_commit_from_gvariant (commit_v); subject = var_commit_get_subject (var_commit); parent = ostree_commit_get_parent (commit_v); timestamp = ostree_commit_get_timestamp (commit_v); formatted_timestamp = format_timestamp (timestamp); commit_metadata = var_commit_get_metadata (var_commit); xa_metadata = var_metadata_lookup_string (commit_metadata, ""xa.metadata"", NULL); if (xa_metadata == NULL) g_printerr (_(""Warning: Commit has no flatpak metadata\n"")); collection_id = var_metadata_lookup_string (commit_metadata, ""ostree.collection-binding"", NULL); } len = 0; len = MAX (len, g_utf8_strlen (_(""ID:""), -1)); len = MAX (len, g_utf8_strlen (_(""Ref:""), -1)); len = MAX (len, g_utf8_strlen (_(""Arch:""), -1)); len = MAX (len, g_utf8_strlen (_(""Branch:""), -1)); if (version) len = MAX (len, g_utf8_strlen (_(""Version:""), -1)); if (license) len = MAX (len, g_utf8_strlen (_(""License:""), -1)); if (collection_id != NULL) len = MAX (len, g_utf8_strlen (_(""Collection:""), -1)); len = MAX (len, g_utf8_strlen (_(""Installation:""), -1)); len = MAX (len, g_utf8_strlen (_(""Installed:""), -1)); if (flatpak_decomposed_is_app (ref)) { len = MAX (len, g_utf8_strlen (_(""Runtime:""), -1)); len = MAX (len, g_utf8_strlen (_(""Sdk:""), -1)); } if (formatted_timestamp) len = MAX (len, g_utf8_strlen (_(""Date:""), -1)); if (subject) len = MAX (len, g_utf8_strlen (_(""Subject:""), -1)); if (strcmp (commit, latest) != 0) { len = MAX (len, g_utf8_strlen (_(""Active commit:""), -1)); len = MAX (len, g_utf8_strlen (_(""Latest commit:""), -1)); } else len = MAX (len, g_utf8_strlen (_(""Commit:""), -1)); if (parent) len = MAX (len, g_utf8_strlen (_(""Parent:""), -1)); if (alt_id) len = MAX (len, g_utf8_strlen (_(""Alt-id:""), -1)); if (eol) len = MAX (len, g_utf8_strlen (_(""End-of-life:""), -1)); if (eol_rebase) len = MAX (len, g_utf8_strlen (_(""End-of-life-rebase:""), -1)); if (subpaths[0] != NULL) len = MAX (len, g_utf8_strlen (_(""Subdirectories:""), -1)); len = MAX (len, g_utf8_strlen (_(""Extension:""), -1)); width = cols - (len + 1); print_aligned_take (len, _(""ID:""), flatpak_decomposed_dup_id (ref)); print_aligned (len, _(""Ref:""), flatpak_decomposed_get_ref (ref)); print_aligned_take (len, _(""Arch:""), flatpak_decomposed_dup_arch (ref)); print_aligned_take (len, _(""Branch:""), flatpak_decomposed_dup_branch (ref)); if (version) print_aligned (len, _(""Version:""), version); if (license) print_aligned (len, _(""License:""), license); print_aligned (len, _(""Origin:""), origin ? origin : ""-""); if (collection_id) print_aligned (len, _(""Collection:""), collection_id); print_aligned (len, _(""Installation:""), flatpak_dir_get_name_cached (dir)); print_aligned (len, _(""Installed:""), formatted_size); if (flatpak_decomposed_is_app (ref)) { g_autofree char *runtime = NULL; runtime = g_key_file_get_string (metakey, FLATPAK_METADATA_GROUP_APPLICATION, FLATPAK_METADATA_KEY_RUNTIME, error); print_aligned (len, _(""Runtime:""), runtime ? runtime : ""-""); } if (flatpak_decomposed_is_app (ref)) { g_autofree char *sdk = NULL; sdk = g_key_file_get_string (metakey, FLATPAK_METADATA_GROUP_APPLICATION, FLATPAK_METADATA_KEY_SDK, error); print_aligned (len, _(""Sdk:""), sdk ? sdk : ""-""); } g_print (""\n""); if (strcmp (commit, latest) != 0) { g_autofree char *formatted_commit = ellipsize_string (commit, width); print_aligned (len, _(""Active commit:""), formatted_commit); g_free (formatted_commit); formatted_commit = ellipsize_string (latest, width); print_aligned (len, _(""Latest commit:""), formatted_commit); } else { g_autofree char *formatted_commit = ellipsize_string (commit, width); print_aligned (len, _(""Commit:""), formatted_commit); } if (parent) { g_autofree char *formatted_commit = ellipsize_string (parent, width); print_aligned (len, _(""Parent:""), formatted_commit); } if (subject) print_aligned (len, _(""Subject:""), subject); if (formatted_timestamp) print_aligned (len, _(""Date:""), formatted_timestamp); if (subpaths[0] != NULL) { g_autofree char *s = g_strjoinv ("","", (char **) subpaths); print_aligned (len, _(""Subdirectories:""), s); } if (alt_id) print_aligned (len, _(""Alt-id:""), alt_id); if (eol) { g_autofree char *formatted_eol = ellipsize_string (eol, width); print_aligned (len, _(""End-of-life:""), formatted_eol); } if (eol_rebase) { g_autofree char *formatted_eol = ellipsize_string (eol_rebase, width); print_aligned (len, _(""End-of-life-rebase:""), formatted_eol); } } else { if (opt_show_ref) { maybe_print_space (&first); g_print (""%s"", flatpak_decomposed_get_ref (ref)); } if (opt_show_origin) { maybe_print_space (&first); g_print (""%s"", origin ? origin : ""-""); } if (opt_show_commit) { maybe_print_space (&first); g_print (""%s"", commit); } if (opt_show_size) { maybe_print_space (&first); g_print (""%"" G_GUINT64_FORMAT, size); } if (opt_show_location) { maybe_print_space (&first); g_print (""%s"", path); } if (opt_show_runtime) { g_autofree char *runtime = NULL; maybe_print_space (&first); runtime = g_key_file_get_string (metakey, flatpak_decomposed_get_kind_metadata_group (ref), FLATPAK_METADATA_KEY_RUNTIME, NULL); g_print (""%s"", runtime ? runtime : ""-""); } if (opt_show_sdk) { g_autofree char *sdk = NULL; maybe_print_space (&first); sdk = g_key_file_get_string (metakey, flatpak_decomposed_get_kind_metadata_group (ref), FLATPAK_METADATA_KEY_SDK, NULL); g_print (""%s"", sdk ? sdk : ""-""); } if (!first) g_print (""\n""); if (opt_show_metadata) { g_autoptr(GFile) file = NULL; g_autofree char *data = NULL; gsize data_size; file = g_file_get_child (deploy_dir, ""metadata""); if (!g_file_load_contents (file, cancellable, &data, &data_size, NULL, error)) return FALSE; g_print (""%s"", data); } if (opt_show_permissions || opt_file_access) { g_autoptr(FlatpakContext) app_context = NULL; g_autoptr(GKeyFile) keyfile = NULL; g_autofree gchar *contents = NULL; app_context = flatpak_context_load_for_deploy (deploy, error); if (app_context == NULL) return FALSE; if (opt_show_permissions) { keyfile = g_key_file_new (); flatpak_context_save_metadata (app_context, TRUE, keyfile); contents = g_key_file_to_data (keyfile, NULL, error); if (contents == NULL) return FALSE; g_print (""%s"", contents); } if (opt_file_access) { g_autofree char *id = flatpak_decomposed_dup_id (ref); g_autoptr(FlatpakExports) exports = flatpak_context_get_exports (app_context, id); FlatpakFilesystemMode mode; mode = flatpak_exports_path_get_mode (exports, opt_file_access); if (mode == 0) g_print (""hidden\n""); else if (mode == FLATPAK_FILESYSTEM_MODE_READ_ONLY) g_print (""read-only\n""); else g_print (""read-write\n""); } } } if (opt_show_extensions) { GList *extensions, *l; g_autofree char *ref_arch = flatpak_decomposed_dup_arch (ref); g_autofree char *ref_branch = flatpak_decomposed_dup_branch (ref); len = MAX (len, g_utf8_strlen (_(""Extension:""), -1)); len = MAX (len, g_utf8_strlen (_(""ID:""), -1)); len = MAX (len, g_utf8_strlen (_(""Origin:""), -1)); len = MAX (len, g_utf8_strlen (_(""Commit:""), -1)); len = MAX (len, g_utf8_strlen (_(""Installed:""), -1)); len = MAX (len, g_utf8_strlen (_(""Subpaths:""), -1)); flatpak_get_window_size (&rows, &cols); width = cols - (len + 1); extensions = flatpak_list_extensions (metakey, ref_arch, ref_branch); for (l = extensions; l; l = l->next) { FlatpakExtension *ext = l->data; g_autofree const char **ext_subpaths = NULL; g_autoptr(GBytes) ext_deploy_data = NULL; g_autofree char *formatted = NULL; g_autofree char *ext_formatted_size = NULL; g_autofree char *formatted_commit = NULL; if (ext->is_unmaintained) { formatted_commit = g_strdup (_(""unmaintained"")); origin = NULL; size = 0; ext_formatted_size = g_strdup (_(""unknown"")); ext_subpaths = NULL; } else { ext_deploy_data = flatpak_dir_get_deploy_data (dir, ext->ref, FLATPAK_DEPLOY_VERSION_CURRENT, cancellable, error); if (ext_deploy_data == NULL) return FALSE; commit = flatpak_deploy_data_get_commit (ext_deploy_data); formatted_commit = ellipsize_string (commit, width); origin = flatpak_deploy_data_get_origin (ext_deploy_data); size = flatpak_deploy_data_get_installed_size (ext_deploy_data); formatted = g_format_size (size); ext_subpaths = flatpak_deploy_data_get_subpaths (ext_deploy_data); if (ext_subpaths && ext_subpaths[0] && size > 0) ext_formatted_size = g_strconcat (""<"", formatted, NULL); else ext_formatted_size = g_steal_pointer (&formatted); } g_print (""\n""); print_aligned (len, _(""Extension:""), flatpak_decomposed_get_ref (ext->ref)); print_aligned (len, _(""ID:""), ext->id); print_aligned (len, _(""Origin:""), origin ? origin : ""-""); print_aligned (len, _(""Commit:""), formatted_commit); print_aligned (len, _(""Installed:""), ext_formatted_size); if (ext_subpaths && ext_subpaths[0]) { g_autofree char *s = g_strjoinv ("","", (char **) ext_subpaths); print_aligned (len, _(""Subpaths:""), s); } } g_list_free_full (extensions, (GDestroyNotify) flatpak_extension_free); } return TRUE; }",visit repo url,app/flatpak-builtins-info.c,https://github.com/flatpak/flatpak,97853952194652,1 496,CWE-362,"static int ocfs2_dio_get_block(struct inode *inode, sector_t iblock, struct buffer_head *bh_result, int create) { struct ocfs2_super *osb = OCFS2_SB(inode->i_sb); struct ocfs2_inode_info *oi = OCFS2_I(inode); struct ocfs2_write_ctxt *wc; struct ocfs2_write_cluster_desc *desc = NULL; struct ocfs2_dio_write_ctxt *dwc = NULL; struct buffer_head *di_bh = NULL; u64 p_blkno; loff_t pos = iblock << inode->i_sb->s_blocksize_bits; unsigned len, total_len = bh_result->b_size; int ret = 0, first_get_block = 0; len = osb->s_clustersize - (pos & (osb->s_clustersize - 1)); len = min(total_len, len); mlog(0, ""get block of %lu at %llu:%u req %u\n"", inode->i_ino, pos, len, total_len); if (pos + total_len <= i_size_read(inode)) { down_read(&oi->ip_alloc_sem); ret = ocfs2_get_block(inode, iblock, bh_result, create); up_read(&oi->ip_alloc_sem); if (buffer_mapped(bh_result) && !buffer_new(bh_result) && ret == 0) goto out; bh_result->b_state = 0; } dwc = ocfs2_dio_alloc_write_ctx(bh_result, &first_get_block); if (unlikely(dwc == NULL)) { ret = -ENOMEM; mlog_errno(ret); goto out; } if (ocfs2_clusters_for_bytes(inode->i_sb, pos + total_len) > ocfs2_clusters_for_bytes(inode->i_sb, i_size_read(inode)) && !dwc->dw_orphaned) { ret = ocfs2_add_inode_to_orphan(osb, inode); if (ret < 0) { mlog_errno(ret); goto out; } dwc->dw_orphaned = 1; } ret = ocfs2_inode_lock(inode, &di_bh, 1); if (ret) { mlog_errno(ret); goto out; } down_write(&oi->ip_alloc_sem); if (first_get_block) { if (ocfs2_sparse_alloc(OCFS2_SB(inode->i_sb))) ret = ocfs2_zero_tail(inode, di_bh, pos); else ret = ocfs2_expand_nonsparse_inode(inode, di_bh, pos, total_len, NULL); if (ret < 0) { mlog_errno(ret); goto unlock; } } ret = ocfs2_write_begin_nolock(inode->i_mapping, pos, len, OCFS2_WRITE_DIRECT, NULL, (void **)&wc, di_bh, NULL); if (ret) { mlog_errno(ret); goto unlock; } desc = &wc->w_desc[0]; p_blkno = ocfs2_clusters_to_blocks(inode->i_sb, desc->c_phys); BUG_ON(p_blkno == 0); p_blkno += iblock & (u64)(ocfs2_clusters_to_blocks(inode->i_sb, 1) - 1); map_bh(bh_result, inode->i_sb, p_blkno); bh_result->b_size = len; if (desc->c_needs_zero) set_buffer_new(bh_result); set_buffer_defer_completion(bh_result); if (!list_empty(&wc->w_unwritten_list)) { struct ocfs2_unwritten_extent *ue = NULL; ue = list_first_entry(&wc->w_unwritten_list, struct ocfs2_unwritten_extent, ue_node); BUG_ON(ue->ue_cpos != desc->c_cpos); ue->ue_phys = desc->c_phys; list_splice_tail_init(&wc->w_unwritten_list, &dwc->dw_zero_list); dwc->dw_zero_count++; } ret = ocfs2_write_end_nolock(inode->i_mapping, pos, len, len, wc); BUG_ON(ret != len); ret = 0; unlock: up_write(&oi->ip_alloc_sem); ocfs2_inode_unlock(inode, 1); brelse(di_bh); out: if (ret < 0) ret = -EIO; return ret; }",visit repo url,fs/ocfs2/aops.c,https://github.com/torvalds/linux,136318220272301,1 6753,['CWE-310'],"wired_add_menu_item (NMDevice *device, guint32 n_devices, NMConnection *active, GtkWidget *menu, NMApplet *applet) { char *text; GtkWidget *item; GSList *connections, *all; gboolean carrier = TRUE; GtkWidget *label; char *bold_text; all = applet_get_all_connections (applet); connections = utils_filter_connections_for_device (device, all); g_slist_free (all); if (n_devices > 1) { char *desc = NULL; desc = (char *) utils_get_device_description (device); if (!desc) desc = (char *) nm_device_get_iface (device); g_assert (desc); if (g_slist_length (connections) > 1) text = g_strdup_printf (_(""Wired Networks (%s)""), desc); else text = g_strdup_printf (_(""Wired Network (%s)""), desc); } else { if (g_slist_length (connections) > 1) text = g_strdup (_(""Wired Networks"")); else text = g_strdup (_(""Wired Network"")); } item = gtk_menu_item_new_with_label (text); g_free (text); if (nm_device_get_capabilities (device) & NM_DEVICE_CAP_CARRIER_DETECT) carrier = nm_device_ethernet_get_carrier (NM_DEVICE_ETHERNET (device)); label = gtk_bin_get_child (GTK_BIN (item)); bold_text = g_markup_printf_escaped (""%s"", gtk_label_get_text (GTK_LABEL (label))); gtk_label_set_markup (GTK_LABEL (label), bold_text); g_free (bold_text); gtk_widget_set_sensitive (item, FALSE); gtk_menu_shell_append (GTK_MENU_SHELL (menu), item); gtk_widget_show (item); item = nma_menu_device_check_unusable (device, carrier ? NULL : _(""disconnected"")); if (item) { gtk_menu_shell_append (GTK_MENU_SHELL (menu), item); gtk_widget_show (item); goto out; } if (g_slist_length (connections)) add_connection_items (device, connections, carrier, active, menu, applet); else add_default_connection_item (device, carrier, menu, applet); out: g_slist_free (connections); }",network-manager-applet,,,242319687185388999459183845587130700663,0 2859,CWE-787,"horizontalDifference8(unsigned char *ip, int n, int stride, unsigned short *wp, uint16 *From8) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) (From8[(v)]) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; r1 = CLAMP(ip[3]); wp[3] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[4]); wp[4] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[5]); wp[5] = (uint16)((b1-b2) & mask); b2 = b1; wp += 3; ip += 3; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; r1 = CLAMP(ip[4]); wp[4] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[5]); wp[5] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[6]); wp[6] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[7]); wp[7] = (uint16)((a1-a2) & mask); a2 = a1; wp += 4; ip += 4; } } else { wp += n + stride - 1; ip += n + stride - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,90993586991407,1 2304,['CWE-120'],"static void follow_mount(struct vfsmount **mnt, struct dentry **dentry) { while (d_mountpoint(*dentry)) { struct vfsmount *mounted = lookup_mnt(*mnt, *dentry); if (!mounted) break; dput(*dentry); mntput(*mnt); *mnt = mounted; *dentry = dget(mounted->mnt_root); } }",linux-2.6,,,22826083329954823873371007341887517875,0 776,CWE-20,"static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct iucv_sock *iucv = iucv_sk(sk); unsigned int copied, rlen; struct sk_buff *skb, *rskb, *cskb; int err = 0; u32 offset; msg->msg_namelen = 0; if ((sk->sk_state == IUCV_DISCONN) && skb_queue_empty(&iucv->backlog_skb_q) && skb_queue_empty(&sk->sk_receive_queue) && list_empty(&iucv->message_q.list)) return 0; if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } offset = IUCV_SKB_CB(skb)->offset; rlen = skb->len - offset; copied = min_t(unsigned int, rlen, len); if (!rlen) sk->sk_shutdown = sk->sk_shutdown | RCV_SHUTDOWN; cskb = skb; if (skb_copy_datagram_iovec(cskb, offset, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } if (sk->sk_type == SOCK_SEQPACKET) { if (copied < rlen) msg->msg_flags |= MSG_TRUNC; msg->msg_flags |= MSG_EOR; } err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, sizeof(IUCV_SKB_CB(skb)->class), (void *)&IUCV_SKB_CB(skb)->class); if (err) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return err; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM) { if (copied < rlen) { IUCV_SKB_CB(skb)->offset = offset + copied; goto done; } } kfree_skb(skb); if (iucv->transport == AF_IUCV_TRANS_HIPER) { atomic_inc(&iucv->msg_recv); if (atomic_read(&iucv->msg_recv) > iucv->msglimit) { WARN_ON(1); iucv_sock_close(sk); return -EFAULT; } } spin_lock_bh(&iucv->message_q.lock); rskb = skb_dequeue(&iucv->backlog_skb_q); while (rskb) { IUCV_SKB_CB(rskb)->offset = 0; if (sock_queue_rcv_skb(sk, rskb)) { skb_queue_head(&iucv->backlog_skb_q, rskb); break; } else { rskb = skb_dequeue(&iucv->backlog_skb_q); } } if (skb_queue_empty(&iucv->backlog_skb_q)) { if (!list_empty(&iucv->message_q.list)) iucv_process_message_q(sk); if (atomic_read(&iucv->msg_recv) >= iucv->msglimit / 2) { err = iucv_send_ctrl(sk, AF_IUCV_FLAG_WIN); if (err) { sk->sk_state = IUCV_DISCONN; sk->sk_state_change(sk); } } } spin_unlock_bh(&iucv->message_q.lock); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/iucv/af_iucv.c,https://github.com/torvalds/linux,252125006578245,1 976,CWE-416,"static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file, struct snd_ctl_elem_value *control) { struct snd_kcontrol *kctl; struct snd_kcontrol_volatile *vd; unsigned int index_offset; int result; down_read(&card->controls_rwsem); kctl = snd_ctl_find_id(card, &control->id); if (kctl == NULL) { result = -ENOENT; } else { index_offset = snd_ctl_get_ioff(kctl, &control->id); vd = &kctl->vd[index_offset]; if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL || (file && vd->owner && vd->owner != file)) { result = -EPERM; } else { snd_ctl_build_ioff(&control->id, kctl, index_offset); result = kctl->put(kctl, control); } if (result > 0) { up_read(&card->controls_rwsem); snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE, &control->id); return 0; } } up_read(&card->controls_rwsem); return result; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,37433901460191,1 3114,['CWE-189'],"static int getint(jas_stream_t *in, int sgnd, int prec, long *val) { long v; int n; int c; n = (prec + 7) / 8; v = 0; while (--n >= 0) { if ((c = jas_stream_getc(in)) == EOF) return -1; v = (v << 8) | c; } v &= ((1 << prec) - 1); if (sgnd) { abort(); } else { *val = v; } return 0; }",jasper,,,64134753833951532667510565984094341501,0 3019,['CWE-189'],"static int jas_iccxyz_output(jas_iccattrval_t *attrval, jas_stream_t *out) { jas_iccxyz_t *xyz = &attrval->data.xyz; if (jas_iccputuint32(out, xyz->x) || jas_iccputuint32(out, xyz->y) || jas_iccputuint32(out, xyz->z)) return -1; return 0; }",jasper,,,285472644383522455782797524758129516781,0 4686,CWE-78,"int imap_subscribe (char *path, int subscribe) { IMAP_DATA *idata; char buf[LONG_STRING]; char mbox[LONG_STRING]; char errstr[STRING]; BUFFER err, token; IMAP_MBOX mx; if (!mx_is_imap (path) || imap_parse_path (path, &mx) || !mx.mbox) { mutt_error (_(""Bad mailbox name"")); return -1; } if (!(idata = imap_conn_find (&(mx.account), 0))) goto fail; imap_fix_path (idata, mx.mbox, buf, sizeof (buf)); if (!*buf) strfcpy (buf, ""INBOX"", sizeof (buf)); if (option (OPTIMAPCHECKSUBSCRIBED)) { mutt_buffer_init (&token); mutt_buffer_init (&err); err.data = errstr; err.dsize = sizeof (errstr); snprintf (mbox, sizeof (mbox), ""%smailboxes \""%s\"""", subscribe ? """" : ""un"", path); if (mutt_parse_rc_line (mbox, &token, &err)) dprint (1, (debugfile, ""Error adding subscribed mailbox: %s\n"", errstr)); FREE (&token.data); } if (subscribe) mutt_message (_(""Subscribing to %s...""), buf); else mutt_message (_(""Unsubscribing from %s...""), buf); imap_munge_mbox_name (idata, mbox, sizeof(mbox), buf); snprintf (buf, sizeof (buf), ""%sSUBSCRIBE %s"", subscribe ? """" : ""UN"", mbox); if (imap_exec (idata, buf, 0) < 0) goto fail; imap_unmunge_mbox_name(idata, mx.mbox); if (subscribe) mutt_message (_(""Subscribed to %s""), mx.mbox); else mutt_message (_(""Unsubscribed from %s""), mx.mbox); FREE (&mx.mbox); return 0; fail: FREE (&mx.mbox); return -1; }",visit repo url,imap/imap.c,https://gitlab.com/muttmua/mutt,55093664943907,1 5926,['CWE-909'],"void qdisc_warn_nonwc(char *txt, struct Qdisc *qdisc) { if (!(qdisc->flags & TCQ_F_WARN_NONWC)) { printk(KERN_WARNING ""%s: %s qdisc %X: is non-work-conserving?\n"", txt, qdisc->ops->id, qdisc->handle >> 16); qdisc->flags |= TCQ_F_WARN_NONWC; } }",linux-2.6,,,60212636510976084511905162757742536577,0 370,[],"pfm_context_load(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { struct task_struct *task; struct thread_struct *thread; struct pfm_context_t *old; unsigned long flags; #ifndef CONFIG_SMP struct task_struct *owner_task = NULL; #endif pfarg_load_t *req = (pfarg_load_t *)arg; unsigned long *pmcs_source, *pmds_source; int the_cpu; int ret = 0; int state, is_system, set_dbregs = 0; state = ctx->ctx_state; is_system = ctx->ctx_fl_system; if (state != PFM_CTX_UNLOADED) { DPRINT((""cannot load to [%d], invalid ctx_state=%d\n"", req->load_pid, ctx->ctx_state)); return -EBUSY; } DPRINT((""load_pid [%d] using_dbreg=%d\n"", req->load_pid, ctx->ctx_fl_using_dbreg)); if (CTX_OVFL_NOBLOCK(ctx) == 0 && req->load_pid == current->pid) { DPRINT((""cannot use blocking mode on self\n"")); return -EINVAL; } ret = pfm_get_task(ctx, req->load_pid, &task); if (ret) { DPRINT((""load_pid [%d] get_task=%d\n"", req->load_pid, ret)); return ret; } ret = -EINVAL; if (is_system && task != current) { DPRINT((""system wide is self monitoring only load_pid=%d\n"", req->load_pid)); goto error; } thread = &task->thread; ret = 0; if (ctx->ctx_fl_using_dbreg) { if (thread->flags & IA64_THREAD_DBG_VALID) { ret = -EBUSY; DPRINT((""load_pid [%d] task is debugged, cannot load range restrictions\n"", req->load_pid)); goto error; } LOCK_PFS(flags); if (is_system) { if (pfm_sessions.pfs_ptrace_use_dbregs) { DPRINT((""cannot load [%d] dbregs in use\n"", task->pid)); ret = -EBUSY; } else { pfm_sessions.pfs_sys_use_dbregs++; DPRINT((""load [%d] increased sys_use_dbreg=%u\n"", task->pid, pfm_sessions.pfs_sys_use_dbregs)); set_dbregs = 1; } } UNLOCK_PFS(flags); if (ret) goto error; } the_cpu = ctx->ctx_cpu = smp_processor_id(); ret = -EBUSY; ret = pfm_reserve_session(current, is_system, the_cpu); if (ret) goto error; DPRINT((""before cmpxchg() old_ctx=%p new_ctx=%p\n"", thread->pfm_context, ctx)); ret = -EBUSY; old = ia64_cmpxchg(acq, &thread->pfm_context, NULL, ctx, sizeof(pfm_context_t *)); if (old != NULL) { DPRINT((""load_pid [%d] already has a context\n"", req->load_pid)); goto error_unres; } pfm_reset_msgq(ctx); ctx->ctx_state = PFM_CTX_LOADED; ctx->ctx_task = task; if (is_system) { PFM_CPUINFO_SET(PFM_CPUINFO_SYST_WIDE); PFM_CPUINFO_CLEAR(PFM_CPUINFO_DCR_PP); if (ctx->ctx_fl_excl_idle) PFM_CPUINFO_SET(PFM_CPUINFO_EXCL_IDLE); } else { thread->flags |= IA64_THREAD_PM_VALID; } pfm_copy_pmds(task, ctx); pfm_copy_pmcs(task, ctx); pmcs_source = ctx->th_pmcs; pmds_source = ctx->th_pmds; if (task == current) { if (is_system == 0) { ia64_psr(regs)->sp = 0; DPRINT((""clearing psr.sp for [%d]\n"", task->pid)); SET_LAST_CPU(ctx, smp_processor_id()); INC_ACTIVATION(); SET_ACTIVATION(ctx); #ifndef CONFIG_SMP owner_task = GET_PMU_OWNER(); if (owner_task) pfm_lazy_save_regs(owner_task); #endif } pfm_restore_pmds(pmds_source, ctx->ctx_all_pmds[0]); pfm_restore_pmcs(pmcs_source, ctx->ctx_all_pmcs[0]); ctx->ctx_reload_pmcs[0] = 0UL; ctx->ctx_reload_pmds[0] = 0UL; if (ctx->ctx_fl_using_dbreg) { pfm_restore_ibrs(ctx->ctx_ibrs, pmu_conf->num_ibrs); pfm_restore_dbrs(ctx->ctx_dbrs, pmu_conf->num_dbrs); } SET_PMU_OWNER(task, ctx); DPRINT((""context loaded on PMU for [%d]\n"", task->pid)); } else { regs = task_pt_regs(task); ctx->ctx_last_activation = PFM_INVALID_ACTIVATION; SET_LAST_CPU(ctx, -1); ctx->ctx_saved_psr_up = 0UL; ia64_psr(regs)->up = ia64_psr(regs)->pp = 0; } ret = 0; error_unres: if (ret) pfm_unreserve_session(ctx, ctx->ctx_fl_system, the_cpu); error: if (ret && set_dbregs) { LOCK_PFS(flags); pfm_sessions.pfs_sys_use_dbregs--; UNLOCK_PFS(flags); } if (is_system == 0 && task != current) { pfm_put_task(task); if (ret == 0) { ret = pfm_check_task_exist(ctx); if (ret) { ctx->ctx_state = PFM_CTX_UNLOADED; ctx->ctx_task = NULL; } } } return ret; }",linux-2.6,,,332365136094487687705028677188370194772,0 6052,['CWE-200'],"void addrconf_leave_solict(struct inet6_dev *idev, struct in6_addr *addr) { struct in6_addr maddr; if (idev->dev->flags&(IFF_LOOPBACK|IFF_NOARP)) return; addrconf_addr_solict_mult(addr, &maddr); __ipv6_dev_mc_dec(idev, &maddr); }",linux-2.6,,,290279652391664930947839186394105096231,0 3710,[],"static void __exit af_unix_exit(void) { sock_unregister(PF_UNIX); proto_unregister(&unix_proto); unregister_pernet_subsys(&unix_net_ops); }",linux-2.6,,,148117133148292502567142818897904752371,0 2469,CWE-119,"char *suhosin_encrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key TSRMLS_DC) { char buffer[4096]; char buffer2[4096]; char *buf = buffer, *buf2 = buffer2, *d, *d_url; int l; if (name_len > sizeof(buffer)-2) { buf = estrndup(name, name_len); } else { memcpy(buf, name, name_len); buf[name_len] = 0; } name_len = php_url_decode(buf, name_len); normalize_varname(buf); name_len = strlen(buf); if (SUHOSIN_G(cookie_plainlist)) { if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), buf, name_len+1)) { encrypt_return_plain: if (buf != buffer) { efree(buf); } return estrndup(value, value_len); } } else if (SUHOSIN_G(cookie_cryptlist)) { if (!zend_hash_exists(SUHOSIN_G(cookie_cryptlist), buf, name_len+1)) { goto encrypt_return_plain; } } if (strlen(value) <= sizeof(buffer2)-2) { memcpy(buf2, value, value_len); buf2[value_len] = 0; } else { buf2 = estrndup(value, value_len); } value_len = php_url_decode(buf2, value_len); d = suhosin_encrypt_string(buf2, value_len, buf, name_len, key TSRMLS_CC); d_url = php_url_encode(d, strlen(d), &l); efree(d); if (buf != buffer) { efree(buf); } if (buf2 != buffer2) { efree(buf2); } return d_url; }",visit repo url,header.c,https://github.com/stefanesser/suhosin,56332720419666,1 3167,CWE-125,"ethertype_print(netdissect_options *ndo, u_short ether_type, const u_char *p, u_int length, u_int caplen, const struct lladdr_info *src, const struct lladdr_info *dst) { switch (ether_type) { case ETHERTYPE_IP: ip_print(ndo, p, length); return (1); case ETHERTYPE_IPV6: ip6_print(ndo, p, length); return (1); case ETHERTYPE_ARP: case ETHERTYPE_REVARP: arp_print(ndo, p, length, caplen); return (1); case ETHERTYPE_DN: decnet_print(ndo, p, length, caplen); return (1); case ETHERTYPE_ATALK: if (ndo->ndo_vflag) ND_PRINT((ndo, ""et1 "")); atalk_print(ndo, p, length); return (1); case ETHERTYPE_AARP: aarp_print(ndo, p, length); return (1); case ETHERTYPE_IPX: ND_PRINT((ndo, ""(NOV-ETHII) "")); ipx_print(ndo, p, length); return (1); case ETHERTYPE_ISO: if (length == 0 || caplen == 0) { ND_PRINT((ndo, "" [|osi]"")); return (1); } isoclns_print(ndo, p + 1, length - 1, caplen - 1); return(1); case ETHERTYPE_PPPOED: case ETHERTYPE_PPPOES: case ETHERTYPE_PPPOED2: case ETHERTYPE_PPPOES2: pppoe_print(ndo, p, length); return (1); case ETHERTYPE_EAPOL: eap_print(ndo, p, length); return (1); case ETHERTYPE_RRCP: rrcp_print(ndo, p, length, src, dst); return (1); case ETHERTYPE_PPP: if (length) { ND_PRINT((ndo, "": "")); ppp_print(ndo, p, length); } return (1); case ETHERTYPE_MPCP: mpcp_print(ndo, p, length); return (1); case ETHERTYPE_SLOW: slow_print(ndo, p, length); return (1); case ETHERTYPE_CFM: case ETHERTYPE_CFM_OLD: cfm_print(ndo, p, length); return (1); case ETHERTYPE_LLDP: lldp_print(ndo, p, length); return (1); case ETHERTYPE_NSH: nsh_print(ndo, p, length); return (1); case ETHERTYPE_LOOPBACK: loopback_print(ndo, p, length); return (1); case ETHERTYPE_MPLS: case ETHERTYPE_MPLS_MULTI: mpls_print(ndo, p, length); return (1); case ETHERTYPE_TIPC: tipc_print(ndo, p, length, caplen); return (1); case ETHERTYPE_MS_NLB_HB: msnlb_print(ndo, p); return (1); case ETHERTYPE_GEONET_OLD: case ETHERTYPE_GEONET: geonet_print(ndo, p, length, src); return (1); case ETHERTYPE_CALM_FAST: calm_fast_print(ndo, p, length, src); return (1); case ETHERTYPE_AOE: aoe_print(ndo, p, length); return (1); case ETHERTYPE_MEDSA: medsa_print(ndo, p, length, caplen, src, dst); return (1); case ETHERTYPE_LAT: case ETHERTYPE_SCA: case ETHERTYPE_MOPRC: case ETHERTYPE_MOPDL: case ETHERTYPE_IEEE1905_1: default: return (0); } }",visit repo url,print-ether.c,https://github.com/the-tcpdump-group/tcpdump,159317252912224,1 4094,['CWE-399'],"static int blk_complete_sghdr_rq(struct request *rq, struct sg_io_hdr *hdr, struct bio *bio) { int r, ret = 0; hdr->status = rq->errors & 0xff; hdr->masked_status = status_byte(rq->errors); hdr->msg_status = msg_byte(rq->errors); hdr->host_status = host_byte(rq->errors); hdr->driver_status = driver_byte(rq->errors); hdr->info = 0; if (hdr->masked_status || hdr->host_status || hdr->driver_status) hdr->info |= SG_INFO_CHECK; hdr->resid = rq->data_len; hdr->sb_len_wr = 0; if (rq->sense_len && hdr->sbp) { int len = min((unsigned int) hdr->mx_sb_len, rq->sense_len); if (!copy_to_user(hdr->sbp, rq->sense, len)) hdr->sb_len_wr = len; else ret = -EFAULT; } rq->bio = bio; r = blk_unmap_sghdr_rq(rq, hdr); if (ret) r = ret; return r; }",linux-2.6,,,200757619168736877074878238374905005573,0 3984,CWE-352,"static void do_runtime(HttpRequest req, HttpResponse res) { int pid = exist_daemon(); char buf[STRLEN]; do_head(res, ""_runtime"", ""Runtime"", 1000); StringBuffer_append(res->outputbuffer, ""

Monit runtime status

""); StringBuffer_append(res->outputbuffer, """" """" """"); StringBuffer_append(res->outputbuffer, """", Run.id); StringBuffer_append(res->outputbuffer, """", Run.system->name); StringBuffer_append(res->outputbuffer, """", pid); StringBuffer_append(res->outputbuffer, """" """", Run.Env.user); StringBuffer_append(res->outputbuffer, """", Run.files.control); if (Run.files.log) StringBuffer_append(res->outputbuffer, """", Run.files.log); StringBuffer_append(res->outputbuffer, """", Run.files.pid); StringBuffer_append(res->outputbuffer, """", Run.files.state); StringBuffer_append(res->outputbuffer, """", Run.debug ? ""True"" : ""False""); StringBuffer_append(res->outputbuffer, """", (Run.flags & Run_Log) ? ""True"" : ""False""); StringBuffer_append(res->outputbuffer, """", (Run.flags & Run_UseSyslog) ? ""True"" : ""False""); if (Run.eventlist_dir) { if (Run.eventlist_slots < 0) snprintf(buf, STRLEN, ""unlimited""); else snprintf(buf, STRLEN, ""%d"", Run.eventlist_slots); StringBuffer_append(res->outputbuffer, """" """", Run.eventlist_dir, Run.eventlist_slots); } #ifdef HAVE_OPENSSL { const char *options = Ssl_printOptions(&(Run.ssl), (char[STRLEN]){}, STRLEN); if (options && *options) StringBuffer_append(res->outputbuffer, """", options); } #endif if (Run.mmonits) { StringBuffer_append(res->outputbuffer, """"); } if (Run.mailservers) { StringBuffer_append(res->outputbuffer, """"); } if (Run.MailFormat.from) { StringBuffer_append(res->outputbuffer, """"); } if (Run.MailFormat.replyto) { StringBuffer_append(res->outputbuffer, """"); } if (Run.MailFormat.subject) StringBuffer_append(res->outputbuffer, """", Run.MailFormat.subject); if (Run.MailFormat.message) StringBuffer_append(res->outputbuffer, """", Run.MailFormat.message); StringBuffer_append(res->outputbuffer, """", Str_bytesToSize(Run.limits.sendExpectBuffer, buf)); StringBuffer_append(res->outputbuffer, """", Str_bytesToSize(Run.limits.fileContentBuffer, buf)); StringBuffer_append(res->outputbuffer, """", Str_bytesToSize(Run.limits.httpContentBuffer, buf)); StringBuffer_append(res->outputbuffer, """", Str_bytesToSize(Run.limits.programOutput, buf)); StringBuffer_append(res->outputbuffer, """", Str_milliToTime(Run.limits.networkTimeout, (char[23]){})); StringBuffer_append(res->outputbuffer, """", Str_milliToTime(Run.limits.programTimeout, (char[23]){})); StringBuffer_append(res->outputbuffer, """", Str_milliToTime(Run.limits.stopTimeout, (char[23]){})); StringBuffer_append(res->outputbuffer, """", Str_milliToTime(Run.limits.startTimeout, (char[23]){})); StringBuffer_append(res->outputbuffer, """", Str_milliToTime(Run.limits.restartTimeout, (char[23]){})); StringBuffer_append(res->outputbuffer, """", onrebootnames[Run.onreboot]); StringBuffer_append(res->outputbuffer, """", Run.polltime, Run.startdelay); if (Run.httpd.flags & Httpd_Net) { StringBuffer_append(res->outputbuffer, """", Run.httpd.socket.net.address ? Run.httpd.socket.net.address : ""Any/All""); StringBuffer_append(res->outputbuffer, """", Run.httpd.socket.net.port); } else if (Run.httpd.flags & Httpd_Unix) { StringBuffer_append(res->outputbuffer, """", Run.httpd.socket.unix.path); } StringBuffer_append(res->outputbuffer, """", Run.httpd.flags & Httpd_Signature ? ""True"" : ""False""); StringBuffer_append(res->outputbuffer, """", Run.httpd.flags & Httpd_Ssl ? ""True"" : ""False""); if (Run.httpd.flags & Httpd_Ssl) { StringBuffer_append(res->outputbuffer, """", Run.httpd.socket.net.ssl.pem); if (Run.httpd.socket.net.ssl.clientpem != NULL) { StringBuffer_append(res->outputbuffer, """", ""Enabled""); StringBuffer_append(res->outputbuffer, """", Run.httpd.socket.net.ssl.clientpem); } else { StringBuffer_append(res->outputbuffer, """", ""Disabled""); } StringBuffer_append(res->outputbuffer, """", Run.httpd.flags & Httpd_AllowSelfSignedCertificates ? ""True"" : ""False""); } StringBuffer_append(res->outputbuffer, """", Run.httpd.credentials && Engine_hasAllow() ? ""Basic Authentication and Host/Net allow list"" : Run.httpd.credentials ? ""Basic Authentication"" : Engine_hasAllow() ? ""Host/Net allow list"" : ""No authentication""); print_alerts(res, Run.maillist); StringBuffer_append(res->outputbuffer, ""
ParameterValue
Monit ID%s
Host%s
Process id%d
Effective user running Monit%s
Controlfile%s
Logfile%s
Pidfile%s
State file%s
Debug%s
Log%s
Use syslog%s
Event queuebase directory %s with %d slots
SSL options%s
M/Monit server(s)""); for (Mmonit_T c = Run.mmonits; c; c = c->next) { StringBuffer_append(res->outputbuffer, ""%s with timeout %s"", c->url->url, Str_milliToTime(c->timeout, (char[23]){})); #ifdef HAVE_OPENSSL if (c->ssl.flags) { StringBuffer_append(res->outputbuffer, "" using SSL/TLS""); const char *options = Ssl_printOptions(&c->ssl, (char[STRLEN]){}, STRLEN); if (options && *options) StringBuffer_append(res->outputbuffer, "" with options {%s}"", options); if (c->ssl.checksum) StringBuffer_append(res->outputbuffer, "" and certificate checksum %s equal to '%s'"", checksumnames[c->ssl.checksumType], c->ssl.checksum); } #endif if (c->url->user) StringBuffer_append(res->outputbuffer, "" using credentials""); if (c->next) StringBuffer_append(res->outputbuffer, ""
 ""); } StringBuffer_append(res->outputbuffer, ""
Mail server(s)""); for (MailServer_T mta = Run.mailservers; mta; mta = mta->next) { StringBuffer_append(res->outputbuffer, ""%s:%d"", mta->host, mta->port); #ifdef HAVE_OPENSSL if (mta->ssl.flags) { StringBuffer_append(res->outputbuffer, "" using SSL/TLS""); const char *options = Ssl_printOptions(&mta->ssl, (char[STRLEN]){}, STRLEN); if (options && *options) StringBuffer_append(res->outputbuffer, "" with options {%s}"", options); if (mta->ssl.checksum) StringBuffer_append(res->outputbuffer, "" and certificate checksum %s equal to '%s'"", checksumnames[mta->ssl.checksumType], mta->ssl.checksum); } #endif if (mta->next) StringBuffer_append(res->outputbuffer, ""
 ""); } StringBuffer_append(res->outputbuffer, ""
Default mail from""); if (Run.MailFormat.from->name) StringBuffer_append(res->outputbuffer, ""%s <%s>"", Run.MailFormat.from->name, Run.MailFormat.from->address); else StringBuffer_append(res->outputbuffer, ""%s"", Run.MailFormat.from->address); StringBuffer_append(res->outputbuffer, ""
Default mail reply to""); if (Run.MailFormat.replyto->name) StringBuffer_append(res->outputbuffer, ""%s <%s>"", Run.MailFormat.replyto->name, Run.MailFormat.replyto->address); else StringBuffer_append(res->outputbuffer, ""%s"", Run.MailFormat.replyto->address); StringBuffer_append(res->outputbuffer, ""
Default mail subject%s
Default mail message%s
Limit for Send/Expect buffer%s
Limit for file content buffer%s
Limit for HTTP content buffer%s
Limit for program output%s
Limit for network timeout%s
Limit for check program timeout%s
Limit for service stop timeout%s
Limit for service start timeout%s
Limit for service restart timeout%s
On reboot%s
Poll time%d seconds with start delay %d seconds
httpd bind address%s
httpd portnumber%d
httpd unix socket%s
httpd signature%s
Use ssl encryption%s
PEM key/certificate file%s
Client PEM key/certification"" ""%s
Client PEM key/certificate file"" ""%s
Client PEM key/certification"" ""%s
Allow self certified certificates "" ""%s
httpd auth. style%s
""); if (! is_readonly(req)) { StringBuffer_append(res->outputbuffer, """"); StringBuffer_append(res->outputbuffer, """"); StringBuffer_append(res->outputbuffer, """"); if ((Run.flags & Run_Log) && ! (Run.flags & Run_UseSyslog)) { StringBuffer_append(res->outputbuffer, """"); } StringBuffer_append(res->outputbuffer, ""
Stop Monit http server? "" ""
Force validate now? "" ""
View Monit logfile?
""); } do_foot(res); }",visit repo url,src/http/cervlet.c,https://bitbucket.org/tildeslash/monit,240040608119114,1 1930,['CWE-20'],"static int __init vdso_init(void) { int i; #ifdef CONFIG_PPC64 strcpy((char *)vdso_data->eye_catcher, ""SYSTEMCFG:PPC64""); vdso_data->version.major = SYSTEMCFG_MAJOR; vdso_data->version.minor = SYSTEMCFG_MINOR; vdso_data->processor = mfspr(SPRN_PVR); vdso_data->platform = machine_is(iseries) ? 0x200 : 0x100; if (firmware_has_feature(FW_FEATURE_LPAR)) vdso_data->platform |= 1; vdso_data->physicalMemorySize = lmb_phys_mem_size(); vdso_data->dcache_size = ppc64_caches.dsize; vdso_data->dcache_line_size = ppc64_caches.dline_size; vdso_data->icache_size = ppc64_caches.isize; vdso_data->icache_line_size = ppc64_caches.iline_size; vdso_data->dcache_block_size = ppc64_caches.dline_size; vdso_data->icache_block_size = ppc64_caches.iline_size; vdso_data->dcache_log_block_size = ppc64_caches.log_dline_size; vdso_data->icache_log_block_size = ppc64_caches.log_iline_size; vdso64_pages = (&vdso64_end - &vdso64_start) >> PAGE_SHIFT; DBG(""vdso64_kbase: %p, 0x%x pages\n"", vdso64_kbase, vdso64_pages); #else vdso_data->dcache_block_size = L1_CACHE_BYTES; vdso_data->dcache_log_block_size = L1_CACHE_SHIFT; vdso_data->icache_block_size = L1_CACHE_BYTES; vdso_data->icache_log_block_size = L1_CACHE_SHIFT; #endif vdso32_pages = (&vdso32_end - &vdso32_start) >> PAGE_SHIFT; DBG(""vdso32_kbase: %p, 0x%x pages\n"", vdso32_kbase, vdso32_pages); vdso_setup_syscall_map(); if (vdso_setup()) { printk(KERN_ERR ""vDSO setup failure, not enabled !\n""); vdso32_pages = 0; #ifdef CONFIG_PPC64 vdso64_pages = 0; #endif return 0; } vdso32_pagelist = kzalloc(sizeof(struct page *) * (vdso32_pages + 2), GFP_KERNEL); BUG_ON(vdso32_pagelist == NULL); for (i = 0; i < vdso32_pages; i++) { struct page *pg = virt_to_page(vdso32_kbase + i*PAGE_SIZE); ClearPageReserved(pg); get_page(pg); vdso32_pagelist[i] = pg; } vdso32_pagelist[i++] = virt_to_page(vdso_data); vdso32_pagelist[i] = NULL; #ifdef CONFIG_PPC64 vdso64_pagelist = kzalloc(sizeof(struct page *) * (vdso64_pages + 2), GFP_KERNEL); BUG_ON(vdso64_pagelist == NULL); for (i = 0; i < vdso64_pages; i++) { struct page *pg = virt_to_page(vdso64_kbase + i*PAGE_SIZE); ClearPageReserved(pg); get_page(pg); vdso64_pagelist[i] = pg; } vdso64_pagelist[i++] = virt_to_page(vdso_data); vdso64_pagelist[i] = NULL; #endif get_page(virt_to_page(vdso_data)); smp_wmb(); vdso_ready = 1; return 0; }",linux-2.6,,,142672007378531476241795621006995315409,0 1270,CWE-362,"static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options) { char *p; int rc = 0; int sig_set = 0; int cipher_name_set = 0; int fn_cipher_name_set = 0; int cipher_key_bytes; int cipher_key_bytes_set = 0; int fn_cipher_key_bytes; int fn_cipher_key_bytes_set = 0; struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &sbi->mount_crypt_stat; substring_t args[MAX_OPT_ARGS]; int token; char *sig_src; char *cipher_name_dst; char *cipher_name_src; char *fn_cipher_name_dst; char *fn_cipher_name_src; char *fnek_dst; char *fnek_src; char *cipher_key_bytes_src; char *fn_cipher_key_bytes_src; if (!options) { rc = -EINVAL; goto out; } ecryptfs_init_mount_crypt_stat(mount_crypt_stat); while ((p = strsep(&options, "","")) != NULL) { if (!*p) continue; token = match_token(p, tokens, args); switch (token) { case ecryptfs_opt_sig: case ecryptfs_opt_ecryptfs_sig: sig_src = args[0].from; rc = ecryptfs_add_global_auth_tok(mount_crypt_stat, sig_src, 0); if (rc) { printk(KERN_ERR ""Error attempting to register "" ""global sig; rc = [%d]\n"", rc); goto out; } sig_set = 1; break; case ecryptfs_opt_cipher: case ecryptfs_opt_ecryptfs_cipher: cipher_name_src = args[0].from; cipher_name_dst = mount_crypt_stat-> global_default_cipher_name; strncpy(cipher_name_dst, cipher_name_src, ECRYPTFS_MAX_CIPHER_NAME_SIZE); cipher_name_dst[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0'; cipher_name_set = 1; break; case ecryptfs_opt_ecryptfs_key_bytes: cipher_key_bytes_src = args[0].from; cipher_key_bytes = (int)simple_strtol(cipher_key_bytes_src, &cipher_key_bytes_src, 0); mount_crypt_stat->global_default_cipher_key_size = cipher_key_bytes; cipher_key_bytes_set = 1; break; case ecryptfs_opt_passthrough: mount_crypt_stat->flags |= ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED; break; case ecryptfs_opt_xattr_metadata: mount_crypt_stat->flags |= ECRYPTFS_XATTR_METADATA_ENABLED; break; case ecryptfs_opt_encrypted_view: mount_crypt_stat->flags |= ECRYPTFS_XATTR_METADATA_ENABLED; mount_crypt_stat->flags |= ECRYPTFS_ENCRYPTED_VIEW_ENABLED; break; case ecryptfs_opt_fnek_sig: fnek_src = args[0].from; fnek_dst = mount_crypt_stat->global_default_fnek_sig; strncpy(fnek_dst, fnek_src, ECRYPTFS_SIG_SIZE_HEX); mount_crypt_stat->global_default_fnek_sig[ ECRYPTFS_SIG_SIZE_HEX] = '\0'; rc = ecryptfs_add_global_auth_tok( mount_crypt_stat, mount_crypt_stat->global_default_fnek_sig, ECRYPTFS_AUTH_TOK_FNEK); if (rc) { printk(KERN_ERR ""Error attempting to register "" ""global fnek sig [%s]; rc = [%d]\n"", mount_crypt_stat->global_default_fnek_sig, rc); goto out; } mount_crypt_stat->flags |= (ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES | ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK); break; case ecryptfs_opt_fn_cipher: fn_cipher_name_src = args[0].from; fn_cipher_name_dst = mount_crypt_stat->global_default_fn_cipher_name; strncpy(fn_cipher_name_dst, fn_cipher_name_src, ECRYPTFS_MAX_CIPHER_NAME_SIZE); mount_crypt_stat->global_default_fn_cipher_name[ ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0'; fn_cipher_name_set = 1; break; case ecryptfs_opt_fn_cipher_key_bytes: fn_cipher_key_bytes_src = args[0].from; fn_cipher_key_bytes = (int)simple_strtol(fn_cipher_key_bytes_src, &fn_cipher_key_bytes_src, 0); mount_crypt_stat->global_default_fn_cipher_key_bytes = fn_cipher_key_bytes; fn_cipher_key_bytes_set = 1; break; case ecryptfs_opt_unlink_sigs: mount_crypt_stat->flags |= ECRYPTFS_UNLINK_SIGS; break; case ecryptfs_opt_mount_auth_tok_only: mount_crypt_stat->flags |= ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY; break; case ecryptfs_opt_err: default: printk(KERN_WARNING ""%s: eCryptfs: unrecognized option [%s]\n"", __func__, p); } } if (!sig_set) { rc = -EINVAL; ecryptfs_printk(KERN_ERR, ""You must supply at least one valid "" ""auth tok signature as a mount "" ""parameter; see the eCryptfs README\n""); goto out; } if (!cipher_name_set) { int cipher_name_len = strlen(ECRYPTFS_DEFAULT_CIPHER); BUG_ON(cipher_name_len >= ECRYPTFS_MAX_CIPHER_NAME_SIZE); strcpy(mount_crypt_stat->global_default_cipher_name, ECRYPTFS_DEFAULT_CIPHER); } if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) && !fn_cipher_name_set) strcpy(mount_crypt_stat->global_default_fn_cipher_name, mount_crypt_stat->global_default_cipher_name); if (!cipher_key_bytes_set) mount_crypt_stat->global_default_cipher_key_size = 0; if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) && !fn_cipher_key_bytes_set) mount_crypt_stat->global_default_fn_cipher_key_bytes = mount_crypt_stat->global_default_cipher_key_size; mutex_lock(&key_tfm_list_mutex); if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name, NULL)) { rc = ecryptfs_add_new_key_tfm( NULL, mount_crypt_stat->global_default_cipher_name, mount_crypt_stat->global_default_cipher_key_size); if (rc) { printk(KERN_ERR ""Error attempting to initialize "" ""cipher with name = [%s] and key size = [%td]; "" ""rc = [%d]\n"", mount_crypt_stat->global_default_cipher_name, mount_crypt_stat->global_default_cipher_key_size, rc); rc = -EINVAL; mutex_unlock(&key_tfm_list_mutex); goto out; } } if ((mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) && !ecryptfs_tfm_exists( mount_crypt_stat->global_default_fn_cipher_name, NULL)) { rc = ecryptfs_add_new_key_tfm( NULL, mount_crypt_stat->global_default_fn_cipher_name, mount_crypt_stat->global_default_fn_cipher_key_bytes); if (rc) { printk(KERN_ERR ""Error attempting to initialize "" ""cipher with name = [%s] and key size = [%td]; "" ""rc = [%d]\n"", mount_crypt_stat->global_default_fn_cipher_name, mount_crypt_stat->global_default_fn_cipher_key_bytes, rc); rc = -EINVAL; mutex_unlock(&key_tfm_list_mutex); goto out; } } mutex_unlock(&key_tfm_list_mutex); rc = ecryptfs_init_global_auth_toks(mount_crypt_stat); if (rc) printk(KERN_WARNING ""One or more global auth toks could not "" ""properly register; rc = [%d]\n"", rc); out: return rc; }",visit repo url,fs/ecryptfs/main.c,https://github.com/torvalds/linux,100141110665274,1 124,CWE-362,"int hci_req_sync(struct hci_dev *hdev, int (*req)(struct hci_request *req, unsigned long opt), unsigned long opt, u32 timeout, u8 *hci_status) { int ret; if (!test_bit(HCI_UP, &hdev->flags)) return -ENETDOWN; hci_req_sync_lock(hdev); ret = __hci_req_sync(hdev, req, opt, timeout, hci_status); hci_req_sync_unlock(hdev); return ret; }",visit repo url,net/bluetooth/hci_request.c,https://github.com/torvalds/linux,123567836926391,1 3237,CWE-125,"isis_print_mt_capability_subtlv(netdissect_options *ndo, const uint8_t *tptr, int len) { int stlv_type, stlv_len, tmp; while (len > 2) { stlv_type = *(tptr++); stlv_len = *(tptr++); ND_PRINT((ndo, ""\n\t %s subTLV #%u, length: %u"", tok2str(isis_mt_capability_subtlv_values, ""unknown"", stlv_type), stlv_type, stlv_len)); len = len - 2; switch (stlv_type) { case ISIS_SUBTLV_SPB_INSTANCE: ND_TCHECK2(*tptr, ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN); ND_PRINT((ndo, ""\n\t CIST Root-ID: %08x"", EXTRACT_32BITS(tptr))); tptr = tptr+4; ND_PRINT((ndo, "" %08x"", EXTRACT_32BITS(tptr))); tptr = tptr+4; ND_PRINT((ndo, "", Path Cost: %08x"", EXTRACT_32BITS(tptr))); tptr = tptr+4; ND_PRINT((ndo, "", Prio: %d"", EXTRACT_16BITS(tptr))); tptr = tptr + 2; ND_PRINT((ndo, ""\n\t RES: %d"", EXTRACT_16BITS(tptr) >> 5)); ND_PRINT((ndo, "", V: %d"", (EXTRACT_16BITS(tptr) >> 4) & 0x0001)); ND_PRINT((ndo, "", SPSource-ID: %d"", (EXTRACT_32BITS(tptr) & 0x000fffff))); tptr = tptr+4; ND_PRINT((ndo, "", No of Trees: %x"", *(tptr))); tmp = *(tptr++); len = len - ISIS_SUBTLV_SPB_INSTANCE_MIN_LEN; while (tmp) { ND_TCHECK2(*tptr, ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN); ND_PRINT((ndo, ""\n\t U:%d, M:%d, A:%d, RES:%d"", *(tptr) >> 7, (*(tptr) >> 6) & 0x01, (*(tptr) >> 5) & 0x01, (*(tptr) & 0x1f))); tptr++; ND_PRINT((ndo, "", ECT: %08x"", EXTRACT_32BITS(tptr))); tptr = tptr + 4; ND_PRINT((ndo, "", BVID: %d, SPVID: %d"", (EXTRACT_24BITS(tptr) >> 12) & 0x000fff, EXTRACT_24BITS(tptr) & 0x000fff)); tptr = tptr + 3; len = len - ISIS_SUBTLV_SPB_INSTANCE_VLAN_TUPLE_LEN; tmp--; } break; case ISIS_SUBTLV_SPBM_SI: ND_TCHECK2(*tptr, 8); ND_PRINT((ndo, ""\n\t BMAC: %08x"", EXTRACT_32BITS(tptr))); tptr = tptr+4; ND_PRINT((ndo, ""%04x"", EXTRACT_16BITS(tptr))); tptr = tptr+2; ND_PRINT((ndo, "", RES: %d, VID: %d"", EXTRACT_16BITS(tptr) >> 12, (EXTRACT_16BITS(tptr)) & 0x0fff)); tptr = tptr+2; len = len - 8; stlv_len = stlv_len - 8; while (stlv_len >= 4) { ND_TCHECK2(*tptr, 4); ND_PRINT((ndo, ""\n\t T: %d, R: %d, RES: %d, ISID: %d"", (EXTRACT_32BITS(tptr) >> 31), (EXTRACT_32BITS(tptr) >> 30) & 0x01, (EXTRACT_32BITS(tptr) >> 24) & 0x03f, (EXTRACT_32BITS(tptr)) & 0x0ffffff)); tptr = tptr + 4; len = len - 4; stlv_len = stlv_len - 4; } break; default: break; } } return 0; trunc: ND_PRINT((ndo, ""\n\t\t"")); ND_PRINT((ndo, ""%s"", tstr)); return(1); }",visit repo url,print-isoclns.c,https://github.com/the-tcpdump-group/tcpdump,275072464731467,1 11,['CWE-264'],"static int pdo_sqlite_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_DC) { pdo_sqlite_db_handle *H; int i, ret = 0; long timeout = 60; char *filename; H = pecalloc(1, sizeof(pdo_sqlite_db_handle), dbh->is_persistent); H->einfo.errcode = 0; H->einfo.errmsg = NULL; dbh->driver_data = H; filename = make_filename_safe(dbh->data_source TSRMLS_CC); if (!filename) { zend_throw_exception_ex(php_pdo_get_exception(), 0 TSRMLS_CC, ""safe_mode/open_basedir prohibits opening %s"", dbh->data_source); goto cleanup; } i = sqlite3_open(filename, &H->db); efree(filename); if (i != SQLITE_OK) { pdo_sqlite_error(dbh); goto cleanup; } if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) { sqlite3_set_authorizer(H->db, authorizer, NULL); } if (driver_options) { timeout = pdo_attr_lval(driver_options, PDO_ATTR_TIMEOUT, timeout TSRMLS_CC); } sqlite3_busy_timeout(H->db, timeout * 1000); dbh->alloc_own_columns = 1; dbh->max_escaped_char_length = 2; ret = 1; cleanup: dbh->methods = &sqlite_methods; return ret; }",php-src,,,184844079778353797002114662800331920666,0 1364,NVD-CWE-noinfo,"int main(void) { int fd, len, sock_opt; int error; struct cn_msg *message; struct pollfd pfd; struct nlmsghdr *incoming_msg; struct cn_msg *incoming_cn_msg; struct hv_kvp_msg *hv_msg; char *p; char *key_value; char *key_name; int op; int pool; char *if_name; struct hv_kvp_ipaddr_value *kvp_ip_val; daemon(1, 0); openlog(""KVP"", 0, LOG_USER); syslog(LOG_INFO, ""KVP starting; pid is:%d"", getpid()); kvp_get_os_info(); if (kvp_file_init()) { syslog(LOG_ERR, ""Failed to initialize the pools""); exit(EXIT_FAILURE); } fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR); if (fd < 0) { syslog(LOG_ERR, ""netlink socket creation failed; error:%d"", fd); exit(EXIT_FAILURE); } addr.nl_family = AF_NETLINK; addr.nl_pad = 0; addr.nl_pid = 0; addr.nl_groups = CN_KVP_IDX; error = bind(fd, (struct sockaddr *)&addr, sizeof(addr)); if (error < 0) { syslog(LOG_ERR, ""bind failed; error:%d"", error); close(fd); exit(EXIT_FAILURE); } sock_opt = addr.nl_groups; setsockopt(fd, 270, 1, &sock_opt, sizeof(sock_opt)); message = (struct cn_msg *)kvp_send_buffer; message->id.idx = CN_KVP_IDX; message->id.val = CN_KVP_VAL; hv_msg = (struct hv_kvp_msg *)message->data; hv_msg->kvp_hdr.operation = KVP_OP_REGISTER1; message->ack = 0; message->len = sizeof(struct hv_kvp_msg); len = netlink_send(fd, message); if (len < 0) { syslog(LOG_ERR, ""netlink_send failed; error:%d"", len); close(fd); exit(EXIT_FAILURE); } pfd.fd = fd; while (1) { struct sockaddr *addr_p = (struct sockaddr *) &addr; socklen_t addr_l = sizeof(addr); pfd.events = POLLIN; pfd.revents = 0; poll(&pfd, 1, -1); len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, &addr_l); if (len < 0 || addr.nl_pid) { syslog(LOG_ERR, ""recvfrom failed; pid:%u error:%d %s"", addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data; op = hv_msg->kvp_hdr.operation; pool = hv_msg->kvp_hdr.pool; hv_msg->error = HV_S_OK; if ((in_hand_shake) && (op == KVP_OP_REGISTER1)) { in_hand_shake = 0; p = (char *)hv_msg->body.kvp_register.version; lic_version = malloc(strlen(p) + 1); if (lic_version) { strcpy(lic_version, p); syslog(LOG_INFO, ""KVP LIC Version: %s"", lic_version); } else { syslog(LOG_ERR, ""malloc failed""); } continue; } switch (op) { case KVP_OP_GET_IP_INFO: kvp_ip_val = &hv_msg->body.kvp_ip_val; if_name = kvp_mac_to_if_name((char *)kvp_ip_val->adapter_id); if (if_name == NULL) { hv_msg->error = HV_E_FAIL; break; } error = kvp_get_ip_info( 0, if_name, KVP_OP_GET_IP_INFO, kvp_ip_val, (MAX_IP_ADDR_SIZE * 2)); if (error) hv_msg->error = error; free(if_name); break; case KVP_OP_SET_IP_INFO: kvp_ip_val = &hv_msg->body.kvp_ip_val; if_name = kvp_get_if_name( (char *)kvp_ip_val->adapter_id); if (if_name == NULL) { hv_msg->error = HV_GUID_NOTFOUND; break; } error = kvp_set_ip_info(if_name, kvp_ip_val); if (error) hv_msg->error = error; free(if_name); break; case KVP_OP_SET: if (kvp_key_add_or_modify(pool, hv_msg->body.kvp_set.data.key, hv_msg->body.kvp_set.data.key_size, hv_msg->body.kvp_set.data.value, hv_msg->body.kvp_set.data.value_size)) hv_msg->error = HV_S_CONT; break; case KVP_OP_GET: if (kvp_get_value(pool, hv_msg->body.kvp_set.data.key, hv_msg->body.kvp_set.data.key_size, hv_msg->body.kvp_set.data.value, hv_msg->body.kvp_set.data.value_size)) hv_msg->error = HV_S_CONT; break; case KVP_OP_DELETE: if (kvp_key_delete(pool, hv_msg->body.kvp_delete.key, hv_msg->body.kvp_delete.key_size)) hv_msg->error = HV_S_CONT; break; default: break; } if (op != KVP_OP_ENUMERATE) goto kvp_done; if (pool != KVP_POOL_AUTO) { if (kvp_pool_enumerate(pool, hv_msg->body.kvp_enum_data.index, hv_msg->body.kvp_enum_data.data.key, HV_KVP_EXCHANGE_MAX_KEY_SIZE, hv_msg->body.kvp_enum_data.data.value, HV_KVP_EXCHANGE_MAX_VALUE_SIZE)) hv_msg->error = HV_S_CONT; goto kvp_done; } hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data; key_name = (char *)hv_msg->body.kvp_enum_data.data.key; key_value = (char *)hv_msg->body.kvp_enum_data.data.value; switch (hv_msg->body.kvp_enum_data.index) { case FullyQualifiedDomainName: kvp_get_domain_name(key_value, HV_KVP_EXCHANGE_MAX_VALUE_SIZE); strcpy(key_name, ""FullyQualifiedDomainName""); break; case IntegrationServicesVersion: strcpy(key_name, ""IntegrationServicesVersion""); strcpy(key_value, lic_version); break; case NetworkAddressIPv4: kvp_get_ip_info(AF_INET, NULL, KVP_OP_ENUMERATE, key_value, HV_KVP_EXCHANGE_MAX_VALUE_SIZE); strcpy(key_name, ""NetworkAddressIPv4""); break; case NetworkAddressIPv6: kvp_get_ip_info(AF_INET6, NULL, KVP_OP_ENUMERATE, key_value, HV_KVP_EXCHANGE_MAX_VALUE_SIZE); strcpy(key_name, ""NetworkAddressIPv6""); break; case OSBuildNumber: strcpy(key_value, os_build); strcpy(key_name, ""OSBuildNumber""); break; case OSName: strcpy(key_value, os_name); strcpy(key_name, ""OSName""); break; case OSMajorVersion: strcpy(key_value, os_major); strcpy(key_name, ""OSMajorVersion""); break; case OSMinorVersion: strcpy(key_value, os_minor); strcpy(key_name, ""OSMinorVersion""); break; case OSVersion: strcpy(key_value, os_version); strcpy(key_name, ""OSVersion""); break; case ProcessorArchitecture: strcpy(key_value, processor_arch); strcpy(key_name, ""ProcessorArchitecture""); break; default: hv_msg->error = HV_S_CONT; break; } kvp_done: incoming_cn_msg->id.idx = CN_KVP_IDX; incoming_cn_msg->id.val = CN_KVP_VAL; incoming_cn_msg->ack = 0; incoming_cn_msg->len = sizeof(struct hv_kvp_msg); len = netlink_send(fd, incoming_cn_msg); if (len < 0) { syslog(LOG_ERR, ""net_link send failed; error:%d"", len); exit(EXIT_FAILURE); } } }",visit repo url,tools/hv/hv_kvp_daemon.c,https://github.com/torvalds/linux,134181899025588,1 725,[],"static int jpc_siz_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_siz_t *siz = &ms->parms.siz; unsigned int i; fprintf(out, ""caps = 0x%02x;\n"", siz->caps); fprintf(out, ""width = %d; height = %d; xoff = %d; yoff = %d;\n"", siz->width, siz->height, siz->xoff, siz->yoff); fprintf(out, ""tilewidth = %d; tileheight = %d; tilexoff = %d; "" ""tileyoff = %d;\n"", siz->tilewidth, siz->tileheight, siz->tilexoff, siz->tileyoff); for (i = 0; i < siz->numcomps; ++i) { fprintf(out, ""prec[%d] = %d; sgnd[%d] = %d; hsamp[%d] = %d; "" ""vsamp[%d] = %d\n"", i, siz->comps[i].prec, i, siz->comps[i].sgnd, i, siz->comps[i].hsamp, i, siz->comps[i].vsamp); } return 0; }",jasper,,,196765200548862931795559938819663192347,0 1753,NVD-CWE-Other,"static int ati_remote2_probe(struct usb_interface *interface, const struct usb_device_id *id) { struct usb_device *udev = interface_to_usbdev(interface); struct usb_host_interface *alt = interface->cur_altsetting; struct ati_remote2 *ar2; int r; if (alt->desc.bInterfaceNumber) return -ENODEV; ar2 = kzalloc(sizeof (struct ati_remote2), GFP_KERNEL); if (!ar2) return -ENOMEM; ar2->udev = udev; ar2->intf[0] = interface; ar2->ep[0] = &alt->endpoint[0].desc; ar2->intf[1] = usb_ifnum_to_if(udev, 1); r = usb_driver_claim_interface(&ati_remote2_driver, ar2->intf[1], ar2); if (r) goto fail1; alt = ar2->intf[1]->cur_altsetting; ar2->ep[1] = &alt->endpoint[0].desc; r = ati_remote2_urb_init(ar2); if (r) goto fail2; ar2->channel_mask = channel_mask; ar2->mode_mask = mode_mask; r = ati_remote2_setup(ar2, ar2->channel_mask); if (r) goto fail2; usb_make_path(udev, ar2->phys, sizeof(ar2->phys)); strlcat(ar2->phys, ""/input0"", sizeof(ar2->phys)); strlcat(ar2->name, ""ATI Remote Wonder II"", sizeof(ar2->name)); r = sysfs_create_group(&udev->dev.kobj, &ati_remote2_attr_group); if (r) goto fail2; r = ati_remote2_input_init(ar2); if (r) goto fail3; usb_set_intfdata(interface, ar2); interface->needs_remote_wakeup = 1; return 0; fail3: sysfs_remove_group(&udev->dev.kobj, &ati_remote2_attr_group); fail2: ati_remote2_urb_cleanup(ar2); usb_driver_release_interface(&ati_remote2_driver, ar2->intf[1]); fail1: kfree(ar2); return r; }",visit repo url,drivers/input/misc/ati_remote2.c,https://github.com/torvalds/linux,50700916838771,1 5535,CWE-125,"obj2ast_mod(PyObject* obj, mod_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; if (obj == Py_None) { *out = NULL; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Module_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; asdl_seq* type_ignores; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Module field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Module field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Module""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_type_ignores)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_type_ignores); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Module field \""type_ignores\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); type_ignores = _Ta3_asdl_seq_new(len, arena); if (type_ignores == NULL) goto failed; for (i = 0; i < len; i++) { type_ignore_ty value; res = obj2ast_type_ignore(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Module field \""type_ignores\"" changed size during iteration""); goto failed; } asdl_seq_SET(type_ignores, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""type_ignores\"" missing from Module""); return 1; } *out = Module(body, type_ignores, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Interactive_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Interactive field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Interactive field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Interactive""); return 1; } *out = Interactive(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Expression_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty body; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &body, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Expression""); return 1; } *out = Expression(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)FunctionType_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* argtypes; expr_ty returns; if (_PyObject_HasAttrId(obj, &PyId_argtypes)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_argtypes); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionType field \""argtypes\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); argtypes = _Ta3_asdl_seq_new(len, arena); if (argtypes == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionType field \""argtypes\"" changed size during iteration""); goto failed; } asdl_seq_SET(argtypes, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""argtypes\"" missing from FunctionType""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_returns)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_returns); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""returns\"" missing from FunctionType""); return 1; } *out = FunctionType(argtypes, returns, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Suite_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Suite field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Suite field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Suite""); return 1; } *out = Suite(body, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of mod, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,245161245447634,1 6373,[],"void cstylefprint (FILE *fptr, variableLength *vl) { gint index; for (index=0;indexsize-1; index++) { if (vl->data[index] == '\n') { fprintf(fptr, ""\\n""); } else if (vl->data[index] == '\r') { } else if (vl->data[index] == ';') { fprintf(fptr, ""\\;""); } else if (vl->data[index] == ',') { fprintf(fptr, ""\\,""); } else if (vl->data[index] == '\\') { fprintf(fptr, ""\\""); } else { fprintf(fptr, ""%c"", vl->data[index]); } } }",evolution,,,278757797616004165432301923574563021245,0 4438,CWE-125,"gen_assignment(codegen_scope *s, node *tree, node *rhs, int sp, int val) { int idx; int type = nint(tree->car); switch (type) { case NODE_GVAR: case NODE_ARG: case NODE_LVAR: case NODE_IVAR: case NODE_CVAR: case NODE_CONST: case NODE_NIL: case NODE_MASGN: if (rhs) { codegen(s, rhs, VAL); pop(); sp = cursp(); } break; case NODE_COLON2: case NODE_CALL: case NODE_SCALL: break; case NODE_NVAR: codegen_error(s, ""Can't assign to numbered parameter""); break; default: codegen_error(s, ""unknown lhs""); break; } tree = tree->cdr; switch (type) { case NODE_GVAR: gen_setxv(s, OP_SETGV, sp, nsym(tree), val); break; case NODE_ARG: case NODE_LVAR: idx = lv_idx(s, nsym(tree)); if (idx > 0) { if (idx != sp) { gen_move(s, idx, sp, val); } break; } else { gen_setupvar(s, sp, nsym(tree)); } break; case NODE_IVAR: gen_setxv(s, OP_SETIV, sp, nsym(tree), val); break; case NODE_CVAR: gen_setxv(s, OP_SETCV, sp, nsym(tree), val); break; case NODE_CONST: gen_setxv(s, OP_SETCONST, sp, nsym(tree), val); break; case NODE_COLON2: if (sp) { gen_move(s, cursp(), sp, 0); } sp = cursp(); push(); codegen(s, tree->car, VAL); if (rhs) { codegen(s, rhs, VAL); pop(); gen_move(s, sp, cursp(), 0); } pop_n(2); idx = new_sym(s, nsym(tree->cdr)); genop_2(s, OP_SETMCNST, sp, idx); break; case NODE_CALL: case NODE_SCALL: { int noself = 0, safe = (type == NODE_SCALL), skip = 0, top, call, n = 0; mrb_sym mid = nsym(tree->cdr->car); top = cursp(); if (val || sp == cursp()) { push(); } call = cursp(); if (!tree->car) { noself = 1; push(); } else { codegen(s, tree->car, VAL); } if (safe) { int recv = cursp()-1; gen_move(s, cursp(), recv, 1); skip = genjmp2_0(s, OP_JMPNIL, cursp(), val); } tree = tree->cdr->cdr->car; if (tree) { if (tree->car) { n = gen_values(s, tree->car, VAL, (tree->cdr->car)?13:14); if (n < 0) { n = 15; push(); } } if (tree->cdr->car) { if (n == 14) { pop_n(n); genop_2(s, OP_ARRAY, cursp(), n); push(); n = 15; } gen_hash(s, tree->cdr->car->cdr, VAL, 0); if (n < 14) { n++; } else { pop_n(2); genop_2(s, OP_ARYPUSH, cursp(), 1); } push(); } } if (rhs) { codegen(s, rhs, VAL); pop(); } else { gen_move(s, cursp(), sp, 0); } if (val) { gen_move(s, top, cursp(), 1); } if (n < 15) { n++; if (n == 15) { pop_n(14); genop_2(s, OP_ARRAY, cursp(), 15); } } else { pop(); genop_2(s, OP_ARYPUSH, cursp(), 1); } s->sp = call; if (mid == MRB_OPSYM_2(s->mrb, aref) && n == 2) { genop_1(s, OP_SETIDX, cursp()); } else { genop_3(s, noself ? OP_SSEND : OP_SEND, cursp(), new_sym(s, attrsym(s, mid)), n); } if (safe) { dispatch(s, skip); } s->sp = top; } break; case NODE_MASGN: gen_massignment(s, tree->car, sp, val); break; case NODE_NIL: break; default: codegen_error(s, ""unknown lhs""); break; } if (val) push(); }",visit repo url,mrbgems/mruby-compiler/core/codegen.c,https://github.com/mruby/mruby,160433137357967,1 1968,CWE-401,"int i2400m_op_rfkill_sw_toggle(struct wimax_dev *wimax_dev, enum wimax_rf_state state) { int result; struct i2400m *i2400m = wimax_dev_to_i2400m(wimax_dev); struct device *dev = i2400m_dev(i2400m); struct sk_buff *ack_skb; struct { struct i2400m_l3l4_hdr hdr; struct i2400m_tlv_rf_operation sw_rf; } __packed *cmd; char strerr[32]; d_fnstart(4, dev, ""(wimax_dev %p state %d)\n"", wimax_dev, state); result = -ENOMEM; cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); if (cmd == NULL) goto error_alloc; cmd->hdr.type = cpu_to_le16(I2400M_MT_CMD_RF_CONTROL); cmd->hdr.length = sizeof(cmd->sw_rf); cmd->hdr.version = cpu_to_le16(I2400M_L3L4_VERSION); cmd->sw_rf.hdr.type = cpu_to_le16(I2400M_TLV_RF_OPERATION); cmd->sw_rf.hdr.length = cpu_to_le16(sizeof(cmd->sw_rf.status)); switch (state) { case WIMAX_RF_OFF: cmd->sw_rf.status = cpu_to_le32(2); break; case WIMAX_RF_ON: cmd->sw_rf.status = cpu_to_le32(1); break; default: BUG(); } ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd)); result = PTR_ERR(ack_skb); if (IS_ERR(ack_skb)) { dev_err(dev, ""Failed to issue 'RF Control' command: %d\n"", result); goto error_msg_to_dev; } result = i2400m_msg_check_status(wimax_msg_data(ack_skb), strerr, sizeof(strerr)); if (result < 0) { dev_err(dev, ""'RF Control' (0x%04x) command failed: %d - %s\n"", I2400M_MT_CMD_RF_CONTROL, result, strerr); goto error_cmd; } result = wait_event_timeout( i2400m->state_wq, i2400m_radio_is(i2400m, state), 5 * HZ); if (result == 0) result = -ETIMEDOUT; if (result < 0) dev_err(dev, ""Error waiting for device to toggle RF state: "" ""%d\n"", result); result = 0; error_cmd: kfree(cmd); kfree_skb(ack_skb); error_msg_to_dev: error_alloc: d_fnend(4, dev, ""(wimax_dev %p state %d) = %d\n"", wimax_dev, state, result); return result; }",visit repo url,drivers/net/wimax/i2400m/op-rfkill.c,https://github.com/torvalds/linux,31909536412644,1 1048,['CWE-20'],"int blocking_notifier_call_chain(struct blocking_notifier_head *nh, unsigned long val, void *v) { int ret = NOTIFY_DONE; if (rcu_dereference(nh->head)) { down_read(&nh->rwsem); ret = notifier_call_chain(&nh->head, val, v); up_read(&nh->rwsem); } return ret; }",linux-2.6,,,92576983155639517925270470977155264573,0 1107,['CWE-399'],"void signal_fault(struct pt_regs *regs, void __user *frame, char *where) { struct task_struct *me = current; if (show_unhandled_signals && printk_ratelimit()) { printk(""%s[%d] bad frame in %s frame:%p ip:%lx sp:%lx orax:%lx"", me->comm,me->pid,where,frame,regs->ip,regs->sp,regs->orig_ax); print_vma_addr("" in "", regs->ip); printk(""\n""); } force_sig(SIGSEGV, me); } ",linux-2.6,,,76866205656147263637985059775111367387,0 2741,CWE-476," */ static void php_wddx_pop_element(void *user_data, const XML_Char *name) { st_entry *ent1, *ent2; wddx_stack *stack = (wddx_stack *)user_data; HashTable *target_hash; zend_class_entry *pce; zval obj; if (stack->top == 0) { return; } if (!strcmp((char *)name, EL_STRING) || !strcmp((char *)name, EL_NUMBER) || !strcmp((char *)name, EL_BOOLEAN) || !strcmp((char *)name, EL_NULL) || !strcmp((char *)name, EL_ARRAY) || !strcmp((char *)name, EL_STRUCT) || !strcmp((char *)name, EL_RECORDSET) || !strcmp((char *)name, EL_BINARY) || !strcmp((char *)name, EL_DATETIME)) { wddx_stack_top(stack, (void**)&ent1); if (Z_TYPE(ent1->data) == IS_UNDEF) { if (stack->top > 1) { stack->top--; } else { stack->done = 1; } efree(ent1); return; } if (!strcmp((char *)name, EL_BINARY)) { zend_string *new_str = php_base64_decode( (unsigned char *)Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); zval_ptr_dtor(&ent1->data); ZVAL_STR(&ent1->data, new_str); } if (Z_TYPE(ent1->data) == IS_OBJECT) { zval fname, retval; ZVAL_STRING(&fname, ""__wakeup""); call_user_function_ex(NULL, &ent1->data, &fname, &retval, 0, 0, 0, NULL); zval_ptr_dtor(&fname); zval_ptr_dtor(&retval); } if (stack->top > 1) { stack->top--; wddx_stack_top(stack, (void**)&ent2); if (ent2->type == ST_FIELD && Z_ISUNDEF(ent2->data)) { zval_ptr_dtor(&ent1->data); efree(ent1); return; } if (Z_TYPE(ent2->data) == IS_ARRAY || Z_TYPE(ent2->data) == IS_OBJECT) { target_hash = HASH_OF(&ent2->data); if (ent1->varname) { if (!strcmp(ent1->varname, PHP_CLASS_NAME_VAR) && Z_TYPE(ent1->data) == IS_STRING && Z_STRLEN(ent1->data) && ent2->type == ST_STRUCT && Z_TYPE(ent2->data) == IS_ARRAY) { zend_bool incomplete_class = 0; zend_str_tolower(Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); zend_string_forget_hash_val(Z_STR(ent1->data)); if ((pce = zend_hash_find_ptr(EG(class_table), Z_STR(ent1->data))) == NULL) { incomplete_class = 1; pce = PHP_IC_ENTRY; } object_init_ex(&obj, pce); zend_hash_merge(Z_OBJPROP(obj), Z_ARRVAL(ent2->data), zval_add_ref, 0); if (incomplete_class) { php_store_class_name(&obj, Z_STRVAL(ent1->data), Z_STRLEN(ent1->data)); } zval_ptr_dtor(&ent2->data); ZVAL_COPY_VALUE(&ent2->data, &obj); zval_ptr_dtor(&ent1->data); } else if (Z_TYPE(ent2->data) == IS_OBJECT) { zend_class_entry *old_scope = EG(scope); EG(scope) = Z_OBJCE(ent2->data); add_property_zval(&ent2->data, ent1->varname, &ent1->data); if Z_REFCOUNTED(ent1->data) Z_DELREF(ent1->data); EG(scope) = old_scope; } else { zend_symtable_str_update(target_hash, ent1->varname, strlen(ent1->varname), &ent1->data); } efree(ent1->varname); } else { zend_hash_next_index_insert(target_hash, &ent1->data); } } efree(ent1); } else { stack->done = 1; } } else if (!strcmp((char *)name, EL_VAR) && stack->varname) { efree(stack->varname); stack->varname = NULL; } else if (!strcmp((char *)name, EL_FIELD)) { st_entry *ent; wddx_stack_top(stack, (void **)&ent); efree(ent); stack->top--; }",visit repo url,ext/wddx/wddx.c,https://github.com/php/php-src,75271249522785,1 6656,NVD-CWE-noinfo,"static void create_layer_surface(struct swaylock_surface *surface) { struct swaylock_state *state = surface->state; surface->image = select_image(state, surface); surface->surface = wl_compositor_create_surface(state->compositor); assert(surface->surface); surface->child = wl_compositor_create_surface(state->compositor); assert(surface->child); surface->subsurface = wl_subcompositor_get_subsurface(state->subcompositor, surface->child, surface->surface); assert(surface->subsurface); wl_subsurface_set_sync(surface->subsurface); surface->layer_surface = zwlr_layer_shell_v1_get_layer_surface( state->layer_shell, surface->surface, surface->output, ZWLR_LAYER_SHELL_V1_LAYER_OVERLAY, ""lockscreen""); assert(surface->layer_surface); zwlr_layer_surface_v1_set_size(surface->layer_surface, 0, 0); zwlr_layer_surface_v1_set_anchor(surface->layer_surface, ZWLR_LAYER_SURFACE_V1_ANCHOR_TOP | ZWLR_LAYER_SURFACE_V1_ANCHOR_RIGHT | ZWLR_LAYER_SURFACE_V1_ANCHOR_BOTTOM | ZWLR_LAYER_SURFACE_V1_ANCHOR_LEFT); zwlr_layer_surface_v1_set_exclusive_zone(surface->layer_surface, -1); zwlr_layer_surface_v1_set_keyboard_interactivity( surface->layer_surface, true); zwlr_layer_surface_v1_add_listener(surface->layer_surface, &layer_surface_listener, surface); if (surface_is_opaque(surface) && surface->state->args.mode != BACKGROUND_MODE_CENTER && surface->state->args.mode != BACKGROUND_MODE_FIT) { struct wl_region *region = wl_compositor_create_region(surface->state->compositor); wl_region_add(region, 0, 0, INT32_MAX, INT32_MAX); wl_surface_set_opaque_region(surface->surface, region); wl_region_destroy(region); } wl_surface_commit(surface->surface); }",visit repo url,main.c,https://github.com/swaywm/swaylock,273772777291436,1 4270,['CWE-264'],"static int unshare_fd(unsigned long unshare_flags, struct files_struct **new_fdp) { struct files_struct *fd = current->files; int error = 0; if ((unshare_flags & CLONE_FILES) && (fd && atomic_read(&fd->count) > 1)) { *new_fdp = dup_fd(fd, &error); if (!*new_fdp) return error; } return 0; }",linux-2.6,,,336783909468798418550482051143665084846,0 700,CWE-20,"static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int err = 0; lock_sock(sk); if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) { err = -ENOTCONN; goto out; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (!ax25_sk(sk)->pidincl) skb_pull(skb, 1); skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (msg->msg_namelen != 0) { struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; ax25_digi digi; ax25_address src; const unsigned char *mac = skb_mac_header(skb); memset(sax, 0, sizeof(struct full_sockaddr_ax25)); ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, &digi, NULL, NULL); sax->sax25_family = AF_AX25; sax->sax25_ndigis = digi.ndigi; sax->sax25_call = src; if (sax->sax25_ndigis != 0) { int ct; struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax; for (ct = 0; ct < digi.ndigi; ct++) fsa->fsa_digipeater[ct] = digi.calls[ct]; } msg->msg_namelen = sizeof(struct full_sockaddr_ax25); } skb_free_datagram(sk, skb); err = copied; out: release_sock(sk); return err; }",visit repo url,net/ax25/af_ax25.c,https://github.com/torvalds/linux,113629503405761,1 1183,CWE-400,"static inline int do_exception(struct pt_regs *regs, int access, unsigned long trans_exc_code) { struct task_struct *tsk; struct mm_struct *mm; struct vm_area_struct *vma; unsigned long address; unsigned int flags; int fault; if (notify_page_fault(regs)) return 0; tsk = current; mm = tsk->mm; fault = VM_FAULT_BADCONTEXT; if (unlikely(!user_space_fault(trans_exc_code) || in_atomic() || !mm)) goto out; address = trans_exc_code & __FAIL_ADDR_MASK; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, 0, regs, address); flags = FAULT_FLAG_ALLOW_RETRY; if (access == VM_WRITE || (trans_exc_code & store_indication) == 0x400) flags |= FAULT_FLAG_WRITE; retry: down_read(&mm->mmap_sem); fault = VM_FAULT_BADMAP; vma = find_vma(mm, address); if (!vma) goto out_up; if (unlikely(vma->vm_start > address)) { if (!(vma->vm_flags & VM_GROWSDOWN)) goto out_up; if (expand_stack(vma, address)) goto out_up; } fault = VM_FAULT_BADACCESS; if (unlikely(!(vma->vm_flags & access))) goto out_up; if (is_vm_hugetlb_page(vma)) address &= HPAGE_MASK; fault = handle_mm_fault(mm, vma, address, flags); if (unlikely(fault & VM_FAULT_ERROR)) goto out_up; if (flags & FAULT_FLAG_ALLOW_RETRY) { if (fault & VM_FAULT_MAJOR) { tsk->maj_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, 0, regs, address); } else { tsk->min_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, 0, regs, address); } if (fault & VM_FAULT_RETRY) { flags &= ~FAULT_FLAG_ALLOW_RETRY; goto retry; } } clear_tsk_thread_flag(tsk, TIF_PER_TRAP); fault = 0; out_up: up_read(&mm->mmap_sem); out: return fault; }",visit repo url,arch/s390/mm/fault.c,https://github.com/torvalds/linux,73965319756107,1 5161,CWE-125,"builtin_compile_impl(PyObject *module, PyObject *source, PyObject *filename, const char *mode, int flags, int dont_inherit, int optimize) { PyObject *source_copy; const char *str; int compile_mode = -1; int is_ast; PyCompilerFlags cf; int start[] = {Py_file_input, Py_eval_input, Py_single_input}; PyObject *result; cf.cf_flags = flags | PyCF_SOURCE_IS_UTF8; if (flags & ~(PyCF_MASK | PyCF_MASK_OBSOLETE | PyCF_DONT_IMPLY_DEDENT | PyCF_ONLY_AST)) { PyErr_SetString(PyExc_ValueError, ""compile(): unrecognised flags""); goto error; } if (optimize < -1 || optimize > 2) { PyErr_SetString(PyExc_ValueError, ""compile(): invalid optimize value""); goto error; } if (!dont_inherit) { PyEval_MergeCompilerFlags(&cf); } if (strcmp(mode, ""exec"") == 0) compile_mode = 0; else if (strcmp(mode, ""eval"") == 0) compile_mode = 1; else if (strcmp(mode, ""single"") == 0) compile_mode = 2; else { PyErr_SetString(PyExc_ValueError, ""compile() mode must be 'exec', 'eval' or 'single'""); goto error; } is_ast = PyAST_Check(source); if (is_ast == -1) goto error; if (is_ast) { if (flags & PyCF_ONLY_AST) { Py_INCREF(source); result = source; } else { PyArena *arena; mod_ty mod; arena = PyArena_New(); if (arena == NULL) goto error; mod = PyAST_obj2mod(source, arena, compile_mode); if (mod == NULL) { PyArena_Free(arena); goto error; } if (!PyAST_Validate(mod)) { PyArena_Free(arena); goto error; } result = (PyObject*)PyAST_CompileObject(mod, filename, &cf, optimize, arena); PyArena_Free(arena); } goto finally; } str = source_as_string(source, ""compile"", ""string, bytes or AST"", &cf, &source_copy); if (str == NULL) goto error; result = Py_CompileStringObject(str, filename, start[compile_mode], &cf, optimize); Py_XDECREF(source_copy); goto finally; error: result = NULL; finally: Py_DECREF(filename); return result; }",visit repo url,Python/bltinmodule.c,https://github.com/python/cpython,12353106264337,1 2100,[],"static int udplite_v4_get_port(struct sock *sk, unsigned short snum) { return udplite_get_port(sk, snum, ipv4_rcv_saddr_equal); }",linux-2.6,,,26468956851248998329036075614260542831,0 5548,[],"static int rm_from_queue(unsigned long mask, struct sigpending *s) { struct sigqueue *q, *n; if (!sigtestsetmask(&s->signal, mask)) return 0; sigdelsetmask(&s->signal, mask); list_for_each_entry_safe(q, n, &s->list, list) { if (q->info.si_signo < SIGRTMIN && (mask & sigmask(q->info.si_signo))) { list_del_init(&q->list); __sigqueue_free(q); } } return 1; }",linux-2.6,,,100111120052845174280508603834922070374,0 6585,['CWE-200'],"nma_set_wireless_enabled_cb (GtkWidget *widget, NMApplet *applet) { gboolean state; g_return_if_fail (applet != NULL); state = gtk_check_menu_item_get_active (GTK_CHECK_MENU_ITEM (widget)); nm_client_wireless_set_enabled (applet->nm_client, state); }",network-manager-applet,,,176995476222577250108700387720724555061,0 4132,[],"static void ibwdt_ping(void) { spin_lock(&ibwdt_lock); outb_p(wd_margin, WDT_START); spin_unlock(&ibwdt_lock); }",linux-2.6,,,76895744921290699347570828780799700173,0 3402,CWE-787,"static Image *ReadWPGImage(const ImageInfo *image_info, ExceptionInfo *exception) { typedef struct { size_t FileId; MagickOffsetType DataOffset; unsigned int ProductType; unsigned int FileType; unsigned char MajorVersion; unsigned char MinorVersion; unsigned int EncryptKey; unsigned int Reserved; } WPGHeader; typedef struct { unsigned char RecType; size_t RecordLength; } WPGRecord; typedef struct { unsigned char Class; unsigned char RecType; size_t Extension; size_t RecordLength; } WPG2Record; typedef struct { unsigned HorizontalUnits; unsigned VerticalUnits; unsigned char PosSizePrecision; } WPG2Start; typedef struct { unsigned int Width; unsigned int Height; unsigned int Depth; unsigned int HorzRes; unsigned int VertRes; } WPGBitmapType1; typedef struct { unsigned int Width; unsigned int Height; unsigned char Depth; unsigned char Compression; } WPG2BitmapType1; typedef struct { unsigned int RotAngle; unsigned int LowLeftX; unsigned int LowLeftY; unsigned int UpRightX; unsigned int UpRightY; unsigned int Width; unsigned int Height; unsigned int Depth; unsigned int HorzRes; unsigned int VertRes; } WPGBitmapType2; typedef struct { unsigned int StartIndex; unsigned int NumOfEntries; } WPGColorMapRec; Image *image; unsigned int status; WPGHeader Header; WPGRecord Rec; WPG2Record Rec2; WPG2Start StartWPG; WPGBitmapType1 BitmapHeader1; WPG2BitmapType1 Bitmap2Header1; WPGBitmapType2 BitmapHeader2; WPGColorMapRec WPG_Palette; int i, bpp, WPG2Flags; ssize_t ldblk; size_t one; unsigned char *BImgBuff; tCTM CTM; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); one=1; image=AcquireImage(image_info,exception); image->depth=8; status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } Header.FileId=ReadBlobLSBLong(image); Header.DataOffset=(MagickOffsetType) ReadBlobLSBLong(image); Header.ProductType=ReadBlobLSBShort(image); Header.FileType=ReadBlobLSBShort(image); Header.MajorVersion=ReadBlobByte(image); Header.MinorVersion=ReadBlobByte(image); Header.EncryptKey=ReadBlobLSBShort(image); Header.Reserved=ReadBlobLSBShort(image); if (Header.FileId!=0x435057FF || (Header.ProductType>>8)!=0x16) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (Header.EncryptKey!=0) ThrowReaderException(CoderError,""EncryptedWPGImageFileNotSupported""); image->columns = 1; image->rows = 1; image->colors = 0; bpp=0; BitmapHeader2.RotAngle=0; switch(Header.FileType) { case 1: while(!EOFBlob(image)) { (void) SeekBlob(image,Header.DataOffset,SEEK_SET); if(EOFBlob(image)) break; Rec.RecType=(i=ReadBlobByte(image)); if(i==EOF) break; Rd_WP_DWORD(image,&Rec.RecordLength); if(EOFBlob(image)) break; Header.DataOffset=TellBlob(image)+Rec.RecordLength; switch(Rec.RecType) { case 0x0B: BitmapHeader1.Width=ReadBlobLSBShort(image); BitmapHeader1.Height=ReadBlobLSBShort(image); if ((BitmapHeader1.Width == 0) || (BitmapHeader1.Height == 0)) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); BitmapHeader1.Depth=ReadBlobLSBShort(image); BitmapHeader1.HorzRes=ReadBlobLSBShort(image); BitmapHeader1.VertRes=ReadBlobLSBShort(image); if(BitmapHeader1.HorzRes && BitmapHeader1.VertRes) { image->units=PixelsPerCentimeterResolution; image->resolution.x=BitmapHeader1.HorzRes/470.0; image->resolution.y=BitmapHeader1.VertRes/470.0; } image->columns=BitmapHeader1.Width; image->rows=BitmapHeader1.Height; bpp=BitmapHeader1.Depth; goto UnpackRaster; case 0x0E: WPG_Palette.StartIndex=ReadBlobLSBShort(image); WPG_Palette.NumOfEntries=ReadBlobLSBShort(image); image->colors=WPG_Palette.NumOfEntries; if (!AcquireImageColormap(image,image->colors,exception)) goto NoMemory; for (i=WPG_Palette.StartIndex; i < (int)WPG_Palette.NumOfEntries; i++) { image->colormap[i].red=ScaleCharToQuantum((unsigned char) ReadBlobByte(image)); image->colormap[i].green=ScaleCharToQuantum((unsigned char) ReadBlobByte(image)); image->colormap[i].blue=ScaleCharToQuantum((unsigned char) ReadBlobByte(image)); } break; case 0x11: if(Rec.RecordLength > 8) image=ExtractPostscript(image,image_info, TellBlob(image)+8, (ssize_t) Rec.RecordLength-8,exception); break; case 0x14: BitmapHeader2.RotAngle=ReadBlobLSBShort(image); BitmapHeader2.LowLeftX=ReadBlobLSBShort(image); BitmapHeader2.LowLeftY=ReadBlobLSBShort(image); BitmapHeader2.UpRightX=ReadBlobLSBShort(image); BitmapHeader2.UpRightY=ReadBlobLSBShort(image); BitmapHeader2.Width=ReadBlobLSBShort(image); BitmapHeader2.Height=ReadBlobLSBShort(image); if ((BitmapHeader2.Width == 0) || (BitmapHeader2.Height == 0)) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); BitmapHeader2.Depth=ReadBlobLSBShort(image); BitmapHeader2.HorzRes=ReadBlobLSBShort(image); BitmapHeader2.VertRes=ReadBlobLSBShort(image); image->units=PixelsPerCentimeterResolution; image->page.width=(unsigned int) ((BitmapHeader2.LowLeftX-BitmapHeader2.UpRightX)/470.0); image->page.height=(unsigned int) ((BitmapHeader2.LowLeftX-BitmapHeader2.UpRightY)/470.0); image->page.x=(int) (BitmapHeader2.LowLeftX/470.0); image->page.y=(int) (BitmapHeader2.LowLeftX/470.0); if(BitmapHeader2.HorzRes && BitmapHeader2.VertRes) { image->resolution.x=BitmapHeader2.HorzRes/470.0; image->resolution.y=BitmapHeader2.VertRes/470.0; } image->columns=BitmapHeader2.Width; image->rows=BitmapHeader2.Height; bpp=BitmapHeader2.Depth; UnpackRaster: if ((image->colors == 0) && (bpp != 24)) { image->colors=one << bpp; if (!AcquireImageColormap(image,image->colors,exception)) { NoMemory: ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } for (i=0; (i < (int) image->colors) && (i < 256); i++) { image->colormap[i].red=ScaleCharToQuantum(WPG1_Palette[i].Red); image->colormap[i].green=ScaleCharToQuantum(WPG1_Palette[i].Green); image->colormap[i].blue=ScaleCharToQuantum(WPG1_Palette[i].Blue); } } else { if (bpp < 24) if ( (image->colors < (one << bpp)) && (bpp != 24) ) image->colormap=(PixelInfo *) ResizeQuantumMemory( image->colormap,(size_t) (one << bpp), sizeof(*image->colormap)); } if (bpp == 1) { if(image->colormap[0].red==0 && image->colormap[0].green==0 && image->colormap[0].blue==0 && image->colormap[1].red==0 && image->colormap[1].green==0 && image->colormap[1].blue==0) { image->colormap[1].red = image->colormap[1].green = image->colormap[1].blue = QuantumRange; } } if(UnpackWPGRaster(image,bpp,exception) < 0) { DecompressionFailed: ThrowReaderException(CoderError,""UnableToDecompressImage""); } if(Rec.RecType==0x14 && BitmapHeader2.RotAngle!=0 && !image_info->ping) { if(BitmapHeader2.RotAngle & 0x8000) { Image *flop_image; flop_image = FlopImage(image, exception); if (flop_image != (Image *) NULL) { DuplicateBlob(flop_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flop_image); } } if(BitmapHeader2.RotAngle & 0x2000) { Image *flip_image; flip_image = FlipImage(image, exception); if (flip_image != (Image *) NULL) { DuplicateBlob(flip_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flip_image); } } if(BitmapHeader2.RotAngle & 0x0FFF) { Image *rotate_image; rotate_image=RotateImage(image,(BitmapHeader2.RotAngle & 0x0FFF), exception); if (rotate_image != (Image *) NULL) { DuplicateBlob(rotate_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,rotate_image); } } } AcquireNextImage(image_info,image,exception); image->depth=8; if (image->next == (Image *) NULL) goto Finish; image=SyncNextImageInList(image); image->columns=image->rows=0; image->colors=0; break; case 0x1B: if(Rec.RecordLength>0x3C) image=ExtractPostscript(image,image_info, TellBlob(image)+0x3C, (ssize_t) Rec.RecordLength-0x3C,exception); break; } } break; case 2: (void) memset(CTM,0,sizeof(CTM)); StartWPG.PosSizePrecision = 0; while(!EOFBlob(image)) { (void) SeekBlob(image,Header.DataOffset,SEEK_SET); if(EOFBlob(image)) break; Rec2.Class=(i=ReadBlobByte(image)); if(i==EOF) break; Rec2.RecType=(i=ReadBlobByte(image)); if(i==EOF) break; Rd_WP_DWORD(image,&Rec2.Extension); Rd_WP_DWORD(image,&Rec2.RecordLength); if(EOFBlob(image)) break; Header.DataOffset=TellBlob(image)+Rec2.RecordLength; switch(Rec2.RecType) { case 1: StartWPG.HorizontalUnits=ReadBlobLSBShort(image); StartWPG.VerticalUnits=ReadBlobLSBShort(image); StartWPG.PosSizePrecision=ReadBlobByte(image); break; case 0x0C: WPG_Palette.StartIndex=ReadBlobLSBShort(image); WPG_Palette.NumOfEntries=ReadBlobLSBShort(image); image->colors=WPG_Palette.NumOfEntries; if (AcquireImageColormap(image,image->colors,exception) == MagickFalse) ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); for (i=WPG_Palette.StartIndex; i < (int)WPG_Palette.NumOfEntries; i++) { image->colormap[i].red=ScaleCharToQuantum((char) ReadBlobByte(image)); image->colormap[i].green=ScaleCharToQuantum((char) ReadBlobByte(image)); image->colormap[i].blue=ScaleCharToQuantum((char) ReadBlobByte(image)); (void) ReadBlobByte(image); } break; case 0x0E: Bitmap2Header1.Width=ReadBlobLSBShort(image); Bitmap2Header1.Height=ReadBlobLSBShort(image); if ((Bitmap2Header1.Width == 0) || (Bitmap2Header1.Height == 0)) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); Bitmap2Header1.Depth=ReadBlobByte(image); Bitmap2Header1.Compression=ReadBlobByte(image); if(Bitmap2Header1.Compression > 1) continue; switch(Bitmap2Header1.Depth) { case 1: bpp=1; break; case 2: bpp=2; break; case 3: bpp=4; break; case 4: bpp=8; break; case 8: bpp=24; break; default: continue; } image->columns=Bitmap2Header1.Width; image->rows=Bitmap2Header1.Height; if ((image->colors == 0) && (bpp != 24)) { size_t one; one=1; image->colors=one << bpp; if (!AcquireImageColormap(image,image->colors,exception)) goto NoMemory; } else { if(bpp < 24) if( image->colors<(one << bpp) && bpp!=24 ) image->colormap=(PixelInfo *) ResizeQuantumMemory( image->colormap,(size_t) (one << bpp), sizeof(*image->colormap)); } switch(Bitmap2Header1.Compression) { case 0: { ldblk=(ssize_t) ((bpp*image->columns+7)/8); BImgBuff=(unsigned char *) AcquireQuantumMemory((size_t) ldblk+1,sizeof(*BImgBuff)); if (BImgBuff == (unsigned char *) NULL) goto NoMemory; for(i=0; i< (ssize_t) image->rows; i++) { (void) ReadBlob(image,ldblk,BImgBuff); InsertRow(image,BImgBuff,i,bpp,exception); } if(BImgBuff) BImgBuff=(unsigned char *) RelinquishMagickMemory(BImgBuff);; break; } case 1: { if( UnpackWPG2Raster(image,bpp,exception) < 0) goto DecompressionFailed; break; } } if(CTM[0][0]<0 && !image_info->ping) { Image *flop_image; flop_image = FlopImage(image, exception); if (flop_image != (Image *) NULL) { DuplicateBlob(flop_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flop_image); } } if(CTM[1][1]<0 && !image_info->ping) { Image *flip_image; flip_image = FlipImage(image, exception); if (flip_image != (Image *) NULL) { DuplicateBlob(flip_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flip_image); } } AcquireNextImage(image_info,image,exception); image->depth=8; if (image->next == (Image *) NULL) goto Finish; image=SyncNextImageInList(image); image->columns=image->rows=1; image->colors=0; break; case 0x12: i=ReadBlobLSBShort(image); if(Rec2.RecordLength > (unsigned int) i) image=ExtractPostscript(image,image_info, TellBlob(image)+i, (ssize_t) (Rec2.RecordLength-i-2),exception); break; case 0x1B: WPG2Flags = LoadWPG2Flags(image,StartWPG.PosSizePrecision,NULL,&CTM); (void) WPG2Flags; break; } } break; default: { ThrowReaderException(CoderError,""DataEncodingSchemeIsNotSupported""); } } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); Finish: (void) CloseBlob(image); { Image *p; ssize_t scene=0; p=image; image=NULL; while (p != (Image *) NULL) { Image *tmp=p; if ((p->rows == 0) || (p->columns == 0)) { p=p->previous; DeleteImageFromList(&tmp); } else { image=p; p=p->previous; } } for (p=image; p != (Image *) NULL; p=p->next) p->scene=(size_t) scene++; } if (image == (Image *) NULL) ThrowReaderException(CorruptImageError, ""ImageFileDoesNotContainAnyImageData""); return(image); }",visit repo url,coders/wpg.c,https://github.com/ImageMagick/ImageMagick,240801737573477,1 4706,['CWE-20'],"void ext4_inode_bitmap_set(struct super_block *sb, struct ext4_group_desc *bg, ext4_fsblk_t blk) { bg->bg_inode_bitmap_lo = cpu_to_le32((u32)blk); if (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT) bg->bg_inode_bitmap_hi = cpu_to_le32(blk >> 32); }",linux-2.6,,,100896415055841183633752503325685575292,0 4759,CWE-119,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 5845,CWE-120,"void pjsua_init_tpselector(pjsua_transport_id tp_id, pjsip_tpselector *sel) { pjsua_transport_data *tpdata; unsigned flag; pj_bzero(sel, sizeof(*sel)); if (tp_id == PJSUA_INVALID_ID) return; pj_assert(tp_id >= 0 && tp_id < (int)PJ_ARRAY_SIZE(pjsua_var.tpdata)); tpdata = &pjsua_var.tpdata[tp_id]; flag = pjsip_transport_get_flag_from_type(tpdata->type); if (flag & PJSIP_TRANSPORT_DATAGRAM) { sel->type = PJSIP_TPSELECTOR_TRANSPORT; sel->u.transport = tpdata->data.tp; } else { sel->type = PJSIP_TPSELECTOR_LISTENER; sel->u.listener = tpdata->data.factory; } }",visit repo url,pjsip/src/pjsua-lib/pjsua_core.c,https://github.com/pjsip/pjproject,211850742670827,1 155,CWE-362,"static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) { struct sock *sk = sock->sk; int err; BT_DBG(""sock %p, sk %p"", sock, sk); err = sock_error(sk); if (err) return err; if (msg->msg_flags & MSG_OOB) return -EOPNOTSUPP; lock_sock(sk); if (sk->sk_state == BT_CONNECTED) err = sco_send_frame(sk, msg, len); else err = -ENOTCONN; release_sock(sk); return err; }",visit repo url,net/bluetooth/sco.c,https://github.com/torvalds/linux,125898630952018,1 6619,['CWE-200'],"foo_set_icon (NMApplet *applet, GdkPixbuf *pixbuf, guint32 layer) { int i; if (layer > ICON_LAYER_MAX) { g_warning (""Tried to icon to invalid layer %d"", layer); return; } if (applet->icon_layers[layer] == pixbuf) return; if (applet->icon_layers[layer]) { g_object_unref (applet->icon_layers[layer]); applet->icon_layers[layer] = NULL; } if (pixbuf) applet->icon_layers[layer] = g_object_ref (pixbuf); if (!applet->icon_layers[0]) { pixbuf = g_object_ref (applet->no_connection_icon); } else { pixbuf = gdk_pixbuf_copy (applet->icon_layers[0]); for (i = ICON_LAYER_LINK + 1; i <= ICON_LAYER_MAX; i++) { GdkPixbuf *top = applet->icon_layers[i]; if (!top) continue; gdk_pixbuf_composite (top, pixbuf, 0, 0, gdk_pixbuf_get_width (top), gdk_pixbuf_get_height (top), 0, 0, 1.0, 1.0, GDK_INTERP_NEAREST, 255); } } gtk_status_icon_set_from_pixbuf (applet->status_icon, pixbuf); g_object_unref (pixbuf); }",network-manager-applet,,,116179233250540622814991876757994908052,0 185,[],"asmlinkage long compat_sys_nfsservctl(int cmd, struct compat_nfsctl_arg __user *arg, union compat_nfsctl_res __user *res) { struct nfsctl_arg *karg; union nfsctl_res *kres; mm_segment_t oldfs; int err; karg = kmalloc(sizeof(*karg), GFP_USER); kres = kmalloc(sizeof(*kres), GFP_USER); if(!karg || !kres) { err = -ENOMEM; goto done; } switch(cmd) { case NFSCTL_SVC: err = compat_nfs_svc_trans(karg, arg); break; case NFSCTL_ADDCLIENT: err = compat_nfs_clnt_trans(karg, arg); break; case NFSCTL_DELCLIENT: err = compat_nfs_clnt_trans(karg, arg); break; case NFSCTL_EXPORT: case NFSCTL_UNEXPORT: err = compat_nfs_exp_trans(karg, arg); break; case NFSCTL_GETFD: err = compat_nfs_getfd_trans(karg, arg); break; case NFSCTL_GETFS: err = compat_nfs_getfs_trans(karg, arg); break; default: err = -EINVAL; break; } if (err) goto done; oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_nfsservctl(cmd, (void __user *) karg, (void __user *) kres); set_fs(oldfs); if (err) goto done; if((cmd == NFSCTL_GETFD) || (cmd == NFSCTL_GETFS)) err = compat_nfs_getfh_res_trans(kres, res); done: kfree(karg); kfree(kres); return err; }",linux-2.6,,,306045678805081829119018004309564989390,0 4632,CWE-476,"GF_Err text_box_read(GF_Box *s, GF_BitStream *bs) { GF_Err e; u16 pSize; GF_TextSampleEntryBox *ptr = (GF_TextSampleEntryBox*)s; ISOM_DECREASE_SIZE(ptr, 51); e = gf_isom_base_sample_entry_read((GF_SampleEntryBox *)ptr, bs); if (e) return e; ptr->displayFlags = gf_bs_read_u32(bs); ptr->textJustification = gf_bs_read_u32(bs); gf_bs_read_data(bs, ptr->background_color, 6); gpp_read_box(bs, &ptr->default_box); gf_bs_read_data(bs, ptr->reserved1, 8); ptr->fontNumber = gf_bs_read_u16(bs); ptr->fontFace = gf_bs_read_u16(bs); ptr->reserved2 = gf_bs_read_u8(bs); ptr->reserved3 = gf_bs_read_u16(bs); gf_bs_read_data(bs, ptr->foreground_color, 6); if (!ptr->size) return GF_OK; ISOM_DECREASE_SIZE(ptr, 1); pSize = gf_bs_read_u8(bs); if (ptr->size < pSize) { u32 b_size = pSize; size_t i = 0; GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] text box doesn't use a Pascal string: trying to decode anyway.\n"")); ptr->textName = (char*)gf_malloc((size_t)ptr->size + 1 + 1); if (!ptr->textName) return GF_OUT_OF_MEM; do { char c = (char)b_size; if (c == '\0') { break; } else if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) { ptr->textName[i] = c; } else { gf_free(ptr->textName); ptr->textName = NULL; GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] text box doesn't use a Pascal string and contains non-chars. Abort.\n"")); return GF_ISOM_INVALID_FILE; } i++; if (!ptr->size) break; ptr->size--; b_size = gf_bs_read_u8(bs); } while (b_size); ptr->textName[i] = '\0'; GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] text box doesn't use a Pascal string: \""%s\"" detected.\n"", ptr->textName)); return GF_OK; } if (pSize) { ptr->textName = (char*) gf_malloc(pSize+1 * sizeof(char)); if (!ptr->textName) return GF_OUT_OF_MEM; if (gf_bs_read_data(bs, ptr->textName, pSize) != pSize) { gf_free(ptr->textName); ptr->textName = NULL; return GF_ISOM_INVALID_FILE; } ptr->textName[pSize] = '\0'; } ISOM_DECREASE_SIZE(ptr, pSize); return gf_isom_box_array_read(s, bs); }",visit repo url,src/isomedia/box_code_3gpp.c,https://github.com/gpac/gpac,80208973320542,1 1970,['CWE-20'],"unsigned long zap_page_range(struct vm_area_struct *vma, unsigned long address, unsigned long size, struct zap_details *details) { struct mm_struct *mm = vma->vm_mm; struct mmu_gather *tlb; unsigned long end = address + size; unsigned long nr_accounted = 0; lru_add_drain(); tlb = tlb_gather_mmu(mm, 0); update_hiwater_rss(mm); end = unmap_vmas(&tlb, vma, address, end, &nr_accounted, details); if (tlb) tlb_finish_mmu(tlb, address, end); return end; }",linux-2.6,,,77264296928777430406788764428565893921,0 4612,CWE-190,"static s32 gf_avc_read_sps_bs_internal(GF_BitStream *bs, AVCState *avc, u32 subseq_sps, u32 *vui_flag_pos, u32 nal_hdr) { AVC_SPS *sps; s32 mb_width, mb_height, sps_id = -1; u32 profile_idc, level_idc, pcomp, i, chroma_format_idc, cl = 0, cr = 0, ct = 0, cb = 0, luma_bd, chroma_bd; u8 separate_colour_plane_flag = 0; if (!vui_flag_pos) { gf_bs_enable_emulation_byte_removal(bs, GF_TRUE); } if (!bs) { return -1; } if (!nal_hdr) { gf_bs_read_int_log(bs, 1, ""forbidden_zero_bit""); gf_bs_read_int_log(bs, 2, ""nal_ref_idc""); gf_bs_read_int_log(bs, 5, ""nal_unit_type""); } profile_idc = gf_bs_read_int_log(bs, 8, ""profile_idc""); pcomp = gf_bs_read_int_log(bs, 8, ""profile_compatibility""); if (pcomp & 0x3) return -1; level_idc = gf_bs_read_int_log(bs, 8, ""level_idc""); sps_id = gf_bs_read_ue_log(bs, ""sps_id"") + GF_SVC_SSPS_ID_SHIFT * subseq_sps; if (sps_id >= 32) { return -1; } if (sps_id < 0) { return -1; } luma_bd = chroma_bd = 0; sps = &avc->sps[sps_id]; chroma_format_idc = sps->ChromaArrayType = 1; sps->state |= subseq_sps ? AVC_SUBSPS_PARSED : AVC_SPS_PARSED; switch (profile_idc) { case 100: case 110: case 122: case 244: case 44: if (pcomp & 0xE0) return -1; case 83: case 86: case 118: case 128: chroma_format_idc = gf_bs_read_ue_log(bs, ""chroma_format_idc""); sps->ChromaArrayType = chroma_format_idc; if (chroma_format_idc == 3) { separate_colour_plane_flag = gf_bs_read_int_log(bs, 1, ""separate_colour_plane_flag""); if (separate_colour_plane_flag) sps->ChromaArrayType = 0; } luma_bd = gf_bs_read_ue_log(bs, ""luma_bit_depth""); chroma_bd = gf_bs_read_ue_log(bs, ""chroma_bit_depth""); gf_bs_read_int_log(bs, 1, ""qpprime_y_zero_transform_bypass_flag""); if (gf_bs_read_int_log(bs, 1, ""seq_scaling_matrix_present_flag"")) { u32 k; for (k = 0; k < 8; k++) { if (gf_bs_read_int_log_idx(bs, 1, ""seq_scaling_list_present_flag"", k)) { u32 z, last = 8, next = 8; u32 sl = k < 6 ? 16 : 64; for (z = 0; z < sl; z++) { if (next) { s32 delta = gf_bs_read_se(bs); next = (last + delta + 256) % 256; } last = next ? next : last; } } } } break; } sps->profile_idc = profile_idc; sps->level_idc = level_idc; sps->prof_compat = pcomp; sps->log2_max_frame_num = gf_bs_read_ue_log(bs, ""log2_max_frame_num"") + 4; sps->poc_type = gf_bs_read_ue_log(bs, ""poc_type""); sps->chroma_format = chroma_format_idc; sps->luma_bit_depth_m8 = luma_bd; sps->chroma_bit_depth_m8 = chroma_bd; if (sps->poc_type == 0) { sps->log2_max_poc_lsb = gf_bs_read_ue_log(bs, ""log2_max_poc_lsb"") + 4; } else if (sps->poc_type == 1) { sps->delta_pic_order_always_zero_flag = gf_bs_read_int_log(bs, 1, ""delta_pic_order_always_zero_flag""); sps->offset_for_non_ref_pic = gf_bs_read_se_log(bs, ""offset_for_non_ref_pic""); sps->offset_for_top_to_bottom_field = gf_bs_read_se_log(bs, ""offset_for_top_to_bottom_field""); sps->poc_cycle_length = gf_bs_read_ue_log(bs, ""poc_cycle_length""); if (sps->poc_cycle_length > GF_ARRAY_LENGTH(sps->offset_for_ref_frame)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[avc-h264] offset_for_ref_frame overflow from poc_cycle_length\n"")); return -1; } for (i = 0; i < sps->poc_cycle_length; i++) sps->offset_for_ref_frame[i] = gf_bs_read_se_log_idx(bs, ""offset_for_ref_frame"", i); } if (sps->poc_type > 2) { return -1; } sps->max_num_ref_frames = gf_bs_read_ue_log(bs, ""max_num_ref_frames""); sps->gaps_in_frame_num_value_allowed_flag = gf_bs_read_int_log(bs, 1, ""gaps_in_frame_num_value_allowed_flag""); mb_width = gf_bs_read_ue_log(bs, ""pic_width_in_mbs_minus1"") + 1; mb_height = gf_bs_read_ue_log(bs, ""pic_height_in_map_units_minus1"") + 1; sps->frame_mbs_only_flag = gf_bs_read_int_log(bs, 1, ""frame_mbs_only_flag""); sps->width = mb_width * 16; sps->height = (2 - sps->frame_mbs_only_flag) * mb_height * 16; if (!sps->frame_mbs_only_flag) sps->mb_adaptive_frame_field_flag = gf_bs_read_int_log(bs, 1, ""mb_adaptive_frame_field_flag""); gf_bs_read_int_log(bs, 1, ""direct_8x8_inference_flag""); if (gf_bs_read_int_log(bs, 1, ""frame_cropping_flag"")) { int CropUnitX, CropUnitY, SubWidthC = -1, SubHeightC = -1; if (chroma_format_idc == 1) { SubWidthC = 2; SubHeightC = 2; } else if (chroma_format_idc == 2) { SubWidthC = 2; SubHeightC = 1; } else if ((chroma_format_idc == 3) && (separate_colour_plane_flag == 0)) { SubWidthC = 1; SubHeightC = 1; } if (sps->ChromaArrayType == 0) { assert(SubWidthC == -1); CropUnitX = 1; CropUnitY = 2 - sps->frame_mbs_only_flag; } else { CropUnitX = SubWidthC; CropUnitY = SubHeightC * (2 - sps->frame_mbs_only_flag); } cl = gf_bs_read_ue_log(bs, ""frame_crop_left_offset""); cr = gf_bs_read_ue_log(bs, ""frame_crop_right_offset""); ct = gf_bs_read_ue_log(bs, ""frame_crop_top_offset""); cb = gf_bs_read_ue_log(bs, ""frame_crop_bottom_offset""); sps->width -= CropUnitX * (cl + cr); sps->height -= CropUnitY * (ct + cb); cl *= CropUnitX; cr *= CropUnitX; ct *= CropUnitY; cb *= CropUnitY; } sps->crop.left = cl; sps->crop.right = cr; sps->crop.top = ct; sps->crop.bottom = cb; if (vui_flag_pos) { *vui_flag_pos = (u32)gf_bs_get_bit_offset(bs); } sps->vui_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_parameters_present_flag""); if (sps->vui_parameters_present_flag) { sps->vui.aspect_ratio_info_present_flag = gf_bs_read_int_log(bs, 1, ""aspect_ratio_info_present_flag""); if (sps->vui.aspect_ratio_info_present_flag) { s32 aspect_ratio_idc = gf_bs_read_int_log(bs, 8, ""aspect_ratio_idc""); if (aspect_ratio_idc == 255) { sps->vui.par_num = gf_bs_read_int_log(bs, 16, ""aspect_ratio_num""); sps->vui.par_den = gf_bs_read_int_log(bs, 16, ""aspect_ratio_den""); } else if (aspect_ratio_idc < GF_ARRAY_LENGTH(avc_hevc_sar) ) { sps->vui.par_num = avc_hevc_sar[aspect_ratio_idc].w; sps->vui.par_den = avc_hevc_sar[aspect_ratio_idc].h; } else { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[avc-h264] Unknown aspect_ratio_idc: your video may have a wrong aspect ratio. Contact the GPAC team!\n"")); } } sps->vui.overscan_info_present_flag = gf_bs_read_int_log(bs, 1, ""overscan_info_present_flag""); if (sps->vui.overscan_info_present_flag) gf_bs_read_int_log(bs, 1, ""overscan_appropriate_flag""); sps->vui.video_format = 5; sps->vui.colour_primaries = 2; sps->vui.transfer_characteristics = 2; sps->vui.matrix_coefficients = 2; sps->vui.video_signal_type_present_flag = gf_bs_read_int_log(bs, 1, ""video_signal_type_present_flag""); if (sps->vui.video_signal_type_present_flag) { sps->vui.video_format = gf_bs_read_int_log(bs, 3, ""video_format""); sps->vui.video_full_range_flag = gf_bs_read_int_log(bs, 1, ""video_full_range_flag""); sps->vui.colour_description_present_flag = gf_bs_read_int_log(bs, 1, ""colour_description_present_flag""); if (sps->vui.colour_description_present_flag) { sps->vui.colour_primaries = gf_bs_read_int_log(bs, 8, ""colour_primaries""); sps->vui.transfer_characteristics = gf_bs_read_int_log(bs, 8, ""transfer_characteristics""); sps->vui.matrix_coefficients = gf_bs_read_int_log(bs, 8, ""matrix_coefficients""); } } if (gf_bs_read_int_log(bs, 1, ""chroma_location_info_present_flag"")) { gf_bs_read_ue_log(bs, ""chroma_sample_location_type_top_field""); gf_bs_read_ue_log(bs, ""chroma_sample_location_type_bottom_field""); } sps->vui.timing_info_present_flag = gf_bs_read_int_log(bs, 1, ""timing_info_present_flag""); if (sps->vui.timing_info_present_flag) { sps->vui.num_units_in_tick = gf_bs_read_int_log(bs, 32, ""num_units_in_tick""); sps->vui.time_scale = gf_bs_read_int_log(bs, 32, ""time_scale""); sps->vui.fixed_frame_rate_flag = gf_bs_read_int_log(bs, 1, ""fixed_frame_rate_flag""); } sps->vui.nal_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""nal_hrd_parameters_present_flag""); if (sps->vui.nal_hrd_parameters_present_flag) avc_parse_hrd_parameters(bs, &sps->vui.hrd); sps->vui.vcl_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vcl_hrd_parameters_present_flag""); if (sps->vui.vcl_hrd_parameters_present_flag) avc_parse_hrd_parameters(bs, &sps->vui.hrd); if (sps->vui.nal_hrd_parameters_present_flag || sps->vui.vcl_hrd_parameters_present_flag) sps->vui.low_delay_hrd_flag = gf_bs_read_int_log(bs, 1, ""low_delay_hrd_flag""); sps->vui.pic_struct_present_flag = gf_bs_read_int_log(bs, 1, ""pic_struct_present_flag""); } if (subseq_sps) { if ((profile_idc == 83) || (profile_idc == 86)) { u8 extended_spatial_scalability_idc; gf_bs_read_int_log(bs, 1, ""inter_layer_deblocking_filter_control_present_flag""); extended_spatial_scalability_idc = gf_bs_read_int_log(bs, 2, ""extended_spatial_scalability_idc""); if (sps->ChromaArrayType == 1 || sps->ChromaArrayType == 2) { gf_bs_read_int_log(bs, 1, ""chroma_phase_x_plus1_flag""); } if (sps->ChromaArrayType == 1) { gf_bs_read_int_log(bs, 2, ""chroma_phase_y_plus1""); } if (extended_spatial_scalability_idc == 1) { if (sps->ChromaArrayType > 0) { gf_bs_read_int_log(bs, 1, ""seq_ref_layer_chroma_phase_x_plus1_flag""); gf_bs_read_int_log(bs, 2, ""seq_ref_layer_chroma_phase_y_plus1""); } gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_left_offset""); gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_top_offset""); gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_right_offset""); gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_bottom_offset""); } if (gf_bs_read_int_log(bs, 1, ""seq_tcoeff_level_prediction_flag"")) { gf_bs_read_int_log(bs, 1, ""adaptive_tcoeff_level_prediction_flag""); } gf_bs_read_int_log(bs, 1, ""slice_header_restriction_flag""); if (gf_bs_read_int_log(bs, 1, ""svc_vui_parameters_present"")) { u32 vui_ext_num_entries_minus1 = gf_bs_read_ue_log(bs, ""vui_ext_num_entries_minus1""); for (i = 0; i <= vui_ext_num_entries_minus1; i++) { u8 vui_ext_nal_hrd_parameters_present_flag, vui_ext_vcl_hrd_parameters_present_flag, vui_ext_timing_info_present_flag; gf_bs_read_int_log(bs, 3, ""vui_ext_dependency_id""); gf_bs_read_int_log(bs, 4, ""vui_ext_quality_id""); gf_bs_read_int_log(bs, 3, ""vui_ext_temporal_id""); vui_ext_timing_info_present_flag = gf_bs_read_int_log(bs, 1, ""vui_ext_timing_info_present_flag""); if (vui_ext_timing_info_present_flag) { gf_bs_read_int_log(bs, 32, ""vui_ext_num_units_in_tick""); gf_bs_read_int_log(bs, 32, ""vui_ext_time_scale""); gf_bs_read_int_log(bs, 1, ""vui_ext_fixed_frame_rate_flag""); } vui_ext_nal_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_ext_nal_hrd_parameters_present_flag""); if (vui_ext_nal_hrd_parameters_present_flag) { } vui_ext_vcl_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_ext_vcl_hrd_parameters_present_flag""); if (vui_ext_vcl_hrd_parameters_present_flag) { } if (vui_ext_nal_hrd_parameters_present_flag || vui_ext_vcl_hrd_parameters_present_flag) { gf_bs_read_int_log(bs, 1, ""vui_ext_low_delay_hrd_flag""); } gf_bs_read_int_log(bs, 1, ""vui_ext_pic_struct_present_flag""); } } } else if ((profile_idc == 118) || (profile_idc == 128)) { GF_LOG(GF_LOG_INFO, GF_LOG_CODING, (""[avc-h264] MVC parsing not implemented - skipping parsing end of Subset SPS\n"")); return sps_id; } if (gf_bs_read_int_log(bs, 1, ""additional_extension2"")) { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[avc-h264] skipping parsing end of Subset SPS (additional_extension2)\n"")); return sps_id; } } return sps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,260169268145613,1 4628,CWE-476,"GF_Box *mp4s_box_new() { ISOM_DECL_BOX_ALLOC(GF_MPEGSampleEntryBox, GF_ISOM_BOX_TYPE_MP4S); gf_isom_sample_entry_init((GF_SampleEntryBox*)tmp); tmp->internal_type = GF_ISOM_SAMPLE_ENTRY_MP4S; return (GF_Box *)tmp; }",visit repo url,src/isomedia/box_code_base.c,https://github.com/gpac/gpac,207139806808502,1 126,[],"static int compat_nfs_getfd_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg) { if (!access_ok(VERIFY_READ, &arg->ca32_getfd, sizeof(arg->ca32_getfd)) || get_user(karg->ca_version, &arg->ca32_version) || __copy_from_user(&karg->ca_getfd.gd_addr, &arg->ca32_getfd.gd32_addr, (sizeof(struct sockaddr))) || __copy_from_user(&karg->ca_getfd.gd_path, &arg->ca32_getfd.gd32_path, (NFS_MAXPATHLEN+1)) || __get_user(karg->ca_getfd.gd_version, &arg->ca32_getfd.gd32_version)) return -EFAULT; return 0; }",linux-2.6,,,64366057696539380395893280292057589402,0 3687,CWE-119,"ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) { struct session_state *state = ssh->state; const u_char *ssh1key, *ivin, *ivout, *keyin, *keyout, *input, *output; size_t ssh1keylen, rlen, slen, ilen, olen; int r; u_int ssh1cipher = 0; if (!compat20) { if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 || (r = sshbuf_get_u32(m, &ssh1cipher)) != 0 || (r = sshbuf_get_string_direct(m, &ssh1key, &ssh1keylen)) != 0 || (r = sshbuf_get_string_direct(m, &ivout, &slen)) != 0 || (r = sshbuf_get_string_direct(m, &ivin, &rlen)) != 0) return r; if (ssh1cipher > INT_MAX) return SSH_ERR_KEY_UNKNOWN_CIPHER; ssh_packet_set_encryption_key(ssh, ssh1key, ssh1keylen, (int)ssh1cipher); if (cipher_get_keyiv_len(state->send_context) != (int)slen || cipher_get_keyiv_len(state->receive_context) != (int)rlen) return SSH_ERR_INVALID_FORMAT; if ((r = cipher_set_keyiv(state->send_context, ivout)) != 0 || (r = cipher_set_keyiv(state->receive_context, ivin)) != 0) return r; } else { if ((r = kex_from_blob(m, &ssh->kex)) != 0 || (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || (r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 || (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || (r = sshbuf_get_u32(m, &state->p_send.packets)) != 0 || (r = sshbuf_get_u64(m, &state->p_send.bytes)) != 0 || (r = sshbuf_get_u32(m, &state->p_read.seqnr)) != 0 || (r = sshbuf_get_u64(m, &state->p_read.blocks)) != 0 || (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) return r; state->rekey_time = monotime(); if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) return r; } if ((r = sshbuf_get_string_direct(m, &keyout, &slen)) != 0 || (r = sshbuf_get_string_direct(m, &keyin, &rlen)) != 0) return r; if (cipher_get_keycontext(state->send_context, NULL) != (int)slen || cipher_get_keycontext(state->receive_context, NULL) != (int)rlen) return SSH_ERR_INVALID_FORMAT; cipher_set_keycontext(state->send_context, keyout); cipher_set_keycontext(state->receive_context, keyin); if ((r = ssh_packet_set_compress_state(ssh, m)) != 0 || (r = ssh_packet_set_postauth(ssh)) != 0) return r; sshbuf_reset(state->input); sshbuf_reset(state->output); if ((r = sshbuf_get_string_direct(m, &input, &ilen)) != 0 || (r = sshbuf_get_string_direct(m, &output, &olen)) != 0 || (r = sshbuf_put(state->input, input, ilen)) != 0 || (r = sshbuf_put(state->output, output, olen)) != 0) return r; if (sshbuf_len(m)) return SSH_ERR_INVALID_FORMAT; debug3(""%s: done"", __func__); return 0; }",visit repo url,usr.bin/ssh/packet.c,https://github.com/openbsd/src,130300262114824,1 2191,['CWE-193'],"grab_cache_page_nowait(struct address_space *mapping, pgoff_t index) { struct page *page = find_get_page(mapping, index); if (page) { if (!TestSetPageLocked(page)) return page; page_cache_release(page); return NULL; } page = __page_cache_alloc(mapping_gfp_mask(mapping) & ~__GFP_FS); if (page && add_to_page_cache_lru(page, mapping, index, GFP_KERNEL)) { page_cache_release(page); page = NULL; } return page; }",linux-2.6,,,198677207685572332374685072825403681892,0 25,NVD-CWE-Other,"int main(argc, argv) int argc; char *argv[]; { krb5_data pname_data, tkt_data; int sock = 0; socklen_t l; int retval; struct sockaddr_in l_inaddr, f_inaddr; krb5_creds creds, *new_creds; krb5_ccache cc; krb5_data msgtext, msg; krb5_context context; krb5_auth_context auth_context = NULL; #ifndef DEBUG freopen(""/tmp/uu-server.log"", ""w"", stderr); #endif retval = krb5_init_context(&context); if (retval) { com_err(argv[0], retval, ""while initializing krb5""); exit(1); } #ifdef DEBUG { int one = 1; int acc; struct servent *sp; socklen_t namelen = sizeof(f_inaddr); if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) { com_err(""uu-server"", errno, ""creating socket""); exit(3); } l_inaddr.sin_family = AF_INET; l_inaddr.sin_addr.s_addr = 0; if (argc == 2) { l_inaddr.sin_port = htons(atoi(argv[1])); } else { if (!(sp = getservbyname(""uu-sample"", ""tcp""))) { com_err(""uu-server"", 0, ""can't find uu-sample/tcp service""); exit(3); } l_inaddr.sin_port = sp->s_port; } (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one)); if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) { com_err(""uu-server"", errno, ""binding socket""); exit(3); } if (listen(sock, 1) == -1) { com_err(""uu-server"", errno, ""listening""); exit(3); } printf(""Server started\n""); fflush(stdout); if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) { com_err(""uu-server"", errno, ""accepting""); exit(3); } dup2(acc, 0); close(sock); sock = 0; } #endif retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data); if (retval) { com_err (""uu-server"", retval, ""reading pname""); return 2; } retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data); if (retval) { com_err (""uu-server"", retval, ""reading ticket data""); return 2; } retval = krb5_cc_default(context, &cc); if (retval) { com_err(""uu-server"", retval, ""getting credentials cache""); return 4; } memset (&creds, 0, sizeof(creds)); retval = krb5_cc_get_principal(context, cc, &creds.client); if (retval) { com_err(""uu-client"", retval, ""getting principal name""); return 6; } printf (""uu-server: client principal is \""%s\"".\n"", pname_data.data); retval = krb5_parse_name(context, pname_data.data, &creds.server); if (retval) { com_err(""uu-server"", retval, ""parsing client name""); return 3; } creds.second_ticket = tkt_data; printf (""uu-server: client ticket is %d bytes.\n"", creds.second_ticket.length); retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc, &creds, &new_creds); if (retval) { com_err(""uu-server"", retval, ""getting user-user ticket""); return 5; } #ifndef DEBUG l = sizeof(f_inaddr); if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1) { com_err(""uu-server"", errno, ""getting client address""); return 6; } #endif l = sizeof(l_inaddr); if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1) { com_err(""uu-server"", errno, ""getting local address""); return 6; } retval = krb5_auth_con_init(context, &auth_context); if (retval) { com_err(""uu-server"", retval, ""making auth_context""); return 8; } retval = krb5_auth_con_setflags(context, auth_context, KRB5_AUTH_CONTEXT_DO_SEQUENCE); if (retval) { com_err(""uu-server"", retval, ""initializing the auth_context flags""); return 8; } retval = krb5_auth_con_genaddrs(context, auth_context, sock, KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR | KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR); if (retval) { com_err(""uu-server"", retval, ""generating addrs for auth_context""); return 9; } #if 1 retval = krb5_mk_req_extended(context, &auth_context, AP_OPTS_USE_SESSION_KEY, NULL, new_creds, &msg); if (retval) { com_err(""uu-server"", retval, ""making AP_REQ""); return 8; } retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); #else retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock, ""???"", 0, 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY, NULL, &creds, cc, NULL, NULL, NULL); #endif if (retval) goto cl_short_wrt; free(msg.data); msgtext.length = 32; msgtext.data = ""Hello, other end of connection.""; retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL); if (retval) { com_err(""uu-server"", retval, ""encoding message to client""); return 6; } retval = krb5_write_message(context, (krb5_pointer) &sock, &msg); if (retval) { cl_short_wrt: com_err(""uu-server"", retval, ""writing message to client""); return 7; } krb5_free_data_contents(context, &msg); krb5_free_data_contents(context, &pname_data); krb5_free_cred_contents(context, &creds); krb5_free_creds(context, new_creds); krb5_cc_close(context, cc); krb5_auth_con_free(context, auth_context); krb5_free_context(context); return 0; }",visit repo url,src/appl/user_user/server.c,https://github.com/krb5/krb5,18115280459524,1 1279,[],"free_macro_sequence (void) { free_pattern_buffer (¯o_sequence_buf, ¯o_sequence_regs); }",m4,,,118102376482329433422009977922130563107,0 1811,[],"void rt_mutex_setprio(struct task_struct *p, int prio) { unsigned long flags; int oldprio, on_rq, running; struct rq *rq; const struct sched_class *prev_class = p->sched_class; BUG_ON(prio < 0 || prio > MAX_PRIO); rq = task_rq_lock(p, &flags); update_rq_clock(rq); oldprio = p->prio; on_rq = p->se.on_rq; running = task_current(rq, p); if (on_rq) dequeue_task(rq, p, 0); if (running) p->sched_class->put_prev_task(rq, p); if (rt_prio(prio)) p->sched_class = &rt_sched_class; else p->sched_class = &fair_sched_class; p->prio = prio; if (running) p->sched_class->set_curr_task(rq); if (on_rq) { enqueue_task(rq, p, 0); check_class_changed(rq, p, prev_class, oldprio, running); } task_rq_unlock(rq, &flags); }",linux-2.6,,,250537123670097136260176065235774400897,0 3720,CWE-862,"wsemul_vt100_output_dcs(struct wsemul_vt100_emuldata *edp, struct wsemul_inputstate *instate) { u_int newstate = VT100_EMUL_STATE_DCS; switch (instate->inchar) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': if (edp->nargs > VT100_EMUL_NARGS - 1) break; edp->args[edp->nargs] = (edp->args[edp->nargs] * 10) + (instate->inchar - '0'); break; case ';': edp->nargs++; break; default: edp->nargs++; if (edp->nargs > VT100_EMUL_NARGS) { #ifdef VT100_DEBUG printf(""vt100: too many arguments\n""); #endif edp->nargs = VT100_EMUL_NARGS; } newstate = VT100_EMUL_STATE_STRING; switch (instate->inchar) { case '$': newstate = VT100_EMUL_STATE_DCS_DOLLAR; break; case '{': case '!': case '|': #ifdef VT100_PRINTNOTIMPL printf(""DCS%c ignored\n"", (char)instate->inchar); #endif break; default: #ifdef VT100_PRINTUNKNOWN printf(""DCS %x (%d, %d) unknown\n"", instate->inchar, ARG(0), ARG(1)); #endif break; } } edp->state = newstate; return 0; }",visit repo url,sys/dev/wscons/wsemul_vt100.c,https://github.com/openbsd/src,214112589275289,1 4517,['CWE-20'],"static void dx_sort_map (struct dx_map_entry *map, unsigned count) { struct dx_map_entry *p, *q, *top = map + count - 1; int more; while (count > 2) { count = count*10/13; if (count - 9 < 2) count = 11; for (p = top, q = p - count; q >= map; p--, q--) if (p->hash < q->hash) swap(*p, *q); } do { more = 0; q = top; while (q-- > map) { if (q[1].hash >= q[0].hash) continue; swap(*(q+1), *q); more = 1; } } while(more); }",linux-2.6,,,71032594571658367755270689133217328608,0 230,CWE-285,"int ocfs2_set_acl(handle_t *handle, struct inode *inode, struct buffer_head *di_bh, int type, struct posix_acl *acl, struct ocfs2_alloc_context *meta_ac, struct ocfs2_alloc_context *data_ac) { int name_index; void *value = NULL; size_t size = 0; int ret; if (S_ISLNK(inode->i_mode)) return -EOPNOTSUPP; switch (type) { case ACL_TYPE_ACCESS: name_index = OCFS2_XATTR_INDEX_POSIX_ACL_ACCESS; if (acl) { umode_t mode = inode->i_mode; ret = posix_acl_equiv_mode(acl, &mode); if (ret < 0) return ret; if (ret == 0) acl = NULL; ret = ocfs2_acl_set_mode(inode, di_bh, handle, mode); if (ret) return ret; } break; case ACL_TYPE_DEFAULT: name_index = OCFS2_XATTR_INDEX_POSIX_ACL_DEFAULT; if (!S_ISDIR(inode->i_mode)) return acl ? -EACCES : 0; break; default: return -EINVAL; } if (acl) { value = ocfs2_acl_to_xattr(acl, &size); if (IS_ERR(value)) return (int)PTR_ERR(value); } if (handle) ret = ocfs2_xattr_set_handle(handle, inode, di_bh, name_index, """", value, size, 0, meta_ac, data_ac); else ret = ocfs2_xattr_set(inode, name_index, """", value, size, 0); kfree(value); return ret; }",visit repo url,fs/ocfs2/acl.c,https://github.com/torvalds/linux,200133233638962,1 3982,['CWE-362'],"static struct audit_watch *audit_dupe_watch(struct audit_watch *old) { char *path; struct audit_watch *new; path = kstrdup(old->path, GFP_KERNEL); if (unlikely(!path)) return ERR_PTR(-ENOMEM); new = audit_init_watch(path); if (IS_ERR(new)) { kfree(path); goto out; } new->dev = old->dev; new->ino = old->ino; get_inotify_watch(&old->parent->wdata); new->parent = old->parent; out: return new; }",linux-2.6,,,47132802482461361791342953379434807619,0 2990,['CWE-189'],"void jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, int xstart, int ystart, int xend, int yend) { jas_matrix_bindsub(s, s1, ystart - s1->ystart_, xstart - s1->xstart_, yend - s1->ystart_ - 1, xend - s1->xstart_ - 1); }",jasper,,,276706997671514379104677527467653432622,0 118,CWE-22,"static int target_xcopy_locate_se_dev_e4(const unsigned char *dev_wwn, struct se_device **found_dev) { struct xcopy_dev_search_info info; int ret; memset(&info, 0, sizeof(info)); info.dev_wwn = dev_wwn; ret = target_for_each_device(target_xcopy_locate_se_dev_e4_iter, &info); if (ret == 1) { *found_dev = info.found_dev; return 0; } else { pr_debug_ratelimited(""Unable to locate 0xe4 descriptor for EXTENDED_COPY\n""); return -EINVAL; } }",visit repo url,drivers/target/target_core_xcopy.c,https://github.com/torvalds/linux,18826525847537,1 4551,['CWE-20'],"static int ext4_link(struct dentry *old_dentry, struct inode *dir, struct dentry *dentry) { handle_t *handle; struct inode *inode = old_dentry->d_inode; int err, retries = 0; if (EXT4_DIR_LINK_MAX(inode)) return -EMLINK; if (inode->i_nlink == 0) return -ENOENT; retry: handle = ext4_journal_start(dir, EXT4_DATA_TRANS_BLOCKS(dir->i_sb) + EXT4_INDEX_EXTRA_TRANS_BLOCKS); if (IS_ERR(handle)) return PTR_ERR(handle); if (IS_DIRSYNC(dir)) ext4_handle_sync(handle); inode->i_ctime = ext4_current_time(inode); ext4_inc_count(handle, inode); atomic_inc(&inode->i_count); err = ext4_add_entry(handle, dentry, inode); if (!err) { ext4_mark_inode_dirty(handle, inode); d_instantiate(dentry, inode); } else { drop_nlink(inode); iput(inode); } ext4_journal_stop(handle); if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries)) goto retry; return err; }",linux-2.6,,,281273166805514610223976679304831938962,0 3321,CWE-119,"psf_asciiheader_printf (SF_PRIVATE *psf, const char *format, ...) { va_list argptr ; int maxlen ; char *start ; maxlen = strlen ((char*) psf->header) ; start = ((char*) psf->header) + maxlen ; maxlen = sizeof (psf->header) - maxlen ; va_start (argptr, format) ; vsnprintf (start, maxlen, format, argptr) ; va_end (argptr) ; start [maxlen - 1] = 0 ; psf->headindex = strlen ((char*) psf->header) ; return ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,23277068529009,1 1200,CWE-400,"asmlinkage void kernel_unaligned_trap(struct pt_regs *regs, unsigned int insn) { enum direction dir = decode_direction(insn); int size = decode_access_size(regs, insn); int orig_asi, asi; current_thread_info()->kern_una_regs = regs; current_thread_info()->kern_una_insn = insn; orig_asi = asi = decode_asi(insn, regs); if (asi == ASI_AIUS) { kernel_mna_trap_fault(0); return; } log_unaligned(regs); if (!ok_for_kernel(insn) || dir == both) { printk(""Unsupported unaligned load/store trap for kernel "" ""at <%016lx>.\n"", regs->tpc); unaligned_panic(""Kernel does fpu/atomic "" ""unaligned load/store."", regs); kernel_mna_trap_fault(0); } else { unsigned long addr, *reg_addr; int err; addr = compute_effective_address(regs, insn, ((insn >> 25) & 0x1f)); perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, 0, regs, addr); switch (asi) { case ASI_NL: case ASI_AIUPL: case ASI_AIUSL: case ASI_PL: case ASI_SL: case ASI_PNFL: case ASI_SNFL: asi &= ~0x08; break; } switch (dir) { case load: reg_addr = fetch_reg_addr(((insn>>25)&0x1f), regs); err = do_int_load(reg_addr, size, (unsigned long *) addr, decode_signedness(insn), asi); if (likely(!err) && unlikely(asi != orig_asi)) { unsigned long val_in = *reg_addr; switch (size) { case 2: val_in = swab16(val_in); break; case 4: val_in = swab32(val_in); break; case 8: val_in = swab64(val_in); break; case 16: default: BUG(); break; } *reg_addr = val_in; } break; case store: err = do_int_store(((insn>>25)&0x1f), size, (unsigned long *) addr, regs, asi, orig_asi); break; default: panic(""Impossible kernel unaligned trap.""); } if (unlikely(err)) kernel_mna_trap_fault(1); else advance(regs); } }",visit repo url,arch/sparc/kernel/unaligned_64.c,https://github.com/torvalds/linux,237106507506320,1 3658,['CWE-287'],"int sctp_assoc_lookup_laddr(struct sctp_association *asoc, const union sctp_addr *laddr) { int found = 0; if ((asoc->base.bind_addr.port == ntohs(laddr->v4.sin_port)) && sctp_bind_addr_match(&asoc->base.bind_addr, laddr, sctp_sk(asoc->base.sk))) found = 1; return found; }",linux-2.6,,,20728307152866225005870169658112865437,0 2006,['CWE-269'],"struct vfsmount *lookup_mnt(struct vfsmount *mnt, struct dentry *dentry) { struct vfsmount *child_mnt; spin_lock(&vfsmount_lock); if ((child_mnt = __lookup_mnt(mnt, dentry, 1))) mntget(child_mnt); spin_unlock(&vfsmount_lock); return child_mnt; }",linux-2.6,,,294991699731347651423886561120524096294,0 2313,CWE-20,"decode_entities(pTHX_ SV* sv, HV* entity2char, bool expand_prefix) { STRLEN len; char *s = SvPV_force(sv, len); char *t = s; char *end = s + len; char *ent_start; char *repl; STRLEN repl_len; #ifdef UNICODE_HTML_PARSER char buf[UTF8_MAXLEN]; int repl_utf8; int high_surrogate = 0; #else char buf[1]; #endif #if defined(__GNUC__) && defined(UNICODE_HTML_PARSER) repl_utf8 = 0; #endif while (s < end) { assert(t <= s); if ((*t++ = *s++) != '&') continue; ent_start = s; repl = 0; if (*s == '#') { UV num = 0; UV prev = 0; int ok = 0; s++; if (*s == 'x' || *s == 'X') { s++; while (*s) { char *tmp = strchr(PL_hexdigit, *s); if (!tmp) break; num = num << 4 | ((tmp - PL_hexdigit) & 15); if (prev && num <= prev) { ok = 0; break; } prev = num; s++; ok = 1; } } else { while (isDIGIT(*s)) { num = num * 10 + (*s - '0'); if (prev && num < prev) { ok = 0; break; } prev = num; s++; ok = 1; } } if (ok) { #ifdef UNICODE_HTML_PARSER if (!SvUTF8(sv) && num <= 255) { buf[0] = (char) num; repl = buf; repl_len = 1; repl_utf8 = 0; } else { char *tmp; if ((num & 0xFFFFFC00) == 0xDC00) { if (high_surrogate != 0) { t -= 3; num = ((high_surrogate - 0xD800) << 10) + (num - 0xDC00) + 0x10000; high_surrogate = 0; } else { num = 0xFFFD; } } else if ((num & 0xFFFFFC00) == 0xD800) { high_surrogate = num; num = 0xFFFD; } else { high_surrogate = 0; if ((num >= 0xFDD0 && num <= 0xFDEF) || ((num & 0xFFFE) == 0xFFFE) || num > 0x10FFFF) { num = 0xFFFD; } } tmp = (char*)uvuni_to_utf8((U8*)buf, num); repl = buf; repl_len = tmp - buf; repl_utf8 = 1; } #else if (num <= 255) { buf[0] = (char) num & 0xFF; repl = buf; repl_len = 1; } #endif } } else { char *ent_name = s; while (isALNUM(*s)) s++; if (ent_name != s && entity2char) { SV** svp; if ( (svp = hv_fetch(entity2char, ent_name, s - ent_name, 0)) || (*s == ';' && (svp = hv_fetch(entity2char, ent_name, s - ent_name + 1, 0))) ) { repl = SvPV(*svp, repl_len); #ifdef UNICODE_HTML_PARSER repl_utf8 = SvUTF8(*svp); #endif } else if (expand_prefix) { char *ss = s - 1; while (ss > ent_name) { svp = hv_fetch(entity2char, ent_name, ss - ent_name, 0); if (svp) { repl = SvPV(*svp, repl_len); #ifdef UNICODE_HTML_PARSER repl_utf8 = SvUTF8(*svp); #endif s = ss; break; } ss--; } } } #ifdef UNICODE_HTML_PARSER high_surrogate = 0; #endif } if (repl) { char *repl_allocated = 0; if (*s == ';') s++; t--; #ifdef UNICODE_HTML_PARSER if (*s != '&') { high_surrogate = 0; } if (!SvUTF8(sv) && repl_utf8) { STRLEN before_gap_len = t - SvPVX(sv); char *before_gap = (char*)bytes_to_utf8((U8*)SvPVX(sv), &before_gap_len); STRLEN after_gap_len = end - s; char *after_gap = (char*)bytes_to_utf8((U8*)s, &after_gap_len); sv_setpvn(sv, before_gap, before_gap_len); sv_catpvn(sv, after_gap, after_gap_len); SvUTF8_on(sv); Safefree(before_gap); Safefree(after_gap); s = t = SvPVX(sv) + before_gap_len; end = SvPVX(sv) + before_gap_len + after_gap_len; } else if (SvUTF8(sv) && !repl_utf8) { repl = (char*)bytes_to_utf8((U8*)repl, &repl_len); repl_allocated = repl; } #endif if (t + repl_len > s) { grow_gap(aTHX_ sv, repl_len - (s - t), &t, &s, &end); } while (repl_len--) *t++ = *repl++; if (repl_allocated) Safefree(repl_allocated); } else { while (ent_start < s) *t++ = *ent_start++; } } *t = '\0'; SvCUR_set(sv, t - SvPVX(sv)); return sv; }",visit repo url,util.c,https://github.com/gisle/html-parser,275452077892971,1 6737,CWE-79,"void SetClipboardText(const char *text) { #if defined(PLATFORM_DESKTOP) glfwSetClipboardString(CORE.Window.handle, text); #endif #if defined(PLATFORM_WEB) emscripten_run_script(TextFormat(""navigator.clipboard.writeText('%s')"", text)); #endif }",visit repo url,src/rcore.c,https://github.com/raysan5/raylib,122416287293449,1 2583,[],"int cmd_grep(int argc, const char **argv, const char *prefix) { int hit = 0; int cached = 0; int seen_dashdash = 0; struct grep_opt opt; struct object_array list = { 0, 0, NULL }; const char **paths = NULL; int i; memset(&opt, 0, sizeof(opt)); opt.prefix_length = (prefix && *prefix) ? strlen(prefix) : 0; opt.relative = 1; opt.pathname = 1; opt.pattern_tail = &opt.pattern_list; opt.regflags = REG_NEWLINE; while (1 < argc) { const char *arg = argv[1]; argc--; argv++; if (!strcmp(""--cached"", arg)) { cached = 1; continue; } if (!strcmp(""-a"", arg) || !strcmp(""--text"", arg)) { opt.binary = GREP_BINARY_TEXT; continue; } if (!strcmp(""-i"", arg) || !strcmp(""--ignore-case"", arg)) { opt.regflags |= REG_ICASE; continue; } if (!strcmp(""-I"", arg)) { opt.binary = GREP_BINARY_NOMATCH; continue; } if (!strcmp(""-v"", arg) || !strcmp(""--invert-match"", arg)) { opt.invert = 1; continue; } if (!strcmp(""-E"", arg) || !strcmp(""--extended-regexp"", arg)) { opt.regflags |= REG_EXTENDED; continue; } if (!strcmp(""-F"", arg) || !strcmp(""--fixed-strings"", arg)) { opt.fixed = 1; continue; } if (!strcmp(""-G"", arg) || !strcmp(""--basic-regexp"", arg)) { opt.regflags &= ~REG_EXTENDED; continue; } if (!strcmp(""-n"", arg)) { opt.linenum = 1; continue; } if (!strcmp(""-h"", arg)) { opt.pathname = 0; continue; } if (!strcmp(""-H"", arg)) { opt.pathname = 1; continue; } if (!strcmp(""-l"", arg) || !strcmp(""--name-only"", arg) || !strcmp(""--files-with-matches"", arg)) { opt.name_only = 1; continue; } if (!strcmp(""-L"", arg) || !strcmp(""--files-without-match"", arg)) { opt.unmatch_name_only = 1; continue; } if (!strcmp(""-c"", arg) || !strcmp(""--count"", arg)) { opt.count = 1; continue; } if (!strcmp(""-w"", arg) || !strcmp(""--word-regexp"", arg)) { opt.word_regexp = 1; continue; } if (!prefixcmp(arg, ""-A"") || !prefixcmp(arg, ""-B"") || !prefixcmp(arg, ""-C"") || (arg[0] == '-' && '1' <= arg[1] && arg[1] <= '9')) { unsigned num; const char *scan; switch (arg[1]) { case 'A': case 'B': case 'C': if (!arg[2]) { if (argc <= 1) die(emsg_missing_context_len); scan = *++argv; argc--; } else scan = arg + 2; break; default: scan = arg + 1; break; } if (strtoul_ui(scan, 10, &num)) die(emsg_invalid_context_len, scan); switch (arg[1]) { case 'A': opt.post_context = num; break; default: case 'C': opt.post_context = num; case 'B': opt.pre_context = num; break; } continue; } if (!strcmp(""-f"", arg)) { FILE *patterns; int lno = 0; char buf[1024]; if (argc <= 1) die(emsg_missing_argument, arg); patterns = fopen(argv[1], ""r""); if (!patterns) die(""'%s': %s"", argv[1], strerror(errno)); while (fgets(buf, sizeof(buf), patterns)) { int len = strlen(buf); if (len && buf[len-1] == '\n') buf[len-1] = 0; if (!buf[0]) continue; append_grep_pattern(&opt, xstrdup(buf), argv[1], ++lno, GREP_PATTERN); } fclose(patterns); argv++; argc--; continue; } if (!strcmp(""--not"", arg)) { append_grep_pattern(&opt, arg, ""command line"", 0, GREP_NOT); continue; } if (!strcmp(""--and"", arg)) { append_grep_pattern(&opt, arg, ""command line"", 0, GREP_AND); continue; } if (!strcmp(""--or"", arg)) continue; if (!strcmp(""("", arg)) { append_grep_pattern(&opt, arg, ""command line"", 0, GREP_OPEN_PAREN); continue; } if (!strcmp("")"", arg)) { append_grep_pattern(&opt, arg, ""command line"", 0, GREP_CLOSE_PAREN); continue; } if (!strcmp(""--all-match"", arg)) { opt.all_match = 1; continue; } if (!strcmp(""-e"", arg)) { if (1 < argc) { append_grep_pattern(&opt, argv[1], ""-e option"", 0, GREP_PATTERN); argv++; argc--; continue; } die(emsg_missing_argument, arg); } if (!strcmp(""--full-name"", arg)) { opt.relative = 0; continue; } if (!strcmp(""--"", arg)) { argv--; argc++; break; } if (*arg == '-') usage(builtin_grep_usage); if (!opt.pattern_list) { append_grep_pattern(&opt, arg, ""command line"", 0, GREP_PATTERN); break; } else { argc++; argv--; break; } } if (!opt.pattern_list) die(""no pattern given.""); if ((opt.regflags != REG_NEWLINE) && opt.fixed) die(""cannot mix --fixed-strings and regexp""); compile_grep_patterns(&opt); for (i = 1; i < argc; i++) { const char *arg = argv[i]; unsigned char sha1[20]; if (!get_sha1(arg, sha1)) { struct object *object = parse_object(sha1); if (!object) die(""bad object %s"", arg); add_object_array(object, arg, &list); continue; } if (!strcmp(arg, ""--"")) { i++; seen_dashdash = 1; } break; } if (!seen_dashdash) { int j; for (j = i; j < argc; j++) verify_filename(prefix, argv[j]); } if (i < argc) { paths = get_pathspec(prefix, argv + i); if (opt.prefix_length && opt.relative) { for (i = 0; paths[i]; i++) if (strncmp(prefix, paths[i], opt.prefix_length)) die(""git-grep: cannot generate relative filenames containing '..'""); } } else if (prefix) { paths = xcalloc(2, sizeof(const char *)); paths[0] = prefix; paths[1] = NULL; } if (!list.nr) return !grep_cache(&opt, paths, cached); if (cached) die(""both --cached and trees are given.""); for (i = 0; i < list.nr; i++) { struct object *real_obj; real_obj = deref_tag(list.objects[i].item, NULL, 0); if (grep_object(&opt, paths, real_obj, list.objects[i].name)) hit = 1; } free_grep_patterns(&opt); return !hit; }",git,,,156117168430009164673737231560440741507,0 3637,['CWE-287'],"int sctp_cmp_addr_exact(const union sctp_addr *ss1, const union sctp_addr *ss2) { struct sctp_af *af; af = sctp_get_af_specific(ss1->sa.sa_family); if (unlikely(!af)) return 0; return af->cmp_addr(ss1, ss2); }",linux-2.6,,,209342827272940232994175337078592315160,0 388,CWE-129,"nfsd4_layout_verify(struct svc_export *exp, unsigned int layout_type) { if (!exp->ex_layout_types) { dprintk(""%s: export does not support pNFS\n"", __func__); return NULL; } if (!(exp->ex_layout_types & (1 << layout_type))) { dprintk(""%s: layout type %d not supported\n"", __func__, layout_type); return NULL; } return nfsd4_layout_ops[layout_type]; }",visit repo url,fs/nfsd/nfs4proc.c,https://github.com/torvalds/linux,97246906075410,1 335,['CWE-20'],"asmlinkage void syscall_trace_enter(struct pt_regs *regs) { secure_computing(regs->orig_rax); if (test_thread_flag(TIF_SYSCALL_TRACE) && (current->ptrace & PT_PTRACED)) syscall_trace(regs); if (unlikely(current->audit_context)) { if (test_thread_flag(TIF_IA32)) { audit_syscall_entry(AUDIT_ARCH_I386, regs->orig_rax, regs->rbx, regs->rcx, regs->rdx, regs->rsi); } else { audit_syscall_entry(AUDIT_ARCH_X86_64, regs->orig_rax, regs->rdi, regs->rsi, regs->rdx, regs->r10); } } }",linux-2.6,,,318827546287590772119467626799153440555,0 4065,CWE-119,"static RList *relocs(RBinFile *arch) { struct r_bin_bflt_obj *obj = (struct r_bin_bflt_obj*)arch->o->bin_obj; RList *list = r_list_newf ((RListFree)free); int i, len, n_got, amount; if (!list || !obj) { r_list_free (list); return NULL; } if (obj->hdr->flags & FLAT_FLAG_GOTPIC) { n_got = get_ngot_entries (obj); if (n_got) { amount = n_got * sizeof (ut32); if (amount < n_got || amount > UT32_MAX) { goto out_error; } struct reloc_struct_t *got_table = calloc (1, n_got * sizeof (ut32)); if (got_table) { ut32 offset = 0; for (i = 0; i < n_got ; offset += 4, i++) { ut32 got_entry; if (obj->hdr->data_start + offset + 4 > obj->size || obj->hdr->data_start + offset + 4 < offset) { break; } len = r_buf_read_at (obj->b, obj->hdr->data_start + offset, (ut8 *)&got_entry, sizeof (ut32)); if (!VALID_GOT_ENTRY (got_entry) || len != sizeof (ut32)) { break; } got_table[i].addr_to_patch = got_entry; got_table[i].data_offset = got_entry + BFLT_HDR_SIZE; } obj->n_got = n_got; obj->got_table = got_table; } } } if (obj->hdr->reloc_count > 0) { int n_reloc = obj->hdr->reloc_count; amount = n_reloc * sizeof (struct reloc_struct_t); if (amount < n_reloc || amount > UT32_MAX) { goto out_error; } struct reloc_struct_t *reloc_table = calloc (1, amount + 1); if (!reloc_table) { goto out_error; } amount = n_reloc * sizeof (ut32); if (amount < n_reloc || amount > UT32_MAX) { free (reloc_table); goto out_error; } ut32 *reloc_pointer_table = calloc (1, amount + 1); if (!reloc_pointer_table) { free (reloc_table); goto out_error; } if (obj->hdr->reloc_start + amount > obj->size || obj->hdr->reloc_start + amount < amount) { free (reloc_table); free (reloc_pointer_table); goto out_error; } len = r_buf_read_at (obj->b, obj->hdr->reloc_start, (ut8 *)reloc_pointer_table, amount); if (len != amount) { free (reloc_table); free (reloc_pointer_table); goto out_error; } for (i = 0; i < obj->hdr->reloc_count; i++) { ut32 reloc_offset = r_swap_ut32 (reloc_pointer_table[i]) + BFLT_HDR_SIZE; if (reloc_offset < obj->hdr->bss_end && reloc_offset < obj->size) { ut32 reloc_fixed, reloc_data_offset; if (reloc_offset + sizeof (ut32) > obj->size || reloc_offset + sizeof (ut32) < reloc_offset) { free (reloc_table); free (reloc_pointer_table); goto out_error; } len = r_buf_read_at (obj->b, reloc_offset, (ut8 *)&reloc_fixed, sizeof (ut32)); if (len != sizeof (ut32)) { eprintf (""problem while reading relocation entries\n""); free (reloc_table); free (reloc_pointer_table); goto out_error; } reloc_data_offset = r_swap_ut32 (reloc_fixed) + BFLT_HDR_SIZE; reloc_table[i].addr_to_patch = reloc_offset; reloc_table[i].data_offset = reloc_data_offset; RBinReloc *reloc = R_NEW0 (RBinReloc); if (reloc) { reloc->type = R_BIN_RELOC_32; reloc->paddr = reloc_table[i].addr_to_patch; reloc->vaddr = reloc->paddr; r_list_append (list, reloc); } } } free (reloc_pointer_table); obj->reloc_table = reloc_table; } return list; out_error: r_list_free (list); return NULL; }",visit repo url,libr/bin/p/bin_bflt.c,https://github.com/radare/radare2,227797018742007,1 4906,CWE-787,"test_function (char * (*my_asnprintf) (char *, size_t *, const char *, ...)) { char buf[8]; int size; for (size = 0; size <= 8; size++) { size_t length = size; char *result = my_asnprintf (NULL, &length, ""%d"", 12345); ASSERT (result != NULL); ASSERT (strcmp (result, ""12345"") == 0); ASSERT (length == 5); free (result); } for (size = 0; size <= 8; size++) { size_t length; char *result; memcpy (buf, ""DEADBEEF"", 8); length = size; result = my_asnprintf (buf, &length, ""%d"", 12345); ASSERT (result != NULL); ASSERT (strcmp (result, ""12345"") == 0); ASSERT (length == 5); if (size < 6) ASSERT (result != buf); ASSERT (memcmp (buf + size, &""DEADBEEF""[size], 8 - size) == 0); if (result != buf) free (result); } }",visit repo url,tests/test-vasnprintf.c,https://github.com/coreutils/gnulib,198946698772452,1 5950,['CWE-909'],"struct qdisc_rate_table *qdisc_get_rtab(struct tc_ratespec *r, struct nlattr *tab) { struct qdisc_rate_table *rtab; for (rtab = qdisc_rtab_list; rtab; rtab = rtab->next) { if (memcmp(&rtab->rate, r, sizeof(struct tc_ratespec)) == 0) { rtab->refcnt++; return rtab; } } if (tab == NULL || r->rate == 0 || r->cell_log == 0 || nla_len(tab) != TC_RTAB_SIZE) return NULL; rtab = kmalloc(sizeof(*rtab), GFP_KERNEL); if (rtab) { rtab->rate = *r; rtab->refcnt = 1; memcpy(rtab->data, nla_data(tab), 1024); rtab->next = qdisc_rtab_list; qdisc_rtab_list = rtab; } return rtab; }",linux-2.6,,,115780807345327391781977248614195714393,0 6681,['CWE-200'],"dialog_response_cb (GtkDialog *dialog, guint response, gpointer user_data) { gtk_widget_hide (GTK_WIDGET (dialog)); }",network-manager-applet,,,17439757538264141762391039957918756860,0 93,['CWE-787'],"static uint32_t cirrus_linear_readw(void *opaque, target_phys_addr_t addr) { uint32_t v; #ifdef TARGET_WORDS_BIGENDIAN v = cirrus_linear_readb(opaque, addr) << 8; v |= cirrus_linear_readb(opaque, addr + 1); #else v = cirrus_linear_readb(opaque, addr); v |= cirrus_linear_readb(opaque, addr + 1) << 8; #endif return v; }",qemu,,,141937641423140398006396310432783679323,0 4912,['CWE-20'],"int nfs_is_exclusive_create(struct inode *dir, struct nameidata *nd) { if (NFS_PROTO(dir)->version == 2) return 0; if (nd == NULL || nfs_lookup_check_intent(nd, LOOKUP_CREATE) == 0) return 0; return (nd->intent.open.flags & O_EXCL) != 0; }",linux-2.6,,,175733332028256164769054180106208449392,0 5962,['CWE-200'],"cbq_enqueue(struct sk_buff *skb, struct Qdisc *sch) { struct cbq_sched_data *q = qdisc_priv(sch); int len = skb->len; int ret; struct cbq_class *cl = cbq_classify(skb, sch, &ret); #ifdef CONFIG_NET_CLS_POLICE q->rx_class = cl; #endif if (cl == NULL) { if (ret == NET_XMIT_DROP) sch->qstats.drops++; kfree_skb(skb); return ret; } #ifdef CONFIG_NET_CLS_POLICE cl->q->__parent = sch; #endif if ((ret = cl->q->enqueue(skb, cl->q)) == NET_XMIT_SUCCESS) { sch->q.qlen++; sch->bstats.packets++; sch->bstats.bytes+=len; cbq_mark_toplevel(q, cl); if (!cl->next_alive) cbq_activate_class(cl); return ret; } sch->qstats.drops++; cbq_mark_toplevel(q, cl); cl->qstats.drops++; return ret; }",linux-2.6,,,54201957868029564234121389928809875495,0 5944,CWE-120,"static void TreeTest(Jsi_Interp* interp) { Jsi_Tree *st, *wt, *mt; Jsi_TreeEntry *hPtr, *hPtr2; bool isNew, i; Jsi_TreeSearch srch; struct tdata { int n; int m; } t1, t2; char nbuf[100]; wt = Jsi_TreeNew(interp, JSI_KEYS_ONEWORD, NULL); mt = Jsi_TreeNew(interp, sizeof(struct tdata), NULL); Jsi_TreeSet(wt, wt,(void*)0x88); Jsi_TreeSet(wt, mt,(void*)0x99); printf(""WT: %p\n"", Jsi_TreeGet(wt, mt)); printf(""WT2: %p\n"", Jsi_TreeGet(wt, wt)); Jsi_TreeDelete(wt); t1.n = 0; t1.m = 1; t2.n = 1; t2.m = 2; Jsi_TreeSet(mt, &t1,(void*)0x88); Jsi_TreeSet(mt, &t2,(void*)0x99); Jsi_TreeSet(mt, &t2,(void*)0x98); printf(""CT: %p\n"", Jsi_TreeGet(mt, &t1)); printf(""CT2: %p\n"", Jsi_TreeGet(mt, &t2)); Jsi_TreeDelete(mt); st = Jsi_TreeNew(interp, JSI_KEYS_STRING, NULL); hPtr = Jsi_TreeEntryNew(st, ""bob"", &isNew); Jsi_TreeValueSet(hPtr, (void*)99); Jsi_TreeSet(st, ""zoe"",(void*)77); hPtr2 = Jsi_TreeSet(st, ""ted"",(void*)55); Jsi_TreeSet(st, ""philip"",(void*)66); Jsi_TreeSet(st, ""alice"",(void*)77); puts(""SRCH""); for (hPtr=Jsi_TreeSearchFirst(st,&srch, JSI_TREE_ORDER_IN, NULL); hPtr; hPtr=Jsi_TreeSearchNext(&srch)) mycall(st, hPtr, NULL); Jsi_TreeSearchDone(&srch); puts(""IN""); Jsi_TreeWalk(st, mycall, NULL, JSI_TREE_ORDER_IN); puts(""PRE""); Jsi_TreeWalk(st, mycall, NULL, JSI_TREE_ORDER_PRE); puts(""POST""); Jsi_TreeWalk(st, mycall, NULL, JSI_TREE_ORDER_POST); puts(""LEVEL""); Jsi_TreeWalk(st, mycall, NULL, JSI_TREE_ORDER_LEVEL); Jsi_TreeEntryDelete(hPtr2); puts(""INDEL""); Jsi_TreeWalk(st, mycall, NULL, 0); for (i=0; i<1000; i++) { snprintf(nbuf, sizeof(nbuf), ""name%d"", i); Jsi_TreeSet(st, nbuf,(void*)i); } Jsi_TreeWalk(st, mycall, NULL, 0); for (i=0; i<1000; i++) { Jsi_TreeEntryDelete(st->root); } puts(""OK""); Jsi_TreeWalk(st, mycall, NULL, 0); Jsi_TreeDelete(st); }",visit repo url,src/jsiTree.c,https://github.com/pcmacdon/jsish,232454881407781,1 2382,CWE-129,"static int dwa_uncompress(EXRContext *s, const uint8_t *src, int compressed_size, int uncompressed_size, EXRThreadData *td) { int64_t version, lo_usize, lo_size; int64_t ac_size, dc_size, rle_usize, rle_csize, rle_raw_size; int64_t ac_count, dc_count, ac_compression; const int dc_w = td->xsize >> 3; const int dc_h = td->ysize >> 3; GetByteContext gb, agb; int skip, ret; if (compressed_size <= 88) return AVERROR_INVALIDDATA; version = AV_RL64(src + 0); if (version != 2) return AVERROR_INVALIDDATA; lo_usize = AV_RL64(src + 8); lo_size = AV_RL64(src + 16); ac_size = AV_RL64(src + 24); dc_size = AV_RL64(src + 32); rle_csize = AV_RL64(src + 40); rle_usize = AV_RL64(src + 48); rle_raw_size = AV_RL64(src + 56); ac_count = AV_RL64(src + 64); dc_count = AV_RL64(src + 72); ac_compression = AV_RL64(src + 80); if (compressed_size < 88LL + lo_size + ac_size + dc_size + rle_csize) return AVERROR_INVALIDDATA; bytestream2_init(&gb, src + 88, compressed_size - 88); skip = bytestream2_get_le16(&gb); if (skip < 2) return AVERROR_INVALIDDATA; bytestream2_skip(&gb, skip - 2); if (lo_size > 0) { if (lo_usize > uncompressed_size) return AVERROR_INVALIDDATA; bytestream2_skip(&gb, lo_size); } if (ac_size > 0) { unsigned long dest_len = ac_count * 2LL; GetByteContext agb = gb; if (ac_count > 3LL * td->xsize * s->scan_lines_per_block) return AVERROR_INVALIDDATA; av_fast_padded_malloc(&td->ac_data, &td->ac_size, dest_len); if (!td->ac_data) return AVERROR(ENOMEM); switch (ac_compression) { case 0: ret = huf_uncompress(s, td, &agb, (int16_t *)td->ac_data, ac_count); if (ret < 0) return ret; break; case 1: if (uncompress(td->ac_data, &dest_len, agb.buffer, ac_size) != Z_OK || dest_len != ac_count * 2LL) return AVERROR_INVALIDDATA; break; default: return AVERROR_INVALIDDATA; } bytestream2_skip(&gb, ac_size); } if (dc_size > 0) { unsigned long dest_len = dc_count * 2LL; GetByteContext agb = gb; if (dc_count > (6LL * td->xsize * td->ysize + 63) / 64) return AVERROR_INVALIDDATA; av_fast_padded_malloc(&td->dc_data, &td->dc_size, FFALIGN(dest_len, 64) * 2); if (!td->dc_data) return AVERROR(ENOMEM); if (uncompress(td->dc_data + FFALIGN(dest_len, 64), &dest_len, agb.buffer, dc_size) != Z_OK || (dest_len != dc_count * 2LL)) return AVERROR_INVALIDDATA; s->dsp.predictor(td->dc_data + FFALIGN(dest_len, 64), dest_len); s->dsp.reorder_pixels(td->dc_data, td->dc_data + FFALIGN(dest_len, 64), dest_len); bytestream2_skip(&gb, dc_size); } if (rle_raw_size > 0 && rle_csize > 0 && rle_usize > 0) { unsigned long dest_len = rle_usize; av_fast_padded_malloc(&td->rle_data, &td->rle_size, rle_usize); if (!td->rle_data) return AVERROR(ENOMEM); av_fast_padded_malloc(&td->rle_raw_data, &td->rle_raw_size, rle_raw_size); if (!td->rle_raw_data) return AVERROR(ENOMEM); if (uncompress(td->rle_data, &dest_len, gb.buffer, rle_csize) != Z_OK || (dest_len != rle_usize)) return AVERROR_INVALIDDATA; ret = rle(td->rle_raw_data, td->rle_data, rle_usize, rle_raw_size); if (ret < 0) return ret; bytestream2_skip(&gb, rle_csize); } bytestream2_init(&agb, td->ac_data, ac_count * 2); for (int y = 0; y < td->ysize; y += 8) { for (int x = 0; x < td->xsize; x += 8) { memset(td->block, 0, sizeof(td->block)); for (int j = 0; j < 3; j++) { float *block = td->block[j]; const int idx = (x >> 3) + (y >> 3) * dc_w + dc_w * dc_h * j; uint16_t *dc = (uint16_t *)td->dc_data; union av_intfloat32 dc_val; dc_val.i = half2float(dc[idx], s->mantissatable, s->exponenttable, s->offsettable); block[0] = dc_val.f; ac_uncompress(s, &agb, block); dct_inverse(block); } { const float scale = s->pixel_type == EXR_FLOAT ? 2.f : 1.f; const int o = s->nb_channels == 4; float *bo = ((float *)td->uncompressed_data) + y * td->xsize * s->nb_channels + td->xsize * (o + 0) + x; float *go = ((float *)td->uncompressed_data) + y * td->xsize * s->nb_channels + td->xsize * (o + 1) + x; float *ro = ((float *)td->uncompressed_data) + y * td->xsize * s->nb_channels + td->xsize * (o + 2) + x; float *yb = td->block[0]; float *ub = td->block[1]; float *vb = td->block[2]; for (int yy = 0; yy < 8; yy++) { for (int xx = 0; xx < 8; xx++) { const int idx = xx + yy * 8; convert(yb[idx], ub[idx], vb[idx], &bo[xx], &go[xx], &ro[xx]); bo[xx] = to_linear(bo[xx], scale); go[xx] = to_linear(go[xx], scale); ro[xx] = to_linear(ro[xx], scale); } bo += td->xsize * s->nb_channels; go += td->xsize * s->nb_channels; ro += td->xsize * s->nb_channels; } } } } if (s->nb_channels < 4) return 0; for (int y = 0; y < td->ysize && td->rle_raw_data; y++) { uint32_t *ao = ((uint32_t *)td->uncompressed_data) + y * td->xsize * s->nb_channels; uint8_t *ai0 = td->rle_raw_data + y * td->xsize; uint8_t *ai1 = td->rle_raw_data + y * td->xsize + rle_raw_size / 2; for (int x = 0; x < td->xsize; x++) { uint16_t ha = ai0[x] | (ai1[x] << 8); ao[x] = half2float(ha, s->mantissatable, s->exponenttable, s->offsettable); } } return 0; }",visit repo url,libavcodec/exr.c,https://github.com/FFmpeg/FFmpeg,172107921276143,1 794,['CWE-119'],"isdn_net_rmall(void) { u_long flags; int ret; spin_lock_irqsave(&dev->lock, flags); while (dev->netdev) { if (!dev->netdev->local->master) { spin_unlock_irqrestore(&dev->lock, flags); if ((ret = isdn_net_realrm(dev->netdev, NULL))) { return ret; } spin_lock_irqsave(&dev->lock, flags); } } dev->netdev = NULL; spin_unlock_irqrestore(&dev->lock, flags); return 0; }",linux-2.6,,,318219692541985720833899114156046449757,0 580,[],"static int bad_inode_permission(struct inode *inode, int mask, struct nameidata *nd) { return -EIO; }",linux-2.6,,,106833801578868892734582851943921060250,0 729,[],"int jpc_getuint16(jas_stream_t *in, uint_fast16_t *val) { uint_fast16_t v; int c; if ((c = jas_stream_getc(in)) == EOF) { return -1; } v = c; if ((c = jas_stream_getc(in)) == EOF) { return -1; } v = (v << 8) | c; if (val) { *val = v; } return 0; }",jasper,,,257475743460084356252905615891056623077,0 6261,['CWE-200'],"struct net_device *ipmr_new_tunnel(struct vifctl *v) { struct net_device *dev; dev = __dev_get_by_name(""tunl0""); if (dev) { int err; struct ifreq ifr; mm_segment_t oldfs; struct ip_tunnel_parm p; struct in_device *in_dev; memset(&p, 0, sizeof(p)); p.iph.daddr = v->vifc_rmt_addr.s_addr; p.iph.saddr = v->vifc_lcl_addr.s_addr; p.iph.version = 4; p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPIP; sprintf(p.name, ""dvmrp%d"", v->vifc_vifi); ifr.ifr_ifru.ifru_data = (void*)&p; oldfs = get_fs(); set_fs(KERNEL_DS); err = dev->do_ioctl(dev, &ifr, SIOCADDTUNNEL); set_fs(oldfs); dev = NULL; if (err == 0 && (dev = __dev_get_by_name(p.name)) != NULL) { dev->flags |= IFF_MULTICAST; in_dev = __in_dev_get(dev); if (in_dev == NULL && (in_dev = inetdev_init(dev)) == NULL) goto failure; in_dev->cnf.rp_filter = 0; if (dev_open(dev)) goto failure; } } return dev; failure: rtnl_unlock(); rtnl_lock(); unregister_netdevice(dev); return NULL; }",linux-2.6,,,35141320336207681005075600744227275192,0 4328,CWE-119,"void CLASS foveon_dp_load_raw() { unsigned c, roff[4], row, col, diff; ushort huff[512], vpred[2][2], hpred[2]; fseek (ifp, 8, SEEK_CUR); foveon_huff (huff); roff[0] = 48; FORC3 roff[c+1] = -(-(roff[c] + get4()) & -16); FORC3 { fseek (ifp, data_offset+roff[c], SEEK_SET); getbits(-1); vpred[0][0] = vpred[0][1] = vpred[1][0] = vpred[1][1] = 512; for (row=0; row < height; row++) { #ifdef LIBRAW_LIBRARY_BUILD checkCancel(); #endif for (col=0; col < width; col++) { diff = ljpeg_diff(huff); if (col < 2) hpred[col] = vpred[row & 1][col] += diff; else hpred[col & 1] += diff; image[row*width+col][c] = hpred[col & 1]; } } } }",visit repo url,dcraw_foveon.c,https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2,36944210174949,1 587,[],"static int bad_file_readdir(struct file *filp, void *dirent, filldir_t filldir) { return -EIO; }",linux-2.6,,,87196388231090448202699493098240583107,0 1236,[],"expand_user_macro (struct obstack *obs, symbol *sym, int argc, token_data **argv) { const char *text; int i; for (text = SYMBOL_TEXT (sym); *text != '\0';) { if (*text != '$') { obstack_1grow (obs, *text); text++; continue; } text++; switch (*text) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': if (no_gnu_extensions) { i = *text++ - '0'; } else { for (i = 0; isdigit (to_uchar (*text)); text++) i = i*10 + (*text - '0'); } if (i < argc) obstack_grow (obs, TOKEN_DATA_TEXT (argv[i]), strlen (TOKEN_DATA_TEXT (argv[i]))); break; case '#': shipout_int (obs, argc - 1); text++; break; case '*': case '@': dump_args (obs, argc, argv, "","", *text == '@'); text++; break; default: obstack_1grow (obs, '$'); break; } } }",m4,,,11267087302421953053127822231460145199,0 276,CWE-119,"smbhash(unsigned char *out, const unsigned char *in, unsigned char *key) { int rc; unsigned char key2[8]; struct crypto_skcipher *tfm_des; struct scatterlist sgin, sgout; struct skcipher_request *req; str_to_key(key, key2); tfm_des = crypto_alloc_skcipher(""ecb(des)"", 0, CRYPTO_ALG_ASYNC); if (IS_ERR(tfm_des)) { rc = PTR_ERR(tfm_des); cifs_dbg(VFS, ""could not allocate des crypto API\n""); goto smbhash_err; } req = skcipher_request_alloc(tfm_des, GFP_KERNEL); if (!req) { rc = -ENOMEM; cifs_dbg(VFS, ""could not allocate des crypto API\n""); goto smbhash_free_skcipher; } crypto_skcipher_setkey(tfm_des, key2, 8); sg_init_one(&sgin, in, 8); sg_init_one(&sgout, out, 8); skcipher_request_set_callback(req, 0, NULL, NULL); skcipher_request_set_crypt(req, &sgin, &sgout, 8, NULL); rc = crypto_skcipher_encrypt(req); if (rc) cifs_dbg(VFS, ""could not encrypt crypt key rc: %d\n"", rc); skcipher_request_free(req); smbhash_free_skcipher: crypto_free_skcipher(tfm_des); smbhash_err: return rc; }",visit repo url,fs/cifs/smbencrypt.c,https://github.com/torvalds/linux,96017914305966,1 2853,CWE-119,"horizontalDifference8(unsigned char *ip, int n, int stride, unsigned short *wp, uint16 *From8) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) (From8[(v)]) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; r1 = CLAMP(ip[3]); wp[3] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[4]); wp[4] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[5]); wp[5] = (uint16)((b1-b2) & mask); b2 = b1; wp += 3; ip += 3; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; r1 = CLAMP(ip[4]); wp[4] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[5]); wp[5] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[6]); wp[6] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[7]); wp[7] = (uint16)((a1-a2) & mask); a2 = a1; wp += 4; ip += 4; } } else { wp += n + stride - 1; ip += n + stride - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,90993586991407,1 3886,['CWE-119'],"static int lbs_scan_add_rates_tlv(uint8_t *tlv) { int i; struct mrvlietypes_ratesparamset *rate_tlv = (void *)tlv; rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES); tlv += sizeof(rate_tlv->header); for (i = 0; i < MAX_RATES; i++) { *tlv = lbs_bg_rates[i]; if (*tlv == 0) break; if (*tlv == 0x02 || *tlv == 0x04 || *tlv == 0x0b || *tlv == 0x16) *tlv |= 0x80; tlv++; } rate_tlv->header.len = cpu_to_le16(i); return sizeof(rate_tlv->header) + i; }",linux-2.6,,,180089427023854869290656126998610500549,0 5550,[],"unblock_all_signals(void) { unsigned long flags; spin_lock_irqsave(¤t->sighand->siglock, flags); current->notifier = NULL; current->notifier_data = NULL; recalc_sigpending(); spin_unlock_irqrestore(¤t->sighand->siglock, flags); }",linux-2.6,,,81360218022304994976747300974404474825,0 2862,['CWE-189'],"static int mem_resize(jas_stream_memobj_t *m, int bufsize) { unsigned char *buf; assert(m->buf_); if (!(buf = jas_realloc2(m->buf_, bufsize, sizeof(unsigned char)))) { return -1; } m->buf_ = buf; m->bufsize_ = bufsize; return 0; }",jasper,,,99846199313978784426412248714486213300,0 3259,CWE-125,"ikev1_t_print(netdissect_options *ndo, u_char tpay _U_, const struct isakmp_gen *ext, u_int item_len, const u_char *ep, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto, int depth _U_) { const struct ikev1_pl_t *p; struct ikev1_pl_t t; const u_char *cp; const char *idstr; const struct attrmap *map; size_t nmap; const u_char *ep2; ND_PRINT((ndo,""%s:"", NPSTR(ISAKMP_NPTYPE_T))); p = (const struct ikev1_pl_t *)ext; ND_TCHECK(*p); UNALIGNED_MEMCPY(&t, ext, sizeof(t)); switch (proto) { case 1: idstr = STR_OR_ID(t.t_id, ikev1_p_map); map = oakley_t_map; nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]); break; case 2: idstr = STR_OR_ID(t.t_id, ah_p_map); map = ipsec_t_map; nmap = sizeof(ipsec_t_map)/sizeof(ipsec_t_map[0]); break; case 3: idstr = STR_OR_ID(t.t_id, esp_p_map); map = ipsec_t_map; nmap = sizeof(ipsec_t_map)/sizeof(ipsec_t_map[0]); break; case 4: idstr = STR_OR_ID(t.t_id, ipcomp_p_map); map = ipsec_t_map; nmap = sizeof(ipsec_t_map)/sizeof(ipsec_t_map[0]); break; default: idstr = NULL; map = NULL; nmap = 0; break; } if (idstr) ND_PRINT((ndo,"" #%d id=%s "", t.t_no, idstr)); else ND_PRINT((ndo,"" #%d id=%d "", t.t_no, t.t_id)); cp = (const u_char *)(p + 1); ep2 = (const u_char *)p + item_len; while (cp < ep && cp < ep2) { if (map && nmap) { cp = ikev1_attrmap_print(ndo, cp, (ep < ep2) ? ep : ep2, map, nmap); } else cp = ikev1_attr_print(ndo, cp, (ep < ep2) ? ep : ep2); } if (ep < ep2) ND_PRINT((ndo,""..."")); return cp; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(ISAKMP_NPTYPE_T))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,80227599497545,1 6755,['CWE-310'],"nm_gconf_read_connection (GConfClient *client, const char *dir, GError **error) { ReadFromGConfInfo info; GSList *list; list = gconf_client_all_dirs (client, dir, error); if (!list) return NULL; memset (&info, 0, sizeof (info)); info.connection = nm_connection_new (); info.client = client; info.dir = dir; info.dir_len = strlen (dir); g_slist_foreach (list, read_one_setting, &info); g_slist_free (list); if (info.error) { if (error) *error = info.error; else { g_warning (""%s: (%s) error reading connection: (%d) %s"", __func__, info.dir, info.error->code, info.error->message); g_clear_error (&info.error); } if (info.connection) { g_object_unref (info.connection); info.connection = NULL; } } return info.connection; }",network-manager-applet,,,293503894349272420581556635492084538132,0 4958,['CWE-20'],"static void nfs_mark_client_ready(struct nfs_client *clp, int state) { clp->cl_cons_state = state; wake_up_all(&nfs_client_active_wq); }",linux-2.6,,,141576999425405625865790057098796459090,0 2381,NVD-CWE-Other,"static int decode_slice_header(H264Context *h, H264Context *h0) { unsigned int first_mb_in_slice; unsigned int pps_id; int ret; unsigned int slice_type, tmp, i, j; int last_pic_structure, last_pic_droppable; int must_reinit; int needs_reinit = 0; int field_pic_flag, bottom_field_flag; h->me.qpel_put = h->h264qpel.put_h264_qpel_pixels_tab; h->me.qpel_avg = h->h264qpel.avg_h264_qpel_pixels_tab; first_mb_in_slice = get_ue_golomb_long(&h->gb); if (first_mb_in_slice == 0) { if (h0->current_slice && FIELD_PICTURE(h)) { field_end(h, 1); } h0->current_slice = 0; if (!h0->first_field) { if (h->cur_pic_ptr && !h->droppable) { ff_thread_report_progress(&h->cur_pic_ptr->tf, INT_MAX, h->picture_structure == PICT_BOTTOM_FIELD); } h->cur_pic_ptr = NULL; } } slice_type = get_ue_golomb_31(&h->gb); if (slice_type > 9) { av_log(h->avctx, AV_LOG_ERROR, ""slice type too large (%d) at %d %d\n"", slice_type, h->mb_x, h->mb_y); return AVERROR_INVALIDDATA; } if (slice_type > 4) { slice_type -= 5; h->slice_type_fixed = 1; } else h->slice_type_fixed = 0; slice_type = golomb_to_pict_type[slice_type]; h->slice_type = slice_type; h->slice_type_nos = slice_type & 3; h->pict_type = h->slice_type; pps_id = get_ue_golomb(&h->gb); if (pps_id >= MAX_PPS_COUNT) { av_log(h->avctx, AV_LOG_ERROR, ""pps_id %d out of range\n"", pps_id); return AVERROR_INVALIDDATA; } if (!h0->pps_buffers[pps_id]) { av_log(h->avctx, AV_LOG_ERROR, ""non-existing PPS %u referenced\n"", pps_id); return AVERROR_INVALIDDATA; } h->pps = *h0->pps_buffers[pps_id]; if (!h0->sps_buffers[h->pps.sps_id]) { av_log(h->avctx, AV_LOG_ERROR, ""non-existing SPS %u referenced\n"", h->pps.sps_id); return AVERROR_INVALIDDATA; } if (h->pps.sps_id != h->current_sps_id || h0->sps_buffers[h->pps.sps_id]->new) { h0->sps_buffers[h->pps.sps_id]->new = 0; h->current_sps_id = h->pps.sps_id; h->sps = *h0->sps_buffers[h->pps.sps_id]; if (h->mb_width != h->sps.mb_width || h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) || h->avctx->bits_per_raw_sample != h->sps.bit_depth_luma || h->cur_chroma_format_idc != h->sps.chroma_format_idc ) needs_reinit = 1; if (h->bit_depth_luma != h->sps.bit_depth_luma || h->chroma_format_idc != h->sps.chroma_format_idc) { h->bit_depth_luma = h->sps.bit_depth_luma; h->chroma_format_idc = h->sps.chroma_format_idc; needs_reinit = 1; } if ((ret = h264_set_parameter_from_sps(h)) < 0) return ret; } h->avctx->profile = ff_h264_get_profile(&h->sps); h->avctx->level = h->sps.level_idc; h->avctx->refs = h->sps.ref_frame_count; must_reinit = (h->context_initialized && ( 16*h->sps.mb_width != h->avctx->coded_width || 16*h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) != h->avctx->coded_height || h->avctx->bits_per_raw_sample != h->sps.bit_depth_luma || h->cur_chroma_format_idc != h->sps.chroma_format_idc || av_cmp_q(h->sps.sar, h->avctx->sample_aspect_ratio) || h->mb_width != h->sps.mb_width || h->mb_height != h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag) )); if (h0->avctx->pix_fmt != get_pixel_format(h0, 0)) must_reinit = 1; h->mb_width = h->sps.mb_width; h->mb_height = h->sps.mb_height * (2 - h->sps.frame_mbs_only_flag); h->mb_num = h->mb_width * h->mb_height; h->mb_stride = h->mb_width + 1; h->b_stride = h->mb_width * 4; h->chroma_y_shift = h->sps.chroma_format_idc <= 1; h->width = 16 * h->mb_width; h->height = 16 * h->mb_height; ret = init_dimensions(h); if (ret < 0) return ret; if (h->sps.video_signal_type_present_flag) { h->avctx->color_range = h->sps.full_range>0 ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG; if (h->sps.colour_description_present_flag) { if (h->avctx->colorspace != h->sps.colorspace) needs_reinit = 1; h->avctx->color_primaries = h->sps.color_primaries; h->avctx->color_trc = h->sps.color_trc; h->avctx->colorspace = h->sps.colorspace; } } if (h->context_initialized && (h->width != h->avctx->coded_width || h->height != h->avctx->coded_height || must_reinit || needs_reinit)) { if (h != h0) { av_log(h->avctx, AV_LOG_ERROR, ""changing width/height on "" ""slice %d\n"", h0->current_slice + 1); return AVERROR_INVALIDDATA; } flush_change(h); if ((ret = get_pixel_format(h, 1)) < 0) return ret; h->avctx->pix_fmt = ret; av_log(h->avctx, AV_LOG_INFO, ""Reinit context to %dx%d, "" ""pix_fmt: %s\n"", h->width, h->height, av_get_pix_fmt_name(h->avctx->pix_fmt)); if ((ret = h264_slice_header_init(h, 1)) < 0) { av_log(h->avctx, AV_LOG_ERROR, ""h264_slice_header_init() failed\n""); return ret; } } if (!h->context_initialized) { if (h != h0) { av_log(h->avctx, AV_LOG_ERROR, ""Cannot (re-)initialize context during parallel decoding.\n""); return AVERROR_PATCHWELCOME; } if ((ret = get_pixel_format(h, 1)) < 0) return ret; h->avctx->pix_fmt = ret; if ((ret = h264_slice_header_init(h, 0)) < 0) { av_log(h->avctx, AV_LOG_ERROR, ""h264_slice_header_init() failed\n""); return ret; } } if (h == h0 && h->dequant_coeff_pps != pps_id) { h->dequant_coeff_pps = pps_id; init_dequant_tables(h); } h->frame_num = get_bits(&h->gb, h->sps.log2_max_frame_num); h->mb_mbaff = 0; h->mb_aff_frame = 0; last_pic_structure = h0->picture_structure; last_pic_droppable = h0->droppable; h->droppable = h->nal_ref_idc == 0; if (h->sps.frame_mbs_only_flag) { h->picture_structure = PICT_FRAME; } else { if (!h->sps.direct_8x8_inference_flag && slice_type == AV_PICTURE_TYPE_B) { av_log(h->avctx, AV_LOG_ERROR, ""This stream was generated by a broken encoder, invalid 8x8 inference\n""); return -1; } field_pic_flag = get_bits1(&h->gb); if (field_pic_flag) { bottom_field_flag = get_bits1(&h->gb); h->picture_structure = PICT_TOP_FIELD + bottom_field_flag; } else { h->picture_structure = PICT_FRAME; h->mb_aff_frame = h->sps.mb_aff; } } h->mb_field_decoding_flag = h->picture_structure != PICT_FRAME; if (h0->current_slice != 0) { if (last_pic_structure != h->picture_structure || last_pic_droppable != h->droppable) { av_log(h->avctx, AV_LOG_ERROR, ""Changing field mode (%d -> %d) between slices is not allowed\n"", last_pic_structure, h->picture_structure); h->picture_structure = last_pic_structure; h->droppable = last_pic_droppable; return AVERROR_INVALIDDATA; } else if (!h0->cur_pic_ptr) { av_log(h->avctx, AV_LOG_ERROR, ""unset cur_pic_ptr on %d. slice\n"", h0->current_slice + 1); return AVERROR_INVALIDDATA; } } else { if (h->frame_num != h->prev_frame_num && h->prev_frame_num >= 0) { int unwrap_prev_frame_num = h->prev_frame_num; int max_frame_num = 1 << h->sps.log2_max_frame_num; if (unwrap_prev_frame_num > h->frame_num) unwrap_prev_frame_num -= max_frame_num; if ((h->frame_num - unwrap_prev_frame_num) > h->sps.ref_frame_count) { unwrap_prev_frame_num = (h->frame_num - h->sps.ref_frame_count) - 1; if (unwrap_prev_frame_num < 0) unwrap_prev_frame_num += max_frame_num; h->prev_frame_num = unwrap_prev_frame_num; } } if (h0->first_field) { assert(h0->cur_pic_ptr); assert(h0->cur_pic_ptr->f.data[0]); assert(h0->cur_pic_ptr->reference != DELAYED_PIC_REF); if (!last_pic_droppable && h0->cur_pic_ptr->tf.owner == h0->avctx) { ff_thread_report_progress(&h0->cur_pic_ptr->tf, INT_MAX, last_pic_structure == PICT_BOTTOM_FIELD); } if (!FIELD_PICTURE(h) || h->picture_structure == last_pic_structure) { if (!last_pic_droppable && last_pic_structure != PICT_FRAME) { ff_thread_report_progress(&h0->cur_pic_ptr->tf, INT_MAX, last_pic_structure == PICT_TOP_FIELD); } } else { if (h0->cur_pic_ptr->frame_num != h->frame_num) { if (!last_pic_droppable && last_pic_structure != PICT_FRAME) { ff_thread_report_progress(&h0->cur_pic_ptr->tf, INT_MAX, last_pic_structure == PICT_TOP_FIELD); } } else { if (!((last_pic_structure == PICT_TOP_FIELD && h->picture_structure == PICT_BOTTOM_FIELD) || (last_pic_structure == PICT_BOTTOM_FIELD && h->picture_structure == PICT_TOP_FIELD))) { av_log(h->avctx, AV_LOG_ERROR, ""Invalid field mode combination %d/%d\n"", last_pic_structure, h->picture_structure); h->picture_structure = last_pic_structure; h->droppable = last_pic_droppable; return AVERROR_INVALIDDATA; } else if (last_pic_droppable != h->droppable) { avpriv_request_sample(h->avctx, ""Found reference and non-reference fields in the same frame, which""); h->picture_structure = last_pic_structure; h->droppable = last_pic_droppable; return AVERROR_PATCHWELCOME; } } } } while (h->frame_num != h->prev_frame_num && h->prev_frame_num >= 0 && !h0->first_field && h->frame_num != (h->prev_frame_num + 1) % (1 << h->sps.log2_max_frame_num)) { Picture *prev = h->short_ref_count ? h->short_ref[0] : NULL; av_log(h->avctx, AV_LOG_DEBUG, ""Frame num gap %d %d\n"", h->frame_num, h->prev_frame_num); if (!h->sps.gaps_in_frame_num_allowed_flag) for(i=0; ilast_pocs); i++) h->last_pocs[i] = INT_MIN; ret = h264_frame_start(h); if (ret < 0) return ret; h->prev_frame_num++; h->prev_frame_num %= 1 << h->sps.log2_max_frame_num; h->cur_pic_ptr->frame_num = h->prev_frame_num; ff_thread_report_progress(&h->cur_pic_ptr->tf, INT_MAX, 0); ff_thread_report_progress(&h->cur_pic_ptr->tf, INT_MAX, 1); ret = ff_generate_sliding_window_mmcos(h, 1); if (ret < 0 && (h->avctx->err_recognition & AV_EF_EXPLODE)) return ret; ret = ff_h264_execute_ref_pic_marking(h, h->mmco, h->mmco_index); if (ret < 0 && (h->avctx->err_recognition & AV_EF_EXPLODE)) return ret; if (h->short_ref_count) { if (prev) { av_image_copy(h->short_ref[0]->f.data, h->short_ref[0]->f.linesize, (const uint8_t **)prev->f.data, prev->f.linesize, h->avctx->pix_fmt, h->mb_width * 16, h->mb_height * 16); h->short_ref[0]->poc = prev->poc + 2; } h->short_ref[0]->frame_num = h->prev_frame_num; } } if (h0->first_field) { assert(h0->cur_pic_ptr); assert(h0->cur_pic_ptr->f.data[0]); assert(h0->cur_pic_ptr->reference != DELAYED_PIC_REF); if (!FIELD_PICTURE(h) || h->picture_structure == last_pic_structure) { h0->cur_pic_ptr = NULL; h0->first_field = FIELD_PICTURE(h); } else { if (h0->cur_pic_ptr->frame_num != h->frame_num) { ff_thread_report_progress(&h0->cur_pic_ptr->tf, INT_MAX, h0->picture_structure==PICT_BOTTOM_FIELD); h0->first_field = 1; h0->cur_pic_ptr = NULL; } else { h0->first_field = 0; } } } else { h0->first_field = FIELD_PICTURE(h); } if (!FIELD_PICTURE(h) || h0->first_field) { if (h264_frame_start(h) < 0) { h0->first_field = 0; return AVERROR_INVALIDDATA; } } else { release_unused_pictures(h, 0); } if (FIELD_PICTURE(h)) { for(i = (h->picture_structure == PICT_BOTTOM_FIELD); imb_height; i++) memset(h->slice_table + i*h->mb_stride, -1, (h->mb_stride - (i+1==h->mb_height)) * sizeof(*h->slice_table)); } else { memset(h->slice_table, -1, (h->mb_height * h->mb_stride - 1) * sizeof(*h->slice_table)); } h0->last_slice_type = -1; } if (h != h0 && (ret = clone_slice(h, h0)) < 0) return ret; for (i = 0; i < h->slice_context_count; i++) if (h->thread_context[i]) { ret = alloc_scratch_buffers(h->thread_context[i], h->linesize); if (ret < 0) return ret; } h->cur_pic_ptr->frame_num = h->frame_num; av_assert1(h->mb_num == h->mb_width * h->mb_height); if (first_mb_in_slice << FIELD_OR_MBAFF_PICTURE(h) >= h->mb_num || first_mb_in_slice >= h->mb_num) { av_log(h->avctx, AV_LOG_ERROR, ""first_mb_in_slice overflow\n""); return AVERROR_INVALIDDATA; } h->resync_mb_x = h->mb_x = first_mb_in_slice % h->mb_width; h->resync_mb_y = h->mb_y = (first_mb_in_slice / h->mb_width) << FIELD_OR_MBAFF_PICTURE(h); if (h->picture_structure == PICT_BOTTOM_FIELD) h->resync_mb_y = h->mb_y = h->mb_y + 1; av_assert1(h->mb_y < h->mb_height); if (h->picture_structure == PICT_FRAME) { h->curr_pic_num = h->frame_num; h->max_pic_num = 1 << h->sps.log2_max_frame_num; } else { h->curr_pic_num = 2 * h->frame_num + 1; h->max_pic_num = 1 << (h->sps.log2_max_frame_num + 1); } if (h->nal_unit_type == NAL_IDR_SLICE) get_ue_golomb(&h->gb); if (h->sps.poc_type == 0) { h->poc_lsb = get_bits(&h->gb, h->sps.log2_max_poc_lsb); if (h->pps.pic_order_present == 1 && h->picture_structure == PICT_FRAME) h->delta_poc_bottom = get_se_golomb(&h->gb); } if (h->sps.poc_type == 1 && !h->sps.delta_pic_order_always_zero_flag) { h->delta_poc[0] = get_se_golomb(&h->gb); if (h->pps.pic_order_present == 1 && h->picture_structure == PICT_FRAME) h->delta_poc[1] = get_se_golomb(&h->gb); } ff_init_poc(h, h->cur_pic_ptr->field_poc, &h->cur_pic_ptr->poc); if (h->pps.redundant_pic_cnt_present) h->redundant_pic_count = get_ue_golomb(&h->gb); ret = ff_set_ref_count(h); if (ret < 0) return ret; if (slice_type != AV_PICTURE_TYPE_I && (h0->current_slice == 0 || slice_type != h0->last_slice_type || memcmp(h0->last_ref_count, h0->ref_count, sizeof(h0->ref_count)))) { ff_h264_fill_default_ref_list(h); } if (h->slice_type_nos != AV_PICTURE_TYPE_I) { ret = ff_h264_decode_ref_pic_list_reordering(h); if (ret < 0) { h->ref_count[1] = h->ref_count[0] = 0; return ret; } } if ((h->pps.weighted_pred && h->slice_type_nos == AV_PICTURE_TYPE_P) || (h->pps.weighted_bipred_idc == 1 && h->slice_type_nos == AV_PICTURE_TYPE_B)) ff_pred_weight_table(h); else if (h->pps.weighted_bipred_idc == 2 && h->slice_type_nos == AV_PICTURE_TYPE_B) { implicit_weight_table(h, -1); } else { h->use_weight = 0; for (i = 0; i < 2; i++) { h->luma_weight_flag[i] = 0; h->chroma_weight_flag[i] = 0; } } if (h->nal_ref_idc) { ret = ff_h264_decode_ref_pic_marking(h0, &h->gb, !(h->avctx->active_thread_type & FF_THREAD_FRAME) || h0->current_slice == 0); if (ret < 0 && (h->avctx->err_recognition & AV_EF_EXPLODE)) return AVERROR_INVALIDDATA; } if (FRAME_MBAFF(h)) { ff_h264_fill_mbaff_ref_list(h); if (h->pps.weighted_bipred_idc == 2 && h->slice_type_nos == AV_PICTURE_TYPE_B) { implicit_weight_table(h, 0); implicit_weight_table(h, 1); } } if (h->slice_type_nos == AV_PICTURE_TYPE_B && !h->direct_spatial_mv_pred) ff_h264_direct_dist_scale_factor(h); ff_h264_direct_ref_list_init(h); if (h->slice_type_nos != AV_PICTURE_TYPE_I && h->pps.cabac) { tmp = get_ue_golomb_31(&h->gb); if (tmp > 2) { av_log(h->avctx, AV_LOG_ERROR, ""cabac_init_idc overflow\n""); return AVERROR_INVALIDDATA; } h->cabac_init_idc = tmp; } h->last_qscale_diff = 0; tmp = h->pps.init_qp + get_se_golomb(&h->gb); if (tmp > 51 + 6 * (h->sps.bit_depth_luma - 8)) { av_log(h->avctx, AV_LOG_ERROR, ""QP %u out of range\n"", tmp); return AVERROR_INVALIDDATA; } h->qscale = tmp; h->chroma_qp[0] = get_chroma_qp(h, 0, h->qscale); h->chroma_qp[1] = get_chroma_qp(h, 1, h->qscale); if (h->slice_type == AV_PICTURE_TYPE_SP) get_bits1(&h->gb); if (h->slice_type == AV_PICTURE_TYPE_SP || h->slice_type == AV_PICTURE_TYPE_SI) get_se_golomb(&h->gb); h->deblocking_filter = 1; h->slice_alpha_c0_offset = 52; h->slice_beta_offset = 52; if (h->pps.deblocking_filter_parameters_present) { tmp = get_ue_golomb_31(&h->gb); if (tmp > 2) { av_log(h->avctx, AV_LOG_ERROR, ""deblocking_filter_idc %u out of range\n"", tmp); return AVERROR_INVALIDDATA; } h->deblocking_filter = tmp; if (h->deblocking_filter < 2) h->deblocking_filter ^= 1; if (h->deblocking_filter) { h->slice_alpha_c0_offset += get_se_golomb(&h->gb) << 1; h->slice_beta_offset += get_se_golomb(&h->gb) << 1; if (h->slice_alpha_c0_offset > 104U || h->slice_beta_offset > 104U) { av_log(h->avctx, AV_LOG_ERROR, ""deblocking filter parameters %d %d out of range\n"", h->slice_alpha_c0_offset, h->slice_beta_offset); return AVERROR_INVALIDDATA; } } } if (h->avctx->skip_loop_filter >= AVDISCARD_ALL || (h->avctx->skip_loop_filter >= AVDISCARD_NONKEY && h->slice_type_nos != AV_PICTURE_TYPE_I) || (h->avctx->skip_loop_filter >= AVDISCARD_BIDIR && h->slice_type_nos == AV_PICTURE_TYPE_B) || (h->avctx->skip_loop_filter >= AVDISCARD_NONREF && h->nal_ref_idc == 0)) h->deblocking_filter = 0; if (h->deblocking_filter == 1 && h0->max_contexts > 1) { if (h->avctx->flags2 & CODEC_FLAG2_FAST) { h->deblocking_filter = 2; } else { h0->max_contexts = 1; if (!h0->single_decode_warning) { av_log(h->avctx, AV_LOG_INFO, ""Cannot parallelize deblocking type 1, decoding such frames in sequential order\n""); h0->single_decode_warning = 1; } if (h != h0) { av_log(h->avctx, AV_LOG_ERROR, ""Deblocking switched inside frame.\n""); return 1; } } } h->qp_thresh = 15 + 52 - FFMIN(h->slice_alpha_c0_offset, h->slice_beta_offset) - FFMAX3(0, h->pps.chroma_qp_index_offset[0], h->pps.chroma_qp_index_offset[1]) + 6 * (h->sps.bit_depth_luma - 8); h0->last_slice_type = slice_type; memcpy(h0->last_ref_count, h0->ref_count, sizeof(h0->last_ref_count)); h->slice_num = ++h0->current_slice; if (h->slice_num) h0->slice_row[(h->slice_num-1)&(MAX_SLICES-1)]= h->resync_mb_y; if ( h0->slice_row[h->slice_num&(MAX_SLICES-1)] + 3 >= h->resync_mb_y && h0->slice_row[h->slice_num&(MAX_SLICES-1)] <= h->resync_mb_y && h->slice_num >= MAX_SLICES) { av_log(h->avctx, AV_LOG_WARNING, ""Possibly too many slices (%d >= %d), increase MAX_SLICES and recompile if there are artifacts\n"", h->slice_num, MAX_SLICES); } for (j = 0; j < 2; j++) { int id_list[16]; int *ref2frm = h->ref2frm[h->slice_num & (MAX_SLICES - 1)][j]; for (i = 0; i < 16; i++) { id_list[i] = 60; if (j < h->list_count && i < h->ref_count[j] && h->ref_list[j][i].f.buf[0]) { int k; AVBuffer *buf = h->ref_list[j][i].f.buf[0]->buffer; for (k = 0; k < h->short_ref_count; k++) if (h->short_ref[k]->f.buf[0]->buffer == buf) { id_list[i] = k; break; } for (k = 0; k < h->long_ref_count; k++) if (h->long_ref[k] && h->long_ref[k]->f.buf[0]->buffer == buf) { id_list[i] = h->short_ref_count + k; break; } } } ref2frm[0] = ref2frm[1] = -1; for (i = 0; i < 16; i++) ref2frm[i + 2] = 4 * id_list[i] + (h->ref_list[j][i].reference & 3); ref2frm[18 + 0] = ref2frm[18 + 1] = -1; for (i = 16; i < 48; i++) ref2frm[i + 4] = 4 * id_list[(i - 16) >> 1] + (h->ref_list[j][i].reference & 3); } if (h->ref_count[0]) h->er.last_pic = &h->ref_list[0][0]; if (h->ref_count[1]) h->er.next_pic = &h->ref_list[1][0]; h->er.ref_count = h->ref_count[0]; if (h->avctx->debug & FF_DEBUG_PICT_INFO) { av_log(h->avctx, AV_LOG_DEBUG, ""slice:%d %s mb:%d %c%s%s pps:%u frame:%d poc:%d/%d ref:%d/%d qp:%d loop:%d:%d:%d weight:%d%s %s\n"", h->slice_num, (h->picture_structure == PICT_FRAME ? ""F"" : h->picture_structure == PICT_TOP_FIELD ? ""T"" : ""B""), first_mb_in_slice, av_get_picture_type_char(h->slice_type), h->slice_type_fixed ? "" fix"" : """", h->nal_unit_type == NAL_IDR_SLICE ? "" IDR"" : """", pps_id, h->frame_num, h->cur_pic_ptr->field_poc[0], h->cur_pic_ptr->field_poc[1], h->ref_count[0], h->ref_count[1], h->qscale, h->deblocking_filter, h->slice_alpha_c0_offset / 2 - 26, h->slice_beta_offset / 2 - 26, h->use_weight, h->use_weight == 1 && h->use_weight_chroma ? ""c"" : """", h->slice_type == AV_PICTURE_TYPE_B ? (h->direct_spatial_mv_pred ? ""SPAT"" : ""TEMP"") : """"); } return 0; }",visit repo url,libavcodec/h264.c,https://github.com/FFmpeg/FFmpeg,17694928138283,1 271,CWE-416,"packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) { struct sock *sk = sock->sk; struct packet_sock *po = pkt_sk(sk); int ret; if (level != SOL_PACKET) return -ENOPROTOOPT; switch (optname) { case PACKET_ADD_MEMBERSHIP: case PACKET_DROP_MEMBERSHIP: { struct packet_mreq_max mreq; int len = optlen; memset(&mreq, 0, sizeof(mreq)); if (len < sizeof(struct packet_mreq)) return -EINVAL; if (len > sizeof(mreq)) len = sizeof(mreq); if (copy_from_user(&mreq, optval, len)) return -EFAULT; if (len < (mreq.mr_alen + offsetof(struct packet_mreq, mr_address))) return -EINVAL; if (optname == PACKET_ADD_MEMBERSHIP) ret = packet_mc_add(sk, &mreq); else ret = packet_mc_drop(sk, &mreq); return ret; } case PACKET_RX_RING: case PACKET_TX_RING: { union tpacket_req_u req_u; int len; switch (po->tp_version) { case TPACKET_V1: case TPACKET_V2: len = sizeof(req_u.req); break; case TPACKET_V3: default: len = sizeof(req_u.req3); break; } if (optlen < len) return -EINVAL; if (copy_from_user(&req_u.req, optval, len)) return -EFAULT; return packet_set_ring(sk, &req_u, 0, optname == PACKET_TX_RING); } case PACKET_COPY_THRESH: { int val; if (optlen != sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; pkt_sk(sk)->copy_thresh = val; return 0; } case PACKET_VERSION: { int val; if (optlen != sizeof(val)) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; switch (val) { case TPACKET_V1: case TPACKET_V2: case TPACKET_V3: po->tp_version = val; return 0; default: return -EINVAL; } } case PACKET_RESERVE: { unsigned int val; if (optlen != sizeof(val)) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->tp_reserve = val; return 0; } case PACKET_LOSS: { unsigned int val; if (optlen != sizeof(val)) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->tp_loss = !!val; return 0; } case PACKET_AUXDATA: { int val; if (optlen < sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->auxdata = !!val; return 0; } case PACKET_ORIGDEV: { int val; if (optlen < sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->origdev = !!val; return 0; } case PACKET_VNET_HDR: { int val; if (sock->type != SOCK_RAW) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (optlen < sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->has_vnet_hdr = !!val; return 0; } case PACKET_TIMESTAMP: { int val; if (optlen != sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->tp_tstamp = val; return 0; } case PACKET_FANOUT: { int val; if (optlen != sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; return fanout_add(sk, val & 0xffff, val >> 16); } case PACKET_FANOUT_DATA: { if (!po->fanout) return -EINVAL; return fanout_set_data(po, optval, optlen); } case PACKET_TX_HAS_OFF: { unsigned int val; if (optlen != sizeof(val)) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->tp_tx_has_off = !!val; return 0; } case PACKET_QDISC_BYPASS: { int val; if (optlen != sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->xmit = val ? packet_direct_xmit : dev_queue_xmit; return 0; } default: return -ENOPROTOOPT; } }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,191528543043528,1 2341,CWE-772,"batchCopyElem(batch_obj_t *pDest, batch_obj_t *pSrc) { memcpy(pDest, pSrc, sizeof(batch_obj_t)); }",visit repo url,runtime/batch.h,https://github.com/rsyslog/rsyslog,150655118647828,1 3076,CWE-399,"int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) { CMS_SignerInfo *si; STACK_OF(CMS_SignerInfo) *sinfos; STACK_OF(X509) *cms_certs = NULL; STACK_OF(X509_CRL) *crls = NULL; X509 *signer; int i, scount = 0, ret = 0; BIO *cmsbio = NULL, *tmpin = NULL; if (!dcont && !check_content(cms)) return 0; sinfos = CMS_get0_SignerInfos(cms); if (sk_CMS_SignerInfo_num(sinfos) <= 0) { CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS); goto err; } for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); if (signer) scount++; } if (scount != sk_CMS_SignerInfo_num(sinfos)) scount += CMS_set1_signers_certs(cms, certs, flags); if (scount != sk_CMS_SignerInfo_num(sinfos)) { CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND); goto err; } if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) { cms_certs = CMS_get1_certs(cms); if (!(flags & CMS_NOCRL)) crls = CMS_get1_crls(cms); for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls, flags)) goto err; } } if (!(flags & CMS_NO_ATTR_VERIFY)) { for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); if (CMS_signed_get_attr_count(si) < 0) continue; if (CMS_SignerInfo_verify(si) <= 0) goto err; } } if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) { char *ptr; long len; len = BIO_get_mem_data(dcont, &ptr); tmpin = BIO_new_mem_buf(ptr, len); if (tmpin == NULL) { CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE); return 0; } } else tmpin = dcont; cmsbio=CMS_dataInit(cms, tmpin); if (!cmsbio) goto err; if (!cms_copy_content(out, cmsbio, flags)) goto err; if (!(flags & CMS_NO_CONTENT_VERIFY)) { for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) { CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR); goto err; } } } ret = 1; err: if (dcont && (tmpin == dcont)) do_free_upto(cmsbio, dcont); else BIO_free_all(cmsbio); if (cms_certs) sk_X509_pop_free(cms_certs, X509_free); if (crls) sk_X509_CRL_pop_free(crls, X509_CRL_free); return ret; }",visit repo url,crypto/cms/cms_smime.c,https://github.com/openssl/openssl,21922426289480,1 4137,CWE-20,"mark_trusted_task_thread_func (GTask *task, gpointer source_object, gpointer task_data, GCancellable *cancellable) { MarkTrustedJob *job = task_data; CommonJob *common; common = (CommonJob *) job; nautilus_progress_info_start (job->common.progress); mark_desktop_file_trusted (common, cancellable, job->file, job->interactive); }",visit repo url,src/nautilus-file-operations.c,https://github.com/GNOME/nautilus,240841396626439,1 890,CWE-20,"vsock_stream_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk; struct vsock_sock *vsk; int err; size_t target; ssize_t copied; long timeout; struct vsock_transport_recv_notify_data recv_data; DEFINE_WAIT(wait); sk = sock->sk; vsk = vsock_sk(sk); err = 0; msg->msg_namelen = 0; lock_sock(sk); if (sk->sk_state != SS_CONNECTED) { if (sock_flag(sk, SOCK_DONE)) err = 0; else err = -ENOTCONN; goto out; } if (flags & MSG_OOB) { err = -EOPNOTSUPP; goto out; } if (sk->sk_shutdown & RCV_SHUTDOWN) { err = 0; goto out; } if (!len) { err = 0; goto out; } target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); if (target >= transport->stream_rcvhiwat(vsk)) { err = -ENOMEM; goto out; } timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); copied = 0; err = transport->notify_recv_init(vsk, target, &recv_data); if (err < 0) goto out; prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); while (1) { s64 ready = vsock_stream_has_data(vsk); if (ready < 0) { err = -ENOMEM; goto out_wait; } else if (ready > 0) { ssize_t read; err = transport->notify_recv_pre_dequeue( vsk, target, &recv_data); if (err < 0) break; read = transport->stream_dequeue( vsk, msg->msg_iov, len - copied, flags); if (read < 0) { err = -ENOMEM; break; } copied += read; err = transport->notify_recv_post_dequeue( vsk, target, read, !(flags & MSG_PEEK), &recv_data); if (err < 0) goto out_wait; if (read >= target || flags & MSG_PEEK) break; target -= read; } else { if (sk->sk_err != 0 || (sk->sk_shutdown & RCV_SHUTDOWN) || (vsk->peer_shutdown & SEND_SHUTDOWN)) { break; } if (timeout == 0) { err = -EAGAIN; break; } err = transport->notify_recv_pre_block( vsk, target, &recv_data); if (err < 0) break; release_sock(sk); timeout = schedule_timeout(timeout); lock_sock(sk); if (signal_pending(current)) { err = sock_intr_errno(timeout); break; } else if (timeout == 0) { err = -EAGAIN; break; } prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); } } if (sk->sk_err) err = -sk->sk_err; else if (sk->sk_shutdown & RCV_SHUTDOWN) err = 0; if (copied > 0) { if (!(flags & MSG_PEEK)) { if (vsk->peer_shutdown & SEND_SHUTDOWN) { if (vsock_stream_has_data(vsk) <= 0) { sk->sk_state = SS_UNCONNECTED; sock_set_flag(sk, SOCK_DONE); sk->sk_state_change(sk); } } } err = copied; } out_wait: finish_wait(sk_sleep(sk), &wait); out: release_sock(sk); return err; }",visit repo url,net/vmw_vsock/af_vsock.c,https://github.com/torvalds/linux,94541206747475,1 2507,CWE-20,"void beforeSleep(struct aeEventLoop *eventLoop) { REDIS_NOTUSED(eventLoop); listNode *ln; redisClient *c; if (server.vm_enabled && listLength(server.io_ready_clients)) { listIter li; listRewind(server.io_ready_clients,&li); while((ln = listNext(&li))) { c = ln->value; struct redisCommand *cmd; listDelNode(server.io_ready_clients,ln); c->flags &= (~REDIS_IO_WAIT); server.vm_blocked_clients--; aeCreateFileEvent(server.el, c->fd, AE_READABLE, readQueryFromClient, c); cmd = lookupCommand(c->argv[0]->ptr); redisAssert(cmd != NULL); call(c,cmd); resetClient(c); if (c->querybuf && sdslen(c->querybuf) > 0) processInputBuffer(c); } } while (listLength(server.unblocked_clients)) { ln = listFirst(server.unblocked_clients); redisAssert(ln != NULL); c = ln->value; listDelNode(server.unblocked_clients,ln); if (c->querybuf && sdslen(c->querybuf) > 0) processInputBuffer(c); } flushAppendOnlyFile(); }",visit repo url,src/redis.c,https://github.com/antirez/redis,166650316455658,1 472,[],"pfmfs_get_sb(struct file_system_type *fs_type, int flags, const char *dev_name, void *data, struct vfsmount *mnt) { return get_sb_pseudo(fs_type, ""pfm:"", NULL, PFMFS_MAGIC, mnt); }",linux-2.6,,,11108293380847822473830711915874301068,0 6702,CWE-89,"int db_update(char* name, char* value) { char* sql; int r = 0; if (crypt_key) { value = note_encrypt(value,crypt_key); r = asprintf(&sql, ""UPDATE nodau set text='%s' , encrypted='true' WHERE name='%s'"", value, name); free(value); if (r < 0) return 1; }else{ if (asprintf(&sql, ""UPDATE nodau set text='%s' , encrypted='false' WHERE name='%s'"", value, name) < 0) return 1; } r = sqlite3_exec(db_data.db, sql, NULL, 0, &db_data.error_msg); free(sql); return r; }",visit repo url,src/db.c,https://github.com/TicklishHoneyBee/nodau,161749193419592,1 3628,['CWE-287'],"void sctp_association_hold(struct sctp_association *asoc) { atomic_inc(&asoc->base.refcnt); }",linux-2.6,,,193674000802560801214697520101332978993,0 5287,CWE-200,"int data_on_connection(int fd, callback_remove_handler remove) { int nread; char *network_packet; char network_line[8192]; char *p; unsigned long id; char string[1024]; unsigned long msg_id = UINT32_MAX; enum network_protocol version = network_client_get_version(fd); ioctl(fd, FIONREAD, &nread); univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""new connection data = %d\n"",nread); if(nread == 0) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_PROCESS, ""%d failed, got 0 close connection to listener "", fd); close(fd); FD_CLR(fd, &readfds); remove(fd); network_client_dump (); return 0; } if ( nread >= 8192 ) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ERROR, ""%d failed, more than 8192 close connection to listener "", fd); close(fd); FD_CLR(fd, &readfds); remove(fd); return 0; } network_packet=malloc((nread+1) * sizeof(char)); read(fd, network_packet, nread); network_packet[nread]='\0'; memset(network_line, 0, 8192); p=network_packet; p_sem(sem_id); while ( get_network_line(p, network_line) ) { if ( strlen(network_line) > 0 ) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""line = [%s]"",network_line); } if ( !strncmp(network_line, ""MSGID: "", strlen(""MSGID: "")) ) { msg_id=strtoul(&(network_line[strlen(""MSGID: "")]), NULL, 10); p+=strlen(network_line); } else if ( !strncmp(network_line, ""Version: "", strlen(""Version: "")) ) { char *head = network_line, *end; univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""RECV: VERSION""); version = strtoul(head + 9, &end, 10); if (!head[9] || *end) goto failed; univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""VERSION=%d"", version); if (version < network_procotol_version) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_PROCESS, ""Forbidden VERSION=%d < %d, close connection to listener"", version, network_procotol_version); goto close; } else if (version >= PROTOCOL_LAST) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_PROCESS, ""Future VERSION=%d"", version); version = PROTOCOL_LAST - 1; } network_client_set_version(fd, version); msg_id = UINT32_MAX; p+=strlen(network_line); } else if ( !strncmp(network_line, ""Capabilities: "", strlen(""Capabilities: "")) ) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""RECV: Capabilities""); if ( version > PROTOCOL_UNKNOWN ) { memset(string, 0, sizeof(string)); snprintf(string, sizeof(string), ""Version: %d\nCapabilities: \n\n"", version); univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""SEND: %s"", string); write(fd, string, strlen(string)); } else { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""Capabilities recv, but no version line""); } p+=strlen(network_line); } else if ( !strncmp(network_line, ""GET_DN "", strlen(""GET_DN "")) && msg_id != UINT32_MAX && network_client_get_version(fd) > 0) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""RECV: GET_DN""); id=strtoul(&(network_line[strlen(""GET_DN "")]), NULL, 10); univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""id: %ld"",id); if ( id <= notify_last_id.id) { char *dn_string = NULL; univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""try to read %ld from cache"", id); if ( (dn_string = notifier_cache_get(id)) == NULL ) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""%ld not found in cache"", id); univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""%ld get one dn"", id); if( (dn_string=notify_transcation_get_one_dn ( id )) == NULL ) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""%ld failed "", id); univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ERROR, ""%d failed, close connection to listener "", fd); close(fd); FD_CLR(fd, &readfds); remove(fd); return 0; } } if ( dn_string != NULL ) { snprintf(string, sizeof(string), ""MSGID: %ld\n%s\n\n"",msg_id,dn_string); univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""--> %d: [%s]"",fd, string); write(fd, string, strlen(string)); free(dn_string); } } else { network_client_set_next_id(fd, id); network_client_set_msg_id(fd, msg_id); } p+=strlen(network_line)+1; msg_id = UINT32_MAX; } else if (!strncmp(p, ""WAIT_ID "", 8) && msg_id != UINT32_MAX && version >= PROTOCOL_3) { char *head = network_line, *end; univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""RECV: WAIT_ID""); id = strtoul(head + 8, &end, 10); if (!head[8] || *end) goto failed; univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""id: %ld"", id); if (id <= notify_last_id.id) { snprintf(string, sizeof(string), ""MSGID: %ld\n%ld\n\n"", msg_id, notify_last_id.id); write(fd, string, strlen(string)); } else { network_client_set_next_id(fd, id); network_client_set_msg_id(fd, msg_id); } p += strlen(network_line) + 1; msg_id = UINT32_MAX; } else if ( !strncmp(network_line, ""GET_ID"", strlen(""GET_ID"")) && msg_id != UINT32_MAX && network_client_get_version(fd) > 0) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""RECV: GET_ID""); memset(string, 0, sizeof(string)); snprintf(string, sizeof(string), ""MSGID: %ld\n%ld\n\n"",msg_id,notify_last_id.id); write(fd, string, strlen(string)); p+=strlen(network_line)+1; msg_id = UINT32_MAX; } else if ( !strncmp(network_line, ""GET_SCHEMA_ID"", strlen(""GET_SCHEMA_ID"")) && msg_id != UINT32_MAX && network_client_get_version(fd) > 0) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""RECV: GET_SCHEMA_ID""); memset(string, 0, sizeof(string)); snprintf(string, sizeof(string), ""MSGID: %ld\n%ld\n\n"",msg_id,SCHEMA_ID); univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""--> %d: [%s]"",fd, string); write(fd, string, strlen(string)); p+=strlen(network_line)+1; msg_id = UINT32_MAX; } else if ( !strncmp(network_line, ""ALIVE"", strlen(""ALIVE"")) && msg_id != UINT32_MAX && network_client_get_version(fd) > 0) { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""RECV: ALIVE""); snprintf(string, sizeof(string), ""MSGID: %ld\nOKAY\n\n"",msg_id); write(fd, string, strlen(string)); p+=strlen(network_line)+1; msg_id = UINT32_MAX; } else { p+=strlen(network_line); if (strlen(network_line) == 0 ) { p+=1; } else { univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ERROR, ""Drop package [%s]"", network_line); } } } v_sem(sem_id); univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_ALL, ""END Package""); network_client_dump (); return 0; failed: univention_debug(UV_DEBUG_TRANSFILE, UV_DEBUG_PROCESS, ""Failed parsing [%s]"", p); close: close(fd); FD_CLR(fd, &readfds); remove(fd); return 0; }",visit repo url,management/univention-directory-notifier/src/callback.c,https://github.com/univention/univention-corporate-server,116548230136741,1 4795,CWE-119,"sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; unsigned char buff[128]; int r, i; size_t field_length = 0, modulus_length = 0; sc_path_t tmppath; set_string (&p15card->tokeninfo->label, ""ID-kaart""); set_string (&p15card->tokeninfo->manufacturer_id, ""AS Sertifitseerimiskeskus""); sc_format_path (""3f00eeee5044"", &tmppath); r = sc_select_file (card, &tmppath, NULL); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""select esteid PD failed""); r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""read document number failed""); buff[r] = '\0'; set_string (&p15card->tokeninfo->serial_number, (const char *) buff); p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT | SC_PKCS15_TOKEN_READONLY; for (i = 0; i < 2; i++) { static const char *esteid_cert_names[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; static char const *esteid_cert_paths[2] = { ""3f00eeeeaace"", ""3f00eeeeddce""}; static int esteid_cert_ids[2] = {1, 2}; struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); cert_info.id.value[0] = esteid_cert_ids[i]; cert_info.id.len = 1; sc_format_path(esteid_cert_paths[i], &cert_info.path); strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label)); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; if (i == 0) { sc_pkcs15_cert_t *cert = NULL; r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); if (r < 0) return SC_ERROR_INTERNAL; if (cert->key->algorithm == SC_ALGORITHM_EC) field_length = cert->key->u.ec.params.field_length; else modulus_length = cert->key->u.rsa.modulus.len * 8; if (r == SC_SUCCESS) { static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }}; u8 *cn_name = NULL; size_t cn_len = 0; sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len); if (cn_len > 0) { char *token_name = malloc(cn_len+1); if (token_name) { memcpy(token_name, cn_name, cn_len); token_name[cn_len] = '\0'; set_string(&p15card->tokeninfo->label, (const char*)token_name); free(token_name); } } free(cn_name); sc_pkcs15_free_certificate(cert); } } } sc_format_path (""3f000016"", &tmppath); r = sc_select_file (card, &tmppath, NULL); if (r < 0) return SC_ERROR_INTERNAL; for (i = 0; i < 3; i++) { unsigned char tries_left; static const char *esteid_pin_names[3] = { ""PIN1"", ""PIN2"", ""PUK"" }; static const int esteid_pin_min[3] = {4, 5, 8}; static const int esteid_pin_ref[3] = {1, 2, 0}; static const int esteid_pin_authid[3] = {1, 2, 3}; static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN}; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = esteid_pin_authid[i]; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = esteid_pin_ref[i]; pin_info.attrs.pin.flags = esteid_pin_flags[i]; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = esteid_pin_min[i]; pin_info.attrs.pin.stored_length = 12; pin_info.attrs.pin.max_length = 12; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = (int)tries_left; pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; if (i < 2) { pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 3; } r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) return SC_ERROR_INTERNAL; } for (i = 0; i < 2; i++) { static int prkey_pin[2] = {1, 2}; static const char *prkey_name[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); prkey_info.id.len = 1; prkey_info.id.value[0] = prkey_pin[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; prkey_info.field_length = field_length; prkey_info.modulus_length = modulus_length; if (i == 1) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; else if(field_length > 0) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE; else prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; prkey_obj.auth_id.value[0] = prkey_pin[i]; prkey_obj.user_consent = 0; prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; if(field_length > 0) r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); else r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if (r < 0) return SC_ERROR_INTERNAL; } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-esteid.c,https://github.com/OpenSC/OpenSC,125994446105878,1 1052,CWE-476,"static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk, struct sctp_association *assoc, sctp_socket_type_t type) { struct sctp_sock *oldsp = sctp_sk(oldsk); struct sctp_sock *newsp = sctp_sk(newsk); struct sctp_bind_bucket *pp; struct sctp_endpoint *newep = newsp->ep; struct sk_buff *skb, *tmp; struct sctp_ulpevent *event; int flags = 0; newsk->sk_sndbuf = oldsk->sk_sndbuf; newsk->sk_rcvbuf = oldsk->sk_rcvbuf; inet_sk_copy_descendant(newsk, oldsk); newsp->ep = newep; newsp->hmac = NULL; pp = sctp_sk(oldsk)->bind_hash; sk_add_bind_node(newsk, &pp->owner); sctp_sk(newsk)->bind_hash = pp; inet_sk(newsk)->num = inet_sk(oldsk)->num; if (PF_INET6 == assoc->base.sk->sk_family) flags = SCTP_ADDR6_ALLOWED; if (assoc->peer.ipv4_address) flags |= SCTP_ADDR4_PEERSUPP; if (assoc->peer.ipv6_address) flags |= SCTP_ADDR6_PEERSUPP; sctp_bind_addr_copy(&newsp->ep->base.bind_addr, &oldsp->ep->base.bind_addr, SCTP_SCOPE_GLOBAL, GFP_KERNEL, flags); sctp_skb_for_each(skb, &oldsk->sk_receive_queue, tmp) { event = sctp_skb2event(skb); if (event->asoc == assoc) { sctp_sock_rfree(skb); __skb_unlink(skb, &oldsk->sk_receive_queue); __skb_queue_tail(&newsk->sk_receive_queue, skb); sctp_skb_set_owner_r(skb, newsk); } } skb_queue_head_init(&newsp->pd_lobby); sctp_sk(newsk)->pd_mode = assoc->ulpq.pd_mode; if (sctp_sk(oldsk)->pd_mode) { struct sk_buff_head *queue; if (assoc->ulpq.pd_mode) { queue = &newsp->pd_lobby; } else queue = &newsk->sk_receive_queue; sctp_skb_for_each(skb, &oldsp->pd_lobby, tmp) { event = sctp_skb2event(skb); if (event->asoc == assoc) { sctp_sock_rfree(skb); __skb_unlink(skb, &oldsp->pd_lobby); __skb_queue_tail(queue, skb); sctp_skb_set_owner_r(skb, newsk); } } if (assoc->ulpq.pd_mode) sctp_clear_pd(oldsk); } newsp->type = type; sctp_lock_sock(newsk); sctp_assoc_migrate(assoc, newsk); if (sctp_state(assoc, CLOSED) && sctp_style(newsk, TCP)) newsk->sk_shutdown |= RCV_SHUTDOWN; newsk->sk_state = SCTP_SS_ESTABLISHED; sctp_release_sock(newsk); }",visit repo url,net/sctp/socket.c,https://github.com/torvalds/linux,254338353792894,1 630,CWE-20,"int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *isk = inet_sk(sk); int family = sk->sk_family; struct sockaddr_in *sin; struct sockaddr_in6 *sin6; struct sk_buff *skb; int copied, err; pr_debug(""ping_recvmsg(sk=%p,sk->num=%u)\n"", isk, isk->inet_num); err = -EOPNOTSUPP; if (flags & MSG_OOB) goto out; if (addr_len) { if (family == AF_INET) *addr_len = sizeof(*sin); else if (family == AF_INET6 && addr_len) *addr_len = sizeof(*sin6); } if (flags & MSG_ERRQUEUE) { if (family == AF_INET) { return ip_recv_error(sk, msg, len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { return pingv6_ops.ipv6_recv_error(sk, msg, len); #endif } } skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_timestamp(msg, sk, skb); if (family == AF_INET) { sin = (struct sockaddr_in *) msg->msg_name; sin->sin_family = AF_INET; sin->sin_port = 0 ; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); if (isk->cmsg_flags) ip_cmsg_recv(msg, skb); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { struct ipv6_pinfo *np = inet6_sk(sk); struct ipv6hdr *ip6 = ipv6_hdr(skb); sin6 = (struct sockaddr_in6 *) msg->msg_name; sin6->sin6_family = AF_INET6; sin6->sin6_port = 0; sin6->sin6_addr = ip6->saddr; sin6->sin6_flowinfo = 0; if (np->sndflow) sin6->sin6_flowinfo = ip6_flowinfo(ip6); sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); if (inet6_sk(sk)->rxopt.all) pingv6_ops.ip6_datagram_recv_ctl(sk, msg, skb); #endif } else { BUG(); } err = copied; done: skb_free_datagram(sk, skb); out: pr_debug(""ping_recvmsg -> %d\n"", err); return err; }",visit repo url,net/ipv4/ping.c,https://github.com/torvalds/linux,75563104669123,1 3640,['CWE-287'],"void sctp_assoc_clean_asconf_ack_cache(const struct sctp_association *asoc) { struct sctp_chunk *ack; struct sctp_chunk *tmp; list_for_each_entry_safe(ack, tmp, &asoc->asconf_ack_list, transmitted_list) { if (ack->subh.addip_hdr->serial == htonl(asoc->peer.addip_serial)) break; list_del_init(&ack->transmitted_list); sctp_chunk_free(ack); } }",linux-2.6,,,317874664360242404921843333287431833843,0 3222,['CWE-189'],"int dump_passes(jpc_enc_pass_t *passes, int numpasses, jpc_enc_cblk_t *cblk) { jpc_enc_pass_t *pass; int i; jas_stream_memobj_t *smo; smo = cblk->stream->obj_; pass = passes; for (i = 0; i < numpasses; ++i) { jas_eprintf(""start=%d end=%d type=%d term=%d lyrno=%d firstchar=%02x size=%ld pos=%ld\n"", (int)pass->start, (int)pass->end, (int)pass->type, (int)pass->term, (int)pass->lyrno, smo->buf_[pass->start], (long)smo->len_, (long)smo->pos_); #if 0 jas_memdump(stderr, &smo->buf_[pass->start], pass->end - pass->start); #endif ++pass; } return 0; }",jasper,,,191585880478197968832364494137756174779,0 3473,['CWE-20'],"static sctp_disposition_t sctp_stop_t1_and_abort(sctp_cmd_seq_t *commands, __be16 error, int sk_err, const struct sctp_association *asoc, struct sctp_transport *transport) { SCTP_DEBUG_PRINTK(""ABORT received (INIT).\n""); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_CLOSED)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT)); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(sk_err)); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, SCTP_PERR(error)); return SCTP_DISPOSITION_ABORT; }",linux-2.6,,,315964936140871340315938384678098683685,0 704,CWE-20,"int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; size_t copied; int err; BT_DBG(""sock %p sk %p len %zu"", sock, sk, len); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) { msg->msg_namelen = 0; return 0; } return err; } copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err == 0) { sock_recv_ts_and_drops(msg, sk, skb); if (bt_sk(sk)->skb_msg_name) bt_sk(sk)->skb_msg_name(skb, msg->msg_name, &msg->msg_namelen); else msg->msg_namelen = 0; } skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,145229541403126,1 4164,CWE-476,"TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags) { TIFFDirectory *td = &tif->tif_dir; char *sep; long l, n; #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) fprintf(fd, ""TIFF Directory at offset 0x%I64x (%I64u)\n"", (unsigned __int64) tif->tif_diroff, (unsigned __int64) tif->tif_diroff); #else fprintf(fd, ""TIFF Directory at offset 0x%llx (%llu)\n"", (unsigned long long) tif->tif_diroff, (unsigned long long) tif->tif_diroff); #endif if (TIFFFieldSet(tif,FIELD_SUBFILETYPE)) { fprintf(fd, "" Subfile Type:""); sep = "" ""; if (td->td_subfiletype & FILETYPE_REDUCEDIMAGE) { fprintf(fd, ""%sreduced-resolution image"", sep); sep = ""/""; } if (td->td_subfiletype & FILETYPE_PAGE) { fprintf(fd, ""%smulti-page document"", sep); sep = ""/""; } if (td->td_subfiletype & FILETYPE_MASK) fprintf(fd, ""%stransparency mask"", sep); fprintf(fd, "" (%lu = 0x%lx)\n"", (unsigned long) td->td_subfiletype, (long) td->td_subfiletype); } if (TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS)) { fprintf(fd, "" Image Width: %lu Image Length: %lu"", (unsigned long) td->td_imagewidth, (unsigned long) td->td_imagelength); if (TIFFFieldSet(tif,FIELD_IMAGEDEPTH)) fprintf(fd, "" Image Depth: %lu"", (unsigned long) td->td_imagedepth); fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_TILEDIMENSIONS)) { fprintf(fd, "" Tile Width: %lu Tile Length: %lu"", (unsigned long) td->td_tilewidth, (unsigned long) td->td_tilelength); if (TIFFFieldSet(tif,FIELD_TILEDEPTH)) fprintf(fd, "" Tile Depth: %lu"", (unsigned long) td->td_tiledepth); fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_RESOLUTION)) { fprintf(fd, "" Resolution: %g, %g"", td->td_xresolution, td->td_yresolution); if (TIFFFieldSet(tif,FIELD_RESOLUTIONUNIT)) { switch (td->td_resolutionunit) { case RESUNIT_NONE: fprintf(fd, "" (unitless)""); break; case RESUNIT_INCH: fprintf(fd, "" pixels/inch""); break; case RESUNIT_CENTIMETER: fprintf(fd, "" pixels/cm""); break; default: fprintf(fd, "" (unit %u = 0x%x)"", td->td_resolutionunit, td->td_resolutionunit); break; } } fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_POSITION)) fprintf(fd, "" Position: %g, %g\n"", td->td_xposition, td->td_yposition); if (TIFFFieldSet(tif,FIELD_BITSPERSAMPLE)) fprintf(fd, "" Bits/Sample: %u\n"", td->td_bitspersample); if (TIFFFieldSet(tif,FIELD_SAMPLEFORMAT)) { fprintf(fd, "" Sample Format: ""); switch (td->td_sampleformat) { case SAMPLEFORMAT_VOID: fprintf(fd, ""void\n""); break; case SAMPLEFORMAT_INT: fprintf(fd, ""signed integer\n""); break; case SAMPLEFORMAT_UINT: fprintf(fd, ""unsigned integer\n""); break; case SAMPLEFORMAT_IEEEFP: fprintf(fd, ""IEEE floating point\n""); break; case SAMPLEFORMAT_COMPLEXINT: fprintf(fd, ""complex signed integer\n""); break; case SAMPLEFORMAT_COMPLEXIEEEFP: fprintf(fd, ""complex IEEE floating point\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_sampleformat, td->td_sampleformat); break; } } if (TIFFFieldSet(tif,FIELD_COMPRESSION)) { const TIFFCodec* c = TIFFFindCODEC(td->td_compression); fprintf(fd, "" Compression Scheme: ""); if (c) fprintf(fd, ""%s\n"", c->name); else fprintf(fd, ""%u (0x%x)\n"", td->td_compression, td->td_compression); } if (TIFFFieldSet(tif,FIELD_PHOTOMETRIC)) { fprintf(fd, "" Photometric Interpretation: ""); if (td->td_photometric < NPHOTONAMES) fprintf(fd, ""%s\n"", photoNames[td->td_photometric]); else { switch (td->td_photometric) { case PHOTOMETRIC_LOGL: fprintf(fd, ""CIE Log2(L)\n""); break; case PHOTOMETRIC_LOGLUV: fprintf(fd, ""CIE Log2(L) (u',v')\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_photometric, td->td_photometric); break; } } } if (TIFFFieldSet(tif,FIELD_EXTRASAMPLES) && td->td_extrasamples) { uint16 i; fprintf(fd, "" Extra Samples: %u<"", td->td_extrasamples); sep = """"; for (i = 0; i < td->td_extrasamples; i++) { switch (td->td_sampleinfo[i]) { case EXTRASAMPLE_UNSPECIFIED: fprintf(fd, ""%sunspecified"", sep); break; case EXTRASAMPLE_ASSOCALPHA: fprintf(fd, ""%sassoc-alpha"", sep); break; case EXTRASAMPLE_UNASSALPHA: fprintf(fd, ""%sunassoc-alpha"", sep); break; default: fprintf(fd, ""%s%u (0x%x)"", sep, td->td_sampleinfo[i], td->td_sampleinfo[i]); break; } sep = "", ""; } fprintf(fd, "">\n""); } if (TIFFFieldSet(tif,FIELD_INKNAMES)) { char* cp; uint16 i; fprintf(fd, "" Ink Names: ""); i = td->td_samplesperpixel; sep = """"; for (cp = td->td_inknames; i > 0 && cp < td->td_inknames + td->td_inknameslen; cp = strchr(cp,'\0')+1, i--) { size_t max_chars = td->td_inknameslen - (cp - td->td_inknames); fputs(sep, fd); _TIFFprintAsciiBounded(fd, cp, max_chars); sep = "", ""; } fputs(""\n"", fd); } if (TIFFFieldSet(tif,FIELD_THRESHHOLDING)) { fprintf(fd, "" Thresholding: ""); switch (td->td_threshholding) { case THRESHHOLD_BILEVEL: fprintf(fd, ""bilevel art scan\n""); break; case THRESHHOLD_HALFTONE: fprintf(fd, ""halftone or dithered scan\n""); break; case THRESHHOLD_ERRORDIFFUSE: fprintf(fd, ""error diffused\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_threshholding, td->td_threshholding); break; } } if (TIFFFieldSet(tif,FIELD_FILLORDER)) { fprintf(fd, "" FillOrder: ""); switch (td->td_fillorder) { case FILLORDER_MSB2LSB: fprintf(fd, ""msb-to-lsb\n""); break; case FILLORDER_LSB2MSB: fprintf(fd, ""lsb-to-msb\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_fillorder, td->td_fillorder); break; } } if (TIFFFieldSet(tif,FIELD_YCBCRSUBSAMPLING)) { fprintf(fd, "" YCbCr Subsampling: %u, %u\n"", td->td_ycbcrsubsampling[0], td->td_ycbcrsubsampling[1] ); } if (TIFFFieldSet(tif,FIELD_YCBCRPOSITIONING)) { fprintf(fd, "" YCbCr Positioning: ""); switch (td->td_ycbcrpositioning) { case YCBCRPOSITION_CENTERED: fprintf(fd, ""centered\n""); break; case YCBCRPOSITION_COSITED: fprintf(fd, ""cosited\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_ycbcrpositioning, td->td_ycbcrpositioning); break; } } if (TIFFFieldSet(tif,FIELD_HALFTONEHINTS)) fprintf(fd, "" Halftone Hints: light %u dark %u\n"", td->td_halftonehints[0], td->td_halftonehints[1]); if (TIFFFieldSet(tif,FIELD_ORIENTATION)) { fprintf(fd, "" Orientation: ""); if (td->td_orientation < NORIENTNAMES) fprintf(fd, ""%s\n"", orientNames[td->td_orientation]); else fprintf(fd, ""%u (0x%x)\n"", td->td_orientation, td->td_orientation); } if (TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL)) fprintf(fd, "" Samples/Pixel: %u\n"", td->td_samplesperpixel); if (TIFFFieldSet(tif,FIELD_ROWSPERSTRIP)) { fprintf(fd, "" Rows/Strip: ""); if (td->td_rowsperstrip == (uint32) -1) fprintf(fd, ""(infinite)\n""); else fprintf(fd, ""%lu\n"", (unsigned long) td->td_rowsperstrip); } if (TIFFFieldSet(tif,FIELD_MINSAMPLEVALUE)) fprintf(fd, "" Min Sample Value: %u\n"", td->td_minsamplevalue); if (TIFFFieldSet(tif,FIELD_MAXSAMPLEVALUE)) fprintf(fd, "" Max Sample Value: %u\n"", td->td_maxsamplevalue); if (TIFFFieldSet(tif,FIELD_SMINSAMPLEVALUE)) { int i; int count = (tif->tif_flags & TIFF_PERSAMPLE) ? td->td_samplesperpixel : 1; fprintf(fd, "" SMin Sample Value:""); for (i = 0; i < count; ++i) fprintf(fd, "" %g"", td->td_sminsamplevalue[i]); fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_SMAXSAMPLEVALUE)) { int i; int count = (tif->tif_flags & TIFF_PERSAMPLE) ? td->td_samplesperpixel : 1; fprintf(fd, "" SMax Sample Value:""); for (i = 0; i < count; ++i) fprintf(fd, "" %g"", td->td_smaxsamplevalue[i]); fprintf(fd, ""\n""); } if (TIFFFieldSet(tif,FIELD_PLANARCONFIG)) { fprintf(fd, "" Planar Configuration: ""); switch (td->td_planarconfig) { case PLANARCONFIG_CONTIG: fprintf(fd, ""single image plane\n""); break; case PLANARCONFIG_SEPARATE: fprintf(fd, ""separate image planes\n""); break; default: fprintf(fd, ""%u (0x%x)\n"", td->td_planarconfig, td->td_planarconfig); break; } } if (TIFFFieldSet(tif,FIELD_PAGENUMBER)) fprintf(fd, "" Page Number: %u-%u\n"", td->td_pagenumber[0], td->td_pagenumber[1]); if (TIFFFieldSet(tif,FIELD_COLORMAP)) { fprintf(fd, "" Color Map: ""); if (flags & TIFFPRINT_COLORMAP) { fprintf(fd, ""\n""); n = 1L<td_bitspersample; for (l = 0; l < n; l++) fprintf(fd, "" %5ld: %5u %5u %5u\n"", l, td->td_colormap[0][l], td->td_colormap[1][l], td->td_colormap[2][l]); } else fprintf(fd, ""(present)\n""); } if (TIFFFieldSet(tif,FIELD_REFBLACKWHITE)) { int i; fprintf(fd, "" Reference Black/White:\n""); for (i = 0; i < 3; i++) fprintf(fd, "" %2d: %5g %5g\n"", i, td->td_refblackwhite[2*i+0], td->td_refblackwhite[2*i+1]); } if (TIFFFieldSet(tif,FIELD_TRANSFERFUNCTION)) { fprintf(fd, "" Transfer Function: ""); if (flags & TIFFPRINT_CURVES) { fprintf(fd, ""\n""); n = 1L<td_bitspersample; for (l = 0; l < n; l++) { uint16 i; fprintf(fd, "" %2ld: %5u"", l, td->td_transferfunction[0][l]); for (i = 1; i < td->td_samplesperpixel; i++) fprintf(fd, "" %5u"", td->td_transferfunction[i][l]); fputc('\n', fd); } } else fprintf(fd, ""(present)\n""); } if (TIFFFieldSet(tif, FIELD_SUBIFD) && (td->td_subifd)) { uint16 i; fprintf(fd, "" SubIFD Offsets:""); for (i = 0; i < td->td_nsubifd; i++) #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) fprintf(fd, "" %5I64u"", (unsigned __int64) td->td_subifd[i]); #else fprintf(fd, "" %5llu"", (unsigned long long) td->td_subifd[i]); #endif fputc('\n', fd); } { int i; short count; count = (short) TIFFGetTagListCount(tif); for(i = 0; i < count; i++) { uint32 tag = TIFFGetTagListEntry(tif, i); const TIFFField *fip; uint32 value_count; int mem_alloc = 0; void *raw_data; fip = TIFFFieldWithTag(tif, tag); if(fip == NULL) continue; if(fip->field_passcount) { if (fip->field_readcount == TIFF_VARIABLE2 ) { if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1) continue; } else if (fip->field_readcount == TIFF_VARIABLE ) { uint16 small_value_count; if(TIFFGetField(tif, tag, &small_value_count, &raw_data) != 1) continue; value_count = small_value_count; } else { assert (fip->field_readcount == TIFF_VARIABLE || fip->field_readcount == TIFF_VARIABLE2); continue; } } else { if (fip->field_readcount == TIFF_VARIABLE || fip->field_readcount == TIFF_VARIABLE2) value_count = 1; else if (fip->field_readcount == TIFF_SPP) value_count = td->td_samplesperpixel; else value_count = fip->field_readcount; if (fip->field_tag == TIFFTAG_DOTRANGE && strcmp(fip->field_name,""DotRange"") == 0) { static uint16 dotrange[2]; raw_data = dotrange; TIFFGetField(tif, tag, dotrange+0, dotrange+1); } else if (fip->field_type == TIFF_ASCII || fip->field_readcount == TIFF_VARIABLE || fip->field_readcount == TIFF_VARIABLE2 || fip->field_readcount == TIFF_SPP || value_count > 1) { if(TIFFGetField(tif, tag, &raw_data) != 1) continue; } else { raw_data = _TIFFmalloc( _TIFFDataSize(fip->field_type) * value_count); mem_alloc = 1; if(TIFFGetField(tif, tag, raw_data) != 1) { _TIFFfree(raw_data); continue; } } } if (!_TIFFPrettyPrintField(tif, fip, fd, tag, value_count, raw_data)) _TIFFPrintField(fd, fip, value_count, raw_data); if(mem_alloc) _TIFFfree(raw_data); } } if (tif->tif_tagmethods.printdir) (*tif->tif_tagmethods.printdir)(tif, fd, flags); _TIFFFillStriles( tif ); if ((flags & TIFFPRINT_STRIPS) && TIFFFieldSet(tif,FIELD_STRIPOFFSETS)) { uint32 s; fprintf(fd, "" %lu %s:\n"", (unsigned long) td->td_nstrips, isTiled(tif) ? ""Tiles"" : ""Strips""); for (s = 0; s < td->td_nstrips; s++) #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) fprintf(fd, "" %3lu: [%8I64u, %8I64u]\n"", (unsigned long) s, td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); #else fprintf(fd, "" %3lu: [%8llu, %8llu]\n"", (unsigned long) s, td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); #endif } }",visit repo url,libtiff/tif_print.c,https://gitlab.com/libtiff/libtiff,69985777410071,1 4042,CWE-125,"static RFlagsAtOffset* r_flag_get_nearest_list(RFlag *f, ut64 off, int dir) { RFlagsAtOffset *flags = NULL; RFlagsAtOffset key; key.off = off; if (dir >= 0) { flags = r_skiplist_get_geq (f->by_off, &key); } else { flags = r_skiplist_get_leq (f->by_off, &key); } if (dir == 0 && flags && flags->off != off) { return NULL; } return flags; }",visit repo url,libr/flag/flag.c,https://github.com/radare/radare2,174632365438609,1 274,[],"static int mtd_rw_oob(unsigned int fd, unsigned int cmd, unsigned long arg) { struct mtd_oob_buf __user *buf = compat_alloc_user_space(sizeof(*buf)); struct mtd_oob_buf32 __user *buf32 = compat_ptr(arg); u32 data; char __user *datap; unsigned int real_cmd; int err; real_cmd = (cmd == MEMREADOOB32) ? MEMREADOOB : MEMWRITEOOB; if (copy_in_user(&buf->start, &buf32->start, 2 * sizeof(u32)) || get_user(data, &buf32->ptr)) return -EFAULT; datap = compat_ptr(data); if (put_user(datap, &buf->ptr)) return -EFAULT; err = sys_ioctl(fd, real_cmd, (unsigned long) buf); if (!err) { if (copy_in_user(&buf32->start, &buf->start, 2 * sizeof(u32))) err = -EFAULT; } return err; } ",linux-2.6,,,50204040440762972631071629139848591807,0 5064,['CWE-20'],"static int handle_halt(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { skip_emulated_instruction(vcpu); return kvm_emulate_halt(vcpu); }",linux-2.6,,,149354625762145093075478709475446881071,0 1231,CWE-400,"static void perf_output_wakeup(struct perf_output_handle *handle) { atomic_set(&handle->rb->poll, POLL_IN); if (handle->nmi) { handle->event->pending_wakeup = 1; irq_work_queue(&handle->event->pending); } else perf_event_wakeup(handle->event); }",visit repo url,kernel/events/ring_buffer.c,https://github.com/torvalds/linux,136016125808112,1 5265,['CWE-264'],"static void process_deny_list( canon_ace **pp_ace_list ) { canon_ace *ace_list = *pp_ace_list; canon_ace *curr_ace = NULL; canon_ace *curr_ace_next = NULL; for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) { canon_ace *allow_ace_p; curr_ace_next = curr_ace->next; if (curr_ace->attr != DENY_ACE) continue; if (curr_ace->perms == (mode_t)0) { DLIST_REMOVE(ace_list, curr_ace); continue; } if (!sid_equal(&curr_ace->trustee, &global_sid_World)) continue; SMB_ASSERT(curr_ace->owner_type == WORLD_ACE); if (curr_ace->perms == ALL_ACE_PERMS) { canon_ace *prev_entry = curr_ace->prev; free_canon_ace_list( curr_ace ); if (prev_entry) prev_entry->next = NULL; else { ace_list = NULL; } break; } for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) { if (allow_ace_p->attr != ALLOW_ACE) continue; allow_ace_p->perms &= ~curr_ace->perms; } DLIST_REMOVE(ace_list, curr_ace); } for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) { mode_t new_perms = (mode_t)0; canon_ace *allow_ace_p; curr_ace_next = curr_ace->next; if (curr_ace->attr != DENY_ACE) continue; if (curr_ace->owner_type != UID_ACE) continue; if (curr_ace->perms == ALL_ACE_PERMS) { curr_ace->attr = ALLOW_ACE; curr_ace->perms = (mode_t)0; DLIST_DEMOTE(ace_list, curr_ace, canon_ace *); continue; } for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) { if (allow_ace_p->attr != ALLOW_ACE) continue; if (allow_ace_p->owner_type == UID_ACE) continue; if (uid_entry_in_group( curr_ace, allow_ace_p)) new_perms |= allow_ace_p->perms; } curr_ace->attr = ALLOW_ACE; curr_ace->perms = (new_perms & ~curr_ace->perms); DLIST_DEMOTE(ace_list, curr_ace, canon_ace *); } for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) { canon_ace *allow_ace_p; canon_ace *allow_everyone_p = NULL; curr_ace_next = curr_ace->next; if (curr_ace->attr != DENY_ACE) continue; if (curr_ace->owner_type != GID_ACE) continue; for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) { if (allow_ace_p->attr != ALLOW_ACE) continue; if (allow_ace_p->owner_type == WORLD_ACE) allow_everyone_p = allow_ace_p; if (allow_ace_p->owner_type != UID_ACE) continue; if (uid_entry_in_group( allow_ace_p, curr_ace)) allow_ace_p->perms &= ~curr_ace->perms; } curr_ace->attr = ALLOW_ACE; if (allow_everyone_p) curr_ace->perms = allow_everyone_p->perms & ~curr_ace->perms; else curr_ace->perms = (mode_t)0; DLIST_DEMOTE(ace_list, curr_ace, canon_ace *); } #if 0 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) { canon_ace *allow_ace_p; curr_ace_next = curr_ace->next; if (curr_ace->attr != ALLOW_ACE) continue; if (curr_ace->owner_type != UID_ACE) continue; for (allow_ace_p = ace_list; allow_ace_p; allow_ace_p = allow_ace_p->next) { if (allow_ace_p->attr != ALLOW_ACE) continue; if (allow_ace_p->owner_type != GID_ACE) continue; if (uid_entry_in_group( curr_ace, allow_ace_p)) curr_ace->perms |= allow_ace_p->perms; } } #endif *pp_ace_list = ace_list; }",samba,,,156765549473695695978930531097954408255,0 5218,['CWE-20'],"static void reload_tss(void) { struct descriptor_table gdt; struct desc_struct *descs; kvm_get_gdt(&gdt); descs = (void *)gdt.base; descs[GDT_ENTRY_TSS].type = 9; load_TR_desc(); }",linux-2.6,,,253305661162971423981371117881474877600,0 2499,['CWE-119'],"static void patch_id_consume(void *priv, char *line, unsigned long len) { struct patch_id_t *data = priv; int new_len; if (!prefixcmp(line, ""@@ -"")) return; new_len = remove_space(line, len); SHA1_Update(data->ctx, line, new_len); data->patchlen += new_len; }",git,,,324699771687513154496793457030730830859,0 6589,['CWE-200'],"get_tip_for_vpn (NMActiveConnection *active, NMVPNConnectionState state, NMApplet *applet) { NMConnectionScope scope; char *tip = NULL; const char *path, *id = NULL; GSList *iter, *list; scope = nm_active_connection_get_scope (active); path = nm_active_connection_get_connection (active); g_return_val_if_fail (path != NULL, NULL); list = applet_get_all_connections (applet); for (iter = list; iter; iter = g_slist_next (iter)) { NMConnection *candidate = NM_CONNECTION (iter->data); NMSettingConnection *s_con; if ( (nm_connection_get_scope (candidate) == scope) && !strcmp (nm_connection_get_path (candidate), path)) { s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (candidate, NM_TYPE_SETTING_CONNECTION)); id = nm_setting_connection_get_id (s_con); break; } } g_slist_free (list); if (!id) return NULL; switch (state) { case NM_VPN_CONNECTION_STATE_CONNECT: case NM_VPN_CONNECTION_STATE_PREPARE: tip = g_strdup_printf (_(""Starting VPN connection '%s'...""), id); break; case NM_VPN_CONNECTION_STATE_NEED_AUTH: tip = g_strdup_printf (_(""User authentication required for VPN connection '%s'...""), id); break; case NM_VPN_CONNECTION_STATE_IP_CONFIG_GET: tip = g_strdup_printf (_(""Requesting a VPN address for '%s'...""), id); break; case NM_VPN_CONNECTION_STATE_ACTIVATED: tip = g_strdup_printf (_(""VPN connection '%s' active""), id); break; default: break; } return tip; }",network-manager-applet,,,97742627380499837941967343843659229919,0 2179,CWE-416,"static int gup_huge_pgd(pgd_t orig, pgd_t *pgdp, unsigned long addr, unsigned long end, int write, struct page **pages, int *nr) { int refs; struct page *head, *page; if (!pgd_access_permitted(orig, write)) return 0; BUILD_BUG_ON(pgd_devmap(orig)); refs = 0; page = pgd_page(orig) + ((addr & ~PGDIR_MASK) >> PAGE_SHIFT); do { pages[*nr] = page; (*nr)++; page++; refs++; } while (addr += PAGE_SIZE, addr != end); head = compound_head(pgd_page(orig)); if (!page_cache_add_speculative(head, refs)) { *nr -= refs; return 0; } if (unlikely(pgd_val(orig) != pgd_val(*pgdp))) { *nr -= refs; while (refs--) put_page(head); return 0; } SetPageReferenced(head); return 1; }",visit repo url,mm/gup.c,https://github.com/torvalds/linux,16678731605417,1 6226,CWE-190,"void fp4_read_bin(fp4_t a, const uint8_t *bin, int len) { if (len != 4 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp2_read_bin(a[0], bin, 2 * RLC_FP_BYTES); fp2_read_bin(a[1], bin + 2 * RLC_FP_BYTES, 2 * RLC_FP_BYTES); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,232432321311318,1 6313,['CWE-200'],"static int __init tc_action_init(void) { struct rtnetlink_link *link_p = rtnetlink_links[PF_UNSPEC]; if (link_p) { link_p[RTM_NEWACTION-RTM_BASE].doit = tc_ctl_action; link_p[RTM_DELACTION-RTM_BASE].doit = tc_ctl_action; link_p[RTM_GETACTION-RTM_BASE].doit = tc_ctl_action; link_p[RTM_GETACTION-RTM_BASE].dumpit = tc_dump_action; } printk(""TC classifier action (bugs to netdev@vger.kernel.org cc "" ""hadi@cyberus.ca)\n""); return 0; }",linux-2.6,,,159191975760048449413334419407845151943,0 5229,CWE-116,"flatpak_context_set_persistent (FlatpakContext *context, const char *path) { g_hash_table_insert (context->persistent, g_strdup (path), GINT_TO_POINTER (1)); }",visit repo url,common/flatpak-context.c,https://github.com/flatpak/flatpak,162250743678232,1 2455,['CWE-119'],"static void cherry_pick_list(struct commit_list *list, struct rev_info *revs) { struct commit_list *p; int left_count = 0, right_count = 0; int left_first; struct patch_ids ids; for (p = list; p; p = p->next) { struct commit *commit = p->item; unsigned flags = commit->object.flags; if (flags & BOUNDARY) ; else if (flags & SYMMETRIC_LEFT) left_count++; else right_count++; } left_first = left_count < right_count; init_patch_ids(&ids); if (revs->diffopt.nr_paths) { ids.diffopts.nr_paths = revs->diffopt.nr_paths; ids.diffopts.paths = revs->diffopt.paths; ids.diffopts.pathlens = revs->diffopt.pathlens; } for (p = list; p; p = p->next) { struct commit *commit = p->item; unsigned flags = commit->object.flags; if (flags & BOUNDARY) continue; if (left_first != !!(flags & SYMMETRIC_LEFT)) continue; commit->util = add_commit_patch_id(commit, &ids); } for (p = list; p; p = p->next) { struct commit *commit = p->item; struct patch_id *id; unsigned flags = commit->object.flags; if (flags & BOUNDARY) continue; if (left_first == !!(flags & SYMMETRIC_LEFT)) continue; id = has_commit_patch_id(commit, &ids); if (!id) continue; id->seen = 1; commit->object.flags |= SHOWN; } for (p = list; p; p = p->next) { struct commit *commit = p->item; struct patch_id *ent; ent = commit->util; if (!ent) continue; if (ent->seen) commit->object.flags |= SHOWN; commit->util = NULL; } free_patch_ids(&ids); }",git,,,40207808541764571007713589039000420525,0 5024,[],"void winbind_msg_offline(int msg_type, struct process_id src, void *buf, size_t len, void *private_data) { struct winbindd_child *child; struct winbindd_domain *domain; DEBUG(10,(""winbind_msg_offline: got offline message.\n"")); if (!lp_winbind_offline_logon()) { DEBUG(10,(""winbind_msg_offline: rejecting offline message.\n"")); return; } if (!set_global_winbindd_state_offline()) { DEBUG(10,(""winbind_msg_offline: offline request failed.\n"")); return; } for (domain = domain_list(); domain; domain = domain->next) { if (domain->internal) { continue; } DEBUG(5,(""winbind_msg_offline: marking %s offline.\n"", domain->name)); set_domain_offline(domain); if ( domain->primary ) { struct winbindd_child *idmap = idmap_child(); if ( idmap->pid != 0 ) { message_send_pid(pid_to_procid(idmap->pid), MSG_WINBIND_OFFLINE, domain->name, strlen(domain->name)+1, False); } } } for (child = children; child != NULL; child = child->next) { if (!child->domain || (child == idmap_child())) { continue; } if (child->domain->internal) { continue; } DEBUG(10,(""winbind_msg_offline: sending message to pid %u for domain %s.\n"", (unsigned int)child->pid, domain->name )); message_send_pid(pid_to_procid(child->pid), MSG_WINBIND_OFFLINE, child->domain->name, strlen(child->domain->name)+1, False); } }",samba,,,173566402318634435243736834206590555280,0 4951,['CWE-20'],"static int nfs4_init_client(struct nfs_client *clp, int proto, int timeo, int retrans, const char *ip_addr, rpc_authflavor_t authflavour) { int error; if (clp->cl_cons_state == NFS_CS_READY) { dprintk(""<-- nfs4_init_client() = 0 [already %p]\n"", clp); return 0; } clp->rpc_ops = &nfs_v4_clientops; error = nfs_create_rpc_client(clp, proto, timeo, retrans, authflavour, RPC_CLNT_CREATE_DISCRTRY); if (error < 0) goto error; memcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr)); error = nfs_idmap_new(clp); if (error < 0) { dprintk(""%s: failed to create idmapper. Error = %d\n"", __FUNCTION__, error); goto error; } __set_bit(NFS_CS_IDMAP, &clp->cl_res_state); nfs_mark_client_ready(clp, NFS_CS_READY); return 0; error: nfs_mark_client_ready(clp, error); dprintk(""<-- nfs4_init_client() = xerror %d\n"", error); return error; }",linux-2.6,,,9901077280460573694071542369505148901,0 4938,['CWE-20'],"int nfs4_path_walk(struct nfs_server *server, struct nfs_fh *mntfh, const char *path) { struct nfs_fsinfo fsinfo; struct nfs_fattr fattr; struct nfs_fh lastfh; struct qstr name; int ret; dprintk(""--> nfs4_path_walk(,,%s)\n"", path); fsinfo.fattr = &fattr; nfs_fattr_init(&fattr); while (*path == '/') path++; ret = server->nfs_client->rpc_ops->getroot(server, mntfh, &fsinfo); if (ret < 0) { dprintk(""nfs4_get_root: getroot error = %d\n"", -ret); return ret; } if (fattr.type != NFDIR) { printk(KERN_ERR ""nfs4_get_root:"" "" getroot encountered non-directory\n""); return -ENOTDIR; } if (fattr.valid & NFS_ATTR_FATTR_V4_REFERRAL) { printk(KERN_ERR ""nfs4_get_root:"" "" getroot obtained referral\n""); return -EREMOTE; } next_component: dprintk(""Next: %s\n"", path); if (!*path) goto path_walk_complete; name.name = path; while (*path && *path != '/') path++; name.len = path - (const char *) name.name; if (name.len > NFS4_MAXNAMLEN) return -ENAMETOOLONG; eat_dot_dir: while (*path == '/') path++; if (path[0] == '.' && (path[1] == '/' || !path[1])) { path += 2; goto eat_dot_dir; } if (path[0] == '.' && path[1] == '.' && (path[2] == '/' || !path[2]) ) { printk(KERN_ERR ""nfs4_get_root:"" "" Mount path contains reference to \""..\""\n""); return -EINVAL; } memcpy(&lastfh, mntfh, sizeof(lastfh)); dprintk(""LookupFH: %*.*s [%s]\n"", name.len, name.len, name.name, path); ret = server->nfs_client->rpc_ops->lookupfh(server, &lastfh, &name, mntfh, &fattr); if (ret < 0) { dprintk(""nfs4_get_root: getroot error = %d\n"", -ret); return ret; } if (fattr.type != NFDIR) { printk(KERN_ERR ""nfs4_get_root:"" "" lookupfh encountered non-directory\n""); return -ENOTDIR; } if (fattr.valid & NFS_ATTR_FATTR_V4_REFERRAL) { printk(KERN_ERR ""nfs4_get_root:"" "" lookupfh obtained referral\n""); return -EREMOTE; } goto next_component; path_walk_complete: memcpy(&server->fsid, &fattr.fsid, sizeof(server->fsid)); dprintk(""<-- nfs4_path_walk() = 0\n""); return 0; }",linux-2.6,,,285242553075478965868933466127269082788,0 4424,CWE-476,"codegen(codegen_scope *s, node *tree, int val) { int nt; int rlev = s->rlev; if (!tree) { if (val) { genop_1(s, OP_LOADNIL, cursp()); push(); } return; } s->rlev++; if (s->rlev > MRB_CODEGEN_LEVEL_MAX) { codegen_error(s, ""too complex expression""); } if (s->irep && s->filename_index != tree->filename_index) { mrb_sym fname = mrb_parser_get_filename(s->parser, s->filename_index); const char *filename = mrb_sym_name_len(s->mrb, fname, NULL); mrb_debug_info_append_file(s->mrb, s->irep->debug_info, filename, s->lines, s->debug_start_pos, s->pc); s->debug_start_pos = s->pc; s->filename_index = tree->filename_index; s->filename_sym = mrb_parser_get_filename(s->parser, tree->filename_index); } nt = nint(tree->car); s->lineno = tree->lineno; tree = tree->cdr; switch (nt) { case NODE_BEGIN: if (val && !tree) { genop_1(s, OP_LOADNIL, cursp()); push(); } while (tree) { codegen(s, tree->car, tree->cdr ? NOVAL : val); tree = tree->cdr; } break; case NODE_RESCUE: { int noexc; uint32_t exend, pos1, pos2, tmp; struct loopinfo *lp; int catch_entry, begin, end; if (tree->car == NULL) goto exit; lp = loop_push(s, LOOP_BEGIN); lp->pc0 = new_label(s); catch_entry = catch_handler_new(s); begin = s->pc; codegen(s, tree->car, VAL); pop(); lp->type = LOOP_RESCUE; end = s->pc; noexc = genjmp_0(s, OP_JMP); catch_handler_set(s, catch_entry, MRB_CATCH_RESCUE, begin, end, s->pc); tree = tree->cdr; exend = JMPLINK_START; pos1 = JMPLINK_START; if (tree->car) { node *n2 = tree->car; int exc = cursp(); genop_1(s, OP_EXCEPT, exc); push(); while (n2) { node *n3 = n2->car; node *n4 = n3->car; dispatch(s, pos1); pos2 = JMPLINK_START; do { if (n4 && n4->car && nint(n4->car->car) == NODE_SPLAT) { codegen(s, n4->car, VAL); gen_move(s, cursp(), exc, 0); push_n(2); pop_n(2); pop(); genop_3(s, OP_SEND, cursp(), new_sym(s, MRB_SYM_2(s->mrb, __case_eqq)), 1); } else { if (n4) { codegen(s, n4->car, VAL); } else { genop_2(s, OP_GETCONST, cursp(), new_sym(s, MRB_SYM_2(s->mrb, StandardError))); push(); } pop(); genop_2(s, OP_RESCUE, exc, cursp()); } tmp = genjmp2(s, OP_JMPIF, cursp(), pos2, val); pos2 = tmp; if (n4) { n4 = n4->cdr; } } while (n4); pos1 = genjmp_0(s, OP_JMP); dispatch_linked(s, pos2); pop(); if (n3->cdr->car) { gen_assignment(s, n3->cdr->car, NULL, exc, NOVAL); } if (n3->cdr->cdr->car) { codegen(s, n3->cdr->cdr->car, val); if (val) pop(); } tmp = genjmp(s, OP_JMP, exend); exend = tmp; n2 = n2->cdr; push(); } if (pos1 != JMPLINK_START) { dispatch(s, pos1); genop_1(s, OP_RAISEIF, exc); } } pop(); tree = tree->cdr; dispatch(s, noexc); if (tree->car) { codegen(s, tree->car, val); } else if (val) { push(); } dispatch_linked(s, exend); loop_pop(s, NOVAL); } break; case NODE_ENSURE: if (!tree->cdr || !tree->cdr->cdr || (nint(tree->cdr->cdr->car) == NODE_BEGIN && tree->cdr->cdr->cdr)) { int catch_entry, begin, end, target; int idx; catch_entry = catch_handler_new(s); begin = s->pc; codegen(s, tree->car, val); end = target = s->pc; push(); idx = cursp(); genop_1(s, OP_EXCEPT, idx); push(); codegen(s, tree->cdr->cdr, NOVAL); pop(); genop_1(s, OP_RAISEIF, idx); pop(); catch_handler_set(s, catch_entry, MRB_CATCH_ENSURE, begin, end, target); } else { codegen(s, tree->car, val); } break; case NODE_LAMBDA: if (val) { int idx = lambda_body(s, tree, 1); genop_2(s, OP_LAMBDA, cursp(), idx); push(); } break; case NODE_BLOCK: if (val) { int idx = lambda_body(s, tree, 1); genop_2(s, OP_BLOCK, cursp(), idx); push(); } break; case NODE_IF: { uint32_t pos1, pos2; mrb_bool nil_p = FALSE; node *elsepart = tree->cdr->cdr->car; if (!tree->car) { codegen(s, elsepart, val); goto exit; } if (true_always(tree->car)) { codegen(s, tree->cdr->car, val); goto exit; } if (false_always(tree->car)) { codegen(s, elsepart, val); goto exit; } if (nint(tree->car->car) == NODE_CALL) { node *n = tree->car->cdr; mrb_sym mid = nsym(n->cdr->car); mrb_sym sym_nil_p = MRB_SYM_Q_2(s->mrb, nil); if (mid == sym_nil_p && n->cdr->cdr->car == NULL) { nil_p = TRUE; codegen(s, n->car, VAL); } } if (!nil_p) { codegen(s, tree->car, VAL); } pop(); if (val || tree->cdr->car) { if (nil_p) { pos2 = genjmp2_0(s, OP_JMPNIL, cursp(), val); pos1 = genjmp_0(s, OP_JMP); dispatch(s, pos2); } else { pos1 = genjmp2_0(s, OP_JMPNOT, cursp(), val); } codegen(s, tree->cdr->car, val); if (val) pop(); if (elsepart || val) { pos2 = genjmp_0(s, OP_JMP); dispatch(s, pos1); codegen(s, elsepart, val); dispatch(s, pos2); } else { dispatch(s, pos1); } } else { if (elsepart) { if (nil_p) { pos1 = genjmp2_0(s, OP_JMPNIL, cursp(), val); } else { pos1 = genjmp2_0(s, OP_JMPIF, cursp(), val); } codegen(s, elsepart, val); dispatch(s, pos1); } else if (val && !nil_p) { genop_1(s, OP_LOADNIL, cursp()); push(); } } } break; case NODE_AND: { uint32_t pos; if (true_always(tree->car)) { codegen(s, tree->cdr, val); goto exit; } if (false_always(tree->car)) { codegen(s, tree->car, val); goto exit; } codegen(s, tree->car, VAL); pop(); pos = genjmp2_0(s, OP_JMPNOT, cursp(), val); codegen(s, tree->cdr, val); dispatch(s, pos); } break; case NODE_OR: { uint32_t pos; if (true_always(tree->car)) { codegen(s, tree->car, val); goto exit; } if (false_always(tree->car)) { codegen(s, tree->cdr, val); goto exit; } codegen(s, tree->car, VAL); pop(); pos = genjmp2_0(s, OP_JMPIF, cursp(), val); codegen(s, tree->cdr, val); dispatch(s, pos); } break; case NODE_WHILE: case NODE_UNTIL: { if (true_always(tree->car)) { if (nt == NODE_UNTIL) { if (val) { genop_1(s, OP_LOADNIL, cursp()); push(); } goto exit; } } else if (false_always(tree->car)) { if (nt == NODE_WHILE) { if (val) { genop_1(s, OP_LOADNIL, cursp()); push(); } goto exit; } } uint32_t pos = JMPLINK_START; struct loopinfo *lp = loop_push(s, LOOP_NORMAL); if (!val) lp->reg = -1; lp->pc0 = new_label(s); codegen(s, tree->car, VAL); pop(); if (nt == NODE_WHILE) { pos = genjmp2_0(s, OP_JMPNOT, cursp(), NOVAL); } else { pos = genjmp2_0(s, OP_JMPIF, cursp(), NOVAL); } lp->pc1 = new_label(s); codegen(s, tree->cdr, NOVAL); genjmp(s, OP_JMP, lp->pc0); dispatch(s, pos); loop_pop(s, val); } break; case NODE_FOR: for_body(s, tree); if (val) push(); break; case NODE_CASE: { int head = 0; uint32_t pos1, pos2, pos3, tmp; node *n; pos3 = JMPLINK_START; if (tree->car) { head = cursp(); codegen(s, tree->car, VAL); } tree = tree->cdr; while (tree) { n = tree->car->car; pos1 = pos2 = JMPLINK_START; while (n) { codegen(s, n->car, VAL); if (head) { gen_move(s, cursp(), head, 0); push(); push(); pop(); pop(); pop(); if (nint(n->car->car) == NODE_SPLAT) { genop_3(s, OP_SEND, cursp(), new_sym(s, MRB_SYM_2(s->mrb, __case_eqq)), 1); } else { genop_3(s, OP_SEND, cursp(), new_sym(s, MRB_OPSYM_2(s->mrb, eqq)), 1); } } else { pop(); } tmp = genjmp2(s, OP_JMPIF, cursp(), pos2, NOVAL); pos2 = tmp; n = n->cdr; } if (tree->car->car) { pos1 = genjmp_0(s, OP_JMP); dispatch_linked(s, pos2); } codegen(s, tree->car->cdr, val); if (val) pop(); tmp = genjmp(s, OP_JMP, pos3); pos3 = tmp; dispatch(s, pos1); tree = tree->cdr; } if (val) { uint32_t pos = cursp(); genop_1(s, OP_LOADNIL, cursp()); if (pos3 != JMPLINK_START) dispatch_linked(s, pos3); if (head) pop(); if (cursp() != pos) { gen_move(s, cursp(), pos, 0); } push(); } else { if (pos3 != JMPLINK_START) { dispatch_linked(s, pos3); } if (head) { pop(); } } } break; case NODE_SCOPE: scope_body(s, tree, NOVAL); break; case NODE_FCALL: case NODE_CALL: gen_call(s, tree, val, 0); break; case NODE_SCALL: gen_call(s, tree, val, 1); break; case NODE_DOT2: codegen(s, tree->car, val); codegen(s, tree->cdr, val); if (val) { pop(); pop(); genop_1(s, OP_RANGE_INC, cursp()); push(); } break; case NODE_DOT3: codegen(s, tree->car, val); codegen(s, tree->cdr, val); if (val) { pop(); pop(); genop_1(s, OP_RANGE_EXC, cursp()); push(); } break; case NODE_COLON2: { int sym = new_sym(s, nsym(tree->cdr)); codegen(s, tree->car, VAL); pop(); genop_2(s, OP_GETMCNST, cursp(), sym); if (val) push(); } break; case NODE_COLON3: { int sym = new_sym(s, nsym(tree)); genop_1(s, OP_OCLASS, cursp()); genop_2(s, OP_GETMCNST, cursp(), sym); if (val) push(); } break; case NODE_ARRAY: { int n; n = gen_values(s, tree, val, 0); if (val) { if (n >= 0) { pop_n(n); genop_2(s, OP_ARRAY, cursp(), n); } push(); } } break; case NODE_HASH: case NODE_KW_HASH: { int nk = gen_hash(s, tree, val, GEN_LIT_ARY_MAX); if (val && nk >= 0) { pop_n(nk*2); genop_2(s, OP_HASH, cursp(), nk); push(); } } break; case NODE_SPLAT: codegen(s, tree, val); break; case NODE_ASGN: gen_assignment(s, tree->car, tree->cdr, 0, val); break; case NODE_MASGN: { int len = 0, n = 0, post = 0; node *t = tree->cdr, *p; int rhs = cursp(); if (nint(t->car) == NODE_ARRAY && t->cdr && nosplat(t->cdr)) { t = t->cdr; while (t) { codegen(s, t->car, VAL); len++; t = t->cdr; } tree = tree->car; if (tree->car) { t = tree->car; n = 0; while (t) { if (n < len) { gen_assignment(s, t->car, NULL, rhs+n, NOVAL); n++; } else { genop_1(s, OP_LOADNIL, rhs+n); gen_assignment(s, t->car, NULL, rhs+n, NOVAL); } t = t->cdr; } } t = tree->cdr; if (t) { if (t->cdr) { p = t->cdr->car; while (p) { post++; p = p->cdr; } } if (t->car) { int rn; if (len < post + n) { rn = 0; } else { rn = len - post - n; } genop_3(s, OP_ARRAY2, cursp(), rhs+n, rn); gen_assignment(s, t->car, NULL, cursp(), NOVAL); n += rn; } if (t->cdr && t->cdr->car) { t = t->cdr->car; while (ncar, NULL, rhs+n, NOVAL); t = t->cdr; n++; } } } pop_n(len); if (val) { genop_2(s, OP_ARRAY, rhs, len); push(); } } else { codegen(s, t, VAL); gen_vmassignment(s, tree->car, rhs, val); if (!val) { pop(); } } } break; case NODE_OP_ASGN: { mrb_sym sym = nsym(tree->cdr->car); mrb_int len; const char *name = mrb_sym_name_len(s->mrb, sym, &len); int idx, callargs = -1, vsp = -1; if ((len == 2 && name[0] == '|' && name[1] == '|') && (nint(tree->car->car) == NODE_CONST || nint(tree->car->car) == NODE_CVAR)) { int catch_entry, begin, end; int noexc, exc; struct loopinfo *lp; lp = loop_push(s, LOOP_BEGIN); lp->pc0 = new_label(s); catch_entry = catch_handler_new(s); begin = s->pc; exc = cursp(); codegen(s, tree->car, VAL); end = s->pc; noexc = genjmp_0(s, OP_JMP); lp->type = LOOP_RESCUE; catch_handler_set(s, catch_entry, MRB_CATCH_RESCUE, begin, end, s->pc); genop_1(s, OP_EXCEPT, exc); genop_1(s, OP_LOADF, exc); dispatch(s, noexc); loop_pop(s, NOVAL); } else if (nint(tree->car->car) == NODE_CALL) { node *n = tree->car->cdr; int base, i, nargs = 0; callargs = 0; if (val) { vsp = cursp(); push(); } codegen(s, n->car, VAL); idx = new_sym(s, nsym(n->cdr->car)); base = cursp()-1; if (n->cdr->cdr->car) { nargs = gen_values(s, n->cdr->cdr->car->car, VAL, 13); if (nargs >= 0) { callargs = nargs; } else { push(); nargs = 1; callargs = CALL_MAXARGS; } } gen_move(s, cursp(), base, 1); for (i=0; icar, VAL); } if (len == 2 && ((name[0] == '|' && name[1] == '|') || (name[0] == '&' && name[1] == '&'))) { uint32_t pos; pop(); if (val) { if (vsp >= 0) { gen_move(s, vsp, cursp(), 1); } pos = genjmp2_0(s, name[0]=='|'?OP_JMPIF:OP_JMPNOT, cursp(), val); } else { pos = genjmp2_0(s, name[0]=='|'?OP_JMPIF:OP_JMPNOT, cursp(), val); } codegen(s, tree->cdr->cdr->car, VAL); pop(); if (val && vsp >= 0) { gen_move(s, vsp, cursp(), 1); } if (nint(tree->car->car) == NODE_CALL) { if (callargs == CALL_MAXARGS) { pop(); genop_2(s, OP_ARYPUSH, cursp(), 1); } else { pop_n(callargs); callargs++; } pop(); idx = new_sym(s, attrsym(s, nsym(tree->car->cdr->cdr->car))); genop_3(s, OP_SEND, cursp(), idx, callargs); } else { gen_assignment(s, tree->car, NULL, cursp(), val); } dispatch(s, pos); goto exit; } codegen(s, tree->cdr->cdr->car, VAL); push(); pop(); pop(); pop(); if (len == 1 && name[0] == '+') { gen_addsub(s, OP_ADD, cursp()); } else if (len == 1 && name[0] == '-') { gen_addsub(s, OP_SUB, cursp()); } else if (len == 1 && name[0] == '*') { genop_1(s, OP_MUL, cursp()); } else if (len == 1 && name[0] == '/') { genop_1(s, OP_DIV, cursp()); } else if (len == 1 && name[0] == '<') { genop_1(s, OP_LT, cursp()); } else if (len == 2 && name[0] == '<' && name[1] == '=') { genop_1(s, OP_LE, cursp()); } else if (len == 1 && name[0] == '>') { genop_1(s, OP_GT, cursp()); } else if (len == 2 && name[0] == '>' && name[1] == '=') { genop_1(s, OP_GE, cursp()); } else { idx = new_sym(s, sym); genop_3(s, OP_SEND, cursp(), idx, 1); } if (callargs < 0) { gen_assignment(s, tree->car, NULL, cursp(), val); } else { if (val && vsp >= 0) { gen_move(s, vsp, cursp(), 0); } if (callargs == CALL_MAXARGS) { pop(); genop_2(s, OP_ARYPUSH, cursp(), 1); } else { pop_n(callargs); callargs++; } pop(); idx = new_sym(s, attrsym(s,nsym(tree->car->cdr->cdr->car))); genop_3(s, OP_SEND, cursp(), idx, callargs); } } break; case NODE_SUPER: { codegen_scope *s2 = s; int lv = 0; int n = 0, nk = 0, st = 0; push(); while (!s2->mscope) { lv++; s2 = s2->prev; if (!s2) break; } if (tree) { node *args = tree->car; if (args) { st = n = gen_values(s, args, VAL, 14); if (n < 0) { st = 1; n = 15; push(); } } if (s2 && (s2->ainfo & 0x1) && tree->cdr->car) { nk = gen_hash(s, tree->cdr->car->cdr, VAL, 14); if (nk < 0) {st++; nk = 15;} else st += nk*2; n |= nk<<4; } if (tree->cdr->cdr) { codegen(s, tree->cdr->cdr, VAL); } else if (!s2) { push(); } else { gen_blkmove(s, s2->ainfo, lv); } st++; } else { if (!s2) push(); else gen_blkmove(s, s2->ainfo, lv); st++; } pop_n(st+1); genop_2(s, OP_SUPER, cursp(), n); if (val) push(); } break; case NODE_ZSUPER: { codegen_scope *s2 = s; int lv = 0; uint16_t ainfo = 0; int n = CALL_MAXARGS; int sp = cursp(); push(); while (!s2->mscope) { lv++; s2 = s2->prev; if (!s2) break; } if (s2 && s2->ainfo > 0) { ainfo = s2->ainfo; } if (ainfo > 0) { genop_2S(s, OP_ARGARY, cursp(), (ainfo<<4)|(lv & 0xf)); push(); push(); push(); pop(); pop(); pop(); if (ainfo & 0x1) { n |= CALL_MAXARGS<<4; push(); } if (tree && tree->cdr && tree->cdr->cdr) { push(); codegen(s, tree->cdr->cdr, VAL); } } else { if (tree && tree->cdr && tree->cdr->cdr) { codegen(s, tree->cdr->cdr, VAL); } else { gen_blkmove(s, 0, lv); } n = 0; } s->sp = sp; genop_2(s, OP_SUPER, cursp(), n); if (val) push(); } break; case NODE_RETURN: if (tree) { gen_retval(s, tree); } else { genop_1(s, OP_LOADNIL, cursp()); } if (s->loop) { gen_return(s, OP_RETURN_BLK, cursp()); } else { gen_return(s, OP_RETURN, cursp()); } if (val) push(); break; case NODE_YIELD: { codegen_scope *s2 = s; int lv = 0, ainfo = -1; int n = 0, sendv = 0; while (!s2->mscope) { lv++; s2 = s2->prev; if (!s2) break; } if (s2) { ainfo = (int)s2->ainfo; } if (ainfo < 0) codegen_error(s, ""invalid yield (SyntaxError)""); push(); if (tree) { n = gen_values(s, tree, VAL, 14); if (n < 0) { n = sendv = 1; push(); } } push();pop(); pop_n(n+1); genop_2S(s, OP_BLKPUSH, cursp(), (ainfo<<4)|(lv & 0xf)); if (sendv) n = CALL_MAXARGS; genop_3(s, OP_SEND, cursp(), new_sym(s, MRB_SYM_2(s->mrb, call)), n); if (val) push(); } break; case NODE_BREAK: loop_break(s, tree); if (val) push(); break; case NODE_NEXT: if (!s->loop) { raise_error(s, ""unexpected next""); } else if (s->loop->type == LOOP_NORMAL) { codegen(s, tree, NOVAL); genjmp(s, OP_JMPUW, s->loop->pc0); } else { if (tree) { codegen(s, tree, VAL); pop(); } else { genop_1(s, OP_LOADNIL, cursp()); } gen_return(s, OP_RETURN, cursp()); } if (val) push(); break; case NODE_REDO: if (!s->loop || s->loop->type == LOOP_BEGIN || s->loop->type == LOOP_RESCUE) { raise_error(s, ""unexpected redo""); } else { genjmp(s, OP_JMPUW, s->loop->pc1); } if (val) push(); break; case NODE_RETRY: { const char *msg = ""unexpected retry""; const struct loopinfo *lp = s->loop; while (lp && lp->type != LOOP_RESCUE) { lp = lp->prev; } if (!lp) { raise_error(s, msg); } else { genjmp(s, OP_JMPUW, lp->pc0); } if (val) push(); } break; case NODE_LVAR: if (val) { int idx = lv_idx(s, nsym(tree)); if (idx > 0) { gen_move(s, cursp(), idx, val); } else { gen_getupvar(s, cursp(), nsym(tree)); } push(); } break; case NODE_NVAR: if (val) { int idx = nint(tree); gen_move(s, cursp(), idx, val); push(); } break; case NODE_GVAR: { int sym = new_sym(s, nsym(tree)); genop_2(s, OP_GETGV, cursp(), sym); if (val) push(); } break; case NODE_IVAR: { int sym = new_sym(s, nsym(tree)); genop_2(s, OP_GETIV, cursp(), sym); if (val) push(); } break; case NODE_CVAR: { int sym = new_sym(s, nsym(tree)); genop_2(s, OP_GETCV, cursp(), sym); if (val) push(); } break; case NODE_CONST: { int sym = new_sym(s, nsym(tree)); genop_2(s, OP_GETCONST, cursp(), sym); if (val) push(); } break; case NODE_BACK_REF: if (val) { char buf[] = {'$', nchar(tree)}; int sym = new_sym(s, mrb_intern(s->mrb, buf, sizeof(buf))); genop_2(s, OP_GETGV, cursp(), sym); push(); } break; case NODE_NTH_REF: if (val) { mrb_state *mrb = s->mrb; mrb_value str; int sym; str = mrb_format(mrb, ""$%d"", nint(tree)); sym = new_sym(s, mrb_intern_str(mrb, str)); genop_2(s, OP_GETGV, cursp(), sym); push(); } break; case NODE_ARG: break; case NODE_BLOCK_ARG: if (!tree) { int idx = lv_idx(s, MRB_OPSYM_2(s->mrb, and)); if (idx == 0) { codegen_error(s, ""no anonymous block argument""); } gen_move(s, cursp(), idx, val); } else { codegen(s, tree, val); } break; case NODE_INT: if (val) { char *p = (char*)tree->car; int base = nint(tree->cdr->car); mrb_int i; mrb_bool overflow; i = readint(s, p, base, FALSE, &overflow); if (overflow) { int off = new_litbn(s, p, base, FALSE); genop_2(s, OP_LOADL, cursp(), off); } else { gen_int(s, cursp(), i); } push(); } break; #ifndef MRB_NO_FLOAT case NODE_FLOAT: if (val) { char *p = (char*)tree; mrb_float f = mrb_float_read(p, NULL); int off = new_lit(s, mrb_float_value(s->mrb, f)); genop_2(s, OP_LOADL, cursp(), off); push(); } break; #endif case NODE_NEGATE: { nt = nint(tree->car); switch (nt) { #ifndef MRB_NO_FLOAT case NODE_FLOAT: if (val) { char *p = (char*)tree->cdr; mrb_float f = mrb_float_read(p, NULL); int off = new_lit(s, mrb_float_value(s->mrb, -f)); genop_2(s, OP_LOADL, cursp(), off); push(); } break; #endif case NODE_INT: if (val) { char *p = (char*)tree->cdr->car; int base = nint(tree->cdr->cdr->car); mrb_int i; mrb_bool overflow; i = readint(s, p, base, TRUE, &overflow); if (overflow) { int off = new_litbn(s, p, base, TRUE); genop_2(s, OP_LOADL, cursp(), off); } else { gen_int(s, cursp(), i); } push(); } break; default: if (val) { codegen(s, tree, VAL); pop(); push_n(2);pop_n(2); mrb_sym minus = MRB_OPSYM_2(s->mrb, minus); if (!gen_uniop(s, minus, cursp())) { genop_3(s, OP_SEND, cursp(), new_sym(s, minus), 0); } push(); } else { codegen(s, tree, NOVAL); } break; } } break; case NODE_STR: if (val) { char *p = (char*)tree->car; size_t len = (intptr_t)tree->cdr; int ai = mrb_gc_arena_save(s->mrb); int off = new_lit(s, mrb_str_new(s->mrb, p, len)); mrb_gc_arena_restore(s->mrb, ai); genop_2(s, OP_STRING, cursp(), off); push(); } break; case NODE_HEREDOC: tree = ((struct mrb_parser_heredoc_info *)tree)->doc; case NODE_DSTR: if (val) { node *n = tree; if (!n) { genop_1(s, OP_LOADNIL, cursp()); push(); break; } codegen(s, n->car, VAL); n = n->cdr; while (n) { codegen(s, n->car, VAL); pop(); pop(); genop_1(s, OP_STRCAT, cursp()); push(); n = n->cdr; } } else { node *n = tree; while (n) { if (nint(n->car->car) != NODE_STR) { codegen(s, n->car, NOVAL); } n = n->cdr; } } break; case NODE_WORDS: gen_literal_array(s, tree, FALSE, val); break; case NODE_SYMBOLS: gen_literal_array(s, tree, TRUE, val); break; case NODE_DXSTR: { node *n; int ai = mrb_gc_arena_save(s->mrb); int sym = new_sym(s, MRB_SYM_2(s->mrb, Kernel)); genop_1(s, OP_LOADSELF, cursp()); push(); codegen(s, tree->car, VAL); n = tree->cdr; while (n) { if (nint(n->car->car) == NODE_XSTR) { n->car->car = (struct mrb_ast_node*)(intptr_t)NODE_STR; mrb_assert(!n->cdr); } codegen(s, n->car, VAL); pop(); pop(); genop_1(s, OP_STRCAT, cursp()); push(); n = n->cdr; } push(); pop_n(3); sym = new_sym(s, MRB_OPSYM_2(s->mrb, tick)); genop_3(s, OP_SEND, cursp(), sym, 1); if (val) push(); mrb_gc_arena_restore(s->mrb, ai); } break; case NODE_XSTR: { char *p = (char*)tree->car; size_t len = (intptr_t)tree->cdr; int ai = mrb_gc_arena_save(s->mrb); int off = new_lit(s, mrb_str_new(s->mrb, p, len)); int sym; genop_1(s, OP_LOADSELF, cursp()); push(); genop_2(s, OP_STRING, cursp(), off); push(); push(); pop_n(3); sym = new_sym(s, MRB_OPSYM_2(s->mrb, tick)); genop_3(s, OP_SEND, cursp(), sym, 1); if (val) push(); mrb_gc_arena_restore(s->mrb, ai); } break; case NODE_REGX: if (val) { char *p1 = (char*)tree->car; char *p2 = (char*)tree->cdr->car; char *p3 = (char*)tree->cdr->cdr; int ai = mrb_gc_arena_save(s->mrb); int sym = new_sym(s, mrb_intern_lit(s->mrb, REGEXP_CLASS)); int off = new_lit(s, mrb_str_new_cstr(s->mrb, p1)); int argc = 1; genop_1(s, OP_OCLASS, cursp()); genop_2(s, OP_GETMCNST, cursp(), sym); push(); genop_2(s, OP_STRING, cursp(), off); push(); if (p2 || p3) { if (p2) { off = new_lit(s, mrb_str_new_cstr(s->mrb, p2)); genop_2(s, OP_STRING, cursp(), off); } else { genop_1(s, OP_LOADNIL, cursp()); } push(); argc++; if (p3) { off = new_lit(s, mrb_str_new(s->mrb, p3, 1)); genop_2(s, OP_STRING, cursp(), off); push(); argc++; } } push(); pop_n(argc+2); sym = new_sym(s, MRB_SYM_2(s->mrb, compile)); genop_3(s, OP_SEND, cursp(), sym, argc); mrb_gc_arena_restore(s->mrb, ai); push(); } break; case NODE_DREGX: if (val) { node *n = tree->car; int ai = mrb_gc_arena_save(s->mrb); int sym = new_sym(s, mrb_intern_lit(s->mrb, REGEXP_CLASS)); int argc = 1; int off; char *p; genop_1(s, OP_OCLASS, cursp()); genop_2(s, OP_GETMCNST, cursp(), sym); push(); codegen(s, n->car, VAL); n = n->cdr; while (n) { codegen(s, n->car, VAL); pop(); pop(); genop_1(s, OP_STRCAT, cursp()); push(); n = n->cdr; } n = tree->cdr->cdr; if (n->car) { p = (char*)n->car; off = new_lit(s, mrb_str_new_cstr(s->mrb, p)); codegen(s, tree->car, VAL); genop_2(s, OP_STRING, cursp(), off); pop(); genop_1(s, OP_STRCAT, cursp()); push(); } if (n->cdr->car) { char *p2 = (char*)n->cdr->car; off = new_lit(s, mrb_str_new_cstr(s->mrb, p2)); genop_2(s, OP_STRING, cursp(), off); push(); argc++; } if (n->cdr->cdr) { char *p2 = (char*)n->cdr->cdr; off = new_lit(s, mrb_str_new_cstr(s->mrb, p2)); genop_2(s, OP_STRING, cursp(), off); push(); argc++; } push(); pop_n(argc+2); sym = new_sym(s, MRB_SYM_2(s->mrb, compile)); genop_3(s, OP_SEND, cursp(), sym, argc); mrb_gc_arena_restore(s->mrb, ai); push(); } else { node *n = tree->car; while (n) { if (nint(n->car->car) != NODE_STR) { codegen(s, n->car, NOVAL); } n = n->cdr; } } break; case NODE_SYM: if (val) { int sym = new_sym(s, nsym(tree)); genop_2(s, OP_LOADSYM, cursp(), sym); push(); } break; case NODE_DSYM: codegen(s, tree, val); if (val) { gen_intern(s); } break; case NODE_SELF: if (val) { genop_1(s, OP_LOADSELF, cursp()); push(); } break; case NODE_NIL: if (val) { genop_1(s, OP_LOADNIL, cursp()); push(); } break; case NODE_TRUE: if (val) { genop_1(s, OP_LOADT, cursp()); push(); } break; case NODE_FALSE: if (val) { genop_1(s, OP_LOADF, cursp()); push(); } break; case NODE_ALIAS: { int a = new_sym(s, nsym(tree->car)); int b = new_sym(s, nsym(tree->cdr)); genop_2(s, OP_ALIAS, a, b); if (val) { genop_1(s, OP_LOADNIL, cursp()); push(); } } break; case NODE_UNDEF: { node *t = tree; while (t) { int symbol = new_sym(s, nsym(t->car)); genop_1(s, OP_UNDEF, symbol); t = t->cdr; } if (val) { genop_1(s, OP_LOADNIL, cursp()); push(); } } break; case NODE_CLASS: { int idx; node *body; if (tree->car->car == (node*)0) { genop_1(s, OP_LOADNIL, cursp()); push(); } else if (tree->car->car == (node*)1) { genop_1(s, OP_OCLASS, cursp()); push(); } else { codegen(s, tree->car->car, VAL); } if (tree->cdr->car) { codegen(s, tree->cdr->car, VAL); } else { genop_1(s, OP_LOADNIL, cursp()); push(); } pop(); pop(); idx = new_sym(s, nsym(tree->car->cdr)); genop_2(s, OP_CLASS, cursp(), idx); body = tree->cdr->cdr->car; if (nint(body->cdr->car) == NODE_BEGIN && body->cdr->cdr == NULL) { genop_1(s, OP_LOADNIL, cursp()); } else { idx = scope_body(s, body, val); genop_2(s, OP_EXEC, cursp(), idx); } if (val) { push(); } } break; case NODE_MODULE: { int idx; if (tree->car->car == (node*)0) { genop_1(s, OP_LOADNIL, cursp()); push(); } else if (tree->car->car == (node*)1) { genop_1(s, OP_OCLASS, cursp()); push(); } else { codegen(s, tree->car->car, VAL); } pop(); idx = new_sym(s, nsym(tree->car->cdr)); genop_2(s, OP_MODULE, cursp(), idx); if (nint(tree->cdr->car->cdr->car) == NODE_BEGIN && tree->cdr->car->cdr->cdr == NULL) { genop_1(s, OP_LOADNIL, cursp()); } else { idx = scope_body(s, tree->cdr->car, val); genop_2(s, OP_EXEC, cursp(), idx); } if (val) { push(); } } break; case NODE_SCLASS: { int idx; codegen(s, tree->car, VAL); pop(); genop_1(s, OP_SCLASS, cursp()); if (nint(tree->cdr->car->cdr->car) == NODE_BEGIN && tree->cdr->car->cdr->cdr == NULL) { genop_1(s, OP_LOADNIL, cursp()); } else { idx = scope_body(s, tree->cdr->car, val); genop_2(s, OP_EXEC, cursp(), idx); } if (val) { push(); } } break; case NODE_DEF: { int sym = new_sym(s, nsym(tree->car)); int idx = lambda_body(s, tree->cdr, 0); genop_1(s, OP_TCLASS, cursp()); push(); genop_2(s, OP_METHOD, cursp(), idx); push(); pop(); pop(); genop_2(s, OP_DEF, cursp(), sym); if (val) push(); } break; case NODE_SDEF: { node *recv = tree->car; int sym = new_sym(s, nsym(tree->cdr->car)); int idx = lambda_body(s, tree->cdr->cdr, 0); codegen(s, recv, VAL); pop(); genop_1(s, OP_SCLASS, cursp()); push(); genop_2(s, OP_METHOD, cursp(), idx); pop(); genop_2(s, OP_DEF, cursp(), sym); if (val) push(); } break; case NODE_POSTEXE: codegen(s, tree, NOVAL); break; default: break; } exit: s->rlev = rlev; }",visit repo url,mrbgems/mruby-compiler/core/codegen.c,https://github.com/mruby/mruby,178233608090549,1 2792,CWE-787,"static void nsc_rle_decode(BYTE* in, BYTE* out, UINT32 originalSize) { UINT32 len; UINT32 left; BYTE value; left = originalSize; while (left > 4) { value = *in++; if (left == 5) { *out++ = value; left--; } else if (value == *in) { in++; if (*in < 0xFF) { len = (UINT32) * in++; len += 2; } else { in++; len = *((UINT32*) in); in += 4; } FillMemory(out, len, value); out += len; left -= len; } else { *out++ = value; left--; } } *((UINT32*)out) = *((UINT32*)in); }",visit repo url,libfreerdp/codec/nsc.c,https://github.com/FreeRDP/FreeRDP,164996034000836,1 4088,CWE-119,"find_file (const char *currpath, grub_fshelp_node_t currroot, grub_fshelp_node_t *currfound, struct grub_fshelp_find_file_closure *c) { #ifndef _MSC_VER char fpath[grub_strlen (currpath) + 1]; #else char *fpath = grub_malloc (grub_strlen (currpath) + 1); #endif char *name = fpath; char *next; enum grub_fshelp_filetype type = GRUB_FSHELP_DIR; grub_fshelp_node_t currnode = currroot; grub_fshelp_node_t oldnode = currroot; c->currroot = currroot; grub_strncpy (fpath, currpath, grub_strlen (currpath) + 1); while (*name == '/') name++; if (! *name) { *currfound = currnode; return 0; } for (;;) { int found; struct find_file_closure cc; next = grub_strchr (name, '/'); if (next) { while (*next == '/') *(next++) = '\0'; } if (type != GRUB_FSHELP_DIR) { free_node (currnode, c); return grub_error (GRUB_ERR_BAD_FILE_TYPE, ""not a directory""); } cc.name = name; cc.type = &type; cc.oldnode = &oldnode; cc.currnode = &currnode; found = c->iterate_dir (currnode, iterate, &cc); if (! found) { if (grub_errno) return grub_errno; break; } if (type == GRUB_FSHELP_SYMLINK) { char *symlink; if (++(c->symlinknest) == 8) { free_node (currnode, c); free_node (oldnode, c); return grub_error (GRUB_ERR_SYMLINK_LOOP, ""too deep nesting of symlinks""); } symlink = c->read_symlink (currnode); free_node (currnode, c); if (!symlink) { free_node (oldnode, c); return grub_errno; } if (symlink[0] == '/') { free_node (oldnode, c); oldnode = c->rootnode; } find_file (symlink, oldnode, &currnode, c); type = c->foundtype; grub_free (symlink); if (grub_errno) { free_node (oldnode, c); return grub_errno; } } free_node (oldnode, c); if (! next || *next == '\0') { *currfound = currnode; c->foundtype = type; return 0; } name = next; } return grub_error (GRUB_ERR_FILE_NOT_FOUND, ""file not found""); }",visit repo url,shlr/grub/fs/fshelp.c,https://github.com/radare/radare2,70294074143094,1 558,[],"static int bad_inode_unlink(struct inode *dir, struct dentry *dentry) { return -EIO; }",linux-2.6,,,93658865848120931882553634317900302638,0 4414,CWE-476,"mrb_proc_s_new(mrb_state *mrb, mrb_value proc_class) { mrb_value blk; mrb_value proc; struct RProc *p; mrb_get_args(mrb, ""&!"", &blk); p = MRB_OBJ_ALLOC(mrb, MRB_TT_PROC, mrb_class_ptr(proc_class)); mrb_proc_copy(p, mrb_proc_ptr(blk)); proc = mrb_obj_value(p); mrb_funcall_with_block(mrb, proc, MRB_SYM(initialize), 0, NULL, proc); if (!MRB_PROC_STRICT_P(p) && mrb->c->ci > mrb->c->cibase && MRB_PROC_ENV(p) == mrb->c->ci[-1].u.env) { p->flags |= MRB_PROC_ORPHAN; } return proc; }",visit repo url,src/proc.c,https://github.com/mruby/mruby,98302551648043,1 551,[],"static ssize_t bad_file_splice_write(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags) { return -EIO; }",linux-2.6,,,177859416447988856150239279807719400458,0 2753,CWE-119,"ZEND_API void zend_objects_store_del_ref_by_handle_ex(zend_object_handle handle, const zend_object_handlers *handlers TSRMLS_DC) { struct _store_object *obj; int failure = 0; if (!EG(objects_store).object_buckets) { return; } obj = &EG(objects_store).object_buckets[handle].bucket.obj; if (EG(objects_store).object_buckets[handle].valid) { if (obj->refcount == 1) { if (!EG(objects_store).object_buckets[handle].destructor_called) { EG(objects_store).object_buckets[handle].destructor_called = 1; if (obj->dtor) { if (handlers && !obj->handlers) { obj->handlers = handlers; } zend_try { obj->dtor(obj->object, handle TSRMLS_CC); } zend_catch { failure = 1; } zend_end_try(); } } obj = &EG(objects_store).object_buckets[handle].bucket.obj; if (obj->refcount == 1) { GC_REMOVE_ZOBJ_FROM_BUFFER(obj); if (obj->free_storage) { zend_try { obj->free_storage(obj->object TSRMLS_CC); } zend_catch { failure = 1; } zend_end_try(); } ZEND_OBJECTS_STORE_ADD_TO_FREE_LIST(); } } } obj->refcount--; #if ZEND_DEBUG_OBJECTS if (obj->refcount == 0) { fprintf(stderr, ""Deallocated object id #%d\n"", handle); } else { fprintf(stderr, ""Decreased refcount of object id #%d\n"", handle); } #endif if (failure) { zend_bailout(); } }",visit repo url,Zend/zend_objects_API.c,https://github.com/php/php-src,78704054846167,1 3761,[],"static int unix_seq_open(struct inode *inode, struct file *file) { return seq_open_net(inode, file, &unix_seq_ops, sizeof(struct unix_iter_state)); }",linux-2.6,,,49947221565595242171850389018250330479,0 473,[],"pfm_fasync(int fd, struct file *filp, int on) { pfm_context_t *ctx; int ret; if (PFM_IS_FILE(filp) == 0) { printk(KERN_ERR ""perfmon: pfm_fasync bad magic [%d]\n"", current->pid); return -EBADF; } ctx = (pfm_context_t *)filp->private_data; if (ctx == NULL) { printk(KERN_ERR ""perfmon: pfm_fasync NULL ctx [%d]\n"", current->pid); return -EBADF; } ret = pfm_do_fasync(fd, filp, ctx, on); DPRINT((""pfm_fasync called on ctx_fd=%d on=%d async_queue=%p ret=%d\n"", fd, on, ctx->ctx_async_queue, ret)); return ret; }",linux-2.6,,,299277485883408308559261044583865401112,0 1965,CWE-401,"static int af9005_identify_state(struct usb_device *udev, struct dvb_usb_device_properties *props, struct dvb_usb_device_description **desc, int *cold) { int ret; u8 reply, *buf; buf = kmalloc(FW_BULKOUT_SIZE + 2, GFP_KERNEL); if (!buf) return -ENOMEM; ret = af9005_boot_packet(udev, FW_CONFIG, &reply, buf, FW_BULKOUT_SIZE + 2); if (ret) goto err; deb_info(""result of FW_CONFIG in identify state %d\n"", reply); if (reply == 0x01) *cold = 1; else if (reply == 0x02) *cold = 0; else return -EIO; deb_info(""Identify state cold = %d\n"", *cold); err: kfree(buf); return ret; }",visit repo url,drivers/media/usb/dvb-usb/af9005.c,https://github.com/torvalds/linux,110761255530703,1 2825,[],"dio_bio_alloc(struct dio *dio, struct block_device *bdev, sector_t first_sector, int nr_vecs) { struct bio *bio; bio = bio_alloc(GFP_KERNEL, nr_vecs); if (bio == NULL) return -ENOMEM; bio->bi_bdev = bdev; bio->bi_sector = first_sector; if (dio->is_async) bio->bi_end_io = dio_bio_end_aio; else bio->bi_end_io = dio_bio_end_io; dio->bio = bio; return 0; }",linux-2.6,,,140929960889889313481627061897173570182,0 3821,['CWE-120'],"static int uvc_resume(struct usb_interface *intf) { struct uvc_device *dev = usb_get_intfdata(intf); int ret; uvc_trace(UVC_TRACE_SUSPEND, ""Resuming interface %u\n"", intf->cur_altsetting->desc.bInterfaceNumber); if (intf->cur_altsetting->desc.bInterfaceSubClass == SC_VIDEOCONTROL) { if ((ret = uvc_ctrl_resume_device(dev)) < 0) return ret; return uvc_status_resume(dev); } if (dev->video.streaming->intf != intf) { uvc_trace(UVC_TRACE_SUSPEND, ""Resume: video streaming USB "" ""interface mismatch.\n""); return -EINVAL; } return uvc_video_resume(&dev->video); }",linux-2.6,,,10914569596488275737824409276208577205,0 3840,CWE-787,"nv_gotofile(cmdarg_T *cap) { char_u *ptr; linenr_T lnum = -1; if (text_locked()) { clearopbeep(cap->oap); text_locked_msg(); return; } if (curbuf_locked()) { clearop(cap->oap); return; } #ifdef FEAT_PROP_POPUP if (ERROR_IF_TERM_POPUP_WINDOW) return; #endif ptr = grab_file_name(cap->count1, &lnum); if (ptr != NULL) { if (curbufIsChanged() && curbuf->b_nwindows <= 1 && !buf_hide(curbuf)) (void)autowrite(curbuf, FALSE); setpcmark(); if (do_ecmd(0, ptr, NULL, NULL, ECMD_LAST, buf_hide(curbuf) ? ECMD_HIDE : 0, curwin) == OK && cap->nchar == 'F' && lnum >= 0) { curwin->w_cursor.lnum = lnum; check_cursor_lnum(); beginline(BL_SOL | BL_FIX); } vim_free(ptr); } else clearop(cap->oap); }",visit repo url,src/normal.c,https://github.com/vim/vim,28669877070900,1 5180,['CWE-20'],"static int handle_interrupt_window(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { u32 cpu_based_vm_exec_control; cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL); cpu_based_vm_exec_control &= ~CPU_BASED_VIRTUAL_INTR_PENDING; vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control); KVMTRACE_0D(PEND_INTR, vcpu, handler); ++vcpu->stat.irq_window_exits; if (kvm_run->request_interrupt_window && !vcpu->arch.irq_summary) { kvm_run->exit_reason = KVM_EXIT_IRQ_WINDOW_OPEN; return 0; } return 1; }",linux-2.6,,,260306891978560818237631796848253880346,0 5247,['CWE-264'],"static struct pai_val *load_inherited_info(const struct connection_struct *conn, const char *fname) { char *pai_buf; size_t pai_buf_size = 1024; struct pai_val *paiv = NULL; ssize_t ret; if (!lp_map_acl_inherit(SNUM(conn))) { return NULL; } if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) { return NULL; } do { ret = SMB_VFS_GETXATTR(conn, fname, SAMBA_POSIX_INHERITANCE_EA_NAME, pai_buf, pai_buf_size); if (ret == -1) { if (errno != ERANGE) { break; } pai_buf_size *= 2; SAFE_FREE(pai_buf); if (pai_buf_size > 1024*1024) { return NULL; } if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) return NULL; } } while (ret == -1); DEBUG(10,(""load_inherited_info: ret = %lu for file %s\n"", (unsigned long)ret, fname)); if (ret == -1) { #if defined(ENOATTR) if (errno != ENOATTR) DEBUG(10,(""load_inherited_info: Error %s\n"", strerror(errno) )); #else if (errno != ENOSYS) DEBUG(10,(""load_inherited_info: Error %s\n"", strerror(errno) )); #endif SAFE_FREE(pai_buf); return NULL; } paiv = create_pai_val(pai_buf, ret); if (paiv && paiv->pai_protected) { DEBUG(10,(""load_inherited_info: ACL is protected for file %s\n"", fname)); } SAFE_FREE(pai_buf); return paiv; }",samba,,,120678900307623540563758743094339195932,0 2553,CWE-399,"cib_send_plaintext(int sock, xmlNode * msg) { char *xml_text = dump_xml_unformatted(msg); if (xml_text != NULL) { int rc = 0; char *unsent = xml_text; int len = strlen(xml_text); len++; crm_trace(""Message on socket %d: size=%d"", sock, len); retry: rc = write(sock, unsent, len); if (rc < 0) { switch (errno) { case EINTR: case EAGAIN: crm_trace(""Retry""); goto retry; default: crm_perror(LOG_ERR, ""Could only write %d of the remaining %d bytes"", rc, len); break; } } else if (rc < len) { crm_trace(""Only sent %d of %d remaining bytes"", rc, len); len -= rc; unsent += rc; goto retry; } else { crm_trace(""Sent %d bytes: %.100s"", rc, xml_text); } } free(xml_text); return NULL; }",visit repo url,lib/common/remote.c,https://github.com/ClusterLabs/pacemaker,208836346259328,1 3209,CWE-125,"l2tp_framing_cap_print(netdissect_options *ndo, const u_char *dat) { const uint32_t *ptr = (const uint32_t *)dat; if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_CAP_ASYNC_MASK) { ND_PRINT((ndo, ""A"")); } if (EXTRACT_32BITS(ptr) & L2TP_FRAMING_CAP_SYNC_MASK) { ND_PRINT((ndo, ""S"")); } }",visit repo url,print-l2tp.c,https://github.com/the-tcpdump-group/tcpdump,144528445031339,1 2669,CWE-190,"SPL_METHOD(FilesystemIterator, getFlags) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } RETURN_LONG(intern->flags & (SPL_FILE_DIR_KEY_MODE_MASK | SPL_FILE_DIR_CURRENT_MODE_MASK | SPL_FILE_DIR_OTHERS_MASK)); } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,135927793140195,1 2541,['CWE-119'],"static void emit_binary_diff_body(FILE *file, mmfile_t *one, mmfile_t *two) { void *cp; void *delta; void *deflated; void *data; unsigned long orig_size; unsigned long delta_size; unsigned long deflate_size; unsigned long data_size; delta = NULL; deflated = deflate_it(two->ptr, two->size, &deflate_size); if (one->size && two->size) { delta = diff_delta(one->ptr, one->size, two->ptr, two->size, &delta_size, deflate_size); if (delta) { void *to_free = delta; orig_size = delta_size; delta = deflate_it(delta, delta_size, &delta_size); free(to_free); } } if (delta && delta_size < deflate_size) { fprintf(file, ""delta %lu\n"", orig_size); free(deflated); data = delta; data_size = delta_size; } else { fprintf(file, ""literal %lu\n"", two->size); free(delta); data = deflated; data_size = deflate_size; } cp = data; while (data_size) { int bytes = (52 < data_size) ? 52 : data_size; char line[70]; data_size -= bytes; if (bytes <= 26) line[0] = bytes + 'A' - 1; else line[0] = bytes - 26 + 'a' - 1; encode_85(line + 1, cp, bytes); cp = (char *) cp + bytes; fputs(line, file); fputc('\n', file); } fprintf(file, ""\n""); free(data); }",git,,,281601940567296945441284413902365780987,0 3881,['CWE-119'],"static void lbs_unset_basic_rate_flags(u8 *rates, size_t len) { int i; for (i = 0; i < len; i++) rates[i] &= 0x7f; }",linux-2.6,,,241359732134403169780449810761437326318,0 409,[],"pfm_get_pmc_reset(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { pfarg_reg_t *req = (pfarg_reg_t *)arg; unsigned int cnum; int i; int ret = -EINVAL; for (i = 0; i < count; i++, req++) { cnum = req->reg_num; if (!PMC_IS_IMPL(cnum)) goto abort_mission; req->reg_value = PMC_DFL_VAL(cnum); PFM_REG_RETFLAG_SET(req->reg_flags, 0); DPRINT((""pmc_reset_val pmc[%u]=0x%lx\n"", cnum, req->reg_value)); } return 0; abort_mission: PFM_REG_RETFLAG_SET(req->reg_flags, PFM_REG_RETFL_EINVAL); return ret; }",linux-2.6,,,255223366532838330949564253610393923094,0 1769,[],"calc_delta_asym(unsigned long delta, struct sched_entity *se) { struct load_weight lw = { .weight = NICE_0_LOAD, .inv_weight = 1UL << (WMULT_SHIFT-NICE_0_SHIFT) }; for_each_sched_entity(se) { struct load_weight *se_lw = &se->load; if (se->load.weight < NICE_0_LOAD) se_lw = &lw; delta = calc_delta_mine(delta, cfs_rq_of(se)->load.weight, se_lw); } return delta; }",linux-2.6,,,10618449628142715526857526446927589912,0 4085,CWE-119,"static int cmd_mount(void *data, const char *_input) { ut64 off = 0; char *input, *oinput, *ptr, *ptr2; RList *list; RListIter *iter; RFSFile *file; RFSRoot *root; RFSPlugin *plug; RFSPartition *part; RCore *core = (RCore *)data; if (!strncmp (""kdir"", _input, 4)) { return cmd_mkdir (data, _input); } if (!strncmp (""v"", _input, 1)) { return cmd_mv (data, _input); } input = oinput = strdup (_input); switch (*input) { case ' ': input++; if (input[0]==' ') input++; ptr = strchr (input, ' '); if (ptr) { *ptr = 0; ptr++; ptr2 = strchr (ptr, ' '); if (ptr2) { *ptr2 = 0; off = r_num_math (core->num, ptr2+1); } if (!r_fs_mount (core->fs, ptr, input, off)) eprintf (""Cannot mount %s\n"", input); } else { if (!(ptr = r_fs_name (core->fs, core->offset))) eprintf (""Unknown filesystem type\n""); else if (!r_fs_mount (core->fs, ptr, input, core->offset)) eprintf (""Cannot mount %s\n"", input); free (ptr); } break; case '-': r_fs_umount (core->fs, input+1); break; case '*': eprintf (""List commands in radare format\n""); r_list_foreach (core->fs->roots, iter, root) { r_cons_printf (""m %s %s 0x%""PFMT64x""\n"", root-> path, root->p->name, root->delta); } break; case '\0': r_list_foreach (core->fs->roots, iter, root) { r_cons_printf (""%s\t0x%""PFMT64x""\t%s\n"", root->p->name, root->delta, root->path); } break; case 'l': r_list_foreach (core->fs->plugins, iter, plug) { r_cons_printf (""%10s %s\n"", plug->name, plug->desc); } break; case 'd': input++; if (input[0]==' ') input++; list = r_fs_dir (core->fs, input); if (list) { r_list_foreach (list, iter, file) { r_cons_printf (""%c %s\n"", file->type, file->name); } r_list_free (list); } else eprintf (""Cannot open '%s' directory\n"", input); break; case 'p': input++; if (*input == ' ') input++; ptr = strchr (input, ' '); if (ptr) { *ptr = 0; off = r_num_math (core->num, ptr+1); } list = r_fs_partitions (core->fs, input, off); if (list) { r_list_foreach (list, iter, part) { r_cons_printf (""%d %02x 0x%010""PFMT64x"" 0x%010""PFMT64x""\n"", part->number, part->type, part->start, part->start+part->length); } r_list_free (list); } else eprintf (""Cannot read partition\n""); break; case 'o': input++; if (input[0]==' ') input++; file = r_fs_open (core->fs, input); if (file) { r_fs_read (core->fs, file, 0, file->size); r_cons_printf (""f file %d 0x%08""PFMT64x""\n"", file->size, file->off); r_fs_close (core->fs, file); } else eprintf (""Cannot open file\n""); break; case 'g': input++; if (*input == ' ') input++; ptr = strchr (input, ' '); if (ptr) *ptr++ = 0; else ptr = ""./""; file = r_fs_open (core->fs, input); if (file) { r_fs_read (core->fs, file, 0, file->size); write (1, file->data, file->size); r_fs_close (core->fs, file); write (1, ""\n"", 1); } else if (!r_fs_dir_dump (core->fs, input, ptr)) eprintf (""Cannot open file\n""); break; case 'f': input++; switch (*input) { case '?': r_cons_printf ( ""Usage: mf[no] [...]\n"" "" mfn /foo *.c ; search files by name in /foo path\n"" "" mfo /foo 0x5e91 ; search files by offset in /foo path\n"" ); break; case 'n': input++; if (*input == ' ') input++; ptr = strchr (input, ' '); if (ptr) { *ptr++ = 0; list = r_fs_find_name (core->fs, input, ptr); r_list_foreach (list, iter, ptr) { r_str_chop_path (ptr); printf (""%s\n"", ptr); } } else eprintf (""Unknown store path\n""); break; case 'o': input++; if (*input == ' ') input++; ptr = strchr (input, ' '); if (ptr) { *ptr++ = 0; ut64 off = r_num_math (core->num, ptr); list = r_fs_find_off (core->fs, input, off); r_list_foreach (list, iter, ptr) { r_str_chop_path (ptr); printf (""%s\n"", ptr); } } else eprintf (""Unknown store path\n""); break; } break; case 's': if (core->http_up) { free (oinput); return false; } input++; if (input[0]==' ') input++; r_fs_prompt (core->fs, input); break; case 'y': eprintf (""TODO\n""); break; case '?': { const char* help_msg[] = { ""Usage:"", ""m[-?*dgy] [...] "", ""Mountpoints management"", ""m"", """", ""List all mountpoints in human readable format"", ""m*"", """", ""Same as above, but in r2 commands"", ""ml"", """", ""List filesystem plugins"", ""m"", "" /mnt"", ""Mount fs at /mnt with autodetect fs and current offset"", ""m"", "" /mnt ext2 0"", ""Mount ext2 fs at /mnt with delta 0 on IO"", ""m-/"", """", ""Umount given path (/)"", ""my"", """", ""Yank contents of file into clipboard"", ""mo"", "" /foo"", ""Get offset and size of given file"", ""mg"", "" /foo"", ""Get contents of file/dir dumped to disk (XXX?)"", ""mf"", ""[?] [o|n]"", ""Search files for given filename or for offset"", ""md"", "" /"", ""List directory contents for path"", ""mp"", """", ""List all supported partition types"", ""mp"", "" msdos 0"", ""Show partitions in msdos format at offset 0"", ""ms"", "" /mnt"", ""Open filesystem prompt at /mnt"", NULL}; r_core_cmd_help (core, help_msg); } break; } free (oinput); return 0; }",visit repo url,libr/core/cmd_mount.c,https://github.com/radare/radare2,116900492853072,1 6653,['CWE-200'],"add_connection_buttons (NMConnectionList *self, const char *prefix, GtkTreeView *treeview, GType ctype, PageNewConnectionFunc new_func) { char *name; GtkWidget *button, *hbox; ActionInfo *info; GtkTreeSelection *selection; PolKitGnomeAction *action = NULL; selection = gtk_tree_view_get_selection (treeview); name = g_strdup_printf (""%s_add"", prefix); button = glade_xml_get_widget (self->gui, name); g_free (name); info = action_info_new (self, treeview, GTK_WINDOW (self->dialog), NULL, self->system_action); g_signal_connect (button, ""clicked"", G_CALLBACK (add_connection_clicked), info); if (ctype == NM_TYPE_SETTING_VPN) { GHashTable *plugins; plugins = vpn_get_plugins (NULL); gtk_widget_set_sensitive (button, (plugins && g_hash_table_size (plugins))); } if (new_func) action_info_set_new_func (info, new_func); name = g_strdup_printf (""%s_button_box"", prefix); hbox = glade_xml_get_widget (self->gui, name); g_free (name); info = action_info_new (self, treeview, GTK_WINDOW (self->dialog), NULL, self->system_action); action = NULL; button = create_system_action_button (""system-edit"", _(""Edit...""), _(""Authenticate to edit the selected connection.""), _(""Edit""), _(""Edit the selected connection.""), GTK_STOCK_EDIT, GTK_STOCK_DIALOG_AUTHENTICATION, G_CALLBACK (system_pk_result_changed_cb), hbox, &action, info); action_info_set_button (info, button, action); g_signal_connect (button, ""clicked"", G_CALLBACK (edit_connection_cb), info); g_signal_connect (treeview, ""row-activated"", G_CALLBACK (connection_double_clicked_cb), info); g_signal_connect (selection, ""changed"", G_CALLBACK (pk_button_selection_changed_cb), info); pk_button_selection_changed_cb (selection, info); info = action_info_new (self, treeview, GTK_WINDOW (self->dialog), NULL, self->system_action); action = NULL; button = create_system_action_button (""system-delete"", _(""Delete...""), _(""Authenticate to delete the selected connection.""), _(""Delete""), _(""Delete the selected connection.""), GTK_STOCK_DELETE, GTK_STOCK_DIALOG_AUTHENTICATION, G_CALLBACK (system_pk_result_changed_cb), hbox, &action, info); action_info_set_button (info, button, action); g_signal_connect (button, ""clicked"", G_CALLBACK (delete_connection_cb), info); g_signal_connect (selection, ""changed"", G_CALLBACK (pk_button_selection_changed_cb), info); pk_button_selection_changed_cb (selection, info); name = g_strdup_printf (""%s_import"", prefix); button = glade_xml_get_widget (self->gui, name); g_free (name); if (button) { gboolean import_supported = FALSE; info = action_info_new (self, treeview, GTK_WINDOW (self->dialog), button, self->system_action); g_signal_connect (button, ""clicked"", G_CALLBACK (import_vpn_cb), info); g_hash_table_foreach (vpn_get_plugins (NULL), check_vpn_import_supported, &import_supported); gtk_widget_set_sensitive (button, import_supported); } name = g_strdup_printf (""%s_export"", prefix); button = glade_xml_get_widget (self->gui, name); g_free (name); if (button) { info = action_info_new (self, treeview, GTK_WINDOW (self->dialog), button, self->system_action); g_signal_connect (button, ""clicked"", G_CALLBACK (export_vpn_cb), info); g_signal_connect (selection, ""changed"", G_CALLBACK (vpn_list_selection_changed_cb), info); gtk_widget_set_sensitive (button, FALSE); } }",network-manager-applet,,,218895136837486703434164731587616802807,0 6297,CWE-295,"static LUA_FUNCTION(openssl_x509_check_ip_asc) { X509 * cert = CHECK_OBJECT(1, X509, ""openssl.x509""); if (lua_isstring(L, 2)) { const char *ip_asc = lua_tostring(L, 2); lua_pushboolean(L, X509_check_ip_asc(cert, ip_asc, 0)); } else { lua_pushboolean(L, 0); } return 1; }",visit repo url,src/x509.c,https://github.com/zhaozg/lua-openssl,111071188855268,1 3715,[]," __releases(unix_table_lock) { spin_unlock(&unix_table_lock); }",linux-2.6,,,168234423867917737707735003834697438697,0 2711,[],"static int sctp_copy_laddrs_old(struct sock *sk, __u16 port, int max_addrs, void *to, int *bytes_copied) { struct sctp_sockaddr_entry *addr; union sctp_addr temp; int cnt = 0; int addrlen; rcu_read_lock(); list_for_each_entry_rcu(addr, &sctp_local_addr_list, list) { if (!addr->valid) continue; if ((PF_INET == sk->sk_family) && (AF_INET6 == addr->a.sa.sa_family)) continue; if ((PF_INET6 == sk->sk_family) && inet_v6_ipv6only(sk) && (AF_INET == addr->a.sa.sa_family)) continue; memcpy(&temp, &addr->a, sizeof(temp)); if (!temp.v4.sin_port) temp.v4.sin_port = htons(port); sctp_get_pf_specific(sk->sk_family)->addr_v4map(sctp_sk(sk), &temp); addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; memcpy(to, &temp, addrlen); to += addrlen; *bytes_copied += addrlen; cnt ++; if (cnt >= max_addrs) break; } rcu_read_unlock(); return cnt; }",linux-2.6,,,153213206837555231902626277154494151963,0 2372,CWE-787,"static int track_header(VividasDemuxContext *viv, AVFormatContext *s, uint8_t *buf, int size) { int i, j, ret; int64_t off; int val_1; int num_video; AVIOContext pb0, *pb = &pb0; ffio_init_context(pb, buf, size, 0, NULL, NULL, NULL, NULL); ffio_read_varlen(pb); avio_r8(pb); val_1 = ffio_read_varlen(pb); for (i=0;iid = i; st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO; st->codecpar->codec_id = AV_CODEC_ID_VP6; off = avio_tell(pb); off += ffio_read_varlen(pb); avio_r8(pb); avio_r8(pb); num = avio_rl32(pb); den = avio_rl32(pb); avpriv_set_pts_info(st, 64, num, den); st->nb_frames = avio_rl32(pb); st->codecpar->width = avio_rl16(pb); st->codecpar->height = avio_rl16(pb); avio_r8(pb); avio_rl32(pb); avio_seek(pb, off, SEEK_SET); } off = avio_tell(pb); off += ffio_read_varlen(pb); avio_r8(pb); viv->num_audio = avio_r8(pb); avio_seek(pb, off, SEEK_SET); if (viv->num_audio != 1) av_log(s, AV_LOG_WARNING, ""number of audio tracks %d is not 1\n"", viv->num_audio); for(i=0;inum_audio;i++) { int q; AVStream *st = avformat_new_stream(s, NULL); if (!st) return AVERROR(ENOMEM); st->id = num_video + i; st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; st->codecpar->codec_id = AV_CODEC_ID_VORBIS; off = avio_tell(pb); off += ffio_read_varlen(pb); avio_r8(pb); avio_r8(pb); avio_rl16(pb); st->codecpar->channels = avio_rl16(pb); st->codecpar->sample_rate = avio_rl32(pb); avio_seek(pb, 10, SEEK_CUR); q = avio_r8(pb); avio_seek(pb, q, SEEK_CUR); avio_r8(pb); if (avio_tell(pb) < off) { int num_data; int xd_size = 0; int data_len[256]; int offset = 1; uint8_t *p; ffio_read_varlen(pb); avio_r8(pb); ffio_read_varlen(pb); num_data = avio_r8(pb); for (j = 0; j < num_data; j++) { uint64_t len = ffio_read_varlen(pb); if (len > INT_MAX/2 - xd_size) { return AVERROR_INVALIDDATA; } data_len[j] = len; xd_size += len; } ret = ff_alloc_extradata(st->codecpar, 64 + xd_size + xd_size / 255); if (ret < 0) return ret; p = st->codecpar->extradata; p[0] = 2; for (j = 0; j < num_data - 1; j++) { unsigned delta = av_xiphlacing(&p[offset], data_len[j]); if (delta > data_len[j]) { return AVERROR_INVALIDDATA; } offset += delta; } for (j = 0; j < num_data; j++) { int ret = avio_read(pb, &p[offset], data_len[j]); if (ret < data_len[j]) { st->codecpar->extradata_size = 0; av_freep(&st->codecpar->extradata); break; } offset += data_len[j]; } if (offset < st->codecpar->extradata_size) st->codecpar->extradata_size = offset; } } return 0; }",visit repo url,libavformat/vividas.c,https://github.com/FFmpeg/FFmpeg,176146459132984,1 2086,[],"static void udp4_format_sock(struct sock *sp, char *tmpbuf, int bucket) { struct inet_sock *inet = inet_sk(sp); __be32 dest = inet->daddr; __be32 src = inet->rcv_saddr; __u16 destp = ntohs(inet->dport); __u16 srcp = ntohs(inet->sport); sprintf(tmpbuf, ""%4d: %08X:%04X %08X:%04X"" "" %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p"", bucket, src, srcp, dest, destp, sp->sk_state, atomic_read(&sp->sk_wmem_alloc), atomic_read(&sp->sk_rmem_alloc), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp); }",linux-2.6,,,254478912500479570632072110874842052039,0 2108,[],"int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len) { struct inet_sock *inet = inet_sk(sk); struct udp_sock *up = udp_sk(sk); int ulen = len; struct ipcm_cookie ipc; struct rtable *rt = NULL; int free = 0; int connected = 0; __be32 daddr, faddr, saddr; __be16 dport; u8 tos; int err, is_udplite = up->pcflag; int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); if (len > 0xFFFF) return -EMSGSIZE; if (msg->msg_flags&MSG_OOB) return -EOPNOTSUPP; ipc.opt = NULL; if (up->pending) { lock_sock(sk); if (likely(up->pending)) { if (unlikely(up->pending != AF_INET)) { release_sock(sk); return -EINVAL; } goto do_append_data; } release_sock(sk); } ulen += sizeof(struct udphdr); if (msg->msg_name) { struct sockaddr_in * usin = (struct sockaddr_in*)msg->msg_name; if (msg->msg_namelen < sizeof(*usin)) return -EINVAL; if (usin->sin_family != AF_INET) { if (usin->sin_family != AF_UNSPEC) return -EAFNOSUPPORT; } daddr = usin->sin_addr.s_addr; dport = usin->sin_port; if (dport == 0) return -EINVAL; } else { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; daddr = inet->daddr; dport = inet->dport; connected = 1; } ipc.addr = inet->saddr; ipc.oif = sk->sk_bound_dev_if; if (msg->msg_controllen) { err = ip_cmsg_send(msg, &ipc); if (err) return err; if (ipc.opt) free = 1; connected = 0; } if (!ipc.opt) ipc.opt = inet->opt; saddr = ipc.addr; ipc.addr = faddr = daddr; if (ipc.opt && ipc.opt->srr) { if (!daddr) return -EINVAL; faddr = ipc.opt->faddr; connected = 0; } tos = RT_TOS(inet->tos); if (sock_flag(sk, SOCK_LOCALROUTE) || (msg->msg_flags & MSG_DONTROUTE) || (ipc.opt && ipc.opt->is_strictroute)) { tos |= RTO_ONLINK; connected = 0; } if (MULTICAST(daddr)) { if (!ipc.oif) ipc.oif = inet->mc_index; if (!saddr) saddr = inet->mc_addr; connected = 0; } if (connected) rt = (struct rtable*)sk_dst_check(sk, 0); if (rt == NULL) { struct flowi fl = { .oif = ipc.oif, .nl_u = { .ip4_u = { .daddr = faddr, .saddr = saddr, .tos = tos } }, .proto = sk->sk_protocol, .uli_u = { .ports = { .sport = inet->sport, .dport = dport } } }; security_sk_classify_flow(sk, &fl); err = ip_route_output_flow(&rt, &fl, sk, 1); if (err) { if (err == -ENETUNREACH) IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES); goto out; } err = -EACCES; if ((rt->rt_flags & RTCF_BROADCAST) && !sock_flag(sk, SOCK_BROADCAST)) goto out; if (connected) sk_dst_set(sk, dst_clone(&rt->u.dst)); } if (msg->msg_flags&MSG_CONFIRM) goto do_confirm; back_from_confirm: saddr = rt->rt_src; if (!ipc.addr) daddr = ipc.addr = rt->rt_dst; lock_sock(sk); if (unlikely(up->pending)) { release_sock(sk); LIMIT_NETDEBUG(KERN_DEBUG ""udp cork app bug 2\n""); err = -EINVAL; goto out; } inet->cork.fl.fl4_dst = daddr; inet->cork.fl.fl_ip_dport = dport; inet->cork.fl.fl4_src = saddr; inet->cork.fl.fl_ip_sport = inet->sport; up->pending = AF_INET; do_append_data: up->len += ulen; getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; err = ip_append_data(sk, getfrag, msg->msg_iov, ulen, sizeof(struct udphdr), &ipc, rt, corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags); if (err) udp_flush_pending_frames(sk); else if (!corkreq) err = udp_push_pending_frames(sk); else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) up->pending = 0; release_sock(sk); out: ip_rt_put(rt); if (free) kfree(ipc.opt); if (!err) return len; if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { UDP_INC_STATS_USER(UDP_MIB_SNDBUFERRORS, is_udplite); } return err; do_confirm: dst_confirm(&rt->u.dst); if (!(msg->msg_flags&MSG_PROBE) || len) goto back_from_confirm; err = 0; goto out; }",linux-2.6,,,66830017452936607997125837256137066607,0 774,['CWE-119'],"static __inline__ void isdn_net_device_wake_queue(isdn_net_local *lp) { if (lp->master) netif_wake_queue(lp->master); else netif_wake_queue(lp->netdev->dev); }",linux-2.6,,,21569520681420257762871811797938249990,0 6632,CWE-416,"njs_function_frame_invoke(njs_vm_t *vm, njs_value_t *retval) { njs_native_frame_t *frame; frame = vm->top_frame; frame->retval = retval; if (njs_function_object_type(vm, frame->function) == NJS_OBJ_TYPE_ASYNC_FUNCTION) { return njs_async_function_frame_invoke(vm, retval); } if (frame->native) { return njs_function_native_call(vm); } else { return njs_function_lambda_call(vm); } }",visit repo url,src/njs_function.c,https://github.com/nginx/njs,92385366227572,1 1612,CWE-264,"ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, int newtype, struct ipv6_opt_hdr __user *newopt, int newoptlen) { int tot_len = 0; char *p; struct ipv6_txoptions *opt2; int err; if (opt) { if (newtype != IPV6_HOPOPTS && opt->hopopt) tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt)); if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt) tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt)); if (newtype != IPV6_RTHDR && opt->srcrt) tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt)); if (newtype != IPV6_DSTOPTS && opt->dst1opt) tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt)); } if (newopt && newoptlen) tot_len += CMSG_ALIGN(newoptlen); if (!tot_len) return NULL; tot_len += sizeof(*opt2); opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); if (!opt2) return ERR_PTR(-ENOBUFS); memset(opt2, 0, tot_len); opt2->tot_len = tot_len; p = (char *)(opt2 + 1); err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen, newtype != IPV6_HOPOPTS, &opt2->hopopt, &p); if (err) goto out; err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen, newtype != IPV6_RTHDRDSTOPTS, &opt2->dst0opt, &p); if (err) goto out; err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen, newtype != IPV6_RTHDR, (struct ipv6_opt_hdr **)&opt2->srcrt, &p); if (err) goto out; err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen, newtype != IPV6_DSTOPTS, &opt2->dst1opt, &p); if (err) goto out; opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) + (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) + (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0); opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0); return opt2; out: sock_kfree_s(sk, opt2, opt2->tot_len); return ERR_PTR(err); }",visit repo url,net/ipv6/exthdrs.c,https://github.com/torvalds/linux,98729998604557,1 5405,['CWE-476'],"static int kvm_vm_ioctl_set_memory_alias(struct kvm *kvm, struct kvm_memory_alias *alias) { int r, n; struct kvm_mem_alias *p; r = -EINVAL; if (alias->memory_size & (PAGE_SIZE - 1)) goto out; if (alias->guest_phys_addr & (PAGE_SIZE - 1)) goto out; if (alias->slot >= KVM_ALIAS_SLOTS) goto out; if (alias->guest_phys_addr + alias->memory_size < alias->guest_phys_addr) goto out; if (alias->target_phys_addr + alias->memory_size < alias->target_phys_addr) goto out; down_write(&kvm->slots_lock); spin_lock(&kvm->mmu_lock); p = &kvm->arch.aliases[alias->slot]; p->base_gfn = alias->guest_phys_addr >> PAGE_SHIFT; p->npages = alias->memory_size >> PAGE_SHIFT; p->target_gfn = alias->target_phys_addr >> PAGE_SHIFT; for (n = KVM_ALIAS_SLOTS; n > 0; --n) if (kvm->arch.aliases[n - 1].npages) break; kvm->arch.naliases = n; spin_unlock(&kvm->mmu_lock); kvm_mmu_zap_all(kvm); up_write(&kvm->slots_lock); return 0; out: return r; }",linux-2.6,,,97271774088944714555049708619979120327,0 4640,CWE-476,"GF_Err gf_hinter_finalize(GF_ISOFile *file, GF_SDP_IODProfile IOD_Profile, u32 bandwidth) { u32 i, sceneT, odT, descIndex, size, size64; GF_InitialObjectDescriptor *iod; GF_SLConfig slc; GF_ISOSample *samp; Bool remove_ocr; u8 *buffer; char buf64[5000], sdpLine[5100]; gf_isom_sdp_clean(file); if (bandwidth) { sprintf(buf64, ""b=AS:%d"", bandwidth); gf_isom_sdp_add_line(file, buf64); } if (gf_sys_is_test_mode()) { sprintf(buf64, ""a=x-copyright: %s"", ""MP4/3GP File hinted with GPAC - (c) Telecom ParisTech (http://gpac.io)""); } else { sprintf(buf64, ""a=x-copyright: MP4/3GP File hinted with GPAC %s - %s"", gf_gpac_version(), gf_gpac_copyright() ); } gf_isom_sdp_add_line(file, buf64); if (IOD_Profile == GF_SDP_IOD_NONE) return GF_OK; odT = sceneT = 0; for (i=0; iESDescriptors)) { esd = (GF_ESD*)gf_list_get(iod->ESDescriptors, 0); gf_odf_desc_del((GF_Descriptor *) esd); gf_list_rem(iod->ESDescriptors, 0); } if (odT) { esd = gf_isom_get_esd(file, odT, 1); if (gf_isom_get_sample_count(file, odT)==1) { samp = gf_isom_get_sample(file, odT, 1, &descIndex); if (samp && gf_hinter_can_embbed_data(samp->data, samp->dataLength, GF_STREAM_OD)) { InitSL_NULL(&slc); slc.predefined = 0; slc.hasRandomAccessUnitsOnlyFlag = 1; slc.timeScale = slc.timestampResolution = gf_isom_get_media_timescale(file, odT); slc.OCRResolution = 1000; slc.startCTS = samp->DTS+samp->CTS_Offset; slc.startDTS = samp->DTS; gf_isom_set_extraction_slc(file, odT, 1, &slc); size64 = gf_base64_encode(samp->data, samp->dataLength, buf64, 2000); buf64[size64] = 0; sprintf(sdpLine, ""data:application/mpeg4-od-au;base64,%s"", buf64); esd->decoderConfig->avgBitrate = 0; esd->decoderConfig->bufferSizeDB = samp->dataLength; esd->decoderConfig->maxBitrate = 0; size64 = (u32) strlen(sdpLine)+1; esd->URLString = (char*)gf_malloc(sizeof(char) * size64); strcpy(esd->URLString, sdpLine); } else { GF_LOG(GF_LOG_WARNING, GF_LOG_RTP, (""[rtp hinter] OD sample too large to be embedded in IOD - ISMA disabled\n"")); is_ok = 0; } gf_isom_sample_del(&samp); } if (remove_ocr) esd->OCRESID = 0; else if (esd->OCRESID == esd->ESID) esd->OCRESID = 0; gf_list_add(iod->ESDescriptors, esd); } esd = gf_isom_get_esd(file, sceneT, 1); if (gf_isom_get_sample_count(file, sceneT)==1) { samp = gf_isom_get_sample(file, sceneT, 1, &descIndex); if (gf_hinter_can_embbed_data(samp->data, samp->dataLength, GF_STREAM_SCENE)) { slc.timeScale = slc.timestampResolution = gf_isom_get_media_timescale(file, sceneT); slc.OCRResolution = 1000; slc.startCTS = samp->DTS+samp->CTS_Offset; slc.startDTS = samp->DTS; gf_isom_set_extraction_slc(file, sceneT, 1, &slc); size64 = gf_base64_encode(samp->data, samp->dataLength, buf64, 2000); buf64[size64] = 0; sprintf(sdpLine, ""data:application/mpeg4-bifs-au;base64,%s"", buf64); esd->decoderConfig->avgBitrate = 0; esd->decoderConfig->bufferSizeDB = samp->dataLength; esd->decoderConfig->maxBitrate = 0; esd->URLString = (char*)gf_malloc(sizeof(char) * (strlen(sdpLine)+1)); strcpy(esd->URLString, sdpLine); } else { GF_LOG(GF_LOG_ERROR, GF_LOG_RTP, (""[rtp hinter] Scene description sample too large to be embedded in IOD - ISMA disabled\n"")); is_ok = 0; } gf_isom_sample_del(&samp); } if (remove_ocr) esd->OCRESID = 0; else if (esd->OCRESID == esd->ESID) esd->OCRESID = 0; gf_list_add(iod->ESDescriptors, esd); if (is_ok) { u32 has_a, has_v, has_i_a, has_i_v; has_a = has_v = has_i_a = has_i_v = 0; for (i=0; idecoderConfig->streamType==GF_STREAM_VISUAL) { if (esd->decoderConfig->objectTypeIndication==GF_CODECID_MPEG4_PART2) has_i_v ++; else has_v++; } else if (esd->decoderConfig->streamType==GF_STREAM_AUDIO) { if (esd->decoderConfig->objectTypeIndication==GF_CODECID_AAC_MPEG4) has_i_a ++; else has_a++; } gf_odf_desc_del((GF_Descriptor *)esd); } if (!has_v && !has_a && (has_i_v<=1) && (has_i_a<=1)) { sprintf(sdpLine, ""a=isma-compliance:1,1.0,1""); gf_isom_sdp_add_line(file, sdpLine); } } } buffer = NULL; size = 0; gf_odf_desc_write((GF_Descriptor *) iod, &buffer, &size); gf_odf_desc_del((GF_Descriptor *)iod); size64 = gf_base64_encode(buffer, size, buf64, 2000); buf64[size64] = 0; gf_free(buffer); sprintf(sdpLine, ""a=mpeg4-iod:\""data:application/mpeg4-iod;base64,%s\"""", buf64); gf_isom_sdp_add_line(file, sdpLine); return GF_OK; }",visit repo url,src/media_tools/isom_hinter.c,https://github.com/gpac/gpac,220148838791468,1 4981,['CWE-20'],"static void *nfs_server_list_start(struct seq_file *m, loff_t *_pos) { spin_lock(&nfs_client_lock); return seq_list_start_head(&nfs_client_list, *_pos); }",linux-2.6,,,182811772519725583906517902786733487702,0 2731,CWE-415,"static size_t _php_mb_regex_get_option_string(char *str, size_t len, OnigOptionType option, OnigSyntaxType *syntax) { size_t len_left = len; size_t len_req = 0; char *p = str; char c; if ((option & ONIG_OPTION_IGNORECASE) != 0) { if (len_left > 0) { --len_left; *(p++) = 'i'; } ++len_req; } if ((option & ONIG_OPTION_EXTEND) != 0) { if (len_left > 0) { --len_left; *(p++) = 'x'; } ++len_req; } if ((option & (ONIG_OPTION_MULTILINE | ONIG_OPTION_SINGLELINE)) == (ONIG_OPTION_MULTILINE | ONIG_OPTION_SINGLELINE)) { if (len_left > 0) { --len_left; *(p++) = 'p'; } ++len_req; } else { if ((option & ONIG_OPTION_MULTILINE) != 0) { if (len_left > 0) { --len_left; *(p++) = 'm'; } ++len_req; } if ((option & ONIG_OPTION_SINGLELINE) != 0) { if (len_left > 0) { --len_left; *(p++) = 's'; } ++len_req; } } if ((option & ONIG_OPTION_FIND_LONGEST) != 0) { if (len_left > 0) { --len_left; *(p++) = 'l'; } ++len_req; } if ((option & ONIG_OPTION_FIND_NOT_EMPTY) != 0) { if (len_left > 0) { --len_left; *(p++) = 'n'; } ++len_req; } c = 0; if (syntax == ONIG_SYNTAX_JAVA) { c = 'j'; } else if (syntax == ONIG_SYNTAX_GNU_REGEX) { c = 'u'; } else if (syntax == ONIG_SYNTAX_GREP) { c = 'g'; } else if (syntax == ONIG_SYNTAX_EMACS) { c = 'c'; } else if (syntax == ONIG_SYNTAX_RUBY) { c = 'r'; } else if (syntax == ONIG_SYNTAX_PERL) { c = 'z'; } else if (syntax == ONIG_SYNTAX_POSIX_BASIC) { c = 'b'; } else if (syntax == ONIG_SYNTAX_POSIX_EXTENDED) { c = 'd'; } if (c != 0) { if (len_left > 0) { --len_left; *(p++) = c; } ++len_req; } if (len_left > 0) { --len_left; *(p++) = '\0'; } ++len_req; if (len < len_req) { return len_req; } return 0; }",visit repo url,ext/mbstring/php_mbregex.c,https://github.com/php/php-src,92106648780353,1 1380,[],"static void switched_to_fair(struct rq *rq, struct task_struct *p, int running) { if (running) resched_task(rq->curr); else check_preempt_curr(rq, p); }",linux-2.6,,,266882425794447235212094949913298274798,0 4781,CWE-119,"static int tcos_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { sc_context_t *ctx; sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; unsigned int i; int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x04); switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) return SC_ERROR_INVALID_ARGUMENTS; case SC_PATH_TYPE_FROM_CURRENT: apdu.p1 = 9; break; case SC_PATH_TYPE_DF_NAME: apdu.p1 = 4; break; case SC_PATH_TYPE_PATH: apdu.p1 = 8; if (pathlen >= 2 && memcmp(path, ""\x3F\x00"", 2) == 0) path += 2, pathlen -= 2; if (pathlen == 0) apdu.p1 = 0; break; case SC_PATH_TYPE_PARENT: apdu.p1 = 3; pathlen = 0; break; default: SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; apdu.lc = pathlen; apdu.data = path; apdu.datalen = pathlen; if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); apdu.le = 256; } else { apdu.resplen = 0; apdu.le = 0; apdu.p2 = 0x0C; apdu.cse = (pathlen == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; } r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, ""APDU transmit failed""); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""received invalid template %02X\n"", apdu.resp[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); *file_out = file; file->path = *in_path; for(i=2; i+1size=0; for(j=0; jsize = (file->size<<8) | d[j]; break; case 0x82: file->shareable = (d[0] & 0x40) ? 1 : 0; file->ef_structure = d[0] & 7; switch ((d[0]>>3) & 7) { case 0: file->type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""invalid file type %02X in file descriptor\n"", d[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: file->id = (d[0]<<8) | d[1]; break; case 0x84: memcpy(file->name, d, len); file->namelen = len; break; case 0x86: sc_file_set_sec_attr(file, d, len); break; default: if (len>0) sc_file_set_prop_attr(file, d, len); } } file->magic = SC_FILE_MAGIC; parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len); return 0; }",visit repo url,src/libopensc/card-tcos.c,https://github.com/OpenSC/OpenSC,13139987058975,1 809,CWE-20,"static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; unsigned int copied, rlen; struct sk_buff *skb, *cskb; int err = 0; pr_debug(""%p %zu\n"", sk, len); msg->msg_namelen = 0; lock_sock(sk); if (sk->sk_state == LLCP_CLOSED && skb_queue_empty(&sk->sk_receive_queue)) { release_sock(sk); return 0; } release_sock(sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { pr_err(""Recv datagram failed state %d %d %d"", sk->sk_state, err, sock_error(sk)); if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } rlen = skb->len; copied = min_t(unsigned int, rlen, len); cskb = skb; if (skb_copy_datagram_iovec(cskb, 0, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } sock_recv_timestamp(msg, sk, skb); if (sk->sk_type == SOCK_DGRAM && msg->msg_name) { struct nfc_llcp_ui_cb *ui_cb = nfc_llcp_ui_skb_cb(skb); struct sockaddr_nfc_llcp *sockaddr = (struct sockaddr_nfc_llcp *) msg->msg_name; msg->msg_namelen = sizeof(struct sockaddr_nfc_llcp); pr_debug(""Datagram socket %d %d\n"", ui_cb->dsap, ui_cb->ssap); memset(sockaddr, 0, sizeof(*sockaddr)); sockaddr->sa_family = AF_NFC; sockaddr->nfc_protocol = NFC_PROTO_NFC_DEP; sockaddr->dsap = ui_cb->dsap; sockaddr->ssap = ui_cb->ssap; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) { skb_pull(skb, copied); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); goto done; } } kfree_skb(skb); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/nfc/llcp_sock.c,https://github.com/torvalds/linux,259541481085604,1 2668,[],"static int sctp_getsockopt_local_addrs(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_bind_addr *bp; struct sctp_association *asoc; int cnt = 0; struct sctp_getaddrs getaddrs; struct sctp_sockaddr_entry *addr; void __user *to; union sctp_addr temp; struct sctp_sock *sp = sctp_sk(sk); int addrlen; int err = 0; size_t space_left; int bytes_copied = 0; void *addrs; void *buf; if (len < sizeof(struct sctp_getaddrs)) return -EINVAL; if (copy_from_user(&getaddrs, optval, sizeof(struct sctp_getaddrs))) return -EFAULT; if (0 == getaddrs.assoc_id) { bp = &sctp_sk(sk)->ep->base.bind_addr; } else { asoc = sctp_id2assoc(sk, getaddrs.assoc_id); if (!asoc) return -EINVAL; bp = &asoc->base.bind_addr; } to = optval + offsetof(struct sctp_getaddrs,addrs); space_left = len - offsetof(struct sctp_getaddrs,addrs); addrs = kmalloc(space_left, GFP_KERNEL); if (!addrs) return -ENOMEM; if (sctp_list_single_entry(&bp->address_list)) { addr = list_entry(bp->address_list.next, struct sctp_sockaddr_entry, list); if (sctp_is_any(&addr->a)) { cnt = sctp_copy_laddrs(sk, bp->port, addrs, space_left, &bytes_copied); if (cnt < 0) { err = cnt; goto out; } goto copy_getaddrs; } } buf = addrs; list_for_each_entry(addr, &bp->address_list, list) { memcpy(&temp, &addr->a, sizeof(temp)); sctp_get_pf_specific(sk->sk_family)->addr_v4map(sp, &temp); addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) { err = -ENOMEM; goto out; } memcpy(buf, &temp, addrlen); buf += addrlen; bytes_copied += addrlen; cnt ++; space_left -= addrlen; } copy_getaddrs: if (copy_to_user(to, addrs, bytes_copied)) { err = -EFAULT; goto out; } if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num)) { err = -EFAULT; goto out; } if (put_user(bytes_copied, optlen)) err = -EFAULT; out: kfree(addrs); return err; }",linux-2.6,,,249024491995126340853380833011655221130,0 5026,CWE-190,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 2591,CWE-264,"int _mkp_stage_30(struct plugin *p, struct client_session *cs, struct session_request *sr) { mk_ptr_t referer; (void) p; (void) cs; PLUGIN_TRACE(""[FD %i] Mandril validating URL"", cs->socket); if (mk_security_check_url(sr->uri) < 0) { PLUGIN_TRACE(""[FD %i] Close connection, blocked URL"", cs->socket); mk_api->header_set_http_status(sr, MK_CLIENT_FORBIDDEN); return MK_PLUGIN_RET_CLOSE_CONX; } PLUGIN_TRACE(""[FD %d] Mandril validating hotlinking"", cs->socket); referer = mk_api->header_get(&sr->headers_toc, ""Referer"", strlen(""Referer"")); if (mk_security_check_hotlink(sr->uri_processed, sr->host, referer) < 0) { PLUGIN_TRACE(""[FD %i] Close connection, deny hotlinking."", cs->socket); mk_api->header_set_http_status(sr, MK_CLIENT_FORBIDDEN); return MK_PLUGIN_RET_CLOSE_CONX; } return MK_PLUGIN_RET_NOT_ME; }",visit repo url,plugins/mandril/mandril.c,https://github.com/monkey/monkey,101518844334201,1 5381,['CWE-476'],"int load_pdptrs(struct kvm_vcpu *vcpu, unsigned long cr3) { gfn_t pdpt_gfn = cr3 >> PAGE_SHIFT; unsigned offset = ((cr3 & (PAGE_SIZE-1)) >> 5) << 2; int i; int ret; u64 pdpte[ARRAY_SIZE(vcpu->arch.pdptrs)]; ret = kvm_read_guest_page(vcpu->kvm, pdpt_gfn, pdpte, offset * sizeof(u64), sizeof(pdpte)); if (ret < 0) { ret = 0; goto out; } for (i = 0; i < ARRAY_SIZE(pdpte); ++i) { if (is_present_pte(pdpte[i]) && (pdpte[i] & vcpu->arch.mmu.rsvd_bits_mask[0][2])) { ret = 0; goto out; } } ret = 1; memcpy(vcpu->arch.pdptrs, pdpte, sizeof(vcpu->arch.pdptrs)); out: return ret; }",linux-2.6,,,71911797345966029361510821105252302078,0 5137,CWE-125,"parsestr(struct compiling *c, const node *n, int *bytesmode, int *rawmode, PyObject **result, const char **fstr, Py_ssize_t *fstrlen) { size_t len; const char *s = STR(n); int quote = Py_CHARMASK(*s); int fmode = 0; *bytesmode = 0; *rawmode = 0; *result = NULL; *fstr = NULL; if (Py_ISALPHA(quote)) { while (!*bytesmode || !*rawmode) { if (quote == 'b' || quote == 'B') { quote = *++s; *bytesmode = 1; } else if (quote == 'u' || quote == 'U') { quote = *++s; } else if (quote == 'r' || quote == 'R') { quote = *++s; *rawmode = 1; } else if (quote == 'f' || quote == 'F') { quote = *++s; fmode = 1; } else { break; } } } if (fmode && *bytesmode) { PyErr_BadInternalCall(); return -1; } if (quote != '\'' && quote != '\""') { PyErr_BadInternalCall(); return -1; } s++; len = strlen(s); if (len > INT_MAX) { PyErr_SetString(PyExc_OverflowError, ""string to parse is too long""); return -1; } if (s[--len] != quote) { PyErr_BadInternalCall(); return -1; } if (len >= 4 && s[0] == quote && s[1] == quote) { s += 2; len -= 2; if (s[--len] != quote || s[--len] != quote) { PyErr_BadInternalCall(); return -1; } } if (fmode) { *fstr = s; *fstrlen = len; return 0; } *rawmode = *rawmode || strchr(s, '\\') == NULL; if (*bytesmode) { const char *ch; for (ch = s; *ch; ch++) { if (Py_CHARMASK(*ch) >= 0x80) { ast_error(c, n, ""bytes can only contain ASCII "" ""literal characters.""); return -1; } } if (*rawmode) *result = PyBytes_FromStringAndSize(s, len); else *result = decode_bytes_with_escapes(c, n, s, len); } else { if (*rawmode) *result = PyUnicode_DecodeUTF8Stateful(s, len, NULL, NULL); else *result = decode_unicode_with_escapes(c, n, s, len); } return *result == NULL ? -1 : 0; }",visit repo url,Python/ast.c,https://github.com/python/cpython,215076405842395,1 5480,CWE-120,"void dmar_free_irte(const struct intr_source *intr_src, uint16_t index) { struct dmar_drhd_rt *dmar_unit; union dmar_ir_entry *ir_table, *ir_entry; union pci_bdf sid; if (intr_src->is_msi) { dmar_unit = device_to_dmaru((uint8_t)intr_src->src.msi.bits.b, intr_src->src.msi.fields.devfun); } else { dmar_unit = ioapic_to_dmaru(intr_src->src.ioapic_id, &sid); } if (is_dmar_unit_valid(dmar_unit, sid)) { ir_table = (union dmar_ir_entry *)hpa2hva(dmar_unit->ir_table_addr); ir_entry = ir_table + index; ir_entry->bits.remap.present = 0x0UL; iommu_flush_cache(ir_entry, sizeof(union dmar_ir_entry)); dmar_invalid_iec(dmar_unit, index, 0U, false); if (!is_irte_reserved(dmar_unit, index)) { spinlock_obtain(&dmar_unit->lock); bitmap_clear_nolock(index & 0x3FU, &dmar_unit->irte_alloc_bitmap[index >> 6U]); spinlock_release(&dmar_unit->lock); } } }",visit repo url,hypervisor/arch/x86/vtd.c,https://github.com/projectacrn/acrn-hypervisor,264147013537104,1 1112,CWE-362,"static struct ip_options *ip_options_get_alloc(const int optlen) { return kzalloc(sizeof(struct ip_options) + ((optlen + 3) & ~3), GFP_KERNEL); }",visit repo url,net/ipv4/ip_options.c,https://github.com/torvalds/linux,23631770541719,1 6008,CWE-120,"static int __pyx_pw_17clickhouse_driver_14bufferedwriter_14BufferedWriter_1__init__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) { Py_ssize_t __pyx_v_bufsize; int __pyx_r; __Pyx_RefNannyDeclarations __Pyx_RefNannySetupContext(""__init__ (wrapper)"", 0); { static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_bufsize,0}; PyObject* values[1] = {0}; if (unlikely(__pyx_kwds)) { Py_ssize_t kw_args; const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args); switch (pos_args) { case 1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0); CYTHON_FALLTHROUGH; case 0: break; default: goto __pyx_L5_argtuple_error; } kw_args = PyDict_Size(__pyx_kwds); switch (pos_args) { case 0: if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_bufsize)) != 0)) kw_args--; else goto __pyx_L5_argtuple_error; } if (unlikely(kw_args > 0)) { if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, ""__init__"") < 0)) __PYX_ERR(0, 12, __pyx_L3_error) } } else if (PyTuple_GET_SIZE(__pyx_args) != 1) { goto __pyx_L5_argtuple_error; } else { values[0] = PyTuple_GET_ITEM(__pyx_args, 0); } __pyx_v_bufsize = __Pyx_PyIndex_AsSsize_t(values[0]); if (unlikely((__pyx_v_bufsize == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 12, __pyx_L3_error) } goto __pyx_L4_argument_unpacking_done; __pyx_L5_argtuple_error:; __Pyx_RaiseArgtupleInvalid(""__init__"", 1, 1, 1, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 12, __pyx_L3_error) __pyx_L3_error:; __Pyx_AddTraceback(""clickhouse_driver.bufferedwriter.BufferedWriter.__init__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __Pyx_RefNannyFinishContext(); return -1; __pyx_L4_argument_unpacking_done:; __pyx_r = __pyx_pf_17clickhouse_driver_14bufferedwriter_14BufferedWriter___init__(((struct __pyx_obj_17clickhouse_driver_14bufferedwriter_BufferedWriter *)__pyx_v_self), __pyx_v_bufsize); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedwriter.c,https://github.com/mymarilyn/clickhouse-driver,40966197916497,1 2996,CWE-20,"dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, size_t size, off_t fsize, int *flags) { Elf32_Phdr ph32; Elf64_Phdr ph64; size_t offset, len; unsigned char nbuf[BUFSIZ]; ssize_t bufsize; if (size != xph_sizeof) { if (file_printf(ms, "", corrupted program header size"") == -1) return -1; return 0; } for ( ; num; num--) { if (pread(fd, xph_addr, xph_sizeof, off) == -1) { file_badread(ms); return -1; } off += size; if (fsize != SIZE_UNKNOWN && xph_offset > fsize) { continue; } if (xph_type != PT_NOTE) continue; len = xph_filesz < sizeof(nbuf) ? xph_filesz : sizeof(nbuf); if ((bufsize = pread(fd, nbuf, len, xph_offset)) == -1) { file_badread(ms); return -1; } offset = 0; for (;;) { if (offset >= (size_t)bufsize) break; offset = donote(ms, nbuf, offset, (size_t)bufsize, clazz, swap, 4, flags); if (offset == 0) break; } } return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,51467018686344,1 403,CWE-200,"static void make_response(struct xen_blkif_ring *ring, u64 id, unsigned short op, int st) { struct blkif_response resp; unsigned long flags; union blkif_back_rings *blk_rings; int notify; resp.id = id; resp.operation = op; resp.status = st; spin_lock_irqsave(&ring->blk_ring_lock, flags); blk_rings = &ring->blk_rings; switch (ring->blkif->blk_protocol) { case BLKIF_PROTOCOL_NATIVE: memcpy(RING_GET_RESPONSE(&blk_rings->native, blk_rings->native.rsp_prod_pvt), &resp, sizeof(resp)); break; case BLKIF_PROTOCOL_X86_32: memcpy(RING_GET_RESPONSE(&blk_rings->x86_32, blk_rings->x86_32.rsp_prod_pvt), &resp, sizeof(resp)); break; case BLKIF_PROTOCOL_X86_64: memcpy(RING_GET_RESPONSE(&blk_rings->x86_64, blk_rings->x86_64.rsp_prod_pvt), &resp, sizeof(resp)); break; default: BUG(); } blk_rings->common.rsp_prod_pvt++; RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blk_rings->common, notify); spin_unlock_irqrestore(&ring->blk_ring_lock, flags); if (notify) notify_remote_via_irq(ring->irq); }",visit repo url,drivers/block/xen-blkback/blkback.c,https://github.com/torvalds/linux,21280119624437,1 2129,CWE-319,"static int mincore_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, struct mm_walk *walk) { spinlock_t *ptl; struct vm_area_struct *vma = walk->vma; pte_t *ptep; unsigned char *vec = walk->private; int nr = (end - addr) >> PAGE_SHIFT; ptl = pmd_trans_huge_lock(pmd, vma); if (ptl) { memset(vec, 1, nr); spin_unlock(ptl); goto out; } if (pmd_trans_unstable(pmd)) { __mincore_unmapped_range(addr, end, vma, vec); goto out; } ptep = pte_offset_map_lock(walk->mm, pmd, addr, &ptl); for (; addr != end; ptep++, addr += PAGE_SIZE) { pte_t pte = *ptep; if (pte_none(pte)) __mincore_unmapped_range(addr, addr + PAGE_SIZE, vma, vec); else if (pte_present(pte)) *vec = 1; else { swp_entry_t entry = pte_to_swp_entry(pte); if (non_swap_entry(entry)) { *vec = 1; } else { #ifdef CONFIG_SWAP *vec = mincore_page(swap_address_space(entry), swp_offset(entry)); #else WARN_ON(1); *vec = 1; #endif } } vec++; } pte_unmap_unlock(ptep - 1, ptl); out: walk->private += nr; cond_resched(); return 0; }",visit repo url,mm/mincore.c,https://github.com/torvalds/linux,186384143129340,1 3849,CWE-476,"diff_buf_delete(buf_T *buf) { int i; tabpage_T *tp; FOR_ALL_TABPAGES(tp) { i = diff_buf_idx_tp(buf, tp); if (i != DB_COUNT) { tp->tp_diffbuf[i] = NULL; tp->tp_diff_invalid = TRUE; if (tp == curtab) diff_redraw(TRUE); } } }",visit repo url,src/diff.c,https://github.com/vim/vim,116046634118520,1 6747,CWE-787,"int dns_add_HTTPS_start(struct dns_rr_nested *svcparam_buffer, struct dns_packet *packet, dns_rr_type type, const char *domain, int ttl, int priority, const char *target) { svcparam_buffer = dns_add_rr_nested_start(svcparam_buffer, packet, type, DNS_T_HTTPS, domain, ttl); if (svcparam_buffer == NULL) { return -1; } int target_len = strnlen(target, DNS_MAX_CNAME_LEN) + 1; if (_dns_left_len(&svcparam_buffer->context) < 2 + target_len) { return -1; } _dns_write_short(&svcparam_buffer->context.ptr, priority); safe_strncpy((char *)svcparam_buffer->context.ptr, target, target_len); svcparam_buffer->context.ptr += target_len; return 0; }",visit repo url,src/dns.c,https://github.com/pymumu/smartdns,157576584129339,1 1033,['CWE-20'],"asmlinkage long sys_sethostname(char __user *name, int len) { int errno; char tmp[__NEW_UTS_LEN]; if (!capable(CAP_SYS_ADMIN)) return -EPERM; if (len < 0 || len > __NEW_UTS_LEN) return -EINVAL; down_write(&uts_sem); errno = -EFAULT; if (!copy_from_user(tmp, name, len)) { memcpy(utsname()->nodename, tmp, len); utsname()->nodename[len] = 0; errno = 0; } up_write(&uts_sem); return errno; }",linux-2.6,,,318400137120926626039322562818540115272,0 2473,['CWE-119'],"static void strip_prefix(int prefix_length, const char **namep, const char **otherp) { if (*namep && **namep != '/') *namep += prefix_length; if (*otherp && **otherp != '/') *otherp += prefix_length; }",git,,,173932643710822829108674961220551880596,0 2744,CWE-20," */ static void php_wddx_process_data(void *user_data, const XML_Char *s, int len) { st_entry *ent; wddx_stack *stack = (wddx_stack *)user_data; TSRMLS_FETCH(); if (!wddx_stack_is_empty(stack) && !stack->done) { wddx_stack_top(stack, (void**)&ent); switch (ent->type) { case ST_STRING: if (Z_STRLEN_P(ent->data) == 0) { STR_FREE(Z_STRVAL_P(ent->data)); Z_STRVAL_P(ent->data) = estrndup(s, len); Z_STRLEN_P(ent->data) = len; } else { Z_STRVAL_P(ent->data) = erealloc(Z_STRVAL_P(ent->data), Z_STRLEN_P(ent->data) + len + 1); memcpy(Z_STRVAL_P(ent->data) + Z_STRLEN_P(ent->data), s, len); Z_STRLEN_P(ent->data) += len; Z_STRVAL_P(ent->data)[Z_STRLEN_P(ent->data)] = '\0'; } break; case ST_BINARY: if (Z_STRLEN_P(ent->data) == 0) { STR_FREE(Z_STRVAL_P(ent->data)); Z_STRVAL_P(ent->data) = estrndup(s, len + 1); } else { Z_STRVAL_P(ent->data) = erealloc(Z_STRVAL_P(ent->data), Z_STRLEN_P(ent->data) + len + 1); memcpy(Z_STRVAL_P(ent->data) + Z_STRLEN_P(ent->data), s, len); } Z_STRLEN_P(ent->data) += len; Z_STRVAL_P(ent->data)[Z_STRLEN_P(ent->data)] = '\0'; break; case ST_NUMBER: Z_TYPE_P(ent->data) = IS_STRING; Z_STRLEN_P(ent->data) = len; Z_STRVAL_P(ent->data) = estrndup(s, len); convert_scalar_to_number(ent->data TSRMLS_CC); break; case ST_BOOLEAN: if(!ent->data) { break; } if (!strcmp(s, ""true"")) { Z_LVAL_P(ent->data) = 1; } else if (!strcmp(s, ""false"")) { Z_LVAL_P(ent->data) = 0; } else { zval_ptr_dtor(&ent->data); if (ent->varname) { efree(ent->varname); ent->varname = NULL; } ent->data = NULL; } break; case ST_DATETIME: { char *tmp; tmp = emalloc(len + 1); memcpy(tmp, s, len); tmp[len] = '\0'; Z_LVAL_P(ent->data) = php_parse_date(tmp, NULL); if (Z_LVAL_P(ent->data) == -1) { Z_TYPE_P(ent->data) = IS_STRING; Z_STRLEN_P(ent->data) = len; Z_STRVAL_P(ent->data) = estrndup(s, len); } efree(tmp); } break; default: break; } }",visit repo url,ext/wddx/wddx.c,https://github.com/php/php-src,141562381959866,1 3415,['CWE-264'],"struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry, int (*open)(struct inode *, struct file *)) { if (IS_ERR(nd->intent.open.file)) goto out; if (IS_ERR(dentry)) goto out_err; nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->mnt), nd->intent.open.flags - 1, nd->intent.open.file, open); out: return nd->intent.open.file; out_err: release_open_intent(nd); nd->intent.open.file = (struct file *)dentry; goto out; }",linux-2.6,,,56340216466390939588795604011301565006,0 5871,CWE-120,"PJ_DEF(void) pj_scan_get_n( pj_scanner *scanner, unsigned N, pj_str_t *out) { if (scanner->curptr + N > scanner->end) { pj_scan_syntax_err(scanner); return; } pj_strset(out, scanner->curptr, N); scanner->curptr += N; if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws) { pj_scan_skip_whitespace(scanner); } }",visit repo url,pjlib-util/src/pjlib-util/scanner.c,https://github.com/pjsip/pjproject,102016738489516,1 5015,CWE-787,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 4909,CWE-787,"Perl_my_setenv(pTHX_ const char *nam, const char *val) { dVAR; #ifdef __amigaos4__ amigaos4_obtain_environ(__FUNCTION__); #endif #ifdef USE_ITHREADS if (PL_curinterp == aTHX) #endif { #ifndef PERL_USE_SAFE_PUTENV if (!PL_use_safe_putenv) { I32 i; const I32 len = strlen(nam); int nlen, vlen; for (i = 0; environ[i]; i++) { if (strnEQ(environ[i],nam,len) && environ[i][len] == '=') break; } if (environ == PL_origenviron) { I32 j; I32 max; char **tmpenv; max = i; while (environ[max]) max++; tmpenv = (char**)safesysmalloc((max+2) * sizeof(char*)); for (j=0; jkeyid[0] || !pk->keyid[1])) { if (pk->version < 4 && is_RSA(pk->pubkey_algo)) { byte p[MAX_MPI_BYTES]; size_t n; n = MAX_MPI_BYTES; _gnutls_mpi_print(pk->mpi[0], p, &n); pk->keyid[0] = p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | p[n - 5]; pk->keyid[1] = p[n - 4] << 24 | p[n - 3] << 16 | p[n - 2] << 8 | p[n - 1]; } else if (pk->version == 4) { cdk_pk_get_fingerprint(pk, buf); pk->keyid[0] = _cdk_buftou32(buf + 12); pk->keyid[1] = _cdk_buftou32(buf + 16); } } lowbits = pk ? pk->keyid[1] : 0; if (keyid && pk) { keyid[0] = pk->keyid[0]; keyid[1] = pk->keyid[1]; } return lowbits; }",visit repo url,lib/opencdk/pubkey.c,https://gitlab.com/gnutls/gnutls,19558777050677,1 2308,['CWE-120'],"asmlinkage long sys_symlinkat(const char __user *oldname, int newdfd, const char __user *newname) { int error = 0; char * from; char * to; struct dentry *dentry; struct nameidata nd; from = getname(oldname); if(IS_ERR(from)) return PTR_ERR(from); to = getname(newname); error = PTR_ERR(to); if (IS_ERR(to)) goto out_putname; error = do_path_lookup(newdfd, to, LOOKUP_PARENT, &nd); if (error) goto out; dentry = lookup_create(&nd, 0); error = PTR_ERR(dentry); if (IS_ERR(dentry)) goto out_unlock; error = mnt_want_write(nd.path.mnt); if (error) goto out_dput; error = vfs_symlink(nd.path.dentry->d_inode, dentry, from, S_IALLUGO); mnt_drop_write(nd.path.mnt); out_dput: dput(dentry); out_unlock: mutex_unlock(&nd.path.dentry->d_inode->i_mutex); path_put(&nd.path); out: putname(to); out_putname: putname(from); return error; }",linux-2.6,,,283489915514039878812387857965727200223,0 5967,CWE-611,"void init_xml_schema() { VALUE nokogiri = rb_define_module(""Nokogiri""); VALUE xml = rb_define_module_under(nokogiri, ""XML""); VALUE klass = rb_define_class_under(xml, ""Schema"", rb_cObject); cNokogiriXmlSchema = klass; rb_define_singleton_method(klass, ""read_memory"", read_memory, 1); rb_define_singleton_method(klass, ""from_document"", from_document, 1); rb_define_private_method(klass, ""validate_document"", validate_document, 1); rb_define_private_method(klass, ""validate_file"", validate_file, 1); }",visit repo url,ext/nokogiri/xml_schema.c,https://github.com/sparklemotion/nokogiri,188890619432801,1 1083,['CWE-20'],"int atomic_notifier_chain_register(struct atomic_notifier_head *nh, struct notifier_block *n) { unsigned long flags; int ret; spin_lock_irqsave(&nh->lock, flags); ret = notifier_chain_register(&nh->head, n); spin_unlock_irqrestore(&nh->lock, flags); return ret; }",linux-2.6,,,101940698168352945347109470840627175739,0 1458,[],"static void init_cfs_rq(struct cfs_rq *cfs_rq, struct rq *rq) { cfs_rq->tasks_timeline = RB_ROOT; INIT_LIST_HEAD(&cfs_rq->tasks); #ifdef CONFIG_FAIR_GROUP_SCHED cfs_rq->rq = rq; #endif cfs_rq->min_vruntime = (u64)(-(1LL << 20)); }",linux-2.6,,,174584974997916596527069958124750735489,0 5979,['CWE-200'],"static int inet6_addr_add(int ifindex, struct in6_addr *pfx, int plen) { struct inet6_ifaddr *ifp; struct inet6_dev *idev; struct net_device *dev; int scope; ASSERT_RTNL(); if ((dev = __dev_get_by_index(ifindex)) == NULL) return -ENODEV; if (!(dev->flags&IFF_UP)) return -ENETDOWN; if ((idev = addrconf_add_dev(dev)) == NULL) return -ENOBUFS; scope = ipv6_addr_scope(pfx); ifp = ipv6_add_addr(idev, pfx, plen, scope, IFA_F_PERMANENT); if (!IS_ERR(ifp)) { addrconf_dad_start(ifp, 0); in6_ifa_put(ifp); return 0; } return PTR_ERR(ifp); }",linux-2.6,,,264063781673347673045949767580419168071,0 582,CWE-310,"static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, struct flowi *fl, struct sock *sk) { struct sctp_association *asoc = t->asoc; struct dst_entry *dst = NULL; struct flowi6 *fl6 = &fl->u.ip6; struct sctp_bind_addr *bp; struct sctp_sockaddr_entry *laddr; union sctp_addr *baddr = NULL; union sctp_addr *daddr = &t->ipaddr; union sctp_addr dst_saddr; __u8 matchlen = 0; __u8 bmatchlen; sctp_scope_t scope; memset(fl6, 0, sizeof(struct flowi6)); fl6->daddr = daddr->v6.sin6_addr; fl6->fl6_dport = daddr->v6.sin6_port; fl6->flowi6_proto = IPPROTO_SCTP; if (ipv6_addr_type(&daddr->v6.sin6_addr) & IPV6_ADDR_LINKLOCAL) fl6->flowi6_oif = daddr->v6.sin6_scope_id; pr_debug(""%s: dst=%pI6 "", __func__, &fl6->daddr); if (asoc) fl6->fl6_sport = htons(asoc->base.bind_addr.port); if (saddr) { fl6->saddr = saddr->v6.sin6_addr; fl6->fl6_sport = saddr->v6.sin6_port; pr_debug(""src=%pI6 - "", &fl6->saddr); } dst = ip6_dst_lookup_flow(sk, fl6, NULL, false); if (!asoc || saddr) goto out; bp = &asoc->base.bind_addr; scope = sctp_scope(daddr); if (!IS_ERR(dst)) { sctp_v6_to_addr(&dst_saddr, &fl6->saddr, htons(bp->port)); rcu_read_lock(); list_for_each_entry_rcu(laddr, &bp->address_list, list) { if (!laddr->valid || (laddr->state != SCTP_ADDR_SRC)) continue; if ((laddr->a.sa.sa_family == AF_INET6) && (sctp_v6_cmp_addr(&dst_saddr, &laddr->a))) { rcu_read_unlock(); goto out; } } rcu_read_unlock(); dst_release(dst); dst = NULL; } rcu_read_lock(); list_for_each_entry_rcu(laddr, &bp->address_list, list) { if (!laddr->valid) continue; if ((laddr->state == SCTP_ADDR_SRC) && (laddr->a.sa.sa_family == AF_INET6) && (scope <= sctp_scope(&laddr->a))) { bmatchlen = sctp_v6_addr_match_len(daddr, &laddr->a); if (!baddr || (matchlen < bmatchlen)) { baddr = &laddr->a; matchlen = bmatchlen; } } } rcu_read_unlock(); if (baddr) { fl6->saddr = baddr->v6.sin6_addr; fl6->fl6_sport = baddr->v6.sin6_port; dst = ip6_dst_lookup_flow(sk, fl6, NULL, false); } out: if (!IS_ERR_OR_NULL(dst)) { struct rt6_info *rt; rt = (struct rt6_info *)dst; t->dst = dst; t->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; pr_debug(""rt6_dst:%pI6 rt6_src:%pI6\n"", &rt->rt6i_dst.addr, &fl6->saddr); } else { t->dst = NULL; pr_debug(""no route\n""); } }",visit repo url,net/sctp/ipv6.c,https://github.com/torvalds/linux,169291911230417,1 6695,['CWE-200'],"connection_changes_done (gpointer data) { ConnectionChangedInfo *info = (ConnectionChangedInfo *) data; NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (info->settings); NMAGConfConnection *connection; connection = nma_gconf_settings_get_by_path (info->settings, info->path); if (!connection) { connection = nma_gconf_connection_new (priv->client, info->path); if (connection) add_connection_real (info->settings, connection); } else { if (gconf_client_dir_exists (priv->client, info->path, NULL)) { if (!nma_gconf_connection_changed (connection)) priv->connections = g_slist_remove (priv->connections, connection); } } g_hash_table_remove (priv->pending_changes, info->path); return FALSE; }",network-manager-applet,,,85034629763349348139313588848863058741,0 3231,['CWE-189'],"static int jas_cmpxformseq_delete(jas_cmpxformseq_t *pxformseq, int i) { assert(i >= 0 && i < pxformseq->numpxforms); if (i != pxformseq->numpxforms - 1) abort(); jas_cmpxform_destroy(pxformseq->pxforms[i]); pxformseq->pxforms[i] = 0; --pxformseq->numpxforms; return 0; }",jasper,,,123633540344323320016359722969563624146,0 6490,['CWE-20'],"static void set_seg_override(struct decode_cache *c, int seg) { c->has_seg_override = true; c->seg_override = seg; }",kvm,,,31403249653533596745595585664890646677,0 3472,NVD-CWE-noinfo,"efind(name) char *name; { static char efbuf[100]; my_regex_t re; sprintf(efbuf, ""REG_%s"", name); assert(strlen(efbuf) < sizeof(efbuf)); re.re_endp = efbuf; (void) my_regerror(REG_ATOI, &re, efbuf, sizeof(efbuf)); return(atoi(efbuf)); }",visit repo url,regex/main.c,https://github.com/mysql/mysql-server,85900951617700,1 1182,CWE-400,"int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, unsigned long error_code) { struct vm_area_struct * vma; struct mm_struct *mm = current->mm; siginfo_t info; int code = SEGV_MAPERR; int is_write = 0, ret; int trap = TRAP(regs); int is_exec = trap == 0x400; #if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE)) if (trap == 0x400) error_code &= 0x48200000; else is_write = error_code & DSISR_ISSTORE; #else is_write = error_code & ESR_DST; #endif if (notify_page_fault(regs)) return 0; if (unlikely(debugger_fault_handler(regs))) return 0; if (!user_mode(regs) && (address >= TASK_SIZE)) return SIGSEGV; #if !(defined(CONFIG_4xx) || defined(CONFIG_BOOKE) || \ defined(CONFIG_PPC_BOOK3S_64)) if (error_code & DSISR_DABRMATCH) { do_dabr(regs, address, error_code); return 0; } #endif if (in_atomic() || mm == NULL) { if (!user_mode(regs)) return SIGSEGV; printk(KERN_EMERG ""Page fault in user mode with "" ""in_atomic() = %d mm = %p\n"", in_atomic(), mm); printk(KERN_EMERG ""NIP = %lx MSR = %lx\n"", regs->nip, regs->msr); die(""Weird page fault"", regs, SIGSEGV); } perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, 0, regs, address); if (!down_read_trylock(&mm->mmap_sem)) { if (!user_mode(regs) && !search_exception_tables(regs->nip)) goto bad_area_nosemaphore; down_read(&mm->mmap_sem); } vma = find_vma(mm, address); if (!vma) goto bad_area; if (vma->vm_start <= address) goto good_area; if (!(vma->vm_flags & VM_GROWSDOWN)) goto bad_area; if (address + 0x100000 < vma->vm_end) { struct pt_regs *uregs = current->thread.regs; if (uregs == NULL) goto bad_area; if (address + 2048 < uregs->gpr[1] && (!user_mode(regs) || !store_updates_sp(regs))) goto bad_area; } if (expand_stack(vma, address)) goto bad_area; good_area: code = SEGV_ACCERR; #if defined(CONFIG_6xx) if (error_code & 0x95700000) goto bad_area; #endif #if defined(CONFIG_8xx) if (error_code & 0x40000000) _tlbil_va(address, 0, 0, 0); if (error_code & 0x10000000) goto bad_area; #endif if (is_exec) { #ifdef CONFIG_PPC_STD_MMU if (error_code & DSISR_PROTFAULT) goto bad_area; #endif if (!(vma->vm_flags & VM_EXEC) && (cpu_has_feature(CPU_FTR_NOEXECUTE) || !(vma->vm_flags & (VM_READ | VM_WRITE)))) goto bad_area; } else if (is_write) { if (!(vma->vm_flags & VM_WRITE)) goto bad_area; } else { if (error_code & 0x08000000) goto bad_area; if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) goto bad_area; } ret = handle_mm_fault(mm, vma, address, is_write ? FAULT_FLAG_WRITE : 0); if (unlikely(ret & VM_FAULT_ERROR)) { if (ret & VM_FAULT_OOM) goto out_of_memory; else if (ret & VM_FAULT_SIGBUS) goto do_sigbus; BUG(); } if (ret & VM_FAULT_MAJOR) { current->maj_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, 0, regs, address); #ifdef CONFIG_PPC_SMLPAR if (firmware_has_feature(FW_FEATURE_CMO)) { preempt_disable(); get_lppaca()->page_ins += (1 << PAGE_FACTOR); preempt_enable(); } #endif } else { current->min_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, 0, regs, address); } up_read(&mm->mmap_sem); return 0; bad_area: up_read(&mm->mmap_sem); bad_area_nosemaphore: if (user_mode(regs)) { _exception(SIGSEGV, regs, code, address); return 0; } if (is_exec && (error_code & DSISR_PROTFAULT) && printk_ratelimit()) printk(KERN_CRIT ""kernel tried to execute NX-protected"" "" page (%lx) - exploit attempt? (uid: %d)\n"", address, current_uid()); return SIGSEGV; out_of_memory: up_read(&mm->mmap_sem); if (!user_mode(regs)) return SIGKILL; pagefault_out_of_memory(); return 0; do_sigbus: up_read(&mm->mmap_sem); if (user_mode(regs)) { info.si_signo = SIGBUS; info.si_errno = 0; info.si_code = BUS_ADRERR; info.si_addr = (void __user *)address; force_sig_info(SIGBUS, &info, current); return 0; } return SIGBUS; }",visit repo url,arch/powerpc/mm/fault.c,https://github.com/torvalds/linux,207514961342888,1 688,[],"static int jpc_rgn_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_rgn_t *rgn = &ms->parms.rgn; uint_fast8_t tmp; if (cstate->numcomps <= 256) { if (jpc_getuint8(in, &tmp)) { return -1; } rgn->compno = tmp; } else { if (jpc_getuint16(in, &rgn->compno)) { return -1; } } if (jpc_getuint8(in, &rgn->roisty) || jpc_getuint8(in, &rgn->roishift)) { return -1; } return 0; }",jasper,,,80201707364695905477206741144422725932,0 6207,CWE-190,"void fp12_exp_cyc(fp12_t c, const fp12_t a, const bn_t b) { int i, j, k, l, w = bn_ham(b); if (bn_is_zero(b)) { return fp12_set_dig(c, 1); } if ((bn_bits(b) > RLC_DIG) && ((w << 3) > bn_bits(b))) { int _l[4]; int8_t naf[4][RLC_FP_BITS + 1]; fp12_t t[4]; bn_t _b[4], n, u; bn_null(n); bn_null(u); RLC_TRY { bn_new(n); bn_new(u); for (i = 0; i < 4; i++) { bn_null(_b[i]); bn_new(_b[i]); fp12_null(t[i]); fp12_new(t[i]); } ep_curve_get_ord(n); fp_prime_get_par(u); bn_rec_frb(_b, 4, b, u, n, ep_curve_is_pairf() == EP_BN); if (ep_curve_is_pairf()) { fp12_copy(t[0], a); fp12_frb(t[1], t[0], 1); fp12_frb(t[2], t[1], 1); fp12_frb(t[3], t[2], 1); l = 0; for (i = 0; i < 4; i++) { if (bn_sign(_b[i]) == RLC_NEG) { fp12_inv_cyc(t[i], t[i]); } _l[i] = RLC_FP_BITS + 1; bn_rec_naf(naf[i], &_l[i], _b[i], 2); l = RLC_MAX(l, _l[i]); } fp12_set_dig(c, 1); for (i = l - 1; i >= 0; i--) { fp12_sqr_cyc(c, c); for (j = 0; j < 4; j++) { if (naf[j][i] > 0) { fp12_mul(c, c, t[j]); } if (naf[j][i] < 0) { fp12_inv_cyc(t[j], t[j]); fp12_mul(c, c, t[j]); fp12_inv_cyc(t[j], t[j]); } } } } else { fp12_copy(t[0], a); for (i = bn_bits(b) - 2; i >= 0; i--) { fp12_sqr_cyc(t[0], t[0]); if (bn_get_bit(b, i)) { fp12_mul(t[0], t[0], a); } } fp12_copy(c, t[0]); if (bn_sign(b) == RLC_NEG) { fp12_inv_cyc(c, c); } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(u); for (i = 0; i < 4; i++) { bn_free(_b[i]); fp12_free(t[i]); } } } else { fp12_t t, *u = RLC_ALLOCA(fp12_t, w); fp12_null(t); RLC_TRY { if (u == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (i = 0; i < w; i++) { fp12_null(u[i]); fp12_new(u[i]); } fp12_new(t); j = 0; fp12_copy(t, a); for (i = 1; i < bn_bits(b); i++) { fp12_sqr_pck(t, t); if (bn_get_bit(b, i)) { fp12_copy(u[j++], t); } } if (!bn_is_even(b)) { j = 0; k = w - 1; } else { j = 1; k = w; } fp12_back_cyc_sim(u, u, k); if (!bn_is_even(b)) { fp12_copy(c, a); } else { fp12_copy(c, u[0]); } for (i = j; i < k; i++) { fp12_mul(c, c, u[i]); } if (bn_sign(b) == RLC_NEG) { fp12_inv_cyc(c, c); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < w; i++) { fp12_free(u[i]); } fp12_free(t); RLC_FREE(u); } } }",visit repo url,src/fpx/relic_fpx_cyc.c,https://github.com/relic-toolkit/relic,206739609876784,1 3847,[],"int cap_bprm_secureexec (struct linux_binprm *bprm) { if (current->uid != 0) { if (bprm->cap_effective) return 1; if (!cap_isclear(bprm->cap_post_exec_permitted)) return 1; } return (current->euid != current->uid || current->egid != current->gid); }",linux-2.6,,,79712475519974670822359032997639156203,0 4201,CWE-190,"checked_xcalloc (size_t num, size_t size) { alloc_limit_assert (""checked_xcalloc"", (num *size)); return xcalloc (num, size); }",visit repo url,src/alloc.c,https://github.com/verdammelt/tnef,107583161349663,1 2438,CWE-20,"int ff_amf_get_field_value(const uint8_t *data, const uint8_t *data_end, const uint8_t *name, uint8_t *dst, int dst_size) { int namelen = strlen(name); int len; while (*data != AMF_DATA_TYPE_OBJECT && data < data_end) { len = ff_amf_tag_size(data, data_end); if (len < 0) len = data_end - data; data += len; } if (data_end - data < 3) return -1; data++; for (;;) { int size = bytestream_get_be16(&data); if (!size) break; if (size < 0 || size >= data_end - data) return -1; data += size; if (size == namelen && !memcmp(data-size, name, namelen)) { switch (*data++) { case AMF_DATA_TYPE_NUMBER: snprintf(dst, dst_size, ""%g"", av_int2double(AV_RB64(data))); break; case AMF_DATA_TYPE_BOOL: snprintf(dst, dst_size, ""%s"", *data ? ""true"" : ""false""); break; case AMF_DATA_TYPE_STRING: len = bytestream_get_be16(&data); av_strlcpy(dst, data, FFMIN(len+1, dst_size)); break; default: return -1; } return 0; } len = ff_amf_tag_size(data, data_end); if (len < 0 || len >= data_end - data) return -1; data += len; } return -1; }",visit repo url,libavformat/rtmppkt.c,https://github.com/FFmpeg/FFmpeg,250449696096141,1 2836,[],"direct_io_worker(int rw, struct kiocb *iocb, struct inode *inode, const struct iovec *iov, loff_t offset, unsigned long nr_segs, unsigned blkbits, get_block_t get_block, dio_iodone_t end_io, struct dio *dio) { unsigned long user_addr; unsigned long flags; int seg; ssize_t ret = 0; ssize_t ret2; size_t bytes; dio->inode = inode; dio->rw = rw; dio->blkbits = blkbits; dio->blkfactor = inode->i_blkbits - blkbits; dio->block_in_file = offset >> blkbits; dio->get_block = get_block; dio->end_io = end_io; dio->final_block_in_bio = -1; dio->next_block_for_io = -1; dio->iocb = iocb; dio->i_size = i_size_read(inode); spin_lock_init(&dio->bio_lock); dio->refcount = 1; if (unlikely(dio->blkfactor)) dio->pages_in_io = 2; for (seg = 0; seg < nr_segs; seg++) { user_addr = (unsigned long)iov[seg].iov_base; dio->pages_in_io += ((user_addr+iov[seg].iov_len +PAGE_SIZE-1)/PAGE_SIZE - user_addr/PAGE_SIZE); } for (seg = 0; seg < nr_segs; seg++) { user_addr = (unsigned long)iov[seg].iov_base; dio->size += bytes = iov[seg].iov_len; dio->first_block_in_page = (user_addr & ~PAGE_MASK) >> blkbits; dio->final_block_in_request = dio->block_in_file + (bytes >> blkbits); dio->head = 0; dio->tail = 0; dio->curr_page = 0; dio->total_pages = 0; if (user_addr & (PAGE_SIZE-1)) { dio->total_pages++; bytes -= PAGE_SIZE - (user_addr & (PAGE_SIZE - 1)); } dio->total_pages += (bytes + PAGE_SIZE - 1) / PAGE_SIZE; dio->curr_user_address = user_addr; ret = do_direct_IO(dio); dio->result += iov[seg].iov_len - ((dio->final_block_in_request - dio->block_in_file) << blkbits); if (ret) { dio_cleanup(dio); break; } } if (ret == -ENOTBLK && (rw & WRITE)) { ret = 0; } dio_zero_block(dio, 1); if (dio->cur_page) { ret2 = dio_send_cur_page(dio); if (ret == 0) ret = ret2; page_cache_release(dio->cur_page); dio->cur_page = NULL; } if (dio->bio) dio_bio_submit(dio); blk_run_address_space(inode->i_mapping); dio_cleanup(dio); if ((rw == READ) && (dio->lock_type == DIO_LOCKING)) mutex_unlock(&dio->inode->i_mutex); BUG_ON(ret == -EIOCBQUEUED); if (dio->is_async && ret == 0 && dio->result && ((rw & READ) || (dio->result == dio->size))) ret = -EIOCBQUEUED; if (ret != -EIOCBQUEUED) dio_await_completion(dio); spin_lock_irqsave(&dio->bio_lock, flags); ret2 = --dio->refcount; spin_unlock_irqrestore(&dio->bio_lock, flags); if (ret2 == 0) { ret = dio_complete(dio, offset, ret); kfree(dio); } else BUG_ON(ret != -EIOCBQUEUED); return ret; }",linux-2.6,,,284281526065098321908127691169050247270,0 2662,CWE-190,"SPL_METHOD(SplFileObject, fgets) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } if (spl_filesystem_file_read(intern, 0 TSRMLS_CC) == FAILURE) { RETURN_FALSE; } RETURN_STRINGL(intern->u.file.current_line, intern->u.file.current_line_len, 1); } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,115450907521276,1 1767,[],"unsigned long nr_running(void) { unsigned long i, sum = 0; for_each_online_cpu(i) sum += cpu_rq(i)->nr_running; return sum; }",linux-2.6,,,3881040974273199501319916790064252786,0 4113,['CWE-399'],"static struct bsg_device *__bsg_get_device(int minor, struct request_queue *q) { struct bsg_device *bd; struct hlist_node *entry; mutex_lock(&bsg_mutex); hlist_for_each_entry(bd, entry, bsg_dev_idx_hash(minor), dev_list) { if (bd->queue == q) { atomic_inc(&bd->ref_count); goto found; } } bd = NULL; found: mutex_unlock(&bsg_mutex); return bd; }",linux-2.6,,,90574864165732454613113755221146234800,0 445,[],"pfm_freeze_pmu(void) { ia64_set_pmc(0,1UL); ia64_srlz_d(); }",linux-2.6,,,306275437223422991860460551336029662978,0 6505,CWE-787,"void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_shares, const char *s_share, uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE CHECK_STATE(public_shares); CHECK_STATE(s_share); CHECK_STATE(encryptedPrivateKey); SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); mpz_t s; mpz_init(s); int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); CHECK_STATUS2(""AES_decrypt failed (in trustedDkgVerifyAES) with status %d""); SAFE_CHAR_BUF(encr_sshare, ECDSA_SKEY_LEN); strncpy(encr_sshare, s_share, ECDSA_SKEY_LEN - 1); SAFE_CHAR_BUF(common_key, ECDSA_SKEY_LEN); status = session_key_recover(skey, s_share, common_key); CHECK_STATUS(""session_key_recover failed""); SAFE_CHAR_BUF(decr_sshare, ECDSA_SKEY_LEN); status=xor_decrypt(common_key, encr_sshare, decr_sshare); CHECK_STATUS(""xor_decrypt failed"") status = mpz_set_str(s, decr_sshare, 16); CHECK_STATUS(""invalid decr secret share""); *result = Verification(public_shares, s, _t, _ind); SET_SUCCESS clean: mpz_clear(s); LOG_INFO(__FUNCTION__ ); LOG_INFO(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,252440789263342,1 1979,['CWE-20'],"static int __init disable_randmaps(char *s) { randomize_va_space = 0; return 1; }",linux-2.6,,,212778228584316688093358223136241258949,0 2465,['CWE-119'],"static void show_new_file(struct oneway_unpack_data *cbdata, struct cache_entry *new, int cached, int match_missing) { const unsigned char *sha1; unsigned int mode; struct rev_info *revs = cbdata->revs; if (get_stat_data(new, &sha1, &mode, cached, match_missing, cbdata) < 0) return; diff_index_show_file(revs, ""+"", new, sha1, mode); }",git,,,236234290662990089729260579577516037884,0 610,['CWE-189'],"static void ieee80211_process_probe_response(struct ieee80211_device *ieee, struct ieee80211_probe_response *beacon, struct ieee80211_rx_stats *stats) { struct net_device *dev = ieee->dev; struct ieee80211_network network = { .ibss_dfs = NULL, }; struct ieee80211_network *target; struct ieee80211_network *oldest = NULL; #ifdef CONFIG_IEEE80211_DEBUG struct ieee80211_info_element *info_element = beacon->info_element; #endif unsigned long flags; IEEE80211_DEBUG_SCAN(""'%s' ("" MAC_FMT ""): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n"", escape_essid(info_element->data, info_element->len), MAC_ARG(beacon->header.addr3), (beacon->capability & (1 << 0xf)) ? '1' : '0', (beacon->capability & (1 << 0xe)) ? '1' : '0', (beacon->capability & (1 << 0xd)) ? '1' : '0', (beacon->capability & (1 << 0xc)) ? '1' : '0', (beacon->capability & (1 << 0xb)) ? '1' : '0', (beacon->capability & (1 << 0xa)) ? '1' : '0', (beacon->capability & (1 << 0x9)) ? '1' : '0', (beacon->capability & (1 << 0x8)) ? '1' : '0', (beacon->capability & (1 << 0x7)) ? '1' : '0', (beacon->capability & (1 << 0x6)) ? '1' : '0', (beacon->capability & (1 << 0x5)) ? '1' : '0', (beacon->capability & (1 << 0x4)) ? '1' : '0', (beacon->capability & (1 << 0x3)) ? '1' : '0', (beacon->capability & (1 << 0x2)) ? '1' : '0', (beacon->capability & (1 << 0x1)) ? '1' : '0', (beacon->capability & (1 << 0x0)) ? '1' : '0'); if (ieee80211_network_init(ieee, beacon, &network, stats)) { IEEE80211_DEBUG_SCAN(""Dropped '%s' ("" MAC_FMT "") via %s.\n"", escape_essid(info_element->data, info_element->len), MAC_ARG(beacon->header.addr3), is_beacon(beacon->header.frame_ctl) ? ""BEACON"" : ""PROBE RESPONSE""); return; } spin_lock_irqsave(&ieee->lock, flags); list_for_each_entry(target, &ieee->network_list, list) { if (is_same_network(target, &network)) break; if ((oldest == NULL) || (target->last_scanned < oldest->last_scanned)) oldest = target; } if (&target->list == &ieee->network_list) { if (list_empty(&ieee->network_free_list)) { list_del(&oldest->list); target = oldest; IEEE80211_DEBUG_SCAN(""Expired '%s' ("" MAC_FMT "") from "" ""network list.\n"", escape_essid(target->ssid, target->ssid_len), MAC_ARG(target->bssid)); ieee80211_network_reset(target); } else { target = list_entry(ieee->network_free_list.next, struct ieee80211_network, list); list_del(ieee->network_free_list.next); } #ifdef CONFIG_IEEE80211_DEBUG IEEE80211_DEBUG_SCAN(""Adding '%s' ("" MAC_FMT "") via %s.\n"", escape_essid(network.ssid, network.ssid_len), MAC_ARG(network.bssid), is_beacon(beacon->header.frame_ctl) ? ""BEACON"" : ""PROBE RESPONSE""); #endif memcpy(target, &network, sizeof(*target)); network.ibss_dfs = NULL; list_add_tail(&target->list, &ieee->network_list); } else { IEEE80211_DEBUG_SCAN(""Updating '%s' ("" MAC_FMT "") via %s.\n"", escape_essid(target->ssid, target->ssid_len), MAC_ARG(target->bssid), is_beacon(beacon->header.frame_ctl) ? ""BEACON"" : ""PROBE RESPONSE""); update_network(target, &network); network.ibss_dfs = NULL; } spin_unlock_irqrestore(&ieee->lock, flags); if (is_beacon(beacon->header.frame_ctl)) { if (ieee->handle_beacon != NULL) ieee->handle_beacon(dev, beacon, target); } else { if (ieee->handle_probe_response != NULL) ieee->handle_probe_response(dev, beacon, target); } }",linux-2.6,,,35938210836164672943317518753667819309,0 4888,['CWE-399'],"static inline unsigned short limit(const unsigned short v, const unsigned short u) { return (v > u) ? u : v; }",linux-2.6,,,263192327691757342352910582556710093435,0 1926,['CWE-20'],"int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, int write_access) { pgd_t *pgd; pud_t *pud; pmd_t *pmd; pte_t *pte; __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, write_access); pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) return VM_FAULT_OOM; pmd = pmd_alloc(mm, pud, address); if (!pmd) return VM_FAULT_OOM; pte = pte_alloc_map(mm, pmd, address); if (!pte) return VM_FAULT_OOM; return handle_pte_fault(mm, vma, address, pte, pmd, write_access); }",linux-2.6,,,121423597990376998204563699510103602238,0 1165,CWE-400,"xscale2pmu_handle_irq(int irq_num, void *dev) { unsigned long pmnc, of_flags; struct perf_sample_data data; struct cpu_hw_events *cpuc; struct pt_regs *regs; int idx; pmnc = xscale2pmu_read_pmnc(); xscale2pmu_write_pmnc(pmnc & ~XSCALE_PMU_ENABLE); of_flags = xscale2pmu_read_overflow_flags(); if (!(of_flags & XSCALE2_OVERFLOWED_MASK)) return IRQ_NONE; xscale2pmu_write_overflow_flags(of_flags); regs = get_irq_regs(); perf_sample_data_init(&data, 0); cpuc = &__get_cpu_var(cpu_hw_events); for (idx = 0; idx <= armpmu->num_events; ++idx) { struct perf_event *event = cpuc->events[idx]; struct hw_perf_event *hwc; if (!test_bit(idx, cpuc->active_mask)) continue; if (!xscale2_pmnc_counter_has_overflowed(pmnc, idx)) continue; hwc = &event->hw; armpmu_event_update(event, hwc, idx, 1); data.period = event->hw.last_period; if (!armpmu_event_set_period(event, hwc, idx)) continue; if (perf_event_overflow(event, 0, &data, regs)) armpmu->disable(hwc, idx); } irq_work_run(); pmnc = xscale2pmu_read_pmnc() | XSCALE_PMU_ENABLE; xscale2pmu_write_pmnc(pmnc); return IRQ_HANDLED; }",visit repo url,arch/arm/kernel/perf_event_xscale.c,https://github.com/torvalds/linux,199102437527956,1 1091,['CWE-399'],"setup_sigcontext(struct sigcontext __user *sc, struct pt_regs *regs, unsigned long mask, struct task_struct *me) { int err = 0; err |= __put_user(regs->cs, &sc->cs); err |= __put_user(0, &sc->gs); err |= __put_user(0, &sc->fs); err |= __put_user(regs->di, &sc->di); err |= __put_user(regs->si, &sc->si); err |= __put_user(regs->bp, &sc->bp); err |= __put_user(regs->sp, &sc->sp); err |= __put_user(regs->bx, &sc->bx); err |= __put_user(regs->dx, &sc->dx); err |= __put_user(regs->cx, &sc->cx); err |= __put_user(regs->ax, &sc->ax); err |= __put_user(regs->r8, &sc->r8); err |= __put_user(regs->r9, &sc->r9); err |= __put_user(regs->r10, &sc->r10); err |= __put_user(regs->r11, &sc->r11); err |= __put_user(regs->r12, &sc->r12); err |= __put_user(regs->r13, &sc->r13); err |= __put_user(regs->r14, &sc->r14); err |= __put_user(regs->r15, &sc->r15); err |= __put_user(me->thread.trap_no, &sc->trapno); err |= __put_user(me->thread.error_code, &sc->err); err |= __put_user(regs->ip, &sc->ip); err |= __put_user(regs->flags, &sc->flags); err |= __put_user(mask, &sc->oldmask); err |= __put_user(me->thread.cr2, &sc->cr2); return err; }",linux-2.6,,,195214845590772915006476288523543571298,0 1879,['CWE-189'],"gnutls_handshake_get_last_in (gnutls_session_t session) { return session->internals.last_handshake_in; }",gnutls,,,138033461554164757717015685833631800806,0 6034,CWE-732,"static int shm_create(XShmSegmentInfo *shm, XImage **ximg_ptr, int w, int h, char *name) { XImage *xim; static int reported_flip = 0; int db = 0; shm->shmid = -1; shm->shmaddr = (char *) -1; *ximg_ptr = NULL; if (nofb) { return 1; } X_LOCK; if (! using_shm || xform24to32 || raw_fb) { xim = XCreateImage_wr(dpy, default_visual, depth, ZPixmap, 0, NULL, w, h, raw_fb ? 32 : BitmapPad(dpy), 0); X_UNLOCK; if (xim == NULL) { rfbErr(""XCreateImage(%s) failed.\n"", name); if (quiet) { fprintf(stderr, ""XCreateImage(%s) failed.\n"", name); } return 0; } if (db) fprintf(stderr, ""shm_create simple %d %d\t%p %s\n"", w, h, (void *)xim, name); xim->data = (char *) malloc(xim->bytes_per_line * xim->height); if (xim->data == NULL) { rfbErr(""XCreateImage(%s) data malloc failed.\n"", name); if (quiet) { fprintf(stderr, ""XCreateImage(%s) data malloc"" "" failed.\n"", name); } return 0; } if (flip_byte_order) { char *order = flip_ximage_byte_order(xim); if (! reported_flip && ! quiet) { rfbLog(""Changing XImage byte order"" "" to %s\n"", order); reported_flip = 1; } } *ximg_ptr = xim; return 1; } if (! dpy) { X_UNLOCK; return 0; } xim = XShmCreateImage_wr(dpy, default_visual, depth, ZPixmap, NULL, shm, w, h); if (xim == NULL) { rfbErr(""XShmCreateImage(%s) failed.\n"", name); if (quiet) { fprintf(stderr, ""XShmCreateImage(%s) failed.\n"", name); } X_UNLOCK; return 0; } *ximg_ptr = xim; #if HAVE_XSHM shm->shmid = shmget(IPC_PRIVATE, xim->bytes_per_line * xim->height, IPC_CREAT | 0777); if (shm->shmid == -1) { rfbErr(""shmget(%s) failed.\n"", name); rfbLogPerror(""shmget""); XDestroyImage(xim); *ximg_ptr = NULL; X_UNLOCK; return 0; } shm->shmaddr = xim->data = (char *) shmat(shm->shmid, 0, 0); if (shm->shmaddr == (char *)-1) { rfbErr(""shmat(%s) failed.\n"", name); rfbLogPerror(""shmat""); XDestroyImage(xim); *ximg_ptr = NULL; shmctl(shm->shmid, IPC_RMID, 0); shm->shmid = -1; X_UNLOCK; return 0; } shm->readOnly = False; if (! XShmAttach_wr(dpy, shm)) { rfbErr(""XShmAttach(%s) failed.\n"", name); XDestroyImage(xim); *ximg_ptr = NULL; shmdt(shm->shmaddr); shm->shmaddr = (char *) -1; shmctl(shm->shmid, IPC_RMID, 0); shm->shmid = -1; X_UNLOCK; return 0; } #endif X_UNLOCK; return 1; }",visit repo url,src/scan.c,https://github.com/LibVNC/x11vnc,181013999115654,1 251,CWE-284,"static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) { struct ipv6_pinfo *np = inet6_sk(sk); struct tcp_sock *tp; struct sk_buff *opt_skb = NULL; if (skb->protocol == htons(ETH_P_IP)) return tcp_v4_do_rcv(sk, skb); if (sk_filter(sk, skb)) goto discard; if (np->rxopt.all) opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC)); if (sk->sk_state == TCP_ESTABLISHED) { struct dst_entry *dst = sk->sk_rx_dst; sock_rps_save_rxhash(sk, skb); sk_mark_napi_id(sk, skb); if (dst) { if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif || dst->ops->check(dst, np->rx_dst_cookie) == NULL) { dst_release(dst); sk->sk_rx_dst = NULL; } } tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len); if (opt_skb) goto ipv6_pktoptions; return 0; } if (tcp_checksum_complete(skb)) goto csum_err; if (sk->sk_state == TCP_LISTEN) { struct sock *nsk = tcp_v6_cookie_check(sk, skb); if (!nsk) goto discard; if (nsk != sk) { sock_rps_save_rxhash(nsk, skb); sk_mark_napi_id(nsk, skb); if (tcp_child_process(sk, nsk, skb)) goto reset; if (opt_skb) __kfree_skb(opt_skb); return 0; } } else sock_rps_save_rxhash(sk, skb); if (tcp_rcv_state_process(sk, skb)) goto reset; if (opt_skb) goto ipv6_pktoptions; return 0; reset: tcp_v6_send_reset(sk, skb); discard: if (opt_skb) __kfree_skb(opt_skb); kfree_skb(skb); return 0; csum_err: TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS); TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS); goto discard; ipv6_pktoptions: tp = tcp_sk(sk); if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt && !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) { if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) np->mcast_oif = tcp_v6_iif(opt_skb); if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass) np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb)); if (np->repflow) np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb)); if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) { skb_set_owner_r(opt_skb, sk); tcp_v6_restore_cb(opt_skb); opt_skb = xchg(&np->pktoptions, opt_skb); } else { __kfree_skb(opt_skb); opt_skb = xchg(&np->pktoptions, NULL); } } kfree_skb(opt_skb); return 0; }",visit repo url,net/ipv6/tcp_ipv6.c,https://github.com/torvalds/linux,62118971422165,1 497,CWE-362,"static ssize_t ocfs2_direct_IO(struct kiocb *iocb, struct iov_iter *iter) { struct file *file = iocb->ki_filp; struct inode *inode = file->f_mapping->host; struct ocfs2_super *osb = OCFS2_SB(inode->i_sb); get_block_t *get_block; if (OCFS2_I(inode)->ip_dyn_features & OCFS2_INLINE_DATA_FL) return 0; if (iocb->ki_pos + iter->count > i_size_read(inode) && !ocfs2_supports_append_dio(osb)) return 0; if (iov_iter_rw(iter) == READ) get_block = ocfs2_get_block; else get_block = ocfs2_dio_get_block; return __blockdev_direct_IO(iocb, inode, inode->i_sb->s_bdev, iter, get_block, ocfs2_dio_end_io, NULL, 0); }",visit repo url,fs/ocfs2/aops.c,https://github.com/torvalds/linux,169180453296906,1 2981,CWE-399," */ private int mconvert(struct magic_set *ms, struct magic *m, int flip) { union VALUETYPE *p = &ms->ms_value; switch (cvt_flip(m->type, flip)) { case FILE_BYTE: cvt_8(p, m); return 1; case FILE_SHORT: cvt_16(p, m); return 1; case FILE_LONG: case FILE_DATE: case FILE_LDATE: cvt_32(p, m); return 1; case FILE_QUAD: case FILE_QDATE: case FILE_QLDATE: case FILE_QWDATE: cvt_64(p, m); return 1; case FILE_STRING: case FILE_BESTRING16: case FILE_LESTRING16: { p->s[sizeof(p->s) - 1] = '\0'; return 1; } case FILE_PSTRING: { char *ptr1 = p->s, *ptr2 = ptr1 + file_pstring_length_size(m); size_t len = file_pstring_get_length(m, ptr1); if (len >= sizeof(p->s)) len = sizeof(p->s) - 1; while (len--) *ptr1++ = *ptr2++; *ptr1 = '\0'; return 1; } case FILE_BESHORT: p->h = (short)((p->hs[0]<<8)|(p->hs[1])); cvt_16(p, m); return 1; case FILE_BELONG: case FILE_BEDATE: case FILE_BELDATE: p->l = (int32_t) ((p->hl[0]<<24)|(p->hl[1]<<16)|(p->hl[2]<<8)|(p->hl[3])); cvt_32(p, m); return 1; case FILE_BEQUAD: case FILE_BEQDATE: case FILE_BEQLDATE: case FILE_BEQWDATE: p->q = (uint64_t) (((uint64_t)p->hq[0]<<56)|((uint64_t)p->hq[1]<<48)| ((uint64_t)p->hq[2]<<40)|((uint64_t)p->hq[3]<<32)| ((uint64_t)p->hq[4]<<24)|((uint64_t)p->hq[5]<<16)| ((uint64_t)p->hq[6]<<8)|((uint64_t)p->hq[7])); cvt_64(p, m); return 1; case FILE_LESHORT: p->h = (short)((p->hs[1]<<8)|(p->hs[0])); cvt_16(p, m); return 1; case FILE_LELONG: case FILE_LEDATE: case FILE_LELDATE: p->l = (int32_t) ((p->hl[3]<<24)|(p->hl[2]<<16)|(p->hl[1]<<8)|(p->hl[0])); cvt_32(p, m); return 1; case FILE_LEQUAD: case FILE_LEQDATE: case FILE_LEQLDATE: case FILE_LEQWDATE: p->q = (uint64_t) (((uint64_t)p->hq[7]<<56)|((uint64_t)p->hq[6]<<48)| ((uint64_t)p->hq[5]<<40)|((uint64_t)p->hq[4]<<32)| ((uint64_t)p->hq[3]<<24)|((uint64_t)p->hq[2]<<16)| ((uint64_t)p->hq[1]<<8)|((uint64_t)p->hq[0])); cvt_64(p, m); return 1; case FILE_MELONG: case FILE_MEDATE: case FILE_MELDATE: p->l = (int32_t) ((p->hl[1]<<24)|(p->hl[0]<<16)|(p->hl[3]<<8)|(p->hl[2])); cvt_32(p, m); return 1; case FILE_FLOAT: cvt_float(p, m); return 1; case FILE_BEFLOAT: p->l = ((uint32_t)p->hl[0]<<24)|((uint32_t)p->hl[1]<<16)| ((uint32_t)p->hl[2]<<8) |((uint32_t)p->hl[3]); cvt_float(p, m); return 1; case FILE_LEFLOAT: p->l = ((uint32_t)p->hl[3]<<24)|((uint32_t)p->hl[2]<<16)| ((uint32_t)p->hl[1]<<8) |((uint32_t)p->hl[0]); cvt_float(p, m); return 1; case FILE_DOUBLE: cvt_double(p, m); return 1; case FILE_BEDOUBLE: p->q = ((uint64_t)p->hq[0]<<56)|((uint64_t)p->hq[1]<<48)| ((uint64_t)p->hq[2]<<40)|((uint64_t)p->hq[3]<<32)| ((uint64_t)p->hq[4]<<24)|((uint64_t)p->hq[5]<<16)| ((uint64_t)p->hq[6]<<8) |((uint64_t)p->hq[7]); cvt_double(p, m); return 1; case FILE_LEDOUBLE: p->q = ((uint64_t)p->hq[7]<<56)|((uint64_t)p->hq[6]<<48)| ((uint64_t)p->hq[5]<<40)|((uint64_t)p->hq[4]<<32)| ((uint64_t)p->hq[3]<<24)|((uint64_t)p->hq[2]<<16)| ((uint64_t)p->hq[1]<<8) |((uint64_t)p->hq[0]); cvt_double(p, m); return 1; case FILE_REGEX: case FILE_SEARCH: case FILE_DEFAULT: case FILE_CLEAR: case FILE_NAME: case FILE_USE: return 1; default: file_magerror(ms, ""invalid type %d in mconvert()"", m->type); return 0;",visit repo url,src/softmagic.c,https://github.com/file/file,211029272112865,1 2011,['CWE-269'],"void mark_mounts_for_expiry(struct list_head *mounts) { struct vfsmount *mnt, *next; LIST_HEAD(graveyard); if (list_empty(mounts)) return; spin_lock(&vfsmount_lock); list_for_each_entry_safe(mnt, next, mounts, mnt_expire) { if (!xchg(&mnt->mnt_expiry_mark, 1) || atomic_read(&mnt->mnt_count) != 1) continue; mntget(mnt); list_move(&mnt->mnt_expire, &graveyard); } expire_mount_list(&graveyard, mounts); spin_unlock(&vfsmount_lock); }",linux-2.6,,,14477755083510404110361953048339379033,0 1274,CWE-119,"static int fallocate_chunk(struct inode *inode, loff_t offset, loff_t len, int mode) { struct gfs2_inode *ip = GFS2_I(inode); struct buffer_head *dibh; int error; u64 start = offset >> PAGE_CACHE_SHIFT; unsigned int start_offset = offset & ~PAGE_CACHE_MASK; u64 end = (offset + len - 1) >> PAGE_CACHE_SHIFT; pgoff_t curr; struct page *page; unsigned int end_offset = (offset + len) & ~PAGE_CACHE_MASK; unsigned int from, to; if (!end_offset) end_offset = PAGE_CACHE_SIZE; error = gfs2_meta_inode_buffer(ip, &dibh); if (unlikely(error)) goto out; gfs2_trans_add_bh(ip->i_gl, dibh, 1); if (gfs2_is_stuffed(ip)) { error = gfs2_unstuff_dinode(ip, NULL); if (unlikely(error)) goto out; } curr = start; offset = start << PAGE_CACHE_SHIFT; from = start_offset; to = PAGE_CACHE_SIZE; while (curr <= end) { page = grab_cache_page_write_begin(inode->i_mapping, curr, AOP_FLAG_NOFS); if (unlikely(!page)) { error = -ENOMEM; goto out; } if (curr == end) to = end_offset; error = write_empty_blocks(page, from, to, mode); if (!error && offset + to > inode->i_size && !(mode & FALLOC_FL_KEEP_SIZE)) { i_size_write(inode, offset + to); } unlock_page(page); page_cache_release(page); if (error) goto out; curr++; offset += PAGE_CACHE_SIZE; from = 0; } mark_inode_dirty(inode); brelse(dibh); out: return error; }",visit repo url,fs/gfs2/file.c,https://github.com/torvalds/linux,176686161219100,1 4275,CWE-787,"static bool load_buffer(RBinFile *bf, void **bin_obj, RBuffer *buf, ut64 loadaddr, Sdb *sdb) { RDyldCache *cache = R_NEW0 (RDyldCache); memcpy (cache->magic, ""dyldcac"", 7); cache->buf = r_buf_ref (buf); populate_cache_headers (cache); if (!cache->hdr) { r_dyldcache_free (cache); return false; } populate_cache_maps (cache); if (!cache->maps) { r_dyldcache_free (cache); return false; } cache->accel = read_cache_accel (cache->buf, cache->hdr, cache->maps); cache->bins = create_cache_bins (bf, cache); if (!cache->bins) { r_dyldcache_free (cache); return false; } cache->locsym = r_dyld_locsym_new (cache); cache->rebase_infos = get_rebase_infos (bf, cache); if (cache->rebase_infos) { if (!rebase_infos_get_slide (cache)) { if (!pending_bin_files) { pending_bin_files = r_list_new (); if (!pending_bin_files) { r_dyldcache_free (cache); return false; } } r_list_push (pending_bin_files, bf); swizzle_io_read (cache, bf->rbin->iob.io); } } *bin_obj = cache; return true; }",visit repo url,libr/bin/p/bin_dyldcache.c,https://github.com/radareorg/radare2,85041850432817,1 5344,['CWE-476'],"void kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) { if (cr3 == vcpu->arch.cr3 && !pdptrs_changed(vcpu)) { kvm_mmu_sync_roots(vcpu); kvm_mmu_flush_tlb(vcpu); return; } if (is_long_mode(vcpu)) { if (cr3 & CR3_L_MODE_RESERVED_BITS) { printk(KERN_DEBUG ""set_cr3: #GP, reserved bits\n""); kvm_inject_gp(vcpu, 0); return; } } else { if (is_pae(vcpu)) { if (cr3 & CR3_PAE_RESERVED_BITS) { printk(KERN_DEBUG ""set_cr3: #GP, reserved bits\n""); kvm_inject_gp(vcpu, 0); return; } if (is_paging(vcpu) && !load_pdptrs(vcpu, cr3)) { printk(KERN_DEBUG ""set_cr3: #GP, pdptrs "" ""reserved bits\n""); kvm_inject_gp(vcpu, 0); return; } } } if (unlikely(!gfn_to_memslot(vcpu->kvm, cr3 >> PAGE_SHIFT))) kvm_inject_gp(vcpu, 0); else { vcpu->arch.cr3 = cr3; vcpu->arch.mmu.new_cr3(vcpu); } }",linux-2.6,,,300436623998380840309244302112372659228,0 6054,CWE-190,"void bn_mxp_slide(bn_t c, const bn_t a, const bn_t b, const bn_t m) { bn_t tab[RLC_TABLE_SIZE], t, u, r; int i, j, l, w = 1; uint8_t *win = RLC_ALLOCA(uint8_t, bn_bits(b)); if (win == NULL) { RLC_THROW(ERR_NO_MEMORY); return; } if (bn_cmp_dig(m, 1) == RLC_EQ) { RLC_FREE(win); bn_zero(c); return; } if (bn_is_zero(b)) { RLC_FREE(win); bn_set_dig(c, 1); return; } bn_null(t); bn_null(u); bn_null(r); for (i = 0; i < RLC_TABLE_SIZE; i++) { bn_null(tab[i]); } i = bn_bits(b); if (i <= 21) { w = 2; } else if (i <= 32) { w = 3; } else if (i <= 128) { w = 4; } else if (i <= 256) { w = 5; } else if (i <= 512) { w = 6; } else { w = 7; } RLC_TRY { for (i = 0; i < (1 << (w - 1)); i++) { bn_new(tab[i]); } bn_new(t); bn_new(u); bn_new(r); bn_mod_pre(u, m); #if BN_MOD == MONTY bn_set_dig(r, 1); bn_mod_monty_conv(r, r, m); bn_mod_monty_conv(t, a, m); #else bn_set_dig(r, 1); bn_copy(t, a); #endif bn_copy(tab[0], t); bn_sqr(t, tab[0]); bn_mod(t, t, m, u); for (i = 1; i < 1 << (w - 1); i++) { bn_mul(tab[i], tab[i - 1], t); bn_mod(tab[i], tab[i], m, u); } l = bn_bits(b); bn_rec_slw(win, &l, b, w); for (i = 0; i < l; i++) { if (win[i] == 0) { bn_sqr(r, r); bn_mod(r, r, m, u); } else { for (j = 0; j < util_bits_dig(win[i]); j++) { bn_sqr(r, r); bn_mod(r, r, m, u); } bn_mul(r, r, tab[win[i] >> 1]); bn_mod(r, r, m, u); } } bn_trim(r); #if BN_MOD == MONTY bn_mod_monty_back(r, r, m); #endif if (bn_sign(b) == RLC_NEG) { bn_mod_inv(c, r, m); } else { bn_copy(c, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (w - 1)); i++) { bn_free(tab[i]); } bn_free(u); bn_free(t); bn_free(r); RLC_FREE(win); } }",visit repo url,src/bn/relic_bn_mxp.c,https://github.com/relic-toolkit/relic,109331092918788,1 4370,['CWE-264'],"static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority, int family) { struct sock *sk; struct kmem_cache *slab; slab = prot->slab; if (slab != NULL) sk = kmem_cache_alloc(slab, priority); else sk = kmalloc(prot->obj_size, priority); if (sk != NULL) { if (security_sk_alloc(sk, family, priority)) goto out_free; if (!try_module_get(prot->owner)) goto out_free_sec; } return sk; out_free_sec: security_sk_free(sk); out_free: if (slab != NULL) kmem_cache_free(slab, sk); else kfree(sk); return NULL; }",linux-2.6,,,20433823350827347487436879274300734426,0 1174,['CWE-189'],"void __init hrtimers_init(void) { hrtimer_cpu_notify(&hrtimers_nb, (unsigned long)CPU_UP_PREPARE, (void *)(long)smp_processor_id()); register_cpu_notifier(&hrtimers_nb); #ifdef CONFIG_HIGH_RES_TIMERS open_softirq(HRTIMER_SOFTIRQ, run_hrtimer_softirq, NULL); #endif }",linux-2.6,,,6437106598383841864417851289737031063,0 1675,CWE-362,"static int snd_timer_user_open(struct inode *inode, struct file *file) { struct snd_timer_user *tu; int err; err = nonseekable_open(inode, file); if (err < 0) return err; tu = kzalloc(sizeof(*tu), GFP_KERNEL); if (tu == NULL) return -ENOMEM; spin_lock_init(&tu->qlock); init_waitqueue_head(&tu->qchange_sleep); mutex_init(&tu->tread_sem); tu->ticks = 1; tu->queue_size = 128; tu->queue = kmalloc(tu->queue_size * sizeof(struct snd_timer_read), GFP_KERNEL); if (tu->queue == NULL) { kfree(tu); return -ENOMEM; } file->private_data = tu; return 0; }",visit repo url,sound/core/timer.c,https://github.com/torvalds/linux,29703086060326,1 1946,CWE-401,"static int spi_gpio_probe(struct platform_device *pdev) { int status; struct spi_master *master; struct spi_gpio *spi_gpio; struct device *dev = &pdev->dev; struct spi_bitbang *bb; const struct of_device_id *of_id; of_id = of_match_device(spi_gpio_dt_ids, &pdev->dev); master = spi_alloc_master(dev, sizeof(*spi_gpio)); if (!master) return -ENOMEM; status = devm_add_action_or_reset(&pdev->dev, spi_gpio_put, master); if (status) return status; if (of_id) status = spi_gpio_probe_dt(pdev, master); else status = spi_gpio_probe_pdata(pdev, master); if (status) return status; spi_gpio = spi_master_get_devdata(master); status = spi_gpio_request(dev, spi_gpio); if (status) return status; master->bits_per_word_mask = SPI_BPW_RANGE_MASK(1, 32); master->mode_bits = SPI_3WIRE | SPI_3WIRE_HIZ | SPI_CPHA | SPI_CPOL | SPI_CS_HIGH; if (!spi_gpio->mosi) { master->flags = SPI_MASTER_NO_TX; } master->bus_num = pdev->id; master->setup = spi_gpio_setup; master->cleanup = spi_gpio_cleanup; bb = &spi_gpio->bitbang; bb->master = master; master->flags |= SPI_MASTER_GPIO_SS; bb->chipselect = spi_gpio_chipselect; bb->set_line_direction = spi_gpio_set_direction; if (master->flags & SPI_MASTER_NO_TX) { bb->txrx_word[SPI_MODE_0] = spi_gpio_spec_txrx_word_mode0; bb->txrx_word[SPI_MODE_1] = spi_gpio_spec_txrx_word_mode1; bb->txrx_word[SPI_MODE_2] = spi_gpio_spec_txrx_word_mode2; bb->txrx_word[SPI_MODE_3] = spi_gpio_spec_txrx_word_mode3; } else { bb->txrx_word[SPI_MODE_0] = spi_gpio_txrx_word_mode0; bb->txrx_word[SPI_MODE_1] = spi_gpio_txrx_word_mode1; bb->txrx_word[SPI_MODE_2] = spi_gpio_txrx_word_mode2; bb->txrx_word[SPI_MODE_3] = spi_gpio_txrx_word_mode3; } bb->setup_transfer = spi_bitbang_setup_transfer; status = spi_bitbang_init(&spi_gpio->bitbang); if (status) return status; return devm_spi_register_master(&pdev->dev, spi_master_get(master)); }",visit repo url,drivers/spi/spi-gpio.c,https://github.com/torvalds/linux,200505478434851,1 1517,CWE-200,"void __detach_mounts(struct dentry *dentry) { struct mountpoint *mp; struct mount *mnt; namespace_lock(); mp = lookup_mountpoint(dentry); if (IS_ERR_OR_NULL(mp)) goto out_unlock; lock_mount_hash(); while (!hlist_empty(&mp->m_list)) { mnt = hlist_entry(mp->m_list.first, struct mount, mnt_mp_list); if (mnt->mnt.mnt_flags & MNT_UMOUNT) { struct mount *p, *tmp; list_for_each_entry_safe(p, tmp, &mnt->mnt_mounts, mnt_child) { hlist_add_head(&p->mnt_umount.s_list, &unmounted); umount_mnt(p); } } else umount_tree(mnt, 0); } unlock_mount_hash(); put_mountpoint(mp); out_unlock: namespace_unlock(); }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,41812999428273,1 2780,CWE-125,"void ntlm_print_negotiate_flags(UINT32 flags) { int i; const char* str; WLog_INFO(TAG, ""negotiateFlags \""0x%08""PRIX32""\"""", flags); for (i = 31; i >= 0; i--) { if ((flags >> i) & 1) { str = NTLM_NEGOTIATE_STRINGS[(31 - i)]; WLog_INFO(TAG, ""\t%s (%d),"", str, (31 - i)); } } }",visit repo url,winpr/libwinpr/sspi/NTLM/ntlm_message.c,https://github.com/FreeRDP/FreeRDP,218211556942808,1 199,CWE-362," __must_hold(&ctx->completion_lock) { u32 seq = ctx->cached_cq_tail - atomic_read(&ctx->cq_timeouts); spin_lock_irq(&ctx->timeout_lock); while (!list_empty(&ctx->timeout_list)) { u32 events_needed, events_got; struct io_kiocb *req = list_first_entry(&ctx->timeout_list, struct io_kiocb, timeout.list); if (io_is_timeout_noseq(req)) break; events_needed = req->timeout.target_seq - ctx->cq_last_tm_flush; events_got = seq - ctx->cq_last_tm_flush; if (events_got < events_needed) break; list_del_init(&req->timeout.list); io_kill_timeout(req, 0); } ctx->cq_last_tm_flush = seq; spin_unlock_irq(&ctx->timeout_lock); }",visit repo url,fs/io_uring.c,https://github.com/torvalds/linux,63099341733920,1 6659,['CWE-200'],"pk_button_selection_changed_cb (GtkTreeSelection *selection, gpointer user_data) { ActionInfo *info = (ActionInfo *) user_data; GtkTreeIter iter; GtkTreeModel *model; NMExportedConnection *exported; NMConnection *connection = NULL; NMSettingConnection *s_con; gboolean can_do_action = FALSE; gboolean req_privs = FALSE; if (!gtk_tree_selection_get_selected (selection, &model, &iter)) goto done; exported = get_active_connection (info->treeview); if (exported) connection = nm_exported_connection_get_connection (exported); if (!connection) goto done; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_assert (s_con); if (nm_connection_get_scope (connection) != NM_CONNECTION_SCOPE_SYSTEM) can_do_action = !nm_setting_connection_get_read_only (s_con); else { if (!nm_setting_connection_get_read_only (s_con)) can_do_action = check_sensitivity (info, POLKIT_RESULT_UNKNOWN); req_privs = TRUE; } done: g_object_set (info->gnome_action, ""polkit-action"", req_privs ? info->action : NULL, NULL); g_object_set (info->gnome_action, ""master-sensitive"", can_do_action, NULL); }",network-manager-applet,,,157726012461699706696882275032364800178,0 6178,['CWE-200'],"static void neigh_rcu_free_parms(struct rcu_head *head) { struct neigh_parms *parms = container_of(head, struct neigh_parms, rcu_head); neigh_parms_put(parms); }",linux-2.6,,,215259558718775680700979593591170383330,0 6178,CWE-190,"void fb_exp_slide(fb_t c, const fb_t a, const bn_t b) { fb_t t[1 << (FB_WIDTH - 1)], r; int i, j, l; uint8_t win[RLC_FB_BITS + 1]; fb_null(r); if (bn_is_zero(b)) { fb_set_dig(c, 1); return; } for (i = 0; i < (1 << (FB_WIDTH - 1)); i++) { fb_null(t[i]); } RLC_TRY { for (i = 0; i < (1 << (FB_WIDTH - 1)); i ++) { fb_new(t[i]); } fb_new(r); fb_copy(t[0], a); fb_sqr(r, a); for (i = 1; i < 1 << (FB_WIDTH - 1); i++) { fb_mul(t[i], t[i - 1], r); } fb_set_dig(r, 1); l = RLC_FB_BITS + 1; bn_rec_slw(win, &l, b, FB_WIDTH); for (i = 0; i < l; i++) { if (win[i] == 0) { fb_sqr(r, r); } else { for (j = 0; j < util_bits_dig(win[i]); j++) { fb_sqr(r, r); } fb_mul(r, r, t[win[i] >> 1]); } } if (bn_sign(b) == RLC_NEG) { fb_inv(c, r); } else { fb_copy(c, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (FB_WIDTH - 1)); i++) { fb_free(t[i]); } fb_free(r); } }",visit repo url,src/fb/relic_fb_exp.c,https://github.com/relic-toolkit/relic,33023241934073,1 3371,CWE-119,"static MagickBooleanType WriteGROUP4Image(const ImageInfo *image_info, Image *image,ExceptionInfo *exception) { char filename[MagickPathExtent]; FILE *file; Image *huffman_image; ImageInfo *write_info; int unique_file; MagickBooleanType status; register ssize_t i; ssize_t count; TIFF *tiff; toff_t *byte_count, strip_size; unsigned char *buffer; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(image != (Image *) NULL); assert(image->signature == MagickCoreSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception); if (status == MagickFalse) return(status); huffman_image=CloneImage(image,0,0,MagickTrue,exception); if (huffman_image == (Image *) NULL) { (void) CloseBlob(image); return(MagickFalse); } huffman_image->endian=MSBEndian; file=(FILE *) NULL; unique_file=AcquireUniqueFileResource(filename); if (unique_file != -1) file=fdopen(unique_file,""wb""); if ((unique_file == -1) || (file == (FILE *) NULL)) { ThrowFileException(exception,FileOpenError,""UnableToCreateTemporaryFile"", filename); return(MagickFalse); } (void) FormatLocaleString(huffman_image->filename,MagickPathExtent,""tiff:%s"", filename); (void) SetImageType(huffman_image,BilevelType,exception); write_info=CloneImageInfo((ImageInfo *) NULL); SetImageInfoFile(write_info,file); (void) SetImageType(image,BilevelType,exception); (void) SetImageDepth(image,1,exception); write_info->compression=Group4Compression; write_info->type=BilevelType; (void) SetImageOption(write_info,""quantum:polarity"",""min-is-white""); status=WriteTIFFImage(write_info,huffman_image,exception); (void) fflush(file); write_info=DestroyImageInfo(write_info); if (status == MagickFalse) { huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); return(MagickFalse); } tiff=TIFFOpen(filename,""rb""); if (tiff == (TIFF *) NULL) { huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); ThrowFileException(exception,FileOpenError,""UnableToOpenFile"", image_info->filename); return(MagickFalse); } if (TIFFGetField(tiff,TIFFTAG_STRIPBYTECOUNTS,&byte_count) != 1) { TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); return(MagickFalse); } strip_size=byte_count[0]; for (i=1; i < (ssize_t) TIFFNumberOfStrips(tiff); i++) if (byte_count[i] > strip_size) strip_size=byte_count[i]; buffer=(unsigned char *) AcquireQuantumMemory((size_t) strip_size, sizeof(*buffer)); if (buffer == (unsigned char *) NULL) { TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); ThrowBinaryException(ResourceLimitError,""MemoryAllocationFailed"", image_info->filename); } for (i=0; i < (ssize_t) TIFFNumberOfStrips(tiff); i++) { count=(ssize_t) TIFFReadRawStrip(tiff,(uint32) i,buffer,strip_size); if (WriteBlob(image,(size_t) count,buffer) != count) status=MagickFalse; } buffer=(unsigned char *) RelinquishMagickMemory(buffer); TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); (void) CloseBlob(image); return(status); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,127830029859842,1 2227,NVD-CWE-noinfo,"int nfs4_do_close(struct path *path, struct nfs4_state *state, int wait) { struct nfs_server *server = NFS_SERVER(state->inode); struct nfs4_closedata *calldata; struct nfs4_state_owner *sp = state->owner; struct rpc_task *task; struct rpc_message msg = { .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_CLOSE], .rpc_cred = state->owner->so_cred, }; struct rpc_task_setup task_setup_data = { .rpc_client = server->client, .rpc_message = &msg, .callback_ops = &nfs4_close_ops, .workqueue = nfsiod_workqueue, .flags = RPC_TASK_ASYNC, }; int status = -ENOMEM; calldata = kmalloc(sizeof(*calldata), GFP_KERNEL); if (calldata == NULL) goto out; calldata->inode = state->inode; calldata->state = state; calldata->arg.fh = NFS_FH(state->inode); calldata->arg.stateid = &state->open_stateid; calldata->arg.seqid = nfs_alloc_seqid(&state->owner->so_seqid); if (calldata->arg.seqid == NULL) goto out_free_calldata; calldata->arg.open_flags = 0; calldata->arg.bitmask = server->attr_bitmask; calldata->res.fattr = &calldata->fattr; calldata->res.seqid = calldata->arg.seqid; calldata->res.server = server; calldata->path.mnt = mntget(path->mnt); calldata->path.dentry = dget(path->dentry); msg.rpc_argp = &calldata->arg, msg.rpc_resp = &calldata->res, task_setup_data.callback_data = calldata; task = rpc_run_task(&task_setup_data); if (IS_ERR(task)) return PTR_ERR(task); status = 0; if (wait) status = rpc_wait_for_completion_task(task); rpc_put_task(task); return status; out_free_calldata: kfree(calldata); out: nfs4_put_open_state(state); nfs4_put_state_owner(sp); return status; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,41378922770500,1 2923,CWE-310,"unsigned long lh_char_hash(const void *k) { unsigned int h = 0; const char* data = (const char*)k; while( *data!=0 ) h = h*129 + (unsigned int)(*data++) + LH_PRIME; return h; }",visit repo url,linkhash.c,https://github.com/json-c/json-c,148397585897763,1 2217,NVD-CWE-noinfo,"static void nfs4_return_incompatible_delegation(struct inode *inode, mode_t open_flags) { struct nfs_delegation *delegation; rcu_read_lock(); delegation = rcu_dereference(NFS_I(inode)->delegation); if (delegation == NULL || (delegation->type & open_flags) == open_flags) { rcu_read_unlock(); return; } rcu_read_unlock(); nfs_inode_return_delegation(inode); }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,193623008606620,1 5973,['CWE-200'],"static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = ANYCAST_ADDR; return inet6_dump_addr(skb, cb, type); }",linux-2.6,,,107075575945575755827399794334350919317,0 1459,CWE-119,"static int udf_pc_to_char(struct super_block *sb, unsigned char *from, int fromlen, unsigned char *to, int tolen) { struct pathComponent *pc; int elen = 0; int comp_len; unsigned char *p = to; tolen--; while (elen < fromlen) { pc = (struct pathComponent *)(from + elen); switch (pc->componentType) { case 1: if (pc->lengthComponentIdent > 0) break; case 2: if (tolen == 0) return -ENAMETOOLONG; p = to; *p++ = '/'; tolen--; break; case 3: if (tolen < 3) return -ENAMETOOLONG; memcpy(p, ""../"", 3); p += 3; tolen -= 3; break; case 4: if (tolen < 2) return -ENAMETOOLONG; memcpy(p, ""./"", 2); p += 2; tolen -= 2; break; case 5: comp_len = udf_get_filename(sb, pc->componentIdent, pc->lengthComponentIdent, p, tolen); p += comp_len; tolen -= comp_len; if (tolen == 0) return -ENAMETOOLONG; *p++ = '/'; tolen--; break; } elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; } if (p > to + 1) p[-1] = '\0'; else p[0] = '\0'; return 0; }",visit repo url,fs/udf/symlink.c,https://github.com/torvalds/linux,88750739293088,1 3140,CWE-264,"AP_DECLARE(int) ap_process_request_internal(request_rec *r) { int file_req = (r->main && r->filename); int access_status; core_dir_config *d; if (!r->proxyreq && r->parsed_uri.path) { d = ap_get_core_module_config(r->per_dir_config); if (d->allow_encoded_slashes) { access_status = ap_unescape_url_keep2f(r->parsed_uri.path, d->decode_encoded_slashes); } else { access_status = ap_unescape_url(r->parsed_uri.path); } if (access_status) { if (access_status == HTTP_NOT_FOUND) { if (! d->allow_encoded_slashes) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00026) ""found %%2f (encoded '/') in URI "" ""(decoded='%s'), returning 404"", r->parsed_uri.path); } } return access_status; } } ap_getparents(r->uri); if (!file_req) { if ((access_status = ap_location_walk(r))) { return access_status; } if ((access_status = ap_if_walk(r))) { return access_status; } if (!r->connection->log) { d = ap_get_core_module_config(r->per_dir_config); if (d->log) r->log = d->log; } if ((access_status = ap_run_translate_name(r))) { return decl_die(access_status, ""translate"", r); } } r->per_dir_config = r->server->lookup_defaults; if ((access_status = ap_run_map_to_storage(r))) { return access_status; } if ((access_status = ap_location_walk(r))) { return access_status; } if ((access_status = ap_if_walk(r))) { return access_status; } if (!r->connection->log) { d = ap_get_core_module_config(r->per_dir_config); if (d->log) r->log = d->log; } if ((access_status = ap_run_post_perdir_config(r))) { return access_status; } if (r->main == NULL) { if ((access_status = ap_run_header_parser(r))) { return access_status; } } if (r->prev && (r->prev->per_dir_config == r->per_dir_config)) { r->user = r->prev->user; r->ap_auth_type = r->prev->ap_auth_type; } else if (r->main && (r->main->per_dir_config == r->per_dir_config)) { r->user = r->main->user; r->ap_auth_type = r->main->ap_auth_type; } else { switch (ap_satisfies(r)) { case SATISFY_ALL: case SATISFY_NOSPEC: if ((access_status = ap_run_access_checker(r)) != OK) { return decl_die(access_status, ""check access (with Satisfy All)"", r); } access_status = ap_run_access_checker_ex(r); if (access_status == OK) { ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, ""request authorized without authentication by "" ""access_checker_ex hook: %s"", r->uri); } else if (access_status != DECLINED) { return decl_die(access_status, ""check access"", r); } else { if ((access_status = ap_run_check_user_id(r)) != OK) { return decl_die(access_status, ""check user"", r); } if (r->user == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00027) ""No authentication done but request not "" ""allowed without authentication for %s. "" ""Authentication not configured?"", r->uri); access_status = HTTP_INTERNAL_SERVER_ERROR; return decl_die(access_status, ""check user"", r); } if ((access_status = ap_run_auth_checker(r)) != OK) { return decl_die(access_status, ""check authorization"", r); } } break; case SATISFY_ANY: if ((access_status = ap_run_access_checker(r)) == OK) { ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, ""request authorized without authentication by "" ""access_checker hook and 'Satisfy any': %s"", r->uri); break; } access_status = ap_run_access_checker_ex(r); if (access_status == OK) { ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, ""request authorized without authentication by "" ""access_checker_ex hook: %s"", r->uri); } else if (access_status != DECLINED) { return decl_die(access_status, ""check access"", r); } else { if ((access_status = ap_run_check_user_id(r)) != OK) { return decl_die(access_status, ""check user"", r); } if (r->user == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00028) ""No authentication done but request not "" ""allowed without authentication for %s. "" ""Authentication not configured?"", r->uri); access_status = HTTP_INTERNAL_SERVER_ERROR; return decl_die(access_status, ""check user"", r); } if ((access_status = ap_run_auth_checker(r)) != OK) { return decl_die(access_status, ""check authorization"", r); } } break; } } if ((access_status = ap_run_type_checker(r)) != OK) { return decl_die(access_status, ""find types"", r); } if ((access_status = ap_run_fixups(r)) != OK) { ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, ""fixups hook gave %d: %s"", access_status, r->uri); return access_status; } return OK; }",visit repo url,server/request.c,https://github.com/apache/httpd,24930308598192,1 5625,CWE-125,"ast_for_funcdef_impl(struct compiling *c, const node *n, asdl_seq *decorator_seq, int is_async) { identifier name; arguments_ty args; asdl_seq *body; expr_ty returns = NULL; int name_i = 1; node *tc; string type_comment = NULL; if (is_async && c->c_feature_version < 5) { ast_error(c, n, ""Async functions are only supported in Python 3.5 and greater""); return NULL; } REQ(n, funcdef); name = NEW_IDENTIFIER(CHILD(n, name_i)); if (!name) return NULL; if (forbidden_name(c, name, CHILD(n, name_i), 0)) return NULL; args = ast_for_arguments(c, CHILD(n, name_i + 1)); if (!args) return NULL; if (TYPE(CHILD(n, name_i+2)) == RARROW) { returns = ast_for_expr(c, CHILD(n, name_i + 3)); if (!returns) return NULL; name_i += 2; } if (TYPE(CHILD(n, name_i + 3)) == TYPE_COMMENT) { type_comment = NEW_TYPE_COMMENT(CHILD(n, name_i + 3)); name_i += 1; } body = ast_for_suite(c, CHILD(n, name_i + 3)); if (!body) return NULL; if (!type_comment && NCH(CHILD(n, name_i + 3)) > 1) { tc = CHILD(CHILD(n, name_i + 3), 1); if (TYPE(tc) == TYPE_COMMENT) type_comment = NEW_TYPE_COMMENT(tc); } if (is_async) return AsyncFunctionDef(name, args, body, decorator_seq, returns, type_comment, LINENO(n), n->n_col_offset, c->c_arena); else return FunctionDef(name, args, body, decorator_seq, returns, type_comment, LINENO(n), n->n_col_offset, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,227965930282776,1 192,[],"static struct atalk_iface *atif_add_device(struct net_device *dev, struct atalk_addr *sa) { struct atalk_iface *iface = kmalloc(sizeof(*iface), GFP_KERNEL); if (!iface) goto out; dev_hold(dev); iface->dev = dev; dev->atalk_ptr = iface; iface->address = *sa; iface->status = 0; write_lock_bh(&atalk_interfaces_lock); iface->next = atalk_interfaces; atalk_interfaces = iface; write_unlock_bh(&atalk_interfaces_lock); out: return iface; }",history,,,232616700645074839858321458467538006180,0 6062,['CWE-200'],"static void *if6_seq_next(struct seq_file *seq, void *v, loff_t *pos) { struct inet6_ifaddr *ifa; ifa = if6_get_next(seq, v); ++*pos; return ifa; }",linux-2.6,,,327687196053239620625086580072251756802,0 716,[],"static int jpc_com_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_com_t *com = &ms->parms.com; cstate = 0; if (jpc_getuint16(in, &com->regid)) { return -1; } com->len = ms->len - 2; if (com->len > 0) { if (!(com->data = jas_malloc(com->len))) { return -1; } if (jas_stream_read(in, com->data, com->len) != JAS_CAST(int, com->len)) { return -1; } } else { com->data = 0; } return 0; }",jasper,,,43814042187149557523272957639748573728,0 4970,CWE-125,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 2823,CWE-125,"static UINT serial_process_irp_create(SERIAL_DEVICE* serial, IRP* irp) { DWORD DesiredAccess; DWORD SharedAccess; DWORD CreateDisposition; UINT32 PathLength; if (Stream_GetRemainingLength(irp->input) < 32) return ERROR_INVALID_DATA; Stream_Read_UINT32(irp->input, DesiredAccess); Stream_Seek_UINT64(irp->input); Stream_Seek_UINT32(irp->input); Stream_Read_UINT32(irp->input, SharedAccess); Stream_Read_UINT32(irp->input, CreateDisposition); Stream_Seek_UINT32(irp->input); Stream_Read_UINT32(irp->input, PathLength); if (Stream_GetRemainingLength(irp->input) < PathLength) return ERROR_INVALID_DATA; Stream_Seek(irp->input, PathLength); assert(PathLength == 0); #ifndef _WIN32 WLog_Print(serial->log, WLOG_DEBUG, ""DesiredAccess: 0x%"" PRIX32 "", SharedAccess: 0x%"" PRIX32 "", CreateDisposition: 0x%"" PRIX32 """", DesiredAccess, SharedAccess, CreateDisposition); DesiredAccess = GENERIC_READ | GENERIC_WRITE; SharedAccess = 0; CreateDisposition = OPEN_EXISTING; #endif serial->hComm = CreateFile(serial->device.name, DesiredAccess, SharedAccess, NULL, CreateDisposition, 0, NULL); if (!serial->hComm || (serial->hComm == INVALID_HANDLE_VALUE)) { WLog_Print(serial->log, WLOG_WARN, ""CreateFile failure: %s last-error: 0x%08"" PRIX32 """", serial->device.name, GetLastError()); irp->IoStatus = STATUS_UNSUCCESSFUL; goto error_handle; } _comm_setServerSerialDriver(serial->hComm, serial->ServerSerialDriverId); _comm_set_permissive(serial->hComm, serial->permissive); assert(irp->FileId == 0); irp->FileId = irp->devman->id_sequence++; irp->IoStatus = STATUS_SUCCESS; WLog_Print(serial->log, WLOG_DEBUG, ""%s (DeviceId: %"" PRIu32 "", FileId: %"" PRIu32 "") created."", serial->device.name, irp->device->id, irp->FileId); error_handle: Stream_Write_UINT32(irp->output, irp->FileId); Stream_Write_UINT8(irp->output, 0); return CHANNEL_RC_OK; }",visit repo url,channels/serial/client/serial_main.c,https://github.com/FreeRDP/FreeRDP,138875670430001,1 2038,['CWE-269'],"static int do_move_mount(struct nameidata *nd, char *old_name) { struct nameidata old_nd, parent_nd; struct vfsmount *p; int err = 0; if (!capable(CAP_SYS_ADMIN)) return -EPERM; if (!old_name || !*old_name) return -EINVAL; err = path_lookup(old_name, LOOKUP_FOLLOW, &old_nd); if (err) return err; down_write(&namespace_sem); while (d_mountpoint(nd->dentry) && follow_down(&nd->mnt, &nd->dentry)) ; err = -EINVAL; if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt)) goto out; err = -ENOENT; mutex_lock(&nd->dentry->d_inode->i_mutex); if (IS_DEADDIR(nd->dentry->d_inode)) goto out1; if (!IS_ROOT(nd->dentry) && d_unhashed(nd->dentry)) goto out1; err = -EINVAL; if (old_nd.dentry != old_nd.mnt->mnt_root) goto out1; if (old_nd.mnt == old_nd.mnt->mnt_parent) goto out1; if (S_ISDIR(nd->dentry->d_inode->i_mode) != S_ISDIR(old_nd.dentry->d_inode->i_mode)) goto out1; if (old_nd.mnt->mnt_parent && IS_MNT_SHARED(old_nd.mnt->mnt_parent)) goto out1; if (IS_MNT_SHARED(nd->mnt) && tree_contains_unbindable(old_nd.mnt)) goto out1; err = -ELOOP; for (p = nd->mnt; p->mnt_parent != p; p = p->mnt_parent) if (p == old_nd.mnt) goto out1; if ((err = attach_recursive_mnt(old_nd.mnt, nd, &parent_nd))) goto out1; spin_lock(&vfsmount_lock); list_del_init(&old_nd.mnt->mnt_expire); spin_unlock(&vfsmount_lock); out1: mutex_unlock(&nd->dentry->d_inode->i_mutex); out: up_write(&namespace_sem); if (!err) path_release(&parent_nd); path_release(&old_nd); return err; }",linux-2.6,,,160554477402575082158999894305090297301,0 851,['CWE-119'],"isdn_timer_ctrl(int tf, int onoff) { unsigned long flags; int old_tflags; spin_lock_irqsave(&dev->timerlock, flags); if ((tf & ISDN_TIMER_SLOW) && (!(dev->tflags & ISDN_TIMER_SLOW))) { isdn_timer_cnt1 = 0; isdn_timer_cnt2 = 0; } old_tflags = dev->tflags; if (onoff) dev->tflags |= tf; else dev->tflags &= ~tf; if (dev->tflags && !old_tflags) mod_timer(&dev->timer, jiffies+ISDN_TIMER_RES); spin_unlock_irqrestore(&dev->timerlock, flags); }",linux-2.6,,,186629727315989476870825361230704838631,0 543,CWE-189,"SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops, unsigned, nsops, const struct timespec __user *, timeout) { int error = -EINVAL; struct sem_array *sma; struct sembuf fast_sops[SEMOPM_FAST]; struct sembuf* sops = fast_sops, *sop; struct sem_undo *un; int undos = 0, alter = 0, max; struct sem_queue queue; unsigned long jiffies_left = 0; struct ipc_namespace *ns; struct list_head tasks; ns = current->nsproxy->ipc_ns; if (nsops < 1 || semid < 0) return -EINVAL; if (nsops > ns->sc_semopm) return -E2BIG; if(nsops > SEMOPM_FAST) { sops = kmalloc(sizeof(*sops)*nsops,GFP_KERNEL); if(sops==NULL) return -ENOMEM; } if (copy_from_user (sops, tsops, nsops * sizeof(*tsops))) { error=-EFAULT; goto out_free; } if (timeout) { struct timespec _timeout; if (copy_from_user(&_timeout, timeout, sizeof(*timeout))) { error = -EFAULT; goto out_free; } if (_timeout.tv_sec < 0 || _timeout.tv_nsec < 0 || _timeout.tv_nsec >= 1000000000L) { error = -EINVAL; goto out_free; } jiffies_left = timespec_to_jiffies(&_timeout); } max = 0; for (sop = sops; sop < sops + nsops; sop++) { if (sop->sem_num >= max) max = sop->sem_num; if (sop->sem_flg & SEM_UNDO) undos = 1; if (sop->sem_op != 0) alter = 1; } if (undos) { un = find_alloc_undo(ns, semid); if (IS_ERR(un)) { error = PTR_ERR(un); goto out_free; } } else un = NULL; INIT_LIST_HEAD(&tasks); rcu_read_lock(); sma = sem_obtain_object_check(ns, semid); if (IS_ERR(sma)) { if (un) rcu_read_unlock(); error = PTR_ERR(sma); goto out_free; } error = -EFBIG; if (max >= sma->sem_nsems) { rcu_read_unlock(); goto out_wakeup; } error = -EACCES; if (ipcperms(ns, &sma->sem_perm, alter ? S_IWUGO : S_IRUGO)) { rcu_read_unlock(); goto out_wakeup; } error = security_sem_semop(sma, sops, nsops, alter); if (error) { rcu_read_unlock(); goto out_wakeup; } error = -EIDRM; ipc_lock_object(&sma->sem_perm); if (un) { if (un->semid == -1) { rcu_read_unlock(); goto out_unlock_free; } else { rcu_read_unlock(); } } error = try_atomic_semop (sma, sops, nsops, un, task_tgid_vnr(current)); if (error <= 0) { if (alter && error == 0) do_smart_update(sma, sops, nsops, 1, &tasks); goto out_unlock_free; } queue.sops = sops; queue.nsops = nsops; queue.undo = un; queue.pid = task_tgid_vnr(current); queue.alter = alter; if (nsops == 1) { struct sem *curr; curr = &sma->sem_base[sops->sem_num]; if (alter) list_add_tail(&queue.list, &curr->sem_pending); else list_add(&queue.list, &curr->sem_pending); } else { if (alter) list_add_tail(&queue.list, &sma->sem_pending); else list_add(&queue.list, &sma->sem_pending); sma->complex_count++; } queue.status = -EINTR; queue.sleeper = current; sleep_again: current->state = TASK_INTERRUPTIBLE; sem_unlock(sma); if (timeout) jiffies_left = schedule_timeout(jiffies_left); else schedule(); error = get_queue_result(&queue); if (error != -EINTR) { smp_mb(); goto out_free; } sma = sem_obtain_lock(ns, semid); error = get_queue_result(&queue); if (IS_ERR(sma)) { goto out_free; } if (error != -EINTR) { goto out_unlock_free; } if (timeout && jiffies_left == 0) error = -EAGAIN; if (error == -EINTR && !signal_pending(current)) goto sleep_again; unlink_queue(sma, &queue); out_unlock_free: sem_unlock(sma); out_wakeup: wake_up_sem_queue_do(&tasks); out_free: if(sops != fast_sops) kfree(sops); return error; }",visit repo url,ipc/sem.c,https://github.com/torvalds/linux,14808852144980,1 6529,['CWE-200'],"static gboolean nma_menu_clear (NMApplet *applet) { g_return_val_if_fail (applet != NULL, FALSE); if (applet->menu) gtk_widget_destroy (applet->menu); applet->menu = nma_menu_create (applet); return FALSE; }",network-manager-applet,,,251539801464815051202958680663973209586,0 5360,['CWE-476'],"static int kvm_vm_ioctl_reinject(struct kvm *kvm, struct kvm_reinject_control *control) { if (!kvm->arch.vpit) return -ENXIO; kvm->arch.vpit->pit_state.pit_timer.reinject = control->pit_reinject; return 0; }",linux-2.6,,,227380992054478851054068729633267657860,0 3456,CWE-200,"static void save_text_if_changed(const char *name, const char *new_value) { if (!g_hash_table_lookup(g_loaded_texts, name)) return; const char *old_value = g_cd ? problem_data_get_content_or_NULL(g_cd, name) : """"; if (!old_value) old_value = """"; if (strcmp(new_value, old_value) != 0) { struct dump_dir *dd = wizard_open_directory_for_writing(g_dump_dir_name); if (dd) dd_save_text(dd, name, new_value); dd_close(dd); problem_data_reload_from_dump_dir(); update_gui_state_from_problem_data( 0); } }",visit repo url,src/gui-wizard-gtk/wizard.c,https://github.com/abrt/libreport,79885895246234,1 6760,['CWE-310'],"get_one_private_key (NMConnection *connection, const char *setting_name, const char *tag, const char *password, gboolean include_password, GHashTable *secrets, GError **error) { NMSettingConnection *s_con; GByteArray *array = NULL; const char *filename = NULL; const char *secret_name; const char *real_password_secret_name = NULL; gboolean success = FALSE; gboolean add_password = FALSE; g_return_val_if_fail (connection != NULL, FALSE); g_return_val_if_fail (tag != NULL, FALSE); g_return_val_if_fail (password != NULL, FALSE); g_return_val_if_fail (error != NULL, FALSE); g_return_val_if_fail (*error == NULL, FALSE); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); if (!strcmp (tag, NMA_PRIVATE_KEY_PASSWORD_TAG)) { filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_PRIVATE_KEY_TAG); secret_name = NM_SETTING_802_1X_PRIVATE_KEY; real_password_secret_name = NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD; } else if (!strcmp (tag, NMA_PHASE2_PRIVATE_KEY_PASSWORD_TAG)) { filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_PHASE2_PRIVATE_KEY_TAG); secret_name = NM_SETTING_802_1X_PHASE2_PRIVATE_KEY; real_password_secret_name = NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD; } else { g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_SECRETS_UNAVAILABLE, ""%s.%d - %s/%s Unknown private key password type '%s'."", __FILE__, __LINE__, nm_setting_connection_get_id (s_con), setting_name, tag); return FALSE; } if (filename) { NMSetting8021x *setting; const GByteArray *tmp = NULL; NMSetting8021xCKType ck_type = NM_SETTING_802_1X_CK_TYPE_UNKNOWN; setting = (NMSetting8021x *) nm_setting_802_1x_new (); if (nm_setting_802_1x_set_private_key_from_file (setting, filename, password, &ck_type, error)) { if (ck_type == NM_SETTING_802_1X_CK_TYPE_PKCS12) add_password = TRUE; tmp = nm_setting_802_1x_get_private_key (setting); g_assert (tmp); array = g_byte_array_sized_new (tmp->len); g_byte_array_append (array, tmp->data, tmp->len); } g_object_unref (setting); } if (*error) { goto out; } else if (!array || !array->len) { g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_SECRETS_UNAVAILABLE, ""%s.%d - %s/%s couldn't read private key."", __FILE__, __LINE__, nm_setting_connection_get_id (s_con), setting_name); goto out; } g_hash_table_insert (secrets, g_strdup (secret_name), byte_array_to_gvalue (array)); if (include_password || add_password) g_hash_table_insert (secrets, g_strdup (real_password_secret_name), string_to_gvalue (password)); success = TRUE; out: if (array) { memset (array->data, 0, array->len); g_byte_array_free (array, TRUE); } return success; }",network-manager-applet,,,54063984960666132081167816727925900134,0 3896,['CWE-399'],"static void chip_thread_wake(unsigned long data) { struct CHIPSTATE *chip = (struct CHIPSTATE*)data; wake_up_process(chip->thread); }",linux-2.6,,,87005177452447566824628175826815365028,0 1149,CWE-189,"SYSCALL_DEFINE4(osf_wait4, pid_t, pid, int __user *, ustatus, int, options, struct rusage32 __user *, ur) { struct rusage r; long ret, err; mm_segment_t old_fs; if (!ur) return sys_wait4(pid, ustatus, options, NULL); old_fs = get_fs(); set_fs (KERNEL_DS); ret = sys_wait4(pid, ustatus, options, (struct rusage __user *) &r); set_fs (old_fs); if (!access_ok(VERIFY_WRITE, ur, sizeof(*ur))) return -EFAULT; err = 0; err |= __put_user(r.ru_utime.tv_sec, &ur->ru_utime.tv_sec); err |= __put_user(r.ru_utime.tv_usec, &ur->ru_utime.tv_usec); err |= __put_user(r.ru_stime.tv_sec, &ur->ru_stime.tv_sec); err |= __put_user(r.ru_stime.tv_usec, &ur->ru_stime.tv_usec); err |= __put_user(r.ru_maxrss, &ur->ru_maxrss); err |= __put_user(r.ru_ixrss, &ur->ru_ixrss); err |= __put_user(r.ru_idrss, &ur->ru_idrss); err |= __put_user(r.ru_isrss, &ur->ru_isrss); err |= __put_user(r.ru_minflt, &ur->ru_minflt); err |= __put_user(r.ru_majflt, &ur->ru_majflt); err |= __put_user(r.ru_nswap, &ur->ru_nswap); err |= __put_user(r.ru_inblock, &ur->ru_inblock); err |= __put_user(r.ru_oublock, &ur->ru_oublock); err |= __put_user(r.ru_msgsnd, &ur->ru_msgsnd); err |= __put_user(r.ru_msgrcv, &ur->ru_msgrcv); err |= __put_user(r.ru_nsignals, &ur->ru_nsignals); err |= __put_user(r.ru_nvcsw, &ur->ru_nvcsw); err |= __put_user(r.ru_nivcsw, &ur->ru_nivcsw); return err ? err : ret; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,83783111808735,1 4899,CWE-401,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { #define MaxPixelChannels 32 #define ThrowTIFFException(severity,message) \ { \ if (pixel_info != (MemoryInfo *) NULL) \ pixel_info=RelinquishVirtualMemory(pixel_info); \ if (quantum_info != (QuantumInfo *) NULL) \ quantum_info=DestroyQuantumInfo(quantum_info); \ TIFFClose(tiff); \ ThrowReaderException(severity,message); \ } const char *option; float *chromaticity, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status; MagickBooleanType more_frames; MagickStatusType status; MemoryInfo *pixel_info = (MemoryInfo *) NULL; QuantumInfo *quantum_info; QuantumType quantum_type; ssize_t i; size_t number_pixels; ssize_t y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag, bits_per_sample, endian, extra_samples, interlace, max_sample_value, min_sample_value, orientation, pages, photometric, *sample_info, sample_format, samples_per_pixel, units, value; uint32 height, rows_per_strip, width; unsigned char *pixels; void *sans[4] = { NULL, NULL, NULL, NULL }; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } if (exception->severity > ErrorException) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t)TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } more_frames=MagickTrue; do { photometric=PHOTOMETRIC_RGB; if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value,sans) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (((sample_format != SAMPLEFORMAT_IEEEFP) || (bits_per_sample != 64)) && ((bits_per_sample <= 0) || (bits_per_sample > 32))) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""UnsupportedBitsPerPixel""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point""); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black""); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white""); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette""); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB""); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB""); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)""); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV""); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK""); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated""); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR""); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown""); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"")); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb""); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb""); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) image->colorspace=GRAYColorspace; if (photometric == PHOTOMETRIC_SEPARATED) image->colorspace=CMYKColorspace; if (photometric == PHOTOMETRIC_CIELAB) image->colorspace=LabColorspace; if ((photometric == PHOTOMETRIC_YCBCR) && (compress_tag != COMPRESSION_JPEG)) image->colorspace=YCbCrColorspace; status=TIFFGetProfiles(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=TIFFGetProperties(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } option=GetImageOption(image_info,""tiff:exif-properties""); if ((option == (const char *) NULL) || (IsMagickTrue(option) != MagickFalse)) (void) TIFFGetEXIFProperties(tiff,image); option=GetImageOption(image_info,""tiff:gps-properties""); if ((option == (const char *) NULL) || (IsMagickTrue(option) != MagickFalse)) (void) TIFFGetGPSProperties(tiff,image); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution,sans) == 1)) { image->x_resolution=x_resolution; image->y_resolution=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units,sans,sans) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1)) { image->page.x=CastDoubleToLong(ceil(x_position* image->x_resolution-0.5)); image->page.y=CastDoubleToLong(ceil(y_position* image->y_resolution-0.5)); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MaxTextExtent]; int tiff_status; uint16 horizontal, vertical; tiff_status=TIFFGetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,&horizontal, &vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MaxTextExtent,""%dx%d"", horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; #if defined(COMPRESSION_WEBP) case COMPRESSION_WEBP: image->compression=WebPCompression; break; #endif #if defined(COMPRESSION_ZSTD) case COMPRESSION_ZSTD: image->compression=ZstdCompression; break; #endif default: image->compression=RLECompression; break; } quantum_info=(QuantumInfo *) NULL; if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages,sans) == 1) image->scene=value; if (image->storage_class == PseudoClass) { int tiff_status; size_t range; uint16 *blue_colormap, *green_colormap, *red_colormap; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=SetImageColorspace(image,image->colorspace); status&=ResetImagePixels(image,exception); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } extra_samples=0; tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info,sans); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified""); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->matte=MagickTrue; } else for (i=0; i < extra_samples; i++) { image->matte=MagickTrue; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated""); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""unassociated""); } } } if (image->matte != MagickFalse) (void) SetImageAlphaChannel(image,OpaqueAlphaChannel); if (samples_per_pixel > MaxPixelChannels) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""MaximumChannelsExceeded""); } method=ReadGenericMethod; rows_per_strip=(uint32) image->rows; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char value[MaxTextExtent]; (void) FormatLocaleString(value,MaxTextExtent,""%u"",(unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",value); method=ReadStripMethod; if (rows_per_strip > (uint32) image->rows) rows_per_strip=(uint32) image->rows; } if (TIFFIsTiled(tiff) != MagickFalse) { uint32 columns, rows; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); if ((AcquireMagickResource(WidthResource,columns) == MagickFalse) || (AcquireMagickResource(HeightResource,rows) == MagickFalse)) ThrowTIFFException(ImageError,""WidthOrHeightExceedsLimit""); method=ReadTileMethod; } if ((photometric == PHOTOMETRIC_LOGLUV) || (compress_tag == COMPRESSION_CCITTFAX3)) method=ReadGenericMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); quantum_info->endian=LSBEndian; if (TIFFScanlineSize(tiff) <= 0) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (((MagickSizeType) TIFFScanlineSize(tiff)) > (2.53*GetBlobSize(image))) ThrowTIFFException(CorruptImageError,""InsufficientImageDataInFile""); number_pixels=MagickMax(TIFFScanlineSize(tiff),MagickMax((ssize_t) image->columns*samples_per_pixel*pow(2.0,ceil(log(bits_per_sample)/ log(2.0))),image->columns*rows_per_strip)); pixel_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); (void) ResetMagickMemory(pixels,0,number_pixels*sizeof(uint32)); quantum_type=GrayQuantum; if (image->storage_class == PseudoClass) quantum_type=IndexQuantum; if (interlace != PLANARCONFIG_SEPARATE) { size_t pad; pad=(size_t) MagickMax((ssize_t) samples_per_pixel-1,0); if (image->matte != MagickFalse) { if (image->storage_class == PseudoClass) quantum_type=IndexAlphaQuantum; else quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; } if ((samples_per_pixel > 2) && (interlace != PLANARCONFIG_SEPARATE)) { quantum_type=RGBQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-3,0); if (image->matte != MagickFalse) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); } if (image->colorspace == CMYKColorspace) { quantum_type=CMYKQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); if (image->matte != MagickFalse) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); } } switch (method) { case ReadYCCKMethod: { for (y=0; y < (ssize_t) image->rows; y++) { int status; IndexPacket *indexes; PixelPacket *magick_restrict q; ssize_t x; unsigned char *p; status=TIFFReadPixels(tiff,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; indexes=GetAuthenticIndexQueue(image); p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456))); SetPixelMagenta(q,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984))); SetPixelYellow(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816))); SetPixelBlack(indexes+x,ScaleCharToQuantum((unsigned char)*(p+3))); q++; p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { unsigned char *p; size_t extent; ssize_t stride, strip_id; tsize_t strip_size; unsigned char *strip_pixels; extent=2*TIFFStripSize(tiff); #if defined(TIFF_VERSION_BIG) extent+=image->columns*sizeof(uint64); #else extent+=image->columns*sizeof(uint32); #endif strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*strip_pixels)); if (strip_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); stride=TIFFVStripSize(tiff,1); strip_id=0; p=strip_pixels; for (i=0; i < (ssize_t) samples_per_pixel; i++) { size_t rows_remaining; switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } rows_remaining=0; for (y=0; y < (ssize_t) image->rows; y++) { PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; if (rows_remaining == 0) { strip_size=TIFFReadEncodedStrip(tiff,strip_id,strip_pixels, TIFFStripSize(tiff)); if (strip_size == -1) break; rows_remaining=rows_per_strip; if ((y+rows_per_strip) > (ssize_t) image->rows) rows_remaining=(rows_per_strip-(y+rows_per_strip- image->rows)); p=strip_pixels; strip_id++; } (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=stride; rows_remaining--; if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } strip_pixels=(unsigned char *) RelinquishMagickMemory(strip_pixels); break; } case ReadTileMethod: { unsigned char *p; size_t extent; uint32 columns, rows; unsigned char *tile_pixels; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); extent=TIFFTileSize(tiff); #if defined(TIFF_VERSION_BIG) extent+=columns*sizeof(uint64); #else extent+=columns*sizeof(uint32); #endif tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*tile_pixels)); if (tile_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(tile_pixels,0,extent*sizeof(*tile_pixels)); for (i=0; i < (ssize_t) samples_per_pixel; i++) { switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } for (y=0; y < (ssize_t) image->rows; y+=rows) { ssize_t x; size_t rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t columns_remaining, row; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; if (TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y,0,i) == 0) break; p=tile_pixels; for (row=0; row < rows_remaining; row++) { PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,x,y+row,columns_remaining,1, exception); if (q == (PixelPacket *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=TIFFTileRowSize(tiff); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) i, samples_per_pixel); if (status == MagickFalse) break; } } tile_pixels=(unsigned char *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *generic_info = (MemoryInfo *) NULL; uint32 *p; uint32 *pixels; if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=(MagickSizeType) image->columns*image->rows; #if defined(TIFF_VERSION_BIG) number_pixels+=image->columns*sizeof(uint64); #else number_pixels+=image->columns*sizeof(uint32); #endif generic_info=AcquireVirtualMemory(number_pixels,sizeof(*pixels)); if (generic_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(uint32 *) GetVirtualMemoryBlob(generic_info); (void) TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32) image->rows,(uint32 *) pixels,0); p=pixels+(image->columns*image->rows)-1; for (y=0; y < (ssize_t) image->rows; y++) { ssize_t x; PixelPacket *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; q+=image->columns-1; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(q,ScaleCharToQuantum((unsigned char) TIFFGetR(*p))); SetPixelGreen(q,ScaleCharToQuantum((unsigned char) TIFFGetG(*p))); SetPixelBlue(q,ScaleCharToQuantum((unsigned char) TIFFGetB(*p))); if (image->matte == MagickFalse) SetPixelOpacity(q,OpaqueOpacity); else SetPixelAlpha(q,ScaleCharToQuantum((unsigned char) TIFFGetA(*p))); p--; q--; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } generic_info=RelinquishVirtualMemory(generic_info); break; } } pixel_info=RelinquishVirtualMemory(pixel_info); SetQuantumImageType(image,quantum_type); next_tiff_frame: if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; more_frames=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (more_frames != MagickFalse) { AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { status=MagickFalse; break; } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while ((status != MagickFalse) && (more_frames != MagickFalse)); TIFFClose(tiff); if ((image_info->number_scenes != 0) && (image_info->scene >= GetImageListLength(image))) status=MagickFalse; if (status == MagickFalse) return(DestroyImageList(image)); TIFFReadPhotoshopLayers(image_info,image,exception); return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick6,207793200220399,1 2224,NVD-CWE-noinfo,"static void nfs_set_open_stateid(struct nfs4_state *state, nfs4_stateid *stateid, int open_flags) { write_seqlock(&state->seqlock); nfs_set_open_stateid_locked(state, stateid, open_flags); write_sequnlock(&state->seqlock); }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,257024964421214,1 313,[],"static int rw_long(unsigned int fd, unsigned int cmd, unsigned long arg) { mm_segment_t old_fs = get_fs(); u32 __user *argptr = compat_ptr(arg); int err; unsigned long val; if(get_user(val, argptr)) return -EFAULT; set_fs (KERNEL_DS); err = sys_ioctl(fd, cmd, (unsigned long)&val); set_fs (old_fs); if (!err && put_user(val, argptr)) return -EFAULT; return err; }",linux-2.6,,,287292027480201713098789430601073080244,0 448,CWE-200,"COMPAT_SYSCALL_DEFINE5(waitid, int, which, compat_pid_t, pid, struct compat_siginfo __user *, infop, int, options, struct compat_rusage __user *, uru) { struct rusage ru; struct waitid_info info = {.status = 0}; long err = kernel_waitid(which, pid, &info, options, uru ? &ru : NULL); int signo = 0; if (err > 0) { signo = SIGCHLD; err = 0; } if (!err && uru) { if (COMPAT_USE_64BIT_TIME) err = copy_to_user(uru, &ru, sizeof(ru)); else err = put_compat_rusage(&ru, uru); if (err) return -EFAULT; } if (!infop) return err; user_access_begin(); unsafe_put_user(signo, &infop->si_signo, Efault); unsafe_put_user(0, &infop->si_errno, Efault); unsafe_put_user(info.cause, &infop->si_code, Efault); unsafe_put_user(info.pid, &infop->si_pid, Efault); unsafe_put_user(info.uid, &infop->si_uid, Efault); unsafe_put_user(info.status, &infop->si_status, Efault); user_access_end(); return err; Efault: user_access_end(); return -EFAULT; }",visit repo url,kernel/exit.c,https://github.com/torvalds/linux,272238631641515,1 6215,['CWE-200'],"static struct neighbour *neigh_get_next(struct seq_file *seq, struct neighbour *n, loff_t *pos) { struct neigh_seq_state *state = seq->private; struct neigh_table *tbl = state->tbl; if (state->neigh_sub_iter) { void *v = state->neigh_sub_iter(state, n, pos); if (v) return n; } n = n->next; while (1) { while (n) { if (state->neigh_sub_iter) { void *v = state->neigh_sub_iter(state, n, pos); if (v) return n; goto next; } if (!(state->flags & NEIGH_SEQ_SKIP_NOARP)) break; if (n->nud_state & ~NUD_NOARP) break; next: n = n->next; } if (n) break; if (++state->bucket > tbl->hash_mask) break; n = tbl->hash_buckets[state->bucket]; } if (n && pos) --(*pos); return n; }",linux-2.6,,,144028678219835576156371550793761943893,0 3060,['CWE-189'],"int jpc_pchglist_insert(jpc_pchglist_t *pchglist, int pchgno, jpc_pchg_t *pchg) { int i; int newmaxpchgs; jpc_pchg_t **newpchgs; if (pchgno < 0) { pchgno = pchglist->numpchgs; } if (pchglist->numpchgs >= pchglist->maxpchgs) { newmaxpchgs = pchglist->maxpchgs + 128; if (!(newpchgs = jas_realloc2(pchglist->pchgs, newmaxpchgs, sizeof(jpc_pchg_t *)))) { return -1; } pchglist->maxpchgs = newmaxpchgs; pchglist->pchgs = newpchgs; } for (i = pchglist->numpchgs; i > pchgno; --i) { pchglist->pchgs[i] = pchglist->pchgs[i - 1]; } pchglist->pchgs[pchgno] = pchg; ++pchglist->numpchgs; return 0; }",jasper,,,304433595447743222665024700017883444750,0 2668,CWE-190,"static HashTable* spl_filesystem_object_get_debug_info(zval *obj, int *is_temp TSRMLS_DC) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(obj TSRMLS_CC); HashTable *rv; zval *tmp, zrv; char *pnstr, *path; int pnlen, path_len; char stmp[2]; *is_temp = 1; if (!intern->std.properties) { rebuild_object_properties(&intern->std); } ALLOC_HASHTABLE(rv); ZEND_INIT_SYMTABLE_EX(rv, zend_hash_num_elements(intern->std.properties) + 3, 0); INIT_PZVAL(&zrv); Z_ARRVAL(zrv) = rv; zend_hash_copy(rv, intern->std.properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); pnstr = spl_gen_private_prop_name(spl_ce_SplFileInfo, ""pathName"", sizeof(""pathName"")-1, &pnlen TSRMLS_CC); path = spl_filesystem_object_get_pathname(intern, &path_len TSRMLS_CC); add_assoc_stringl_ex(&zrv, pnstr, pnlen+1, path, path_len, 1); efree(pnstr); if (intern->file_name) { pnstr = spl_gen_private_prop_name(spl_ce_SplFileInfo, ""fileName"", sizeof(""fileName"")-1, &pnlen TSRMLS_CC); spl_filesystem_object_get_path(intern, &path_len TSRMLS_CC); if (path_len && path_len < intern->file_name_len) { add_assoc_stringl_ex(&zrv, pnstr, pnlen+1, intern->file_name + path_len + 1, intern->file_name_len - (path_len + 1), 1); } else { add_assoc_stringl_ex(&zrv, pnstr, pnlen+1, intern->file_name, intern->file_name_len, 1); } efree(pnstr); } if (intern->type == SPL_FS_DIR) { #ifdef HAVE_GLOB pnstr = spl_gen_private_prop_name(spl_ce_DirectoryIterator, ""glob"", sizeof(""glob"")-1, &pnlen TSRMLS_CC); if (php_stream_is(intern->u.dir.dirp ,&php_glob_stream_ops)) { add_assoc_stringl_ex(&zrv, pnstr, pnlen+1, intern->_path, intern->_path_len, 1); } else { add_assoc_bool_ex(&zrv, pnstr, pnlen+1, 0); } efree(pnstr); #endif pnstr = spl_gen_private_prop_name(spl_ce_RecursiveDirectoryIterator, ""subPathName"", sizeof(""subPathName"")-1, &pnlen TSRMLS_CC); if (intern->u.dir.sub_path) { add_assoc_stringl_ex(&zrv, pnstr, pnlen+1, intern->u.dir.sub_path, intern->u.dir.sub_path_len, 1); } else { add_assoc_stringl_ex(&zrv, pnstr, pnlen+1, """", 0, 1); } efree(pnstr); } if (intern->type == SPL_FS_FILE) { pnstr = spl_gen_private_prop_name(spl_ce_SplFileObject, ""openMode"", sizeof(""openMode"")-1, &pnlen TSRMLS_CC); add_assoc_stringl_ex(&zrv, pnstr, pnlen+1, intern->u.file.open_mode, intern->u.file.open_mode_len, 1); efree(pnstr); stmp[1] = '\0'; stmp[0] = intern->u.file.delimiter; pnstr = spl_gen_private_prop_name(spl_ce_SplFileObject, ""delimiter"", sizeof(""delimiter"")-1, &pnlen TSRMLS_CC); add_assoc_stringl_ex(&zrv, pnstr, pnlen+1, stmp, 1, 1); efree(pnstr); stmp[0] = intern->u.file.enclosure; pnstr = spl_gen_private_prop_name(spl_ce_SplFileObject, ""enclosure"", sizeof(""enclosure"")-1, &pnlen TSRMLS_CC); add_assoc_stringl_ex(&zrv, pnstr, pnlen+1, stmp, 1, 1); efree(pnstr); } return rv; }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,135251547847459,1 2348,CWE-125,"int pure_strcmp(const char * const s1, const char * const s2) { return pure_memcmp(s1, s2, strlen(s1) + 1U); }",visit repo url,src/utils.c,https://github.com/jedisct1/pure-ftpd,23478695088268,1 5469,CWE-617,"pci_emul_cmdsts_write(struct pci_vdev *dev, int coff, uint32_t new, int bytes) { int i, rshift; uint32_t cmd, cmd2, changed, old, readonly; cmd = pci_get_cfgdata16(dev, PCIR_COMMAND); rshift = (coff & 0x3) * 8; readonly = 0xFFFFF880 >> rshift; old = CFGREAD(dev, coff, bytes); new &= ~readonly; new |= (old & readonly); CFGWRITE(dev, coff, new, bytes); cmd2 = pci_get_cfgdata16(dev, PCIR_COMMAND); changed = cmd ^ cmd2; for (i = 0; i <= PCI_BARMAX; i++) { switch (dev->bar[i].type) { case PCIBAR_NONE: case PCIBAR_MEMHI64: break; case PCIBAR_IO: if (changed & PCIM_CMD_PORTEN) { if (porten(dev)) register_bar(dev, i); else unregister_bar(dev, i); } break; case PCIBAR_MEM32: case PCIBAR_MEM64: if (changed & PCIM_CMD_MEMEN) { if (memen(dev)) register_bar(dev, i); else unregister_bar(dev, i); } break; default: assert(0); } } pci_lintr_update(dev); }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,36819965652077,1 264,CWE-20,"static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, const struct in6_addr *force_saddr) { struct net *net = dev_net(skb->dev); struct inet6_dev *idev = NULL; struct ipv6hdr *hdr = ipv6_hdr(skb); struct sock *sk; struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; struct dst_entry *dst; struct icmp6hdr tmp_hdr; struct flowi6 fl6; struct icmpv6_msg msg; struct sockcm_cookie sockc_unused = {0}; struct ipcm6_cookie ipc6; int iif = 0; int addr_type = 0; int len; int err = 0; u32 mark = IP6_REPLY_MARK(net, skb->mark); if ((u8 *)hdr < skb->head || (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb)) return; addr_type = ipv6_addr_type(&hdr->daddr); if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) || ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr)) saddr = &hdr->daddr; if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) { if (type != ICMPV6_PKT_TOOBIG && !(type == ICMPV6_PARAMPROB && code == ICMPV6_UNK_OPTION && (opt_unrec(skb, info)))) return; saddr = NULL; } addr_type = ipv6_addr_type(&hdr->saddr); if (__ipv6_addr_needs_scope_id(addr_type)) iif = skb->dev->ifindex; else iif = l3mdev_master_ifindex(skb_dst(skb)->dev); if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { net_dbg_ratelimited(""icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n"", &hdr->saddr, &hdr->daddr); return; } if (is_ineligible(skb)) { net_dbg_ratelimited(""icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n"", &hdr->saddr, &hdr->daddr); return; } mip6_addr_swap(skb); memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_proto = IPPROTO_ICMPV6; fl6.daddr = hdr->saddr; if (force_saddr) saddr = force_saddr; if (saddr) fl6.saddr = *saddr; fl6.flowi6_mark = mark; fl6.flowi6_oif = iif; fl6.fl6_icmp_type = type; fl6.fl6_icmp_code = code; security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); sk = icmpv6_xmit_lock(net); if (!sk) return; sk->sk_mark = mark; np = inet6_sk(sk); if (!icmpv6_xrlim_allow(sk, type, &fl6)) goto out; tmp_hdr.icmp6_type = type; tmp_hdr.icmp6_code = code; tmp_hdr.icmp6_cksum = 0; tmp_hdr.icmp6_pointer = htonl(info); if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) fl6.flowi6_oif = np->mcast_oif; else if (!fl6.flowi6_oif) fl6.flowi6_oif = np->ucast_oif; ipc6.tclass = np->tclass; fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel); dst = icmpv6_route_lookup(net, skb, sk, &fl6); if (IS_ERR(dst)) goto out; ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); ipc6.dontfrag = np->dontfrag; ipc6.opt = NULL; msg.skb = skb; msg.offset = skb_network_offset(skb); msg.type = type; len = skb->len - msg.offset; len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr)); if (len < 0) { net_dbg_ratelimited(""icmp: len problem [%pI6c > %pI6c]\n"", &hdr->saddr, &hdr->daddr); goto out_dst_release; } rcu_read_lock(); idev = __in6_dev_get(skb->dev); err = ip6_append_data(sk, icmpv6_getfrag, &msg, len + sizeof(struct icmp6hdr), sizeof(struct icmp6hdr), &ipc6, &fl6, (struct rt6_info *)dst, MSG_DONTWAIT, &sockc_unused); if (err) { ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); ip6_flush_pending_frames(sk); } else { err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, len + sizeof(struct icmp6hdr)); } rcu_read_unlock(); out_dst_release: dst_release(dst); out: icmpv6_xmit_unlock(sk); }",visit repo url,net/ipv6/icmp.c,https://github.com/torvalds/linux,44080147633444,1 5182,CWE-787,"TfLiteStatus Eval(TfLiteContext* context, TfLiteNode* node) { OpContext op_context(context, node); OpData* op_data = reinterpret_cast(node->user_data); const TfLiteTensor* lhs = GetInput(context, node, kInputLHSTensor); const TfLiteTensor* rhs = GetInput(context, node, kInputRHSTensor); TfLiteTensor* output = GetOutput(context, node, kOutputTensor); RuntimeShape orig_lhs_shape = GetTensorShape(lhs); RuntimeShape orig_rhs_shape = GetTensorShape(rhs); bool adj_y = op_context.params->adj_y; bool adj_x = op_context.params->adj_x; const TfLiteTensor* rhs_tensor = adj_y ? rhs : GetTempRhs(context, node, rhs); const TfLiteTensor* lhs_tensor = adj_x ? GetTempLhs(context, node, lhs) : lhs; if (!adj_y) { if (!(IsConstantTensor(rhs) && op_data->rhs_transposed)) { TransposeRowsColumns(context, rhs, GetTemporary(context, node, 1)); op_data->rhs_transposed = true; } } if (adj_x) { TransposeRowsColumns(context, lhs, GetTemporary(context, node, 0)); } RuntimeShape rhs_shape = adj_y ? orig_rhs_shape : SwapRowColumnDims(orig_rhs_shape); RuntimeShape lhs_shape = adj_x ? orig_lhs_shape : SwapRowColumnDims(orig_lhs_shape); switch (rhs->type) { case kTfLiteFloat32: if (kernel_type == kGenericOptimized) { optimized_ops::BatchMatMul(rhs_shape, GetTensorData(rhs_tensor), lhs_shape, GetTensorData(lhs_tensor), GetTensorShape(output), GetTensorData(output), CpuBackendContext::GetFromContext(context)); } else { reference_ops::BatchMatMul(rhs_shape, GetTensorData(rhs_tensor), lhs_shape, GetTensorData(lhs_tensor), GetTensorShape(output), GetTensorData(output)); } break; case kTfLiteInt8: EvalQuantized(context, node, op_data, lhs_shape, lhs_tensor, rhs_shape, rhs_tensor, output); break; default: TF_LITE_KERNEL_LOG(context, ""Currently BatchMatMul doesn't support type: %s"", TfLiteTypeGetName(lhs->type)); return kTfLiteError; } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/batch_matmul.cc,https://github.com/tensorflow/tensorflow,230532498156380,1 487,CWE-416,"static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; struct xfrm_dump_info info; BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) > sizeof(cb->args) - sizeof(cb->args[0])); info.in_skb = cb->skb; info.out_skb = skb; info.nlmsg_seq = cb->nlh->nlmsg_seq; info.nlmsg_flags = NLM_F_MULTI; if (!cb->args[0]) { cb->args[0] = 1; xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); } (void) xfrm_policy_walk(net, walk, dump_one_policy, &info); return skb->len; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/torvalds/linux,223585983922471,1 997,['CWE-94'],"static void spd_release_page(struct splice_pipe_desc *spd, unsigned int i) { page_cache_release(spd->pages[i]); }",linux-2.6,,,236118113908065000446042075825860408767,0 3751,CWE-125,"int yr_re_exec( uint8_t* re_code, uint8_t* input_data, size_t input_size, int flags, RE_MATCH_CALLBACK_FUNC callback, void* callback_args) { uint8_t* ip; uint8_t* input; uint8_t mask; uint8_t value; RE_FIBER_LIST fibers; RE_THREAD_STORAGE* storage; RE_FIBER* fiber; RE_FIBER* next_fiber; int error; int bytes_matched; int max_bytes_matched; int match; int character_size; int input_incr; int kill; int action; int result = -1; #define ACTION_NONE 0 #define ACTION_CONTINUE 1 #define ACTION_KILL 2 #define ACTION_KILL_TAIL 3 #define prolog if (bytes_matched >= max_bytes_matched) \ { \ action = ACTION_KILL; \ break; \ } #define fail_if_error(e) switch (e) { \ case ERROR_INSUFFICIENT_MEMORY: \ return -2; \ case ERROR_TOO_MANY_RE_FIBERS: \ return -4; \ } if (_yr_re_alloc_storage(&storage) != ERROR_SUCCESS) return -2; if (flags & RE_FLAGS_WIDE) character_size = 2; else character_size = 1; input = input_data; input_incr = character_size; if (flags & RE_FLAGS_BACKWARDS) { input -= character_size; input_incr = -input_incr; } max_bytes_matched = (int) yr_min(input_size, RE_SCAN_LIMIT); max_bytes_matched = max_bytes_matched - max_bytes_matched % character_size; bytes_matched = 0; error = _yr_re_fiber_create(&storage->fiber_pool, &fiber); fail_if_error(error); fiber->ip = re_code; fibers.head = fiber; fibers.tail = fiber; error = _yr_re_fiber_sync(&fibers, &storage->fiber_pool, fiber); fail_if_error(error); while (fibers.head != NULL) { fiber = fibers.head; while(fiber != NULL) { ip = fiber->ip; action = ACTION_NONE; switch(*ip) { case RE_OPCODE_ANY: prolog; match = (flags & RE_FLAGS_DOT_ALL) || (*input != 0x0A); action = match ? ACTION_NONE : ACTION_KILL; fiber->ip += 1; break; case RE_OPCODE_REPEAT_ANY_GREEDY: case RE_OPCODE_REPEAT_ANY_UNGREEDY: prolog; match = (flags & RE_FLAGS_DOT_ALL) || (*input != 0x0A); action = match ? ACTION_NONE : ACTION_KILL; break; case RE_OPCODE_LITERAL: prolog; if (flags & RE_FLAGS_NO_CASE) match = yr_lowercase[*input] == yr_lowercase[*(ip + 1)]; else match = (*input == *(ip + 1)); action = match ? ACTION_NONE : ACTION_KILL; fiber->ip += 2; break; case RE_OPCODE_MASKED_LITERAL: prolog; value = *(int16_t*)(ip + 1) & 0xFF; mask = *(int16_t*)(ip + 1) >> 8; match = ((*input & mask) == value); action = match ? ACTION_NONE : ACTION_KILL; fiber->ip += 3; break; case RE_OPCODE_CLASS: prolog; match = CHAR_IN_CLASS(*input, ip + 1); if (!match && (flags & RE_FLAGS_NO_CASE)) match = CHAR_IN_CLASS(yr_altercase[*input], ip + 1); action = match ? ACTION_NONE : ACTION_KILL; fiber->ip += 33; break; case RE_OPCODE_WORD_CHAR: prolog; match = IS_WORD_CHAR(*input); action = match ? ACTION_NONE : ACTION_KILL; fiber->ip += 1; break; case RE_OPCODE_NON_WORD_CHAR: prolog; match = !IS_WORD_CHAR(*input); action = match ? ACTION_NONE : ACTION_KILL; fiber->ip += 1; break; case RE_OPCODE_SPACE: case RE_OPCODE_NON_SPACE: prolog; switch(*input) { case ' ': case '\t': case '\r': case '\n': case '\v': case '\f': match = TRUE; break; default: match = FALSE; } if (*ip == RE_OPCODE_NON_SPACE) match = !match; action = match ? ACTION_NONE : ACTION_KILL; fiber->ip += 1; break; case RE_OPCODE_DIGIT: prolog; match = isdigit(*input); action = match ? ACTION_NONE : ACTION_KILL; fiber->ip += 1; break; case RE_OPCODE_NON_DIGIT: prolog; match = !isdigit(*input); action = match ? ACTION_NONE : ACTION_KILL; fiber->ip += 1; break; case RE_OPCODE_WORD_BOUNDARY: case RE_OPCODE_NON_WORD_BOUNDARY: if (bytes_matched == 0 && !(flags & RE_FLAGS_NOT_AT_START) && !(flags & RE_FLAGS_BACKWARDS)) match = TRUE; else if (bytes_matched >= max_bytes_matched) match = TRUE; else if (IS_WORD_CHAR(*(input - input_incr)) != IS_WORD_CHAR(*input)) match = TRUE; else match = FALSE; if (*ip == RE_OPCODE_NON_WORD_BOUNDARY) match = !match; action = match ? ACTION_CONTINUE : ACTION_KILL; fiber->ip += 1; break; case RE_OPCODE_MATCH_AT_START: if (flags & RE_FLAGS_BACKWARDS) kill = input_size > (size_t) bytes_matched; else kill = (flags & RE_FLAGS_NOT_AT_START) || (bytes_matched != 0); action = kill ? ACTION_KILL : ACTION_CONTINUE; fiber->ip += 1; break; case RE_OPCODE_MATCH_AT_END: kill = flags & RE_FLAGS_BACKWARDS || input_size > (size_t) bytes_matched; action = kill ? ACTION_KILL : ACTION_CONTINUE; fiber->ip += 1; break; case RE_OPCODE_MATCH: result = bytes_matched; if (flags & RE_FLAGS_EXHAUSTIVE) { if (callback != NULL) { int cb_result; if (flags & RE_FLAGS_BACKWARDS) cb_result = callback( input + character_size, bytes_matched, flags, callback_args); else cb_result = callback( input_data, bytes_matched, flags, callback_args); switch(cb_result) { case ERROR_INSUFFICIENT_MEMORY: return -2; case ERROR_TOO_MANY_MATCHES: return -3; default: if (cb_result != ERROR_SUCCESS) return -4; } } action = ACTION_KILL; } else { action = ACTION_KILL_TAIL; } break; default: assert(FALSE); } switch(action) { case ACTION_KILL: fiber = _yr_re_fiber_kill(&fibers, &storage->fiber_pool, fiber); break; case ACTION_KILL_TAIL: _yr_re_fiber_kill_tail(&fibers, &storage->fiber_pool, fiber); fiber = NULL; break; case ACTION_CONTINUE: error = _yr_re_fiber_sync(&fibers, &storage->fiber_pool, fiber); fail_if_error(error); break; default: next_fiber = fiber->next; error = _yr_re_fiber_sync(&fibers, &storage->fiber_pool, fiber); fail_if_error(error); fiber = next_fiber; } } if (flags & RE_FLAGS_WIDE && bytes_matched < max_bytes_matched && *(input + 1) != 0) { _yr_re_fiber_kill_all(&fibers, &storage->fiber_pool); } input += input_incr; bytes_matched += character_size; if (flags & RE_FLAGS_SCAN && bytes_matched < max_bytes_matched) { error = _yr_re_fiber_create(&storage->fiber_pool, &fiber); fail_if_error(error); fiber->ip = re_code; _yr_re_fiber_append(&fibers, fiber); error = _yr_re_fiber_sync(&fibers, &storage->fiber_pool, fiber); fail_if_error(error); } } return result; }",visit repo url,libyara/re.c,https://github.com/VirusTotal/yara,55863477501706,1 5240,['CWE-264'],"static struct pai_val *fload_inherited_info(files_struct *fsp) { char *pai_buf; size_t pai_buf_size = 1024; struct pai_val *paiv = NULL; ssize_t ret; if (!lp_map_acl_inherit(SNUM(fsp->conn))) return NULL; if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) return NULL; do { if (fsp->fh->fd != -1) ret = SMB_VFS_FGETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME, pai_buf, pai_buf_size); else ret = SMB_VFS_GETXATTR(fsp->conn,fsp->fsp_name,SAMBA_POSIX_INHERITANCE_EA_NAME, pai_buf, pai_buf_size); if (ret == -1) { if (errno != ERANGE) { break; } pai_buf_size *= 2; SAFE_FREE(pai_buf); if (pai_buf_size > 1024*1024) { return NULL; } if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) return NULL; } } while (ret == -1); DEBUG(10,(""load_inherited_info: ret = %lu for file %s\n"", (unsigned long)ret, fsp->fsp_name)); if (ret == -1) { #if defined(ENOATTR) if (errno != ENOATTR) DEBUG(10,(""load_inherited_info: Error %s\n"", strerror(errno) )); #else if (errno != ENOSYS) DEBUG(10,(""load_inherited_info: Error %s\n"", strerror(errno) )); #endif SAFE_FREE(pai_buf); return NULL; } paiv = create_pai_val(pai_buf, ret); if (paiv && paiv->pai_protected) DEBUG(10,(""load_inherited_info: ACL is protected for file %s\n"", fsp->fsp_name)); SAFE_FREE(pai_buf); return paiv; }",samba,,,232212157934298303733873450727097052507,0 3278,['CWE-189'],"jpc_streamlist_t *jpc_streamlist_create() { jpc_streamlist_t *streamlist; int i; if (!(streamlist = jas_malloc(sizeof(jpc_streamlist_t)))) { return 0; } streamlist->numstreams = 0; streamlist->maxstreams = 100; if (!(streamlist->streams = jas_alloc2(streamlist->maxstreams, sizeof(jas_stream_t *)))) { jas_free(streamlist); return 0; } for (i = 0; i < streamlist->maxstreams; ++i) { streamlist->streams[i] = 0; } return streamlist; }",jasper,,,245312022768324587137779939215958297725,0 4985,CWE-125,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 2357,['CWE-200'],"snd_seq_oss_synth_ioctl(struct seq_oss_devinfo *dp, int dev, unsigned int cmd, unsigned long addr) { struct seq_oss_synth *rec; int rc; if (is_midi_dev(dp, dev)) return -ENXIO; if ((rec = get_synthdev(dp, dev)) == NULL) return -ENXIO; if (rec->oper.ioctl == NULL) rc = -ENXIO; else rc = rec->oper.ioctl(&dp->synths[dev].arg, cmd, addr); snd_use_lock_free(&rec->use_lock); return rc; }",linux-2.6,,,236381865343932292925720102385589672927,0 4519,CWE-189,"static void lsr_read_extend_class(GF_LASeRCodec *lsr, char **out_data, u32 *out_len, const char *name) { u32 len; GF_LSR_READ_INT(lsr, len, lsr->info->cfg.extensionIDBits, ""reserved""); len = lsr_read_vluimsbf5(lsr, ""len""); gf_bs_read_long_int(lsr->bs, len); if (out_data) *out_data = NULL; if (out_len) *out_len = 0; }",visit repo url,src/laser/lsr_dec.c,https://github.com/gpac/gpac,198836567766247,1 6024,['CWE-200'],"static void addrconf_dev_config(struct net_device *dev) { struct in6_addr addr; struct inet6_dev * idev; ASSERT_RTNL(); if ((dev->type != ARPHRD_ETHER) && (dev->type != ARPHRD_FDDI) && (dev->type != ARPHRD_IEEE802_TR) && (dev->type != ARPHRD_ARCNET) && (dev->type != ARPHRD_INFINIBAND)) { return; } idev = addrconf_add_dev(dev); if (idev == NULL) return; memset(&addr, 0, sizeof(struct in6_addr)); addr.s6_addr32[0] = htonl(0xFE800000); if (ipv6_generate_eui64(addr.s6_addr + 8, dev) == 0) addrconf_add_linklocal(idev, &addr); }",linux-2.6,,,31115255948481892875207510759245061994,0 4176,NVD-CWE-Other,"rfbSetClientColourMapBGR233(rfbClientPtr cl) { char buf[sz_rfbSetColourMapEntriesMsg + 256 * 3 * 2]; rfbSetColourMapEntriesMsg *scme = (rfbSetColourMapEntriesMsg *)buf; uint16_t *rgb = (uint16_t *)(&buf[sz_rfbSetColourMapEntriesMsg]); int i, len; int r, g, b; if (cl->format.bitsPerPixel != 8 ) { rfbErr(""%s: client not 8 bits per pixel\n"", ""rfbSetClientColourMapBGR233""); rfbCloseClient(cl); return FALSE; } scme->type = rfbSetColourMapEntries; scme->firstColour = Swap16IfLE(0); scme->nColours = Swap16IfLE(256); len = sz_rfbSetColourMapEntriesMsg; i = 0; for (b = 0; b < 4; b++) { for (g = 0; g < 8; g++) { for (r = 0; r < 8; r++) { rgb[i++] = Swap16IfLE(r * 65535 / 7); rgb[i++] = Swap16IfLE(g * 65535 / 7); rgb[i++] = Swap16IfLE(b * 65535 / 3); } } } len += 256 * 3 * 2; if (rfbWriteExact(cl, buf, len) < 0) { rfbLogPerror(""rfbSetClientColourMapBGR233: write""); rfbCloseClient(cl); return FALSE; } return TRUE; }",visit repo url,libvncserver/translate.c,https://github.com/LibVNC/libvncserver,20008781317405,1 6524,['CWE-20'],"static int emulate_ret_far(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) { struct decode_cache *c = &ctxt->decode; int rc; unsigned long cs; rc = emulate_pop(ctxt, ops, &c->eip, c->op_bytes); if (rc) return rc; if (c->op_bytes == 4) c->eip = (u32)c->eip; rc = emulate_pop(ctxt, ops, &cs, c->op_bytes); if (rc) return rc; rc = kvm_load_segment_descriptor(ctxt->vcpu, (u16)cs, 1, VCPU_SREG_CS); return rc; }",kvm,,,102155890555911103529487360605788746598,0 19,NVD-CWE-Other,"krb5_gss_process_context_token(minor_status, context_handle, token_buffer) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t token_buffer; { krb5_gss_ctx_id_rec *ctx; OM_uint32 majerr; ctx = (krb5_gss_ctx_id_t) context_handle; if (! ctx->established) { *minor_status = KG_CTX_INCOMPLETE; return(GSS_S_NO_CONTEXT); } if (GSS_ERROR(majerr = kg_unseal(minor_status, context_handle, token_buffer, GSS_C_NO_BUFFER, NULL, NULL, KG_TOK_DEL_CTX))) return(majerr); return(krb5_gss_delete_sec_context(minor_status, &context_handle, GSS_C_NO_BUFFER)); }",visit repo url,src/lib/gssapi/krb5/process_context_token.c,https://github.com/krb5/krb5,269229718500620,1 1999,CWE-276,"static inline void tss_invalidate_io_bitmap(struct tss_struct *tss) { tss->x86_tss.io_bitmap_base = IO_BITMAP_OFFSET_INVALID; }",visit repo url,arch/x86/kernel/process.c,https://github.com/torvalds/linux,86331261011584,1 6031,['CWE-200'],"static __inline__ int cbq_dump_ovl(struct sk_buff *skb, struct cbq_class *cl) { unsigned char *b = skb->tail; struct tc_cbq_ovl opt; opt.strategy = cl->ovl_strategy; opt.priority2 = cl->priority2+1; opt.pad = 0; opt.penalty = (cl->penalty*1000)/HZ; RTA_PUT(skb, TCA_CBQ_OVL_STRATEGY, sizeof(opt), &opt); return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,67048206411645035205275033172414633225,0 6473,CWE-362,"static void _clean_slate_datagram(gnrc_sixlowpan_frag_fb_t *fbuf) { clist_node_t new_queue = { .next = NULL }; fbuf->sfr.arq_timeout_event.msg.content.ptr = NULL; evtimer_del((evtimer_t *)(&_arq_timer), &fbuf->sfr.arq_timeout_event.event); fbuf->sfr.arq_timeout_event.event.next = NULL; if (gnrc_sixlowpan_frag_sfr_congure_snd_has_inter_frame_gap()) { for (clist_node_t *node = clist_lpop(&_frame_queue); node != NULL; node = clist_lpop(&_frame_queue)) { _frame_queue_t *entry = (_frame_queue_t *)node; if (entry->datagram_tag == fbuf->tag) { gnrc_pktbuf_release(entry->frame); entry->frame = NULL; clist_rpush(&_frag_descs_free, node); } else { clist_rpush(&new_queue, node); } } _frame_queue = new_queue; } fbuf->offset = 0U; fbuf->sfr.cur_seq = 0U; fbuf->sfr.frags_sent = 0U; for (clist_node_t *node = clist_lpop(&fbuf->sfr.window); node != NULL; node = clist_lpop(&fbuf->sfr.window)) { clist_rpush(&_frag_descs_free, node); } }",visit repo url,sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c,https://github.com/RIOT-OS/RIOT,163312587560777,1 5902,['CWE-909'],"void qdisc_class_hash_destroy(struct Qdisc_class_hash *clhash) { qdisc_class_hash_free(clhash->hash, clhash->hashsize); }",linux-2.6,,,97135059029197582721888885588463808516,0 4434,['CWE-264'],"void sk_release_kernel(struct sock *sk) { if (sk == NULL || sk->sk_socket == NULL) return; sock_hold(sk); sock_release(sk->sk_socket); release_net(sock_net(sk)); sock_net_set(sk, get_net(&init_net)); sock_put(sk); }",linux-2.6,,,176193711653204628843269061762192448380,0 1929,['CWE-20'],"void unmap_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen, int even_cows) { struct zap_details details; pgoff_t hba = holebegin >> PAGE_SHIFT; pgoff_t hlen = (holelen + PAGE_SIZE - 1) >> PAGE_SHIFT; if (sizeof(holelen) > sizeof(hlen)) { long long holeend = (holebegin + holelen + PAGE_SIZE - 1) >> PAGE_SHIFT; if (holeend & ~(long long)ULONG_MAX) hlen = ULONG_MAX - hba + 1; } details.check_mapping = even_cows? NULL: mapping; details.nonlinear_vma = NULL; details.first_index = hba; details.last_index = hba + hlen - 1; if (details.last_index < details.first_index) details.last_index = ULONG_MAX; details.i_mmap_lock = &mapping->i_mmap_lock; spin_lock(&mapping->i_mmap_lock); mapping->truncate_count++; if (unlikely(is_restart_addr(mapping->truncate_count))) { if (mapping->truncate_count == 0) reset_vma_truncate_counts(mapping); mapping->truncate_count++; } details.truncate_count = mapping->truncate_count; if (unlikely(!prio_tree_empty(&mapping->i_mmap))) unmap_mapping_range_tree(&mapping->i_mmap, &details); if (unlikely(!list_empty(&mapping->i_mmap_nonlinear))) unmap_mapping_range_list(&mapping->i_mmap_nonlinear, &details); spin_unlock(&mapping->i_mmap_lock); }",linux-2.6,,,176691745683349269275708405927513932116,0 1795,NVD-CWE-Other,"static void *bpf_any_get(void *raw, enum bpf_type type) { switch (type) { case BPF_TYPE_PROG: atomic_inc(&((struct bpf_prog *)raw)->aux->refcnt); break; case BPF_TYPE_MAP: bpf_map_inc(raw, true); break; default: WARN_ON_ONCE(1); break; } return raw; }",visit repo url,kernel/bpf/inode.c,https://github.com/torvalds/linux,140461540050300,1 6595,['CWE-200'],"add_connection_cb (PolKitAction *action, gboolean gained_privilege, GError *error, gpointer user_data) { ConnectionAddInfo *info = (ConnectionAddInfo *) user_data; GtkWindow *parent = nm_connection_editor_get_window (info->editor); gboolean done = TRUE; if (gained_privilege) { add_connection (info->list, info->editor, info->connection, info->callback, info->user_data); done = FALSE; } else if (error) { error_dialog (parent, _(""Could not obtain required privileges""), ""%s"", error->message); g_error_free (error); } else { error_dialog (parent, _(""Could not add connection""), ""%s"", _(""The connection could not be added due to an unknown error."")); } if (done && info->callback) info->callback (NULL, FALSE, info->user_data); g_object_unref (info->connection); g_slice_free (ConnectionAddInfo, info); }",network-manager-applet,,,202436891858364222444894400906682226027,0 3790,CWE-416,"ga_add_string(garray_T *gap, char_u *p) { char_u *cp = vim_strsave(p); if (cp == NULL) return FAIL; if (ga_grow(gap, 1) == FAIL) { vim_free(cp); return FAIL; } ((char_u **)(gap->ga_data))[gap->ga_len++] = cp; return OK; }",visit repo url,src/alloc.c,https://github.com/vim/vim,84044449530519,1 3081,CWE-310,"int ssl3_get_key_exchange(SSL *s) { #ifndef OPENSSL_NO_RSA unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; #endif EVP_MD_CTX md_ctx; unsigned char *param,*p; int al,j,ok; long i,param_len,n,alg_k,alg_a; EVP_PKEY *pkey=NULL; const EVP_MD *md = NULL; #ifndef OPENSSL_NO_RSA RSA *rsa=NULL; #endif #ifndef OPENSSL_NO_DH DH *dh=NULL; #endif #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh = NULL; BN_CTX *bn_ctx = NULL; EC_POINT *srvr_ecpoint = NULL; int curve_nid = 0; int encoded_pt_len = 0; #endif n=s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok); if (!ok) return((int)n); if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { #ifndef OPENSSL_NO_PSK if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { s->session->sess_cert=ssl_sess_cert_new(); if (s->ctx->psk_identity_hint) OPENSSL_free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = NULL; } #endif s->s3->tmp.reuse_message=1; return(1); } param=p=(unsigned char *)s->init_msg; if (s->session->sess_cert != NULL) { #ifndef OPENSSL_NO_RSA if (s->session->sess_cert->peer_rsa_tmp != NULL) { RSA_free(s->session->sess_cert->peer_rsa_tmp); s->session->sess_cert->peer_rsa_tmp=NULL; } #endif #ifndef OPENSSL_NO_DH if (s->session->sess_cert->peer_dh_tmp) { DH_free(s->session->sess_cert->peer_dh_tmp); s->session->sess_cert->peer_dh_tmp=NULL; } #endif #ifndef OPENSSL_NO_ECDH if (s->session->sess_cert->peer_ecdh_tmp) { EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); s->session->sess_cert->peer_ecdh_tmp=NULL; } #endif } else { s->session->sess_cert=ssl_sess_cert_new(); } param_len=0; alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; EVP_MD_CTX_init(&md_ctx); al=SSL_AD_DECODE_ERROR; #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1]; param_len = 2; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } n2s(p,i); if (i > PSK_MAX_IDENTITY_LEN) { al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); goto f_err; } param_len += i; memcpy(tmp_id_hint, p, i); memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i); if (s->ctx->psk_identity_hint != NULL) OPENSSL_free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); if (s->ctx->psk_identity_hint == NULL) { al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; } p+=i; n-=param_len; } else #endif #ifndef OPENSSL_NO_SRP if (alg_k & SSL_kSRP) { param_len = 2; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } n2s(p,i); if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH); goto f_err; } param_len += i; if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } p+=i; if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } param_len += 2; n2s(p,i); if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH); goto f_err; } param_len += i; if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } p+=i; if (1 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } param_len += 1; i = (unsigned int)(p[0]); p++; if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH); goto f_err; } param_len += i; if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } p+=i; if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } param_len += 2; n2s(p,i); if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH); goto f_err; } param_len += i; if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } p+=i; n-=param_len; if (!srp_verify_server_param(s, &al)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS); goto f_err; } #ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); #else if (0) ; #endif #ifndef OPENSSL_NO_DSA else if (alg_a & SSL_aDSS) pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); #endif } else #endif #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { if ((rsa=RSA_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); goto err; } param_len = 2; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } n2s(p,i); if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); goto f_err; } param_len += i; if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } p+=i; if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } param_len += 2; n2s(p,i); if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); goto f_err; } param_len += i; if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } p+=i; n-=param_len; if (alg_a & SSL_aRSA) pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); else { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; } s->session->sess_cert->peer_rsa_tmp=rsa; rsa=NULL; } #else if (0) ; #endif #ifndef OPENSSL_NO_DH else if (alg_k & SSL_kDHE) { if ((dh=DH_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); goto err; } param_len = 2; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } n2s(p,i); if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); goto f_err; } param_len += i; if (!(dh->p=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } p+=i; if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } param_len += 2; n2s(p,i); if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); goto f_err; } param_len += i; if (!(dh->g=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } p+=i; if (2 > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } param_len += 2; n2s(p,i); if (i > n - param_len) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); goto f_err; } param_len += i; if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); goto err; } p+=i; n-=param_len; if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_DH_KEY_TOO_SMALL); goto f_err; } #ifndef OPENSSL_NO_RSA if (alg_a & SSL_aRSA) pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); #else if (0) ; #endif #ifndef OPENSSL_NO_DSA else if (alg_a & SSL_aDSS) pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); #endif s->session->sess_cert->peer_dh_tmp=dh; dh=NULL; } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); goto f_err; } #endif #ifndef OPENSSL_NO_ECDH else if (alg_k & SSL_kECDHE) { EC_GROUP *ngroup; const EC_GROUP *group; if ((ecdh=EC_KEY_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); goto err; } param_len=4; if (param_len > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } if (!tls1_check_curve(s, p, 3)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_CURVE); goto f_err; } if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); goto f_err; } ngroup = EC_GROUP_new_by_curve_name(curve_nid); if (ngroup == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); goto err; } if (EC_KEY_set_group(ecdh, ngroup) == 0) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB); goto err; } EC_GROUP_free(ngroup); group = EC_KEY_get0_group(ecdh); if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && (EC_GROUP_get_degree(group) > 163)) { al=SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); goto f_err; } p+=3; if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || ((bn_ctx = BN_CTX_new()) == NULL)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); goto err; } encoded_pt_len = *p; p+=1; if ((encoded_pt_len > n - param_len) || (EC_POINT_oct2point(group, srvr_ecpoint, p, encoded_pt_len, bn_ctx) == 0)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); goto f_err; } param_len += encoded_pt_len; n-=param_len; p+=encoded_pt_len; if (0) ; #ifndef OPENSSL_NO_RSA else if (alg_a & SSL_aRSA) pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); #endif #ifndef OPENSSL_NO_ECDSA else if (alg_a & SSL_aECDSA) pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); #endif EC_KEY_set_public_key(ecdh, srvr_ecpoint); s->session->sess_cert->peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; } else if (alg_k) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } #endif if (pkey != NULL) { if (SSL_USE_SIGALGS(s)) { int rv; if (2 > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } rv = tls12_check_peer_sigalg(&md, s, p, pkey); if (rv == -1) goto err; else if (rv == 0) { goto f_err; } #ifdef SSL_DEBUG fprintf(stderr, ""USING TLSv1.2 HASH %s\n"", EVP_MD_name(md)); #endif p += 2; n -= 2; } else md = EVP_sha1(); if (2 > n) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT); goto f_err; } n2s(p,i); n-=2; j=EVP_PKEY_size(pkey); if ((i != n) || (n > j) || (n <= 0)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { int num; unsigned int size; j=0; q=md_buf; for (num=2; num > 0; num--) { EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(&md_ctx,(num == 2) ?s->ctx->md5:s->ctx->sha1, NULL); EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); EVP_DigestFinal_ex(&md_ctx,q,&size); q+=size; j+=size; } i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, pkey->pkey.rsa); if (i < 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); goto f_err; } if (i == 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); goto f_err; } } else #endif { EVP_VerifyInit_ex(&md_ctx, md, NULL); EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); goto f_err; } } } else { if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK)) { if (ssl3_check_cert_and_algorithm(s)) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; } if (n != 0) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); goto f_err; } } EVP_PKEY_free(pkey); EVP_MD_CTX_cleanup(&md_ctx); return(1); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: EVP_PKEY_free(pkey); #ifndef OPENSSL_NO_RSA if (rsa != NULL) RSA_free(rsa); #endif #ifndef OPENSSL_NO_DH if (dh != NULL) DH_free(dh); #endif #ifndef OPENSSL_NO_ECDH BN_CTX_free(bn_ctx); EC_POINT_free(srvr_ecpoint); if (ecdh != NULL) EC_KEY_free(ecdh); #endif EVP_MD_CTX_cleanup(&md_ctx); return(-1); }",visit repo url,ssl/s3_clnt.c,https://github.com/openssl/openssl,112426966807984,1 6346,CWE-287,"ngx_http_auth_spnego_handler( ngx_http_request_t * r) { ngx_int_t ret = NGX_DECLINED; ngx_http_auth_spnego_ctx_t *ctx; ngx_http_auth_spnego_loc_conf_t *alcf; alcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_spnego_module); if (alcf->protect == 0) { return NGX_DECLINED; } ctx = ngx_http_get_module_ctx(r, ngx_http_auth_spnego_module); if (NULL == ctx) { ctx = ngx_palloc(r->pool, sizeof(ngx_http_auth_spnego_ctx_t)); if (NULL == ctx) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } ctx->token.len = 0; ctx->token.data = NULL; ctx->head = 0; ctx->ret = NGX_HTTP_UNAUTHORIZED; ngx_http_set_ctx(r, ctx, ngx_http_auth_spnego_module); } spnego_debug3(""SSO auth handling IN: token.len=%d, head=%d, ret=%d"", ctx->token.len, ctx->head, ctx->ret); if (ctx->token.len && ctx->head) { spnego_debug1(""Found token and head, returning %d"", ctx->ret); return ctx->ret; } if (NULL != r->headers_in.user.data) { spnego_debug0(""User header set""); return NGX_OK; } spnego_debug0(""Begin auth""); if (alcf->allow_basic) { spnego_debug0(""Detect basic auth""); ret = ngx_http_auth_basic_user(r); if (NGX_OK == ret) { spnego_debug0(""Basic auth credentials supplied by client""); if (NGX_DECLINED == ngx_http_auth_spnego_basic(r, ctx, alcf)) { spnego_debug0(""Basic auth failed""); if (NGX_ERROR == ngx_http_auth_spnego_headers_basic_only(r, ctx, alcf)) { spnego_debug0(""Error setting headers""); return (ctx->ret = NGX_HTTP_INTERNAL_SERVER_ERROR); } return (ctx->ret = NGX_HTTP_UNAUTHORIZED); } if (!ngx_spnego_authorized_principal(r, &r->headers_in.user, alcf)) { spnego_debug0(""User not authorized""); return (ctx->ret = NGX_HTTP_FORBIDDEN); } spnego_debug0(""Basic auth succeeded""); return (ctx->ret = NGX_OK); } } spnego_debug0(""Detect SPNEGO token""); ret = ngx_http_auth_spnego_token(r, ctx); if (NGX_OK == ret) { spnego_debug0(""Client sent a reasonable Negotiate header""); ret = ngx_http_auth_spnego_auth_user_gss(r, ctx, alcf); if (NGX_ERROR == ret) { spnego_debug0(""GSSAPI failed""); return (ctx->ret = NGX_HTTP_INTERNAL_SERVER_ERROR); } if (NGX_DECLINED == ret) { spnego_debug0(""GSSAPI failed""); if(!alcf->allow_basic) { return (ctx->ret = NGX_HTTP_FORBIDDEN); } if (NGX_ERROR == ngx_http_auth_spnego_headers_basic_only(r, ctx, alcf)) { spnego_debug0(""Error setting headers""); return (ctx->ret = NGX_HTTP_INTERNAL_SERVER_ERROR); } return (ctx->ret = NGX_HTTP_UNAUTHORIZED); } if (!ngx_spnego_authorized_principal(r, &r->headers_in.user, alcf)) { spnego_debug0(""User not authorized""); return (ctx->ret = NGX_HTTP_FORBIDDEN); } spnego_debug0(""GSSAPI auth succeeded""); } ngx_str_t *token_out_b64 = NULL; switch(ret) { case NGX_DECLINED: ctx->ret = NGX_HTTP_UNAUTHORIZED; break; case NGX_OK: ctx->ret = NGX_OK; token_out_b64 = &ctx->token_out_b64; break; case NGX_ERROR: default: ctx->ret = NGX_HTTP_INTERNAL_SERVER_ERROR; break; } if (NGX_ERROR == ngx_http_auth_spnego_headers(r, ctx, token_out_b64, alcf)) { spnego_debug0(""Error setting headers""); ctx->ret = NGX_HTTP_INTERNAL_SERVER_ERROR; } spnego_debug3(""SSO auth handling OUT: token.len=%d, head=%d, ret=%d"", ctx->token.len, ctx->head, ctx->ret); return ctx->ret; }",visit repo url,ngx_http_auth_spnego_module.c,https://github.com/stnoonan/spnego-http-auth-nginx-module,76588943786747,1 5676,CWE-125,"pthread_mutex_lock(pthread_mutex_t *mutex) { EnterCriticalSection(mutex); return 0; }",visit repo url,include/compat/pthread.h,https://github.com/libressl-portable/portable,171329337362042,1 4294,['CWE-264'],"struct mm_struct *get_task_mm(struct task_struct *task) { struct mm_struct *mm; task_lock(task); mm = task->mm; if (mm) { if (task->flags & PF_KTHREAD) mm = NULL; else atomic_inc(&mm->mm_users); } task_unlock(task); return mm; }",linux-2.6,,,61567027400801924612274305866997940751,0 955,CWE-19,"static inline void set_pte_at(struct mm_struct *mm, unsigned long addr, pte_t *ptep, pte_t pte) { if (pte_valid_ng(pte)) { if (!pte_special(pte) && pte_exec(pte)) __sync_icache_dcache(pte, addr); if (pte_dirty(pte) && pte_write(pte)) pte_val(pte) &= ~PTE_RDONLY; else pte_val(pte) |= PTE_RDONLY; } set_pte(ptep, pte); }",visit repo url,arch/arm64/include/asm/pgtable.h,https://github.com/torvalds/linux,19487334612749,1 5871,['CWE-200'],"static int nr_device_event(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *dev = (struct net_device *)ptr; if (!net_eq(dev_net(dev), &init_net)) return NOTIFY_DONE; if (event != NETDEV_DOWN) return NOTIFY_DONE; nr_kill_by_device(dev); nr_rt_device_down(dev); return NOTIFY_DONE; }",linux-2.6,,,9270110776915547726241742298412042257,0 6713,['CWE-310'],"free_ap_notification_data (gpointer user_data) { struct ap_notification_data *data = user_data; NMSettings *settings = applet_get_settings (data->applet); if (data->id) g_source_remove (data->id); if (settings) g_signal_handler_disconnect (settings, data->new_con_id); memset (data, 0, sizeof (*data)); g_free (data); }",network-manager-applet,,,339975316110255942970140274008082759697,0 1313,CWE-264,"rio_ioctl (struct net_device *dev, struct ifreq *rq, int cmd) { int phy_addr; struct netdev_private *np = netdev_priv(dev); struct mii_data *miidata = (struct mii_data *) &rq->ifr_ifru; struct netdev_desc *desc; int i; phy_addr = np->phy_addr; switch (cmd) { case SIOCDEVPRIVATE: break; case SIOCDEVPRIVATE + 1: miidata->out_value = mii_read (dev, phy_addr, miidata->reg_num); break; case SIOCDEVPRIVATE + 2: mii_write (dev, phy_addr, miidata->reg_num, miidata->in_value); break; case SIOCDEVPRIVATE + 3: break; case SIOCDEVPRIVATE + 4: break; case SIOCDEVPRIVATE + 5: netif_stop_queue (dev); break; case SIOCDEVPRIVATE + 6: netif_wake_queue (dev); break; case SIOCDEVPRIVATE + 7: printk (""tx_full=%x cur_tx=%lx old_tx=%lx cur_rx=%lx old_rx=%lx\n"", netif_queue_stopped(dev), np->cur_tx, np->old_tx, np->cur_rx, np->old_rx); break; case SIOCDEVPRIVATE + 8: printk(""TX ring:\n""); for (i = 0; i < TX_RING_SIZE; i++) { desc = &np->tx_ring[i]; printk (""%02x:cur:%08x next:%08x status:%08x frag1:%08x frag0:%08x"", i, (u32) (np->tx_ring_dma + i * sizeof (*desc)), (u32)le64_to_cpu(desc->next_desc), (u32)le64_to_cpu(desc->status), (u32)(le64_to_cpu(desc->fraginfo) >> 32), (u32)le64_to_cpu(desc->fraginfo)); printk (""\n""); } printk (""\n""); break; default: return -EOPNOTSUPP; } return 0; }",visit repo url,drivers/net/ethernet/dlink/dl2k.c,https://github.com/torvalds/linux,195565322297173,1 3068,['CWE-189'],"int jas_stream_printf(jas_stream_t *stream, const char *fmt, ...) { va_list ap; char buf[4096]; int ret; va_start(ap, fmt); ret = vsnprintf(buf, sizeof buf, fmt, ap); jas_stream_puts(stream, buf); va_end(ap); return ret; }",jasper,,,116169301000878845285599453776474825961,0 3923,CWE-122,"msg_puts_printf(char_u *str, int maxlen) { char_u *s = str; char_u *buf = NULL; char_u *p = s; #ifdef MSWIN if (!(silent_mode && p_verbose == 0)) mch_settmode(TMODE_COOK); #endif while ((maxlen < 0 || (int)(s - str) < maxlen) && *s != NUL) { if (!(silent_mode && p_verbose == 0)) { if (*s == NL) { int n = (int)(s - p); buf = alloc(n + 3); if (buf != NULL) { memcpy(buf, p, n); if (!info_message) buf[n++] = CAR; buf[n++] = NL; buf[n++] = NUL; if (info_message) mch_msg((char *)buf); else mch_errmsg((char *)buf); vim_free(buf); } p = s + 1; } } #ifdef FEAT_RIGHTLEFT if (cmdmsg_rl) { if (*s == CAR || *s == NL) msg_col = Columns - 1; else --msg_col; } else #endif { if (*s == CAR || *s == NL) msg_col = 0; else ++msg_col; } ++s; } if (*p != NUL && !(silent_mode && p_verbose == 0)) { char_u *tofree = NULL; if (maxlen > 0 && STRLEN(p) > (size_t)maxlen) { tofree = vim_strnsave(p, (size_t)maxlen); p = tofree; } if (p != NULL) { if (info_message) mch_msg((char *)p); else mch_errmsg((char *)p); vim_free(tofree); } } msg_didout = TRUE; #ifdef MSWIN if (!(silent_mode && p_verbose == 0)) mch_settmode(TMODE_RAW); #endif }",visit repo url,src/message.c,https://github.com/vim/vim,99927821177019,1 222,[],"static int atif_proxy_probe_device(struct atalk_iface *atif, struct atalk_addr* proxy_addr) { int netrange = ntohs(atif->nets.nr_lastnet) - ntohs(atif->nets.nr_firstnet) + 1; int probe_net = ntohs(atif->address.s_net); int probe_node = ATADDR_ANYNODE; int netct, nodect; if (probe_net == ATADDR_ANYNET) { probe_net = ntohs(atif->nets.nr_firstnet); if (netrange) probe_net += jiffies % netrange; } if (probe_node == ATADDR_ANYNODE) probe_node = jiffies & 0xFF; for (netct = 0; netct <= netrange; netct++) { proxy_addr->s_net = htons(probe_net); for (nodect = 0; nodect < 256; nodect++) { proxy_addr->s_node = (nodect + probe_node) & 0xFF; if (proxy_addr->s_node > 0 && proxy_addr->s_node < 254) { int ret = aarp_proxy_probe_network(atif, proxy_addr); if (ret != -EADDRINUSE) return ret; } } probe_net++; if (probe_net > ntohs(atif->nets.nr_lastnet)) probe_net = ntohs(atif->nets.nr_firstnet); } return -EADDRINUSE; }",history,,,257219258093388798439987136228538724525,0 5587,[],"static int check_kill_permission(int sig, struct siginfo *info, struct task_struct *t) { const struct cred *cred = current_cred(), *tcred; struct pid *sid; int error; if (!valid_signal(sig)) return -EINVAL; if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info))) return 0; error = audit_signal_info(sig, t); if (error) return error; tcred = __task_cred(t); if ((cred->euid ^ tcred->suid) && (cred->euid ^ tcred->uid) && (cred->uid ^ tcred->suid) && (cred->uid ^ tcred->uid) && !capable(CAP_KILL)) { switch (sig) { case SIGCONT: sid = task_session(t); if (!sid || sid == task_session(current)) break; default: return -EPERM; } } return security_task_kill(t, info, sig, 0); }",linux-2.6,,,14720077292234123962541160474807255208,0 1652,CWE-369,"static int kvm_vm_ioctl_set_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps) { int start = 0; u32 prev_legacy, cur_legacy; mutex_lock(&kvm->arch.vpit->pit_state.lock); prev_legacy = kvm->arch.vpit->pit_state.flags & KVM_PIT_FLAGS_HPET_LEGACY; cur_legacy = ps->flags & KVM_PIT_FLAGS_HPET_LEGACY; if (!prev_legacy && cur_legacy) start = 1; memcpy(&kvm->arch.vpit->pit_state.channels, &ps->channels, sizeof(kvm->arch.vpit->pit_state.channels)); kvm->arch.vpit->pit_state.flags = ps->flags; kvm_pit_load_count(kvm, 0, kvm->arch.vpit->pit_state.channels[0].count, start); mutex_unlock(&kvm->arch.vpit->pit_state.lock); return 0; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,263787827095534,1 5231,['CWE-264'],"static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces) { size_t i, j; for (i = 0; i < num_aces; i++) { for (j = i+1; j < num_aces; j++) { uint32 i_flags_ni = (nt_ace_list[i].flags & ~SEC_ACE_FLAG_INHERITED_ACE); uint32 j_flags_ni = (nt_ace_list[j].flags & ~SEC_ACE_FLAG_INHERITED_ACE); bool i_inh = (nt_ace_list[i].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False; bool j_inh = (nt_ace_list[j].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False; if ((nt_ace_list[i].type == nt_ace_list[j].type) && (nt_ace_list[i].size == nt_ace_list[j].size) && (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) && sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) && (i_inh == j_inh) && (i_flags_ni == 0) && (j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT| SEC_ACE_FLAG_CONTAINER_INHERIT| SEC_ACE_FLAG_INHERIT_ONLY))) { if (nt_ace_list[i].access_mask == 0) { nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT| (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0); if (num_aces - i - 1 > 0) memmove(&nt_ace_list[i], &nt_ace_list[i+1], (num_aces-i-1) * sizeof(SEC_ACE)); DEBUG(10,(""merge_default_aces: Merging zero access ACE %u onto ACE %u.\n"", (unsigned int)i, (unsigned int)j )); } else { nt_ace_list[i].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT| (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0); if (num_aces - j - 1 > 0) memmove(&nt_ace_list[j], &nt_ace_list[j+1], (num_aces-j-1) * sizeof(SEC_ACE)); DEBUG(10,(""merge_default_aces: Merging ACE %u onto ACE %u.\n"", (unsigned int)j, (unsigned int)i )); } num_aces--; break; } } } return num_aces; }",samba,,,144116041868772724427205674122085800527,0 5807,CWE-787,"ChunkedDecode(Request *reqPtr, bool update) { const Tcl_DString *bufPtr; const char *end, *chunkStart; bool success = NS_TRUE; NS_NONNULL_ASSERT(reqPtr != NULL); bufPtr = &reqPtr->buffer; end = bufPtr->string + bufPtr->length; chunkStart = bufPtr->string + reqPtr->chunkStartOff; while (reqPtr->chunkStartOff < (size_t)bufPtr->length) { char *p = strstr(chunkStart, ""\r\n""); size_t chunk_length; if (p == NULL) { Ns_Log(DriverDebug, ""ChunkedDecode: chunk did not find end-of-line""); success = NS_FALSE; break; } *p = '\0'; chunk_length = (size_t)strtol(chunkStart, NULL, 16); *p = '\r'; if (p + 2 + chunk_length > end) { Ns_Log(DriverDebug, ""ChunkedDecode: chunk length past end of buffer""); success = NS_FALSE; break; } if (update) { char *writeBuffer = bufPtr->string + reqPtr->chunkWriteOff; memmove(writeBuffer, p + 2, chunk_length); reqPtr->chunkWriteOff += chunk_length; *(writeBuffer + chunk_length) = '\0'; } reqPtr->chunkStartOff += (size_t)(p - chunkStart) + 4u + chunk_length; chunkStart = bufPtr->string + reqPtr->chunkStartOff; } return success; }",visit repo url,nsd/driver.c,https://bitbucket.org/naviserver/naviserver,229835165102118,1 1305,CWE-399,"static void free_huge_page(struct page *page) { struct hstate *h = page_hstate(page); int nid = page_to_nid(page); struct address_space *mapping; mapping = (struct address_space *) page_private(page); set_page_private(page, 0); page->mapping = NULL; BUG_ON(page_count(page)); BUG_ON(page_mapcount(page)); INIT_LIST_HEAD(&page->lru); spin_lock(&hugetlb_lock); if (h->surplus_huge_pages_node[nid] && huge_page_order(h) < MAX_ORDER) { update_and_free_page(h, page); h->surplus_huge_pages--; h->surplus_huge_pages_node[nid]--; } else { enqueue_huge_page(h, page); } spin_unlock(&hugetlb_lock); if (mapping) hugetlb_put_quota(mapping, 1); }",visit repo url,mm/hugetlb.c,https://github.com/torvalds/linux,214413102258189,1 5721,NVD-CWE-Other,"void luaV_execute (lua_State *L, CallInfo *ci) { LClosure *cl; TValue *k; StkId base; const Instruction *pc; int trap; #if LUA_USE_JUMPTABLE #include ""ljumptab.h"" #endif tailcall: trap = L->hookmask; cl = clLvalue(s2v(ci->func)); k = cl->p->k; pc = ci->u.l.savedpc; if (trap) { if (cl->p->is_vararg) trap = 0; else if (pc == cl->p->code) luaD_hookcall(L, ci); ci->u.l.trap = 1; } base = ci->func + 1; for (;;) { Instruction i; StkId ra; vmfetch(); lua_assert(base == ci->func + 1); lua_assert(base <= L->top && L->top < L->stack + L->stacksize); lua_assert(isIT(i) || (cast_void(L->top = base), 1)); vmdispatch (GET_OPCODE(i)) { vmcase(OP_MOVE) { setobjs2s(L, ra, RB(i)); vmbreak; } vmcase(OP_LOADI) { lua_Integer b = GETARG_sBx(i); setivalue(s2v(ra), b); vmbreak; } vmcase(OP_LOADF) { int b = GETARG_sBx(i); setfltvalue(s2v(ra), cast_num(b)); vmbreak; } vmcase(OP_LOADK) { TValue *rb = k + GETARG_Bx(i); setobj2s(L, ra, rb); vmbreak; } vmcase(OP_LOADKX) { TValue *rb; rb = k + GETARG_Ax(*pc); pc++; setobj2s(L, ra, rb); vmbreak; } vmcase(OP_LOADFALSE) { setbfvalue(s2v(ra)); vmbreak; } vmcase(OP_LFALSESKIP) { setbfvalue(s2v(ra)); pc++; vmbreak; } vmcase(OP_LOADTRUE) { setbtvalue(s2v(ra)); vmbreak; } vmcase(OP_LOADNIL) { int b = GETARG_B(i); do { setnilvalue(s2v(ra++)); } while (b--); vmbreak; } vmcase(OP_GETUPVAL) { int b = GETARG_B(i); setobj2s(L, ra, cl->upvals[b]->v); vmbreak; } vmcase(OP_SETUPVAL) { UpVal *uv = cl->upvals[GETARG_B(i)]; setobj(L, uv->v, s2v(ra)); luaC_barrier(L, uv, s2v(ra)); vmbreak; } vmcase(OP_GETTABUP) { const TValue *slot; TValue *upval = cl->upvals[GETARG_B(i)]->v; TValue *rc = KC(i); TString *key = tsvalue(rc); if (luaV_fastget(L, upval, key, slot, luaH_getshortstr)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, upval, rc, ra, slot)); vmbreak; } vmcase(OP_GETTABLE) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = vRC(i); lua_Unsigned n; if (ttisinteger(rc) ? (cast_void(n = ivalue(rc)), luaV_fastgeti(L, rb, n, slot)) : luaV_fastget(L, rb, rc, slot, luaH_get)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, rb, rc, ra, slot)); vmbreak; } vmcase(OP_GETI) { const TValue *slot; TValue *rb = vRB(i); int c = GETARG_C(i); if (luaV_fastgeti(L, rb, c, slot)) { setobj2s(L, ra, slot); } else { TValue key; setivalue(&key, c); Protect(luaV_finishget(L, rb, &key, ra, slot)); } vmbreak; } vmcase(OP_GETFIELD) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = KC(i); TString *key = tsvalue(rc); if (luaV_fastget(L, rb, key, slot, luaH_getshortstr)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, rb, rc, ra, slot)); vmbreak; } vmcase(OP_SETTABUP) { const TValue *slot; TValue *upval = cl->upvals[GETARG_A(i)]->v; TValue *rb = KB(i); TValue *rc = RKC(i); TString *key = tsvalue(rb); if (luaV_fastget(L, upval, key, slot, luaH_getshortstr)) { luaV_finishfastset(L, upval, slot, rc); } else Protect(luaV_finishset(L, upval, rb, rc, slot)); vmbreak; } vmcase(OP_SETTABLE) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = RKC(i); lua_Unsigned n; if (ttisinteger(rb) ? (cast_void(n = ivalue(rb)), luaV_fastgeti(L, s2v(ra), n, slot)) : luaV_fastget(L, s2v(ra), rb, slot, luaH_get)) { luaV_finishfastset(L, s2v(ra), slot, rc); } else Protect(luaV_finishset(L, s2v(ra), rb, rc, slot)); vmbreak; } vmcase(OP_SETI) { const TValue *slot; int c = GETARG_B(i); TValue *rc = RKC(i); if (luaV_fastgeti(L, s2v(ra), c, slot)) { luaV_finishfastset(L, s2v(ra), slot, rc); } else { TValue key; setivalue(&key, c); Protect(luaV_finishset(L, s2v(ra), &key, rc, slot)); } vmbreak; } vmcase(OP_SETFIELD) { const TValue *slot; TValue *rb = KB(i); TValue *rc = RKC(i); TString *key = tsvalue(rb); if (luaV_fastget(L, s2v(ra), key, slot, luaH_getshortstr)) { luaV_finishfastset(L, s2v(ra), slot, rc); } else Protect(luaV_finishset(L, s2v(ra), rb, rc, slot)); vmbreak; } vmcase(OP_NEWTABLE) { int b = GETARG_B(i); int c = GETARG_C(i); Table *t; if (b > 0) b = 1 << (b - 1); lua_assert((!TESTARG_k(i)) == (GETARG_Ax(*pc) == 0)); if (TESTARG_k(i)) c += GETARG_Ax(*pc) * (MAXARG_C + 1); pc++; L->top = ra + 1; t = luaH_new(L); sethvalue2s(L, ra, t); if (b != 0 || c != 0) luaH_resize(L, t, c, b); checkGC(L, ra + 1); vmbreak; } vmcase(OP_SELF) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = RKC(i); TString *key = tsvalue(rc); setobj2s(L, ra + 1, rb); if (luaV_fastget(L, rb, key, slot, luaH_getstr)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, rb, rc, ra, slot)); vmbreak; } vmcase(OP_ADDI) { op_arithI(L, l_addi, luai_numadd); vmbreak; } vmcase(OP_ADDK) { op_arithK(L, l_addi, luai_numadd); vmbreak; } vmcase(OP_SUBK) { op_arithK(L, l_subi, luai_numsub); vmbreak; } vmcase(OP_MULK) { op_arithK(L, l_muli, luai_nummul); vmbreak; } vmcase(OP_MODK) { op_arithK(L, luaV_mod, luaV_modf); vmbreak; } vmcase(OP_POWK) { op_arithfK(L, luai_numpow); vmbreak; } vmcase(OP_DIVK) { op_arithfK(L, luai_numdiv); vmbreak; } vmcase(OP_IDIVK) { op_arithK(L, luaV_idiv, luai_numidiv); vmbreak; } vmcase(OP_BANDK) { op_bitwiseK(L, l_band); vmbreak; } vmcase(OP_BORK) { op_bitwiseK(L, l_bor); vmbreak; } vmcase(OP_BXORK) { op_bitwiseK(L, l_bxor); vmbreak; } vmcase(OP_SHRI) { TValue *rb = vRB(i); int ic = GETARG_sC(i); lua_Integer ib; if (tointegerns(rb, &ib)) { pc++; setivalue(s2v(ra), luaV_shiftl(ib, -ic)); } vmbreak; } vmcase(OP_SHLI) { TValue *rb = vRB(i); int ic = GETARG_sC(i); lua_Integer ib; if (tointegerns(rb, &ib)) { pc++; setivalue(s2v(ra), luaV_shiftl(ic, ib)); } vmbreak; } vmcase(OP_ADD) { op_arith(L, l_addi, luai_numadd); vmbreak; } vmcase(OP_SUB) { op_arith(L, l_subi, luai_numsub); vmbreak; } vmcase(OP_MUL) { op_arith(L, l_muli, luai_nummul); vmbreak; } vmcase(OP_MOD) { op_arith(L, luaV_mod, luaV_modf); vmbreak; } vmcase(OP_POW) { op_arithf(L, luai_numpow); vmbreak; } vmcase(OP_DIV) { op_arithf(L, luai_numdiv); vmbreak; } vmcase(OP_IDIV) { op_arith(L, luaV_idiv, luai_numidiv); vmbreak; } vmcase(OP_BAND) { op_bitwise(L, l_band); vmbreak; } vmcase(OP_BOR) { op_bitwise(L, l_bor); vmbreak; } vmcase(OP_BXOR) { op_bitwise(L, l_bxor); vmbreak; } vmcase(OP_SHR) { op_bitwise(L, luaV_shiftr); vmbreak; } vmcase(OP_SHL) { op_bitwise(L, luaV_shiftl); vmbreak; } vmcase(OP_MMBIN) { Instruction pi = *(pc - 2); TValue *rb = vRB(i); TMS tm = (TMS)GETARG_C(i); StkId result = RA(pi); lua_assert(OP_ADD <= GET_OPCODE(pi) && GET_OPCODE(pi) <= OP_SHR); Protect(luaT_trybinTM(L, s2v(ra), rb, result, tm)); vmbreak; } vmcase(OP_MMBINI) { Instruction pi = *(pc - 2); int imm = GETARG_sB(i); TMS tm = (TMS)GETARG_C(i); int flip = GETARG_k(i); StkId result = RA(pi); Protect(luaT_trybiniTM(L, s2v(ra), imm, flip, result, tm)); vmbreak; } vmcase(OP_MMBINK) { Instruction pi = *(pc - 2); TValue *imm = KB(i); TMS tm = (TMS)GETARG_C(i); int flip = GETARG_k(i); StkId result = RA(pi); Protect(luaT_trybinassocTM(L, s2v(ra), imm, flip, result, tm)); vmbreak; } vmcase(OP_UNM) { TValue *rb = vRB(i); lua_Number nb; if (ttisinteger(rb)) { lua_Integer ib = ivalue(rb); setivalue(s2v(ra), intop(-, 0, ib)); } else if (tonumberns(rb, nb)) { setfltvalue(s2v(ra), luai_numunm(L, nb)); } else Protect(luaT_trybinTM(L, rb, rb, ra, TM_UNM)); vmbreak; } vmcase(OP_BNOT) { TValue *rb = vRB(i); lua_Integer ib; if (tointegerns(rb, &ib)) { setivalue(s2v(ra), intop(^, ~l_castS2U(0), ib)); } else Protect(luaT_trybinTM(L, rb, rb, ra, TM_BNOT)); vmbreak; } vmcase(OP_NOT) { TValue *rb = vRB(i); if (l_isfalse(rb)) setbtvalue(s2v(ra)); else setbfvalue(s2v(ra)); vmbreak; } vmcase(OP_LEN) { Protect(luaV_objlen(L, ra, vRB(i))); vmbreak; } vmcase(OP_CONCAT) { int n = GETARG_B(i); L->top = ra + n; ProtectNT(luaV_concat(L, n)); checkGC(L, L->top); vmbreak; } vmcase(OP_CLOSE) { Protect(luaF_close(L, ra, LUA_OK)); vmbreak; } vmcase(OP_TBC) { halfProtect(luaF_newtbcupval(L, ra)); vmbreak; } vmcase(OP_JMP) { dojump(ci, i, 0); vmbreak; } vmcase(OP_EQ) { int cond; TValue *rb = vRB(i); Protect(cond = luaV_equalobj(L, s2v(ra), rb)); docondjump(); vmbreak; } vmcase(OP_LT) { op_order(L, l_lti, LTnum, lessthanothers); vmbreak; } vmcase(OP_LE) { op_order(L, l_lei, LEnum, lessequalothers); vmbreak; } vmcase(OP_EQK) { TValue *rb = KB(i); int cond = luaV_rawequalobj(s2v(ra), rb); docondjump(); vmbreak; } vmcase(OP_EQI) { int cond; int im = GETARG_sB(i); if (ttisinteger(s2v(ra))) cond = (ivalue(s2v(ra)) == im); else if (ttisfloat(s2v(ra))) cond = luai_numeq(fltvalue(s2v(ra)), cast_num(im)); else cond = 0; docondjump(); vmbreak; } vmcase(OP_LTI) { op_orderI(L, l_lti, luai_numlt, 0, TM_LT); vmbreak; } vmcase(OP_LEI) { op_orderI(L, l_lei, luai_numle, 0, TM_LE); vmbreak; } vmcase(OP_GTI) { op_orderI(L, l_gti, luai_numgt, 1, TM_LT); vmbreak; } vmcase(OP_GEI) { op_orderI(L, l_gei, luai_numge, 1, TM_LE); vmbreak; } vmcase(OP_TEST) { int cond = !l_isfalse(s2v(ra)); docondjump(); vmbreak; } vmcase(OP_TESTSET) { TValue *rb = vRB(i); if (l_isfalse(rb) == GETARG_k(i)) pc++; else { setobj2s(L, ra, rb); donextjump(ci); } vmbreak; } vmcase(OP_CALL) { int b = GETARG_B(i); int nresults = GETARG_C(i) - 1; if (b != 0) L->top = ra + b; ProtectNT(luaD_call(L, ra, nresults)); vmbreak; } vmcase(OP_TAILCALL) { int b = GETARG_B(i); int nparams1 = GETARG_C(i); int delta = (nparams1) ? ci->u.l.nextraargs + nparams1 : 0; if (b != 0) L->top = ra + b; else b = cast_int(L->top - ra); savepc(ci); if (TESTARG_k(i)) { luaF_close(L, base, NOCLOSINGMETH); lua_assert(base == ci->func + 1); } while (!ttisfunction(s2v(ra))) { luaD_tryfuncTM(L, ra); b++; checkstackGCp(L, 1, ra); } if (!ttisLclosure(s2v(ra))) { luaD_call(L, ra, LUA_MULTRET); updatetrap(ci); updatestack(ci); ci->func -= delta; luaD_poscall(L, ci, cast_int(L->top - ra)); return; } ci->func -= delta; luaD_pretailcall(L, ci, ra, b); goto tailcall; } vmcase(OP_RETURN) { int n = GETARG_B(i) - 1; int nparams1 = GETARG_C(i); if (n < 0) n = cast_int(L->top - ra); savepc(ci); if (TESTARG_k(i)) { if (L->top < ci->top) L->top = ci->top; luaF_close(L, base, LUA_OK); updatetrap(ci); updatestack(ci); } if (nparams1) ci->func -= ci->u.l.nextraargs + nparams1; L->top = ra + n; luaD_poscall(L, ci, n); return; } vmcase(OP_RETURN0) { if (L->hookmask) { L->top = ra; halfProtectNT(luaD_poscall(L, ci, 0)); } else { int nres = ci->nresults; L->ci = ci->previous; L->top = base - 1; while (nres-- > 0) setnilvalue(s2v(L->top++)); } return; } vmcase(OP_RETURN1) { if (L->hookmask) { L->top = ra + 1; halfProtectNT(luaD_poscall(L, ci, 1)); } else { int nres = ci->nresults; L->ci = ci->previous; if (nres == 0) L->top = base - 1; else { setobjs2s(L, base - 1, ra); L->top = base; while (--nres > 0) setnilvalue(s2v(L->top++)); } } return; } vmcase(OP_FORLOOP) { if (ttisinteger(s2v(ra + 2))) { lua_Unsigned count = l_castS2U(ivalue(s2v(ra + 1))); if (count > 0) { lua_Integer step = ivalue(s2v(ra + 2)); lua_Integer idx = ivalue(s2v(ra)); chgivalue(s2v(ra + 1), count - 1); idx = intop(+, idx, step); chgivalue(s2v(ra), idx); setivalue(s2v(ra + 3), idx); pc -= GETARG_Bx(i); } } else if (floatforloop(ra)) pc -= GETARG_Bx(i); updatetrap(ci); vmbreak; } vmcase(OP_FORPREP) { savestate(L, ci); if (forprep(L, ra)) pc += GETARG_Bx(i) + 1; vmbreak; } vmcase(OP_TFORPREP) { halfProtect(luaF_newtbcupval(L, ra + 3)); pc += GETARG_Bx(i); i = *(pc++); lua_assert(GET_OPCODE(i) == OP_TFORCALL && ra == RA(i)); goto l_tforcall; } vmcase(OP_TFORCALL) { l_tforcall: memcpy(ra + 4, ra, 3 * sizeof(*ra)); L->top = ra + 4 + 3; ProtectNT(luaD_call(L, ra + 4, GETARG_C(i))); updatestack(ci); i = *(pc++); lua_assert(GET_OPCODE(i) == OP_TFORLOOP && ra == RA(i)); goto l_tforloop; } vmcase(OP_TFORLOOP) { l_tforloop: if (!ttisnil(s2v(ra + 4))) { setobjs2s(L, ra + 2, ra + 4); pc -= GETARG_Bx(i); } vmbreak; } vmcase(OP_SETLIST) { int n = GETARG_B(i); unsigned int last = GETARG_C(i); Table *h = hvalue(s2v(ra)); if (n == 0) n = cast_int(L->top - ra) - 1; else L->top = ci->top; last += n; if (TESTARG_k(i)) { last += GETARG_Ax(*pc) * (MAXARG_C + 1); pc++; } if (last > luaH_realasize(h)) luaH_resizearray(L, h, last); for (; n > 0; n--) { TValue *val = s2v(ra + n); setobj2t(L, &h->array[last - 1], val); last--; luaC_barrierback(L, obj2gco(h), val); } vmbreak; } vmcase(OP_CLOSURE) { Proto *p = cl->p->p[GETARG_Bx(i)]; halfProtect(pushclosure(L, p, cl->upvals, base, ra)); checkGC(L, ra + 1); vmbreak; } vmcase(OP_VARARG) { int n = GETARG_C(i) - 1; Protect(luaT_getvarargs(L, ci, ra, n)); vmbreak; } vmcase(OP_VARARGPREP) { ProtectNT(luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p)); if (trap) { luaD_hookcall(L, ci); L->oldpc = pc + 1; } updatebase(ci); vmbreak; } vmcase(OP_EXTRAARG) { lua_assert(0); vmbreak; } } } }",visit repo url,lvm.c,https://github.com/lua/lua,42746314208186,1 5094,CWE-190,"_PyMemoTable_ResizeTable(PyMemoTable *self, Py_ssize_t min_size) { PyMemoEntry *oldtable = NULL; PyMemoEntry *oldentry, *newentry; Py_ssize_t new_size = MT_MINSIZE; Py_ssize_t to_process; assert(min_size > 0); while (new_size < min_size && new_size > 0) new_size <<= 1; if (new_size <= 0) { PyErr_NoMemory(); return -1; } assert((new_size & (new_size - 1)) == 0); oldtable = self->mt_table; self->mt_table = PyMem_NEW(PyMemoEntry, new_size); if (self->mt_table == NULL) { self->mt_table = oldtable; PyErr_NoMemory(); return -1; } self->mt_allocated = new_size; self->mt_mask = new_size - 1; memset(self->mt_table, 0, sizeof(PyMemoEntry) * new_size); to_process = self->mt_used; for (oldentry = oldtable; to_process > 0; oldentry++) { if (oldentry->me_key != NULL) { to_process--; newentry = _PyMemoTable_Lookup(self, oldentry->me_key); newentry->me_key = oldentry->me_key; newentry->me_value = oldentry->me_value; } } PyMem_FREE(oldtable); return 0; }",visit repo url,Modules/_pickle.c,https://github.com/python/cpython,263078751386667,1 5153,['CWE-20'],"static void handle_invalid_guest_state(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { struct vcpu_vmx *vmx = to_vmx(vcpu); enum emulation_result err = EMULATE_DONE; preempt_enable(); local_irq_enable(); while (!guest_state_valid(vcpu)) { err = emulate_instruction(vcpu, kvm_run, 0, 0, 0); if (err == EMULATE_DO_MMIO) break; if (err != EMULATE_DONE) { kvm_report_emulation_failure(vcpu, ""emulation failure""); return; } if (signal_pending(current)) break; if (need_resched()) schedule(); } local_irq_disable(); preempt_disable(); vmx->invalid_state_emulation_result = err; }",linux-2.6,,,72138344135478157467734499324166316627,0 4567,['CWE-399'],"static inline void ext4_blocks_count_set(struct ext4_super_block *es, ext4_fsblk_t blk) { es->s_blocks_count_lo = cpu_to_le32((u32)blk); es->s_blocks_count_hi = cpu_to_le32(blk >> 32);",linux-2.6,,,118443389166636404266519386186093438069,0 756,['CWE-119'],"isdn_net_unbind_channel(isdn_net_local * lp) { skb_queue_purge(&lp->super_tx_queue); if (!lp->master) { qdisc_reset(lp->netdev->dev->qdisc); } lp->dialstate = 0; dev->rx_netdev[isdn_dc2minor(lp->isdn_device, lp->isdn_channel)] = NULL; dev->st_netdev[isdn_dc2minor(lp->isdn_device, lp->isdn_channel)] = NULL; isdn_free_channel(lp->isdn_device, lp->isdn_channel, ISDN_USAGE_NET); lp->flags &= ~ISDN_NET_CONNECTED; lp->isdn_device = -1; lp->isdn_channel = -1; }",linux-2.6,,,177104893008368287026666993866794770629,0 4230,['CWE-399'],"static inline struct sk_buff *dev_dequeue_skb(struct net_device *dev, struct Qdisc *q) { struct sk_buff *skb; if ((skb = dev->gso_skb)) dev->gso_skb = NULL; else skb = q->dequeue(q); return skb; }",linux-2.6,,,179429601436077296954538897922513235001,0 6318,['CWE-200'],"static struct tc_action *create_a(int i) { struct tc_action *act; act = kmalloc(sizeof(*act), GFP_KERNEL); if (act == NULL) { printk(""create_a: failed to alloc!\n""); return NULL; } memset(act, 0, sizeof(*act)); act->order = i; return act; }",linux-2.6,,,130840314106889737811720293931943707355,0 3673,CWE-787,"hb_set_symmetric_difference (hb_set_t *set, const hb_set_t *other) { if (unlikely (hb_object_is_immutable (set))) return; set->symmetric_difference (*other); }",visit repo url,src/hb-set.cc,https://github.com/harfbuzz/harfbuzz,100598197416210,1 471,[],"pfm_restore_dbrs(unsigned long *dbrs, unsigned int ndbrs) { int i; for (i=0; i < ndbrs; i++) { ia64_set_dbr(i, dbrs[i]); ia64_dv_serialize_data(); } ia64_srlz_d(); }",linux-2.6,,,90708145912121718745662570871743697441,0 5448,['CWE-476'],"int kvm_arch_set_memory_region(struct kvm *kvm, struct kvm_userspace_memory_region *mem, struct kvm_memory_slot old, int user_alloc) { int npages = mem->memory_size >> PAGE_SHIFT; struct kvm_memory_slot *memslot = &kvm->memslots[mem->slot]; if (!user_alloc) { if (npages && !old.rmap) { unsigned long userspace_addr; down_write(¤t->mm->mmap_sem); userspace_addr = do_mmap(NULL, 0, npages * PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, 0); up_write(¤t->mm->mmap_sem); if (IS_ERR((void *)userspace_addr)) return PTR_ERR((void *)userspace_addr); spin_lock(&kvm->mmu_lock); memslot->userspace_addr = userspace_addr; spin_unlock(&kvm->mmu_lock); } else { if (!old.user_alloc && old.rmap) { int ret; down_write(¤t->mm->mmap_sem); ret = do_munmap(current->mm, old.userspace_addr, old.npages * PAGE_SIZE); up_write(¤t->mm->mmap_sem); if (ret < 0) printk(KERN_WARNING ""kvm_vm_ioctl_set_memory_region: "" ""failed to munmap memory\n""); } } } if (!kvm->arch.n_requested_mmu_pages) { unsigned int nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm); kvm_mmu_change_mmu_pages(kvm, nr_mmu_pages); } kvm_mmu_slot_remove_write_access(kvm, mem->slot); kvm_flush_remote_tlbs(kvm); return 0; }",linux-2.6,,,322606305788976712043046858609253833953,0 1594,[],"static void account_guest_time(struct task_struct *p, cputime_t cputime) { cputime64_t tmp; struct cpu_usage_stat *cpustat = &kstat_this_cpu.cpustat; tmp = cputime_to_cputime64(cputime); p->utime = cputime_add(p->utime, cputime); p->gtime = cputime_add(p->gtime, cputime); cpustat->user = cputime64_add(cpustat->user, tmp); cpustat->guest = cputime64_add(cpustat->guest, tmp); }",linux-2.6,,,41714403122335041379501146379936128834,0 5440,['CWE-476'],"int kvm_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) { return kvm_x86_ops->set_msr(vcpu, msr_index, data); }",linux-2.6,,,214732948711421320738725563987201391473,0 5916,['CWE-909'],"static int tc_dump_tclass_qdisc(struct Qdisc *q, struct sk_buff *skb, struct tcmsg *tcm, struct netlink_callback *cb, int *t_p, int s_t) { struct qdisc_dump_args arg; if (tc_qdisc_dump_ignore(q) || *t_p < s_t || !q->ops->cl_ops || (tcm->tcm_parent && TC_H_MAJ(tcm->tcm_parent) != q->handle)) { (*t_p)++; return 0; } if (*t_p > s_t) memset(&cb->args[1], 0, sizeof(cb->args)-sizeof(cb->args[0])); arg.w.fn = qdisc_class_dump; arg.skb = skb; arg.cb = cb; arg.w.stop = 0; arg.w.skip = cb->args[1]; arg.w.count = 0; q->ops->cl_ops->walk(q, &arg.w); cb->args[1] = arg.w.count; if (arg.w.stop) return -1; (*t_p)++; return 0; }",linux-2.6,,,79973763761415562672335286216720169224,0 1853,CWE-416,"void rose_start_idletimer(struct sock *sk) { struct rose_sock *rose = rose_sk(sk); del_timer(&rose->idletimer); if (rose->idle > 0) { rose->idletimer.function = rose_idletimer_expiry; rose->idletimer.expires = jiffies + rose->idle; add_timer(&rose->idletimer); } }",visit repo url,net/rose/rose_timer.c,https://github.com/torvalds/linux,239583500859241,1 5893,CWE-787,"static PyObject* patch(PyObject* self, PyObject* args) { char *origData, *newData, *diffBlock, *extraBlock, *diffPtr, *extraPtr; Py_ssize_t origDataLength, newDataLength, diffBlockLength, extraBlockLength; PyObject *controlTuples, *tuple, *results; off_t oldpos, newpos, x, y, z; int i, j, numTuples; if (!PyArg_ParseTuple(args, ""s#nO!s#s#"", &origData, &origDataLength, &newDataLength, &PyList_Type, &controlTuples, &diffBlock, &diffBlockLength, &extraBlock, &extraBlockLength)) return NULL; newData = PyMem_Malloc(newDataLength + 1); if (!newData) return PyErr_NoMemory(); oldpos = 0; newpos = 0; diffPtr = diffBlock; extraPtr = extraBlock; numTuples = PyList_GET_SIZE(controlTuples); for (i = 0; i < numTuples; i++) { tuple = PyList_GET_ITEM(controlTuples, i); if (!PyTuple_Check(tuple)) { PyMem_Free(newData); PyErr_SetString(PyExc_TypeError, ""expecting tuple""); return NULL; } if (PyTuple_GET_SIZE(tuple) != 3) { PyMem_Free(newData); PyErr_SetString(PyExc_TypeError, ""expecting tuple of size 3""); return NULL; } x = PyLong_AsLong(PyTuple_GET_ITEM(tuple, 0)); y = PyLong_AsLong(PyTuple_GET_ITEM(tuple, 1)); z = PyLong_AsLong(PyTuple_GET_ITEM(tuple, 2)); if (newpos + x > newDataLength || diffPtr + x > diffBlock + diffBlockLength || extraPtr + y > extraBlock + extraBlockLength) { PyMem_Free(newData); PyErr_SetString(PyExc_ValueError, ""corrupt patch (overflow)""); return NULL; } memcpy(newData + newpos, diffPtr, x); diffPtr += x; for (j = 0; j < x; j++) if ((oldpos + j >= 0) && (oldpos + j < origDataLength)) newData[newpos + j] += origData[oldpos + j]; newpos += x; oldpos += x; memcpy(newData + newpos, extraPtr, y); extraPtr += y; newpos += y; oldpos += z; } if (newpos != newDataLength || diffPtr != diffBlock + diffBlockLength || extraPtr != extraBlock + extraBlockLength) { PyMem_Free(newData); PyErr_SetString(PyExc_ValueError, ""corrupt patch (underflow)""); return NULL; } results = PyBytes_FromStringAndSize(newData, newDataLength); PyMem_Free(newData); return results; }",visit repo url,bsdiff4/core.c,https://github.com/ilanschnell/bsdiff4,220590372205332,1 600,['CWE-200'],"void flush_hash_page(unsigned long va, real_pte_t pte, int psize, int local) { unsigned long hash, index, shift, hidx, slot; DBG_LOW(""flush_hash_page(va=%016x)\n"", va); pte_iterate_hashed_subpages(pte, psize, va, index, shift) { hash = hpt_hash(va, shift); hidx = __rpte_to_hidx(pte, index); if (hidx & _PTEIDX_SECONDARY) hash = ~hash; slot = (hash & htab_hash_mask) * HPTES_PER_GROUP; slot += hidx & _PTEIDX_GROUP_IX; DBG_LOW("" sub %d: hash=%x, hidx=%x\n"", index, slot, hidx); ppc_md.hpte_invalidate(slot, va, psize, local); } pte_iterate_hashed_end(); }",linux-2.6,,,288377631116290111677039166949402679283,0 3222,CWE-125,"pktap_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { uint32_t dlt, hdrlen, rectype; u_int caplen = h->caplen; u_int length = h->len; if_printer printer; const pktap_header_t *hdr; if (caplen < sizeof(pktap_header_t) || length < sizeof(pktap_header_t)) { ND_PRINT((ndo, ""[|pktap]"")); return (0); } hdr = (const pktap_header_t *)p; dlt = EXTRACT_LE_32BITS(&hdr->pkt_dlt); hdrlen = EXTRACT_LE_32BITS(&hdr->pkt_len); if (hdrlen < sizeof(pktap_header_t)) { ND_PRINT((ndo, ""[|pktap]"")); return (0); } if (caplen < hdrlen || length < hdrlen) { ND_PRINT((ndo, ""[|pktap]"")); return (hdrlen); } if (ndo->ndo_eflag) pktap_header_print(ndo, p, length); length -= hdrlen; caplen -= hdrlen; p += hdrlen; rectype = EXTRACT_LE_32BITS(&hdr->pkt_rectype); switch (rectype) { case PKT_REC_NONE: ND_PRINT((ndo, ""no data"")); break; case PKT_REC_PACKET: if ((printer = lookup_printer(dlt)) != NULL) { hdrlen += printer(ndo, h, p); } else { if (!ndo->ndo_eflag) pktap_header_print(ndo, (const u_char *)hdr, length + hdrlen); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); } break; } return (hdrlen); }",visit repo url,print-pktap.c,https://github.com/the-tcpdump-group/tcpdump,261462061301376,1 4720,['CWE-20'],"static ssize_t ext4_quota_write(struct super_block *sb, int type, const char *data, size_t len, loff_t off) { struct inode *inode = sb_dqopt(sb)->files[type]; ext4_lblk_t blk = off >> EXT4_BLOCK_SIZE_BITS(sb); int err = 0; int offset = off & (sb->s_blocksize - 1); int tocopy; int journal_quota = EXT4_SB(sb)->s_qf_names[type] != NULL; size_t towrite = len; struct buffer_head *bh; handle_t *handle = journal_current_handle(); if (EXT4_SB(sb)->s_journal && !handle) { printk(KERN_WARNING ""EXT4-fs: Quota write (off=%llu, len=%llu)"" "" cancelled because transaction is not started.\n"", (unsigned long long)off, (unsigned long long)len); return -EIO; } mutex_lock_nested(&inode->i_mutex, I_MUTEX_QUOTA); while (towrite > 0) { tocopy = sb->s_blocksize - offset < towrite ? sb->s_blocksize - offset : towrite; bh = ext4_bread(handle, inode, blk, 1, &err); if (!bh) goto out; if (journal_quota) { err = ext4_journal_get_write_access(handle, bh); if (err) { brelse(bh); goto out; } } lock_buffer(bh); memcpy(bh->b_data+offset, data, tocopy); flush_dcache_page(bh->b_page); unlock_buffer(bh); if (journal_quota) err = ext4_handle_dirty_metadata(handle, NULL, bh); else { err = ext4_jbd2_file_inode(handle, inode); mark_buffer_dirty(bh); } brelse(bh); if (err) goto out; offset = 0; towrite -= tocopy; data += tocopy; blk++; } out: if (len == towrite) { mutex_unlock(&inode->i_mutex); return err; } if (inode->i_size < off+len-towrite) { i_size_write(inode, off+len-towrite); EXT4_I(inode)->i_disksize = inode->i_size; } inode->i_mtime = inode->i_ctime = CURRENT_TIME; ext4_mark_inode_dirty(handle, inode); mutex_unlock(&inode->i_mutex); return len - towrite; }",linux-2.6,,,111193050023287868055997505546547492075,0 131,[],"copy_iocb(long nr, u32 __user *ptr32, struct iocb __user * __user *ptr64) { compat_uptr_t uptr; int i; for (i = 0; i < nr; ++i) { if (get_user(uptr, ptr32 + i)) return -EFAULT; if (put_user(compat_ptr(uptr), ptr64 + i)) return -EFAULT; } return 0; }",linux-2.6,,,285071509753662471282006248381164771622,0 4593,CWE-190,"s32 hevc_parse_slice_segment(GF_BitStream *bs, HEVCState *hevc, HEVCSliceInfo *si) { u32 i, j; u32 num_ref_idx_l0_active = 0, num_ref_idx_l1_active = 0; HEVC_PPS *pps; HEVC_SPS *sps; s32 pps_id; Bool RapPicFlag = GF_FALSE; Bool IDRPicFlag = GF_FALSE; si->first_slice_segment_in_pic_flag = gf_bs_read_int_log(bs, 1, ""first_slice_segment_in_pic_flag""); switch (si->nal_unit_type) { case GF_HEVC_NALU_SLICE_IDR_W_DLP: case GF_HEVC_NALU_SLICE_IDR_N_LP: IDRPicFlag = GF_TRUE; RapPicFlag = GF_TRUE; break; case GF_HEVC_NALU_SLICE_BLA_W_LP: case GF_HEVC_NALU_SLICE_BLA_W_DLP: case GF_HEVC_NALU_SLICE_BLA_N_LP: case GF_HEVC_NALU_SLICE_CRA: RapPicFlag = GF_TRUE; break; } if (RapPicFlag) { gf_bs_read_int_log(bs, 1, ""no_output_of_prior_pics_flag""); } pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if (pps_id >= 64) return -1; pps = &hevc->pps[pps_id]; sps = &hevc->sps[pps->sps_id]; si->sps = sps; si->pps = pps; if (!si->first_slice_segment_in_pic_flag && pps->dependent_slice_segments_enabled_flag) { si->dependent_slice_segment_flag = gf_bs_read_int_log(bs, 1, ""dependent_slice_segment_flag""); } else { si->dependent_slice_segment_flag = GF_FALSE; } if (!si->first_slice_segment_in_pic_flag) { si->slice_segment_address = gf_bs_read_int_log(bs, sps->bitsSliceSegmentAddress, ""slice_segment_address""); } else { si->slice_segment_address = 0; } if (!si->dependent_slice_segment_flag) { Bool deblocking_filter_override_flag = 0; Bool slice_temporal_mvp_enabled_flag = 0; Bool slice_sao_luma_flag = 0; Bool slice_sao_chroma_flag = 0; Bool slice_deblocking_filter_disabled_flag = 0; gf_bs_read_int_log(bs, pps->num_extra_slice_header_bits, ""slice_reserved_undetermined_flag""); si->slice_type = gf_bs_read_ue_log(bs, ""slice_type""); if (pps->output_flag_present_flag) gf_bs_read_int_log(bs, 1, ""pic_output_flag""); if (sps->separate_colour_plane_flag == 1) gf_bs_read_int_log(bs, 2, ""colour_plane_id""); if (IDRPicFlag) { si->poc_lsb = 0; if (!hevc->full_slice_header_parse) return 0; } else { si->poc_lsb = gf_bs_read_int_log(bs, sps->log2_max_pic_order_cnt_lsb, ""poc_lsb""); if (!hevc->full_slice_header_parse) return 0; if (gf_bs_read_int_log(bs, 1, ""short_term_ref_pic_set_sps_flag"") == 0) { Bool ret = hevc_parse_short_term_ref_pic_set(bs, sps, sps->num_short_term_ref_pic_sets); if (!ret) return -1; } else if (sps->num_short_term_ref_pic_sets > 1) { u32 numbits = 0; while ((u32)(1 << numbits) < sps->num_short_term_ref_pic_sets) numbits++; if (numbits > 0) gf_bs_read_int_log(bs, numbits, ""short_term_ref_pic_set_idx""); } if (sps->long_term_ref_pics_present_flag) { u8 DeltaPocMsbCycleLt[32]; u32 num_long_term_sps = 0; u32 num_long_term_pics = 0; memset(DeltaPocMsbCycleLt, 0, sizeof(u8) * 32); if (sps->num_long_term_ref_pic_sps > 0) { num_long_term_sps = gf_bs_read_ue_log(bs, ""num_long_term_sps""); } num_long_term_pics = gf_bs_read_ue_log(bs, ""num_long_term_pics""); for (i = 0; i < num_long_term_sps + num_long_term_pics; i++) { if (i < num_long_term_sps) { if (sps->num_long_term_ref_pic_sps > 1) gf_bs_read_int_log_idx(bs, gf_get_bit_size(sps->num_long_term_ref_pic_sps), ""lt_idx_sps"", i); } else { gf_bs_read_int_log_idx(bs, sps->log2_max_pic_order_cnt_lsb, ""PocLsbLt"", i); gf_bs_read_int_log_idx(bs, 1, ""UsedByCurrPicLt"", i); } if (gf_bs_read_int_log_idx(bs, 1, ""delta_poc_msb_present_flag"", i)) { if (i == 0 || i == num_long_term_sps) DeltaPocMsbCycleLt[i] = gf_bs_read_ue_log_idx(bs, ""DeltaPocMsbCycleLt"", i); else DeltaPocMsbCycleLt[i] = gf_bs_read_ue_log_idx(bs, ""DeltaPocMsbCycleLt"", i) + DeltaPocMsbCycleLt[i - 1]; } } } if (sps->temporal_mvp_enable_flag) slice_temporal_mvp_enabled_flag = gf_bs_read_int_log(bs, 1, ""slice_temporal_mvp_enabled_flag""); } if (sps->sample_adaptive_offset_enabled_flag) { u32 ChromaArrayType = sps->separate_colour_plane_flag ? 0 : sps->chroma_format_idc; slice_sao_luma_flag = gf_bs_read_int_log(bs, 1, ""slice_sao_luma_flag""); if (ChromaArrayType != 0) slice_sao_chroma_flag = gf_bs_read_int_log(bs, 1, ""slice_sao_chroma_flag""); } if (si->slice_type == GF_HEVC_SLICE_TYPE_P || si->slice_type == GF_HEVC_SLICE_TYPE_B) { num_ref_idx_l0_active = pps->num_ref_idx_l0_default_active; num_ref_idx_l1_active = 0; if (si->slice_type == GF_HEVC_SLICE_TYPE_B) num_ref_idx_l1_active = pps->num_ref_idx_l1_default_active; if (gf_bs_read_int_log(bs, 1, ""num_ref_idx_active_override_flag"")) { num_ref_idx_l0_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l0_active""); if (si->slice_type == GF_HEVC_SLICE_TYPE_B) num_ref_idx_l1_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l1_active""); } if (pps->lists_modification_present_flag ) { if (!ref_pic_lists_modification(bs, si->slice_type, num_ref_idx_l0_active, num_ref_idx_l1_active)) { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[hevc] ref_pic_lists_modification( ) not implemented\n"")); return -1; } } if (si->slice_type == GF_HEVC_SLICE_TYPE_B) gf_bs_read_int_log(bs, 1, ""mvd_l1_zero_flag""); if (pps->cabac_init_present_flag) gf_bs_read_int_log(bs, 1, ""cabac_init_flag""); if (slice_temporal_mvp_enabled_flag) { Bool collocated_from_l0_flag = 1; if (si->slice_type == GF_HEVC_SLICE_TYPE_B) collocated_from_l0_flag = gf_bs_read_int_log(bs, 1, ""collocated_from_l0_flag""); if ((collocated_from_l0_flag && (num_ref_idx_l0_active > 1)) || (!collocated_from_l0_flag && (num_ref_idx_l1_active > 1)) ) { gf_bs_read_ue_log(bs, ""collocated_ref_idx""); } } if ((pps->weighted_pred_flag && si->slice_type == GF_HEVC_SLICE_TYPE_P) || (pps->weighted_bipred_flag && si->slice_type == GF_HEVC_SLICE_TYPE_B) ) { hevc_pred_weight_table(bs, hevc, si, pps, sps, num_ref_idx_l0_active, num_ref_idx_l1_active); } gf_bs_read_ue_log(bs, ""five_minus_max_num_merge_cand""); } si->slice_qp_delta_start_bits = (s32) (gf_bs_get_position(bs) - 1) * 8 + gf_bs_get_bit_position(bs); si->slice_qp_delta = gf_bs_read_se_log(bs, ""slice_qp_delta""); if (pps->slice_chroma_qp_offsets_present_flag) { gf_bs_read_se_log(bs, ""slice_cb_qp_offset""); gf_bs_read_se_log(bs, ""slice_cr_qp_offset""); } if (pps->deblocking_filter_override_enabled_flag) { deblocking_filter_override_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_override_flag""); } if (deblocking_filter_override_flag) { slice_deblocking_filter_disabled_flag = gf_bs_read_int_log(bs, 1, ""slice_deblocking_filter_disabled_flag""); if (!slice_deblocking_filter_disabled_flag) { gf_bs_read_se_log(bs, ""slice_beta_offset_div2""); gf_bs_read_se_log(bs, ""slice_tc_offset_div2""); } } if (pps->loop_filter_across_slices_enabled_flag && (slice_sao_luma_flag || slice_sao_chroma_flag || !slice_deblocking_filter_disabled_flag) ) { gf_bs_read_int_log(bs, 1, ""slice_loop_filter_across_slices_enabled_flag""); } } else { if (!hevc->full_slice_header_parse) return 0; } si->entry_point_start_bits = ((u32)gf_bs_get_position(bs) - 1) * 8 + gf_bs_get_bit_position(bs); if (pps->tiles_enabled_flag || pps->entropy_coding_sync_enabled_flag) { u32 num_entry_point_offsets = gf_bs_read_ue_log(bs, ""num_entry_point_offsets""); if (num_entry_point_offsets > 0) { u32 offset = gf_bs_read_ue_log(bs, ""offset"") + 1; u32 segments = offset >> 4; s32 remain = (offset & 15); for (i = 0; i < num_entry_point_offsets; i++) { for (j = 0; j < segments; j++) { gf_bs_read_int(bs, 16); } if (remain) { gf_bs_read_int(bs, remain); } } } } if (pps->slice_segment_header_extension_present_flag) { u32 size_ext = gf_bs_read_ue_log(bs, ""size_ext""); while (size_ext) { gf_bs_read_int(bs, 8); size_ext--; } } si->header_size_bits = (gf_bs_get_position(bs) - 1) * 8 + gf_bs_get_bit_position(bs); if (gf_bs_read_int_log(bs, 1, ""byte_align"") == 0) { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""Error parsing slice header: byte_align not found at end of header !\n"")); } gf_bs_align(bs); si->payload_start_offset = (s32)gf_bs_get_position(bs); return 0; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,47224782058691,1 3346,[],"static inline int nlmsg_end(struct sk_buff *skb, struct nlmsghdr *nlh) { nlh->nlmsg_len = skb_tail_pointer(skb) - (unsigned char *)nlh; return skb->len; }",linux-2.6,,,113154948347364057753387670497079544517,0 6667,CWE-120,"static int pkey_GOST_ECcp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, const unsigned char *in, size_t in_len) { const unsigned char *p = in; EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx); GOST_KEY_TRANSPORT *gkt = NULL; int ret = 0; unsigned char wrappedKey[44]; unsigned char sharedKey[32]; gost_ctx ctx; const struct gost_cipher_info *param = NULL; EVP_PKEY *eph_key = NULL, *peerkey = NULL; int dgst_nid = NID_undef; if (!key) { *key_len = 32; return 1; } gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len); if (!gkt) { GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); return -1; } eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key); if (eph_key) { if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) { GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, GOST_R_INCOMPATIBLE_PEER_KEY); goto err; } } else { if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= 0) { GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, GOST_R_CTRL_CALL_FAILED); goto err; } } peerkey = EVP_PKEY_CTX_get0_peerkey(pctx); if (!peerkey) { GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, GOST_R_NO_PEER_KEY); goto err; } param = get_encryption_params(gkt->key_agreement_info->cipher); if (!param) { goto err; } gost_init(&ctx, param->sblock); OPENSSL_assert(gkt->key_agreement_info->eph_iv->length == 8); memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8); OPENSSL_assert(gkt->key_info->encrypted_key->length == 32); memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32); OPENSSL_assert(gkt->key_info->imit->length == 4); memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4); EVP_PKEY_get_default_digest_nid(priv, &dgst_nid); if (dgst_nid == NID_id_GostR3411_2012_512) dgst_nid = NID_id_GostR3411_2012_256; if (!VKO_compute_key(sharedKey, EC_KEY_get0_public_key(EVP_PKEY_get0(peerkey)), EVP_PKEY_get0(priv), wrappedKey, 8, dgst_nid)) { GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; } if (!keyUnwrapCryptoPro(&ctx, sharedKey, wrappedKey, key)) { GOSTerr(GOST_F_PKEY_GOST_ECCP_DECRYPT, GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; } ret = 1; err: OPENSSL_cleanse(sharedKey, sizeof(sharedKey)); EVP_PKEY_free(eph_key); GOST_KEY_TRANSPORT_free(gkt); return ret; }",visit repo url,gost_ec_keyx.c,https://github.com/gost-engine/engine,63018255715524,1 4525,CWE-120,"static s32 avc_parse_slice(GF_BitStream *bs, AVCState *avc, Bool svc_idr_flag, AVCSliceInfo *si) { s32 pps_id, num_ref_idx_l0_active_minus1 = 0, num_ref_idx_l1_active_minus1 = 0; gf_bs_read_ue_log(bs, ""first_mb_in_slice""); si->slice_type = gf_bs_read_ue_log(bs, ""slice_type""); if (si->slice_type > 9) return -1; pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if ((pps_id<0) || (pps_id > 255)) return -1; si->pps = &avc->pps[pps_id]; if (!si->pps->slice_group_count) return -2; if (si->pps->sps_id>=255) return -1; si->sps = &avc->sps[si->pps->sps_id]; if (!si->sps->log2_max_frame_num) return -2; avc->sps_active_idx = si->pps->sps_id; avc->pps_active_idx = pps_id; si->frame_num = gf_bs_read_int_log(bs, si->sps->log2_max_frame_num, ""frame_num""); si->field_pic_flag = 0; si->bottom_field_flag = 0; if (!si->sps->frame_mbs_only_flag) { si->field_pic_flag = gf_bs_read_int_log(bs, 1, ""field_pic_flag""); if (si->field_pic_flag) si->bottom_field_flag = gf_bs_read_int_log(bs, 1, ""bottom_field_flag""); } if ((si->nal_unit_type == GF_AVC_NALU_IDR_SLICE) || svc_idr_flag) si->idr_pic_id = gf_bs_read_ue_log(bs, ""idr_pic_id""); if (si->sps->poc_type == 0) { si->poc_lsb = gf_bs_read_int_log(bs, si->sps->log2_max_poc_lsb, ""poc_lsb""); if (si->pps->pic_order_present && !si->field_pic_flag) { si->delta_poc_bottom = gf_bs_read_se_log(bs, ""poc_lsb""); } } else if ((si->sps->poc_type == 1) && !si->sps->delta_pic_order_always_zero_flag) { si->delta_poc[0] = gf_bs_read_se_log(bs, ""delta_poc0""); if ((si->pps->pic_order_present == 1) && !si->field_pic_flag) si->delta_poc[1] = gf_bs_read_se_log(bs, ""delta_poc1""); } if (si->pps->redundant_pic_cnt_present) { si->redundant_pic_cnt = gf_bs_read_ue_log(bs, ""redundant_pic_cnt""); } if (si->slice_type % 5 == GF_AVC_TYPE_B) { gf_bs_read_int_log(bs, 1, ""direct_spatial_mv_pred_flag""); } num_ref_idx_l0_active_minus1 = si->pps->num_ref_idx_l0_default_active_minus1; num_ref_idx_l1_active_minus1 = si->pps->num_ref_idx_l1_default_active_minus1; if (si->slice_type % 5 == GF_AVC_TYPE_P || si->slice_type % 5 == GF_AVC_TYPE_SP || si->slice_type % 5 == GF_AVC_TYPE_B) { Bool num_ref_idx_active_override_flag = gf_bs_read_int_log(bs, 1, ""num_ref_idx_active_override_flag""); if (num_ref_idx_active_override_flag) { num_ref_idx_l0_active_minus1 = gf_bs_read_ue_log(bs, ""num_ref_idx_l0_active_minus1""); if (si->slice_type % 5 == GF_AVC_TYPE_B) { num_ref_idx_l1_active_minus1 = gf_bs_read_ue_log(bs, ""num_ref_idx_l1_active_minus1""); } } } if (si->nal_unit_type == 20 || si->nal_unit_type == 21) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[avc-h264] unimplemented ref_pic_list_mvc_modification() in slide header\n"")); assert(0); return -1; } else { ref_pic_list_modification(bs, si->slice_type); } if ((si->pps->weighted_pred_flag && (si->slice_type % 5 == GF_AVC_TYPE_P || si->slice_type % 5 == GF_AVC_TYPE_SP)) || (si->pps->weighted_bipred_idc == 1 && si->slice_type % 5 == GF_AVC_TYPE_B)) { avc_pred_weight_table(bs, si->slice_type, si->sps->ChromaArrayType, num_ref_idx_l0_active_minus1, num_ref_idx_l1_active_minus1); } if (si->nal_ref_idc != 0) { dec_ref_pic_marking(bs, (si->nal_unit_type == GF_AVC_NALU_IDR_SLICE)); } if (si->pps->entropy_coding_mode_flag && si->slice_type % 5 != GF_AVC_TYPE_I && si->slice_type % 5 != GF_AVC_TYPE_SI) { gf_bs_read_ue_log(bs, ""cabac_init_idc""); } gf_bs_read_se(bs); if (si->slice_type % 5 == GF_AVC_TYPE_SP || si->slice_type % 5 == GF_AVC_TYPE_SI) { if (si->slice_type % 5 == GF_AVC_TYPE_SP) { gf_bs_read_int_log(bs, 1, ""sp_for_switch_flag""); } gf_bs_read_se_log(bs, ""slice_qs_delta""); } if (si->pps->deblocking_filter_control_present_flag) { if (gf_bs_read_ue_log(bs, ""disable_deblocking_filter_idc"") != 1) { gf_bs_read_se_log(bs, ""slice_alpha_c0_offset_div2""); gf_bs_read_se_log(bs, ""slice_beta_offset_div2""); } } if (si->pps->slice_group_count > 1 && si->pps->mb_slice_group_map_type >= 3 && si->pps->mb_slice_group_map_type <= 5) { gf_bs_read_int_log(bs, (u32)ceil(log1p((si->pps->pic_size_in_map_units_minus1 + 1) / (si->pps->slice_group_change_rate_minus1 + 1) ) / log(2)), ""slice_group_change_cycle""); } return 0; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,261724771648499,1 2891,CWE-119,"swabHorDiff16(TIFF* tif, uint8* cp0, tmsize_t cc) { uint16* wp = (uint16*) cp0; tmsize_t wc = cc / 2; horDiff16(tif, cp0, cc); TIFFSwabArrayOfShort(wp, wc); }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,132635291047630,1 657,CWE-399,"static struct kioctx *ioctx_alloc(unsigned nr_events) { struct mm_struct *mm = current->mm; struct kioctx *ctx; int err = -ENOMEM; nr_events = max(nr_events, num_possible_cpus() * 4); nr_events *= 2; if ((nr_events > (0x10000000U / sizeof(struct io_event))) || (nr_events > (0x10000000U / sizeof(struct kiocb)))) { pr_debug(""ENOMEM: nr_events too high\n""); return ERR_PTR(-EINVAL); } if (!nr_events || (unsigned long)nr_events > (aio_max_nr * 2UL)) return ERR_PTR(-EAGAIN); ctx = kmem_cache_zalloc(kioctx_cachep, GFP_KERNEL); if (!ctx) return ERR_PTR(-ENOMEM); ctx->max_reqs = nr_events; if (percpu_ref_init(&ctx->users, free_ioctx_users)) goto err; if (percpu_ref_init(&ctx->reqs, free_ioctx_reqs)) goto err; spin_lock_init(&ctx->ctx_lock); spin_lock_init(&ctx->completion_lock); mutex_init(&ctx->ring_lock); init_waitqueue_head(&ctx->wait); INIT_LIST_HEAD(&ctx->active_reqs); ctx->cpu = alloc_percpu(struct kioctx_cpu); if (!ctx->cpu) goto err; if (aio_setup_ring(ctx) < 0) goto err; atomic_set(&ctx->reqs_available, ctx->nr_events - 1); ctx->req_batch = (ctx->nr_events - 1) / (num_possible_cpus() * 4); if (ctx->req_batch < 1) ctx->req_batch = 1; spin_lock(&aio_nr_lock); if (aio_nr + nr_events > (aio_max_nr * 2UL) || aio_nr + nr_events < aio_nr) { spin_unlock(&aio_nr_lock); err = -EAGAIN; goto err; } aio_nr += ctx->max_reqs; spin_unlock(&aio_nr_lock); percpu_ref_get(&ctx->users); err = ioctx_add_table(ctx, mm); if (err) goto err_cleanup; pr_debug(""allocated ioctx %p[%ld]: mm=%p mask=0x%x\n"", ctx, ctx->user_id, mm, ctx->nr_events); return ctx; err_cleanup: aio_nr_sub(ctx->max_reqs); err: aio_free_ring(ctx); free_percpu(ctx->cpu); free_percpu(ctx->reqs.pcpu_count); free_percpu(ctx->users.pcpu_count); kmem_cache_free(kioctx_cachep, ctx); pr_debug(""error allocating ioctx %d\n"", err); return ERR_PTR(err); }",visit repo url,fs/aio.c,https://github.com/torvalds/linux,169977660825253,1 2790,CWE-787,"static BOOL gdi_Bitmap_Decompress(rdpContext* context, rdpBitmap* bitmap, const BYTE* pSrcData, UINT32 DstWidth, UINT32 DstHeight, UINT32 bpp, UINT32 length, BOOL compressed, UINT32 codecId) { UINT32 SrcSize = length; rdpGdi* gdi = context->gdi; bitmap->compressed = FALSE; bitmap->format = gdi->dstFormat; bitmap->length = DstWidth * DstHeight * GetBytesPerPixel(bitmap->format); bitmap->data = (BYTE*) _aligned_malloc(bitmap->length, 16); if (!bitmap->data) return FALSE; if (compressed) { if (bpp < 32) { if (!interleaved_decompress(context->codecs->interleaved, pSrcData, SrcSize, DstWidth, DstHeight, bpp, bitmap->data, bitmap->format, 0, 0, 0, DstWidth, DstHeight, &gdi->palette)) return FALSE; } else { if (!planar_decompress(context->codecs->planar, pSrcData, SrcSize, DstWidth, DstHeight, bitmap->data, bitmap->format, 0, 0, 0, DstWidth, DstHeight, TRUE)) return FALSE; } } else { const UINT32 SrcFormat = gdi_get_pixel_format(bpp); const size_t sbpp = GetBytesPerPixel(SrcFormat); const size_t dbpp = GetBytesPerPixel(bitmap->format); if ((sbpp == 0) || (dbpp == 0)) return FALSE; else { const size_t dstSize = SrcSize * dbpp / sbpp; if (dstSize < bitmap->length) return FALSE; } if (!freerdp_image_copy(bitmap->data, bitmap->format, 0, 0, 0, DstWidth, DstHeight, pSrcData, SrcFormat, 0, 0, 0, &gdi->palette, FREERDP_FLIP_VERTICAL)) return FALSE; } return TRUE; }",visit repo url,libfreerdp/gdi/graphics.c,https://github.com/FreeRDP/FreeRDP,226010083230773,1 2998,['CWE-189'],"int jpc_pi_next(jpc_pi_t *pi) { jpc_pchg_t *pchg; int ret; for (;;) { pi->valid = false; if (!pi->pchg) { ++pi->pchgno; pi->compno = 0; pi->rlvlno = 0; pi->prcno = 0; pi->lyrno = 0; pi->prgvolfirst = true; if (pi->pchgno < jpc_pchglist_numpchgs(pi->pchglist)) { pi->pchg = jpc_pchglist_get(pi->pchglist, pi->pchgno); } else if (pi->pchgno == jpc_pchglist_numpchgs(pi->pchglist)) { pi->pchg = &pi->defaultpchg; } else { return 1; } } pchg = pi->pchg; switch (pchg->prgord) { case JPC_COD_LRCPPRG: ret = jpc_pi_nextlrcp(pi); break; case JPC_COD_RLCPPRG: ret = jpc_pi_nextrlcp(pi); break; case JPC_COD_RPCLPRG: ret = jpc_pi_nextrpcl(pi); break; case JPC_COD_PCRLPRG: ret = jpc_pi_nextpcrl(pi); break; case JPC_COD_CPRLPRG: ret = jpc_pi_nextcprl(pi); break; default: ret = -1; break; } if (!ret) { pi->valid = true; ++pi->pktno; return 0; } pi->pchg = 0; } }",jasper,,,202994623460319454280512412778370492380,0 228,[],"static int __init atalk_init(void) { (void)sock_register(&atalk_family_ops); ddp_dl = register_snap_client(ddp_snap_id, atalk_rcv); if (!ddp_dl) printk(atalk_err_snap); dev_add_pack(<alk_packet_type); dev_add_pack(&ppptalk_packet_type); register_netdevice_notifier(&ddp_notifier); aarp_proto_init(); atalk_proc_init(); atalk_register_sysctl(); printk(atalk_banner); return 0; }",history,,,125490530139080543137285306661048487972,0 628,CWE-20,"int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *isk = inet_sk(sk); int family = sk->sk_family; struct sockaddr_in *sin; struct sockaddr_in6 *sin6; struct sk_buff *skb; int copied, err; pr_debug(""ping_recvmsg(sk=%p,sk->num=%u)\n"", isk, isk->inet_num); err = -EOPNOTSUPP; if (flags & MSG_OOB) goto out; if (addr_len) { if (family == AF_INET) *addr_len = sizeof(*sin); else if (family == AF_INET6 && addr_len) *addr_len = sizeof(*sin6); } if (flags & MSG_ERRQUEUE) { if (family == AF_INET) { return ip_recv_error(sk, msg, len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { return pingv6_ops.ipv6_recv_error(sk, msg, len); #endif } } skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_timestamp(msg, sk, skb); if (family == AF_INET) { sin = (struct sockaddr_in *) msg->msg_name; sin->sin_family = AF_INET; sin->sin_port = 0 ; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); if (isk->cmsg_flags) ip_cmsg_recv(msg, skb); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { struct ipv6_pinfo *np = inet6_sk(sk); struct ipv6hdr *ip6 = ipv6_hdr(skb); sin6 = (struct sockaddr_in6 *) msg->msg_name; sin6->sin6_family = AF_INET6; sin6->sin6_port = 0; sin6->sin6_addr = ip6->saddr; sin6->sin6_flowinfo = 0; if (np->sndflow) sin6->sin6_flowinfo = ip6_flowinfo(ip6); sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); if (inet6_sk(sk)->rxopt.all) pingv6_ops.ip6_datagram_recv_ctl(sk, msg, skb); #endif } else { BUG(); } err = copied; done: skb_free_datagram(sk, skb); out: pr_debug(""ping_recvmsg -> %d\n"", err); return err; }",visit repo url,net/ipv4/ping.c,https://github.com/torvalds/linux,75563104669123,1 6679,CWE-330,"uint16_t mesg_id (void) { static uint16_t id = 0; if (!id) { srandom (time (NULL)); id = random (); } id++; if (T.debug > 4) syslog (LOG_DEBUG, ""mesg_id() = %d"", id); return id; }",visit repo url,ne_mesg.c,https://github.com/fwdillema/totd,2798763035512,1 82,CWE-772,"setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { ret.code = kadm5_setkey_principal((void *)handle, arg->princ, arg->keyblocks, arg->n_keys); } else { log_unauth(""kadm5_setkey_principal"", prime_arg, &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_SETKEY; } if(ret.code != KADM5_AUTH_SETKEY) { if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_setkey_principal"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,245176760863886,1 4184,['CWE-399'],"static void reflect_response(AvahiServer *s, AvahiInterface *i, AvahiRecord *r, int flush_cache) { AvahiInterface *j; assert(s); assert(i); assert(r); if (!s->config.enable_reflector) return; for (j = s->monitor->interfaces; j; j = j->interface_next) if (j != i && (s->config.reflect_ipv || j->protocol == i->protocol)) avahi_interface_post_response(j, r, flush_cache, NULL, 1); }",avahi,,,13040851940825689852652655374110127246,0 995,['CWE-94'],"static int copy_from_user_mmap_sem(void *dst, const void __user *src, size_t n) { int partial; if (!access_ok(VERIFY_READ, src, n)) return -EFAULT; pagefault_disable(); partial = __copy_from_user_inatomic(dst, src, n); pagefault_enable(); if (unlikely(partial)) { up_read(¤t->mm->mmap_sem); partial = copy_from_user(dst, src, n); down_read(¤t->mm->mmap_sem); } return partial; }",linux-2.6,,,168479048732695470556929308434214106615,0 1530,CWE-476,"static inline int crypto_rng_seedsize(struct crypto_rng *tfm) { return tfm->seedsize; }",visit repo url,include/crypto/rng.h,https://github.com/torvalds/linux,108534664135706,1 2534,['CWE-119'],"static int similarity_index(struct diff_filepair *p) { return p->score * 100 / MAX_SCORE; }",git,,,116853690557857973863716115971967378009,0 4528,['CWE-20'],"static int dx_make_map (struct ext4_dir_entry_2 *de, int size, struct dx_hash_info *hinfo, struct dx_map_entry *map_tail) { int count = 0; char *base = (char *) de; struct dx_hash_info h = *hinfo; while ((char *) de < base + size) { if (de->name_len && de->inode) { ext4fs_dirhash(de->name, de->name_len, &h); map_tail--; map_tail->hash = h.hash; map_tail->offs = (u16) ((char *) de - base); map_tail->size = le16_to_cpu(de->rec_len); count++; cond_resched(); } de = ext4_next_entry(de); } return count; }",linux-2.6,,,169472259154793218993966048365713546736,0 3297,CWE-476,"static int parse_report(transport_smart *transport, git_push *push) { git_pkt *pkt = NULL; const char *line_end = NULL; gitno_buffer *buf = &transport->buffer; int error, recvd; git_buf data_pkt_buf = GIT_BUF_INIT; for (;;) { if (buf->offset > 0) error = git_pkt_parse_line(&pkt, buf->data, &line_end, buf->offset); else error = GIT_EBUFS; if (error < 0 && error != GIT_EBUFS) { error = -1; goto done; } if (error == GIT_EBUFS) { if ((recvd = gitno_recv(buf)) < 0) { error = recvd; goto done; } if (recvd == 0) { giterr_set(GITERR_NET, ""early EOF""); error = GIT_EEOF; goto done; } continue; } gitno_consume(buf, line_end); error = 0; if (pkt == NULL) continue; switch (pkt->type) { case GIT_PKT_DATA: error = add_push_report_sideband_pkt(push, (git_pkt_data *)pkt, &data_pkt_buf); break; case GIT_PKT_ERR: giterr_set(GITERR_NET, ""report-status: Error reported: %s"", ((git_pkt_err *)pkt)->error); error = -1; break; case GIT_PKT_PROGRESS: if (transport->progress_cb) { git_pkt_progress *p = (git_pkt_progress *) pkt; error = transport->progress_cb(p->data, p->len, transport->message_cb_payload); } break; default: error = add_push_report_pkt(push, pkt); break; } git_pkt_free(pkt); if (error == GIT_ITEROVER) { error = 0; if (data_pkt_buf.size > 0) { giterr_set(GITERR_NET, ""Incomplete pack data pkt-line""); error = GIT_ERROR; } goto done; } if (error < 0) { goto done; } } done: git_buf_free(&data_pkt_buf); return error; }",visit repo url,src/transports/smart_protocol.c,https://github.com/libgit2/libgit2,53708069932469,1 4564,CWE-1077,"static u16 swf_get_16(SWFReader *read) { u16 val, res; val = swf_read_int(read, 16); res = (val&0xFF); res <<=8; res |= ((val>>8)&0xFF); return res; }",visit repo url,src/scene_manager/swf_parse.c,https://github.com/gpac/gpac,253252893546255,1 4769,['CWE-20'],"static ssize_t ext4_quota_read(struct super_block *sb, int type, char *data, size_t len, loff_t off) { struct inode *inode = sb_dqopt(sb)->files[type]; ext4_lblk_t blk = off >> EXT4_BLOCK_SIZE_BITS(sb); int err = 0; int offset = off & (sb->s_blocksize - 1); int tocopy; size_t toread; struct buffer_head *bh; loff_t i_size = i_size_read(inode); if (off > i_size) return 0; if (off+len > i_size) len = i_size-off; toread = len; while (toread > 0) { tocopy = sb->s_blocksize - offset < toread ? sb->s_blocksize - offset : toread; bh = ext4_bread(NULL, inode, blk, 0, &err); if (err) return err; if (!bh) memset(data, 0, tocopy); else memcpy(data, bh->b_data+offset, tocopy); brelse(bh); offset = 0; toread -= tocopy; data += tocopy; blk++; } return len; }",linux-2.6,,,156237384942948520774758821840907061389,0 1538,[],"static inline void free_rt_sched_group(struct task_group *tg) { }",linux-2.6,,,8815001539003087446981017176770415494,0 6187,['CWE-200'],"int iw_handler_get_spy(struct net_device * dev, struct iw_request_info * info, union iwreq_data * wrqu, char * extra) { struct iw_spy_data * spydata = get_spydata(dev); struct sockaddr * address = (struct sockaddr *) extra; int i; if(!spydata) return -EOPNOTSUPP; wrqu->data.length = spydata->spy_number; for(i = 0; i < spydata->spy_number; i++) { memcpy(address[i].sa_data, spydata->spy_address[i], ETH_ALEN); address[i].sa_family = AF_UNIX; } if(spydata->spy_number > 0) memcpy(extra + (sizeof(struct sockaddr) *spydata->spy_number), spydata->spy_stat, sizeof(struct iw_quality) * spydata->spy_number); for(i = 0; i < spydata->spy_number; i++) spydata->spy_stat[i].updated = 0; return 0; }",linux-2.6,,,85458814101997364857229831868138212358,0 3594,CWE-476,"jp2_box_t *jp2_box_get(jas_stream_t *in) { jp2_box_t *box; jp2_boxinfo_t *boxinfo; jas_stream_t *tmpstream; uint_fast32_t len; uint_fast64_t extlen; bool dataflag; box = 0; tmpstream = 0; if (!(box = jas_malloc(sizeof(jp2_box_t)))) { goto error; } box->ops = &jp2_boxinfo_unk.ops; if (jp2_getuint32(in, &len) || jp2_getuint32(in, &box->type)) { goto error; } boxinfo = jp2_boxinfolookup(box->type); box->info = boxinfo; box->len = len; JAS_DBGLOG(10, ( ""preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n"", '""', boxinfo->name, '""', box->type, box->len )); if (box->len == 1) { if (jp2_getuint64(in, &extlen)) { goto error; } if (extlen > 0xffffffffUL) { jas_eprintf(""warning: cannot handle large 64-bit box length\n""); extlen = 0xffffffffUL; } box->len = extlen; box->datalen = extlen - JP2_BOX_HDRLEN(true); } else { box->datalen = box->len - JP2_BOX_HDRLEN(false); } if (box->len != 0 && box->len < 8) { goto error; } dataflag = !(box->info->flags & (JP2_BOX_SUPER | JP2_BOX_NODATA)); if (dataflag) { if (!(tmpstream = jas_stream_memopen(0, 0))) { goto error; } if (jas_stream_copy(tmpstream, in, box->datalen)) { jas_eprintf(""cannot copy box data\n""); goto error; } jas_stream_rewind(tmpstream); box->ops = &boxinfo->ops; if (box->ops->getdata) { if ((*box->ops->getdata)(box, tmpstream)) { jas_eprintf(""cannot parse box data\n""); goto error; } } jas_stream_close(tmpstream); } if (jas_getdbglevel() >= 1) { jp2_box_dump(box, stderr); } return box; error: if (box) { jp2_box_destroy(box); } if (tmpstream) { jas_stream_close(tmpstream); } return 0; }",visit repo url,src/libjasper/jp2/jp2_cod.c,https://github.com/mdadams/jasper,61963361022681,1 4204,['CWE-399'],"void avahi_server_free(AvahiServer* s) { assert(s); while (s->dns_server_browsers) avahi_s_dns_server_browser_free(s->dns_server_browsers); while (s->host_name_resolvers) avahi_s_host_name_resolver_free(s->host_name_resolvers); while (s->address_resolvers) avahi_s_address_resolver_free(s->address_resolvers); while (s->domain_browsers) avahi_s_domain_browser_free(s->domain_browsers); while (s->service_type_browsers) avahi_s_service_type_browser_free(s->service_type_browsers); while (s->service_browsers) avahi_s_service_browser_free(s->service_browsers); while (s->service_resolvers) avahi_s_service_resolver_free(s->service_resolvers); while (s->record_browsers) avahi_s_record_browser_destroy(s->record_browsers); while(s->entries) avahi_entry_free(s, s->entries); avahi_interface_monitor_free(s->monitor); while (s->groups) avahi_entry_group_free(s, s->groups); free_slots(s); avahi_hashmap_free(s->entries_by_key); avahi_record_list_free(s->record_list); avahi_hashmap_free(s->record_browser_hashmap); if (s->wide_area_lookup_engine) avahi_wide_area_engine_free(s->wide_area_lookup_engine); avahi_multicast_lookup_engine_free(s->multicast_lookup_engine); avahi_time_event_queue_free(s->time_event_queue); if (s->watch_ipv4) s->poll_api->watch_free(s->watch_ipv4); if (s->watch_ipv6) s->poll_api->watch_free(s->watch_ipv6); if (s->watch_legacy_unicast_ipv4) s->poll_api->watch_free(s->watch_legacy_unicast_ipv4); if (s->watch_legacy_unicast_ipv6) s->poll_api->watch_free(s->watch_legacy_unicast_ipv6); if (s->fd_ipv4 >= 0) close(s->fd_ipv4); if (s->fd_ipv6 >= 0) close(s->fd_ipv6); if (s->fd_legacy_unicast_ipv4 >= 0) close(s->fd_legacy_unicast_ipv4); if (s->fd_legacy_unicast_ipv6 >= 0) close(s->fd_legacy_unicast_ipv6); avahi_free(s->host_name); avahi_free(s->domain_name); avahi_free(s->host_name_fqdn); avahi_server_config_free(&s->config); avahi_free(s); }",avahi,,,133111120927738890695010977234784694466,0 1258,[],"substitute (struct obstack *obs, const char *victim, const char *repl, struct re_registers *regs) { int ch; for (;;) { while ((ch = *repl++) != '\\') { if (ch == '\0') return; obstack_1grow (obs, ch); } switch ((ch = *repl++)) { case '0': if (!substitute_warned) { M4ERROR ((warning_status, 0, ""\ Warning: \\0 will disappear, use \\& instead in replacements"")); substitute_warned = 1; } case '&': obstack_grow (obs, victim + regs->start[0], regs->end[0] - regs->start[0]); break; case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': ch -= '0'; if (regs->num_regs - 1 <= ch) M4ERROR ((warning_status, 0, ""Warning: sub-expression %d not present"", ch)); else if (regs->end[ch] > 0) obstack_grow (obs, victim + regs->start[ch], regs->end[ch] - regs->start[ch]); break; case '\0': M4ERROR ((warning_status, 0, ""Warning: trailing \\ ignored in replacement"")); return; default: obstack_1grow (obs, ch); break; } } }",m4,,,26428040409337003712291711372498253506,0 1531,[],"static inline struct task_group *task_group(struct task_struct *p) { struct task_group *tg; #ifdef CONFIG_USER_SCHED tg = p->user->tg; #elif defined(CONFIG_CGROUP_SCHED) tg = container_of(task_subsys_state(p, cpu_cgroup_subsys_id), struct task_group, css); #else tg = &init_task_group; #endif return tg; }",linux-2.6,,,97437130442687286500802433460507574596,0 3245,['CWE-189'],"void jpc_qmfb_split_col(jpc_fix_t *a, int numrows, int stride, int parity) { int bufsize = JPC_CEILDIVPOW2(numrows, 1); jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE]; jpc_fix_t *buf = splitbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; register int n; register int m; int hstartcol; if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { abort(); } } if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; m = (parity) ? hstartcol : (numrows - hstartcol); n = m; dstptr = buf; srcptr = &a[(1 - parity) * stride]; while (n-- > 0) { *dstptr = *srcptr; ++dstptr; srcptr += stride << 1; } dstptr = &a[(1 - parity) * stride]; srcptr = &a[(2 - parity) * stride]; n = numrows - m - (!parity); while (n-- > 0) { *dstptr = *srcptr; dstptr += stride; srcptr += stride << 1; } dstptr = &a[hstartcol * stride]; srcptr = buf; n = m; while (n-- > 0) { *dstptr = *srcptr; dstptr += stride; ++srcptr; } } if (buf != splitbuf) { jas_free(buf); } }",jasper,,,18074869707188823760382568319862491972,0 6642,['CWE-200'],"applet_common_get_device_icon (NMDeviceState state, NMApplet *applet) { GdkPixbuf *pixbuf = NULL; int stage = -1; switch (state) { case NM_DEVICE_STATE_PREPARE: stage = 0; break; case NM_DEVICE_STATE_CONFIG: case NM_DEVICE_STATE_NEED_AUTH: stage = 1; break; case NM_DEVICE_STATE_IP_CONFIG: stage = 2; break; default: break; } if (stage >= 0) { pixbuf = applet->network_connecting_icons[stage][applet->animation_step]; applet->animation_step++; if (applet->animation_step >= NUM_CONNECTING_FRAMES) applet->animation_step = 0; } return pixbuf; }",network-manager-applet,,,285530734129155265374337549418376561246,0 961,['CWE-189'],"shm_access(ClientPtr client, SHMPERM_TYPE *perm, int readonly) { int uid, gid; mode_t mask; int uidset = 0, gidset = 0; LocalClientCredRec *lcc; if (GetLocalClientCreds(client, &lcc) != -1) { if (lcc->fieldsSet & LCC_UID_SET) { uid = lcc->euid; uidset = 1; } if (lcc->fieldsSet & LCC_GID_SET) { gid = lcc->egid; gidset = 1; } #if defined(HAVE_GETZONEID) && defined(SHMPERM_ZONEID) if ( ((lcc->fieldsSet & LCC_ZID_SET) == 0) || (lcc->zoneid == -1) || (lcc->zoneid != SHMPERM_ZONEID(perm))) { uidset = 0; gidset = 0; } #endif FreeLocalClientCreds(lcc); if (uidset) { if (uid == 0) { return 0; } if (SHMPERM_UID(perm) == uid || SHMPERM_CUID(perm) == uid) { mask = S_IRUSR; if (!readonly) { mask |= S_IWUSR; } return (SHMPERM_MODE(perm) & mask) == mask ? 0 : -1; } } if (gidset) { if (SHMPERM_GID(perm) == gid || SHMPERM_CGID(perm) == gid) { mask = S_IRGRP; if (!readonly) { mask |= S_IWGRP; } return (SHMPERM_MODE(perm) & mask) == mask ? 0 : -1; } } } mask = S_IROTH; if (!readonly) { mask |= S_IWOTH; } return (SHMPERM_MODE(perm) & mask) == mask ? 0 : -1; }",xserver,,,313015915400452412592272791991696753407,0 5283,CWE-601,"static int oidc_handle_discovery_response(request_rec *r, oidc_cfg *c) { char *issuer = NULL, *target_link_uri = NULL, *login_hint = NULL, *auth_request_params = NULL, *csrf_cookie, *csrf_query = NULL, *user = NULL, *path_scopes; oidc_provider_t *provider = NULL; oidc_util_get_request_parameter(r, OIDC_DISC_OP_PARAM, &issuer); oidc_util_get_request_parameter(r, OIDC_DISC_USER_PARAM, &user); oidc_util_get_request_parameter(r, OIDC_DISC_RT_PARAM, &target_link_uri); oidc_util_get_request_parameter(r, OIDC_DISC_LH_PARAM, &login_hint); oidc_util_get_request_parameter(r, OIDC_DISC_SC_PARAM, &path_scopes); oidc_util_get_request_parameter(r, OIDC_DISC_AR_PARAM, &auth_request_params); oidc_util_get_request_parameter(r, OIDC_CSRF_NAME, &csrf_query); csrf_cookie = oidc_util_get_cookie(r, OIDC_CSRF_NAME); if (csrf_cookie) { oidc_util_set_cookie(r, OIDC_CSRF_NAME, """", 0, OIDC_COOKIE_EXT_SAME_SITE_NONE(r)); if ((csrf_query == NULL) || apr_strnatcmp(csrf_query, csrf_cookie) != 0) { oidc_warn(r, ""CSRF protection failed, no Discovery and dynamic client registration will be allowed""); csrf_cookie = NULL; } } oidc_debug(r, ""issuer=\""%s\"", target_link_uri=\""%s\"", login_hint=\""%s\"", user=\""%s\"""", issuer, target_link_uri, login_hint, user); if (target_link_uri == NULL) { if (c->default_sso_url == NULL) { return oidc_util_html_send_error(r, c->error_template, ""Invalid Request"", ""SSO to this module without specifying a \""target_link_uri\"" parameter is not possible because "" OIDCDefaultURL "" is not set."", HTTP_INTERNAL_SERVER_ERROR); } target_link_uri = c->default_sso_url; } if (oidc_target_link_uri_matches_configuration(r, c, target_link_uri) == FALSE) { return oidc_util_html_send_error(r, c->error_template, ""Invalid Request"", ""\""target_link_uri\"" parameter does not match configuration settings, aborting to prevent an open redirect."", HTTP_UNAUTHORIZED); } if (c->metadata_dir == NULL) { if ((oidc_provider_static_config(r, c, &provider) == TRUE) && (issuer != NULL)) { if (apr_strnatcmp(provider->issuer, issuer) != 0) { return oidc_util_html_send_error(r, c->error_template, ""Invalid Request"", apr_psprintf(r->pool, ""The \""iss\"" value must match the configured providers' one (%s != %s)."", issuer, c->provider.issuer), HTTP_INTERNAL_SERVER_ERROR); } } return oidc_authenticate_user(r, c, NULL, target_link_uri, login_hint, NULL, NULL, auth_request_params, path_scopes); } if (user != NULL) { if (login_hint == NULL) login_hint = apr_pstrdup(r->pool, user); if (strstr(user, ""https://"") != user) user = apr_psprintf(r->pool, ""https://%s"", user); if (oidc_proto_url_based_discovery(r, c, user, &issuer) == FALSE) { return oidc_util_html_send_error(r, c->error_template, ""Invalid Request"", ""Could not resolve the provided user identifier to an OpenID Connect provider; check your syntax."", HTTP_NOT_FOUND); } } else if (strstr(issuer, OIDC_STR_AT) != NULL) { if (login_hint == NULL) { login_hint = apr_pstrdup(r->pool, issuer); } if (oidc_proto_account_based_discovery(r, c, issuer, &issuer) == FALSE) { return oidc_util_html_send_error(r, c->error_template, ""Invalid Request"", ""Could not resolve the provided account name to an OpenID Connect provider; check your syntax."", HTTP_NOT_FOUND); } } int n = strlen(issuer); if (issuer[n - 1] == OIDC_CHAR_FORWARD_SLASH) issuer[n - 1] = '\0'; if ((oidc_metadata_get(r, c, issuer, &provider, csrf_cookie != NULL) == TRUE) && (provider != NULL)) { return oidc_authenticate_user(r, c, provider, target_link_uri, login_hint, NULL, NULL, auth_request_params, path_scopes); } return oidc_util_html_send_error(r, c->error_template, ""Invalid Request"", ""Could not find valid provider metadata for the selected OpenID Connect provider; contact the administrator"", HTTP_NOT_FOUND); }",visit repo url,src/mod_auth_openidc.c,https://github.com/zmartzone/mod_auth_openidc,26137181172475,1 3644,['CWE-287'],"struct sctp_transport *sctp_assoc_add_peer(struct sctp_association *asoc, const union sctp_addr *addr, const gfp_t gfp, const int peer_state) { struct sctp_transport *peer; struct sctp_sock *sp; unsigned short port; sp = sctp_sk(asoc->base.sk); port = ntohs(addr->v4.sin_port); SCTP_DEBUG_PRINTK_IPADDR(""sctp_assoc_add_peer:association %p addr: "", "" port: %d state:%d\n"", asoc, addr, port, peer_state); if (0 == asoc->peer.port) asoc->peer.port = port; peer = sctp_assoc_lookup_paddr(asoc, addr); if (peer) { if (peer->state == SCTP_UNKNOWN) { peer->state = SCTP_ACTIVE; } return peer; } peer = sctp_transport_new(addr, gfp); if (!peer) return NULL; sctp_transport_set_owner(peer, asoc); peer->hbinterval = asoc->hbinterval; peer->pathmaxrxt = asoc->pathmaxrxt; peer->sackdelay = asoc->sackdelay; peer->sackfreq = asoc->sackfreq; peer->param_flags = asoc->param_flags; if (peer->param_flags & SPP_PMTUD_ENABLE) sctp_transport_pmtu(peer); else if (asoc->pathmtu) peer->pathmtu = asoc->pathmtu; else peer->pathmtu = SCTP_DEFAULT_MAXSEGMENT; if (asoc->pathmtu) asoc->pathmtu = min_t(int, peer->pathmtu, asoc->pathmtu); else asoc->pathmtu = peer->pathmtu; SCTP_DEBUG_PRINTK(""sctp_assoc_add_peer:association %p PMTU set to "" ""%d\n"", asoc, asoc->pathmtu); peer->pmtu_pending = 0; asoc->frag_point = sctp_frag_point(sp, asoc->pathmtu); sctp_packet_init(&peer->packet, peer, asoc->base.bind_addr.port, asoc->peer.port); peer->cwnd = min(4*asoc->pathmtu, max_t(__u32, 2*asoc->pathmtu, 4380)); peer->ssthresh = SCTP_DEFAULT_MAXWINDOW; peer->partial_bytes_acked = 0; peer->flight_size = 0; peer->rto = asoc->rto_initial; peer->state = peer_state; list_add_tail(&peer->transports, &asoc->peer.transport_addr_list); asoc->peer.transport_count++; if (!asoc->peer.primary_path) { sctp_assoc_set_primary(asoc, peer); asoc->peer.retran_path = peer; } if (asoc->peer.active_path == asoc->peer.retran_path) { asoc->peer.retran_path = peer; } return peer; }",linux-2.6,,,96805944847751683638413502629325808406,0 2857,['CWE-119'],"static inline void allow_bits(struct posix_ace_state *astate, u32 mask) { astate->allow |= mask & ~astate->deny; }",linux-2.6,,,156612046160251284619712101207840500181,0 6093,CWE-190,"int cp_cmlhs_ver(const g1_t r, const g2_t s, const g1_t sig[], const g2_t z[], const g1_t a[], const g1_t c[], const bn_t msg, const char *data, const g1_t h, const int label[], const gt_t *hs[], const dig_t *f[], const size_t flen[], const g2_t y[], const g2_t pk[], size_t slen, int bls) { g1_t g1; g2_t g2; gt_t e, u, v; bn_t k, n; int len, dlen = strlen(data), result = 1; uint8_t *buf = RLC_ALLOCA(uint8_t, 1 + 8 * RLC_PC_BYTES + dlen); g1_null(g1); g2_null(g2); gt_null(e); gt_null(u); gt_null(v); bn_null(k); bn_null(n); RLC_TRY { g1_new(g1); g2_new(g2); gt_new(e); gt_new(u); gt_new(v); bn_new(k); bn_new(n); if (buf == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (int i = 0; i < slen; i++) { len = g2_size_bin(z[i], 0); g2_write_bin(buf, len, z[i], 0); memcpy(buf + len, data, dlen); if (bls) { result &= cp_bls_ver(sig[i], buf, len + dlen, pk[i]); } else { fp_prime_back(k, sig[i]->x); fp_prime_back(n, sig[i]->y); fp_copy(g1->x, pk[i]->x[0]); fp_copy(g1->y, pk[i]->y[0]); fp_set_dig(g1->z, 1); result &= cp_ecdsa_ver(k, n, buf, len + dlen, 0, g1); } } pc_get_ord(n); g1_get_gen(g1); g2_get_gen(g2); pc_map_sim(e, a, z, slen); pc_map_sim(u, c, y, slen); pc_map(v, r, g2); gt_mul(u, u, v); for (int i = 0; i < slen; i++) { for (int j = 0; j < flen[i]; j++) { gt_exp_dig(v, hs[i][label[j]], f[i][j]); gt_mul(u, u, v); } } if (gt_cmp(e, u) != RLC_EQ) { result = 0; } pc_map(e, g1, s); g1_set_infty(g1); for (int i = 0; i < slen; i++) { g1_add(g1, g1, c[i]); } g1_norm(g1, g1); pc_map(u, g1, g2); gt_mul(e, e, u); g1_mul(g1, h, msg); pc_map(v, g1, g2); if (gt_cmp(e, v) != RLC_EQ) { result = 0; } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { g1_free(g1); g2_free(g2); gt_free(e); gt_free(u); gt_free(v); bn_free(k); bn_free(n); RLC_FREE(buf); } return result; }",visit repo url,src/cp/relic_cp_cmlhs.c,https://github.com/relic-toolkit/relic,274614470831437,1 3175,CWE-125,"juniper_mfr_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { struct juniper_l2info_t l2info; memset(&l2info, 0, sizeof(l2info)); l2info.pictype = DLT_JUNIPER_MFR; if (juniper_parse_header(ndo, p, h, &l2info) == 0) return l2info.header_len; p+=l2info.header_len; if (l2info.cookie_len == 0) { mfr_print(ndo, p, l2info.length); return l2info.header_len; } if (l2info.cookie_len == AS_PIC_COOKIE_LEN) { switch(l2info.proto) { case JUNIPER_LSQ_L3_PROTO_IPV4: ip_print(ndo, p, l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(ndo, p,l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(ndo, p, l2info.length); return l2info.header_len; case JUNIPER_LSQ_L3_PROTO_ISO: isoclns_print(ndo, p, l2info.length, l2info.caplen); return l2info.header_len; default: break; } return l2info.header_len; } if (ndo->ndo_eflag && EXTRACT_32BITS(l2info.cookie) != 1) ND_PRINT((ndo, ""Bundle-ID %u, "", l2info.bundle)); switch (l2info.proto) { case (LLCSAP_ISONS<<8 | LLCSAP_ISONS): isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1); break; case (LLC_UI<<8 | NLPID_Q933): case (LLC_UI<<8 | NLPID_IP): case (LLC_UI<<8 | NLPID_IP6): isoclns_print(ndo, p - 1, l2info.length + 1, l2info.caplen + 1); break; default: ND_PRINT((ndo, ""unknown protocol 0x%04x, length %u"", l2info.proto, l2info.length)); } return l2info.header_len; }",visit repo url,print-juniper.c,https://github.com/the-tcpdump-group/tcpdump,70768741014902,1 5361,CWE-787,"static char *get_object( FILE *fp, int obj_id, const xref_t *xref, size_t *size, int *is_stream) { static const int blk_sz = 256; int i, total_sz, read_sz, n_blks, search, stream; size_t obj_sz; char *c, *data; long start; const xref_entry_t *entry; if (size) *size = 0; if (is_stream) *is_stream = 0; start = ftell(fp); entry = NULL; for (i=0; in_entries; i++) if (xref->entries[i].obj_id == obj_id) { entry = &xref->entries[i]; break; } if (!entry) return NULL; fseek(fp, entry->offset, SEEK_SET); obj_sz = 0; total_sz = 0; n_blks = 1; data = malloc(blk_sz * n_blks); memset(data, 0, blk_sz * n_blks); stream = 0; while ((read_sz = fread(data+total_sz, 1, blk_sz-1, fp)) && !ferror(fp)) { total_sz += read_sz; *(data + total_sz) = '\0'; if (total_sz + blk_sz >= (blk_sz * n_blks)) data = realloc(data, blk_sz * (++n_blks)); search = total_sz - read_sz; if (search < 0) search = 0; if ((c = strstr(data + search, ""endobj""))) { *(c + strlen(""endobj"") + 1) = '\0'; obj_sz = (void *)strstr(data + search, ""endobj"") - (void *)data; obj_sz += strlen(""endobj"") + 1; break; } else if (strstr(data, ""stream"")) stream = 1; } clearerr(fp); fseek(fp, start, SEEK_SET); if (size) *size = obj_sz; if (is_stream) *is_stream = stream; return data; }",visit repo url,pdf.c,https://github.com/enferex/pdfresurrect,46292176180499,1 4617,CWE-190,"static s32 gf_media_vvc_read_vps_bs_internal(GF_BitStream *bs, VVCState *vvc, Bool stop_at_vps_ext) { u32 i, j; s32 vps_id; VVC_VPS *vps; Bool vps_default_ptl_dpb_hrd_max_tid_flag=0; vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) return -1; if (!vps_id) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] VPS ID 0 is forbidden\n"")); return -1; } vps = &vvc->vps[vps_id]; if (!vps->state) { vps->id = vps_id; vps->state = 1; } vps->max_layers = 1 + gf_bs_read_int_log(bs, 6, ""max_layers""); if (vps->max_layers > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] sorry, %d layers in VPS but only %d supported\n"", vps->max_layers, MAX_LHVC_LAYERS)); return -1; } vps->max_sub_layers = gf_bs_read_int_log(bs, 3, ""max_sub_layers_minus1"") + 1; if ((vps->max_layers>1) && (vps->max_sub_layers>1)) vps_default_ptl_dpb_hrd_max_tid_flag = gf_bs_read_int_log(bs, 1, ""vps_default_ptl_dpb_hrd_max_tid_flag""); if (vps->max_layers>1) vps->all_layers_independent = gf_bs_read_int_log(bs, 1, ""all_layers_independent""); for (i=0; imax_layers; i++) { u32 layer_id = gf_bs_read_int_log_idx(bs, 6, ""layer_id"", i); if (layer_id>vps->max_layer_id) vps->max_layer_id = layer_id; if (i && !vps->all_layers_independent) { Bool layer_indep = gf_bs_read_int_log_idx(bs, 1, ""layer_independent"", i); if (!layer_indep) { Bool vps_max_tid_ref_present_flag = gf_bs_read_int_log_idx(bs, 1, ""vps_max_tid_ref_present_flag"", i); for (j=0; jnum_ptl = 1; if (vps->max_layers > 1) { if (vps->all_layers_independent) { vps->each_layer_is_ols = gf_bs_read_int_log(bs, 1, ""each_layer_is_ols""); } if (!vps->each_layer_is_ols) { u32 vps_ols_mode_idc = 2; if (!vps->all_layers_independent) { vps_ols_mode_idc = gf_bs_read_int_log(bs, 2, ""vps_ols_mode_idc""); } if (vps_ols_mode_idc==2) { u8 vps_num_output_layer_sets = 2 + gf_bs_read_int_log(bs, 8, ""vps_num_output_layer_sets_minus2""); for (i=0; imax_layers; j++) { gf_bs_read_int_log_idx2(bs, 1, ""vps_ols_output_layer_flag"", i, j); } } } } vps->num_ptl = 1 + gf_bs_read_int_log(bs, 8, ""num_ptl_minus1""); } vps->ptl[0].pt_present = 1; for (i=0; inum_ptl; i++) { if (i) vps->ptl[i].pt_present = gf_bs_read_int_log_idx(bs, 1, ""pt_present"", i); if (!vps_default_ptl_dpb_hrd_max_tid_flag) vps->ptl[i].ptl_max_tid = gf_bs_read_int_log_idx(bs, 3, ""ptl_max_tid"", i); else vps->ptl[i].ptl_max_tid = vps->max_sub_layers - 1;; } gf_bs_align(bs); for (i=0; inum_ptl; i++) { vvc_profile_tier_level(bs, &vps->ptl[i], i); } return vps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,95258776262761,1 6224,CWE-190,"void fp24_read_bin(fp24_t a, const uint8_t *bin, int len) { if (len != 16 * RLC_FP_BYTES && len != 24 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } if (len == 16 * RLC_FP_BYTES) { fp4_zero(a[0][0]); fp4_zero(a[0][1]); fp4_read_bin(a[1][0], bin, 4 * RLC_FP_BYTES); fp4_read_bin(a[1][1], bin + 4 * RLC_FP_BYTES, 4 * RLC_FP_BYTES); fp4_read_bin(a[2][0], bin + 8 * RLC_FP_BYTES, 4 * RLC_FP_BYTES); fp4_read_bin(a[2][1], bin + 12 * RLC_FP_BYTES, 4 * RLC_FP_BYTES); fp24_back_cyc(a, a); } if (len == 24 * RLC_FP_BYTES) { fp8_read_bin(a[0], bin, 8 * RLC_FP_BYTES); fp8_read_bin(a[1], bin + 8 * RLC_FP_BYTES, 8 * RLC_FP_BYTES); fp8_read_bin(a[2], bin + 16 * RLC_FP_BYTES, 8 * RLC_FP_BYTES); } }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,170510919333550,1 538,CWE-399,"static int do_tkill(pid_t tgid, pid_t pid, int sig) { struct siginfo info; info.si_signo = sig; info.si_errno = 0; info.si_code = SI_TKILL; info.si_pid = task_tgid_vnr(current); info.si_uid = from_kuid_munged(current_user_ns(), current_uid()); return do_send_specific(tgid, pid, sig, &info); }",visit repo url,kernel/signal.c,https://github.com/torvalds/linux,210665169349152,1 5498,CWE-125,"ast_for_atom(struct compiling *c, const node *n) { node *ch = CHILD(n, 0); switch (TYPE(ch)) { case NAME: { PyObject *name = NEW_IDENTIFIER(ch); if (!name) return NULL; return Name(name, Load, LINENO(n), n->n_col_offset, c->c_arena); } case STRING: { PyObject *kind, *str = parsestrplus(c, n); const char *raw, *s = STR(CHILD(n, 0)); int quote = Py_CHARMASK(*s); char *ch, s_kind[3] = {0, 0, 0}; ch = s_kind; raw = s; while (*raw && *raw != '\'' && *raw != '""') { *ch++ = *raw++; } kind = PyUnicode_FromString(s_kind); if (!kind) { return NULL; } if (!str) { #ifdef Py_USING_UNICODE if (PyErr_ExceptionMatches(PyExc_UnicodeError)){ PyObject *type, *value, *tback, *errstr; PyErr_Fetch(&type, &value, &tback); errstr = PyObject_Str(value); if (errstr) { char *s = """"; char buf[128]; s = _PyUnicode_AsString(errstr); PyOS_snprintf(buf, sizeof(buf), ""(unicode error) %s"", s); ast_error(n, buf); Py_DECREF(errstr); } else { ast_error(n, ""(unicode error) unknown error""); } Py_DECREF(type); Py_DECREF(value); Py_XDECREF(tback); } #endif return NULL; } PyArena_AddPyObject(c->c_arena, str); return Str(str, kind, LINENO(n), n->n_col_offset, c->c_arena); } case NUMBER: { PyObject *pynum = parsenumber(c, STR(ch)); if (!pynum) return NULL; PyArena_AddPyObject(c->c_arena, pynum); return Num(pynum, LINENO(n), n->n_col_offset, c->c_arena); } case LPAR: ch = CHILD(n, 1); if (TYPE(ch) == RPAR) return Tuple(NULL, Load, LINENO(n), n->n_col_offset, c->c_arena); if (TYPE(ch) == yield_expr) return ast_for_expr(c, ch); return ast_for_testlist_comp(c, ch); case LSQB: ch = CHILD(n, 1); if (TYPE(ch) == RSQB) return List(NULL, Load, LINENO(n), n->n_col_offset, c->c_arena); REQ(ch, listmaker); if (NCH(ch) == 1 || TYPE(CHILD(ch, 1)) == COMMA) { asdl_seq *elts = seq_for_testlist(c, ch); if (!elts) return NULL; return List(elts, Load, LINENO(n), n->n_col_offset, c->c_arena); } else return ast_for_listcomp(c, ch); case LBRACE: { int i, size; asdl_seq *keys, *values; ch = CHILD(n, 1); if (TYPE(ch) == RBRACE) { return Dict(NULL, NULL, LINENO(n), n->n_col_offset, c->c_arena); } else if (NCH(ch) == 1 || TYPE(CHILD(ch, 1)) == COMMA) { asdl_seq *elts; size = (NCH(ch) + 1) / 2; elts = asdl_seq_new(size, c->c_arena); if (!elts) return NULL; for (i = 0; i < NCH(ch); i += 2) { expr_ty expression; expression = ast_for_expr(c, CHILD(ch, i)); if (!expression) return NULL; asdl_seq_SET(elts, i / 2, expression); } return Set(elts, LINENO(n), n->n_col_offset, c->c_arena); } else if (TYPE(CHILD(ch, 1)) == comp_for) { return ast_for_setcomp(c, ch); } else if (NCH(ch) > 3 && TYPE(CHILD(ch, 3)) == comp_for) { return ast_for_dictcomp(c, ch); } else { size = (NCH(ch) + 1) / 4; keys = asdl_seq_new(size, c->c_arena); if (!keys) return NULL; values = asdl_seq_new(size, c->c_arena); if (!values) return NULL; for (i = 0; i < NCH(ch); i += 4) { expr_ty expression; expression = ast_for_expr(c, CHILD(ch, i)); if (!expression) return NULL; asdl_seq_SET(keys, i / 4, expression); expression = ast_for_expr(c, CHILD(ch, i + 2)); if (!expression) return NULL; asdl_seq_SET(values, i / 4, expression); } return Dict(keys, values, LINENO(n), n->n_col_offset, c->c_arena); } } case BACKQUOTE: { expr_ty expression; if (Py_Py3kWarningFlag && !ast_warn(c, n, ""backquote not supported in 3.x; use repr()"")) return NULL; expression = ast_for_testlist(c, CHILD(n, 1)); if (!expression) return NULL; return Repr(expression, LINENO(n), n->n_col_offset, c->c_arena); } default: PyErr_Format(PyExc_SystemError, ""unhandled atom %d"", TYPE(ch)); return NULL; } }",visit repo url,ast27/Python/ast.c,https://github.com/python/typed_ast,57823178397411,1 6192,CWE-190,"void fp_exp_basic(fp_t c, const fp_t a, const bn_t b) { int i, l; fp_t r; fp_null(r); if (bn_is_zero(b)) { fp_set_dig(c, 1); return; } RLC_TRY { fp_new(r); l = bn_bits(b); fp_copy(r, a); for (i = l - 2; i >= 0; i--) { fp_sqr(r, r); if (bn_get_bit(b, i)) { fp_mul(r, r, a); } } if (bn_sign(b) == RLC_NEG) { fp_inv(c, r); } else { fp_copy(c, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp_free(r); } }",visit repo url,src/fp/relic_fp_exp.c,https://github.com/relic-toolkit/relic,15435160479814,1 661,[],"void dccp_unhash(struct sock *sk) { inet_unhash(&dccp_hashinfo, sk); }",linux-2.6,,,60856470998320498682943878388555131916,0 3688,[],"int hfs_cat_create(u32 cnid, struct inode *dir, struct qstr *str, struct inode *inode) { struct hfs_find_data fd; struct super_block *sb; union hfs_cat_rec entry; int entry_size; int err; dprint(DBG_CAT_MOD, ""create_cat: %s,%u(%d)\n"", str->name, cnid, inode->i_nlink); if (dir->i_size >= HFS_MAX_VALENCE) return -ENOSPC; sb = dir->i_sb; hfs_find_init(HFS_SB(sb)->cat_tree, &fd); hfs_cat_build_key(sb, fd.search_key, cnid, NULL); entry_size = hfs_cat_build_thread(sb, &entry, S_ISDIR(inode->i_mode) ? HFS_CDR_THD : HFS_CDR_FTH, dir->i_ino, str); err = hfs_brec_find(&fd); if (err != -ENOENT) { if (!err) err = -EEXIST; goto err2; } err = hfs_brec_insert(&fd, &entry, entry_size); if (err) goto err2; hfs_cat_build_key(sb, fd.search_key, dir->i_ino, str); entry_size = hfs_cat_build_record(&entry, cnid, inode); err = hfs_brec_find(&fd); if (err != -ENOENT) { if (!err) err = -EEXIST; goto err1; } err = hfs_brec_insert(&fd, &entry, entry_size); if (err) goto err1; dir->i_size++; dir->i_mtime = dir->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(dir); hfs_find_exit(&fd); return 0; err1: hfs_cat_build_key(sb, fd.search_key, cnid, NULL); if (!hfs_brec_find(&fd)) hfs_brec_remove(&fd); err2: hfs_find_exit(&fd); return err; }",linux-2.6,,,89286348604976461432811526686301229536,0 4345,CWE-358,"static int DefragTrackerReuseTest(void) { int ret = 0; int id = 1; Packet *p1 = NULL; DefragTracker *tracker1 = NULL, *tracker2 = NULL; DefragInit(); p1 = BuildTestPacket(id, 0, 0, 'A', 8); if (p1 == NULL) { goto end; } tracker1 = DefragGetTracker(NULL, NULL, p1); if (tracker1 == NULL) { goto end; } if (tracker1->seen_last) { goto end; } if (tracker1->remove) { goto end; } DefragTrackerRelease(tracker1); tracker2 = DefragGetTracker(NULL, NULL, p1); if (tracker2 == NULL) { goto end; } if (tracker2 != tracker1) { goto end; } DefragTrackerRelease(tracker1); tracker1->remove = 1; tracker2 = DefragGetTracker(NULL, NULL, p1); if (tracker2 == NULL) { goto end; } if (tracker2 == tracker1) { goto end; } if (tracker2->remove) { goto end; } ret = 1; end: if (p1 != NULL) { SCFree(p1); } DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,45780149865724,1 3540,['CWE-20'],"static void sctp_tietags_populate(struct sctp_association *new_asoc, const struct sctp_association *asoc) { switch (asoc->state) { case SCTP_STATE_COOKIE_WAIT: new_asoc->c.my_vtag = asoc->c.my_vtag; new_asoc->c.my_ttag = asoc->c.my_vtag; new_asoc->c.peer_ttag = 0; break; case SCTP_STATE_COOKIE_ECHOED: new_asoc->c.my_vtag = asoc->c.my_vtag; new_asoc->c.my_ttag = asoc->c.my_vtag; new_asoc->c.peer_ttag = asoc->c.peer_vtag; break; default: new_asoc->c.my_ttag = asoc->c.my_vtag; new_asoc->c.peer_ttag = asoc->c.peer_vtag; break; } new_asoc->rwnd = asoc->rwnd; new_asoc->c.sinit_num_ostreams = asoc->c.sinit_num_ostreams; new_asoc->c.sinit_max_instreams = asoc->c.sinit_max_instreams; new_asoc->c.initial_tsn = asoc->c.initial_tsn; }",linux-2.6,,,48795883562969924047995775470628541164,0 3073,['CWE-189'],"int jas_image_copycmpt(jas_image_t *dstimage, int dstcmptno, jas_image_t *srcimage, int srccmptno) { jas_image_cmpt_t *newcmpt; if (dstimage->numcmpts_ >= dstimage->maxcmpts_) { if (jas_image_growcmpts(dstimage, dstimage->maxcmpts_ + 128)) { return -1; } } if (!(newcmpt = jas_image_cmpt_copy(srcimage->cmpts_[srccmptno]))) { return -1; } if (dstcmptno < dstimage->numcmpts_) { memmove(&dstimage->cmpts_[dstcmptno + 1], &dstimage->cmpts_[dstcmptno], (dstimage->numcmpts_ - dstcmptno) * sizeof(jas_image_cmpt_t *)); } dstimage->cmpts_[dstcmptno] = newcmpt; ++dstimage->numcmpts_; jas_image_setbbox(dstimage); return 0; }",jasper,,,58361551103157305852986769556976883103,0 4618,CWE-476,"GF_Err latm_dmx_process(GF_Filter *filter) { GF_LATMDmxCtx *ctx = gf_filter_get_udta(filter); GF_FilterPacket *pck, *dst_pck; u32 pos; u8 *data, *output; u32 pck_size, prev_pck_size; u64 cts = GF_FILTER_NO_TS; if (ctx->in_error) return ctx->in_error; if (!ctx->duration.num) latm_dmx_check_dur(filter, ctx); if (ctx->opid && !ctx->is_playing) return GF_OK; pck = gf_filter_pid_get_packet(ctx->ipid); if (!pck) { if (gf_filter_pid_is_eos(ctx->ipid)) { if (!ctx->latm_buffer_size) { if (ctx->opid) gf_filter_pid_set_eos(ctx->opid); if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = NULL; return GF_EOS; } } else { return GF_OK; } } data = (char *) gf_filter_pck_get_data(pck, &pck_size); if (ctx->timescale && pck) { cts = gf_filter_pck_get_cts(pck); } prev_pck_size = ctx->latm_buffer_size; if (pck && !ctx->resume_from) { if (ctx->latm_buffer_size + pck_size > ctx->latm_buffer_alloc) { ctx->latm_buffer_alloc = ctx->latm_buffer_size + pck_size; ctx->latm_buffer = gf_realloc(ctx->latm_buffer, ctx->latm_buffer_alloc); } memcpy(ctx->latm_buffer + ctx->latm_buffer_size, data, pck_size); ctx->latm_buffer_size += pck_size; } if (!ctx->bs) ctx->bs = gf_bs_new(ctx->latm_buffer, ctx->latm_buffer_size, GF_BITSTREAM_READ); else gf_bs_reassign_buffer(ctx->bs, ctx->latm_buffer, ctx->latm_buffer_size); if (ctx->resume_from) { gf_bs_seek(ctx->bs, ctx->resume_from-1); ctx->resume_from = 0; } if (cts == GF_FILTER_NO_TS) prev_pck_size = 0; while (1) { pos = (u32) gf_bs_get_position(ctx->bs); u8 latm_buffer[4096]; u32 latm_frame_size = 4096; if (!latm_dmx_sync_frame_bs(ctx->bs,&ctx->acfg, &latm_frame_size, latm_buffer, NULL)) break; if (ctx->in_seek) { u64 nb_samples_at_seek = (u64) (ctx->start_range * GF_M4ASampleRates[ctx->sr_idx]); if (ctx->cts + ctx->dts_inc >= nb_samples_at_seek) { ctx->in_seek = GF_FALSE; } } latm_dmx_check_pid(filter, ctx); if (!ctx->is_playing) { ctx->resume_from = pos+1; return GF_OK; } if (!ctx->in_seek) { GF_FilterSAPType sap = GF_FILTER_SAP_1; dst_pck = gf_filter_pck_new_alloc(ctx->opid, latm_frame_size, &output); if (ctx->src_pck) gf_filter_pck_merge_properties(ctx->src_pck, dst_pck); memcpy(output, latm_buffer, latm_frame_size); gf_filter_pck_set_cts(dst_pck, ctx->cts); gf_filter_pck_set_duration(dst_pck, ctx->dts_inc); gf_filter_pck_set_framing(dst_pck, GF_TRUE, GF_TRUE); if (ctx->acfg.base_object_type==GF_CODECID_USAC) { if (latm_frame_size && (output[0] & 0x80) && !ctx->prev_sap) { sap = GF_FILTER_SAP_1; ctx->prev_sap = GF_TRUE; } else { sap = GF_FILTER_SAP_NONE; ctx->prev_sap = GF_FALSE; } } gf_filter_pck_set_sap(dst_pck, sap); gf_filter_pck_send(dst_pck); } latm_dmx_update_cts(ctx); if (prev_pck_size) { pos = (u32) gf_bs_get_position(ctx->bs); if (prev_pck_size<=pos) { prev_pck_size=0; if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = pck; if (pck) gf_filter_pck_ref_props(&ctx->src_pck); } } } if (pck) { pos = (u32) gf_bs_get_position(ctx->bs); assert(ctx->latm_buffer_size >= pos); memmove(ctx->latm_buffer, ctx->latm_buffer+pos, ctx->latm_buffer_size - pos); ctx->latm_buffer_size -= pos; gf_filter_pid_drop_packet(ctx->ipid); assert(!ctx->resume_from); } else { ctx->latm_buffer_size = 0; return latm_dmx_process(filter); } return GF_OK; }",visit repo url,src/filters/reframe_latm.c,https://github.com/gpac/gpac,21742398102865,1 3110,['CWE-189'],"int jpc_pi_init(jpc_pi_t *pi) { int compno; int rlvlno; int prcno; jpc_picomp_t *picomp; jpc_pirlvl_t *pirlvl; int *prclyrno; pi->prgvolfirst = 0; pi->valid = 0; pi->pktno = -1; pi->pchgno = -1; pi->pchg = 0; for (compno = 0, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++picomp) { for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl) { for (prcno = 0, prclyrno = pirlvl->prclyrnos; prcno < pirlvl->numprcs; ++prcno, ++prclyrno) { *prclyrno = 0; } } } return 0; }",jasper,,,302068079928716421626937603552101607866,0 3666,CWE-119,"static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * p_code_block) { OPJ_UINT32 l_data_size; l_data_size = (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); if (l_data_size > p_code_block->data_size) { if (p_code_block->data) { opj_free(p_code_block->data - 1); } p_code_block->data = (OPJ_BYTE*) opj_malloc(l_data_size + 1); if (! p_code_block->data) { p_code_block->data_size = 0U; return OPJ_FALSE; } p_code_block->data_size = l_data_size; p_code_block->data[0] = 0; p_code_block->data += 1; } return OPJ_TRUE; }",visit repo url,src/lib/openjp2/tcd.c,https://github.com/uclouvain/openjpeg,203116112060583,1 2509,CWE-20,"int serverCron(struct aeEventLoop *eventLoop, long long id, void *clientData) { int j, loops = server.cronloops++; REDIS_NOTUSED(eventLoop); REDIS_NOTUSED(id); REDIS_NOTUSED(clientData); server.unixtime = time(NULL); updateLRUClock(); if (server.shutdown_asap) { if (prepareForShutdown() == REDIS_OK) exit(0); redisLog(REDIS_WARNING,""SIGTERM received but errors trying to shut down the server, check the logs for more information""); } for (j = 0; j < server.dbnum; j++) { long long size, used, vkeys; size = dictSlots(server.db[j].dict); used = dictSize(server.db[j].dict); vkeys = dictSize(server.db[j].expires); if (!(loops % 50) && (used || vkeys)) { redisLog(REDIS_VERBOSE,""DB %d: %lld keys (%lld volatile) in %lld slots HT."",j,used,vkeys,size); } } if (server.bgsavechildpid == -1 && server.bgrewritechildpid == -1) { if (!(loops % 10)) tryResizeHashTables(); if (server.activerehashing) incrementallyRehash(); } if (!(loops % 50)) { redisLog(REDIS_VERBOSE,""%d clients connected (%d slaves), %zu bytes in use"", listLength(server.clients)-listLength(server.slaves), listLength(server.slaves), zmalloc_used_memory()); } if ((server.maxidletime && !(loops % 100)) || server.bpop_blocked_clients) closeTimedoutClients(); if (server.bgsavechildpid != -1 || server.bgrewritechildpid != -1) { int statloc; pid_t pid; if ((pid = wait3(&statloc,WNOHANG,NULL)) != 0) { if (pid == server.bgsavechildpid) { backgroundSaveDoneHandler(statloc); } else { backgroundRewriteDoneHandler(statloc); } updateDictResizePolicy(); } } else { time_t now = time(NULL); for (j = 0; j < server.saveparamslen; j++) { struct saveparam *sp = server.saveparams+j; if (server.dirty >= sp->changes && now-server.lastsave > sp->seconds) { redisLog(REDIS_NOTICE,""%d changes in %d seconds. Saving..."", sp->changes, sp->seconds); rdbSaveBackground(server.dbfilename); break; } } } if (server.masterhost == NULL) activeExpireCycle(); if (vmCanSwapOut()) { while (server.vm_enabled && zmalloc_used_memory() > server.vm_max_memory) { int retval = (server.vm_max_threads == 0) ? vmSwapOneObjectBlocking() : vmSwapOneObjectThreaded(); if (retval == REDIS_ERR && !(loops % 300) && zmalloc_used_memory() > (server.vm_max_memory+server.vm_max_memory/10)) { redisLog(REDIS_WARNING,""WARNING: vm-max-memory limit exceeded by more than 10%% but unable to swap more objects out!""); } if (retval == REDIS_ERR || server.vm_max_threads > 0) break; } } if (!(loops % 10)) replicationCron(); return 100; }",visit repo url,src/redis.c,https://github.com/antirez/redis,36672624807568,1 3023,['CWE-189'],"char *jas_strdup(const char *s) { int n; char *p; n = strlen(s) + 1; if (!(p = jas_malloc(n))) { return 0; } strcpy(p, s); return p; }",jasper,,,117103425316447949786449314314204175603,0 3731,CWE-125,"static int read_new_config_info (WavpackContext *wpc, WavpackMetadata *wpmd) { int bytecnt = wpmd->byte_length; unsigned char *byteptr = wpmd->data; wpc->version_five = 1; wpc->file_format = wpc->config.qmode = wpc->channel_layout = 0; if (wpc->channel_reordering) { free (wpc->channel_reordering); wpc->channel_reordering = NULL; } if (bytecnt) { wpc->file_format = *byteptr++; wpc->config.qmode = (wpc->config.qmode & ~0xff) | *byteptr++; bytecnt -= 2; if (bytecnt) { int nchans, i; wpc->channel_layout = (int32_t) *byteptr++ << 16; bytecnt--; if (bytecnt) { wpc->channel_layout += nchans = *byteptr++; bytecnt--; if (bytecnt) { if (bytecnt > nchans) return FALSE; wpc->channel_reordering = malloc (nchans); if (wpc->channel_reordering) { for (i = 0; i < nchans; ++i) if (bytecnt) { wpc->channel_reordering [i] = *byteptr++; bytecnt--; } else wpc->channel_reordering [i] = i; } } } else wpc->channel_layout += wpc->config.num_channels; } } return TRUE; }",visit repo url,src/open_utils.c,https://github.com/dbry/WavPack,215536530621628,1 2836,CWE-125,"static INLINE BOOL update_read_brush(wStream* s, rdpBrush* brush, BYTE fieldFlags) { if (fieldFlags & ORDER_FIELD_01) { if (Stream_GetRemainingLength(s) < 1) return FALSE; Stream_Read_UINT8(s, brush->x); } if (fieldFlags & ORDER_FIELD_02) { if (Stream_GetRemainingLength(s) < 1) return FALSE; Stream_Read_UINT8(s, brush->y); } if (fieldFlags & ORDER_FIELD_03) { if (Stream_GetRemainingLength(s) < 1) return FALSE; Stream_Read_UINT8(s, brush->style); } if (fieldFlags & ORDER_FIELD_04) { if (Stream_GetRemainingLength(s) < 1) return FALSE; Stream_Read_UINT8(s, brush->hatch); } if (brush->style & CACHED_BRUSH) { brush->index = brush->hatch; brush->bpp = BMF_BPP[brush->style & 0x07]; if (brush->bpp == 0) brush->bpp = 1; } if (fieldFlags & ORDER_FIELD_05) { if (Stream_GetRemainingLength(s) < 7) return FALSE; brush->data = (BYTE*)brush->p8x8; Stream_Read_UINT8(s, brush->data[7]); Stream_Read_UINT8(s, brush->data[6]); Stream_Read_UINT8(s, brush->data[5]); Stream_Read_UINT8(s, brush->data[4]); Stream_Read_UINT8(s, brush->data[3]); Stream_Read_UINT8(s, brush->data[2]); Stream_Read_UINT8(s, brush->data[1]); brush->data[0] = brush->hatch; } return TRUE; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,252140136412884,1 4096,['CWE-399'],"static struct bsg_command *bsg_next_done_cmd(struct bsg_device *bd) { struct bsg_command *bc = NULL; spin_lock_irq(&bd->lock); if (bd->done_cmds) { bc = list_first_entry(&bd->done_list, struct bsg_command, list); list_del(&bc->list); bd->done_cmds--; } spin_unlock_irq(&bd->lock); return bc; }",linux-2.6,,,125694469421892155558505367012222554894,0 3920,['CWE-399'],"static int tda9874a_initialize(struct CHIPSTATE *chip) { if (tda9874a_SIF > 2) tda9874a_SIF = 1; if (tda9874a_STD >= ARRAY_SIZE(tda9874a_modelist)) tda9874a_STD = 0; if(tda9874a_AMSEL > 1) tda9874a_AMSEL = 0; if(tda9874a_SIF == 1) tda9874a_GCONR = 0xc0; else tda9874a_GCONR = 0xc1; tda9874a_ESP = tda9874a_STD; tda9874a_mode = (tda9874a_STD < 5) ? 0 : 1; if(tda9874a_AMSEL == 0) tda9874a_NCONR = 0x01; else tda9874a_NCONR = 0x05; tda9874a_setup(chip); return 0; }",linux-2.6,,,88240492081725955911919555886073071081,0 4968,['CWE-20'],"static int nfs_sillyrename(struct inode *dir, struct dentry *dentry) { static unsigned int sillycounter; const int i_inosize = sizeof(dir->i_ino)*2; const int countersize = sizeof(sillycounter)*2; const int slen = sizeof("".nfs"") + i_inosize + countersize - 1; char silly[slen+1]; struct qstr qsilly; struct dentry *sdentry; int error = -EIO; dfprintk(VFS, ""NFS: silly-rename(%s/%s, ct=%d)\n"", dentry->d_parent->d_name.name, dentry->d_name.name, atomic_read(&dentry->d_count)); nfs_inc_stats(dir, NFSIOS_SILLYRENAME); error = -EBUSY; if (dentry->d_flags & DCACHE_NFSFS_RENAMED) goto out; sprintf(silly, "".nfs%*.*lx"", i_inosize, i_inosize, dentry->d_inode->i_ino); nfs_inode_return_delegation(dentry->d_inode); sdentry = NULL; do { char *suffix = silly + slen - countersize; dput(sdentry); sillycounter++; sprintf(suffix, ""%*.*x"", countersize, countersize, sillycounter); dfprintk(VFS, ""NFS: trying to rename %s to %s\n"", dentry->d_name.name, silly); sdentry = lookup_one_len(silly, dentry->d_parent, slen); if (IS_ERR(sdentry)) goto out; } while(sdentry->d_inode != NULL); qsilly.name = silly; qsilly.len = strlen(silly); nfs_begin_data_update(dir); if (dentry->d_inode) { nfs_begin_data_update(dentry->d_inode); error = NFS_PROTO(dir)->rename(dir, &dentry->d_name, dir, &qsilly); nfs_mark_for_revalidate(dentry->d_inode); nfs_end_data_update(dentry->d_inode); } else error = NFS_PROTO(dir)->rename(dir, &dentry->d_name, dir, &qsilly); nfs_end_data_update(dir); if (!error) { nfs_renew_times(dentry); nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); d_move(dentry, sdentry); error = nfs_async_unlink(dir, dentry); } dput(sdentry); out: return error; }",linux-2.6,,,202846766186567803505300287043413220617,0 1797,[],"unsigned long long task_sched_runtime(struct task_struct *p) { unsigned long flags; u64 ns, delta_exec; struct rq *rq; rq = task_rq_lock(p, &flags); ns = p->se.sum_exec_runtime; if (task_current(rq, p)) { update_rq_clock(rq); delta_exec = rq->clock - p->se.exec_start; if ((s64)delta_exec > 0) ns += delta_exec; } task_rq_unlock(rq, &flags); return ns; }",linux-2.6,,,102079490374407230533772306704993845094,0 6565,['CWE-200'],"nma_gconf_connection_save (NMAGConfConnection *self) { NMAGConfConnectionPrivate *priv; NMConnection *connection; g_return_if_fail (NMA_IS_GCONF_CONNECTION (self)); priv = NMA_GCONF_CONNECTION_GET_PRIVATE (self); connection = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (self)); nm_gconf_write_connection (connection, priv->client, priv->dir); gconf_client_notify (priv->client, priv->dir); gconf_client_suggest_sync (priv->client, NULL); }",network-manager-applet,,,309877489875062495752254169988516272816,0 5312,NVD-CWE-noinfo,"int fit_check_format(const void *fit, ulong size) { int ret; ret = fdt_check_header(fit); if (ret) { log_debug(""Wrong FIT format: not a flattened device tree (err=%d)\n"", ret); return -ENOEXEC; } if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) { if (size == IMAGE_SIZE_INVAL) size = fdt_totalsize(fit); ret = fdt_check_full(fit, size); if (ret) { log_debug(""FIT check error %d\n"", ret); return -EINVAL; } } if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) { log_debug(""Wrong FIT format: no description\n""); return -ENOMSG; } if (IMAGE_ENABLE_TIMESTAMP) { if (!fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL)) { log_debug(""Wrong FIT format: no timestamp\n""); return -ENODATA; } } if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) { log_debug(""Wrong FIT format: no images parent node\n""); return -ENOENT; } return 0; }",visit repo url,common/image-fit.c,https://github.com/u-boot/u-boot,108758618471475,1 393,CWE-476,"static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm) { struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm); struct skcipher_alg *alg = crypto_skcipher_alg(skcipher); if (tfm->__crt_alg->cra_type == &crypto_blkcipher_type) return crypto_init_skcipher_ops_blkcipher(tfm); if (tfm->__crt_alg->cra_type == &crypto_ablkcipher_type || tfm->__crt_alg->cra_type == &crypto_givcipher_type) return crypto_init_skcipher_ops_ablkcipher(tfm); skcipher->setkey = alg->setkey; skcipher->encrypt = alg->encrypt; skcipher->decrypt = alg->decrypt; skcipher->ivsize = alg->ivsize; skcipher->keysize = alg->max_keysize; if (alg->exit) skcipher->base.exit = crypto_skcipher_exit_tfm; if (alg->init) return alg->init(skcipher); return 0; }",visit repo url,crypto/skcipher.c,https://github.com/torvalds/linux,68791437975258,1 2730,[],"static int sctp_getsockopt_primary_addr(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_prim prim; struct sctp_association *asoc; struct sctp_sock *sp = sctp_sk(sk); if (len < sizeof(struct sctp_prim)) return -EINVAL; len = sizeof(struct sctp_prim); if (copy_from_user(&prim, optval, len)) return -EFAULT; asoc = sctp_id2assoc(sk, prim.ssp_assoc_id); if (!asoc) return -EINVAL; if (!asoc->peer.primary_path) return -ENOTCONN; memcpy(&prim.ssp_addr, &asoc->peer.primary_path->ipaddr, asoc->peer.primary_path->af_specific->sockaddr_len); sctp_get_pf_specific(sk->sk_family)->addr_v4map(sp, (union sctp_addr *)&prim.ssp_addr); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &prim, len)) return -EFAULT; return 0; }",linux-2.6,,,255568572754062158288113901327876880685,0 4733,['CWE-20'],"static int ext4_blkdev_put(struct block_device *bdev) { bd_release(bdev); return blkdev_put(bdev, FMODE_READ|FMODE_WRITE); }",linux-2.6,,,189506822892686955830410296173861351700,0 4126,['CWE-399'],"static int sg_get_reserved_size(struct request_queue *q, int __user *p) { unsigned val = min(q->sg_reserved_size, q->max_sectors << 9); return put_user(val, p); }",linux-2.6,,,318418797413191461219922669701928451967,0 2138,CWE-787,"int snmp_helper(void *context, size_t hdrlen, unsigned char tag, const void *data, size_t datalen) { struct snmp_ctx *ctx = (struct snmp_ctx *)context; __be32 *pdata = (__be32 *)data; if (*pdata == ctx->from) { pr_debug(""%s: %pI4 to %pI4\n"", __func__, (void *)&ctx->from, (void *)&ctx->to); if (*ctx->check) fast_csum(ctx, (unsigned char *)data - ctx->begin); *pdata = ctx->to; } return 1; }",visit repo url,net/ipv4/netfilter/nf_nat_snmp_basic_main.c,https://github.com/torvalds/linux,209116524844014,1 2284,['CWE-120'],"static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) { struct inode *target; int error; error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); if (error) return error; dget(new_dentry); target = new_dentry->d_inode; if (target) mutex_lock(&target->i_mutex); if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry)) error = -EBUSY; else error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); if (!error) { if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) d_move(old_dentry, new_dentry); } if (target) mutex_unlock(&target->i_mutex); dput(new_dentry); return error; }",linux-2.6,,,87115093552249244113007891626834422179,0 4889,CWE-787,"static MagickPixelPacket **AcquirePixelThreadSet(const Image *image) { MagickPixelPacket **pixels; register ssize_t i, j; size_t number_threads; number_threads=(size_t) GetMagickResourceLimit(ThreadResource); pixels=(MagickPixelPacket **) AcquireQuantumMemory(number_threads, sizeof(*pixels)); if (pixels == (MagickPixelPacket **) NULL) return((MagickPixelPacket **) NULL); (void) memset(pixels,0,number_threads*sizeof(*pixels)); for (i=0; i < (ssize_t) number_threads; i++) { pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(image->columns, sizeof(**pixels)); if (pixels[i] == (MagickPixelPacket *) NULL) return(DestroyPixelThreadSet(pixels)); for (j=0; j < (ssize_t) image->columns; j++) GetMagickPixelPacket(image,&pixels[i][j]); } return(pixels); }",visit repo url,magick/statistic.c,https://github.com/ImageMagick/ImageMagick6,47701947455383,1 3611,CWE-264,"struct tcp_sock_t *tcp_open(uint16_t port) { struct tcp_sock_t *this = calloc(1, sizeof *this); if (this == NULL) { ERR(""callocing this failed""); goto error; } this->sd = -1; this->sd = socket(AF_INET6, SOCK_STREAM, 0); if (this->sd < 0) { ERR(""sockect open failed""); goto error; } struct sockaddr_in6 addr; memset(&addr, 0, sizeof addr); addr.sin6_family = AF_INET6; addr.sin6_port = htons(port); addr.sin6_addr = in6addr_any; if (bind(this->sd, (struct sockaddr *)&addr, sizeof addr) < 0) { if (g_options.only_desired_port == 1) ERR(""Bind on port failed. "" ""Requested port may be taken or require root permissions.""); goto error; } if (listen(this->sd, HTTP_MAX_PENDING_CONNS) < 0) { ERR(""listen failed on socket""); goto error; } return this; error: if (this != NULL) { if (this->sd != -1) { close(this->sd); } free(this); } return NULL; }",visit repo url,src/tcp.c,https://github.com/tillkamppeter/ippusbxd,146856358757454,1 5479,CWE-120,"static void ptirq_free_irte(const struct ptirq_remapping_info *entry) { struct intr_source intr_src; if (entry->irte_idx < CONFIG_MAX_IR_ENTRIES) { if (entry->intr_type == PTDEV_INTR_MSI) { intr_src.is_msi = true; intr_src.src.msi.value = entry->phys_sid.msi_id.bdf; } else { intr_src.is_msi = false; intr_src.src.ioapic_id = ioapic_irq_to_ioapic_id(entry->allocated_pirq); } dmar_free_irte(&intr_src, entry->irte_idx); } }",visit repo url,hypervisor/arch/x86/guest/assign.c,https://github.com/projectacrn/acrn-hypervisor,197365623785751,1 1803,NVD-CWE-Other,"static int propagate_one(struct mount *m) { struct mount *child; int type; if (IS_MNT_NEW(m)) return 0; if (!is_subdir(mp->m_dentry, m->mnt.mnt_root)) return 0; if (peers(m, last_dest)) { type = CL_MAKE_SHARED; } else { struct mount *n, *p; for (n = m; ; n = p) { p = n->mnt_master; if (p == dest_master || IS_MNT_MARKED(p)) { while (last_dest->mnt_master != p) { last_source = last_source->mnt_master; last_dest = last_source->mnt_parent; } if (!peers(n, last_dest)) { last_source = last_source->mnt_master; last_dest = last_source->mnt_parent; } break; } } type = CL_SLAVE; if (IS_MNT_SHARED(m)) type |= CL_MAKE_SHARED; } if (m->mnt_ns->user_ns != user_ns) type |= CL_UNPRIVILEGED; child = copy_tree(last_source, last_source->mnt.mnt_root, type); if (IS_ERR(child)) return PTR_ERR(child); child->mnt.mnt_flags &= ~MNT_LOCKED; mnt_set_mountpoint(m, mp, child); last_dest = m; last_source = child; if (m->mnt_master != dest_master) { read_seqlock_excl(&mount_lock); SET_MNT_MARK(m->mnt_master); read_sequnlock_excl(&mount_lock); } hlist_add_head(&child->mnt_hash, list); return 0; }",visit repo url,fs/pnode.c,https://github.com/torvalds/linux,89930034611916,1 5516,CWE-125,"fp_readl(char *s, int size, struct tok_state *tok) { PyObject* bufobj; const char *buf; Py_ssize_t buflen; assert(size > 0); size--; if (tok->decoding_buffer) { bufobj = tok->decoding_buffer; Py_INCREF(bufobj); } else { bufobj = PyObject_CallObject(tok->decoding_readline, NULL); if (bufobj == NULL) goto error; } if (PyUnicode_CheckExact(bufobj)) { buf = PyUnicode_AsUTF8AndSize(bufobj, &buflen); if (buf == NULL) { goto error; } } else { buf = PyByteArray_AsString(bufobj); if (buf == NULL) { goto error; } buflen = PyByteArray_GET_SIZE(bufobj); } Py_XDECREF(tok->decoding_buffer); if (buflen > size) { tok->decoding_buffer = PyByteArray_FromStringAndSize(buf+size, buflen-size); if (tok->decoding_buffer == NULL) goto error; buflen = size; } else tok->decoding_buffer = NULL; memcpy(s, buf, buflen); s[buflen] = '\0'; if (buflen == 0) s = NULL; Py_DECREF(bufobj); return s; error: Py_XDECREF(bufobj); return error_ret(tok); }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,48160380069365,1 1899,CWE-787,"static int qfq_change_class(struct Qdisc *sch, u32 classid, u32 parentid, struct nlattr **tca, unsigned long *arg, struct netlink_ext_ack *extack) { struct qfq_sched *q = qdisc_priv(sch); struct qfq_class *cl = (struct qfq_class *)*arg; bool existing = false; struct nlattr *tb[TCA_QFQ_MAX + 1]; struct qfq_aggregate *new_agg = NULL; u32 weight, lmax, inv_w; int err; int delta_w; if (tca[TCA_OPTIONS] == NULL) { pr_notice(""qfq: no options\n""); return -EINVAL; } err = nla_parse_nested_deprecated(tb, TCA_QFQ_MAX, tca[TCA_OPTIONS], qfq_policy, NULL); if (err < 0) return err; if (tb[TCA_QFQ_WEIGHT]) { weight = nla_get_u32(tb[TCA_QFQ_WEIGHT]); if (!weight || weight > (1UL << QFQ_MAX_WSHIFT)) { pr_notice(""qfq: invalid weight %u\n"", weight); return -EINVAL; } } else weight = 1; if (tb[TCA_QFQ_LMAX]) { lmax = nla_get_u32(tb[TCA_QFQ_LMAX]); if (lmax < QFQ_MIN_LMAX || lmax > (1UL << QFQ_MTU_SHIFT)) { pr_notice(""qfq: invalid max length %u\n"", lmax); return -EINVAL; } } else lmax = psched_mtu(qdisc_dev(sch)); inv_w = ONE_FP / weight; weight = ONE_FP / inv_w; if (cl != NULL && lmax == cl->agg->lmax && weight == cl->agg->class_weight) return 0; delta_w = weight - (cl ? cl->agg->class_weight : 0); if (q->wsum + delta_w > QFQ_MAX_WSUM) { pr_notice(""qfq: total weight out of range (%d + %u)\n"", delta_w, q->wsum); return -EINVAL; } if (cl != NULL) { if (tca[TCA_RATE]) { err = gen_replace_estimator(&cl->bstats, NULL, &cl->rate_est, NULL, true, tca[TCA_RATE]); if (err) return err; } existing = true; goto set_change_agg; } cl = kzalloc(sizeof(struct qfq_class), GFP_KERNEL); if (cl == NULL) return -ENOBUFS; gnet_stats_basic_sync_init(&cl->bstats); cl->common.classid = classid; cl->deficit = lmax; cl->qdisc = qdisc_create_dflt(sch->dev_queue, &pfifo_qdisc_ops, classid, NULL); if (cl->qdisc == NULL) cl->qdisc = &noop_qdisc; if (tca[TCA_RATE]) { err = gen_new_estimator(&cl->bstats, NULL, &cl->rate_est, NULL, true, tca[TCA_RATE]); if (err) goto destroy_class; } if (cl->qdisc != &noop_qdisc) qdisc_hash_add(cl->qdisc, true); set_change_agg: sch_tree_lock(sch); new_agg = qfq_find_agg(q, lmax, weight); if (new_agg == NULL) { sch_tree_unlock(sch); new_agg = kzalloc(sizeof(*new_agg), GFP_KERNEL); if (new_agg == NULL) { err = -ENOBUFS; gen_kill_estimator(&cl->rate_est); goto destroy_class; } sch_tree_lock(sch); qfq_init_agg(q, new_agg, lmax, weight); } if (existing) qfq_deact_rm_from_agg(q, cl); else qdisc_class_hash_insert(&q->clhash, &cl->common); qfq_add_to_agg(q, new_agg, cl); sch_tree_unlock(sch); qdisc_class_hash_grow(sch, &q->clhash); *arg = (unsigned long)cl; return 0; destroy_class: qdisc_put(cl->qdisc); kfree(cl); return err; }",visit repo url,net/sched/sch_qfq.c,https://github.com/torvalds/linux,197566335633621,1 1012,CWE-399,"static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, struct ceph_authorizer *a, size_t len) { struct ceph_x_authorizer *au = (void *)a; struct ceph_x_ticket_handler *th; int ret = 0; struct ceph_x_authorize_reply reply; void *p = au->reply_buf; void *end = p + sizeof(au->reply_buf); th = get_ticket_handler(ac, au->service); if (IS_ERR(th)) return PTR_ERR(th); ret = ceph_x_decrypt(&th->session_key, &p, end, &reply, sizeof(reply)); if (ret < 0) return ret; if (ret != sizeof(reply)) return -EPERM; if (au->nonce + 1 != le64_to_cpu(reply.nonce_plus_one)) ret = -EPERM; else ret = 0; dout(""verify_authorizer_reply nonce %llx got %llx ret %d\n"", au->nonce, le64_to_cpu(reply.nonce_plus_one), ret); return ret; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,130043564286570,1 1219,['CWE-20'],"CairoFontEngine::~CairoFontEngine() { int i; for (i = 0; i < cairoFontCacheSize; ++i) { if (fontCache[i]) delete fontCache[i]; } }",poppler,,,69177185188446151576884435501217242541,0 4743,['CWE-20'],"static void ext4_unlockfs(struct super_block *sb) { if (EXT4_SB(sb)->s_journal && !(sb->s_flags & MS_RDONLY)) { lock_super(sb); EXT4_SET_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER); ext4_commit_super(sb, EXT4_SB(sb)->s_es, 1); unlock_super(sb); jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); } }",linux-2.6,,,264469608624461268810260991879576320479,0 6264,['CWE-200'],"static void neigh_stat_seq_stop(struct seq_file *seq, void *v) { }",linux-2.6,,,181369110450752992394743278116806980960,0 1079,CWE-20,"int rose_parse_facilities(unsigned char *p, struct rose_facilities_struct *facilities) { int facilities_len, len; facilities_len = *p++; if (facilities_len == 0) return 0; while (facilities_len > 0) { if (*p == 0x00) { facilities_len--; p++; switch (*p) { case FAC_NATIONAL: len = rose_parse_national(p + 1, facilities, facilities_len - 1); if (len < 0) return 0; facilities_len -= len + 1; p += len + 1; break; case FAC_CCITT: len = rose_parse_ccitt(p + 1, facilities, facilities_len - 1); if (len < 0) return 0; facilities_len -= len + 1; p += len + 1; break; default: printk(KERN_DEBUG ""ROSE: rose_parse_facilities - unknown facilities family %02X\n"", *p); facilities_len--; p++; break; } } else break; } return 1; }",visit repo url,net/rose/rose_subr.c,https://github.com/torvalds/linux,69802172007111,1 3175,['CWE-189'],"void jpc_ns_fwdlift_colgrp(jpc_fix_t *a, int numrows, int stride, int parity) { jpc_fix_t *lptr; jpc_fix_t *hptr; register jpc_fix_t *lptr2; register jpc_fix_t *hptr2; register int n; register int i; int llen; llen = (numrows + 1 - parity) >> 1; if (numrows > 1) { lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(ALPHA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(BETA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(GAMMA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(DELTA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } } #if defined(WT_DOSCALE) lptr = &a[0]; n = llen; while (n-- > 0) { lptr2 = lptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] = jpc_fix_mul(lptr2[0], jpc_dbltofix(LGAIN)); ++lptr2; } lptr += stride; } hptr = &a[llen * stride]; n = numrows - llen; while (n-- > 0) { hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { hptr2[0] = jpc_fix_mul(hptr2[0], jpc_dbltofix(HGAIN)); ++hptr2; } hptr += stride; } #endif } else { #if defined(WT_LENONE) if (parity) { lptr2 = &a[0]; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] <<= 1; ++lptr2; } } #endif } }",jasper,,,333797960666708724280587167292652708939,0 5190,['CWE-20'],"static void skip_emulated_instruction(struct kvm_vcpu *vcpu) { unsigned long rip; u32 interruptibility; rip = kvm_rip_read(vcpu); rip += vmcs_read32(VM_EXIT_INSTRUCTION_LEN); kvm_rip_write(vcpu, rip); interruptibility = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO); if (interruptibility & 3) vmcs_write32(GUEST_INTERRUPTIBILITY_INFO, interruptibility & ~3); vcpu->arch.interrupt_window_open = 1; }",linux-2.6,,,325640529831471452044015526355874464467,0 6292,['CWE-200'],"static int rtnetlink_dump_all(struct sk_buff *skb, struct netlink_callback *cb) { int idx; int s_idx = cb->family; if (s_idx == 0) s_idx = 1; for (idx=1; idxnlh->nlmsg_type-RTM_BASE; if (idx < s_idx || idx == PF_PACKET) continue; if (rtnetlink_links[idx] == NULL || rtnetlink_links[idx][type].dumpit == NULL) continue; if (idx > s_idx) memset(&cb->args[0], 0, sizeof(cb->args)); if (rtnetlink_links[idx][type].dumpit(skb, cb)) break; } cb->family = idx; return skb->len; }",linux-2.6,,,132736636846539312827669086674397513719,0 1518,[],"static ctl_table *sd_alloc_ctl_cpu_table(int cpu) { struct ctl_table *entry, *table; struct sched_domain *sd; int domain_num = 0, i; char buf[32]; for_each_domain(cpu, sd) domain_num++; entry = table = sd_alloc_ctl_entry(domain_num + 1); if (table == NULL) return NULL; i = 0; for_each_domain(cpu, sd) { snprintf(buf, 32, ""domain%d"", i); entry->procname = kstrdup(buf, GFP_KERNEL); entry->mode = 0555; entry->child = sd_alloc_ctl_domain_table(sd); entry++; i++; } return table; }",linux-2.6,,,274757235662383030295492340326708156406,0 5025,[],"void setup_domain_child(struct winbindd_domain *domain, struct winbindd_child *child, const char *explicit_logfile) { if (explicit_logfile != NULL) { pstr_sprintf(child->logfilename, ""%s/log.winbindd-%s"", dyn_LOGFILEBASE, explicit_logfile); } else if (domain != NULL) { pstr_sprintf(child->logfilename, ""%s/log.wb-%s"", dyn_LOGFILEBASE, domain->name); } else { smb_panic(""Internal error: domain == NULL && "" ""explicit_logfile == NULL""); } child->domain = domain; }",samba,,,297956551526820223264879193787013038073,0 2405,['CWE-119'],"const char *diff_get_color(int diff_use_color, enum color_diff ix) { if (diff_use_color) return diff_colors[ix]; return """"; }",git,,,135339440677114093060659419787008193994,0 2856,['CWE-119'],"nfs4_acl_write_who(int who, char *p) { int i; for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { if (s2t_map[i].type == who) { memcpy(p, s2t_map[i].string, s2t_map[i].stringlen); return s2t_map[i].stringlen; } } BUG(); return -1; }",linux-2.6,,,317926123493760805549869642281787438738,0 3426,CWE-119,"static void process_blob(struct rev_info *revs, struct blob *blob, show_object_fn show, struct strbuf *path, const char *name, void *cb_data) { struct object *obj = &blob->object; if (!revs->blob_objects) return; if (!obj) die(""bad blob object""); if (obj->flags & (UNINTERESTING | SEEN)) return; obj->flags |= SEEN; show(obj, path, name, cb_data); }",visit repo url,list-objects.c,https://github.com/git/git,221094371885859,1 2783,['CWE-264'],"timeout_change_level( struct net_device *dev ) { struct net_local *nl = (struct net_local *) dev->priv; nl->cur_rxl_index = timeout_rxl_tab[ nl->timeout_rxl ]; if( ++nl->timeout_rxl >= 4 ) nl->timeout_rxl = 0; nl->csr1.rxl = rxl_tab[ nl->cur_rxl_index ]; inb( dev->base_addr + CSR0 ); outb( *(unsigned char *)&nl->csr1, dev->base_addr + CSR1 ); nl->prev_rxl_rcvd = nl->cur_rxl_rcvd; nl->cur_rxl_rcvd = 0; }",linux-2.6,,,316125062259097537013259556330102438098,0 9,['CWE-264'],"static int do_callback(struct pdo_sqlite_fci *fc, zval *cb, int argc, sqlite3_value **argv, sqlite3_context *context, int is_agg TSRMLS_DC) { zval ***zargs = NULL; zval *retval = NULL; int i; int ret; int fake_argc; zval **agg_context = NULL; if (is_agg) { is_agg = 2; } fake_argc = argc + is_agg; fc->fci.size = sizeof(fc->fci); fc->fci.function_table = EG(function_table); fc->fci.function_name = cb; fc->fci.symbol_table = NULL; fc->fci.object_ptr = NULL; fc->fci.retval_ptr_ptr = &retval; fc->fci.param_count = fake_argc; if (fake_argc) { zargs = (zval ***)safe_emalloc(fake_argc, sizeof(zval **), 0); } if (is_agg) { agg_context = (zval**)sqlite3_aggregate_context(context, sizeof(zval*)); if (!*agg_context) { MAKE_STD_ZVAL(*agg_context); ZVAL_NULL(*agg_context); } zargs[0] = agg_context; zargs[1] = emalloc(sizeof(zval*)); MAKE_STD_ZVAL(*zargs[1]); ZVAL_LONG(*zargs[1], sqlite3_aggregate_count(context)); } for (i = 0; i < argc; i++) { zargs[i + is_agg] = emalloc(sizeof(zval *)); MAKE_STD_ZVAL(*zargs[i + is_agg]); switch (sqlite3_value_type(argv[i])) { case SQLITE_INTEGER: ZVAL_LONG(*zargs[i + is_agg], sqlite3_value_int(argv[i])); break; case SQLITE_FLOAT: ZVAL_DOUBLE(*zargs[i + is_agg], sqlite3_value_double(argv[i])); break; case SQLITE_NULL: ZVAL_NULL(*zargs[i + is_agg]); break; case SQLITE_BLOB: case SQLITE3_TEXT: default: ZVAL_STRINGL(*zargs[i + is_agg], (char*)sqlite3_value_text(argv[i]), sqlite3_value_bytes(argv[i]), 1); break; } } fc->fci.params = zargs; if ((ret = zend_call_function(&fc->fci, &fc->fcc TSRMLS_CC)) == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""An error occurred while invoking the callback""); } if (zargs) { for (i = is_agg; i < fake_argc; i++) { zval_ptr_dtor(zargs[i]); efree(zargs[i]); } if (is_agg) { zval_ptr_dtor(zargs[1]); efree(zargs[1]); } efree(zargs); } if (!is_agg || !argv) { if (retval) { switch (Z_TYPE_P(retval)) { case IS_LONG: sqlite3_result_int(context, Z_LVAL_P(retval)); break; case IS_NULL: sqlite3_result_null(context); break; case IS_DOUBLE: sqlite3_result_double(context, Z_DVAL_P(retval)); break; default: convert_to_string_ex(&retval); sqlite3_result_text(context, Z_STRVAL_P(retval), Z_STRLEN_P(retval), SQLITE_TRANSIENT); break; } } else { sqlite3_result_error(context, ""failed to invoke callback"", 0); } if (agg_context) { zval_ptr_dtor(agg_context); } } else { if (agg_context) { zval_ptr_dtor(agg_context); } if (retval) { *agg_context = retval; retval = NULL; } else { *agg_context = NULL; } } if (retval) { zval_ptr_dtor(&retval); } return ret; }",php-src,,,311244999653882903011530052187221311446,0 4443,['CWE-264'],"static __net_init int proto_init_net(struct net *net) { if (!proc_net_fops_create(net, ""protocols"", S_IRUGO, &proto_seq_fops)) return -ENOMEM; return 0; }",linux-2.6,,,248491690075571411993519322876732124595,0 3229,CWE-125,"arp_print(netdissect_options *ndo, const u_char *bp, u_int length, u_int caplen) { const struct arp_pkthdr *ap; u_short pro, hrd, op, linkaddr; ap = (const struct arp_pkthdr *)bp; ND_TCHECK(*ap); hrd = HRD(ap); pro = PRO(ap); op = OP(ap); switch(hrd) { case ARPHRD_ATM2225: atmarp_print(ndo, bp, length, caplen); return; case ARPHRD_FRELAY: linkaddr = LINKADDR_FRELAY; break; default: linkaddr = LINKADDR_ETHER; break; } if (!ND_TTEST2(*ar_tpa(ap), PROTO_LEN(ap))) { ND_PRINT((ndo, ""%s"", tstr)); ND_DEFAULTPRINT((const u_char *)ap, length); return; } if (!ndo->ndo_eflag) { ND_PRINT((ndo, ""ARP, "")); } if ((pro != ETHERTYPE_IP && pro != ETHERTYPE_TRAIL) || PROTO_LEN(ap) != 4 || HRD_LEN(ap) == 0 || ndo->ndo_vflag) { ND_PRINT((ndo, ""%s (len %u), %s (len %u)"", tok2str(arphrd_values, ""Unknown Hardware (%u)"", hrd), HRD_LEN(ap), tok2str(ethertype_values, ""Unknown Protocol (0x%04x)"", pro), PROTO_LEN(ap))); if (!ndo->ndo_vflag) { goto out; } } ND_PRINT((ndo, ""%s%s "", ndo->ndo_vflag ? "", "" : """", tok2str(arpop_values, ""Unknown (%u)"", op))); switch (op) { case ARPOP_REQUEST: ND_PRINT((ndo, ""who-has %s"", ipaddr_string(ndo, TPA(ap)))); if (isnonzero((const u_char *)THA(ap), HRD_LEN(ap))) ND_PRINT((ndo, "" (%s)"", linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)))); ND_PRINT((ndo, "" tell %s"", ipaddr_string(ndo, SPA(ap)))); break; case ARPOP_REPLY: ND_PRINT((ndo, ""%s is-at %s"", ipaddr_string(ndo, SPA(ap)), linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap)))); break; case ARPOP_REVREQUEST: ND_PRINT((ndo, ""who-is %s tell %s"", linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)), linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap)))); break; case ARPOP_REVREPLY: ND_PRINT((ndo, ""%s at %s"", linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)), ipaddr_string(ndo, TPA(ap)))); break; case ARPOP_INVREQUEST: ND_PRINT((ndo, ""who-is %s tell %s"", linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)), linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap)))); break; case ARPOP_INVREPLY: ND_PRINT((ndo,""%s at %s"", linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap)), ipaddr_string(ndo, SPA(ap)))); break; default: ND_DEFAULTPRINT((const u_char *)ap, caplen); return; } out: ND_PRINT((ndo, "", length %u"", length)); return; trunc: ND_PRINT((ndo, ""%s"", tstr)); }",visit repo url,print-arp.c,https://github.com/the-tcpdump-group/tcpdump,242913046098486,1 5639,['CWE-476'],"static int udp4_seq_show(struct seq_file *seq, void *v) { if (v == SEQ_START_TOKEN) seq_printf(seq, ""%-127s\n"", "" sl local_address rem_address st tx_queue "" ""rx_queue tr tm->when retrnsmt uid timeout "" ""inode""); else { char tmpbuf[129]; struct udp_iter_state *state = seq->private; udp4_format_sock(v, tmpbuf, state->bucket); seq_printf(seq, ""%-127s\n"", tmpbuf); } return 0; }",linux-2.6,,,145390546576164255882470938160199534305,0 2802,['CWE-264'],"sbni_probe1( struct net_device *dev, unsigned long ioaddr, int irq ) { struct net_local *nl; if( sbni_card_probe( ioaddr ) ) { release_region( ioaddr, SBNI_IO_EXTENT ); return NULL; } outb( 0, ioaddr + CSR0 ); if( irq < 2 ) { unsigned long irq_mask; irq_mask = probe_irq_on(); outb( EN_INT | TR_REQ, ioaddr + CSR0 ); outb( PR_RES, ioaddr + CSR1 ); mdelay(50); irq = probe_irq_off(irq_mask); outb( 0, ioaddr + CSR0 ); if( !irq ) { printk( KERN_ERR ""%s: can't detect device irq!\n"", dev->name ); release_region( ioaddr, SBNI_IO_EXTENT ); return NULL; } } else if( irq == 2 ) irq = 9; dev->irq = irq; dev->base_addr = ioaddr; nl = dev->priv; if( !nl ) { printk( KERN_ERR ""%s: unable to get memory!\n"", dev->name ); release_region( ioaddr, SBNI_IO_EXTENT ); return NULL; } dev->priv = nl; memset( nl, 0, sizeof(struct net_local) ); spin_lock_init( &nl->lock ); *(__be16 *)dev->dev_addr = htons( 0x00ff ); *(__be32 *)(dev->dev_addr + 2) = htonl( 0x01000000 | ( (mac[num] ? mac[num] : (u32)((long)dev->priv)) & 0x00ffffff) ); nl->maxframe = DEFAULT_FRAME_LEN; nl->csr1.rate = baud[ num ]; if( (nl->cur_rxl_index = rxl[ num ]) == -1 ) nl->cur_rxl_index = DEF_RXL, nl->delta_rxl = DEF_RXL_DELTA; else nl->delta_rxl = 0; nl->csr1.rxl = rxl_tab[ nl->cur_rxl_index ]; if( inb( ioaddr + CSR0 ) & 0x01 ) nl->state |= FL_SLOW_MODE; printk( KERN_NOTICE ""%s: ioaddr %#lx, irq %d, "" ""MAC: 00:ff:01:%02x:%02x:%02x\n"", dev->name, dev->base_addr, dev->irq, ((u8 *) dev->dev_addr) [3], ((u8 *) dev->dev_addr) [4], ((u8 *) dev->dev_addr) [5] ); printk( KERN_NOTICE ""%s: speed %d, receive level "", dev->name, ( (nl->state & FL_SLOW_MODE) ? 500000 : 2000000) / (1 << nl->csr1.rate) ); if( nl->delta_rxl == 0 ) printk( ""0x%x (fixed)\n"", nl->cur_rxl_index ); else printk( ""(auto)\n""); #ifdef CONFIG_SBNI_MULTILINE nl->master = dev; nl->link = NULL; #endif sbni_cards[ num++ ] = dev; return dev; }",linux-2.6,,,180723875653621306053548094776535964230,0 5434,['CWE-476'],"static int load_guest_segment_descriptor(struct kvm_vcpu *vcpu, u16 selector, struct desc_struct *seg_desc) { gpa_t gpa; struct descriptor_table dtable; u16 index = selector >> 3; get_segment_descriptor_dtable(vcpu, selector, &dtable); if (dtable.limit < index * 8 + 7) { kvm_queue_exception_e(vcpu, GP_VECTOR, selector & 0xfffc); return 1; } gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, dtable.base); gpa += index * 8; return kvm_read_guest(vcpu->kvm, gpa, seg_desc, 8); }",linux-2.6,,,208111480584320672748080520373558955916,0 970,CWE-362,"static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kcontrol, int op_flag, unsigned int size, unsigned int __user *tlv) { struct user_element *ue = kcontrol->private_data; int change = 0; void *new_data; if (op_flag > 0) { if (size > 1024 * 128) return -EINVAL; new_data = memdup_user(tlv, size); if (IS_ERR(new_data)) return PTR_ERR(new_data); change = ue->tlv_data_size != size; if (!change) change = memcmp(ue->tlv_data, new_data, size); kfree(ue->tlv_data); ue->tlv_data = new_data; ue->tlv_data_size = size; } else { if (! ue->tlv_data_size || ! ue->tlv_data) return -ENXIO; if (size < ue->tlv_data_size) return -ENOSPC; if (copy_to_user(tlv, ue->tlv_data, ue->tlv_data_size)) return -EFAULT; } return change; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,41123364280605,1 1805,[],"static int build_sched_domains(const cpumask_t *cpu_map) { return __build_sched_domains(cpu_map, NULL); }",linux-2.6,,,271725184174427772621021788526942490839,0 2641,[],"static int sctp_setsockopt_autoclose(struct sock *sk, char __user *optval, int optlen) { struct sctp_sock *sp = sctp_sk(sk); if (sctp_style(sk, TCP)) return -EOPNOTSUPP; if (optlen != sizeof(int)) return -EINVAL; if (copy_from_user(&sp->autoclose, optval, optlen)) return -EFAULT; return 0; }",linux-2.6,,,146642297532820466295586036370605663975,0 6475,CWE-362,"static void _sched_arq_timeout(gnrc_sixlowpan_frag_fb_t *fbuf, uint32_t offset) { if (IS_ACTIVE(CONFIG_GNRC_SIXLOWPAN_SFR_MOCK_ARQ_TIMER)) { return; } if (fbuf->sfr.arq_timeout_event.msg.content.ptr != NULL) { DEBUG(""6lo sfr: ARQ timeout for datagram %u already scheduled\n"", (uint8_t)fbuf->tag); return; } DEBUG(""6lo sfr: arming ACK timeout in %lums for datagram %u\n"", (long unsigned)offset, fbuf->tag); fbuf->sfr.arq_timeout_event.event.offset = offset; fbuf->sfr.arq_timeout_event.msg.content.ptr = fbuf; fbuf->sfr.arq_timeout_event.msg.type = GNRC_SIXLOWPAN_FRAG_SFR_ARQ_TIMEOUT_MSG; evtimer_add_msg(&_arq_timer, &fbuf->sfr.arq_timeout_event, _getpid()); }",visit repo url,sys/net/gnrc/network_layer/sixlowpan/frag/sfr/gnrc_sixlowpan_frag_sfr.c,https://github.com/RIOT-OS/RIOT,233801315880403,1 6448,[],"has_library_ext (const char *filename) { char * ext = 0; assert (filename); ext = strrchr (filename, '.'); if (ext && ((streq (ext, archive_ext)) #if defined(LT_MODULE_EXT) || (streq (ext, shlib_ext)) #endif )) { return 1; } return 0; }",libtool,,,169652204629694437493338062791225914436,0 2686,CWE-190,"SPL_METHOD(DirectoryIterator, isDot) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } RETURN_BOOL(spl_filesystem_is_dot(intern->u.dir.entry.d_name)); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,216365756680896,1 2481,['CWE-119'],"void diff_debug_queue(const char *msg, struct diff_queue_struct *q) { int i; if (msg) fprintf(stderr, ""%s\n"", msg); fprintf(stderr, ""q->nr = %d\n"", q->nr); for (i = 0; i < q->nr; i++) { struct diff_filepair *p = q->queue[i]; diff_debug_filepair(p, i); } }",git,,,238945759367792683139154481183934928685,0 5564,CWE-125,"ast_type_init(PyObject *self, PyObject *args, PyObject *kw) { _Py_IDENTIFIER(_fields); Py_ssize_t i, numfields = 0; int res = -1; PyObject *key, *value, *fields; fields = _PyObject_GetAttrId((PyObject*)Py_TYPE(self), &PyId__fields); if (!fields) PyErr_Clear(); if (fields) { numfields = PySequence_Size(fields); if (numfields == -1) goto cleanup; } res = 0; if (PyTuple_GET_SIZE(args) > 0) { if (numfields != PyTuple_GET_SIZE(args)) { PyErr_Format(PyExc_TypeError, ""%.400s constructor takes %s"" ""%zd positional argument%s"", Py_TYPE(self)->tp_name, numfields == 0 ? """" : ""either 0 or "", numfields, numfields == 1 ? """" : ""s""); res = -1; goto cleanup; } for (i = 0; i < PyTuple_GET_SIZE(args); i++) { PyObject *name = PySequence_GetItem(fields, i); if (!name) { res = -1; goto cleanup; } res = PyObject_SetAttr(self, name, PyTuple_GET_ITEM(args, i)); Py_DECREF(name); if (res < 0) goto cleanup; } } if (kw) { i = 0; while (PyDict_Next(kw, &i, &key, &value)) { res = PyObject_SetAttr(self, key, value); if (res < 0) goto cleanup; } } cleanup: Py_XDECREF(fields); return res; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,22458263738205,1 1560,CWE-362,"static void bt_tags_for_each(struct blk_mq_tags *tags, struct blk_mq_bitmap_tags *bt, unsigned int off, busy_tag_iter_fn *fn, void *data, bool reserved) { struct request *rq; int bit, i; if (!tags->rqs) return; for (i = 0; i < bt->map_nr; i++) { struct blk_align_bitmap *bm = &bt->map[i]; for (bit = find_first_bit(&bm->word, bm->depth); bit < bm->depth; bit = find_next_bit(&bm->word, bm->depth, bit + 1)) { rq = blk_mq_tag_to_rq(tags, off + bit); fn(rq, data, reserved); } off += (1 << bt->bits_per_word); } }",visit repo url,block/blk-mq-tag.c,https://github.com/torvalds/linux,244808224400453,1 1924,['CWE-20'],"static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, unsigned long addr, unsigned long end, pte_fn_t fn, void *data) { pmd_t *pmd; unsigned long next; int err; pmd = pmd_alloc(mm, pud, addr); if (!pmd) return -ENOMEM; do { next = pmd_addr_end(addr, end); err = apply_to_pte_range(mm, pmd, addr, next, fn, data); if (err) break; } while (pmd++, addr = next, addr != end); return err; }",linux-2.6,,,30233810544329215345820781101976079186,0 3626,['CWE-287'],"static void sctp_assoc_free_asconf_acks(struct sctp_association *asoc) { struct sctp_chunk *ack; struct sctp_chunk *tmp; list_for_each_entry_safe(ack, tmp, &asoc->asconf_ack_list, transmitted_list) { list_del_init(&ack->transmitted_list); sctp_chunk_free(ack); } }",linux-2.6,,,273096744480168022454749651607346945552,0 314,[],"static int do_ncp_setprivatedata(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ncp_privatedata_ioctl_32 n32; struct ncp_privatedata_ioctl_32 __user *p32 = compat_ptr(arg); struct ncp_privatedata_ioctl __user *p = compat_alloc_user_space(sizeof(*p)); if (copy_from_user(&n32, p32, sizeof(n32)) || put_user(n32.len, &p->len) || put_user(compat_ptr(n32.data), &p->data)) return -EFAULT; return sys_ioctl(fd, NCP_IOC_SETPRIVATEDATA, (unsigned long)p); }",linux-2.6,,,68308690284070407818074839107512871191,0 647,CWE-200,"int udpv6_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct inet_sock *inet = inet_sk(sk); struct sk_buff *skb; unsigned int ulen, copied; int peeked, off = 0; int err; int is_udplite = IS_UDPLITE(sk); int is_udp4; bool slow; if (addr_len) *addr_len = sizeof(struct sockaddr_in6); if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len); if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len); try_again: skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), &peeked, &off, &err); if (!skb) goto out; ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) copied = ulen; else if (copied < ulen) msg->msg_flags |= MSG_TRUNC; is_udp4 = (skb->protocol == htons(ETH_P_IP)); if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { if (udp_lib_checksum_complete(skb)) goto csum_copy_err; } if (skb_csum_unnecessary(skb)) err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov, copied); else { err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (unlikely(err)) { trace_kfree_skb(skb, udpv6_recvmsg); if (!peeked) { atomic_inc(&sk->sk_drops); if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } goto out_free; } if (!peeked) { if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); } sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) { struct sockaddr_in6 *sin6; sin6 = (struct sockaddr_in6 *) msg->msg_name; sin6->sin6_family = AF_INET6; sin6->sin6_port = udp_hdr(skb)->source; sin6->sin6_flowinfo = 0; if (is_udp4) { ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &sin6->sin6_addr); sin6->sin6_scope_id = 0; } else { sin6->sin6_addr = ipv6_hdr(skb)->saddr; sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); } } if (is_udp4) { if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); } else { if (np->rxopt.all) ip6_datagram_recv_ctl(sk, msg, skb); } err = copied; if (flags & MSG_TRUNC) err = ulen; out_free: skb_free_datagram_locked(sk, skb); out: return err; csum_copy_err: slow = lock_sock_fast(sk); if (!skb_kill_datagram(sk, skb, flags)) { if (is_udp4) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } else { UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } } unlock_sock_fast(sk, slow); if (noblock) return -EAGAIN; msg->msg_flags &= ~MSG_TRUNC; goto try_again; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,261709041298464,1 6403,CWE-20,"uint16_t enc624j600ReadPhyReg(NetInterface *interface, uint8_t address) { enc624j600WriteReg(interface, ENC624J600_REG_MIREGADR, MIREGADR_R8 | address); enc624j600WriteReg(interface, ENC624J600_REG_MICMD, MICMD_MIIRD); usleep(100); while((enc624j600ReadReg(interface, ENC624J600_REG_MISTAT) & MISTAT_BUSY) != 0) { } enc624j600WriteReg(interface, ENC624J600_REG_MICMD, 0x00); return enc624j600ReadReg(interface, ENC624J600_REG_MIRD); }",visit repo url,drivers/eth/enc624j600_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,212031817888083,1 424,[],"pfm_notify_user(pfm_context_t *ctx, pfm_msg_t *msg) { if (ctx->ctx_state == PFM_CTX_ZOMBIE) { DPRINT((""ignoring overflow notification, owner is zombie\n"")); return 0; } DPRINT((""waking up somebody\n"")); if (msg) wake_up_interruptible(&ctx->ctx_msgq_wait); kill_fasync (&ctx->ctx_async_queue, SIGIO, POLL_IN); return 0; }",linux-2.6,,,114716851493547189209753820875132897189,0 3827,CWE-122,"cmdline_erase_chars( int c, int indent #ifdef FEAT_SEARCH_EXTRA , incsearch_state_T *isp #endif ) { int i; int j; if (c == K_KDEL) c = K_DEL; if (c == K_DEL && ccline.cmdpos != ccline.cmdlen) ++ccline.cmdpos; if (has_mbyte && c == K_DEL) ccline.cmdpos += mb_off_next(ccline.cmdbuff, ccline.cmdbuff + ccline.cmdpos); if (ccline.cmdpos > 0) { char_u *p; j = ccline.cmdpos; p = ccline.cmdbuff + j; if (has_mbyte) { p = mb_prevptr(ccline.cmdbuff, p); if (c == Ctrl_W) { while (p > ccline.cmdbuff && vim_isspace(*p)) p = mb_prevptr(ccline.cmdbuff, p); i = mb_get_class(p); while (p > ccline.cmdbuff && mb_get_class(p) == i) p = mb_prevptr(ccline.cmdbuff, p); if (mb_get_class(p) != i) p += (*mb_ptr2len)(p); } } else if (c == Ctrl_W) { while (p > ccline.cmdbuff && vim_isspace(p[-1])) --p; i = vim_iswordc(p[-1]); while (p > ccline.cmdbuff && !vim_isspace(p[-1]) && vim_iswordc(p[-1]) == i) --p; } else --p; ccline.cmdpos = (int)(p - ccline.cmdbuff); ccline.cmdlen -= j - ccline.cmdpos; i = ccline.cmdpos; while (i < ccline.cmdlen) ccline.cmdbuff[i++] = ccline.cmdbuff[j++]; ccline.cmdbuff[ccline.cmdlen] = NUL; #ifdef FEAT_SEARCH_EXTRA if (ccline.cmdlen == 0) { isp->search_start = isp->save_cursor; isp->old_viewstate = isp->init_viewstate; } #endif redrawcmd(); } else if (ccline.cmdlen == 0 && c != Ctrl_W && ccline.cmdprompt == NULL && indent == 0) { if (exmode_active #ifdef FEAT_EVAL || ccline.cmdfirstc == '>' #endif ) return CMDLINE_NOT_CHANGED; VIM_CLEAR(ccline.cmdbuff); if (!cmd_silent) { #ifdef FEAT_RIGHTLEFT if (cmdmsg_rl) msg_col = Columns; else #endif msg_col = 0; msg_putchar(' '); } #ifdef FEAT_SEARCH_EXTRA if (ccline.cmdlen == 0) isp->search_start = isp->save_cursor; #endif redraw_cmdline = TRUE; return GOTO_NORMAL_MODE; } return CMDLINE_CHANGED; }",visit repo url,src/ex_getln.c,https://github.com/vim/vim,277061422286506,1 3224,CWE-125,"mobility_print(netdissect_options *ndo, const u_char *bp, const u_char *bp2 _U_) { const struct ip6_mobility *mh; const u_char *ep; unsigned mhlen, hlen; uint8_t type; mh = (const struct ip6_mobility *)bp; ep = ndo->ndo_snapend; if (!ND_TTEST(mh->ip6m_len)) { mhlen = ep - bp; goto trunc; } mhlen = (mh->ip6m_len + 1) << 3; ND_TCHECK(mh->ip6m_type); type = mh->ip6m_type; if (type <= IP6M_MAX && mhlen < ip6m_hdrlen[type]) { ND_PRINT((ndo, ""(header length %u is too small for type %u)"", mhlen, type)); goto trunc; } ND_PRINT((ndo, ""mobility: %s"", tok2str(ip6m_str, ""type-#%u"", type))); switch (type) { case IP6M_BINDING_REQUEST: hlen = IP6M_MINLEN; break; case IP6M_HOME_TEST_INIT: case IP6M_CAREOF_TEST_INIT: hlen = IP6M_MINLEN; if (ndo->ndo_vflag) { ND_TCHECK2(*mh, hlen + 8); ND_PRINT((ndo, "" %s Init Cookie=%08x:%08x"", type == IP6M_HOME_TEST_INIT ? ""Home"" : ""Care-of"", EXTRACT_32BITS(&bp[hlen]), EXTRACT_32BITS(&bp[hlen + 4]))); } hlen += 8; break; case IP6M_HOME_TEST: case IP6M_CAREOF_TEST: ND_TCHECK(mh->ip6m_data16[0]); ND_PRINT((ndo, "" nonce id=0x%x"", EXTRACT_16BITS(&mh->ip6m_data16[0]))); hlen = IP6M_MINLEN; if (ndo->ndo_vflag) { ND_TCHECK2(*mh, hlen + 8); ND_PRINT((ndo, "" %s Init Cookie=%08x:%08x"", type == IP6M_HOME_TEST ? ""Home"" : ""Care-of"", EXTRACT_32BITS(&bp[hlen]), EXTRACT_32BITS(&bp[hlen + 4]))); } hlen += 8; if (ndo->ndo_vflag) { ND_TCHECK2(*mh, hlen + 8); ND_PRINT((ndo, "" %s Keygen Token=%08x:%08x"", type == IP6M_HOME_TEST ? ""Home"" : ""Care-of"", EXTRACT_32BITS(&bp[hlen]), EXTRACT_32BITS(&bp[hlen + 4]))); } hlen += 8; break; case IP6M_BINDING_UPDATE: ND_TCHECK(mh->ip6m_data16[0]); ND_PRINT((ndo, "" seq#=%u"", EXTRACT_16BITS(&mh->ip6m_data16[0]))); hlen = IP6M_MINLEN; ND_TCHECK2(*mh, hlen + 1); if (bp[hlen] & 0xf0) ND_PRINT((ndo, "" "")); if (bp[hlen] & 0x80) ND_PRINT((ndo, ""A"")); if (bp[hlen] & 0x40) ND_PRINT((ndo, ""H"")); if (bp[hlen] & 0x20) ND_PRINT((ndo, ""L"")); if (bp[hlen] & 0x10) ND_PRINT((ndo, ""K"")); hlen += 1; hlen += 1; ND_TCHECK2(*mh, hlen + 2); ND_PRINT((ndo, "" lifetime=%u"", EXTRACT_16BITS(&bp[hlen]) << 2)); hlen += 2; break; case IP6M_BINDING_ACK: ND_TCHECK(mh->ip6m_data8[0]); ND_PRINT((ndo, "" status=%u"", mh->ip6m_data8[0])); if (mh->ip6m_data8[1] & 0x80) ND_PRINT((ndo, "" K"")); hlen = IP6M_MINLEN; ND_TCHECK2(*mh, hlen + 2); ND_PRINT((ndo, "" seq#=%u"", EXTRACT_16BITS(&bp[hlen]))); hlen += 2; ND_TCHECK2(*mh, hlen + 2); ND_PRINT((ndo, "" lifetime=%u"", EXTRACT_16BITS(&bp[hlen]) << 2)); hlen += 2; break; case IP6M_BINDING_ERROR: ND_TCHECK(mh->ip6m_data8[0]); ND_PRINT((ndo, "" status=%u"", mh->ip6m_data8[0])); hlen = IP6M_MINLEN; ND_TCHECK2(*mh, hlen + 16); ND_PRINT((ndo, "" homeaddr %s"", ip6addr_string(ndo, &bp[hlen]))); hlen += 16; break; default: ND_PRINT((ndo, "" len=%u"", mh->ip6m_len)); return(mhlen); break; } if (ndo->ndo_vflag) if (mobility_opt_print(ndo, &bp[hlen], mhlen - hlen)) goto trunc; return(mhlen); trunc: ND_PRINT((ndo, ""%s"", tstr)); return(-1); }",visit repo url,print-mobility.c,https://github.com/the-tcpdump-group/tcpdump,55623178436954,1 5161,['CWE-20'],"static void vmx_queue_exception(struct kvm_vcpu *vcpu, unsigned nr, bool has_error_code, u32 error_code) { struct vcpu_vmx *vmx = to_vmx(vcpu); u32 intr_info = nr | INTR_INFO_VALID_MASK; if (has_error_code) { vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code); intr_info |= INTR_INFO_DELIVER_CODE_MASK; } if (vcpu->arch.rmode.active) { vmx->rmode.irq.pending = true; vmx->rmode.irq.vector = nr; vmx->rmode.irq.rip = kvm_rip_read(vcpu); if (nr == BP_VECTOR || nr == OF_VECTOR) vmx->rmode.irq.rip++; intr_info |= INTR_TYPE_SOFT_INTR; vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr_info); vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, 1); kvm_rip_write(vcpu, vmx->rmode.irq.rip - 1); return; } if (nr == BP_VECTOR || nr == OF_VECTOR) { vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, 1); intr_info |= INTR_TYPE_SOFT_EXCEPTION; } else intr_info |= INTR_TYPE_HARD_EXCEPTION; vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, intr_info); }",linux-2.6,,,194507345523284350639790748217261300109,0 777,CWE-20,"static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct iucv_sock *iucv = iucv_sk(sk); unsigned int copied, rlen; struct sk_buff *skb, *rskb, *cskb; int err = 0; u32 offset; msg->msg_namelen = 0; if ((sk->sk_state == IUCV_DISCONN) && skb_queue_empty(&iucv->backlog_skb_q) && skb_queue_empty(&sk->sk_receive_queue) && list_empty(&iucv->message_q.list)) return 0; if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } offset = IUCV_SKB_CB(skb)->offset; rlen = skb->len - offset; copied = min_t(unsigned int, rlen, len); if (!rlen) sk->sk_shutdown = sk->sk_shutdown | RCV_SHUTDOWN; cskb = skb; if (skb_copy_datagram_iovec(cskb, offset, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } if (sk->sk_type == SOCK_SEQPACKET) { if (copied < rlen) msg->msg_flags |= MSG_TRUNC; msg->msg_flags |= MSG_EOR; } err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, sizeof(IUCV_SKB_CB(skb)->class), (void *)&IUCV_SKB_CB(skb)->class); if (err) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return err; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM) { if (copied < rlen) { IUCV_SKB_CB(skb)->offset = offset + copied; goto done; } } kfree_skb(skb); if (iucv->transport == AF_IUCV_TRANS_HIPER) { atomic_inc(&iucv->msg_recv); if (atomic_read(&iucv->msg_recv) > iucv->msglimit) { WARN_ON(1); iucv_sock_close(sk); return -EFAULT; } } spin_lock_bh(&iucv->message_q.lock); rskb = skb_dequeue(&iucv->backlog_skb_q); while (rskb) { IUCV_SKB_CB(rskb)->offset = 0; if (sock_queue_rcv_skb(sk, rskb)) { skb_queue_head(&iucv->backlog_skb_q, rskb); break; } else { rskb = skb_dequeue(&iucv->backlog_skb_q); } } if (skb_queue_empty(&iucv->backlog_skb_q)) { if (!list_empty(&iucv->message_q.list)) iucv_process_message_q(sk); if (atomic_read(&iucv->msg_recv) >= iucv->msglimit / 2) { err = iucv_send_ctrl(sk, AF_IUCV_FLAG_WIN); if (err) { sk->sk_state = IUCV_DISCONN; sk->sk_state_change(sk); } } } spin_unlock_bh(&iucv->message_q.lock); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/iucv/af_iucv.c,https://github.com/torvalds/linux,252125006578245,1 1014,CWE-399,"static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, struct ceph_crypto_key *secret, void *buf, void *end) { void *p = buf; char *dbuf; char *ticket_buf; u8 reply_struct_v; u32 num; int ret; dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); if (!dbuf) return -ENOMEM; ret = -ENOMEM; ticket_buf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); if (!ticket_buf) goto out_dbuf; ceph_decode_8_safe(&p, end, reply_struct_v, bad); if (reply_struct_v != 1) return -EINVAL; ceph_decode_32_safe(&p, end, num, bad); dout(""%d tickets\n"", num); while (num--) { ret = process_one_ticket(ac, secret, &p, end, dbuf, ticket_buf); if (ret) goto out; } ret = 0; out: kfree(ticket_buf); out_dbuf: kfree(dbuf); return ret; bad: ret = -EINVAL; goto out; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,240857070215404,1 3347,CWE-119,"void mt_init(mtrand *mt, uint32_t seed) { int i; mt->mt_buffer_[0] = seed; mt->mt_index_ = MT_LEN; for (i = 1; i < MT_LEN; i++) { mt->mt_buffer_[i] = (1812433253UL * (mt->mt_buffer_[i-1] ^ (mt->mt_buffer_[i-1] >> 30)) + i); } }",visit repo url,xdelta3/xdelta3-test.h,https://github.com/jmacd/xdelta-devel,168945669204440,1 413,CWE-362,"static inline const unsigned char *fsnotify_oldname_init(const unsigned char *name) { return kstrdup(name, GFP_KERNEL); }",visit repo url,include/linux/fsnotify.h,https://github.com/torvalds/linux,193212417323016,1 1947,CWE-401,"static int fsl_lpspi_probe(struct platform_device *pdev) { struct device_node *np = pdev->dev.of_node; struct fsl_lpspi_data *fsl_lpspi; struct spi_controller *controller; struct spi_imx_master *lpspi_platform_info = dev_get_platdata(&pdev->dev); struct resource *res; int i, ret, irq; u32 temp; bool is_slave; is_slave = of_property_read_bool((&pdev->dev)->of_node, ""spi-slave""); if (is_slave) controller = spi_alloc_slave(&pdev->dev, sizeof(struct fsl_lpspi_data)); else controller = spi_alloc_master(&pdev->dev, sizeof(struct fsl_lpspi_data)); if (!controller) return -ENOMEM; platform_set_drvdata(pdev, controller); fsl_lpspi = spi_controller_get_devdata(controller); fsl_lpspi->dev = &pdev->dev; fsl_lpspi->is_slave = is_slave; if (!fsl_lpspi->is_slave) { for (i = 0; i < controller->num_chipselect; i++) { int cs_gpio = of_get_named_gpio(np, ""cs-gpios"", i); if (!gpio_is_valid(cs_gpio) && lpspi_platform_info) cs_gpio = lpspi_platform_info->chipselect[i]; fsl_lpspi->chipselect[i] = cs_gpio; if (!gpio_is_valid(cs_gpio)) continue; ret = devm_gpio_request(&pdev->dev, fsl_lpspi->chipselect[i], DRIVER_NAME); if (ret) { dev_err(&pdev->dev, ""can't get cs gpios\n""); goto out_controller_put; } } controller->cs_gpios = fsl_lpspi->chipselect; controller->prepare_message = fsl_lpspi_prepare_message; } controller->bits_per_word_mask = SPI_BPW_RANGE_MASK(8, 32); controller->transfer_one = fsl_lpspi_transfer_one; controller->prepare_transfer_hardware = lpspi_prepare_xfer_hardware; controller->unprepare_transfer_hardware = lpspi_unprepare_xfer_hardware; controller->mode_bits = SPI_CPOL | SPI_CPHA | SPI_CS_HIGH; controller->flags = SPI_MASTER_MUST_RX | SPI_MASTER_MUST_TX; controller->dev.of_node = pdev->dev.of_node; controller->bus_num = pdev->id; controller->slave_abort = fsl_lpspi_slave_abort; init_completion(&fsl_lpspi->xfer_done); res = platform_get_resource(pdev, IORESOURCE_MEM, 0); fsl_lpspi->base = devm_ioremap_resource(&pdev->dev, res); if (IS_ERR(fsl_lpspi->base)) { ret = PTR_ERR(fsl_lpspi->base); goto out_controller_put; } fsl_lpspi->base_phys = res->start; irq = platform_get_irq(pdev, 0); if (irq < 0) { ret = irq; goto out_controller_put; } ret = devm_request_irq(&pdev->dev, irq, fsl_lpspi_isr, 0, dev_name(&pdev->dev), fsl_lpspi); if (ret) { dev_err(&pdev->dev, ""can't get irq%d: %d\n"", irq, ret); goto out_controller_put; } fsl_lpspi->clk_per = devm_clk_get(&pdev->dev, ""per""); if (IS_ERR(fsl_lpspi->clk_per)) { ret = PTR_ERR(fsl_lpspi->clk_per); goto out_controller_put; } fsl_lpspi->clk_ipg = devm_clk_get(&pdev->dev, ""ipg""); if (IS_ERR(fsl_lpspi->clk_ipg)) { ret = PTR_ERR(fsl_lpspi->clk_ipg); goto out_controller_put; } ret = fsl_lpspi_init_rpm(fsl_lpspi); if (ret) goto out_controller_put; ret = pm_runtime_get_sync(fsl_lpspi->dev); if (ret < 0) { dev_err(fsl_lpspi->dev, ""failed to enable clock\n""); return ret; } temp = readl(fsl_lpspi->base + IMX7ULP_PARAM); fsl_lpspi->txfifosize = 1 << (temp & 0x0f); fsl_lpspi->rxfifosize = 1 << ((temp >> 8) & 0x0f); ret = fsl_lpspi_dma_init(&pdev->dev, fsl_lpspi, controller); if (ret == -EPROBE_DEFER) goto out_controller_put; if (ret < 0) dev_err(&pdev->dev, ""dma setup error %d, use pio\n"", ret); ret = devm_spi_register_controller(&pdev->dev, controller); if (ret < 0) { dev_err(&pdev->dev, ""spi_register_controller error.\n""); goto out_controller_put; } return 0; out_controller_put: spi_controller_put(controller); return ret; }",visit repo url,drivers/spi/spi-fsl-lpspi.c,https://github.com/torvalds/linux,274371911537125,1 3539,CWE-190,"static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt) { int n; assert(cnt >= 0); assert(buf); JAS_DBGLOG(100, (""mem_read(%p, %p, %d)\n"", obj, buf, cnt)); jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj; n = m->len_ - m->pos_; cnt = JAS_MIN(n, cnt); memcpy(buf, &m->buf_[m->pos_], cnt); m->pos_ += cnt; return cnt; }",visit repo url,src/libjasper/base/jas_stream.c,https://github.com/mdadams/jasper,105927772542470,1 5066,CWE-125,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 3511,['CWE-20'],"static int sctp_sf_check_restart_addrs(const struct sctp_association *new_asoc, const struct sctp_association *asoc, struct sctp_chunk *init, sctp_cmd_seq_t *commands) { struct sctp_transport *new_addr, *addr; int found; new_addr = NULL; found = 0; list_for_each_entry(new_addr, &new_asoc->peer.transport_addr_list, transports) { found = 0; list_for_each_entry(addr, &asoc->peer.transport_addr_list, transports) { if (sctp_cmp_addr_exact(&new_addr->ipaddr, &addr->ipaddr)) { found = 1; break; } } if (!found) break; } if (!found && new_addr) { sctp_sf_send_restart_abort(&new_addr->ipaddr, init, commands); } return found; }",linux-2.6,,,321415430875030856910884942045182828587,0 5456,CWE-617,"pci_populate_msicap(struct msicap *msicap, int msgnum, int nextptr) { int mmc; assert((msgnum & (msgnum - 1)) == 0 && msgnum >= 1 && msgnum <= 32); mmc = ffs(msgnum) - 1; bzero(msicap, sizeof(struct msicap)); msicap->capid = PCIY_MSI; msicap->nextptr = nextptr; msicap->msgctrl = PCIM_MSICTRL_64BIT | (mmc << 1); }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,195886669757670,1 4560,CWE-369,"GF_Err mhas_dmx_process(GF_Filter *filter) { GF_MHASDmxCtx *ctx = gf_filter_get_udta(filter); GF_FilterPacket *in_pck; u8 *output; u8 *start; Bool final_flush=GF_FALSE; u32 pck_size, remain, prev_pck_size; u64 cts = GF_FILTER_NO_TS; u32 au_start = 0; u32 consumed = 0; u32 nb_trunc_samples = 0; Bool trunc_from_begin = 0; Bool has_cfg = 0; if (!ctx->duration.num) mhas_dmx_check_dur(filter, ctx); if (ctx->opid && !ctx->is_playing) return GF_OK; in_pck = gf_filter_pid_get_packet(ctx->ipid); if (!in_pck) { if (gf_filter_pid_is_eos(ctx->ipid)) { if (!ctx->mhas_buffer_size) { if (ctx->opid) gf_filter_pid_set_eos(ctx->opid); if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = NULL; return GF_EOS; } final_flush = GF_TRUE; } else if (!ctx->resume_from) { return GF_OK; } } prev_pck_size = ctx->mhas_buffer_size; if (ctx->resume_from) in_pck = NULL; if (in_pck) { u8 *data = (u8 *) gf_filter_pck_get_data(in_pck, &pck_size); if (ctx->byte_offset != GF_FILTER_NO_BO) { u64 byte_offset = gf_filter_pck_get_byte_offset(in_pck); if (!ctx->mhas_buffer_size) { ctx->byte_offset = byte_offset; } else if (ctx->byte_offset + ctx->mhas_buffer_size != byte_offset) { ctx->byte_offset = GF_FILTER_NO_BO; if ((byte_offset != GF_FILTER_NO_BO) && (byte_offset>ctx->mhas_buffer_size) ) { ctx->byte_offset = byte_offset - ctx->mhas_buffer_size; } } } if (ctx->mhas_buffer_size + pck_size > ctx->mhas_buffer_alloc) { ctx->mhas_buffer_alloc = ctx->mhas_buffer_size + pck_size; ctx->mhas_buffer = gf_realloc(ctx->mhas_buffer, ctx->mhas_buffer_alloc); } memcpy(ctx->mhas_buffer + ctx->mhas_buffer_size, data, pck_size); ctx->mhas_buffer_size += pck_size; } if (ctx->timescale && in_pck) { cts = gf_filter_pck_get_cts(in_pck); if (!ctx->cts && (cts != GF_FILTER_NO_TS)) ctx->cts = cts; } if (cts == GF_FILTER_NO_TS) { prev_pck_size = 0; } remain = ctx->mhas_buffer_size; start = ctx->mhas_buffer; if (ctx->resume_from) { start += ctx->resume_from - 1; remain -= ctx->resume_from - 1; ctx->resume_from = 0; } while (ctx->nosync && (remain>3)) { u8 *hdr_start = memchr(start, 0xC0, remain); if (!hdr_start) { remain=0; break; } if ((hdr_start[1]==0x01) && (hdr_start[2]==0xA5)) { GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] Sync found !\n"")); ctx->nosync = GF_FALSE; break; } GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] not sync, skipping byte\n"")); start++; remain--; } if (ctx->nosync) goto skip; gf_bs_reassign_buffer(ctx->bs, start, remain); ctx->buffer_too_small = GF_FALSE; while (remain > consumed) { u32 pay_start, parse_end, mhas_size, mhas_label; Bool mhas_sap = 0; u32 mhas_type; if (!ctx->is_playing && ctx->opid) { ctx->resume_from = 1; consumed = 0; break; } mhas_type = (u32) gf_mpegh_escaped_value(ctx->bs, 3, 8, 8); mhas_label = (u32) gf_mpegh_escaped_value(ctx->bs, 2, 8, 32); mhas_size = (u32) gf_mpegh_escaped_value(ctx->bs, 11, 24, 24); if (ctx->buffer_too_small) break; if (mhas_type>18) { ctx->nb_unknown_pck++; if (ctx->nb_unknown_pck > ctx->pcksync) { GF_LOG(ctx->is_sync ? GF_LOG_WARNING : GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] %d packets of unknown type, considering sync was lost\n"")); ctx->is_sync = GF_FALSE; consumed = 0; ctx->nosync = GF_TRUE; ctx->nb_unknown_pck = 0; break; } } else if (!mhas_size) { GF_LOG(ctx->is_sync ? GF_LOG_WARNING : GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] MHAS packet with 0 payload size, considering sync was lost\n"")); ctx->is_sync = GF_FALSE; consumed = 0; ctx->nosync = GF_TRUE; ctx->nb_unknown_pck = 0; break; } pay_start = (u32) gf_bs_get_position(ctx->bs); if (ctx->buffer_too_small) break; if (mhas_size > gf_bs_available(ctx->bs)) { GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] incomplete packet type %d %s label ""LLU"" size ""LLU"" - keeping in buffer\n"", mhas_type, mhas_pck_name(mhas_type), mhas_label, mhas_size)); break; } ctx->is_sync = GF_TRUE; if (mhas_type==2) { mhas_sap = gf_bs_peek_bits(ctx->bs, 1, 0); ctx->nb_unknown_pck = 0; } else if (mhas_type==1) { s32 CICPspeakerLayoutIdx = -1; s32 numSpeakers = -1; u32 sr = 0; u32 frame_len; u32 pl = gf_bs_read_u8(ctx->bs); u32 idx = gf_bs_read_int(ctx->bs, 5); if (idx==0x1f) sr = gf_bs_read_int(ctx->bs, 24); else if (idx < nb_usac_sr) { sr = USACSampleRates[idx]; } ctx->nb_unknown_pck = 0; idx = gf_bs_read_int(ctx->bs, 3); if ((idx==0) || (idx==2) ) frame_len = 768; else frame_len = 1024; gf_bs_read_int(ctx->bs, 1); gf_bs_read_int(ctx->bs, 1); u32 speakerLayoutType = gf_bs_read_int(ctx->bs, 2); if (speakerLayoutType == 0) { CICPspeakerLayoutIdx = gf_bs_read_int(ctx->bs, 6); } else { numSpeakers = (s32) gf_mpegh_escaped_value(ctx->bs, 5, 8, 16) + 1; } mhas_dmx_check_pid(filter, ctx, pl, sr, frame_len, CICPspeakerLayoutIdx, numSpeakers, start + pay_start, (u32) mhas_size); has_cfg = GF_TRUE; } else if (mhas_type==17) { Bool isActive = gf_bs_read_int(ctx->bs, 1); gf_bs_read_int(ctx->bs, 1); trunc_from_begin = gf_bs_read_int(ctx->bs, 1); nb_trunc_samples = gf_bs_read_int(ctx->bs, 13); if (!isActive) { nb_trunc_samples = 0; } } else if ((mhas_type==6) || (mhas_type==7)) { ctx->nb_unknown_pck = 0; } #if 0 else if (mhas_type==8) { u8 marker_type = gf_bs_read_u8(ctx->bs); if (marker_type==0x01) {} else if (marker_type==0x02) { has_marker = GF_TRUE; } } #endif gf_bs_align(ctx->bs); parse_end = (u32) gf_bs_get_position(ctx->bs) - pay_start; gf_bs_skip_bytes(ctx->bs, mhas_size - parse_end); GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] MHAS Packet type %d %s label ""LLU"" size ""LLU""\n"", mhas_type, mhas_pck_name(mhas_type), mhas_label, mhas_size)); if (ctx->timescale && !prev_pck_size && (cts != GF_FILTER_NO_TS) ) { ctx->cts = cts; cts = GF_FILTER_NO_TS; } if ((mhas_type==2) && ctx->opid) { GF_FilterPacket *dst; u64 pck_dur = ctx->frame_len; u32 au_size; if (ctx->mpha) { au_start = pay_start; au_size = mhas_size; } else { au_size = (u32) gf_bs_get_position(ctx->bs) - au_start; } if (nb_trunc_samples) { if (trunc_from_begin) { if (!ctx->nb_frames) { s64 offset = trunc_from_begin; if (ctx->timescale) { offset *= ctx->timescale; offset /= ctx->sample_rate; } gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_DELAY , &PROP_LONGSINT( -offset)); } } else { pck_dur -= nb_trunc_samples; } nb_trunc_samples = 0; } if (ctx->timescale) { pck_dur = gf_timestamp_rescale(pck_dur, ctx->sample_rate, ctx->timescale); } dst = gf_filter_pck_new_alloc(ctx->opid, au_size, &output); if (!dst) break; if (ctx->src_pck) gf_filter_pck_merge_properties(ctx->src_pck, dst); memcpy(output, start + au_start, au_size); if (!has_cfg) mhas_sap = 0; if (mhas_sap) { gf_filter_pck_set_sap(dst, GF_FILTER_SAP_1); } gf_filter_pck_set_dts(dst, ctx->cts); gf_filter_pck_set_cts(dst, ctx->cts); gf_filter_pck_set_duration(dst, (u32) pck_dur); if (ctx->byte_offset != GF_FILTER_NO_BO) { u64 offset = (u64) (start - ctx->mhas_buffer); offset += ctx->byte_offset + au_start; gf_filter_pck_set_byte_offset(dst, offset); } GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] Send AU CTS ""LLU"" size %d dur %d sap %d\n"", ctx->cts, au_size, (u32) pck_dur, mhas_sap)); gf_filter_pck_send(dst); au_start += au_size; consumed = au_start; ctx->nb_frames ++; mhas_dmx_update_cts(ctx); has_cfg = 0; if (prev_pck_size) { u64 next_pos = (u64) (start + au_start - ctx->mhas_buffer); if (prev_pck_size <= next_pos) { prev_pck_size = 0; if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = in_pck; if (in_pck) gf_filter_pck_ref_props(&ctx->src_pck); if (ctx->timescale && (cts != GF_FILTER_NO_TS) ) { ctx->cts = cts; cts = GF_FILTER_NO_TS; } } } if (remain==consumed) break; if (gf_filter_pid_would_block(ctx->opid)) { ctx->resume_from = 1; final_flush = GF_FALSE; break; } } } if (consumed) { assert(remain>=consumed); remain -= consumed; start += consumed; } skip: if (remain < ctx->mhas_buffer_size) { memmove(ctx->mhas_buffer, start, remain); if (ctx->byte_offset != GF_FILTER_NO_BO) ctx->byte_offset += ctx->mhas_buffer_size - remain; } ctx->mhas_buffer_size = remain; if (final_flush) ctx->mhas_buffer_size = 0; if (!ctx->mhas_buffer_size) { if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = NULL; } if (in_pck) gf_filter_pid_drop_packet(ctx->ipid); return GF_OK; }",visit repo url,src/filters/reframe_mhas.c,https://github.com/gpac/gpac,123409982797808,1 462,CWE-476,"int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) { int r; int hv_enabled = kvmppc_hv_ops ? 1 : 0; if (kvm) { hv_enabled = is_kvmppc_hv_enabled(kvm); } switch (ext) { #ifdef CONFIG_BOOKE case KVM_CAP_PPC_BOOKE_SREGS: case KVM_CAP_PPC_BOOKE_WATCHDOG: case KVM_CAP_PPC_EPR: #else case KVM_CAP_PPC_SEGSTATE: case KVM_CAP_PPC_HIOR: case KVM_CAP_PPC_PAPR: #endif case KVM_CAP_PPC_UNSET_IRQ: case KVM_CAP_PPC_IRQ_LEVEL: case KVM_CAP_ENABLE_CAP: case KVM_CAP_ENABLE_CAP_VM: case KVM_CAP_ONE_REG: case KVM_CAP_IOEVENTFD: case KVM_CAP_DEVICE_CTRL: case KVM_CAP_IMMEDIATE_EXIT: r = 1; break; case KVM_CAP_PPC_PAIRED_SINGLES: case KVM_CAP_PPC_OSI: case KVM_CAP_PPC_GET_PVINFO: #if defined(CONFIG_KVM_E500V2) || defined(CONFIG_KVM_E500MC) case KVM_CAP_SW_TLB: #endif r = !hv_enabled; break; #ifdef CONFIG_KVM_MPIC case KVM_CAP_IRQ_MPIC: r = 1; break; #endif #ifdef CONFIG_PPC_BOOK3S_64 case KVM_CAP_SPAPR_TCE: case KVM_CAP_SPAPR_TCE_64: case KVM_CAP_SPAPR_TCE_VFIO: case KVM_CAP_PPC_RTAS: case KVM_CAP_PPC_FIXUP_HCALL: case KVM_CAP_PPC_ENABLE_HCALL: #ifdef CONFIG_KVM_XICS case KVM_CAP_IRQ_XICS: #endif r = 1; break; case KVM_CAP_PPC_ALLOC_HTAB: r = hv_enabled; break; #endif #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE case KVM_CAP_PPC_SMT: r = 0; if (kvm) { if (kvm->arch.emul_smt_mode > 1) r = kvm->arch.emul_smt_mode; else r = kvm->arch.smt_mode; } else if (hv_enabled) { if (cpu_has_feature(CPU_FTR_ARCH_300)) r = 1; else r = threads_per_subcore; } break; case KVM_CAP_PPC_SMT_POSSIBLE: r = 1; if (hv_enabled) { if (!cpu_has_feature(CPU_FTR_ARCH_300)) r = ((threads_per_subcore << 1) - 1); else r = 8 | 4 | 2 | 1; } break; case KVM_CAP_PPC_RMA: r = 0; break; case KVM_CAP_PPC_HWRNG: r = kvmppc_hwrng_present(); break; case KVM_CAP_PPC_MMU_RADIX: r = !!(hv_enabled && radix_enabled()); break; case KVM_CAP_PPC_MMU_HASH_V3: r = !!(hv_enabled && !radix_enabled() && cpu_has_feature(CPU_FTR_ARCH_300)); break; #endif case KVM_CAP_SYNC_MMU: #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE r = hv_enabled; #elif defined(KVM_ARCH_WANT_MMU_NOTIFIER) r = 1; #else r = 0; #endif break; #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE case KVM_CAP_PPC_HTAB_FD: r = hv_enabled; break; #endif case KVM_CAP_NR_VCPUS: if (hv_enabled) r = num_present_cpus(); else r = num_online_cpus(); break; case KVM_CAP_NR_MEMSLOTS: r = KVM_USER_MEM_SLOTS; break; case KVM_CAP_MAX_VCPUS: r = KVM_MAX_VCPUS; break; #ifdef CONFIG_PPC_BOOK3S_64 case KVM_CAP_PPC_GET_SMMU_INFO: r = 1; break; case KVM_CAP_SPAPR_MULTITCE: r = 1; break; case KVM_CAP_SPAPR_RESIZE_HPT: r = !!hv_enabled && !cpu_has_feature(CPU_FTR_ARCH_300); break; #endif #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE case KVM_CAP_PPC_FWNMI: r = hv_enabled; break; #endif case KVM_CAP_PPC_HTM: r = cpu_has_feature(CPU_FTR_TM_COMP) && is_kvmppc_hv_enabled(kvm); break; default: r = 0; break; } return r; }",visit repo url,arch/powerpc/kvm/powerpc.c,https://github.com/torvalds/linux,183586151590579,1 496,[],"void snd_dma_free_pages(struct snd_dma_buffer *dmab) { switch (dmab->dev.type) { case SNDRV_DMA_TYPE_CONTINUOUS: snd_free_pages(dmab->area, dmab->bytes); break; #ifdef CONFIG_SBUS case SNDRV_DMA_TYPE_SBUS: snd_free_sbus_pages(dmab->dev.dev, dmab->bytes, dmab->area, dmab->addr); break; #endif case SNDRV_DMA_TYPE_DEV: snd_free_dev_pages(dmab->dev.dev, dmab->bytes, dmab->area, dmab->addr); break; case SNDRV_DMA_TYPE_DEV_SG: snd_free_sgbuf_pages(dmab); break; default: printk(KERN_ERR ""snd-malloc: invalid device type %d\n"", dmab->dev.type); } }",linux-2.6,,,197283027346818784005222183775873558209,0 1553,[],"void __init sched_init(void) { int i, j; unsigned long alloc_size = 0, ptr; #ifdef CONFIG_FAIR_GROUP_SCHED alloc_size += 2 * nr_cpu_ids * sizeof(void **); #endif #ifdef CONFIG_RT_GROUP_SCHED alloc_size += 2 * nr_cpu_ids * sizeof(void **); #endif #ifdef CONFIG_USER_SCHED alloc_size *= 2; #endif if (alloc_size) { ptr = (unsigned long)alloc_bootmem_low(alloc_size); #ifdef CONFIG_FAIR_GROUP_SCHED init_task_group.se = (struct sched_entity **)ptr; ptr += nr_cpu_ids * sizeof(void **); init_task_group.cfs_rq = (struct cfs_rq **)ptr; ptr += nr_cpu_ids * sizeof(void **); #ifdef CONFIG_USER_SCHED root_task_group.se = (struct sched_entity **)ptr; ptr += nr_cpu_ids * sizeof(void **); root_task_group.cfs_rq = (struct cfs_rq **)ptr; ptr += nr_cpu_ids * sizeof(void **); #endif #endif #ifdef CONFIG_RT_GROUP_SCHED init_task_group.rt_se = (struct sched_rt_entity **)ptr; ptr += nr_cpu_ids * sizeof(void **); init_task_group.rt_rq = (struct rt_rq **)ptr; ptr += nr_cpu_ids * sizeof(void **); #ifdef CONFIG_USER_SCHED root_task_group.rt_se = (struct sched_rt_entity **)ptr; ptr += nr_cpu_ids * sizeof(void **); root_task_group.rt_rq = (struct rt_rq **)ptr; ptr += nr_cpu_ids * sizeof(void **); #endif #endif } #ifdef CONFIG_SMP init_aggregate(); init_defrootdomain(); #endif init_rt_bandwidth(&def_rt_bandwidth, global_rt_period(), global_rt_runtime()); #ifdef CONFIG_RT_GROUP_SCHED init_rt_bandwidth(&init_task_group.rt_bandwidth, global_rt_period(), global_rt_runtime()); #ifdef CONFIG_USER_SCHED init_rt_bandwidth(&root_task_group.rt_bandwidth, global_rt_period(), RUNTIME_INF); #endif #endif #ifdef CONFIG_GROUP_SCHED list_add(&init_task_group.list, &task_groups); INIT_LIST_HEAD(&init_task_group.children); #ifdef CONFIG_USER_SCHED INIT_LIST_HEAD(&root_task_group.children); init_task_group.parent = &root_task_group; list_add(&init_task_group.siblings, &root_task_group.children); #endif #endif for_each_possible_cpu(i) { struct rq *rq; rq = cpu_rq(i); spin_lock_init(&rq->lock); lockdep_set_class(&rq->lock, &rq->rq_lock_key); rq->nr_running = 0; rq->clock = 1; update_last_tick_seen(rq); init_cfs_rq(&rq->cfs, rq); init_rt_rq(&rq->rt, rq); #ifdef CONFIG_FAIR_GROUP_SCHED init_task_group.shares = init_task_group_load; INIT_LIST_HEAD(&rq->leaf_cfs_rq_list); #ifdef CONFIG_CGROUP_SCHED init_tg_cfs_entry(&init_task_group, &rq->cfs, NULL, i, 1, NULL); #elif defined CONFIG_USER_SCHED root_task_group.shares = NICE_0_LOAD; init_tg_cfs_entry(&root_task_group, &rq->cfs, NULL, i, 0, NULL); init_tg_cfs_entry(&init_task_group, &per_cpu(init_cfs_rq, i), &per_cpu(init_sched_entity, i), i, 1, root_task_group.se[i]); #endif #endif rq->rt.rt_runtime = def_rt_bandwidth.rt_runtime; #ifdef CONFIG_RT_GROUP_SCHED INIT_LIST_HEAD(&rq->leaf_rt_rq_list); #ifdef CONFIG_CGROUP_SCHED init_tg_rt_entry(&init_task_group, &rq->rt, NULL, i, 1, NULL); #elif defined CONFIG_USER_SCHED init_tg_rt_entry(&root_task_group, &rq->rt, NULL, i, 0, NULL); init_tg_rt_entry(&init_task_group, &per_cpu(init_rt_rq, i), &per_cpu(init_sched_rt_entity, i), i, 1, root_task_group.rt_se[i]); #endif #endif for (j = 0; j < CPU_LOAD_IDX_MAX; j++) rq->cpu_load[j] = 0; #ifdef CONFIG_SMP rq->sd = NULL; rq->rd = NULL; rq->active_balance = 0; rq->next_balance = jiffies; rq->push_cpu = 0; rq->cpu = i; rq->migration_thread = NULL; INIT_LIST_HEAD(&rq->migration_queue); rq_attach_root(rq, &def_root_domain); #endif init_rq_hrtick(rq); atomic_set(&rq->nr_iowait, 0); } set_load_weight(&init_task); #ifdef CONFIG_PREEMPT_NOTIFIERS INIT_HLIST_HEAD(&init_task.preempt_notifiers); #endif #ifdef CONFIG_SMP open_softirq(SCHED_SOFTIRQ, run_rebalance_domains, NULL); #endif #ifdef CONFIG_RT_MUTEXES plist_head_init(&init_task.pi_waiters, &init_task.pi_lock); #endif atomic_inc(&init_mm.mm_count); enter_lazy_tlb(&init_mm, current); init_idle(current, smp_processor_id()); current->sched_class = &fair_sched_class; scheduler_running = 1; }",linux-2.6,,,256575059082598868526449583324962194804,0 3095,CWE-119,"dtls1_process_record(SSL *s) { int i,al; int enc_err; SSL_SESSION *sess; SSL3_RECORD *rr; unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; rr= &(s->s3->rrec); sess = s->session; rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]); if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } rr->data=rr->input; rr->orig_len=rr->length; enc_err = s->method->ssl3_enc->enc(s,0); if (enc_err == 0) { rr->length = 0; s->packet_length = 0; goto err; } #ifdef TLS_DEBUG printf(""dec %d\n"",rr->length); { unsigned int z; for (z=0; zlength; z++) printf(""%02X%c"",rr->data[z],((z+1)%16)?' ':'\n'); } printf(""\n""); #endif if ((sess != NULL) && (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) { unsigned char *mac = NULL; unsigned char mac_tmp[EVP_MAX_MD_SIZE]; mac_size=EVP_MD_CTX_size(s->read_hash); OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); if (rr->orig_len < mac_size || (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && rr->orig_len < mac_size+1)) { al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; } if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { mac = mac_tmp; ssl3_cbc_copy_mac(mac_tmp, rr, mac_size); rr->length -= mac_size; } else { rr->length -= mac_size; mac = &rr->data[rr->length]; } i=s->method->ssl3_enc->mac(s,md,0 ); if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) enc_err = -1; if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) enc_err = -1; } if (enc_err < 0) { rr->length = 0; s->packet_length = 0; goto err; } if (s->expand != NULL) { if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); goto f_err; } if (!ssl3_do_uncompress(s)) { al=SSL_AD_DECOMPRESSION_FAILURE; SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION); goto f_err; } } if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } rr->off=0; s->packet_length=0; dtls1_record_bitmap_update(s, &(s->d1->bitmap)); return(1); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: return(0); }",visit repo url,ssl/d1_pkt.c,https://github.com/openssl/openssl,193384304918285,1 1009,['CWE-94'],"ssize_t generic_file_splice_read(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { ssize_t spliced; int ret; loff_t isize, left; isize = i_size_read(in->f_mapping->host); if (unlikely(*ppos >= isize)) return 0; left = isize - *ppos; if (unlikely(left < len)) len = left; ret = 0; spliced = 0; while (len && !spliced) { ret = __generic_file_splice_read(in, ppos, pipe, len, flags); if (ret < 0) break; else if (!ret) { if (spliced) break; if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; } } *ppos += ret; len -= ret; spliced += ret; } if (spliced) return spliced; return ret; }",linux-2.6,,,330551095273236949451388709903741454643,0 5960,CWE-276,"zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64_t fuid, cred_t *cr, zfs_fuid_type_t type) { #ifdef HAVE_KSID uint32_t index = FUID_INDEX(fuid); const char *domain; uid_t id; if (index == 0) return (fuid); domain = zfs_fuid_find_by_idx(zfsvfs, index); ASSERT(domain != NULL); if (type == ZFS_OWNER || type == ZFS_ACE_USER) { (void) kidmap_getuidbysid(crgetzone(cr), domain, FUID_RID(fuid), &id); } else { (void) kidmap_getgidbysid(crgetzone(cr), domain, FUID_RID(fuid), &id); } return (id); #else return (fuid); #endif }",visit repo url,module/zfs/zfs_fuid.c,https://github.com/openzfs/zfs,221999816059341,1 6334,['CWE-200'],"int __init psched_calibrate_clock(void) { psched_time_t stamp, stamp1; struct timeval tv, tv1; psched_tdiff_t delay; long rdelay; unsigned long stop; psched_tick(0); stop = jiffies + HZ/10; PSCHED_GET_TIME(stamp); do_gettimeofday(&tv); while (time_before(jiffies, stop)) { barrier(); cpu_relax(); } PSCHED_GET_TIME(stamp1); do_gettimeofday(&tv1); delay = PSCHED_TDIFF(stamp1, stamp); rdelay = tv1.tv_usec - tv.tv_usec; rdelay += (tv1.tv_sec - tv.tv_sec)*1000000; if (rdelay > delay) return -1; delay /= rdelay; psched_tick_per_us = delay; while ((delay>>=1) != 0) psched_clock_scale++; psched_us_per_tick = 1<>psched_clock_scale; return 0; }",linux-2.6,,,163081824229864533946542408664492478325,0 1367,CWE-399,"int __kvm_set_memory_region(struct kvm *kvm, struct kvm_userspace_memory_region *mem, int user_alloc) { int r; gfn_t base_gfn; unsigned long npages; struct kvm_memory_slot *memslot, *slot; struct kvm_memory_slot old, new; struct kvm_memslots *slots, *old_memslots; r = check_memory_region_flags(mem); if (r) goto out; r = -EINVAL; if (mem->memory_size & (PAGE_SIZE - 1)) goto out; if (mem->guest_phys_addr & (PAGE_SIZE - 1)) goto out; if (user_alloc && ((mem->userspace_addr & (PAGE_SIZE - 1)) || !access_ok(VERIFY_WRITE, (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; if (mem->slot >= KVM_MEM_SLOTS_NUM) goto out; if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr) goto out; memslot = id_to_memslot(kvm->memslots, mem->slot); base_gfn = mem->guest_phys_addr >> PAGE_SHIFT; npages = mem->memory_size >> PAGE_SHIFT; r = -EINVAL; if (npages > KVM_MEM_MAX_NR_PAGES) goto out; if (!npages) mem->flags &= ~KVM_MEM_LOG_DIRTY_PAGES; new = old = *memslot; new.id = mem->slot; new.base_gfn = base_gfn; new.npages = npages; new.flags = mem->flags; r = -EINVAL; if (npages && old.npages && npages != old.npages) goto out_free; if (!npages && !old.npages) goto out_free; r = -EEXIST; kvm_for_each_memslot(slot, kvm->memslots) { if (slot->id >= KVM_MEMORY_SLOTS || slot == memslot) continue; if (!((base_gfn + npages <= slot->base_gfn) || (base_gfn >= slot->base_gfn + slot->npages))) goto out_free; } if (!(new.flags & KVM_MEM_LOG_DIRTY_PAGES)) new.dirty_bitmap = NULL; r = -ENOMEM; if (!old.npages) { new.user_alloc = user_alloc; new.userspace_addr = mem->userspace_addr; if (kvm_arch_create_memslot(&new, npages)) goto out_free; } else if (npages && mem->userspace_addr != old.userspace_addr) { r = -EINVAL; goto out_free; } if ((new.flags & KVM_MEM_LOG_DIRTY_PAGES) && !new.dirty_bitmap) { if (kvm_create_dirty_bitmap(&new) < 0) goto out_free; } if (!npages || base_gfn != old.base_gfn) { struct kvm_memory_slot *slot; r = -ENOMEM; slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots), GFP_KERNEL); if (!slots) goto out_free; slot = id_to_memslot(slots, mem->slot); slot->flags |= KVM_MEMSLOT_INVALID; update_memslots(slots, NULL); old_memslots = kvm->memslots; rcu_assign_pointer(kvm->memslots, slots); synchronize_srcu_expedited(&kvm->srcu); kvm_arch_flush_shadow_memslot(kvm, slot); kfree(old_memslots); } r = kvm_arch_prepare_memory_region(kvm, &new, old, mem, user_alloc); if (r) goto out_free; if (npages) { r = kvm_iommu_map_pages(kvm, &new); if (r) goto out_free; } else kvm_iommu_unmap_pages(kvm, &old); r = -ENOMEM; slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots), GFP_KERNEL); if (!slots) goto out_free; if (!npages) { new.dirty_bitmap = NULL; memset(&new.arch, 0, sizeof(new.arch)); } update_memslots(slots, &new); old_memslots = kvm->memslots; rcu_assign_pointer(kvm->memslots, slots); synchronize_srcu_expedited(&kvm->srcu); kvm_arch_commit_memory_region(kvm, mem, old, user_alloc); kvm_free_physmem_slot(&old, &new); kfree(old_memslots); return 0; out_free: kvm_free_physmem_slot(&new, &old); out: return r; }",visit repo url,virt/kvm/kvm_main.c,https://github.com/torvalds/linux,8203638973932,1 4825,CWE-119,"int sc_file_set_sec_attr(sc_file_t *file, const u8 *sec_attr, size_t sec_attr_len) { u8 *tmp; if (!sc_file_valid(file)) { return SC_ERROR_INVALID_ARGUMENTS; } if (sec_attr == NULL) { if (file->sec_attr != NULL) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return 0; } tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); if (!tmp) { if (file->sec_attr) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; return 0; }",visit repo url,src/libopensc/sc.c,https://github.com/OpenSC/OpenSC,171861329616562,1 6440,CWE-20,"error_t httpClientSetUri(HttpClientContext *context, const char_t *uri) { size_t m; size_t n; char_t *p; char_t *q; if(context == NULL || uri == NULL) return ERROR_INVALID_PARAMETER; if(uri[0] == '\0') return ERROR_INVALID_PARAMETER; if(context->requestState != HTTP_REQ_STATE_FORMAT_HEADER) return ERROR_WRONG_STATE; if(context->bufferLen > HTTP_CLIENT_BUFFER_SIZE) return ERROR_INVALID_SYNTAX; context->buffer[context->bufferLen] = '\0'; p = strchr(context->buffer, ' '); if(p == NULL) return ERROR_INVALID_SYNTAX; p++; q = strpbrk(p, "" ?""); if(q == NULL) return ERROR_INVALID_SYNTAX; m = q - p; n = osStrlen(uri); if((context->bufferLen + n - m) > HTTP_CLIENT_BUFFER_SIZE) return ERROR_BUFFER_OVERFLOW; osMemmove(p + n, q, context->buffer + context->bufferLen + 1 - q); osStrncpy(p, uri, n); context->bufferLen = context->bufferLen + n - m; return NO_ERROR; }",visit repo url,http/http_client.c,https://github.com/Oryx-Embedded/CycloneTCP,274107077621316,1 4061,['CWE-399'],"void wait_for_unix_gc(void) { wait_event(unix_gc_wait, gc_in_progress == false); }",linux-2.6,,,93674533721523965210915214742237180435,0 2679,CWE-190,"static spl_filesystem_object * spl_filesystem_object_create_info(spl_filesystem_object *source, char *file_path, int file_path_len, int use_copy, zend_class_entry *ce, zval *return_value TSRMLS_DC) { spl_filesystem_object *intern; zval *arg1; zend_error_handling error_handling; if (!file_path || !file_path_len) { #if defined(PHP_WIN32) zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, ""Cannot create SplFileInfo for empty path""); if (file_path && !use_copy) { efree(file_path); } #else if (file_path && !use_copy) { efree(file_path); } file_path_len = 1; file_path = ""/""; #endif return NULL; } zend_replace_error_handling(EH_THROW, spl_ce_RuntimeException, &error_handling TSRMLS_CC); ce = ce ? ce : source->info_class; zend_update_class_constants(ce TSRMLS_CC); return_value->value.obj = spl_filesystem_object_new_ex(ce, &intern TSRMLS_CC); Z_TYPE_P(return_value) = IS_OBJECT; if (ce->constructor->common.scope != spl_ce_SplFileInfo) { MAKE_STD_ZVAL(arg1); ZVAL_STRINGL(arg1, file_path, file_path_len, use_copy); zend_call_method_with_1_params(&return_value, ce, &ce->constructor, ""__construct"", NULL, arg1); zval_ptr_dtor(&arg1); } else { spl_filesystem_info_set_filename(intern, file_path, file_path_len, use_copy TSRMLS_CC); } zend_restore_error_handling(&error_handling TSRMLS_CC); return intern; } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,178728293440398,1 6085,['CWE-200'],"static int inet6_addr_del(int ifindex, struct in6_addr *pfx, int plen) { struct inet6_ifaddr *ifp; struct inet6_dev *idev; struct net_device *dev; if ((dev = __dev_get_by_index(ifindex)) == NULL) return -ENODEV; if ((idev = __in6_dev_get(dev)) == NULL) return -ENXIO; read_lock_bh(&idev->lock); for (ifp = idev->addr_list; ifp; ifp=ifp->if_next) { if (ifp->prefix_len == plen && ipv6_addr_equal(pfx, &ifp->addr)) { in6_ifa_hold(ifp); read_unlock_bh(&idev->lock); ipv6_del_addr(ifp); if (idev->addr_list == NULL) addrconf_ifdown(idev->dev, 1); return 0; } } read_unlock_bh(&idev->lock); return -EADDRNOTAVAIL; }",linux-2.6,,,169478311028516024549024403773638538297,0 5107,['CWE-20'],"static void vmclear_local_vcpus(void) { int cpu = raw_smp_processor_id(); struct vcpu_vmx *vmx, *n; list_for_each_entry_safe(vmx, n, &per_cpu(vcpus_on_cpu, cpu), local_vcpus_link) __vcpu_clear(vmx); }",linux-2.6,,,51163191433037439159375398148418135214,0 6666,CWE-120,"static int pkey_gost2018_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, const unsigned char *in, size_t in_len) { const unsigned char *p = in; struct gost_pmeth_data *data; EVP_PKEY *priv; PSKeyTransport_gost *pst = NULL; int ret = 0; unsigned char expkeys[64]; EVP_PKEY *eph_key = NULL; int pkey_nid; int mac_nid = NID_undef; int iv_len = 0; if (!(data = EVP_PKEY_CTX_get_data(pctx)) || !(priv = EVP_PKEY_CTX_get0_pkey(pctx))) { GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_ERROR_COMPUTING_EXPORT_KEYS); ret = 0; goto err; } pkey_nid = EVP_PKEY_base_id(priv); switch (data->cipher_nid) { case NID_magma_ctr: mac_nid = NID_magma_mac; iv_len = 4; break; case NID_grasshopper_ctr: mac_nid = NID_grasshopper_mac; iv_len = 8; break; default: GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_INVALID_CIPHER); return -1; break; } if (!key) { *key_len = 32; return 1; } pst = d2i_PSKeyTransport_gost(NULL, (const unsigned char **)&p, in_len); if (!pst) { GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); return -1; } eph_key = X509_PUBKEY_get(pst->ephem_key); if (eph_key == NULL) { GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_ERROR_COMPUTING_EXPORT_KEYS); ret = 0; goto err; } if (data->shared_ukm_size == 0 && pst->ukm != NULL) { if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_SET_IV, ASN1_STRING_length(pst->ukm), (void *)ASN1_STRING_get0_data(pst->ukm)) < 0) { GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_UKM_NOT_SET); goto err; } } if (gost_keg(data->shared_ukm, pkey_nid, EC_KEY_get0_public_key(EVP_PKEY_get0(eph_key)), EVP_PKEY_get0(priv), expkeys) <= 0) { GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_ERROR_COMPUTING_EXPORT_KEYS); goto err; } if (gost_kimp15(ASN1_STRING_get0_data(pst->psexp), ASN1_STRING_length(pst->psexp), data->cipher_nid, expkeys + 32, mac_nid, expkeys + 0, data->shared_ukm + 24, iv_len, key) <= 0) { GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT, GOST_R_CANNOT_UNPACK_EPHEMERAL_KEY); goto err; } ret = 1; err: OPENSSL_cleanse(expkeys, sizeof(expkeys)); EVP_PKEY_free(eph_key); PSKeyTransport_gost_free(pst); return ret; }",visit repo url,gost_ec_keyx.c,https://github.com/gost-engine/engine,216207038710343,1 5253,CWE-119,"SQLRETURN SQLSetDescFieldW( SQLHDESC descriptor_handle, SQLSMALLINT rec_number, SQLSMALLINT field_identifier, SQLPOINTER value, SQLINTEGER buffer_length ) { DMHDESC descriptor = (DMHDESC) descriptor_handle; SQLRETURN ret; SQLCHAR s1[ 100 + LOG_MESSAGE_LEN ]; int isStrField = 0; if ( !__validate_desc( descriptor )) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Error: SQL_INVALID_HANDLE"" ); #ifdef WITH_HANDLE_REDIRECT { DMHDESC parent_desc; parent_desc = find_parent_handle( descriptor, SQL_HANDLE_DESC ); if ( parent_desc ) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Info: found parent handle"" ); if ( CHECK_SQLSETDESCFIELDW( parent_desc -> connection )) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Info: calling redirected driver function"" ); return SQLSETDESCFIELDW( parent_desc -> connection, descriptor, rec_number, field_identifier, value, buffer_length ); } } } #endif return SQL_INVALID_HANDLE; } function_entry( descriptor ); if ( log_info.log_flag ) { sprintf( descriptor -> msg, ""\n\t\tEntry:\ \n\t\t\tDescriptor = %p\ \n\t\t\tRec Number = %d\ \n\t\t\tField Ident = %s\ \n\t\t\tValue = %p\ \n\t\t\tBuffer Length = %d"", descriptor, rec_number, __desc_attr_as_string( s1, field_identifier ), value, (int)buffer_length ); dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, descriptor -> msg ); } thread_protect( SQL_HANDLE_DESC, descriptor ); if ( descriptor -> connection -> state < STATE_C4 ) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Error: HY010"" ); __post_internal_error( &descriptor -> error, ERROR_HY010, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if( __check_stmt_from_desc( descriptor, STATE_S8 ) || __check_stmt_from_desc( descriptor, STATE_S9 ) || __check_stmt_from_desc( descriptor, STATE_S10 ) || __check_stmt_from_desc( descriptor, STATE_S11 ) || __check_stmt_from_desc( descriptor, STATE_S12 ) || __check_stmt_from_desc( descriptor, STATE_S13 ) || __check_stmt_from_desc( descriptor, STATE_S14 ) || __check_stmt_from_desc( descriptor, STATE_S15 )) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Error: HY010"" ); __post_internal_error( &descriptor -> error, ERROR_HY010, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if ( rec_number < 0 ) { __post_internal_error( &descriptor -> error, ERROR_07009, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } switch ( field_identifier ) { case SQL_DESC_ALLOC_TYPE: case SQL_DESC_ARRAY_SIZE: case SQL_DESC_ARRAY_STATUS_PTR: case SQL_DESC_BIND_OFFSET_PTR: case SQL_DESC_BIND_TYPE: case SQL_DESC_COUNT: case SQL_DESC_ROWS_PROCESSED_PTR: case SQL_DESC_AUTO_UNIQUE_VALUE: case SQL_DESC_CASE_SENSITIVE: case SQL_DESC_CONCISE_TYPE: case SQL_DESC_DATA_PTR: case SQL_DESC_DATETIME_INTERVAL_CODE: case SQL_DESC_DATETIME_INTERVAL_PRECISION: case SQL_DESC_DISPLAY_SIZE: case SQL_DESC_FIXED_PREC_SCALE: case SQL_DESC_INDICATOR_PTR: case SQL_DESC_LENGTH: case SQL_DESC_NULLABLE: case SQL_DESC_NUM_PREC_RADIX: case SQL_DESC_OCTET_LENGTH: case SQL_DESC_OCTET_LENGTH_PTR: case SQL_DESC_PARAMETER_TYPE: case SQL_DESC_PRECISION: case SQL_DESC_ROWVER: case SQL_DESC_SCALE: case SQL_DESC_SEARCHABLE: case SQL_DESC_TYPE: case SQL_DESC_UNNAMED: case SQL_DESC_UNSIGNED: case SQL_DESC_UPDATABLE: isStrField = 0; break; case SQL_DESC_BASE_COLUMN_NAME: case SQL_DESC_BASE_TABLE_NAME: case SQL_DESC_CATALOG_NAME: case SQL_DESC_LABEL: case SQL_DESC_LITERAL_PREFIX: case SQL_DESC_LITERAL_SUFFIX: case SQL_DESC_LOCAL_TYPE_NAME: case SQL_DESC_NAME: case SQL_DESC_SCHEMA_NAME: case SQL_DESC_TABLE_NAME: case SQL_DESC_TYPE_NAME: isStrField = 1; break; default: isStrField = buffer_length != SQL_IS_POINTER && buffer_length != SQL_IS_INTEGER && buffer_length != SQL_IS_UINTEGER && buffer_length != SQL_IS_SMALLINT && buffer_length != SQL_IS_USMALLINT; } if ( isStrField && buffer_length < 0 && buffer_length != SQL_NTS) { __post_internal_error( &descriptor -> error, ERROR_HY090, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if ( field_identifier == SQL_DESC_COUNT && (SQLINTEGER)value < 0 ) { __post_internal_error( &descriptor -> error, ERROR_07009, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if ( field_identifier == SQL_DESC_PARAMETER_TYPE && value != SQL_PARAM_INPUT && value != SQL_PARAM_OUTPUT && value != SQL_PARAM_INPUT_OUTPUT && value != SQL_PARAM_INPUT_OUTPUT_STREAM && value != SQL_PARAM_OUTPUT_STREAM ) { __post_internal_error( &descriptor -> error, ERROR_HY105, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if ( descriptor -> connection -> unicode_driver || CHECK_SQLSETDESCFIELDW( descriptor -> connection )) { if ( !CHECK_SQLSETDESCFIELDW( descriptor -> connection )) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Error: IM001"" ); __post_internal_error( &descriptor -> error, ERROR_IM001, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } ret = SQLSETDESCFIELDW( descriptor -> connection, descriptor -> driver_desc, rec_number, field_identifier, value, buffer_length ); if ( log_info.log_flag ) { sprintf( descriptor -> msg, ""\n\t\tExit:[%s]"", __get_return_status( ret, s1 )); dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, descriptor -> msg ); } } else { SQLCHAR *ascii_str = NULL; if ( !CHECK_SQLSETDESCFIELD( descriptor -> connection )) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Error: IM001"" ); __post_internal_error( &descriptor -> error, ERROR_IM001, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } switch ( field_identifier ) { case SQL_DESC_NAME: ascii_str = (SQLCHAR*) unicode_to_ansi_alloc( value, buffer_length, descriptor -> connection, NULL ); value = ascii_str; buffer_length = strlen((char*) ascii_str ); break; default: break; } ret = SQLSETDESCFIELD( descriptor -> connection, descriptor -> driver_desc, rec_number, field_identifier, value, buffer_length ); if ( log_info.log_flag ) { sprintf( descriptor -> msg, ""\n\t\tExit:[%s]"", __get_return_status( ret, s1 )); dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, descriptor -> msg ); } if ( ascii_str ) { free( ascii_str ); } } return function_return( SQL_HANDLE_DESC, descriptor, ret ); }",visit repo url,DriverManager/SQLSetDescFieldW.c,https://github.com/lurcher/unixODBC,238352714466624,1 641,[],"int dccp_ioctl(struct sock *sk, int cmd, unsigned long arg) { dccp_pr_debug(""entry\n""); return -ENOIOCTLCMD; }",linux-2.6,,,204156023795418489437779015989898314060,0 6624,['CWE-200'],"connection_added (NMSettings *settings, NMExportedConnection *exported, gpointer user_data) { NMConnectionList *self = NM_CONNECTION_LIST (user_data); GtkListStore *store; GtkTreeIter iter; NMConnection *connection; NMSettingConnection *s_con; char *last_used; store = get_model_for_connection (self, exported); if (!store) return; connection = nm_exported_connection_get_connection (exported); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); last_used = format_last_used (nm_setting_connection_get_timestamp (s_con)); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, COL_ID, nm_setting_connection_get_id (s_con), COL_LAST_USED, last_used, COL_TIMESTAMP, nm_setting_connection_get_timestamp (s_con), COL_CONNECTION, exported, -1); g_free (last_used); g_signal_connect (exported, ""removed"", G_CALLBACK (connection_removed), store); g_signal_connect (exported, ""updated"", G_CALLBACK (connection_updated), store); }",network-manager-applet,,,105968332294320692396687341652519242417,0 5725,CWE-191,"const char *luaG_findlocal (lua_State *L, CallInfo *ci, int n, StkId *pos) { StkId base = ci->func + 1; const char *name = NULL; if (isLua(ci)) { if (n < 0) return findvararg(ci, -n, pos); else name = luaF_getlocalname(ci_func(ci)->p, n, currentpc(ci)); } if (name == NULL) { StkId limit = (ci == L->ci) ? L->top : ci->next->func; if (limit - base >= n && n > 0) { name = isLua(ci) ? ""(temporary)"" : ""(C temporary)""; } else return NULL; } if (pos) *pos = base + (n - 1); return name; }",visit repo url,ldebug.c,https://github.com/lua/lua,110499225626992,1 4124,CWE-20,"usage (int status) { if (status != EXIT_SUCCESS) fprintf (stderr, _(""Try `%s --help' for more information.\n""), program_name); else { printf (_(""\ Usage: %s [OPTION]... [STRINGS]...\n\ ""), program_name); fputs (_(""\ Internationalized Domain Name (IDNA2008) convert STRINGS, or standard input.\n\ \n\ ""), stdout); fputs (_(""\ Command line interface to the Libidn2 implementation of IDNA2008.\n\ \n\ All strings are expected to be encoded in the locale charset.\n\ \n\ To process a string that starts with `-', for example `-foo', use `--'\n\ to signal the end of parameters, as in `idn2 --quiet -- -foo'.\n\ \n\ Mandatory arguments to long options are mandatory for short options too.\n\ ""), stdout); fputs (_(""\ -h, --help Print help and exit\n\ -V, --version Print version and exit\n\ ""), stdout); fputs (_(""\ -d, --decode Decode (punycode) domain name\n\ -l, --lookup Lookup domain name (default)\n\ -r, --register Register label\n\ ""), stdout); fputs (_(""\ -T, --tr46t Enable TR46 transitional processing\n\ -N, --tr46nt Enable TR46 non-transitional processing\n\ --no-tr46 Disable TR46 processing\n\ ""), stdout); fputs (_(""\ --usestd3asciirules Enable STD3 ASCII rules\n\ --debug Print debugging information\n\ --quiet Silent operation\n\ ""), stdout); emit_bug_reporting_address (); } exit (status); }",visit repo url,src/idn2.c,https://gitlab.com/libidn/libidn2,33021315001386,1 6260,CWE-190,"int util_bits_dig(dig_t a) { return RLC_DIG - arch_lzcnt(a); }",visit repo url,src/relic_util.c,https://github.com/relic-toolkit/relic,246994389849266,1 3088,CWE-310,"void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t1,t2; BN_ULONG c1,c2,c3; c1=0; c2=0; c3=0; sqr_add_c(a,0,c1,c2,c3); r[0]=c1; c1=0; sqr_add_c2(a,1,0,c2,c3,c1); r[1]=c2; c2=0; sqr_add_c(a,1,c3,c1,c2); sqr_add_c2(a,2,0,c3,c1,c2); r[2]=c3; c3=0; sqr_add_c2(a,3,0,c1,c2,c3); sqr_add_c2(a,2,1,c1,c2,c3); r[3]=c1; c1=0; sqr_add_c(a,2,c2,c3,c1); sqr_add_c2(a,3,1,c2,c3,c1); r[4]=c2; c2=0; sqr_add_c2(a,3,2,c3,c1,c2); r[5]=c3; c3=0; sqr_add_c(a,3,c1,c2,c3); r[6]=c1; r[7]=c2; }",visit repo url,crypto/bn/asm/x86_64-gcc.c,https://github.com/openssl/openssl,164808991832931,1 6419,CWE-20,"error_t lpc546xxEthReceivePacket(NetInterface *interface) { error_t error; size_t n; NetRxAncillary ancillary; if((rxDmaDesc[rxIndex].rdes3 & ENET_RDES3_OWN) == 0) { if((rxDmaDesc[rxIndex].rdes3 & ENET_RDES3_FD) != 0 && (rxDmaDesc[rxIndex].rdes3 & ENET_RDES3_LD) != 0) { if((rxDmaDesc[rxIndex].rdes3 & ENET_RDES3_ES) == 0) { n = rxDmaDesc[rxIndex].rdes3 & ENET_RDES3_PL; n = MIN(n, LPC546XX_ETH_RX_BUFFER_SIZE); ancillary = NET_DEFAULT_RX_ANCILLARY; nicProcessPacket(interface, rxBuffer[rxIndex], n, &ancillary); error = NO_ERROR; } else { error = ERROR_INVALID_PACKET; } } else { error = ERROR_INVALID_PACKET; } rxDmaDesc[rxIndex].rdes0 = (uint32_t) rxBuffer[rxIndex]; rxDmaDesc[rxIndex].rdes3 = ENET_RDES3_OWN | ENET_RDES3_IOC | ENET_RDES3_BUF1V; if(++rxIndex >= LPC546XX_ETH_RX_BUFFER_COUNT) { rxIndex = 0; } } else { error = ERROR_BUFFER_EMPTY; } ENET->DMA_CH[0].DMA_CHX_STAT = ENET_DMA_CH_DMA_CHX_STAT_RBU_MASK; ENET->DMA_CH[0].DMA_CHX_RXDESC_TAIL_PTR = 0; return error; }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,156399574393577,1 4812,CWE-415,"static int gemsafe_get_cert_len(sc_card_t *card) { int r; u8 ibuf[GEMSAFE_MAX_OBJLEN]; u8 *iptr; struct sc_path path; struct sc_file *file; size_t objlen, certlen; unsigned int ind, i=0; sc_format_path(GEMSAFE_PATH, &path); r = sc_select_file(card, &path, &file); if (r != SC_SUCCESS || !file) return SC_ERROR_INTERNAL; r = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0); if (r < 0) return SC_ERROR_INTERNAL; objlen = (((size_t) ibuf[0]) << 8) | ibuf[1]; sc_log(card->ctx, ""Stored object is of size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); if (objlen < 1 || objlen > GEMSAFE_MAX_OBJLEN) { sc_log(card->ctx, ""Invalid object size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); return SC_ERROR_INTERNAL; } ind = 2; while (ibuf[ind] == 0x01) { if (ibuf[ind+1] == 0xFE) { gemsafe_prkeys[i].ref = ibuf[ind+4]; sc_log(card->ctx, ""Key container %d is allocated and uses key_ref %d"", i+1, gemsafe_prkeys[i].ref); ind += 9; } else { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; sc_log(card->ctx, ""Key container %d is unallocated"", i+1); ind += 8; } i++; } for (; i < gemsafe_cert_max; i++) { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } iptr = ibuf + GEMSAFE_READ_QUANTUM; while ((size_t)(iptr - ibuf) < objlen) { r = sc_read_binary(card, iptr - ibuf, iptr, MIN(GEMSAFE_READ_QUANTUM, objlen - (iptr - ibuf)), 0); if (r < 0) { sc_log(card->ctx, ""Could not read cert object""); return SC_ERROR_INTERNAL; } iptr += GEMSAFE_READ_QUANTUM; } i = 0; while (ind < objlen - 1) { if (ibuf[ind] == 0x30 && ibuf[ind+1] == 0x82) { while (i < gemsafe_cert_max && gemsafe_cert[i].label == NULL) i++; if (i == gemsafe_cert_max) { sc_log(card->ctx, ""Warning: Found orphaned certificate at offset %d"", ind); return SC_SUCCESS; } if (ind+3 >= sizeof ibuf) return SC_ERROR_INVALID_DATA; certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4; sc_log(card->ctx, ""Found certificate of key container %d at offset %d, len %""SC_FORMAT_LEN_SIZE_T""u"", i+1, ind, certlen); gemsafe_cert[i].index = ind; gemsafe_cert[i].count = certlen; ind += certlen; i++; } else ind++; } for (; i < gemsafe_cert_max; i++) { if (gemsafe_cert[i].label) { sc_log(card->ctx, ""Warning: Certificate of key container %d is missing"", i+1); gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-gemsafeV1.c,https://github.com/OpenSC/OpenSC,187411920034295,1 3332,[],"static inline struct sk_buff *nlmsg_new(size_t payload, gfp_t flags) { return alloc_skb(nlmsg_total_size(payload), flags); }",linux-2.6,,,99421270378452373649245679642658702129,0 5225,CWE-116,"flatpak_builtin_remote_info (int argc, char **argv, GCancellable *cancellable, GError **error) { g_autoptr(GOptionContext) context = NULL; g_autoptr(GPtrArray) dirs = NULL; g_autoptr(FlatpakDir) preferred_dir = NULL; g_autoptr(GVariant) commit_v = NULL; const char *remote; const char *pref; g_autofree char *default_branch = NULL; FlatpakKinds kinds; FlatpakKinds matched_kinds; g_autofree char *match_id = NULL; g_autofree char *match_arch = NULL; g_autofree char *match_branch = NULL; g_autoptr(FlatpakDecomposed) ref = NULL; g_autofree char *commit = NULL; g_autofree char *parent = NULL; g_autoptr(FlatpakRemoteState) state = NULL; gboolean friendly = TRUE; const char *xa_metadata = NULL; const char *collection_id = NULL; const char *eol = NULL; const char *eol_rebase = NULL; g_autoptr(GKeyFile) metakey = NULL; guint64 installed_size = 0; guint64 download_size = 0; g_autofree char *formatted_installed_size = NULL; g_autofree char *formatted_download_size = NULL; const gchar *subject = NULL; guint64 timestamp; g_autofree char *formatted_timestamp = NULL; VarMetadataRef sparse_cache; context = g_option_context_new (_("" REMOTE REF - Show information about an application or runtime in a remote"")); g_option_context_set_translation_domain (context, GETTEXT_PACKAGE); if (!flatpak_option_context_parse (context, options, &argc, &argv, FLATPAK_BUILTIN_FLAG_STANDARD_DIRS, &dirs, cancellable, error)) return FALSE; if (!opt_app && !opt_runtime) opt_app = opt_runtime = TRUE; if (argc < 3) return usage_error (context, _(""REMOTE and REF must be specified""), error); remote = argv[1]; pref = argv[2]; if (!flatpak_resolve_duplicate_remotes (dirs, remote, &preferred_dir, cancellable, error)) return FALSE; default_branch = flatpak_dir_get_remote_default_branch (preferred_dir, remote); kinds = flatpak_kinds_from_bools (opt_app, opt_runtime); if (!flatpak_split_partial_ref_arg (pref, kinds, opt_arch, NULL, &matched_kinds, &match_id, &match_arch, &match_branch, error)) return FALSE; state = get_remote_state (preferred_dir, remote, opt_cached, opt_sideloaded, match_arch, NULL, NULL, error); if (state == NULL) return FALSE; ref = flatpak_dir_find_remote_ref (preferred_dir, state, match_id, match_branch, default_branch, match_arch, matched_kinds, cancellable, error); if (ref == NULL) return FALSE; if (opt_cached) { if (opt_commit) commit = g_strdup (opt_commit); else if (!flatpak_remote_state_lookup_ref (state, flatpak_decomposed_get_ref (ref), &commit, NULL, NULL, NULL, error)) { g_assert (error == NULL || *error != NULL); return FALSE; } } else { commit_v = flatpak_remote_state_load_ref_commit (state, preferred_dir, flatpak_decomposed_get_ref (ref), opt_commit, NULL, &commit, cancellable, error); if (commit_v == NULL) return FALSE; } if (flatpak_remote_state_lookup_sparse_cache (state, flatpak_decomposed_get_ref (ref), &sparse_cache, NULL)) { eol = var_metadata_lookup_string (sparse_cache, FLATPAK_SPARSE_CACHE_KEY_ENDOFLINE, NULL); eol_rebase = var_metadata_lookup_string (sparse_cache, FLATPAK_SPARSE_CACHE_KEY_ENDOFLINE_REBASE, NULL); } if (opt_show_ref || opt_show_commit || opt_show_parent || opt_show_metadata || opt_show_runtime || opt_show_sdk) friendly = FALSE; if (friendly) { int len; int rows, cols; int width; g_autoptr(AsMetadata) mdata = as_metadata_new (); AsComponent *app = NULL; const char *version = NULL; const char *license = NULL; g_autofree char *id = flatpak_decomposed_dup_id (ref); flatpak_get_window_size (&rows, &cols); flatpak_dir_load_appstream_store (preferred_dir, remote, id, mdata, NULL, NULL); app = as_store_find_app (mdata, flatpak_decomposed_get_ref (ref)); if (app) { const char *name = as_component_get_name (app); const char *comment = as_component_get_summary (app); print_wrapped (MIN (cols, 80), ""\n%s - %s\n"", name, comment); version = as_app_get_version (app); license = as_component_get_project_license (app); } if (commit_v) { VarCommitRef var_commit = var_commit_from_gvariant (commit_v); VarMetadataRef commit_metadata; subject = var_commit_get_subject (var_commit); parent = ostree_commit_get_parent (commit_v); timestamp = ostree_commit_get_timestamp (commit_v); commit_metadata = var_commit_get_metadata (var_commit); xa_metadata = var_metadata_lookup_string (commit_metadata, ""xa.metadata"", NULL); if (xa_metadata == NULL) g_printerr (_(""Warning: Commit has no flatpak metadata\n"")); else { metakey = g_key_file_new (); if (!g_key_file_load_from_data (metakey, xa_metadata, -1, 0, error)) return FALSE; } collection_id = var_metadata_lookup_string (commit_metadata, ""ostree.collection-binding"", NULL); installed_size = GUINT64_FROM_BE (var_metadata_lookup_uint64 (commit_metadata, ""xa.installed-size"", 0)); download_size = GUINT64_FROM_BE (var_metadata_lookup_uint64 (commit_metadata, ""xa.download-size"", 0)); formatted_installed_size = g_format_size (installed_size); formatted_download_size = g_format_size (download_size); formatted_timestamp = format_timestamp (timestamp); } len = 0; len = MAX (len, g_utf8_strlen (_(""ID:""), -1)); len = MAX (len, g_utf8_strlen (_(""Ref:""), -1)); len = MAX (len, g_utf8_strlen (_(""Arch:""), -1)); len = MAX (len, g_utf8_strlen (_(""Branch:""), -1)); if (version != NULL) len = MAX (len, g_utf8_strlen (_(""Version:""), -1)); if (license != NULL) len = MAX (len, g_utf8_strlen (_(""License:""), -1)); if (collection_id != NULL) len = MAX (len, g_utf8_strlen (_(""Collection:""), -1)); if (formatted_download_size) len = MAX (len, g_utf8_strlen (_(""Download:""), -1)); if (formatted_installed_size) len = MAX (len, g_utf8_strlen (_(""Installed:""), -1)); if (flatpak_decomposed_is_app (ref) == 0 && metakey != NULL) { len = MAX (len, g_utf8_strlen (_(""Runtime:""), -1)); len = MAX (len, g_utf8_strlen (_(""Sdk:""), -1)); } if (formatted_timestamp) len = MAX (len, g_utf8_strlen (_(""Date:""), -1)); if (subject) len = MAX (len, g_utf8_strlen (_(""Subject:""), -1)); len = MAX (len, g_utf8_strlen (_(""Commit:""), -1)); if (parent) len = MAX (len, g_utf8_strlen (_(""Parent:""), -1)); if (eol) len = MAX (len, strlen (_(""End-of-life:""))); if (eol_rebase) len = MAX (len, strlen (_(""End-of-life-rebase:""))); if (opt_log) len = MAX (len, g_utf8_strlen (_(""History:""), -1)); width = cols - (len + 1); print_aligned (len, _(""ID:""), id); print_aligned (len, _(""Ref:""), flatpak_decomposed_get_ref (ref)); print_aligned_take (len, _(""Arch:""), flatpak_decomposed_dup_arch (ref)); print_aligned_take (len, _(""Branch:""), flatpak_decomposed_dup_branch (ref)); if (version != NULL) print_aligned (len, _(""Version:""), version); if (license != NULL) print_aligned (len, _(""License:""), license); if (collection_id != NULL) print_aligned (len, _(""Collection:""), collection_id); if (formatted_download_size) print_aligned (len, _(""Download:""), formatted_download_size); if (formatted_installed_size) print_aligned (len, _(""Installed:""), formatted_installed_size); if (flatpak_decomposed_is_app (ref) && metakey != NULL) { g_autofree char *runtime = g_key_file_get_string (metakey, ""Application"", ""runtime"", error); print_aligned (len, _(""Runtime:""), runtime ? runtime : ""-""); } if (flatpak_decomposed_is_app (ref) && metakey != NULL) { g_autofree char *sdk = g_key_file_get_string (metakey, ""Application"", ""sdk"", error); print_aligned (len, _(""Sdk:""), sdk ? sdk : ""-""); } g_print (""\n""); { g_autofree char *formatted_commit = ellipsize_string (commit, width); print_aligned (len, _(""Commit:""), formatted_commit); } if (parent) { g_autofree char *formatted_commit = ellipsize_string (parent, width); print_aligned (len, _(""Parent:""), formatted_commit); } if (eol) { g_autofree char *formatted_eol = ellipsize_string (eol, width); print_aligned (len, _(""End-of-life:""), formatted_eol); } if (eol_rebase) { g_autofree char *formatted_eol = ellipsize_string (eol_rebase, width); print_aligned (len, _(""End-of-life-rebase:""), formatted_eol); } if (subject) print_aligned (len, _(""Subject:""), subject); if (formatted_timestamp) print_aligned (len, _(""Date:""), formatted_timestamp); if (opt_log) { g_autofree char *p = g_strdup (parent); print_aligned (len, _(""History:""), ""\n""); while (p) { g_autofree char *p_parent = NULL; const gchar *p_subject; guint64 p_timestamp; g_autofree char *p_formatted_timestamp = NULL; g_autoptr(GVariant) p_commit_v = NULL; VarCommitRef p_commit; p_commit_v = flatpak_remote_state_load_ref_commit (state, preferred_dir, flatpak_decomposed_get_ref (ref), p, NULL, NULL, cancellable, NULL); if (p_commit_v == NULL) break; p_parent = ostree_commit_get_parent (p_commit_v); p_timestamp = ostree_commit_get_timestamp (p_commit_v); p_formatted_timestamp = format_timestamp (p_timestamp); p_commit = var_commit_from_gvariant (p_commit_v); p_subject = var_commit_get_subject (p_commit); print_aligned (len, _("" Commit:""), p); print_aligned (len, _("" Subject:""), p_subject); print_aligned (len, _("" Date:""), p_formatted_timestamp); g_free (p); p = g_steal_pointer (&p_parent); if (p) g_print (""\n""); } } } else { g_autoptr(GVariant) c_v = NULL; g_autofree char *c = g_strdup (commit); if (commit_v) c_v = g_variant_ref (commit_v); do { g_autofree char *p = NULL; g_autoptr(GVariant) c_m = NULL; gboolean first = TRUE; if (c_v) { c_m = g_variant_get_child_value (c_v, 0); p = ostree_commit_get_parent (c_v); } if (c_m) { g_variant_lookup (c_m, ""xa.metadata"", ""&s"", &xa_metadata); if (xa_metadata == NULL) g_printerr (_(""Warning: Commit %s has no flatpak metadata\n""), c); else { metakey = g_key_file_new (); if (!g_key_file_load_from_data (metakey, xa_metadata, -1, 0, error)) return FALSE; } } if (opt_show_ref) { maybe_print_space (&first); g_print (""%s"", flatpak_decomposed_get_ref (ref)); } if (opt_show_commit) { maybe_print_space (&first); g_print (""%s"", c); } if (opt_show_parent) { maybe_print_space (&first); g_print (""%s"", p ? p : ""-""); } if (opt_show_runtime) { g_autofree char *runtime = NULL; maybe_print_space (&first); if (metakey) runtime = g_key_file_get_string (metakey, flatpak_decomposed_get_kind_metadata_group (ref), ""runtime"", NULL); g_print (""%s"", runtime ? runtime : ""-""); } if (opt_show_sdk) { g_autofree char *sdk = NULL; maybe_print_space (&first); if (metakey) sdk = g_key_file_get_string (metakey, flatpak_decomposed_get_kind_metadata_group (ref), ""sdk"", NULL); g_print (""%s"", sdk ? sdk : ""-""); } if (!first) g_print (""\n""); if (opt_show_metadata) { g_print (""%s"", xa_metadata ? xa_metadata : """"); if (xa_metadata == NULL || !g_str_has_suffix (xa_metadata, ""\n"")) g_print (""\n""); } g_free (c); c = g_steal_pointer (&p); if (c_v) g_variant_unref (c_v); c_v = NULL; if (c && opt_log) c_v = flatpak_remote_state_load_ref_commit (state, preferred_dir, flatpak_decomposed_get_ref (ref), c, NULL, NULL, cancellable, NULL); } while (c_v != NULL); } return TRUE; }",visit repo url,app/flatpak-builtins-remote-info.c,https://github.com/flatpak/flatpak,188573672040371,1 642,[],"static int dccp_close_state(struct sock *sk) { const int next = dccp_new_state[sk->sk_state]; const int ns = next & DCCP_STATE_MASK; if (ns != sk->sk_state) dccp_set_state(sk, ns); return next & DCCP_ACTION_FIN; }",linux-2.6,,,247136023273655611104097520098949112484,0 5783,CWE-125,"snmp_ber_decode_integer(unsigned char *buf, uint32_t *buff_len, uint32_t *num) { uint8_t i, len, type; buf = snmp_ber_decode_type(buf, buff_len, &type); if(buf == NULL || type != BER_DATA_TYPE_INTEGER) { return NULL; } buf = snmp_ber_decode_length(buf, buff_len, &len); if(buf == NULL || len > 4) { return NULL; } if(*buff_len < len) { return NULL; } *num = (uint32_t)(*buf++ & 0xFF); (*buff_len)--; for(i = 1; i < len; ++i) { *num <<= 8; *num |= (uint8_t)(*buf++ & 0xFF); (*buff_len)--; } return buf; }",visit repo url,os/net/app-layer/snmp/snmp-ber.c,https://github.com/contiki-ng/contiki-ng,177984363223870,1 1402,CWE-310,"static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_aead raead; struct aead_alg *aead = &alg->cra_aead; snprintf(raead.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""nivaead""); snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", aead->geniv); raead.blocksize = alg->cra_blocksize; raead.maxauthsize = aead->maxauthsize; raead.ivsize = aead->ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(struct crypto_report_aead), &raead)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/aead.c,https://github.com/torvalds/linux,196202653783542,1 1498,[],"static inline void unregister_rt_sched_group(struct task_group *tg, int cpu) { list_del_rcu(&tg->rt_rq[cpu]->leaf_rt_rq_list); }",linux-2.6,,,76171292866443355824459613545697554577,0 5920,['CWE-909'],"static int tc_dump_tclass(struct sk_buff *skb, struct netlink_callback *cb) { struct tcmsg *tcm = (struct tcmsg*)NLMSG_DATA(cb->nlh); struct net *net = sock_net(skb->sk); struct netdev_queue *dev_queue; struct net_device *dev; int t, s_t; if (net != &init_net) return 0; if (cb->nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*tcm))) return 0; if ((dev = dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL) return 0; s_t = cb->args[0]; t = 0; dev_queue = netdev_get_tx_queue(dev, 0); if (tc_dump_tclass_root(dev_queue->qdisc_sleeping, skb, tcm, cb, &t, s_t) < 0) goto done; dev_queue = &dev->rx_queue; if (tc_dump_tclass_root(dev_queue->qdisc_sleeping, skb, tcm, cb, &t, s_t) < 0) goto done; done: cb->args[0] = t; dev_put(dev); return skb->len; }",linux-2.6,,,148026292654141458560515682256568772762,0 2893,CWE-119,"horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc) { TIFFPredictorState* sp = PredictorState(tif); tmsize_t stride = sp->stride; uint16 *wp = (uint16*) cp0; tmsize_t wc = cc/2; assert((cc%(2*stride))==0); if (wc > stride) { wc -= stride; wp += wc - 1; do { REPEAT4(stride, wp[stride] = (uint16)(((unsigned int)wp[stride] - (unsigned int)wp[0]) & 0xffff); wp--) wc -= stride; } while (wc > 0); } }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,146379913406500,1 6211,CWE-190,"void fp12_exp_cyc_sps(fp12_t c, const fp12_t a, const int *b, int len, int sign) { int i, j, k, w = len; fp12_t t, *u = RLC_ALLOCA(fp12_t, w); if (len == 0) { RLC_FREE(u); fp12_set_dig(c, 1); return; } fp12_null(t); RLC_TRY { if (u == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (i = 0; i < w; i++) { fp12_null(u[i]); fp12_new(u[i]); } fp12_new(t); fp12_copy(t, a); if (b[0] == 0) { for (j = 0, i = 1; i < len; i++) { k = (b[i] < 0 ? -b[i] : b[i]); for (; j < k; j++) { fp12_sqr_pck(t, t); } if (b[i] < 0) { fp12_inv_cyc(u[i - 1], t); } else { fp12_copy(u[i - 1], t); } } fp12_back_cyc_sim(u, u, w - 1); fp12_copy(c, a); for (i = 0; i < w - 1; i++) { fp12_mul(c, c, u[i]); } } else { for (j = 0, i = 0; i < len; i++) { k = (b[i] < 0 ? -b[i] : b[i]); for (; j < k; j++) { fp12_sqr_pck(t, t); } if (b[i] < 0) { fp12_inv_cyc(u[i], t); } else { fp12_copy(u[i], t); } } fp12_back_cyc_sim(u, u, w); fp12_copy(c, u[0]); for (i = 1; i < w; i++) { fp12_mul(c, c, u[i]); } } if (sign == RLC_NEG) { fp12_inv_cyc(c, c); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < w; i++) { fp12_free(u[i]); } fp12_free(t); RLC_FREE(u); } }",visit repo url,src/fpx/relic_fpx_cyc.c,https://github.com/relic-toolkit/relic,82783869492705,1 6676,['CWE-200'],"do_delete (NMExportedConnection *exported, GError **error) { NMAGConfConnectionPrivate *priv = NMA_GCONF_CONNECTION_GET_PRIVATE (exported); gboolean success; DBusGMethodInvocation *context; context = g_object_get_data (G_OBJECT (exported), NM_EXPORTED_CONNECTION_DBUS_METHOD_INVOCATION); if (context && !is_user_request_authorized (context, error)) { nm_warning (""%s.%d - Connection delete permission denied: (%d) %s"", __FILE__, __LINE__, (*error)->code, (*error)->message); return FALSE; } success = gconf_client_recursive_unset (priv->client, priv->dir, 0, error); gconf_client_suggest_sync (priv->client, NULL); return success; }",network-manager-applet,,,85439879035672279728561208436382550458,0 6749,['CWE-310'],"nm_gconf_get_bytearray_helper (GConfClient *client, const char *path, const char *key, const char *setting, GByteArray **value) { char *gc_key; GConfValue *gc_value; GByteArray *array; gboolean success = FALSE; g_return_val_if_fail (key != NULL, FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (value != NULL, FALSE); gc_key = g_strdup_printf (""%s/%s/%s"", path, setting, key); if (!(gc_value = gconf_client_get (client, gc_key, NULL))) goto out; if (gc_value->type == GCONF_VALUE_LIST && gconf_value_get_list_type (gc_value) == GCONF_VALUE_INT) { GSList *elt; array = g_byte_array_new (); for (elt = gconf_value_get_list (gc_value); elt != NULL; elt = g_slist_next (elt)) { int i = gconf_value_get_int ((GConfValue *) elt->data); unsigned char val = (unsigned char) (i & 0xFF); if (i < 0 || i > 255) { g_log (G_LOG_DOMAIN, G_LOG_LEVEL_WARNING, ""value %d out-of-range for a byte value"", i); g_byte_array_free (array, TRUE); goto out; } g_byte_array_append (array, (const unsigned char *) &val, sizeof (val)); } *value = array; success = TRUE; } out: if (gc_value) gconf_value_free (gc_value); g_free (gc_key); return success; }",network-manager-applet,,,88224582649413791962918075037939923309,0 3337,[],"static inline int nlmsg_validate(struct nlmsghdr *nlh, int hdrlen, int maxtype, const struct nla_policy *policy) { if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) return -EINVAL; return nla_validate(nlmsg_attrdata(nlh, hdrlen), nlmsg_attrlen(nlh, hdrlen), maxtype, policy); }",linux-2.6,,,92809737585524424709474219614123146511,0 3694,[],"void __scm_destroy(struct scm_cookie *scm) { struct scm_fp_list *fpl = scm->fp; int i; if (fpl) { scm->fp = NULL; if (current->scm_work_list) { list_add_tail(&fpl->list, current->scm_work_list); } else { LIST_HEAD(work_list); current->scm_work_list = &work_list; list_add(&fpl->list, &work_list); while (!list_empty(&work_list)) { fpl = list_first_entry(&work_list, struct scm_fp_list, list); list_del(&fpl->list); for (i=fpl->count-1; i>=0; i--) fput(fpl->fp[i]); kfree(fpl); } current->scm_work_list = NULL; } } }",linux-2.6,,,299607279189029810106571180110077907204,0 1573,[],"wait_for_common(struct completion *x, long timeout, int state) { might_sleep(); spin_lock_irq(&x->wait.lock); timeout = do_wait_for_common(x, timeout, state); spin_unlock_irq(&x->wait.lock); return timeout; }",linux-2.6,,,236518324561992635144907464467146665590,0 858,['CWE-119'],"int DIVERT_REG_NAME(isdn_divert_if *i_div) { if (i_div->if_magic != DIVERT_IF_MAGIC) return(DIVERT_VER_ERR); switch (i_div->cmd) { case DIVERT_CMD_REL: if (divert_if != i_div) return(DIVERT_REL_ERR); divert_if = NULL; return(DIVERT_NO_ERR); case DIVERT_CMD_REG: if (divert_if) return(DIVERT_REG_ERR); i_div->ll_cmd = isdn_command; i_div->drv_to_name = map_drvname; i_div->name_to_drv = map_namedrv; divert_if = i_div; return(DIVERT_NO_ERR); default: return(DIVERT_CMD_ERR); } } ",linux-2.6,,,55611136970532414106607640281477588754,0 3198,['CWE-189'],"static void jp2_cmap_destroy(jp2_box_t *box) { jp2_cmap_t *cmap = &box->data.cmap; if (cmap->ents) { jas_free(cmap->ents); } }",jasper,,,330571286681944323457869529388546063633,0 1300,CWE-399,"hugetlbfs_fill_super(struct super_block *sb, void *data, int silent) { struct inode * inode; struct dentry * root; int ret; struct hugetlbfs_config config; struct hugetlbfs_sb_info *sbinfo; save_mount_options(sb, data); config.nr_blocks = -1; config.nr_inodes = -1; config.uid = current_fsuid(); config.gid = current_fsgid(); config.mode = 0755; config.hstate = &default_hstate; ret = hugetlbfs_parse_options(data, &config); if (ret) return ret; sbinfo = kmalloc(sizeof(struct hugetlbfs_sb_info), GFP_KERNEL); if (!sbinfo) return -ENOMEM; sb->s_fs_info = sbinfo; sbinfo->hstate = config.hstate; spin_lock_init(&sbinfo->stat_lock); sbinfo->max_blocks = config.nr_blocks; sbinfo->free_blocks = config.nr_blocks; sbinfo->max_inodes = config.nr_inodes; sbinfo->free_inodes = config.nr_inodes; sb->s_maxbytes = MAX_LFS_FILESIZE; sb->s_blocksize = huge_page_size(config.hstate); sb->s_blocksize_bits = huge_page_shift(config.hstate); sb->s_magic = HUGETLBFS_MAGIC; sb->s_op = &hugetlbfs_ops; sb->s_time_gran = 1; inode = hugetlbfs_get_root(sb, &config); if (!inode) goto out_free; root = d_alloc_root(inode); if (!root) { iput(inode); goto out_free; } sb->s_root = root; return 0; out_free: kfree(sbinfo); return -ENOMEM; }",visit repo url,fs/hugetlbfs/inode.c,https://github.com/torvalds/linux,132609747839322,1 6415,CWE-20,"error_t am335xEthDeleteVlanAddrEntry(uint_t port, uint_t vlanId, MacAddr *macAddr) { error_t error; uint_t index; Am335xAleEntry entry; index = am335xEthFindVlanAddrEntry(vlanId, macAddr); if(index < CPSW_ALE_MAX_ENTRIES) { entry.word2 = 0; entry.word1 = 0; entry.word0 = 0; am335xEthWriteEntry(index, &entry); error = NO_ERROR; } else { error = ERROR_NOT_FOUND; } return error; }",visit repo url,drivers/mac/am335x_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,91138518330959,1 1600,CWE-264,"static struct sock *dccp_v6_request_recv_sock(const struct sock *sk, struct sk_buff *skb, struct request_sock *req, struct dst_entry *dst, struct request_sock *req_unhash, bool *own_req) { struct inet_request_sock *ireq = inet_rsk(req); struct ipv6_pinfo *newnp; const struct ipv6_pinfo *np = inet6_sk(sk); struct inet_sock *newinet; struct dccp6_sock *newdp6; struct sock *newsk; if (skb->protocol == htons(ETH_P_IP)) { newsk = dccp_v4_request_recv_sock(sk, skb, req, dst, req_unhash, own_req); if (newsk == NULL) return NULL; newdp6 = (struct dccp6_sock *)newsk; newinet = inet_sk(newsk); newinet->pinet6 = &newdp6->inet6; newnp = inet6_sk(newsk); memcpy(newnp, np, sizeof(struct ipv6_pinfo)); newnp->saddr = newsk->sk_v6_rcv_saddr; inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped; newsk->sk_backlog_rcv = dccp_v4_do_rcv; newnp->pktoptions = NULL; newnp->opt = NULL; newnp->mcast_oif = inet6_iif(skb); newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); return newsk; } if (sk_acceptq_is_full(sk)) goto out_overflow; if (!dst) { struct flowi6 fl6; dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_DCCP); if (!dst) goto out; } newsk = dccp_create_openreq_child(sk, req, skb); if (newsk == NULL) goto out_nonewsk; __ip6_dst_store(newsk, dst, NULL, NULL); newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | NETIF_F_TSO); newdp6 = (struct dccp6_sock *)newsk; newinet = inet_sk(newsk); newinet->pinet6 = &newdp6->inet6; newnp = inet6_sk(newsk); memcpy(newnp, np, sizeof(struct ipv6_pinfo)); newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; newnp->saddr = ireq->ir_v6_loc_addr; newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; newsk->sk_bound_dev_if = ireq->ir_iif; newinet->inet_opt = NULL; newnp->rxopt.all = np->rxopt.all; newnp->pktoptions = NULL; newnp->opt = NULL; newnp->mcast_oif = inet6_iif(skb); newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; if (np->opt != NULL) newnp->opt = ipv6_dup_options(newsk, np->opt); inet_csk(newsk)->icsk_ext_hdr_len = 0; if (newnp->opt != NULL) inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + newnp->opt->opt_flen); dccp_sync_mss(newsk, dst_mtu(dst)); newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; newinet->inet_rcv_saddr = LOOPBACK4_IPV6; if (__inet_inherit_port(sk, newsk) < 0) { inet_csk_prepare_forced_close(newsk); dccp_done(newsk); goto out; } *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); if (*own_req && ireq->pktopts) { newnp->pktoptions = skb_clone(ireq->pktopts, GFP_ATOMIC); consume_skb(ireq->pktopts); ireq->pktopts = NULL; if (newnp->pktoptions) skb_set_owner_r(newnp->pktoptions, newsk); } return newsk; out_overflow: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); out_nonewsk: dst_release(dst); out: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); return NULL; }",visit repo url,net/dccp/ipv6.c,https://github.com/torvalds/linux,200545287490863,1 1063,CWE-189,"static int sgi_timer_set(struct k_itimer *timr, int flags, struct itimerspec * new_setting, struct itimerspec * old_setting) { unsigned long when, period, irqflags; int err = 0; cnodeid_t nodeid; struct mmtimer *base; struct rb_node *n; if (old_setting) sgi_timer_get(timr, old_setting); sgi_timer_del(timr); when = timespec_to_ns(new_setting->it_value); period = timespec_to_ns(new_setting->it_interval); if (when == 0) return 0; base = kmalloc(sizeof(struct mmtimer), GFP_KERNEL); if (base == NULL) return -ENOMEM; if (flags & TIMER_ABSTIME) { struct timespec n; unsigned long now; getnstimeofday(&n); now = timespec_to_ns(n); if (when > now) when -= now; else when = 0; } when = (when + sgi_clock_period - 1) / sgi_clock_period + rtc_time(); period = (period + sgi_clock_period - 1) / sgi_clock_period; preempt_disable(); nodeid = cpu_to_node(smp_processor_id()); spin_lock_irqsave(&timers[nodeid].lock, irqflags); base->timer = timr; base->cpu = smp_processor_id(); timr->it.mmtimer.clock = TIMER_SET; timr->it.mmtimer.node = nodeid; timr->it.mmtimer.incr = period; timr->it.mmtimer.expires = when; n = timers[nodeid].next; mmtimer_add_list(base); if (timers[nodeid].next == n) { spin_unlock_irqrestore(&timers[nodeid].lock, irqflags); preempt_enable(); return err; } if (n) mmtimer_disable_int(cnodeid_to_nasid(nodeid), COMPARATOR); mmtimer_set_next_timer(nodeid); spin_unlock_irqrestore(&timers[nodeid].lock, irqflags); preempt_enable(); return err; }",visit repo url,drivers/char/mmtimer.c,https://github.com/torvalds/linux,256866547439057,1 1345,['CWE-399'],"static struct ip_tunnel **__ipip6_bucket(struct sit_net *sitn, struct ip_tunnel_parm *parms) { __be32 remote = parms->iph.daddr; __be32 local = parms->iph.saddr; unsigned h = 0; int prio = 0; if (remote) { prio |= 2; h ^= HASH(remote); } if (local) { prio |= 1; h ^= HASH(local); } return &sitn->tunnels[prio][h]; }",linux-2.6,,,305936646403244694156247192921602924589,0 3190,['CWE-189'],"jas_image_t *jpc_decode(jas_stream_t *in, char *optstr) { jpc_dec_importopts_t opts; jpc_dec_t *dec; jas_image_t *image; dec = 0; if (jpc_dec_parseopts(optstr, &opts)) { goto error; } jpc_initluts(); if (!(dec = jpc_dec_create(&opts, in))) { goto error; } if (jpc_dec_decode(dec)) { goto error; } if (jas_image_numcmpts(dec->image) >= 3) { jas_image_setclrspc(dec->image, JAS_CLRSPC_SRGB); jas_image_setcmpttype(dec->image, 0, JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_R)); jas_image_setcmpttype(dec->image, 1, JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_G)); jas_image_setcmpttype(dec->image, 2, JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_B)); } else { jas_image_setclrspc(dec->image, JAS_CLRSPC_SGRAY); jas_image_setcmpttype(dec->image, 0, JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_GRAY_Y)); } image = dec->image; dec->image = 0; jpc_dec_destroy(dec); return image; error: if (dec) { jpc_dec_destroy(dec); } return 0; }",jasper,,,15514509265472462349495607503020593744,0 6169,['CWE-200'],"static void neigh_hash_free(struct neighbour **hash, unsigned int entries) { unsigned long size = entries * sizeof(struct neighbour *); if (size <= PAGE_SIZE) kfree(hash); else free_pages((unsigned long)hash, get_order(size)); }",linux-2.6,,,248457524767825529407181673071475869086,0 3378,CWE-772,"static Image *ReadMATImage(const ImageInfo *image_info,ExceptionInfo *exception) { Image *image, *image2=NULL, *rotated_image; register Quantum *q; unsigned int status; MATHeader MATLAB_HDR; size_t size; size_t CellType; QuantumInfo *quantum_info; ImageInfo *clone_info; int i; ssize_t ldblk; unsigned char *BImgBuff = NULL; double MinVal, MaxVal; unsigned z, z2; unsigned Frames; int logging; int sample_size; MagickOffsetType filepos=0x80; BlobInfo *blob; size_t one; unsigned int (*ReadBlobXXXLong)(Image *image); unsigned short (*ReadBlobXXXShort)(Image *image); void (*ReadBlobDoublesXXX)(Image * image, size_t len, double *data); void (*ReadBlobFloatsXXX)(Image * image, size_t len, float *data); assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); logging = LogMagickEvent(CoderEvent,GetMagickModule(),""enter""); image = AcquireImage(image_info,exception); status = OpenBlob(image_info, image, ReadBinaryBlobMode, exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } clone_info=CloneImageInfo(image_info); if (ReadBlob(image,124,(unsigned char *) &MATLAB_HDR.identific) != 124) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (strncmp(MATLAB_HDR.identific,""MATLAB"",6) != 0) { image2=ReadMATImageV4(image_info,image,exception); if (image2 == NULL) goto MATLAB_KO; image=image2; goto END_OF_READING; } MATLAB_HDR.Version = ReadBlobLSBShort(image); if(ReadBlob(image,2,(unsigned char *) &MATLAB_HDR.EndianIndicator) != 2) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (logging) (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" Endian %c%c"", MATLAB_HDR.EndianIndicator[0],MATLAB_HDR.EndianIndicator[1]); if (!strncmp(MATLAB_HDR.EndianIndicator, ""IM"", 2)) { ReadBlobXXXLong = ReadBlobLSBLong; ReadBlobXXXShort = ReadBlobLSBShort; ReadBlobDoublesXXX = ReadBlobDoublesLSB; ReadBlobFloatsXXX = ReadBlobFloatsLSB; image->endian = LSBEndian; } else if (!strncmp(MATLAB_HDR.EndianIndicator, ""MI"", 2)) { ReadBlobXXXLong = ReadBlobMSBLong; ReadBlobXXXShort = ReadBlobMSBShort; ReadBlobDoublesXXX = ReadBlobDoublesMSB; ReadBlobFloatsXXX = ReadBlobFloatsMSB; image->endian = MSBEndian; } else goto MATLAB_KO; if (strncmp(MATLAB_HDR.identific, ""MATLAB"", 6)) MATLAB_KO: ThrowReaderException(CorruptImageError,""ImproperImageHeader""); filepos = TellBlob(image); while(!EOFBlob(image)) { Frames = 1; (void) SeekBlob(image,filepos,SEEK_SET); MATLAB_HDR.DataType = ReadBlobXXXLong(image); if(EOFBlob(image)) break; MATLAB_HDR.ObjectSize = ReadBlobXXXLong(image); if(EOFBlob(image)) break; filepos += MATLAB_HDR.ObjectSize + 4 + 4; image2 = image; #if defined(MAGICKCORE_ZLIB_DELEGATE) if(MATLAB_HDR.DataType == miCOMPRESSED) { image2 = DecompressBlock(image,MATLAB_HDR.ObjectSize,clone_info,exception); if(image2==NULL) continue; MATLAB_HDR.DataType = ReadBlobXXXLong(image2); } #endif if(MATLAB_HDR.DataType!=miMATRIX) continue; MATLAB_HDR.unknown1 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown2 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown5 = ReadBlobXXXLong(image2); MATLAB_HDR.StructureClass = MATLAB_HDR.unknown5 & 0xFF; MATLAB_HDR.StructureFlag = (MATLAB_HDR.unknown5>>8) & 0xFF; MATLAB_HDR.unknown3 = ReadBlobXXXLong(image2); if(image!=image2) MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.DimFlag = ReadBlobXXXLong(image2); MATLAB_HDR.SizeX = ReadBlobXXXLong(image2); MATLAB_HDR.SizeY = ReadBlobXXXLong(image2); switch(MATLAB_HDR.DimFlag) { case 8: z2=z=1; break; case 12: z2=z = ReadBlobXXXLong(image2); (void) ReadBlobXXXLong(image2); if(z!=3) ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); break; case 16: z2=z = ReadBlobXXXLong(image2); if(z!=3 && z!=1) ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); Frames = ReadBlobXXXLong(image2); if (Frames == 0) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); break; default: ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); } MATLAB_HDR.Flag1 = ReadBlobXXXShort(image2); MATLAB_HDR.NameFlag = ReadBlobXXXShort(image2); if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.StructureClass %d"",MATLAB_HDR.StructureClass); if (MATLAB_HDR.StructureClass != mxCHAR_CLASS && MATLAB_HDR.StructureClass != mxSINGLE_CLASS && MATLAB_HDR.StructureClass != mxDOUBLE_CLASS && MATLAB_HDR.StructureClass != mxINT8_CLASS && MATLAB_HDR.StructureClass != mxUINT8_CLASS && MATLAB_HDR.StructureClass != mxINT16_CLASS && MATLAB_HDR.StructureClass != mxUINT16_CLASS && MATLAB_HDR.StructureClass != mxINT32_CLASS && MATLAB_HDR.StructureClass != mxUINT32_CLASS && MATLAB_HDR.StructureClass != mxINT64_CLASS && MATLAB_HDR.StructureClass != mxUINT64_CLASS) ThrowReaderException(CoderError,""UnsupportedCellTypeInTheMatrix""); switch (MATLAB_HDR.NameFlag) { case 0: size = ReadBlobXXXLong(image2); size = 4 * (ssize_t) ((size + 3 + 1) / 4); (void) SeekBlob(image2, size, SEEK_CUR); break; case 1: case 2: case 3: case 4: (void) ReadBlob(image2, 4, (unsigned char *) &size); break; default: goto MATLAB_KO; } CellType = ReadBlobXXXLong(image2); if (logging) (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.CellType: %.20g"",(double) CellType); (void) ReadBlob(image2, 4, (unsigned char *) &size); NEXT_FRAME: switch (CellType) { case miINT8: case miUINT8: sample_size = 8; if(MATLAB_HDR.StructureFlag & FLAG_LOGICAL) image->depth = 1; else image->depth = 8; ldblk = (ssize_t) MATLAB_HDR.SizeX; break; case miINT16: case miUINT16: sample_size = 16; image->depth = 16; ldblk = (ssize_t) (2 * MATLAB_HDR.SizeX); break; case miINT32: case miUINT32: sample_size = 32; image->depth = 32; ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miINT64: case miUINT64: sample_size = 64; image->depth = 64; ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; case miSINGLE: sample_size = 32; image->depth = 32; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miDOUBLE: sample_size = 64; image->depth = 64; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); DisableMSCWarning(4127) if (sizeof(double) != 8) RestoreMSCWarning ThrowReaderException(CoderError, ""IncompatibleSizeOfDouble""); if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; default: ThrowReaderException(CoderError, ""UnsupportedCellTypeInTheMatrix""); } (void) sample_size; image->columns = MATLAB_HDR.SizeX; image->rows = MATLAB_HDR.SizeY; quantum_info=AcquireQuantumInfo(clone_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); one=1; image->colors = one << image->depth; if (image->columns == 0 || image->rows == 0) goto MATLAB_KO; if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) { image->type=GrayscaleType; SetImageColorspace(image,GRAYColorspace,exception); } if (image_info->ping) { size_t temp = image->columns; image->columns = image->rows; image->rows = temp; goto done_reading; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); BImgBuff = (unsigned char *) AcquireQuantumMemory((size_t) (ldblk),sizeof(double)); if (BImgBuff == NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); (void) ResetMagickMemory(BImgBuff,0,ldblk*sizeof(double)); MinVal = 0; MaxVal = 0; if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2, image_info->endian, MATLAB_HDR.SizeX, MATLAB_HDR.SizeY, CellType, ldblk, BImgBuff, &quantum_info->minimum, &quantum_info->maximum); } if(z==1) z=0; do { for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { q=GetAuthenticPixels(image,0,MATLAB_HDR.SizeY-i-1,image->columns,1,exception); if (q == (Quantum *) NULL) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT set image pixels returns unexpected NULL on a row %u."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto done_reading; } if(ReadBlob(image2,ldblk,(unsigned char *)BImgBuff) != (ssize_t) ldblk) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT cannot read scanrow %u from a file."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } if((CellType==miINT8 || CellType==miUINT8) && (MATLAB_HDR.StructureFlag & FLAG_LOGICAL)) { FixLogical((unsigned char *)BImgBuff,ldblk); if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) { ImportQuantumPixelsFailed: if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to ImportQuantumPixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); break; } } else { if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) goto ImportQuantumPixelsFailed; if (z<=1 && (CellType==miINT8 || CellType==miINT16 || CellType==miINT32 || CellType==miINT64)) FixSignedValues(image,q,MATLAB_HDR.SizeX); } if (!SyncAuthenticPixels(image,exception)) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to sync image pixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } } } while(z-- >= 2); ExitLoop: if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { CellType = ReadBlobXXXLong(image2); i = ReadBlobXXXLong(image2); if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2, image_info->endian, MATLAB_HDR.SizeX, MATLAB_HDR.SizeY, CellType, ldblk, BImgBuff, &MinVal, &MaxVal); } if (CellType==miDOUBLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobDoublesXXX(image2, ldblk, (double *)BImgBuff); InsertComplexDoubleRow(image, (double *)BImgBuff, i, MinVal, MaxVal, exception); } if (CellType==miSINGLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobFloatsXXX(image2, ldblk, (float *)BImgBuff); InsertComplexFloatRow(image,(float *)BImgBuff,i,MinVal,MaxVal, exception); } } if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) image->type=GrayscaleType; if (image->depth == 1) image->type=BilevelType; if(image2==image) image2 = NULL; rotated_image = RotateImage(image, 90.0, exception); if (rotated_image != (Image *) NULL) { rotated_image->page.x=0; rotated_image->page.y=0; blob = rotated_image->blob; rotated_image->blob = image->blob; rotated_image->colors = image->colors; image->blob = blob; AppendImageToList(&image,rotated_image); DeleteImageFromList(&image); } done_reading: if(image2!=NULL) if(image2!=image) { DeleteImageFromList(&image2); if(clone_info) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } AcquireNextImage(image_info,image,exception); if (image->next == (Image *) NULL) break; image=SyncNextImageInList(image); image->columns=image->rows=0; image->colors=0; RelinquishMagickMemory(BImgBuff); BImgBuff = NULL; if(--Frames>0) { z = z2; if(image2==NULL) image2 = image; goto NEXT_FRAME; } if ((image2!=NULL) && (image2!=image)) { DeleteImageFromList(&image2); if(clone_info) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } } RelinquishMagickMemory(BImgBuff); quantum_info=DestroyQuantumInfo(quantum_info); END_OF_READING: clone_info=DestroyImageInfo(clone_info); CloseBlob(image); { Image *p; ssize_t scene=0; p=image; image=NULL; while (p != (Image *) NULL) { Image *tmp=p; if ((p->rows == 0) || (p->columns == 0)) { p=p->previous; DeleteImageFromList(&tmp); } else { image=p; p=p->previous; } } for (p=image; p != (Image *) NULL; p=p->next) p->scene=scene++; } if(clone_info != NULL) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } DestroyImageInfo(clone_info); clone_info = NULL; } if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(),""return""); if(image==NULL) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); return (image); }",visit repo url,coders/mat.c,https://github.com/ImageMagick/ImageMagick,235019522301356,1 3648,['CWE-287'],"static void sctp_association_destroy(struct sctp_association *asoc) { SCTP_ASSERT(asoc->base.dead, ""Assoc is not dead"", return); sctp_endpoint_put(asoc->ep); sock_put(asoc->base.sk); if (asoc->assoc_id != 0) { spin_lock_bh(&sctp_assocs_id_lock); idr_remove(&sctp_assocs_id, asoc->assoc_id); spin_unlock_bh(&sctp_assocs_id_lock); } WARN_ON(atomic_read(&asoc->rmem_alloc)); if (asoc->base.malloced) { kfree(asoc); SCTP_DBG_OBJCNT_DEC(assoc); } }",linux-2.6,,,94897833374069320680810826549237200852,0 3849,[],"static inline void bprm_clear_caps(struct linux_binprm *bprm) { cap_clear(bprm->cap_post_exec_permitted); bprm->cap_effective = false; }",linux-2.6,,,134127045708415860681820009138225531522,0 4935,CWE-190,"exif_data_load_data_entry (ExifData *data, ExifEntry *entry, const unsigned char *d, unsigned int size, unsigned int offset) { unsigned int s, doff; entry->tag = exif_get_short (d + offset + 0, data->priv->order); entry->format = exif_get_short (d + offset + 2, data->priv->order); entry->components = exif_get_long (d + offset + 4, data->priv->order); exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Loading entry 0x%x ('%s')..."", entry->tag, exif_tag_get_name (entry->tag)); s = exif_format_get_size(entry->format) * entry->components; if ((s < entry->components) || (s == 0)){ return 0; } if (s > 4) doff = exif_get_long (d + offset + 8, data->priv->order); else doff = offset + 8; if ((doff + s < doff) || (doff + s < s) || (doff + s > size)) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Tag data past end of buffer (%u > %u)"", doff+s, size); return 0; } entry->data = exif_data_alloc (data, s); if (entry->data) { entry->size = s; memcpy (entry->data, d + doff, s); } else { EXIF_LOG_NO_MEMORY(data->priv->log, ""ExifData"", s); return 0; } if (entry->tag == EXIF_TAG_MAKER_NOTE) { if (!entry->data) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""MakerNote found with empty data""); } else if (entry->size > 6) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""MakerNote found (%02x %02x %02x %02x "" ""%02x %02x %02x...)."", entry->data[0], entry->data[1], entry->data[2], entry->data[3], entry->data[4], entry->data[5], entry->data[6]); } data->priv->offset_mnote = doff; } return 1; }",visit repo url,libexif/exif-data.c,https://github.com/libexif/libexif,123536622804356,1 3528,['CWE-20'],"static struct sctp_chunk *sctp_make_op_error_space( const struct sctp_association *asoc, const struct sctp_chunk *chunk, size_t size) { struct sctp_chunk *retval; retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, sizeof(sctp_errhdr_t) + size); if (!retval) goto nodata; if (chunk) retval->transport = chunk->transport; nodata: return retval; }",linux-2.6,,,122392412461064954257192268472499607093,0 3594,['CWE-20'],"static sctp_disposition_t sctp_sf_violation_paramlen( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, void *ext, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_paramhdr *param = ext; struct sctp_chunk *abort = NULL; if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)) goto discard; abort = sctp_make_violation_paramlen(asoc, chunk, param); if (!abort) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_PROTO_VIOLATION)); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); discard: sctp_sf_pdiscard(ep, asoc, SCTP_ST_CHUNK(0), arg, commands); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); return SCTP_DISPOSITION_ABORT; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,316407812265878065600039559988851809110,0 2070,CWE-416,"static struct ucma_multicast* ucma_alloc_multicast(struct ucma_context *ctx) { struct ucma_multicast *mc; mc = kzalloc(sizeof(*mc), GFP_KERNEL); if (!mc) return NULL; mutex_lock(&mut); mc->id = idr_alloc(&multicast_idr, mc, 0, 0, GFP_KERNEL); mutex_unlock(&mut); if (mc->id < 0) goto error; mc->ctx = ctx; list_add_tail(&mc->list, &ctx->mc_list); return mc; error: kfree(mc); return NULL; }",visit repo url,drivers/infiniband/core/ucma.c,https://github.com/torvalds/linux,196870149557092,1 1383,[],"update_stats_wait_start(struct cfs_rq *cfs_rq, struct sched_entity *se) { schedstat_set(se->wait_start, rq_of(cfs_rq)->clock); }",linux-2.6,,,217351061328150339769476846172527932907,0 4735,CWE-416,"ExprAppendMultiKeysymList(ExprDef *expr, ExprDef *append) { unsigned nSyms = darray_size(expr->keysym_list.syms); unsigned numEntries = darray_size(append->keysym_list.syms); darray_append(expr->keysym_list.symsMapIndex, nSyms); darray_append(expr->keysym_list.symsNumEntries, numEntries); darray_concat(expr->keysym_list.syms, append->keysym_list.syms); FreeStmt((ParseCommon *) &append); return expr; }",visit repo url,src/xkbcomp/ast-build.c,https://github.com/xkbcommon/libxkbcommon,138452395685428,1 4872,CWE-119,"const char * util_acl_to_str(const sc_acl_entry_t *e) { static char line[80], buf[20]; unsigned int acl; if (e == NULL) return ""N/A""; line[0] = 0; while (e != NULL) { acl = e->method; switch (acl) { case SC_AC_UNKNOWN: return ""N/A""; case SC_AC_NEVER: return ""NEVR""; case SC_AC_NONE: return ""NONE""; case SC_AC_CHV: strcpy(buf, ""CHV""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""%d"", e->key_ref); break; case SC_AC_TERM: strcpy(buf, ""TERM""); break; case SC_AC_PRO: strcpy(buf, ""PROT""); break; case SC_AC_AUT: strcpy(buf, ""AUTH""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 4, ""%d"", e->key_ref); break; case SC_AC_SEN: strcpy(buf, ""Sec.Env. ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; case SC_AC_SCB: strcpy(buf, ""Sec.ControlByte ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""Ox%X"", e->key_ref); break; case SC_AC_IDA: strcpy(buf, ""PKCS#15 AuthID ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; default: strcpy(buf, ""????""); break; } strcat(line, buf); strcat(line, "" ""); e = e->next; } line[strlen(line)-1] = 0; return line; }",visit repo url,src/tools/util.c,https://github.com/OpenSC/OpenSC,34728816745796,1 6675,CWE-532,"static int open_cred_file(char *file_name, struct parsed_mount_info *parsed_info) { char *line_buf = NULL; char *temp_val = NULL; FILE *fs = NULL; int i; const int line_buf_size = 4096; const int min_non_white = 10; i = toggle_dac_capability(0, 1); if (i) goto return_i; i = access(file_name, R_OK); if (i) { toggle_dac_capability(0, 0); i = errno; goto return_i; } fs = fopen(file_name, ""r""); if (fs == NULL) { toggle_dac_capability(0, 0); i = errno; goto return_i; } i = toggle_dac_capability(0, 0); if (i) goto return_i; line_buf = (char *)malloc(line_buf_size); if (line_buf == NULL) { i = EX_SYSERR; goto return_i; } while (fgets(line_buf, line_buf_size, fs)) { for (i = 0; i < line_buf_size - min_non_white + 1; i++) { if ((line_buf[i] != ' ') && (line_buf[i] != '\t')) break; } null_terminate_endl(line_buf); switch (parse_cred_line(line_buf + i, &temp_val)) { case CRED_USER: strlcpy(parsed_info->username, temp_val, sizeof(parsed_info->username)); parsed_info->got_user = 1; break; case CRED_PASS: i = set_password(parsed_info, temp_val); if (i) goto return_i; break; case CRED_DOM: if (parsed_info->verboseflag) fprintf(stderr, ""domain=%s\n"", temp_val); strlcpy(parsed_info->domain, temp_val, sizeof(parsed_info->domain)); break; case CRED_UNPARSEABLE: if (parsed_info->verboseflag) fprintf(stderr, ""Credential formatted "" ""incorrectly: %s\n"", temp_val ? temp_val : ""(null)""); break; } } i = 0; return_i: if (fs != NULL) fclose(fs); if (line_buf != NULL) memset(line_buf, 0, line_buf_size); free(line_buf); return i; }",visit repo url,mount.cifs.c,https://github.com/piastry/cifs-utils,96490737606660,1 5716,['CWE-200'],"static int llc_ui_autoport(void) { struct llc_sap *sap; int i, tries = 0; while (tries < LLC_SAP_DYN_TRIES) { for (i = llc_ui_sap_last_autoport; i < LLC_SAP_DYN_STOP; i += 2) { sap = llc_sap_find(i); if (!sap) { llc_ui_sap_last_autoport = i + 2; goto out; } llc_sap_put(sap); } llc_ui_sap_last_autoport = LLC_SAP_DYN_START; tries++; } i = 0; out: return i; }",linux-2.6,,,224777546196571445567623982171858638294,0 5581,CWE-125,"ast_for_atom_expr(struct compiling *c, const node *n) { int i, nch, start = 0; expr_ty e, tmp; REQ(n, atom_expr); nch = NCH(n); if (TYPE(CHILD(n, 0)) == AWAIT) { if (c->c_feature_version < 5) { ast_error(c, n, ""Await expressions are only supported in Python 3.5 and greater""); return NULL; } start = 1; assert(nch > 1); } e = ast_for_atom(c, CHILD(n, start)); if (!e) return NULL; if (nch == 1) return e; if (start && nch == 2) { return Await(e, LINENO(n), n->n_col_offset, c->c_arena); } for (i = start + 1; i < nch; i++) { node *ch = CHILD(n, i); if (TYPE(ch) != trailer) break; tmp = ast_for_trailer(c, ch, e); if (!tmp) return NULL; tmp->lineno = e->lineno; tmp->col_offset = e->col_offset; e = tmp; } if (start) { return Await(e, LINENO(n), n->n_col_offset, c->c_arena); } else { return e; } }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,112634479915426,1 4350,CWE-552,"int mg_http_upload(struct mg_connection *c, struct mg_http_message *hm, const char *dir) { char offset[40] = """", name[200] = """", path[256]; mg_http_get_var(&hm->query, ""offset"", offset, sizeof(offset)); mg_http_get_var(&hm->query, ""name"", name, sizeof(name)); if (name[0] == '\0') { mg_http_reply(c, 400, """", ""%s"", ""name required""); return -1; } else { FILE *fp; size_t oft = strtoul(offset, NULL, 0); snprintf(path, sizeof(path), ""%s%c%s"", dir, MG_DIRSEP, name); LOG(LL_DEBUG, (""%p %d bytes @ %d [%s]"", c->fd, (int) hm->body.len, (int) oft, name)); if ((fp = fopen(path, oft == 0 ? ""wb"" : ""ab"")) == NULL) { mg_http_reply(c, 400, """", ""fopen(%s): %d"", name, errno); return -2; } else { fwrite(hm->body.ptr, 1, hm->body.len, fp); fclose(fp); mg_http_reply(c, 200, """", """"); return (int) hm->body.len; } } }",visit repo url,mongoose.c,https://github.com/cesanta/mongoose,69964533702620,1 507,[],"static int __init snd_mem_init(void) { #ifdef CONFIG_PROC_FS snd_mem_proc = create_proc_entry(SND_MEM_PROC_FILE, 0644, NULL); if (snd_mem_proc) snd_mem_proc->proc_fops = &snd_mem_proc_fops; #endif return 0; }",linux-2.6,,,274794900000567173806395951518551638549,0 3270,CWE-125,"cfm_print(netdissect_options *ndo, register const u_char *pptr, register u_int length) { const struct cfm_common_header_t *cfm_common_header; const struct cfm_tlv_header_t *cfm_tlv_header; const uint8_t *tptr, *tlv_ptr; const uint8_t *namesp; u_int names_data_remaining; uint8_t md_nameformat, md_namelength; const uint8_t *md_name; uint8_t ma_nameformat, ma_namelength; const uint8_t *ma_name; u_int hexdump, tlen, cfm_tlv_len, cfm_tlv_type, ccm_interval; union { const struct cfm_ccm_t *cfm_ccm; const struct cfm_lbm_t *cfm_lbm; const struct cfm_ltm_t *cfm_ltm; const struct cfm_ltr_t *cfm_ltr; } msg_ptr; tptr=pptr; cfm_common_header = (const struct cfm_common_header_t *)pptr; if (length < sizeof(*cfm_common_header)) goto tooshort; ND_TCHECK(*cfm_common_header); if (CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version) != CFM_VERSION) { ND_PRINT((ndo, ""CFMv%u not supported, length %u"", CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version), length)); return; } ND_PRINT((ndo, ""CFMv%u %s, MD Level %u, length %u"", CFM_EXTRACT_VERSION(cfm_common_header->mdlevel_version), tok2str(cfm_opcode_values, ""unknown (%u)"", cfm_common_header->opcode), CFM_EXTRACT_MD_LEVEL(cfm_common_header->mdlevel_version), length)); if (ndo->ndo_vflag < 1) { return; } ND_PRINT((ndo, ""\n\tFirst TLV offset %u"", cfm_common_header->first_tlv_offset)); tptr += sizeof(const struct cfm_common_header_t); tlen = length - sizeof(struct cfm_common_header_t); if (cfm_common_header->first_tlv_offset > tlen) { ND_PRINT((ndo, "" (too large, must be <= %u)"", tlen)); return; } switch (cfm_common_header->opcode) { case CFM_OPCODE_CCM: msg_ptr.cfm_ccm = (const struct cfm_ccm_t *)tptr; if (cfm_common_header->first_tlv_offset < sizeof(*msg_ptr.cfm_ccm)) { ND_PRINT((ndo, "" (too small 1, must be >= %lu)"", (unsigned long) sizeof(*msg_ptr.cfm_ccm))); return; } if (tlen < sizeof(*msg_ptr.cfm_ccm)) goto tooshort; ND_TCHECK(*msg_ptr.cfm_ccm); ccm_interval = CFM_EXTRACT_CCM_INTERVAL(cfm_common_header->flags); ND_PRINT((ndo, "", Flags [CCM Interval %u%s]"", ccm_interval, cfm_common_header->flags & CFM_CCM_RDI_FLAG ? "", RDI"" : """")); if (ccm_interval) { ND_PRINT((ndo, ""\n\t CCM Interval %.3fs"" "", min CCM Lifetime %.3fs, max CCM Lifetime %.3fs"", ccm_interval_base[ccm_interval], ccm_interval_base[ccm_interval] * CCM_INTERVAL_MIN_MULTIPLIER, ccm_interval_base[ccm_interval] * CCM_INTERVAL_MAX_MULTIPLIER)); } ND_PRINT((ndo, ""\n\t Sequence Number 0x%08x, MA-End-Point-ID 0x%04x"", EXTRACT_32BITS(msg_ptr.cfm_ccm->sequence), EXTRACT_16BITS(msg_ptr.cfm_ccm->ma_epi))); namesp = msg_ptr.cfm_ccm->names; names_data_remaining = sizeof(msg_ptr.cfm_ccm->names); md_nameformat = *namesp; namesp++; names_data_remaining--; if (md_nameformat != CFM_CCM_MD_FORMAT_NONE) { md_namelength = *namesp; namesp++; names_data_remaining--; ND_PRINT((ndo, ""\n\t MD Name Format %s (%u), MD Name length %u"", tok2str(cfm_md_nameformat_values, ""Unknown"", md_nameformat), md_nameformat, md_namelength)); if (md_namelength > names_data_remaining - 3) { ND_PRINT((ndo, "" (too large, must be <= %u)"", names_data_remaining - 2)); return; } md_name = namesp; ND_PRINT((ndo, ""\n\t MD Name: "")); switch (md_nameformat) { case CFM_CCM_MD_FORMAT_DNS: case CFM_CCM_MD_FORMAT_CHAR: safeputs(ndo, md_name, md_namelength); break; case CFM_CCM_MD_FORMAT_MAC: if (md_namelength == 6) { ND_PRINT((ndo, ""\n\t MAC %s"", etheraddr_string(ndo, md_name))); } else { ND_PRINT((ndo, ""\n\t MAC (length invalid)"")); } break; case CFM_CCM_MA_FORMAT_8021: default: print_unknown_data(ndo, md_name, ""\n\t "", md_namelength); } namesp += md_namelength; names_data_remaining -= md_namelength; } else { ND_PRINT((ndo, ""\n\t MD Name Format %s (%u)"", tok2str(cfm_md_nameformat_values, ""Unknown"", md_nameformat), md_nameformat)); } ma_nameformat = *namesp; namesp++; names_data_remaining--; ma_namelength = *namesp; namesp++; names_data_remaining--; ND_PRINT((ndo, ""\n\t MA Name-Format %s (%u), MA name length %u"", tok2str(cfm_ma_nameformat_values, ""Unknown"", ma_nameformat), ma_nameformat, ma_namelength)); if (ma_namelength > names_data_remaining) { ND_PRINT((ndo, "" (too large, must be <= %u)"", names_data_remaining)); return; } ma_name = namesp; ND_PRINT((ndo, ""\n\t MA Name: "")); switch (ma_nameformat) { case CFM_CCM_MA_FORMAT_CHAR: safeputs(ndo, ma_name, ma_namelength); break; case CFM_CCM_MA_FORMAT_8021: case CFM_CCM_MA_FORMAT_VID: case CFM_CCM_MA_FORMAT_INT: case CFM_CCM_MA_FORMAT_VPN: default: print_unknown_data(ndo, ma_name, ""\n\t "", ma_namelength); } break; case CFM_OPCODE_LTM: msg_ptr.cfm_ltm = (const struct cfm_ltm_t *)tptr; if (cfm_common_header->first_tlv_offset < sizeof(*msg_ptr.cfm_ltm)) { ND_PRINT((ndo, "" (too small 4, must be >= %lu)"", (unsigned long) sizeof(*msg_ptr.cfm_ltm))); return; } if (tlen < sizeof(*msg_ptr.cfm_ltm)) goto tooshort; ND_TCHECK(*msg_ptr.cfm_ltm); ND_PRINT((ndo, "", Flags [%s]"", bittok2str(cfm_ltm_flag_values, ""none"", cfm_common_header->flags))); ND_PRINT((ndo, ""\n\t Transaction-ID 0x%08x, ttl %u"", EXTRACT_32BITS(msg_ptr.cfm_ltm->transaction_id), msg_ptr.cfm_ltm->ttl)); ND_PRINT((ndo, ""\n\t Original-MAC %s, Target-MAC %s"", etheraddr_string(ndo, msg_ptr.cfm_ltm->original_mac), etheraddr_string(ndo, msg_ptr.cfm_ltm->target_mac))); break; case CFM_OPCODE_LTR: msg_ptr.cfm_ltr = (const struct cfm_ltr_t *)tptr; if (cfm_common_header->first_tlv_offset < sizeof(*msg_ptr.cfm_ltr)) { ND_PRINT((ndo, "" (too small 5, must be >= %lu)"", (unsigned long) sizeof(*msg_ptr.cfm_ltr))); return; } if (tlen < sizeof(*msg_ptr.cfm_ltr)) goto tooshort; ND_TCHECK(*msg_ptr.cfm_ltr); ND_PRINT((ndo, "", Flags [%s]"", bittok2str(cfm_ltr_flag_values, ""none"", cfm_common_header->flags))); ND_PRINT((ndo, ""\n\t Transaction-ID 0x%08x, ttl %u"", EXTRACT_32BITS(msg_ptr.cfm_ltr->transaction_id), msg_ptr.cfm_ltr->ttl)); ND_PRINT((ndo, ""\n\t Replay-Action %s (%u)"", tok2str(cfm_ltr_replay_action_values, ""Unknown"", msg_ptr.cfm_ltr->replay_action), msg_ptr.cfm_ltr->replay_action)); break; case CFM_OPCODE_LBR: case CFM_OPCODE_LBM: default: print_unknown_data(ndo, tptr, ""\n\t "", tlen - cfm_common_header->first_tlv_offset); break; } tptr += cfm_common_header->first_tlv_offset; tlen -= cfm_common_header->first_tlv_offset; while (tlen > 0) { cfm_tlv_header = (const struct cfm_tlv_header_t *)tptr; ND_TCHECK2(*tptr, 1); cfm_tlv_type=cfm_tlv_header->type; ND_PRINT((ndo, ""\n\t%s TLV (0x%02x)"", tok2str(cfm_tlv_values, ""Unknown"", cfm_tlv_type), cfm_tlv_type)); if (cfm_tlv_type == CFM_TLV_END) { return; } if (tlen < sizeof(struct cfm_tlv_header_t)) goto tooshort; ND_TCHECK2(*tptr, sizeof(struct cfm_tlv_header_t)); cfm_tlv_len=EXTRACT_16BITS(&cfm_tlv_header->length); ND_PRINT((ndo, "", length %u"", cfm_tlv_len)); tptr += sizeof(struct cfm_tlv_header_t); tlen -= sizeof(struct cfm_tlv_header_t); tlv_ptr = tptr; if (tlen < cfm_tlv_len) goto tooshort; ND_TCHECK2(*tptr, cfm_tlv_len); hexdump = FALSE; switch(cfm_tlv_type) { case CFM_TLV_PORT_STATUS: if (cfm_tlv_len < 1) { ND_PRINT((ndo, "" (too short, must be >= 1)"")); return; } ND_PRINT((ndo, "", Status: %s (%u)"", tok2str(cfm_tlv_port_status_values, ""Unknown"", *tptr), *tptr)); break; case CFM_TLV_INTERFACE_STATUS: if (cfm_tlv_len < 1) { ND_PRINT((ndo, "" (too short, must be >= 1)"")); return; } ND_PRINT((ndo, "", Status: %s (%u)"", tok2str(cfm_tlv_interface_status_values, ""Unknown"", *tptr), *tptr)); break; case CFM_TLV_PRIVATE: if (cfm_tlv_len < 4) { ND_PRINT((ndo, "" (too short, must be >= 4)"")); return; } ND_PRINT((ndo, "", Vendor: %s (%u), Sub-Type %u"", tok2str(oui_values,""Unknown"", EXTRACT_24BITS(tptr)), EXTRACT_24BITS(tptr), *(tptr + 3))); hexdump = TRUE; break; case CFM_TLV_SENDER_ID: { u_int chassis_id_type, chassis_id_length; u_int mgmt_addr_length; if (cfm_tlv_len < 1) { ND_PRINT((ndo, "" (too short, must be >= 1)"")); return; } chassis_id_length = *tptr; tptr++; tlen--; cfm_tlv_len--; if (chassis_id_length) { if (cfm_tlv_len < 1) { ND_PRINT((ndo, ""\n\t (TLV too short)"")); return; } chassis_id_type = *tptr; cfm_tlv_len--; ND_PRINT((ndo, ""\n\t Chassis-ID Type %s (%u), Chassis-ID length %u"", tok2str(cfm_tlv_senderid_chassisid_values, ""Unknown"", chassis_id_type), chassis_id_type, chassis_id_length)); if (cfm_tlv_len < chassis_id_length) { ND_PRINT((ndo, ""\n\t (TLV too short)"")); return; } switch (chassis_id_type) { case CFM_CHASSIS_ID_MAC_ADDRESS: ND_PRINT((ndo, ""\n\t MAC %s"", etheraddr_string(ndo, tptr + 1))); break; case CFM_CHASSIS_ID_NETWORK_ADDRESS: hexdump |= cfm_network_addr_print(ndo, tptr); break; case CFM_CHASSIS_ID_INTERFACE_NAME: case CFM_CHASSIS_ID_INTERFACE_ALIAS: case CFM_CHASSIS_ID_LOCAL: case CFM_CHASSIS_ID_CHASSIS_COMPONENT: case CFM_CHASSIS_ID_PORT_COMPONENT: safeputs(ndo, tptr + 1, chassis_id_length); break; default: hexdump = TRUE; break; } cfm_tlv_len -= chassis_id_length; tptr += 1 + chassis_id_length; tlen -= 1 + chassis_id_length; } if (cfm_tlv_len == 0) { return; } mgmt_addr_length = *tptr; tptr++; tlen--; cfm_tlv_len--; if (mgmt_addr_length) { if (cfm_tlv_len < mgmt_addr_length) { ND_PRINT((ndo, ""\n\t (TLV too short)"")); return; } cfm_tlv_len -= mgmt_addr_length; tptr += mgmt_addr_length; tlen -= mgmt_addr_length; if (cfm_tlv_len < 1) { ND_PRINT((ndo, ""\n\t (TLV too short)"")); return; } mgmt_addr_length = *tptr; tptr++; tlen--; cfm_tlv_len--; if (mgmt_addr_length) { if (cfm_tlv_len < mgmt_addr_length) { ND_PRINT((ndo, ""\n\t (TLV too short)"")); return; } cfm_tlv_len -= mgmt_addr_length; tptr += mgmt_addr_length; tlen -= mgmt_addr_length; } } break; } case CFM_TLV_DATA: case CFM_TLV_REPLY_INGRESS: case CFM_TLV_REPLY_EGRESS: default: hexdump = TRUE; break; } if (hexdump || ndo->ndo_vflag > 1) print_unknown_data(ndo, tlv_ptr, ""\n\t "", cfm_tlv_len); tptr+=cfm_tlv_len; tlen-=cfm_tlv_len; } return; tooshort: ND_PRINT((ndo, ""\n\t\t packet is too short"")); return; trunc: ND_PRINT((ndo, ""\n\t\t packet exceeded snapshot"")); }",visit repo url,print-cfm.c,https://github.com/the-tcpdump-group/tcpdump,56165394033112,1 5657,['CWE-476'],"static int udp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { if (level != SOL_UDP) return ip_getsockopt(sk, level, optname, optval, optlen); return do_udp_getsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,277479051861695837034432847291174527084,0 4981,CWE-191,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 4211,CWE-125,"get_html_data (MAPI_Attr *a) { VarLenData **body = XCALLOC(VarLenData*, a->num_values + 1); int j; for (j = 0; j < a->num_values; j++) { body[j] = XMALLOC(VarLenData, 1); body[j]->len = a->values[j].len; body[j]->data = CHECKED_XCALLOC(unsigned char, a->values[j].len); memmove (body[j]->data, a->values[j].data.buf, body[j]->len); } return body; }",visit repo url,src/tnef.c,https://github.com/verdammelt/tnef,113940098504507,1 3525,['CWE-20'],"sctp_disposition_t sctp_sf_do_9_2_shutdown_ack( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = (struct sctp_chunk *) arg; struct sctp_chunk *reply; if (chunk) { if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_shutdown_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); } reply = sctp_make_shutdown_ack(asoc, chunk); if (!reply) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN)); if (asoc->autoclose) sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_SHUTDOWN_ACK_SENT)); sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply)); return SCTP_DISPOSITION_CONSUME; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,85376089343855615210754070124944066221,0 5985,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedreader_4__pyx_unpickle_CompressedBufferedReader(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_v___pyx_type, long __pyx_v___pyx_checksum, PyObject *__pyx_v___pyx_state) { PyObject *__pyx_v___pyx_PickleError = 0; PyObject *__pyx_v___pyx_result = 0; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations int __pyx_t_1; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; PyObject *__pyx_t_5 = NULL; int __pyx_t_6; __Pyx_RefNannySetupContext(""__pyx_unpickle_CompressedBufferedReader"", 0); __pyx_t_1 = ((__pyx_v___pyx_checksum != 0x183c0eb) != 0); if (__pyx_t_1) { __pyx_t_2 = PyList_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_INCREF(__pyx_n_s_PickleError); __Pyx_GIVEREF(__pyx_n_s_PickleError); PyList_SET_ITEM(__pyx_t_2, 0, __pyx_n_s_PickleError); __pyx_t_3 = __Pyx_Import(__pyx_n_s_pickle, __pyx_t_2, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_n_s_PickleError); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_INCREF(__pyx_t_2); __pyx_v___pyx_PickleError = __pyx_t_2; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __pyx_t_2 = __Pyx_PyInt_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_4 = __Pyx_PyString_Format(__pyx_kp_s_Incompatible_checksums_s_vs_0x18, __pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_INCREF(__pyx_v___pyx_PickleError); __pyx_t_2 = __pyx_v___pyx_PickleError; __pyx_t_5 = NULL; if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_2))) { __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_2); if (likely(__pyx_t_5)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2); __Pyx_INCREF(__pyx_t_5); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_2, function); } } __pyx_t_3 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_4); __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0; __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_Raise(__pyx_t_3, 0, 0, 0); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __PYX_ERR(1, 6, __pyx_L1_error) } __pyx_t_2 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_ptype_17clickhouse_driver_14bufferedreader_CompressedBufferedReader), __pyx_n_s_new); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 7, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_4 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) { __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_2); if (likely(__pyx_t_4)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2); __Pyx_INCREF(__pyx_t_4); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_2, function); } } __pyx_t_3 = (__pyx_t_4) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_4, __pyx_v___pyx_type) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_v___pyx_type); __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0; if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 7, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_v___pyx_result = __pyx_t_3; __pyx_t_3 = 0; __pyx_t_1 = (__pyx_v___pyx_state != Py_None); __pyx_t_6 = (__pyx_t_1 != 0); if (__pyx_t_6) { if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None)||(PyErr_Format(PyExc_TypeError, ""Expected %.16s, got %.200s"", ""tuple"", Py_TYPE(__pyx_v___pyx_state)->tp_name), 0))) __PYX_ERR(1, 9, __pyx_L1_error) __pyx_t_3 = __pyx_f_17clickhouse_driver_14bufferedreader___pyx_unpickle_CompressedBufferedReader__set_state(((struct __pyx_obj_17clickhouse_driver_14bufferedreader_CompressedBufferedReader *)__pyx_v___pyx_result), ((PyObject*)__pyx_v___pyx_state)); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 9, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; } __Pyx_XDECREF(__pyx_r); __Pyx_INCREF(__pyx_v___pyx_result); __pyx_r = __pyx_v___pyx_result; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_XDECREF(__pyx_t_5); __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.__pyx_unpickle_CompressedBufferedReader"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XDECREF(__pyx_v___pyx_PickleError); __Pyx_XDECREF(__pyx_v___pyx_result); __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,202288576120787,1 713,[],"int jpc_putdata(jas_stream_t *out, jas_stream_t *in, long len) { return jas_stream_copy(out, in, len); }",jasper,,,129833557668644327529123687677164214958,0 4407,['CWE-264'],"void release_sock(struct sock *sk) { mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_); spin_lock_bh(&sk->sk_lock.slock); if (sk->sk_backlog.tail) __release_sock(sk); sk->sk_lock.owned = 0; if (waitqueue_active(&sk->sk_lock.wq)) wake_up(&sk->sk_lock.wq); spin_unlock_bh(&sk->sk_lock.slock); }",linux-2.6,,,322249152795142965246033581529829512572,0 5669,['CWE-476'],"static int do_udpv6_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { struct udp_sock *up = udp_sk(sk); int val, len; if(get_user(len,optlen)) return -EFAULT; len = min_t(unsigned int, len, sizeof(int)); if(len < 0) return -EINVAL; switch(optname) { case UDP_CORK: val = up->corkflag; break; case UDP_ENCAP: val = up->encap_type; break; default: return -ENOPROTOOPT; }; if(put_user(len, optlen)) return -EFAULT; if(copy_to_user(optval, &val,len)) return -EFAULT; return 0; }",linux-2.6,,,72118671125997035660364908999104850562,0 3979,CWE-79,"static void do_viewlog(HttpRequest req, HttpResponse res) { if (is_readonly(req)) { send_error(req, res, SC_FORBIDDEN, ""You do not have sufficient privileges to access this page""); return; } do_head(res, ""_viewlog"", ""View log"", 100); if ((Run.flags & Run_Log) && ! (Run.flags & Run_UseSyslog)) { FILE *f = fopen(Run.files.log, ""r""); if (f) { size_t n; char buf[512]; StringBuffer_append(res->outputbuffer, ""

""); } else { StringBuffer_append(res->outputbuffer, ""Error opening logfile: %s"", STRERROR); } } else { StringBuffer_append(res->outputbuffer, ""Cannot view logfile:
""); if (! (Run.flags & Run_Log)) StringBuffer_append(res->outputbuffer, ""Monit was started without logging""); else StringBuffer_append(res->outputbuffer, ""Monit uses syslog""); } do_foot(res); }",visit repo url,src/http/cervlet.c,https://bitbucket.org/tildeslash/monit,78701441958751,1 5710,['CWE-200'],"static int llc_ui_connect(struct socket *sock, struct sockaddr *uaddr, int addrlen, int flags) { struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr; int rc = -EINVAL; lock_sock(sk); if (unlikely(addrlen != sizeof(*addr))) goto out; rc = -EAFNOSUPPORT; if (unlikely(addr->sllc_family != AF_LLC)) goto out; if (unlikely(sk->sk_type != SOCK_STREAM)) goto out; rc = -EALREADY; if (unlikely(sock->state == SS_CONNECTING)) goto out; if (sock_flag(sk, SOCK_ZAPPED)) { rc = llc_ui_autobind(sock, addr); if (rc) goto out; } llc->daddr.lsap = addr->sllc_sap; memcpy(llc->daddr.mac, addr->sllc_mac, IFHWADDRLEN); sock->state = SS_CONNECTING; sk->sk_state = TCP_SYN_SENT; llc->link = llc_ui_next_link_no(llc->sap->laddr.lsap); rc = llc_establish_connection(sk, llc->dev->dev_addr, addr->sllc_mac, addr->sllc_sap); if (rc) { dprintk(""%s: llc_ui_send_conn failed :-(\n"", __func__); sock->state = SS_UNCONNECTED; sk->sk_state = TCP_CLOSE; goto out; } if (sk->sk_state == TCP_SYN_SENT) { const long timeo = sock_sndtimeo(sk, flags & O_NONBLOCK); if (!timeo || !llc_ui_wait_for_conn(sk, timeo)) goto out; rc = sock_intr_errno(timeo); if (signal_pending(current)) goto out; } if (sk->sk_state == TCP_CLOSE) goto sock_error; sock->state = SS_CONNECTED; rc = 0; out: release_sock(sk); return rc; sock_error: rc = sock_error(sk) ? : -ECONNABORTED; sock->state = SS_UNCONNECTED; goto out; }",linux-2.6,,,90567760200541555238700127274357036400,0 5400,['CWE-476'],"void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) { vcpu_load(vcpu); kvm_mmu_unload(vcpu); vcpu_put(vcpu); kvm_x86_ops->vcpu_free(vcpu); }",linux-2.6,,,13849019987414205278353906822068565052,0 1953,['CWE-20'],"int arch_setup_additional_pages(struct linux_binprm *bprm, int executable_stack) { struct mm_struct *mm = current->mm; struct page **vdso_pagelist; unsigned long vdso_pages; unsigned long vdso_base; int rc; if (!vdso_ready) return 0; #ifdef CONFIG_PPC64 if (test_thread_flag(TIF_32BIT)) { vdso_pagelist = vdso32_pagelist; vdso_pages = vdso32_pages; vdso_base = VDSO32_MBASE; } else { vdso_pagelist = vdso64_pagelist; vdso_pages = vdso64_pages; vdso_base = VDSO64_MBASE; } #else vdso_pagelist = vdso32_pagelist; vdso_pages = vdso32_pages; vdso_base = VDSO32_MBASE; #endif current->mm->context.vdso_base = 0; if (vdso_pages == 0) return 0; vdso_pages ++; down_write(&mm->mmap_sem); vdso_base = get_unmapped_area(NULL, vdso_base, vdso_pages << PAGE_SHIFT, 0, 0); if (IS_ERR_VALUE(vdso_base)) { rc = vdso_base; goto fail_mmapsem; } rc = install_special_mapping(mm, vdso_base, vdso_pages << PAGE_SHIFT, VM_READ|VM_EXEC| VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC| VM_ALWAYSDUMP, vdso_pagelist); if (rc) goto fail_mmapsem; current->mm->context.vdso_base = vdso_base; up_write(&mm->mmap_sem); return 0; fail_mmapsem: up_write(&mm->mmap_sem); return rc; }",linux-2.6,,,167041331792584532723999871030650032608,0 3612,CWE-264,"struct tcp_conn_t *tcp_conn_accept(struct tcp_sock_t *sock) { struct tcp_conn_t *conn = calloc(1, sizeof *conn); if (conn == NULL) { ERR(""Calloc for connection struct failed""); goto error; } conn->sd = accept(sock->sd, NULL, NULL); if (conn->sd < 0) { ERR(""accept failed""); goto error; } return conn; error: if (conn != NULL) free(conn); return NULL; }",visit repo url,src/tcp.c,https://github.com/tillkamppeter/ippusbxd,229697695371425,1 3315,[],"static inline int nla_validate_nested(struct nlattr *start, int maxtype, const struct nla_policy *policy) { return nla_validate(nla_data(start), nla_len(start), maxtype, policy); }",linux-2.6,,,136950927484161472996394189822189014173,0 1828,['CWE-189'],"gnutls_handshake_get_last_out (gnutls_session_t session) { return session->internals.last_handshake_out; }",gnutls,,,47446030232059105649819917382052844270,0 3819,CWE-823,"do_buffer_ext( int action, int start, int dir, int count, int flags) { buf_T *buf; buf_T *bp; int unload = (action == DOBUF_UNLOAD || action == DOBUF_DEL || action == DOBUF_WIPE || action == DOBUF_WIPE_REUSE); switch (start) { case DOBUF_FIRST: buf = firstbuf; break; case DOBUF_LAST: buf = lastbuf; break; default: buf = curbuf; break; } if (start == DOBUF_MOD) { while (count-- > 0) { do { buf = buf->b_next; if (buf == NULL) buf = firstbuf; } while (buf != curbuf && !bufIsChanged(buf)); } if (!bufIsChanged(buf)) { emsg(_(e_no_modified_buffer_found)); return FAIL; } } else if (start == DOBUF_FIRST && count) { while (buf != NULL && buf->b_fnum != count) buf = buf->b_next; } else { bp = NULL; while (count > 0 || (!unload && !buf->b_p_bl && bp != buf)) { if (bp == NULL) bp = buf; if (dir == FORWARD) { buf = buf->b_next; if (buf == NULL) buf = firstbuf; } else { buf = buf->b_prev; if (buf == NULL) buf = lastbuf; } if (unload || buf->b_p_bl) { --count; bp = NULL; } if (bp == buf) { emsg(_(e_there_is_no_listed_buffer)); return FAIL; } } } if (buf == NULL) { if (start == DOBUF_FIRST) { if (!unload) semsg(_(e_buffer_nr_does_not_exist), count); } else if (dir == FORWARD) emsg(_(e_cannot_go_beyond_last_buffer)); else emsg(_(e_cannot_go_before_first_buffer)); return FAIL; } #ifdef FEAT_PROP_POPUP if ((flags & DOBUF_NOPOPUP) && bt_popup(buf) # ifdef FEAT_TERMINAL && !bt_terminal(buf) #endif ) return OK; #endif #ifdef FEAT_GUI need_mouse_correct = TRUE; #endif if (unload) { int forward; bufref_T bufref; if (!can_unload_buffer(buf)) return FAIL; set_bufref(&bufref, buf); if (action != DOBUF_WIPE && action != DOBUF_WIPE_REUSE && buf->b_ml.ml_mfp == NULL && !buf->b_p_bl) return FAIL; if ((flags & DOBUF_FORCEIT) == 0 && bufIsChanged(buf)) { #if defined(FEAT_GUI_DIALOG) || defined(FEAT_CON_DIALOG) if ((p_confirm || (cmdmod.cmod_flags & CMOD_CONFIRM)) && p_write) { dialog_changed(buf, FALSE); if (!bufref_valid(&bufref)) return FAIL; if (bufIsChanged(buf)) return FAIL; } else #endif { semsg(_(e_no_write_since_last_change_for_buffer_nr_add_bang_to_override), buf->b_fnum); return FAIL; } } if (buf == curbuf && VIsual_active) end_visual_mode(); FOR_ALL_BUFFERS(bp) if (bp->b_p_bl && bp != buf) break; if (bp == NULL && buf == curbuf) return empty_curbuf(TRUE, (flags & DOBUF_FORCEIT), action); while (buf == curbuf && !(curwin->w_closing || curwin->w_buffer->b_locked > 0) && (!ONE_WINDOW || first_tabpage->tp_next != NULL)) { if (win_close(curwin, FALSE) == FAIL) break; } if (buf != curbuf) { close_windows(buf, FALSE); if (buf != curbuf && bufref_valid(&bufref) && buf->b_nwindows <= 0) close_buffer(NULL, buf, action, FALSE, FALSE); return OK; } buf = NULL; bp = NULL; if (au_new_curbuf.br_buf != NULL && bufref_valid(&au_new_curbuf)) buf = au_new_curbuf.br_buf; else if (curwin->w_jumplistlen > 0) { int jumpidx; jumpidx = curwin->w_jumplistidx - 1; if (jumpidx < 0) jumpidx = curwin->w_jumplistlen - 1; forward = jumpidx; while (jumpidx != curwin->w_jumplistidx) { buf = buflist_findnr(curwin->w_jumplist[jumpidx].fmark.fnum); if (buf != NULL) { if (buf == curbuf || !buf->b_p_bl) buf = NULL; else if (buf->b_ml.ml_mfp == NULL) { if (bp == NULL) bp = buf; buf = NULL; } } if (buf != NULL) break; if (!jumpidx && curwin->w_jumplistidx == curwin->w_jumplistlen) break; if (--jumpidx < 0) jumpidx = curwin->w_jumplistlen - 1; if (jumpidx == forward) break; } } if (buf == NULL) { forward = TRUE; buf = curbuf->b_next; for (;;) { if (buf == NULL) { if (!forward) break; buf = curbuf->b_prev; forward = FALSE; continue; } if (buf->b_help == curbuf->b_help && buf->b_p_bl) { if (buf->b_ml.ml_mfp != NULL) break; if (bp == NULL) bp = buf; } if (forward) buf = buf->b_next; else buf = buf->b_prev; } } if (buf == NULL) buf = bp; if (buf == NULL) { FOR_ALL_BUFFERS(buf) if (buf->b_p_bl && buf != curbuf) break; } if (buf == NULL) { if (curbuf->b_next != NULL) buf = curbuf->b_next; else buf = curbuf->b_prev; } } if (buf == NULL) { return empty_curbuf(FALSE, (flags & DOBUF_FORCEIT), action); } if (action == DOBUF_SPLIT) { if ((swb_flags & SWB_USEOPEN) && buf_jump_open_win(buf)) return OK; if ((swb_flags & SWB_USETAB) && buf_jump_open_tab(buf)) return OK; if (win_split(0, 0) == FAIL) return FAIL; } if (buf == curbuf) return OK; if (action == DOBUF_GOTO && !can_abandon(curbuf, (flags & DOBUF_FORCEIT))) { #if defined(FEAT_GUI_DIALOG) || defined(FEAT_CON_DIALOG) if ((p_confirm || (cmdmod.cmod_flags & CMOD_CONFIRM)) && p_write) { bufref_T bufref; set_bufref(&bufref, buf); dialog_changed(curbuf, FALSE); if (!bufref_valid(&bufref)) return FAIL; } if (bufIsChanged(curbuf)) #endif { no_write_message(); return FAIL; } } set_curbuf(buf, action); if (action == DOBUF_SPLIT) RESET_BINDING(curwin); #if defined(FEAT_EVAL) if (aborting()) return FAIL; #endif return OK; }",visit repo url,src/buffer.c,https://github.com/vim/vim,254068468421464,1 6460,[],"tryall_dlopen (lt_dlhandle *phandle, const char *filename, lt_dladvise advise, const lt_dlvtable *vtable) { lt_dlhandle handle = handles; const char * saved_error = 0; int errors = 0; #ifdef LT_DEBUG_LOADERS fprintf (stderr, ""tryall_dlopen (%s, %s)\n"", filename ? filename : ""(null)"", vtable ? vtable->name : ""(ALL)""); #endif LT__GETERROR (saved_error); for (;handle; handle = handle->next) { if ((handle->info.filename == filename) || (handle->info.filename && filename && streq (handle->info.filename, filename))) { break; } } if (handle) { ++handle->info.ref_count; *phandle = handle; goto done; } handle = *phandle; if (filename) { handle->info.filename = lt__strdup (filename); if (!handle->info.filename) { ++errors; goto done; } } else { handle->info.filename = 0; } { lt_dlloader loader = lt_dlloader_next (0); const lt_dlvtable *loader_vtable; do { if (vtable) loader_vtable = vtable; else loader_vtable = lt_dlloader_get (loader); #ifdef LT_DEBUG_LOADERS fprintf (stderr, ""Calling %s->module_open (%s)\n"", (loader_vtable && loader_vtable->name) ? loader_vtable->name : ""(null)"", filename ? filename : ""(null)""); #endif handle->module = (*loader_vtable->module_open) (loader_vtable->dlloader_data, filename, advise); #ifdef LT_DEBUG_LOADERS fprintf (stderr, "" Result: %s\n"", handle->module ? ""Success"" : ""Failed""); #endif if (handle->module != 0) { if (advise) { handle->info.is_resident = advise->is_resident; handle->info.is_symglobal = advise->is_symglobal; handle->info.is_symlocal = advise->is_symlocal; } break; } } while (!vtable && (loader = lt_dlloader_next (loader))); if ((vtable && !handle->module) || (!vtable && !loader)) { FREE (handle->info.filename); ++errors; goto done; } handle->vtable = loader_vtable; } LT__SETERRORSTR (saved_error); done: return errors; }",libtool,,,29101711463599370050479808003476693509,0 4177,['CWE-399'],"static void server_set_state(AvahiServer *s, AvahiServerState state) { assert(s); if (s->state == state) return; s->state = state; avahi_interface_monitor_update_rrs(s->monitor, 0); if (s->callback) s->callback(s, state, s->userdata); }",avahi,,,264998389962984601282967835019692460843,0 5078,['CWE-20'],"static bool ldtr_valid(struct kvm_vcpu *vcpu) { struct kvm_segment ldtr; vmx_get_segment(vcpu, &ldtr, VCPU_SREG_LDTR); if (ldtr.unusable) return true; if (ldtr.selector & SELECTOR_TI_MASK) return false; if (ldtr.type != 2) return false; if (!ldtr.present) return false; return true; }",linux-2.6,,,239595093711364021283746760160596347270,0 10,NVD-CWE-Other,"krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data, krb5_kvno mkvno) { struct berval **ret = NULL; int currkvno; int num_versions = 1; int i, j, last; krb5_error_code err = 0; krb5_key_data *key_data; if (n_key_data <= 0) return NULL; key_data = k5calloc(n_key_data, sizeof(*key_data), &err); if (key_data_in == NULL) goto cleanup; memcpy(key_data, key_data_in, n_key_data * sizeof(*key_data)); for (i = 0; i < n_key_data; i++) { if (key_data[i].key_data_ver == 1) { key_data[i].key_data_ver = 2; key_data[i].key_data_type[1] = KRB5_KDB_SALTTYPE_NORMAL; key_data[i].key_data_length[1] = 0; key_data[i].key_data_contents[1] = NULL; } } for (i = 0; i < n_key_data - 1; i++) if (key_data[i].key_data_kvno != key_data[i + 1].key_data_kvno) num_versions++; ret = (struct berval **) calloc (num_versions + 1, sizeof (struct berval *)); if (ret == NULL) { err = ENOMEM; goto cleanup; } for (i = 0, last = 0, j = 0, currkvno = key_data[0].key_data_kvno; i < n_key_data; i++) { krb5_data *code; if (i == n_key_data - 1 || key_data[i + 1].key_data_kvno != currkvno) { ret[j] = k5alloc(sizeof(struct berval), &err); if (ret[j] == NULL) goto cleanup; err = asn1_encode_sequence_of_keys(key_data + last, (krb5_int16)i - last + 1, mkvno, &code); if (err) goto cleanup; ret[j]->bv_len = code->length; ret[j]->bv_val = code->data; free(code); j++; last = i + 1; if (i < n_key_data - 1) currkvno = key_data[i + 1].key_data_kvno; } } ret[num_versions] = NULL; cleanup: free(key_data); if (err != 0) { if (ret != NULL) { for (i = 0; i <= num_versions; i++) if (ret[i] != NULL) free (ret[i]); free (ret); ret = NULL; } } return ret; }",visit repo url,src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c,https://github.com/krb5/krb5,157928976031602,1 1036,NVD-CWE-noinfo,"static int wrmsr_interception(struct vcpu_svm *svm) { struct msr_data msr; u32 ecx = svm->vcpu.arch.regs[VCPU_REGS_RCX]; u64 data = (svm->vcpu.arch.regs[VCPU_REGS_RAX] & -1u) | ((u64)(svm->vcpu.arch.regs[VCPU_REGS_RDX] & -1u) << 32); msr.data = data; msr.index = ecx; msr.host_initiated = false; svm->next_rip = kvm_rip_read(&svm->vcpu) + 2; if (svm_set_msr(&svm->vcpu, &msr)) { trace_kvm_msr_write_ex(ecx, data); kvm_inject_gp(&svm->vcpu, 0); } else { trace_kvm_msr_write(ecx, data); skip_emulated_instruction(&svm->vcpu); } return 1; }",visit repo url,arch/x86/kvm/svm.c,https://github.com/torvalds/linux,124638295475271,1 2685,[],"SCTP_STATIC int sctp_setsockopt_connectx(struct sock* sk, struct sockaddr __user *addrs, int addrs_size) { sctp_assoc_t assoc_id = 0; int err = 0; err = __sctp_setsockopt_connectx(sk, addrs, addrs_size, &assoc_id); if (err) return err; else return assoc_id; }",linux-2.6,,,71179100039829800546084723437212666838,0 185,NVD-CWE-noinfo,"static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs) { struct pfkey_sock *pfk = pfkey_sk(sk); struct sk_buff *supp_skb; if (hdr->sadb_msg_satype > SADB_SATYPE_MAX) return -EINVAL; if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) { if (pfk->registered&(1<sadb_msg_satype)) return -EEXIST; pfk->registered |= (1<sadb_msg_satype); } xfrm_probe_algs(); supp_skb = compose_sadb_supported(hdr, GFP_KERNEL); if (!supp_skb) { if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) pfk->registered &= ~(1<sadb_msg_satype); return -ENOBUFS; } pfkey_broadcast(supp_skb, GFP_KERNEL, BROADCAST_REGISTERED, sk, sock_net(sk)); return 0; }",visit repo url,net/key/af_key.c,https://github.com/torvalds/linux,173335267984538,1 3385,CWE-772,"static MagickBooleanType WritePICTImage(const ImageInfo *image_info, Image *image,ExceptionInfo *exception) { #define MaxCount 128 #define PictCropRegionOp 0x01 #define PictEndOfPictureOp 0xff #define PictJPEGOp 0x8200 #define PictInfoOp 0x0C00 #define PictInfoSize 512 #define PictPixmapOp 0x9A #define PictPICTOp 0x98 #define PictVersion 0x11 const StringInfo *profile; double x_resolution, y_resolution; MagickBooleanType status; MagickOffsetType offset; PICTPixmap pixmap; PICTRectangle bounds, crop_rectangle, destination_rectangle, frame_rectangle, size_rectangle, source_rectangle; register const Quantum *p; register ssize_t i, x; size_t bytes_per_line, count, row_bytes, storage_class; ssize_t y; unsigned char *buffer, *packed_scanline, *scanline; unsigned short base_address, transfer_mode; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(image != (Image *) NULL); assert(image->signature == MagickCoreSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); if ((image->columns > 65535L) || (image->rows > 65535L)) ThrowWriterException(ImageError,""WidthOrHeightExceedsLimit""); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception); if (status == MagickFalse) return(status); (void) TransformImageColorspace(image,sRGBColorspace,exception); size_rectangle.top=0; size_rectangle.left=0; size_rectangle.bottom=(short) image->rows; size_rectangle.right=(short) image->columns; frame_rectangle=size_rectangle; crop_rectangle=size_rectangle; source_rectangle=size_rectangle; destination_rectangle=size_rectangle; base_address=0xff; row_bytes=image->columns; bounds.top=0; bounds.left=0; bounds.bottom=(short) image->rows; bounds.right=(short) image->columns; pixmap.version=0; pixmap.pack_type=0; pixmap.pack_size=0; pixmap.pixel_type=0; pixmap.bits_per_pixel=8; pixmap.component_count=1; pixmap.component_size=8; pixmap.plane_bytes=0; pixmap.table=0; pixmap.reserved=0; transfer_mode=0; x_resolution=image->resolution.x != 0.0 ? image->resolution.x : DefaultResolution; y_resolution=image->resolution.y != 0.0 ? image->resolution.y : DefaultResolution; storage_class=image->storage_class; if (image_info->compression == JPEGCompression) storage_class=DirectClass; if (storage_class == DirectClass) { pixmap.component_count=image->alpha_trait != UndefinedPixelTrait ? 4 : 3; pixmap.pixel_type=16; pixmap.bits_per_pixel=32; pixmap.pack_type=0x04; transfer_mode=0x40; row_bytes=4*image->columns; } bytes_per_line=image->columns; if (storage_class == DirectClass) bytes_per_line*=image->alpha_trait != UndefinedPixelTrait ? 4 : 3; buffer=(unsigned char *) AcquireQuantumMemory(PictInfoSize,sizeof(*buffer)); packed_scanline=(unsigned char *) AcquireQuantumMemory((size_t) (row_bytes+MaxCount),sizeof(*packed_scanline)); scanline=(unsigned char *) AcquireQuantumMemory(row_bytes,sizeof(*scanline)); if ((buffer == (unsigned char *) NULL) || (packed_scanline == (unsigned char *) NULL) || (scanline == (unsigned char *) NULL)) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); (void) ResetMagickMemory(scanline,0,row_bytes); (void) ResetMagickMemory(packed_scanline,0,(size_t) (row_bytes+MaxCount)); (void) ResetMagickMemory(buffer,0,PictInfoSize); (void) WriteBlob(image,PictInfoSize,buffer); (void) WriteBlobMSBShort(image,0); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.right); (void) WriteBlobMSBShort(image,PictVersion); (void) WriteBlobMSBShort(image,0x02ff); (void) WriteBlobMSBShort(image,PictInfoOp); (void) WriteBlobMSBLong(image,0xFFFE0000UL); (void) WriteBlobMSBShort(image,(unsigned short) x_resolution); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) y_resolution); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.right); (void) WriteBlobMSBLong(image,0x00000000L); profile=GetImageProfile(image,""iptc""); if (profile != (StringInfo *) NULL) { (void) WriteBlobMSBShort(image,0xa1); (void) WriteBlobMSBShort(image,0x1f2); (void) WriteBlobMSBShort(image,(unsigned short) (GetStringInfoLength(profile)+4)); (void) WriteBlobString(image,""8BIM""); (void) WriteBlob(image,GetStringInfoLength(profile), GetStringInfoDatum(profile)); } profile=GetImageProfile(image,""icc""); if (profile != (StringInfo *) NULL) { (void) WriteBlobMSBShort(image,0xa1); (void) WriteBlobMSBShort(image,0xe0); (void) WriteBlobMSBShort(image,(unsigned short) (GetStringInfoLength(profile)+4)); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlob(image,GetStringInfoLength(profile), GetStringInfoDatum(profile)); (void) WriteBlobMSBShort(image,0xa1); (void) WriteBlobMSBShort(image,0xe0); (void) WriteBlobMSBShort(image,4); (void) WriteBlobMSBLong(image,0x00000002UL); } (void) WriteBlobMSBShort(image,PictCropRegionOp); (void) WriteBlobMSBShort(image,0xa); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.right); if (image_info->compression == JPEGCompression) { Image *jpeg_image; ImageInfo *jpeg_info; size_t length; unsigned char *blob; jpeg_image=CloneImage(image,0,0,MagickTrue,exception); if (jpeg_image == (Image *) NULL) { (void) CloseBlob(image); return(MagickFalse); } jpeg_info=CloneImageInfo(image_info); (void) CopyMagickString(jpeg_info->magick,""JPEG"",MagickPathExtent); length=0; blob=(unsigned char *) ImageToBlob(jpeg_info,jpeg_image,&length, exception); jpeg_info=DestroyImageInfo(jpeg_info); if (blob == (unsigned char *) NULL) return(MagickFalse); jpeg_image=DestroyImage(jpeg_image); (void) WriteBlobMSBShort(image,PictJPEGOp); (void) WriteBlobMSBLong(image,(unsigned int) length+154); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBLong(image,0x00010000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00010000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x40000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00400000UL); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) image->rows); (void) WriteBlobMSBShort(image,(unsigned short) image->columns); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,768); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00566A70UL); (void) WriteBlobMSBLong(image,0x65670000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000001UL); (void) WriteBlobMSBLong(image,0x00016170UL); (void) WriteBlobMSBLong(image,0x706C0000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBShort(image,768); (void) WriteBlobMSBShort(image,(unsigned short) image->columns); (void) WriteBlobMSBShort(image,(unsigned short) image->rows); (void) WriteBlobMSBShort(image,(unsigned short) x_resolution); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) y_resolution); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x87AC0001UL); (void) WriteBlobMSBLong(image,0x0B466F74UL); (void) WriteBlobMSBLong(image,0x6F202D20UL); (void) WriteBlobMSBLong(image,0x4A504547UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x0018FFFFUL); (void) WriteBlob(image,length,blob); if ((length & 0x01) != 0) (void) WriteBlobByte(image,'\0'); blob=(unsigned char *) RelinquishMagickMemory(blob); } if (storage_class == PseudoClass) (void) WriteBlobMSBShort(image,PictPICTOp); else { (void) WriteBlobMSBShort(image,PictPixmapOp); (void) WriteBlobMSBLong(image,(size_t) base_address); } (void) WriteBlobMSBShort(image,(unsigned short) (row_bytes | 0x8000)); (void) WriteBlobMSBShort(image,(unsigned short) bounds.top); (void) WriteBlobMSBShort(image,(unsigned short) bounds.left); (void) WriteBlobMSBShort(image,(unsigned short) bounds.bottom); (void) WriteBlobMSBShort(image,(unsigned short) bounds.right); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.version); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.pack_type); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.pack_size); (void) WriteBlobMSBShort(image,(unsigned short) (x_resolution+0.5)); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) (y_resolution+0.5)); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.pixel_type); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.bits_per_pixel); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.component_count); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.component_size); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.plane_bytes); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.table); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.reserved); if (storage_class == PseudoClass) { (void) WriteBlobMSBLong(image,0x00000000L); (void) WriteBlobMSBShort(image,0L); (void) WriteBlobMSBShort(image,(unsigned short) (image->colors-1)); for (i=0; i < (ssize_t) image->colors; i++) { (void) WriteBlobMSBShort(image,(unsigned short) i); (void) WriteBlobMSBShort(image,ScaleQuantumToShort( image->colormap[i].red)); (void) WriteBlobMSBShort(image,ScaleQuantumToShort( image->colormap[i].green)); (void) WriteBlobMSBShort(image,ScaleQuantumToShort( image->colormap[i].blue)); } } (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.right); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.right); (void) WriteBlobMSBShort(image,(unsigned short) transfer_mode); count=0; if (storage_class == PseudoClass) for (y=0; y < (ssize_t) image->rows; y++) { p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { scanline[x]=(unsigned char) GetPixelIndex(image,p); p+=GetPixelChannels(image); } count+=EncodeImage(image,scanline,(size_t) (row_bytes & 0x7FFF), packed_scanline); if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } else if (image_info->compression == JPEGCompression) { (void) ResetMagickMemory(scanline,0,row_bytes); for (y=0; y < (ssize_t) image->rows; y++) count+=EncodeImage(image,scanline,(size_t) (row_bytes & 0x7FFF), packed_scanline); } else { register unsigned char *blue, *green, *opacity, *red; red=scanline; green=scanline+image->columns; blue=scanline+2*image->columns; opacity=scanline+3*image->columns; for (y=0; y < (ssize_t) image->rows; y++) { p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; red=scanline; green=scanline+image->columns; blue=scanline+2*image->columns; if (image->alpha_trait != UndefinedPixelTrait) { opacity=scanline; red=scanline+image->columns; green=scanline+2*image->columns; blue=scanline+3*image->columns; } for (x=0; x < (ssize_t) image->columns; x++) { *red++=ScaleQuantumToChar(GetPixelRed(image,p)); *green++=ScaleQuantumToChar(GetPixelGreen(image,p)); *blue++=ScaleQuantumToChar(GetPixelBlue(image,p)); if (image->alpha_trait != UndefinedPixelTrait) *opacity++=ScaleQuantumToChar((Quantum) (GetPixelAlpha(image,p))); p+=GetPixelChannels(image); } count+=EncodeImage(image,scanline,bytes_per_line,packed_scanline); if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } } if ((count & 0x01) != 0) (void) WriteBlobByte(image,'\0'); (void) WriteBlobMSBShort(image,PictEndOfPictureOp); offset=TellBlob(image); offset=SeekBlob(image,512,SEEK_SET); (void) WriteBlobMSBShort(image,(unsigned short) offset); scanline=(unsigned char *) RelinquishMagickMemory(scanline); packed_scanline=(unsigned char *) RelinquishMagickMemory(packed_scanline); buffer=(unsigned char *) RelinquishMagickMemory(buffer); (void) CloseBlob(image); return(MagickTrue); }",visit repo url,coders/pict.c,https://github.com/ImageMagick/ImageMagick,81792317951331,1 687,[],"static int jpc_qcd_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_qcxcp_t *compparms = &ms->parms.qcd.compparms; return jpc_qcx_getcompparms(compparms, cstate, in, ms->len); }",jasper,,,270849476706155543508737828532985398150,0 4443,CWE-400,"read_packet(int fd, gss_buffer_t buf, int timeout, int first) { int ret; static uint32_t len = 0; static char len_buf[4]; static int len_buf_pos = 0; static char * tmpbuf = 0; static int tmpbuf_pos = 0; if (first) { len_buf_pos = 0; return -2; } if (len_buf_pos < 4) { ret = timed_read(fd, &len_buf[len_buf_pos], 4 - len_buf_pos, timeout); if (ret == -1) { if (errno == EINTR || errno == EAGAIN) return -2; LOG(LOG_ERR, (""%s"", strerror(errno))); return -1; } if (ret == 0) { if (len_buf_pos == 0) return 0; LOG(LOG_INFO, (""EOF reading packet len"")); return -1; } len_buf_pos += ret; } if (len_buf_pos != 4) return -2; len = ntohl(*(uint32_t *)len_buf); if (len > GSTD_MAXPACKETCONTENTS + 512) { LOG(LOG_ERR, (""ridiculous length, %ld"", len)); return -1; } if (!tmpbuf) { if ((tmpbuf = malloc(len)) == NULL) { LOG(LOG_CRIT, (""malloc failure, %ld bytes"", len)); return -1; } } ret = timed_read(fd, tmpbuf + tmpbuf_pos, len - tmpbuf_pos, timeout); if (ret == -1) { if (errno == EINTR || errno == EAGAIN) return -2; LOG(LOG_ERR, (""%s"", strerror(errno))); return -1; } if (ret == 0) { LOG(LOG_ERR, (""EOF while reading packet (len=%d)"", len)); return -1; } tmpbuf_pos += ret; if (tmpbuf_pos == len) { buf->length = len; buf->value = tmpbuf; len = len_buf_pos = tmpbuf_pos = 0; tmpbuf = NULL; LOG(LOG_DEBUG, (""read packet of length %d"", buf->length)); return 1; } return -2; }",visit repo url,bin/gssstdio.c,https://github.com/elric1/knc,82247193244842,1 2776,NVD-CWE-Other,"static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long elements, int objprops) { while (elements-- > 0) { zval *key, *data, **old_data; ALLOC_INIT_ZVAL(key); if (!php_var_unserialize(&key, p, max, NULL TSRMLS_CC)) { zval_dtor(key); FREE_ZVAL(key); return 0; } if (Z_TYPE_P(key) != IS_LONG && Z_TYPE_P(key) != IS_STRING) { zval_dtor(key); FREE_ZVAL(key); return 0; } ALLOC_INIT_ZVAL(data); if (!php_var_unserialize(&data, p, max, var_hash TSRMLS_CC)) { zval_dtor(key); FREE_ZVAL(key); zval_dtor(data); FREE_ZVAL(data); return 0; } if (!objprops) { switch (Z_TYPE_P(key)) { case IS_LONG: if (zend_hash_index_find(ht, Z_LVAL_P(key), (void **)&old_data)==SUCCESS) { var_push_dtor(var_hash, old_data); } zend_hash_index_update(ht, Z_LVAL_P(key), &data, sizeof(data), NULL); break; case IS_STRING: if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { var_push_dtor(var_hash, old_data); } zend_symtable_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof(data), NULL); break; } } else { convert_to_string(key); if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) { var_push_dtor(var_hash, old_data); } zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data, sizeof data, NULL); } zval_dtor(key); FREE_ZVAL(key); if (elements && *(*p-1) != ';' && *(*p-1) != '}') { (*p)--; return 0; } } return 1; }",visit repo url,ext/standard/var_unserializer.c,https://github.com/php/php-src,220911068465715,1 4799,CWE-119,"sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; unsigned char buff[128]; int r, i; size_t field_length = 0, modulus_length = 0; sc_path_t tmppath; set_string (&p15card->tokeninfo->label, ""ID-kaart""); set_string (&p15card->tokeninfo->manufacturer_id, ""AS Sertifitseerimiskeskus""); sc_format_path (""3f00eeee5044"", &tmppath); r = sc_select_file (card, &tmppath, NULL); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""select esteid PD failed""); r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""read document number failed""); buff[r] = '\0'; set_string (&p15card->tokeninfo->serial_number, (const char *) buff); p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT | SC_PKCS15_TOKEN_READONLY; for (i = 0; i < 2; i++) { static const char *esteid_cert_names[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; static char const *esteid_cert_paths[2] = { ""3f00eeeeaace"", ""3f00eeeeddce""}; static int esteid_cert_ids[2] = {1, 2}; struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); cert_info.id.value[0] = esteid_cert_ids[i]; cert_info.id.len = 1; sc_format_path(esteid_cert_paths[i], &cert_info.path); strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label)); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; if (i == 0) { sc_pkcs15_cert_t *cert = NULL; r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); if (r < 0) return SC_ERROR_INTERNAL; if (cert->key->algorithm == SC_ALGORITHM_EC) field_length = cert->key->u.ec.params.field_length; else modulus_length = cert->key->u.rsa.modulus.len * 8; if (r == SC_SUCCESS) { static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }}; u8 *cn_name = NULL; size_t cn_len = 0; sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len); if (cn_len > 0) { char *token_name = malloc(cn_len+1); if (token_name) { memcpy(token_name, cn_name, cn_len); token_name[cn_len] = '\0'; set_string(&p15card->tokeninfo->label, (const char*)token_name); free(token_name); } } free(cn_name); sc_pkcs15_free_certificate(cert); } } } sc_format_path (""3f000016"", &tmppath); r = sc_select_file (card, &tmppath, NULL); if (r < 0) return SC_ERROR_INTERNAL; for (i = 0; i < 3; i++) { unsigned char tries_left; static const char *esteid_pin_names[3] = { ""PIN1"", ""PIN2"", ""PUK"" }; static const int esteid_pin_min[3] = {4, 5, 8}; static const int esteid_pin_ref[3] = {1, 2, 0}; static const int esteid_pin_authid[3] = {1, 2, 3}; static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN}; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = esteid_pin_authid[i]; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = esteid_pin_ref[i]; pin_info.attrs.pin.flags = esteid_pin_flags[i]; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = esteid_pin_min[i]; pin_info.attrs.pin.stored_length = 12; pin_info.attrs.pin.max_length = 12; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = (int)tries_left; pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; if (i < 2) { pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 3; } r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) return SC_ERROR_INTERNAL; } for (i = 0; i < 2; i++) { static int prkey_pin[2] = {1, 2}; static const char *prkey_name[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); prkey_info.id.len = 1; prkey_info.id.value[0] = prkey_pin[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; prkey_info.field_length = field_length; prkey_info.modulus_length = modulus_length; if (i == 1) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; else if(field_length > 0) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE; else prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; prkey_obj.auth_id.value[0] = prkey_pin[i]; prkey_obj.user_consent = 0; prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; if(field_length > 0) r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); else r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if (r < 0) return SC_ERROR_INTERNAL; } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-esteid.c,https://github.com/OpenSC/OpenSC,125994446105878,1 2657,CWE-125,"int gdTransformAffineCopy(gdImagePtr dst, int dst_x, int dst_y, const gdImagePtr src, gdRectPtr src_region, const double affine[6]) { int c1x,c1y,c2x,c2y; int backclip = 0; int backup_clipx1, backup_clipy1, backup_clipx2, backup_clipy2; register int x, y, src_offset_x, src_offset_y; double inv[6]; int *dst_p; gdPointF pt, src_pt; gdRect bbox; int end_x, end_y; gdInterpolationMethod interpolation_id_bak = GD_DEFAULT; interpolation_method interpolation_bak; if (src->interpolation_id == GD_BILINEAR_FIXED || src->interpolation_id == GD_BICUBIC_FIXED || src->interpolation_id == GD_NEAREST_NEIGHBOUR) { interpolation_id_bak = src->interpolation_id; interpolation_bak = src->interpolation; gdImageSetInterpolationMethod(src, GD_BICUBIC); } gdImageClipRectangle(src, src_region); if (src_region->x > 0 || src_region->y > 0 || src_region->width < gdImageSX(src) || src_region->height < gdImageSY(src)) { backclip = 1; gdImageGetClip(src, &backup_clipx1, &backup_clipy1, &backup_clipx2, &backup_clipy2); gdImageSetClip(src, src_region->x, src_region->y, src_region->x + src_region->width - 1, src_region->y + src_region->height - 1); } if (!gdTransformAffineBoundingBox(src_region, affine, &bbox)) { if (backclip) { gdImageSetClip(src, backup_clipx1, backup_clipy1, backup_clipx2, backup_clipy2); } gdImageSetInterpolationMethod(src, interpolation_id_bak); return GD_FALSE; } gdImageGetClip(dst, &c1x, &c1y, &c2x, &c2y); end_x = bbox.width + (int) fabs(bbox.x); end_y = bbox.height + (int) fabs(bbox.y); gdAffineInvert(inv, affine); src_offset_x = src_region->x; src_offset_y = src_region->y; if (dst->alphaBlendingFlag) { for (y = bbox.y; y <= end_y; y++) { pt.y = y + 0.5; for (x = 0; x <= end_x; x++) { pt.x = x + 0.5; gdAffineApplyToPointF(&src_pt, &pt, inv); gdImageSetPixel(dst, dst_x + x, dst_y + y, getPixelInterpolated(src, src_offset_x + src_pt.x, src_offset_y + src_pt.y, 0)); } } } else { for (y = 0; y <= end_y; y++) { pt.y = y + 0.5 + bbox.y; if ((dst_y + y) < 0 || ((dst_y + y) > gdImageSY(dst) -1)) { continue; } dst_p = dst->tpixels[dst_y + y] + dst_x; for (x = 0; x <= end_x; x++) { pt.x = x + 0.5 + bbox.x; gdAffineApplyToPointF(&src_pt, &pt, inv); if ((dst_x + x) < 0 || (dst_x + x) > (gdImageSX(dst) - 1)) { break; } *(dst_p++) = getPixelInterpolated(src, src_offset_x + src_pt.x, src_offset_y + src_pt.y, -1); } } } if (backclip) { gdImageSetClip(src, backup_clipx1, backup_clipy1, backup_clipx2, backup_clipy2); } gdImageSetInterpolationMethod(src, interpolation_id_bak); return GD_TRUE; }",visit repo url,ext/gd/libgd/gd_interpolation.c,https://github.com/php/php-src,56330127527894,1 3162,CWE-77,"static void print_value(int output, int num, const char *devname, const char *value, const char *name, size_t valsz) { if (output & OUTPUT_VALUE_ONLY) { fputs(value, stdout); fputc('\n', stdout); } else if (output & OUTPUT_UDEV_LIST) { print_udev_format(name, value); } else if (output & OUTPUT_EXPORT_LIST) { if (num == 1 && devname) printf(""DEVNAME=%s\n"", devname); fputs(name, stdout); fputs(""="", stdout); safe_print(value, valsz, NULL); fputs(""\n"", stdout); } else { if (num == 1 && devname) printf(""%s:"", devname); fputs("" "", stdout); fputs(name, stdout); fputs(""=\"""", stdout); safe_print(value, valsz, ""\""""); fputs(""\"""", stdout); } }",visit repo url,misc-utils/blkid.c,https://github.com/karelzak/util-linux,186228823549842,1 2591,['CWE-189'],"void dccp_shutdown(struct sock *sk, int how) { dccp_pr_debug(""called shutdown(%x)\n"", how); }",linux-2.6,,,242792822637494014702431352974530764771,0 317,CWE-119,"static int cxusb_ctrl_msg(struct dvb_usb_device *d, u8 cmd, u8 *wbuf, int wlen, u8 *rbuf, int rlen) { struct cxusb_state *st = d->priv; int ret, wo; if (1 + wlen > MAX_XFER_SIZE) { warn(""i2c wr: len=%d is too big!\n"", wlen); return -EOPNOTSUPP; } wo = (rbuf == NULL || rlen == 0); mutex_lock(&d->data_mutex); st->data[0] = cmd; memcpy(&st->data[1], wbuf, wlen); if (wo) ret = dvb_usb_generic_write(d, st->data, 1 + wlen); else ret = dvb_usb_generic_rw(d, st->data, 1 + wlen, rbuf, rlen, 0); mutex_unlock(&d->data_mutex); return ret; }",visit repo url,drivers/media/usb/dvb-usb/cxusb.c,https://github.com/torvalds/linux,277764789706158,1 367,NVD-CWE-noinfo,"void ping_unhash(struct sock *sk) { struct inet_sock *isk = inet_sk(sk); pr_debug(""ping_unhash(isk=%p,isk->num=%u)\n"", isk, isk->inet_num); if (sk_hashed(sk)) { write_lock_bh(&ping_table.lock); hlist_nulls_del(&sk->sk_nulls_node); sk_nulls_node_init(&sk->sk_nulls_node); sock_put(sk); isk->inet_num = 0; isk->inet_sport = 0; sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); write_unlock_bh(&ping_table.lock); } }",visit repo url,net/ipv4/ping.c,https://github.com/torvalds/linux,273307553265029,1 1931,['CWE-20'],"static int __init vdso_do_func_patch32(struct lib32_elfinfo *v32, struct lib64_elfinfo *v64, const char *orig, const char *fix) { Elf32_Sym *sym32_gen, *sym32_fix; sym32_gen = find_symbol32(v32, orig); if (sym32_gen == NULL) { printk(KERN_ERR ""vDSO32: Can't find symbol %s !\n"", orig); return -1; } if (fix == NULL) { sym32_gen->st_name = 0; return 0; } sym32_fix = find_symbol32(v32, fix); if (sym32_fix == NULL) { printk(KERN_ERR ""vDSO32: Can't find symbol %s !\n"", fix); return -1; } sym32_gen->st_value = sym32_fix->st_value; sym32_gen->st_size = sym32_fix->st_size; sym32_gen->st_info = sym32_fix->st_info; sym32_gen->st_other = sym32_fix->st_other; sym32_gen->st_shndx = sym32_fix->st_shndx; return 0; }",linux-2.6,,,22793165146210367021418360899508734080,0 4400,CWE-787,"fetch_token_in_cc(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) { int num; OnigCodePoint c, c2; OnigSyntaxType* syn = env->syntax; OnigEncoding enc = env->enc; UChar* prev; UChar* p = *src; PFETCH_READY; if (PEND) { tok->type = TK_EOT; return tok->type; } PFETCH(c); tok->type = TK_CHAR; tok->base = 0; tok->u.c = c; tok->escaped = 0; if (c == ']') { tok->type = TK_CC_CLOSE; } else if (c == '-') { tok->type = TK_CC_RANGE; } else if (c == MC_ESC(syn)) { if (! IS_SYNTAX_BV(syn, ONIG_SYN_BACKSLASH_ESCAPE_IN_CC)) goto end; if (PEND) return ONIGERR_END_PATTERN_AT_ESCAPE; PFETCH(c); tok->escaped = 1; tok->u.c = c; switch (c) { case 'w': tok->type = TK_CHAR_TYPE; tok->u.prop.ctype = ONIGENC_CTYPE_WORD; tok->u.prop.not = 0; break; case 'W': tok->type = TK_CHAR_TYPE; tok->u.prop.ctype = ONIGENC_CTYPE_WORD; tok->u.prop.not = 1; break; case 'd': tok->type = TK_CHAR_TYPE; tok->u.prop.ctype = ONIGENC_CTYPE_DIGIT; tok->u.prop.not = 0; break; case 'D': tok->type = TK_CHAR_TYPE; tok->u.prop.ctype = ONIGENC_CTYPE_DIGIT; tok->u.prop.not = 1; break; case 's': tok->type = TK_CHAR_TYPE; tok->u.prop.ctype = ONIGENC_CTYPE_SPACE; tok->u.prop.not = 0; break; case 'S': tok->type = TK_CHAR_TYPE; tok->u.prop.ctype = ONIGENC_CTYPE_SPACE; tok->u.prop.not = 1; break; case 'h': if (! IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_ESC_H_XDIGIT)) break; tok->type = TK_CHAR_TYPE; tok->u.prop.ctype = ONIGENC_CTYPE_XDIGIT; tok->u.prop.not = 0; break; case 'H': if (! IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_ESC_H_XDIGIT)) break; tok->type = TK_CHAR_TYPE; tok->u.prop.ctype = ONIGENC_CTYPE_XDIGIT; tok->u.prop.not = 1; break; case 'p': case 'P': if (PEND) break; c2 = PPEEK; if (c2 == '{' && IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_ESC_P_BRACE_CHAR_PROPERTY)) { PINC; tok->type = TK_CHAR_PROPERTY; tok->u.prop.not = (c == 'P' ? 1 : 0); if (!PEND && IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_ESC_P_BRACE_CIRCUMFLEX_NOT)) { PFETCH(c2); if (c2 == '^') { tok->u.prop.not = (tok->u.prop.not == 0 ? 1 : 0); } else PUNFETCH; } } break; case 'x': if (PEND) break; prev = p; if (PPEEK_IS('{') && IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_X_BRACE_HEX8)) { PINC; num = scan_unsigned_hexadecimal_number(&p, end, 8, enc); if (num < 0) return ONIGERR_TOO_BIG_WIDE_CHAR_VALUE; if (!PEND) { c2 = PPEEK; if (ONIGENC_IS_CODE_XDIGIT(enc, c2)) return ONIGERR_TOO_LONG_WIDE_CHAR_VALUE; } if (p > prev + enclen(enc, prev) && !PEND && (PPEEK_IS('}'))) { PINC; tok->type = TK_CODE_POINT; tok->base = 16; tok->u.code = (OnigCodePoint )num; } else { p = prev; } } else if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_X_HEX2)) { num = scan_unsigned_hexadecimal_number(&p, end, 2, enc); if (num < 0) return ONIGERR_TOO_BIG_NUMBER; if (p == prev) { num = 0; } tok->type = TK_RAW_BYTE; tok->base = 16; tok->u.c = num; } break; case 'u': if (PEND) break; prev = p; if (IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_ESC_U_HEX4)) { num = scan_unsigned_hexadecimal_number(&p, end, 4, enc); if (num < 0) return ONIGERR_TOO_BIG_NUMBER; if (p == prev) { num = 0; } tok->type = TK_CODE_POINT; tok->base = 16; tok->u.code = (OnigCodePoint )num; } break; case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) { PUNFETCH; prev = p; num = scan_unsigned_octal_number(&p, end, 3, enc); if (num < 0) return ONIGERR_TOO_BIG_NUMBER; if (p == prev) { num = 0; } tok->type = TK_RAW_BYTE; tok->base = 8; tok->u.c = num; } break; default: PUNFETCH; num = fetch_escaped_value(&p, end, env, &c2); if (num < 0) return num; if (tok->u.c != c2) { tok->u.code = c2; tok->type = TK_CODE_POINT; } break; } } else if (c == '[') { if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_POSIX_BRACKET) && (PPEEK_IS(':'))) { OnigCodePoint send[] = { (OnigCodePoint )':', (OnigCodePoint )']' }; tok->backp = p; PINC; if (str_exist_check_with_esc(send, 2, p, end, (OnigCodePoint )']', enc, syn)) { tok->type = TK_POSIX_BRACKET_OPEN; } else { PUNFETCH; goto cc_in_cc; } } else { cc_in_cc: if (IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_CCLASS_SET_OP)) { tok->type = TK_CC_CC_OPEN; } else { CC_ESC_WARN(env, (UChar* )""[""); } } } else if (c == '&') { if (IS_SYNTAX_OP2(syn, ONIG_SYN_OP2_CCLASS_SET_OP) && !PEND && (PPEEK_IS('&'))) { PINC; tok->type = TK_CC_AND; } } end: *src = p; return tok->type; }",visit repo url,src/regparse.c,https://github.com/kkos/oniguruma,121313731395481,1 5806,CWE-787,"SockParse(Sock *sockPtr) { const Tcl_DString *bufPtr; const Driver *drvPtr; Request *reqPtr; char save; SockState result; NS_NONNULL_ASSERT(sockPtr != NULL); drvPtr = sockPtr->drvPtr; NsUpdateProgress((Ns_Sock *) sockPtr); reqPtr = sockPtr->reqPtr; bufPtr = &reqPtr->buffer; while (reqPtr->coff == 0u) { char *s, *e; size_t cnt; s = bufPtr->string + reqPtr->roff; e = memchr(s, INTCHAR('\n'), reqPtr->avail); if (unlikely(e == NULL)) { return SOCK_MORE; } if (unlikely((e - s) > drvPtr->maxline)) { sockPtr->keep = NS_FALSE; if (reqPtr->request.line == NULL) { Ns_Log(DriverDebug, ""SockParse: maxline reached of %d bytes"", drvPtr->maxline); sockPtr->flags = NS_CONN_REQUESTURITOOLONG; Ns_Log(Warning, ""request line is too long (%d bytes)"", (int)(e - s)); } else { sockPtr->flags = NS_CONN_LINETOOLONG; Ns_Log(Warning, ""request header line is too long (%d bytes)"", (int)(e - s)); } } cnt = (size_t)(e - s) + 1u; reqPtr->roff += cnt; reqPtr->avail -= cnt; if (likely(e > s) && likely(*(e-1) == '\r')) { --e; } if (unlikely(e == s) && (reqPtr->coff == 0u)) { reqPtr->coff = EndOfHeader(sockPtr); if ((sockPtr->flags & NS_CONN_CONTINUE) != 0u) { Ns_Log(Ns_LogRequestDebug, ""honoring 100-continue""); if ((sockPtr->flags & NS_CONN_ENTITYTOOLARGE) != 0u) { Ns_Log(Ns_LogRequestDebug, ""100-continue: entity too large""); return SOCK_ENTITYTOOLARGE; } else { struct iovec iov[1]; ssize_t sent; Ns_Log(Ns_LogRequestDebug, ""100-continue: reply CONTINUE""); iov[0].iov_base = (char *)""HTTP/1.1 100 Continue\r\n\r\n""; iov[0].iov_len = strlen(iov[0].iov_base); sent = Ns_SockSendBufs((Ns_Sock *)sockPtr, iov, 1, NULL, 0u); if (sent != (ssize_t)iov[0].iov_len) { Ns_Log(Warning, ""could not deliver response: 100 Continue""); } } } } else { save = *e; *e = '\0'; if (unlikely(reqPtr->request.line == NULL)) { Ns_Log(DriverDebug, ""SockParse (%d): parse request line <%s>"", sockPtr->sock, s); if (Ns_ParseRequest(&reqPtr->request, s) == NS_ERROR) { return SOCK_BADREQUEST; } if (unlikely(reqPtr->request.version < 1.0)) { reqPtr->coff = reqPtr->roff; Ns_Log(Notice, ""pre-HTTP/1.0 request <%s>"", reqPtr->request.line); } } else if (Ns_ParseHeader(reqPtr->headers, s, Preserve) != NS_OK) { return SOCK_BADHEADER; } else { if (unlikely(Ns_SetSize(reqPtr->headers) > (size_t)drvPtr->maxheaders)) { Ns_Log(DriverDebug, ""SockParse (%d): maxheaders reached of %d bytes"", sockPtr->sock, drvPtr->maxheaders); return SOCK_TOOMANYHEADERS; } } *e = save; } } if (unlikely(reqPtr->request.line == NULL)) { return SOCK_BADREQUEST; } assert(reqPtr->coff > 0u); assert(reqPtr->request.line != NULL); Ns_Log(Dev, ""=== length < avail (length %"" PRIuz "", avail %"" PRIuz "") tfd %d tfile %p chunkStartOff %"" PRIuz, reqPtr->length, reqPtr->avail, sockPtr->tfd, (void *)sockPtr->tfile, reqPtr->chunkStartOff); if (reqPtr->chunkStartOff != 0u) { bool complete; size_t currentContentLength; complete = ChunkedDecode(reqPtr, NS_TRUE); currentContentLength = reqPtr->chunkWriteOff - reqPtr->coff; if ((!complete) || (reqPtr->expectedLength != 0u && currentContentLength < reqPtr->expectedLength)) { return SOCK_MORE; } reqPtr->length = (size_t)currentContentLength; } if (reqPtr->avail < reqPtr->length) { Ns_Log(DriverDebug, ""SockRead wait for more input""); return SOCK_MORE; } Ns_Log(Dev, ""=== all required data is available (avail %"" PRIuz"", length %"" PRIuz "", "" ""readahead %"" TCL_LL_MODIFIER ""d maxupload %"" TCL_LL_MODIFIER ""d) tfd %d"", reqPtr->avail, reqPtr->length, drvPtr->readahead, drvPtr->maxupload, sockPtr->tfd); result = SOCK_READY; if (sockPtr->tfile != NULL) { reqPtr->content = NULL; reqPtr->next = NULL; reqPtr->avail = 0u; Ns_Log(DriverDebug, ""content spooled to file: size %"" PRIdz "", file %s"", reqPtr->length, sockPtr->tfile); } else { if (sockPtr->tfd > 0) { #ifdef _WIN32 assert(0); #else int prot = PROT_READ | PROT_WRITE; ssize_t rc = ns_write(sockPtr->tfd, ""\0"", 1); if (rc == -1) { Ns_Log(Error, ""socket: could not append terminating 0-byte""); } sockPtr->tsize = reqPtr->length + 1; sockPtr->taddr = mmap(0, sockPtr->tsize, prot, MAP_PRIVATE, sockPtr->tfd, 0); if (sockPtr->taddr == MAP_FAILED) { sockPtr->taddr = NULL; result = SOCK_ERROR; } else { reqPtr->content = sockPtr->taddr; Ns_Log(Debug, ""content spooled to mmapped file: readahead=%"" TCL_LL_MODIFIER ""d, filesize=%"" PRIdz, drvPtr->readahead, sockPtr->tsize); } #endif } else { reqPtr->content = bufPtr->string + reqPtr->coff; } reqPtr->next = reqPtr->content; if (reqPtr->length > 0u) { Ns_Log(DriverDebug, ""SockRead adds null terminating character at content[%"" PRIuz ""]"", reqPtr->length); reqPtr->savedChar = reqPtr->content[reqPtr->length]; reqPtr->content[reqPtr->length] = '\0'; if (sockPtr->taddr == NULL) { LogBuffer(DriverDebug, ""UPDATED BUFFER"", sockPtr->reqPtr->buffer.string, (size_t)reqPtr->buffer.length); } } } return result; }",visit repo url,nsd/driver.c,https://bitbucket.org/naviserver/naviserver,108659974292199,1 2030,['CWE-269'],"struct vfsmount *__lookup_mnt(struct vfsmount *mnt, struct dentry *dentry, int dir) { struct list_head *head = mount_hashtable + hash(mnt, dentry); struct list_head *tmp = head; struct vfsmount *p, *found = NULL; for (;;) { tmp = dir ? tmp->next : tmp->prev; p = NULL; if (tmp == head) break; p = list_entry(tmp, struct vfsmount, mnt_hash); if (p->mnt_parent == mnt && p->mnt_mountpoint == dentry) { found = p; break; } } return found; }",linux-2.6,,,250592868855733625730193307781012347975,0 933,['CWE-200'],"static struct page *shmem_swapin_async(struct shared_policy *p, swp_entry_t entry, unsigned long idx) { struct page *page; struct vm_area_struct pvma; memset(&pvma, 0, sizeof(struct vm_area_struct)); pvma.vm_end = PAGE_SIZE; pvma.vm_pgoff = idx; pvma.vm_policy = mpol_shared_policy_lookup(p, idx); page = read_swap_cache_async(entry, &pvma, 0); mpol_free(pvma.vm_policy); return page; }",linux-2.6,,,205733208269960731431132171259402406407,0 6551,['CWE-200'],"nma_menu_device_check_unusable (NMDevice *device, const char *unavailable_msg) { GtkWidget *item = NULL; gboolean managed = TRUE; if (!unavailable_msg) unavailable_msg = _(""device not ready""); switch (nm_device_get_state (device)) { case NM_DEVICE_STATE_UNKNOWN: case NM_DEVICE_STATE_UNAVAILABLE: item = gtk_menu_item_new_with_label (unavailable_msg); break; case NM_DEVICE_STATE_UNMANAGED: managed = FALSE; break; default: managed = nm_device_get_managed (device); break; } if (!managed) item = gtk_menu_item_new_with_label (_(""device not managed"")); if (item) gtk_widget_set_sensitive (item, FALSE); return item; }",network-manager-applet,,,70482249194403780499017228379071365214,0 2823,[],"static int dio_refill_pages(struct dio *dio) { int ret; int nr_pages; nr_pages = min(dio->total_pages - dio->curr_page, DIO_PAGES); down_read(¤t->mm->mmap_sem); ret = get_user_pages( current, current->mm, dio->curr_user_address, nr_pages, dio->rw == READ, 0, &dio->pages[0], NULL); up_read(¤t->mm->mmap_sem); if (ret < 0 && dio->blocks_available && (dio->rw & WRITE)) { struct page *page = ZERO_PAGE(dio->curr_user_address); if (dio->page_errors == 0) dio->page_errors = ret; page_cache_get(page); dio->pages[0] = page; dio->head = 0; dio->tail = 1; ret = 0; goto out; } if (ret >= 0) { dio->curr_user_address += ret * PAGE_SIZE; dio->curr_page += ret; dio->head = 0; dio->tail = ret; ret = 0; } out: return ret; }",linux-2.6,,,286908955723991899294467041224438682812,0 694,CWE-20,"int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct atm_vcc *vcc; struct sk_buff *skb; int copied, error = -EINVAL; msg->msg_namelen = 0; if (sock->state != SS_CONNECTED) return -ENOTCONN; if (flags & ~(MSG_DONTWAIT | MSG_PEEK)) return -EOPNOTSUPP; vcc = ATM_SD(sock); if (test_bit(ATM_VF_RELEASED, &vcc->flags) || test_bit(ATM_VF_CLOSE, &vcc->flags) || !test_bit(ATM_VF_READY, &vcc->flags)) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &error); if (!skb) return error; copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } error = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (error) return error; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { pr_debug(""%d -= %d\n"", atomic_read(&sk->sk_rmem_alloc), skb->truesize); atm_return(vcc, skb->truesize); } skb_free_datagram(sk, skb); return copied; }",visit repo url,net/atm/common.c,https://github.com/torvalds/linux,240275613128050,1 1453,[],"static void hrtick_set(struct rq *rq) { ktime_t time; int set, reset; unsigned long flags; WARN_ON_ONCE(cpu_of(rq) != smp_processor_id()); spin_lock_irqsave(&rq->lock, flags); set = __test_and_clear_bit(HRTICK_SET, &rq->hrtick_flags); reset = __test_and_clear_bit(HRTICK_RESET, &rq->hrtick_flags); time = rq->hrtick_expire; clear_thread_flag(TIF_HRTICK_RESCHED); spin_unlock_irqrestore(&rq->lock, flags); if (set) { hrtimer_start(&rq->hrtick_timer, time, HRTIMER_MODE_ABS); if (reset && !hrtimer_active(&rq->hrtick_timer)) resched_rq(rq); } else hrtick_clear(rq); }",linux-2.6,,,143294887901067550556968700461942023930,0 1728,CWE-476,"static int srpt_rx_mgmt_fn_tag(struct srpt_send_ioctx *ioctx, u64 tag) { struct srpt_device *sdev; struct srpt_rdma_ch *ch; struct srpt_send_ioctx *target; int ret, i; ret = -EINVAL; ch = ioctx->ch; BUG_ON(!ch); BUG_ON(!ch->sport); sdev = ch->sport->sdev; BUG_ON(!sdev); spin_lock_irq(&sdev->spinlock); for (i = 0; i < ch->rq_size; ++i) { target = ch->ioctx_ring[i]; if (target->cmd.se_lun == ioctx->cmd.se_lun && target->cmd.tag == tag && srpt_get_cmd_state(target) != SRPT_STATE_DONE) { ret = 0; break; } } spin_unlock_irq(&sdev->spinlock); return ret; }",visit repo url,drivers/infiniband/ulp/srpt/ib_srpt.c,https://github.com/torvalds/linux,160168434151659,1 6037,CWE-203,"dse_bind(Slapi_PBlock *pb) { ber_tag_t method; struct berval *cred; Slapi_Value **bvals; struct dse *pdse; Slapi_Attr *attr; Slapi_DN *sdn = NULL; Slapi_Entry *ec = NULL; if (slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &pdse) < 0 || slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn) < 0 || slapi_pblock_get(pb, SLAPI_BIND_METHOD, &method) < 0 || slapi_pblock_get(pb, SLAPI_BIND_CREDENTIALS, &cred) < 0) { slapi_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); return SLAPI_BIND_FAIL; } if (method == LDAP_AUTH_SIMPLE && cred->bv_len == 0) { slapi_send_ldap_result(pb, LDAP_SUCCESS, NULL, NULL, 0, NULL); return (SLAPI_BIND_FAIL); } ec = dse_get_entry_copy(pdse, sdn, DSE_USE_LOCK); if (ec == NULL) { slapi_send_ldap_result(pb, LDAP_NO_SUCH_OBJECT, NULL, NULL, 0, NULL); return (SLAPI_BIND_FAIL); } switch (method) { case LDAP_AUTH_SIMPLE: { Slapi_Value cv; if (slapi_entry_attr_find(ec, ""userpassword"", &attr) != 0) { slapi_send_ldap_result(pb, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, 0, NULL); slapi_entry_free(ec); return SLAPI_BIND_FAIL; } bvals = attr_get_present_values(attr); slapi_value_init_berval(&cv, cred); if (slapi_pw_find_sv(bvals, &cv) != 0) { slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL); slapi_entry_free(ec); value_done(&cv); return SLAPI_BIND_FAIL; } value_done(&cv); } break; default: slapi_send_ldap_result(pb, LDAP_STRONG_AUTH_NOT_SUPPORTED, NULL, ""auth method not supported"", 0, NULL); slapi_entry_free(ec); return SLAPI_BIND_FAIL; } slapi_entry_free(ec); return SLAPI_BIND_SUCCESS; }",visit repo url,ldap/servers/slapd/dse.c,https://github.com/389ds/389-ds-base,210212018436284,1 495,NVD-CWE-noinfo,"int ocfs2_setattr(struct dentry *dentry, struct iattr *attr) { int status = 0, size_change; int inode_locked = 0; struct inode *inode = d_inode(dentry); struct super_block *sb = inode->i_sb; struct ocfs2_super *osb = OCFS2_SB(sb); struct buffer_head *bh = NULL; handle_t *handle = NULL; struct dquot *transfer_to[MAXQUOTAS] = { }; int qtype; int had_lock; struct ocfs2_lock_holder oh; trace_ocfs2_setattr(inode, dentry, (unsigned long long)OCFS2_I(inode)->ip_blkno, dentry->d_name.len, dentry->d_name.name, attr->ia_valid, attr->ia_mode, from_kuid(&init_user_ns, attr->ia_uid), from_kgid(&init_user_ns, attr->ia_gid)); if (S_ISLNK(inode->i_mode)) attr->ia_valid &= ~ATTR_SIZE; #define OCFS2_VALID_ATTRS (ATTR_ATIME | ATTR_MTIME | ATTR_CTIME | ATTR_SIZE \ | ATTR_GID | ATTR_UID | ATTR_MODE) if (!(attr->ia_valid & OCFS2_VALID_ATTRS)) return 0; status = setattr_prepare(dentry, attr); if (status) return status; if (is_quota_modification(inode, attr)) { status = dquot_initialize(inode); if (status) return status; } size_change = S_ISREG(inode->i_mode) && attr->ia_valid & ATTR_SIZE; if (size_change) { status = ocfs2_rw_lock(inode, 1); if (status < 0) { mlog_errno(status); goto bail; } } had_lock = ocfs2_inode_lock_tracker(inode, &bh, 1, &oh); if (had_lock < 0) { status = had_lock; goto bail_unlock_rw; } else if (had_lock) { mlog(ML_ERROR, ""Another case of recursive locking:\n""); dump_stack(); } inode_locked = 1; if (size_change) { status = inode_newsize_ok(inode, attr->ia_size); if (status) goto bail_unlock; inode_dio_wait(inode); if (i_size_read(inode) >= attr->ia_size) { if (ocfs2_should_order_data(inode)) { status = ocfs2_begin_ordered_truncate(inode, attr->ia_size); if (status) goto bail_unlock; } status = ocfs2_truncate_file(inode, bh, attr->ia_size); } else status = ocfs2_extend_file(inode, bh, attr->ia_size); if (status < 0) { if (status != -ENOSPC) mlog_errno(status); status = -ENOSPC; goto bail_unlock; } } if ((attr->ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) || (attr->ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) { if (attr->ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid) && OCFS2_HAS_RO_COMPAT_FEATURE(sb, OCFS2_FEATURE_RO_COMPAT_USRQUOTA)) { transfer_to[USRQUOTA] = dqget(sb, make_kqid_uid(attr->ia_uid)); if (IS_ERR(transfer_to[USRQUOTA])) { status = PTR_ERR(transfer_to[USRQUOTA]); goto bail_unlock; } } if (attr->ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid) && OCFS2_HAS_RO_COMPAT_FEATURE(sb, OCFS2_FEATURE_RO_COMPAT_GRPQUOTA)) { transfer_to[GRPQUOTA] = dqget(sb, make_kqid_gid(attr->ia_gid)); if (IS_ERR(transfer_to[GRPQUOTA])) { status = PTR_ERR(transfer_to[GRPQUOTA]); goto bail_unlock; } } handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS + 2 * ocfs2_quota_trans_credits(sb)); if (IS_ERR(handle)) { status = PTR_ERR(handle); mlog_errno(status); goto bail_unlock; } status = __dquot_transfer(inode, transfer_to); if (status < 0) goto bail_commit; } else { handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS); if (IS_ERR(handle)) { status = PTR_ERR(handle); mlog_errno(status); goto bail_unlock; } } setattr_copy(inode, attr); mark_inode_dirty(inode); status = ocfs2_mark_inode_dirty(handle, inode, bh); if (status < 0) mlog_errno(status); bail_commit: ocfs2_commit_trans(osb, handle); bail_unlock: if (status && inode_locked) { ocfs2_inode_unlock_tracker(inode, 1, &oh, had_lock); inode_locked = 0; } bail_unlock_rw: if (size_change) ocfs2_rw_unlock(inode, 1); bail: for (qtype = 0; qtype < OCFS2_MAXQUOTAS; qtype++) dqput(transfer_to[qtype]); if (!status && attr->ia_valid & ATTR_MODE) { status = ocfs2_acl_chmod(inode, bh); if (status < 0) mlog_errno(status); } if (inode_locked) ocfs2_inode_unlock_tracker(inode, 1, &oh, had_lock); brelse(bh); return status; }",visit repo url,fs/ocfs2/file.c,https://github.com/torvalds/linux,279035308264898,1 1740,[],"asmlinkage long sys_sched_getparam(pid_t pid, struct sched_param __user *param) { struct sched_param lp; struct task_struct *p; int retval; if (!param || pid < 0) return -EINVAL; read_lock(&tasklist_lock); p = find_process_by_pid(pid); retval = -ESRCH; if (!p) goto out_unlock; retval = security_task_getscheduler(p); if (retval) goto out_unlock; lp.sched_priority = p->rt_priority; read_unlock(&tasklist_lock); retval = copy_to_user(param, &lp, sizeof(*param)) ? -EFAULT : 0; return retval; out_unlock: read_unlock(&tasklist_lock); return retval; }",linux-2.6,,,210057292039412546390239614319971875246,0 5491,NVD-CWE-Other,"void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){ ZipfileCtx *p; ZipfileEntry e; sqlite3_value *pName = 0; sqlite3_value *pMode = 0; sqlite3_value *pMtime = 0; sqlite3_value *pData = 0; sqlite3_value *pMethod = 0; int bIsDir = 0; u32 mode; int rc = SQLITE_OK; char *zErr = 0; int iMethod = -1; const u8 *aData = 0; int nData = 0; int szUncompressed = 0; u8 *aFree = 0; u32 iCrc32 = 0; char *zName = 0; int nName = 0; char *zFree = 0; int nByte; memset(&e, 0, sizeof(e)); p = (ZipfileCtx*)sqlite3_aggregate_context(pCtx, sizeof(ZipfileCtx)); if( p==0 ) return; if( nVal!=2 && nVal!=4 && nVal!=5 ){ zErr = sqlite3_mprintf(""wrong number of arguments to function zipfile()""); rc = SQLITE_ERROR; goto zipfile_step_out; } pName = apVal[0]; if( nVal==2 ){ pData = apVal[1]; }else{ pMode = apVal[1]; pMtime = apVal[2]; pData = apVal[3]; if( nVal==5 ){ pMethod = apVal[4]; } } zName = (char*)sqlite3_value_text(pName); nName = sqlite3_value_bytes(pName); if( zName==0 ){ zErr = sqlite3_mprintf(""first argument to zipfile() must be non-NULL""); rc = SQLITE_ERROR; goto zipfile_step_out; } if( pMethod && SQLITE_NULL!=sqlite3_value_type(pMethod) ){ iMethod = (int)sqlite3_value_int64(pMethod); if( iMethod!=0 && iMethod!=8 ){ zErr = sqlite3_mprintf(""illegal method value: %d"", iMethod); rc = SQLITE_ERROR; goto zipfile_step_out; } } if( sqlite3_value_type(pData)==SQLITE_NULL ){ bIsDir = 1; iMethod = 0; }else{ aData = sqlite3_value_blob(pData); szUncompressed = nData = sqlite3_value_bytes(pData); iCrc32 = crc32(0, aData, nData); if( iMethod<0 || iMethod==8 ){ int nOut = 0; rc = zipfileDeflate(aData, nData, &aFree, &nOut, &zErr); if( rc!=SQLITE_OK ){ goto zipfile_step_out; } if( iMethod==8 || nOut1 && zName[nName-2]=='/' ) nName--; } } e.cds.iVersionMadeBy = ZIPFILE_NEWENTRY_MADEBY; e.cds.iVersionExtract = ZIPFILE_NEWENTRY_REQUIRED; e.cds.flags = ZIPFILE_NEWENTRY_FLAGS; e.cds.iCompression = (u16)iMethod; zipfileMtimeToDos(&e.cds, (u32)e.mUnixTime); e.cds.crc32 = iCrc32; e.cds.szCompressed = nData; e.cds.szUncompressed = szUncompressed; e.cds.iExternalAttr = (mode<<16); e.cds.iOffset = p->body.n; e.cds.nFile = (u16)nName; e.cds.zFile = zName; nByte = ZIPFILE_LFH_FIXED_SZ + e.cds.nFile + 9; if( (rc = zipfileBufferGrow(&p->body, nByte)) ) goto zipfile_step_out; p->body.n += zipfileSerializeLFH(&e, &p->body.a[p->body.n]); if( nData>0 ){ if( (rc = zipfileBufferGrow(&p->body, nData)) ) goto zipfile_step_out; memcpy(&p->body.a[p->body.n], aData, nData); p->body.n += nData; } nByte = ZIPFILE_CDS_FIXED_SZ + e.cds.nFile + 9; if( (rc = zipfileBufferGrow(&p->cds, nByte)) ) goto zipfile_step_out; p->cds.n += zipfileSerializeCDS(&e, &p->cds.a[p->cds.n]); p->nEntry++; zipfile_step_out: sqlite3_free(aFree); sqlite3_free(zFree); if( rc ){ if( zErr ){ sqlite3_result_error(pCtx, zErr, -1); }else{ sqlite3_result_error_code(pCtx, rc); } } sqlite3_free(zErr); }",visit repo url,ext/misc/zipfile.c,https://github.com/sqlite/sqlite,16785668760344,1 6104,CWE-190,"void eb_mul_lodah(eb_t r, const eb_t p, const bn_t k) { int bits, i, j; dv_t x1, z1, x2, z2, r1, r2, r3, r4, r5; const dig_t *b; bn_t t, n; if (bn_is_zero(k)) { eb_set_infty(r); return; } bn_null(n); bn_null(t); dv_null(x1); dv_null(z1); dv_null(x2); dv_null(z2); dv_null(r1); dv_null(r2); dv_null(r3); dv_null(r4); dv_null(r5); RLC_TRY { bn_new(n); bn_new(t); dv_new(x1); dv_new(z1); dv_new(x2); dv_new(z2); dv_new(r1); dv_new(r2); dv_new(r3); dv_new(r4); dv_new(r5); fb_sqr(z2, p->x); fb_sqr(x2, z2); dv_zero(r5, 2 * RLC_FB_DIGS); b = eb_curve_get_b(); eb_curve_get_ord(n); bits = bn_bits(n); bn_abs(t, k); bn_add(t, t, n); bn_add(n, t, n); dv_swap_cond(t->dp, n->dp, RLC_MAX(t->used, n->used), bn_get_bit(t, bits) == 0); t->used = RLC_SEL(t->used, n->used, bn_get_bit(t, bits) == 0); switch (eb_curve_opt_b()) { case RLC_ZERO: break; case RLC_ONE: fb_add_dig(x2, x2, (dig_t)1); break; case RLC_TINY: fb_add_dig(x2, x2, b[0]); break; default: fb_addn_low(x2, x2, b); break; } fb_rand(z1); fb_mul(x1, z1, p->x); fb_rand(r1); fb_mul(z2, z2, r1); fb_mul(x2, x2, r1); for (i = bits - 1; i >= 0; i--) { j = bn_get_bit(t, i); fb_mul(r1, x1, z2); fb_mul(r2, x2, z1); fb_add(r3, r1, r2); fb_muln_low(r4, r1, r2); dv_swap_cond(x1, x2, RLC_FB_DIGS, j ^ 1); dv_swap_cond(z1, z2, RLC_FB_DIGS, j ^ 1); fb_sqr(z1, r3); fb_muln_low(r1, z1, p->x); fb_addd_low(x1, r1, r4, 2 * RLC_FB_DIGS); fb_rdcn_low(x1, x1); fb_sqr(r1, z2); fb_sqr(r2, x2); fb_mul(z2, r1, r2); switch (eb_curve_opt_b()) { case RLC_ZERO: fb_sqr(x2, r2); break; case RLC_ONE: fb_add(r1, r1, r2); fb_sqr(x2, r1); break; case RLC_TINY: fb_sqr(r1, r1); fb_sqrl_low(x2, r2); fb_mul1_low(r5, r1, b[0]); fb_addd_low(x2, x2, r5, RLC_FB_DIGS + 1); fb_rdcn_low(x2, x2); break; default: fb_sqr(r1, r1); fb_sqrl_low(x2, r2); fb_muln_low(r5, r1, b); fb_addd_low(x2, x2, r5, 2 * RLC_FB_DIGS); fb_rdcn_low(x2, x2); break; } dv_swap_cond(x1, x2, RLC_FB_DIGS, j ^ 1); dv_swap_cond(z1, z2, RLC_FB_DIGS, j ^ 1); } if (fb_is_zero(z1)) { eb_set_infty(r); } else { if (fb_is_zero(z2)) { fb_copy(r->x, p->x); fb_add(r->y, p->x, p->y); fb_set_dig(r->z, 1); } else { fb_mul(r3, z1, z2); fb_mul(z1, z1, p->x); fb_add(z1, z1, x1); fb_mul(z2, z2, p->x); fb_mul(x1, x1, z2); fb_add(z2, z2, x2); fb_mul(z2, z2, z1); fb_sqr(r4, p->x); fb_add(r4, r4, p->y); fb_mul(r4, r4, r3); fb_add(r4, r4, z2); fb_mul(r3, r3, p->x); fb_inv(r3, r3); fb_mul(r4, r4, r3); fb_mul(x2, x1, r3); fb_add(z2, x2, p->x); fb_mul(z2, z2, r4); fb_add(z2, z2, p->y); fb_copy(r->x, x2); fb_copy(r->y, z2); fb_set_dig(r->z, 1); } } r->coord = BASIC; if (bn_sign(k) == RLC_NEG) { eb_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(t); dv_free(x1); dv_free(z1); dv_free(x2); dv_free(z2); dv_free(r1); dv_free(r2); dv_free(r3); dv_free(r4); dv_free(r5); } }",visit repo url,src/eb/relic_eb_mul.c,https://github.com/relic-toolkit/relic,172930668243773,1 3248,CWE-125,"pimv2_addr_print(netdissect_options *ndo, const u_char *bp, enum pimv2_addrtype at, int silent) { int af; int len, hdrlen; ND_TCHECK(bp[0]); if (pimv2_addr_len == 0) { ND_TCHECK(bp[1]); switch (bp[0]) { case 1: af = AF_INET; len = sizeof(struct in_addr); break; case 2: af = AF_INET6; len = sizeof(struct in6_addr); break; default: return -1; } if (bp[1] != 0) return -1; hdrlen = 2; } else { switch (pimv2_addr_len) { case sizeof(struct in_addr): af = AF_INET; break; case sizeof(struct in6_addr): af = AF_INET6; break; default: return -1; break; } len = pimv2_addr_len; hdrlen = 0; } bp += hdrlen; switch (at) { case pimv2_unicast: ND_TCHECK2(bp[0], len); if (af == AF_INET) { if (!silent) ND_PRINT((ndo, ""%s"", ipaddr_string(ndo, bp))); } else if (af == AF_INET6) { if (!silent) ND_PRINT((ndo, ""%s"", ip6addr_string(ndo, bp))); } return hdrlen + len; case pimv2_group: case pimv2_source: ND_TCHECK2(bp[0], len + 2); if (af == AF_INET) { if (!silent) { ND_PRINT((ndo, ""%s"", ipaddr_string(ndo, bp + 2))); if (bp[1] != 32) ND_PRINT((ndo, ""/%u"", bp[1])); } } else if (af == AF_INET6) { if (!silent) { ND_PRINT((ndo, ""%s"", ip6addr_string(ndo, bp + 2))); if (bp[1] != 128) ND_PRINT((ndo, ""/%u"", bp[1])); } } if (bp[0] && !silent) { if (at == pimv2_group) { ND_PRINT((ndo, ""(0x%02x)"", bp[0])); } else { ND_PRINT((ndo, ""(%s%s%s"", bp[0] & 0x04 ? ""S"" : """", bp[0] & 0x02 ? ""W"" : """", bp[0] & 0x01 ? ""R"" : """")); if (bp[0] & 0xf8) { ND_PRINT((ndo, ""+0x%02x"", bp[0] & 0xf8)); } ND_PRINT((ndo, "")"")); } } return hdrlen + 2 + len; default: return -1; } trunc: return -1; }",visit repo url,print-pim.c,https://github.com/the-tcpdump-group/tcpdump,260175994876432,1 1031,['CWE-20'],"static int groups_from_user(struct group_info *group_info, gid_t __user *grouplist) { int i; int count = group_info->ngroups; for (i = 0; i < group_info->nblocks; i++) { int cp_count = min(NGROUPS_PER_BLOCK, count); int off = i * NGROUPS_PER_BLOCK; int len = cp_count * sizeof(*grouplist); if (copy_from_user(group_info->blocks[i], grouplist+off, len)) return -EFAULT; count -= cp_count; } return 0; }",linux-2.6,,,292572176576935627080941128814193787421,0 1035,CWE-400,"static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) { u32 low32, high32; unsigned long tmpl; struct desc_ptr dt; vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); vmcs_writel(HOST_CR4, read_cr4()); vmcs_writel(HOST_CR3, read_cr3()); vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); #ifdef CONFIG_X86_64 vmcs_write16(HOST_DS_SELECTOR, 0); vmcs_write16(HOST_ES_SELECTOR, 0); #else vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); vmcs_write16(HOST_ES_SELECTOR, __KERNEL_DS); #endif vmcs_write16(HOST_SS_SELECTOR, __KERNEL_DS); vmcs_write16(HOST_TR_SELECTOR, GDT_ENTRY_TSS*8); native_store_idt(&dt); vmcs_writel(HOST_IDTR_BASE, dt.address); vmx->host_idt_base = dt.address; vmcs_writel(HOST_RIP, vmx_return); rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); rdmsrl(MSR_IA32_SYSENTER_EIP, tmpl); vmcs_writel(HOST_IA32_SYSENTER_EIP, tmpl); if (vmcs_config.vmexit_ctrl & VM_EXIT_LOAD_IA32_PAT) { rdmsr(MSR_IA32_CR_PAT, low32, high32); vmcs_write64(HOST_IA32_PAT, low32 | ((u64) high32 << 32)); } }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,8406021339245,1 1706,CWE-19,"ext4_xattr_block_list(struct dentry *dentry, char *buffer, size_t buffer_size) { struct inode *inode = d_inode(dentry); struct buffer_head *bh = NULL; int error; struct mb_cache *ext4_mb_cache = EXT4_GET_MB_CACHE(inode); ea_idebug(inode, ""buffer=%p, buffer_size=%ld"", buffer, (long)buffer_size); error = 0; if (!EXT4_I(inode)->i_file_acl) goto cleanup; ea_idebug(inode, ""reading block %llu"", (unsigned long long)EXT4_I(inode)->i_file_acl); bh = sb_bread(inode->i_sb, EXT4_I(inode)->i_file_acl); error = -EIO; if (!bh) goto cleanup; ea_bdebug(bh, ""b_count=%d, refcount=%d"", atomic_read(&(bh->b_count)), le32_to_cpu(BHDR(bh)->h_refcount)); if (ext4_xattr_check_block(inode, bh)) { EXT4_ERROR_INODE(inode, ""bad block %llu"", EXT4_I(inode)->i_file_acl); error = -EFSCORRUPTED; goto cleanup; } ext4_xattr_cache_insert(ext4_mb_cache, bh); error = ext4_xattr_list_entries(dentry, BFIRST(bh), buffer, buffer_size); cleanup: brelse(bh); return error; }",visit repo url,fs/ext4/xattr.c,https://github.com/torvalds/linux,168242712343204,1 2392,['CWE-119'],"static void show_rename_copy(FILE *file, const char *renamecopy, struct diff_filepair *p) { char *names = pprint_rename(p->one->path, p->two->path); fprintf(file, "" %s %s (%d%%)\n"", renamecopy, names, similarity_index(p)); free(names); show_mode_change(file, p, 0); }",git,,,92652263793081454625913123573579152670,0 25,['CWE-264'],"static int sqlite_handle_preparer(pdo_dbh_t *dbh, const char *sql, long sql_len, pdo_stmt_t *stmt, zval *driver_options TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; pdo_sqlite_stmt *S = ecalloc(1, sizeof(pdo_sqlite_stmt)); int i; const char *tail; S->H = H; stmt->driver_data = S; stmt->methods = &sqlite_stmt_methods; stmt->supports_placeholders = PDO_PLACEHOLDER_POSITIONAL|PDO_PLACEHOLDER_NAMED; if (PDO_CURSOR_FWDONLY != pdo_attr_lval(driver_options, PDO_ATTR_CURSOR, PDO_CURSOR_FWDONLY TSRMLS_CC)) { H->einfo.errcode = SQLITE_ERROR; pdo_sqlite_error(dbh); return 0; } i = sqlite3_prepare(H->db, sql, sql_len, &S->stmt, &tail); if (i == SQLITE_OK) { return 1; } pdo_sqlite_error(dbh); return 0; }",php-src,,,259270264191226164789310619826253668888,0 5912,CWE-190,"static Jsi_RC jsi_ArrayReduceSubCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this,Jsi_Value **ret, Jsi_Func *funcPtr, int op) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array""); Jsi_RC rc = JSI_OK; int curlen, i; Jsi_Obj *obj; Jsi_Value *func, *vpargs, *ini = Jsi_ValueArrayIndex(interp, args, 1); func = Jsi_ValueArrayIndex(interp, args, 0); if (!Jsi_ValueIsFunction(interp, func)) return Jsi_LogError(""expected function""); Jsi_Value *nrPtr = Jsi_ValueNew1(interp); obj = _this->d.obj; curlen = Jsi_ObjGetLength(interp, obj); if (curlen < 0) Jsi_ObjSetLength(interp, obj, 0); Jsi_ObjListifyArray(interp, obj); Jsi_Value *vobjs[4]; int n, rev = (op==2); Jsi_Func *fptr = func->d.obj->d.fobj->func; int maa = (fptr->argnames?fptr->argnames->argCnt:0); if (maa>4) maa = 4; for (n = 0, i = (rev?obj->arrCnt-1:0); (rev?i>=0:i < (int)obj->arrCnt) && rc == JSI_OK; n++, i = (rev?i-1:i+1)) { if (!obj->arr[i]) continue; if (n==0 && !ini) { ini = obj->arr[i]; continue; } vobjs[0] = ini; vobjs[1] = obj->arr[i]; vobjs[2] = (maa>2?Jsi_ValueNewNumber(interp, i):NULL); vobjs[3] = _this; vpargs = Jsi_ValueMakeObject(interp, NULL, Jsi_ObjNewArray(interp, vobjs, maa, 0)); Jsi_IncrRefCount(interp, vpargs); rc = Jsi_FunctionInvoke(interp, func, vpargs, &nrPtr, NULL); Jsi_DecrRefCount(interp, vpargs); if (rc != JSI_OK) break; ini = nrPtr; } if (rc == JSI_OK && ini) Jsi_ValueCopy(interp, *ret, ini); Jsi_DecrRefCount(interp, nrPtr); return rc; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,40547633260910,1 2412,CWE-399,"static int filter_frame(AVFilterLink *inlink, AVFrame *buf) { AVFilterContext *ctx = inlink->dst; FPSContext *s = ctx->priv; AVFilterLink *outlink = ctx->outputs[0]; int64_t delta; int i, ret; s->frames_in++; if (s->pts == AV_NOPTS_VALUE) { if (buf->pts != AV_NOPTS_VALUE) { ret = write_to_fifo(s->fifo, buf); if (ret < 0) return ret; if (s->start_time != DBL_MAX && s->start_time != AV_NOPTS_VALUE) { double first_pts = s->start_time * AV_TIME_BASE; first_pts = FFMIN(FFMAX(first_pts, INT64_MIN), INT64_MAX); s->first_pts = s->pts = av_rescale_q(first_pts, AV_TIME_BASE_Q, inlink->time_base); av_log(ctx, AV_LOG_VERBOSE, ""Set first pts to (in:%""PRId64"" out:%""PRId64"")\n"", s->first_pts, av_rescale_q(first_pts, AV_TIME_BASE_Q, outlink->time_base)); } else { s->first_pts = s->pts = buf->pts; } } else { av_log(ctx, AV_LOG_WARNING, ""Discarding initial frame(s) with no "" ""timestamp.\n""); av_frame_free(&buf); s->drop++; } return 0; } if (buf->pts == AV_NOPTS_VALUE) { return write_to_fifo(s->fifo, buf); } delta = av_rescale_q_rnd(buf->pts - s->pts, inlink->time_base, outlink->time_base, s->rounding); if (delta < 1) { AVFrame *tmp; int drop = av_fifo_size(s->fifo)/sizeof(AVFrame*); av_log(ctx, AV_LOG_DEBUG, ""Dropping %d frame(s).\n"", drop); s->drop += drop; av_fifo_generic_read(s->fifo, &tmp, sizeof(tmp), NULL); flush_fifo(s->fifo); ret = write_to_fifo(s->fifo, tmp); av_frame_free(&buf); return ret; } for (i = 0; i < delta; i++) { AVFrame *buf_out; av_fifo_generic_read(s->fifo, &buf_out, sizeof(buf_out), NULL); if (!av_fifo_size(s->fifo) && i < delta - 1) { AVFrame *dup = av_frame_clone(buf_out); av_log(ctx, AV_LOG_DEBUG, ""Duplicating frame.\n""); if (dup) ret = write_to_fifo(s->fifo, dup); else ret = AVERROR(ENOMEM); if (ret < 0) { av_frame_free(&buf_out); av_frame_free(&buf); return ret; } s->dup++; } buf_out->pts = av_rescale_q(s->first_pts, inlink->time_base, outlink->time_base) + s->frames_out; if ((ret = ff_filter_frame(outlink, buf_out)) < 0) { av_frame_free(&buf); return ret; } s->frames_out++; } flush_fifo(s->fifo); ret = write_to_fifo(s->fifo, buf); s->pts = s->first_pts + av_rescale_q(s->frames_out, outlink->time_base, inlink->time_base); return ret; }",visit repo url,libavfilter/vf_fps.c,https://github.com/FFmpeg/FFmpeg,237875713187517,1 5241,CWE-787,"gplotMakeOutput(GPLOT *gplot) { char buf[L_BUF_SIZE]; char *cmdname; l_int32 ignore; PROCNAME(""gplotMakeOutput""); if (!gplot) return ERROR_INT(""gplot not defined"", procName, 1); gplotGenCommandFile(gplot); gplotGenDataFiles(gplot); cmdname = genPathname(gplot->cmdname, NULL); #ifndef _WIN32 snprintf(buf, L_BUF_SIZE, ""gnuplot %s"", cmdname); #else snprintf(buf, L_BUF_SIZE, ""wgnuplot %s"", cmdname); #endif #ifndef OS_IOS ignore = system(buf); #endif LEPT_FREE(cmdname); return 0; }",visit repo url,src/gplot.c,https://github.com/DanBloomberg/leptonica,3757986976370,1 2231,['CWE-193'],"int filemap_write_and_wait_range(struct address_space *mapping, loff_t lstart, loff_t lend) { int err = 0; if (mapping->nrpages) { err = __filemap_fdatawrite_range(mapping, lstart, lend, WB_SYNC_ALL); if (err != -EIO) { int err2 = wait_on_page_writeback_range(mapping, lstart >> PAGE_CACHE_SHIFT, lend >> PAGE_CACHE_SHIFT); if (!err) err = err2; } } return err; }",linux-2.6,,,339772945770538597153879156373681506852,0 4099,['CWE-399'],"__bsg_read(char __user *buf, size_t count, struct bsg_device *bd, const struct iovec *iov, ssize_t *bytes_read) { struct bsg_command *bc; int nr_commands, ret; if (count % sizeof(struct sg_io_v4)) return -EINVAL; ret = 0; nr_commands = count / sizeof(struct sg_io_v4); while (nr_commands) { bc = bsg_get_done_cmd(bd); if (IS_ERR(bc)) { ret = PTR_ERR(bc); break; } ret = blk_complete_sgv4_hdr_rq(bc->rq, &bc->hdr, bc->bio, bc->bidi_bio); if (copy_to_user(buf, &bc->hdr, sizeof(bc->hdr))) ret = -EFAULT; bsg_free_command(bc); if (ret) break; buf += sizeof(struct sg_io_v4); *bytes_read += sizeof(struct sg_io_v4); nr_commands--; } return ret; }",linux-2.6,,,8206027731592718285085453186525386554,0 1499,[],"static inline void finish_lock_switch(struct rq *rq, struct task_struct *prev) { #ifdef CONFIG_SMP smp_wmb(); prev->oncpu = 0; #endif #ifndef __ARCH_WANT_INTERRUPTS_ON_CTXSW local_irq_enable(); #endif }",linux-2.6,,,143869159564955526996443622881805443882,0 3447,['CWE-20'],"validate_body_helper (DBusTypeReader *reader, int byte_order, dbus_bool_t walk_reader_to_end, const unsigned char *p, const unsigned char *end, const unsigned char **new_p) { int current_type; while ((current_type = _dbus_type_reader_get_current_type (reader)) != DBUS_TYPE_INVALID) { const unsigned char *a; int alignment; #if 0 _dbus_verbose ("" validating value of type %s type reader %p type_pos %d p %p end %p %d remain\n"", _dbus_type_to_string (current_type), reader, reader->type_pos, p, end, (int) (end - p)); #endif if (p == end) return DBUS_INVALID_NOT_ENOUGH_DATA; switch (current_type) { case DBUS_TYPE_BYTE: ++p; break; case DBUS_TYPE_BOOLEAN: case DBUS_TYPE_INT16: case DBUS_TYPE_UINT16: case DBUS_TYPE_INT32: case DBUS_TYPE_UINT32: case DBUS_TYPE_INT64: case DBUS_TYPE_UINT64: case DBUS_TYPE_DOUBLE: alignment = _dbus_type_get_alignment (current_type); a = _DBUS_ALIGN_ADDRESS (p, alignment); if (a >= end) return DBUS_INVALID_NOT_ENOUGH_DATA; while (p != a) { if (*p != '\0') return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL; ++p; } if (current_type == DBUS_TYPE_BOOLEAN) { dbus_uint32_t v = _dbus_unpack_uint32 (byte_order, p); if (!(v == 0 || v == 1)) return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE; } p += alignment; break; case DBUS_TYPE_ARRAY: case DBUS_TYPE_STRING: case DBUS_TYPE_OBJECT_PATH: { dbus_uint32_t claimed_len; a = _DBUS_ALIGN_ADDRESS (p, 4); if (a + 4 > end) return DBUS_INVALID_NOT_ENOUGH_DATA; while (p != a) { if (*p != '\0') return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL; ++p; } claimed_len = _dbus_unpack_uint32 (byte_order, p); p += 4; _dbus_assert (p <= end); if (current_type == DBUS_TYPE_ARRAY) { int array_elem_type = _dbus_type_reader_get_element_type (reader); alignment = _dbus_type_get_alignment (array_elem_type); p = _DBUS_ALIGN_ADDRESS (p, alignment); } if (claimed_len > (unsigned long) (end - p)) return DBUS_INVALID_LENGTH_OUT_OF_BOUNDS; if (current_type == DBUS_TYPE_OBJECT_PATH) { DBusString str; _dbus_string_init_const_len (&str, p, claimed_len); if (!_dbus_validate_path (&str, 0, _dbus_string_get_length (&str))) return DBUS_INVALID_BAD_PATH; p += claimed_len; } else if (current_type == DBUS_TYPE_STRING) { DBusString str; _dbus_string_init_const_len (&str, p, claimed_len); if (!_dbus_string_validate_utf8 (&str, 0, _dbus_string_get_length (&str))) return DBUS_INVALID_BAD_UTF8_IN_STRING; p += claimed_len; } else if (current_type == DBUS_TYPE_ARRAY && claimed_len > 0) { DBusTypeReader sub; DBusValidity validity; const unsigned char *array_end; if (claimed_len > DBUS_MAXIMUM_ARRAY_LENGTH) return DBUS_INVALID_ARRAY_LENGTH_EXCEEDS_MAXIMUM; _dbus_type_reader_recurse (reader, &sub); array_end = p + claimed_len; while (p < array_end) { validity = validate_body_helper (&sub, byte_order, FALSE, p, end, &p); if (validity != DBUS_VALID) return validity; } if (p != array_end) return DBUS_INVALID_ARRAY_LENGTH_INCORRECT; } if (current_type != DBUS_TYPE_ARRAY) { if (p == end) return DBUS_INVALID_NOT_ENOUGH_DATA; if (*p != '\0') return DBUS_INVALID_STRING_MISSING_NUL; ++p; } } break; case DBUS_TYPE_SIGNATURE: { dbus_uint32_t claimed_len; DBusString str; DBusValidity validity; claimed_len = *p; ++p; if (claimed_len + 1 > (unsigned long) (end - p)) return DBUS_INVALID_SIGNATURE_LENGTH_OUT_OF_BOUNDS; _dbus_string_init_const_len (&str, p, claimed_len); validity = _dbus_validate_signature_with_reason (&str, 0, _dbus_string_get_length (&str)); if (validity != DBUS_VALID) return validity; p += claimed_len; _dbus_assert (p < end); if (*p != DBUS_TYPE_INVALID) return DBUS_INVALID_SIGNATURE_MISSING_NUL; ++p; _dbus_verbose (""p = %p end = %p claimed_len %u\n"", p, end, claimed_len); } break; case DBUS_TYPE_VARIANT: { dbus_uint32_t claimed_len; DBusString sig; DBusTypeReader sub; DBusValidity validity; int contained_alignment; int contained_type; DBusValidity reason; claimed_len = *p; ++p; if (claimed_len + 1 > (unsigned long) (end - p)) return DBUS_INVALID_VARIANT_SIGNATURE_LENGTH_OUT_OF_BOUNDS; _dbus_string_init_const_len (&sig, p, claimed_len); reason = _dbus_validate_signature_with_reason (&sig, 0, _dbus_string_get_length (&sig)); if (!(reason == DBUS_VALID)) { if (reason == DBUS_VALIDITY_UNKNOWN_OOM_ERROR) return reason; else return DBUS_INVALID_VARIANT_SIGNATURE_BAD; } p += claimed_len; if (*p != DBUS_TYPE_INVALID) return DBUS_INVALID_VARIANT_SIGNATURE_MISSING_NUL; ++p; contained_type = _dbus_first_type_in_signature (&sig, 0); if (contained_type == DBUS_TYPE_INVALID) return DBUS_INVALID_VARIANT_SIGNATURE_EMPTY; contained_alignment = _dbus_type_get_alignment (contained_type); a = _DBUS_ALIGN_ADDRESS (p, contained_alignment); if (a > end) return DBUS_INVALID_NOT_ENOUGH_DATA; while (p != a) { if (*p != '\0') return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL; ++p; } _dbus_type_reader_init_types_only (&sub, &sig, 0); _dbus_assert (_dbus_type_reader_get_current_type (&sub) != DBUS_TYPE_INVALID); validity = validate_body_helper (&sub, byte_order, FALSE, p, end, &p); if (validity != DBUS_VALID) return validity; if (_dbus_type_reader_next (&sub)) return DBUS_INVALID_VARIANT_SIGNATURE_SPECIFIES_MULTIPLE_VALUES; _dbus_assert (_dbus_type_reader_get_current_type (&sub) == DBUS_TYPE_INVALID); } break; case DBUS_TYPE_DICT_ENTRY: case DBUS_TYPE_STRUCT: { DBusTypeReader sub; DBusValidity validity; a = _DBUS_ALIGN_ADDRESS (p, 8); if (a > end) return DBUS_INVALID_NOT_ENOUGH_DATA; while (p != a) { if (*p != '\0') return DBUS_INVALID_ALIGNMENT_PADDING_NOT_NUL; ++p; } _dbus_type_reader_recurse (reader, &sub); validity = validate_body_helper (&sub, byte_order, TRUE, p, end, &p); if (validity != DBUS_VALID) return validity; } break; default: _dbus_assert_not_reached (""invalid typecode in supposedly-validated signature""); break; } #if 0 _dbus_verbose ("" validated value of type %s type reader %p type_pos %d p %p end %p %d remain\n"", _dbus_type_to_string (current_type), reader, reader->type_pos, p, end, (int) (end - p)); #endif if (p > end) { _dbus_verbose (""not enough data!!! p = %p end = %p end-p = %d\n"", p, end, (int) (end - p)); return DBUS_INVALID_NOT_ENOUGH_DATA; } if (walk_reader_to_end) _dbus_type_reader_next (reader); else break; } if (new_p) *new_p = p; return DBUS_VALID; }",dbus,,,123012056663748669789381435421573689522,0 234,CWE-400,"static void umount_tree(struct mount *mnt, enum umount_tree_flags how) { LIST_HEAD(tmp_list); struct mount *p; if (how & UMOUNT_PROPAGATE) propagate_mount_unlock(mnt); for (p = mnt; p; p = next_mnt(p, mnt)) { p->mnt.mnt_flags |= MNT_UMOUNT; list_move(&p->mnt_list, &tmp_list); } list_for_each_entry(p, &tmp_list, mnt_list) { list_del_init(&p->mnt_child); } if (how & UMOUNT_PROPAGATE) propagate_umount(&tmp_list); while (!list_empty(&tmp_list)) { bool disconnect; p = list_first_entry(&tmp_list, struct mount, mnt_list); list_del_init(&p->mnt_expire); list_del_init(&p->mnt_list); __touch_mnt_namespace(p->mnt_ns); p->mnt_ns = NULL; if (how & UMOUNT_SYNC) p->mnt.mnt_flags |= MNT_SYNC_UMOUNT; disconnect = disconnect_mount(p, how); pin_insert_group(&p->mnt_umount, &p->mnt_parent->mnt, disconnect ? &unmounted : NULL); if (mnt_has_parent(p)) { mnt_add_count(p->mnt_parent, -1); if (!disconnect) { list_add_tail(&p->mnt_child, &p->mnt_parent->mnt_mounts); } else { umount_mnt(p); } } change_mnt_propagation(p, MS_PRIVATE); } }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,181446281454718,1 2751,CWE-20,"static int spl_array_has_dimension_ex(int check_inherited, zval *object, zval *offset, int check_empty TSRMLS_DC) { spl_array_object *intern = (spl_array_object*)zend_object_store_get_object(object TSRMLS_CC); long index; zval *rv, *value = NULL, **tmp; if (check_inherited && intern->fptr_offset_has) { zval *offset_tmp = offset; SEPARATE_ARG_IF_REF(offset_tmp); zend_call_method_with_1_params(&object, Z_OBJCE_P(object), &intern->fptr_offset_has, ""offsetExists"", &rv, offset_tmp); zval_ptr_dtor(&offset_tmp); if (rv && zend_is_true(rv)) { zval_ptr_dtor(&rv); if (check_empty != 1) { return 1; } else if (intern->fptr_offset_get) { value = spl_array_read_dimension_ex(1, object, offset, BP_VAR_R TSRMLS_CC); } } else { if (rv) { zval_ptr_dtor(&rv); } return 0; } } if (!value) { HashTable *ht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); switch(Z_TYPE_P(offset)) { case IS_STRING: if (zend_symtable_find(ht, Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) &tmp) != FAILURE) { if (check_empty == 2) { return 1; } } else { return 0; } break; case IS_DOUBLE: case IS_RESOURCE: case IS_BOOL: case IS_LONG: if (offset->type == IS_DOUBLE) { index = (long)Z_DVAL_P(offset); } else { index = Z_LVAL_P(offset); } if (zend_hash_index_find(ht, index, (void **)&tmp) != FAILURE) { if (check_empty == 2) { return 1; } } else { return 0; } break; default: zend_error(E_WARNING, ""Illegal offset type""); return 0; } if (check_empty && check_inherited && intern->fptr_offset_get) { value = spl_array_read_dimension_ex(1, object, offset, BP_VAR_R TSRMLS_CC); } else { value = *tmp; } } return check_empty ? zend_is_true(value) : Z_TYPE_P(value) != IS_NULL; } ",visit repo url,ext/spl/spl_array.c,https://github.com/php/php-src,75588088762533,1 1199,CWE-400,"void handle_stdfmna(struct pt_regs *regs, unsigned long sfar, unsigned long sfsr) { unsigned long pc = regs->tpc; unsigned long tstate = regs->tstate; u32 insn; u64 value; u8 freg; int flag; struct fpustate *f = FPUSTATE; if (tstate & TSTATE_PRIV) die_if_kernel(""stdfmna from kernel"", regs); perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, 0, regs, sfar); if (test_thread_flag(TIF_32BIT)) pc = (u32)pc; if (get_user(insn, (u32 __user *) pc) != -EFAULT) { int asi = decode_asi(insn, regs); freg = ((insn >> 25) & 0x1e) | ((insn >> 20) & 0x20); value = 0; flag = (freg < 32) ? FPRS_DL : FPRS_DU; if ((asi > ASI_SNFL) || (asi < ASI_P)) goto daex; save_and_clear_fpu(); if (current_thread_info()->fpsaved[0] & flag) value = *(u64 *)&f->regs[freg]; switch (asi) { case ASI_P: case ASI_S: break; case ASI_PL: case ASI_SL: value = __swab64p(&value); break; default: goto daex; } if (put_user (value >> 32, (u32 __user *) sfar) || __put_user ((u32)value, (u32 __user *)(sfar + 4))) goto daex; } else { daex: if (tlb_type == hypervisor) sun4v_data_access_exception(regs, sfar, sfsr); else spitfire_data_access_exception(regs, sfsr, sfar); return; } advance(regs); }",visit repo url,arch/sparc/kernel/unaligned_64.c,https://github.com/torvalds/linux,206105816095117,1 833,CWE-20,"static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct rose_sock *rose = rose_sk(sk); struct sockaddr_rose *srose = (struct sockaddr_rose *)msg->msg_name; size_t copied; unsigned char *asmptr; struct sk_buff *skb; int n, er, qbit; if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; if ((skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &er)) == NULL) return er; qbit = (skb->data[0] & ROSE_Q_BIT) == ROSE_Q_BIT; skb_pull(skb, ROSE_MIN_LEN); if (rose->qbitincl) { asmptr = skb_push(skb, 1); *asmptr = qbit; } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (srose != NULL) { memset(srose, 0, msg->msg_namelen); srose->srose_family = AF_ROSE; srose->srose_addr = rose->dest_addr; srose->srose_call = rose->dest_call; srose->srose_ndigis = rose->dest_ndigis; if (msg->msg_namelen >= sizeof(struct full_sockaddr_rose)) { struct full_sockaddr_rose *full_srose = (struct full_sockaddr_rose *)msg->msg_name; for (n = 0 ; n < rose->dest_ndigis ; n++) full_srose->srose_digis[n] = rose->dest_digis[n]; msg->msg_namelen = sizeof(struct full_sockaddr_rose); } else { if (rose->dest_ndigis >= 1) { srose->srose_ndigis = 1; srose->srose_digi = rose->dest_digis[0]; } msg->msg_namelen = sizeof(struct sockaddr_rose); } } skb_free_datagram(sk, skb); return copied; }",visit repo url,net/rose/af_rose.c,https://github.com/torvalds/linux,102675711192841,1 5604,CWE-125,"ast_for_async_stmt(struct compiling *c, const node *n) { REQ(n, async_stmt); REQ(CHILD(n, 0), ASYNC); switch (TYPE(CHILD(n, 1))) { case funcdef: return ast_for_funcdef_impl(c, CHILD(n, 1), NULL, 1 ); case with_stmt: return ast_for_with_stmt(c, CHILD(n, 1), 1 ); case for_stmt: return ast_for_for_stmt(c, CHILD(n, 1), 1 ); default: PyErr_Format(PyExc_SystemError, ""invalid async stament: %s"", STR(CHILD(n, 1))); return NULL; } }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,60590774873165,1 5717,['CWE-200'],"static int llc_ui_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); struct sockaddr_llc *addr = (struct sockaddr_llc *)msg->msg_name; int flags = msg->msg_flags; int noblock = flags & MSG_DONTWAIT; struct sk_buff *skb; size_t size = 0; int rc = -EINVAL, copied = 0, hdrlen; dprintk(""%s: sending from %02X to %02X\n"", __func__, llc->laddr.lsap, llc->daddr.lsap); lock_sock(sk); if (addr) { if (msg->msg_namelen < sizeof(*addr)) goto release; } else { if (llc_ui_addr_null(&llc->addr)) goto release; addr = &llc->addr; } if (sock_flag(sk, SOCK_ZAPPED)) { rc = llc_ui_autobind(sock, addr); if (rc) goto release; } hdrlen = llc->dev->hard_header_len + llc_ui_header_len(sk, addr); size = hdrlen + len; if (size > llc->dev->mtu) size = llc->dev->mtu; copied = size - hdrlen; release_sock(sk); skb = sock_alloc_send_skb(sk, size, noblock, &rc); lock_sock(sk); if (!skb) goto release; skb->dev = llc->dev; skb->protocol = llc_proto_type(addr->sllc_arphrd); skb_reserve(skb, hdrlen); rc = memcpy_fromiovec(skb_put(skb, copied), msg->msg_iov, copied); if (rc) goto out; if (sk->sk_type == SOCK_DGRAM || addr->sllc_ua) { llc_build_and_send_ui_pkt(llc->sap, skb, addr->sllc_mac, addr->sllc_sap); goto out; } if (addr->sllc_test) { llc_build_and_send_test_pkt(llc->sap, skb, addr->sllc_mac, addr->sllc_sap); goto out; } if (addr->sllc_xid) { llc_build_and_send_xid_pkt(llc->sap, skb, addr->sllc_mac, addr->sllc_sap); goto out; } rc = -ENOPROTOOPT; if (!(sk->sk_type == SOCK_STREAM && !addr->sllc_ua)) goto out; rc = llc_ui_send_data(sk, skb, noblock); out: if (rc) { kfree_skb(skb); release: dprintk(""%s: failed sending from %02X to %02X: %d\n"", __func__, llc->laddr.lsap, llc->daddr.lsap, rc); } release_sock(sk); return rc ? : copied; }",linux-2.6,,,310011005588694103132762444598780538273,0 6120,CWE-190,"static void ed_mul_naf_imp(ed_t r, const ed_t p, const bn_t k) { int l, i, n; int8_t naf[RLC_FP_BITS + 1]; ed_t t[1 << (ED_WIDTH - 2)]; if (bn_is_zero(k)) { ed_set_infty(r); return; } RLC_TRY { for (i = 0; i < (1 << (ED_WIDTH - 2)); i++) { ed_null(t[i]); ed_new(t[i]); } ed_tab(t, p, ED_WIDTH); l = sizeof(naf); bn_rec_naf(naf, &l, k, EP_WIDTH); ed_set_infty(r); for (i = l - 1; i > 0; i--) { n = naf[i]; if (n == 0) { #if ED_ADD == EXTND r->coord = EXTND; #endif } ed_dbl(r, r); if (n > 0) { ed_add(r, r, t[n / 2]); } else if (n < 0) { ed_sub(r, r, t[-n / 2]); } } n = naf[0]; ed_dbl(r, r); if (n > 0) { ed_add(r, r, t[n / 2]); } else if (n < 0) { ed_sub(r, r, t[-n / 2]); } ed_norm(r, r); if (bn_sign(k) == RLC_NEG) { ed_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (ED_WIDTH - 2)); i++) { ed_free(t[i]); } } }",visit repo url,src/ed/relic_ed_mul.c,https://github.com/relic-toolkit/relic,98156425350421,1 1365,[],"place_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, int initial) { u64 vruntime; if (first_fair(cfs_rq)) { vruntime = min_vruntime(cfs_rq->min_vruntime, __pick_next_entity(cfs_rq)->vruntime); } else vruntime = cfs_rq->min_vruntime; if (sched_feat(TREE_AVG)) { struct sched_entity *last = __pick_last_entity(cfs_rq); if (last) { vruntime += last->vruntime; vruntime >>= 1; } } else if (sched_feat(APPROX_AVG) && cfs_rq->nr_running) vruntime += sched_vslice(cfs_rq)/2; if (initial && sched_feat(START_DEBIT)) vruntime += sched_vslice_add(cfs_rq, se); if (!initial) { if (sched_feat(NEW_FAIR_SLEEPERS)) { vruntime -= calc_delta_fair(sysctl_sched_latency, &cfs_rq->load); } vruntime = max_vruntime(se->vruntime, vruntime); } se->vruntime = vruntime; }",linux-2.6,,,193369394412823327968682630071380118494,0 776,['CWE-119'],"isdn_net_adjust_hdr(struct sk_buff *skb, struct net_device *dev) { isdn_net_local *lp = (isdn_net_local *) dev->priv; if (!skb) return; if (lp->p_encap == ISDN_NET_ENCAP_ETHER) { const int pullsize = skb_network_offset(skb) - ETH_HLEN; if (pullsize > 0) { printk(KERN_DEBUG ""isdn_net: Pull junk %d\n"", pullsize); skb_pull(skb, pullsize); } } }",linux-2.6,,,17666406686181275097794686855328262706,0 4440,['CWE-264'],"int sock_no_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t len, int flags) { return -EOPNOTSUPP; }",linux-2.6,,,67663611576507582787323604166716438014,0 6644,['CWE-200'],"nma_gconf_settings_get_by_path (NMAGConfSettings *self, const char *path) { NMAGConfSettingsPrivate *priv; GSList *iter; g_return_val_if_fail (NMA_IS_GCONF_SETTINGS (self), NULL); g_return_val_if_fail (path != NULL, NULL); priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self); for (iter = priv->connections; iter; iter = iter->next) { NMAGConfConnection *connection = NMA_GCONF_CONNECTION (iter->data); const char *gconf_path; gconf_path = nma_gconf_connection_get_path (connection); if (gconf_path && !strcmp (gconf_path, path)) return connection; } return NULL; }",network-manager-applet,,,146582721597771048986840166874818688162,0 5991,CWE-120,"static CYTHON_INLINE PyObject* __Pyx_decode_c_string( const char* cstring, Py_ssize_t start, Py_ssize_t stop, const char* encoding, const char* errors, PyObject* (*decode_func)(const char *s, Py_ssize_t size, const char *errors)) { Py_ssize_t length; if (unlikely((start < 0) | (stop < 0))) { size_t slen = strlen(cstring); if (unlikely(slen > (size_t) PY_SSIZE_T_MAX)) { PyErr_SetString(PyExc_OverflowError, ""c-string too long to convert to Python""); return NULL; } length = (Py_ssize_t) slen; if (start < 0) { start += length; if (start < 0) start = 0; } if (stop < 0) stop += length; } if (unlikely(stop <= start)) return PyUnicode_FromUnicode(NULL, 0); length = stop - start; cstring += start; if (decode_func) { return decode_func(cstring, length, errors); } else { return PyUnicode_Decode(cstring, length, encoding, errors); } }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,254480056143020,1 2775,CWE-119,"PHP_FUNCTION(dns_get_record) { char *hostname; int hostname_len; long type_param = PHP_DNS_ANY; zval *authns = NULL, *addtl = NULL; int type_to_fetch; #if defined(HAVE_DNS_SEARCH) struct sockaddr_storage from; uint32_t fromsize = sizeof(from); dns_handle_t handle; #elif defined(HAVE_RES_NSEARCH) struct __res_state state; struct __res_state *handle = &state; #endif HEADER *hp; querybuf answer; u_char *cp = NULL, *end = NULL; int n, qd, an, ns = 0, ar = 0; int type, first_query = 1, store_results = 1; zend_bool raw = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""s|lz!z!b"", &hostname, &hostname_len, &type_param, &authns, &addtl, &raw) == FAILURE) { return; } if (authns) { zval_dtor(authns); array_init(authns); } if (addtl) { zval_dtor(addtl); array_init(addtl); } if (!raw) { if ((type_param & ~PHP_DNS_ALL) && (type_param != PHP_DNS_ANY)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Type '%ld' not supported"", type_param); RETURN_FALSE; } } else { if ((type_param < 1) || (type_param > 0xFFFF)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Numeric DNS record type must be between 1 and 65535, '%ld' given"", type_param); RETURN_FALSE; } } array_init(return_value); if (raw) { type = -1; } else if (type_param == PHP_DNS_ANY) { type = PHP_DNS_NUM_TYPES + 1; } else { type = 0; } for ( ; type < (addtl ? (PHP_DNS_NUM_TYPES + 2) : PHP_DNS_NUM_TYPES) || first_query; type++ ) { first_query = 0; switch (type) { case -1: type_to_fetch = type_param; type = PHP_DNS_NUM_TYPES - 1; break; case 0: type_to_fetch = type_param&PHP_DNS_A ? DNS_T_A : 0; break; case 1: type_to_fetch = type_param&PHP_DNS_NS ? DNS_T_NS : 0; break; case 2: type_to_fetch = type_param&PHP_DNS_CNAME ? DNS_T_CNAME : 0; break; case 3: type_to_fetch = type_param&PHP_DNS_SOA ? DNS_T_SOA : 0; break; case 4: type_to_fetch = type_param&PHP_DNS_PTR ? DNS_T_PTR : 0; break; case 5: type_to_fetch = type_param&PHP_DNS_HINFO ? DNS_T_HINFO : 0; break; case 6: type_to_fetch = type_param&PHP_DNS_MX ? DNS_T_MX : 0; break; case 7: type_to_fetch = type_param&PHP_DNS_TXT ? DNS_T_TXT : 0; break; case 8: type_to_fetch = type_param&PHP_DNS_AAAA ? DNS_T_AAAA : 0; break; case 9: type_to_fetch = type_param&PHP_DNS_SRV ? DNS_T_SRV : 0; break; case 10: type_to_fetch = type_param&PHP_DNS_NAPTR ? DNS_T_NAPTR : 0; break; case 11: type_to_fetch = type_param&PHP_DNS_A6 ? DNS_T_A6 : 0; break; case PHP_DNS_NUM_TYPES: store_results = 0; continue; default: case (PHP_DNS_NUM_TYPES + 1): type_to_fetch = DNS_T_ANY; break; } if (type_to_fetch) { #if defined(HAVE_DNS_SEARCH) handle = dns_open(NULL); if (handle == NULL) { zval_dtor(return_value); RETURN_FALSE; } #elif defined(HAVE_RES_NSEARCH) memset(&state, 0, sizeof(state)); if (res_ninit(handle)) { zval_dtor(return_value); RETURN_FALSE; } #else res_init(); #endif n = php_dns_search(handle, hostname, C_IN, type_to_fetch, answer.qb2, sizeof answer); if (n < 0) { php_dns_free_handle(handle); continue; } cp = answer.qb2 + HFIXEDSZ; end = answer.qb2 + n; hp = (HEADER *)&answer; qd = ntohs(hp->qdcount); an = ntohs(hp->ancount); ns = ntohs(hp->nscount); ar = ntohs(hp->arcount); while (qd-- > 0) { n = dn_skipname(cp, end); if (n < 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Unable to parse DNS data received""); zval_dtor(return_value); php_dns_free_handle(handle); RETURN_FALSE; } cp += n + QFIXEDSZ; } while (an-- && cp && cp < end) { zval *retval; cp = php_parserr(cp, &answer, type_to_fetch, store_results, raw, &retval); if (retval != NULL && store_results) { add_next_index_zval(return_value, retval); } } if (authns || addtl) { while (ns-- > 0 && cp && cp < end) { zval *retval = NULL; cp = php_parserr(cp, &answer, DNS_T_ANY, authns != NULL, raw, &retval); if (retval != NULL) { add_next_index_zval(authns, retval); } } } if (addtl) { while (ar-- > 0 && cp && cp < end) { zval *retval = NULL; cp = php_parserr(cp, &answer, DNS_T_ANY, 1, raw, &retval); if (retval != NULL) { add_next_index_zval(addtl, retval); } } } php_dns_free_handle(handle); } } }",visit repo url,ext/standard/dns.c,https://github.com/php/php-src,41134414385320,1 4934,CWE-400,"exif_data_load_data_content (ExifData *data, ExifIfd ifd, const unsigned char *d, unsigned int ds, unsigned int offset, unsigned int recursion_depth) { ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; ExifShort n; ExifEntry *entry; unsigned int i; ExifTag tag; if (!data || !data->priv) return; if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT)) return; if (recursion_depth > 12) { exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifData"", ""Deep recursion detected!""); return; } if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) { exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifData"", ""Tag data past end of buffer (%u > %u)"", offset+2, ds); return; } n = exif_get_short (d + offset, data->priv->order); exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Loading %hu entries..."", n); offset += 2; if (offset + 12 * n > ds) { n = (ds - offset) / 12; exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Short data; only loading %hu entries..."", n); } for (i = 0; i < n; i++) { tag = exif_get_short (d + offset + 12 * i, data->priv->order); switch (tag) { case EXIF_TAG_EXIF_IFD_POINTER: case EXIF_TAG_GPS_INFO_IFD_POINTER: case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: case EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH: case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: o = exif_get_long (d + offset + 12 * i + 8, data->priv->order); exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Sub-IFD entry 0x%x ('%s') at %u."", tag, exif_tag_get_name(tag), o); switch (tag) { case EXIF_TAG_EXIF_IFD_POINTER: CHECK_REC (EXIF_IFD_EXIF); exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1); break; case EXIF_TAG_GPS_INFO_IFD_POINTER: CHECK_REC (EXIF_IFD_GPS); exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1); break; case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: CHECK_REC (EXIF_IFD_INTEROPERABILITY); exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1); break; case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: thumbnail_offset = o; if (thumbnail_offset && thumbnail_length) exif_data_load_data_thumbnail (data, d, ds, thumbnail_offset, thumbnail_length); break; case EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH: thumbnail_length = o; if (thumbnail_offset && thumbnail_length) exif_data_load_data_thumbnail (data, d, ds, thumbnail_offset, thumbnail_length); break; default: return; } break; default: if (!exif_tag_get_name_in_ifd (tag, ifd)) { if (!memcmp (d + offset + 12 * i, ""\0\0\0\0"", 4)) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Skipping empty entry at position %u in '%s'."", i, exif_ifd_get_name (ifd)); break; } exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Unknown tag 0x%04x (entry %u in '%s'). Please report this tag "" ""to ."", tag, i, exif_ifd_get_name (ifd)); if (data->priv->options & EXIF_DATA_OPTION_IGNORE_UNKNOWN_TAGS) break; } entry = exif_entry_new_mem (data->priv->mem); if (!entry) { exif_log (data->priv->log, EXIF_LOG_CODE_NO_MEMORY, ""ExifData"", ""Could not allocate memory""); return; } if (exif_data_load_data_entry (data, entry, d, ds, offset + 12 * i)) exif_content_add_entry (data->ifd[ifd], entry); exif_entry_unref (entry); break; } } }",visit repo url,libexif/exif-data.c,https://github.com/libexif/libexif,159654971851129,1 726,[],"static int jpc_ppt_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_ppt_t *ppt = &ms->parms.ppt; cstate = 0; if (jpc_putuint8(out, ppt->ind)) { return -1; } if (jas_stream_write(out, (char *) ppt->data, ppt->len) != JAS_CAST(int, ppt->len)) { return -1; } return 0; }",jasper,,,85642324347820457650666329638097696001,0 3267,CWE-125,"rsvp_obj_print(netdissect_options *ndo, const u_char *pptr, u_int plen, const u_char *tptr, const char *ident, u_int tlen, const struct rsvp_common_header *rsvp_com_header) { const struct rsvp_object_header *rsvp_obj_header; const u_char *obj_tptr; union { const struct rsvp_obj_integrity_t *rsvp_obj_integrity; const struct rsvp_obj_frr_t *rsvp_obj_frr; } obj_ptr; u_short rsvp_obj_len,rsvp_obj_ctype,obj_tlen,intserv_serv_tlen; int hexdump,processed,padbytes,error_code,error_value,i,sigcheck; union { float f; uint32_t i; } bw; uint8_t namelen; u_int action, subchannel; while(tlen>=sizeof(struct rsvp_object_header)) { ND_TCHECK2(*tptr, sizeof(struct rsvp_object_header)); rsvp_obj_header = (const struct rsvp_object_header *)tptr; rsvp_obj_len=EXTRACT_16BITS(rsvp_obj_header->length); rsvp_obj_ctype=rsvp_obj_header->ctype; if(rsvp_obj_len % 4) { ND_PRINT((ndo, ""%sERROR: object header size %u not a multiple of 4"", ident, rsvp_obj_len)); return -1; } if(rsvp_obj_len < sizeof(struct rsvp_object_header)) { ND_PRINT((ndo, ""%sERROR: object header too short %u < %lu"", ident, rsvp_obj_len, (unsigned long)sizeof(const struct rsvp_object_header))); return -1; } ND_PRINT((ndo, ""%s%s Object (%u) Flags: [%s"", ident, tok2str(rsvp_obj_values, ""Unknown"", rsvp_obj_header->class_num), rsvp_obj_header->class_num, ((rsvp_obj_header->class_num) & 0x80) ? ""ignore"" : ""reject"")); if (rsvp_obj_header->class_num > 128) ND_PRINT((ndo, "" %s"", ((rsvp_obj_header->class_num) & 0x40) ? ""and forward"" : ""silently"")); ND_PRINT((ndo, "" if unknown], Class-Type: %s (%u), length: %u"", tok2str(rsvp_ctype_values, ""Unknown"", ((rsvp_obj_header->class_num)<<8)+rsvp_obj_ctype), rsvp_obj_ctype, rsvp_obj_len)); if(tlen < rsvp_obj_len) { ND_PRINT((ndo, ""%sERROR: object goes past end of objects TLV"", ident)); return -1; } obj_tptr=tptr+sizeof(struct rsvp_object_header); obj_tlen=rsvp_obj_len-sizeof(struct rsvp_object_header); if (!ND_TTEST2(*tptr, rsvp_obj_len)) return -1; hexdump=FALSE; switch(rsvp_obj_header->class_num) { case RSVP_OBJ_SESSION: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return -1; ND_PRINT((ndo, ""%s IPv4 DestAddress: %s, Protocol ID: 0x%02x"", ident, ipaddr_string(ndo, obj_tptr), *(obj_tptr + sizeof(struct in_addr)))); ND_PRINT((ndo, ""%s Flags: [0x%02x], DestPort %u"", ident, *(obj_tptr+5), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return -1; ND_PRINT((ndo, ""%s IPv6 DestAddress: %s, Protocol ID: 0x%02x"", ident, ip6addr_string(ndo, obj_tptr), *(obj_tptr + sizeof(struct in6_addr)))); ND_PRINT((ndo, ""%s Flags: [0x%02x], DestPort %u"", ident, *(obj_tptr+sizeof(struct in6_addr)+1), EXTRACT_16BITS(obj_tptr + sizeof(struct in6_addr) + 2))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 36) return -1; ND_PRINT((ndo, ""%s IPv6 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+18), ip6addr_string(ndo, obj_tptr + 20))); obj_tlen-=36; obj_tptr+=36; break; case RSVP_CTYPE_14: if (obj_tlen < 26) return -1; ND_PRINT((ndo, ""%s IPv6 P2MP LSP ID: 0x%08x, Tunnel ID: 0x%04x, Extended Tunnel ID: %s"", ident, EXTRACT_32BITS(obj_tptr), EXTRACT_16BITS(obj_tptr+6), ip6addr_string(ndo, obj_tptr + 8))); obj_tlen-=26; obj_tptr+=26; break; case RSVP_CTYPE_13: if (obj_tlen < 12) return -1; ND_PRINT((ndo, ""%s IPv4 P2MP LSP ID: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+6), ipaddr_string(ndo, obj_tptr + 8))); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_TUNNEL_IPV4: case RSVP_CTYPE_UNI_IPV4: if (obj_tlen < 12) return -1; ND_PRINT((ndo, ""%s IPv4 Tunnel EndPoint: %s, Tunnel ID: 0x%04x, Extended Tunnel ID: %s"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+6), ipaddr_string(ndo, obj_tptr + 8))); obj_tlen-=12; obj_tptr+=12; break; default: hexdump=TRUE; } break; case RSVP_OBJ_CONFIRM: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < sizeof(struct in_addr)) return -1; ND_PRINT((ndo, ""%s IPv4 Receiver Address: %s"", ident, ipaddr_string(ndo, obj_tptr))); obj_tlen-=sizeof(struct in_addr); obj_tptr+=sizeof(struct in_addr); break; case RSVP_CTYPE_IPV6: if (obj_tlen < sizeof(struct in6_addr)) return -1; ND_PRINT((ndo, ""%s IPv6 Receiver Address: %s"", ident, ip6addr_string(ndo, obj_tptr))); obj_tlen-=sizeof(struct in6_addr); obj_tptr+=sizeof(struct in6_addr); break; default: hexdump=TRUE; } break; case RSVP_OBJ_NOTIFY_REQ: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < sizeof(struct in_addr)) return -1; ND_PRINT((ndo, ""%s IPv4 Notify Node Address: %s"", ident, ipaddr_string(ndo, obj_tptr))); obj_tlen-=sizeof(struct in_addr); obj_tptr+=sizeof(struct in_addr); break; case RSVP_CTYPE_IPV6: if (obj_tlen < sizeof(struct in6_addr)) return-1; ND_PRINT((ndo, ""%s IPv6 Notify Node Address: %s"", ident, ip6addr_string(ndo, obj_tptr))); obj_tlen-=sizeof(struct in6_addr); obj_tptr+=sizeof(struct in6_addr); break; default: hexdump=TRUE; } break; case RSVP_OBJ_SUGGESTED_LABEL: case RSVP_OBJ_UPSTREAM_LABEL: case RSVP_OBJ_RECOVERY_LABEL: case RSVP_OBJ_LABEL: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: while(obj_tlen >= 4 ) { ND_PRINT((ndo, ""%s Label: %u"", ident, EXTRACT_32BITS(obj_tptr))); obj_tlen-=4; obj_tptr+=4; } break; case RSVP_CTYPE_2: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Generalized Label: %u"", ident, EXTRACT_32BITS(obj_tptr))); obj_tlen-=4; obj_tptr+=4; break; case RSVP_CTYPE_3: if (obj_tlen < 12) return-1; ND_PRINT((ndo, ""%s Waveband ID: %u%s Start Label: %u, Stop Label: %u"", ident, EXTRACT_32BITS(obj_tptr), ident, EXTRACT_32BITS(obj_tptr+4), EXTRACT_32BITS(obj_tptr + 8))); obj_tlen-=12; obj_tptr+=12; break; default: hexdump=TRUE; } break; case RSVP_OBJ_STYLE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Reservation Style: %s, Flags: [0x%02x]"", ident, tok2str(rsvp_resstyle_values, ""Unknown"", EXTRACT_24BITS(obj_tptr+1)), *(obj_tptr))); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_SENDER_TEMPLATE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Source Port: %u"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Source Port: %u"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 18))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_13: if (obj_tlen < 40) return-1; ND_PRINT((ndo, ""%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x"" ""%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+18), ident, ip6addr_string(ndo, obj_tptr+20), EXTRACT_16BITS(obj_tptr + 38))); obj_tlen-=40; obj_tptr+=40; break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s IPv4 Tunnel Sender Address: %s, LSP-ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_12: if (obj_tlen < 16) return-1; ND_PRINT((ndo, ""%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x"" ""%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+6), ident, ipaddr_string(ndo, obj_tptr+8), EXTRACT_16BITS(obj_tptr + 12))); obj_tlen-=16; obj_tptr+=16; break; default: hexdump=TRUE; } break; case RSVP_OBJ_LABEL_REQ: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: while(obj_tlen >= 4 ) { ND_PRINT((ndo, ""%s L3 Protocol ID: %s"", ident, tok2str(ethertype_values, ""Unknown Protocol (0x%04x)"", EXTRACT_16BITS(obj_tptr + 2)))); obj_tlen-=4; obj_tptr+=4; } break; case RSVP_CTYPE_2: if (obj_tlen < 12) return-1; ND_PRINT((ndo, ""%s L3 Protocol ID: %s"", ident, tok2str(ethertype_values, ""Unknown Protocol (0x%04x)"", EXTRACT_16BITS(obj_tptr + 2)))); ND_PRINT((ndo, "",%s merge capability"",((*(obj_tptr + 4)) & 0x80) ? ""no"" : """" )); ND_PRINT((ndo, ""%s Minimum VPI/VCI: %u/%u"", ident, (EXTRACT_16BITS(obj_tptr+4))&0xfff, (EXTRACT_16BITS(obj_tptr + 6)) & 0xfff)); ND_PRINT((ndo, ""%s Maximum VPI/VCI: %u/%u"", ident, (EXTRACT_16BITS(obj_tptr+8))&0xfff, (EXTRACT_16BITS(obj_tptr + 10)) & 0xfff)); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_3: if (obj_tlen < 12) return-1; ND_PRINT((ndo, ""%s L3 Protocol ID: %s"", ident, tok2str(ethertype_values, ""Unknown Protocol (0x%04x)"", EXTRACT_16BITS(obj_tptr + 2)))); ND_PRINT((ndo, ""%s Minimum/Maximum DLCI: %u/%u, %s%s bit DLCI"", ident, (EXTRACT_32BITS(obj_tptr+4))&0x7fffff, (EXTRACT_32BITS(obj_tptr+8))&0x7fffff, (((EXTRACT_16BITS(obj_tptr+4)>>7)&3) == 0 ) ? ""10"" : """", (((EXTRACT_16BITS(obj_tptr + 4) >> 7) & 3) == 2 ) ? ""23"" : """")); obj_tlen-=12; obj_tptr+=12; break; case RSVP_CTYPE_4: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s LSP Encoding Type: %s (%u)"", ident, tok2str(gmpls_encoding_values, ""Unknown"", *obj_tptr), *obj_tptr)); ND_PRINT((ndo, ""%s Switching Type: %s (%u), Payload ID: %s (0x%04x)"", ident, tok2str(gmpls_switch_cap_values, ""Unknown"", *(obj_tptr+1)), *(obj_tptr+1), tok2str(gmpls_payload_values, ""Unknown"", EXTRACT_16BITS(obj_tptr+2)), EXTRACT_16BITS(obj_tptr + 2))); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_RRO: case RSVP_OBJ_ERO: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: while(obj_tlen >= 4 ) { u_char length; ND_TCHECK2(*obj_tptr, 4); length = *(obj_tptr + 1); ND_PRINT((ndo, ""%s Subobject Type: %s, length %u"", ident, tok2str(rsvp_obj_xro_values, ""Unknown %u"", RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)), length)); if (length == 0) { ND_PRINT((ndo, ""%s ERROR: zero length ERO subtype"", ident)); break; } switch(RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)) { u_char prefix_length; case RSVP_OBJ_XRO_IPV4: if (length != 8) { ND_PRINT((ndo, "" ERROR: length != 8"")); goto invalid; } ND_TCHECK2(*obj_tptr, 8); prefix_length = *(obj_tptr+6); if (prefix_length != 32) { ND_PRINT((ndo, "" ERROR: Prefix length %u != 32"", prefix_length)); goto invalid; } ND_PRINT((ndo, "", %s, %s/%u, Flags: [%s]"", RSVP_OBJ_XRO_MASK_LOOSE(*obj_tptr) ? ""Loose"" : ""Strict"", ipaddr_string(ndo, obj_tptr+2), *(obj_tptr+6), bittok2str(rsvp_obj_rro_flag_values, ""none"", *(obj_tptr + 7)))); break; case RSVP_OBJ_XRO_LABEL: if (length != 8) { ND_PRINT((ndo, "" ERROR: length != 8"")); goto invalid; } ND_TCHECK2(*obj_tptr, 8); ND_PRINT((ndo, "", Flags: [%s] (%#x), Class-Type: %s (%u), %u"", bittok2str(rsvp_obj_rro_label_flag_values, ""none"", *(obj_tptr+2)), *(obj_tptr+2), tok2str(rsvp_ctype_values, ""Unknown"", *(obj_tptr+3) + 256*RSVP_OBJ_RRO), *(obj_tptr+3), EXTRACT_32BITS(obj_tptr + 4))); } obj_tlen-=*(obj_tptr+1); obj_tptr+=*(obj_tptr+1); } break; default: hexdump=TRUE; } break; case RSVP_OBJ_HELLO: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: case RSVP_CTYPE_2: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Source Instance: 0x%08x, Destination Instance: 0x%08x"", ident, EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr + 4))); obj_tlen-=8; obj_tptr+=8; break; default: hexdump=TRUE; } break; case RSVP_OBJ_RESTART_CAPABILITY: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Restart Time: %ums, Recovery Time: %ums"", ident, EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr + 4))); obj_tlen-=8; obj_tptr+=8; break; default: hexdump=TRUE; } break; case RSVP_OBJ_SESSION_ATTRIBUTE: switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 4) return-1; namelen = *(obj_tptr+3); if (obj_tlen < 4+namelen) return-1; ND_PRINT((ndo, ""%s Session Name: "", ident)); for (i = 0; i < namelen; i++) safeputchar(ndo, *(obj_tptr + 4 + i)); ND_PRINT((ndo, ""%s Setup Priority: %u, Holding Priority: %u, Flags: [%s] (%#x)"", ident, (int)*obj_tptr, (int)*(obj_tptr+1), bittok2str(rsvp_session_attribute_flag_values, ""none"", *(obj_tptr+2)), *(obj_tptr + 2))); obj_tlen-=4+*(obj_tptr+3); obj_tptr+=4+*(obj_tptr+3); break; default: hexdump=TRUE; } break; case RSVP_OBJ_GENERALIZED_UNI: switch(rsvp_obj_ctype) { int subobj_type,af,subobj_len,total_subobj_len; case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; total_subobj_len = obj_tlen; while(total_subobj_len > 0) { subobj_len = EXTRACT_16BITS(obj_tptr); subobj_type = (EXTRACT_16BITS(obj_tptr+2))>>8; af = (EXTRACT_16BITS(obj_tptr+2))&0x00FF; ND_PRINT((ndo, ""%s Subobject Type: %s (%u), AF: %s (%u), length: %u"", ident, tok2str(rsvp_obj_generalized_uni_values, ""Unknown"", subobj_type), subobj_type, tok2str(af_values, ""Unknown"", af), af, subobj_len)); if(subobj_len == 0) goto invalid; switch(subobj_type) { case RSVP_GEN_UNI_SUBOBJ_SOURCE_TNA_ADDRESS: case RSVP_GEN_UNI_SUBOBJ_DESTINATION_TNA_ADDRESS: switch(af) { case AFNUM_INET: if (subobj_len < 8) return -1; ND_PRINT((ndo, ""%s UNI IPv4 TNA address: %s"", ident, ipaddr_string(ndo, obj_tptr + 4))); break; case AFNUM_INET6: if (subobj_len < 20) return -1; ND_PRINT((ndo, ""%s UNI IPv6 TNA address: %s"", ident, ip6addr_string(ndo, obj_tptr + 4))); break; case AFNUM_NSAP: if (subobj_len) { hexdump=TRUE; } break; } break; case RSVP_GEN_UNI_SUBOBJ_DIVERSITY: if (subobj_len) { hexdump=TRUE; } break; case RSVP_GEN_UNI_SUBOBJ_EGRESS_LABEL: if (subobj_len < 16) { return -1; } ND_PRINT((ndo, ""%s U-bit: %x, Label type: %u, Logical port id: %u, Label: %u"", ident, ((EXTRACT_32BITS(obj_tptr+4))>>31), ((EXTRACT_32BITS(obj_tptr+4))&0xFF), EXTRACT_32BITS(obj_tptr+8), EXTRACT_32BITS(obj_tptr + 12))); break; case RSVP_GEN_UNI_SUBOBJ_SERVICE_LEVEL: if (subobj_len < 8) { return -1; } ND_PRINT((ndo, ""%s Service level: %u"", ident, (EXTRACT_32BITS(obj_tptr + 4)) >> 24)); break; default: hexdump=TRUE; break; } total_subobj_len-=subobj_len; obj_tptr+=subobj_len; obj_tlen+=subobj_len; } if (total_subobj_len) { hexdump=TRUE; } break; default: hexdump=TRUE; } break; case RSVP_OBJ_RSVP_HOP: switch(rsvp_obj_ctype) { case RSVP_CTYPE_3: case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_32BITS(obj_tptr + 4))); obj_tlen-=8; obj_tptr+=8; if (obj_tlen) hexdump=TRUE; break; case RSVP_CTYPE_4: case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Previous/Next Interface: %s, Logical Interface Handle: 0x%08x"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_32BITS(obj_tptr + 16))); obj_tlen-=20; obj_tptr+=20; hexdump=TRUE; break; default: hexdump=TRUE; } break; case RSVP_OBJ_TIME_VALUES: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Refresh Period: %ums"", ident, EXTRACT_32BITS(obj_tptr))); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_SENDER_TSPEC: case RSVP_OBJ_ADSPEC: case RSVP_OBJ_FLOWSPEC: switch(rsvp_obj_ctype) { case RSVP_CTYPE_2: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Msg-Version: %u, length: %u"", ident, (*obj_tptr & 0xf0) >> 4, EXTRACT_16BITS(obj_tptr + 2) << 2)); obj_tptr+=4; obj_tlen-=4; while (obj_tlen >= 4) { intserv_serv_tlen=EXTRACT_16BITS(obj_tptr+2)<<2; ND_PRINT((ndo, ""%s Service Type: %s (%u), break bit %s set, Service length: %u"", ident, tok2str(rsvp_intserv_service_type_values,""unknown"",*(obj_tptr)), *(obj_tptr), (*(obj_tptr+1)&0x80) ? """" : ""not"", intserv_serv_tlen)); obj_tptr+=4; obj_tlen-=4; while (intserv_serv_tlen>=4) { processed = rsvp_intserv_print(ndo, obj_tptr, obj_tlen); if (processed == 0) break; obj_tlen-=processed; intserv_serv_tlen-=processed; obj_tptr+=processed; } } break; default: hexdump=TRUE; } break; case RSVP_OBJ_FILTERSPEC: switch(rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Source Port: %u"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Source Port: %u"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 18))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_3: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Source Address: %s, Flow Label: %u"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_24BITS(obj_tptr + 17))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_TUNNEL_IPV6: if (obj_tlen < 20) return-1; ND_PRINT((ndo, ""%s Source Address: %s, LSP-ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 18))); obj_tlen-=20; obj_tptr+=20; break; case RSVP_CTYPE_13: if (obj_tlen < 40) return-1; ND_PRINT((ndo, ""%s IPv6 Tunnel Sender Address: %s, LSP ID: 0x%04x"" ""%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x"", ident, ip6addr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+18), ident, ip6addr_string(ndo, obj_tptr+20), EXTRACT_16BITS(obj_tptr + 38))); obj_tlen-=40; obj_tptr+=40; break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Source Address: %s, LSP-ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr + 6))); obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_12: if (obj_tlen < 16) return-1; ND_PRINT((ndo, ""%s IPv4 Tunnel Sender Address: %s, LSP ID: 0x%04x"" ""%s Sub-Group Originator ID: %s, Sub-Group ID: 0x%04x"", ident, ipaddr_string(ndo, obj_tptr), EXTRACT_16BITS(obj_tptr+6), ident, ipaddr_string(ndo, obj_tptr+8), EXTRACT_16BITS(obj_tptr + 12))); obj_tlen-=16; obj_tptr+=16; break; default: hexdump=TRUE; } break; case RSVP_OBJ_FASTREROUTE: obj_ptr.rsvp_obj_frr = (const struct rsvp_obj_frr_t *)obj_tptr; switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < sizeof(struct rsvp_obj_frr_t)) return-1; bw.i = EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->bandwidth); ND_PRINT((ndo, ""%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps"", ident, (int)obj_ptr.rsvp_obj_frr->setup_prio, (int)obj_ptr.rsvp_obj_frr->hold_prio, (int)obj_ptr.rsvp_obj_frr->hop_limit, bw.f * 8 / 1000000)); ND_PRINT((ndo, ""%s Include-any: 0x%08x, Exclude-any: 0x%08x, Include-all: 0x%08x"", ident, EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->include_any), EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->exclude_any), EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->include_all))); obj_tlen-=sizeof(struct rsvp_obj_frr_t); obj_tptr+=sizeof(struct rsvp_obj_frr_t); break; case RSVP_CTYPE_TUNNEL_IPV4: if (obj_tlen < 16) return-1; bw.i = EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->bandwidth); ND_PRINT((ndo, ""%s Setup Priority: %u, Holding Priority: %u, Hop-limit: %u, Bandwidth: %.10g Mbps"", ident, (int)obj_ptr.rsvp_obj_frr->setup_prio, (int)obj_ptr.rsvp_obj_frr->hold_prio, (int)obj_ptr.rsvp_obj_frr->hop_limit, bw.f * 8 / 1000000)); ND_PRINT((ndo, ""%s Include Colors: 0x%08x, Exclude Colors: 0x%08x"", ident, EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->include_any), EXTRACT_32BITS(obj_ptr.rsvp_obj_frr->exclude_any))); obj_tlen-=16; obj_tptr+=16; break; default: hexdump=TRUE; } break; case RSVP_OBJ_DETOUR: switch(rsvp_obj_ctype) { case RSVP_CTYPE_TUNNEL_IPV4: while(obj_tlen >= 8) { ND_PRINT((ndo, ""%s PLR-ID: %s, Avoid-Node-ID: %s"", ident, ipaddr_string(ndo, obj_tptr), ipaddr_string(ndo, obj_tptr + 4))); obj_tlen-=8; obj_tptr+=8; } break; default: hexdump=TRUE; } break; case RSVP_OBJ_CLASSTYPE: case RSVP_OBJ_CLASSTYPE_OLD: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: ND_PRINT((ndo, ""%s CT: %u"", ident, EXTRACT_32BITS(obj_tptr) & 0x7)); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_ERROR_SPEC: switch(rsvp_obj_ctype) { case RSVP_CTYPE_3: case RSVP_CTYPE_IPV4: if (obj_tlen < 8) return-1; error_code=*(obj_tptr+5); error_value=EXTRACT_16BITS(obj_tptr+6); ND_PRINT((ndo, ""%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)"", ident, ipaddr_string(ndo, obj_tptr), *(obj_tptr+4), ident, tok2str(rsvp_obj_error_code_values,""unknown"",error_code), error_code)); switch (error_code) { case RSVP_OBJ_ERROR_SPEC_CODE_ROUTING: ND_PRINT((ndo, "", Error Value: %s (%u)"", tok2str(rsvp_obj_error_code_routing_values,""unknown"",error_value), error_value)); break; case RSVP_OBJ_ERROR_SPEC_CODE_DIFFSERV_TE: case RSVP_OBJ_ERROR_SPEC_CODE_DIFFSERV_TE_OLD: ND_PRINT((ndo, "", Error Value: %s (%u)"", tok2str(rsvp_obj_error_code_diffserv_te_values,""unknown"",error_value), error_value)); break; default: ND_PRINT((ndo, "", Unknown Error Value (%u)"", error_value)); break; } obj_tlen-=8; obj_tptr+=8; break; case RSVP_CTYPE_4: case RSVP_CTYPE_IPV6: if (obj_tlen < 20) return-1; error_code=*(obj_tptr+17); error_value=EXTRACT_16BITS(obj_tptr+18); ND_PRINT((ndo, ""%s Error Node Address: %s, Flags: [0x%02x]%s Error Code: %s (%u)"", ident, ip6addr_string(ndo, obj_tptr), *(obj_tptr+16), ident, tok2str(rsvp_obj_error_code_values,""unknown"",error_code), error_code)); switch (error_code) { case RSVP_OBJ_ERROR_SPEC_CODE_ROUTING: ND_PRINT((ndo, "", Error Value: %s (%u)"", tok2str(rsvp_obj_error_code_routing_values,""unknown"",error_value), error_value)); break; default: break; } obj_tlen-=20; obj_tptr+=20; break; default: hexdump=TRUE; } break; case RSVP_OBJ_PROPERTIES: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; padbytes = EXTRACT_16BITS(obj_tptr+2); ND_PRINT((ndo, ""%s TLV count: %u, padding bytes: %u"", ident, EXTRACT_16BITS(obj_tptr), padbytes)); obj_tlen-=4; obj_tptr+=4; while(obj_tlen >= 2 + padbytes) { ND_PRINT((ndo, ""%s %s TLV (0x%02x), length: %u"", ident, tok2str(rsvp_obj_prop_tlv_values,""unknown"",*obj_tptr), *obj_tptr, *(obj_tptr + 1))); if (obj_tlen < *(obj_tptr+1)) return-1; if (*(obj_tptr+1) < 2) return -1; print_unknown_data(ndo, obj_tptr + 2, ""\n\t\t"", *(obj_tptr + 1) - 2); obj_tlen-=*(obj_tptr+1); obj_tptr+=*(obj_tptr+1); } break; default: hexdump=TRUE; } break; case RSVP_OBJ_MESSAGE_ID: case RSVP_OBJ_MESSAGE_ID_ACK: case RSVP_OBJ_MESSAGE_ID_LIST: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: case RSVP_CTYPE_2: if (obj_tlen < 8) return-1; ND_PRINT((ndo, ""%s Flags [0x%02x], epoch: %u"", ident, *obj_tptr, EXTRACT_24BITS(obj_tptr + 1))); obj_tlen-=4; obj_tptr+=4; while(obj_tlen >= 4) { ND_PRINT((ndo, ""%s Message-ID 0x%08x (%u)"", ident, EXTRACT_32BITS(obj_tptr), EXTRACT_32BITS(obj_tptr))); obj_tlen-=4; obj_tptr+=4; } break; default: hexdump=TRUE; } break; case RSVP_OBJ_INTEGRITY: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < sizeof(struct rsvp_obj_integrity_t)) return-1; obj_ptr.rsvp_obj_integrity = (const struct rsvp_obj_integrity_t *)obj_tptr; ND_PRINT((ndo, ""%s Key-ID 0x%04x%08x, Sequence 0x%08x%08x, Flags [%s]"", ident, EXTRACT_16BITS(obj_ptr.rsvp_obj_integrity->key_id), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->key_id+2), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->sequence), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->sequence+4), bittok2str(rsvp_obj_integrity_flag_values, ""none"", obj_ptr.rsvp_obj_integrity->flags))); ND_PRINT((ndo, ""%s MD5-sum 0x%08x%08x%08x%08x "", ident, EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest+4), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest+8), EXTRACT_32BITS(obj_ptr.rsvp_obj_integrity->digest + 12))); sigcheck = signature_verify(ndo, pptr, plen, obj_ptr.rsvp_obj_integrity->digest, rsvp_clear_checksum, rsvp_com_header); ND_PRINT((ndo, "" (%s)"", tok2str(signature_check_values, ""Unknown"", sigcheck))); obj_tlen+=sizeof(struct rsvp_obj_integrity_t); obj_tptr+=sizeof(struct rsvp_obj_integrity_t); break; default: hexdump=TRUE; } break; case RSVP_OBJ_ADMIN_STATUS: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Flags [%s]"", ident, bittok2str(rsvp_obj_admin_status_flag_values, ""none"", EXTRACT_32BITS(obj_tptr)))); obj_tlen-=4; obj_tptr+=4; break; default: hexdump=TRUE; } break; case RSVP_OBJ_LABEL_SET: switch(rsvp_obj_ctype) { case RSVP_CTYPE_1: if (obj_tlen < 4) return-1; action = (EXTRACT_16BITS(obj_tptr)>>8); ND_PRINT((ndo, ""%s Action: %s (%u), Label type: %u"", ident, tok2str(rsvp_obj_label_set_action_values, ""Unknown"", action), action, ((EXTRACT_32BITS(obj_tptr) & 0x7F)))); switch (action) { case LABEL_SET_INCLUSIVE_RANGE: case LABEL_SET_EXCLUSIVE_RANGE: if (obj_tlen < 12) return -1; ND_PRINT((ndo, ""%s Start range: %u, End range: %u"", ident, EXTRACT_32BITS(obj_tptr+4), EXTRACT_32BITS(obj_tptr + 8))); obj_tlen-=12; obj_tptr+=12; break; default: obj_tlen-=4; obj_tptr+=4; subchannel = 1; while(obj_tlen >= 4 ) { ND_PRINT((ndo, ""%s Subchannel #%u: %u"", ident, subchannel, EXTRACT_32BITS(obj_tptr))); obj_tptr+=4; obj_tlen-=4; subchannel++; } break; } break; default: hexdump=TRUE; } break; case RSVP_OBJ_S2L: switch (rsvp_obj_ctype) { case RSVP_CTYPE_IPV4: if (obj_tlen < 4) return-1; ND_PRINT((ndo, ""%s Sub-LSP destination address: %s"", ident, ipaddr_string(ndo, obj_tptr))); obj_tlen-=4; obj_tptr+=4; break; case RSVP_CTYPE_IPV6: if (obj_tlen < 16) return-1; ND_PRINT((ndo, ""%s Sub-LSP destination address: %s"", ident, ip6addr_string(ndo, obj_tptr))); obj_tlen-=16; obj_tptr+=16; break; default: hexdump=TRUE; } break; case RSVP_OBJ_SCOPE: case RSVP_OBJ_POLICY_DATA: case RSVP_OBJ_ACCEPT_LABEL_SET: case RSVP_OBJ_PROTECTION: default: if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, obj_tptr, ""\n\t "", obj_tlen); break; } if (ndo->ndo_vflag > 1 || hexdump == TRUE) print_unknown_data(ndo, tptr + sizeof(struct rsvp_object_header), ""\n\t "", rsvp_obj_len - sizeof(struct rsvp_object_header)); tptr+=rsvp_obj_len; tlen-=rsvp_obj_len; } return 0; invalid: ND_PRINT((ndo, ""%s"", istr)); return -1; trunc: ND_PRINT((ndo, ""\n\t\t"")); ND_PRINT((ndo, ""%s"", tstr)); return -1; }",visit repo url,print-rsvp.c,https://github.com/the-tcpdump-group/tcpdump,113663329827973,1 5689,CWE-436,"bgp_size_t bgp_packet_attribute(struct bgp *bgp, struct peer *peer, struct stream *s, struct attr *attr, struct bpacket_attr_vec_arr *vecarr, struct prefix *p, afi_t afi, safi_t safi, struct peer *from, struct prefix_rd *prd, mpls_label_t *label, uint32_t num_labels, int addpath_encode, uint32_t addpath_tx_id) { size_t cp; size_t aspath_sizep; struct aspath *aspath; int send_as4_path = 0; int send_as4_aggregator = 0; int use32bit = (CHECK_FLAG(peer->cap, PEER_CAP_AS4_RCV)) ? 1 : 0; if (!bgp) bgp = peer->bgp; cp = stream_get_endp(s); if (p && !((afi == AFI_IP && safi == SAFI_UNICAST) && !peer_cap_enhe(peer, afi, safi))) { size_t mpattrlen_pos = 0; mpattrlen_pos = bgp_packet_mpattr_start(s, peer, afi, safi, vecarr, attr); bgp_packet_mpattr_prefix(s, afi, safi, p, prd, label, num_labels, addpath_encode, addpath_tx_id, attr); bgp_packet_mpattr_end(s, mpattrlen_pos); } stream_putc(s, BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_ORIGIN); stream_putc(s, 1); stream_putc(s, attr->origin); if (peer->sort == BGP_PEER_EBGP && (!CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_AS_PATH_UNCHANGED) || attr->aspath->segments == NULL) && (!CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_RSERVER_CLIENT))) { aspath = aspath_dup(attr->aspath); aspath = aspath_delete_confed_seq(aspath); if (CHECK_FLAG(bgp->config, BGP_CONFIG_CONFEDERATION)) { aspath = aspath_add_seq(aspath, bgp->confed_id); } else { if (peer->change_local_as) { if (!CHECK_FLAG( peer->flags, PEER_FLAG_LOCAL_AS_REPLACE_AS)) { aspath = aspath_add_seq(aspath, peer->local_as); } aspath = aspath_add_seq(aspath, peer->change_local_as); } else { aspath = aspath_add_seq(aspath, peer->local_as); } } } else if (peer->sort == BGP_PEER_CONFED) { aspath = aspath_dup(attr->aspath); aspath = aspath_add_confed_seq(aspath, peer->local_as); } else aspath = attr->aspath; stream_putc(s, BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_EXTLEN); stream_putc(s, BGP_ATTR_AS_PATH); aspath_sizep = stream_get_endp(s); stream_putw(s, 0); stream_putw_at(s, aspath_sizep, aspath_put(s, aspath, use32bit)); if (!use32bit && aspath_has_as4(aspath)) send_as4_path = 1; if (afi == AFI_IP && safi == SAFI_UNICAST && !peer_cap_enhe(peer, afi, safi)) { if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP)) { stream_putc(s, BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_NEXT_HOP); bpacket_attr_vec_arr_set_vec(vecarr, BGP_ATTR_VEC_NH, s, attr); stream_putc(s, 4); stream_put_ipv4(s, attr->nexthop.s_addr); } else if (peer_cap_enhe(from, afi, safi)) { stream_putc(s, BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_NEXT_HOP); bpacket_attr_vec_arr_set_vec(vecarr, BGP_ATTR_VEC_NH, s, NULL); stream_putc(s, 4); stream_put_ipv4(s, 0); } } if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_MULTI_EXIT_DISC) || bgp->maxmed_active) { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL); stream_putc(s, BGP_ATTR_MULTI_EXIT_DISC); stream_putc(s, 4); stream_putl(s, (bgp->maxmed_active ? bgp->maxmed_value : attr->med)); } if (peer->sort == BGP_PEER_IBGP || peer->sort == BGP_PEER_CONFED) { stream_putc(s, BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_LOCAL_PREF); stream_putc(s, 4); stream_putl(s, attr->local_pref); } if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_ATOMIC_AGGREGATE)) { stream_putc(s, BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_ATOMIC_AGGREGATE); stream_putc(s, 0); } if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AGGREGATOR)) { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_AGGREGATOR); if (use32bit) { stream_putc(s, 8); stream_putl(s, attr->aggregator_as); } else { stream_putc(s, 6); if (attr->aggregator_as > 65535) { stream_putw(s, BGP_AS_TRANS); send_as4_aggregator = 1; } else stream_putw(s, (uint16_t)attr->aggregator_as); } stream_put_ipv4(s, attr->aggregator_addr.s_addr); } if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_COMMUNITY) && (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_COMMUNITIES))) { if (attr->community->size * 4 > 255) { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_EXTLEN); stream_putc(s, BGP_ATTR_COMMUNITIES); stream_putw(s, attr->community->size * 4); } else { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_COMMUNITIES); stream_putc(s, attr->community->size * 4); } stream_put(s, attr->community->val, attr->community->size * 4); } if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_LARGE_COMMUNITY) && (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_LARGE_COMMUNITIES))) { if (lcom_length(attr->lcommunity) > 255) { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_EXTLEN); stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES); stream_putw(s, lcom_length(attr->lcommunity)); } else { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_LARGE_COMMUNITIES); stream_putc(s, lcom_length(attr->lcommunity)); } stream_put(s, attr->lcommunity->val, lcom_length(attr->lcommunity)); } if (peer->sort == BGP_PEER_IBGP && from && from->sort == BGP_PEER_IBGP) { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL); stream_putc(s, BGP_ATTR_ORIGINATOR_ID); stream_putc(s, 4); if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID)) stream_put_in_addr(s, &attr->originator_id); else stream_put_in_addr(s, &from->remote_id); stream_putc(s, BGP_ATTR_FLAG_OPTIONAL); stream_putc(s, BGP_ATTR_CLUSTER_LIST); if (attr->cluster) { stream_putc(s, attr->cluster->length + 4); if (bgp->config & BGP_CONFIG_CLUSTER_ID) stream_put_in_addr(s, &bgp->cluster_id); else stream_put_in_addr(s, &bgp->router_id); stream_put(s, attr->cluster->list, attr->cluster->length); } else { stream_putc(s, 4); if (bgp->config & BGP_CONFIG_CLUSTER_ID) stream_put_in_addr(s, &bgp->cluster_id); else stream_put_in_addr(s, &bgp->router_id); } } if (CHECK_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_EXT_COMMUNITY) && (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES))) { if (peer->sort == BGP_PEER_IBGP || peer->sort == BGP_PEER_CONFED) { if (attr->ecommunity->size * 8 > 255) { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_EXTLEN); stream_putc(s, BGP_ATTR_EXT_COMMUNITIES); stream_putw(s, attr->ecommunity->size * 8); } else { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_EXT_COMMUNITIES); stream_putc(s, attr->ecommunity->size * 8); } stream_put(s, attr->ecommunity->val, attr->ecommunity->size * 8); } else { uint8_t *pnt; int tbit; int ecom_tr_size = 0; int i; for (i = 0; i < attr->ecommunity->size; i++) { pnt = attr->ecommunity->val + (i * 8); tbit = *pnt; if (CHECK_FLAG(tbit, ECOMMUNITY_FLAG_NON_TRANSITIVE)) continue; ecom_tr_size++; } if (ecom_tr_size) { if (ecom_tr_size * 8 > 255) { stream_putc( s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_EXTLEN); stream_putc(s, BGP_ATTR_EXT_COMMUNITIES); stream_putw(s, ecom_tr_size * 8); } else { stream_putc( s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_EXT_COMMUNITIES); stream_putc(s, ecom_tr_size * 8); } for (i = 0; i < attr->ecommunity->size; i++) { pnt = attr->ecommunity->val + (i * 8); tbit = *pnt; if (CHECK_FLAG( tbit, ECOMMUNITY_FLAG_NON_TRANSITIVE)) continue; stream_put(s, pnt, 8); } } } } if (safi == SAFI_LABELED_UNICAST) { if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_PREFIX_SID)) { uint32_t label_index; label_index = attr->label_index; if (label_index != BGP_INVALID_LABEL_INDEX) { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_PREFIX_SID); stream_putc(s, 10); stream_putc(s, BGP_PREFIX_SID_LABEL_INDEX); stream_putw(s, BGP_PREFIX_SID_LABEL_INDEX_LENGTH); stream_putc(s, 0); stream_putw(s, 0); stream_putl(s, label_index); } } } if (send_as4_path) { aspath = aspath_delete_confed_seq(aspath); stream_putc(s, BGP_ATTR_FLAG_TRANS | BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_EXTLEN); stream_putc(s, BGP_ATTR_AS4_PATH); aspath_sizep = stream_get_endp(s); stream_putw(s, 0); stream_putw_at(s, aspath_sizep, aspath_put(s, aspath, 1)); } if (aspath != attr->aspath) aspath_free(aspath); if (send_as4_aggregator) { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_AS4_AGGREGATOR); stream_putc(s, 8); stream_putl(s, attr->aggregator_as); stream_put_ipv4(s, attr->aggregator_addr.s_addr); } if (((afi == AFI_IP || afi == AFI_IP6) && (safi == SAFI_ENCAP || safi == SAFI_MPLS_VPN)) || (afi == AFI_L2VPN && safi == SAFI_EVPN)) { bgp_packet_mpattr_tea(bgp, peer, s, attr, BGP_ATTR_ENCAP); #if ENABLE_BGP_VNC bgp_packet_mpattr_tea(bgp, peer, s, attr, BGP_ATTR_VNC); #endif } if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_PMSI_TUNNEL)) { stream_putc(s, BGP_ATTR_FLAG_OPTIONAL | BGP_ATTR_FLAG_TRANS); stream_putc(s, BGP_ATTR_PMSI_TUNNEL); stream_putc(s, 9); stream_putc(s, 0); stream_putc(s, PMSI_TNLTYPE_INGR_REPL); stream_put(s, &(attr->label), BGP_LABEL_BYTES); stream_put_ipv4(s, attr->nexthop.s_addr); } if (attr->transit) stream_put(s, attr->transit->val, attr->transit->length); return stream_get_endp(s) - cp; }",visit repo url,bgpd/bgp_attr.c,https://github.com/FRRouting/frr,158481511448736,1 1277,[],"m4_len (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 2, 2)) return; shipout_int (obs, strlen (ARG (1))); }",m4,,,171835053461621871376387303908570747630,0 4171,['CWE-399'],"AvahiServer *avahi_server_new(const AvahiPoll *poll_api, const AvahiServerConfig *sc, AvahiServerCallback callback, void* userdata, int *error) { AvahiServer *s; int e; if (sc && (e = valid_server_config(sc)) < 0) { if (error) *error = e; return NULL; } if (!(s = avahi_new(AvahiServer, 1))) { if (error) *error = AVAHI_ERR_NO_MEMORY; return NULL; } s->poll_api = poll_api; if (sc) avahi_server_config_copy(&s->config, sc); else avahi_server_config_init(&s->config); if ((e = setup_sockets(s)) < 0) { if (error) *error = e; avahi_server_config_free(&s->config); avahi_free(s); return NULL; } s->n_host_rr_pending = 0; s->need_entry_cleanup = 0; s->need_group_cleanup = 0; s->need_browser_cleanup = 0; s->hinfo_entry_group = NULL; s->browse_domain_entry_group = NULL; s->error = AVAHI_OK; s->state = AVAHI_SERVER_INVALID; s->callback = callback; s->userdata = userdata; s->time_event_queue = avahi_time_event_queue_new(poll_api); s->entries_by_key = avahi_hashmap_new((AvahiHashFunc) avahi_key_hash, (AvahiEqualFunc) avahi_key_equal, NULL, NULL); AVAHI_LLIST_HEAD_INIT(AvahiEntry, s->entries); AVAHI_LLIST_HEAD_INIT(AvahiGroup, s->groups); s->record_browser_hashmap = avahi_hashmap_new((AvahiHashFunc) avahi_key_hash, (AvahiEqualFunc) avahi_key_equal, NULL, NULL); AVAHI_LLIST_HEAD_INIT(AvahiSRecordBrowser, s->record_browsers); AVAHI_LLIST_HEAD_INIT(AvahiSHostNameResolver, s->host_name_resolvers); AVAHI_LLIST_HEAD_INIT(AvahiSAddressResolver, s->address_resolvers); AVAHI_LLIST_HEAD_INIT(AvahiSDomainBrowser, s->domain_browsers); AVAHI_LLIST_HEAD_INIT(AvahiSServiceTypeBrowser, s->service_type_browsers); AVAHI_LLIST_HEAD_INIT(AvahiSServiceBrowser, s->service_browsers); AVAHI_LLIST_HEAD_INIT(AvahiSServiceResolver, s->service_resolvers); AVAHI_LLIST_HEAD_INIT(AvahiSDNSServerBrowser, s->dns_server_browsers); s->legacy_unicast_reflect_slots = NULL; s->legacy_unicast_reflect_id = 0; s->record_list = avahi_record_list_new(); s->host_name = s->config.host_name ? avahi_normalize_name_strdup(s->config.host_name) : avahi_get_host_name_strdup(); s->host_name[strcspn(s->host_name, ""."")] = 0; s->domain_name = s->config.domain_name ? avahi_normalize_name_strdup(s->config.domain_name) : avahi_strdup(""local""); s->host_name_fqdn = NULL; update_fqdn(s); do { s->local_service_cookie = (uint32_t) rand() * (uint32_t) rand(); } while (s->local_service_cookie == AVAHI_SERVICE_COOKIE_INVALID); if (s->config.enable_wide_area) { s->wide_area_lookup_engine = avahi_wide_area_engine_new(s); avahi_wide_area_set_servers(s->wide_area_lookup_engine, s->config.wide_area_servers, s->config.n_wide_area_servers); } else s->wide_area_lookup_engine = NULL; s->multicast_lookup_engine = avahi_multicast_lookup_engine_new(s); s->monitor = avahi_interface_monitor_new(s); avahi_interface_monitor_sync(s->monitor); register_localhost(s); register_stuff(s); return s; }",avahi,,,267416507300004438042068643574221504560,0 4924,['CWE-20'],"static void nfs_server_set_fsinfo(struct nfs_server *server, struct nfs_fsinfo *fsinfo) { unsigned long max_rpc_payload; if (server->rsize == 0) server->rsize = nfs_block_size(fsinfo->rtpref, NULL); if (server->wsize == 0) server->wsize = nfs_block_size(fsinfo->wtpref, NULL); if (fsinfo->rtmax >= 512 && server->rsize > fsinfo->rtmax) server->rsize = nfs_block_size(fsinfo->rtmax, NULL); if (fsinfo->wtmax >= 512 && server->wsize > fsinfo->wtmax) server->wsize = nfs_block_size(fsinfo->wtmax, NULL); max_rpc_payload = nfs_block_size(rpc_max_payload(server->client), NULL); if (server->rsize > max_rpc_payload) server->rsize = max_rpc_payload; if (server->rsize > NFS_MAX_FILE_IO_SIZE) server->rsize = NFS_MAX_FILE_IO_SIZE; server->rpages = (server->rsize + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; server->backing_dev_info.ra_pages = server->rpages * NFS_MAX_READAHEAD; if (server->wsize > max_rpc_payload) server->wsize = max_rpc_payload; if (server->wsize > NFS_MAX_FILE_IO_SIZE) server->wsize = NFS_MAX_FILE_IO_SIZE; server->wpages = (server->wsize + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; server->wtmult = nfs_block_bits(fsinfo->wtmult, NULL); server->dtsize = nfs_block_size(fsinfo->dtpref, NULL); if (server->dtsize > PAGE_CACHE_SIZE) server->dtsize = PAGE_CACHE_SIZE; if (server->dtsize > server->rsize) server->dtsize = server->rsize; if (server->flags & NFS_MOUNT_NOAC) { server->acregmin = server->acregmax = 0; server->acdirmin = server->acdirmax = 0; } server->maxfilesize = fsinfo->maxfilesize; rpc_setbufsize(server->client, server->wsize + 100, server->rsize + 100); }",linux-2.6,,,162655117738633089378144601222994192058,0 2399,['CWE-119'],"static char *malloc_base(const char *base, int baselen, const char *path, int pathlen) { char *newbase = xmalloc(baselen + pathlen + 2); memcpy(newbase, base, baselen); memcpy(newbase + baselen, path, pathlen); memcpy(newbase + baselen + pathlen, ""/"", 2); return newbase; }",git,,,281368320158580805270466463809898988676,0 4927,CWE-59,"mem_log_init(const char* prog_name, const char *banner) { size_t log_name_len; char *log_name; if (__test_bit(LOG_CONSOLE_BIT, &debug)) { log_op = stderr; return; } if (log_op) fclose(log_op); log_name_len = 5 + strlen(prog_name) + 5 + 7 + 4 + 1; log_name = malloc(log_name_len); if (!log_name) { log_message(LOG_INFO, ""Unable to malloc log file name""); log_op = stderr; return; } snprintf(log_name, log_name_len, ""/tmp/%s_mem.%d.log"", prog_name, getpid()); log_op = fopen(log_name, ""a""); if (log_op == NULL) { log_message(LOG_INFO, ""Unable to open %s for appending"", log_name); log_op = stderr; } else { int fd = fileno(log_op); fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); setlinebuf(log_op); fprintf(log_op, ""\n""); } free(log_name); terminate_banner = banner; }",visit repo url,lib/memory.c,https://github.com/acassen/keepalived,250472940204871,1 1181,CWE-400,"void ptrace_triggered(struct perf_event *bp, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { struct perf_event_attr attr; attr = bp->attr; attr.disabled = true; modify_user_hw_breakpoint(bp, &attr); }",visit repo url,arch/powerpc/kernel/ptrace.c,https://github.com/torvalds/linux,232629111136685,1 5227,CWE-116,"load_kernel_module_list (void) { GHashTable *modules = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); g_autofree char *modules_data = NULL; g_autoptr(GError) error = NULL; char *start, *end; if (!g_file_get_contents (""/proc/modules"", &modules_data, NULL, &error)) { g_info (""Failed to read /proc/modules: %s"", error->message); return modules; } start = modules_data; while (TRUE) { end = strchr (start, ' '); if (end == NULL) break; g_hash_table_add (modules, g_strndup (start, (end - start))); start = strchr (end, '\n'); if (start == NULL) break; start++; } return modules; }",visit repo url,common/flatpak-utils.c,https://github.com/flatpak/flatpak,136924496576726,1 6362,CWE-476,"jpeg_error_handler(j_common_ptr) { return; }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,22093014031765,1 3490,CWE-119,"int main(int argc, char *argv[]) { char *p, *q, *r; Clp_Parser *clp = Clp_NewParser(argc, (const char * const *)argv, sizeof(options) / sizeof(options[0]), options); program_name = Clp_ProgramName(clp); while (1) { int opt = Clp_Next(clp); switch (opt) { case BLOCK_LEN_OPT: blocklen = clp->val.i; break; output_file: case OUTPUT_OPT: if (ofp) fatal_error(""output file already specified""); if (strcmp(clp->vstr, ""-"") == 0) ofp = stdout; else if (!(ofp = fopen(clp->vstr, ""w""))) fatal_error(""%s: %s"", clp->vstr, strerror(errno)); break; case PFB_OPT: pfb = 1; break; case PFA_OPT: pfb = 0; break; case HELP_OPT: usage(); exit(0); break; case VERSION_OPT: printf(""t1asm (LCDF t1utils) %s\n"", VERSION); printf(""Copyright (C) 1992-2010 I. Lee Hetherington, Eddie Kohler et al.\n\ This is free software; see the source for copying conditions.\n\ There is NO warranty, not even for merchantability or fitness for a\n\ particular purpose.\n""); exit(0); break; case Clp_NotOption: if (ifp && ofp) fatal_error(""too many arguments""); else if (ifp) goto output_file; if (strcmp(clp->vstr, ""-"") == 0) ifp = stdin; else if (!(ifp = fopen(clp->vstr, ""r""))) fatal_error(""%s: %s"", clp->vstr, strerror(errno)); break; case Clp_Done: goto done; case Clp_BadOption: short_usage(); exit(1); break; } } done: if (!pfb) { if (blocklen == -1) blocklen = 64; else if (blocklen < 8) { blocklen = 8; error(""warning: line length raised to %d"", blocklen); } else if (blocklen > 1024) { blocklen = 1024; error(""warning: line length lowered to %d"", blocklen); } } if (!ifp) ifp = stdin; if (!ofp) ofp = stdout; if (pfb) init_pfb_writer(&w, blocklen, ofp); #if defined(_MSDOS) || defined(_WIN32) if (pfb) _setmode(_fileno(ofp), _O_BINARY); #endif while (!feof(ifp) && !ferror(ifp)) { t1utils_getline(); if (!ever_active) { if (strncmp(line, ""currentfile eexec"", 17) == 0 && isspace(line[17])) { for (p = line + 18; isspace(*p); p++) ; eexec_start(p); continue; } else if (strncmp(line, ""/lenIV"", 6) == 0) { lenIV = atoi(line + 6); } else if ((p = strstr(line, ""string currentfile"")) && strstr(line, ""readstring"")) { *p = '\0'; q = strrchr(line, '/'); if (q) { r = cs_start; ++q; while (!isspace(*q) && *q != '{') *r++ = *q++; *r = '\0'; } *p = 's'; } } if (!active) { if ((p = strstr(line, ""/Subrs"")) && isdigit(p[7])) ever_active = active = 1; else if ((p = strstr(line, ""/CharStrings"")) && isdigit(p[13])) ever_active = active = 1; } if ((p = strstr(line, ""currentfile closefile""))) { p += sizeof(""currentfile closefile"") - 1; for (q = p; isspace(*q) && *q != '\n'; q++) ; if (q == p && !*q) error(""warning: `currentfile closefile' line too long""); else if (q != p) { if (*q != '\n') error(""text after `currentfile closefile' ignored""); *p++ = '\n'; *p++ = '\0'; } eexec_string(line); break; } eexec_string(line); if (start_charstring) { if (!cs_start[0]) fatal_error(""couldn't find charstring start command""); parse_charstring(); } } if (in_eexec) eexec_end(); while (!feof(ifp) && !ferror(ifp)) { t1utils_getline(); eexec_string(line); } if (pfb) pfb_writer_end(&w); if (!ever_active) error(""warning: no charstrings found in input file""); fclose(ifp); fclose(ofp); return 0; }",visit repo url,t1asm.c,https://github.com/kohler/t1utils,27219328182176,1 5533,['CWE-20'],"int inflate_stored() { unsigned n; unsigned w; register ulg b; register unsigned k; b = bb; k = bk; w = wp; n = k & 7; DUMPBITS(n); NEEDBITS(16) n = ((unsigned)b & 0xffff); DUMPBITS(16) NEEDBITS(16) if (n != (unsigned)((~b) & 0xffff)) return 1; DUMPBITS(16) while (n--) { NEEDBITS(8) slide[w++] = (uch)b; if (w == WSIZE) { flush_output(w); w = 0; } DUMPBITS(8) } wp = w; bb = b; bk = k; return 0; }",gzip,,,216588181929627176307405295300207234546,0 3260,['CWE-189'],"void jas_image_delcmpt(jas_image_t *image, int cmptno) { if (cmptno >= image->numcmpts_) { return; } jas_image_cmpt_destroy(image->cmpts_[cmptno]); if (cmptno < image->numcmpts_) { memmove(&image->cmpts_[cmptno], &image->cmpts_[cmptno + 1], (image->numcmpts_ - 1 - cmptno) * sizeof(jas_image_cmpt_t *)); } --image->numcmpts_; jas_image_setbbox(image); }",jasper,,,163669015419206392157561014578363412118,0 3391,CWE-787,"static inline Quantum GetPixelChannel(const Image *magick_restrict image, const PixelChannel channel,const Quantum *magick_restrict pixel) { if (image->channel_map[image->channel_map[channel].offset].traits == UndefinedPixelTrait) return((Quantum) 0); return(pixel[image->channel_map[channel].offset]); }",visit repo url,MagickCore/pixel-accessor.h,https://github.com/ImageMagick/ImageMagick,110230727636729,1 4106,['CWE-399'],"static int bsg_put_device(struct bsg_device *bd) { int ret = 0, do_free; struct request_queue *q = bd->queue; mutex_lock(&bsg_mutex); do_free = atomic_dec_and_test(&bd->ref_count); if (!do_free) { mutex_unlock(&bsg_mutex); goto out; } hlist_del(&bd->dev_list); mutex_unlock(&bsg_mutex); dprintk(""%s: tearing down\n"", bd->name); set_bit(BSG_F_BLOCK, &bd->flags); ret = bsg_complete_all_commands(bd); kfree(bd); out: kref_put(&q->bsg_dev.ref, bsg_kref_release_function); if (do_free) blk_put_queue(q); return ret; }",linux-2.6,,,285547013089201577105899671871026505929,0 1039,['CWE-20'],"asmlinkage long sys_setdomainname(char __user *name, int len) { int errno; char tmp[__NEW_UTS_LEN]; if (!capable(CAP_SYS_ADMIN)) return -EPERM; if (len < 0 || len > __NEW_UTS_LEN) return -EINVAL; down_write(&uts_sem); errno = -EFAULT; if (!copy_from_user(tmp, name, len)) { memcpy(utsname()->domainname, tmp, len); utsname()->domainname[len] = 0; errno = 0; } up_write(&uts_sem); return errno; }",linux-2.6,,,178302831233968944569683962832407626658,0 4871,['CWE-189'],"static int decrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, struct scatterlist *dest_sg, struct scatterlist *src_sg, int size, unsigned char *iv) { struct blkcipher_desc desc = { .tfm = crypt_stat->tfm, .info = iv, .flags = CRYPTO_TFM_REQ_MAY_SLEEP }; int rc = 0; mutex_lock(&crypt_stat->cs_tfm_mutex); rc = crypto_blkcipher_setkey(crypt_stat->tfm, crypt_stat->key, crypt_stat->key_size); if (rc) { ecryptfs_printk(KERN_ERR, ""Error setting key; rc = [%d]\n"", rc); mutex_unlock(&crypt_stat->cs_tfm_mutex); rc = -EINVAL; goto out; } ecryptfs_printk(KERN_DEBUG, ""Decrypting [%d] bytes.\n"", size); rc = crypto_blkcipher_decrypt_iv(&desc, dest_sg, src_sg, size); mutex_unlock(&crypt_stat->cs_tfm_mutex); if (rc) { ecryptfs_printk(KERN_ERR, ""Error decrypting; rc = [%d]\n"", rc); goto out; } rc = size; out: return rc; }",linux-2.6,,,99518652514857369478917079296266660149,0 258,[],"static int fat_readdir(struct file *filp, void *dirent, filldir_t filldir) { struct inode *inode = filp->f_path.dentry->d_inode; return __fat_readdir(inode, filp, dirent, filldir, 0, 0); }",linux-2.6,,,303023730814054298150132246917417936985,0 1064,CWE-189,"static int sgi_clock_set(clockid_t clockid, struct timespec *tp) { u64 nsec; u64 rem; nsec = rtc_time() * sgi_clock_period; sgi_clock_offset.tv_sec = tp->tv_sec - div_long_long_rem(nsec, NSEC_PER_SEC, &rem); if (rem <= tp->tv_nsec) sgi_clock_offset.tv_nsec = tp->tv_sec - rem; else { sgi_clock_offset.tv_nsec = tp->tv_sec + NSEC_PER_SEC - rem; sgi_clock_offset.tv_sec--; } return 0; }",visit repo url,drivers/char/mmtimer.c,https://github.com/torvalds/linux,93830485927729,1 5898,['CWE-909'],"check_loop_fn(struct Qdisc *q, unsigned long cl, struct qdisc_walker *w) { struct Qdisc *leaf; const struct Qdisc_class_ops *cops = q->ops->cl_ops; struct check_loop_arg *arg = (struct check_loop_arg *)w; leaf = cops->leaf(q, cl); if (leaf) { if (leaf == arg->p || arg->depth > 7) return -ELOOP; return check_loop(leaf, arg->p, arg->depth + 1); } return 0; }",linux-2.6,,,237034747517829509989011019652461541880,0 5256,CWE-119,"SQLWCHAR* _multi_string_alloc_and_expand( LPCSTR in ) { SQLWCHAR *chr; int len = 0; if ( !in ) { return in; } while ( in[ len ] != 0 || in[ len + 1 ] != 0 ) { len ++; } chr = malloc(sizeof( SQLWCHAR ) * ( len + 2 )); len = 0; while ( in[ len ] != 0 || in[ len + 1 ] != 0 ) { chr[ len ] = in[ len ]; len ++; } chr[ len ++ ] = 0; chr[ len ++ ] = 0; return chr; }",visit repo url,odbcinst/SQLCreateDataSource.c,https://github.com/lurcher/unixODBC,166443426540036,1 4286,CWE-400,"static RList* entries(RBinFile* bf) { RList* ret = NULL; RBinAddr* addr = NULL; psxexe_header psxheader; if (!(ret = r_list_new ())) { return NULL; } if (!(addr = R_NEW0 (RBinAddr))) { r_list_free (ret); return NULL; } if (r_buf_fread_at (bf->buf, 0, (ut8*)&psxheader, ""8c17i"", 1) < sizeof (psxexe_header)) { eprintf (""PSXEXE Header truncated\n""); r_list_free (ret); free (addr); return NULL; } addr->paddr = (psxheader.pc0 - psxheader.t_addr) + PSXEXE_TEXTSECTION_OFFSET; addr->vaddr = psxheader.pc0; r_list_append (ret, addr); return ret; }",visit repo url,libr/bin/p/bin_psxexe.c,https://github.com/radareorg/radare2,70706744545669,1 1105,CWE-362,"void cipso_v4_sock_delattr(struct sock *sk) { int hdr_delta; struct ip_options *opt; struct inet_sock *sk_inet; sk_inet = inet_sk(sk); opt = sk_inet->opt; if (opt == NULL || opt->cipso == 0) return; hdr_delta = cipso_v4_delopt(&sk_inet->opt); if (sk_inet->is_icsk && hdr_delta > 0) { struct inet_connection_sock *sk_conn = inet_csk(sk); sk_conn->icsk_ext_hdr_len -= hdr_delta; sk_conn->icsk_sync_mss(sk, sk_conn->icsk_pmtu_cookie); } }",visit repo url,net/ipv4/cipso_ipv4.c,https://github.com/torvalds/linux,63688326777932,1 5511,CWE-125,"tok_new(void) { struct tok_state *tok = (struct tok_state *)PyMem_MALLOC( sizeof(struct tok_state)); if (tok == NULL) return NULL; tok->buf = tok->cur = tok->end = tok->inp = tok->start = NULL; tok->done = E_OK; tok->fp = NULL; tok->input = NULL; tok->tabsize = TABSIZE; tok->indent = 0; tok->indstack[0] = 0; tok->atbol = 1; tok->pendin = 0; tok->prompt = tok->nextprompt = NULL; tok->lineno = 0; tok->level = 0; tok->altwarning = 1; tok->alterror = 1; tok->alttabsize = 1; tok->altindstack[0] = 0; tok->decoding_state = STATE_INIT; tok->decoding_erred = 0; tok->read_coding_spec = 0; tok->enc = NULL; tok->encoding = NULL; tok->cont_line = 0; #ifndef PGEN tok->filename = NULL; tok->decoding_readline = NULL; tok->decoding_buffer = NULL; #endif tok->async_def = 0; tok->async_def_indent = 0; tok->async_def_nl = 0; return tok; }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,9752594609652,1 4555,CWE-476,"GF_Err gf_bt_loader_run_intern(GF_BTParser *parser, GF_Command *init_com, Bool initial_run) { char *str; GF_Node *node, *vrml_root_node; Bool force_new_com; GF_Route *r; Bool has_id; char szDEFName[1000]; vrml_root_node = NULL; has_id = 0; if (init_com) parser->in_com = 0 ; parser->cur_com = init_com; force_new_com = (parser->load->flags & GF_SM_LOAD_CONTEXT_READY) ? 1 : 0; if (parser->is_wrl && !parser->top_nodes) { if (initial_run ) { #ifndef GPAC_DISABLE_X3D vrml_root_node = gf_node_new(parser->load->scene_graph, (parser->load->flags & GF_SM_LOAD_MPEG4_STRICT) ? TAG_MPEG4_Group : TAG_X3D_Group); #else vrml_root_node = gf_node_new(parser->load->scene_graph, TAG_MPEG4_Group); #endif gf_node_register(vrml_root_node, NULL); gf_node_init(vrml_root_node); gf_sg_set_root_node(parser->load->scene_graph, vrml_root_node); } else { vrml_root_node = gf_sg_get_root_node(parser->load->scene_graph); } } if (!parser->in_com) parser->stream_id = parser->load->force_es_id; while (!parser->last_error) { str = gf_bt_get_next(parser, 0); if (parser->done) break; if (!strcmp(str, ""PROFILE"")) gf_bt_force_line(parser); else if (!strcmp(str, ""COMPONENT"")) gf_bt_force_line(parser); else if (!strcmp(str, ""META"")) gf_bt_force_line(parser); else if (!strcmp(str, ""IMPORT"") || !strcmp(str, ""EXPORT"")) { gf_bt_report(parser, GF_NOT_SUPPORTED, ""X3D IMPORT/EXPORT not implemented""); break; } else if (!strcmp(str, ""InitialObjectDescriptor"") || !strcmp(str, ""ObjectDescriptor"")) { parser->load->ctx->root_od = (GF_ObjectDescriptor *) gf_bt_parse_descriptor(parser, str); } else if (!strcmp(str, ""AT"") || !strcmp(str, ""RAP"")) { parser->au_is_rap = 0; if (!strcmp(str, ""RAP"")) { parser->au_is_rap = 1; str = gf_bt_get_next(parser, 0); if (strcmp(str, ""AT"")) { gf_bt_report(parser, GF_BAD_PARAM, ""AT expected got %s"", str); parser->last_error = GF_BAD_PARAM; break; } } force_new_com = 0; str = gf_bt_get_next(parser, 0); if (str[0] == 'D') { parser->au_time += atoi(&str[1]); } else { if (sscanf(str, ""%u"", &parser->au_time) != 1) { gf_bt_report(parser, GF_BAD_PARAM, ""Number expected got %s"", str); break; } } if (parser->last_error) break; if (parser->od_au && (parser->od_au->timing != parser->au_time)) parser->od_au = NULL; if (parser->bifs_au && (parser->bifs_au->timing != parser->au_time)) { gf_bt_check_unresolved_nodes(parser); parser->bifs_au = NULL; } parser->stream_id = 0; if (!parser->au_time) parser->au_is_rap = 1; parser->in_com = 1; if (!gf_bt_check_code(parser, '{')) { str = gf_bt_get_next(parser, 0); if (!strcmp(str, ""IN"")) { gf_bt_parse_int(parser, ""IN"", (SFInt32*)&parser->stream_id); if (parser->last_error) break; } if (!gf_bt_check_code(parser, '{')) { gf_bt_report(parser, GF_BAD_PARAM, ""{ expected""); } } if (init_com && parser->au_time) break; } else if (!strcmp(str, ""PROTO"") || !strcmp(str, ""EXTERNPROTO"")) { gf_bt_parse_proto(parser, str, init_com ? init_com->new_proto_list : NULL); } else if (!strcmp(str, ""NULL"")) { } else if (!strcmp(str, ""DEF"")) { str = gf_bt_get_next(parser, 0); strcpy(szDEFName, str); has_id = 1; } else if (!strcmp(str, ""ROUTE"")) { GF_Command *com = NULL; if (!parser->top_nodes && parser->bifs_au && !parser->is_wrl) { com = gf_sg_command_new(parser->load->scene_graph, GF_SG_ROUTE_INSERT); gf_list_add(parser->bifs_au->commands, com); gf_list_add(parser->inserted_routes, com); } r = gf_bt_parse_route(parser, 1, 0, com); if (has_id) { u32 rID = gf_bt_get_route(parser, szDEFName); if (!rID) rID = gf_bt_get_next_route_id(parser); if (com) { com->RouteID = rID; com->def_name = gf_strdup(szDEFName); gf_sg_set_max_defined_route_id(parser->load->scene_graph, rID); } else if (r) { gf_sg_route_set_id(r, rID); gf_sg_route_set_name(r, szDEFName); } has_id = 0; } } else if (!strcmp(str, ""UPDATE"") || !strcmp(str, ""REMOVE"")) { Bool is_base_stream = parser->stream_id ? 0 : 1; if (!parser->stream_id || parser->stream_id==parser->bifs_es->ESID) parser->stream_id = parser->base_od_id; if (parser->od_es && (parser->od_es->ESID != parser->stream_id)) { GF_StreamContext *prev = parser->od_es; parser->od_es = gf_sm_stream_new(parser->load->ctx, (u16) parser->stream_id, GF_STREAM_OD, GF_CODECID_OD_V1); if (parser->od_es != prev) { parser->bifs_au = NULL; parser->od_au = NULL; } } if (!parser->od_es) parser->od_es = gf_sm_stream_new(parser->load->ctx, (u16) parser->stream_id, GF_STREAM_OD, GF_CODECID_OD_V1); if (!parser->od_au) parser->od_au = gf_sm_stream_au_new(parser->od_es, parser->au_time, 0, parser->au_is_rap); gf_bt_parse_od_command(parser, str); if (is_base_stream) parser->stream_id= 0; } else if (!strcmp(str, ""REPLACE"") || !strcmp(str, ""INSERT"") || !strcmp(str, ""APPEND"") || !strcmp(str, ""DELETE"") || !strcmp(str, ""GLOBALQP"") || !strcmp(str, ""MULTIPLEREPLACE"") || !strcmp(str, ""MULTIPLEINDREPLACE"") || !strcmp(str, ""XDELETE"") || !strcmp(str, ""DELETEPROTO"") || !strcmp(str, ""INSERTPROTO"") || !strcmp(str, ""XREPLACE"") ) { Bool is_base_stream = parser->stream_id ? 0 : 1; if (!parser->stream_id) parser->stream_id = parser->base_bifs_id; if (!parser->stream_id || (parser->od_es && (parser->stream_id==parser->od_es->ESID)) ) parser->stream_id = parser->base_bifs_id; if (parser->bifs_es->ESID != parser->stream_id) { GF_StreamContext *prev = parser->bifs_es; parser->bifs_es = gf_sm_stream_new(parser->load->ctx, (u16) parser->stream_id, GF_STREAM_SCENE, GF_CODECID_BIFS); if (parser->bifs_es != prev) { gf_bt_check_unresolved_nodes(parser); parser->bifs_au = NULL; } } if (force_new_com) { force_new_com = 0; parser->bifs_au = gf_list_last(parser->bifs_es->AUs); parser->au_time = (u32) (parser->bifs_au ? parser->bifs_au->timing : 0) + 1; parser->bifs_au = NULL; } if (!parser->bifs_au) parser->bifs_au = gf_sm_stream_au_new(parser->bifs_es, parser->au_time, 0, parser->au_is_rap); gf_bt_parse_bifs_command(parser, str, parser->bifs_au->commands); if (is_base_stream) parser->stream_id= 0; } else if (!strcmp(str, ""OrderedGroup"") || !strcmp(str, ""Group"") || !strcmp(str, ""Layer2D"") || !strcmp(str, ""Layer3D"") || parser->is_wrl ) { node = gf_bt_sf_node(parser, str, vrml_root_node, has_id ? szDEFName : NULL); has_id = 0; if (!node) break; if (parser->top_nodes) { gf_list_add(parser->top_nodes, node); } else if (!vrml_root_node) { if (init_com) init_com->node = node; else if (parser->load->flags & GF_SM_LOAD_CONTEXT_READY) { GF_Command *com = gf_sg_command_new(parser->load->scene_graph, GF_SG_SCENE_REPLACE); assert(!parser->bifs_au); assert(parser->bifs_es); parser->bifs_au = gf_sm_stream_au_new(parser->bifs_es, 0, 0, 1); gf_list_add(parser->bifs_au->commands, com); com->node = node; } } else { gf_node_insert_child(vrml_root_node, node, -1); } } else { if ( gf_bt_check_code(parser, '}')) parser->in_com = 0; else if (strlen(str)) { gf_bt_report(parser, GF_BAD_PARAM, ""%s: Unknown top-level element"", str); } parser->au_is_rap = 0; } } gf_bt_resolve_routes(parser, 0); gf_bt_check_unresolved_nodes(parser); while (gf_list_count(parser->scripts)) { GF_Node *n = (GF_Node *)gf_list_get(parser->scripts, 0); gf_list_rem(parser->scripts, 0); gf_sg_script_load(n); } return parser->last_error;",visit repo url,src/scene_manager/loader_bt.c,https://github.com/gpac/gpac,15001258046893,1 3643,['CWE-287'],"static void sctp_assoc_bh_rcv(struct work_struct *work) { struct sctp_association *asoc = container_of(work, struct sctp_association, base.inqueue.immediate); struct sctp_endpoint *ep; struct sctp_chunk *chunk; struct sock *sk; struct sctp_inq *inqueue; int state; sctp_subtype_t subtype; int error = 0; ep = asoc->ep; sk = asoc->base.sk; inqueue = &asoc->base.inqueue; sctp_association_hold(asoc); while (NULL != (chunk = sctp_inq_pop(inqueue))) { state = asoc->state; subtype = SCTP_ST_CHUNK(chunk->chunk_hdr->type); if (sctp_auth_recv_cid(subtype.chunk, asoc) && !chunk->auth) continue; if (sctp_chunk_is_data(chunk)) asoc->peer.last_data_from = chunk->transport; else SCTP_INC_STATS(SCTP_MIB_INCTRLCHUNKS); if (chunk->transport) chunk->transport->last_time_heard = jiffies; error = sctp_do_sm(SCTP_EVENT_T_CHUNK, subtype, state, ep, asoc, chunk, GFP_ATOMIC); if (asoc->base.dead) break; if (error && chunk) chunk->pdiscard = 1; } sctp_association_put(asoc); }",linux-2.6,,,143400019146408352281165449748325238365,0 5919,CWE-120,"static Jsi_RC DebugAddCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { if (!interp->breakpointHash) interp->breakpointHash = Jsi_HashNew(interp, JSI_KEYS_STRING, jsi_HashFree); int argc = Jsi_ValueGetLength(interp, args); jsi_BreakPoint *bptr, bp = {}; Jsi_Number vnum; if (argc>1 && Jsi_ValueGetBoolean(interp, Jsi_ValueArrayIndex(interp, args, 1), &bp.temp) != JSI_OK) return Jsi_LogError(""bad boolean""); Jsi_Value *v = Jsi_ValueArrayIndex(interp, args, 0); if (Jsi_ValueGetNumber(interp, v, &vnum) == JSI_OK) { bp.line = (int)vnum; bp.file = interp->curFile; } else { const char *val = Jsi_ValueArrayIndexToStr(interp, args, 0, NULL); const char *cp; if (isdigit(val[0])) { if (Jsi_GetInt(interp, val, &bp.line, 0) != JSI_OK) return Jsi_LogError(""bad number""); bp.file = interp->curFile; } else if ((cp = Jsi_Strchr(val, ':'))) { if (Jsi_GetInt(interp, cp+1, &bp.line, 0) != JSI_OK) return Jsi_LogError(""bad number""); Jsi_DString dStr = {}; Jsi_DSAppendLen(&dStr, val, cp-val); bp.file = Jsi_KeyAdd(interp, Jsi_DSValue(&dStr)); Jsi_DSFree(&dStr); } else { bp.func = Jsi_KeyAdd(interp, val); } } if (bp.line<=0 && !bp.func) return Jsi_LogError(""bad number""); char nbuf[100]; bp.id = ++interp->debugOpts.breakIdx; bp.enabled = 1; snprintf(nbuf, sizeof(nbuf), ""%d"", bp.id); bptr = (jsi_BreakPoint*)Jsi_Malloc(sizeof(*bptr)); *bptr = bp; Jsi_HashSet(interp->breakpointHash, (void*)nbuf, bptr); Jsi_ValueMakeNumber(interp, ret, (Jsi_Number)bp.id); return JSI_OK; }",visit repo url,src/jsiCmds.c,https://github.com/pcmacdon/jsish,120832681936707,1 1069,['CWE-20'],"static void kernel_restart_prepare(char *cmd) { blocking_notifier_call_chain(&reboot_notifier_list, SYS_RESTART, cmd); system_state = SYSTEM_RESTART; device_shutdown(); }",linux-2.6,,,150912720277585996175698045762551738557,0 4285,CWE-400,"static RList* sections(RBinFile* bf) { RList* ret = NULL; RBinSection* sect = NULL; psxexe_header psxheader = {0}; ut64 sz = 0; if (!(ret = r_list_new ())) { return NULL; } if (!(sect = R_NEW0 (RBinSection))) { r_list_free (ret); return NULL; } if (r_buf_fread_at (bf->buf, 0, (ut8*)&psxheader, ""8c17i"", 1) < sizeof (psxexe_header)) { eprintf (""Truncated Header\n""); free (sect); r_list_free (ret); return NULL; } sz = r_buf_size (bf->buf); sect->name = strdup (""TEXT""); sect->paddr = PSXEXE_TEXTSECTION_OFFSET; sect->size = sz - PSXEXE_TEXTSECTION_OFFSET; sect->vaddr = psxheader.t_addr; sect->vsize = psxheader.t_size; sect->perm = R_PERM_RX; sect->add = true; sect->has_strings = true; r_list_append (ret, sect); return ret; }",visit repo url,libr/bin/p/bin_psxexe.c,https://github.com/radareorg/radare2,59973727454463,1 4919,['CWE-20'],"static int nfs_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) { struct inode *old_inode = old_dentry->d_inode; struct inode *new_inode = new_dentry->d_inode; struct dentry *dentry = NULL, *rehash = NULL; int error = -EBUSY; lock_kernel(); if (!d_unhashed(new_dentry)) { d_drop(new_dentry); rehash = new_dentry; } dfprintk(VFS, ""NFS: rename(%s/%s -> %s/%s, ct=%d)\n"", old_dentry->d_parent->d_name.name, old_dentry->d_name.name, new_dentry->d_parent->d_name.name, new_dentry->d_name.name, atomic_read(&new_dentry->d_count)); if (!new_inode) goto go_ahead; if (S_ISDIR(new_inode->i_mode)) { error = -EISDIR; if (!S_ISDIR(old_inode->i_mode)) goto out; } else if (atomic_read(&new_dentry->d_count) > 2) { int err; dentry = d_alloc(new_dentry->d_parent, &new_dentry->d_name); if (!dentry) goto out; err = nfs_sillyrename(new_dir, new_dentry); if (!err) { new_dentry = rehash = dentry; new_inode = NULL; d_instantiate(new_dentry, NULL); } else if (atomic_read(&new_dentry->d_count) > 1) goto out; } else drop_nlink(new_inode); go_ahead: if (atomic_read(&old_dentry->d_count) > 1) { if (S_ISREG(old_inode->i_mode)) nfs_wb_all(old_inode); shrink_dcache_parent(old_dentry); } nfs_inode_return_delegation(old_inode); if (new_inode != NULL) { nfs_inode_return_delegation(new_inode); d_delete(new_dentry); } nfs_begin_data_update(old_dir); nfs_begin_data_update(new_dir); nfs_begin_data_update(old_inode); error = NFS_PROTO(old_dir)->rename(old_dir, &old_dentry->d_name, new_dir, &new_dentry->d_name); nfs_mark_for_revalidate(old_inode); nfs_end_data_update(old_inode); nfs_end_data_update(new_dir); nfs_end_data_update(old_dir); out: if (rehash) d_rehash(rehash); if (!error) { d_move(old_dentry, new_dentry); nfs_renew_times(new_dentry); nfs_refresh_verifier(new_dentry, nfs_save_change_attribute(new_dir)); } if (dentry) dput(dentry); unlock_kernel(); return error; }",linux-2.6,,,305583940867825952266190335817934396934,0 3309,['CWE-189'],"jpc_fix_t jpc_seq_norm(jas_seq_t *x) { jpc_fix_t s; int i; s = jpc_inttofix(0); for (i = jas_seq_start(x); i < jas_seq_end(x); i++) { s = jpc_fix_add(s, jpc_fix_mul(jas_seq_get(x, i), jas_seq_get(x, i))); } return jpc_dbltofix(sqrt(jpc_fixtodbl(s))); }",jasper,,,227585022729586687774515884446916424400,0 331,CWE-20,"int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsigned int optlen) { int ret, parent = 0; struct mif6ctl vif; struct mf6cctl mfc; mifi_t mifi; struct net *net = sock_net(sk); struct mr6_table *mrt; mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT); if (!mrt) return -ENOENT; if (optname != MRT6_INIT) { if (sk != mrt->mroute6_sk && !ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EACCES; } switch (optname) { case MRT6_INIT: if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_ICMPV6) return -EOPNOTSUPP; if (optlen < sizeof(int)) return -EINVAL; return ip6mr_sk_init(mrt, sk); case MRT6_DONE: return ip6mr_sk_done(sk); case MRT6_ADD_MIF: if (optlen < sizeof(vif)) return -EINVAL; if (copy_from_user(&vif, optval, sizeof(vif))) return -EFAULT; if (vif.mif6c_mifi >= MAXMIFS) return -ENFILE; rtnl_lock(); ret = mif6_add(net, mrt, &vif, sk == mrt->mroute6_sk); rtnl_unlock(); return ret; case MRT6_DEL_MIF: if (optlen < sizeof(mifi_t)) return -EINVAL; if (copy_from_user(&mifi, optval, sizeof(mifi_t))) return -EFAULT; rtnl_lock(); ret = mif6_delete(mrt, mifi, NULL); rtnl_unlock(); return ret; case MRT6_ADD_MFC: case MRT6_DEL_MFC: parent = -1; case MRT6_ADD_MFC_PROXY: case MRT6_DEL_MFC_PROXY: if (optlen < sizeof(mfc)) return -EINVAL; if (copy_from_user(&mfc, optval, sizeof(mfc))) return -EFAULT; if (parent == 0) parent = mfc.mf6cc_parent; rtnl_lock(); if (optname == MRT6_DEL_MFC || optname == MRT6_DEL_MFC_PROXY) ret = ip6mr_mfc_delete(mrt, &mfc, parent); else ret = ip6mr_mfc_add(net, mrt, &mfc, sk == mrt->mroute6_sk, parent); rtnl_unlock(); return ret; case MRT6_ASSERT: { int v; if (optlen != sizeof(v)) return -EINVAL; if (get_user(v, (int __user *)optval)) return -EFAULT; mrt->mroute_do_assert = v; return 0; } #ifdef CONFIG_IPV6_PIMSM_V2 case MRT6_PIM: { int v; if (optlen != sizeof(v)) return -EINVAL; if (get_user(v, (int __user *)optval)) return -EFAULT; v = !!v; rtnl_lock(); ret = 0; if (v != mrt->mroute_do_pim) { mrt->mroute_do_pim = v; mrt->mroute_do_assert = v; } rtnl_unlock(); return ret; } #endif #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES case MRT6_TABLE: { u32 v; if (optlen != sizeof(u32)) return -EINVAL; if (get_user(v, (u32 __user *)optval)) return -EFAULT; if (v != RT_TABLE_DEFAULT && v >= 100000000) return -EINVAL; if (sk == mrt->mroute6_sk) return -EBUSY; rtnl_lock(); ret = 0; if (!ip6mr_new_table(net, v)) ret = -ENOMEM; raw6_sk(sk)->ip6mr_table = v; rtnl_unlock(); return ret; } #endif default: return -ENOPROTOOPT; } }",visit repo url,net/ipv6/ip6mr.c,https://github.com/torvalds/linux,280187895494340,1 3342,CWE-119,"int rtp_packetize_xiph_config( sout_stream_id_sys_t *id, const char *fmtp, int64_t i_pts ) { if (fmtp == NULL) return VLC_EGENERIC; char *start = strstr(fmtp, ""configuration=""); assert(start != NULL); start += sizeof(""configuration="") - 1; char *end = strchr(start, ';'); assert(end != NULL); size_t len = end - start; char b64[len + 1]; memcpy(b64, start, len); b64[len] = '\0'; int i_max = rtp_mtu (id) - 6; uint8_t *p_orig, *p_data; int i_data; i_data = vlc_b64_decode_binary(&p_orig, b64); if (i_data <= 9) { free(p_orig); return VLC_EGENERIC; } p_data = p_orig + 9; i_data -= 9; int i_count = ( i_data + i_max - 1 ) / i_max; for( int i = 0; i < i_count; i++ ) { int i_payload = __MIN( i_max, i_data ); block_t *out = block_Alloc( 18 + i_payload ); unsigned fragtype, numpkts; if (i_count == 1) { fragtype = 0; numpkts = 1; } else { numpkts = 0; if (i == 0) fragtype = 1; else if (i == i_count - 1) fragtype = 3; else fragtype = 2; } uint32_t header = ((XIPH_IDENT & 0xffffff) << 8) | (fragtype << 6) | (1 << 4) | numpkts; rtp_packetize_common( id, out, 0, i_pts ); SetDWBE( out->p_buffer + 12, header); SetWBE( out->p_buffer + 16, i_payload); memcpy( &out->p_buffer[18], p_data, i_payload ); out->i_dts = i_pts; rtp_packetize_send( id, out ); p_data += i_payload; i_data -= i_payload; } free(p_orig); return VLC_SUCCESS; }",visit repo url,modules/stream_out/rtpfmt.c,https://github.com/videolan/vlc,146146735651219,1 2873,['CWE-189'],"static jas_stream_t *jas_stream_create() { jas_stream_t *stream; if (!(stream = jas_malloc(sizeof(jas_stream_t)))) { return 0; } stream->openmode_ = 0; stream->bufmode_ = 0; stream->flags_ = 0; stream->bufbase_ = 0; stream->bufstart_ = 0; stream->bufsize_ = 0; stream->ptr_ = 0; stream->cnt_ = 0; stream->ops_ = 0; stream->obj_ = 0; stream->rwcnt_ = 0; stream->rwlimit_ = -1; return stream; }",jasper,,,112736860752594905280941350972992185653,0 4815,CWE-119,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 1761,CWE-119,"static inline int check_entry_size_and_hooks(struct arpt_entry *e, struct xt_table_info *newinfo, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks) { unsigned int h; int err; if ((unsigned long)e % __alignof__(struct arpt_entry) != 0 || (unsigned char *)e + sizeof(struct arpt_entry) >= limit || (unsigned char *)e + e->next_offset > limit) { duprintf(""Bad offset %p\n"", e); return -EINVAL; } if (e->next_offset < sizeof(struct arpt_entry) + sizeof(struct xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } err = check_entry(e); if (err) return err; for (h = 0; h < NF_ARP_NUMHOOKS; h++) { if (!(valid_hooks & (1 << h))) continue; if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) { if (!check_underflow(e)) { pr_err(""Underflows must be unconditional and "" ""use the STANDARD target with "" ""ACCEPT/DROP\n""); return -EINVAL; } newinfo->underflow[h] = underflows[h]; } } e->counters = ((struct xt_counters) { 0, 0 }); e->comefrom = 0; return 0; }",visit repo url,net/ipv4/netfilter/arp_tables.c,https://github.com/torvalds/linux,223358095934141,1 4519,['CWE-20'],"struct stats dx_show_entries(struct dx_hash_info *hinfo, struct inode *dir, struct dx_entry *entries, int levels) { unsigned blocksize = dir->i_sb->s_blocksize; unsigned count = dx_get_count(entries), names = 0, space = 0, i; unsigned bcount = 0; struct buffer_head *bh; int err; printk(""%i indexed blocks...\n"", count); for (i = 0; i < count; i++, entries++) { ext4_lblk_t block = dx_get_block(entries); ext4_lblk_t hash = i ? dx_get_hash(entries): 0; u32 range = i < count - 1? (dx_get_hash(entries + 1) - hash): ~hash; struct stats stats; printk(""%s%3u:%03u hash %8x/%8x "",levels?"""":"" "", i, block, hash, range); if (!(bh = ext4_bread (NULL,dir, block, 0,&err))) continue; stats = levels? dx_show_entries(hinfo, dir, ((struct dx_node *) bh->b_data)->entries, levels - 1): dx_show_leaf(hinfo, (struct ext4_dir_entry_2 *) bh->b_data, blocksize, 0); names += stats.names; space += stats.space; bcount += stats.bcount; brelse(bh); } if (bcount) printk(KERN_DEBUG ""%snames %u, fullness %u (%u%%)\n"", levels ? """" : "" "", names, space/bcount, (space/bcount)*100/blocksize); return (struct stats) { names, space, bcount}; }",linux-2.6,,,311181190842291727144791079184158443478,0 4885,CWE-119,"static int cac_cac1_get_certificate(sc_card_t *card, u8 **out_buf, size_t *out_len) { u8 buf[CAC_MAX_SIZE]; u8 *out_ptr; size_t size = 0; size_t left = 0; size_t len, next_len; sc_apdu_t apdu; int r = SC_SUCCESS; SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); size = left = *out_buf ? *out_len : sizeof(buf); out_ptr = *out_buf ? *out_buf : buf; sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, CAC_INS_GET_CERTIFICATE, 0, 0 ); next_len = MIN(left, 100); for (; left > 0; left -= len, out_ptr += len) { len = next_len; apdu.resp = out_ptr; apdu.le = len; apdu.resplen = left; r = sc_transmit_apdu(card, &apdu); if (r < 0) { break; } if (apdu.resplen == 0) { r = SC_ERROR_INTERNAL; break; } if (apdu.sw1 != 0x63 || apdu.sw2 < 1) { r = sc_check_sw(card, apdu.sw1, apdu.sw2); left -= len; break; } next_len = MIN(left, apdu.sw2); } if (r < 0) { SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); } r = size - left; if (*out_buf == NULL) { *out_buf = malloc(r); if (*out_buf == NULL) { SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_OUT_OF_MEMORY); } memcpy(*out_buf, buf, r); } *out_len = r; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, r); }",visit repo url,src/libopensc/card-cac1.c,https://github.com/OpenSC/OpenSC,47131685991998,1 6617,['CWE-200'],"make_vpn_disconnection_message (NMVPNConnection *vpn, NMVPNConnectionStateReason reason, NMApplet *applet) { NMConnection *connection; NMSettingConnection *s_con; g_return_val_if_fail (vpn != NULL, NULL); connection = applet_get_connection_for_active (applet, NM_ACTIVE_CONNECTION (vpn)); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); switch (reason) { case NM_VPN_CONNECTION_STATE_REASON_DEVICE_DISCONNECTED: return g_strdup_printf (_(""\nThe VPN connection '%s' disconnected because the network connection was interrupted.""), nm_setting_connection_get_id (s_con)); case NM_VPN_CONNECTION_STATE_REASON_SERVICE_STOPPED: return g_strdup_printf (_(""\nThe VPN connection '%s' disconnected because the VPN service stopped.""), nm_setting_connection_get_id (s_con)); default: break; } return g_strdup_printf (_(""\nThe VPN connection '%s' disconnected.""), nm_setting_connection_get_id (s_con)); }",network-manager-applet,,,335662711211417444461055033583906153817,0 2384,['CWE-119'],"static struct diffstat_file *diffstat_add(struct diffstat_t *diffstat, const char *name_a, const char *name_b) { struct diffstat_file *x; x = xcalloc(sizeof (*x), 1); if (diffstat->nr == diffstat->alloc) { diffstat->alloc = alloc_nr(diffstat->alloc); diffstat->files = xrealloc(diffstat->files, diffstat->alloc * sizeof(x)); } diffstat->files[diffstat->nr++] = x; if (name_b) { x->from_name = xstrdup(name_a); x->name = xstrdup(name_b); x->is_renamed = 1; } else { x->from_name = NULL; x->name = xstrdup(name_a); } return x; }",git,,,297549235279155422746692203256853230697,0 646,CWE-20,"int udpv6_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct inet_sock *inet = inet_sk(sk); struct sk_buff *skb; unsigned int ulen, copied; int peeked, off = 0; int err; int is_udplite = IS_UDPLITE(sk); int is_udp4; bool slow; if (addr_len) *addr_len = sizeof(struct sockaddr_in6); if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len); if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len); try_again: skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), &peeked, &off, &err); if (!skb) goto out; ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) copied = ulen; else if (copied < ulen) msg->msg_flags |= MSG_TRUNC; is_udp4 = (skb->protocol == htons(ETH_P_IP)); if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { if (udp_lib_checksum_complete(skb)) goto csum_copy_err; } if (skb_csum_unnecessary(skb)) err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov, copied); else { err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (unlikely(err)) { trace_kfree_skb(skb, udpv6_recvmsg); if (!peeked) { atomic_inc(&sk->sk_drops); if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } goto out_free; } if (!peeked) { if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); } sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) { struct sockaddr_in6 *sin6; sin6 = (struct sockaddr_in6 *) msg->msg_name; sin6->sin6_family = AF_INET6; sin6->sin6_port = udp_hdr(skb)->source; sin6->sin6_flowinfo = 0; if (is_udp4) { ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &sin6->sin6_addr); sin6->sin6_scope_id = 0; } else { sin6->sin6_addr = ipv6_hdr(skb)->saddr; sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); } } if (is_udp4) { if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); } else { if (np->rxopt.all) ip6_datagram_recv_ctl(sk, msg, skb); } err = copied; if (flags & MSG_TRUNC) err = ulen; out_free: skb_free_datagram_locked(sk, skb); out: return err; csum_copy_err: slow = lock_sock_fast(sk); if (!skb_kill_datagram(sk, skb, flags)) { if (is_udp4) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } else { UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } } unlock_sock_fast(sk, slow); if (noblock) return -EAGAIN; msg->msg_flags &= ~MSG_TRUNC; goto try_again; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,261709041298464,1 4453,CWE-120,"LIBOPENMPT_MODPLUG_API unsigned int ModPlug_InstrumentName(ModPlugFile* file, unsigned int qual, char* buff) { const char* str; unsigned int retval; size_t tmpretval; if(!file) return 0; str = openmpt_module_get_instrument_name(file->mod,qual-1); if(!str){ if(buff){ *buff = '\0'; } return 0; } tmpretval = strlen(str); if(tmpretval>=INT_MAX){ tmpretval = INT_MAX-1; } retval = (int)tmpretval; if(buff){ memcpy(buff,str,retval+1); buff[retval] = '\0'; } openmpt_free_string(str); return retval; }",visit repo url,libopenmpt/libopenmpt_modplug.c,https://github.com/OpenMPT/openmpt,23495383118490,1 4067,['CWE-399'],"static int svc_getsockopt(struct socket *sock,int level,int optname, char __user *optval,int __user *optlen) { struct sock *sk = sock->sk; int error = 0, len; lock_sock(sk); if (!__SO_LEVEL_MATCH(optname, level) || optname != SO_ATMSAP) { error = vcc_getsockopt(sock, level, optname, optval, optlen); goto out; } if (get_user(len, optlen)) { error = -EFAULT; goto out; } if (len != sizeof(struct atm_sap)) { error = -EINVAL; goto out; } if (copy_to_user(optval, &ATM_SD(sock)->sap, sizeof(struct atm_sap))) { error = -EFAULT; goto out; } out: release_sock(sk); return error; }",linux-2.6,,,214666908991780964289687547266141317309,0 2930,CWE-310,"void *hashtable_get(hashtable_t *hashtable, const char *key) { pair_t *pair; size_t hash; bucket_t *bucket; hash = hash_str(key); bucket = &hashtable->buckets[hash % num_buckets(hashtable)]; pair = hashtable_find_pair(hashtable, bucket, key, hash); if(!pair) return NULL; return pair->value; }",visit repo url,src/hashtable.c,https://github.com/akheron/jansson,5065536160520,1 5123,['CWE-20'],"static void exit_lmode(struct kvm_vcpu *vcpu) { vcpu->arch.shadow_efer &= ~EFER_LMA; vmcs_write32(VM_ENTRY_CONTROLS, vmcs_read32(VM_ENTRY_CONTROLS) & ~VM_ENTRY_IA32E_MODE); }",linux-2.6,,,59494425449384599196508698242442319335,0 564,CWE-399,"int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *run) { int ret; sigset_t sigsaved; if (unlikely(vcpu->arch.target < 0)) return -ENOEXEC; ret = kvm_vcpu_first_run_init(vcpu); if (ret) return ret; if (run->exit_reason == KVM_EXIT_MMIO) { ret = kvm_handle_mmio_return(vcpu, vcpu->run); if (ret) return ret; } if (vcpu->sigset_active) sigprocmask(SIG_SETMASK, &vcpu->sigset, &sigsaved); ret = 1; run->exit_reason = KVM_EXIT_UNKNOWN; while (ret > 0) { cond_resched(); update_vttbr(vcpu->kvm); if (vcpu->arch.pause) vcpu_pause(vcpu); kvm_vgic_flush_hwstate(vcpu); kvm_timer_flush_hwstate(vcpu); local_irq_disable(); if (signal_pending(current)) { ret = -EINTR; run->exit_reason = KVM_EXIT_INTR; } if (ret <= 0 || need_new_vmid_gen(vcpu->kvm)) { local_irq_enable(); kvm_timer_sync_hwstate(vcpu); kvm_vgic_sync_hwstate(vcpu); continue; } trace_kvm_entry(*vcpu_pc(vcpu)); kvm_guest_enter(); vcpu->mode = IN_GUEST_MODE; ret = kvm_call_hyp(__kvm_vcpu_run, vcpu); vcpu->mode = OUTSIDE_GUEST_MODE; vcpu->arch.last_pcpu = smp_processor_id(); kvm_guest_exit(); trace_kvm_exit(*vcpu_pc(vcpu)); local_irq_enable(); kvm_timer_sync_hwstate(vcpu); kvm_vgic_sync_hwstate(vcpu); ret = handle_exit(vcpu, run, ret); } if (vcpu->sigset_active) sigprocmask(SIG_SETMASK, &sigsaved, NULL); return ret; }",visit repo url,arch/arm/kvm/arm.c,https://github.com/torvalds/linux,256368122046712,1 452,[],"pfm_bad_permissions(struct task_struct *task) { DPRINT((""cur: uid=%d gid=%d task: euid=%d suid=%d uid=%d egid=%d sgid=%d\n"", current->uid, current->gid, task->euid, task->suid, task->uid, task->egid, task->sgid)); return ((current->uid != task->euid) || (current->uid != task->suid) || (current->uid != task->uid) || (current->gid != task->egid) || (current->gid != task->sgid) || (current->gid != task->gid)) && !capable(CAP_SYS_PTRACE); }",linux-2.6,,,195207457824170466531024612874303460060,0 3716,[],"static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2) { if (unlikely(sk1 == sk2) || !sk2) { unix_state_unlock(sk1); return; } unix_state_unlock(sk1); unix_state_unlock(sk2); }",linux-2.6,,,149950581966676020303460069054606860418,0 5004,CWE-191,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 1960,['CWE-20'],"int putback_lru_pages(struct list_head *l) { struct page *page; struct page *page2; int count = 0; list_for_each_entry_safe(page, page2, l, lru) { list_del(&page->lru); move_to_lru(page); count++; } return count; }",linux-2.6,,,249739168231860522997791910137843618349,0 2840,['CWE-119'],"static void allow_bits_array(struct posix_ace_state_array *a, u32 mask) { int i; for (i=0; i < a->n; i++) allow_bits(&a->aces[i].perms, mask); }",linux-2.6,,,55652524873072568046636110159495619429,0 3616,[],"static unsigned int rtc_dev_poll(struct file *file, poll_table *wait) { struct rtc_device *rtc = file->private_data; unsigned long data; poll_wait(file, &rtc->irq_queue, wait); data = rtc->irq_data; return (data != 0) ? (POLLIN | POLLRDNORM) : 0; }",linux-2.6,,,96659256081940080243836961057657018099,0 5352,['CWE-476'],"int kvm_arch_vcpu_reset(struct kvm_vcpu *vcpu) { vcpu->arch.nmi_pending = false; vcpu->arch.nmi_injected = false; vcpu->arch.switch_db_regs = 0; memset(vcpu->arch.db, 0, sizeof(vcpu->arch.db)); vcpu->arch.dr6 = DR6_FIXED_1; vcpu->arch.dr7 = DR7_FIXED_1; return kvm_x86_ops->vcpu_reset(vcpu); }",linux-2.6,,,332926825952981709480963955541062826707,0 3756,[],"static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos) { struct unix_iter_state *iter = seq->private; struct sock *sk = v; ++*pos; if (v == SEQ_START_TOKEN) sk = first_unix_socket(&iter->i); else sk = next_unix_socket(&iter->i, sk); while (sk && (sock_net(sk) != seq_file_net(seq))) sk = next_unix_socket(&iter->i, sk); return sk; }",linux-2.6,,,229350608664477522866484100348494224529,0 3324,[],"static inline struct nlmsghdr *__nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq, int type, int payload, int flags) { struct nlmsghdr *nlh; nlh = (struct nlmsghdr *) skb_put(skb, nlmsg_total_size(payload)); nlh->nlmsg_type = type; nlh->nlmsg_len = nlmsg_msg_size(payload); nlh->nlmsg_flags = flags; nlh->nlmsg_pid = pid; nlh->nlmsg_seq = seq; memset((unsigned char *) nlmsg_data(nlh) + payload, 0, nlmsg_padlen(payload)); return nlh; }",linux-2.6,,,243629034353239782638933124681237935198,0 5663,CWE-269,"fixExec2Error(int action, u_char * var_val, u_char var_val_type, size_t var_val_len, u_char * statP, oid * name, size_t name_len) { netsnmp_old_extend *exten = NULL; unsigned int idx; idx = name[name_len-1] -1; exten = &compatability_entries[ idx ]; #ifndef NETSNMP_NO_WRITE_SUPPORT switch (action) { case MODE_SET_RESERVE1: if (var_val_type != ASN_INTEGER) { snmp_log(LOG_ERR, ""Wrong type != int\n""); return SNMP_ERR_WRONGTYPE; } idx = *((long *) var_val); if (idx != 1) { snmp_log(LOG_ERR, ""Wrong value != 1\n""); return SNMP_ERR_WRONGVALUE; } if (!exten || !exten->efix_entry) { snmp_log(LOG_ERR, ""No command to run\n""); return SNMP_ERR_GENERR; } return SNMP_ERR_NOERROR; case MODE_SET_COMMIT: netsnmp_cache_check_and_reload( exten->efix_entry->cache ); } #endif return SNMP_ERR_NOERROR; }",visit repo url,agent/mibgroup/agent/extend.c,https://github.com/net-snmp/net-snmp,40986558311521,1 6110,CWE-190,"static void eb_mul_sim_kbltz(eb_t r, const eb_t p, const bn_t k, const eb_t q, const bn_t m, const eb_t *t) { int i, l, l0, l1, n0, n1, w, g; int8_t u, tnaf0[RLC_FB_BITS + 8], tnaf1[RLC_FB_BITS + 8], *_k, *_m; eb_t t0[1 << (EB_WIDTH - 2)]; eb_t t1[1 << (EB_WIDTH - 2)]; for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_null(t0[i]); eb_null(t1[i]); } RLC_TRY { if (eb_curve_opt_a() == RLC_ZERO) { u = -1; } else { u = 1; } g = (t == NULL ? 0 : 1); if (!g) { for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_new(t0[i]); eb_set_infty(t0[i]); fb_set_bit(t0[i]->z, 0, 1); t0[i]->coord = BASIC; } eb_tab(t0, p, EB_WIDTH); t = (const eb_t *)t0; } for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_new(t1[i]); eb_set_infty(t1[i]); fb_set_bit(t1[i]->z, 0, 1); t1[i]->coord = BASIC; } eb_tab(t1, q, EB_WIDTH); if (g) { w = EB_DEPTH; } else { w = EB_WIDTH; } l0 = l1 = RLC_FB_BITS + 8; bn_rec_tnaf(tnaf0, &l0, k, u, RLC_FB_BITS, w); bn_rec_tnaf(tnaf1, &l1, m, u, RLC_FB_BITS, EB_WIDTH); l = RLC_MAX(l0, l1); _k = tnaf0 + l - 1; _m = tnaf1 + l - 1; for (i = l0; i < l; i++) { tnaf0[i] = 0; } for (i = l1; i < l; i++) { tnaf1[i] = 0; } if (bn_sign(k) == RLC_NEG) { for (i = 0; i < l0; i++) { tnaf0[i] = -tnaf0[i]; } } if (bn_sign(m) == RLC_NEG) { for (i = 0; i < l1; i++) { tnaf1[i] = -tnaf1[i]; } } _k = tnaf0 + l - 1; _m = tnaf1 + l - 1; eb_set_infty(r); for (i = l - 1; i >= 0; i--, _k--, _m--) { eb_frb(r, r); n0 = *_k; n1 = *_m; if (n0 > 0) { eb_add(r, r, t[n0 / 2]); } if (n0 < 0) { eb_sub(r, r, t[-n0 / 2]); } if (n1 > 0) { eb_add(r, r, t1[n1 / 2]); } if (n1 < 0) { eb_sub(r, r, t1[-n1 / 2]); } } eb_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { if (!g) { for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_free(t0[i]); } } for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_free(t1[i]); } } }",visit repo url,src/eb/relic_eb_mul_sim.c,https://github.com/relic-toolkit/relic,47129073439473,1 5333,['CWE-476'],"void kvm_arch_exit(void) { if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) cpufreq_unregister_notifier(&kvmclock_cpufreq_notifier_block, CPUFREQ_TRANSITION_NOTIFIER); kvm_x86_ops = NULL; kvm_mmu_module_exit(); }",linux-2.6,,,75584629618783233823117083699596276417,0 5441,['CWE-476'],"static int pio_copy_data(struct kvm_vcpu *vcpu) { void *p = vcpu->arch.pio_data; gva_t q = vcpu->arch.pio.guest_gva; unsigned bytes; int ret; bytes = vcpu->arch.pio.size * vcpu->arch.pio.cur_count; if (vcpu->arch.pio.in) ret = kvm_write_guest_virt(q, p, bytes, vcpu); else ret = kvm_read_guest_virt(q, p, bytes, vcpu); return ret; }",linux-2.6,,,76448913610965353152422274933082164179,0 6518,['CWE-20'],"emulate_sysexit(struct x86_emulate_ctxt *ctxt) { struct decode_cache *c = &ctxt->decode; struct kvm_segment cs, ss; u64 msr_data; int usermode; if (c->lock_prefix) return -1; if (ctxt->mode == X86EMUL_MODE_REAL || !(ctxt->vcpu->arch.cr0 & X86_CR0_PE)) { kvm_inject_gp(ctxt->vcpu, 0); return -1; } if (kvm_x86_ops->get_cpl(ctxt->vcpu) != 0) { kvm_inject_gp(ctxt->vcpu, 0); return -1; } setup_syscalls_segments(ctxt, &cs, &ss); if ((c->rex_prefix & 0x8) != 0x0) usermode = X86EMUL_MODE_PROT64; else usermode = X86EMUL_MODE_PROT32; cs.dpl = 3; ss.dpl = 3; kvm_x86_ops->get_msr(ctxt->vcpu, MSR_IA32_SYSENTER_CS, &msr_data); switch (usermode) { case X86EMUL_MODE_PROT32: cs.selector = (u16)(msr_data + 16); if ((msr_data & 0xfffc) == 0x0) { kvm_inject_gp(ctxt->vcpu, 0); return -1; } ss.selector = (u16)(msr_data + 24); break; case X86EMUL_MODE_PROT64: cs.selector = (u16)(msr_data + 32); if (msr_data == 0x0) { kvm_inject_gp(ctxt->vcpu, 0); return -1; } ss.selector = cs.selector + 8; cs.db = 0; cs.l = 1; break; } cs.selector |= SELECTOR_RPL_MASK; ss.selector |= SELECTOR_RPL_MASK; kvm_x86_ops->set_segment(ctxt->vcpu, &cs, VCPU_SREG_CS); kvm_x86_ops->set_segment(ctxt->vcpu, &ss, VCPU_SREG_SS); c->eip = ctxt->vcpu->arch.regs[VCPU_REGS_RDX]; c->regs[VCPU_REGS_RSP] = ctxt->vcpu->arch.regs[VCPU_REGS_RCX]; return 0; }",kvm,,,127875192273974834154272934559878510751,0 1314,['CWE-119'],"static void hex_dump(const unsigned char *buf, size_t len) { size_t i; for (i = 0; i < len; i++) { if (i && !(i % 16)) printk(""\n""); printk(""%02x "", *(buf + i)); } printk(""\n""); }",linux-2.6,,,183608860044482223779918986328946641453,0 3106,['CWE-189'],"static int jpc_encrefpass(jpc_mqenc_t *mqenc, int bitpos, int vcausalflag, jas_matrix_t *flags, jas_matrix_t *data, int term, long *nmsedec) { int i; int j; int one; int vscanlen; int d; int width; int height; int frowstep; int drowstep; int fstripestep; int dstripestep; jpc_fix_t *fstripestart; jpc_fix_t *dstripestart; jpc_fix_t *fvscanstart; jpc_fix_t *dvscanstart; jpc_fix_t *dp; jpc_fix_t *fp; int k; *nmsedec = 0; width = jas_matrix_numcols(data); height = jas_matrix_numrows(data); frowstep = jas_matrix_rowstep(flags); drowstep = jas_matrix_rowstep(data); fstripestep = frowstep << 2; dstripestep = drowstep << 2; one = 1 << (bitpos + JPC_NUMEXTRABITS); fstripestart = jas_matrix_getref(flags, 1, 1); dstripestart = jas_matrix_getref(data, 0, 0); for (i = height; i > 0; i -= 4, fstripestart += fstripestep, dstripestart += dstripestep) { fvscanstart = fstripestart; dvscanstart = dstripestart; vscanlen = JAS_MIN(i, 4); for (j = width; j > 0; --j, ++fvscanstart, ++dvscanstart) { fp = fvscanstart; dp = dvscanstart; k = vscanlen; refpass_step(fp, dp, bitpos, one, nmsedec, mqenc, vcausalflag); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; refpass_step(fp, dp, bitpos, one, nmsedec, mqenc, 0); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; refpass_step(fp, dp, bitpos, one, nmsedec, mqenc, 0); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; refpass_step(fp, dp, bitpos, one, nmsedec, mqenc, 0); } } if (term) { jpc_mqenc_flush(mqenc, term - 1); } return jpc_mqenc_error(mqenc) ? (-1) : 0; }",jasper,,,18225481449769862465514388043204054509,0 5131,['CWE-20'],"static __init int hardware_setup(void) { if (setup_vmcs_config(&vmcs_config) < 0) return -EIO; if (boot_cpu_has(X86_FEATURE_NX)) kvm_enable_efer_bits(EFER_NX); return alloc_kvm_area(); }",linux-2.6,,,304666989753981682824632473910522931259,0 1253,NVD-CWE-Other,"__u32 secure_ipv6_id(const __be32 daddr[4]) { const struct keydata *keyptr; __u32 hash[4]; keyptr = get_keyptr(); hash[0] = (__force __u32)daddr[0]; hash[1] = (__force __u32)daddr[1]; hash[2] = (__force __u32)daddr[2]; hash[3] = (__force __u32)daddr[3]; return half_md4_transform(hash, keyptr->secret); }",visit repo url,drivers/char/random.c,https://github.com/torvalds/linux,133930804404117,1 6009,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedwriter_20BufferedSocketWriter_4__reduce_cython__(struct __pyx_obj_17clickhouse_driver_14bufferedwriter_BufferedSocketWriter *__pyx_v_self) { PyObject *__pyx_v_state = 0; PyObject *__pyx_v__dict = 0; int __pyx_v_use_setstate; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; int __pyx_t_5; int __pyx_t_6; __Pyx_RefNannySetupContext(""__reduce_cython__"", 0); __pyx_t_1 = __Pyx_PyBytes_FromString(__pyx_v_self->__pyx_base.buffer); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = PyInt_FromSsize_t(__pyx_v_self->__pyx_base.buffer_size); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = PyInt_FromSsize_t(__pyx_v_self->__pyx_base.position); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = PyTuple_New(4); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_GIVEREF(__pyx_t_1); PyTuple_SET_ITEM(__pyx_t_4, 0, __pyx_t_1); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_t_2); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_4, 2, __pyx_t_3); __Pyx_INCREF(__pyx_v_self->sock); __Pyx_GIVEREF(__pyx_v_self->sock); PyTuple_SET_ITEM(__pyx_t_4, 3, __pyx_v_self->sock); __pyx_t_1 = 0; __pyx_t_2 = 0; __pyx_t_3 = 0; __pyx_v_state = ((PyObject*)__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_GetAttr3(((PyObject *)__pyx_v_self), __pyx_n_s_dict, Py_None); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __pyx_v__dict = __pyx_t_4; __pyx_t_4 = 0; __pyx_t_5 = (__pyx_v__dict != Py_None); __pyx_t_6 = (__pyx_t_5 != 0); if (__pyx_t_6) { __pyx_t_4 = PyTuple_New(1); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(__pyx_v__dict); __Pyx_GIVEREF(__pyx_v__dict); PyTuple_SET_ITEM(__pyx_t_4, 0, __pyx_v__dict); __pyx_t_3 = PyNumber_InPlaceAdd(__pyx_v_state, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __Pyx_DECREF_SET(__pyx_v_state, ((PyObject*)__pyx_t_3)); __pyx_t_3 = 0; __pyx_v_use_setstate = 1; goto __pyx_L3; } { __pyx_t_6 = (__pyx_v_self->sock != Py_None); __pyx_v_use_setstate = __pyx_t_6; } __pyx_L3:; __pyx_t_6 = (__pyx_v_use_setstate != 0); if (__pyx_t_6) { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_pyx_unpickle_BufferedSocketWri); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = PyTuple_New(3); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_4, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_62583983); __Pyx_GIVEREF(__pyx_int_62583983); PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_int_62583983); __Pyx_INCREF(Py_None); __Pyx_GIVEREF(Py_None); PyTuple_SET_ITEM(__pyx_t_4, 2, Py_None); __pyx_t_2 = PyTuple_New(3); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_3); __Pyx_GIVEREF(__pyx_t_4); PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_t_4); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_2, 2, __pyx_v_state); __pyx_t_3 = 0; __pyx_t_4 = 0; __pyx_r = __pyx_t_2; __pyx_t_2 = 0; goto __pyx_L0; } { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_pyx_unpickle_BufferedSocketWri); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_4 = PyTuple_New(3); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_4, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_62583983); __Pyx_GIVEREF(__pyx_int_62583983); PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_int_62583983); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_4, 2, __pyx_v_state); __pyx_t_3 = PyTuple_New(2); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_3, 0, __pyx_t_2); __Pyx_GIVEREF(__pyx_t_4); PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_t_4); __pyx_t_2 = 0; __pyx_t_4 = 0; __pyx_r = __pyx_t_3; __pyx_t_3 = 0; goto __pyx_L0; } __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_AddTraceback(""clickhouse_driver.bufferedwriter.BufferedSocketWriter.__reduce_cython__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XDECREF(__pyx_v_state); __Pyx_XDECREF(__pyx_v__dict); __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedwriter.c,https://github.com/mymarilyn/clickhouse-driver,54398452109798,1 1730,CWE-400,"xfs_attr_shortform_list(xfs_attr_list_context_t *context) { attrlist_cursor_kern_t *cursor; xfs_attr_sf_sort_t *sbuf, *sbp; xfs_attr_shortform_t *sf; xfs_attr_sf_entry_t *sfe; xfs_inode_t *dp; int sbsize, nsbuf, count, i; int error; ASSERT(context != NULL); dp = context->dp; ASSERT(dp != NULL); ASSERT(dp->i_afp != NULL); sf = (xfs_attr_shortform_t *)dp->i_afp->if_u1.if_data; ASSERT(sf != NULL); if (!sf->hdr.count) return 0; cursor = context->cursor; ASSERT(cursor != NULL); trace_xfs_attr_list_sf(context); if (context->bufsize == 0 || (XFS_ISRESET_CURSOR(cursor) && (dp->i_afp->if_bytes + sf->hdr.count * 16) < context->bufsize)) { for (i = 0, sfe = &sf->list[0]; i < sf->hdr.count; i++) { error = context->put_listent(context, sfe->flags, sfe->nameval, (int)sfe->namelen, (int)sfe->valuelen, &sfe->nameval[sfe->namelen]); if (context->seen_enough) break; if (error) return error; sfe = XFS_ATTR_SF_NEXTENTRY(sfe); } trace_xfs_attr_list_sf_all(context); return 0; } if (context->bufsize == 0) return 0; sbsize = sf->hdr.count * sizeof(*sbuf); sbp = sbuf = kmem_alloc(sbsize, KM_SLEEP | KM_NOFS); nsbuf = 0; for (i = 0, sfe = &sf->list[0]; i < sf->hdr.count; i++) { if (unlikely( ((char *)sfe < (char *)sf) || ((char *)sfe >= ((char *)sf + dp->i_afp->if_bytes)))) { XFS_CORRUPTION_ERROR(""xfs_attr_shortform_list"", XFS_ERRLEVEL_LOW, context->dp->i_mount, sfe); kmem_free(sbuf); return -EFSCORRUPTED; } sbp->entno = i; sbp->hash = xfs_da_hashname(sfe->nameval, sfe->namelen); sbp->name = sfe->nameval; sbp->namelen = sfe->namelen; sbp->valuelen = sfe->valuelen; sbp->flags = sfe->flags; sfe = XFS_ATTR_SF_NEXTENTRY(sfe); sbp++; nsbuf++; } xfs_sort(sbuf, nsbuf, sizeof(*sbuf), xfs_attr_shortform_compare); count = 0; cursor->initted = 1; cursor->blkno = 0; for (sbp = sbuf, i = 0; i < nsbuf; i++, sbp++) { if (sbp->hash == cursor->hashval) { if (cursor->offset == count) { break; } count++; } else if (sbp->hash > cursor->hashval) { break; } } if (i == nsbuf) { kmem_free(sbuf); return 0; } for ( ; i < nsbuf; i++, sbp++) { if (cursor->hashval != sbp->hash) { cursor->hashval = sbp->hash; cursor->offset = 0; } error = context->put_listent(context, sbp->flags, sbp->name, sbp->namelen, sbp->valuelen, &sbp->name[sbp->namelen]); if (error) return error; if (context->seen_enough) break; cursor->offset++; } kmem_free(sbuf); return 0; }",visit repo url,fs/xfs/xfs_attr_list.c,https://github.com/torvalds/linux,2910626316209,1 933,CWE-20,"static int cma_req_handler(struct ib_cm_id *cm_id, struct ib_cm_event *ib_event) { struct rdma_id_private *listen_id, *conn_id; struct rdma_cm_event event; int offset, ret; u8 smac[ETH_ALEN]; u8 alt_smac[ETH_ALEN]; u8 *psmac = smac; u8 *palt_smac = alt_smac; int is_iboe = ((rdma_node_get_transport(cm_id->device->node_type) == RDMA_TRANSPORT_IB) && (rdma_port_get_link_layer(cm_id->device, ib_event->param.req_rcvd.port) == IB_LINK_LAYER_ETHERNET)); listen_id = cm_id->context; if (!cma_check_req_qp_type(&listen_id->id, ib_event)) return -EINVAL; if (cma_disable_callback(listen_id, RDMA_CM_LISTEN)) return -ECONNABORTED; memset(&event, 0, sizeof event); offset = cma_user_data_offset(listen_id); event.event = RDMA_CM_EVENT_CONNECT_REQUEST; if (ib_event->event == IB_CM_SIDR_REQ_RECEIVED) { conn_id = cma_new_udp_id(&listen_id->id, ib_event); event.param.ud.private_data = ib_event->private_data + offset; event.param.ud.private_data_len = IB_CM_SIDR_REQ_PRIVATE_DATA_SIZE - offset; } else { conn_id = cma_new_conn_id(&listen_id->id, ib_event); cma_set_req_event_data(&event, &ib_event->param.req_rcvd, ib_event->private_data, offset); } if (!conn_id) { ret = -ENOMEM; goto err1; } mutex_lock_nested(&conn_id->handler_mutex, SINGLE_DEPTH_NESTING); ret = cma_acquire_dev(conn_id, listen_id); if (ret) goto err2; conn_id->cm_id.ib = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_ib_handler; atomic_inc(&conn_id->refcount); ret = conn_id->id.event_handler(&conn_id->id, &event); if (ret) goto err3; if (is_iboe) { if (ib_event->param.req_rcvd.primary_path != NULL) rdma_addr_find_smac_by_sgid( &ib_event->param.req_rcvd.primary_path->sgid, psmac, NULL); else psmac = NULL; if (ib_event->param.req_rcvd.alternate_path != NULL) rdma_addr_find_smac_by_sgid( &ib_event->param.req_rcvd.alternate_path->sgid, palt_smac, NULL); else palt_smac = NULL; } mutex_lock(&lock); if (is_iboe) ib_update_cm_av(cm_id, psmac, palt_smac); if (cma_comp(conn_id, RDMA_CM_CONNECT) && (conn_id->id.qp_type != IB_QPT_UD)) ib_send_cm_mra(cm_id, CMA_CM_MRA_SETTING, NULL, 0); mutex_unlock(&lock); mutex_unlock(&conn_id->handler_mutex); mutex_unlock(&listen_id->handler_mutex); cma_deref_id(conn_id); return 0; err3: cma_deref_id(conn_id); conn_id->cm_id.ib = NULL; err2: cma_exch(conn_id, RDMA_CM_DESTROYING); mutex_unlock(&conn_id->handler_mutex); err1: mutex_unlock(&listen_id->handler_mutex); if (conn_id) rdma_destroy_id(&conn_id->id); return ret; }",visit repo url,drivers/infiniband/core/cma.c,https://github.com/torvalds/linux,171525896714247,1 2768,['CWE-264'],"void enable_sep_cpu(void) { int cpu = get_cpu(); struct tss_struct *tss = &per_cpu(init_tss, cpu); if (!boot_cpu_has(X86_FEATURE_SEP)) { put_cpu(); return; } tss->ss1 = __KERNEL_CS; tss->esp1 = sizeof(struct tss_struct) + (unsigned long) tss; wrmsr(MSR_IA32_SYSENTER_CS, __KERNEL_CS, 0); wrmsr(MSR_IA32_SYSENTER_ESP, tss->esp1, 0); wrmsr(MSR_IA32_SYSENTER_EIP, (unsigned long) sysenter_entry, 0); put_cpu(); }",linux-2.6,,,248446071166796770691742653419947138322,0 2526,['CWE-119'],"void fill_filespec(struct diff_filespec *spec, const unsigned char *sha1, unsigned short mode) { if (mode) { spec->mode = canon_mode(mode); hashcpy(spec->sha1, sha1); spec->sha1_valid = !is_null_sha1(sha1); } }",git,,,184743820771033048161534786178075702530,0 6711,['CWE-310'],"wired_get_secrets (NMDevice *device, NMConnection *connection, NMActiveConnection *active_connection, const char *setting_name, const char **hints, DBusGMethodInvocation *context, NMApplet *applet, GError **error) { NMSettingConnection *s_con; const char *connection_type; gboolean success = FALSE; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); if (!s_con) { g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, ""%s.%d (%s): Invalid connection"", __FILE__, __LINE__, __func__); return FALSE; } connection_type = nm_setting_connection_get_connection_type (s_con); if (!strcmp (connection_type, NM_SETTING_WIRED_SETTING_NAME)) { success = nm_8021x_get_secrets (device, connection, active_connection, setting_name, context, applet, error); } else if (!strcmp (connection_type, NM_SETTING_PPPOE_SETTING_NAME)) success = pppoe_get_secrets (device, connection, active_connection, setting_name, context, applet, error); return success; }",network-manager-applet,,,59469932228308417398806790748268464599,0 3672,['CWE-119'],"static int hfsplus_cat_build_record(hfsplus_cat_entry *entry, u32 cnid, struct inode *inode) { if (S_ISDIR(inode->i_mode)) { struct hfsplus_cat_folder *folder; folder = &entry->folder; memset(folder, 0, sizeof(*folder)); folder->type = cpu_to_be16(HFSPLUS_FOLDER); folder->id = cpu_to_be32(inode->i_ino); HFSPLUS_I(inode).create_date = folder->create_date = folder->content_mod_date = folder->attribute_mod_date = folder->access_date = hfsp_now2mt(); hfsplus_set_perms(inode, &folder->permissions); if (inode == HFSPLUS_SB(inode->i_sb).hidden_dir) folder->user_info.frFlags = cpu_to_be16(0x5000); return sizeof(*folder); } else { struct hfsplus_cat_file *file; file = &entry->file; memset(file, 0, sizeof(*file)); file->type = cpu_to_be16(HFSPLUS_FILE); file->flags = cpu_to_be16(HFSPLUS_FILE_THREAD_EXISTS); file->id = cpu_to_be32(cnid); HFSPLUS_I(inode).create_date = file->create_date = file->content_mod_date = file->attribute_mod_date = file->access_date = hfsp_now2mt(); if (cnid == inode->i_ino) { hfsplus_set_perms(inode, &file->permissions); if (S_ISLNK(inode->i_mode)) { file->user_info.fdType = cpu_to_be32(HFSP_SYMLINK_TYPE); file->user_info.fdCreator = cpu_to_be32(HFSP_SYMLINK_CREATOR); } else { file->user_info.fdType = cpu_to_be32(HFSPLUS_SB(inode->i_sb).type); file->user_info.fdCreator = cpu_to_be32(HFSPLUS_SB(inode->i_sb).creator); } if ((file->permissions.rootflags | file->permissions.userflags) & HFSPLUS_FLG_IMMUTABLE) file->flags |= cpu_to_be16(HFSPLUS_FILE_LOCKED); } else { file->user_info.fdType = cpu_to_be32(HFSP_HARDLINK_TYPE); file->user_info.fdCreator = cpu_to_be32(HFSP_HFSPLUS_CREATOR); file->user_info.fdFlags = cpu_to_be16(0x100); file->create_date = HFSPLUS_I(HFSPLUS_SB(inode->i_sb).hidden_dir).create_date; file->permissions.dev = cpu_to_be32(HFSPLUS_I(inode).dev); } return sizeof(*file); } }",linux-2.6,,,292886817386496873034934303591618382432,0 6642,CWE-190,"static int process_data(void) { PCRE2_SIZE len, ulen, arg_ulen; uint32_t gmatched; uint32_t c, k; uint32_t g_notempty = 0; uint8_t *p, *pp, *start_rep; size_t needlen; void *use_dat_context; BOOL utf; BOOL subject_literal; PCRE2_SIZE *ovector; PCRE2_SIZE ovecsave[3]; uint32_t oveccount; #ifdef SUPPORT_PCRE2_8 uint8_t *q8 = NULL; #endif #ifdef SUPPORT_PCRE2_16 uint16_t *q16 = NULL; #endif #ifdef SUPPORT_PCRE2_32 uint32_t *q32 = NULL; #endif subject_literal = (pat_patctl.control2 & CTL2_SUBJECT_LITERAL) != 0; DATCTXCPY(dat_context, default_dat_context); memcpy(&dat_datctl, &def_datctl, sizeof(datctl)); dat_datctl.control |= (pat_patctl.control & CTL_ALLPD); dat_datctl.control2 |= (pat_patctl.control2 & CTL2_ALLPD); strcpy((char *)dat_datctl.replacement, (char *)pat_patctl.replacement); if (dat_datctl.jitstack == 0) dat_datctl.jitstack = pat_patctl.jitstack; if (dat_datctl.substitute_skip == 0) dat_datctl.substitute_skip = pat_patctl.substitute_skip; if (dat_datctl.substitute_stop == 0) dat_datctl.substitute_stop = pat_patctl.substitute_stop; #ifdef SUPPORT_PCRE2_8 utf = ((((pat_patctl.control & CTL_POSIX) != 0)? ((pcre2_real_code_8 *)preg.re_pcre2_code)->overall_options : FLD(compiled_code, overall_options)) & PCRE2_UTF) != 0; #else utf = (FLD(compiled_code, overall_options) & PCRE2_UTF) != 0; #endif start_rep = NULL; len = strlen((const char *)buffer); while (len > 0 && isspace(buffer[len-1])) len--; buffer[len] = 0; p = buffer; while (isspace(*p)) p++; if (utf) { uint8_t *q; uint32_t cc; int n = 1; for (q = p; n > 0 && *q; q += n) n = utf82ord(q, &cc); if (n <= 0) { fprintf(outfile, ""** Failed: invalid UTF-8 string cannot be used as input "" ""in UTF mode\n""); return PR_OK; } } #ifdef SUPPORT_VALGRIND if (dbuffer != NULL) { VALGRIND_MAKE_MEM_UNDEFINED(dbuffer, dbuffer_size); } #endif needlen = (size_t)((len+1) * code_unit_size); if (dbuffer == NULL || needlen >= dbuffer_size) { while (needlen >= dbuffer_size) dbuffer_size *= 2; dbuffer = (uint8_t *)realloc(dbuffer, dbuffer_size); if (dbuffer == NULL) { fprintf(stderr, ""pcre2test: realloc(%d) failed\n"", (int)dbuffer_size); exit(1); } } SETCASTPTR(q, dbuffer); while ((c = *p++) != 0) { int32_t i = 0; size_t replen; if (c == ']' && start_rep != NULL) { long li; char *endptr; if (*p++ != '{') { fprintf(outfile, ""** Expected '{' after \\[....]\n""); return PR_OK; } li = strtol((const char *)p, &endptr, 10); if (S32OVERFLOW(li)) { fprintf(outfile, ""** Repeat count too large\n""); return PR_OK; } p = (uint8_t *)endptr; if (*p++ != '}') { fprintf(outfile, ""** Expected '}' after \\[...]{...\n""); return PR_OK; } i = (int32_t)li; if (i-- == 0) { fprintf(outfile, ""** Zero repeat not allowed\n""); return PR_OK; } replen = CAST8VAR(q) - start_rep; needlen += replen * i; if (needlen >= dbuffer_size) { size_t qoffset = CAST8VAR(q) - dbuffer; size_t rep_offset = start_rep - dbuffer; while (needlen >= dbuffer_size) dbuffer_size *= 2; dbuffer = (uint8_t *)realloc(dbuffer, dbuffer_size); if (dbuffer == NULL) { fprintf(stderr, ""pcre2test: realloc(%d) failed\n"", (int)dbuffer_size); exit(1); } SETCASTPTR(q, dbuffer + qoffset); start_rep = dbuffer + rep_offset; } while (i-- > 0) { memcpy(CAST8VAR(q), start_rep, replen); SETPLUS(q, replen/code_unit_size); } start_rep = NULL; continue; } if (c != '\\' || subject_literal) { uint32_t topbit = 0; if (test_mode == PCRE32_MODE && c == 0xff && *p != 0) { topbit = 0x80000000; c = *p++; } if ((utf || (pat_patctl.control & CTL_UTF8_INPUT) != 0) && HASUTF8EXTRALEN(c)) { GETUTF8INC(c, p); } c |= topbit; } else switch ((c = *p++)) { case '\\': break; case 'a': c = CHAR_BEL; break; case 'b': c = '\b'; break; case 'e': c = CHAR_ESC; break; case 'f': c = '\f'; break; case 'n': c = '\n'; break; case 'r': c = '\r'; break; case 't': c = '\t'; break; case 'v': c = '\v'; break; case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': c -= '0'; while (i++ < 2 && isdigit(*p) && *p != '8' && *p != '9') c = c * 8 + *p++ - '0'; break; case 'o': if (*p == '{') { uint8_t *pt = p; c = 0; for (pt++; isdigit(*pt) && *pt != '8' && *pt != '9'; pt++) { if (++i == 12) fprintf(outfile, ""** Too many octal digits in \\o{...} item; "" ""using only the first twelve.\n""); else c = c * 8 + *pt - '0'; } if (*pt == '}') p = pt + 1; else fprintf(outfile, ""** Missing } after \\o{ (assumed)\n""); } break; case 'x': if (*p == '{') { uint8_t *pt = p; c = 0; for (pt++; isxdigit(*pt); pt++) { if (++i == 9) fprintf(outfile, ""** Too many hex digits in \\x{...} item; "" ""using only the first eight.\n""); else c = c * 16 + tolower(*pt) - ((isdigit(*pt))? '0' : 'a' - 10); } if (*pt == '}') { p = pt + 1; break; } } c = 0; while (i++ < 2 && isxdigit(*p)) { c = c * 16 + tolower(*p) - ((isdigit(*p))? '0' : 'a' - 10); p++; } #if defined SUPPORT_PCRE2_8 if (utf && (test_mode == PCRE8_MODE)) { *q8++ = c; continue; } #endif break; case 0: p--; continue; case '=': goto ENDSTRING; case '[': if (start_rep != NULL) { fprintf(outfile, ""** Nested replication is not supported\n""); return PR_OK; } start_rep = CAST8VAR(q); continue; default: if (isalnum(c)) { fprintf(outfile, ""** Unrecognized escape sequence \""\\%c\""\n"", c); return PR_OK; } } #ifdef SUPPORT_PCRE2_8 if (test_mode == PCRE8_MODE) { if (utf) { if (c > 0x7fffffff) { fprintf(outfile, ""** Character \\x{%x} is greater than 0x7fffffff "" ""and so cannot be converted to UTF-8\n"", c); return PR_OK; } q8 += ord2utf8(c, q8); } else { if (c > 0xffu) { fprintf(outfile, ""** Character \\x{%x} is greater than 255 "" ""and UTF-8 mode is not enabled.\n"", c); fprintf(outfile, ""** Truncation will probably give the wrong "" ""result.\n""); } *q8++ = (uint8_t)c; } } #endif #ifdef SUPPORT_PCRE2_16 if (test_mode == PCRE16_MODE) { if (utf) { if (c > 0x10ffffu) { fprintf(outfile, ""** Failed: character \\x{%x} is greater than "" ""0x10ffff and so cannot be converted to UTF-16\n"", c); return PR_OK; } else if (c >= 0x10000u) { c-= 0x10000u; *q16++ = 0xD800 | (c >> 10); *q16++ = 0xDC00 | (c & 0x3ff); } else *q16++ = c; } else { if (c > 0xffffu) { fprintf(outfile, ""** Character \\x{%x} is greater than 0xffff "" ""and UTF-16 mode is not enabled.\n"", c); fprintf(outfile, ""** Truncation will probably give the wrong "" ""result.\n""); } *q16++ = (uint16_t)c; } } #endif #ifdef SUPPORT_PCRE2_32 if (test_mode == PCRE32_MODE) { *q32++ = c; } #endif } ENDSTRING: SET(*q, 0); len = CASTVAR(uint8_t *, q) - dbuffer; ulen = len/code_unit_size; arg_ulen = ulen; if (p[-1] != 0 && !decode_modifiers(p, CTX_DAT, NULL, &dat_datctl)) return PR_OK; if (dat_datctl.substitute_skip != 0 || dat_datctl.substitute_stop != 0) dat_datctl.control2 |= CTL2_SUBSTITUTE_CALLOUT; for (k = 0; k < sizeof(exclusive_dat_controls)/sizeof(uint32_t); k++) { c = dat_datctl.control & exclusive_dat_controls[k]; if (c != 0 && c != (c & (~c+1))) { show_controls(c, 0, ""** Not allowed together:""); fprintf(outfile, ""\n""); return PR_OK; } } if (pat_patctl.replacement[0] != 0) { if ((dat_datctl.control2 & CTL2_SUBSTITUTE_CALLOUT) != 0 && (dat_datctl.control & CTL_NULLCONTEXT) != 0) { fprintf(outfile, ""** Replacement callouts are not supported with null_context.\n""); return PR_OK; } if ((dat_datctl.control & CTL_ALLCAPTURES) != 0) fprintf(outfile, ""** Ignored with replacement text: allcaptures\n""); } if ((dat_datctl.control & CTL_DFA) != 0) { if ((dat_datctl.control & CTL_ALLCAPTURES) != 0) fprintf(outfile, ""** Ignored after DFA matching: allcaptures\n""); } c = code_unit_size * (((pat_patctl.control & CTL_POSIX) + (dat_datctl.control & CTL_ZERO_TERMINATE) != 0)? 1:0); pp = memmove(dbuffer + dbuffer_size - len - c, dbuffer, len + c); #ifdef SUPPORT_VALGRIND VALGRIND_MAKE_MEM_NOACCESS(dbuffer, dbuffer_size - (len + c)); #endif if ((dat_datctl.control2 & CTL2_NULL_SUBJECT) != 0) pp = NULL; #ifdef SUPPORT_PCRE2_8 if ((pat_patctl.control & CTL_POSIX) != 0) { int rc; int eflags = 0; regmatch_t *pmatch = NULL; const char *msg = ""** Ignored with POSIX interface:""; if (dat_datctl.cerror[0] != CFORE_UNSET || dat_datctl.cerror[1] != CFORE_UNSET) prmsg(&msg, ""callout_error""); if (dat_datctl.cfail[0] != CFORE_UNSET || dat_datctl.cfail[1] != CFORE_UNSET) prmsg(&msg, ""callout_fail""); if (dat_datctl.copy_numbers[0] >= 0 || dat_datctl.copy_names[0] != 0) prmsg(&msg, ""copy""); if (dat_datctl.get_numbers[0] >= 0 || dat_datctl.get_names[0] != 0) prmsg(&msg, ""get""); if (dat_datctl.jitstack != 0) prmsg(&msg, ""jitstack""); if (dat_datctl.offset != 0) prmsg(&msg, ""offset""); if ((dat_datctl.options & ~POSIX_SUPPORTED_MATCH_OPTIONS) != 0) { fprintf(outfile, ""%s"", msg); show_match_options(dat_datctl.options & ~POSIX_SUPPORTED_MATCH_OPTIONS); msg = """"; } if ((dat_datctl.control & ~POSIX_SUPPORTED_MATCH_CONTROLS) != 0 || (dat_datctl.control2 & ~POSIX_SUPPORTED_MATCH_CONTROLS2) != 0) { show_controls(dat_datctl.control & ~POSIX_SUPPORTED_MATCH_CONTROLS, dat_datctl.control2 & ~POSIX_SUPPORTED_MATCH_CONTROLS2, msg); msg = """"; } if (msg[0] == 0) fprintf(outfile, ""\n""); if (dat_datctl.oveccount > 0) { pmatch = (regmatch_t *)malloc(sizeof(regmatch_t) * dat_datctl.oveccount); if (pmatch == NULL) { fprintf(outfile, ""** Failed to get memory for recording matching "" ""information (size set = %du)\n"", dat_datctl.oveccount); return PR_OK; } } if (dat_datctl.startend[0] != CFORE_UNSET) { pmatch[0].rm_so = dat_datctl.startend[0]; pmatch[0].rm_eo = (dat_datctl.startend[1] != 0)? dat_datctl.startend[1] : len; eflags |= REG_STARTEND; } if ((dat_datctl.options & PCRE2_NOTBOL) != 0) eflags |= REG_NOTBOL; if ((dat_datctl.options & PCRE2_NOTEOL) != 0) eflags |= REG_NOTEOL; if ((dat_datctl.options & PCRE2_NOTEMPTY) != 0) eflags |= REG_NOTEMPTY; rc = regexec(&preg, (const char *)pp, dat_datctl.oveccount, pmatch, eflags); if (rc != 0) { (void)regerror(rc, &preg, (char *)pbuffer8, pbuffer8_size); fprintf(outfile, ""No match: POSIX code %d: %s\n"", rc, pbuffer8); } else if ((pat_patctl.control & CTL_POSIX_NOSUB) != 0) fprintf(outfile, ""Matched with REG_NOSUB\n""); else if (dat_datctl.oveccount == 0) fprintf(outfile, ""Matched without capture\n""); else { size_t i, j; size_t last_printed = (size_t)dat_datctl.oveccount; for (i = 0; i < (size_t)dat_datctl.oveccount; i++) { if (pmatch[i].rm_so >= 0) { PCRE2_SIZE start = pmatch[i].rm_so; PCRE2_SIZE end = pmatch[i].rm_eo; for (j = last_printed + 1; j < i; j++) fprintf(outfile, ""%2d: \n"", (int)j); last_printed = i; if (start > end) { start = pmatch[i].rm_eo; end = pmatch[i].rm_so; fprintf(outfile, ""Start of matched string is beyond its end - "" ""displaying from end to start.\n""); } fprintf(outfile, ""%2d: "", (int)i); PCHARSV(pp, start, end - start, utf, outfile); fprintf(outfile, ""\n""); if ((i == 0 && (dat_datctl.control & CTL_AFTERTEXT) != 0) || (dat_datctl.control & CTL_ALLAFTERTEXT) != 0) { fprintf(outfile, ""%2d+ "", (int)i); PCHARSV(pp, pmatch[i].rm_eo, len - pmatch[i].rm_eo, utf, outfile); fprintf(outfile, ""\n""); } } } } free(pmatch); return PR_OK; } #endif if (dat_datctl.startend[0] != CFORE_UNSET) fprintf(outfile, ""** \\=posix_startend ignored for non-POSIX matching\n""); if ((dat_datctl.control & (CTL_ALLUSEDTEXT|CTL_DFA)) == CTL_ALLUSEDTEXT && FLD(compiled_code, executable_jit) != NULL) { fprintf(outfile, ""** Showing all consulted text is not supported by JIT: ignored\n""); dat_datctl.control &= ~CTL_ALLUSEDTEXT; } if ((dat_datctl.control & CTL_ZERO_TERMINATE) != 0) arg_ulen = PCRE2_ZERO_TERMINATED; use_dat_context = ((dat_datctl.control & CTL_NULLCONTEXT) != 0)? NULL : PTR(dat_context); show_memory = (dat_datctl.control & CTL_MEMORY) != 0; if (show_memory && (pat_patctl.control & dat_datctl.control & CTL_NULLCONTEXT) != 0) fprintf(outfile, ""** \\=memory requires either a pattern or a subject "" ""context: ignored\n""); if (dat_datctl.jitstack != 0) { if (dat_datctl.jitstack != jit_stack_size) { PCRE2_JIT_STACK_FREE(jit_stack); PCRE2_JIT_STACK_CREATE(jit_stack, 1, dat_datctl.jitstack * 1024, NULL); jit_stack_size = dat_datctl.jitstack; } PCRE2_JIT_STACK_ASSIGN(dat_context, jit_callback, jit_stack); } else if (jit_stack != NULL) { PCRE2_JIT_STACK_ASSIGN(dat_context, NULL, NULL); PCRE2_JIT_STACK_FREE(jit_stack); jit_stack = NULL; jit_stack_size = 0; } if ((pat_patctl.control & CTL_JITVERIFY) != 0 && jit_stack == NULL) { PCRE2_JIT_STACK_ASSIGN(dat_context, jit_callback, NULL); } if (dat_datctl.oveccount == 0) { PCRE2_MATCH_DATA_FREE(match_data); PCRE2_MATCH_DATA_CREATE_FROM_PATTERN(match_data, compiled_code, general_context); PCRE2_GET_OVECTOR_COUNT(max_oveccount, match_data); } else if (dat_datctl.oveccount <= max_oveccount) { SETFLD(match_data, oveccount, dat_datctl.oveccount); } else { max_oveccount = dat_datctl.oveccount; PCRE2_MATCH_DATA_FREE(match_data); PCRE2_MATCH_DATA_CREATE(match_data, max_oveccount, general_context); } if (CASTVAR(void *, match_data) == NULL) { fprintf(outfile, ""** Failed to get memory for recording matching "" ""information (size requested: %d)\n"", dat_datctl.oveccount); max_oveccount = 0; return PR_OK; } ovector = FLD(match_data, ovector); PCRE2_GET_OVECTOR_COUNT(oveccount, match_data); if (dat_datctl.replacement[0] != 0 && (dat_datctl.control & CTL_DFA) != 0) { fprintf(outfile, ""** Ignored for DFA matching: replace\n""); dat_datctl.replacement[0] = 0; } if (dat_datctl.replacement[0] != 0) { int rc; uint8_t *pr; uint8_t rbuffer[REPLACE_BUFFSIZE]; uint8_t nbuffer[REPLACE_BUFFSIZE]; uint8_t *rbptr; uint32_t xoptions; uint32_t emoption; PCRE2_SIZE j, rlen, nsize, erroroffset; BOOL badutf = FALSE; #ifdef SUPPORT_PCRE2_8 uint8_t *r8 = NULL; #endif #ifdef SUPPORT_PCRE2_16 uint16_t *r16 = NULL; #endif #ifdef SUPPORT_PCRE2_32 uint32_t *r32 = NULL; #endif for (j = 0; j < 2*oveccount; j++) ovector[j] = JUNK_OFFSET; if (timeitm) fprintf(outfile, ""** Timing is not supported with replace: ignored\n""); if ((dat_datctl.control & CTL_ALTGLOBAL) != 0) fprintf(outfile, ""** Altglobal is not supported with replace: ignored\n""); emoption = ((dat_datctl.control2 & CTL2_SUBSTITUTE_MATCHED) == 0)? 0 : PCRE2_SUBSTITUTE_MATCHED; if (emoption != 0) { PCRE2_MATCH(rc, compiled_code, pp, arg_ulen, dat_datctl.offset, dat_datctl.options, match_data, use_dat_context); } xoptions = emoption | (((dat_datctl.control & CTL_GLOBAL) == 0)? 0 : PCRE2_SUBSTITUTE_GLOBAL) | (((dat_datctl.control2 & CTL2_SUBSTITUTE_EXTENDED) == 0)? 0 : PCRE2_SUBSTITUTE_EXTENDED) | (((dat_datctl.control2 & CTL2_SUBSTITUTE_LITERAL) == 0)? 0 : PCRE2_SUBSTITUTE_LITERAL) | (((dat_datctl.control2 & CTL2_SUBSTITUTE_OVERFLOW_LENGTH) == 0)? 0 : PCRE2_SUBSTITUTE_OVERFLOW_LENGTH) | (((dat_datctl.control2 & CTL2_SUBSTITUTE_REPLACEMENT_ONLY) == 0)? 0 : PCRE2_SUBSTITUTE_REPLACEMENT_ONLY) | (((dat_datctl.control2 & CTL2_SUBSTITUTE_UNKNOWN_UNSET) == 0)? 0 : PCRE2_SUBSTITUTE_UNKNOWN_UNSET) | (((dat_datctl.control2 & CTL2_SUBSTITUTE_UNSET_EMPTY) == 0)? 0 : PCRE2_SUBSTITUTE_UNSET_EMPTY); SETCASTPTR(r, rbuffer); pr = dat_datctl.replacement; nsize = REPLACE_BUFFSIZE/code_unit_size; if (*pr == '[') { PCRE2_SIZE n = 0; while ((c = *(++pr)) >= CHAR_0 && c <= CHAR_9) n = n * 10 + c - CHAR_0; if (*pr++ != ']') { fprintf(outfile, ""Bad buffer size in replacement string\n""); return PR_OK; } if (n > nsize) { fprintf(outfile, ""Replacement buffer setting (%"" SIZ_FORM "") is too "" ""large (max %"" SIZ_FORM "")\n"", n, nsize); return PR_OK; } nsize = n; } if (utf) badutf = valid_utf(pr, strlen((const char *)pr), &erroroffset); if (!utf || badutf) { while ((c = *pr++) != 0) { #ifdef SUPPORT_PCRE2_8 if (test_mode == PCRE8_MODE) *r8++ = c; #endif #ifdef SUPPORT_PCRE2_16 if (test_mode == PCRE16_MODE) *r16++ = c; #endif #ifdef SUPPORT_PCRE2_32 if (test_mode == PCRE32_MODE) *r32++ = c; #endif } } else while ((c = *pr++) != 0) { if (HASUTF8EXTRALEN(c)) { GETUTF8INC(c, pr); } #ifdef SUPPORT_PCRE2_8 if (test_mode == PCRE8_MODE) r8 += ord2utf8(c, r8); #endif #ifdef SUPPORT_PCRE2_16 if (test_mode == PCRE16_MODE) { if (c >= 0x10000u) { c-= 0x10000u; *r16++ = 0xD800 | (c >> 10); *r16++ = 0xDC00 | (c & 0x3ff); } else *r16++ = c; } #endif #ifdef SUPPORT_PCRE2_32 if (test_mode == PCRE32_MODE) *r32++ = c; #endif } SET(*r, 0); if ((dat_datctl.control & CTL_ZERO_TERMINATE) != 0) rlen = PCRE2_ZERO_TERMINATED; else rlen = (CASTVAR(uint8_t *, r) - rbuffer)/code_unit_size; if ((dat_datctl.control2 & CTL2_SUBSTITUTE_CALLOUT) != 0) { PCRE2_SET_SUBSTITUTE_CALLOUT(dat_context, substitute_callout_function, NULL); } else { PCRE2_SET_SUBSTITUTE_CALLOUT(dat_context, NULL, NULL); } rbptr = ((dat_datctl.control2 & CTL2_NULL_REPLACEMENT) == 0)? rbuffer : NULL; PCRE2_SUBSTITUTE(rc, compiled_code, pp, arg_ulen, dat_datctl.offset, dat_datctl.options|xoptions, match_data, use_dat_context, rbptr, rlen, nbuffer, &nsize); if (rc < 0) { fprintf(outfile, ""Failed: error %d"", rc); if (rc != PCRE2_ERROR_NOMEMORY && nsize != PCRE2_UNSET) fprintf(outfile, "" at offset %ld in replacement"", (long int)nsize); fprintf(outfile, "": ""); if (!print_error_message(rc, """", """")) return PR_ABEND; if (rc == PCRE2_ERROR_NOMEMORY && (xoptions & PCRE2_SUBSTITUTE_OVERFLOW_LENGTH) != 0) fprintf(outfile, "": %ld code units are needed"", (long int)nsize); } else { fprintf(outfile, ""%2d: "", rc); PCHARSV(nbuffer, 0, nsize, utf, outfile); } fprintf(outfile, ""\n""); show_memory = FALSE; if ((dat_datctl.control2 & CTL2_ALLVECTOR) != 0) show_ovector(ovector, oveccount); return PR_OK; } ovecsave[0] = ovecsave[1] = ovecsave[2] = PCRE2_UNSET; for (gmatched = 0;; gmatched++) { PCRE2_SIZE j; int capcount; for (j = 0; j < 2*oveccount; j++) ovector[j] = JUNK_OFFSET; jit_was_used = (pat_patctl.control & CTL_JITFAST) != 0; if (timeitm > 0) { int i; clock_t start_time, time_taken; if ((dat_datctl.control & CTL_DFA) != 0) { if ((dat_datctl.options & PCRE2_DFA_RESTART) != 0) { fprintf(outfile, ""Timing DFA restarts is not supported\n""); return PR_OK; } if (dfa_workspace == NULL) dfa_workspace = (int *)malloc(DFA_WS_DIMENSION*sizeof(int)); start_time = clock(); for (i = 0; i < timeitm; i++) { PCRE2_DFA_MATCH(capcount, compiled_code, pp, arg_ulen, dat_datctl.offset, dat_datctl.options | g_notempty, match_data, use_dat_context, dfa_workspace, DFA_WS_DIMENSION); } } else if ((pat_patctl.control & CTL_JITFAST) != 0) { start_time = clock(); for (i = 0; i < timeitm; i++) { PCRE2_JIT_MATCH(capcount, compiled_code, pp, arg_ulen, dat_datctl.offset, dat_datctl.options | g_notempty, match_data, use_dat_context); } } else { start_time = clock(); for (i = 0; i < timeitm; i++) { PCRE2_MATCH(capcount, compiled_code, pp, arg_ulen, dat_datctl.offset, dat_datctl.options | g_notempty, match_data, use_dat_context); } } total_match_time += (time_taken = clock() - start_time); fprintf(outfile, ""Match time %.4f milliseconds\n"", (((double)time_taken * 1000.0) / (double)timeitm) / (double)CLOCKS_PER_SEC); } if ((dat_datctl.control & (CTL_FINDLIMITS|CTL_FINDLIMITS_NOHEAP)) != 0) { capcount = 0; if ((dat_datctl.control & CTL_FINDLIMITS_NOHEAP) == 0 && (FLD(compiled_code, executable_jit) == NULL || (dat_datctl.options & PCRE2_NO_JIT) != 0)) { (void)check_match_limit(pp, arg_ulen, PCRE2_ERROR_HEAPLIMIT, ""heap""); } capcount = check_match_limit(pp, arg_ulen, PCRE2_ERROR_MATCHLIMIT, ""match""); if (FLD(compiled_code, executable_jit) == NULL || (dat_datctl.options & PCRE2_NO_JIT) != 0 || (dat_datctl.control & CTL_DFA) != 0) { capcount = check_match_limit(pp, arg_ulen, PCRE2_ERROR_DEPTHLIMIT, ""depth""); } if (capcount == 0) { fprintf(outfile, ""Matched, but offsets vector is too small to show all matches\n""); capcount = dat_datctl.oveccount; } } else { if ((dat_datctl.control & CTL_CALLOUT_NONE) == 0) { PCRE2_SET_CALLOUT(dat_context, callout_function, (void *)(&dat_datctl.callout_data)); first_callout = TRUE; last_callout_mark = NULL; callout_count = 0; } else { PCRE2_SET_CALLOUT(dat_context, NULL, NULL); } if ((dat_datctl.control & CTL_DFA) != 0) { if (dfa_workspace == NULL) dfa_workspace = (int *)malloc(DFA_WS_DIMENSION*sizeof(int)); if (dfa_matched++ == 0) dfa_workspace[0] = -1; PCRE2_DFA_MATCH(capcount, compiled_code, pp, arg_ulen, dat_datctl.offset, dat_datctl.options | g_notempty, match_data, use_dat_context, dfa_workspace, DFA_WS_DIMENSION); if (capcount == 0) { fprintf(outfile, ""Matched, but offsets vector is too small to show all matches\n""); capcount = dat_datctl.oveccount; } } else { if ((pat_patctl.control & CTL_JITFAST) != 0) PCRE2_JIT_MATCH(capcount, compiled_code, pp, arg_ulen, dat_datctl.offset, dat_datctl.options | g_notempty, match_data, use_dat_context); else PCRE2_MATCH(capcount, compiled_code, pp, arg_ulen, dat_datctl.offset, dat_datctl.options | g_notempty, match_data, use_dat_context); if (capcount == 0) { fprintf(outfile, ""Matched, but too many substrings\n""); capcount = dat_datctl.oveccount; } } } if (capcount >= 0) { int i; if (pp == NULL) pp = (uint8_t *)""""; if (capcount > (int)oveccount) { fprintf(outfile, ""** PCRE2 error: returned count %d is too big for ovector count %d\n"", capcount, oveccount); capcount = oveccount; if ((dat_datctl.control & CTL_ANYGLOB) != 0) { fprintf(outfile, ""** Global loop abandoned\n""); dat_datctl.control &= ~CTL_ANYGLOB; } } if ((dat_datctl.options & PCRE2_COPY_MATCHED_SUBJECT) != 0 && (pat_patctl.control & CTL_JITFAST) == 0) { if ((FLD(match_data, flags) & PCRE2_MD_COPIED_SUBJECT) == 0) fprintf(outfile, ""** PCRE2 error: flag not set after copy_matched_subject\n""); if (CASTFLD(void *, match_data, subject) == pp) fprintf(outfile, ""** PCRE2 error: copy_matched_subject has not copied\n""); if (memcmp(CASTFLD(void *, match_data, subject), pp, ulen) != 0) fprintf(outfile, ""** PCRE2 error: copy_matched_subject mismatch\n""); } if (gmatched > 0 && ovecsave[0] == ovector[0] && ovecsave[1] == ovector[1]) { if (ovector[0] == ovector[1] && ovecsave[2] != dat_datctl.offset) { g_notempty = PCRE2_NOTEMPTY_ATSTART | PCRE2_ANCHORED; ovecsave[2] = dat_datctl.offset; continue; } fprintf(outfile, ""** PCRE2 error: global repeat returned the same string as previous\n""); fprintf(outfile, ""** Global loop abandoned\n""); dat_datctl.control &= ~CTL_ANYGLOB; } if ((dat_datctl.control & (CTL_ALLCAPTURES|CTL_DFA)) == CTL_ALLCAPTURES) { capcount = maxcapcount + 1; if (capcount > (int)oveccount) capcount = oveccount; } if ((dat_datctl.control2 & CTL2_ALLVECTOR) != 0) capcount = oveccount; for (i = 0; i < 2*capcount; i += 2) { PCRE2_SIZE lleft, lmiddle, lright; PCRE2_SIZE start = ovector[i]; PCRE2_SIZE end = ovector[i+1]; if (start > end) { start = ovector[i+1]; end = ovector[i]; fprintf(outfile, ""Start of matched string is beyond its end - "" ""displaying from end to start.\n""); } fprintf(outfile, ""%2d: "", i/2); if (start == PCRE2_UNSET && end == PCRE2_UNSET) { fprintf(outfile, ""\n""); continue; } if (start > ulen || end > ulen) { if (((dat_datctl.control & CTL_DFA) != 0 || i >= (int)(2*maxcapcount + 2)) && start == JUNK_OFFSET && end == JUNK_OFFSET) fprintf(outfile, ""\n""); else fprintf(outfile, ""ERROR: bad value(s) for offset(s): 0x%lx 0x%lx\n"", (unsigned long int)start, (unsigned long int)end); continue; } if (i == 0) { BOOL showallused; PCRE2_SIZE leftchar, rightchar; if ((dat_datctl.control & CTL_ALLUSEDTEXT) != 0) { leftchar = FLD(match_data, leftchar); rightchar = FLD(match_data, rightchar); showallused = i == 0 && (leftchar < start || rightchar > end); } else showallused = FALSE; if (showallused) { PCHARS(lleft, pp, leftchar, start - leftchar, utf, outfile); PCHARS(lmiddle, pp, start, end - start, utf, outfile); PCHARS(lright, pp, end, rightchar - end, utf, outfile); if ((pat_patctl.control & CTL_JITVERIFY) != 0 && jit_was_used) fprintf(outfile, "" (JIT)""); fprintf(outfile, ""\n ""); for (j = 0; j < lleft; j++) fprintf(outfile, ""<""); for (j = 0; j < lmiddle; j++) fprintf(outfile, "" ""); for (j = 0; j < lright; j++) fprintf(outfile, "">""); } else if ((dat_datctl.control & CTL_STARTCHAR) != 0) { PCRE2_SIZE startchar; PCRE2_GET_STARTCHAR(startchar, match_data); PCHARS(lleft, pp, startchar, start - startchar, utf, outfile); PCHARSV(pp, start, end - start, utf, outfile); if ((pat_patctl.control & CTL_JITVERIFY) != 0 && jit_was_used) fprintf(outfile, "" (JIT)""); if (startchar != start) { fprintf(outfile, ""\n ""); for (j = 0; j < lleft; j++) fprintf(outfile, ""^""); } } else { PCHARSV(pp, start, end - start, utf, outfile); if ((pat_patctl.control & CTL_JITVERIFY) != 0 && jit_was_used) fprintf(outfile, "" (JIT)""); } } else { PCHARSV(pp, start, end - start, utf, outfile); } fprintf(outfile, ""\n""); if ((dat_datctl.control & CTL_ALLAFTERTEXT) != 0 || (i == 0 && (dat_datctl.control & CTL_AFTERTEXT) != 0)) { fprintf(outfile, ""%2d+ "", i/2); PCHARSV(pp, ovector[i+1], ulen - ovector[i+1], utf, outfile); fprintf(outfile, ""\n""); } } if ((dat_datctl.control & CTL_MARK) != 0 && TESTFLD(match_data, mark, !=, NULL)) { fprintf(outfile, ""MK: ""); PCHARSV(CASTFLD(void *, match_data, mark), -1, -1, utf, outfile); fprintf(outfile, ""\n""); } if (!copy_and_get(utf, capcount)) return PR_ABEND; } else if (capcount == PCRE2_ERROR_PARTIAL) { PCRE2_SIZE leftchar; int backlength; int rubriclength = 0; if ((dat_datctl.control & CTL_ALLUSEDTEXT) != 0) { leftchar = FLD(match_data, leftchar); } else leftchar = ovector[0]; fprintf(outfile, ""Partial match""); if ((dat_datctl.control & CTL_MARK) != 0 && TESTFLD(match_data, mark, !=, NULL)) { fprintf(outfile, "", mark=""); PCHARS(rubriclength, CASTFLD(void *, match_data, mark), -1, -1, utf, outfile); rubriclength += 7; } fprintf(outfile, "": ""); rubriclength += 15; PCHARS(backlength, pp, leftchar, ovector[0] - leftchar, utf, outfile); PCHARSV(pp, ovector[0], ulen - ovector[0], utf, outfile); if ((pat_patctl.control & CTL_JITVERIFY) != 0 && jit_was_used) fprintf(outfile, "" (JIT)""); fprintf(outfile, ""\n""); if (backlength != 0) { int i; for (i = 0; i < rubriclength; i++) fprintf(outfile, "" ""); for (i = 0; i < backlength; i++) fprintf(outfile, ""<""); fprintf(outfile, ""\n""); } if (ulen != ovector[1]) fprintf(outfile, ""** ovector[1] is not equal to the subject length: "" ""%ld != %ld\n"", (unsigned long int)ovector[1], (unsigned long int)ulen); if (!copy_and_get(utf, 1)) return PR_ABEND; if ((dat_datctl.control2 & CTL2_ALLVECTOR) != 0) show_ovector(ovector, oveccount); break; } else if (g_notempty != 0) { uint16_t nl = FLD(compiled_code, newline_convention); PCRE2_SIZE start_offset = dat_datctl.offset; PCRE2_SIZE end_offset = start_offset + 1; if ((nl == PCRE2_NEWLINE_CRLF || nl == PCRE2_NEWLINE_ANY || nl == PCRE2_NEWLINE_ANYCRLF) && start_offset < ulen - 1 && CODE_UNIT(pp, start_offset) == '\r' && CODE_UNIT(pp, end_offset) == '\n') end_offset++; else if (utf && test_mode != PCRE32_MODE) { if (test_mode == PCRE8_MODE) { for (; end_offset < ulen; end_offset++) if ((((PCRE2_SPTR8)pp)[end_offset] & 0xc0) != 0x80) break; } else { for (; end_offset < ulen; end_offset++) if ((((PCRE2_SPTR16)pp)[end_offset] & 0xfc00) != 0xdc00) break; } } SETFLDVEC(match_data, ovector, 0, start_offset); SETFLDVEC(match_data, ovector, 1, end_offset); } else { switch(capcount) { case PCRE2_ERROR_NOMATCH: if (gmatched == 0) { fprintf(outfile, ""No match""); if ((dat_datctl.control & CTL_MARK) != 0 && TESTFLD(match_data, mark, !=, NULL)) { fprintf(outfile, "", mark = ""); PCHARSV(CASTFLD(void *, match_data, mark), -1, -1, utf, outfile); } if ((pat_patctl.control & CTL_JITVERIFY) != 0 && jit_was_used) fprintf(outfile, "" (JIT)""); fprintf(outfile, ""\n""); if ((dat_datctl.control2 & CTL2_ALLVECTOR) != 0) show_ovector(ovector, oveccount); } break; case PCRE2_ERROR_BADUTFOFFSET: fprintf(outfile, ""Error %d (bad UTF-%d offset)\n"", capcount, test_mode); break; default: fprintf(outfile, ""Failed: error %d: "", capcount); if (!print_error_message(capcount, """", """")) return PR_ABEND; if (capcount <= PCRE2_ERROR_UTF8_ERR1 && capcount >= PCRE2_ERROR_UTF32_ERR2) { PCRE2_SIZE startchar; PCRE2_GET_STARTCHAR(startchar, match_data); fprintf(outfile, "" at offset %"" SIZ_FORM, startchar); } fprintf(outfile, ""\n""); break; } break; } if ((dat_datctl.control & CTL_ANYGLOB) == 0) break; else { PCRE2_SIZE match_offset = FLD(match_data, ovector)[0]; PCRE2_SIZE end_offset = FLD(match_data, ovector)[1]; if (match_offset == end_offset) { if (end_offset == ulen) break; if (match_offset <= dat_datctl.offset) g_notempty = PCRE2_NOTEMPTY_ATSTART | PCRE2_ANCHORED; } else { g_notempty = 0; if ((dat_datctl.control & CTL_GLOBAL) != 0) { PCRE2_SIZE startchar; PCRE2_GET_STARTCHAR(startchar, match_data); if (end_offset <= startchar) { if (startchar >= ulen) break; end_offset = startchar + 1; if (utf && test_mode != PCRE32_MODE) { if (test_mode == PCRE8_MODE) { for (; end_offset < ulen; end_offset++) if ((((PCRE2_SPTR8)pp)[end_offset] & 0xc0) != 0x80) break; } else { for (; end_offset < ulen; end_offset++) if ((((PCRE2_SPTR16)pp)[end_offset] & 0xfc00) != 0xdc00) break; } } } } } if ((dat_datctl.control & CTL_GLOBAL) != 0) { ovecsave[0] = ovector[0]; ovecsave[1] = ovector[1]; ovecsave[2] = dat_datctl.offset; dat_datctl.offset = end_offset; } else { pp += end_offset * code_unit_size; len -= end_offset * code_unit_size; ulen -= end_offset; if (arg_ulen != PCRE2_ZERO_TERMINATED) arg_ulen -= end_offset; } } } show_memory = FALSE;",visit repo url,src/pcre2test.c,https://github.com/PCRE2Project/pcre2,77722540796792,1 2151,['CWE-400'],"shmem_get_inode(struct super_block *sb, int mode, dev_t dev) { struct inode *inode; struct shmem_inode_info *info; struct shmem_sb_info *sbinfo = SHMEM_SB(sb); if (shmem_reserve_inode(sb)) return NULL; inode = new_inode(sb); if (inode) { inode->i_mode = mode; inode->i_uid = current->fsuid; inode->i_gid = current->fsgid; inode->i_blocks = 0; inode->i_mapping->backing_dev_info = &shmem_backing_dev_info; inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; inode->i_generation = get_seconds(); info = SHMEM_I(inode); memset(info, 0, (char *)inode - (char *)info); spin_lock_init(&info->lock); INIT_LIST_HEAD(&info->swaplist); switch (mode & S_IFMT) { default: inode->i_op = &shmem_special_inode_operations; init_special_inode(inode, mode, dev); break; case S_IFREG: inode->i_mapping->a_ops = &shmem_aops; inode->i_op = &shmem_inode_operations; inode->i_fop = &shmem_file_operations; mpol_shared_policy_init(&info->policy, shmem_get_sbmpol(sbinfo)); break; case S_IFDIR: inc_nlink(inode); inode->i_size = 2 * BOGO_DIRENT_SIZE; inode->i_op = &shmem_dir_inode_operations; inode->i_fop = &simple_dir_operations; break; case S_IFLNK: mpol_shared_policy_init(&info->policy, NULL); break; } } else shmem_free_inode(sb); return inode; }",linux-2.6,,,11989651722196241016400224895631119326,0 1873,CWE-416,"int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) { struct anon_vma_chain *avc, *pavc; struct anon_vma *root = NULL; list_for_each_entry_reverse(pavc, &src->anon_vma_chain, same_vma) { struct anon_vma *anon_vma; avc = anon_vma_chain_alloc(GFP_NOWAIT | __GFP_NOWARN); if (unlikely(!avc)) { unlock_anon_vma_root(root); root = NULL; avc = anon_vma_chain_alloc(GFP_KERNEL); if (!avc) goto enomem_failure; } anon_vma = pavc->anon_vma; root = lock_anon_vma_root(root, anon_vma); anon_vma_chain_link(dst, avc, anon_vma); if (!dst->anon_vma && src->anon_vma && anon_vma != src->anon_vma && anon_vma->degree < 2) dst->anon_vma = anon_vma; } if (dst->anon_vma) dst->anon_vma->degree++; unlock_anon_vma_root(root); return 0; enomem_failure: dst->anon_vma = NULL; unlink_anon_vmas(dst); return -ENOMEM; }",visit repo url,mm/rmap.c,https://github.com/torvalds/linux,140368378831896,1 1279,CWE-119,"kvp_respond_to_host(char *key, char *value, int error) { struct hv_kvp_msg *kvp_msg; struct hv_kvp_msg_enumerate *kvp_data; char *key_name; struct icmsg_hdr *icmsghdrp; int keylen, valuelen; u32 buf_len; struct vmbus_channel *channel; u64 req_id; if (!kvp_transaction.active) { pr_warn(""KVP: Transaction not active\n""); return; } buf_len = kvp_transaction.recv_len; channel = kvp_transaction.recv_channel; req_id = kvp_transaction.recv_req_id; kvp_transaction.active = false; if (channel->onchannel_callback == NULL) return; icmsghdrp = (struct icmsg_hdr *) &recv_buffer[sizeof(struct vmbuspipe_hdr)]; kvp_msg = (struct hv_kvp_msg *) &recv_buffer[sizeof(struct vmbuspipe_hdr) + sizeof(struct icmsg_hdr)]; kvp_data = &kvp_msg->kvp_data; key_name = key; if (error) { icmsghdrp->status = HV_E_FAIL; goto response_done; } keylen = utf8s_to_utf16s(key_name, strlen(key_name), (wchar_t *)kvp_data->data.key); kvp_data->data.key_size = 2*(keylen + 1); valuelen = utf8s_to_utf16s(value, strlen(value), (wchar_t *)kvp_data->data.value); kvp_data->data.value_size = 2*(valuelen + 1); kvp_data->data.value_type = REG_SZ; icmsghdrp->status = HV_S_OK; response_done: icmsghdrp->icflags = ICMSGHDRFLAG_TRANSACTION | ICMSGHDRFLAG_RESPONSE; vmbus_sendpacket(channel, recv_buffer, buf_len, req_id, VM_PKT_DATA_INBAND, 0); }",visit repo url,drivers/hv/hv_kvp.c,https://github.com/torvalds/linux,198184569889217,1 4909,['CWE-20'],"static int nfs_volume_list_open(struct inode *inode, struct file *file) { struct seq_file *m; int ret; ret = seq_open(file, &nfs_volume_list_ops); if (ret < 0) return ret; m = file->private_data; m->private = PDE(inode)->data; return 0; }",linux-2.6,,,69271793180816525498492632706469760598,0 5217,CWE-276,"resolve_op_from_commit (FlatpakTransaction *self, FlatpakTransactionOperation *op, const char *checksum, GFile *sideload_path, GVariant *commit_data) { g_autoptr(GBytes) metadata_bytes = NULL; g_autoptr(GVariant) commit_metadata = NULL; const char *xa_metadata = NULL; guint64 download_size = 0; guint64 installed_size = 0; commit_metadata = g_variant_get_child_value (commit_data, 0); g_variant_lookup (commit_metadata, ""xa.metadata"", ""&s"", &xa_metadata); if (xa_metadata == NULL) g_message (""Warning: No xa.metadata in local commit %s ref %s"", checksum, flatpak_decomposed_get_ref (op->ref)); else metadata_bytes = g_bytes_new (xa_metadata, strlen (xa_metadata)); if (g_variant_lookup (commit_metadata, ""xa.download-size"", ""t"", &download_size)) op->download_size = GUINT64_FROM_BE (download_size); if (g_variant_lookup (commit_metadata, ""xa.installed-size"", ""t"", &installed_size)) op->installed_size = GUINT64_FROM_BE (installed_size); g_variant_lookup (commit_metadata, OSTREE_COMMIT_META_KEY_ENDOFLIFE, ""s"", &op->eol); g_variant_lookup (commit_metadata, OSTREE_COMMIT_META_KEY_ENDOFLIFE_REBASE, ""s"", &op->eol_rebase); resolve_op_end (self, op, checksum, sideload_path, metadata_bytes); }",visit repo url,common/flatpak-transaction.c,https://github.com/flatpak/flatpak,166628778745088,1 2389,['CWE-119'],"static void prepare_temp_file(const char *name, struct diff_tempfile *temp, struct diff_filespec *one) { if (!DIFF_FILE_VALID(one)) { not_a_valid_file: temp->name = ""/dev/null""; strcpy(temp->hex, "".""); strcpy(temp->mode, "".""); return; } if (!one->sha1_valid || reuse_worktree_file(name, one->sha1, 1)) { struct stat st; if (lstat(name, &st) < 0) { if (errno == ENOENT) goto not_a_valid_file; die(""stat(%s): %s"", name, strerror(errno)); } if (S_ISLNK(st.st_mode)) { int ret; char buf[PATH_MAX + 1]; size_t sz = xsize_t(st.st_size); if (sizeof(buf) <= st.st_size) die(""symlink too long: %s"", name); ret = readlink(name, buf, sz); if (ret < 0) die(""readlink(%s)"", name); prep_temp_blob(temp, buf, sz, (one->sha1_valid ? one->sha1 : null_sha1), (one->sha1_valid ? one->mode : S_IFLNK)); } else { temp->name = name; if (!one->sha1_valid) strcpy(temp->hex, sha1_to_hex(null_sha1)); else strcpy(temp->hex, sha1_to_hex(one->sha1)); sprintf(temp->mode, ""%06o"", one->mode); } return; } else { if (diff_populate_filespec(one, 0)) die(""cannot read data blob for %s"", one->path); prep_temp_blob(temp, one->data, one->size, one->sha1, one->mode); } }",git,,,175632858697948869102861897053682268873,0 6139,CWE-190,"void ep_mul_sim_lot_endom(ep_t r, const ep_t p[], const bn_t k[], int n) { const int len = RLC_FP_BITS + 1; int i, j, m, l, _l[2], sk; bn_t _k[2], q, v1[3], v2[3]; int8_t ptr, *naf = RLC_ALLOCA(int8_t, 2 * n * len); bn_null(q); if (n <= 10) { ep_t *_p = RLC_ALLOCA(ep_t, 2 * n); RLC_TRY { if (naf == NULL || _p == NULL) { RLC_THROW(ERR_NO_MEMORY); } bn_new(q); for (j = 0; j < 2; j++) { bn_null(_k[j]); bn_new(_k[j]); } for (i = 0; i < 2 * n; i++) { ep_null(_p[i]); ep_new(_p[i]); } for (i = 0; i < 3; i++) { bn_null(v1[i]); bn_null(v2[i]); bn_new(v1[i]); bn_new(v2[i]); } l = 0; ep_curve_get_ord(q); ep_curve_get_v1(v1); ep_curve_get_v2(v2); for (i = 0; i < n; i++) { ep_norm(_p[2*i], p[i]); ep_psi(_p[2*i + 1], _p[2*i]); bn_mod(_k[0], k[i], q); sk = bn_sign(_k[0]); bn_rec_glv(_k[0], _k[1], _k[0], q, (const bn_t *)v1, (const bn_t *)v2); if (sk == RLC_NEG) { bn_neg(_k[0], _k[0]); bn_neg(_k[1], _k[1]); } for (j = 0; j < 2; j++) { _l[j] = len; bn_rec_naf(&naf[(2*i + j)*len], &_l[j], _k[j], 2); if (bn_sign(_k[j]) == RLC_NEG) { ep_neg(_p[2*i + j], _p[2*i + j]); } l = RLC_MAX(l, _l[j]); } } ep_set_infty(r); for (i = l - 1; i >= 0; i--) { ep_dbl(r, r); for (j = 0; j < n; j++) { for (m = 0; m < 2; m++) { if (naf[(2*j + m)*len + i] > 0) { ep_add(r, r, _p[2*j + m]); } if (naf[(2*j + m)*len + i] < 0) { ep_sub(r, r, _p[2*j + m]); } } } } ep_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(q); bn_free(_k[0]); bn_free(_k[1]); for (i = 0; i < 2 * n; i++) { ep_free(_p[i]); } RLC_FREE(_p); RLC_FREE(naf); for (i = 0; i < 3; i++) { bn_free(v1[i]); bn_free(v2[i]); } } } else { const int w = RLC_MAX(2, util_bits_dig(n) - 2), c = (1 << (w - 2)); ep_t s, t, u, v, *_p = RLC_ALLOCA(ep_t, 2 * c); ep_null(s); ep_null(t); ep_null(u); ep_null(v); RLC_TRY { if (naf == NULL || _p == NULL) { RLC_THROW(ERR_NO_MEMORY); } bn_new(q); ep_new(s); ep_new(t); ep_new(u); ep_new(v); for (i = 0; i < 2; i++) { bn_null(_k[i]); bn_new(_k[i]); for (j = 0; j < c; j++) { ep_null(_p[i*c + j]); ep_new(_p[i*c + j]); ep_set_infty(_p[i*c + j]); } } for (i = 0; i < 3; i++) { bn_null(v1[i]); bn_null(v2[i]); bn_new(v1[i]); bn_new(v2[i]); } l = 0; ep_curve_get_ord(q); ep_curve_get_v1(v1); ep_curve_get_v2(v2); for (i = 0; i < n; i++) { bn_mod(_k[0], k[i], q); sk = bn_sign(_k[0]); bn_rec_glv(_k[0], _k[1], _k[0], q, (const bn_t *)v1, (const bn_t *)v2); if (sk == RLC_NEG) { bn_neg(_k[0], _k[0]); bn_neg(_k[1], _k[1]); } for (j = 0; j < 2; j++) { _l[j] = len; bn_rec_naf(&naf[(2*i + j)*len], &_l[j], _k[j], w); if (bn_sign(_k[j]) == RLC_NEG) { for (m = 0; m < _l[j]; m++) { naf[(2*i + j)*len + m] = -naf[(2*i + j)*len + m]; } } l = RLC_MAX(l, _l[j]); } } ep_set_infty(s); for (i = l - 1; i >= 0; i--) { for (j = 0; j < n; j++) { for (m = 0; m < 2; m++) { ptr = naf[(2*j + m)*len + i]; if (ptr != 0) { ep_copy(t, p[j]); if (ptr < 0) { ptr = -ptr; ep_neg(t, t); } ep_add(_p[m*c + (ptr >> 1)], _p[m*c + (ptr >> 1)], t); } } } ep_set_infty(t); for (m = 1; m >= 0; m--) { ep_psi(t, t); ep_set_infty(u); ep_set_infty(v); for (j = c - 1; j >= 0; j--) { ep_add(u, u, _p[m*c + j]); if (j == 0) { ep_dbl(v, v); } ep_add(v, v, u); ep_set_infty(_p[m*c + j]); } ep_add(t, t, v); } ep_dbl(s, s); ep_add(s, s, t); } ep_norm(r, s); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(q); ep_free(s); ep_free(t); ep_free(u); ep_free(v); for (i = 0; i < 2; i++) { bn_free(_k[i]); for (j = 0; j < c; j++) { ep_free(_p[i*c + j]); } } RLC_FREE(_p); RLC_FREE(naf); for (i = 0; i < 3; i++) { bn_free(v1[i]); bn_free(v2[i]); } } } }",visit repo url,src/ep/relic_ep_mul_sim.c,https://github.com/relic-toolkit/relic,108707724601620,1 1212,CWE-400,"static void ptrace_triggered(struct perf_event *bp, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { int i; struct thread_struct *thread = &(current->thread); for (i = 0; i < HBP_NUM; i++) { if (thread->ptrace_bps[i] == bp) break; } thread->debugreg6 |= (DR_TRAP0 << i); }",visit repo url,arch/x86/kernel/ptrace.c,https://github.com/torvalds/linux,194902173247760,1 1897,['CWE-20'],"const char *arch_vma_name(struct vm_area_struct *vma) { if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso_base) return ""[vdso]""; return NULL; }",linux-2.6,,,26344917380421332008373584858755654480,0 703,[],"static int jpc_rgn_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_rgn_t *rgn = &ms->parms.rgn; fprintf(out, ""compno = %d; roisty = %d; roishift = %d\n"", rgn->compno, rgn->roisty, rgn->roishift); return 0; }",jasper,,,243104503883905052779348116542190750471,0 5665,['CWE-476'],"static int udp6_seq_show(struct seq_file *seq, void *v) { if (v == SEQ_START_TOKEN) seq_printf(seq, "" sl "" ""local_address "" ""remote_address "" ""st tx_queue rx_queue tr tm->when retrnsmt"" "" uid timeout inode\n""); else udp6_sock_seq_show(seq, v, ((struct udp_iter_state *)seq->private)->bucket); return 0; }",linux-2.6,,,264662952030940578410483070899211231886,0 154,CWE-476,"int btrfs_rm_device(struct btrfs_fs_info *fs_info, const char *device_path, u64 devid) { struct btrfs_device *device; struct btrfs_fs_devices *cur_devices; struct btrfs_fs_devices *fs_devices = fs_info->fs_devices; u64 num_devices; int ret = 0; mutex_lock(&uuid_mutex); num_devices = btrfs_num_devices(fs_info); ret = btrfs_check_raid_min_devices(fs_info, num_devices - 1); if (ret) goto out; device = btrfs_find_device_by_devspec(fs_info, devid, device_path); if (IS_ERR(device)) { if (PTR_ERR(device) == -ENOENT && strcmp(device_path, ""missing"") == 0) ret = BTRFS_ERROR_DEV_MISSING_NOT_FOUND; else ret = PTR_ERR(device); goto out; } if (btrfs_pinned_by_swapfile(fs_info, device)) { btrfs_warn_in_rcu(fs_info, ""cannot remove device %s (devid %llu) due to active swapfile"", rcu_str_deref(device->name), device->devid); ret = -ETXTBSY; goto out; } if (test_bit(BTRFS_DEV_STATE_REPLACE_TGT, &device->dev_state)) { ret = BTRFS_ERROR_DEV_TGT_REPLACE; goto out; } if (test_bit(BTRFS_DEV_STATE_WRITEABLE, &device->dev_state) && fs_info->fs_devices->rw_devices == 1) { ret = BTRFS_ERROR_DEV_ONLY_WRITABLE; goto out; } if (test_bit(BTRFS_DEV_STATE_WRITEABLE, &device->dev_state)) { mutex_lock(&fs_info->chunk_mutex); list_del_init(&device->dev_alloc_list); device->fs_devices->rw_devices--; mutex_unlock(&fs_info->chunk_mutex); } mutex_unlock(&uuid_mutex); ret = btrfs_shrink_device(device, 0); if (!ret) btrfs_reada_remove_dev(device); mutex_lock(&uuid_mutex); if (ret) goto error_undo; ret = btrfs_rm_dev_item(device); if (ret) goto error_undo; clear_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &device->dev_state); btrfs_scrub_cancel_dev(device); cur_devices = device->fs_devices; mutex_lock(&fs_devices->device_list_mutex); list_del_rcu(&device->dev_list); cur_devices->num_devices--; cur_devices->total_devices--; if (cur_devices != fs_devices) fs_devices->total_devices--; if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) cur_devices->missing_devices--; btrfs_assign_next_active_device(device, NULL); if (device->bdev) { cur_devices->open_devices--; btrfs_sysfs_remove_device(device); } num_devices = btrfs_super_num_devices(fs_info->super_copy) - 1; btrfs_set_super_num_devices(fs_info->super_copy, num_devices); mutex_unlock(&fs_devices->device_list_mutex); if (test_bit(BTRFS_DEV_STATE_WRITEABLE, &device->dev_state)) btrfs_scratch_superblocks(fs_info, device->bdev, device->name->str); btrfs_close_bdev(device); synchronize_rcu(); btrfs_free_device(device); if (cur_devices->open_devices == 0) { list_del_init(&cur_devices->seed_list); close_fs_devices(cur_devices); free_fs_devices(cur_devices); } out: mutex_unlock(&uuid_mutex); return ret; error_undo: btrfs_reada_undo_remove_dev(device); if (test_bit(BTRFS_DEV_STATE_WRITEABLE, &device->dev_state)) { mutex_lock(&fs_info->chunk_mutex); list_add(&device->dev_alloc_list, &fs_devices->alloc_list); device->fs_devices->rw_devices++; mutex_unlock(&fs_info->chunk_mutex); } goto out; }",visit repo url,fs/btrfs/volumes.c,https://github.com/torvalds/linux,48856854710274,1 6237,CWE-190,"void fp2_read_bin(fp2_t a, const uint8_t *bin, int len) { if (len != RLC_FP_BYTES + 1 && len != 2 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } if (len == RLC_FP_BYTES + 1) { fp_read_bin(a[0], bin, RLC_FP_BYTES); fp_zero(a[1]); fp_set_bit(a[1], 0, bin[RLC_FP_BYTES]); fp2_upk(a, a); } if (len == 2 * RLC_FP_BYTES) { fp_read_bin(a[0], bin, RLC_FP_BYTES); fp_read_bin(a[1], bin + RLC_FP_BYTES, RLC_FP_BYTES); } }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,78413778871250,1 5503,CWE-125,"parsetok(struct tok_state *tok, grammar *g, int start, perrdetail *err_ret, int *flags) { parser_state *ps; node *n; int started = 0; growable_int_array type_ignores; if (!growable_int_array_init(&type_ignores, 10)) { err_ret->error = E_NOMEM; Ta3Tokenizer_Free(tok); return NULL; } if ((ps = Ta3Parser_New(g, start)) == NULL) { err_ret->error = E_NOMEM; Ta3Tokenizer_Free(tok); return NULL; } #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD if (*flags & PyPARSE_BARRY_AS_BDFL) ps->p_flags |= CO_FUTURE_BARRY_AS_BDFL; #endif for (;;) { char *a, *b; int type; size_t len; char *str; int col_offset; type = Ta3Tokenizer_Get(tok, &a, &b); if (type == ERRORTOKEN) { err_ret->error = tok->done; break; } if (type == ENDMARKER && started) { type = NEWLINE; started = 0; if (tok->indent && !(*flags & PyPARSE_DONT_IMPLY_DEDENT)) { tok->pendin = -tok->indent; tok->indent = 0; } } else started = 1; len = b - a; str = (char *) PyObject_MALLOC(len + 1); if (str == NULL) { err_ret->error = E_NOMEM; break; } if (len > 0) strncpy(str, a, len); str[len] = '\0'; #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD if (type == NOTEQUAL) { if (!(ps->p_flags & CO_FUTURE_BARRY_AS_BDFL) && strcmp(str, ""!="")) { PyObject_FREE(str); err_ret->error = E_SYNTAX; break; } else if ((ps->p_flags & CO_FUTURE_BARRY_AS_BDFL) && strcmp(str, ""<>"")) { PyObject_FREE(str); err_ret->text = ""with Barry as BDFL, use '<>' "" ""instead of '!='""; err_ret->error = E_SYNTAX; break; } } #endif if (a >= tok->line_start) col_offset = Py_SAFE_DOWNCAST(a - tok->line_start, intptr_t, int); else col_offset = -1; if (type == TYPE_IGNORE) { if (!growable_int_array_add(&type_ignores, tok->lineno)) { err_ret->error = E_NOMEM; break; } continue; } if ((err_ret->error = Ta3Parser_AddToken(ps, (int)type, str, tok->lineno, col_offset, &(err_ret->expected))) != E_OK) { if (err_ret->error != E_DONE) { PyObject_FREE(str); err_ret->token = type; } break; } } if (err_ret->error == E_DONE) { n = ps->p_tree; ps->p_tree = NULL; if (n->n_type == file_input) { int num; node *ch; size_t i; num = NCH(n); ch = CHILD(n, num - 1); REQ(ch, ENDMARKER); for (i = 0; i < type_ignores.num_items; i++) { Ta3Node_AddChild(ch, TYPE_IGNORE, NULL, type_ignores.items[i], 0); } } growable_int_array_deallocate(&type_ignores); #ifndef PGEN if (start == single_input) { char *cur = tok->cur; char c = *tok->cur; for (;;) { while (c == ' ' || c == '\t' || c == '\n' || c == '\014') c = *++cur; if (!c) break; if (c != '#') { err_ret->error = E_BADSINGLE; Ta3Node_Free(n); n = NULL; break; } while (c && c != '\n') c = *++cur; } } #endif } else n = NULL; #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD *flags = ps->p_flags; #endif Ta3Parser_Delete(ps); if (n == NULL) { if (tok->done == E_EOF) err_ret->error = E_EOF; err_ret->lineno = tok->lineno; if (tok->buf != NULL) { size_t len; assert(tok->cur - tok->buf < INT_MAX); err_ret->offset = (int)(tok->cur - tok->buf); len = tok->inp - tok->buf; err_ret->text = (char *) PyObject_MALLOC(len + 1); if (err_ret->text != NULL) { if (len > 0) strncpy(err_ret->text, tok->buf, len); err_ret->text[len] = '\0'; } } } else if (tok->encoding != NULL) { node* r = Ta3Node_New(encoding_decl); if (r) r->n_str = PyObject_MALLOC(strlen(tok->encoding)+1); if (!r || !r->n_str) { err_ret->error = E_NOMEM; if (r) PyObject_FREE(r); n = NULL; goto done; } strcpy(r->n_str, tok->encoding); PyMem_FREE(tok->encoding); tok->encoding = NULL; r->n_nchildren = 1; r->n_child = n; n = r; } done: Ta3Tokenizer_Free(tok); return n; }",visit repo url,ast3/Parser/parsetok.c,https://github.com/python/typed_ast,96038328611249,1 6355,CWE-787,"render_table_row(hdtable_t &table, tree_t ***cells, int row, uchar *height_var, float left, float right, float bottom, float top, float *x, float *y, int *page) { int col, tcol, colspan, rowspan, tempspace; float width, temp_y; int temp_page; uchar *var; int do_valign; int row_page; float row_y, row_starty, row_height, temp_height; uchar *bgcolor; float bgrgb[3]; do_valign = 1; row_height = 0.0f; row_page = *page; row_y = *y - table.cellpadding; row_starty = row_y; DEBUG_printf((""BEFORE row_y = %.1f, *y = %.1f, row_page = %d\n"", row_y, *y, row_page)); for (col = 0, rowspan = 9999; col < table.num_cols; col += colspan) { if (table.row_spans[col] == 0) { if ((var = htmlGetVariable(cells[row][col], (uchar *)""ROWSPAN"")) != NULL) table.row_spans[col] = atoi((char *)var); if (table.row_spans[col] == 1) table.row_spans[col] = 0; if (table.row_spans[col] > (table.num_rows - row)) table.row_spans[col] = table.num_rows - row; table.span_heights[col] = 0.0f; } if (table.row_spans[col] < rowspan) rowspan = table.row_spans[col]; for (colspan = 1; (col + colspan) < table.num_cols; colspan ++) if (cells[row][col] != cells[row][col + colspan]) break; } if (!rowspan) rowspan = 1; for (col = 0; col < table.num_cols;) { for (colspan = 1; (col + colspan) < table.num_cols; colspan ++) if (cells[row][col] != cells[row][col + colspan]) break; colspan --; DEBUG_printf(("" col = %d, colspan = %d, left = %.1f, right = %.1f, cell = %p\n"", col, colspan, table.col_lefts[col], table.col_rights[col + colspan], (void *)cells[row][col])); *x = table.col_lefts[col]; temp_y = *y - table.cellpadding; temp_page = *page; tempspace = 0; if (row == 0 || cells[row][col] != cells[row - 1][col]) { check_pages(*page); if (cells[row][col] == NULL) bgcolor = NULL; else if ((bgcolor = htmlGetVariable(cells[row][col], (uchar *)""BGCOLOR"")) != NULL) { memcpy(bgrgb, background_color, sizeof(bgrgb)); get_color(bgcolor, bgrgb, 0); width = table.col_rights[col + colspan] - table.col_lefts[col] + 2 * table.cellpadding; table.border_left = table.col_lefts[col] - table.cellpadding; table.cell_bg[col] = new_render(*page, RENDER_BOX, table.border_left, row_y, width + table.border, 0.0, bgrgb); } else { table.cell_bg[col] = NULL; new_render(*page, RENDER_TEXT, -1.0f, -1.0f, 0.0, 0.0, (void *)""""); } DEBUG_printf((""cell_bg[%d] = %p, pages[%d].end = %p\n"", col, (void *)table.cell_bg[col], *page, (void *)pages[*page].end)); table.cell_start[col] = pages[*page].end; table.cell_page[col] = temp_page; table.cell_y[col] = temp_y; if (table.debug) { check_pages(*page); render_t *r; char table_text[255]; snprintf(table_text, sizeof(table_text), ""cell=%p [%d,%d]"", (void *)cells[row][col], row, col); r = new_render(temp_page, RENDER_TEXT, *x, temp_y, get_width((uchar *)table_text, TYPE_COURIER, STYLE_NORMAL, 1), _htmlSizes[1], table_text); r->data.text.typeface = TYPE_COURIER; r->data.text.style = STYLE_NORMAL; r->data.text.size = (float)_htmlSizes[1]; } if (cells[row][col] != NULL && cells[row][col]->child != NULL) { DEBUG_printf(("" parsing cell %d,%d; width = %.1f\n"", row, col, table.col_rights[col + colspan] - table.col_lefts[col])); bottom += table.cellpadding; top -= table.cellpadding; parse_doc(cells[row][col]->child, table.col_lefts + col, table.col_rights + col + colspan, &bottom, &top, x, &temp_y, &temp_page, NULL, &tempspace); bottom -= table.cellpadding; top += table.cellpadding; } table.cell_endpage[col] = temp_page; table.cell_endy[col] = temp_y; table.cell_height[col] = *y - table.cellpadding - temp_y; table.cell_end[col] = pages[*page].end; if (table.cell_start[col] == NULL) table.cell_start[col] = pages[*page].start; DEBUG_printf((""row = %d, col = %d, y = %.1f, cell_y = %.1f, cell_height = %.1f\n"", row, col, *y - table.cellpadding, temp_y, table.cell_height[col])); DEBUG_printf((""cell_start[%d] = %p, cell_end[%d] = %p\n"", col, (void *)table.cell_start[col], col, (void *)table.cell_end[col])); } if (table.row_spans[col] == 0 && table.cell_page[col] == table.cell_endpage[col] && table.cell_height[col] > row_height) row_height = table.cell_height[col]; if (table.row_spans[col] <= rowspan) { if (table.cell_page[col] != table.cell_endpage[col]) do_valign = 0; if (table.cell_endpage[col] > row_page) { row_page = table.cell_endpage[col]; row_y = table.cell_endy[col]; } else if (table.cell_endy[col] < row_y && table.cell_endpage[col] == row_page) row_y = table.cell_endy[col]; } DEBUG_printf((""**** col = %d, row = %d, row_y = %.1f, row_page = %d\n"", col, row, row_y, row_page)); for (col ++; colspan > 0; colspan --, col ++) { table.cell_start[col] = NULL; table.cell_page[col] = table.cell_page[col - 1]; table.cell_y[col] = table.cell_y[col - 1]; table.cell_end[col] = NULL; table.cell_endpage[col] = table.cell_endpage[col - 1]; table.cell_endy[col] = table.cell_endy[col - 1]; table.cell_height[col] = table.cell_height[col - 1]; } } DEBUG_printf((""row = %d, row_y = %.1f, row_height = %.1f\n"", row, row_y, row_height)); for (col = 0; col < table.num_cols; col += colspan) { for (colspan = 1; (col + colspan) < table.num_cols; colspan ++) if (cells[row][col] != cells[row][col + colspan]) break; if (table.row_spans[col]) table.span_heights[col] += row_height; DEBUG_printf((""col = %d, cell_y = %.1f, cell_page = %d, cell_endpage = %d, row_spans = %d, span_heights = %.1f, cell_height = %.1f\n"", col, table.cell_y[col], table.cell_page[col], table.cell_endpage[col], table.row_spans[col], table.span_heights[col], table.cell_height[col])); } for (col = 0; col < table.num_cols; col += colspan) { for (colspan = 1; (col + colspan) < table.num_cols; colspan ++) if (cells[row][col] != cells[row][col + colspan]) break; if (table.row_spans[col] == rowspan && table.cell_page[col] == table.cell_endpage[col] && table.cell_height[col] > table.span_heights[col]) { temp_height = table.cell_height[col] - table.span_heights[col]; row_height += temp_height; DEBUG_printf((""Adjusting row-span height by %.1f, new row_height = %.1f\n"", temp_height, row_height)); for (tcol = 0; tcol < table.num_cols; tcol ++) if (table.row_spans[tcol]) { table.span_heights[tcol] += temp_height; DEBUG_printf((""col = %d, span_heights = %.1f\n"", tcol, table.span_heights[tcol])); } } } DEBUG_printf((""AFTER row = %d, row_page = %d, row_y = %.1f, row_height = %.1f, *y = %.1f, do_valign = %d\n"", row, row_page, row_y, row_height, *y, do_valign)); if (do_valign) { height_var = NULL; if (cells[row][0] != NULL) { if ((height_var = htmlGetVariable(cells[row][0]->parent, (uchar *)""HEIGHT"")) == NULL) for (col = 0; col < table.num_cols; col ++) if (htmlGetVariable(cells[row][col], (uchar *)""ROWSPAN"") == NULL) if ((height_var = htmlGetVariable(cells[row][col], (uchar *)""HEIGHT"")) != NULL) break; } if (height_var != NULL) { if (height_var[strlen((char *)height_var) - 1] == '%') temp_height = (float)(atof((char *)height_var) * 0.01f * PagePrintLength); else temp_height = (float)(atof((char *)height_var) * PagePrintWidth / _htmlBrowserWidth); if (table.height > 0 && temp_height > table.height) temp_height = table.height; temp_height -= 2 * table.cellpadding; if (temp_height > row_height) { row_height = temp_height; row_y = *y - temp_height; } } for (col = 0; col < table.num_cols; col += colspan + 1) { render_t *p; float delta_y; for (colspan = 1; (col + colspan) < table.num_cols; colspan ++) if (cells[row][col] != cells[row][col + colspan]) break; colspan --; if (table.cell_start[col] == NULL || table.row_spans[col] > rowspan || cells[row][col] == NULL || cells[row][col]->child == NULL) continue; if (table.row_spans[col] == 1) { int tcol; float span_height = 0.0f; for (tcol = 0; tcol < table.num_cols; tcol ++) { if (table.row_spans[col] == 1 && table.span_heights[col] > span_height) span_height = table.span_heights[col]; } switch (cells[row][col]->valignment) { case ALIGN_MIDDLE : delta_y = (span_height - table.cell_height[col]) * 0.5f; break; case ALIGN_BOTTOM : delta_y = span_height - table.cell_height[col]; break; default : delta_y = 0.0f; break; } } else if (table.row_spans[col]) { delta_y = 0.0f; } else { switch (cells[row][col]->valignment) { case ALIGN_MIDDLE : delta_y = (row_height - table.cell_height[col]) * 0.5f; break; case ALIGN_BOTTOM : delta_y = row_height - table.cell_height[col]; break; default : delta_y = 0.0f; break; } } DEBUG_printf((""row = %d, col = %d, valign = %d, rowspans = %d, cell_height = %.1f, span_heights = %.1f, delta_y = %.1f\n"", row, col, cells[row][col]->valignment, table.row_spans[col], table.cell_height[col], table.span_heights[col], delta_y)); if (delta_y > 0.0f) { if (table.cell_start[col] == table.cell_end[col]) p = table.cell_start[col]; else p = table.cell_start[col]->next; for (; p != NULL; p = p->next) { DEBUG_printf((""aligning %p (%s), y was %.1f, now %.1f\n"", (void *)p, p->data.text.buffer, p->y, p->y - delta_y)); p->y -= delta_y; if (p == table.cell_end[col]) break; } } #ifdef DEBUG else { if (table.cell_start[col] == table.cell_end[col]) p = table.cell_start[col]; else p = table.cell_start[col]->next; for (; p != NULL; p = p->next) { printf(""NOT aligning %p (%s)\n"", (void *)p, p->data.text.buffer); if (p == table.cell_end[col]) break; } } #endif } } for (col = 0, temp_page = -1, temp_y = 99999999; col < table.num_cols; col ++) if (table.row_spans[col] <= rowspan && cells[row][col] != NULL && cells[row][col]->child != NULL) { if (table.cell_endpage[col] > temp_page) { temp_page = table.cell_endpage[col]; temp_y = table.cell_endy[col]; } else if (table.cell_endpage[col] == temp_page && table.cell_endy[col] < temp_y) temp_y = table.cell_endy[col]; } for (col = 0; col < table.num_cols; col ++) if (table.row_spans[col] <= rowspan && cells[row][col] != NULL && cells[row][col]->child != NULL) { table.cell_endpage[col] = temp_page; table.cell_endy[col] = temp_y; } row_y -= table.cellpadding; table.border_left = table.col_lefts[0] - table.cellpadding; width = table.col_rights[table.num_cols - 1] - table.col_lefts[0] + 2 * table.cellpadding; for (bgcolor = NULL, col = 0; col < table.num_cols; col ++) if (table.row_spans[col] <= rowspan && cells[row][col] && !htmlGetVariable(cells[row][col], (uchar *)""ROWSPAN"") && (bgcolor = htmlGetVariable(cells[row][col]->parent, (uchar *)""BGCOLOR"")) != NULL) break; if (bgcolor) { memcpy(bgrgb, background_color, sizeof(bgrgb)); get_color(bgcolor, bgrgb, 0); if (row_page > *page) { new_render(*page, RENDER_BOX, table.border_left, bottom, width, row_starty - bottom + table.cellpadding, bgrgb, pages[*page].start); for (temp_page = *page + 1; temp_page < row_page; temp_page ++) { new_render(temp_page, RENDER_BOX, table.border_left, bottom, width, top - bottom, bgrgb, pages[temp_page].start); } check_pages(*page); new_render(row_page, RENDER_BOX, table.border_left, row_y, width, top - row_y, bgrgb, pages[row_page].start); } else { new_render(row_page, RENDER_BOX, table.border_left, row_y, width, row_height + 2 * table.cellpadding, bgrgb, pages[row_page].start); } } for (col = 0; col < table.num_cols; col += colspan + 1) { for (colspan = 0; (col + colspan) < table.num_cols; colspan ++) if (cells[row][col] != cells[row][col + colspan]) break; else if (table.row_spans[col + colspan] > 0) { DEBUG_printf((""row = %d, col = %d, decrementing row_spans (%d) to %d...\n"", row, col, table.row_spans[col + colspan], table.row_spans[col + colspan] - rowspan)); table.row_spans[col + colspan] -= rowspan; } colspan --; width = table.col_rights[col + colspan] - table.col_lefts[col] + 2 * table.cellpadding; if (cells[row][col] == NULL || cells[row][col]->child == NULL || table.row_spans[col] > 0) continue; DEBUG_printf((""DRAWING BORDER+BACKGROUND: col=%d, row=%d, cell_page=%d, cell_y=%.1f\n"" "" cell_endpage=%d, cell_endy=%.1f\n"", col, row, table.cell_page[col], table.cell_y[col], table.cell_endpage[col], table.cell_endy[col])); if ((bgcolor = htmlGetVariable(cells[row][col], (uchar *)""BGCOLOR"")) != NULL) { memcpy(bgrgb, background_color, sizeof(bgrgb)); get_color(bgcolor, bgrgb, 0); } table.border_left = table.col_lefts[col] - table.cellpadding; if (table.cell_page[col] != table.cell_endpage[col]) { if (table.border > 0) { new_render(table.cell_page[col], RENDER_BOX, table.border_left, table.cell_y[col] + table.cellpadding, width + table.border, table.border, table.border_rgb); new_render(table.cell_page[col], RENDER_BOX, table.border_left, bottom, table.border, table.cell_y[col] - bottom + table.cellpadding + table.border, table.border_rgb); new_render(table.cell_page[col], RENDER_BOX, table.border_left + width, bottom, table.border, table.cell_y[col] - bottom + table.cellpadding + table.border, table.border_rgb); } if (bgcolor != NULL) { table.cell_bg[col]->y = bottom; table.cell_bg[col]->height = table.cell_y[col] - bottom + table.cellpadding + table.border; } for (temp_page = table.cell_page[col] + 1; temp_page < table.cell_endpage[col]; temp_page ++) { if (table.border > 0.0f) { new_render(temp_page, RENDER_BOX, table.border_left, bottom, table.border, top - bottom, table.border_rgb); new_render(temp_page, RENDER_BOX, table.border_left + width, bottom, table.border, top - bottom, table.border_rgb); } if (bgcolor != NULL) new_render(temp_page, RENDER_BOX, table.border_left, bottom, width + table.border, top - bottom, bgrgb, pages[temp_page].start); } if (table.border > 0.0f) { new_render(table.cell_endpage[col], RENDER_BOX, table.border_left, row_y, table.border, top - row_y, table.border_rgb); new_render(table.cell_endpage[col], RENDER_BOX, table.border_left + width, row_y, table.border, top - row_y, table.border_rgb); new_render(table.cell_endpage[col], RENDER_BOX, table.border_left, row_y, width + table.border, table.border, table.border_rgb); } if (bgcolor != NULL) { check_pages(table.cell_endpage[col]); new_render(table.cell_endpage[col], RENDER_BOX, table.border_left, row_y, width + table.border, top - row_y, bgrgb, pages[table.cell_endpage[col]].start); } } else { if (table.border > 0.0f) { new_render(table.cell_page[col], RENDER_BOX, table.border_left, table.cell_y[col] + table.cellpadding, width + table.border, table.border, table.border_rgb); new_render(table.cell_page[col], RENDER_BOX, table.border_left, row_y, table.border, table.cell_y[col] - row_y + table.cellpadding + table.border, table.border_rgb); new_render(table.cell_page[col], RENDER_BOX, table.border_left + width, row_y, table.border, table.cell_y[col] - row_y + table.cellpadding + table.border, table.border_rgb); new_render(table.cell_page[col], RENDER_BOX, table.border_left, row_y, width + table.border, table.border, table.border_rgb); } if (bgcolor != NULL) { table.cell_bg[col]->y = row_y; table.cell_bg[col]->height = table.cell_y[col] - row_y + table.cellpadding + table.border; } } } *page = row_page; *y = row_y; }",visit repo url,htmldoc/ps-pdf.cxx,https://github.com/michaelrsweet/htmldoc,274634236106537,1 3032,CWE-119,"BGD_DECLARE(void) gdImageFillToBorder (gdImagePtr im, int x, int y, int border, int color) { int lastBorder; int leftLimit, rightLimit; int i; int restoreAlphaBleding; if (border < 0) { return; } leftLimit = (-1); restoreAlphaBleding = im->alphaBlendingFlag; im->alphaBlendingFlag = 0; if (x >= im->sx) { x = im->sx - 1; } else if (x < 0) { x = 0; } if (y >= im->sy) { y = im->sy - 1; } else if (y < 0) { y = 0; } for (i = x; (i >= 0); i--) { if (gdImageGetPixel (im, i, y) == border) { break; } gdImageSetPixel (im, i, y, color); leftLimit = i; } if (leftLimit == (-1)) { im->alphaBlendingFlag = restoreAlphaBleding; return; } rightLimit = x; for (i = (x + 1); (i < im->sx); i++) { if (gdImageGetPixel (im, i, y) == border) { break; } gdImageSetPixel (im, i, y, color); rightLimit = i; } if (y > 0) { lastBorder = 1; for (i = leftLimit; (i <= rightLimit); i++) { int c; c = gdImageGetPixel (im, i, y - 1); if (lastBorder) { if ((c != border) && (c != color)) { gdImageFillToBorder (im, i, y - 1, border, color); lastBorder = 0; } } else if ((c == border) || (c == color)) { lastBorder = 1; } } } if (y < ((im->sy) - 1)) { lastBorder = 1; for (i = leftLimit; (i <= rightLimit); i++) { int c = gdImageGetPixel (im, i, y + 1); if (lastBorder) { if ((c != border) && (c != color)) { gdImageFillToBorder (im, i, y + 1, border, color); lastBorder = 0; } } else if ((c == border) || (c == color)) { lastBorder = 1; } } } im->alphaBlendingFlag = restoreAlphaBleding; }",visit repo url,src/gd.c,https://github.com/libgd/libgd,98503706016474,1 3499,['CWE-20'],"struct sctp_chunk *sctp_make_abort_no_data( const struct sctp_association *asoc, const struct sctp_chunk *chunk, __u32 tsn) { struct sctp_chunk *retval; __be32 payload; retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + sizeof(tsn)); if (!retval) goto no_mem; payload = htonl(tsn); sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); if (chunk) retval->transport = chunk->transport; no_mem: return retval; }",linux-2.6,,,303654929701736731093468051012940073469,0 5390,['CWE-476'],"static int kvm_vm_ioctl_set_tss_addr(struct kvm *kvm, unsigned long addr) { int ret; if (addr > (unsigned int)(-3 * PAGE_SIZE)) return -1; ret = kvm_x86_ops->set_tss_addr(kvm, addr); return ret; }",linux-2.6,,,172341051418081623140465673884097732651,0 750,CWE-20,"int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *address, int mode) { int size, ct, err; if (m->msg_namelen) { if (mode == VERIFY_READ) { void __user *namep; namep = (void __user __force *) m->msg_name; err = move_addr_to_kernel(namep, m->msg_namelen, address); if (err < 0) return err; } m->msg_name = address; } else { m->msg_name = NULL; } size = m->msg_iovlen * sizeof(struct iovec); if (copy_from_user(iov, (void __user __force *) m->msg_iov, size)) return -EFAULT; m->msg_iov = iov; err = 0; for (ct = 0; ct < m->msg_iovlen; ct++) { size_t len = iov[ct].iov_len; if (len > INT_MAX - err) { len = INT_MAX - err; iov[ct].iov_len = len; } err += len; } return err; }",visit repo url,net/core/iovec.c,https://github.com/torvalds/linux,95000477302680,1 6343,CWE-407,"int stringmatchlen(const char *pattern, int patternLen, const char *string, int stringLen, int nocase) { while(patternLen && stringLen) { switch(pattern[0]) { case '*': while (patternLen && pattern[1] == '*') { pattern++; patternLen--; } if (patternLen == 1) return 1; while(stringLen) { if (stringmatchlen(pattern+1, patternLen-1, string, stringLen, nocase)) return 1; string++; stringLen--; } return 0; break; case '?': string++; stringLen--; break; case '[': { int not, match; pattern++; patternLen--; not = pattern[0] == '^'; if (not) { pattern++; patternLen--; } match = 0; while(1) { if (pattern[0] == '\\' && patternLen >= 2) { pattern++; patternLen--; if (pattern[0] == string[0]) match = 1; } else if (pattern[0] == ']') { break; } else if (patternLen == 0) { pattern--; patternLen++; break; } else if (patternLen >= 3 && pattern[1] == '-') { int start = pattern[0]; int end = pattern[2]; int c = string[0]; if (start > end) { int t = start; start = end; end = t; } if (nocase) { start = tolower(start); end = tolower(end); c = tolower(c); } pattern += 2; patternLen -= 2; if (c >= start && c <= end) match = 1; } else { if (!nocase) { if (pattern[0] == string[0]) match = 1; } else { if (tolower((int)pattern[0]) == tolower((int)string[0])) match = 1; } } pattern++; patternLen--; } if (not) match = !match; if (!match) return 0; string++; stringLen--; break; } case '\\': if (patternLen >= 2) { pattern++; patternLen--; } default: if (!nocase) { if (pattern[0] != string[0]) return 0; } else { if (tolower((int)pattern[0]) != tolower((int)string[0])) return 0; } string++; stringLen--; break; } pattern++; patternLen--; if (stringLen == 0) { while(*pattern == '*') { pattern++; patternLen--; } break; } } if (patternLen == 0 && stringLen == 0) return 1; return 0; }",visit repo url,src/util.c,https://github.com/redis/redis,81999175721581,1 5231,CWE-116,"context_parse_args (FlatpakContext *context, ...) { g_autoptr(GError) local_error = NULL; g_autoptr(GOptionContext) oc = NULL; g_autoptr(GOptionGroup) group = NULL; g_autoptr(GPtrArray) args = g_ptr_array_new_with_free_func (g_free); g_auto(GStrv) argv = NULL; const char *arg; va_list ap; g_ptr_array_add (args, g_strdup (""argv[0]"")); va_start (ap, context); while ((arg = va_arg (ap, const char *)) != NULL) g_ptr_array_add (args, g_strdup (arg)); va_end (ap); g_ptr_array_add (args, NULL); argv = (GStrv) g_ptr_array_free (g_steal_pointer (&args), FALSE); oc = g_option_context_new (""""); group = flatpak_context_get_options (context); g_option_context_add_group (oc, group); g_option_context_parse_strv (oc, &argv, &local_error); g_assert_no_error (local_error); }",visit repo url,tests/test-context.c,https://github.com/flatpak/flatpak,115145732538444,1 5483,NVD-CWE-noinfo,"int sqlite3CheckObjectName( Parse *pParse, const char *zName, const char *zType, const char *zTblName ){ sqlite3 *db = pParse->db; if( sqlite3WritableSchema(db) || db->init.imposterTable ){ return SQLITE_OK; } if( db->init.busy ){ if( sqlite3_stricmp(zType, db->init.azInit[0]) || sqlite3_stricmp(zName, db->init.azInit[1]) || sqlite3_stricmp(zTblName, db->init.azInit[2]) ){ if( sqlite3Config.bExtraSchemaChecks ){ sqlite3ErrorMsg(pParse, """"); return SQLITE_ERROR; } } }else{ if( pParse->nested==0 && 0==sqlite3StrNICmp(zName, ""sqlite_"", 7) ){ sqlite3ErrorMsg(pParse, ""object name reserved for internal use: %s"", zName); return SQLITE_ERROR; } } return SQLITE_OK; }",visit repo url,src/build.c,https://github.com/sqlite/sqlite,46124193055544,1 6508,CWE-787,"void trustedEnclaveInit(uint32_t _logLevel) { CALL_ONCE LOG_INFO(__FUNCTION__); globalLogLevel_ = _logLevel; oc_realloc_func = &reallocate_function; oc_free_func = &free_function; LOG_INFO(""Setting memory functions""); mp_get_memory_functions(NULL, &gmp_realloc_func, &gmp_free_func); mp_set_memory_functions(NULL, oc_realloc_func, oc_free_func); LOG_INFO(""Calling enclave init""); enclave_init(); LOG_INFO(""Reading random""); globalRandom = calloc(32,1); int ret = sgx_read_rand(globalRandom, 32); if(ret != SGX_SUCCESS) { LOG_ERROR(""sgx_read_rand failed. Aboring enclave.""); abort(); } LOG_INFO(""Successfully inited enclave. Signed enclave version:"" SIGNED_ENCLAVE_VERSION ); #ifndef SGX_DEBUG LOG_INFO(""SECURITY WARNING: sgxwallet is running in INSECURE DEBUG MODE! NEVER USE IN PRODUCTION!""); #endif #if SGX_DEBUG != 0 LOG_INFO(""SECURITY WARNING: sgxwallet is running in INSECURE DEBUG MODE! NEVER USE IN PRODUCTION!""); #endif #if SGX_MODE == SIM LOG_INFO(""SECURITY WARNING: sgxwallet is running in INSECURE SIMULATION MODE! NEVER USE IN PRODUCTION!""); #endif }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,61648841260119,1 1418,[],"static inline struct cfs_rq *task_cfs_rq(struct task_struct *p) { return &task_rq(p)->cfs; }",linux-2.6,,,179178536372523562501338269457452273555,0 5712,CWE-787,"void luaT_getvarargs (lua_State *L, CallInfo *ci, StkId where, int wanted) { int i; int nextra = ci->u.l.nextraargs; if (wanted < 0) { wanted = nextra; checkstackp(L, nextra, where); L->top = where + nextra; } for (i = 0; i < wanted && i < nextra; i++) setobjs2s(L, where + i, ci->func - nextra + i); for (; i < wanted; i++) setnilvalue(s2v(where + i)); }",visit repo url,ltm.c,https://github.com/lua/lua,204885896458001,1 158,CWE-416,"static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) { struct sco_conn *conn = sco_pi(sk)->conn; struct sk_buff *skb; int err; if (len > conn->mtu) return -EINVAL; BT_DBG(""sk %p len %d"", sk, len); skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); if (!skb) return err; if (memcpy_from_msg(skb_put(skb, len), msg, len)) { kfree_skb(skb); return -EFAULT; } hci_send_sco(conn->hcon, skb); return len; }",visit repo url,net/bluetooth/sco.c,https://github.com/torvalds/linux,228342911295797,1 3496,['CWE-20'],"sctp_disposition_t sctp_sf_do_9_2_final(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_chunk *reply; struct sctp_ulpevent *ev; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_SHUTDOWN_COMP, 0, 0, 0, NULL, GFP_ATOMIC); if (!ev) goto nomem; reply = sctp_make_shutdown_complete(asoc, chunk); if (!reply) goto nomem_chunk; sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_CLOSED)); SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply)); sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); return SCTP_DISPOSITION_DELETE_TCB; nomem_chunk: sctp_ulpevent_free(ev); nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,153514275452583617166143804609204098566,0 674,[],"static int jpc_coc_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_coc_t *coc = &ms->parms.coc; uint_fast8_t tmp; if (cstate->numcomps <= 256) { if (jpc_getuint8(in, &tmp)) { return -1; } coc->compno = tmp; } else { if (jpc_getuint16(in, &coc->compno)) { return -1; } } if (jpc_getuint8(in, &coc->compparms.csty)) { return -1; } if (jpc_cox_getcompparms(ms, cstate, in, (coc->compparms.csty & JPC_COX_PRT) != 0, &coc->compparms)) { return -1; } if (jas_stream_eof(in)) { return -1; } return 0; }",jasper,,,83628727629393073834212911958619824123,0 1942,['CWE-20'],"static void remove_migration_pte(struct vm_area_struct *vma, struct page *old, struct page *new) { struct mm_struct *mm = vma->vm_mm; swp_entry_t entry; pgd_t *pgd; pud_t *pud; pmd_t *pmd; pte_t *ptep, pte; spinlock_t *ptl; unsigned long addr = page_address_in_vma(new, vma); if (addr == -EFAULT) return; pgd = pgd_offset(mm, addr); if (!pgd_present(*pgd)) return; pud = pud_offset(pgd, addr); if (!pud_present(*pud)) return; pmd = pmd_offset(pud, addr); if (!pmd_present(*pmd)) return; ptep = pte_offset_map(pmd, addr); if (!is_swap_pte(*ptep)) { pte_unmap(ptep); return; } ptl = pte_lockptr(mm, pmd); spin_lock(ptl); pte = *ptep; if (!is_swap_pte(pte)) goto out; entry = pte_to_swp_entry(pte); if (!is_migration_entry(entry) || migration_entry_to_page(entry) != old) goto out; mem_cgroup_charge(new, mm, GFP_ATOMIC); get_page(new); pte = pte_mkold(mk_pte(new, vma->vm_page_prot)); if (is_write_migration_entry(entry)) pte = pte_mkwrite(pte); flush_cache_page(vma, addr, pte_pfn(pte)); set_pte_at(mm, addr, ptep, pte); if (PageAnon(new)) page_add_anon_rmap(new, vma, addr); else page_add_file_rmap(new); update_mmu_cache(vma, addr, pte); out: pte_unmap_unlock(ptep, ptl); }",linux-2.6,,,294211306684439146190370721501433920550,0 2010,CWE-125,"static void vgacon_restore_screen(struct vc_data *c) { c->vc_origin = c->vc_visible_origin; vgacon_scrollback_cur->save = 0; if (!vga_is_gfx && !vgacon_scrollback_cur->restore) { scr_memcpyw((u16 *) c->vc_origin, (u16 *) c->vc_screenbuf, c->vc_screenbuf_size > vga_vram_size ? vga_vram_size : c->vc_screenbuf_size); vgacon_scrollback_cur->restore = 1; vgacon_scrollback_cur->cur = vgacon_scrollback_cur->cnt; } }",visit repo url,drivers/video/console/vgacon.c,https://github.com/torvalds/linux,56835569125012,1 3371,['CWE-399'],"ssize_t splice_to_pipe(struct pipe_inode_info *pipe, struct splice_pipe_desc *spd) { unsigned int spd_pages = spd->nr_pages; int ret, do_wakeup, page_nr; ret = 0; do_wakeup = 0; page_nr = 0; if (pipe->inode) mutex_lock(&pipe->inode->i_mutex); for (;;) { if (!pipe->readers) { send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; break; } if (pipe->nrbufs < PIPE_BUFFERS) { int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1); struct pipe_buffer *buf = pipe->bufs + newbuf; buf->page = spd->pages[page_nr]; buf->offset = spd->partial[page_nr].offset; buf->len = spd->partial[page_nr].len; buf->private = spd->partial[page_nr].private; buf->ops = spd->ops; if (spd->flags & SPLICE_F_GIFT) buf->flags |= PIPE_BUF_FLAG_GIFT; pipe->nrbufs++; page_nr++; ret += buf->len; if (pipe->inode) do_wakeup = 1; if (!--spd->nr_pages) break; if (pipe->nrbufs < PIPE_BUFFERS) continue; break; } if (spd->flags & SPLICE_F_NONBLOCK) { if (!ret) ret = -EAGAIN; break; } if (signal_pending(current)) { if (!ret) ret = -ERESTARTSYS; break; } if (do_wakeup) { smp_mb(); if (waitqueue_active(&pipe->wait)) wake_up_interruptible_sync(&pipe->wait); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); do_wakeup = 0; } pipe->waiting_writers++; pipe_wait(pipe); pipe->waiting_writers--; } if (pipe->inode) { mutex_unlock(&pipe->inode->i_mutex); if (do_wakeup) { smp_mb(); if (waitqueue_active(&pipe->wait)) wake_up_interruptible(&pipe->wait); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); } } while (page_nr < spd_pages) page_cache_release(spd->pages[page_nr++]); return ret; }",linux-2.6,,,283260360890290209442916924084738839939,0 3809,['CWE-120'],"static int uvc_parse_standard_control(struct uvc_device *dev, const unsigned char *buffer, int buflen) { struct usb_device *udev = dev->udev; struct uvc_entity *unit, *term; struct usb_interface *intf; struct usb_host_interface *alts = dev->intf->cur_altsetting; unsigned int i, n, p, len; __u16 type; switch (buffer[2]) { case VC_HEADER: n = buflen >= 12 ? buffer[11] : 0; if (buflen < 12 || buflen < 12 + n) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d HEADER error\n"", udev->devnum, alts->desc.bInterfaceNumber); return -EINVAL; } dev->uvc_version = le16_to_cpup((__le16 *)&buffer[3]); dev->clock_frequency = le32_to_cpup((__le32 *)&buffer[7]); for (i = 0; i < n; ++i) { intf = usb_ifnum_to_if(udev, buffer[12+i]); if (intf == NULL) { uvc_trace(UVC_TRACE_DESCR, ""device %d "" ""interface %d doesn't exists\n"", udev->devnum, i); continue; } uvc_parse_streaming(dev, intf); } break; case VC_INPUT_TERMINAL: if (buflen < 8) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d INPUT_TERMINAL error\n"", udev->devnum, alts->desc.bInterfaceNumber); return -EINVAL; } type = le16_to_cpup((__le16 *)&buffer[4]); if ((type & 0xff00) == 0) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d INPUT_TERMINAL %d has invalid "" ""type 0x%04x, skipping\n"", udev->devnum, alts->desc.bInterfaceNumber, buffer[3], type); return 0; } n = 0; p = 0; len = 8; if (type == ITT_CAMERA) { n = buflen >= 15 ? buffer[14] : 0; len = 15; } else if (type == ITT_MEDIA_TRANSPORT_INPUT) { n = buflen >= 9 ? buffer[8] : 0; p = buflen >= 10 + n ? buffer[9+n] : 0; len = 10; } if (buflen < len + n + p) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d INPUT_TERMINAL error\n"", udev->devnum, alts->desc.bInterfaceNumber); return -EINVAL; } term = kzalloc(sizeof *term + n + p, GFP_KERNEL); if (term == NULL) return -ENOMEM; term->id = buffer[3]; term->type = type | UVC_TERM_INPUT; if (UVC_ENTITY_TYPE(term) == ITT_CAMERA) { term->camera.bControlSize = n; term->camera.bmControls = (__u8 *)term + sizeof *term; term->camera.wObjectiveFocalLengthMin = le16_to_cpup((__le16 *)&buffer[8]); term->camera.wObjectiveFocalLengthMax = le16_to_cpup((__le16 *)&buffer[10]); term->camera.wOcularFocalLength = le16_to_cpup((__le16 *)&buffer[12]); memcpy(term->camera.bmControls, &buffer[15], n); } else if (UVC_ENTITY_TYPE(term) == ITT_MEDIA_TRANSPORT_INPUT) { term->media.bControlSize = n; term->media.bmControls = (__u8 *)term + sizeof *term; term->media.bTransportModeSize = p; term->media.bmTransportModes = (__u8 *)term + sizeof *term + n; memcpy(term->media.bmControls, &buffer[9], n); memcpy(term->media.bmTransportModes, &buffer[10+n], p); } if (buffer[7] != 0) usb_string(udev, buffer[7], term->name, sizeof term->name); else if (UVC_ENTITY_TYPE(term) == ITT_CAMERA) sprintf(term->name, ""Camera %u"", buffer[3]); else if (UVC_ENTITY_TYPE(term) == ITT_MEDIA_TRANSPORT_INPUT) sprintf(term->name, ""Media %u"", buffer[3]); else sprintf(term->name, ""Input %u"", buffer[3]); list_add_tail(&term->list, &dev->entities); break; case VC_OUTPUT_TERMINAL: if (buflen < 9) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d OUTPUT_TERMINAL error\n"", udev->devnum, alts->desc.bInterfaceNumber); return -EINVAL; } type = le16_to_cpup((__le16 *)&buffer[4]); if ((type & 0xff00) == 0) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d OUTPUT_TERMINAL %d has invalid "" ""type 0x%04x, skipping\n"", udev->devnum, alts->desc.bInterfaceNumber, buffer[3], type); return 0; } term = kzalloc(sizeof *term, GFP_KERNEL); if (term == NULL) return -ENOMEM; term->id = buffer[3]; term->type = type | UVC_TERM_OUTPUT; term->output.bSourceID = buffer[7]; if (buffer[8] != 0) usb_string(udev, buffer[8], term->name, sizeof term->name); else sprintf(term->name, ""Output %u"", buffer[3]); list_add_tail(&term->list, &dev->entities); break; case VC_SELECTOR_UNIT: p = buflen >= 5 ? buffer[4] : 0; if (buflen < 5 || buflen < 6 + p) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d SELECTOR_UNIT error\n"", udev->devnum, alts->desc.bInterfaceNumber); return -EINVAL; } unit = kzalloc(sizeof *unit + p, GFP_KERNEL); if (unit == NULL) return -ENOMEM; unit->id = buffer[3]; unit->type = buffer[2]; unit->selector.bNrInPins = buffer[4]; unit->selector.baSourceID = (__u8 *)unit + sizeof *unit; memcpy(unit->selector.baSourceID, &buffer[5], p); if (buffer[5+p] != 0) usb_string(udev, buffer[5+p], unit->name, sizeof unit->name); else sprintf(unit->name, ""Selector %u"", buffer[3]); list_add_tail(&unit->list, &dev->entities); break; case VC_PROCESSING_UNIT: n = buflen >= 8 ? buffer[7] : 0; p = dev->uvc_version >= 0x0110 ? 10 : 9; if (buflen < p + n) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d PROCESSING_UNIT error\n"", udev->devnum, alts->desc.bInterfaceNumber); return -EINVAL; } unit = kzalloc(sizeof *unit + n, GFP_KERNEL); if (unit == NULL) return -ENOMEM; unit->id = buffer[3]; unit->type = buffer[2]; unit->processing.bSourceID = buffer[4]; unit->processing.wMaxMultiplier = le16_to_cpup((__le16 *)&buffer[5]); unit->processing.bControlSize = buffer[7]; unit->processing.bmControls = (__u8 *)unit + sizeof *unit; memcpy(unit->processing.bmControls, &buffer[8], n); if (dev->uvc_version >= 0x0110) unit->processing.bmVideoStandards = buffer[9+n]; if (buffer[8+n] != 0) usb_string(udev, buffer[8+n], unit->name, sizeof unit->name); else sprintf(unit->name, ""Processing %u"", buffer[3]); list_add_tail(&unit->list, &dev->entities); break; case VC_EXTENSION_UNIT: p = buflen >= 22 ? buffer[21] : 0; n = buflen >= 24 + p ? buffer[22+p] : 0; if (buflen < 24 + p + n) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d EXTENSION_UNIT error\n"", udev->devnum, alts->desc.bInterfaceNumber); return -EINVAL; } unit = kzalloc(sizeof *unit + p + n, GFP_KERNEL); if (unit == NULL) return -ENOMEM; unit->id = buffer[3]; unit->type = buffer[2]; memcpy(unit->extension.guidExtensionCode, &buffer[4], 16); unit->extension.bNumControls = buffer[20]; unit->extension.bNrInPins = le16_to_cpup((__le16 *)&buffer[21]); unit->extension.baSourceID = (__u8 *)unit + sizeof *unit; memcpy(unit->extension.baSourceID, &buffer[22], p); unit->extension.bControlSize = buffer[22+p]; unit->extension.bmControls = (__u8 *)unit + sizeof *unit + p; memcpy(unit->extension.bmControls, &buffer[23+p], n); if (buffer[23+p+n] != 0) usb_string(udev, buffer[23+p+n], unit->name, sizeof unit->name); else sprintf(unit->name, ""Extension %u"", buffer[3]); list_add_tail(&unit->list, &dev->entities); break; default: uvc_trace(UVC_TRACE_DESCR, ""Found an unknown CS_INTERFACE "" ""descriptor (%u)\n"", buffer[2]); break; } return 0; }",linux-2.6,,,289150351307587464186327380167889858120,0 1957,CWE-401,"static int adis_update_scan_mode_burst(struct iio_dev *indio_dev, const unsigned long *scan_mask) { struct adis *adis = iio_device_get_drvdata(indio_dev); unsigned int burst_length; u8 *tx; burst_length = (indio_dev->num_channels - 1) * sizeof(u16); burst_length += adis->burst->extra_len; adis->xfer = kcalloc(2, sizeof(*adis->xfer), GFP_KERNEL); if (!adis->xfer) return -ENOMEM; adis->buffer = kzalloc(burst_length + sizeof(u16), GFP_KERNEL); if (!adis->buffer) return -ENOMEM; tx = adis->buffer + burst_length; tx[0] = ADIS_READ_REG(adis->burst->reg_cmd); tx[1] = 0; adis->xfer[0].tx_buf = tx; adis->xfer[0].bits_per_word = 8; adis->xfer[0].len = 2; adis->xfer[1].rx_buf = adis->buffer; adis->xfer[1].bits_per_word = 8; adis->xfer[1].len = burst_length; spi_message_init(&adis->msg); spi_message_add_tail(&adis->xfer[0], &adis->msg); spi_message_add_tail(&adis->xfer[1], &adis->msg); return 0; }",visit repo url,drivers/iio/imu/adis_buffer.c,https://github.com/torvalds/linux,22218154220502,1 531,CWE-200,"static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; size_t copied; struct sk_buff *skb; int er; lock_sock(sk); if (sk->sk_state != TCP_ESTABLISHED) { release_sock(sk); return -ENOTCONN; } if ((skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &er)) == NULL) { release_sock(sk); return er; } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } er = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (er < 0) { skb_free_datagram(sk, skb); release_sock(sk); return er; } if (sax != NULL) { memset(sax, 0, sizeof(sax)); sax->sax25_family = AF_NETROM; skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, AX25_ADDR_LEN); } msg->msg_namelen = sizeof(*sax); skb_free_datagram(sk, skb); release_sock(sk); return copied; }",visit repo url,net/netrom/af_netrom.c,https://github.com/torvalds/linux,278059457617125,1 6302,['CWE-200'],"static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) { struct proc_dir_entry *pde = seq->private; struct neigh_table *tbl = pde->data; int cpu; for (cpu = *pos; cpu < NR_CPUS; ++cpu) { if (!cpu_possible(cpu)) continue; *pos = cpu+1; return per_cpu_ptr(tbl->stats, cpu); } return NULL; }",linux-2.6,,,334603379156399218259170141295449601647,0 6280,CWE-120,"read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, uint32_t offset, uint32_t length, uint8_t *frubuf) { static uint32_t fru_data_rqst_size = 20; uint32_t off = offset, tmp, finish; struct ipmi_rs * rsp; struct ipmi_rq req; uint8_t msg_data[4]; if (offset > fru->size) { lprintf(LOG_ERR, ""Read FRU Area offset incorrect: %d > %d"", offset, fru->size); return -1; } finish = offset + length; if (finish > fru->size) { finish = fru->size; lprintf(LOG_NOTICE, ""Read FRU Area length %d too large, "" ""Adjusting to %d"", offset + length, finish - offset); } memset(&req, 0, sizeof(req)); req.msg.netfn = IPMI_NETFN_STORAGE; req.msg.cmd = GET_FRU_DATA; req.msg.data = msg_data; req.msg.data_len = 4; #ifdef LIMIT_ALL_REQUEST_SIZE if (fru_data_rqst_size > 16) #else if (fru->access && fru_data_rqst_size > 16) #endif fru_data_rqst_size = 16; do { tmp = fru->access ? off >> 1 : off; msg_data[0] = id; msg_data[1] = (uint8_t)(tmp & 0xff); msg_data[2] = (uint8_t)(tmp >> 8); tmp = finish - off; if (tmp > fru_data_rqst_size) msg_data[3] = (uint8_t)fru_data_rqst_size; else msg_data[3] = (uint8_t)tmp; rsp = intf->sendrecv(intf, &req); if (!rsp) { lprintf(LOG_NOTICE, ""FRU Read failed""); break; } if (rsp->ccode) { if (fru_cc_rq2big(rsp->ccode) && (--fru_data_rqst_size > FRU_BLOCK_SZ)) { lprintf(LOG_INFO, ""Retrying FRU read with request size %d"", fru_data_rqst_size); continue; } lprintf(LOG_NOTICE, ""FRU Read failed: %s"", val2str(rsp->ccode, completion_code_vals)); break; } tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; memcpy((frubuf + off)-offset, rsp->data + 1, tmp); off += tmp; if (tmp == 0 && off < finish) return 0; } while (off < finish); if (off < finish) return -1; return 0; }",visit repo url,lib/ipmi_fru.c,https://github.com/ipmitool/ipmitool,189632725784903,1 4743,CWE-347,"static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len) { int offset = 0; const uint8_t *ptr = NULL; if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE)) goto end_get_sig; if (asn1_sig[offset++] != ASN1_OCTET_STRING) goto end_get_sig; *len = get_asn1_length(asn1_sig, &offset); ptr = &asn1_sig[offset]; end_get_sig: return ptr; }",visit repo url,ssl/x509.c,https://github.com/igrr/axtls-8266,276741088675569,1 3049,['CWE-189'],"static int jas_icctxtdesc_copy(jas_iccattrval_t *attrval, jas_iccattrval_t *othattrval) { jas_icctxtdesc_t *txtdesc = &attrval->data.txtdesc; attrval = 0; othattrval = 0; txtdesc = 0; abort(); return -1; }",jasper,,,31465295540651006693306895625603419889,0 4119,['CWE-399'],"static int scsi_get_idlun(struct request_queue *q, int __user *p) { return put_user(0, p); }",linux-2.6,,,323688600830719877540028660739326775252,0 5916,CWE-190,"static Jsi_RC jsi_ArraySliceCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this,Jsi_Value **ret, Jsi_Func *funcPtr) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array object""); Jsi_RC rc = JSI_OK; int istart = 0, iend, n, nsiz; Jsi_Number nstart; Jsi_Obj *nobj, *obj; Jsi_Value *start = Jsi_ValueArrayIndex(interp, args, 0), *end = Jsi_ValueArrayIndex(interp, args, 1); if (!start) { goto bail; } obj = _this->d.obj; n = Jsi_ObjGetLength(interp, obj); if (Jsi_GetNumberFromValue(interp,start, &nstart) == JSI_OK) { istart = (int)nstart; if (istart > n) goto done; if (istart < 0) istart = (n+istart); if (istart<0) goto bail; } if (n == 0) { done: Jsi_ValueMakeArrayObject(interp, ret, Jsi_ObjNewType(interp, JSI_OT_ARRAY)); return JSI_OK; } Jsi_Number nend; iend = n-1; if (end && Jsi_GetNumberFromValue(interp,end, &nend) == JSI_OK) { iend = (int) nend; if (iend >= n) iend = n; if (iend < 0) iend = (n+iend); if (iend<0) goto bail; } nsiz = iend-istart+1; if (nsiz<=0) goto done; Jsi_ObjListifyArray(interp, obj); nobj = Jsi_ObjNewType(interp, JSI_OT_ARRAY); if (Jsi_ObjArraySizer(interp, nobj, nsiz) <= 0) { rc = Jsi_LogError(""index too large: %d"", nsiz); goto bail; } int i, m; for (m = 0, i = istart; i <= iend; i++, m++) { if (!obj->arr[i]) continue; nobj->arr[m] = NULL; Jsi_ValueDup2(interp, nobj->arr+m, obj->arr[i]); } Jsi_ObjSetLength(interp, nobj, nsiz); Jsi_ValueMakeArrayObject(interp, ret, nobj); return JSI_OK; bail: Jsi_ValueMakeNull(interp, ret); return rc; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,73840191732281,1 414,CWE-416,"static netdev_tx_t hns_nic_net_xmit(struct sk_buff *skb, struct net_device *ndev) { struct hns_nic_priv *priv = netdev_priv(ndev); int ret; assert(skb->queue_mapping < ndev->ae_handle->q_num); ret = hns_nic_net_xmit_hw(ndev, skb, &tx_ring_data(priv, skb->queue_mapping)); if (ret == NETDEV_TX_OK) { netif_trans_update(ndev); ndev->stats.tx_bytes += skb->len; ndev->stats.tx_packets++; } return (netdev_tx_t)ret; }",visit repo url,drivers/net/ethernet/hisilicon/hns/hns_enet.c,https://github.com/torvalds/linux,141539943579108,1 923,CWE-200,"static int nfs_can_extend_write(struct file *file, struct page *page, struct inode *inode) { if (file->f_flags & O_DSYNC) return 0; if (NFS_PROTO(inode)->have_delegation(inode, FMODE_WRITE)) return 1; if (nfs_write_pageuptodate(page, inode) && (inode->i_flock == NULL || (inode->i_flock->fl_start == 0 && inode->i_flock->fl_end == OFFSET_MAX && inode->i_flock->fl_type != F_RDLCK))) return 1; return 0; }",visit repo url,fs/nfs/write.c,https://github.com/torvalds/linux,117813272656429,1 5635,CWE-125,"decode_unicode_with_escapes(struct compiling *c, const node *n, const char *s, size_t len) { PyObject *u; char *buf; char *p; const char *end; if (len > SIZE_MAX / 6) return NULL; u = PyBytes_FromStringAndSize((char *)NULL, len * 6); if (u == NULL) return NULL; p = buf = PyBytes_AsString(u); end = s + len; while (s < end) { if (*s == '\\') { *p++ = *s++; if (*s & 0x80) { strcpy(p, ""u005c""); p += 5; } } if (*s & 0x80) { PyObject *w; int kind; void *data; Py_ssize_t len, i; w = decode_utf8(c, &s, end); if (w == NULL) { Py_DECREF(u); return NULL; } kind = PyUnicode_KIND(w); data = PyUnicode_DATA(w); len = PyUnicode_GET_LENGTH(w); for (i = 0; i < len; i++) { Py_UCS4 chr = PyUnicode_READ(kind, data, i); sprintf(p, ""\\U%08x"", chr); p += 10; } assert(p - buf <= Py_SIZE(u)); Py_DECREF(w); } else { *p++ = *s++; } } len = p - buf; s = buf; return PyUnicode_DecodeUnicodeEscape(s, len, NULL); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,61470789694978,1 5524,CWE-125,"static PyTypeObject* make_type(char *type, PyTypeObject* base, char**fields, int num_fields) { PyObject *fnames, *result; int i; fnames = PyTuple_New(num_fields); if (!fnames) return NULL; for (i = 0; i < num_fields; i++) { PyObject *field = PyUnicode_FromString(fields[i]); if (!field) { Py_DECREF(fnames); return NULL; } PyTuple_SET_ITEM(fnames, i, field); } result = PyObject_CallFunction((PyObject*)&PyType_Type, ""s(O){sOss}"", type, base, ""_fields"", fnames, ""__module__"", ""_ast3""); Py_DECREF(fnames); return (PyTypeObject*)result; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,175411220079764,1 2452,['CWE-119'],"void add_object(struct object *obj, struct object_array *p, struct name_path *path, const char *name) { add_object_array(obj, path_name(path, name), p); }",git,,,85494700740180438820933944269587603487,0 5379,['CWE-476'],"void kvm_set_apic_base(struct kvm_vcpu *vcpu, u64 data) { if (irqchip_in_kernel(vcpu->kvm)) kvm_lapic_set_base(vcpu, data); else vcpu->arch.apic_base = data; }",linux-2.6,,,260836564907531058278013450022873136058,0 3435,['CWE-264'],"static int page_cache_pipe_buf_steal(struct pipe_inode_info *pipe, struct pipe_buffer *buf) { struct page *page = buf->page; struct address_space *mapping; lock_page(page); mapping = page_mapping(page); if (mapping) { WARN_ON(!PageUptodate(page)); wait_on_page_writeback(page); if (PagePrivate(page)) try_to_release_page(page, mapping_gfp_mask(mapping)); if (remove_mapping(mapping, page)) { buf->flags |= PIPE_BUF_FLAG_LRU; return 0; } } unlock_page(page); return 1; }",linux-2.6,,,125029073303256303707061802580482964163,0 3778,CWE-122,"eval_lambda( char_u **arg, typval_T *rettv, evalarg_T *evalarg, int verbose) { int evaluate = evalarg != NULL && (evalarg->eval_flags & EVAL_EVALUATE); typval_T base = *rettv; int ret; rettv->v_type = VAR_UNKNOWN; if (**arg == '{') { ret = get_lambda_tv(arg, rettv, FALSE, evalarg); } else { ++*arg; ret = eval1(arg, rettv, evalarg); *arg = skipwhite_and_linebreak(*arg, evalarg); if (**arg != ')') { emsg(_(e_missing_closing_paren)); ret = FAIL; } ++*arg; } if (ret != OK) return FAIL; else if (**arg != '(') { if (verbose) { if (*skipwhite(*arg) == '(') emsg(_(e_nowhitespace)); else semsg(_(e_missing_parenthesis_str), ""lambda""); } clear_tv(rettv); ret = FAIL; } else ret = call_func_rettv(arg, evalarg, rettv, evaluate, NULL, &base); if (evaluate) clear_tv(&base); return ret; }",visit repo url,src/eval.c,https://github.com/vim/vim,251772169922645,1 3649,CWE-200,"CAMLprim value caml_alloc_dummy_float (value size) { mlsize_t wosize = Int_val(size) * Double_wosize; if (wosize == 0) return Atom(0); return caml_alloc (wosize, 0); }",visit repo url,byterun/alloc.c,https://github.com/ocaml/ocaml,203611356361219,1 539,CWE-189,"fb_mmap(struct file *file, struct vm_area_struct * vma) { struct fb_info *info = file_fb_info(file); struct fb_ops *fb; unsigned long off; unsigned long start; u32 len; if (!info) return -ENODEV; if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) return -EINVAL; off = vma->vm_pgoff << PAGE_SHIFT; fb = info->fbops; if (!fb) return -ENODEV; mutex_lock(&info->mm_lock); if (fb->fb_mmap) { int res; res = fb->fb_mmap(info, vma); mutex_unlock(&info->mm_lock); return res; } start = info->fix.smem_start; len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.smem_len); if (off >= len) { off -= len; if (info->var.accel_flags) { mutex_unlock(&info->mm_lock); return -EINVAL; } start = info->fix.mmio_start; len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.mmio_len); } mutex_unlock(&info->mm_lock); start &= PAGE_MASK; if ((vma->vm_end - vma->vm_start + off) > len) return -EINVAL; off += start; vma->vm_pgoff = off >> PAGE_SHIFT; vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); fb_pgprotect(file, vma, off); if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, vma->vm_end - vma->vm_start, vma->vm_page_prot)) return -EAGAIN; return 0; }",visit repo url,drivers/video/fbmem.c,https://github.com/torvalds/linux,66552139919645,1 4569,['CWE-399'],"static int ext4_da_should_update_i_disksize(struct page *page, unsigned long offset) { struct buffer_head *bh; struct inode *inode = page->mapping->host; unsigned int idx; int i; bh = page_buffers(page); idx = offset >> inode->i_blkbits; for (i = 0; i < idx; i++) bh = bh->b_this_page; if (!buffer_mapped(bh) || (buffer_delay(bh))) return 0; return 1; }",linux-2.6,,,5306219192230017987555152813163334298,0 3944,['CWE-362'],"static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule) { struct audit_rule_data *data; void *bufp; int i; data = kmalloc(sizeof(*data) + krule->buflen, GFP_KERNEL); if (unlikely(!data)) return NULL; memset(data, 0, sizeof(*data)); data->flags = krule->flags | krule->listnr; data->action = krule->action; data->field_count = krule->field_count; bufp = data->buf; for (i = 0; i < data->field_count; i++) { struct audit_field *f = &krule->fields[i]; data->fields[i] = f->type; data->fieldflags[i] = f->op; switch(f->type) { case AUDIT_SUBJ_USER: case AUDIT_SUBJ_ROLE: case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: case AUDIT_OBJ_USER: case AUDIT_OBJ_ROLE: case AUDIT_OBJ_TYPE: case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: data->buflen += data->values[i] = audit_pack_string(&bufp, f->lsm_str); break; case AUDIT_WATCH: data->buflen += data->values[i] = audit_pack_string(&bufp, krule->watch->path); break; case AUDIT_DIR: data->buflen += data->values[i] = audit_pack_string(&bufp, audit_tree_path(krule->tree)); break; case AUDIT_FILTERKEY: data->buflen += data->values[i] = audit_pack_string(&bufp, krule->filterkey); break; default: data->values[i] = f->val; } } for (i = 0; i < AUDIT_BITMASK_SIZE; i++) data->mask[i] = krule->mask[i]; return data; }",linux-2.6,,,262850485288047244691094667381085019685,0 1330,['CWE-119'],"asn1_header_decode(struct asn1_ctx *ctx, unsigned char **eoc, unsigned int *cls, unsigned int *con, unsigned int *tag) { unsigned int def = 0; unsigned int len = 0; if (!asn1_id_decode(ctx, cls, con, tag)) return 0; if (!asn1_length_decode(ctx, &def, &len)) return 0; if (*con == ASN1_PRI && !def) return 0; if (def) *eoc = ctx->pointer + len; else *eoc = NULL; return 1; }",linux-2.6,,,250197712494207902898574119013807590068,0 3281,CWE-125,"ikev1_sub_print(netdissect_options *ndo, u_char np, const struct isakmp_gen *ext, const u_char *ep, uint32_t phase, uint32_t doi, uint32_t proto, int depth) { const u_char *cp; int i; struct isakmp_gen e; cp = (const u_char *)ext; while (np) { ND_TCHECK(*ext); UNALIGNED_MEMCPY(&e, ext, sizeof(e)); ND_TCHECK2(*ext, ntohs(e.len)); depth++; ND_PRINT((ndo,""\n"")); for (i = 0; i < depth; i++) ND_PRINT((ndo,"" "")); ND_PRINT((ndo,""("")); cp = ike_sub0_print(ndo, np, ext, ep, phase, doi, proto, depth); ND_PRINT((ndo,"")"")); depth--; if (cp == NULL) { return NULL; } np = e.np; ext = (const struct isakmp_gen *)cp; } return cp; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(np))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,92771062209773,1 3818,['CWE-120'],"static int uvc_register_video(struct uvc_device *dev) { struct video_device *vdev; struct uvc_entity *term; int found = 0, ret; list_for_each_entry(term, &dev->entities, list) { struct uvc_streaming *streaming; if (UVC_ENTITY_TYPE(term) != TT_STREAMING) continue; memset(&dev->video, 0, sizeof dev->video); mutex_init(&dev->video.ctrl_mutex); INIT_LIST_HEAD(&dev->video.iterms); INIT_LIST_HEAD(&dev->video.extensions); dev->video.oterm = term; dev->video.dev = dev; if (uvc_scan_chain(&dev->video) < 0) continue; list_for_each_entry(streaming, &dev->streaming, list) { if (streaming->header.bTerminalLink == term->id) { dev->video.streaming = streaming; found = 1; break; } } if (found) break; } if (!found) { uvc_printk(KERN_INFO, ""No valid video chain found.\n""); return -1; } if (uvc_trace_param & UVC_TRACE_PROBE) { uvc_printk(KERN_INFO, ""Found a valid video chain (""); list_for_each_entry(term, &dev->video.iterms, chain) { printk(""%d"", term->id); if (term->chain.next != &dev->video.iterms) printk("",""); } printk("" -> %d).\n"", dev->video.oterm->id); } if ((ret = uvc_video_init(&dev->video)) < 0) { uvc_printk(KERN_ERR, ""Failed to initialize the device "" ""(%d).\n"", ret); return ret; } vdev = video_device_alloc(); if (vdev == NULL) return -1; vdev->dev = &dev->intf->dev; vdev->type = 0; vdev->type2 = 0; vdev->minor = -1; vdev->fops = &uvc_fops; vdev->release = video_device_release; strncpy(vdev->name, dev->name, sizeof vdev->name); dev->video.vdev = vdev; video_set_drvdata(vdev, &dev->video); if (video_register_device(vdev, VFL_TYPE_GRABBER, -1) < 0) { dev->video.vdev = NULL; video_device_release(vdev); return -1; } return 0; }",linux-2.6,,,259722895012071941168557052425032325381,0 4701,['CWE-20'],"static void ext4_write_super(struct super_block *sb) { if (EXT4_SB(sb)->s_journal) { if (mutex_trylock(&sb->s_lock) != 0) BUG(); sb->s_dirt = 0; } else { ext4_commit_super(sb, EXT4_SB(sb)->s_es, 1); } }",linux-2.6,,,212145228731831489623399123803891219865,0 3992,CWE-119,"CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, const char *userp, const char *passwdp, char **outptr, size_t *outlen) { CURLcode result; char *plainauth; size_t ulen; size_t plen; size_t plainlen; *outlen = 0; *outptr = NULL; ulen = strlen(userp); plen = strlen(passwdp); if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) return CURLE_OUT_OF_MEMORY; plainlen = 2 * ulen + plen + 2; plainauth = malloc(plainlen); if(!plainauth) return CURLE_OUT_OF_MEMORY; memcpy(plainauth, userp, ulen); plainauth[ulen] = '\0'; memcpy(plainauth + ulen + 1, userp, ulen); plainauth[2 * ulen + 1] = '\0'; memcpy(plainauth + 2 * ulen + 2, passwdp, plen); result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen); free(plainauth); return result; }",visit repo url,lib/vauth/cleartext.c,https://github.com/curl/curl,256877110660815,1 609,['CWE-189'],"static int ieee80211_is_eapol_frame(struct ieee80211_device *ieee, struct sk_buff *skb) { struct net_device *dev = ieee->dev; u16 fc, ethertype; struct ieee80211_hdr_3addr *hdr; u8 *pos; if (skb->len < 24) return 0; hdr = (struct ieee80211_hdr_3addr *)skb->data; fc = le16_to_cpu(hdr->frame_ctl); if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_TODS && !compare_ether_addr(hdr->addr1, dev->dev_addr) && !compare_ether_addr(hdr->addr3, dev->dev_addr)) { } else if ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_FROMDS && !compare_ether_addr(hdr->addr1, dev->dev_addr)) { } else return 0; if (skb->len < 24 + 8) return 0; pos = skb->data + 24; ethertype = (pos[6] << 8) | pos[7]; if (ethertype == ETH_P_PAE) return 1; return 0; }",linux-2.6,,,9170595620963633370479201806541127939,0 2578,[],"static int grep_tree(struct grep_opt *opt, const char **paths, struct tree_desc *tree, const char *tree_name, const char *base) { int len; int hit = 0; struct name_entry entry; char *down; int tn_len = strlen(tree_name); struct strbuf pathbuf; strbuf_init(&pathbuf, PATH_MAX + tn_len); if (tn_len) { strbuf_add(&pathbuf, tree_name, tn_len); strbuf_addch(&pathbuf, ':'); tn_len = pathbuf.len; } strbuf_addstr(&pathbuf, base); len = pathbuf.len; while (tree_entry(tree, &entry)) { int te_len = tree_entry_len(entry.path, entry.sha1); pathbuf.len = len; strbuf_add(&pathbuf, entry.path, te_len); if (S_ISDIR(entry.mode)) strbuf_addch(&pathbuf, '/'); down = pathbuf.buf + tn_len; if (!pathspec_matches(paths, down)) ; else if (S_ISREG(entry.mode)) hit |= grep_sha1(opt, entry.sha1, pathbuf.buf, tn_len); else if (S_ISDIR(entry.mode)) { enum object_type type; struct tree_desc sub; void *data; unsigned long size; data = read_sha1_file(entry.sha1, &type, &size); if (!data) die(""unable to read tree (%s)"", sha1_to_hex(entry.sha1)); init_tree_desc(&sub, data, size); hit |= grep_tree(opt, paths, &sub, tree_name, down); free(data); } } strbuf_release(&pathbuf); return hit; }",git,,,315062688524784334062144621049330398394,0 1215,CWE-400,"static inline void perf_event_task_sched_out(struct task_struct *task, struct task_struct *next) { perf_sw_event(PERF_COUNT_SW_CONTEXT_SWITCHES, 1, 1, NULL, 0); __perf_event_task_sched_out(task, next); }",visit repo url,include/linux/perf_event.h,https://github.com/torvalds/linux,53092318655813,1 6746,CWE-191,"int decomp_get_rddata(js_string *compressed, js_string *out, unsigned int compressed_offset, int type, int rdlength) { char *desc; int subtype, total, len; desc = decomp_get_rrdesc(type); if(desc == 0) { if(rdlength == 0) { return JS_SUCCESS; } if(decomp_append_bytes(compressed,out,compressed_offset, rdlength) != JS_SUCCESS) { return JS_ERROR; } else { return JS_SUCCESS; } } else { subtype = *desc; total = 0; while(subtype != 0) { if(subtype > 0 && subtype < 64) { if(decomp_append_bytes(compressed,out, compressed_offset,subtype) != JS_SUCCESS) { return JS_ERROR; } total += subtype; compressed_offset += subtype; } else if(subtype == RRSUB_DLABEL) { len = decomp_append_dlabel(compressed,out, compressed_offset); if(len == JS_ERROR) { return JS_ERROR; } total += len; compressed_offset += len; } else if(subtype == RRSUB_TEXT) { len = *(compressed->string + compressed_offset); len += 1; if(len < 0 || len > 256) { return JS_ERROR; } if(decomp_append_bytes(compressed,out, compressed_offset,len) != JS_SUCCESS) { return JS_ERROR; } total += len; compressed_offset += len; } else if(subtype == RRSUB_VARIABLE) { len = rdlength - total; if(len == 0) { break; } if(decomp_append_bytes(compressed,out, compressed_offset,len) != JS_SUCCESS) { return JS_ERROR; } total += len; compressed_offset += len; } else { return JS_ERROR; } desc++; if(subtype != RRSUB_VARIABLE) subtype = *desc; else subtype = 0; } if(rdlength != total) { return JS_ERROR; } } return JS_SUCCESS; }",visit repo url,dns/Decompress.c,https://github.com/samboy/MaraDNS,204605947493060,1 929,['CWE-200'],"shmem_swapin(struct shmem_inode_info *info,swp_entry_t entry,unsigned long idx) { swapin_readahead(entry, 0, NULL); return read_swap_cache_async(entry, NULL, 0); }",linux-2.6,,,258960424328813017240064591149128782192,0 1510,[],"void hrtick_resched(void) { }",linux-2.6,,,91664853209758499670860251200665905584,0 5900,['CWE-909'],"static int tclass_notify(struct sk_buff *oskb, struct nlmsghdr *n, struct Qdisc *q, unsigned long cl, int event) { struct sk_buff *skb; u32 pid = oskb ? NETLINK_CB(oskb).pid : 0; skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) return -ENOBUFS; if (tc_fill_tclass(skb, q, cl, pid, n->nlmsg_seq, 0, event) < 0) { kfree_skb(skb); return -EINVAL; } return rtnetlink_send(skb, &init_net, pid, RTNLGRP_TC, n->nlmsg_flags&NLM_F_ECHO); }",linux-2.6,,,155834562590877447309667193456358927915,0 5492,NVD-CWE-Other,"static int zipfileUpdate( sqlite3_vtab *pVtab, int nVal, sqlite3_value **apVal, sqlite_int64 *pRowid ){ ZipfileTab *pTab = (ZipfileTab*)pVtab; int rc = SQLITE_OK; ZipfileEntry *pNew = 0; u32 mode = 0; u32 mTime = 0; i64 sz = 0; const char *zPath = 0; int nPath = 0; const u8 *pData = 0; int nData = 0; int iMethod = 0; u8 *pFree = 0; char *zFree = 0; ZipfileEntry *pOld = 0; ZipfileEntry *pOld2 = 0; int bUpdate = 0; int bIsDir = 0; u32 iCrc32 = 0; if( pTab->pWriteFd==0 ){ rc = zipfileBegin(pVtab); if( rc!=SQLITE_OK ) return rc; } if( sqlite3_value_type(apVal[0])!=SQLITE_NULL ){ const char *zDelete = (const char*)sqlite3_value_text(apVal[0]); int nDelete = (int)strlen(zDelete); if( nVal>1 ){ const char *zUpdate = (const char*)sqlite3_value_text(apVal[1]); if( zUpdate && zipfileComparePath(zUpdate, zDelete, nDelete)!=0 ){ bUpdate = 1; } } for(pOld=pTab->pFirstEntry; 1; pOld=pOld->pNext){ if( zipfileComparePath(pOld->cds.zFile, zDelete, nDelete)==0 ){ break; } assert( pOld->pNext ); } } if( nVal>1 ){ if( sqlite3_value_type(apVal[5])!=SQLITE_NULL ){ zipfileTableErr(pTab, ""sz must be NULL""); rc = SQLITE_CONSTRAINT; } if( sqlite3_value_type(apVal[6])!=SQLITE_NULL ){ zipfileTableErr(pTab, ""rawdata must be NULL""); rc = SQLITE_CONSTRAINT; } if( rc==SQLITE_OK ){ if( sqlite3_value_type(apVal[7])==SQLITE_NULL ){ bIsDir = 1; }else{ const u8 *aIn = sqlite3_value_blob(apVal[7]); int nIn = sqlite3_value_bytes(apVal[7]); int bAuto = sqlite3_value_type(apVal[8])==SQLITE_NULL; iMethod = sqlite3_value_int(apVal[8]); sz = nIn; pData = aIn; nData = nIn; if( iMethod!=0 && iMethod!=8 ){ zipfileTableErr(pTab, ""unknown compression method: %d"", iMethod); rc = SQLITE_CONSTRAINT; }else{ if( bAuto || iMethod ){ int nCmp; rc = zipfileDeflate(aIn, nIn, &pFree, &nCmp, &pTab->base.zErrMsg); if( rc==SQLITE_OK ){ if( iMethod || nCmpbase.zErrMsg); } if( rc==SQLITE_OK ){ zPath = (const char*)sqlite3_value_text(apVal[2]); if( zPath==0 ) zPath = """"; nPath = (int)strlen(zPath); mTime = zipfileGetTime(apVal[4]); } if( rc==SQLITE_OK && bIsDir ){ if( zPath[nPath-1]!='/' ){ zFree = sqlite3_mprintf(""%s/"", zPath); if( zFree==0 ){ rc = SQLITE_NOMEM; } zPath = (const char*)zFree; nPath++; } } if( (pOld==0 || bUpdate) && rc==SQLITE_OK ){ ZipfileEntry *p; for(p=pTab->pFirstEntry; p; p=p->pNext){ if( zipfileComparePath(p->cds.zFile, zPath, nPath)==0 ){ switch( sqlite3_vtab_on_conflict(pTab->db) ){ case SQLITE_IGNORE: { goto zipfile_update_done; } case SQLITE_REPLACE: { pOld2 = p; break; } default: { zipfileTableErr(pTab, ""duplicate name: \""%s\"""", zPath); rc = SQLITE_CONSTRAINT; break; } } break; } } } if( rc==SQLITE_OK ){ pNew = zipfileNewEntry(zPath); if( pNew==0 ){ rc = SQLITE_NOMEM; }else{ pNew->cds.iVersionMadeBy = ZIPFILE_NEWENTRY_MADEBY; pNew->cds.iVersionExtract = ZIPFILE_NEWENTRY_REQUIRED; pNew->cds.flags = ZIPFILE_NEWENTRY_FLAGS; pNew->cds.iCompression = (u16)iMethod; zipfileMtimeToDos(&pNew->cds, mTime); pNew->cds.crc32 = iCrc32; pNew->cds.szCompressed = nData; pNew->cds.szUncompressed = (u32)sz; pNew->cds.iExternalAttr = (mode<<16); pNew->cds.iOffset = (u32)pTab->szCurrent; pNew->cds.nFile = (u16)nPath; pNew->mUnixTime = (u32)mTime; rc = zipfileAppendEntry(pTab, pNew, pData, nData); zipfileAddEntry(pTab, pOld, pNew); } } } if( rc==SQLITE_OK && (pOld || pOld2) ){ ZipfileCsr *pCsr; for(pCsr=pTab->pCsrList; pCsr; pCsr=pCsr->pCsrNext){ if( pCsr->pCurrent && (pCsr->pCurrent==pOld || pCsr->pCurrent==pOld2) ){ pCsr->pCurrent = pCsr->pCurrent->pNext; pCsr->bNoop = 1; } } zipfileRemoveEntryFromList(pTab, pOld); zipfileRemoveEntryFromList(pTab, pOld2); } zipfile_update_done: sqlite3_free(pFree); sqlite3_free(zFree); return rc; }",visit repo url,ext/misc/zipfile.c,https://github.com/sqlite/sqlite,172466810716642,1 6421,['CWE-190'],"psd_to_gimp_color_map (guchar *map256) { guchar *tmpmap; gint i; tmpmap = g_malloc (3 * 256); for (i = 0; i < 256; ++i) { tmpmap[i*3 ] = map256[i]; tmpmap[i*3+1] = map256[i+256]; tmpmap[i*3+2] = map256[i+512]; } memcpy (map256, tmpmap, 3 * 256); g_free (tmpmap); }",gimp,,,265650211628107175313257887807814133882,0 4205,['CWE-399'],"static void withdraw_host_rrs(AvahiServer *s) { assert(s); if (s->hinfo_entry_group) avahi_s_entry_group_reset(s->hinfo_entry_group); if (s->browse_domain_entry_group) avahi_s_entry_group_reset(s->browse_domain_entry_group); avahi_interface_monitor_update_rrs(s->monitor, 1); s->n_host_rr_pending = 0; }",avahi,,,320961257056621738367052252633957220955,0 3321,[],"static inline int __nla_parse_nested_compat(struct nlattr *tb[], int maxtype, struct nlattr *nla, const struct nla_policy *policy, int len) { int nested_len = nla_len(nla) - NLA_ALIGN(len); if (nested_len < 0) return -EINVAL; if (nested_len >= nla_attr_size(0)) return nla_parse(tb, maxtype, nla_data(nla) + NLA_ALIGN(len), nested_len, policy); memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1)); return 0; }",linux-2.6,,,93010957145642815791742729019169919211,0 4008,CWE-476,"static int mpeg4video_probe(AVProbeData *probe_packet) { uint32_t temp_buffer = -1; int VO = 0, VOL = 0, VOP = 0, VISO = 0, res = 0; int i; for (i = 0; i < probe_packet->buf_size; i++) { temp_buffer = (temp_buffer << 8) + probe_packet->buf[i]; if ((temp_buffer & 0xffffff00) != 0x100) continue; if (temp_buffer == VOP_START_CODE) VOP++; else if (temp_buffer == VISUAL_OBJECT_START_CODE) VISO++; else if (temp_buffer < 0x120) VO++; else if (temp_buffer < 0x130) VOL++; else if (!(0x1AF < temp_buffer && temp_buffer < 0x1B7) && !(0x1B9 < temp_buffer && temp_buffer < 0x1C4)) res++; } if (VOP >= VISO && VOP >= VOL && VO >= VOL && VOL > 0 && res == 0) return AVPROBE_SCORE_EXTENSION; return 0; }",visit repo url,libavformat/m4vdec.c,https://github.com/libav/libav,175928830389422,1 3533,NVD-CWE-Other,"long jpc_bitstream_getbits(jpc_bitstream_t *bitstream, int n) { long v; int u; assert(n >= 0 && n < 32); v = 0; while (--n >= 0) { if ((u = jpc_bitstream_getbit(bitstream)) < 0) { return -1; } v = (v << 1) | u; } return v; }",visit repo url,src/libjasper/jpc/jpc_bs.c,https://github.com/mdadams/jasper,90844979153056,1 1581,[],"static inline void idle_balance(int cpu, struct rq *rq) { }",linux-2.6,,,122221610036714009369668617511014652177,0 2828,CWE-125,"static BOOL update_recv_primary_order(rdpUpdate* update, wStream* s, BYTE flags) { BOOL rc = FALSE; rdpContext* context = update->context; rdpPrimaryUpdate* primary = update->primary; ORDER_INFO* orderInfo = &(primary->order_info); rdpSettings* settings = context->settings; const char* orderName; if (flags & ORDER_TYPE_CHANGE) { if (Stream_GetRemainingLength(s) < 1) { WLog_Print(update->log, WLOG_ERROR, ""Stream_GetRemainingLength(s) < 1""); return FALSE; } Stream_Read_UINT8(s, orderInfo->orderType); } orderName = primary_order_string(orderInfo->orderType); if (!check_primary_order_supported(update->log, settings, orderInfo->orderType, orderName)) return FALSE; if (!update_read_field_flags(s, &(orderInfo->fieldFlags), flags, PRIMARY_DRAWING_ORDER_FIELD_BYTES[orderInfo->orderType])) { WLog_Print(update->log, WLOG_ERROR, ""update_read_field_flags() failed""); return FALSE; } if (flags & ORDER_BOUNDS) { if (!(flags & ORDER_ZERO_BOUNDS_DELTAS)) { if (!update_read_bounds(s, &orderInfo->bounds)) { WLog_Print(update->log, WLOG_ERROR, ""update_read_bounds() failed""); return FALSE; } } rc = IFCALLRESULT(FALSE, update->SetBounds, context, &orderInfo->bounds); if (!rc) return FALSE; } orderInfo->deltaCoordinates = (flags & ORDER_DELTA_COORDINATES) ? TRUE : FALSE; if (!read_primary_order(update->log, orderName, s, orderInfo, primary)) return FALSE; switch (orderInfo->orderType) { case ORDER_TYPE_DSTBLT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s rop=%s [0x%08"" PRIx32 ""]"", orderName, gdi_rop3_code_string(primary->dstblt.bRop), gdi_rop3_code(primary->dstblt.bRop)); rc = IFCALLRESULT(FALSE, primary->DstBlt, context, &primary->dstblt); } break; case ORDER_TYPE_PATBLT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s rop=%s [0x%08"" PRIx32 ""]"", orderName, gdi_rop3_code_string(primary->patblt.bRop), gdi_rop3_code(primary->patblt.bRop)); rc = IFCALLRESULT(FALSE, primary->PatBlt, context, &primary->patblt); } break; case ORDER_TYPE_SCRBLT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s rop=%s [0x%08"" PRIx32 ""]"", orderName, gdi_rop3_code_string(primary->scrblt.bRop), gdi_rop3_code(primary->scrblt.bRop)); rc = IFCALLRESULT(FALSE, primary->ScrBlt, context, &primary->scrblt); } break; case ORDER_TYPE_OPAQUE_RECT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->OpaqueRect, context, &primary->opaque_rect); } break; case ORDER_TYPE_DRAW_NINE_GRID: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->DrawNineGrid, context, &primary->draw_nine_grid); } break; case ORDER_TYPE_MULTI_DSTBLT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s rop=%s [0x%08"" PRIx32 ""]"", orderName, gdi_rop3_code_string(primary->multi_dstblt.bRop), gdi_rop3_code(primary->multi_dstblt.bRop)); rc = IFCALLRESULT(FALSE, primary->MultiDstBlt, context, &primary->multi_dstblt); } break; case ORDER_TYPE_MULTI_PATBLT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s rop=%s [0x%08"" PRIx32 ""]"", orderName, gdi_rop3_code_string(primary->multi_patblt.bRop), gdi_rop3_code(primary->multi_patblt.bRop)); rc = IFCALLRESULT(FALSE, primary->MultiPatBlt, context, &primary->multi_patblt); } break; case ORDER_TYPE_MULTI_SCRBLT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s rop=%s [0x%08"" PRIx32 ""]"", orderName, gdi_rop3_code_string(primary->multi_scrblt.bRop), gdi_rop3_code(primary->multi_scrblt.bRop)); rc = IFCALLRESULT(FALSE, primary->MultiScrBlt, context, &primary->multi_scrblt); } break; case ORDER_TYPE_MULTI_OPAQUE_RECT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->MultiOpaqueRect, context, &primary->multi_opaque_rect); } break; case ORDER_TYPE_MULTI_DRAW_NINE_GRID: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->MultiDrawNineGrid, context, &primary->multi_draw_nine_grid); } break; case ORDER_TYPE_LINE_TO: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->LineTo, context, &primary->line_to); } break; case ORDER_TYPE_POLYLINE: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->Polyline, context, &primary->polyline); } break; case ORDER_TYPE_MEMBLT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s rop=%s [0x%08"" PRIx32 ""]"", orderName, gdi_rop3_code_string(primary->memblt.bRop), gdi_rop3_code(primary->memblt.bRop)); rc = IFCALLRESULT(FALSE, primary->MemBlt, context, &primary->memblt); } break; case ORDER_TYPE_MEM3BLT: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s rop=%s [0x%08"" PRIx32 ""]"", orderName, gdi_rop3_code_string(primary->mem3blt.bRop), gdi_rop3_code(primary->mem3blt.bRop)); rc = IFCALLRESULT(FALSE, primary->Mem3Blt, context, &primary->mem3blt); } break; case ORDER_TYPE_SAVE_BITMAP: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->SaveBitmap, context, &primary->save_bitmap); } break; case ORDER_TYPE_GLYPH_INDEX: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->GlyphIndex, context, &primary->glyph_index); } break; case ORDER_TYPE_FAST_INDEX: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->FastIndex, context, &primary->fast_index); } break; case ORDER_TYPE_FAST_GLYPH: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->FastGlyph, context, &primary->fast_glyph); } break; case ORDER_TYPE_POLYGON_SC: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->PolygonSC, context, &primary->polygon_sc); } break; case ORDER_TYPE_POLYGON_CB: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->PolygonCB, context, &primary->polygon_cb); } break; case ORDER_TYPE_ELLIPSE_SC: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->EllipseSC, context, &primary->ellipse_sc); } break; case ORDER_TYPE_ELLIPSE_CB: { WLog_Print(update->log, WLOG_DEBUG, ""Primary Drawing Order %s"", orderName); rc = IFCALLRESULT(FALSE, primary->EllipseCB, context, &primary->ellipse_cb); } break; default: WLog_Print(update->log, WLOG_WARN, ""Primary Drawing Order %s not supported"", orderName); break; } if (!rc) { WLog_Print(update->log, WLOG_WARN, ""Primary Drawing Order %s failed"", orderName); return FALSE; } if (flags & ORDER_BOUNDS) { rc = IFCALLRESULT(FALSE, update->SetBounds, context, NULL); } return rc; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,16806206763405,1 6679,['CWE-200'],"nma_gconf_connection_init (NMAGConfConnection *connection) { }",network-manager-applet,,,140199027050143947010689513517836834335,0 5964,CWE-611,"void init_xml_relax_ng() { VALUE nokogiri = rb_define_module(""Nokogiri""); VALUE xml = rb_define_module_under(nokogiri, ""XML""); VALUE klass = rb_define_class_under(xml, ""RelaxNG"", cNokogiriXmlSchema); cNokogiriXmlRelaxNG = klass; rb_define_singleton_method(klass, ""read_memory"", read_memory, 1); rb_define_singleton_method(klass, ""from_document"", from_document, 1); rb_define_private_method(klass, ""validate_document"", validate_document, 1); }",visit repo url,ext/nokogiri/xml_relax_ng.c,https://github.com/sparklemotion/nokogiri,20292078283583,1 2779,['CWE-264'],"sbni_start_xmit( struct sk_buff *skb, struct net_device *dev ) { struct net_local *nl = (struct net_local *) dev->priv; netif_stop_queue( dev ); spin_lock( &nl->lock ); prepare_to_send( skb, dev ); spin_unlock( &nl->lock ); return 0; }",linux-2.6,,,133822722396670177150163691948521218493,0 1940,CWE-401,"nfp_abm_u32_knode_replace(struct nfp_abm_link *alink, struct tc_cls_u32_knode *knode, __be16 proto, struct netlink_ext_ack *extack) { struct nfp_abm_u32_match *match = NULL, *iter; unsigned int tos_off; u8 mask, val; int err; if (!nfp_abm_u32_check_knode(alink->abm, knode, proto, extack)) goto err_delete; tos_off = proto == htons(ETH_P_IP) ? 16 : 20; val = be32_to_cpu(knode->sel->keys[0].val) >> tos_off & 0xff; mask = be32_to_cpu(knode->sel->keys[0].mask) >> tos_off & 0xff; list_for_each_entry(iter, &alink->dscp_map, list) { u32 cmask; if (iter->handle == knode->handle) { match = iter; continue; } cmask = iter->mask & mask; if ((iter->val & cmask) == (val & cmask) && iter->band != knode->res->classid) { NL_SET_ERR_MSG_MOD(extack, ""conflict with already offloaded filter""); goto err_delete; } } if (!match) { match = kzalloc(sizeof(*match), GFP_KERNEL); if (!match) return -ENOMEM; list_add(&match->list, &alink->dscp_map); } match->handle = knode->handle; match->band = knode->res->classid; match->mask = mask; match->val = val; err = nfp_abm_update_band_map(alink); if (err) goto err_delete; return 0; err_delete: nfp_abm_u32_knode_delete(alink, knode); return -EOPNOTSUPP; }",visit repo url,drivers/net/ethernet/netronome/nfp/abm/cls.c,https://github.com/torvalds/linux,193163752424841,1 145,[],"static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t offset, u64 ino, unsigned int d_type) { struct linux_dirent64 __user *dirent; struct compat_getdents_callback64 *buf = __buf; int jj = NAME_OFFSET(dirent); int reclen = COMPAT_ROUND_UP64(jj + namlen + 1); u64 off; buf->error = -EINVAL; if (reclen > buf->count) return -EINVAL; dirent = buf->previous; if (dirent) { if (__put_user_unaligned(offset, &dirent->d_off)) goto efault; } dirent = buf->current_dir; if (__put_user_unaligned(ino, &dirent->d_ino)) goto efault; off = 0; if (__put_user_unaligned(off, &dirent->d_off)) goto efault; if (__put_user(reclen, &dirent->d_reclen)) goto efault; if (__put_user(d_type, &dirent->d_type)) goto efault; if (copy_to_user(dirent->d_name, name, namlen)) goto efault; if (__put_user(0, dirent->d_name + namlen)) goto efault; buf->previous = dirent; dirent = (void __user *)dirent + reclen; buf->current_dir = dirent; buf->count -= reclen; return 0; efault: buf->error = -EFAULT; return -EFAULT; }",linux-2.6,,,221834775877451750660238895792953484511,0 828,['CWE-119'],"isdn_map_eaz2msn(char *msn, int di) { isdn_driver_t *this = dev->drv[di]; int i; if (strlen(msn) == 1) { i = msn[0] - '0'; if ((i >= 0) && (i <= 9)) if (strlen(this->msn2eaz[i])) return (this->msn2eaz[i]); } return (msn); }",linux-2.6,,,218353419403094347740851607091911897199,0 1449,[],"static void update_rq_clock(struct rq *rq) { if (likely(smp_processor_id() == cpu_of(rq))) __update_rq_clock(rq); }",linux-2.6,,,197818455802287971884896376135680689629,0 2094,[],"void udp4_proc_exit(void) { udp_proc_unregister(&udp4_seq_afinfo); }",linux-2.6,,,188413521410933426120367500858471604393,0 6515,CWE-476,"MemoryRegion *memory_map_ptr(struct uc_struct *uc, hwaddr begin, size_t size, uint32_t perms, void *ptr) { MemoryRegion *ram = g_new(MemoryRegion, 1); memory_region_init_ram_ptr(uc, ram, size, ptr); ram->perms = perms; if (ram->addr == -1) { return NULL; } memory_region_add_subregion(uc->system_memory, begin, ram); if (uc->cpu) { tlb_flush(uc->cpu); } return ram; }",visit repo url,qemu/softmmu/memory.c,https://github.com/unicorn-engine/unicorn,165889453367696,1 1666,CWE-119,"static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb) { int i; unsigned char max_level = 0; int unix_sock_count = 0; for (i = scm->fp->count - 1; i >= 0; i--) { struct sock *sk = unix_get_socket(scm->fp->fp[i]); if (sk) { unix_sock_count++; max_level = max(max_level, unix_sk(sk)->recursion_level); } } if (unlikely(max_level > MAX_RECURSION_LEVEL)) return -ETOOMANYREFS; UNIXCB(skb).fp = scm_fp_dup(scm->fp); if (!UNIXCB(skb).fp) return -ENOMEM; if (unix_sock_count) { for (i = scm->fp->count - 1; i >= 0; i--) unix_inflight(scm->fp->fp[i]); } return max_level; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,125065507012028,1 4208,CWE-125,"parse_file (FILE* input_file, char* directory, char *body_filename, char *body_pref, int flags) { uint32 d; uint16 key; Attr *attr = NULL; File *file = NULL; int rtf_size = 0, html_size = 0; MessageBody body; memset (&body, '\0', sizeof (MessageBody)); g_flags = flags; d = geti32(input_file); if (d != TNEF_SIGNATURE) { fprintf (stdout, ""Seems not to be a TNEF file\n""); return 1; } key = geti16(input_file); debug_print (""TNEF Key: %hx\n"", key); while ( data_left( input_file ) ) { attr = read_object( input_file ); if ( attr == NULL ) break; if (attr->name == attATTACHRENDDATA) { if (file) { file_write (file, directory); file_free (file); } else { file = CHECKED_XCALLOC (File, 1); } } switch (attr->lvl_type) { case LVL_MESSAGE: if (attr->name == attBODY) { body.text_body = get_text_data (attr); } else if (attr->name == attMAPIPROPS) { MAPI_Attr **mapi_attrs = mapi_attr_read (attr->len, attr->buf); if (mapi_attrs) { int i; for (i = 0; mapi_attrs[i]; i++) { MAPI_Attr *a = mapi_attrs[i]; if (a->name == MAPI_BODY_HTML) { body.html_bodies = get_html_data (a); html_size = a->num_values; } else if (a->name == MAPI_RTF_COMPRESSED) { body.rtf_bodies = get_rtf_data (a); rtf_size = a->num_values; } } mapi_attr_free_list (mapi_attrs); XFREE (mapi_attrs); } } break; case LVL_ATTACHMENT: file_add_attr (file, attr); break; default: fprintf (stderr, ""Invalid lvl type on attribute: %d\n"", attr->lvl_type); return 1; break; } attr_free (attr); XFREE (attr); } if (file) { file_write (file, directory); file_free (file); XFREE (file); } if (flags & SAVEBODY) { int i = 0; int all_flag = 0; if (strcmp (body_pref, ""all"") == 0) { all_flag = 1; body_pref = ""rht""; } for (; i < 3; i++) { File **files = get_body_files (body_filename, body_pref[i], &body); if (files) { int j = 0; for (; files[j]; j++) { file_write(files[j], directory); file_free (files[j]); XFREE(files[j]); } XFREE(files); if (!all_flag) break; } } } if (body.text_body) { free_bodies(body.text_body, 1); XFREE(body.text_body); } if (rtf_size > 0) { free_bodies(body.rtf_bodies, rtf_size); XFREE(body.rtf_bodies); } if (html_size > 0) { free_bodies(body.html_bodies, html_size); XFREE(body.html_bodies); } return 0; }",visit repo url,src/tnef.c,https://github.com/verdammelt/tnef,35980798089116,1 3765,CWE-476,"int read_escaped_char( yyscan_t yyscanner, uint8_t* escaped_char) { char text[4] = {0, 0, 0, 0}; text[0] = '\\'; text[1] = RE_YY_INPUT(yyscanner); if (text[1] == EOF) return 0; if (text[1] == 'x') { text[2] = RE_YY_INPUT(yyscanner); if (text[2] == EOF) return 0; text[3] = RE_YY_INPUT(yyscanner); if (text[3] == EOF) return 0; } *escaped_char = escaped_char_value(text); return 1;",visit repo url,libyara/re_lexer.c,https://github.com/VirusTotal/yara,244767621429758,1 760,CWE-20,"static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct ipx_sock *ipxs = ipx_sk(sk); struct sockaddr_ipx *sipx = (struct sockaddr_ipx *)msg->msg_name; struct ipxhdr *ipx = NULL; struct sk_buff *skb; int copied, rc; lock_sock(sk); if (!ipxs->port) { struct sockaddr_ipx uaddr; uaddr.sipx_port = 0; uaddr.sipx_network = 0; #ifdef CONFIG_IPX_INTERN rc = -ENETDOWN; if (!ipxs->intrfc) goto out; memcpy(uaddr.sipx_node, ipxs->intrfc->if_node, IPX_NODE_LEN); #endif rc = __ipx_bind(sock, (struct sockaddr *)&uaddr, sizeof(struct sockaddr_ipx)); if (rc) goto out; } rc = -ENOTCONN; if (sock_flag(sk, SOCK_ZAPPED)) goto out; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); if (!skb) goto out; ipx = ipx_hdr(skb); copied = ntohs(ipx->ipx_pktsize) - sizeof(struct ipxhdr); if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } rc = skb_copy_datagram_iovec(skb, sizeof(struct ipxhdr), msg->msg_iov, copied); if (rc) goto out_free; if (skb->tstamp.tv64) sk->sk_stamp = skb->tstamp; msg->msg_namelen = sizeof(*sipx); if (sipx) { sipx->sipx_family = AF_IPX; sipx->sipx_port = ipx->ipx_source.sock; memcpy(sipx->sipx_node, ipx->ipx_source.node, IPX_NODE_LEN); sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net; sipx->sipx_type = ipx->ipx_type; sipx->sipx_zero = 0; } rc = copied; out_free: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/ipx/af_ipx.c,https://github.com/torvalds/linux,233280970032934,1 1789,CWE-415,"static int amd_gpio_probe(struct platform_device *pdev) { int ret = 0; int irq_base; struct resource *res; struct amd_gpio *gpio_dev; gpio_dev = devm_kzalloc(&pdev->dev, sizeof(struct amd_gpio), GFP_KERNEL); if (!gpio_dev) return -ENOMEM; spin_lock_init(&gpio_dev->lock); res = platform_get_resource(pdev, IORESOURCE_MEM, 0); if (!res) { dev_err(&pdev->dev, ""Failed to get gpio io resource.\n""); return -EINVAL; } gpio_dev->base = devm_ioremap_nocache(&pdev->dev, res->start, resource_size(res)); if (!gpio_dev->base) return -ENOMEM; irq_base = platform_get_irq(pdev, 0); if (irq_base < 0) { dev_err(&pdev->dev, ""Failed to get gpio IRQ.\n""); return -EINVAL; } gpio_dev->pdev = pdev; gpio_dev->gc.direction_input = amd_gpio_direction_input; gpio_dev->gc.direction_output = amd_gpio_direction_output; gpio_dev->gc.get = amd_gpio_get_value; gpio_dev->gc.set = amd_gpio_set_value; gpio_dev->gc.set_debounce = amd_gpio_set_debounce; gpio_dev->gc.dbg_show = amd_gpio_dbg_show; gpio_dev->gc.base = 0; gpio_dev->gc.label = pdev->name; gpio_dev->gc.owner = THIS_MODULE; gpio_dev->gc.parent = &pdev->dev; gpio_dev->gc.ngpio = TOTAL_NUMBER_OF_PINS; #if defined(CONFIG_OF_GPIO) gpio_dev->gc.of_node = pdev->dev.of_node; #endif gpio_dev->groups = kerncz_groups; gpio_dev->ngroups = ARRAY_SIZE(kerncz_groups); amd_pinctrl_desc.name = dev_name(&pdev->dev); gpio_dev->pctrl = pinctrl_register(&amd_pinctrl_desc, &pdev->dev, gpio_dev); if (IS_ERR(gpio_dev->pctrl)) { dev_err(&pdev->dev, ""Couldn't register pinctrl driver\n""); return PTR_ERR(gpio_dev->pctrl); } ret = gpiochip_add_data(&gpio_dev->gc, gpio_dev); if (ret) goto out1; ret = gpiochip_add_pin_range(&gpio_dev->gc, dev_name(&pdev->dev), 0, 0, TOTAL_NUMBER_OF_PINS); if (ret) { dev_err(&pdev->dev, ""Failed to add pin range\n""); goto out2; } ret = gpiochip_irqchip_add(&gpio_dev->gc, &amd_gpio_irqchip, 0, handle_simple_irq, IRQ_TYPE_NONE); if (ret) { dev_err(&pdev->dev, ""could not add irqchip\n""); ret = -ENODEV; goto out2; } gpiochip_set_chained_irqchip(&gpio_dev->gc, &amd_gpio_irqchip, irq_base, amd_gpio_irq_handler); platform_set_drvdata(pdev, gpio_dev); dev_dbg(&pdev->dev, ""amd gpio driver loaded\n""); return ret; out2: gpiochip_remove(&gpio_dev->gc); out1: pinctrl_unregister(gpio_dev->pctrl); return ret; }",visit repo url,drivers/pinctrl/pinctrl-amd.c,https://github.com/torvalds/linux,222359316324510,1 684,[],"static int jpc_ppm_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_ppm_t *ppm = &ms->parms.ppm; fprintf(out, ""ind=%d; len = %d;\n"", ppm->ind, ppm->len); if (ppm->len > 0) { fprintf(out, ""data =\n""); jas_memdump(out, ppm->data, ppm->len); } return 0; }",jasper,,,198620808646962771905862876396665891383,0 1799,NVD-CWE-Other,"struct bpf_prog *bpf_prog_get(u32 ufd) { struct fd f = fdget(ufd); struct bpf_prog *prog; prog = __bpf_prog_get(f); if (IS_ERR(prog)) return prog; atomic_inc(&prog->aux->refcnt); fdput(f); return prog; }",visit repo url,kernel/bpf/syscall.c,https://github.com/torvalds/linux,224040396862302,1 613,['CWE-189'],"ieee80211_rx_frame_mgmt(struct ieee80211_device *ieee, struct sk_buff *skb, struct ieee80211_rx_stats *rx_stats, u16 type, u16 stype) { if (ieee->iw_mode == IW_MODE_MASTER) { printk(KERN_DEBUG ""%s: Master mode not yet suppported.\n"", ieee->dev->name); return 0; } if (ieee->hostapd && type == WLAN_FC_TYPE_MGMT) { if (stype == WLAN_FC_STYPE_BEACON && ieee->iw_mode == IW_MODE_MASTER) { struct sk_buff *skb2; skb2 = skb_clone(skb, GFP_ATOMIC); if (skb2) hostap_rx(skb2->dev, skb2, rx_stats); } ieee->apdevstats.rx_packets++; ieee->apdevstats.rx_bytes += skb->len; prism2_rx_80211(ieee->apdev, skb, rx_stats, PRISM2_RX_MGMT); return 0; } if (ieee->iw_mode == IW_MODE_MASTER) { if (type != WLAN_FC_TYPE_MGMT && type != WLAN_FC_TYPE_CTRL) { printk(KERN_DEBUG ""%s: unknown management frame "" ""(type=0x%02x, stype=0x%02x) dropped\n"", skb->dev->name, type, stype); return -1; } hostap_rx(skb->dev, skb, rx_stats); return 0; } printk(KERN_DEBUG ""%s: hostap_rx_frame_mgmt: management frame "" ""received in non-Host AP mode\n"", skb->dev->name); return -1; }",linux-2.6,,,53929992418121862978210169332259936718,0 5637,['CWE-476'],"static struct sock *udp_get_next(struct seq_file *seq, struct sock *sk) { struct udp_iter_state *state = seq->private; do { sk = sk_next(sk); try_again: ; } while (sk && sk->sk_family != state->family); if (!sk && ++state->bucket < UDP_HTABLE_SIZE) { sk = sk_head(&udp_hash[state->bucket]); goto try_again; } return sk; }",linux-2.6,,,33400776888048501982153596058939110085,0 5004,['CWE-120'],"static int utf8_encoded_valid_unichar(const char *str) { int len; int unichar; int i; len = utf8_encoded_expected_len(str); if (len == 0) return -1; if (len == 1) return 1; for (i = 0; i < len; i++) if ((str[i] & 0x80) != 0x80) return -1; unichar = utf8_encoded_to_unichar(str); if (utf8_unichar_to_encoded_len(unichar) != len) return -1; if (!utf8_unichar_valid_range(unichar)) return -1; return len; }",udev,,,206053476377274378364373590995660911050,0 5025,CWE-190,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 4737,['CWE-20'],"void __ext4_std_error(struct super_block *sb, const char *function, int errno) { char nbuf[16]; const char *errstr; if (errno == -EROFS && journal_current_handle() == NULL && (sb->s_flags & MS_RDONLY)) return; errstr = ext4_decode_error(sb, errno, nbuf); printk(KERN_CRIT ""EXT4-fs error (device %s) in %s: %s\n"", sb->s_id, function, errstr); ext4_handle_error(sb); }",linux-2.6,,,12390438662596234107637687499122821222,0 4028,['CWE-362'],"static inline int audit_add_rule(struct audit_entry *entry, struct list_head *list) { struct audit_entry *e; struct audit_field *inode_f = entry->rule.inode_f; struct audit_watch *watch = entry->rule.watch; struct audit_tree *tree = entry->rule.tree; struct nameidata *ndp = NULL, *ndw = NULL; int h, err; #ifdef CONFIG_AUDITSYSCALL int dont_count = 0; if (entry->rule.listnr == AUDIT_FILTER_USER || entry->rule.listnr == AUDIT_FILTER_TYPE) dont_count = 1; #endif if (inode_f) { h = audit_hash_ino(inode_f->val); list = &audit_inode_hash[h]; } mutex_lock(&audit_filter_mutex); e = audit_find_rule(entry, list); mutex_unlock(&audit_filter_mutex); if (e) { err = -EEXIST; if (tree) audit_put_tree(tree); goto error; } if (watch) { err = audit_get_nd(watch->path, &ndp, &ndw); if (err) goto error; } mutex_lock(&audit_filter_mutex); if (watch) { err = audit_add_watch(&entry->rule, ndp, ndw); if (err) { mutex_unlock(&audit_filter_mutex); goto error; } h = audit_hash_ino((u32)watch->ino); list = &audit_inode_hash[h]; } if (tree) { err = audit_add_tree_rule(&entry->rule); if (err) { mutex_unlock(&audit_filter_mutex); goto error; } } if (entry->rule.flags & AUDIT_FILTER_PREPEND) { list_add_rcu(&entry->list, list); entry->rule.flags &= ~AUDIT_FILTER_PREPEND; } else { list_add_tail_rcu(&entry->list, list); } #ifdef CONFIG_AUDITSYSCALL if (!dont_count) audit_n_rules++; if (!audit_match_signal(entry)) audit_signals++; #endif mutex_unlock(&audit_filter_mutex); audit_put_nd(ndp, ndw); return 0; error: audit_put_nd(ndp, ndw); if (watch) audit_put_watch(watch); return err; }",linux-2.6,,,51923742535654520788564547810026212834,0 6602,['CWE-200'],"action_info_free (ActionInfo *info) { g_return_if_fail (info != NULL); polkit_action_unref (info->action); g_free (info); }",network-manager-applet,,,336334004347981824550291232051657864340,0 1987,CWE-416,"static void bfq_idle_slice_timer_body(struct bfq_queue *bfqq) { struct bfq_data *bfqd = bfqq->bfqd; enum bfqq_expiration reason; unsigned long flags; spin_lock_irqsave(&bfqd->lock, flags); bfq_clear_bfqq_wait_request(bfqq); if (bfqq != bfqd->in_service_queue) { spin_unlock_irqrestore(&bfqd->lock, flags); return; } if (bfq_bfqq_budget_timeout(bfqq)) reason = BFQQE_BUDGET_TIMEOUT; else if (bfqq->queued[0] == 0 && bfqq->queued[1] == 0) reason = BFQQE_TOO_IDLE; else goto schedule_dispatch; bfq_bfqq_expire(bfqd, bfqq, true, reason); schedule_dispatch: spin_unlock_irqrestore(&bfqd->lock, flags); bfq_schedule_dispatch(bfqd);",visit repo url,block/bfq-iosched.c,https://github.com/torvalds/linux,272815169631459,1 4298,CWE-787,"static RCoreSymCacheElement *parseDragons(RBinFile *bf, RBuffer *buf, int off, int bits, R_OWN char *file_name) { D eprintf (""Dragons at 0x%x\n"", off); ut64 size = r_buf_size (buf); if (off >= size) { return NULL; } size -= off; if (!size) { return NULL; } ut8 *b = malloc (size); if (!b) { return NULL; } int available = r_buf_read_at (buf, off, b, size); if (available != size) { eprintf (""Warning: r_buf_read_at failed\n""); return NULL; } #if 0 0x00000138 |1a2b b2a1 0300 0000 1a2b b2a1 e055 0000| .+.......+...U.. n_segments ----. .--- how many sections ? 0x00000148 |0100 0000 ca55 0000 0400 0000 1800 0000| .....U.......... .---- how many symbols? 0xc7 0x00000158 |c700 0000 0000 0000 0000 0000 0104 0000| ................ 0x00000168 |250b e803 0000 0100 0000 0000 bd55 0000| %............U.. 0x00000178 |91bb e903 e35a b42c 93a4 340a 8746 9489| .....Z.,..4..F.. 0x00000188 |0cea 4c40 0c00 0000 0900 0000 0000 0000| ..L@............ 0x00000198 |0000 0000 0000 0000 0000 0000 0000 0000| ................ 0x000001a8 |0080 0000 0000 0000 5f5f 5445 5854 0000| ........__TEXT.. 0x000001b8 |0000 0000 0000 0000 0080 0000 0000 0000| ................ 0x000001c8 |0040 0000 0000 0000 5f5f 4441 5441 0000| .@......__DATA.. 0x000001d8 |0000 0000 0000 0000 00c0 0000 0000 0000| ................ 0x000001e8 |0000 0100 0000 0000 5f5f 4c4c 564d 0000| ........__LLVM.. 0x000001f8 |0000 0000 0000 0000 00c0 0100 0000 0000| ................ 0x00000208 |00c0 0000 0000 0000 5f5f 4c49 4e4b 4544| ........__LINKED 0x00000218 |4954 0000 0000 0000 0000 0000 d069 0000| IT...........i.. #endif int magicCombo = 0; if (!memcmp (""\x1a\x2b\xb2\xa1"", b, 4)) { magicCombo++; } if (!memcmp (""\x1a\x2b\xb2\xa1"", b + 8, 4)) { magicCombo++; } if (magicCombo != 2) { available = r_buf_read_at (buf, off - 8, b, size); if (available != size) { eprintf (""Warning: r_buf_read_at failed\n""); return NULL; } if (!memcmp (""\x1a\x2b\xb2\xa1"", b, 4)) { off -= 8; } else { eprintf (""0x%08x parsing error: invalid magic retry\n"", off); } } D eprintf (""0x%08x magic OK\n"", off); D { const int e0ss = r_read_le32 (b + 12); eprintf (""0x%08x eoss 0x%x\n"", off + 12, e0ss); } free (b); return r_coresym_cache_element_new (bf, buf, off + 16, bits, file_name); }",visit repo url,libr/bin/p/bin_symbols.c,https://github.com/radareorg/radare2,23045116741091,1 6097,['CWE-200'],"static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev, u32 pid, u32 seq, int event, unsigned int flags) { struct net_device *dev = idev->dev; __s32 *array = NULL; struct ifinfomsg *r; struct nlmsghdr *nlh; unsigned char *b = skb->tail; struct rtattr *subattr; __u32 mtu = dev->mtu; struct ifla_cacheinfo ci; nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*r), flags); r = NLMSG_DATA(nlh); r->ifi_family = AF_INET6; r->__ifi_pad = 0; r->ifi_type = dev->type; r->ifi_index = dev->ifindex; r->ifi_flags = dev_get_flags(dev); r->ifi_change = 0; RTA_PUT(skb, IFLA_IFNAME, strlen(dev->name)+1, dev->name); if (dev->addr_len) RTA_PUT(skb, IFLA_ADDRESS, dev->addr_len, dev->dev_addr); RTA_PUT(skb, IFLA_MTU, sizeof(mtu), &mtu); if (dev->ifindex != dev->iflink) RTA_PUT(skb, IFLA_LINK, sizeof(int), &dev->iflink); subattr = (struct rtattr*)skb->tail; RTA_PUT(skb, IFLA_PROTINFO, 0, NULL); RTA_PUT(skb, IFLA_INET6_FLAGS, sizeof(__u32), &idev->if_flags); ci.max_reasm_len = IPV6_MAXPLEN; ci.tstamp = (__u32)(TIME_DELTA(idev->tstamp, INITIAL_JIFFIES) / HZ * 100 + TIME_DELTA(idev->tstamp, INITIAL_JIFFIES) % HZ * 100 / HZ); ci.reachable_time = idev->nd_parms->reachable_time; ci.retrans_time = idev->nd_parms->retrans_time; RTA_PUT(skb, IFLA_INET6_CACHEINFO, sizeof(ci), &ci); if ((array = kmalloc(DEVCONF_MAX * sizeof(*array), GFP_ATOMIC)) == NULL) goto rtattr_failure; ipv6_store_devconf(&idev->cnf, array, DEVCONF_MAX * sizeof(*array)); RTA_PUT(skb, IFLA_INET6_CONF, DEVCONF_MAX * sizeof(*array), array); subattr->rta_len = skb->tail - (u8*)subattr; nlh->nlmsg_len = skb->tail - b; kfree(array); return skb->len; nlmsg_failure: rtattr_failure: if (array) kfree(array); skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,281638551115750873657765784664794107675,0 4723,CWE-120,"enum ImapAuthRes imap_auth_cram_md5(struct ImapData *idata, const char *method) { char ibuf[LONG_STRING * 2], obuf[LONG_STRING]; unsigned char hmac_response[MD5_DIGEST_LEN]; int len; int rc; if (!mutt_bit_isset(idata->capabilities, ACRAM_MD5)) return IMAP_AUTH_UNAVAIL; mutt_message(_(""Authenticating (CRAM-MD5)..."")); if (mutt_account_getlogin(&idata->conn->account) < 0) return IMAP_AUTH_FAILURE; if (mutt_account_getpass(&idata->conn->account) < 0) return IMAP_AUTH_FAILURE; imap_cmd_start(idata, ""AUTHENTICATE CRAM-MD5""); do rc = imap_cmd_step(idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { mutt_debug(1, ""Invalid response from server: %s\n"", ibuf); goto bail; } len = mutt_b64_decode(obuf, idata->buf + 2); if (len == -1) { mutt_debug(1, ""Error decoding base64 response.\n""); goto bail; } obuf[len] = '\0'; mutt_debug(2, ""CRAM challenge: %s\n"", obuf); hmac_md5(idata->conn->account.pass, obuf, hmac_response); int off = snprintf(obuf, sizeof(obuf), ""%s "", idata->conn->account.user); mutt_md5_toascii(hmac_response, obuf + off); mutt_debug(2, ""CRAM response: %s\n"", obuf); mutt_b64_encode(ibuf, obuf, strlen(obuf), sizeof(ibuf) - 2); mutt_str_strcat(ibuf, sizeof(ibuf), ""\r\n""); mutt_socket_send(idata->conn, ibuf); do rc = imap_cmd_step(idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_OK) { mutt_debug(1, ""Error receiving server response.\n""); goto bail; } if (imap_code(idata->buf)) return IMAP_AUTH_SUCCESS; bail: mutt_error(_(""CRAM-MD5 authentication failed."")); return IMAP_AUTH_FAILURE; }",visit repo url,imap/auth_cram.c,https://github.com/neomutt/neomutt,263533549032700,1 4264,['CWE-264'],"static struct task_struct *dup_task_struct(struct task_struct *orig) { struct task_struct *tsk; struct thread_info *ti; int err; prepare_to_copy(orig); tsk = alloc_task_struct(); if (!tsk) return NULL; ti = alloc_thread_info(tsk); if (!ti) { free_task_struct(tsk); return NULL; } err = arch_dup_task_struct(tsk, orig); if (err) goto out; tsk->stack = ti; err = prop_local_init_single(&tsk->dirties); if (err) goto out; setup_thread_stack(tsk, orig); #ifdef CONFIG_CC_STACKPROTECTOR tsk->stack_canary = get_random_int(); #endif atomic_set(&tsk->usage,2); atomic_set(&tsk->fs_excl, 0); #ifdef CONFIG_BLK_DEV_IO_TRACE tsk->btrace_seq = 0; #endif tsk->splice_pipe = NULL; return tsk; out: free_thread_info(ti); free_task_struct(tsk); return NULL; }",linux-2.6,,,196757833019807069599592531143976001809,0 960,CWE-264,"bool inode_owner_or_capable(const struct inode *inode) { if (uid_eq(current_fsuid(), inode->i_uid)) return true; if (inode_capable(inode, CAP_FOWNER)) return true; return false; }",visit repo url,fs/inode.c,https://github.com/torvalds/linux,61815599986259,1 3396,['CWE-264'],"asmlinkage long sys_truncate64(const char __user * path, loff_t length) { return do_sys_truncate(path, length); }",linux-2.6,,,88726383219500711090142870164484324011,0 4057,['CWE-362'],"static inline void inotify_dentry_parent_queue_event(struct dentry *dentry, __u32 mask, __u32 cookie, const char *filename) { }",linux-2.6,,,170294733206225851559994635007354500469,0 135,[],"static int compat_nfs_exp_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg) { if (!access_ok(VERIFY_READ, &arg->ca32_export, sizeof(arg->ca32_export)) || get_user(karg->ca_version, &arg->ca32_version) || __copy_from_user(&karg->ca_export.ex_client[0], &arg->ca32_export.ex32_client[0], NFSCLNT_IDMAX) || __copy_from_user(&karg->ca_export.ex_path[0], &arg->ca32_export.ex32_path[0], NFS_MAXPATHLEN) || __get_user(karg->ca_export.ex_dev, &arg->ca32_export.ex32_dev) || __get_user(karg->ca_export.ex_ino, &arg->ca32_export.ex32_ino) || __get_user(karg->ca_export.ex_flags, &arg->ca32_export.ex32_flags) || __get_user(karg->ca_export.ex_anon_uid, &arg->ca32_export.ex32_anon_uid) || __get_user(karg->ca_export.ex_anon_gid, &arg->ca32_export.ex32_anon_gid)) return -EFAULT; SET_UID(karg->ca_export.ex_anon_uid, karg->ca_export.ex_anon_uid); SET_GID(karg->ca_export.ex_anon_gid, karg->ca_export.ex_anon_gid); return 0; }",linux-2.6,,,120917645204894574055063730456698901774,0 4326,CWE-190,"void CLASS foveon_dp_load_raw() { unsigned c, roff[4], row, col, diff; ushort huff[512], vpred[2][2], hpred[2]; fseek (ifp, 8, SEEK_CUR); foveon_huff (huff); roff[0] = 48; FORC3 roff[c+1] = -(-(roff[c] + get4()) & -16); FORC3 { fseek (ifp, data_offset+roff[c], SEEK_SET); getbits(-1); vpred[0][0] = vpred[0][1] = vpred[1][0] = vpred[1][1] = 512; for (row=0; row < height; row++) { #ifdef LIBRAW_LIBRARY_BUILD checkCancel(); #endif for (col=0; col < width; col++) { diff = ljpeg_diff(huff); if (col < 2) hpred[col] = vpred[row & 1][col] += diff; else hpred[col & 1] += diff; image[row*width+col][c] = hpred[col & 1]; } } } }",visit repo url,dcraw_foveon.c,https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2,36944210174949,1 5369,['CWE-476'],"static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) { static int version; struct pvclock_wall_clock wc; struct timespec now, sys, boot; if (!wall_clock) return; version++; kvm_write_guest(kvm, wall_clock, &version, sizeof(version)); now = current_kernel_time(); ktime_get_ts(&sys); boot = ns_to_timespec(timespec_to_ns(&now) - timespec_to_ns(&sys)); wc.sec = boot.tv_sec; wc.nsec = boot.tv_nsec; wc.version = version; kvm_write_guest(kvm, wall_clock, &wc, sizeof(wc)); version++; kvm_write_guest(kvm, wall_clock, &version, sizeof(version)); }",linux-2.6,,,168094409209420530693921996107722907623,0 2578,CWE-269,"void virtio_config_writel(VirtIODevice *vdev, uint32_t addr, uint32_t data) { VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); uint32_t val = data; if (addr > (vdev->config_len - sizeof(val))) return; stl_p(vdev->config + addr, val); if (k->set_config) { k->set_config(vdev, vdev->config); } }",visit repo url,hw/virtio/virtio.c,https://github.com/qemu/qemu,193054690209769,1 2190,['CWE-193'],"int should_remove_suid(struct dentry *dentry) { mode_t mode = dentry->d_inode->i_mode; int kill = 0; if (unlikely(mode & S_ISUID)) kill = ATTR_KILL_SUID; if (unlikely((mode & S_ISGID) && (mode & S_IXGRP))) kill |= ATTR_KILL_SGID; if (unlikely(kill && !capable(CAP_FSETID))) return kill; return 0; }",linux-2.6,,,181151784928958262348106635048381235180,0 1376,CWE-200,"static int hidp_setup_hid(struct hidp_session *session, struct hidp_connadd_req *req) { struct hid_device *hid; int err; session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); if (!session->rd_data) return -ENOMEM; if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { err = -EFAULT; goto fault; } session->rd_size = req->rd_size; hid = hid_allocate_device(); if (IS_ERR(hid)) { err = PTR_ERR(hid); goto fault; } session->hid = hid; hid->driver_data = session; hid->bus = BUS_BLUETOOTH; hid->vendor = req->vendor; hid->product = req->product; hid->version = req->version; hid->country = req->country; strncpy(hid->name, req->name, 128); snprintf(hid->phys, sizeof(hid->phys), ""%pMR"", &bt_sk(session->ctrl_sock->sk)->src); snprintf(hid->uniq, sizeof(hid->uniq), ""%pMR"", &bt_sk(session->ctrl_sock->sk)->dst); hid->dev.parent = &session->conn->dev; hid->ll_driver = &hidp_hid_driver; hid->hid_get_raw_report = hidp_get_raw_report; hid->hid_output_raw_report = hidp_output_raw_report; if (hid_ignore(hid)) { hid_destroy_device(session->hid); session->hid = NULL; return -ENODEV; } return 0; fault: kfree(session->rd_data); session->rd_data = NULL; return err; }",visit repo url,net/bluetooth/hidp/core.c,https://github.com/torvalds/linux,245982008528296,1 1144,CWE-20,"static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name, struct path *dir, char *type, unsigned long flags) { struct path path; struct file_system_type *fstype = NULL; const char *requested_type = NULL; const char *requested_dir_name = NULL; const char *requested_dev_name = NULL; struct tomoyo_path_info rtype; struct tomoyo_path_info rdev; struct tomoyo_path_info rdir; int need_dev = 0; int error = -ENOMEM; requested_type = tomoyo_encode(type); if (!requested_type) goto out; rtype.name = requested_type; tomoyo_fill_path_info(&rtype); requested_dir_name = tomoyo_realpath_from_path(dir); if (!requested_dir_name) { error = -ENOMEM; goto out; } rdir.name = requested_dir_name; tomoyo_fill_path_info(&rdir); if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD)) { } else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) || !strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) || !strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) || !strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD)) { } else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD) || !strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD)) { need_dev = -1; } else { fstype = get_fs_type(type); if (!fstype) { error = -ENODEV; goto out; } if (fstype->fs_flags & FS_REQUIRES_DEV) need_dev = 1; } if (need_dev) { if (kern_path(dev_name, LOOKUP_FOLLOW, &path)) { error = -ENOENT; goto out; } requested_dev_name = tomoyo_realpath_from_path(&path); path_put(&path); if (!requested_dev_name) { error = -ENOENT; goto out; } } else { if (!dev_name) dev_name = """"; requested_dev_name = tomoyo_encode(dev_name); if (!requested_dev_name) { error = -ENOMEM; goto out; } } rdev.name = requested_dev_name; tomoyo_fill_path_info(&rdev); r->param_type = TOMOYO_TYPE_MOUNT_ACL; r->param.mount.need_dev = need_dev; r->param.mount.dev = &rdev; r->param.mount.dir = &rdir; r->param.mount.type = &rtype; r->param.mount.flags = flags; do { tomoyo_check_acl(r, tomoyo_check_mount_acl); error = tomoyo_audit_mount_log(r); } while (error == TOMOYO_RETRY_REQUEST); out: kfree(requested_dev_name); kfree(requested_dir_name); if (fstype) put_filesystem(fstype); kfree(requested_type); return error; }",visit repo url,security/tomoyo/mount.c,https://github.com/torvalds/linux,44417143583975,1 4998,CWE-125,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 6314,CWE-295,"NOEXPORT char *parse_global_option(CMD cmd, char *opt, char *arg) { void *tmp; if(cmd==CMD_PRINT_DEFAULTS || cmd==CMD_PRINT_HELP) { s_log(LOG_NOTICE, "" ""); s_log(LOG_NOTICE, ""Global options:""); } #ifdef HAVE_CHROOT switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.chroot_dir=NULL; break; case CMD_SET_COPY: break; case CMD_FREE: tmp=global_options.chroot_dir; global_options.chroot_dir=NULL; str_free(tmp); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""chroot"")) break; new_global_options.chroot_dir=str_dup(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = directory to chroot stunnel process"", ""chroot""); break; } #endif #ifndef OPENSSL_NO_COMP switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.compression=COMP_NONE; break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""compression"")) break; #if OPENSSL_VERSION_NUMBER < 0x10100000L if(OpenSSL_version_num()<0x00908051L) return ""Compression unsupported due to a memory leak""; #endif if(!strcasecmp(arg, ""deflate"")) new_global_options.compression=COMP_DEFLATE; else if(!strcasecmp(arg, ""zlib"")) new_global_options.compression=COMP_ZLIB; else return ""Specified compression type is not available""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = compression type"", ""compression""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: #ifdef EGD_SOCKET new_global_options.egd_sock=EGD_SOCKET; #else new_global_options.egd_sock=NULL; #endif break; case CMD_SET_COPY: break; case CMD_FREE: tmp=global_options.egd_sock; global_options.egd_sock=NULL; str_free(tmp); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""EGD"")) break; new_global_options.egd_sock=str_dup(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: #ifdef EGD_SOCKET s_log(LOG_NOTICE, ""%-22s = %s"", ""EGD"", EGD_SOCKET); #endif break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = path to Entropy Gathering Daemon socket"", ""EGD""); break; } #ifndef OPENSSL_NO_ENGINE switch(cmd) { case CMD_SET_DEFAULTS: engine_reset_list(); break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""engine"")) break; if(!strcasecmp(arg, ""auto"")) return engine_auto(); else return engine_open(arg); case CMD_INITIALIZE: engine_init(); break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = auto|engine_id"", ""engine""); break; } switch(cmd) { case CMD_SET_DEFAULTS: break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""engineCtrl"")) break; { char *tmp_str=strchr(arg, ':'); if(tmp_str) *tmp_str++='\0'; return engine_ctrl(arg, tmp_str); } case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = cmd[:arg]"", ""engineCtrl""); break; } switch(cmd) { case CMD_SET_DEFAULTS: break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""engineDefault"")) break; return engine_default(arg); case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = TASK_LIST"", ""engineDefault""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: #ifdef USE_FIPS new_global_options.option.fips=0; #endif break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""fips"")) break; #ifdef USE_FIPS if(!strcasecmp(arg, ""yes"")) new_global_options.option.fips=1; else if(!strcasecmp(arg, ""no"")) new_global_options.option.fips=0; else return ""The argument needs to be either 'yes' or 'no'""; #else if(strcasecmp(arg, ""no"")) return ""FIPS support is not available""; #endif return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: #ifdef USE_FIPS s_log(LOG_NOTICE, ""%-22s = yes|no FIPS 140-2 mode"", ""fips""); #endif break; } #ifndef USE_WIN32 switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.option.foreground=0; new_global_options.option.log_stderr=0; break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""foreground"")) break; if(!strcasecmp(arg, ""yes"")) { new_global_options.option.foreground=1; new_global_options.option.log_stderr=1; } else if(!strcasecmp(arg, ""quiet"")) { new_global_options.option.foreground=1; new_global_options.option.log_stderr=0; } else if(!strcasecmp(arg, ""no"")) { new_global_options.option.foreground=0; new_global_options.option.log_stderr=0; } else return ""The argument needs to be either 'yes', 'quiet' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|quiet|no foreground mode (don't fork, log to stderr)"", ""foreground""); break; } #endif #ifdef ICON_IMAGE switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.icon[ICON_ACTIVE]=load_icon_default(ICON_ACTIVE); break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""iconActive"")) break; if(!(new_global_options.icon[ICON_ACTIVE]=load_icon_file(arg))) return ""Failed to load the specified icon""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = icon when connections are established"", ""iconActive""); break; } switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.icon[ICON_ERROR]=load_icon_default(ICON_ERROR); break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""iconError"")) break; if(!(new_global_options.icon[ICON_ERROR]=load_icon_file(arg))) return ""Failed to load the specified icon""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = icon for invalid configuration file"", ""iconError""); break; } switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.icon[ICON_IDLE]=load_icon_default(ICON_IDLE); break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""iconIdle"")) break; if(!(new_global_options.icon[ICON_IDLE]=load_icon_file(arg))) return ""Failed to load the specified icon""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = icon when no connections were established"", ""iconIdle""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.log_file_mode=FILE_MODE_APPEND; break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""log"")) break; if(!strcasecmp(arg, ""append"")) new_global_options.log_file_mode=FILE_MODE_APPEND; else if(!strcasecmp(arg, ""overwrite"")) new_global_options.log_file_mode=FILE_MODE_OVERWRITE; else return ""The argument needs to be either 'append' or 'overwrite'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = append|overwrite log file"", ""log""); break; } switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.output_file=NULL; break; case CMD_SET_COPY: break; case CMD_FREE: tmp=global_options.output_file; global_options.output_file=NULL; str_free(tmp); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""output"")) break; new_global_options.output_file=str_dup(arg); return NULL; case CMD_INITIALIZE: #ifndef USE_WIN32 if(!new_global_options.option.foreground && new_global_options.output_file && new_global_options.output_file[0]!='/' ) return ""Log file must include full path name""; #endif break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = file to append log messages"", ""output""); break; } #ifndef USE_WIN32 switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.pidfile=NULL; break; case CMD_SET_COPY: break; case CMD_FREE: tmp=global_options.pidfile; global_options.pidfile=NULL; str_free(tmp); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""pid"")) break; if(arg[0]) new_global_options.pidfile=str_dup(arg); else new_global_options.pidfile=NULL; return NULL; case CMD_INITIALIZE: if(!new_global_options.option.foreground && new_global_options.pidfile && new_global_options.pidfile[0]!='/' ) return ""Pid file must include full path name""; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = pid file"", ""pid""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.random_bytes=RANDOM_BYTES; break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""RNDbytes"")) break; { char *tmp_str; new_global_options.random_bytes=(long)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal number of bytes to read from random seed files""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %d"", ""RNDbytes"", RANDOM_BYTES); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = bytes to read from random seed files"", ""RNDbytes""); break; } switch(cmd) { case CMD_SET_DEFAULTS: #ifdef RANDOM_FILE new_global_options.rand_file=str_dup(RANDOM_FILE); #else new_global_options.rand_file=NULL; #endif break; case CMD_SET_COPY: break; case CMD_FREE: tmp=global_options.rand_file; global_options.rand_file=NULL; str_free(tmp); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""RNDfile"")) break; new_global_options.rand_file=str_dup(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: #ifdef RANDOM_FILE s_log(LOG_NOTICE, ""%-22s = %s"", ""RNDfile"", RANDOM_FILE); #endif break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = path to file with random seed data"", ""RNDfile""); break; } switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.option.rand_write=1; break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""RNDoverwrite"")) break; if(!strcasecmp(arg, ""yes"")) new_global_options.option.rand_write=1; else if(!strcasecmp(arg, ""no"")) new_global_options.option.rand_write=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = yes"", ""RNDoverwrite""); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no overwrite seed datafiles with new random data"", ""RNDoverwrite""); break; } #ifndef USE_WIN32 switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.option.log_syslog=1; break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""syslog"")) break; if(!strcasecmp(arg, ""yes"")) new_global_options.option.log_syslog=1; else if(!strcasecmp(arg, ""no"")) new_global_options.option.log_syslog=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no send logging messages to syslog"", ""syslog""); break; } #endif #ifdef USE_WIN32 switch(cmd) { case CMD_SET_DEFAULTS: new_global_options.option.taskbar=1; break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""taskbar"")) break; if(!strcasecmp(arg, ""yes"")) new_global_options.option.taskbar=1; else if(!strcasecmp(arg, ""no"")) new_global_options.option.taskbar=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = yes"", ""taskbar""); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no enable the taskbar icon"", ""taskbar""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: return option_not_found; case CMD_INITIALIZE: if(ssl_configure(&new_global_options)) return ""Failed to initialize TLS""; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: break; } return NULL; }",visit repo url,src/options.c,https://github.com/mtrojnar/stunnel,109104344225978,1 5569,[],"int kill_pid(struct pid *pid, int sig, int priv) { return kill_pid_info(sig, __si_special(priv), pid); }",linux-2.6,,,50625598776837042664558877799554097299,0 3867,[],"int cap_task_setioprio (struct task_struct *p, int ioprio) { return cap_safe_nice(p); }",linux-2.6,,,62680821767646366149676608540113662549,0 5423,['CWE-476'],"static int save_guest_segment_descriptor(struct kvm_vcpu *vcpu, u16 selector, struct desc_struct *seg_desc) { gpa_t gpa; struct descriptor_table dtable; u16 index = selector >> 3; get_segment_descriptor_dtable(vcpu, selector, &dtable); if (dtable.limit < index * 8 + 7) return 1; gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, dtable.base); gpa += index * 8; return kvm_write_guest(vcpu->kvm, gpa, seg_desc, 8); }",linux-2.6,,,165546638153852790184032215715174490382,0 4288,['CWE-264'],"void __cleanup_signal(struct signal_struct *sig) { thread_group_cputime_free(sig); tty_kref_put(sig->tty); kmem_cache_free(signal_cachep, sig); }",linux-2.6,,,39839108049609295456659064152849651529,0 2769,['CWE-264'],"int __init sysenter_setup(void) { void *syscall_page = (void *)get_zeroed_page(GFP_ATOMIC); syscall_pages[0] = virt_to_page(syscall_page); #ifdef CONFIG_COMPAT_VDSO __set_fixmap(FIX_VDSO, __pa(syscall_page), PAGE_READONLY); printk(""Compat vDSO mapped to %08lx.\n"", __fix_to_virt(FIX_VDSO)); #endif if (!boot_cpu_has(X86_FEATURE_SEP)) { memcpy(syscall_page, &vsyscall_int80_start, &vsyscall_int80_end - &vsyscall_int80_start); return 0; } memcpy(syscall_page, &vsyscall_sysenter_start, &vsyscall_sysenter_end - &vsyscall_sysenter_start); return 0; }",linux-2.6,,,234995374533396770454471483806960590971,0 6687,['CWE-200'],"set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec) { NMApplet *applet = NM_APPLET (object); switch (prop_id) { case PROP_LOOP: applet->loop = g_value_get_pointer (value); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; } }",network-manager-applet,,,36518783124758775827563282209153837804,0 5560,[],"void zap_other_threads(struct task_struct *p) { struct task_struct *t; p->signal->group_stop_count = 0; for (t = next_thread(p); t != p; t = next_thread(t)) { if (t->exit_state) continue; sigaddset(&t->pending.signal, SIGKILL); signal_wake_up(t, 1); } }",linux-2.6,,,181059138737559500703499595190466864187,0 2051,CWE-787,"static int ebt_size_mwt(struct compat_ebt_entry_mwt *match32, unsigned int size_left, enum compat_mwt type, struct ebt_entries_buf_state *state, const void *base) { int growth = 0; char *buf; if (size_left == 0) return 0; buf = (char *) match32; while (size_left >= sizeof(*match32)) { struct ebt_entry_match *match_kern; int ret; match_kern = (struct ebt_entry_match *) state->buf_kern_start; if (match_kern) { char *tmp; tmp = state->buf_kern_start + state->buf_kern_offset; match_kern = (struct ebt_entry_match *) tmp; } ret = ebt_buf_add(state, buf, sizeof(*match32)); if (ret < 0) return ret; size_left -= sizeof(*match32); ret = ebt_buf_add_pad(state, ebt_compat_entry_padsize()); if (ret < 0) return ret; if (match32->match_size > size_left) return -EINVAL; size_left -= match32->match_size; ret = compat_mtw_from_user(match32, type, state, base); if (ret < 0) return ret; if (WARN_ON(ret < match32->match_size)) return -EINVAL; growth += ret - match32->match_size; growth += ebt_compat_entry_padsize(); buf += sizeof(*match32); buf += match32->match_size; if (match_kern) match_kern->match_size = ret; WARN_ON(type == EBT_COMPAT_TARGET && size_left); match32 = (struct compat_ebt_entry_mwt *) buf; } return growth; }",visit repo url,net/bridge/netfilter/ebtables.c,https://github.com/torvalds/linux,250688050567233,1 6250,['CWE-200'],"static void pneigh_queue_purge(struct sk_buff_head *list) { struct sk_buff *skb; while ((skb = skb_dequeue(list)) != NULL) { dev_put(skb->dev); kfree_skb(skb); } }",linux-2.6,,,186514150173123039394043694602781943090,0 6479,CWE-125,"static void get_over(struct SYMBOL *s) { struct VOICE_S *p_voice, *p_voice2, *p_voice3; int range, voice, voice2, voice3; static char tx_wrong_dur[] = ""Wrong duration in voice overlay""; static char txt_no_note[] = ""No note in voice overlay""; p_voice = curvoice; if (p_voice->ignore) return; if (s->abc_type == ABC_T_BAR || s->u.v_over.type == V_OVER_E) { if (!p_voice->last_sym) { error(1, s, txt_no_note); return; } p_voice->last_sym->sflags |= S_BEAM_END; over_bar = 0; if (over_time < 0) { error(1, s, ""Erroneous end of voice overlap""); return; } if (p_voice->time != over_mxtime) error(1, s, tx_wrong_dur); curvoice = &voice_tb[over_voice]; over_mxtime = 0; over_voice = -1; over_time = -1; return; } if (s->u.v_over.type == V_OVER_S) { over_voice = p_voice - voice_tb; over_time = p_voice->time; return; } if (!p_voice->last_sym) { error(1, s, txt_no_note); return; } p_voice->last_sym->sflags |= S_BEAM_END; voice2 = s->u.v_over.voice; p_voice2 = &voice_tb[voice2]; if (parsys->voice[voice2].range < 0) { int clone; if (cfmt.abc2pscompat) { error(1, s, ""Cannot have %%%%abc2pscompat""); cfmt.abc2pscompat = 0; } clone = p_voice->clone >= 0; p_voice2->id[0] = '&'; p_voice2->id[1] = '\0'; p_voice2->second = 1; parsys->voice[voice2].second = 1; p_voice2->scale = p_voice->scale; p_voice2->octave = p_voice->octave; p_voice2->transpose = p_voice->transpose; memcpy(&p_voice2->key, &p_voice->key, sizeof p_voice2->key); memcpy(&p_voice2->ckey, &p_voice->ckey, sizeof p_voice2->ckey); memcpy(&p_voice2->okey, &p_voice->okey, sizeof p_voice2->okey); p_voice2->posit = p_voice->posit; p_voice2->staff = p_voice->staff; p_voice2->cstaff = p_voice->cstaff; p_voice2->color = p_voice->color; p_voice2->map_name = p_voice->map_name; range = parsys->voice[p_voice - voice_tb].range; for (voice = 0; voice < MAXVOICE; voice++) { if (parsys->voice[voice].range > range) parsys->voice[voice].range += clone + 1; } parsys->voice[voice2].range = range + 1; voice_link(p_voice2); if (clone) { for (voice3 = MAXVOICE; --voice3 >= 0; ) { if (parsys->voice[voice3].range < 0) break; } if (voice3 > 0) { p_voice3 = &voice_tb[voice3]; strcpy(p_voice3->id, p_voice2->id); p_voice3->second = 1; parsys->voice[voice3].second = 1; p_voice3->scale = voice_tb[p_voice->clone].scale; parsys->voice[voice3].range = range + 2; voice_link(p_voice3); p_voice2->clone = voice3; } else { error(1, s, ""Too many voices for overlay cloning""); } } } voice = p_voice - voice_tb; if (over_time < 0) { int time; over_bar = 1; over_mxtime = p_voice->time; over_voice = voice; time = p_voice2->time; for (s = p_voice->last_sym; ; s = s->prev) { if (s->type == BAR || s->time <= time) break; } over_time = s->time; } else { if (over_mxtime == 0) over_mxtime = p_voice->time; else if (p_voice->time != over_mxtime) error(1, s, tx_wrong_dur); } p_voice2->time = over_time; curvoice = p_voice2; }",visit repo url,parse.c,https://github.com/leesavide/abcm2ps,8760503527162,1 3943,CWE-476,"create_pty_only(term_T *term, jobopt_T *options) { HANDLE hPipeIn = INVALID_HANDLE_VALUE; HANDLE hPipeOut = INVALID_HANDLE_VALUE; char in_name[80], out_name[80]; channel_T *channel = NULL; create_vterm(term, term->tl_rows, term->tl_cols); vim_snprintf(in_name, sizeof(in_name), ""\\\\.\\pipe\\vim-%d-in-%d"", GetCurrentProcessId(), curbuf->b_fnum); hPipeIn = CreateNamedPipe(in_name, PIPE_ACCESS_OUTBOUND, PIPE_TYPE_MESSAGE | PIPE_NOWAIT, PIPE_UNLIMITED_INSTANCES, 0, 0, NMPWAIT_NOWAIT, NULL); if (hPipeIn == INVALID_HANDLE_VALUE) goto failed; vim_snprintf(out_name, sizeof(out_name), ""\\\\.\\pipe\\vim-%d-out-%d"", GetCurrentProcessId(), curbuf->b_fnum); hPipeOut = CreateNamedPipe(out_name, PIPE_ACCESS_INBOUND, PIPE_TYPE_MESSAGE | PIPE_NOWAIT, PIPE_UNLIMITED_INSTANCES, 0, 0, 0, NULL); if (hPipeOut == INVALID_HANDLE_VALUE) goto failed; ConnectNamedPipe(hPipeIn, NULL); ConnectNamedPipe(hPipeOut, NULL); term->tl_job = job_alloc(); if (term->tl_job == NULL) goto failed; ++term->tl_job->jv_refcount; term->tl_job->jv_status = JOB_FINISHED; channel = add_channel(); if (channel == NULL) goto failed; term->tl_job->jv_channel = channel; channel->ch_keep_open = TRUE; channel->ch_named_pipe = TRUE; channel_set_pipes(channel, (sock_T)hPipeIn, (sock_T)hPipeOut, (sock_T)hPipeOut); channel_set_job(channel, term->tl_job, options); term->tl_job->jv_tty_in = vim_strsave((char_u*)in_name); term->tl_job->jv_tty_out = vim_strsave((char_u*)out_name); return OK; failed: if (hPipeIn != NULL) CloseHandle(hPipeIn); if (hPipeOut != NULL) CloseHandle(hPipeOut); return FAIL; }",visit repo url,src/terminal.c,https://github.com/vim/vim,151724881638479,1 5556,[],"static int prepare_signal(int sig, struct task_struct *p, int from_ancestor_ns) { struct signal_struct *signal = p->signal; struct task_struct *t; if (unlikely(signal->flags & SIGNAL_GROUP_EXIT)) { } else if (sig_kernel_stop(sig)) { rm_from_queue(sigmask(SIGCONT), &signal->shared_pending); t = p; do { rm_from_queue(sigmask(SIGCONT), &t->pending); } while_each_thread(p, t); } else if (sig == SIGCONT) { unsigned int why; rm_from_queue(SIG_KERNEL_STOP_MASK, &signal->shared_pending); t = p; do { unsigned int state; rm_from_queue(SIG_KERNEL_STOP_MASK, &t->pending); state = __TASK_STOPPED; if (sig_user_defined(t, SIGCONT) && !sigismember(&t->blocked, SIGCONT)) { set_tsk_thread_flag(t, TIF_SIGPENDING); state |= TASK_INTERRUPTIBLE; } wake_up_state(t, state); } while_each_thread(p, t); why = 0; if (signal->flags & SIGNAL_STOP_STOPPED) why |= SIGNAL_CLD_CONTINUED; else if (signal->group_stop_count) why |= SIGNAL_CLD_STOPPED; if (why) { signal->flags = why | SIGNAL_STOP_CONTINUED; signal->group_stop_count = 0; signal->group_exit_code = 0; } else { signal->flags &= ~SIGNAL_STOP_DEQUEUED; } } return !sig_ignored(p, sig, from_ancestor_ns); }",linux-2.6,,,125362604830847907946082255683571372086,0 5050,['CWE-20'],"static void hardware_disable(void *garbage) { vmclear_local_vcpus(); kvm_cpu_vmxoff(); }",linux-2.6,,,321415723351263053021858338666760383971,0 692,[],"static int jpc_cod_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_cod_t *cod = &ms->parms.cod; assert(cod->numlyrs > 0 && cod->compparms.numdlvls <= 32); assert(cod->compparms.numdlvls == cod->compparms.numrlvls - 1); if (jpc_putuint8(out, cod->compparms.csty) || jpc_putuint8(out, cod->prg) || jpc_putuint16(out, cod->numlyrs) || jpc_putuint8(out, cod->mctrans)) { return -1; } if (jpc_cox_putcompparms(ms, cstate, out, (cod->csty & JPC_COX_PRT) != 0, &cod->compparms)) { return -1; } return 0; }",jasper,,,36903753278184240390180081423544681022,0 2788,['CWE-264'],"upload_data( struct net_device *dev, unsigned framelen, unsigned frameno, unsigned is_first, u32 crc ) { struct net_local *nl = (struct net_local *) dev->priv; int frame_ok; if( is_first ) nl->wait_frameno = frameno, nl->inppos = 0; if( nl->wait_frameno == frameno ) { if( nl->inppos + framelen <= ETHER_MAX_LEN ) frame_ok = append_frame_to_pkt( dev, framelen, crc ); else if( (frame_ok = skip_tail( dev->base_addr, framelen, crc )) != 0 ) nl->wait_frameno = 0, nl->inppos = 0, #ifdef CONFIG_SBNI_MULTILINE ((struct net_local *) nl->master->priv) ->stats.rx_errors++, ((struct net_local *) nl->master->priv) ->stats.rx_missed_errors++; #else nl->stats.rx_errors++, nl->stats.rx_missed_errors++; #endif } else frame_ok = skip_tail( dev->base_addr, framelen, crc ); if( is_first && !frame_ok ) nl->wait_frameno = 0, #ifdef CONFIG_SBNI_MULTILINE ((struct net_local *) nl->master->priv)->stats.rx_errors++, ((struct net_local *) nl->master->priv)->stats.rx_crc_errors++; #else nl->stats.rx_errors++, nl->stats.rx_crc_errors++; #endif return frame_ok; }",linux-2.6,,,139089067818106441510034772475174294217,0 6124,['CWE-200'],"static void rsvp_walk(struct tcf_proto *tp, struct tcf_walker *arg) { struct rsvp_head *head = tp->root; unsigned h, h1; if (arg->stop) return; for (h = 0; h < 256; h++) { struct rsvp_session *s; for (s = head->ht[h]; s; s = s->next) { for (h1 = 0; h1 <= 16; h1++) { struct rsvp_filter *f; for (f = s->ht[h1]; f; f = f->next) { if (arg->count < arg->skip) { arg->count++; continue; } if (arg->fn(tp, (unsigned long)f, arg) < 0) { arg->stop = 1; return; } arg->count++; } } } } }",linux-2.6,,,208698045412384022794852677224300100773,0 4347,CWE-358,"DefragTimeoutTest(void) { int i; int ret = 0; if (ConfSet(""defrag.trackers"", ""16"") != 1) { printf(""ConfSet failed: ""); goto end; } DefragInit(); for (i = 0; i < 16; i++) { Packet *p = BuildTestPacket(i, 0, 1, 'A' + i, 16); if (p == NULL) goto end; Packet *tp = Defrag(NULL, NULL, p, NULL); SCFree(p); if (tp != NULL) { SCFree(tp); goto end; } } Packet *p = BuildTestPacket(99, 0, 1, 'A' + i, 16); if (p == NULL) goto end; p->ts.tv_sec += (defrag_context->timeout + 1); Packet *tp = Defrag(NULL, NULL, p, NULL); if (tp != NULL) { SCFree(tp); goto end; } DefragTracker *tracker = DefragLookupTrackerFromHash(p); if (tracker == NULL) goto end; if (tracker->id != 99) goto end; SCFree(p); ret = 1; end: DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,79432454145473,1 1131,CWE-189,"asmlinkage long sys_oabi_semtimedop(int semid, struct oabi_sembuf __user *tsops, unsigned nsops, const struct timespec __user *timeout) { struct sembuf *sops; struct timespec local_timeout; long err; int i; if (nsops < 1) return -EINVAL; sops = kmalloc(sizeof(*sops) * nsops, GFP_KERNEL); if (!sops) return -ENOMEM; err = 0; for (i = 0; i < nsops; i++) { __get_user_error(sops[i].sem_num, &tsops->sem_num, err); __get_user_error(sops[i].sem_op, &tsops->sem_op, err); __get_user_error(sops[i].sem_flg, &tsops->sem_flg, err); tsops++; } if (timeout) { err |= copy_from_user(&local_timeout, timeout, sizeof(*timeout)); timeout = &local_timeout; } if (err) { err = -EFAULT; } else { mm_segment_t fs = get_fs(); set_fs(KERNEL_DS); err = sys_semtimedop(semid, sops, nsops, timeout); set_fs(fs); } kfree(sops); return err; }",visit repo url,arch/arm/kernel/sys_oabi-compat.c,https://github.com/torvalds/linux,62663001031673,1 6724,CWE-120,"unknown_layer_handler(TSS2_RC rc) { static __thread char buf[32]; clearbuf(buf); catbuf(buf, ""0x%X"", tpm2_error_get(rc)); return buf; }",visit repo url,src/tss2-rc/tss2_rc.c,https://github.com/tpm2-software/tpm2-tss,250708006512033,1 5829,['CWE-200'],"static int econet_release(struct socket *sock) { struct sock *sk; mutex_lock(&econet_mutex); sk = sock->sk; if (!sk) goto out_unlock; econet_remove_socket(&econet_sklist, sk); sk->sk_state_change(sk); sock_orphan(sk); skb_queue_purge(&sk->sk_receive_queue); if (sk_has_allocations(sk)) { sk->sk_timer.data = (unsigned long)sk; sk->sk_timer.expires = jiffies + HZ; sk->sk_timer.function = econet_destroy_timer; add_timer(&sk->sk_timer); goto out_unlock; } sk_free(sk); out_unlock: mutex_unlock(&econet_mutex); return 0; }",linux-2.6,,,76702760911663434408361615436928598569,0 5083,['CWE-20'],"static void hardware_enable(void *garbage) { int cpu = raw_smp_processor_id(); u64 phys_addr = __pa(per_cpu(vmxarea, cpu)); u64 old; INIT_LIST_HEAD(&per_cpu(vcpus_on_cpu, cpu)); rdmsrl(MSR_IA32_FEATURE_CONTROL, old); if ((old & (FEATURE_CONTROL_LOCKED | FEATURE_CONTROL_VMXON_ENABLED)) != (FEATURE_CONTROL_LOCKED | FEATURE_CONTROL_VMXON_ENABLED)) wrmsrl(MSR_IA32_FEATURE_CONTROL, old | FEATURE_CONTROL_LOCKED | FEATURE_CONTROL_VMXON_ENABLED); write_cr4(read_cr4() | X86_CR4_VMXE); asm volatile (ASM_VMX_VMXON_RAX : : ""a""(&phys_addr), ""m""(phys_addr) : ""memory"", ""cc""); }",linux-2.6,,,310048998639079515968799443465355359375,0 5671,CWE-909,"main(int argc, char **argv) { const char *safepath = ""/bin:/sbin:/usr/bin:/usr/sbin:"" ""/usr/local/bin:/usr/local/sbin""; const char *confpath = NULL; char *shargv[] = { NULL, NULL }; char *sh; const char *cmd; char cmdline[LINE_MAX]; #ifdef __OpenBSD__ char mypwbuf[_PW_BUF_LEN], targpwbuf[_PW_BUF_LEN]; #else char *mypwbuf = NULL, *targpwbuf = NULL; #endif struct passwd mypwstore, targpwstore; struct passwd *mypw, *targpw; const struct rule *rule; uid_t uid; uid_t target = 0; gid_t groups[NGROUPS_MAX + 1]; int ngroups; int i, ch, rv; int sflag = 0; int nflag = 0; char cwdpath[PATH_MAX]; const char *cwd; char **envp; #ifdef USE_BSD_AUTH char *login_style = NULL; #endif setprogname(""doas""); closefrom(STDERR_FILENO + 1); uid = getuid(); #ifdef USE_BSD_AUTH # define OPTSTRING ""a:C:Lnsu:"" #else # define OPTSTRING ""+C:Lnsu:"" #endif while ((ch = getopt(argc, argv, OPTSTRING)) != -1) { switch (ch) { #ifdef USE_BSD_AUTH case 'a': login_style = optarg; break; #endif case 'C': confpath = optarg; break; case 'L': #if defined(USE_BSD_AUTH) i = open(""/dev/tty"", O_RDWR); if (i != -1) ioctl(i, TIOCCLRVERAUTH); exit(i == -1); #elif defined(USE_TIMESTAMP) exit(timestamp_clear() == -1); #else exit(0); #endif case 'u': if (parseuid(optarg, &target) != 0) errx(1, ""unknown user""); break; case 'n': nflag = 1; break; case 's': sflag = 1; break; default: usage(); break; } } argv += optind; argc -= optind; if (confpath) { if (sflag) usage(); } else if ((!sflag && !argc) || (sflag && argc)) usage(); #ifdef __OpenBSD__ rv = getpwuid_r(uid, &mypwstore, mypwbuf, sizeof(mypwbuf), &mypw); if (rv != 0) err(1, ""getpwuid_r failed""); #else for (size_t sz = 1024; sz <= 16*1024; sz *= 2) { mypwbuf = reallocarray(mypwbuf, sz, sizeof (char)); if (mypwbuf == NULL) errx(1, ""can't allocate mypwbuf""); rv = getpwuid_r(uid, &mypwstore, mypwbuf, sz, &mypw); if (rv != ERANGE) break; } if (rv != 0) err(1, ""getpwuid_r failed""); #endif if (mypw == NULL) errx(1, ""no passwd entry for self""); ngroups = getgroups(NGROUPS_MAX, groups); if (ngroups == -1) err(1, ""can't get groups""); groups[ngroups++] = getgid(); if (sflag) { sh = getenv(""SHELL""); if (sh == NULL || *sh == '\0') { shargv[0] = mypw->pw_shell; } else shargv[0] = sh; argv = shargv; argc = 1; } if (confpath) { checkconfig(confpath, argc, argv, uid, groups, ngroups, target); exit(1); } if (geteuid()) errx(1, ""not installed setuid""); parseconfig(""/etc/doas.conf"", 1); (void)strlcpy(cmdline, argv[0], sizeof(cmdline)); for (i = 1; i < argc; i++) { if (strlcat(cmdline, "" "", sizeof(cmdline)) >= sizeof(cmdline)) break; if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline)) break; } cmd = argv[0]; if (!permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, ""failed command for %s: %s"", mypw->pw_name, cmdline); errc(1, EPERM, NULL); } #if defined(__OpenBSD__) || defined(USE_SHADOW) if (!(rule->options & NOPASS)) { if (nflag) errx(1, ""Authorization required""); # ifdef __OpenBSD__ authuser(mypw->pw_name, login_style, rule->options & PERSIST); # else shadowauth(mypw->pw_name, rule->options & PERSIST); # endif } # ifdef __OpenBSD__ if (pledge(""stdio rpath getpw exec id"", NULL) == -1) err(1, ""pledge""); # endif #elif !defined(USE_PAM) (void) nflag; if (!(rule->options & NOPASS)) { errx(1, ""Authorization required""); } #endif #ifdef __OpenBSD__ rv = getpwuid_r(target, &targpwstore, targpwbuf, sizeof(targpwbuf), &targpw); if (rv != 0) errx(1, ""no passwd entry for target""); #else for (size_t sz = 1024; sz <= 16*1024; sz *= 2) { targpwbuf = reallocarray(targpwbuf, sz, sizeof (char)); if (targpwbuf == NULL) errx(1, ""can't allocate targpwbuf""); rv = getpwuid_r(target, &targpwstore, targpwbuf, sz, &targpw); if (rv != ERANGE) break; } if (rv != 0) err(1, ""getpwuid_r failed""); #endif if (targpw == NULL) err(1, ""getpwuid_r failed""); #if defined(USE_PAM) pamauth(targpw->pw_name, mypw->pw_name, !nflag, rule->options & NOPASS, rule->options & PERSIST); #endif #ifdef HAVE_SETUSERCONTEXT if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK | LOGIN_SETUSER) != 0) errx(1, ""failed to set user context for target""); #else if (setresgid(targpw->pw_gid, targpw->pw_gid, targpw->pw_gid) != 0) err(1, ""setresgid""); if (initgroups(targpw->pw_name, targpw->pw_gid) != 0) err(1, ""initgroups""); if (setresuid(target, target, target) != 0) err(1, ""setresuid""); #endif #ifdef __OpenBSD__ if (pledge(""stdio rpath exec"", NULL) == -1) err(1, ""pledge""); #endif if (getcwd(cwdpath, sizeof(cwdpath)) == NULL) cwd = ""(failed)""; else cwd = cwdpath; #ifdef __OpenBSD__ if (pledge(""stdio exec"", NULL) == -1) err(1, ""pledge""); #endif syslog(LOG_AUTHPRIV | LOG_INFO, ""%s ran command %s as %s from %s"", mypw->pw_name, cmdline, targpw->pw_name, cwd); envp = prepenv(rule); if (rule->cmd) { if (setenv(""PATH"", safepath, 1) == -1) err(1, ""failed to set PATH '%s'"", safepath); } execvpe(cmd, argv, envp); if (errno == ENOENT) errx(1, ""%s: command not found"", cmd); err(1, ""%s"", cmd); }",visit repo url,doas.c,https://github.com/Duncaen/OpenDoas,164855768658486,1 328,CWE-190,"static int __get_data_block(struct inode *inode, sector_t iblock, struct buffer_head *bh, int create, int flag, pgoff_t *next_pgofs) { struct f2fs_map_blocks map; int err; map.m_lblk = iblock; map.m_len = bh->b_size >> inode->i_blkbits; map.m_next_pgofs = next_pgofs; err = f2fs_map_blocks(inode, &map, create, flag); if (!err) { map_bh(bh, inode->i_sb, map.m_pblk); bh->b_state = (bh->b_state & ~F2FS_MAP_FLAGS) | map.m_flags; bh->b_size = map.m_len << inode->i_blkbits; } return err; }",visit repo url,fs/f2fs/data.c,https://github.com/torvalds/linux,47945196522375,1 2125,['CWE-119'],"static inline void set_intr_gate(unsigned int n, void *addr) { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS); }",linux-2.6,,,271767464079745992250759661761322351681,0 4966,CWE-190,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 5780,CWE-125,"snmp_api_replace_oid(snmp_varbind_t *varbind, uint32_t *oid) { uint8_t i; i = 0; while(oid[i] != ((uint32_t)-1)) { varbind->oid[i] = oid[i]; i++; } varbind->oid[i] = ((uint32_t)-1); }",visit repo url,os/net/app-layer/snmp/snmp-api.c,https://github.com/contiki-ng/contiki-ng,81332688384375,1 1030,CWE-20,"struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, struct sctp_chunk *asconf) { sctp_addiphdr_t *hdr; union sctp_addr_param *addr_param; sctp_addip_param_t *asconf_param; struct sctp_chunk *asconf_ack; __be16 err_code; int length = 0; int chunk_len; __u32 serial; int all_param_pass = 1; chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); hdr = (sctp_addiphdr_t *)asconf->skb->data; serial = ntohl(hdr->serial); length = sizeof(sctp_addiphdr_t); addr_param = (union sctp_addr_param *)(asconf->skb->data + length); chunk_len -= length; length = ntohs(addr_param->p.length); asconf_param = (void *)addr_param + length; chunk_len -= length; asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); if (!asconf_ack) goto done; while (chunk_len > 0) { err_code = sctp_process_asconf_param(asoc, asconf, asconf_param); if (SCTP_ERROR_NO_ERROR != err_code) all_param_pass = 0; if (!all_param_pass) sctp_add_asconf_response(asconf_ack, asconf_param->crr_id, err_code, asconf_param); if (SCTP_ERROR_RSRC_LOW == err_code) goto done; length = ntohs(asconf_param->param_hdr.length); asconf_param = (void *)asconf_param + length; chunk_len -= length; } done: asoc->peer.addip_serial++; if (asconf_ack) { sctp_chunk_hold(asconf_ack); list_add_tail(&asconf_ack->transmitted_list, &asoc->asconf_ack_list); } return asconf_ack; }",visit repo url,net/sctp/sm_make_chunk.c,https://github.com/torvalds/linux,161358071034648,1 5427,CWE-416,"vips_foreign_load_gif_scan_image( VipsForeignLoadGif *gif ) { VipsObjectClass *class = VIPS_OBJECT_GET_CLASS( gif ); GifFileType *file = gif->file; ColorMapObject *map = file->Image.ColorMap ? file->Image.ColorMap : file->SColorMap; GifByteType *extension; if( DGifGetImageDesc( gif->file ) == GIF_ERROR ) { vips_foreign_load_gif_error( gif ); return( -1 ); } if( file->Image.Left < 0 || file->Image.Width < 1 || file->Image.Width > 10000 || file->Image.Left + file->Image.Width > file->SWidth || file->Image.Top < 0 || file->Image.Height < 1 || file->Image.Height > 10000 || file->Image.Top + file->Image.Height > file->SHeight ) { vips_error( class->nickname, ""%s"", _( ""bad frame size"" ) ); return( -1 ); } if( !gif->has_colour && map ) { int i; for( i = 0; i < map->ColorCount; i++ ) if( map->Colors[i].Red != map->Colors[i].Green || map->Colors[i].Green != map->Colors[i].Blue ) { gif->has_colour = TRUE; break; } } do { if( vips_foreign_load_gif_code_next( gif, &extension ) ) return( -1 ); } while( extension != NULL ); return( 0 ); }",visit repo url,libvips/foreign/gifload.c,https://github.com/libvips/libvips,82682806158794,1 6705,['CWE-200'],"nma_menu_add_vpn_submenu (GtkWidget *menu, NMApplet *applet) { GtkMenu *vpn_menu; GtkMenuItem *item; GSList *list, *iter; int num_vpn_active = 0; nma_menu_add_separator_item (menu); vpn_menu = GTK_MENU (gtk_menu_new ()); item = GTK_MENU_ITEM (gtk_menu_item_new_with_mnemonic (_(""_VPN Connections""))); gtk_menu_item_set_submenu (item, GTK_WIDGET (vpn_menu)); gtk_menu_shell_append (GTK_MENU_SHELL (menu), GTK_WIDGET (item)); list = get_vpn_connections (applet); for (iter = list; iter; iter = g_slist_next (iter)) { NMConnection *connection = NM_CONNECTION (iter->data); if (applet_get_active_for_connection (applet, connection)) num_vpn_active++; } for (iter = list; iter; iter = g_slist_next (iter)) { NMConnection *connection = NM_CONNECTION (iter->data); NMActiveConnection *active; const char *name; name = get_connection_id (connection); item = GTK_MENU_ITEM (gtk_check_menu_item_new_with_label (name)); gtk_check_menu_item_set_draw_as_radio (GTK_CHECK_MENU_ITEM (item), TRUE); active = applet_get_active_for_connection (applet, connection); if (nm_client_get_state (applet->nm_client) != NM_STATE_CONNECTED) gtk_widget_set_sensitive (GTK_WIDGET (item), FALSE); else if ((num_vpn_active == 0) || active) gtk_widget_set_sensitive (GTK_WIDGET (item), TRUE); else gtk_widget_set_sensitive (GTK_WIDGET (item), FALSE); if (active) gtk_check_menu_item_set_active (GTK_CHECK_MENU_ITEM (item), TRUE); g_object_set_data_full (G_OBJECT (item), ""connection"", g_object_ref (connection), (GDestroyNotify) g_object_unref); g_signal_connect (item, ""activate"", G_CALLBACK (nma_menu_vpn_item_clicked), applet); gtk_menu_shell_append (GTK_MENU_SHELL (vpn_menu), GTK_WIDGET (item)); } if (list) nma_menu_add_separator_item (GTK_WIDGET (vpn_menu)); item = GTK_MENU_ITEM (gtk_menu_item_new_with_mnemonic (_(""_Configure VPN...""))); g_signal_connect (item, ""activate"", G_CALLBACK (nma_menu_configure_vpn_item_activate), applet); gtk_menu_shell_append (GTK_MENU_SHELL (vpn_menu), GTK_WIDGET (item)); item = GTK_MENU_ITEM (gtk_menu_item_new_with_mnemonic (_(""_Disconnect VPN...""))); g_signal_connect (item, ""activate"", G_CALLBACK (nma_menu_disconnect_vpn_item_activate), applet); gtk_menu_shell_append (GTK_MENU_SHELL (vpn_menu), GTK_WIDGET (item)); if (num_vpn_active == 0) gtk_widget_set_sensitive (GTK_WIDGET (item), FALSE); g_slist_free (list); }",network-manager-applet,,,310774064340892485259590642451825947826,0 355,CWE-416,"int fscrypt_get_crypt_info(struct inode *inode) { struct fscrypt_info *crypt_info; struct fscrypt_context ctx; struct crypto_skcipher *ctfm; const char *cipher_str; int keysize; u8 *raw_key = NULL; int res; res = fscrypt_initialize(inode->i_sb->s_cop->flags); if (res) return res; if (!inode->i_sb->s_cop->get_context) return -EOPNOTSUPP; retry: crypt_info = ACCESS_ONCE(inode->i_crypt_info); if (crypt_info) { if (!crypt_info->ci_keyring_key || key_validate(crypt_info->ci_keyring_key) == 0) return 0; fscrypt_put_encryption_info(inode, crypt_info); goto retry; } res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); if (res < 0) { if (!fscrypt_dummy_context_enabled(inode) || inode->i_sb->s_cop->is_encrypted(inode)) return res; memset(&ctx, 0, sizeof(ctx)); ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS; ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS; memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE); } else if (res != sizeof(ctx)) { return -EINVAL; } if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1) return -EINVAL; if (ctx.flags & ~FS_POLICY_FLAGS_VALID) return -EINVAL; crypt_info = kmem_cache_alloc(fscrypt_info_cachep, GFP_NOFS); if (!crypt_info) return -ENOMEM; crypt_info->ci_flags = ctx.flags; crypt_info->ci_data_mode = ctx.contents_encryption_mode; crypt_info->ci_filename_mode = ctx.filenames_encryption_mode; crypt_info->ci_ctfm = NULL; crypt_info->ci_keyring_key = NULL; memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor, sizeof(crypt_info->ci_master_key)); res = determine_cipher_type(crypt_info, inode, &cipher_str, &keysize); if (res) goto out; res = -ENOMEM; raw_key = kmalloc(FS_MAX_KEY_SIZE, GFP_NOFS); if (!raw_key) goto out; res = validate_user_key(crypt_info, &ctx, raw_key, FS_KEY_DESC_PREFIX); if (res && inode->i_sb->s_cop->key_prefix) { int res2 = validate_user_key(crypt_info, &ctx, raw_key, inode->i_sb->s_cop->key_prefix); if (res2) { if (res2 == -ENOKEY) res = -ENOKEY; goto out; } } else if (res) { goto out; } ctfm = crypto_alloc_skcipher(cipher_str, 0, 0); if (!ctfm || IS_ERR(ctfm)) { res = ctfm ? PTR_ERR(ctfm) : -ENOMEM; printk(KERN_DEBUG ""%s: error %d (inode %u) allocating crypto tfm\n"", __func__, res, (unsigned) inode->i_ino); goto out; } crypt_info->ci_ctfm = ctfm; crypto_skcipher_clear_flags(ctfm, ~0); crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_REQ_WEAK_KEY); res = crypto_skcipher_setkey(ctfm, raw_key, keysize); if (res) goto out; kzfree(raw_key); raw_key = NULL; if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) != NULL) { put_crypt_info(crypt_info); goto retry; } return 0; out: if (res == -ENOKEY) res = 0; put_crypt_info(crypt_info); kzfree(raw_key); return res; }",visit repo url,fs/crypto/keyinfo.c,https://github.com/torvalds/linux,22535470607510,1 1568,CWE-119,"static int __net_init sctp_net_init(struct net *net) { int status; net->sctp.rto_initial = SCTP_RTO_INITIAL; net->sctp.rto_min = SCTP_RTO_MIN; net->sctp.rto_max = SCTP_RTO_MAX; net->sctp.rto_alpha = SCTP_RTO_ALPHA; net->sctp.rto_beta = SCTP_RTO_BETA; net->sctp.valid_cookie_life = SCTP_DEFAULT_COOKIE_LIFE; net->sctp.cookie_preserve_enable = 1; #if defined (CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5) net->sctp.sctp_hmac_alg = ""md5""; #elif defined (CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1) net->sctp.sctp_hmac_alg = ""sha1""; #else net->sctp.sctp_hmac_alg = NULL; #endif net->sctp.max_burst = SCTP_DEFAULT_MAX_BURST; net->sctp.max_retrans_association = 10; net->sctp.max_retrans_path = 5; net->sctp.max_retrans_init = 8; net->sctp.sndbuf_policy = 0; net->sctp.rcvbuf_policy = 0; net->sctp.hb_interval = SCTP_DEFAULT_TIMEOUT_HEARTBEAT; net->sctp.sack_timeout = SCTP_DEFAULT_TIMEOUT_SACK; net->sctp.addip_enable = 0; net->sctp.addip_noauth = 0; net->sctp.default_auto_asconf = 0; net->sctp.prsctp_enable = 1; net->sctp.auth_enable = 0; net->sctp.scope_policy = SCTP_SCOPE_POLICY_ENABLE; net->sctp.rwnd_upd_shift = SCTP_DEFAULT_RWND_SHIFT; net->sctp.max_autoclose = INT_MAX / HZ; status = sctp_sysctl_net_register(net); if (status) goto err_sysctl_register; status = init_sctp_mibs(net); if (status) goto err_init_mibs; status = sctp_proc_init(net); if (status) goto err_init_proc; sctp_dbg_objcnt_init(net); if ((status = sctp_ctl_sock_init(net))) { pr_err(""Failed to initialize the SCTP control sock\n""); goto err_ctl_sock_init; } INIT_LIST_HEAD(&net->sctp.local_addr_list); spin_lock_init(&net->sctp.local_addr_lock); sctp_get_local_addr_list(net); INIT_LIST_HEAD(&net->sctp.addr_waitq); INIT_LIST_HEAD(&net->sctp.auto_asconf_splist); spin_lock_init(&net->sctp.addr_wq_lock); net->sctp.addr_wq_timer.expires = 0; setup_timer(&net->sctp.addr_wq_timer, sctp_addr_wq_timeout_handler, (unsigned long)net); return 0; err_ctl_sock_init: sctp_dbg_objcnt_exit(net); sctp_proc_exit(net); err_init_proc: cleanup_sctp_mibs(net); err_init_mibs: sctp_sysctl_net_unregister(net); err_sysctl_register: return status; }",visit repo url,net/sctp/protocol.c,https://github.com/torvalds/linux,180529058389181,1 5692,['CWE-476'],"static int udp_push_pending_frames(struct sock *sk, struct udp_sock *up) { struct inet_sock *inet = inet_sk(sk); struct flowi *fl = &inet->cork.fl; struct sk_buff *skb; struct udphdr *uh; int err = 0; if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) goto out; uh = skb->h.uh; uh->source = fl->fl_ip_sport; uh->dest = fl->fl_ip_dport; uh->len = htons(up->len); uh->check = 0; if (sk->sk_no_check == UDP_CSUM_NOXMIT) { skb->ip_summed = CHECKSUM_NONE; goto send; } if (skb_queue_len(&sk->sk_write_queue) == 1) { if (skb->ip_summed == CHECKSUM_PARTIAL) { skb->csum = offsetof(struct udphdr, check); uh->check = ~csum_tcpudp_magic(fl->fl4_src, fl->fl4_dst, up->len, IPPROTO_UDP, 0); } else { skb->csum = csum_partial((char *)uh, sizeof(struct udphdr), skb->csum); uh->check = csum_tcpudp_magic(fl->fl4_src, fl->fl4_dst, up->len, IPPROTO_UDP, skb->csum); if (uh->check == 0) uh->check = -1; } } else { unsigned int csum = 0; if (skb->ip_summed == CHECKSUM_PARTIAL) { int offset = (unsigned char *)uh - skb->data; skb->csum = skb_checksum(skb, offset, skb->len - offset, 0); skb->ip_summed = CHECKSUM_NONE; } else { skb->csum = csum_partial((char *)uh, sizeof(struct udphdr), skb->csum); } skb_queue_walk(&sk->sk_write_queue, skb) { csum = csum_add(csum, skb->csum); } uh->check = csum_tcpudp_magic(fl->fl4_src, fl->fl4_dst, up->len, IPPROTO_UDP, csum); if (uh->check == 0) uh->check = -1; } send: err = ip_push_pending_frames(sk); out: up->len = 0; up->pending = 0; return err; }",linux-2.6,,,37843835752489839867594053839416122416,0 1644,[],"static int get_aggregate(struct sched_domain *sd) { if (!spin_trylock(&per_cpu(aggregate_lock, sd->first_cpu))) return 0; aggregate_walk_tree(aggregate_get_down, aggregate_get_up, sd); return 1; }",linux-2.6,,,269021725826596169623994419135436849128,0 6441,[],"load_deplibs (lt_dlhandle handle, char *deplibs) { char *p, *save_search_path = 0; int depcount = 0; int i; char **names = 0; int errors = 0; handle->depcount = 0; if (!deplibs) { return errors; } ++errors; if (user_search_path) { save_search_path = lt__strdup (user_search_path); if (!save_search_path) goto cleanup; } p = deplibs; while (*p) { if (!isspace ((unsigned char) *p)) { char *end = p+1; while (*end && !isspace((unsigned char) *end)) { ++end; } if (strncmp(p, ""-L"", 2) == 0 || strncmp(p, ""-R"", 2) == 0) { char save = *end; *end = 0; if (lt_dladdsearchdir(p+2)) { goto cleanup; } *end = save; } else { ++depcount; } p = end; } else { ++p; } } if (!depcount) { errors = 0; goto cleanup; } names = MALLOC (char *, depcount); if (!names) goto cleanup; depcount = 0; p = deplibs; while (*p) { if (isspace ((unsigned char) *p)) { ++p; } else { char *end = p+1; while (*end && !isspace ((unsigned char) *end)) { ++end; } if (strncmp(p, ""-L"", 2) != 0 && strncmp(p, ""-R"", 2) != 0) { char *name; char save = *end; *end = 0; if (strncmp(p, ""-l"", 2) == 0) { size_t name_len = 3+ LT_STRLEN (p + 2); name = MALLOC (char, 1+ name_len); if (name) sprintf (name, ""lib%s"", p+2); } else name = lt__strdup(p); if (!name) goto cleanup_names; names[depcount++] = name; *end = save; } p = end; } } if (depcount) { lt_dlhandle cur = handle; int j = 0; cur->deplibs = MALLOC (lt_dlhandle, depcount); if (!cur->deplibs) goto cleanup_names; for (i = 0; i < depcount; ++i) { cur->deplibs[j] = lt_dlopenext(names[depcount-1-i]); if (cur->deplibs[j]) { ++j; } } cur->depcount = j; errors = 0; } cleanup_names: for (i = 0; i < depcount; ++i) { FREE (names[i]); } cleanup: FREE (names); if (save_search_path) { MEMREASSIGN (user_search_path, save_search_path); } return errors; }",libtool,,,95560138457809312195662201677974834217,0 6300,['CWE-200'],"static int reg_vif_xmit(struct sk_buff *skb, struct net_device *dev) { read_lock(&mrt_lock); ((struct net_device_stats*)dev->priv)->tx_bytes += skb->len; ((struct net_device_stats*)dev->priv)->tx_packets++; ipmr_cache_report(skb, reg_vif_num, IGMPMSG_WHOLEPKT); read_unlock(&mrt_lock); kfree_skb(skb); return 0; }",linux-2.6,,,23886670961739934262857665388705757617,0 2116,CWE-400,"static int hwahc_security_create(struct hwahc *hwahc) { int result; struct wusbhc *wusbhc = &hwahc->wusbhc; struct usb_device *usb_dev = hwahc->wa.usb_dev; struct device *dev = &usb_dev->dev; struct usb_security_descriptor *secd; struct usb_encryption_descriptor *etd; void *itr, *top; size_t itr_size, needed, bytes; u8 index; char buf[64]; index = (usb_dev->actconfig - usb_dev->config) / sizeof(usb_dev->config[0]); itr = usb_dev->rawdescriptors[index]; itr_size = le16_to_cpu(usb_dev->actconfig->desc.wTotalLength); top = itr + itr_size; result = __usb_get_extra_descriptor(usb_dev->rawdescriptors[index], le16_to_cpu(usb_dev->actconfig->desc.wTotalLength), USB_DT_SECURITY, (void **) &secd); if (result == -1) { dev_warn(dev, ""BUG? WUSB host has no security descriptors\n""); return 0; } needed = sizeof(*secd); if (top - (void *)secd < needed) { dev_err(dev, ""BUG? Not enough data to process security "" ""descriptor header (%zu bytes left vs %zu needed)\n"", top - (void *) secd, needed); return 0; } needed = le16_to_cpu(secd->wTotalLength); if (top - (void *)secd < needed) { dev_err(dev, ""BUG? Not enough data to process security "" ""descriptors (%zu bytes left vs %zu needed)\n"", top - (void *) secd, needed); return 0; } itr = (void *) secd + sizeof(*secd); top = (void *) secd + le16_to_cpu(secd->wTotalLength); index = 0; bytes = 0; while (itr < top) { etd = itr; if (top - itr < sizeof(*etd)) { dev_err(dev, ""BUG: bad host security descriptor; "" ""not enough data (%zu vs %zu left)\n"", top - itr, sizeof(*etd)); break; } if (etd->bLength < sizeof(*etd)) { dev_err(dev, ""BUG: bad host encryption descriptor; "" ""descriptor is too short "" ""(%zu vs %zu needed)\n"", (size_t)etd->bLength, sizeof(*etd)); break; } itr += etd->bLength; bytes += snprintf(buf + bytes, sizeof(buf) - bytes, ""%s (0x%02x) "", wusb_et_name(etd->bEncryptionType), etd->bEncryptionValue); wusbhc->ccm1_etd = etd; } dev_info(dev, ""supported encryption types: %s\n"", buf); if (wusbhc->ccm1_etd == NULL) { dev_err(dev, ""E: host doesn't support CCM-1 crypto\n""); return 0; } return 0; }",visit repo url,drivers/usb/host/hwa-hc.c,https://github.com/torvalds/linux,97892370466938,1 1480,CWE-264,"int perf_event_task_enable(void) { struct perf_event *event; mutex_lock(¤t->perf_event_mutex); list_for_each_entry(event, ¤t->perf_event_list, owner_entry) perf_event_for_each_child(event, perf_event_enable); mutex_unlock(¤t->perf_event_mutex); return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,84469438710836,1 3183,['CWE-189'],"static int jas_icctxtdesc_getsize(jas_iccattrval_t *attrval) { jas_icctxtdesc_t *txtdesc = &attrval->data.txtdesc; return strlen(txtdesc->ascdata) + 1 + txtdesc->uclen * 2 + 15 + 67; }",jasper,,,226703276100625554210005897598686481064,0 6373,CWE-787,"write_node(FILE *out, tree_t *t, int col) { int i; uchar *ptr, *entity, *src, *realsrc, newsrc[1024]; if (out == NULL) return (0); switch (t->markup) { case MARKUP_NONE : if (t->data == NULL) break; if (t->preformatted) { for (ptr = t->data; *ptr; ptr ++) fputs((char *)iso8859(*ptr), out); if (t->data[strlen((char *)t->data) - 1] == '\n') col = 0; else col += strlen((char *)t->data); } else { if ((col + (int)strlen((char *)t->data)) > 72 && col > 0) { putc('\n', out); col = 0; } for (ptr = t->data; *ptr; ptr ++) fputs((char *)iso8859(*ptr), out); col += strlen((char *)t->data); if (col > 72) { putc('\n', out); col = 0; } } break; case MARKUP_COMMENT : case MARKUP_UNKNOWN : fputs(""\n\n"", out); col = 0; break; case MARKUP_AREA : case MARKUP_BODY : case MARKUP_DOCTYPE : case MARKUP_ERROR : case MARKUP_FILE : case MARKUP_HEAD : case MARKUP_HTML : case MARKUP_MAP : case MARKUP_META : case MARKUP_TITLE : break; case MARKUP_BR : case MARKUP_CENTER : case MARKUP_DD : case MARKUP_DL : case MARKUP_DT : case MARKUP_H1 : case MARKUP_H2 : case MARKUP_H3 : case MARKUP_H4 : case MARKUP_H5 : case MARKUP_H6 : case MARKUP_H7 : case MARKUP_H8 : case MARKUP_H9 : case MARKUP_H10 : case MARKUP_H11 : case MARKUP_H12 : case MARKUP_H13 : case MARKUP_H14 : case MARKUP_H15 : case MARKUP_HR : case MARKUP_LI : case MARKUP_OL : case MARKUP_P : case MARKUP_PRE : case MARKUP_TABLE : case MARKUP_TR : case MARKUP_UL : if (col > 0) { putc('\n', out); col = 0; } default : if (t->markup == MARKUP_IMG && (src = htmlGetVariable(t, (uchar *)""SRC"")) != NULL && (realsrc = htmlGetVariable(t, (uchar *)""REALSRC"")) != NULL) { if (file_method((char *)src) == NULL && src[0] != '/' && src[0] != '\\' && (!isalpha(src[0]) || src[1] != ':')) { image_copy((char *)src, (char *)realsrc, OutputPath); strlcpy((char *)newsrc, file_basename((char *)src), sizeof(newsrc)); htmlSetVariable(t, (uchar *)""SRC"", newsrc); } } if (t->markup != MARKUP_EMBED) { col += fprintf(out, ""<%s"", _htmlMarkups[t->markup]); for (i = 0; i < t->nvars; i ++) { if (strcasecmp((char *)t->vars[i].name, ""BREAK"") == 0 && t->markup == MARKUP_HR) continue; if (strcasecmp((char *)t->vars[i].name, ""REALSRC"") == 0 && t->markup == MARKUP_IMG) continue; if (strncasecmp((char *)t->vars[i].name, ""_HD_"", 4) == 0) continue; if (col > 72 && !t->preformatted) { putc('\n', out); col = 0; } if (col > 0) { putc(' ', out); col ++; } if (t->vars[i].value == NULL) col += fprintf(out, ""%s"", t->vars[i].name); else { col += fprintf(out, ""%s=\"""", t->vars[i].name); for (ptr = t->vars[i].value; *ptr; ptr ++) { entity = iso8859(*ptr); fputs((char *)entity, out); col += strlen((char *)entity); } putc('\""', out); col ++; } } putc('>', out); col ++; if (col > 72 && !t->preformatted) { putc('\n', out); col = 0; } } break; } return (col); }",visit repo url,htmldoc/htmlsep.cxx,https://github.com/michaelrsweet/htmldoc,178787876800300,1 5563,CWE-125,"ast2obj_alias(void* _o) { alias_ty o = (alias_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(alias_type, NULL, NULL); if (!result) return NULL; value = ast2obj_identifier(o->name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_identifier(o->asname); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_asname, value) == -1) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,224558775572141,1 4710,['CWE-20'],"ext4_fsblk_t ext4_inode_bitmap(struct super_block *sb, struct ext4_group_desc *bg) { return le32_to_cpu(bg->bg_inode_bitmap_lo) | (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT ? (ext4_fsblk_t)le32_to_cpu(bg->bg_inode_bitmap_hi) << 32 : 0); }",linux-2.6,,,155433801678429581425074472126861160139,0 6034,['CWE-200'],"static void addrconf_rs_timer(unsigned long data) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *) data; if (ifp->idev->cnf.forwarding) goto out; if (ifp->idev->if_flags & IF_RA_RCVD) { goto out; } spin_lock(&ifp->lock); if (ifp->probes++ < ifp->idev->cnf.rtr_solicits) { struct in6_addr all_routers; addrconf_mod_timer(ifp, AC_RS, (ifp->probes == ifp->idev->cnf.rtr_solicits) ? ifp->idev->cnf.rtr_solicit_delay : ifp->idev->cnf.rtr_solicit_interval); spin_unlock(&ifp->lock); ipv6_addr_all_routers(&all_routers); ndisc_send_rs(ifp->idev->dev, &ifp->addr, &all_routers); } else { spin_unlock(&ifp->lock); printk(KERN_DEBUG ""%s: no IPv6 routers present\n"", ifp->idev->dev->name); } out: in6_ifa_put(ifp); }",linux-2.6,,,150897657408742001451049740434964126010,0 514,CWE-125,"static struct pid *good_sigevent(sigevent_t * event) { struct task_struct *rtn = current->group_leader; if ((event->sigev_notify & SIGEV_THREAD_ID ) && (!(rtn = find_task_by_vpid(event->sigev_notify_thread_id)) || !same_thread_group(rtn, current) || (event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_SIGNAL)) return NULL; if (((event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) && ((event->sigev_signo <= 0) || (event->sigev_signo > SIGRTMAX))) return NULL; return task_pid(rtn); }",visit repo url,kernel/time/posix-timers.c,https://github.com/torvalds/linux,84693953562451,1 2602,['CWE-189'],"static inline void dccp_mib_exit(void) { snmp_mib_free((void**)dccp_statistics); }",linux-2.6,,,25836332755363829221843816390968203489,0 275,CWE-476,"static int mcryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb, struct mcryptd_queue *queue) { struct hashd_instance_ctx *ctx; struct ahash_instance *inst; struct hash_alg_common *halg; struct crypto_alg *alg; u32 type = 0; u32 mask = 0; int err; mcryptd_check_internal(tb, &type, &mask); halg = ahash_attr_alg(tb[1], type, mask); if (IS_ERR(halg)) return PTR_ERR(halg); alg = &halg->base; pr_debug(""crypto: mcryptd hash alg: %s\n"", alg->cra_name); inst = mcryptd_alloc_instance(alg, ahash_instance_headroom(), sizeof(*ctx)); err = PTR_ERR(inst); if (IS_ERR(inst)) goto out_put_alg; ctx = ahash_instance_ctx(inst); ctx->queue = queue; err = crypto_init_ahash_spawn(&ctx->spawn, halg, ahash_crypto_instance(inst)); if (err) goto out_free_inst; type = CRYPTO_ALG_ASYNC; if (alg->cra_flags & CRYPTO_ALG_INTERNAL) type |= CRYPTO_ALG_INTERNAL; inst->alg.halg.base.cra_flags = type; inst->alg.halg.digestsize = halg->digestsize; inst->alg.halg.statesize = halg->statesize; inst->alg.halg.base.cra_ctxsize = sizeof(struct mcryptd_hash_ctx); inst->alg.halg.base.cra_init = mcryptd_hash_init_tfm; inst->alg.halg.base.cra_exit = mcryptd_hash_exit_tfm; inst->alg.init = mcryptd_hash_init_enqueue; inst->alg.update = mcryptd_hash_update_enqueue; inst->alg.final = mcryptd_hash_final_enqueue; inst->alg.finup = mcryptd_hash_finup_enqueue; inst->alg.export = mcryptd_hash_export; inst->alg.import = mcryptd_hash_import; inst->alg.setkey = mcryptd_hash_setkey; inst->alg.digest = mcryptd_hash_digest_enqueue; err = ahash_register_instance(tmpl, inst); if (err) { crypto_drop_ahash(&ctx->spawn); out_free_inst: kfree(inst); } out_put_alg: crypto_mod_put(alg); return err; }",visit repo url,crypto/mcryptd.c,https://github.com/torvalds/linux,255247144630738,1 1651,[],"static inline void check_preempt_curr(struct rq *rq, struct task_struct *p) { rq->curr->sched_class->check_preempt_curr(rq, p); }",linux-2.6,,,147676815165687963916085439341225875931,0 2906,['CWE-189'],"static int jpc_dec_process_poc(jpc_dec_t *dec, jpc_ms_t *ms) { jpc_poc_t *poc = &ms->parms.poc; jpc_dec_tile_t *tile; switch (dec->state) { case JPC_MH: if (jpc_dec_cp_setfrompoc(dec->cp, poc, 1)) { return -1; } break; case JPC_TPH: if (!(tile = dec->curtile)) { return -1; } if (!tile->partno) { if (jpc_dec_cp_setfrompoc(tile->cp, poc, (!tile->partno))) { return -1; } } else { jpc_pi_addpchgfrompoc(tile->pi, poc); } break; } return 0; }",jasper,,,209782750213643743182149425471871209615,0 2538,['CWE-119'],"void diff_debug_filespec(struct diff_filespec *s, int x, const char *one) { fprintf(stderr, ""queue[%d] %s (%s) %s %06o %s\n"", x, one ? one : """", s->path, DIFF_FILE_VALID(s) ? ""valid"" : ""invalid"", s->mode, s->sha1_valid ? sha1_to_hex(s->sha1) : """"); fprintf(stderr, ""queue[%d] %s size %lu flags %d\n"", x, one ? one : """", s->size, s->xfrm_flags); }",git,,,2432945777619053694137802593398671675,0 5963,['CWE-200'],"cbq_reclassify(struct sk_buff *skb, struct cbq_class *this) { struct cbq_class *cl, *new; for (cl = this->tparent; cl; cl = cl->tparent) if ((new = cl->defaults[TC_PRIO_BESTEFFORT]) != NULL && new != this) return new; return NULL; }",linux-2.6,,,175723691329629108711567350278000845205,0 3965,['CWE-362'],"static inline int audit_to_inode(struct audit_krule *krule, struct audit_field *f) { if (krule->listnr != AUDIT_FILTER_EXIT || krule->watch || krule->inode_f || krule->tree) return -EINVAL; krule->inode_f = f; return 0; }",linux-2.6,,,26211362675231976629490660935413216119,0 1569,[],"void sched_idle_next(void) { int this_cpu = smp_processor_id(); struct rq *rq = cpu_rq(this_cpu); struct task_struct *p = rq->idle; unsigned long flags; BUG_ON(cpu_online(this_cpu)); spin_lock_irqsave(&rq->lock, flags); __setscheduler(rq, p, SCHED_FIFO, MAX_RT_PRIO-1); update_rq_clock(rq); activate_task(rq, p, 0); spin_unlock_irqrestore(&rq->lock, flags); }",linux-2.6,,,250992093315131974859012658729776763332,0 6394,['CWE-59'],"static size_t strlcat(char *d, const char *s, size_t bufsize) { size_t len1 = strlen(d); size_t len2 = strlen(s); size_t ret = len1 + len2; if (len1+len2 >= bufsize) { if (bufsize < (len1+1)) { return ret; } len2 = bufsize - (len1+1); } if (len2 > 0) { memcpy(d+len1, s, len2); d[len1+len2] = 0; } return ret; }",samba,,,176011476405001010315477094722890710021,0 1645,[],"long sched_setaffinity(pid_t pid, const cpumask_t *in_mask) { cpumask_t cpus_allowed; cpumask_t new_mask = *in_mask; struct task_struct *p; int retval; get_online_cpus(); read_lock(&tasklist_lock); p = find_process_by_pid(pid); if (!p) { read_unlock(&tasklist_lock); put_online_cpus(); return -ESRCH; } get_task_struct(p); read_unlock(&tasklist_lock); retval = -EPERM; if ((current->euid != p->euid) && (current->euid != p->uid) && !capable(CAP_SYS_NICE)) goto out_unlock; retval = security_task_setscheduler(p, 0, NULL); if (retval) goto out_unlock; cpuset_cpus_allowed(p, &cpus_allowed); cpus_and(new_mask, new_mask, cpus_allowed); again: retval = set_cpus_allowed_ptr(p, &new_mask); if (!retval) { cpuset_cpus_allowed(p, &cpus_allowed); if (!cpus_subset(new_mask, cpus_allowed)) { new_mask = cpus_allowed; goto again; } } out_unlock: put_task_struct(p); put_online_cpus(); return retval; }",linux-2.6,,,282213502535817339348536503152284104516,0 5328,['CWE-119'],"static int tun_chr_open(struct inode *inode, struct file * file) { struct tun_file *tfile; cycle_kernel_lock(); DBG1(KERN_INFO ""tunX: tun_chr_open\n""); tfile = kmalloc(sizeof(*tfile), GFP_KERNEL); if (!tfile) return -ENOMEM; atomic_set(&tfile->count, 0); tfile->tun = NULL; tfile->net = get_net(current->nsproxy->net_ns); file->private_data = tfile; return 0; }",linux-2.6,,,254439216382188207452603238282142139475,0 2622,[],"static inline int sctp_wspace(struct sctp_association *asoc) { int amt; if (asoc->ep->sndbuf_policy) amt = asoc->sndbuf_used; else amt = atomic_read(&asoc->base.sk->sk_wmem_alloc); if (amt >= asoc->base.sk->sk_sndbuf) { if (asoc->base.sk->sk_userlocks & SOCK_SNDBUF_LOCK) amt = 0; else { amt = sk_stream_wspace(asoc->base.sk); if (amt < 0) amt = 0; } } else { amt = asoc->base.sk->sk_sndbuf - amt; } return amt; }",linux-2.6,,,86150609428983744352224931993383429645,0 2926,['CWE-189'],"void jpc_mqenc_destroy(jpc_mqenc_t *mqenc) { if (mqenc->ctxs) { jas_free(mqenc->ctxs); } jas_free(mqenc); }",jasper,,,335985489079764575079086670380797224752,0 1214,CWE-400,"perf_sw_event(u32 event_id, u64 nr, int nmi, struct pt_regs *regs, u64 addr) { struct pt_regs hot_regs; if (static_branch(&perf_swevent_enabled[event_id])) { if (!regs) { perf_fetch_caller_regs(&hot_regs); regs = &hot_regs; } __perf_sw_event(event_id, nr, nmi, regs, addr); } }",visit repo url,include/linux/perf_event.h,https://github.com/torvalds/linux,212467076670338,1 4412,['CWE-264'],"static void __release_sock(struct sock *sk) { struct sk_buff *skb = sk->sk_backlog.head; do { sk->sk_backlog.head = sk->sk_backlog.tail = NULL; bh_unlock_sock(sk); do { struct sk_buff *next = skb->next; skb->next = NULL; sk_backlog_rcv(sk, skb); cond_resched_softirq(); skb = next; } while (skb != NULL); bh_lock_sock(sk); } while ((skb = sk->sk_backlog.head) != NULL); }",linux-2.6,,,132966629449428792668528847923845987601,0 3424,['CWE-264'],"asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) { struct nameidata nd; int old_fsuid, old_fsgid; kernel_cap_t old_cap; int res; if (mode & ~S_IRWXO) return -EINVAL; old_fsuid = current->fsuid; old_fsgid = current->fsgid; old_cap = current->cap_effective; current->fsuid = current->uid; current->fsgid = current->gid; if (current->uid) cap_clear(current->cap_effective); else current->cap_effective = current->cap_permitted; res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd); if (res) goto out; res = vfs_permission(&nd, mode); if(res || !(mode & S_IWOTH) || special_file(nd.dentry->d_inode->i_mode)) goto out_path_release; if(IS_RDONLY(nd.dentry->d_inode)) res = -EROFS; out_path_release: path_release(&nd); out: current->fsuid = old_fsuid; current->fsgid = old_fsgid; current->cap_effective = old_cap; return res; }",linux-2.6,,,113272852082053616541545678602804439941,0 4415,['CWE-264'],"static void sock_inuse_exit_net(struct net *net) { free_percpu(net->core.inuse); }",linux-2.6,,,236825716600472657039113671270501447777,0 3400,CWE-125,"static Image *ReadWPGImage(const ImageInfo *image_info, ExceptionInfo *exception) { typedef struct { size_t FileId; MagickOffsetType DataOffset; unsigned int ProductType; unsigned int FileType; unsigned char MajorVersion; unsigned char MinorVersion; unsigned int EncryptKey; unsigned int Reserved; } WPGHeader; typedef struct { unsigned char RecType; size_t RecordLength; } WPGRecord; typedef struct { unsigned char Class; unsigned char RecType; size_t Extension; size_t RecordLength; } WPG2Record; typedef struct { unsigned HorizontalUnits; unsigned VerticalUnits; unsigned char PosSizePrecision; } WPG2Start; typedef struct { unsigned int Width; unsigned int Height; unsigned int Depth; unsigned int HorzRes; unsigned int VertRes; } WPGBitmapType1; typedef struct { unsigned int Width; unsigned int Height; unsigned char Depth; unsigned char Compression; } WPG2BitmapType1; typedef struct { unsigned int RotAngle; unsigned int LowLeftX; unsigned int LowLeftY; unsigned int UpRightX; unsigned int UpRightY; unsigned int Width; unsigned int Height; unsigned int Depth; unsigned int HorzRes; unsigned int VertRes; } WPGBitmapType2; typedef struct { unsigned int StartIndex; unsigned int NumOfEntries; } WPGColorMapRec; Image *image; unsigned int status; WPGHeader Header; WPGRecord Rec; WPG2Record Rec2; WPG2Start StartWPG; WPGBitmapType1 BitmapHeader1; WPG2BitmapType1 Bitmap2Header1; WPGBitmapType2 BitmapHeader2; WPGColorMapRec WPG_Palette; int i, bpp, WPG2Flags; ssize_t ldblk; size_t one; unsigned char *BImgBuff; tCTM CTM; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); one=1; image=AcquireImage(image_info,exception); image->depth=8; status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } Header.FileId=ReadBlobLSBLong(image); Header.DataOffset=(MagickOffsetType) ReadBlobLSBLong(image); Header.ProductType=ReadBlobLSBShort(image); Header.FileType=ReadBlobLSBShort(image); Header.MajorVersion=ReadBlobByte(image); Header.MinorVersion=ReadBlobByte(image); Header.EncryptKey=ReadBlobLSBShort(image); Header.Reserved=ReadBlobLSBShort(image); if (Header.FileId!=0x435057FF || (Header.ProductType>>8)!=0x16) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (Header.EncryptKey!=0) ThrowReaderException(CoderError,""EncryptedWPGImageFileNotSupported""); image->columns = 1; image->rows = 1; image->colors = 0; bpp=0; BitmapHeader2.RotAngle=0; switch(Header.FileType) { case 1: while(!EOFBlob(image)) { (void) SeekBlob(image,Header.DataOffset,SEEK_SET); if(EOFBlob(image)) break; Rec.RecType=(i=ReadBlobByte(image)); if(i==EOF) break; Rd_WP_DWORD(image,&Rec.RecordLength); if(EOFBlob(image)) break; Header.DataOffset=TellBlob(image)+Rec.RecordLength; switch(Rec.RecType) { case 0x0B: BitmapHeader1.Width=ReadBlobLSBShort(image); BitmapHeader1.Height=ReadBlobLSBShort(image); if ((BitmapHeader1.Width == 0) || (BitmapHeader1.Height == 0)) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); BitmapHeader1.Depth=ReadBlobLSBShort(image); BitmapHeader1.HorzRes=ReadBlobLSBShort(image); BitmapHeader1.VertRes=ReadBlobLSBShort(image); if(BitmapHeader1.HorzRes && BitmapHeader1.VertRes) { image->units=PixelsPerCentimeterResolution; image->resolution.x=BitmapHeader1.HorzRes/470.0; image->resolution.y=BitmapHeader1.VertRes/470.0; } image->columns=BitmapHeader1.Width; image->rows=BitmapHeader1.Height; bpp=BitmapHeader1.Depth; goto UnpackRaster; case 0x0E: WPG_Palette.StartIndex=ReadBlobLSBShort(image); WPG_Palette.NumOfEntries=ReadBlobLSBShort(image); image->colors=WPG_Palette.NumOfEntries; if (!AcquireImageColormap(image,image->colors,exception)) goto NoMemory; for (i=WPG_Palette.StartIndex; i < (int)WPG_Palette.NumOfEntries; i++) { image->colormap[i].red=ScaleCharToQuantum((unsigned char) ReadBlobByte(image)); image->colormap[i].green=ScaleCharToQuantum((unsigned char) ReadBlobByte(image)); image->colormap[i].blue=ScaleCharToQuantum((unsigned char) ReadBlobByte(image)); } break; case 0x11: if(Rec.RecordLength > 8) image=ExtractPostscript(image,image_info, TellBlob(image)+8, (ssize_t) Rec.RecordLength-8,exception); break; case 0x14: BitmapHeader2.RotAngle=ReadBlobLSBShort(image); BitmapHeader2.LowLeftX=ReadBlobLSBShort(image); BitmapHeader2.LowLeftY=ReadBlobLSBShort(image); BitmapHeader2.UpRightX=ReadBlobLSBShort(image); BitmapHeader2.UpRightY=ReadBlobLSBShort(image); BitmapHeader2.Width=ReadBlobLSBShort(image); BitmapHeader2.Height=ReadBlobLSBShort(image); if ((BitmapHeader2.Width == 0) || (BitmapHeader2.Height == 0)) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); BitmapHeader2.Depth=ReadBlobLSBShort(image); BitmapHeader2.HorzRes=ReadBlobLSBShort(image); BitmapHeader2.VertRes=ReadBlobLSBShort(image); image->units=PixelsPerCentimeterResolution; image->page.width=(unsigned int) ((BitmapHeader2.LowLeftX-BitmapHeader2.UpRightX)/470.0); image->page.height=(unsigned int) ((BitmapHeader2.LowLeftX-BitmapHeader2.UpRightY)/470.0); image->page.x=(int) (BitmapHeader2.LowLeftX/470.0); image->page.y=(int) (BitmapHeader2.LowLeftX/470.0); if(BitmapHeader2.HorzRes && BitmapHeader2.VertRes) { image->resolution.x=BitmapHeader2.HorzRes/470.0; image->resolution.y=BitmapHeader2.VertRes/470.0; } image->columns=BitmapHeader2.Width; image->rows=BitmapHeader2.Height; bpp=BitmapHeader2.Depth; UnpackRaster: if ((image->colors == 0) && (bpp != 24)) { image->colors=one << bpp; if (!AcquireImageColormap(image,image->colors,exception)) { NoMemory: ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } for (i=0; (i < (int) image->colors) && (i < 256); i++) { image->colormap[i].red=ScaleCharToQuantum(WPG1_Palette[i].Red); image->colormap[i].green=ScaleCharToQuantum(WPG1_Palette[i].Green); image->colormap[i].blue=ScaleCharToQuantum(WPG1_Palette[i].Blue); } } else { if (bpp < 24) if ( (image->colors < (one << bpp)) && (bpp != 24) ) image->colormap=(PixelInfo *) ResizeQuantumMemory( image->colormap,(size_t) (one << bpp), sizeof(*image->colormap)); } if (bpp == 1) { if(image->colormap[0].red==0 && image->colormap[0].green==0 && image->colormap[0].blue==0 && image->colormap[1].red==0 && image->colormap[1].green==0 && image->colormap[1].blue==0) { image->colormap[1].red = image->colormap[1].green = image->colormap[1].blue = QuantumRange; } } if(UnpackWPGRaster(image,bpp,exception) < 0) { DecompressionFailed: ThrowReaderException(CoderError,""UnableToDecompressImage""); } if(Rec.RecType==0x14 && BitmapHeader2.RotAngle!=0 && !image_info->ping) { if(BitmapHeader2.RotAngle & 0x8000) { Image *flop_image; flop_image = FlopImage(image, exception); if (flop_image != (Image *) NULL) { DuplicateBlob(flop_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flop_image); } } if(BitmapHeader2.RotAngle & 0x2000) { Image *flip_image; flip_image = FlipImage(image, exception); if (flip_image != (Image *) NULL) { DuplicateBlob(flip_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flip_image); } } if(BitmapHeader2.RotAngle & 0x0FFF) { Image *rotate_image; rotate_image=RotateImage(image,(BitmapHeader2.RotAngle & 0x0FFF), exception); if (rotate_image != (Image *) NULL) { DuplicateBlob(rotate_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,rotate_image); } } } AcquireNextImage(image_info,image,exception); image->depth=8; if (image->next == (Image *) NULL) goto Finish; image=SyncNextImageInList(image); image->columns=image->rows=0; image->colors=0; break; case 0x1B: if(Rec.RecordLength>0x3C) image=ExtractPostscript(image,image_info, TellBlob(image)+0x3C, (ssize_t) Rec.RecordLength-0x3C,exception); break; } } break; case 2: (void) memset(CTM,0,sizeof(CTM)); StartWPG.PosSizePrecision = 0; while(!EOFBlob(image)) { (void) SeekBlob(image,Header.DataOffset,SEEK_SET); if(EOFBlob(image)) break; Rec2.Class=(i=ReadBlobByte(image)); if(i==EOF) break; Rec2.RecType=(i=ReadBlobByte(image)); if(i==EOF) break; Rd_WP_DWORD(image,&Rec2.Extension); Rd_WP_DWORD(image,&Rec2.RecordLength); if(EOFBlob(image)) break; Header.DataOffset=TellBlob(image)+Rec2.RecordLength; switch(Rec2.RecType) { case 1: StartWPG.HorizontalUnits=ReadBlobLSBShort(image); StartWPG.VerticalUnits=ReadBlobLSBShort(image); StartWPG.PosSizePrecision=ReadBlobByte(image); break; case 0x0C: WPG_Palette.StartIndex=ReadBlobLSBShort(image); WPG_Palette.NumOfEntries=ReadBlobLSBShort(image); image->colors=WPG_Palette.NumOfEntries; if (AcquireImageColormap(image,image->colors,exception) == MagickFalse) ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); for (i=WPG_Palette.StartIndex; i < (int)WPG_Palette.NumOfEntries; i++) { image->colormap[i].red=ScaleCharToQuantum((char) ReadBlobByte(image)); image->colormap[i].green=ScaleCharToQuantum((char) ReadBlobByte(image)); image->colormap[i].blue=ScaleCharToQuantum((char) ReadBlobByte(image)); (void) ReadBlobByte(image); } break; case 0x0E: Bitmap2Header1.Width=ReadBlobLSBShort(image); Bitmap2Header1.Height=ReadBlobLSBShort(image); if ((Bitmap2Header1.Width == 0) || (Bitmap2Header1.Height == 0)) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); Bitmap2Header1.Depth=ReadBlobByte(image); Bitmap2Header1.Compression=ReadBlobByte(image); if(Bitmap2Header1.Compression > 1) continue; switch(Bitmap2Header1.Depth) { case 1: bpp=1; break; case 2: bpp=2; break; case 3: bpp=4; break; case 4: bpp=8; break; case 8: bpp=24; break; default: continue; } image->columns=Bitmap2Header1.Width; image->rows=Bitmap2Header1.Height; if ((image->colors == 0) && (bpp != 24)) { size_t one; one=1; image->colors=one << bpp; if (!AcquireImageColormap(image,image->colors,exception)) goto NoMemory; } else { if(bpp < 24) if( image->colors<(one << bpp) && bpp!=24 ) image->colormap=(PixelInfo *) ResizeQuantumMemory( image->colormap,(size_t) (one << bpp), sizeof(*image->colormap)); } switch(Bitmap2Header1.Compression) { case 0: { ldblk=(ssize_t) ((bpp*image->columns+7)/8); BImgBuff=(unsigned char *) AcquireQuantumMemory((size_t) ldblk,sizeof(*BImgBuff)); if (BImgBuff == (unsigned char *) NULL) goto NoMemory; for(i=0; i< (ssize_t) image->rows; i++) { (void) ReadBlob(image,ldblk,BImgBuff); InsertRow(image,BImgBuff,i,bpp,exception); } if(BImgBuff) BImgBuff=(unsigned char *) RelinquishMagickMemory(BImgBuff);; break; } case 1: { if( UnpackWPG2Raster(image,bpp,exception) < 0) goto DecompressionFailed; break; } } if(CTM[0][0]<0 && !image_info->ping) { Image *flop_image; flop_image = FlopImage(image, exception); if (flop_image != (Image *) NULL) { DuplicateBlob(flop_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flop_image); } } if(CTM[1][1]<0 && !image_info->ping) { Image *flip_image; flip_image = FlipImage(image, exception); if (flip_image != (Image *) NULL) { DuplicateBlob(flip_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flip_image); } } AcquireNextImage(image_info,image,exception); image->depth=8; if (image->next == (Image *) NULL) goto Finish; image=SyncNextImageInList(image); image->columns=image->rows=1; image->colors=0; break; case 0x12: i=ReadBlobLSBShort(image); if(Rec2.RecordLength > (unsigned int) i) image=ExtractPostscript(image,image_info, TellBlob(image)+i, (ssize_t) (Rec2.RecordLength-i-2),exception); break; case 0x1B: WPG2Flags = LoadWPG2Flags(image,StartWPG.PosSizePrecision,NULL,&CTM); (void) WPG2Flags; break; } } break; default: { ThrowReaderException(CoderError,""DataEncodingSchemeIsNotSupported""); } } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); Finish: (void) CloseBlob(image); { Image *p; ssize_t scene=0; p=image; image=NULL; while (p != (Image *) NULL) { Image *tmp=p; if ((p->rows == 0) || (p->columns == 0)) { p=p->previous; DeleteImageFromList(&tmp); } else { image=p; p=p->previous; } } for (p=image; p != (Image *) NULL; p=p->next) p->scene=(size_t) scene++; } if (image == (Image *) NULL) ThrowReaderException(CorruptImageError, ""ImageFileDoesNotContainAnyImageData""); return(image); }",visit repo url,coders/wpg.c,https://github.com/ImageMagick/ImageMagick,101903564912381,1 657,[],"int compat_dccp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { if (level != SOL_DCCP) return inet_csk_compat_getsockopt(sk, level, optname, optval, optlen); return do_dccp_getsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,88404922539140058124842586826332187312,0 2686,[],"static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt, union sctp_addr *addr, int len) { struct sctp_af *af; if (len < sizeof (struct sockaddr)) return NULL; if (addr->sa.sa_family == AF_INET6 && ipv6_addr_v4mapped(&addr->v6.sin6_addr)) { if (!opt->pf->af_supported(AF_INET, opt)) return NULL; } else { if (!opt->pf->af_supported(addr->sa.sa_family, opt)) return NULL; } af = sctp_get_af_specific(addr->sa.sa_family); if (len < af->sockaddr_len) return NULL; return af; }",linux-2.6,,,288638770244015524872550886591988870771,0 1634,CWE-416,"static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; struct inet_sock *inet = inet_sk(sk); struct inet_connection_sock *icsk = inet_csk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct tcp_sock *tp = tcp_sk(sk); struct in6_addr *saddr = NULL, *final_p, final; struct flowi6 fl6; struct dst_entry *dst; int addr_type; int err; if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; if (usin->sin6_family != AF_INET6) return -EAFNOSUPPORT; memset(&fl6, 0, sizeof(fl6)); if (np->sndflow) { fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; IP6_ECN_flow_init(fl6.flowlabel); if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { struct ip6_flowlabel *flowlabel; flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; fl6_sock_release(flowlabel); } } if (ipv6_addr_any(&usin->sin6_addr)) usin->sin6_addr.s6_addr[15] = 0x1; addr_type = ipv6_addr_type(&usin->sin6_addr); if (addr_type & IPV6_ADDR_MULTICAST) return -ENETUNREACH; if (addr_type&IPV6_ADDR_LINKLOCAL) { if (addr_len >= sizeof(struct sockaddr_in6) && usin->sin6_scope_id) { if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != usin->sin6_scope_id) return -EINVAL; sk->sk_bound_dev_if = usin->sin6_scope_id; } if (!sk->sk_bound_dev_if) return -EINVAL; } if (tp->rx_opt.ts_recent_stamp && !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) { tp->rx_opt.ts_recent = 0; tp->rx_opt.ts_recent_stamp = 0; tp->write_seq = 0; } sk->sk_v6_daddr = usin->sin6_addr; np->flow_label = fl6.flowlabel; if (addr_type == IPV6_ADDR_MAPPED) { u32 exthdrlen = icsk->icsk_ext_hdr_len; struct sockaddr_in sin; SOCK_DEBUG(sk, ""connect: ipv4 mapped\n""); if (__ipv6_only_sock(sk)) return -ENETUNREACH; sin.sin_family = AF_INET; sin.sin_port = usin->sin6_port; sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; icsk->icsk_af_ops = &ipv6_mapped; sk->sk_backlog_rcv = tcp_v4_do_rcv; #ifdef CONFIG_TCP_MD5SIG tp->af_specific = &tcp_sock_ipv6_mapped_specific; #endif err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); if (err) { icsk->icsk_ext_hdr_len = exthdrlen; icsk->icsk_af_ops = &ipv6_specific; sk->sk_backlog_rcv = tcp_v6_do_rcv; #ifdef CONFIG_TCP_MD5SIG tp->af_specific = &tcp_sock_ipv6_specific; #endif goto failure; } np->saddr = sk->sk_v6_rcv_saddr; return err; } if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) saddr = &sk->sk_v6_rcv_saddr; fl6.flowi6_proto = IPPROTO_TCP; fl6.daddr = sk->sk_v6_daddr; fl6.saddr = saddr ? *saddr : np->saddr; fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = sk->sk_mark; fl6.fl6_dport = usin->sin6_port; fl6.fl6_sport = inet->inet_sport; final_p = fl6_update_dst(&fl6, np->opt, &final); security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { err = PTR_ERR(dst); goto failure; } if (!saddr) { saddr = &fl6.saddr; sk->sk_v6_rcv_saddr = *saddr; } np->saddr = *saddr; inet->inet_rcv_saddr = LOOPBACK4_IPV6; sk->sk_gso_type = SKB_GSO_TCPV6; __ip6_dst_store(sk, dst, NULL, NULL); if (tcp_death_row.sysctl_tw_recycle && !tp->rx_opt.ts_recent_stamp && ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr)) tcp_fetch_timewait_stamp(sk, dst); icsk->icsk_ext_hdr_len = 0; if (np->opt) icsk->icsk_ext_hdr_len = (np->opt->opt_flen + np->opt->opt_nflen); tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); inet->inet_dport = usin->sin6_port; tcp_set_state(sk, TCP_SYN_SENT); err = inet6_hash_connect(&tcp_death_row, sk); if (err) goto late_failure; sk_set_txhash(sk); if (!tp->write_seq && likely(!tp->repair)) tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, sk->sk_v6_daddr.s6_addr32, inet->inet_sport, inet->inet_dport); err = tcp_connect(sk); if (err) goto late_failure; return 0; late_failure: tcp_set_state(sk, TCP_CLOSE); __sk_dst_reset(sk); failure: inet->inet_dport = 0; sk->sk_route_caps = 0; return err; }",visit repo url,net/ipv6/tcp_ipv6.c,https://github.com/torvalds/linux,24869069594082,1 1713,[],"static void cfs_rq_set_shares(struct cfs_rq *cfs_rq, unsigned long shares) { cfs_rq->shares = shares; }",linux-2.6,,,214284855060379291761089084769154281475,0 2908,CWE-191,"DECLAREcpFunc(cpDecodedStrips) { tsize_t stripsize = TIFFStripSize(in); tdata_t buf = _TIFFmalloc(stripsize); (void) imagewidth; (void) spp; if (buf) { tstrip_t s, ns = TIFFNumberOfStrips(in); uint32 row = 0; _TIFFmemset(buf, 0, stripsize); for (s = 0; s < ns; s++) { tsize_t cc = (row + rowsperstrip > imagelength) ? TIFFVStripSize(in, imagelength - row) : stripsize; if (TIFFReadEncodedStrip(in, s, buf, cc) < 0 && !ignore) { TIFFError(TIFFFileName(in), ""Error, can't read strip %lu"", (unsigned long) s); goto bad; } if (TIFFWriteEncodedStrip(out, s, buf, cc) < 0) { TIFFError(TIFFFileName(out), ""Error, can't write strip %lu"", (unsigned long) s); goto bad; } row += rowsperstrip; } _TIFFfree(buf); return 1; } else { TIFFError(TIFFFileName(in), ""Error, can't allocate memory buffer of size %lu "" ""to read strips"", (unsigned long) stripsize); return 0; } bad: _TIFFfree(buf); return 0; }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,1909100376848,1 4110,CWE-119,"int MSG_ReadBits( msg_t *msg, int bits ) { int value; int get; qboolean sgn; int i, nbits; value = 0; if ( bits < 0 ) { bits = -bits; sgn = qtrue; } else { sgn = qfalse; } if (msg->oob) { if(bits==8) { value = msg->data[msg->readcount]; msg->readcount += 1; msg->bit += 8; } else if(bits==16) { short temp; CopyLittleShort(&temp, &msg->data[msg->readcount]); value = temp; msg->readcount += 2; msg->bit += 16; } else if(bits==32) { CopyLittleLong(&value, &msg->data[msg->readcount]); msg->readcount += 4; msg->bit += 32; } else Com_Error(ERR_DROP, ""can't read %d bits"", bits); } else { nbits = 0; if (bits&7) { nbits = bits&7; for(i=0;idata, &msg->bit)<data, &msg->bit); value |= (get<<(i+nbits)); } } msg->readcount = (msg->bit>>3)+1; } if ( sgn && bits > 0 && bits < 32 ) { if ( value & ( 1 << ( bits - 1 ) ) ) { value |= -1 ^ ( ( 1 << bits ) - 1 ); } } return value; }",visit repo url,code/qcommon/msg.c,https://github.com/ioquake/ioq3,2035514372454,1 2138,['CWE-119'],"static inline void pack_gate(gate_desc *gate, unsigned type, unsigned long func, unsigned dpl, unsigned ist, unsigned seg) { gate->offset_low = PTR_LOW(func); gate->segment = __KERNEL_CS; gate->ist = ist; gate->p = 1; gate->dpl = dpl; gate->zero0 = 0; gate->zero1 = 0; gate->type = type; gate->offset_middle = PTR_MIDDLE(func); gate->offset_high = PTR_HIGH(func); }",linux-2.6,,,6438200334983473299783708913417650599,0 512,['CWE-264'],"static int putreg(struct task_struct *child, unsigned long regno, unsigned long value) { unsigned long tmp; switch (regno) { case offsetof(struct user_regs_struct,fs): if (value && (value & 3) != 3) return -EIO; child->thread.fsindex = value & 0xffff; return 0; case offsetof(struct user_regs_struct,gs): if (value && (value & 3) != 3) return -EIO; child->thread.gsindex = value & 0xffff; return 0; case offsetof(struct user_regs_struct,ds): if (value && (value & 3) != 3) return -EIO; child->thread.ds = value & 0xffff; return 0; case offsetof(struct user_regs_struct,es): if (value && (value & 3) != 3) return -EIO; child->thread.es = value & 0xffff; return 0; case offsetof(struct user_regs_struct,ss): if ((value & 3) != 3) return -EIO; value &= 0xffff; return 0; case offsetof(struct user_regs_struct,fs_base): if (value >= TASK_SIZE_OF(child)) return -EIO; child->thread.fs = value; return 0; case offsetof(struct user_regs_struct,gs_base): if (value >= TASK_SIZE_OF(child)) return -EIO; child->thread.gs = value; return 0; case offsetof(struct user_regs_struct, eflags): value &= FLAG_MASK; tmp = get_stack_long(child, EFL_OFFSET); tmp &= ~FLAG_MASK; value |= tmp; break; case offsetof(struct user_regs_struct,cs): if ((value & 3) != 3) return -EIO; value &= 0xffff; break; } put_stack_long(child, regno - sizeof(struct pt_regs), value); return 0; }",linux-2.6,,,88700362878763037661795637918373031677,0 4434,CWE-416,"mrb_vm_exec(mrb_state *mrb, const struct RProc *proc, const mrb_code *pc) { const mrb_irep *irep = proc->body.irep; const mrb_pool_value *pool = irep->pool; const mrb_sym *syms = irep->syms; mrb_code insn; int ai = mrb_gc_arena_save(mrb); struct mrb_jmpbuf *prev_jmp = mrb->jmp; struct mrb_jmpbuf c_jmp; uint32_t a; uint16_t b; uint16_t c; mrb_sym mid; const struct mrb_irep_catch_handler *ch; #ifdef DIRECT_THREADED static const void * const optable[] = { #define OPCODE(x,_) &&L_OP_ ## x, #include ""mruby/ops.h"" #undef OPCODE }; #endif mrb_bool exc_catched = FALSE; RETRY_TRY_BLOCK: MRB_TRY(&c_jmp) { if (exc_catched) { exc_catched = FALSE; mrb_gc_arena_restore(mrb, ai); if (mrb->exc && mrb->exc->tt == MRB_TT_BREAK) goto L_BREAK; goto L_RAISE; } mrb->jmp = &c_jmp; mrb_vm_ci_proc_set(mrb->c->ci, proc); #define regs (mrb->c->ci->stack) INIT_DISPATCH { CASE(OP_NOP, Z) { NEXT; } CASE(OP_MOVE, BB) { regs[a] = regs[b]; NEXT; } CASE(OP_LOADL, BB) { switch (pool[b].tt) { case IREP_TT_INT32: regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i32); break; case IREP_TT_INT64: #if defined(MRB_INT64) regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; #else #if defined(MRB_64BIT) if (INT32_MIN <= pool[b].u.i64 && pool[b].u.i64 <= INT32_MAX) { regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; } #endif goto L_INT_OVERFLOW; #endif case IREP_TT_BIGINT: goto L_INT_OVERFLOW; #ifndef MRB_NO_FLOAT case IREP_TT_FLOAT: regs[a] = mrb_float_value(mrb, pool[b].u.f); break; #endif default: regs[a] = mrb_nil_value(); break; } NEXT; } CASE(OP_LOADI, BB) { SET_FIXNUM_VALUE(regs[a], b); NEXT; } CASE(OP_LOADINEG, BB) { SET_FIXNUM_VALUE(regs[a], -b); NEXT; } CASE(OP_LOADI__1,B) goto L_LOADI; CASE(OP_LOADI_0,B) goto L_LOADI; CASE(OP_LOADI_1,B) goto L_LOADI; CASE(OP_LOADI_2,B) goto L_LOADI; CASE(OP_LOADI_3,B) goto L_LOADI; CASE(OP_LOADI_4,B) goto L_LOADI; CASE(OP_LOADI_5,B) goto L_LOADI; CASE(OP_LOADI_6,B) goto L_LOADI; CASE(OP_LOADI_7, B) { L_LOADI: SET_FIXNUM_VALUE(regs[a], (mrb_int)insn - (mrb_int)OP_LOADI_0); NEXT; } CASE(OP_LOADI16, BS) { SET_FIXNUM_VALUE(regs[a], (mrb_int)(int16_t)b); NEXT; } CASE(OP_LOADI32, BSS) { SET_INT_VALUE(mrb, regs[a], (int32_t)(((uint32_t)b<<16)+c)); NEXT; } CASE(OP_LOADSYM, BB) { SET_SYM_VALUE(regs[a], syms[b]); NEXT; } CASE(OP_LOADNIL, B) { SET_NIL_VALUE(regs[a]); NEXT; } CASE(OP_LOADSELF, B) { regs[a] = regs[0]; NEXT; } CASE(OP_LOADT, B) { SET_TRUE_VALUE(regs[a]); NEXT; } CASE(OP_LOADF, B) { SET_FALSE_VALUE(regs[a]); NEXT; } CASE(OP_GETGV, BB) { mrb_value val = mrb_gv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETGV, BB) { mrb_gv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETSV, BB) { mrb_value val = mrb_vm_special_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETSV, BB) { mrb_vm_special_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIV, BB) { regs[a] = mrb_iv_get(mrb, regs[0], syms[b]); NEXT; } CASE(OP_SETIV, BB) { mrb_iv_set(mrb, regs[0], syms[b], regs[a]); NEXT; } CASE(OP_GETCV, BB) { mrb_value val; val = mrb_vm_cv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETCV, BB) { mrb_vm_cv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIDX, B) { mrb_value va = regs[a], vb = regs[a+1]; switch (mrb_type(va)) { case MRB_TT_ARRAY: if (!mrb_integer_p(vb)) goto getidx_fallback; regs[a] = mrb_ary_entry(va, mrb_integer(vb)); break; case MRB_TT_HASH: regs[a] = mrb_hash_get(mrb, va, vb); break; case MRB_TT_STRING: switch (mrb_type(vb)) { case MRB_TT_INTEGER: case MRB_TT_STRING: case MRB_TT_RANGE: regs[a] = mrb_str_aref(mrb, va, vb, mrb_undef_value()); break; default: goto getidx_fallback; } break; default: getidx_fallback: mid = MRB_OPSYM(aref); goto L_SEND_SYM; } NEXT; } CASE(OP_SETIDX, B) { c = 2; mid = MRB_OPSYM(aset); SET_NIL_VALUE(regs[a+3]); goto L_SENDB_SYM; } CASE(OP_GETCONST, BB) { regs[a] = mrb_vm_const_get(mrb, syms[b]); NEXT; } CASE(OP_SETCONST, BB) { mrb_vm_const_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETMCNST, BB) { regs[a] = mrb_const_get(mrb, regs[a], syms[b]); NEXT; } CASE(OP_SETMCNST, BB) { mrb_const_set(mrb, regs[a+1], syms[b], regs[a]); NEXT; } CASE(OP_GETUPVAR, BBB) { mrb_value *regs_a = regs + a; struct REnv *e = uvenv(mrb, c); if (e && b < MRB_ENV_LEN(e)) { *regs_a = e->stack[b]; } else { *regs_a = mrb_nil_value(); } NEXT; } CASE(OP_SETUPVAR, BBB) { struct REnv *e = uvenv(mrb, c); if (e) { mrb_value *regs_a = regs + a; if (b < MRB_ENV_LEN(e)) { e->stack[b] = *regs_a; mrb_write_barrier(mrb, (struct RBasic*)e); } } NEXT; } CASE(OP_JMP, S) { pc += (int16_t)a; JUMP; } CASE(OP_JMPIF, BS) { if (mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNOT, BS) { if (!mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNIL, BS) { if (mrb_nil_p(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPUW, S) { a = (uint32_t)((pc - irep->iseq) + (int16_t)a); CHECKPOINT_RESTORE(RBREAK_TAG_JUMP) { struct RBreak *brk = (struct RBreak*)mrb->exc; mrb_value target = mrb_break_value_get(brk); mrb_assert(mrb_integer_p(target)); a = (uint32_t)mrb_integer(target); mrb_assert(a >= 0 && a < irep->ilen); } CHECKPOINT_MAIN(RBREAK_TAG_JUMP) { ch = catch_handler_find(mrb, mrb->c->ci, pc, MRB_CATCH_FILTER_ENSURE); if (ch) { if (a < mrb_irep_catch_handler_unpack(ch->begin) || a >= mrb_irep_catch_handler_unpack(ch->end)) { THROW_TAGGED_BREAK(mrb, RBREAK_TAG_JUMP, proc, mrb_fixnum_value(a)); } } } CHECKPOINT_END(RBREAK_TAG_JUMP); mrb->exc = NULL; pc = irep->iseq + a; JUMP; } CASE(OP_EXCEPT, B) { mrb_value exc; if (mrb->exc == NULL) { exc = mrb_nil_value(); } else { switch (mrb->exc->tt) { case MRB_TT_BREAK: case MRB_TT_EXCEPTION: exc = mrb_obj_value(mrb->exc); break; default: mrb_assert(!""bad mrb_type""); exc = mrb_nil_value(); break; } mrb->exc = NULL; } regs[a] = exc; NEXT; } CASE(OP_RESCUE, BB) { mrb_value exc = regs[a]; mrb_value e = regs[b]; struct RClass *ec; switch (mrb_type(e)) { case MRB_TT_CLASS: case MRB_TT_MODULE: break; default: { mrb_value exc; exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""class or module required for rescue clause""); mrb_exc_set(mrb, exc); goto L_RAISE; } } ec = mrb_class_ptr(e); regs[b] = mrb_bool_value(mrb_obj_is_kind_of(mrb, exc, ec)); NEXT; } CASE(OP_RAISEIF, B) { mrb_value exc = regs[a]; if (mrb_break_p(exc)) { mrb->exc = mrb_obj_ptr(exc); goto L_BREAK; } mrb_exc_set(mrb, exc); if (mrb->exc) { goto L_RAISE; } NEXT; } CASE(OP_SSEND, BBB) { regs[a] = regs[0]; insn = OP_SEND; } goto L_SENDB; CASE(OP_SSENDB, BBB) { regs[a] = regs[0]; } goto L_SENDB; CASE(OP_SEND, BBB) goto L_SENDB; L_SEND_SYM: c = 1; SET_NIL_VALUE(regs[a+2]); goto L_SENDB_SYM; CASE(OP_SENDB, BBB) L_SENDB: mid = syms[b]; L_SENDB_SYM: { mrb_callinfo *ci = mrb->c->ci; mrb_method_t m; struct RClass *cls; mrb_value recv, blk; ARGUMENT_NORMALIZE(a, &c, insn); recv = regs[a]; cls = mrb_class(mrb, recv); m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &c, blk, 0); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, c); if (MRB_METHOD_CFUNC_P(m)) { if (MRB_METHOD_PROC_P(m)) { struct RProc *p = MRB_METHOD_PROC(m); mrb_vm_ci_proc_set(ci, p); recv = p->body.func(mrb, recv); } else { if (MRB_METHOD_NOARG_P(m)) { check_method_noarg(mrb, ci); } recv = MRB_METHOD_FUNC(m)(mrb, recv); } mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (p && !MRB_PROC_STRICT_P(p) && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } if (!ci->u.target_class) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return recv; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } ci->stack[0] = recv; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } } JUMP; CASE(OP_CALL, Z) { mrb_callinfo *ci = mrb->c->ci; mrb_value recv = ci->stack[0]; struct RProc *m = mrb_proc_ptr(recv); ci->u.target_class = MRB_PROC_TARGET_CLASS(m); mrb_vm_ci_proc_set(ci, m); if (MRB_PROC_ENV_P(m)) { ci->mid = MRB_PROC_ENV(m)->mid; } if (MRB_PROC_CFUNC_P(m)) { recv = MRB_PROC_CFUNC(m)(mrb, recv); mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = cipop(mrb); pc = ci->pc; ci[1].stack[0] = recv; irep = mrb->c->ci->proc->body.irep; } else { proc = m; irep = m->body.irep; if (!irep) { mrb->c->ci->stack[0] = mrb_nil_value(); a = 0; c = OP_R_NORMAL; goto L_OP_RETURN_BODY; } mrb_int nargs = mrb_ci_bidx(ci)+1; if (nargs < irep->nregs) { mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+nargs, irep->nregs-nargs); } if (MRB_PROC_ENV_P(m)) { regs[0] = MRB_PROC_ENV(m)->stack[0]; } pc = irep->iseq; } pool = irep->pool; syms = irep->syms; JUMP; } CASE(OP_SUPER, BB) { mrb_method_t m; struct RClass *cls; mrb_callinfo *ci = mrb->c->ci; mrb_value recv, blk; const struct RProc *p = ci->proc; mrb_sym mid = ci->mid; struct RClass* target_class = MRB_PROC_TARGET_CLASS(p); if (MRB_PROC_ENV_P(p) && p->e.env->mid && p->e.env->mid != mid) { mid = p->e.env->mid; } if (mid == 0 || !target_class) { mrb_value exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (target_class->flags & MRB_FL_CLASS_IS_PREPENDED) { target_class = mrb_vm_ci_target_class(ci); } else if (target_class->tt == MRB_TT_MODULE) { target_class = mrb_vm_ci_target_class(ci); if (target_class->tt != MRB_TT_ICLASS) { goto super_typeerror; } } recv = regs[0]; if (!mrb_obj_is_kind_of(mrb, recv, target_class)) { super_typeerror: ; mrb_value exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""self has wrong type to call super in this context""); mrb_exc_set(mrb, exc); goto L_RAISE; } ARGUMENT_NORMALIZE(a, &b, OP_SUPER); cls = target_class->super; m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &b, blk, 1); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, b); ci->stack[0] = recv; if (MRB_METHOD_CFUNC_P(m)) { mrb_value v; if (MRB_METHOD_PROC_P(m)) { mrb_vm_ci_proc_set(ci, MRB_METHOD_PROC(m)); } v = MRB_METHOD_CFUNC(m)(mrb, recv); mrb_gc_arena_restore(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; mrb_assert(!mrb_break_p(v)); if (!mrb_vm_ci_target_class(ci)) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return v; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } mrb->c->ci->stack[0] = v; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } JUMP; } CASE(OP_ARGARY, BS) { mrb_int m1 = (b>>11)&0x3f; mrb_int r = (b>>10)&0x1; mrb_int m2 = (b>>5)&0x1f; mrb_int kd = (b>>4)&0x1; mrb_int lv = (b>>0)&0xf; mrb_value *stack; if (mrb->c->ci->mid == 0 || mrb_vm_ci_target_class(mrb->c->ci) == NULL) { mrb_value exc; L_NOSUPER: exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e) goto L_NOSUPER; if (MRB_ENV_LEN(e) <= m1+r+m2+1) goto L_NOSUPER; stack = e->stack + 1; } if (r == 0) { regs[a] = mrb_ary_new_from_values(mrb, m1+m2, stack); } else { mrb_value *pp = NULL; struct RArray *rest; mrb_int len = 0; if (mrb_array_p(stack[m1])) { struct RArray *ary = mrb_ary_ptr(stack[m1]); pp = ARY_PTR(ary); len = ARY_LEN(ary); } regs[a] = mrb_ary_new_capa(mrb, m1+len+m2); rest = mrb_ary_ptr(regs[a]); if (m1 > 0) { stack_copy(ARY_PTR(rest), stack, m1); } if (len > 0) { stack_copy(ARY_PTR(rest)+m1, pp, len); } if (m2 > 0) { stack_copy(ARY_PTR(rest)+m1+len, stack+m1+1, m2); } ARY_SET_LEN(rest, m1+len+m2); } if (kd) { regs[a+1] = stack[m1+r+m2]; regs[a+2] = stack[m1+r+m2+1]; } else { regs[a+1] = stack[m1+r+m2]; } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ENTER, W) { mrb_int m1 = MRB_ASPEC_REQ(a); mrb_int o = MRB_ASPEC_OPT(a); mrb_int r = MRB_ASPEC_REST(a); mrb_int m2 = MRB_ASPEC_POST(a); mrb_int kd = (MRB_ASPEC_KEY(a) > 0 || MRB_ASPEC_KDICT(a))? 1 : 0; mrb_int const len = m1 + o + r + m2; mrb_callinfo *ci = mrb->c->ci; mrb_int argc = ci->n; mrb_value *argv = regs+1; mrb_value * const argv0 = argv; mrb_int const kw_pos = len + kd; mrb_int const blk_pos = kw_pos + 1; mrb_value blk = regs[mrb_ci_bidx(ci)]; mrb_value kdict = mrb_nil_value(); if (ci->nk > 0) { mrb_int kidx = mrb_ci_kidx(ci); kdict = regs[kidx]; if (!mrb_hash_p(kdict) || mrb_hash_size(mrb, kdict) == 0) { kdict = mrb_nil_value(); ci->nk = 0; } } if (!kd && !mrb_nil_p(kdict)) { if (argc < 14) { ci->n++; argc++; } else if (argc == 14) { regs[1] = mrb_ary_new_from_values(mrb, argc+1, ®s[1]); argc = ci->n = 15; } else { mrb_ary_push(mrb, regs[1], regs[2]); } ci->nk = 0; } if (kd && MRB_ASPEC_KEY(a) > 0 && mrb_hash_p(kdict)) { kdict = mrb_hash_dup(mrb, kdict); } if (argc == 15) { struct RArray *ary = mrb_ary_ptr(regs[1]); argv = ARY_PTR(ary); argc = (int)ARY_LEN(ary); mrb_gc_protect(mrb, regs[1]); } if (ci->proc && MRB_PROC_STRICT_P(ci->proc)) { if (argc < m1 + m2 || (r == 0 && argc > len)) { argnum_error(mrb, m1+m2); goto L_RAISE; } } else if (len > 1 && argc == 1 && mrb_array_p(argv[0])) { mrb_gc_protect(mrb, argv[0]); argc = (int)RARRAY_LEN(argv[0]); argv = RARRAY_PTR(argv[0]); } mrb_value rest = mrb_nil_value(); if (argc < len) { mrb_int mlen = m2; if (argc < m1+m2) { mlen = m1 < argc ? argc - m1 : 0; } if (argv0 != argv && argv) { value_move(®s[1], argv, argc-mlen); } if (argc < m1) { stack_clear(®s[argc+1], m1-argc); } if (mlen) { value_move(®s[len-m2+1], &argv[argc-mlen], mlen); } if (mlen < m2) { stack_clear(®s[len-m2+mlen+1], m2-mlen); } if (r) { rest = mrb_ary_new_capa(mrb, 0); regs[m1+o+1] = rest; } if (o > 0 && argc > m1+m2) pc += (argc - m1 - m2)*3; } else { mrb_int rnum = 0; if (argv0 != argv) { value_move(®s[1], argv, m1+o); } if (r) { rnum = argc-m1-o-m2; rest = mrb_ary_new_from_values(mrb, rnum, argv+m1+o); regs[m1+o+1] = rest; } if (m2 > 0 && argc-m2 > m1) { value_move(®s[m1+o+r+1], &argv[m1+o+rnum], m2); } pc += o*3; } regs[blk_pos] = blk; if (kd) { if (mrb_nil_p(kdict)) kdict = mrb_hash_new_capa(mrb, 0); regs[kw_pos] = kdict; } mrb->c->ci->n = len; if (irep->nlocals-blk_pos-1 > 0) { stack_clear(®s[blk_pos+1], irep->nlocals-blk_pos-1); } JUMP; } CASE(OP_KARG, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx < 0 || !mrb_hash_p(kdict=regs[kidx]) || !mrb_hash_key_p(mrb, kdict, k)) { mrb_value str = mrb_format(mrb, ""missing keyword: %v"", k); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } regs[a] = mrb_hash_get(mrb, kdict, k); mrb_hash_delete_key(mrb, kdict, k); NEXT; } CASE(OP_KEY_P, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; mrb_bool key_p = FALSE; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx])) { key_p = mrb_hash_key_p(mrb, kdict, k); } regs[a] = mrb_bool_value(key_p); NEXT; } CASE(OP_KEYEND, Z) { mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx]) && !mrb_hash_empty_p(mrb, kdict)) { mrb_value keys = mrb_hash_keys(mrb, kdict); mrb_value key1 = RARRAY_PTR(keys)[0]; mrb_value str = mrb_format(mrb, ""unknown keyword: %v"", key1); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } NEXT; } CASE(OP_BREAK, B) { c = OP_R_BREAK; goto L_RETURN; } CASE(OP_RETURN_BLK, B) { c = OP_R_RETURN; goto L_RETURN; } CASE(OP_RETURN, B) c = OP_R_NORMAL; L_RETURN: { mrb_callinfo *ci; ci = mrb->c->ci; if (ci->mid) { mrb_value blk = regs[mrb_ci_bidx(ci)]; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p) && ci > mrb->c->cibase && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } } if (mrb->exc) { L_RAISE: ci = mrb->c->ci; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) goto L_FTOP; goto L_CATCH; } while ((ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL)) == NULL) { ci = cipop(mrb); if (ci[1].cci == CINFO_SKIP && prev_jmp) { mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } pc = ci[0].pc; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) { L_FTOP: if (mrb->c == mrb->root_c) { mrb->c->ci->stack = mrb->c->stbase; goto L_STOP; } else { struct mrb_context *c = mrb->c; c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; c->prev = NULL; goto L_RAISE; } } break; } } L_CATCH: if (ch == NULL) goto L_STOP; if (FALSE) { L_CATCH_TAGGED_BREAK: ci = mrb->c->ci; } proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); pc = irep->iseq + mrb_irep_catch_handler_unpack(ch->target); } else { mrb_int acc; mrb_value v; ci = mrb->c->ci; v = regs[a]; mrb_gc_protect(mrb, v); switch (c) { case OP_R_RETURN: if (ci->cci == CINFO_NONE && MRB_PROC_ENV_P(proc) && !MRB_PROC_STRICT_P(proc)) { const struct RProc *dst; mrb_callinfo *cibase; cibase = mrb->c->cibase; dst = top_proc(mrb, proc); if (MRB_PROC_ENV_P(dst)) { struct REnv *e = MRB_PROC_ENV(dst); if (!MRB_ENV_ONSTACK_P(e) || (e->cxt && e->cxt != mrb->c)) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } } while (cibase <= ci && ci->proc != dst) { if (ci->cci > CINFO_NONE) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci--; } if (ci <= cibase) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci = mrb->c->ci; while (cibase <= ci && ci->proc != dst) { CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_BLOCK) { cibase = mrb->c->cibase; dst = top_proc(mrb, proc); } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_BLOCK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_BLOCK, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_BLOCK); ci = cipop(mrb); pc = ci->pc; } proc = ci->proc; mrb->exc = NULL; break; } case OP_R_NORMAL: NORMAL_RETURN: if (ci == mrb->c->cibase) { struct mrb_context *c; c = mrb->c; if (!c->prev) { regs[irep->nlocals] = v; goto CHECKPOINT_LABEL_MAKE(RBREAK_TAG_STOP); } if (!c->vmexec && c->prev->ci == c->prev->cibase) { mrb_value exc = mrb_exc_new_lit(mrb, E_FIBER_ERROR, ""double resume""); mrb_exc_set(mrb, exc); goto L_RAISE; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_TOPLEVEL) { c = mrb->c; } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_TOPLEVEL) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_TOPLEVEL, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_TOPLEVEL); c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; mrb->c->status = MRB_FIBER_RUNNING; c->prev = NULL; if (c->vmexec) { mrb_gc_arena_restore(mrb, ai); c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } ci = mrb->c->ci; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN) { } CHECKPOINT_MAIN(RBREAK_TAG_RETURN) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN); mrb->exc = NULL; break; case OP_R_BREAK: if (MRB_PROC_STRICT_P(proc)) goto NORMAL_RETURN; if (MRB_PROC_ORPHAN_P(proc)) { mrb_value exc; L_BREAK_ERROR: exc = mrb_exc_new_lit(mrb, E_LOCALJUMP_ERROR, ""break from proc-closure""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (!MRB_PROC_ENV_P(proc) || !MRB_ENV_ONSTACK_P(MRB_PROC_ENV(proc))) { goto L_BREAK_ERROR; } else { struct REnv *e = MRB_PROC_ENV(proc); if (e->cxt != mrb->c) { goto L_BREAK_ERROR; } } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK); if (ci == mrb->c->cibase && ci->pc) { struct mrb_context *c = mrb->c; mrb->c = c->prev; c->prev = NULL; ci = mrb->c->ci; } if (ci->cci > CINFO_NONE) { ci = cipop(mrb); mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } if (FALSE) { struct RBreak *brk; L_BREAK: brk = (struct RBreak*)mrb->exc; proc = mrb_break_proc_get(brk); v = mrb_break_value_get(brk); ci = mrb->c->ci; switch (mrb_break_tag_get(brk)) { #define DISPATCH_CHECKPOINTS(n, i) case n: goto CHECKPOINT_LABEL_MAKE(n); RBREAK_TAG_FOREACH(DISPATCH_CHECKPOINTS) #undef DISPATCH_CHECKPOINTS default: mrb_assert(!""wrong break tag""); } } while (mrb->c->cibase < ci && ci[-1].proc != proc->upper) { if (ci[-1].cci == CINFO_SKIP) { goto L_BREAK_ERROR; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_UPPER) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_UPPER) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_UPPER, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_UPPER); ci = cipop(mrb); pc = ci->pc; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_INTARGET) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_INTARGET) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_INTARGET, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_INTARGET); if (ci == mrb->c->cibase) { goto L_BREAK_ERROR; } mrb->exc = NULL; break; default: break; } mrb_assert(ci == mrb->c->ci); mrb_assert(mrb->exc == NULL); if (mrb->c->vmexec && !mrb_vm_ci_target_class(ci)) { mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } acc = ci->cci; ci = cipop(mrb); if (acc == CINFO_SKIP || acc == CINFO_DIRECT) { mrb_gc_arena_restore(mrb, ai); mrb->jmp = prev_jmp; return v; } pc = ci->pc; DEBUG(fprintf(stderr, ""from :%s\n"", mrb_sym_name(mrb, ci->mid))); proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; ci[1].stack[0] = v; mrb_gc_arena_restore(mrb, ai); } JUMP; } CASE(OP_BLKPUSH, BS) { int m1 = (b>>11)&0x3f; int r = (b>>10)&0x1; int m2 = (b>>5)&0x1f; int kd = (b>>4)&0x1; int lv = (b>>0)&0xf; mrb_value *stack; if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e || (!MRB_ENV_ONSTACK_P(e) && e->mid == 0) || MRB_ENV_LEN(e) <= m1+r+m2+1) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } stack = e->stack + 1; } if (mrb_nil_p(stack[m1+r+m2+kd])) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } regs[a] = stack[m1+r+m2+kd]; NEXT; } L_INT_OVERFLOW: { mrb_value exc = mrb_exc_new_lit(mrb, E_RANGE_ERROR, ""integer overflow""); mrb_exc_set(mrb, exc); } goto L_RAISE; #define TYPES2(a,b) ((((uint16_t)(a))<<8)|(((uint16_t)(b))&0xff)) #define OP_MATH(op_name) \ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { \ OP_MATH_CASE_INTEGER(op_name); \ OP_MATH_CASE_FLOAT(op_name, integer, float); \ OP_MATH_CASE_FLOAT(op_name, float, integer); \ OP_MATH_CASE_FLOAT(op_name, float, float); \ OP_MATH_CASE_STRING_##op_name(); \ default: \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATH_CASE_INTEGER(op_name) \ case TYPES2(MRB_TT_INTEGER, MRB_TT_INTEGER): \ { \ mrb_int x = mrb_integer(regs[a]), y = mrb_integer(regs[a+1]), z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATH_CASE_FLOAT(op_name, t1, t2) (void)0 #else #define OP_MATH_CASE_FLOAT(op_name, t1, t2) \ case TYPES2(OP_MATH_TT_##t1, OP_MATH_TT_##t2): \ { \ mrb_float z = mrb_##t1(regs[a]) OP_MATH_OP_##op_name mrb_##t2(regs[a+1]); \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif #define OP_MATH_OVERFLOW_INT() goto L_INT_OVERFLOW #define OP_MATH_CASE_STRING_add() \ case TYPES2(MRB_TT_STRING, MRB_TT_STRING): \ regs[a] = mrb_str_plus(mrb, regs[a], regs[a+1]); \ mrb_gc_arena_restore(mrb, ai); \ break #define OP_MATH_CASE_STRING_sub() (void)0 #define OP_MATH_CASE_STRING_mul() (void)0 #define OP_MATH_OP_add + #define OP_MATH_OP_sub - #define OP_MATH_OP_mul * #define OP_MATH_TT_integer MRB_TT_INTEGER #define OP_MATH_TT_float MRB_TT_FLOAT CASE(OP_ADD, B) { OP_MATH(add); } CASE(OP_SUB, B) { OP_MATH(sub); } CASE(OP_MUL, B) { OP_MATH(mul); } CASE(OP_DIV, B) { #ifndef MRB_NO_FLOAT mrb_float x, y, f; #endif switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER): { mrb_int x = mrb_integer(regs[a]); mrb_int y = mrb_integer(regs[a+1]); mrb_int div = mrb_div_int(mrb, x, y); SET_INT_VALUE(mrb, regs[a], div); } NEXT; #ifndef MRB_NO_FLOAT case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT): x = (mrb_float)mrb_integer(regs[a]); y = mrb_float(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER): x = mrb_float(regs[a]); y = (mrb_float)mrb_integer(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): x = mrb_float(regs[a]); y = mrb_float(regs[a+1]); break; #endif default: mid = MRB_OPSYM(div); goto L_SEND_SYM; } #ifndef MRB_NO_FLOAT f = mrb_div_float(x, y); SET_FLOAT_VALUE(mrb, regs[a], f); #endif NEXT; } #define OP_MATHI(op_name) \ \ switch (mrb_type(regs[a])) { \ OP_MATHI_CASE_INTEGER(op_name); \ OP_MATHI_CASE_FLOAT(op_name); \ default: \ SET_INT_VALUE(mrb,regs[a+1], b); \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATHI_CASE_INTEGER(op_name) \ case MRB_TT_INTEGER: \ { \ mrb_int x = mrb_integer(regs[a]), y = (mrb_int)b, z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATHI_CASE_FLOAT(op_name) (void)0 #else #define OP_MATHI_CASE_FLOAT(op_name) \ case MRB_TT_FLOAT: \ { \ mrb_float z = mrb_float(regs[a]) OP_MATH_OP_##op_name b; \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif CASE(OP_ADDI, BB) { OP_MATHI(add); } CASE(OP_SUBI, BB) { OP_MATHI(sub); } #define OP_CMP_BODY(op,v1,v2) (v1(regs[a]) op v2(regs[a+1])) #ifdef MRB_NO_FLOAT #define OP_CMP(op,sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #else #define OP_CMP(op, sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_float);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_float,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_float,mrb_float);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #endif CASE(OP_EQ, B) { if (mrb_obj_eq(mrb, regs[a], regs[a+1])) { SET_TRUE_VALUE(regs[a]); } else { OP_CMP(==,eq); } NEXT; } CASE(OP_LT, B) { OP_CMP(<,lt); NEXT; } CASE(OP_LE, B) { OP_CMP(<=,le); NEXT; } CASE(OP_GT, B) { OP_CMP(>,gt); NEXT; } CASE(OP_GE, B) { OP_CMP(>=,ge); NEXT; } CASE(OP_ARRAY, BB) { regs[a] = mrb_ary_new_from_values(mrb, b, ®s[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARRAY2, BBB) { regs[a] = mrb_ary_new_from_values(mrb, c, ®s[b]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYCAT, B) { mrb_value splat = mrb_ary_splat(mrb, regs[a+1]); if (mrb_nil_p(regs[a])) { regs[a] = splat; } else { mrb_assert(mrb_array_p(regs[a])); mrb_ary_concat(mrb, regs[a], splat); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYPUSH, BB) { mrb_assert(mrb_array_p(regs[a])); for (mrb_int i=0; i pre + post) { v = mrb_ary_new_from_values(mrb, len - pre - post, ARY_PTR(ary)+pre); regs[a++] = v; while (post--) { regs[a++] = ARY_PTR(ary)[len-post-1]; } } else { v = mrb_ary_new_capa(mrb, 0); regs[a++] = v; for (idx=0; idx+pre> 2; if (pool[b].tt & IREP_TT_SFLAG) { sym = mrb_intern_static(mrb, pool[b].u.str, len); } else { sym = mrb_intern(mrb, pool[b].u.str, len); } regs[a] = mrb_symbol_value(sym); NEXT; } CASE(OP_STRING, BB) { mrb_int len; mrb_assert((pool[b].tt&IREP_TT_NFLAG)==0); len = pool[b].tt >> 2; if (pool[b].tt & IREP_TT_SFLAG) { regs[a] = mrb_str_new_static(mrb, pool[b].u.str, len); } else { regs[a] = mrb_str_new(mrb, pool[b].u.str, len); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_STRCAT, B) { mrb_assert(mrb_string_p(regs[a])); mrb_str_concat(mrb, regs[a], regs[a+1]); NEXT; } CASE(OP_HASH, BB) { mrb_value hash = mrb_hash_new_capa(mrb, b); int i; int lim = a+b*2; for (i=a; ireps[b]; if (c & OP_L_CAPTURE) { p = mrb_closure_new(mrb, nirep); } else { p = mrb_proc_new(mrb, nirep); p->flags |= MRB_PROC_SCOPE; } if (c & OP_L_STRICT) p->flags |= MRB_PROC_STRICT; regs[a] = mrb_obj_value(p); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_BLOCK, BB) { c = OP_L_BLOCK; goto L_MAKE_LAMBDA; } CASE(OP_METHOD, BB) { c = OP_L_METHOD; goto L_MAKE_LAMBDA; } CASE(OP_RANGE_INC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], FALSE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_RANGE_EXC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], TRUE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_OCLASS, B) { regs[a] = mrb_obj_value(mrb->object_class); NEXT; } CASE(OP_CLASS, BB) { struct RClass *c = 0, *baseclass; mrb_value base, super; mrb_sym id = syms[b]; base = regs[a]; super = regs[a+1]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } c = mrb_vm_define_class(mrb, base, super, id); regs[a] = mrb_obj_value(c); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_MODULE, BB) { struct RClass *cls = 0, *baseclass; mrb_value base; mrb_sym id = syms[b]; base = regs[a]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } cls = mrb_vm_define_module(mrb, base, id); regs[a] = mrb_obj_value(cls); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_EXEC, BB) { mrb_value recv = regs[a]; struct RProc *p; const mrb_irep *nirep = irep->reps[b]; p = mrb_proc_new(mrb, nirep); p->c = NULL; mrb_field_write_barrier(mrb, (struct RBasic*)p, (struct RBasic*)proc); MRB_PROC_SET_TARGET_CLASS(p, mrb_class_ptr(recv)); p->flags |= MRB_PROC_SCOPE; cipush(mrb, a, 0, mrb_class_ptr(recv), p, 0, 0); irep = p->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+1, irep->nregs-1); pc = irep->iseq; JUMP; } CASE(OP_DEF, BB) { struct RClass *target = mrb_class_ptr(regs[a]); struct RProc *p = mrb_proc_ptr(regs[a+1]); mrb_method_t m; mrb_sym mid = syms[b]; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, target, mid, m); mrb_method_added(mrb, target, mid); mrb_gc_arena_restore(mrb, ai); regs[a] = mrb_symbol_value(mid); NEXT; } CASE(OP_SCLASS, B) { regs[a] = mrb_singleton_class(mrb, regs[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_TCLASS, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; regs[a] = mrb_obj_value(target); NEXT; } CASE(OP_ALIAS, BB) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_alias_method(mrb, target, syms[a], syms[b]); mrb_method_added(mrb, target, syms[a]); NEXT; } CASE(OP_UNDEF, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_undef_method_id(mrb, target, syms[a]); NEXT; } CASE(OP_DEBUG, Z) { FETCH_BBB(); #ifdef MRB_USE_DEBUG_HOOK mrb->debug_op_hook(mrb, irep, pc, regs); #else #ifndef MRB_NO_STDIO printf(""OP_DEBUG %d %d %d\n"", a, b, c); #else abort(); #endif #endif NEXT; } CASE(OP_ERR, B) { size_t len = pool[a].tt >> 2; mrb_value exc; mrb_assert((pool[a].tt&IREP_TT_NFLAG)==0); exc = mrb_exc_new(mrb, E_LOCALJUMP_ERROR, pool[a].u.str, len); mrb_exc_set(mrb, exc); goto L_RAISE; } CASE(OP_EXT1, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _1(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT2, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _2(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT3, Z) { uint8_t insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _3(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_STOP, Z) { CHECKPOINT_RESTORE(RBREAK_TAG_STOP) { } CHECKPOINT_MAIN(RBREAK_TAG_STOP) { UNWIND_ENSURE(mrb, mrb->c->ci, pc, RBREAK_TAG_STOP, proc, mrb_nil_value()); } CHECKPOINT_END(RBREAK_TAG_STOP); L_STOP: mrb->jmp = prev_jmp; if (mrb->exc) { mrb_assert(mrb->exc->tt == MRB_TT_EXCEPTION); return mrb_obj_value(mrb->exc); } return regs[irep->nlocals]; } } END_DISPATCH; #undef regs } MRB_CATCH(&c_jmp) { mrb_callinfo *ci = mrb->c->ci; while (ci > mrb->c->cibase && ci->cci == CINFO_DIRECT) { ci = cipop(mrb); } exc_catched = TRUE; pc = ci->pc; goto RETRY_TRY_BLOCK; } MRB_END_EXC(&c_jmp); }",visit repo url,src/vm.c,https://github.com/mruby/mruby,123786699723763,1 3742,CWE-787,"int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { int is_rf64 = !strncmp (fourcc, ""RF64"", 4), got_ds64 = 0; int64_t total_samples = 0, infilesize; RiffChunkHeader riff_chunk_header; ChunkHeader chunk_header; WaveHeader WaveHeader; DS64Chunk ds64_chunk; uint32_t bcount; CLEAR (WaveHeader); CLEAR (ds64_chunk); infilesize = DoGetFileSize (infile); if (!is_rf64 && infilesize >= 4294967296LL && !(config->qmode & QMODE_IGNORE_LENGTH)) { error_line (""can't handle .WAV files larger than 4 GB (non-standard)!""); return WAVPACK_SOFT_ERROR; } memcpy (&riff_chunk_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &riff_chunk_header) + 4, sizeof (RiffChunkHeader) - 4, &bcount) || bcount != sizeof (RiffChunkHeader) - 4 || strncmp (riff_chunk_header.formType, ""WAVE"", 4))) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &riff_chunk_header, sizeof (RiffChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } while (1) { if (!DoReadFile (infile, &chunk_header, sizeof (ChunkHeader), &bcount) || bcount != sizeof (ChunkHeader)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &chunk_header, sizeof (ChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackLittleEndianToNative (&chunk_header, ChunkHeaderFormat); if (!strncmp (chunk_header.ckID, ""ds64"", 4)) { if (chunk_header.ckSize < sizeof (DS64Chunk) || !DoReadFile (infile, &ds64_chunk, sizeof (DS64Chunk), &bcount) || bcount != sizeof (DS64Chunk)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &ds64_chunk, sizeof (DS64Chunk))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } got_ds64 = 1; WavpackLittleEndianToNative (&ds64_chunk, DS64ChunkFormat); if (debug_logging_mode) error_line (""DS64: riffSize = %lld, dataSize = %lld, sampleCount = %lld, table_length = %d"", (long long) ds64_chunk.riffSize64, (long long) ds64_chunk.dataSize64, (long long) ds64_chunk.sampleCount64, ds64_chunk.tableLength); if (ds64_chunk.tableLength * sizeof (CS64Chunk) != chunk_header.ckSize - sizeof (DS64Chunk)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } while (ds64_chunk.tableLength--) { CS64Chunk cs64_chunk; if (!DoReadFile (infile, &cs64_chunk, sizeof (CS64Chunk), &bcount) || bcount != sizeof (CS64Chunk) || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &cs64_chunk, sizeof (CS64Chunk)))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } } } else if (!strncmp (chunk_header.ckID, ""fmt "", 4)) { int supported = TRUE, format; if (chunk_header.ckSize < 16 || chunk_header.ckSize > sizeof (WaveHeader) || !DoReadFile (infile, &WaveHeader, chunk_header.ckSize, &bcount) || bcount != chunk_header.ckSize) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &WaveHeader, chunk_header.ckSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackLittleEndianToNative (&WaveHeader, WaveHeaderFormat); if (debug_logging_mode) { error_line (""format tag size = %d"", chunk_header.ckSize); error_line (""FormatTag = %x, NumChannels = %d, BitsPerSample = %d"", WaveHeader.FormatTag, WaveHeader.NumChannels, WaveHeader.BitsPerSample); error_line (""BlockAlign = %d, SampleRate = %d, BytesPerSecond = %d"", WaveHeader.BlockAlign, WaveHeader.SampleRate, WaveHeader.BytesPerSecond); if (chunk_header.ckSize > 16) error_line (""cbSize = %d, ValidBitsPerSample = %d"", WaveHeader.cbSize, WaveHeader.ValidBitsPerSample); if (chunk_header.ckSize > 20) error_line (""ChannelMask = %x, SubFormat = %d"", WaveHeader.ChannelMask, WaveHeader.SubFormat); } if (chunk_header.ckSize > 16 && WaveHeader.cbSize == 2) config->qmode |= QMODE_ADOBE_MODE; format = (WaveHeader.FormatTag == 0xfffe && chunk_header.ckSize == 40) ? WaveHeader.SubFormat : WaveHeader.FormatTag; config->bits_per_sample = (chunk_header.ckSize == 40 && WaveHeader.ValidBitsPerSample) ? WaveHeader.ValidBitsPerSample : WaveHeader.BitsPerSample; if (format != 1 && format != 3) supported = FALSE; if (format == 3 && config->bits_per_sample != 32) supported = FALSE; if (!WaveHeader.NumChannels || WaveHeader.NumChannels > 256 || WaveHeader.BlockAlign / WaveHeader.NumChannels < (config->bits_per_sample + 7) / 8 || WaveHeader.BlockAlign / WaveHeader.NumChannels > 4 || WaveHeader.BlockAlign % WaveHeader.NumChannels) supported = FALSE; if (config->bits_per_sample < 1 || config->bits_per_sample > 32) supported = FALSE; if (!supported) { error_line (""%s is an unsupported .WAV format!"", infilename); return WAVPACK_SOFT_ERROR; } if (chunk_header.ckSize < 40) { if (!config->channel_mask && !(config->qmode & QMODE_CHANS_UNASSIGNED)) { if (WaveHeader.NumChannels <= 2) config->channel_mask = 0x5 - WaveHeader.NumChannels; else if (WaveHeader.NumChannels <= 18) config->channel_mask = (1 << WaveHeader.NumChannels) - 1; else config->channel_mask = 0x3ffff; } } else if (WaveHeader.ChannelMask && (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED))) { error_line (""this WAV file already has channel order information!""); return WAVPACK_SOFT_ERROR; } else if (WaveHeader.ChannelMask) config->channel_mask = WaveHeader.ChannelMask; if (format == 3) config->float_norm_exp = 127; else if ((config->qmode & QMODE_ADOBE_MODE) && WaveHeader.BlockAlign / WaveHeader.NumChannels == 4) { if (WaveHeader.BitsPerSample == 24) config->float_norm_exp = 127 + 23; else if (WaveHeader.BitsPerSample == 32) config->float_norm_exp = 127 + 15; } if (debug_logging_mode) { if (config->float_norm_exp == 127) error_line (""data format: normalized 32-bit floating point""); else if (config->float_norm_exp) error_line (""data format: 32-bit floating point (Audition %d:%d float type 1)"", config->float_norm_exp - 126, 150 - config->float_norm_exp); else error_line (""data format: %d-bit integers stored in %d byte(s)"", config->bits_per_sample, WaveHeader.BlockAlign / WaveHeader.NumChannels); } } else if (!strncmp (chunk_header.ckID, ""data"", 4)) { int64_t data_chunk_size = (got_ds64 && chunk_header.ckSize == (uint32_t) -1) ? ds64_chunk.dataSize64 : chunk_header.ckSize; if (!WaveHeader.NumChannels || (is_rf64 && !got_ds64)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } if (infilesize && !(config->qmode & QMODE_IGNORE_LENGTH) && infilesize - data_chunk_size > 16777216) { error_line (""this .WAV file has over 16 MB of extra RIFF data, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (config->qmode & QMODE_IGNORE_LENGTH) { if (infilesize && DoGetFilePosition (infile) != -1) total_samples = (infilesize - DoGetFilePosition (infile)) / WaveHeader.BlockAlign; else total_samples = -1; } else { total_samples = data_chunk_size / WaveHeader.BlockAlign; if (got_ds64 && total_samples != ds64_chunk.sampleCount64) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } if (!total_samples) { error_line (""this .WAV file has no audio samples, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (total_samples > MAX_WAVPACK_SAMPLES) { error_line (""%s has too many samples for WavPack!"", infilename); return WAVPACK_SOFT_ERROR; } } config->bytes_per_sample = WaveHeader.BlockAlign / WaveHeader.NumChannels; config->num_channels = WaveHeader.NumChannels; config->sample_rate = WaveHeader.SampleRate; break; } else { int bytes_to_copy = (chunk_header.ckSize + 1) & ~1L; char *buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", chunk_header.ckID [0], chunk_header.ckID [1], chunk_header.ckID [2], chunk_header.ckID [3], chunk_header.ckSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (!WavpackSetConfiguration64 (wpc, config, total_samples, NULL)) { error_line (""%s: %s"", infilename, WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } return WAVPACK_NO_ERROR; }",visit repo url,cli/riff.c,https://github.com/dbry/WavPack,197485221710697,1 4375,['CWE-264'],"void sock_kfree_s(struct sock *sk, void *mem, int size) { kfree(mem); atomic_sub(size, &sk->sk_omem_alloc); }",linux-2.6,,,269979766093992167972232106124860704058,0 4201,['CWE-399'],"static AvahiEntry *find_entry(AvahiServer *s, AvahiIfIndex interface, AvahiProtocol protocol, AvahiKey *key) { AvahiEntry *e; assert(s); assert(key); for (e = avahi_hashmap_lookup(s->entries_by_key, key); e; e = e->by_key_next) if ((e->interface == interface || e->interface <= 0 || interface <= 0) && (e->protocol == protocol || e->protocol == AVAHI_PROTO_UNSPEC || protocol == AVAHI_PROTO_UNSPEC) && (!e->group || e->group->state == AVAHI_ENTRY_GROUP_ESTABLISHED || e->group->state == AVAHI_ENTRY_GROUP_REGISTERING)) return e; return NULL; }",avahi,,,15113903926013486189929332452430949679,0 1680,[],"static inline void register_fair_sched_group(struct task_group *tg, int cpu) { list_add_rcu(&tg->cfs_rq[cpu]->leaf_cfs_rq_list, &cpu_rq(cpu)->leaf_cfs_rq_list); }",linux-2.6,,,318691075335123976008510833806933787229,0 4929,CWE-59,"dump_keywords(vector_t *keydump, int level, FILE *fp) { unsigned int i; keyword_t *keyword_vec; char file_name[21]; if (!level) { snprintf(file_name, sizeof(file_name), ""/tmp/keywords.%d"", getpid()); fp = fopen(file_name, ""w""); if (!fp) return; } for (i = 0; i < vector_size(keydump); i++) { keyword_vec = vector_slot(keydump, i); fprintf(fp, ""%*sKeyword : %s (%s)\n"", level * 2, """", keyword_vec->string, keyword_vec->active ? ""active"": ""disabled""); if (keyword_vec->sub) dump_keywords(keyword_vec->sub, level + 1, fp); } if (!level) fclose(fp); }",visit repo url,lib/parser.c,https://github.com/acassen/keepalived,71739863581136,1 194,CWE-908,"nfs4_file_open(struct inode *inode, struct file *filp) { struct nfs_open_context *ctx; struct dentry *dentry = file_dentry(filp); struct dentry *parent = NULL; struct inode *dir; unsigned openflags = filp->f_flags; struct iattr attr; int err; dprintk(""NFS: open file(%pd2)\n"", dentry); err = nfs_check_flags(openflags); if (err) return err; if ((openflags & O_ACCMODE) == 3) return nfs_open(inode, filp); openflags &= ~(O_CREAT|O_EXCL); parent = dget_parent(dentry); dir = d_inode(parent); ctx = alloc_nfs_open_context(file_dentry(filp), filp->f_mode, filp); err = PTR_ERR(ctx); if (IS_ERR(ctx)) goto out; attr.ia_valid = ATTR_OPEN; if (openflags & O_TRUNC) { attr.ia_valid |= ATTR_SIZE; attr.ia_size = 0; filemap_write_and_wait(inode->i_mapping); } inode = NFS_PROTO(dir)->open_context(dir, ctx, openflags, &attr, NULL); if (IS_ERR(inode)) { err = PTR_ERR(inode); switch (err) { default: goto out_put_ctx; case -ENOENT: case -ESTALE: case -EISDIR: case -ENOTDIR: case -ELOOP: goto out_drop; } } if (inode != d_inode(dentry)) goto out_drop; nfs_file_set_open_context(filp, ctx); nfs_fscache_open_file(inode, filp); err = 0; out_put_ctx: put_nfs_open_context(ctx); out: dput(parent); return err; out_drop: d_drop(dentry); err = -EOPENSTALE; goto out_put_ctx; }",visit repo url,fs/nfs/nfs4file.c,https://github.com/torvalds/linux,26074099521230,1 4538,CWE-125,"static void mhas_dmx_check_dur(GF_Filter *filter, GF_MHASDmxCtx *ctx) { GF_Fraction64 duration; FILE *stream; GF_BitStream *bs; u32 frame_len, cur_dur; Bool mhas_sap; u64 mhas_last_cfg, rate; const GF_PropertyValue *p; if (!ctx->opid || ctx->timescale || ctx->file_loaded) return; if (ctx->index<=0) { ctx->file_loaded = GF_TRUE; return; } p = gf_filter_pid_get_property(ctx->ipid, GF_PROP_PID_FILEPATH); if (!p || !p->value.string || !strncmp(p->value.string, ""gmem://"", 7)) { ctx->is_file = GF_FALSE; ctx->file_loaded = GF_TRUE; return; } ctx->is_file = GF_TRUE; stream = gf_fopen_ex(p->value.string, NULL, ""rb"", GF_TRUE); if (!stream) { if (gf_fileio_is_main_thread(p->value.string)) ctx->file_loaded = GF_TRUE; return; } ctx->index_size = 0; bs = gf_bs_from_file(stream, GF_BITSTREAM_READ); duration.num = duration.den = 0; frame_len = cur_dur = 0; mhas_last_cfg = 0; while (gf_bs_available(bs)) { u32 sync_code = gf_bs_peek_bits(bs, 24, 0); if (sync_code == 0xC001A5) { break; } gf_bs_skip_bytes(bs, 1); } while (gf_bs_available(bs)) { u64 mhas_pck_start, pay_start, parse_end, mhas_size; u32 mhas_type; mhas_pck_start = gf_bs_get_position(bs); mhas_type = (u32) gf_mpegh_escaped_value(bs, 3, 8, 8); gf_mpegh_escaped_value(bs, 2, 8, 32); mhas_size = gf_mpegh_escaped_value(bs, 11, 24, 24); pay_start = (u32) gf_bs_get_position(bs); if (!gf_bs_available(bs) ) break; if (mhas_size > gf_bs_available(bs)) break; mhas_sap = 0; if (mhas_type==2) { mhas_sap = gf_bs_read_int(bs, 1); if (!mhas_last_cfg) mhas_sap = 0; } else if (mhas_type==1) { u32 sr = 0; gf_bs_read_u8(bs); u32 idx = gf_bs_read_int(bs, 5); if (idx==0x1f) duration.den = gf_bs_read_int(bs, 24); else if (sr < nb_usac_sr) { duration.den = USACSampleRates[idx]; } idx = gf_bs_read_int(bs, 3); if ((idx==0) || (idx==2) ) frame_len = 768; else frame_len = 1024; mhas_last_cfg = mhas_pck_start; } else if (mhas_type==17) { Bool isActive = gf_bs_read_int(bs, 1); gf_bs_read_int(bs, 1); Bool trunc_from_begin = gf_bs_read_int(bs, 1); u32 nb_trunc_samples = gf_bs_read_int(bs, 13); if (isActive && !trunc_from_begin) { duration.num -= nb_trunc_samples; } } gf_bs_align(bs); parse_end = (u32) gf_bs_get_position(bs) - pay_start; gf_bs_skip_bytes(bs, mhas_size - parse_end); if (mhas_sap && duration.den && (cur_dur >= ctx->index * duration.den) ) { if (!ctx->index_alloc_size) ctx->index_alloc_size = 10; else if (ctx->index_alloc_size == ctx->index_size) ctx->index_alloc_size *= 2; ctx->indexes = gf_realloc(ctx->indexes, sizeof(MHASIdx)*ctx->index_alloc_size); ctx->indexes[ctx->index_size].pos = mhas_last_cfg; ctx->indexes[ctx->index_size].duration = ((Double) duration.num) / duration.den; ctx->index_size ++; cur_dur = 0; } if (mhas_type==2) { duration.num += frame_len; cur_dur += frame_len; mhas_last_cfg = 0; } } rate = gf_bs_get_position(bs); gf_bs_del(bs); gf_fclose(stream); if (!ctx->duration.num || (ctx->duration.num * duration.den != duration.num * ctx->duration.den)) { ctx->duration = duration; gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_DURATION, & PROP_FRAC64(ctx->duration)); if (duration.num && !gf_sys_is_test_mode() ) { rate *= 8 * ctx->duration.den; rate /= ctx->duration.num; ctx->bitrate = (u32) rate; } } p = gf_filter_pid_get_property(ctx->ipid, GF_PROP_PID_FILE_CACHED); if (p && p->value.boolean) ctx->file_loaded = GF_TRUE; }",visit repo url,src/filters/reframe_mhas.c,https://github.com/gpac/gpac,168554286195139,1 2894,['CWE-189'],"static int jas_icctxt_getsize(jas_iccattrval_t *attrval) { jas_icctxt_t *txt = &attrval->data.txt; return strlen(txt->string) + 1; }",jasper,,,279288562249581176259528354647660234107,0 1599,[],"long sched_getaffinity(pid_t pid, cpumask_t *mask) { struct task_struct *p; int retval; get_online_cpus(); read_lock(&tasklist_lock); retval = -ESRCH; p = find_process_by_pid(pid); if (!p) goto out_unlock; retval = security_task_getscheduler(p); if (retval) goto out_unlock; cpus_and(*mask, p->cpus_allowed, cpu_online_map); out_unlock: read_unlock(&tasklist_lock); put_online_cpus(); return retval; }",linux-2.6,,,112368899838957674463661157924773122498,0 6532,CWE-125,"MOBI_RET mobi_parse_huff(MOBIHuffCdic *huffcdic, const MOBIPdbRecord *record) { MOBIBuffer *buf = mobi_buffer_init_null(record->data, record->size); if (buf == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } char huff_magic[5]; mobi_buffer_getstring(huff_magic, buf, 4); const size_t header_length = mobi_buffer_get32(buf); if (strncmp(huff_magic, HUFF_MAGIC, 4) != 0 || header_length < HUFF_HEADER_LEN) { debug_print(""HUFF wrong magic: %s\n"", huff_magic); mobi_buffer_free_null(buf); return MOBI_DATA_CORRUPT; } const size_t data1_offset = mobi_buffer_get32(buf); const size_t data2_offset = mobi_buffer_get32(buf); mobi_buffer_setpos(buf, data1_offset); if (buf->offset + (256 * 4) > buf->maxlen) { debug_print(""%s"", ""HUFF data1 too short\n""); mobi_buffer_free_null(buf); return MOBI_DATA_CORRUPT; } for (int i = 0; i < 256; i++) { huffcdic->table1[i] = mobi_buffer_get32(buf); } mobi_buffer_setpos(buf, data2_offset); if (buf->offset + (64 * 4) > buf->maxlen) { debug_print(""%s"", ""HUFF data2 too short\n""); mobi_buffer_free_null(buf); return MOBI_DATA_CORRUPT; } huffcdic->mincode_table[0] = 0; huffcdic->maxcode_table[0] = 0xFFFFFFFF; for (int i = 1; i < 33; i++) { const uint32_t mincode = mobi_buffer_get32(buf); const uint32_t maxcode = mobi_buffer_get32(buf); huffcdic->mincode_table[i] = mincode << (32 - i); huffcdic->maxcode_table[i] = ((maxcode + 1) << (32 - i)) - 1; } mobi_buffer_free_null(buf); return MOBI_SUCCESS; }",visit repo url,src/read.c,https://github.com/bfabiszewski/libmobi,39176697064472,1 2598,['CWE-189'],"const char *dccp_state_name(const int state) { static char *dccp_state_names[] = { [DCCP_OPEN] = ""OPEN"", [DCCP_REQUESTING] = ""REQUESTING"", [DCCP_PARTOPEN] = ""PARTOPEN"", [DCCP_LISTEN] = ""LISTEN"", [DCCP_RESPOND] = ""RESPOND"", [DCCP_CLOSING] = ""CLOSING"", [DCCP_ACTIVE_CLOSEREQ] = ""CLOSEREQ"", [DCCP_PASSIVE_CLOSE] = ""PASSIVE_CLOSE"", [DCCP_PASSIVE_CLOSEREQ] = ""PASSIVE_CLOSEREQ"", [DCCP_TIME_WAIT] = ""TIME_WAIT"", [DCCP_CLOSED] = ""CLOSED"", }; if (state >= DCCP_MAX_STATES) return ""INVALID STATE!""; else return dccp_state_names[state]; }",linux-2.6,,,20356461362658591570530781657054044887,0 2210,['CWE-193'],"struct page *find_get_page(struct address_space *mapping, pgoff_t offset) { void **pagep; struct page *page; rcu_read_lock(); repeat: page = NULL; pagep = radix_tree_lookup_slot(&mapping->page_tree, offset); if (pagep) { page = radix_tree_deref_slot(pagep); if (unlikely(!page || page == RADIX_TREE_RETRY)) goto repeat; if (!page_cache_get_speculative(page)) goto repeat; if (unlikely(page != *pagep)) { page_cache_release(page); goto repeat; } } rcu_read_unlock(); return page; }",linux-2.6,,,138382289343314144367920687275636333147,0 4452,['CWE-264'],"int sock_common_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) { struct sock *sk = sock->sk; return sk->sk_prot->setsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,235601365587872740461482722975732722707,0 2067,['CWE-269'],"static void touch_mnt_namespace(struct mnt_namespace *ns) { if (ns) { ns->event = ++event; wake_up_interruptible(&ns->poll); } }",linux-2.6,,,220173076945430849083582840203166672296,0 6359,['CWE-200'],"__rta_reserve(struct sk_buff *skb, int attrtype, int attrlen) { struct rtattr *rta; int size = RTA_LENGTH(attrlen); rta = (struct rtattr*)skb_put(skb, RTA_ALIGN(size)); rta->rta_type = attrtype; rta->rta_len = size; memset(RTA_DATA(rta) + attrlen, 0, RTA_ALIGN(size) - size); return rta; }",linux-2.6,,,183937739188095439784059302882773594083,0 4721,CWE-191,"void imap_quote_string(char *dest, size_t dlen, const char *src, bool quote_backtick) { const char *quote = ""`\""\\""; if (!quote_backtick) quote++; char *pt = dest; const char *s = src; *pt++ = '""'; dlen -= 2; for (; *s && dlen; s++) { if (strchr(quote, *s)) { dlen -= 2; if (dlen == 0) break; *pt++ = '\\'; *pt++ = *s; } else { *pt++ = *s; dlen--; } } *pt++ = '""'; *pt = '\0'; }",visit repo url,imap/util.c,https://github.com/neomutt/neomutt,230556057044722,1 3100,['CWE-189'],"static int fromiccpcs(int cs) { switch (cs) { case ICC_CS_RGB: return JAS_CLRSPC_GENRGB; break; case ICC_CS_YCBCR: return JAS_CLRSPC_GENYCBCR; break; case ICC_CS_GRAY: return JAS_CLRSPC_GENGRAY; break; } return JAS_CLRSPC_UNKNOWN; }",jasper,,,5214988294219704200824016961476847624,0 1584,[],"static int move_one_task(struct rq *this_rq, int this_cpu, struct rq *busiest, struct sched_domain *sd, enum cpu_idle_type idle) { const struct sched_class *class; for (class = sched_class_highest; class; class = class->next) if (class->move_one_task(this_rq, this_cpu, busiest, sd, idle)) return 1; return 0; }",linux-2.6,,,141610533294141767988824777617263057002,0 53,CWE-763,"spnego_gss_import_sec_context( OM_uint32 *minor_status, const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle) { OM_uint32 ret; ret = gss_import_sec_context(minor_status, interprocess_token, context_handle); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,7927393600054,1 1701,[],"static inline void trigger_load_balance(struct rq *rq, int cpu) { #ifdef CONFIG_NO_HZ if (rq->in_nohz_recently && !rq->idle_at_tick) { rq->in_nohz_recently = 0; if (atomic_read(&nohz.load_balancer) == cpu) { cpu_clear(cpu, nohz.cpu_mask); atomic_set(&nohz.load_balancer, -1); } if (atomic_read(&nohz.load_balancer) == -1) { int ilb = first_cpu(nohz.cpu_mask); if (ilb < nr_cpu_ids) resched_cpu(ilb); } } if (rq->idle_at_tick && atomic_read(&nohz.load_balancer) == cpu && cpus_weight(nohz.cpu_mask) == num_online_cpus()) { resched_cpu(cpu); return; } if (rq->idle_at_tick && atomic_read(&nohz.load_balancer) != cpu && cpu_isset(cpu, nohz.cpu_mask)) return; #endif if (time_after_eq(jiffies, rq->next_balance)) raise_softirq(SCHED_SOFTIRQ); }",linux-2.6,,,46554874229980422329691406075809158466,0 6101,CWE-190,"int cp_vbnn_ver(const ec_t r, const bn_t z, const bn_t h, const uint8_t *id, size_t id_len, const uint8_t *msg, int msg_len, const ec_t mpk) { int len, result = 0; uint8_t *buf = NULL, *buf_i, hash[RLC_MD_LEN]; bn_t n, c, _h; ec_t Z; ec_t t; bn_null(n); bn_null(c); bn_null(_h); ec_null(Z); ec_null(t); RLC_TRY { bn_new(n); bn_new(c); bn_new(_h); ec_new(Z); ec_new(t); len = id_len + msg_len + 2 * ec_size_bin(r, 1); buf = RLC_ALLOCA(uint8_t, len); if (buf == NULL) { RLC_THROW(ERR_NO_MEMORY); } ec_curve_get_ord(n); buf_i = buf; memcpy(buf_i, id, id_len); buf_i += id_len; ec_write_bin(buf_i, ec_size_bin(r, 1), r, 1); len = id_len + ec_size_bin(r, 1); md_map(hash, buf, len); bn_read_bin(c, hash, RLC_MD_LEN); bn_mod(c, c, n); ec_mul_gen(Z, z); ec_mul(t, mpk, c); ec_add(t, t, r); ec_norm(t, t); ec_mul(t, t, h); ec_sub(Z, Z, t); ec_norm(Z, Z); buf_i = buf; memcpy(buf_i, id, id_len); buf_i += id_len; memcpy(buf_i, msg, msg_len); buf_i += msg_len; ec_write_bin(buf_i, ec_size_bin(r, 1), r, 1); buf_i += ec_size_bin(r, 1); ec_write_bin(buf_i, ec_size_bin(Z, 1), Z, 1); len = id_len + msg_len + ec_size_bin(r, 1) + ec_size_bin(Z, 1); md_map(hash, buf, len); bn_read_bin(_h, hash, RLC_MD_LEN); bn_mod(_h, _h, n); RLC_FREE(buf); if (bn_cmp(h, _h) == RLC_EQ) { result = 1; } else { result = 0; } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(c); bn_free(_h); ec_free(Z); ec_free(t); RLC_FREE(buf); } return result; }",visit repo url,src/cp/relic_cp_vbnn.c,https://github.com/relic-toolkit/relic,67450875805724,1 1356,CWE-119,"static inline int pmd_large(pmd_t pte) { return (pmd_flags(pte) & (_PAGE_PSE | _PAGE_PRESENT)) == (_PAGE_PSE | _PAGE_PRESENT); }",visit repo url,arch/x86/include/asm/pgtable.h,https://github.com/torvalds/linux,206506233598781,1 1475,CWE-264,"void perf_event_enable(struct perf_event *event) { struct perf_event_context *ctx = event->ctx; struct task_struct *task = ctx->task; if (!task) { cpu_function_call(event->cpu, __perf_event_enable, event); return; } raw_spin_lock_irq(&ctx->lock); if (event->state >= PERF_EVENT_STATE_INACTIVE) goto out; if (event->state == PERF_EVENT_STATE_ERROR) event->state = PERF_EVENT_STATE_OFF; retry: if (!ctx->is_active) { __perf_event_mark_enabled(event); goto out; } raw_spin_unlock_irq(&ctx->lock); if (!task_function_call(task, __perf_event_enable, event)) return; raw_spin_lock_irq(&ctx->lock); if (ctx->is_active && event->state == PERF_EVENT_STATE_OFF) { task = ctx->task; goto retry; } out: raw_spin_unlock_irq(&ctx->lock); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,253563573243606,1 700,[],"static void jpc_coc_destroyparms(jpc_ms_t *ms) { jpc_coc_t *coc = &ms->parms.coc; jpc_cox_destroycompparms(&coc->compparms); }",jasper,,,266985010047623694449538656394692107483,0 2906,CWE-119,"fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc) { tmsize_t stride = PredictorState(tif)->stride; uint32 bps = tif->tif_dir.td_bitspersample / 8; tmsize_t wc = cc / bps; tmsize_t count; uint8 *cp = (uint8 *) cp0; uint8 *tmp = (uint8 *)_TIFFmalloc(cc); if((cc%(bps*stride))!=0) { TIFFErrorExt(tif->tif_clientdata, ""fpDiff"", ""%s"", ""(cc%(bps*stride))!=0""); return 0; } if (!tmp) return 0; _TIFFmemcpy(tmp, cp0, cc); for (count = 0; count < wc; count++) { uint32 byte; for (byte = 0; byte < bps; byte++) { #if WORDS_BIGENDIAN cp[byte * wc + count] = tmp[bps * count + byte]; #else cp[(bps - byte - 1) * wc + count] = tmp[bps * count + byte]; #endif } } _TIFFfree(tmp); cp = (uint8 *) cp0; cp += cc - stride - 1; for (count = cc; count > stride; count -= stride) REPEAT4(stride, cp[stride] = (unsigned char)((cp[stride] - cp[0])&0xff); cp--) return 1; }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,46174520863386,1 2270,['CWE-120'],"static int may_delete(struct inode *dir,struct dentry *victim,int isdir) { int error; if (!victim->d_inode) return -ENOENT; BUG_ON(victim->d_parent->d_inode != dir); audit_inode_child(victim->d_name.name, victim, dir); error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); if (error) return error; if (IS_APPEND(dir)) return -EPERM; if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)|| IS_IMMUTABLE(victim->d_inode)) return -EPERM; if (isdir) { if (!S_ISDIR(victim->d_inode->i_mode)) return -ENOTDIR; if (IS_ROOT(victim)) return -EBUSY; } else if (S_ISDIR(victim->d_inode->i_mode)) return -EISDIR; if (IS_DEADDIR(dir)) return -ENOENT; if (victim->d_flags & DCACHE_NFSFS_RENAMED) return -EBUSY; return 0; }",linux-2.6,,,29053893861624932492477399897106798738,0 4777,['CWE-20'],"void ext4_free_blks_set(struct super_block *sb, struct ext4_group_desc *bg, __u32 count) { bg->bg_free_blocks_count_lo = cpu_to_le16((__u16)count); if (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT) bg->bg_free_blocks_count_hi = cpu_to_le16(count >> 16); }",linux-2.6,,,334778200153261880230372332459349071630,0 4672,['CWE-399'],"static Indirect *ext4_find_shared(struct inode *inode, int depth, ext4_lblk_t offsets[4], Indirect chain[4], __le32 *top) { Indirect *partial, *p; int k, err; *top = 0; for (k = depth; k > 1 && !offsets[k-1]; k--) ; partial = ext4_get_branch(inode, k, offsets, chain, &err); if (!partial) partial = chain + k-1; if (!partial->key && *partial->p) goto no_top; for (p = partial; (p > chain) && all_zeroes((__le32 *) p->bh->b_data, p->p); p--) ; if (p == chain + k - 1 && p > chain) { p->p--; } else { *top = *p->p; #if 0 *p->p = 0; #endif } while (partial > p) { brelse(partial->bh); partial--; } no_top: return partial; }",linux-2.6,,,82812638417045817568102210710440013280,0 1750,[],"static inline u32 sg_div_cpu_power(const struct sched_group *sg, u32 load) { return reciprocal_divide(load, sg->reciprocal_cpu_power); }",linux-2.6,,,151518194201847816618914902550923680345,0 1334,['CWE-399'],"static int ipip6_tunnel_get_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a) { struct ip_tunnel_prl *kp; struct ip_tunnel_prl_entry *prl; unsigned int cmax, c = 0, ca, len; int ret = 0; cmax = a->datalen / sizeof(*a); if (cmax > 1 && a->addr != htonl(INADDR_ANY)) cmax = 1; kp = (cmax <= 1 || capable(CAP_NET_ADMIN)) ? kcalloc(cmax, sizeof(*kp), GFP_KERNEL) : NULL; read_lock(&ipip6_lock); ca = t->prl_count < cmax ? t->prl_count : cmax; if (!kp) { kp = kcalloc(ca, sizeof(*kp), GFP_ATOMIC); if (!kp) { ret = -ENOMEM; goto out; } } c = 0; for (prl = t->prl; prl; prl = prl->next) { if (c > cmax) break; if (a->addr != htonl(INADDR_ANY) && prl->addr != a->addr) continue; kp[c].addr = prl->addr; kp[c].flags = prl->flags; c++; if (a->addr != htonl(INADDR_ANY)) break; } out: read_unlock(&ipip6_lock); len = sizeof(*kp) * c; ret = len ? copy_to_user(a->data, kp, len) : 0; kfree(kp); if (ret) return -EFAULT; a->datalen = len; return 0; }",linux-2.6,,,278258449831533856812503943571571559974,0 979,CWE-269,"static int pppol2tp_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { struct sock *sk = sock->sk; struct l2tp_session *session; struct l2tp_tunnel *tunnel; int val, len; int err; struct pppol2tp_session *ps; if (level != SOL_PPPOL2TP) return udp_prot.getsockopt(sk, level, optname, optval, optlen); if (get_user(len, optlen)) return -EFAULT; len = min_t(unsigned int, len, sizeof(int)); if (len < 0) return -EINVAL; err = -ENOTCONN; if (sk->sk_user_data == NULL) goto end; err = -EBADF; session = pppol2tp_sock_to_session(sk); if (session == NULL) goto end; ps = l2tp_session_priv(session); if ((session->session_id == 0) && (session->peer_session_id == 0)) { err = -EBADF; tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock); if (tunnel == NULL) goto end_put_sess; err = pppol2tp_tunnel_getsockopt(sk, tunnel, optname, &val); sock_put(ps->tunnel_sock); } else err = pppol2tp_session_getsockopt(sk, session, optname, &val); err = -EFAULT; if (put_user(len, optlen)) goto end_put_sess; if (copy_to_user((void __user *) optval, &val, len)) goto end_put_sess; err = 0; end_put_sess: sock_put(sk); end: return err; }",visit repo url,net/l2tp/l2tp_ppp.c,https://github.com/torvalds/linux,99520765077360,1 2085,CWE-190,"static int do_timer_create(clockid_t which_clock, struct sigevent *event, timer_t __user *created_timer_id) { const struct k_clock *kc = clockid_to_kclock(which_clock); struct k_itimer *new_timer; int error, new_timer_id; int it_id_set = IT_ID_NOT_SET; if (!kc) return -EINVAL; if (!kc->timer_create) return -EOPNOTSUPP; new_timer = alloc_posix_timer(); if (unlikely(!new_timer)) return -EAGAIN; spin_lock_init(&new_timer->it_lock); new_timer_id = posix_timer_add(new_timer); if (new_timer_id < 0) { error = new_timer_id; goto out; } it_id_set = IT_ID_SET; new_timer->it_id = (timer_t) new_timer_id; new_timer->it_clock = which_clock; new_timer->kclock = kc; new_timer->it_overrun = -1; if (event) { rcu_read_lock(); new_timer->it_pid = get_pid(good_sigevent(event)); rcu_read_unlock(); if (!new_timer->it_pid) { error = -EINVAL; goto out; } new_timer->it_sigev_notify = event->sigev_notify; new_timer->sigq->info.si_signo = event->sigev_signo; new_timer->sigq->info.si_value = event->sigev_value; } else { new_timer->it_sigev_notify = SIGEV_SIGNAL; new_timer->sigq->info.si_signo = SIGALRM; memset(&new_timer->sigq->info.si_value, 0, sizeof(sigval_t)); new_timer->sigq->info.si_value.sival_int = new_timer->it_id; new_timer->it_pid = get_pid(task_tgid(current)); } new_timer->sigq->info.si_tid = new_timer->it_id; new_timer->sigq->info.si_code = SI_TIMER; if (copy_to_user(created_timer_id, &new_timer_id, sizeof (new_timer_id))) { error = -EFAULT; goto out; } error = kc->timer_create(new_timer); if (error) goto out; spin_lock_irq(¤t->sighand->siglock); new_timer->it_signal = current->signal; list_add(&new_timer->list, ¤t->signal->posix_timers); spin_unlock_irq(¤t->sighand->siglock); return 0; out: release_posix_timer(new_timer, it_id_set); return error; }",visit repo url,kernel/time/posix-timers.c,https://github.com/torvalds/linux,81110245395908,1 3682,CWE-119,"mm_zfree(struct mm_master *mm, void *address) { mm_free(mm, address); }",visit repo url,usr.bin/ssh/monitor.c,https://github.com/openbsd/src,49502681963431,1 1162,['CWE-189'],"hrtimer_start(struct hrtimer *timer, ktime_t tim, const enum hrtimer_mode mode) { struct hrtimer_clock_base *base, *new_base; unsigned long flags; int ret; base = lock_hrtimer_base(timer, &flags); ret = remove_hrtimer(timer, base); new_base = switch_hrtimer_base(timer, base); if (mode == HRTIMER_MODE_REL) { tim = ktime_add(tim, new_base->get_time()); #ifdef CONFIG_TIME_LOW_RES tim = ktime_add(tim, base->resolution); #endif } timer->expires = tim; timer_stats_hrtimer_set_start_info(timer); enqueue_hrtimer(timer, new_base, base == new_base); unlock_hrtimer_base(timer, &flags); return ret; }",linux-2.6,,,71188575773950226735114180453597269911,0 1267,NVD-CWE-Other,"int perf_config(config_fn_t fn, void *data) { int ret = 0, found = 0; char *repo_config = NULL; const char *home = NULL; if (config_exclusive_filename) return perf_config_from_file(fn, config_exclusive_filename, data); if (perf_config_system() && !access(perf_etc_perfconfig(), R_OK)) { ret += perf_config_from_file(fn, perf_etc_perfconfig(), data); found += 1; } home = getenv(""HOME""); if (perf_config_global() && home) { char *user_config = strdup(mkpath(""%s/.perfconfig"", home)); if (!access(user_config, R_OK)) { ret += perf_config_from_file(fn, user_config, data); found += 1; } free(user_config); } repo_config = perf_pathdup(""config""); if (!access(repo_config, R_OK)) { ret += perf_config_from_file(fn, repo_config, data); found += 1; } free(repo_config); if (found == 0) return -1; return ret; }",visit repo url,tools/perf/util/config.c,https://github.com/torvalds/linux,245549222458977,1 5789,CWE-125,"snmp_ber_decode_unsigned_integer(unsigned char *buf, uint32_t *buff_len, uint8_t expected_type, uint32_t *num) { uint8_t i, len, type; buf = snmp_ber_decode_type(buf, buff_len, &type); if(buf == NULL || type != expected_type) { return NULL; } buf = snmp_ber_decode_length(buf, buff_len, &len); if(buf == NULL || len > 4) { return NULL; } if(*buff_len < len) { return NULL; } *num = (uint32_t)(*buf++ & 0xFF); (*buff_len)--; for(i = 1; i < len; ++i) { *num <<= 8; *num |= (uint8_t)(*buf++ & 0xFF); (*buff_len)--; } return buf; }",visit repo url,os/net/app-layer/snmp/snmp-ber.c,https://github.com/contiki-ng/contiki-ng,67460490062428,1 3920,CWE-122,"check_text_locked(oparg_T *oap) { if (text_locked()) { clearopbeep(oap); text_locked_msg(); return TRUE; } return FALSE; }",visit repo url,src/normal.c,https://github.com/vim/vim,43948657503101,1 5798,['CWE-200'],"static struct atalk_route *atrtr_find(struct atalk_addr *target) { struct atalk_route *net_route = NULL; struct atalk_route *r; read_lock_bh(&atalk_routes_lock); for (r = atalk_routes; r; r = r->next) { if (!(r->flags & RTF_UP)) continue; if (r->target.s_net == target->s_net) { if (r->flags & RTF_HOST) { if (r->target.s_node == target->s_node) goto out; } else net_route = r; } } if (net_route) r = net_route; else if (atrtr_default.dev) r = &atrtr_default; else r = NULL; out: read_unlock_bh(&atalk_routes_lock); return r; }",linux-2.6,,,329479902986962167317310784419812406935,0 5957,CWE-863,"zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64_t fuid, cred_t *cr, zfs_fuid_type_t type) { #ifdef HAVE_KSID uint32_t index = FUID_INDEX(fuid); const char *domain; uid_t id; if (index == 0) return (fuid); domain = zfs_fuid_find_by_idx(zfsvfs, index); ASSERT(domain != NULL); if (type == ZFS_OWNER || type == ZFS_ACE_USER) { (void) kidmap_getuidbysid(crgetzone(cr), domain, FUID_RID(fuid), &id); } else { (void) kidmap_getgidbysid(crgetzone(cr), domain, FUID_RID(fuid), &id); } return (id); #else return (fuid); #endif }",visit repo url,module/zfs/zfs_fuid.c,https://github.com/openzfs/zfs,221999816059341,1 2584,[],"static int flush_grep(struct grep_opt *opt, int argc, int arg0, const char **argv, int *kept) { int status; int count = argc - arg0; const char *kept_0 = NULL; if (count <= 2) { if (kept) die(""insanely many options to grep""); if (count == 1 && !opt->name_only && !opt->unmatch_name_only && !opt->count) { argv[argc++] = ""/dev/null""; argv[argc] = NULL; } } else if (kept) { *kept = 2; kept_0 = argv[argc-2]; argv[argc-2] = NULL; argc -= 2; } status = exec_grep(argc, argv); if (kept_0) { argv[arg0++] = kept_0; argv[arg0] = argv[argc+1]; } return status; }",git,,,311437931101219790304831987392731280668,0 614,['CWE-189'],"void ieee80211_rx_mgt(struct ieee80211_device *ieee, struct ieee80211_hdr_4addr *header, struct ieee80211_rx_stats *stats) { switch (WLAN_FC_GET_STYPE(le16_to_cpu(header->frame_ctl))) { case IEEE80211_STYPE_ASSOC_RESP: IEEE80211_DEBUG_MGMT(""received ASSOCIATION RESPONSE (%d)\n"", WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); ieee80211_handle_assoc_resp(ieee, (struct ieee80211_assoc_response *) header, stats); break; case IEEE80211_STYPE_REASSOC_RESP: IEEE80211_DEBUG_MGMT(""received REASSOCIATION RESPONSE (%d)\n"", WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); break; case IEEE80211_STYPE_PROBE_REQ: IEEE80211_DEBUG_MGMT(""received auth (%d)\n"", WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); if (ieee->handle_probe_request != NULL) ieee->handle_probe_request(ieee->dev, (struct ieee80211_probe_request *) header, stats); break; case IEEE80211_STYPE_PROBE_RESP: IEEE80211_DEBUG_MGMT(""received PROBE RESPONSE (%d)\n"", WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); IEEE80211_DEBUG_SCAN(""Probe response\n""); ieee80211_process_probe_response(ieee, (struct ieee80211_probe_response *) header, stats); break; case IEEE80211_STYPE_BEACON: IEEE80211_DEBUG_MGMT(""received BEACON (%d)\n"", WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); IEEE80211_DEBUG_SCAN(""Beacon\n""); ieee80211_process_probe_response(ieee, (struct ieee80211_probe_response *) header, stats); break; case IEEE80211_STYPE_AUTH: IEEE80211_DEBUG_MGMT(""received auth (%d)\n"", WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); if (ieee->handle_auth != NULL) ieee->handle_auth(ieee->dev, (struct ieee80211_auth *)header); break; case IEEE80211_STYPE_DISASSOC: if (ieee->handle_disassoc != NULL) ieee->handle_disassoc(ieee->dev, (struct ieee80211_disassoc *) header); break; case IEEE80211_STYPE_ACTION: IEEE80211_DEBUG_MGMT(""ACTION\n""); if (ieee->handle_action) ieee->handle_action(ieee->dev, (struct ieee80211_action *) header, stats); break; case IEEE80211_STYPE_REASSOC_REQ: IEEE80211_DEBUG_MGMT(""received reassoc (%d)\n"", WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); IEEE80211_DEBUG_MGMT(""%s: IEEE80211_REASSOC_REQ received\n"", ieee->dev->name); if (ieee->handle_reassoc_request != NULL) ieee->handle_reassoc_request(ieee->dev, (struct ieee80211_reassoc_request *) header); break; case IEEE80211_STYPE_ASSOC_REQ: IEEE80211_DEBUG_MGMT(""received assoc (%d)\n"", WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); IEEE80211_DEBUG_MGMT(""%s: IEEE80211_ASSOC_REQ received\n"", ieee->dev->name); if (ieee->handle_assoc_request != NULL) ieee->handle_assoc_request(ieee->dev); break; case IEEE80211_STYPE_DEAUTH: IEEE80211_DEBUG_MGMT(""DEAUTH\n""); if (ieee->handle_deauth != NULL) ieee->handle_deauth(ieee->dev, (struct ieee80211_deauth *) header); break; default: IEEE80211_DEBUG_MGMT(""received UNKNOWN (%d)\n"", WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); IEEE80211_DEBUG_MGMT(""%s: Unknown management packet: %d\n"", ieee->dev->name, WLAN_FC_GET_STYPE(le16_to_cpu (header->frame_ctl))); break; } }",linux-2.6,,,115325659016654740717095269896135625648,0 3692,[],"struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl) { struct scm_fp_list *new_fpl; int i; if (!fpl) return NULL; new_fpl = kmalloc(sizeof(*fpl), GFP_KERNEL); if (new_fpl) { INIT_LIST_HEAD(&new_fpl->list); for (i=fpl->count-1; i>=0; i--) get_file(fpl->fp[i]); memcpy(new_fpl, fpl, sizeof(*fpl)); } return new_fpl; }",linux-2.6,,,26871640110773468911518964498012757728,0 3840,[],"int cap_task_setnice (struct task_struct *p, int nice) { return 0; }",linux-2.6,,,134744745486913395073646246748919902041,0 2169,['CWE-400'],"static int shmem_parse_options(char *options, struct shmem_sb_info *sbinfo, bool remount) { char *this_char, *value, *rest; while (options != NULL) { this_char = options; for (;;) { options = strchr(options, ','); if (options == NULL) break; options++; if (!isdigit(*options)) { options[-1] = '\0'; break; } } if (!*this_char) continue; if ((value = strchr(this_char,'=')) != NULL) { *value++ = 0; } else { printk(KERN_ERR ""tmpfs: No value for mount option '%s'\n"", this_char); return 1; } if (!strcmp(this_char,""size"")) { unsigned long long size; size = memparse(value,&rest); if (*rest == '%') { size <<= PAGE_SHIFT; size *= totalram_pages; do_div(size, 100); rest++; } if (*rest) goto bad_val; sbinfo->max_blocks = DIV_ROUND_UP(size, PAGE_CACHE_SIZE); } else if (!strcmp(this_char,""nr_blocks"")) { sbinfo->max_blocks = memparse(value, &rest); if (*rest) goto bad_val; } else if (!strcmp(this_char,""nr_inodes"")) { sbinfo->max_inodes = memparse(value, &rest); if (*rest) goto bad_val; } else if (!strcmp(this_char,""mode"")) { if (remount) continue; sbinfo->mode = simple_strtoul(value, &rest, 8) & 07777; if (*rest) goto bad_val; } else if (!strcmp(this_char,""uid"")) { if (remount) continue; sbinfo->uid = simple_strtoul(value, &rest, 0); if (*rest) goto bad_val; } else if (!strcmp(this_char,""gid"")) { if (remount) continue; sbinfo->gid = simple_strtoul(value, &rest, 0); if (*rest) goto bad_val; } else if (!strcmp(this_char,""mpol"")) { if (mpol_parse_str(value, &sbinfo->mpol, 1)) goto bad_val; } else { printk(KERN_ERR ""tmpfs: Bad mount option %s\n"", this_char); return 1; } } return 0; bad_val: printk(KERN_ERR ""tmpfs: Bad value '%s' for mount option '%s'\n"", value, this_char); return 1; }",linux-2.6,,,119150973764219133391982867608991003529,0 6407,CWE-20,"error_t ksz8851SendPacket(NetInterface *interface, const NetBuffer *buffer, size_t offset, NetTxAncillary *ancillary) { size_t n; size_t length; Ksz8851TxHeader header; Ksz8851Context *context; context = (Ksz8851Context *) interface->nicContext; length = netBufferGetLength(buffer) - offset; if(length > ETH_MAX_FRAME_SIZE) { osSetEvent(&interface->nicTxEvent); return ERROR_INVALID_LENGTH; } n = ksz8851ReadReg(interface, KSZ8851_REG_TXMIR) & TXMIR_TXMA_MASK; if(n < (length + 8)) { return ERROR_FAILURE; } netBufferRead(context->txBuffer, buffer, offset, length); header.controlWord = htole16(TX_CTRL_TXIC | (context->frameId++ & TX_CTRL_TXFID)); header.byteCount = htole16(length); ksz8851SetBit(interface, KSZ8851_REG_RXQCR, RXQCR_SDA); ksz8851WriteFifo(interface, (uint8_t *) &header, sizeof(Ksz8851TxHeader)); ksz8851WriteFifo(interface, context->txBuffer, length); ksz8851ClearBit(interface, KSZ8851_REG_RXQCR, RXQCR_SDA); ksz8851SetBit(interface, KSZ8851_REG_TXQCR, TXQCR_METFE); n = ksz8851ReadReg(interface, KSZ8851_REG_TXMIR) & TXMIR_TXMA_MASK; if(n >= (ETH_MAX_FRAME_SIZE + 8)) { osSetEvent(&interface->nicTxEvent); } return NO_ERROR; }",visit repo url,drivers/eth/ksz8851_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,118635786738161,1 6076,['CWE-200'],"static void addrconf_ip6_tnl_config(struct net_device *dev) { struct inet6_dev *idev; ASSERT_RTNL(); if ((idev = addrconf_add_dev(dev)) == NULL) { printk(KERN_DEBUG ""init ip6-ip6: add_dev failed\n""); return; } ip6_tnl_add_linklocal(idev); addrconf_add_mroute(dev); }",linux-2.6,,,241271186343543660096626114486589159321,0 4074,['CWE-399'],"int __init atmsvc_init(void) { return sock_register(&svc_family_ops); }",linux-2.6,,,234245845793488075691471173737964784008,0 522,CWE-119,"static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, struct bpf_insn *insn, struct bpf_reg_state *dst_reg, struct bpf_reg_state src_reg) { struct bpf_reg_state *regs = cur_regs(env); u8 opcode = BPF_OP(insn->code); bool src_known, dst_known; s64 smin_val, smax_val; u64 umin_val, umax_val; if (BPF_CLASS(insn->code) != BPF_ALU64) { coerce_reg_to_size(dst_reg, 4); coerce_reg_to_size(&src_reg, 4); } smin_val = src_reg.smin_value; smax_val = src_reg.smax_value; umin_val = src_reg.umin_value; umax_val = src_reg.umax_value; src_known = tnum_is_const(src_reg.var_off); dst_known = tnum_is_const(dst_reg->var_off); switch (opcode) { case BPF_ADD: if (signed_add_overflows(dst_reg->smin_value, smin_val) || signed_add_overflows(dst_reg->smax_value, smax_val)) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value += smin_val; dst_reg->smax_value += smax_val; } if (dst_reg->umin_value + umin_val < umin_val || dst_reg->umax_value + umax_val < umax_val) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value += umin_val; dst_reg->umax_value += umax_val; } dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off); break; case BPF_SUB: if (signed_sub_overflows(dst_reg->smin_value, smax_val) || signed_sub_overflows(dst_reg->smax_value, smin_val)) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value -= smax_val; dst_reg->smax_value -= smin_val; } if (dst_reg->umin_value < umax_val) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value -= umax_val; dst_reg->umax_value -= umin_val; } dst_reg->var_off = tnum_sub(dst_reg->var_off, src_reg.var_off); break; case BPF_MUL: dst_reg->var_off = tnum_mul(dst_reg->var_off, src_reg.var_off); if (smin_val < 0 || dst_reg->smin_value < 0) { __mark_reg_unbounded(dst_reg); __update_reg_bounds(dst_reg); break; } if (umax_val > U32_MAX || dst_reg->umax_value > U32_MAX) { __mark_reg_unbounded(dst_reg); __update_reg_bounds(dst_reg); break; } dst_reg->umin_value *= umin_val; dst_reg->umax_value *= umax_val; if (dst_reg->umax_value > S64_MAX) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } break; case BPF_AND: if (src_known && dst_known) { __mark_reg_known(dst_reg, dst_reg->var_off.value & src_reg.var_off.value); break; } dst_reg->var_off = tnum_and(dst_reg->var_off, src_reg.var_off); dst_reg->umin_value = dst_reg->var_off.value; dst_reg->umax_value = min(dst_reg->umax_value, umax_val); if (dst_reg->smin_value < 0 || smin_val < 0) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } __update_reg_bounds(dst_reg); break; case BPF_OR: if (src_known && dst_known) { __mark_reg_known(dst_reg, dst_reg->var_off.value | src_reg.var_off.value); break; } dst_reg->var_off = tnum_or(dst_reg->var_off, src_reg.var_off); dst_reg->umin_value = max(dst_reg->umin_value, umin_val); dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask; if (dst_reg->smin_value < 0 || smin_val < 0) { dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; } else { dst_reg->smin_value = dst_reg->umin_value; dst_reg->smax_value = dst_reg->umax_value; } __update_reg_bounds(dst_reg); break; case BPF_LSH: if (umax_val > 63) { mark_reg_unknown(env, regs, insn->dst_reg); break; } dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; if (dst_reg->umax_value > 1ULL << (63 - umax_val)) { dst_reg->umin_value = 0; dst_reg->umax_value = U64_MAX; } else { dst_reg->umin_value <<= umin_val; dst_reg->umax_value <<= umax_val; } if (src_known) dst_reg->var_off = tnum_lshift(dst_reg->var_off, umin_val); else dst_reg->var_off = tnum_lshift(tnum_unknown, umin_val); __update_reg_bounds(dst_reg); break; case BPF_RSH: if (umax_val > 63) { mark_reg_unknown(env, regs, insn->dst_reg); break; } dst_reg->smin_value = S64_MIN; dst_reg->smax_value = S64_MAX; if (src_known) dst_reg->var_off = tnum_rshift(dst_reg->var_off, umin_val); else dst_reg->var_off = tnum_rshift(tnum_unknown, umin_val); dst_reg->umin_value >>= umax_val; dst_reg->umax_value >>= umin_val; __update_reg_bounds(dst_reg); break; default: mark_reg_unknown(env, regs, insn->dst_reg); break; } __reg_deduce_bounds(dst_reg); __reg_bound_offset(dst_reg); return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,81283765315213,1 5847,['CWE-200'],"static int raw_enable_errfilter(struct net_device *dev, struct sock *sk, can_err_mask_t err_mask) { int err = 0; if (err_mask) err = can_rx_register(dev, 0, err_mask | CAN_ERR_FLAG, raw_rcv, sk, ""raw""); return err; }",linux-2.6,,,300178257927776657942849041199929192262,0 2047,NVD-CWE-noinfo,"int sas_ex_revalidate_domain(struct domain_device *port_dev) { int res; struct domain_device *dev = NULL; res = sas_find_bcast_dev(port_dev, &dev); while (res == 0 && dev) { struct expander_device *ex = &dev->ex_dev; int i = 0, phy_id; do { phy_id = -1; res = sas_find_bcast_phy(dev, &phy_id, i, true); if (phy_id == -1) break; res = sas_rediscover(dev, phy_id); i = phy_id + 1; } while (i < ex->num_phys); dev = NULL; res = sas_find_bcast_dev(port_dev, &dev); } return res; }",visit repo url,drivers/scsi/libsas/sas_expander.c,https://github.com/torvalds/linux,168243829020210,1 5887,NVD-CWE-noinfo,"static void srtp_rtp_cb(pjmedia_tp_cb_param *param) { transport_srtp *srtp = (transport_srtp *) param->user_data; void *pkt = param->pkt; pj_ssize_t size = param->size; int len = (int)size; srtp_err_status_t err; void (*cb)(void*, void*, pj_ssize_t) = NULL; void (*cb2)(pjmedia_tp_cb_param*) = NULL; void *cb_data = NULL; if (srtp->bypass_srtp) { if (srtp->rtp_cb2) { pjmedia_tp_cb_param param2 = *param; param2.user_data = srtp->user_data; srtp->rtp_cb2(¶m2); param->rem_switch = param2.rem_switch; } else if (srtp->rtp_cb) { srtp->rtp_cb(srtp->user_data, pkt, size); } return; } if (size < 0) { return; } { unsigned i; pj_status_t status; for (i=0; i < srtp->keying_cnt; i++) { if (!srtp->keying[i]->op->send_rtp) continue; status = pjmedia_transport_send_rtp(srtp->keying[i], pkt, size); if (status != PJ_EIGNORED) { return; } } } PJ_ASSERT_ON_FAIL( (((pj_ssize_t)pkt) & 0x03)==0, return ); if (srtp->probation_cnt > 0) --srtp->probation_cnt; pj_lock_acquire(srtp->mutex); if (!srtp->session_inited) { pj_lock_release(srtp->mutex); return; } if (srtp->use_rtcp_mux) { pjmedia_rtp_hdr *hdr = (pjmedia_rtp_hdr *)pkt; if (hdr->pt >= 64 && hdr->pt <= 95) { pj_lock_release(srtp->mutex); srtp_rtcp_cb(srtp, pkt, size); return; } } #if TEST_ROC if (srtp->setting.rx_roc.ssrc == 0) { srtp_err_status_t status; srtp->rx_ssrc = ntohl(((pjmedia_rtp_hdr*)pkt)->ssrc); status = srtp_set_stream_roc(srtp->srtp_rx_ctx, srtp->rx_ssrc, (srtp->offerer_side? 2: 1)); if (status == srtp_err_status_ok) { srtp->setting.rx_roc.ssrc = srtp->rx_ssrc; srtp->setting.rx_roc.roc = (srtp->offerer_side? 2: 1); PJ_LOG(4, (THIS_FILE, ""Setting RX ROC from SSRC %d to %d"", srtp->rx_ssrc, srtp->setting.rx_roc.roc)); } else { PJ_LOG(4, (THIS_FILE, ""Setting RX ROC %s"", get_libsrtp_errstr(status))); } } #endif err = srtp_unprotect(srtp->srtp_rx_ctx, (pj_uint8_t*)pkt, &len); #if PJMEDIA_SRTP_CHECK_RTP_SEQ_ON_RESTART if (srtp->probation_cnt > 0 && (err == srtp_err_status_replay_old || err == srtp_err_status_replay_fail)) { pjmedia_srtp_crypto tx, rx; pj_status_t status; pjmedia_transport_srtp_stop((pjmedia_transport*)srtp); tx = srtp->tx_policy; rx = srtp->rx_policy; status = pjmedia_transport_srtp_start((pjmedia_transport*)srtp, &tx, &rx); if (status != PJ_SUCCESS) { PJ_LOG(5,(srtp->pool->obj_name, ""Failed to restart SRTP, err=%s"", get_libsrtp_errstr(err))); } else if (!srtp->bypass_srtp) { err = srtp_unprotect(srtp->srtp_rx_ctx, (pj_uint8_t*)pkt, &len); } } #if PJMEDIA_SRTP_CHECK_ROC_ON_RESTART else #endif #endif #if PJMEDIA_SRTP_CHECK_ROC_ON_RESTART if (srtp->probation_cnt > 0 && err == srtp_err_status_auth_fail && srtp->setting.prev_rx_roc.ssrc != 0 && srtp->setting.prev_rx_roc.ssrc == srtp->setting.rx_roc.ssrc && srtp->setting.prev_rx_roc.roc != srtp->setting.rx_roc.roc) { unsigned roc, new_roc; srtp_err_status_t status; srtp_get_stream_roc(srtp->srtp_rx_ctx, srtp->setting.rx_roc.ssrc, &roc); new_roc = (roc == srtp->setting.rx_roc.roc? srtp->setting.prev_rx_roc.roc: srtp->setting.rx_roc.roc); status = srtp_set_stream_roc(srtp->srtp_rx_ctx, srtp->setting.rx_roc.ssrc, new_roc); if (status == srtp_err_status_ok) { PJ_LOG(4, (srtp->pool->obj_name, ""Retrying to unprotect SRTP from ROC %d to new ROC %d"", roc, new_roc)); err = srtp_unprotect(srtp->srtp_rx_ctx, (pj_uint8_t*)pkt, &len); } } #endif if (err != srtp_err_status_ok) { PJ_LOG(5,(srtp->pool->obj_name, ""Failed to unprotect SRTP, pkt size=%d, err=%s"", size, get_libsrtp_errstr(err))); } else { cb = srtp->rtp_cb; cb2 = srtp->rtp_cb2; cb_data = srtp->user_data; srtp->rx_ssrc = ntohl(((pjmedia_rtp_hdr*)pkt)->ssrc); } pj_lock_release(srtp->mutex); if (cb2) { pjmedia_tp_cb_param param2 = *param; param2.user_data = cb_data; param2.pkt = pkt; param2.size = len; (*cb2)(¶m2); param->rem_switch = param2.rem_switch; } else if (cb) { (*cb)(cb_data, pkt, len); } }",visit repo url,pjmedia/src/pjmedia/transport_srtp.c,https://github.com/pjsip/pjproject,207027924182662,1 4154,CWE-476,"_kdc_as_rep(kdc_request_t r, krb5_data *reply, const char *from, struct sockaddr *from_addr, int datagram_reply) { krb5_context context = r->context; krb5_kdc_configuration *config = r->config; KDC_REQ *req = &r->req; KDC_REQ_BODY *b = NULL; AS_REP rep; KDCOptions f; krb5_enctype setype; krb5_error_code ret = 0; Key *skey; int found_pa = 0; int i, flags = HDB_F_FOR_AS_REQ; METHOD_DATA error_method; const PA_DATA *pa; memset(&rep, 0, sizeof(rep)); error_method.len = 0; error_method.val = NULL; ret = _kdc_fast_unwrap_request(r); if (ret) { _kdc_r_log(r, 0, ""FAST unwrap request from %s failed: %d"", from, ret); goto out; } b = &req->req_body; f = b->kdc_options; if (f.canonicalize) flags |= HDB_F_CANON; if(b->sname == NULL){ ret = KRB5KRB_ERR_GENERIC; _kdc_set_e_text(r, ""No server in request""); } else{ ret = _krb5_principalname2krb5_principal (context, &r->server_princ, *(b->sname), b->realm); if (ret == 0) ret = krb5_unparse_name(context, r->server_princ, &r->server_name); } if (ret) { kdc_log(context, config, 0, ""AS-REQ malformed server name from %s"", from); goto out; } if(b->cname == NULL){ ret = KRB5KRB_ERR_GENERIC; _kdc_set_e_text(r, ""No client in request""); } else { ret = _krb5_principalname2krb5_principal (context, &r->client_princ, *(b->cname), b->realm); if (ret) goto out; ret = krb5_unparse_name(context, r->client_princ, &r->client_name); } if (ret) { kdc_log(context, config, 0, ""AS-REQ malformed client name from %s"", from); goto out; } kdc_log(context, config, 0, ""AS-REQ %s from %s for %s"", r->client_name, from, r->server_name); if (_kdc_is_anonymous(context, r->client_princ)) { if (!_kdc_is_anon_request(b)) { kdc_log(context, config, 0, ""Anonymous ticket w/o anonymous flag""); ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; goto out; } } else if (_kdc_is_anon_request(b)) { kdc_log(context, config, 0, ""Request for a anonymous ticket with non "" ""anonymous client name: %s"", r->client_name); ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; goto out; } ret = _kdc_db_fetch(context, config, r->client_princ, HDB_F_GET_CLIENT | flags, NULL, &r->clientdb, &r->client); if(ret == HDB_ERR_NOT_FOUND_HERE) { kdc_log(context, config, 5, ""client %s does not have secrets at this KDC, need to proxy"", r->client_name); goto out; } else if (ret == HDB_ERR_WRONG_REALM) { char *fixed_client_name = NULL; ret = krb5_unparse_name(context, r->client->entry.principal, &fixed_client_name); if (ret) { goto out; } kdc_log(context, config, 0, ""WRONG_REALM - %s -> %s"", r->client_name, fixed_client_name); free(fixed_client_name); ret = _kdc_fast_mk_error(context, r, &error_method, r->armor_crypto, &req->req_body, KRB5_KDC_ERR_WRONG_REALM, NULL, r->server_princ, NULL, &r->client->entry.principal->realm, NULL, NULL, reply); goto out; } else if(ret){ const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, ""UNKNOWN -- %s: %s"", r->client_name, msg); krb5_free_error_message(context, msg); ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; goto out; } ret = _kdc_db_fetch(context, config, r->server_princ, HDB_F_GET_SERVER|HDB_F_GET_KRBTGT | flags, NULL, NULL, &r->server); if(ret == HDB_ERR_NOT_FOUND_HERE) { kdc_log(context, config, 5, ""target %s does not have secrets at this KDC, need to proxy"", r->server_name); goto out; } else if(ret){ const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, ""UNKNOWN -- %s: %s"", r->server_name, msg); krb5_free_error_message(context, msg); ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; goto out; } ret = _kdc_find_etype(context, krb5_principal_is_krbtgt(context, r->server_princ) ? config->tgt_use_strongest_session_key : config->svc_use_strongest_session_key, FALSE, r->client, b->etype.val, b->etype.len, &r->sessionetype, NULL); if (ret) { kdc_log(context, config, 0, ""Client (%s) from %s has no common enctypes with KDC "" ""to use for the session key"", r->client_name, from); goto out; } if(req->padata){ unsigned int n; log_patypes(context, config, req->padata); for (n = 0; !found_pa && n < sizeof(pat) / sizeof(pat[0]); n++) { if (pat[n].validate == NULL) continue; if (r->armor_crypto == NULL && (pat[n].flags & PA_REQ_FAST)) continue; kdc_log(context, config, 5, ""Looking for %s pa-data -- %s"", pat[n].name, r->client_name); i = 0; pa = _kdc_find_padata(req, &i, pat[n].type); if (pa) { ret = pat[n].validate(r, pa); if (ret != 0) { goto out; } kdc_log(context, config, 0, ""%s pre-authentication succeeded -- %s"", pat[n].name, r->client_name); found_pa = 1; r->et.flags.pre_authent = 1; } } } if (found_pa == 0) { Key *ckey = NULL; size_t n; for (n = 0; n < sizeof(pat) / sizeof(pat[0]); n++) { if ((pat[n].flags & PA_ANNOUNCE) == 0) continue; ret = krb5_padata_add(context, &error_method, pat[n].type, NULL, 0); if (ret) goto out; } ret = _kdc_find_etype(context, config->preauth_use_strongest_session_key, TRUE, r->client, b->etype.val, b->etype.len, NULL, &ckey); if (ret == 0) { if (older_enctype(ckey->key.keytype)) { ret = get_pa_etype_info(context, config, &error_method, ckey); if (ret) goto out; } ret = get_pa_etype_info2(context, config, &error_method, ckey); if (ret) goto out; } if (require_preauth_p(r) || _kdc_is_anon_request(b)) { ret = KRB5KDC_ERR_PREAUTH_REQUIRED; _kdc_set_e_text(r, ""Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ""); goto out; } if (ckey == NULL) { ret = KRB5KDC_ERR_CLIENT_NOTYET; _kdc_set_e_text(r, ""Doesn't have a client key available""); goto out; } krb5_free_keyblock_contents(r->context, &r->reply_key); ret = krb5_copy_keyblock_contents(r->context, &ckey->key, &r->reply_key); if (ret) goto out; } if (r->clientdb->hdb_auth_status) { r->clientdb->hdb_auth_status(context, r->clientdb, r->client, HDB_AUTH_SUCCESS); } ret = _kdc_check_access(context, config, r->client, r->client_name, r->server, r->server_name, req, &error_method); if(ret) goto out; ret = _kdc_get_preferred_key(context, config, r->server, r->server_name, &setype, &skey); if(ret) goto out; if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey || (_kdc_is_anon_request(b) && !config->allow_anonymous)) { ret = KRB5KDC_ERR_BADOPTION; _kdc_set_e_text(r, ""Bad KDC options""); goto out; } rep.pvno = 5; rep.msg_type = krb_as_rep; if (_kdc_is_anonymous(context, r->client_princ)) { Realm anon_realm=KRB5_ANON_REALM; ret = copy_Realm(&anon_realm, &rep.crealm); } else ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm); if (ret) goto out; ret = _krb5_principal2principalname(&rep.cname, r->client->entry.principal); if (ret) goto out; rep.ticket.tkt_vno = 5; ret = copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm); if (ret) goto out; _krb5_principal2principalname(&rep.ticket.sname, r->server->entry.principal); #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t) if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST)) rep.ticket.sname.name_type = b->sname->name_type; #undef CNT r->et.flags.initial = 1; if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable) r->et.flags.forwardable = f.forwardable; else if (f.forwardable) { _kdc_set_e_text(r, ""Ticket may not be forwardable""); ret = KRB5KDC_ERR_POLICY; goto out; } if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable) r->et.flags.proxiable = f.proxiable; else if (f.proxiable) { _kdc_set_e_text(r, ""Ticket may not be proxiable""); ret = KRB5KDC_ERR_POLICY; goto out; } if(r->client->entry.flags.postdate && r->server->entry.flags.postdate) r->et.flags.may_postdate = f.allow_postdate; else if (f.allow_postdate){ _kdc_set_e_text(r, ""Ticket may not be postdate""); ret = KRB5KDC_ERR_POLICY; goto out; } if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) { _kdc_set_e_text(r, ""Bad address list in requested""); ret = KRB5KRB_AP_ERR_BADADDR; goto out; } ret = copy_PrincipalName(&rep.cname, &r->et.cname); if (ret) goto out; ret = copy_Realm(&rep.crealm, &r->et.crealm); if (ret) goto out; { time_t start; time_t t; start = r->et.authtime = kdc_time; if(f.postdated && req->req_body.from){ ALLOC(r->et.starttime); start = *r->et.starttime = *req->req_body.from; r->et.flags.invalid = 1; r->et.flags.postdated = 1; } _kdc_fix_time(&b->till); t = *b->till; if(r->client->entry.max_life) t = start + min(t - start, *r->client->entry.max_life); if(r->server->entry.max_life) t = start + min(t - start, *r->server->entry.max_life); #if 0 t = min(t, start + realm->max_life); #endif r->et.endtime = t; if(f.renewable_ok && r->et.endtime < *b->till){ f.renewable = 1; if(b->rtime == NULL){ ALLOC(b->rtime); *b->rtime = 0; } if(*b->rtime < *b->till) *b->rtime = *b->till; } if(f.renewable && b->rtime){ t = *b->rtime; if(t == 0) t = MAX_TIME; if(r->client->entry.max_renew) t = start + min(t - start, *r->client->entry.max_renew); if(r->server->entry.max_renew) t = start + min(t - start, *r->server->entry.max_renew); #if 0 t = min(t, start + realm->max_renew); #endif ALLOC(r->et.renew_till); *r->et.renew_till = t; r->et.flags.renewable = 1; } } if (_kdc_is_anon_request(b)) r->et.flags.anonymous = 1; if(b->addresses){ ALLOC(r->et.caddr); copy_HostAddresses(b->addresses, r->et.caddr); } r->et.transited.tr_type = DOMAIN_X500_COMPRESS; krb5_data_zero(&r->et.transited.contents); r->ek.last_req.val = malloc(2 * sizeof(*r->ek.last_req.val)); if (r->ek.last_req.val == NULL) { ret = ENOMEM; goto out; } r->ek.last_req.len = 0; if (r->client->entry.pw_end && (config->kdc_warn_pwexpire == 0 || kdc_time + config->kdc_warn_pwexpire >= *r->client->entry.pw_end)) { r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_PW_EXPTIME; r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.pw_end; ++r->ek.last_req.len; } if (r->client->entry.valid_end) { r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_ACCT_EXPTIME; r->ek.last_req.val[r->ek.last_req.len].lr_value = *r->client->entry.valid_end; ++r->ek.last_req.len; } if (r->ek.last_req.len == 0) { r->ek.last_req.val[r->ek.last_req.len].lr_type = LR_NONE; r->ek.last_req.val[r->ek.last_req.len].lr_value = 0; ++r->ek.last_req.len; } r->ek.nonce = b->nonce; if (r->client->entry.valid_end || r->client->entry.pw_end) { ALLOC(r->ek.key_expiration); if (r->client->entry.valid_end) { if (r->client->entry.pw_end) *r->ek.key_expiration = min(*r->client->entry.valid_end, *r->client->entry.pw_end); else *r->ek.key_expiration = *r->client->entry.valid_end; } else *r->ek.key_expiration = *r->client->entry.pw_end; } else r->ek.key_expiration = NULL; r->ek.flags = r->et.flags; r->ek.authtime = r->et.authtime; if (r->et.starttime) { ALLOC(r->ek.starttime); *r->ek.starttime = *r->et.starttime; } r->ek.endtime = r->et.endtime; if (r->et.renew_till) { ALLOC(r->ek.renew_till); *r->ek.renew_till = *r->et.renew_till; } ret = copy_Realm(&rep.ticket.realm, &r->ek.srealm); if (ret) goto out; ret = copy_PrincipalName(&rep.ticket.sname, &r->ek.sname); if (ret) goto out; if(r->et.caddr){ ALLOC(r->ek.caddr); copy_HostAddresses(r->et.caddr, r->ek.caddr); } if (r->session_key.keytype == ETYPE_NULL) { ret = krb5_generate_random_keyblock(context, r->sessionetype, &r->session_key); if (ret) goto out; } if (r->reply_key.keytype == ETYPE_NULL) { _kdc_set_e_text(r, ""Client have no reply key""); ret = KRB5KDC_ERR_CLIENT_NOTYET; goto out; } ret = copy_EncryptionKey(&r->session_key, &r->et.key); if (ret) goto out; ret = copy_EncryptionKey(&r->session_key, &r->ek.key); if (ret) goto out; if (r->outpadata.len) { ALLOC(rep.padata); if (rep.padata == NULL) { ret = ENOMEM; goto out; } ret = copy_METHOD_DATA(&r->outpadata, rep.padata); if (ret) goto out; } if (send_pac_p(context, req)) { generate_pac(r, skey); } _kdc_log_timestamp(context, config, ""AS-REQ"", r->et.authtime, r->et.starttime, r->et.endtime, r->et.renew_till); ret = _kdc_add_KRB5SignedPath(context, config, r->server, setype, r->client->entry.principal, NULL, NULL, &r->et); if (ret) goto out; log_as_req(context, config, r->reply_key.keytype, setype, b); r->et.flags.enc_pa_rep = r->ek.flags.enc_pa_rep = 1; i = 0; pa = _kdc_find_padata(req, &i, KRB5_PADATA_REQ_ENC_PA_REP); if (pa) { ret = add_enc_pa_rep(r); if (ret) { const char *msg = krb5_get_error_message(r->context, ret); _kdc_r_log(r, 0, ""add_enc_pa_rep failed: %s: %d"", msg, ret); krb5_free_error_message(r->context, msg); goto out; } } ret = _kdc_encode_reply(context, config, r->armor_crypto, req->req_body.nonce, &rep, &r->et, &r->ek, setype, r->server->entry.kvno, &skey->key, r->client->entry.kvno, &r->reply_key, 0, &r->e_text, reply); if (ret) goto out; if (datagram_reply && reply->length > config->max_datagram_reply_length) { krb5_data_free(reply); ret = KRB5KRB_ERR_RESPONSE_TOO_BIG; _kdc_set_e_text(r, ""Reply packet too large""); } out: free_AS_REP(&rep); if(ret != 0 && ret != HDB_ERR_NOT_FOUND_HERE && reply->length == 0) { ret = _kdc_fast_mk_error(context, r, &error_method, r->armor_crypto, &req->req_body, ret, r->e_text, r->server_princ, &r->client_princ->name, &r->client_princ->realm, NULL, NULL, reply); if (ret) goto out2; } out2: free_EncTicketPart(&r->et); free_EncKDCRepPart(&r->ek); free_KDCFastState(&r->fast); if (error_method.len) free_METHOD_DATA(&error_method); if (r->outpadata.len) free_METHOD_DATA(&r->outpadata); if (r->client_princ) { krb5_free_principal(context, r->client_princ); r->client_princ = NULL; } if (r->client_name) { free(r->client_name); r->client_name = NULL; } if (r->server_princ){ krb5_free_principal(context, r->server_princ); r->server_princ = NULL; } if (r->server_name) { free(r->server_name); r->server_name = NULL; } if (r->client) _kdc_free_ent(context, r->client); if (r->server) _kdc_free_ent(context, r->server); if (r->armor_crypto) { krb5_crypto_destroy(r->context, r->armor_crypto); r->armor_crypto = NULL; } krb5_free_keyblock_contents(r->context, &r->reply_key); krb5_free_keyblock_contents(r->context, &r->session_key); return ret; }",visit repo url,kdc/kerberos5.c,https://github.com/heimdal/heimdal,72291945531751,1 1497,[],"static int try_to_wake_up(struct task_struct *p, unsigned int state, int sync) { int cpu, orig_cpu, this_cpu, success = 0; unsigned long flags; long old_state; struct rq *rq; if (!sched_feat(SYNC_WAKEUPS)) sync = 0; smp_wmb(); rq = task_rq_lock(p, &flags); old_state = p->state; if (!(old_state & state)) goto out; if (p->se.on_rq) goto out_running; cpu = task_cpu(p); orig_cpu = cpu; this_cpu = smp_processor_id(); #ifdef CONFIG_SMP if (unlikely(task_running(rq, p))) goto out_activate; cpu = p->sched_class->select_task_rq(p, sync); if (cpu != orig_cpu) { set_task_cpu(p, cpu); task_rq_unlock(rq, &flags); rq = task_rq_lock(p, &flags); old_state = p->state; if (!(old_state & state)) goto out; if (p->se.on_rq) goto out_running; this_cpu = smp_processor_id(); cpu = task_cpu(p); } #ifdef CONFIG_SCHEDSTATS schedstat_inc(rq, ttwu_count); if (cpu == this_cpu) schedstat_inc(rq, ttwu_local); else { struct sched_domain *sd; for_each_domain(this_cpu, sd) { if (cpu_isset(cpu, sd->span)) { schedstat_inc(sd, ttwu_wake_remote); break; } } } #endif out_activate: #endif schedstat_inc(p, se.nr_wakeups); if (sync) schedstat_inc(p, se.nr_wakeups_sync); if (orig_cpu != cpu) schedstat_inc(p, se.nr_wakeups_migrate); if (cpu == this_cpu) schedstat_inc(p, se.nr_wakeups_local); else schedstat_inc(p, se.nr_wakeups_remote); update_rq_clock(rq); activate_task(rq, p, 1); success = 1; out_running: check_preempt_curr(rq, p); p->state = TASK_RUNNING; #ifdef CONFIG_SMP if (p->sched_class->task_wake_up) p->sched_class->task_wake_up(rq, p); #endif out: task_rq_unlock(rq, &flags); return success; }",linux-2.6,,,82445382961714503653379349878661751777,0 3639,CWE-264,"int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) { _cleanup_close_ int fd; int r; assert(path); if (parents) mkdir_parents(path, 0755); fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644); if (fd < 0) return -errno; if (mode > 0) { r = fchmod(fd, mode); if (r < 0) return -errno; } if (uid != UID_INVALID || gid != GID_INVALID) { r = fchown(fd, uid, gid); if (r < 0) return -errno; } if (stamp != USEC_INFINITY) { struct timespec ts[2]; timespec_store(&ts[0], stamp); ts[1] = ts[0]; r = futimens(fd, ts); } else r = futimens(fd, NULL); if (r < 0) return -errno; return 0; }",visit repo url,src/basic/fs-util.c,https://github.com/systemd/systemd,165673517951586,1 129,NVD-CWE-noinfo,"static int FNAME(walk_addr_generic)(struct guest_walker *walker, struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, gpa_t addr, u32 access) { int ret; pt_element_t pte; pt_element_t __user *ptep_user; gfn_t table_gfn; u64 pt_access, pte_access; unsigned index, accessed_dirty, pte_pkey; unsigned nested_access; gpa_t pte_gpa; bool have_ad; int offset; u64 walk_nx_mask = 0; const int write_fault = access & PFERR_WRITE_MASK; const int user_fault = access & PFERR_USER_MASK; const int fetch_fault = access & PFERR_FETCH_MASK; u16 errcode = 0; gpa_t real_gpa; gfn_t gfn; trace_kvm_mmu_pagetable_walk(addr, access); retry_walk: walker->level = mmu->root_level; pte = mmu->get_guest_pgd(vcpu); have_ad = PT_HAVE_ACCESSED_DIRTY(mmu); #if PTTYPE == 64 walk_nx_mask = 1ULL << PT64_NX_SHIFT; if (walker->level == PT32E_ROOT_LEVEL) { pte = mmu->get_pdptr(vcpu, (addr >> 30) & 3); trace_kvm_mmu_paging_element(pte, walker->level); if (!FNAME(is_present_gpte)(pte)) goto error; --walker->level; } #endif walker->max_level = walker->level; ASSERT(!(is_long_mode(vcpu) && !is_pae(vcpu))); nested_access = (have_ad ? PFERR_WRITE_MASK : 0) | PFERR_USER_MASK; pte_access = ~0; ++walker->level; do { unsigned long host_addr; pt_access = pte_access; --walker->level; index = PT_INDEX(addr, walker->level); table_gfn = gpte_to_gfn(pte); offset = index * sizeof(pt_element_t); pte_gpa = gfn_to_gpa(table_gfn) + offset; BUG_ON(walker->level < 1); walker->table_gfn[walker->level - 1] = table_gfn; walker->pte_gpa[walker->level - 1] = pte_gpa; real_gpa = mmu->translate_gpa(vcpu, gfn_to_gpa(table_gfn), nested_access, &walker->fault); if (unlikely(real_gpa == UNMAPPED_GVA)) return 0; host_addr = kvm_vcpu_gfn_to_hva_prot(vcpu, gpa_to_gfn(real_gpa), &walker->pte_writable[walker->level - 1]); if (unlikely(kvm_is_error_hva(host_addr))) goto error; ptep_user = (pt_element_t __user *)((void *)host_addr + offset); if (unlikely(__get_user(pte, ptep_user))) goto error; walker->ptep_user[walker->level - 1] = ptep_user; trace_kvm_mmu_paging_element(pte, walker->level); pte_access = pt_access & (pte ^ walk_nx_mask); if (unlikely(!FNAME(is_present_gpte)(pte))) goto error; if (unlikely(FNAME(is_rsvd_bits_set)(mmu, pte, walker->level))) { errcode = PFERR_RSVD_MASK | PFERR_PRESENT_MASK; goto error; } walker->ptes[walker->level - 1] = pte; } while (!is_last_gpte(mmu, walker->level, pte)); pte_pkey = FNAME(gpte_pkeys)(vcpu, pte); accessed_dirty = have_ad ? pte_access & PT_GUEST_ACCESSED_MASK : 0; walker->pt_access = FNAME(gpte_access)(pt_access ^ walk_nx_mask); walker->pte_access = FNAME(gpte_access)(pte_access ^ walk_nx_mask); errcode = permission_fault(vcpu, mmu, walker->pte_access, pte_pkey, access); if (unlikely(errcode)) goto error; gfn = gpte_to_gfn_lvl(pte, walker->level); gfn += (addr & PT_LVL_OFFSET_MASK(walker->level)) >> PAGE_SHIFT; if (PTTYPE == 32 && walker->level > PG_LEVEL_4K && is_cpuid_PSE36()) gfn += pse36_gfn_delta(pte); real_gpa = mmu->translate_gpa(vcpu, gfn_to_gpa(gfn), access, &walker->fault); if (real_gpa == UNMAPPED_GVA) return 0; walker->gfn = real_gpa >> PAGE_SHIFT; if (!write_fault) FNAME(protect_clean_gpte)(mmu, &walker->pte_access, pte); else accessed_dirty &= pte >> (PT_GUEST_DIRTY_SHIFT - PT_GUEST_ACCESSED_SHIFT); if (unlikely(!accessed_dirty)) { ret = FNAME(update_accessed_dirty_bits)(vcpu, mmu, walker, addr, write_fault); if (unlikely(ret < 0)) goto error; else if (ret) goto retry_walk; } pgprintk(""%s: pte %llx pte_access %x pt_access %x\n"", __func__, (u64)pte, walker->pte_access, walker->pt_access); return 1; error: errcode |= write_fault | user_fault; if (fetch_fault && (mmu->nx || kvm_read_cr4_bits(vcpu, X86_CR4_SMEP))) errcode |= PFERR_FETCH_MASK; walker->fault.vector = PF_VECTOR; walker->fault.error_code_valid = true; walker->fault.error_code = errcode; #if PTTYPE == PTTYPE_EPT if (!(errcode & PFERR_RSVD_MASK)) { vcpu->arch.exit_qualification &= 0x180; if (write_fault) vcpu->arch.exit_qualification |= EPT_VIOLATION_ACC_WRITE; if (user_fault) vcpu->arch.exit_qualification |= EPT_VIOLATION_ACC_READ; if (fetch_fault) vcpu->arch.exit_qualification |= EPT_VIOLATION_ACC_INSTR; vcpu->arch.exit_qualification |= (pte_access & 0x7) << 3; } #endif walker->fault.address = addr; walker->fault.nested_page_fault = mmu != vcpu->arch.walk_mmu; walker->fault.async_page_fault = false; trace_kvm_mmu_walker_error(walker->fault.error_code); return 0; }",visit repo url,arch/x86/kvm/mmu/paging_tmpl.h,https://github.com/torvalds/linux,179358526160267,1 1299,['CWE-119'],"static unsigned char asn1_long_decode(struct asn1_ctx *ctx, unsigned char *eoc, long *integer) { unsigned char ch; unsigned int len; if (!asn1_octet_decode(ctx, &ch)) return 0; *integer = (signed char) ch; len = 1; while (ctx->pointer < eoc) { if (++len > sizeof (long)) { ctx->error = ASN1_ERR_DEC_BADVALUE; return 0; } if (!asn1_octet_decode(ctx, &ch)) return 0; *integer <<= 8; *integer |= ch; } return 1; }",linux-2.6,,,16315418193868440224511810457116765823,0 4105,['CWE-399'],"static unsigned int bsg_poll(struct file *file, poll_table *wait) { struct bsg_device *bd = file->private_data; unsigned int mask = 0; poll_wait(file, &bd->wq_done, wait); poll_wait(file, &bd->wq_free, wait); spin_lock_irq(&bd->lock); if (!list_empty(&bd->done_list)) mask |= POLLIN | POLLRDNORM; if (bd->queued_cmds >= bd->max_queue) mask |= POLLOUT; spin_unlock_irq(&bd->lock); return mask; }",linux-2.6,,,157881654187639959622805726048510314884,0 4805,CWE-119,"static int gemsafe_get_cert_len(sc_card_t *card) { int r; u8 ibuf[GEMSAFE_MAX_OBJLEN]; u8 *iptr; struct sc_path path; struct sc_file *file; size_t objlen, certlen; unsigned int ind, i=0; sc_format_path(GEMSAFE_PATH, &path); r = sc_select_file(card, &path, &file); if (r != SC_SUCCESS || !file) return SC_ERROR_INTERNAL; r = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0); if (r < 0) return SC_ERROR_INTERNAL; objlen = (((size_t) ibuf[0]) << 8) | ibuf[1]; sc_log(card->ctx, ""Stored object is of size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); if (objlen < 1 || objlen > GEMSAFE_MAX_OBJLEN) { sc_log(card->ctx, ""Invalid object size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); return SC_ERROR_INTERNAL; } ind = 2; while (ibuf[ind] == 0x01) { if (ibuf[ind+1] == 0xFE) { gemsafe_prkeys[i].ref = ibuf[ind+4]; sc_log(card->ctx, ""Key container %d is allocated and uses key_ref %d"", i+1, gemsafe_prkeys[i].ref); ind += 9; } else { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; sc_log(card->ctx, ""Key container %d is unallocated"", i+1); ind += 8; } i++; } for (; i < gemsafe_cert_max; i++) { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } iptr = ibuf + GEMSAFE_READ_QUANTUM; while ((size_t)(iptr - ibuf) < objlen) { r = sc_read_binary(card, iptr - ibuf, iptr, MIN(GEMSAFE_READ_QUANTUM, objlen - (iptr - ibuf)), 0); if (r < 0) { sc_log(card->ctx, ""Could not read cert object""); return SC_ERROR_INTERNAL; } iptr += GEMSAFE_READ_QUANTUM; } i = 0; while (ind < objlen - 1) { if (ibuf[ind] == 0x30 && ibuf[ind+1] == 0x82) { while (i < gemsafe_cert_max && gemsafe_cert[i].label == NULL) i++; if (i == gemsafe_cert_max) { sc_log(card->ctx, ""Warning: Found orphaned certificate at offset %d"", ind); return SC_SUCCESS; } if (ind+3 >= sizeof ibuf) return SC_ERROR_INVALID_DATA; certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4; sc_log(card->ctx, ""Found certificate of key container %d at offset %d, len %""SC_FORMAT_LEN_SIZE_T""u"", i+1, ind, certlen); gemsafe_cert[i].index = ind; gemsafe_cert[i].count = certlen; ind += certlen; i++; } else ind++; } for (; i < gemsafe_cert_max; i++) { if (gemsafe_cert[i].label) { sc_log(card->ctx, ""Warning: Certificate of key container %d is missing"", i+1); gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-gemsafeV1.c,https://github.com/OpenSC/OpenSC,187411920034295,1 2124,['CWE-119'],"static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) { unsigned int i; struct desc_struct *gdt = get_cpu_gdt_table(cpu); for (i = 0; i < GDT_ENTRY_TLS_ENTRIES; i++) gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i]; }",linux-2.6,,,326701320871618440744176404816781400795,0 5844,CWE-120,"static pj_status_t pjsip_auth_verify( const pjsip_authorization_hdr *hdr, const pj_str_t *method, const pjsip_cred_info *cred_info ) { if (pj_stricmp(&hdr->scheme, &pjsip_DIGEST_STR) == 0) { char digest_buf[PJSIP_MD5STRLEN]; pj_str_t digest; const pjsip_digest_credential *dig = &hdr->credential.digest; PJ_ASSERT_RETURN(pj_strcmp(&dig->username, &cred_info->username) == 0, PJ_EINVALIDOP); PJ_ASSERT_RETURN(pj_strcmp(&dig->realm, &cred_info->realm) == 0, PJ_EINVALIDOP); digest.ptr = digest_buf; digest.slen = PJSIP_MD5STRLEN; pjsip_auth_create_digest(&digest, &hdr->credential.digest.nonce, &hdr->credential.digest.nc, &hdr->credential.digest.cnonce, &hdr->credential.digest.qop, &hdr->credential.digest.uri, &cred_info->realm, cred_info, method ); return (pj_stricmp(&digest, &hdr->credential.digest.response) == 0) ? PJ_SUCCESS : PJSIP_EAUTHINVALIDDIGEST; } else { pj_assert(!""Unsupported authentication scheme""); return PJSIP_EINVALIDAUTHSCHEME; } }",visit repo url,pjsip/src/pjsip/sip_auth_server.c,https://github.com/pjsip/pjproject,214731594554723,1 6694,CWE-203,"static int tls_new_ciphertext ( struct tls_connection *tls, struct tls_header *tlshdr, struct list_head *rx_data ) { struct tls_cipherspec *cipherspec = &tls->rx_cipherspec; struct tls_cipher_suite *suite = cipherspec->suite; struct cipher_algorithm *cipher = suite->cipher; struct digest_algorithm *digest = suite->digest; size_t len = ntohs ( tlshdr->length ); struct { uint8_t fixed[suite->fixed_iv_len]; uint8_t record[suite->record_iv_len]; } __attribute__ (( packed )) iv; struct tls_auth_header authhdr; uint8_t verify_mac[digest->digestsize]; struct io_buffer *first; struct io_buffer *last; struct io_buffer *iobuf; void *mac; size_t check_len; int pad_len; int rc; assert ( ! list_empty ( rx_data ) ); first = list_first_entry ( rx_data, struct io_buffer, list ); last = list_last_entry ( rx_data, struct io_buffer, list ); if ( iob_len ( first ) < sizeof ( iv.record ) ) { DBGC ( tls, ""TLS %p received underlength IV\n"", tls ); DBGC_HD ( tls, first->data, iob_len ( first ) ); return -EINVAL_IV; } memcpy ( iv.fixed, cipherspec->fixed_iv, sizeof ( iv.fixed ) ); memcpy ( iv.record, first->data, sizeof ( iv.record ) ); iob_pull ( first, sizeof ( iv.record ) ); len -= sizeof ( iv.record ); authhdr.seq = cpu_to_be64 ( tls->rx_seq ); authhdr.header.type = tlshdr->type; authhdr.header.version = tlshdr->version; authhdr.header.length = htons ( len ); cipher_setiv ( cipher, cipherspec->cipher_ctx, &iv, sizeof ( iv ) ); check_len = 0; list_for_each_entry ( iobuf, &tls->rx_data, list ) { cipher_decrypt ( cipher, cipherspec->cipher_ctx, iobuf->data, iobuf->data, iob_len ( iobuf ) ); check_len += iob_len ( iobuf ); } assert ( check_len == len ); if ( is_block_cipher ( cipher ) ) { pad_len = tls_verify_padding ( tls, last ); if ( pad_len < 0 ) { rc = pad_len; return rc; } iob_unput ( last, pad_len ); len -= pad_len; } if ( iob_len ( last ) < suite->mac_len ) { DBGC ( tls, ""TLS %p received underlength MAC\n"", tls ); DBGC_HD ( tls, last->data, iob_len ( last ) ); return -EINVAL_MAC; } iob_unput ( last, suite->mac_len ); len -= suite->mac_len; mac = last->tail; DBGC2 ( tls, ""Received plaintext data:\n"" ); check_len = 0; list_for_each_entry ( iobuf, rx_data, list ) { DBGC2_HD ( tls, iobuf->data, iob_len ( iobuf ) ); check_len += iob_len ( iobuf ); } assert ( check_len == len ); authhdr.header.length = htons ( len ); if ( suite->mac_len ) tls_hmac_list ( cipherspec, &authhdr, rx_data, verify_mac ); if ( memcmp ( mac, verify_mac, suite->mac_len ) != 0 ) { DBGC ( tls, ""TLS %p failed MAC verification\n"", tls ); return -EINVAL_MAC; } if ( ( rc = tls_new_record ( tls, tlshdr->type, rx_data ) ) != 0 ) return rc; return 0; }",visit repo url,src/net/tls.c,https://github.com/ipxe/ipxe,38059960720996,1 231,[],"static void atalk_destroy_timer(unsigned long data) { struct sock *sk = (struct sock *)data; if (atomic_read(&sk->sk_wmem_alloc) || atomic_read(&sk->sk_rmem_alloc)) { sk->sk_timer.expires = jiffies + SOCK_DESTROY_TIME; add_timer(&sk->sk_timer); } else sock_put(sk); }",history,,,149151228763107847222634444844747723894,0 1462,CWE-362,"static noinline void key_gc_unused_keys(struct list_head *keys) { while (!list_empty(keys)) { struct key *key = list_entry(keys->next, struct key, graveyard_link); list_del(&key->graveyard_link); kdebug(""- %u"", key->serial); key_check(key); security_key_free(key); if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { spin_lock(&key->user->lock); key->user->qnkeys--; key->user->qnbytes -= key->quotalen; spin_unlock(&key->user->lock); } atomic_dec(&key->user->nkeys); if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) atomic_dec(&key->user->nikeys); key_user_put(key->user); if (key->type->destroy) key->type->destroy(key); kfree(key->description); #ifdef KEY_DEBUGGING key->magic = KEY_DEBUG_MAGIC_X; #endif kmem_cache_free(key_jar, key); } }",visit repo url,security/keys/gc.c,https://github.com/torvalds/linux,250240598352772,1 1139,CWE-119,"static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) { struct cfg80211_registered_device *rdev = info->user_ptr[0]; struct net_device *dev = info->user_ptr[1]; struct cfg80211_scan_request *request; struct nlattr *attr; struct wiphy *wiphy; int err, tmp, n_ssids = 0, n_channels, i; enum ieee80211_band band; size_t ie_len; if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) return -EINVAL; wiphy = &rdev->wiphy; if (!rdev->ops->scan) return -EOPNOTSUPP; if (rdev->scan_req) return -EBUSY; if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { n_channels = validate_scan_freqs( info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); if (!n_channels) return -EINVAL; } else { n_channels = 0; for (band = 0; band < IEEE80211_NUM_BANDS; band++) if (wiphy->bands[band]) n_channels += wiphy->bands[band]->n_channels; } if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) n_ssids++; if (n_ssids > wiphy->max_scan_ssids) return -EINVAL; if (info->attrs[NL80211_ATTR_IE]) ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); else ie_len = 0; if (ie_len > wiphy->max_scan_ie_len) return -EINVAL; request = kzalloc(sizeof(*request) + sizeof(*request->ssids) * n_ssids + sizeof(*request->channels) * n_channels + ie_len, GFP_KERNEL); if (!request) return -ENOMEM; if (n_ssids) request->ssids = (void *)&request->channels[n_channels]; request->n_ssids = n_ssids; if (ie_len) { if (request->ssids) request->ie = (void *)(request->ssids + n_ssids); else request->ie = (void *)(request->channels + n_channels); } i = 0; if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { struct ieee80211_channel *chan; chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); if (!chan) { err = -EINVAL; goto out_free; } if (chan->flags & IEEE80211_CHAN_DISABLED) continue; request->channels[i] = chan; i++; } } else { for (band = 0; band < IEEE80211_NUM_BANDS; band++) { int j; if (!wiphy->bands[band]) continue; for (j = 0; j < wiphy->bands[band]->n_channels; j++) { struct ieee80211_channel *chan; chan = &wiphy->bands[band]->channels[j]; if (chan->flags & IEEE80211_CHAN_DISABLED) continue; request->channels[i] = chan; i++; } } } if (!i) { err = -EINVAL; goto out_free; } request->n_channels = i; i = 0; if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) { err = -EINVAL; goto out_free; } memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); request->ssids[i].ssid_len = nla_len(attr); i++; } } if (info->attrs[NL80211_ATTR_IE]) { request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); memcpy((void *)request->ie, nla_data(info->attrs[NL80211_ATTR_IE]), request->ie_len); } request->dev = dev; request->wiphy = &rdev->wiphy; rdev->scan_req = request; err = rdev->ops->scan(&rdev->wiphy, dev, request); if (!err) { nl80211_send_scan_start(rdev, dev); dev_hold(dev); } else { out_free: rdev->scan_req = NULL; kfree(request); } return err;",visit repo url,net/wireless/nl80211.c,https://github.com/torvalds/linux,227517058512260,1 3164,['CWE-189'],"static int triclr(jas_iccprof_t *iccprof, int op, jas_cmpxformseq_t **retpxformseq) { int i; jas_iccattrval_t *trcs[3]; jas_iccattrval_t *cols[3]; jas_cmshapmat_t *shapmat; jas_cmpxform_t *pxform; jas_cmpxformseq_t *pxformseq; jas_cmreal_t mat[3][4]; jas_cmshapmatlut_t lut; pxform = 0; pxformseq = 0; for (i = 0; i < 3; ++i) { trcs[i] = 0; cols[i] = 0; } jas_cmshapmatlut_init(&lut); if (!(trcs[0] = jas_iccprof_getattr(iccprof, JAS_ICC_TAG_REDTRC)) || !(trcs[1] = jas_iccprof_getattr(iccprof, JAS_ICC_TAG_GRNTRC)) || !(trcs[2] = jas_iccprof_getattr(iccprof, JAS_ICC_TAG_BLUTRC)) || !(cols[0] = jas_iccprof_getattr(iccprof, JAS_ICC_TAG_REDMATCOL)) || !(cols[1] = jas_iccprof_getattr(iccprof, JAS_ICC_TAG_GRNMATCOL)) || !(cols[2] = jas_iccprof_getattr(iccprof, JAS_ICC_TAG_BLUMATCOL))) goto error; for (i = 0; i < 3; ++i) { if (trcs[i]->type != JAS_ICC_TYPE_CURV || cols[i]->type != JAS_ICC_TYPE_XYZ) goto error; } if (!(pxform = jas_cmpxform_createshapmat())) goto error; pxform->numinchans = 3; pxform->numoutchans = 3; shapmat = &pxform->data.shapmat; if (!(pxformseq = jas_cmpxformseq_create())) goto error; if (jas_cmpxformseq_insertpxform(pxformseq, -1, pxform)) goto error; shapmat->mono = 0; shapmat->useluts = 1; shapmat->usemat = 1; if (!op) { shapmat->order = 0; for (i = 0; i < 3; ++i) { shapmat->mat[0][i] = cols[i]->data.xyz.x / 65536.0; shapmat->mat[1][i] = cols[i]->data.xyz.y / 65536.0; shapmat->mat[2][i] = cols[i]->data.xyz.z / 65536.0; } for (i = 0; i < 3; ++i) shapmat->mat[i][3] = 0.0; for (i = 0; i < 3; ++i) { if (jas_cmshapmatlut_set(&shapmat->luts[i], &trcs[i]->data.curv)) goto error; } } else { shapmat->order = 1; for (i = 0; i < 3; ++i) { mat[0][i] = cols[i]->data.xyz.x / 65536.0; mat[1][i] = cols[i]->data.xyz.y / 65536.0; mat[2][i] = cols[i]->data.xyz.z / 65536.0; } for (i = 0; i < 3; ++i) mat[i][3] = 0.0; if (jas_cmshapmat_invmat(shapmat->mat, mat)) goto error; for (i = 0; i < 3; ++i) { jas_cmshapmatlut_init(&lut); if (jas_cmshapmatlut_set(&lut, &trcs[i]->data.curv)) goto error; if (jas_cmshapmatlut_invert(&shapmat->luts[i], &lut, lut.size)) goto error; jas_cmshapmatlut_cleanup(&lut); } } for (i = 0; i < 3; ++i) { jas_iccattrval_destroy(trcs[i]); jas_iccattrval_destroy(cols[i]); } jas_cmpxform_destroy(pxform); *retpxformseq = pxformseq; return 0; error: for (i = 0; i < 3; ++i) { if (trcs[i]) { jas_iccattrval_destroy(trcs[i]); } if (cols[i]) { jas_iccattrval_destroy(cols[i]); } } if (pxformseq) { jas_cmpxformseq_destroy(pxformseq); } if (pxform) { jas_cmpxform_destroy(pxform); } return -1; }",jasper,,,71757627067769856846327935236831819990,0 1534,CWE-125,"static int cx24116_send_diseqc_msg(struct dvb_frontend *fe, struct dvb_diseqc_master_cmd *d) { struct cx24116_state *state = fe->demodulator_priv; int i, ret; if (debug) { printk(KERN_INFO ""cx24116: %s("", __func__); for (i = 0 ; i < d->msg_len ;) { printk(KERN_INFO ""0x%02x"", d->msg[i]); if (++i < d->msg_len) printk(KERN_INFO "", ""); } printk("") toneburst=%d\n"", toneburst); } if (d->msg_len > (CX24116_ARGLEN - CX24116_DISEQC_MSGOFS)) return -EINVAL; for (i = 0; i < d->msg_len; i++) state->dsec_cmd.args[CX24116_DISEQC_MSGOFS + i] = d->msg[i]; state->dsec_cmd.args[CX24116_DISEQC_MSGLEN] = d->msg_len; state->dsec_cmd.len = CX24116_DISEQC_MSGOFS + state->dsec_cmd.args[CX24116_DISEQC_MSGLEN]; if (toneburst == CX24116_DISEQC_MESGCACHE) return 0; else if (toneburst == CX24116_DISEQC_TONEOFF) state->dsec_cmd.args[CX24116_DISEQC_BURST] = 0; else if (toneburst == CX24116_DISEQC_TONECACHE) { if (d->msg_len >= 4 && d->msg[2] == 0x38) state->dsec_cmd.args[CX24116_DISEQC_BURST] = ((d->msg[3] & 4) >> 2); if (debug) dprintk(""%s burst=%d\n"", __func__, state->dsec_cmd.args[CX24116_DISEQC_BURST]); } ret = cx24116_wait_for_lnb(fe); if (ret != 0) return ret; msleep(100); ret = cx24116_cmd_execute(fe, &state->dsec_cmd); if (ret != 0) return ret; msleep((state->dsec_cmd.args[CX24116_DISEQC_MSGLEN] << 4) + ((toneburst == CX24116_DISEQC_TONEOFF) ? 30 : 60)); return 0; }",visit repo url,drivers/media/dvb-frontends/cx24116.c,https://github.com/torvalds/linux,98642740803133,1 3583,CWE-190,"static mif_hdr_t *mif_hdr_get(jas_stream_t *in) { uchar magicbuf[MIF_MAGICLEN]; char buf[4096]; mif_hdr_t *hdr; bool done; jas_tvparser_t *tvp; int id; hdr = 0; tvp = 0; if (jas_stream_read(in, magicbuf, MIF_MAGICLEN) != MIF_MAGICLEN) { goto error; } if (magicbuf[0] != (MIF_MAGIC >> 24) || magicbuf[1] != ((MIF_MAGIC >> 16) & 0xff) || magicbuf[2] != ((MIF_MAGIC >> 8) & 0xff) || magicbuf[3] != (MIF_MAGIC & 0xff)) { jas_eprintf(""error: bad signature\n""); goto error; } if (!(hdr = mif_hdr_create(0))) { goto error; } done = false; do { if (!mif_getline(in, buf, sizeof(buf))) { jas_eprintf(""mif_getline failed\n""); goto error; } if (buf[0] == '\0') { continue; } JAS_DBGLOG(10, (""header line: len=%d; %s\n"", strlen(buf), buf)); if (!(tvp = jas_tvparser_create(buf))) { jas_eprintf(""jas_tvparser_create failed\n""); goto error; } if (jas_tvparser_next(tvp)) { jas_eprintf(""cannot get record type\n""); goto error; } id = jas_taginfo_nonull(jas_taginfos_lookup(mif_tags2, jas_tvparser_gettag(tvp)))->id; jas_tvparser_destroy(tvp); tvp = 0; switch (id) { case MIF_CMPT: if (mif_process_cmpt(hdr, buf)) { jas_eprintf(""cannot get component information\n""); goto error; } break; case MIF_END: done = 1; break; default: jas_eprintf(""invalid header information: %s\n"", buf); goto error; break; } } while (!done); return hdr; error: if (hdr) { mif_hdr_destroy(hdr); } if (tvp) { jas_tvparser_destroy(tvp); } return 0; }",visit repo url,src/libjasper/mif/mif_cod.c,https://github.com/mdadams/jasper,201753891573560,1 5268,['CWE-264'],"static bool ensure_canon_entry_valid(canon_ace **pp_ace, const struct share_params *params, const bool is_directory, const DOM_SID *pfile_owner_sid, const DOM_SID *pfile_grp_sid, const SMB_STRUCT_STAT *pst, bool setting_acl) { canon_ace *pace; bool got_user = False; bool got_grp = False; bool got_other = False; canon_ace *pace_other = NULL; for (pace = *pp_ace; pace; pace = pace->next) { if (pace->type == SMB_ACL_USER_OBJ) { if (setting_acl) apply_default_perms(params, is_directory, pace, S_IRUSR); got_user = True; } else if (pace->type == SMB_ACL_GROUP_OBJ) { if (setting_acl) apply_default_perms(params, is_directory, pace, S_IRGRP); got_grp = True; } else if (pace->type == SMB_ACL_OTHER) { if (setting_acl) apply_default_perms(params, is_directory, pace, S_IROTH); got_other = True; pace_other = pace; } } if (!got_user) { if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) { DEBUG(0,(""ensure_canon_entry_valid: malloc fail.\n"")); return False; } ZERO_STRUCTP(pace); pace->type = SMB_ACL_USER_OBJ; pace->owner_type = UID_ACE; pace->unix_ug.uid = pst->st_uid; pace->trustee = *pfile_owner_sid; pace->attr = ALLOW_ACE; if (setting_acl) { bool group_matched = False; canon_ace *pace_iter; for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) { if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { if (uid_entry_in_group(pace, pace_iter)) { pace->perms |= pace_iter->perms; group_matched = True; } } } if (!group_matched) { if (got_other) pace->perms = pace_other->perms; else pace->perms = 0; } apply_default_perms(params, is_directory, pace, S_IRUSR); } else { pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR); } DLIST_ADD(*pp_ace, pace); } if (!got_grp) { if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) { DEBUG(0,(""ensure_canon_entry_valid: malloc fail.\n"")); return False; } ZERO_STRUCTP(pace); pace->type = SMB_ACL_GROUP_OBJ; pace->owner_type = GID_ACE; pace->unix_ug.uid = pst->st_gid; pace->trustee = *pfile_grp_sid; pace->attr = ALLOW_ACE; if (setting_acl) { if (got_other) pace->perms = pace_other->perms; else pace->perms = 0; apply_default_perms(params, is_directory, pace, S_IRGRP); } else { pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP); } DLIST_ADD(*pp_ace, pace); } if (!got_other) { if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) { DEBUG(0,(""ensure_canon_entry_valid: malloc fail.\n"")); return False; } ZERO_STRUCTP(pace); pace->type = SMB_ACL_OTHER; pace->owner_type = WORLD_ACE; pace->unix_ug.world = -1; pace->trustee = global_sid_World; pace->attr = ALLOW_ACE; if (setting_acl) { pace->perms = 0; apply_default_perms(params, is_directory, pace, S_IROTH); } else pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH); DLIST_ADD(*pp_ace, pace); } return True; }",samba,,,103848401643136375123244310436664799763,0 952,['CWE-189'],"ProcShmAttach(client) register ClientPtr client; { SHMSTAT_TYPE buf; ShmDescPtr shmdesc; REQUEST(xShmAttachReq); REQUEST_SIZE_MATCH(xShmAttachReq); LEGAL_NEW_RESOURCE(stuff->shmseg, client); if ((stuff->readOnly != xTrue) && (stuff->readOnly != xFalse)) { client->errorValue = stuff->readOnly; return(BadValue); } for (shmdesc = Shmsegs; shmdesc && (shmdesc->shmid != stuff->shmid); shmdesc = shmdesc->next) ; if (shmdesc) { if (!stuff->readOnly && !shmdesc->writable) return BadAccess; shmdesc->refcnt++; } else { shmdesc = (ShmDescPtr) xalloc(sizeof(ShmDescRec)); if (!shmdesc) return BadAlloc; shmdesc->addr = shmat(stuff->shmid, 0, stuff->readOnly ? SHM_RDONLY : 0); if ((shmdesc->addr == ((char *)-1)) || SHMSTAT(stuff->shmid, &buf)) { xfree(shmdesc); return BadAccess; } if (shm_access(client, &(SHM_PERM(buf)), stuff->readOnly) == -1) { shmdt(shmdesc->addr); xfree(shmdesc); return BadAccess; } shmdesc->shmid = stuff->shmid; shmdesc->refcnt = 1; shmdesc->writable = !stuff->readOnly; shmdesc->size = SHM_SEGSZ(buf); shmdesc->next = Shmsegs; Shmsegs = shmdesc; } if (!AddResource(stuff->shmseg, ShmSegType, (pointer)shmdesc)) return BadAlloc; return(client->noClientException); }",xserver,,,89913013489248800710621458549917786375,0 2379,CWE-119,"static int jpeg2000_decode_tile(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile, AVFrame *picture) { int compno, reslevelno, bandno; int x, y; uint8_t *line; Jpeg2000T1Context t1; for (compno = 0; compno < s->ncomponents; compno++) { Jpeg2000Component *comp = tile->comp + compno; Jpeg2000CodingStyle *codsty = tile->codsty + compno; for (reslevelno = 0; reslevelno < codsty->nreslevels2decode; reslevelno++) { Jpeg2000ResLevel *rlevel = comp->reslevel + reslevelno; for (bandno = 0; bandno < rlevel->nbands; bandno++) { int nb_precincts, precno; Jpeg2000Band *band = rlevel->band + bandno; int cblkno = 0, bandpos; bandpos = bandno + (reslevelno > 0); if (band->coord[0][0] == band->coord[0][1] || band->coord[1][0] == band->coord[1][1]) continue; nb_precincts = rlevel->num_precincts_x * rlevel->num_precincts_y; for (precno = 0; precno < nb_precincts; precno++) { Jpeg2000Prec *prec = band->prec + precno; for (cblkno = 0; cblkno < prec->nb_codeblocks_width * prec->nb_codeblocks_height; cblkno++) { int x, y; Jpeg2000Cblk *cblk = prec->cblk + cblkno; decode_cblk(s, codsty, &t1, cblk, cblk->coord[0][1] - cblk->coord[0][0], cblk->coord[1][1] - cblk->coord[1][0], bandpos); x = cblk->coord[0][0]; y = cblk->coord[1][0]; if (codsty->transform == FF_DWT97) dequantization_float(x, y, cblk, comp, &t1, band); else dequantization_int(x, y, cblk, comp, &t1, band); } } } } ff_dwt_decode(&comp->dwt, codsty->transform == FF_DWT97 ? (void*)comp->f_data : (void*)comp->i_data); } if (tile->codsty[0].mct) mct_decode(s, tile); if (s->cdef[0] < 0) { for (x = 0; x < s->ncomponents; x++) s->cdef[x] = x + 1; if ((s->ncomponents & 1) == 0) s->cdef[s->ncomponents-1] = 0; } if (s->precision <= 8) { for (compno = 0; compno < s->ncomponents; compno++) { Jpeg2000Component *comp = tile->comp + compno; Jpeg2000CodingStyle *codsty = tile->codsty + compno; float *datap = comp->f_data; int32_t *i_datap = comp->i_data; int cbps = s->cbps[compno]; int w = tile->comp[compno].coord[0][1] - s->image_offset_x; int planar = !!picture->data[2]; int pixelsize = planar ? 1 : s->ncomponents; int plane = 0; if (planar) plane = s->cdef[compno] ? s->cdef[compno]-1 : (s->ncomponents-1); y = tile->comp[compno].coord[1][0] - s->image_offset_y; line = picture->data[plane] + y * picture->linesize[plane]; for (; y < tile->comp[compno].coord[1][1] - s->image_offset_y; y += s->cdy[compno]) { uint8_t *dst; x = tile->comp[compno].coord[0][0] - s->image_offset_x; dst = line + x * pixelsize + compno*!planar; if (codsty->transform == FF_DWT97) { for (; x < w; x += s->cdx[compno]) { int val = lrintf(*datap) + (1 << (cbps - 1)); val = av_clip(val, 0, (1 << cbps) - 1); *dst = val << (8 - cbps); datap++; dst += pixelsize; } } else { for (; x < w; x += s->cdx[compno]) { int val = *i_datap + (1 << (cbps - 1)); val = av_clip(val, 0, (1 << cbps) - 1); *dst = val << (8 - cbps); i_datap++; dst += pixelsize; } } line += picture->linesize[plane]; } } } else { for (compno = 0; compno < s->ncomponents; compno++) { Jpeg2000Component *comp = tile->comp + compno; Jpeg2000CodingStyle *codsty = tile->codsty + compno; float *datap = comp->f_data; int32_t *i_datap = comp->i_data; uint16_t *linel; int cbps = s->cbps[compno]; int w = tile->comp[compno].coord[0][1] - s->image_offset_x; int planar = !!picture->data[2]; int pixelsize = planar ? 1 : s->ncomponents; int plane = 0; if (planar) plane = s->cdef[compno] ? s->cdef[compno]-1 : (s->ncomponents-1); y = tile->comp[compno].coord[1][0] - s->image_offset_y; linel = (uint16_t *)picture->data[plane] + y * (picture->linesize[plane] >> 1); for (; y < tile->comp[compno].coord[1][1] - s->image_offset_y; y += s->cdy[compno]) { uint16_t *dst; x = tile->comp[compno].coord[0][0] - s->image_offset_x; dst = linel + (x * pixelsize + compno*!planar); if (codsty->transform == FF_DWT97) { for (; x < w; x += s-> cdx[compno]) { int val = lrintf(*datap) + (1 << (cbps - 1)); val = av_clip(val, 0, (1 << cbps) - 1); *dst = val << (16 - cbps); datap++; dst += pixelsize; } } else { for (; x < w; x += s-> cdx[compno]) { int val = *i_datap + (1 << (cbps - 1)); val = av_clip(val, 0, (1 << cbps) - 1); *dst = val << (16 - cbps); i_datap++; dst += pixelsize; } } linel += picture->linesize[plane] >> 1; } } } return 0; }",visit repo url,libavcodec/jpeg2000dec.c,https://github.com/FFmpeg/FFmpeg,149660278132029,1 783,['CWE-119'],"isdn_net_ciscohdlck_receive(isdn_net_local *lp, struct sk_buff *skb) { unsigned char *p; u8 addr; u8 ctrl; u16 type; if (skb->len < 4) goto out_free; p = skb->data; p += get_u8 (p, &addr); p += get_u8 (p, &ctrl); p += get_u16(p, &type); skb_pull(skb, 4); if (addr != CISCO_ADDR_UNICAST && addr != CISCO_ADDR_BROADCAST) { printk(KERN_WARNING ""%s: Unknown Cisco addr 0x%02x\n"", lp->netdev->dev->name, addr); goto out_free; } if (ctrl != CISCO_CTRL) { printk(KERN_WARNING ""%s: Unknown Cisco ctrl 0x%02x\n"", lp->netdev->dev->name, ctrl); goto out_free; } switch (type) { case CISCO_TYPE_SLARP: isdn_net_ciscohdlck_slarp_in(lp, skb); goto out_free; case CISCO_TYPE_CDP: if (lp->cisco_debserint) printk(KERN_DEBUG ""%s: Received CDP packet. use "" ""\""no cdp enable\"" on cisco.\n"", lp->netdev->dev->name); goto out_free; default: skb->protocol = htons(type); netif_rx(skb); return; } out_free: kfree_skb(skb); }",linux-2.6,,,185834889679916051387887851732800195999,0 3266,['CWE-189'],"void *jas_realloc2(void *ptr, size_t num_elements, size_t element_size) { size_t size; if (!jas_safe_size_mul(num_elements, element_size, &size)) { return 0; } return realloc(ptr, size); }",jasper,,,223729119136757424841597242014007180532,0 4900,CWE-787,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { #define MaxPixelChannels 32 #define ThrowTIFFException(severity,message) \ { \ if (pixel_info != (MemoryInfo *) NULL) \ pixel_info=RelinquishVirtualMemory(pixel_info); \ if (quantum_info != (QuantumInfo *) NULL) \ quantum_info=DestroyQuantumInfo(quantum_info); \ TIFFClose(tiff); \ ThrowReaderException(severity,message); \ } const char *option; float *chromaticity = (float *) NULL, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status = 0; MagickBooleanType more_frames; MagickStatusType status; MemoryInfo *pixel_info = (MemoryInfo *) NULL; QuantumInfo *quantum_info; QuantumType quantum_type; size_t number_pixels; ssize_t i, scanline_size, y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag = 0, bits_per_sample = 0, endian = 0, extra_samples = 0, interlace = 0, max_sample_value = 0, min_sample_value = 0, orientation = 0, pages = 0, photometric = 0, *sample_info = NULL, sample_format = 0, samples_per_pixel = 0, units = 0, value = 0; uint32 height, rows_per_strip, width; unsigned char *pixels; void *sans[8] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { if (exception->severity == UndefinedException) ThrowReaderException(CorruptImageError,""UnableToReadImageData""); image=DestroyImageList(image); return((Image *) NULL); } if (exception->severity > ErrorException) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t)TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } more_frames=MagickTrue; do { photometric=PHOTOMETRIC_RGB; if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value,sans) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (((sample_format != SAMPLEFORMAT_IEEEFP) || (bits_per_sample != 64)) && ((bits_per_sample <= 0) || (bits_per_sample > 32))) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""UnsupportedBitsPerPixel""); } if (samples_per_pixel > MaxPixelChannels) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""MaximumChannelsExceeded""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point""); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black""); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white""); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette""); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB""); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB""); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)""); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV""); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK""); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated""); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR""); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown""); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"")); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb""); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb""); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) image->colorspace=GRAYColorspace; if (photometric == PHOTOMETRIC_SEPARATED) image->colorspace=CMYKColorspace; if (photometric == PHOTOMETRIC_CIELAB) image->colorspace=LabColorspace; if ((photometric == PHOTOMETRIC_YCBCR) && (compress_tag != COMPRESSION_OJPEG) && (compress_tag != COMPRESSION_JPEG)) image->colorspace=YCbCrColorspace; status=TIFFGetProfiles(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=TIFFGetProperties(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } option=GetImageOption(image_info,""tiff:exif-properties""); if ((option == (const char *) NULL) || (IsMagickTrue(option) != MagickFalse)) (void) TIFFGetEXIFProperties(tiff,image); option=GetImageOption(image_info,""tiff:gps-properties""); if ((option == (const char *) NULL) || (IsMagickTrue(option) != MagickFalse)) (void) TIFFGetGPSProperties(tiff,image); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution,sans) == 1)) { image->x_resolution=x_resolution; image->y_resolution=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units,sans,sans) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1)) { image->page.x=CastDoubleToLong(ceil(x_position* image->x_resolution-0.5)); image->page.y=CastDoubleToLong(ceil(y_position* image->y_resolution-0.5)); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MaxTextExtent]; int tiff_status; uint16 horizontal, vertical; tiff_status=TIFFGetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,&horizontal, &vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MaxTextExtent,""%dx%d"", horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; #if defined(COMPRESSION_WEBP) case COMPRESSION_WEBP: image->compression=WebPCompression; break; #endif #if defined(COMPRESSION_ZSTD) case COMPRESSION_ZSTD: image->compression=ZstdCompression; break; #endif default: image->compression=RLECompression; break; } quantum_info=(QuantumInfo *) NULL; if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages,sans) == 1) image->scene=value; if (image->storage_class == PseudoClass) { int tiff_status; size_t range; uint16 *blue_colormap = (uint16 *) NULL, *green_colormap = (uint16 *) NULL, *red_colormap = (uint16 *) NULL; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=SetImageColorspace(image,image->colorspace); status&=ResetImagePixels(image,exception); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } extra_samples=0; tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info,sans); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified""); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->matte=MagickTrue; } else for (i=0; i < extra_samples; i++) { image->matte=MagickTrue; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated""); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""unassociated""); } } } if (image->matte != MagickFalse) (void) SetImageAlphaChannel(image,OpaqueAlphaChannel); method=ReadGenericMethod; rows_per_strip=(uint32) image->rows; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char value[MaxTextExtent]; (void) FormatLocaleString(value,MaxTextExtent,""%u"",(unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",value); method=ReadStripMethod; if (rows_per_strip > (uint32) image->rows) rows_per_strip=(uint32) image->rows; } if (TIFFIsTiled(tiff) != MagickFalse) { uint32 columns, rows; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); if ((AcquireMagickResource(WidthResource,columns) == MagickFalse) || (AcquireMagickResource(HeightResource,rows) == MagickFalse)) ThrowTIFFException(ImageError,""WidthOrHeightExceedsLimit""); method=ReadTileMethod; } if ((photometric == PHOTOMETRIC_LOGLUV) || (compress_tag == COMPRESSION_CCITTFAX3)) method=ReadGenericMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); quantum_info->endian=LSBEndian; scanline_size=TIFFScanlineSize(tiff); if (scanline_size <= 0) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=MagickMax((MagickSizeType) image->columns*samples_per_pixel* pow(2.0,ceil(log(bits_per_sample)/log(2.0))),image->columns* rows_per_strip); if ((double) scanline_size > 1.5*number_pixels) ThrowTIFFException(CorruptImageError,""CorruptImage""); number_pixels=MagickMax((MagickSizeType) scanline_size,number_pixels); pixel_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); (void) ResetMagickMemory(pixels,0,number_pixels*sizeof(uint32)); quantum_type=GrayQuantum; if (image->storage_class == PseudoClass) quantum_type=IndexQuantum; if (interlace != PLANARCONFIG_SEPARATE) { size_t pad; pad=(size_t) MagickMax((ssize_t) samples_per_pixel-1,0); if (image->matte != MagickFalse) { if (image->storage_class == PseudoClass) quantum_type=IndexAlphaQuantum; else quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; } if ((samples_per_pixel > 2) && (interlace != PLANARCONFIG_SEPARATE)) { quantum_type=RGBQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-3,0); if (image->matte != MagickFalse) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); } if (image->colorspace == CMYKColorspace) { quantum_type=CMYKQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); if (image->matte != MagickFalse) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); } } switch (method) { case ReadYCCKMethod: { for (y=0; y < (ssize_t) image->rows; y++) { int status; IndexPacket *indexes; PixelPacket *magick_restrict q; ssize_t x; unsigned char *p; status=TIFFReadPixels(tiff,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; indexes=GetAuthenticIndexQueue(image); p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456))); SetPixelMagenta(q,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984))); SetPixelYellow(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816))); SetPixelBlack(indexes+x,ScaleCharToQuantum((unsigned char)*(p+3))); q++; p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { unsigned char *p; size_t extent; ssize_t stride, strip_id; tsize_t strip_size; unsigned char *strip_pixels; extent=(samples_per_pixel+1)*TIFFStripSize(tiff); #if defined(TIFF_VERSION_BIG) extent+=image->columns*sizeof(uint64); #else extent+=image->columns*sizeof(uint32); #endif strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*strip_pixels)); if (strip_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); stride=TIFFVStripSize(tiff,1); strip_id=0; p=strip_pixels; for (i=0; i < (ssize_t) samples_per_pixel; i++) { size_t rows_remaining; switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } rows_remaining=0; for (y=0; y < (ssize_t) image->rows; y++) { PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; if (rows_remaining == 0) { strip_size=TIFFReadEncodedStrip(tiff,strip_id,strip_pixels, TIFFStripSize(tiff)); if (strip_size == -1) break; rows_remaining=rows_per_strip; if ((y+rows_per_strip) > (ssize_t) image->rows) rows_remaining=(rows_per_strip-(y+rows_per_strip- image->rows)); p=strip_pixels; strip_id++; } (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=stride; rows_remaining--; if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } strip_pixels=(unsigned char *) RelinquishMagickMemory(strip_pixels); break; } case ReadTileMethod: { unsigned char *p; size_t extent; uint32 columns, rows; unsigned char *tile_pixels; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff)); #if defined(TIFF_VERSION_BIG) extent+=image->columns*sizeof(uint64); #else extent+=image->columns*sizeof(uint32); #endif tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*tile_pixels)); if (tile_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(tile_pixels,0,extent*sizeof(*tile_pixels)); for (i=0; i < (ssize_t) samples_per_pixel; i++) { switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } for (y=0; y < (ssize_t) image->rows; y+=rows) { ssize_t x; size_t rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t columns_remaining, row; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; tiff_status=TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y, 0,i); if (tiff_status == -1) break; p=tile_pixels; for (row=0; row < rows_remaining; row++) { PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,x,y+row,columns_remaining,1, exception); if (q == (PixelPacket *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=TIFFTileRowSize(tiff); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) i, samples_per_pixel); if (status == MagickFalse) break; } } tile_pixels=(unsigned char *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *generic_info = (MemoryInfo *) NULL; uint32 *p; uint32 *pixels; if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=(MagickSizeType) image->columns*image->rows; #if defined(TIFF_VERSION_BIG) number_pixels+=image->columns*sizeof(uint64); #else number_pixels+=image->columns*sizeof(uint32); #endif generic_info=AcquireVirtualMemory(number_pixels,sizeof(*pixels)); if (generic_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(uint32 *) GetVirtualMemoryBlob(generic_info); tiff_status=TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32) image->rows,(uint32 *) pixels,0); if (tiff_status == -1) { generic_info=RelinquishVirtualMemory(generic_info); break; } p=pixels+(image->columns*image->rows)-1; for (y=0; y < (ssize_t) image->rows; y++) { ssize_t x; PixelPacket *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; q+=image->columns-1; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(q,ScaleCharToQuantum((unsigned char) TIFFGetR(*p))); SetPixelGreen(q,ScaleCharToQuantum((unsigned char) TIFFGetG(*p))); SetPixelBlue(q,ScaleCharToQuantum((unsigned char) TIFFGetB(*p))); if (image->matte == MagickFalse) SetPixelOpacity(q,OpaqueOpacity); else SetPixelAlpha(q,ScaleCharToQuantum((unsigned char) TIFFGetA(*p))); p--; q--; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } generic_info=RelinquishVirtualMemory(generic_info); break; } } pixel_info=RelinquishVirtualMemory(pixel_info); SetQuantumImageType(image,quantum_type); next_tiff_frame: if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (tiff_status == -1) { status=MagickFalse; break; } if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; more_frames=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (more_frames != MagickFalse) { AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { status=MagickFalse; break; } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while ((status != MagickFalse) && (more_frames != MagickFalse)); TIFFClose(tiff); if ((image_info->number_scenes != 0) && (image_info->scene >= GetImageListLength(image))) status=MagickFalse; if (status == MagickFalse) return(DestroyImageList(image)); TIFFReadPhotoshopLayers(image_info,image,exception); return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick6,96830029085878,1 6340,['CWE-200'],"unsigned long neigh_rand_reach_time(unsigned long base) { return (base ? (net_random() % base) + (base >> 1) : 0); }",linux-2.6,,,276300296648910681330536722528397827213,0 1631,CWE-264,"static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; struct inet_sock *inet = inet_sk(sk); struct inet_connection_sock *icsk = inet_csk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct tcp_sock *tp = tcp_sk(sk); struct in6_addr *saddr = NULL, *final_p, final; struct flowi6 fl6; struct dst_entry *dst; int addr_type; int err; if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; if (usin->sin6_family != AF_INET6) return -EAFNOSUPPORT; memset(&fl6, 0, sizeof(fl6)); if (np->sndflow) { fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; IP6_ECN_flow_init(fl6.flowlabel); if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { struct ip6_flowlabel *flowlabel; flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; fl6_sock_release(flowlabel); } } if (ipv6_addr_any(&usin->sin6_addr)) usin->sin6_addr.s6_addr[15] = 0x1; addr_type = ipv6_addr_type(&usin->sin6_addr); if (addr_type & IPV6_ADDR_MULTICAST) return -ENETUNREACH; if (addr_type&IPV6_ADDR_LINKLOCAL) { if (addr_len >= sizeof(struct sockaddr_in6) && usin->sin6_scope_id) { if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != usin->sin6_scope_id) return -EINVAL; sk->sk_bound_dev_if = usin->sin6_scope_id; } if (!sk->sk_bound_dev_if) return -EINVAL; } if (tp->rx_opt.ts_recent_stamp && !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) { tp->rx_opt.ts_recent = 0; tp->rx_opt.ts_recent_stamp = 0; tp->write_seq = 0; } sk->sk_v6_daddr = usin->sin6_addr; np->flow_label = fl6.flowlabel; if (addr_type == IPV6_ADDR_MAPPED) { u32 exthdrlen = icsk->icsk_ext_hdr_len; struct sockaddr_in sin; SOCK_DEBUG(sk, ""connect: ipv4 mapped\n""); if (__ipv6_only_sock(sk)) return -ENETUNREACH; sin.sin_family = AF_INET; sin.sin_port = usin->sin6_port; sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; icsk->icsk_af_ops = &ipv6_mapped; sk->sk_backlog_rcv = tcp_v4_do_rcv; #ifdef CONFIG_TCP_MD5SIG tp->af_specific = &tcp_sock_ipv6_mapped_specific; #endif err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); if (err) { icsk->icsk_ext_hdr_len = exthdrlen; icsk->icsk_af_ops = &ipv6_specific; sk->sk_backlog_rcv = tcp_v6_do_rcv; #ifdef CONFIG_TCP_MD5SIG tp->af_specific = &tcp_sock_ipv6_specific; #endif goto failure; } np->saddr = sk->sk_v6_rcv_saddr; return err; } if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) saddr = &sk->sk_v6_rcv_saddr; fl6.flowi6_proto = IPPROTO_TCP; fl6.daddr = sk->sk_v6_daddr; fl6.saddr = saddr ? *saddr : np->saddr; fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = sk->sk_mark; fl6.fl6_dport = usin->sin6_port; fl6.fl6_sport = inet->inet_sport; final_p = fl6_update_dst(&fl6, np->opt, &final); security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { err = PTR_ERR(dst); goto failure; } if (!saddr) { saddr = &fl6.saddr; sk->sk_v6_rcv_saddr = *saddr; } np->saddr = *saddr; inet->inet_rcv_saddr = LOOPBACK4_IPV6; sk->sk_gso_type = SKB_GSO_TCPV6; __ip6_dst_store(sk, dst, NULL, NULL); if (tcp_death_row.sysctl_tw_recycle && !tp->rx_opt.ts_recent_stamp && ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr)) tcp_fetch_timewait_stamp(sk, dst); icsk->icsk_ext_hdr_len = 0; if (np->opt) icsk->icsk_ext_hdr_len = (np->opt->opt_flen + np->opt->opt_nflen); tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); inet->inet_dport = usin->sin6_port; tcp_set_state(sk, TCP_SYN_SENT); err = inet6_hash_connect(&tcp_death_row, sk); if (err) goto late_failure; sk_set_txhash(sk); if (!tp->write_seq && likely(!tp->repair)) tp->write_seq = secure_tcpv6_sequence_number(np->saddr.s6_addr32, sk->sk_v6_daddr.s6_addr32, inet->inet_sport, inet->inet_dport); err = tcp_connect(sk); if (err) goto late_failure; return 0; late_failure: tcp_set_state(sk, TCP_CLOSE); __sk_dst_reset(sk); failure: inet->inet_dport = 0; sk->sk_route_caps = 0; return err; }",visit repo url,net/ipv6/tcp_ipv6.c,https://github.com/torvalds/linux,24869069594082,1 869,CWE-20,"static void unix_copy_addr(struct msghdr *msg, struct sock *sk) { struct unix_sock *u = unix_sk(sk); msg->msg_namelen = 0; if (u->addr) { msg->msg_namelen = u->addr->len; memcpy(msg->msg_name, u->addr->name, u->addr->len); } }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,153126031543195,1 4782,[],"static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) { int rc; struct sk_security_struct *sksec = sk->sk_security; struct netlbl_lsm_secattr *secattr; if (sksec->nlbl_secattr != NULL) return sksec->nlbl_secattr; secattr = netlbl_secattr_alloc(GFP_ATOMIC); if (secattr == NULL) return NULL; rc = security_netlbl_sid_to_secattr(sksec->sid, secattr); if (rc != 0) { netlbl_secattr_free(secattr); return NULL; } sksec->nlbl_secattr = secattr; return secattr; }",linux-2.6,,,283384202238600172714706122556982679185,0 6160,['CWE-200'],"tcf_fill_node(struct sk_buff *skb, struct tcf_proto *tp, unsigned long fh, u32 pid, u32 seq, u16 flags, int event) { struct tcmsg *tcm; struct nlmsghdr *nlh; unsigned char *b = skb->tail; nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags); tcm = NLMSG_DATA(nlh); tcm->tcm_family = AF_UNSPEC; tcm->tcm__pad1 = 0; tcm->tcm__pad1 = 0; tcm->tcm_ifindex = tp->q->dev->ifindex; tcm->tcm_parent = tp->classid; tcm->tcm_info = TC_H_MAKE(tp->prio, tp->protocol); RTA_PUT(skb, TCA_KIND, IFNAMSIZ, tp->ops->kind); tcm->tcm_handle = fh; if (RTM_DELTFILTER != event) { tcm->tcm_handle = 0; if (tp->ops->dump && tp->ops->dump(tp, fh, skb, tcm) < 0) goto rtattr_failure; } nlh->nlmsg_len = skb->tail - b; return skb->len; nlmsg_failure: rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,39412605510804165272988430666711426135,0 1941,CWE-401,"static int ca8210_probe(struct spi_device *spi_device) { struct ca8210_priv *priv; struct ieee802154_hw *hw; struct ca8210_platform_data *pdata; int ret; dev_info(&spi_device->dev, ""Inserting ca8210\n""); hw = ieee802154_alloc_hw(sizeof(struct ca8210_priv), &ca8210_phy_ops); if (!hw) { dev_crit(&spi_device->dev, ""ieee802154_alloc_hw failed\n""); ret = -ENOMEM; goto error; } priv = hw->priv; priv->hw = hw; priv->spi = spi_device; hw->parent = &spi_device->dev; spin_lock_init(&priv->lock); priv->async_tx_pending = false; priv->hw_registered = false; priv->sync_up = 0; priv->sync_down = 0; priv->promiscuous = false; priv->retries = 0; init_completion(&priv->ca8210_is_awake); init_completion(&priv->spi_transfer_complete); init_completion(&priv->sync_exchange_complete); spi_set_drvdata(priv->spi, priv); if (IS_ENABLED(CONFIG_IEEE802154_CA8210_DEBUGFS)) { cascoda_api_upstream = ca8210_test_int_driver_write; ca8210_test_interface_init(priv); } else { cascoda_api_upstream = NULL; } ca8210_hw_setup(hw); ieee802154_random_extended_addr(&hw->phy->perm_extended_addr); pdata = kmalloc(sizeof(*pdata), GFP_KERNEL); if (!pdata) { ret = -ENOMEM; goto error; } ret = ca8210_get_platform_data(priv->spi, pdata); if (ret) { dev_crit(&spi_device->dev, ""ca8210_get_platform_data failed\n""); goto error; } priv->spi->dev.platform_data = pdata; ret = ca8210_dev_com_init(priv); if (ret) { dev_crit(&spi_device->dev, ""ca8210_dev_com_init failed\n""); goto error; } ret = ca8210_reset_init(priv->spi); if (ret) { dev_crit(&spi_device->dev, ""ca8210_reset_init failed\n""); goto error; } ret = ca8210_interrupt_init(priv->spi); if (ret) { dev_crit(&spi_device->dev, ""ca8210_interrupt_init failed\n""); goto error; } msleep(100); ca8210_reset_send(priv->spi, 1); ret = tdme_chipinit(priv->spi); if (ret) { dev_crit(&spi_device->dev, ""tdme_chipinit failed\n""); goto error; } if (pdata->extclockenable) { ret = ca8210_config_extern_clk(pdata, priv->spi, 1); if (ret) { dev_crit( &spi_device->dev, ""ca8210_config_extern_clk failed\n"" ); goto error; } ret = ca8210_register_ext_clock(priv->spi); if (ret) { dev_crit( &spi_device->dev, ""ca8210_register_ext_clock failed\n"" ); goto error; } } ret = ieee802154_register_hw(hw); if (ret) { dev_crit(&spi_device->dev, ""ieee802154_register_hw failed\n""); goto error; } priv->hw_registered = true; return 0; error: msleep(100); ca8210_remove(spi_device); return link_to_linux_err(ret); }",visit repo url,drivers/net/ieee802154/ca8210.c,https://github.com/torvalds/linux,120717869307750,1 499,CWE-476,"static ssize_t o2nm_node_ipv4_address_store(struct config_item *item, const char *page, size_t count) { struct o2nm_node *node = to_o2nm_node(item); struct o2nm_cluster *cluster = to_o2nm_cluster_from_node(node); int ret, i; struct rb_node **p, *parent; unsigned int octets[4]; __be32 ipv4_addr = 0; ret = sscanf(page, ""%3u.%3u.%3u.%3u"", &octets[3], &octets[2], &octets[1], &octets[0]); if (ret != 4) return -EINVAL; for (i = 0; i < ARRAY_SIZE(octets); i++) { if (octets[i] > 255) return -ERANGE; be32_add_cpu(&ipv4_addr, octets[i] << (i * 8)); } ret = 0; write_lock(&cluster->cl_nodes_lock); if (o2nm_node_ip_tree_lookup(cluster, ipv4_addr, &p, &parent)) ret = -EEXIST; else if (test_and_set_bit(O2NM_NODE_ATTR_ADDRESS, &node->nd_set_attributes)) ret = -EBUSY; else { rb_link_node(&node->nd_ip_node, parent, p); rb_insert_color(&node->nd_ip_node, &cluster->cl_node_ip_tree); } write_unlock(&cluster->cl_nodes_lock); if (ret) return ret; memcpy(&node->nd_ipv4_address, &ipv4_addr, sizeof(ipv4_addr)); return count; }",visit repo url,fs/ocfs2/cluster/nodemanager.c,https://github.com/torvalds/linux,135946676427802,1 2613,CWE-189,"PHPAPI zend_string *php_escape_shell_arg(char *str) { int x, y = 0, l = (int)strlen(str); zend_string *cmd; size_t estimate = (4 * l) + 3; cmd = zend_string_alloc(4 * l + 2, 0); #ifdef PHP_WIN32 ZSTR_VAL(cmd)[y++] = '""'; #else ZSTR_VAL(cmd)[y++] = '\''; #endif for (x = 0; x < l; x++) { int mb_len = php_mblen(str + x, (l - x)); if (mb_len < 0) { continue; } else if (mb_len > 1) { memcpy(ZSTR_VAL(cmd) + y, str + x, mb_len); y += mb_len; x += mb_len - 1; continue; } switch (str[x]) { #ifdef PHP_WIN32 case '""': case '%': case '!': ZSTR_VAL(cmd)[y++] = ' '; break; #else case '\'': ZSTR_VAL(cmd)[y++] = '\''; ZSTR_VAL(cmd)[y++] = '\\'; ZSTR_VAL(cmd)[y++] = '\''; #endif default: ZSTR_VAL(cmd)[y++] = str[x]; } } #ifdef PHP_WIN32 if (y > 0 && '\\' == ZSTR_VAL(cmd)[y - 1]) { int k = 0, n = y - 1; for (; n >= 0 && '\\' == ZSTR_VAL(cmd)[n]; n--, k++); if (k % 2) { ZSTR_VAL(cmd)[y++] = '\\'; } } ZSTR_VAL(cmd)[y++] = '""'; #else ZSTR_VAL(cmd)[y++] = '\''; #endif ZSTR_VAL(cmd)[y] = '\0'; if ((estimate - y) > 4096) { cmd = zend_string_truncate(cmd, y, 0); } ZSTR_LEN(cmd) = y; return cmd; }",visit repo url,ext/standard/exec.c,https://github.com/php/php-src,32984476634401,1 5986,['CWE-200'],"static int rsvp_classify(struct sk_buff *skb, struct tcf_proto *tp, struct tcf_result *res) { struct rsvp_session **sht = ((struct rsvp_head*)tp->root)->ht; struct rsvp_session *s; struct rsvp_filter *f; unsigned h1, h2; u32 *dst, *src; u8 protocol; u8 tunnelid = 0; u8 *xprt; #if RSVP_DST_LEN == 4 struct ipv6hdr *nhptr = skb->nh.ipv6h; #else struct iphdr *nhptr = skb->nh.iph; #endif restart: #if RSVP_DST_LEN == 4 src = &nhptr->saddr.s6_addr32[0]; dst = &nhptr->daddr.s6_addr32[0]; protocol = nhptr->nexthdr; xprt = ((u8*)nhptr) + sizeof(struct ipv6hdr); #else src = &nhptr->saddr; dst = &nhptr->daddr; protocol = nhptr->protocol; xprt = ((u8*)nhptr) + (nhptr->ihl<<2); if (nhptr->frag_off&__constant_htons(IP_MF|IP_OFFSET)) return -1; #endif h1 = hash_dst(dst, protocol, tunnelid); h2 = hash_src(src); for (s = sht[h1]; s; s = s->next) { if (dst[RSVP_DST_LEN-1] == s->dst[RSVP_DST_LEN-1] && protocol == s->protocol && !(s->dpi.mask & (*(u32*)(xprt+s->dpi.offset)^s->dpi.key)) #if RSVP_DST_LEN == 4 && dst[0] == s->dst[0] && dst[1] == s->dst[1] && dst[2] == s->dst[2] #endif && tunnelid == s->tunnelid) { for (f = s->ht[h2]; f; f = f->next) { if (src[RSVP_DST_LEN-1] == f->src[RSVP_DST_LEN-1] && !(f->spi.mask & (*(u32*)(xprt+f->spi.offset)^f->spi.key)) #if RSVP_DST_LEN == 4 && src[0] == f->src[0] && src[1] == f->src[1] && src[2] == f->src[2] #endif ) { *res = f->res; RSVP_APPLY_RESULT(); matched: if (f->tunnelhdr == 0) return 0; tunnelid = f->res.classid; nhptr = (void*)(xprt + f->tunnelhdr - sizeof(*nhptr)); goto restart; } } for (f = s->ht[16]; f; f = f->next) { *res = f->res; RSVP_APPLY_RESULT(); goto matched; } return -1; } } return -1; }",linux-2.6,,,109418815646133747557436930025371575300,0 250,CWE-284,"int tcp_v4_rcv(struct sk_buff *skb) { struct net *net = dev_net(skb->dev); const struct iphdr *iph; const struct tcphdr *th; bool refcounted; struct sock *sk; int ret; if (skb->pkt_type != PACKET_HOST) goto discard_it; __TCP_INC_STATS(net, TCP_MIB_INSEGS); if (!pskb_may_pull(skb, sizeof(struct tcphdr))) goto discard_it; th = (const struct tcphdr *)skb->data; if (unlikely(th->doff < sizeof(struct tcphdr) / 4)) goto bad_packet; if (!pskb_may_pull(skb, th->doff * 4)) goto discard_it; if (skb_checksum_init(skb, IPPROTO_TCP, inet_compute_pseudo)) goto csum_error; th = (const struct tcphdr *)skb->data; iph = ip_hdr(skb); memmove(&TCP_SKB_CB(skb)->header.h4, IPCB(skb), sizeof(struct inet_skb_parm)); barrier(); TCP_SKB_CB(skb)->seq = ntohl(th->seq); TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + skb->len - th->doff * 4); TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th); TCP_SKB_CB(skb)->tcp_tw_isn = 0; TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph); TCP_SKB_CB(skb)->sacked = 0; lookup: sk = __inet_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), th->source, th->dest, &refcounted); if (!sk) goto no_tcp_socket; process: if (sk->sk_state == TCP_TIME_WAIT) goto do_time_wait; if (sk->sk_state == TCP_NEW_SYN_RECV) { struct request_sock *req = inet_reqsk(sk); struct sock *nsk; sk = req->rsk_listener; if (unlikely(tcp_v4_inbound_md5_hash(sk, skb))) { sk_drops_add(sk, skb); reqsk_put(req); goto discard_it; } if (unlikely(sk->sk_state != TCP_LISTEN)) { inet_csk_reqsk_queue_drop_and_put(sk, req); goto lookup; } sock_hold(sk); refcounted = true; nsk = tcp_check_req(sk, skb, req, false); if (!nsk) { reqsk_put(req); goto discard_and_relse; } if (nsk == sk) { reqsk_put(req); } else if (tcp_child_process(sk, nsk, skb)) { tcp_v4_send_reset(nsk, skb); goto discard_and_relse; } else { sock_put(sk); return 0; } } if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); goto discard_and_relse; } if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) goto discard_and_relse; if (tcp_v4_inbound_md5_hash(sk, skb)) goto discard_and_relse; nf_reset(skb); if (sk_filter(sk, skb)) goto discard_and_relse; skb->dev = NULL; if (sk->sk_state == TCP_LISTEN) { ret = tcp_v4_do_rcv(sk, skb); goto put_and_return; } sk_incoming_cpu_update(sk); bh_lock_sock_nested(sk); tcp_segs_in(tcp_sk(sk), skb); ret = 0; if (!sock_owned_by_user(sk)) { if (!tcp_prequeue(sk, skb)) ret = tcp_v4_do_rcv(sk, skb); } else if (tcp_add_backlog(sk, skb)) { goto discard_and_relse; } bh_unlock_sock(sk); put_and_return: if (refcounted) sock_put(sk); return ret; no_tcp_socket: if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) goto discard_it; if (tcp_checksum_complete(skb)) { csum_error: __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS); bad_packet: __TCP_INC_STATS(net, TCP_MIB_INERRS); } else { tcp_v4_send_reset(NULL, skb); } discard_it: kfree_skb(skb); return 0; discard_and_relse: sk_drops_add(sk, skb); if (refcounted) sock_put(sk); goto discard_it; do_time_wait: if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { inet_twsk_put(inet_twsk(sk)); goto discard_it; } if (tcp_checksum_complete(skb)) { inet_twsk_put(inet_twsk(sk)); goto csum_error; } switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { case TCP_TW_SYN: { struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, skb, __tcp_hdrlen(th), iph->saddr, th->source, iph->daddr, th->dest, inet_iif(skb)); if (sk2) { inet_twsk_deschedule_put(inet_twsk(sk)); sk = sk2; refcounted = false; goto process; } } case TCP_TW_ACK: tcp_v4_timewait_ack(sk, skb); break; case TCP_TW_RST: tcp_v4_send_reset(sk, skb); inet_twsk_deschedule_put(inet_twsk(sk)); goto discard_it; case TCP_TW_SUCCESS:; } goto discard_it; }",visit repo url,net/ipv4/tcp_ipv4.c,https://github.com/torvalds/linux,123646517046505,1 3461,['CWE-20'],"sctp_disposition_t sctp_sf_do_prm_asconf(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,225440915788833333458039497099297593330,0 6735,CWE-401,"static uint32_t parse_user_name(uint32_t *minor_status, const char *str, size_t len, char **domain, char **username) { uint32_t retmaj; uint32_t retmin; char *at, *sep; if (len > MAX_NAME_LEN) { return GSSERRS(ERR_NAMETOOLONG, GSS_S_BAD_NAME); } *username = NULL; *domain = NULL; at = memchr(str, '@', len); sep = memchr(str, '\\', len); if (at && sep) { char strbuf[len + 1]; char *buf = strbuf; bool domain_handled = false; memcpy(buf, str, len); buf[len] = '\0'; sep = buf + (sep - str); at = buf + (at - str); if (sep > at) { if (*(sep + 1) == '@') { set_GSSERR(EINVAL); goto done; } } else if (at - sep == 1) { sep = NULL; } if (sep) { domain_handled = true; *sep = '\0'; *domain = strdup(buf); if (NULL == *domain) { set_GSSERR(ENOMEM); goto done; } len = len - (sep - buf) - 1; buf = sep + 1; } for (at = strchr(buf, '@'); at != NULL; at = strchr(at, '@')) { if (*(at - 1) == '\\') { if (domain_handled) { free(*domain); *domain = NULL; set_GSSERR(EINVAL); goto done; } memmove(at - 1, at, len - (at - buf) + 1); } else if (!domain_handled) { *at = '\0'; *domain = strdup(at + 1); if (NULL == *domain) { set_GSSERR(ENOMEM); goto done; } } at += 1; } *username = strdup(buf); if (NULL == *username) { set_GSSERR(ENOMEM); goto done; } set_GSSERRS(0, GSS_S_COMPLETE); goto done; } if (sep) { retmaj = string_split(&retmin, '\\', str, len, domain, username); goto done; } if (at) { retmaj = string_split(&retmin, '@', str, len, username, domain); goto done; } *username = strndup(str, len); if (NULL == *username) { set_GSSERR(ENOMEM); } set_GSSERRS(0, GSS_S_COMPLETE); done: return GSSERR(); }",visit repo url,src/gss_names.c,https://github.com/gssapi/gss-ntlmssp,252383440080065,1 6032,CWE-476,"print_line_header(Dwarf_Debug dbg, Dwarf_Bool is_single_tab, Dwarf_Bool is_actuals_tab) { if (!is_single_tab) { if (is_actuals_tab) { _dwarf_printf(dbg,""\nActuals Table\n""); _dwarf_printf(dbg, "" be\n"" "" ls\n"" "" ce\n"" "" section op kq\n"" "" offset code address/index row isa ??\n""); return; } else { _dwarf_printf(dbg,""\nLogicals Table\n""); _dwarf_printf(dbg, "" s pe\n"" "" tirp\n"" "" msoi\n"" "" section op tall\n"" "" offset row code address/indx fil lne col disc cntx subp ????\n""); return; } } _dwarf_printf(dbg, "" s b e p e i d\n"" "" t l s r p s i\n"" "" m c e o i a s\n"" "" section op col t k q l l c\n"" "" offset code address file line umn ? ? ? ? ?\n""); } ",visit repo url,libdwarf/dwarf_print_lines.c,https://github.com/davea42/libdwarf-code,62172465733086,1 4747,['CWE-20'],"static loff_t ext4_max_size(int blkbits, int has_huge_files) { loff_t res; loff_t upper_limit = MAX_LFS_FILESIZE; if (!has_huge_files || sizeof(blkcnt_t) < sizeof(u64)) { upper_limit = (1LL << 32) - 1; upper_limit >>= (blkbits - 9); upper_limit <<= blkbits; } res = 1LL << 32; res <<= blkbits; res -= 1; if (res > upper_limit) res = upper_limit; return res; }",linux-2.6,,,68732918806681300162816803472824630483,0 4013,CWE-200,"entry_guard_obeys_restriction(const entry_guard_t *guard, const entry_guard_restriction_t *rst) { tor_assert(guard); if (! rst) return 1; return tor_memneq(guard->identity, rst->exclude_id, DIGEST_LEN); }",visit repo url,src/or/entrynodes.c,https://github.com/torproject/tor,13456806113661,1 4280,['CWE-264'],"int unshare_files(struct files_struct **displaced) { struct task_struct *task = current; struct files_struct *copy = NULL; int error; error = unshare_fd(CLONE_FILES, ©); if (error || !copy) { *displaced = NULL; return error; } *displaced = task->files; task_lock(task); task->files = copy; task_unlock(task); return 0; }",linux-2.6,,,191813686741140752724816208404764329223,0 4261,['CWE-119'],"sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; sctp_shutdownhdr_t *sdh; sctp_disposition_t disposition; struct sctp_ulpevent *ev; __u32 ctsn; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_shutdown_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); sdh = (sctp_shutdownhdr_t *)chunk->skb->data; skb_pull(chunk->skb, sizeof(sctp_shutdownhdr_t)); chunk->subh.shutdown_hdr = sdh; ctsn = ntohl(sdh->cum_tsn_ack); if (!TSN_lt(ctsn, asoc->next_tsn)) return sctp_sf_violation_ctsn(ep, asoc, type, arg, commands); ev = sctp_ulpevent_make_shutdown_event(asoc, 0, GFP_ATOMIC); if (!ev) { disposition = SCTP_DISPOSITION_NOMEM; goto out; } sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_SHUTDOWN_RECEIVED)); disposition = SCTP_DISPOSITION_CONSUME; if (sctp_outq_is_empty(&asoc->outqueue)) { disposition = sctp_sf_do_9_2_shutdown_ack(ep, asoc, type, arg, commands); } if (SCTP_DISPOSITION_NOMEM == disposition) goto out; sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_CTSN, SCTP_BE32(chunk->subh.shutdown_hdr->cum_tsn_ack)); out: return disposition; }",linux-2.6,,,42214475741399957121933107795304044098,0 863,['CWE-119'],"isdn_wildmat(char *s, char *p) { register int last; register int matched; register int reverse; register int nostar = 1; if (!(*s) && !(*p)) return(1); for (; *p; s++, p++) switch (*p) { case '\\': p++; default: if (*s != *p) return (*s == '\0')?2:1; continue; case '?': if (*s == '\0') return (2); continue; case '*': nostar = 0; return (*++p ? isdn_star(s, p) : 0); case '[': if ((reverse = (p[1] == '^'))) p++; for (last = 0, matched = 0; *++p && (*p != ']'); last = *p) if (*p == '-' ? *s <= *++p && *s >= last : *s == *p) matched = 1; if (matched == reverse) return (1); continue; } return (*s == '\0')?0:nostar; }",linux-2.6,,,102826419430836570830219684013222191373,0 6507,CWE-787,"void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *_hashX, char *_hashY, char *signature) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE CHECK_STATE(encryptedPrivateKey); CHECK_STATE(_hashX); CHECK_STATE(_hashY); CHECK_STATE(signature); SAFE_CHAR_BUF(key, BUF_LEN);SAFE_CHAR_BUF(sig, BUF_LEN); int status = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN); CHECK_STATUS(""AES decrypt failed"") if (!enclave_sign(key, _hashX, _hashY, sig)) { strncpy(errString, ""Enclave failed to create bls signature"", BUF_LEN); LOG_ERROR(errString); *errStatus = -1; goto clean; } strncpy(signature, sig, BUF_LEN); if (strnlen(signature, BUF_LEN) < 10) { strncpy(errString, ""Signature too short"", BUF_LEN); LOG_ERROR(errString); *errStatus = -1; goto clean; } SET_SUCCESS LOG_DEBUG(""SGX call completed""); clean: ; LOG_DEBUG(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,259551688372342,1 1662,CWE-416,"static int swevent_hlist_get_cpu(struct perf_event *event, int cpu) { struct swevent_htable *swhash = &per_cpu(swevent_htable, cpu); int err = 0; mutex_lock(&swhash->hlist_mutex); if (!swevent_hlist_deref(swhash) && cpu_online(cpu)) { struct swevent_hlist *hlist; hlist = kzalloc(sizeof(*hlist), GFP_KERNEL); if (!hlist) { err = -ENOMEM; goto exit; } rcu_assign_pointer(swhash->swevent_hlist, hlist); } swhash->hlist_refcount++; exit: mutex_unlock(&swhash->hlist_mutex); return err; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,12966033400376,1 5383,['CWE-476'],"void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long addr, u32 error_code) { ++vcpu->stat.pf_guest; if (vcpu->arch.exception.pending) { if (vcpu->arch.exception.nr == PF_VECTOR) { printk(KERN_DEBUG ""kvm: inject_page_fault:"" "" double fault 0x%lx\n"", addr); vcpu->arch.exception.nr = DF_VECTOR; vcpu->arch.exception.error_code = 0; } else if (vcpu->arch.exception.nr == DF_VECTOR) { set_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests); } return; } vcpu->arch.cr2 = addr; kvm_queue_exception_e(vcpu, PF_VECTOR, error_code); }",linux-2.6,,,284641881627147241020619424561434710131,0 498,CWE-476,"static ssize_t o2nm_node_local_store(struct config_item *item, const char *page, size_t count) { struct o2nm_node *node = to_o2nm_node(item); struct o2nm_cluster *cluster = to_o2nm_cluster_from_node(node); unsigned long tmp; char *p = (char *)page; ssize_t ret; tmp = simple_strtoul(p, &p, 0); if (!p || (*p && (*p != '\n'))) return -EINVAL; tmp = !!tmp; if (!test_bit(O2NM_NODE_ATTR_ADDRESS, &node->nd_set_attributes) || !test_bit(O2NM_NODE_ATTR_NUM, &node->nd_set_attributes) || !test_bit(O2NM_NODE_ATTR_PORT, &node->nd_set_attributes)) return -EINVAL; if (tmp && tmp == cluster->cl_has_local && cluster->cl_local_node != node->nd_num) return -EBUSY; if (tmp && !cluster->cl_has_local) { ret = o2net_start_listening(node); if (ret) return ret; } if (!tmp && cluster->cl_has_local && cluster->cl_local_node == node->nd_num) { o2net_stop_listening(node); cluster->cl_local_node = O2NM_INVALID_NODE_NUM; } node->nd_local = tmp; if (node->nd_local) { cluster->cl_has_local = tmp; cluster->cl_local_node = node->nd_num; } return count; }",visit repo url,fs/ocfs2/cluster/nodemanager.c,https://github.com/torvalds/linux,12361832859782,1 2718,CWE-190,"SPL_METHOD(SplFileInfo, getRealPath) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); char buff[MAXPATHLEN]; char *filename; zend_error_handling error_handling; if (zend_parse_parameters_none() == FAILURE) { return; } zend_replace_error_handling(EH_THROW, spl_ce_RuntimeException, &error_handling TSRMLS_CC); if (intern->type == SPL_FS_DIR && !intern->file_name && intern->u.dir.entry.d_name[0]) { spl_filesystem_object_get_file_name(intern TSRMLS_CC); } if (intern->orig_path) { filename = intern->orig_path; } else { filename = intern->file_name; } if (filename && VCWD_REALPATH(filename, buff)) { #ifdef ZTS if (VCWD_ACCESS(buff, F_OK)) { RETVAL_FALSE; } else #endif RETVAL_STRING(buff, 1); } else { RETVAL_FALSE; } zend_restore_error_handling(&error_handling TSRMLS_CC); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,9143977184456,1 1732,NVD-CWE-Other,"static int cdc_ncm_bind(struct usbnet *dev, struct usb_interface *intf) { int ret; if (cdc_ncm_select_altsetting(intf) != CDC_NCM_COMM_ALTSETTING_NCM) return -ENODEV; ret = cdc_ncm_bind_common(dev, intf, CDC_NCM_DATA_ALTSETTING_NCM, 0); usbnet_link_change(dev, 0, 0); return ret; }",visit repo url,drivers/net/usb/cdc_ncm.c,https://github.com/torvalds/linux,9870022320573,1 3845,[],"static inline int cap_limit_ptraced_target(void) { return !capable(CAP_SETPCAP); }",linux-2.6,,,112116425942411384315059048607174036614,0 6244,CWE-190,"void md_map_sh224(uint8_t *hash, const uint8_t *msg, int len) { SHA224Context ctx; if (SHA224Reset(&ctx) != shaSuccess) { RLC_THROW(ERR_NO_VALID); return; } if (SHA224Input(&ctx, msg, len) != shaSuccess) { RLC_THROW(ERR_NO_VALID); return; } if (SHA224Result(&ctx, hash) != shaSuccess) { RLC_THROW(ERR_NO_VALID); return; } }",visit repo url,src/md/relic_md_sha224.c,https://github.com/relic-toolkit/relic,123135115845589,1 1844,['CWE-189'],"_gnutls_send_supplemental (gnutls_session_t session, int again) { int ret = 0; _gnutls_debug_log (""EXT[%x]: Sending supplemental data\n"", session); if (again) ret = _gnutls_send_handshake (session, NULL, 0, GNUTLS_HANDSHAKE_SUPPLEMENTAL); else { gnutls_buffer buf; _gnutls_buffer_init (&buf); ret = _gnutls_gen_supplemental (session, &buf); if (ret < 0) { gnutls_assert (); return ret; } ret = _gnutls_send_handshake (session, buf.data, buf.length, GNUTLS_HANDSHAKE_SUPPLEMENTAL); _gnutls_buffer_clear (&buf); } return ret; }",gnutls,,,231912326101950260156603804114421013205,0 487,[],"pfm_syswide_force_stop(void *info) { pfm_context_t *ctx = (pfm_context_t *)info; struct pt_regs *regs = task_pt_regs(current); struct task_struct *owner; unsigned long flags; int ret; if (ctx->ctx_cpu != smp_processor_id()) { printk(KERN_ERR ""perfmon: pfm_syswide_force_stop for CPU%d but on CPU%d\n"", ctx->ctx_cpu, smp_processor_id()); return; } owner = GET_PMU_OWNER(); if (owner != ctx->ctx_task) { printk(KERN_ERR ""perfmon: pfm_syswide_force_stop CPU%d unexpected owner [%d] instead of [%d]\n"", smp_processor_id(), owner->pid, ctx->ctx_task->pid); return; } if (GET_PMU_CTX() != ctx) { printk(KERN_ERR ""perfmon: pfm_syswide_force_stop CPU%d unexpected ctx %p instead of %p\n"", smp_processor_id(), GET_PMU_CTX(), ctx); return; } DPRINT((""on CPU%d forcing system wide stop for [%d]\n"", smp_processor_id(), ctx->ctx_task->pid)); local_irq_save(flags); ret = pfm_context_unload(ctx, NULL, 0, regs); if (ret) { DPRINT((""context_unload returned %d\n"", ret)); } local_irq_restore(flags); }",linux-2.6,,,286316725268246310541613157946684466257,0 2632,CWE-125,"PHP_FUNCTION( locale_get_keywords ) { UEnumeration* e = NULL; UErrorCode status = U_ZERO_ERROR; const char* kw_key = NULL; int32_t kw_key_len = 0; const char* loc_name = NULL; int loc_name_len = 0; char* kw_value = NULL; int32_t kw_value_len = 100; intl_error_reset( NULL TSRMLS_CC ); if(zend_parse_parameters( ZEND_NUM_ARGS() TSRMLS_CC, ""s"", &loc_name, &loc_name_len ) == FAILURE) { intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ""locale_get_keywords: unable to parse input params"", 0 TSRMLS_CC ); RETURN_FALSE; } if(loc_name_len == 0) { loc_name = intl_locale_get_default(TSRMLS_C); } e = uloc_openKeywords( loc_name, &status ); if( e != NULL ) { array_init( return_value ); while( ( kw_key = uenum_next( e, &kw_key_len, &status ) ) != NULL ){ kw_value = ecalloc( 1 , kw_value_len ); kw_value_len=uloc_getKeywordValue( loc_name,kw_key, kw_value, kw_value_len , &status ); if (status == U_BUFFER_OVERFLOW_ERROR) { status = U_ZERO_ERROR; kw_value = erealloc( kw_value , kw_value_len+1); kw_value_len=uloc_getKeywordValue( loc_name,kw_key, kw_value, kw_value_len+1 , &status ); } else if(!U_FAILURE(status)) { kw_value = erealloc( kw_value , kw_value_len+1); } if (U_FAILURE(status)) { intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ""locale_get_keywords: Error encountered while getting the keyword value for the keyword"", 0 TSRMLS_CC ); if( kw_value){ efree( kw_value ); } zval_dtor(return_value); RETURN_FALSE; } add_assoc_stringl( return_value, (char *)kw_key, kw_value , kw_value_len, 0); } } uenum_close( e ); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,124873343888239,1 1636,[],"void account_user_time(struct task_struct *p, cputime_t cputime) { struct cpu_usage_stat *cpustat = &kstat_this_cpu.cpustat; cputime64_t tmp; p->utime = cputime_add(p->utime, cputime); tmp = cputime_to_cputime64(cputime); if (TASK_NICE(p) > 0) cpustat->nice = cputime64_add(cpustat->nice, tmp); else cpustat->user = cputime64_add(cpustat->user, tmp); }",linux-2.6,,,32308331025241344400413670774215352671,0 2987,['CWE-189'],"int mif_encode(jas_image_t *image, jas_stream_t *out, char *optstr) { mif_hdr_t *hdr; jas_image_t *tmpimage; int fmt; int cmptno; mif_cmpt_t *cmpt; jas_image_cmptparm_t cmptparm; jas_seq2d_t *data; int_fast32_t x; int_fast32_t y; int bias; hdr = 0; tmpimage = 0; data = 0; if (optstr && *optstr != '\0') { jas_eprintf(""warning: ignoring unsupported options\n""); } if ((fmt = jas_image_strtofmt(""pnm"")) < 0) { jas_eprintf(""error: PNM support required\n""); goto error; } if (!(hdr = mif_makehdrfromimage(image))) { goto error; } if (mif_hdr_put(hdr, out)) { goto error; } for (cmptno = 0; cmptno < hdr->numcmpts; ++cmptno) { cmpt = hdr->cmpts[cmptno]; if (!cmpt->data) { if (!(tmpimage = jas_image_create0())) { goto error; } cmptparm.tlx = 0; cmptparm.tly = 0; cmptparm.hstep = cmpt->sampperx; cmptparm.vstep = cmpt->samppery; cmptparm.width = cmpt->width; cmptparm.height = cmpt->height; cmptparm.prec = cmpt->prec; cmptparm.sgnd = false; if (jas_image_addcmpt(tmpimage, jas_image_numcmpts(tmpimage), &cmptparm)) { goto error; } if (!(data = jas_seq2d_create(0, 0, cmpt->width, cmpt->height))) { goto error; } if (jas_image_readcmpt(image, cmptno, 0, 0, cmpt->width, cmpt->height, data)) { goto error; } if (cmpt->sgnd) { bias = 1 << (cmpt->prec - 1); for (y = 0; y < cmpt->height; ++y) { for (x = 0; x < cmpt->width; ++x) { *jas_seq2d_getref(data, x, y) += bias; } } } if (jas_image_writecmpt(tmpimage, 0, 0, 0, cmpt->width, cmpt->height, data)) { goto error; } jas_seq2d_destroy(data); data = 0; if (jas_image_encode(tmpimage, out, fmt, 0)) { goto error; } jas_image_destroy(tmpimage); tmpimage = 0; } } mif_hdr_destroy(hdr); return 0; error: if (hdr) { mif_hdr_destroy(hdr); } if (tmpimage) { jas_image_destroy(tmpimage); } if (data) { jas_seq2d_destroy(data); } return -1; }",jasper,,,41496702559092102389194675049245346161,0 4877,CWE-415,"const char * util_acl_to_str(const sc_acl_entry_t *e) { static char line[80], buf[20]; unsigned int acl; if (e == NULL) return ""N/A""; line[0] = 0; while (e != NULL) { acl = e->method; switch (acl) { case SC_AC_UNKNOWN: return ""N/A""; case SC_AC_NEVER: return ""NEVR""; case SC_AC_NONE: return ""NONE""; case SC_AC_CHV: strcpy(buf, ""CHV""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""%d"", e->key_ref); break; case SC_AC_TERM: strcpy(buf, ""TERM""); break; case SC_AC_PRO: strcpy(buf, ""PROT""); break; case SC_AC_AUT: strcpy(buf, ""AUTH""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 4, ""%d"", e->key_ref); break; case SC_AC_SEN: strcpy(buf, ""Sec.Env. ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; case SC_AC_SCB: strcpy(buf, ""Sec.ControlByte ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""Ox%X"", e->key_ref); break; case SC_AC_IDA: strcpy(buf, ""PKCS#15 AuthID ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; default: strcpy(buf, ""????""); break; } strcat(line, buf); strcat(line, "" ""); e = e->next; } line[strlen(line)-1] = 0; return line; }",visit repo url,src/tools/util.c,https://github.com/OpenSC/OpenSC,34728816745796,1 6317,['CWE-200'],"tcf_action_dump_1(struct sk_buff *skb, struct tc_action *a, int bind, int ref) { int err = -EINVAL; unsigned char *b = skb->tail; struct rtattr *r; if (a->ops == NULL || a->ops->dump == NULL) return err; RTA_PUT(skb, TCA_KIND, IFNAMSIZ, a->ops->kind); if (tcf_action_copy_stats(skb, a, 0)) goto rtattr_failure; r = (struct rtattr*) skb->tail; RTA_PUT(skb, TCA_OPTIONS, 0, NULL); if ((err = tcf_action_dump_old(skb, a, bind, ref)) > 0) { r->rta_len = skb->tail - (u8*)r; return err; } rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,146562788145941287287272124708026845030,0 3302,CWE-415,"static size_t read_entry( git_index_entry **out, git_index *index, const void *buffer, size_t buffer_size, const char *last) { size_t path_length, entry_size; const char *path_ptr; struct entry_short source; git_index_entry entry = {{0}}; bool compressed = index->version >= INDEX_VERSION_NUMBER_COMP; char *tmp_path = NULL; if (INDEX_FOOTER_SIZE + minimal_entry_size > buffer_size) return 0; memcpy(&source, buffer, sizeof(struct entry_short)); entry.ctime.seconds = (git_time_t)ntohl(source.ctime.seconds); entry.ctime.nanoseconds = ntohl(source.ctime.nanoseconds); entry.mtime.seconds = (git_time_t)ntohl(source.mtime.seconds); entry.mtime.nanoseconds = ntohl(source.mtime.nanoseconds); entry.dev = ntohl(source.dev); entry.ino = ntohl(source.ino); entry.mode = ntohl(source.mode); entry.uid = ntohl(source.uid); entry.gid = ntohl(source.gid); entry.file_size = ntohl(source.file_size); git_oid_cpy(&entry.id, &source.oid); entry.flags = ntohs(source.flags); if (entry.flags & GIT_IDXENTRY_EXTENDED) { uint16_t flags_raw; size_t flags_offset; flags_offset = offsetof(struct entry_long, flags_extended); memcpy(&flags_raw, (const char *) buffer + flags_offset, sizeof(flags_raw)); flags_raw = ntohs(flags_raw); memcpy(&entry.flags_extended, &flags_raw, sizeof(flags_raw)); path_ptr = (const char *) buffer + offsetof(struct entry_long, path); } else path_ptr = (const char *) buffer + offsetof(struct entry_short, path); if (!compressed) { path_length = entry.flags & GIT_IDXENTRY_NAMEMASK; if (path_length == 0xFFF) { const char *path_end; path_end = memchr(path_ptr, '\0', buffer_size); if (path_end == NULL) return 0; path_length = path_end - path_ptr; } entry_size = index_entry_size(path_length, 0, entry.flags); entry.path = (char *)path_ptr; } else { size_t varint_len; size_t strip_len = git_decode_varint((const unsigned char *)path_ptr, &varint_len); size_t last_len = strlen(last); size_t prefix_len = last_len - strip_len; size_t suffix_len = strlen(path_ptr + varint_len); size_t path_len; if (varint_len == 0) return index_error_invalid(""incorrect prefix length""); GITERR_CHECK_ALLOC_ADD(&path_len, prefix_len, suffix_len); GITERR_CHECK_ALLOC_ADD(&path_len, path_len, 1); tmp_path = git__malloc(path_len); GITERR_CHECK_ALLOC(tmp_path); memcpy(tmp_path, last, prefix_len); memcpy(tmp_path + prefix_len, path_ptr + varint_len, suffix_len + 1); entry_size = index_entry_size(suffix_len, varint_len, entry.flags); entry.path = tmp_path; } if (INDEX_FOOTER_SIZE + entry_size > buffer_size) return 0; if (index_entry_dup(out, index, &entry) < 0) { git__free(tmp_path); return 0; } git__free(tmp_path); return entry_size; }",visit repo url,src/index.c,https://github.com/libgit2/libgit2,19048987515406,1 1305,['CWE-119'],"static unsigned char asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc) { unsigned char ch; if (eoc == NULL) { if (!asn1_octet_decode(ctx, &ch)) return 0; if (ch != 0x00) { ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; return 0; } if (!asn1_octet_decode(ctx, &ch)) return 0; if (ch != 0x00) { ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; return 0; } return 1; } else { if (ctx->pointer != eoc) { ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH; return 0; } return 1; } }",linux-2.6,,,90197194174497354309198602654923932366,0 6688,['CWE-200'],"applet_get_active_for_connection (NMApplet *applet, NMConnection *connection) { const GPtrArray *active_list; int i; const char *cpath; NMConnectionScope scope; scope = nm_connection_get_scope (connection); g_return_val_if_fail (scope != NM_CONNECTION_SCOPE_UNKNOWN, NULL); cpath = nm_connection_get_path (connection); g_return_val_if_fail (cpath != NULL, NULL); active_list = nm_client_get_active_connections (applet->nm_client); for (i = 0; active_list && (i < active_list->len); i++) { NMActiveConnection *active = NM_ACTIVE_CONNECTION (g_ptr_array_index (active_list, i)); if ( (nm_active_connection_get_scope (active) == scope) && !strcmp (nm_active_connection_get_connection (active), cpath)) return active; } return NULL; }",network-manager-applet,,,97589427128044847789837257235245735906,0 1712,[],"static noinline void __schedule_bug(struct task_struct *prev) { struct pt_regs *regs = get_irq_regs(); printk(KERN_ERR ""BUG: scheduling while atomic: %s/%d/0x%08x\n"", prev->comm, prev->pid, preempt_count()); debug_show_held_locks(prev); if (irqs_disabled()) print_irqtrace_events(prev); if (regs) show_regs(regs); else dump_stack(); }",linux-2.6,,,103450069401471077887996710168679472500,0 3009,['CWE-189'],"int jp2_validate(jas_stream_t *in) { char buf[JP2_VALIDATELEN]; int i; int n; #if 0 jas_stream_t *tmpstream; jp2_box_t *box; #endif assert(JAS_STREAM_MAXPUTBACK >= JP2_VALIDATELEN); if ((n = jas_stream_read(in, buf, JP2_VALIDATELEN)) < 0) { return -1; } for (i = n - 1; i >= 0; --i) { if (jas_stream_ungetc(in, buf[i]) == EOF) { return -1; } } if (n < JP2_VALIDATELEN) { return -1; } if (((buf[4] << 24) | (buf[5] << 16) | (buf[6] << 8) | buf[7]) != JP2_BOX_JP) { return -1; } return 0; }",jasper,,,223215952828223358109728948083391381367,0 5679,CWE-125,"pthread_mutex_lock(pthread_mutex_t *mutex) { EnterCriticalSection(mutex); return 0; }",visit repo url,include/compat/pthread.h,https://github.com/libressl-portable/portable,171329337362042,1 1875,CWE-416,"static inline struct anon_vma *anon_vma_alloc(void) { struct anon_vma *anon_vma; anon_vma = kmem_cache_alloc(anon_vma_cachep, GFP_KERNEL); if (anon_vma) { atomic_set(&anon_vma->refcount, 1); anon_vma->degree = 1; anon_vma->parent = anon_vma; anon_vma->root = anon_vma; } return anon_vma; }",visit repo url,mm/rmap.c,https://github.com/torvalds/linux,210693093038574,1 3089,CWE-310,"void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { BN_ULONG t1,t2; BN_ULONG c1,c2,c3; c1=0; c2=0; c3=0; mul_add_c(a[0],b[0],c1,c2,c3); r[0]=c1; c1=0; mul_add_c(a[0],b[1],c2,c3,c1); mul_add_c(a[1],b[0],c2,c3,c1); r[1]=c2; c2=0; mul_add_c(a[2],b[0],c3,c1,c2); mul_add_c(a[1],b[1],c3,c1,c2); mul_add_c(a[0],b[2],c3,c1,c2); r[2]=c3; c3=0; mul_add_c(a[0],b[3],c1,c2,c3); mul_add_c(a[1],b[2],c1,c2,c3); mul_add_c(a[2],b[1],c1,c2,c3); mul_add_c(a[3],b[0],c1,c2,c3); r[3]=c1; c1=0; mul_add_c(a[4],b[0],c2,c3,c1); mul_add_c(a[3],b[1],c2,c3,c1); mul_add_c(a[2],b[2],c2,c3,c1); mul_add_c(a[1],b[3],c2,c3,c1); mul_add_c(a[0],b[4],c2,c3,c1); r[4]=c2; c2=0; mul_add_c(a[0],b[5],c3,c1,c2); mul_add_c(a[1],b[4],c3,c1,c2); mul_add_c(a[2],b[3],c3,c1,c2); mul_add_c(a[3],b[2],c3,c1,c2); mul_add_c(a[4],b[1],c3,c1,c2); mul_add_c(a[5],b[0],c3,c1,c2); r[5]=c3; c3=0; mul_add_c(a[6],b[0],c1,c2,c3); mul_add_c(a[5],b[1],c1,c2,c3); mul_add_c(a[4],b[2],c1,c2,c3); mul_add_c(a[3],b[3],c1,c2,c3); mul_add_c(a[2],b[4],c1,c2,c3); mul_add_c(a[1],b[5],c1,c2,c3); mul_add_c(a[0],b[6],c1,c2,c3); r[6]=c1; c1=0; mul_add_c(a[0],b[7],c2,c3,c1); mul_add_c(a[1],b[6],c2,c3,c1); mul_add_c(a[2],b[5],c2,c3,c1); mul_add_c(a[3],b[4],c2,c3,c1); mul_add_c(a[4],b[3],c2,c3,c1); mul_add_c(a[5],b[2],c2,c3,c1); mul_add_c(a[6],b[1],c2,c3,c1); mul_add_c(a[7],b[0],c2,c3,c1); r[7]=c2; c2=0; mul_add_c(a[7],b[1],c3,c1,c2); mul_add_c(a[6],b[2],c3,c1,c2); mul_add_c(a[5],b[3],c3,c1,c2); mul_add_c(a[4],b[4],c3,c1,c2); mul_add_c(a[3],b[5],c3,c1,c2); mul_add_c(a[2],b[6],c3,c1,c2); mul_add_c(a[1],b[7],c3,c1,c2); r[8]=c3; c3=0; mul_add_c(a[2],b[7],c1,c2,c3); mul_add_c(a[3],b[6],c1,c2,c3); mul_add_c(a[4],b[5],c1,c2,c3); mul_add_c(a[5],b[4],c1,c2,c3); mul_add_c(a[6],b[3],c1,c2,c3); mul_add_c(a[7],b[2],c1,c2,c3); r[9]=c1; c1=0; mul_add_c(a[7],b[3],c2,c3,c1); mul_add_c(a[6],b[4],c2,c3,c1); mul_add_c(a[5],b[5],c2,c3,c1); mul_add_c(a[4],b[6],c2,c3,c1); mul_add_c(a[3],b[7],c2,c3,c1); r[10]=c2; c2=0; mul_add_c(a[4],b[7],c3,c1,c2); mul_add_c(a[5],b[6],c3,c1,c2); mul_add_c(a[6],b[5],c3,c1,c2); mul_add_c(a[7],b[4],c3,c1,c2); r[11]=c3; c3=0; mul_add_c(a[7],b[5],c1,c2,c3); mul_add_c(a[6],b[6],c1,c2,c3); mul_add_c(a[5],b[7],c1,c2,c3); r[12]=c1; c1=0; mul_add_c(a[6],b[7],c2,c3,c1); mul_add_c(a[7],b[6],c2,c3,c1); r[13]=c2; c2=0; mul_add_c(a[7],b[7],c3,c1,c2); r[14]=c3; r[15]=c1; }",visit repo url,crypto/bn/asm/x86_64-gcc.c,https://github.com/openssl/openssl,192524277989063,1 4564,['CWE-399'],"static inline ext4_fsblk_t ext4_r_blocks_count(struct ext4_super_block *es) { return ((ext4_fsblk_t)le32_to_cpu(es->s_r_blocks_count_hi) << 32) | le32_to_cpu(es->s_r_blocks_count_lo);",linux-2.6,,,244466443664065710580171593753237324137,0 1621,[],"void sched_exec(void) { int new_cpu, this_cpu = get_cpu(); new_cpu = sched_balance_self(this_cpu, SD_BALANCE_EXEC); put_cpu(); if (new_cpu != this_cpu) sched_migrate_task(current, new_cpu); }",linux-2.6,,,314678349883857839149666133128464535115,0 3304,CWE-190,"static int read_entry( git_index_entry **out, size_t *out_size, git_index *index, const void *buffer, size_t buffer_size, const char *last) { size_t path_length, entry_size; const char *path_ptr; struct entry_short source; git_index_entry entry = {{0}}; bool compressed = index->version >= INDEX_VERSION_NUMBER_COMP; char *tmp_path = NULL; if (INDEX_FOOTER_SIZE + minimal_entry_size > buffer_size) return -1; memcpy(&source, buffer, sizeof(struct entry_short)); entry.ctime.seconds = (git_time_t)ntohl(source.ctime.seconds); entry.ctime.nanoseconds = ntohl(source.ctime.nanoseconds); entry.mtime.seconds = (git_time_t)ntohl(source.mtime.seconds); entry.mtime.nanoseconds = ntohl(source.mtime.nanoseconds); entry.dev = ntohl(source.dev); entry.ino = ntohl(source.ino); entry.mode = ntohl(source.mode); entry.uid = ntohl(source.uid); entry.gid = ntohl(source.gid); entry.file_size = ntohl(source.file_size); git_oid_cpy(&entry.id, &source.oid); entry.flags = ntohs(source.flags); if (entry.flags & GIT_IDXENTRY_EXTENDED) { uint16_t flags_raw; size_t flags_offset; flags_offset = offsetof(struct entry_long, flags_extended); memcpy(&flags_raw, (const char *) buffer + flags_offset, sizeof(flags_raw)); flags_raw = ntohs(flags_raw); memcpy(&entry.flags_extended, &flags_raw, sizeof(flags_raw)); path_ptr = (const char *) buffer + offsetof(struct entry_long, path); } else path_ptr = (const char *) buffer + offsetof(struct entry_short, path); if (!compressed) { path_length = entry.flags & GIT_IDXENTRY_NAMEMASK; if (path_length == 0xFFF) { const char *path_end; path_end = memchr(path_ptr, '\0', buffer_size); if (path_end == NULL) return -1; path_length = path_end - path_ptr; } entry_size = index_entry_size(path_length, 0, entry.flags); entry.path = (char *)path_ptr; } else { size_t varint_len; size_t strip_len = git_decode_varint((const unsigned char *)path_ptr, &varint_len); size_t last_len = strlen(last); size_t prefix_len = last_len - strip_len; size_t suffix_len = strlen(path_ptr + varint_len); size_t path_len; if (varint_len == 0) return index_error_invalid(""incorrect prefix length""); GITERR_CHECK_ALLOC_ADD(&path_len, prefix_len, suffix_len); GITERR_CHECK_ALLOC_ADD(&path_len, path_len, 1); tmp_path = git__malloc(path_len); GITERR_CHECK_ALLOC(tmp_path); memcpy(tmp_path, last, prefix_len); memcpy(tmp_path + prefix_len, path_ptr + varint_len, suffix_len + 1); entry_size = index_entry_size(suffix_len, varint_len, entry.flags); entry.path = tmp_path; } if (entry_size == 0) return -1; if (INDEX_FOOTER_SIZE + entry_size > buffer_size) return -1; if (index_entry_dup(out, index, &entry) < 0) { git__free(tmp_path); return -1; } git__free(tmp_path); *out_size = entry_size; return 0; }",visit repo url,src/index.c,https://github.com/libgit2/libgit2,271068686049237,1 1684,CWE-476,"static void *skcipher_bind(const char *name, u32 type, u32 mask) { return crypto_alloc_skcipher(name, type, mask); }",visit repo url,crypto/algif_skcipher.c,https://github.com/torvalds/linux,46831826408244,1 649,[],"int dccp_disconnect(struct sock *sk, int flags) { struct inet_connection_sock *icsk = inet_csk(sk); struct inet_sock *inet = inet_sk(sk); int err = 0; const int old_state = sk->sk_state; if (old_state != DCCP_CLOSED) dccp_set_state(sk, DCCP_CLOSED); if (old_state == DCCP_LISTEN) { inet_csk_listen_stop(sk); } else if (old_state == DCCP_REQUESTING) sk->sk_err = ECONNRESET; dccp_clear_xmit_timers(sk); __skb_queue_purge(&sk->sk_receive_queue); if (sk->sk_send_head != NULL) { __kfree_skb(sk->sk_send_head); sk->sk_send_head = NULL; } inet->dport = 0; if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) inet_reset_saddr(sk); sk->sk_shutdown = 0; sock_reset_flag(sk, SOCK_DONE); icsk->icsk_backoff = 0; inet_csk_delack_init(sk); __sk_dst_reset(sk); BUG_TRAP(!inet->num || icsk->icsk_bind_hash); sk->sk_error_report(sk); return err; }",linux-2.6,,,143591715656324640288130580856616796342,0 1185,CWE-400,"int handle_unaligned_access(insn_size_t instruction, struct pt_regs *regs, struct mem_access *ma, int expected, unsigned long address) { u_int rm; int ret, index; if (instruction_size(instruction) != 2) return -EINVAL; index = (instruction>>8)&15; rm = regs->regs[index]; if (!expected) { unaligned_fixups_notify(current, instruction, regs); perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, 0, regs, address); } ret = -EFAULT; switch (instruction&0xF000) { case 0x0000: if (instruction==0x000B) { ret = handle_delayslot(regs, instruction, ma); if (ret==0) regs->pc = regs->pr; } else if ((instruction&0x00FF)==0x0023) { ret = handle_delayslot(regs, instruction, ma); if (ret==0) regs->pc += rm + 4; } else if ((instruction&0x00FF)==0x0003) { ret = handle_delayslot(regs, instruction, ma); if (ret==0) { regs->pr = regs->pc + 4; regs->pc += rm + 4; } } else { goto simple; } break; case 0x1000: goto simple; case 0x2000: goto simple; case 0x4000: if ((instruction&0x00FF)==0x002B) { ret = handle_delayslot(regs, instruction, ma); if (ret==0) regs->pc = rm; } else if ((instruction&0x00FF)==0x000B) { ret = handle_delayslot(regs, instruction, ma); if (ret==0) { regs->pr = regs->pc + 4; regs->pc = rm; } } else { goto simple; } break; case 0x5000: goto simple; case 0x6000: goto simple; case 0x8000: switch (instruction&0x0F00) { case 0x0100: goto simple; case 0x0500: goto simple; case 0x0B00: break; case 0x0F00: ret = handle_delayslot(regs, instruction, ma); if (ret==0) { #if defined(CONFIG_CPU_SH4) || defined(CONFIG_SH7705_CACHE_32KB) if ((regs->sr & 0x00000001) != 0) regs->pc += 4; else #endif regs->pc += SH_PC_8BIT_OFFSET(instruction); } break; case 0x0900: break; case 0x0D00: ret = handle_delayslot(regs, instruction, ma); if (ret==0) { #if defined(CONFIG_CPU_SH4) || defined(CONFIG_SH7705_CACHE_32KB) if ((regs->sr & 0x00000001) == 0) regs->pc += 4; else #endif regs->pc += SH_PC_8BIT_OFFSET(instruction); } break; } break; case 0xA000: ret = handle_delayslot(regs, instruction, ma); if (ret==0) regs->pc += SH_PC_12BIT_OFFSET(instruction); break; case 0xB000: ret = handle_delayslot(regs, instruction, ma); if (ret==0) { regs->pr = regs->pc + 4; regs->pc += SH_PC_12BIT_OFFSET(instruction); } break; } return ret; simple: ret = handle_unaligned_ins(instruction, regs, ma); if (ret==0) regs->pc += instruction_size(instruction); return ret; }",visit repo url,arch/sh/kernel/traps_32.c,https://github.com/torvalds/linux,145471527963881,1 6348,['CWE-200'],"static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms) { struct rtattr *nest = NULL; nest = RTA_NEST(skb, NDTA_PARMS); if (parms->dev) RTA_PUT_U32(skb, NDTPA_IFINDEX, parms->dev->ifindex); RTA_PUT_U32(skb, NDTPA_REFCNT, atomic_read(&parms->refcnt)); RTA_PUT_U32(skb, NDTPA_QUEUE_LEN, parms->queue_len); RTA_PUT_U32(skb, NDTPA_PROXY_QLEN, parms->proxy_qlen); RTA_PUT_U32(skb, NDTPA_APP_PROBES, parms->app_probes); RTA_PUT_U32(skb, NDTPA_UCAST_PROBES, parms->ucast_probes); RTA_PUT_U32(skb, NDTPA_MCAST_PROBES, parms->mcast_probes); RTA_PUT_MSECS(skb, NDTPA_REACHABLE_TIME, parms->reachable_time); RTA_PUT_MSECS(skb, NDTPA_BASE_REACHABLE_TIME, parms->base_reachable_time); RTA_PUT_MSECS(skb, NDTPA_GC_STALETIME, parms->gc_staletime); RTA_PUT_MSECS(skb, NDTPA_DELAY_PROBE_TIME, parms->delay_probe_time); RTA_PUT_MSECS(skb, NDTPA_RETRANS_TIME, parms->retrans_time); RTA_PUT_MSECS(skb, NDTPA_ANYCAST_DELAY, parms->anycast_delay); RTA_PUT_MSECS(skb, NDTPA_PROXY_DELAY, parms->proxy_delay); RTA_PUT_MSECS(skb, NDTPA_LOCKTIME, parms->locktime); return RTA_NEST_END(skb, nest); rtattr_failure: return RTA_NEST_CANCEL(skb, nest); }",linux-2.6,,,328598376531578562924438575620783639524,0 1414,[],"static u64 __sched_period(unsigned long nr_running) { u64 period = sysctl_sched_latency; unsigned long nr_latency = sched_nr_latency; if (unlikely(nr_running > nr_latency)) { period = sysctl_sched_min_granularity; period *= nr_running; } return period; }",linux-2.6,,,136613012362039244128574185564729495007,0 4554,CWE-125,"int avi_parse_input_file(avi_t *AVI, int getIndex) { int rate, scale, idx_type; s64 n, i; unsigned char *hdrl_data; u64 header_offset=0; int hdrl_len=0; int nvi, nai[AVI_MAX_TRACKS], ioff; u64 tot[AVI_MAX_TRACKS]; u32 j; int lasttag = 0; int vids_strh_seen = 0; int vids_strf_seen = 0; int auds_strh_seen = 0; int num_stream = 0; char data[256]; s64 oldpos=-1, newpos=-1; int aud_chunks = 0; if (!AVI) { AVI_errno = AVI_ERR_OPEN; return 0; } if (avi_read(AVI->fdes,data,12) != 12 ) ERR_EXIT(AVI_ERR_READ) if (strnicmp(data ,""RIFF"",4) !=0 || strnicmp(data+8,""AVI "",4) !=0 ) ERR_EXIT(AVI_ERR_NO_AVI) hdrl_data = 0; while(1) { if( avi_read(AVI->fdes,data,8) != 8 ) break; newpos = gf_ftell(AVI->fdes); if(oldpos==newpos) { return -1; } oldpos=newpos; n = str2ulong((unsigned char *)data+4); n = PAD_EVEN(n); if(strnicmp(data,""LIST"",4) == 0) { if( avi_read(AVI->fdes,data,4) != 4 ) ERR_EXIT(AVI_ERR_READ) n -= 4; if(strnicmp(data,""hdrl"",4) == 0) { if (n>0xFFFFFFFF) ERR_EXIT(AVI_ERR_READ) hdrl_len = (u32) n; hdrl_data = (unsigned char *) gf_malloc((u32)n); if(hdrl_data==0) ERR_EXIT(AVI_ERR_NO_MEM); header_offset = gf_ftell(AVI->fdes); if( avi_read(AVI->fdes,(char *)hdrl_data, (u32) n) != n ) ERR_EXIT(AVI_ERR_READ) } else if(strnicmp(data,""movi"",4) == 0) { AVI->movi_start = gf_ftell(AVI->fdes); if (gf_fseek(AVI->fdes,n,SEEK_CUR)==(u64)-1) break; } else if (gf_fseek(AVI->fdes,n,SEEK_CUR)==(u64)-1) break; } else if(strnicmp(data,""idx1"",4) == 0) { AVI->n_idx = AVI->max_idx = (u32) (n/16); AVI->idx = (unsigned char((*)[16]) ) gf_malloc((u32)n); if(AVI->idx==0) ERR_EXIT(AVI_ERR_NO_MEM) if(avi_read(AVI->fdes, (char *) AVI->idx, (u32) n) != n ) { gf_free( AVI->idx); AVI->idx=NULL; AVI->n_idx = 0; } } else gf_fseek(AVI->fdes,n,SEEK_CUR); } if(!hdrl_data ) ERR_EXIT(AVI_ERR_NO_HDRL) if(!AVI->movi_start) ERR_EXIT(AVI_ERR_NO_MOVI) for(i=0; ihdrl_len) ERR_EXIT(AVI_ERR_READ) if(strnicmp((char *)hdrl_data+i,""strh"",4)==0) { i += 8; #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] TAG %c%c%c%c\n"", (hdrl_data+i)[0], (hdrl_data+i)[1], (hdrl_data+i)[2], (hdrl_data+i)[3])); #endif if(strnicmp((char *)hdrl_data+i,""vids"",4) == 0 && !vids_strh_seen) { memcpy(AVI->compressor,hdrl_data+i+4,4); AVI->compressor[4] = 0; AVI->v_codech_off = header_offset + i+4; scale = str2ulong(hdrl_data+i+20); rate = str2ulong(hdrl_data+i+24); if(scale!=0) AVI->fps = (double)rate/(double)scale; AVI->video_frames = str2ulong(hdrl_data+i+32); AVI->video_strn = num_stream; AVI->max_len = 0; vids_strh_seen = 1; lasttag = 1; memcpy(&AVI->video_stream_header, hdrl_data + i, sizeof(alAVISTREAMHEADER)); } else if (strnicmp ((char *)hdrl_data+i,""auds"",4) ==0 && ! auds_strh_seen) { AVI->aptr=AVI->anum; ++AVI->anum; if(AVI->anum > AVI_MAX_TRACKS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] error - only %d audio tracks supported\n"", AVI_MAX_TRACKS)); return(-1); } AVI->track[AVI->aptr].audio_bytes = str2ulong(hdrl_data+i+32)*avi_sampsize(AVI, 0); AVI->track[AVI->aptr].audio_strn = num_stream; AVI->track[AVI->aptr].a_vbr = !str2ulong(hdrl_data+i+44); AVI->track[AVI->aptr].padrate = str2ulong(hdrl_data+i+24); memcpy(&AVI->stream_headers[AVI->aptr], hdrl_data + i, sizeof(alAVISTREAMHEADER)); lasttag = 2; AVI->track[AVI->aptr].a_codech_off = header_offset + i; } else if (strnicmp ((char*)hdrl_data+i,""iavs"",4) ==0 && ! auds_strh_seen) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] AVILIB: error - DV AVI Type 1 no supported\n"")); return (-1); } else lasttag = 0; num_stream++; } else if(strnicmp((char*)hdrl_data+i,""dmlh"",4) == 0) { AVI->total_frames = str2ulong(hdrl_data+i+8); #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] real number of frames %d\n"", AVI->total_frames)); #endif i += 8; } else if(strnicmp((char *)hdrl_data+i,""strf"",4)==0) { i += 8; if(lasttag == 1) { alBITMAPINFOHEADER bih; memcpy(&bih, hdrl_data + i, sizeof(alBITMAPINFOHEADER)); AVI->bitmap_info_header = (alBITMAPINFOHEADER *) gf_malloc(str2ulong((unsigned char *)&bih.bi_size)); if (AVI->bitmap_info_header != NULL) memcpy(AVI->bitmap_info_header, hdrl_data + i, str2ulong((unsigned char *)&bih.bi_size)); AVI->width = str2ulong(hdrl_data+i+4); AVI->height = str2ulong(hdrl_data+i+8); vids_strf_seen = 1; AVI->v_codecf_off = header_offset + i+16; memcpy(AVI->compressor2, hdrl_data+i+16, 4); AVI->compressor2[4] = 0; if (n>40) { if (n>0xFFFFFFFF) ERR_EXIT(AVI_ERR_READ) AVI->extradata_size = (u32) (n - 40); AVI->extradata = gf_malloc(sizeof(u8)* AVI->extradata_size); if (!AVI->extradata) ERR_EXIT(AVI_ERR_NO_MEM) memcpy(AVI->extradata, hdrl_data + i + 40, AVI->extradata_size); } } else if(lasttag == 2) { alWAVEFORMATEX *wfe; char *nwfe; int wfes; if ((u32) (hdrl_len - i) < sizeof(alWAVEFORMATEX)) wfes = (int) (hdrl_len - i); else wfes = sizeof(alWAVEFORMATEX); wfe = (alWAVEFORMATEX *)gf_malloc(sizeof(alWAVEFORMATEX)); if (wfe != NULL) { memset(wfe, 0, sizeof(alWAVEFORMATEX)); memcpy(wfe, hdrl_data + i, wfes); if (str2ushort((unsigned char *)&wfe->cb_size) != 0) { nwfe = (char *) gf_realloc(wfe, sizeof(alWAVEFORMATEX) + str2ushort((unsigned char *)&wfe->cb_size)); if (nwfe != 0) { s64 lpos = gf_ftell(AVI->fdes); gf_fseek(AVI->fdes, header_offset + i + sizeof(alWAVEFORMATEX), SEEK_SET); wfe = (alWAVEFORMATEX *)nwfe; nwfe = &nwfe[sizeof(alWAVEFORMATEX)]; avi_read(AVI->fdes, nwfe, str2ushort((unsigned char *)&wfe->cb_size)); gf_fseek(AVI->fdes, lpos, SEEK_SET); } } AVI->wave_format_ex[AVI->aptr] = wfe; } AVI->track[AVI->aptr].a_fmt = str2ushort(hdrl_data+i ); AVI->track[AVI->aptr].a_codecf_off = header_offset + i; AVI->track[AVI->aptr].a_chans = str2ushort(hdrl_data+i+2); AVI->track[AVI->aptr].a_rate = str2ulong (hdrl_data+i+4); AVI->track[AVI->aptr].mp3rate = 8*str2ulong(hdrl_data+i+8)/1000; AVI->track[AVI->aptr].a_bits = str2ushort(hdrl_data+i+14); } } else if(strnicmp((char*)hdrl_data+i,""indx"",4) == 0) { char *a; if(lasttag == 1) { a = (char*)hdrl_data+i; AVI->video_superindex = (avisuperindex_chunk *) gf_malloc (sizeof (avisuperindex_chunk)); memset(AVI->video_superindex, 0, sizeof (avisuperindex_chunk)); memcpy (AVI->video_superindex->fcc, a, 4); a += 4; AVI->video_superindex->dwSize = str2ulong((unsigned char *)a); a += 4; AVI->video_superindex->wLongsPerEntry = str2ushort((unsigned char *)a); a += 2; AVI->video_superindex->bIndexSubType = *a; a += 1; AVI->video_superindex->bIndexType = *a; a += 1; AVI->video_superindex->nEntriesInUse = str2ulong((unsigned char *)a); a += 4; memcpy (AVI->video_superindex->dwChunkId, a, 4); a += 4; a += 4; a += 4; a += 4; if (AVI->video_superindex->bIndexSubType != 0) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] Invalid Header, bIndexSubType != 0\n"")); } AVI->video_superindex->aIndex = (avisuperindex_entry*) gf_malloc (AVI->video_superindex->wLongsPerEntry * AVI->video_superindex->nEntriesInUse * sizeof (u32)); for (j=0; jvideo_superindex->nEntriesInUse; ++j) { AVI->video_superindex->aIndex[j].qwOffset = str2ullong ((unsigned char*)a); a += 8; AVI->video_superindex->aIndex[j].dwSize = str2ulong ((unsigned char*)a); a += 4; AVI->video_superindex->aIndex[j].dwDuration = str2ulong ((unsigned char*)a); a += 4; #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] [%d] 0x%llx 0x%lx %lu\n"", j, (unsigned int long)AVI->video_superindex->aIndex[j].qwOffset, (unsigned long)AVI->video_superindex->aIndex[j].dwSize, (unsigned long)AVI->video_superindex->aIndex[j].dwDuration)); #endif } #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] FOURCC \""%c%c%c%c\""\n"", AVI->video_superindex->fcc[0], AVI->video_superindex->fcc[1], AVI->video_superindex->fcc[2], AVI->video_superindex->fcc[3])); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] LEN \""%ld\""\n"", (long)AVI->video_superindex->dwSize)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] wLongsPerEntry \""%d\""\n"", AVI->video_superindex->wLongsPerEntry)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] bIndexSubType \""%d\""\n"", AVI->video_superindex->bIndexSubType)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] bIndexType \""%d\""\n"", AVI->video_superindex->bIndexType)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] nEntriesInUse \""%ld\""\n"", (long)AVI->video_superindex->nEntriesInUse)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] dwChunkId \""%c%c%c%c\""\n"", AVI->video_superindex->dwChunkId[0], AVI->video_superindex->dwChunkId[1], AVI->video_superindex->dwChunkId[2], AVI->video_superindex->dwChunkId[3])); #endif AVI->is_opendml = 1; } else if(lasttag == 2) { a = (char*) hdrl_data+i; AVI->track[AVI->aptr].audio_superindex = (avisuperindex_chunk *) gf_malloc (sizeof (avisuperindex_chunk)); memcpy (AVI->track[AVI->aptr].audio_superindex->fcc, a, 4); a += 4; AVI->track[AVI->aptr].audio_superindex->dwSize = str2ulong((unsigned char*)a); a += 4; AVI->track[AVI->aptr].audio_superindex->wLongsPerEntry = str2ushort((unsigned char*)a); a += 2; AVI->track[AVI->aptr].audio_superindex->bIndexSubType = *a; a += 1; AVI->track[AVI->aptr].audio_superindex->bIndexType = *a; a += 1; AVI->track[AVI->aptr].audio_superindex->nEntriesInUse = str2ulong((unsigned char*)a); a += 4; memcpy (AVI->track[AVI->aptr].audio_superindex->dwChunkId, a, 4); a += 4; a += 4; a += 4; a += 4; if (AVI->track[AVI->aptr].audio_superindex->bIndexSubType != 0) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] Invalid Header, bIndexSubType != 0\n"")); } AVI->track[AVI->aptr].audio_superindex->aIndex = (avisuperindex_entry*) gf_malloc (AVI->track[AVI->aptr].audio_superindex->wLongsPerEntry * AVI->track[AVI->aptr].audio_superindex->nEntriesInUse * sizeof (u32)); for (j=0; jtrack[AVI->aptr].audio_superindex->nEntriesInUse; ++j) { AVI->track[AVI->aptr].audio_superindex->aIndex[j].qwOffset = str2ullong ((unsigned char*)a); a += 8; AVI->track[AVI->aptr].audio_superindex->aIndex[j].dwSize = str2ulong ((unsigned char*)a); a += 4; AVI->track[AVI->aptr].audio_superindex->aIndex[j].dwDuration = str2ulong ((unsigned char*)a); a += 4; #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] [%d] 0x%llx 0x%lx %lu\n"", j, (unsigned int long)AVI->track[AVI->aptr].audio_superindex->aIndex[j].qwOffset, (unsigned long)AVI->track[AVI->aptr].audio_superindex->aIndex[j].dwSize, (unsigned long)AVI->track[AVI->aptr].audio_superindex->aIndex[j].dwDuration)); #endif } AVI->track[AVI->aptr].audio_superindex->stdindex = NULL; #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] FOURCC \""%.4s\""\n"", AVI->track[AVI->aptr].audio_superindex->fcc)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] LEN \""%ld\""\n"", (long)AVI->track[AVI->aptr].audio_superindex->dwSize)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] wLongsPerEntry \""%d\""\n"", AVI->track[AVI->aptr].audio_superindex->wLongsPerEntry)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] bIndexSubType \""%d\""\n"", AVI->track[AVI->aptr].audio_superindex->bIndexSubType)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] bIndexType \""%d\""\n"", AVI->track[AVI->aptr].audio_superindex->bIndexType)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] nEntriesInUse \""%ld\""\n"", (long)AVI->track[AVI->aptr].audio_superindex->nEntriesInUse)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] dwChunkId \""%.4s\""\n"", AVI->track[AVI->aptr].audio_superindex->dwChunkId[0])); #endif } i += 8; } else if((strnicmp((char*)hdrl_data+i,""JUNK"",4) == 0) || (strnicmp((char*)hdrl_data+i,""strn"",4) == 0) || (strnicmp((char*)hdrl_data+i,""vprp"",4) == 0)) { i += 8; } else { i += 8; lasttag = 0; } i += (u32) n; } gf_free(hdrl_data); if(!vids_strh_seen || !vids_strf_seen) ERR_EXIT(AVI_ERR_NO_VIDS) AVI->video_tag[0] = AVI->video_strn/10 + '0'; AVI->video_tag[1] = AVI->video_strn%10 + '0'; AVI->video_tag[2] = 'd'; AVI->video_tag[3] = 'b'; if(!AVI->track[0].a_chans) AVI->track[0].audio_strn = 99; { int tk=0; for(j=0; janum+1; ++j) { if (j == AVI->video_strn) continue; AVI->track[tk].audio_tag[0] = j/10 + '0'; AVI->track[tk].audio_tag[1] = j%10 + '0'; AVI->track[tk].audio_tag[2] = 'w'; AVI->track[tk].audio_tag[3] = 'b'; ++tk; } } gf_fseek(AVI->fdes,AVI->movi_start,SEEK_SET); if(!getIndex) return(0); idx_type = 0; if(AVI->idx) { s64 pos, len; for(i=0; in_idx; i++) if( strnicmp((char *)AVI->idx[i],(char *)AVI->video_tag,3)==0 ) break; if(i>=AVI->n_idx) ERR_EXIT(AVI_ERR_NO_VIDS) pos = str2ulong(AVI->idx[i]+ 8); len = str2ulong(AVI->idx[i]+12); gf_fseek(AVI->fdes,pos,SEEK_SET); if(avi_read(AVI->fdes,data,8)!=8) ERR_EXIT(AVI_ERR_READ) if( strnicmp(data,(char *)AVI->idx[i],4)==0 && str2ulong((unsigned char *)data+4)==len ) { idx_type = 1; } else { gf_fseek(AVI->fdes,pos+AVI->movi_start-4,SEEK_SET); if(avi_read(AVI->fdes,data,8)!=8) ERR_EXIT(AVI_ERR_READ) if( strnicmp(data,(char *)AVI->idx[i],4)==0 && str2ulong((unsigned char *)data+4)==len ) { idx_type = 2; } } } if(idx_type == 0 && !AVI->is_opendml && !AVI->total_frames) { gf_fseek(AVI->fdes, AVI->movi_start, SEEK_SET); AVI->n_idx = 0; while(1) { if( avi_read(AVI->fdes,data,8) != 8 ) break; n = str2ulong((unsigned char *)data+4); if(strnicmp(data,""LIST"",4)==0) { gf_fseek(AVI->fdes,4,SEEK_CUR); continue; } if( ( (data[2]=='d' || data[2]=='D') && (data[3]=='b' || data[3]=='B' || data[3]=='c' || data[3]=='C') ) || ( (data[2]=='w' || data[2]=='W') && (data[3]=='b' || data[3]=='B') ) ) { u64 __pos = gf_ftell(AVI->fdes) - 8; avi_add_index_entry(AVI,(unsigned char *)data,0,__pos,n); } gf_fseek(AVI->fdes,PAD_EVEN(n),SEEK_CUR); } idx_type = 1; } if (AVI->is_opendml) { u64 offset = 0; hdrl_len = 4+4+2+1+1+4+4+8+4; char *en, *chunk_start; int k = 0; u32 audtr = 0; u32 nrEntries = 0; AVI->video_index = NULL; nvi = 0; for(audtr=0; audtranum; ++audtr) { nai[audtr] = 0; tot[audtr] = 0; } for (j=0; jvideo_superindex->nEntriesInUse; j++) { chunk_start = en = (char*) gf_malloc ((u32) (AVI->video_superindex->aIndex[j].dwSize+hdrl_len) ); if (gf_fseek(AVI->fdes, AVI->video_superindex->aIndex[j].qwOffset, SEEK_SET) == (u64)-1) { gf_free(chunk_start); continue; } if (avi_read(AVI->fdes, en, (u32) (AVI->video_superindex->aIndex[j].dwSize+hdrl_len) ) <= 0) { gf_free(chunk_start); continue; } nrEntries = str2ulong((unsigned char*)en + 12); #ifdef DEBUG_ODML #endif offset = str2ullong((unsigned char*)en + 20); en += hdrl_len; nvi += nrEntries; AVI->video_index = (video_index_entry *) gf_realloc (AVI->video_index, nvi * sizeof (video_index_entry)); if (!AVI->video_index) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] out of mem (size = %ld)\n"", nvi * sizeof (video_index_entry))); exit(1); } while (k < nvi) { AVI->video_index[k].pos = offset + str2ulong((unsigned char*)en); en += 4; AVI->video_index[k].len = str2ulong_len((unsigned char*)en); AVI->video_index[k].key = str2ulong_key((unsigned char*)en); en += 4; if (AVI->video_index[k].pos-offset == 0 && AVI->video_index[k].len == 0) { k--; nvi--; } #ifdef DEBUG_ODML #endif k++; } gf_free(chunk_start); } AVI->video_frames = nvi; if (AVI->video_frames == 0) { AVI->is_opendml=0; goto multiple_riff; } for(audtr=0; audtranum; ++audtr) { k = 0; if (!AVI->track[audtr].audio_superindex) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] (%s) cannot read audio index for track %d\n"", __FILE__, audtr)); continue; } for (j=0; jtrack[audtr].audio_superindex->nEntriesInUse; j++) { chunk_start = en = (char*)gf_malloc ((u32) (AVI->track[audtr].audio_superindex->aIndex[j].dwSize+hdrl_len)); if (gf_fseek(AVI->fdes, AVI->track[audtr].audio_superindex->aIndex[j].qwOffset, SEEK_SET) == (u64)-1) { gf_free(chunk_start); continue; } if (avi_read(AVI->fdes, en, (u32) (AVI->track[audtr].audio_superindex->aIndex[j].dwSize+hdrl_len)) <= 0) { gf_free(chunk_start); continue; } nrEntries = str2ulong((unsigned char*)en + 12); #ifdef DEBUG_ODML #endif offset = str2ullong((unsigned char*)en + 20); en += hdrl_len; nai[audtr] += nrEntries; AVI->track[audtr].audio_index = (audio_index_entry *) gf_realloc (AVI->track[audtr].audio_index, nai[audtr] * sizeof (audio_index_entry)); while (k < nai[audtr]) { AVI->track[audtr].audio_index[k].pos = offset + str2ulong((unsigned char*)en); en += 4; AVI->track[audtr].audio_index[k].len = str2ulong_len((unsigned char*)en); en += 4; AVI->track[audtr].audio_index[k].tot = tot[audtr]; tot[audtr] += AVI->track[audtr].audio_index[k].len; #ifdef DEBUG_ODML #endif ++k; } gf_free(chunk_start); } AVI->track[audtr].audio_chunks = nai[audtr]; AVI->track[audtr].audio_bytes = tot[audtr]; } } else if (AVI->total_frames && !AVI->is_opendml && idx_type==0) { multiple_riff: gf_fseek(AVI->fdes, AVI->movi_start, SEEK_SET); AVI->n_idx = 0; GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] Reconstructing index..."")); nvi = AVI->video_frames = AVI->total_frames; nai[0] = AVI->track[0].audio_chunks = AVI->total_frames; for(j=1; janum; ++j) AVI->track[j].audio_chunks = 0; AVI->video_index = (video_index_entry *) gf_malloc(nvi*sizeof(video_index_entry)); if(AVI->video_index==0) ERR_EXIT(AVI_ERR_NO_MEM); for(j=0; janum; ++j) { if(AVI->track[j].audio_chunks) { AVI->track[j].audio_index = (audio_index_entry *) gf_malloc((nai[j]+1)*sizeof(audio_index_entry)); memset(AVI->track[j].audio_index, 0, (nai[j]+1)*(sizeof(audio_index_entry))); if(AVI->track[j].audio_index==0) ERR_EXIT(AVI_ERR_NO_MEM); } } nvi = 0; for(j=0; janum; ++j) { nai[j] = 0; tot[j] = 0; } aud_chunks = AVI->total_frames; while(1) { if (nvi >= AVI->total_frames) break; if( avi_read(AVI->fdes,data,8) != 8 ) break; n = str2ulong((unsigned char *)data+4); j=0; if (aud_chunks - nai[j] -1 <= 0) { aud_chunks += AVI->total_frames; AVI->track[j].audio_index = (audio_index_entry *) gf_realloc( AVI->track[j].audio_index, (aud_chunks+1)*sizeof(audio_index_entry)); if (!AVI->track[j].audio_index) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] Internal error in avilib -- no mem\n"")); AVI_errno = AVI_ERR_NO_MEM; return -1; } } if( (data[0]=='0' || data[1]=='0') && (data[2]=='d' || data[2]=='D') && (data[3]=='b' || data[3]=='B' || data[3]=='c' || data[3]=='C') ) { AVI->video_index[nvi].key = 0x0; AVI->video_index[nvi].pos = gf_ftell(AVI->fdes); AVI->video_index[nvi].len = (u32) n; nvi++; gf_fseek(AVI->fdes,PAD_EVEN(n),SEEK_CUR); } else if( (data[0]=='0' || data[1]=='1') && (data[2]=='w' || data[2]=='W') && (data[3]=='b' || data[3]=='B') ) { AVI->track[j].audio_index[nai[j]].pos = gf_ftell(AVI->fdes); AVI->track[j].audio_index[nai[j]].len = (u32) n; AVI->track[j].audio_index[nai[j]].tot = tot[j]; tot[j] += AVI->track[j].audio_index[nai[j]].len; nai[j]++; gf_fseek(AVI->fdes,PAD_EVEN(n),SEEK_CUR); } else { gf_fseek(AVI->fdes,-4,SEEK_CUR); } } if (nvi < AVI->total_frames) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[avilib] Uh? Some frames seems missing (%ld/%d)\n"", nvi, AVI->total_frames)); } AVI->video_frames = nvi; AVI->track[0].audio_chunks = nai[0]; for(j=0; janum; ++j) AVI->track[j].audio_bytes = tot[j]; GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] done. nvi=%ld nai=%ld tot=%ld\n"", nvi, nai[0], tot[0])); } else { nvi = 0; for(j=0; janum; ++j) nai[j] = 0; for(i=0; in_idx; i++) { if(strnicmp((char *)AVI->idx[i],AVI->video_tag,3) == 0) nvi++; for(j=0; janum; ++j) if(strnicmp((char *)AVI->idx[i], AVI->track[j].audio_tag,4) == 0) nai[j]++; } AVI->video_frames = nvi; for(j=0; janum; ++j) AVI->track[j].audio_chunks = nai[j]; if(AVI->video_frames==0) ERR_EXIT(AVI_ERR_NO_VIDS); AVI->video_index = (video_index_entry *) gf_malloc(nvi*sizeof(video_index_entry)); if(AVI->video_index==0) ERR_EXIT(AVI_ERR_NO_MEM); for(j=0; janum; ++j) { if(AVI->track[j].audio_chunks) { AVI->track[j].audio_index = (audio_index_entry *) gf_malloc((nai[j]+1)*sizeof(audio_index_entry)); memset(AVI->track[j].audio_index, 0, (nai[j]+1)*(sizeof(audio_index_entry))); if(AVI->track[j].audio_index==0) ERR_EXIT(AVI_ERR_NO_MEM); } } nvi = 0; for(j=0; janum; ++j) { nai[j] = 0; tot[j] = 0; } ioff = idx_type == 1 ? 8 : (u32)AVI->movi_start+4; for(i=0; in_idx; i++) { if(strnicmp((char *)AVI->idx[i],AVI->video_tag,3) == 0) { AVI->video_index[nvi].key = str2ulong(AVI->idx[i]+ 4); AVI->video_index[nvi].pos = str2ulong(AVI->idx[i]+ 8)+ioff; AVI->video_index[nvi].len = str2ulong(AVI->idx[i]+12); nvi++; } for(j=0; janum; ++j) { if(strnicmp((char *)AVI->idx[i],AVI->track[j].audio_tag,4) == 0) { AVI->track[j].audio_index[nai[j]].pos = str2ulong(AVI->idx[i]+ 8)+ioff; AVI->track[j].audio_index[nai[j]].len = str2ulong(AVI->idx[i]+12); AVI->track[j].audio_index[nai[j]].tot = tot[j]; tot[j] += AVI->track[j].audio_index[nai[j]].len; nai[j]++; } } } for(j=0; janum; ++j) AVI->track[j].audio_bytes = tot[j]; } gf_fseek(AVI->fdes,AVI->movi_start,SEEK_SET); AVI->video_pos = 0; return(0); }",visit repo url,src/media_tools/avilib.c,https://github.com/gpac/gpac,131808820087149,1 2587,CWE-200,"openvpn_decrypt (struct buffer *buf, struct buffer work, const struct crypto_options *opt, const struct frame* frame) { static const char error_prefix[] = ""Authenticate/Decrypt packet error""; struct gc_arena gc; gc_init (&gc); if (buf->len > 0 && opt->key_ctx_bi) { struct key_ctx *ctx = &opt->key_ctx_bi->decrypt; struct packet_id_net pin; bool have_pin = false; if (ctx->hmac) { int hmac_len; uint8_t local_hmac[MAX_HMAC_KEY_LENGTH]; hmac_ctx_reset(ctx->hmac); hmac_len = hmac_ctx_size (ctx->hmac); if (buf->len < hmac_len) CRYPT_ERROR (""missing authentication info""); hmac_ctx_update (ctx->hmac, BPTR (buf) + hmac_len, BLEN (buf) - hmac_len); hmac_ctx_final (ctx->hmac, local_hmac); if (memcmp (local_hmac, BPTR (buf), hmac_len)) CRYPT_ERROR (""packet HMAC authentication failed""); ASSERT (buf_advance (buf, hmac_len)); } if (ctx->cipher) { const unsigned int mode = cipher_ctx_mode (ctx->cipher); const int iv_size = cipher_ctx_iv_length (ctx->cipher); uint8_t iv_buf[OPENVPN_MAX_IV_LENGTH]; int outlen; ASSERT (buf_init (&work, FRAME_HEADROOM_ADJ (frame, FRAME_HEADROOM_MARKER_DECRYPT))); CLEAR (iv_buf); if (opt->flags & CO_USE_IV) { if (buf->len < iv_size) CRYPT_ERROR (""missing IV info""); memcpy (iv_buf, BPTR (buf), iv_size); ASSERT (buf_advance (buf, iv_size)); } if (opt->flags & CO_USE_IV) dmsg (D_PACKET_CONTENT, ""DECRYPT IV: %s"", format_hex (iv_buf, iv_size, 0, &gc)); if (buf->len < 1) CRYPT_ERROR (""missing payload""); if (!cipher_ctx_reset (ctx->cipher, iv_buf)) CRYPT_ERROR (""cipher init failed""); if (!buf_safe (&work, buf->len)) CRYPT_ERROR (""buffer overflow""); if (!cipher_ctx_update (ctx->cipher, BPTR (&work), &outlen, BPTR (buf), BLEN (buf))) CRYPT_ERROR (""cipher update failed""); work.len += outlen; if (!cipher_ctx_final (ctx->cipher, BPTR (&work) + outlen, &outlen)) CRYPT_ERROR (""cipher final failed""); work.len += outlen; dmsg (D_PACKET_CONTENT, ""DECRYPT TO: %s"", format_hex (BPTR (&work), BLEN (&work), 80, &gc)); { if (mode == OPENVPN_MODE_CBC) { if (opt->packet_id) { if (!packet_id_read (&pin, &work, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM))) CRYPT_ERROR (""error reading CBC packet-id""); have_pin = true; } } else if (mode == OPENVPN_MODE_CFB || mode == OPENVPN_MODE_OFB) { struct buffer b; ASSERT (opt->flags & CO_USE_IV); ASSERT (opt->packet_id); buf_set_read (&b, iv_buf, iv_size); if (!packet_id_read (&pin, &b, true)) CRYPT_ERROR (""error reading CFB/OFB packet-id""); have_pin = true; } else { ASSERT (0); } } } else { work = *buf; if (opt->packet_id) { if (!packet_id_read (&pin, &work, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM))) CRYPT_ERROR (""error reading packet-id""); have_pin = !BOOL_CAST (opt->flags & CO_IGNORE_PACKET_ID); } } if (have_pin) { packet_id_reap_test (&opt->packet_id->rec); if (packet_id_test (&opt->packet_id->rec, &pin)) { packet_id_add (&opt->packet_id->rec, &pin); if (opt->pid_persist && (opt->flags & CO_PACKET_ID_LONG_FORM)) packet_id_persist_save_obj (opt->pid_persist, opt->packet_id); } else { if (!(opt->flags & CO_MUTE_REPLAY_WARNINGS)) msg (D_REPLAY_ERRORS, ""%s: bad packet ID (may be a replay): %s -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings"", error_prefix, packet_id_net_print (&pin, true, &gc)); goto error_exit; } } *buf = work; } gc_free (&gc); return true; error_exit: crypto_clear_error(); buf->len = 0; gc_free (&gc); return false; }",visit repo url,src/openvpn/crypto.c,https://github.com/OpenVPN/openvpn,85455537690604,1 4688,['CWE-399'],"void ext4_truncate(struct inode *inode) { handle_t *handle; struct ext4_inode_info *ei = EXT4_I(inode); __le32 *i_data = ei->i_data; int addr_per_block = EXT4_ADDR_PER_BLOCK(inode->i_sb); struct address_space *mapping = inode->i_mapping; ext4_lblk_t offsets[4]; Indirect chain[4]; Indirect *partial; __le32 nr = 0; int n; ext4_lblk_t last_block; unsigned blocksize = inode->i_sb->s_blocksize; if (!ext4_can_truncate(inode)) return; if (EXT4_I(inode)->i_flags & EXT4_EXTENTS_FL) { ext4_ext_truncate(inode); return; } handle = start_transaction(inode); if (IS_ERR(handle)) return; last_block = (inode->i_size + blocksize-1) >> EXT4_BLOCK_SIZE_BITS(inode->i_sb); if (inode->i_size & (blocksize - 1)) if (ext4_block_truncate_page(handle, mapping, inode->i_size)) goto out_stop; n = ext4_block_to_path(inode, last_block, offsets, NULL); if (n == 0) goto out_stop; if (ext4_orphan_add(handle, inode)) goto out_stop; down_write(&ei->i_data_sem); ext4_discard_preallocations(inode); ei->i_disksize = inode->i_size; if (n == 1) { ext4_free_data(handle, inode, NULL, i_data+offsets[0], i_data + EXT4_NDIR_BLOCKS); goto do_indirects; } partial = ext4_find_shared(inode, n, offsets, chain, &nr); if (nr) { if (partial == chain) { ext4_free_branches(handle, inode, NULL, &nr, &nr+1, (chain+n-1) - partial); *partial->p = 0; } else { BUFFER_TRACE(partial->bh, ""get_write_access""); ext4_free_branches(handle, inode, partial->bh, partial->p, partial->p+1, (chain+n-1) - partial); } } while (partial > chain) { ext4_free_branches(handle, inode, partial->bh, partial->p + 1, (__le32*)partial->bh->b_data+addr_per_block, (chain+n-1) - partial); BUFFER_TRACE(partial->bh, ""call brelse""); brelse (partial->bh); partial--; } do_indirects: switch (offsets[0]) { default: nr = i_data[EXT4_IND_BLOCK]; if (nr) { ext4_free_branches(handle, inode, NULL, &nr, &nr+1, 1); i_data[EXT4_IND_BLOCK] = 0; } case EXT4_IND_BLOCK: nr = i_data[EXT4_DIND_BLOCK]; if (nr) { ext4_free_branches(handle, inode, NULL, &nr, &nr+1, 2); i_data[EXT4_DIND_BLOCK] = 0; } case EXT4_DIND_BLOCK: nr = i_data[EXT4_TIND_BLOCK]; if (nr) { ext4_free_branches(handle, inode, NULL, &nr, &nr+1, 3); i_data[EXT4_TIND_BLOCK] = 0; } case EXT4_TIND_BLOCK: ; } up_write(&ei->i_data_sem); inode->i_mtime = inode->i_ctime = ext4_current_time(inode); ext4_mark_inode_dirty(handle, inode); if (IS_SYNC(inode)) ext4_handle_sync(handle); out_stop: if (inode->i_nlink) ext4_orphan_del(handle, inode); ext4_journal_stop(handle); }",linux-2.6,,,156852177526966220741109830177108766008,0 3351,[],"static inline int nla_padlen(int payload) { return nla_total_size(payload) - nla_attr_size(payload); }",linux-2.6,,,256466059802339090217908330356958784847,0 4073,CWE-125,"static size_t consume_init_expr (ut8 *buf, ut8 *max, ut8 eoc, void *out, ut32 *offset) { ut32 i = 0; while (buf + i < max && buf[i] != eoc) { i += 1; } if (buf[i] != eoc) { return 0; } if (offset) { *offset += i + 1; } return i + 1; }",visit repo url,libr/bin/format/wasm/wasm.c,https://github.com/radare/radare2,223080758665453,1 1427,CWE-399,"static int shmem_remount_fs(struct super_block *sb, int *flags, char *data) { struct shmem_sb_info *sbinfo = SHMEM_SB(sb); struct shmem_sb_info config = *sbinfo; unsigned long inodes; int error = -EINVAL; if (shmem_parse_options(data, &config, true)) return error; spin_lock(&sbinfo->stat_lock); inodes = sbinfo->max_inodes - sbinfo->free_inodes; if (percpu_counter_compare(&sbinfo->used_blocks, config.max_blocks) > 0) goto out; if (config.max_inodes < inodes) goto out; if (config.max_blocks && !sbinfo->max_blocks) goto out; if (config.max_inodes && !sbinfo->max_inodes) goto out; error = 0; sbinfo->max_blocks = config.max_blocks; sbinfo->max_inodes = config.max_inodes; sbinfo->free_inodes = config.max_inodes - inodes; mpol_put(sbinfo->mpol); sbinfo->mpol = config.mpol; out: spin_unlock(&sbinfo->stat_lock); return error; }",visit repo url,mm/shmem.c,https://github.com/torvalds/linux,267498373193322,1 3044,CWE-189,"parse_tsquery(char *buf, PushFunction pushval, Datum opaque, bool isplain) { struct TSQueryParserStateData state; int i; TSQuery query; int commonlen; QueryItem *ptr; ListCell *cell; state.buffer = buf; state.buf = buf; state.state = (isplain) ? WAITSINGLEOPERAND : WAITFIRSTOPERAND; state.count = 0; state.polstr = NIL; state.valstate = init_tsvector_parser(state.buffer, true, true); state.sumlen = 0; state.lenop = 64; state.curop = state.op = (char *) palloc(state.lenop); *(state.curop) = '\0'; makepol(&state, pushval, opaque); close_tsvector_parser(state.valstate); if (list_length(state.polstr) == 0) { ereport(NOTICE, (errmsg(""text-search query doesn't contain lexemes: \""%s\"""", state.buffer))); query = (TSQuery) palloc(HDRSIZETQ); SET_VARSIZE(query, HDRSIZETQ); query->size = 0; return query; } commonlen = COMPUTESIZE(list_length(state.polstr), state.sumlen); query = (TSQuery) palloc0(commonlen); SET_VARSIZE(query, commonlen); query->size = list_length(state.polstr); ptr = GETQUERY(query); i = 0; foreach(cell, state.polstr) { QueryItem *item = (QueryItem *) lfirst(cell); switch (item->type) { case QI_VAL: memcpy(&ptr[i], item, sizeof(QueryOperand)); break; case QI_VALSTOP: ptr[i].type = QI_VALSTOP; break; case QI_OPR: memcpy(&ptr[i], item, sizeof(QueryOperator)); break; default: elog(ERROR, ""unrecognized QueryItem type: %d"", item->type); } i++; } memcpy((void *) GETOPERAND(query), (void *) state.op, state.sumlen); pfree(state.op); findoprnd(ptr, query->size); return query; }",visit repo url,src/backend/utils/adt/tsquery.c,https://github.com/postgres/postgres,119339877427117,1 2325,['CWE-120'],"walk_init_root(const char *name, struct nameidata *nd) { struct fs_struct *fs = current->fs; read_lock(&fs->lock); if (fs->altroot.dentry && !(nd->flags & LOOKUP_NOALT)) { nd->path = fs->altroot; path_get(&fs->altroot); read_unlock(&fs->lock); if (__emul_lookup_dentry(name,nd)) return 0; read_lock(&fs->lock); } nd->path = fs->root; path_get(&fs->root); read_unlock(&fs->lock); return 1; }",linux-2.6,,,194225394494007454074536734257584761949,0 3242,CWE-125,"print_ccp_config_options(netdissect_options *ndo, const u_char *p, int length) { int len, opt; if (length < 2) return 0; ND_TCHECK2(*p, 2); len = p[1]; opt = p[0]; if (length < len) return 0; if (len < 2) { ND_PRINT((ndo, ""\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)"", tok2str(ccpconfopts_values, ""Unknown"", opt), opt, len)); return 0; } ND_PRINT((ndo, ""\n\t %s Option (0x%02x), length %u"", tok2str(ccpconfopts_values, ""Unknown"", opt), opt, len)); switch (opt) { case CCPOPT_BSDCOMP: if (len < 3) { ND_PRINT((ndo, "" (length bogus, should be >= 3)"")); return len; } ND_TCHECK2(*(p + 2), 1); ND_PRINT((ndo, "": Version: %u, Dictionary Bits: %u"", p[2] >> 5, p[2] & 0x1f)); break; case CCPOPT_MVRCA: if (len < 4) { ND_PRINT((ndo, "" (length bogus, should be >= 4)"")); return len; } ND_TCHECK2(*(p + 2), 1); ND_PRINT((ndo, "": Features: %u, PxP: %s, History: %u, #CTX-ID: %u"", (p[2] & 0xc0) >> 6, (p[2] & 0x20) ? ""Enabled"" : ""Disabled"", p[2] & 0x1f, p[3])); break; case CCPOPT_DEFLATE: if (len < 4) { ND_PRINT((ndo, "" (length bogus, should be >= 4)"")); return len; } ND_TCHECK2(*(p + 2), 1); ND_PRINT((ndo, "": Window: %uK, Method: %s (0x%x), MBZ: %u, CHK: %u"", (p[2] & 0xf0) >> 4, ((p[2] & 0x0f) == 8) ? ""zlib"" : ""unknown"", p[2] & 0x0f, (p[3] & 0xfc) >> 2, p[3] & 0x03)); break; #if 0 case CCPOPT_OUI: case CCPOPT_PRED1: case CCPOPT_PRED2: case CCPOPT_PJUMP: case CCPOPT_HPPPC: case CCPOPT_STACLZS: case CCPOPT_MPPC: case CCPOPT_GFZA: case CCPOPT_V42BIS: case CCPOPT_LZSDCP: case CCPOPT_DEC: case CCPOPT_RESV: break; #endif default: if (ndo->ndo_vflag < 2) print_unknown_data(ndo, &p[2], ""\n\t "", len - 2); break; } if (ndo->ndo_vflag > 1) print_unknown_data(ndo, &p[2], ""\n\t "", len - 2); return len; trunc: ND_PRINT((ndo, ""[|ccp]"")); return 0; }",visit repo url,print-ppp.c,https://github.com/the-tcpdump-group/tcpdump,83900794340280,1 720,CWE-20,"static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; int len; if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { rfcomm_dlc_accept(d); msg->msg_namelen = 0; return 0; } len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); lock_sock(sk); if (!(flags & MSG_PEEK) && len > 0) atomic_sub(len, &sk->sk_rmem_alloc); if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); release_sock(sk); return len; }",visit repo url,net/bluetooth/rfcomm/sock.c,https://github.com/torvalds/linux,68043523665785,1 6291,NVD-CWE-noinfo,"static void dhcps_send_offer(struct pbuf *packet_buffer) { uint8_t temp_ip = 0; dhcp_message_repository = (struct dhcp_msg *)packet_buffer->payload; #if (!IS_USE_FIXED_IP) temp_ip = check_client_request_ip(&client_request_ip, client_addr); if(temp_ip == 0) temp_ip = search_next_ip(); #if (debug_dhcps) printf(""\r\n temp_ip = %d"",temp_ip); #endif if (temp_ip == 0) { #if 0 memset(&ip_table, 0, sizeof(struct table)); mark_ip_in_table((uint8_t)ip4_addr4(&dhcps_local_address)); printf(""\r\n reset ip table!!\r\n""); #endif printf(""\r\n No useable ip!!!!\r\n""); } printf(""\n\r[%d]DHCP assign ip = %d.%d.%d.%d\n"", xTaskGetTickCount(), ip4_addr1(&dhcps_network_id),ip4_addr2(&dhcps_network_id),ip4_addr3(&dhcps_network_id),temp_ip); IP4_ADDR(&dhcps_allocated_client_address, (ip4_addr1(&dhcps_network_id)), ip4_addr2(&dhcps_network_id), ip4_addr3(&dhcps_network_id), temp_ip); #endif dhcps_initialize_message(dhcp_message_repository); add_offer_options(add_msg_type(&dhcp_message_repository->options[4], DHCP_MESSAGE_TYPE_OFFER)); udp_sendto_if(dhcps_pcb, packet_buffer, &dhcps_send_broadcast_address, DHCP_CLIENT_PORT, dhcps_netif); }",visit repo url,component/common/network/dhcp/dhcps.c,https://github.com/ambiot/amb1_sdk,130501888759030,1 4304,['CWE-264'],"static inline struct thread_info *alloc_thread_info(struct task_struct *tsk) { #ifdef CONFIG_DEBUG_STACK_USAGE gfp_t mask = GFP_KERNEL | __GFP_ZERO; #else gfp_t mask = GFP_KERNEL; #endif return (struct thread_info *)__get_free_pages(mask, THREAD_SIZE_ORDER); }",linux-2.6,,,11775122804388023507381292581214342373,0 3770,CWE-476,"static cJSON *get_object_item(const cJSON * const object, const char * const name, const cJSON_bool case_sensitive) { cJSON *current_element = NULL; if ((object == NULL) || (name == NULL)) { return NULL; } current_element = object->child; if (case_sensitive) { while ((current_element != NULL) && (strcmp(name, current_element->string) != 0)) { current_element = current_element->next; } } else { while ((current_element != NULL) && (case_insensitive_strcmp((const unsigned char*)name, (const unsigned char*)(current_element->string)) != 0)) { current_element = current_element->next; } } return current_element; }",visit repo url,cJSON.c,https://github.com/DaveGamble/cJSON,126049970087701,1 3725,CWE-78,"smtp_mailaddr(struct mailaddr *maddr, char *line, int mailfrom, char **args, const char *domain) { char *p, *e; if (line == NULL) return (0); if (*line != '<') return (0); e = strchr(line, '>'); if (e == NULL) return (0); *e++ = '\0'; while (*e == ' ') e++; *args = e; if (!text_to_mailaddr(maddr, line + 1)) return (0); p = strchr(maddr->user, ':'); if (p != NULL) { p++; memmove(maddr->user, p, strlen(p) + 1); } if (!valid_localpart(maddr->user) || !valid_domainpart(maddr->domain)) { if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') return (1); if (maddr->user[0] == '\0') return (0); if (maddr->domain[0] == '\0') { (void)strlcpy(maddr->domain, domain, sizeof(maddr->domain)); return (1); } return (0); } return (1); }",visit repo url,usr.sbin/smtpd/smtp_session.c,https://github.com/openbsd/src,50955831687253,1 5841,CWE-120,"static pj_status_t respond_digest( pj_pool_t *pool, pjsip_digest_credential *cred, const pjsip_digest_challenge *chal, const pj_str_t *uri, const pjsip_cred_info *cred_info, const pj_str_t *cnonce, pj_uint32_t nc, const pj_str_t *method) { const pj_str_t pjsip_AKAv1_MD5_STR = { ""AKAv1-MD5"", 9 }; pj_bool_t algo_sha256 = PJ_FALSE; #if PJSIP_AUTH_HAS_DIGEST_SHA256 algo_sha256 = (pj_stricmp(&chal->algorithm, &pjsip_SHA256_STR)==0); #endif if (chal->algorithm.slen==0 || (algo_sha256 || pj_stricmp(&chal->algorithm, &pjsip_MD5_STR)==0 || pj_stricmp(&chal->algorithm, &pjsip_AKAv1_MD5_STR)==0)) { PJ_LOG(4,(THIS_FILE, ""Digest algorithm is \""%.*s\"""", chal->algorithm.slen, chal->algorithm.ptr)); } else { PJ_LOG(4,(THIS_FILE, ""Unsupported digest algorithm \""%.*s\"""", chal->algorithm.slen, chal->algorithm.ptr)); return PJSIP_EINVALIDALGORITHM; } pj_strdup(pool, &cred->username, &cred_info->username); pj_strdup(pool, &cred->realm, &chal->realm); pj_strdup(pool, &cred->nonce, &chal->nonce); pj_strdup(pool, &cred->uri, uri); pj_strdup(pool, &cred->algorithm, &chal->algorithm); pj_strdup(pool, &cred->opaque, &chal->opaque); cred->response.slen = algo_sha256? PJSIP_SHA256STRLEN : PJSIP_MD5STRLEN; cred->response.ptr = (char*) pj_pool_alloc(pool, cred->response.slen); if (chal->qop.slen == 0) { if ((cred_info->data_type & EXT_MASK) == PJSIP_CRED_DATA_EXT_AKA) { return (*cred_info->ext.aka.cb)(pool, chal, cred_info, method, cred); } else { if (algo_sha256) { pjsip_auth_create_digestSHA256( &cred->response, &cred->nonce, NULL, NULL, NULL, uri, &chal->realm, cred_info, method); } else { pjsip_auth_create_digest( &cred->response, &cred->nonce, NULL, NULL, NULL, uri, &chal->realm, cred_info, method); } } } else if (has_auth_qop(pool, &chal->qop)) { cred->qop = pjsip_AUTH_STR; cred->nc.ptr = (char*) pj_pool_alloc(pool, 16); cred->nc.slen = pj_ansi_snprintf(cred->nc.ptr, 16, ""%08u"", nc); if (cnonce && cnonce->slen) { pj_strdup(pool, &cred->cnonce, cnonce); } else { pj_str_t dummy_cnonce = { ""b39971"", 6}; pj_strdup(pool, &cred->cnonce, &dummy_cnonce); } if ((cred_info->data_type & EXT_MASK) == PJSIP_CRED_DATA_EXT_AKA) { return (*cred_info->ext.aka.cb)(pool, chal, cred_info, method, cred); } else { if (algo_sha256) { pjsip_auth_create_digestSHA256( &cred->response, &cred->nonce, &cred->nc, &cred->cnonce, &pjsip_AUTH_STR, uri, &chal->realm, cred_info, method); } else { pjsip_auth_create_digest( &cred->response, &cred->nonce, &cred->nc, &cred->cnonce, &pjsip_AUTH_STR, uri, &chal->realm, cred_info, method); } } } else { PJ_LOG(4,(THIS_FILE, ""Unsupported qop offer %.*s"", chal->qop.slen, chal->qop.ptr)); return PJSIP_EINVALIDQOP; } return PJ_SUCCESS; }",visit repo url,pjsip/src/pjsip/sip_auth_client.c,https://github.com/pjsip/pjproject,104198249886267,1 4728,['CWE-20'],"static const char *ext4_decode_error(struct super_block *sb, int errno, char nbuf[16]) { char *errstr = NULL; switch (errno) { case -EIO: errstr = ""IO failure""; break; case -ENOMEM: errstr = ""Out of memory""; break; case -EROFS: if (!sb || EXT4_SB(sb)->s_journal->j_flags & JBD2_ABORT) errstr = ""Journal has aborted""; else errstr = ""Readonly filesystem""; break; default: if (nbuf) { if (snprintf(nbuf, 16, ""error %d"", -errno) >= 0) errstr = nbuf; } break; } return errstr; }",linux-2.6,,,51508040511682967618949337841213160988,0 6124,CWE-190,"void ed_mul_sim_lot(ed_t r, const ed_t p[], const bn_t k[], int n) { int i, j, l, *_l = RLC_ALLOCA(int, n); ed_t *_p = RLC_ALLOCA(ed_t, n); int8_t *naf = NULL; RLC_TRY { l = 0; for (i = 0; i < n; i++) { l = RLC_MAX(l, bn_bits(k[i]) + 1); } naf = RLC_ALLOCA(int8_t, n * l); if (naf == NULL || _p == NULL || _l == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (i = 0; i < n; i++) { ed_null(_p[i]); ed_new(_p[i]); } for (i = 0; i < n; i++) { _l[i] = l; ed_norm(_p[i], p[i]); bn_rec_naf(&naf[i*l], &_l[i], k[i], 2); if (bn_sign(k[i]) == RLC_NEG) { ed_neg(_p[i], _p[i]); } } ed_set_infty(r); for (i = l - 1; i >= 0; i--) { ed_dbl(r, r); for (j = 0; j < n; j++) { if (naf[j*l + i] > 0) { ed_add(r, r, _p[j]); } if (naf[j*l + i] < 0) { ed_sub(r, r, _p[j]); } } } ed_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < n; i++) { ed_free(_p[i]); } RLC_FREE(_l); RLC_FREE(_p); RLC_FREE(naf); } }",visit repo url,src/ed/relic_ed_mul_sim.c,https://github.com/relic-toolkit/relic,214949417118677,1 3598,CWE-125,"static int jpc_pi_nextrpcl(register jpc_pi_t *pi) { int rlvlno; jpc_pirlvl_t *pirlvl; jpc_pchg_t *pchg; int prchind; int prcvind; int *prclyrno; int compno; jpc_picomp_t *picomp; int xstep; int ystep; uint_fast32_t r; uint_fast32_t rpx; uint_fast32_t rpy; uint_fast32_t trx0; uint_fast32_t try0; pchg = pi->pchg; if (!pi->prgvolfirst) { goto skip; } else { pi->xstep = 0; pi->ystep = 0; for (compno = 0, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++picomp) { for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl) { xstep = picomp->hsamp * (1 << (pirlvl->prcwidthexpn + picomp->numrlvls - rlvlno - 1)); ystep = picomp->vsamp * (1 << (pirlvl->prcheightexpn + picomp->numrlvls - rlvlno - 1)); pi->xstep = (!pi->xstep) ? xstep : JAS_MIN(pi->xstep, xstep); pi->ystep = (!pi->ystep) ? ystep : JAS_MIN(pi->ystep, ystep); } } pi->prgvolfirst = 0; } for (pi->rlvlno = pchg->rlvlnostart; pi->rlvlno < pchg->rlvlnoend && pi->rlvlno < pi->maxrlvls; ++pi->rlvlno) { for (pi->y = pi->ystart; pi->y < pi->yend; pi->y += pi->ystep - (pi->y % pi->ystep)) { for (pi->x = pi->xstart; pi->x < pi->xend; pi->x += pi->xstep - (pi->x % pi->xstep)) { for (pi->compno = pchg->compnostart, pi->picomp = &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, ++pi->picomp) { if (pi->rlvlno >= pi->picomp->numrlvls) { continue; } pi->pirlvl = &pi->picomp->pirlvls[pi->rlvlno]; if (pi->pirlvl->numprcs == 0) { continue; } r = pi->picomp->numrlvls - 1 - pi->rlvlno; rpx = r + pi->pirlvl->prcwidthexpn; rpy = r + pi->pirlvl->prcheightexpn; trx0 = JPC_CEILDIV(pi->xstart, pi->picomp->hsamp << r); try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r); if (((pi->x == pi->xstart && ((trx0 << r) % (1 << rpx))) || !(pi->x % (1 << rpx))) && ((pi->y == pi->ystart && ((try0 << r) % (1 << rpy))) || !(pi->y % (1 << rpy)))) { prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn); prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn); pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind; assert(pi->prcno < pi->pirlvl->numprcs); for (pi->lyrno = 0; pi->lyrno < pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { prclyrno = &pi->pirlvl->prclyrnos[pi->prcno]; if (pi->lyrno >= *prclyrno) { ++(*prclyrno); return 0; } skip: ; } } } } } } return 1; }",visit repo url,src/libjasper/jpc/jpc_t2cod.c,https://github.com/mdadams/jasper,269416495240605,1 2907,CWE-369,"TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size) { static const char module[] = ""TIFFReadEncodedStrip""; TIFFDirectory *td = &tif->tif_dir; uint32 rowsperstrip; uint32 stripsperplane; uint32 stripinplane; uint16 plane; uint32 rows; tmsize_t stripsize; if (!TIFFCheckRead(tif,0)) return((tmsize_t)(-1)); if (strip>=td->td_nstrips) { TIFFErrorExt(tif->tif_clientdata,module, ""%lu: Strip out of range, max %lu"",(unsigned long)strip, (unsigned long)td->td_nstrips); return((tmsize_t)(-1)); } rowsperstrip=td->td_rowsperstrip; if (rowsperstrip>td->td_imagelength) rowsperstrip=td->td_imagelength; stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip); stripinplane=(strip%stripsperplane); plane=(uint16)(strip/stripsperplane); rows=td->td_imagelength-stripinplane*rowsperstrip; if (rows>rowsperstrip) rows=rowsperstrip; stripsize=TIFFVStripSize(tif,rows); if (stripsize==0) return((tmsize_t)(-1)); if( td->td_compression == COMPRESSION_NONE && size!=(tmsize_t)(-1) && size >= stripsize && !isMapped(tif) && ((tif->tif_flags&TIFF_NOREADRAW)==0) ) { if (TIFFReadRawStrip1(tif, strip, buf, stripsize, module) != stripsize) return ((tmsize_t)(-1)); if (!isFillOrder(tif, td->td_fillorder) && (tif->tif_flags & TIFF_NOBITREV) == 0) TIFFReverseBits(buf,stripsize); (*tif->tif_postdecode)(tif,buf,stripsize); return (stripsize); } if ((size!=(tmsize_t)(-1))&&(sizetif_decodestrip)(tif,buf,stripsize,plane)<=0) return((tmsize_t)(-1)); (*tif->tif_postdecode)(tif,buf,stripsize); return(stripsize); }",visit repo url,libtiff/tif_read.c,https://github.com/vadz/libtiff,47954567990196,1 2874,['CWE-189'],"jp2_boxinfo_t *jp2_boxinfolookup(int type) { jp2_boxinfo_t *boxinfo; for (boxinfo = jp2_boxinfos; boxinfo->name; ++boxinfo) { if (boxinfo->type == type) { return boxinfo; } } return &jp2_boxinfo_unk; }",jasper,,,132055289868305576992524543153805790919,0 2914,CWE-119,"static int readContigStripsIntoBuffer (TIFF* in, uint8* buf) { uint8* bufp = buf; int32 bytes_read = 0; uint32 strip, nstrips = TIFFNumberOfStrips(in); uint32 stripsize = TIFFStripSize(in); uint32 rows = 0; uint32 rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); tsize_t scanline_size = TIFFScanlineSize(in); if (scanline_size == 0) { TIFFError("""", ""TIFF scanline size is zero!""); return 0; } for (strip = 0; strip < nstrips; strip++) { bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1); rows = bytes_read / scanline_size; if ((strip < (nstrips - 1)) && (bytes_read != (int32)stripsize)) TIFFError("""", ""Strip %d: read %lu bytes, strip size %lu"", (int)strip + 1, (unsigned long) bytes_read, (unsigned long)stripsize); if (bytes_read < 0 && !ignore) { TIFFError("""", ""Error reading strip %lu after %lu rows"", (unsigned long) strip, (unsigned long)rows); return 0; } bufp += bytes_read; } return 1; } ",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,143442995004612,1 5250,['CWE-264'],"NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, SEC_DESC **ppdesc) { SMB_STRUCT_STAT sbuf; SMB_ACL_T posix_acl = NULL; struct pai_val *pal; *ppdesc = NULL; DEBUG(10,(""posix_fget_nt_acl: called for file %s\n"", fsp->fsp_name )); if (fsp->is_directory || fsp->fh->fd == -1) { return posix_get_nt_acl(fsp->conn, fsp->fsp_name, security_info, ppdesc); } if(SMB_VFS_FSTAT(fsp, &sbuf) != 0) { return map_nt_error_from_unix(errno); } posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp); pal = fload_inherited_info(fsp); return posix_get_nt_acl_common(fsp->conn, fsp->fsp_name, &sbuf, pal, posix_acl, NULL, security_info, ppdesc); }",samba,,,3526075031887491449647363799353963630,0 2242,CWE-787,"static int l2cap_parse_conf_req(struct sock *sk, void *data) { struct l2cap_pinfo *pi = l2cap_pi(sk); struct l2cap_conf_rsp *rsp = data; void *ptr = rsp->data; void *req = pi->conf_req; int len = pi->conf_len; int type, hint, olen; unsigned long val; struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; u16 mtu = L2CAP_DEFAULT_MTU; u16 result = L2CAP_CONF_SUCCESS; BT_DBG(""sk %p"", sk); while (len >= L2CAP_CONF_OPT_SIZE) { len -= l2cap_get_conf_opt(&req, &type, &olen, &val); hint = type & L2CAP_CONF_HINT; type &= L2CAP_CONF_MASK; switch (type) { case L2CAP_CONF_MTU: mtu = val; break; case L2CAP_CONF_FLUSH_TO: pi->flush_to = val; break; case L2CAP_CONF_QOS: break; case L2CAP_CONF_RFC: if (olen == sizeof(rfc)) memcpy(&rfc, (void *) val, olen); break; default: if (hint) break; result = L2CAP_CONF_UNKNOWN; *((u8 *) ptr++) = type; break; } } if (result == L2CAP_CONF_SUCCESS) { if (rfc.mode == L2CAP_MODE_BASIC) { if (mtu < pi->omtu) result = L2CAP_CONF_UNACCEPT; else { pi->omtu = mtu; pi->conf_state |= L2CAP_CONF_OUTPUT_DONE; } l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu); } else { result = L2CAP_CONF_UNACCEPT; memset(&rfc, 0, sizeof(rfc)); rfc.mode = L2CAP_MODE_BASIC; l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), (unsigned long) &rfc); } } rsp->scid = cpu_to_le16(pi->dcid); rsp->result = cpu_to_le16(result); rsp->flags = cpu_to_le16(0x0000); return ptr - data; }",visit repo url,net/bluetooth/l2cap.c,https://github.com/torvalds/linux,145307125961054,1 5048,['CWE-20'],"static struct vmcs *alloc_vmcs_cpu(int cpu) { int node = cpu_to_node(cpu); struct page *pages; struct vmcs *vmcs; pages = alloc_pages_node(node, GFP_KERNEL, vmcs_config.order); if (!pages) return NULL; vmcs = page_address(pages); memset(vmcs, 0, vmcs_config.size); vmcs->revision_id = vmcs_config.revision_id; return vmcs; }",linux-2.6,,,288576273178237053326034092724714307602,0 2060,CWE-667,"void dwc3_gadget_giveback(struct dwc3_ep *dep, struct dwc3_request *req, int status) { struct dwc3 *dwc = dep->dwc; req->started = false; list_del(&req->list); req->remaining = 0; if (req->request.status == -EINPROGRESS) req->request.status = status; if (req->trb) usb_gadget_unmap_request_by_dev(dwc->sysdev, &req->request, req->direction); req->trb = NULL; trace_dwc3_gadget_giveback(req); spin_unlock(&dwc->lock); usb_gadget_giveback_request(&dep->endpoint, &req->request); spin_lock(&dwc->lock); if (dep->number > 1) pm_runtime_put(dwc->dev); }",visit repo url,drivers/usb/dwc3/gadget.c,https://github.com/torvalds/linux,77226159215183,1 1881,['CWE-189'],"_gnutls_server_find_pk_algos_in_ciphersuites (const opaque * data, int datalen) { int j; gnutls_pk_algorithm_t algo = GNUTLS_PK_NONE, prev_algo = 0; gnutls_kx_algorithm_t kx; cipher_suite_st cs; if (datalen % 2 != 0) { gnutls_assert (); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } for (j = 0; j < datalen; j += 2) { memcpy (&cs.suite, &data[j], 2); kx = _gnutls_cipher_suite_get_kx_algo (&cs); if (_gnutls_map_kx_get_cred (kx, 1) == GNUTLS_CRD_CERTIFICATE) { algo = _gnutls_map_pk_get_pk (kx); if (algo != prev_algo && prev_algo != 0) return GNUTLS_PK_ANY; prev_algo = algo; } } return algo; }",gnutls,,,64527617504054553554224591972802642076,0 875,['CWE-200'],"static int shmem_free_swp(swp_entry_t *dir, swp_entry_t *edir, spinlock_t *punch_lock) { spinlock_t *punch_unlock = NULL; swp_entry_t *ptr; int freed = 0; for (ptr = dir; ptr < edir; ptr++) { if (ptr->val) { if (unlikely(punch_lock)) { punch_unlock = punch_lock; punch_lock = NULL; spin_lock(punch_unlock); if (!ptr->val) continue; } free_swap_and_cache(*ptr); *ptr = (swp_entry_t){0}; freed++; } } if (punch_unlock) spin_unlock(punch_unlock); return freed; }",linux-2.6,,,245241660588343008333992402680844564353,0 3357,CWE-287,"sasl_handle_login(struct sasl_session *const restrict p, struct user *const u, struct myuser *mu) { bool was_killed = false; if (! mu) { if (! *p->authzeid) { (void) slog(LG_INFO, ""%s: session for '%s' without an authzeid (BUG)"", MOWGLI_FUNC_NAME, u->nick); (void) notice(saslsvs->nick, u->nick, LOGIN_CANCELLED_STR); return false; } if (! (mu = myuser_find_uid(p->authzeid))) { if (*p->authzid) (void) notice(saslsvs->nick, u->nick, ""Account %s dropped; login cancelled"", p->authzid); else (void) notice(saslsvs->nick, u->nick, ""Account dropped; login cancelled""); return false; } } if (u->myuser && u->myuser != mu) { if (is_soper(u->myuser)) (void) logcommand_user(saslsvs, u, CMDLOG_ADMIN, ""DESOPER: \2%s\2 as \2%s\2"", u->nick, entity(u->myuser)->name); (void) logcommand_user(saslsvs, u, CMDLOG_LOGIN, ""LOGOUT""); if (! (was_killed = ircd_on_logout(u, entity(u->myuser)->name))) { mowgli_node_t *n; MOWGLI_ITER_FOREACH(n, u->myuser->logins.head) { if (n->data == u) { (void) mowgli_node_delete(n, &u->myuser->logins); (void) mowgli_node_free(n); break; } } u->myuser = NULL; } } if (! was_killed) { if (u->myuser != mu) { (void) myuser_login(saslsvs, u, mu, false); (void) logcommand_user(saslsvs, u, CMDLOG_LOGIN, ""LOGIN (%s)"", p->mechptr->name); } else { mu->lastlogin = CURRTIME; (void) logcommand_user(saslsvs, u, CMDLOG_LOGIN, ""REAUTHENTICATE (%s)"", p->mechptr->name); } } return true; }",visit repo url,modules/saslserv/main.c,https://github.com/atheme/atheme,229074607327976,1 4258,['CWE-119'],"sctp_disposition_t sctp_sf_do_8_5_1_E_sa(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); SCTP_INC_STATS(SCTP_MIB_OUTOFBLUES); return sctp_sf_shut_8_4_5(ep, NULL, type, arg, commands); }",linux-2.6,,,125712221372846631825119429124156799133,0 6146,CWE-190,"void ep_write_bin(uint8_t *bin, int len, const ep_t a, int pack) { ep_t t; ep_null(t); memset(bin, 0, len); if (ep_is_infty(a)) { if (len < 1) { RLC_THROW(ERR_NO_BUFFER); return; } else { return; } } RLC_TRY { ep_new(t); ep_norm(t, a); if (pack) { if (len < RLC_FP_BYTES + 1) { RLC_THROW(ERR_NO_BUFFER); } else { ep_pck(t, t); bin[0] = 2 | fp_get_bit(t->y, 0); fp_write_bin(bin + 1, RLC_FP_BYTES, t->x); } } else { if (len < 2 * RLC_FP_BYTES + 1) { RLC_THROW(ERR_NO_BUFFER); } else { bin[0] = 4; fp_write_bin(bin + 1, RLC_FP_BYTES, t->x); fp_write_bin(bin + RLC_FP_BYTES + 1, RLC_FP_BYTES, t->y); } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { ep_free(t); } }",visit repo url,src/ep/relic_ep_util.c,https://github.com/relic-toolkit/relic,47917082897312,1 1176,['CWE-189'],"static inline int hrtimer_enqueue_reprogram(struct hrtimer *timer, struct hrtimer_clock_base *base) { if (base->cpu_base->hres_active && hrtimer_reprogram(timer, base)) { switch(timer->cb_mode) { case HRTIMER_CB_IRQSAFE_NO_RESTART: BUG_ON(timer->function(timer) != HRTIMER_NORESTART); return 1; case HRTIMER_CB_IRQSAFE_NO_SOFTIRQ: return 1; case HRTIMER_CB_IRQSAFE: case HRTIMER_CB_SOFTIRQ: list_add_tail(&timer->cb_entry, &base->cpu_base->cb_pending); timer->state = HRTIMER_STATE_PENDING; raise_softirq(HRTIMER_SOFTIRQ); return 1; default: BUG(); } } return 0; }",linux-2.6,,,280250034296541109626316073431736692489,0 4747,CWE-347,"int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, int *pathLenConstraint) { int ret = X509_OK, i = 0; bigint *cert_sig; X509_CTX *next_cert = NULL; BI_CTX *ctx = NULL; bigint *mod = NULL, *expn = NULL; int match_ca_cert = 0; struct timeval tv; uint8_t is_self_signed = 0; if (cert == NULL) { ret = X509_VFY_ERROR_NO_TRUSTED_CERT; goto end_verify; } if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0) { is_self_signed = 1; ctx = cert->rsa_ctx->bi_ctx; mod = cert->rsa_ctx->m; expn = cert->rsa_ctx->e; } gettimeofday(&tv, NULL); if (tv.tv_sec < cert->not_before) { ret = X509_VFY_ERROR_NOT_YET_VALID; goto end_verify; } if (tv.tv_sec > cert->not_after) { ret = X509_VFY_ERROR_EXPIRED; goto end_verify; } if (cert->basic_constraint_present) { if (!cert->basic_constraint_cA && IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) { ret = X509_VFY_ERROR_BASIC_CONSTRAINT; goto end_verify; } if (cert->basic_constraint_cA && (!cert->key_usage_present || IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) && (cert->basic_constraint_pathLenConstraint+1) < *pathLenConstraint) { ret = X509_VFY_ERROR_BASIC_CONSTRAINT; goto end_verify; } } next_cert = cert->next; if (next_cert == NULL) { if (ca_cert_ctx != NULL) { while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) { if (cert->basic_constraint_present && !ca_cert_ctx->cert[i]->basic_constraint_cA) continue; if (asn1_compare_dn(cert->ca_cert_dn, ca_cert_ctx->cert[i]->cert_dn) == 0) { match_ca_cert = true; ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx; mod = ca_cert_ctx->cert[i]->rsa_ctx->m; expn = ca_cert_ctx->cert[i]->rsa_ctx->e; break; } i++; } } if (!match_ca_cert && !is_self_signed) { ret = X509_VFY_ERROR_NO_TRUSTED_CERT; goto end_verify; } } else if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0) { ret = X509_VFY_ERROR_INVALID_CHAIN; goto end_verify; } else { ctx = next_cert->rsa_ctx->bi_ctx; mod = next_cert->rsa_ctx->m; expn = next_cert->rsa_ctx->e; } if (!match_ca_cert && is_self_signed) { ret = X509_VFY_ERROR_SELF_SIGNED; goto end_verify; } cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, bi_clone(ctx, mod), bi_clone(ctx, expn)); if (cert_sig && cert->digest) { if (bi_compare(cert_sig, cert->digest) != 0) ret = X509_VFY_ERROR_BAD_SIGNATURE; bi_free(ctx, cert_sig); } else { ret = X509_VFY_ERROR_BAD_SIGNATURE; } bi_clear_cache(ctx); if (ret) goto end_verify; if (next_cert != NULL) { (*pathLenConstraint)++; ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint); } end_verify: return ret; }",visit repo url,ssl/x509.c,https://github.com/igrr/axtls-8266,8851597120481,1 1500,CWE-264,"static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; random_variable <<= PAGE_SHIFT; } #ifdef CONFIG_STACK_GROWSUP return PAGE_ALIGN(stack_top) + random_variable; #else return PAGE_ALIGN(stack_top) - random_variable; #endif }",visit repo url,fs/binfmt_elf.c,https://github.com/torvalds/linux,26322176517865,1 4238,CWE-78,"R_API int r_socket_read(RSocket *s, unsigned char *buf, int len) { if (!s) { return -1; } #if HAVE_LIB_SSL if (s->is_ssl) { if (s->bio) { return BIO_read (s->bio, buf, len); } return SSL_read (s->sfd, buf, len); } #endif #if __WINDOWS__ rep: { int ret = recv (s->fd, (void *)buf, len, 0); if (ret == -1) { goto rep; } return ret; } #else int r = recv (s->fd, buf, len, 0); D { eprintf (""READ ""); int i; for (i = 0; isk; struct sco_pinfo *pi = sco_pi(sk); lock_sock(sk); if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { sco_conn_defer_accept(pi->conn->hcon, pi->setting); sk->sk_state = BT_CONFIG; msg->msg_namelen = 0; release_sock(sk); return 0; } release_sock(sk); return bt_sock_recvmsg(iocb, sock, msg, len, flags); }",visit repo url,net/bluetooth/sco.c,https://github.com/torvalds/linux,169024666607659,1 3538,['CWE-20'],"sctp_disposition_t sctp_sf_cookie_echoed_abort(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { return sctp_sf_cookie_wait_abort(ep, asoc, type, arg, commands); }",linux-2.6,,,209239135670114500402533543301929948598,0 4521,['CWE-20'],"int ext4_htree_fill_tree(struct file *dir_file, __u32 start_hash, __u32 start_minor_hash, __u32 *next_hash) { struct dx_hash_info hinfo; struct ext4_dir_entry_2 *de; struct dx_frame frames[2], *frame; struct inode *dir; ext4_lblk_t block; int count = 0; int ret, err; __u32 hashval; dxtrace(printk(KERN_DEBUG ""In htree_fill_tree, start hash: %x:%x\n"", start_hash, start_minor_hash)); dir = dir_file->f_path.dentry->d_inode; if (!(EXT4_I(dir)->i_flags & EXT4_INDEX_FL)) { hinfo.hash_version = EXT4_SB(dir->i_sb)->s_def_hash_version; if (hinfo.hash_version <= DX_HASH_TEA) hinfo.hash_version += EXT4_SB(dir->i_sb)->s_hash_unsigned; hinfo.seed = EXT4_SB(dir->i_sb)->s_hash_seed; count = htree_dirblock_to_tree(dir_file, dir, 0, &hinfo, start_hash, start_minor_hash); *next_hash = ~0; return count; } hinfo.hash = start_hash; hinfo.minor_hash = 0; frame = dx_probe(NULL, dir, &hinfo, frames, &err); if (!frame) return err; if (!start_hash && !start_minor_hash) { de = (struct ext4_dir_entry_2 *) frames[0].bh->b_data; if ((err = ext4_htree_store_dirent(dir_file, 0, 0, de)) != 0) goto errout; count++; } if (start_hash < 2 || (start_hash ==2 && start_minor_hash==0)) { de = (struct ext4_dir_entry_2 *) frames[0].bh->b_data; de = ext4_next_entry(de); if ((err = ext4_htree_store_dirent(dir_file, 2, 0, de)) != 0) goto errout; count++; } while (1) { block = dx_get_block(frame->at); ret = htree_dirblock_to_tree(dir_file, dir, block, &hinfo, start_hash, start_minor_hash); if (ret < 0) { err = ret; goto errout; } count += ret; hashval = ~0; ret = ext4_htree_next_block(dir, HASH_NB_ALWAYS, frame, frames, &hashval); *next_hash = hashval; if (ret < 0) { err = ret; goto errout; } if ((ret == 0) || (count && ((hashval & 1) == 0))) break; } dx_release(frames); dxtrace(printk(KERN_DEBUG ""Fill tree: returned %d entries, "" ""next hash: %x\n"", count, *next_hash)); return count; errout: dx_release(frames); return (err); }",linux-2.6,,,230120062405372941351872509515635720340,0 4669,['CWE-399'],"static int ext4_da_write_end(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned copied, struct page *page, void *fsdata) { struct inode *inode = mapping->host; int ret = 0, ret2; handle_t *handle = ext4_journal_current_handle(); loff_t new_i_size; unsigned long start, end; int write_mode = (int)(unsigned long)fsdata; if (write_mode == FALL_BACK_TO_NONDELALLOC) { if (ext4_should_order_data(inode)) { return ext4_ordered_write_end(file, mapping, pos, len, copied, page, fsdata); } else if (ext4_should_writeback_data(inode)) { return ext4_writeback_write_end(file, mapping, pos, len, copied, page, fsdata); } else { BUG(); } } trace_mark(ext4_da_write_end, ""dev %s ino %lu pos %llu len %u copied %u"", inode->i_sb->s_id, inode->i_ino, (unsigned long long) pos, len, copied); start = pos & (PAGE_CACHE_SIZE - 1); end = start + copied - 1; new_i_size = pos + copied; if (new_i_size > EXT4_I(inode)->i_disksize) { if (ext4_da_should_update_i_disksize(page, end)) { down_write(&EXT4_I(inode)->i_data_sem); if (new_i_size > EXT4_I(inode)->i_disksize) { if (ext4_should_order_data(inode)) ret = ext4_jbd2_file_inode(handle, inode); EXT4_I(inode)->i_disksize = new_i_size; } up_write(&EXT4_I(inode)->i_data_sem); ext4_mark_inode_dirty(handle, inode); } } ret2 = generic_write_end(file, mapping, pos, len, copied, page, fsdata); copied = ret2; if (ret2 < 0) ret = ret2; ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; return ret ? ret : copied; }",linux-2.6,,,194051177061760617474124057189229919103,0 4103,['CWE-399'],"static int sg_emulated_host(struct request_queue *q, int __user *p) { return put_user(1, p); }",linux-2.6,,,221537137532059500968144730141150971,0 877,CWE-20,"static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr = msg->msg_name; int copied = 0; int check_creds = 0; int target; int err = 0; long timeo; int skip; err = -EINVAL; if (sk->sk_state != TCP_ESTABLISHED) goto out; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); msg->msg_namelen = 0; if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(timeo); goto out; } do { int chunk; struct sk_buff *skb, *last; unix_state_lock(sk); last = skb = skb_peek(&sk->sk_receive_queue); again: if (skb == NULL) { unix_sk(sk)->recursion_level = 0; if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; unix_state_unlock(sk); err = -EAGAIN; if (!timeo) break; mutex_unlock(&u->readlock); timeo = unix_stream_data_wait(sk, timeo, last); if (signal_pending(current) || mutex_lock_interruptible(&u->readlock)) { err = sock_intr_errno(timeo); goto out; } continue; unlock: unix_state_unlock(sk); break; } skip = sk_peek_offset(sk, flags); while (skip >= unix_skb_len(skb)) { skip -= unix_skb_len(skb); last = skb; skb = skb_peek_next(skb, &sk->sk_receive_queue); if (!skb) goto again; } unix_state_unlock(sk); if (check_creds) { if ((UNIXCB(skb).pid != siocb->scm->pid) || !uid_eq(UNIXCB(skb).uid, siocb->scm->creds.uid) || !gid_eq(UNIXCB(skb).gid, siocb->scm->creds.gid)) break; } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); check_creds = 1; } if (sunaddr) { unix_copy_addr(msg, skb->sk); sunaddr = NULL; } chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); if (skb_copy_datagram_iovec(skb, UNIXCB(skb).consumed + skip, msg->msg_iov, chunk)) { if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { UNIXCB(skb).consumed += chunk; sk_peek_offset_bwd(sk, chunk); if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); if (unix_skb_len(skb)) break; skb_unlink(skb, &sk->sk_receive_queue); consume_skb(skb); if (siocb->scm->fp) break; } else { if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); sk_peek_offset_fwd(sk, chunk); break; } } while (size); mutex_unlock(&u->readlock); scm_recv(sock, msg, siocb->scm, flags); out: return copied ? : err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,252330469564730,1 2139,['CWE-119'],"static inline int desc_empty(const void *ptr) { const u32 *desc = ptr; return !(desc[0] | desc[1]); }",linux-2.6,,,150970733969418337514014025561321657540,0 5526,['CWE-119'],"write_tag_3_packet(char *dest, size_t *remaining_bytes, struct ecryptfs_auth_tok *auth_tok, struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_key_record *key_rec, size_t *packet_size) { size_t i; size_t encrypted_session_key_valid = 0; char session_key_encryption_key[ECRYPTFS_MAX_KEY_BYTES]; struct scatterlist dst_sg[2]; struct scatterlist src_sg[2]; struct mutex *tfm_mutex = NULL; u8 cipher_code; size_t packet_size_length; size_t max_packet_size; struct ecryptfs_mount_crypt_stat *mount_crypt_stat = crypt_stat->mount_crypt_stat; struct blkcipher_desc desc = { .tfm = NULL, .flags = CRYPTO_TFM_REQ_MAY_SLEEP }; int rc = 0; (*packet_size) = 0; ecryptfs_from_hex(key_rec->sig, auth_tok->token.password.signature, ECRYPTFS_SIG_SIZE); rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&desc.tfm, &tfm_mutex, crypt_stat->cipher); if (unlikely(rc)) { printk(KERN_ERR ""Internal error whilst attempting to get "" ""tfm and mutex for cipher name [%s]; rc = [%d]\n"", crypt_stat->cipher, rc); goto out; } if (mount_crypt_stat->global_default_cipher_key_size == 0) { struct blkcipher_alg *alg = crypto_blkcipher_alg(desc.tfm); printk(KERN_WARNING ""No key size specified at mount; "" ""defaulting to [%d]\n"", alg->max_keysize); mount_crypt_stat->global_default_cipher_key_size = alg->max_keysize; } if (crypt_stat->key_size == 0) crypt_stat->key_size = mount_crypt_stat->global_default_cipher_key_size; if (auth_tok->session_key.encrypted_key_size == 0) auth_tok->session_key.encrypted_key_size = crypt_stat->key_size; if (crypt_stat->key_size == 24 && strcmp(""aes"", crypt_stat->cipher) == 0) { memset((crypt_stat->key + 24), 0, 8); auth_tok->session_key.encrypted_key_size = 32; } else auth_tok->session_key.encrypted_key_size = crypt_stat->key_size; key_rec->enc_key_size = auth_tok->session_key.encrypted_key_size; encrypted_session_key_valid = 0; for (i = 0; i < auth_tok->session_key.encrypted_key_size; i++) encrypted_session_key_valid |= auth_tok->session_key.encrypted_key[i]; if (encrypted_session_key_valid) { ecryptfs_printk(KERN_DEBUG, ""encrypted_session_key_valid != 0; "" ""using auth_tok->session_key.encrypted_key, "" ""where key_rec->enc_key_size = [%d]\n"", key_rec->enc_key_size); memcpy(key_rec->enc_key, auth_tok->session_key.encrypted_key, key_rec->enc_key_size); goto encrypted_session_key_set; } if (auth_tok->token.password.flags & ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) { ecryptfs_printk(KERN_DEBUG, ""Using previously generated "" ""session key encryption key of size [%d]\n"", auth_tok->token.password. session_key_encryption_key_bytes); memcpy(session_key_encryption_key, auth_tok->token.password.session_key_encryption_key, crypt_stat->key_size); ecryptfs_printk(KERN_DEBUG, ""Cached session key "" ""encryption key: \n""); if (ecryptfs_verbosity > 0) ecryptfs_dump_hex(session_key_encryption_key, 16); } if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""Session key encryption key:\n""); ecryptfs_dump_hex(session_key_encryption_key, 16); } rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size, src_sg, 2); if (rc < 1 || rc > 2) { ecryptfs_printk(KERN_ERR, ""Error generating scatterlist "" ""for crypt_stat session key; expected rc = 1; "" ""got rc = [%d]. key_rec->enc_key_size = [%d]\n"", rc, key_rec->enc_key_size); rc = -ENOMEM; goto out; } rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size, dst_sg, 2); if (rc < 1 || rc > 2) { ecryptfs_printk(KERN_ERR, ""Error generating scatterlist "" ""for crypt_stat encrypted session key; "" ""expected rc = 1; got rc = [%d]. "" ""key_rec->enc_key_size = [%d]\n"", rc, key_rec->enc_key_size); rc = -ENOMEM; goto out; } mutex_lock(tfm_mutex); rc = crypto_blkcipher_setkey(desc.tfm, session_key_encryption_key, crypt_stat->key_size); if (rc < 0) { mutex_unlock(tfm_mutex); ecryptfs_printk(KERN_ERR, ""Error setting key for crypto "" ""context; rc = [%d]\n"", rc); goto out; } rc = 0; ecryptfs_printk(KERN_DEBUG, ""Encrypting [%d] bytes of the key\n"", crypt_stat->key_size); rc = crypto_blkcipher_encrypt(&desc, dst_sg, src_sg, (*key_rec).enc_key_size); mutex_unlock(tfm_mutex); if (rc) { printk(KERN_ERR ""Error encrypting; rc = [%d]\n"", rc); goto out; } ecryptfs_printk(KERN_DEBUG, ""This should be the encrypted key:\n""); if (ecryptfs_verbosity > 0) { ecryptfs_printk(KERN_DEBUG, ""EFEK of size [%d]:\n"", key_rec->enc_key_size); ecryptfs_dump_hex(key_rec->enc_key, key_rec->enc_key_size); } encrypted_session_key_set: max_packet_size = (1 + 3 + 1 + 1 + 1 + 1 + ECRYPTFS_SALT_SIZE + 1 + key_rec->enc_key_size); if (max_packet_size > (*remaining_bytes)) { printk(KERN_ERR ""Packet too large; need up to [%td] bytes, but "" ""there are only [%td] available\n"", max_packet_size, (*remaining_bytes)); rc = -EINVAL; goto out; } dest[(*packet_size)++] = ECRYPTFS_TAG_3_PACKET_TYPE; rc = ecryptfs_write_packet_length(&dest[(*packet_size)], (max_packet_size - 4), &packet_size_length); if (rc) { printk(KERN_ERR ""Error generating tag 3 packet header; cannot "" ""generate packet length. rc = [%d]\n"", rc); goto out; } (*packet_size) += packet_size_length; dest[(*packet_size)++] = 0x04; cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher, crypt_stat->key_size); if (cipher_code == 0) { ecryptfs_printk(KERN_WARNING, ""Unable to generate code for "" ""cipher [%s]\n"", crypt_stat->cipher); rc = -EINVAL; goto out; } dest[(*packet_size)++] = cipher_code; dest[(*packet_size)++] = 0x03; dest[(*packet_size)++] = 0x01; memcpy(&dest[(*packet_size)], auth_tok->token.password.salt, ECRYPTFS_SALT_SIZE); (*packet_size) += ECRYPTFS_SALT_SIZE; dest[(*packet_size)++] = 0x60; memcpy(&dest[(*packet_size)], key_rec->enc_key, key_rec->enc_key_size); (*packet_size) += key_rec->enc_key_size; out: if (rc) (*packet_size) = 0; else (*remaining_bytes) -= (*packet_size); return rc; }",linux-2.6,,,53935241387204563645034547104230588383,0 1752,CWE-416,"int ppp_register_net_channel(struct net *net, struct ppp_channel *chan) { struct channel *pch; struct ppp_net *pn; pch = kzalloc(sizeof(struct channel), GFP_KERNEL); if (!pch) return -ENOMEM; pn = ppp_pernet(net); pch->ppp = NULL; pch->chan = chan; pch->chan_net = net; chan->ppp = pch; init_ppp_file(&pch->file, CHANNEL); pch->file.hdrlen = chan->hdrlen; #ifdef CONFIG_PPP_MULTILINK pch->lastseq = -1; #endif init_rwsem(&pch->chan_sem); spin_lock_init(&pch->downl); rwlock_init(&pch->upl); spin_lock_bh(&pn->all_channels_lock); pch->file.index = ++pn->last_channel_index; list_add(&pch->list, &pn->new_channels); atomic_inc(&channel_count); spin_unlock_bh(&pn->all_channels_lock); return 0; }",visit repo url,drivers/net/ppp/ppp_generic.c,https://github.com/torvalds/linux,164734447074804,1 5071,CWE-191,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 3516,['CWE-20'],"struct sctp_chunk *sctp_make_abort_violation( const struct sctp_association *asoc, const struct sctp_chunk *chunk, const __u8 *payload, const size_t paylen) { struct sctp_chunk *retval; struct sctp_paramhdr phdr; retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen + sizeof(sctp_paramhdr_t)); if (!retval) goto end; sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen + sizeof(sctp_paramhdr_t)); phdr.type = htons(chunk->chunk_hdr->type); phdr.length = chunk->chunk_hdr->length; sctp_addto_chunk(retval, paylen, payload); sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); end: return retval; }",linux-2.6,,,178799935429364541581295084230545759245,0 119,['CWE-787'],"void pci_cirrus_vga_init(PCIBus *bus, DisplayState *ds, uint8_t *vga_ram_base, unsigned long vga_ram_offset, int vga_ram_size) { PCICirrusVGAState *d; uint8_t *pci_conf; CirrusVGAState *s; int device_id; device_id = CIRRUS_ID_CLGD5446; d = (PCICirrusVGAState *)pci_register_device(bus, ""Cirrus VGA"", sizeof(PCICirrusVGAState), -1, NULL, NULL); pci_conf = d->dev.config; pci_conf[0x00] = (uint8_t) (PCI_VENDOR_CIRRUS & 0xff); pci_conf[0x01] = (uint8_t) (PCI_VENDOR_CIRRUS >> 8); pci_conf[0x02] = (uint8_t) (device_id & 0xff); pci_conf[0x03] = (uint8_t) (device_id >> 8); pci_conf[0x04] = PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS; pci_conf[0x0a] = PCI_CLASS_SUB_VGA; pci_conf[0x0b] = PCI_CLASS_BASE_DISPLAY; pci_conf[0x0e] = PCI_CLASS_HEADERTYPE_00h; s = &d->cirrus_vga; vga_common_init((VGAState *)s, ds, vga_ram_base, vga_ram_offset, vga_ram_size); cirrus_init_common(s, device_id, 1); s->console = graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, s->text_update, s); s->pci_dev = (PCIDevice *)d; pci_register_io_region((PCIDevice *)d, 0, 0x2000000, PCI_ADDRESS_SPACE_MEM_PREFETCH, cirrus_pci_lfb_map); if (device_id == CIRRUS_ID_CLGD5446) { pci_register_io_region((PCIDevice *)d, 1, CIRRUS_PNPMMIO_SIZE, PCI_ADDRESS_SPACE_MEM, cirrus_pci_mmio_map); } }",qemu,,,33502475027224866186375882842494682899,0 1900,CWE-416,"static void nft_dynset_activate(const struct nft_ctx *ctx, const struct nft_expr *expr) { struct nft_dynset *priv = nft_expr_priv(expr); priv->set->use++; }",visit repo url,net/netfilter/nft_dynset.c,https://github.com/torvalds/linux,45203376079000,1 6163,['CWE-200'],"static void *neigh_get_idx_any(struct seq_file *seq, loff_t *pos) { struct neigh_seq_state *state = seq->private; void *rc; rc = neigh_get_idx(seq, pos); if (!rc && !(state->flags & NEIGH_SEQ_NEIGH_ONLY)) rc = pneigh_get_idx(seq, pos); return rc; }",linux-2.6,,,87937869213943764412537102476759945613,0 6369,[],"void printRrule (FILE *fptr, gchar *recur_data, gint size, TNEFStruct *tnef) { variableLength *filename; if (size < 0x1F) { return; } fprintf(fptr, ""RRULE:FREQ=""); if (recur_data[0x04] == 0x0A) { fprintf(fptr, ""DAILY""); if (recur_data[0x16] == 0x23 || recur_data[0x16] == 0x22 || recur_data[0x16] == 0x21) { if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_I2, 0x0011))) != MAPI_UNDEFINED) { fprintf(fptr, "";INTERVAL=%d"", *(filename->data)); } if (recur_data[0x16] == 0x22 || recur_data[0x16] == 0x21) { fprintf(fptr, "";COUNT=%d"", getRruleCount (recur_data[0x1B], recur_data[0x1A])); } } else if (recur_data[0x16] == 0x3E) { fprintf(fptr, "";BYDAY=MO,TU,WE,TH,FR""); if (recur_data[0x1A] == 0x22 || recur_data[0x1A] == 0x21) { fprintf(fptr, "";COUNT=%d"", getRruleCount (recur_data[0x1F], recur_data[0x1E])); } } } else if (recur_data[0x04] == 0x0B) { fprintf(fptr, ""WEEKLY;INTERVAL=%d;BYDAY=%s"", recur_data[0x0E], getRruleDayname (recur_data[0x16])); if (recur_data[0x1A] == 0x22 || recur_data[0x1A] == 0x21) { fprintf(fptr, "";COUNT=%d"", getRruleCount (recur_data[0x1F], recur_data[0x1E])); } } else if (recur_data[0x04] == 0x0C) { fprintf(fptr, ""MONTHLY""); if (recur_data[0x06] == 0x02) { fprintf(fptr, "";INTERVAL=%d;BYMONTHDAY=%d"", recur_data[0x0E], recur_data[0x16]); if (recur_data[0x1A] == 0x22 || recur_data[0x1A] == 0x21) { fprintf(fptr, "";COUNT=%d"", getRruleCount(recur_data[0x1F], recur_data[0x1E])); } } else if (recur_data[0x06] == 0x03) { fprintf(fptr, "";BYDAY=%s;BYSETPOS=%d;INTERVAL=%d"", getRruleDayname (recur_data[0x16]), recur_data[0x1A] == 0x05 ? -1 : recur_data[0x1A], recur_data[0x0E]); if (recur_data[0x1E] == 0x22 || recur_data[0x1E] == 0x21) { fprintf(fptr, "";COUNT=%d"", getRruleCount(recur_data[0x23], recur_data[0x22])); } } } else if (recur_data[0x04] == 0x0D) { fprintf(fptr, ""YEARLY;BYMONTH=%d"", getRruleMonthNum (recur_data[0x0A], recur_data[0x0B])); if (recur_data[0x06] == 0x02) { fprintf(fptr, "";BYMONTHDAY=%d"", recur_data[0x16]); } else if (recur_data[0x06] == 0x03) { fprintf(fptr, "";BYDAY=%s;BYSETPOS=%d"", getRruleDayname (recur_data[0x16]), recur_data[0x1A] == 0x05 ? -1 : recur_data[0x1A]); } if (recur_data[0x1E] == 0x22 || recur_data[0x1E] == 0x21) { fprintf(fptr, "";COUNT=%d"", getRruleCount(recur_data[0x23], recur_data[0x22])); } } fprintf(fptr, ""\n""); }",evolution,,,129503467797971934146303132806472704719,0 4687,CWE-78,"void imap_quote_string (char *dest, size_t dlen, const char *src) { static const char quote[] = ""\""\\""; char *pt; const char *s; pt = dest; s = src; *pt++ = '""'; dlen -= 2; for (; *s && dlen; s++) { if (strchr (quote, *s)) { dlen -= 2; if (!dlen) break; *pt++ = '\\'; *pt++ = *s; } else { *pt++ = *s; dlen--; } } *pt++ = '""'; *pt = 0; }",visit repo url,imap/util.c,https://gitlab.com/muttmua/mutt,159059063677793,1 2187,['CWE-193'],"int add_to_page_cache_lru(struct page *page, struct address_space *mapping, pgoff_t offset, gfp_t gfp_mask) { int ret = add_to_page_cache(page, mapping, offset, gfp_mask); if (ret == 0) lru_cache_add(page); return ret; }",linux-2.6,,,84147663674641348765521355331675741014,0 5198,CWE-404,"static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; struct xfrm_dump_info info; BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) > sizeof(cb->args) - sizeof(cb->args[0])); info.in_skb = cb->skb; info.out_skb = skb; info.nlmsg_seq = cb->nlh->nlmsg_seq; info.nlmsg_flags = NLM_F_MULTI; if (!cb->args[0]) { cb->args[0] = 1; xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); } (void) xfrm_policy_walk(net, walk, dump_one_policy, &info); return skb->len; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/flar2/ElementalX-N9,152819211951514,1 2642,[],"static int sctp_setsockopt_adaptation_layer(struct sock *sk, char __user *optval, int optlen) { struct sctp_setadaptation adaptation; if (optlen != sizeof(struct sctp_setadaptation)) return -EINVAL; if (copy_from_user(&adaptation, optval, optlen)) return -EFAULT; sctp_sk(sk)->adaptation_ind = adaptation.ssb_adaptation_ind; return 0; }",linux-2.6,,,223512191307302497478485769931985534958,0 2936,CWE-310,"static void test_simple() { json_set_alloc_funcs(my_malloc, my_free); create_and_free_complex_object(); if(malloc_called != 20 || free_called != 20) fail(""Custom allocation failed""); }",visit repo url,test/suites/api/test_memory_funcs.c,https://github.com/akheron/jansson,84718564838489,1 498,[],"static void __exit snd_mem_exit(void) { remove_proc_entry(SND_MEM_PROC_FILE, NULL); free_all_reserved_pages(); if (snd_allocated_pages > 0) printk(KERN_ERR ""snd-malloc: Memory leak? pages not freed = %li\n"", snd_allocated_pages); }",linux-2.6,,,250622172965917581062556895466961826124,0 2495,CWE-190,"static int b_unpack (lua_State *L) { Header h; const char *fmt = luaL_checkstring(L, 1); size_t ld; const char *data = luaL_checklstring(L, 2, &ld); size_t pos = luaL_optinteger(L, 3, 1) - 1; int n = 0; defaultoptions(&h); while (*fmt) { int opt = *fmt++; size_t size = optsize(L, opt, &fmt); pos += gettoalign(pos, &h, opt, size); luaL_argcheck(L, pos+size <= ld, 2, ""data string too short""); luaL_checkstack(L, 2, ""too many results""); switch (opt) { case 'b': case 'B': case 'h': case 'H': case 'l': case 'L': case 'T': case 'i': case 'I': { int issigned = islower(opt); lua_Number res = getinteger(data+pos, h.endian, issigned, size); lua_pushnumber(L, res); n++; break; } case 'x': { break; } case 'f': { float f; memcpy(&f, data+pos, size); correctbytes((char *)&f, sizeof(f), h.endian); lua_pushnumber(L, f); n++; break; } case 'd': { double d; memcpy(&d, data+pos, size); correctbytes((char *)&d, sizeof(d), h.endian); lua_pushnumber(L, d); n++; break; } case 'c': { if (size == 0) { if (n == 0 || !lua_isnumber(L, -1)) luaL_error(L, ""format 'c0' needs a previous size""); size = lua_tonumber(L, -1); lua_pop(L, 1); n--; luaL_argcheck(L, size <= ld && pos <= ld - size, 2, ""data string too short""); } lua_pushlstring(L, data+pos, size); n++; break; } case 's': { const char *e = (const char *)memchr(data+pos, '\0', ld - pos); if (e == NULL) luaL_error(L, ""unfinished string in data""); size = (e - (data+pos)) + 1; lua_pushlstring(L, data+pos, size - 1); n++; break; } default: controloptions(L, opt, &fmt, &h); } pos += size; } lua_pushinteger(L, pos + 1); return n + 1; }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,147017706909544,1 4236,CWE-78,"static bool checkCurl() { const char nul[] = R_SYS_DEVNULL; if (r_sys_cmdf (""curl --version > %s"", nul) != 0) { return false; } return true; }",visit repo url,libr/bin/pdb/pdb_downloader.c,https://github.com/radareorg/radare2,610239135418,1 3995,['CWE-362'],"void get_inotify_watch(struct inotify_watch *watch) { atomic_inc(&watch->count); }",linux-2.6,,,25492164909961209386126999740471840427,0 1307,CWE-399,"static void hugetlb_vm_op_close(struct vm_area_struct *vma) { struct hstate *h = hstate_vma(vma); struct resv_map *reservations = vma_resv_map(vma); unsigned long reserve; unsigned long start; unsigned long end; if (reservations) { start = vma_hugecache_offset(h, vma, vma->vm_start); end = vma_hugecache_offset(h, vma, vma->vm_end); reserve = (end - start) - region_count(&reservations->regions, start, end); kref_put(&reservations->refs, resv_map_release); if (reserve) { hugetlb_acct_memory(h, -reserve); hugetlb_put_quota(vma->vm_file->f_mapping, reserve); } } }",visit repo url,mm/hugetlb.c,https://github.com/torvalds/linux,57859808336018,1 2228,['CWE-193'],"static int sync_page_killable(void *word) { sync_page(word); return fatal_signal_pending(current) ? -EINTR : 0; }",linux-2.6,,,254152445868052636055899054717050747042,0 1168,CWE-400,"do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) { struct task_struct *tsk; struct mm_struct *mm; int fault, sig, code; if (notify_page_fault(regs, fsr)) return 0; tsk = current; mm = tsk->mm; if (in_atomic() || !mm) goto no_context; if (!down_read_trylock(&mm->mmap_sem)) { if (!user_mode(regs) && !search_exception_tables(regs->ARM_pc)) goto no_context; down_read(&mm->mmap_sem); } else { might_sleep(); #ifdef CONFIG_DEBUG_VM if (!user_mode(regs) && !search_exception_tables(regs->ARM_pc)) goto no_context; #endif } fault = __do_page_fault(mm, addr, fsr, tsk); up_read(&mm->mmap_sem); perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, 0, regs, addr); if (fault & VM_FAULT_MAJOR) perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, 0, regs, addr); else if (fault & VM_FAULT_MINOR) perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, 0, regs, addr); if (likely(!(fault & (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS)))) return 0; if (fault & VM_FAULT_OOM) { pagefault_out_of_memory(); return 0; } if (!user_mode(regs)) goto no_context; if (fault & VM_FAULT_SIGBUS) { sig = SIGBUS; code = BUS_ADRERR; } else { sig = SIGSEGV; code = fault == VM_FAULT_BADACCESS ? SEGV_ACCERR : SEGV_MAPERR; } __do_user_fault(tsk, addr, fsr, sig, code, regs); return 0; no_context: __do_kernel_fault(mm, addr, fsr, regs); return 0; }",visit repo url,arch/arm/mm/fault.c,https://github.com/torvalds/linux,87026582339880,1 4435,CWE-416,"mrb_vm_exec(mrb_state *mrb, const struct RProc *proc, const mrb_code *pc) { const mrb_irep *irep = proc->body.irep; const mrb_pool_value *pool = irep->pool; const mrb_sym *syms = irep->syms; mrb_code insn; int ai = mrb_gc_arena_save(mrb); struct mrb_jmpbuf *prev_jmp = mrb->jmp; struct mrb_jmpbuf c_jmp; uint32_t a; uint16_t b; uint16_t c; mrb_sym mid; const struct mrb_irep_catch_handler *ch; #ifdef DIRECT_THREADED static const void * const optable[] = { #define OPCODE(x,_) &&L_OP_ ## x, #include ""mruby/ops.h"" #undef OPCODE }; #endif mrb_bool exc_catched = FALSE; RETRY_TRY_BLOCK: MRB_TRY(&c_jmp) { if (exc_catched) { exc_catched = FALSE; mrb_gc_arena_restore(mrb, ai); if (mrb->exc && mrb->exc->tt == MRB_TT_BREAK) goto L_BREAK; goto L_RAISE; } mrb->jmp = &c_jmp; mrb_vm_ci_proc_set(mrb->c->ci, proc); #define regs (mrb->c->ci->stack) INIT_DISPATCH { CASE(OP_NOP, Z) { NEXT; } CASE(OP_MOVE, BB) { regs[a] = regs[b]; NEXT; } CASE(OP_LOADL, BB) { switch (pool[b].tt) { case IREP_TT_INT32: regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i32); break; case IREP_TT_INT64: #if defined(MRB_INT64) regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; #else #if defined(MRB_64BIT) if (INT32_MIN <= pool[b].u.i64 && pool[b].u.i64 <= INT32_MAX) { regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; } #endif goto L_INT_OVERFLOW; #endif case IREP_TT_BIGINT: goto L_INT_OVERFLOW; #ifndef MRB_NO_FLOAT case IREP_TT_FLOAT: regs[a] = mrb_float_value(mrb, pool[b].u.f); break; #endif default: regs[a] = mrb_nil_value(); break; } NEXT; } CASE(OP_LOADI, BB) { SET_FIXNUM_VALUE(regs[a], b); NEXT; } CASE(OP_LOADINEG, BB) { SET_FIXNUM_VALUE(regs[a], -b); NEXT; } CASE(OP_LOADI__1,B) goto L_LOADI; CASE(OP_LOADI_0,B) goto L_LOADI; CASE(OP_LOADI_1,B) goto L_LOADI; CASE(OP_LOADI_2,B) goto L_LOADI; CASE(OP_LOADI_3,B) goto L_LOADI; CASE(OP_LOADI_4,B) goto L_LOADI; CASE(OP_LOADI_5,B) goto L_LOADI; CASE(OP_LOADI_6,B) goto L_LOADI; CASE(OP_LOADI_7, B) { L_LOADI: SET_FIXNUM_VALUE(regs[a], (mrb_int)insn - (mrb_int)OP_LOADI_0); NEXT; } CASE(OP_LOADI16, BS) { SET_FIXNUM_VALUE(regs[a], (mrb_int)(int16_t)b); NEXT; } CASE(OP_LOADI32, BSS) { SET_INT_VALUE(mrb, regs[a], (int32_t)(((uint32_t)b<<16)+c)); NEXT; } CASE(OP_LOADSYM, BB) { SET_SYM_VALUE(regs[a], syms[b]); NEXT; } CASE(OP_LOADNIL, B) { SET_NIL_VALUE(regs[a]); NEXT; } CASE(OP_LOADSELF, B) { regs[a] = regs[0]; NEXT; } CASE(OP_LOADT, B) { SET_TRUE_VALUE(regs[a]); NEXT; } CASE(OP_LOADF, B) { SET_FALSE_VALUE(regs[a]); NEXT; } CASE(OP_GETGV, BB) { mrb_value val = mrb_gv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETGV, BB) { mrb_gv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETSV, BB) { mrb_value val = mrb_vm_special_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETSV, BB) { mrb_vm_special_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIV, BB) { regs[a] = mrb_iv_get(mrb, regs[0], syms[b]); NEXT; } CASE(OP_SETIV, BB) { mrb_iv_set(mrb, regs[0], syms[b], regs[a]); NEXT; } CASE(OP_GETCV, BB) { mrb_value val; val = mrb_vm_cv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETCV, BB) { mrb_vm_cv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIDX, B) { mrb_value va = regs[a], vb = regs[a+1]; switch (mrb_type(va)) { case MRB_TT_ARRAY: if (!mrb_integer_p(vb)) goto getidx_fallback; regs[a] = mrb_ary_entry(va, mrb_integer(vb)); break; case MRB_TT_HASH: va = mrb_hash_get(mrb, va, vb); regs[a] = va; break; case MRB_TT_STRING: switch (mrb_type(vb)) { case MRB_TT_INTEGER: case MRB_TT_STRING: case MRB_TT_RANGE: va = mrb_str_aref(mrb, va, vb, mrb_undef_value()); regs[a] = va; break; default: goto getidx_fallback; } break; default: getidx_fallback: mid = MRB_OPSYM(aref); goto L_SEND_SYM; } NEXT; } CASE(OP_SETIDX, B) { c = 2; mid = MRB_OPSYM(aset); SET_NIL_VALUE(regs[a+3]); goto L_SENDB_SYM; } CASE(OP_GETCONST, BB) { mrb_value v = mrb_vm_const_get(mrb, syms[b]); regs[a] = v; NEXT; } CASE(OP_SETCONST, BB) { mrb_vm_const_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETMCNST, BB) { mrb_value v = mrb_const_get(mrb, regs[a], syms[b]); regs[a] = v; NEXT; } CASE(OP_SETMCNST, BB) { mrb_const_set(mrb, regs[a+1], syms[b], regs[a]); NEXT; } CASE(OP_GETUPVAR, BBB) { mrb_value *regs_a = regs + a; struct REnv *e = uvenv(mrb, c); if (e && b < MRB_ENV_LEN(e)) { *regs_a = e->stack[b]; } else { *regs_a = mrb_nil_value(); } NEXT; } CASE(OP_SETUPVAR, BBB) { struct REnv *e = uvenv(mrb, c); if (e) { mrb_value *regs_a = regs + a; if (b < MRB_ENV_LEN(e)) { e->stack[b] = *regs_a; mrb_write_barrier(mrb, (struct RBasic*)e); } } NEXT; } CASE(OP_JMP, S) { pc += (int16_t)a; JUMP; } CASE(OP_JMPIF, BS) { if (mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNOT, BS) { if (!mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNIL, BS) { if (mrb_nil_p(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPUW, S) { a = (uint32_t)((pc - irep->iseq) + (int16_t)a); CHECKPOINT_RESTORE(RBREAK_TAG_JUMP) { struct RBreak *brk = (struct RBreak*)mrb->exc; mrb_value target = mrb_break_value_get(brk); mrb_assert(mrb_integer_p(target)); a = (uint32_t)mrb_integer(target); mrb_assert(a >= 0 && a < irep->ilen); } CHECKPOINT_MAIN(RBREAK_TAG_JUMP) { ch = catch_handler_find(mrb, mrb->c->ci, pc, MRB_CATCH_FILTER_ENSURE); if (ch) { if (a < mrb_irep_catch_handler_unpack(ch->begin) || a >= mrb_irep_catch_handler_unpack(ch->end)) { THROW_TAGGED_BREAK(mrb, RBREAK_TAG_JUMP, proc, mrb_fixnum_value(a)); } } } CHECKPOINT_END(RBREAK_TAG_JUMP); mrb->exc = NULL; pc = irep->iseq + a; JUMP; } CASE(OP_EXCEPT, B) { mrb_value exc; if (mrb->exc == NULL) { exc = mrb_nil_value(); } else { switch (mrb->exc->tt) { case MRB_TT_BREAK: case MRB_TT_EXCEPTION: exc = mrb_obj_value(mrb->exc); break; default: mrb_assert(!""bad mrb_type""); exc = mrb_nil_value(); break; } mrb->exc = NULL; } regs[a] = exc; NEXT; } CASE(OP_RESCUE, BB) { mrb_value exc = regs[a]; mrb_value e = regs[b]; struct RClass *ec; switch (mrb_type(e)) { case MRB_TT_CLASS: case MRB_TT_MODULE: break; default: { mrb_value exc; exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""class or module required for rescue clause""); mrb_exc_set(mrb, exc); goto L_RAISE; } } ec = mrb_class_ptr(e); regs[b] = mrb_bool_value(mrb_obj_is_kind_of(mrb, exc, ec)); NEXT; } CASE(OP_RAISEIF, B) { mrb_value exc = regs[a]; if (mrb_break_p(exc)) { mrb->exc = mrb_obj_ptr(exc); goto L_BREAK; } mrb_exc_set(mrb, exc); if (mrb->exc) { goto L_RAISE; } NEXT; } CASE(OP_SSEND, BBB) { regs[a] = regs[0]; insn = OP_SEND; } goto L_SENDB; CASE(OP_SSENDB, BBB) { regs[a] = regs[0]; } goto L_SENDB; CASE(OP_SEND, BBB) goto L_SENDB; L_SEND_SYM: c = 1; SET_NIL_VALUE(regs[a+2]); goto L_SENDB_SYM; CASE(OP_SENDB, BBB) L_SENDB: mid = syms[b]; L_SENDB_SYM: { mrb_callinfo *ci = mrb->c->ci; mrb_method_t m; struct RClass *cls; mrb_value recv, blk; ARGUMENT_NORMALIZE(a, &c, insn); recv = regs[a]; cls = mrb_class(mrb, recv); m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &c, blk, 0); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, c); if (MRB_METHOD_CFUNC_P(m)) { if (MRB_METHOD_PROC_P(m)) { struct RProc *p = MRB_METHOD_PROC(m); mrb_vm_ci_proc_set(ci, p); recv = p->body.func(mrb, recv); } else { if (MRB_METHOD_NOARG_P(m)) { check_method_noarg(mrb, ci); } recv = MRB_METHOD_FUNC(m)(mrb, recv); } mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (p && !MRB_PROC_STRICT_P(p) && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } if (!ci->u.target_class) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return recv; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } ci->stack[0] = recv; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } } JUMP; CASE(OP_CALL, Z) { mrb_callinfo *ci = mrb->c->ci; mrb_value recv = ci->stack[0]; struct RProc *m = mrb_proc_ptr(recv); ci->u.target_class = MRB_PROC_TARGET_CLASS(m); mrb_vm_ci_proc_set(ci, m); if (MRB_PROC_ENV_P(m)) { ci->mid = MRB_PROC_ENV(m)->mid; } if (MRB_PROC_CFUNC_P(m)) { recv = MRB_PROC_CFUNC(m)(mrb, recv); mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = cipop(mrb); pc = ci->pc; ci[1].stack[0] = recv; irep = mrb->c->ci->proc->body.irep; } else { proc = m; irep = m->body.irep; if (!irep) { mrb->c->ci->stack[0] = mrb_nil_value(); a = 0; c = OP_R_NORMAL; goto L_OP_RETURN_BODY; } mrb_int nargs = mrb_ci_bidx(ci)+1; if (nargs < irep->nregs) { mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+nargs, irep->nregs-nargs); } if (MRB_PROC_ENV_P(m)) { regs[0] = MRB_PROC_ENV(m)->stack[0]; } pc = irep->iseq; } pool = irep->pool; syms = irep->syms; JUMP; } CASE(OP_SUPER, BB) { mrb_method_t m; struct RClass *cls; mrb_callinfo *ci = mrb->c->ci; mrb_value recv, blk; const struct RProc *p = ci->proc; mrb_sym mid = ci->mid; struct RClass* target_class = MRB_PROC_TARGET_CLASS(p); if (MRB_PROC_ENV_P(p) && p->e.env->mid && p->e.env->mid != mid) { mid = p->e.env->mid; } if (mid == 0 || !target_class) { mrb_value exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (target_class->flags & MRB_FL_CLASS_IS_PREPENDED) { target_class = mrb_vm_ci_target_class(ci); } else if (target_class->tt == MRB_TT_MODULE) { target_class = mrb_vm_ci_target_class(ci); if (target_class->tt != MRB_TT_ICLASS) { goto super_typeerror; } } recv = regs[0]; if (!mrb_obj_is_kind_of(mrb, recv, target_class)) { super_typeerror: ; mrb_value exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""self has wrong type to call super in this context""); mrb_exc_set(mrb, exc); goto L_RAISE; } ARGUMENT_NORMALIZE(a, &b, OP_SUPER); cls = target_class->super; m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &b, blk, 1); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, b); ci->stack[0] = recv; if (MRB_METHOD_CFUNC_P(m)) { mrb_value v; if (MRB_METHOD_PROC_P(m)) { mrb_vm_ci_proc_set(ci, MRB_METHOD_PROC(m)); } v = MRB_METHOD_CFUNC(m)(mrb, recv); mrb_gc_arena_restore(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; mrb_assert(!mrb_break_p(v)); if (!mrb_vm_ci_target_class(ci)) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return v; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } mrb->c->ci->stack[0] = v; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } JUMP; } CASE(OP_ARGARY, BS) { mrb_int m1 = (b>>11)&0x3f; mrb_int r = (b>>10)&0x1; mrb_int m2 = (b>>5)&0x1f; mrb_int kd = (b>>4)&0x1; mrb_int lv = (b>>0)&0xf; mrb_value *stack; if (mrb->c->ci->mid == 0 || mrb_vm_ci_target_class(mrb->c->ci) == NULL) { mrb_value exc; L_NOSUPER: exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e) goto L_NOSUPER; if (MRB_ENV_LEN(e) <= m1+r+m2+1) goto L_NOSUPER; stack = e->stack + 1; } if (r == 0) { regs[a] = mrb_ary_new_from_values(mrb, m1+m2, stack); } else { mrb_value *pp = NULL; struct RArray *rest; mrb_int len = 0; if (mrb_array_p(stack[m1])) { struct RArray *ary = mrb_ary_ptr(stack[m1]); pp = ARY_PTR(ary); len = ARY_LEN(ary); } regs[a] = mrb_ary_new_capa(mrb, m1+len+m2); rest = mrb_ary_ptr(regs[a]); if (m1 > 0) { stack_copy(ARY_PTR(rest), stack, m1); } if (len > 0) { stack_copy(ARY_PTR(rest)+m1, pp, len); } if (m2 > 0) { stack_copy(ARY_PTR(rest)+m1+len, stack+m1+1, m2); } ARY_SET_LEN(rest, m1+len+m2); } if (kd) { regs[a+1] = stack[m1+r+m2]; regs[a+2] = stack[m1+r+m2+1]; } else { regs[a+1] = stack[m1+r+m2]; } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ENTER, W) { mrb_int m1 = MRB_ASPEC_REQ(a); mrb_int o = MRB_ASPEC_OPT(a); mrb_int r = MRB_ASPEC_REST(a); mrb_int m2 = MRB_ASPEC_POST(a); mrb_int kd = (MRB_ASPEC_KEY(a) > 0 || MRB_ASPEC_KDICT(a))? 1 : 0; mrb_int const len = m1 + o + r + m2; mrb_callinfo *ci = mrb->c->ci; mrb_int argc = ci->n; mrb_value *argv = regs+1; mrb_value * const argv0 = argv; mrb_int const kw_pos = len + kd; mrb_int const blk_pos = kw_pos + 1; mrb_value blk = regs[mrb_ci_bidx(ci)]; mrb_value kdict = mrb_nil_value(); if (ci->nk > 0) { mrb_int kidx = mrb_ci_kidx(ci); kdict = regs[kidx]; if (!mrb_hash_p(kdict) || mrb_hash_size(mrb, kdict) == 0) { kdict = mrb_nil_value(); ci->nk = 0; } } if (!kd && !mrb_nil_p(kdict)) { if (argc < 14) { ci->n++; argc++; } else if (argc == 14) { regs[1] = mrb_ary_new_from_values(mrb, argc+1, ®s[1]); argc = ci->n = 15; } else { mrb_ary_push(mrb, regs[1], regs[2]); } ci->nk = 0; } if (kd && MRB_ASPEC_KEY(a) > 0 && mrb_hash_p(kdict)) { kdict = mrb_hash_dup(mrb, kdict); } if (argc == 15) { struct RArray *ary = mrb_ary_ptr(regs[1]); argv = ARY_PTR(ary); argc = (int)ARY_LEN(ary); mrb_gc_protect(mrb, regs[1]); } if (ci->proc && MRB_PROC_STRICT_P(ci->proc)) { if (argc < m1 + m2 || (r == 0 && argc > len)) { argnum_error(mrb, m1+m2); goto L_RAISE; } } else if (len > 1 && argc == 1 && mrb_array_p(argv[0])) { mrb_gc_protect(mrb, argv[0]); argc = (int)RARRAY_LEN(argv[0]); argv = RARRAY_PTR(argv[0]); } mrb_value rest = mrb_nil_value(); if (argc < len) { mrb_int mlen = m2; if (argc < m1+m2) { mlen = m1 < argc ? argc - m1 : 0; } if (argv0 != argv && argv) { value_move(®s[1], argv, argc-mlen); } if (argc < m1) { stack_clear(®s[argc+1], m1-argc); } if (mlen) { value_move(®s[len-m2+1], &argv[argc-mlen], mlen); } if (mlen < m2) { stack_clear(®s[len-m2+mlen+1], m2-mlen); } if (r) { rest = mrb_ary_new_capa(mrb, 0); regs[m1+o+1] = rest; } if (o > 0 && argc > m1+m2) pc += (argc - m1 - m2)*3; } else { mrb_int rnum = 0; if (argv0 != argv) { value_move(®s[1], argv, m1+o); } if (r) { rnum = argc-m1-o-m2; rest = mrb_ary_new_from_values(mrb, rnum, argv+m1+o); regs[m1+o+1] = rest; } if (m2 > 0 && argc-m2 > m1) { value_move(®s[m1+o+r+1], &argv[m1+o+rnum], m2); } pc += o*3; } regs[blk_pos] = blk; if (kd) { if (mrb_nil_p(kdict)) kdict = mrb_hash_new_capa(mrb, 0); regs[kw_pos] = kdict; } mrb->c->ci->n = len; if (irep->nlocals-blk_pos-1 > 0) { stack_clear(®s[blk_pos+1], irep->nlocals-blk_pos-1); } JUMP; } CASE(OP_KARG, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict, v; if (kidx < 0 || !mrb_hash_p(kdict=regs[kidx]) || !mrb_hash_key_p(mrb, kdict, k)) { mrb_value str = mrb_format(mrb, ""missing keyword: %v"", k); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } v = mrb_hash_get(mrb, kdict, k); regs[a] = v; mrb_hash_delete_key(mrb, kdict, k); NEXT; } CASE(OP_KEY_P, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; mrb_bool key_p = FALSE; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx])) { key_p = mrb_hash_key_p(mrb, kdict, k); } regs[a] = mrb_bool_value(key_p); NEXT; } CASE(OP_KEYEND, Z) { mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx]) && !mrb_hash_empty_p(mrb, kdict)) { mrb_value keys = mrb_hash_keys(mrb, kdict); mrb_value key1 = RARRAY_PTR(keys)[0]; mrb_value str = mrb_format(mrb, ""unknown keyword: %v"", key1); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } NEXT; } CASE(OP_BREAK, B) { c = OP_R_BREAK; goto L_RETURN; } CASE(OP_RETURN_BLK, B) { c = OP_R_RETURN; goto L_RETURN; } CASE(OP_RETURN, B) c = OP_R_NORMAL; L_RETURN: { mrb_callinfo *ci; ci = mrb->c->ci; if (ci->mid) { mrb_value blk = regs[mrb_ci_bidx(ci)]; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p) && ci > mrb->c->cibase && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } } if (mrb->exc) { L_RAISE: ci = mrb->c->ci; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) goto L_FTOP; goto L_CATCH; } while ((ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL)) == NULL) { ci = cipop(mrb); if (ci[1].cci == CINFO_SKIP && prev_jmp) { mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } pc = ci[0].pc; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) { L_FTOP: if (mrb->c == mrb->root_c) { mrb->c->ci->stack = mrb->c->stbase; goto L_STOP; } else { struct mrb_context *c = mrb->c; c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; c->prev = NULL; goto L_RAISE; } } break; } } L_CATCH: if (ch == NULL) goto L_STOP; if (FALSE) { L_CATCH_TAGGED_BREAK: ci = mrb->c->ci; } proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); pc = irep->iseq + mrb_irep_catch_handler_unpack(ch->target); } else { mrb_int acc; mrb_value v; ci = mrb->c->ci; v = regs[a]; mrb_gc_protect(mrb, v); switch (c) { case OP_R_RETURN: if (ci->cci == CINFO_NONE && MRB_PROC_ENV_P(proc) && !MRB_PROC_STRICT_P(proc)) { const struct RProc *dst; mrb_callinfo *cibase; cibase = mrb->c->cibase; dst = top_proc(mrb, proc); if (MRB_PROC_ENV_P(dst)) { struct REnv *e = MRB_PROC_ENV(dst); if (!MRB_ENV_ONSTACK_P(e) || (e->cxt && e->cxt != mrb->c)) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } } while (cibase <= ci && ci->proc != dst) { if (ci->cci > CINFO_NONE) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci--; } if (ci <= cibase) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci = mrb->c->ci; while (cibase <= ci && ci->proc != dst) { CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_BLOCK) { cibase = mrb->c->cibase; dst = top_proc(mrb, proc); } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_BLOCK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_BLOCK, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_BLOCK); ci = cipop(mrb); pc = ci->pc; } proc = ci->proc; mrb->exc = NULL; break; } case OP_R_NORMAL: NORMAL_RETURN: if (ci == mrb->c->cibase) { struct mrb_context *c; c = mrb->c; if (!c->prev) { regs[irep->nlocals] = v; goto CHECKPOINT_LABEL_MAKE(RBREAK_TAG_STOP); } if (!c->vmexec && c->prev->ci == c->prev->cibase) { mrb_value exc = mrb_exc_new_lit(mrb, E_FIBER_ERROR, ""double resume""); mrb_exc_set(mrb, exc); goto L_RAISE; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_TOPLEVEL) { c = mrb->c; } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_TOPLEVEL) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_TOPLEVEL, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_TOPLEVEL); c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; mrb->c->status = MRB_FIBER_RUNNING; c->prev = NULL; if (c->vmexec) { mrb_gc_arena_restore(mrb, ai); c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } ci = mrb->c->ci; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN) { } CHECKPOINT_MAIN(RBREAK_TAG_RETURN) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN); mrb->exc = NULL; break; case OP_R_BREAK: if (MRB_PROC_STRICT_P(proc)) goto NORMAL_RETURN; if (MRB_PROC_ORPHAN_P(proc)) { mrb_value exc; L_BREAK_ERROR: exc = mrb_exc_new_lit(mrb, E_LOCALJUMP_ERROR, ""break from proc-closure""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (!MRB_PROC_ENV_P(proc) || !MRB_ENV_ONSTACK_P(MRB_PROC_ENV(proc))) { goto L_BREAK_ERROR; } else { struct REnv *e = MRB_PROC_ENV(proc); if (e->cxt != mrb->c) { goto L_BREAK_ERROR; } } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK); if (ci == mrb->c->cibase && ci->pc) { struct mrb_context *c = mrb->c; mrb->c = c->prev; c->prev = NULL; ci = mrb->c->ci; } if (ci->cci > CINFO_NONE) { ci = cipop(mrb); mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } if (FALSE) { struct RBreak *brk; L_BREAK: brk = (struct RBreak*)mrb->exc; proc = mrb_break_proc_get(brk); v = mrb_break_value_get(brk); ci = mrb->c->ci; switch (mrb_break_tag_get(brk)) { #define DISPATCH_CHECKPOINTS(n, i) case n: goto CHECKPOINT_LABEL_MAKE(n); RBREAK_TAG_FOREACH(DISPATCH_CHECKPOINTS) #undef DISPATCH_CHECKPOINTS default: mrb_assert(!""wrong break tag""); } } while (mrb->c->cibase < ci && ci[-1].proc != proc->upper) { if (ci[-1].cci == CINFO_SKIP) { goto L_BREAK_ERROR; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_UPPER) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_UPPER) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_UPPER, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_UPPER); ci = cipop(mrb); pc = ci->pc; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_INTARGET) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_INTARGET) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_INTARGET, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_INTARGET); if (ci == mrb->c->cibase) { goto L_BREAK_ERROR; } mrb->exc = NULL; break; default: break; } mrb_assert(ci == mrb->c->ci); mrb_assert(mrb->exc == NULL); if (mrb->c->vmexec && !mrb_vm_ci_target_class(ci)) { mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } acc = ci->cci; ci = cipop(mrb); if (acc == CINFO_SKIP || acc == CINFO_DIRECT) { mrb_gc_arena_restore(mrb, ai); mrb->jmp = prev_jmp; return v; } pc = ci->pc; DEBUG(fprintf(stderr, ""from :%s\n"", mrb_sym_name(mrb, ci->mid))); proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; ci[1].stack[0] = v; mrb_gc_arena_restore(mrb, ai); } JUMP; } CASE(OP_BLKPUSH, BS) { int m1 = (b>>11)&0x3f; int r = (b>>10)&0x1; int m2 = (b>>5)&0x1f; int kd = (b>>4)&0x1; int lv = (b>>0)&0xf; mrb_value *stack; if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e || (!MRB_ENV_ONSTACK_P(e) && e->mid == 0) || MRB_ENV_LEN(e) <= m1+r+m2+1) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } stack = e->stack + 1; } if (mrb_nil_p(stack[m1+r+m2+kd])) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } regs[a] = stack[m1+r+m2+kd]; NEXT; } L_INT_OVERFLOW: { mrb_value exc = mrb_exc_new_lit(mrb, E_RANGE_ERROR, ""integer overflow""); mrb_exc_set(mrb, exc); } goto L_RAISE; #define TYPES2(a,b) ((((uint16_t)(a))<<8)|(((uint16_t)(b))&0xff)) #define OP_MATH(op_name) \ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { \ OP_MATH_CASE_INTEGER(op_name); \ OP_MATH_CASE_FLOAT(op_name, integer, float); \ OP_MATH_CASE_FLOAT(op_name, float, integer); \ OP_MATH_CASE_FLOAT(op_name, float, float); \ OP_MATH_CASE_STRING_##op_name(); \ default: \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATH_CASE_INTEGER(op_name) \ case TYPES2(MRB_TT_INTEGER, MRB_TT_INTEGER): \ { \ mrb_int x = mrb_integer(regs[a]), y = mrb_integer(regs[a+1]), z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATH_CASE_FLOAT(op_name, t1, t2) (void)0 #else #define OP_MATH_CASE_FLOAT(op_name, t1, t2) \ case TYPES2(OP_MATH_TT_##t1, OP_MATH_TT_##t2): \ { \ mrb_float z = mrb_##t1(regs[a]) OP_MATH_OP_##op_name mrb_##t2(regs[a+1]); \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif #define OP_MATH_OVERFLOW_INT() goto L_INT_OVERFLOW #define OP_MATH_CASE_STRING_add() \ case TYPES2(MRB_TT_STRING, MRB_TT_STRING): \ regs[a] = mrb_str_plus(mrb, regs[a], regs[a+1]); \ mrb_gc_arena_restore(mrb, ai); \ break #define OP_MATH_CASE_STRING_sub() (void)0 #define OP_MATH_CASE_STRING_mul() (void)0 #define OP_MATH_OP_add + #define OP_MATH_OP_sub - #define OP_MATH_OP_mul * #define OP_MATH_TT_integer MRB_TT_INTEGER #define OP_MATH_TT_float MRB_TT_FLOAT CASE(OP_ADD, B) { OP_MATH(add); } CASE(OP_SUB, B) { OP_MATH(sub); } CASE(OP_MUL, B) { OP_MATH(mul); } CASE(OP_DIV, B) { #ifndef MRB_NO_FLOAT mrb_float x, y, f; #endif switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER): { mrb_int x = mrb_integer(regs[a]); mrb_int y = mrb_integer(regs[a+1]); mrb_int div = mrb_div_int(mrb, x, y); SET_INT_VALUE(mrb, regs[a], div); } NEXT; #ifndef MRB_NO_FLOAT case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT): x = (mrb_float)mrb_integer(regs[a]); y = mrb_float(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER): x = mrb_float(regs[a]); y = (mrb_float)mrb_integer(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): x = mrb_float(regs[a]); y = mrb_float(regs[a+1]); break; #endif default: mid = MRB_OPSYM(div); goto L_SEND_SYM; } #ifndef MRB_NO_FLOAT f = mrb_div_float(x, y); SET_FLOAT_VALUE(mrb, regs[a], f); #endif NEXT; } #define OP_MATHI(op_name) \ \ switch (mrb_type(regs[a])) { \ OP_MATHI_CASE_INTEGER(op_name); \ OP_MATHI_CASE_FLOAT(op_name); \ default: \ SET_INT_VALUE(mrb,regs[a+1], b); \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATHI_CASE_INTEGER(op_name) \ case MRB_TT_INTEGER: \ { \ mrb_int x = mrb_integer(regs[a]), y = (mrb_int)b, z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATHI_CASE_FLOAT(op_name) (void)0 #else #define OP_MATHI_CASE_FLOAT(op_name) \ case MRB_TT_FLOAT: \ { \ mrb_float z = mrb_float(regs[a]) OP_MATH_OP_##op_name b; \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif CASE(OP_ADDI, BB) { OP_MATHI(add); } CASE(OP_SUBI, BB) { OP_MATHI(sub); } #define OP_CMP_BODY(op,v1,v2) (v1(regs[a]) op v2(regs[a+1])) #ifdef MRB_NO_FLOAT #define OP_CMP(op,sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #else #define OP_CMP(op, sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_float);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_float,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_float,mrb_float);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #endif CASE(OP_EQ, B) { if (mrb_obj_eq(mrb, regs[a], regs[a+1])) { SET_TRUE_VALUE(regs[a]); } else { OP_CMP(==,eq); } NEXT; } CASE(OP_LT, B) { OP_CMP(<,lt); NEXT; } CASE(OP_LE, B) { OP_CMP(<=,le); NEXT; } CASE(OP_GT, B) { OP_CMP(>,gt); NEXT; } CASE(OP_GE, B) { OP_CMP(>=,ge); NEXT; } CASE(OP_ARRAY, BB) { regs[a] = mrb_ary_new_from_values(mrb, b, ®s[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARRAY2, BBB) { regs[a] = mrb_ary_new_from_values(mrb, c, ®s[b]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYCAT, B) { mrb_value splat = mrb_ary_splat(mrb, regs[a+1]); if (mrb_nil_p(regs[a])) { regs[a] = splat; } else { mrb_assert(mrb_array_p(regs[a])); mrb_ary_concat(mrb, regs[a], splat); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYPUSH, BB) { mrb_assert(mrb_array_p(regs[a])); for (mrb_int i=0; i pre + post) { v = mrb_ary_new_from_values(mrb, len - pre - post, ARY_PTR(ary)+pre); regs[a++] = v; while (post--) { regs[a++] = ARY_PTR(ary)[len-post-1]; } } else { v = mrb_ary_new_capa(mrb, 0); regs[a++] = v; for (idx=0; idx+pre> 2; if (pool[b].tt & IREP_TT_SFLAG) { sym = mrb_intern_static(mrb, pool[b].u.str, len); } else { sym = mrb_intern(mrb, pool[b].u.str, len); } regs[a] = mrb_symbol_value(sym); NEXT; } CASE(OP_STRING, BB) { mrb_int len; mrb_assert((pool[b].tt&IREP_TT_NFLAG)==0); len = pool[b].tt >> 2; if (pool[b].tt & IREP_TT_SFLAG) { regs[a] = mrb_str_new_static(mrb, pool[b].u.str, len); } else { regs[a] = mrb_str_new(mrb, pool[b].u.str, len); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_STRCAT, B) { mrb_assert(mrb_string_p(regs[a])); mrb_str_concat(mrb, regs[a], regs[a+1]); NEXT; } CASE(OP_HASH, BB) { mrb_value hash = mrb_hash_new_capa(mrb, b); int i; int lim = a+b*2; for (i=a; ireps[b]; if (c & OP_L_CAPTURE) { p = mrb_closure_new(mrb, nirep); } else { p = mrb_proc_new(mrb, nirep); p->flags |= MRB_PROC_SCOPE; } if (c & OP_L_STRICT) p->flags |= MRB_PROC_STRICT; regs[a] = mrb_obj_value(p); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_BLOCK, BB) { c = OP_L_BLOCK; goto L_MAKE_LAMBDA; } CASE(OP_METHOD, BB) { c = OP_L_METHOD; goto L_MAKE_LAMBDA; } CASE(OP_RANGE_INC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], FALSE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_RANGE_EXC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], TRUE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_OCLASS, B) { regs[a] = mrb_obj_value(mrb->object_class); NEXT; } CASE(OP_CLASS, BB) { struct RClass *c = 0, *baseclass; mrb_value base, super; mrb_sym id = syms[b]; base = regs[a]; super = regs[a+1]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } c = mrb_vm_define_class(mrb, base, super, id); regs[a] = mrb_obj_value(c); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_MODULE, BB) { struct RClass *cls = 0, *baseclass; mrb_value base; mrb_sym id = syms[b]; base = regs[a]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } cls = mrb_vm_define_module(mrb, base, id); regs[a] = mrb_obj_value(cls); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_EXEC, BB) { mrb_value recv = regs[a]; struct RProc *p; const mrb_irep *nirep = irep->reps[b]; p = mrb_proc_new(mrb, nirep); p->c = NULL; mrb_field_write_barrier(mrb, (struct RBasic*)p, (struct RBasic*)proc); MRB_PROC_SET_TARGET_CLASS(p, mrb_class_ptr(recv)); p->flags |= MRB_PROC_SCOPE; cipush(mrb, a, 0, mrb_class_ptr(recv), p, 0, 0); irep = p->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+1, irep->nregs-1); pc = irep->iseq; JUMP; } CASE(OP_DEF, BB) { struct RClass *target = mrb_class_ptr(regs[a]); struct RProc *p = mrb_proc_ptr(regs[a+1]); mrb_method_t m; mrb_sym mid = syms[b]; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, target, mid, m); mrb_method_added(mrb, target, mid); mrb_gc_arena_restore(mrb, ai); regs[a] = mrb_symbol_value(mid); NEXT; } CASE(OP_SCLASS, B) { regs[a] = mrb_singleton_class(mrb, regs[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_TCLASS, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; regs[a] = mrb_obj_value(target); NEXT; } CASE(OP_ALIAS, BB) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_alias_method(mrb, target, syms[a], syms[b]); mrb_method_added(mrb, target, syms[a]); NEXT; } CASE(OP_UNDEF, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_undef_method_id(mrb, target, syms[a]); NEXT; } CASE(OP_DEBUG, Z) { FETCH_BBB(); #ifdef MRB_USE_DEBUG_HOOK mrb->debug_op_hook(mrb, irep, pc, regs); #else #ifndef MRB_NO_STDIO printf(""OP_DEBUG %d %d %d\n"", a, b, c); #else abort(); #endif #endif NEXT; } CASE(OP_ERR, B) { size_t len = pool[a].tt >> 2; mrb_value exc; mrb_assert((pool[a].tt&IREP_TT_NFLAG)==0); exc = mrb_exc_new(mrb, E_LOCALJUMP_ERROR, pool[a].u.str, len); mrb_exc_set(mrb, exc); goto L_RAISE; } CASE(OP_EXT1, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _1(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT2, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _2(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT3, Z) { uint8_t insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _3(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_STOP, Z) { CHECKPOINT_RESTORE(RBREAK_TAG_STOP) { } CHECKPOINT_MAIN(RBREAK_TAG_STOP) { UNWIND_ENSURE(mrb, mrb->c->ci, pc, RBREAK_TAG_STOP, proc, mrb_nil_value()); } CHECKPOINT_END(RBREAK_TAG_STOP); L_STOP: mrb->jmp = prev_jmp; if (mrb->exc) { mrb_assert(mrb->exc->tt == MRB_TT_EXCEPTION); return mrb_obj_value(mrb->exc); } return regs[irep->nlocals]; } } END_DISPATCH; #undef regs } MRB_CATCH(&c_jmp) { mrb_callinfo *ci = mrb->c->ci; while (ci > mrb->c->cibase && ci->cci == CINFO_DIRECT) { ci = cipop(mrb); } exc_catched = TRUE; pc = ci->pc; goto RETRY_TRY_BLOCK; } MRB_END_EXC(&c_jmp); }",visit repo url,src/vm.c,https://github.com/mruby/mruby,110054616394603,1 4819,['CWE-399'],"SYSCALL_DEFINE1(inotify_init1, int, flags) { struct inotify_device *dev; struct inotify_handle *ih; struct user_struct *user; struct file *filp; int fd, ret; BUILD_BUG_ON(IN_CLOEXEC != O_CLOEXEC); BUILD_BUG_ON(IN_NONBLOCK != O_NONBLOCK); if (flags & ~(IN_CLOEXEC | IN_NONBLOCK)) return -EINVAL; fd = get_unused_fd_flags(flags & O_CLOEXEC); if (fd < 0) return fd; filp = get_empty_filp(); if (!filp) { ret = -ENFILE; goto out_put_fd; } user = get_current_user(); if (unlikely(atomic_read(&user->inotify_devs) >= inotify_max_user_instances)) { ret = -EMFILE; goto out_free_uid; } dev = kmalloc(sizeof(struct inotify_device), GFP_KERNEL); if (unlikely(!dev)) { ret = -ENOMEM; goto out_free_uid; } ih = inotify_init(&inotify_user_ops); if (IS_ERR(ih)) { ret = PTR_ERR(ih); goto out_free_dev; } dev->ih = ih; dev->fa = NULL; filp->f_op = &inotify_fops; filp->f_path.mnt = mntget(inotify_mnt); filp->f_path.dentry = dget(inotify_mnt->mnt_root); filp->f_mapping = filp->f_path.dentry->d_inode->i_mapping; filp->f_mode = FMODE_READ; filp->f_flags = O_RDONLY | (flags & O_NONBLOCK); filp->private_data = dev; INIT_LIST_HEAD(&dev->events); init_waitqueue_head(&dev->wq); mutex_init(&dev->ev_mutex); mutex_init(&dev->up_mutex); dev->event_count = 0; dev->queue_size = 0; dev->max_events = inotify_max_queued_events; dev->user = user; atomic_set(&dev->count, 0); get_inotify_dev(dev); atomic_inc(&user->inotify_devs); fd_install(fd, filp); return fd; out_free_dev: kfree(dev); out_free_uid: free_uid(user); put_filp(filp); out_put_fd: put_unused_fd(fd); return ret; }",linux-2.6,,,109819620299914581857773414948695487451,0 6096,['CWE-200'],"struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr, struct net_device *dev, int strict) { struct inet6_ifaddr * ifp; u8 hash = ipv6_addr_hash(addr); read_lock_bh(&addrconf_hash_lock); for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) { if (ipv6_addr_equal(&ifp->addr, addr)) { if (dev == NULL || ifp->idev->dev == dev || !(ifp->scope&(IFA_LINK|IFA_HOST) || strict)) { in6_ifa_hold(ifp); break; } } } read_unlock_bh(&addrconf_hash_lock); return ifp; }",linux-2.6,,,308822866398648582115552177640780386246,0 5115,CWE-125,"arg(identifier arg, expr_ty annotation, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { arg_ty p; if (!arg) { PyErr_SetString(PyExc_ValueError, ""field arg is required for arg""); return NULL; } p = (arg_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->arg = arg; p->annotation = annotation; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,77105934558229,1 2553,['CWE-119'],"int diff_flush_patch_id(struct diff_options *options, unsigned char *sha1) { struct diff_queue_struct *q = &diff_queued_diff; int i; int result = diff_get_patch_id(options, sha1); for (i = 0; i < q->nr; i++) diff_free_filepair(q->queue[i]); free(q->queue); q->queue = NULL; q->nr = q->alloc = 0; return result; }",git,,,191094627514977196254459360741071103855,0 1495,[],"int sched_group_set_rt_period(struct task_group *tg, long rt_period_us) { u64 rt_runtime, rt_period; rt_period = (u64)rt_period_us * NSEC_PER_USEC; rt_runtime = tg->rt_bandwidth.rt_runtime; return tg_set_bandwidth(tg, rt_period, rt_runtime); }",linux-2.6,,,331987706066065052605286232244014460514,0 3591,['CWE-20'],"static sctp_disposition_t __sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; unsigned len; __be16 error = SCTP_ERROR_NO_ERROR; len = ntohs(chunk->chunk_hdr->length); if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr)) error = ((sctp_errhdr_t *)chunk->skb->data)->cause; sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNRESET)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(error)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); return SCTP_DISPOSITION_ABORT; }",linux-2.6,,,50396015122668081785500799674487058740,0 1917,['CWE-20'],"void free_pgtables(struct mmu_gather **tlb, struct vm_area_struct *vma, unsigned long floor, unsigned long ceiling) { while (vma) { struct vm_area_struct *next = vma->vm_next; unsigned long addr = vma->vm_start; anon_vma_unlink(vma); unlink_file_vma(vma); if (is_vm_hugetlb_page(vma)) { hugetlb_free_pgd_range(tlb, addr, vma->vm_end, floor, next? next->vm_start: ceiling); } else { while (next && next->vm_start <= vma->vm_end + PMD_SIZE && !is_vm_hugetlb_page(next)) { vma = next; next = vma->vm_next; anon_vma_unlink(vma); unlink_file_vma(vma); } free_pgd_range(tlb, addr, vma->vm_end, floor, next? next->vm_start: ceiling); } vma = next; } }",linux-2.6,,,314951066658439821829113284321238852294,0 1664,CWE-416,"static void perf_event_init_cpu(int cpu) { struct swevent_htable *swhash = &per_cpu(swevent_htable, cpu); mutex_lock(&swhash->hlist_mutex); swhash->online = true; if (swhash->hlist_refcount > 0) { struct swevent_hlist *hlist; hlist = kzalloc_node(sizeof(*hlist), GFP_KERNEL, cpu_to_node(cpu)); WARN_ON(!hlist); rcu_assign_pointer(swhash->swevent_hlist, hlist); } mutex_unlock(&swhash->hlist_mutex); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,206274654668242,1 2220,NVD-CWE-noinfo,"static void nfs4_close_done(struct rpc_task *task, void *data) { struct nfs4_closedata *calldata = data; struct nfs4_state *state = calldata->state; struct nfs_server *server = NFS_SERVER(calldata->inode); if (RPC_ASSASSINATED(task)) return; switch (task->tk_status) { case 0: nfs_set_open_stateid(state, &calldata->res.stateid, 0); renew_lease(server, calldata->timestamp); break; case -NFS4ERR_STALE_STATEID: case -NFS4ERR_OLD_STATEID: case -NFS4ERR_BAD_STATEID: case -NFS4ERR_EXPIRED: if (calldata->arg.open_flags == 0) break; default: if (nfs4_async_handle_error(task, server, state) == -EAGAIN) { rpc_restart_call(task); return; } } nfs_refresh_inode(calldata->inode, calldata->res.fattr); }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,223018548826115,1 372,[],"exit_pfm_fs(void) { unregister_filesystem(&pfm_fs_type); mntput(pfmfs_mnt); }",linux-2.6,,,340092058606833949120494312723253340070,0 167,CWE-763,"dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) { struct dev_data *dev = fd->private_data; ssize_t value, length = len; unsigned total; u32 tag; char *kbuf; spin_lock_irq(&dev->lock); if (dev->state > STATE_DEV_OPENED) { value = ep0_write(fd, buf, len, ptr); spin_unlock_irq(&dev->lock); return value; } spin_unlock_irq(&dev->lock); if ((len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) || (len > PAGE_SIZE * 4)) return -EINVAL; if (copy_from_user (&tag, buf, 4)) return -EFAULT; if (tag != 0) return -EINVAL; buf += 4; length -= 4; kbuf = memdup_user(buf, length); if (IS_ERR(kbuf)) return PTR_ERR(kbuf); spin_lock_irq (&dev->lock); value = -EINVAL; if (dev->buf) { kfree(kbuf); goto fail; } dev->buf = kbuf; dev->config = (void *) kbuf; total = le16_to_cpu(dev->config->wTotalLength); if (!is_valid_config(dev->config, total) || total > length - USB_DT_DEVICE_SIZE) goto fail; kbuf += total; length -= total; if (kbuf [1] == USB_DT_CONFIG) { dev->hs_config = (void *) kbuf; total = le16_to_cpu(dev->hs_config->wTotalLength); if (!is_valid_config(dev->hs_config, total) || total > length - USB_DT_DEVICE_SIZE) goto fail; kbuf += total; length -= total; } else { dev->hs_config = NULL; } if (length != USB_DT_DEVICE_SIZE) goto fail; dev->dev = (void *)kbuf; if (dev->dev->bLength != USB_DT_DEVICE_SIZE || dev->dev->bDescriptorType != USB_DT_DEVICE || dev->dev->bNumConfigurations != 1) goto fail; dev->dev->bcdUSB = cpu_to_le16 (0x0200); spin_unlock_irq (&dev->lock); if (dev->hs_config) gadgetfs_driver.max_speed = USB_SPEED_HIGH; else gadgetfs_driver.max_speed = USB_SPEED_FULL; value = usb_gadget_probe_driver(&gadgetfs_driver); if (value != 0) { kfree (dev->buf); dev->buf = NULL; } else { value = len; dev->gadget_registered = true; } return value; fail: spin_unlock_irq (&dev->lock); pr_debug (""%s: %s fail %zd, %p\n"", shortname, __func__, value, dev); kfree (dev->buf); dev->buf = NULL; return value; }",visit repo url,drivers/usb/gadget/legacy/inode.c,https://github.com/torvalds/linux,159965326288147,1 39,['CWE-787'],"static inline void cirrus_bitblt_bgcol(CirrusVGAState *s) { unsigned int color; switch (s->cirrus_blt_pixelwidth) { case 1: s->cirrus_blt_bgcol = s->cirrus_shadow_gr0; break; case 2: color = s->cirrus_shadow_gr0 | (s->gr[0x10] << 8); s->cirrus_blt_bgcol = le16_to_cpu(color); break; case 3: s->cirrus_blt_bgcol = s->cirrus_shadow_gr0 | (s->gr[0x10] << 8) | (s->gr[0x12] << 16); break; default: case 4: color = s->cirrus_shadow_gr0 | (s->gr[0x10] << 8) | (s->gr[0x12] << 16) | (s->gr[0x14] << 24); s->cirrus_blt_bgcol = le32_to_cpu(color); break; } }",qemu,,,209924585110214439672843089672755322159,0 5549,CWE-125,"obj2ast_arg(PyObject* obj, arg_ty* out, PyArena* arena) { PyObject* tmp = NULL; identifier arg; expr_ty annotation; string type_comment; int lineno; int col_offset; if (_PyObject_HasAttrId(obj, &PyId_arg)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_arg); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &arg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""arg\"" missing from arg""); return 1; } if (exists_not_none(obj, &PyId_annotation)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_annotation); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &annotation, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { annotation = NULL; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } if (_PyObject_HasAttrId(obj, &PyId_lineno)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_lineno); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from arg""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_col_offset)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_col_offset); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from arg""); return 1; } *out = arg(arg, annotation, type_comment, lineno, col_offset, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,91534473871733,1 1133,['CWE-399'],"ptrace_disable(struct task_struct *child) { user_disable_single_step(child); }",linux-2.6,,,194034607563260148359308334243300019631,0 5290,CWE-190,"TEE_Result syscall_cryp_obj_populate(unsigned long obj, struct utee_attribute *usr_attrs, unsigned long attr_count) { TEE_Result res; struct tee_ta_session *sess; struct tee_obj *o; const struct tee_cryp_obj_type_props *type_props; TEE_Attribute *attrs = NULL; res = tee_ta_get_current_session(&sess); if (res != TEE_SUCCESS) return res; res = tee_obj_get(to_user_ta_ctx(sess->ctx), tee_svc_uref_to_vaddr(obj), &o); if (res != TEE_SUCCESS) return res; if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) return TEE_ERROR_BAD_PARAMETERS; if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) return TEE_ERROR_BAD_PARAMETERS; type_props = tee_svc_find_type_props(o->info.objectType); if (!type_props) return TEE_ERROR_NOT_IMPLEMENTED; attrs = malloc(sizeof(TEE_Attribute) * attr_count); if (!attrs) return TEE_ERROR_OUT_OF_MEMORY; res = copy_in_attrs(to_user_ta_ctx(sess->ctx), usr_attrs, attr_count, attrs); if (res != TEE_SUCCESS) goto out; res = tee_svc_cryp_check_attr(ATTR_USAGE_POPULATE, type_props, attrs, attr_count); if (res != TEE_SUCCESS) goto out; res = tee_svc_cryp_obj_populate_type(o, type_props, attrs, attr_count); if (res == TEE_SUCCESS) o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; out: free(attrs); return res; }",visit repo url,core/tee/tee_svc_cryp.c,https://github.com/OP-TEE/optee_os,253248905321167,1 5942,CWE-120,"static int jsi_DbQuery(Jsi_Db *jdb, Jsi_CDataDb *dbopts, const char *query) { int k, cnt, erc = -1; Jsi_CDataDb statbinds[] = {{}, {}}; if (!dbopts) dbopts = statbinds; OptionBind ob = {.binds = dbopts}; Jsi_StructSpec *specPtr, *specs; Jsi_Interp *interp = jdb->interp; if (!query) query=""""; if (query[0]==';') { if (!dbExecCmd(jdb, query+1, &erc)) { Jsi_LogError(""EXEC ERROR=\""%s\"", SQL=\""%s\"""", sqlite3_errmsg(jdb->db), query); return erc; } return 0; } const char *cPtr = Jsi_Strstr(query, "" %s""); if (!cPtr) cPtr = Jsi_Strstr(query, ""\t%s""); if (!dbopts) { Jsi_LogError(""dbopts may not be null""); return -1; } if (!dbopts[0].data) { Jsi_LogError(""data may not be null""); return -1; } if (!dbopts[0].sf) { Jsi_LogError(""specs may not be null""); return -1; } for (k=0; dbopts[k].sf; k++) { if (dbopts[k].arrSize>1 || k==0) { int scnt = 0; for (specPtr = dbopts[k].sf, scnt=0; specPtr->id>=JSI_OPTION_BOOL && specPtr->id < JSI_OPTION_END; specPtr++, scnt++) { if (specPtr->flags&JSI_OPT_DB_IGNORE) continue; if (k==0) { if (specPtr->flags&JSI_OPT_DB_ROWID) { if (specPtr->id != JSI_OPTION_INT64) { Jsi_LogError(""rowid flag must be a wide field: %s"", specPtr->name); return -1; } ob.rowidPtr = specPtr; } if (specPtr->flags&JSI_OPT_DB_DIRTY) { if (specPtr->id == JSI_OPTION_BOOL || specPtr->id == JSI_OPTION_INT) { ob.dirtyPtr = specPtr; } else { Jsi_LogError(""dirty flag must be a int/bool field: %s"", specPtr->name); return -1; } } } } if (k==0) ob.optLen = scnt; assert(specPtr->id == JSI_OPTION_END); } if (!dbopts[k].prefix) break; } specs = dbopts[0].sf; int structSize = specs[ob.optLen].size; if (dbopts->memClear || dbopts->memFree) { cnt = dbopts[0].arrSize; void *rec = dbopts[0].data, *prec = rec; void **recPtrPtr = NULL; if (dbopts->isPtr2) { recPtrPtr = (void**)rec; rec = *recPtrPtr; } if (cnt<=0 && rec && dbopts->isPtr2) { for (cnt=0; ((void**)rec)[cnt]!=NULL; cnt++); } for (k=0; kisPtr2 || dbopts->isPtrs) prec = ((void**)rec)[k]; else prec = (char*)rec + (k * structSize); if (!prec) continue; Jsi_OptionsFree(interp, (Jsi_OptionSpec*)specs, prec, 0); if (dbopts->isPtr2 || dbopts->isPtrs) { Jsi_Free(prec); } } if (recPtrPtr) { Jsi_Free(*recPtrPtr); *recPtrPtr = NULL; } if (query == NULL || query[0] == 0) return 0; } if (!Jsi_Strncasecmp(query, ""SELECT"", 6)) return dbOptSelect(jdb, query, &ob, dbopts); DbEvalContext sEval = {}; int insert = 0, replace = 0, update = 0; char nbuf[100], *bPtr; #ifdef JSI_DB_DSTRING_SIZE JSI_DSTRING_VAR(dStr, JSI_DB_DSTRING_SIZE); #else Jsi_DString sStr, *dStr = &sStr; Jsi_DSInit(dStr); #endif if (dbopts->noCache) sEval.nocache = 1; if (dbEvalInit(interp, &sEval, jdb, NULL, dStr, 0, 0) != JSI_OK) return -1; int dataMax = dbopts[0].arrSize; cnt = 0; if (dataMax==0) dataMax = 1; char ch[2]; ch[0] = dbopts[0].prefix; ch[1] = 0; if (!ch[0]) ch[0] = ':'; if ((update=(Jsi_Strncasecmp(query, ""UPDATE"", 6)==0))) { Jsi_DSAppendLen(dStr, query, cPtr?(cPtr-query):-1); if (cPtr) { Jsi_DSAppend(dStr, "" "", NULL); int cidx = 0; int killf = (JSI_OPT_DB_IGNORE|JSI_OPT_READ_ONLY|JSI_OPT_INIT_ONLY); for (specPtr = specs; specPtr->id != JSI_OPTION_END; specPtr++, cidx++) { if (specPtr == ob.rowidPtr || specPtr == ob.dirtyPtr || (specPtr->flags&killf)) continue; const char *fname = specPtr->name; if (ch[0] == '?') snprintf(bPtr=nbuf, sizeof(nbuf), ""%d"", cidx+1); else bPtr = (char*)specPtr->name; Jsi_DSAppend(dStr, (cnt?"","":""""), ""["", fname, ""]="", ch, bPtr, NULL); cnt++; } Jsi_DSAppend(dStr, cPtr+3, NULL); } } else if ((insert=(Jsi_Strncasecmp(query, ""INSERT"", 6)==0)) || (replace=(Jsi_Strncasecmp(query, ""REPLACE"", 7)==0))) { Jsi_DSAppendLen(dStr, query, cPtr?(cPtr-query):-1); if (cPtr) { Jsi_DSAppend(dStr, "" ("", NULL); int killf = JSI_OPT_DB_IGNORE; if (replace) killf |= (JSI_OPT_READ_ONLY|JSI_OPT_INIT_ONLY); for (specPtr = specs; specPtr->id != JSI_OPTION_END; specPtr++) { if (specPtr == ob.rowidPtr || specPtr == ob.dirtyPtr || specPtr->flags&killf) continue; const char *fname = specPtr->name; Jsi_DSAppend(dStr, (cnt?"","":""""), ""["", fname, ""]"", NULL); cnt++; } Jsi_DSAppendLen(dStr,"") VALUES("", -1); cnt = 0; int cidx = 0; for (specPtr = specs; specPtr->id != JSI_OPTION_END; specPtr++, cidx++) { if (specPtr == ob.rowidPtr || specPtr == ob.dirtyPtr || specPtr->flags&killf) continue; if (ch[0] == '?') snprintf(bPtr=nbuf, sizeof(nbuf), ""%d"", cidx+1); else bPtr = (char*)specPtr->name; Jsi_DSAppend(dStr, (cnt?"","":""""), ch, bPtr, NULL); cnt++; } Jsi_DSAppend(dStr,"")"", cPtr+3, NULL); } } else if (!Jsi_Strncasecmp(query, ""DELETE"", 6)) { Jsi_DSAppend(dStr, query, NULL); } else { Jsi_LogError(""unrecognized query \""%s\"": expected one of: SELECT, UPDATE, INSERT, REPLACE or DELETE"", query); return -1; } sEval.zSql = Jsi_DSValue(dStr); if (jdb->echo && sEval.zSql) Jsi_LogInfo(""SQL-ECHO: %s\n"", sEval.zSql); int rc, bindMax = -1, dataIdx = 0; cnt = 0; int ismodify = (replace||insert||update); int isnew = (replace||insert); int didBegin = 0; DbEvalContext *p = &sEval; rc = dbPrepareStmt(p->jdb, p->zSql, &p->zSql, &p->pPreStmt); if( rc!=JSI_OK ) return -1; if (dataMax>1 && !dbopts->noBegin) { didBegin = 1; if (!dbExecCmd(jdb, JSI_DBQUERY_BEGIN_STR, &erc)) goto bail; } while (dataIdxdirtyOnly)) { void *rec = dbopts[0].data; if (dbopts->isPtrs || dbopts->isPtr2) rec = ((void**)rec)[dataIdx]; else rec = (char*)rec + (dataIdx * structSize); char *ptr = (char*)rec + ob.dirtyPtr->offset; int isDirty = *(int*)ptr; int bit = 0; if (ob.dirtyPtr->id == JSI_OPTION_BOOL) bit = (uintptr_t)ob.dirtyPtr->data; if (!(isDirty&(1<<(bit)))) { dataIdx++; continue; } isDirty &= ~(1<<(bit)); *(int*)ptr = isDirty; } rc = dbBindOptionStmt(jdb, p->pPreStmt->pStmt, &ob, dataIdx, bindMax, dbopts); if( rc!=JSI_OK ) goto bail; bindMax = 1; rc = dbEvalStepSub(p, (dataIdx>=dataMax), &erc); if (rc == JSI_ERROR) goto bail; cnt += sqlite3_changes(jdb->db); if (rc != JSI_OK && rc != JSI_BREAK) break; if (ob.rowidPtr && isnew) { void *rec = dbopts[0].data; if (dbopts->isPtrs || dbopts->isPtr2) rec = ((void**)rec)[dataIdx]; else rec = (char*)rec + (dataIdx * structSize); char *ptr = (char*)rec + ob.rowidPtr->offset; *(Jsi_Wide*)ptr = sqlite3_last_insert_rowid(jdb->db); } dataIdx++; } if (didBegin && !dbExecCmd(jdb, JSI_DBQUERY_COMMIT_STR, &erc)) rc = JSI_ERROR; dbEvalFinalize(&sEval); if( rc==JSI_BREAK ) { rc = JSI_OK; } return (rc==JSI_OK?cnt:erc); bail: dbEvalFinalize(&sEval); if (didBegin) dbExecCmd(jdb, JSI_DBQUERY_ROLLBACK_STR, NULL); return erc; }",visit repo url,src/jsiSqlite.c,https://github.com/pcmacdon/jsish,98204092029173,1 1349,NVD-CWE-Other,"static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, struct xfrm_state *x, u32 seq) { struct xfrm_dump_info info; struct sk_buff *skb; skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); if (!skb) return ERR_PTR(-ENOMEM); info.in_skb = in_skb; info.out_skb = skb; info.nlmsg_seq = seq; info.nlmsg_flags = 0; if (dump_one_state(x, 0, &info)) { kfree_skb(skb); return NULL; } return skb; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/torvalds/linux,236489705165752,1 3725,[],"static struct sock *__unix_find_socket_byname(struct net *net, struct sockaddr_un *sunname, int len, int type, unsigned hash) { struct sock *s; struct hlist_node *node; sk_for_each(s, node, &unix_socket_table[hash ^ type]) { struct unix_sock *u = unix_sk(s); if (!net_eq(sock_net(s), net)) continue; if (u->addr->len == len && !memcmp(u->addr->name, sunname, len)) goto found; } s = NULL; found: return s; }",linux-2.6,,,144436940760987337212427134348635659396,0 3010,['CWE-189'],"static int jpc_dec_parseopts(char *optstr, jpc_dec_importopts_t *opts) { jas_tvparser_t *tvp; opts->debug = 0; opts->maxlyrs = JPC_MAXLYRS; opts->maxpkts = -1; if (!(tvp = jas_tvparser_create(optstr ? optstr : """"))) { return -1; } while (!jas_tvparser_next(tvp)) { switch (jas_taginfo_nonull(jas_taginfos_lookup(decopts, jas_tvparser_gettag(tvp)))->id) { case OPT_MAXLYRS: opts->maxlyrs = atoi(jas_tvparser_getval(tvp)); break; case OPT_DEBUG: opts->debug = atoi(jas_tvparser_getval(tvp)); break; case OPT_MAXPKTS: opts->maxpkts = atoi(jas_tvparser_getval(tvp)); break; default: jas_eprintf(""warning: ignoring invalid option %s\n"", jas_tvparser_gettag(tvp)); break; } } jas_tvparser_destroy(tvp); return 0; }",jasper,,,127749072456236765546423609031439930215,0 5432,CWE-787,"idn2_to_ascii_4i (const uint32_t * input, size_t inlen, char * output, int flags) { uint32_t *input_u32; uint8_t *input_u8, *output_u8; size_t length; int rc; if (!input) { if (output) *output = 0; return IDN2_OK; } input_u32 = (uint32_t *) malloc ((inlen + 1) * sizeof(uint32_t)); if (!input_u32) return IDN2_MALLOC; u32_cpy (input_u32, input, inlen); input_u32[inlen] = 0; input_u8 = u32_to_u8 (input_u32, inlen + 1, NULL, &length); free (input_u32); if (!input_u8) { if (errno == ENOMEM) return IDN2_MALLOC; return IDN2_ENCODING_ERROR; } rc = idn2_lookup_u8 (input_u8, &output_u8, flags); free (input_u8); if (rc == IDN2_OK) { if (output) strcpy (output, (const char *) output_u8); free(output_u8); } return rc; }",visit repo url,lib/lookup.c,https://github.com/libidn/libidn2,269611700661299,1 4086,['CWE-399'],"static void bsg_rq_end_io(struct request *rq, int uptodate) { struct bsg_command *bc = rq->end_io_data; struct bsg_device *bd = bc->bd; unsigned long flags; dprintk(""%s: finished rq %p bc %p, bio %p stat %d\n"", bd->name, rq, bc, bc->bio, uptodate); bc->hdr.duration = jiffies_to_msecs(jiffies - bc->hdr.duration); spin_lock_irqsave(&bd->lock, flags); list_move_tail(&bc->list, &bd->done_list); bd->done_cmds++; spin_unlock_irqrestore(&bd->lock, flags); wake_up(&bd->wq_done); }",linux-2.6,,,334715671693897567525329392476910760420,0 5696,['CWE-200'],"static int llc_ui_send_data(struct sock* sk, struct sk_buff *skb, int noblock) { struct llc_sock* llc = llc_sk(sk); int rc = 0; if (unlikely(llc_data_accept_state(llc->state) || llc->remote_busy_flag || llc->p_flag)) { long timeout = sock_sndtimeo(sk, noblock); rc = llc_ui_wait_for_busy_core(sk, timeout); } if (unlikely(!rc)) rc = llc_build_and_send_pkt(sk, skb); return rc; }",linux-2.6,,,17744570103400505890514706679472946530,0 4505,CWE-416,"GF_Err BD_DecMFFieldVec(GF_BifsDecoder * codec, GF_BitStream *bs, GF_Node *node, GF_FieldInfo *field, Bool is_mem_com) { GF_Err e; u32 NbBits, nbFields; u32 i; GF_ChildNodeItem *last; u8 qp_local, qp_on, initial_qp; GF_FieldInfo sffield; memset(&sffield, 0, sizeof(GF_FieldInfo)); sffield.fieldIndex = field->fieldIndex; sffield.fieldType = gf_sg_vrml_get_sf_type(field->fieldType); sffield.NDTtype = field->NDTtype; sffield.name = field->name; initial_qp = qp_local = qp_on = 0; NbBits = gf_bs_read_int(bs, 5); nbFields = gf_bs_read_int(bs, NbBits); if (codec->ActiveQP) { initial_qp = 1; gf_bifs_dec_qp14_set_length(codec, nbFields); } if (field->fieldType != GF_SG_VRML_MFNODE) { e = gf_sg_vrml_mf_alloc(field->far_ptr, field->fieldType, nbFields); if (e) return e; for (i=0; ifar_ptr, field->fieldType, & sffield.far_ptr, i); if (e) return e; e = gf_bifs_dec_sf_field(codec, bs, node, &sffield, GF_FALSE); if (e) return e; } } else { last = NULL; for (i=0; iNDTtype); if (new_node) { e = gf_node_register(new_node, is_mem_com ? NULL : node); if (e) return e; if (node) { if (gf_node_get_tag(new_node) == TAG_MPEG4_QuantizationParameter) { qp_local = ((M_QuantizationParameter *)new_node)->isLocal; if (qp_on) gf_bifs_dec_qp_remove(codec, GF_FALSE); e = gf_bifs_dec_qp_set(codec, new_node); if (e) return e; qp_on = 1; if (qp_local) qp_local = 2; if (codec->force_keep_qp) { e = gf_node_list_add_child_last(field->far_ptr, new_node, &last); if (e) return e; } else { gf_node_register(new_node, NULL); gf_node_unregister(new_node, node); } } else { e = gf_node_list_add_child_last(field->far_ptr, new_node, &last); if (e) return e; } } else if (codec->pCurrentProto) { e = gf_node_list_add_child_last( (GF_ChildNodeItem **)field->far_ptr, new_node, &last); if (e) return e; } } else { return codec->LastError ? codec->LastError : GF_NON_COMPLIANT_BITSTREAM; } } if (qp_on && qp_local) { if (qp_local == 2) { } else { gf_bifs_dec_qp_remove(codec, initial_qp); } } } if (qp_on) gf_bifs_dec_qp_remove(codec, GF_TRUE); return GF_OK; }",visit repo url,src/bifs/field_decode.c,https://github.com/gpac/gpac,167836112558447,1 6614,CWE-787,"int amf_namf_comm_handle_n1_n2_message_transfer( ogs_sbi_stream_t *stream, ogs_sbi_message_t *recvmsg) { int status; amf_ue_t *amf_ue = NULL; amf_sess_t *sess = NULL; ogs_pkbuf_t *n1buf = NULL; ogs_pkbuf_t *n2buf = NULL; ogs_pkbuf_t *gmmbuf = NULL; ogs_pkbuf_t *ngapbuf = NULL; char *supi = NULL; uint8_t pdu_session_id = OGS_NAS_PDU_SESSION_IDENTITY_UNASSIGNED; ogs_sbi_message_t sendmsg; ogs_sbi_response_t *response = NULL; OpenAPI_n1_n2_message_transfer_req_data_t *N1N2MessageTransferReqData; OpenAPI_n1_n2_message_transfer_rsp_data_t N1N2MessageTransferRspData; OpenAPI_n1_message_container_t *n1MessageContainer = NULL; OpenAPI_ref_to_binary_data_t *n1MessageContent = NULL; OpenAPI_n2_info_container_t *n2InfoContainer = NULL; OpenAPI_n2_sm_information_t *smInfo = NULL; OpenAPI_n2_info_content_t *n2InfoContent = NULL; OpenAPI_ref_to_binary_data_t *ngapData = NULL; ogs_assert(stream); ogs_assert(recvmsg); N1N2MessageTransferReqData = recvmsg->N1N2MessageTransferReqData; if (!N1N2MessageTransferReqData) { ogs_error(""No N1N2MessageTransferReqData""); return OGS_ERROR; } if (N1N2MessageTransferReqData->is_pdu_session_id == false) { ogs_error(""No PDU Session Identity""); return OGS_ERROR; } pdu_session_id = N1N2MessageTransferReqData->pdu_session_id; supi = recvmsg->h.resource.component[1]; if (!supi) { ogs_error(""No SUPI""); return OGS_ERROR; } amf_ue = amf_ue_find_by_supi(supi); if (!amf_ue) { ogs_error(""No UE context [%s]"", supi); return OGS_ERROR; } sess = amf_sess_find_by_psi(amf_ue, pdu_session_id); if (!sess) { ogs_error(""[%s] No PDU Session Context [%d]"", amf_ue->supi, pdu_session_id); return OGS_ERROR; } n1MessageContainer = N1N2MessageTransferReqData->n1_message_container; if (n1MessageContainer) { n1MessageContent = n1MessageContainer->n1_message_content; if (!n1MessageContent || !n1MessageContent->content_id) { ogs_error(""No n1MessageContent""); return OGS_ERROR; } n1buf = ogs_sbi_find_part_by_content_id( recvmsg, n1MessageContent->content_id); if (!n1buf) { ogs_error(""[%s] No N1 SM Content"", amf_ue->supi); return OGS_ERROR; } n1buf = ogs_pkbuf_copy(n1buf); ogs_assert(n1buf); } n2InfoContainer = N1N2MessageTransferReqData->n2_info_container; if (n2InfoContainer) { smInfo = n2InfoContainer->sm_info; if (!smInfo) { ogs_error(""No smInfo""); return OGS_ERROR; } n2InfoContent = smInfo->n2_info_content; if (!n2InfoContent) { ogs_error(""No n2InfoContent""); return OGS_ERROR; } ngapData = n2InfoContent->ngap_data; if (!ngapData || !ngapData->content_id) { ogs_error(""No ngapData""); return OGS_ERROR; } n2buf = ogs_sbi_find_part_by_content_id( recvmsg, ngapData->content_id); if (!n2buf) { ogs_error(""[%s] No N2 SM Content"", amf_ue->supi); return OGS_ERROR; } n2buf = ogs_pkbuf_copy(n2buf); ogs_assert(n2buf); } memset(&sendmsg, 0, sizeof(sendmsg)); status = OGS_SBI_HTTP_STATUS_OK; memset(&N1N2MessageTransferRspData, 0, sizeof(N1N2MessageTransferRspData)); N1N2MessageTransferRspData.cause = OpenAPI_n1_n2_message_transfer_cause_N1_N2_TRANSFER_INITIATED; sendmsg.N1N2MessageTransferRspData = &N1N2MessageTransferRspData; switch (n2InfoContent->ngap_ie_type) { case OpenAPI_ngap_ie_type_PDU_RES_SETUP_REQ: if (!n2buf) { ogs_error(""[%s] No N2 SM Content"", amf_ue->supi); return OGS_ERROR; } if (n1buf) { gmmbuf = gmm_build_dl_nas_transport(sess, OGS_NAS_PAYLOAD_CONTAINER_N1_SM_INFORMATION, n1buf, 0, 0); ogs_assert(gmmbuf); } if (gmmbuf) { ran_ue_t *ran_ue = NULL; ran_ue = ran_ue_cycle(amf_ue->ran_ue); ogs_assert(ran_ue); if (sess->pdu_session_establishment_accept) { ogs_pkbuf_free(sess->pdu_session_establishment_accept); sess->pdu_session_establishment_accept = NULL; } if (ran_ue->initial_context_setup_request_sent == true) { ngapbuf = ngap_sess_build_pdu_session_resource_setup_request( sess, gmmbuf, n2buf); ogs_assert(ngapbuf); } else { ngapbuf = ngap_sess_build_initial_context_setup_request( sess, gmmbuf, n2buf); ogs_assert(ngapbuf); ran_ue->initial_context_setup_request_sent = true; } if (SESSION_CONTEXT_IN_SMF(sess)) { if (nas_5gs_send_to_gnb(amf_ue, ngapbuf) != OGS_OK) ogs_error(""nas_5gs_send_to_gnb() failed""); } else { sess->pdu_session_establishment_accept = ngapbuf; } } else { if (CM_IDLE(amf_ue)) { ogs_sbi_server_t *server = NULL; ogs_sbi_header_t header; ogs_sbi_client_t *client = NULL; ogs_sockaddr_t *addr = NULL; if (!N1N2MessageTransferReqData->n1n2_failure_txf_notif_uri) { ogs_error(""[%s:%d] No n1-n2-failure-notification-uri"", amf_ue->supi, sess->psi); return OGS_ERROR; } addr = ogs_sbi_getaddr_from_uri( N1N2MessageTransferReqData->n1n2_failure_txf_notif_uri); if (!addr) { ogs_error(""[%s:%d] Invalid URI [%s]"", amf_ue->supi, sess->psi, N1N2MessageTransferReqData-> n1n2_failure_txf_notif_uri); return OGS_ERROR;; } client = ogs_sbi_client_find(addr); if (!client) { client = ogs_sbi_client_add(addr); ogs_assert(client); } OGS_SETUP_SBI_CLIENT(&sess->paging, client); ogs_freeaddrinfo(addr); status = OGS_SBI_HTTP_STATUS_ACCEPTED; N1N2MessageTransferRspData.cause = OpenAPI_n1_n2_message_transfer_cause_ATTEMPTING_TO_REACH_UE; server = ogs_sbi_server_from_stream(stream); ogs_assert(server); memset(&header, 0, sizeof(header)); header.service.name = (char *)OGS_SBI_SERVICE_NAME_NAMF_COMM; header.api.version = (char *)OGS_SBI_API_V1; header.resource.component[0] = (char *)OGS_SBI_RESOURCE_NAME_UE_CONTEXTS; header.resource.component[1] = amf_ue->supi; header.resource.component[2] = (char *)OGS_SBI_RESOURCE_NAME_N1_N2_MESSAGES; header.resource.component[3] = sess->sm_context_ref; sendmsg.http.location = ogs_sbi_server_uri(server, &header); AMF_SESS_STORE_PAGING_INFO( sess, sendmsg.http.location, N1N2MessageTransferReqData->n1n2_failure_txf_notif_uri); AMF_SESS_STORE_N2_TRANSFER( sess, pdu_session_resource_setup_request, n2buf); ogs_assert(OGS_OK == ngap_send_paging(amf_ue)); } else if (CM_CONNECTED(amf_ue)) { ogs_assert(OGS_OK == ngap_send_pdu_resource_setup_request(sess, n2buf)); } else { ogs_fatal(""[%s] Invalid AMF-UE state"", amf_ue->supi); ogs_assert_if_reached(); } } break; case OpenAPI_ngap_ie_type_PDU_RES_MOD_REQ: if (!n1buf) { ogs_error(""[%s] No N1 SM Content"", amf_ue->supi); return OGS_ERROR; } if (!n2buf) { ogs_error(""[%s] No N2 SM Content"", amf_ue->supi); return OGS_ERROR; } if (CM_IDLE(amf_ue)) { ogs_sbi_server_t *server = NULL; ogs_sbi_header_t header; status = OGS_SBI_HTTP_STATUS_ACCEPTED; N1N2MessageTransferRspData.cause = OpenAPI_n1_n2_message_transfer_cause_ATTEMPTING_TO_REACH_UE; server = ogs_sbi_server_from_stream(stream); ogs_assert(server); memset(&header, 0, sizeof(header)); header.service.name = (char *)OGS_SBI_SERVICE_NAME_NAMF_COMM; header.api.version = (char *)OGS_SBI_API_V1; header.resource.component[0] = (char *)OGS_SBI_RESOURCE_NAME_UE_CONTEXTS; header.resource.component[1] = amf_ue->supi; header.resource.component[2] = (char *)OGS_SBI_RESOURCE_NAME_N1_N2_MESSAGES; header.resource.component[3] = sess->sm_context_ref; sendmsg.http.location = ogs_sbi_server_uri(server, &header); AMF_SESS_STORE_PAGING_INFO( sess, sendmsg.http.location, NULL); AMF_SESS_STORE_5GSM_MESSAGE(sess, OGS_NAS_5GS_PDU_SESSION_MODIFICATION_COMMAND, n1buf, n2buf); ogs_assert(OGS_OK == ngap_send_paging(amf_ue)); } else if (CM_CONNECTED(amf_ue)) { gmmbuf = gmm_build_dl_nas_transport(sess, OGS_NAS_PAYLOAD_CONTAINER_N1_SM_INFORMATION, n1buf, 0, 0); ogs_assert(gmmbuf); ngapbuf = ngap_build_pdu_session_resource_modify_request( sess, gmmbuf, n2buf); ogs_assert(ngapbuf); if (nas_5gs_send_to_gnb(amf_ue, ngapbuf) != OGS_OK) ogs_error(""nas_5gs_send_to_gnb() failed""); } else { ogs_fatal(""[%s] Invalid AMF-UE state"", amf_ue->supi); ogs_assert_if_reached(); } break; case OpenAPI_ngap_ie_type_PDU_RES_REL_CMD: if (!n2buf) { ogs_error(""[%s] No N2 SM Content"", amf_ue->supi); return OGS_ERROR; } if (n1buf) ogs_pkbuf_free(n1buf); if (CM_IDLE(amf_ue)) { if (n2buf) ogs_pkbuf_free(n2buf); if (N1N2MessageTransferReqData->is_skip_ind == true && N1N2MessageTransferReqData->skip_ind == true) { N1N2MessageTransferRspData.cause = OpenAPI_n1_n2_message_transfer_cause_N1_MSG_NOT_TRANSFERRED; } else { ogs_fatal(""[%s] No skipInd"", amf_ue->supi); ogs_assert_if_reached(); } } else if (CM_CONNECTED(amf_ue)) { ngapbuf = ngap_build_pdu_session_resource_release_command( sess, NULL, n2buf); ogs_assert(ngapbuf); if (nas_5gs_send_to_gnb(amf_ue, ngapbuf) != OGS_OK) ogs_error(""nas_5gs_send_to_gnb() failed""); } else { ogs_fatal(""[%s] Invalid AMF-UE state"", amf_ue->supi); ogs_assert_if_reached(); } break; default: ogs_error(""Not implemented ngap_ie_type[%d]"", n2InfoContent->ngap_ie_type); ogs_assert_if_reached(); } response = ogs_sbi_build_response(&sendmsg, status); ogs_assert(response); ogs_assert(true == ogs_sbi_server_send_response(stream, response)); if (sendmsg.http.location) ogs_free(sendmsg.http.location); return OGS_OK; }",visit repo url,src/amf/namf-handler.c,https://github.com/open5gs/open5gs,260669485015096,1 455,CWE-400,"struct bio *bio_map_user_iov(struct request_queue *q, const struct iov_iter *iter, gfp_t gfp_mask) { int j; int nr_pages = 0; struct page **pages; struct bio *bio; int cur_page = 0; int ret, offset; struct iov_iter i; struct iovec iov; iov_for_each(iov, i, *iter) { unsigned long uaddr = (unsigned long) iov.iov_base; unsigned long len = iov.iov_len; unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT; unsigned long start = uaddr >> PAGE_SHIFT; if (end < start) return ERR_PTR(-EINVAL); nr_pages += end - start; if (uaddr & queue_dma_alignment(q)) return ERR_PTR(-EINVAL); } if (!nr_pages) return ERR_PTR(-EINVAL); bio = bio_kmalloc(gfp_mask, nr_pages); if (!bio) return ERR_PTR(-ENOMEM); ret = -ENOMEM; pages = kcalloc(nr_pages, sizeof(struct page *), gfp_mask); if (!pages) goto out; iov_for_each(iov, i, *iter) { unsigned long uaddr = (unsigned long) iov.iov_base; unsigned long len = iov.iov_len; unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT; unsigned long start = uaddr >> PAGE_SHIFT; const int local_nr_pages = end - start; const int page_limit = cur_page + local_nr_pages; ret = get_user_pages_fast(uaddr, local_nr_pages, (iter->type & WRITE) != WRITE, &pages[cur_page]); if (ret < local_nr_pages) { ret = -EFAULT; goto out_unmap; } offset = offset_in_page(uaddr); for (j = cur_page; j < page_limit; j++) { unsigned int bytes = PAGE_SIZE - offset; unsigned short prev_bi_vcnt = bio->bi_vcnt; if (len <= 0) break; if (bytes > len) bytes = len; if (bio_add_pc_page(q, bio, pages[j], bytes, offset) < bytes) break; if (bio->bi_vcnt == prev_bi_vcnt) put_page(pages[j]); len -= bytes; offset = 0; } cur_page = j; while (j < page_limit) put_page(pages[j++]); } kfree(pages); bio_set_flag(bio, BIO_USER_MAPPED); bio_get(bio); return bio; out_unmap: for (j = 0; j < nr_pages; j++) { if (!pages[j]) break; put_page(pages[j]); } out: kfree(pages); bio_put(bio); return ERR_PTR(ret); }",visit repo url,block/bio.c,https://github.com/torvalds/linux,239824094930402,1 2594,['CWE-189'],"int dccp_ioctl(struct sock *sk, int cmd, unsigned long arg) { int rc = -ENOTCONN; lock_sock(sk); if (sk->sk_state == DCCP_LISTEN) goto out; switch (cmd) { case SIOCINQ: { struct sk_buff *skb; unsigned long amount = 0; skb = skb_peek(&sk->sk_receive_queue); if (skb != NULL) { amount = skb->len; } rc = put_user(amount, (int __user *)arg); } break; default: rc = -ENOIOCTLCMD; break; } out: release_sock(sk); return rc; }",linux-2.6,,,144532298803674824448718280409112633242,0 1768,[],"static void migrate_nr_uninterruptible(struct rq *rq_src) { struct rq *rq_dest = cpu_rq(any_online_cpu(*CPU_MASK_ALL_PTR)); unsigned long flags; local_irq_save(flags); double_rq_lock(rq_src, rq_dest); rq_dest->nr_uninterruptible += rq_src->nr_uninterruptible; rq_src->nr_uninterruptible = 0; double_rq_unlock(rq_src, rq_dest); local_irq_restore(flags); }",linux-2.6,,,4219719490305642740395448821890186245,0 1691,CWE-416,"static int xc2028_set_config(struct dvb_frontend *fe, void *priv_cfg) { struct xc2028_data *priv = fe->tuner_priv; struct xc2028_ctrl *p = priv_cfg; int rc = 0; tuner_dbg(""%s called\n"", __func__); mutex_lock(&priv->lock); kfree(priv->ctrl.fname); memcpy(&priv->ctrl, p, sizeof(priv->ctrl)); if (p->fname) { priv->ctrl.fname = kstrdup(p->fname, GFP_KERNEL); if (priv->ctrl.fname == NULL) rc = -ENOMEM; } if (!firmware_name[0] && p->fname && priv->fname && strcmp(p->fname, priv->fname)) free_firmware(priv); if (priv->ctrl.max_len < 9) priv->ctrl.max_len = 13; if (priv->state == XC2028_NO_FIRMWARE) { if (!firmware_name[0]) priv->fname = priv->ctrl.fname; else priv->fname = firmware_name; rc = request_firmware_nowait(THIS_MODULE, 1, priv->fname, priv->i2c_props.adap->dev.parent, GFP_KERNEL, fe, load_firmware_cb); if (rc < 0) { tuner_err(""Failed to request firmware %s\n"", priv->fname); priv->state = XC2028_NODEV; } else priv->state = XC2028_WAITING_FIRMWARE; } mutex_unlock(&priv->lock); return rc; }",visit repo url,drivers/media/tuners/tuner-xc2028.c,https://github.com/torvalds/linux,173131550844767,1 252,CWE-284,"static int tcp_v6_rcv(struct sk_buff *skb) { const struct tcphdr *th; const struct ipv6hdr *hdr; bool refcounted; struct sock *sk; int ret; struct net *net = dev_net(skb->dev); if (skb->pkt_type != PACKET_HOST) goto discard_it; __TCP_INC_STATS(net, TCP_MIB_INSEGS); if (!pskb_may_pull(skb, sizeof(struct tcphdr))) goto discard_it; th = (const struct tcphdr *)skb->data; if (unlikely(th->doff < sizeof(struct tcphdr)/4)) goto bad_packet; if (!pskb_may_pull(skb, th->doff*4)) goto discard_it; if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo)) goto csum_error; th = (const struct tcphdr *)skb->data; hdr = ipv6_hdr(skb); lookup: sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), th->source, th->dest, inet6_iif(skb), &refcounted); if (!sk) goto no_tcp_socket; process: if (sk->sk_state == TCP_TIME_WAIT) goto do_time_wait; if (sk->sk_state == TCP_NEW_SYN_RECV) { struct request_sock *req = inet_reqsk(sk); struct sock *nsk; sk = req->rsk_listener; tcp_v6_fill_cb(skb, hdr, th); if (tcp_v6_inbound_md5_hash(sk, skb)) { sk_drops_add(sk, skb); reqsk_put(req); goto discard_it; } if (unlikely(sk->sk_state != TCP_LISTEN)) { inet_csk_reqsk_queue_drop_and_put(sk, req); goto lookup; } sock_hold(sk); refcounted = true; nsk = tcp_check_req(sk, skb, req, false); if (!nsk) { reqsk_put(req); goto discard_and_relse; } if (nsk == sk) { reqsk_put(req); tcp_v6_restore_cb(skb); } else if (tcp_child_process(sk, nsk, skb)) { tcp_v6_send_reset(nsk, skb); goto discard_and_relse; } else { sock_put(sk); return 0; } } if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP); goto discard_and_relse; } if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) goto discard_and_relse; tcp_v6_fill_cb(skb, hdr, th); if (tcp_v6_inbound_md5_hash(sk, skb)) goto discard_and_relse; if (sk_filter(sk, skb)) goto discard_and_relse; skb->dev = NULL; if (sk->sk_state == TCP_LISTEN) { ret = tcp_v6_do_rcv(sk, skb); goto put_and_return; } sk_incoming_cpu_update(sk); bh_lock_sock_nested(sk); tcp_segs_in(tcp_sk(sk), skb); ret = 0; if (!sock_owned_by_user(sk)) { if (!tcp_prequeue(sk, skb)) ret = tcp_v6_do_rcv(sk, skb); } else if (tcp_add_backlog(sk, skb)) { goto discard_and_relse; } bh_unlock_sock(sk); put_and_return: if (refcounted) sock_put(sk); return ret ? -1 : 0; no_tcp_socket: if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) goto discard_it; tcp_v6_fill_cb(skb, hdr, th); if (tcp_checksum_complete(skb)) { csum_error: __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS); bad_packet: __TCP_INC_STATS(net, TCP_MIB_INERRS); } else { tcp_v6_send_reset(NULL, skb); } discard_it: kfree_skb(skb); return 0; discard_and_relse: sk_drops_add(sk, skb); if (refcounted) sock_put(sk); goto discard_it; do_time_wait: if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { inet_twsk_put(inet_twsk(sk)); goto discard_it; } tcp_v6_fill_cb(skb, hdr, th); if (tcp_checksum_complete(skb)) { inet_twsk_put(inet_twsk(sk)); goto csum_error; } switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { case TCP_TW_SYN: { struct sock *sk2; sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, skb, __tcp_hdrlen(th), &ipv6_hdr(skb)->saddr, th->source, &ipv6_hdr(skb)->daddr, ntohs(th->dest), tcp_v6_iif(skb)); if (sk2) { struct inet_timewait_sock *tw = inet_twsk(sk); inet_twsk_deschedule_put(tw); sk = sk2; tcp_v6_restore_cb(skb); refcounted = false; goto process; } } case TCP_TW_ACK: tcp_v6_timewait_ack(sk, skb); break; case TCP_TW_RST: tcp_v6_restore_cb(skb); tcp_v6_send_reset(sk, skb); inet_twsk_deschedule_put(inet_twsk(sk)); goto discard_it; case TCP_TW_SUCCESS: ; } goto discard_it; }",visit repo url,net/ipv6/tcp_ipv6.c,https://github.com/torvalds/linux,69045686009742,1 4812,['CWE-399'],"static int __init inotify_user_setup(void) { int ret; ret = register_filesystem(&inotify_fs_type); if (unlikely(ret)) panic(""inotify: register_filesystem returned %d!\n"", ret); inotify_mnt = kern_mount(&inotify_fs_type); if (IS_ERR(inotify_mnt)) panic(""inotify: kern_mount ret %ld!\n"", PTR_ERR(inotify_mnt)); inotify_max_queued_events = 16384; inotify_max_user_instances = 128; inotify_max_user_watches = 8192; watch_cachep = kmem_cache_create(""inotify_watch_cache"", sizeof(struct inotify_user_watch), 0, SLAB_PANIC, NULL); event_cachep = kmem_cache_create(""inotify_event_cache"", sizeof(struct inotify_kernel_event), 0, SLAB_PANIC, NULL); return 0; }",linux-2.6,,,276917303108027688217045597656529061615,0 1036,['CWE-20'],"asmlinkage long sys_newuname(struct new_utsname __user * name) { int errno = 0; down_read(&uts_sem); if (copy_to_user(name, utsname(), sizeof *name)) errno = -EFAULT; up_read(&uts_sem); return errno; }",linux-2.6,,,311746617173672707057834926830252493286,0 771,CWE-20,"static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); int noblock = flags & MSG_DONTWAIT; size_t copied = 0; int target, err; long timeo; IRDA_DEBUG(3, ""%s()\n"", __func__); if ((err = sock_error(sk)) < 0) return err; if (sock->flags & __SO_ACCEPTCON) return -EINVAL; err =-EOPNOTSUPP; if (flags & MSG_OOB) return -EOPNOTSUPP; err = 0; target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, noblock); msg->msg_namelen = 0; do { int chunk; struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue); if (skb == NULL) { DEFINE_WAIT(wait); err = 0; if (copied >= target) break; prepare_to_wait_exclusive(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); err = sock_error(sk); if (err) ; else if (sk->sk_shutdown & RCV_SHUTDOWN) ; else if (noblock) err = -EAGAIN; else if (signal_pending(current)) err = sock_intr_errno(timeo); else if (sk->sk_state != TCP_ESTABLISHED) err = -ENOTCONN; else if (skb_peek(&sk->sk_receive_queue) == NULL) schedule(); finish_wait(sk_sleep(sk), &wait); if (err) return err; if (sk->sk_shutdown & RCV_SHUTDOWN) break; continue; } chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { IRDA_DEBUG(1, ""%s(), back on q!\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { IRDA_DEBUG(0, ""%s() questionable!?\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",visit repo url,net/irda/af_irda.c,https://github.com/torvalds/linux,219986388594170,1 3683,CWE-119,"mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) { if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) fatal(""%s: mm_zalloc(%u, %u)"", __func__, ncount, size); return mm_malloc(mm, size * ncount); }",visit repo url,usr.bin/ssh/monitor.c,https://github.com/openbsd/src,64885022189682,1 234,[],"int fat_subdirs(struct inode *dir) { struct buffer_head *bh; struct msdos_dir_entry *de; loff_t cpos; int count = 0; bh = NULL; cpos = 0; while (fat_get_short_entry(dir, &cpos, &bh, &de) >= 0) { if (de->attr & ATTR_DIR) count++; } brelse(bh); return count; }",linux-2.6,,,221150289131148837889691770579399472002,0 2954,CWE-17,"static int attach_child_main(void* data) { struct attach_clone_payload* payload = (struct attach_clone_payload*)data; int ipc_socket = payload->ipc_socket; lxc_attach_options_t* options = payload->options; struct lxc_proc_context_info* init_ctx = payload->init_ctx; #if HAVE_SYS_PERSONALITY_H long new_personality; #endif int ret; int status; int expected; long flags; int fd; uid_t new_uid; gid_t new_gid; expected = 0; status = -1; ret = lxc_read_nointr_expect(ipc_socket, &status, sizeof(status), &expected); if (ret <= 0) { ERROR(""error using IPC to receive notification from initial process (0)""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } if (!(options->namespaces & CLONE_NEWNS) && (options->attach_flags & LXC_ATTACH_REMOUNT_PROC_SYS)) { ret = lxc_attach_remount_sys_proc(); if (ret < 0) { shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } #if HAVE_SYS_PERSONALITY_H if (options->personality < 0) new_personality = init_ctx->personality; else new_personality = options->personality; if (options->attach_flags & LXC_ATTACH_SET_PERSONALITY) { ret = personality(new_personality); if (ret < 0) { SYSERROR(""could not ensure correct architecture""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } #endif if (options->attach_flags & LXC_ATTACH_DROP_CAPABILITIES) { ret = lxc_attach_drop_privs(init_ctx); if (ret < 0) { ERROR(""could not drop privileges""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } ret = lxc_attach_set_environment(options->env_policy, options->extra_env_vars, options->extra_keep_env); if (ret < 0) { ERROR(""could not set initial environment for attached process""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } new_uid = 0; new_gid = 0; if (options->namespaces & CLONE_NEWUSER) lxc_attach_get_init_uidgid(&new_uid, &new_gid); if (options->uid != (uid_t)-1) new_uid = options->uid; if (options->gid != (gid_t)-1) new_gid = options->gid; if (options->stdin_fd && isatty(options->stdin_fd)) { if (setsid() < 0) { SYSERROR(""unable to setsid""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } if (ioctl(options->stdin_fd, TIOCSCTTY, (char *)NULL) < 0) { SYSERROR(""unable to TIOCSTTY""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } if ((new_gid != 0 || options->namespaces & CLONE_NEWUSER)) { if (setgid(new_gid) || setgroups(0, NULL)) { SYSERROR(""switching to container gid""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } } if ((new_uid != 0 || options->namespaces & CLONE_NEWUSER) && setuid(new_uid)) { SYSERROR(""switching to container uid""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } status = 1; ret = lxc_write_nointr(ipc_socket, &status, sizeof(status)); if (ret != sizeof(status)) { ERROR(""error using IPC to notify initial process for initialization (1)""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } expected = 2; status = -1; ret = lxc_read_nointr_expect(ipc_socket, &status, sizeof(status), &expected); if (ret <= 0) { ERROR(""error using IPC to receive final notification from initial process (2)""); shutdown(ipc_socket, SHUT_RDWR); rexit(-1); } shutdown(ipc_socket, SHUT_RDWR); close(ipc_socket); if ((options->namespaces & CLONE_NEWNS) && (options->attach_flags & LXC_ATTACH_LSM)) { int on_exec; int proc_mounted; on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? 1 : 0; proc_mounted = mount_proc_if_needed(""/""); if (proc_mounted == -1) { ERROR(""Error mounting a sane /proc""); rexit(-1); } ret = lsm_process_label_set(init_ctx->lsm_label, init_ctx->container->lxc_conf, 0, on_exec); if (proc_mounted) umount(""/proc""); if (ret < 0) { rexit(-1); } } if (init_ctx->container && init_ctx->container->lxc_conf && lxc_seccomp_load(init_ctx->container->lxc_conf) != 0) { ERROR(""Loading seccomp policy""); rexit(-1); } lxc_proc_put_context_info(init_ctx); if (options->stdin_fd >= 0 && options->stdin_fd != 0) dup2(options->stdin_fd, 0); if (options->stdout_fd >= 0 && options->stdout_fd != 1) dup2(options->stdout_fd, 1); if (options->stderr_fd >= 0 && options->stderr_fd != 2) dup2(options->stderr_fd, 2); if (options->stdin_fd > 2) close(options->stdin_fd); if (options->stdout_fd > 2) close(options->stdout_fd); if (options->stderr_fd > 2) close(options->stderr_fd); for (fd = 0; fd <= 2; fd++) { flags = fcntl(fd, F_GETFL); if (flags < 0) continue; if (flags & FD_CLOEXEC) { if (fcntl(fd, F_SETFL, flags & ~FD_CLOEXEC) < 0) { SYSERROR(""Unable to clear CLOEXEC from fd""); } } } rexit(payload->exec_function(payload->exec_payload)); }",visit repo url,src/lxc/attach.c,https://github.com/lxc/lxc,118281279227784,1 4306,CWE-476,"RList *r_bin_ne_get_symbols(r_bin_ne_obj_t *bin) { RBinSymbol *sym; ut16 off = bin->ne_header->ResidNamTable + bin->header_offset; RList *symbols = r_list_newf (free); if (!symbols) { return NULL; } RList *entries = r_bin_ne_get_entrypoints (bin); bool resident = true, first = true; while (true) { ut8 sz = r_buf_read8_at (bin->buf, off); if (!sz) { first = true; if (resident) { resident = false; off = bin->ne_header->OffStartNonResTab; sz = r_buf_read8_at (bin->buf, off); if (!sz) { break; } } else { break; } } char *name = malloc ((ut64)sz + 1); if (!name) { break; } off++; r_buf_read_at (bin->buf, off, (ut8 *)name, sz); name[sz] = '\0'; off += sz; sym = R_NEW0 (RBinSymbol); if (!sym) { break; } sym->name = name; if (!first) { sym->bind = R_BIN_BIND_GLOBAL_STR; } ut16 entry_off = r_buf_read_le16_at (bin->buf, off); off += 2; RBinAddr *entry = r_list_get_n (entries, entry_off); if (entry) { sym->paddr = entry->paddr; } else { sym->paddr = -1; } sym->ordinal = entry_off; r_list_append (symbols, sym); first = false; } RListIter *it; RBinAddr *en; int i = 1; r_list_foreach (entries, it, en) { if (!r_list_find (symbols, &en->paddr, __find_symbol_by_paddr)) { sym = R_NEW0 (RBinSymbol); if (!sym) { break; } sym->name = r_str_newf (""entry%d"", i - 1); sym->paddr = en->paddr; sym->bind = R_BIN_BIND_GLOBAL_STR; sym->ordinal = i; r_list_append (symbols, sym); } i++; } bin->symbols = symbols; return symbols; }",visit repo url,libr/bin/format/ne/ne.c,https://github.com/radareorg/radare2,180352784251901,1 4281,['CWE-264'],"static int copy_mm(unsigned long clone_flags, struct task_struct * tsk) { struct mm_struct * mm, *oldmm; int retval; tsk->min_flt = tsk->maj_flt = 0; tsk->nvcsw = tsk->nivcsw = 0; tsk->mm = NULL; tsk->active_mm = NULL; oldmm = current->mm; if (!oldmm) return 0; if (clone_flags & CLONE_VM) { atomic_inc(&oldmm->mm_users); mm = oldmm; goto good_mm; } retval = -ENOMEM; mm = dup_mm(tsk); if (!mm) goto fail_nomem; good_mm: mm->token_priority = 0; mm->last_interval = 0; tsk->mm = mm; tsk->active_mm = mm; return 0; fail_nomem: return retval; }",linux-2.6,,,323359365024890211344504906007040354080,0 4462,['CWE-264'],"unsigned long mac_drv_virt2phys(struct s_smc *smc, void *virt) { return (smc->os.SharedMemDMA + ((char *) virt - (char *)smc->os.SharedMemAddr)); } ",linux-2.6,,,231480940911435655224186115856157490747,0 958,CWE-264,"int inode_change_ok(const struct inode *inode, struct iattr *attr) { unsigned int ia_valid = attr->ia_valid; if (ia_valid & ATTR_SIZE) { int error = inode_newsize_ok(inode, attr->ia_size); if (error) return error; } if (ia_valid & ATTR_FORCE) return 0; if ((ia_valid & ATTR_UID) && (!uid_eq(current_fsuid(), inode->i_uid) || !uid_eq(attr->ia_uid, inode->i_uid)) && !inode_capable(inode, CAP_CHOWN)) return -EPERM; if ((ia_valid & ATTR_GID) && (!uid_eq(current_fsuid(), inode->i_uid) || (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) && !inode_capable(inode, CAP_CHOWN)) return -EPERM; if (ia_valid & ATTR_MODE) { if (!inode_owner_or_capable(inode)) return -EPERM; if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid : inode->i_gid) && !inode_capable(inode, CAP_FSETID)) attr->ia_mode &= ~S_ISGID; } if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET)) { if (!inode_owner_or_capable(inode)) return -EPERM; } return 0; }",visit repo url,fs/attr.c,https://github.com/torvalds/linux,109092289598128,1 1644,CWE-362,"static int ext4_dax_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) { return dax_mkwrite(vma, vmf, ext4_get_block_dax, ext4_end_io_unwritten); }",visit repo url,fs/ext4/file.c,https://github.com/torvalds/linux,267636993196845,1 1944,['CWE-20'],"static int insert_pfn(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn, pgprot_t prot) { struct mm_struct *mm = vma->vm_mm; int retval; pte_t *pte, entry; spinlock_t *ptl; retval = -ENOMEM; pte = get_locked_pte(mm, addr, &ptl); if (!pte) goto out; retval = -EBUSY; if (!pte_none(*pte)) goto out_unlock; entry = pte_mkspecial(pfn_pte(pfn, prot)); set_pte_at(mm, addr, pte, entry); update_mmu_cache(vma, addr, entry); retval = 0; out_unlock: pte_unmap_unlock(pte, ptl); out: return retval; }",linux-2.6,,,203031341165556801915778528348598846961,0 2712,CWE-190,"SPL_METHOD(SplFileObject, rewind) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } spl_filesystem_file_rewind(getThis(), intern TSRMLS_CC); } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,78070690398735,1 5594,CWE-125,"ast_for_async_funcdef(struct compiling *c, const node *n, asdl_seq *decorator_seq) { REQ(n, async_funcdef); REQ(CHILD(n, 0), ASYNC); REQ(CHILD(n, 1), funcdef); return ast_for_funcdef_impl(c, CHILD(n, 1), decorator_seq, 1 ); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,208679991594538,1 2106,CWE-200,"static int crypto_report_kpp(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_kpp rkpp; strlcpy(rkpp.type, ""kpp"", sizeof(rkpp.type)); if (nla_put(skb, CRYPTOCFGA_REPORT_KPP, sizeof(struct crypto_report_kpp), &rkpp)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user_base.c,https://github.com/torvalds/linux,17950090741419,1 265,[],"lp_timeout_trans(unsigned int fd, unsigned int cmd, unsigned long arg) { struct compat_timeval __user *tc = (struct compat_timeval __user *)arg; struct timeval __user *tn = compat_alloc_user_space(sizeof(struct timeval)); struct timeval ts; if (get_user(ts.tv_sec, &tc->tv_sec) || get_user(ts.tv_usec, &tc->tv_usec) || put_user(ts.tv_sec, &tn->tv_sec) || put_user(ts.tv_usec, &tn->tv_usec)) return -EFAULT; return sys_ioctl(fd, cmd, (unsigned long)tn); }",linux-2.6,,,294012252201333276799071673633238694946,0 696,CWE-20,"static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int err = 0; lock_sock(sk); if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) { err = -ENOTCONN; goto out; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (!ax25_sk(sk)->pidincl) skb_pull(skb, 1); skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (msg->msg_namelen != 0) { struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; ax25_digi digi; ax25_address src; const unsigned char *mac = skb_mac_header(skb); memset(sax, 0, sizeof(struct full_sockaddr_ax25)); ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, &digi, NULL, NULL); sax->sax25_family = AF_AX25; sax->sax25_ndigis = digi.ndigi; sax->sax25_call = src; if (sax->sax25_ndigis != 0) { int ct; struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax; for (ct = 0; ct < digi.ndigi; ct++) fsa->fsa_digipeater[ct] = digi.calls[ct]; } msg->msg_namelen = sizeof(struct full_sockaddr_ax25); } skb_free_datagram(sk, skb); err = copied; out: release_sock(sk); return err; }",visit repo url,net/ax25/af_ax25.c,https://github.com/torvalds/linux,113629503405761,1 4233,['CWE-399'],"static int pfifo_fast_init(struct Qdisc *qdisc, struct nlattr *opt) { int prio; struct sk_buff_head *list = qdisc_priv(qdisc); for (prio = 0; prio < PFIFO_FAST_BANDS; prio++) skb_queue_head_init(list + prio); return 0; }",linux-2.6,,,181696767360454043910703619195193548306,0 5294,CWE-787,"TEE_Result syscall_cryp_derive_key(unsigned long state, const struct utee_attribute *usr_params, unsigned long param_count, unsigned long derived_key) { TEE_Result res = TEE_ERROR_NOT_SUPPORTED; struct tee_ta_session *sess; struct tee_obj *ko; struct tee_obj *so; struct tee_cryp_state *cs; struct tee_cryp_obj_secret *sk; const struct tee_cryp_obj_type_props *type_props; TEE_Attribute *params = NULL; struct user_ta_ctx *utc; res = tee_ta_get_current_session(&sess); if (res != TEE_SUCCESS) return res; utc = to_user_ta_ctx(sess->ctx); res = tee_svc_cryp_get_state(sess, tee_svc_uref_to_vaddr(state), &cs); if (res != TEE_SUCCESS) return res; params = malloc(sizeof(TEE_Attribute) * param_count); if (!params) return TEE_ERROR_OUT_OF_MEMORY; res = copy_in_attrs(utc, usr_params, param_count, params); if (res != TEE_SUCCESS) goto out; res = tee_obj_get(utc, cs->key1, &ko); if (res != TEE_SUCCESS) goto out; res = tee_obj_get(utc, tee_svc_uref_to_vaddr(derived_key), &so); if (res != TEE_SUCCESS) goto out; sk = so->attr; type_props = tee_svc_find_type_props(so->info.objectType); if (!type_props) { res = TEE_ERROR_NOT_SUPPORTED; goto out; } if (cs->algo == TEE_ALG_DH_DERIVE_SHARED_SECRET) { size_t alloc_size; struct bignum *pub; struct bignum *ss; if (param_count != 1 || params[0].attributeID != TEE_ATTR_DH_PUBLIC_VALUE) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } alloc_size = params[0].content.ref.length * 8; pub = crypto_bignum_allocate(alloc_size); ss = crypto_bignum_allocate(alloc_size); if (pub && ss) { crypto_bignum_bin2bn(params[0].content.ref.buffer, params[0].content.ref.length, pub); res = crypto_acipher_dh_shared_secret(ko->attr, pub, ss); if (res == TEE_SUCCESS) { sk->key_size = crypto_bignum_num_bytes(ss); crypto_bignum_bn2bin(ss, (uint8_t *)(sk + 1)); so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } } else { res = TEE_ERROR_OUT_OF_MEMORY; } crypto_bignum_free(pub); crypto_bignum_free(ss); } else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_ECDH) { size_t alloc_size; struct ecc_public_key key_public; uint8_t *pt_secret; unsigned long pt_secret_len; if (param_count != 2 || params[0].attributeID != TEE_ATTR_ECC_PUBLIC_VALUE_X || params[1].attributeID != TEE_ATTR_ECC_PUBLIC_VALUE_Y) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } switch (cs->algo) { case TEE_ALG_ECDH_P192: alloc_size = 192; break; case TEE_ALG_ECDH_P224: alloc_size = 224; break; case TEE_ALG_ECDH_P256: alloc_size = 256; break; case TEE_ALG_ECDH_P384: alloc_size = 384; break; case TEE_ALG_ECDH_P521: alloc_size = 521; break; default: res = TEE_ERROR_NOT_IMPLEMENTED; goto out; } res = crypto_acipher_alloc_ecc_public_key(&key_public, alloc_size); if (res != TEE_SUCCESS) goto out; key_public.curve = ((struct ecc_keypair *)ko->attr)->curve; crypto_bignum_bin2bn(params[0].content.ref.buffer, params[0].content.ref.length, key_public.x); crypto_bignum_bin2bn(params[1].content.ref.buffer, params[1].content.ref.length, key_public.y); pt_secret = (uint8_t *)(sk + 1); pt_secret_len = sk->alloc_size; res = crypto_acipher_ecc_shared_secret(ko->attr, &key_public, pt_secret, &pt_secret_len); if (res == TEE_SUCCESS) { sk->key_size = pt_secret_len; so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } crypto_acipher_free_ecc_public_key(&key_public); } #if defined(CFG_CRYPTO_HKDF) else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_HKDF) { void *salt, *info; size_t salt_len, info_len, okm_len; uint32_t hash_id = TEE_ALG_GET_DIGEST_HASH(cs->algo); struct tee_cryp_obj_secret *ik = ko->attr; const uint8_t *ikm = (const uint8_t *)(ik + 1); res = get_hkdf_params(params, param_count, &salt, &salt_len, &info, &info_len, &okm_len); if (res != TEE_SUCCESS) goto out; if (okm_len > ik->alloc_size) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } res = tee_cryp_hkdf(hash_id, ikm, ik->key_size, salt, salt_len, info, info_len, (uint8_t *)(sk + 1), okm_len); if (res == TEE_SUCCESS) { sk->key_size = okm_len; so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } } #endif #if defined(CFG_CRYPTO_CONCAT_KDF) else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_CONCAT_KDF) { void *info; size_t info_len, derived_key_len; uint32_t hash_id = TEE_ALG_GET_DIGEST_HASH(cs->algo); struct tee_cryp_obj_secret *ss = ko->attr; const uint8_t *shared_secret = (const uint8_t *)(ss + 1); res = get_concat_kdf_params(params, param_count, &info, &info_len, &derived_key_len); if (res != TEE_SUCCESS) goto out; if (derived_key_len > ss->alloc_size) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } res = tee_cryp_concat_kdf(hash_id, shared_secret, ss->key_size, info, info_len, (uint8_t *)(sk + 1), derived_key_len); if (res == TEE_SUCCESS) { sk->key_size = derived_key_len; so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } } #endif #if defined(CFG_CRYPTO_PBKDF2) else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_PBKDF2) { void *salt; size_t salt_len, iteration_count, derived_key_len; uint32_t hash_id = TEE_ALG_GET_DIGEST_HASH(cs->algo); struct tee_cryp_obj_secret *ss = ko->attr; const uint8_t *password = (const uint8_t *)(ss + 1); res = get_pbkdf2_params(params, param_count, &salt, &salt_len, &derived_key_len, &iteration_count); if (res != TEE_SUCCESS) goto out; if (derived_key_len > ss->alloc_size) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } res = tee_cryp_pbkdf2(hash_id, password, ss->key_size, salt, salt_len, iteration_count, (uint8_t *)(sk + 1), derived_key_len); if (res == TEE_SUCCESS) { sk->key_size = derived_key_len; so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } } #endif else res = TEE_ERROR_NOT_SUPPORTED; out: free(params); return res; }",visit repo url,core/tee/tee_svc_cryp.c,https://github.com/OP-TEE/optee_os,147387645842528,1 3218,['CWE-189'],"int jas_stream_display(jas_stream_t *stream, FILE *fp, int n) { unsigned char buf[16]; int i; int j; int m; int c; int display; int cnt; cnt = n - (n % 16); display = 1; for (i = 0; i < n; i += 16) { if (n > 16 && i > 0) { display = (i >= cnt) ? 1 : 0; } if (display) { fprintf(fp, ""%08x:"", i); } m = JAS_MIN(n - i, 16); for (j = 0; j < m; ++j) { if ((c = jas_stream_getc(stream)) == EOF) { abort(); return -1; } buf[j] = c; } if (display) { for (j = 0; j < m; ++j) { fprintf(fp, "" %02x"", buf[j]); } fputc(' ', fp); for (; j < 16; ++j) { fprintf(fp, "" ""); } for (j = 0; j < m; ++j) { if (isprint(buf[j])) { fputc(buf[j], fp); } else { fputc(' ', fp); } } fprintf(fp, ""\n""); } } return 0; }",jasper,,,221320643386860943641667559781988954153,0 6067,CWE-190,"void bn_rec_jsf(int8_t *jsf, int *len, const bn_t k, const bn_t l) { bn_t n0, n1; dig_t l0, l1; int8_t u0, u1, d0, d1; int i, j, offset; if (*len < (2 * bn_bits(k) + 1)) { *len = 0; RLC_THROW(ERR_NO_BUFFER); return; } bn_null(n0); bn_null(n1); RLC_TRY { bn_new(n0); bn_new(n1); bn_abs(n0, k); bn_abs(n1, l); i = bn_bits(k); j = bn_bits(l); offset = RLC_MAX(i, j) + 1; memset(jsf, 0, *len); i = 0; d0 = d1 = 0; while (!(bn_is_zero(n0) && d0 == 0) || !(bn_is_zero(n1) && d1 == 0)) { bn_get_dig(&l0, n0); bn_get_dig(&l1, n1); l0 = (l0 + d0) & RLC_MASK(3); l1 = (l1 + d1) & RLC_MASK(3); if (l0 % 2 == 0) { u0 = 0; } else { u0 = 2 - (l0 & RLC_MASK(2)); if ((l0 == 3 || l0 == 5) && ((l1 & RLC_MASK(2)) == 2)) { u0 = (int8_t)-u0; } } jsf[i] = u0; if (l1 % 2 == 0) { u1 = 0; } else { u1 = 2 - (l1 & RLC_MASK(2)); if ((l1 == 3 || l1 == 5) && ((l0 & RLC_MASK(2)) == 2)) { u1 = (int8_t)-u1; } } jsf[i + offset] = u1; if (d0 + d0 == 1 + u0) { d0 = (int8_t)(1 - d0); } if (d1 + d1 == 1 + u1) { d1 = (int8_t)(1 - d1); } i++; bn_hlv(n0, n0); bn_hlv(n1, n1); } *len = i; } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n0); bn_free(n1); } }",visit repo url,src/bn/relic_bn_rec.c,https://github.com/relic-toolkit/relic,58169369343076,1 2306,CWE-189,"midi_synth_load_patch(int dev, int format, const char __user *addr, int offs, int count, int pmgr_flag) { int orig_dev = synth_devs[dev]->midi_dev; struct sysex_info sysex; int i; unsigned long left, src_offs, eox_seen = 0; int first_byte = 1; int hdr_size = (unsigned long) &sysex.data[0] - (unsigned long) &sysex; leave_sysex(dev); if (!prefix_cmd(orig_dev, 0xf0)) return 0; if (format != SYSEX_PATCH) { return -EINVAL; } if (count < hdr_size) { return -EINVAL; } count -= hdr_size; if(copy_from_user(&((char *) &sysex)[offs], &(addr)[offs], hdr_size - offs)) return -EFAULT; if (count < sysex.len) { sysex.len = count; } left = sysex.len; src_offs = 0; for (i = 0; i < left && !signal_pending(current); i++) { unsigned char data; if (get_user(data, (unsigned char __user *)(addr + hdr_size + i))) return -EFAULT; eox_seen = (i > 0 && data & 0x80); if (eox_seen && data != 0xf7) data = 0xf7; if (i == 0) { if (data != 0xf0) { printk(KERN_WARNING ""midi_synth: Sysex start missing\n""); return -EINVAL; } } while (!midi_devs[orig_dev]->outputc(orig_dev, (unsigned char) (data & 0xff)) && !signal_pending(current)) schedule(); if (!first_byte && data & 0x80) return 0; first_byte = 0; } if (!eox_seen) midi_outc(orig_dev, 0xf7); return 0; }",visit repo url,sound/oss/midi_synth.c,https://github.com/torvalds/linux,263418853802887,1 2489,['CWE-119'],"static int compare_tree_entry(struct tree_desc *t1, struct tree_desc *t2, const char *base, int baselen, struct diff_options *opt) { unsigned mode1, mode2; const char *path1, *path2; const unsigned char *sha1, *sha2; int cmp, pathlen1, pathlen2; char *fullname; sha1 = tree_entry_extract(t1, &path1, &mode1); sha2 = tree_entry_extract(t2, &path2, &mode2); pathlen1 = tree_entry_len(path1, sha1); pathlen2 = tree_entry_len(path2, sha2); cmp = base_name_compare(path1, pathlen1, mode1, path2, pathlen2, mode2); if (cmp < 0) { show_entry(opt, ""-"", t1, base, baselen); return -1; } if (cmp > 0) { show_entry(opt, ""+"", t2, base, baselen); return 1; } if (!DIFF_OPT_TST(opt, FIND_COPIES_HARDER) && !hashcmp(sha1, sha2) && mode1 == mode2) return 0; if (S_ISDIR(mode1) != S_ISDIR(mode2)) { show_entry(opt, ""-"", t1, base, baselen); show_entry(opt, ""+"", t2, base, baselen); return 0; } if (DIFF_OPT_TST(opt, RECURSIVE) && S_ISDIR(mode1)) { int retval; char *newbase = malloc_base(base, baselen, path1, pathlen1); if (DIFF_OPT_TST(opt, TREE_IN_RECURSIVE)) { newbase[baselen + pathlen1] = 0; opt->change(opt, mode1, mode2, sha1, sha2, newbase); newbase[baselen + pathlen1] = '/'; } retval = diff_tree_sha1(sha1, sha2, newbase, opt); free(newbase); return retval; } fullname = malloc_fullname(base, baselen, path1, pathlen1); opt->change(opt, mode1, mode2, sha1, sha2, fullname); free(fullname); return 0; }",git,,,337147802610719847640113876792369793211,0 5970,CWE-74,"rndr_quote(struct buf *ob, const struct buf *text, void *opaque) { if (!text || !text->size) return 0; BUFPUTSL(ob, """"); bufput(ob, text->data, text->size); BUFPUTSL(ob, """"); return 1; }",visit repo url,ext/redcarpet/html.c,https://github.com/vmg/redcarpet,227076177147880,1 1598,CWE-269,"static int trusted_update(struct key *key, struct key_preparsed_payload *prep) { struct trusted_key_payload *p = key->payload.data[0]; struct trusted_key_payload *new_p; struct trusted_key_options *new_o; size_t datalen = prep->datalen; char *datablob; int ret = 0; if (!p->migratable) return -EPERM; if (datalen <= 0 || datalen > 32767 || !prep->data) return -EINVAL; datablob = kmalloc(datalen + 1, GFP_KERNEL); if (!datablob) return -ENOMEM; new_o = trusted_options_alloc(); if (!new_o) { ret = -ENOMEM; goto out; } new_p = trusted_payload_alloc(key); if (!new_p) { ret = -ENOMEM; goto out; } memcpy(datablob, prep->data, datalen); datablob[datalen] = '\0'; ret = datablob_parse(datablob, new_p, new_o); if (ret != Opt_update) { ret = -EINVAL; kfree(new_p); goto out; } if (!new_o->keyhandle) { ret = -EINVAL; kfree(new_p); goto out; } new_p->migratable = p->migratable; new_p->key_len = p->key_len; memcpy(new_p->key, p->key, p->key_len); dump_payload(p); dump_payload(new_p); ret = key_seal(new_p, new_o); if (ret < 0) { pr_info(""trusted_key: key_seal failed (%d)\n"", ret); kfree(new_p); goto out; } if (new_o->pcrlock) { ret = pcrlock(new_o->pcrlock); if (ret < 0) { pr_info(""trusted_key: pcrlock failed (%d)\n"", ret); kfree(new_p); goto out; } } rcu_assign_keypointer(key, new_p); call_rcu(&p->rcu, trusted_rcu_free); out: kfree(datablob); kfree(new_o); return ret; }",visit repo url,security/keys/trusted.c,https://github.com/torvalds/linux,250689403668003,1 5346,['CWE-476'],"static void vcpu_kick_intr(void *info) { #ifdef DEBUG struct kvm_vcpu *vcpu = (struct kvm_vcpu *)info; printk(KERN_DEBUG ""vcpu_kick_intr %p \n"", vcpu); #endif }",linux-2.6,,,150034128056912776976587670749741985645,0 6463,[],"lt_dlcaller_set_data (lt_dlinterface_id key, lt_dlhandle handle, void *data) { int n_elements = 0; void *stale = (void *) 0; lt_dlhandle cur = handle; int i; if (cur->interface_data) while (cur->interface_data[n_elements].key) ++n_elements; for (i = 0; i < n_elements; ++i) { if (cur->interface_data[i].key == key) { stale = cur->interface_data[i].data; break; } } if (i == n_elements) { lt_interface_data *temp = REALLOC (lt_interface_data, cur->interface_data, 2+ n_elements); if (!temp) { stale = 0; goto done; } cur->interface_data = temp; cur->interface_data[i].key = key; cur->interface_data[1+ i].key = 0; } cur->interface_data[i].data = data; done: return stale; }",libtool,,,189181229993736055956581312405305823692,0 2298,['CWE-120'],"static inline int do_follow_link(struct path *path, struct nameidata *nd) { int err = -ELOOP; if (current->link_count >= MAX_NESTED_LINKS) goto loop; if (current->total_link_count >= 40) goto loop; BUG_ON(nd->depth >= MAX_NESTED_LINKS); cond_resched(); err = security_inode_follow_link(path->dentry, nd); if (err) goto loop; current->link_count++; current->total_link_count++; nd->depth++; err = __do_follow_link(path, nd); current->link_count--; nd->depth--; return err; loop: path_put_conditional(path, nd); path_put(&nd->path); return err; }",linux-2.6,,,226719255756018209070908213549101368048,0 2548,CWE-399,"cib_tls_signon(cib_t * cib, struct remote_connection_s *connection) { int sock; cib_remote_opaque_t *private = cib->variant_opaque; struct sockaddr_in addr; int rc = 0; char *server = private->server; int ret_ga; struct addrinfo *res; struct addrinfo hints; xmlNode *answer = NULL; xmlNode *login = NULL; static struct mainloop_fd_callbacks cib_fd_callbacks = { .dispatch = cib_remote_dispatch, .destroy = cib_remote_connection_destroy, }; connection->socket = 0; connection->session = NULL; sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); if (sock == -1) { crm_perror(LOG_ERR, ""Socket creation failed""); return -1; } bzero(&hints, sizeof(struct addrinfo)); hints.ai_flags = AI_CANONNAME; hints.ai_family = AF_INET; hints.ai_socktype = SOCK_RAW; if (hints.ai_family == AF_INET6) { hints.ai_protocol = IPPROTO_ICMPV6; } else { hints.ai_protocol = IPPROTO_ICMP; } crm_debug(""Looking up %s"", server); ret_ga = getaddrinfo(server, NULL, &hints, &res); if (ret_ga) { crm_err(""getaddrinfo: %s"", gai_strerror(ret_ga)); close(sock); return -1; } if (res->ai_canonname) { server = res->ai_canonname; } crm_debug(""Got address %s for %s"", server, private->server); if (!res->ai_addr) { fprintf(stderr, ""getaddrinfo failed""); crm_exit(1); } #if 1 memcpy(&addr, res->ai_addr, res->ai_addrlen); #else memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_addr.s_addr = inet_addr(server); #endif addr.sin_port = htons(private->port); if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { crm_perror(LOG_ERR, ""Connection to %s:%d failed"", server, private->port); close(sock); return -1; } if (connection->encrypted) { #ifdef HAVE_GNUTLS_GNUTLS_H gnutls_global_init(); gnutls_anon_allocate_client_credentials(&anon_cred_c); connection->session = create_tls_session(sock, GNUTLS_CLIENT); if (connection->session == NULL) { crm_perror(LOG_ERR, ""Session creation for %s:%d failed"", server, private->port); close(sock); cib_tls_close(cib); return -1; } #else return -EPROTONOSUPPORT; #endif } else { connection->session = GUINT_TO_POINTER(sock); } login = create_xml_node(NULL, ""cib_command""); crm_xml_add(login, ""op"", ""authenticate""); crm_xml_add(login, ""user"", private->user); crm_xml_add(login, ""password"", private->passwd); crm_xml_add(login, ""hidden"", ""password""); crm_send_remote_msg(connection->session, login, connection->encrypted); free_xml(login); answer = crm_recv_remote_msg(connection->session, connection->encrypted); crm_log_xml_trace(answer, ""Reply""); if (answer == NULL) { rc = -EPROTO; } else { const char *msg_type = crm_element_value(answer, F_CIB_OPERATION); const char *tmp_ticket = crm_element_value(answer, F_CIB_CLIENTID); if (safe_str_neq(msg_type, CRM_OP_REGISTER)) { crm_err(""Invalid registration message: %s"", msg_type); rc = -EPROTO; } else if (tmp_ticket == NULL) { rc = -EPROTO; } else { connection->token = strdup(tmp_ticket); } } if (rc != 0) { cib_tls_close(cib); } connection->socket = sock; connection->source = mainloop_add_fd(""cib-remote"", G_PRIORITY_HIGH, connection->socket, cib, &cib_fd_callbacks); return rc; }",visit repo url,lib/cib/cib_remote.c,https://github.com/ClusterLabs/pacemaker,275983480293451,1 5166,CWE-787,"static void libxsmm_sparse_csr_reader( const char* i_csr_file_in, unsigned int** o_row_idx, unsigned int** o_column_idx, REALTYPE** o_values, unsigned int* o_row_count, unsigned int* o_column_count, unsigned int* o_element_count ) { FILE *l_csr_file_handle; const unsigned int l_line_length = 512; char l_line[512 +1]; unsigned int l_header_read = 0; unsigned int* l_row_idx_id = NULL; unsigned int l_i = 0; l_csr_file_handle = fopen( i_csr_file_in, ""r"" ); if ( l_csr_file_handle == NULL ) { fprintf( stderr, ""cannot open CSR file!\n"" ); return; } while (fgets(l_line, l_line_length, l_csr_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { fprintf( stderr, ""could not read file length!\n"" ); return; } if ( l_line[0] == '%' ) { continue; } else { if ( l_header_read == 0 ) { if ( sscanf(l_line, ""%u %u %u"", o_row_count, o_column_count, o_element_count) == 3 ) { *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count + 1)); *o_values = (REALTYPE*) malloc(sizeof(double) * (*o_element_count)); l_row_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count)); if ( ( *o_row_idx == NULL ) || ( *o_column_idx == NULL ) || ( *o_values == NULL ) || ( l_row_idx_id == NULL ) ) { fprintf( stderr, ""could not allocate sp data!\n"" ); return; } memset(*o_row_idx, 0, sizeof(unsigned int)*(*o_row_count + 1)); memset(*o_column_idx, 0, sizeof(unsigned int)*(*o_element_count)); memset(*o_values, 0, sizeof(double)*(*o_element_count)); memset(l_row_idx_id, 0, sizeof(unsigned int)*(*o_row_count)); for ( l_i = 0; l_i < (*o_row_count + 1); l_i++) (*o_row_idx)[l_i] = (*o_element_count); (*o_row_idx)[0] = 0; l_i = 0; l_header_read = 1; } else { fprintf( stderr, ""could not csr description!\n"" ); return; } } else { unsigned int l_row, l_column; REALTYPE l_value; #if defined(__EDGE_EXECUTE_F32__) if ( sscanf(l_line, ""%u %u %f"", &l_row, &l_column, &l_value) != 3 ) { fprintf( stderr, ""could not read element!\n"" ); return; } #else if ( sscanf(l_line, ""%u %u %lf"", &l_row, &l_column, &l_value) != 3 ) { fprintf( stderr, ""could not read element!\n"" ); return; } #endif l_row--; l_column--; (*o_column_idx)[l_i] = l_column; (*o_values)[l_i] = l_value; l_i++; l_row_idx_id[l_row] = 1; (*o_row_idx)[l_row+1] = l_i; } } } fclose( l_csr_file_handle ); if ( l_i != (*o_element_count) ) { fprintf( stderr, ""we were not able to read all elements!\n"" ); return; } for ( l_i = 0; l_i < (*o_row_count); l_i++) { if ( l_row_idx_id[l_i] == 0 ) { (*o_row_idx)[l_i+1] = (*o_row_idx)[l_i]; } } if ( l_row_idx_id != NULL ) { free( l_row_idx_id ); } }",visit repo url,samples/edge/common_edge_proxy.h,https://github.com/hfp/libxsmm,171024799489721,1 4740,CWE-347,"static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len) { int offset = 0; const uint8_t *ptr = NULL; if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE)) goto end_get_sig; if (asn1_sig[offset++] != ASN1_OCTET_STRING) goto end_get_sig; *len = get_asn1_length(asn1_sig, &offset); ptr = &asn1_sig[offset]; end_get_sig: return ptr; }",visit repo url,ssl/x509.c,https://github.com/igrr/axtls-8266,276741088675569,1 766,['CWE-119'],"static int isdn_net_header(struct sk_buff *skb, struct net_device *dev, unsigned short type, const void *daddr, const void *saddr, unsigned plen) { isdn_net_local *lp = dev->priv; unsigned char *p; ushort len = 0; switch (lp->p_encap) { case ISDN_NET_ENCAP_ETHER: len = eth_header(skb, dev, type, daddr, saddr, plen); break; #ifdef CONFIG_ISDN_PPP case ISDN_NET_ENCAP_SYNCPPP: len = IPPP_MAX_HEADER; skb_push(skb,len); break; #endif case ISDN_NET_ENCAP_RAWIP: printk(KERN_WARNING ""isdn_net_header called with RAW_IP!\n""); len = 0; break; case ISDN_NET_ENCAP_IPTYP: *((ushort *) skb_push(skb, 2)) = htons(type); len = 2; break; case ISDN_NET_ENCAP_UIHDLC: *((ushort *) skb_push(skb, 2)) = htons(0x0103); len = 2; break; case ISDN_NET_ENCAP_CISCOHDLC: case ISDN_NET_ENCAP_CISCOHDLCK: p = skb_push(skb, 4); p += put_u8 (p, CISCO_ADDR_UNICAST); p += put_u8 (p, CISCO_CTRL); p += put_u16(p, type); len = 4; break; #ifdef CONFIG_ISDN_X25 default: if( lp-> netdev -> cprot ){ printk(KERN_WARNING ""isdn_net_header called with concap_proto!\n""); len = 0; break; } break; #endif } return len; }",linux-2.6,,,61556903581590665981955493505995337049,0 6442,[],"lt_dlhandle_iterate (lt_dlinterface_id iface, lt_dlhandle place) { lt_dlhandle handle = place; lt__interface_id *iterator = (lt__interface_id *) iface; assert (iface); if (!handle) handle = handles; else handle = handle->next; while (handle && iterator->iface && ((*iterator->iface) (handle, iterator->id_string) != 0)) { handle = handle->next; } return handle; }",libtool,,,33788400226373226274686620279417789806,0 1890,['CWE-20'],"static int unmap_mapping_range_vma(struct vm_area_struct *vma, unsigned long start_addr, unsigned long end_addr, struct zap_details *details) { unsigned long restart_addr; int need_break; again: restart_addr = vma->vm_truncate_count; if (is_restart_addr(restart_addr) && start_addr < restart_addr) { start_addr = restart_addr; if (start_addr >= end_addr) { vma->vm_truncate_count = details->truncate_count; return 0; } } restart_addr = zap_page_range(vma, start_addr, end_addr - start_addr, details); need_break = need_resched() || spin_needbreak(details->i_mmap_lock); if (restart_addr >= end_addr) { vma->vm_truncate_count = details->truncate_count; if (!need_break) return 0; } else { vma->vm_truncate_count = restart_addr; if (!need_break) goto again; } spin_unlock(details->i_mmap_lock); cond_resched(); spin_lock(details->i_mmap_lock); return -EINTR; }",linux-2.6,,,13117407751022973065796417628267805034,0 957,CWE-19,"static int __do_page_fault(struct mm_struct *mm, unsigned long addr, unsigned int mm_flags, unsigned long vm_flags, struct task_struct *tsk) { struct vm_area_struct *vma; int fault; vma = find_vma(mm, addr); fault = VM_FAULT_BADMAP; if (unlikely(!vma)) goto out; if (unlikely(vma->vm_start > addr)) goto check_stack; good_area: if (!(vma->vm_flags & vm_flags)) { fault = VM_FAULT_BADACCESS; goto out; } return handle_mm_fault(mm, vma, addr & PAGE_MASK, mm_flags); check_stack: if (vma->vm_flags & VM_GROWSDOWN && !expand_stack(vma, addr)) goto good_area; out: return fault; }",visit repo url,arch/arm64/mm/fault.c,https://github.com/torvalds/linux,98328703994637,1 4047,['CWE-362'],"static void evict_chunk(struct audit_chunk *chunk) { struct audit_tree *owner; int n; if (chunk->dead) return; chunk->dead = 1; mutex_lock(&audit_filter_mutex); spin_lock(&hash_lock); while (!list_empty(&chunk->trees)) { owner = list_entry(chunk->trees.next, struct audit_tree, same_root); owner->goner = 1; owner->root = NULL; list_del_init(&owner->same_root); spin_unlock(&hash_lock); kill_rules(owner); list_move(&owner->list, &prune_list); audit_schedule_prune(); spin_lock(&hash_lock); } list_del_rcu(&chunk->hash); for (n = 0; n < chunk->count; n++) list_del_init(&chunk->owners[n].list); spin_unlock(&hash_lock); mutex_unlock(&audit_filter_mutex); }",linux-2.6,,,224430525709785890084993608241336400962,0 4658,['CWE-399'],"static int ext4_journal_test_restart(handle_t *handle, struct inode *inode) { BUG_ON(EXT4_JOURNAL(inode) == NULL); jbd_debug(2, ""restarting handle %p\n"", handle); return ext4_journal_restart(handle, blocks_for_truncate(inode)); }",linux-2.6,,,324546925414450291042485600985898214746,0 3382,CWE-770,"static Image *ReadOneMNGImage(MngInfo* mng_info, const ImageInfo *image_info, ExceptionInfo *exception) { char page_geometry[MagickPathExtent]; Image *image; MagickBooleanType logging; volatile int first_mng_object, object_id, term_chunk_found, skip_to_iend; volatile ssize_t image_count=0; MagickBooleanType status; MagickOffsetType offset; MngBox default_fb, fb, previous_fb; #if defined(MNG_INSERT_LAYERS) PixelInfo mng_background_color; #endif register unsigned char *p; register ssize_t i; size_t count; ssize_t loop_level; volatile short skipping_loop; #if defined(MNG_INSERT_LAYERS) unsigned int mandatory_back=0; #endif volatile unsigned int #ifdef MNG_OBJECT_BUFFERS mng_background_object=0, #endif mng_type=0; size_t default_frame_timeout, frame_timeout, #if defined(MNG_INSERT_LAYERS) image_height, image_width, #endif length; volatile size_t default_frame_delay, final_delay, final_image_delay, frame_delay, #if defined(MNG_INSERT_LAYERS) insert_layers, #endif mng_iterations=1, simplicity=0, subframe_height=0, subframe_width=0; previous_fb.top=0; previous_fb.bottom=0; previous_fb.left=0; previous_fb.right=0; default_fb.top=0; default_fb.bottom=0; default_fb.left=0; default_fb.right=0; logging=LogMagickEvent(CoderEvent,GetMagickModule(), "" Enter ReadOneMNGImage()""); image=mng_info->image; if (LocaleCompare(image_info->magick,""MNG"") == 0) { char magic_number[MagickPathExtent]; count=(size_t) ReadBlob(image,8,(unsigned char *) magic_number); if (memcmp(magic_number,""\212MNG\r\n\032\n"",8) != 0) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); for (i=0; i < MNG_MAX_OBJECTS; i++) { mng_info->object_clip[i].right=(ssize_t) PNG_UINT_31_MAX; mng_info->object_clip[i].bottom=(ssize_t) PNG_UINT_31_MAX; } mng_info->exists[0]=MagickTrue; } skipping_loop=(-1); first_mng_object=MagickTrue; mng_type=0; #if defined(MNG_INSERT_LAYERS) insert_layers=MagickFalse; #endif default_frame_delay=0; default_frame_timeout=0; frame_delay=0; final_delay=1; mng_info->ticks_per_second=1UL*image->ticks_per_second; object_id=0; skip_to_iend=MagickFalse; term_chunk_found=MagickFalse; mng_info->framing_mode=1; #if defined(MNG_INSERT_LAYERS) mandatory_back=MagickFalse; #endif #if defined(MNG_INSERT_LAYERS) mng_background_color=image->background_color; #endif default_fb=mng_info->frame; previous_fb=mng_info->frame; do { char type[MagickPathExtent]; if (LocaleCompare(image_info->magick,""MNG"") == 0) { unsigned char *chunk; type[0]='\0'; (void) ConcatenateMagickString(type,""errr"",MagickPathExtent); length=ReadBlobMSBLong(image); count=(size_t) ReadBlob(image,4,(unsigned char *) type); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading MNG chunk type %c%c%c%c, length: %.20g"", type[0],type[1],type[2],type[3],(double) length); if (length > PNG_UINT_31_MAX) { status=MagickFalse; break; } if (count == 0) ThrowReaderException(CorruptImageError,""CorruptImage""); p=NULL; chunk=(unsigned char *) NULL; if (length != 0) { chunk=(unsigned char *) AcquireQuantumMemory(length+ MagickPathExtent,sizeof(*chunk)); if (chunk == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); for (i=0; i < (ssize_t) length; i++) { int c; c=ReadBlobByte(image); if (c == EOF) break; chunk[i]=(unsigned char) c; } p=chunk; } (void) ReadBlobMSBLong(image); #if !defined(JNG_SUPPORTED) if (memcmp(type,mng_JHDR,4) == 0) { skip_to_iend=MagickTrue; if (mng_info->jhdr_warning == 0) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""JNGCompressNotSupported"",""`%s'"",image->filename); mng_info->jhdr_warning++; } #endif if (memcmp(type,mng_DHDR,4) == 0) { skip_to_iend=MagickTrue; if (mng_info->dhdr_warning == 0) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""DeltaPNGNotSupported"",""`%s'"",image->filename); mng_info->dhdr_warning++; } if (memcmp(type,mng_MEND,4) == 0) break; if (skip_to_iend) { if (memcmp(type,mng_IEND,4) == 0) skip_to_iend=MagickFalse; if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Skip to IEND.""); continue; } if (memcmp(type,mng_MHDR,4) == 0) { if (length != 28) { chunk=(unsigned char *) RelinquishMagickMemory(chunk); ThrowReaderException(CorruptImageError,""CorruptImage""); } mng_info->mng_width=(size_t) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); mng_info->mng_height=(size_t) ((p[4] << 24) | (p[5] << 16) | (p[6] << 8) | p[7]); if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" MNG width: %.20g"",(double) mng_info->mng_width); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" MNG height: %.20g"",(double) mng_info->mng_height); } p+=8; mng_info->ticks_per_second=(size_t) mng_get_long(p); if (mng_info->ticks_per_second == 0) default_frame_delay=0; else default_frame_delay=1UL*image->ticks_per_second/ mng_info->ticks_per_second; frame_delay=default_frame_delay; simplicity=0; p+=16; simplicity=(size_t) mng_get_long(p); mng_type=1; if ((simplicity != 0) && ((simplicity | 11) == 11)) mng_type=2; if ((simplicity != 0) && ((simplicity | 9) == 9)) mng_type=3; #if defined(MNG_INSERT_LAYERS) if (mng_type != 3) insert_layers=MagickTrue; #endif if (GetAuthenticPixelQueue(image) != (Quantum *) NULL) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) return((Image *) NULL); image=SyncNextImageInList(image); mng_info->image=image; } if ((mng_info->mng_width > 65535L) || (mng_info->mng_height > 65535L)) { chunk=(unsigned char *) RelinquishMagickMemory(chunk); ThrowReaderException(ImageError,""WidthOrHeightExceedsLimit""); } (void) FormatLocaleString(page_geometry,MagickPathExtent, ""%.20gx%.20g+0+0"",(double) mng_info->mng_width,(double) mng_info->mng_height); mng_info->frame.left=0; mng_info->frame.right=(ssize_t) mng_info->mng_width; mng_info->frame.top=0; mng_info->frame.bottom=(ssize_t) mng_info->mng_height; mng_info->clip=default_fb=previous_fb=mng_info->frame; for (i=0; i < MNG_MAX_OBJECTS; i++) mng_info->object_clip[i]=mng_info->frame; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_TERM,4) == 0) { int repeat=0; if (length != 0) repeat=p[0]; if (repeat == 3) { final_delay=(png_uint_32) mng_get_long(&p[2]); mng_iterations=(png_uint_32) mng_get_long(&p[6]); if (mng_iterations == PNG_UINT_31_MAX) mng_iterations=0; image->iterations=mng_iterations; term_chunk_found=MagickTrue; } if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" repeat=%d, final_delay=%.20g, iterations=%.20g"", repeat,(double) final_delay, (double) image->iterations); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_DEFI,4) == 0) { if (mng_type == 3) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""DEFI chunk found in MNG-VLC datastream"",""`%s'"", image->filename); if (length < 2) { if (chunk) chunk=(unsigned char *) RelinquishMagickMemory(chunk); ThrowReaderException(CorruptImageError,""CorruptImage""); } object_id=(p[0] << 8) | p[1]; if (mng_type == 2 && object_id != 0) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""Nonzero object_id in MNG-LC datastream"",""`%s'"", image->filename); if (object_id > MNG_MAX_OBJECTS) { (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""object id too large"",""`%s'"",image->filename); object_id=MNG_MAX_OBJECTS; } if (mng_info->exists[object_id]) if (mng_info->frozen[object_id]) { chunk=(unsigned char *) RelinquishMagickMemory(chunk); (void) ThrowMagickException(exception, GetMagickModule(),CoderError, ""DEFI cannot redefine a frozen MNG object"",""`%s'"", image->filename); continue; } mng_info->exists[object_id]=MagickTrue; if (length > 2) mng_info->invisible[object_id]=p[2]; if (length > 11) { mng_info->x_off[object_id]=(ssize_t) ((p[4] << 24) | (p[5] << 16) | (p[6] << 8) | p[7]); mng_info->y_off[object_id]=(ssize_t) ((p[8] << 24) | (p[9] << 16) | (p[10] << 8) | p[11]); if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" x_off[%d]: %.20g, y_off[%d]: %.20g"", object_id,(double) mng_info->x_off[object_id], object_id,(double) mng_info->y_off[object_id]); } } if (length > 27) mng_info->object_clip[object_id]=mng_read_box(mng_info->frame,0, &p[12]); chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_bKGD,4) == 0) { mng_info->have_global_bkgd=MagickFalse; if (length > 5) { mng_info->mng_global_bkgd.red= ScaleShortToQuantum((unsigned short) ((p[0] << 8) | p[1])); mng_info->mng_global_bkgd.green= ScaleShortToQuantum((unsigned short) ((p[2] << 8) | p[3])); mng_info->mng_global_bkgd.blue= ScaleShortToQuantum((unsigned short) ((p[4] << 8) | p[5])); mng_info->have_global_bkgd=MagickTrue; } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_BACK,4) == 0) { #if defined(MNG_INSERT_LAYERS) if (length > 6) mandatory_back=p[6]; else mandatory_back=0; if (mandatory_back && length > 5) { mng_background_color.red= ScaleShortToQuantum((unsigned short) ((p[0] << 8) | p[1])); mng_background_color.green= ScaleShortToQuantum((unsigned short) ((p[2] << 8) | p[3])); mng_background_color.blue= ScaleShortToQuantum((unsigned short) ((p[4] << 8) | p[5])); mng_background_color.alpha=OpaqueAlpha; } #ifdef MNG_OBJECT_BUFFERS if (length > 8) mng_background_object=(p[7] << 8) | p[8]; #endif #endif chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_PLTE,4) == 0) { if (length && (length < 769)) { if (mng_info->global_plte == (png_colorp) NULL) mng_info->global_plte=(png_colorp) AcquireQuantumMemory(256, sizeof(*mng_info->global_plte)); for (i=0; i < (ssize_t) (length/3); i++) { mng_info->global_plte[i].red=p[3*i]; mng_info->global_plte[i].green=p[3*i+1]; mng_info->global_plte[i].blue=p[3*i+2]; } mng_info->global_plte_length=(unsigned int) (length/3); } #ifdef MNG_LOOSE for ( ; i < 256; i++) { mng_info->global_plte[i].red=i; mng_info->global_plte[i].green=i; mng_info->global_plte[i].blue=i; } if (length != 0) mng_info->global_plte_length=256; #endif else mng_info->global_plte_length=0; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_tRNS,4) == 0) { if (length > 0 && length < 257) for (i=0; i < (ssize_t) length; i++) mng_info->global_trns[i]=p[i]; #ifdef MNG_LOOSE for ( ; i < 256; i++) mng_info->global_trns[i]=255; #endif mng_info->global_trns_length=(unsigned int) length; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_gAMA,4) == 0) { if (length == 4) { ssize_t igamma; igamma=mng_get_long(p); mng_info->global_gamma=((float) igamma)*0.00001; mng_info->have_global_gama=MagickTrue; } else mng_info->have_global_gama=MagickFalse; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_cHRM,4) == 0) { if (length == 32) { mng_info->global_chrm.white_point.x=0.00001*mng_get_long(p); mng_info->global_chrm.white_point.y=0.00001*mng_get_long(&p[4]); mng_info->global_chrm.red_primary.x=0.00001*mng_get_long(&p[8]); mng_info->global_chrm.red_primary.y=0.00001* mng_get_long(&p[12]); mng_info->global_chrm.green_primary.x=0.00001* mng_get_long(&p[16]); mng_info->global_chrm.green_primary.y=0.00001* mng_get_long(&p[20]); mng_info->global_chrm.blue_primary.x=0.00001* mng_get_long(&p[24]); mng_info->global_chrm.blue_primary.y=0.00001* mng_get_long(&p[28]); mng_info->have_global_chrm=MagickTrue; } else mng_info->have_global_chrm=MagickFalse; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_sRGB,4) == 0) { if (length != 0) { mng_info->global_srgb_intent= Magick_RenderingIntent_from_PNG_RenderingIntent(p[0]); mng_info->have_global_srgb=MagickTrue; } else mng_info->have_global_srgb=MagickFalse; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_iCCP,4) == 0) { if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_FRAM,4) == 0) { if (mng_type == 3) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""FRAM chunk found in MNG-VLC datastream"",""`%s'"", image->filename); if ((mng_info->framing_mode == 2) || (mng_info->framing_mode == 4)) image->delay=frame_delay; frame_delay=default_frame_delay; frame_timeout=default_frame_timeout; fb=default_fb; if (length != 0) if (p[0]) mng_info->framing_mode=p[0]; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Framing_mode=%d"",mng_info->framing_mode); if (length > 6) { p++; while (*p && ((p-chunk) < (ssize_t) length)) p++; p++; if ((p-chunk) < (ssize_t) (length-4)) { int change_delay, change_timeout, change_clipping; change_delay=(*p++); change_timeout=(*p++); change_clipping=(*p++); p++; if (change_delay) { frame_delay=1UL*image->ticks_per_second* mng_get_long(p); if (mng_info->ticks_per_second != 0) frame_delay/=mng_info->ticks_per_second; else frame_delay=PNG_UINT_31_MAX; if (change_delay == 2) default_frame_delay=frame_delay; p+=4; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Framing_delay=%.20g"",(double) frame_delay); } if (change_timeout) { frame_timeout=1UL*image->ticks_per_second* mng_get_long(p); if (mng_info->ticks_per_second != 0) frame_timeout/=mng_info->ticks_per_second; else frame_timeout=PNG_UINT_31_MAX; if (change_timeout == 2) default_frame_timeout=frame_timeout; p+=4; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Framing_timeout=%.20g"",(double) frame_timeout); } if (change_clipping) { fb=mng_read_box(previous_fb,(char) p[0],&p[1]); p+=17; previous_fb=fb; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Frame_clip: L=%.20g R=%.20g T=%.20g B=%.20g"", (double) fb.left,(double) fb.right,(double) fb.top, (double) fb.bottom); if (change_clipping == 2) default_fb=fb; } } } mng_info->clip=fb; mng_info->clip=mng_minimum_box(fb,mng_info->frame); subframe_width=(size_t) (mng_info->clip.right -mng_info->clip.left); subframe_height=(size_t) (mng_info->clip.bottom -mng_info->clip.top); #if defined(MNG_INSERT_LAYERS) if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" subframe_width=%.20g, subframe_height=%.20g"",(double) subframe_width,(double) subframe_height); if (insert_layers && (mng_info->framing_mode == 4) && (subframe_width) && (subframe_height)) { if (GetAuthenticPixelQueue(image) != (Quantum *) NULL) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) return(DestroyImageList(image)); image=SyncNextImageInList(image); } mng_info->image=image; if (term_chunk_found) { image->start_loop=MagickTrue; image->iterations=mng_iterations; term_chunk_found=MagickFalse; } else image->start_loop=MagickFalse; image->columns=subframe_width; image->rows=subframe_height; image->page.width=subframe_width; image->page.height=subframe_height; image->page.x=mng_info->clip.left; image->page.y=mng_info->clip.top; image->background_color=mng_background_color; image->alpha_trait=UndefinedPixelTrait; image->delay=0; (void) SetImageBackgroundColor(image,exception); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Insert backgd layer, L=%.20g, R=%.20g T=%.20g, B=%.20g"", (double) mng_info->clip.left, (double) mng_info->clip.right, (double) mng_info->clip.top, (double) mng_info->clip.bottom); } #endif chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_CLIP,4) == 0) { unsigned int first_object, last_object; if (length > 3) { first_object=(p[0] << 8) | p[1]; last_object=(p[2] << 8) | p[3]; p+=4; for (i=(int) first_object; i <= (int) last_object; i++) { if (mng_info->exists[i] && !mng_info->frozen[i]) { MngBox box; box=mng_info->object_clip[i]; if ((p-chunk) < (ssize_t) (length-17)) mng_info->object_clip[i]= mng_read_box(box,(char) p[0],&p[1]); } } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_SAVE,4) == 0) { for (i=1; i < MNG_MAX_OBJECTS; i++) if (mng_info->exists[i]) { mng_info->frozen[i]=MagickTrue; #ifdef MNG_OBJECT_BUFFERS if (mng_info->ob[i] != (MngBuffer *) NULL) mng_info->ob[i]->frozen=MagickTrue; #endif } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if ((memcmp(type,mng_DISC,4) == 0) || (memcmp(type,mng_SEEK,4) == 0)) { if ((length == 0) || !memcmp(type,mng_SEEK,4)) { for (i=1; i < MNG_MAX_OBJECTS; i++) MngInfoDiscardObject(mng_info,i); } else { register ssize_t j; for (j=1; j < (ssize_t) length; j+=2) { i=p[j-1] << 8 | p[j]; MngInfoDiscardObject(mng_info,i); } } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_MOVE,4) == 0) { size_t first_object, last_object; if (length > 3) { first_object=(p[0] << 8) | p[1]; last_object=(p[2] << 8) | p[3]; p+=4; for (i=(ssize_t) first_object; i <= (ssize_t) last_object; i++) { if ((i < 0) || (i >= MNG_MAX_OBJECTS)) continue; if (mng_info->exists[i] && !mng_info->frozen[i] && (p-chunk) < (ssize_t) (length-8)) { MngPair new_pair; MngPair old_pair; old_pair.a=mng_info->x_off[i]; old_pair.b=mng_info->y_off[i]; new_pair=mng_read_pair(old_pair,(int) p[0],&p[1]); mng_info->x_off[i]=new_pair.a; mng_info->y_off[i]=new_pair.b; } } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_LOOP,4) == 0) { ssize_t loop_iters=1; if (length > 4) { loop_level=chunk[0]; mng_info->loop_active[loop_level]=1; loop_iters=mng_get_long(&chunk[1]); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" LOOP level %.20g has %.20g iterations "", (double) loop_level, (double) loop_iters); if (loop_iters == 0) skipping_loop=loop_level; else { mng_info->loop_jump[loop_level]=TellBlob(image); mng_info->loop_count[loop_level]=loop_iters; } mng_info->loop_iteration[loop_level]=0; } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_ENDL,4) == 0) { if (length > 0) { loop_level=chunk[0]; if (skipping_loop > 0) { if (skipping_loop == loop_level) { skipping_loop=(-1); mng_info->loop_active[loop_level]=0; } } else { if (mng_info->loop_active[loop_level] == 1) { mng_info->loop_count[loop_level]--; mng_info->loop_iteration[loop_level]++; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" ENDL: LOOP level %.20g has %.20g remaining iters"", (double) loop_level,(double) mng_info->loop_count[loop_level]); if (mng_info->loop_count[loop_level] != 0) { offset= SeekBlob(image,mng_info->loop_jump[loop_level], SEEK_SET); if (offset < 0) { chunk=(unsigned char *) RelinquishMagickMemory( chunk); ThrowReaderException(CorruptImageError, ""ImproperImageHeader""); } } else { short last_level; mng_info->loop_active[loop_level]=0; last_level=(-1); for (i=0; i < loop_level; i++) if (mng_info->loop_active[i] == 1) last_level=(short) i; loop_level=last_level; } } } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_CLON,4) == 0) { if (mng_info->clon_warning == 0) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""CLON is not implemented yet"",""`%s'"", image->filename); mng_info->clon_warning++; } if (memcmp(type,mng_MAGN,4) == 0) { png_uint_16 magn_first, magn_last, magn_mb, magn_ml, magn_mr, magn_mt, magn_mx, magn_my, magn_methx, magn_methy; if (length > 1) magn_first=(p[0] << 8) | p[1]; else magn_first=0; if (length > 3) magn_last=(p[2] << 8) | p[3]; else magn_last=magn_first; #ifndef MNG_OBJECT_BUFFERS if (magn_first || magn_last) if (mng_info->magn_warning == 0) { (void) ThrowMagickException(exception, GetMagickModule(),CoderError, ""MAGN is not implemented yet for nonzero objects"", ""`%s'"",image->filename); mng_info->magn_warning++; } #endif if (length > 4) magn_methx=p[4]; else magn_methx=0; if (length > 6) magn_mx=(p[5] << 8) | p[6]; else magn_mx=1; if (magn_mx == 0) magn_mx=1; if (length > 8) magn_my=(p[7] << 8) | p[8]; else magn_my=magn_mx; if (magn_my == 0) magn_my=1; if (length > 10) magn_ml=(p[9] << 8) | p[10]; else magn_ml=magn_mx; if (magn_ml == 0) magn_ml=1; if (length > 12) magn_mr=(p[11] << 8) | p[12]; else magn_mr=magn_mx; if (magn_mr == 0) magn_mr=1; if (length > 14) magn_mt=(p[13] << 8) | p[14]; else magn_mt=magn_my; if (magn_mt == 0) magn_mt=1; if (length > 16) magn_mb=(p[15] << 8) | p[16]; else magn_mb=magn_my; if (magn_mb == 0) magn_mb=1; if (length > 17) magn_methy=p[17]; else magn_methy=magn_methx; if (magn_methx > 5 || magn_methy > 5) if (mng_info->magn_warning == 0) { (void) ThrowMagickException(exception, GetMagickModule(),CoderError, ""Unknown MAGN method in MNG datastream"",""`%s'"", image->filename); mng_info->magn_warning++; } #ifdef MNG_OBJECT_BUFFERS #endif if (magn_first == 0 || magn_last == 0) { mng_info->magn_mb=magn_mb; mng_info->magn_ml=magn_ml; mng_info->magn_mr=magn_mr; mng_info->magn_mt=magn_mt; mng_info->magn_mx=magn_mx; mng_info->magn_my=magn_my; mng_info->magn_methx=magn_methx; mng_info->magn_methy=magn_methy; } } if (memcmp(type,mng_PAST,4) == 0) { if (mng_info->past_warning == 0) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""PAST is not implemented yet"",""`%s'"", image->filename); mng_info->past_warning++; } if (memcmp(type,mng_SHOW,4) == 0) { if (mng_info->show_warning == 0) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""SHOW is not implemented yet"",""`%s'"", image->filename); mng_info->show_warning++; } if (memcmp(type,mng_sBIT,4) == 0) { if (length < 4) mng_info->have_global_sbit=MagickFalse; else { mng_info->global_sbit.gray=p[0]; mng_info->global_sbit.red=p[0]; mng_info->global_sbit.green=p[1]; mng_info->global_sbit.blue=p[2]; mng_info->global_sbit.alpha=p[3]; mng_info->have_global_sbit=MagickTrue; } } if (memcmp(type,mng_pHYs,4) == 0) { if (length > 8) { mng_info->global_x_pixels_per_unit= (size_t) mng_get_long(p); mng_info->global_y_pixels_per_unit= (size_t) mng_get_long(&p[4]); mng_info->global_phys_unit_type=p[8]; mng_info->have_global_phys=MagickTrue; } else mng_info->have_global_phys=MagickFalse; } if (memcmp(type,mng_pHYg,4) == 0) { if (mng_info->phyg_warning == 0) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""pHYg is not implemented."",""`%s'"",image->filename); mng_info->phyg_warning++; } if (memcmp(type,mng_BASI,4) == 0) { skip_to_iend=MagickTrue; if (mng_info->basi_warning == 0) (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""BASI is not implemented yet"",""`%s'"", image->filename); mng_info->basi_warning++; #ifdef MNG_BASI_SUPPORTED basi_width=(size_t) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); basi_height=(size_t) ((p[4] << 24) | (p[5] << 16) | (p[6] << 8) | p[7]); basi_color_type=p[8]; basi_compression_method=p[9]; basi_filter_type=p[10]; basi_interlace_method=p[11]; if (length > 11) basi_red=(p[12] << 8) & p[13]; else basi_red=0; if (length > 13) basi_green=(p[14] << 8) & p[15]; else basi_green=0; if (length > 15) basi_blue=(p[16] << 8) & p[17]; else basi_blue=0; if (length > 17) basi_alpha=(p[18] << 8) & p[19]; else { if (basi_sample_depth == 16) basi_alpha=65535L; else basi_alpha=255; } if (length > 19) basi_viewable=p[20]; else basi_viewable=0; #endif chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_IHDR,4) #if defined(JNG_SUPPORTED) && memcmp(type,mng_JHDR,4) #endif ) { if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Processing %c%c%c%c chunk"",type[0],type[1],type[2],type[3]); mng_info->exists[object_id]=MagickTrue; mng_info->viewable[object_id]=MagickTrue; if (mng_info->invisible[object_id]) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Skipping invisible object""); skip_to_iend=MagickTrue; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } #if defined(MNG_INSERT_LAYERS) if (length < 8) { chunk=(unsigned char *) RelinquishMagickMemory(chunk); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } image_width=(size_t) mng_get_long(p); image_height=(size_t) mng_get_long(&p[4]); #endif chunk=(unsigned char *) RelinquishMagickMemory(chunk); #if defined(MNG_INSERT_LAYERS) if (insert_layers && mng_type && first_mng_object) { if ((mng_info->clip.left > 0) || (mng_info->clip.top > 0) || (image_width < mng_info->mng_width) || (mng_info->clip.right < (ssize_t) mng_info->mng_width) || (image_height < mng_info->mng_height) || (mng_info->clip.bottom < (ssize_t) mng_info->mng_height)) { if (GetAuthenticPixelQueue(image) != (Quantum *) NULL) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) return(DestroyImageList(image)); image=SyncNextImageInList(image); } mng_info->image=image; if (term_chunk_found) { image->start_loop=MagickTrue; image->iterations=mng_iterations; term_chunk_found=MagickFalse; } else image->start_loop=MagickFalse; image->delay=0; image->columns=mng_info->mng_width; image->rows=mng_info->mng_height; image->page.width=mng_info->mng_width; image->page.height=mng_info->mng_height; image->page.x=0; image->page.y=0; image->background_color=mng_background_color; (void) SetImageBackgroundColor(image,exception); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Inserted transparent background layer, W=%.20g, H=%.20g"", (double) mng_info->mng_width,(double) mng_info->mng_height); } } if (insert_layers && (mng_info->framing_mode == 3) && (subframe_width) && (subframe_height) && (simplicity == 0 || (simplicity & 0x08))) { if (GetAuthenticPixelQueue(image) != (Quantum *) NULL) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) return(DestroyImageList(image)); image=SyncNextImageInList(image); } mng_info->image=image; if (term_chunk_found) { image->start_loop=MagickTrue; image->iterations=mng_iterations; term_chunk_found=MagickFalse; } else image->start_loop=MagickFalse; image->delay=0; image->columns=subframe_width; image->rows=subframe_height; image->page.width=subframe_width; image->page.height=subframe_height; image->page.x=mng_info->clip.left; image->page.y=mng_info->clip.top; image->background_color=mng_background_color; image->alpha_trait=UndefinedPixelTrait; (void) SetImageBackgroundColor(image,exception); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Insert background layer, L=%.20g, R=%.20g T=%.20g, B=%.20g"", (double) mng_info->clip.left,(double) mng_info->clip.right, (double) mng_info->clip.top,(double) mng_info->clip.bottom); } #endif first_mng_object=MagickFalse; if (GetAuthenticPixelQueue(image) != (Quantum *) NULL) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) return(DestroyImageList(image)); image=SyncNextImageInList(image); } mng_info->image=image; status=SetImageProgress(image,LoadImagesTag,TellBlob(image), GetBlobSize(image)); if (status == MagickFalse) break; if (term_chunk_found) { image->start_loop=MagickTrue; term_chunk_found=MagickFalse; } else image->start_loop=MagickFalse; if (mng_info->framing_mode == 1 || mng_info->framing_mode == 3) { image->delay=frame_delay; frame_delay=default_frame_delay; } else image->delay=0; image->page.width=mng_info->mng_width; image->page.height=mng_info->mng_height; image->page.x=mng_info->x_off[object_id]; image->page.y=mng_info->y_off[object_id]; image->iterations=mng_iterations; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Seeking back to beginning of %c%c%c%c chunk"",type[0],type[1], type[2],type[3]); offset=SeekBlob(image,-((ssize_t) length+12),SEEK_CUR); if (offset < 0) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } mng_info->image=image; mng_info->mng_type=mng_type; mng_info->object_id=object_id; if (memcmp(type,mng_IHDR,4) == 0) image=ReadOnePNGImage(mng_info,image_info,exception); #if defined(JNG_SUPPORTED) else image=ReadOneJNGImage(mng_info,image_info,exception); #endif if (image == (Image *) NULL) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""exit ReadJNGImage() with error""); return((Image *) NULL); } if (image->columns == 0 || image->rows == 0) { (void) CloseBlob(image); return(DestroyImageList(image)); } mng_info->image=image; if (mng_type) { MngBox crop_box; if (mng_info->magn_methx || mng_info->magn_methy) { png_uint_32 magnified_height, magnified_width; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Processing MNG MAGN chunk""); if (mng_info->magn_methx == 1) { magnified_width=mng_info->magn_ml; if (image->columns > 1) magnified_width += mng_info->magn_mr; if (image->columns > 2) magnified_width += (png_uint_32) ((image->columns-2)*(mng_info->magn_mx)); } else { magnified_width=(png_uint_32) image->columns; if (image->columns > 1) magnified_width += mng_info->magn_ml-1; if (image->columns > 2) magnified_width += mng_info->magn_mr-1; if (image->columns > 3) magnified_width += (png_uint_32) ((image->columns-3)*(mng_info->magn_mx-1)); } if (mng_info->magn_methy == 1) { magnified_height=mng_info->magn_mt; if (image->rows > 1) magnified_height += mng_info->magn_mb; if (image->rows > 2) magnified_height += (png_uint_32) ((image->rows-2)*(mng_info->magn_my)); } else { magnified_height=(png_uint_32) image->rows; if (image->rows > 1) magnified_height += mng_info->magn_mt-1; if (image->rows > 2) magnified_height += mng_info->magn_mb-1; if (image->rows > 3) magnified_height += (png_uint_32) ((image->rows-3)*(mng_info->magn_my-1)); } if (magnified_height > image->rows || magnified_width > image->columns) { Image *large_image; int yy; Quantum *next, *prev; png_uint_16 magn_methx, magn_methy; ssize_t m, y; register Quantum *n, *q; register ssize_t x; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Allocate magnified image""); AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) return(DestroyImageList(image)); large_image=SyncNextImageInList(image); large_image->columns=magnified_width; large_image->rows=magnified_height; magn_methx=mng_info->magn_methx; magn_methy=mng_info->magn_methy; #if (MAGICKCORE_QUANTUM_DEPTH > 16) #define QM unsigned short if (magn_methx != 1 || magn_methy != 1) { for (y=0; y < (ssize_t) image->rows; y++) { q=GetAuthenticPixels(image,0,y,image->columns,1, exception); for (x=(ssize_t) image->columns-1; x >= 0; x--) { SetPixelRed(image,ScaleQuantumToShort( GetPixelRed(image,q)),q); SetPixelGreen(image,ScaleQuantumToShort( GetPixelGreen(image,q)),q); SetPixelBlue(image,ScaleQuantumToShort( GetPixelBlue(image,q)),q); SetPixelAlpha(image,ScaleQuantumToShort( GetPixelAlpha(image,q)),q); q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } #else #define QM Quantum #endif if (image->alpha_trait != UndefinedPixelTrait) (void) SetImageBackgroundColor(large_image,exception); else { large_image->background_color.alpha=OpaqueAlpha; (void) SetImageBackgroundColor(large_image,exception); if (magn_methx == 4) magn_methx=2; if (magn_methx == 5) magn_methx=3; if (magn_methy == 4) magn_methy=2; if (magn_methy == 5) magn_methy=3; } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Magnify the rows to %.20g"", (double) large_image->rows); m=(ssize_t) mng_info->magn_mt; yy=0; length=(size_t) GetPixelChannels(image)*image->columns; next=(Quantum *) AcquireQuantumMemory(length,sizeof(*next)); prev=(Quantum *) AcquireQuantumMemory(length,sizeof(*prev)); if ((prev == (Quantum *) NULL) || (next == (Quantum *) NULL)) { image=DestroyImageList(image); ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } n=GetAuthenticPixels(image,0,0,image->columns,1,exception); (void) CopyMagickMemory(next,n,length); for (y=0; y < (ssize_t) image->rows; y++) { if (y == 0) m=(ssize_t) mng_info->magn_mt; else if (magn_methy > 1 && y == (ssize_t) image->rows-2) m=(ssize_t) mng_info->magn_mb; else if (magn_methy <= 1 && y == (ssize_t) image->rows-1) m=(ssize_t) mng_info->magn_mb; else if (magn_methy > 1 && y == (ssize_t) image->rows-1) m=1; else m=(ssize_t) mng_info->magn_my; n=prev; prev=next; next=n; if (y < (ssize_t) image->rows-1) { n=GetAuthenticPixels(image,0,y+1,image->columns,1, exception); (void) CopyMagickMemory(next,n,length); } for (i=0; i < m; i++, yy++) { register Quantum *pixels; assert(yy < (ssize_t) large_image->rows); pixels=prev; n=next; q=GetAuthenticPixels(large_image,0,yy,large_image->columns, 1,exception); q+=(large_image->columns-image->columns)* GetPixelChannels(large_image); for (x=(ssize_t) image->columns-1; x >= 0; x--) { if (magn_methy <= 1) { SetPixelRed(large_image,GetPixelRed(image,pixels),q); SetPixelGreen(large_image,GetPixelGreen(image, pixels),q); SetPixelBlue(large_image,GetPixelBlue(image, pixels),q); SetPixelAlpha(large_image,GetPixelAlpha(image, pixels),q); } else if (magn_methy == 2 || magn_methy == 4) { if (i == 0) { SetPixelRed(large_image,GetPixelRed(image, pixels),q); SetPixelGreen(large_image,GetPixelGreen(image, pixels),q); SetPixelBlue(large_image,GetPixelBlue(image, pixels),q); SetPixelAlpha(large_image,GetPixelAlpha(image, pixels),q); } else { SetPixelRed(large_image,((QM) (((ssize_t) (2*i*(GetPixelRed(image,n) -GetPixelRed(image,pixels)+m))/ ((ssize_t) (m*2)) +GetPixelRed(image,pixels)))),q); SetPixelGreen(large_image,((QM) (((ssize_t) (2*i*(GetPixelGreen(image,n) -GetPixelGreen(image,pixels)+m))/ ((ssize_t) (m*2)) +GetPixelGreen(image,pixels)))),q); SetPixelBlue(large_image,((QM) (((ssize_t) (2*i*(GetPixelBlue(image,n) -GetPixelBlue(image,pixels)+m))/ ((ssize_t) (m*2)) +GetPixelBlue(image,pixels)))),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(large_image, ((QM) (((ssize_t) (2*i*(GetPixelAlpha(image,n) -GetPixelAlpha(image,pixels)+m)) /((ssize_t) (m*2))+ GetPixelAlpha(image,pixels)))),q); } if (magn_methy == 4) { if (i <= ((m+1) << 1)) SetPixelAlpha(large_image,GetPixelAlpha(image, pixels),q); else SetPixelAlpha(large_image,GetPixelAlpha(image, n),q); } } else { if (i <= ((m+1) << 1)) { SetPixelRed(large_image,GetPixelRed(image, pixels),q); SetPixelGreen(large_image,GetPixelGreen(image, pixels),q); SetPixelBlue(large_image,GetPixelBlue(image, pixels),q); SetPixelAlpha(large_image,GetPixelAlpha(image, pixels),q); } else { SetPixelRed(large_image,GetPixelRed(image,n),q); SetPixelGreen(large_image,GetPixelGreen(image,n), q); SetPixelBlue(large_image,GetPixelBlue(image,n), q); SetPixelAlpha(large_image,GetPixelAlpha(image,n), q); } if (magn_methy == 5) { SetPixelAlpha(large_image,(QM) (((ssize_t) (2*i* (GetPixelAlpha(image,n) -GetPixelAlpha(image,pixels)) +m))/((ssize_t) (m*2)) +GetPixelAlpha(image,pixels)),q); } } n+=GetPixelChannels(image); q+=GetPixelChannels(large_image); pixels+=GetPixelChannels(image); } if (SyncAuthenticPixels(large_image,exception) == 0) break; } } prev=(Quantum *) RelinquishMagickMemory(prev); next=(Quantum *) RelinquishMagickMemory(next); length=image->columns; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Delete original image""); DeleteImageFromList(&image); image=large_image; mng_info->image=image; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Magnify the columns to %.20g"", (double) image->columns); for (y=0; y < (ssize_t) image->rows; y++) { register Quantum *pixels; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); pixels=q+(image->columns-length)*GetPixelChannels(image); n=pixels+GetPixelChannels(image); for (x=(ssize_t) (image->columns-length); x < (ssize_t) image->columns; x++) { if (x == (ssize_t) (image->columns-length)) m=(ssize_t) mng_info->magn_ml; else if (magn_methx > 1 && x == (ssize_t) image->columns-2) m=(ssize_t) mng_info->magn_mr; else if (magn_methx <= 1 && x == (ssize_t) image->columns-1) m=(ssize_t) mng_info->magn_mr; else if (magn_methx > 1 && x == (ssize_t) image->columns-1) m=1; else m=(ssize_t) mng_info->magn_mx; for (i=0; i < m; i++) { if (magn_methx <= 1) { SetPixelRed(image,GetPixelRed(image,pixels),q); SetPixelGreen(image,GetPixelGreen(image,pixels),q); SetPixelBlue(image,GetPixelBlue(image,pixels),q); SetPixelAlpha(image,GetPixelAlpha(image,pixels),q); } else if (magn_methx == 2 || magn_methx == 4) { if (i == 0) { SetPixelRed(image,GetPixelRed(image,pixels),q); SetPixelGreen(image,GetPixelGreen(image,pixels),q); SetPixelBlue(image,GetPixelBlue(image,pixels),q); SetPixelAlpha(image,GetPixelAlpha(image,pixels),q); } else { SetPixelRed(image,(QM) ((2*i*( GetPixelRed(image,n) -GetPixelRed(image,pixels))+m) /((ssize_t) (m*2))+ GetPixelRed(image,pixels)),q); SetPixelGreen(image,(QM) ((2*i*( GetPixelGreen(image,n) -GetPixelGreen(image,pixels))+m) /((ssize_t) (m*2))+ GetPixelGreen(image,pixels)),q); SetPixelBlue(image,(QM) ((2*i*( GetPixelBlue(image,n) -GetPixelBlue(image,pixels))+m) /((ssize_t) (m*2))+ GetPixelBlue(image,pixels)),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,(QM) ((2*i*( GetPixelAlpha(image,n) -GetPixelAlpha(image,pixels))+m) /((ssize_t) (m*2))+ GetPixelAlpha(image,pixels)),q); } if (magn_methx == 4) { if (i <= ((m+1) << 1)) { SetPixelAlpha(image, GetPixelAlpha(image,pixels)+0,q); } else { SetPixelAlpha(image, GetPixelAlpha(image,n)+0,q); } } } else { if (i <= ((m+1) << 1)) { SetPixelRed(image,GetPixelRed(image,pixels),q); SetPixelGreen(image,GetPixelGreen(image, pixels),q); SetPixelBlue(image,GetPixelBlue(image,pixels),q); SetPixelAlpha(image,GetPixelAlpha(image, pixels),q); } else { SetPixelRed(image,GetPixelRed(image,n),q); SetPixelGreen(image,GetPixelGreen(image,n),q); SetPixelBlue(image,GetPixelBlue(image,n),q); SetPixelAlpha(image,GetPixelAlpha(image,n),q); } if (magn_methx == 5) { SetPixelAlpha(image, (QM) ((2*i*( GetPixelAlpha(image,n) -GetPixelAlpha(image,pixels))+m)/ ((ssize_t) (m*2)) +GetPixelAlpha(image,pixels)),q); } } q+=GetPixelChannels(image); } n+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } #if (MAGICKCORE_QUANTUM_DEPTH > 16) if (magn_methx != 1 || magn_methy != 1) { for (y=0; y < (ssize_t) image->rows; y++) { q=GetAuthenticPixels(image,0,y,image->columns,1, exception); for (x=(ssize_t) image->columns-1; x >= 0; x--) { SetPixelRed(image,ScaleShortToQuantum( GetPixelRed(image,q)),q); SetPixelGreen(image,ScaleShortToQuantum( GetPixelGreen(image,q)),q); SetPixelBlue(image,ScaleShortToQuantum( GetPixelBlue(image,q)),q); SetPixelAlpha(image,ScaleShortToQuantum( GetPixelAlpha(image,q)),q); q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } #endif if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Finished MAGN processing""); } } crop_box.left=mng_info->image_box.left+mng_info->x_off[object_id]; crop_box.right=mng_info->image_box.right+mng_info->x_off[object_id]; crop_box.top=mng_info->image_box.top+mng_info->y_off[object_id]; crop_box.bottom=mng_info->image_box.bottom+mng_info->y_off[object_id]; crop_box=mng_minimum_box(crop_box,mng_info->clip); crop_box=mng_minimum_box(crop_box,mng_info->frame); crop_box=mng_minimum_box(crop_box,mng_info->object_clip[object_id]); if ((crop_box.left != (mng_info->image_box.left +mng_info->x_off[object_id])) || (crop_box.right != (mng_info->image_box.right +mng_info->x_off[object_id])) || (crop_box.top != (mng_info->image_box.top +mng_info->y_off[object_id])) || (crop_box.bottom != (mng_info->image_box.bottom +mng_info->y_off[object_id]))) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Crop the PNG image""); if ((crop_box.left < crop_box.right) && (crop_box.top < crop_box.bottom)) { Image *im; RectangleInfo crop_info; crop_info.x=(crop_box.left-mng_info->x_off[object_id]); crop_info.y=(crop_box.top-mng_info->y_off[object_id]); crop_info.width=(size_t) (crop_box.right-crop_box.left); crop_info.height=(size_t) (crop_box.bottom-crop_box.top); image->page.width=image->columns; image->page.height=image->rows; image->page.x=0; image->page.y=0; im=CropImage(image,&crop_info,exception); if (im != (Image *) NULL) { image->columns=im->columns; image->rows=im->rows; im=DestroyImage(im); image->page.width=image->columns; image->page.height=image->rows; image->page.x=crop_box.left; image->page.y=crop_box.top; } } else { image->columns=1; image->rows=1; image->colors=2; (void) SetImageBackgroundColor(image,exception); image->page.width=1; image->page.height=1; image->page.x=0; image->page.y=0; } } #ifndef PNG_READ_EMPTY_PLTE_SUPPORTED image=mng_info->image; #endif } #if (MAGICKCORE_QUANTUM_DEPTH > 16) if (image->depth > 16) image->depth=16; #endif #if (MAGICKCORE_QUANTUM_DEPTH > 8) if (image->depth > 8) { image->depth=16; } if (LosslessReduceDepthOK(image,exception) != MagickFalse) image->depth = 8; #endif if (image_info->number_scenes != 0) { if (mng_info->scenes_found > (ssize_t) (image_info->first_scene+image_info->number_scenes)) break; } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Finished reading image datastream.""); } while (LocaleCompare(image_info->magick,""MNG"") == 0); (void) CloseBlob(image); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Finished reading all image datastreams.""); #if defined(MNG_INSERT_LAYERS) if (insert_layers && !mng_info->image_found && (mng_info->mng_width) && (mng_info->mng_height)) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" No images found. Inserting a background layer.""); if (GetAuthenticPixelQueue(image) != (Quantum *) NULL) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Allocation failed, returning NULL.""); return(DestroyImageList(image));; } image=SyncNextImageInList(image); } image->columns=mng_info->mng_width; image->rows=mng_info->mng_height; image->page.width=mng_info->mng_width; image->page.height=mng_info->mng_height; image->page.x=0; image->page.y=0; image->background_color=mng_background_color; image->alpha_trait=UndefinedPixelTrait; if (image_info->ping == MagickFalse) (void) SetImageBackgroundColor(image,exception); mng_info->image_found++; } #endif image->iterations=mng_iterations; if (mng_iterations == 1) image->start_loop=MagickTrue; while (GetPreviousImageInList(image) != (Image *) NULL) { image_count++; if (image_count > 10*mng_info->image_found) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" No beginning""); (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""Linked list is corrupted, beginning of list not found"", ""`%s'"",image_info->filename); return(DestroyImageList(image)); } image=GetPreviousImageInList(image); if (GetNextImageInList(image) == (Image *) NULL) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" Corrupt list""); (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""Linked list is corrupted; next_image is NULL"",""`%s'"", image_info->filename); } } if (mng_info->ticks_per_second && mng_info->image_found > 1 && GetNextImageInList(image) == (Image *) NULL) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" First image null""); (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""image->next for first image is NULL but shouldn't be."", ""`%s'"",image_info->filename); } if (mng_info->image_found == 0) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" No visible images found.""); (void) ThrowMagickException(exception,GetMagickModule(), CoderError,""No visible images in file"",""`%s'"",image_info->filename); return(DestroyImageList(image)); } if (mng_info->ticks_per_second) final_delay=1UL*MagickMax(image->ticks_per_second,1L)* final_delay/mng_info->ticks_per_second; else image->start_loop=MagickTrue; final_image_delay=0; while (GetNextImageInList(image) != (Image *) NULL) { if (image->delay) final_image_delay=image->delay; image=GetNextImageInList(image); } if (final_delay < final_image_delay) final_delay=final_image_delay; image->delay=final_delay; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->delay=%.20g, final_delay=%.20g"",(double) image->delay, (double) final_delay); if (logging != MagickFalse) { int scene; scene=0; image=GetFirstImageInList(image); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Before coalesce:""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" scene 0 delay=%.20g"",(double) image->delay); while (GetNextImageInList(image) != (Image *) NULL) { image=GetNextImageInList(image); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" scene %.20g delay=%.20g"",(double) scene++, (double) image->delay); } } image=GetFirstImageInList(image); #ifdef MNG_COALESCE_LAYERS if (insert_layers) { Image *next_image, *next; size_t scene; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Coalesce Images""); scene=image->scene; next_image=CoalesceImages(image,exception); if (next_image == (Image *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); image=DestroyImageList(image); image=next_image; for (next=image; next != (Image *) NULL; next=next_image) { next->page.width=mng_info->mng_width; next->page.height=mng_info->mng_height; next->page.x=0; next->page.y=0; next->scene=scene++; next_image=GetNextImageInList(next); if (next_image == (Image *) NULL) break; if (next->delay == 0) { scene--; next_image->previous=GetPreviousImageInList(next); if (GetPreviousImageInList(next) == (Image *) NULL) image=next_image; else next->previous->next=next_image; next=DestroyImage(next); } } } #endif while (GetNextImageInList(image) != (Image *) NULL) image=GetNextImageInList(image); image->dispose=BackgroundDispose; if (logging != MagickFalse) { int scene; scene=0; image=GetFirstImageInList(image); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" After coalesce:""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" scene 0 delay=%.20g dispose=%.20g"",(double) image->delay, (double) image->dispose); while (GetNextImageInList(image) != (Image *) NULL) { image=GetNextImageInList(image); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" scene %.20g delay=%.20g dispose=%.20g"",(double) scene++, (double) image->delay,(double) image->dispose); } } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" exit ReadOneMNGImage();""); return(image); }",visit repo url,coders/png.c,https://github.com/ImageMagick/ImageMagick,164609179699996,1 3408,['CWE-264'],"asmlinkage long sys_chown(const char __user * filename, uid_t user, gid_t group) { struct nameidata nd; int error; error = user_path_walk(filename, &nd); if (error) goto out; error = chown_common(nd.dentry, user, group); path_release(&nd); out: return error; }",linux-2.6,,,147838431245908998264871155259038680245,0 2829,[],"static int dio_bio_end_io(struct bio *bio, unsigned int bytes_done, int error) { struct dio *dio = bio->bi_private; unsigned long flags; if (bio->bi_size) return 1; spin_lock_irqsave(&dio->bio_lock, flags); bio->bi_private = dio->bio_list; dio->bio_list = bio; if (--dio->refcount == 1 && dio->waiter) wake_up_process(dio->waiter); spin_unlock_irqrestore(&dio->bio_lock, flags); return 0; }",linux-2.6,,,183004021404012754770210266219878102484,0 4561,CWE-369,"static GF_Err swf_def_font(SWFReader *read, u32 revision) { u32 i, count; GF_Err e; SWFFont *ft; u32 *offset_table = NULL; u32 start; GF_SAFEALLOC(ft, SWFFont); if (!ft) return GF_OUT_OF_MEM; ft->glyphs = gf_list_new(); ft->fontID = swf_get_16(read); e = GF_OK; if (revision==0) { start = swf_get_file_pos(read); count = swf_get_16(read); ft->nbGlyphs = count / 2; offset_table = (u32*)gf_malloc(sizeof(u32) * ft->nbGlyphs); offset_table[0] = 0; for (i=1; inbGlyphs; i++) offset_table[i] = swf_get_16(read); for (i=0; inbGlyphs; i++) { swf_align(read); e = swf_seek_file_to(read, start + offset_table[i]); if (e) break; swf_parse_shape_def(read, ft, 0); } gf_free(offset_table); if (e) return e; } else if (revision==1) { SWFRec rc; Bool wide_offset, wide_codes; u32 code_offset, checkpos; ft->has_layout = swf_read_int(read, 1); ft->has_shiftJIS = swf_read_int(read, 1); ft->is_unicode = swf_read_int(read, 1); ft->is_ansi = swf_read_int(read, 1); wide_offset = swf_read_int(read, 1); wide_codes = swf_read_int(read, 1); ft->is_italic = swf_read_int(read, 1); ft->is_bold = swf_read_int(read, 1); swf_read_int(read, 8); count = swf_read_int(read, 8); ft->fontName = (char*)gf_malloc(sizeof(u8)*count+1); ft->fontName[count] = 0; for (i=0; ifontName[i] = swf_read_int(read, 8); ft->nbGlyphs = swf_get_16(read); start = swf_get_file_pos(read); if (ft->nbGlyphs) { offset_table = (u32*)gf_malloc(sizeof(u32) * ft->nbGlyphs); for (i=0; inbGlyphs; i++) { if (wide_offset) offset_table[i] = swf_get_32(read); else offset_table[i] = swf_get_16(read); } } if (wide_offset) { code_offset = swf_get_32(read); } else { code_offset = swf_get_16(read); } if (ft->nbGlyphs) { for (i=0; inbGlyphs; i++) { swf_align(read); e = swf_seek_file_to(read, start + offset_table[i]); if (e) break; swf_parse_shape_def(read, ft, 0); } gf_free(offset_table); if (e) return e; checkpos = swf_get_file_pos(read); if (checkpos != start + code_offset) { GF_LOG(GF_LOG_ERROR, GF_LOG_PARSER, (""[SWF Parsing] bad code offset in font\n"")); return GF_NON_COMPLIANT_BITSTREAM; } ft->glyph_codes = (u16*)gf_malloc(sizeof(u16) * ft->nbGlyphs); for (i=0; inbGlyphs; i++) { if (wide_codes) ft->glyph_codes[i] = swf_get_16(read); else ft->glyph_codes[i] = swf_read_int(read, 8); } } if (ft->has_layout) { ft->ascent = swf_get_s16(read); ft->descent = swf_get_s16(read); ft->leading = swf_get_s16(read); if (ft->nbGlyphs) { ft->glyph_adv = (s16*)gf_malloc(sizeof(s16) * ft->nbGlyphs); for (i=0; inbGlyphs; i++) ft->glyph_adv[i] = swf_get_s16(read); for (i=0; inbGlyphs; i++) swf_get_rec(read, &rc); } count = swf_get_16(read); for (i=0; ifonts, ft); return GF_OK; }",visit repo url,src/scene_manager/swf_parse.c,https://github.com/gpac/gpac,218941944828668,1 6402,['CWE-59'],"static int parse_options(char ** optionsp, unsigned long * filesys_flags) { const char * data; char * percent_char = NULL; char * value = NULL; char * next_keyword = NULL; char * out = NULL; int out_len = 0; int word_len; int rc = 0; char user[32]; char group[32]; if (!optionsp || !*optionsp) return 1; data = *optionsp; if (getuid()) { got_uid = 1; snprintf(user,sizeof(user),""%u"",getuid()); got_gid = 1; snprintf(group,sizeof(group),""%u"",getgid()); } while(data != NULL) { if(*data == 0) break; next_keyword = strchr(data,','); if(next_keyword) *next_keyword++ = 0; if ((value = strchr(data, '=')) != NULL) { *value = '\0'; value++; } if (strncmp(data, ""users"",5) == 0) { if(!value || !*value) { *filesys_flags |= MS_USERS; goto nocopy; } } else if (strncmp(data, ""user_xattr"",10) == 0) { } else if (strncmp(data, ""user"", 4) == 0) { if (!value || !*value) { if(data[4] == '\0') { *filesys_flags |= MS_USER; goto nocopy; } else { fprintf(stderr, ""username specified with no parameter\n""); SAFE_FREE(out); return 1; } } else { if (strnlen(value, 260) < 260) { got_user=1; percent_char = strchr(value,'%'); if(percent_char) { *percent_char = ','; if(mountpassword == NULL) mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1); if(mountpassword) { if(got_password) fprintf(stderr, ""\nmount.cifs warning - password specified twice\n""); got_password = 1; percent_char++; strlcpy(mountpassword, percent_char,MOUNT_PASSWD_SIZE+1); while(*percent_char != 0) { *percent_char = ','; percent_char++; } } } domain_name = check_for_domain(&value); } else { fprintf(stderr, ""username too long\n""); SAFE_FREE(out); return 1; } } } else if (strncmp(data, ""pass"", 4) == 0) { if (!value || !*value) { if(got_password) { fprintf(stderr, ""\npassword specified twice, ignoring second\n""); } else got_password = 1; } else if (strnlen(value, MOUNT_PASSWD_SIZE) < MOUNT_PASSWD_SIZE) { if (got_password) { fprintf(stderr, ""\nmount.cifs warning - password specified twice\n""); } else { mountpassword = strndup(value, MOUNT_PASSWD_SIZE); if (!mountpassword) { fprintf(stderr, ""mount.cifs error: %s"", strerror(ENOMEM)); SAFE_FREE(out); return 1; } got_password = 1; } } else { fprintf(stderr, ""password too long\n""); SAFE_FREE(out); return 1; } goto nocopy; } else if (strncmp(data, ""sec"", 3) == 0) { if (value) { if (!strncmp(value, ""none"", 4) || !strncmp(value, ""krb5"", 4)) got_password = 1; } } else if (strncmp(data, ""ip"", 2) == 0) { if (!value || !*value) { fprintf(stderr, ""target ip address argument missing""); } else if (strnlen(value, MAX_ADDRESS_LEN) <= MAX_ADDRESS_LEN) { if(verboseflag) fprintf(stderr, ""ip address %s override specified\n"",value); got_ip = 1; } else { fprintf(stderr, ""ip address too long\n""); SAFE_FREE(out); return 1; } } else if ((strncmp(data, ""unc"", 3) == 0) || (strncmp(data, ""target"", 6) == 0) || (strncmp(data, ""path"", 4) == 0)) { if (!value || !*value) { fprintf(stderr, ""invalid path to network resource\n""); SAFE_FREE(out); return 1; } else if(strnlen(value,5) < 5) { fprintf(stderr, ""UNC name too short""); } if (strnlen(value, 300) < 300) { got_unc = 1; if (strncmp(value, ""//"", 2) == 0) { if(got_unc) fprintf(stderr, ""unc name specified twice, ignoring second\n""); else got_unc = 1; } else if (strncmp(value, ""\\\\"", 2) != 0) { fprintf(stderr, ""UNC Path does not begin with // or \\\\ \n""); SAFE_FREE(out); return 1; } else { if(got_unc) fprintf(stderr, ""unc name specified twice, ignoring second\n""); else got_unc = 1; } } else { fprintf(stderr, ""CIFS: UNC name too long\n""); SAFE_FREE(out); return 1; } } else if ((strncmp(data, ""dom"" , 3) == 0) || (strncmp(data, ""workg"", 5) == 0)) { if (!value || !*value) { fprintf(stderr, ""CIFS: invalid domain name\n""); SAFE_FREE(out); return 1; } if (strnlen(value, DOMAIN_SIZE+1) < DOMAIN_SIZE+1) { got_domain = 1; } else { fprintf(stderr, ""domain name too long\n""); SAFE_FREE(out); return 1; } } else if (strncmp(data, ""cred"", 4) == 0) { if (value && *value) { rc = open_cred_file(value); if(rc) { fprintf(stderr, ""error %d (%s) opening credential file %s\n"", rc, strerror(rc), value); SAFE_FREE(out); return 1; } } else { fprintf(stderr, ""invalid credential file name specified\n""); SAFE_FREE(out); return 1; } } else if (strncmp(data, ""uid"", 3) == 0) { if (value && *value) { got_uid = 1; if (!isdigit(*value)) { struct passwd *pw; if (!(pw = getpwnam(value))) { fprintf(stderr, ""bad user name \""%s\""\n"", value); exit(EX_USAGE); } snprintf(user, sizeof(user), ""%u"", pw->pw_uid); } else { strlcpy(user,value,sizeof(user)); } } goto nocopy; } else if (strncmp(data, ""gid"", 3) == 0) { if (value && *value) { got_gid = 1; if (!isdigit(*value)) { struct group *gr; if (!(gr = getgrnam(value))) { fprintf(stderr, ""bad group name \""%s\""\n"", value); exit(EX_USAGE); } snprintf(group, sizeof(group), ""%u"", gr->gr_gid); } else { strlcpy(group,value,sizeof(group)); } } goto nocopy; } else if (strcmp(data, ""file_mode"") == 0 || strcmp(data, ""fmask"")==0) { if (!value || !*value) { fprintf(stderr, ""Option '%s' requires a numerical argument\n"", data); SAFE_FREE(out); return 1; } if (value[0] != '0') { fprintf(stderr, ""WARNING: '%s' not expressed in octal.\n"", data); } if (strcmp (data, ""fmask"") == 0) { fprintf(stderr, ""WARNING: CIFS mount option 'fmask' is deprecated. Use 'file_mode' instead.\n""); data = ""file_mode""; } } else if (strcmp(data, ""dir_mode"") == 0 || strcmp(data, ""dmask"")==0) { if (!value || !*value) { fprintf(stderr, ""Option '%s' requires a numerical argument\n"", data); SAFE_FREE(out); return 1; } if (value[0] != '0') { fprintf(stderr, ""WARNING: '%s' not expressed in octal.\n"", data); } if (strcmp (data, ""dmask"") == 0) { fprintf(stderr, ""WARNING: CIFS mount option 'dmask' is deprecated. Use 'dir_mode' instead.\n""); data = ""dir_mode""; } } else if (strncmp(data, ""nosuid"", 6) == 0) { *filesys_flags |= MS_NOSUID; } else if (strncmp(data, ""suid"", 4) == 0) { *filesys_flags &= ~MS_NOSUID; } else if (strncmp(data, ""nodev"", 5) == 0) { *filesys_flags |= MS_NODEV; } else if ((strncmp(data, ""nobrl"", 5) == 0) || (strncmp(data, ""nolock"", 6) == 0)) { *filesys_flags &= ~MS_MANDLOCK; } else if (strncmp(data, ""dev"", 3) == 0) { *filesys_flags &= ~MS_NODEV; } else if (strncmp(data, ""noexec"", 6) == 0) { *filesys_flags |= MS_NOEXEC; } else if (strncmp(data, ""exec"", 4) == 0) { *filesys_flags &= ~MS_NOEXEC; } else if (strncmp(data, ""guest"", 5) == 0) { user_name = (char *)calloc(1, 1); got_user = 1; got_password = 1; } else if (strncmp(data, ""ro"", 2) == 0) { *filesys_flags |= MS_RDONLY; goto nocopy; } else if (strncmp(data, ""rw"", 2) == 0) { *filesys_flags &= ~MS_RDONLY; goto nocopy; } else if (strncmp(data, ""remount"", 7) == 0) { *filesys_flags |= MS_REMOUNT; } word_len = strlen(data); if (value) word_len += 1 + strlen(value); out = (char *)realloc(out, out_len + word_len + 2); if (out == NULL) { perror(""malloc""); exit(EX_SYSERR); } if (out_len) { strlcat(out, "","", out_len + word_len + 2); out_len++; } if (value) snprintf(out + out_len, word_len + 1, ""%s=%s"", data, value); else snprintf(out + out_len, word_len + 1, ""%s"", data); out_len = strlen(out); nocopy: data = next_keyword; } if (got_uid) { word_len = strlen(user); out = (char *)realloc(out, out_len + word_len + 6); if (out == NULL) { perror(""malloc""); exit(EX_SYSERR); } if (out_len) { strlcat(out, "","", out_len + word_len + 6); out_len++; } snprintf(out + out_len, word_len + 5, ""uid=%s"", user); out_len = strlen(out); } if (got_gid) { word_len = strlen(group); out = (char *)realloc(out, out_len + 1 + word_len + 6); if (out == NULL) { perror(""malloc""); exit(EX_SYSERR); } if (out_len) { strlcat(out, "","", out_len + word_len + 6); out_len++; } snprintf(out + out_len, word_len + 5, ""gid=%s"", group); out_len = strlen(out); } SAFE_FREE(*optionsp); *optionsp = out; return 0; }",samba,,,227521566627851130349397499048943080384,0 5182,['CWE-20'],"static unsigned long vmcs_readl(unsigned long field) { unsigned long value; asm volatile (__ex(ASM_VMX_VMREAD_RDX_RAX) : ""=a""(value) : ""d""(field) : ""cc""); return value; }",linux-2.6,,,26546212259727405039623813346177639284,0 5159,['CWE-20'],"static void ept_update_paging_mode_cr0(unsigned long *hw_cr0, unsigned long cr0, struct kvm_vcpu *vcpu) { if (!(cr0 & X86_CR0_PG)) { vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) | (CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_CR3_STORE_EXITING)); vcpu->arch.cr0 = cr0; vmx_set_cr4(vcpu, vcpu->arch.cr4); *hw_cr0 |= X86_CR0_PE | X86_CR0_PG; *hw_cr0 &= ~X86_CR0_WP; } else if (!is_paging(vcpu)) { vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) & ~(CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_CR3_STORE_EXITING)); vcpu->arch.cr0 = cr0; vmx_set_cr4(vcpu, vcpu->arch.cr4); if (!(vcpu->arch.cr0 & X86_CR0_WP)) *hw_cr0 &= ~X86_CR0_WP; } }",linux-2.6,,,200692140468911820763920406275219257556,0 4749,['CWE-20'],"static struct inode *ext4_alloc_inode(struct super_block *sb) { struct ext4_inode_info *ei; ei = kmem_cache_alloc(ext4_inode_cachep, GFP_NOFS); if (!ei) return NULL; #ifdef CONFIG_EXT4_FS_POSIX_ACL ei->i_acl = EXT4_ACL_NOT_CACHED; ei->i_default_acl = EXT4_ACL_NOT_CACHED; #endif ei->vfs_inode.i_version = 1; ei->vfs_inode.i_data.writeback_index = 0; memset(&ei->i_cached_extent, 0, sizeof(struct ext4_ext_cache)); INIT_LIST_HEAD(&ei->i_prealloc_list); spin_lock_init(&ei->i_prealloc_lock); jbd2_journal_init_jbd_inode(&ei->jinode, &ei->vfs_inode); ei->i_reserved_data_blocks = 0; ei->i_reserved_meta_blocks = 0; ei->i_allocated_meta_blocks = 0; ei->i_delalloc_reserved_flag = 0; spin_lock_init(&(ei->i_block_reservation_lock)); return &ei->vfs_inode; }",linux-2.6,,,132016692321853784410478746617490566183,0 4406,['CWE-264'],"struct sock *sk_clone(const struct sock *sk, const gfp_t priority) { struct sock *newsk; newsk = sk_prot_alloc(sk->sk_prot, priority, sk->sk_family); if (newsk != NULL) { struct sk_filter *filter; sock_copy(newsk, sk); get_net(sock_net(newsk)); sk_node_init(&newsk->sk_node); sock_lock_init(newsk); bh_lock_sock(newsk); newsk->sk_backlog.head = newsk->sk_backlog.tail = NULL; atomic_set(&newsk->sk_rmem_alloc, 0); atomic_set(&newsk->sk_wmem_alloc, 0); atomic_set(&newsk->sk_omem_alloc, 0); skb_queue_head_init(&newsk->sk_receive_queue); skb_queue_head_init(&newsk->sk_write_queue); #ifdef CONFIG_NET_DMA skb_queue_head_init(&newsk->sk_async_wait_queue); #endif rwlock_init(&newsk->sk_dst_lock); rwlock_init(&newsk->sk_callback_lock); lockdep_set_class_and_name(&newsk->sk_callback_lock, af_callback_keys + newsk->sk_family, af_family_clock_key_strings[newsk->sk_family]); newsk->sk_dst_cache = NULL; newsk->sk_wmem_queued = 0; newsk->sk_forward_alloc = 0; newsk->sk_send_head = NULL; newsk->sk_userlocks = sk->sk_userlocks & ~SOCK_BINDPORT_LOCK; sock_reset_flag(newsk, SOCK_DONE); skb_queue_head_init(&newsk->sk_error_queue); filter = newsk->sk_filter; if (filter != NULL) sk_filter_charge(newsk, filter); if (unlikely(xfrm_sk_clone_policy(newsk))) { newsk->sk_destruct = NULL; sk_free(newsk); newsk = NULL; goto out; } newsk->sk_err = 0; newsk->sk_priority = 0; atomic_set(&newsk->sk_refcnt, 2); sk_refcnt_debug_inc(newsk); sk_set_socket(newsk, NULL); newsk->sk_sleep = NULL; if (newsk->sk_prot->sockets_allocated) percpu_counter_inc(newsk->sk_prot->sockets_allocated); } out: return newsk; }",linux-2.6,,,31882445086634597645394731038490107671,0 36,CWE-763,"spnego_gss_accept_sec_context( OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_cred_id_t verifier_cred_handle, gss_buffer_t input_token, gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle) { OM_uint32 ret, tmpmin, negState; send_token_flag return_token; gss_buffer_t mechtok_in, mic_in, mic_out; gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER; spnego_gss_ctx_id_t sc = NULL; spnego_gss_cred_id_t spcred = NULL; int sendTokenInit = 0, tmpret; mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER; if (minor_status != NULL) *minor_status = 0; if (output_token != GSS_C_NO_BUFFER) { output_token->length = 0; output_token->value = NULL; } if (minor_status == NULL || output_token == GSS_C_NO_BUFFER || context_handle == NULL) return GSS_S_CALL_INACCESSIBLE_WRITE; if (input_token == GSS_C_NO_BUFFER) return GSS_S_CALL_INACCESSIBLE_READ; sc = (spnego_gss_ctx_id_t)*context_handle; spcred = (spnego_gss_cred_id_t)verifier_cred_handle; if (sc == NULL || sc->internal_mech == GSS_C_NO_OID) { if (src_name != NULL) *src_name = GSS_C_NO_NAME; if (mech_type != NULL) *mech_type = GSS_C_NO_OID; if (time_rec != NULL) *time_rec = 0; if (ret_flags != NULL) *ret_flags = 0; if (delegated_cred_handle != NULL) *delegated_cred_handle = GSS_C_NO_CREDENTIAL; if (input_token->length == 0) { ret = acc_ctx_hints(minor_status, context_handle, spcred, &mic_out, &negState, &return_token); if (ret != GSS_S_COMPLETE) goto cleanup; sendTokenInit = 1; ret = GSS_S_CONTINUE_NEEDED; } else { ret = acc_ctx_new(minor_status, input_token, context_handle, spcred, &mechtok_in, &mic_in, &negState, &return_token); if (ret != GSS_S_COMPLETE) goto cleanup; ret = GSS_S_CONTINUE_NEEDED; } } else { ret = acc_ctx_cont(minor_status, input_token, context_handle, &mechtok_in, &mic_in, &negState, &return_token); if (ret != GSS_S_COMPLETE) goto cleanup; ret = GSS_S_CONTINUE_NEEDED; } sc = (spnego_gss_ctx_id_t)*context_handle; if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) { ret = acc_ctx_call_acc(minor_status, sc, spcred, mechtok_in, mech_type, &mechtok_out, ret_flags, time_rec, delegated_cred_handle, &negState, &return_token); } if (!HARD_ERROR(ret) && sc->mech_complete && (sc->ctx_flags & GSS_C_INTEG_FLAG)) { ret = handle_mic(minor_status, mic_in, (mechtok_out.length != 0), sc, &mic_out, &negState, &return_token); } cleanup: if (return_token == INIT_TOKEN_SEND && sendTokenInit) { assert(sc != NULL); tmpret = make_spnego_tokenInit_msg(sc, 1, mic_out, 0, GSS_C_NO_BUFFER, return_token, output_token); if (tmpret < 0) ret = GSS_S_FAILURE; } else if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) { tmpret = make_spnego_tokenTarg_msg(negState, sc ? sc->internal_mech : GSS_C_NO_OID, &mechtok_out, mic_out, return_token, output_token); if (tmpret < 0) ret = GSS_S_FAILURE; } if (ret == GSS_S_COMPLETE) { *context_handle = (gss_ctx_id_t)sc->ctx_handle; if (sc->internal_name != GSS_C_NO_NAME && src_name != NULL) { *src_name = sc->internal_name; sc->internal_name = GSS_C_NO_NAME; } release_spnego_ctx(&sc); } else if (ret != GSS_S_CONTINUE_NEEDED) { if (sc != NULL) { gss_delete_sec_context(&tmpmin, &sc->ctx_handle, GSS_C_NO_BUFFER); release_spnego_ctx(&sc); } *context_handle = GSS_C_NO_CONTEXT; } gss_release_buffer(&tmpmin, &mechtok_out); if (mechtok_in != GSS_C_NO_BUFFER) { gss_release_buffer(&tmpmin, mechtok_in); free(mechtok_in); } if (mic_in != GSS_C_NO_BUFFER) { gss_release_buffer(&tmpmin, mic_in); free(mic_in); } if (mic_out != GSS_C_NO_BUFFER) { gss_release_buffer(&tmpmin, mic_out); free(mic_out); } return ret; }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,181105471678618,1 4905,['CWE-20'],"int nfs_do_filldir(nfs_readdir_descriptor_t *desc, void *dirent, filldir_t filldir) { struct file *file = desc->file; struct nfs_entry *entry = desc->entry; struct dentry *dentry = NULL; unsigned long fileid; int loop_count = 0, res; dfprintk(DIRCACHE, ""NFS: nfs_do_filldir() filling starting @ cookie %Lu\n"", (unsigned long long)entry->cookie); for(;;) { unsigned d_type = DT_UNKNOWN; fileid = nfs_fileid_to_ino_t(entry->ino); if (dentry != NULL) dput(dentry); dentry = nfs_readdir_lookup(desc); if (dentry != NULL && dentry->d_inode != NULL) { d_type = dt_type(dentry->d_inode); fileid = dentry->d_inode->i_ino; } res = filldir(dirent, entry->name, entry->len, file->f_pos, fileid, d_type); if (res < 0) break; file->f_pos++; *desc->dir_cookie = entry->cookie; if (dir_decode(desc) != 0) { desc->page_index ++; break; } if (loop_count++ > 200) { loop_count = 0; schedule(); } } dir_page_release(desc); if (dentry != NULL) dput(dentry); dfprintk(DIRCACHE, ""NFS: nfs_do_filldir() filling ended @ cookie %Lu; returning = %d\n"", (unsigned long long)*desc->dir_cookie, res); return res; }",linux-2.6,,,90656939015956968016409281332899900648,0 1786,CWE-362,"void snd_pcm_period_elapsed(struct snd_pcm_substream *substream) { struct snd_pcm_runtime *runtime; unsigned long flags; if (PCM_RUNTIME_CHECK(substream)) return; runtime = substream->runtime; snd_pcm_stream_lock_irqsave(substream, flags); if (!snd_pcm_running(substream) || snd_pcm_update_hw_ptr0(substream, 1) < 0) goto _end; #ifdef CONFIG_SND_PCM_TIMER if (substream->timer_running) snd_timer_interrupt(substream->timer, 1); #endif _end: snd_pcm_stream_unlock_irqrestore(substream, flags); kill_fasync(&runtime->fasync, SIGIO, POLL_IN); }",visit repo url,sound/core/pcm_lib.c,https://github.com/torvalds/linux,133236748825531,1 1372,CWE-200,"static int load_misc_binary(struct linux_binprm *bprm) { Node *fmt; struct file * interp_file = NULL; char iname[BINPRM_BUF_SIZE]; const char *iname_addr = iname; int retval; int fd_binary = -1; retval = -ENOEXEC; if (!enabled) goto _ret; read_lock(&entries_lock); fmt = check_file(bprm); if (fmt) strlcpy(iname, fmt->interpreter, BINPRM_BUF_SIZE); read_unlock(&entries_lock); if (!fmt) goto _ret; if (!(fmt->flags & MISC_FMT_PRESERVE_ARGV0)) { retval = remove_arg_zero(bprm); if (retval) goto _ret; } if (fmt->flags & MISC_FMT_OPEN_BINARY) { fd_binary = get_unused_fd(); if (fd_binary < 0) { retval = fd_binary; goto _ret; } fd_install(fd_binary, bprm->file); would_dump(bprm, bprm->file); allow_write_access(bprm->file); bprm->file = NULL; bprm->interp_flags |= BINPRM_FLAGS_EXECFD; bprm->interp_data = fd_binary; } else { allow_write_access(bprm->file); fput(bprm->file); bprm->file = NULL; } retval = copy_strings_kernel (1, &bprm->interp, bprm); if (retval < 0) goto _error; bprm->argc++; retval = copy_strings_kernel (1, &iname_addr, bprm); if (retval < 0) goto _error; bprm->argc ++; bprm->interp = iname; interp_file = open_exec (iname); retval = PTR_ERR (interp_file); if (IS_ERR (interp_file)) goto _error; bprm->file = interp_file; if (fmt->flags & MISC_FMT_CREDENTIALS) { memset(bprm->buf, 0, BINPRM_BUF_SIZE); retval = kernel_read(bprm->file, 0, bprm->buf, BINPRM_BUF_SIZE); } else retval = prepare_binprm (bprm); if (retval < 0) goto _error; retval = search_binary_handler(bprm); if (retval < 0) goto _error; _ret: return retval; _error: if (fd_binary > 0) sys_close(fd_binary); bprm->interp_flags = 0; bprm->interp_data = 0; goto _ret; }",visit repo url,fs/binfmt_misc.c,https://github.com/torvalds/linux,31329650226421,1 5076,CWE-125,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 6484,CWE-125,"pci_vtblk_proc(struct pci_vtblk_softc *sc, struct vqueue_info *vq) { struct virtio_blk_hdr *vbh; struct virtio_blk_discard_write_zeroes *vbdiscard; struct pci_vtblk_ioreq *io; int i, n; int err; ssize_t iolen; int expectro, type; struct iovec iov[BLOCKIF_IOV_MAX + 2]; uint16_t idx, flags[BLOCKIF_IOV_MAX + 2]; n = vq_getchain(vq, &idx, iov, BLOCKIF_IOV_MAX + 2, flags); assert(n >= 2 && n <= BLOCKIF_IOV_MAX + 2); io = &sc->vbsc_ios[idx]; assert((flags[0] & VRING_DESC_F_WRITE) == 0); assert(iov[0].iov_len == sizeof(struct virtio_blk_hdr)); vbh = iov[0].iov_base; memcpy(&io->io_req.br_iov, &iov[1], sizeof(struct iovec) * ((size_t)n - 2)); io->io_req.br_iovcnt = n - 2; io->io_req.br_offset = (off_t)(vbh->vbh_sector * DEV_BSIZE); io->io_status = iov[--n].iov_base; assert(iov[n].iov_len == 1); assert(flags[n] & VRING_DESC_F_WRITE); type = vbh->vbh_type & ~VBH_FLAG_BARRIER; expectro = (type == VBH_OP_WRITE) || (type == VBH_OP_DISCARD); iolen = 0; for (i = 1; i < n; i++) { assert(((flags[i] & VRING_DESC_F_WRITE) == 0) == expectro); iolen += iov[i].iov_len; } io->io_req.br_resid = iolen; DPRINTF((""virtio-block: %s op, %zd bytes, %d segs\n\r"", print_vbh_op(type), iolen, i - 1)); switch (type) { case VBH_OP_READ: err = blockif_read(sc->bc, &io->io_req); break; case VBH_OP_WRITE: err = blockif_write(sc->bc, &io->io_req); break; case VBH_OP_DISCARD: assert(iov[1].iov_len = sizeof(struct virtio_blk_discard_write_zeroes)); assert(n == 2); vbdiscard = iov[1].iov_base; io->io_req.br_offset = (off_t) vbdiscard->sector * DEV_BSIZE; io->io_req.br_resid = vbdiscard->num_sectors * DEV_BSIZE; err = blockif_delete(sc->bc, &io->io_req); break; case VBH_OP_FLUSH: case VBH_OP_FLUSH_OUT: err = blockif_flush(sc->bc, &io->io_req); break; case VBH_OP_IDENT: memset(iov[1].iov_base, 0, iov[1].iov_len); strncpy(iov[1].iov_base, sc->vbsc_ident, MIN(iov[1].iov_len, sizeof(sc->vbsc_ident))); pci_vtblk_done_locked(&io->io_req, 0); return; default: pci_vtblk_done_locked(&io->io_req, EOPNOTSUPP); return; } assert(err == 0); }",visit repo url,src/lib/pci_virtio_block.c,https://github.com/moby/hyperkit,65370508898844,1 4549,['CWE-20'],"static inline unsigned dx_node_limit(struct inode *dir) { unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(0); return entry_space / sizeof(struct dx_entry); }",linux-2.6,,,165459507282607743955813717918363561111,0 4229,CWE-787,"static bool decode(RArchSession *as, RAnalOp *op, RArchDecodeMask mask) { int len = op->size; const ut8 *_buf = op->bytes; const ut64 addr = op->addr; if (len < 1) { return false; } ut8 *buf = (ut8*)_buf; ut64 dst = 0LL; if (!op) { return 1; } if (mask & R_ARCH_OP_MASK_DISASM) { (void) disassemble (op, buf, len); } r_strbuf_init (&op->esil); op->size = 1; op->id = getid (buf[0]); switch (buf[0]) { case '[': op->type = R_ANAL_OP_TYPE_CJMP; op->jump = dst; op->fail = addr + 1; RArch *a = as->arch; RIOReadAt read_at = NULL; RBin *bin = R_UNWRAP2 (a, binb.bin); if (bin && bin->iob.read_at) { RIOReadAt read_at = bin->iob.read_at; buf = malloc (0xff); read_at (bin->iob.io, op->addr, buf, 0xff); } r_strbuf_set (&op->esil, ""1,pc,-,brk,=[4],4,brk,+=""); #if 1 { const ut8 *p = buf + 1; int lev = 0, i = 1; len--; while (i < len && *p) { if (*p == '[') { lev++; } if (*p == ']') { lev--; if (lev == -1) { dst = addr + (size_t)(p - buf) + 1; op->jump = dst; r_strbuf_set (&op->esil, ""1,pc,-,brk,=[4],4,brk,+=,""); goto beach; } } if (*p == 0x00 || *p == 0xff) { op->type = R_ANAL_OP_TYPE_ILL; goto beach; } if (read_at && i == len - 1) { break; int new_buf_len = len + 1 + BUFSIZE_INC; ut8 *new_buf = calloc (new_buf_len, 1); if (new_buf) { free (buf); memcpy (new_buf, op->bytes, new_buf_len); buf = new_buf; read_at (bin->iob.io, op->addr + i, buf + i, 0xff); p = buf + i; len += BUFSIZE_INC; } } p++; i++; } } beach: free (buf); #endif break; case ']': op->type = R_ANAL_OP_TYPE_UJMP; r_strbuf_set (&op->esil, ""4,brk,-=,ptr,[1],?{,brk,[4],pc,=,}""); break; case '>': op->type = R_ANAL_OP_TYPE_ADD; op->size = countChar (buf, len, '>'); r_strbuf_setf (&op->esil, ""%d,ptr,+="", op->size); break; case '<': op->type = R_ANAL_OP_TYPE_SUB; op->size = countChar (buf, len, '<'); r_strbuf_setf (&op->esil, ""%d,ptr,-="", op->size); break; case '+': op->size = countChar (buf, len, '+'); op->type = R_ANAL_OP_TYPE_ADD; r_strbuf_setf (&op->esil, ""%d,ptr,+=[1]"", op->size); break; case '-': op->type = R_ANAL_OP_TYPE_SUB; op->size = countChar (buf, len, '-'); r_strbuf_setf (&op->esil, ""%d,ptr,-=[1]"", op->size); break; case '.': op->type = R_ANAL_OP_TYPE_STORE; r_strbuf_set (&op->esil, ""ptr,[1],scr,=[1],1,scr,+=""); break; case ',': op->type = R_ANAL_OP_TYPE_LOAD; r_strbuf_set (&op->esil, ""kbd,[1],ptr,=[1],1,kbd,+=""); break; case 0x00: case 0xff: op->type = R_ANAL_OP_TYPE_TRAP; break; default: op->type = R_ANAL_OP_TYPE_NOP; r_strbuf_set (&op->esil, "",""); break; } return op->size; }",visit repo url,libr/arch/p/bf/plugin.c,https://github.com/radareorg/radare2,56407925533505,1 1068,['CWE-20'],"asmlinkage long sys_setuid(uid_t uid) { int old_euid = current->euid; int old_ruid, old_suid, new_suid; int retval; retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); if (retval) return retval; old_ruid = current->uid; old_suid = current->suid; new_suid = old_suid; if (capable(CAP_SETUID)) { if (uid != old_ruid && set_user(uid, old_euid != uid) < 0) return -EAGAIN; new_suid = uid; } else if ((uid != current->uid) && (uid != new_suid)) return -EPERM; if (old_euid != uid) { current->mm->dumpable = suid_dumpable; smp_wmb(); } current->fsuid = current->euid = uid; current->suid = new_suid; key_fsuid_changed(current); proc_id_connector(current, PROC_EVENT_UID); return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); }",linux-2.6,,,61150799898324862224806585048020222872,0 123,CWE-203,"static int nf_conntrack_standalone_init_sysctl(struct net *net) { struct nf_conntrack_net *cnet = net_generic(net, nf_conntrack_net_id); struct nf_udp_net *un = nf_udp_pernet(net); struct ctl_table *table; BUILD_BUG_ON(ARRAY_SIZE(nf_ct_sysctl_table) != NF_SYSCTL_CT_LAST_SYSCTL); table = kmemdup(nf_ct_sysctl_table, sizeof(nf_ct_sysctl_table), GFP_KERNEL); if (!table) return -ENOMEM; table[NF_SYSCTL_CT_COUNT].data = &net->ct.count; table[NF_SYSCTL_CT_CHECKSUM].data = &net->ct.sysctl_checksum; table[NF_SYSCTL_CT_LOG_INVALID].data = &net->ct.sysctl_log_invalid; table[NF_SYSCTL_CT_ACCT].data = &net->ct.sysctl_acct; table[NF_SYSCTL_CT_HELPER].data = &net->ct.sysctl_auto_assign_helper; #ifdef CONFIG_NF_CONNTRACK_EVENTS table[NF_SYSCTL_CT_EVENTS].data = &net->ct.sysctl_events; #endif #ifdef CONFIG_NF_CONNTRACK_TIMESTAMP table[NF_SYSCTL_CT_TIMESTAMP].data = &net->ct.sysctl_tstamp; #endif table[NF_SYSCTL_CT_PROTO_TIMEOUT_GENERIC].data = &nf_generic_pernet(net)->timeout; table[NF_SYSCTL_CT_PROTO_TIMEOUT_ICMP].data = &nf_icmp_pernet(net)->timeout; table[NF_SYSCTL_CT_PROTO_TIMEOUT_ICMPV6].data = &nf_icmpv6_pernet(net)->timeout; table[NF_SYSCTL_CT_PROTO_TIMEOUT_UDP].data = &un->timeouts[UDP_CT_UNREPLIED]; table[NF_SYSCTL_CT_PROTO_TIMEOUT_UDP_STREAM].data = &un->timeouts[UDP_CT_REPLIED]; nf_conntrack_standalone_init_tcp_sysctl(net, table); nf_conntrack_standalone_init_sctp_sysctl(net, table); nf_conntrack_standalone_init_dccp_sysctl(net, table); nf_conntrack_standalone_init_gre_sysctl(net, table); if (net->user_ns != &init_user_ns) { table[NF_SYSCTL_CT_MAX].mode = 0444; table[NF_SYSCTL_CT_EXPECT_MAX].mode = 0444; table[NF_SYSCTL_CT_HELPER].mode = 0444; #ifdef CONFIG_NF_CONNTRACK_EVENTS table[NF_SYSCTL_CT_EVENTS].mode = 0444; #endif table[NF_SYSCTL_CT_BUCKETS].mode = 0444; } else if (!net_eq(&init_net, net)) { table[NF_SYSCTL_CT_BUCKETS].mode = 0444; } cnet->sysctl_header = register_net_sysctl(net, ""net/netfilter"", table); if (!cnet->sysctl_header) goto out_unregister_netfilter; return 0; out_unregister_netfilter: kfree(table); return -ENOMEM; }",visit repo url,net/netfilter/nf_conntrack_standalone.c,https://github.com/torvalds/linux,247108126392031,1 4203,['CWE-399'],"void avahi_server_generate_response(AvahiServer *s, AvahiInterface *i, AvahiDnsPacket *p, const AvahiAddress *a, uint16_t port, int legacy_unicast, int immediately) { assert(s); assert(i); assert(!legacy_unicast || (a && port > 0 && p)); if (legacy_unicast) { AvahiDnsPacket *reply; AvahiRecord *r; if (!(reply = avahi_dns_packet_new_reply(p, 512 + AVAHI_DNS_PACKET_EXTRA_SIZE , 1, 1))) return; while ((r = avahi_record_list_next(s->record_list, NULL, NULL, NULL))) { append_aux_records_to_list(s, i, r, 0); if (avahi_dns_packet_append_record(reply, r, 0, 10)) avahi_dns_packet_inc_field(reply, AVAHI_DNS_FIELD_ANCOUNT); else { char *t = avahi_record_to_string(r); avahi_log_warn(""Record [%s] not fitting in legacy unicast packet, dropping."", t); avahi_free(t); } avahi_record_unref(r); } if (avahi_dns_packet_get_field(reply, AVAHI_DNS_FIELD_ANCOUNT) != 0) avahi_interface_send_packet_unicast(i, reply, a, port); avahi_dns_packet_free(reply); } else { int unicast_response, flush_cache, auxiliary; AvahiDnsPacket *reply = NULL; AvahiRecord *r; int tc = p && !!(avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_FLAGS) & AVAHI_DNS_FLAG_TC); while ((r = avahi_record_list_next(s->record_list, &flush_cache, &unicast_response, &auxiliary))) { int im = immediately; if (flush_cache && !tc && !auxiliary && avahi_record_list_all_flush_cache(s->record_list)) im = 1; if (!avahi_interface_post_response(i, r, flush_cache, a, im) && unicast_response) { append_aux_records_to_list(s, i, r, unicast_response); for (;;) { if (!reply) { assert(p); if (!(reply = avahi_dns_packet_new_reply(p, i->hardware->mtu, 0, 0))) break; } if (avahi_dns_packet_append_record(reply, r, flush_cache, 0)) { avahi_dns_packet_inc_field(reply, AVAHI_DNS_FIELD_ANCOUNT); break; } if (avahi_dns_packet_get_field(reply, AVAHI_DNS_FIELD_ANCOUNT) == 0) { size_t size; avahi_dns_packet_free(reply); size = avahi_record_get_estimate_size(r) + AVAHI_DNS_PACKET_HEADER_SIZE; if (!(reply = avahi_dns_packet_new_reply(p, size + AVAHI_DNS_PACKET_EXTRA_SIZE, 0, 1))) break; if (avahi_dns_packet_append_record(reply, r, flush_cache, 0)) { avahi_dns_packet_inc_field(reply, AVAHI_DNS_FIELD_ANCOUNT); break; } else { char *t; avahi_dns_packet_free(reply); reply = NULL; t = avahi_record_to_string(r); avahi_log_warn(""Record [%s] too large, doesn't fit in any packet!"", t); avahi_free(t); break; } } avahi_interface_send_packet_unicast(i, reply, a, port); avahi_dns_packet_free(reply); reply = NULL; } } avahi_record_unref(r); } if (reply) { if (avahi_dns_packet_get_field(reply, AVAHI_DNS_FIELD_ANCOUNT) != 0) avahi_interface_send_packet_unicast(i, reply, a, port); avahi_dns_packet_free(reply); } } avahi_record_list_flush(s->record_list); }",avahi,,,125827258176902921467226143828710759008,0 3934,CWE-416,"getout(int exitval) { exiting = TRUE; #if defined(FEAT_EVAL) ch_log(NULL, ""Exiting...""); #endif if (exmode_active) exitval += ex_exitval; #ifdef FEAT_EVAL set_vim_var_type(VV_EXITING, VAR_NUMBER); set_vim_var_nr(VV_EXITING, exitval); #endif if (!is_not_a_term_or_gui()) windgoto((int)Rows - 1, 0); #ifdef FEAT_EVAL invoke_all_defer(); #endif #if defined(FEAT_EVAL) || defined(FEAT_SYN_HL) hash_debug_results(); #endif #ifdef FEAT_GUI msg_didany = FALSE; #endif if (v_dying <= 1) { tabpage_T *tp; tabpage_T *next_tp; buf_T *buf; win_T *wp; int unblock = 0; for (tp = first_tabpage; tp != NULL; tp = next_tp) { next_tp = tp->tp_next; FOR_ALL_WINDOWS_IN_TAB(tp, wp) { if (wp->w_buffer == NULL) continue; buf = wp->w_buffer; if (CHANGEDTICK(buf) != -1) { bufref_T bufref; set_bufref(&bufref, buf); apply_autocmds(EVENT_BUFWINLEAVE, buf->b_fname, buf->b_fname, FALSE, buf); if (bufref_valid(&bufref)) CHANGEDTICK(buf) = -1; next_tp = first_tabpage; break; } } } FOR_ALL_BUFFERS(buf) if (buf->b_ml.ml_mfp != NULL) { bufref_T bufref; set_bufref(&bufref, buf); apply_autocmds(EVENT_BUFUNLOAD, buf->b_fname, buf->b_fname, FALSE, buf); if (!bufref_valid(&bufref)) break; } if (is_autocmd_blocked()) { unblock_autocmds(); ++unblock; } apply_autocmds(EVENT_VIMLEAVEPRE, NULL, NULL, FALSE, curbuf); if (unblock) block_autocmds(); } #ifdef FEAT_VIMINFO if (*p_viminfo != NUL) write_viminfo(NULL, FALSE); #endif if (v_dying <= 1) { int unblock = 0; if (is_autocmd_blocked()) { unblock_autocmds(); ++unblock; } apply_autocmds(EVENT_VIMLEAVE, NULL, NULL, FALSE, curbuf); if (unblock) block_autocmds(); } #ifdef FEAT_PROFILE profile_dump(); #endif if (did_emsg #ifdef FEAT_GUI || (gui.in_use && msg_didany && p_verbose > 0) #endif ) { no_wait_return = FALSE; wait_return(FALSE); } if (!is_not_a_term_or_gui()) windgoto((int)Rows - 1, 0); #ifdef FEAT_JOB_CHANNEL job_stop_on_exit(); #endif #ifdef FEAT_LUA lua_end(); #endif #ifdef FEAT_MZSCHEME mzscheme_end(); #endif #ifdef FEAT_TCL tcl_end(); #endif #ifdef FEAT_RUBY ruby_end(); #endif #ifdef FEAT_PYTHON python_end(); #endif #ifdef FEAT_PYTHON3 python3_end(); #endif #ifdef FEAT_PERL perl_end(); #endif #if defined(USE_ICONV) && defined(DYNAMIC_ICONV) iconv_end(); #endif #ifdef FEAT_NETBEANS_INTG netbeans_end(); #endif #ifdef FEAT_CSCOPE cs_end(); #endif #ifdef FEAT_EVAL if (garbage_collect_at_exit) garbage_collect(FALSE); #endif #ifdef MSWIN free_cmd_argsW(); #endif mch_exit(exitval); }",visit repo url,src/main.c,https://github.com/vim/vim,56733491185788,1 437,CWE-119,"static int usb_parse_configuration(struct usb_device *dev, int cfgidx, struct usb_host_config *config, unsigned char *buffer, int size) { struct device *ddev = &dev->dev; unsigned char *buffer0 = buffer; int cfgno; int nintf, nintf_orig; int i, j, n; struct usb_interface_cache *intfc; unsigned char *buffer2; int size2; struct usb_descriptor_header *header; int len, retval; u8 inums[USB_MAXINTERFACES], nalts[USB_MAXINTERFACES]; unsigned iad_num = 0; memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); if (config->desc.bDescriptorType != USB_DT_CONFIG || config->desc.bLength < USB_DT_CONFIG_SIZE || config->desc.bLength > size) { dev_err(ddev, ""invalid descriptor for config index %d: "" ""type = 0x%X, length = %d\n"", cfgidx, config->desc.bDescriptorType, config->desc.bLength); return -EINVAL; } cfgno = config->desc.bConfigurationValue; buffer += config->desc.bLength; size -= config->desc.bLength; nintf = nintf_orig = config->desc.bNumInterfaces; if (nintf > USB_MAXINTERFACES) { dev_warn(ddev, ""config %d has too many interfaces: %d, "" ""using maximum allowed: %d\n"", cfgno, nintf, USB_MAXINTERFACES); nintf = USB_MAXINTERFACES; } n = 0; for ((buffer2 = buffer, size2 = size); size2 > 0; (buffer2 += header->bLength, size2 -= header->bLength)) { if (size2 < sizeof(struct usb_descriptor_header)) { dev_warn(ddev, ""config %d descriptor has %d excess "" ""byte%s, ignoring\n"", cfgno, size2, plural(size2)); break; } header = (struct usb_descriptor_header *) buffer2; if ((header->bLength > size2) || (header->bLength < 2)) { dev_warn(ddev, ""config %d has an invalid descriptor "" ""of length %d, skipping remainder of the config\n"", cfgno, header->bLength); break; } if (header->bDescriptorType == USB_DT_INTERFACE) { struct usb_interface_descriptor *d; int inum; d = (struct usb_interface_descriptor *) header; if (d->bLength < USB_DT_INTERFACE_SIZE) { dev_warn(ddev, ""config %d has an invalid "" ""interface descriptor of length %d, "" ""skipping\n"", cfgno, d->bLength); continue; } inum = d->bInterfaceNumber; if ((dev->quirks & USB_QUIRK_HONOR_BNUMINTERFACES) && n >= nintf_orig) { dev_warn(ddev, ""config %d has more interface "" ""descriptors, than it declares in "" ""bNumInterfaces, ignoring interface "" ""number: %d\n"", cfgno, inum); continue; } if (inum >= nintf_orig) dev_warn(ddev, ""config %d has an invalid "" ""interface number: %d but max is %d\n"", cfgno, inum, nintf_orig - 1); for (i = 0; i < n; ++i) { if (inums[i] == inum) break; } if (i < n) { if (nalts[i] < 255) ++nalts[i]; } else if (n < USB_MAXINTERFACES) { inums[n] = inum; nalts[n] = 1; ++n; } } else if (header->bDescriptorType == USB_DT_INTERFACE_ASSOCIATION) { if (iad_num == USB_MAXIADS) { dev_warn(ddev, ""found more Interface "" ""Association Descriptors "" ""than allocated for in "" ""configuration %d\n"", cfgno); } else { config->intf_assoc[iad_num] = (struct usb_interface_assoc_descriptor *)header; iad_num++; } } else if (header->bDescriptorType == USB_DT_DEVICE || header->bDescriptorType == USB_DT_CONFIG) dev_warn(ddev, ""config %d contains an unexpected "" ""descriptor of type 0x%X, skipping\n"", cfgno, header->bDescriptorType); } size = buffer2 - buffer; config->desc.wTotalLength = cpu_to_le16(buffer2 - buffer0); if (n != nintf) dev_warn(ddev, ""config %d has %d interface%s, different from "" ""the descriptor's value: %d\n"", cfgno, n, plural(n), nintf_orig); else if (n == 0) dev_warn(ddev, ""config %d has no interfaces?\n"", cfgno); config->desc.bNumInterfaces = nintf = n; for (i = 0; i < nintf; ++i) { for (j = 0; j < nintf; ++j) { if (inums[j] == i) break; } if (j >= nintf) dev_warn(ddev, ""config %d has no interface number "" ""%d\n"", cfgno, i); } for (i = 0; i < nintf; ++i) { j = nalts[i]; if (j > USB_MAXALTSETTING) { dev_warn(ddev, ""too many alternate settings for "" ""config %d interface %d: %d, "" ""using maximum allowed: %d\n"", cfgno, inums[i], j, USB_MAXALTSETTING); nalts[i] = j = USB_MAXALTSETTING; } len = sizeof(*intfc) + sizeof(struct usb_host_interface) * j; config->intf_cache[i] = intfc = kzalloc(len, GFP_KERNEL); if (!intfc) return -ENOMEM; kref_init(&intfc->ref); } config->extra = buffer; i = find_next_descriptor(buffer, size, USB_DT_INTERFACE, USB_DT_INTERFACE, &n); config->extralen = i; if (n > 0) dev_dbg(ddev, ""skipped %d descriptor%s after %s\n"", n, plural(n), ""configuration""); buffer += i; size -= i; while (size > 0) { retval = usb_parse_interface(ddev, cfgno, config, buffer, size, inums, nalts); if (retval < 0) return retval; buffer += retval; size -= retval; } for (i = 0; i < nintf; ++i) { intfc = config->intf_cache[i]; for (j = 0; j < intfc->num_altsetting; ++j) { for (n = 0; n < intfc->num_altsetting; ++n) { if (intfc->altsetting[n].desc. bAlternateSetting == j) break; } if (n >= intfc->num_altsetting) dev_warn(ddev, ""config %d interface %d has no "" ""altsetting %d\n"", cfgno, inums[i], j); } } return 0; }",visit repo url,drivers/usb/core/config.c,https://github.com/torvalds/linux,71795455070747,1 2464,CWE-89,"static CURLcode pop3_parse_url_path(struct connectdata *conn) { struct pop3_conn *pop3c = &conn->proto.pop3c; struct SessionHandle *data = conn->data; const char *path = data->state.path; pop3c->mailbox = curl_easy_unescape(data, path, 0, NULL); if(!pop3c->mailbox) return CURLE_OUT_OF_MEMORY; return CURLE_OK; }",visit repo url,lib/pop3.c,https://github.com/bagder/curl,252754811609547,1 6082,CWE-190,"void bn_read_str(bn_t a, const char *str, int len, int radix) { int sign, i, j; char c; bn_zero(a); if (radix < 2 || radix > 64) { RLC_THROW(ERR_NO_VALID); return; } j = 0; if (str[0] == '-') { j++; sign = RLC_NEG; } else { sign = RLC_POS; } RLC_TRY { bn_grow(a, RLC_CEIL(len * util_bits_dig(radix), RLC_DIG)); while (j < len) { if (str[j] == 0) { break; } c = (char)((radix < 36) ? RLC_UPP(str[j]) : str[j]); for (i = 0; i < 64; i++) { if (c == util_conv_char(i)) { break; } } if (i < radix) { bn_mul_dig(a, a, (dig_t)radix); bn_add_dig(a, a, (dig_t)i); } else { break; } j++; } a->sign = sign; bn_trim(a); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,188908624347209,1 4811,CWE-415,"static int gemsafe_get_cert_len(sc_card_t *card) { int r; u8 ibuf[GEMSAFE_MAX_OBJLEN]; u8 *iptr; struct sc_path path; struct sc_file *file; size_t objlen, certlen; unsigned int ind, i=0; sc_format_path(GEMSAFE_PATH, &path); r = sc_select_file(card, &path, &file); if (r != SC_SUCCESS || !file) return SC_ERROR_INTERNAL; r = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0); if (r < 0) return SC_ERROR_INTERNAL; objlen = (((size_t) ibuf[0]) << 8) | ibuf[1]; sc_log(card->ctx, ""Stored object is of size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); if (objlen < 1 || objlen > GEMSAFE_MAX_OBJLEN) { sc_log(card->ctx, ""Invalid object size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); return SC_ERROR_INTERNAL; } ind = 2; while (ibuf[ind] == 0x01) { if (ibuf[ind+1] == 0xFE) { gemsafe_prkeys[i].ref = ibuf[ind+4]; sc_log(card->ctx, ""Key container %d is allocated and uses key_ref %d"", i+1, gemsafe_prkeys[i].ref); ind += 9; } else { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; sc_log(card->ctx, ""Key container %d is unallocated"", i+1); ind += 8; } i++; } for (; i < gemsafe_cert_max; i++) { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } iptr = ibuf + GEMSAFE_READ_QUANTUM; while ((size_t)(iptr - ibuf) < objlen) { r = sc_read_binary(card, iptr - ibuf, iptr, MIN(GEMSAFE_READ_QUANTUM, objlen - (iptr - ibuf)), 0); if (r < 0) { sc_log(card->ctx, ""Could not read cert object""); return SC_ERROR_INTERNAL; } iptr += GEMSAFE_READ_QUANTUM; } i = 0; while (ind < objlen - 1) { if (ibuf[ind] == 0x30 && ibuf[ind+1] == 0x82) { while (i < gemsafe_cert_max && gemsafe_cert[i].label == NULL) i++; if (i == gemsafe_cert_max) { sc_log(card->ctx, ""Warning: Found orphaned certificate at offset %d"", ind); return SC_SUCCESS; } if (ind+3 >= sizeof ibuf) return SC_ERROR_INVALID_DATA; certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4; sc_log(card->ctx, ""Found certificate of key container %d at offset %d, len %""SC_FORMAT_LEN_SIZE_T""u"", i+1, ind, certlen); gemsafe_cert[i].index = ind; gemsafe_cert[i].count = certlen; ind += certlen; i++; } else ind++; } for (; i < gemsafe_cert_max; i++) { if (gemsafe_cert[i].label) { sc_log(card->ctx, ""Warning: Certificate of key container %d is missing"", i+1); gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-gemsafeV1.c,https://github.com/OpenSC/OpenSC,187411920034295,1 5259,['CWE-264'],"static bool identity_in_ace_equal(canon_ace *ace1, canon_ace *ace2) { if (sid_equal(&ace1->trustee, &ace2->trustee)) { return True; } if (ace1->owner_type == ace2->owner_type) { if (ace1->owner_type == UID_ACE && ace1->unix_ug.uid == ace2->unix_ug.uid) { return True; } else if (ace1->owner_type == GID_ACE && ace1->unix_ug.gid == ace2->unix_ug.gid) { return True; } } return False; }",samba,,,63692073710351189757938277299774901906,0 4455,CWE-682,"static void WritePixels(struct ngiflib_img * i, struct ngiflib_decode_context * context, const u8 * pixels, u16 n) { u16 tocopy; struct ngiflib_gif * p = i->parent; while(n > 0) { tocopy = (context->Xtogo < n) ? context->Xtogo : n; if(!i->gce.transparent_flag) { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif ngiflib_memcpy(context->frbuff_p.p8, pixels, tocopy); pixels += tocopy; context->frbuff_p.p8 += tocopy; #ifndef NGIFLIB_INDEXED_ONLY } else { int j; for(j = (int)tocopy; j > 0; j--) { *(context->frbuff_p.p32++) = GifIndexToTrueColor(i->palette, *pixels++); } } #endif } else { int j; #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif for(j = (int)tocopy; j > 0; j--) { if(*pixels != i->gce.transparent_color) *context->frbuff_p.p8 = *pixels; pixels++; context->frbuff_p.p8++; } #ifndef NGIFLIB_INDEXED_ONLY } else { for(j = (int)tocopy; j > 0; j--) { if(*pixels != i->gce.transparent_color) { *context->frbuff_p.p32 = GifIndexToTrueColor(i->palette, *pixels); } pixels++; context->frbuff_p.p32++; } } #endif } context->Xtogo -= tocopy; if(context->Xtogo == 0) { #ifdef NGIFLIB_ENABLE_CALLBACKS if(p->line_cb) p->line_cb(p, context->line_p, context->curY); #endif context->Xtogo = i->width; switch(context->pass) { case 0: context->curY++; break; case 1: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 4; } break; case 2: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 2; } break; case 3: context->curY += 4; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 1; } break; case 4: context->curY += 2; break; } #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width; context->frbuff_p.p8 = context->line_p.p8 + i->posX; #else context->frbuff_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width + i->posX; #endif #ifndef NGIFLIB_INDEXED_ONLY } else { #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width; context->frbuff_p.p32 = context->line_p.p32 + i->posX; #else context->frbuff_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width + i->posX; #endif } #endif } n -= tocopy; } }",visit repo url,ngiflib.c,https://github.com/miniupnp/ngiflib,251883954057110,1 55,CWE-763,"spnego_gss_wrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count) { OM_uint32 ret; ret = gss_wrap_iov(minor_status, context_handle, conf_req_flag, qop_req, conf_state, iov, iov_count); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,86581718718751,1 552,[],"static int bad_file_flush(struct file *file, fl_owner_t id) { return -EIO; }",linux-2.6,,,12741306228104925123376831369300108230,0 6242,['CWE-200'],"static struct neighbour *neigh_alloc(struct neigh_table *tbl) { struct neighbour *n = NULL; unsigned long now = jiffies; int entries; entries = atomic_inc_return(&tbl->entries) - 1; if (entries >= tbl->gc_thresh3 || (entries >= tbl->gc_thresh2 && time_after(now, tbl->last_flush + 5 * HZ))) { if (!neigh_forced_gc(tbl) && entries >= tbl->gc_thresh3) goto out_entries; } n = kmem_cache_alloc(tbl->kmem_cachep, SLAB_ATOMIC); if (!n) goto out_entries; memset(n, 0, tbl->entry_size); skb_queue_head_init(&n->arp_queue); rwlock_init(&n->lock); n->updated = n->used = now; n->nud_state = NUD_NONE; n->output = neigh_blackhole; n->parms = neigh_parms_clone(&tbl->parms); init_timer(&n->timer); n->timer.function = neigh_timer_handler; n->timer.data = (unsigned long)n; NEIGH_CACHE_STAT_INC(tbl, allocs); n->tbl = tbl; atomic_set(&n->refcnt, 1); n->dead = 1; out: return n; out_entries: atomic_dec(&tbl->entries); goto out; }",linux-2.6,,,82220645587752385900258667743605921495,0 741,CWE-20,"static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int ret; int copylen; ret = -EOPNOTSUPP; if (m->msg_flags&MSG_OOB) goto read_error; m->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, 0 , &ret); if (!skb) goto read_error; copylen = skb->len; if (len < copylen) { m->msg_flags |= MSG_TRUNC; copylen = len; } ret = skb_copy_datagram_iovec(skb, 0, m->msg_iov, copylen); if (ret) goto out_free; ret = (flags & MSG_TRUNC) ? skb->len : copylen; out_free: skb_free_datagram(sk, skb); caif_check_flow_release(sk); return ret; read_error: return ret; }",visit repo url,net/caif/caif_socket.c,https://github.com/torvalds/linux,109452384008025,1 6534,NVD-CWE-noinfo,"int digest_generic_verify(struct digest *d, const unsigned char *md) { int ret; int len = digest_length(d); unsigned char *tmp; tmp = xmalloc(len); ret = digest_final(d, tmp); if (ret) goto end; ret = memcmp(md, tmp, len); ret = ret ? -EINVAL : 0; end: free(tmp); return ret; }",visit repo url,crypto/digest.c,https://github.com/saschahauer/barebox,60497809446938,1 1407,[],"static void update_curr(struct cfs_rq *cfs_rq) { struct sched_entity *curr = cfs_rq->curr; u64 now = rq_of(cfs_rq)->clock; unsigned long delta_exec; if (unlikely(!curr)) return; delta_exec = (unsigned long)(now - curr->exec_start); __update_curr(cfs_rq, curr, delta_exec); curr->exec_start = now; if (entity_is_task(curr)) { struct task_struct *curtask = task_of(curr); cpuacct_charge(curtask, delta_exec); } }",linux-2.6,,,282356925461879504208042154669397618146,0 1296,['CWE-119'],"static unsigned char asn1_header_decode(struct asn1_ctx *ctx, unsigned char **eoc, unsigned int *cls, unsigned int *con, unsigned int *tag) { unsigned int def, len; if (!asn1_id_decode(ctx, cls, con, tag)) return 0; def = len = 0; if (!asn1_length_decode(ctx, &def, &len)) return 0; if (*con == ASN1_PRI && !def) return 0; if (def) *eoc = ctx->pointer + len; else *eoc = NULL; return 1; }",linux-2.6,,,23094602562158223435725242507636431874,0 3125,CWE-119,"static bool parse_reconnect(struct pool *pool, json_t *val) { char *sockaddr_url, *stratum_port, *tmp; char *url, *port, address[256]; if (opt_disable_client_reconnect) { applog(LOG_WARNING, ""Stratum client.reconnect forbidden, aborting.""); return false; } memset(address, 0, 255); url = (char *)json_string_value(json_array_get(val, 0)); if (!url) url = pool->sockaddr_url; port = (char *)json_string_value(json_array_get(val, 1)); if (!port) port = pool->stratum_port; sprintf(address, ""%s:%s"", url, port); if (!extract_sockaddr(address, &sockaddr_url, &stratum_port)) return false; applog(LOG_NOTICE, ""Reconnect requested from %s to %s"", get_pool_name(pool), address); clear_pool_work(pool); mutex_lock(&pool->stratum_lock); __suspend_stratum(pool); tmp = pool->sockaddr_url; pool->sockaddr_url = sockaddr_url; pool->stratum_url = pool->sockaddr_url; free(tmp); tmp = pool->stratum_port; pool->stratum_port = stratum_port; free(tmp); mutex_unlock(&pool->stratum_lock); if (!restart_stratum(pool)) { pool_failed(pool); return false; } return true; }",visit repo url,util.c,https://github.com/sgminer-dev/sgminer,109378336248626,1 5409,['CWE-476'],"static void bounce_off(void *info) { }",linux-2.6,,,171008749413414724030241023191996763726,0 6083,['CWE-200'],"static void addrconf_mod_timer(struct inet6_ifaddr *ifp, enum addrconf_timer_t what, unsigned long when) { if (!del_timer(&ifp->timer)) in6_ifa_hold(ifp); switch (what) { case AC_DAD: ifp->timer.function = addrconf_dad_timer; break; case AC_RS: ifp->timer.function = addrconf_rs_timer; break; default:; } ifp->timer.expires = jiffies + when; add_timer(&ifp->timer); }",linux-2.6,,,232753403036811777023031510644373758037,0 6457,CWE-20,"bool_t mqttSnClientIsShortTopicName(const char_t *topicName) { bool_t res; res = FALSE; if(osStrlen(topicName) == 2) { if(strchr(topicName, '#') == NULL && strchr(topicName, '+') == NULL) { res = TRUE; } } return res; }",visit repo url,mqtt_sn/mqtt_sn_client_misc.c,https://github.com/Oryx-Embedded/CycloneTCP,33330539924781,1 2128,['CWE-119'],"static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *info) { desc->limit0 = info->limit & 0x0ffff; desc->base0 = info->base_addr & 0x0000ffff; desc->base1 = (info->base_addr & 0x00ff0000) >> 16; desc->type = (info->read_exec_only ^ 1) << 1; desc->type |= info->contents << 2; desc->s = 1; desc->dpl = 0x3; desc->p = info->seg_not_present ^ 1; desc->limit = (info->limit & 0xf0000) >> 16; desc->avl = info->useable; desc->d = info->seg_32bit; desc->g = info->limit_in_pages; desc->base2 = (info->base_addr & 0xff000000) >> 24; }",linux-2.6,,,237487691855509598514976290734711107374,0 2186,CWE-416,"static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe, struct pipe_inode_info *opipe, size_t len, unsigned int flags) { struct pipe_buffer *ibuf, *obuf; int ret = 0, nbuf; bool input_wakeup = false; retry: ret = ipipe_prep(ipipe, flags); if (ret) return ret; ret = opipe_prep(opipe, flags); if (ret) return ret; pipe_double_lock(ipipe, opipe); do { if (!opipe->readers) { send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; break; } if (!ipipe->nrbufs && !ipipe->writers) break; if (!ipipe->nrbufs || opipe->nrbufs >= opipe->buffers) { if (ret) break; if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; } pipe_unlock(ipipe); pipe_unlock(opipe); goto retry; } ibuf = ipipe->bufs + ipipe->curbuf; nbuf = (opipe->curbuf + opipe->nrbufs) & (opipe->buffers - 1); obuf = opipe->bufs + nbuf; if (len >= ibuf->len) { *obuf = *ibuf; ibuf->ops = NULL; opipe->nrbufs++; ipipe->curbuf = (ipipe->curbuf + 1) & (ipipe->buffers - 1); ipipe->nrbufs--; input_wakeup = true; } else { pipe_buf_get(ipipe, ibuf); *obuf = *ibuf; obuf->flags &= ~PIPE_BUF_FLAG_GIFT; obuf->len = len; opipe->nrbufs++; ibuf->offset += obuf->len; ibuf->len -= obuf->len; } ret += obuf->len; len -= obuf->len; } while (len); pipe_unlock(ipipe); pipe_unlock(opipe); if (ret > 0) wakeup_pipe_readers(opipe); if (input_wakeup) wakeup_pipe_writers(ipipe); return ret; }",visit repo url,fs/splice.c,https://github.com/torvalds/linux,84613519544475,1 3730,[],"static void inc_inflight(struct unix_sock *usk) { atomic_long_inc(&usk->inflight); }",linux-2.6,,,335335673751218796277451729881570464040,0 2935,['CWE-189'],"static int jp2_cdef_putdata(jp2_box_t *box, jas_stream_t *out) { jp2_cdef_t *cdef = &box->data.cdef; unsigned int i; jp2_cdefchan_t *ent; if (jp2_putuint16(out, cdef->numchans)) { return -1; } for (i = 0; i < cdef->numchans; ++i) { ent = &cdef->ents[i]; if (jp2_putuint16(out, ent->channo) || jp2_putuint16(out, ent->type) || jp2_putuint16(out, ent->assoc)) { return -1; } } return 0; }",jasper,,,14485556984793369879417063155326713338,0 688,CWE-20,"static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name; struct ddpehdr *ddp; int copied = 0; int offset = 0; int err = 0; struct sk_buff *skb; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); lock_sock(sk); if (!skb) goto out; ddp = ddp_hdr(skb); copied = ntohs(ddp->deh_len_hops) & 1023; if (sk->sk_type != SOCK_RAW) { offset = sizeof(*ddp); copied -= offset; } if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied); if (!err) { if (sat) { sat->sat_family = AF_APPLETALK; sat->sat_port = ddp->deh_sport; sat->sat_addr.s_node = ddp->deh_snode; sat->sat_addr.s_net = ddp->deh_snet; } msg->msg_namelen = sizeof(*sat); } skb_free_datagram(sk, skb); out: release_sock(sk); return err ? : copied; }",visit repo url,net/appletalk/ddp.c,https://github.com/torvalds/linux,30002071291188,1 2929,CWE-310,"void *hashtable_iter_at(hashtable_t *hashtable, const char *key) { pair_t *pair; size_t hash; bucket_t *bucket; hash = hash_str(key); bucket = &hashtable->buckets[hash % num_buckets(hashtable)]; pair = hashtable_find_pair(hashtable, bucket, key, hash); if(!pair) return NULL; return &pair->list; }",visit repo url,src/hashtable.c,https://github.com/akheron/jansson,28102224526737,1 5675,['CWE-476'],"static inline int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) { int rc; if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) { kfree_skb(skb); return -1; } if (skb_checksum_complete(skb)) { UDP6_INC_STATS_BH(UDP_MIB_INERRORS); kfree_skb(skb); return 0; } if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) { if (rc == -ENOMEM) UDP6_INC_STATS_BH(UDP_MIB_RCVBUFERRORS); UDP6_INC_STATS_BH(UDP_MIB_INERRORS); kfree_skb(skb); return 0; } UDP6_INC_STATS_BH(UDP_MIB_INDATAGRAMS); return 0; }",linux-2.6,,,162910035212068212340425838196994974382,0 2487,['CWE-119'],"static int parse_num(const char **cp_p) { unsigned long num, scale; int ch, dot; const char *cp = *cp_p; num = 0; scale = 1; dot = 0; for(;;) { ch = *cp; if ( !dot && ch == '.' ) { scale = 1; dot = 1; } else if ( ch == '%' ) { scale = dot ? scale*100 : 100; cp++; break; } else if ( ch >= '0' && ch <= '9' ) { if ( scale < 100000 ) { scale *= 10; num = (num*10) + (ch-'0'); } } else { break; } cp++; } *cp_p = cp; return (int)((num >= scale) ? MAX_SCORE : (MAX_SCORE * num / scale)); }",git,,,276298831269512162991326950798869563328,0 1660,CWE-362,"static void perf_event_init_cpu(int cpu) { struct swevent_htable *swhash = &per_cpu(swevent_htable, cpu); mutex_lock(&swhash->hlist_mutex); swhash->online = true; if (swhash->hlist_refcount > 0) { struct swevent_hlist *hlist; hlist = kzalloc_node(sizeof(*hlist), GFP_KERNEL, cpu_to_node(cpu)); WARN_ON(!hlist); rcu_assign_pointer(swhash->swevent_hlist, hlist); } mutex_unlock(&swhash->hlist_mutex); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,206274654668242,1 4864,CWE-119,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 1316,['CWE-119'],"static unsigned char snmp_tag_cls2syntax(unsigned int tag, unsigned int cls, unsigned short *syntax) { const struct snmp_cnv *cnv; cnv = snmp_conv; while (cnv->syntax != -1) { if (cnv->tag == tag && cnv->class == cls) { *syntax = cnv->syntax; return 1; } cnv++; } return 0; }",linux-2.6,,,186289457382620625394948282660949248989,0 1283,CWE-119,"void __init proc_root_init(void) { struct vfsmount *mnt; int err; proc_init_inodecache(); err = register_filesystem(&proc_fs_type); if (err) return; mnt = kern_mount_data(&proc_fs_type, &init_pid_ns); if (IS_ERR(mnt)) { unregister_filesystem(&proc_fs_type); return; } init_pid_ns.proc_mnt = mnt; proc_symlink(""mounts"", NULL, ""self/mounts""); proc_net_init(); #ifdef CONFIG_SYSVIPC proc_mkdir(""sysvipc"", NULL); #endif proc_mkdir(""fs"", NULL); proc_mkdir(""driver"", NULL); proc_mkdir(""fs/nfsd"", NULL); #if defined(CONFIG_SUN_OPENPROMFS) || defined(CONFIG_SUN_OPENPROMFS_MODULE) proc_mkdir(""openprom"", NULL); #endif proc_tty_init(); #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif proc_mkdir(""bus"", NULL); proc_sys_init(); }",visit repo url,fs/proc/root.c,https://github.com/torvalds/linux,25146812601001,1 4898,['CWE-20'],"int nfs_lookup_verify_inode(struct inode *inode, struct nameidata *nd) { struct nfs_server *server = NFS_SERVER(inode); if (nd != NULL) { if (nd->flags & LOOKUP_REVAL) goto out_force; if (nfs_lookup_check_intent(nd, LOOKUP_OPEN) != 0 && !(server->flags & NFS_MOUNT_NOCTO) && (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))) goto out_force; } return nfs_revalidate_inode(server, inode); out_force: return __nfs_revalidate_inode(server, inode); }",linux-2.6,,,21665713364930360834062638337518570339,0 5147,CWE-125,"ast_for_for_stmt(struct compiling *c, const node *n0, bool is_async) { const node * const n = is_async ? CHILD(n0, 1) : n0; asdl_seq *_target, *seq = NULL, *suite_seq; expr_ty expression; expr_ty target, first; const node *node_target; int end_lineno, end_col_offset; REQ(n, for_stmt); if (NCH(n) == 9) { seq = ast_for_suite(c, CHILD(n, 8)); if (!seq) return NULL; } node_target = CHILD(n, 1); _target = ast_for_exprlist(c, node_target, Store); if (!_target) return NULL; first = (expr_ty)asdl_seq_GET(_target, 0); if (NCH(node_target) == 1) target = first; else target = Tuple(_target, Store, first->lineno, first->col_offset, node_target->n_end_lineno, node_target->n_end_col_offset, c->c_arena); expression = ast_for_testlist(c, CHILD(n, 3)); if (!expression) return NULL; suite_seq = ast_for_suite(c, CHILD(n, 5)); if (!suite_seq) return NULL; if (seq != NULL) { get_last_end_pos(seq, &end_lineno, &end_col_offset); } else { get_last_end_pos(suite_seq, &end_lineno, &end_col_offset); } if (is_async) return AsyncFor(target, expression, suite_seq, seq, LINENO(n0), n0->n_col_offset, end_lineno, end_col_offset, c->c_arena); else return For(target, expression, suite_seq, seq, LINENO(n), n->n_col_offset, end_lineno, end_col_offset, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,152899011327021,1 5823,['CWE-200'],"static void tx_result(struct sock *sk, unsigned long cookie, int result) { struct sk_buff *skb = alloc_skb(0, GFP_ATOMIC); struct ec_cb *eb; struct sockaddr_ec *sec; if (skb == NULL) { printk(KERN_DEBUG ""ec: memory squeeze, transmit result dropped.\n""); return; } eb = (struct ec_cb *)&skb->cb; sec = (struct sockaddr_ec *)&eb->sec; memset(sec, 0, sizeof(struct sockaddr_ec)); sec->cookie = cookie; sec->type = ECTYPE_TRANSMIT_STATUS | result; sec->sec_family = AF_ECONET; if (sock_queue_rcv_skb(sk, skb) < 0) kfree_skb(skb); }",linux-2.6,,,51821705811276817603877956600631146775,0 5370,CWE-125,"int modbus_reply(modbus_t *ctx, const uint8_t *req, int req_length, modbus_mapping_t *mb_mapping) { int offset; int slave; int function; uint16_t address; uint8_t rsp[MAX_MESSAGE_LENGTH]; int rsp_length = 0; sft_t sft; if (ctx == NULL) { errno = EINVAL; return -1; } offset = ctx->backend->header_length; slave = req[offset - 1]; function = req[offset]; address = (req[offset + 1] << 8) + req[offset + 2]; sft.slave = slave; sft.function = function; sft.t_id = ctx->backend->prepare_response_tid(req, &req_length); switch (function) { case MODBUS_FC_READ_COILS: case MODBUS_FC_READ_DISCRETE_INPUTS: { unsigned int is_input = (function == MODBUS_FC_READ_DISCRETE_INPUTS); int start_bits = is_input ? mb_mapping->start_input_bits : mb_mapping->start_bits; int nb_bits = is_input ? mb_mapping->nb_input_bits : mb_mapping->nb_bits; uint8_t *tab_bits = is_input ? mb_mapping->tab_input_bits : mb_mapping->tab_bits; const char * const name = is_input ? ""read_input_bits"" : ""read_bits""; int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - start_bits; if (nb < 1 || MODBUS_MAX_READ_BITS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal nb of values %d in %s (max %d)\n"", nb, name, MODBUS_MAX_READ_BITS); } else if (mapping_address < 0 || (mapping_address + nb) > nb_bits) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in %s\n"", mapping_address < 0 ? address : address + nb, name); } else { rsp_length = ctx->backend->build_response_basis(&sft, rsp); rsp[rsp_length++] = (nb / 8) + ((nb % 8) ? 1 : 0); rsp_length = response_io_status(tab_bits, mapping_address, nb, rsp, rsp_length); } } break; case MODBUS_FC_READ_HOLDING_REGISTERS: case MODBUS_FC_READ_INPUT_REGISTERS: { unsigned int is_input = (function == MODBUS_FC_READ_INPUT_REGISTERS); int start_registers = is_input ? mb_mapping->start_input_registers : mb_mapping->start_registers; int nb_registers = is_input ? mb_mapping->nb_input_registers : mb_mapping->nb_registers; uint16_t *tab_registers = is_input ? mb_mapping->tab_input_registers : mb_mapping->tab_registers; const char * const name = is_input ? ""read_input_registers"" : ""read_registers""; int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - start_registers; if (nb < 1 || MODBUS_MAX_READ_REGISTERS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal nb of values %d in %s (max %d)\n"", nb, name, MODBUS_MAX_READ_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in %s\n"", mapping_address < 0 ? address : address + nb, name); } else { int i; rsp_length = ctx->backend->build_response_basis(&sft, rsp); rsp[rsp_length++] = nb << 1; for (i = mapping_address; i < mapping_address + nb; i++) { rsp[rsp_length++] = tab_registers[i] >> 8; rsp[rsp_length++] = tab_registers[i] & 0xFF; } } } break; case MODBUS_FC_WRITE_SINGLE_COIL: { int mapping_address = address - mb_mapping->start_bits; if (mapping_address < 0 || mapping_address >= mb_mapping->nb_bits) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_bit\n"", address); } else { int data = (req[offset + 3] << 8) + req[offset + 4]; if (data == 0xFF00 || data == 0x0) { mb_mapping->tab_bits[mapping_address] = data ? ON : OFF; memcpy(rsp, req, req_length); rsp_length = req_length; } else { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, FALSE, ""Illegal data value 0x%0X in write_bit request at address %0X\n"", data, address); } } } break; case MODBUS_FC_WRITE_SINGLE_REGISTER: { int mapping_address = address - mb_mapping->start_registers; if (mapping_address < 0 || mapping_address >= mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_register\n"", address); } else { int data = (req[offset + 3] << 8) + req[offset + 4]; mb_mapping->tab_registers[mapping_address] = data; memcpy(rsp, req, req_length); rsp_length = req_length; } } break; case MODBUS_FC_WRITE_MULTIPLE_COILS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - mb_mapping->start_bits; if (nb < 1 || MODBUS_MAX_WRITE_BITS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal number of values %d in write_bits (max %d)\n"", nb, MODBUS_MAX_WRITE_BITS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_bits) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_bits\n"", mapping_address < 0 ? address : address + nb); } else { modbus_set_bits_from_bytes(mb_mapping->tab_bits, mapping_address, nb, &req[offset + 6]); rsp_length = ctx->backend->build_response_basis(&sft, rsp); memcpy(rsp + rsp_length, req + rsp_length, 4); rsp_length += 4; } } break; case MODBUS_FC_WRITE_MULTIPLE_REGISTERS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - mb_mapping->start_registers; if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal number of values %d in write_registers (max %d)\n"", nb, MODBUS_MAX_WRITE_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_registers\n"", mapping_address < 0 ? address : address + nb); } else { int i, j; for (i = mapping_address, j = 6; i < mapping_address + nb; i++, j += 2) { mb_mapping->tab_registers[i] = (req[offset + j] << 8) + req[offset + j + 1]; } rsp_length = ctx->backend->build_response_basis(&sft, rsp); memcpy(rsp + rsp_length, req + rsp_length, 4); rsp_length += 4; } } break; case MODBUS_FC_REPORT_SLAVE_ID: { int str_len; int byte_count_pos; rsp_length = ctx->backend->build_response_basis(&sft, rsp); byte_count_pos = rsp_length++; rsp[rsp_length++] = _REPORT_SLAVE_ID; rsp[rsp_length++] = 0xFF; str_len = 3 + strlen(LIBMODBUS_VERSION_STRING); memcpy(rsp + rsp_length, ""LMB"" LIBMODBUS_VERSION_STRING, str_len); rsp_length += str_len; rsp[byte_count_pos] = rsp_length - byte_count_pos - 1; } break; case MODBUS_FC_READ_EXCEPTION_STATUS: if (ctx->debug) { fprintf(stderr, ""FIXME Not implemented\n""); } errno = ENOPROTOOPT; return -1; break; case MODBUS_FC_MASK_WRITE_REGISTER: { int mapping_address = address - mb_mapping->start_registers; if (mapping_address < 0 || mapping_address >= mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_register\n"", address); } else { uint16_t data = mb_mapping->tab_registers[mapping_address]; uint16_t and = (req[offset + 3] << 8) + req[offset + 4]; uint16_t or = (req[offset + 5] << 8) + req[offset + 6]; data = (data & and) | (or & (~and)); mb_mapping->tab_registers[mapping_address] = data; memcpy(rsp, req, req_length); rsp_length = req_length; } } break; case MODBUS_FC_WRITE_AND_READ_REGISTERS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; uint16_t address_write = (req[offset + 5] << 8) + req[offset + 6]; int nb_write = (req[offset + 7] << 8) + req[offset + 8]; int nb_write_bytes = req[offset + 9]; int mapping_address = address - mb_mapping->start_registers; int mapping_address_write = address_write - mb_mapping->start_registers; if (nb_write < 1 || MODBUS_MAX_WR_WRITE_REGISTERS < nb_write || nb < 1 || MODBUS_MAX_WR_READ_REGISTERS < nb || nb_write_bytes != nb_write * 2) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal nb of values (W%d, R%d) in write_and_read_registers (max W%d, R%d)\n"", nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_registers || mapping_address < 0 || (mapping_address_write + nb_write) > mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data read address 0x%0X or write address 0x%0X write_and_read_registers\n"", mapping_address < 0 ? address : address + nb, mapping_address_write < 0 ? address_write : address_write + nb_write); } else { int i, j; rsp_length = ctx->backend->build_response_basis(&sft, rsp); rsp[rsp_length++] = nb << 1; for (i = mapping_address_write, j = 10; i < mapping_address_write + nb_write; i++, j += 2) { mb_mapping->tab_registers[i] = (req[offset + j] << 8) + req[offset + j + 1]; } for (i = mapping_address; i < mapping_address + nb; i++) { rsp[rsp_length++] = mb_mapping->tab_registers[i] >> 8; rsp[rsp_length++] = mb_mapping->tab_registers[i] & 0xFF; } } } break; default: rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_FUNCTION, rsp, TRUE, ""Unknown Modbus function code: 0x%0X\n"", function); break; } return (ctx->backend->backend_type == _MODBUS_BACKEND_TYPE_RTU && slave == MODBUS_BROADCAST_ADDRESS) ? 0 : send_msg(ctx, rsp, rsp_length); }",visit repo url,src/modbus.c,https://github.com/stephane/libmodbus,143864198595027,1 4444,CWE-119,"void TEMPLATE(process_block_dec)(decoder_info_t *decoder_info,int size,int yposY,int xposY,int sub) { int width = decoder_info->width; int height = decoder_info->height; stream_t *stream = decoder_info->stream; frame_type_t frame_type = decoder_info->frame_info.frame_type; int split_flag = 0; if (yposY >= height || xposY >= width) return; int decode_this_size = (yposY + size <= height) && (xposY + size <= width); int decode_rectangular_size = !decode_this_size && frame_type != I_FRAME; int bit_start = stream->bitcnt; int mode = MODE_SKIP; block_context_t block_context; TEMPLATE(find_block_contexts)(yposY, xposY, height, width, size, decoder_info->deblock_data, &block_context, decoder_info->use_block_contexts); decoder_info->block_context = &block_context; split_flag = decode_super_mode(decoder_info,size,decode_this_size); mode = decoder_info->mode; if (size == (1<log2_sb_size) && (split_flag || mode != MODE_SKIP) && decoder_info->max_delta_qp > 0) { int delta_qp = read_delta_qp(stream); int prev_qp; if (yposY == 0 && xposY == 0) prev_qp = decoder_info->frame_info.qp; else prev_qp = decoder_info->frame_info.qpb; decoder_info->frame_info.qpb = prev_qp + delta_qp; } decoder_info->bit_count.super_mode[decoder_info->bit_count.stat_frame_type] += (stream->bitcnt - bit_start); if (split_flag){ int new_size = size/2; TEMPLATE(process_block_dec)(decoder_info,new_size,yposY+0*new_size,xposY+0*new_size,sub); TEMPLATE(process_block_dec)(decoder_info,new_size,yposY+1*new_size,xposY+0*new_size,sub); TEMPLATE(process_block_dec)(decoder_info,new_size,yposY+0*new_size,xposY+1*new_size,sub); TEMPLATE(process_block_dec)(decoder_info,new_size,yposY+1*new_size,xposY+1*new_size,sub); } else if (decode_this_size || decode_rectangular_size){ decode_block(decoder_info,size,yposY,xposY,sub); } }",visit repo url,dec/decode_block.c,https://github.com/cisco/thor,6828445885147,1 2081,CWE-190,"void common_timer_get(struct k_itimer *timr, struct itimerspec64 *cur_setting) { const struct k_clock *kc = timr->kclock; ktime_t now, remaining, iv; struct timespec64 ts64; bool sig_none; sig_none = timr->it_sigev_notify == SIGEV_NONE; iv = timr->it_interval; if (iv) { cur_setting->it_interval = ktime_to_timespec64(iv); } else if (!timr->it_active) { if (!sig_none) return; } kc->clock_get(timr->it_clock, &ts64); now = timespec64_to_ktime(ts64); if (iv && (timr->it_requeue_pending & REQUEUE_PENDING || sig_none)) timr->it_overrun += (int)kc->timer_forward(timr, now); remaining = kc->timer_remaining(timr, now); if (remaining <= 0) { if (!sig_none) cur_setting->it_value.tv_nsec = 1; } else { cur_setting->it_value = ktime_to_timespec64(remaining); } }",visit repo url,kernel/time/posix-timers.c,https://github.com/torvalds/linux,125996852633013,1 261,[],"static int do_video_stillpicture(unsigned int fd, unsigned int cmd, unsigned long arg) { struct compat_video_still_picture __user *up; struct video_still_picture __user *up_native; compat_uptr_t fp; int32_t size; int err; up = (struct compat_video_still_picture __user *) arg; err = get_user(fp, &up->iFrame); err |= get_user(size, &up->size); if (err) return -EFAULT; up_native = compat_alloc_user_space(sizeof(struct video_still_picture)); put_user(compat_ptr(fp), &up_native->iFrame); put_user(size, &up_native->size); err = sys_ioctl(fd, cmd, (unsigned long) up_native); return err; }",linux-2.6,,,301660531409658720131787719169206736924,0 4784,[],"int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, u16 family, u32 sid) { int rc; struct netlbl_lsm_secattr secattr_storage; struct netlbl_lsm_secattr *secattr = NULL; struct sock *sk; sk = skb->sk; if (sk != NULL) { struct sk_security_struct *sksec = sk->sk_security; if (sksec->nlbl_state != NLBL_REQSKB) return 0; secattr = sksec->nlbl_secattr; } if (secattr == NULL) { secattr = &secattr_storage; netlbl_secattr_init(secattr); rc = security_netlbl_sid_to_secattr(sid, secattr); if (rc != 0) goto skbuff_setsid_return; } rc = netlbl_skbuff_setattr(skb, family, secattr); skbuff_setsid_return: if (secattr == &secattr_storage) netlbl_secattr_destroy(secattr); return rc; }",linux-2.6,,,107459159930404409399952879426868535567,0 3602,['CWE-20'],"static sctp_disposition_t sctp_sf_do_dupcook_b(const struct sctp_endpoint *ep, const struct sctp_association *asoc, struct sctp_chunk *chunk, sctp_cmd_seq_t *commands, struct sctp_association *new_asoc) { sctp_init_chunk_t *peer_init; struct sctp_chunk *repl; peer_init = &chunk->subh.cookie_hdr->c.peer_init[0]; if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, sctp_source(chunk), peer_init, GFP_ATOMIC)) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_ASSOC, SCTP_ASOC(new_asoc)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_ESTABLISHED)); SCTP_INC_STATS(SCTP_MIB_CURRESTAB); sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL()); repl = sctp_make_cookie_ack(new_asoc, chunk); if (!repl) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_CHANGE, SCTP_U8(SCTP_COMM_UP)); if (asoc->peer.adaptation_ind) sctp_add_cmd_sf(commands, SCTP_CMD_ADAPTATION_IND, SCTP_NULL()); return SCTP_DISPOSITION_CONSUME; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,54378709366666878843966874581714270785,0 3933,CWE-122,"vim_regsub_both( char_u *source, typval_T *expr, char_u *dest, int destlen, int flags) { char_u *src; char_u *dst; char_u *s; int c; int cc; int no = -1; fptr_T func_all = (fptr_T)NULL; fptr_T func_one = (fptr_T)NULL; linenr_T clnum = 0; int len = 0; #ifdef FEAT_EVAL static int nesting = 0; int nested; #endif int copy = flags & REGSUB_COPY; if ((source == NULL && expr == NULL) || dest == NULL) { iemsg(e_null_argument); return 0; } if (prog_magic_wrong()) return 0; #ifdef FEAT_EVAL if (nesting == MAX_REGSUB_NESTING) { emsg(_(e_substitute_nesting_too_deep)); return 0; } nested = nesting; #endif src = source; dst = dest; if (expr != NULL || (source[0] == '\\' && source[1] == '=')) { #ifdef FEAT_EVAL if (copy) { if (eval_result[nested] != NULL) { STRCPY(dest, eval_result[nested]); dst += STRLEN(eval_result[nested]); VIM_CLEAR(eval_result[nested]); } } else { int prev_can_f_submatch = can_f_submatch; regsubmatch_T rsm_save; VIM_CLEAR(eval_result[nested]); if (can_f_submatch) rsm_save = rsm; can_f_submatch = TRUE; rsm.sm_match = rex.reg_match; rsm.sm_mmatch = rex.reg_mmatch; rsm.sm_firstlnum = rex.reg_firstlnum; rsm.sm_maxline = rex.reg_maxline; rsm.sm_line_lbr = rex.reg_line_lbr; ++nesting; if (expr != NULL) { typval_T argv[2]; char_u buf[NUMBUFLEN]; typval_T rettv; staticList10_T matchList; funcexe_T funcexe; rettv.v_type = VAR_STRING; rettv.vval.v_string = NULL; argv[0].v_type = VAR_LIST; argv[0].vval.v_list = &matchList.sl_list; matchList.sl_list.lv_len = 0; CLEAR_FIELD(funcexe); funcexe.fe_argv_func = fill_submatch_list; funcexe.fe_evaluate = TRUE; if (expr->v_type == VAR_FUNC) { s = expr->vval.v_string; call_func(s, -1, &rettv, 1, argv, &funcexe); } else if (expr->v_type == VAR_PARTIAL) { partial_T *partial = expr->vval.v_partial; s = partial_name(partial); funcexe.fe_partial = partial; call_func(s, -1, &rettv, 1, argv, &funcexe); } else if (expr->v_type == VAR_INSTR) { exe_typval_instr(expr, &rettv); } if (matchList.sl_list.lv_len > 0) clear_submatch_list(&matchList); if (rettv.v_type == VAR_UNKNOWN) eval_result[nested] = NULL; else { eval_result[nested] = tv_get_string_buf_chk(&rettv, buf); if (eval_result[nested] != NULL) eval_result[nested] = vim_strsave(eval_result[nested]); } clear_tv(&rettv); } else if (substitute_instr != NULL) eval_result[nested] = exe_substitute_instr(); else eval_result[nested] = eval_to_string(source + 2, TRUE, FALSE); --nesting; if (eval_result[nested] != NULL) { int had_backslash = FALSE; for (s = eval_result[nested]; *s != NUL; MB_PTR_ADV(s)) { if (*s == NL && !rsm.sm_line_lbr) *s = CAR; else if (*s == '\\' && s[1] != NUL) { ++s; if (*s == NL && !rsm.sm_line_lbr) *s = CAR; had_backslash = TRUE; } } if (had_backslash && (flags & REGSUB_BACKSLASH)) { s = vim_strsave_escaped(eval_result[nested], (char_u *)""\\""); if (s != NULL) { vim_free(eval_result[nested]); eval_result[nested] = s; } } dst += STRLEN(eval_result[nested]); } can_f_submatch = prev_can_f_submatch; if (can_f_submatch) rsm = rsm_save; } #endif } else while ((c = *src++) != NUL) { if (c == '&' && (flags & REGSUB_MAGIC)) no = 0; else if (c == '\\' && *src != NUL) { if (*src == '&' && !(flags & REGSUB_MAGIC)) { ++src; no = 0; } else if ('0' <= *src && *src <= '9') { no = *src++ - '0'; } else if (vim_strchr((char_u *)""uUlLeE"", *src)) { switch (*src++) { case 'u': func_one = (fptr_T)do_upper; continue; case 'U': func_all = (fptr_T)do_Upper; continue; case 'l': func_one = (fptr_T)do_lower; continue; case 'L': func_all = (fptr_T)do_Lower; continue; case 'e': case 'E': func_one = func_all = (fptr_T)NULL; continue; } } } if (no < 0) { if (c == K_SPECIAL && src[0] != NUL && src[1] != NUL) { if (copy) { if (dst + 3 > dest + destlen) { iemsg(""vim_regsub_both(): not enough space""); return 0; } *dst++ = c; *dst++ = *src++; *dst++ = *src++; } else { dst += 3; src += 2; } continue; } if (c == '\\' && *src != NUL) { switch (*src) { case 'r': c = CAR; ++src; break; case 'n': c = NL; ++src; break; case 't': c = TAB; ++src; break; case 'b': c = Ctrl_H; ++src; break; default: if (flags & REGSUB_BACKSLASH) { if (copy) { if (dst + 1 > dest + destlen) { iemsg(""vim_regsub_both(): not enough space""); return 0; } *dst = '\\'; } ++dst; } c = *src++; } } else if (has_mbyte) c = mb_ptr2char(src - 1); if (func_one != (fptr_T)NULL) func_one = (fptr_T)(func_one(&cc, c)); else if (func_all != (fptr_T)NULL) func_all = (fptr_T)(func_all(&cc, c)); else cc = c; if (has_mbyte) { int totlen = mb_ptr2len(src - 1); int charlen = mb_char2len(cc); if (copy) { if (dst + charlen > dest + destlen) { iemsg(""vim_regsub_both(): not enough space""); return 0; } mb_char2bytes(cc, dst); } dst += charlen - 1; if (enc_utf8) { int clen = utf_ptr2len(src - 1); if (clen < totlen) { if (copy) { if (dst + totlen - clen > dest + destlen) { iemsg(""vim_regsub_both(): not enough space""); return 0; } mch_memmove(dst + 1, src - 1 + clen, (size_t)(totlen - clen)); } dst += totlen - clen; } } src += totlen - 1; } else if (copy) { if (dst + 1 > dest + destlen) { iemsg(""vim_regsub_both(): not enough space""); return 0; } *dst = cc; } dst++; } else { if (REG_MULTI) { clnum = rex.reg_mmatch->startpos[no].lnum; if (clnum < 0 || rex.reg_mmatch->endpos[no].lnum < 0) s = NULL; else { s = reg_getline(clnum) + rex.reg_mmatch->startpos[no].col; if (rex.reg_mmatch->endpos[no].lnum == clnum) len = rex.reg_mmatch->endpos[no].col - rex.reg_mmatch->startpos[no].col; else len = (int)STRLEN(s); } } else { s = rex.reg_match->startp[no]; if (rex.reg_match->endp[no] == NULL) s = NULL; else len = (int)(rex.reg_match->endp[no] - s); } if (s != NULL) { for (;;) { if (len == 0) { if (REG_MULTI) { if (rex.reg_mmatch->endpos[no].lnum == clnum) break; if (copy) { if (dst + 1 > dest + destlen) { iemsg(""vim_regsub_both(): not enough space""); return 0; } *dst = CAR; } ++dst; s = reg_getline(++clnum); if (rex.reg_mmatch->endpos[no].lnum == clnum) len = rex.reg_mmatch->endpos[no].col; else len = (int)STRLEN(s); } else break; } else if (*s == NUL) { if (copy) iemsg(e_damaged_match_string); goto exit; } else { if ((flags & REGSUB_BACKSLASH) && (*s == CAR || *s == '\\')) { if (copy) { if (dst + 2 > dest + destlen) { iemsg(""vim_regsub_both(): not enough space""); return 0; } dst[0] = '\\'; dst[1] = *s; } dst += 2; } else { if (has_mbyte) c = mb_ptr2char(s); else c = *s; if (func_one != (fptr_T)NULL) func_one = (fptr_T)(func_one(&cc, c)); else if (func_all != (fptr_T)NULL) func_all = (fptr_T)(func_all(&cc, c)); else cc = c; if (has_mbyte) { int l; int charlen; if (enc_utf8) l = utf_ptr2len(s) - 1; else l = mb_ptr2len(s) - 1; s += l; len -= l; charlen = mb_char2len(cc); if (copy) { if (dst + charlen > dest + destlen) { iemsg(""vim_regsub_both(): not enough space""); return 0; } mb_char2bytes(cc, dst); } dst += charlen - 1; } else if (copy) { if (dst + 1 > dest + destlen) { iemsg(""vim_regsub_both(): not enough space""); return 0; } *dst = cc; } dst++; } ++s; --len; } } } no = -1; } } if (copy) *dst = NUL; exit: return (int)((dst - dest) + 1); }",visit repo url,src/regexp.c,https://github.com/vim/vim,184226433406113,1 4610,['CWE-399'],"static inline struct timespec ext4_current_time(struct inode *inode) { return (inode->i_sb->s_time_gran < NSEC_PER_SEC) ? current_fs_time(inode->i_sb) : CURRENT_TIME_SEC;",linux-2.6,,,251677014514970038105073761094881188392,0 4753,['CWE-20'],"static struct block_device *ext4_blkdev_get(dev_t dev) { struct block_device *bdev; char b[BDEVNAME_SIZE]; bdev = open_by_devnum(dev, FMODE_READ|FMODE_WRITE); if (IS_ERR(bdev)) goto fail; return bdev; fail: printk(KERN_ERR ""EXT4: failed to open journal device %s: %ld\n"", __bdevname(dev, b), PTR_ERR(bdev)); return NULL; }",linux-2.6,,,54924861055994123502712955617566832220,0 5839,CWE-416,"PJ_DEF(pj_status_t) pjsip_ua_register_dlg( pjsip_user_agent *ua, pjsip_dialog *dlg ) { PJ_ASSERT_RETURN(ua && dlg, PJ_EINVAL); PJ_ASSERT_RETURN(dlg->local.info && dlg->local.info->tag.slen && dlg->local.tag_hval != 0, PJ_EBUG); pj_mutex_lock(mod_ua.mutex); if (dlg->role == PJSIP_ROLE_UAC) { struct dlg_set *dlg_set; dlg_set = (struct dlg_set*) pj_hash_get_lower( mod_ua.dlg_table, dlg->local.info->tag.ptr, (unsigned)dlg->local.info->tag.slen, &dlg->local.tag_hval); if (dlg_set) { pj_assert(dlg_set->dlg_list.next != (void*)&dlg_set->dlg_list); pj_list_push_back(&dlg_set->dlg_list, dlg); dlg->dlg_set = dlg_set; } else { dlg_set = alloc_dlgset_node(); pj_list_init(&dlg_set->dlg_list); pj_list_push_back(&dlg_set->dlg_list, dlg); dlg->dlg_set = dlg_set; pj_hash_set_np_lower(mod_ua.dlg_table, dlg->local.info->tag.ptr, (unsigned)dlg->local.info->tag.slen, dlg->local.tag_hval, dlg_set->ht_entry, dlg_set); } } else { struct dlg_set *dlg_set; dlg_set = alloc_dlgset_node(); pj_list_init(&dlg_set->dlg_list); pj_list_push_back(&dlg_set->dlg_list, dlg); dlg->dlg_set = dlg_set; pj_hash_set_np_lower(mod_ua.dlg_table, dlg->local.info->tag.ptr, (unsigned)dlg->local.info->tag.slen, dlg->local.tag_hval, dlg_set->ht_entry, dlg_set); } pj_mutex_unlock(mod_ua.mutex); return PJ_SUCCESS; }",visit repo url,pjsip/src/pjsip/sip_ua_layer.c,https://github.com/pjsip/pjproject,278638455602317,1 1494,CWE-264,"void perf_pmu_migrate_context(struct pmu *pmu, int src_cpu, int dst_cpu) { struct perf_event_context *src_ctx; struct perf_event_context *dst_ctx; struct perf_event *event, *tmp; LIST_HEAD(events); src_ctx = &per_cpu_ptr(pmu->pmu_cpu_context, src_cpu)->ctx; dst_ctx = &per_cpu_ptr(pmu->pmu_cpu_context, dst_cpu)->ctx; mutex_lock(&src_ctx->mutex); list_for_each_entry_safe(event, tmp, &src_ctx->event_list, event_entry) { perf_remove_from_context(event, false); unaccount_event_cpu(event, src_cpu); put_ctx(src_ctx); list_add(&event->migrate_entry, &events); } mutex_unlock(&src_ctx->mutex); synchronize_rcu(); mutex_lock(&dst_ctx->mutex); list_for_each_entry_safe(event, tmp, &events, migrate_entry) { list_del(&event->migrate_entry); if (event->state >= PERF_EVENT_STATE_OFF) event->state = PERF_EVENT_STATE_INACTIVE; account_event_cpu(event, dst_cpu); perf_install_in_context(dst_ctx, event, dst_cpu); get_ctx(dst_ctx); } mutex_unlock(&dst_ctx->mutex); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,85913588303762,1 5510,CWE-125,"Ta3Tokenizer_FindEncodingFilename(int fd, PyObject *filename) { struct tok_state *tok; FILE *fp; char *p_start =NULL , *p_end =NULL , *encoding = NULL; #ifndef PGEN #if PY_MINOR_VERSION >= 4 fd = _Py_dup(fd); #endif #else fd = dup(fd); #endif if (fd < 0) { return NULL; } fp = fdopen(fd, ""r""); if (fp == NULL) { return NULL; } tok = Ta3Tokenizer_FromFile(fp, NULL, NULL, NULL); if (tok == NULL) { fclose(fp); return NULL; } #ifndef PGEN if (filename != NULL) { Py_INCREF(filename); tok->filename = filename; } else { tok->filename = PyUnicode_FromString(""""); if (tok->filename == NULL) { fclose(fp); Ta3Tokenizer_Free(tok); return encoding; } } #endif while (tok->lineno < 2 && tok->done == E_OK) { Ta3Tokenizer_Get(tok, &p_start, &p_end); } fclose(fp); if (tok->encoding) { encoding = (char *)PyMem_MALLOC(strlen(tok->encoding) + 1); if (encoding) strcpy(encoding, tok->encoding); } Ta3Tokenizer_Free(tok); return encoding; }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,67393740577357,1 1323,CWE-20,"struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len, unsigned long data_len, int noblock, int *errcode) { struct sk_buff *skb; gfp_t gfp_mask; long timeo; int err; gfp_mask = sk->sk_allocation; if (gfp_mask & __GFP_WAIT) gfp_mask |= __GFP_REPEAT; timeo = sock_sndtimeo(sk, noblock); while (1) { err = sock_error(sk); if (err != 0) goto failure; err = -EPIPE; if (sk->sk_shutdown & SEND_SHUTDOWN) goto failure; if (atomic_read(&sk->sk_wmem_alloc) < sk->sk_sndbuf) { skb = alloc_skb(header_len, gfp_mask); if (skb) { int npages; int i; if (!data_len) break; npages = (data_len + (PAGE_SIZE - 1)) >> PAGE_SHIFT; skb->truesize += data_len; skb_shinfo(skb)->nr_frags = npages; for (i = 0; i < npages; i++) { struct page *page; page = alloc_pages(sk->sk_allocation, 0); if (!page) { err = -ENOBUFS; skb_shinfo(skb)->nr_frags = i; kfree_skb(skb); goto failure; } __skb_fill_page_desc(skb, i, page, 0, (data_len >= PAGE_SIZE ? PAGE_SIZE : data_len)); data_len -= PAGE_SIZE; } break; } err = -ENOBUFS; goto failure; } set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags); set_bit(SOCK_NOSPACE, &sk->sk_socket->flags); err = -EAGAIN; if (!timeo) goto failure; if (signal_pending(current)) goto interrupted; timeo = sock_wait_for_wmem(sk, timeo); } skb_set_owner_w(skb, sk); return skb; interrupted: err = sock_intr_errno(timeo); failure: *errcode = err; return NULL; }",visit repo url,net/core/sock.c,https://github.com/torvalds/linux,145582041490361,1 5722,['CWE-200'],"static unsigned int irda_poll(struct file * file, struct socket *sock, poll_table *wait) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); unsigned int mask; IRDA_DEBUG(4, ""%s()\n"", __func__); poll_wait(file, sk->sk_sleep, wait); mask = 0; if (sk->sk_err) mask |= POLLERR; if (sk->sk_shutdown & RCV_SHUTDOWN) { IRDA_DEBUG(0, ""%s(), POLLHUP\n"", __func__); mask |= POLLHUP; } if (!skb_queue_empty(&sk->sk_receive_queue)) { IRDA_DEBUG(4, ""Socket is readable\n""); mask |= POLLIN | POLLRDNORM; } switch (sk->sk_type) { case SOCK_STREAM: if (sk->sk_state == TCP_CLOSE) { IRDA_DEBUG(0, ""%s(), POLLHUP\n"", __func__); mask |= POLLHUP; } if (sk->sk_state == TCP_ESTABLISHED) { if ((self->tx_flow == FLOW_START) && sock_writeable(sk)) { mask |= POLLOUT | POLLWRNORM | POLLWRBAND; } } break; case SOCK_SEQPACKET: if ((self->tx_flow == FLOW_START) && sock_writeable(sk)) { mask |= POLLOUT | POLLWRNORM | POLLWRBAND; } break; case SOCK_DGRAM: if (sock_writeable(sk)) mask |= POLLOUT | POLLWRNORM | POLLWRBAND; break; default: break; } return mask; }",linux-2.6,,,259380128299509018556345339431407482066,0 812,['CWE-16'],"static void *esp_alloc_tmp(struct crypto_aead *aead, int nfrags) { unsigned int len; len = crypto_aead_ivsize(aead); if (len) { len += crypto_aead_alignmask(aead) & ~(crypto_tfm_ctx_alignment() - 1); len = ALIGN(len, crypto_tfm_ctx_alignment()); } len += sizeof(struct aead_givcrypt_request) + crypto_aead_reqsize(aead); len = ALIGN(len, __alignof__(struct scatterlist)); len += sizeof(struct scatterlist) * nfrags; return kmalloc(len, GFP_ATOMIC); }",linux-2.6,,,27256162892536064049354568260492726372,0 1603,CWE-416,"static struct sock *dccp_v6_request_recv_sock(const struct sock *sk, struct sk_buff *skb, struct request_sock *req, struct dst_entry *dst, struct request_sock *req_unhash, bool *own_req) { struct inet_request_sock *ireq = inet_rsk(req); struct ipv6_pinfo *newnp; const struct ipv6_pinfo *np = inet6_sk(sk); struct inet_sock *newinet; struct dccp6_sock *newdp6; struct sock *newsk; if (skb->protocol == htons(ETH_P_IP)) { newsk = dccp_v4_request_recv_sock(sk, skb, req, dst, req_unhash, own_req); if (newsk == NULL) return NULL; newdp6 = (struct dccp6_sock *)newsk; newinet = inet_sk(newsk); newinet->pinet6 = &newdp6->inet6; newnp = inet6_sk(newsk); memcpy(newnp, np, sizeof(struct ipv6_pinfo)); newnp->saddr = newsk->sk_v6_rcv_saddr; inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped; newsk->sk_backlog_rcv = dccp_v4_do_rcv; newnp->pktoptions = NULL; newnp->opt = NULL; newnp->mcast_oif = inet6_iif(skb); newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); return newsk; } if (sk_acceptq_is_full(sk)) goto out_overflow; if (!dst) { struct flowi6 fl6; dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_DCCP); if (!dst) goto out; } newsk = dccp_create_openreq_child(sk, req, skb); if (newsk == NULL) goto out_nonewsk; __ip6_dst_store(newsk, dst, NULL, NULL); newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | NETIF_F_TSO); newdp6 = (struct dccp6_sock *)newsk; newinet = inet_sk(newsk); newinet->pinet6 = &newdp6->inet6; newnp = inet6_sk(newsk); memcpy(newnp, np, sizeof(struct ipv6_pinfo)); newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; newnp->saddr = ireq->ir_v6_loc_addr; newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; newsk->sk_bound_dev_if = ireq->ir_iif; newinet->inet_opt = NULL; newnp->rxopt.all = np->rxopt.all; newnp->pktoptions = NULL; newnp->opt = NULL; newnp->mcast_oif = inet6_iif(skb); newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; if (np->opt != NULL) newnp->opt = ipv6_dup_options(newsk, np->opt); inet_csk(newsk)->icsk_ext_hdr_len = 0; if (newnp->opt != NULL) inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + newnp->opt->opt_flen); dccp_sync_mss(newsk, dst_mtu(dst)); newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; newinet->inet_rcv_saddr = LOOPBACK4_IPV6; if (__inet_inherit_port(sk, newsk) < 0) { inet_csk_prepare_forced_close(newsk); dccp_done(newsk); goto out; } *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); if (*own_req && ireq->pktopts) { newnp->pktoptions = skb_clone(ireq->pktopts, GFP_ATOMIC); consume_skb(ireq->pktopts); ireq->pktopts = NULL; if (newnp->pktoptions) skb_set_owner_r(newnp->pktoptions, newsk); } return newsk; out_overflow: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); out_nonewsk: dst_release(dst); out: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); return NULL; }",visit repo url,net/dccp/ipv6.c,https://github.com/torvalds/linux,200545287490863,1 1361,CWE-362,"static int ext4_split_extent_at(handle_t *handle, struct inode *inode, struct ext4_ext_path *path, ext4_lblk_t split, int split_flag, int flags) { ext4_fsblk_t newblock; ext4_lblk_t ee_block; struct ext4_extent *ex, newex, orig_ex; struct ext4_extent *ex2 = NULL; unsigned int ee_len, depth; int err = 0; ext_debug(""ext4_split_extents_at: inode %lu, logical"" ""block %llu\n"", inode->i_ino, (unsigned long long)split); ext4_ext_show_leaf(inode, path); depth = ext_depth(inode); ex = path[depth].p_ext; ee_block = le32_to_cpu(ex->ee_block); ee_len = ext4_ext_get_actual_len(ex); newblock = split - ee_block + ext4_ext_pblock(ex); BUG_ON(split < ee_block || split >= (ee_block + ee_len)); err = ext4_ext_get_access(handle, inode, path + depth); if (err) goto out; if (split == ee_block) { if (split_flag & EXT4_EXT_MARK_UNINIT2) ext4_ext_mark_uninitialized(ex); else ext4_ext_mark_initialized(ex); if (!(flags & EXT4_GET_BLOCKS_PRE_IO)) ext4_ext_try_to_merge(handle, inode, path, ex); err = ext4_ext_dirty(handle, inode, path + path->p_depth); goto out; } memcpy(&orig_ex, ex, sizeof(orig_ex)); ex->ee_len = cpu_to_le16(split - ee_block); if (split_flag & EXT4_EXT_MARK_UNINIT1) ext4_ext_mark_uninitialized(ex); err = ext4_ext_dirty(handle, inode, path + depth); if (err) goto fix_extent_len; ex2 = &newex; ex2->ee_block = cpu_to_le32(split); ex2->ee_len = cpu_to_le16(ee_len - (split - ee_block)); ext4_ext_store_pblock(ex2, newblock); if (split_flag & EXT4_EXT_MARK_UNINIT2) ext4_ext_mark_uninitialized(ex2); err = ext4_ext_insert_extent(handle, inode, path, &newex, flags); if (err == -ENOSPC && (EXT4_EXT_MAY_ZEROOUT & split_flag)) { err = ext4_ext_zeroout(inode, &orig_ex); if (err) goto fix_extent_len; ex->ee_len = cpu_to_le16(ee_len); ext4_ext_try_to_merge(handle, inode, path, ex); err = ext4_ext_dirty(handle, inode, path + path->p_depth); goto out; } else if (err) goto fix_extent_len; out: ext4_ext_show_leaf(inode, path); return err; fix_extent_len: ex->ee_len = orig_ex.ee_len; ext4_ext_dirty(handle, inode, path + depth); return err; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,4177351598020,1 6193,['CWE-200'],"static int rtnetlink_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { int idx; int s_idx = cb->args[0]; struct net_device *dev; read_lock(&dev_base_lock); for (dev=dev_base, idx=0; dev; dev = dev->next, idx++) { if (idx < s_idx) continue; if (rtnetlink_fill_ifinfo(skb, dev, RTM_NEWLINK, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, 0, NLM_F_MULTI) <= 0) break; } read_unlock(&dev_base_lock); cb->args[0] = idx; return skb->len; }",linux-2.6,,,101262351732913415693838101577017951157,0 5157,['CWE-20'],"static __init int alloc_kvm_area(void) { int cpu; for_each_online_cpu(cpu) { struct vmcs *vmcs; vmcs = alloc_vmcs_cpu(cpu); if (!vmcs) { free_kvm_area(); return -ENOMEM; } per_cpu(vmxarea, cpu) = vmcs; } return 0; }",linux-2.6,,,133916533696481868633256391902838286399,0 3058,CWE-22,"static char *BF_crypt(const char *key, const char *setting, char *output, int size, BF_word min) { #if BF_ASM extern void _BF_body_r(BF_ctx *ctx); #endif static const unsigned char flags_by_subtype[26] = {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 4, 0}; struct { BF_ctx ctx; BF_key expanded_key; union { BF_word salt[4]; BF_word output[6]; } binary; } data; BF_word L, R; BF_word tmp1, tmp2, tmp3, tmp4; BF_word *ptr; BF_word count; int i; if (size < 7 + 22 + 31 + 1) { __set_errno(ERANGE); return NULL; } if (setting[0] != '$' || setting[1] != '2' || setting[2] < 'a' || setting[2] > 'z' || !flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a'] || setting[3] != '$' || setting[4] < '0' || setting[4] > '3' || setting[5] < '0' || setting[5] > '9' || (setting[4] == '3' && setting[5] > '1') || setting[6] != '$') { __set_errno(EINVAL); return NULL; } count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) { __set_errno(EINVAL); return NULL; } BF_swap(data.binary.salt, 4); BF_set_key(key, data.expanded_key, data.ctx.P, flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a']); memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S)); L = R = 0; for (i = 0; i < BF_N + 2; i += 2) { L ^= data.binary.salt[i & 2]; R ^= data.binary.salt[(i & 2) + 1]; BF_ENCRYPT; data.ctx.P[i] = L; data.ctx.P[i + 1] = R; } ptr = data.ctx.S[0]; do { ptr += 4; L ^= data.binary.salt[(BF_N + 2) & 3]; R ^= data.binary.salt[(BF_N + 3) & 3]; BF_ENCRYPT; *(ptr - 4) = L; *(ptr - 3) = R; L ^= data.binary.salt[(BF_N + 4) & 3]; R ^= data.binary.salt[(BF_N + 5) & 3]; BF_ENCRYPT; *(ptr - 2) = L; *(ptr - 1) = R; } while (ptr < &data.ctx.S[3][0xFF]); do { int done; for (i = 0; i < BF_N + 2; i += 2) { data.ctx.P[i] ^= data.expanded_key[i]; data.ctx.P[i + 1] ^= data.expanded_key[i + 1]; } done = 0; do { BF_body(); if (done) break; done = 1; tmp1 = data.binary.salt[0]; tmp2 = data.binary.salt[1]; tmp3 = data.binary.salt[2]; tmp4 = data.binary.salt[3]; for (i = 0; i < BF_N; i += 4) { data.ctx.P[i] ^= tmp1; data.ctx.P[i + 1] ^= tmp2; data.ctx.P[i + 2] ^= tmp3; data.ctx.P[i + 3] ^= tmp4; } data.ctx.P[16] ^= tmp1; data.ctx.P[17] ^= tmp2; } while (1); } while (--count); for (i = 0; i < 6; i += 2) { L = BF_magic_w[i]; R = BF_magic_w[i + 1]; count = 64; do { BF_ENCRYPT; } while (--count); data.binary.output[i] = L; data.binary.output[i + 1] = R; } memcpy(output, setting, 7 + 22 - 1); output[7 + 22 - 1] = BF_itoa64[(int) BF_atoi64[(int)setting[7 + 22 - 1] - 0x20] & 0x30]; BF_swap(data.binary.output, 6); BF_encode(&output[7 + 22], data.binary.output, 23); output[7 + 22 + 31] = '\0'; return output; }",visit repo url,hphp/zend/crypt-blowfish.cpp,https://github.com/facebook/hhvm,47325225892476,1 4695,CWE-787,"static int msg_parse_fetch (IMAP_HEADER *h, char *s) { char tmp[SHORT_STRING]; char *ptmp; if (!s) return -1; while (*s) { SKIPWS (s); if (ascii_strncasecmp (""FLAGS"", s, 5) == 0) { if ((s = msg_parse_flags (h, s)) == NULL) return -1; } else if (ascii_strncasecmp (""UID"", s, 3) == 0) { s += 3; SKIPWS (s); if (mutt_atoui (s, &h->data->uid) < 0) return -1; s = imap_next_word (s); } else if (ascii_strncasecmp (""INTERNALDATE"", s, 12) == 0) { s += 12; SKIPWS (s); if (*s != '\""') { dprint (1, (debugfile, ""msg_parse_fetch(): bogus INTERNALDATE entry: %s\n"", s)); return -1; } s++; ptmp = tmp; while (*s && *s != '\""') *ptmp++ = *s++; if (*s != '\""') return -1; s++; *ptmp = 0; h->received = imap_parse_date (tmp); } else if (ascii_strncasecmp (""RFC822.SIZE"", s, 11) == 0) { s += 11; SKIPWS (s); ptmp = tmp; while (isdigit ((unsigned char) *s)) *ptmp++ = *s++; *ptmp = 0; if (mutt_atol (tmp, &h->content_length) < 0) return -1; } else if (!ascii_strncasecmp (""BODY"", s, 4) || !ascii_strncasecmp (""RFC822.HEADER"", s, 13)) { return -2; } else if (*s == ')') s++; else if (*s) { imap_error (""msg_parse_fetch"", s); return -1; } } return 0; }",visit repo url,imap/message.c,https://gitlab.com/muttmua/mutt,272129077457976,1 4611,['CWE-399'],"static int __ext4_normal_writepage(struct page *page, struct writeback_control *wbc) { struct inode *inode = page->mapping->host; if (test_opt(inode->i_sb, NOBH)) return nobh_writepage(page, ext4_normal_get_block_write, wbc); else return block_write_full_page(page, ext4_normal_get_block_write, wbc); }",linux-2.6,,,221048538019084672246301686411527352101,0 1523,[],"static void free_sched_group(struct task_group *tg) { free_fair_sched_group(tg); free_rt_sched_group(tg); kfree(tg); }",linux-2.6,,,291718677583353414722542585982431926701,0 2537,['CWE-119'],"static void show_mode_change(FILE *file, struct diff_filepair *p, int show_name) { if (p->one->mode && p->two->mode && p->one->mode != p->two->mode) { fprintf(file, "" mode change %06o => %06o%c"", p->one->mode, p->two->mode, show_name ? ' ' : '\n'); if (show_name) { write_name_quoted(p->two->path, file, '\n'); } } }",git,,,273392996217689594632970052403785192659,0 592,['CWE-200'],"void __init htab_initialize(void) { unsigned long table; unsigned long pteg_count; unsigned long mode_rw; unsigned long base = 0, size = 0; int i; extern unsigned long tce_alloc_start, tce_alloc_end; DBG("" -> htab_initialize()\n""); htab_init_page_sizes(); htab_size_bytes = htab_get_table_size(); pteg_count = htab_size_bytes >> 7; htab_hash_mask = pteg_count - 1; if (firmware_has_feature(FW_FEATURE_LPAR)) { htab_address = NULL; _SDR1 = 0; } else { table = lmb_alloc(htab_size_bytes, htab_size_bytes); DBG(""Hash table allocated at %lx, size: %lx\n"", table, htab_size_bytes); htab_address = abs_to_virt(table); _SDR1 = table + __ilog2(pteg_count) - 11; memset((void *)table, 0, htab_size_bytes); mtspr(SPRN_SDR1, _SDR1); } mode_rw = _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_COHERENT | PP_RWXX; for (i=0; i < lmb.memory.cnt; i++) { base = (unsigned long)__va(lmb.memory.region[i].base); size = lmb.memory.region[i].size; DBG(""creating mapping for region: %lx : %lx\n"", base, size); #ifdef CONFIG_U3_DART DBG(""DART base: %lx\n"", dart_tablebase); if (dart_tablebase != 0 && dart_tablebase >= base && dart_tablebase < (base + size)) { unsigned long dart_table_end = dart_tablebase + 16 * MB; if (base != dart_tablebase) BUG_ON(htab_bolt_mapping(base, dart_tablebase, __pa(base), mode_rw, mmu_linear_psize)); if ((base + size) > dart_table_end) BUG_ON(htab_bolt_mapping(dart_tablebase+16*MB, base + size, __pa(dart_table_end), mode_rw, mmu_linear_psize)); continue; } #endif BUG_ON(htab_bolt_mapping(base, base + size, __pa(base), mode_rw, mmu_linear_psize)); } if (tce_alloc_start) { tce_alloc_start = (unsigned long)__va(tce_alloc_start); tce_alloc_end = (unsigned long)__va(tce_alloc_end); if (base + size >= tce_alloc_start) tce_alloc_start = base + size + 1; BUG_ON(htab_bolt_mapping(tce_alloc_start, tce_alloc_end, __pa(tce_alloc_start), mode_rw, mmu_linear_psize)); } htab_finish_init(); DBG("" <- htab_initialize()\n""); }",linux-2.6,,,121744300884625143791464242628160336298,0 1815,CWE-200,"static int tipc_nl_compat_link_dump(struct tipc_nl_compat_msg *msg, struct nlattr **attrs) { struct nlattr *link[TIPC_NLA_LINK_MAX + 1]; struct tipc_link_info link_info; int err; if (!attrs[TIPC_NLA_LINK]) return -EINVAL; err = nla_parse_nested(link, TIPC_NLA_LINK_MAX, attrs[TIPC_NLA_LINK], NULL); if (err) return err; link_info.dest = nla_get_flag(link[TIPC_NLA_LINK_DEST]); link_info.up = htonl(nla_get_flag(link[TIPC_NLA_LINK_UP])); strcpy(link_info.str, nla_data(link[TIPC_NLA_LINK_NAME])); return tipc_add_tlv(msg->rep, TIPC_TLV_LINK_INFO, &link_info, sizeof(link_info)); }",visit repo url,net/tipc/netlink_compat.c,https://github.com/torvalds/linux,168515959274250,1 5362,['CWE-476'],"static void vapic_enter(struct kvm_vcpu *vcpu) { struct kvm_lapic *apic = vcpu->arch.apic; struct page *page; if (!apic || !apic->vapic_addr) return; page = gfn_to_page(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT); vcpu->arch.apic->vapic_page = page; }",linux-2.6,,,222352487423699068154206228046748510382,0 5966,CWE-611,"static VALUE read_memory(VALUE klass, VALUE content) { xmlSchemaPtr schema; xmlSchemaParserCtxtPtr ctx = xmlSchemaNewMemParserCtxt( (const char *)StringValuePtr(content), (int)RSTRING_LEN(content) ); VALUE rb_schema; VALUE errors = rb_ary_new(); xmlSetStructuredErrorFunc((void *)errors, Nokogiri_error_array_pusher); #ifdef HAVE_XMLSCHEMASETPARSERSTRUCTUREDERRORS xmlSchemaSetParserStructuredErrors( ctx, Nokogiri_error_array_pusher, (void *)errors ); #endif schema = xmlSchemaParse(ctx); xmlSetStructuredErrorFunc(NULL, NULL); xmlSchemaFreeParserCtxt(ctx); if(NULL == schema) { xmlErrorPtr error = xmlGetLastError(); if(error) Nokogiri_error_raise(NULL, error); else rb_raise(rb_eRuntimeError, ""Could not parse document""); return Qnil; } rb_schema = Data_Wrap_Struct(klass, 0, dealloc, schema); rb_iv_set(rb_schema, ""@errors"", errors); return rb_schema; }",visit repo url,ext/nokogiri/xml_schema.c,https://github.com/sparklemotion/nokogiri,159181235288831,1 5951,CWE-190,"static Jsi_RC CDataStructDefineCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { Jsi_RC rc = JSI_OK; Jsi_OptionTypedef *st = NULL; jsi_csInitType(interp); Jsi_Value *eval = NULL, *val = Jsi_ValueArrayIndex(interp, args, 0), *flds = Jsi_ValueArrayIndex(interp, args, 1); int vlen, flen, i, argc, clen = 0, arrCnt=0; Jsi_DString fStr = {}; char **argv = NULL, *cmt, *eq, *cp, *ce, *cpval, ocp; const char *vstr = Jsi_ValueString(interp, val, &vlen), *fstr = Jsi_ValueString(interp, flds, &flen); if (vstr) { cmt = Jsi_Strstr(fstr, ""//""); eq = Jsi_Strchr(fstr, '='); Jsi_DString tStr = {fstr}; fstr=jsi_TrimStr(Jsi_DSValue(&tStr)); Jsi_SplitStr(fstr, &argc, &argv, (cmt?""\n"":"";""), &fStr); Jsi_DSFree(&tStr); if (!cmt && argc>0 && !argv[argc-1][0]) argc--; if (eq) { eval = Jsi_ValueNewArray(interp, NULL, 0); Jsi_IncrRefCount(interp, eval); } } else if (!Jsi_ValueIsArray(interp,flds) || (argc=Jsi_ValueGetLength(interp, flds))<1) return Jsi_LogError(""arg 2 must be string or non-empty array""); if (argc>200) return Jsi_LogError(""too many fields: %d>200"", argc); Jsi_StructSpec *sl, *sf, recs[argc+2]; memset(recs, 0, sizeof(recs)); sl = recs+argc+1; sf = recs; SIGINIT(sl, OPTS_STRUCT); if (vstr) { sl->name = Jsi_KeyAdd(interp, vstr); } else if (Jsi_OptionsProcess(interp, StructOptions, sl, val, 0) < 0) { rc = JSI_ERROR; goto bail; } if (!Jsi_StrIsAlnum(sl->name)) { rc = Jsi_LogError(""invalid struct name: %s"", sl->name); goto bail; } if (jsi_csStructGet(interp, sl->name)) { rc = Jsi_LogError(""struct already exists: %s"", sl->name); goto bail; } for (i = 0; iname) || !sf->type) { rc = Jsi_LogError(""invalid struct field name: %s"", sf->name); goto bail; } if (!Jsi_ValueObjLookup(interp, val, ""init"", 0) && (sf->type->flags&jsi_CTYP_STRUCT)) inival = Jsi_ValueNewBoolean(interp, true); } else { if (cmt) { cp = Jsi_Strstr(argv[i], ""//""); if (cp) { *cp = 0; cp += 2; cp = jsi_TrimStr(cp); sf->help = Jsi_KeyAdd(interp, cp); } cp = Jsi_Strchr(argv[i], ';'); if (cp) *cp = 0; } cp = Jsi_Strchr(argv[i], '='); if (cp) { if (!eval) goto bail; *cp++ = 0; cp = jsi_TrimStr(cp); int cplen = Jsi_Strlen(cp); if (cplen>1 && (cp[0] == '\'' || cp[0] == '""') && cp[0] == cp[cplen-1]) { cpval = cp+1; cp[cplen-1] = 0; inival = Jsi_ValueNewStringDup(interp, cpval); } else if (Jsi_GetDouble(interp, cp, &numVal) == JSI_OK) inival = Jsi_ValueNewNumber(interp, numVal); else if (Jsi_GetBool(interp, cp, &bVal) == JSI_OK) inival = Jsi_ValueNewBoolean(interp, bVal); else inival = Jsi_ValueNewStringDup(interp, cp); } cp = argv[i]; while (*cp && isspace(*cp)) cp++; ce = cp; while (*ce && !isspace(*ce)) ce++; ocp = *ce; if (!ocp) { rc = Jsi_LogError(""bad field: %s"", cp); goto bail; } *ce = 0; sf->type = Jsi_TypeLookup(interp, cp); *ce = ocp; if (!sf->type) { rc = Jsi_LogError(""unknown type: %s"", argv[i]); goto bail; } if (!inival && (sf->type->flags&jsi_CTYP_STRUCT)) inival = Jsi_ValueNewBoolean(interp, true); cp = ce+1; while (*cp && isspace(*cp)) cp++; ce = cp; while (*ce && (isalnum(*ce) || *ce == '_')) ce++; ocp = *ce; *ce = 0; if (!*cp) { rc = Jsi_LogError(""missing or bad struct field name""); goto bail; } sf->name = Jsi_KeyAdd(interp, cp); if (ocp) { ce++; clen = Jsi_Strlen(ce); } if (ocp == '@') { isbitset = 1; } else if (ocp == ':') { int bsiz = -1; if (Jsi_GetInt(interp, ce, &bsiz,10) != JSI_OK || bsiz<=0 || bsiz>64) { rc = Jsi_LogError(""bad bit size: %s"", ce); goto bail; } sf->bits = bsiz; } else if (ocp == '[' && clen>1 && ce[clen-1]==']') { int asiz = -1; ce[clen-1] = 0; if (Jsi_GetInt(interp, ce, &asiz, 10) != JSI_OK || asiz<=0) { rc = Jsi_LogError(""bad size: %s"", cp); goto bail; } sf->arrSize = asiz; } else if (ocp) { rc = Jsi_LogError(""bad field: %s"", cp); goto bail; } val = NULL; } if (inival) { Jsi_Value *sval = Jsi_ValueNewObj(interp, NULL); Jsi_ValueInsert(interp, sval, ""init"", inival, 0); Jsi_ValueArraySet(interp, eval, sval, i); } bool isEnum = (sf->type && (sf->type->flags&jsi_CTYP_ENUM)); if (isbitset) { if (!isEnum) { rc = Jsi_LogError(""bitset type is not an enum""); goto bail; } sf->flags |= JSI_OPT_BITSET_ENUM; } if (sf->arrSize) { if (sf->arrSize>MAX_ARRAY_LIST) { rc = Jsi_LogError(""array size too big: %d >= %d"", sf->arrSize, MAX_ARRAY_LIST); goto bail; } if (sf->bits || isEnum) { rc = Jsi_LogError(""array of %s unsupported"", (sf->bits?""bits"":""enums"")); goto bail; } arrCnt++; } } recs[argc].id = JSI_OPTION_END; rc = jsi_csSetupStruct(interp, sl, recs, recs, argc, &st, arrCnt); if (rc != JSI_OK || !st) { rc = JSI_ERROR; goto bail; } sl = jsi_csGetStructSpec(st->extData); sf = jsi_csGetFieldSpec(sl->extData); if (vstr) flds = eval; for (i = 0; ihPtr); return rc; }",visit repo url,src/jsiCData.c,https://github.com/pcmacdon/jsish,178068094558475,1 880,CWE-20,"static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr = msg->msg_name; int copied = 0; int check_creds = 0; int target; int err = 0; long timeo; int skip; err = -EINVAL; if (sk->sk_state != TCP_ESTABLISHED) goto out; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); msg->msg_namelen = 0; if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(timeo); goto out; } do { int chunk; struct sk_buff *skb, *last; unix_state_lock(sk); last = skb = skb_peek(&sk->sk_receive_queue); again: if (skb == NULL) { unix_sk(sk)->recursion_level = 0; if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; unix_state_unlock(sk); err = -EAGAIN; if (!timeo) break; mutex_unlock(&u->readlock); timeo = unix_stream_data_wait(sk, timeo, last); if (signal_pending(current) || mutex_lock_interruptible(&u->readlock)) { err = sock_intr_errno(timeo); goto out; } continue; unlock: unix_state_unlock(sk); break; } skip = sk_peek_offset(sk, flags); while (skip >= unix_skb_len(skb)) { skip -= unix_skb_len(skb); last = skb; skb = skb_peek_next(skb, &sk->sk_receive_queue); if (!skb) goto again; } unix_state_unlock(sk); if (check_creds) { if ((UNIXCB(skb).pid != siocb->scm->pid) || !uid_eq(UNIXCB(skb).uid, siocb->scm->creds.uid) || !gid_eq(UNIXCB(skb).gid, siocb->scm->creds.gid)) break; } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); check_creds = 1; } if (sunaddr) { unix_copy_addr(msg, skb->sk); sunaddr = NULL; } chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); if (skb_copy_datagram_iovec(skb, UNIXCB(skb).consumed + skip, msg->msg_iov, chunk)) { if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { UNIXCB(skb).consumed += chunk; sk_peek_offset_bwd(sk, chunk); if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); if (unix_skb_len(skb)) break; skb_unlink(skb, &sk->sk_receive_queue); consume_skb(skb); if (siocb->scm->fp) break; } else { if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); sk_peek_offset_fwd(sk, chunk); break; } } while (size); mutex_unlock(&u->readlock); scm_recv(sock, msg, siocb->scm, flags); out: return copied ? : err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,252330469564730,1 324,CWE-416,"static void fanout_release(struct sock *sk) { struct packet_sock *po = pkt_sk(sk); struct packet_fanout *f; f = po->fanout; if (!f) return; mutex_lock(&fanout_mutex); po->fanout = NULL; if (atomic_dec_and_test(&f->sk_ref)) { list_del(&f->list); dev_remove_pack(&f->prot_hook); fanout_release_data(f); kfree(f); } mutex_unlock(&fanout_mutex); if (po->rollover) kfree_rcu(po->rollover, rcu); }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,275294292619058,1 5056,CWE-125,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 4478,['CWE-264'],"static void send_queued_packets(struct s_smc *smc) { skfddi_priv *bp = &smc->os; struct sk_buff *skb; unsigned char fc; int queue; struct s_smt_fp_txd *txd; dma_addr_t dma_address; unsigned long Flags; int frame_status; PRINTK(KERN_INFO ""send queued packets\n""); for (;;) { skb = skb_dequeue(&bp->SendSkbQueue); if (!skb) { PRINTK(KERN_INFO ""queue empty\n""); return; } spin_lock_irqsave(&bp->DriverLock, Flags); fc = skb->data[0]; queue = (fc & FC_SYNC_BIT) ? QUEUE_S : QUEUE_A0; #ifdef ESS if ((fc & ~(FC_SYNC_BIT | FC_LLC_PRIOR)) == FC_ASYNC_LLC) { if (!smc->ess.sync_bw_available) fc &= ~FC_SYNC_BIT; else { if (smc->mib.fddiESSSynchTxMode) { fc |= FC_SYNC_BIT; } } } #endif frame_status = hwm_tx_init(smc, fc, 1, skb->len, queue); if ((frame_status & (LOC_TX | LAN_TX)) == 0) { if ((frame_status & RING_DOWN) != 0) { PRINTK(""Tx attempt while ring down.\n""); } else if ((frame_status & OUT_OF_TXD) != 0) { PRINTK(""%s: out of TXDs.\n"", bp->dev->name); } else { PRINTK(""%s: out of transmit resources"", bp->dev->name); } skb_queue_head(&bp->SendSkbQueue, skb); spin_unlock_irqrestore(&bp->DriverLock, Flags); return; } bp->QueueSkb++; CheckSourceAddress(skb->data, smc->hw.fddi_canon_addr.a); txd = (struct s_smt_fp_txd *) HWM_GET_CURR_TXD(smc, queue); dma_address = pci_map_single(&bp->pdev, skb->data, skb->len, PCI_DMA_TODEVICE); if (frame_status & LAN_TX) { txd->txd_os.skb = skb; txd->txd_os.dma_addr = dma_address; } hwm_tx_frag(smc, skb->data, dma_address, skb->len, frame_status | FIRST_FRAG | LAST_FRAG | EN_IRQ_EOF); if (!(frame_status & LAN_TX)) { pci_unmap_single(&bp->pdev, dma_address, skb->len, PCI_DMA_TODEVICE); dev_kfree_skb_irq(skb); } spin_unlock_irqrestore(&bp->DriverLock, Flags); } return; } ",linux-2.6,,,99897812320349244165912545814185646376,0 5201,['CWE-20'],"static void reload_host_efer(struct vcpu_vmx *vmx) { if (vmx->host_state.guest_efer_loaded) { vmx->host_state.guest_efer_loaded = 0; load_msrs(vmx->host_msrs + vmx->msr_offset_efer, 1); } }",linux-2.6,,,98886247269618759867416277163386713621,0 6635,['CWE-200'],"applet_is_any_vpn_activating (NMApplet *applet) { const GPtrArray *connections; int i; connections = nm_client_get_active_connections (applet->nm_client); for (i = 0; connections && (i < connections->len); i++) { NMActiveConnection *candidate = NM_ACTIVE_CONNECTION (g_ptr_array_index (connections, i)); NMVPNConnectionState vpn_state; if (NM_IS_VPN_CONNECTION (candidate)) { vpn_state = nm_vpn_connection_get_vpn_state (NM_VPN_CONNECTION (candidate)); if ( vpn_state == NM_VPN_CONNECTION_STATE_PREPARE || vpn_state == NM_VPN_CONNECTION_STATE_NEED_AUTH || vpn_state == NM_VPN_CONNECTION_STATE_CONNECT || vpn_state == NM_VPN_CONNECTION_STATE_IP_CONFIG_GET) { return TRUE; } } } return FALSE; }",network-manager-applet,,,221766646271138263160133646959629325650,0 3815,CWE-121,"suggest_trie_walk( suginfo_T *su, langp_T *lp, char_u *fword, int soundfold) { char_u tword[MAXWLEN]; trystate_T stack[MAXWLEN]; char_u preword[MAXWLEN * 3]; char_u compflags[MAXWLEN]; trystate_T *sp; int newscore; int score; char_u *byts, *fbyts, *pbyts; idx_T *idxs, *fidxs, *pidxs; int depth; int c, c2, c3; int n = 0; int flags; garray_T *gap; idx_T arridx; int len; char_u *p; fromto_T *ftp; int fl = 0, tl; int repextra = 0; slang_T *slang = lp->lp_slang; int fword_ends; int goodword_ends; #ifdef DEBUG_TRIEWALK char_u changename[MAXWLEN][80]; #endif int breakcheckcount = 1000; int compound_ok; depth = 0; sp = &stack[0]; CLEAR_POINTER(sp); sp->ts_curi = 1; if (soundfold) { byts = fbyts = slang->sl_sbyts; idxs = fidxs = slang->sl_sidxs; pbyts = NULL; pidxs = NULL; sp->ts_prefixdepth = PFD_NOPREFIX; sp->ts_state = STATE_START; } else { fbyts = slang->sl_fbyts; fidxs = slang->sl_fidxs; pbyts = slang->sl_pbyts; pidxs = slang->sl_pidxs; if (pbyts != NULL) { byts = pbyts; idxs = pidxs; sp->ts_prefixdepth = PFD_PREFIXTREE; sp->ts_state = STATE_NOPREFIX; } else { byts = fbyts; idxs = fidxs; sp->ts_prefixdepth = PFD_NOPREFIX; sp->ts_state = STATE_START; } } while (depth >= 0 && !got_int) { sp = &stack[depth]; switch (sp->ts_state) { case STATE_START: case STATE_NOPREFIX: arridx = sp->ts_arridx; len = byts[arridx]; arridx += sp->ts_curi; if (sp->ts_prefixdepth == PFD_PREFIXTREE) { for (n = 0; n < len && byts[arridx + n] == 0; ++n) ; sp->ts_curi += n; n = (int)sp->ts_state; PROF_STORE(sp->ts_state) sp->ts_state = STATE_ENDNUL; sp->ts_save_badflags = su->su_badflags; if (byts[arridx] == 0 || n == (int)STATE_NOPREFIX) { if (has_mbyte) n = nofold_len(fword, sp->ts_fidx, su->su_badptr); else n = sp->ts_fidx; flags = badword_captype(su->su_badptr, su->su_badptr + n); su->su_badflags = badword_captype(su->su_badptr + n, su->su_badptr + su->su_badlen); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""prefix""); #endif go_deeper(stack, depth, 0); ++depth; sp = &stack[depth]; sp->ts_prefixdepth = depth - 1; byts = fbyts; idxs = fidxs; sp->ts_arridx = 0; tword[sp->ts_twordlen] = NUL; make_case_word(tword + sp->ts_splitoff, preword + sp->ts_prewordlen, flags); sp->ts_prewordlen = (char_u)STRLEN(preword); sp->ts_splitoff = sp->ts_twordlen; } break; } if (sp->ts_curi > len || byts[arridx] != 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_ENDNUL; sp->ts_save_badflags = su->su_badflags; break; } ++sp->ts_curi; flags = (int)idxs[arridx]; if (flags & WF_NOSUGGEST) break; fword_ends = (fword[sp->ts_fidx] == NUL || (soundfold ? VIM_ISWHITE(fword[sp->ts_fidx]) : !spell_iswordp(fword + sp->ts_fidx, curwin))); tword[sp->ts_twordlen] = NUL; if (sp->ts_prefixdepth <= PFD_NOTSPECIAL && (sp->ts_flags & TSF_PREFIXOK) == 0 && pbyts != NULL) { n = stack[sp->ts_prefixdepth].ts_arridx; len = pbyts[n++]; for (c = 0; c < len && pbyts[n + c] == 0; ++c) ; if (c > 0) { c = valid_word_prefix(c, n, flags, tword + sp->ts_splitoff, slang, FALSE); if (c == 0) break; if (c & WF_RAREPFX) flags |= WF_RARE; sp->ts_flags |= TSF_PREFIXOK; } } if (sp->ts_complen == sp->ts_compsplit && fword_ends && (flags & WF_NEEDCOMP)) goodword_ends = FALSE; else goodword_ends = TRUE; p = NULL; compound_ok = TRUE; if (sp->ts_complen > sp->ts_compsplit) { if (slang->sl_nobreak) { if (sp->ts_fidx - sp->ts_splitfidx == sp->ts_twordlen - sp->ts_splitoff && STRNCMP(fword + sp->ts_splitfidx, tword + sp->ts_splitoff, sp->ts_fidx - sp->ts_splitfidx) == 0) { preword[sp->ts_prewordlen] = NUL; newscore = score_wordcount_adj(slang, sp->ts_score, preword + sp->ts_prewordlen, sp->ts_prewordlen > 0); if (newscore <= su->su_maxscore) add_suggestion(su, &su->su_ga, preword, sp->ts_splitfidx - repextra, newscore, 0, FALSE, lp->lp_sallang, FALSE); break; } } else { if (((unsigned)flags >> 24) == 0 || sp->ts_twordlen - sp->ts_splitoff < slang->sl_compminlen) break; if (has_mbyte && slang->sl_compminlen > 0 && mb_charlen(tword + sp->ts_splitoff) < slang->sl_compminlen) break; compflags[sp->ts_complen] = ((unsigned)flags >> 24); compflags[sp->ts_complen + 1] = NUL; vim_strncpy(preword + sp->ts_prewordlen, tword + sp->ts_splitoff, sp->ts_twordlen - sp->ts_splitoff); if (match_checkcompoundpattern(preword, sp->ts_prewordlen, &slang->sl_comppat)) compound_ok = FALSE; if (compound_ok) { p = preword; while (*skiptowhite(p) != NUL) p = skipwhite(skiptowhite(p)); if (fword_ends && !can_compound(slang, p, compflags + sp->ts_compsplit)) compound_ok = FALSE; } p = preword + sp->ts_prewordlen; MB_PTR_BACK(preword, p); } } if (soundfold) STRCPY(preword + sp->ts_prewordlen, tword + sp->ts_splitoff); else if (flags & WF_KEEPCAP) find_keepcap_word(slang, tword + sp->ts_splitoff, preword + sp->ts_prewordlen); else { c = su->su_badflags; if ((c & WF_ALLCAP) && su->su_badlen == (*mb_ptr2len)(su->su_badptr)) c = WF_ONECAP; c |= flags; if (p != NULL && spell_iswordp_nmw(p, curwin)) c &= ~WF_ONECAP; make_case_word(tword + sp->ts_splitoff, preword + sp->ts_prewordlen, c); } if (!soundfold) { if (flags & WF_BANNED) { add_banned(su, preword + sp->ts_prewordlen); break; } if ((sp->ts_complen == sp->ts_compsplit && WAS_BANNED(su, preword + sp->ts_prewordlen)) || WAS_BANNED(su, preword)) { if (slang->sl_compprog == NULL) break; goodword_ends = FALSE; } } newscore = 0; if (!soundfold) { if ((flags & WF_REGION) && (((unsigned)flags >> 16) & lp->lp_region) == 0) newscore += SCORE_REGION; if (flags & WF_RARE) newscore += SCORE_RARE; if (!spell_valid_case(su->su_badflags, captype(preword + sp->ts_prewordlen, NULL))) newscore += SCORE_ICASE; } if (fword_ends && goodword_ends && sp->ts_fidx >= sp->ts_fidxtry && compound_ok) { #ifdef DEBUG_TRIEWALK if (soundfold && STRCMP(preword, ""smwrd"") == 0) { int j; smsg(""------ %s -------"", fword); for (j = 0; j < depth; ++j) smsg(""%s"", changename[j]); } #endif if (soundfold) { add_sound_suggest(su, preword, sp->ts_score, lp); } else if (sp->ts_fidx > 0) { p = fword + sp->ts_fidx; MB_PTR_BACK(fword, p); if (!spell_iswordp(p, curwin) && *preword != NUL) { p = preword + STRLEN(preword); MB_PTR_BACK(preword, p); if (spell_iswordp(p, curwin)) newscore += SCORE_NONWORD; } score = score_wordcount_adj(slang, sp->ts_score + newscore, preword + sp->ts_prewordlen, sp->ts_prewordlen > 0); if (score <= su->su_maxscore) { add_suggestion(su, &su->su_ga, preword, sp->ts_fidx - repextra, score, 0, FALSE, lp->lp_sallang, FALSE); if (su->su_badflags & WF_MIXCAP) { c = captype(preword, NULL); if (c == 0 || c == WF_ALLCAP) { make_case_word(tword + sp->ts_splitoff, preword + sp->ts_prewordlen, c == 0 ? WF_ALLCAP : 0); add_suggestion(su, &su->su_ga, preword, sp->ts_fidx - repextra, score + SCORE_ICASE, 0, FALSE, lp->lp_sallang, FALSE); } } } } } if ((sp->ts_fidx >= sp->ts_fidxtry || fword_ends) && (!has_mbyte || sp->ts_tcharlen == 0)) { int try_compound; int try_split; try_split = (sp->ts_fidx - repextra < su->su_badlen) && !soundfold; try_compound = FALSE; if (!soundfold && !slang->sl_nocompoundsugs && slang->sl_compprog != NULL && ((unsigned)flags >> 24) != 0 && sp->ts_twordlen - sp->ts_splitoff >= slang->sl_compminlen && (!has_mbyte || slang->sl_compminlen == 0 || mb_charlen(tword + sp->ts_splitoff) >= slang->sl_compminlen) && (slang->sl_compsylmax < MAXWLEN || sp->ts_complen + 1 - sp->ts_compsplit < slang->sl_compmax) && (can_be_compound(sp, slang, compflags, ((unsigned)flags >> 24)))) { try_compound = TRUE; compflags[sp->ts_complen] = ((unsigned)flags >> 24); compflags[sp->ts_complen + 1] = NUL; } if (slang->sl_nobreak && !slang->sl_nocompoundsugs) try_compound = TRUE; else if (!fword_ends && try_compound && (sp->ts_flags & TSF_DIDSPLIT) == 0) { try_compound = FALSE; sp->ts_flags |= TSF_DIDSPLIT; --sp->ts_curi; compflags[sp->ts_complen] = NUL; } else sp->ts_flags &= ~TSF_DIDSPLIT; if (try_split || try_compound) { if (!try_compound && (!fword_ends || !goodword_ends)) { if (sp->ts_complen == sp->ts_compsplit && (flags & WF_NEEDCOMP)) break; p = preword; while (*skiptowhite(p) != NUL) p = skipwhite(skiptowhite(p)); if (sp->ts_complen > sp->ts_compsplit && !can_compound(slang, p, compflags + sp->ts_compsplit)) break; if (slang->sl_nosplitsugs) newscore += SCORE_SPLIT_NO; else newscore += SCORE_SPLIT; newscore = score_wordcount_adj(slang, newscore, preword + sp->ts_prewordlen, TRUE); } if (TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK if (!try_compound && !fword_ends) sprintf(changename[depth], ""%.*s-%s: split"", sp->ts_twordlen, tword, fword + sp->ts_fidx); else sprintf(changename[depth], ""%.*s-%s: compound"", sp->ts_twordlen, tword, fword + sp->ts_fidx); #endif sp->ts_save_badflags = su->su_badflags; PROF_STORE(sp->ts_state) sp->ts_state = STATE_SPLITUNDO; ++depth; sp = &stack[depth]; if (!try_compound && !fword_ends) STRCAT(preword, "" ""); sp->ts_prewordlen = (char_u)STRLEN(preword); sp->ts_splitoff = sp->ts_twordlen; sp->ts_splitfidx = sp->ts_fidx; if (((!try_compound && !spell_iswordp_nmw(fword + sp->ts_fidx, curwin)) || fword_ends) && fword[sp->ts_fidx] != NUL && goodword_ends) { int l; l = mb_ptr2len(fword + sp->ts_fidx); if (fword_ends) { mch_memmove(preword + sp->ts_prewordlen, fword + sp->ts_fidx, l); sp->ts_prewordlen += l; preword[sp->ts_prewordlen] = NUL; } else sp->ts_score -= SCORE_SPLIT - SCORE_SUBST; sp->ts_fidx += l; } if (try_compound) ++sp->ts_complen; else sp->ts_compsplit = sp->ts_complen; sp->ts_prefixdepth = PFD_NOPREFIX; if (has_mbyte) n = nofold_len(fword, sp->ts_fidx, su->su_badptr); else n = sp->ts_fidx; su->su_badflags = badword_captype(su->su_badptr + n, su->su_badptr + su->su_badlen); sp->ts_arridx = 0; if (pbyts != NULL) { byts = pbyts; idxs = pidxs; sp->ts_prefixdepth = PFD_PREFIXTREE; PROF_STORE(sp->ts_state) sp->ts_state = STATE_NOPREFIX; } } } } break; case STATE_SPLITUNDO: su->su_badflags = sp->ts_save_badflags; PROF_STORE(sp->ts_state) sp->ts_state = STATE_START; byts = fbyts; idxs = fidxs; break; case STATE_ENDNUL: su->su_badflags = sp->ts_save_badflags; if (fword[sp->ts_fidx] == NUL && sp->ts_tcharlen == 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_DEL; break; } PROF_STORE(sp->ts_state) sp->ts_state = STATE_PLAIN; case STATE_PLAIN: arridx = sp->ts_arridx; if (sp->ts_curi > byts[arridx]) { PROF_STORE(sp->ts_state) if (sp->ts_fidx >= sp->ts_fidxtry) sp->ts_state = STATE_DEL; else sp->ts_state = STATE_FINAL; } else { arridx += sp->ts_curi++; c = byts[arridx]; if (c == fword[sp->ts_fidx] || (sp->ts_tcharlen > 0 && sp->ts_isdiff != DIFF_NONE)) newscore = 0; else newscore = SCORE_SUBST; if ((newscore == 0 || (sp->ts_fidx >= sp->ts_fidxtry && ((sp->ts_flags & TSF_DIDDEL) == 0 || c != fword[sp->ts_delidx]))) && TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK if (newscore > 0) sprintf(changename[depth], ""%.*s-%s: subst %c to %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, fword[sp->ts_fidx], c); else sprintf(changename[depth], ""%.*s-%s: accept %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, fword[sp->ts_fidx]); #endif ++depth; sp = &stack[depth]; ++sp->ts_fidx; tword[sp->ts_twordlen++] = c; sp->ts_arridx = idxs[arridx]; if (newscore == SCORE_SUBST) sp->ts_isdiff = DIFF_YES; if (has_mbyte) { if (sp->ts_tcharlen == 0) { sp->ts_tcharidx = 0; sp->ts_tcharlen = MB_BYTE2LEN(c); sp->ts_fcharstart = sp->ts_fidx - 1; sp->ts_isdiff = (newscore != 0) ? DIFF_YES : DIFF_NONE; } else if (sp->ts_isdiff == DIFF_INSERT) --sp->ts_fidx; if (++sp->ts_tcharidx == sp->ts_tcharlen) { if (sp->ts_isdiff == DIFF_YES) { sp->ts_fidx = sp->ts_fcharstart + mb_ptr2len( fword + sp->ts_fcharstart); if (enc_utf8 && utf_iscomposing( utf_ptr2char(tword + sp->ts_twordlen - sp->ts_tcharlen)) && utf_iscomposing( utf_ptr2char(fword + sp->ts_fcharstart))) sp->ts_score -= SCORE_SUBST - SCORE_SUBCOMP; else if (!soundfold && slang->sl_has_map && similar_chars(slang, mb_ptr2char(tword + sp->ts_twordlen - sp->ts_tcharlen), mb_ptr2char(fword + sp->ts_fcharstart))) sp->ts_score -= SCORE_SUBST - SCORE_SIMILAR; } else if (sp->ts_isdiff == DIFF_INSERT && sp->ts_twordlen > sp->ts_tcharlen) { p = tword + sp->ts_twordlen - sp->ts_tcharlen; c = mb_ptr2char(p); if (enc_utf8 && utf_iscomposing(c)) { sp->ts_score -= SCORE_INS - SCORE_INSCOMP; } else { MB_PTR_BACK(tword, p); if (c == mb_ptr2char(p)) sp->ts_score -= SCORE_INS - SCORE_INSDUP; } } sp->ts_tcharlen = 0; } } else { if (newscore != 0 && !soundfold && slang->sl_has_map && similar_chars(slang, c, fword[sp->ts_fidx - 1])) sp->ts_score -= SCORE_SUBST - SCORE_SIMILAR; } } } break; case STATE_DEL: if (has_mbyte && sp->ts_tcharlen > 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } PROF_STORE(sp->ts_state) sp->ts_state = STATE_INS_PREP; sp->ts_curi = 1; if (soundfold && sp->ts_fidx == 0 && fword[sp->ts_fidx] == '*') newscore = 2 * SCORE_DEL / 3; else newscore = SCORE_DEL; if (fword[sp->ts_fidx] != NUL && TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: delete %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, fword[sp->ts_fidx]); #endif ++depth; stack[depth].ts_flags |= TSF_DIDDEL; stack[depth].ts_delidx = sp->ts_fidx; if (has_mbyte) { c = mb_ptr2char(fword + sp->ts_fidx); stack[depth].ts_fidx += mb_ptr2len(fword + sp->ts_fidx); if (enc_utf8 && utf_iscomposing(c)) stack[depth].ts_score -= SCORE_DEL - SCORE_DELCOMP; else if (c == mb_ptr2char(fword + stack[depth].ts_fidx)) stack[depth].ts_score -= SCORE_DEL - SCORE_DELDUP; } else { ++stack[depth].ts_fidx; if (fword[sp->ts_fidx] == fword[sp->ts_fidx + 1]) stack[depth].ts_score -= SCORE_DEL - SCORE_DELDUP; } break; } case STATE_INS_PREP: if (sp->ts_flags & TSF_DIDDEL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP; break; } n = sp->ts_arridx; for (;;) { if (sp->ts_curi > byts[n]) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP; break; } if (byts[n + sp->ts_curi] != NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_INS; break; } ++sp->ts_curi; } break; case STATE_INS: n = sp->ts_arridx; if (sp->ts_curi > byts[n]) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP; break; } n += sp->ts_curi++; c = byts[n]; if (soundfold && sp->ts_twordlen == 0 && c == '*') newscore = 2 * SCORE_INS / 3; else newscore = SCORE_INS; if (c != fword[sp->ts_fidx] && TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: insert %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, c); #endif ++depth; sp = &stack[depth]; tword[sp->ts_twordlen++] = c; sp->ts_arridx = idxs[n]; if (has_mbyte) { fl = MB_BYTE2LEN(c); if (fl > 1) { sp->ts_tcharlen = fl; sp->ts_tcharidx = 1; sp->ts_isdiff = DIFF_INSERT; } } else fl = 1; if (fl == 1) { if (sp->ts_twordlen >= 2 && tword[sp->ts_twordlen - 2] == c) sp->ts_score -= SCORE_INS - SCORE_INSDUP; } } break; case STATE_SWAP: p = fword + sp->ts_fidx; c = *p; if (c == NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } if (!soundfold && !spell_iswordp(p, curwin)) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (has_mbyte) { n = MB_CPTR2LEN(p); c = mb_ptr2char(p); if (p[n] == NUL) c2 = NUL; else if (!soundfold && !spell_iswordp(p + n, curwin)) c2 = c; else c2 = mb_ptr2char(p + n); } else { if (p[1] == NUL) c2 = NUL; else if (!soundfold && !spell_iswordp(p + 1, curwin)) c2 = c; else c2 = p[1]; } if (c2 == NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (c == c2) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP3; break; } if (c2 != NUL && TRY_DEEPER(su, stack, depth, SCORE_SWAP)) { go_deeper(stack, depth, SCORE_SWAP); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: swap %c and %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, c, c2); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNSWAP; ++depth; if (has_mbyte) { fl = mb_char2len(c2); mch_memmove(p, p + n, fl); mb_char2bytes(c, p + fl); stack[depth].ts_fidxtry = sp->ts_fidx + n + fl; } else { p[0] = c2; p[1] = c; stack[depth].ts_fidxtry = sp->ts_fidx + 2; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNSWAP: p = fword + sp->ts_fidx; if (has_mbyte) { n = mb_ptr2len(p); c = mb_ptr2char(p + n); mch_memmove(p + mb_ptr2len(p + n), p, n); mb_char2bytes(c, p); } else { c = *p; *p = p[1]; p[1] = c; } case STATE_SWAP3: p = fword + sp->ts_fidx; if (has_mbyte) { n = MB_CPTR2LEN(p); c = mb_ptr2char(p); fl = MB_CPTR2LEN(p + n); c2 = mb_ptr2char(p + n); if (!soundfold && !spell_iswordp(p + n + fl, curwin)) c3 = c; else c3 = mb_ptr2char(p + n + fl); } else { c = *p; c2 = p[1]; if (!soundfold && !spell_iswordp(p + 2, curwin)) c3 = c; else c3 = p[2]; } if (c == c3 || c3 == NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (TRY_DEEPER(su, stack, depth, SCORE_SWAP3)) { go_deeper(stack, depth, SCORE_SWAP3); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: swap3 %c and %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, c, c3); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNSWAP3; ++depth; if (has_mbyte) { tl = mb_char2len(c3); mch_memmove(p, p + n + fl, tl); mb_char2bytes(c2, p + tl); mb_char2bytes(c, p + fl + tl); stack[depth].ts_fidxtry = sp->ts_fidx + n + fl + tl; } else { p[0] = p[2]; p[2] = c; stack[depth].ts_fidxtry = sp->ts_fidx + 3; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNSWAP3: p = fword + sp->ts_fidx; if (has_mbyte) { n = mb_ptr2len(p); c2 = mb_ptr2char(p + n); fl = mb_ptr2len(p + n); c = mb_ptr2char(p + n + fl); tl = mb_ptr2len(p + n + fl); mch_memmove(p + fl + tl, p, n); mb_char2bytes(c, p); mb_char2bytes(c2, p + tl); p = p + tl; } else { c = *p; *p = p[2]; p[2] = c; ++p; } if (!soundfold && !spell_iswordp(p, curwin)) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (TRY_DEEPER(su, stack, depth, SCORE_SWAP3)) { go_deeper(stack, depth, SCORE_SWAP3); #ifdef DEBUG_TRIEWALK p = fword + sp->ts_fidx; sprintf(changename[depth], ""%.*s-%s: rotate left %c%c%c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, p[0], p[1], p[2]); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNROT3L; ++depth; p = fword + sp->ts_fidx; if (has_mbyte) { n = MB_CPTR2LEN(p); c = mb_ptr2char(p); fl = MB_CPTR2LEN(p + n); fl += MB_CPTR2LEN(p + n + fl); mch_memmove(p, p + n, fl); mb_char2bytes(c, p + fl); stack[depth].ts_fidxtry = sp->ts_fidx + n + fl; } else { c = *p; *p = p[1]; p[1] = p[2]; p[2] = c; stack[depth].ts_fidxtry = sp->ts_fidx + 3; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNROT3L: p = fword + sp->ts_fidx; if (has_mbyte) { n = mb_ptr2len(p); n += mb_ptr2len(p + n); c = mb_ptr2char(p + n); tl = mb_ptr2len(p + n); mch_memmove(p + tl, p, n); mb_char2bytes(c, p); } else { c = p[2]; p[2] = p[1]; p[1] = *p; *p = c; } if (TRY_DEEPER(su, stack, depth, SCORE_SWAP3)) { go_deeper(stack, depth, SCORE_SWAP3); #ifdef DEBUG_TRIEWALK p = fword + sp->ts_fidx; sprintf(changename[depth], ""%.*s-%s: rotate right %c%c%c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, p[0], p[1], p[2]); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNROT3R; ++depth; p = fword + sp->ts_fidx; if (has_mbyte) { n = MB_CPTR2LEN(p); n += MB_CPTR2LEN(p + n); c = mb_ptr2char(p + n); tl = MB_CPTR2LEN(p + n); mch_memmove(p + tl, p, n); mb_char2bytes(c, p); stack[depth].ts_fidxtry = sp->ts_fidx + n + tl; } else { c = p[2]; p[2] = p[1]; p[1] = *p; *p = c; stack[depth].ts_fidxtry = sp->ts_fidx + 3; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNROT3R: p = fword + sp->ts_fidx; if (has_mbyte) { c = mb_ptr2char(p); tl = mb_ptr2len(p); n = mb_ptr2len(p + tl); n += mb_ptr2len(p + tl + n); mch_memmove(p, p + tl, n); mb_char2bytes(c, p + n); } else { c = *p; *p = p[1]; p[1] = p[2]; p[2] = c; } case STATE_REP_INI: if ((lp->lp_replang == NULL && !soundfold) || sp->ts_score + SCORE_REP >= su->su_maxscore || sp->ts_fidx < sp->ts_fidxtry) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } if (soundfold) sp->ts_curi = slang->sl_repsal_first[fword[sp->ts_fidx]]; else sp->ts_curi = lp->lp_replang->sl_rep_first[fword[sp->ts_fidx]]; if (sp->ts_curi < 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP; case STATE_REP: p = fword + sp->ts_fidx; if (soundfold) gap = &slang->sl_repsal; else gap = &lp->lp_replang->sl_rep; while (sp->ts_curi < gap->ga_len) { ftp = (fromto_T *)gap->ga_data + sp->ts_curi++; if (*ftp->ft_from != *p) { sp->ts_curi = gap->ga_len; break; } if (STRNCMP(ftp->ft_from, p, STRLEN(ftp->ft_from)) == 0 && TRY_DEEPER(su, stack, depth, SCORE_REP)) { go_deeper(stack, depth, SCORE_REP); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: replace %s with %s"", sp->ts_twordlen, tword, fword + sp->ts_fidx, ftp->ft_from, ftp->ft_to); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_UNDO; ++depth; fl = (int)STRLEN(ftp->ft_from); tl = (int)STRLEN(ftp->ft_to); if (fl != tl) { STRMOVE(p + tl, p + fl); repextra += tl - fl; } mch_memmove(p, ftp->ft_to, tl); stack[depth].ts_fidxtry = sp->ts_fidx + tl; stack[depth].ts_tcharlen = 0; break; } } if (sp->ts_curi >= gap->ga_len && sp->ts_state == STATE_REP) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; } break; case STATE_REP_UNDO: if (soundfold) gap = &slang->sl_repsal; else gap = &lp->lp_replang->sl_rep; ftp = (fromto_T *)gap->ga_data + sp->ts_curi - 1; fl = (int)STRLEN(ftp->ft_from); tl = (int)STRLEN(ftp->ft_to); p = fword + sp->ts_fidx; if (fl != tl) { STRMOVE(p + fl, p + tl); repextra -= tl - fl; } mch_memmove(p, ftp->ft_from, fl); PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP; break; default: --depth; if (depth >= 0 && stack[depth].ts_prefixdepth == PFD_PREFIXTREE) { byts = pbyts; idxs = pidxs; } if (--breakcheckcount == 0) { ui_breakcheck(); breakcheckcount = 1000; } } } }",visit repo url,src/spellsuggest.c,https://github.com/vim/vim,155969339772902,1 3696,CWE-119,"do_ssh2_kex(void) { char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; struct kex *kex; int r; myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( options.kex_algorithms); myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal( options.ciphers); myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal( options.ciphers); myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.compression == COMP_NONE) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = ""none""; } else if (options.compression == COMP_DELAYED) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = ""none,zlib@openssh.com""; } if (options.rekey_limit || options.rekey_interval) packet_set_rekey_limits(options.rekey_limit, (time_t)options.rekey_interval); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( list_hostkey_types()); if ((r = kex_setup(active_state, myproposal)) != 0) fatal(""kex_setup: %s"", ssh_err(r)); kex = active_state->kex; #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->kex[KEX_ECDH_SHA2] = kexecdh_server; #endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; kex->sign = sshd_hostkey_sign; dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); session_id2 = kex->session_id; session_id2_len = kex->session_id_len; #ifdef DEBUG_KEXDH packet_start(SSH2_MSG_IGNORE); packet_put_cstring(""markus""); packet_send(); packet_write_wait(); #endif debug(""KEX done""); }",visit repo url,usr.bin/ssh/sshd.c,https://github.com/openbsd/src,75330183580643,1 6264,CWE-190,"int util(void) { int l, code = RLC_ERR; gt_t a, b, c; uint8_t bin[24 * RLC_PC_BYTES]; gt_null(a); gt_null(b); gt_null(c); RLC_TRY { gt_new(a); gt_new(b); gt_new(c); TEST_CASE(""comparison is consistent"") { gt_rand(a); gt_rand(b); TEST_ASSERT(gt_cmp(a, b) != RLC_EQ, end); } TEST_END; TEST_CASE(""copy and comparison are consistent"") { gt_rand(a); gt_rand(b); gt_rand(c); if (gt_cmp(a, c) != RLC_EQ) { gt_copy(c, a); TEST_ASSERT(gt_cmp(c, a) == RLC_EQ, end); } if (gt_cmp(b, c) != RLC_EQ) { gt_copy(c, b); TEST_ASSERT(gt_cmp(b, c) == RLC_EQ, end); } } TEST_END; TEST_CASE(""inversion and comparison are consistent"") { gt_rand(a); gt_inv(b, a); TEST_ASSERT(gt_cmp(a, b) != RLC_EQ, end); } TEST_END; TEST_CASE (""assignment to random/infinity and comparison are consistent"") { gt_rand(a); gt_set_unity(c); TEST_ASSERT(gt_cmp(a, c) != RLC_EQ, end); TEST_ASSERT(gt_cmp(c, a) != RLC_EQ, end); } TEST_END; TEST_CASE(""assignment to unity and unity test are consistent"") { gt_set_unity(a); TEST_ASSERT(gt_is_unity(a), end); } TEST_END; } RLC_CATCH_ANY { util_print(""FATAL ERROR!\n""); RLC_ERROR(end); } code = RLC_OK; end: gt_free(a); gt_free(b); gt_free(c); return code; }",visit repo url,test/test_pc.c,https://github.com/relic-toolkit/relic,113709941457968,1 5304,CWE-20,"static TEE_Result tee_svc_copy_param(struct tee_ta_session *sess, struct tee_ta_session *called_sess, struct utee_params *callee_params, struct tee_ta_param *param, void *tmp_buf_va[TEE_NUM_PARAMS], struct mobj **mobj_tmp) { size_t n; TEE_Result res; size_t req_mem = 0; size_t s; uint8_t *dst = 0; bool ta_private_memref[TEE_NUM_PARAMS]; struct user_ta_ctx *utc = to_user_ta_ctx(sess->ctx); void *va; size_t dst_offs; if (!callee_params) { memset(param, 0, sizeof(*param)); } else { res = tee_mmu_check_access_rights(utc, TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, (uaddr_t)callee_params, sizeof(struct utee_params)); if (res != TEE_SUCCESS) return res; utee_param_to_param(param, callee_params); } if (called_sess && is_pseudo_ta_ctx(called_sess->ctx)) { return TEE_SUCCESS; } for (n = 0; n < TEE_NUM_PARAMS; n++) { ta_private_memref[n] = false; switch (TEE_PARAM_TYPE_GET(param->types, n)) { case TEE_PARAM_TYPE_MEMREF_INPUT: case TEE_PARAM_TYPE_MEMREF_OUTPUT: case TEE_PARAM_TYPE_MEMREF_INOUT: va = (void *)param->u[n].mem.offs; s = param->u[n].mem.size; if (!va) { if (s) return TEE_ERROR_BAD_PARAMETERS; break; } if (tee_mmu_is_vbuf_inside_ta_private(utc, va, s)) { s = ROUNDUP(s, sizeof(uint32_t)); if (ADD_OVERFLOW(req_mem, s, &req_mem)) return TEE_ERROR_BAD_PARAMETERS; ta_private_memref[n] = true; break; } res = tee_mmu_vbuf_to_mobj_offs(utc, va, s, ¶m->u[n].mem.mobj, ¶m->u[n].mem.offs); if (res != TEE_SUCCESS) return res; break; default: break; } } if (req_mem == 0) return TEE_SUCCESS; res = alloc_temp_sec_mem(req_mem, mobj_tmp, &dst); if (res != TEE_SUCCESS) return res; dst_offs = 0; for (n = 0; n < TEE_NUM_PARAMS; n++) { if (!ta_private_memref[n]) continue; s = ROUNDUP(param->u[n].mem.size, sizeof(uint32_t)); switch (TEE_PARAM_TYPE_GET(param->types, n)) { case TEE_PARAM_TYPE_MEMREF_INPUT: case TEE_PARAM_TYPE_MEMREF_INOUT: va = (void *)param->u[n].mem.offs; if (va) { res = tee_svc_copy_from_user(dst, va, param->u[n].mem.size); if (res != TEE_SUCCESS) return res; param->u[n].mem.offs = dst_offs; param->u[n].mem.mobj = *mobj_tmp; tmp_buf_va[n] = dst; dst += s; dst_offs += s; } break; case TEE_PARAM_TYPE_MEMREF_OUTPUT: va = (void *)param->u[n].mem.offs; if (va) { param->u[n].mem.offs = dst_offs; param->u[n].mem.mobj = *mobj_tmp; tmp_buf_va[n] = dst; dst += s; dst_offs += s; } break; default: continue; } } return TEE_SUCCESS; }",visit repo url,core/tee/tee_svc.c,https://github.com/OP-TEE/optee_os,41804425162260,1 1888,CWE-476,"static int __init memory_tier_init(void) { int ret, node; struct memory_tier *memtier; ret = subsys_virtual_register(&memory_tier_subsys, NULL); if (ret) panic(""%s() failed to register memory tier subsystem\n"", __func__); #ifdef CONFIG_MIGRATION node_demotion = kcalloc(nr_node_ids, sizeof(struct demotion_nodes), GFP_KERNEL); WARN_ON(!node_demotion); #endif mutex_lock(&memory_tier_lock); default_dram_type = alloc_memory_type(MEMTIER_ADISTANCE_DRAM); if (!default_dram_type) panic(""%s() failed to allocate default DRAM tier\n"", __func__); for_each_node_state(node, N_MEMORY) { memtier = set_node_memory_tier(node); if (IS_ERR(memtier)) break; } establish_demotion_targets(); mutex_unlock(&memory_tier_lock); hotplug_memory_notifier(memtier_hotplug_callback, MEMTIER_HOTPLUG_PRI); return 0; }",visit repo url,mm/memory-tiers.c,https://github.com/torvalds/linux,26144893566487,1 4123,CWE-20,"main (int argc, char *argv[]) { unsigned cmdn; int flags = IDN2_NONTRANSITIONAL; setlocale (LC_ALL, """"); set_program_name (argv[0]); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); if (cmdline_parser (argc, argv, &args_info) != 0) return EXIT_FAILURE; if (args_info.version_given) { version_etc (stdout, ""idn2"", PACKAGE_NAME, VERSION, ""Simon Josefsson"", (char *) NULL); return EXIT_SUCCESS; } if (args_info.help_given) usage (EXIT_SUCCESS); if (!args_info.quiet_given && args_info.inputs_num == 0 && isatty (fileno (stdin))) fprintf (stderr, ""%s %s\n"" GREETING, PACKAGE, VERSION); if (args_info.debug_given) fprintf (stderr, _(""Charset: %s\n""), locale_charset ()); if (!args_info.quiet_given && args_info.inputs_num == 0 && isatty (fileno (stdin))) fprintf (stderr, ""%s"", _(""Type each input string on a line by itself, "" ""terminated by a newline character.\n"")); if (args_info.tr46t_given) flags = IDN2_TRANSITIONAL; else if (args_info.tr46nt_given) flags = IDN2_NONTRANSITIONAL; else if (args_info.no_tr46_given) flags = IDN2_NO_TR46; if (flags && args_info.usestd3asciirules_given) flags |= IDN2_USE_STD3_ASCII_RULES; for (cmdn = 0; cmdn < args_info.inputs_num; cmdn++) process_input (args_info.inputs[cmdn], flags | IDN2_NFC_INPUT); if (!cmdn) { char *buf = NULL; size_t bufsize = 0; while (getline (&buf, &bufsize, stdin) > 0) process_input (buf, flags); free (buf); } if (ferror (stdin)) error (EXIT_FAILURE, errno, ""%s"", _(""input error"")); cmdline_parser_free (&args_info); return EXIT_SUCCESS; }",visit repo url,src/idn2.c,https://gitlab.com/libidn/libidn2,223306533760343,1 6013,CWE-120,"static CYTHON_INLINE PyObject* __Pyx_decode_c_string( const char* cstring, Py_ssize_t start, Py_ssize_t stop, const char* encoding, const char* errors, PyObject* (*decode_func)(const char *s, Py_ssize_t size, const char *errors)) { Py_ssize_t length; if (unlikely((start < 0) | (stop < 0))) { size_t slen = strlen(cstring); if (unlikely(slen > (size_t) PY_SSIZE_T_MAX)) { PyErr_SetString(PyExc_OverflowError, ""c-string too long to convert to Python""); return NULL; } length = (Py_ssize_t) slen; if (start < 0) { start += length; if (start < 0) start = 0; } if (stop < 0) stop += length; } if (unlikely(stop <= start)) return PyUnicode_FromUnicode(NULL, 0); length = stop - start; cstring += start; if (decode_func) { return decode_func(cstring, length, errors); } else { return PyUnicode_Decode(cstring, length, encoding, errors); } }",visit repo url,clickhouse_driver/columns/stringcolumn.c,https://github.com/mymarilyn/clickhouse-driver,187394945393850,1 5647,['CWE-476'],"static int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; struct sk_buff *skb; int copied, err; if (addr_len) *addr_len=sizeof(*sin); if (flags & MSG_ERRQUEUE) return ip_recv_error(sk, msg, len); try_again: skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len - sizeof(struct udphdr); if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } if (skb->ip_summed==CHECKSUM_UNNECESSARY) { err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov, copied); } else if (msg->msg_flags&MSG_TRUNC) { if (__udp_checksum_complete(skb)) goto csum_copy_err; err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov, copied); } else { err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (err) goto out_free; sock_recv_timestamp(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_port = skb->h.uh->source; sin->sin_addr.s_addr = skb->nh.iph->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); } if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); err = copied; if (flags & MSG_TRUNC) err = skb->len - sizeof(struct udphdr); out_free: skb_free_datagram(sk, skb); out: return err; csum_copy_err: UDP_INC_STATS_BH(UDP_MIB_INERRORS); skb_kill_datagram(sk, skb, flags); if (noblock) return -EAGAIN; goto try_again; }",linux-2.6,,,102257619668173893932755897746506270122,0 3231,CWE-125,"eap_print(netdissect_options *ndo, register const u_char *cp, u_int length) { const struct eap_frame_t *eap; const u_char *tptr; u_int tlen, type, subtype; int count=0, len; tptr = cp; tlen = length; eap = (const struct eap_frame_t *)cp; ND_TCHECK(*eap); if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, ""%s (%u) v%u, len %u"", tok2str(eap_frame_type_values, ""unknown"", eap->type), eap->type, eap->version, EXTRACT_16BITS(eap->length))); return; } ND_PRINT((ndo, ""%s (%u) v%u, len %u"", tok2str(eap_frame_type_values, ""unknown"", eap->type), eap->type, eap->version, EXTRACT_16BITS(eap->length))); tptr += sizeof(const struct eap_frame_t); tlen -= sizeof(const struct eap_frame_t); switch (eap->type) { case EAP_FRAME_TYPE_PACKET: type = *(tptr); len = EXTRACT_16BITS(tptr+2); ND_PRINT((ndo, "", %s (%u), id %u, len %u"", tok2str(eap_code_values, ""unknown"", type), type, *(tptr+1), len)); ND_TCHECK2(*tptr, len); if (type <= 2) { subtype = *(tptr+4); ND_PRINT((ndo, ""\n\t\t Type %s (%u)"", tok2str(eap_type_values, ""unknown"", *(tptr+4)), *(tptr + 4))); switch (subtype) { case EAP_TYPE_IDENTITY: if (len - 5 > 0) { ND_PRINT((ndo, "", Identity: "")); safeputs(ndo, tptr + 5, len - 5); } break; case EAP_TYPE_NOTIFICATION: if (len - 5 > 0) { ND_PRINT((ndo, "", Notification: "")); safeputs(ndo, tptr + 5, len - 5); } break; case EAP_TYPE_NAK: count = 5; while (count < len) { ND_PRINT((ndo, "" %s (%u),"", tok2str(eap_type_values, ""unknown"", *(tptr+count)), *(tptr + count))); count++; } break; case EAP_TYPE_TTLS: ND_PRINT((ndo, "" TTLSv%u"", EAP_TTLS_VERSION(*(tptr + 5)))); case EAP_TYPE_TLS: ND_PRINT((ndo, "" flags [%s] 0x%02x,"", bittok2str(eap_tls_flags_values, ""none"", *(tptr+5)), *(tptr + 5))); if (EAP_TLS_EXTRACT_BIT_L(*(tptr+5))) { ND_PRINT((ndo, "" len %u"", EXTRACT_32BITS(tptr + 6))); } break; case EAP_TYPE_FAST: ND_PRINT((ndo, "" FASTv%u"", EAP_TTLS_VERSION(*(tptr + 5)))); ND_PRINT((ndo, "" flags [%s] 0x%02x,"", bittok2str(eap_tls_flags_values, ""none"", *(tptr+5)), *(tptr + 5))); if (EAP_TLS_EXTRACT_BIT_L(*(tptr+5))) { ND_PRINT((ndo, "" len %u"", EXTRACT_32BITS(tptr + 6))); } break; case EAP_TYPE_AKA: case EAP_TYPE_SIM: ND_PRINT((ndo, "" subtype [%s] 0x%02x,"", tok2str(eap_aka_subtype_values, ""unknown"", *(tptr+5)), *(tptr + 5))); break; case EAP_TYPE_MD5_CHALLENGE: case EAP_TYPE_OTP: case EAP_TYPE_GTC: case EAP_TYPE_EXPANDED_TYPES: case EAP_TYPE_EXPERIMENTAL: default: break; } } break; case EAP_FRAME_TYPE_LOGOFF: case EAP_FRAME_TYPE_ENCAP_ASF_ALERT: default: break; } return; trunc: ND_PRINT((ndo, ""\n\t[|EAP]"")); }",visit repo url,print-eap.c,https://github.com/the-tcpdump-group/tcpdump,101763448477919,1 360,CWE-476,"int fscrypt_get_encryption_info(struct inode *inode) { struct fscrypt_info *ci = inode->i_crypt_info; if (!ci || (ci->ci_keyring_key && (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) | (1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_DEAD))))) return fscrypt_get_crypt_info(inode); return 0; }",visit repo url,fs/crypto/keyinfo.c,https://github.com/torvalds/linux,267717877859656,1 4535,CWE-122,"GF_Err gf_isom_get_sample_cenc_info_internal(GF_TrackBox *trak, void *traf, GF_SampleEncryptionBox *senc, u32 sample_number, Bool *IsEncrypted, u8 *crypt_byte_block, u8 *skip_byte_block, const u8 **key_info, u32 *key_info_size) #endif { GF_SampleGroupBox *sample_group; u32 j, group_desc_index; GF_SampleGroupDescriptionBox *sgdesc; u32 i, count; u32 descIndex, chunkNum; u64 offset; u32 first_sample_in_entry, last_sample_in_entry; GF_CENCSampleEncryptionGroupEntry *entry; if (IsEncrypted) *IsEncrypted = GF_FALSE; if (crypt_byte_block) *crypt_byte_block = 0; if (skip_byte_block) *skip_byte_block = 0; if (key_info) *key_info = NULL; if (key_info_size) *key_info_size = 0; if (!trak) return GF_BAD_PARAM; #ifdef GPAC_DISABLE_ISOM_FRAGMENTS if (traf) return GF_NOT_SUPPORTED; #else sample_number -= trak->sample_count_at_seg_start; #endif if (trak->Media->information->sampleTable->SampleSize && trak->Media->information->sampleTable->SampleSize->sampleCount>=sample_number) { stbl_GetSampleInfos(trak->Media->information->sampleTable, sample_number, &offset, &chunkNum, &descIndex, NULL); } else { descIndex = trak->current_traf_stsd_idx; if (!descIndex) descIndex = 1; } gf_isom_cenc_get_default_info_internal(trak, descIndex, NULL, IsEncrypted, crypt_byte_block, skip_byte_block, key_info, key_info_size); sample_group = NULL; group_desc_index = 0; if (trak->Media->information->sampleTable->sampleGroups) { count = gf_list_count(trak->Media->information->sampleTable->sampleGroups); for (i=0; iMedia->information->sampleTable->sampleGroups, i); if (sample_group->grouping_type == GF_ISOM_SAMPLE_GROUP_SEIG) break; sample_group = NULL; } if (sample_group) { first_sample_in_entry = 1; for (j=0; jentry_count; j++) { last_sample_in_entry = first_sample_in_entry + sample_group->sample_entries[j].sample_count - 1; if ((sample_numberlast_sample_in_entry)) { first_sample_in_entry = last_sample_in_entry+1; continue; } group_desc_index = sample_group->sample_entries[j].group_description_index; break; } } } #ifndef GPAC_DISABLE_ISOM_FRAGMENTS if (!group_desc_index && traf && traf->sampleGroups) { count = gf_list_count(traf->sampleGroups); for (i=0; isampleGroups, i); if (sample_group->grouping_type == GF_ISOM_SAMPLE_GROUP_SEIG) break; sample_group = NULL; } if (sample_group) { first_sample_in_entry = 1; for (j=0; jentry_count; j++) { last_sample_in_entry = first_sample_in_entry + sample_group->sample_entries[j].sample_count - 1; if ((sample_numberlast_sample_in_entry)) { first_sample_in_entry = last_sample_in_entry+1; continue; } group_desc_index = sample_group->sample_entries[j].group_description_index; break; } } } #endif if (!group_desc_index) goto exit; sgdesc = NULL; if (group_desc_index<=0x10000) { for (j=0; jMedia->information->sampleTable->sampleGroupsDescription); j++) { sgdesc = (GF_SampleGroupDescriptionBox*)gf_list_get(trak->Media->information->sampleTable->sampleGroupsDescription, j); if (sgdesc->grouping_type==sample_group->grouping_type) break; sgdesc = NULL; } } #ifndef GPAC_DISABLE_ISOM_FRAGMENTS else if (traf) { group_desc_index -= 0x10000; for (j=0; jsampleGroupsDescription); j++) { sgdesc = (GF_SampleGroupDescriptionBox*)gf_list_get(traf->sampleGroupsDescription, j); if (sgdesc->grouping_type==sample_group->grouping_type) break; sgdesc = NULL; } } #endif if (!sgdesc) return GF_ISOM_INVALID_FILE; entry = (GF_CENCSampleEncryptionGroupEntry *) gf_list_get(sgdesc->group_descriptions, group_desc_index - 1); if (!entry) return GF_ISOM_INVALID_FILE; if (IsEncrypted) *IsEncrypted = entry->IsProtected; if (crypt_byte_block) *crypt_byte_block = entry->crypt_byte_block; if (skip_byte_block) *skip_byte_block = entry->skip_byte_block; if (key_info) *key_info = entry->key_info; if (key_info_size) *key_info_size = entry->key_info_size; exit: if (( (senc && senc->piff_type==1) || (trak->moov && trak->moov->mov->is_smooth) ) && key_info && ! (*key_info) ) { if (!senc) { if (IsEncrypted) *IsEncrypted = GF_TRUE; if (key_info_size) *key_info_size = 8; } else { if (!senc->piff_type) { senc->piff_type = 2; senc->IV_size = 8; } assert(senc->IV_size); if (IsEncrypted) *IsEncrypted = GF_TRUE; if (key_info_size) *key_info_size = senc->IV_size; } } return GF_OK; }",visit repo url,src/isomedia/isom_read.c,https://github.com/gpac/gpac,224603792627064,1 6444,[],"argzize_path (const char *path, char **pargz, size_t *pargz_len) { error_t error; assert (path); assert (pargz); assert (pargz_len); if ((error = argz_create_sep (path, LT_PATHSEP_CHAR, pargz, pargz_len))) { switch (error) { case ENOMEM: LT__SETERROR (NO_MEMORY); break; default: LT__SETERROR (UNKNOWN); break; } return 1; } return 0; }",libtool,,,157336979605392162004320375947809508303,0 48,['CWE-787'],"static uint32_t cirrus_linear_bitblt_readb(void *opaque, target_phys_addr_t addr) { uint32_t ret; ret = 0xff; return ret; }",qemu,,,147229127408331101444336786515903305612,0 5426,CWE-908,"vips_malloc( VipsObject *object, size_t size ) { void *buf; buf = g_malloc( size ); if( object ) { g_signal_connect( object, ""postclose"", G_CALLBACK( vips_malloc_cb ), buf ); object->local_memory += size; } return( buf ); }",visit repo url,libvips/iofuncs/memory.c,https://github.com/libvips/libvips,252963521140020,1 5302,CWE-125,"static TEE_Result tee_svc_copy_param(struct tee_ta_session *sess, struct tee_ta_session *called_sess, struct utee_params *callee_params, struct tee_ta_param *param, void *tmp_buf_va[TEE_NUM_PARAMS], struct mobj **mobj_tmp) { size_t n; TEE_Result res; size_t req_mem = 0; size_t s; uint8_t *dst = 0; bool ta_private_memref[TEE_NUM_PARAMS]; struct user_ta_ctx *utc = to_user_ta_ctx(sess->ctx); void *va; size_t dst_offs; if (!callee_params) { memset(param, 0, sizeof(*param)); } else { res = tee_mmu_check_access_rights(utc, TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, (uaddr_t)callee_params, sizeof(struct utee_params)); if (res != TEE_SUCCESS) return res; utee_param_to_param(param, callee_params); } if (called_sess && is_pseudo_ta_ctx(called_sess->ctx)) { return TEE_SUCCESS; } for (n = 0; n < TEE_NUM_PARAMS; n++) { ta_private_memref[n] = false; switch (TEE_PARAM_TYPE_GET(param->types, n)) { case TEE_PARAM_TYPE_MEMREF_INPUT: case TEE_PARAM_TYPE_MEMREF_OUTPUT: case TEE_PARAM_TYPE_MEMREF_INOUT: va = (void *)param->u[n].mem.offs; s = param->u[n].mem.size; if (!va) { if (s) return TEE_ERROR_BAD_PARAMETERS; break; } if (tee_mmu_is_vbuf_inside_ta_private(utc, va, s)) { s = ROUNDUP(s, sizeof(uint32_t)); if (ADD_OVERFLOW(req_mem, s, &req_mem)) return TEE_ERROR_BAD_PARAMETERS; ta_private_memref[n] = true; break; } res = tee_mmu_vbuf_to_mobj_offs(utc, va, s, ¶m->u[n].mem.mobj, ¶m->u[n].mem.offs); if (res != TEE_SUCCESS) return res; break; default: break; } } if (req_mem == 0) return TEE_SUCCESS; res = alloc_temp_sec_mem(req_mem, mobj_tmp, &dst); if (res != TEE_SUCCESS) return res; dst_offs = 0; for (n = 0; n < TEE_NUM_PARAMS; n++) { if (!ta_private_memref[n]) continue; s = ROUNDUP(param->u[n].mem.size, sizeof(uint32_t)); switch (TEE_PARAM_TYPE_GET(param->types, n)) { case TEE_PARAM_TYPE_MEMREF_INPUT: case TEE_PARAM_TYPE_MEMREF_INOUT: va = (void *)param->u[n].mem.offs; if (va) { res = tee_svc_copy_from_user(dst, va, param->u[n].mem.size); if (res != TEE_SUCCESS) return res; param->u[n].mem.offs = dst_offs; param->u[n].mem.mobj = *mobj_tmp; tmp_buf_va[n] = dst; dst += s; dst_offs += s; } break; case TEE_PARAM_TYPE_MEMREF_OUTPUT: va = (void *)param->u[n].mem.offs; if (va) { param->u[n].mem.offs = dst_offs; param->u[n].mem.mobj = *mobj_tmp; tmp_buf_va[n] = dst; dst += s; dst_offs += s; } break; default: continue; } } return TEE_SUCCESS; }",visit repo url,core/tee/tee_svc.c,https://github.com/OP-TEE/optee_os,41804425162260,1 1956,['CWE-20'],"struct page *follow_page(struct vm_area_struct *vma, unsigned long address, unsigned int flags) { pgd_t *pgd; pud_t *pud; pmd_t *pmd; pte_t *ptep, pte; spinlock_t *ptl; struct page *page; struct mm_struct *mm = vma->vm_mm; page = follow_huge_addr(mm, address, flags & FOLL_WRITE); if (!IS_ERR(page)) { BUG_ON(flags & FOLL_GET); goto out; } page = NULL; pgd = pgd_offset(mm, address); if (pgd_none(*pgd) || unlikely(pgd_bad(*pgd))) goto no_page_table; pud = pud_offset(pgd, address); if (pud_none(*pud) || unlikely(pud_bad(*pud))) goto no_page_table; pmd = pmd_offset(pud, address); if (pmd_none(*pmd)) goto no_page_table; if (pmd_huge(*pmd)) { BUG_ON(flags & FOLL_GET); page = follow_huge_pmd(mm, address, pmd, flags & FOLL_WRITE); goto out; } if (unlikely(pmd_bad(*pmd))) goto no_page_table; ptep = pte_offset_map_lock(mm, pmd, address, &ptl); pte = *ptep; if (!pte_present(pte)) goto no_page; if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock; page = vm_normal_page(vma, address, pte); if (unlikely(!page)) goto bad_page; if (flags & FOLL_GET) get_page(page); if (flags & FOLL_TOUCH) { if ((flags & FOLL_WRITE) && !pte_dirty(pte) && !PageDirty(page)) set_page_dirty(page); mark_page_accessed(page); } unlock: pte_unmap_unlock(ptep, ptl); out: return page; bad_page: pte_unmap_unlock(ptep, ptl); return ERR_PTR(-EFAULT); no_page: pte_unmap_unlock(ptep, ptl); if (!pte_none(pte)) return page; no_page_table: if (flags & FOLL_ANON) { page = ZERO_PAGE(0); if (flags & FOLL_GET) get_page(page); BUG_ON(flags & FOLL_WRITE); } return page; }",linux-2.6,,,25327948130429059849511292375880185975,0 683,CWE-20,"static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name; struct ddpehdr *ddp; int copied = 0; int offset = 0; int err = 0; struct sk_buff *skb; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); lock_sock(sk); if (!skb) goto out; ddp = ddp_hdr(skb); copied = ntohs(ddp->deh_len_hops) & 1023; if (sk->sk_type != SOCK_RAW) { offset = sizeof(*ddp); copied -= offset; } if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied); if (!err) { if (sat) { sat->sat_family = AF_APPLETALK; sat->sat_port = ddp->deh_sport; sat->sat_addr.s_node = ddp->deh_snode; sat->sat_addr.s_net = ddp->deh_snet; } msg->msg_namelen = sizeof(*sat); } skb_free_datagram(sk, skb); out: release_sock(sk); return err ? : copied; }",visit repo url,net/appletalk/ddp.c,https://github.com/torvalds/linux,30002071291188,1 960,['CWE-189'],"ProcShmPutImage(client) register ClientPtr client; { GCPtr pGC; DrawablePtr pDraw; long length; ShmDescPtr shmdesc; REQUEST(xShmPutImageReq); REQUEST_SIZE_MATCH(xShmPutImageReq); VALIDATE_DRAWABLE_AND_GC(stuff->drawable, pDraw, DixWriteAccess); VERIFY_SHMPTR(stuff->shmseg, stuff->offset, FALSE, shmdesc, client); if ((stuff->sendEvent != xTrue) && (stuff->sendEvent != xFalse)) return BadValue; if (stuff->format == XYBitmap) { if (stuff->depth != 1) return BadMatch; length = PixmapBytePad(stuff->totalWidth, 1); } else if (stuff->format == XYPixmap) { if (pDraw->depth != stuff->depth) return BadMatch; length = PixmapBytePad(stuff->totalWidth, 1); length *= stuff->depth; } else if (stuff->format == ZPixmap) { if (pDraw->depth != stuff->depth) return BadMatch; length = PixmapBytePad(stuff->totalWidth, stuff->depth); } else { client->errorValue = stuff->format; return BadValue; } VERIFY_SHMSIZE(shmdesc, stuff->offset, length * stuff->totalHeight, client); if (stuff->srcX > stuff->totalWidth) { client->errorValue = stuff->srcX; return BadValue; } if (stuff->srcY > stuff->totalHeight) { client->errorValue = stuff->srcY; return BadValue; } if ((stuff->srcX + stuff->srcWidth) > stuff->totalWidth) { client->errorValue = stuff->srcWidth; return BadValue; } if ((stuff->srcY + stuff->srcHeight) > stuff->totalHeight) { client->errorValue = stuff->srcHeight; return BadValue; } if ((((stuff->format == ZPixmap) && (stuff->srcX == 0)) || ((stuff->format != ZPixmap) && (stuff->srcX < screenInfo.bitmapScanlinePad) && ((stuff->format == XYBitmap) || ((stuff->srcY == 0) && (stuff->srcHeight == stuff->totalHeight))))) && ((stuff->srcX + stuff->srcWidth) == stuff->totalWidth)) (*pGC->ops->PutImage) (pDraw, pGC, stuff->depth, stuff->dstX, stuff->dstY, stuff->totalWidth, stuff->srcHeight, stuff->srcX, stuff->format, shmdesc->addr + stuff->offset + (stuff->srcY * length)); else (*shmFuncs[pDraw->pScreen->myNum]->PutImage)( pDraw, pGC, stuff->depth, stuff->format, stuff->totalWidth, stuff->totalHeight, stuff->srcX, stuff->srcY, stuff->srcWidth, stuff->srcHeight, stuff->dstX, stuff->dstY, shmdesc->addr + stuff->offset); if (stuff->sendEvent) { xShmCompletionEvent ev; ev.type = ShmCompletionCode; ev.drawable = stuff->drawable; ev.sequenceNumber = client->sequence; ev.minorEvent = X_ShmPutImage; ev.majorEvent = ShmReqCode; ev.shmseg = stuff->shmseg; ev.offset = stuff->offset; WriteEventsToClient(client, 1, (xEvent *) &ev); } return (client->noClientException); }",xserver,,,311181873699015545960534144476624395078,0 278,[],"static int do_atm_ioctl(unsigned int fd, unsigned int cmd32, unsigned long arg) { int i; unsigned int cmd = 0; switch (cmd32) { case SONET_GETSTAT: case SONET_GETSTATZ: case SONET_GETDIAG: case SONET_SETDIAG: case SONET_CLRDIAG: case SONET_SETFRAMING: case SONET_GETFRAMING: case SONET_GETFRSENSE: return do_atmif_sioc(fd, cmd32, arg); } for (i = 0; i < NR_ATM_IOCTL; i++) { if (cmd32 == atm_ioctl_map[i].cmd32) { cmd = atm_ioctl_map[i].cmd; break; } } if (i == NR_ATM_IOCTL) return -EINVAL; switch (cmd) { case ATM_GETNAMES: return do_atm_iobuf(fd, cmd, arg); case ATM_GETLINKRATE: case ATM_GETTYPE: case ATM_GETESI: case ATM_GETADDR: case ATM_RSTADDR: case ATM_ADDADDR: case ATM_DELADDR: case ATM_GETCIRANGE: case ATM_SETCIRANGE: case ATM_SETESI: case ATM_SETESIF: case ATM_GETSTAT: case ATM_GETSTATZ: case ATM_GETLOOP: case ATM_SETLOOP: case ATM_QUERYLOOP: return do_atmif_sioc(fd, cmd, arg); } return -EINVAL; }",linux-2.6,,,209213062605057632516340989302872546727,0 5168,CWE-787,"void edge_sparse_csr_reader_double( const char* i_csr_file_in, unsigned int** o_row_idx, unsigned int** o_column_idx, double** o_values, unsigned int* o_row_count, unsigned int* o_column_count, unsigned int* o_element_count ) { FILE *l_csr_file_handle; const unsigned int l_line_length = 512; char l_line[512 +1]; unsigned int l_header_read = 0; unsigned int* l_row_idx_id = NULL; unsigned int l_i = 0; l_csr_file_handle = fopen( i_csr_file_in, ""r"" ); if ( l_csr_file_handle == NULL ) { fprintf( stderr, ""cannot open CSR file!\n"" ); return; } while (fgets(l_line, l_line_length, l_csr_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { fprintf( stderr, ""could not read file length!\n"" ); return; } if ( l_line[0] == '%' ) { continue; } else { if ( l_header_read == 0 ) { if ( sscanf(l_line, ""%u %u %u"", o_row_count, o_column_count, o_element_count) == 3 ) { *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count + 1)); *o_values = (double*) malloc(sizeof(double) * (*o_element_count)); l_row_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count)); if ( ( *o_row_idx == NULL ) || ( *o_column_idx == NULL ) || ( *o_values == NULL ) || ( l_row_idx_id == NULL ) ) { fprintf( stderr, ""could not allocate sp data!\n"" ); return; } memset(*o_row_idx, 0, sizeof(unsigned int)*(*o_row_count + 1)); memset(*o_column_idx, 0, sizeof(unsigned int)*(*o_element_count)); memset(*o_values, 0, sizeof(double)*(*o_element_count)); memset(l_row_idx_id, 0, sizeof(unsigned int)*(*o_row_count)); for ( l_i = 0; l_i < (*o_row_count + 1); l_i++) (*o_row_idx)[l_i] = (*o_element_count); (*o_row_idx)[0] = 0; l_i = 0; l_header_read = 1; } else { fprintf( stderr, ""could not csr description!\n"" ); return; } } else { unsigned int l_row, l_column; double l_value; if ( sscanf(l_line, ""%u %u %lf"", &l_row, &l_column, &l_value) != 3 ) { fprintf( stderr, ""could not read element!\n"" ); return; } l_row--; l_column--; (*o_column_idx)[l_i] = l_column; (*o_values)[l_i] = l_value; l_i++; l_row_idx_id[l_row] = 1; (*o_row_idx)[l_row+1] = l_i; } } } fclose( l_csr_file_handle ); if ( l_i != (*o_element_count) ) { fprintf( stderr, ""we were not able to read all elements!\n"" ); return; } for ( l_i = 0; l_i < (*o_row_count); l_i++) { if ( l_row_idx_id[l_i] == 0 ) { (*o_row_idx)[l_i+1] = (*o_row_idx)[l_i]; } } if ( l_row_idx_id != NULL ) { free( l_row_idx_id ); } }",visit repo url,samples/edge/edge_proxy_common.c,https://github.com/hfp/libxsmm,216612051797088,1 4664,['CWE-399'],"static inline int ext4_is_group_locked(struct super_block *sb, ext4_group_t group) { struct ext4_group_info *grinfo = ext4_get_group_info(sb, group); return bit_spin_is_locked(EXT4_GROUP_INFO_LOCKED_BIT, &(grinfo->bb_state));",linux-2.6,,,133916057809430357542519416732125771983,0 6041,['CWE-200'],"ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen, int scope, u32 flags) { struct inet6_ifaddr *ifa = NULL; struct rt6_info *rt; int hash; int err = 0; read_lock_bh(&addrconf_lock); if (idev->dead) { err = -ENODEV; goto out2; } write_lock(&addrconf_hash_lock); if (ipv6_chk_same_addr(addr, idev->dev)) { ADBG((""ipv6_add_addr: already assigned\n"")); err = -EEXIST; goto out; } ifa = kmalloc(sizeof(struct inet6_ifaddr), GFP_ATOMIC); if (ifa == NULL) { ADBG((""ipv6_add_addr: malloc failed\n"")); err = -ENOBUFS; goto out; } rt = addrconf_dst_alloc(idev, addr, 0); if (IS_ERR(rt)) { err = PTR_ERR(rt); goto out; } memset(ifa, 0, sizeof(struct inet6_ifaddr)); ipv6_addr_copy(&ifa->addr, addr); spin_lock_init(&ifa->lock); init_timer(&ifa->timer); ifa->timer.data = (unsigned long) ifa; ifa->scope = scope; ifa->prefix_len = pfxlen; ifa->flags = flags | IFA_F_TENTATIVE; ifa->cstamp = ifa->tstamp = jiffies; ifa->idev = idev; in6_dev_hold(idev); in6_ifa_hold(ifa); hash = ipv6_addr_hash(addr); ifa->lst_next = inet6_addr_lst[hash]; inet6_addr_lst[hash] = ifa; in6_ifa_hold(ifa); write_unlock(&addrconf_hash_lock); write_lock(&idev->lock); ifa->if_next = idev->addr_list; idev->addr_list = ifa; #ifdef CONFIG_IPV6_PRIVACY if (ifa->flags&IFA_F_TEMPORARY) { ifa->tmp_next = idev->tempaddr_list; idev->tempaddr_list = ifa; in6_ifa_hold(ifa); } #endif ifa->rt = rt; in6_ifa_hold(ifa); write_unlock(&idev->lock); out2: read_unlock_bh(&addrconf_lock); if (likely(err == 0)) notifier_call_chain(&inet6addr_chain, NETDEV_UP, ifa); else { kfree(ifa); ifa = ERR_PTR(err); } return ifa; out: write_unlock(&addrconf_hash_lock); goto out2; }",linux-2.6,,,7419761264726417791215264871818051445,0 4546,CWE-121,"static GF_Err xml_sax_parse(GF_SAXParser *parser, Bool force_parse) { u32 i = 0; Bool is_text; u32 is_end; u8 c; char *elt, sep; u32 cdata_sep; while (parser->current_posline_size) { if (!force_parse && parser->suspended) goto exit; restart: is_text = GF_FALSE; switch (parser->sax_state) { case SAX_STATE_TEXT_CONTENT: is_text = GF_TRUE; case SAX_STATE_ELEMENT: elt = NULL; i=0; while ((c = parser->buffer[parser->current_pos+i]) !='<') { if ((parser->init_state==2) && (c ==']')) { parser->sax_state = SAX_STATE_ATT_NAME; parser->current_pos+=i+1; goto restart; } i++; if (c=='\n') parser->line++; if (is_text) { if (c=='&') parser->text_check_escapes |= 1; else if (c==';') parser->text_check_escapes |= 2; } if (parser->current_pos+i==parser->line_size) { if ((parser->line_size>=2*XML_INPUT_SIZE) && !parser->init_state) parser->sax_state = SAX_STATE_SYNTAX_ERROR; goto exit; } } if (is_text && i) { u32 has_esc = parser->text_check_escapes; xml_sax_store_text(parser, i); parser->text_check_escapes = has_esc; parser->sax_state = SAX_STATE_ELEMENT; } else if (i) { parser->current_pos += i; assert(parser->current_pos < parser->line_size); } is_end = 0; i = 0; cdata_sep = 0; while (1) { c = parser->buffer[parser->current_pos+1+i]; if (!strncmp(parser->buffer+parser->current_pos+1+i, ""!--"", 3)) { parser->sax_state = SAX_STATE_COMMENT; i += 3; break; } if (!c) { goto exit; } if ((c=='\t') || (c=='\r') || (c==' ') ) { if (i) break; else parser->current_pos++; } else if (c=='\n') { parser->line++; if (i) break; else parser->current_pos++; } else if (c=='>') break; else if (c=='=') break; else if (c=='[') { i++; if (!cdata_sep) cdata_sep = 1; else { break; } } else if (c=='/') { is_end = !i ? 1 : 2; i++; } else if (c=='<') { if (parser->sax_state != SAX_STATE_COMMENT) { parser->sax_state = SAX_STATE_SYNTAX_ERROR; return GF_CORRUPTED_DATA; } } else { i++; } if (parser->current_pos+1+i==parser->line_size) { goto exit; } } if (i) { parser->elt_name_start = parser->current_pos+1 + 1; if (is_end==1) parser->elt_name_start ++; if (is_end==2) parser->elt_name_end = parser->current_pos+1+i; else parser->elt_name_end = parser->current_pos+1+i + 1; } if (is_end) { xml_sax_flush_text(parser); parser->elt_end_pos = parser->file_pos + parser->current_pos + i; if (is_end==2) { parser->sax_state = SAX_STATE_ELEMENT; xml_sax_node_start(parser); xml_sax_node_end(parser, GF_FALSE); } else { parser->elt_end_pos += parser->elt_name_end - parser->elt_name_start; xml_sax_node_end(parser, GF_TRUE); } if (parser->sax_state == SAX_STATE_SYNTAX_ERROR) break; parser->current_pos+=2+i; parser->sax_state = SAX_STATE_TEXT_CONTENT; break; } if (!parser->elt_name_end) { return GF_CORRUPTED_DATA; } sep = parser->buffer[parser->elt_name_end-1]; parser->buffer[parser->elt_name_end-1] = 0; elt = parser->buffer + parser->elt_name_start-1; parser->sax_state = SAX_STATE_ATT_NAME; assert(parser->elt_start_pos <= parser->file_pos + parser->current_pos); parser->elt_start_pos = parser->file_pos + parser->current_pos; if (!strncmp(elt, ""!--"", 3)) { xml_sax_flush_text(parser); parser->sax_state = SAX_STATE_COMMENT; if (i>3) parser->current_pos -= (i-3); } else if (!strcmp(elt, ""?xml"")) parser->init_state = 1; else if (!strcmp(elt, ""!DOCTYPE"")) parser->init_state = 2; else if (!strcmp(elt, ""!ENTITY"")) parser->sax_state = SAX_STATE_ENTITY; else if (!strcmp(elt, ""!ATTLIST"") || !strcmp(elt, ""!ELEMENT"")) parser->sax_state = SAX_STATE_SKIP_DOCTYPE; else if (!strcmp(elt, ""![CDATA["")) parser->sax_state = SAX_STATE_CDATA; else if (elt[0]=='?') { i--; parser->sax_state = SAX_STATE_XML_PROC; } else { xml_sax_flush_text(parser); if (parser->init_state) { parser->init_state = 0; if (gf_list_count(parser->entities)) { char *orig_buf; GF_Err e; parser->buffer[parser->elt_name_end-1] = sep; orig_buf = gf_strdup(parser->buffer + parser->current_pos); parser->current_pos = 0; parser->line_size = 0; parser->elt_start_pos = 0; parser->sax_state = SAX_STATE_TEXT_CONTENT; e = gf_xml_sax_parse_intern(parser, orig_buf); gf_free(orig_buf); return e; } } } parser->current_pos+=1+i; parser->buffer[parser->elt_name_end-1] = sep; break; case SAX_STATE_COMMENT: if (!xml_sax_parse_comments(parser)) { xml_sax_swap(parser); goto exit; } break; case SAX_STATE_ATT_NAME: case SAX_STATE_ATT_VALUE: if (xml_sax_parse_attribute(parser)) goto exit; break; case SAX_STATE_ENTITY: xml_sax_parse_entity(parser); break; case SAX_STATE_SKIP_DOCTYPE: xml_sax_skip_doctype(parser); break; case SAX_STATE_XML_PROC: xml_sax_skip_xml_proc(parser); break; case SAX_STATE_CDATA: xml_sax_cdata(parser); break; case SAX_STATE_SYNTAX_ERROR: return GF_CORRUPTED_DATA; case SAX_STATE_ALLOC_ERROR: return GF_OUT_OF_MEM; case SAX_STATE_DONE: return GF_EOS; } } exit: #if 0 if (is_text) { if (i) xml_sax_store_text(parser, i); } #endif xml_sax_swap(parser); if (parser->sax_state==SAX_STATE_SYNTAX_ERROR) return GF_CORRUPTED_DATA; else return GF_OK; }",visit repo url,src/utils/xml_parser.c,https://github.com/gpac/gpac,171884135571159,1 3191,CWE-125,"parse_elements(netdissect_options *ndo, struct mgmt_body_t *pbody, const u_char *p, int offset, u_int length) { u_int elementlen; struct ssid_t ssid; struct challenge_t challenge; struct rates_t rates; struct ds_t ds; struct cf_t cf; struct tim_t tim; pbody->challenge_present = 0; pbody->ssid_present = 0; pbody->rates_present = 0; pbody->ds_present = 0; pbody->cf_present = 0; pbody->tim_present = 0; while (length != 0) { if (!ND_TTEST2(*(p + offset), 2)) return 0; if (length < 2) return 0; elementlen = *(p + offset + 1); if (!ND_TTEST2(*(p + offset + 2), elementlen)) return 0; if (length < elementlen + 2) return 0; switch (*(p + offset)) { case E_SSID: memcpy(&ssid, p + offset, 2); offset += 2; length -= 2; if (ssid.length != 0) { if (ssid.length > sizeof(ssid.ssid) - 1) return 0; if (!ND_TTEST2(*(p + offset), ssid.length)) return 0; if (length < ssid.length) return 0; memcpy(&ssid.ssid, p + offset, ssid.length); offset += ssid.length; length -= ssid.length; } ssid.ssid[ssid.length] = '\0'; if (!pbody->ssid_present) { pbody->ssid = ssid; pbody->ssid_present = 1; } break; case E_CHALLENGE: memcpy(&challenge, p + offset, 2); offset += 2; length -= 2; if (challenge.length != 0) { if (challenge.length > sizeof(challenge.text) - 1) return 0; if (!ND_TTEST2(*(p + offset), challenge.length)) return 0; if (length < challenge.length) return 0; memcpy(&challenge.text, p + offset, challenge.length); offset += challenge.length; length -= challenge.length; } challenge.text[challenge.length] = '\0'; if (!pbody->challenge_present) { pbody->challenge = challenge; pbody->challenge_present = 1; } break; case E_RATES: memcpy(&rates, p + offset, 2); offset += 2; length -= 2; if (rates.length != 0) { if (rates.length > sizeof rates.rate) return 0; if (!ND_TTEST2(*(p + offset), rates.length)) return 0; if (length < rates.length) return 0; memcpy(&rates.rate, p + offset, rates.length); offset += rates.length; length -= rates.length; } if (!pbody->rates_present && rates.length != 0) { pbody->rates = rates; pbody->rates_present = 1; } break; case E_DS: memcpy(&ds, p + offset, 2); offset += 2; length -= 2; if (ds.length != 1) { offset += ds.length; length -= ds.length; break; } ds.channel = *(p + offset); offset += 1; length -= 1; if (!pbody->ds_present) { pbody->ds = ds; pbody->ds_present = 1; } break; case E_CF: memcpy(&cf, p + offset, 2); offset += 2; length -= 2; if (cf.length != 6) { offset += cf.length; length -= cf.length; break; } memcpy(&cf.count, p + offset, 6); offset += 6; length -= 6; if (!pbody->cf_present) { pbody->cf = cf; pbody->cf_present = 1; } break; case E_TIM: memcpy(&tim, p + offset, 2); offset += 2; length -= 2; if (tim.length <= 3) { offset += tim.length; length -= tim.length; break; } if (tim.length - 3 > (int)sizeof tim.bitmap) return 0; memcpy(&tim.count, p + offset, 3); offset += 3; length -= 3; memcpy(tim.bitmap, p + (tim.length - 3), (tim.length - 3)); offset += tim.length - 3; length -= tim.length - 3; if (!pbody->tim_present) { pbody->tim = tim; pbody->tim_present = 1; } break; default: #if 0 ND_PRINT((ndo, ""(1) unhandled element_id (%d) "", *(p + offset))); #endif offset += 2 + elementlen; length -= 2 + elementlen; break; } } return 1; }",visit repo url,print-802_11.c,https://github.com/the-tcpdump-group/tcpdump,365998608533,1 1202,['CWE-189'],"long __sched hrtimer_nanosleep_restart(struct restart_block *restart) { struct hrtimer_sleeper t; struct timespec __user *rmtp; struct timespec tu; ktime_t time; restart->fn = do_no_restart_syscall; hrtimer_init(&t.timer, restart->arg0, HRTIMER_MODE_ABS); t.timer.expires.tv64 = ((u64)restart->arg3 << 32) | (u64) restart->arg2; if (do_nanosleep(&t, HRTIMER_MODE_ABS)) return 0; rmtp = (struct timespec __user *) restart->arg1; if (rmtp) { time = ktime_sub(t.timer.expires, t.timer.base->get_time()); if (time.tv64 <= 0) return 0; tu = ktime_to_timespec(time); if (copy_to_user(rmtp, &tu, sizeof(tu))) return -EFAULT; } restart->fn = hrtimer_nanosleep_restart; return -ERESTART_RESTARTBLOCK; }",linux-2.6,,,125577907863200840553745043086894704328,0 4277,CWE-400,"static void read_module(RBuffer *b, ut64 addr, struct minidump_module *module) { st64 o_addr = r_buf_seek (b, 0, R_BUF_CUR); r_buf_seek (b, addr, R_BUF_SET); module->base_of_image = r_buf_read_le64 (b); module->size_of_image = r_buf_read_le32 (b); module->check_sum = r_buf_read_le32 (b); module->time_date_stamp = r_buf_read_le32 (b); module->module_name_rva = r_buf_read_le32 (b); module->version_info.dw_signature = r_buf_read_le32 (b); module->version_info.dw_struc_version = r_buf_read_le32 (b); module->version_info.dw_file_version_ms = r_buf_read_le32 (b); module->version_info.dw_file_version_ls = r_buf_read_le32 (b); module->version_info.dw_product_version_ms = r_buf_read_le32 (b); module->version_info.dw_product_version_ls = r_buf_read_le32 (b); module->version_info.dw_file_flags_mask = r_buf_read_le32 (b); module->version_info.dw_file_flags = r_buf_read_le32 (b); module->version_info.dw_file_os = r_buf_read_le32 (b); module->version_info.dw_file_type = r_buf_read_le32 (b); module->version_info.dw_file_subtype = r_buf_read_le32 (b); module->version_info.dw_file_date_ms = r_buf_read_le32 (b); module->version_info.dw_file_date_ls = r_buf_read_le32 (b); module->cv_record.data_size = r_buf_read_le32 (b); module->cv_record.rva = r_buf_read_le32 (b); module->misc_record.data_size = r_buf_read_le32 (b); module->misc_record.rva = r_buf_read_le32 (b); module->reserved_0 = r_buf_read_le64 (b); module->reserved_1 = r_buf_read_le64 (b); r_buf_seek (b, o_addr, R_BUF_SET); }",visit repo url,libr/bin/format/mdmp/mdmp.c,https://github.com/radareorg/radare2,273311125550999,1 1774,NVD-CWE-Other,"static int mct_u232_port_probe(struct usb_serial_port *port) { struct mct_u232_private *priv; priv = kzalloc(sizeof(*priv), GFP_KERNEL); if (!priv) return -ENOMEM; priv->read_urb = port->serial->port[1]->interrupt_in_urb; priv->read_urb->context = port; spin_lock_init(&priv->lock); usb_set_serial_port_data(port, priv); return 0; }",visit repo url,drivers/usb/serial/mct_u232.c,https://github.com/torvalds/linux,103525171502100,1 2069,CWE-787,"int sr_do_ioctl(Scsi_CD *cd, struct packet_command *cgc) { struct scsi_device *SDev; struct scsi_sense_hdr sshdr; int result, err = 0, retries = 0; SDev = cd->device; retry: if (!scsi_block_when_processing_errors(SDev)) { err = -ENODEV; goto out; } result = scsi_execute(SDev, cgc->cmd, cgc->data_direction, cgc->buffer, cgc->buflen, (unsigned char *)cgc->sense, &sshdr, cgc->timeout, IOCTL_RETRIES, 0, 0, NULL); if (driver_byte(result) != 0) { switch (sshdr.sense_key) { case UNIT_ATTENTION: SDev->changed = 1; if (!cgc->quiet) sr_printk(KERN_INFO, cd, ""disc change detected.\n""); if (retries++ < 10) goto retry; err = -ENOMEDIUM; break; case NOT_READY: if (sshdr.asc == 0x04 && sshdr.ascq == 0x01) { if (!cgc->quiet) sr_printk(KERN_INFO, cd, ""CDROM not ready yet.\n""); if (retries++ < 10) { ssleep(2); goto retry; } else { err = -ENOMEDIUM; break; } } if (!cgc->quiet) sr_printk(KERN_INFO, cd, ""CDROM not ready. Make sure there "" ""is a disc in the drive.\n""); err = -ENOMEDIUM; break; case ILLEGAL_REQUEST: err = -EIO; if (sshdr.asc == 0x20 && sshdr.ascq == 0x00) err = -EDRIVE_CANT_DO_THIS; break; default: err = -EIO; } } out: cgc->stat = err; return err; }",visit repo url,drivers/scsi/sr_ioctl.c,https://github.com/torvalds/linux,270497617931268,1 779,CWE-20,"static int pfkey_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct pfkey_sock *pfk = pfkey_sk(sk); struct sk_buff *skb; int copied, err; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) goto out; msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); err = (flags & MSG_TRUNC) ? skb->len : copied; if (pfk->dump.dump != NULL && 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) pfkey_do_dump(pfk); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/key/af_key.c,https://github.com/torvalds/linux,186000895945295,1 1112,['CWE-399'],"restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc, unsigned long *prax) { unsigned int err = 0; current_thread_info()->restart_block.fn = do_no_restart_syscall; #define COPY(x) err |= __get_user(regs->x, &sc->x) COPY(di); COPY(si); COPY(bp); COPY(sp); COPY(bx); COPY(dx); COPY(cx); COPY(ip); COPY(r8); COPY(r9); COPY(r10); COPY(r11); COPY(r12); COPY(r13); COPY(r14); COPY(r15); { unsigned cs; err |= __get_user(cs, &sc->cs); regs->cs = cs | 3; } { unsigned int tmpflags; err |= __get_user(tmpflags, &sc->flags); regs->flags = (regs->flags & ~0x40DD5) | (tmpflags & 0x40DD5); regs->orig_ax = -1; } { struct _fpstate __user * buf; err |= __get_user(buf, &sc->fpstate); if (buf) { if (!access_ok(VERIFY_READ, buf, sizeof(*buf))) goto badframe; err |= restore_i387(buf); } else { struct task_struct *me = current; if (used_math()) { clear_fpu(me); clear_used_math(); } } } err |= __get_user(*prax, &sc->ax); return err; badframe: return 1; }",linux-2.6,,,137849556249714801277311923425592189662,0 971,['CWE-189'],"SShmCompletionEvent(from, to) xShmCompletionEvent *from, *to; { to->type = from->type; cpswaps(from->sequenceNumber, to->sequenceNumber); cpswapl(from->drawable, to->drawable); cpswaps(from->minorEvent, to->minorEvent); to->majorEvent = from->majorEvent; cpswapl(from->shmseg, to->shmseg); cpswapl(from->offset, to->offset); }",xserver,,,83931036054484985800399491374839338829,0 5252,['CWE-264'],"NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, SEC_DESC *psd) { DOM_SID owner_sid; DOM_SID grp_sid; *puser = (uid_t)-1; *pgrp = (gid_t)-1; if(security_info_sent == 0) { DEBUG(0,(""unpack_nt_owners: no security info sent !\n"")); return NT_STATUS_OK; } memset(&owner_sid, '\0', sizeof(owner_sid)); memset(&grp_sid, '\0', sizeof(grp_sid)); DEBUG(5,(""unpack_nt_owners: validating owner_sids.\n"")); if (security_info_sent & OWNER_SECURITY_INFORMATION) { sid_copy(&owner_sid, psd->owner_sid); if (!sid_to_uid(&owner_sid, puser)) { if (lp_force_unknown_acl_user(snum)) { *puser = current_user.ut.uid; } else { DEBUG(3,(""unpack_nt_owners: unable to validate"" "" owner sid for %s\n"", sid_string_dbg(&owner_sid))); return NT_STATUS_INVALID_OWNER; } } DEBUG(3,(""unpack_nt_owners: owner sid mapped to uid %u\n"", (unsigned int)*puser )); } if (security_info_sent & GROUP_SECURITY_INFORMATION) { sid_copy(&grp_sid, psd->group_sid); if (!sid_to_gid( &grp_sid, pgrp)) { if (lp_force_unknown_acl_user(snum)) { *pgrp = current_user.ut.gid; } else { DEBUG(3,(""unpack_nt_owners: unable to validate"" "" group sid.\n"")); return NT_STATUS_INVALID_OWNER; } } DEBUG(3,(""unpack_nt_owners: group sid mapped to gid %u\n"", (unsigned int)*pgrp)); } DEBUG(5,(""unpack_nt_owners: owner_sids validated.\n"")); return NT_STATUS_OK; }",samba,,,34846126819966779973997006988951321590,0 2583,CWE-125,"messageFindArgument(const message *m, const char *variable) { int i; size_t len; assert(m != NULL); assert(variable != NULL); len = strlen(variable); for(i = 0; i < m->numberOfArguments; i++) { const char *ptr; ptr = messageGetArgument(m, i); if((ptr == NULL) || (*ptr == '\0')) continue; #ifdef CL_DEBUG cli_dbgmsg(""messageFindArgument: compare %lu bytes of %s with %s\n"", (unsigned long)len, variable, ptr); #endif if(strncasecmp(ptr, variable, len) == 0) { ptr = &ptr[len]; while(isspace(*ptr)) ptr++; if(*ptr != '=') { cli_dbgmsg(""messageFindArgument: no '=' sign found in MIME header '%s' (%s)\n"", variable, messageGetArgument(m, i)); return NULL; } if((*++ptr == '""') && (strchr(&ptr[1], '""') != NULL)) { char *ret = cli_strdup(++ptr); char *p; if(ret == NULL) return NULL; if((p = strchr(ret, '""')) != NULL) { ret[strlen(ret) - 1] = '\0'; *p = '\0'; } return ret; } return cli_strdup(ptr); } } return NULL; }",visit repo url,libclamav/message.c,https://github.com/vrtadmin/clamav-devel,218187659916031,1 3292,CWE-400,"_hivex_get_children (hive_h *h, hive_node_h node, hive_node_h **children_ret, size_t **blocks_ret, int flags) { if (!IS_VALID_BLOCK (h, node) || !block_id_eq (h, node, ""nk"")) { SET_ERRNO (EINVAL, ""invalid block or not an 'nk' block""); return -1; } struct ntreg_nk_record *nk = (struct ntreg_nk_record *) ((char *) h->addr + node); size_t nr_subkeys_in_nk = le32toh (nk->nr_subkeys); offset_list children, blocks; _hivex_init_offset_list (h, &children); _hivex_init_offset_list (h, &blocks); if (nr_subkeys_in_nk == 0) goto out; if (nr_subkeys_in_nk > HIVEX_MAX_SUBKEYS) { SET_ERRNO (ERANGE, ""nr_subkeys_in_nk > HIVEX_MAX_SUBKEYS (%zu > %d)"", nr_subkeys_in_nk, HIVEX_MAX_SUBKEYS); goto error; } _hivex_set_offset_list_limit (&children, nr_subkeys_in_nk); _hivex_set_offset_list_limit (&blocks, HIVEX_MAX_SUBKEYS); if (_hivex_grow_offset_list (&children, nr_subkeys_in_nk) == -1) goto error; size_t subkey_lf = le32toh (nk->subkey_lf); subkey_lf += 0x1000; if (!IS_VALID_BLOCK (h, subkey_lf)) { SET_ERRNO (EFAULT, ""subkey_lf is not a valid block (0x%zx)"", subkey_lf); goto error; } if (_get_children (h, subkey_lf, &children, &blocks, flags) == -1) goto error; size_t nr_children = _hivex_get_offset_list_length (&children); if (nr_subkeys_in_nk != nr_children) { if (!h->unsafe) { SET_ERRNO (ENOTSUP, ""nr_subkeys_in_nk = %zu "" ""is not equal to number of children read %zu"", nr_subkeys_in_nk, nr_children); goto error; } else { DEBUG (2, ""nr_subkeys_in_nk = %zu "" ""is not equal to number of children read %zu"", nr_subkeys_in_nk, nr_children); } } out: #if 0 if (h->msglvl >= 2) { fprintf (stderr, ""%s: %s: children = "", ""hivex"", __func__); _hivex_print_offset_list (&children, stderr); fprintf (stderr, ""\n%s: %s: blocks = "", ""hivex"", __func__); _hivex_print_offset_list (&blocks, stderr); fprintf (stderr, ""\n""); } #endif *children_ret = _hivex_return_offset_list (&children); *blocks_ret = _hivex_return_offset_list (&blocks); if (!*children_ret || !*blocks_ret) goto error; return 0; error: _hivex_free_offset_list (&children); _hivex_free_offset_list (&blocks); return -1; }",visit repo url,lib/node.c,https://github.com/libguestfs/hivex,120941770873588,1 4220,CWE-125,"ut32 armass_assemble(const char *str, ut64 off, int thumb) { int i, j; char buf[128]; ArmOpcode aop = {.off = off}; for (i = j = 0; i < sizeof (buf) - 1 && str[i]; i++, j++) { if (str[j] == '#') { i--; continue; } buf[i] = tolower ((const ut8)str[j]); } buf[i] = 0; arm_opcode_parse (&aop, buf); aop.off = off; if (thumb < 0 || thumb > 1) { return -1; } if (!assemble[thumb] (&aop, off, buf)) { return -1; } return aop.o; }",visit repo url,libr/asm/arch/arm/armass.c,https://github.com/radareorg/radare2,151452135822034,1 636,CWE-20,"int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; struct sk_buff *skb; unsigned int ulen, copied; int peeked, off = 0; int err; int is_udplite = IS_UDPLITE(sk); bool slow; if (addr_len) *addr_len = sizeof(*sin); if (flags & MSG_ERRQUEUE) return ip_recv_error(sk, msg, len); try_again: skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), &peeked, &off, &err); if (!skb) goto out; ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) copied = ulen; else if (copied < ulen) msg->msg_flags |= MSG_TRUNC; if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { if (udp_lib_checksum_complete(skb)) goto csum_copy_err; } if (skb_csum_unnecessary(skb)) err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov, copied); else { err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (unlikely(err)) { trace_kfree_skb(skb, udp_recvmsg); if (!peeked) { atomic_inc(&sk->sk_drops); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } goto out_free; } if (!peeked) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); sock_recv_ts_and_drops(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_port = udp_hdr(skb)->source; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); } if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); err = copied; if (flags & MSG_TRUNC) err = ulen; out_free: skb_free_datagram_locked(sk, skb); out: return err; csum_copy_err: slow = lock_sock_fast(sk); if (!skb_kill_datagram(sk, skb, flags)) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } unlock_sock_fast(sk, slow); if (noblock) return -EAGAIN; msg->msg_flags &= ~MSG_TRUNC; goto try_again; }",visit repo url,net/ipv4/udp.c,https://github.com/torvalds/linux,230432308321716,1 4358,['CWE-399'],"long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) { struct key *key; key_ref_t key_ref; long ret; key_ref = lookup_user_key(keyid, 0, 0, 0); if (IS_ERR(key_ref)) { ret = -ENOKEY; goto error; } key = key_ref_to_ptr(key_ref); ret = key_permission(key_ref, KEY_READ); if (ret == 0) goto can_read_key; if (ret != -EACCES) goto error; if (!is_key_possessed(key_ref)) { ret = -EACCES; goto error2; } can_read_key: ret = key_validate(key); if (ret == 0) { ret = -EOPNOTSUPP; if (key->type->read) { down_read(&key->sem); ret = key->type->read(key, buffer, buflen); up_read(&key->sem); } } error2: key_put(key); error: return ret; } ",linux-2.6,,,217878458675036046127543441244995691868,0 5365,CWE-787,"void pdf_get_version(FILE *fp, pdf_t *pdf) { char *header, *c; header = get_header(fp); if ((c = strstr(header, ""%PDF-"")) && (c + strlen(""%PDF-M.m"") + 2)) { pdf->pdf_major_version = atoi(c + strlen(""%PDF-"")); pdf->pdf_minor_version = atoi(c + strlen(""%PDF-M."")); } free(header); }",visit repo url,pdf.c,https://github.com/enferex/pdfresurrect,210209164960266,1 6623,['CWE-200'],"create_system_action_button (const char *name, const char *auth_label, const char *auth_tooltip, const char *label, const char *tooltip, const char *stock_icon, const char *auth_icon, GCallback result_callback, GtkWidget *hbox, PolKitGnomeAction **out_action, gpointer user_data) { PolKitGnomeAction *action; GtkWidget *button; action = polkit_gnome_action_new (name); g_object_set (action, ""polkit-action"", NULL, ""self-blocked-visible"", TRUE, ""self-blocked-sensitive"", FALSE, ""self-blocked-short-label"", label, ""self-blocked-label"", label, ""self-blocked-tooltip"", tooltip, ""self-blocked-icon-name"", stock_icon, ""no-visible"", TRUE, ""no-sensitive"", FALSE, ""no-short-label"", label, ""no-label"", label, ""no-tooltip"", tooltip, ""no-icon-name"", stock_icon, ""auth-visible"", TRUE, ""auth-sensitive"", TRUE, ""auth-short-label"", auth_label, ""auth-label"", auth_label, ""auth-tooltip"", auth_tooltip, ""auth-icon-name"", auth_icon, ""yes-visible"", TRUE, ""yes-sensitive"", TRUE, ""yes-short-label"", label, ""yes-label"", label, ""yes-tooltip"", tooltip, ""yes-icon-name"", stock_icon, ""master-visible"", TRUE, ""master-sensitive"", TRUE, NULL); g_signal_connect (action, ""polkit-result-changed"", G_CALLBACK (result_callback), user_data); button = polkit_gnome_action_create_button (action); gtk_box_pack_end (GTK_BOX (hbox), button, TRUE, TRUE, 0); *out_action = action; return button; }",network-manager-applet,,,302781901796472190206984186891137743609,0 3837,CWE-122,"do_put( int regname, char_u *expr_result, int dir, long count, int flags) { char_u *ptr; char_u *newp, *oldp; int yanklen; int totlen = 0; linenr_T lnum; colnr_T col; long i; int y_type; long y_size; int oldlen; long y_width = 0; colnr_T vcol; int delcount; int incr = 0; long j; struct block_def bd; char_u **y_array = NULL; yankreg_T *y_current_used = NULL; long nr_lines = 0; pos_T new_cursor; int indent; int orig_indent = 0; int indent_diff = 0; int first_indent = TRUE; int lendiff = 0; pos_T old_pos; char_u *insert_string = NULL; int allocated = FALSE; long cnt; pos_T orig_start = curbuf->b_op_start; pos_T orig_end = curbuf->b_op_end; unsigned int cur_ve_flags = get_ve_flags(); #ifdef FEAT_CLIPBOARD adjust_clip_reg(®name); (void)may_get_selection(regname); #endif if (flags & PUT_FIXINDENT) orig_indent = get_indent(); curbuf->b_op_start = curwin->w_cursor; curbuf->b_op_end = curwin->w_cursor; if (regname == '.') { if (VIsual_active) stuffcharReadbuff(VIsual_mode); (void)stuff_inserted((dir == FORWARD ? (count == -1 ? 'o' : 'a') : (count == -1 ? 'O' : 'i')), count, FALSE); if ((flags & PUT_CURSEND) && gchar_cursor() != NUL) stuffcharReadbuff('l'); return; } if (regname == '=' && expr_result != NULL) insert_string = expr_result; else if (get_spec_reg(regname, &insert_string, &allocated, TRUE) && insert_string == NULL) return; if (u_save(curwin->w_cursor.lnum, curwin->w_cursor.lnum + 1) == FAIL) goto end; if (insert_string != NULL) { y_type = MCHAR; #ifdef FEAT_EVAL if (regname == '=') { for (;;) { y_size = 0; ptr = insert_string; while (ptr != NULL) { if (y_array != NULL) y_array[y_size] = ptr; ++y_size; ptr = vim_strchr(ptr, '\n'); if (ptr != NULL) { if (y_array != NULL) *ptr = NUL; ++ptr; if (*ptr == NUL) { y_type = MLINE; break; } } } if (y_array != NULL) break; y_array = ALLOC_MULT(char_u *, y_size); if (y_array == NULL) goto end; } } else #endif { y_size = 1; y_array = &insert_string; } } else { get_yank_register(regname, FALSE); y_type = y_current->y_type; y_width = y_current->y_width; y_size = y_current->y_size; y_array = y_current->y_array; y_current_used = y_current; } if (y_type == MLINE) { if (flags & PUT_LINE_SPLIT) { char_u *p; if (u_save_cursor() == FAIL) goto end; p = ml_get_cursor(); if (dir == FORWARD && *p != NUL) MB_PTR_ADV(p); ptr = vim_strsave(p); if (ptr == NULL) goto end; ml_append(curwin->w_cursor.lnum, ptr, (colnr_T)0, FALSE); vim_free(ptr); oldp = ml_get_curline(); p = oldp + curwin->w_cursor.col; if (dir == FORWARD && *p != NUL) MB_PTR_ADV(p); ptr = vim_strnsave(oldp, p - oldp); if (ptr == NULL) goto end; ml_replace(curwin->w_cursor.lnum, ptr, FALSE); ++nr_lines; dir = FORWARD; } if (flags & PUT_LINE_FORWARD) { curwin->w_cursor = curbuf->b_visual.vi_end; dir = FORWARD; } curbuf->b_op_start = curwin->w_cursor; curbuf->b_op_end = curwin->w_cursor; } if (flags & PUT_LINE) y_type = MLINE; if (y_size == 0 || y_array == NULL) { semsg(_(e_nothing_in_register_str), regname == 0 ? (char_u *)""\"""" : transchar(regname)); goto end; } if (y_type == MBLOCK) { lnum = curwin->w_cursor.lnum + y_size + 1; if (lnum > curbuf->b_ml.ml_line_count) lnum = curbuf->b_ml.ml_line_count + 1; if (u_save(curwin->w_cursor.lnum - 1, lnum) == FAIL) goto end; } else if (y_type == MLINE) { lnum = curwin->w_cursor.lnum; #ifdef FEAT_FOLDING if (dir == BACKWARD) (void)hasFolding(lnum, &lnum, NULL); else (void)hasFolding(lnum, NULL, &lnum); #endif if (dir == FORWARD) ++lnum; if ((BUFEMPTY() ? u_save(0, 2) : u_save(lnum - 1, lnum)) == FAIL) goto end; #ifdef FEAT_FOLDING if (dir == FORWARD) curwin->w_cursor.lnum = lnum - 1; else curwin->w_cursor.lnum = lnum; curbuf->b_op_start = curwin->w_cursor; #endif } else if (u_save_cursor() == FAIL) goto end; yanklen = (int)STRLEN(y_array[0]); if (cur_ve_flags == VE_ALL && y_type == MCHAR) { if (gchar_cursor() == TAB) { int viscol = getviscol(); int ts = curbuf->b_p_ts; if (dir == FORWARD ? #ifdef FEAT_VARTABS tabstop_padding(viscol, ts, curbuf->b_p_vts_array) != 1 #else ts - (viscol % ts) != 1 #endif : curwin->w_cursor.coladd > 0) coladvance_force(viscol); else curwin->w_cursor.coladd = 0; } else if (curwin->w_cursor.coladd > 0 || gchar_cursor() == NUL) coladvance_force(getviscol() + (dir == FORWARD)); } lnum = curwin->w_cursor.lnum; col = curwin->w_cursor.col; if (y_type == MBLOCK) { int c = gchar_cursor(); colnr_T endcol2 = 0; if (dir == FORWARD && c != NUL) { if (cur_ve_flags == VE_ALL) getvcol(curwin, &curwin->w_cursor, &col, NULL, &endcol2); else getvcol(curwin, &curwin->w_cursor, NULL, NULL, &col); if (has_mbyte) curwin->w_cursor.col += (*mb_ptr2len)(ml_get_cursor()); else if (c != TAB || cur_ve_flags != VE_ALL) ++curwin->w_cursor.col; ++col; } else getvcol(curwin, &curwin->w_cursor, &col, NULL, &endcol2); col += curwin->w_cursor.coladd; if (cur_ve_flags == VE_ALL && (curwin->w_cursor.coladd > 0 || endcol2 == curwin->w_cursor.col)) { if (dir == FORWARD && c == NUL) ++col; if (dir != FORWARD && c != NUL && curwin->w_cursor.coladd > 0) ++curwin->w_cursor.col; if (c == TAB) { if (dir == BACKWARD && curwin->w_cursor.col) curwin->w_cursor.col--; if (dir == FORWARD && col - 1 == endcol2) curwin->w_cursor.col++; } } curwin->w_cursor.coladd = 0; bd.textcol = 0; for (i = 0; i < y_size; ++i) { int spaces = 0; char shortline; bd.startspaces = 0; bd.endspaces = 0; vcol = 0; delcount = 0; if (curwin->w_cursor.lnum > curbuf->b_ml.ml_line_count) { if (ml_append(curbuf->b_ml.ml_line_count, (char_u *)"""", (colnr_T)1, FALSE) == FAIL) break; ++nr_lines; } oldp = ml_get_curline(); oldlen = (int)STRLEN(oldp); for (ptr = oldp; vcol < col && *ptr; ) { incr = lbr_chartabsize_adv(oldp, &ptr, vcol); vcol += incr; } bd.textcol = (colnr_T)(ptr - oldp); shortline = (vcol < col) || (vcol == col && !*ptr) ; if (vcol < col) bd.startspaces = col - vcol; else if (vcol > col) { bd.endspaces = vcol - col; bd.startspaces = incr - bd.endspaces; --bd.textcol; delcount = 1; if (has_mbyte) bd.textcol -= (*mb_head_off)(oldp, oldp + bd.textcol); if (oldp[bd.textcol] != TAB) { delcount = 0; bd.endspaces = 0; } } yanklen = (int)STRLEN(y_array[i]); if ((flags & PUT_BLOCK_INNER) == 0) { spaces = y_width + 1; for (j = 0; j < yanklen; j++) spaces -= lbr_chartabsize(NULL, &y_array[i][j], 0); if (spaces < 0) spaces = 0; } if (yanklen + spaces != 0 && count > ((INT_MAX - (bd.startspaces + bd.endspaces)) / (yanklen + spaces))) { emsg(_(e_resulting_text_too_long)); break; } totlen = count * (yanklen + spaces) + bd.startspaces + bd.endspaces; newp = alloc(totlen + oldlen + 1); if (newp == NULL) break; ptr = newp; mch_memmove(ptr, oldp, (size_t)bd.textcol); ptr += bd.textcol; vim_memset(ptr, ' ', (size_t)bd.startspaces); ptr += bd.startspaces; for (j = 0; j < count; ++j) { mch_memmove(ptr, y_array[i], (size_t)yanklen); ptr += yanklen; if ((j < count - 1 || !shortline) && spaces) { vim_memset(ptr, ' ', (size_t)spaces); ptr += spaces; } } vim_memset(ptr, ' ', (size_t)bd.endspaces); ptr += bd.endspaces; mch_memmove(ptr, oldp + bd.textcol + delcount, (size_t)(oldlen - bd.textcol - delcount + 1)); ml_replace(curwin->w_cursor.lnum, newp, FALSE); ++curwin->w_cursor.lnum; if (i == 0) curwin->w_cursor.col += bd.startspaces; } changed_lines(lnum, 0, curwin->w_cursor.lnum, nr_lines); curbuf->b_op_start = curwin->w_cursor; curbuf->b_op_start.lnum = lnum; curbuf->b_op_end.lnum = curwin->w_cursor.lnum - 1; curbuf->b_op_end.col = bd.textcol + totlen - 1; curbuf->b_op_end.coladd = 0; if (flags & PUT_CURSEND) { colnr_T len; curwin->w_cursor = curbuf->b_op_end; curwin->w_cursor.col++; len = (colnr_T)STRLEN(ml_get_curline()); if (curwin->w_cursor.col > len) curwin->w_cursor.col = len; } else curwin->w_cursor.lnum = lnum; } else { if (y_type == MCHAR) { if (dir == FORWARD && gchar_cursor() != NUL) { if (has_mbyte) { int bytelen = (*mb_ptr2len)(ml_get_cursor()); col += bytelen; if (yanklen) { curwin->w_cursor.col += bytelen; curbuf->b_op_end.col += bytelen; } } else { ++col; if (yanklen) { ++curwin->w_cursor.col; ++curbuf->b_op_end.col; } } } curbuf->b_op_start = curwin->w_cursor; } else if (dir == BACKWARD) --lnum; new_cursor = curwin->w_cursor; if (y_type == MCHAR && y_size == 1) { linenr_T end_lnum = 0; linenr_T start_lnum = lnum; int first_byte_off = 0; if (VIsual_active) { end_lnum = curbuf->b_visual.vi_end.lnum; if (end_lnum < curbuf->b_visual.vi_start.lnum) end_lnum = curbuf->b_visual.vi_start.lnum; if (end_lnum > start_lnum) { pos_T pos; pos.lnum = lnum; pos.col = col; pos.coladd = 0; getvcol(curwin, &pos, NULL, &vcol, NULL); } } if (count == 0 || yanklen == 0) { if (VIsual_active) lnum = end_lnum; } else if (count > INT_MAX / yanklen) emsg(_(e_resulting_text_too_long)); else { totlen = count * yanklen; do { oldp = ml_get(lnum); oldlen = (int)STRLEN(oldp); if (lnum > start_lnum) { pos_T pos; pos.lnum = lnum; if (getvpos(&pos, vcol) == OK) col = pos.col; else col = MAXCOL; } if (VIsual_active && col > oldlen) { lnum++; continue; } newp = alloc(totlen + oldlen + 1); if (newp == NULL) goto end; mch_memmove(newp, oldp, (size_t)col); ptr = newp + col; for (i = 0; i < count; ++i) { mch_memmove(ptr, y_array[0], (size_t)yanklen); ptr += yanklen; } STRMOVE(ptr, oldp + col); ml_replace(lnum, newp, FALSE); first_byte_off = mb_head_off(newp, ptr - 1); if (lnum == curwin->w_cursor.lnum) { changed_cline_bef_curs(); curwin->w_cursor.col += (colnr_T)(totlen - 1); } if (VIsual_active) lnum++; } while (VIsual_active && lnum <= end_lnum); if (VIsual_active) lnum--; } curbuf->b_op_end = curwin->w_cursor; curbuf->b_op_end.col -= first_byte_off; if (totlen && (restart_edit != 0 || (flags & PUT_CURSEND))) ++curwin->w_cursor.col; else curwin->w_cursor.col -= first_byte_off; changed_bytes(lnum, col); } else { linenr_T new_lnum = new_cursor.lnum; size_t len; for (cnt = 1; cnt <= count; ++cnt) { i = 0; if (y_type == MCHAR) { lnum = new_cursor.lnum; ptr = ml_get(lnum) + col; totlen = (int)STRLEN(y_array[y_size - 1]); newp = alloc(STRLEN(ptr) + totlen + 1); if (newp == NULL) goto error; STRCPY(newp, y_array[y_size - 1]); STRCAT(newp, ptr); ml_append(lnum, newp, (colnr_T)0, FALSE); ++new_lnum; vim_free(newp); oldp = ml_get(lnum); newp = alloc(col + yanklen + 1); if (newp == NULL) goto error; mch_memmove(newp, oldp, (size_t)col); mch_memmove(newp + col, y_array[0], (size_t)(yanklen + 1)); ml_replace(lnum, newp, FALSE); curwin->w_cursor.lnum = lnum; i = 1; } for (; i < y_size; ++i) { if (y_type != MCHAR || i < y_size - 1) { if (ml_append(lnum, y_array[i], (colnr_T)0, FALSE) == FAIL) goto error; new_lnum++; } lnum++; ++nr_lines; if (flags & PUT_FIXINDENT) { old_pos = curwin->w_cursor; curwin->w_cursor.lnum = lnum; ptr = ml_get(lnum); if (cnt == count && i == y_size - 1) lendiff = (int)STRLEN(ptr); if (*ptr == '#' && preprocs_left()) indent = 0; else if (*ptr == NUL) indent = 0; else if (first_indent) { indent_diff = orig_indent - get_indent(); indent = orig_indent; first_indent = FALSE; } else if ((indent = get_indent() + indent_diff) < 0) indent = 0; (void)set_indent(indent, 0); curwin->w_cursor = old_pos; if (cnt == count && i == y_size - 1) lendiff -= (int)STRLEN(ml_get(lnum)); } } if (cnt == 1) new_lnum = lnum; } error: if (y_type == MLINE) { curbuf->b_op_start.col = 0; if (dir == FORWARD) curbuf->b_op_start.lnum++; } if (curbuf->b_op_start.lnum + (y_type == MCHAR) - 1 + nr_lines < curbuf->b_ml.ml_line_count #ifdef FEAT_DIFF || curwin->w_p_diff #endif ) mark_adjust(curbuf->b_op_start.lnum + (y_type == MCHAR), (linenr_T)MAXLNUM, nr_lines, 0L); if (y_type == MCHAR) changed_lines(curwin->w_cursor.lnum, col, curwin->w_cursor.lnum + 1, nr_lines); else changed_lines(curbuf->b_op_start.lnum, 0, curbuf->b_op_start.lnum, nr_lines); if (y_current_used != NULL && (y_current_used != y_current || y_current->y_array != y_array)) { emsg(_(e_yank_register_changed_while_using_it)); goto end; } curbuf->b_op_end.lnum = new_lnum; len = STRLEN(y_array[y_size - 1]); col = (colnr_T)len - lendiff; if (col > 1) curbuf->b_op_end.col = col - 1 - mb_head_off(y_array[y_size - 1], y_array[y_size - 1] + len - 1); else curbuf->b_op_end.col = 0; if (flags & PUT_CURSLINE) { curwin->w_cursor.lnum = lnum; beginline(BL_WHITE | BL_FIX); } else if (flags & PUT_CURSEND) { if (y_type == MLINE) { if (lnum >= curbuf->b_ml.ml_line_count) curwin->w_cursor.lnum = curbuf->b_ml.ml_line_count; else curwin->w_cursor.lnum = lnum + 1; curwin->w_cursor.col = 0; } else { curwin->w_cursor.lnum = new_lnum; curwin->w_cursor.col = col; curbuf->b_op_end = curwin->w_cursor; if (col > 1) curbuf->b_op_end.col = col - 1; } } else if (y_type == MLINE) { curwin->w_cursor.col = 0; if (dir == FORWARD) ++curwin->w_cursor.lnum; beginline(BL_WHITE | BL_FIX); } else curwin->w_cursor = new_cursor; } } msgmore(nr_lines); curwin->w_set_curswant = TRUE; end: if (cmdmod.cmod_flags & CMOD_LOCKMARKS) { curbuf->b_op_start = orig_start; curbuf->b_op_end = orig_end; } if (allocated) vim_free(insert_string); if (regname == '=') vim_free(y_array); VIsual_active = FALSE; adjust_cursor_eol(); }",visit repo url,src/register.c,https://github.com/vim/vim,129403711627820,1 3903,CWE-416,"qf_fill_buffer(qf_list_T *qfl, buf_T *buf, qfline_T *old_last, int qf_winid) { linenr_T lnum; qfline_T *qfp; int old_KeyTyped = KeyTyped; list_T *qftf_list = NULL; listitem_T *qftf_li = NULL; if (old_last == NULL) { if (buf != curbuf) { internal_error(""qf_fill_buffer()""); return; } while ((curbuf->b_ml.ml_flags & ML_EMPTY) == 0) (void)ml_delete((linenr_T)1); } if (qfl != NULL) { char_u dirname[MAXPATHL]; int invalid_val = FALSE; int prev_bufnr = -1; *dirname = NUL; if (old_last == NULL) { qfp = qfl->qf_start; lnum = 0; } else { if (old_last->qf_next != NULL) qfp = old_last->qf_next; else qfp = old_last; lnum = buf->b_ml.ml_line_count; } qftf_list = call_qftf_func(qfl, qf_winid, (long)(lnum + 1), (long)qfl->qf_count); if (qftf_list != NULL) qftf_li = qftf_list->lv_first; while (lnum < qfl->qf_count) { char_u *qftf_str = NULL; if (qftf_li != NULL && !invalid_val) { qftf_str = tv_get_string_chk(&qftf_li->li_tv); if (qftf_str == NULL) invalid_val = TRUE; } if (qf_buf_add_line(buf, lnum, qfp, dirname, prev_bufnr != qfp->qf_fnum, qftf_str) == FAIL) break; prev_bufnr = qfp->qf_fnum; ++lnum; qfp = qfp->qf_next; if (qfp == NULL) break; if (qftf_li != NULL) qftf_li = qftf_li->li_next; } if (old_last == NULL) (void)ml_delete(lnum + 1); } check_lnums(TRUE); if (old_last == NULL) { ++curbuf_lock; set_option_value_give_err((char_u *)""ft"", 0L, (char_u *)""qf"", OPT_LOCAL); curbuf->b_p_ma = FALSE; keep_filetype = TRUE; apply_autocmds(EVENT_BUFREADPOST, (char_u *)""quickfix"", NULL, FALSE, curbuf); apply_autocmds(EVENT_BUFWINENTER, (char_u *)""quickfix"", NULL, FALSE, curbuf); keep_filetype = FALSE; --curbuf_lock; redraw_curbuf_later(UPD_NOT_VALID); } KeyTyped = old_KeyTyped; }",visit repo url,src/quickfix.c,https://github.com/vim/vim,156104753726478,1 3988,['CWE-362'],"void unpin_inotify_watch(struct inotify_watch *watch) { struct super_block *sb = watch->inode->i_sb; put_inotify_watch(watch); deactivate_super(sb); }",linux-2.6,,,301793408777161979386066292782134238500,0 343,['CWE-20'],"void ptrace_disable(struct task_struct *child) { clear_singlestep(child); clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE); clear_tsk_thread_flag(child, TIF_SYSCALL_EMU); }",linux-2.6,,,245370501785042370179107865564642680363,0 5497,CWE-125,"ast_for_call(struct compiling *c, const node *n, expr_ty func) { int i, nargs, nkeywords, ngens; asdl_seq *args; asdl_seq *keywords; expr_ty vararg = NULL, kwarg = NULL; REQ(n, arglist); nargs = 0; nkeywords = 0; ngens = 0; for (i = 0; i < NCH(n); i++) { node *ch = CHILD(n, i); if (TYPE(ch) == argument) { if (NCH(ch) == 1) nargs++; else if (TYPE(CHILD(ch, 1)) == comp_for) ngens++; else nkeywords++; } } if (ngens > 1 || (ngens && (nargs || nkeywords))) { ast_error(n, ""Generator expression must be parenthesized "" ""if not sole argument""); return NULL; } if (nargs + nkeywords + ngens > 255) { ast_error(n, ""more than 255 arguments""); return NULL; } args = asdl_seq_new(nargs + ngens, c->c_arena); if (!args) return NULL; keywords = asdl_seq_new(nkeywords, c->c_arena); if (!keywords) return NULL; nargs = 0; nkeywords = 0; for (i = 0; i < NCH(n); i++) { node *ch = CHILD(n, i); if (TYPE(ch) == argument) { expr_ty e; if (NCH(ch) == 1) { if (nkeywords) { ast_error(CHILD(ch, 0), ""non-keyword arg after keyword arg""); return NULL; } if (vararg) { ast_error(CHILD(ch, 0), ""only named arguments may follow *expression""); return NULL; } e = ast_for_expr(c, CHILD(ch, 0)); if (!e) return NULL; asdl_seq_SET(args, nargs++, e); } else if (TYPE(CHILD(ch, 1)) == comp_for) { e = ast_for_genexp(c, ch); if (!e) return NULL; asdl_seq_SET(args, nargs++, e); } else { keyword_ty kw; identifier key; int k; char *tmp; e = ast_for_expr(c, CHILD(ch, 0)); if (!e) return NULL; if (e->kind == Lambda_kind) { ast_error(CHILD(ch, 0), ""lambda cannot contain assignment""); return NULL; } else if (e->kind != Name_kind) { ast_error(CHILD(ch, 0), ""keyword can't be an expression""); return NULL; } key = e->v.Name.id; if (!forbidden_check(c, CHILD(ch, 0), PyUnicode_AsUTF8(key))) return NULL; for (k = 0; k < nkeywords; k++) { tmp = _PyUnicode_AsString( ((keyword_ty)asdl_seq_GET(keywords, k))->arg); if (!strcmp(tmp, _PyUnicode_AsString(key))) { ast_error(CHILD(ch, 0), ""keyword argument repeated""); return NULL; } } e = ast_for_expr(c, CHILD(ch, 2)); if (!e) return NULL; kw = keyword(key, e, c->c_arena); if (!kw) return NULL; asdl_seq_SET(keywords, nkeywords++, kw); } } else if (TYPE(ch) == STAR) { vararg = ast_for_expr(c, CHILD(n, i+1)); if (!vararg) return NULL; i++; } else if (TYPE(ch) == DOUBLESTAR) { kwarg = ast_for_expr(c, CHILD(n, i+1)); if (!kwarg) return NULL; i++; } } return Call(func, args, keywords, vararg, kwarg, func->lineno, func->col_offset, c->c_arena); }",visit repo url,ast27/Python/ast.c,https://github.com/python/typed_ast,27642322130970,1 170,CWE-476,"static int qca_serdev_probe(struct serdev_device *serdev) { struct qca_serdev *qcadev; struct hci_dev *hdev; const struct qca_device_data *data; int err; bool power_ctrl_enabled = true; qcadev = devm_kzalloc(&serdev->dev, sizeof(*qcadev), GFP_KERNEL); if (!qcadev) return -ENOMEM; qcadev->serdev_hu.serdev = serdev; data = device_get_match_data(&serdev->dev); serdev_device_set_drvdata(serdev, qcadev); device_property_read_string(&serdev->dev, ""firmware-name"", &qcadev->firmware_name); device_property_read_u32(&serdev->dev, ""max-speed"", &qcadev->oper_speed); if (!qcadev->oper_speed) BT_DBG(""UART will pick default operating speed""); if (data && (qca_is_wcn399x(data->soc_type) || qca_is_wcn6750(data->soc_type))) { qcadev->btsoc_type = data->soc_type; qcadev->bt_power = devm_kzalloc(&serdev->dev, sizeof(struct qca_power), GFP_KERNEL); if (!qcadev->bt_power) return -ENOMEM; qcadev->bt_power->dev = &serdev->dev; err = qca_init_regulators(qcadev->bt_power, data->vregs, data->num_vregs); if (err) { BT_ERR(""Failed to init regulators:%d"", err); return err; } qcadev->bt_power->vregs_on = false; qcadev->bt_en = devm_gpiod_get_optional(&serdev->dev, ""enable"", GPIOD_OUT_LOW); if (!qcadev->bt_en && data->soc_type == QCA_WCN6750) { dev_err(&serdev->dev, ""failed to acquire BT_EN gpio\n""); power_ctrl_enabled = false; } qcadev->sw_ctrl = devm_gpiod_get_optional(&serdev->dev, ""swctrl"", GPIOD_IN); if (!qcadev->sw_ctrl && data->soc_type == QCA_WCN6750) dev_warn(&serdev->dev, ""failed to acquire SW_CTRL gpio\n""); qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL); if (IS_ERR(qcadev->susclk)) { dev_err(&serdev->dev, ""failed to acquire clk\n""); return PTR_ERR(qcadev->susclk); } err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto); if (err) { BT_ERR(""wcn3990 serdev registration failed""); return err; } } else { if (data) qcadev->btsoc_type = data->soc_type; else qcadev->btsoc_type = QCA_ROME; qcadev->bt_en = devm_gpiod_get_optional(&serdev->dev, ""enable"", GPIOD_OUT_LOW); if (!qcadev->bt_en) { dev_warn(&serdev->dev, ""failed to acquire enable gpio\n""); power_ctrl_enabled = false; } qcadev->susclk = devm_clk_get_optional(&serdev->dev, NULL); if (IS_ERR(qcadev->susclk)) { dev_warn(&serdev->dev, ""failed to acquire clk\n""); return PTR_ERR(qcadev->susclk); } err = clk_set_rate(qcadev->susclk, SUSCLK_RATE_32KHZ); if (err) return err; err = clk_prepare_enable(qcadev->susclk); if (err) return err; err = hci_uart_register_device(&qcadev->serdev_hu, &qca_proto); if (err) { BT_ERR(""Rome serdev registration failed""); clk_disable_unprepare(qcadev->susclk); return err; } } hdev = qcadev->serdev_hu.hdev; if (power_ctrl_enabled) { set_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks); hdev->shutdown = qca_power_off; } if (data) { if (data->capabilities & QCA_CAP_WIDEBAND_SPEECH) set_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks); if (data->capabilities & QCA_CAP_VALID_LE_STATES) set_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks); } return 0; }",visit repo url,drivers/bluetooth/hci_qca.c,https://github.com/torvalds/linux,135806387662887,1 2253,[],"static int __init nonx32_setup(char *str) { if (!strcmp(str, ""on"")) force_personality32 &= ~READ_IMPLIES_EXEC; else if (!strcmp(str, ""off"")) force_personality32 |= READ_IMPLIES_EXEC; return 1; }",linux-2.6,,,243870178101926723643051139098086072262,0 4013,['CWE-362'],"struct audit_chunk *audit_tree_lookup(const struct inode *inode) { struct list_head *list = chunk_hash(inode); struct audit_chunk *p; list_for_each_entry_rcu(p, list, hash) { if (p->watch.inode == inode) { atomic_long_inc(&p->refs); return p; } } return NULL; }",linux-2.6,,,117626263591153455799550753848809596313,0 84,['CWE-787'],"cirrus_hook_read_cr(CirrusVGAState * s, unsigned reg_index, int *reg_value) { switch (reg_index) { case 0x00: case 0x01: case 0x02: case 0x03: case 0x04: case 0x05: case 0x06: case 0x07: case 0x08: case 0x09: case 0x0a: case 0x0b: case 0x0c: case 0x0d: case 0x0e: case 0x0f: case 0x10: case 0x11: case 0x12: case 0x13: case 0x14: case 0x15: case 0x16: case 0x17: case 0x18: return CIRRUS_HOOK_NOT_HANDLED; case 0x19: case 0x1a: case 0x1b: case 0x1c: case 0x1d: case 0x22: case 0x24: case 0x25: case 0x27: *reg_value = s->cr[reg_index]; break; case 0x26: *reg_value = s->ar_index & 0x3f; break; default: #ifdef DEBUG_CIRRUS printf(""cirrus: inport cr_index %02x\n"", reg_index); *reg_value = 0xff; #endif break; } return CIRRUS_HOOK_HANDLED; }",qemu,,,151850998565781894406377826176915939321,0 219,[],"static int ddp_device_event(struct notifier_block *this, unsigned long event, void *ptr) { if (event == NETDEV_DOWN) atalk_dev_down(ptr); return NOTIFY_DONE; }",history,,,279643883011668871741818125315266904525,0 5274,['CWE-264'],"static void free_canon_ace_list( canon_ace *list_head ) { canon_ace *list, *next; for (list = list_head; list; list = next) { next = list->next; DLIST_REMOVE(list_head, list); SAFE_FREE(list); } }",samba,,,257664306349919011203604227918821338995,0 5693,['CWE-476'],"static void udp_v4_hash(struct sock *sk) { BUG(); }",linux-2.6,,,270280268730096166772491774869670789464,0 4160,['CWE-399'],"static void cleanup_dead(AvahiServer *s) { assert(s); avahi_cleanup_dead_entries(s); avahi_browser_cleanup(s); }",avahi,,,62526997840645583816736633000638700349,0 1639,[],"long __sched sleep_on_timeout(wait_queue_head_t *q, long timeout) { return sleep_on_common(q, TASK_UNINTERRUPTIBLE, timeout); }",linux-2.6,,,86100745691468954543979672775847527144,0 5721,['CWE-200'],"static int irda_open_lsap(struct irda_sock *self, int pid) { notify_t notify; if (self->lsap) { IRDA_WARNING(""%s(), busy!\n"", __func__); return -EBUSY; } irda_notify_init(¬ify); notify.udata_indication = irda_data_indication; notify.instance = self; strncpy(notify.name, ""Ultra"", NOTIFY_MAX_NAME); self->lsap = irlmp_open_lsap(LSAP_CONNLESS, ¬ify, pid); if (self->lsap == NULL) { IRDA_DEBUG( 0, ""%s(), Unable to allocate LSAP!\n"", __func__); return -ENOMEM; } return 0; }",linux-2.6,,,259556517499260690604297958853063962492,0 5990,['CWE-200'],"cbq_requeue(struct sk_buff *skb, struct Qdisc *sch) { struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *cl; int ret; if ((cl = q->tx_class) == NULL) { kfree_skb(skb); sch->qstats.drops++; return NET_XMIT_CN; } q->tx_class = NULL; cbq_mark_toplevel(q, cl); #ifdef CONFIG_NET_CLS_POLICE q->rx_class = cl; cl->q->__parent = sch; #endif if ((ret = cl->q->ops->requeue(skb, cl->q)) == 0) { sch->q.qlen++; sch->qstats.requeues++; if (!cl->next_alive) cbq_activate_class(cl); return 0; } sch->qstats.drops++; cl->qstats.drops++; return ret; }",linux-2.6,,,198622502630863932347031527573775516339,0 3787,[],"static struct sock * unix_create1(struct socket *sock) { struct sock *sk = NULL; struct unix_sock *u; if (atomic_read(&unix_nr_socks) >= 2*get_max_files()) goto out; sk = sk_alloc(PF_UNIX, GFP_KERNEL, &unix_proto, 1); if (!sk) goto out; atomic_inc(&unix_nr_socks); sock_init_data(sock,sk); lockdep_set_class(&sk->sk_receive_queue.lock, &af_unix_sk_receive_queue_lock_key); sk->sk_write_space = unix_write_space; sk->sk_max_ack_backlog = sysctl_unix_max_dgram_qlen; sk->sk_destruct = unix_sock_destructor; u = unix_sk(sk); u->dentry = NULL; u->mnt = NULL; spin_lock_init(&u->lock); atomic_set(&u->inflight, 0); INIT_LIST_HEAD(&u->link); mutex_init(&u->readlock); init_waitqueue_head(&u->peer_wait); unix_insert_socket(unix_sockets_unbound, sk); out: return sk; }",linux-2.6,,,102789411946224176801250884943512009780,0 6215,CWE-190,"void fp12_exp_dig(fp12_t c, const fp12_t a, dig_t b) { bn_t _b; fp12_t t, v; int8_t u, naf[RLC_DIG + 1]; int l; if (b == 0) { fp12_set_dig(c, 1); return; } bn_null(_b); fp12_null(t); fp12_null(v); RLC_TRY { bn_new(_b); fp12_new(t); fp12_new(v); fp12_copy(t, a); if (fp12_test_cyc(a)) { fp12_inv_cyc(v, a); bn_set_dig(_b, b); l = RLC_DIG + 1; bn_rec_naf(naf, &l, _b, 2); for (int i = bn_bits(_b) - 2; i >= 0; i--) { fp12_sqr_cyc(t, t); u = naf[i]; if (u > 0) { fp12_mul(t, t, a); } else if (u < 0) { fp12_mul(t, t, v); } } } else { for (int i = util_bits_dig(b) - 2; i >= 0; i--) { fp12_sqr(t, t); if (b & ((dig_t)1 << i)) { fp12_mul(t, t, a); } } } fp12_copy(c, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(_b); fp12_free(t); fp12_free(v); } }",visit repo url,src/fpx/relic_fpx_exp.c,https://github.com/relic-toolkit/relic,56608380625196,1 2721,[],"static int sctp_bindx_add(struct sock *sk, struct sockaddr *addrs, int addrcnt) { int cnt; int retval = 0; void *addr_buf; struct sockaddr *sa_addr; struct sctp_af *af; SCTP_DEBUG_PRINTK(""sctp_bindx_add (sk: %p, addrs: %p, addrcnt: %d)\n"", sk, addrs, addrcnt); addr_buf = addrs; for (cnt = 0; cnt < addrcnt; cnt++) { sa_addr = (struct sockaddr *)addr_buf; af = sctp_get_af_specific(sa_addr->sa_family); if (!af) { retval = -EINVAL; goto err_bindx_add; } retval = sctp_do_bind(sk, (union sctp_addr *)sa_addr, af->sockaddr_len); addr_buf += af->sockaddr_len; err_bindx_add: if (retval < 0) { if (cnt > 0) sctp_bindx_rem(sk, addrs, cnt); return retval; } } return retval; }",linux-2.6,,,313327099002014146398628558743719497801,0 618,['CWE-189'],"static void ieee80211_monitor_rx(struct ieee80211_device *ieee, struct sk_buff *skb, struct ieee80211_rx_stats *rx_stats) { struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; u16 fc = le16_to_cpu(hdr->frame_ctl); skb->dev = ieee->dev; skb_reset_mac_header(skb); skb_pull(skb, ieee80211_get_hdrlen(fc)); skb->pkt_type = PACKET_OTHERHOST; skb->protocol = __constant_htons(ETH_P_80211_RAW); memset(skb->cb, 0, sizeof(skb->cb)); netif_rx(skb); }",linux-2.6,,,287847260703989896411022602134110424918,0 6180,CWE-190,"static int log_radix(int radix) { int l = 0; while (radix > 0) { radix = radix / 2; l++; } return --l; }",visit repo url,src/fb/relic_fb_util.c,https://github.com/relic-toolkit/relic,138880308413278,1 1070,['CWE-20'],"asmlinkage long sys_setregid(gid_t rgid, gid_t egid) { int old_rgid = current->gid; int old_egid = current->egid; int new_rgid = old_rgid; int new_egid = old_egid; int retval; retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); if (retval) return retval; if (rgid != (gid_t) -1) { if ((old_rgid == rgid) || (current->egid==rgid) || capable(CAP_SETGID)) new_rgid = rgid; else return -EPERM; } if (egid != (gid_t) -1) { if ((old_rgid == egid) || (current->egid == egid) || (current->sgid == egid) || capable(CAP_SETGID)) new_egid = egid; else return -EPERM; } if (new_egid != old_egid) { current->mm->dumpable = suid_dumpable; smp_wmb(); } if (rgid != (gid_t) -1 || (egid != (gid_t) -1 && egid != old_rgid)) current->sgid = new_egid; current->fsgid = new_egid; current->egid = new_egid; current->gid = new_rgid; key_fsgid_changed(current); proc_id_connector(current, PROC_EVENT_GID); return 0; }",linux-2.6,,,49882836576745116333406924172647163098,0 1774,[],"static inline void dec_cpu_load(struct rq *rq, unsigned long load) { update_load_sub(&rq->load, load); }",linux-2.6,,,20402164452030100463216666598128397492,0 4688,CWE-78,"void imap_quote_string (char *dest, size_t dlen, const char *src) { static const char quote[] = ""\""\\""; char *pt; const char *s; pt = dest; s = src; *pt++ = '""'; dlen -= 2; for (; *s && dlen; s++) { if (strchr (quote, *s)) { dlen -= 2; if (!dlen) break; *pt++ = '\\'; *pt++ = *s; } else { *pt++ = *s; dlen--; } } *pt++ = '""'; *pt = 0; }",visit repo url,imap/util.c,https://gitlab.com/muttmua/mutt,159059063677793,1 2466,['CWE-119'],"int diff_root_tree_sha1(const unsigned char *new, const char *base, struct diff_options *opt) { int retval; void *tree; unsigned long size; struct tree_desc empty, real; tree = read_object_with_reference(new, tree_type, &size, NULL); if (!tree) die(""unable to read root tree (%s)"", sha1_to_hex(new)); init_tree_desc(&real, tree, size); init_tree_desc(&empty, """", 0); retval = diff_tree(&empty, &real, base, opt); free(tree); return retval; }",git,,,125550996733568969810716516219004785913,0 778,['CWE-119'],"isdn_net_autohup(void) { isdn_net_dev *p = dev->netdev; int anymore; anymore = 0; while (p) { isdn_net_local *l = p->local; if (jiffies == last_jiffies) l->cps = l->transcount; else l->cps = (l->transcount * HZ) / (jiffies - last_jiffies); l->transcount = 0; if (dev->net_verbose > 3) printk(KERN_DEBUG ""%s: %d bogocps\n"", p->dev->name, l->cps); if ((l->flags & ISDN_NET_CONNECTED) && (!l->dialstate)) { anymore = 1; l->huptimer++; if ((l->onhtime) && (l->huptimer > l->onhtime)) { if (l->hupflags & ISDN_MANCHARGE && l->hupflags & ISDN_CHARGEHUP) { while (time_after(jiffies, l->chargetime + l->chargeint)) l->chargetime += l->chargeint; if (time_after(jiffies, l->chargetime + l->chargeint - 2 * HZ)) if (l->outgoing || l->hupflags & ISDN_INHUP) isdn_net_hangup(p->dev); } else if (l->outgoing) { if (l->hupflags & ISDN_CHARGEHUP) { if (l->hupflags & ISDN_WAITCHARGE) { printk(KERN_DEBUG ""isdn_net: Hupflags of %s are %X\n"", p->dev->name, l->hupflags); isdn_net_hangup(p->dev); } else if (time_after(jiffies, l->chargetime + l->chargeint)) { printk(KERN_DEBUG ""isdn_net: %s: chtime = %lu, chint = %d\n"", p->dev->name, l->chargetime, l->chargeint); isdn_net_hangup(p->dev); } } else isdn_net_hangup(p->dev); } else if (l->hupflags & ISDN_INHUP) isdn_net_hangup(p->dev); } if(dev->global_flags & ISDN_GLOBAL_STOPPED || (ISDN_NET_DIALMODE(*l) == ISDN_NET_DM_OFF)) { isdn_net_hangup(p->dev); break; } } p = (isdn_net_dev *) p->next; } last_jiffies = jiffies; isdn_timer_ctrl(ISDN_TIMER_NETHANGUP, anymore); }",linux-2.6,,,135316072761096804723213051524443280080,0 2600,['CWE-189'],"static void dccp_finish_passive_close(struct sock *sk) { switch (sk->sk_state) { case DCCP_PASSIVE_CLOSE: dccp_send_reset(sk, DCCP_RESET_CODE_CLOSED); dccp_set_state(sk, DCCP_CLOSED); break; case DCCP_PASSIVE_CLOSEREQ: dccp_send_close(sk, 1); dccp_set_state(sk, DCCP_CLOSING); } }",linux-2.6,,,202322268067407164711317378367001521747,0 850,CWE-20,"SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, unsigned int, flags, struct sockaddr __user *, addr, int __user *, addr_len) { struct socket *sock; struct iovec iov; struct msghdr msg; struct sockaddr_storage address; int err, err2; int fput_needed; if (size > INT_MAX) size = INT_MAX; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_iovlen = 1; msg.msg_iov = &iov; iov.iov_len = size; iov.iov_base = ubuf; msg.msg_name = (struct sockaddr *)&address; msg.msg_namelen = sizeof(address); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = sock_recvmsg(sock, &msg, size, flags); if (err >= 0 && addr != NULL) { err2 = move_addr_to_user(&address, msg.msg_namelen, addr, addr_len); if (err2 < 0) err = err2; } fput_light(sock->file, fput_needed); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,89843130858034,1 4364,['CWE-399'],"long keyctl_keyring_clear(key_serial_t ringid) { key_ref_t keyring_ref; long ret; keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE); if (IS_ERR(keyring_ref)) { ret = PTR_ERR(keyring_ref); goto error; } ret = keyring_clear(key_ref_to_ptr(keyring_ref)); key_ref_put(keyring_ref); error: return ret; } ",linux-2.6,,,292758857382135022815205004326447579855,0 3177,CWE-125,"mpls_print(netdissect_options *ndo, const u_char *bp, u_int length) { const u_char *p; uint32_t label_entry; uint16_t label_stack_depth = 0; enum mpls_packet_type pt = PT_UNKNOWN; p = bp; ND_PRINT((ndo, ""MPLS"")); do { ND_TCHECK2(*p, sizeof(label_entry)); if (length < sizeof(label_entry)) { ND_PRINT((ndo, ""[|MPLS], length %u"", length)); return; } label_entry = EXTRACT_32BITS(p); ND_PRINT((ndo, ""%s(label %u"", (label_stack_depth && ndo->ndo_vflag) ? ""\n\t"" : "" "", MPLS_LABEL(label_entry))); label_stack_depth++; if (ndo->ndo_vflag && MPLS_LABEL(label_entry) < sizeof(mpls_labelname) / sizeof(mpls_labelname[0])) ND_PRINT((ndo, "" (%s)"", mpls_labelname[MPLS_LABEL(label_entry)])); ND_PRINT((ndo, "", exp %u"", MPLS_EXP(label_entry))); if (MPLS_STACK(label_entry)) ND_PRINT((ndo, "", [S]"")); ND_PRINT((ndo, "", ttl %u)"", MPLS_TTL(label_entry))); p += sizeof(label_entry); length -= sizeof(label_entry); } while (!MPLS_STACK(label_entry)); switch (MPLS_LABEL(label_entry)) { case 0: case 3: pt = PT_IPV4; break; case 2: pt = PT_IPV6; break; default: ND_TCHECK(*p); if (length < 1) { return; } switch(*p) { case 0x45: case 0x46: case 0x47: case 0x48: case 0x49: case 0x4a: case 0x4b: case 0x4c: case 0x4d: case 0x4e: case 0x4f: pt = PT_IPV4; break; case 0x60: case 0x61: case 0x62: case 0x63: case 0x64: case 0x65: case 0x66: case 0x67: case 0x68: case 0x69: case 0x6a: case 0x6b: case 0x6c: case 0x6d: case 0x6e: case 0x6f: pt = PT_IPV6; break; case 0x81: case 0x82: case 0x83: pt = PT_OSI; break; default: break; } } if (pt == PT_UNKNOWN) { if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, length); return; } ND_PRINT((ndo, ndo->ndo_vflag ? ""\n\t"" : "" "")); switch (pt) { case PT_IPV4: ip_print(ndo, p, length); break; case PT_IPV6: ip6_print(ndo, p, length); break; case PT_OSI: isoclns_print(ndo, p, length, length); break; default: break; } return; trunc: ND_PRINT((ndo, ""[|MPLS]"")); }",visit repo url,print-mpls.c,https://github.com/the-tcpdump-group/tcpdump,49930812753023,1 244,CWE-476,"static int __init big_key_crypto_init(void) { int ret = -EINVAL; big_key_rng = crypto_alloc_rng(big_key_rng_name, 0, 0); if (IS_ERR(big_key_rng)) { big_key_rng = NULL; return -EFAULT; } ret = crypto_rng_reset(big_key_rng, NULL, crypto_rng_seedsize(big_key_rng)); if (ret) goto error; big_key_skcipher = crypto_alloc_skcipher(big_key_alg_name, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(big_key_skcipher)) { big_key_skcipher = NULL; ret = -EFAULT; goto error; } return 0; error: crypto_free_rng(big_key_rng); big_key_rng = NULL; return ret; }",visit repo url,security/keys/big_key.c,https://github.com/torvalds/linux,11016856448518,1 297,CWE-404,"static int cp2112_probe(struct hid_device *hdev, const struct hid_device_id *id) { struct cp2112_device *dev; u8 buf[3]; struct cp2112_smbus_config_report config; int ret; dev = devm_kzalloc(&hdev->dev, sizeof(*dev), GFP_KERNEL); if (!dev) return -ENOMEM; dev->in_out_buffer = devm_kzalloc(&hdev->dev, CP2112_REPORT_MAX_LENGTH, GFP_KERNEL); if (!dev->in_out_buffer) return -ENOMEM; spin_lock_init(&dev->lock); ret = hid_parse(hdev); if (ret) { hid_err(hdev, ""parse failed\n""); return ret; } ret = hid_hw_start(hdev, HID_CONNECT_HIDRAW); if (ret) { hid_err(hdev, ""hw start failed\n""); return ret; } ret = hid_hw_open(hdev); if (ret) { hid_err(hdev, ""hw open failed\n""); goto err_hid_stop; } ret = hid_hw_power(hdev, PM_HINT_FULLON); if (ret < 0) { hid_err(hdev, ""power management error: %d\n"", ret); goto err_hid_close; } ret = cp2112_hid_get(hdev, CP2112_GET_VERSION_INFO, buf, sizeof(buf), HID_FEATURE_REPORT); if (ret != sizeof(buf)) { hid_err(hdev, ""error requesting version\n""); if (ret >= 0) ret = -EIO; goto err_power_normal; } hid_info(hdev, ""Part Number: 0x%02X Device Version: 0x%02X\n"", buf[1], buf[2]); ret = cp2112_hid_get(hdev, CP2112_SMBUS_CONFIG, (u8 *)&config, sizeof(config), HID_FEATURE_REPORT); if (ret != sizeof(config)) { hid_err(hdev, ""error requesting SMBus config\n""); if (ret >= 0) ret = -EIO; goto err_power_normal; } config.retry_time = cpu_to_be16(1); ret = cp2112_hid_output(hdev, (u8 *)&config, sizeof(config), HID_FEATURE_REPORT); if (ret != sizeof(config)) { hid_err(hdev, ""error setting SMBus config\n""); if (ret >= 0) ret = -EIO; goto err_power_normal; } hid_set_drvdata(hdev, (void *)dev); dev->hdev = hdev; dev->adap.owner = THIS_MODULE; dev->adap.class = I2C_CLASS_HWMON; dev->adap.algo = &smbus_algorithm; dev->adap.algo_data = dev; dev->adap.dev.parent = &hdev->dev; snprintf(dev->adap.name, sizeof(dev->adap.name), ""CP2112 SMBus Bridge on hiddev%d"", hdev->minor); dev->hwversion = buf[2]; init_waitqueue_head(&dev->wait); hid_device_io_start(hdev); ret = i2c_add_adapter(&dev->adap); hid_device_io_stop(hdev); if (ret) { hid_err(hdev, ""error registering i2c adapter\n""); goto err_power_normal; } hid_dbg(hdev, ""adapter registered\n""); dev->gc.label = ""cp2112_gpio""; dev->gc.direction_input = cp2112_gpio_direction_input; dev->gc.direction_output = cp2112_gpio_direction_output; dev->gc.set = cp2112_gpio_set; dev->gc.get = cp2112_gpio_get; dev->gc.base = -1; dev->gc.ngpio = 8; dev->gc.can_sleep = 1; dev->gc.parent = &hdev->dev; ret = gpiochip_add_data(&dev->gc, dev); if (ret < 0) { hid_err(hdev, ""error registering gpio chip\n""); goto err_free_i2c; } ret = sysfs_create_group(&hdev->dev.kobj, &cp2112_attr_group); if (ret < 0) { hid_err(hdev, ""error creating sysfs attrs\n""); goto err_gpiochip_remove; } chmod_sysfs_attrs(hdev); hid_hw_power(hdev, PM_HINT_NORMAL); ret = gpiochip_irqchip_add(&dev->gc, &cp2112_gpio_irqchip, 0, handle_simple_irq, IRQ_TYPE_NONE); if (ret) { dev_err(dev->gc.parent, ""failed to add IRQ chip\n""); goto err_sysfs_remove; } return ret; err_sysfs_remove: sysfs_remove_group(&hdev->dev.kobj, &cp2112_attr_group); err_gpiochip_remove: gpiochip_remove(&dev->gc); err_free_i2c: i2c_del_adapter(&dev->adap); err_power_normal: hid_hw_power(hdev, PM_HINT_NORMAL); err_hid_close: hid_hw_close(hdev); err_hid_stop: hid_hw_stop(hdev); return ret; }",visit repo url,drivers/hid/hid-cp2112.c,https://github.com/torvalds/linux,103459858555982,1 6319,CWE-295,"NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr, char *opt, char *arg) { SERVICE_OPTIONS *section; int endpoints=0; #ifndef USE_WIN32 struct group *gr; struct passwd *pw; #endif section=section_ptr ? *section_ptr : NULL; if(cmd==CMD_SET_DEFAULTS || cmd==CMD_SET_COPY) { section->ref=1; } else if(cmd==CMD_FREE) { if(section==&service_options || section==&new_service_options) s_log(LOG_DEBUG, ""Deallocating section defaults""); else s_log(LOG_DEBUG, ""Deallocating section [%s]"", section->servname); } else if(cmd==CMD_PRINT_DEFAULTS || cmd==CMD_PRINT_HELP) { s_log(LOG_NOTICE, "" ""); s_log(LOG_NOTICE, ""Service-level options:""); } switch(cmd) { case CMD_SET_DEFAULTS: addrlist_clear(§ion->local_addr, 1); section->local_fd=NULL; break; case CMD_SET_COPY: addrlist_clear(§ion->local_addr, 1); section->local_fd=NULL; name_list_dup(§ion->local_addr.names, new_service_options.local_addr.names); break; case CMD_FREE: name_list_free(section->local_addr.names); str_free(section->local_addr.addr); str_free(section->local_fd); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""accept"")) break; section->option.accept=1; name_list_append(§ion->local_addr.names, arg); return NULL; case CMD_INITIALIZE: if(section->local_addr.names) { unsigned i; if(!addrlist_resolve(§ion->local_addr)) return ""Cannot resolve accept target""; section->local_fd=str_alloc_detached(section->local_addr.num*sizeof(SOCKET)); for(i=0; ilocal_addr.num; ++i) section->local_fd[i]=INVALID_SOCKET; ++endpoints; } break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = [host:]port accept connections on specified host:port"", ""accept""); break; } switch(cmd) { case CMD_SET_DEFAULTS: #if 0 section->ca_dir=(char *)X509_get_default_cert_dir(); #endif section->ca_dir=NULL; break; case CMD_SET_COPY: section->ca_dir=str_dup_detached(new_service_options.ca_dir); break; case CMD_FREE: str_free(section->ca_dir); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""CApath"")) break; str_free(section->ca_dir); if(arg[0]) section->ca_dir=str_dup_detached(arg); else section->ca_dir=NULL; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: #if 0 s_log(LOG_NOTICE, ""%-22s = %s"", ""CApath"", section->ca_dir ? section->ca_dir : ""(none)""); #endif break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = CA certificate directory for 'verify' option"", ""CApath""); break; } switch(cmd) { case CMD_SET_DEFAULTS: #if 0 section->ca_file=(char *)X509_get_default_certfile(); #endif section->ca_file=NULL; break; case CMD_SET_COPY: section->ca_file=str_dup_detached(new_service_options.ca_file); break; case CMD_FREE: str_free(section->ca_file); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""CAfile"")) break; str_free(section->ca_file); if(arg[0]) section->ca_file=str_dup_detached(arg); else section->ca_file=NULL; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: #if 0 s_log(LOG_NOTICE, ""%-22s = %s"", ""CAfile"", section->ca_file ? section->ca_file : ""(none)""); #endif break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = CA certificate file for 'verify' option"", ""CAfile""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->cert=NULL; break; case CMD_SET_COPY: section->cert=str_dup_detached(new_service_options.cert); break; case CMD_FREE: str_free(section->cert); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""cert"")) break; str_free(section->cert); section->cert=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: #ifndef OPENSSL_NO_PSK if(section->psk_keys) break; #endif #ifndef OPENSSL_NO_ENGINE if(section->engine) break; #endif if(!section->option.client && !section->cert) return ""TLS server needs a certificate""; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = certificate chain"", ""cert""); break; } #if OPENSSL_VERSION_NUMBER>=0x10002000L switch(cmd) { case CMD_SET_DEFAULTS: section->check_email=NULL; break; case CMD_SET_COPY: name_list_dup(§ion->check_email, new_service_options.check_email); break; case CMD_FREE: name_list_free(section->check_email); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""checkEmail"")) break; name_list_append(§ion->check_email, arg); return NULL; case CMD_INITIALIZE: if(section->check_email && !section->option.verify_chain && !section->option.verify_peer) return ""Either \""verifyChain\"" or \""verifyPeer\"" has to be enabled""; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = peer certificate email address"", ""checkEmail""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->check_host=NULL; break; case CMD_SET_COPY: name_list_dup(§ion->check_host, new_service_options.check_host); break; case CMD_FREE: name_list_free(section->check_host); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""checkHost"")) break; name_list_append(§ion->check_host, arg); return NULL; case CMD_INITIALIZE: if(section->check_host && !section->option.verify_chain && !section->option.verify_peer) return ""Either \""verifyChain\"" or \""verifyPeer\"" has to be enabled""; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = peer certificate host name pattern"", ""checkHost""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->check_ip=NULL; break; case CMD_SET_COPY: name_list_dup(§ion->check_ip, new_service_options.check_ip); break; case CMD_FREE: name_list_free(section->check_ip); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""checkIP"")) break; name_list_append(§ion->check_ip, arg); return NULL; case CMD_INITIALIZE: if(section->check_ip && !section->option.verify_chain && !section->option.verify_peer) return ""Either \""verifyChain\"" or \""verifyPeer\"" has to be enabled""; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = peer certificate IP address"", ""checkIP""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->cipher_list=NULL; break; case CMD_SET_COPY: section->cipher_list=str_dup_detached(new_service_options.cipher_list); break; case CMD_FREE: str_free(section->cipher_list); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""ciphers"")) break; str_free(section->cipher_list); section->cipher_list=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: if(!section->cipher_list) { #ifdef USE_FIPS if(new_global_options.option.fips) section->cipher_list=str_dup_detached(""FIPS""); else #endif section->cipher_list=str_dup_detached(stunnel_cipher_list); } break; case CMD_PRINT_DEFAULTS: #ifdef USE_FIPS s_log(LOG_NOTICE, ""%-22s = %s %s"", ""ciphers"", ""FIPS"", ""(with \""fips = yes\"")""); s_log(LOG_NOTICE, ""%-22s = %s %s"", ""ciphers"", stunnel_cipher_list, ""(with \""fips = no\"")""); #else s_log(LOG_NOTICE, ""%-22s = %s"", ""ciphers"", stunnel_cipher_list); #endif break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = permitted ciphers for TLS 1.2 or older"", ""ciphers""); break; } #ifndef OPENSSL_NO_TLS1_3 switch(cmd) { case CMD_SET_DEFAULTS: section->ciphersuites=NULL; break; case CMD_SET_COPY: section->ciphersuites=str_dup_detached(new_service_options.ciphersuites); break; case CMD_FREE: str_free(section->ciphersuites); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""ciphersuites"")) break; str_free(section->ciphersuites); section->ciphersuites=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: if(!section->ciphersuites) { section->ciphersuites=str_dup_detached(stunnel_ciphersuites); } break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %s %s"", ""ciphersuites"", stunnel_ciphersuites, ""(with TLSv1.3)""); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = permitted ciphersuites for TLS 1.3"", ""ciphersuites""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->option.client=0; break; case CMD_SET_COPY: section->option.client=new_service_options.option.client; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""client"")) break; if(!strcasecmp(arg, ""yes"")) section->option.client=1; else if(!strcasecmp(arg, ""no"")) section->option.client=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no client mode (remote service uses TLS)"", ""client""); break; } #if OPENSSL_VERSION_NUMBER>=0x10002000L switch(cmd) { case CMD_SET_DEFAULTS: section->config=NULL; break; case CMD_SET_COPY: name_list_dup(§ion->config, new_service_options.config); break; case CMD_FREE: name_list_free(section->config); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""config"")) break; name_list_append(§ion->config, arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = command[:parameter] to execute"", ""config""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: addrlist_clear(§ion->connect_addr, 0); section->connect_session=NULL; break; case CMD_SET_COPY: addrlist_clear(§ion->connect_addr, 0); section->connect_session=NULL; name_list_dup(§ion->connect_addr.names, new_service_options.connect_addr.names); break; case CMD_FREE: name_list_free(section->connect_addr.names); str_free(section->connect_addr.addr); str_free(section->connect_session); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""connect"")) break; name_list_append(§ion->connect_addr.names, arg); return NULL; case CMD_INITIALIZE: if(section->connect_addr.names) { if(!section->option.delayed_lookup && !addrlist_resolve(§ion->connect_addr)) { s_log(LOG_INFO, ""Cannot resolve connect target - delaying DNS lookup""); section->connect_addr.num=0; section->redirect_addr.num=0; section->option.delayed_lookup=1; } if(section->option.client) section->connect_session= str_alloc_detached(section->connect_addr.num*sizeof(SSL_SESSION *)); ++endpoints; } break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = [host:]port to connect"", ""connect""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->crl_dir=NULL; break; case CMD_SET_COPY: section->crl_dir=str_dup_detached(new_service_options.crl_dir); break; case CMD_FREE: str_free(section->crl_dir); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""CRLpath"")) break; str_free(section->crl_dir); if(arg[0]) section->crl_dir=str_dup_detached(arg); else section->crl_dir=NULL; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = CRL directory"", ""CRLpath""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->crl_file=NULL; break; case CMD_SET_COPY: section->crl_file=str_dup_detached(new_service_options.crl_file); break; case CMD_FREE: str_free(section->crl_file); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""CRLfile"")) break; str_free(section->crl_file); if(arg[0]) section->crl_file=str_dup_detached(arg); else section->crl_file=NULL; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = CRL file"", ""CRLfile""); break; } #ifndef OPENSSL_NO_ECDH switch(cmd) { case CMD_SET_DEFAULTS: section->curves=str_dup_detached(DEFAULT_CURVES); break; case CMD_SET_COPY: section->curves=str_dup_detached(new_service_options.curves); break; case CMD_FREE: str_free(section->curves); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""curves"") && strcasecmp(opt, ""curve"")) break; str_free(section->curves); section->curves=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %s"", ""curves"", DEFAULT_CURVES); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = ECDH curve names"", ""curves""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->log_level=LOG_NOTICE; #if !defined (USE_WIN32) && !defined (__vms) new_global_options.log_facility=LOG_DAEMON; #endif break; case CMD_SET_COPY: section->log_level=new_service_options.log_level; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""debug"")) break; return parse_debug_level(arg, section); case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: #if !defined (USE_WIN32) && !defined (__vms) s_log(LOG_NOTICE, ""%-22s = %s"", ""debug"", ""daemon.notice""); #else s_log(LOG_NOTICE, ""%-22s = %s"", ""debug"", ""notice""); #endif break; case CMD_PRINT_HELP: #if !defined (USE_WIN32) && !defined (__vms) s_log(LOG_NOTICE, ""%-22s = [facility].level (e.g. daemon.info)"", ""debug""); #else s_log(LOG_NOTICE, ""%-22s = level (e.g. info)"", ""debug""); #endif break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.delayed_lookup=0; break; case CMD_SET_COPY: section->option.delayed_lookup=new_service_options.option.delayed_lookup; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""delay"")) break; if(!strcasecmp(arg, ""yes"")) section->option.delayed_lookup=1; else if(!strcasecmp(arg, ""no"")) section->option.delayed_lookup=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no delay DNS lookup for 'connect' option"", ""delay""); break; } #ifndef OPENSSL_NO_ENGINE switch(cmd) { case CMD_SET_DEFAULTS: break; case CMD_SET_COPY: section->engine=new_service_options.engine; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""engineId"")) break; section->engine=engine_get_by_id(arg); if(!section->engine) return ""Engine ID not found""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = ID of engine to read the key from"", ""engineId""); break; } switch(cmd) { case CMD_SET_DEFAULTS: break; case CMD_SET_COPY: section->engine=new_service_options.engine; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""engineNum"")) break; { char *tmp_str; int tmp_int=(int)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal engine number""; section->engine=engine_get_by_num(tmp_int-1); } if(!section->engine) return ""Illegal engine number""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = number of engine to read the key from"", ""engineNum""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->exec_name=NULL; break; case CMD_SET_COPY: section->exec_name=str_dup_detached(new_service_options.exec_name); break; case CMD_FREE: str_free(section->exec_name); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""exec"")) break; str_free(section->exec_name); section->exec_name=str_dup_detached(arg); #ifdef USE_WIN32 section->exec_args=str_dup_detached(arg); #else if(!section->exec_args) { section->exec_args=str_alloc_detached(2*sizeof(char *)); section->exec_args[0]=str_dup_detached(section->exec_name); section->exec_args[1]=NULL; } #endif return NULL; case CMD_INITIALIZE: if(section->exec_name) ++endpoints; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = file execute local inetd-type program"", ""exec""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->exec_args=NULL; break; case CMD_SET_COPY: #ifdef USE_WIN32 section->exec_args=str_dup_detached(new_service_options.exec_args); #else section->exec_args=arg_dup(new_service_options.exec_args); #endif break; case CMD_FREE: #ifdef USE_WIN32 str_free(section->exec_args); #else arg_free(section->exec_args); #endif break; case CMD_SET_VALUE: if(strcasecmp(opt, ""execArgs"")) break; #ifdef USE_WIN32 str_free(section->exec_args); section->exec_args=str_dup_detached(arg); #else arg_free(section->exec_args); section->exec_args=arg_alloc(arg); #endif return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = arguments for 'exec' (including $0)"", ""execArgs""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->failover=FAILOVER_PRIO; section->rr=0; break; case CMD_SET_COPY: section->failover=new_service_options.failover; section->rr=new_service_options.rr; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""failover"")) break; if(!strcasecmp(arg, ""rr"")) section->failover=FAILOVER_RR; else if(!strcasecmp(arg, ""prio"")) section->failover=FAILOVER_PRIO; else return ""The argument needs to be either 'rr' or 'prio'""; return NULL; case CMD_INITIALIZE: if(section->option.delayed_lookup) section->failover=FAILOVER_PRIO; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = rr|prio failover strategy"", ""failover""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->username=NULL; break; case CMD_SET_COPY: section->username=str_dup_detached(new_service_options.username); break; case CMD_FREE: str_free(section->username); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""ident"")) break; str_free(section->username); section->username=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = username for IDENT (RFC 1413) checking"", ""ident""); break; } switch(cmd) { case CMD_SET_DEFAULTS: break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""include"")) break; return include_config(arg, section_ptr); case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = directory with configuration file snippets"", ""include""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->key=NULL; break; case CMD_SET_COPY: section->key=str_dup_detached(new_service_options.key); break; case CMD_FREE: str_free(section->key); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""key"")) break; str_free(section->key); section->key=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: if(section->cert && !section->key) section->key=str_dup_detached(section->cert); break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = certificate private key"", ""key""); break; } #ifdef USE_LIBWRAP switch(cmd) { case CMD_SET_DEFAULTS: section->option.libwrap=0; break; case CMD_SET_COPY: section->option.libwrap=new_service_options.option.libwrap; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""libwrap"")) break; if(!strcasecmp(arg, ""yes"")) section->option.libwrap=1; else if(!strcasecmp(arg, ""no"")) section->option.libwrap=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no use /etc/hosts.allow and /etc/hosts.deny"", ""libwrap""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->option.local=0; break; case CMD_SET_COPY: section->option.local=new_service_options.option.local; memcpy(§ion->source_addr, &new_service_options.source_addr, sizeof(SOCKADDR_UNION)); break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""local"")) break; if(!hostport2addr(§ion->source_addr, arg, ""0"", 1)) return ""Failed to resolve local address""; section->option.local=1; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = IP address to be used as source for remote"" "" connections"", ""local""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->log_id=LOG_ID_SEQUENTIAL; break; case CMD_SET_COPY: section->log_id=new_service_options.log_id; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""logId"")) break; if(!strcasecmp(arg, ""sequential"")) section->log_id=LOG_ID_SEQUENTIAL; else if(!strcasecmp(arg, ""unique"")) section->log_id=LOG_ID_UNIQUE; else if(!strcasecmp(arg, ""thread"")) section->log_id=LOG_ID_THREAD; else if(!strcasecmp(arg, ""process"")) section->log_id=LOG_ID_PROCESS; else return ""Invalid connection identifier type""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %s"", ""logId"", ""sequential""); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = connection identifier type"", ""logId""); break; } #ifndef OPENSSL_NO_OCSP switch(cmd) { case CMD_SET_DEFAULTS: section->ocsp_url=NULL; break; case CMD_SET_COPY: section->ocsp_url=str_dup_detached(new_service_options.ocsp_url); break; case CMD_FREE: str_free(section->ocsp_url); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""ocsp"")) break; str_free(section->ocsp_url); section->ocsp_url=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = OCSP responder URL"", ""OCSP""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.aia=0; break; case CMD_SET_COPY: section->option.aia=new_service_options.option.aia; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""OCSPaia"")) break; if(!strcasecmp(arg, ""yes"")) section->option.aia=1; else if(!strcasecmp(arg, ""no"")) section->option.aia=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no check the AIA responders from certificates"", ""OCSPaia""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->ocsp_flags=0; break; case CMD_SET_COPY: section->ocsp_flags=new_service_options.ocsp_flags; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""OCSPflag"")) break; { unsigned long tmp_ulong=parse_ocsp_flag(arg); if(!tmp_ulong) return ""Illegal OCSP flag""; section->ocsp_flags|=tmp_ulong; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = OCSP responder flags"", ""OCSPflag""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.nonce=0; break; case CMD_SET_COPY: section->option.nonce=new_service_options.option.nonce; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""OCSPnonce"")) break; if(!strcasecmp(arg, ""yes"")) section->option.nonce=1; else if(!strcasecmp(arg, ""no"")) section->option.nonce=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no send and verify the OCSP nonce extension"", ""OCSPnonce""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->ssl_options_set=0; #if OPENSSL_VERSION_NUMBER>=0x009080dfL section->ssl_options_clear=0; #endif break; case CMD_SET_COPY: section->ssl_options_set=new_service_options.ssl_options_set; #if OPENSSL_VERSION_NUMBER>=0x009080dfL section->ssl_options_clear=new_service_options.ssl_options_clear; #endif break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""options"")) break; #if OPENSSL_VERSION_NUMBER>=0x009080dfL if(*arg=='-') { long unsigned tmp=parse_ssl_option(arg+1); if(tmp==INVALID_SSL_OPTION) return ""Illegal TLS option""; section->ssl_options_clear|=tmp; return NULL; } #endif { long unsigned tmp=parse_ssl_option(arg); if(tmp==INVALID_SSL_OPTION) return ""Illegal TLS option""; section->ssl_options_set|=tmp; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %s"", ""options"", ""NO_SSLv2""); s_log(LOG_NOTICE, ""%-22s = %s"", ""options"", ""NO_SSLv3""); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = TLS option to set/reset"", ""options""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->protocol=NULL; break; case CMD_SET_COPY: section->protocol=str_dup_detached(new_service_options.protocol); break; case CMD_FREE: str_free(section->protocol); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""protocol"")) break; str_free(section->protocol); section->protocol=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: { char *tmp_str=protocol(NULL, section, PROTOCOL_CHECK); if(tmp_str) return tmp_str; } endpoints+=section->option.protocol_endpoint; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = protocol to negotiate before TLS initialization"", ""protocol""); s_log(LOG_NOTICE, ""%25scurrently supported: cifs, connect, imap,"", """"); s_log(LOG_NOTICE, ""%25s nntp, pgsql, pop3, proxy, smtp, socks"", """"); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->protocol_authentication=str_dup_detached(""basic""); break; case CMD_SET_COPY: section->protocol_authentication= str_dup_detached(new_service_options.protocol_authentication); break; case CMD_FREE: str_free(section->protocol_authentication); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""protocolAuthentication"")) break; str_free(section->protocol_authentication); section->protocol_authentication=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = authentication type for protocol negotiations"", ""protocolAuthentication""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->protocol_domain=NULL; break; case CMD_SET_COPY: section->protocol_domain= str_dup_detached(new_service_options.protocol_domain); break; case CMD_FREE: str_free(section->protocol_domain); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""protocolDomain"")) break; str_free(section->protocol_domain); section->protocol_domain=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = domain for protocol negotiations"", ""protocolDomain""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->protocol_host=NULL; break; case CMD_SET_COPY: section->protocol_host= str_dup_detached(new_service_options.protocol_host); break; case CMD_FREE: str_free(section->protocol_host); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""protocolHost"")) break; str_free(section->protocol_host); section->protocol_host=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = host:port for protocol negotiations"", ""protocolHost""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->protocol_password=NULL; break; case CMD_SET_COPY: section->protocol_password= str_dup_detached(new_service_options.protocol_password); break; case CMD_FREE: str_free(section->protocol_password); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""protocolPassword"")) break; str_free(section->protocol_password); section->protocol_password=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = password for protocol negotiations"", ""protocolPassword""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->protocol_username=NULL; break; case CMD_SET_COPY: section->protocol_username= str_dup_detached(new_service_options.protocol_username); break; case CMD_FREE: str_free(section->protocol_username); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""protocolUsername"")) break; str_free(section->protocol_username); section->protocol_username=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = username for protocol negotiations"", ""protocolUsername""); break; } #ifndef OPENSSL_NO_PSK switch(cmd) { case CMD_SET_DEFAULTS: section->psk_identity=NULL; section->psk_selected=NULL; section->psk_sorted.val=NULL; section->psk_sorted.num=0; break; case CMD_SET_COPY: section->psk_identity= str_dup_detached(new_service_options.psk_identity); break; case CMD_FREE: str_free(section->psk_identity); str_free(section->psk_sorted.val); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""PSKidentity"")) break; str_free(section->psk_identity); section->psk_identity=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: if(!section->psk_keys) break; psk_sort(§ion->psk_sorted, section->psk_keys); if(section->option.client) { if(section->psk_identity) { section->psk_selected= psk_find(§ion->psk_sorted, section->psk_identity); if(!section->psk_selected) return ""No key found for the specified PSK identity""; } else { section->psk_selected=section->psk_keys; } } else { if(section->psk_identity) s_log(LOG_NOTICE, ""PSK identity is ignored in the server mode""); } break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = identity for PSK authentication"", ""PSKidentity""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->psk_keys=NULL; break; case CMD_SET_COPY: section->psk_keys=psk_dup(new_service_options.psk_keys); break; case CMD_FREE: psk_free(section->psk_keys); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""PSKsecrets"")) break; section->psk_keys=psk_read(arg); if(!section->psk_keys) return ""Failed to read PSK secrets""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = secrets for PSK authentication"", ""PSKsecrets""); break; } #endif #ifndef USE_WIN32 switch(cmd) { case CMD_SET_DEFAULTS: section->option.pty=0; break; case CMD_SET_COPY: section->option.pty=new_service_options.option.pty; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""pty"")) break; if(!strcasecmp(arg, ""yes"")) section->option.pty=1; else if(!strcasecmp(arg, ""no"")) section->option.pty=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no allocate pseudo terminal for 'exec' option"", ""pty""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: addrlist_clear(§ion->redirect_addr, 0); break; case CMD_SET_COPY: addrlist_clear(§ion->redirect_addr, 0); name_list_dup(§ion->redirect_addr.names, new_service_options.redirect_addr.names); break; case CMD_FREE: name_list_free(section->redirect_addr.names); str_free(section->redirect_addr.addr); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""redirect"")) break; name_list_append(§ion->redirect_addr.names, arg); return NULL; case CMD_INITIALIZE: if(section->redirect_addr.names) { if(section->option.client) return ""\""redirect\"" is unsupported in client sections""; if(section->option.connect_before_ssl) return ""\""redirect\"" is incompatible with the specified protocol negotiation""; if(!section->option.delayed_lookup && !addrlist_resolve(§ion->redirect_addr)) { s_log(LOG_INFO, ""Cannot resolve redirect target - delaying DNS lookup""); section->connect_addr.num=0; section->redirect_addr.num=0; section->option.delayed_lookup=1; } if(!section->option.verify_chain && !section->option.verify_peer) return ""Either \""verifyChain\"" or \""verifyPeer\"" has to be enabled for \""redirect\"" to work""; } break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = [host:]port to redirect on authentication failures"", ""redirect""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.renegotiation=1; break; case CMD_SET_COPY: section->option.renegotiation=new_service_options.option.renegotiation; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""renegotiation"")) break; if(!strcasecmp(arg, ""yes"")) section->option.renegotiation=1; else if(!strcasecmp(arg, ""no"")) section->option.renegotiation=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no support renegotiation"", ""renegotiation""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.require_cert=0; break; case CMD_SET_COPY: section->option.require_cert=new_service_options.option.require_cert; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""requireCert"")) break; if(!strcasecmp(arg, ""yes"")) { section->option.request_cert=1; section->option.require_cert=1; } else if(!strcasecmp(arg, ""no"")) { section->option.require_cert=0; } else { return ""The argument needs to be either 'yes' or 'no'""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no require client certificate"", ""requireCert""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.reset=1; break; case CMD_SET_COPY: section->option.reset=new_service_options.option.reset; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""reset"")) break; if(!strcasecmp(arg, ""yes"")) section->option.reset=1; else if(!strcasecmp(arg, ""no"")) section->option.reset=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no send TCP RST on error"", ""reset""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.retry=0; break; case CMD_SET_COPY: section->option.retry=new_service_options.option.retry; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""retry"")) break; if(!strcasecmp(arg, ""yes"")) section->option.retry=1; else if(!strcasecmp(arg, ""no"")) section->option.retry=0; else return ""The argument needs to be either 'yes' or 'no'""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no retry connect+exec section"", ""retry""); break; } #ifndef USE_WIN32 switch(cmd) { case CMD_SET_DEFAULTS: section->servname=str_dup_detached(""stunnel""); break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""service"")) break; str_free(section->servname); section->servname=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = service name"", ""service""); break; } #endif #ifndef USE_WIN32 switch(cmd) { case CMD_SET_DEFAULTS: section->gid=0; break; case CMD_SET_COPY: section->gid=new_service_options.gid; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""setgid"")) break; gr=getgrnam(arg); if(gr) { section->gid=gr->gr_gid; return NULL; } { char *tmp_str; section->gid=(gid_t)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal GID""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = groupname for setgid()"", ""setgid""); break; } #endif #ifndef USE_WIN32 switch(cmd) { case CMD_SET_DEFAULTS: section->uid=0; break; case CMD_SET_COPY: section->uid=new_service_options.uid; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""setuid"")) break; pw=getpwnam(arg); if(pw) { section->uid=pw->pw_uid; return NULL; } { char *tmp_str; section->uid=(uid_t)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal UID""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = username for setuid()"", ""setuid""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->session_size=1000L; break; case CMD_SET_COPY: section->session_size=new_service_options.session_size; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""sessionCacheSize"")) break; { char *tmp_str; section->session_size=strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal session cache size""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %ld"", ""sessionCacheSize"", 1000L); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = session cache size"", ""sessionCacheSize""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->session_timeout=300L; break; case CMD_SET_COPY: section->session_timeout=new_service_options.session_timeout; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""sessionCacheTimeout"") && strcasecmp(opt, ""session"")) break; { char *tmp_str; section->session_timeout=strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal session cache timeout""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %ld seconds"", ""sessionCacheTimeout"", 300L); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = session cache timeout (in seconds)"", ""sessionCacheTimeout""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.sessiond=0; memset(§ion->sessiond_addr, 0, sizeof(SOCKADDR_UNION)); section->sessiond_addr.in.sin_family=AF_INET; break; case CMD_SET_COPY: section->option.sessiond=new_service_options.option.sessiond; memcpy(§ion->sessiond_addr, &new_service_options.sessiond_addr, sizeof(SOCKADDR_UNION)); break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""sessiond"")) break; section->option.sessiond=1; #ifdef SSL_OP_NO_TICKET section->ssl_options_set|=SSL_OP_NO_TICKET; #endif if(!name2addr(§ion->sessiond_addr, arg, 0)) return ""Failed to resolve sessiond server address""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = [host:]port use sessiond at host:port"", ""sessiond""); break; } #ifndef OPENSSL_NO_TLSEXT switch(cmd) { case CMD_SET_DEFAULTS: section->servername_list_head=NULL; section->servername_list_tail=NULL; break; case CMD_SET_COPY: section->sni= str_dup_detached(new_service_options.sni); break; case CMD_FREE: str_free(section->sni); sni_free(section); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""sni"")) break; str_free(section->sni); section->sni=str_dup_detached(arg); return NULL; case CMD_INITIALIZE: { char *tmp_str=sni_init(section); if(tmp_str) return tmp_str; } if(!section->option.client && section->sni) ++endpoints; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = master_service:host_name for an SNI virtual service"", ""sni""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->sock_opts=socket_options_init(); break; case CMD_SET_COPY: section->sock_opts=socket_options_dup(new_service_options.sock_opts); break; case CMD_FREE: socket_options_free(section->sock_opts); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""socket"")) break; if(socket_option_parse(section->sock_opts, arg)) return ""Illegal socket option""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = a|l|r:option=value[:value]"", ""socket""); s_log(LOG_NOTICE, ""%25sset an option on accept/local/remote socket"", """"); break; } #if OPENSSL_VERSION_NUMBER>=0x10100000L switch(cmd) { case CMD_SET_DEFAULTS: break; case CMD_SET_COPY: break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""sslVersion"")) break; section->max_proto_version= section->min_proto_version=str_to_proto_version(arg); if(section->max_proto_version==-1) return ""Invalid protocol version""; return NULL; case CMD_INITIALIZE: if(section->max_proto_version && section->min_proto_version && section->max_proto_versionmin_proto_version) return ""Invalid protocol version range""; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = all"" ""|SSLv3|TLSv1|TLSv1.1|TLSv1.2"" #ifdef TLS1_3_VERSION ""|TLSv1.3"" #endif "" TLS version"", ""sslVersion""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->max_proto_version=0; break; case CMD_SET_COPY: section->max_proto_version=new_service_options.max_proto_version; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""sslVersionMax"")) break; section->max_proto_version=str_to_proto_version(arg); if(section->max_proto_version==-1) return ""Invalid protocol version""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = all"" ""|SSLv3|TLSv1|TLSv1.1|TLSv1.2"" #ifdef TLS1_3_VERSION ""|TLSv1.3"" #endif "" TLS version"", ""sslVersionMax""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->min_proto_version=TLS1_VERSION; break; case CMD_SET_COPY: section->min_proto_version=new_service_options.min_proto_version; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""sslVersionMin"")) break; section->min_proto_version=str_to_proto_version(arg); if(section->min_proto_version==-1) return ""Invalid protocol version""; return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = all"" ""|SSLv3|TLSv1|TLSv1.1|TLSv1.2"" #ifdef TLS1_3_VERSION ""|TLSv1.3"" #endif "" TLS version"", ""sslVersionMin""); break; } #else switch(cmd) { case CMD_SET_DEFAULTS: tls_methods_set(section, NULL); break; case CMD_SET_COPY: section->client_method=new_service_options.client_method; section->server_method=new_service_options.server_method; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""sslVersion"")) break; return tls_methods_set(section, arg); case CMD_INITIALIZE: { char *tmp_str=tls_methods_check(section); if(tmp_str) return tmp_str; } break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = all"" ""|SSLv2|SSLv3|TLSv1"" #if OPENSSL_VERSION_NUMBER>=0x10001000L ""|TLSv1.1|TLSv1.2"" #endif "" TLS method"", ""sslVersion""); break; } #endif #ifndef USE_FORK switch(cmd) { case CMD_SET_DEFAULTS: section->stack_size=DEFAULT_STACK_SIZE; break; case CMD_SET_COPY: section->stack_size=new_service_options.stack_size; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""stack"")) break; { char *tmp_str; section->stack_size=(size_t)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal thread stack size""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %d bytes"", ""stack"", DEFAULT_STACK_SIZE); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = thread stack size (in bytes)"", ""stack""); break; } #endif #if OPENSSL_VERSION_NUMBER>=0x10000000L switch(cmd) { case CMD_SET_DEFAULTS: section->ticket_key=NULL; break; case CMD_SET_COPY: section->ticket_key=key_dup(new_service_options.ticket_key); break; case CMD_FREE: key_free(section->ticket_key); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""ticketKeySecret"")) break; section->ticket_key=key_read(arg, ""ticketKeySecret""); if(!section->ticket_key) return ""Failed to read ticketKeySecret""; return NULL; case CMD_INITIALIZE: if(!section->ticket_key) break; if(section->option.client){ s_log(LOG_NOTICE, ""ticketKeySecret is ignored in the client mode""); break; } if(section->ticket_key && !section->ticket_mac) return ""\""ticketKeySecret\"" and \""ticketMacSecret\"" must be set together""; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = secret key for encryption/decryption TLSv1.3 tickets"", ""ticketKeySecret""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->ticket_mac=NULL; break; case CMD_SET_COPY: section->ticket_mac=key_dup(new_service_options.ticket_mac); break; case CMD_FREE: key_free(section->ticket_mac); break; case CMD_SET_VALUE: if(strcasecmp(opt, ""ticketMacSecret"")) break; section->ticket_mac=key_read(arg, ""ticketMacSecret""); if(!section->ticket_mac) return ""Failed to read ticketMacSecret""; return NULL; case CMD_INITIALIZE: if(!section->ticket_mac) break; if(section->option.client){ s_log(LOG_NOTICE, ""ticketMacSecret is ignored in the client mode""); break; } if(section->ticket_mac && !section->ticket_key) return ""\""ticketKeySecret\"" and \""ticketMacSecret\"" must be set together""; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = key for HMAC operations on TLSv1.3 tickets"", ""ticketMacSecret""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->timeout_busy=300; break; case CMD_SET_COPY: section->timeout_busy=new_service_options.timeout_busy; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""TIMEOUTbusy"")) break; { char *tmp_str; section->timeout_busy=(int)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal busy timeout""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %d seconds"", ""TIMEOUTbusy"", 300); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = seconds to wait for expected data"", ""TIMEOUTbusy""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->timeout_close=60; break; case CMD_SET_COPY: section->timeout_close=new_service_options.timeout_close; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""TIMEOUTclose"")) break; { char *tmp_str; section->timeout_close=(int)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal close timeout""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %d seconds"", ""TIMEOUTclose"", 60); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = seconds to wait for close_notify"", ""TIMEOUTclose""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->timeout_connect=10; break; case CMD_SET_COPY: section->timeout_connect=new_service_options.timeout_connect; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""TIMEOUTconnect"")) break; { char *tmp_str; section->timeout_connect=(int)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal connect timeout""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %d seconds"", ""TIMEOUTconnect"", 10); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = seconds to connect remote host"", ""TIMEOUTconnect""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->timeout_idle=43200; break; case CMD_SET_COPY: section->timeout_idle=new_service_options.timeout_idle; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""TIMEOUTidle"")) break; { char *tmp_str; section->timeout_idle=(int)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str) return ""Illegal idle timeout""; return NULL; } case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = %d seconds"", ""TIMEOUTidle"", 43200); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = seconds to keep an idle connection"", ""TIMEOUTidle""); break; } #ifndef USE_WIN32 switch(cmd) { case CMD_SET_DEFAULTS: section->option.transparent_src=0; section->option.transparent_dst=0; break; case CMD_SET_COPY: section->option.transparent_src=new_service_options.option.transparent_src; section->option.transparent_dst=new_service_options.option.transparent_dst; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""transparent"")) break; if(!strcasecmp(arg, ""none"") || !strcasecmp(arg, ""no"")) { section->option.transparent_src=0; section->option.transparent_dst=0; } else if(!strcasecmp(arg, ""source"") || !strcasecmp(arg, ""yes"")) { section->option.transparent_src=1; section->option.transparent_dst=0; } else if(!strcasecmp(arg, ""destination"")) { section->option.transparent_src=0; section->option.transparent_dst=1; } else if(!strcasecmp(arg, ""both"")) { section->option.transparent_src=1; section->option.transparent_dst=1; } else return ""Selected transparent proxy mode is not available""; return NULL; case CMD_INITIALIZE: if(section->option.transparent_dst) ++endpoints; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = none|source|destination|both transparent proxy mode"", ""transparent""); break; } #endif switch(cmd) { case CMD_SET_DEFAULTS: section->option.request_cert=0; break; case CMD_SET_COPY: section->option.request_cert=new_service_options.option.request_cert; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""verify"")) break; { char *tmp_str; int tmp_int=(int)strtol(arg, &tmp_str, 10); if(tmp_str==arg || *tmp_str || tmp_int<0 || tmp_int>4) return ""Bad verify level""; section->option.request_cert=1; section->option.require_cert=(tmp_int>=2); section->option.verify_chain=(tmp_int>=1 && tmp_int<=3); section->option.verify_peer=(tmp_int>=3); } return NULL; case CMD_INITIALIZE: if((section->option.verify_chain || section->option.verify_peer) && !section->ca_file && !section->ca_dir) return ""Either \""CAfile\"" or \""CApath\"" has to be configured""; break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, ""%-22s = none"", ""verify""); break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = level of peer certificate verification"", ""verify""); s_log(LOG_NOTICE, ""%25slevel 0 - request and ignore peer cert"", """"); s_log(LOG_NOTICE, ""%25slevel 1 - only validate peer cert if present"", """"); s_log(LOG_NOTICE, ""%25slevel 2 - always require a valid peer cert"", """"); s_log(LOG_NOTICE, ""%25slevel 3 - verify peer with locally installed cert"", """"); s_log(LOG_NOTICE, ""%25slevel 4 - ignore CA chain and only verify peer cert"", """"); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.verify_chain=0; break; case CMD_SET_COPY: section->option.verify_chain=new_service_options.option.verify_chain; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""verifyChain"")) break; if(!strcasecmp(arg, ""yes"")) { section->option.request_cert=1; section->option.require_cert=1; section->option.verify_chain=1; } else if(!strcasecmp(arg, ""no"")) { section->option.verify_chain=0; } else { return ""The argument needs to be either 'yes' or 'no'""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no verify certificate chain"", ""verifyChain""); break; } switch(cmd) { case CMD_SET_DEFAULTS: section->option.verify_peer=0; break; case CMD_SET_COPY: section->option.verify_peer=new_service_options.option.verify_peer; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, ""verifyPeer"")) break; if(!strcasecmp(arg, ""yes"")) { section->option.request_cert=1; section->option.require_cert=1; section->option.verify_peer=1; } else if(!strcasecmp(arg, ""no"")) { section->option.verify_peer=0; } else { return ""The argument needs to be either 'yes' or 'no'""; } return NULL; case CMD_INITIALIZE: break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, ""%-22s = yes|no verify peer certificate"", ""verifyPeer""); break; } switch(cmd) { case CMD_SET_DEFAULTS: break; case CMD_SET_COPY: break; case CMD_FREE: str_free(section->chain); if(section->session) SSL_SESSION_free(section->session); if(section->ctx) SSL_CTX_free(section->ctx); str_free(section->servname); if(section==&service_options) memset(section, 0, sizeof(SERVICE_OPTIONS)); else str_free(section); break; case CMD_SET_VALUE: return option_not_found; case CMD_INITIALIZE: if(section!=&new_service_options) { if(endpoints!=2) return ""Each service must define two endpoints""; } else { if(section->option.accept) return ""'accept' option is only allowed in a [section]""; if(endpoints!=1) return ""Inetd mode must define one endpoint""; } #ifdef SSL_OP_NO_TICKET if(OpenSSL_version_num()<0x10101000L && !section->option.client && !section->option.connect_before_ssl) section->ssl_options_set|=SSL_OP_NO_TICKET; #endif if(context_init(section)) return ""Failed to initialize TLS context""; break; case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: break; } return NULL; }",visit repo url,src/options.c,https://github.com/mtrojnar/stunnel,268293229437487,1 4331,NVD-CWE-noinfo,"void CL_Init( void ) { Com_Printf( ""----- Client Initialization -----\n"" ); Con_Init(); if(!com_fullyInitialized) { CL_ClearState(); clc.state = CA_DISCONNECTED; cl_oldGameSet = qfalse; } cls.realtime = 0; CL_InitInput(); cl_noprint = Cvar_Get( ""cl_noprint"", ""0"", 0 ); #ifdef UPDATE_SERVER_NAME cl_motd = Cvar_Get( ""cl_motd"", ""1"", 0 ); #endif cl_timeout = Cvar_Get( ""cl_timeout"", ""200"", 0 ); cl_timeNudge = Cvar_Get( ""cl_timeNudge"", ""0"", CVAR_TEMP ); cl_shownet = Cvar_Get( ""cl_shownet"", ""0"", CVAR_TEMP ); cl_showSend = Cvar_Get( ""cl_showSend"", ""0"", CVAR_TEMP ); cl_showTimeDelta = Cvar_Get( ""cl_showTimeDelta"", ""0"", CVAR_TEMP ); cl_freezeDemo = Cvar_Get( ""cl_freezeDemo"", ""0"", CVAR_TEMP ); rcon_client_password = Cvar_Get( ""rconPassword"", """", CVAR_TEMP ); cl_activeAction = Cvar_Get( ""activeAction"", """", CVAR_TEMP ); cl_timedemo = Cvar_Get( ""timedemo"", ""0"", 0 ); cl_timedemoLog = Cvar_Get (""cl_timedemoLog"", """", CVAR_ARCHIVE); cl_autoRecordDemo = Cvar_Get (""cl_autoRecordDemo"", ""0"", CVAR_ARCHIVE); cl_aviFrameRate = Cvar_Get (""cl_aviFrameRate"", ""25"", CVAR_ARCHIVE); cl_aviMotionJpeg = Cvar_Get (""cl_aviMotionJpeg"", ""1"", CVAR_ARCHIVE); cl_avidemo = Cvar_Get( ""cl_avidemo"", ""0"", 0 ); cl_forceavidemo = Cvar_Get( ""cl_forceavidemo"", ""0"", 0 ); rconAddress = Cvar_Get( ""rconAddress"", """", 0 ); cl_yawspeed = Cvar_Get( ""cl_yawspeed"", ""140"", CVAR_ARCHIVE ); cl_pitchspeed = Cvar_Get( ""cl_pitchspeed"", ""140"", CVAR_ARCHIVE ); cl_anglespeedkey = Cvar_Get( ""cl_anglespeedkey"", ""1.5"", 0 ); cl_maxpackets = Cvar_Get( ""cl_maxpackets"", ""38"", CVAR_ARCHIVE ); cl_packetdup = Cvar_Get( ""cl_packetdup"", ""1"", CVAR_ARCHIVE ); cl_run = Cvar_Get( ""cl_run"", ""1"", CVAR_ARCHIVE ); cl_sensitivity = Cvar_Get( ""sensitivity"", ""5"", CVAR_ARCHIVE ); cl_mouseAccel = Cvar_Get( ""cl_mouseAccel"", ""0"", CVAR_ARCHIVE ); cl_freelook = Cvar_Get( ""cl_freelook"", ""1"", CVAR_ARCHIVE ); cl_mouseAccelStyle = Cvar_Get( ""cl_mouseAccelStyle"", ""0"", CVAR_ARCHIVE ); cl_mouseAccelOffset = Cvar_Get( ""cl_mouseAccelOffset"", ""5"", CVAR_ARCHIVE ); Cvar_CheckRange(cl_mouseAccelOffset, 0.001f, 50000.0f, qfalse); cl_showMouseRate = Cvar_Get( ""cl_showmouserate"", ""0"", 0 ); cl_allowDownload = Cvar_Get( ""cl_allowDownload"", ""0"", CVAR_ARCHIVE ); #ifdef USE_CURL_DLOPEN cl_cURLLib = Cvar_Get(""cl_cURLLib"", DEFAULT_CURL_LIB, CVAR_ARCHIVE); #endif Cvar_Get( ""cg_autoswitch"", ""2"", CVAR_ARCHIVE ); Cvar_Get( ""cg_wolfparticles"", ""1"", CVAR_ARCHIVE ); cl_conXOffset = Cvar_Get( ""cl_conXOffset"", ""0"", 0 ); cl_inGameVideo = Cvar_Get( ""r_inGameVideo"", ""1"", CVAR_ARCHIVE ); cl_serverStatusResendTime = Cvar_Get( ""cl_serverStatusResendTime"", ""750"", 0 ); cl_recoilPitch = Cvar_Get( ""cg_recoilPitch"", ""0"", CVAR_ROM ); m_pitch = Cvar_Get( ""m_pitch"", ""0.022"", CVAR_ARCHIVE ); m_yaw = Cvar_Get( ""m_yaw"", ""0.022"", CVAR_ARCHIVE ); m_forward = Cvar_Get( ""m_forward"", ""0.25"", CVAR_ARCHIVE ); m_side = Cvar_Get( ""m_side"", ""0.25"", CVAR_ARCHIVE ); m_filter = Cvar_Get( ""m_filter"", ""0"", CVAR_ARCHIVE ); j_pitch = Cvar_Get (""j_pitch"", ""0.022"", CVAR_ARCHIVE); j_yaw = Cvar_Get (""j_yaw"", ""-0.022"", CVAR_ARCHIVE); j_forward = Cvar_Get (""j_forward"", ""-0.25"", CVAR_ARCHIVE); j_side = Cvar_Get (""j_side"", ""0.25"", CVAR_ARCHIVE); j_up = Cvar_Get (""j_up"", ""0"", CVAR_ARCHIVE); j_pitch_axis = Cvar_Get (""j_pitch_axis"", ""3"", CVAR_ARCHIVE); j_yaw_axis = Cvar_Get (""j_yaw_axis"", ""2"", CVAR_ARCHIVE); j_forward_axis = Cvar_Get (""j_forward_axis"", ""1"", CVAR_ARCHIVE); j_side_axis = Cvar_Get (""j_side_axis"", ""0"", CVAR_ARCHIVE); j_up_axis = Cvar_Get (""j_up_axis"", ""4"", CVAR_ARCHIVE); Cvar_CheckRange(j_pitch_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_yaw_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_forward_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_side_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_up_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); cl_motdString = Cvar_Get( ""cl_motdString"", """", CVAR_ROM ); Cvar_Get( ""cl_maxPing"", ""800"", CVAR_ARCHIVE ); cl_lanForcePackets = Cvar_Get (""cl_lanForcePackets"", ""1"", CVAR_ARCHIVE); cl_guidServerUniq = Cvar_Get (""cl_guidServerUniq"", ""1"", CVAR_ARCHIVE); cl_consoleKeys = Cvar_Get( ""cl_consoleKeys"", ""~ ` 0x7e 0x60"", CVAR_ARCHIVE); Cvar_Get( ""name"", ""WolfPlayer"", CVAR_USERINFO | CVAR_ARCHIVE ); cl_rate = Cvar_Get( ""rate"", ""25000"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""snaps"", ""20"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""model"", ""bj2"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""head"", ""default"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""color"", ""4"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""handicap"", ""100"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""sex"", ""male"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""cl_anonymous"", ""0"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""password"", """", CVAR_USERINFO ); Cvar_Get( ""cg_predictItems"", ""1"", CVAR_USERINFO | CVAR_ARCHIVE ); #ifdef USE_MUMBLE cl_useMumble = Cvar_Get (""cl_useMumble"", ""0"", CVAR_ARCHIVE | CVAR_LATCH); cl_mumbleScale = Cvar_Get (""cl_mumbleScale"", ""0.0254"", CVAR_ARCHIVE); #endif #ifdef USE_VOIP cl_voipSend = Cvar_Get (""cl_voipSend"", ""0"", 0); cl_voipSendTarget = Cvar_Get (""cl_voipSendTarget"", ""spatial"", 0); cl_voipGainDuringCapture = Cvar_Get (""cl_voipGainDuringCapture"", ""0.2"", CVAR_ARCHIVE); cl_voipCaptureMult = Cvar_Get (""cl_voipCaptureMult"", ""2.0"", CVAR_ARCHIVE); cl_voipUseVAD = Cvar_Get (""cl_voipUseVAD"", ""0"", CVAR_ARCHIVE); cl_voipVADThreshold = Cvar_Get (""cl_voipVADThreshold"", ""0.25"", CVAR_ARCHIVE); cl_voipShowMeter = Cvar_Get (""cl_voipShowMeter"", ""1"", CVAR_ARCHIVE); cl_voip = Cvar_Get (""cl_voip"", ""1"", CVAR_ARCHIVE); Cvar_CheckRange( cl_voip, 0, 1, qtrue ); cl_voipProtocol = Cvar_Get (""cl_voipProtocol"", cl_voip->integer ? ""opus"" : """", CVAR_USERINFO | CVAR_ROM); #endif Cvar_Get( ""cg_autoactivate"", ""1"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""cg_emptyswitch"", ""0"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""cg_viewsize"", ""100"", CVAR_ARCHIVE ); Cvar_Get (""cg_stereoSeparation"", ""0"", CVAR_ROM); cl_missionStats = Cvar_Get( ""g_missionStats"", ""0"", CVAR_ROM ); cl_waitForFire = Cvar_Get( ""cl_waitForFire"", ""0"", CVAR_ROM ); cl_language = Cvar_Get( ""cl_language"", ""0"", CVAR_ARCHIVE ); cl_debugTranslation = Cvar_Get( ""cl_debugTranslation"", ""0"", 0 ); Cmd_AddCommand( ""cmd"", CL_ForwardToServer_f ); Cmd_AddCommand( ""configstrings"", CL_Configstrings_f ); Cmd_AddCommand( ""clientinfo"", CL_Clientinfo_f ); Cmd_AddCommand( ""snd_restart"", CL_Snd_Restart_f ); Cmd_AddCommand( ""vid_restart"", CL_Vid_Restart_f ); Cmd_AddCommand( ""disconnect"", CL_Disconnect_f ); Cmd_AddCommand( ""record"", CL_Record_f ); Cmd_AddCommand( ""demo"", CL_PlayDemo_f ); Cmd_SetCommandCompletionFunc( ""demo"", CL_CompleteDemoName ); Cmd_AddCommand( ""cinematic"", CL_PlayCinematic_f ); Cmd_AddCommand( ""stoprecord"", CL_StopRecord_f ); Cmd_AddCommand( ""connect"", CL_Connect_f ); Cmd_AddCommand( ""reconnect"", CL_Reconnect_f ); Cmd_AddCommand( ""localservers"", CL_LocalServers_f ); Cmd_AddCommand( ""globalservers"", CL_GlobalServers_f ); Cmd_AddCommand( ""rcon"", CL_Rcon_f ); Cmd_SetCommandCompletionFunc( ""rcon"", CL_CompleteRcon ); Cmd_AddCommand( ""ping"", CL_Ping_f ); Cmd_AddCommand( ""serverstatus"", CL_ServerStatus_f ); Cmd_AddCommand( ""showip"", CL_ShowIP_f ); Cmd_AddCommand( ""fs_openedList"", CL_OpenedPK3List_f ); Cmd_AddCommand( ""fs_referencedList"", CL_ReferencedPK3List_f ); Cmd_AddCommand (""video"", CL_Video_f ); Cmd_AddCommand (""stopvideo"", CL_StopVideo_f ); Cmd_AddCommand( ""cache_startgather"", CL_Cache_StartGather_f ); Cmd_AddCommand( ""cache_usedfile"", CL_Cache_UsedFile_f ); Cmd_AddCommand( ""cache_setindex"", CL_Cache_SetIndex_f ); Cmd_AddCommand( ""cache_mapchange"", CL_Cache_MapChange_f ); Cmd_AddCommand( ""cache_endgather"", CL_Cache_EndGather_f ); Cmd_AddCommand( ""updatehunkusage"", CL_UpdateLevelHunkUsage ); Cmd_AddCommand( ""updatescreen"", SCR_UpdateScreen ); Cmd_AddCommand( ""cld"", CL_ClientDamageCommand ); Cmd_AddCommand( ""startMultiplayer"", CL_startMultiplayer_f ); Cmd_AddCommand( ""shellExecute"", CL_ShellExecute_URL_f ); Cmd_AddCommand( ""map_restart"", CL_MapRestart_f ); Cmd_AddCommand( ""setRecommended"", CL_SetRecommended_f ); CL_InitRef(); SCR_Init(); Cvar_Set( ""cl_running"", ""1"" ); CL_GenerateQKey(); Cvar_Get( ""cl_guid"", """", CVAR_USERINFO | CVAR_ROM ); CL_UpdateGUID( NULL, 0 ); Com_Printf( ""----- Client Initialization Complete -----\n"" ); }",visit repo url,SP/code/client/cl_main.c,https://github.com/iortcw/iortcw,195991306661991,1 6684,CWE-1284,"void usage(const char *progname) { const char* progname_real; progname_real = strrchr(progname, '/'); if (progname_real == NULL) { progname_real = progname; } else { progname_real++; } fprintf(stderr, ""\nusage: %s {-e|-d} [ { -p | -k } ] { [-o ] | [ ...] }\n\n"", progname_real); }",visit repo url,Linux/src/aescrypt.c,https://github.com/paulej/AESCrypt,5704938321937,1 3169,['CWE-189'],"static jas_iccattrvalinfo_t *jas_iccattrvalinfo_lookup(jas_iccsig_t type) { jas_iccattrvalinfo_t *info; info = jas_iccattrvalinfos; for (info = jas_iccattrvalinfos; info->type; ++info) { if (info->type == type) { return info; } } return 0; }",jasper,,,213838882052653802342056803131370354026,0 4999,CWE-190,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 4606,['CWE-399'],"int ext4_mark_inode_dirty(handle_t *handle, struct inode *inode) { struct ext4_iloc iloc; struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); static unsigned int mnt_count; int err, ret; might_sleep(); err = ext4_reserve_inode_write(handle, inode, &iloc); if (ext4_handle_valid(handle) && EXT4_I(inode)->i_extra_isize < sbi->s_want_extra_isize && !(EXT4_I(inode)->i_state & EXT4_STATE_NO_EXPAND)) { if ((jbd2_journal_extend(handle, EXT4_DATA_TRANS_BLOCKS(inode->i_sb))) == 0) { ret = ext4_expand_extra_isize(inode, sbi->s_want_extra_isize, iloc, handle); if (ret) { EXT4_I(inode)->i_state |= EXT4_STATE_NO_EXPAND; if (mnt_count != le16_to_cpu(sbi->s_es->s_mnt_count)) { ext4_warning(inode->i_sb, __func__, ""Unable to expand inode %lu. Delete"" "" some EAs or run e2fsck."", inode->i_ino); mnt_count = le16_to_cpu(sbi->s_es->s_mnt_count); } } } } if (!err) err = ext4_mark_iloc_dirty(handle, inode, &iloc); return err; }",linux-2.6,,,299738824922829005443142652763902442690,0 1117,['CWE-399'],"sys_sigaction(int sig, const struct old_sigaction __user *act, struct old_sigaction __user *oact) { struct k_sigaction new_ka, old_ka; int ret; if (act) { old_sigset_t mask; if (!access_ok(VERIFY_READ, act, sizeof(*act)) || __get_user(new_ka.sa.sa_handler, &act->sa_handler) || __get_user(new_ka.sa.sa_restorer, &act->sa_restorer)) return -EFAULT; __get_user(new_ka.sa.sa_flags, &act->sa_flags); __get_user(mask, &act->sa_mask); siginitset(&new_ka.sa.sa_mask, mask); } ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL); if (!ret && oact) { if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer)) return -EFAULT; __put_user(old_ka.sa.sa_flags, &oact->sa_flags); __put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask); } return ret; }",linux-2.6,,,245070866725373105126362118765661372744,0 681,CWE-20,"static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t total_len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int error = 0; if (sk->sk_state & PPPOX_BOUND) { error = -EIO; goto end; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &error); if (error < 0) goto end; m->msg_namelen = 0; if (skb) { total_len = min_t(size_t, total_len, skb->len); error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len); if (error == 0) { consume_skb(skb); return total_len; } } kfree_skb(skb); end: return error; }",visit repo url,drivers/net/ppp/pppoe.c,https://github.com/torvalds/linux,210801352169286,1 4457,['CWE-264'],"int sock_no_mmap(struct file *file, struct socket *sock, struct vm_area_struct *vma) { return -ENODEV; }",linux-2.6,,,155241444735315339264904664416208650733,0 4544,['CWE-20'],"static inline void dx_set_count(struct dx_entry *entries, unsigned value) { ((struct dx_countlimit *) entries)->count = cpu_to_le16(value); }",linux-2.6,,,77112287059583424414090904241061682686,0 5766,CWE-190,"static char *mongo_data_append( char *start , const void *data , int len ) { memcpy( start , data , len ); return start + len; }",visit repo url,src/mongo.c,https://github.com/10gen-archive/mongo-c-driver-legacy,22472560358609,1 4666,CWE-476,"GF_Err mpgviddmx_process(GF_Filter *filter) { GF_MPGVidDmxCtx *ctx = gf_filter_get_udta(filter); GF_FilterPacket *pck, *dst_pck; u64 byte_offset; s64 vosh_start = -1; s64 vosh_end = -1; GF_Err e; char *data; u8 *start; u32 pck_size; s32 remain; if (!ctx->duration.num) mpgviddmx_check_dur(filter, ctx); pck = gf_filter_pid_get_packet(ctx->ipid); if (!pck) { if (gf_filter_pid_is_eos(ctx->ipid)) { mpgviddmx_enqueue_or_dispatch(ctx, NULL, GF_TRUE, GF_TRUE); if (ctx->opid) gf_filter_pid_set_eos(ctx->opid); if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = NULL; return GF_EOS; } return GF_OK; } data = (char *) gf_filter_pck_get_data(pck, &pck_size); byte_offset = gf_filter_pck_get_byte_offset(pck); start = data; remain = pck_size; if (!ctx->resume_from && ctx->timescale) { u64 ts = gf_filter_pck_get_cts(pck); if (ts != GF_FILTER_NO_TS) { if (!ctx->cts || !ctx->recompute_cts) ctx->cts = ts; } ts = gf_filter_pck_get_dts(pck); if (ts != GF_FILTER_NO_TS) { if (!ctx->dts || !ctx->recompute_cts) ctx->dts = ts; if (!ctx->prev_dts) ctx->prev_dts = ts; else if (ctx->prev_dts != ts) { u64 diff = ts; diff -= ctx->prev_dts; if (!ctx->cur_fps.den) ctx->cur_fps.den = (u32) diff; else if (ctx->cur_fps.den > diff) ctx->cur_fps.den = (u32) diff; } } gf_filter_pck_get_framing(pck, &ctx->input_is_au_start, &ctx->input_is_au_end); if (ctx->recompute_cts) ctx->input_is_au_start = GF_FALSE; if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = pck; gf_filter_pck_ref_props(&ctx->src_pck); } if (!ctx->resume_from && ctx->hdr_store_size) { if (ctx->hdr_store_alloc < ctx->hdr_store_size + pck_size) { ctx->hdr_store_alloc = ctx->hdr_store_size + pck_size; ctx->hdr_store = gf_realloc(ctx->hdr_store, sizeof(char)*ctx->hdr_store_alloc); } memcpy(ctx->hdr_store + ctx->hdr_store_size, data, sizeof(char)*pck_size); if (byte_offset != GF_FILTER_NO_BO) { if (byte_offset >= ctx->hdr_store_size) byte_offset -= ctx->hdr_store_size; else byte_offset = GF_FILTER_NO_BO; } ctx->hdr_store_size += pck_size; start = data = ctx->hdr_store; remain = pck_size = ctx->hdr_store_size; } if (ctx->resume_from) { if (gf_filter_pid_would_block(ctx->opid)) return GF_OK; if (ctx->hdr_store_size) { assert(ctx->resume_from <= ctx->hdr_store_size); start = data = ctx->hdr_store + ctx->resume_from; remain = pck_size = ctx->hdr_store_size - ctx->resume_from; } else { assert(remain >= (s32) ctx->resume_from); start += ctx->resume_from; remain -= ctx->resume_from; } ctx->resume_from = 0; } if (!ctx->bs) { ctx->bs = gf_bs_new(start, remain, GF_BITSTREAM_READ); } else { gf_bs_reassign_buffer(ctx->bs, start, remain); } if (!ctx->vparser) { ctx->vparser = gf_m4v_parser_bs_new(ctx->bs, ctx->is_mpg12); } while (remain) { Bool full_frame; u8 *pck_data; s32 current; u8 sc_type, forced_sc_type=0; Bool sc_type_forced = GF_FALSE; Bool skip_pck = GF_FALSE; u8 ftype; u32 tinc; u64 size=0; u64 fstart; Bool is_coded; u32 bytes_from_store = 0; u32 hdr_offset = 0; Bool copy_last_bytes = GF_FALSE; if (remain<5) { memcpy(ctx->hdr_store, start, remain); ctx->bytes_in_header = remain; break; } current = -1; if (ctx->bytes_in_header) { memcpy(ctx->hdr_store + ctx->bytes_in_header, start, 8 - ctx->bytes_in_header); current = mpgviddmx_next_start_code(ctx->hdr_store, 8); if ((current<0) || (current >= (s32) ctx->bytes_in_header) ) { if (ctx->opid) { dst_pck = gf_filter_pck_new_alloc(ctx->opid, ctx->bytes_in_header, &pck_data); if (!dst_pck) return GF_OUT_OF_MEM; if (ctx->src_pck) gf_filter_pck_merge_properties(ctx->src_pck, dst_pck); gf_filter_pck_set_cts(dst_pck, GF_FILTER_NO_TS); gf_filter_pck_set_dts(dst_pck, GF_FILTER_NO_TS); memcpy(pck_data, ctx->hdr_store, ctx->bytes_in_header); gf_filter_pck_set_framing(dst_pck, GF_FALSE, GF_FALSE); if (byte_offset != GF_FILTER_NO_BO) { gf_filter_pck_set_byte_offset(dst_pck, byte_offset - ctx->bytes_in_header); } mpgviddmx_enqueue_or_dispatch(ctx, dst_pck, GF_FALSE, GF_FALSE); } if (current<0) current = -1; else current -= ctx->bytes_in_header; ctx->bytes_in_header = 0; } else { hdr_offset = 4 - ctx->bytes_in_header + current; bytes_from_store = ctx->bytes_in_header; ctx->bytes_in_header = 0; if (!hdr_offset) { forced_sc_type = ctx->hdr_store[current+3]; } else { forced_sc_type = start[hdr_offset-1]; } sc_type_forced = GF_TRUE; } } if (current == -1) { current = mpgviddmx_next_start_code(start, remain); if (current<0) { u8 b3, b2, b1; if (! ctx->frame_started) { GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MPGVid] no start code in block and no frame started, discarding data\n"" )); break; } size = remain; b3 = start[remain-3]; b2 = start[remain-2]; b1 = start[remain-1]; if (!b1 || !b2 || !b3) { copy_last_bytes = GF_TRUE; assert(size >= 3); size -= 3; ctx->bytes_in_header = 3; } dst_pck = gf_filter_pck_new_alloc(ctx->opid, (u32) size, &pck_data); if (!dst_pck) return GF_OUT_OF_MEM; if (ctx->src_pck) gf_filter_pck_merge_properties(ctx->src_pck, dst_pck); memcpy(pck_data, start, (size_t) size); gf_filter_pck_set_framing(dst_pck, GF_FALSE, GF_FALSE); gf_filter_pck_set_cts(dst_pck, GF_FILTER_NO_TS); gf_filter_pck_set_dts(dst_pck, GF_FILTER_NO_TS); if (byte_offset != GF_FILTER_NO_BO) { gf_filter_pck_set_byte_offset(dst_pck, byte_offset); } mpgviddmx_enqueue_or_dispatch(ctx, dst_pck, GF_FALSE, GF_FALSE); if (copy_last_bytes) { memcpy(ctx->hdr_store, start+remain-3, 3); } break; } } assert(current>=0); if ((vosh_start>=0) && current) { assert(remain>=current); start += current; remain -= current; current = 0; } if (!ctx->opid && current) { assert(remain>=current); start += current; remain -= current; current = 0; } if (current>0) { dst_pck = gf_filter_pck_new_alloc(ctx->opid, current, &pck_data); if (!dst_pck) return GF_OUT_OF_MEM; if (ctx->src_pck) gf_filter_pck_merge_properties(ctx->src_pck, dst_pck); gf_filter_pck_set_cts(dst_pck, GF_FILTER_NO_TS); gf_filter_pck_set_dts(dst_pck, GF_FILTER_NO_TS); gf_filter_pck_set_framing(dst_pck, GF_FALSE, GF_TRUE); if (bytes_from_store) { if (byte_offset != GF_FILTER_NO_BO) { gf_filter_pck_set_byte_offset(dst_pck, byte_offset - bytes_from_store); } assert(bytes_from_store>=(u32) current); bytes_from_store -= current; memcpy(pck_data, ctx->hdr_store, current); } else { if (byte_offset != GF_FILTER_NO_BO) { gf_filter_pck_set_byte_offset(dst_pck, byte_offset); } memcpy(pck_data, start, current); assert(remain>=current); start += current; remain -= current; current = 0; } gf_filter_pck_set_carousel_version(dst_pck, 1); mpgviddmx_enqueue_or_dispatch(ctx, dst_pck, GF_FALSE, GF_FALSE); } if (sc_type_forced) { gf_bs_reassign_buffer(ctx->bs, start + hdr_offset, remain - hdr_offset); sc_type = forced_sc_type; } else { gf_bs_reassign_buffer(ctx->bs, start, remain); gf_bs_read_int(ctx->bs, 24); sc_type = gf_bs_read_int(ctx->bs, 8); } if (ctx->is_mpg12) { switch (sc_type) { case M2V_SEQ_START_CODE: case M2V_EXT_START_CODE: gf_bs_reassign_buffer(ctx->bs, start, remain); e = gf_m4v_parse_config(ctx->vparser, &ctx->dsi); if (e==GF_EOS) { if (vosh_start<0) vosh_start = 0; if (data == ctx->hdr_store) { memmove(ctx->hdr_store, start, remain); ctx->hdr_store_size = remain; } else { if (ctx->hdr_store_alloc < ctx->hdr_store_size + pck_size - vosh_start) { ctx->hdr_store_alloc = (u32) (ctx->hdr_store_size + pck_size - vosh_start); ctx->hdr_store = gf_realloc(ctx->hdr_store, sizeof(char)*ctx->hdr_store_alloc); } memcpy(ctx->hdr_store + ctx->hdr_store_size, data + vosh_start, (size_t) (pck_size - vosh_start) ); ctx->hdr_store_size += pck_size - (u32) vosh_start; } gf_filter_pid_drop_packet(ctx->ipid); return GF_OK; } else if (e != GF_OK) { GF_LOG(GF_LOG_ERROR, GF_LOG_MEDIA, (""[MPGVid] Failed to parse VOS header: %s\n"", gf_error_to_string(e) )); } else { mpgviddmx_check_pid(filter, ctx, 0, NULL); } break; case M2V_PIC_START_CODE: break; default: break; } } else { u8 PL; switch (sc_type) { case M4V_VOS_START_CODE: ctx->dsi.VideoPL = (u8) gf_bs_read_u8(ctx->bs); vosh_start = start - (u8 *)data; skip_pck = GF_TRUE; assert(remain>=5); start += 5; remain -= 5; break; case M4V_VOL_START_CODE: gf_bs_reassign_buffer(ctx->bs, start, remain); PL = ctx->dsi.VideoPL; e = gf_m4v_parse_config(ctx->vparser, &ctx->dsi); ctx->dsi.VideoPL = PL; if (e==GF_EOS) { if (vosh_start<0) vosh_start = 0; if (data == ctx->hdr_store) { memmove(ctx->hdr_store, start, remain); ctx->hdr_store_size = remain; } else { if (ctx->hdr_store_alloc < ctx->hdr_store_size + pck_size - vosh_start) { ctx->hdr_store_alloc = (u32) (ctx->hdr_store_size + pck_size - (u32) vosh_start); ctx->hdr_store = gf_realloc(ctx->hdr_store, sizeof(char)*ctx->hdr_store_alloc); } memcpy(ctx->hdr_store + ctx->hdr_store_size, data + vosh_start, (size_t) (pck_size - vosh_start) ); ctx->hdr_store_size += pck_size - (u32) vosh_start; } gf_filter_pid_drop_packet(ctx->ipid); return GF_OK; } else if (e != GF_OK) { GF_LOG(GF_LOG_ERROR, GF_LOG_MEDIA, (""[MPGVid] Failed to parse VOS header: %s\n"", gf_error_to_string(e) )); } else { u32 obj_size = (u32) gf_m4v_get_object_start(ctx->vparser); if (vosh_start<0) vosh_start = 0; vosh_end = start - (u8 *)data + obj_size; vosh_end -= vosh_start; mpgviddmx_check_pid(filter, ctx,(u32) vosh_end, data+vosh_start); skip_pck = GF_TRUE; assert(remain>=(s32) obj_size); start += obj_size; remain -= obj_size; } break; case M4V_VOP_START_CODE: case M4V_GOV_START_CODE: break; case M4V_VO_START_CODE: case M4V_VISOBJ_START_CODE: default: if (vosh_start>=0) { skip_pck = GF_TRUE; assert(remain>=4); start += 4; remain -= 4; } break; } } if (skip_pck) { continue; } if (!ctx->opid) { assert(remain>=4); start += 4; remain -= 4; continue; } if (!ctx->is_playing) { ctx->resume_from = (u32) ((char *)start - (char *)data); return GF_OK; } ctx->hdr_store_size = 0; if (ctx->in_seek) { u64 nb_frames_at_seek = (u64) (ctx->start_range * ctx->cur_fps.num); if (ctx->cts + ctx->cur_fps.den >= nb_frames_at_seek) { ctx->in_seek = GF_FALSE; } } if (remain<5) continue; gf_m4v_parser_reset(ctx->vparser, sc_type_forced ? forced_sc_type + 1 : 0); size = 0; e = gf_m4v_parse_frame(ctx->vparser, &ctx->dsi, &ftype, &tinc, &size, &fstart, &is_coded); if (bytes_from_store) { size += bytes_from_store + hdr_offset; } if ((e == GF_EOS) && !ctx->input_is_au_end) { u8 b3 = start[remain-3]; u8 b2 = start[remain-2]; u8 b1 = start[remain-1]; if (!b1 || !b2 || !b3) { copy_last_bytes = GF_TRUE; assert(size >= 3); size -= 3; ctx->bytes_in_header = 3; } full_frame = GF_FALSE; } else { full_frame = GF_TRUE; } if (!is_coded) { if (ctx->forced_packed && ctx->b_frames) { ctx->is_packed = GF_TRUE; assert(remain>=size); start += size; remain -= (s32) size; continue; } if (ctx->vfr) { ctx->is_vfr = GF_TRUE; mpgviddmx_update_time(ctx); assert(remain>=size); start += size; remain -= (s32) size; continue; } } if (ftype==2) { ctx->b_frames++; ctx->nb_b++; } else { mpgviddmx_enqueue_or_dispatch(ctx, NULL, GF_TRUE, GF_FALSE); ctx->last_ref_cts = ctx->cts; if (ctx->max_b < ctx->b_frames) ctx->max_b = ctx->b_frames; ctx->b_frames = 0; if (ftype) ctx->nb_p++; else ctx->nb_i++; } ctx->nb_frames++; dst_pck = gf_filter_pck_new_alloc(ctx->opid, (u32) size, &pck_data); if (!dst_pck) return GF_OUT_OF_MEM; if (ctx->src_pck) gf_filter_pck_merge_properties(ctx->src_pck, dst_pck); if (bytes_from_store) { memcpy(pck_data, ctx->hdr_store+current, bytes_from_store); assert(size >= bytes_from_store); size -= bytes_from_store; if (byte_offset != GF_FILTER_NO_BO) { gf_filter_pck_set_byte_offset(dst_pck, byte_offset - bytes_from_store); } memcpy(pck_data + bytes_from_store, start, (size_t) size); } else { memcpy(pck_data, start, (size_t) size); if (byte_offset != GF_FILTER_NO_BO) { gf_filter_pck_set_byte_offset(dst_pck, byte_offset + start - (u8 *) data); } } assert(pck_data[0] == 0); assert(pck_data[1] == 0); assert(pck_data[2] == 0x01); gf_filter_pck_set_framing(dst_pck, GF_TRUE, (full_frame || ctx->input_is_au_end) ? GF_TRUE : GF_FALSE); gf_filter_pck_set_cts(dst_pck, ctx->cts); gf_filter_pck_set_dts(dst_pck, ctx->dts); if (ctx->input_is_au_start) { ctx->input_is_au_start = GF_FALSE; } else { gf_filter_pck_set_carousel_version(dst_pck, 1); } gf_filter_pck_set_sap(dst_pck, ftype ? GF_FILTER_SAP_NONE : GF_FILTER_SAP_1); gf_filter_pck_set_duration(dst_pck, ctx->cur_fps.den); if (ctx->in_seek) gf_filter_pck_set_seek_flag(dst_pck, GF_TRUE); ctx->frame_started = GF_TRUE; mpgviddmx_enqueue_or_dispatch(ctx, dst_pck, GF_FALSE, GF_FALSE); mpgviddmx_update_time(ctx); if (!full_frame) { if (copy_last_bytes) { memcpy(ctx->hdr_store, start+remain-3, 3); } break; } assert(remain>=size); start += size; remain -= (s32) size; } gf_filter_pid_drop_packet(ctx->ipid); return GF_OK; }",visit repo url,src/filters/reframe_mpgvid.c,https://github.com/gpac/gpac,188556889162759,1 1133,NVD-CWE-noinfo,"static int ext4_split_unwritten_extents(handle_t *handle, struct inode *inode, struct ext4_map_blocks *map, struct ext4_ext_path *path, int flags) { struct ext4_extent *ex, newex, orig_ex; struct ext4_extent *ex1 = NULL; struct ext4_extent *ex2 = NULL; struct ext4_extent *ex3 = NULL; ext4_lblk_t ee_block, eof_block; unsigned int allocated, ee_len, depth; ext4_fsblk_t newblock; int err = 0; int may_zeroout; ext_debug(""ext4_split_unwritten_extents: inode %lu, logical"" ""block %llu, max_blocks %u\n"", inode->i_ino, (unsigned long long)map->m_lblk, map->m_len); eof_block = (inode->i_size + inode->i_sb->s_blocksize - 1) >> inode->i_sb->s_blocksize_bits; if (eof_block < map->m_lblk + map->m_len) eof_block = map->m_lblk + map->m_len; depth = ext_depth(inode); ex = path[depth].p_ext; ee_block = le32_to_cpu(ex->ee_block); ee_len = ext4_ext_get_actual_len(ex); allocated = ee_len - (map->m_lblk - ee_block); newblock = map->m_lblk - ee_block + ext4_ext_pblock(ex); ex2 = ex; orig_ex.ee_block = ex->ee_block; orig_ex.ee_len = cpu_to_le16(ee_len); ext4_ext_store_pblock(&orig_ex, ext4_ext_pblock(ex)); may_zeroout = ee_block + ee_len <= eof_block; if ((map->m_lblk == ee_block) && (allocated <= map->m_len)) return allocated; err = ext4_ext_get_access(handle, inode, path + depth); if (err) goto out; if (map->m_lblk > ee_block) { ex1 = ex; ex1->ee_len = cpu_to_le16(map->m_lblk - ee_block); ext4_ext_mark_uninitialized(ex1); ex2 = &newex; } if (!ex1 && allocated > map->m_len) ex2->ee_len = cpu_to_le16(map->m_len); if (allocated > map->m_len) { unsigned int newdepth; ex3 = &newex; ex3->ee_block = cpu_to_le32(map->m_lblk + map->m_len); ext4_ext_store_pblock(ex3, newblock + map->m_len); ex3->ee_len = cpu_to_le16(allocated - map->m_len); ext4_ext_mark_uninitialized(ex3); err = ext4_ext_insert_extent(handle, inode, path, ex3, flags); if (err == -ENOSPC && may_zeroout) { err = ext4_ext_zeroout(inode, &orig_ex); if (err) goto fix_extent_len; ex->ee_block = orig_ex.ee_block; ex->ee_len = orig_ex.ee_len; ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_dirty(handle, inode, path + depth); return allocated; } else if (err) goto fix_extent_len; newdepth = ext_depth(inode); ee_len -= ext4_ext_get_actual_len(ex3); orig_ex.ee_len = cpu_to_le16(ee_len); may_zeroout = ee_block + ee_len <= eof_block; depth = newdepth; ext4_ext_drop_refs(path); path = ext4_ext_find_extent(inode, map->m_lblk, path); if (IS_ERR(path)) { err = PTR_ERR(path); goto out; } ex = path[depth].p_ext; if (ex2 != &newex) ex2 = ex; err = ext4_ext_get_access(handle, inode, path + depth); if (err) goto out; allocated = map->m_len; } if (ex1 && ex1 != ex) { ex1 = ex; ex1->ee_len = cpu_to_le16(map->m_lblk - ee_block); ext4_ext_mark_uninitialized(ex1); ex2 = &newex; } ex2->ee_block = cpu_to_le32(map->m_lblk); ext4_ext_store_pblock(ex2, newblock); ex2->ee_len = cpu_to_le16(allocated); ext4_ext_mark_uninitialized(ex2); if (ex2 != ex) goto insert; err = ext4_ext_dirty(handle, inode, path + depth); ext_debug(""out here\n""); goto out; insert: err = ext4_ext_insert_extent(handle, inode, path, &newex, flags); if (err == -ENOSPC && may_zeroout) { err = ext4_ext_zeroout(inode, &orig_ex); if (err) goto fix_extent_len; ex->ee_block = orig_ex.ee_block; ex->ee_len = orig_ex.ee_len; ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_dirty(handle, inode, path + depth); return allocated; } else if (err) goto fix_extent_len; out: ext4_ext_show_leaf(inode, path); return err ? err : allocated; fix_extent_len: ex->ee_block = orig_ex.ee_block; ex->ee_len = orig_ex.ee_len; ext4_ext_store_pblock(ex, ext4_ext_pblock(&orig_ex)); ext4_ext_mark_uninitialized(ex); ext4_ext_dirty(handle, inode, path + depth); return err; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,126245480295208,1 463,[],"pfm_reserve_session(struct task_struct *task, int is_syswide, unsigned int cpu) { unsigned long flags; LOCK_PFS(flags); DPRINT((""in sys_sessions=%u task_sessions=%u dbregs=%u syswide=%d cpu=%u\n"", pfm_sessions.pfs_sys_sessions, pfm_sessions.pfs_task_sessions, pfm_sessions.pfs_sys_use_dbregs, is_syswide, cpu)); if (is_syswide) { if (pfm_sessions.pfs_task_sessions > 0UL) { DPRINT((""system wide not possible, %u conflicting task_sessions\n"", pfm_sessions.pfs_task_sessions)); goto abort; } if (pfm_sessions.pfs_sys_session[cpu]) goto error_conflict; DPRINT((""reserving system wide session on CPU%u currently on CPU%u\n"", cpu, smp_processor_id())); pfm_sessions.pfs_sys_session[cpu] = task; pfm_sessions.pfs_sys_sessions++ ; } else { if (pfm_sessions.pfs_sys_sessions) goto abort; pfm_sessions.pfs_task_sessions++; } DPRINT((""out sys_sessions=%u task_sessions=%u dbregs=%u syswide=%d cpu=%u\n"", pfm_sessions.pfs_sys_sessions, pfm_sessions.pfs_task_sessions, pfm_sessions.pfs_sys_use_dbregs, is_syswide, cpu)); update_pal_halt_status(0); UNLOCK_PFS(flags); return 0; error_conflict: DPRINT((""system wide not possible, conflicting session [%d] on CPU%d\n"", pfm_sessions.pfs_sys_session[cpu]->pid, cpu)); abort: UNLOCK_PFS(flags); return -EBUSY; }",linux-2.6,,,125842637300393551430872451378543228767,0 5702,['CWE-200'],"static inline __be16 llc_proto_type(u16 arphrd) { return arphrd == ARPHRD_IEEE802_TR ? htons(ETH_P_TR_802_2) : htons(ETH_P_802_2); }",linux-2.6,,,331333200128901073922304052826165567088,0 6267,CWE-327,"static int pad_basic(bn_t m, int *p_len, int m_len, int k_len, int operation) { uint8_t pad = 0; int result = RLC_OK; bn_t t; RLC_TRY { bn_null(t); bn_new(t); switch (operation) { case RSA_ENC: case RSA_SIG: case RSA_SIG_HASH: bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PAD); bn_lsh(m, m, m_len * 8); break; case RSA_DEC: case RSA_VER: case RSA_VER_HASH: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } *p_len = 1; do { (*p_len)++; m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad == 0 && m_len > 0); if (pad != RSA_PAD) { result = RLC_ERR; } bn_mod_2b(m, m, (k_len - *p_len) * 8); break; } } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(t); } return result; }",visit repo url,src/cp/relic_cp_rsa.c,https://github.com/relic-toolkit/relic,208318150834259,1 1830,['CWE-189'],"_gnutls_copy_ciphersuites (gnutls_session_t session, opaque * ret_data, size_t ret_data_size) { int ret, i; cipher_suite_st *cipher_suites; uint16_t cipher_num; int datalen, pos; ret = _gnutls_supported_ciphersuites_sorted (session, &cipher_suites); if (ret < 0) { gnutls_assert (); return ret; } ret = _gnutls_remove_unwanted_ciphersuites (session, &cipher_suites, ret, -1); if (ret < 0) { gnutls_assert (); gnutls_free (cipher_suites); return ret; } if (ret == 0) { gnutls_assert (); gnutls_free (cipher_suites); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } cipher_num = ret; cipher_num *= sizeof (uint16_t); datalen = pos = 0; datalen += sizeof (uint16_t) + cipher_num; if ((size_t) datalen > ret_data_size) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } _gnutls_write_uint16 (cipher_num, ret_data); pos += 2; for (i = 0; i < (cipher_num / 2); i++) { memcpy (&ret_data[pos], cipher_suites[i].suite, 2); pos += 2; } gnutls_free (cipher_suites); return datalen; }",gnutls,,,99433354762085979357979366516378790032,0 4754,CWE-119,"static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* serial) { cac_private_data_t * priv = CAC_DATA(card); SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->serialnr.len) { *serial = card->serialnr; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } if (priv->cac_id_len) { serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR); memcpy(serial->value, priv->cac_id, priv->cac_id_len); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); }",visit repo url,src/libopensc/card-cac.c,https://github.com/OpenSC/OpenSC,194185458772061,1 6406,['CWE-59'],"static int check_mtab(const char *progname, const char *devname, const char *dir) { if (check_newline(progname, devname) == -1 || check_newline(progname, dir) == -1) return EX_USAGE; return 0; }",samba,,,249190308241694753081717799100645279121,0 4779,CWE-415,"static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) { muscle_private_t* priv = MUSCLE_DATA(card); mscfs_t *fs = priv->fs; int x; int count = 0; mscfs_check_cache(priv->fs); for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ""FILE: %02X%02X%02X%02X\n"", oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; if(buf[0] == 0x00 && buf[1] == 0x00) continue; buf += 2; count+=2; } } return count; }",visit repo url,src/libopensc/card-muscle.c,https://github.com/OpenSC/OpenSC,15195210024435,1 1673,[],"static ssize_t sched_power_savings_store(const char *buf, size_t count, int smt) { int ret; if (buf[0] != '0' && buf[0] != '1') return -EINVAL; if (smt) sched_smt_power_savings = (buf[0] == '1'); else sched_mc_power_savings = (buf[0] == '1'); ret = arch_reinit_sched_domains(); return ret ? ret : count; }",linux-2.6,,,158699378644020571361243766446256993573,0 734,[],"static int jpc_coc_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_coc_t *coc = &ms->parms.coc; fprintf(out, ""compno = %d; csty = 0x%02x; numdlvls = %d;\n"", coc->compno, coc->compparms.csty, coc->compparms.numdlvls); fprintf(out, ""cblkwidthval = %d; cblkheightval = %d; "" ""cblksty = 0x%02x; qmfbid = %d;\n"", coc->compparms.cblkwidthval, coc->compparms.cblkheightval, coc->compparms.cblksty, coc->compparms.qmfbid); return 0; }",jasper,,,281843151196742580947469566891662522917,0 6012,['CWE-200'],"static void cbq_ovl_rclassic(struct cbq_class *cl) { struct cbq_sched_data *q = qdisc_priv(cl->qdisc); struct cbq_class *this = cl; do { if (cl->level > q->toplevel) { cl = NULL; break; } } while ((cl = cl->borrow) != NULL); if (cl == NULL) cl = this; cbq_ovl_classic(cl); }",linux-2.6,,,17372403367134978336258417858320940870,0 5350,['CWE-476'],"static int kvm_vm_ioctl_set_pit(struct kvm *kvm, struct kvm_pit_state *ps) { int r = 0; memcpy(&kvm->arch.vpit->pit_state, ps, sizeof(struct kvm_pit_state)); kvm_pit_load_count(kvm, 0, ps->channels[0].count); return r; }",linux-2.6,,,243163979235762108415498764135324172914,0 3455,CWE-200,"static void on_page_prepare(GtkNotebook *assistant, GtkWidget *page, gpointer user_data) { if (!is_processing_finished()) { show_next_step_button(); clear_warnings(); } gtk_widget_hide(g_btn_detail); gtk_widget_hide(g_btn_onfail); if (!g_expert_mode) gtk_widget_hide(g_btn_repeat); save_items_from_notepad(); save_text_from_text_view(g_tv_comment, FILENAME_COMMENT); if (pages[PAGENO_SUMMARY].page_widget == page) { if (!g_expert_mode) { int n = select_next_page_no(pages[PAGENO_SUMMARY].page_no, NULL); log_info(""switching to page_no:%d"", n); gtk_notebook_set_current_page(assistant, n); return; } } if (pages[PAGENO_EDIT_ELEMENTS].page_widget == page) { if (highlight_forbidden()) { add_sensitive_data_warning(); show_warnings(); gtk_expander_set_expanded(g_exp_search, TRUE); } else gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(g_rb_custom_search), TRUE); show_warnings(); } if (pages[PAGENO_REVIEW_DATA].page_widget == page) { update_ls_details_checkboxes(g_event_selected); gtk_widget_set_sensitive(g_btn_next, gtk_toggle_button_get_active(g_tb_approve_bt)); } if (pages[PAGENO_EDIT_COMMENT].page_widget == page) { gtk_widget_show(g_btn_detail); gtk_widget_set_sensitive(g_btn_next, false); on_comment_changed(gtk_text_view_get_buffer(g_tv_comment), NULL); } if (pages[PAGENO_EVENT_PROGRESS].page_widget == page) { log_info(""g_event_selected:'%s'"", g_event_selected); if (g_event_selected && g_event_selected[0] ) { clear_warnings(); start_event_run(g_event_selected); } } if(pages[PAGENO_EVENT_SELECTOR].page_widget == page) { if (!g_expert_mode && !g_auto_event_list) hide_next_step_button(); } }",visit repo url,src/gui-wizard-gtk/wizard.c,https://github.com/abrt/libreport,186487003246560,1 2164,['CWE-400'],"static unsigned long shmem_default_max_blocks(void) { return totalram_pages / 2; }",linux-2.6,,,175049067355501968021901535588102788190,0 1295,['CWE-119'],"static unsigned char snmp_request_decode(struct asn1_ctx *ctx, struct snmp_request *request) { unsigned int cls, con, tag; unsigned char *end; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) return 0; if (!asn1_ulong_decode(ctx, end, &request->id)) return 0; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) return 0; if (!asn1_uint_decode(ctx, end, &request->error_status)) return 0; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) return 0; if (!asn1_uint_decode(ctx, end, &request->error_index)) return 0; return 1; }",linux-2.6,,,258320650717253296848448319363492386467,0 4674,['CWE-399'],"static Indirect *ext4_get_branch(struct inode *inode, int depth, ext4_lblk_t *offsets, Indirect chain[4], int *err) { struct super_block *sb = inode->i_sb; Indirect *p = chain; struct buffer_head *bh; *err = 0; add_chain(chain, NULL, EXT4_I(inode)->i_data + *offsets); if (!p->key) goto no_block; while (--depth) { bh = sb_bread(sb, le32_to_cpu(p->key)); if (!bh) goto failure; add_chain(++p, bh, (__le32 *)bh->b_data + *++offsets); if (!p->key) goto no_block; } return NULL; failure: *err = -EIO; no_block: return p; }",linux-2.6,,,198155804539929872193078870602237592545,0 1732,[],"int alloc_rt_sched_group(struct task_group *tg, struct task_group *parent) { struct rt_rq *rt_rq; struct sched_rt_entity *rt_se, *parent_se; struct rq *rq; int i; tg->rt_rq = kzalloc(sizeof(rt_rq) * nr_cpu_ids, GFP_KERNEL); if (!tg->rt_rq) goto err; tg->rt_se = kzalloc(sizeof(rt_se) * nr_cpu_ids, GFP_KERNEL); if (!tg->rt_se) goto err; init_rt_bandwidth(&tg->rt_bandwidth, ktime_to_ns(def_rt_bandwidth.rt_period), 0); for_each_possible_cpu(i) { rq = cpu_rq(i); rt_rq = kmalloc_node(sizeof(struct rt_rq), GFP_KERNEL|__GFP_ZERO, cpu_to_node(i)); if (!rt_rq) goto err; rt_se = kmalloc_node(sizeof(struct sched_rt_entity), GFP_KERNEL|__GFP_ZERO, cpu_to_node(i)); if (!rt_se) goto err; parent_se = parent ? parent->rt_se[i] : NULL; init_tg_rt_entry(tg, rt_rq, rt_se, i, 0, parent_se); } return 1; err: return 0; }",linux-2.6,,,101511889817002681705593993193883400808,0 5825,['CWE-200'],"static int __init econet_proto_init(void) { int err = proto_register(&econet_proto, 0); if (err != 0) goto out; sock_register(&econet_family_ops); #ifdef CONFIG_ECONET_AUNUDP spin_lock_init(&aun_queue_lock); aun_udp_initialise(); #endif #ifdef CONFIG_ECONET_NATIVE econet_hw_initialise(); #endif register_netdevice_notifier(&econet_netdev_notifier); out: return err; }",linux-2.6,,,159312115298106196774035237614364491748,0 6088,CWE-190,"int bn_bits(const bn_t a) { int bits; if (bn_is_zero(a)) { return 0; } bits = (a->used - 1) * RLC_DIG; return bits + util_bits_dig(a->dp[a->used - 1]); }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,76392337601097,1 3133,['CWE-189'],"int jas_iccattrval_allowmodify(jas_iccattrval_t **attrvalx) { jas_iccattrval_t *newattrval; jas_iccattrval_t *attrval = *attrvalx; newattrval = 0; if (attrval->refcnt > 1) { if (!(newattrval = jas_iccattrval_create0())) goto error; newattrval->ops = attrval->ops; newattrval->type = attrval->type; ++newattrval->refcnt; if (newattrval->ops->copy) { if ((*newattrval->ops->copy)(newattrval, attrval)) goto error; } else { memcpy(&newattrval->data, &attrval->data, sizeof(newattrval->data)); } *attrvalx = newattrval; } return 0; error: if (newattrval) { jas_free(newattrval); } return -1; }",jasper,,,118664850035681252921083740050607806909,0 3690,[],"static int hfs_cat_build_record(hfs_cat_rec *rec, u32 cnid, struct inode *inode) { __be32 mtime = hfs_mtime(); memset(rec, 0, sizeof(*rec)); if (S_ISDIR(inode->i_mode)) { rec->type = HFS_CDR_DIR; rec->dir.DirID = cpu_to_be32(cnid); rec->dir.CrDat = mtime; rec->dir.MdDat = mtime; rec->dir.BkDat = 0; rec->dir.UsrInfo.frView = cpu_to_be16(0xff); return sizeof(struct hfs_cat_dir); } else { rec->type = HFS_CDR_FIL; rec->file.Flags = HFS_FIL_USED | HFS_FIL_THD; if (!(inode->i_mode & S_IWUSR)) rec->file.Flags |= HFS_FIL_LOCK; rec->file.FlNum = cpu_to_be32(cnid); rec->file.CrDat = mtime; rec->file.MdDat = mtime; rec->file.BkDat = 0; rec->file.UsrWds.fdType = HFS_SB(inode->i_sb)->s_type; rec->file.UsrWds.fdCreator = HFS_SB(inode->i_sb)->s_creator; return sizeof(struct hfs_cat_file); } }",linux-2.6,,,293379884792980916464696889243132957029,0 5931,['CWE-909'],"void tcf_destroy(struct tcf_proto *tp) { tp->ops->destroy(tp); module_put(tp->ops->owner); kfree(tp); }",linux-2.6,,,108790059613555394313960299220098874512,0 2304,CWE-399,"video_usercopy(struct file *file, unsigned int cmd, unsigned long arg, v4l2_kioctl func) { char sbuf[128]; void *mbuf = NULL; void *parg = NULL; long err = -EINVAL; int is_ext_ctrl; size_t ctrls_size = 0; void __user *user_ptr = NULL; is_ext_ctrl = (cmd == VIDIOC_S_EXT_CTRLS || cmd == VIDIOC_G_EXT_CTRLS || cmd == VIDIOC_TRY_EXT_CTRLS); switch (_IOC_DIR(cmd)) { case _IOC_NONE: parg = NULL; break; case _IOC_READ: case _IOC_WRITE: case (_IOC_WRITE | _IOC_READ): if (_IOC_SIZE(cmd) <= sizeof(sbuf)) { parg = sbuf; } else { mbuf = kmalloc(_IOC_SIZE(cmd), GFP_KERNEL); if (NULL == mbuf) return -ENOMEM; parg = mbuf; } err = -EFAULT; if (_IOC_DIR(cmd) & _IOC_WRITE) if (copy_from_user(parg, (void __user *)arg, _IOC_SIZE(cmd))) goto out; break; } if (is_ext_ctrl) { struct v4l2_ext_controls *p = parg; p->error_idx = p->count; user_ptr = (void __user *)p->controls; if (p->count) { ctrls_size = sizeof(struct v4l2_ext_control) * p->count; mbuf = kmalloc(ctrls_size, GFP_KERNEL); err = -ENOMEM; if (NULL == mbuf) goto out_ext_ctrl; err = -EFAULT; if (copy_from_user(mbuf, user_ptr, ctrls_size)) goto out_ext_ctrl; p->controls = mbuf; } } err = func(file, cmd, parg); if (err == -ENOIOCTLCMD) err = -EINVAL; if (is_ext_ctrl) { struct v4l2_ext_controls *p = parg; p->controls = (void *)user_ptr; if (p->count && err == 0 && copy_to_user(user_ptr, mbuf, ctrls_size)) err = -EFAULT; goto out_ext_ctrl; } if (err < 0) goto out; out_ext_ctrl: switch (_IOC_DIR(cmd)) { case _IOC_READ: case (_IOC_WRITE | _IOC_READ): if (copy_to_user((void __user *)arg, parg, _IOC_SIZE(cmd))) err = -EFAULT; break; } out: kfree(mbuf); return err; }",visit repo url,drivers/media/video/v4l2-ioctl.c,https://github.com/torvalds/linux,16221246910032,1 3159,['CWE-189'],"static int jas_cmshapmat_apply(jas_cmpxform_t *pxform, jas_cmreal_t *in, jas_cmreal_t *out, int cnt) { jas_cmshapmat_t *shapmat = &pxform->data.shapmat; jas_cmreal_t *src; jas_cmreal_t *dst; jas_cmreal_t a0; jas_cmreal_t a1; jas_cmreal_t a2; jas_cmreal_t b0; jas_cmreal_t b1; jas_cmreal_t b2; src = in; dst = out; if (!shapmat->mono) { while (--cnt >= 0) { a0 = *src++; a1 = *src++; a2 = *src++; if (!shapmat->order && shapmat->useluts) { a0 = jas_cmshapmatlut_lookup(&shapmat->luts[0], a0); a1 = jas_cmshapmatlut_lookup(&shapmat->luts[1], a1); a2 = jas_cmshapmatlut_lookup(&shapmat->luts[2], a2); } if (shapmat->usemat) { b0 = shapmat->mat[0][0] * a0 + shapmat->mat[0][1] * a1 + shapmat->mat[0][2] * a2 + shapmat->mat[0][3]; b1 = shapmat->mat[1][0] * a0 + shapmat->mat[1][1] * a1 + shapmat->mat[1][2] * a2 + shapmat->mat[1][3]; b2 = shapmat->mat[2][0] * a0 + shapmat->mat[2][1] * a1 + shapmat->mat[2][2] * a2 + shapmat->mat[2][3]; a0 = b0; a1 = b1; a2 = b2; } if (shapmat->order && shapmat->useluts) { a0 = jas_cmshapmatlut_lookup(&shapmat->luts[0], a0); a1 = jas_cmshapmatlut_lookup(&shapmat->luts[1], a1); a2 = jas_cmshapmatlut_lookup(&shapmat->luts[2], a2); } *dst++ = a0; *dst++ = a1; *dst++ = a2; } } else { if (!shapmat->order) { while (--cnt >= 0) { a0 = *src++; if (shapmat->useluts) a0 = jas_cmshapmatlut_lookup(&shapmat->luts[0], a0); a2 = a0 * shapmat->mat[2][0]; a1 = a0 * shapmat->mat[1][0]; a0 = a0 * shapmat->mat[0][0]; *dst++ = a0; *dst++ = a1; *dst++ = a2; } } else { assert(0); while (--cnt >= 0) { a0 = *src++; src++; src++; a0 = a0 * shapmat->mat[0][0]; if (shapmat->useluts) a0 = jas_cmshapmatlut_lookup(&shapmat->luts[0], a0); *dst++ = a0; } } } return 0; }",jasper,,,245150048846893816964966756513303954149,0 4655,['CWE-399'],"int __ext4_write_dirty_metadata(struct inode *inode, struct buffer_head *bh) { int err = 0; mark_buffer_dirty(bh); if (inode && inode_needs_sync(inode)) { sync_dirty_buffer(bh); if (buffer_req(bh) && !buffer_uptodate(bh)) { ext4_error(inode->i_sb, __func__, ""IO error syncing inode, "" ""inode=%lu, block=%llu"", inode->i_ino, (unsigned long long)bh->b_blocknr); err = -EIO; } } return err; }",linux-2.6,,,49858730159080383363385770600549414417,0 3564,CWE-190,"jas_image_t *jp2_decode(jas_stream_t *in, char *optstr) { jp2_box_t *box; int found; jas_image_t *image; jp2_dec_t *dec; bool samedtype; int dtype; unsigned int i; jp2_cmap_t *cmapd; jp2_pclr_t *pclrd; jp2_cdef_t *cdefd; unsigned int channo; int newcmptno; int_fast32_t *lutents; #if 0 jp2_cdefchan_t *cdefent; int cmptno; #endif jp2_cmapent_t *cmapent; jas_icchdr_t icchdr; jas_iccprof_t *iccprof; dec = 0; box = 0; image = 0; if (!(dec = jp2_dec_create())) { goto error; } if (!(box = jp2_box_get(in))) { jas_eprintf(""error: cannot get box\n""); goto error; } if (box->type != JP2_BOX_JP) { jas_eprintf(""error: expecting signature box\n""); goto error; } if (box->data.jp.magic != JP2_JP_MAGIC) { jas_eprintf(""incorrect magic number\n""); goto error; } jp2_box_destroy(box); box = 0; if (!(box = jp2_box_get(in))) { goto error; } if (box->type != JP2_BOX_FTYP) { jas_eprintf(""expecting file type box\n""); goto error; } jp2_box_destroy(box); box = 0; found = 0; while ((box = jp2_box_get(in))) { if (jas_getdbglevel() >= 1) { jas_eprintf(""got box type %s\n"", box->info->name); } switch (box->type) { case JP2_BOX_JP2C: found = 1; break; case JP2_BOX_IHDR: if (!dec->ihdr) { dec->ihdr = box; box = 0; } break; case JP2_BOX_BPCC: if (!dec->bpcc) { dec->bpcc = box; box = 0; } break; case JP2_BOX_CDEF: if (!dec->cdef) { dec->cdef = box; box = 0; } break; case JP2_BOX_PCLR: if (!dec->pclr) { dec->pclr = box; box = 0; } break; case JP2_BOX_CMAP: if (!dec->cmap) { dec->cmap = box; box = 0; } break; case JP2_BOX_COLR: if (!dec->colr) { dec->colr = box; box = 0; } break; } if (box) { jp2_box_destroy(box); box = 0; } if (found) { break; } } if (!found) { jas_eprintf(""error: no code stream found\n""); goto error; } if (!(dec->image = jpc_decode(in, optstr))) { jas_eprintf(""error: cannot decode code stream\n""); goto error; } if (!dec->ihdr) { jas_eprintf(""error: missing IHDR box\n""); goto error; } if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } samedtype = true; dtype = jas_image_cmptdtype(dec->image, 0); for (i = 1; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != dtype) { samedtype = false; break; } } if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) || (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) { jas_eprintf(""warning: component data type mismatch\n""); } if (dec->ihdr->data.ihdr.comptype != JP2_IHDR_COMPTYPE) { jas_eprintf(""error: unsupported compression type\n""); goto error; } if (dec->bpcc) { if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(uint, jas_image_numcmpts( dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!samedtype) { for (i = 0; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) { jas_eprintf(""warning: component data type mismatch\n""); } } } else { jas_eprintf(""warning: superfluous BPCC box\n""); } } if (!dec->colr) { jas_eprintf(""error: no COLR box\n""); goto error; } switch (dec->colr->data.colr.method) { case JP2_COLR_ENUM: jas_image_setclrspc(dec->image, jp2_getcs(&dec->colr->data.colr)); break; case JP2_COLR_ICC: iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, dec->colr->data.colr.iccplen); if (!iccprof) { jas_eprintf(""error: failed to parse ICC profile\n""); goto error; } jas_iccprof_gethdr(iccprof, &icchdr); jas_eprintf(""ICC Profile CS %08x\n"", icchdr.colorspc); jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof); assert(dec->image->cmprof_); jas_iccprof_destroy(iccprof); break; } if (dec->cmap && !dec->pclr) { jas_eprintf(""warning: missing PCLR box or superfluous CMAP box\n""); jp2_box_destroy(dec->cmap); dec->cmap = 0; } if (!dec->cmap && dec->pclr) { jas_eprintf(""warning: missing CMAP box or superfluous PCLR box\n""); jp2_box_destroy(dec->pclr); dec->pclr = 0; } dec->numchans = dec->cmap ? dec->cmap->data.cmap.numchans : JAS_CAST(uint, jas_image_numcmpts(dec->image)); if (dec->cmap) { for (i = 0; i < dec->numchans; ++i) { if (dec->cmap->data.cmap.ents[i].cmptno >= JAS_CAST(uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""error: invalid component number in CMAP box\n""); goto error; } if (dec->cmap->data.cmap.ents[i].pcol >= dec->pclr->data.pclr.numchans) { jas_eprintf(""error: invalid CMAP LUT index\n""); goto error; } } } if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) { jas_eprintf(""error: no memory\n""); goto error; } if (!dec->cmap) { for (i = 0; i < dec->numchans; ++i) { dec->chantocmptlut[i] = i; } } else { cmapd = &dec->cmap->data.cmap; pclrd = &dec->pclr->data.pclr; cdefd = &dec->cdef->data.cdef; for (channo = 0; channo < cmapd->numchans; ++channo) { cmapent = &cmapd->ents[channo]; if (cmapent->map == JP2_CMAP_DIRECT) { dec->chantocmptlut[channo] = channo; } else if (cmapent->map == JP2_CMAP_PALETTE) { lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); for (i = 0; i < pclrd->numlutents; ++i) { lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; } newcmptno = jas_image_numcmpts(dec->image); jas_image_depalettize(dec->image, cmapent->cmptno, pclrd->numlutents, lutents, JP2_BPCTODTYPE(pclrd->bpc[cmapent->pcol]), newcmptno); dec->chantocmptlut[channo] = newcmptno; jas_free(lutents); #if 0 if (dec->cdef) { cdefent = jp2_cdef_lookup(cdefd, channo); if (!cdefent) { abort(); } jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), cdefent->type, cdefent->assoc)); } else { jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1)); } #endif } } } for (i = 0; i < JAS_CAST(uint, jas_image_numcmpts(dec->image)); ++i) { jas_image_setcmpttype(dec->image, i, JAS_IMAGE_CT_UNKNOWN); } if (dec->cdef) { for (i = 0; i < dec->numchans; ++i) { if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { jas_eprintf(""error: invalid channel number in CDEF box\n""); goto error; } jas_image_setcmpttype(dec->image, dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], jp2_getct(jas_image_clrspc(dec->image), dec->cdef->data.cdef.ents[i].type, dec->cdef->data.cdef.ents[i].assoc)); } } else { for (i = 0; i < dec->numchans; ++i) { jas_image_setcmpttype(dec->image, dec->chantocmptlut[i], jp2_getct(jas_image_clrspc(dec->image), 0, i + 1)); } } for (i = jas_image_numcmpts(dec->image); i > 0; --i) { if (jas_image_cmpttype(dec->image, i - 1) == JAS_IMAGE_CT_UNKNOWN) { jas_image_delcmpt(dec->image, i - 1); } } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } #if 0 jas_eprintf(""no of components is %d\n"", jas_image_numcmpts(dec->image)); #endif image = dec->image; dec->image = 0; jp2_dec_destroy(dec); return image; error: if (box) { jp2_box_destroy(box); } if (dec) { jp2_dec_destroy(dec); } return 0; }",visit repo url,src/libjasper/jp2/jp2_dec.c,https://github.com/mdadams/jasper,31285916644684,1 684,CWE-20,"static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name; struct ddpehdr *ddp; int copied = 0; int offset = 0; int err = 0; struct sk_buff *skb; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); lock_sock(sk); if (!skb) goto out; ddp = ddp_hdr(skb); copied = ntohs(ddp->deh_len_hops) & 1023; if (sk->sk_type != SOCK_RAW) { offset = sizeof(*ddp); copied -= offset; } if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied); if (!err) { if (sat) { sat->sat_family = AF_APPLETALK; sat->sat_port = ddp->deh_sport; sat->sat_addr.s_node = ddp->deh_snode; sat->sat_addr.s_net = ddp->deh_snet; } msg->msg_namelen = sizeof(*sat); } skb_free_datagram(sk, skb); out: release_sock(sk); return err ? : copied; }",visit repo url,net/appletalk/ddp.c,https://github.com/torvalds/linux,30002071291188,1 4953,CWE-190,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 446,[],"pfm_force_cleanup(pfm_context_t *ctx, struct pt_regs *regs) { struct task_struct *task = ctx->ctx_task; ia64_psr(regs)->up = 0; ia64_psr(regs)->sp = 1; if (GET_PMU_OWNER() == task) { DPRINT((""cleared ownership for [%d]\n"", ctx->ctx_task->pid)); SET_PMU_OWNER(NULL, NULL); } PFM_SET_WORK_PENDING(task, 0); task->thread.pfm_context = NULL; task->thread.flags &= ~IA64_THREAD_PM_VALID; DPRINT((""force cleanup for [%d]\n"", task->pid)); }",linux-2.6,,,319090585383581813069490466142140029601,0 3017,['CWE-189'],"void jpc_ft_invlift_colres(jpc_fix_t *a, int numrows, int numcols, int stride, int parity) { jpc_fix_t *lptr; jpc_fix_t *hptr; register jpc_fix_t *lptr2; register jpc_fix_t *hptr2; register int n; register int i; int llen; llen = (numrows + 1 - parity) >> 1; if (numrows > 1) { lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { lptr2[0] -= (hptr2[0] + 1) >> 1; ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { lptr2[0] -= (hptr2[0] + hptr2[stride] + 2) >> 2; ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { lptr2[0] -= (hptr2[0] + 1) >> 1; ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { hptr2[0] += lptr2[0]; ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { hptr2[0] += (lptr2[0] + lptr2[stride]) >> 1; ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { hptr2[0] += lptr2[0]; ++lptr2; ++hptr2; } } } else { if (parity) { lptr2 = &a[0]; for (i = 0; i < numcols; ++i) { lptr2[0] >>= 1; ++lptr2; } } } }",jasper,,,278345483568718183995803540464628833921,0 2850,CWE-787,"horizontalDifference8(unsigned char *ip, int n, int stride, unsigned short *wp, uint16 *From8) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) (From8[(v)]) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; r1 = CLAMP(ip[3]); wp[3] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[4]); wp[4] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[5]); wp[5] = (uint16)((b1-b2) & mask); b2 = b1; wp += 3; ip += 3; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; r1 = CLAMP(ip[4]); wp[4] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[5]); wp[5] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[6]); wp[6] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[7]); wp[7] = (uint16)((a1-a2) & mask); a2 = a1; wp += 4; ip += 4; } } else { wp += n + stride - 1; ip += n + stride - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,90993586991407,1 6161,['CWE-200'],"static int tclass_notify(struct sk_buff *oskb, struct nlmsghdr *n, struct Qdisc *q, unsigned long cl, int event) { struct sk_buff *skb; u32 pid = oskb ? NETLINK_CB(oskb).pid : 0; skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) return -ENOBUFS; if (tc_fill_tclass(skb, q, cl, pid, n->nlmsg_seq, 0, event) < 0) { kfree_skb(skb); return -EINVAL; } return rtnetlink_send(skb, pid, RTMGRP_TC, n->nlmsg_flags&NLM_F_ECHO); }",linux-2.6,,,301908496094542853983171013859940308971,0 2634,CWE-125,"static int add_array_entry(const char* loc_name, zval* hash_arr, char* key_name TSRMLS_DC) { char* key_value = NULL; char* cur_key_name = NULL; char* token = NULL; char* last_ptr = NULL; int result = 0; int cur_result = 0; int cnt = 0; if( strcmp(key_name , LOC_PRIVATE_TAG)==0 ){ key_value = get_private_subtags( loc_name ); result = 1; } else { key_value = get_icu_value_internal( loc_name , key_name , &result,1 ); } if( (strcmp(key_name , LOC_PRIVATE_TAG)==0) || ( strcmp(key_name , LOC_VARIANT_TAG)==0) ){ if( result > 0 && key_value){ token = php_strtok_r( key_value , DELIMITER ,&last_ptr); if( cur_key_name ){ efree( cur_key_name); } cur_key_name = (char*)ecalloc( 25, 25); sprintf( cur_key_name , ""%s%d"", key_name , cnt++); add_assoc_string( hash_arr, cur_key_name , token ,TRUE ); while( (token = php_strtok_r(NULL , DELIMITER , &last_ptr)) && (strlen(token)>1) ){ sprintf( cur_key_name , ""%s%d"", key_name , cnt++); add_assoc_string( hash_arr, cur_key_name , token , TRUE ); } } } else { if( result == 1 ){ add_assoc_string( hash_arr, key_name , key_value , TRUE ); cur_result = 1; } } if( cur_key_name ){ efree( cur_key_name); } if( key_value){ efree(key_value); } return cur_result; }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,130178861278867,1 5429,['CWE-476'],"static int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid *cpuid, struct kvm_cpuid_entry __user *entries) { int r, i; struct kvm_cpuid_entry *cpuid_entries; r = -E2BIG; if (cpuid->nent > KVM_MAX_CPUID_ENTRIES) goto out; r = -ENOMEM; cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry) * cpuid->nent); if (!cpuid_entries) goto out; r = -EFAULT; if (copy_from_user(cpuid_entries, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry))) goto out_free; for (i = 0; i < cpuid->nent; i++) { vcpu->arch.cpuid_entries[i].function = cpuid_entries[i].function; vcpu->arch.cpuid_entries[i].eax = cpuid_entries[i].eax; vcpu->arch.cpuid_entries[i].ebx = cpuid_entries[i].ebx; vcpu->arch.cpuid_entries[i].ecx = cpuid_entries[i].ecx; vcpu->arch.cpuid_entries[i].edx = cpuid_entries[i].edx; vcpu->arch.cpuid_entries[i].index = 0; vcpu->arch.cpuid_entries[i].flags = 0; vcpu->arch.cpuid_entries[i].padding[0] = 0; vcpu->arch.cpuid_entries[i].padding[1] = 0; vcpu->arch.cpuid_entries[i].padding[2] = 0; } vcpu->arch.cpuid_nent = cpuid->nent; cpuid_fix_nx_cap(vcpu); r = 0; out_free: vfree(cpuid_entries); out: return r; }",linux-2.6,,,123320160613895909090564823696425615242,0 331,['CWE-20'],"long arch_ptrace(struct task_struct *child, long request, long addr, long data) { struct user * dummy = NULL; int i, ret; unsigned long __user *datap = (unsigned long __user *)data; switch (request) { case PTRACE_PEEKTEXT: case PTRACE_PEEKDATA: ret = generic_ptrace_peekdata(child, addr, data); break; case PTRACE_PEEKUSR: { unsigned long tmp; ret = -EIO; if ((addr & 3) || addr < 0 || addr > sizeof(struct user) - 3) break; tmp = 0; if(addr < FRAME_SIZE*sizeof(long)) tmp = getreg(child, addr); if(addr >= (long) &dummy->u_debugreg[0] && addr <= (long) &dummy->u_debugreg[7]){ addr -= (long) &dummy->u_debugreg[0]; addr = addr >> 2; tmp = child->thread.debugreg[addr]; } ret = put_user(tmp, datap); break; } case PTRACE_POKETEXT: case PTRACE_POKEDATA: ret = generic_ptrace_pokedata(child, addr, data); break; case PTRACE_POKEUSR: ret = -EIO; if ((addr & 3) || addr < 0 || addr > sizeof(struct user) - 3) break; if (addr < FRAME_SIZE*sizeof(long)) { ret = putreg(child, addr, data); break; } ret = -EIO; if(addr >= (long) &dummy->u_debugreg[0] && addr <= (long) &dummy->u_debugreg[7]){ if(addr == (long) &dummy->u_debugreg[4]) break; if(addr == (long) &dummy->u_debugreg[5]) break; if(addr < (long) &dummy->u_debugreg[4] && ((unsigned long) data) >= TASK_SIZE-3) break; if(addr == (long) &dummy->u_debugreg[7]) { data &= ~DR_CONTROL_RESERVED; for(i=0; i<4; i++) if ((0x5f54 >> ((data >> (16 + 4*i)) & 0xf)) & 1) goto out_tsk; if (data) set_tsk_thread_flag(child, TIF_DEBUG); else clear_tsk_thread_flag(child, TIF_DEBUG); } addr -= (long) &dummy->u_debugreg; addr = addr >> 2; child->thread.debugreg[addr] = data; ret = 0; } break; case PTRACE_SYSEMU: case PTRACE_SYSCALL: case PTRACE_CONT: ret = -EIO; if (!valid_signal(data)) break; if (request == PTRACE_SYSEMU) { set_tsk_thread_flag(child, TIF_SYSCALL_EMU); clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE); } else if (request == PTRACE_SYSCALL) { set_tsk_thread_flag(child, TIF_SYSCALL_TRACE); clear_tsk_thread_flag(child, TIF_SYSCALL_EMU); } else { clear_tsk_thread_flag(child, TIF_SYSCALL_EMU); clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE); } child->exit_code = data; clear_singlestep(child); wake_up_process(child); ret = 0; break; case PTRACE_KILL: ret = 0; if (child->exit_state == EXIT_ZOMBIE) break; child->exit_code = SIGKILL; clear_singlestep(child); wake_up_process(child); break; case PTRACE_SYSEMU_SINGLESTEP: case PTRACE_SINGLESTEP: ret = -EIO; if (!valid_signal(data)) break; if (request == PTRACE_SYSEMU_SINGLESTEP) set_tsk_thread_flag(child, TIF_SYSCALL_EMU); else clear_tsk_thread_flag(child, TIF_SYSCALL_EMU); clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE); set_singlestep(child); child->exit_code = data; wake_up_process(child); ret = 0; break; case PTRACE_DETACH: ret = ptrace_detach(child, data); break; case PTRACE_GETREGS: { if (!access_ok(VERIFY_WRITE, datap, FRAME_SIZE*sizeof(long))) { ret = -EIO; break; } for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) { __put_user(getreg(child, i), datap); datap++; } ret = 0; break; } case PTRACE_SETREGS: { unsigned long tmp; if (!access_ok(VERIFY_READ, datap, FRAME_SIZE*sizeof(long))) { ret = -EIO; break; } for ( i = 0; i < FRAME_SIZE*sizeof(long); i += sizeof(long) ) { __get_user(tmp, datap); putreg(child, i, tmp); datap++; } ret = 0; break; } case PTRACE_GETFPREGS: { if (!access_ok(VERIFY_WRITE, datap, sizeof(struct user_i387_struct))) { ret = -EIO; break; } ret = 0; if (!tsk_used_math(child)) init_fpu(child); get_fpregs((struct user_i387_struct __user *)data, child); break; } case PTRACE_SETFPREGS: { if (!access_ok(VERIFY_READ, datap, sizeof(struct user_i387_struct))) { ret = -EIO; break; } set_stopped_child_used_math(child); set_fpregs(child, (struct user_i387_struct __user *)data); ret = 0; break; } case PTRACE_GETFPXREGS: { if (!access_ok(VERIFY_WRITE, datap, sizeof(struct user_fxsr_struct))) { ret = -EIO; break; } if (!tsk_used_math(child)) init_fpu(child); ret = get_fpxregs((struct user_fxsr_struct __user *)data, child); break; } case PTRACE_SETFPXREGS: { if (!access_ok(VERIFY_READ, datap, sizeof(struct user_fxsr_struct))) { ret = -EIO; break; } set_stopped_child_used_math(child); ret = set_fpxregs(child, (struct user_fxsr_struct __user *)data); break; } case PTRACE_GET_THREAD_AREA: ret = ptrace_get_thread_area(child, addr, (struct user_desc __user *) data); break; case PTRACE_SET_THREAD_AREA: ret = ptrace_set_thread_area(child, addr, (struct user_desc __user *) data); break; default: ret = ptrace_request(child, request, addr, data); break; } out_tsk: return ret; }",linux-2.6,,,280242124306896156076682944201805865190,0 4439,['CWE-264'],"static void sock_warn_obsolete_bsdism(const char *name) { static int warned; static char warncomm[TASK_COMM_LEN]; if (strcmp(warncomm, current->comm) && warned < 5) { strcpy(warncomm, current->comm); printk(KERN_WARNING ""process `%s' is using obsolete "" ""%s SO_BSDCOMPAT\n"", warncomm, name); warned++; } }",linux-2.6,,,253551531033812199031813713038033489258,0 4684,CWE-78,"static void cmd_parse_lsub (IMAP_DATA* idata, char* s) { char buf[STRING]; char errstr[STRING]; BUFFER err, token; ciss_url_t url; IMAP_LIST list; if (idata->cmddata && idata->cmdtype == IMAP_CT_LIST) { cmd_parse_list (idata, s); return; } if (!option (OPTIMAPCHECKSUBSCRIBED)) return; idata->cmdtype = IMAP_CT_LIST; idata->cmddata = &list; cmd_parse_list (idata, s); idata->cmddata = NULL; if (!list.name || list.noselect) return; dprint (3, (debugfile, ""Subscribing to %s\n"", list.name)); strfcpy (buf, ""mailboxes \"""", sizeof (buf)); mutt_account_tourl (&idata->conn->account, &url); imap_quote_string(errstr, sizeof (errstr), list.name); url.path = errstr + 1; url.path[strlen(url.path) - 1] = '\0'; if (!mutt_strcmp (url.user, ImapUser)) url.user = NULL; url_ciss_tostring (&url, buf + 11, sizeof (buf) - 10, 0); safe_strcat (buf, sizeof (buf), ""\""""); mutt_buffer_init (&token); mutt_buffer_init (&err); err.data = errstr; err.dsize = sizeof (errstr); if (mutt_parse_rc_line (buf, &token, &err)) dprint (1, (debugfile, ""Error adding subscribed mailbox: %s\n"", errstr)); FREE (&token.data); }",visit repo url,imap/command.c,https://gitlab.com/muttmua/mutt,61321800986972,1 4140,[],"static void __exit ibwdt_exit(void) { platform_device_unregister(ibwdt_platform_device); platform_driver_unregister(&ibwdt_driver); printk(KERN_INFO PFX ""Watchdog Module Unloaded.\n""); }",linux-2.6,,,45615473780236839861225379821409228720,0 5056,['CWE-20'],"static void vmx_set_gdt(struct kvm_vcpu *vcpu, struct descriptor_table *dt) { vmcs_write32(GUEST_GDTR_LIMIT, dt->limit); vmcs_writel(GUEST_GDTR_BASE, dt->base); }",linux-2.6,,,66722979831791991080830848432642075543,0 5449,['CWE-476'],"static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { int r; if (vcpu->requests) if (test_and_clear_bit(KVM_REQ_MMU_RELOAD, &vcpu->requests)) kvm_mmu_unload(vcpu); r = kvm_mmu_reload(vcpu); if (unlikely(r)) goto out; if (vcpu->requests) { if (test_and_clear_bit(KVM_REQ_MIGRATE_TIMER, &vcpu->requests)) __kvm_migrate_timers(vcpu); if (test_and_clear_bit(KVM_REQ_KVMCLOCK_UPDATE, &vcpu->requests)) kvm_write_guest_time(vcpu); if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests)) kvm_mmu_sync_roots(vcpu); if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) kvm_x86_ops->tlb_flush(vcpu); if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS, &vcpu->requests)) { kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS; r = 0; goto out; } if (test_and_clear_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests)) { kvm_run->exit_reason = KVM_EXIT_SHUTDOWN; r = 0; goto out; } } preempt_disable(); kvm_x86_ops->prepare_guest_switch(vcpu); kvm_load_guest_fpu(vcpu); local_irq_disable(); if (vcpu->requests || need_resched() || signal_pending(current)) { local_irq_enable(); preempt_enable(); r = 1; goto out; } vcpu->guest_mode = 1; smp_wmb(); if (vcpu->arch.exception.pending) __queue_exception(vcpu); else if (irqchip_in_kernel(vcpu->kvm)) kvm_x86_ops->inject_pending_irq(vcpu); else kvm_x86_ops->inject_pending_vectors(vcpu, kvm_run); kvm_lapic_sync_to_vapic(vcpu); up_read(&vcpu->kvm->slots_lock); kvm_guest_enter(); get_debugreg(vcpu->arch.host_dr6, 6); get_debugreg(vcpu->arch.host_dr7, 7); if (unlikely(vcpu->arch.switch_db_regs)) { get_debugreg(vcpu->arch.host_db[0], 0); get_debugreg(vcpu->arch.host_db[1], 1); get_debugreg(vcpu->arch.host_db[2], 2); get_debugreg(vcpu->arch.host_db[3], 3); set_debugreg(0, 7); set_debugreg(vcpu->arch.eff_db[0], 0); set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); set_debugreg(vcpu->arch.eff_db[3], 3); } KVMTRACE_0D(VMENTRY, vcpu, entryexit); kvm_x86_ops->run(vcpu, kvm_run); if (unlikely(vcpu->arch.switch_db_regs)) { set_debugreg(0, 7); set_debugreg(vcpu->arch.host_db[0], 0); set_debugreg(vcpu->arch.host_db[1], 1); set_debugreg(vcpu->arch.host_db[2], 2); set_debugreg(vcpu->arch.host_db[3], 3); } set_debugreg(vcpu->arch.host_dr6, 6); set_debugreg(vcpu->arch.host_dr7, 7); vcpu->guest_mode = 0; local_irq_enable(); ++vcpu->stat.exits; barrier(); kvm_guest_exit(); preempt_enable(); down_read(&vcpu->kvm->slots_lock); if (unlikely(prof_on == KVM_PROFILING)) { unsigned long rip = kvm_rip_read(vcpu); profile_hit(KVM_PROFILING, (void *)rip); } if (vcpu->arch.exception.pending && kvm_x86_ops->exception_injected(vcpu)) vcpu->arch.exception.pending = false; kvm_lapic_sync_from_vapic(vcpu); r = kvm_x86_ops->handle_exit(kvm_run, vcpu); out: return r; }",linux-2.6,,,16108649869417428996865839032686634127,0 5728,['CWE-200'],"static int irda_create(struct net *net, struct socket *sock, int protocol) { struct sock *sk; struct irda_sock *self; IRDA_DEBUG(2, ""%s()\n"", __func__); if (net != &init_net) return -EAFNOSUPPORT; switch (sock->type) { case SOCK_STREAM: case SOCK_SEQPACKET: case SOCK_DGRAM: break; default: return -ESOCKTNOSUPPORT; } sk = sk_alloc(net, PF_IRDA, GFP_ATOMIC, &irda_proto); if (sk == NULL) return -ENOMEM; self = irda_sk(sk); IRDA_DEBUG(2, ""%s() : self is %p\n"", __func__, self); init_waitqueue_head(&self->query_wait); switch (sock->type) { case SOCK_STREAM: sock->ops = &irda_stream_ops; self->max_sdu_size_rx = TTP_SAR_DISABLE; break; case SOCK_SEQPACKET: sock->ops = &irda_seqpacket_ops; self->max_sdu_size_rx = TTP_SAR_UNBOUND; break; case SOCK_DGRAM: switch (protocol) { #ifdef CONFIG_IRDA_ULTRA case IRDAPROTO_ULTRA: sock->ops = &irda_ultra_ops; self->max_data_size = ULTRA_MAX_DATA - LMP_PID_HEADER; self->max_header_size = IRDA_MAX_HEADER + LMP_PID_HEADER; break; #endif case IRDAPROTO_UNITDATA: sock->ops = &irda_dgram_ops; self->max_sdu_size_rx = TTP_SAR_UNBOUND; break; default: sk_free(sk); return -ESOCKTNOSUPPORT; } break; default: sk_free(sk); return -ESOCKTNOSUPPORT; } sock_init_data(sock, sk); sk->sk_family = PF_IRDA; sk->sk_protocol = protocol; self->ckey = irlmp_register_client(0, NULL, NULL, NULL); self->mask.word = 0xffff; self->rx_flow = self->tx_flow = FLOW_START; self->nslots = DISCOVERY_DEFAULT_SLOTS; self->daddr = DEV_ADDR_ANY; self->saddr = 0x0; return 0; }",linux-2.6,,,106885965778615223578093025091659319284,0 3308,['CWE-189'],"void jpc_tagtree_reset(jpc_tagtree_t *tree) { int n; jpc_tagtreenode_t *node; n = tree->numnodes_; node = tree->nodes_; while (--n >= 0) { node->value_ = INT_MAX; node->low_ = 0; node->known_ = 0; ++node; } }",jasper,,,84027710039861784175638629333918374218,0 5164,CWE-125,"handle_keywordonly_args(struct compiling *c, const node *n, int start, asdl_seq *kwonlyargs, asdl_seq *kwdefaults) { PyObject *argname; node *ch; expr_ty expression, annotation; arg_ty arg = NULL; int i = start; int j = 0; if (kwonlyargs == NULL) { ast_error(c, CHILD(n, start), ""named arguments must follow bare *""); return -1; } assert(kwdefaults != NULL); while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case vfpdef: case tfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) goto error; asdl_seq_SET(kwdefaults, j, expression); i += 2; } else { asdl_seq_SET(kwdefaults, j, NULL); } if (NCH(ch) == 3) { annotation = ast_for_expr(c, CHILD(ch, 2)); if (!annotation) goto error; } else { annotation = NULL; } ch = CHILD(ch, 0); argname = NEW_IDENTIFIER(ch); if (!argname) goto error; if (forbidden_name(c, argname, ch, 0)) goto error; arg = arg(argname, annotation, NULL, LINENO(ch), ch->n_col_offset, ch->n_end_lineno, ch->n_end_col_offset, c->c_arena); if (!arg) goto error; asdl_seq_SET(kwonlyargs, j++, arg); i += 1; if (TYPE(CHILD(n, i)) == COMMA) i += 1; break; case TYPE_COMMENT: arg->type_comment = NEW_TYPE_COMMENT(ch); if (!arg->type_comment) goto error; i += 1; break; case DOUBLESTAR: return i; default: ast_error(c, ch, ""unexpected node""); goto error; } } return i; error: return -1; }",visit repo url,Python/ast.c,https://github.com/python/cpython,134923987543499,1 5049,['CWE-20'],"static void enable_irq_window(struct kvm_vcpu *vcpu) { u32 cpu_based_vm_exec_control; cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL); cpu_based_vm_exec_control |= CPU_BASED_VIRTUAL_INTR_PENDING; vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control); }",linux-2.6,,,80550275491493329834544274725383503749,0 6577,CWE-369,"initialise_banding(fz_context *ctx, render_details *render, int color) { size_t min_band_mem; int bpp, h, w, reps; render->colorspace = output_cs; render->format = output_format; #if GREY_FALLBACK != 0 if (color == 0) { if (render->colorspace == CS_RGB) { render->colorspace = CS_GRAY; render->format = OUT_PGM; } else if (render->colorspace == CS_CMYK) { render->colorspace = CS_GRAY; if (render->format == OUT_PKM) render->format = OUT_PBM; else render->format = OUT_PGM; } } #endif switch (render->colorspace) { case CS_GRAY: bpp = 1; break; case CS_RGB: bpp = 2; break; default: case CS_CMYK: bpp = 3; break; } w = render->ibounds.x1 - render->ibounds.x0; min_band_mem = (size_t)bpp * w * min_band_height; reps = (int)(max_band_memory / min_band_mem); if (reps < 1) reps = 1; if (render->num_workers > 0) { int runs, num_bands; h = render->ibounds.y1 - render->ibounds.y0; num_bands = (h + min_band_height - 1) / min_band_height; runs = (num_bands + reps-1) / reps; runs = ((runs + render->num_workers - 1) / render->num_workers) * render->num_workers; reps = (num_bands + runs - 1) / runs; } render->band_height_multiple = reps; render->bands_rendered = 0; if (output_format == OUT_PGM || output_format == OUT_PPM) { render->bander = fz_new_pnm_band_writer(ctx, out); render->n = output_format == OUT_PGM ? 1 : 3; } else if (output_format == OUT_PAM) { render->bander = fz_new_pam_band_writer(ctx, out); render->n = 4; } else if (output_format == OUT_PBM) { render->bander = fz_new_pbm_band_writer(ctx, out); render->n = 1; } else if (output_format == OUT_PKM) { render->bander = fz_new_pkm_band_writer(ctx, out); render->n = 4; } }",visit repo url,source/tools/muraster.c,https://github.com/ArtifexSoftware/mupdf,96667896224888,1 5280,CWE-79,"static int oidc_request_post_preserved_restore(request_rec *r, const char *original_url) { oidc_debug(r, ""enter: original_url=%s"", original_url); const char *method = ""postOnLoad""; const char *script = apr_psprintf(r->pool, "" \n"", method, original_url); const char *body = ""

Restoring...

\n"" ""
\n""; return oidc_util_html_send(r, ""Restoring..."", script, method, body, OK); }",visit repo url,src/mod_auth_openidc.c,https://github.com/zmartzone/mod_auth_openidc,131627619841326,1 205,CWE-284,"static __be32 nfsd3_proc_setacl(struct svc_rqst * rqstp, struct nfsd3_setaclargs *argp, struct nfsd3_attrstat *resp) { struct inode *inode; svc_fh *fh; __be32 nfserr = 0; int error; fh = fh_copy(&resp->fh, &argp->fh); nfserr = fh_verify(rqstp, &resp->fh, 0, NFSD_MAY_SATTR); if (nfserr) goto out; inode = d_inode(fh->fh_dentry); if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) { error = -EOPNOTSUPP; goto out_errno; } error = fh_want_write(fh); if (error) goto out_errno; error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS); if (error) goto out_drop_write; error = inode->i_op->set_acl(inode, argp->acl_default, ACL_TYPE_DEFAULT); out_drop_write: fh_drop_write(fh); out_errno: nfserr = nfserrno(error); out: posix_acl_release(argp->acl_access); posix_acl_release(argp->acl_default); RETURN_STATUS(nfserr); }",visit repo url,fs/nfsd/nfs3acl.c,https://github.com/torvalds/linux,269535791811546,1 6044,CWE-190,"#endif int main(void) { if (core_init() != RLC_OK) { core_clean(); return 1; } util_banner(""Tests for the CP module"", 0); #if defined(WITH_BN) && defined(WITH_PC) util_banner(""Protocols based on accumulators:\n"", 0); if (pc_param_set_any() == RLC_OK) { if (psi() != RLC_OK) { core_clean(); return 1; } } #endif #if defined(WITH_BN) util_banner(""Protocols based on integer factorization:\n"", 0); if (rsa() != RLC_OK) { core_clean(); return 1; } if (rabin() != RLC_OK) { core_clean(); return 1; } if (benaloh() != RLC_OK) { core_clean(); return 1; } if (paillier() != RLC_OK) { core_clean(); return 1; } if (subgroup_paillier() != RLC_OK) { core_clean(); return 1; } #endif #if defined(WITH_EC) util_banner(""Protocols based on elliptic curves:\n"", 0); if (ec_param_set_any() == RLC_OK) { if (ecdh() != RLC_OK) { core_clean(); return 1; } if (ecmqv() != RLC_OK) { core_clean(); return 1; } #if defined(WITH_BC) if (ecies() != RLC_OK) { core_clean(); return 1; } #endif if (ecdsa() != RLC_OK) { core_clean(); return 1; } if (ecss() != RLC_OK) { core_clean(); return 1; } if (vbnn() != RLC_OK) { core_clean(); return 1; } if (pok() != RLC_OK) { core_clean(); return 1; } if (sok() != RLC_OK) { core_clean(); return 1; } if (ers() != RLC_OK) { core_clean(); return 1; } if (smlers() != RLC_OK) { core_clean(); return 1; } if (etrs() != RLC_OK) { core_clean(); return 1; } } #endif #if defined(WITH_PC) util_banner(""Protocols based on pairings:\n"", 0); if (pc_param_set_any() == RLC_OK) { if (pdpub() != RLC_OK) { core_clean(); return 1; } if (pdprv() != RLC_OK) { core_clean(); return 1; } if (sokaka() != RLC_OK) { core_clean(); return 1; } if (ibe() != RLC_OK) { core_clean(); return 1; } if (bgn() != RLC_OK) { core_clean(); return 1; } if (bls() != RLC_OK) { core_clean(); return 1; } if (bbs() != RLC_OK) { core_clean(); return 1; } if (cls() != RLC_OK) { core_clean(); return 1; } if (pss() != RLC_OK) { core_clean(); return 1; } #if defined(WITH_MPC) if (mpss() != RLC_OK) { core_clean(); return 1; } #endif if (zss() != RLC_OK) { core_clean(); return 1; } if (lhs() != RLC_OK) { core_clean(); return 1; } } #endif util_banner(""All tests have passed.\n"", 0); core_clean();",visit repo url,test/test_cp.c,https://github.com/relic-toolkit/relic,127820338782255,1 2340,['CWE-120'],"asmlinkage long sys_mknodat(int dfd, const char __user *filename, int mode, unsigned dev) { int error = 0; char * tmp; struct dentry * dentry; struct nameidata nd; if (S_ISDIR(mode)) return -EPERM; tmp = getname(filename); if (IS_ERR(tmp)) return PTR_ERR(tmp); error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd); if (error) goto out; dentry = lookup_create(&nd, 0); if (IS_ERR(dentry)) { error = PTR_ERR(dentry); goto out_unlock; } if (!IS_POSIXACL(nd.path.dentry->d_inode)) mode &= ~current->fs->umask; error = may_mknod(mode); if (error) goto out_dput; error = mnt_want_write(nd.path.mnt); if (error) goto out_dput; switch (mode & S_IFMT) { case 0: case S_IFREG: error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd); break; case S_IFCHR: case S_IFBLK: error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode, new_decode_dev(dev)); break; case S_IFIFO: case S_IFSOCK: error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,0); break; } mnt_drop_write(nd.path.mnt); out_dput: dput(dentry); out_unlock: mutex_unlock(&nd.path.dentry->d_inode->i_mutex); path_put(&nd.path); out: putname(tmp); return error; }",linux-2.6,,,60226493380353852146968767988940515387,0 88,['CWE-787'],"static void cirrus_linear_bitblt_writew(void *opaque, target_phys_addr_t addr, uint32_t val) { #ifdef TARGET_WORDS_BIGENDIAN cirrus_linear_bitblt_writeb(opaque, addr, (val >> 8) & 0xff); cirrus_linear_bitblt_writeb(opaque, addr + 1, val & 0xff); #else cirrus_linear_bitblt_writeb(opaque, addr, val & 0xff); cirrus_linear_bitblt_writeb(opaque, addr + 1, (val >> 8) & 0xff); #endif }",qemu,,,170918562455389376793882357221783140808,0 6364,[],"void saveVCard (TNEFStruct *tnef, const gchar *tmpdir) { gchar *ifilename; gchar *absfilename, *file=NULL; FILE *fptr; variableLength *vl; variableLength *pobox, *street, *city, *state, *zip, *country; dtr thedate; gint boolean; if ((vl = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_DISPLAY_NAME))) == MAPI_UNDEFINED) { if ((vl=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_COMPANY_NAME))) == MAPI_UNDEFINED) { if (tnef->subject.size > 0) { file = sanitize_filename (tnef->subject.data); if (!file) return; absfilename = g_strconcat (file, "".vcard"", NULL); } else absfilename = g_strdup (""unknown.vcard""); } else { file = sanitize_filename (vl->data); if (!file) return; absfilename = g_strconcat (file, "".vcard"", NULL); } } else { file = sanitize_filename (vl->data); if (!file) return; absfilename = g_strconcat (file, "".vcard"", NULL); } ifilename = g_build_filename (tmpdir, absfilename, NULL); g_free (file); g_free (absfilename); if ((fptr = fopen(ifilename, ""wb""))==NULL) { printf(""Error writing file to disk!""); } else { fprintf(fptr, ""BEGIN:VCARD\n""); fprintf(fptr, ""VERSION:2.1\n""); if (vl != MAPI_UNDEFINED) { fprintf(fptr, ""FN:%s\n"", vl->data); } fprintProperty(tnef, fptr, PT_STRING8, PR_NICKNAME, ""NICKNAME:%s\n""); fprintUserProp(tnef, fptr, PT_STRING8, 0x8554, ""MAILER:Microsoft Outlook %s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_SPOUSE_NAME, ""X-EVOLUTION-SPOUSE:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_MANAGER_NAME, ""X-EVOLUTION-MANAGER:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_ASSISTANT, ""X-EVOLUTION-ASSISTANT:%s\n""); if ((vl=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_COMPANY_NAME))) != MAPI_UNDEFINED) { if (vl->size > 0) { if ((vl->size == 1) && (vl->data[0] == 0)) { } else { fprintf(fptr,""ORG:%s"", vl->data); if ((vl=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_DEPARTMENT_NAME))) != MAPI_UNDEFINED) { fprintf(fptr,"";%s"", vl->data); } fprintf(fptr, ""\n""); } } } fprintProperty(tnef, fptr, PT_STRING8, PR_OFFICE_LOCATION, ""X-EVOLUTION-OFFICE:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_TITLE, ""TITLE:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_PROFESSION, ""ROLE:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_BODY, ""NOTE:%s\n""); if (tnef->body.size > 0) { fprintf(fptr, ""NOTE;QUOTED-PRINTABLE:""); quotedfprint (fptr, &(tnef->body)); fprintf(fptr,""\n""); } boolean = 0; if ((pobox = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_POST_OFFICE_BOX))) != MAPI_UNDEFINED) { boolean = 1; } if ((street = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_STREET_ADDRESS))) != MAPI_UNDEFINED) { boolean = 1; } if ((city = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_LOCALITY))) != MAPI_UNDEFINED) { boolean = 1; } if ((state = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_STATE_OR_PROVINCE))) != MAPI_UNDEFINED) { boolean = 1; } if ((zip = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_POSTAL_CODE))) != MAPI_UNDEFINED) { boolean = 1; } if ((country = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_COUNTRY))) != MAPI_UNDEFINED) { boolean = 1; } if (boolean == 1) { fprintf(fptr, ""ADR;QUOTED-PRINTABLE;WORK:""); if (pobox != MAPI_UNDEFINED) { quotedfprint (fptr, pobox); } fprintf(fptr, "";;""); if (street != MAPI_UNDEFINED) { quotedfprint (fptr, street); } fprintf(fptr, "";""); if (city != MAPI_UNDEFINED) { quotedfprint (fptr, city); } fprintf(fptr, "";""); if (state != MAPI_UNDEFINED) { quotedfprint (fptr, state); } fprintf(fptr, "";""); if (zip != MAPI_UNDEFINED) { quotedfprint (fptr, zip); } fprintf(fptr, "";""); if (country != MAPI_UNDEFINED) { quotedfprint (fptr, country); } fprintf(fptr,""\n""); if ((vl = MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x801b))) != MAPI_UNDEFINED) { fprintf(fptr, ""LABEL;QUOTED-PRINTABLE;WORK:""); quotedfprint (fptr, vl); fprintf(fptr,""\n""); } } boolean = 0; if ((pobox = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_HOME_ADDRESS_POST_OFFICE_BOX))) != MAPI_UNDEFINED) { boolean = 1; } if ((street = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_HOME_ADDRESS_STREET))) != MAPI_UNDEFINED) { boolean = 1; } if ((city = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_HOME_ADDRESS_CITY))) != MAPI_UNDEFINED) { boolean = 1; } if ((state = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_HOME_ADDRESS_STATE_OR_PROVINCE))) != MAPI_UNDEFINED) { boolean = 1; } if ((zip = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_HOME_ADDRESS_POSTAL_CODE))) != MAPI_UNDEFINED) { boolean = 1; } if ((country = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_HOME_ADDRESS_COUNTRY))) != MAPI_UNDEFINED) { boolean = 1; } if (boolean == 1) { fprintf(fptr, ""ADR;QUOTED-PRINTABLE;HOME:""); if (pobox != MAPI_UNDEFINED) { quotedfprint (fptr, pobox); } fprintf(fptr, "";;""); if (street != MAPI_UNDEFINED) { quotedfprint (fptr, street); } fprintf(fptr, "";""); if (city != MAPI_UNDEFINED) { quotedfprint (fptr, city); } fprintf(fptr, "";""); if (state != MAPI_UNDEFINED) { quotedfprint (fptr, state); } fprintf(fptr, "";""); if (zip != MAPI_UNDEFINED) { quotedfprint (fptr, zip); } fprintf(fptr, "";""); if (country != MAPI_UNDEFINED) { quotedfprint (fptr, country); } fprintf(fptr,""\n""); if ((vl = MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x801a))) != MAPI_UNDEFINED) { fprintf(fptr, ""LABEL;QUOTED-PRINTABLE;WORK:""); quotedfprint (fptr, vl); fprintf(fptr,""\n""); } } boolean = 0; if ((pobox = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_OTHER_ADDRESS_POST_OFFICE_BOX))) != MAPI_UNDEFINED) { boolean = 1; } if ((street = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_OTHER_ADDRESS_STREET))) != MAPI_UNDEFINED) { boolean = 1; } if ((city = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_OTHER_ADDRESS_CITY))) != MAPI_UNDEFINED) { boolean = 1; } if ((state = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_OTHER_ADDRESS_STATE_OR_PROVINCE))) != MAPI_UNDEFINED) { boolean = 1; } if ((zip = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_OTHER_ADDRESS_POSTAL_CODE))) != MAPI_UNDEFINED) { boolean = 1; } if ((country = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_OTHER_ADDRESS_COUNTRY))) != MAPI_UNDEFINED) { boolean = 1; } if (boolean == 1) { fprintf(fptr, ""ADR;QUOTED-PRINTABLE;OTHER:""); if (pobox != MAPI_UNDEFINED) { quotedfprint (fptr, pobox); } fprintf(fptr, "";;""); if (street != MAPI_UNDEFINED) { quotedfprint (fptr, street); } fprintf(fptr, "";""); if (city != MAPI_UNDEFINED) { quotedfprint (fptr, city); } fprintf(fptr, "";""); if (state != MAPI_UNDEFINED) { quotedfprint (fptr, state); } fprintf(fptr, "";""); if (zip != MAPI_UNDEFINED) { quotedfprint (fptr, zip); } fprintf(fptr, "";""); if (country != MAPI_UNDEFINED) { quotedfprint (fptr, country); } fprintf(fptr,""\n""); } fprintProperty(tnef, fptr, PT_STRING8, PR_CALLBACK_TELEPHONE_NUMBER, ""TEL;X-EVOLUTION-CALLBACK:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_PRIMARY_TELEPHONE_NUMBER, ""TEL;PREF:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_MOBILE_TELEPHONE_NUMBER, ""TEL;CELL:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_RADIO_TELEPHONE_NUMBER, ""TEL;X-EVOLUTION-RADIO:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_CAR_TELEPHONE_NUMBER, ""TEL;CAR:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_OTHER_TELEPHONE_NUMBER, ""TEL;VOICE:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_PAGER_TELEPHONE_NUMBER, ""TEL;PAGER:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_TELEX_NUMBER, ""TEL;X-EVOLUTION-TELEX:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_ISDN_NUMBER, ""TEL;ISDN:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_HOME2_TELEPHONE_NUMBER, ""TEL;HOME:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_TTYTDD_PHONE_NUMBER, ""TEL;X-EVOLUTION-TTYTDD:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_HOME_TELEPHONE_NUMBER, ""TEL;HOME;VOICE:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_ASSISTANT_TELEPHONE_NUMBER, ""TEL;X-EVOLUTION-ASSISTANT:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_COMPANY_MAIN_PHONE_NUMBER, ""TEL;WORK:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_BUSINESS_TELEPHONE_NUMBER, ""TEL;WORK:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_BUSINESS2_TELEPHONE_NUMBER, ""TEL;WORK;VOICE:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_PRIMARY_FAX_NUMBER, ""TEL;PREF;FAX:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_BUSINESS_FAX_NUMBER, ""TEL;WORK;FAX:%s\n""); fprintProperty(tnef, fptr, PT_STRING8, PR_HOME_FAX_NUMBER, ""TEL;HOME;FAX:%s\n""); if ((vl=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x8083))) == MAPI_UNDEFINED) { vl=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x8084)); } if (vl != MAPI_UNDEFINED) { if (vl->size > 0) fprintf(fptr, ""EMAIL:%s\n"", vl->data); } if ((vl=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x8093))) == MAPI_UNDEFINED) { vl=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x8094)); } if (vl != MAPI_UNDEFINED) { if (vl->size > 0) fprintf(fptr, ""EMAIL:%s\n"", vl->data); } if ((vl=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x80a3))) == MAPI_UNDEFINED) { vl=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x80a4)); } if (vl != MAPI_UNDEFINED) { if (vl->size > 0) fprintf(fptr, ""EMAIL:%s\n"", vl->data); } fprintProperty(tnef, fptr, PT_STRING8, PR_BUSINESS_HOME_PAGE, ""URL:%s\n""); fprintUserProp(tnef, fptr, PT_STRING8, 0x80d8, ""FBURL:%s\n""); if ((vl=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_SYSTIME, PR_BIRTHDAY))) != MAPI_UNDEFINED) { fprintf(fptr, ""BDAY:""); MAPISysTimetoDTR ((guchar *) vl->data, &thedate); fprintf(fptr, ""%i-%02i-%02i\n"", thedate.wYear, thedate.wMonth, thedate.wDay); } if ((vl=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_SYSTIME, PR_WEDDING_ANNIVERSARY))) != MAPI_UNDEFINED) { fprintf(fptr, ""X-EVOLUTION-ANNIVERSARY:""); MAPISysTimetoDTR ((guchar *) vl->data, &thedate); fprintf(fptr, ""%i-%02i-%02i\n"", thedate.wYear, thedate.wMonth, thedate.wDay); } fprintf(fptr, ""END:VCARD\n""); fclose (fptr); } g_free (ifilename); }",evolution,,,270407374206616112266577593317784946589,0 1409,[],"account_entity_dequeue(struct cfs_rq *cfs_rq, struct sched_entity *se) { update_load_sub(&cfs_rq->load, se->load.weight); cfs_rq->nr_running--; se->on_rq = 0; }",linux-2.6,,,17825089591258153302093751985617498128,0 4020,CWE-787,"local block_state deflate_slow(s, flush) deflate_state *s; int flush; { IPos hash_head; int bflush; for (;;) { if (s->lookahead < MIN_LOOKAHEAD) { fill_window(s); if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { return need_more; } if (s->lookahead == 0) break; } hash_head = NIL; if (s->lookahead >= MIN_MATCH) { INSERT_STRING(s, s->strstart, hash_head); } s->prev_length = s->match_length, s->prev_match = s->match_start; s->match_length = MIN_MATCH-1; if (hash_head != NIL && s->prev_length < s->max_lazy_match && s->strstart - hash_head <= MAX_DIST(s)) { s->match_length = longest_match (s, hash_head); if (s->match_length <= 5 && (s->strategy == Z_FILTERED #if TOO_FAR <= 32767 || (s->match_length == MIN_MATCH && s->strstart - s->match_start > TOO_FAR) #endif )) { s->match_length = MIN_MATCH-1; } } if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) { uInt max_insert = s->strstart + s->lookahead - MIN_MATCH; check_match(s, s->strstart-1, s->prev_match, s->prev_length); _tr_tally_dist(s, s->strstart -1 - s->prev_match, s->prev_length - MIN_MATCH, bflush); s->lookahead -= s->prev_length-1; s->prev_length -= 2; do { if (++s->strstart <= max_insert) { INSERT_STRING(s, s->strstart, hash_head); } } while (--s->prev_length != 0); s->match_available = 0; s->match_length = MIN_MATCH-1; s->strstart++; if (bflush) FLUSH_BLOCK(s, 0); } else if (s->match_available) { Tracevv((stderr,""%c"", s->window[s->strstart-1])); _tr_tally_lit(s, s->window[s->strstart-1], bflush); if (bflush) { FLUSH_BLOCK_ONLY(s, 0); } s->strstart++; s->lookahead--; if (s->strm->avail_out == 0) return need_more; } else { s->match_available = 1; s->strstart++; s->lookahead--; } } Assert (flush != Z_NO_FLUSH, ""no flush?""); if (s->match_available) { Tracevv((stderr,""%c"", s->window[s->strstart-1])); _tr_tally_lit(s, s->window[s->strstart-1], bflush); s->match_available = 0; } s->insert = s->strstart < MIN_MATCH-1 ? s->strstart : MIN_MATCH-1; if (flush == Z_FINISH) { FLUSH_BLOCK(s, 1); return finish_done; } if (s->last_lit) FLUSH_BLOCK(s, 0); return block_done; }",visit repo url,deflate.c,https://github.com/madler/zlib,71637900306359,1 5213,CWE-276,"try_resolve_op_from_metadata (FlatpakTransaction *self, FlatpakTransactionOperation *op, const char *checksum, GFile *sideload_path, FlatpakRemoteState *state) { g_autoptr(GBytes) metadata_bytes = NULL; guint64 download_size = 0; guint64 installed_size = 0; const char *metadata = NULL; VarMetadataRef sparse_cache; VarRefInfoRef info; g_autofree char *summary_checksum = NULL; if ((state->summary == NULL && state->index == NULL) || !flatpak_remote_state_lookup_ref (state, flatpak_decomposed_get_ref (op->ref), &summary_checksum, NULL, NULL, NULL, NULL) || strcmp (summary_checksum, checksum) != 0) return FALSE; if (!flatpak_remote_state_lookup_cache (state, flatpak_decomposed_get_ref (op->ref), &download_size, &installed_size, &metadata, NULL)) return FALSE; metadata_bytes = g_bytes_new (metadata, strlen (metadata) + 1); if (flatpak_remote_state_lookup_ref (state, flatpak_decomposed_get_ref (op->ref), NULL, NULL, &info, NULL, NULL)) op->summary_metadata = var_metadata_dup_to_gvariant (var_ref_info_get_metadata (info)); op->installed_size = installed_size; op->download_size = download_size; op->token_type = state->default_token_type; if (flatpak_remote_state_lookup_sparse_cache (state, flatpak_decomposed_get_ref (op->ref), &sparse_cache, NULL)) { op->eol = g_strdup (var_metadata_lookup_string (sparse_cache, FLATPAK_SPARSE_CACHE_KEY_ENDOFLINE, NULL)); op->eol_rebase = g_strdup (var_metadata_lookup_string (sparse_cache, FLATPAK_SPARSE_CACHE_KEY_ENDOFLINE_REBASE, NULL)); op->token_type = GINT32_FROM_LE (var_metadata_lookup_int32 (sparse_cache, FLATPAK_SPARSE_CACHE_KEY_TOKEN_TYPE, op->token_type)); } resolve_op_end (self, op, checksum, sideload_path, metadata_bytes); return TRUE; }",visit repo url,common/flatpak-transaction.c,https://github.com/flatpak/flatpak,280316660392686,1 3661,CWE-190,"opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, opj_cp_t *p_cp, OPJ_UINT32 p_tile_no) { OPJ_UINT32 pino; OPJ_UINT32 compno, resno; OPJ_UINT32 * l_tmp_data; OPJ_UINT32 ** l_tmp_ptr; OPJ_UINT32 l_max_res; OPJ_UINT32 l_max_prec; OPJ_INT32 l_tx0,l_tx1,l_ty0,l_ty1; OPJ_UINT32 l_dx_min,l_dy_min; OPJ_UINT32 l_bound; OPJ_UINT32 l_step_p , l_step_c , l_step_r , l_step_l ; OPJ_UINT32 l_data_stride; opj_pi_iterator_t *l_pi = 00; opj_tcp_t *l_tcp = 00; const opj_tccp_t *l_tccp = 00; opj_pi_comp_t *l_current_comp = 00; opj_image_comp_t * l_img_comp = 00; opj_pi_iterator_t * l_current_pi = 00; OPJ_UINT32 * l_encoding_value_ptr = 00; assert(p_cp != 00); assert(p_image != 00); assert(p_tile_no < p_cp->tw * p_cp->th); l_tcp = &p_cp->tcps[p_tile_no]; l_bound = l_tcp->numpocs+1; l_data_stride = 4 * OPJ_J2K_MAXRLVLS; l_tmp_data = (OPJ_UINT32*)opj_malloc( l_data_stride * p_image->numcomps * sizeof(OPJ_UINT32)); if (! l_tmp_data) { return 00; } l_tmp_ptr = (OPJ_UINT32**)opj_malloc( p_image->numcomps * sizeof(OPJ_UINT32 *)); if (! l_tmp_ptr) { opj_free(l_tmp_data); return 00; } l_pi = opj_pi_create(p_image, p_cp, p_tile_no); if (!l_pi) { opj_free(l_tmp_data); opj_free(l_tmp_ptr); return 00; } l_encoding_value_ptr = l_tmp_data; for (compno = 0; compno < p_image->numcomps; ++compno) { l_tmp_ptr[compno] = l_encoding_value_ptr; l_encoding_value_ptr += l_data_stride; } opj_get_all_encoding_parameters(p_image,p_cp,p_tile_no,&l_tx0,&l_tx1,&l_ty0,&l_ty1,&l_dx_min,&l_dy_min,&l_max_prec,&l_max_res,l_tmp_ptr); l_step_p = 1; l_step_c = l_max_prec * l_step_p; l_step_r = p_image->numcomps * l_step_c; l_step_l = l_max_res * l_step_r; l_current_pi = l_pi; l_current_pi->include = 00; if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U))) { l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); } if (!l_current_pi->include) { opj_free(l_tmp_data); opj_free(l_tmp_ptr); opj_pi_destroy(l_pi, l_bound); return 00; } l_current_comp = l_current_pi->comps; l_img_comp = p_image->comps; l_tccp = l_tcp->tccps; l_current_pi->tx0 = l_tx0; l_current_pi->ty0 = l_ty0; l_current_pi->tx1 = l_tx1; l_current_pi->ty1 = l_ty1; l_current_pi->step_p = l_step_p; l_current_pi->step_c = l_step_c; l_current_pi->step_r = l_step_r; l_current_pi->step_l = l_step_l; for (compno = 0; compno < l_current_pi->numcomps; ++compno) { opj_pi_resolution_t *l_res = l_current_comp->resolutions; l_encoding_value_ptr = l_tmp_ptr[compno]; l_current_comp->dx = l_img_comp->dx; l_current_comp->dy = l_img_comp->dy; for (resno = 0; resno < l_current_comp->numresolutions; resno++) { l_res->pdx = *(l_encoding_value_ptr++); l_res->pdy = *(l_encoding_value_ptr++); l_res->pw = *(l_encoding_value_ptr++); l_res->ph = *(l_encoding_value_ptr++); ++l_res; } ++l_current_comp; ++l_img_comp; ++l_tccp; } ++l_current_pi; for (pino = 1 ; pinocomps; l_img_comp = p_image->comps; l_tccp = l_tcp->tccps; l_current_pi->tx0 = l_tx0; l_current_pi->ty0 = l_ty0; l_current_pi->tx1 = l_tx1; l_current_pi->ty1 = l_ty1; l_current_pi->step_p = l_step_p; l_current_pi->step_c = l_step_c; l_current_pi->step_r = l_step_r; l_current_pi->step_l = l_step_l; for (compno = 0; compno < l_current_pi->numcomps; ++compno) { opj_pi_resolution_t *l_res = l_current_comp->resolutions; l_encoding_value_ptr = l_tmp_ptr[compno]; l_current_comp->dx = l_img_comp->dx; l_current_comp->dy = l_img_comp->dy; for (resno = 0; resno < l_current_comp->numresolutions; resno++) { l_res->pdx = *(l_encoding_value_ptr++); l_res->pdy = *(l_encoding_value_ptr++); l_res->pw = *(l_encoding_value_ptr++); l_res->ph = *(l_encoding_value_ptr++); ++l_res; } ++l_current_comp; ++l_img_comp; ++l_tccp; } l_current_pi->include = (l_current_pi-1)->include; ++l_current_pi; } opj_free(l_tmp_data); l_tmp_data = 00; opj_free(l_tmp_ptr); l_tmp_ptr = 00; if (l_tcp->POC) { opj_pi_update_decode_poc (l_pi,l_tcp,l_max_prec,l_max_res); } else { opj_pi_update_decode_not_poc(l_pi,l_tcp,l_max_prec,l_max_res); } return l_pi; }",visit repo url,src/lib/openjp2/pi.c,https://github.com/uclouvain/openjpeg,25099343071901,1 2074,[],"static inline int udp_v4_get_port(struct sock *sk, unsigned short snum) { return udp_get_port(sk, snum, ipv4_rcv_saddr_equal); }",linux-2.6,,,249576302620110080946651790757689611599,0 763,CWE-20,"static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); int noblock = flags & MSG_DONTWAIT; size_t copied = 0; int target, err; long timeo; IRDA_DEBUG(3, ""%s()\n"", __func__); if ((err = sock_error(sk)) < 0) return err; if (sock->flags & __SO_ACCEPTCON) return -EINVAL; err =-EOPNOTSUPP; if (flags & MSG_OOB) return -EOPNOTSUPP; err = 0; target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, noblock); msg->msg_namelen = 0; do { int chunk; struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue); if (skb == NULL) { DEFINE_WAIT(wait); err = 0; if (copied >= target) break; prepare_to_wait_exclusive(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); err = sock_error(sk); if (err) ; else if (sk->sk_shutdown & RCV_SHUTDOWN) ; else if (noblock) err = -EAGAIN; else if (signal_pending(current)) err = sock_intr_errno(timeo); else if (sk->sk_state != TCP_ESTABLISHED) err = -ENOTCONN; else if (skb_peek(&sk->sk_receive_queue) == NULL) schedule(); finish_wait(sk_sleep(sk), &wait); if (err) return err; if (sk->sk_shutdown & RCV_SHUTDOWN) break; continue; } chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { IRDA_DEBUG(1, ""%s(), back on q!\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { IRDA_DEBUG(0, ""%s() questionable!?\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",visit repo url,net/irda/af_irda.c,https://github.com/torvalds/linux,219986388594170,1 6739,CWE-79,"void OpenURL(const char *url) { if (strchr(url, '\'') != NULL) { TRACELOG(LOG_WARNING, ""SYSTEM: Provided URL is not valid""); } else { #if defined(PLATFORM_DESKTOP) char *cmd = (char *)RL_CALLOC(strlen(url) + 32, sizeof(char)); #if defined(_WIN32) sprintf(cmd, ""explorer \""%s\"""", url); #endif #if defined(__linux__) || defined(__FreeBSD__) || defined(__OpenBSD__) sprintf(cmd, ""xdg-open '%s'"", url); #endif #if defined(__APPLE__) sprintf(cmd, ""open '%s'"", url); #endif int result = system(cmd); if (result == -1) TRACELOG(LOG_WARNING, ""OpenURL() child process could not be created""); RL_FREE(cmd); #endif #if defined(PLATFORM_WEB) emscripten_run_script(TextFormat(""window.open('%s', '_blank')"", url)); #endif #if defined(PLATFORM_ANDROID) JNIEnv *env = NULL; JavaVM *vm = CORE.Android.app->activity->vm; (*vm)->AttachCurrentThread(vm, &env, NULL); jstring urlString = (*env)->NewStringUTF(env, url); jclass uriClass = (*env)->FindClass(env, ""android/net/Uri""); jmethodID uriParse = (*env)->GetStaticMethodID(env, uriClass, ""parse"", ""(Ljava/lang/String;)Landroid/net/Uri;""); jobject uri = (*env)->CallStaticObjectMethod(env, uriClass, uriParse, urlString); jclass intentClass = (*env)->FindClass(env, ""android/content/Intent""); jfieldID actionViewId = (*env)->GetStaticFieldID(env, intentClass, ""ACTION_VIEW"", ""Ljava/lang/String;""); jobject actionView = (*env)->GetStaticObjectField(env, intentClass, actionViewId); jmethodID newIntent = (*env)->GetMethodID(env, intentClass, """", ""(Ljava/lang/String;Landroid/net/Uri;)V""); jobject intent = (*env)->AllocObject(env, intentClass); (*env)->CallVoidMethod(env, intent, newIntent, actionView, uri); jclass activityClass = (*env)->FindClass(env, ""android/app/Activity""); jmethodID startActivity = (*env)->GetMethodID(env, activityClass, ""startActivity"", ""(Landroid/content/Intent;)V""); (*env)->CallVoidMethod(env, CORE.Android.app->activity->clazz, startActivity, intent); (*vm)->DetachCurrentThread(vm); #endif } }",visit repo url,src/rcore.c,https://github.com/raysan5/raylib,83106288095650,1 6662,CWE-787,"bool initialise_control(rzip_control *control) { time_t now_t, tdiff; char localeptr[] = ""./"", *eptr; size_t len; memset(control, 0, sizeof(rzip_control)); control->msgout = stderr; control->msgerr = stderr; register_outputfile(control, control->msgout); control->flags = FLAG_SHOW_PROGRESS | FLAG_KEEP_FILES | FLAG_THRESHOLD; control->suffix = "".lrz""; control->compression_level = 7; control->ramsize = get_ram(control); if (unlikely(control->ramsize == -1)) return false; control->threads = PROCESSORS; control->page_size = PAGE_SIZE; control->nice_val = 19; if (unlikely((now_t = time(NULL)) == ((time_t)-1))) fatal_return((""Failed to call time in main\n""), false); if (unlikely(now_t < T_ZERO)) { print_output(""Warning your time reads before the year 2011, check your system clock\n""); now_t = T_ZERO; } tdiff = (now_t - T_ZERO) / 4; now_t = T_ZERO + tdiff; control->secs = now_t; control->encloops = nloops(control->secs, control->salt, control->salt + 1); if (unlikely(!get_rand(control, control->salt + 2, 6))) return false; eptr = getenv(""TMPDIR""); if (!eptr) eptr = getenv(""TMP""); if (!eptr) eptr = getenv(""TEMPDIR""); if (!eptr) eptr = getenv(""TEMP""); if (!eptr) eptr = localeptr; len = strlen(eptr); control->tmpdir = malloc(len + 2); if (control->tmpdir == NULL) fatal_return((""Failed to allocate for tmpdir\n""), false); strcpy(control->tmpdir, eptr); if (control->tmpdir[len - 1] != '/') { control->tmpdir[len] = '/'; control->tmpdir[len + 1] = '\0'; } return true; }",visit repo url,lrzip.c,https://github.com/ckolivas/lrzip,133849655277650,1 2490,['CWE-119'],"static void prepare_show_merge(struct rev_info *revs) { struct commit_list *bases; struct commit *head, *other; unsigned char sha1[20]; const char **prune = NULL; int i, prune_num = 1; if (get_sha1(""HEAD"", sha1) || !(head = lookup_commit(sha1))) die(""--merge without HEAD?""); if (get_sha1(""MERGE_HEAD"", sha1) || !(other = lookup_commit(sha1))) die(""--merge without MERGE_HEAD?""); add_pending_object(revs, &head->object, ""HEAD""); add_pending_object(revs, &other->object, ""MERGE_HEAD""); bases = get_merge_bases(head, other, 1); add_pending_commit_list(revs, bases, UNINTERESTING); free_commit_list(bases); head->object.flags |= SYMMETRIC_LEFT; if (!active_nr) read_cache(); for (i = 0; i < active_nr; i++) { struct cache_entry *ce = active_cache[i]; if (!ce_stage(ce)) continue; if (ce_path_match(ce, revs->prune_data)) { prune_num++; prune = xrealloc(prune, sizeof(*prune) * prune_num); prune[prune_num-2] = ce->name; prune[prune_num-1] = NULL; } while ((i+1 < active_nr) && ce_same_name(ce, active_cache[i+1])) i++; } revs->prune_data = prune; revs->limited = 1; }",git,,,74251962468275781786324442164665856901,0 3939,CWE-476,"INTERNAL void vterm_screen_free(VTermScreen *screen) { vterm_allocator_free(screen->vt, screen->buffers[0]); if(screen->buffers[1]) vterm_allocator_free(screen->vt, screen->buffers[1]); vterm_allocator_free(screen->vt, screen->sb_buffer); vterm_allocator_free(screen->vt, screen); }",visit repo url,src/libvterm/src/termscreen.c,https://github.com/vim/vim,182457697458719,1 1265,[],"m4_syscmd (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 2, 2)) { sysval = 0; return; } debug_flush_files (); sysval = system (ARG (1)); #if FUNC_SYSTEM_BROKEN if (sysval != -1) sysval <<= 8; #endif }",m4,,,100700074887027789401243706299808948441,0 2491,CWE-190,"static void controloptions (lua_State *L, int opt, const char **fmt, Header *h) { switch (opt) { case ' ': return; case '>': h->endian = BIG; return; case '<': h->endian = LITTLE; return; case '!': { int a = getnum(L, fmt, MAXALIGN); if (!isp2(a)) luaL_error(L, ""alignment %d is not a power of 2"", a); h->align = a; return; } default: { const char *msg = lua_pushfstring(L, ""invalid format option '%c'"", opt); luaL_argerror(L, 1, msg); } } }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,104298685770207,1 1704,CWE-19,"ext4_xattr_cache_find(struct inode *inode, struct ext4_xattr_header *header, struct mb_cache_entry **pce) { __u32 hash = le32_to_cpu(header->h_hash); struct mb_cache_entry *ce; struct mb_cache *ext4_mb_cache = EXT4_GET_MB_CACHE(inode); if (!header->h_hash) return NULL; ea_idebug(inode, ""looking for cached blocks [%x]"", (int)hash); again: ce = mb_cache_entry_find_first(ext4_mb_cache, inode->i_sb->s_bdev, hash); while (ce) { struct buffer_head *bh; if (IS_ERR(ce)) { if (PTR_ERR(ce) == -EAGAIN) goto again; break; } bh = sb_bread(inode->i_sb, ce->e_block); if (!bh) { EXT4_ERROR_INODE(inode, ""block %lu read error"", (unsigned long) ce->e_block); } else if (le32_to_cpu(BHDR(bh)->h_refcount) >= EXT4_XATTR_REFCOUNT_MAX) { ea_idebug(inode, ""block %lu refcount %d>=%d"", (unsigned long) ce->e_block, le32_to_cpu(BHDR(bh)->h_refcount), EXT4_XATTR_REFCOUNT_MAX); } else if (ext4_xattr_cmp(header, BHDR(bh)) == 0) { *pce = ce; return bh; } brelse(bh); ce = mb_cache_entry_find_next(ce, inode->i_sb->s_bdev, hash); } return NULL; }",visit repo url,fs/ext4/xattr.c,https://github.com/torvalds/linux,131213899686759,1 589,[],"static int bad_inode_rmdir (struct inode *dir, struct dentry *dentry) { return -EIO; }",linux-2.6,,,313830742176006441284046530680556026832,0 3995,CWE-909,"static void suboption(struct Curl_easy *data) { struct curl_slist *v; unsigned char temp[2048]; ssize_t bytes_written; size_t len; int err; char varname[128] = """"; char varval[128] = """"; struct TELNET *tn = data->req.p.telnet; struct connectdata *conn = data->conn; printsub(data, '<', (unsigned char *)tn->subbuffer, CURL_SB_LEN(tn) + 2); switch(CURL_SB_GET(tn)) { case CURL_TELOPT_TTYPE: len = strlen(tn->subopt_ttype) + 4 + 2; msnprintf((char *)temp, sizeof(temp), ""%c%c%c%c%s%c%c"", CURL_IAC, CURL_SB, CURL_TELOPT_TTYPE, CURL_TELQUAL_IS, tn->subopt_ttype, CURL_IAC, CURL_SE); bytes_written = swrite(conn->sock[FIRSTSOCKET], temp, len); if(bytes_written < 0) { err = SOCKERRNO; failf(data,""Sending data failed (%d)"",err); } printsub(data, '>', &temp[2], len-2); break; case CURL_TELOPT_XDISPLOC: len = strlen(tn->subopt_xdisploc) + 4 + 2; msnprintf((char *)temp, sizeof(temp), ""%c%c%c%c%s%c%c"", CURL_IAC, CURL_SB, CURL_TELOPT_XDISPLOC, CURL_TELQUAL_IS, tn->subopt_xdisploc, CURL_IAC, CURL_SE); bytes_written = swrite(conn->sock[FIRSTSOCKET], temp, len); if(bytes_written < 0) { err = SOCKERRNO; failf(data,""Sending data failed (%d)"",err); } printsub(data, '>', &temp[2], len-2); break; case CURL_TELOPT_NEW_ENVIRON: msnprintf((char *)temp, sizeof(temp), ""%c%c%c%c"", CURL_IAC, CURL_SB, CURL_TELOPT_NEW_ENVIRON, CURL_TELQUAL_IS); len = 4; for(v = tn->telnet_vars; v; v = v->next) { size_t tmplen = (strlen(v->data) + 1); if(len + tmplen < (int)sizeof(temp)-6) { if(sscanf(v->data, ""%127[^,],%127s"", varname, varval)) { msnprintf((char *)&temp[len], sizeof(temp) - len, ""%c%s%c%s"", CURL_NEW_ENV_VAR, varname, CURL_NEW_ENV_VALUE, varval); len += tmplen; } } } msnprintf((char *)&temp[len], sizeof(temp) - len, ""%c%c"", CURL_IAC, CURL_SE); len += 2; bytes_written = swrite(conn->sock[FIRSTSOCKET], temp, len); if(bytes_written < 0) { err = SOCKERRNO; failf(data,""Sending data failed (%d)"",err); } printsub(data, '>', &temp[2], len-2); break; } return; }",visit repo url,lib/telnet.c,https://github.com/curl/curl,86519004713130,1 2989,CWE-119," */ private int mconvert(struct magic_set *ms, struct magic *m, int flip) { union VALUETYPE *p = &ms->ms_value; uint8_t type; switch (type = cvt_flip(m->type, flip)) { case FILE_BYTE: cvt_8(p, m); return 1; case FILE_SHORT: cvt_16(p, m); return 1; case FILE_LONG: case FILE_DATE: case FILE_LDATE: cvt_32(p, m); return 1; case FILE_QUAD: case FILE_QDATE: case FILE_QLDATE: case FILE_QWDATE: cvt_64(p, m); return 1; case FILE_STRING: case FILE_BESTRING16: case FILE_LESTRING16: { p->s[sizeof(p->s) - 1] = '\0'; return 1; } case FILE_PSTRING: { size_t sz = file_pstring_length_size(m); char *ptr1 = p->s, *ptr2 = ptr1 + sz; size_t len = file_pstring_get_length(m, ptr1); if (len >= sizeof(p->s)) { len = sizeof(p->s) - sz; } while (len--) *ptr1++ = *ptr2++; *ptr1 = '\0'; return 1; } case FILE_BESHORT: p->h = (short)((p->hs[0]<<8)|(p->hs[1])); cvt_16(p, m); return 1; case FILE_BELONG: case FILE_BEDATE: case FILE_BELDATE: p->l = (int32_t) ((p->hl[0]<<24)|(p->hl[1]<<16)|(p->hl[2]<<8)|(p->hl[3])); if (type == FILE_BELONG) cvt_32(p, m); return 1; case FILE_BEQUAD: case FILE_BEQDATE: case FILE_BEQLDATE: case FILE_BEQWDATE: p->q = (uint64_t) (((uint64_t)p->hq[0]<<56)|((uint64_t)p->hq[1]<<48)| ((uint64_t)p->hq[2]<<40)|((uint64_t)p->hq[3]<<32)| ((uint64_t)p->hq[4]<<24)|((uint64_t)p->hq[5]<<16)| ((uint64_t)p->hq[6]<<8)|((uint64_t)p->hq[7])); if (type == FILE_BEQUAD) cvt_64(p, m); return 1; case FILE_LESHORT: p->h = (short)((p->hs[1]<<8)|(p->hs[0])); cvt_16(p, m); return 1; case FILE_LELONG: case FILE_LEDATE: case FILE_LELDATE: p->l = (int32_t) ((p->hl[3]<<24)|(p->hl[2]<<16)|(p->hl[1]<<8)|(p->hl[0])); if (type == FILE_LELONG) cvt_32(p, m); return 1; case FILE_LEQUAD: case FILE_LEQDATE: case FILE_LEQLDATE: case FILE_LEQWDATE: p->q = (uint64_t) (((uint64_t)p->hq[7]<<56)|((uint64_t)p->hq[6]<<48)| ((uint64_t)p->hq[5]<<40)|((uint64_t)p->hq[4]<<32)| ((uint64_t)p->hq[3]<<24)|((uint64_t)p->hq[2]<<16)| ((uint64_t)p->hq[1]<<8)|((uint64_t)p->hq[0])); if (type == FILE_LEQUAD) cvt_64(p, m); return 1; case FILE_MELONG: case FILE_MEDATE: case FILE_MELDATE: p->l = (int32_t) ((p->hl[1]<<24)|(p->hl[0]<<16)|(p->hl[3]<<8)|(p->hl[2])); if (type == FILE_MELONG) cvt_32(p, m); return 1; case FILE_FLOAT: cvt_float(p, m); return 1; case FILE_BEFLOAT: p->l = ((uint32_t)p->hl[0]<<24)|((uint32_t)p->hl[1]<<16)| ((uint32_t)p->hl[2]<<8) |((uint32_t)p->hl[3]); cvt_float(p, m); return 1; case FILE_LEFLOAT: p->l = ((uint32_t)p->hl[3]<<24)|((uint32_t)p->hl[2]<<16)| ((uint32_t)p->hl[1]<<8) |((uint32_t)p->hl[0]); cvt_float(p, m); return 1; case FILE_DOUBLE: cvt_double(p, m); return 1; case FILE_BEDOUBLE: p->q = ((uint64_t)p->hq[0]<<56)|((uint64_t)p->hq[1]<<48)| ((uint64_t)p->hq[2]<<40)|((uint64_t)p->hq[3]<<32)| ((uint64_t)p->hq[4]<<24)|((uint64_t)p->hq[5]<<16)| ((uint64_t)p->hq[6]<<8) |((uint64_t)p->hq[7]); cvt_double(p, m); return 1; case FILE_LEDOUBLE: p->q = ((uint64_t)p->hq[7]<<56)|((uint64_t)p->hq[6]<<48)| ((uint64_t)p->hq[5]<<40)|((uint64_t)p->hq[4]<<32)| ((uint64_t)p->hq[3]<<24)|((uint64_t)p->hq[2]<<16)| ((uint64_t)p->hq[1]<<8) |((uint64_t)p->hq[0]); cvt_double(p, m); return 1; case FILE_REGEX: case FILE_SEARCH: case FILE_DEFAULT: case FILE_CLEAR: case FILE_NAME: case FILE_USE: return 1; default: file_magerror(ms, ""invalid type %d in mconvert()"", m->type); return 0;",visit repo url,src/softmagic.c,https://github.com/file/file,134581936452510,1 5321,CWE-787,"static void numtostr(js_State *J, const char *fmt, int w, double n) { char buf[32], *e; sprintf(buf, fmt, w, n); e = strchr(buf, 'e'); if (e) { int exp = atoi(e+1); sprintf(e, ""e%+d"", exp); } js_pushstring(J, buf); }",visit repo url,jsnumber.c,https://github.com/ccxvii/mujs,190668394390961,1 1003,CWE-119,"static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc, unsigned int *rsize) { if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && rdesc[41] == 0x00 && rdesc[59] == 0x26 && rdesc[60] == 0xf9 && rdesc[61] == 0x00) { hid_info(hdev, ""fixing up Petalynx Maxter Remote report descriptor\n""); rdesc[60] = 0xfa; rdesc[40] = 0xfa; } return rdesc; }",visit repo url,drivers/hid/hid-petalynx.c,https://github.com/torvalds/linux,181252790942102,1 4752,['CWE-20'],"int ext4_group_desc_csum_verify(struct ext4_sb_info *sbi, __u32 block_group, struct ext4_group_desc *gdp) { if ((sbi->s_es->s_feature_ro_compat & cpu_to_le32(EXT4_FEATURE_RO_COMPAT_GDT_CSUM)) && (gdp->bg_checksum != ext4_group_desc_csum(sbi, block_group, gdp))) return 0; return 1; }",linux-2.6,,,263204548640203523687784722859954981647,0 6522,['CWE-20'],"static inline int emulate_grp3(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) { struct decode_cache *c = &ctxt->decode; int rc = 0; switch (c->modrm_reg) { case 0 ... 1: emulate_2op_SrcV(""test"", c->src, c->dst, ctxt->eflags); break; case 2: c->dst.val = ~c->dst.val; break; case 3: emulate_1op(""neg"", c->dst, ctxt->eflags); break; default: DPRINTF(""Cannot emulate %02x\n"", c->b); rc = X86EMUL_UNHANDLEABLE; break; } return rc; }",kvm,,,131456053249539999897579840872062977605,0 19,['CWE-264'],"static int sqlite_handle_begin(pdo_dbh_t *dbh TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; char *errmsg = NULL; if (sqlite3_exec(H->db, ""BEGIN"", NULL, NULL, &errmsg) != SQLITE_OK) { pdo_sqlite_error(dbh); if (errmsg) sqlite3_free(errmsg); return 0; } return 1; }",php-src,,,222267785866113756173398672822533697925,0 3658,CWE-119,"void color_cmyk_to_rgb(opj_image_t *image) { float C, M, Y, K; float sC, sM, sY, sK; unsigned int w, h, max, i; w = image->comps[0].w; h = image->comps[0].h; if(image->numcomps < 4) return; max = w * h; sC = 1.0F / (float)((1 << image->comps[0].prec) - 1); sM = 1.0F / (float)((1 << image->comps[1].prec) - 1); sY = 1.0F / (float)((1 << image->comps[2].prec) - 1); sK = 1.0F / (float)((1 << image->comps[3].prec) - 1); for(i = 0; i < max; ++i) { C = (float)(image->comps[0].data[i]) * sC; M = (float)(image->comps[1].data[i]) * sM; Y = (float)(image->comps[2].data[i]) * sY; K = (float)(image->comps[3].data[i]) * sK; C = 1.0F - C; M = 1.0F - M; Y = 1.0F - Y; K = 1.0F - K; image->comps[0].data[i] = (int)(255.0F * C * K); image->comps[1].data[i] = (int)(255.0F * M * K); image->comps[2].data[i] = (int)(255.0F * Y * K); } free(image->comps[3].data); image->comps[3].data = NULL; image->comps[0].prec = 8; image->comps[1].prec = 8; image->comps[2].prec = 8; image->numcomps -= 1; image->color_space = OPJ_CLRSPC_SRGB; for (i = 3; i < image->numcomps; ++i) { memcpy(&(image->comps[i]), &(image->comps[i+1]), sizeof(image->comps[i])); } } ",visit repo url,src/bin/common/color.c,https://github.com/uclouvain/openjpeg,132880087271370,1 6211,['CWE-200'],"static struct neighbour *neigh_get_idx(struct seq_file *seq, loff_t *pos) { struct neighbour *n = neigh_get_first(seq); if (n) { while (*pos) { n = neigh_get_next(seq, n, pos); if (!n) break; } } return *pos ? NULL : n; }",linux-2.6,,,95953515148894223955382011295340316987,0 6198,CWE-190,"void fp_write_bin(uint8_t *bin, int len, const fp_t a) { bn_t t; bn_null(t); if (len != RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } RLC_TRY { bn_new(t); fp_prime_back(t, a); bn_write_bin(bin, len, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/fp/relic_fp_util.c,https://github.com/relic-toolkit/relic,22363324269865,1 2928,['CWE-189'],"static int jpc_dec_process_qcd(jpc_dec_t *dec, jpc_ms_t *ms) { jpc_qcd_t *qcd = &ms->parms.qcd; jpc_dec_tile_t *tile; switch (dec->state) { case JPC_MH: jpc_dec_cp_setfromqcd(dec->cp, qcd); break; case JPC_TPH: if (!(tile = dec->curtile)) { return -1; } if (tile->partno > 0) { return -1; } jpc_dec_cp_setfromqcd(tile->cp, qcd); break; } return 0; }",jasper,,,332271886302814746997306330947494091562,0 4831,CWE-119,"int sc_file_set_sec_attr(sc_file_t *file, const u8 *sec_attr, size_t sec_attr_len) { u8 *tmp; if (!sc_file_valid(file)) { return SC_ERROR_INVALID_ARGUMENTS; } if (sec_attr == NULL) { if (file->sec_attr != NULL) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return 0; } tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); if (!tmp) { if (file->sec_attr) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; return 0; }",visit repo url,src/libopensc/sc.c,https://github.com/OpenSC/OpenSC,171861329616562,1 5601,CWE-125,"ast_for_atom(struct compiling *c, const node *n) { node *ch = CHILD(n, 0); switch (TYPE(ch)) { case NAME: { PyObject *name; const char *s = STR(ch); size_t len = strlen(s); if (len >= 4 && len <= 5) { if (!strcmp(s, ""None"")) return NameConstant(Py_None, LINENO(n), n->n_col_offset, c->c_arena); if (!strcmp(s, ""True"")) return NameConstant(Py_True, LINENO(n), n->n_col_offset, c->c_arena); if (!strcmp(s, ""False"")) return NameConstant(Py_False, LINENO(n), n->n_col_offset, c->c_arena); } name = new_identifier(s, c); if (!name) return NULL; return Name(name, Load, LINENO(n), n->n_col_offset, c->c_arena); } case STRING: { expr_ty str = parsestrplus(c, n); if (!str) { const char *errtype = NULL; if (PyErr_ExceptionMatches(PyExc_UnicodeError)) errtype = ""unicode error""; else if (PyErr_ExceptionMatches(PyExc_ValueError)) errtype = ""value error""; if (errtype) { char buf[128]; const char *s = NULL; PyObject *type, *value, *tback, *errstr; PyErr_Fetch(&type, &value, &tback); errstr = PyObject_Str(value); if (errstr) s = PyUnicode_AsUTF8(errstr); if (s) { PyOS_snprintf(buf, sizeof(buf), ""(%s) %s"", errtype, s); } else { PyErr_Clear(); PyOS_snprintf(buf, sizeof(buf), ""(%s) unknown error"", errtype); } Py_XDECREF(errstr); ast_error(c, n, buf); Py_DECREF(type); Py_XDECREF(value); Py_XDECREF(tback); } return NULL; } return str; } case NUMBER: { PyObject *pynum; const char *s = STR(ch); if (c->c_feature_version < 6 && strchr(s, '_') != NULL) { ast_error(c, ch, ""Underscores in numeric literals are only supported in Python 3.6 and greater""); return NULL; } pynum = parsenumber(c, s); if (!pynum) return NULL; if (PyArena_AddPyObject(c->c_arena, pynum) < 0) { Py_DECREF(pynum); return NULL; } return Num(pynum, LINENO(n), n->n_col_offset, c->c_arena); } case ELLIPSIS: return Ellipsis(LINENO(n), n->n_col_offset, c->c_arena); case LPAR: ch = CHILD(n, 1); if (TYPE(ch) == RPAR) return Tuple(NULL, Load, LINENO(n), n->n_col_offset, c->c_arena); if (TYPE(ch) == yield_expr) return ast_for_expr(c, ch); if ((NCH(ch) > 1) && (TYPE(CHILD(ch, 1)) == comp_for)) return ast_for_genexp(c, ch); return ast_for_testlist(c, ch); case LSQB: ch = CHILD(n, 1); if (TYPE(ch) == RSQB) return List(NULL, Load, LINENO(n), n->n_col_offset, c->c_arena); REQ(ch, testlist_comp); if (NCH(ch) == 1 || TYPE(CHILD(ch, 1)) == COMMA) { asdl_seq *elts = seq_for_testlist(c, ch); if (!elts) return NULL; return List(elts, Load, LINENO(n), n->n_col_offset, c->c_arena); } else return ast_for_listcomp(c, ch); case LBRACE: { expr_ty res; ch = CHILD(n, 1); if (TYPE(ch) == RBRACE) { return Dict(NULL, NULL, LINENO(n), n->n_col_offset, c->c_arena); } else { int is_dict = (TYPE(CHILD(ch, 0)) == DOUBLESTAR); if (NCH(ch) == 1 || (NCH(ch) > 1 && TYPE(CHILD(ch, 1)) == COMMA)) { res = ast_for_setdisplay(c, ch); } else if (NCH(ch) > 1 && TYPE(CHILD(ch, 1)) == comp_for) { res = ast_for_setcomp(c, ch); } else if (NCH(ch) > 3 - is_dict && TYPE(CHILD(ch, 3 - is_dict)) == comp_for) { if (is_dict) { ast_error(c, n, ""dict unpacking cannot be used in "" ""dict comprehension""); return NULL; } res = ast_for_dictcomp(c, ch); } else { res = ast_for_dictdisplay(c, ch); } if (res) { res->lineno = LINENO(n); res->col_offset = n->n_col_offset; } return res; } } default: PyErr_Format(PyExc_SystemError, ""unhandled atom %d"", TYPE(ch)); return NULL; } }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,37946157288370,1 2320,['CWE-120'],"static struct dentry *__lookup_hash(struct qstr *name, struct dentry *base, struct nameidata *nd) { struct dentry *dentry; struct inode *inode; int err; inode = base->d_inode; if (base->d_op && base->d_op->d_hash) { err = base->d_op->d_hash(base, name); dentry = ERR_PTR(err); if (err < 0) goto out; } dentry = cached_lookup(base, name, nd); if (!dentry) { struct dentry *new; dentry = ERR_PTR(-ENOENT); if (IS_DEADDIR(inode)) goto out; new = d_alloc(base, name); dentry = ERR_PTR(-ENOMEM); if (!new) goto out; dentry = inode->i_op->lookup(inode, new, nd); if (!dentry) dentry = new; else dput(new); } out: return dentry; }",linux-2.6,,,260574883706818520651856732291727940131,0 1917,CWE-476,"static int f2fs_mpage_readpages(struct address_space *mapping, struct list_head *pages, struct page *page, unsigned nr_pages, bool is_readahead) { struct bio *bio = NULL; sector_t last_block_in_bio = 0; struct inode *inode = mapping->host; struct f2fs_map_blocks map; int ret = 0; map.m_pblk = 0; map.m_lblk = 0; map.m_len = 0; map.m_flags = 0; map.m_next_pgofs = NULL; map.m_next_extent = NULL; map.m_seg_type = NO_CHECK_TYPE; map.m_may_create = false; for (; nr_pages; nr_pages--) { if (pages) { page = list_last_entry(pages, struct page, lru); prefetchw(&page->flags); list_del(&page->lru); if (add_to_page_cache_lru(page, mapping, page->index, readahead_gfp_mask(mapping))) goto next_page; } ret = f2fs_read_single_page(inode, page, nr_pages, &map, &bio, &last_block_in_bio, is_readahead); if (ret) { SetPageError(page); zero_user_segment(page, 0, PAGE_SIZE); unlock_page(page); } next_page: if (pages) put_page(page); } BUG_ON(pages && !list_empty(pages)); if (bio) __submit_bio(F2FS_I_SB(inode), bio, DATA); return pages ? 0 : ret; }",visit repo url,fs/f2fs/data.c,https://github.com/torvalds/linux,186090707395193,1 2013,['CWE-269'],"void umount_tree(struct vfsmount *mnt, int propagate, struct list_head *kill) { struct vfsmount *p; for (p = mnt; p; p = next_mnt(p, mnt)) list_move(&p->mnt_hash, kill); if (propagate) propagate_umount(kill); list_for_each_entry(p, kill, mnt_hash) { list_del_init(&p->mnt_expire); list_del_init(&p->mnt_list); __touch_mnt_namespace(p->mnt_ns); p->mnt_ns = NULL; list_del_init(&p->mnt_child); if (p->mnt_parent != p) p->mnt_mountpoint->d_mounted--; change_mnt_propagation(p, MS_PRIVATE); } }",linux-2.6,,,318610836003299143106500771911750996054,0 2400,['CWE-119'],"static int count_paths(const char **paths) { int i = 0; while (*paths++) i++; return i; }",git,,,339866886306935666081827701746082949858,0 1960,CWE-401,"static int hgcm_call_preprocess_linaddr( const struct vmmdev_hgcm_function_parameter *src_parm, void **bounce_buf_ret, size_t *extra) { void *buf, *bounce_buf; bool copy_in; u32 len; int ret; buf = (void *)src_parm->u.pointer.u.linear_addr; len = src_parm->u.pointer.size; copy_in = src_parm->type != VMMDEV_HGCM_PARM_TYPE_LINADDR_OUT; if (len > VBG_MAX_HGCM_USER_PARM) return -E2BIG; bounce_buf = kvmalloc(len, GFP_KERNEL); if (!bounce_buf) return -ENOMEM; if (copy_in) { ret = copy_from_user(bounce_buf, (void __user *)buf, len); if (ret) return -EFAULT; } else { memset(bounce_buf, 0, len); } *bounce_buf_ret = bounce_buf; hgcm_call_add_pagelist_size(bounce_buf, len, extra); return 0; }",visit repo url,drivers/virt/vboxguest/vboxguest_utils.c,https://github.com/torvalds/linux,230654234594700,1 567,CWE-264,"long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { int ret; unsigned long __user *datap = (unsigned long __user *) data; switch (request) { case PTRACE_PEEKUSR: ret = ptrace_read_user(child, addr, datap); break; case PTRACE_POKEUSR: ret = ptrace_write_user(child, addr, data); break; case PTRACE_GETREGS: ret = copy_regset_to_user(child, &user_arm_view, REGSET_GPR, 0, sizeof(struct pt_regs), datap); break; case PTRACE_SETREGS: ret = copy_regset_from_user(child, &user_arm_view, REGSET_GPR, 0, sizeof(struct pt_regs), datap); break; case PTRACE_GETFPREGS: ret = copy_regset_to_user(child, &user_arm_view, REGSET_FPR, 0, sizeof(union fp_state), datap); break; case PTRACE_SETFPREGS: ret = copy_regset_from_user(child, &user_arm_view, REGSET_FPR, 0, sizeof(union fp_state), datap); break; #ifdef CONFIG_IWMMXT case PTRACE_GETWMMXREGS: ret = ptrace_getwmmxregs(child, datap); break; case PTRACE_SETWMMXREGS: ret = ptrace_setwmmxregs(child, datap); break; #endif case PTRACE_GET_THREAD_AREA: ret = put_user(task_thread_info(child)->tp_value, datap); break; case PTRACE_SET_SYSCALL: task_thread_info(child)->syscall = data; ret = 0; break; #ifdef CONFIG_CRUNCH case PTRACE_GETCRUNCHREGS: ret = ptrace_getcrunchregs(child, datap); break; case PTRACE_SETCRUNCHREGS: ret = ptrace_setcrunchregs(child, datap); break; #endif #ifdef CONFIG_VFP case PTRACE_GETVFPREGS: ret = copy_regset_to_user(child, &user_arm_view, REGSET_VFP, 0, ARM_VFPREGS_SIZE, datap); break; case PTRACE_SETVFPREGS: ret = copy_regset_from_user(child, &user_arm_view, REGSET_VFP, 0, ARM_VFPREGS_SIZE, datap); break; #endif #ifdef CONFIG_HAVE_HW_BREAKPOINT case PTRACE_GETHBPREGS: if (ptrace_get_breakpoints(child) < 0) return -ESRCH; ret = ptrace_gethbpregs(child, addr, (unsigned long __user *)data); ptrace_put_breakpoints(child); break; case PTRACE_SETHBPREGS: if (ptrace_get_breakpoints(child) < 0) return -ESRCH; ret = ptrace_sethbpregs(child, addr, (unsigned long __user *)data); ptrace_put_breakpoints(child); break; #endif default: ret = ptrace_request(child, request, addr, data); break; } return ret; }",visit repo url,arch/arm/kernel/ptrace.c,https://github.com/torvalds/linux,91681112614404,1 2432,CWE-119,"static int vp8_lossy_decode_frame(AVCodecContext *avctx, AVFrame *p, int *got_frame, uint8_t *data_start, unsigned int data_size) { WebPContext *s = avctx->priv_data; AVPacket pkt; int ret; if (!s->initialized) { ff_vp8_decode_init(avctx); s->initialized = 1; if (s->has_alpha) avctx->pix_fmt = AV_PIX_FMT_YUVA420P; } s->lossless = 0; if (data_size > INT_MAX) { av_log(avctx, AV_LOG_ERROR, ""unsupported chunk size\n""); return AVERROR_PATCHWELCOME; } av_init_packet(&pkt); pkt.data = data_start; pkt.size = data_size; ret = ff_vp8_decode_frame(avctx, p, got_frame, &pkt); if (ret < 0) return ret; update_canvas_size(avctx, avctx->width, avctx->height); if (s->has_alpha) { ret = vp8_lossy_decode_alpha(avctx, p, s->alpha_data, s->alpha_data_size); if (ret < 0) return ret; } return ret; }",visit repo url,libavcodec/webp.c,https://github.com/FFmpeg/FFmpeg,58312784477108,1 1393,[],"static inline struct cfs_rq *cpu_cfs_rq(struct cfs_rq *cfs_rq, int this_cpu) { return cfs_rq->tg->cfs_rq[this_cpu]; }",linux-2.6,,,287617179834259206759893856059052019043,0 350,CWE-476,"static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) { struct dentry *dir; struct fscrypt_info *ci; int dir_has_key, cached_with_key; if (flags & LOOKUP_RCU) return -ECHILD; dir = dget_parent(dentry); if (!d_inode(dir)->i_sb->s_cop->is_encrypted(d_inode(dir))) { dput(dir); return 0; } ci = d_inode(dir)->i_crypt_info; if (ci && ci->ci_keyring_key && (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) | (1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_DEAD)))) ci = NULL; spin_lock(&dentry->d_lock); cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY; spin_unlock(&dentry->d_lock); dir_has_key = (ci != NULL); dput(dir); if ((!cached_with_key && d_is_negative(dentry)) || (!cached_with_key && dir_has_key) || (cached_with_key && !dir_has_key)) return 0; return 1; }",visit repo url,fs/crypto/crypto.c,https://github.com/torvalds/linux,81154886430531,1 3041,CWE-189,"path_in(PG_FUNCTION_ARGS) { char *str = PG_GETARG_CSTRING(0); PATH *path; int isopen; char *s; int npts; int size; int depth = 0; if ((npts = pair_count(str, ',')) <= 0) ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""invalid input syntax for type path: \""%s\"""", str))); s = str; while (isspace((unsigned char) *s)) s++; if ((*s == LDELIM) && (strrchr(s, LDELIM) == s)) { s++; depth++; } size = offsetof(PATH, p[0]) +sizeof(path->p[0]) * npts; path = (PATH *) palloc(size); SET_VARSIZE(path, size); path->npts = npts; if ((!path_decode(TRUE, npts, s, &isopen, &s, &(path->p[0]))) && (!((depth == 0) && (*s == '\0'))) && !((depth >= 1) && (*s == RDELIM))) ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""invalid input syntax for type path: \""%s\"""", str))); path->closed = (!isopen); path->dummy = 0; PG_RETURN_PATH_P(path); }",visit repo url,src/backend/utils/adt/geo_ops.c,https://github.com/postgres/postgres,264453139055499,1 284,[],"static int sg_build_iovec(sg_io_hdr_t __user *sgio, void __user *dxferp, u16 iovec_count) { sg_iovec_t __user *iov = (sg_iovec_t __user *) (sgio + 1); sg_iovec32_t __user *iov32 = dxferp; int i; for (i = 0; i < iovec_count; i++) { u32 base, len; if (get_user(base, &iov32[i].iov_base) || get_user(len, &iov32[i].iov_len) || put_user(compat_ptr(base), &iov[i].iov_base) || put_user(len, &iov[i].iov_len)) return -EFAULT; } if (put_user(iov, &sgio->dxferp)) return -EFAULT; return 0; }",linux-2.6,,,233934519380282272421430538290639737622,0 1781,CWE-264,"check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, struct xt_table_info *newinfo, unsigned int *size, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, const char *name) { struct xt_entry_match *ematch; struct xt_entry_target *t; struct xt_target *target; unsigned int entry_offset; unsigned int j; int ret, off, h; duprintf(""check_compat_entry_size_and_hooks %p\n"", e); if ((unsigned long)e % __alignof__(struct compat_ipt_entry) != 0 || (unsigned char *)e + sizeof(struct compat_ipt_entry) >= limit || (unsigned char *)e + e->next_offset > limit) { duprintf(""Bad offset %p, limit = %p\n"", e, limit); return -EINVAL; } if (e->next_offset < sizeof(struct compat_ipt_entry) + sizeof(struct compat_xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } if (!ip_checkentry(&e->ip)) return -EINVAL; ret = xt_compat_check_entry_offsets(e, e->target_offset, e->next_offset); if (ret) return ret; off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); entry_offset = (void *)e - (void *)base; j = 0; xt_ematch_foreach(ematch, e) { ret = compat_find_calc_match(ematch, name, &e->ip, &off); if (ret != 0) goto release_matches; ++j; } t = compat_ipt_get_target(e); target = xt_request_find_target(NFPROTO_IPV4, t->u.user.name, t->u.user.revision); if (IS_ERR(target)) { duprintf(""check_compat_entry_size_and_hooks: `%s' not found\n"", t->u.user.name); ret = PTR_ERR(target); goto release_matches; } t->u.kernel.target = target; off += xt_compat_target_offset(target); *size += off; ret = xt_compat_add_offset(AF_INET, entry_offset, off); if (ret) goto out; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) newinfo->underflow[h] = underflows[h]; } memset(&e->counters, 0, sizeof(e->counters)); e->comefrom = 0; return 0; out: module_put(t->u.kernel.target->me); release_matches: xt_ematch_foreach(ematch, e) { if (j-- == 0) break; module_put(ematch->u.kernel.match->me); } return ret; }",visit repo url,net/ipv4/netfilter/ip_tables.c,https://github.com/torvalds/linux,16806066804472,1 843,['CWE-119'],"isdn_writebuf_skb_stub(int drvidx, int chan, int ack, struct sk_buff *skb) { int ret; struct sk_buff *nskb = NULL; int v110_ret = skb->len; int idx = isdn_dc2minor(drvidx, chan); if (dev->v110[idx]) { atomic_inc(&dev->v110use[idx]); nskb = isdn_v110_encode(dev->v110[idx], skb); atomic_dec(&dev->v110use[idx]); if (!nskb) return 0; v110_ret = *((int *)nskb->data); skb_pull(nskb, sizeof(int)); if (!nskb->len) { dev_kfree_skb(nskb); return v110_ret; } ack = 1; ret = dev->drv[drvidx]->interface->writebuf_skb(drvidx, chan, ack, nskb); } else { int hl = dev->drv[drvidx]->interface->hl_hdrlen; if( skb_headroom(skb) < hl ){ struct sk_buff * skb_tmp; skb_tmp = skb_realloc_headroom(skb, hl); printk(KERN_DEBUG ""isdn_writebuf_skb_stub: reallocating headroom%s\n"", skb_tmp ? """" : "" failed""); if (!skb_tmp) return -ENOMEM; ret = dev->drv[drvidx]->interface->writebuf_skb(drvidx, chan, ack, skb_tmp); if( ret > 0 ){ dev_kfree_skb(skb); } else { dev_kfree_skb(skb_tmp); } } else { ret = dev->drv[drvidx]->interface->writebuf_skb(drvidx, chan, ack, skb); } } if (ret > 0) { dev->obytes[idx] += ret; if (dev->v110[idx]) { atomic_inc(&dev->v110use[idx]); dev->v110[idx]->skbuser++; atomic_dec(&dev->v110use[idx]); ret = v110_ret; if (ret == skb->len) dev_kfree_skb(skb); } } else if (dev->v110[idx]) dev_kfree_skb(nskb); return ret; }",linux-2.6,,,283994477373264794682584040932783766010,0 3686,CWE-119,"ssh_packet_set_postauth(struct ssh *ssh) { struct sshcomp *comp; int r, mode; debug(""%s: called"", __func__); ssh->state->after_authentication = 1; ssh->state->rekeying = 0; for (mode = 0; mode < MODE_MAX; mode++) { if (ssh->state->newkeys[mode] == NULL) continue; comp = &ssh->state->newkeys[mode]->comp; if (comp && comp->enabled && (r = ssh_packet_init_compression(ssh)) != 0) return r; } return 0; }",visit repo url,usr.bin/ssh/packet.c,https://github.com/openbsd/src,107765196666792,1 3142,['CWE-189'],"static int jas_icclut16_getsize(jas_iccattrval_t *attrval) { jas_icclut16_t *lut16 = &attrval->data.lut16; return 44 + 2 * (lut16->numinchans * lut16->numintabents + lut16->numoutchans * lut16->numouttabents + jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans); }",jasper,,,274069651482327133892504016814418889185,0 1882,CWE-476,"static ssize_t module_xz_decompress(struct load_info *info, const void *buf, size_t size) { static const u8 signature[] = { 0xfd, '7', 'z', 'X', 'Z', 0 }; struct xz_dec *xz_dec; struct xz_buf xz_buf; enum xz_ret xz_ret; size_t new_size = 0; ssize_t retval; if (size < sizeof(signature) || memcmp(buf, signature, sizeof(signature))) { pr_err(""not an xz compressed module\n""); return -EINVAL; } xz_dec = xz_dec_init(XZ_DYNALLOC, (u32)-1); if (!xz_dec) return -ENOMEM; xz_buf.in_size = size; xz_buf.in = buf; xz_buf.in_pos = 0; do { struct page *page = module_get_next_page(info); if (!page) { retval = -ENOMEM; goto out; } xz_buf.out = kmap_local_page(page); xz_buf.out_pos = 0; xz_buf.out_size = PAGE_SIZE; xz_ret = xz_dec_run(xz_dec, &xz_buf); kunmap_local(xz_buf.out); new_size += xz_buf.out_pos; } while (xz_buf.out_pos == PAGE_SIZE && xz_ret == XZ_OK); if (xz_ret != XZ_STREAM_END) { pr_err(""decompression failed with status %d\n"", xz_ret); retval = -EINVAL; goto out; } retval = new_size; out: xz_dec_end(xz_dec); return retval; }",visit repo url,kernel/module/decompress.c,https://github.com/torvalds/linux,41627554539378,1 1194,['CWE-189'],"static int hrtimer_reprogram(struct hrtimer *timer, struct hrtimer_clock_base *base) { ktime_t *expires_next = &__get_cpu_var(hrtimer_bases).expires_next; ktime_t expires = ktime_sub(timer->expires, base->offset); int res; if (hrtimer_callback_running(timer)) return 0; if (expires.tv64 >= expires_next->tv64) return 0; res = tick_program_event(expires, 0); if (!IS_ERR_VALUE(res)) *expires_next = expires; return res; }",linux-2.6,,,250805017584215562735521420979441275401,0 3141,CWE-415,"int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen, char **policyLanguage, char **policy, size_t * sizeof_policy) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result; gnutls_datum_t value = { NULL, 0 }; if ((result = asn1_create_element (_gnutls_get_pkix(), ""PKIX1.ProxyCertInfo"", &c2)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } if (pathlen) { result = _gnutls_x509_read_uint(c2, ""pCPathLenConstraint"", (unsigned int *) pathlen); if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) *pathlen = -1; else if (result != GNUTLS_E_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } } result = _gnutls_x509_read_value(c2, ""proxyPolicy.policyLanguage"", &value); if (result < 0) { gnutls_assert(); goto cleanup; } if (policyLanguage) { *policyLanguage = (char *)value.data; } else { gnutls_free(value.data); value.data = NULL; } result = _gnutls_x509_read_value(c2, ""proxyPolicy.policy"", &value); if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { if (policy) *policy = NULL; if (sizeof_policy) *sizeof_policy = 0; } else if (result < 0) { gnutls_assert(); goto cleanup; } else { if (policy) { *policy = (char *)value.data; value.data = NULL; } if (sizeof_policy) *sizeof_policy = value.size; } result = 0; cleanup: gnutls_free(value.data); asn1_delete_structure(&c2); return result; }",visit repo url,lib/x509/x509_ext.c,https://gitlab.com/gnutls/gnutls,158565592764986,1 5924,['CWE-909'],"static struct Qdisc *dev_graft_qdisc(struct netdev_queue *dev_queue, struct Qdisc *qdisc) { struct Qdisc *oqdisc = dev_queue->qdisc_sleeping; spinlock_t *root_lock; root_lock = qdisc_lock(oqdisc); spin_lock_bh(root_lock); if (oqdisc && atomic_read(&oqdisc->refcnt) <= 1) qdisc_reset(oqdisc); if (qdisc == NULL) qdisc = &noop_qdisc; dev_queue->qdisc_sleeping = qdisc; rcu_assign_pointer(dev_queue->qdisc, &noop_qdisc); spin_unlock_bh(root_lock); return oqdisc; }",linux-2.6,,,105807386424047860392790507401301327809,0 3883,CWE-78,"f_settabvar(typval_T *argvars, typval_T *rettv) { tabpage_T *save_curtab; tabpage_T *tp; char_u *varname, *tabvarname; typval_T *varp; rettv->vval.v_number = 0; if (check_restricted() || check_secure()) return; tp = find_tabpage((int)tv_get_number_chk(&argvars[0], NULL)); varname = tv_get_string_chk(&argvars[1]); varp = &argvars[2]; if (varname != NULL && varp != NULL && tp != NULL) { save_curtab = curtab; goto_tabpage_tp(tp, FALSE, FALSE); tabvarname = alloc((unsigned)STRLEN(varname) + 3); if (tabvarname != NULL) { STRCPY(tabvarname, ""t:""); STRCPY(tabvarname + 2, varname); set_var(tabvarname, varp, TRUE); vim_free(tabvarname); } if (valid_tabpage(save_curtab)) goto_tabpage_tp(save_curtab, FALSE, FALSE); } }",visit repo url,src/evalfunc.c,https://github.com/vim/vim,235637593049682,1 1030,['CWE-20'],"static int groups_to_user(gid_t __user *grouplist, struct group_info *group_info) { int i; int count = group_info->ngroups; for (i = 0; i < group_info->nblocks; i++) { int cp_count = min(NGROUPS_PER_BLOCK, count); int off = i * NGROUPS_PER_BLOCK; int len = cp_count * sizeof(*grouplist); if (copy_to_user(grouplist+off, group_info->blocks[i], len)) return -EFAULT; count -= cp_count; } return 0; }",linux-2.6,,,124967691147858665082539704021578465506,0 4982,['CWE-20'],"static int nfs_check_verifier(struct inode *dir, struct dentry *dentry) { unsigned long verf; if (IS_ROOT(dentry)) return 1; verf = dentry->d_time; if (nfs_caches_unstable(dir) || verf != NFS_I(dir)->cache_change_attribute) return 0; return 1; }",linux-2.6,,,232455084989986646630835395075734934327,0 5143,['CWE-20'],"static void vcpu_clear(struct vcpu_vmx *vmx) { if (vmx->vcpu.cpu == -1) return; smp_call_function_single(vmx->vcpu.cpu, __vcpu_clear, vmx, 1); }",linux-2.6,,,174260092892146728687900805820379420451,0 6153,['CWE-200'],"static int ipmr_mfc_seq_show(struct seq_file *seq, void *v) { int n; if (v == SEQ_START_TOKEN) { seq_puts(seq, ""Group Origin Iif Pkts Bytes Wrong Oifs\n""); } else { const struct mfc_cache *mfc = v; const struct ipmr_mfc_iter *it = seq->private; seq_printf(seq, ""%08lX %08lX %-3d %8ld %8ld %8ld"", (unsigned long) mfc->mfc_mcastgrp, (unsigned long) mfc->mfc_origin, mfc->mfc_parent, mfc->mfc_un.res.pkt, mfc->mfc_un.res.bytes, mfc->mfc_un.res.wrong_if); if (it->cache != &mfc_unres_queue) { for(n = mfc->mfc_un.res.minvif; n < mfc->mfc_un.res.maxvif; n++ ) { if(VIF_EXISTS(n) && mfc->mfc_un.res.ttls[n] < 255) seq_printf(seq, "" %2d:%-3d"", n, mfc->mfc_un.res.ttls[n]); } } seq_putc(seq, '\n'); } return 0; }",linux-2.6,,,224192023859389794879122148089596855693,0 6069,CWE-190,"void bn_rec_tnaf_get(uint8_t *t, int8_t *beta, int8_t *gama, int8_t u, int w) { if (u == -1) { switch (w) { case 2: case 3: *t = 2; break; case 4: *t = 10; break; case 5: case 6: *t = 26; break; case 7: case 8: *t = 90; break; } } else { switch (w) { case 2: *t = 2; break; case 3: case 4: case 5: *t = 6; break; case 6: case 7: *t = 38; break; case 8: *t = 166; break; } } beta[0] = 1; gama[0] = 0; if (w >= 3) { beta[1] = 1; gama[1] = (int8_t)-u; } if (w >= 4) { beta[1] = -3; beta[2] = -1; beta[3] = 1; gama[1] = gama[2] = gama[3] = (int8_t)u; } if (w >= 5) { beta[4] = -3; beta[5] = -1; beta[6] = beta[7] = 1; gama[4] = gama[5] = gama[6] = (int8_t)(2 * u); gama[7] = (int8_t)(-3 * u); } if (w >= 6) { beta[1] = beta[8] = beta[14] = 3; beta[2] = beta[9] = beta[15] = 5; beta[3] = -5; beta[4] = beta[10] = beta[11] = -3; beta[5] = beta[12] = -1; beta[6] = beta[7] = beta[13] = 1; gama[1] = gama[2] = 0; gama[3] = gama[4] = gama[5] = gama[6] = (int8_t)(2 * u); gama[7] = gama[8] = gama[9] = (int8_t)(-3 * u); gama[10] = (int8_t)(4 * u); gama[11] = gama[12] = gama[13] = (int8_t)(-u); gama[14] = gama[15] = (int8_t)(-u); } if (w >= 7) { beta[3] = beta[22] = beta[29] = 7; beta[4] = beta[16] = beta[23] = -5; beta[5] = beta[10] = beta[17] = beta[24] = -3; beta[6] = beta[11] = beta[18] = beta[25] = beta[30] = -1; beta[7] = beta[12] = beta[14] = beta[19] = beta[26] = beta[31] = 1; beta[8] = beta[13] = beta[20] = beta[27] = 3; beta[9] = beta[21] = beta[28] = 5; beta[15] = -7; gama[3] = 0; gama[4] = gama[5] = gama[6] = (int8_t)(-3 * u); gama[11] = gama[12] = gama[13] = (int8_t)(4 * u); gama[14] = (int8_t)(-6 * u); gama[15] = gama[16] = gama[17] = gama[18] = (int8_t)u; gama[19] = gama[20] = gama[21] = gama[22] = (int8_t)u; gama[23] = gama[24] = gama[25] = gama[26] = (int8_t)(-2 * u); gama[27] = gama[28] = gama[29] = (int8_t)(-2 * u); gama[30] = gama[31] = (int8_t)(5 * u); } if (w == 8) { beta[10] = beta[17] = beta[48] = beta[55] = beta[62] = 7; beta[11] = beta[18] = beta[49] = beta[56] = beta[63] = 9; beta[12] = beta[22] = beta[29] = -3; beta[36] = beta[43] = beta[50] = -3; beta[13] = beta[23] = beta[30] = beta[37] = -1; beta[44] = beta[51] = beta[58] = -1; beta[14] = beta[24] = beta[31] = beta[38] = 1; beta[45] = beta[52] = beta[59] = 1; beta[15] = beta[32] = beta[39] = beta[46] = beta[53] = beta[60] = 3; beta[16] = beta[40] = beta[47] = beta[54] = beta[61] = 5; beta[19] = beta[57] = 11; beta[20] = beta[27] = beta[34] = beta[41] = -7; beta[21] = beta[28] = beta[35] = beta[42] = -5; beta[25] = -11; beta[26] = beta[33] = -9; gama[10] = gama[11] = (int8_t)(-3 * u); gama[12] = gama[13] = gama[14] = gama[15] = (int8_t)(-6 * u); gama[16] = gama[17] = gama[18] = gama[19] = (int8_t)(-6 * u); gama[20] = gama[21] = gama[22] = (int8_t)(8 * u); gama[23] = gama[24] = (int8_t)(8 * u); gama[25] = gama[26] = gama[27] = gama[28] = (int8_t)(5 * u); gama[29] = gama[30] = gama[31] = gama[32] = (int8_t)(5 * u); gama[33] = gama[34] = gama[35] = gama[36] = (int8_t)(2 * u); gama[37] = gama[38] = gama[39] = gama[40] = (int8_t)(2 * u); gama[41] = gama[42] = gama[43] = gama[44] = (int8_t)(-1 * u); gama[45] = gama[46] = gama[47] = gama[48] = (int8_t)(-1 * u); gama[49] = (int8_t)(-1 * u); gama[50] = gama[51] = gama[52] = gama[53] = (int8_t)(-4 * u); gama[54] = gama[55] = gama[56] = gama[57] = (int8_t)(-4 * u); gama[58] = gama[59] = gama[60] = (int8_t)(-7 * u); gama[61] = gama[62] = gama[63] = (int8_t)(-7 * u); } }",visit repo url,src/bn/relic_bn_rec.c,https://github.com/relic-toolkit/relic,78362929537316,1 2314,['CWE-120'],"static int __emul_lookup_dentry(const char *name, struct nameidata *nd) { if (path_walk(name, nd)) return 0; if (!nd->path.dentry->d_inode || S_ISDIR(nd->path.dentry->d_inode->i_mode)) { struct path old_path = nd->path; struct qstr last = nd->last; int last_type = nd->last_type; struct fs_struct *fs = current->fs; nd->last_type = LAST_ROOT; read_lock(&fs->lock); nd->path = fs->root; path_get(&fs->root); read_unlock(&fs->lock); if (path_walk(name, nd) == 0) { if (nd->path.dentry->d_inode) { path_put(&old_path); return 1; } path_put(&nd->path); } nd->path = old_path; nd->last = last; nd->last_type = last_type; } return 1; }",linux-2.6,,,237111808681058043413815812133434512019,0 1582,CWE-416,"int __ext4_journal_stop(const char *where, unsigned int line, handle_t *handle) { struct super_block *sb; int err; int rc; if (!ext4_handle_valid(handle)) { ext4_put_nojournal(handle); return 0; } if (!handle->h_transaction) { err = jbd2_journal_stop(handle); return handle->h_err ? handle->h_err : err; } sb = handle->h_transaction->t_journal->j_private; err = handle->h_err; rc = jbd2_journal_stop(handle); if (!err) err = rc; if (err) __ext4_std_error(sb, where, line, err); return err; }",visit repo url,fs/ext4/ext4_jbd2.c,https://github.com/torvalds/linux,99250729193487,1 5559,[],"SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid_t, pid, int, sig) { if (pid <= 0 || tgid <= 0) return -EINVAL; return do_tkill(tgid, pid, sig); }",linux-2.6,,,103335592241698826830096816256003250898,0 851,CWE-20,"static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, struct msghdr *msg_sys, unsigned int flags, int nosec) { struct compat_msghdr __user *msg_compat = (struct compat_msghdr __user *)msg; struct iovec iovstack[UIO_FASTIOV]; struct iovec *iov = iovstack; unsigned long cmsg_ptr; int err, total_len, len; struct sockaddr_storage addr; struct sockaddr __user *uaddr; int __user *uaddr_len; if (MSG_CMSG_COMPAT & flags) { if (get_compat_msghdr(msg_sys, msg_compat)) return -EFAULT; } else { err = copy_msghdr_from_user(msg_sys, msg); if (err) return err; } if (msg_sys->msg_iovlen > UIO_FASTIOV) { err = -EMSGSIZE; if (msg_sys->msg_iovlen > UIO_MAXIOV) goto out; err = -ENOMEM; iov = kmalloc(msg_sys->msg_iovlen * sizeof(struct iovec), GFP_KERNEL); if (!iov) goto out; } uaddr = (__force void __user *)msg_sys->msg_name; uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); } else err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE); if (err < 0) goto out_freeiov; total_len = err; cmsg_ptr = (unsigned long)msg_sys->msg_control; msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys, total_len, flags); if (err < 0) goto out_freeiov; len = err; if (uaddr != NULL) { err = move_addr_to_user(&addr, msg_sys->msg_namelen, uaddr, uaddr_len); if (err < 0) goto out_freeiov; } err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT), COMPAT_FLAGS(msg)); if (err) goto out_freeiov; if (MSG_CMSG_COMPAT & flags) err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr, &msg_compat->msg_controllen); else err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr, &msg->msg_controllen); if (err) goto out_freeiov; err = len; out_freeiov: if (iov != iovstack) kfree(iov); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,76305007079054,1 604,['CWE-200'],"void htab_initialize_secondary(void) { if (!firmware_has_feature(FW_FEATURE_LPAR)) mtspr(SPRN_SDR1, _SDR1); }",linux-2.6,,,15548289541046579744390852389012392784,0 2943,CWE-59,"static int mount_entry_on_absolute_rootfs(struct mntent *mntent, const struct lxc_rootfs *rootfs, const char *lxc_name) { char *aux; char path[MAXPATHLEN]; int r, ret = 0, offset; const char *lxcpath; lxcpath = lxc_global_config_value(""lxc.lxcpath""); if (!lxcpath) { ERROR(""Out of memory""); return -1; } r = snprintf(path, MAXPATHLEN, ""%s/%s/rootfs"", lxcpath, lxc_name); if (r < 0 || r >= MAXPATHLEN) goto skipvarlib; aux = strstr(mntent->mnt_dir, path); if (aux) { offset = strlen(path); goto skipabs; } skipvarlib: aux = strstr(mntent->mnt_dir, rootfs->path); if (!aux) { WARN(""ignoring mount point '%s'"", mntent->mnt_dir); return ret; } offset = strlen(rootfs->path); skipabs: r = snprintf(path, MAXPATHLEN, ""%s/%s"", rootfs->mount, aux + offset); if (r < 0 || r >= MAXPATHLEN) { WARN(""pathnme too long for '%s'"", mntent->mnt_dir); return -1; } return mount_entry_on_generic(mntent, path); }",visit repo url,src/lxc/conf.c,https://github.com/lxc/lxc,20296722104390,1 4686,['CWE-399'],"static void ext4_da_block_invalidatepages(struct mpage_da_data *mpd, sector_t logical, long blk_cnt) { int nr_pages, i; pgoff_t index, end; struct pagevec pvec; struct inode *inode = mpd->inode; struct address_space *mapping = inode->i_mapping; index = logical >> (PAGE_CACHE_SHIFT - inode->i_blkbits); end = (logical + blk_cnt - 1) >> (PAGE_CACHE_SHIFT - inode->i_blkbits); while (index <= end) { nr_pages = pagevec_lookup(&pvec, mapping, index, PAGEVEC_SIZE); if (nr_pages == 0) break; for (i = 0; i < nr_pages; i++) { struct page *page = pvec.pages[i]; index = page->index; if (index > end) break; index++; BUG_ON(!PageLocked(page)); BUG_ON(PageWriteback(page)); block_invalidatepage(page, 0); ClearPageUptodate(page); unlock_page(page); } } return; }",linux-2.6,,,28697672155443620243154885781476979895,0 407,[],"pfm_free_smpl_buffer(pfm_context_t *ctx) { pfm_buffer_fmt_t *fmt; if (ctx->ctx_smpl_hdr == NULL) goto invalid_free; fmt = ctx->ctx_buf_fmt; DPRINT((""sampling buffer @%p size %lu vaddr=%p\n"", ctx->ctx_smpl_hdr, ctx->ctx_smpl_size, ctx->ctx_smpl_vaddr)); pfm_buf_fmt_exit(fmt, current, NULL, NULL); pfm_rvfree(ctx->ctx_smpl_hdr, ctx->ctx_smpl_size); ctx->ctx_smpl_hdr = NULL; ctx->ctx_smpl_size = 0UL; return 0; invalid_free: printk(KERN_ERR ""perfmon: pfm_free_smpl_buffer [%d] no buffer\n"", current->pid); return -EINVAL; }",linux-2.6,,,33852176907482494149265239690210780865,0 4191,['CWE-399'],"static void handle_response_packet(AvahiServer *s, AvahiDnsPacket *p, AvahiInterface *i, const AvahiAddress *a, int from_local_iface) { unsigned n; assert(s); assert(p); assert(i); assert(a); for (n = avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_ANCOUNT) + avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_ARCOUNT); n > 0; n--) { AvahiRecord *record; int cache_flush = 0; if (!(record = avahi_dns_packet_consume_record(p, &cache_flush))) { avahi_log_warn(__FILE__"": Packet too short or invalid while reading response record. (Maybe a UTF-8 problem?)""); break; } if (!avahi_key_is_pattern(record->key)) { if (handle_conflict(s, i, record, cache_flush)) { if (!from_local_iface) reflect_response(s, i, record, cache_flush); avahi_cache_update(i->cache, record, cache_flush, a); avahi_response_scheduler_incoming(i->response_scheduler, record, cache_flush); } } avahi_record_unref(record); } if (!avahi_record_list_is_empty(s->record_list)) avahi_server_generate_response(s, i, NULL, NULL, 0, 0, 1); }",avahi,,,169101509249316548611269430481048153666,0 3073,CWE-120,"eap_response(esp, inp, id, len) eap_state *esp; u_char *inp; int id; int len; { u_char typenum; u_char vallen; int secret_len; char secret[MAXSECRETLEN]; char rhostname[256]; MD5_CTX mdContext; u_char hash[MD5_SIGNATURE_SIZE]; #ifdef USE_SRP struct t_server *ts; struct t_num A; SHA1_CTX ctxt; u_char dig[SHA_DIGESTSIZE]; #endif if (esp->es_server.ea_id != id) { dbglog(""EAP: discarding Response %d; expected ID %d"", id, esp->es_server.ea_id); return; } esp->es_server.ea_responses++; if (len <= 0) { error(""EAP: empty Response message discarded""); return; } GETCHAR(typenum, inp); len--; switch (typenum) { case EAPT_IDENTITY: if (esp->es_server.ea_state != eapIdentify) { dbglog(""EAP discarding unwanted Identify \""%.q\"""", len, inp); break; } info(""EAP: unauthenticated peer name \""%.*q\"""", len, inp); if (esp->es_server.ea_peer != NULL && esp->es_server.ea_peer != remote_name) free(esp->es_server.ea_peer); esp->es_server.ea_peer = malloc(len + 1); if (esp->es_server.ea_peer == NULL) { esp->es_server.ea_peerlen = 0; eap_figure_next_state(esp, 1); break; } BCOPY(inp, esp->es_server.ea_peer, len); esp->es_server.ea_peer[len] = '\0'; esp->es_server.ea_peerlen = len; eap_figure_next_state(esp, 0); break; case EAPT_NOTIFICATION: dbglog(""EAP unexpected Notification; response discarded""); break; case EAPT_NAK: if (len < 1) { info(""EAP: Nak Response with no suggested protocol""); eap_figure_next_state(esp, 1); break; } GETCHAR(vallen, inp); len--; if (!explicit_remote && esp->es_server.ea_state == eapIdentify){ eap_figure_next_state(esp, 1); break; } switch (vallen) { case EAPT_SRP: esp->es_server.ea_state = eapIdentify; eap_figure_next_state(esp, 0); break; case EAPT_MD5CHAP: esp->es_server.ea_state = eapMD5Chall; break; default: dbglog(""EAP: peer requesting unknown Type %d"", vallen); switch (esp->es_server.ea_state) { case eapSRP1: case eapSRP2: case eapSRP3: esp->es_server.ea_state = eapMD5Chall; break; case eapMD5Chall: case eapSRP4: esp->es_server.ea_state = eapIdentify; eap_figure_next_state(esp, 0); break; default: break; } break; } break; case EAPT_MD5CHAP: if (esp->es_server.ea_state != eapMD5Chall) { error(""EAP: unexpected MD5-Response""); eap_figure_next_state(esp, 1); break; } if (len < 1) { error(""EAP: received MD5-Response with no data""); eap_figure_next_state(esp, 1); break; } GETCHAR(vallen, inp); len--; if (vallen != 16 || vallen > len) { error(""EAP: MD5-Response with bad length %d"", vallen); eap_figure_next_state(esp, 1); break; } if (vallen >= len + sizeof (rhostname)) { dbglog(""EAP: trimming really long peer name down""); BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); rhostname[sizeof (rhostname) - 1] = '\0'; } else { BCOPY(inp + vallen, rhostname, len - vallen); rhostname[len - vallen] = '\0'; } if (explicit_remote || (remote_name[0] != '\0' && vallen == len)) strlcpy(rhostname, remote_name, sizeof (rhostname)); if (!get_secret(esp->es_unit, rhostname, esp->es_server.ea_name, secret, &secret_len, 1)) { dbglog(""EAP: no MD5 secret for auth of %q"", rhostname); eap_send_failure(esp); break; } MD5_Init(&mdContext); MD5_Update(&mdContext, &esp->es_server.ea_id, 1); MD5_Update(&mdContext, (u_char *)secret, secret_len); BZERO(secret, sizeof (secret)); MD5_Update(&mdContext, esp->es_challenge, esp->es_challen); MD5_Final(hash, &mdContext); if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) { eap_send_failure(esp); break; } esp->es_server.ea_type = EAPT_MD5CHAP; eap_send_success(esp); eap_figure_next_state(esp, 0); if (esp->es_rechallenge != 0) TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge); break; #ifdef USE_SRP case EAPT_SRP: if (len < 1) { error(""EAP: empty SRP Response""); eap_figure_next_state(esp, 1); break; } GETCHAR(typenum, inp); len--; switch (typenum) { case EAPSRP_CKEY: if (esp->es_server.ea_state != eapSRP1) { error(""EAP: unexpected SRP Subtype 1 Response""); eap_figure_next_state(esp, 1); break; } A.data = inp; A.len = len; ts = (struct t_server *)esp->es_server.ea_session; assert(ts != NULL); esp->es_server.ea_skey = t_servergetkey(ts, &A); if (esp->es_server.ea_skey == NULL) { error(""EAP: bogus A value from client""); eap_send_failure(esp); } else { eap_figure_next_state(esp, 0); } break; case EAPSRP_CVALIDATOR: if (esp->es_server.ea_state != eapSRP2) { error(""EAP: unexpected SRP Subtype 2 Response""); eap_figure_next_state(esp, 1); break; } if (len < sizeof (u_int32_t) + SHA_DIGESTSIZE) { error(""EAP: M1 length %d < %d"", len, sizeof (u_int32_t) + SHA_DIGESTSIZE); eap_figure_next_state(esp, 1); break; } GETLONG(esp->es_server.ea_keyflags, inp); ts = (struct t_server *)esp->es_server.ea_session; assert(ts != NULL); if (t_serververify(ts, inp)) { info(""EAP: unable to validate client identity""); eap_send_failure(esp); break; } eap_figure_next_state(esp, 0); break; case EAPSRP_ACK: if (esp->es_server.ea_state != eapSRP3) { error(""EAP: unexpected SRP Subtype 3 Response""); eap_send_failure(esp); break; } esp->es_server.ea_type = EAPT_SRP; eap_send_success(esp); eap_figure_next_state(esp, 0); if (esp->es_rechallenge != 0) TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge); if (esp->es_lwrechallenge != 0) TIMEOUT(srp_lwrechallenge, esp, esp->es_lwrechallenge); break; case EAPSRP_LWRECHALLENGE: if (esp->es_server.ea_state != eapSRP4) { info(""EAP: unexpected SRP Subtype 4 Response""); return; } if (len != SHA_DIGESTSIZE) { error(""EAP: bad Lightweight rechallenge "" ""response""); return; } SHA1Init(&ctxt); vallen = id; SHA1Update(&ctxt, &vallen, 1); SHA1Update(&ctxt, esp->es_server.ea_skey, SESSION_KEY_LEN); SHA1Update(&ctxt, esp->es_challenge, esp->es_challen); SHA1Update(&ctxt, esp->es_server.ea_peer, esp->es_server.ea_peerlen); SHA1Final(dig, &ctxt); if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) { error(""EAP: failed Lightweight rechallenge""); eap_send_failure(esp); break; } esp->es_server.ea_state = eapOpen; if (esp->es_lwrechallenge != 0) TIMEOUT(srp_lwrechallenge, esp, esp->es_lwrechallenge); break; } break; #endif default: error(""EAP: unknown Response type %d; ignored"", typenum); return; } if (esp->es_server.ea_timeout > 0) { UNTIMEOUT(eap_server_timeout, (void *)esp); } if (esp->es_server.ea_state != eapBadAuth && esp->es_server.ea_state != eapOpen) { esp->es_server.ea_id++; eap_send_request(esp); } }",visit repo url,pppd/eap.c,https://github.com/paulusmack/ppp,238403558899806,1 549,CWE-189,"void exit_sem(struct task_struct *tsk) { struct sem_undo_list *ulp; ulp = tsk->sysvsem.undo_list; if (!ulp) return; tsk->sysvsem.undo_list = NULL; if (!atomic_dec_and_test(&ulp->refcnt)) return; for (;;) { struct sem_array *sma; struct sem_undo *un; struct list_head tasks; int semid; int i; rcu_read_lock(); un = list_entry_rcu(ulp->list_proc.next, struct sem_undo, list_proc); if (&un->list_proc == &ulp->list_proc) semid = -1; else semid = un->semid; rcu_read_unlock(); if (semid == -1) break; sma = sem_lock_check(tsk->nsproxy->ipc_ns, un->semid); if (IS_ERR(sma)) continue; un = __lookup_undo(ulp, semid); if (un == NULL) { sem_unlock(sma); continue; } assert_spin_locked(&sma->sem_perm.lock); list_del(&un->list_id); spin_lock(&ulp->lock); list_del_rcu(&un->list_proc); spin_unlock(&ulp->lock); for (i = 0; i < sma->sem_nsems; i++) { struct sem * semaphore = &sma->sem_base[i]; if (un->semadj[i]) { semaphore->semval += un->semadj[i]; if (semaphore->semval < 0) semaphore->semval = 0; if (semaphore->semval > SEMVMX) semaphore->semval = SEMVMX; semaphore->sempid = task_tgid_vnr(current); } } INIT_LIST_HEAD(&tasks); do_smart_update(sma, NULL, 0, 1, &tasks); sem_unlock(sma); wake_up_sem_queue_do(&tasks); kfree_rcu(un, rcu); } kfree(ulp); }",visit repo url,ipc/sem.c,https://github.com/torvalds/linux,251688248848110,1 426,[],"pfm_put_task(struct task_struct *task) { if (task != current) put_task_struct(task); }",linux-2.6,,,231994304293684324295684881060826837770,0 1317,CWE-119,"static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, const struct iovec *iv, unsigned long total_len, size_t count, int noblock) { struct sk_buff *skb; struct macvlan_dev *vlan; unsigned long len = total_len; int err; struct virtio_net_hdr vnet_hdr = { 0 }; int vnet_hdr_len = 0; int copylen; bool zerocopy = false; if (q->flags & IFF_VNET_HDR) { vnet_hdr_len = q->vnet_hdr_sz; err = -EINVAL; if (len < vnet_hdr_len) goto err; len -= vnet_hdr_len; err = memcpy_fromiovecend((void *)&vnet_hdr, iv, 0, sizeof(vnet_hdr)); if (err < 0) goto err; if ((vnet_hdr.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && vnet_hdr.csum_start + vnet_hdr.csum_offset + 2 > vnet_hdr.hdr_len) vnet_hdr.hdr_len = vnet_hdr.csum_start + vnet_hdr.csum_offset + 2; err = -EINVAL; if (vnet_hdr.hdr_len > len) goto err; } err = -EINVAL; if (unlikely(len < ETH_HLEN)) goto err; if (m && m->msg_control && sock_flag(&q->sk, SOCK_ZEROCOPY)) zerocopy = true; if (zerocopy) { copylen = vnet_hdr.hdr_len; if (!copylen) copylen = GOODCOPY_LEN; } else copylen = len; skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen, vnet_hdr.hdr_len, noblock, &err); if (!skb) goto err; if (zerocopy) err = zerocopy_sg_from_iovec(skb, iv, vnet_hdr_len, count); else err = skb_copy_datagram_from_iovec(skb, 0, iv, vnet_hdr_len, len); if (err) goto err_kfree; skb_set_network_header(skb, ETH_HLEN); skb_reset_mac_header(skb); skb->protocol = eth_hdr(skb)->h_proto; if (vnet_hdr_len) { err = macvtap_skb_from_vnet_hdr(skb, &vnet_hdr); if (err) goto err_kfree; } rcu_read_lock_bh(); vlan = rcu_dereference_bh(q->vlan); if (zerocopy) { skb_shinfo(skb)->destructor_arg = m->msg_control; skb_shinfo(skb)->tx_flags |= SKBTX_DEV_ZEROCOPY; } if (vlan) macvlan_start_xmit(skb, vlan->dev); else kfree_skb(skb); rcu_read_unlock_bh(); return total_len; err_kfree: kfree_skb(skb); err: rcu_read_lock_bh(); vlan = rcu_dereference_bh(q->vlan); if (vlan) vlan->dev->stats.tx_dropped++; rcu_read_unlock_bh(); return err; }",visit repo url,drivers/net/macvtap.c,https://github.com/torvalds/linux,205989191794524,1 3251,['CWE-189'],"void jpc_enc_dump(jpc_enc_t *enc) { jpc_enc_tile_t *tile; jpc_enc_tcmpt_t *tcmpt; jpc_enc_rlvl_t *rlvl; jpc_enc_band_t *band; jpc_enc_prc_t *prc; jpc_enc_cblk_t *cblk; uint_fast16_t cmptno; uint_fast16_t rlvlno; uint_fast16_t bandno; uint_fast32_t prcno; uint_fast32_t cblkno; tile = enc->curtile; for (cmptno = 0, tcmpt = tile->tcmpts; cmptno < tile->numtcmpts; ++cmptno, ++tcmpt) { jas_eprintf("" tcmpt %5d %5d %5d %5d\n"", jas_seq2d_xstart(tcmpt->data), jas_seq2d_ystart(tcmpt->data), jas_seq2d_xend(tcmpt->data), jas_seq2d_yend(tcmpt->data)); for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls; ++rlvlno, ++rlvl) { jas_eprintf("" rlvl %5d %5d %5d %5d\n"", rlvl->tlx, rlvl->tly, rlvl->brx, rlvl->bry); for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; ++bandno, ++band) { if (!band->data) { continue; } jas_eprintf("" band %5d %5d %5d %5d\n"", jas_seq2d_xstart(band->data), jas_seq2d_ystart(band->data), jas_seq2d_xend(band->data), jas_seq2d_yend(band->data)); for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno, ++prc) { jas_eprintf("" prc %5d %5d %5d %5d (%5d %5d)\n"", prc->tlx, prc->tly, prc->brx, prc->bry, prc->brx - prc->tlx, prc->bry - prc->tly); if (!prc->cblks) { continue; } for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks; ++cblkno, ++cblk) { jas_eprintf("" cblk %5d %5d %5d %5d\n"", jas_seq2d_xstart(cblk->data), jas_seq2d_ystart(cblk->data), jas_seq2d_xend(cblk->data), jas_seq2d_yend(cblk->data)); } } } } } }",jasper,,,276301857214079850285230522563084005918,0 5105,CWE-125,"Module(asdl_seq * body, PyArena *arena) { mod_ty p; p = (mod_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = Module_kind; p->v.Module.body = body; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,194366643467067,1 6546,CWE-835,"static void http_manage_server_side_cookies(struct stream *s, struct channel *res) { struct session *sess = s->sess; struct http_txn *txn = s->txn; struct htx *htx; struct http_hdr_ctx ctx; struct server *srv; char *hdr_beg, *hdr_end; char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next; int is_cookie2 = 0; htx = htxbuf(&res->buf); ctx.blk = NULL; while (1) { int is_first = 1; if (!http_find_header(htx, ist(""Set-Cookie""), &ctx, 1)) { if (!http_find_header(htx, ist(""Set-Cookie2""), &ctx, 1)) break; is_cookie2 = 1; } txn->flags |= TX_SCK_PRESENT; if (s->be->cookie_name == NULL && sess->fe->capture_name == NULL) break; hdr_beg = ctx.value.ptr; hdr_end = hdr_beg + ctx.value.len; for (prev = hdr_beg; prev < hdr_end; prev = next) { att_beg = prev; if (!is_first) att_beg++; is_first = 0; while (att_beg < hdr_end && HTTP_IS_SPHT(*att_beg)) att_beg++; equal = att_end = att_beg; while (equal < hdr_end) { if (*equal == '=' || *equal == ';' || (is_cookie2 && *equal == ',')) break; if (HTTP_IS_SPHT(*equal++)) continue; att_end = equal; } if (equal < hdr_end && *equal == '=') { val_beg = equal + 1; while (val_beg < hdr_end && HTTP_IS_SPHT(*val_beg)) val_beg++; next = http_find_cookie_value_end(val_beg, hdr_end); val_end = next; while (val_end > val_beg && HTTP_IS_SPHT(*(val_end - 1))) val_end--; } else { val_beg = val_end = next = equal; } if (next < hdr_end) { if (is_cookie2) next = http_find_hdr_value_end(next, hdr_end); else next = hdr_end; } if (equal == val_end) continue; if (unlikely(att_end != equal || val_beg > equal + 1)) { int stripped_before = 0; int stripped_after = 0; if (att_end != equal) { memmove(att_end, equal, hdr_end - equal); stripped_before = (att_end - equal); equal += stripped_before; val_beg += stripped_before; } if (val_beg > equal + 1) { memmove(equal + 1, val_beg, hdr_end + stripped_before - val_beg); stripped_after = (equal + 1) - val_beg; val_beg += stripped_after; stripped_before += stripped_after; } val_end += stripped_before; next += stripped_before; hdr_end += stripped_before; htx_change_blk_value_len(htx, ctx.blk, hdr_end - hdr_beg); ctx.value.len = hdr_end - hdr_beg; } if (sess->fe->capture_name != NULL && txn->srv_cookie == NULL && (val_end - att_beg >= sess->fe->capture_namelen) && memcmp(att_beg, sess->fe->capture_name, sess->fe->capture_namelen) == 0) { int log_len = val_end - att_beg; if ((txn->srv_cookie = pool_alloc(pool_head_capture)) == NULL) { ha_alert(""HTTP logging : out of memory.\n""); } else { if (log_len > sess->fe->capture_len) log_len = sess->fe->capture_len; memcpy(txn->srv_cookie, att_beg, log_len); txn->srv_cookie[log_len] = 0; } } srv = objt_server(s->target); if (!(s->flags & SF_IGNORE_PRST) && (att_end - att_beg == s->be->cookie_len) && (s->be->cookie_name != NULL) && (memcmp(att_beg, s->be->cookie_name, att_end - att_beg) == 0)) { txn->flags &= ~TX_SCK_MASK; txn->flags |= TX_SCK_FOUND; if (s->be->ck_opts & PR_CK_PSV) { } else if ((srv && (s->be->ck_opts & PR_CK_INS)) || ((s->flags & SF_DIRECT) && (s->be->ck_opts & PR_CK_IND))) { if (prev == hdr_beg && next == hdr_end) { http_remove_header(htx, &ctx); } else { int delta = http_del_hdr_value(hdr_beg, hdr_end, &prev, next); next = prev; hdr_end += delta; } txn->flags &= ~TX_SCK_MASK; txn->flags |= TX_SCK_DELETED; } else if (srv && srv->cookie && (s->be->ck_opts & PR_CK_RW)) { int sliding, delta; ctx.value = ist2(val_beg, val_end - val_beg); ctx.lws_before = ctx.lws_after = 0; http_replace_header_value(htx, &ctx, ist2(srv->cookie, srv->cklen)); delta = srv->cklen - (val_end - val_beg); sliding = (ctx.value.ptr - val_beg); hdr_beg += sliding; val_beg += sliding; next += sliding + delta; hdr_end += sliding + delta; txn->flags &= ~TX_SCK_MASK; txn->flags |= TX_SCK_REPLACED; } else if (srv && srv->cookie && (s->be->ck_opts & PR_CK_PFX)) { int sliding, delta; ctx.value = ist2(val_beg, 0); ctx.lws_before = ctx.lws_after = 0; http_replace_header_value(htx, &ctx, ist2(srv->cookie, srv->cklen + 1)); delta = srv->cklen + 1; sliding = (ctx.value.ptr - val_beg); hdr_beg += sliding; val_beg += sliding; next += sliding + delta; hdr_end += sliding + delta; val_beg[srv->cklen] = COOKIE_DELIM; txn->flags &= ~TX_SCK_MASK; txn->flags |= TX_SCK_REPLACED; } } } } }",visit repo url,src/http_ana.c,https://github.com/haproxy/haproxy,109754753719495,1 1959,['CWE-20'],"static __init int vdso_fixup_features(struct lib32_elfinfo *v32, struct lib64_elfinfo *v64) { void *start32; unsigned long size32; #ifdef CONFIG_PPC64 void *start64; unsigned long size64; start64 = find_section64(v64->hdr, ""__ftr_fixup"", &size64); if (start64) do_feature_fixups(cur_cpu_spec->cpu_features, start64, start64 + size64); start64 = find_section64(v64->hdr, ""__fw_ftr_fixup"", &size64); if (start64) do_feature_fixups(powerpc_firmware_features, start64, start64 + size64); #endif start32 = find_section32(v32->hdr, ""__ftr_fixup"", &size32); if (start32) do_feature_fixups(cur_cpu_spec->cpu_features, start32, start32 + size32); #ifdef CONFIG_PPC64 start32 = find_section32(v32->hdr, ""__fw_ftr_fixup"", &size32); if (start32) do_feature_fixups(powerpc_firmware_features, start32, start32 + size32); #endif return 0; }",linux-2.6,,,243183205359459273754325272655111920226,0 1669,CWE-362,"static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, struct task_struct *tsk) { unsigned cpu = smp_processor_id(); if (likely(prev != next)) { #ifdef CONFIG_SMP this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); this_cpu_write(cpu_tlbstate.active_mm, next); #endif cpumask_set_cpu(cpu, mm_cpumask(next)); load_cr3(next->pgd); trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); cpumask_clear_cpu(cpu, mm_cpumask(prev)); load_mm_cr4(next); #ifdef CONFIG_MODIFY_LDT_SYSCALL if (unlikely(prev->context.ldt != next->context.ldt)) load_mm_ldt(next); #endif } #ifdef CONFIG_SMP else { this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next); if (!cpumask_test_cpu(cpu, mm_cpumask(next))) { cpumask_set_cpu(cpu, mm_cpumask(next)); load_cr3(next->pgd); trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); load_mm_cr4(next); load_mm_ldt(next); } } #endif }",visit repo url,arch/x86/include/asm/mmu_context.h,https://github.com/torvalds/linux,220322441504115,1 470,[],"pfm_mod_write_dbrs(struct task_struct *task, void *req, unsigned int nreq, struct pt_regs *regs) { pfm_context_t *ctx; if (req == NULL) return -EINVAL; ctx = GET_PMU_CTX(); if (ctx == NULL) return -EINVAL; if (task != current && ctx->ctx_fl_system == 0) return -EBUSY; return pfm_write_dbrs(ctx, req, nreq, regs); }",linux-2.6,,,232839002671730831839215501916727008902,0 5325,CWE-674,"static void Sp_search(js_State *J) { js_Regexp *re; const char *text; Resub m; text = checkstring(J, 0); if (js_isregexp(J, 1)) js_copy(J, 1); else if (js_isundefined(J, 1)) js_newregexp(J, """", 0); else js_newregexp(J, js_tostring(J, 1), 0); re = js_toregexp(J, -1); if (!js_regexec(re->prog, text, &m, 0)) js_pushnumber(J, js_utfptrtoidx(text, m.sub[0].sp)); else js_pushnumber(J, -1); }",visit repo url,jsstring.c,https://github.com/ccxvii/mujs,139090088761373,1 6037,['CWE-200'],"static int ipv6_count_addresses(struct inet6_dev *idev) { int cnt = 0; struct inet6_ifaddr *ifp; read_lock_bh(&idev->lock); for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) cnt++; read_unlock_bh(&idev->lock); return cnt; }",linux-2.6,,,335499032493337065630634590385212500702,0 2059,CWE-667,"static int __dwc3_gadget_kick_transfer(struct dwc3_ep *dep) { struct dwc3_gadget_ep_cmd_params params; struct dwc3_request *req; int starting; int ret; u32 cmd; if (!dwc3_calc_trbs_left(dep)) return 0; starting = !(dep->flags & DWC3_EP_BUSY); dwc3_prepare_trbs(dep); req = next_request(&dep->started_list); if (!req) { dep->flags |= DWC3_EP_PENDING_REQUEST; return 0; } memset(¶ms, 0, sizeof(params)); if (starting) { params.param0 = upper_32_bits(req->trb_dma); params.param1 = lower_32_bits(req->trb_dma); cmd = DWC3_DEPCMD_STARTTRANSFER; if (usb_endpoint_xfer_isoc(dep->endpoint.desc)) cmd |= DWC3_DEPCMD_PARAM(dep->frame_number); } else { cmd = DWC3_DEPCMD_UPDATETRANSFER | DWC3_DEPCMD_PARAM(dep->resource_index); } ret = dwc3_send_gadget_ep_cmd(dep, cmd, ¶ms); if (ret < 0) { if (req->trb) memset(req->trb, 0, sizeof(struct dwc3_trb)); dep->queued_requests--; dwc3_gadget_giveback(dep, req, ret); return ret; } dep->flags |= DWC3_EP_BUSY; if (starting) { dep->resource_index = dwc3_gadget_ep_get_transfer_index(dep); WARN_ON_ONCE(!dep->resource_index); } return 0; }",visit repo url,drivers/usb/dwc3/gadget.c,https://github.com/torvalds/linux,43109390586655,1 2193,['CWE-193'],"int filemap_fdatawait(struct address_space *mapping) { loff_t i_size = i_size_read(mapping->host); if (i_size == 0) return 0; return wait_on_page_writeback_range(mapping, 0, (i_size - 1) >> PAGE_CACHE_SHIFT); }",linux-2.6,,,264764428775571505532372136250401836258,0 6750,CWE-787,"struct dns_https_param *dns_get_HTTPS_svcparm_start(struct dns_rrs *rrs, char *domain, int maxsize, int *ttl, int *priority, char *target, int target_size) { int qtype = 0; unsigned char *data = NULL; int rr_len = 0; data = dns_get_rr_nested_start(rrs, domain, maxsize, &qtype, ttl, &rr_len); if (data == NULL) { return NULL; } if (qtype != DNS_T_HTTPS) { return NULL; } if (rr_len < 2) { return NULL; } *priority = _dns_read_short(&data); rr_len -= 2; if (rr_len <= 0) { return NULL; } int len = strnlen((char *)data, rr_len); safe_strncpy(target, (char *)data, target_size); data += len + 1; rr_len -= len + 1; if (rr_len <= 0) { return NULL; } return (struct dns_https_param *)data; }",visit repo url,src/dns.c,https://github.com/pymumu/smartdns,247647469283084,1 3724,CWE-755,"smtp_mailaddr(struct mailaddr *maddr, char *line, int mailfrom, char **args, const char *domain) { char *p, *e; if (line == NULL) return (0); if (*line != '<') return (0); e = strchr(line, '>'); if (e == NULL) return (0); *e++ = '\0'; while (*e == ' ') e++; *args = e; if (!text_to_mailaddr(maddr, line + 1)) return (0); p = strchr(maddr->user, ':'); if (p != NULL) { p++; memmove(maddr->user, p, strlen(p) + 1); } if (!valid_localpart(maddr->user) || !valid_domainpart(maddr->domain)) { if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') return (1); if (maddr->user[0] == '\0') return (0); if (maddr->domain[0] == '\0') { (void)strlcpy(maddr->domain, domain, sizeof(maddr->domain)); return (1); } return (0); } return (1); }",visit repo url,usr.sbin/smtpd/smtp_session.c,https://github.com/openbsd/src,50955831687253,1 6618,CWE-787,"static int MqttClient_WaitType(MqttClient *client, void *packet_obj, byte wait_type, word16 wait_packet_id, int timeout_ms) { int rc; word16 packet_id; MqttPacketType packet_type; #ifdef WOLFMQTT_MULTITHREAD MqttPendResp *pendResp; int readLocked; #endif MqttMsgStat* mms_stat; int waitMatchFound; if (client == NULL || packet_obj == NULL) { return MQTT_CODE_ERROR_BAD_ARG; } mms_stat = (MqttMsgStat*)packet_obj; wait_again: packet_id = 0; packet_type = MQTT_PACKET_TYPE_RESERVED; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; readLocked = 0; #endif waitMatchFound = 0; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Type %s (%d), ID %d"", MqttPacket_TypeDesc((MqttPacketType)wait_type), wait_type, wait_packet_id); #endif switch ((int)*mms_stat) { case MQTT_MSG_BEGIN: { #ifdef WOLFMQTT_MULTITHREAD rc = wm_SemLock(&client->lockRecv); if (rc != 0) { PRINTF(""MqttClient_WaitType: recv lock error!""); return rc; } readLocked = 1; #endif client->packet.stat = MQTT_PK_BEGIN; } FALL_THROUGH; #ifdef WOLFMQTT_V5 case MQTT_MSG_AUTH: #endif case MQTT_MSG_WAIT: { #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, (MqttPacketType)wait_type, wait_packet_id, &pendResp)) { if (pendResp->packetDone) { rc = pendResp->packet_ret; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp already Done %p: Rc %d"", pendResp, rc); #endif MqttClient_RespList_Remove(client, pendResp); wm_SemUnlock(&client->lockClient); wm_SemUnlock(&client->lockRecv); return rc; } } wm_SemUnlock(&client->lockClient); } else { break; } #endif *mms_stat = MQTT_MSG_WAIT; rc = MqttPacket_Read(client, client->rx_buf, client->rx_buf_len, timeout_ms); if (rc <= 0) { break; } client->packet.buf_len = rc; rc = MqttClient_DecodePacket(client, client->rx_buf, client->packet.buf_len, NULL, &packet_type, NULL, &packet_id); if (rc < 0) { break; } #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""Read Packet: Len %d, Type %d, ID %d"", client->packet.buf_len, packet_type, packet_id); #endif *mms_stat = MQTT_MSG_READ; } FALL_THROUGH; case MQTT_MSG_READ: case MQTT_MSG_READ_PAYLOAD: { MqttPacketType use_packet_type; void* use_packet_obj; #ifdef WOLFMQTT_MULTITHREAD readLocked = 1; #endif if (*mms_stat == MQTT_MSG_READ_PAYLOAD) { packet_type = MQTT_PACKET_TYPE_PUBLISH; } if ((wait_type == MQTT_PACKET_TYPE_ANY || wait_type == packet_type || MqttIsPubRespPacket(packet_type) == MqttIsPubRespPacket(wait_type)) && (wait_packet_id == 0 || wait_packet_id == packet_id)) { use_packet_obj = packet_obj; waitMatchFound = 1; } else { use_packet_obj = &client->msg; } use_packet_type = packet_type; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, packet_type, packet_id, &pendResp)) { pendResp->packetProcessing = 1; use_packet_obj = pendResp->packet_obj; use_packet_type = pendResp->packet_type; waitMatchFound = 0; } wm_SemUnlock(&client->lockClient); } else { break; } #endif rc = MqttClient_HandlePacket(client, use_packet_type, use_packet_obj, timeout_ms); #ifdef WOLFMQTT_NONBLOCK if (rc == MQTT_CODE_CONTINUE) { return rc; } #endif if (rc >= 0) { rc = MQTT_CODE_SUCCESS; } #ifdef WOLFMQTT_MULTITHREAD if (pendResp) { if (wm_SemLock(&client->lockClient) == 0) { pendResp->packetDone = 1; pendResp->packet_ret = rc; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp Done %p"", pendResp); #endif pendResp = NULL; wm_SemUnlock(&client->lockClient); } } #endif break; } case MQTT_MSG_WRITE: case MQTT_MSG_WRITE_PAYLOAD: default: { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Invalid state %d!"", *mms_stat); #endif rc = MQTT_CODE_ERROR_STAT; break; } } #ifdef WOLFMQTT_NONBLOCK if (rc != MQTT_CODE_CONTINUE) #endif { *mms_stat = MQTT_MSG_BEGIN; } #ifdef WOLFMQTT_MULTITHREAD if (readLocked) { wm_SemUnlock(&client->lockRecv); } #endif if (rc < 0) { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Failure: %s (%d)"", MqttClient_ReturnCodeToString(rc), rc); #endif return rc; } if (!waitMatchFound) { goto wait_again; } return rc; }",visit repo url,src/mqtt_client.c,https://github.com/wolfSSL/wolfMQTT,278703091752165,1 4416,['CWE-264'],"int compat_sock_common_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) { struct sock *sk = sock->sk; if (sk->sk_prot->compat_setsockopt != NULL) return sk->sk_prot->compat_setsockopt(sk, level, optname, optval, optlen); return sk->sk_prot->setsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,30359578246415617514836997589827438746,0 1748,CWE-400,"static enum gro_result dev_gro_receive(struct napi_struct *napi, struct sk_buff *skb) { struct sk_buff **pp = NULL; struct packet_offload *ptype; __be16 type = skb->protocol; struct list_head *head = &offload_base; int same_flow; enum gro_result ret; int grow; if (!(skb->dev->features & NETIF_F_GRO)) goto normal; if (skb_is_gso(skb) || skb_has_frag_list(skb) || skb->csum_bad) goto normal; gro_list_prepare(napi, skb); rcu_read_lock(); list_for_each_entry_rcu(ptype, head, list) { if (ptype->type != type || !ptype->callbacks.gro_receive) continue; skb_set_network_header(skb, skb_gro_offset(skb)); skb_reset_mac_len(skb); NAPI_GRO_CB(skb)->same_flow = 0; NAPI_GRO_CB(skb)->flush = 0; NAPI_GRO_CB(skb)->free = 0; NAPI_GRO_CB(skb)->udp_mark = 0; NAPI_GRO_CB(skb)->gro_remcsum_start = 0; switch (skb->ip_summed) { case CHECKSUM_COMPLETE: NAPI_GRO_CB(skb)->csum = skb->csum; NAPI_GRO_CB(skb)->csum_valid = 1; NAPI_GRO_CB(skb)->csum_cnt = 0; break; case CHECKSUM_UNNECESSARY: NAPI_GRO_CB(skb)->csum_cnt = skb->csum_level + 1; NAPI_GRO_CB(skb)->csum_valid = 0; break; default: NAPI_GRO_CB(skb)->csum_cnt = 0; NAPI_GRO_CB(skb)->csum_valid = 0; } pp = ptype->callbacks.gro_receive(&napi->gro_list, skb); break; } rcu_read_unlock(); if (&ptype->list == head) goto normal; same_flow = NAPI_GRO_CB(skb)->same_flow; ret = NAPI_GRO_CB(skb)->free ? GRO_MERGED_FREE : GRO_MERGED; if (pp) { struct sk_buff *nskb = *pp; *pp = nskb->next; nskb->next = NULL; napi_gro_complete(nskb); napi->gro_count--; } if (same_flow) goto ok; if (NAPI_GRO_CB(skb)->flush) goto normal; if (unlikely(napi->gro_count >= MAX_GRO_SKBS)) { struct sk_buff *nskb = napi->gro_list; while (nskb->next) { pp = &nskb->next; nskb = *pp; } *pp = NULL; nskb->next = NULL; napi_gro_complete(nskb); } else { napi->gro_count++; } NAPI_GRO_CB(skb)->count = 1; NAPI_GRO_CB(skb)->age = jiffies; NAPI_GRO_CB(skb)->last = skb; skb_shinfo(skb)->gso_size = skb_gro_len(skb); skb->next = napi->gro_list; napi->gro_list = skb; ret = GRO_HELD; pull: grow = skb_gro_offset(skb) - skb_headlen(skb); if (grow > 0) gro_pull_from_frag0(skb, grow); ok: return ret; normal: ret = GRO_NORMAL; goto pull;",visit repo url,net/core/dev.c,https://github.com/torvalds/linux,66013448808825,1 2009,CWE-125,"static void vgacon_scrollback_switch(int vc_num) { if (!scrollback_persistent) vc_num = 0; if (!vgacon_scrollbacks[vc_num].data) { vgacon_scrollback_init(vc_num); } else { if (scrollback_persistent) { vgacon_scrollback_cur = &vgacon_scrollbacks[vc_num]; } else { size_t size = CONFIG_VGACON_SOFT_SCROLLBACK_SIZE * 1024; vgacon_scrollback_reset(vc_num, size); } } }",visit repo url,drivers/video/console/vgacon.c,https://github.com/torvalds/linux,48724604466795,1 4902,CWE-787,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { #define MaxPixelChannels 32 #define ThrowTIFFException(severity,message) \ { \ if (pixel_info != (MemoryInfo *) NULL) \ pixel_info=RelinquishVirtualMemory(pixel_info); \ if (quantum_info != (QuantumInfo *) NULL) \ quantum_info=DestroyQuantumInfo(quantum_info); \ TIFFClose(tiff); \ ThrowReaderException(severity,message); \ } const char *option; float *chromaticity = (float *) NULL, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status = 0; MagickBooleanType more_frames; MagickStatusType status; MemoryInfo *pixel_info = (MemoryInfo *) NULL; QuantumInfo *quantum_info; QuantumType quantum_type; size_t number_pixels; ssize_t i, scanline_size, y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag = 0, bits_per_sample = 0, endian = 0, extra_samples = 0, interlace = 0, max_sample_value = 0, min_sample_value = 0, orientation = 0, pages = 0, photometric = 0, *sample_info = NULL, sample_format = 0, samples_per_pixel = 0, units = 0, value = 0; uint32 height, rows_per_strip, width; unsigned char *pixels; void *sans[8] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); if (IsEventLogging() != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); image=AcquireImage(image_info); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { if (exception->severity == UndefinedException) ThrowReaderException(CorruptImageError,""UnableToReadImageData""); image=DestroyImageList(image); return((Image *) NULL); } if (exception->severity > ErrorException) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t)TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } more_frames=MagickTrue; do { photometric=PHOTOMETRIC_RGB; if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value,sans) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (((sample_format != SAMPLEFORMAT_IEEEFP) || (bits_per_sample != 64)) && ((bits_per_sample <= 0) || (bits_per_sample > 32))) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""UnsupportedBitsPerPixel""); } tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info,sans); if ((samples_per_pixel+extra_samples) > MaxPixelChannels) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""MaximumChannelsExceeded""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point""); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black""); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white""); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette""); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB""); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB""); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)""); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV""); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK""); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated""); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR""); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown""); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"")); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb""); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb""); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) image->colorspace=GRAYColorspace; if (photometric == PHOTOMETRIC_SEPARATED) image->colorspace=CMYKColorspace; if (photometric == PHOTOMETRIC_CIELAB) image->colorspace=LabColorspace; if ((photometric == PHOTOMETRIC_YCBCR) && (compress_tag != COMPRESSION_OJPEG) && (compress_tag != COMPRESSION_JPEG)) image->colorspace=YCbCrColorspace; status=TIFFGetProfiles(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=TIFFGetProperties(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } option=GetImageOption(image_info,""tiff:exif-properties""); if ((option == (const char *) NULL) || (IsMagickTrue(option) != MagickFalse)) (void) TIFFGetEXIFProperties(tiff,image); option=GetImageOption(image_info,""tiff:gps-properties""); if ((option == (const char *) NULL) || (IsMagickTrue(option) != MagickFalse)) (void) TIFFGetGPSProperties(tiff,image); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution,sans) == 1)) { image->x_resolution=x_resolution; image->y_resolution=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units,sans,sans) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1)) { image->page.x=CastDoubleToLong(ceil(x_position* image->x_resolution-0.5)); image->page.y=CastDoubleToLong(ceil(y_position* image->y_resolution-0.5)); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MaxTextExtent]; int tiff_status; uint16 horizontal, vertical; tiff_status=TIFFGetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,&horizontal, &vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MaxTextExtent,""%dx%d"", horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; #if defined(COMPRESSION_WEBP) case COMPRESSION_WEBP: image->compression=WebPCompression; break; #endif #if defined(COMPRESSION_ZSTD) case COMPRESSION_ZSTD: image->compression=ZstdCompression; break; #endif default: image->compression=RLECompression; break; } quantum_info=(QuantumInfo *) NULL; if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages,sans) == 1) image->scene=value; if (image->storage_class == PseudoClass) { int tiff_status; size_t range; uint16 *blue_colormap = (uint16 *) NULL, *green_colormap = (uint16 *) NULL, *red_colormap = (uint16 *) NULL; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=SetImageColorspace(image,image->colorspace); status&=ResetImagePixels(image,exception); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info,sans); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified""); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->matte=MagickTrue; } else for (i=0; i < extra_samples; i++) { if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { image->matte=MagickTrue; SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated""); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) { image->matte=MagickTrue; SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""unassociated""); } } if (image->matte != MagickFalse) extra_samples--; } if (image->matte != MagickFalse) (void) SetImageAlphaChannel(image,OpaqueAlphaChannel); method=ReadGenericMethod; rows_per_strip=(uint32) image->rows; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char value[MaxTextExtent]; (void) FormatLocaleString(value,MaxTextExtent,""%u"",(unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",value); method=ReadStripMethod; if (rows_per_strip > (uint32) image->rows) rows_per_strip=(uint32) image->rows; } else if (image->depth > 8) method=ReadStripMethod; if (TIFFIsTiled(tiff) != MagickFalse) { uint32 columns, rows; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); if ((AcquireMagickResource(WidthResource,columns) == MagickFalse) || (AcquireMagickResource(HeightResource,rows) == MagickFalse)) ThrowTIFFException(ImageError,""WidthOrHeightExceedsLimit""); method=ReadTileMethod; } if ((photometric == PHOTOMETRIC_LOGLUV) || (compress_tag == COMPRESSION_CCITTFAX3)) method=ReadGenericMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); quantum_info->endian=LSBEndian; scanline_size=TIFFScanlineSize(tiff); if (scanline_size <= 0) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=MagickMax((MagickSizeType) image->columns*samples_per_pixel* pow(2.0,ceil(log(bits_per_sample)/log(2.0))),image->columns* rows_per_strip); if ((double) scanline_size > 1.5*number_pixels) ThrowTIFFException(CorruptImageError,""CorruptImage""); number_pixels=MagickMax((MagickSizeType) scanline_size,number_pixels); pixel_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); (void) ResetMagickMemory(pixels,0,number_pixels*sizeof(uint32)); quantum_type=GrayQuantum; if (image->storage_class == PseudoClass) quantum_type=IndexQuantum; if (interlace != PLANARCONFIG_SEPARATE) { size_t pad; pad=(size_t) MagickMax((ssize_t) samples_per_pixel-1,0); if (image->matte != MagickFalse) { if (image->storage_class == PseudoClass) quantum_type=IndexAlphaQuantum; else quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; } if (samples_per_pixel > 2) { if (image->colorspace == CMYKColorspace) { quantum_type=CMYKQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel+ extra_samples-4,0); if (image->matte != MagickFalse) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel+ extra_samples-5,0); } } else if (image->matte != MagickFalse) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel+ extra_samples-4,0); } else { quantum_type=RGBQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel+ extra_samples-3,0); } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); } } switch (method) { case ReadYCCKMethod: { for (y=0; y < (ssize_t) image->rows; y++) { int status; IndexPacket *indexes; PixelPacket *magick_restrict q; ssize_t x; unsigned char *p; status=TIFFReadPixels(tiff,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; indexes=GetAuthenticIndexQueue(image); p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456))); SetPixelMagenta(q,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984))); SetPixelYellow(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816))); SetPixelBlack(indexes+x,ScaleCharToQuantum((unsigned char)*(p+3))); q++; p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { size_t extent; ssize_t stride, strip_id; tsize_t strip_size; unsigned char *p, *strip_pixels; extent=4*MagickMax(image->columns*(samples_per_pixel+extra_samples)* (image->depth+7)/8,TIFFStripSize(tiff)); strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*strip_pixels)); if (strip_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); stride=TIFFVStripSize(tiff,1); strip_id=0; p=strip_pixels; for (i=0; i < (ssize_t) samples_per_pixel; i++) { size_t rows_remaining; switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } rows_remaining=0; for (y=0; y < (ssize_t) image->rows; y++) { PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; if (rows_remaining == 0) { strip_size=TIFFReadEncodedStrip(tiff,strip_id,strip_pixels, TIFFStripSize(tiff)); if (strip_size == -1) break; rows_remaining=rows_per_strip; if ((y+rows_per_strip) > (ssize_t) image->rows) rows_remaining=(rows_per_strip-(y+rows_per_strip- image->rows)); p=strip_pixels; strip_id++; } (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=stride; rows_remaining--; if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } strip_pixels=(unsigned char *) RelinquishMagickMemory(strip_pixels); break; } case ReadTileMethod: { unsigned char *p; size_t extent; uint32 columns, rows; unsigned char *tile_pixels; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff), TIFFTileSize(tiff)); tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*tile_pixels)); if (tile_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(tile_pixels,0,extent*sizeof(*tile_pixels)); for (i=0; i < (ssize_t) samples_per_pixel; i++) { switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } for (y=0; y < (ssize_t) image->rows; y+=rows) { ssize_t x; size_t rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t columns_remaining, row; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; tiff_status=TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y, 0,i); if (tiff_status == -1) break; p=tile_pixels; for (row=0; row < rows_remaining; row++) { PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,x,y+row,columns_remaining,1, exception); if (q == (PixelPacket *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=TIFFTileRowSize(tiff); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) i, samples_per_pixel); if (status == MagickFalse) break; } } tile_pixels=(unsigned char *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *generic_info = (MemoryInfo *) NULL; uint32 *p; uint32 *pixels; if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=(MagickSizeType) image->columns*image->rows; generic_info=AcquireVirtualMemory(number_pixels,sizeof(*pixels)); if (generic_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(uint32 *) GetVirtualMemoryBlob(generic_info); tiff_status=TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32) image->rows,(uint32 *) pixels,0); if (tiff_status == -1) { generic_info=RelinquishVirtualMemory(generic_info); break; } p=pixels+(image->columns*image->rows)-1; for (y=0; y < (ssize_t) image->rows; y++) { ssize_t x; PixelPacket *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; q+=image->columns-1; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(q,ScaleCharToQuantum((unsigned char) TIFFGetR(*p))); SetPixelGreen(q,ScaleCharToQuantum((unsigned char) TIFFGetG(*p))); SetPixelBlue(q,ScaleCharToQuantum((unsigned char) TIFFGetB(*p))); if (image->matte == MagickFalse) SetPixelOpacity(q,OpaqueOpacity); else SetPixelAlpha(q,ScaleCharToQuantum((unsigned char) TIFFGetA(*p))); p--; q--; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } generic_info=RelinquishVirtualMemory(generic_info); break; } } pixel_info=RelinquishVirtualMemory(pixel_info); SetQuantumImageType(image,quantum_type); next_tiff_frame: if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (tiff_status == -1) { status=MagickFalse; break; } if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; more_frames=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (more_frames != MagickFalse) { AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { status=MagickFalse; break; } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while ((status != MagickFalse) && (more_frames != MagickFalse)); TIFFClose(tiff); if ((image_info->number_scenes != 0) && (image_info->scene >= GetImageListLength(image))) status=MagickFalse; if (status == MagickFalse) return(DestroyImageList(image)); TIFFReadPhotoshopLayers(image_info,image,exception); return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick6,6712384264384,1 6420,CWE-20,"void lpc546xxEthTick(NetInterface *interface) { if(interface->phyDriver != NULL) { interface->phyDriver->tick(interface); } else if(interface->switchDriver != NULL) { interface->switchDriver->tick(interface); } else { } }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,165600376671157,1 1075,['CWE-20'],"int atomic_notifier_chain_unregister(struct atomic_notifier_head *nh, struct notifier_block *n) { unsigned long flags; int ret; spin_lock_irqsave(&nh->lock, flags); ret = notifier_chain_unregister(&nh->head, n); spin_unlock_irqrestore(&nh->lock, flags); synchronize_rcu(); return ret; }",linux-2.6,,,325810919993933085445539071240415619816,0 3988,CWE-352,"void set_header(HttpResponse res, const char *name, const char *value) { HttpHeader h = NULL; ASSERT(res); ASSERT(name); NEW(h); h->name = Str_dup(name); h->value = Str_dup(value); if (res->headers) { HttpHeader n, p; for (n = p = res->headers; p; n = p, p = p->next) { if (IS(p->name, name)) { FREE(p->value); p->value = Str_dup(value); destroy_entry(h); return; } } n->next = h; } else { res->headers = h; } }",visit repo url,src/http/processor.c,https://bitbucket.org/tildeslash/monit,15175290750145,1 1734,[],"static int __migrate_task(struct task_struct *p, int src_cpu, int dest_cpu) { struct rq *rq_dest, *rq_src; int ret = 0, on_rq; if (unlikely(cpu_is_offline(dest_cpu))) return ret; rq_src = cpu_rq(src_cpu); rq_dest = cpu_rq(dest_cpu); double_rq_lock(rq_src, rq_dest); if (task_cpu(p) != src_cpu) goto out; if (!cpu_isset(dest_cpu, p->cpus_allowed)) goto out; on_rq = p->se.on_rq; if (on_rq) deactivate_task(rq_src, p, 0); set_task_cpu(p, dest_cpu); if (on_rq) { activate_task(rq_dest, p, 0); check_preempt_curr(rq_dest, p); } ret = 1; out: double_rq_unlock(rq_src, rq_dest); return ret; }",linux-2.6,,,134643546750405589048918122867042184429,0 3438,CWE-119,"char *path_name(struct strbuf *path, const char *name) { struct strbuf ret = STRBUF_INIT; if (path) strbuf_addbuf(&ret, path); strbuf_addstr(&ret, name); return strbuf_detach(&ret, NULL); }",visit repo url,revision.c,https://github.com/git/git,179718620906383,1 4645,CWE-120,"GF_Err stbl_AppendSize(GF_SampleTableBox *stbl, u32 size, u32 nb_pack) { u32 i; if (!nb_pack) nb_pack = 1; if (!stbl->SampleSize->sampleCount) { stbl->SampleSize->sampleSize = size; stbl->SampleSize->sampleCount += nb_pack; return GF_OK; } if (stbl->SampleSize->sampleSize && (stbl->SampleSize->sampleSize==size)) { stbl->SampleSize->sampleCount += nb_pack; return GF_OK; } if (!stbl->SampleSize->sizes || (stbl->SampleSize->sampleCount+nb_pack > stbl->SampleSize->alloc_size)) { Bool init_table = (stbl->SampleSize->sizes==NULL) ? 1 : 0; ALLOC_INC(stbl->SampleSize->alloc_size); if (stbl->SampleSize->sampleCount+nb_pack > stbl->SampleSize->alloc_size) stbl->SampleSize->alloc_size = stbl->SampleSize->sampleCount+nb_pack; stbl->SampleSize->sizes = (u32 *)gf_realloc(stbl->SampleSize->sizes, sizeof(u32)*stbl->SampleSize->alloc_size); if (!stbl->SampleSize->sizes) return GF_OUT_OF_MEM; memset(&stbl->SampleSize->sizes[stbl->SampleSize->sampleCount], 0, sizeof(u32) * (stbl->SampleSize->alloc_size - stbl->SampleSize->sampleCount) ); if (init_table) { for (i=0; iSampleSize->sampleCount; i++) stbl->SampleSize->sizes[i] = stbl->SampleSize->sampleSize; } } stbl->SampleSize->sampleSize = 0; for (i=0; iSampleSize->sizes[stbl->SampleSize->sampleCount+i] = size; } stbl->SampleSize->sampleCount += nb_pack; if (size > stbl->SampleSize->max_size) stbl->SampleSize->max_size = size; stbl->SampleSize->total_size += size; stbl->SampleSize->total_samples += nb_pack; return GF_OK; }",visit repo url,src/isomedia/stbl_write.c,https://github.com/gpac/gpac,37564298005410,1 1607,CWE-264,"void inet6_destroy_sock(struct sock *sk) { struct ipv6_pinfo *np = inet6_sk(sk); struct sk_buff *skb; struct ipv6_txoptions *opt; skb = xchg(&np->pktoptions, NULL); if (skb) kfree_skb(skb); skb = xchg(&np->rxpmtu, NULL); if (skb) kfree_skb(skb); fl6_free_socklist(sk); opt = xchg(&np->opt, NULL); if (opt) sock_kfree_s(sk, opt, opt->tot_len); }",visit repo url,net/ipv6/af_inet6.c,https://github.com/torvalds/linux,132928787989107,1 6092,['CWE-200'],"static void addrconf_sit_config(struct net_device *dev) { struct inet6_dev *idev; ASSERT_RTNL(); if ((idev = ipv6_find_idev(dev)) == NULL) { printk(KERN_DEBUG ""init sit: add_dev failed\n""); return; } sit_add_v4_addrs(idev); if (dev->flags&IFF_POINTOPOINT) { addrconf_add_mroute(dev); addrconf_add_lroute(dev); } else sit_route_add(dev); }",linux-2.6,,,19543124320650117558651085576972738724,0 2326,CWE-20,"GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, IPADDR *my_ip, const char *cert, const char *pkey, const char *cafile, const char *capath, gboolean verify) { GIOChannel *handle, *ssl_handle; handle = net_connect_ip(ip, port, my_ip); if (handle == NULL) return NULL; ssl_handle = irssi_ssl_get_iochannel(handle, cert, pkey, cafile, capath, verify); if (ssl_handle == NULL) g_io_channel_unref(handle); return ssl_handle; }",visit repo url,src/core/network-openssl.c,https://github.com/ensc/irssi-proxy,42013127179940,1 210,[],"static struct sock *atalk_search_socket(struct sockaddr_at *to, struct atalk_iface *atif) { struct sock *s; struct hlist_node *node; read_lock_bh(&atalk_sockets_lock); sk_for_each(s, node, &atalk_sockets) { struct atalk_sock *at = at_sk(s); if (to->sat_port != at->src_port) continue; if (to->sat_addr.s_net == ATADDR_ANYNET && to->sat_addr.s_node == ATADDR_BCAST && at->src_net == atif->address.s_net) goto found; if (to->sat_addr.s_net == at->src_net && (to->sat_addr.s_node == at->src_node || to->sat_addr.s_node == ATADDR_BCAST || to->sat_addr.s_node == ATADDR_ANYNODE)) goto found; if (to->sat_addr.s_node == ATADDR_ANYNODE && to->sat_addr.s_net != ATADDR_ANYNET && atif->address.s_node == at->src_node) { to->sat_addr.s_node = atif->address.s_node; goto found; } } s = NULL; found: read_unlock_bh(&atalk_sockets_lock); return s; }",history,,,98277017157943949128225407333296554371,0 5960,['CWE-200'],"int addrconf_del_ifaddr(void __user *arg) { struct in6_ifreq ireq; int err; if (!capable(CAP_NET_ADMIN)) return -EPERM; if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq))) return -EFAULT; rtnl_lock(); err = inet6_addr_del(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen); rtnl_unlock(); return err; }",linux-2.6,,,232188677618946641011552937083198523943,0 6032,['CWE-200'],"void addrconf_leave_anycast(struct inet6_ifaddr *ifp) { struct in6_addr addr; ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len); if (ipv6_addr_any(&addr)) return; __ipv6_dev_ac_dec(ifp->idev, &addr); }",linux-2.6,,,305673477157586763001961624768716992196,0 6609,['CWE-200'],"nma_menu_deactivate_cb (GtkWidget *widget, NMApplet *applet) { g_idle_add_full (G_PRIORITY_LOW, (GSourceFunc) nma_menu_clear, applet, NULL); #if GTK_CHECK_VERSION(2, 15, 0) gtk_status_icon_set_tooltip_text (applet->status_icon, applet->tip); #else gtk_status_icon_set_tooltip (applet->status_icon, applet->tip); #endif }",network-manager-applet,,,191781593275341012172714015494650123374,0 3613,CWE-415,"compat_kex_proposal(struct ssh *ssh, char *p) { if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) return p; debug2_f(""original KEX proposal: %s"", p); if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) if ((p = match_filter_denylist(p, ""curve25519-sha256@libssh.org"")) == NULL) fatal(""match_filter_denylist failed""); if ((ssh->compat & SSH_OLD_DHGEX) != 0) { if ((p = match_filter_denylist(p, ""diffie-hellman-group-exchange-sha256,"" ""diffie-hellman-group-exchange-sha1"")) == NULL) fatal(""match_filter_denylist failed""); } debug2_f(""compat KEX proposal: %s"", p); if (*p == '\0') fatal(""No supported key exchange algorithms found""); return p; }",visit repo url,compat.c,https://github.com/openssh/openssh-portable,10115100109796,1 226,CWE-285,"int __gfs2_set_acl(struct inode *inode, struct posix_acl *acl, int type) { int error; int len; char *data; const char *name = gfs2_acl_name(type); if (acl && acl->a_count > GFS2_ACL_MAX_ENTRIES(GFS2_SB(inode))) return -E2BIG; if (type == ACL_TYPE_ACCESS) { umode_t mode = inode->i_mode; error = posix_acl_equiv_mode(acl, &mode); if (error < 0) return error; if (error == 0) acl = NULL; if (mode != inode->i_mode) { inode->i_mode = mode; mark_inode_dirty(inode); } } if (acl) { len = posix_acl_to_xattr(&init_user_ns, acl, NULL, 0); if (len == 0) return 0; data = kmalloc(len, GFP_NOFS); if (data == NULL) return -ENOMEM; error = posix_acl_to_xattr(&init_user_ns, acl, data, len); if (error < 0) goto out; } else { data = NULL; len = 0; } error = __gfs2_xattr_set(inode, name, data, len, 0, GFS2_EATYPE_SYS); if (error) goto out; set_cached_acl(inode, type, acl); out: kfree(data); return error; }",visit repo url,fs/gfs2/acl.c,https://github.com/torvalds/linux,3226176889504,1 2222,NVD-CWE-noinfo,"static int update_open_stateid(struct nfs4_state *state, nfs4_stateid *open_stateid, nfs4_stateid *delegation, int open_flags) { struct nfs_inode *nfsi = NFS_I(state->inode); struct nfs_delegation *deleg_cur; int ret = 0; open_flags &= (FMODE_READ|FMODE_WRITE); rcu_read_lock(); deleg_cur = rcu_dereference(nfsi->delegation); if (deleg_cur == NULL) goto no_delegation; spin_lock(&deleg_cur->lock); if (nfsi->delegation != deleg_cur || (deleg_cur->type & open_flags) != open_flags) goto no_delegation_unlock; if (delegation == NULL) delegation = &deleg_cur->stateid; else if (memcmp(deleg_cur->stateid.data, delegation->data, NFS4_STATEID_SIZE) != 0) goto no_delegation_unlock; nfs_mark_delegation_referenced(deleg_cur); __update_open_stateid(state, open_stateid, &deleg_cur->stateid, open_flags); ret = 1; no_delegation_unlock: spin_unlock(&deleg_cur->lock); no_delegation: rcu_read_unlock(); if (!ret && open_stateid != NULL) { __update_open_stateid(state, open_stateid, NULL, open_flags); ret = 1; } return ret; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,243934121424763,1 5540,[],"void signal_wake_up(struct task_struct *t, int resume) { unsigned int mask; set_tsk_thread_flag(t, TIF_SIGPENDING); mask = TASK_INTERRUPTIBLE; if (resume) mask |= TASK_WAKEKILL; if (!wake_up_state(t, mask)) kick_process(t); }",linux-2.6,,,311732684287548643202184307581907694679,0 1477,[]," __acquires(rq->lock) { struct rq *rq; local_irq_disable(); rq = this_rq(); spin_lock(&rq->lock); return rq; }",linux-2.6,,,99760645933443919846040322825921339922,0 4862,CWE-119,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 5278,['CWE-264'],"static NTSTATUS append_parent_acl(files_struct *fsp, SMB_STRUCT_STAT *psbuf, SEC_DESC *psd, SEC_DESC **pp_new_sd) { SEC_DESC *parent_sd = NULL; files_struct *parent_fsp = NULL; TALLOC_CTX *mem_ctx = talloc_parent(psd); char *parent_name = NULL; SEC_ACE *new_ace = NULL; unsigned int num_aces = psd->dacl->num_aces; SMB_STRUCT_STAT sbuf; NTSTATUS status; int info; unsigned int i, j; bool is_dacl_protected = (psd->type & SE_DESC_DACL_PROTECTED); ZERO_STRUCT(sbuf); if (mem_ctx == NULL) { return NT_STATUS_NO_MEMORY; } if (!parent_dirname_talloc(mem_ctx, fsp->fsp_name, &parent_name, NULL)) { return NT_STATUS_NO_MEMORY; } status = open_directory(fsp->conn, NULL, parent_name, &sbuf, FILE_READ_ATTRIBUTES, FILE_SHARE_NONE, FILE_OPEN, 0, INTERNAL_OPEN_ONLY, &info, &parent_fsp); if (!NT_STATUS_IS_OK(status)) { return status; } status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, parent_fsp->fsp_name, DACL_SECURITY_INFORMATION, &parent_sd ); close_file(parent_fsp, NORMAL_CLOSE); if (!NT_STATUS_IS_OK(status)) { return status; } num_aces += parent_sd->dacl->num_aces; if((new_ace = TALLOC_ZERO_ARRAY(mem_ctx, SEC_ACE, num_aces)) == NULL) { return NT_STATUS_NO_MEMORY; } for (i = 0; i < psd->dacl->num_aces; i++) { sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]); } for (j = 0; j < parent_sd->dacl->num_aces; j++) { SEC_ACE *se = &parent_sd->dacl->aces[j]; if (fsp->is_directory) { if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) { DEBUG(10,(""append_parent_acl: directory %s "" ""ignoring non container "" ""inherit flags %u on ACE with sid %s "" ""from parent %s\n"", fsp->fsp_name, (unsigned int)se->flags, sid_string_dbg(&se->trustee), parent_name)); continue; } } else { if (!(se->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) { DEBUG(10,(""append_parent_acl: file %s "" ""ignoring non object "" ""inherit flags %u on ACE with sid %s "" ""from parent %s\n"", fsp->fsp_name, (unsigned int)se->flags, sid_string_dbg(&se->trustee), parent_name)); continue; } } if (is_dacl_protected) { unsigned int k; for (k = 0; k < psd->dacl->num_aces; k++) { if (sid_equal(&psd->dacl->aces[k].trustee, &se->trustee)) { break; } } if (k < psd->dacl->num_aces) { DEBUG(10,(""append_parent_acl: path %s "" ""ignoring ACE with protected sid %s "" ""from parent %s\n"", fsp->fsp_name, sid_string_dbg(&se->trustee), parent_name)); continue; } } sec_ace_copy(&new_ace[i], se); if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT); } new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE; if (fsp->is_directory) { new_ace[i].flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY); if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT| SEC_ACE_FLAG_OBJECT_INHERIT); } } else { new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT| SEC_ACE_FLAG_INHERIT_ONLY| SEC_ACE_FLAG_NO_PROPAGATE_INHERIT); } i++; DEBUG(10,(""append_parent_acl: path %s "" ""inheriting ACE with sid %s "" ""from parent %s\n"", fsp->fsp_name, sid_string_dbg(&se->trustee), parent_name)); } psd->dacl->aces = new_ace; psd->dacl->num_aces = i; psd->type &= ~(SE_DESC_DACL_AUTO_INHERITED| SE_DESC_DACL_AUTO_INHERIT_REQ); *pp_new_sd = psd; return status; }",samba,,,79455376138899541143678297592348822036,0 6147,CWE-190,"void ep2_map(ep2_t p, const uint8_t *msg, int len) { ep2_map_dst(p, msg, len, (const uint8_t *)""RELIC"", 5); }",visit repo url,src/epx/relic_ep2_map.c,https://github.com/relic-toolkit/relic,195498101020598,1 3661,['CWE-264'],"static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags) { int ret; if (unlikely(!out->f_op || !out->f_op->splice_write)) return -EINVAL; if (unlikely(!(out->f_mode & FMODE_WRITE))) return -EBADF; if (unlikely(out->f_flags & O_APPEND)) return -EINVAL; ret = rw_verify_area(WRITE, out, ppos, len); if (unlikely(ret < 0)) return ret; return out->f_op->splice_write(pipe, out, ppos, len, flags); }",linux-2.6,,,326947700520208730444994784152596476625,0 6622,CWE-787,"static int MqttClient_WaitType(MqttClient *client, void *packet_obj, byte wait_type, word16 wait_packet_id, int timeout_ms) { int rc; word16 packet_id; MqttPacketType packet_type; #ifdef WOLFMQTT_MULTITHREAD MqttPendResp *pendResp; int readLocked; #endif MqttMsgStat* mms_stat; int waitMatchFound; if (client == NULL || packet_obj == NULL) { return MQTT_CODE_ERROR_BAD_ARG; } mms_stat = (MqttMsgStat*)packet_obj; wait_again: packet_id = 0; packet_type = MQTT_PACKET_TYPE_RESERVED; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; readLocked = 0; #endif waitMatchFound = 0; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Type %s (%d), ID %d"", MqttPacket_TypeDesc((MqttPacketType)wait_type), wait_type, wait_packet_id); #endif switch ((int)*mms_stat) { case MQTT_MSG_BEGIN: { #ifdef WOLFMQTT_MULTITHREAD rc = wm_SemLock(&client->lockRecv); if (rc != 0) { PRINTF(""MqttClient_WaitType: recv lock error!""); return rc; } readLocked = 1; #endif client->packet.stat = MQTT_PK_BEGIN; } FALL_THROUGH; #ifdef WOLFMQTT_V5 case MQTT_MSG_AUTH: #endif case MQTT_MSG_WAIT: { #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, (MqttPacketType)wait_type, wait_packet_id, &pendResp)) { if (pendResp->packetDone) { rc = pendResp->packet_ret; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp already Done %p: Rc %d"", pendResp, rc); #endif MqttClient_RespList_Remove(client, pendResp); wm_SemUnlock(&client->lockClient); wm_SemUnlock(&client->lockRecv); return rc; } } wm_SemUnlock(&client->lockClient); } else { break; } #endif *mms_stat = MQTT_MSG_WAIT; rc = MqttPacket_Read(client, client->rx_buf, client->rx_buf_len, timeout_ms); if (rc <= 0) { break; } client->packet.buf_len = rc; rc = MqttClient_DecodePacket(client, client->rx_buf, client->packet.buf_len, NULL, &packet_type, NULL, &packet_id); if (rc < 0) { break; } #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""Read Packet: Len %d, Type %d, ID %d"", client->packet.buf_len, packet_type, packet_id); #endif *mms_stat = MQTT_MSG_READ; } FALL_THROUGH; case MQTT_MSG_READ: case MQTT_MSG_READ_PAYLOAD: { MqttPacketType use_packet_type; void* use_packet_obj; #ifdef WOLFMQTT_MULTITHREAD readLocked = 1; #endif if (*mms_stat == MQTT_MSG_READ_PAYLOAD) { packet_type = MQTT_PACKET_TYPE_PUBLISH; } if ((wait_type == MQTT_PACKET_TYPE_ANY || wait_type == packet_type || MqttIsPubRespPacket(packet_type) == MqttIsPubRespPacket(wait_type)) && (wait_packet_id == 0 || wait_packet_id == packet_id)) { use_packet_obj = packet_obj; waitMatchFound = 1; } else { use_packet_obj = &client->msg; } use_packet_type = packet_type; #ifdef WOLFMQTT_MULTITHREAD pendResp = NULL; rc = wm_SemLock(&client->lockClient); if (rc == 0) { if (MqttClient_RespList_Find(client, packet_type, packet_id, &pendResp)) { pendResp->packetProcessing = 1; use_packet_obj = pendResp->packet_obj; use_packet_type = pendResp->packet_type; waitMatchFound = 0; } wm_SemUnlock(&client->lockClient); } else { break; } #endif rc = MqttClient_HandlePacket(client, use_packet_type, use_packet_obj, timeout_ms); #ifdef WOLFMQTT_NONBLOCK if (rc == MQTT_CODE_CONTINUE) { return rc; } #endif if (rc >= 0) { rc = MQTT_CODE_SUCCESS; } #ifdef WOLFMQTT_MULTITHREAD if (pendResp) { if (wm_SemLock(&client->lockClient) == 0) { pendResp->packetDone = 1; pendResp->packet_ret = rc; #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""PendResp Done %p"", pendResp); #endif pendResp = NULL; wm_SemUnlock(&client->lockClient); } } #endif break; } case MQTT_MSG_WRITE: case MQTT_MSG_WRITE_PAYLOAD: default: { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Invalid state %d!"", *mms_stat); #endif rc = MQTT_CODE_ERROR_STAT; break; } } #ifdef WOLFMQTT_NONBLOCK if (rc != MQTT_CODE_CONTINUE) #endif { *mms_stat = MQTT_MSG_BEGIN; } #ifdef WOLFMQTT_MULTITHREAD if (readLocked) { wm_SemUnlock(&client->lockRecv); } #endif if (rc < 0) { #ifdef WOLFMQTT_DEBUG_CLIENT PRINTF(""MqttClient_WaitType: Failure: %s (%d)"", MqttClient_ReturnCodeToString(rc), rc); #endif return rc; } if (!waitMatchFound) { goto wait_again; } return rc; }",visit repo url,src/mqtt_client.c,https://github.com/wolfSSL/wolfMQTT,278703091752165,1 1352,CWE-200,"static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn, struct nlattr *rp) { struct xfrm_replay_state_esn *up; if (!replay_esn || !rp) return 0; up = nla_data(rp); if (xfrm_replay_state_esn_len(replay_esn) != xfrm_replay_state_esn_len(up)) return -EINVAL; return 0; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/torvalds/linux,186640070134332,1 3785,CWE-416,"exec_instructions(ectx_T *ectx) { int ret = FAIL; int save_trylevel_at_start = ectx->ec_trylevel_at_start; int dict_stack_len_at_start = dict_stack.ga_len; ectx->ec_iidx = 0; ectx->ec_trylevel_at_start = trylevel; for (;;) { static int breakcheck_count = 0; isn_T *iptr; typval_T *tv; if (unlikely(++breakcheck_count >= 100)) { line_breakcheck(); breakcheck_count = 0; } if (unlikely(got_int)) { got_int = FALSE; if (throw_exception(""Vim:Interrupt"", ET_INTERRUPT, NULL) == FAIL) goto theend; did_throw = TRUE; } if (unlikely(did_emsg && msg_list != NULL && *msg_list != NULL)) { did_emsg = FALSE; if (throw_exception(*msg_list, ET_ERROR, NULL) == FAIL) goto theend; did_throw = TRUE; *msg_list = NULL; } if (unlikely(did_throw)) { garray_T *trystack = &ectx->ec_trystack; trycmd_T *trycmd = NULL; int index = trystack->ga_len; while (index > 0) { trycmd = ((trycmd_T *)trystack->ga_data) + index - 1; if (!trycmd->tcd_in_catch || trycmd->tcd_finally_idx != 0) break; --index; trycmd = NULL; } if (trycmd != NULL && trycmd->tcd_frame_idx == ectx->ec_frame_idx) { if (trycmd->tcd_in_catch) { ectx->ec_iidx = trycmd->tcd_finally_idx; trycmd->tcd_finally_idx = 0; } else ectx->ec_iidx = trycmd->tcd_catch_idx; trycmd->tcd_in_catch = TRUE; did_throw = FALSE; trycmd->tcd_did_throw = TRUE; } else { if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; tv = STACK_TV_BOT(0); tv->v_type = VAR_NUMBER; tv->vval.v_number = 0; ++ectx->ec_stack.ga_len; if (ectx->ec_frame_idx == ectx->ec_initial_frame_idx) { need_rethrow = TRUE; if (handle_closure_in_use(ectx, FALSE) == FAIL) goto theend; goto done; } if (func_return(ectx) == FAIL) goto theend; } continue; } iptr = &ectx->ec_instr[ectx->ec_iidx++]; switch (iptr->isn_type) { case ISN_EXEC: if (exec_command(iptr) == FAIL) goto on_error; break; case ISN_EXEC_SPLIT: { source_cookie_T cookie; char_u *line; SOURCING_LNUM = iptr->isn_lnum; CLEAR_FIELD(cookie); cookie.sourcing_lnum = iptr->isn_lnum - 1; cookie.nextline = iptr->isn_arg.string; line = get_split_sourceline(0, &cookie, 0, 0); if (do_cmdline(line, get_split_sourceline, &cookie, DOCMD_VERBOSE|DOCMD_NOWAIT|DOCMD_KEYTYPED) == FAIL || did_emsg) { vim_free(line); goto on_error; } vim_free(line); } break; case ISN_EXECRANGE: { exarg_T ea; char *error = NULL; CLEAR_FIELD(ea); ea.cmdidx = CMD_SIZE; ea.addr_type = ADDR_LINES; ea.cmd = iptr->isn_arg.string; parse_cmd_address(&ea, &error, FALSE); if (ea.cmd == NULL) goto on_error; if (error == NULL) error = ex_range_without_command(&ea); if (error != NULL) { SOURCING_LNUM = iptr->isn_lnum; emsg(error); goto on_error; } } break; case ISN_LEGACY_EVAL: { char_u *arg = iptr->isn_arg.string; int res; int save_flags = cmdmod.cmod_flags; if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; tv = STACK_TV_BOT(0); init_tv(tv); cmdmod.cmod_flags |= CMOD_LEGACY; res = eval0(arg, tv, NULL, &EVALARG_EVALUATE); cmdmod.cmod_flags = save_flags; if (res == FAIL) goto on_error; ++ectx->ec_stack.ga_len; } break; case ISN_INSTR: { if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; tv = STACK_TV_BOT(0); tv->vval.v_instr = ALLOC_ONE(instr_T); if (tv->vval.v_instr == NULL) goto on_error; ++ectx->ec_stack.ga_len; tv->v_type = VAR_INSTR; tv->vval.v_instr->instr_ectx = ectx; tv->vval.v_instr->instr_instr = iptr->isn_arg.instr; } break; case ISN_SUBSTITUTE: { subs_T *subs = &iptr->isn_arg.subs; source_cookie_T cookie; struct subs_expr_S *save_instr = substitute_instr; struct subs_expr_S subs_instr; int res; subs_instr.subs_ectx = ectx; subs_instr.subs_instr = subs->subs_instr; subs_instr.subs_status = OK; substitute_instr = &subs_instr; SOURCING_LNUM = iptr->isn_lnum; CLEAR_FIELD(cookie); cookie.sourcing_lnum = iptr->isn_lnum - 1; res = do_cmdline(subs->subs_cmd, getsourceline, &cookie, DOCMD_VERBOSE|DOCMD_NOWAIT|DOCMD_KEYTYPED); substitute_instr = save_instr; if (res == FAIL || did_emsg || subs_instr.subs_status == FAIL) goto on_error; } break; case ISN_FINISH: goto done; case ISN_REDIRSTART: if (alloc_redir_lval() == FAIL) goto on_error; init_redir_ga(); redir_vname = 1; break; case ISN_REDIREND: { char_u *res = get_clear_redir_ga(); clear_redir_lval(); redir_vname = 0; if (GA_GROW_FAILS(&ectx->ec_stack, 1)) { vim_free(res); goto theend; } tv = STACK_TV_BOT(0); tv->v_type = VAR_STRING; tv->vval.v_string = res; ++ectx->ec_stack.ga_len; } break; case ISN_CEXPR_AUCMD: #ifdef FEAT_QUICKFIX if (trigger_cexpr_autocmd(iptr->isn_arg.number) == FAIL) goto on_error; #endif break; case ISN_CEXPR_CORE: #ifdef FEAT_QUICKFIX { exarg_T ea; int res; CLEAR_FIELD(ea); ea.cmdidx = iptr->isn_arg.cexpr.cexpr_ref->cer_cmdidx; ea.forceit = iptr->isn_arg.cexpr.cexpr_ref->cer_forceit; ea.cmdlinep = &iptr->isn_arg.cexpr.cexpr_ref->cer_cmdline; --ectx->ec_stack.ga_len; tv = STACK_TV_BOT(0); res = cexpr_core(&ea, tv); clear_tv(tv); if (res == FAIL) goto on_error; } #endif break; case ISN_EXECCONCAT: { int count = iptr->isn_arg.number; size_t len = 0; int pass; int i; char_u *cmd = NULL; char_u *str; for (pass = 1; pass <= 2; ++pass) { for (i = 0; i < count; ++i) { tv = STACK_TV_BOT(i - count); str = tv->vval.v_string; if (str != NULL && *str != NUL) { if (pass == 2) STRCPY(cmd + len, str); len += STRLEN(str); } if (pass == 2) clear_tv(tv); } if (pass == 1) { cmd = alloc(len + 1); if (unlikely(cmd == NULL)) goto theend; len = 0; } } SOURCING_LNUM = iptr->isn_lnum; do_cmdline_cmd(cmd); vim_free(cmd); } break; case ISN_ECHO: { int count = iptr->isn_arg.echo.echo_count; int atstart = TRUE; int needclr = TRUE; int idx; for (idx = 0; idx < count; ++idx) { tv = STACK_TV_BOT(idx - count); echo_one(tv, iptr->isn_arg.echo.echo_with_white, &atstart, &needclr); clear_tv(tv); } if (needclr) msg_clr_eos(); ectx->ec_stack.ga_len -= count; } break; case ISN_EXECUTE: case ISN_ECHOMSG: case ISN_ECHOCONSOLE: case ISN_ECHOERR: { int count = iptr->isn_arg.number; garray_T ga; char_u buf[NUMBUFLEN]; char_u *p; int len; int failed = FALSE; int idx; ga_init2(&ga, 1, 80); for (idx = 0; idx < count; ++idx) { tv = STACK_TV_BOT(idx - count); if (iptr->isn_type == ISN_EXECUTE) { if (tv->v_type == VAR_CHANNEL || tv->v_type == VAR_JOB) { SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_using_invalid_value_as_string_str), vartype_name(tv->v_type)); break; } else p = tv_get_string_buf(tv, buf); } else p = tv_stringify(tv, buf); len = (int)STRLEN(p); if (GA_GROW_FAILS(&ga, len + 2)) failed = TRUE; else { if (ga.ga_len > 0) ((char_u *)(ga.ga_data))[ga.ga_len++] = ' '; STRCPY((char_u *)(ga.ga_data) + ga.ga_len, p); ga.ga_len += len; } clear_tv(tv); } ectx->ec_stack.ga_len -= count; if (failed) { ga_clear(&ga); goto on_error; } if (ga.ga_data != NULL) { if (iptr->isn_type == ISN_EXECUTE) { SOURCING_LNUM = iptr->isn_lnum; do_cmdline_cmd((char_u *)ga.ga_data); if (did_emsg) { ga_clear(&ga); goto on_error; } } else { msg_sb_eol(); if (iptr->isn_type == ISN_ECHOMSG) { msg_attr(ga.ga_data, echo_attr); out_flush(); } else if (iptr->isn_type == ISN_ECHOCONSOLE) { ui_write(ga.ga_data, (int)STRLEN(ga.ga_data), TRUE); ui_write((char_u *)""\r\n"", 2, TRUE); } else { SOURCING_LNUM = iptr->isn_lnum; emsg(ga.ga_data); } } } ga_clear(&ga); } break; case ISN_LOAD: if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; copy_tv(STACK_TV_VAR(iptr->isn_arg.number), STACK_TV_BOT(0)); ++ectx->ec_stack.ga_len; break; case ISN_LOADV: if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; copy_tv(get_vim_var_tv(iptr->isn_arg.number), STACK_TV_BOT(0)); ++ectx->ec_stack.ga_len; break; case ISN_LOADSCRIPT: { scriptref_T *sref = iptr->isn_arg.script.scriptref; svar_T *sv; sv = get_script_svar(sref, ectx->ec_dfunc_idx); if (sv == NULL) goto theend; allocate_if_null(sv->sv_tv); if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; copy_tv(sv->sv_tv, STACK_TV_BOT(0)); ++ectx->ec_stack.ga_len; } break; case ISN_LOADS: { hashtab_T *ht = &SCRIPT_VARS( iptr->isn_arg.loadstore.ls_sid); char_u *name = iptr->isn_arg.loadstore.ls_name; dictitem_T *di = find_var_in_ht(ht, 0, name, TRUE); if (di == NULL) { SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_undefined_variable_str), name); goto on_error; } else { if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; copy_tv(&di->di_tv, STACK_TV_BOT(0)); ++ectx->ec_stack.ga_len; } } break; case ISN_LOADG: case ISN_LOADB: case ISN_LOADW: case ISN_LOADT: { dictitem_T *di = NULL; hashtab_T *ht = NULL; char namespace; switch (iptr->isn_type) { case ISN_LOADG: ht = get_globvar_ht(); namespace = 'g'; break; case ISN_LOADB: ht = &curbuf->b_vars->dv_hashtab; namespace = 'b'; break; case ISN_LOADW: ht = &curwin->w_vars->dv_hashtab; namespace = 'w'; break; case ISN_LOADT: ht = &curtab->tp_vars->dv_hashtab; namespace = 't'; break; default: goto theend; } di = find_var_in_ht(ht, 0, iptr->isn_arg.string, TRUE); if (di == NULL) { SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_undefined_variable_char_str), namespace, iptr->isn_arg.string); goto on_error; } else { if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; copy_tv(&di->di_tv, STACK_TV_BOT(0)); ++ectx->ec_stack.ga_len; } } break; case ISN_LOADAUTO: { char_u *name = iptr->isn_arg.string; if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; SOURCING_LNUM = iptr->isn_lnum; if (eval_variable(name, (int)STRLEN(name), STACK_TV_BOT(0), NULL, EVAL_VAR_VERBOSE) == FAIL) goto on_error; ++ectx->ec_stack.ga_len; } break; case ISN_LOADGDICT: case ISN_LOADBDICT: case ISN_LOADWDICT: case ISN_LOADTDICT: { dict_T *d = NULL; switch (iptr->isn_type) { case ISN_LOADGDICT: d = get_globvar_dict(); break; case ISN_LOADBDICT: d = curbuf->b_vars; break; case ISN_LOADWDICT: d = curwin->w_vars; break; case ISN_LOADTDICT: d = curtab->tp_vars; break; default: goto theend; } if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; tv = STACK_TV_BOT(0); tv->v_type = VAR_DICT; tv->v_lock = 0; tv->vval.v_dict = d; ++d->dv_refcount; ++ectx->ec_stack.ga_len; } break; case ISN_LOADOPT: { typval_T optval; char_u *name = iptr->isn_arg.string; if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; if (eval_option(&name, &optval, TRUE) == FAIL) goto theend; *STACK_TV_BOT(0) = optval; ++ectx->ec_stack.ga_len; } break; case ISN_LOADENV: { typval_T optval; char_u *name = iptr->isn_arg.string; if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; (void)eval_env_var(&name, &optval, TRUE); *STACK_TV_BOT(0) = optval; ++ectx->ec_stack.ga_len; } break; case ISN_LOADREG: if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; tv = STACK_TV_BOT(0); tv->v_type = VAR_STRING; tv->v_lock = 0; tv->vval.v_string = get_reg_contents( iptr->isn_arg.number, GREG_EXPR_SRC); ++ectx->ec_stack.ga_len; break; case ISN_STORE: --ectx->ec_stack.ga_len; tv = STACK_TV_VAR(iptr->isn_arg.number); clear_tv(tv); *tv = *STACK_TV_BOT(0); break; case ISN_STORES: { hashtab_T *ht = &SCRIPT_VARS( iptr->isn_arg.loadstore.ls_sid); char_u *name = iptr->isn_arg.loadstore.ls_name; dictitem_T *di = find_var_in_ht(ht, 0, name + 2, TRUE); --ectx->ec_stack.ga_len; if (di == NULL) store_var(name, STACK_TV_BOT(0)); else { SOURCING_LNUM = iptr->isn_lnum; if (var_check_permission(di, name) == FAIL) { clear_tv(STACK_TV_BOT(0)); goto on_error; } clear_tv(&di->di_tv); di->di_tv = *STACK_TV_BOT(0); } } break; case ISN_STORESCRIPT: { scriptref_T *sref = iptr->isn_arg.script.scriptref; svar_T *sv; sv = get_script_svar(sref, ectx->ec_dfunc_idx); if (sv == NULL) goto theend; --ectx->ec_stack.ga_len; SOURCING_LNUM = iptr->isn_lnum; if (value_check_lock(sv->sv_tv->v_lock, sv->sv_name, FALSE)) { clear_tv(STACK_TV_BOT(0)); goto on_error; } clear_tv(sv->sv_tv); *sv->sv_tv = *STACK_TV_BOT(0); } break; case ISN_STOREOPT: case ISN_STOREFUNCOPT: { char_u *opt_name = iptr->isn_arg.storeopt.so_name; int opt_flags = iptr->isn_arg.storeopt.so_flags; long n = 0; char_u *s = NULL; char *msg; char_u numbuf[NUMBUFLEN]; char_u *tofree = NULL; --ectx->ec_stack.ga_len; tv = STACK_TV_BOT(0); if (tv->v_type == VAR_STRING) { s = tv->vval.v_string; if (s == NULL) s = (char_u *)""""; } else if (iptr->isn_type == ISN_STOREFUNCOPT) { SOURCING_LNUM = iptr->isn_lnum; s = tv2string(tv, &tofree, numbuf, 0); if (s == NULL || *s == NUL) { clear_tv(tv); goto on_error; } } else n = tv->vval.v_number; msg = set_option_value(opt_name, n, s, opt_flags); clear_tv(tv); vim_free(tofree); if (msg != NULL) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(msg)); goto on_error; } } break; case ISN_STOREENV: --ectx->ec_stack.ga_len; tv = STACK_TV_BOT(0); vim_setenv_ext(iptr->isn_arg.string, tv_get_string(tv)); clear_tv(tv); break; case ISN_STOREREG: { int reg = iptr->isn_arg.number; --ectx->ec_stack.ga_len; tv = STACK_TV_BOT(0); write_reg_contents(reg, tv_get_string(tv), -1, FALSE); clear_tv(tv); } break; case ISN_STOREV: --ectx->ec_stack.ga_len; if (set_vim_var_tv(iptr->isn_arg.number, STACK_TV_BOT(0)) == FAIL) goto on_error; break; case ISN_STOREG: case ISN_STOREB: case ISN_STOREW: case ISN_STORET: { dictitem_T *di; hashtab_T *ht; char_u *name = iptr->isn_arg.string + 2; switch (iptr->isn_type) { case ISN_STOREG: ht = get_globvar_ht(); break; case ISN_STOREB: ht = &curbuf->b_vars->dv_hashtab; break; case ISN_STOREW: ht = &curwin->w_vars->dv_hashtab; break; case ISN_STORET: ht = &curtab->tp_vars->dv_hashtab; break; default: goto theend; } --ectx->ec_stack.ga_len; di = find_var_in_ht(ht, 0, name, TRUE); if (di == NULL) store_var(iptr->isn_arg.string, STACK_TV_BOT(0)); else { SOURCING_LNUM = iptr->isn_lnum; if (var_check_permission(di, name) == FAIL) goto on_error; clear_tv(&di->di_tv); di->di_tv = *STACK_TV_BOT(0); } } break; case ISN_STOREAUTO: SOURCING_LNUM = iptr->isn_lnum; set_var(iptr->isn_arg.string, STACK_TV_BOT(-1), TRUE); clear_tv(STACK_TV_BOT(-1)); --ectx->ec_stack.ga_len; break; case ISN_STORENR: tv = STACK_TV_VAR(iptr->isn_arg.storenr.stnr_idx); clear_tv(tv); tv->v_type = VAR_NUMBER; tv->vval.v_number = iptr->isn_arg.storenr.stnr_val; break; case ISN_STOREINDEX: { vartype_T dest_type = iptr->isn_arg.vartype; typval_T *tv_idx = STACK_TV_BOT(-2); typval_T *tv_dest = STACK_TV_BOT(-1); int status = OK; tv = STACK_TV_BOT(-3); SOURCING_LNUM = iptr->isn_lnum; if (dest_type == VAR_ANY) { dest_type = tv_dest->v_type; if (dest_type == VAR_DICT) status = do_2string(tv_idx, TRUE, FALSE); else if (dest_type == VAR_LIST && tv_idx->v_type != VAR_NUMBER) { emsg(_(e_number_expected)); status = FAIL; } } else if (dest_type != tv_dest->v_type) { semsg(_(e_expected_str_but_got_str), vartype_name(dest_type), vartype_name(tv_dest->v_type)); status = FAIL; } if (status == OK && dest_type == VAR_LIST) { long lidx = (long)tv_idx->vval.v_number; list_T *list = tv_dest->vval.v_list; if (list == NULL) { emsg(_(e_list_not_set)); goto on_error; } if (lidx < 0 && list->lv_len + lidx >= 0) lidx = list->lv_len + lidx; if (lidx < 0 || lidx > list->lv_len) { semsg(_(e_listidx), lidx); goto on_error; } if (lidx < list->lv_len) { listitem_T *li = list_find(list, lidx); if (error_if_locked(li->li_tv.v_lock, e_cannot_change_list_item)) goto on_error; clear_tv(&li->li_tv); li->li_tv = *tv; } else { if (error_if_locked(list->lv_lock, e_cannot_change_list)) goto on_error; if (list_append_tv(list, tv) == FAIL) goto theend; clear_tv(tv); } } else if (status == OK && dest_type == VAR_DICT) { char_u *key = tv_idx->vval.v_string; dict_T *dict = tv_dest->vval.v_dict; dictitem_T *di; SOURCING_LNUM = iptr->isn_lnum; if (dict == NULL) { emsg(_(e_dictionary_not_set)); goto on_error; } if (key == NULL) key = (char_u *)""""; di = dict_find(dict, key, -1); if (di != NULL) { if (error_if_locked(di->di_tv.v_lock, e_cannot_change_dict_item)) goto on_error; clear_tv(&di->di_tv); di->di_tv = *tv; } else { if (error_if_locked(dict->dv_lock, e_cannot_change_dict)) goto on_error; if (dict_add_tv(dict, (char *)key, tv) == FAIL) goto theend; clear_tv(tv); } } else if (status == OK && dest_type == VAR_BLOB) { long lidx = (long)tv_idx->vval.v_number; blob_T *blob = tv_dest->vval.v_blob; varnumber_T nr; int error = FALSE; int len; if (blob == NULL) { emsg(_(e_blob_not_set)); goto on_error; } len = blob_len(blob); if (lidx < 0 && len + lidx >= 0) lidx = len + lidx; if (lidx < 0 || lidx > len) { semsg(_(e_blobidx), lidx); goto on_error; } if (value_check_lock(blob->bv_lock, (char_u *)""blob"", FALSE)) goto on_error; nr = tv_get_number_chk(tv, &error); if (error) goto on_error; blob_set_append(blob, lidx, nr); } else { status = FAIL; semsg(_(e_cannot_index_str), vartype_name(dest_type)); } clear_tv(tv_idx); clear_tv(tv_dest); ectx->ec_stack.ga_len -= 3; if (status == FAIL) { clear_tv(tv); goto on_error; } } break; case ISN_STORERANGE: { typval_T *tv_idx1 = STACK_TV_BOT(-3); typval_T *tv_idx2 = STACK_TV_BOT(-2); typval_T *tv_dest = STACK_TV_BOT(-1); int status = OK; tv = STACK_TV_BOT(-4); if (tv_dest->v_type == VAR_LIST) { long n1; long n2; int error = FALSE; SOURCING_LNUM = iptr->isn_lnum; n1 = (long)tv_get_number_chk(tv_idx1, &error); if (error) status = FAIL; else { if (tv_idx2->v_type == VAR_SPECIAL && tv_idx2->vval.v_number == VVAL_NONE) n2 = list_len(tv_dest->vval.v_list) - 1; else n2 = (long)tv_get_number_chk(tv_idx2, &error); if (error) status = FAIL; else { listitem_T *li1 = check_range_index_one( tv_dest->vval.v_list, &n1, FALSE); if (li1 == NULL) status = FAIL; else { status = check_range_index_two( tv_dest->vval.v_list, &n1, li1, &n2, FALSE); if (status != FAIL) status = list_assign_range( tv_dest->vval.v_list, tv->vval.v_list, n1, n2, tv_idx2->v_type == VAR_SPECIAL, (char_u *)""="", (char_u *)""[unknown]""); } } } } else if (tv_dest->v_type == VAR_BLOB) { varnumber_T n1; varnumber_T n2; int error = FALSE; n1 = tv_get_number_chk(tv_idx1, &error); if (error) status = FAIL; else { if (tv_idx2->v_type == VAR_SPECIAL && tv_idx2->vval.v_number == VVAL_NONE) n2 = blob_len(tv_dest->vval.v_blob) - 1; else n2 = tv_get_number_chk(tv_idx2, &error); if (error) status = FAIL; else { long bloblen = blob_len(tv_dest->vval.v_blob); if (check_blob_index(bloblen, n1, FALSE) == FAIL || check_blob_range(bloblen, n1, n2, FALSE) == FAIL) status = FAIL; else status = blob_set_range( tv_dest->vval.v_blob, n1, n2, tv); } } } else { status = FAIL; emsg(_(e_blob_required)); } clear_tv(tv_idx1); clear_tv(tv_idx2); clear_tv(tv_dest); ectx->ec_stack.ga_len -= 4; clear_tv(tv); if (status == FAIL) goto on_error; } break; case ISN_LOADOUTER: case ISN_STOREOUTER: { int depth = iptr->isn_arg.outer.outer_depth; outer_T *outer = ectx->ec_outer_ref == NULL ? NULL : ectx->ec_outer_ref->or_outer; while (depth > 1 && outer != NULL) { outer = outer->out_up; --depth; } if (outer == NULL) { SOURCING_LNUM = iptr->isn_lnum; if (ectx->ec_frame_idx == ectx->ec_initial_frame_idx || ectx->ec_outer_ref == NULL) emsg(_(e_closure_called_from_invalid_context)); else iemsg(""LOADOUTER depth more than scope levels""); goto theend; } tv = ((typval_T *)outer->out_stack->ga_data) + outer->out_frame_idx + STACK_FRAME_SIZE + iptr->isn_arg.outer.outer_idx; if (iptr->isn_type == ISN_LOADOUTER) { if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; copy_tv(tv, STACK_TV_BOT(0)); ++ectx->ec_stack.ga_len; } else { --ectx->ec_stack.ga_len; clear_tv(tv); *tv = *STACK_TV_BOT(0); } } break; case ISN_UNLETINDEX: { typval_T *tv_idx = STACK_TV_BOT(-2); typval_T *tv_dest = STACK_TV_BOT(-1); int status = OK; if (tv_dest->v_type == VAR_DICT) { if (tv_idx->v_type != VAR_STRING) { SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_expected_str_but_got_str), vartype_name(VAR_STRING), vartype_name(tv_idx->v_type)); status = FAIL; } else { dict_T *d = tv_dest->vval.v_dict; char_u *key = tv_idx->vval.v_string; dictitem_T *di = NULL; if (d != NULL && value_check_lock( d->dv_lock, NULL, FALSE)) status = FAIL; else { SOURCING_LNUM = iptr->isn_lnum; if (key == NULL) key = (char_u *)""""; if (d != NULL) di = dict_find(d, key, (int)STRLEN(key)); if (di == NULL) { semsg(_(e_dictkey), key); status = FAIL; } else if (var_check_fixed(di->di_flags, NULL, FALSE) || var_check_ro(di->di_flags, NULL, FALSE)) status = FAIL; else dictitem_remove(d, di); } } } else if (tv_dest->v_type == VAR_LIST) { SOURCING_LNUM = iptr->isn_lnum; if (check_for_number(tv_idx) == FAIL) { status = FAIL; } else { list_T *l = tv_dest->vval.v_list; long n = (long)tv_idx->vval.v_number; if (l != NULL && value_check_lock( l->lv_lock, NULL, FALSE)) status = FAIL; else { listitem_T *li = list_find(l, n); if (li == NULL) { SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_listidx), n); status = FAIL; } else if (value_check_lock(li->li_tv.v_lock, NULL, FALSE)) status = FAIL; else listitem_remove(l, li); } } } else { status = FAIL; semsg(_(e_cannot_index_str), vartype_name(tv_dest->v_type)); } clear_tv(tv_idx); clear_tv(tv_dest); ectx->ec_stack.ga_len -= 2; if (status == FAIL) goto on_error; } break; case ISN_UNLETRANGE: { typval_T *tv_idx1 = STACK_TV_BOT(-3); typval_T *tv_idx2 = STACK_TV_BOT(-2); typval_T *tv_dest = STACK_TV_BOT(-1); int status = OK; if (tv_dest->v_type == VAR_LIST) { SOURCING_LNUM = iptr->isn_lnum; if (check_for_number(tv_idx1) == FAIL || (tv_idx2->v_type != VAR_SPECIAL && check_for_number(tv_idx2) == FAIL)) { status = FAIL; } else { list_T *l = tv_dest->vval.v_list; long n1 = (long)tv_idx1->vval.v_number; long n2 = tv_idx2->v_type == VAR_SPECIAL ? 0 : (long)tv_idx2->vval.v_number; listitem_T *li; li = list_find_index(l, &n1); if (li == NULL) status = FAIL; else { if (n1 < 0) n1 = list_idx_of_item(l, li); if (n2 < 0) { listitem_T *li2 = list_find(l, n2); if (li2 == NULL) status = FAIL; else n2 = list_idx_of_item(l, li2); } if (status != FAIL && tv_idx2->v_type != VAR_SPECIAL && n2 < n1) { semsg(_(e_listidx), n2); status = FAIL; } if (status != FAIL && list_unlet_range(l, li, NULL, n1, tv_idx2->v_type != VAR_SPECIAL, n2) == FAIL) status = FAIL; } } } else { status = FAIL; SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_cannot_index_str), vartype_name(tv_dest->v_type)); } clear_tv(tv_idx1); clear_tv(tv_idx2); clear_tv(tv_dest); ectx->ec_stack.ga_len -= 3; if (status == FAIL) goto on_error; } break; case ISN_PUSHNR: case ISN_PUSHBOOL: case ISN_PUSHSPEC: case ISN_PUSHF: case ISN_PUSHS: case ISN_PUSHBLOB: case ISN_PUSHFUNC: case ISN_PUSHCHANNEL: case ISN_PUSHJOB: if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; tv = STACK_TV_BOT(0); tv->v_lock = 0; ++ectx->ec_stack.ga_len; switch (iptr->isn_type) { case ISN_PUSHNR: tv->v_type = VAR_NUMBER; tv->vval.v_number = iptr->isn_arg.number; break; case ISN_PUSHBOOL: tv->v_type = VAR_BOOL; tv->vval.v_number = iptr->isn_arg.number; break; case ISN_PUSHSPEC: tv->v_type = VAR_SPECIAL; tv->vval.v_number = iptr->isn_arg.number; break; #ifdef FEAT_FLOAT case ISN_PUSHF: tv->v_type = VAR_FLOAT; tv->vval.v_float = iptr->isn_arg.fnumber; break; #endif case ISN_PUSHBLOB: blob_copy(iptr->isn_arg.blob, tv); break; case ISN_PUSHFUNC: tv->v_type = VAR_FUNC; if (iptr->isn_arg.string == NULL) tv->vval.v_string = NULL; else tv->vval.v_string = vim_strsave(iptr->isn_arg.string); break; case ISN_PUSHCHANNEL: #ifdef FEAT_JOB_CHANNEL tv->v_type = VAR_CHANNEL; tv->vval.v_channel = iptr->isn_arg.channel; if (tv->vval.v_channel != NULL) ++tv->vval.v_channel->ch_refcount; #endif break; case ISN_PUSHJOB: #ifdef FEAT_JOB_CHANNEL tv->v_type = VAR_JOB; tv->vval.v_job = iptr->isn_arg.job; if (tv->vval.v_job != NULL) ++tv->vval.v_job->jv_refcount; #endif break; default: tv->v_type = VAR_STRING; tv->vval.v_string = vim_strsave( iptr->isn_arg.string == NULL ? (char_u *)"""" : iptr->isn_arg.string); } break; case ISN_UNLET: if (do_unlet(iptr->isn_arg.unlet.ul_name, iptr->isn_arg.unlet.ul_forceit) == FAIL) goto on_error; break; case ISN_UNLETENV: vim_unsetenv(iptr->isn_arg.unlet.ul_name); break; case ISN_LOCKUNLOCK: { typval_T *lval_root_save = lval_root; int res; --ectx->ec_stack.ga_len; lval_root = STACK_TV_BOT(0); res = exec_command(iptr); clear_tv(lval_root); lval_root = lval_root_save; if (res == FAIL) goto on_error; } break; case ISN_LOCKCONST: item_lock(STACK_TV_BOT(-1), 100, TRUE, TRUE); break; case ISN_NEWLIST: if (exe_newlist(iptr->isn_arg.number, ectx) == FAIL) goto theend; break; case ISN_NEWDICT: { int count = iptr->isn_arg.number; dict_T *dict = dict_alloc(); dictitem_T *item; char_u *key; int idx; if (unlikely(dict == NULL)) goto theend; for (idx = 0; idx < count; ++idx) { tv = STACK_TV_BOT(2 * (idx - count)); key = tv->vval.v_string == NULL ? (char_u *)"""" : tv->vval.v_string; item = dict_find(dict, key, -1); if (item != NULL) { SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_duplicate_key), key); dict_unref(dict); goto on_error; } item = dictitem_alloc(key); clear_tv(tv); if (unlikely(item == NULL)) { dict_unref(dict); goto theend; } item->di_tv = *STACK_TV_BOT(2 * (idx - count) + 1); item->di_tv.v_lock = 0; if (dict_add(dict, item) == FAIL) { dict_unref(dict); goto theend; } } if (count > 0) ectx->ec_stack.ga_len -= 2 * count - 1; else if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; else ++ectx->ec_stack.ga_len; tv = STACK_TV_BOT(-1); tv->v_type = VAR_DICT; tv->v_lock = 0; tv->vval.v_dict = dict; ++dict->dv_refcount; } break; case ISN_DCALL: SOURCING_LNUM = iptr->isn_lnum; if (call_dfunc(iptr->isn_arg.dfunc.cdf_idx, NULL, iptr->isn_arg.dfunc.cdf_argcount, ectx) == FAIL) goto on_error; break; case ISN_BCALL: SOURCING_LNUM = iptr->isn_lnum; if (call_bfunc(iptr->isn_arg.bfunc.cbf_idx, iptr->isn_arg.bfunc.cbf_argcount, ectx) == FAIL) goto on_error; break; case ISN_PCALL: { cpfunc_T *pfunc = &iptr->isn_arg.pfunc; int r; typval_T partial_tv; SOURCING_LNUM = iptr->isn_lnum; if (pfunc->cpf_top) { tv = STACK_TV_BOT(-pfunc->cpf_argcount - 1); } else { --ectx->ec_stack.ga_len; partial_tv = *STACK_TV_BOT(0); tv = &partial_tv; } r = call_partial(tv, pfunc->cpf_argcount, ectx); if (tv == &partial_tv) clear_tv(&partial_tv); if (r == FAIL) goto on_error; } break; case ISN_PCALL_END: --ectx->ec_stack.ga_len; clear_tv(STACK_TV_BOT(-1)); *STACK_TV_BOT(-1) = *STACK_TV_BOT(0); break; case ISN_UCALL: { cufunc_T *cufunc = &iptr->isn_arg.ufunc; SOURCING_LNUM = iptr->isn_lnum; if (call_eval_func(cufunc->cuf_name, cufunc->cuf_argcount, ectx, iptr) == FAIL) goto on_error; } break; case ISN_RETURN_VOID: if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; tv = STACK_TV_BOT(0); ++ectx->ec_stack.ga_len; tv->v_type = VAR_VOID; tv->vval.v_number = 0; tv->v_lock = 0; case ISN_RETURN: { garray_T *trystack = &ectx->ec_trystack; trycmd_T *trycmd = NULL; if (trystack->ga_len > 0) trycmd = ((trycmd_T *)trystack->ga_data) + trystack->ga_len - 1; if (trycmd != NULL && trycmd->tcd_frame_idx == ectx->ec_frame_idx) { if (trycmd->tcd_finally_idx != 0) ectx->ec_iidx = trycmd->tcd_finally_idx; else ectx->ec_iidx = trycmd->tcd_endtry_idx; trycmd->tcd_return = TRUE; } else goto func_return; } break; case ISN_FUNCREF: { partial_T *pt = ALLOC_CLEAR_ONE(partial_T); ufunc_T *ufunc; funcref_T *funcref = &iptr->isn_arg.funcref; if (pt == NULL) goto theend; if (GA_GROW_FAILS(&ectx->ec_stack, 1)) { vim_free(pt); goto theend; } if (funcref->fr_func_name == NULL) { dfunc_T *pt_dfunc = ((dfunc_T *)def_functions.ga_data) + funcref->fr_dfunc_idx; ufunc = pt_dfunc->df_ufunc; } else { ufunc = find_func(funcref->fr_func_name, FALSE, NULL); } if (ufunc == NULL) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_function_reference_invalid)); goto theend; } if (fill_partial_and_closure(pt, ufunc, ectx) == FAIL) goto theend; tv = STACK_TV_BOT(0); ++ectx->ec_stack.ga_len; tv->vval.v_partial = pt; tv->v_type = VAR_PARTIAL; tv->v_lock = 0; } break; case ISN_NEWFUNC: { newfunc_T *newfunc = &iptr->isn_arg.newfunc; if (copy_func(newfunc->nf_lambda, newfunc->nf_global, ectx) == FAIL) goto theend; } break; case ISN_DEF: if (iptr->isn_arg.string == NULL) list_functions(NULL); else { exarg_T ea; CLEAR_FIELD(ea); ea.cmd = ea.arg = iptr->isn_arg.string; define_function(&ea, NULL); } break; case ISN_JUMP: { jumpwhen_T when = iptr->isn_arg.jump.jump_when; int error = FALSE; int jump = TRUE; if (when != JUMP_ALWAYS) { tv = STACK_TV_BOT(-1); if (when == JUMP_IF_COND_FALSE || when == JUMP_IF_FALSE || when == JUMP_IF_COND_TRUE) { SOURCING_LNUM = iptr->isn_lnum; jump = tv_get_bool_chk(tv, &error); if (error) goto on_error; } else jump = tv2bool(tv); if (when == JUMP_IF_FALSE || when == JUMP_AND_KEEP_IF_FALSE || when == JUMP_IF_COND_FALSE) jump = !jump; if (when == JUMP_IF_FALSE || !jump) { clear_tv(tv); --ectx->ec_stack.ga_len; } } if (jump) ectx->ec_iidx = iptr->isn_arg.jump.jump_where; } break; case ISN_JUMP_IF_ARG_SET: tv = STACK_TV_VAR(iptr->isn_arg.jumparg.jump_arg_off); if (tv->v_type != VAR_UNKNOWN && !(tv->v_type == VAR_SPECIAL && tv->vval.v_number == VVAL_NONE)) ectx->ec_iidx = iptr->isn_arg.jumparg.jump_where; break; case ISN_FOR: { typval_T *ltv = STACK_TV_BOT(-1); typval_T *idxtv = STACK_TV_VAR(iptr->isn_arg.forloop.for_idx); if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; if (ltv->v_type == VAR_LIST) { list_T *list = ltv->vval.v_list; ++idxtv->vval.v_number; if (list == NULL || idxtv->vval.v_number >= list->lv_len) { ectx->ec_iidx = iptr->isn_arg.forloop.for_end; may_restore_cmdmod(&ectx->ec_funclocal); } else if (list->lv_first == &range_list_item) { tv = STACK_TV_BOT(0); tv->v_type = VAR_NUMBER; tv->v_lock = 0; tv->vval.v_number = list_find_nr( list, idxtv->vval.v_number, NULL); ++ectx->ec_stack.ga_len; } else { listitem_T *li = list_find(list, idxtv->vval.v_number); copy_tv(&li->li_tv, STACK_TV_BOT(0)); ++ectx->ec_stack.ga_len; } } else if (ltv->v_type == VAR_STRING) { char_u *str = ltv->vval.v_string; ++idxtv->vval.v_number; if (str == NULL || str[idxtv->vval.v_number] == NUL) { ectx->ec_iidx = iptr->isn_arg.forloop.for_end; may_restore_cmdmod(&ectx->ec_funclocal); } else { int clen = mb_ptr2len(str + idxtv->vval.v_number); tv = STACK_TV_BOT(0); tv->v_type = VAR_STRING; tv->vval.v_string = vim_strnsave( str + idxtv->vval.v_number, clen); ++ectx->ec_stack.ga_len; idxtv->vval.v_number += clen - 1; } } else if (ltv->v_type == VAR_BLOB) { blob_T *blob = ltv->vval.v_blob; if (idxtv->vval.v_number == -1 && blob != NULL) { blob_copy(blob, ltv); blob_unref(blob); blob = ltv->vval.v_blob; } ++idxtv->vval.v_number; if (blob == NULL || idxtv->vval.v_number >= blob_len(blob)) { ectx->ec_iidx = iptr->isn_arg.forloop.for_end; may_restore_cmdmod(&ectx->ec_funclocal); } else { tv = STACK_TV_BOT(0); tv->v_type = VAR_NUMBER; tv->vval.v_number = blob_get(blob, idxtv->vval.v_number); ++ectx->ec_stack.ga_len; } } else { semsg(_(e_for_loop_on_str_not_supported), vartype_name(ltv->v_type)); goto theend; } } break; case ISN_TRY: { trycmd_T *trycmd = NULL; if (GA_GROW_FAILS(&ectx->ec_trystack, 1)) goto theend; trycmd = ((trycmd_T *)ectx->ec_trystack.ga_data) + ectx->ec_trystack.ga_len; ++ectx->ec_trystack.ga_len; ++trylevel; CLEAR_POINTER(trycmd); trycmd->tcd_frame_idx = ectx->ec_frame_idx; trycmd->tcd_stack_len = ectx->ec_stack.ga_len; trycmd->tcd_catch_idx = iptr->isn_arg.tryref.try_ref->try_catch; trycmd->tcd_finally_idx = iptr->isn_arg.tryref.try_ref->try_finally; trycmd->tcd_endtry_idx = iptr->isn_arg.tryref.try_ref->try_endtry; } break; case ISN_PUSHEXC: if (current_exception == NULL) { SOURCING_LNUM = iptr->isn_lnum; iemsg(""Evaluating catch while current_exception is NULL""); goto theend; } if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; tv = STACK_TV_BOT(0); ++ectx->ec_stack.ga_len; tv->v_type = VAR_STRING; tv->v_lock = 0; tv->vval.v_string = vim_strsave( (char_u *)current_exception->value); break; case ISN_CATCH: { garray_T *trystack = &ectx->ec_trystack; may_restore_cmdmod(&ectx->ec_funclocal); if (trystack->ga_len > 0) { trycmd_T *trycmd = ((trycmd_T *)trystack->ga_data) + trystack->ga_len - 1; trycmd->tcd_caught = TRUE; trycmd->tcd_did_throw = FALSE; } did_emsg = got_int = did_throw = FALSE; force_abort = need_rethrow = FALSE; catch_exception(current_exception); } break; case ISN_TRYCONT: { garray_T *trystack = &ectx->ec_trystack; trycont_T *trycont = &iptr->isn_arg.trycont; int i; trycmd_T *trycmd; int iidx = trycont->tct_where; if (trystack->ga_len < trycont->tct_levels) { siemsg(""TRYCONT: expected %d levels, found %d"", trycont->tct_levels, trystack->ga_len); goto theend; } for (i = trycont->tct_levels; i > 0; --i) { trycmd = ((trycmd_T *)trystack->ga_data) + trystack->ga_len - i; trycmd->tcd_cont = iidx + 1; iidx = trycmd->tcd_finally_idx == 0 ? trycmd->tcd_endtry_idx : trycmd->tcd_finally_idx; } ectx->ec_iidx = iidx; } break; case ISN_FINALLY: { garray_T *trystack = &ectx->ec_trystack; trycmd_T *trycmd = ((trycmd_T *)trystack->ga_data) + trystack->ga_len - 1; trycmd->tcd_finally_idx = 0; break; } case ISN_ENDTRY: { garray_T *trystack = &ectx->ec_trystack; if (trystack->ga_len > 0) { trycmd_T *trycmd; --trystack->ga_len; --trylevel; trycmd = ((trycmd_T *)trystack->ga_data) + trystack->ga_len; if (trycmd->tcd_did_throw) did_throw = TRUE; if (trycmd->tcd_caught && current_exception != NULL) { if (caught_stack == current_exception) caught_stack = caught_stack->caught; discard_current_exception(); } if (trycmd->tcd_return) goto func_return; while (ectx->ec_stack.ga_len > trycmd->tcd_stack_len) { --ectx->ec_stack.ga_len; clear_tv(STACK_TV_BOT(0)); } if (trycmd->tcd_cont != 0) ectx->ec_iidx = trycmd->tcd_cont - 1; } } break; case ISN_THROW: { garray_T *trystack = &ectx->ec_trystack; if (trystack->ga_len == 0 && trylevel == 0 && emsg_silent) { tv = STACK_TV_BOT(-1); clear_tv(tv); tv->v_type = VAR_NUMBER; tv->vval.v_number = 0; goto done; } --ectx->ec_stack.ga_len; tv = STACK_TV_BOT(0); if (tv->vval.v_string == NULL || *skipwhite(tv->vval.v_string) == NUL) { vim_free(tv->vval.v_string); SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_throw_with_empty_string)); goto theend; } if (trystack->ga_len > 0) { trycmd_T *trycmd = ((trycmd_T *)trystack->ga_data) + trystack->ga_len - 1; if (trycmd->tcd_caught && current_exception != NULL) { if (caught_stack == current_exception) caught_stack = caught_stack->caught; discard_current_exception(); trycmd->tcd_caught = FALSE; } } if (throw_exception(tv->vval.v_string, ET_USER, NULL) == FAIL) { vim_free(tv->vval.v_string); goto theend; } did_throw = TRUE; } break; case ISN_COMPAREBOOL: case ISN_COMPARESPECIAL: { typval_T *tv1 = STACK_TV_BOT(-2); typval_T *tv2 = STACK_TV_BOT(-1); varnumber_T arg1 = tv1->vval.v_number; varnumber_T arg2 = tv2->vval.v_number; int res; switch (iptr->isn_arg.op.op_type) { case EXPR_EQUAL: res = arg1 == arg2; break; case EXPR_NEQUAL: res = arg1 != arg2; break; default: res = 0; break; } --ectx->ec_stack.ga_len; tv1->v_type = VAR_BOOL; tv1->vval.v_number = res ? VVAL_TRUE : VVAL_FALSE; } break; case ISN_OPNR: case ISN_COMPARENR: { typval_T *tv1 = STACK_TV_BOT(-2); typval_T *tv2 = STACK_TV_BOT(-1); varnumber_T arg1 = tv1->vval.v_number; varnumber_T arg2 = tv2->vval.v_number; varnumber_T res = 0; int div_zero = FALSE; switch (iptr->isn_arg.op.op_type) { case EXPR_MULT: res = arg1 * arg2; break; case EXPR_DIV: if (arg2 == 0) div_zero = TRUE; else res = arg1 / arg2; break; case EXPR_REM: if (arg2 == 0) div_zero = TRUE; else res = arg1 % arg2; break; case EXPR_SUB: res = arg1 - arg2; break; case EXPR_ADD: res = arg1 + arg2; break; case EXPR_EQUAL: res = arg1 == arg2; break; case EXPR_NEQUAL: res = arg1 != arg2; break; case EXPR_GREATER: res = arg1 > arg2; break; case EXPR_GEQUAL: res = arg1 >= arg2; break; case EXPR_SMALLER: res = arg1 < arg2; break; case EXPR_SEQUAL: res = arg1 <= arg2; break; default: break; } --ectx->ec_stack.ga_len; if (iptr->isn_type == ISN_COMPARENR) { tv1->v_type = VAR_BOOL; tv1->vval.v_number = res ? VVAL_TRUE : VVAL_FALSE; } else tv1->vval.v_number = res; if (div_zero) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_divide_by_zero)); goto on_error; } } break; case ISN_OPFLOAT: case ISN_COMPAREFLOAT: #ifdef FEAT_FLOAT { typval_T *tv1 = STACK_TV_BOT(-2); typval_T *tv2 = STACK_TV_BOT(-1); float_T arg1 = tv1->vval.v_float; float_T arg2 = tv2->vval.v_float; float_T res = 0; int cmp = FALSE; switch (iptr->isn_arg.op.op_type) { case EXPR_MULT: res = arg1 * arg2; break; case EXPR_DIV: res = arg1 / arg2; break; case EXPR_SUB: res = arg1 - arg2; break; case EXPR_ADD: res = arg1 + arg2; break; case EXPR_EQUAL: cmp = arg1 == arg2; break; case EXPR_NEQUAL: cmp = arg1 != arg2; break; case EXPR_GREATER: cmp = arg1 > arg2; break; case EXPR_GEQUAL: cmp = arg1 >= arg2; break; case EXPR_SMALLER: cmp = arg1 < arg2; break; case EXPR_SEQUAL: cmp = arg1 <= arg2; break; default: cmp = 0; break; } --ectx->ec_stack.ga_len; if (iptr->isn_type == ISN_COMPAREFLOAT) { tv1->v_type = VAR_BOOL; tv1->vval.v_number = cmp ? VVAL_TRUE : VVAL_FALSE; } else tv1->vval.v_float = res; } #endif break; case ISN_COMPARELIST: case ISN_COMPAREDICT: case ISN_COMPAREFUNC: case ISN_COMPARESTRING: case ISN_COMPAREBLOB: { typval_T *tv1 = STACK_TV_BOT(-2); typval_T *tv2 = STACK_TV_BOT(-1); exprtype_T exprtype = iptr->isn_arg.op.op_type; int ic = iptr->isn_arg.op.op_ic; int res = FALSE; int status = OK; SOURCING_LNUM = iptr->isn_lnum; if (iptr->isn_type == ISN_COMPARELIST) { status = typval_compare_list(tv1, tv2, exprtype, ic, &res); } else if (iptr->isn_type == ISN_COMPAREDICT) { status = typval_compare_dict(tv1, tv2, exprtype, ic, &res); } else if (iptr->isn_type == ISN_COMPAREFUNC) { status = typval_compare_func(tv1, tv2, exprtype, ic, &res); } else if (iptr->isn_type == ISN_COMPARESTRING) { status = typval_compare_string(tv1, tv2, exprtype, ic, &res); } else { status = typval_compare_blob(tv1, tv2, exprtype, &res); } --ectx->ec_stack.ga_len; clear_tv(tv1); clear_tv(tv2); tv1->v_type = VAR_BOOL; tv1->vval.v_number = res ? VVAL_TRUE : VVAL_FALSE; if (status == FAIL) goto theend; } break; case ISN_COMPAREANY: { typval_T *tv1 = STACK_TV_BOT(-2); typval_T *tv2 = STACK_TV_BOT(-1); exprtype_T exprtype = iptr->isn_arg.op.op_type; int ic = iptr->isn_arg.op.op_ic; int status; SOURCING_LNUM = iptr->isn_lnum; status = typval_compare(tv1, tv2, exprtype, ic); clear_tv(tv2); --ectx->ec_stack.ga_len; if (status == FAIL) goto theend; } break; case ISN_ADDLIST: case ISN_ADDBLOB: { typval_T *tv1 = STACK_TV_BOT(-2); typval_T *tv2 = STACK_TV_BOT(-1); if (iptr->isn_type == ISN_ADDLIST) { if (iptr->isn_arg.op.op_type == EXPR_APPEND && tv1->vval.v_list != NULL) list_extend(tv1->vval.v_list, tv2->vval.v_list, NULL); else eval_addlist(tv1, tv2); } else eval_addblob(tv1, tv2); clear_tv(tv2); --ectx->ec_stack.ga_len; } break; case ISN_LISTAPPEND: { typval_T *tv1 = STACK_TV_BOT(-2); typval_T *tv2 = STACK_TV_BOT(-1); list_T *l = tv1->vval.v_list; if (l == NULL) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_cannot_add_to_null_list)); goto on_error; } if (list_append_tv(l, tv2) == FAIL) goto theend; clear_tv(tv2); --ectx->ec_stack.ga_len; } break; case ISN_BLOBAPPEND: { typval_T *tv1 = STACK_TV_BOT(-2); typval_T *tv2 = STACK_TV_BOT(-1); blob_T *b = tv1->vval.v_blob; int error = FALSE; varnumber_T n; if (b == NULL) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_cannot_add_to_null_blob)); goto on_error; } n = tv_get_number_chk(tv2, &error); if (error) goto on_error; ga_append(&b->bv_ga, (int)n); --ectx->ec_stack.ga_len; } break; case ISN_OPANY: { typval_T *tv1 = STACK_TV_BOT(-2); typval_T *tv2 = STACK_TV_BOT(-1); varnumber_T n1, n2; #ifdef FEAT_FLOAT float_T f1 = 0, f2 = 0; #endif int error = FALSE; if (iptr->isn_arg.op.op_type == EXPR_ADD) { if (tv1->v_type == VAR_LIST && tv2->v_type == VAR_LIST) { eval_addlist(tv1, tv2); clear_tv(tv2); --ectx->ec_stack.ga_len; break; } else if (tv1->v_type == VAR_BLOB && tv2->v_type == VAR_BLOB) { eval_addblob(tv1, tv2); clear_tv(tv2); --ectx->ec_stack.ga_len; break; } } #ifdef FEAT_FLOAT if (tv1->v_type == VAR_FLOAT) { f1 = tv1->vval.v_float; n1 = 0; } else #endif { SOURCING_LNUM = iptr->isn_lnum; n1 = tv_get_number_chk(tv1, &error); if (error) goto on_error; #ifdef FEAT_FLOAT if (tv2->v_type == VAR_FLOAT) f1 = n1; #endif } #ifdef FEAT_FLOAT if (tv2->v_type == VAR_FLOAT) { f2 = tv2->vval.v_float; n2 = 0; } else #endif { n2 = tv_get_number_chk(tv2, &error); if (error) goto on_error; #ifdef FEAT_FLOAT if (tv1->v_type == VAR_FLOAT) f2 = n2; #endif } #ifdef FEAT_FLOAT if (tv1->v_type == VAR_FLOAT || tv2->v_type == VAR_FLOAT) { switch (iptr->isn_arg.op.op_type) { case EXPR_MULT: f1 = f1 * f2; break; case EXPR_DIV: f1 = f1 / f2; break; case EXPR_SUB: f1 = f1 - f2; break; case EXPR_ADD: f1 = f1 + f2; break; default: SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_modulus)); goto on_error; } clear_tv(tv1); clear_tv(tv2); tv1->v_type = VAR_FLOAT; tv1->vval.v_float = f1; --ectx->ec_stack.ga_len; } else #endif { int failed = FALSE; switch (iptr->isn_arg.op.op_type) { case EXPR_MULT: n1 = n1 * n2; break; case EXPR_DIV: n1 = num_divide(n1, n2, &failed); if (failed) goto on_error; break; case EXPR_SUB: n1 = n1 - n2; break; case EXPR_ADD: n1 = n1 + n2; break; default: n1 = num_modulus(n1, n2, &failed); if (failed) goto on_error; break; } clear_tv(tv1); clear_tv(tv2); tv1->v_type = VAR_NUMBER; tv1->vval.v_number = n1; --ectx->ec_stack.ga_len; } } break; case ISN_CONCAT: { char_u *str1 = STACK_TV_BOT(-2)->vval.v_string; char_u *str2 = STACK_TV_BOT(-1)->vval.v_string; char_u *res; res = concat_str(str1, str2); clear_tv(STACK_TV_BOT(-2)); clear_tv(STACK_TV_BOT(-1)); --ectx->ec_stack.ga_len; STACK_TV_BOT(-1)->vval.v_string = res; } break; case ISN_STRINDEX: case ISN_STRSLICE: { int is_slice = iptr->isn_type == ISN_STRSLICE; varnumber_T n1 = 0, n2; char_u *res; if (is_slice) { tv = STACK_TV_BOT(-2); n1 = tv->vval.v_number; } tv = STACK_TV_BOT(-1); n2 = tv->vval.v_number; ectx->ec_stack.ga_len -= is_slice ? 2 : 1; tv = STACK_TV_BOT(-1); if (is_slice) res = string_slice(tv->vval.v_string, n1, n2, FALSE); else res = char_from_string(tv->vval.v_string, n2); vim_free(tv->vval.v_string); tv->vval.v_string = res; } break; case ISN_LISTINDEX: case ISN_LISTSLICE: case ISN_BLOBINDEX: case ISN_BLOBSLICE: { int is_slice = iptr->isn_type == ISN_LISTSLICE || iptr->isn_type == ISN_BLOBSLICE; int is_blob = iptr->isn_type == ISN_BLOBINDEX || iptr->isn_type == ISN_BLOBSLICE; varnumber_T n1, n2; typval_T *val_tv; val_tv = is_slice ? STACK_TV_BOT(-3) : STACK_TV_BOT(-2); tv = STACK_TV_BOT(-1); n1 = n2 = tv->vval.v_number; clear_tv(tv); if (is_slice) { tv = STACK_TV_BOT(-2); n1 = tv->vval.v_number; clear_tv(tv); } ectx->ec_stack.ga_len -= is_slice ? 2 : 1; tv = STACK_TV_BOT(-1); SOURCING_LNUM = iptr->isn_lnum; if (is_blob) { if (blob_slice_or_index(val_tv->vval.v_blob, is_slice, n1, n2, FALSE, tv) == FAIL) goto on_error; } else { if (list_slice_or_index(val_tv->vval.v_list, is_slice, n1, n2, FALSE, tv, TRUE) == FAIL) goto on_error; } } break; case ISN_ANYINDEX: case ISN_ANYSLICE: { int is_slice = iptr->isn_type == ISN_ANYSLICE; typval_T *var1, *var2; int res; tv = is_slice ? STACK_TV_BOT(-3) : STACK_TV_BOT(-2); SOURCING_LNUM = iptr->isn_lnum; if (check_can_index(tv, TRUE, TRUE) == FAIL) goto on_error; var1 = is_slice ? STACK_TV_BOT(-2) : STACK_TV_BOT(-1); var2 = is_slice ? STACK_TV_BOT(-1) : NULL; res = eval_index_inner(tv, is_slice, var1, var2, FALSE, NULL, -1, TRUE); clear_tv(var1); if (is_slice) clear_tv(var2); ectx->ec_stack.ga_len -= is_slice ? 2 : 1; if (res == FAIL) goto on_error; } break; case ISN_SLICE: { list_T *list; int count = iptr->isn_arg.number; tv = STACK_TV_BOT(-1); list = tv->vval.v_list; if (list != NULL && list->lv_len >= count) { list_T *newlist = list_slice(list, count, list->lv_len - 1); if (newlist != NULL) { list_unref(list); tv->vval.v_list = newlist; ++newlist->lv_refcount; } } } break; case ISN_GETITEM: { listitem_T *li; getitem_T *gi = &iptr->isn_arg.getitem; tv = STACK_TV_BOT(-1 - gi->gi_with_op); li = list_find(tv->vval.v_list, gi->gi_index); if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; ++ectx->ec_stack.ga_len; copy_tv(&li->li_tv, STACK_TV_BOT(-1)); ectx->ec_where.wt_index = gi->gi_index + 1; ectx->ec_where.wt_variable = TRUE; } break; case ISN_MEMBER: { dict_T *dict; char_u *key; dictitem_T *di; tv = STACK_TV_BOT(-2); dict = tv->vval.v_dict; tv = STACK_TV_BOT(-1); key = tv->vval.v_string; if (key == NULL) key = (char_u *)""""; if ((di = dict_find(dict, key, -1)) == NULL) { SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_dictkey), key); clear_tv(tv); --ectx->ec_stack.ga_len; tv = STACK_TV_BOT(-1); (void) dict_stack_save(tv); tv->v_type = VAR_NUMBER; tv->vval.v_number = 0; goto on_fatal_error; } clear_tv(tv); --ectx->ec_stack.ga_len; tv = STACK_TV_BOT(-1); if (dict_stack_save(tv) == FAIL) goto on_fatal_error; copy_tv(&di->di_tv, tv); } break; case ISN_STRINGMEMBER: { dict_T *dict; dictitem_T *di; tv = STACK_TV_BOT(-1); if (tv->v_type != VAR_DICT || tv->vval.v_dict == NULL) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_dictreq)); goto on_error; } dict = tv->vval.v_dict; if ((di = dict_find(dict, iptr->isn_arg.string, -1)) == NULL) { SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_dictkey), iptr->isn_arg.string); goto on_error; } if (dict_stack_save(tv) == FAIL) goto on_fatal_error; copy_tv(&di->di_tv, tv); } break; case ISN_CLEARDICT: dict_stack_drop(); break; case ISN_USEDICT: { typval_T *dict_tv = dict_stack_get_tv(); tv = STACK_TV_BOT(-1); if (dict_tv != NULL && dict_tv->v_type == VAR_DICT && dict_tv->vval.v_dict != NULL && (tv->v_type == VAR_FUNC || (tv->v_type == VAR_PARTIAL && (tv->vval.v_partial->pt_auto || tv->vval.v_partial->pt_dict == NULL)))) dict_tv->vval.v_dict = make_partial(dict_tv->vval.v_dict, tv); dict_stack_drop(); } break; case ISN_NEGATENR: tv = STACK_TV_BOT(-1); if (tv->v_type != VAR_NUMBER #ifdef FEAT_FLOAT && tv->v_type != VAR_FLOAT #endif ) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_number_expected)); goto on_error; } #ifdef FEAT_FLOAT if (tv->v_type == VAR_FLOAT) tv->vval.v_float = -tv->vval.v_float; else #endif tv->vval.v_number = -tv->vval.v_number; break; case ISN_CHECKNR: { int error = FALSE; tv = STACK_TV_BOT(-1); SOURCING_LNUM = iptr->isn_lnum; if (check_not_string(tv) == FAIL) goto on_error; (void)tv_get_number_chk(tv, &error); if (error) goto on_error; } break; case ISN_CHECKTYPE: { checktype_T *ct = &iptr->isn_arg.type; tv = STACK_TV_BOT((int)ct->ct_off); SOURCING_LNUM = iptr->isn_lnum; if (!ectx->ec_where.wt_variable) ectx->ec_where.wt_index = ct->ct_arg_idx; if (check_typval_type(ct->ct_type, tv, ectx->ec_where) == FAIL) goto on_error; if (!ectx->ec_where.wt_variable) ectx->ec_where.wt_index = 0; if (tv->v_type == VAR_NUMBER && ct->ct_type->tt_type == VAR_BOOL && (tv->vval.v_number == 0 || tv->vval.v_number == 1)) { tv->v_type = VAR_BOOL; tv->vval.v_number = tv->vval.v_number ? VVAL_TRUE : VVAL_FALSE; } } break; case ISN_CHECKLEN: { int min_len = iptr->isn_arg.checklen.cl_min_len; list_T *list = NULL; tv = STACK_TV_BOT(-1); if (tv->v_type == VAR_LIST) list = tv->vval.v_list; if (list == NULL || list->lv_len < min_len || (list->lv_len > min_len && !iptr->isn_arg.checklen.cl_more_OK)) { SOURCING_LNUM = iptr->isn_lnum; semsg(_(e_expected_nr_items_but_got_nr), min_len, list == NULL ? 0 : list->lv_len); goto on_error; } } break; case ISN_SETTYPE: { checktype_T *ct = &iptr->isn_arg.type; tv = STACK_TV_BOT(-1); if (tv->v_type == VAR_DICT && tv->vval.v_dict != NULL) { free_type(tv->vval.v_dict->dv_type); tv->vval.v_dict->dv_type = alloc_type(ct->ct_type); } else if (tv->v_type == VAR_LIST && tv->vval.v_list != NULL) { free_type(tv->vval.v_list->lv_type); tv->vval.v_list->lv_type = alloc_type(ct->ct_type); } } break; case ISN_2BOOL: case ISN_COND2BOOL: { int n; int error = FALSE; if (iptr->isn_type == ISN_2BOOL) { tv = STACK_TV_BOT(iptr->isn_arg.tobool.offset); n = tv2bool(tv); if (iptr->isn_arg.tobool.invert) n = !n; } else { tv = STACK_TV_BOT(-1); SOURCING_LNUM = iptr->isn_lnum; n = tv_get_bool_chk(tv, &error); if (error) goto on_error; } clear_tv(tv); tv->v_type = VAR_BOOL; tv->vval.v_number = n ? VVAL_TRUE : VVAL_FALSE; } break; case ISN_2STRING: case ISN_2STRING_ANY: SOURCING_LNUM = iptr->isn_lnum; if (do_2string(STACK_TV_BOT(iptr->isn_arg.tostring.offset), iptr->isn_type == ISN_2STRING_ANY, iptr->isn_arg.tostring.tolerant) == FAIL) goto on_error; break; case ISN_RANGE: { exarg_T ea; char *errormsg; ea.line2 = 0; ea.addr_count = 0; ea.addr_type = ADDR_LINES; ea.cmd = iptr->isn_arg.string; ea.skip = FALSE; if (parse_cmd_address(&ea, &errormsg, FALSE) == FAIL) goto on_error; if (GA_GROW_FAILS(&ectx->ec_stack, 1)) goto theend; ++ectx->ec_stack.ga_len; tv = STACK_TV_BOT(-1); tv->v_type = VAR_NUMBER; tv->v_lock = 0; if (ea.addr_count == 0) tv->vval.v_number = curwin->w_cursor.lnum; else tv->vval.v_number = ea.line2; } break; case ISN_PUT: { int regname = iptr->isn_arg.put.put_regname; linenr_T lnum = iptr->isn_arg.put.put_lnum; char_u *expr = NULL; int dir = FORWARD; if (lnum < -2) { tv = STACK_TV_BOT(-1); curwin->w_cursor.lnum = tv->vval.v_number; if (lnum == LNUM_VARIABLE_RANGE_ABOVE) dir = BACKWARD; --ectx->ec_stack.ga_len; } else if (lnum == -2) dir = BACKWARD; else if (lnum >= 0) curwin->w_cursor.lnum = iptr->isn_arg.put.put_lnum; if (regname == '=') { tv = STACK_TV_BOT(-1); if (tv->v_type == VAR_STRING) expr = tv->vval.v_string; else { expr = typval2string(tv, TRUE); clear_tv(tv); } --ectx->ec_stack.ga_len; } check_cursor(); do_put(regname, expr, dir, 1L, PUT_LINE|PUT_CURSLINE); vim_free(expr); } break; case ISN_CMDMOD: ectx->ec_funclocal.floc_save_cmdmod = cmdmod; ectx->ec_funclocal.floc_restore_cmdmod = TRUE; ectx->ec_funclocal.floc_restore_cmdmod_stacklen = ectx->ec_stack.ga_len; cmdmod = *iptr->isn_arg.cmdmod.cf_cmdmod; apply_cmdmod(&cmdmod); break; case ISN_CMDMOD_REV: cmdmod.cmod_filter_regmatch.regprog = NULL; undo_cmdmod(&cmdmod); cmdmod = ectx->ec_funclocal.floc_save_cmdmod; ectx->ec_funclocal.floc_restore_cmdmod = FALSE; break; case ISN_UNPACK: { int count = iptr->isn_arg.unpack.unp_count; int semicolon = iptr->isn_arg.unpack.unp_semicolon; list_T *l; listitem_T *li; int i; tv = STACK_TV_BOT(-1); if (tv->v_type != VAR_LIST) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_for_argument_must_be_sequence_of_lists)); goto on_error; } l = tv->vval.v_list; if (l == NULL || l->lv_len < (semicolon ? count - 1 : count)) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_list_value_does_not_have_enough_items)); goto on_error; } else if (!semicolon && l->lv_len > count) { SOURCING_LNUM = iptr->isn_lnum; emsg(_(e_list_value_has_more_items_than_targets)); goto on_error; } CHECK_LIST_MATERIALIZE(l); if (GA_GROW_FAILS(&ectx->ec_stack, count - 1)) goto theend; ectx->ec_stack.ga_len += count - 1; if (semicolon) { list_T *rem_list = list_alloc_with_items(l->lv_len - count + 1); if (rem_list == NULL) goto theend; tv = STACK_TV_BOT(-count); tv->vval.v_list = rem_list; ++rem_list->lv_refcount; tv->v_lock = 0; li = l->lv_first; for (i = 0; i < count - 1; ++i) li = li->li_next; for (i = 0; li != NULL; ++i) { list_set_item(rem_list, i, &li->li_tv); li = li->li_next; } --count; } li = l->lv_first; for (i = 0; i < count; ++i) { tv = STACK_TV_BOT(-i - 1); copy_tv(&li->li_tv, tv); li = li->li_next; } list_unref(l); } break; case ISN_PROF_START: case ISN_PROF_END: { #ifdef FEAT_PROFILE funccall_T cookie; ufunc_T *cur_ufunc = (((dfunc_T *)def_functions.ga_data) + ectx->ec_dfunc_idx)->df_ufunc; cookie.func = cur_ufunc; if (iptr->isn_type == ISN_PROF_START) { func_line_start(&cookie, iptr->isn_lnum); func_line_exec(&cookie); } else func_line_end(&cookie); #endif } break; case ISN_DEBUG: handle_debug(iptr, ectx); break; case ISN_SHUFFLE: { typval_T tmp_tv; int item = iptr->isn_arg.shuffle.shfl_item; int up = iptr->isn_arg.shuffle.shfl_up; tmp_tv = *STACK_TV_BOT(-item); for ( ; up > 0 && item > 1; --up) { *STACK_TV_BOT(-item) = *STACK_TV_BOT(-item + 1); --item; } *STACK_TV_BOT(-item) = tmp_tv; } break; case ISN_DROP: --ectx->ec_stack.ga_len; clear_tv(STACK_TV_BOT(0)); ectx->ec_where.wt_index = 0; ectx->ec_where.wt_variable = FALSE; break; } continue; func_return: if (ectx->ec_frame_idx == ectx->ec_initial_frame_idx) goto done; if (func_return(ectx) == FAIL) goto theend; continue; on_error: if (did_emsg_cumul + did_emsg == ectx->ec_did_emsg_before && emsg_silent && did_emsg_def == 0) { if (ectx->ec_funclocal.floc_restore_cmdmod) { while (ectx->ec_stack.ga_len > ectx->ec_funclocal.floc_restore_cmdmod_stacklen) { --ectx->ec_stack.ga_len; clear_tv(STACK_TV_BOT(0)); } while (ectx->ec_instr[ectx->ec_iidx].isn_type != ISN_CMDMOD_REV) ++ectx->ec_iidx; } continue; } on_fatal_error: if (trylevel <= ectx->ec_trylevel_at_start) goto theend; } done: ret = OK; theend: dict_stack_clear(dict_stack_len_at_start); ectx->ec_trylevel_at_start = save_trylevel_at_start; return ret; }",visit repo url,src/vim9execute.c,https://github.com/vim/vim,258034523782199,1 1469,[],"asmlinkage long sys_nice(int increment) { long nice, retval; if (increment < -40) increment = -40; if (increment > 40) increment = 40; nice = PRIO_TO_NICE(current->static_prio) + increment; if (nice < -20) nice = -20; if (nice > 19) nice = 19; if (increment < 0 && !can_nice(current, nice)) return -EPERM; retval = security_task_setnice(current, nice); if (retval) return retval; set_user_nice(current, nice); return 0; }",linux-2.6,,,157308364414128161088800580406164889246,0 3256,['CWE-189'],"int jas_stream_copy(jas_stream_t *out, jas_stream_t *in, int n) { int all; int c; int m; all = (n < 0) ? 1 : 0; m = n; while (all || m > 0) { if ((c = jas_stream_getc_macro(in)) == EOF) { return (!all || jas_stream_error(in)) ? (-1) : 0; } if (jas_stream_putc_macro(out, c) == EOF) { return -1; } --m; } return 0; }",jasper,,,319781282804255805488057728938465230842,0 2464,['CWE-119'],"static int get_stat_data(struct cache_entry *ce, const unsigned char **sha1p, unsigned int *modep, int cached, int match_missing, struct oneway_unpack_data *cbdata) { const unsigned char *sha1 = ce->sha1; unsigned int mode = ce->ce_mode; if (!cached) { int changed; struct stat st; changed = check_removed(ce, &st); if (changed < 0) return -1; else if (changed) { if (match_missing) { *sha1p = sha1; *modep = mode; return 0; } return -1; } changed = ce_match_stat(ce, &st, 0); if (changed) { mode = ce_mode_from_stat(ce, st.st_mode); sha1 = null_sha1; } } *sha1p = sha1; *modep = mode; return 0; }",git,,,53590132855473859981088526832785303980,0 3633,CWE-674,"int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags) { mode_t old_mode; int r; if (unlinkat(dfd, filename, unlink_flags) >= 0) return 0; if (errno != EACCES || !FLAGS_SET(remove_flags, REMOVE_CHMOD)) return -errno; r = patch_dirfd_mode(dfd, &old_mode); if (r < 0) return r; if (unlinkat(dfd, filename, unlink_flags) < 0) { r = -errno; (void) fchmod(dfd, old_mode); return r; } if (FLAGS_SET(remove_flags, REMOVE_CHMOD_RESTORE) && fchmod(dfd, old_mode) < 0) return -errno; return 0; }",visit repo url,src/shared/rm-rf.c,https://github.com/systemd/systemd,212558254057666,1 6574,CWE-415,"destroyUserInformationLists(DUL_USERINFO * userInfo) { PRV_SCUSCPROLE * role; role = (PRV_SCUSCPROLE*)LST_Dequeue(&userInfo->SCUSCPRoleList); while (role != NULL) { free(role); role = (PRV_SCUSCPROLE*)LST_Dequeue(&userInfo->SCUSCPRoleList); } LST_Destroy(&userInfo->SCUSCPRoleList); delete userInfo->extNegList; userInfo->extNegList = NULL; delete userInfo->usrIdent; userInfo->usrIdent = NULL; }",visit repo url,dcmnet/libsrc/dulfsm.cc,https://github.com/DCMTK/dcmtk,68737762957367,1 5175,CWE-119,"void libxsmm_sparse_csr_reader( libxsmm_generated_code* io_generated_code, const char* i_csr_file_in, unsigned int** o_row_idx, unsigned int** o_column_idx, double** o_values, unsigned int* o_row_count, unsigned int* o_column_count, unsigned int* o_element_count ) { FILE *l_csr_file_handle; const unsigned int l_line_length = 512; char l_line[512 +1]; unsigned int l_header_read = 0; unsigned int* l_row_idx_id = NULL; unsigned int l_i = 0; l_csr_file_handle = fopen( i_csr_file_in, ""r"" ); if ( l_csr_file_handle == NULL ) { LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_INPUT ); return; } while (fgets(l_line, l_line_length, l_csr_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; fclose(l_csr_file_handle); LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_READ_LEN ); return; } if ( l_line[0] == '%' ) { continue; } else { if ( l_header_read == 0 ) { if ( sscanf(l_line, ""%u %u %u"", o_row_count, o_column_count, o_element_count) == 3 ) { *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * ((size_t)(*o_row_count) + 1)); *o_values = (double*) malloc(sizeof(double) * (*o_element_count)); l_row_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count)); if ( ( *o_row_idx == NULL ) || ( *o_column_idx == NULL ) || ( *o_values == NULL ) || ( l_row_idx_id == NULL ) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; fclose(l_csr_file_handle); LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_ALLOC_DATA ); return; } memset(*o_row_idx, 0, sizeof(unsigned int) * ((size_t)(*o_row_count) + 1)); memset(*o_column_idx, 0, sizeof(unsigned int) * (*o_element_count)); memset(*o_values, 0, sizeof(double) * (*o_element_count)); memset(l_row_idx_id, 0, sizeof(unsigned int) * (*o_row_count)); for ( l_i = 0; l_i <= *o_row_count; ++l_i ) (*o_row_idx)[l_i] = (*o_element_count); (*o_row_idx)[0] = 0; l_i = 0; l_header_read = 1; } else { LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_READ_DESC ); fclose( l_csr_file_handle ); return; } } else { unsigned int l_row = 0, l_column = 0; double l_value = 0; if ( sscanf(l_line, ""%u %u %lf"", &l_row, &l_column, &l_value) != 3 ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; fclose(l_csr_file_handle); LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_READ_ELEMS ); return; } l_row--; l_column--; (*o_column_idx)[l_i] = l_column; (*o_values)[l_i] = l_value; l_i++; l_row_idx_id[l_row] = 1; (*o_row_idx)[l_row+1] = l_i; } } } fclose( l_csr_file_handle ); if ( l_i != (*o_element_count) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_row_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSR_LEN ); return; } if ( l_row_idx_id != NULL ) { for ( l_i = 0; l_i < (*o_row_count); l_i++) { if ( l_row_idx_id[l_i] == 0 ) { (*o_row_idx)[l_i+1] = (*o_row_idx)[l_i]; } } free( l_row_idx_id ); } }",visit repo url,src/generator_spgemm_csr_reader.c,https://github.com/hfp/libxsmm,115762809866609,1 3956,CWE-284,"static bool ndp_msg_check_valid(struct ndp_msg *msg) { size_t len = ndp_msg_payload_len(msg); enum ndp_msg_type msg_type = ndp_msg_type(msg); if (len < ndp_msg_type_info(msg_type)->raw_struct_size) return false; return true; }",visit repo url,libndp/libndp.c,https://github.com/jpirko/libndp,83628147128847,1 443,[],"pfm_restore_pmcs(unsigned long *pmcs, unsigned long mask) { int i; for (i=0; mask; i++, mask>>=1) { if ((mask & 0x1) == 0) continue; ia64_set_pmc(i, pmcs[i]); } ia64_srlz_d(); }",linux-2.6,,,15298669198258794360711757221475840530,0 1994,['CWE-20'],"static int apply_to_pte_range(struct mm_struct *mm, pmd_t *pmd, unsigned long addr, unsigned long end, pte_fn_t fn, void *data) { pte_t *pte; int err; pgtable_t token; spinlock_t *uninitialized_var(ptl); pte = (mm == &init_mm) ? pte_alloc_kernel(pmd, addr) : pte_alloc_map_lock(mm, pmd, addr, &ptl); if (!pte) return -ENOMEM; BUG_ON(pmd_huge(*pmd)); token = pmd_pgtable(*pmd); do { err = fn(pte, token, addr, data); if (err) break; } while (pte++, addr += PAGE_SIZE, addr != end); if (mm != &init_mm) pte_unmap_unlock(pte-1, ptl); return err; }",linux-2.6,,,337948191803323778046730789406879776262,0 2816,CWE-476,"BOOL rdp_decrypt(rdpRdp* rdp, STREAM* s, int length, UINT16 securityFlags) { BYTE cmac[8]; BYTE wmac[8]; if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) { UINT16 len; BYTE version, pad; BYTE* sig; if (stream_get_left(s) < 12) return FALSE; stream_read_UINT16(s, len); stream_read_BYTE(s, version); stream_read_BYTE(s, pad); sig = s->p; stream_seek(s, 8); length -= 12; if (!security_fips_decrypt(s->p, length, rdp)) { printf(""FATAL: cannot decrypt\n""); return FALSE; } if (!security_fips_check_signature(s->p, length - pad, sig, rdp)) { printf(""FATAL: invalid packet signature\n""); return FALSE; } s->size -= pad; return TRUE; } if (stream_get_left(s) < 8) return FALSE; stream_read(s, wmac, sizeof(wmac)); length -= sizeof(wmac); security_decrypt(s->p, length, rdp); if (securityFlags & SEC_SECURE_CHECKSUM) security_salted_mac_signature(rdp, s->p, length, FALSE, cmac); else security_mac_signature(rdp, s->p, length, cmac); if (memcmp(wmac, cmac, sizeof(wmac)) != 0) { printf(""WARNING: invalid packet signature\n""); } return TRUE; }",visit repo url,libfreerdp/core/rdp.c,https://github.com/FreeRDP/FreeRDP,106516755768472,1 1123,['CWE-399'],"static u32 __peek_user_compat(struct task_struct *child, addr_t addr) { struct user32 *dummy32 = NULL; per_struct32 *dummy_per32 = NULL; addr_t offset; __u32 tmp; if (addr < (addr_t) &dummy32->regs.acrs) { if (addr == (addr_t) &dummy32->regs.psw.mask) { tmp = (__u32)(task_pt_regs(child)->psw.mask >> 32); tmp = PSW32_MASK_MERGE(psw32_user_bits, tmp); } else if (addr == (addr_t) &dummy32->regs.psw.addr) { tmp = (__u32) task_pt_regs(child)->psw.addr | PSW32_ADDR_AMODE31; } else { tmp = *(__u32 *)((addr_t) &task_pt_regs(child)->psw + addr*2 + 4); } } else if (addr < (addr_t) (&dummy32->regs.orig_gpr2)) { offset = addr - (addr_t) &dummy32->regs.acrs; tmp = *(__u32*)((addr_t) &child->thread.acrs + offset); } else if (addr == (addr_t) (&dummy32->regs.orig_gpr2)) { tmp = *(__u32*)((addr_t) &task_pt_regs(child)->orig_gpr2 + 4); } else if (addr < (addr_t) &dummy32->regs.fp_regs) { tmp = 0; } else if (addr < (addr_t) (&dummy32->regs.fp_regs + 1)) { offset = addr - (addr_t) &dummy32->regs.fp_regs; tmp = *(__u32 *)((addr_t) &child->thread.fp_regs + offset); } else if (addr < (addr_t) (&dummy32->regs.per_info + 1)) { offset = addr - (addr_t) &dummy32->regs.per_info; if ((offset >= (addr_t) &dummy_per32->control_regs && offset < (addr_t) (&dummy_per32->control_regs + 1)) || (offset >= (addr_t) &dummy_per32->starting_addr && offset <= (addr_t) &dummy_per32->ending_addr) || offset == (addr_t) &dummy_per32->lowcore.words.address) offset = offset*2 + 4; else offset = offset*2; tmp = *(__u32 *)((addr_t) &child->thread.per_info + offset); } else tmp = 0; return tmp; }",linux-2.6,,,272257655270366997408594613465787735661,0 2568,[],"static void bootstrap_attr_stack(void) { if (!attr_stack) { struct attr_stack *elem; elem = read_attr_from_array(builtin_attr); elem->origin = NULL; elem->prev = attr_stack; attr_stack = elem; if (!is_bare_repository()) { elem = read_attr(GITATTRIBUTES_FILE, 1); elem->origin = strdup(""""); elem->prev = attr_stack; attr_stack = elem; debug_push(elem); } elem = read_attr_from_file(git_path(INFOATTRIBUTES_FILE), 1); if (!elem) elem = xcalloc(1, sizeof(*elem)); elem->origin = NULL; elem->prev = attr_stack; attr_stack = elem; } }",git,,,158322494090907942600105438672722564066,0 6734,CWE-763,"int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, char **nb_computer_name, char **nb_domain_name, char **dns_computer_name, char **dns_domain_name, char **dns_tree_name, char **av_target_name, uint32_t *av_flags, uint64_t *av_timestamp, struct ntlm_buffer *av_single_host, struct ntlm_buffer *av_cb) { struct wire_av_pair *av_pair; uint16_t av_id = (uint16_t)-1; uint16_t av_len = (uint16_t)-1; struct ntlm_buffer sh = { NULL, 0 }; struct ntlm_buffer cb = { NULL, 0 }; char *nb_computer = NULL; char *nb_domain = NULL; char *dns_computer = NULL; char *dns_domain = NULL; char *dns_tree = NULL; char *av_target = NULL; size_t data_offs = 0; uint64_t timestamp = 0; uint32_t flags = 0; int ret = 0; while (data_offs + 4 <= buffer->length) { av_pair = (struct wire_av_pair *)&buffer->data[data_offs]; data_offs += 4; av_id = le16toh(av_pair->av_id); av_len = le16toh(av_pair->av_len); if (av_len > buffer->length - data_offs) { ret = ERR_DECODE; goto done; } data_offs += av_len; switch (av_id) { case MSV_AV_CHANNEL_BINDINGS: if (!av_cb) continue; cb.data = av_pair->value; cb.length = av_len; break; case MSV_AV_TARGET_NAME: if (!av_target_name) continue; ret = ntlm_decode_av_pair_u16l_str(ctx, av_pair, &av_target); if (ret) goto done; break; case MSV_AV_SINGLE_HOST: if (!av_single_host) continue; sh.data = av_pair->value; sh.length = av_len; break; case MSV_AV_TIMESTAMP: if (!av_timestamp) continue; memcpy(×tamp, av_pair->value, sizeof(timestamp)); timestamp = le64toh(timestamp); break; case MSV_AV_FLAGS: if (!av_flags) continue; memcpy(&flags, av_pair->value, sizeof(flags)); flags = le32toh(flags); break; case MSV_AV_DNS_TREE_NAME: if (!dns_tree_name) continue; ret = ntlm_decode_av_pair_u16l_str(ctx, av_pair, &dns_tree); if (ret) goto done; break; case MSV_AV_DNS_DOMAIN_NAME: if (!dns_domain_name) continue; ret = ntlm_decode_av_pair_u16l_str(ctx, av_pair, &dns_domain); if (ret) goto done; break; case MSV_AV_DNS_COMPUTER_NAME: if (!dns_computer_name) continue; ret = ntlm_decode_av_pair_u16l_str(ctx, av_pair, &dns_computer); if (ret) goto done; break; case MSV_AV_NB_DOMAIN_NAME: if (!nb_domain_name) continue; ret = ntlm_decode_av_pair_u16l_str(ctx, av_pair, &nb_domain); if (ret) goto done; break; case MSV_AV_NB_COMPUTER_NAME: if (!nb_computer_name) continue; ret = ntlm_decode_av_pair_u16l_str(ctx, av_pair, &nb_computer); if (ret) goto done; break; default: break; } if (av_id == MSV_AV_EOL) break; } if (av_id != MSV_AV_EOL || av_len != 0) { ret = ERR_DECODE; } done: if (ret) { ntlm_free_buffer_data(&sh); ntlm_free_buffer_data(&cb); safefree(nb_computer); safefree(nb_domain); safefree(dns_computer); safefree(dns_domain); safefree(dns_tree); safefree(av_target); } else { if (nb_computer_name) *nb_computer_name = nb_computer; if (nb_domain_name) *nb_domain_name = nb_domain; if (dns_computer_name) *dns_computer_name = dns_computer; if (dns_domain_name) *dns_domain_name = dns_domain; if (dns_tree_name) *dns_tree_name = dns_tree; if (av_target_name) *av_target_name = av_target; if (av_timestamp) *av_timestamp = timestamp; if (av_single_host) *av_single_host = sh; if (av_flags) *av_flags = flags; if (av_cb) *av_cb = cb; } return ret; }",visit repo url,src/ntlm.c,https://github.com/gssapi/gss-ntlmssp,196998036645912,1 903,CWE-20,"static int x25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct x25_sock *x25 = x25_sk(sk); struct sockaddr_x25 *sx25 = (struct sockaddr_x25 *)msg->msg_name; size_t copied; int qbit, header_len; struct sk_buff *skb; unsigned char *asmptr; int rc = -ENOTCONN; lock_sock(sk); if (x25->neighbour == NULL) goto out; header_len = x25->neighbour->extended ? X25_EXT_MIN_LEN : X25_STD_MIN_LEN; if (sk->sk_state != TCP_ESTABLISHED) goto out; if (flags & MSG_OOB) { rc = -EINVAL; if (sock_flag(sk, SOCK_URGINLINE) || !skb_peek(&x25->interrupt_in_queue)) goto out; skb = skb_dequeue(&x25->interrupt_in_queue); if (!pskb_may_pull(skb, X25_STD_MIN_LEN)) goto out_free_dgram; skb_pull(skb, X25_STD_MIN_LEN); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = 0x00; } msg->msg_flags |= MSG_OOB; } else { release_sock(sk); skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); lock_sock(sk); if (!skb) goto out; if (!pskb_may_pull(skb, header_len)) goto out_free_dgram; qbit = (skb->data[0] & X25_Q_BIT) == X25_Q_BIT; skb_pull(skb, header_len); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = qbit; } } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } msg->msg_flags |= MSG_EOR; rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (rc) goto out_free_dgram; if (sx25) { sx25->sx25_family = AF_X25; sx25->sx25_addr = x25->dest_addr; } msg->msg_namelen = sizeof(struct sockaddr_x25); x25_check_rbuf(sk); rc = copied; out_free_dgram: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/x25/af_x25.c,https://github.com/torvalds/linux,15718660389662,1 332,['CWE-20'],"static unsigned long getreg(struct task_struct *child, unsigned long regno) { unsigned long val; switch (regno) { case offsetof(struct user_regs_struct, fs): return child->thread.fsindex; case offsetof(struct user_regs_struct, gs): return child->thread.gsindex; case offsetof(struct user_regs_struct, ds): return child->thread.ds; case offsetof(struct user_regs_struct, es): return child->thread.es; case offsetof(struct user_regs_struct, fs_base): return child->thread.fs; case offsetof(struct user_regs_struct, gs_base): return child->thread.gs; default: regno = regno - sizeof(struct pt_regs); val = get_stack_long(child, regno); if (test_tsk_thread_flag(child, TIF_IA32)) val &= 0xffffffff; return val; } }",linux-2.6,,,96032571843772743323144870529036339168,0 1032,['CWE-20'],"static int set_user(uid_t new_ruid, int dumpclear) { struct user_struct *new_user; new_user = alloc_uid(new_ruid); if (!new_user) return -EAGAIN; if (atomic_read(&new_user->processes) >= current->signal->rlim[RLIMIT_NPROC].rlim_cur && new_user != &root_user) { free_uid(new_user); return -EAGAIN; } switch_uid(new_user); if (dumpclear) { current->mm->dumpable = suid_dumpable; smp_wmb(); } current->uid = new_ruid; return 0; }",linux-2.6,,,229406115716147219511350264033638342691,0 1197,CWE-400,"void handle_lddfmna(struct pt_regs *regs, unsigned long sfar, unsigned long sfsr) { unsigned long pc = regs->tpc; unsigned long tstate = regs->tstate; u32 insn; u64 value; u8 freg; int flag; struct fpustate *f = FPUSTATE; if (tstate & TSTATE_PRIV) die_if_kernel(""lddfmna from kernel"", regs); perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, 0, regs, sfar); if (test_thread_flag(TIF_32BIT)) pc = (u32)pc; if (get_user(insn, (u32 __user *) pc) != -EFAULT) { int asi = decode_asi(insn, regs); u32 first, second; int err; if ((asi > ASI_SNFL) || (asi < ASI_P)) goto daex; first = second = 0; err = get_user(first, (u32 __user *)sfar); if (!err) err = get_user(second, (u32 __user *)(sfar + 4)); if (err) { if (!(asi & 0x2)) goto daex; first = second = 0; } save_and_clear_fpu(); freg = ((insn >> 25) & 0x1e) | ((insn >> 20) & 0x20); value = (((u64)first) << 32) | second; if (asi & 0x8) value = __swab64p(&value); flag = (freg < 32) ? FPRS_DL : FPRS_DU; if (!(current_thread_info()->fpsaved[0] & FPRS_FEF)) { current_thread_info()->fpsaved[0] = FPRS_FEF; current_thread_info()->gsr[0] = 0; } if (!(current_thread_info()->fpsaved[0] & flag)) { if (freg < 32) memset(f->regs, 0, 32*sizeof(u32)); else memset(f->regs+32, 0, 32*sizeof(u32)); } *(u64 *)(f->regs + freg) = value; current_thread_info()->fpsaved[0] |= flag; } else { daex: if (tlb_type == hypervisor) sun4v_data_access_exception(regs, sfar, sfsr); else spitfire_data_access_exception(regs, sfsr, sfar); return; } advance(regs); }",visit repo url,arch/sparc/kernel/unaligned_64.c,https://github.com/torvalds/linux,17094683385553,1 2900,['CWE-189'],"static int jpc_dec_process_crg(jpc_dec_t *dec, jpc_ms_t *ms) { int cmptno; jpc_dec_cmpt_t *cmpt; jpc_crg_t *crg; crg = &ms->parms.crg; for (cmptno = 0, cmpt = dec->cmpts; cmptno < dec->numcomps; ++cmptno, ++cmpt) { } return 0; }",jasper,,,247445496628412199576539496998983475399,0 6381,CWE-20,"void dm9000WritePhyReg(uint8_t address, uint16_t data) { dm9000WriteReg(DM9000_REG_EPAR, 0x40 | address); dm9000WriteReg(DM9000_REG_EPDRL, LSB(data)); dm9000WriteReg(DM9000_REG_EPDRH, MSB(data)); dm9000WriteReg(DM9000_REG_EPCR, EPCR_EPOS | EPCR_ERPRW); while((dm9000ReadReg(DM9000_REG_EPCR) & EPCR_ERRE) != 0) { } usleep(5); dm9000WriteReg(DM9000_REG_EPCR, EPCR_EPOS); }",visit repo url,drivers/eth/dm9000_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,137147646427039,1 5885,CWE-120,"static void parse_media(pj_scanner *scanner, pjmedia_sdp_media *med, volatile parse_context *ctx) { pj_str_t str; ctx->last_error = PJMEDIA_SDP_EINMEDIA; if (*(scanner->curptr+1) != '=') { on_scanner_error(scanner); return; } pj_scan_advance_n(scanner, 2, SKIP_WS); pj_scan_get_until_ch(scanner, ' ', &med->desc.media); pj_scan_get_char(scanner); pj_scan_get(scanner, &cs_token, &str); med->desc.port = (unsigned short)pj_strtoul(&str); if (*scanner->curptr == '/') { pj_scan_get_char(scanner); pj_scan_get(scanner, &cs_token, &str); med->desc.port_count = pj_strtoul(&str); } else { med->desc.port_count = 0; } if (pj_scan_get_char(scanner) != ' ') { PJ_THROW(SYNTAX_ERROR); } pj_scan_get_until_chr(scanner, "" \t\r\n"", &med->desc.transport); med->desc.fmt_count = 0; while (*scanner->curptr == ' ') { pj_str_t fmt; pj_scan_get_char(scanner); if ((*scanner->curptr == '\r') || (*scanner->curptr == '\n')) break; pj_scan_get(scanner, &cs_token, &fmt); if (med->desc.fmt_count < PJMEDIA_MAX_SDP_FMT) med->desc.fmt[med->desc.fmt_count++] = fmt; else PJ_PERROR(2,(THIS_FILE, PJ_ETOOMANY, ""Error adding SDP media format %.*s, "" ""format is ignored"", (int)fmt.slen, fmt.ptr)); } pj_scan_skip_line(scanner); }",visit repo url,pjmedia/src/pjmedia/sdp.c,https://github.com/pjsip/pjproject,267550524262764,1 5905,['CWE-909'],"static int __init pktsched_init(void) { register_qdisc(&pfifo_qdisc_ops); register_qdisc(&bfifo_qdisc_ops); proc_net_fops_create(&init_net, ""psched"", 0, &psched_fops); rtnl_register(PF_UNSPEC, RTM_NEWQDISC, tc_modify_qdisc, NULL); rtnl_register(PF_UNSPEC, RTM_DELQDISC, tc_get_qdisc, NULL); rtnl_register(PF_UNSPEC, RTM_GETQDISC, tc_get_qdisc, tc_dump_qdisc); rtnl_register(PF_UNSPEC, RTM_NEWTCLASS, tc_ctl_tclass, NULL); rtnl_register(PF_UNSPEC, RTM_DELTCLASS, tc_ctl_tclass, NULL); rtnl_register(PF_UNSPEC, RTM_GETTCLASS, tc_ctl_tclass, tc_dump_tclass); return 0; }",linux-2.6,,,301037648989507824201963535905977080020,0 6054,['CWE-200'],"static void addrconf_add_linklocal(struct inet6_dev *idev, struct in6_addr *addr) { struct inet6_ifaddr * ifp; ifp = ipv6_add_addr(idev, addr, 64, IFA_LINK, IFA_F_PERMANENT); if (!IS_ERR(ifp)) { addrconf_dad_start(ifp, 0); in6_ifa_put(ifp); } }",linux-2.6,,,93595952922421348868875252521953603358,0 1160,['CWE-189'],"void hrtimer_init_sleeper(struct hrtimer_sleeper *sl, struct task_struct *task) { sl->timer.function = hrtimer_wakeup; sl->task = task; #ifdef CONFIG_HIGH_RES_TIMERS sl->timer.cb_mode = HRTIMER_CB_IRQSAFE_NO_RESTART; #endif }",linux-2.6,,,201175761051866499628659944172439345027,0 2234,['CWE-193'],"struct page *read_cache_page(struct address_space *mapping, pgoff_t index, int (*filler)(void *,struct page*), void *data) { struct page *page; page = read_cache_page_async(mapping, index, filler, data); if (IS_ERR(page)) goto out; wait_on_page_locked(page); if (!PageUptodate(page)) { page_cache_release(page); page = ERR_PTR(-EIO); } out: return page; }",linux-2.6,,,257968020570071862382135082026607109713,0 3805,['CWE-120'],"static int uvc_scan_chain_entity(struct uvc_video_device *video, struct uvc_entity *entity) { switch (UVC_ENTITY_TYPE(entity)) { case VC_EXTENSION_UNIT: if (uvc_trace_param & UVC_TRACE_PROBE) printk("" <- XU %d"", entity->id); if (entity->extension.bNrInPins != 1) { uvc_trace(UVC_TRACE_DESCR, ""Extension unit %d has more "" ""than 1 input pin.\n"", entity->id); return -1; } list_add_tail(&entity->chain, &video->extensions); break; case VC_PROCESSING_UNIT: if (uvc_trace_param & UVC_TRACE_PROBE) printk("" <- PU %d"", entity->id); if (video->processing != NULL) { uvc_trace(UVC_TRACE_DESCR, ""Found multiple "" ""Processing Units in chain.\n""); return -1; } video->processing = entity; break; case VC_SELECTOR_UNIT: if (uvc_trace_param & UVC_TRACE_PROBE) printk("" <- SU %d"", entity->id); if (entity->selector.bNrInPins == 1) break; if (video->selector != NULL) { uvc_trace(UVC_TRACE_DESCR, ""Found multiple Selector "" ""Units in chain.\n""); return -1; } video->selector = entity; break; case ITT_VENDOR_SPECIFIC: case ITT_CAMERA: case ITT_MEDIA_TRANSPORT_INPUT: if (uvc_trace_param & UVC_TRACE_PROBE) printk("" <- IT %d\n"", entity->id); list_add_tail(&entity->chain, &video->iterms); break; default: uvc_trace(UVC_TRACE_DESCR, ""Unsupported entity type "" ""0x%04x found in chain.\n"", UVC_ENTITY_TYPE(entity)); return -1; } return 0; }",linux-2.6,,,299252287120825511868126872510988371985,0 4454,CWE-787,"static int DecodeGifImg(struct ngiflib_img * i) { struct ngiflib_decode_context context; long npix; u8 * stackp; u8 * stack_top; u16 clr; u16 eof; u16 free; u16 act_code = 0; u16 old_code = 0; u16 read_byt; u16 ab_prfx[4096]; u8 ab_suffx[4096]; u8 ab_stack[4096]; u8 flags; u8 casspecial = 0; if(!i) return -1; i->posX = GetWord(i->parent); i->posY = GetWord(i->parent); i->width = GetWord(i->parent); i->height = GetWord(i->parent); if((i->width > i->parent->width) || (i->height > i->parent->height)) { #if !defined(NGIFLIB_NO_FILE) if(i->parent->log) fprintf(i->parent->log, ""*** ERROR *** Image bigger than global GIF canvas !\n""); #endif return -1; } if((i->posX + i->width) > i->parent->width) { #if !defined(NGIFLIB_NO_FILE) if(i->parent->log) fprintf(i->parent->log, ""*** WARNING *** Adjusting X position\n""); #endif i->posX = i->parent->width - i->width; } if((i->posY + i->height) > i->parent->height) { #if !defined(NGIFLIB_NO_FILE) if(i->parent->log) fprintf(i->parent->log, ""*** WARNING *** Adjusting Y position\n""); #endif i->posY = i->parent->height - i->height; } context.Xtogo = i->width; context.curY = i->posY; #ifdef NGIFLIB_INDEXED_ONLY #ifdef NGIFLIB_ENABLE_CALLBACKS context.line_p.p8 = i->parent->frbuff.p8 + (u32)i->posY*i->parent->width; context.frbuff_p.p8 = context.line_p.p8 + i->posX; #else context.frbuff_p.p8 = i->parent->frbuff.p8 + (u32)i->posY*i->parent->width + i->posX; #endif #else if(i->parent->mode & NGIFLIB_MODE_INDEXED) { #ifdef NGIFLIB_ENABLE_CALLBACKS context.line_p.p8 = i->parent->frbuff.p8 + (u32)i->posY*i->parent->width; context.frbuff_p.p8 = context.line_p.p8 + i->posX; #else context.frbuff_p.p8 = i->parent->frbuff.p8 + (u32)i->posY*i->parent->width + i->posX; #endif } else { #ifdef NGIFLIB_ENABLE_CALLBACKS context.line_p.p32 = i->parent->frbuff.p32 + (u32)i->posY*i->parent->width; context.frbuff_p.p32 = context.line_p.p32 + i->posX; #else context.frbuff_p.p32 = i->parent->frbuff.p32 + (u32)i->posY*i->parent->width + i->posX; #endif } #endif npix = (long)i->width * i->height; flags = GetByte(i->parent); i->interlaced = (flags & 64) >> 6; context.pass = i->interlaced ? 1 : 0; i->sort_flag = (flags & 32) >> 5; i->localpalbits = (flags & 7) + 1; if(flags&128) { int k; int localpalsize = 1 << i->localpalbits; #if !defined(NGIFLIB_NO_FILE) if(i->parent && i->parent->log) fprintf(i->parent->log, ""Local palette\n""); #endif i->palette = (struct ngiflib_rgb *)ngiflib_malloc(sizeof(struct ngiflib_rgb)*localpalsize); for(k=0; kpalette[k].r = GetByte(i->parent); i->palette[k].g = GetByte(i->parent); i->palette[k].b = GetByte(i->parent); } #ifdef NGIFLIB_ENABLE_CALLBACKS if(i->parent->palette_cb) i->parent->palette_cb(i->parent, i->palette, localpalsize); #endif } else { i->palette = i->parent->palette; i->localpalbits = i->parent->imgbits; } i->ncolors = 1 << i->localpalbits; i->imgbits = GetByte(i->parent); #if !defined(NGIFLIB_NO_FILE) if(i->parent && i->parent->log) { if(i->interlaced) fprintf(i->parent->log, ""interlaced ""); fprintf(i->parent->log, ""img pos(%hu,%hu) size %hux%hu palbits=%hhu imgbits=%hhu ncolors=%hu\n"", i->posX, i->posY, i->width, i->height, i->localpalbits, i->imgbits, i->ncolors); } #endif if(i->imgbits==1) { i->imgbits = 2; } clr = 1 << i->imgbits; eof = clr + 1; free = clr + 2; context.nbbit = i->imgbits + 1; context.max = clr + clr - 1; stackp = stack_top = ab_stack + 4096; context.restbits = 0; context.restbyte = 0; context.lbyte = 0; for(;;) { act_code = GetGifWord(i, &context); if(act_code==eof) { #if !defined(NGIFLIB_NO_FILE) if(i->parent && i->parent->log) fprintf(i->parent->log, ""End of image code\n""); #endif return 0; } if(npix==0) { #if !defined(NGIFLIB_NO_FILE) if(i->parent && i->parent->log) fprintf(i->parent->log, ""assez de pixels, On se casse !\n""); #endif return 1; } if(act_code==clr) { #if !defined(NGIFLIB_NO_FILE) if(i->parent && i->parent->log) fprintf(i->parent->log, ""Code clear (free=%hu) npix=%ld\n"", free, npix); #endif free = clr + 2; context.nbbit = i->imgbits + 1; context.max = clr + clr - 1; act_code = GetGifWord(i, &context); casspecial = (u8)act_code; old_code = act_code; WritePixel(i, &context, casspecial); npix--; } else { read_byt = act_code; if(act_code >= free) { *(--stackp) = casspecial; act_code = old_code; } while(act_code > clr) { *(--stackp) = ab_suffx[act_code]; act_code = ab_prfx[act_code]; } casspecial = (u8)act_code; *(--stackp) = casspecial; WritePixels(i, &context, stackp, stack_top - stackp); npix -= (stack_top - stackp); stackp = stack_top; if(free < 4096) { ab_prfx[free] = old_code; ab_suffx[free] = (u8)act_code; free++; if((free > context.max) && (context.nbbit < 12)) { context.nbbit++; context.max += context.max + 1; } } old_code = read_byt; } } return 0; }",visit repo url,ngiflib.c,https://github.com/miniupnp/ngiflib,155023618293961,1 5031,[],"static const char *collect_onlinestatus(TALLOC_CTX *mem_ctx) { struct winbindd_domain *domain; char *buf = NULL; if ((buf = talloc_asprintf(mem_ctx, ""global:%s "", get_global_winbindd_state_offline() ? ""Offline"":""Online"")) == NULL) { return NULL; } for (domain = domain_list(); domain; domain = domain->next) { if ((buf = talloc_asprintf_append(buf, ""%s:%s "", domain->name, domain->online ? ""Online"":""Offline"")) == NULL) { return NULL; } } buf = talloc_asprintf_append(buf, ""\n""); DEBUG(5,(""collect_onlinestatus: %s"", buf)); return buf; }",samba,,,146910419150758693244276410367433971690,0 2000,['CWE-20'],"int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, struct page *page) { if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; if (!page_count(page)) return -EINVAL; vma->vm_flags |= VM_INSERTPAGE; return insert_page(vma, addr, page, vma->vm_page_prot); }",linux-2.6,,,197117682567182620599508215430377484576,0 2527,['CWE-119'],"static void emit_rewrite_diff(const char *name_a, const char *name_b, struct diff_filespec *one, struct diff_filespec *two, struct diff_options *o) { int lc_a, lc_b; int color_diff = DIFF_OPT_TST(o, COLOR_DIFF); const char *name_a_tab, *name_b_tab; const char *metainfo = diff_get_color(color_diff, DIFF_METAINFO); const char *fraginfo = diff_get_color(color_diff, DIFF_FRAGINFO); const char *old = diff_get_color(color_diff, DIFF_FILE_OLD); const char *new = diff_get_color(color_diff, DIFF_FILE_NEW); const char *reset = diff_get_color(color_diff, DIFF_RESET); static struct strbuf a_name = STRBUF_INIT, b_name = STRBUF_INIT; name_a += (*name_a == '/'); name_b += (*name_b == '/'); name_a_tab = strchr(name_a, ' ') ? ""\t"" : """"; name_b_tab = strchr(name_b, ' ') ? ""\t"" : """"; strbuf_reset(&a_name); strbuf_reset(&b_name); quote_two_c_style(&a_name, o->a_prefix, name_a, 0); quote_two_c_style(&b_name, o->b_prefix, name_b, 0); diff_populate_filespec(one, 0); diff_populate_filespec(two, 0); lc_a = count_lines(one->data, one->size); lc_b = count_lines(two->data, two->size); fprintf(o->file, ""%s--- %s%s%s\n%s+++ %s%s%s\n%s@@ -"", metainfo, a_name.buf, name_a_tab, reset, metainfo, b_name.buf, name_b_tab, reset, fraginfo); print_line_count(o->file, lc_a); fprintf(o->file, "" +""); print_line_count(o->file, lc_b); fprintf(o->file, "" @@%s\n"", reset); if (lc_a) copy_file_with_prefix(o->file, '-', one->data, one->size, old, reset); if (lc_b) copy_file_with_prefix(o->file, '+', two->data, two->size, new, reset); }",git,,,293653855797645360817828271325688837865,0 2251,['CWE-193'],"static ssize_t generic_perform_write(struct file *file, struct iov_iter *i, loff_t pos) { struct address_space *mapping = file->f_mapping; const struct address_space_operations *a_ops = mapping->a_ops; long status = 0; ssize_t written = 0; unsigned int flags = 0; if (segment_eq(get_fs(), KERNEL_DS)) flags |= AOP_FLAG_UNINTERRUPTIBLE; do { struct page *page; pgoff_t index; unsigned long offset; unsigned long bytes; size_t copied; void *fsdata; offset = (pos & (PAGE_CACHE_SIZE - 1)); index = pos >> PAGE_CACHE_SHIFT; bytes = min_t(unsigned long, PAGE_CACHE_SIZE - offset, iov_iter_count(i)); again: if (unlikely(iov_iter_fault_in_readable(i, bytes))) { status = -EFAULT; break; } status = a_ops->write_begin(file, mapping, pos, bytes, flags, &page, &fsdata); if (unlikely(status)) break; pagefault_disable(); copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes); pagefault_enable(); flush_dcache_page(page); status = a_ops->write_end(file, mapping, pos, bytes, copied, page, fsdata); if (unlikely(status < 0)) break; copied = status; cond_resched(); iov_iter_advance(i, copied); if (unlikely(copied == 0)) { bytes = min_t(unsigned long, PAGE_CACHE_SIZE - offset, iov_iter_single_seg_count(i)); goto again; } pos += copied; written += copied; balance_dirty_pages_ratelimited(mapping); } while (iov_iter_count(i)); return written ? written : status; }",linux-2.6,,,89953720109218257237035012797922684957,0 2846,CWE-119,"horizontalDifference16(unsigned short *ip, int n, int stride, unsigned short *wp, uint16 *From14) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) From14[(v) >> 2] mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,33444542816717,1 743,['CWE-119'],"isdn_net_new(char *name, struct net_device *master) { isdn_net_dev *netdev; if (isdn_net_findif(name)) { printk(KERN_WARNING ""isdn_net: interface %s already exists\n"", name); return NULL; } if (name == NULL) return NULL; if (!(netdev = kzalloc(sizeof(isdn_net_dev), GFP_KERNEL))) { printk(KERN_WARNING ""isdn_net: Could not allocate net-device\n""); return NULL; } netdev->dev = alloc_netdev(sizeof(isdn_net_local), name, _isdn_setup); if (!netdev->dev) { printk(KERN_WARNING ""isdn_net: Could not allocate network device\n""); kfree(netdev); return NULL; } netdev->local = netdev->dev->priv; netdev->dev->init = isdn_net_init; if (master) { struct net_device *p = (((isdn_net_local *) master->priv)->slave); struct net_device *q = master; netdev->local->master = master; while (p) { q = p; p = (((isdn_net_local *) p->priv)->slave); } ((isdn_net_local *) q->priv)->slave = netdev->dev; } else { netdev->dev->tx_timeout = isdn_net_tx_timeout; netdev->dev->watchdog_timeo = ISDN_NET_TX_TIMEOUT; if (register_netdev(netdev->dev) != 0) { printk(KERN_WARNING ""isdn_net: Could not register net-device\n""); free_netdev(netdev->dev); kfree(netdev); return NULL; } } netdev->queue = netdev->local; spin_lock_init(&netdev->queue_lock); netdev->local->netdev = netdev; INIT_WORK(&netdev->local->tqueue, isdn_net_softint); spin_lock_init(&netdev->local->xmit_lock); netdev->next = (void *) dev->netdev; dev->netdev = netdev; return netdev->dev->name; }",linux-2.6,,,285298512293163598145469280213007460018,0 1227,CWE-400,"static void perf_swevent_event(struct perf_event *event, u64 nr, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { struct hw_perf_event *hwc = &event->hw; local64_add(nr, &event->count); if (!regs) return; if (!is_sampling_event(event)) return; if (nr == 1 && hwc->sample_period == 1 && !event->attr.freq) return perf_swevent_overflow(event, 1, nmi, data, regs); if (local64_add_negative(nr, &hwc->period_left)) return; perf_swevent_overflow(event, 0, nmi, data, regs); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,55198612691672,1 682,CWE-20,"static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t total_len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int error = 0; if (sk->sk_state & PPPOX_BOUND) { error = -EIO; goto end; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &error); if (error < 0) goto end; m->msg_namelen = 0; if (skb) { total_len = min_t(size_t, total_len, skb->len); error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len); if (error == 0) { consume_skb(skb); return total_len; } } kfree_skb(skb); end: return error; }",visit repo url,drivers/net/ppp/pppoe.c,https://github.com/torvalds/linux,210801352169286,1 3652,CWE-200,"static void intern_rec(value *dest) { unsigned int code; tag_t tag; mlsize_t size, len, ofs_ind; value v; asize_t ofs; header_t header; unsigned char digest[16]; struct custom_operations * ops; char * codeptr; struct intern_item * sp; sp = intern_stack; ReadItems(dest, 1); while(sp != intern_stack) { dest = sp->dest; switch (sp->op) { case OFreshOID: if (Int_val(Field((value)dest, 1)) >= 0) caml_set_oo_id((value)dest); sp--; break; case OShift: *dest += sp->arg; sp--; break; case OReadItems: sp->dest++; if (--(sp->arg) == 0) sp--; code = read8u(); if (code >= PREFIX_SMALL_INT) { if (code >= PREFIX_SMALL_BLOCK) { tag = code & 0xF; size = (code >> 4) & 0x7; read_block: if (size == 0) { v = Atom(tag); } else { v = Val_hp(intern_dest); if (intern_obj_table != NULL) intern_obj_table[obj_counter++] = v; *intern_dest = Make_header(size, tag, intern_color); intern_dest += 1 + size; if (tag == Object_tag) { Assert(size >= 2); ReadItems(&Field(v, 2), size - 2); PushItem(); sp->op = OFreshOID; sp->dest = (value*) v; sp->arg = 1; ReadItems(&Field(v, 0), 2); } else ReadItems(&Field(v, 0), size); } } else { v = Val_int(code & 0x3F); } } else { if (code >= PREFIX_SMALL_STRING) { len = (code & 0x1F); read_string: size = (len + sizeof(value)) / sizeof(value); v = Val_hp(intern_dest); if (intern_obj_table != NULL) intern_obj_table[obj_counter++] = v; *intern_dest = Make_header(size, String_tag, intern_color); intern_dest += 1 + size; Field(v, size - 1) = 0; ofs_ind = Bsize_wsize(size) - 1; Byte(v, ofs_ind) = ofs_ind - len; readblock(String_val(v), len); } else { switch(code) { case CODE_INT8: v = Val_long(read8s()); break; case CODE_INT16: v = Val_long(read16s()); break; case CODE_INT32: v = Val_long(read32s()); break; case CODE_INT64: #ifdef ARCH_SIXTYFOUR v = Val_long(read64s()); break; #else intern_cleanup(); caml_failwith(""input_value: integer too large""); break; #endif case CODE_SHARED8: ofs = read8u(); read_shared: Assert (ofs > 0); Assert (ofs <= obj_counter); Assert (intern_obj_table != NULL); v = intern_obj_table[obj_counter - ofs]; break; case CODE_SHARED16: ofs = read16u(); goto read_shared; case CODE_SHARED32: ofs = read32u(); goto read_shared; case CODE_BLOCK32: header = (header_t) read32u(); tag = Tag_hd(header); size = Wosize_hd(header); goto read_block; case CODE_BLOCK64: #ifdef ARCH_SIXTYFOUR header = (header_t) read64s(); tag = Tag_hd(header); size = Wosize_hd(header); goto read_block; #else intern_cleanup(); caml_failwith(""input_value: data block too large""); break; #endif case CODE_STRING8: len = read8u(); goto read_string; case CODE_STRING32: len = read32u(); goto read_string; case CODE_DOUBLE_LITTLE: case CODE_DOUBLE_BIG: v = Val_hp(intern_dest); if (intern_obj_table != NULL) intern_obj_table[obj_counter++] = v; *intern_dest = Make_header(Double_wosize, Double_tag, intern_color); intern_dest += 1 + Double_wosize; readfloat((double *) v, code); break; case CODE_DOUBLE_ARRAY8_LITTLE: case CODE_DOUBLE_ARRAY8_BIG: len = read8u(); read_double_array: size = len * Double_wosize; v = Val_hp(intern_dest); if (intern_obj_table != NULL) intern_obj_table[obj_counter++] = v; *intern_dest = Make_header(size, Double_array_tag, intern_color); intern_dest += 1 + size; readfloats((double *) v, len, code); break; case CODE_DOUBLE_ARRAY32_LITTLE: case CODE_DOUBLE_ARRAY32_BIG: len = read32u(); goto read_double_array; case CODE_CODEPOINTER: ofs = read32u(); readblock(digest, 16); codeptr = intern_resolve_code_pointer(digest, ofs); if (codeptr != NULL) { v = (value) codeptr; } else { value * function_placeholder = caml_named_value (""Debugger.function_placeholder""); if (function_placeholder != NULL) { v = *function_placeholder; } else { intern_cleanup(); intern_bad_code_pointer(digest); } } break; case CODE_INFIXPOINTER: ofs = read32u(); PushItem(); sp->dest = dest; sp->op = OShift; sp->arg = ofs; ReadItems(dest, 1); continue; case CODE_CUSTOM: ops = caml_find_custom_operations((char *) intern_src); if (ops == NULL) { intern_cleanup(); caml_failwith(""input_value: unknown custom block identifier""); } while (*intern_src++ != 0) ; size = ops->deserialize((void *) (intern_dest + 2)); size = 1 + (size + sizeof(value) - 1) / sizeof(value); v = Val_hp(intern_dest); if (intern_obj_table != NULL) intern_obj_table[obj_counter++] = v; *intern_dest = Make_header(size, Custom_tag, intern_color); Custom_ops_val(v) = ops; if (ops->finalize != NULL && Is_young(v)) { if (caml_finalize_table.ptr >= caml_finalize_table.limit){ CAMLassert (caml_finalize_table.ptr == caml_finalize_table.limit); caml_realloc_ref_table (&caml_finalize_table); } *caml_finalize_table.ptr++ = (value *)v; } intern_dest += 1 + size; break; default: intern_cleanup(); caml_failwith(""input_value: ill-formed message""); } } } *dest = v; break; default: Assert(0); } } intern_free_stack(); }",visit repo url,byterun/intern.c,https://github.com/ocaml/ocaml,1717208991005,1 4018,['CWE-362'],"int inotify_rm_watch(struct inotify_handle *ih, struct inotify_watch *watch) { return inotify_rm_wd(ih, watch->wd); }",linux-2.6,,,67771736944582601080061101094607218665,0 1992,CWE-416,"void usb_sg_cancel(struct usb_sg_request *io) { unsigned long flags; int i, retval; spin_lock_irqsave(&io->lock, flags); if (io->status) { spin_unlock_irqrestore(&io->lock, flags); return; } io->status = -ECONNRESET; spin_unlock_irqrestore(&io->lock, flags); for (i = io->entries - 1; i >= 0; --i) { usb_block_urb(io->urbs[i]); retval = usb_unlink_urb(io->urbs[i]); if (retval != -EINPROGRESS && retval != -ENODEV && retval != -EBUSY && retval != -EIDRM) dev_warn(&io->dev->dev, ""%s, unlink --> %d\n"", __func__, retval); } }",visit repo url,drivers/usb/core/message.c,https://github.com/torvalds/linux,4204065150412,1 2195,['CWE-193'],"void wait_on_page_bit(struct page *page, int bit_nr) { DEFINE_WAIT_BIT(wait, &page->flags, bit_nr); if (test_bit(bit_nr, &page->flags)) __wait_on_bit(page_waitqueue(page), &wait, sync_page, TASK_UNINTERRUPTIBLE); }",linux-2.6,,,316701352622719257134184664145160856573,0 5972,CWE-120,"static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) { __Pyx_RefNannyDeclarations __Pyx_RefNannySetupContext(""__Pyx_InitCachedConstants"", 0); __pyx_tuple_ = PyTuple_Pack(5, __pyx_n_s_number, __pyx_n_s_buf, __pyx_n_s_i, __pyx_n_s_towrite, __pyx_n_s_num_buf); if (unlikely(!__pyx_tuple_)) __PYX_ERR(0, 4, __pyx_L1_error) __Pyx_GOTREF(__pyx_tuple_); __Pyx_GIVEREF(__pyx_tuple_); __pyx_codeobj__2 = (PyObject*)__Pyx_PyCode_New(2, 0, 5, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple_, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_clickhouse_driver_varint_pyx, __pyx_n_s_write_varint, 4, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__2)) __PYX_ERR(0, 4, __pyx_L1_error) __pyx_tuple__3 = PyTuple_Pack(5, __pyx_n_s_f, __pyx_n_s_shift, __pyx_n_s_result, __pyx_n_s_i, __pyx_n_s_read_one); if (unlikely(!__pyx_tuple__3)) __PYX_ERR(0, 29, __pyx_L1_error) __Pyx_GOTREF(__pyx_tuple__3); __Pyx_GIVEREF(__pyx_tuple__3); __pyx_codeobj__4 = (PyObject*)__Pyx_PyCode_New(1, 0, 5, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__3, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_clickhouse_driver_varint_pyx, __pyx_n_s_read_varint, 29, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__4)) __PYX_ERR(0, 29, __pyx_L1_error) __Pyx_RefNannyFinishContext(); return 0; __pyx_L1_error:; __Pyx_RefNannyFinishContext(); return -1; }",visit repo url,clickhouse_driver/varint.c,https://github.com/mymarilyn/clickhouse-driver,134070105413434,1 1752,[],"void account_system_time_scaled(struct task_struct *p, cputime_t cputime) { p->stimescaled = cputime_add(p->stimescaled, cputime); }",linux-2.6,,,297051273370260090096379391980433058274,0 1573,CWE-362,"void sctp_generate_heartbeat_event(unsigned long data) { int error = 0; struct sctp_transport *transport = (struct sctp_transport *) data; struct sctp_association *asoc = transport->asoc; struct net *net = sock_net(asoc->base.sk); bh_lock_sock(asoc->base.sk); if (sock_owned_by_user(asoc->base.sk)) { pr_debug(""%s: sock is busy\n"", __func__); if (!mod_timer(&transport->hb_timer, jiffies + (HZ/20))) sctp_transport_hold(transport); goto out_unlock; } if (transport->dead) goto out_unlock; error = sctp_do_sm(net, SCTP_EVENT_T_TIMEOUT, SCTP_ST_TIMEOUT(SCTP_EVENT_TIMEOUT_HEARTBEAT), asoc->state, asoc->ep, asoc, transport, GFP_ATOMIC); if (error) asoc->base.sk->sk_err = -error; out_unlock: bh_unlock_sock(asoc->base.sk); sctp_transport_put(transport); }",visit repo url,net/sctp/sm_sideeffect.c,https://github.com/torvalds/linux,247529872815235,1 4200,CWE-287,"static void oidc_scrub_headers(request_rec *r) { oidc_cfg *cfg = ap_get_module_config(r->server->module_config, &auth_openidc_module); if (cfg->scrub_request_headers != 0) { oidc_scrub_request_headers(r, OIDC_DEFAULT_HEADER_PREFIX, oidc_cfg_dir_authn_header(r)); if ((strstr(cfg->claim_prefix, OIDC_DEFAULT_HEADER_PREFIX) != cfg->claim_prefix)) { oidc_scrub_request_headers(r, cfg->claim_prefix, NULL); } } }",visit repo url,src/mod_auth_openidc.c,https://github.com/pingidentity/mod_auth_openidc,203373520338006,1 362,CWE-125,"void __skb_tstamp_tx(struct sk_buff *orig_skb, struct skb_shared_hwtstamps *hwtstamps, struct sock *sk, int tstype) { struct sk_buff *skb; bool tsonly; if (!sk) return; tsonly = sk->sk_tsflags & SOF_TIMESTAMPING_OPT_TSONLY; if (!skb_may_tx_timestamp(sk, tsonly)) return; if (tsonly) { #ifdef CONFIG_INET if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_STATS) && sk->sk_protocol == IPPROTO_TCP && sk->sk_type == SOCK_STREAM) skb = tcp_get_timestamping_opt_stats(sk); else #endif skb = alloc_skb(0, GFP_ATOMIC); } else { skb = skb_clone(orig_skb, GFP_ATOMIC); } if (!skb) return; if (tsonly) { skb_shinfo(skb)->tx_flags = skb_shinfo(orig_skb)->tx_flags; skb_shinfo(skb)->tskey = skb_shinfo(orig_skb)->tskey; } if (hwtstamps) *skb_hwtstamps(skb) = *hwtstamps; else skb->tstamp = ktime_get_real(); __skb_complete_tx_timestamp(skb, sk, tstype);",visit repo url,net/core/skbuff.c,https://github.com/torvalds/linux,126643512064178,1 1503,CWE-20,"static inline int xsave_state_booting(struct xsave_struct *fx, u64 mask) { u32 lmask = mask; u32 hmask = mask >> 32; int err = 0; WARN_ON(system_state != SYSTEM_BOOTING); if (boot_cpu_has(X86_FEATURE_XSAVES)) asm volatile(""1:""XSAVES""\n\t"" ""2:\n\t"" : : ""D"" (fx), ""m"" (*fx), ""a"" (lmask), ""d"" (hmask) : ""memory""); else asm volatile(""1:""XSAVE""\n\t"" ""2:\n\t"" : : ""D"" (fx), ""m"" (*fx), ""a"" (lmask), ""d"" (hmask) : ""memory""); asm volatile(xstate_fault : ""0"" (0) : ""memory""); return err; }",visit repo url,arch/x86/include/asm/xsave.h,https://github.com/torvalds/linux,245801273300799,1 3894,CWE-122,"update_topline(void) { long line_count; int halfheight; int n; linenr_T old_topline; #ifdef FEAT_DIFF int old_topfill; #endif #ifdef FEAT_FOLDING linenr_T lnum; #endif int check_topline = FALSE; int check_botline = FALSE; long *so_ptr = curwin->w_p_so >= 0 ? &curwin->w_p_so : &p_so; int save_so = *so_ptr; if (!screen_valid(TRUE) || curwin->w_height == 0) { check_cursor_lnum(); curwin->w_topline = curwin->w_cursor.lnum; curwin->w_botline = curwin->w_topline; curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP; curwin->w_scbind_pos = 1; return; } check_cursor_moved(curwin); if (curwin->w_valid & VALID_TOPLINE) return; if (mouse_dragging > 0) *so_ptr = mouse_dragging - 1; old_topline = curwin->w_topline; #ifdef FEAT_DIFF old_topfill = curwin->w_topfill; #endif if (BUFEMPTY()) { if (curwin->w_topline != 1) redraw_later(NOT_VALID); curwin->w_topline = 1; curwin->w_botline = 2; curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP; curwin->w_scbind_pos = 1; } else { if (curwin->w_topline > 1) { if (curwin->w_cursor.lnum < curwin->w_topline) check_topline = TRUE; else if (check_top_offset()) check_topline = TRUE; } #ifdef FEAT_DIFF if (!check_topline && curwin->w_topfill > diff_check_fill(curwin, curwin->w_topline)) check_topline = TRUE; #endif if (check_topline) { halfheight = curwin->w_height / 2 - 1; if (halfheight < 2) halfheight = 2; #ifdef FEAT_FOLDING if (hasAnyFolding(curwin)) { n = 0; for (lnum = curwin->w_cursor.lnum; lnum < curwin->w_topline + *so_ptr; ++lnum) { ++n; if (lnum >= curbuf->b_ml.ml_line_count || n >= halfheight) break; (void)hasFolding(lnum, NULL, &lnum); } } else #endif n = curwin->w_topline + *so_ptr - curwin->w_cursor.lnum; if (n >= halfheight) scroll_cursor_halfway(FALSE); else { scroll_cursor_top(scrolljump_value(), FALSE); check_botline = TRUE; } } else { #ifdef FEAT_FOLDING (void)hasFolding(curwin->w_topline, &curwin->w_topline, NULL); #endif check_botline = TRUE; } } if (check_botline) { if (!(curwin->w_valid & VALID_BOTLINE_AP)) validate_botline(); if (curwin->w_botline <= curbuf->b_ml.ml_line_count) { if (curwin->w_cursor.lnum < curwin->w_botline) { if (((long)curwin->w_cursor.lnum >= (long)curwin->w_botline - *so_ptr #ifdef FEAT_FOLDING || hasAnyFolding(curwin) #endif )) { lineoff_T loff; n = curwin->w_empty_rows; loff.lnum = curwin->w_cursor.lnum; #ifdef FEAT_FOLDING (void)hasFolding(loff.lnum, NULL, &loff.lnum); #endif #ifdef FEAT_DIFF loff.fill = 0; n += curwin->w_filler_rows; #endif loff.height = 0; while (loff.lnum < curwin->w_botline #ifdef FEAT_DIFF && (loff.lnum + 1 < curwin->w_botline || loff.fill == 0) #endif ) { n += loff.height; if (n >= *so_ptr) break; botline_forw(&loff); } if (n >= *so_ptr) check_botline = FALSE; } else check_botline = FALSE; } if (check_botline) { #ifdef FEAT_FOLDING if (hasAnyFolding(curwin)) { line_count = 0; for (lnum = curwin->w_cursor.lnum; lnum >= curwin->w_botline - *so_ptr; --lnum) { ++line_count; if (lnum <= 0 || line_count > curwin->w_height + 1) break; (void)hasFolding(lnum, &lnum, NULL); } } else #endif line_count = curwin->w_cursor.lnum - curwin->w_botline + 1 + *so_ptr; if (line_count <= curwin->w_height + 1) scroll_cursor_bot(scrolljump_value(), FALSE); else scroll_cursor_halfway(FALSE); } } } curwin->w_valid |= VALID_TOPLINE; if (curwin->w_topline != old_topline #ifdef FEAT_DIFF || curwin->w_topfill != old_topfill #endif ) { dollar_vcol = -1; if (curwin->w_skipcol != 0) { curwin->w_skipcol = 0; redraw_later(NOT_VALID); } else redraw_later(VALID); if (curwin->w_cursor.lnum == curwin->w_topline) validate_cursor(); } *so_ptr = save_so; }",visit repo url,src/move.c,https://github.com/vim/vim,278835158301644,1 4876,CWE-119,"const char * util_acl_to_str(const sc_acl_entry_t *e) { static char line[80], buf[20]; unsigned int acl; if (e == NULL) return ""N/A""; line[0] = 0; while (e != NULL) { acl = e->method; switch (acl) { case SC_AC_UNKNOWN: return ""N/A""; case SC_AC_NEVER: return ""NEVR""; case SC_AC_NONE: return ""NONE""; case SC_AC_CHV: strcpy(buf, ""CHV""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""%d"", e->key_ref); break; case SC_AC_TERM: strcpy(buf, ""TERM""); break; case SC_AC_PRO: strcpy(buf, ""PROT""); break; case SC_AC_AUT: strcpy(buf, ""AUTH""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 4, ""%d"", e->key_ref); break; case SC_AC_SEN: strcpy(buf, ""Sec.Env. ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; case SC_AC_SCB: strcpy(buf, ""Sec.ControlByte ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""Ox%X"", e->key_ref); break; case SC_AC_IDA: strcpy(buf, ""PKCS#15 AuthID ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; default: strcpy(buf, ""????""); break; } strcat(line, buf); strcat(line, "" ""); e = e->next; } line[strlen(line)-1] = 0; return line; }",visit repo url,src/tools/util.c,https://github.com/OpenSC/OpenSC,34728816745796,1 2089,CWE-200,"unsigned paravirt_patch_call(void *insnbuf, const void *target, u16 tgt_clobbers, unsigned long addr, u16 site_clobbers, unsigned len) { struct branch *b = insnbuf; unsigned long delta = (unsigned long)target - (addr+5); if (tgt_clobbers & ~site_clobbers) return len; if (len < 5) return len; b->opcode = 0xe8; b->delta = delta; BUILD_BUG_ON(sizeof(*b) != 5); return 5; }",visit repo url,arch/x86/kernel/paravirt.c,https://github.com/torvalds/linux,118191506481120,1 1093,['CWE-399'],"static int ia32_setup_sigcontext(struct sigcontext_ia32 __user *sc, struct _fpstate_ia32 __user *fpstate, struct pt_regs *regs, unsigned int mask) { int tmp, err = 0; tmp = 0; __asm__(""movl %%gs,%0"" : ""=r""(tmp): ""0""(tmp)); err |= __put_user(tmp, (unsigned int __user *)&sc->gs); __asm__(""movl %%fs,%0"" : ""=r""(tmp): ""0""(tmp)); err |= __put_user(tmp, (unsigned int __user *)&sc->fs); __asm__(""movl %%ds,%0"" : ""=r""(tmp): ""0""(tmp)); err |= __put_user(tmp, (unsigned int __user *)&sc->ds); __asm__(""movl %%es,%0"" : ""=r""(tmp): ""0""(tmp)); err |= __put_user(tmp, (unsigned int __user *)&sc->es); err |= __put_user((u32)regs->di, &sc->di); err |= __put_user((u32)regs->si, &sc->si); err |= __put_user((u32)regs->bp, &sc->bp); err |= __put_user((u32)regs->sp, &sc->sp); err |= __put_user((u32)regs->bx, &sc->bx); err |= __put_user((u32)regs->dx, &sc->dx); err |= __put_user((u32)regs->cx, &sc->cx); err |= __put_user((u32)regs->ax, &sc->ax); err |= __put_user((u32)regs->cs, &sc->cs); err |= __put_user((u32)regs->ss, &sc->ss); err |= __put_user(current->thread.trap_no, &sc->trapno); err |= __put_user(current->thread.error_code, &sc->err); err |= __put_user((u32)regs->ip, &sc->ip); err |= __put_user((u32)regs->flags, &sc->flags); err |= __put_user((u32)regs->sp, &sc->sp_at_signal); tmp = save_i387_ia32(fpstate); if (tmp < 0) err = -EFAULT; else { clear_used_math(); stts(); err |= __put_user(ptr_to_compat(tmp ? fpstate : NULL), &sc->fpstate); } err |= __put_user(mask, &sc->oldmask); err |= __put_user(current->thread.cr2, &sc->cr2); return err; }",linux-2.6,,,56510713223428385988351065669972284279,0 3490,['CWE-20'],"__u32 sctp_generate_tsn(const struct sctp_endpoint *ep) { __u32 retval; get_random_bytes(&retval, sizeof(__u32)); return retval; }",linux-2.6,,,257064724526174688555266121954751555043,0 6132,['CWE-200'],"static void cleanup_a(struct tc_action *act) { struct tc_action *a; for (a = act; a; a = act) { act = a->next; kfree(a); } }",linux-2.6,,,171037580201919334506698643581914354154,0 6409,CWE-20,"void ksz8851EventHandler(NetInterface *interface) { uint16_t status; uint_t frameCount; status = ksz8851ReadReg(interface, KSZ8851_REG_ISR); if((status & ISR_LCIS) != 0) { ksz8851WriteReg(interface, KSZ8851_REG_ISR, ISR_LCIS); status = ksz8851ReadReg(interface, KSZ8851_REG_P1SR); if((status & P1SR_LINK_GOOD) != 0) { if((status & P1SR_OPERATION_SPEED) != 0) { interface->linkSpeed = NIC_LINK_SPEED_100MBPS; } else { interface->linkSpeed = NIC_LINK_SPEED_10MBPS; } if((status & P1SR_OPERATION_DUPLEX) != 0) { interface->duplexMode = NIC_FULL_DUPLEX_MODE; } else { interface->duplexMode = NIC_HALF_DUPLEX_MODE; } interface->linkState = TRUE; } else { interface->linkState = FALSE; } nicNotifyLinkChange(interface); } if((status & ISR_RXIS) != 0) { ksz8851WriteReg(interface, KSZ8851_REG_ISR, ISR_RXIS); frameCount = MSB(ksz8851ReadReg(interface, KSZ8851_REG_RXFCTR)); while(frameCount > 0) { ksz8851ReceivePacket(interface); frameCount--; } } ksz8851SetBit(interface, KSZ8851_REG_IER, IER_LCIE | IER_RXIE); }",visit repo url,drivers/eth/ksz8851_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,193613719450540,1 3874,['CWE-119'],"int lbs_scan_networks(struct lbs_private *priv, int full_scan) { int ret = -ENOMEM; struct chanscanparamset *chan_list; struct chanscanparamset *curr_chans; int chan_count; uint8_t bsstype = CMD_BSS_TYPE_ANY; int numchannels = MRVDRV_CHANNELS_PER_SCAN_CMD; union iwreq_data wrqu; #ifdef CONFIG_LIBERTAS_DEBUG struct bss_descriptor *iter; int i = 0; DECLARE_MAC_BUF(mac); #endif lbs_deb_enter_args(LBS_DEB_SCAN, ""full_scan %d"", full_scan); if (full_scan && delayed_work_pending(&priv->scan_work)) cancel_delayed_work(&priv->scan_work); lbs_deb_scan(""numchannels %d, bsstype %d\n"", numchannels, bsstype); chan_list = kzalloc(sizeof(struct chanscanparamset) * LBS_IOCTL_USER_SCAN_CHAN_MAX, GFP_KERNEL); if (!chan_list) { lbs_pr_alert(""SCAN: chan_list empty\n""); goto out; } chan_count = lbs_scan_create_channel_list(priv, chan_list); netif_stop_queue(priv->dev); netif_carrier_off(priv->dev); if (priv->mesh_dev) { netif_stop_queue(priv->mesh_dev); netif_carrier_off(priv->mesh_dev); } lbs_deb_scan(""chan_count %d, scan_channel %d\n"", chan_count, priv->scan_channel); curr_chans = chan_list; if (priv->scan_channel > 0) { curr_chans += priv->scan_channel; chan_count -= priv->scan_channel; } while (chan_count) { int to_scan = min(numchannels, chan_count); lbs_deb_scan(""scanning %d of %d channels\n"", to_scan, chan_count); ret = lbs_do_scan(priv, bsstype, curr_chans, to_scan); if (ret) { lbs_pr_err(""SCAN_CMD failed\n""); goto out2; } curr_chans += to_scan; chan_count -= to_scan; if (chan_count && !full_scan && !priv->surpriseremoved) { if (priv->scan_channel < 0) priv->scan_channel = to_scan; else priv->scan_channel += to_scan; cancel_delayed_work(&priv->scan_work); queue_delayed_work(priv->work_thread, &priv->scan_work, msecs_to_jiffies(300)); goto out; } } memset(&wrqu, 0, sizeof(union iwreq_data)); wireless_send_event(priv->dev, SIOCGIWSCAN, &wrqu, NULL); #ifdef CONFIG_LIBERTAS_DEBUG mutex_lock(&priv->lock); lbs_deb_scan(""scan table:\n""); list_for_each_entry(iter, &priv->network_list, list) lbs_deb_scan(""%02d: BSSID %s, RSSI %d, SSID '%s'\n"", i++, print_mac(mac, iter->bssid), iter->rssi, escape_essid(iter->ssid, iter->ssid_len)); mutex_unlock(&priv->lock); #endif out2: priv->scan_channel = 0; out: if (priv->connect_status == LBS_CONNECTED) { netif_carrier_on(priv->dev); if (!priv->tx_pending_len) netif_wake_queue(priv->dev); } if (priv->mesh_dev && (priv->mesh_connect_status == LBS_CONNECTED)) { netif_carrier_on(priv->mesh_dev); if (!priv->tx_pending_len) netif_wake_queue(priv->mesh_dev); } kfree(chan_list); lbs_deb_leave_args(LBS_DEB_SCAN, ""ret %d"", ret); return ret; }",linux-2.6,,,299360305394576058932385360592230332808,0 4402,['CWE-264'],"int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) { int rc = NET_RX_SUCCESS; if (sk_filter(sk, skb)) goto discard_and_relse; skb->dev = NULL; if (nested) bh_lock_sock_nested(sk); else bh_lock_sock(sk); if (!sock_owned_by_user(sk)) { mutex_acquire(&sk->sk_lock.dep_map, 0, 1, _RET_IP_); rc = sk_backlog_rcv(sk, skb); mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_); } else sk_add_backlog(sk, skb); bh_unlock_sock(sk); out: sock_put(sk); return rc; discard_and_relse: kfree_skb(skb); goto out; }",linux-2.6,,,189979939038370927722877053091763043475,0 563,[],"void make_bad_inode(struct inode *inode) { remove_inode_hash(inode); inode->i_mode = S_IFREG; inode->i_atime = inode->i_mtime = inode->i_ctime = current_fs_time(inode->i_sb); inode->i_op = &bad_inode_ops; inode->i_fop = &bad_file_ops; }",linux-2.6,,,84266110321029955369901885654199995143,0 702,[],"int jpc_validate(jas_stream_t *in) { int n; int i; unsigned char buf[2]; assert(JAS_STREAM_MAXPUTBACK >= 2); if ((n = jas_stream_read(in, (char *) buf, 2)) < 0) { return -1; } for (i = n - 1; i >= 0; --i) { if (jas_stream_ungetc(in, buf[i]) == EOF) { return -1; } } if (n < 2) { return -1; } if (buf[0] == (JPC_MS_SOC >> 8) && buf[1] == (JPC_MS_SOC & 0xff)) { return 0; } return -1; }",jasper,,,290728129945981211797057279251199715857,0 4609,['CWE-399'],"static void ext4_free_data(handle_t *handle, struct inode *inode, struct buffer_head *this_bh, __le32 *first, __le32 *last) { ext4_fsblk_t block_to_free = 0; unsigned long count = 0; __le32 *block_to_free_p = NULL; ext4_fsblk_t nr; __le32 *p; int err; if (this_bh) { BUFFER_TRACE(this_bh, ""get_write_access""); err = ext4_journal_get_write_access(handle, this_bh); if (err) return; } for (p = first; p < last; p++) { nr = le32_to_cpu(*p); if (nr) { if (count == 0) { block_to_free = nr; block_to_free_p = p; count = 1; } else if (nr == block_to_free + count) { count++; } else { ext4_clear_blocks(handle, inode, this_bh, block_to_free, count, block_to_free_p, p); block_to_free = nr; block_to_free_p = p; count = 1; } } } if (count > 0) ext4_clear_blocks(handle, inode, this_bh, block_to_free, count, block_to_free_p, p); if (this_bh) { BUFFER_TRACE(this_bh, ""call ext4_handle_dirty_metadata""); if (bh2jh(this_bh)) ext4_handle_dirty_metadata(handle, inode, this_bh); else ext4_error(inode->i_sb, __func__, ""circular indirect block detected, "" ""inode=%lu, block=%llu"", inode->i_ino, (unsigned long long) this_bh->b_blocknr); } }",linux-2.6,,,196477698158448433642691659622087428373,0 1205,CWE-400,"asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write, unsigned long address) { struct vm_area_struct *vma; struct task_struct *tsk = current; struct mm_struct *mm = tsk->mm; unsigned int fixup; unsigned long g2; int from_user = !(regs->psr & PSR_PS); int fault, code; if(text_fault) address = regs->pc; code = SEGV_MAPERR; if (!ARCH_SUN4C && address >= TASK_SIZE) goto vmalloc_fault; if (in_atomic() || !mm) goto no_context; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, 0, regs, address); down_read(&mm->mmap_sem); if(!from_user && address >= PAGE_OFFSET) goto bad_area; vma = find_vma(mm, address); if(!vma) goto bad_area; if(vma->vm_start <= address) goto good_area; if(!(vma->vm_flags & VM_GROWSDOWN)) goto bad_area; if(expand_stack(vma, address)) goto bad_area; good_area: code = SEGV_ACCERR; if(write) { if(!(vma->vm_flags & VM_WRITE)) goto bad_area; } else { if(!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; } fault = handle_mm_fault(mm, vma, address, write ? FAULT_FLAG_WRITE : 0); if (unlikely(fault & VM_FAULT_ERROR)) { if (fault & VM_FAULT_OOM) goto out_of_memory; else if (fault & VM_FAULT_SIGBUS) goto do_sigbus; BUG(); } if (fault & VM_FAULT_MAJOR) { current->maj_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, 0, regs, address); } else { current->min_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, 0, regs, address); } up_read(&mm->mmap_sem); return; bad_area: up_read(&mm->mmap_sem); bad_area_nosemaphore: if (from_user) { do_fault_siginfo(code, SIGSEGV, regs, text_fault); return; } no_context: g2 = regs->u_regs[UREG_G2]; if (!from_user) { fixup = search_extables_range(regs->pc, &g2); if (fixup > 10) { extern const unsigned __memset_start[]; extern const unsigned __memset_end[]; extern const unsigned __csum_partial_copy_start[]; extern const unsigned __csum_partial_copy_end[]; #ifdef DEBUG_EXCEPTIONS printk(""Exception: PC<%08lx> faddr<%08lx>\n"", regs->pc, address); printk(""EX_TABLE: insn<%08lx> fixup<%08x> g2<%08lx>\n"", regs->pc, fixup, g2); #endif if ((regs->pc >= (unsigned long)__memset_start && regs->pc < (unsigned long)__memset_end) || (regs->pc >= (unsigned long)__csum_partial_copy_start && regs->pc < (unsigned long)__csum_partial_copy_end)) { regs->u_regs[UREG_I4] = address; regs->u_regs[UREG_I5] = regs->pc; } regs->u_regs[UREG_G2] = g2; regs->pc = fixup; regs->npc = regs->pc + 4; return; } } unhandled_fault (address, tsk, regs); do_exit(SIGKILL); out_of_memory: up_read(&mm->mmap_sem); if (from_user) { pagefault_out_of_memory(); return; } goto no_context; do_sigbus: up_read(&mm->mmap_sem); do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, text_fault); if (!from_user) goto no_context; vmalloc_fault: { int offset = pgd_index(address); pgd_t *pgd, *pgd_k; pmd_t *pmd, *pmd_k; pgd = tsk->active_mm->pgd + offset; pgd_k = init_mm.pgd + offset; if (!pgd_present(*pgd)) { if (!pgd_present(*pgd_k)) goto bad_area_nosemaphore; pgd_val(*pgd) = pgd_val(*pgd_k); return; } pmd = pmd_offset(pgd, address); pmd_k = pmd_offset(pgd_k, address); if (pmd_present(*pmd) || !pmd_present(*pmd_k)) goto bad_area_nosemaphore; *pmd = *pmd_k; return; } }",visit repo url,arch/sparc/mm/fault_32.c,https://github.com/torvalds/linux,254403016809237,1 5037,[],"static void child_process_request(struct winbindd_domain *domain, struct winbindd_cli_state *state) { struct winbindd_child_dispatch_table *table; state->response.result = WINBINDD_ERROR; state->response.length = sizeof(struct winbindd_response); state->mem_ctx = talloc_init(""winbind request""); if (state->mem_ctx == NULL) return; for (table = child_dispatch_table; table->fn; table++) { if (state->request.cmd == table->cmd) { DEBUG(10,(""process_request: request fn %s\n"", table->winbindd_cmd_name )); state->response.result = table->fn(domain, state); break; } } if (!table->fn) { DEBUG(10,(""process_request: unknown request fn number %d\n"", (int)state->request.cmd )); state->response.result = WINBINDD_ERROR; } talloc_destroy(state->mem_ctx); }",samba,,,34615651045950634698941212619131715364,0 1962,CWE-401,"mlx5_fw_fatal_reporter_dump(struct devlink_health_reporter *reporter, struct devlink_fmsg *fmsg, void *priv_ctx) { struct mlx5_core_dev *dev = devlink_health_reporter_priv(reporter); u32 crdump_size = dev->priv.health.crdump_size; u32 *cr_data; u32 data_size; u32 offset; int err; if (!mlx5_core_is_pf(dev)) return -EPERM; cr_data = kvmalloc(crdump_size, GFP_KERNEL); if (!cr_data) return -ENOMEM; err = mlx5_crdump_collect(dev, cr_data); if (err) return err; if (priv_ctx) { struct mlx5_fw_reporter_ctx *fw_reporter_ctx = priv_ctx; err = mlx5_fw_reporter_ctx_pairs_put(fmsg, fw_reporter_ctx); if (err) goto free_data; } err = devlink_fmsg_arr_pair_nest_start(fmsg, ""crdump_data""); if (err) goto free_data; for (offset = 0; offset < crdump_size; offset += data_size) { if (crdump_size - offset < MLX5_CR_DUMP_CHUNK_SIZE) data_size = crdump_size - offset; else data_size = MLX5_CR_DUMP_CHUNK_SIZE; err = devlink_fmsg_binary_put(fmsg, (char *)cr_data + offset, data_size); if (err) goto free_data; } err = devlink_fmsg_arr_pair_nest_end(fmsg); free_data: kvfree(cr_data); return err; }",visit repo url,drivers/net/ethernet/mellanox/mlx5/core/health.c,https://github.com/torvalds/linux,158484855177107,1 3943,['CWE-362'],"void audit_prune_trees(void) { mutex_lock(&audit_filter_mutex); while (!list_empty(&prune_list)) { struct audit_tree *victim; victim = list_entry(prune_list.next, struct audit_tree, list); list_del_init(&victim->list); mutex_unlock(&audit_filter_mutex); prune_one(victim); mutex_lock(&audit_filter_mutex); } mutex_unlock(&audit_filter_mutex); }",linux-2.6,,,45432099864632190229502933693000029250,0 6256,CWE-190,"static int rand_add(uint8_t *state, uint8_t *hash, int size) { int carry = 0; for (int i = size - 1; i >= 0; i--) { int16_t s; s = (state[i] + hash[i] + carry); state[i] = s & 0xFF; carry = s >> 8; } return carry; }",visit repo url,src/rand/relic_rand_hashd.c,https://github.com/relic-toolkit/relic,248951715764493,1 3456,['CWE-20'],"sctp_disposition_t sctp_sf_error_closed(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR, SCTP_ERROR(-EINVAL)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,318430313302405129691176282351741169345,0 5863,['CWE-200'],"static __init int raw_module_init(void) { int err; printk(banner); err = can_proto_register(&raw_can_proto); if (err < 0) printk(KERN_ERR ""can: registration of raw protocol failed\n""); return err; }",linux-2.6,,,207362989474710709267682047642051877115,0 1936,['CWE-20'],"int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write) { struct mm_struct *mm; struct vm_area_struct *vma; struct page *page; void *old_buf = buf; mm = get_task_mm(tsk); if (!mm) return 0; down_read(&mm->mmap_sem); while (len) { int bytes, ret, offset; void *maddr; ret = get_user_pages(tsk, mm, addr, 1, write, 1, &page, &vma); if (ret <= 0) break; bytes = len; offset = addr & (PAGE_SIZE-1); if (bytes > PAGE_SIZE-offset) bytes = PAGE_SIZE-offset; maddr = kmap(page); if (write) { copy_to_user_page(vma, page, addr, maddr + offset, buf, bytes); set_page_dirty_lock(page); } else { copy_from_user_page(vma, page, addr, buf, maddr + offset, bytes); } kunmap(page); page_cache_release(page); len -= bytes; buf += bytes; addr += bytes; } up_read(&mm->mmap_sem); mmput(mm); return buf - old_buf; }",linux-2.6,,,131156642593943189855714917752771838986,0 564,[],"static ssize_t bad_inode_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size) { return -EIO; }",linux-2.6,,,184992862174862525530334706909801568494,0 6478,CWE-125,"static void get_over(struct SYMBOL *s) { struct VOICE_S *p_voice, *p_voice2, *p_voice3; int range, voice, voice2, voice3; static char tx_wrong_dur[] = ""Wrong duration in voice overlay""; static char txt_no_note[] = ""No note in voice overlay""; p_voice = curvoice; if (p_voice->ignore) return; if (s->abc_type == ABC_T_BAR || s->u.v_over.type == V_OVER_E) { if (!p_voice->last_sym) { error(1, s, txt_no_note); return; } p_voice->last_sym->sflags |= S_BEAM_END; over_bar = 0; if (over_time < 0) { error(1, s, ""Erroneous end of voice overlap""); return; } if (p_voice->time != over_mxtime) error(1, s, tx_wrong_dur); curvoice = &voice_tb[over_voice]; over_mxtime = 0; over_voice = -1; over_time = -1; return; } if (s->u.v_over.type == V_OVER_S) { over_voice = p_voice - voice_tb; over_time = p_voice->time; return; } if (!p_voice->last_sym) { error(1, s, txt_no_note); return; } p_voice->last_sym->sflags |= S_BEAM_END; voice2 = s->u.v_over.voice; p_voice2 = &voice_tb[voice2]; if (parsys->voice[voice2].range < 0) { int clone; if (cfmt.abc2pscompat) { error(1, s, ""Cannot have %%%%abc2pscompat""); cfmt.abc2pscompat = 0; } clone = p_voice->clone >= 0; p_voice2->id[0] = '&'; p_voice2->id[1] = '\0'; p_voice2->second = 1; parsys->voice[voice2].second = 1; p_voice2->scale = p_voice->scale; p_voice2->octave = p_voice->octave; p_voice2->transpose = p_voice->transpose; memcpy(&p_voice2->key, &p_voice->key, sizeof p_voice2->key); memcpy(&p_voice2->ckey, &p_voice->ckey, sizeof p_voice2->ckey); memcpy(&p_voice2->okey, &p_voice->okey, sizeof p_voice2->okey); p_voice2->posit = p_voice->posit; p_voice2->staff = p_voice->staff; p_voice2->cstaff = p_voice->cstaff; p_voice2->color = p_voice->color; p_voice2->map_name = p_voice->map_name; range = parsys->voice[p_voice - voice_tb].range; for (voice = 0; voice < MAXVOICE; voice++) { if (parsys->voice[voice].range > range) parsys->voice[voice].range += clone + 1; } parsys->voice[voice2].range = range + 1; voice_link(p_voice2); if (clone) { for (voice3 = MAXVOICE; --voice3 >= 0; ) { if (parsys->voice[voice3].range < 0) break; } if (voice3 > 0) { p_voice3 = &voice_tb[voice3]; strcpy(p_voice3->id, p_voice2->id); p_voice3->second = 1; parsys->voice[voice3].second = 1; p_voice3->scale = voice_tb[p_voice->clone].scale; parsys->voice[voice3].range = range + 2; voice_link(p_voice3); p_voice2->clone = voice3; } else { error(1, s, ""Too many voices for overlay cloning""); } } } voice = p_voice - voice_tb; if (over_time < 0) { int time; over_bar = 1; over_mxtime = p_voice->time; over_voice = voice; time = p_voice2->time; for (s = p_voice->last_sym; ; s = s->prev) { if (s->type == BAR || s->time <= time) break; } over_time = s->time; } else { if (over_mxtime == 0) over_mxtime = p_voice->time; else if (p_voice->time != over_mxtime) error(1, s, tx_wrong_dur); } p_voice2->time = over_time; curvoice = p_voice2; }",visit repo url,parse.c,https://github.com/leesavide/abcm2ps,8760503527162,1 5413,CWE-125,"internalEntityProcessor(XML_Parser parser, const char *s, const char *end, const char **nextPtr) { ENTITY *entity; const char *textStart, *textEnd; const char *next; enum XML_Error result; OPEN_INTERNAL_ENTITY *openEntity = parser->m_openInternalEntities; if (! openEntity) return XML_ERROR_UNEXPECTED_STATE; entity = openEntity->entity; textStart = ((char *)entity->textPtr) + entity->processed; textEnd = (char *)(entity->textPtr + entity->textLen); next = textStart; #ifdef XML_DTD if (entity->is_param) { int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok, next, &next, XML_FALSE); } else #endif result = doContent(parser, openEntity->startTagLevel, parser->m_internalEncoding, textStart, textEnd, &next, XML_FALSE); if (result != XML_ERROR_NONE) return result; else if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { entity->processed = (int)(next - (char *)entity->textPtr); return result; } else { entity->open = XML_FALSE; parser->m_openInternalEntities = openEntity->next; openEntity->next = parser->m_freeInternalEntities; parser->m_freeInternalEntities = openEntity; } #ifdef XML_DTD if (entity->is_param) { int tok; parser->m_processor = prologProcessor; tok = XmlPrologTok(parser->m_encoding, s, end, &next); return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, (XML_Bool)! parser->m_parsingStatus.finalBuffer); } else #endif { parser->m_processor = contentProcessor; return doContent(parser, parser->m_parentParser ? 1 : 0, parser->m_encoding, s, end, nextPtr, (XML_Bool)! parser->m_parsingStatus.finalBuffer); } }",visit repo url,expat/lib/xmlparse.c,https://github.com/libexpat/libexpat,141365871739167,1 6517,['CWE-20'],"static void *decode_register(u8 modrm_reg, unsigned long *regs, int highbyte_regs) { void *p; p = ®s[modrm_reg]; if (highbyte_regs && modrm_reg >= 4 && modrm_reg < 8) p = (unsigned char *)®s[modrm_reg & 3] + 1; return p; }",kvm,,,331779471922672423173089338468390217439,0 3515,['CWE-20'],"sctp_disposition_t sctp_sf_violation(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); return SCTP_DISPOSITION_VIOLATION; }",linux-2.6,,,262141209358895704012588330938547437508,0 2946,CWE-59,"static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs, const char *lxcpath) { int ret; size_t clen; char *path; INFO(""Mounting container /dev""); clen = (rootfs->path ? strlen(rootfs->mount) : 0) + 9; path = alloca(clen); ret = snprintf(path, clen, ""%s/dev"", rootfs->path ? rootfs->mount : """"); if (ret < 0 || ret >= clen) return -1; if (!dir_exists(path)) { WARN(""No /dev in container.""); WARN(""Proceeding without autodev setup""); return 0; } if (mount(""none"", path, ""tmpfs"", 0, ""size=100000,mode=755"")) { SYSERROR(""Failed mounting tmpfs onto %s\n"", path); return false; } INFO(""Mounted tmpfs onto %s"", path); ret = snprintf(path, clen, ""%s/dev/pts"", rootfs->path ? rootfs->mount : """"); if (ret < 0 || ret >= clen) return -1; if (!dir_exists(path)) { ret = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); if (ret) { SYSERROR(""Failed to create /dev/pts in container""); return -1; } } INFO(""Mounted container /dev""); return 0; }",visit repo url,src/lxc/conf.c,https://github.com/lxc/lxc,256825096495326,1 439,[],"pfm_read_soft_counter(pfm_context_t *ctx, int i) { return ctx->ctx_pmds[i].val + (ia64_get_pmd(i) & pmu_conf->ovfl_val); }",linux-2.6,,,180904559416822468686440382141540961121,0 2359,CWE-617,"static enum AVPixelFormat h263_get_format(AVCodecContext *avctx) { if (avctx->bits_per_raw_sample > 8) { av_assert1(avctx->profile == FF_PROFILE_MPEG4_SIMPLE_STUDIO); return avctx->pix_fmt; } if (avctx->codec->id == AV_CODEC_ID_MSS2) return AV_PIX_FMT_YUV420P; if (CONFIG_GRAY && (avctx->flags & AV_CODEC_FLAG_GRAY)) { if (avctx->color_range == AVCOL_RANGE_UNSPECIFIED) avctx->color_range = AVCOL_RANGE_MPEG; return AV_PIX_FMT_GRAY8; } return avctx->pix_fmt = ff_get_format(avctx, avctx->codec->pix_fmts); }",visit repo url,libavcodec/h263dec.c,https://github.com/FFmpeg/FFmpeg,215164181710640,1 3440,['CWE-264'],"static long do_splice_to(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { loff_t isize, left; int ret; if (unlikely(!in->f_op || !in->f_op->splice_read)) return -EINVAL; if (unlikely(!(in->f_mode & FMODE_READ))) return -EBADF; ret = rw_verify_area(READ, in, ppos, len); if (unlikely(ret < 0)) return ret; isize = i_size_read(in->f_mapping->host); if (unlikely(*ppos >= isize)) return 0; left = isize - *ppos; if (unlikely(left < len)) len = left; return in->f_op->splice_read(in, ppos, pipe, len, flags); }",linux-2.6,,,36898350492245404937415504808517430507,0 4454,['CWE-264'],"static int sock_bindtodevice(struct sock *sk, char __user *optval, int optlen) { int ret = -ENOPROTOOPT; #ifdef CONFIG_NETDEVICES struct net *net = sock_net(sk); char devname[IFNAMSIZ]; int index; ret = -EPERM; if (!capable(CAP_NET_RAW)) goto out; ret = -EINVAL; if (optlen < 0) goto out; if (optlen > IFNAMSIZ - 1) optlen = IFNAMSIZ - 1; memset(devname, 0, sizeof(devname)); ret = -EFAULT; if (copy_from_user(devname, optval, optlen)) goto out; if (devname[0] == '\0') { index = 0; } else { struct net_device *dev = dev_get_by_name(net, devname); ret = -ENODEV; if (!dev) goto out; index = dev->ifindex; dev_put(dev); } lock_sock(sk); sk->sk_bound_dev_if = index; sk_dst_reset(sk); release_sock(sk); ret = 0; out: #endif return ret; }",linux-2.6,,,328315812294226459170699318033373916299,0 6733,CWE-787,"static int ntlm_decode_u16l_str_hdr(struct ntlm_ctx *ctx, struct wire_field_hdr *str_hdr, struct ntlm_buffer *buffer, size_t payload_offs, char **str) { char *in, *out = NULL; uint16_t str_len; uint32_t str_offs; size_t outlen; int ret = 0; str_len = le16toh(str_hdr->len); if (str_len == 0) goto done; str_offs = le32toh(str_hdr->offset); if ((str_offs < payload_offs) || (str_offs > buffer->length) || (UINT32_MAX - str_offs < str_len) || (str_offs + str_len > buffer->length)) { return ERR_DECODE; } in = (char *)&buffer->data[str_offs]; out = malloc(str_len * 2 + 1); if (!out) return ENOMEM; ret = ntlm_str_convert(ctx->to_oem, in, out, str_len, &outlen); out[outlen] = '\0'; done: if (ret) { safefree(out); } *str = out; return ret; }",visit repo url,src/ntlm.c,https://github.com/gssapi/gss-ntlmssp,21054805530107,1 2193,CWE-908,"static int ext4_ext_grow_indepth(handle_t *handle, struct inode *inode, unsigned int flags) { struct ext4_extent_header *neh; struct buffer_head *bh; ext4_fsblk_t newblock, goal = 0; struct ext4_super_block *es = EXT4_SB(inode->i_sb)->s_es; int err = 0; if (ext_depth(inode)) goal = ext4_idx_pblock(EXT_FIRST_INDEX(ext_inode_hdr(inode))); if (goal > le32_to_cpu(es->s_first_data_block)) { flags |= EXT4_MB_HINT_TRY_GOAL; goal--; } else goal = ext4_inode_to_goal_block(inode); newblock = ext4_new_meta_blocks(handle, inode, goal, flags, NULL, &err); if (newblock == 0) return err; bh = sb_getblk_gfp(inode->i_sb, newblock, __GFP_MOVABLE | GFP_NOFS); if (unlikely(!bh)) return -ENOMEM; lock_buffer(bh); err = ext4_journal_get_create_access(handle, bh); if (err) { unlock_buffer(bh); goto out; } memmove(bh->b_data, EXT4_I(inode)->i_data, sizeof(EXT4_I(inode)->i_data)); neh = ext_block_hdr(bh); if (ext_depth(inode)) neh->eh_max = cpu_to_le16(ext4_ext_space_block_idx(inode, 0)); else neh->eh_max = cpu_to_le16(ext4_ext_space_block(inode, 0)); neh->eh_magic = EXT4_EXT_MAGIC; ext4_extent_block_csum_set(inode, neh); set_buffer_uptodate(bh); unlock_buffer(bh); err = ext4_handle_dirty_metadata(handle, inode, bh); if (err) goto out; neh = ext_inode_hdr(inode); neh->eh_entries = cpu_to_le16(1); ext4_idx_store_pblock(EXT_FIRST_INDEX(neh), newblock); if (neh->eh_depth == 0) { neh->eh_max = cpu_to_le16(ext4_ext_space_root_idx(inode, 0)); EXT_FIRST_INDEX(neh)->ei_block = EXT_FIRST_EXTENT(neh)->ee_block; } ext_debug(""new root: num %d(%d), lblock %d, ptr %llu\n"", le16_to_cpu(neh->eh_entries), le16_to_cpu(neh->eh_max), le32_to_cpu(EXT_FIRST_INDEX(neh)->ei_block), ext4_idx_pblock(EXT_FIRST_INDEX(neh))); le16_add_cpu(&neh->eh_depth, 1); ext4_mark_inode_dirty(handle, inode); out: brelse(bh); return err; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,229343818490404,1 548,CWE-189,"static inline struct sem_array *sem_lock_check(struct ipc_namespace *ns, int id) { struct kern_ipc_perm *ipcp = ipc_lock_check(&sem_ids(ns), id); if (IS_ERR(ipcp)) return ERR_CAST(ipcp); return container_of(ipcp, struct sem_array, sem_perm); }",visit repo url,ipc/sem.c,https://github.com/torvalds/linux,243347075838843,1 3715,CWE-428,"pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp, char ***labelsp, struct pkcs11_provider **providerp, CK_ULONG user) { int nkeys, need_finalize = 0; int ret = -1; struct pkcs11_provider *p = NULL; void *handle = NULL; CK_RV (*getfunctionlist)(CK_FUNCTION_LIST **); CK_RV rv; CK_FUNCTION_LIST *f = NULL; CK_TOKEN_INFO *token; CK_ULONG i; if (providerp == NULL) goto fail; *providerp = NULL; if (keyp != NULL) *keyp = NULL; if (labelsp != NULL) *labelsp = NULL; if (pkcs11_provider_lookup(provider_id) != NULL) { debug_f(""provider already registered: %s"", provider_id); goto fail; } if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) { error(""dlopen %s failed: %s"", provider_id, dlerror()); goto fail; } if ((getfunctionlist = dlsym(handle, ""C_GetFunctionList"")) == NULL) { error(""dlsym(C_GetFunctionList) failed: %s"", dlerror()); goto fail; } p = xcalloc(1, sizeof(*p)); p->name = xstrdup(provider_id); p->handle = handle; if ((rv = (*getfunctionlist)(&f)) != CKR_OK) { error(""C_GetFunctionList for provider %s failed: %lu"", provider_id, rv); goto fail; } p->function_list = f; if ((rv = f->C_Initialize(NULL)) != CKR_OK) { error(""C_Initialize for provider %s failed: %lu"", provider_id, rv); goto fail; } need_finalize = 1; if ((rv = f->C_GetInfo(&p->info)) != CKR_OK) { error(""C_GetInfo for provider %s failed: %lu"", provider_id, rv); goto fail; } rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID)); rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription)); debug(""provider %s: manufacturerID <%s> cryptokiVersion %d.%d"" "" libraryDescription <%s> libraryVersion %d.%d"", provider_id, p->info.manufacturerID, p->info.cryptokiVersion.major, p->info.cryptokiVersion.minor, p->info.libraryDescription, p->info.libraryVersion.major, p->info.libraryVersion.minor); if ((rv = f->C_GetSlotList(CK_TRUE, NULL, &p->nslots)) != CKR_OK) { error(""C_GetSlotList failed: %lu"", rv); goto fail; } if (p->nslots == 0) { debug_f(""provider %s returned no slots"", provider_id); ret = -SSH_PKCS11_ERR_NO_SLOTS; goto fail; } p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID)); if ((rv = f->C_GetSlotList(CK_TRUE, p->slotlist, &p->nslots)) != CKR_OK) { error(""C_GetSlotList for provider %s failed: %lu"", provider_id, rv); goto fail; } p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo)); p->valid = 1; nkeys = 0; for (i = 0; i < p->nslots; i++) { token = &p->slotinfo[i].token; if ((rv = f->C_GetTokenInfo(p->slotlist[i], token)) != CKR_OK) { error(""C_GetTokenInfo for provider %s slot %lu "" ""failed: %lu"", provider_id, (u_long)i, rv); continue; } if ((token->flags & CKF_TOKEN_INITIALIZED) == 0) { debug2_f(""ignoring uninitialised token in "" ""provider %s slot %lu"", provider_id, (u_long)i); continue; } rmspace(token->label, sizeof(token->label)); rmspace(token->manufacturerID, sizeof(token->manufacturerID)); rmspace(token->model, sizeof(token->model)); rmspace(token->serialNumber, sizeof(token->serialNumber)); debug(""provider %s slot %lu: label <%s> manufacturerID <%s> "" ""model <%s> serial <%s> flags 0x%lx"", provider_id, (unsigned long)i, token->label, token->manufacturerID, token->model, token->serialNumber, token->flags); if ((ret = pkcs11_open_session(p, i, pin, user)) != 0 || keyp == NULL) continue; pkcs11_fetch_keys(p, i, keyp, labelsp, &nkeys); pkcs11_fetch_certs(p, i, keyp, labelsp, &nkeys); if (nkeys == 0 && !p->slotinfo[i].logged_in && pkcs11_interactive) { if (pkcs11_login_slot(p, &p->slotinfo[i], CKU_USER) < 0) { error(""login failed""); continue; } pkcs11_fetch_keys(p, i, keyp, labelsp, &nkeys); pkcs11_fetch_certs(p, i, keyp, labelsp, &nkeys); } } *providerp = p; TAILQ_INSERT_TAIL(&pkcs11_providers, p, next); p->refcount++; return (nkeys); fail: if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) error(""C_Finalize for provider %s failed: %lu"", provider_id, rv); if (p) { free(p->name); free(p->slotlist); free(p->slotinfo); free(p); } if (handle) dlclose(handle); if (ret > 0) ret = -1; return (ret); }",visit repo url,usr.bin/ssh/ssh-pkcs11.c,https://github.com/openbsd/src,140692411394783,1 2335,['CWE-120'],"int vfs_unlink(struct inode *dir, struct dentry *dentry) { int error = may_delete(dir, dentry, 0); if (error) return error; if (!dir->i_op || !dir->i_op->unlink) return -EPERM; DQUOT_INIT(dir); mutex_lock(&dentry->d_inode->i_mutex); if (d_mountpoint(dentry)) error = -EBUSY; else { error = security_inode_unlink(dir, dentry); if (!error) error = dir->i_op->unlink(dir, dentry); } mutex_unlock(&dentry->d_inode->i_mutex); if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) { fsnotify_link_count(dentry->d_inode); d_delete(dentry); } return error; }",linux-2.6,,,269511009714284975460486872003486105699,0 6242,CWE-190,"void md_kdf(uint8_t *key, int key_len, const uint8_t *in, int in_len) { uint32_t i, j, d; uint8_t* buffer = RLC_ALLOCA(uint8_t, in_len + sizeof(uint32_t)); uint8_t* t = RLC_ALLOCA(uint8_t, key_len + RLC_MD_LEN); if (buffer == NULL || t == NULL) { RLC_FREE(buffer); RLC_FREE(t); RLC_THROW(ERR_NO_MEMORY); return; } d = RLC_CEIL(key_len, RLC_MD_LEN); memcpy(buffer, in, in_len); for (i = 1; i <= d; i++) { j = util_conv_big(i); memcpy(buffer + in_len, &j, sizeof(uint32_t)); md_map(t + (i - 1) * RLC_MD_LEN, buffer, in_len + sizeof(uint32_t)); } memcpy(key, t, key_len); RLC_FREE(buffer); RLC_FREE(t); }",visit repo url,src/md/relic_md_kdf.c,https://github.com/relic-toolkit/relic,224651650023811,1 927,CWE-200,"static int ieee80211_fragment(struct ieee80211_tx_data *tx, struct sk_buff *skb, int hdrlen, int frag_threshold) { struct ieee80211_local *local = tx->local; struct ieee80211_tx_info *info; struct sk_buff *tmp; int per_fragm = frag_threshold - hdrlen - FCS_LEN; int pos = hdrlen + per_fragm; int rem = skb->len - hdrlen - per_fragm; if (WARN_ON(rem < 0)) return -EINVAL; while (rem) { int fraglen = per_fragm; if (fraglen > rem) fraglen = rem; rem -= fraglen; tmp = dev_alloc_skb(local->tx_headroom + frag_threshold + tx->sdata->encrypt_headroom + IEEE80211_ENCRYPT_TAILROOM); if (!tmp) return -ENOMEM; __skb_queue_tail(&tx->skbs, tmp); skb_reserve(tmp, local->tx_headroom + tx->sdata->encrypt_headroom); memcpy(tmp->cb, skb->cb, sizeof(tmp->cb)); info = IEEE80211_SKB_CB(tmp); info->flags &= ~(IEEE80211_TX_CTL_CLEAR_PS_FILT | IEEE80211_TX_CTL_FIRST_FRAGMENT); if (rem) info->flags |= IEEE80211_TX_CTL_MORE_FRAMES; skb_copy_queue_mapping(tmp, skb); tmp->priority = skb->priority; tmp->dev = skb->dev; memcpy(skb_put(tmp, hdrlen), skb->data, hdrlen); memcpy(skb_put(tmp, fraglen), skb->data + pos, fraglen); pos += fraglen; } skb->len = hdrlen + per_fragm; return 0; }",visit repo url,net/mac80211/tx.c,https://github.com/torvalds/linux,116687497091488,1 2691,[],"SCTP_STATIC struct sock *sctp_accept(struct sock *sk, int flags, int *err) { struct sctp_sock *sp; struct sctp_endpoint *ep; struct sock *newsk = NULL; struct sctp_association *asoc; long timeo; int error = 0; sctp_lock_sock(sk); sp = sctp_sk(sk); ep = sp->ep; if (!sctp_style(sk, TCP)) { error = -EOPNOTSUPP; goto out; } if (!sctp_sstate(sk, LISTENING)) { error = -EINVAL; goto out; } timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK); error = sctp_wait_for_accept(sk, timeo); if (error) goto out; asoc = list_entry(ep->asocs.next, struct sctp_association, asocs); newsk = sp->pf->create_accept_sk(sk, asoc); if (!newsk) { error = -ENOMEM; goto out; } sctp_sock_migrate(sk, newsk, asoc, SCTP_SOCKET_TCP); out: sctp_release_sock(sk); *err = error; return newsk; }",linux-2.6,,,32808069116699442228061966109860480198,0 3699,CWE-426,"process_add_smartcard_key(SocketEntry *e) { char *provider = NULL, *pin; int r, i, version, count = 0, success = 0, confirm = 0; u_int seconds; time_t death = 0; u_char type; struct sshkey **keys = NULL, *k; Identity *id; Idtab *tab; if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 || (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) fatal(""%s: buffer error: %s"", __func__, ssh_err(r)); while (sshbuf_len(e->request)) { if ((r = sshbuf_get_u8(e->request, &type)) != 0) fatal(""%s: buffer error: %s"", __func__, ssh_err(r)); switch (type) { case SSH_AGENT_CONSTRAIN_LIFETIME: if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) fatal(""%s: buffer error: %s"", __func__, ssh_err(r)); death = monotime() + seconds; break; case SSH_AGENT_CONSTRAIN_CONFIRM: confirm = 1; break; default: error(""process_add_smartcard_key: "" ""Unknown constraint type %d"", type); goto send; } } if (lifetime && !death) death = monotime() + lifetime; count = pkcs11_add_provider(provider, pin, &keys); for (i = 0; i < count; i++) { k = keys[i]; version = k->type == KEY_RSA1 ? 1 : 2; tab = idtab_lookup(version); if (lookup_identity(k, version) == NULL) { id = xcalloc(1, sizeof(Identity)); id->key = k; id->provider = xstrdup(provider); id->comment = xstrdup(provider); id->death = death; id->confirm = confirm; TAILQ_INSERT_TAIL(&tab->idlist, id, next); tab->nentries++; success = 1; } else { sshkey_free(k); } keys[i] = NULL; } send: free(pin); free(provider); free(keys); send_status(e, success); }",visit repo url,usr.bin/ssh/ssh-agent.c,https://github.com/openbsd/src,171974603904683,1 4939,CWE-787,"exif_data_load_data (ExifData *data, const unsigned char *d_orig, unsigned int ds) { unsigned int l; ExifLong offset; ExifShort n; const unsigned char *d = d_orig; unsigned int len, fullds; if (!data || !data->priv || !d || !ds) return; exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Parsing %i byte(s) EXIF data...\n"", ds); if (ds < 6) { LOG_TOO_SMALL; return; } if (!memcmp (d, ExifHeader, 6)) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Found EXIF header at start.""); } else { while (ds >= 3) { while (ds && (d[0] == 0xff)) { d++; ds--; } if (ds && d[0] == JPEG_MARKER_SOI) { d++; ds--; continue; } if (ds && d[0] == JPEG_MARKER_APP1) break; if (ds >= 3 && d[0] >= 0xe0 && d[0] <= 0xef) { d++; ds--; l = (d[0] << 8) | d[1]; if (l > ds) return; d += l; ds -= l; continue; } exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifData"", _(""EXIF marker not found."")); return; } if (ds < 3) { LOG_TOO_SMALL; return; } d++; ds--; len = (d[0] << 8) | d[1]; exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""We have to deal with %i byte(s) of EXIF data."", len); d += 2; ds -= 2; } if (ds < 6) { LOG_TOO_SMALL; return; } if (memcmp (d, ExifHeader, 6)) { exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifData"", _(""EXIF header not found."")); return; } exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Found EXIF header.""); if (ds < 14) return; fullds = ds; if (ds > 0xfffe) ds = 0xfffe; if (!memcmp (d + 6, ""II"", 2)) data->priv->order = EXIF_BYTE_ORDER_INTEL; else if (!memcmp (d + 6, ""MM"", 2)) data->priv->order = EXIF_BYTE_ORDER_MOTOROLA; else { exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifData"", _(""Unknown encoding."")); return; } if (exif_get_short (d + 8, data->priv->order) != 0x002a) return; offset = exif_get_long (d + 10, data->priv->order); exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""IFD 0 at %i."", (int) offset); if (offset > ds || offset + 6 + 2 > ds) return; exif_data_load_data_content (data, EXIF_IFD_0, d + 6, ds - 6, offset, 0); n = exif_get_short (d + 6 + offset, data->priv->order); if (offset + 6 + 2 + 12 * n + 4 > ds) return; offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order); if (offset) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""IFD 1 at %i."", (int) offset); if (offset > ds || offset + 6 > ds) { exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifData"", ""Bogus offset of IFD1.""); } else { exif_data_load_data_content (data, EXIF_IFD_1, d + 6, ds - 6, offset, 0); } } interpret_maker_note(data, d, fullds); if (data->priv->options & EXIF_DATA_OPTION_FOLLOW_SPECIFICATION) exif_data_fix (data); }",visit repo url,libexif/exif-data.c,https://github.com/libexif/libexif,222357995869878,1 395,CWE-119,"bool f2fs_init_extent_tree(struct inode *inode, struct f2fs_extent *i_ext) { struct f2fs_sb_info *sbi = F2FS_I_SB(inode); struct extent_tree *et; struct extent_node *en; struct extent_info ei; if (!f2fs_may_extent_tree(inode)) { if (i_ext && i_ext->len) { i_ext->len = 0; return true; } return false; } et = __grab_extent_tree(inode); if (!i_ext || !i_ext->len) return false; get_extent_info(&ei, i_ext); write_lock(&et->lock); if (atomic_read(&et->node_cnt)) goto out; en = __init_extent_tree(sbi, et, &ei); if (en) { spin_lock(&sbi->extent_lock); list_add_tail(&en->list, &sbi->extent_list); spin_unlock(&sbi->extent_lock); } out: write_unlock(&et->lock); return false; }",visit repo url,fs/f2fs/extent_cache.c,https://github.com/torvalds/linux,117628370280657,1 6155,['CWE-200'],"int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, int len) { memset(tb, 0, sizeof(struct rtattr*)*maxattr); while (RTA_OK(rta, len)) { unsigned flavor = rta->rta_type; if (flavor && flavor <= maxattr) tb[flavor-1] = rta; rta = RTA_NEXT(rta, len); } return 0; }",linux-2.6,,,267845045706418662286444914813389986981,0 1708,CWE-19,"ext4_xattr_release_block(handle_t *handle, struct inode *inode, struct buffer_head *bh) { struct mb_cache_entry *ce = NULL; int error = 0; struct mb_cache *ext4_mb_cache = EXT4_GET_MB_CACHE(inode); ce = mb_cache_entry_get(ext4_mb_cache, bh->b_bdev, bh->b_blocknr); BUFFER_TRACE(bh, ""get_write_access""); error = ext4_journal_get_write_access(handle, bh); if (error) goto out; lock_buffer(bh); if (BHDR(bh)->h_refcount == cpu_to_le32(1)) { ea_bdebug(bh, ""refcount now=0; freeing""); if (ce) mb_cache_entry_free(ce); get_bh(bh); unlock_buffer(bh); ext4_free_blocks(handle, inode, bh, 0, 1, EXT4_FREE_BLOCKS_METADATA | EXT4_FREE_BLOCKS_FORGET); } else { le32_add_cpu(&BHDR(bh)->h_refcount, -1); if (ce) mb_cache_entry_release(ce); if (ext4_handle_valid(handle)) error = ext4_handle_dirty_xattr_block(handle, inode, bh); unlock_buffer(bh); if (!ext4_handle_valid(handle)) error = ext4_handle_dirty_xattr_block(handle, inode, bh); if (IS_SYNC(inode)) ext4_handle_sync(handle); dquot_free_block(inode, EXT4_C2B(EXT4_SB(inode->i_sb), 1)); ea_bdebug(bh, ""refcount now=%d; releasing"", le32_to_cpu(BHDR(bh)->h_refcount)); } out: ext4_std_error(inode->i_sb, error); return; }",visit repo url,fs/ext4/xattr.c,https://github.com/torvalds/linux,189835876176352,1 5180,CWE-125,"TfLiteStatus InitializeTemporaries(TfLiteContext* context, TfLiteNode* node, OpContext* op_context) { OpData* op_data = reinterpret_cast(node->user_data); const TfLiteTensor* lhs = op_context->lhs; const TfLiteTensor* rhs = op_context->rhs; TfLiteIntArrayFree(node->temporaries); bool is_hybrid = (op_context->lhs->type == kTfLiteFloat32 && rhs->type == kTfLiteInt8); if (is_hybrid) { node->temporaries = TfLiteIntArrayCreate(kNumTempTensorsForAdjoints + kNumTempTensorsForHybrid); } else { node->temporaries = TfLiteIntArrayCreate(kNumTempTensorsForAdjoints); } const int lhs_rank = NumDimensions(lhs); const int rhs_rank = NumDimensions(rhs); const int batch_size = op_context->params->adj_x ? lhs->dims->data[lhs_rank - 2] : lhs->dims->data[lhs_rank - 1]; const int num_units = op_context->params->adj_x ? lhs->dims->data[lhs_rank - 1] : lhs->dims->data[lhs_rank - 2]; { node->temporaries->data[0] = op_data->scratch_tensor_index; TfLiteTensor* scratch_buffer = GetTemporary(context, node, 0); TfLiteIntArray* scratch_buffer_size = TfLiteIntArrayCreate(lhs_rank); for (int i = 0; i < lhs_rank - 2; ++i) { scratch_buffer_size->data[i] = lhs->dims->data[i]; } scratch_buffer_size->data[lhs_rank - 2] = lhs->dims->data[lhs_rank - 1]; scratch_buffer_size->data[lhs_rank - 1] = lhs->dims->data[lhs_rank - 2]; scratch_buffer->type = op_context->lhs->type; scratch_buffer->allocation_type = kTfLiteArenaRw; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, scratch_buffer, scratch_buffer_size)); } { node->temporaries->data[1] = op_data->scratch_tensor_index + 1; TfLiteTensor* scratch_buffer = GetTemporary(context, node, 1); const TfLiteTensor* rhs = op_context->rhs; int rhs_rank = NumDimensions(rhs); TfLiteIntArray* scratch_buffer_size = TfLiteIntArrayCreate(rhs_rank); for (int i = 0; i < rhs_rank - 2; ++i) { scratch_buffer_size->data[i] = rhs->dims->data[i]; } scratch_buffer_size->data[rhs_rank - 2] = rhs->dims->data[rhs_rank - 1]; scratch_buffer_size->data[rhs_rank - 1] = rhs->dims->data[rhs_rank - 2]; if (IsConstantTensor(op_context->rhs)) { scratch_buffer->allocation_type = kTfLiteArenaRwPersistent; } else { scratch_buffer->allocation_type = kTfLiteArenaRw; } scratch_buffer->type = op_context->rhs->type; scratch_buffer->allocation_type = kTfLiteArenaRw; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, scratch_buffer, scratch_buffer_size)); } if (is_hybrid) { int num_batches = 1; for (int i = 0; i < lhs_rank - 2; ++i) { num_batches *= lhs->dims->data[i]; } int num_weights_matrices = 1; for (int i = 0; i < rhs_rank - 2; ++i) { num_weights_matrices *= rhs->dims->data[i]; } op_data->compute_row_sums = true; node->temporaries->data[2] = op_data->scratch_tensor_index + 2; TfLiteTensor* input_quantized = GetTemporary(context, node, 2); input_quantized->type = op_context->rhs->type; input_quantized->allocation_type = kTfLiteArenaRw; TfLiteIntArray* input_quantized_size = TfLiteIntArrayCopy(op_context->lhs->dims); TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, input_quantized, input_quantized_size)); node->temporaries->data[3] = op_data->scratch_tensor_index + 3; TfLiteTensor* scaling_factors = GetTemporary(context, node, 3); scaling_factors->type = kTfLiteFloat32; scaling_factors->allocation_type = kTfLiteArenaRw; int scaling_dims[1] = {num_batches * batch_size}; if (!TfLiteIntArrayEqualsArray(scaling_factors->dims, 1, scaling_dims)) { TfLiteIntArray* scaling_factors_size = TfLiteIntArrayCreate(1); scaling_factors_size->data[0] = batch_size; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, scaling_factors, scaling_factors_size)); } node->temporaries->data[4] = op_data->scratch_tensor_index + 4; TfLiteTensor* accum_scratch = GetTemporary(context, node, 4); accum_scratch->type = kTfLiteInt32; accum_scratch->allocation_type = kTfLiteArenaRw; int accum_scratch_dims[2] = {num_units, batch_size}; if (!TfLiteIntArrayEqualsArray(accum_scratch->dims, 2, accum_scratch_dims)) { TfLiteIntArray* accum_size = TfLiteIntArrayCreate(2); accum_size->data[0] = num_units; accum_size->data[1] = batch_size; TF_LITE_ENSURE_OK( context, context->ResizeTensor(context, accum_scratch, accum_size)); } node->temporaries->data[5] = op_data->scratch_tensor_index + 5; TfLiteTensor* input_offsets = GetTemporary(context, node, 5); input_offsets->type = kTfLiteInt32; input_offsets->allocation_type = kTfLiteArenaRw; if (!TfLiteIntArrayEqualsArray(input_offsets->dims, 1, scaling_dims)) { TfLiteIntArray* input_offsets_size = TfLiteIntArrayCreate(1); input_offsets_size->data[0] = num_batches * batch_size; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, input_offsets, input_offsets_size)); } node->temporaries->data[6] = op_data->scratch_tensor_index + 6; TfLiteTensor* row_sums = GetTemporary(context, node, 6); row_sums->type = kTfLiteInt32; row_sums->allocation_type = kTfLiteArenaRwPersistent; int row_sums_dims[1] = {num_weights_matrices * num_units}; if (!TfLiteIntArrayEqualsArray(row_sums->dims, 1, row_sums_dims)) { TfLiteIntArray* row_sums_size = TfLiteIntArrayCreate(1); row_sums_size->data[0] = row_sums_dims[0]; TF_LITE_ENSURE_OK( context, context->ResizeTensor(context, row_sums, row_sums_size)); } } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/batch_matmul.cc,https://github.com/tensorflow/tensorflow,27195222089431,1 2070,[],"int udp_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags) { struct udp_sock *up = udp_sk(sk); int ret; if (!up->pending) { struct msghdr msg = { .msg_flags = flags|MSG_MORE }; ret = udp_sendmsg(NULL, sk, &msg, 0); if (ret < 0) return ret; } lock_sock(sk); if (unlikely(!up->pending)) { release_sock(sk); LIMIT_NETDEBUG(KERN_DEBUG ""udp cork app bug 3\n""); return -EINVAL; } ret = ip_append_page(sk, page, offset, size, flags); if (ret == -EOPNOTSUPP) { release_sock(sk); return sock_no_sendpage(sk->sk_socket, page, offset, size, flags); } if (ret < 0) { udp_flush_pending_frames(sk); goto out; } up->len += size; if (!(up->corkflag || (flags&MSG_MORE))) ret = udp_push_pending_frames(sk); if (!ret) ret = size; out: release_sock(sk); return ret; }",linux-2.6,,,34738155592873795546961509014468732386,0 5475,['CWE-476'],"static int load_state_from_tss16(struct kvm_vcpu *vcpu, struct tss_segment_16 *tss) { kvm_rip_write(vcpu, tss->ip); kvm_x86_ops->set_rflags(vcpu, tss->flag | 2); kvm_register_write(vcpu, VCPU_REGS_RAX, tss->ax); kvm_register_write(vcpu, VCPU_REGS_RCX, tss->cx); kvm_register_write(vcpu, VCPU_REGS_RDX, tss->dx); kvm_register_write(vcpu, VCPU_REGS_RBX, tss->bx); kvm_register_write(vcpu, VCPU_REGS_RSP, tss->sp); kvm_register_write(vcpu, VCPU_REGS_RBP, tss->bp); kvm_register_write(vcpu, VCPU_REGS_RSI, tss->si); kvm_register_write(vcpu, VCPU_REGS_RDI, tss->di); if (kvm_load_segment_descriptor(vcpu, tss->ldt, 0, VCPU_SREG_LDTR)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->es, 1, VCPU_SREG_ES)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->cs, 9, VCPU_SREG_CS)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->ss, 1, VCPU_SREG_SS)) return 1; if (kvm_load_segment_descriptor(vcpu, tss->ds, 1, VCPU_SREG_DS)) return 1; return 0; }",linux-2.6,,,216349931709243528932580674119915957748,0 2655,[],"static int sctp_bindx_rem(struct sock *sk, struct sockaddr *addrs, int addrcnt) { struct sctp_sock *sp = sctp_sk(sk); struct sctp_endpoint *ep = sp->ep; int cnt; struct sctp_bind_addr *bp = &ep->base.bind_addr; int retval = 0; void *addr_buf; union sctp_addr *sa_addr; struct sctp_af *af; SCTP_DEBUG_PRINTK(""sctp_bindx_rem (sk: %p, addrs: %p, addrcnt: %d)\n"", sk, addrs, addrcnt); addr_buf = addrs; for (cnt = 0; cnt < addrcnt; cnt++) { if (list_empty(&bp->address_list) || (sctp_list_single_entry(&bp->address_list))) { retval = -EBUSY; goto err_bindx_rem; } sa_addr = (union sctp_addr *)addr_buf; af = sctp_get_af_specific(sa_addr->sa.sa_family); if (!af) { retval = -EINVAL; goto err_bindx_rem; } if (!af->addr_valid(sa_addr, sp, NULL)) { retval = -EADDRNOTAVAIL; goto err_bindx_rem; } if (sa_addr->v4.sin_port != htons(bp->port)) { retval = -EINVAL; goto err_bindx_rem; } retval = sctp_del_bind_addr(bp, sa_addr); addr_buf += af->sockaddr_len; err_bindx_rem: if (retval < 0) { if (cnt > 0) sctp_bindx_add(sk, addrs, cnt); return retval; } } return retval; }",linux-2.6,,,166472998615072267054702948662190410711,0 5933,['CWE-909'],"void qdisc_put_rtab(struct qdisc_rate_table *tab) { struct qdisc_rate_table *rtab, **rtabp; if (!tab || --tab->refcnt) return; for (rtabp = &qdisc_rtab_list; (rtab=*rtabp) != NULL; rtabp = &rtab->next) { if (rtab == tab) { *rtabp = rtab->next; kfree(rtab); return; } } }",linux-2.6,,,44575954823554899736408230995574545601,0 221,CWE-285,"static int __btrfs_set_acl(struct btrfs_trans_handle *trans, struct inode *inode, struct posix_acl *acl, int type) { int ret, size = 0; const char *name; char *value = NULL; switch (type) { case ACL_TYPE_ACCESS: name = XATTR_NAME_POSIX_ACL_ACCESS; if (acl) { ret = posix_acl_equiv_mode(acl, &inode->i_mode); if (ret < 0) return ret; if (ret == 0) acl = NULL; } ret = 0; break; case ACL_TYPE_DEFAULT: if (!S_ISDIR(inode->i_mode)) return acl ? -EINVAL : 0; name = XATTR_NAME_POSIX_ACL_DEFAULT; break; default: return -EINVAL; } if (acl) { size = posix_acl_xattr_size(acl->a_count); value = kmalloc(size, GFP_KERNEL); if (!value) { ret = -ENOMEM; goto out; } ret = posix_acl_to_xattr(&init_user_ns, acl, value, size); if (ret < 0) goto out; } ret = __btrfs_setxattr(trans, inode, name, value, size, 0); out: kfree(value); if (!ret) set_cached_acl(inode, type, acl); return ret; }",visit repo url,fs/btrfs/acl.c,https://github.com/torvalds/linux,42994495645217,1 554,[],"static int bad_file_flock(struct file *filp, int cmd, struct file_lock *fl) { return -EIO; }",linux-2.6,,,41931810909433113660029947588582790738,0 3617,[],"void __init rtc_dev_init(void) { int err; err = alloc_chrdev_region(&rtc_devt, 0, RTC_DEV_MAX, ""rtc""); if (err < 0) printk(KERN_ERR ""%s: failed to allocate char dev region\n"", __FILE__); }",linux-2.6,,,86198891492474279363569632825224560383,0 3627,['CWE-287'],"void sctp_assoc_update(struct sctp_association *asoc, struct sctp_association *new) { struct sctp_transport *trans; struct list_head *pos, *temp; asoc->c = new->c; asoc->peer.rwnd = new->peer.rwnd; asoc->peer.sack_needed = new->peer.sack_needed; asoc->peer.i = new->peer.i; sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, asoc->peer.i.initial_tsn); list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { trans = list_entry(pos, struct sctp_transport, transports); if (!sctp_assoc_lookup_paddr(new, &trans->ipaddr)) sctp_assoc_del_peer(asoc, &trans->ipaddr); if (asoc->state >= SCTP_STATE_ESTABLISHED) sctp_transport_reset(trans); } if (asoc->state >= SCTP_STATE_ESTABLISHED) { asoc->next_tsn = new->next_tsn; asoc->ctsn_ack_point = new->ctsn_ack_point; asoc->adv_peer_ack_point = new->adv_peer_ack_point; sctp_ssnmap_clear(asoc->ssnmap); sctp_ulpq_flush(&asoc->ulpq); asoc->overall_error_count = 0; } else { list_for_each_entry(trans, &new->peer.transport_addr_list, transports) { if (!sctp_assoc_lookup_paddr(asoc, &trans->ipaddr)) sctp_assoc_add_peer(asoc, &trans->ipaddr, GFP_ATOMIC, trans->state); } asoc->ctsn_ack_point = asoc->next_tsn - 1; asoc->adv_peer_ack_point = asoc->ctsn_ack_point; if (!asoc->ssnmap) { asoc->ssnmap = new->ssnmap; new->ssnmap = NULL; } if (!asoc->assoc_id) { sctp_assoc_set_id(asoc, GFP_ATOMIC); } } kfree(asoc->peer.peer_random); asoc->peer.peer_random = new->peer.peer_random; new->peer.peer_random = NULL; kfree(asoc->peer.peer_chunks); asoc->peer.peer_chunks = new->peer.peer_chunks; new->peer.peer_chunks = NULL; kfree(asoc->peer.peer_hmacs); asoc->peer.peer_hmacs = new->peer.peer_hmacs; new->peer.peer_hmacs = NULL; sctp_auth_key_put(asoc->asoc_shared_key); sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC); }",linux-2.6,,,207691199902909361856919423624746105103,0 3452,['CWE-20'],"_dbus_validate_bus_name (const DBusString *str, int start, int len) { const unsigned char *s; const unsigned char *end; const unsigned char *iface; const unsigned char *last_dot; _dbus_assert (start >= 0); _dbus_assert (len >= 0); _dbus_assert (start <= _dbus_string_get_length (str)); if (len > _dbus_string_get_length (str) - start) return FALSE; if (len > DBUS_MAXIMUM_NAME_LENGTH) return FALSE; if (len == 0) return FALSE; last_dot = NULL; iface = _dbus_string_get_const_data (str) + start; end = iface + len; s = iface; if (*s == ':') { ++s; while (s != end) { if (*s == '.') { if (_DBUS_UNLIKELY ((s + 1) == end)) return FALSE; if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*(s + 1)))) return FALSE; ++s; } else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s))) { return FALSE; } ++s; } return TRUE; } else if (_DBUS_UNLIKELY (*s == '.')) return FALSE; else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*s))) return FALSE; else ++s; while (s != end) { if (*s == '.') { if (_DBUS_UNLIKELY ((s + 1) == end)) return FALSE; else if (_DBUS_UNLIKELY (!VALID_INITIAL_BUS_NAME_CHARACTER (*(s + 1)))) return FALSE; last_dot = s; ++s; } else if (_DBUS_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s))) { return FALSE; } ++s; } if (_DBUS_UNLIKELY (last_dot == NULL)) return FALSE; return TRUE; }",dbus,,,97408342945371016000140935199914328919,0 3398,CWE-787,"static void InsertRow(Image *image,unsigned char *p,ssize_t y,int bpp, ExceptionInfo *exception) { int bit; Quantum index; register Quantum *q; ssize_t x; switch (bpp) { case 1: { q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < ((ssize_t) image->columns-7); x+=8) { for (bit=0; bit < 8; bit++) { index=((*p) & (0x80 >> bit) ? 0x01 : 0x00); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); } p++; } if ((image->columns % 8) != 0) { for (bit=0; bit < (ssize_t) (image->columns % 8); bit++) { index=((*p) & (0x80 >> bit) ? 0x01 : 0x00); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); } p++; } if (!SyncAuthenticPixels(image,exception)) break; break; } case 2: { q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < ((ssize_t) image->columns-1); x+=2) { index=ConstrainColormapIndex(image,(*p >> 6) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); index=ConstrainColormapIndex(image,(*p >> 4) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); index=ConstrainColormapIndex(image,(*p >> 2) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); index=ConstrainColormapIndex(image,(*p) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); p++; q+=GetPixelChannels(image); } if ((image->columns % 4) != 0) { index=ConstrainColormapIndex(image,(*p >> 6) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); if ((image->columns % 4) >= 1) { index=ConstrainColormapIndex(image,(*p >> 4) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); if ((image->columns % 4) >= 2) { index=ConstrainColormapIndex(image,(*p >> 2) & 0x3, exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); } } p++; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; break; } case 4: { q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < ((ssize_t) image->columns-1); x+=2) { index=ConstrainColormapIndex(image,(*p >> 4) & 0x0f,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); index=ConstrainColormapIndex(image,(*p) & 0x0f,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); p++; q+=GetPixelChannels(image); } if ((image->columns % 2) != 0) { index=ConstrainColormapIndex(image,(*p >> 4) & 0x0f,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); p++; q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; break; } case 8: { q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { index=ConstrainColormapIndex(image,*p,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); p++; q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } break; case 24: q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum(*p++),q); SetPixelGreen(image,ScaleCharToQuantum(*p++),q); SetPixelBlue(image,ScaleCharToQuantum(*p++),q); q+=GetPixelChannels(image); } if (!SyncAuthenticPixels(image,exception)) break; break; } }",visit repo url,coders/wpg.c,https://github.com/ImageMagick/ImageMagick,130840398494960,1 887,CWE-20,"vsock_stream_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk; struct vsock_sock *vsk; int err; size_t target; ssize_t copied; long timeout; struct vsock_transport_recv_notify_data recv_data; DEFINE_WAIT(wait); sk = sock->sk; vsk = vsock_sk(sk); err = 0; msg->msg_namelen = 0; lock_sock(sk); if (sk->sk_state != SS_CONNECTED) { if (sock_flag(sk, SOCK_DONE)) err = 0; else err = -ENOTCONN; goto out; } if (flags & MSG_OOB) { err = -EOPNOTSUPP; goto out; } if (sk->sk_shutdown & RCV_SHUTDOWN) { err = 0; goto out; } if (!len) { err = 0; goto out; } target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); if (target >= transport->stream_rcvhiwat(vsk)) { err = -ENOMEM; goto out; } timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); copied = 0; err = transport->notify_recv_init(vsk, target, &recv_data); if (err < 0) goto out; prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); while (1) { s64 ready = vsock_stream_has_data(vsk); if (ready < 0) { err = -ENOMEM; goto out_wait; } else if (ready > 0) { ssize_t read; err = transport->notify_recv_pre_dequeue( vsk, target, &recv_data); if (err < 0) break; read = transport->stream_dequeue( vsk, msg->msg_iov, len - copied, flags); if (read < 0) { err = -ENOMEM; break; } copied += read; err = transport->notify_recv_post_dequeue( vsk, target, read, !(flags & MSG_PEEK), &recv_data); if (err < 0) goto out_wait; if (read >= target || flags & MSG_PEEK) break; target -= read; } else { if (sk->sk_err != 0 || (sk->sk_shutdown & RCV_SHUTDOWN) || (vsk->peer_shutdown & SEND_SHUTDOWN)) { break; } if (timeout == 0) { err = -EAGAIN; break; } err = transport->notify_recv_pre_block( vsk, target, &recv_data); if (err < 0) break; release_sock(sk); timeout = schedule_timeout(timeout); lock_sock(sk); if (signal_pending(current)) { err = sock_intr_errno(timeout); break; } else if (timeout == 0) { err = -EAGAIN; break; } prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); } } if (sk->sk_err) err = -sk->sk_err; else if (sk->sk_shutdown & RCV_SHUTDOWN) err = 0; if (copied > 0) { if (!(flags & MSG_PEEK)) { if (vsk->peer_shutdown & SEND_SHUTDOWN) { if (vsock_stream_has_data(vsk) <= 0) { sk->sk_state = SS_UNCONNECTED; sock_set_flag(sk, SOCK_DONE); sk->sk_state_change(sk); } } } err = copied; } out_wait: finish_wait(sk_sleep(sk), &wait); out: release_sock(sk); return err; }",visit repo url,net/vmw_vsock/af_vsock.c,https://github.com/torvalds/linux,94541206747475,1 480,[],"pfm_write_ibrs(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { return pfm_write_ibr_dbr(PFM_CODE_RR, ctx, arg, count, regs); }",linux-2.6,,,242169895497217684238869740829752669016,0 777,['CWE-119'],"isdn_net_dial(void) { isdn_net_dev *p = dev->netdev; int anymore = 0; int i; isdn_ctrl cmd; u_char *phone_number; while (p) { isdn_net_local *lp = p->local; #ifdef ISDN_DEBUG_NET_DIAL if (lp->dialstate) printk(KERN_DEBUG ""%s: dialstate=%d\n"", p->dev->name, lp->dialstate); #endif switch (lp->dialstate) { case 0: break; case 1: lp->dial = lp->phone[1]; if (!lp->dial) { printk(KERN_WARNING ""%s: phone number deleted?\n"", p->dev->name); isdn_net_hangup(p->dev); break; } anymore = 1; if(lp->dialtimeout > 0) if(lp->dialstarted == 0 || time_after(jiffies, lp->dialstarted + lp->dialtimeout + lp->dialwait)) { lp->dialstarted = jiffies; lp->dialwait_timer = 0; } lp->dialstate++; case 2: cmd.driver = lp->isdn_device; cmd.arg = lp->isdn_channel; cmd.command = ISDN_CMD_CLREAZ; isdn_command(&cmd); sprintf(cmd.parm.num, ""%s"", isdn_map_eaz2msn(lp->msn, cmd.driver)); cmd.command = ISDN_CMD_SETEAZ; isdn_command(&cmd); lp->dialretry = 0; anymore = 1; lp->dialstate++; case 3: if(dev->global_flags & ISDN_GLOBAL_STOPPED || (ISDN_NET_DIALMODE(*lp) == ISDN_NET_DM_OFF)) { char *s; if (dev->global_flags & ISDN_GLOBAL_STOPPED) s = ""dial suppressed: isdn system stopped""; else s = ""dial suppressed: dialmode `off'""; isdn_net_unreachable(p->dev, NULL, s); isdn_net_hangup(p->dev); break; } cmd.driver = lp->isdn_device; cmd.command = ISDN_CMD_SETL2; cmd.arg = lp->isdn_channel + (lp->l2_proto << 8); isdn_command(&cmd); cmd.driver = lp->isdn_device; cmd.command = ISDN_CMD_SETL3; cmd.arg = lp->isdn_channel + (lp->l3_proto << 8); isdn_command(&cmd); cmd.driver = lp->isdn_device; cmd.arg = lp->isdn_channel; if (!lp->dial) { printk(KERN_WARNING ""%s: phone number deleted?\n"", p->dev->name); isdn_net_hangup(p->dev); break; } if (!strncmp(lp->dial->num, ""LEASED"", strlen(""LEASED""))) { lp->dialstate = 4; printk(KERN_INFO ""%s: Open leased line ...\n"", p->dev->name); } else { if(lp->dialtimeout > 0) if (time_after(jiffies, lp->dialstarted + lp->dialtimeout)) { lp->dialwait_timer = jiffies + lp->dialwait; lp->dialstarted = 0; isdn_net_unreachable(p->dev, NULL, ""dial: timed out""); isdn_net_hangup(p->dev); break; } cmd.driver = lp->isdn_device; cmd.command = ISDN_CMD_DIAL; cmd.parm.setup.si2 = 0; phone_number = lp->dial->num; if ((*phone_number == 'v') || (*phone_number == 'V')) { cmd.parm.setup.si1 = 1; } else { cmd.parm.setup.si1 = 7; } strcpy(cmd.parm.setup.phone, phone_number); if (!(lp->dial = (isdn_net_phone *) lp->dial->next)) { lp->dial = lp->phone[1]; lp->dialretry++; if (lp->dialretry > lp->dialmax) { if (lp->dialtimeout == 0) { lp->dialwait_timer = jiffies + lp->dialwait; lp->dialstarted = 0; isdn_net_unreachable(p->dev, NULL, ""dial: tried all numbers dialmax times""); } isdn_net_hangup(p->dev); break; } } sprintf(cmd.parm.setup.eazmsn, ""%s"", isdn_map_eaz2msn(lp->msn, cmd.driver)); i = isdn_dc2minor(lp->isdn_device, lp->isdn_channel); if (i >= 0) { strcpy(dev->num[i], cmd.parm.setup.phone); dev->usage[i] |= ISDN_USAGE_OUTGOING; isdn_info_update(); } printk(KERN_INFO ""%s: dialing %d %s... %s\n"", p->dev->name, lp->dialretry, cmd.parm.setup.phone, (cmd.parm.setup.si1 == 1) ? ""DOV"" : """"); lp->dtimer = 0; #ifdef ISDN_DEBUG_NET_DIAL printk(KERN_DEBUG ""dial: d=%d c=%d\n"", lp->isdn_device, lp->isdn_channel); #endif isdn_command(&cmd); } lp->huptimer = 0; lp->outgoing = 1; if (lp->chargeint) { lp->hupflags |= ISDN_HAVECHARGE; lp->hupflags &= ~ISDN_WAITCHARGE; } else { lp->hupflags |= ISDN_WAITCHARGE; lp->hupflags &= ~ISDN_HAVECHARGE; } anymore = 1; lp->dialstate = (lp->cbdelay && (lp->flags & ISDN_NET_CBOUT)) ? 12 : 4; break; case 4: if (lp->dtimer++ > ISDN_TIMER_DTIMEOUT10) lp->dialstate = 3; anymore = 1; break; case 5: cmd.driver = lp->isdn_device; cmd.arg = lp->isdn_channel; cmd.command = ISDN_CMD_ACCEPTB; anymore = 1; lp->dtimer = 0; lp->dialstate++; isdn_command(&cmd); break; case 6: #ifdef ISDN_DEBUG_NET_DIAL printk(KERN_DEBUG ""dialtimer2: %d\n"", lp->dtimer); #endif if (lp->dtimer++ > ISDN_TIMER_DTIMEOUT10) lp->dialstate = 3; anymore = 1; break; case 7: #ifdef ISDN_DEBUG_NET_DIAL printk(KERN_DEBUG ""dialtimer4: %d\n"", lp->dtimer); #endif cmd.driver = lp->isdn_device; cmd.command = ISDN_CMD_SETL2; cmd.arg = lp->isdn_channel + (lp->l2_proto << 8); isdn_command(&cmd); cmd.driver = lp->isdn_device; cmd.command = ISDN_CMD_SETL3; cmd.arg = lp->isdn_channel + (lp->l3_proto << 8); isdn_command(&cmd); if (lp->dtimer++ > ISDN_TIMER_DTIMEOUT15) isdn_net_hangup(p->dev); else { anymore = 1; lp->dialstate++; } break; case 9: cmd.driver = lp->isdn_device; cmd.arg = lp->isdn_channel; cmd.command = ISDN_CMD_ACCEPTB; isdn_command(&cmd); anymore = 1; lp->dtimer = 0; lp->dialstate++; break; case 8: case 10: #ifdef ISDN_DEBUG_NET_DIAL printk(KERN_DEBUG ""dialtimer4: %d\n"", lp->dtimer); #endif if (lp->dtimer++ > ISDN_TIMER_DTIMEOUT10) isdn_net_hangup(p->dev); else anymore = 1; break; case 11: if (lp->dtimer++ > lp->cbdelay) lp->dialstate = 1; anymore = 1; break; case 12: if (lp->dtimer++ > lp->cbdelay) { printk(KERN_INFO ""%s: hangup waiting for callback ...\n"", p->dev->name); lp->dtimer = 0; lp->dialstate = 4; cmd.driver = lp->isdn_device; cmd.command = ISDN_CMD_HANGUP; cmd.arg = lp->isdn_channel; isdn_command(&cmd); isdn_all_eaz(lp->isdn_device, lp->isdn_channel); } anymore = 1; break; default: printk(KERN_WARNING ""isdn_net: Illegal dialstate %d for device %s\n"", lp->dialstate, p->dev->name); } p = (isdn_net_dev *) p->next; } isdn_timer_ctrl(ISDN_TIMER_NETDIAL, anymore); }",linux-2.6,,,263313461886051316080102067714764588032,0 1314,CWE-119,"int sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { struct sock *sk = sock->sk; union { int val; struct linger ling; struct timeval tm; } v; int lv = sizeof(int); int len; if (get_user(len, optlen)) return -EFAULT; if (len < 0) return -EINVAL; memset(&v, 0, sizeof(v)); switch (optname) { case SO_DEBUG: v.val = sock_flag(sk, SOCK_DBG); break; case SO_DONTROUTE: v.val = sock_flag(sk, SOCK_LOCALROUTE); break; case SO_BROADCAST: v.val = !!sock_flag(sk, SOCK_BROADCAST); break; case SO_SNDBUF: v.val = sk->sk_sndbuf; break; case SO_RCVBUF: v.val = sk->sk_rcvbuf; break; case SO_REUSEADDR: v.val = sk->sk_reuse; break; case SO_KEEPALIVE: v.val = !!sock_flag(sk, SOCK_KEEPOPEN); break; case SO_TYPE: v.val = sk->sk_type; break; case SO_PROTOCOL: v.val = sk->sk_protocol; break; case SO_DOMAIN: v.val = sk->sk_family; break; case SO_ERROR: v.val = -sock_error(sk); if (v.val == 0) v.val = xchg(&sk->sk_err_soft, 0); break; case SO_OOBINLINE: v.val = !!sock_flag(sk, SOCK_URGINLINE); break; case SO_NO_CHECK: v.val = sk->sk_no_check; break; case SO_PRIORITY: v.val = sk->sk_priority; break; case SO_LINGER: lv = sizeof(v.ling); v.ling.l_onoff = !!sock_flag(sk, SOCK_LINGER); v.ling.l_linger = sk->sk_lingertime / HZ; break; case SO_BSDCOMPAT: sock_warn_obsolete_bsdism(""getsockopt""); break; case SO_TIMESTAMP: v.val = sock_flag(sk, SOCK_RCVTSTAMP) && !sock_flag(sk, SOCK_RCVTSTAMPNS); break; case SO_TIMESTAMPNS: v.val = sock_flag(sk, SOCK_RCVTSTAMPNS); break; case SO_TIMESTAMPING: v.val = 0; if (sock_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE)) v.val |= SOF_TIMESTAMPING_TX_HARDWARE; if (sock_flag(sk, SOCK_TIMESTAMPING_TX_SOFTWARE)) v.val |= SOF_TIMESTAMPING_TX_SOFTWARE; if (sock_flag(sk, SOCK_TIMESTAMPING_RX_HARDWARE)) v.val |= SOF_TIMESTAMPING_RX_HARDWARE; if (sock_flag(sk, SOCK_TIMESTAMPING_RX_SOFTWARE)) v.val |= SOF_TIMESTAMPING_RX_SOFTWARE; if (sock_flag(sk, SOCK_TIMESTAMPING_SOFTWARE)) v.val |= SOF_TIMESTAMPING_SOFTWARE; if (sock_flag(sk, SOCK_TIMESTAMPING_SYS_HARDWARE)) v.val |= SOF_TIMESTAMPING_SYS_HARDWARE; if (sock_flag(sk, SOCK_TIMESTAMPING_RAW_HARDWARE)) v.val |= SOF_TIMESTAMPING_RAW_HARDWARE; break; case SO_RCVTIMEO: lv = sizeof(struct timeval); if (sk->sk_rcvtimeo == MAX_SCHEDULE_TIMEOUT) { v.tm.tv_sec = 0; v.tm.tv_usec = 0; } else { v.tm.tv_sec = sk->sk_rcvtimeo / HZ; v.tm.tv_usec = ((sk->sk_rcvtimeo % HZ) * 1000000) / HZ; } break; case SO_SNDTIMEO: lv = sizeof(struct timeval); if (sk->sk_sndtimeo == MAX_SCHEDULE_TIMEOUT) { v.tm.tv_sec = 0; v.tm.tv_usec = 0; } else { v.tm.tv_sec = sk->sk_sndtimeo / HZ; v.tm.tv_usec = ((sk->sk_sndtimeo % HZ) * 1000000) / HZ; } break; case SO_RCVLOWAT: v.val = sk->sk_rcvlowat; break; case SO_SNDLOWAT: v.val = 1; break; case SO_PASSCRED: v.val = test_bit(SOCK_PASSCRED, &sock->flags) ? 1 : 0; break; case SO_PEERCRED: { struct ucred peercred; if (len > sizeof(peercred)) len = sizeof(peercred); cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred); if (copy_to_user(optval, &peercred, len)) return -EFAULT; goto lenout; } case SO_PEERNAME: { char address[128]; if (sock->ops->getname(sock, (struct sockaddr *)address, &lv, 2)) return -ENOTCONN; if (lv < len) return -EINVAL; if (copy_to_user(optval, address, len)) return -EFAULT; goto lenout; } case SO_ACCEPTCONN: v.val = sk->sk_state == TCP_LISTEN; break; case SO_PASSSEC: v.val = test_bit(SOCK_PASSSEC, &sock->flags) ? 1 : 0; break; case SO_PEERSEC: return security_socket_getpeersec_stream(sock, optval, optlen, len); case SO_MARK: v.val = sk->sk_mark; break; case SO_RXQ_OVFL: v.val = !!sock_flag(sk, SOCK_RXQ_OVFL); break; case SO_WIFI_STATUS: v.val = !!sock_flag(sk, SOCK_WIFI_STATUS); break; case SO_PEEK_OFF: if (!sock->ops->set_peek_off) return -EOPNOTSUPP; v.val = sk->sk_peek_off; break; case SO_NOFCS: v.val = !!sock_flag(sk, SOCK_NOFCS); break; default: return -ENOPROTOOPT; } if (len > lv) len = lv; if (copy_to_user(optval, &v, len)) return -EFAULT; lenout: if (put_user(len, optlen)) return -EFAULT; return 0; }",visit repo url,net/core/sock.c,https://github.com/torvalds/linux,196150411700964,1 1608,CWE-416,"int inet6_sk_rebuild_header(struct sock *sk) { struct ipv6_pinfo *np = inet6_sk(sk); struct dst_entry *dst; dst = __sk_dst_check(sk, np->dst_cookie); if (!dst) { struct inet_sock *inet = inet_sk(sk); struct in6_addr *final_p, final; struct flowi6 fl6; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_proto = sk->sk_protocol; fl6.daddr = sk->sk_v6_daddr; fl6.saddr = np->saddr; fl6.flowlabel = np->flow_label; fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = sk->sk_mark; fl6.fl6_dport = inet->inet_dport; fl6.fl6_sport = inet->inet_sport; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); final_p = fl6_update_dst(&fl6, np->opt, &final); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { sk->sk_route_caps = 0; sk->sk_err_soft = -PTR_ERR(dst); return PTR_ERR(dst); } __ip6_dst_store(sk, dst, NULL, NULL); } return 0; }",visit repo url,net/ipv6/af_inet6.c,https://github.com/torvalds/linux,100453078732465,1 4832,CWE-119,"int sc_file_set_sec_attr(sc_file_t *file, const u8 *sec_attr, size_t sec_attr_len) { u8 *tmp; if (!sc_file_valid(file)) { return SC_ERROR_INVALID_ARGUMENTS; } if (sec_attr == NULL) { if (file->sec_attr != NULL) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return 0; } tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); if (!tmp) { if (file->sec_attr) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; return 0; }",visit repo url,src/libopensc/sc.c,https://github.com/OpenSC/OpenSC,171861329616562,1 2843,NVD-CWE-Other,"cmsPipeline* DefaultICCintents(cmsContext ContextID, cmsUInt32Number nProfiles, cmsUInt32Number TheIntents[], cmsHPROFILE hProfiles[], cmsBool BPC[], cmsFloat64Number AdaptationStates[], cmsUInt32Number dwFlags) { cmsPipeline* Lut = NULL; cmsPipeline* Result; cmsHPROFILE hProfile; cmsMAT3 m; cmsVEC3 off; cmsColorSpaceSignature ColorSpaceIn, ColorSpaceOut, CurrentColorSpace; cmsProfileClassSignature ClassSig; cmsUInt32Number i, Intent; if (nProfiles == 0) return NULL; Result = cmsPipelineAlloc(ContextID, 0, 0); if (Result == NULL) return NULL; CurrentColorSpace = cmsGetColorSpace(hProfiles[0]); for (i=0; i < nProfiles; i++) { cmsBool lIsDeviceLink, lIsInput; hProfile = hProfiles[i]; ClassSig = cmsGetDeviceClass(hProfile); lIsDeviceLink = (ClassSig == cmsSigLinkClass || ClassSig == cmsSigAbstractClass ); if ((i == 0) && !lIsDeviceLink) { lIsInput = TRUE; } else { lIsInput = (CurrentColorSpace != cmsSigXYZData) && (CurrentColorSpace != cmsSigLabData); } Intent = TheIntents[i]; if (lIsInput || lIsDeviceLink) { ColorSpaceIn = cmsGetColorSpace(hProfile); ColorSpaceOut = cmsGetPCS(hProfile); } else { ColorSpaceIn = cmsGetPCS(hProfile); ColorSpaceOut = cmsGetColorSpace(hProfile); } if (!ColorSpaceIsCompatible(ColorSpaceIn, CurrentColorSpace)) { cmsSignalError(ContextID, cmsERROR_COLORSPACE_CHECK, ""ColorSpace mismatch""); goto Error; } if (lIsDeviceLink || ((ClassSig == cmsSigNamedColorClass) && (nProfiles == 1))) { Lut = _cmsReadDevicelinkLUT(hProfile, Intent); if (Lut == NULL) goto Error; if (ClassSig == cmsSigAbstractClass && i > 0) { if (!ComputeConversion(i, hProfiles, Intent, BPC[i], AdaptationStates[i], &m, &off)) goto Error; } else { _cmsMAT3identity(&m); _cmsVEC3init(&off, 0, 0, 0); } if (!AddConversion(Result, CurrentColorSpace, ColorSpaceIn, &m, &off)) goto Error; } else { if (lIsInput) { Lut = _cmsReadInputLUT(hProfile, Intent); if (Lut == NULL) goto Error; } else { Lut = _cmsReadOutputLUT(hProfile, Intent); if (Lut == NULL) goto Error; if (!ComputeConversion(i, hProfiles, Intent, BPC[i], AdaptationStates[i], &m, &off)) goto Error; if (!AddConversion(Result, CurrentColorSpace, ColorSpaceIn, &m, &off)) goto Error; } } if (!cmsPipelineCat(Result, Lut)) goto Error; cmsPipelineFree(Lut); CurrentColorSpace = ColorSpaceOut; } return Result; Error: cmsPipelineFree(Lut); if (Result != NULL) cmsPipelineFree(Result); return NULL; cmsUNUSED_PARAMETER(dwFlags); }",visit repo url,src/cmscnvrt.c,https://github.com/mm2/Little-CMS,168348318467204,1 4831,['CWE-189'],"static int ecryptfs_decrypt_extent(struct page *page, struct ecryptfs_crypt_stat *crypt_stat, struct page *enc_extent_page, unsigned long extent_offset) { loff_t extent_base; char extent_iv[ECRYPTFS_MAX_IV_BYTES]; int rc; extent_base = (((loff_t)page->index) * (PAGE_CACHE_SIZE / crypt_stat->extent_size)); rc = ecryptfs_derive_iv(extent_iv, crypt_stat, (extent_base + extent_offset)); if (rc) { ecryptfs_printk(KERN_ERR, ""Error attempting to "" ""derive IV for extent [0x%.16x]; "" ""rc = [%d]\n"", (extent_base + extent_offset), rc); goto out; } if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""Decrypting extent "" ""with iv:\n""); ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes); ecryptfs_printk(KERN_DEBUG, ""First 8 bytes before "" ""decryption:\n""); ecryptfs_dump_hex((char *) (page_address(enc_extent_page) + (extent_offset * crypt_stat->extent_size)), 8); } rc = ecryptfs_decrypt_page_offset(crypt_stat, page, (extent_offset * crypt_stat->extent_size), enc_extent_page, 0, crypt_stat->extent_size, extent_iv); if (rc < 0) { printk(KERN_ERR ""%s: Error attempting to decrypt to page with "" ""page->index = [%ld], extent_offset = [%ld]; "" ""rc = [%d]\n"", __func__, page->index, extent_offset, rc); goto out; } rc = 0; if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""Decrypt extent [0x%.16x]; "" ""rc = [%d]\n"", (extent_base + extent_offset), rc); ecryptfs_printk(KERN_DEBUG, ""First 8 bytes after "" ""decryption:\n""); ecryptfs_dump_hex((char *)(page_address(page) + (extent_offset * crypt_stat->extent_size)), 8); } out: return rc; }",linux-2.6,,,277507154161495951053926748122234541093,0 3650,CWE-200,"CAMLprim value caml_alloc_dummy(value size) { mlsize_t wosize = Int_val(size); if (wosize == 0) return Atom(0); return caml_alloc (wosize, 0); }",visit repo url,byterun/alloc.c,https://github.com/ocaml/ocaml,244407536202463,1 1482,[],"static int sched_rt_global_constraints(void) { unsigned long flags; int i; spin_lock_irqsave(&def_rt_bandwidth.rt_runtime_lock, flags); for_each_possible_cpu(i) { struct rt_rq *rt_rq = &cpu_rq(i)->rt; spin_lock(&rt_rq->rt_runtime_lock); rt_rq->rt_runtime = global_rt_runtime(); spin_unlock(&rt_rq->rt_runtime_lock); } spin_unlock_irqrestore(&def_rt_bandwidth.rt_runtime_lock, flags); return 0; }",linux-2.6,,,204622566499479099474609778108553702247,0 3772,CWE-125,"static const char *parse_string(cJSON *item,const char *str,const char **ep) { const char *ptr=str+1,*end_ptr=str+1;char *ptr2;char *out;int len=0;unsigned uc,uc2; if (*str!='\""') {*ep=str;return 0;} while (*end_ptr!='\""' && *end_ptr && ++len) if (*end_ptr++ == '\\') end_ptr++; out=(char*)cJSON_malloc(len+1); if (!out) return 0; item->valuestring=out; item->type=cJSON_String; ptr=str+1;ptr2=out; while (ptr < end_ptr) { if (*ptr!='\\') *ptr2++=*ptr++; else { ptr++; switch (*ptr) { case 'b': *ptr2++='\b'; break; case 'f': *ptr2++='\f'; break; case 'n': *ptr2++='\n'; break; case 'r': *ptr2++='\r'; break; case 't': *ptr2++='\t'; break; case 'u': uc=parse_hex4(ptr+1);ptr+=4; if (ptr >= end_ptr) {*ep=str;return 0;} if ((uc>=0xDC00 && uc<=0xDFFF) || uc==0) {*ep=str;return 0;} if (uc>=0xD800 && uc<=0xDBFF) { if (ptr+6 > end_ptr) {*ep=str;return 0;} if (ptr[1]!='\\' || ptr[2]!='u') {*ep=str;return 0;} uc2=parse_hex4(ptr+3);ptr+=6; if (uc2<0xDC00 || uc2>0xDFFF) {*ep=str;return 0;} uc=0x10000 + (((uc&0x3FF)<<10) | (uc2&0x3FF)); } len=4;if (uc<0x80) len=1;else if (uc<0x800) len=2;else if (uc<0x10000) len=3; ptr2+=len; switch (len) { case 4: *--ptr2 =((uc | 0x80) & 0xBF); uc >>= 6; case 3: *--ptr2 =((uc | 0x80) & 0xBF); uc >>= 6; case 2: *--ptr2 =((uc | 0x80) & 0xBF); uc >>= 6; case 1: *--ptr2 =(uc | firstByteMark[len]); } ptr2+=len; break; default: *ptr2++=*ptr; break; } ptr++; } } *ptr2=0; if (*ptr=='\""') ptr++; return ptr; }",visit repo url,cJSON.c,https://github.com/DaveGamble/cJSON,90233625520398,1 1833,['CWE-189'],"check_server_params (gnutls_session_t session, gnutls_kx_algorithm_t kx, gnutls_kx_algorithm_t * alg, int alg_size) { int cred_type; gnutls_dh_params_t dh_params = NULL; gnutls_rsa_params_t rsa_params = NULL; int j; cred_type = _gnutls_map_kx_get_cred (kx, 1); if (cred_type == GNUTLS_CRD_CERTIFICATE) { int delete; gnutls_certificate_credentials_t x509_cred = (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, cred_type, NULL); if (x509_cred != NULL) { dh_params = _gnutls_get_dh_params (x509_cred->dh_params, x509_cred->params_func, session); rsa_params = _gnutls_certificate_get_rsa_params (x509_cred->rsa_params, x509_cred->params_func, session); } delete = 1; for (j = 0; j < alg_size; j++) { if (alg[j] == kx) { delete = 0; break; } } if (delete == 1) return 1; #ifdef ENABLE_ANON } else if (cred_type == GNUTLS_CRD_ANON) { gnutls_anon_server_credentials_t anon_cred = (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key, cred_type, NULL); if (anon_cred != NULL) { dh_params = _gnutls_get_dh_params (anon_cred->dh_params, anon_cred->params_func, session); } #endif #ifdef ENABLE_PSK } else if (cred_type == GNUTLS_CRD_PSK) { gnutls_psk_server_credentials_t psk_cred = (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key, cred_type, NULL); if (psk_cred != NULL) { dh_params = _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func, session); } #endif } else return 0; if (_gnutls_kx_needs_rsa_params (kx) != 0) { if (_gnutls_rsa_params_to_mpi (rsa_params) == NULL) { gnutls_assert (); return 1; } } if (_gnutls_kx_needs_dh_params (kx) != 0) { if (_gnutls_dh_params_to_mpi (dh_params) == NULL) { gnutls_assert (); return 1; } } return 0; }",gnutls,,,140211260869400219982292140191946041649,0 5048,CWE-190,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 95,['CWE-787'],"static uint8_t cirrus_mmio_blt_read(CirrusVGAState * s, unsigned address) { int value = 0xff; switch (address) { case (CIRRUS_MMIO_BLTBGCOLOR + 0): cirrus_hook_read_gr(s, 0x00, &value); break; case (CIRRUS_MMIO_BLTBGCOLOR + 1): cirrus_hook_read_gr(s, 0x10, &value); break; case (CIRRUS_MMIO_BLTBGCOLOR + 2): cirrus_hook_read_gr(s, 0x12, &value); break; case (CIRRUS_MMIO_BLTBGCOLOR + 3): cirrus_hook_read_gr(s, 0x14, &value); break; case (CIRRUS_MMIO_BLTFGCOLOR + 0): cirrus_hook_read_gr(s, 0x01, &value); break; case (CIRRUS_MMIO_BLTFGCOLOR + 1): cirrus_hook_read_gr(s, 0x11, &value); break; case (CIRRUS_MMIO_BLTFGCOLOR + 2): cirrus_hook_read_gr(s, 0x13, &value); break; case (CIRRUS_MMIO_BLTFGCOLOR + 3): cirrus_hook_read_gr(s, 0x15, &value); break; case (CIRRUS_MMIO_BLTWIDTH + 0): cirrus_hook_read_gr(s, 0x20, &value); break; case (CIRRUS_MMIO_BLTWIDTH + 1): cirrus_hook_read_gr(s, 0x21, &value); break; case (CIRRUS_MMIO_BLTHEIGHT + 0): cirrus_hook_read_gr(s, 0x22, &value); break; case (CIRRUS_MMIO_BLTHEIGHT + 1): cirrus_hook_read_gr(s, 0x23, &value); break; case (CIRRUS_MMIO_BLTDESTPITCH + 0): cirrus_hook_read_gr(s, 0x24, &value); break; case (CIRRUS_MMIO_BLTDESTPITCH + 1): cirrus_hook_read_gr(s, 0x25, &value); break; case (CIRRUS_MMIO_BLTSRCPITCH + 0): cirrus_hook_read_gr(s, 0x26, &value); break; case (CIRRUS_MMIO_BLTSRCPITCH + 1): cirrus_hook_read_gr(s, 0x27, &value); break; case (CIRRUS_MMIO_BLTDESTADDR + 0): cirrus_hook_read_gr(s, 0x28, &value); break; case (CIRRUS_MMIO_BLTDESTADDR + 1): cirrus_hook_read_gr(s, 0x29, &value); break; case (CIRRUS_MMIO_BLTDESTADDR + 2): cirrus_hook_read_gr(s, 0x2a, &value); break; case (CIRRUS_MMIO_BLTSRCADDR + 0): cirrus_hook_read_gr(s, 0x2c, &value); break; case (CIRRUS_MMIO_BLTSRCADDR + 1): cirrus_hook_read_gr(s, 0x2d, &value); break; case (CIRRUS_MMIO_BLTSRCADDR + 2): cirrus_hook_read_gr(s, 0x2e, &value); break; case CIRRUS_MMIO_BLTWRITEMASK: cirrus_hook_read_gr(s, 0x2f, &value); break; case CIRRUS_MMIO_BLTMODE: cirrus_hook_read_gr(s, 0x30, &value); break; case CIRRUS_MMIO_BLTROP: cirrus_hook_read_gr(s, 0x32, &value); break; case CIRRUS_MMIO_BLTMODEEXT: cirrus_hook_read_gr(s, 0x33, &value); break; case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0): cirrus_hook_read_gr(s, 0x34, &value); break; case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1): cirrus_hook_read_gr(s, 0x35, &value); break; case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0): cirrus_hook_read_gr(s, 0x38, &value); break; case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1): cirrus_hook_read_gr(s, 0x39, &value); break; case CIRRUS_MMIO_BLTSTATUS: cirrus_hook_read_gr(s, 0x31, &value); break; default: #ifdef DEBUG_CIRRUS printf(""cirrus: mmio read - address 0x%04x\n"", address); #endif break; } return (uint8_t) value; }",qemu,,,234655384059631798367929055104441937487,0 607,['CWE-200'],"void low_hash_fault(struct pt_regs *regs, unsigned long address) { if (user_mode(regs)) { siginfo_t info; info.si_signo = SIGBUS; info.si_errno = 0; info.si_code = BUS_ADRERR; info.si_addr = (void __user *)address; force_sig_info(SIGBUS, &info, current); return; } bad_page_fault(regs, address, SIGBUS); }",linux-2.6,,,340204267598531901291728222951174968279,0 3361,CWE-416,"int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char* dbname, char* user, char* password) { #ifdef dTHR dTHR; #endif dTHX; D_imp_xxh(dbh); if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""imp_dbh->connect: dsn = %s, uid = %s, pwd = %s\n"", dbname ? dbname : ""NULL"", user ? user : ""NULL"", password ? password : ""NULL""); imp_dbh->stats.auto_reconnects_ok= 0; imp_dbh->stats.auto_reconnects_failed= 0; imp_dbh->bind_type_guessing= FALSE; imp_dbh->bind_comment_placeholders= FALSE; imp_dbh->has_transactions= TRUE; imp_dbh->auto_reconnect = FALSE; #if defined(sv_utf8_decode) && MYSQL_VERSION_ID >=SERVER_PREPARE_VERSION imp_dbh->enable_utf8 = FALSE; #endif if (!my_login(aTHX_ dbh, imp_dbh)) { do_error(dbh, mysql_errno(imp_dbh->pmysql), mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql)); return FALSE; } DBIc_ACTIVE_on(imp_dbh); DBIc_on(imp_dbh, DBIcf_IMPSET); return TRUE; }",visit repo url,dbdimp.c,https://github.com/perl5-dbi/DBD-mysql,186384381265301,1 1967,['CWE-20'],"static noinline int do_no_pfn(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, int write_access) { spinlock_t *ptl; pte_t entry; unsigned long pfn; pte_unmap(page_table); BUG_ON(!(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP))); BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags)); pfn = vma->vm_ops->nopfn(vma, address & PAGE_MASK); BUG_ON((vma->vm_flags & VM_MIXEDMAP) && pfn_valid(pfn)); if (unlikely(pfn == NOPFN_OOM)) return VM_FAULT_OOM; else if (unlikely(pfn == NOPFN_SIGBUS)) return VM_FAULT_SIGBUS; else if (unlikely(pfn == NOPFN_REFAULT)) return 0; page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (pte_none(*page_table)) { entry = pfn_pte(pfn, vma->vm_page_prot); if (write_access) entry = maybe_mkwrite(pte_mkdirty(entry), vma); set_pte_at(mm, address, page_table, entry); } pte_unmap_unlock(page_table, ptl); return 0; }",linux-2.6,,,152211791974505864191806190183383062034,0 874,['CWE-200'],"static void shmem_truncate_range(struct inode *inode, loff_t start, loff_t end) { struct shmem_inode_info *info = SHMEM_I(inode); unsigned long idx; unsigned long size; unsigned long limit; unsigned long stage; unsigned long diroff; struct page **dir; struct page *topdir; struct page *middir; struct page *subdir; swp_entry_t *ptr; LIST_HEAD(pages_to_free); long nr_pages_to_free = 0; long nr_swaps_freed = 0; int offset; int freed; int punch_hole; spinlock_t *needs_lock; spinlock_t *punch_lock; unsigned long upper_limit; inode->i_ctime = inode->i_mtime = CURRENT_TIME; idx = (start + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; if (idx >= info->next_index) return; spin_lock(&info->lock); info->flags |= SHMEM_TRUNCATE; if (likely(end == (loff_t) -1)) { limit = info->next_index; upper_limit = SHMEM_MAX_INDEX; info->next_index = idx; needs_lock = NULL; punch_hole = 0; } else { if (end + 1 >= inode->i_size) { limit = (inode->i_size + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; upper_limit = SHMEM_MAX_INDEX; } else { limit = (end + 1) >> PAGE_CACHE_SHIFT; upper_limit = limit; } needs_lock = &info->lock; punch_hole = 1; } topdir = info->i_indirect; if (topdir && idx <= SHMEM_NR_DIRECT && !punch_hole) { info->i_indirect = NULL; nr_pages_to_free++; list_add(&topdir->lru, &pages_to_free); } spin_unlock(&info->lock); if (info->swapped && idx < SHMEM_NR_DIRECT) { ptr = info->i_direct; size = limit; if (size > SHMEM_NR_DIRECT) size = SHMEM_NR_DIRECT; nr_swaps_freed = shmem_free_swp(ptr+idx, ptr+size, needs_lock); } if (!topdir || limit <= SHMEM_NR_DIRECT) goto done2; upper_limit -= SHMEM_NR_DIRECT; limit -= SHMEM_NR_DIRECT; idx = (idx > SHMEM_NR_DIRECT)? (idx - SHMEM_NR_DIRECT): 0; offset = idx % ENTRIES_PER_PAGE; idx -= offset; dir = shmem_dir_map(topdir); stage = ENTRIES_PER_PAGEPAGE/2; if (idx < ENTRIES_PER_PAGEPAGE/2) { middir = topdir; diroff = idx/ENTRIES_PER_PAGE; } else { dir += ENTRIES_PER_PAGE/2; dir += (idx - ENTRIES_PER_PAGEPAGE/2)/ENTRIES_PER_PAGEPAGE; while (stage <= idx) stage += ENTRIES_PER_PAGEPAGE; middir = *dir; if (*dir) { diroff = ((idx - ENTRIES_PER_PAGEPAGE/2) % ENTRIES_PER_PAGEPAGE) / ENTRIES_PER_PAGE; if (!diroff && !offset && upper_limit >= stage) { if (needs_lock) { spin_lock(needs_lock); *dir = NULL; spin_unlock(needs_lock); needs_lock = NULL; } else *dir = NULL; nr_pages_to_free++; list_add(&middir->lru, &pages_to_free); } shmem_dir_unmap(dir); dir = shmem_dir_map(middir); } else { diroff = 0; offset = 0; idx = stage; } } for (; idx < limit; idx += ENTRIES_PER_PAGE, diroff++) { if (unlikely(idx == stage)) { shmem_dir_unmap(dir); dir = shmem_dir_map(topdir) + ENTRIES_PER_PAGE/2 + idx/ENTRIES_PER_PAGEPAGE; while (!*dir) { dir++; idx += ENTRIES_PER_PAGEPAGE; if (idx >= limit) goto done1; } stage = idx + ENTRIES_PER_PAGEPAGE; middir = *dir; if (punch_hole) needs_lock = &info->lock; if (upper_limit >= stage) { if (needs_lock) { spin_lock(needs_lock); *dir = NULL; spin_unlock(needs_lock); needs_lock = NULL; } else *dir = NULL; nr_pages_to_free++; list_add(&middir->lru, &pages_to_free); } shmem_dir_unmap(dir); cond_resched(); dir = shmem_dir_map(middir); diroff = 0; } punch_lock = needs_lock; subdir = dir[diroff]; if (subdir && !offset && upper_limit-idx >= ENTRIES_PER_PAGE) { if (needs_lock) { spin_lock(needs_lock); dir[diroff] = NULL; spin_unlock(needs_lock); punch_lock = NULL; } else dir[diroff] = NULL; nr_pages_to_free++; list_add(&subdir->lru, &pages_to_free); } if (subdir && page_private(subdir) ) { size = limit - idx; if (size > ENTRIES_PER_PAGE) size = ENTRIES_PER_PAGE; freed = shmem_map_and_free_swp(subdir, offset, size, &dir, punch_lock); if (!dir) dir = shmem_dir_map(middir); nr_swaps_freed += freed; if (offset || punch_lock) { spin_lock(&info->lock); set_page_private(subdir, page_private(subdir) - freed); spin_unlock(&info->lock); } else BUG_ON(page_private(subdir) != freed); } offset = 0; } done1: shmem_dir_unmap(dir); done2: if (inode->i_mapping->nrpages && (info->flags & SHMEM_PAGEIN)) { truncate_inode_pages_range(inode->i_mapping, start, end); if (punch_hole) unmap_mapping_range(inode->i_mapping, start, end - start, 1); } spin_lock(&info->lock); info->flags &= ~SHMEM_TRUNCATE; info->swapped -= nr_swaps_freed; if (nr_pages_to_free) shmem_free_blocks(inode, nr_pages_to_free); shmem_recalc_inode(inode); spin_unlock(&info->lock); if (!list_empty(&pages_to_free)) { pages_to_free.prev->next = NULL; shmem_free_pages(pages_to_free.next); } }",linux-2.6,,,64022316560283190969281386463324690877,0 2729,CWE-415,"PHP_FUNCTION(mb_ereg_search_init) { size_t argc = ZEND_NUM_ARGS(); zval *arg_str; char *arg_pattern = NULL, *arg_options = NULL; int arg_pattern_len = 0, arg_options_len = 0; OnigSyntaxType *syntax = NULL; OnigOptionType option; if (zend_parse_parameters(argc TSRMLS_CC, ""z|ss"", &arg_str, &arg_pattern, &arg_pattern_len, &arg_options, &arg_options_len) == FAILURE) { return; } if (argc > 1 && arg_pattern_len == 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Empty pattern""); RETURN_FALSE; } option = MBREX(regex_default_options); syntax = MBREX(regex_default_syntax); if (argc == 3) { option = 0; _php_mb_regex_init_options(arg_options, arg_options_len, &option, &syntax, NULL); } if (argc > 1) { if ((MBREX(search_re) = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, option, MBREX(current_mbctype), syntax TSRMLS_CC)) == NULL) { RETURN_FALSE; } } if (MBREX(search_str) != NULL) { zval_ptr_dtor(&MBREX(search_str)); MBREX(search_str) = (zval *)NULL; } MBREX(search_str) = arg_str; Z_ADDREF_P(MBREX(search_str)); SEPARATE_ZVAL_IF_NOT_REF(&MBREX(search_str)); MBREX(search_pos) = 0; if (MBREX(search_regs) != NULL) { onig_region_free(MBREX(search_regs), 1); MBREX(search_regs) = (OnigRegion *) NULL; } RETURN_TRUE; }",visit repo url,ext/mbstring/php_mbregex.c,https://github.com/php/php-src,276675801140024,1 514,['CWE-399'],"static void *pwc_rvmalloc(unsigned long size) { void * mem; unsigned long adr; mem=vmalloc_32(size); if (!mem) return NULL; memset(mem, 0, size); adr=(unsigned long) mem; while (size > 0) { SetPageReserved(vmalloc_to_page((void *)adr)); adr += PAGE_SIZE; size -= PAGE_SIZE; } return mem; }",linux-2.6,,,24278392485146307609417165696245867507,0 3913,CWE-416,"process_next_cpt_value( ins_compl_next_state_T *st, int *compl_type_arg, pos_T *start_match_pos) { int compl_type = -1; int status = INS_COMPL_CPT_OK; st->found_all = FALSE; while (*st->e_cpt == ',' || *st->e_cpt == ' ') st->e_cpt++; if (*st->e_cpt == '.' && !curbuf->b_scanned) { st->ins_buf = curbuf; st->first_match_pos = *start_match_pos; if (ctrl_x_mode_normal() && dec(&st->first_match_pos) < 0) { st->first_match_pos.lnum = st->ins_buf->b_ml.ml_line_count; st->first_match_pos.col = (colnr_T)STRLEN(ml_get(st->first_match_pos.lnum)); } st->last_match_pos = st->first_match_pos; compl_type = 0; st->set_match_pos = TRUE; } else if (vim_strchr((char_u *)""buwU"", *st->e_cpt) != NULL && (st->ins_buf = ins_compl_next_buf(st->ins_buf, *st->e_cpt)) != curbuf) { if (st->ins_buf->b_ml.ml_mfp != NULL) { compl_started = TRUE; st->first_match_pos.col = st->last_match_pos.col = 0; st->first_match_pos.lnum = st->ins_buf->b_ml.ml_line_count + 1; st->last_match_pos.lnum = 0; compl_type = 0; } else { st->found_all = TRUE; if (st->ins_buf->b_fname == NULL) { status = INS_COMPL_CPT_CONT; goto done; } compl_type = CTRL_X_DICTIONARY; st->dict = st->ins_buf->b_fname; st->dict_f = DICT_EXACT; } msg_hist_off = TRUE; vim_snprintf((char *)IObuff, IOSIZE, _(""Scanning: %s""), st->ins_buf->b_fname == NULL ? buf_spname(st->ins_buf) : st->ins_buf->b_sfname == NULL ? st->ins_buf->b_fname : st->ins_buf->b_sfname); (void)msg_trunc_attr((char *)IObuff, TRUE, HL_ATTR(HLF_R)); } else if (*st->e_cpt == NUL) status = INS_COMPL_CPT_END; else { if (ctrl_x_mode_line_or_eval()) compl_type = -1; else if (*st->e_cpt == 'k' || *st->e_cpt == 's') { if (*st->e_cpt == 'k') compl_type = CTRL_X_DICTIONARY; else compl_type = CTRL_X_THESAURUS; if (*++st->e_cpt != ',' && *st->e_cpt != NUL) { st->dict = st->e_cpt; st->dict_f = DICT_FIRST; } } #ifdef FEAT_FIND_ID else if (*st->e_cpt == 'i') compl_type = CTRL_X_PATH_PATTERNS; else if (*st->e_cpt == 'd') compl_type = CTRL_X_PATH_DEFINES; #endif else if (*st->e_cpt == ']' || *st->e_cpt == 't') { msg_hist_off = TRUE; compl_type = CTRL_X_TAGS; vim_snprintf((char *)IObuff, IOSIZE, _(""Scanning tags."")); (void)msg_trunc_attr((char *)IObuff, TRUE, HL_ATTR(HLF_R)); } else compl_type = -1; (void)copy_option_part(&st->e_cpt, IObuff, IOSIZE, "",""); st->found_all = TRUE; if (compl_type == -1) status = INS_COMPL_CPT_CONT; } done: *compl_type_arg = compl_type; return status; }",visit repo url,src/insexpand.c,https://github.com/vim/vim,273005605768084,1 5651,CWE-125,"repodata_schema2id(Repodata *data, Id *schema, int create) { int h, len, i; Id *sp, cid; Id *schematahash; if (!*schema) return 0; if ((schematahash = data->schematahash) == 0) { data->schematahash = schematahash = solv_calloc(256, sizeof(Id)); for (i = 1; i < data->nschemata; i++) { for (sp = data->schemadata + data->schemata[i], h = 0; *sp;) h = h * 7 + *sp++; h &= 255; schematahash[h] = i; } data->schemadata = solv_extend_resize(data->schemadata, data->schemadatalen, sizeof(Id), SCHEMATADATA_BLOCK); data->schemata = solv_extend_resize(data->schemata, data->nschemata, sizeof(Id), SCHEMATA_BLOCK); } for (sp = schema, len = 0, h = 0; *sp; len++) h = h * 7 + *sp++; h &= 255; len++; cid = schematahash[h]; if (cid) { if (!memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) return cid; for (cid = 1; cid < data->nschemata; cid++) if (!memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) return cid; } if (!create) return 0; data->schemadata = solv_extend(data->schemadata, data->schemadatalen, len, sizeof(Id), SCHEMATADATA_BLOCK); data->schemata = solv_extend(data->schemata, data->nschemata, 1, sizeof(Id), SCHEMATA_BLOCK); memcpy(data->schemadata + data->schemadatalen, schema, len * sizeof(Id)); data->schemata[data->nschemata] = data->schemadatalen; data->schemadatalen += len; schematahash[h] = data->nschemata; #if 0 fprintf(stderr, ""schema2id: new schema\n""); #endif return data->nschemata++; }",visit repo url,src/repodata.c,https://github.com/openSUSE/libsolv,104076500341633,1 5976,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_6varint_2read_varint(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_v_f) { Py_ssize_t __pyx_v_shift; Py_ssize_t __pyx_v_result; unsigned char __pyx_v_i; PyObject *__pyx_v_read_one = NULL; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; unsigned char __pyx_t_4; int __pyx_t_5; __Pyx_RefNannySetupContext(""read_varint"", 0); __pyx_v_shift = 0; __pyx_v_result = 0; __pyx_t_1 = __Pyx_PyObject_GetAttrStr(__pyx_v_f, __pyx_n_s_read_one); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 37, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_v_read_one = __pyx_t_1; __pyx_t_1 = 0; while (1) { __Pyx_INCREF(__pyx_v_read_one); __pyx_t_2 = __pyx_v_read_one; __pyx_t_3 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) { __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2); if (likely(__pyx_t_3)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2); __Pyx_INCREF(__pyx_t_3); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_2, function); } } __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3) : __Pyx_PyObject_CallNoArg(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0; if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 40, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_4 = __Pyx_PyInt_As_unsigned_char(__pyx_t_1); if (unlikely((__pyx_t_4 == (unsigned char)-1) && PyErr_Occurred())) __PYX_ERR(0, 40, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_v_i = __pyx_t_4; __pyx_v_result = (__pyx_v_result | ((__pyx_v_i & 0x7f) << __pyx_v_shift)); __pyx_v_shift = (__pyx_v_shift + 7); __pyx_t_5 = ((__pyx_v_i < 0x80) != 0); if (__pyx_t_5) { goto __pyx_L4_break; } } __pyx_L4_break:; __Pyx_XDECREF(__pyx_r); __pyx_t_1 = PyInt_FromSsize_t(__pyx_v_result); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 46, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_r = __pyx_t_1; __pyx_t_1 = 0; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_AddTraceback(""clickhouse_driver.varint.read_varint"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XDECREF(__pyx_v_read_one); __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/varint.c,https://github.com/mymarilyn/clickhouse-driver,42677936011273,1 6475,[],"lt_dlhandle_fetch (lt_dlinterface_id iface, const char *module_name) { lt_dlhandle handle = 0; assert (iface); while ((handle = lt_dlhandle_iterate (iface, handle))) { lt_dlhandle cur = handle; if (cur && cur->info.name && streq (cur->info.name, module_name)) break; } return handle; }",libtool,,,108103909478423532041248850424469393280,0 6310,['CWE-200'],"void neigh_table_init(struct neigh_table *tbl) { unsigned long now = jiffies; unsigned long phsize; atomic_set(&tbl->parms.refcnt, 1); INIT_RCU_HEAD(&tbl->parms.rcu_head); tbl->parms.reachable_time = neigh_rand_reach_time(tbl->parms.base_reachable_time); if (!tbl->kmem_cachep) tbl->kmem_cachep = kmem_cache_create(tbl->id, tbl->entry_size, 0, SLAB_HWCACHE_ALIGN, NULL, NULL); if (!tbl->kmem_cachep) panic(""cannot create neighbour cache""); tbl->stats = alloc_percpu(struct neigh_statistics); if (!tbl->stats) panic(""cannot create neighbour cache statistics""); #ifdef CONFIG_PROC_FS tbl->pde = create_proc_entry(tbl->id, 0, proc_net_stat); if (!tbl->pde) panic(""cannot create neighbour proc dir entry""); tbl->pde->proc_fops = &neigh_stat_seq_fops; tbl->pde->data = tbl; #endif tbl->hash_mask = 1; tbl->hash_buckets = neigh_hash_alloc(tbl->hash_mask + 1); phsize = (PNEIGH_HASHMASK + 1) * sizeof(struct pneigh_entry *); tbl->phash_buckets = kmalloc(phsize, GFP_KERNEL); if (!tbl->hash_buckets || !tbl->phash_buckets) panic(""cannot allocate neighbour cache hashes""); memset(tbl->phash_buckets, 0, phsize); get_random_bytes(&tbl->hash_rnd, sizeof(tbl->hash_rnd)); rwlock_init(&tbl->lock); init_timer(&tbl->gc_timer); tbl->gc_timer.data = (unsigned long)tbl; tbl->gc_timer.function = neigh_periodic_timer; tbl->gc_timer.expires = now + 1; add_timer(&tbl->gc_timer); init_timer(&tbl->proxy_timer); tbl->proxy_timer.data = (unsigned long)tbl; tbl->proxy_timer.function = neigh_proxy_process; skb_queue_head_init(&tbl->proxy_queue); tbl->last_flush = now; tbl->last_rand = now + tbl->parms.reachable_time * 20; write_lock(&neigh_tbl_lock); tbl->next = neigh_tables; neigh_tables = tbl; write_unlock(&neigh_tbl_lock); }",linux-2.6,,,20430728187028305276976619520006863161,0 5932,CWE-120,"static void mdbEvalSetColumn(MyDbEvalContext *p, int iCol, Jsi_DString *dStr) { char nbuf[200]; MysqlPrep *prep = p->prep; SqlFieldResults *field = prep->fieldResult+iCol; Jsi_Interp *interp = p->jdb->interp; if (field->isnull) return; switch(field->jsiTypeMap) { case JSI_OPTION_STRING: { int bytes = field->len; const char *zBlob = field->buffer.vstring; if( !zBlob ) { const char *nv = p->jdb->optPtr->nullvalue; Jsi_DSAppend(dStr, nv?nv:""null"", NULL); return; } Jsi_DSAppendLen(dStr, zBlob, bytes); return; } case JSI_OPTION_BOOL: { snprintf(nbuf, sizeof(nbuf), ""%s"", field->buffer.vchar?""true"":""false""); Jsi_DSAppend(dStr, nbuf, NULL); return; } case JSI_OPTION_INT64: { snprintf(nbuf, sizeof(nbuf), ""%lld"", field->buffer.vlonglong); Jsi_DSAppend(dStr, nbuf, NULL); return; } case JSI_OPTION_TIME_D: case JSI_OPTION_TIME_W: { Jsi_Number jtime = mdbMyTimeToJS(&field->buffer.timestamp); Jsi_NumberToString(interp, jtime, nbuf, sizeof(nbuf)); Jsi_DSAppend(dStr, nbuf, NULL); return; } case JSI_OPTION_DOUBLE: { Jsi_NumberToString(interp, field->buffer.vdouble, nbuf, sizeof(nbuf)); Jsi_DSAppend(dStr, nbuf, NULL); return; } default: Jsi_LogWarn(""unknown type: %d"", field->jsiTypeMap); } }",visit repo url,src/jsiMySql.c,https://github.com/pcmacdon/jsish,211347174508585,1 1462,[],"static void __resched_task(struct task_struct *p, int tif_bit) { int cpu; assert_spin_locked(&task_rq(p)->lock); if (unlikely(test_tsk_thread_flag(p, tif_bit))) return; set_tsk_thread_flag(p, tif_bit); cpu = task_cpu(p); if (cpu == smp_processor_id()) return; smp_mb(); if (!tsk_is_polling(p)) smp_send_reschedule(cpu); }",linux-2.6,,,87526718948605047452179819694587156776,0 5081,['CWE-20'],"static void __exit vmx_exit(void) { __free_page(vmx_msr_bitmap); __free_page(vmx_io_bitmap_b); __free_page(vmx_io_bitmap_a); kvm_exit(); }",linux-2.6,,,207781151737563888529383836443356854716,0 1738,CWE-264,"void ion_free(struct ion_client *client, struct ion_handle *handle) { bool valid_handle; BUG_ON(client != handle->client); mutex_lock(&client->lock); valid_handle = ion_handle_validate(client, handle); if (!valid_handle) { WARN(1, ""%s: invalid handle passed to free.\n"", __func__); mutex_unlock(&client->lock); return; } mutex_unlock(&client->lock); ion_handle_put(handle); }",visit repo url,drivers/staging/android/ion/ion.c,https://github.com/torvalds/linux,136014806154574,1 454,CWE-416,"void snd_usb_mixer_disconnect(struct usb_mixer_interface *mixer) { usb_kill_urb(mixer->urb); usb_kill_urb(mixer->rc_urb); }",visit repo url,sound/usb/mixer.c,https://github.com/torvalds/linux,88510464770820,1 5646,['CWE-476'],"unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait) { unsigned int mask = datagram_poll(file, sock, wait); struct sock *sk = sock->sk; if ( (mask & POLLRDNORM) && !(file->f_flags & O_NONBLOCK) && !(sk->sk_shutdown & RCV_SHUTDOWN)){ struct sk_buff_head *rcvq = &sk->sk_receive_queue; struct sk_buff *skb; spin_lock_bh(&rcvq->lock); while ((skb = skb_peek(rcvq)) != NULL) { if (udp_checksum_complete(skb)) { UDP_INC_STATS_BH(UDP_MIB_INERRORS); __skb_unlink(skb, rcvq); kfree_skb(skb); } else { skb->ip_summed = CHECKSUM_UNNECESSARY; break; } } spin_unlock_bh(&rcvq->lock); if (skb == NULL) mask &= ~(POLLIN | POLLRDNORM); } return mask; }",linux-2.6,,,18704156768574759094859770708049832307,0 249,[],"int fat_add_entries(struct inode *dir, void *slots, int nr_slots, struct fat_slot_info *sinfo) { struct super_block *sb = dir->i_sb; struct msdos_sb_info *sbi = MSDOS_SB(sb); struct buffer_head *bh, *prev, *bhs[3]; struct msdos_dir_entry *de; int err, free_slots, i, nr_bhs; loff_t pos, i_pos; sinfo->nr_slots = nr_slots; free_slots = nr_bhs = 0; bh = prev = NULL; pos = 0; err = -ENOSPC; while (fat_get_entry(dir, &pos, &bh, &de) > -1) { if (pos >= FAT_MAX_DIR_SIZE) goto error; if (IS_FREE(de->name)) { if (prev != bh) { get_bh(bh); bhs[nr_bhs] = prev = bh; nr_bhs++; } free_slots++; if (free_slots == nr_slots) goto found; } else { for (i = 0; i < nr_bhs; i++) brelse(bhs[i]); prev = NULL; free_slots = nr_bhs = 0; } } if (dir->i_ino == MSDOS_ROOT_INO) { if (sbi->fat_bits != 32) goto error; } else if (MSDOS_I(dir)->i_start == 0) { printk(KERN_ERR ""FAT: Corrupted directory (i_pos %lld)\n"", MSDOS_I(dir)->i_pos); err = -EIO; goto error; } found: err = 0; pos -= free_slots * sizeof(*de); nr_slots -= free_slots; if (free_slots) { int size = free_slots * sizeof(*de); int offset = pos & (sb->s_blocksize - 1); int long_bhs = nr_bhs - (nr_slots == 0); for (i = 0; i < long_bhs; i++) { int copy = min_t(int, sb->s_blocksize - offset, size); memcpy(bhs[i]->b_data + offset, slots, copy); mark_buffer_dirty(bhs[i]); offset = 0; slots += copy; size -= copy; } if (long_bhs && IS_DIRSYNC(dir)) err = fat_sync_bhs(bhs, long_bhs); if (!err && i < nr_bhs) { int copy = min_t(int, sb->s_blocksize - offset, size); memcpy(bhs[i]->b_data + offset, slots, copy); mark_buffer_dirty(bhs[i]); if (IS_DIRSYNC(dir)) err = sync_dirty_buffer(bhs[i]); } for (i = 0; i < nr_bhs; i++) brelse(bhs[i]); if (err) goto error_remove; } if (nr_slots) { int cluster, nr_cluster; cluster = fat_add_new_entries(dir, slots, nr_slots, &nr_cluster, &de, &bh, &i_pos); if (cluster < 0) { err = cluster; goto error_remove; } err = fat_chain_add(dir, cluster, nr_cluster); if (err) { fat_free_clusters(dir, cluster); goto error_remove; } if (dir->i_size & (sbi->cluster_size - 1)) { fat_fs_panic(sb, ""Odd directory size""); dir->i_size = (dir->i_size + sbi->cluster_size - 1) & ~((loff_t)sbi->cluster_size - 1); } dir->i_size += nr_cluster << sbi->cluster_bits; MSDOS_I(dir)->mmu_private += nr_cluster << sbi->cluster_bits; } sinfo->slot_off = pos; sinfo->de = de; sinfo->bh = bh; sinfo->i_pos = fat_make_i_pos(sb, sinfo->bh, sinfo->de); return 0; error: brelse(bh); for (i = 0; i < nr_bhs; i++) brelse(bhs[i]); return err; error_remove: brelse(bh); if (free_slots) __fat_remove_entries(dir, pos, free_slots); return err; }",linux-2.6,,,98062655516708523091895073723733824570,0 3488,CWE-20,"tPacketIndicationType ParaNdis_PrepareReceivedPacket( PARANDIS_ADAPTER *pContext, pRxNetDescriptor pBuffersDesc, PUINT pnCoalescedSegmentsCount) { PMDL pMDL = pBuffersDesc->Holder; PNET_BUFFER_LIST pNBL = NULL; *pnCoalescedSegmentsCount = 1; if (pMDL) { ULONG nBytesStripped = 0; PNET_PACKET_INFO pPacketInfo = &pBuffersDesc->PacketInfo; if (pContext->ulPriorityVlanSetting && pPacketInfo->hasVlanHeader) { nBytesStripped = ParaNdis_StripVlanHeaderMoveHead(pPacketInfo); } ParaNdis_PadPacketToMinimalLength(pPacketInfo); ParaNdis_AdjustRxBufferHolderLength(pBuffersDesc, nBytesStripped); pNBL = NdisAllocateNetBufferAndNetBufferList(pContext->BufferListsPool, 0, 0, pMDL, nBytesStripped, pPacketInfo->dataLength); if (pNBL) { virtio_net_hdr_basic *pHeader = (virtio_net_hdr_basic *) pBuffersDesc->PhysicalPages[0].Virtual; tChecksumCheckResult csRes; pNBL->SourceHandle = pContext->MiniportHandle; NBLSetRSSInfo(pContext, pNBL, pPacketInfo); NBLSet8021QInfo(pContext, pNBL, pPacketInfo); pNBL->MiniportReserved[0] = pBuffersDesc; #if PARANDIS_SUPPORT_RSC if(pHeader->gso_type != VIRTIO_NET_HDR_GSO_NONE) { *pnCoalescedSegmentsCount = PktGetTCPCoalescedSegmentsCount(pPacketInfo, pContext->MaxPacketSize.nMaxDataSize); NBLSetRSCInfo(pContext, pNBL, pPacketInfo, *pnCoalescedSegmentsCount); } else #endif { csRes = ParaNdis_CheckRxChecksum( pContext, pHeader->flags, &pBuffersDesc->PhysicalPages[PARANDIS_FIRST_RX_DATA_PAGE], pPacketInfo->dataLength, nBytesStripped); if (csRes.value) { NDIS_TCP_IP_CHECKSUM_NET_BUFFER_LIST_INFO qCSInfo; qCSInfo.Value = NULL; qCSInfo.Receive.IpChecksumFailed = csRes.flags.IpFailed; qCSInfo.Receive.IpChecksumSucceeded = csRes.flags.IpOK; qCSInfo.Receive.TcpChecksumFailed = csRes.flags.TcpFailed; qCSInfo.Receive.TcpChecksumSucceeded = csRes.flags.TcpOK; qCSInfo.Receive.UdpChecksumFailed = csRes.flags.UdpFailed; qCSInfo.Receive.UdpChecksumSucceeded = csRes.flags.UdpOK; NET_BUFFER_LIST_INFO(pNBL, TcpIpChecksumNetBufferListInfo) = qCSInfo.Value; DPrintf(1, (""Reporting CS %X->%X\n"", csRes.value, (ULONG)(ULONG_PTR)qCSInfo.Value)); } } pNBL->Status = NDIS_STATUS_SUCCESS; #if defined(ENABLE_HISTORY_LOG) { tTcpIpPacketParsingResult packetReview = ParaNdis_CheckSumVerify( RtlOffsetToPointer(pPacketInfo->headersBuffer, ETH_HEADER_SIZE), pPacketInfo->dataLength, pcrIpChecksum | pcrTcpChecksum | pcrUdpChecksum, __FUNCTION__ ); ParaNdis_DebugHistory(pContext, hopPacketReceived, pNBL, pPacketInfo->dataLength, (ULONG)(ULONG_PTR)qInfo.Value, packetReview.value); } #endif } } return pNBL; }",visit repo url,NetKVM/wlh/ParaNdis6-Impl.cpp,https://github.com/YanVugenfirer/kvm-guest-drivers-windows,53235827998970,1 2502,CWE-787,"static int getnum (const char **fmt, int df) { if (!isdigit(**fmt)) return df; else { int a = 0; do { a = a*10 + *((*fmt)++) - '0'; } while (isdigit(**fmt)); return a; } }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,90908592553212,1 6396,['CWE-59'],"static void print_cifs_mount_version(void) { printf(""mount.cifs version: %s.%s%s\n"", MOUNT_CIFS_VERSION_MAJOR, MOUNT_CIFS_VERSION_MINOR, MOUNT_CIFS_VENDOR_SUFFIX); }",samba,,,23307911306372541272780857975724528564,0 2638,CWE-125,"static int append_multiple_key_values(smart_str* loc_name, HashTable* hash_arr, char* key_name TSRMLS_DC) { zval** ele_value = NULL; int i = 0; int isFirstSubtag = 0; int max_value = 0; if( zend_hash_find( hash_arr , key_name , strlen(key_name) + 1 ,(void **)&ele_value ) == SUCCESS ) { if( Z_TYPE_PP(ele_value) == IS_STRING ){ add_prefix( loc_name , key_name); smart_str_appendl(loc_name, SEPARATOR , sizeof(SEPARATOR)-1); smart_str_appendl(loc_name, Z_STRVAL_PP(ele_value) , Z_STRLEN_PP(ele_value)); return SUCCESS; } else if(Z_TYPE_PP(ele_value) == IS_ARRAY ) { HashPosition pos; HashTable *arr = HASH_OF(*ele_value); zval **data = NULL; zend_hash_internal_pointer_reset_ex(arr, &pos); while(zend_hash_get_current_data_ex(arr, (void **)&data, &pos) != FAILURE) { if(Z_TYPE_PP(data) != IS_STRING) { return FAILURE; } if (isFirstSubtag++ == 0){ add_prefix(loc_name , key_name); } smart_str_appendl(loc_name, SEPARATOR , sizeof(SEPARATOR)-1); smart_str_appendl(loc_name, Z_STRVAL_PP(data) , Z_STRLEN_PP(data)); zend_hash_move_forward_ex(arr, &pos); } return SUCCESS; } else { return FAILURE; } } else { char cur_key_name[31]; if( strcmp(key_name , LOC_VARIANT_TAG) ==0 ){ max_value = MAX_NO_VARIANT; } if( strcmp(key_name , LOC_EXTLANG_TAG) ==0 ){ max_value = MAX_NO_EXTLANG; } if( strcmp(key_name , LOC_PRIVATE_TAG) ==0 ){ max_value = MAX_NO_PRIVATE; } isFirstSubtag = 0; for( i=0 ; i< max_value; i++ ){ snprintf( cur_key_name , 30, ""%s%d"", key_name , i); if( zend_hash_find( hash_arr , cur_key_name , strlen(cur_key_name) + 1,(void **)&ele_value ) == SUCCESS ){ if( Z_TYPE_PP(ele_value)!= IS_STRING ){ return FAILURE; } if (isFirstSubtag++ == 0){ add_prefix(loc_name , cur_key_name); } smart_str_appendl(loc_name, SEPARATOR , sizeof(SEPARATOR)-1); smart_str_appendl(loc_name, Z_STRVAL_PP(ele_value) , Z_STRLEN_PP(ele_value)); } } } return SUCCESS; }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,141316631043508,1 3693,[],"int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm = (__force struct cmsghdr __user *)msg->msg_control; struct cmsghdr cmhdr; int cmlen = CMSG_LEN(len); int err; if (MSG_CMSG_COMPAT & msg->msg_flags) return put_cmsg_compat(msg, level, type, len, data); if (cm==NULL || msg->msg_controllen < sizeof(*cm)) { msg->msg_flags |= MSG_CTRUNC; return 0; } if (msg->msg_controllen < cmlen) { msg->msg_flags |= MSG_CTRUNC; cmlen = msg->msg_controllen; } cmhdr.cmsg_level = level; cmhdr.cmsg_type = type; cmhdr.cmsg_len = cmlen; err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) goto out; if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr))) goto out; cmlen = CMSG_SPACE(len); if (msg->msg_controllen < cmlen) cmlen = msg->msg_controllen; msg->msg_control += cmlen; msg->msg_controllen -= cmlen; err = 0; out: return err; }",linux-2.6,,,89993164877718434588395346001721337382,0 3036,['CWE-189'],"char *jas_image_fmttostr(int fmt) { jas_image_fmtinfo_t *fmtinfo; if (!(fmtinfo = jas_image_lookupfmtbyid(fmt))) { return 0; } return fmtinfo->name; }",jasper,,,138666556250389563950369607681161214295,0 1485,[],"struct task_group *sched_create_group(struct task_group *parent) { struct task_group *tg; unsigned long flags; int i; tg = kzalloc(sizeof(*tg), GFP_KERNEL); if (!tg) return ERR_PTR(-ENOMEM); if (!alloc_fair_sched_group(tg, parent)) goto err; if (!alloc_rt_sched_group(tg, parent)) goto err; spin_lock_irqsave(&task_group_lock, flags); for_each_possible_cpu(i) { register_fair_sched_group(tg, i); register_rt_sched_group(tg, i); } list_add_rcu(&tg->list, &task_groups); WARN_ON(!parent); tg->parent = parent; list_add_rcu(&tg->siblings, &parent->children); INIT_LIST_HEAD(&tg->children); spin_unlock_irqrestore(&task_group_lock, flags); return tg; err: free_sched_group(tg); return ERR_PTR(-ENOMEM); }",linux-2.6,,,58240786218559788695359884206186200591,0 5129,['CWE-20'],"static int handle_triple_fault(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { kvm_run->exit_reason = KVM_EXIT_SHUTDOWN; return 0; }",linux-2.6,,,113636860370233421881001663808160516447,0 3944,CWE-476,"term_and_job_init( term_T *term, typval_T *argvar, char **argv, jobopt_T *opt, jobopt_T *orig_opt UNUSED) { create_vterm(term, term->tl_rows, term->tl_cols); #if defined(FEAT_GUI) || defined(FEAT_TERMGUICOLORS) if (opt->jo_set2 & JO2_ANSI_COLORS) set_vterm_palette(term->tl_vterm, opt->jo_ansi_colors); else init_vterm_ansi_colors(term->tl_vterm); #endif term->tl_job = job_start(argvar, argv, opt, TRUE); if (term->tl_job != NULL) ++term->tl_job->jv_refcount; return term->tl_job != NULL && term->tl_job->jv_channel != NULL && term->tl_job->jv_status != JOB_FAILED ? OK : FAIL; }",visit repo url,src/terminal.c,https://github.com/vim/vim,154755910585769,1 2020,['CWE-269'],"static void attach_mnt(struct vfsmount *mnt, struct nameidata *nd) { mnt_set_mountpoint(nd->mnt, nd->dentry, mnt); list_add_tail(&mnt->mnt_hash, mount_hashtable + hash(nd->mnt, nd->dentry)); list_add_tail(&mnt->mnt_child, &nd->mnt->mnt_mounts); }",linux-2.6,,,190222471449538207034467769807608734340,0 4060,['CWE-399'],"void unix_gc(void) { struct unix_sock *u; struct unix_sock *next; struct sk_buff_head hitlist; struct list_head cursor; LIST_HEAD(not_cycle_list); spin_lock(&unix_gc_lock); if (gc_in_progress) goto out; gc_in_progress = true; list_for_each_entry_safe(u, next, &gc_inflight_list, link) { long total_refs; long inflight_refs; total_refs = file_count(u->sk.sk_socket->file); inflight_refs = atomic_long_read(&u->inflight); BUG_ON(inflight_refs < 1); BUG_ON(total_refs < inflight_refs); if (total_refs == inflight_refs) { list_move_tail(&u->link, &gc_candidates); u->gc_candidate = 1; u->gc_maybe_cycle = 1; } } list_for_each_entry(u, &gc_candidates, link) scan_children(&u->sk, dec_inflight, NULL); list_add(&cursor, &gc_candidates); while (cursor.next != &gc_candidates) { u = list_entry(cursor.next, struct unix_sock, link); list_move(&cursor, &u->link); if (atomic_long_read(&u->inflight) > 0) { list_move_tail(&u->link, ¬_cycle_list); u->gc_maybe_cycle = 0; scan_children(&u->sk, inc_inflight_move_tail, NULL); } } list_del(&cursor); while (!list_empty(¬_cycle_list)) { u = list_entry(not_cycle_list.next, struct unix_sock, link); u->gc_candidate = 0; list_move_tail(&u->link, &gc_inflight_list); } skb_queue_head_init(&hitlist); list_for_each_entry(u, &gc_candidates, link) scan_children(&u->sk, inc_inflight, &hitlist); spin_unlock(&unix_gc_lock); __skb_queue_purge(&hitlist); spin_lock(&unix_gc_lock); BUG_ON(!list_empty(&gc_candidates)); gc_in_progress = false; wake_up(&unix_gc_wait); out: spin_unlock(&unix_gc_lock); }",linux-2.6,,,284843096121678752229312901220281368492,0 103,['CWE-787'],"glue(cirrus_bitblt_rop_fwd_, ROP_NAME)(CirrusVGAState *s, uint8_t *dst,const uint8_t *src, int dstpitch,int srcpitch, int bltwidth,int bltheight) { int x,y; dstpitch -= bltwidth; srcpitch -= bltwidth; if (dstpitch < 0 || srcpitch < 0) { return; } for (y = 0; y < bltheight; y++) { for (x = 0; x < bltwidth; x++) { ROP_OP(*dst, *src); dst++; src++; } dst += dstpitch; src += srcpitch; } }",qemu,,,102419161251855648406111818716560619478,0 1859,['CWE-189'],"_gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd) { memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE); }",gnutls,,,36970742844095812526343176647596559380,0 4559,['CWE-20'],"static int ext4_dx_add_entry(handle_t *handle, struct dentry *dentry, struct inode *inode) { struct dx_frame frames[2], *frame; struct dx_entry *entries, *at; struct dx_hash_info hinfo; struct buffer_head *bh; struct inode *dir = dentry->d_parent->d_inode; struct super_block *sb = dir->i_sb; struct ext4_dir_entry_2 *de; int err; frame = dx_probe(&dentry->d_name, dir, &hinfo, frames, &err); if (!frame) return err; entries = frame->entries; at = frame->at; if (!(bh = ext4_bread(handle,dir, dx_get_block(frame->at), 0, &err))) goto cleanup; BUFFER_TRACE(bh, ""get_write_access""); err = ext4_journal_get_write_access(handle, bh); if (err) goto journal_error; err = add_dirent_to_buf(handle, dentry, inode, NULL, bh); if (err != -ENOSPC) { bh = NULL; goto cleanup; } dxtrace(printk(KERN_DEBUG ""using %u of %u node entries\n"", dx_get_count(entries), dx_get_limit(entries))); if (dx_get_count(entries) == dx_get_limit(entries)) { ext4_lblk_t newblock; unsigned icount = dx_get_count(entries); int levels = frame - frames; struct dx_entry *entries2; struct dx_node *node2; struct buffer_head *bh2; if (levels && (dx_get_count(frames->entries) == dx_get_limit(frames->entries))) { ext4_warning(sb, __func__, ""Directory index full!""); err = -ENOSPC; goto cleanup; } bh2 = ext4_append (handle, dir, &newblock, &err); if (!(bh2)) goto cleanup; node2 = (struct dx_node *)(bh2->b_data); entries2 = node2->entries; node2->fake.rec_len = ext4_rec_len_to_disk(sb->s_blocksize); node2->fake.inode = 0; BUFFER_TRACE(frame->bh, ""get_write_access""); err = ext4_journal_get_write_access(handle, frame->bh); if (err) goto journal_error; if (levels) { unsigned icount1 = icount/2, icount2 = icount - icount1; unsigned hash2 = dx_get_hash(entries + icount1); dxtrace(printk(KERN_DEBUG ""Split index %i/%i\n"", icount1, icount2)); BUFFER_TRACE(frame->bh, ""get_write_access""); err = ext4_journal_get_write_access(handle, frames[0].bh); if (err) goto journal_error; memcpy((char *) entries2, (char *) (entries + icount1), icount2 * sizeof(struct dx_entry)); dx_set_count(entries, icount1); dx_set_count(entries2, icount2); dx_set_limit(entries2, dx_node_limit(dir)); if (at - entries >= icount1) { frame->at = at = at - entries - icount1 + entries2; frame->entries = entries = entries2; swap(frame->bh, bh2); } dx_insert_block(frames + 0, hash2, newblock); dxtrace(dx_show_index(""node"", frames[1].entries)); dxtrace(dx_show_index(""node"", ((struct dx_node *) bh2->b_data)->entries)); err = ext4_handle_dirty_metadata(handle, inode, bh2); if (err) goto journal_error; brelse (bh2); } else { dxtrace(printk(KERN_DEBUG ""Creating second level index...\n"")); memcpy((char *) entries2, (char *) entries, icount * sizeof(struct dx_entry)); dx_set_limit(entries2, dx_node_limit(dir)); dx_set_count(entries, 1); dx_set_block(entries + 0, newblock); ((struct dx_root *) frames[0].bh->b_data)->info.indirect_levels = 1; frame = frames + 1; frame->at = at = at - entries + entries2; frame->entries = entries = entries2; frame->bh = bh2; err = ext4_journal_get_write_access(handle, frame->bh); if (err) goto journal_error; } ext4_handle_dirty_metadata(handle, inode, frames[0].bh); } de = do_split(handle, dir, &bh, frame, &hinfo, &err); if (!de) goto cleanup; err = add_dirent_to_buf(handle, dentry, inode, de, bh); bh = NULL; goto cleanup; journal_error: ext4_std_error(dir->i_sb, err); cleanup: if (bh) brelse(bh); dx_release(frames); return err; }",linux-2.6,,,179125021574632546314362612960604736126,0 2697,[],"void sctp_endpoint_put(struct sctp_endpoint *ep) { if (atomic_dec_and_test(&ep->base.refcnt)) sctp_endpoint_destroy(ep); }",linux-2.6,,,31194513967508158658268407698975213528,0 256,[],"static int __fat_remove_entries(struct inode *dir, loff_t pos, int nr_slots) { struct super_block *sb = dir->i_sb; struct buffer_head *bh; struct msdos_dir_entry *de, *endp; int err = 0, orig_slots; while (nr_slots) { bh = NULL; if (fat_get_entry(dir, &pos, &bh, &de) < 0) { err = -EIO; break; } orig_slots = nr_slots; endp = (struct msdos_dir_entry *)(bh->b_data + sb->s_blocksize); while (nr_slots && de < endp) { de->name[0] = DELETED_FLAG; de++; nr_slots--; } mark_buffer_dirty(bh); if (IS_DIRSYNC(dir)) err = sync_dirty_buffer(bh); brelse(bh); if (err) break; pos += ((orig_slots - nr_slots) * sizeof(*de)) - sizeof(*de); } return err; }",linux-2.6,,,194631985039899369190696475137057940454,0 2113,[],"static void udp_flush_pending_frames(struct sock *sk) { struct udp_sock *up = udp_sk(sk); if (up->pending) { up->len = 0; up->pending = 0; ip_flush_pending_frames(sk); } }",linux-2.6,,,332088284104836058794536414128403825719,0 1011,CWE-399,"static int process_one_ticket(struct ceph_auth_client *ac, struct ceph_crypto_key *secret, void **p, void *end, void *dbuf, void *ticket_buf) { struct ceph_x_info *xi = ac->private; int type; u8 tkt_struct_v, blob_struct_v; struct ceph_x_ticket_handler *th; void *dp, *dend; int dlen; char is_enc; struct timespec validity; struct ceph_crypto_key old_key; void *tp, *tpend; struct ceph_timespec new_validity; struct ceph_crypto_key new_session_key; struct ceph_buffer *new_ticket_blob; unsigned long new_expires, new_renew_after; u64 new_secret_id; int ret; ceph_decode_need(p, end, sizeof(u32) + 1, bad); type = ceph_decode_32(p); dout("" ticket type %d %s\n"", type, ceph_entity_type_name(type)); tkt_struct_v = ceph_decode_8(p); if (tkt_struct_v != 1) goto bad; th = get_ticket_handler(ac, type); if (IS_ERR(th)) { ret = PTR_ERR(th); goto out; } dlen = ceph_x_decrypt(secret, p, end, dbuf, TEMP_TICKET_BUF_LEN); if (dlen <= 0) { ret = dlen; goto out; } dout("" decrypted %d bytes\n"", dlen); dp = dbuf; dend = dp + dlen; tkt_struct_v = ceph_decode_8(&dp); if (tkt_struct_v != 1) goto bad; memcpy(&old_key, &th->session_key, sizeof(old_key)); ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); if (ret) goto out; ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); ceph_decode_timespec(&validity, &new_validity); new_expires = get_seconds() + validity.tv_sec; new_renew_after = new_expires - (validity.tv_sec / 4); dout("" expires=%lu renew_after=%lu\n"", new_expires, new_renew_after); ceph_decode_8_safe(p, end, is_enc, bad); tp = ticket_buf; if (is_enc) { dout("" encrypted ticket\n""); dlen = ceph_x_decrypt(&old_key, p, end, ticket_buf, TEMP_TICKET_BUF_LEN); if (dlen < 0) { ret = dlen; goto out; } dlen = ceph_decode_32(&tp); } else { ceph_decode_32_safe(p, end, dlen, bad); ceph_decode_need(p, end, dlen, bad); ceph_decode_copy(p, ticket_buf, dlen); } tpend = tp + dlen; dout("" ticket blob is %d bytes\n"", dlen); ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); blob_struct_v = ceph_decode_8(&tp); new_secret_id = ceph_decode_64(&tp); ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); if (ret) goto out; ceph_crypto_key_destroy(&th->session_key); if (th->ticket_blob) ceph_buffer_put(th->ticket_blob); th->session_key = new_session_key; th->ticket_blob = new_ticket_blob; th->validity = new_validity; th->secret_id = new_secret_id; th->expires = new_expires; th->renew_after = new_renew_after; dout("" got ticket service %d (%s) secret_id %lld len %d\n"", type, ceph_entity_type_name(type), th->secret_id, (int)th->ticket_blob->vec.iov_len); xi->have_keys |= th->service; out: return ret; bad: ret = -EINVAL; goto out; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,103239916982661,1 724,CWE-20,"static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; int len; if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { rfcomm_dlc_accept(d); msg->msg_namelen = 0; return 0; } len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); lock_sock(sk); if (!(flags & MSG_PEEK) && len > 0) atomic_sub(len, &sk->sk_rmem_alloc); if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); release_sock(sk); return len; }",visit repo url,net/bluetooth/rfcomm/sock.c,https://github.com/torvalds/linux,68043523665785,1 1315,['CWE-119'],"static unsigned char asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch) { if (ctx->pointer >= ctx->end) { ctx->error = ASN1_ERR_DEC_EMPTY; return 0; } *ch = *(ctx->pointer)++; return 1; }",linux-2.6,,,28727982499333483591921493717442181746,0 16,['CWE-264'],"static int authorizer(void *autharg, int access_type, const char *arg3, const char *arg4, const char *arg5, const char *arg6) { char *filename; switch (access_type) { case SQLITE_COPY: { TSRMLS_FETCH(); filename = make_filename_safe(arg4 TSRMLS_CC); if (!filename) { return SQLITE_DENY; } efree(filename); return SQLITE_OK; } case SQLITE_ATTACH: { TSRMLS_FETCH(); filename = make_filename_safe(arg3 TSRMLS_CC); if (!filename) { return SQLITE_DENY; } efree(filename); return SQLITE_OK; } default: return SQLITE_OK; } }",php-src,,,303763357347626386742873773291303319839,0 6553,['CWE-200'],"connection_updated_cb (NMConnectionList *list, gboolean success, gpointer user_data) { EditConnectionInfo *info = (EditConnectionInfo *) user_data; if (success) { GtkListStore *store; GtkTreeIter iter; store = get_model_for_connection (list, info->original_connection); g_assert (store); if (get_iter_for_connection (GTK_TREE_MODEL (store), info->original_connection, &iter)) update_connection_row (store, &iter, info->original_connection); } g_object_unref (info->original_connection); g_free (info); }",network-manager-applet,,,90795636626976878517999164106168645749,0 5136,['CWE-20'],"static void fix_rmode_seg(int seg, struct kvm_save_segment *save) { struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; save->selector = vmcs_read16(sf->selector); save->base = vmcs_readl(sf->base); save->limit = vmcs_read32(sf->limit); save->ar = vmcs_read32(sf->ar_bytes); vmcs_write16(sf->selector, save->base >> 4); vmcs_write32(sf->base, save->base & 0xfffff); vmcs_write32(sf->limit, 0xffff); vmcs_write32(sf->ar_bytes, 0xf3); }",linux-2.6,,,330228898353448940209231472504279970743,0 2645,[],"static int sctp_setsockopt_peer_addr_params(struct sock *sk, char __user *optval, int optlen) { struct sctp_paddrparams params; struct sctp_transport *trans = NULL; struct sctp_association *asoc = NULL; struct sctp_sock *sp = sctp_sk(sk); int error; int hb_change, pmtud_change, sackdelay_change; if (optlen != sizeof(struct sctp_paddrparams)) return - EINVAL; if (copy_from_user(¶ms, optval, optlen)) return -EFAULT; hb_change = params.spp_flags & SPP_HB; pmtud_change = params.spp_flags & SPP_PMTUD; sackdelay_change = params.spp_flags & SPP_SACKDELAY; if (hb_change == SPP_HB || pmtud_change == SPP_PMTUD || sackdelay_change == SPP_SACKDELAY || params.spp_sackdelay > 500 || (params.spp_pathmtu && params.spp_pathmtu < SCTP_DEFAULT_MINSEGMENT)) return -EINVAL; if (!sctp_is_any(( union sctp_addr *)¶ms.spp_address)) { trans = sctp_addr_id2transport(sk, ¶ms.spp_address, params.spp_assoc_id); if (!trans) return -EINVAL; } asoc = sctp_id2assoc(sk, params.spp_assoc_id); if (!asoc && params.spp_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (params.spp_flags & SPP_HB_DEMAND && !trans && !asoc) return -EINVAL; error = sctp_apply_peer_addr_params(¶ms, trans, asoc, sp, hb_change, pmtud_change, sackdelay_change); if (error) return error; if (!trans && asoc) { list_for_each_entry(trans, &asoc->peer.transport_addr_list, transports) { sctp_apply_peer_addr_params(¶ms, trans, asoc, sp, hb_change, pmtud_change, sackdelay_change); } } return 0; }",linux-2.6,,,250955590999992318870102984601805327115,0 3975,CWE-415,"static int csnmp_read_table(host_definition_t *host, data_definition_t *data) { struct snmp_pdu *req; struct snmp_pdu *res = NULL; struct variable_list *vb; const data_set_t *ds; size_t oid_list_len = data->values_len + 1; oid_t oid_list[oid_list_len]; _Bool oid_list_todo[oid_list_len]; int status; size_t i; csnmp_list_instances_t *instance_list_head; csnmp_list_instances_t *instance_list_tail; csnmp_table_values_t **value_list_head; csnmp_table_values_t **value_list_tail; DEBUG(""snmp plugin: csnmp_read_table (host = %s, data = %s)"", host->name, data->name); if (host->sess_handle == NULL) { DEBUG(""snmp plugin: csnmp_read_table: host->sess_handle == NULL""); return (-1); } ds = plugin_get_ds(data->type); if (!ds) { ERROR(""snmp plugin: DataSet `%s' not defined."", data->type); return (-1); } if (ds->ds_num != data->values_len) { ERROR(""snmp plugin: DataSet `%s' requires %zu values, but config talks "" ""about %zu"", data->type, ds->ds_num, data->values_len); return (-1); } assert(data->values_len > 0); memcpy(oid_list, data->values, data->values_len * sizeof(oid_t)); if (data->instance.oid.oid_len > 0) memcpy(oid_list + data->values_len, &data->instance.oid, sizeof(oid_t)); else oid_list_len--; for (i = 0; i < oid_list_len; i++) oid_list_todo[i] = 1; value_list_head = calloc(data->values_len, sizeof(*value_list_head)); value_list_tail = calloc(data->values_len, sizeof(*value_list_tail)); if ((value_list_head == NULL) || (value_list_tail == NULL)) { ERROR(""snmp plugin: csnmp_read_table: calloc failed.""); sfree(value_list_head); sfree(value_list_tail); return (-1); } instance_list_head = NULL; instance_list_tail = NULL; status = 0; while (status == 0) { int oid_list_todo_num; req = snmp_pdu_create(SNMP_MSG_GETNEXT); if (req == NULL) { ERROR(""snmp plugin: snmp_pdu_create failed.""); status = -1; break; } oid_list_todo_num = 0; for (i = 0; i < oid_list_len; i++) { if (!oid_list_todo[i]) continue; oid_list_todo_num++; snmp_add_null_var(req, oid_list[i].oid, oid_list[i].oid_len); } if (oid_list_todo_num == 0) { DEBUG(""snmp plugin: all variables have left their subtree""); status = 0; break; } res = NULL; status = snmp_sess_synch_response(host->sess_handle, req, &res); if ((status != STAT_SUCCESS) || (res == NULL)) { char *errstr = NULL; snmp_sess_error(host->sess_handle, NULL, NULL, &errstr); c_complain(LOG_ERR, &host->complaint, ""snmp plugin: host %s: snmp_sess_synch_response failed: %s"", host->name, (errstr == NULL) ? ""Unknown problem"" : errstr); if (res != NULL) snmp_free_pdu(res); res = NULL; req = NULL; sfree(errstr); csnmp_host_close_session(host); status = -1; break; } status = 0; assert(res != NULL); c_release(LOG_INFO, &host->complaint, ""snmp plugin: host %s: snmp_sess_synch_response successful."", host->name); vb = res->variables; if (vb == NULL) { status = -1; break; } for (vb = res->variables, i = 0; (vb != NULL); vb = vb->next_variable, i++) { while ((i < oid_list_len) && !oid_list_todo[i]) i++; if ((data->instance.oid.oid_len > 0) && (i == data->values_len)) { if ((vb->type == SNMP_ENDOFMIBVIEW) || (snmp_oid_ncompare( data->instance.oid.oid, data->instance.oid.oid_len, vb->name, vb->name_length, data->instance.oid.oid_len) != 0)) { DEBUG(""snmp plugin: host = %s; data = %s; Instance left its subtree."", host->name, data->name); oid_list_todo[i] = 0; continue; } if (csnmp_instance_list_add(&instance_list_head, &instance_list_tail, res, host, data) != 0) { ERROR(""snmp plugin: host %s: csnmp_instance_list_add failed."", host->name); status = -1; break; } } else { csnmp_table_values_t *vt; oid_t vb_name; oid_t suffix; int ret; csnmp_oid_init(&vb_name, vb->name, vb->name_length); ret = csnmp_oid_suffix(&suffix, &vb_name, data->values + i); if (ret != 0) { DEBUG(""snmp plugin: host = %s; data = %s; i = %zu; "" ""Value probably left its subtree."", host->name, data->name, i); oid_list_todo[i] = 0; continue; } if ((value_list_tail[i] != NULL) && (csnmp_oid_compare(&suffix, &value_list_tail[i]->suffix) <= 0)) { DEBUG(""snmp plugin: host = %s; data = %s; i = %zu; "" ""Suffix is not increasing."", host->name, data->name, i); oid_list_todo[i] = 0; continue; } vt = calloc(1, sizeof(*vt)); if (vt == NULL) { ERROR(""snmp plugin: calloc failed.""); status = -1; break; } vt->value = csnmp_value_list_to_value(vb, ds->ds[i].type, data->scale, data->shift, host->name, data->name); memcpy(&vt->suffix, &suffix, sizeof(vt->suffix)); vt->next = NULL; if (value_list_tail[i] == NULL) value_list_head[i] = vt; else value_list_tail[i]->next = vt; value_list_tail[i] = vt; } memcpy(oid_list[i].oid, vb->name, sizeof(oid) * vb->name_length); oid_list[i].oid_len = vb->name_length; } if (res != NULL) snmp_free_pdu(res); res = NULL; } if (res != NULL) snmp_free_pdu(res); res = NULL; if (req != NULL) snmp_free_pdu(req); req = NULL; if (status == 0) csnmp_dispatch_table(host, data, instance_list_head, value_list_head); while (instance_list_head != NULL) { csnmp_list_instances_t *next = instance_list_head->next; sfree(instance_list_head); instance_list_head = next; } for (i = 0; i < data->values_len; i++) { while (value_list_head[i] != NULL) { csnmp_table_values_t *next = value_list_head[i]->next; sfree(value_list_head[i]); value_list_head[i] = next; } } sfree(value_list_head); sfree(value_list_tail); return (0); } ",visit repo url,src/snmp.c,https://github.com/collectd/collectd,52468411968179,1 6224,['CWE-200'],"int wireless_process_ioctl(struct ifreq *ifr, unsigned int cmd) { struct net_device *dev; iw_handler handler; if ((dev = __dev_get_by_name(ifr->ifr_name)) == NULL) return -ENODEV; switch(cmd) { case SIOCGIWSTATS: return dev_iwstats(dev, ifr); case SIOCGIWPRIV: if(dev->wireless_handlers != NULL) { return ioctl_export_private(dev, ifr); } default: if (!netif_device_present(dev)) return -ENODEV; handler = get_handler(dev, cmd); if(handler != NULL) { if(cmd < SIOCIWFIRSTPRIV) return ioctl_standard_call(dev, ifr, cmd, handler); else return ioctl_private_call(dev, ifr, cmd, handler); } if (dev->do_ioctl) { return dev->do_ioctl(dev, ifr, cmd); } return -EOPNOTSUPP; } return -EINVAL; }",linux-2.6,,,90578645104697030707466404238638583230,0 3408,CWE-401,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { #define ThrowTIFFException(severity,message) \ { \ if (pixel_info != (MemoryInfo *) NULL) \ pixel_info=RelinquishVirtualMemory(pixel_info); \ if (quantum_info != (QuantumInfo *) NULL) \ quantum_info=DestroyQuantumInfo(quantum_info); \ TIFFClose(tiff); \ ThrowReaderException(severity,message); \ } const char *option; float *chromaticity, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status; MagickBooleanType more_frames; MagickSizeType number_pixels; MagickStatusType status; MemoryInfo *pixel_info = (MemoryInfo *) NULL; QuantumInfo *quantum_info; QuantumType quantum_type; ssize_t i; ssize_t y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag, bits_per_sample, endian, extra_samples, interlace, max_sample_value, min_sample_value, orientation, pages, photometric, *sample_info, sample_format, samples_per_pixel, units, value; uint32 height, rows_per_strip, width; unsigned char *pixels; void *sans[4] = { NULL, NULL, NULL, NULL }; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info,exception); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } if (exception->severity > ErrorException) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t) TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } more_frames=MagickTrue; do { photometric=PHOTOMETRIC_RGB; if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value,sans) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (((sample_format != SAMPLEFORMAT_IEEEFP) || (bits_per_sample != 64)) && ((bits_per_sample <= 0) || (bits_per_sample > 32))) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""UnsupportedBitsPerPixel""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point"", exception); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black"", exception); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white"", exception); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette"",exception); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB"",exception); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB"",exception); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)"", exception); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV"",exception); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK"",exception); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated"",exception); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR"",exception); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown"",exception); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"", exception)); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb"",exception); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb"",exception); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) image->colorspace=GRAYColorspace; if (photometric == PHOTOMETRIC_SEPARATED) image->colorspace=CMYKColorspace; if (photometric == PHOTOMETRIC_CIELAB) image->colorspace=LabColorspace; if ((photometric == PHOTOMETRIC_YCBCR) && (compress_tag != COMPRESSION_JPEG)) image->colorspace=YCbCrColorspace; status=TIFFGetProfiles(tiff,image,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } status=TIFFGetProperties(tiff,image,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } option=GetImageOption(image_info,""tiff:exif-properties""); if (IsStringFalse(option) == MagickFalse) (void) TIFFGetEXIFProperties(tiff,image,exception); option=GetImageOption(image_info,""tiff:gps-properties""); if (IsStringFalse(option) == MagickFalse) (void) TIFFGetGPSProperties(tiff,image,exception); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution,sans) == 1)) { image->resolution.x=x_resolution; image->resolution.y=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units,sans,sans) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1)) { image->page.x=CastDoubleToLong(ceil(x_position* image->resolution.x-0.5)); image->page.y=CastDoubleToLong(ceil(y_position* image->resolution.y-0.5)); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MagickPathExtent]; uint16 horizontal, vertical; tiff_status=TIFFGetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,&horizontal, &vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MagickPathExtent, ""%dx%d"",horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor,exception); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; #if defined(COMPRESSION_WEBP) case COMPRESSION_WEBP: image->compression=WebPCompression; break; #endif #if defined(COMPRESSION_ZSTD) case COMPRESSION_ZSTD: image->compression=ZstdCompression; break; #endif default: image->compression=RLECompression; break; } quantum_info=(QuantumInfo *) NULL; if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors,exception) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } value=(unsigned short) image->scene; if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages,sans) == 1) image->scene=value; if (image->storage_class == PseudoClass) { size_t range; uint16 *blue_colormap, *green_colormap, *red_colormap; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } status=SetImageColorspace(image,image->colorspace,exception); status&=ResetImagePixels(image,exception); if (status == MagickFalse) { TIFFClose(tiff); return(DestroyImageList(image)); } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } extra_samples=0; tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info,sans); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified"",exception); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->alpha_trait=BlendPixelTrait; } else for (i=0; i < extra_samples; i++) { image->alpha_trait=BlendPixelTrait; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated"", exception); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""unassociated"", exception); } } } if (image->alpha_trait != UndefinedPixelTrait) (void) SetImageAlphaChannel(image,OpaqueAlphaChannel,exception); if (samples_per_pixel > MaxPixelChannels) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""MaximumChannelsExceeded""); } method=ReadGenericMethod; rows_per_strip=(uint32) image->rows; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char buffer[MagickPathExtent]; (void) FormatLocaleString(buffer,MagickPathExtent,""%u"", (unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",buffer,exception); method=ReadStripMethod; if (rows_per_strip > (uint32) image->rows) rows_per_strip=(uint32) image->rows; } if (TIFFIsTiled(tiff) != MagickFalse) { uint32 columns, rows; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); if ((AcquireMagickResource(WidthResource,columns) == MagickFalse) || (AcquireMagickResource(HeightResource,rows) == MagickFalse)) ThrowTIFFException(ImageError,""WidthOrHeightExceedsLimit""); method=ReadTileMethod; } if ((photometric == PHOTOMETRIC_LOGLUV) || (compress_tag == COMPRESSION_CCITTFAX3)) method=ReadGenericMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); quantum_info->endian=LSBEndian; if (TIFFScanlineSize(tiff) <= 0) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if ((1.0*TIFFScanlineSize(tiff)) > (2.53*GetBlobSize(image))) ThrowTIFFException(CorruptImageError,""InsufficientImageDataInFile""); number_pixels=MagickMax(TIFFScanlineSize(tiff),MagickMax((ssize_t) image->columns*samples_per_pixel*pow(2.0,ceil(log(bits_per_sample)/ log(2.0))),image->columns*rows_per_strip)); pixel_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); (void) memset(pixels,0,number_pixels*sizeof(uint32)); quantum_type=GrayQuantum; if (image->storage_class == PseudoClass) quantum_type=IndexQuantum; if (interlace != PLANARCONFIG_SEPARATE) { size_t pad; pad=(size_t) MagickMax((ssize_t) samples_per_pixel-1,0); if (image->alpha_trait != UndefinedPixelTrait) { if (image->storage_class == PseudoClass) quantum_type=IndexAlphaQuantum; else quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; } if ((samples_per_pixel > 2) && (interlace != PLANARCONFIG_SEPARATE)) { quantum_type=RGBQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-3,0); if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); } if (image->colorspace == CMYKColorspace) { quantum_type=CMYKQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); } } switch (method) { case ReadYCCKMethod: { for (y=0; y < (ssize_t) image->rows; y++) { Quantum *magick_restrict q; ssize_t x; unsigned char *p; tiff_status=TIFFReadPixels(tiff,0,y,(char *) pixels); if (tiff_status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456)),q); SetPixelMagenta(image,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984)),q); SetPixelYellow(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816)),q); SetPixelBlack(image,ScaleCharToQuantum((unsigned char) *(p+3)),q); q+=GetPixelChannels(image); p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { unsigned char *p; size_t extent; ssize_t stride, strip_id; tsize_t strip_size; unsigned char *strip_pixels; extent=2*TIFFStripSize(tiff); #if defined(TIFF_VERSION_BIG) extent+=image->columns*sizeof(uint64); #else extent+=image->columns*sizeof(uint32); #endif strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*strip_pixels)); if (strip_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); stride=TIFFVStripSize(tiff,1); strip_id=0; p=strip_pixels; for (i=0; i < (ssize_t) samples_per_pixel; i++) { size_t rows_remaining; switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } rows_remaining=0; for (y=0; y < (ssize_t) image->rows; y++) { Quantum *magick_restrict q; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; if (rows_remaining == 0) { strip_size=TIFFReadEncodedStrip(tiff,strip_id,strip_pixels, TIFFStripSize(tiff)); if (strip_size == -1) break; rows_remaining=rows_per_strip; if ((y+rows_per_strip) > (ssize_t) image->rows) rows_remaining=(rows_per_strip-(y+rows_per_strip- image->rows)); p=strip_pixels; strip_id++; } (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=stride; rows_remaining--; if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } strip_pixels=(unsigned char *) RelinquishMagickMemory(strip_pixels); break; } case ReadTileMethod: { unsigned char *p; size_t extent; uint32 columns, rows; unsigned char *tile_pixels; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); extent=TIFFTileSize(tiff); #if defined(TIFF_VERSION_BIG) extent+=columns*sizeof(uint64); #else extent+=columns*sizeof(uint32); #endif tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*tile_pixels)); if (tile_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(tile_pixels,0,extent*sizeof(*tile_pixels)); for (i=0; i < (ssize_t) samples_per_pixel; i++) { switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } for (y=0; y < (ssize_t) image->rows; y+=rows) { ssize_t x; size_t rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t columns_remaining, row; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; if (TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y,0,i) == 0) break; p=tile_pixels; for (row=0; row < rows_remaining; row++) { Quantum *magick_restrict q; q=GetAuthenticPixels(image,x,y+row,columns_remaining,1, exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=TIFFTileRowSize(tiff); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) i, samples_per_pixel); if (status == MagickFalse) break; } } tile_pixels=(unsigned char *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *generic_info = (MemoryInfo * ) NULL; uint32 *p; uint32 *pixels; if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=(MagickSizeType) image->columns*image->rows; #if defined(TIFF_VERSION_BIG) number_pixels+=image->columns*sizeof(uint64); #else number_pixels+=image->columns*sizeof(uint32); #endif generic_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (generic_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(uint32 *) GetVirtualMemoryBlob(generic_info); (void) TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32) image->rows,(uint32 *) pixels,0); p=pixels+(image->columns*image->rows)-1; for (y=0; y < (ssize_t) image->rows; y++) { ssize_t x; Quantum *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; q+=GetPixelChannels(image)*(image->columns-1); for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) TIFFGetA(*p)),q); p--; q-=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } generic_info=RelinquishVirtualMemory(generic_info); break; } } pixel_info=RelinquishVirtualMemory(pixel_info); SetQuantumImageType(image,quantum_type); next_tiff_frame: if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; more_frames=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (more_frames != MagickFalse) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { status=MagickFalse; break; } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while ((status != MagickFalse) && (more_frames != MagickFalse)); TIFFClose(tiff); if (status != MagickFalse) TIFFReadPhotoshopLayers(image_info,image,exception); if ((image_info->number_scenes != 0) && (image_info->scene >= GetImageListLength(image))) status=MagickFalse; if (status == MagickFalse) return(DestroyImageList(image)); return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,191302373757411,1 6156,CWE-190,"void ep2_mul_sim_lot(ep2_t r, const ep2_t p[], const bn_t k[], int n) { const int len = RLC_FP_BITS + 1; int i, j, m, l, _l[4]; bn_t _k[4], q, x; int8_t ptr, *naf = RLC_ALLOCA(int8_t, 4 * n * len); if (n == 0) { ep2_set_infty(r); return; } bn_null(q); bn_null(x); if (n <= 10) { ep2_t *_p = RLC_ALLOCA(ep2_t, 4 * n); RLC_TRY { if (naf == NULL || _p == NULL) { RLC_THROW(ERR_NO_MEMORY); } bn_new(q); bn_new(x); for (j = 0; j < 4; j++) { bn_null(_k[j]); bn_new(_k[j]); for (i = 0; i < n; i++) { ep2_null(_p[4*i + j]); ep2_new(_p[4*i + j]); } } l = 0; ep2_curve_get_ord(q); fp_prime_get_par(x); for (i = 0; i < n; i++) { ep2_norm(_p[4*i], p[i]); ep2_frb(_p[4*i + 1], _p[4*i], 1); ep2_frb(_p[4*i + 2], _p[4*i + 1], 1); ep2_frb(_p[4*i + 3], _p[4*i + 2], 1); bn_mod(_k[0], k[i], q); bn_rec_frb(_k, 4, _k[0], x, q, ep_curve_is_pairf() == EP_BN); for (j = 0; j < 4; j++) { _l[j] = len; bn_rec_naf(&naf[(4*i + j)*len], &_l[j], _k[j], 2); if (bn_sign(_k[j]) == RLC_NEG) { ep2_neg(_p[4*i + j], _p[4*i + j]); } l = RLC_MAX(l, _l[j]); } } ep2_set_infty(r); for (i = l - 1; i >= 0; i--) { ep2_dbl(r, r); for (j = 0; j < n; j++) { for (m = 0; m < 4; m++) { if (naf[(4*j + m)*len + i] > 0) { ep2_add(r, r, _p[4*j + m]); } if (naf[(4*j + m)*len + i] < 0) { ep2_sub(r, r, _p[4*j + m]); } } } } ep2_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(q); bn_free(x); for (j = 0; j < 4; j++) { bn_free(_k[j]); for (i = 0; i < n; i++) { ep2_free(_p[4*i + j]); } } RLC_FREE(_p); RLC_FREE(naf); } } else { const int w = RLC_MAX(2, util_bits_dig(n) - 2), c = (1 << (w - 2)); ep2_t s, t, u, v, *_p = RLC_ALLOCA(ep2_t, 4 * c); ep2_null(s); ep2_null(t); ep2_null(u); ep2_null(v); RLC_TRY { if (naf == NULL || _p == NULL) { RLC_THROW(ERR_NO_MEMORY); } bn_new(q); bn_new(x); ep2_new(s); ep2_new(t); ep2_new(u); ep2_new(v); for (i = 0; i < 4; i++) { bn_null(_k[i]); bn_new(_k[i]); for (j = 0; j < c; j++) { ep2_null(_p[i*c + j]); ep2_new(_p[i*c + j]); ep2_set_infty(_p[i*c + j]); } } l = 0; ep2_curve_get_ord(q); fp_prime_get_par(x); for (i = 0; i < n; i++) { bn_mod(_k[0], k[i], q); bn_rec_frb(_k, 4, _k[0], x, q, ep_curve_is_pairf() == EP_BN); for (j = 0; j < 4; j++) { _l[j] = len; bn_rec_naf(&naf[(4*i + j)*len], &_l[j], _k[j], w); if (bn_sign(_k[j]) == RLC_NEG) { for (m = 0; m < _l[j]; m++) { naf[(4*i + j)*len + m] = -naf[(4*i + j)*len + m]; } } l = RLC_MAX(l, _l[j]); } } ep2_set_infty(s); for (i = l - 1; i >= 0; i--) { for (j = 0; j < n; j++) { for (m = 0; m < 4; m++) { ptr = naf[(4*j + m)*len + i]; if (ptr != 0) { ep2_copy(t, p[j]); if (ptr < 0) { ptr = -ptr; ep2_neg(t, t); } ep2_add(_p[m*c + (ptr/2)], _p[m*c + (ptr/2)], t); } } } ep2_set_infty(t); for (m = 3; m >= 0; m--) { ep2_frb(t, t, 1); ep2_set_infty(u); ep2_set_infty(v); for (j = c - 1; j >= 0; j--) { ep2_add(u, u, _p[m*c + j]); if (j == 0) { ep2_dbl(v, v); } ep2_add(v, v, u); ep2_set_infty(_p[m*c + j]); } ep2_add(t, t, v); } ep2_dbl(s, s); ep2_add(s, s, t); } ep2_norm(r, s); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(q); bn_free(x); ep2_free(s); ep2_free(t); ep2_free(u); ep2_free(v); for (i = 0; i < 4; i++) { bn_free(_k[i]); for (j = 0; j < c; j++) { ep2_free(_p[i*c + j]); } } RLC_FREE(_p); RLC_FREE(naf); } } }",visit repo url,src/epx/relic_ep2_mul_sim.c,https://github.com/relic-toolkit/relic,161775710816171,1 5818,CWE-120,"void l2tp_packet_print(const struct l2tp_packet_t *pack, void (*print)(const char *fmt, ...)) { const struct l2tp_attr_t *attr; const struct l2tp_dict_value_t *val; if (pack->hdr.ver == 2) { print(""[L2TP tid=%u sid=%u"", ntohs(pack->hdr.tid), ntohs(pack->hdr.sid)); log_ppp_debug("" Ns=%u Nr=%u"", ntohs(pack->hdr.Ns), ntohs(pack->hdr.Nr)); } else { print(""[L2TP cid=%u"", pack->hdr.cid); log_ppp_debug("" Ns=%u Nr=%u"", ntohs(pack->hdr.Ns), ntohs(pack->hdr.Nr)); } list_for_each_entry(attr, &pack->attrs, entry) { print("" <%s"", attr->attr->name); val = l2tp_dict_find_value(attr->attr, attr->val); if (val) print("" %s"", val->name); else if (attr->H) print("" (hidden, %hu bytes)"", attr->length); else { switch (attr->attr->type) { case ATTR_TYPE_INT16: print("" %i"", attr->val.int16); break; case ATTR_TYPE_INT32: print("" %i"", attr->val.int32); break; case ATTR_TYPE_STRING: print("" %s"", attr->val.string); break; } } print("">""); } print(""]\n""); }",visit repo url,accel-pppd/ctrl/l2tp/packet.c,https://github.com/accel-ppp/accel-ppp,268736403917664,1 1876,CWE-416,"int __anon_vma_prepare(struct vm_area_struct *vma) { struct mm_struct *mm = vma->vm_mm; struct anon_vma *anon_vma, *allocated; struct anon_vma_chain *avc; might_sleep(); avc = anon_vma_chain_alloc(GFP_KERNEL); if (!avc) goto out_enomem; anon_vma = find_mergeable_anon_vma(vma); allocated = NULL; if (!anon_vma) { anon_vma = anon_vma_alloc(); if (unlikely(!anon_vma)) goto out_enomem_free_avc; allocated = anon_vma; } anon_vma_lock_write(anon_vma); spin_lock(&mm->page_table_lock); if (likely(!vma->anon_vma)) { vma->anon_vma = anon_vma; anon_vma_chain_link(vma, avc, anon_vma); anon_vma->degree++; allocated = NULL; avc = NULL; } spin_unlock(&mm->page_table_lock); anon_vma_unlock_write(anon_vma); if (unlikely(allocated)) put_anon_vma(allocated); if (unlikely(avc)) anon_vma_chain_free(avc); return 0; out_enomem_free_avc: anon_vma_chain_free(avc); out_enomem: return -ENOMEM; }",visit repo url,mm/rmap.c,https://github.com/torvalds/linux,239672543090759,1 6601,CWE-404,"static size_t write_cb(void *contents, size_t size, size_t nmemb, void *data) { size_t realsize = 0; connection_t *conn = NULL; char *ptr = NULL; conn = data; ogs_assert(conn); realsize = size * nmemb; ptr = ogs_realloc(conn->memory, conn->size + realsize + 1); if(!ptr) { ogs_fatal(""not enough memory (realloc returned NULL)""); ogs_assert_if_reached(); return 0; } conn->memory = ptr; memcpy(&(conn->memory[conn->size]), contents, realsize); conn->size += realsize; conn->memory[conn->size] = 0; return realsize; }",visit repo url,lib/sbi/client.c,https://github.com/open5gs/open5gs,118490010190834,1 528,['CWE-399'],"int pwc_isoc_init(struct pwc_device *pdev) { struct usb_device *udev; struct urb *urb; int i, j, ret; struct usb_interface *intf; struct usb_host_interface *idesc = NULL; if (pdev == NULL) return -EFAULT; if (pdev->iso_init) return 0; pdev->vsync = 0; udev = pdev->udev; if (!udev->actconfig) return -EFAULT; intf = usb_ifnum_to_if(udev, 0); if (intf) idesc = usb_altnum_to_altsetting(intf, pdev->valternate); if (!idesc) return -EFAULT; pdev->vmax_packet_size = -1; for (i = 0; i < idesc->desc.bNumEndpoints; i++) { if ((idesc->endpoint[i].desc.bEndpointAddress & 0xF) == pdev->vendpoint) { pdev->vmax_packet_size = le16_to_cpu(idesc->endpoint[i].desc.wMaxPacketSize); break; } } if (pdev->vmax_packet_size < 0 || pdev->vmax_packet_size > ISO_MAX_FRAME_SIZE) { PWC_ERROR(""Failed to find packet size for video endpoint in current alternate setting.\n""); return -ENFILE; } ret = 0; PWC_DEBUG_OPEN(""Setting alternate interface %d\n"", pdev->valternate); ret = usb_set_interface(pdev->udev, 0, pdev->valternate); if (ret < 0) return ret; for (i = 0; i < MAX_ISO_BUFS; i++) { urb = usb_alloc_urb(ISO_FRAMES_PER_DESC, GFP_KERNEL); if (urb == NULL) { PWC_ERROR(""Failed to allocate urb %d\n"", i); ret = -ENOMEM; break; } pdev->sbuf[i].urb = urb; PWC_DEBUG_MEMORY(""Allocated URB at 0x%p\n"", urb); } if (ret) { while (i--) { usb_free_urb(pdev->sbuf[i].urb); pdev->sbuf[i].urb = NULL; } return ret; } for (i = 0; i < MAX_ISO_BUFS; i++) { urb = pdev->sbuf[i].urb; urb->interval = 1; urb->dev = udev; urb->pipe = usb_rcvisocpipe(udev, pdev->vendpoint); urb->transfer_flags = URB_ISO_ASAP; urb->transfer_buffer = pdev->sbuf[i].data; urb->transfer_buffer_length = ISO_BUFFER_SIZE; urb->complete = pwc_isoc_handler; urb->context = pdev; urb->start_frame = 0; urb->number_of_packets = ISO_FRAMES_PER_DESC; for (j = 0; j < ISO_FRAMES_PER_DESC; j++) { urb->iso_frame_desc[j].offset = j * ISO_MAX_FRAME_SIZE; urb->iso_frame_desc[j].length = pdev->vmax_packet_size; } } for (i = 0; i < MAX_ISO_BUFS; i++) { ret = usb_submit_urb(pdev->sbuf[i].urb, GFP_KERNEL); if (ret) PWC_ERROR(""isoc_init() submit_urb %d failed with error %d\n"", i, ret); else PWC_DEBUG_MEMORY(""URB 0x%p submitted.\n"", pdev->sbuf[i].urb); } pdev->iso_init = 1; PWC_DEBUG_OPEN(""<< pwc_isoc_init()\n""); return 0; }",linux-2.6,,,120808960405011628695293072697826456,0 366,[],"pfm_init(void) { unsigned int n, n_counters, i; printk(""perfmon: version %u.%u IRQ %u\n"", PFM_VERSION_MAJ, PFM_VERSION_MIN, IA64_PERFMON_VECTOR); if (pfm_probe_pmu()) { printk(KERN_INFO ""perfmon: disabled, there is no support for processor family %d\n"", local_cpu_data->family); return -ENODEV; } n = 0; for (i=0; PMC_IS_LAST(i) == 0; i++) { if (PMC_IS_IMPL(i) == 0) continue; pmu_conf->impl_pmcs[i>>6] |= 1UL << (i&63); n++; } pmu_conf->num_pmcs = n; n = 0; n_counters = 0; for (i=0; PMD_IS_LAST(i) == 0; i++) { if (PMD_IS_IMPL(i) == 0) continue; pmu_conf->impl_pmds[i>>6] |= 1UL << (i&63); n++; if (PMD_IS_COUNTING(i)) n_counters++; } pmu_conf->num_pmds = n; pmu_conf->num_counters = n_counters; if (pmu_conf->use_rr_dbregs) { if (pmu_conf->num_ibrs > IA64_NUM_DBG_REGS) { printk(KERN_INFO ""perfmon: unsupported number of code debug registers (%u)\n"", pmu_conf->num_ibrs); pmu_conf = NULL; return -1; } if (pmu_conf->num_dbrs > IA64_NUM_DBG_REGS) { printk(KERN_INFO ""perfmon: unsupported number of data debug registers (%u)\n"", pmu_conf->num_ibrs); pmu_conf = NULL; return -1; } } printk(""perfmon: %s PMU detected, %u PMCs, %u PMDs, %u counters (%lu bits)\n"", pmu_conf->pmu_name, pmu_conf->num_pmcs, pmu_conf->num_pmds, pmu_conf->num_counters, ffz(pmu_conf->ovfl_val)); if (pmu_conf->num_pmds >= PFM_NUM_PMD_REGS || pmu_conf->num_pmcs >= PFM_NUM_PMC_REGS) { printk(KERN_ERR ""perfmon: not enough pmc/pmd, perfmon disabled\n""); pmu_conf = NULL; return -1; } perfmon_dir = create_proc_entry(""perfmon"", S_IRUGO, NULL); if (perfmon_dir == NULL) { printk(KERN_ERR ""perfmon: cannot create /proc entry, perfmon disabled\n""); pmu_conf = NULL; return -1; } perfmon_dir->proc_fops = &pfm_proc_fops; pfm_sysctl_header = register_sysctl_table(pfm_sysctl_root); spin_lock_init(&pfm_sessions.pfs_lock); spin_lock_init(&pfm_buffer_fmt_lock); init_pfm_fs(); for(i=0; i < NR_CPUS; i++) pfm_stats[i].pfm_ovfl_intr_cycles_min = ~0UL; return 0; }",linux-2.6,,,279787769305782532137260987408938599808,0 2926,CWE-310,"int hashtable_init(hashtable_t *hashtable) { size_t i; hashtable->size = 0; hashtable->num_buckets = 0; hashtable->buckets = jsonp_malloc(num_buckets(hashtable) * sizeof(bucket_t)); if(!hashtable->buckets) return -1; list_init(&hashtable->list); for(i = 0; i < num_buckets(hashtable); i++) { hashtable->buckets[i].first = hashtable->buckets[i].last = &hashtable->list; } return 0; }",visit repo url,src/hashtable.c,https://github.com/akheron/jansson,193196298574191,1 5854,CWE-125,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_sli( const void *buf, pj_size_t length, unsigned *sli_cnt, pjmedia_rtcp_fb_sli sli[]) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; pj_uint8_t *p; unsigned cnt, i; PJ_ASSERT_RETURN(buf && sli_cnt && sli, PJ_EINVAL); PJ_ASSERT_RETURN(length >= sizeof(pjmedia_rtcp_common), PJ_ETOOSMALL); if (hdr->pt != RTCP_PSFB || hdr->count != 2) return PJ_ENOTFOUND; cnt = pj_ntohs((pj_uint16_t)hdr->length) - 2; if (length < (cnt+3)*4) return PJ_ETOOSMALL; *sli_cnt = PJ_MIN(*sli_cnt, cnt); p = (pj_uint8_t*)hdr + sizeof(*hdr); for (i = 0; i < *sli_cnt; ++i) { sli[i].first = (p[0] << 5) + ((p[1] & 0xF8) >> 3); sli[i].number = ((p[1] & 0x07) << 10) + (p[2] << 2) + ((p[3] & 0xC0) >> 6); sli[i].pict_id = (p[3] & 0x3F); p += 4; } return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,275308183902844,1 5861,CWE-787,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_build_nack( pjmedia_rtcp_session *session, void *buf, pj_size_t *length, unsigned nack_cnt, const pjmedia_rtcp_fb_nack nack[]) { pjmedia_rtcp_common *hdr; pj_uint8_t *p; unsigned len, i; PJ_ASSERT_RETURN(session && buf && length && nack_cnt && nack, PJ_EINVAL); len = (3 + nack_cnt) * 4; if (len > *length) return PJ_ETOOSMALL; hdr = (pjmedia_rtcp_common*)buf; pj_memcpy(hdr, &session->rtcp_rr_pkt.common, sizeof(*hdr)); hdr->pt = RTCP_RTPFB; hdr->count = 1; hdr->length = pj_htons((pj_uint16_t)(len/4 - 1)); p = (pj_uint8_t*)hdr + sizeof(*hdr); for (i = 0; i < nack_cnt; ++i) { pj_uint16_t val; val = pj_htons((pj_uint16_t)nack[i].pid); pj_memcpy(p, &val, 2); val = pj_htons(nack[i].blp); pj_memcpy(p+2, &val, 2); p += 4; } *length = len; return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,268311021085974,1 3697,[],"int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p) { struct cmsghdr *cmsg; int err; for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { err = -EINVAL; if (!CMSG_OK(msg, cmsg)) goto error; if (cmsg->cmsg_level != SOL_SOCKET) continue; switch (cmsg->cmsg_type) { case SCM_RIGHTS: err=scm_fp_copy(cmsg, &p->fp); if (err<0) goto error; break; case SCM_CREDENTIALS: if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred))) goto error; memcpy(&p->creds, CMSG_DATA(cmsg), sizeof(struct ucred)); err = scm_check_creds(&p->creds); if (err) goto error; break; default: goto error; } } if (p->fp && !p->fp->count) { kfree(p->fp); p->fp = NULL; } return 0; error: scm_destroy(p); return err; }",linux-2.6,,,304234483500517556412990720657448814842,0 5974,CWE-120,"static PyObject *__pyx_pw_17clickhouse_driver_6varint_1write_varint(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) { Py_ssize_t __pyx_v_number; PyObject *__pyx_v_buf = 0; PyObject *__pyx_r = 0; __Pyx_RefNannyDeclarations __Pyx_RefNannySetupContext(""write_varint (wrapper)"", 0); { static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_number,&__pyx_n_s_buf,0}; PyObject* values[2] = {0,0}; if (unlikely(__pyx_kwds)) { Py_ssize_t kw_args; const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args); switch (pos_args) { case 2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1); CYTHON_FALLTHROUGH; case 1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0); CYTHON_FALLTHROUGH; case 0: break; default: goto __pyx_L5_argtuple_error; } kw_args = PyDict_Size(__pyx_kwds); switch (pos_args) { case 0: if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_number)) != 0)) kw_args--; else goto __pyx_L5_argtuple_error; CYTHON_FALLTHROUGH; case 1: if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_buf)) != 0)) kw_args--; else { __Pyx_RaiseArgtupleInvalid(""write_varint"", 1, 2, 2, 1); __PYX_ERR(0, 4, __pyx_L3_error) } } if (unlikely(kw_args > 0)) { if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, ""write_varint"") < 0)) __PYX_ERR(0, 4, __pyx_L3_error) } } else if (PyTuple_GET_SIZE(__pyx_args) != 2) { goto __pyx_L5_argtuple_error; } else { values[0] = PyTuple_GET_ITEM(__pyx_args, 0); values[1] = PyTuple_GET_ITEM(__pyx_args, 1); } __pyx_v_number = __Pyx_PyIndex_AsSsize_t(values[0]); if (unlikely((__pyx_v_number == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 4, __pyx_L3_error) __pyx_v_buf = values[1]; } goto __pyx_L4_argument_unpacking_done; __pyx_L5_argtuple_error:; __Pyx_RaiseArgtupleInvalid(""write_varint"", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 4, __pyx_L3_error) __pyx_L3_error:; __Pyx_AddTraceback(""clickhouse_driver.varint.write_varint"", __pyx_clineno, __pyx_lineno, __pyx_filename); __Pyx_RefNannyFinishContext(); return NULL; __pyx_L4_argument_unpacking_done:; __pyx_r = __pyx_pf_17clickhouse_driver_6varint_write_varint(__pyx_self, __pyx_v_number, __pyx_v_buf); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/varint.c,https://github.com/mymarilyn/clickhouse-driver,216262432623105,1 4796,[],"void selinux_netlbl_inet_conn_established(struct sock *sk, u16 family) { int rc; struct sk_security_struct *sksec = sk->sk_security; struct netlbl_lsm_secattr *secattr; struct inet_sock *sk_inet = inet_sk(sk); struct sockaddr_in addr; if (sksec->nlbl_state != NLBL_REQUIRE) return; secattr = selinux_netlbl_sock_genattr(sk); if (secattr == NULL) return; rc = netlbl_sock_setattr(sk, secattr); switch (rc) { case 0: sksec->nlbl_state = NLBL_LABELED; break; case -EDESTADDRREQ: if (family != PF_INET) { sksec->nlbl_state = NLBL_UNSET; return; } addr.sin_family = family; addr.sin_addr.s_addr = sk_inet->daddr; if (netlbl_conn_setattr(sk, (struct sockaddr *)&addr, secattr) != 0) { struct inet_connection_sock *sk_conn = inet_csk(sk); sk_conn->icsk_ext_hdr_len += 40 - (sk_inet->opt ? sk_inet->opt->optlen : 0); sk_conn->icsk_sync_mss(sk, sk_conn->icsk_pmtu_cookie); sksec->nlbl_state = NLBL_REQSKB; } else sksec->nlbl_state = NLBL_CONNLABELED; break; default: break; } }",linux-2.6,,,96436756943755987459270257042699003660,0 6430,CWE-20,"void lpc546xxEthDisableIrq(NetInterface *interface) { NVIC_DisableIRQ(ETHERNET_IRQn); if(interface->phyDriver != NULL) { interface->phyDriver->disableIrq(interface); } else if(interface->switchDriver != NULL) { interface->switchDriver->disableIrq(interface); } else { } }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,92061927552225,1 3419,['CWE-264'],"asmlinkage long sys_lchown(const char __user * filename, uid_t user, gid_t group) { struct nameidata nd; int error; error = user_path_walk_link(filename, &nd); if (error) goto out; error = chown_common(nd.dentry, user, group); path_release(&nd); out: return error; }",linux-2.6,,,240019460742190574773636281205432945850,0 6682,['CWE-200'],"foo_device_state_changed_cb (NMDevice *device, NMDeviceState new_state, NMDeviceState old_state, NMDeviceStateReason reason, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); NMADeviceClass *dclass; dclass = get_device_class (device, applet); g_assert (dclass); dclass->device_state_changed (device, new_state, old_state, reason, applet); applet_common_device_state_changed (device, new_state, old_state, reason, applet); applet_schedule_update_icon (applet); }",network-manager-applet,,,339084166172039026933314961504321885062,0 3843,CWE-416,"find_pattern_in_path( char_u *ptr, int dir UNUSED, int len, int whole, int skip_comments, int type, long count, int action, linenr_T start_lnum, linenr_T end_lnum) { SearchedFile *files; SearchedFile *bigger; int max_path_depth = 50; long match_count = 1; char_u *pat; char_u *new_fname; char_u *curr_fname = curbuf->b_fname; char_u *prev_fname = NULL; linenr_T lnum; int depth; int depth_displayed; int old_files; int already_searched; char_u *file_line; char_u *line; char_u *p; char_u save_char; int define_matched; regmatch_T regmatch; regmatch_T incl_regmatch; regmatch_T def_regmatch; int matched = FALSE; int did_show = FALSE; int found = FALSE; int i; char_u *already = NULL; char_u *startp = NULL; char_u *inc_opt = NULL; #if defined(FEAT_QUICKFIX) win_T *curwin_save = NULL; #endif regmatch.regprog = NULL; incl_regmatch.regprog = NULL; def_regmatch.regprog = NULL; file_line = alloc(LSIZE); if (file_line == NULL) return; if (type != CHECK_PATH && type != FIND_DEFINE && !compl_status_sol()) { pat = alloc(len + 5); if (pat == NULL) goto fpip_end; sprintf((char *)pat, whole ? ""\\<%.*s\\>"" : ""%.*s"", len, ptr); regmatch.rm_ic = ignorecase(pat); regmatch.regprog = vim_regcomp(pat, magic_isset() ? RE_MAGIC : 0); vim_free(pat); if (regmatch.regprog == NULL) goto fpip_end; } inc_opt = (*curbuf->b_p_inc == NUL) ? p_inc : curbuf->b_p_inc; if (*inc_opt != NUL) { incl_regmatch.regprog = vim_regcomp(inc_opt, magic_isset() ? RE_MAGIC : 0); if (incl_regmatch.regprog == NULL) goto fpip_end; incl_regmatch.rm_ic = FALSE; } if (type == FIND_DEFINE && (*curbuf->b_p_def != NUL || *p_def != NUL)) { def_regmatch.regprog = vim_regcomp(*curbuf->b_p_def == NUL ? p_def : curbuf->b_p_def, magic_isset() ? RE_MAGIC : 0); if (def_regmatch.regprog == NULL) goto fpip_end; def_regmatch.rm_ic = FALSE; } files = lalloc_clear(max_path_depth * sizeof(SearchedFile), TRUE); if (files == NULL) goto fpip_end; old_files = max_path_depth; depth = depth_displayed = -1; lnum = start_lnum; if (end_lnum > curbuf->b_ml.ml_line_count) end_lnum = curbuf->b_ml.ml_line_count; if (lnum > end_lnum) lnum = end_lnum; line = ml_get(lnum); for (;;) { if (incl_regmatch.regprog != NULL && vim_regexec(&incl_regmatch, line, (colnr_T)0)) { char_u *p_fname = (curr_fname == curbuf->b_fname) ? curbuf->b_ffname : curr_fname; if (inc_opt != NULL && strstr((char *)inc_opt, ""\\zs"") != NULL) new_fname = find_file_name_in_path(incl_regmatch.startp[0], (int)(incl_regmatch.endp[0] - incl_regmatch.startp[0]), FNAME_EXP|FNAME_INCL|FNAME_REL, 1L, p_fname); else new_fname = file_name_in_line(incl_regmatch.endp[0], 0, FNAME_EXP|FNAME_INCL|FNAME_REL, 1L, p_fname, NULL); already_searched = FALSE; if (new_fname != NULL) { for (i = 0;; i++) { if (i == depth + 1) i = old_files; if (i == max_path_depth) break; if (fullpathcmp(new_fname, files[i].name, TRUE, TRUE) & FPC_SAME) { if (type != CHECK_PATH && action == ACTION_SHOW_ALL && files[i].matched) { msg_putchar('\n'); if (!got_int) { msg_home_replace_hl(new_fname); msg_puts(_("" (includes previously listed match)"")); prev_fname = NULL; } } VIM_CLEAR(new_fname); already_searched = TRUE; break; } } } if (type == CHECK_PATH && (action == ACTION_SHOW_ALL || (new_fname == NULL && !already_searched))) { if (did_show) msg_putchar('\n'); else { gotocmdline(TRUE); msg_puts_title(_(""--- Included files "")); if (action != ACTION_SHOW_ALL) msg_puts_title(_(""not found "")); msg_puts_title(_(""in path ---\n"")); } did_show = TRUE; while (depth_displayed < depth && !got_int) { ++depth_displayed; for (i = 0; i < depth_displayed; i++) msg_puts("" ""); msg_home_replace(files[depth_displayed].name); msg_puts("" -->\n""); } if (!got_int) { for (i = 0; i <= depth_displayed; i++) msg_puts("" ""); if (new_fname != NULL) { msg_outtrans_attr(new_fname, HL_ATTR(HLF_D)); } else { if (inc_opt != NULL && strstr((char *)inc_opt, ""\\zs"") != NULL) { p = incl_regmatch.startp[0]; i = (int)(incl_regmatch.endp[0] - incl_regmatch.startp[0]); } else { for (p = incl_regmatch.endp[0]; *p && !vim_isfilec(*p); p++) ; for (i = 0; vim_isfilec(p[i]); i++) ; } if (i == 0) { p = incl_regmatch.endp[0]; i = (int)STRLEN(p); } else if (p > line) { if (p[-1] == '""' || p[-1] == '<') { --p; ++i; } if (p[i] == '""' || p[i] == '>') ++i; } save_char = p[i]; p[i] = NUL; msg_outtrans_attr(p, HL_ATTR(HLF_D)); p[i] = save_char; } if (new_fname == NULL && action == ACTION_SHOW_ALL) { if (already_searched) msg_puts(_("" (Already listed)"")); else msg_puts(_("" NOT FOUND"")); } } out_flush(); } if (new_fname != NULL) { if (depth + 1 == old_files) { bigger = ALLOC_MULT(SearchedFile, max_path_depth * 2); if (bigger != NULL) { for (i = 0; i <= depth; i++) bigger[i] = files[i]; for (i = depth + 1; i < old_files + max_path_depth; i++) { bigger[i].fp = NULL; bigger[i].name = NULL; bigger[i].lnum = 0; bigger[i].matched = FALSE; } for (i = old_files; i < max_path_depth; i++) bigger[i + max_path_depth] = files[i]; old_files += max_path_depth; max_path_depth *= 2; vim_free(files); files = bigger; } } if ((files[depth + 1].fp = mch_fopen((char *)new_fname, ""r"")) == NULL) vim_free(new_fname); else { if (++depth == old_files) { vim_free(files[old_files].name); ++old_files; } files[depth].name = curr_fname = new_fname; files[depth].lnum = 0; files[depth].matched = FALSE; if (action == ACTION_EXPAND) { msg_hist_off = TRUE; vim_snprintf((char*)IObuff, IOSIZE, _(""Scanning included file: %s""), (char *)new_fname); msg_trunc_attr((char *)IObuff, TRUE, HL_ATTR(HLF_R)); } else if (p_verbose >= 5) { verbose_enter(); smsg(_(""Searching included file %s""), (char *)new_fname); verbose_leave(); } } } } else { p = line; search_line: define_matched = FALSE; if (def_regmatch.regprog != NULL && vim_regexec(&def_regmatch, line, (colnr_T)0)) { p = def_regmatch.endp[0]; while (*p && !vim_iswordc(*p)) p++; define_matched = TRUE; } if (def_regmatch.regprog == NULL || define_matched) { if (define_matched || compl_status_sol()) { startp = skipwhite(p); if (p_ic) matched = !MB_STRNICMP(startp, ptr, len); else matched = !STRNCMP(startp, ptr, len); if (matched && define_matched && whole && vim_iswordc(startp[len])) matched = FALSE; } else if (regmatch.regprog != NULL && vim_regexec(®match, line, (colnr_T)(p - line))) { matched = TRUE; startp = regmatch.startp[0]; if (!define_matched && skip_comments) { if ((*line != '#' || STRNCMP(skipwhite(line + 1), ""define"", 6) != 0) && get_leader_len(line, NULL, FALSE, TRUE)) matched = FALSE; p = skipwhite(line); if (matched || (p[0] == '/' && p[1] == '*') || p[0] == '*') for (p = line; *p && p < startp; ++p) { if (matched && p[0] == '/' && (p[1] == '*' || p[1] == '/')) { matched = FALSE; if (p[1] == '/') break; ++p; } else if (!matched && p[0] == '*' && p[1] == '/') { matched = TRUE; ++p; } } } } } } if (matched) { if (action == ACTION_EXPAND) { int cont_s_ipos = FALSE; int add_r; char_u *aux; if (depth == -1 && lnum == curwin->w_cursor.lnum) break; found = TRUE; aux = p = startp; if (compl_status_adding()) { p += ins_compl_len(); if (vim_iswordp(p)) goto exit_matched; p = find_word_start(p); } p = find_word_end(p); i = (int)(p - aux); if (compl_status_adding() && i == ins_compl_len()) { STRNCPY(IObuff, aux, i); if (depth < 0) { if (lnum >= end_lnum) goto exit_matched; line = ml_get(++lnum); } else if (vim_fgets(line = file_line, LSIZE, files[depth].fp)) goto exit_matched; already = aux = p = skipwhite(line); p = find_word_start(p); p = find_word_end(p); if (p > aux) { if (*aux != ')' && IObuff[i-1] != TAB) { if (IObuff[i-1] != ' ') IObuff[i++] = ' '; if (p_js && (IObuff[i-2] == '.' || (vim_strchr(p_cpo, CPO_JOINSP) == NULL && (IObuff[i-2] == '?' || IObuff[i-2] == '!')))) IObuff[i++] = ' '; } if (p - aux >= IOSIZE - i) p = aux + IOSIZE - i - 1; STRNCPY(IObuff + i, aux, p - aux); i += (int)(p - aux); cont_s_ipos = TRUE; } IObuff[i] = NUL; aux = IObuff; if (i == ins_compl_len()) goto exit_matched; } add_r = ins_compl_add_infercase(aux, i, p_ic, curr_fname == curbuf->b_fname ? NULL : curr_fname, dir, cont_s_ipos); if (add_r == OK) dir = FORWARD; else if (add_r == FAIL) break; } else if (action == ACTION_SHOW_ALL) { found = TRUE; if (!did_show) gotocmdline(TRUE); if (curr_fname != prev_fname) { if (did_show) msg_putchar('\n'); if (!got_int) msg_home_replace_hl(curr_fname); prev_fname = curr_fname; } did_show = TRUE; if (!got_int) show_pat_in_path(line, type, TRUE, action, (depth == -1) ? NULL : files[depth].fp, (depth == -1) ? &lnum : &files[depth].lnum, match_count++); for (i = 0; i <= depth; ++i) files[i].matched = TRUE; } else if (--count <= 0) { found = TRUE; if (depth == -1 && lnum == curwin->w_cursor.lnum #if defined(FEAT_QUICKFIX) && g_do_tagpreview == 0 #endif ) emsg(_(e_match_is_on_current_line)); else if (action == ACTION_SHOW) { show_pat_in_path(line, type, did_show, action, (depth == -1) ? NULL : files[depth].fp, (depth == -1) ? &lnum : &files[depth].lnum, 1L); did_show = TRUE; } else { #ifdef FEAT_GUI need_mouse_correct = TRUE; #endif #if defined(FEAT_QUICKFIX) if (g_do_tagpreview != 0) { curwin_save = curwin; prepare_tagpreview(TRUE, TRUE, FALSE); } #endif if (action == ACTION_SPLIT) { if (win_split(0, 0) == FAIL) break; RESET_BINDING(curwin); } if (depth == -1) { #if defined(FEAT_QUICKFIX) if (g_do_tagpreview != 0) { if (!win_valid(curwin_save)) break; if (!GETFILE_SUCCESS(getfile( curwin_save->w_buffer->b_fnum, NULL, NULL, TRUE, lnum, FALSE))) break; } else #endif setpcmark(); curwin->w_cursor.lnum = lnum; check_cursor(); } else { if (!GETFILE_SUCCESS(getfile( 0, files[depth].name, NULL, TRUE, files[depth].lnum, FALSE))) break; curwin->w_cursor.lnum = files[depth].lnum; } } if (action != ACTION_SHOW) { curwin->w_cursor.col = (colnr_T)(startp - line); curwin->w_set_curswant = TRUE; } #if defined(FEAT_QUICKFIX) if (g_do_tagpreview != 0 && curwin != curwin_save && win_valid(curwin_save)) { validate_cursor(); redraw_later(VALID); win_enter(curwin_save, TRUE); } # ifdef FEAT_PROP_POPUP else if (WIN_IS_POPUP(curwin)) win_enter(firstwin, TRUE); # endif #endif break; } exit_matched: matched = FALSE; if (def_regmatch.regprog == NULL && action == ACTION_EXPAND && !compl_status_sol() && *startp != NUL && *(p = startp + mb_ptr2len(startp)) != NUL) goto search_line; } line_breakcheck(); if (action == ACTION_EXPAND) ins_compl_check_keys(30, FALSE); if (got_int || ins_compl_interrupted()) break; while (depth >= 0 && !already && vim_fgets(line = file_line, LSIZE, files[depth].fp)) { fclose(files[depth].fp); --old_files; files[old_files].name = files[depth].name; files[old_files].matched = files[depth].matched; --depth; curr_fname = (depth == -1) ? curbuf->b_fname : files[depth].name; if (depth < depth_displayed) depth_displayed = depth; } if (depth >= 0) { files[depth].lnum++; i = (int)STRLEN(line); if (i > 0 && line[i - 1] == '\n') line[--i] = NUL; if (i > 0 && line[i - 1] == '\r') line[--i] = NUL; } else if (!already) { if (++lnum > end_lnum) break; line = ml_get(lnum); } already = NULL; } for (i = 0; i <= depth; i++) { fclose(files[i].fp); vim_free(files[i].name); } for (i = old_files; i < max_path_depth; i++) vim_free(files[i].name); vim_free(files); if (type == CHECK_PATH) { if (!did_show) { if (action != ACTION_SHOW_ALL) msg(_(""All included files were found"")); else msg(_(""No included files"")); } } else if (!found && action != ACTION_EXPAND) { if (got_int || ins_compl_interrupted()) emsg(_(e_interrupted)); else if (type == FIND_DEFINE) emsg(_(e_couldnt_find_definition)); else emsg(_(e_couldnt_find_pattern)); } if (action == ACTION_SHOW || action == ACTION_SHOW_ALL) msg_end(); fpip_end: vim_free(file_line); vim_regfree(regmatch.regprog); vim_regfree(incl_regmatch.regprog); vim_regfree(def_regmatch.regprog); }",visit repo url,src/search.c,https://github.com/vim/vim,173866641502999,1 2933,CWE-310,"int use_env() { int indent; size_t flags = 0; json_t *json; json_error_t error; #ifdef _WIN32 _setmode(_fileno(stdout), _O_BINARY); _setmode(_fileno(stderr), _O_BINARY); #endif indent = getenv_int(""JSON_INDENT""); if(indent < 0 || indent > 255) { fprintf(stderr, ""invalid value for JSON_INDENT: %d\n"", indent); return 2; } if(indent > 0) flags |= JSON_INDENT(indent); if(getenv_int(""JSON_COMPACT"") > 0) flags |= JSON_COMPACT; if(getenv_int(""JSON_ENSURE_ASCII"")) flags |= JSON_ENSURE_ASCII; if(getenv_int(""JSON_PRESERVE_ORDER"")) flags |= JSON_PRESERVE_ORDER; if(getenv_int(""JSON_SORT_KEYS"")) flags |= JSON_SORT_KEYS; if(getenv_int(""STRIP"")) { size_t size = 0, used = 0; char *buffer = NULL; while(1) { size_t count; size = (size == 0 ? 128 : size * 2); buffer = realloc(buffer, size); if(!buffer) { fprintf(stderr, ""Unable to allocate %d bytes\n"", (int)size); return 1; } count = fread(buffer + used, 1, size - used, stdin); if(count < size - used) { buffer[used + count] = '\0'; break; } used += count; } json = json_loads(strip(buffer), 0, &error); free(buffer); } else json = json_loadf(stdin, 0, &error); if(!json) { fprintf(stderr, ""%d %d %d\n%s\n"", error.line, error.column, error.position, error.text); return 1; } json_dumpf(json, stdout, flags); json_decref(json); return 0; }",visit repo url,test/bin/json_process.c,https://github.com/akheron/jansson,169115327835823,1 2199,CWE-362,"unsigned long insn_get_seg_base(struct pt_regs *regs, int seg_reg_idx) { struct desc_struct *desc; short sel; sel = get_segment_selector(regs, seg_reg_idx); if (sel < 0) return -1L; if (v8086_mode(regs)) return (unsigned long)(sel << 4); if (user_64bit_mode(regs)) { unsigned long base; if (seg_reg_idx == INAT_SEG_REG_FS) rdmsrl(MSR_FS_BASE, base); else if (seg_reg_idx == INAT_SEG_REG_GS) rdmsrl(MSR_KERNEL_GS_BASE, base); else base = 0; return base; } if (!sel) return -1L; desc = get_desc(sel); if (!desc) return -1L; return get_desc_base(desc); }",visit repo url,arch/x86/lib/insn-eval.c,https://github.com/torvalds/linux,178480431139167,1 2123,['CWE-119'],"static inline void __set_tss_desc(unsigned cpu, unsigned int entry, void *addr) { struct desc_struct *d = get_cpu_gdt_table(cpu); tss_desc tss; set_tssldt_descriptor(&tss, (unsigned long)addr, DESC_TSS, IO_BITMAP_OFFSET + IO_BITMAP_BYTES + sizeof(unsigned long) - 1); write_gdt_entry(d, entry, &tss, DESC_TSS); }",linux-2.6,,,265824652559166921186425863832132757825,0 2986,NVD-CWE-noinfo,"cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h, const void *p, size_t tail, int line) { const char *b = (const char *)sst->sst_tab; const char *e = ((const char *)p) + tail; (void)&line; if (e >= b && (size_t)(e - b) <= CDF_SEC_SIZE(h) * sst->sst_len) return 0; DPRINTF((""%d: offset begin %p < end %p || %"" SIZE_T_FORMAT ""u"" "" > %"" SIZE_T_FORMAT ""u [%"" SIZE_T_FORMAT ""u %"" SIZE_T_FORMAT ""u]\n"", line, b, e, (size_t)(e - b), CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len)); errno = EFTYPE; return -1; }",visit repo url,src/cdf.c,https://github.com/file/file,988846055561,1 4366,['CWE-264'],"int sock_no_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { return -EOPNOTSUPP; }",linux-2.6,,,186124271895631997360973603312766262198,0 2789,CWE-190,"static BOOL gdi_Bitmap_Decompress(rdpContext* context, rdpBitmap* bitmap, const BYTE* pSrcData, UINT32 DstWidth, UINT32 DstHeight, UINT32 bpp, UINT32 length, BOOL compressed, UINT32 codecId) { UINT32 SrcSize = length; rdpGdi* gdi = context->gdi; bitmap->compressed = FALSE; bitmap->format = gdi->dstFormat; bitmap->length = DstWidth * DstHeight * GetBytesPerPixel(bitmap->format); bitmap->data = (BYTE*) _aligned_malloc(bitmap->length, 16); if (!bitmap->data) return FALSE; if (compressed) { if (bpp < 32) { if (!interleaved_decompress(context->codecs->interleaved, pSrcData, SrcSize, DstWidth, DstHeight, bpp, bitmap->data, bitmap->format, 0, 0, 0, DstWidth, DstHeight, &gdi->palette)) return FALSE; } else { if (!planar_decompress(context->codecs->planar, pSrcData, SrcSize, DstWidth, DstHeight, bitmap->data, bitmap->format, 0, 0, 0, DstWidth, DstHeight, TRUE)) return FALSE; } } else { const UINT32 SrcFormat = gdi_get_pixel_format(bpp); const size_t sbpp = GetBytesPerPixel(SrcFormat); const size_t dbpp = GetBytesPerPixel(bitmap->format); if ((sbpp == 0) || (dbpp == 0)) return FALSE; else { const size_t dstSize = SrcSize * dbpp / sbpp; if (dstSize < bitmap->length) return FALSE; } if (!freerdp_image_copy(bitmap->data, bitmap->format, 0, 0, 0, DstWidth, DstHeight, pSrcData, SrcFormat, 0, 0, 0, &gdi->palette, FREERDP_FLIP_VERTICAL)) return FALSE; } return TRUE; }",visit repo url,libfreerdp/gdi/graphics.c,https://github.com/FreeRDP/FreeRDP,226010083230773,1 2031,['CWE-269'],"static void expire_mount(struct vfsmount *mnt, struct list_head *mounts, struct list_head *umounts) { spin_lock(&vfsmount_lock); if (mnt->mnt_parent == mnt) { spin_unlock(&vfsmount_lock); return; } if (!propagate_mount_busy(mnt, 2)) { touch_mnt_namespace(mnt->mnt_ns); list_del_init(&mnt->mnt_list); mnt->mnt_ns = NULL; umount_tree(mnt, 1, umounts); spin_unlock(&vfsmount_lock); } else { list_add_tail(&mnt->mnt_expire, mounts); spin_unlock(&vfsmount_lock); } }",linux-2.6,,,14654708983246108295232867263964442768,0 2887,CWE-119,"static int readContigTilesIntoBuffer (TIFF* in, uint8* buf, uint32 imagelength, uint32 imagewidth, uint32 tw, uint32 tl, tsample_t spp, uint16 bps) { int status = 1; tsample_t sample = 0; tsample_t count = spp; uint32 row, col, trow; uint32 nrow, ncol; uint32 dst_rowsize, shift_width; uint32 bytes_per_sample, bytes_per_pixel; uint32 trailing_bits, prev_trailing_bits; uint32 tile_rowsize = TIFFTileRowSize(in); uint32 src_offset, dst_offset; uint32 row_offset, col_offset; uint8 *bufp = (uint8*) buf; unsigned char *src = NULL; unsigned char *dst = NULL; tsize_t tbytes = 0, tile_buffsize = 0; tsize_t tilesize = TIFFTileSize(in); unsigned char *tilebuf = NULL; bytes_per_sample = (bps + 7) / 8; bytes_per_pixel = ((bps * spp) + 7) / 8; if ((bps % 8) == 0) shift_width = 0; else { if (bytes_per_pixel < (bytes_per_sample + 1)) shift_width = bytes_per_pixel; else shift_width = bytes_per_sample + 1; } tile_buffsize = tilesize; if (tilesize == 0 || tile_rowsize == 0) { TIFFError(""readContigTilesIntoBuffer"", ""Tile size or tile rowsize is zero""); exit(-1); } if (tilesize < (tsize_t)(tl * tile_rowsize)) { #ifdef DEBUG2 TIFFError(""readContigTilesIntoBuffer"", ""Tilesize %lu is too small, using alternate calculation %u"", tilesize, tl * tile_rowsize); #endif tile_buffsize = tl * tile_rowsize; if (tl != (tile_buffsize / tile_rowsize)) { TIFFError(""readContigTilesIntoBuffer"", ""Integer overflow when calculating buffer size.""); exit(-1); } } tilebuf = _TIFFmalloc(tile_buffsize); if (tilebuf == 0) return 0; dst_rowsize = ((imagewidth * bps * spp) + 7) / 8; for (row = 0; row < imagelength; row += tl) { nrow = (row + tl > imagelength) ? imagelength - row : tl; for (col = 0; col < imagewidth; col += tw) { tbytes = TIFFReadTile(in, tilebuf, col, row, 0, 0); if (tbytes < tilesize && !ignore) { TIFFError(TIFFFileName(in), ""Error, can't read tile at row %lu col %lu, Read %lu bytes of %lu"", (unsigned long) col, (unsigned long) row, (unsigned long)tbytes, (unsigned long)tilesize); status = 0; _TIFFfree(tilebuf); return status; } row_offset = row * dst_rowsize; col_offset = ((col * bps * spp) + 7)/ 8; bufp = buf + row_offset + col_offset; if (col + tw > imagewidth) ncol = imagewidth - col; else ncol = tw; if (((bps % 8) == 0) && (count == spp)) { for (trow = 0; trow < nrow; trow++) { src_offset = trow * tile_rowsize; _TIFFmemcpy (bufp, tilebuf + src_offset, (ncol * spp * bps) / 8); bufp += (imagewidth * bps * spp) / 8; } } else { prev_trailing_bits = trailing_bits = 0; trailing_bits = (ncol * bps * spp) % 8; for (trow = 0; trow < nrow; trow++) { src_offset = trow * tile_rowsize; src = tilebuf + src_offset; dst_offset = (row + trow) * dst_rowsize; dst = buf + dst_offset + col_offset; switch (shift_width) { case 0: if (extractContigSamplesBytes (src, dst, ncol, sample, spp, bps, count, 0, ncol)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; case 1: if (bps == 1) { if (extractContigSamplesShifted8bits (src, dst, ncol, sample, spp, bps, count, 0, ncol, prev_trailing_bits)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; } else if (extractContigSamplesShifted16bits (src, dst, ncol, sample, spp, bps, count, 0, ncol, prev_trailing_bits)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; case 2: if (extractContigSamplesShifted24bits (src, dst, ncol, sample, spp, bps, count, 0, ncol, prev_trailing_bits)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; case 3: case 4: case 5: if (extractContigSamplesShifted32bits (src, dst, ncol, sample, spp, bps, count, 0, ncol, prev_trailing_bits)) { TIFFError(""readContigTilesIntoBuffer"", ""Unable to extract row %d from tile %lu"", row, (unsigned long)TIFFCurrentTile(in)); return 1; } break; default: TIFFError(""readContigTilesIntoBuffer"", ""Unsupported bit depth %d"", bps); return 1; } } prev_trailing_bits += trailing_bits; } } } _TIFFfree(tilebuf); return status; }",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,260775928809453,1 3447,CWE-264,"int cg_mkdir(const char *path, mode_t mode) { struct fuse_context *fc = fuse_get_context(); char *fpath = NULL, *path1, *cgdir = NULL, *controller; const char *cgroup; int ret; if (!fc) return -EIO; controller = pick_controller_from_path(fc, path); if (!controller) return -EINVAL; cgroup = find_cgroup_in_path(path); if (!cgroup) return -EINVAL; get_cgdir_and_path(cgroup, &cgdir, &fpath); if (!fpath) path1 = ""/""; else path1 = cgdir; if (!fc_may_access(fc, controller, path1, NULL, O_RDWR)) { ret = -EACCES; goto out; } if (!caller_is_in_ancestor(fc->pid, controller, path1, NULL)) { ret = -EACCES; goto out; } ret = cgfs_create(controller, cgroup, fc->uid, fc->gid); printf(""cgfs_create returned %d for %s %s\n"", ret, controller, cgroup); out: free(cgdir); return ret; }",visit repo url,lxcfs.c,https://github.com/lxc/lxcfs,179726772907576,1 6048,['CWE-200'],"static void cbq_unlink_class(struct cbq_class *this) { struct cbq_class *cl, **clp; struct cbq_sched_data *q = qdisc_priv(this->qdisc); for (clp = &q->classes[cbq_hash(this->classid)]; (cl = *clp) != NULL; clp = &cl->next) { if (cl == this) { *clp = cl->next; cl->next = NULL; break; } } if (this->tparent) { clp=&this->sibling; cl = *clp; do { if (cl == this) { *clp = cl->sibling; break; } clp = &cl->sibling; } while ((cl = *clp) != this->sibling); if (this->tparent->children == this) { this->tparent->children = this->sibling; if (this->sibling == this) this->tparent->children = NULL; } } else { BUG_TRAP(this->sibling == this); } }",linux-2.6,,,315359679301913129920929129964251689008,0 184,CWE-362,"void jbd2_journal_lock_updates(journal_t *journal) { DEFINE_WAIT(wait); jbd2_might_wait_for_commit(journal); write_lock(&journal->j_state_lock); ++journal->j_barrier_count; if (atomic_read(&journal->j_reserved_credits)) { write_unlock(&journal->j_state_lock); wait_event(journal->j_wait_reserved, atomic_read(&journal->j_reserved_credits) == 0); write_lock(&journal->j_state_lock); } jbd2_journal_wait_updates(journal); write_unlock(&journal->j_state_lock); mutex_lock(&journal->j_barrier); }",visit repo url,fs/jbd2/transaction.c,https://github.com/torvalds/linux,242557648066013,1 3891,['CWE-399'],"static void tda8425_setmode(struct CHIPSTATE *chip, int mode) { int s1 = chip->shadow.bytes[TDA8425_S1+1] & 0xe1; if (mode & V4L2_TUNER_MODE_LANG1) { s1 |= TDA8425_S1_ML_SOUND_A; s1 |= TDA8425_S1_STEREO_PSEUDO; } else if (mode & V4L2_TUNER_MODE_LANG2) { s1 |= TDA8425_S1_ML_SOUND_B; s1 |= TDA8425_S1_STEREO_PSEUDO; } else { s1 |= TDA8425_S1_ML_STEREO; if (mode & V4L2_TUNER_MODE_MONO) s1 |= TDA8425_S1_STEREO_MONO; if (mode & V4L2_TUNER_MODE_STEREO) s1 |= TDA8425_S1_STEREO_SPATIAL; } chip_write(chip,TDA8425_S1,s1); }",linux-2.6,,,222367751528633480051627995493944732567,0 1893,CWE-665,"static void kvm_vcpu_ioctl_x86_get_debugregs(struct kvm_vcpu *vcpu, struct kvm_debugregs *dbgregs) { unsigned long val; memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db)); kvm_get_dr(vcpu, 6, &val); dbgregs->dr6 = val; dbgregs->dr7 = vcpu->arch.dr7; dbgregs->flags = 0; memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved)); }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,109442299349923,1 1508,CWE-264,"validate_group(struct perf_event *event) { struct perf_event *sibling, *leader = event->group_leader; struct pmu_hw_events fake_pmu; DECLARE_BITMAP(fake_used_mask, ARMPMU_MAX_HWEVENTS); memset(fake_used_mask, 0, sizeof(fake_used_mask)); fake_pmu.used_mask = fake_used_mask; if (!validate_event(&fake_pmu, leader)) return -EINVAL; list_for_each_entry(sibling, &leader->sibling_list, group_entry) { if (!validate_event(&fake_pmu, sibling)) return -EINVAL; } if (!validate_event(&fake_pmu, event)) return -EINVAL; return 0; }",visit repo url,arch/arm64/kernel/perf_event.c,https://github.com/torvalds/linux,181302274546344,1 4364,CWE-59,"static int fsmMkdirs(rpmfiles files, rpmfs fs, rpmPlugins plugins) { DNLI_t dnli = dnlInitIterator(files, fs, 0); struct stat sb; const char *dpath; int rc = 0; int i; size_t ldnlen = 0; const char * ldn = NULL; while ((dpath = dnlNextIterator(dnli)) != NULL) { size_t dnlen = strlen(dpath); char * te, dn[dnlen+1]; if (dnlen <= 1) continue; if (dnlen == ldnlen && rstreq(dpath, ldn)) continue; (void) stpcpy(dn, dpath); for (i = 1, te = dn + 1; *te != '\0'; te++, i++) { if (*te != '/') continue; if (i < ldnlen && (ldn[i] == '/' || ldn[i] == '\0') && rstreqn(dn, ldn, i)) continue; *te = '\0'; rc = fsmStat(dn, 1, &sb); *te = '/'; if (rc == 0 && S_ISDIR(sb.st_mode)) { continue; } else if (rc == RPMERR_ENOENT) { *te = '\0'; mode_t mode = S_IFDIR | (_dirPerms & 07777); rpmFsmOp op = (FA_CREATE|FAF_UNOWNED); rc = rpmpluginsCallFsmFilePre(plugins, NULL, dn, mode, op); if (!rc) rc = fsmMkdir(dn, mode); if (!rc) { rc = rpmpluginsCallFsmFilePrepare(plugins, NULL, dn, dn, mode, op); } rpmpluginsCallFsmFilePost(plugins, NULL, dn, mode, op, rc); if (!rc) { rpmlog(RPMLOG_DEBUG, ""%s directory created with perms %04o\n"", dn, (unsigned)(mode & 07777)); } *te = '/'; } if (rc) break; } if (rc) break; ldn = dpath; ldnlen = dnlen; } dnlFreeIterator(dnli); return rc; }",visit repo url,lib/fsm.c,https://github.com/rpm-software-management/rpm,176092156914172,1 5790,['CWE-200'],"static int handle_ip_over_ddp(struct sk_buff *skb) { struct net_device *dev = __dev_get_by_name(&init_net, ""ipddp0""); struct net_device_stats *stats; if (!dev) return -ENODEV; skb->protocol = htons(ETH_P_IP); skb_pull(skb, 13); skb->dev = dev; skb_reset_transport_header(skb); stats = netdev_priv(dev); stats->rx_packets++; stats->rx_bytes += skb->len + 13; netif_rx(skb); return 0; }",linux-2.6,,,79106646792186981451750111315881810589,0 4374,CWE-682,"IW_IMPL(int) iw_get_i32le(const iw_byte *b) { return (iw_int32)(iw_uint32)(b[0] | (b[1]<<8) | (b[2]<<16) | (b[3]<<24)); }",visit repo url,src/imagew-util.c,https://github.com/jsummers/imageworsener,28912640259217,1 4975,CWE-125,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 4147,CWE-835,"xmlParsePEReference(xmlParserCtxtPtr ctxt) { const xmlChar *name; xmlEntityPtr entity = NULL; xmlParserInputPtr input; if (RAW != '%') return; NEXT; name = xmlParseName(ctxt); if (name == NULL) { xmlFatalErrMsg(ctxt, XML_ERR_PEREF_NO_NAME, ""PEReference: no name\n""); return; } if (xmlParserDebugEntities) xmlGenericError(xmlGenericErrorContext, ""PEReference: %s\n"", name); if (RAW != ';') { xmlFatalErr(ctxt, XML_ERR_PEREF_SEMICOL_MISSING, NULL); return; } NEXT; ctxt->nbentities++; if ((ctxt->sax != NULL) && (ctxt->sax->getParameterEntity != NULL)) entity = ctxt->sax->getParameterEntity(ctxt->userData, name); if (ctxt->instate == XML_PARSER_EOF) return; if (entity == NULL) { if ((ctxt->standalone == 1) || ((ctxt->hasExternalSubset == 0) && (ctxt->hasPErefs == 0))) { xmlFatalErrMsgStr(ctxt, XML_ERR_UNDECLARED_ENTITY, ""PEReference: %%%s; not found\n"", name); } else { if ((ctxt->validate) && (ctxt->vctxt.error != NULL)) { xmlValidityError(ctxt, XML_WAR_UNDECLARED_ENTITY, ""PEReference: %%%s; not found\n"", name, NULL); } else xmlWarningMsg(ctxt, XML_WAR_UNDECLARED_ENTITY, ""PEReference: %%%s; not found\n"", name, NULL); ctxt->valid = 0; } xmlParserEntityCheck(ctxt, 0, NULL, 0); } else { if ((entity->etype != XML_INTERNAL_PARAMETER_ENTITY) && (entity->etype != XML_EXTERNAL_PARAMETER_ENTITY)) { xmlWarningMsg(ctxt, XML_WAR_UNDECLARED_ENTITY, ""Internal: %%%s; is not a parameter entity\n"", name, NULL); } else { xmlChar start[4]; xmlCharEncoding enc; if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && ((ctxt->options & XML_PARSE_NOENT) == 0) && ((ctxt->options & XML_PARSE_DTDVALID) == 0) && ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && ((ctxt->options & XML_PARSE_DTDATTR) == 0) && (ctxt->replaceEntities == 0) && (ctxt->validate == 0)) return; input = xmlNewEntityInputStream(ctxt, entity); if (xmlPushInput(ctxt, input) < 0) return; if (entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) { GROW if (ctxt->instate == XML_PARSER_EOF) return; if ((ctxt->input->end - ctxt->input->cur)>=4) { start[0] = RAW; start[1] = NXT(1); start[2] = NXT(2); start[3] = NXT(3); enc = xmlDetectCharEncoding(start, 4); if (enc != XML_CHAR_ENCODING_NONE) { xmlSwitchEncoding(ctxt, enc); } } if ((CMP5(CUR_PTR, '<', '?', 'x', 'm', 'l')) && (IS_BLANK_CH(NXT(5)))) { xmlParseTextDecl(ctxt); } } } } ctxt->hasPErefs = 1; }",visit repo url,parser.c,https://github.com/GNOME/libxml2,115508413701304,1 674,CWE-20,"mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sk_buff *skb; struct sock *sk = sock->sk; struct sockaddr_mISDN *maddr; int copied, err; if (*debug & DEBUG_SOCKET) printk(KERN_DEBUG ""%s: len %d, flags %x ch.nr %d, proto %x\n"", __func__, (int)len, flags, _pms(sk)->ch.nr, sk->sk_protocol); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == MISDN_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (!skb) return err; if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) { msg->msg_namelen = sizeof(struct sockaddr_mISDN); maddr = (struct sockaddr_mISDN *)msg->msg_name; maddr->family = AF_ISDN; maddr->dev = _pms(sk)->dev->id; if ((sk->sk_protocol == ISDN_P_LAPD_TE) || (sk->sk_protocol == ISDN_P_LAPD_NT)) { maddr->channel = (mISDN_HEAD_ID(skb) >> 16) & 0xff; maddr->tei = (mISDN_HEAD_ID(skb) >> 8) & 0xff; maddr->sapi = mISDN_HEAD_ID(skb) & 0xff; } else { maddr->channel = _pms(sk)->ch.nr; maddr->sapi = _pms(sk)->ch.addr & 0xFF; maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF; } } else { if (msg->msg_namelen) printk(KERN_WARNING ""%s: too small namelen %d\n"", __func__, msg->msg_namelen); msg->msg_namelen = 0; } copied = skb->len + MISDN_HEADER_LEN; if (len < copied) { if (flags & MSG_PEEK) atomic_dec(&skb->users); else skb_queue_head(&sk->sk_receive_queue, skb); return -ENOSPC; } memcpy(skb_push(skb, MISDN_HEADER_LEN), mISDN_HEAD_P(skb), MISDN_HEADER_LEN); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); mISDN_sock_cmsg(sk, msg, skb); skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,drivers/isdn/mISDN/socket.c,https://github.com/torvalds/linux,109946884267745,1 4329,NVD-CWE-noinfo,"void CL_Init( void ) { Com_Printf( ""----- Client Initialization -----\n"" ); Con_Init(); if(!com_fullyInitialized) { CL_ClearState(); clc.state = CA_DISCONNECTED; cl_oldGameSet = qfalse; } cls.realtime = 0; CL_InitInput(); cl_noprint = Cvar_Get( ""cl_noprint"", ""0"", 0 ); #ifdef UPDATE_SERVER_NAME cl_motd = Cvar_Get( ""cl_motd"", ""1"", 0 ); #endif cl_autoupdate = Cvar_Get( ""cl_autoupdate"", ""0"", CVAR_ARCHIVE ); cl_timeout = Cvar_Get( ""cl_timeout"", ""200"", 0 ); cl_wavefilerecord = Cvar_Get( ""cl_wavefilerecord"", ""0"", CVAR_TEMP ); cl_timeNudge = Cvar_Get( ""cl_timeNudge"", ""0"", CVAR_TEMP ); cl_shownet = Cvar_Get( ""cl_shownet"", ""0"", CVAR_TEMP ); cl_shownuments = Cvar_Get( ""cl_shownuments"", ""0"", CVAR_TEMP ); cl_visibleClients = Cvar_Get( ""cl_visibleClients"", ""0"", CVAR_TEMP ); cl_showServerCommands = Cvar_Get( ""cl_showServerCommands"", ""0"", 0 ); cl_showSend = Cvar_Get( ""cl_showSend"", ""0"", CVAR_TEMP ); cl_showTimeDelta = Cvar_Get( ""cl_showTimeDelta"", ""0"", CVAR_TEMP ); cl_freezeDemo = Cvar_Get( ""cl_freezeDemo"", ""0"", CVAR_TEMP ); rcon_client_password = Cvar_Get( ""rconPassword"", """", CVAR_TEMP ); cl_activeAction = Cvar_Get( ""activeAction"", """", CVAR_TEMP ); cl_timedemo = Cvar_Get( ""timedemo"", ""0"", 0 ); cl_timedemoLog = Cvar_Get (""cl_timedemoLog"", """", CVAR_ARCHIVE); cl_autoRecordDemo = Cvar_Get (""cl_autoRecordDemo"", ""0"", CVAR_ARCHIVE); cl_aviFrameRate = Cvar_Get (""cl_aviFrameRate"", ""25"", CVAR_ARCHIVE); cl_aviMotionJpeg = Cvar_Get (""cl_aviMotionJpeg"", ""1"", CVAR_ARCHIVE); cl_avidemo = Cvar_Get( ""cl_avidemo"", ""0"", 0 ); cl_forceavidemo = Cvar_Get( ""cl_forceavidemo"", ""0"", 0 ); rconAddress = Cvar_Get( ""rconAddress"", """", 0 ); cl_yawspeed = Cvar_Get( ""cl_yawspeed"", ""140"", CVAR_ARCHIVE ); cl_pitchspeed = Cvar_Get( ""cl_pitchspeed"", ""140"", CVAR_ARCHIVE ); cl_anglespeedkey = Cvar_Get( ""cl_anglespeedkey"", ""1.5"", 0 ); cl_maxpackets = Cvar_Get( ""cl_maxpackets"", ""38"", CVAR_ARCHIVE ); cl_packetdup = Cvar_Get( ""cl_packetdup"", ""1"", CVAR_ARCHIVE ); cl_showPing = Cvar_Get( ""cl_showPing"", ""0"", CVAR_ARCHIVE ); cl_run = Cvar_Get( ""cl_run"", ""1"", CVAR_ARCHIVE ); cl_sensitivity = Cvar_Get( ""sensitivity"", ""5"", CVAR_ARCHIVE ); cl_mouseAccel = Cvar_Get( ""cl_mouseAccel"", ""0"", CVAR_ARCHIVE ); cl_freelook = Cvar_Get( ""cl_freelook"", ""1"", CVAR_ARCHIVE ); cl_mouseAccelStyle = Cvar_Get( ""cl_mouseAccelStyle"", ""0"", CVAR_ARCHIVE ); cl_mouseAccelOffset = Cvar_Get( ""cl_mouseAccelOffset"", ""5"", CVAR_ARCHIVE ); Cvar_CheckRange(cl_mouseAccelOffset, 0.001f, 50000.0f, qfalse); cl_showMouseRate = Cvar_Get( ""cl_showmouserate"", ""0"", 0 ); cl_allowDownload = Cvar_Get( ""cl_allowDownload"", ""1"", CVAR_ARCHIVE ); #ifdef USE_CURL_DLOPEN cl_cURLLib = Cvar_Get(""cl_cURLLib"", DEFAULT_CURL_LIB, CVAR_ARCHIVE); #endif Cvar_Get( ""cg_autoswitch"", ""0"", CVAR_ARCHIVE ); Cvar_Get( ""cg_wolfparticles"", ""1"", CVAR_ARCHIVE ); cl_conXOffset = Cvar_Get( ""cl_conXOffset"", ""0"", 0 ); cl_inGameVideo = Cvar_Get( ""r_inGameVideo"", ""1"", CVAR_ARCHIVE ); cl_serverStatusResendTime = Cvar_Get( ""cl_serverStatusResendTime"", ""750"", 0 ); cl_recoilPitch = Cvar_Get( ""cg_recoilPitch"", ""0"", CVAR_ROM ); cl_bypassMouseInput = Cvar_Get( ""cl_bypassMouseInput"", ""0"", 0 ); m_pitch = Cvar_Get( ""m_pitch"", ""0.022"", CVAR_ARCHIVE ); m_yaw = Cvar_Get( ""m_yaw"", ""0.022"", CVAR_ARCHIVE ); m_forward = Cvar_Get( ""m_forward"", ""0.25"", CVAR_ARCHIVE ); m_side = Cvar_Get( ""m_side"", ""0.25"", CVAR_ARCHIVE ); m_filter = Cvar_Get( ""m_filter"", ""0"", CVAR_ARCHIVE ); j_pitch = Cvar_Get (""j_pitch"", ""0.022"", CVAR_ARCHIVE); j_yaw = Cvar_Get (""j_yaw"", ""-0.022"", CVAR_ARCHIVE); j_forward = Cvar_Get (""j_forward"", ""-0.25"", CVAR_ARCHIVE); j_side = Cvar_Get (""j_side"", ""0.25"", CVAR_ARCHIVE); j_up = Cvar_Get (""j_up"", ""0"", CVAR_ARCHIVE); j_pitch_axis = Cvar_Get (""j_pitch_axis"", ""3"", CVAR_ARCHIVE); j_yaw_axis = Cvar_Get (""j_yaw_axis"", ""2"", CVAR_ARCHIVE); j_forward_axis = Cvar_Get (""j_forward_axis"", ""1"", CVAR_ARCHIVE); j_side_axis = Cvar_Get (""j_side_axis"", ""0"", CVAR_ARCHIVE); j_up_axis = Cvar_Get (""j_up_axis"", ""4"", CVAR_ARCHIVE); Cvar_CheckRange(j_pitch_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_yaw_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_forward_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_side_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); Cvar_CheckRange(j_up_axis, 0, MAX_JOYSTICK_AXIS-1, qtrue); cl_motdString = Cvar_Get( ""cl_motdString"", """", CVAR_ROM ); Cvar_Get( ""cl_maxPing"", ""800"", CVAR_ARCHIVE ); cl_lanForcePackets = Cvar_Get (""cl_lanForcePackets"", ""1"", CVAR_ARCHIVE); cl_guid = Cvar_Get( ""cl_guid"", ""unknown"", CVAR_USERINFO | CVAR_ROM ); cl_guidServerUniq = Cvar_Get (""cl_guidServerUniq"", ""1"", CVAR_ARCHIVE); cl_consoleKeys = Cvar_Get( ""cl_consoleKeys"", ""~ ` 0x7e 0x60"", CVAR_ARCHIVE); Cvar_Get( ""cg_drawCompass"", ""1"", CVAR_ARCHIVE ); Cvar_Get( ""cg_drawNotifyText"", ""1"", CVAR_ARCHIVE ); Cvar_Get( ""cg_quickMessageAlt"", ""1"", CVAR_ARCHIVE ); Cvar_Get( ""cg_popupLimboMenu"", ""1"", CVAR_ARCHIVE ); Cvar_Get( ""cg_descriptiveText"", ""1"", CVAR_ARCHIVE ); Cvar_Get( ""cg_drawTeamOverlay"", ""2"", CVAR_ARCHIVE ); Cvar_Get( ""cg_uselessNostalgia"", ""0"", CVAR_ARCHIVE ); Cvar_Get( ""cg_drawGun"", ""1"", CVAR_ARCHIVE ); Cvar_Get( ""cg_cursorHints"", ""1"", CVAR_ARCHIVE ); Cvar_Get( ""cg_voiceSpriteTime"", ""6000"", CVAR_ARCHIVE ); Cvar_Get( ""cg_teamChatsOnly"", ""0"", CVAR_ARCHIVE ); Cvar_Get( ""cg_noVoiceChats"", ""0"", CVAR_ARCHIVE ); Cvar_Get( ""cg_noVoiceText"", ""0"", CVAR_ARCHIVE ); Cvar_Get( ""cg_crosshairSize"", ""48"", CVAR_ARCHIVE ); Cvar_Get( ""cg_drawCrosshair"", ""1"", CVAR_ARCHIVE ); Cvar_Get( ""cg_zoomDefaultSniper"", ""20"", CVAR_ARCHIVE ); Cvar_Get( ""cg_zoomstepsniper"", ""2"", CVAR_ARCHIVE ); Cvar_Get( ""mp_playerType"", ""0"", 0 ); Cvar_Get( ""mp_currentPlayerType"", ""0"", 0 ); Cvar_Get( ""mp_weapon"", ""0"", 0 ); Cvar_Get( ""mp_team"", ""0"", 0 ); Cvar_Get( ""mp_currentTeam"", ""0"", 0 ); Cvar_Get( ""name"", ""WolfPlayer"", CVAR_USERINFO | CVAR_ARCHIVE ); cl_rate = Cvar_Get( ""rate"", ""25000"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""snaps"", ""20"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""model"", ""multi"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""head"", ""default"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""color"", ""4"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""handicap"", ""100"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""sex"", ""male"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""cl_anonymous"", ""0"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""password"", """", CVAR_USERINFO ); Cvar_Get( ""cg_predictItems"", ""1"", CVAR_USERINFO | CVAR_ARCHIVE ); #ifdef USE_MUMBLE cl_useMumble = Cvar_Get (""cl_useMumble"", ""0"", CVAR_ARCHIVE | CVAR_LATCH); cl_mumbleScale = Cvar_Get (""cl_mumbleScale"", ""0.0254"", CVAR_ARCHIVE); #endif #ifdef USE_VOIP cl_voipSend = Cvar_Get (""cl_voipSend"", ""0"", 0); cl_voipSendTarget = Cvar_Get (""cl_voipSendTarget"", ""spatial"", 0); cl_voipGainDuringCapture = Cvar_Get (""cl_voipGainDuringCapture"", ""0.2"", CVAR_ARCHIVE); cl_voipCaptureMult = Cvar_Get (""cl_voipCaptureMult"", ""2.0"", CVAR_ARCHIVE); cl_voipUseVAD = Cvar_Get (""cl_voipUseVAD"", ""0"", CVAR_ARCHIVE); cl_voipVADThreshold = Cvar_Get (""cl_voipVADThreshold"", ""0.25"", CVAR_ARCHIVE); cl_voipShowMeter = Cvar_Get (""cl_voipShowMeter"", ""1"", CVAR_ARCHIVE); cl_voip = Cvar_Get (""cl_voip"", ""1"", CVAR_ARCHIVE); Cvar_CheckRange( cl_voip, 0, 1, qtrue ); cl_voipProtocol = Cvar_Get (""cl_voipProtocol"", cl_voip->integer ? ""opus"" : """", CVAR_USERINFO | CVAR_ROM); #endif Cvar_Get( ""cg_autoactivate"", ""1"", CVAR_USERINFO | CVAR_ARCHIVE ); Cvar_Get( ""cg_viewsize"", ""100"", CVAR_ARCHIVE ); Cvar_Get (""cg_stereoSeparation"", ""0"", CVAR_ROM); Cvar_Get( ""cg_autoReload"", ""1"", CVAR_ARCHIVE | CVAR_USERINFO ); cl_missionStats = Cvar_Get( ""g_missionStats"", ""0"", CVAR_ROM ); cl_waitForFire = Cvar_Get( ""cl_waitForFire"", ""0"", CVAR_ROM ); cl_language = Cvar_Get( ""cl_language"", ""0"", CVAR_ARCHIVE ); cl_debugTranslation = Cvar_Get( ""cl_debugTranslation"", ""0"", 0 ); cl_updateavailable = Cvar_Get( ""cl_updateavailable"", ""0"", CVAR_ROM ); cl_updatefiles = Cvar_Get( ""cl_updatefiles"", """", CVAR_ROM ); Q_strncpyz( cls.autoupdateServerNames[0], AUTOUPDATE_SERVER1_NAME, MAX_QPATH ); Q_strncpyz( cls.autoupdateServerNames[1], AUTOUPDATE_SERVER2_NAME, MAX_QPATH ); Q_strncpyz( cls.autoupdateServerNames[2], AUTOUPDATE_SERVER3_NAME, MAX_QPATH ); Q_strncpyz( cls.autoupdateServerNames[3], AUTOUPDATE_SERVER4_NAME, MAX_QPATH ); Q_strncpyz( cls.autoupdateServerNames[4], AUTOUPDATE_SERVER5_NAME, MAX_QPATH ); Cmd_AddCommand( ""cmd"", CL_ForwardToServer_f ); Cmd_AddCommand( ""configstrings"", CL_Configstrings_f ); Cmd_AddCommand( ""clientinfo"", CL_Clientinfo_f ); Cmd_AddCommand( ""snd_restart"", CL_Snd_Restart_f ); Cmd_AddCommand( ""vid_restart"", CL_Vid_Restart_f ); Cmd_AddCommand( ""ui_restart"", CL_UI_Restart_f ); Cmd_AddCommand( ""disconnect"", CL_Disconnect_f ); Cmd_AddCommand( ""record"", CL_Record_f ); Cmd_AddCommand( ""demo"", CL_PlayDemo_f ); Cmd_SetCommandCompletionFunc( ""demo"", CL_CompleteDemoName ); Cmd_AddCommand( ""cinematic"", CL_PlayCinematic_f ); Cmd_AddCommand( ""stoprecord"", CL_StopRecord_f ); Cmd_AddCommand( ""connect"", CL_Connect_f ); Cmd_AddCommand( ""reconnect"", CL_Reconnect_f ); Cmd_AddCommand( ""localservers"", CL_LocalServers_f ); Cmd_AddCommand( ""globalservers"", CL_GlobalServers_f ); Cmd_AddCommand( ""rcon"", CL_Rcon_f ); Cmd_SetCommandCompletionFunc( ""rcon"", CL_CompleteRcon ); Cmd_AddCommand( ""ping"", CL_Ping_f ); Cmd_AddCommand( ""serverstatus"", CL_ServerStatus_f ); Cmd_AddCommand( ""showip"", CL_ShowIP_f ); Cmd_AddCommand( ""fs_openedList"", CL_OpenedPK3List_f ); Cmd_AddCommand( ""fs_referencedList"", CL_ReferencedPK3List_f ); Cmd_AddCommand (""video"", CL_Video_f ); Cmd_AddCommand (""stopvideo"", CL_StopVideo_f ); Cmd_AddCommand( ""cache_startgather"", CL_Cache_StartGather_f ); Cmd_AddCommand( ""cache_usedfile"", CL_Cache_UsedFile_f ); Cmd_AddCommand( ""cache_setindex"", CL_Cache_SetIndex_f ); Cmd_AddCommand( ""cache_mapchange"", CL_Cache_MapChange_f ); Cmd_AddCommand( ""cache_endgather"", CL_Cache_EndGather_f ); Cmd_AddCommand( ""updatehunkusage"", CL_UpdateLevelHunkUsage ); Cmd_AddCommand( ""updatescreen"", SCR_UpdateScreen ); Cmd_AddCommand( ""SaveTranslations"", CL_SaveTranslations_f ); Cmd_AddCommand( ""SaveNewTranslations"", CL_SaveNewTranslations_f ); Cmd_AddCommand( ""LoadTranslations"", CL_LoadTranslations_f ); Cmd_AddCommand( ""startSingleplayer"", CL_startSingleplayer_f ); Cmd_AddCommand( ""setRecommended"", CL_SetRecommended_f ); CL_InitRef(); SCR_Init(); Cvar_Set( ""cl_running"", ""1"" ); autoupdateChecked = qfalse; autoupdateStarted = qfalse; CL_InitTranslation(); CL_GenerateQKey(); CL_UpdateGUID( NULL, 0 ); Com_Printf( ""----- Client Initialization Complete -----\n"" ); }",visit repo url,MP/code/client/cl_main.c,https://github.com/iortcw/iortcw,225172081314952,1 1525,CWE-476,"static inline struct old_rng_alg *crypto_old_rng_alg(struct crypto_rng *tfm) { return &crypto_rng_tfm(tfm)->__crt_alg->cra_rng; }",visit repo url,crypto/rng.c,https://github.com/torvalds/linux,162409000827421,1 5969,CWE-241,"parse_memory(VALUE klass, VALUE data) { xmlParserCtxtPtr ctxt; if (NIL_P(data)) { rb_raise(rb_eArgError, ""data cannot be nil""); } if (!(int)RSTRING_LEN(data)) { rb_raise(rb_eRuntimeError, ""data cannot be empty""); } ctxt = xmlCreateMemoryParserCtxt(StringValuePtr(data), (int)RSTRING_LEN(data)); if (ctxt->sax) { xmlFree(ctxt->sax); ctxt->sax = NULL; } return Data_Wrap_Struct(klass, NULL, deallocate, ctxt); }",visit repo url,ext/nokogiri/xml_sax_parser_context.c,https://github.com/sparklemotion/nokogiri,126467057969964,1 5106,['CWE-20'],"static int init_rmode(struct kvm *kvm) { if (!init_rmode_tss(kvm)) return 0; if (!init_rmode_identity_map(kvm)) return 0; return 1; }",linux-2.6,,,157928279618264664923066474348720188488,0 5363,['CWE-476'],"int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs) { vcpu_load(vcpu); kvm_register_write(vcpu, VCPU_REGS_RAX, regs->rax); kvm_register_write(vcpu, VCPU_REGS_RBX, regs->rbx); kvm_register_write(vcpu, VCPU_REGS_RCX, regs->rcx); kvm_register_write(vcpu, VCPU_REGS_RDX, regs->rdx); kvm_register_write(vcpu, VCPU_REGS_RSI, regs->rsi); kvm_register_write(vcpu, VCPU_REGS_RDI, regs->rdi); kvm_register_write(vcpu, VCPU_REGS_RSP, regs->rsp); kvm_register_write(vcpu, VCPU_REGS_RBP, regs->rbp); #ifdef CONFIG_X86_64 kvm_register_write(vcpu, VCPU_REGS_R8, regs->r8); kvm_register_write(vcpu, VCPU_REGS_R9, regs->r9); kvm_register_write(vcpu, VCPU_REGS_R10, regs->r10); kvm_register_write(vcpu, VCPU_REGS_R11, regs->r11); kvm_register_write(vcpu, VCPU_REGS_R12, regs->r12); kvm_register_write(vcpu, VCPU_REGS_R13, regs->r13); kvm_register_write(vcpu, VCPU_REGS_R14, regs->r14); kvm_register_write(vcpu, VCPU_REGS_R15, regs->r15); #endif kvm_rip_write(vcpu, regs->rip); kvm_x86_ops->set_rflags(vcpu, regs->rflags); vcpu->arch.exception.pending = false; vcpu_put(vcpu); return 0; }",linux-2.6,,,334229374664245454137627271302305156327,0 3279,CWE-125,"ikev2_ke_print(netdissect_options *ndo, u_char tpay, const struct isakmp_gen *ext, u_int item_len _U_, const u_char *ep _U_, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto _U_, int depth _U_) { struct ikev2_ke ke; const struct ikev2_ke *k; k = (const struct ikev2_ke *)ext; ND_TCHECK(*ext); UNALIGNED_MEMCPY(&ke, ext, sizeof(ke)); ikev2_pay_print(ndo, NPSTR(tpay), ke.h.critical); ND_PRINT((ndo,"" len=%u group=%s"", ntohs(ke.h.len) - 8, STR_OR_ID(ntohs(ke.ke_group), dh_p_map))); if (2 < ndo->ndo_vflag && 8 < ntohs(ke.h.len)) { ND_PRINT((ndo,"" "")); if (!rawprint(ndo, (const uint8_t *)(k + 1), ntohs(ke.h.len) - 8)) goto trunc; } return (const u_char *)ext + ntohs(ke.h.len); trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(tpay))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,69197995411450,1 501,[],"static void snd_free_sbus_pages(struct device *dev, size_t size, void *ptr, dma_addr_t dma_addr) { struct sbus_dev *sdev = (struct sbus_dev *)dev; int pg; if (ptr == NULL) return; pg = get_order(size); dec_snd_pages(pg); sbus_free_consistent(sdev, PAGE_SIZE * (1 << pg), ptr, dma_addr); }",linux-2.6,,,276830935411004720356674966788055635441,0 5345,['CWE-476'],"void realmode_lgdt(struct kvm_vcpu *vcpu, u16 limit, unsigned long base) { struct descriptor_table dt = { limit, base }; kvm_x86_ops->set_gdt(vcpu, &dt); }",linux-2.6,,,299546804494493500200463228404182562778,0 778,CWE-20,"static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct iucv_sock *iucv = iucv_sk(sk); unsigned int copied, rlen; struct sk_buff *skb, *rskb, *cskb; int err = 0; u32 offset; msg->msg_namelen = 0; if ((sk->sk_state == IUCV_DISCONN) && skb_queue_empty(&iucv->backlog_skb_q) && skb_queue_empty(&sk->sk_receive_queue) && list_empty(&iucv->message_q.list)) return 0; if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } offset = IUCV_SKB_CB(skb)->offset; rlen = skb->len - offset; copied = min_t(unsigned int, rlen, len); if (!rlen) sk->sk_shutdown = sk->sk_shutdown | RCV_SHUTDOWN; cskb = skb; if (skb_copy_datagram_iovec(cskb, offset, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } if (sk->sk_type == SOCK_SEQPACKET) { if (copied < rlen) msg->msg_flags |= MSG_TRUNC; msg->msg_flags |= MSG_EOR; } err = put_cmsg(msg, SOL_IUCV, SCM_IUCV_TRGCLS, sizeof(IUCV_SKB_CB(skb)->class), (void *)&IUCV_SKB_CB(skb)->class); if (err) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return err; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM) { if (copied < rlen) { IUCV_SKB_CB(skb)->offset = offset + copied; goto done; } } kfree_skb(skb); if (iucv->transport == AF_IUCV_TRANS_HIPER) { atomic_inc(&iucv->msg_recv); if (atomic_read(&iucv->msg_recv) > iucv->msglimit) { WARN_ON(1); iucv_sock_close(sk); return -EFAULT; } } spin_lock_bh(&iucv->message_q.lock); rskb = skb_dequeue(&iucv->backlog_skb_q); while (rskb) { IUCV_SKB_CB(rskb)->offset = 0; if (sock_queue_rcv_skb(sk, rskb)) { skb_queue_head(&iucv->backlog_skb_q, rskb); break; } else { rskb = skb_dequeue(&iucv->backlog_skb_q); } } if (skb_queue_empty(&iucv->backlog_skb_q)) { if (!list_empty(&iucv->message_q.list)) iucv_process_message_q(sk); if (atomic_read(&iucv->msg_recv) >= iucv->msglimit / 2) { err = iucv_send_ctrl(sk, AF_IUCV_FLAG_WIN); if (err) { sk->sk_state = IUCV_DISCONN; sk->sk_state_change(sk); } } } spin_unlock_bh(&iucv->message_q.lock); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/iucv/af_iucv.c,https://github.com/torvalds/linux,252125006578245,1 769,CWE-20,"static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); int noblock = flags & MSG_DONTWAIT; size_t copied = 0; int target, err; long timeo; IRDA_DEBUG(3, ""%s()\n"", __func__); if ((err = sock_error(sk)) < 0) return err; if (sock->flags & __SO_ACCEPTCON) return -EINVAL; err =-EOPNOTSUPP; if (flags & MSG_OOB) return -EOPNOTSUPP; err = 0; target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, noblock); msg->msg_namelen = 0; do { int chunk; struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue); if (skb == NULL) { DEFINE_WAIT(wait); err = 0; if (copied >= target) break; prepare_to_wait_exclusive(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); err = sock_error(sk); if (err) ; else if (sk->sk_shutdown & RCV_SHUTDOWN) ; else if (noblock) err = -EAGAIN; else if (signal_pending(current)) err = sock_intr_errno(timeo); else if (sk->sk_state != TCP_ESTABLISHED) err = -ENOTCONN; else if (skb_peek(&sk->sk_receive_queue) == NULL) schedule(); finish_wait(sk_sleep(sk), &wait); if (err) return err; if (sk->sk_shutdown & RCV_SHUTDOWN) break; continue; } chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { IRDA_DEBUG(1, ""%s(), back on q!\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { IRDA_DEBUG(0, ""%s() questionable!?\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",visit repo url,net/irda/af_irda.c,https://github.com/torvalds/linux,219986388594170,1 3921,['CWE-399'],static int tea6300_shift12(int val) { return val >> 12; },linux-2.6,,,259231717661755476083070198109961484312,0 2135,CWE-416,"static int kvm_ioctl_create_device(struct kvm *kvm, struct kvm_create_device *cd) { struct kvm_device_ops *ops = NULL; struct kvm_device *dev; bool test = cd->flags & KVM_CREATE_DEVICE_TEST; int ret; if (cd->type >= ARRAY_SIZE(kvm_device_ops_table)) return -ENODEV; ops = kvm_device_ops_table[cd->type]; if (ops == NULL) return -ENODEV; if (test) return 0; dev = kzalloc(sizeof(*dev), GFP_KERNEL); if (!dev) return -ENOMEM; dev->ops = ops; dev->kvm = kvm; mutex_lock(&kvm->lock); ret = ops->create(dev, cd->type); if (ret < 0) { mutex_unlock(&kvm->lock); kfree(dev); return ret; } list_add(&dev->vm_node, &kvm->devices); mutex_unlock(&kvm->lock); if (ops->init) ops->init(dev); ret = anon_inode_getfd(ops->name, &kvm_device_fops, dev, O_RDWR | O_CLOEXEC); if (ret < 0) { mutex_lock(&kvm->lock); list_del(&dev->vm_node); mutex_unlock(&kvm->lock); ops->destroy(dev); return ret; } kvm_get_kvm(kvm); cd->fd = ret; return 0; }",visit repo url,virt/kvm/kvm_main.c,https://github.com/torvalds/linux,154360554423413,1 5070,CWE-125,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 5565,[],"static inline int legacy_queue(struct sigpending *signals, int sig) { return (sig < SIGRTMIN) && sigismember(&signals->signal, sig); }",linux-2.6,,,146030407891002281200786707766828515823,0 6201,['CWE-200'],"void neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms) { struct neigh_parms **p; if (!parms || parms == &tbl->parms) return; write_lock_bh(&tbl->lock); for (p = &tbl->parms.next; *p; p = &(*p)->next) { if (*p == parms) { *p = parms->next; parms->dead = 1; write_unlock_bh(&tbl->lock); if (parms->dev) dev_put(parms->dev); call_rcu(&parms->rcu_head, neigh_rcu_free_parms); return; } } write_unlock_bh(&tbl->lock); NEIGH_PRINTK1(""neigh_parms_release: not found\n""); }",linux-2.6,,,91130239636436722113568392858614108830,0 6427,CWE-20,"void lpc546xxEthEventHandler(NetInterface *interface) { error_t error; if((ENET->DMA_CH[0].DMA_CHX_STAT & ENET_DMA_CH_DMA_CHX_STAT_RI_MASK) != 0) { ENET->DMA_CH[0].DMA_CHX_STAT = ENET_DMA_CH_DMA_CHX_STAT_RI_MASK; do { error = lpc546xxEthReceivePacket(interface); } while(error != ERROR_BUFFER_EMPTY); } ENET->DMA_CH[0].DMA_CHX_INT_EN = ENET_DMA_CH_DMA_CHX_INT_EN_NIE_MASK | ENET_DMA_CH_DMA_CHX_INT_EN_RIE_MASK | ENET_DMA_CH_DMA_CHX_INT_EN_TIE_MASK; }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,241964268500268,1 4619,['CWE-399'],"static ssize_t ext4_direct_IO(int rw, struct kiocb *iocb, const struct iovec *iov, loff_t offset, unsigned long nr_segs) { struct file *file = iocb->ki_filp; struct inode *inode = file->f_mapping->host; struct ext4_inode_info *ei = EXT4_I(inode); handle_t *handle; ssize_t ret; int orphan = 0; size_t count = iov_length(iov, nr_segs); if (rw == WRITE) { loff_t final_size = offset + count; if (final_size > inode->i_size) { handle = ext4_journal_start(inode, 2); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out; } ret = ext4_orphan_add(handle, inode); if (ret) { ext4_journal_stop(handle); goto out; } orphan = 1; ei->i_disksize = inode->i_size; ext4_journal_stop(handle); } } ret = blockdev_direct_IO(rw, iocb, inode, inode->i_sb->s_bdev, iov, offset, nr_segs, ext4_get_block, NULL); if (orphan) { int err; handle = ext4_journal_start(inode, 2); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out; } if (inode->i_nlink) ext4_orphan_del(handle, inode); if (ret > 0) { loff_t end = offset + ret; if (end > inode->i_size) { ei->i_disksize = end; i_size_write(inode, end); ext4_mark_inode_dirty(handle, inode); } } err = ext4_journal_stop(handle); if (ret == 0) ret = err; } out: return ret; }",linux-2.6,,,100070870444591077808929714489443661183,0 3528,CWE-476,"void jp2_box_dump(jp2_box_t *box, FILE *out) { jp2_boxinfo_t *boxinfo; boxinfo = jp2_boxinfolookup(box->type); assert(boxinfo); fprintf(out, ""JP2 box: ""); fprintf(out, ""type=%c%s%c (0x%08""PRIxFAST32""); length=%""PRIuFAST32""\n"", '""', boxinfo->name, '""', box->type, box->len); if (box->ops->dumpdata) { (*box->ops->dumpdata)(box, out); } }",visit repo url,src/libjasper/jp2/jp2_cod.c,https://github.com/mdadams/jasper,191002802672406,1 3892,CWE-122,"find_match_text(colnr_T startcol, int regstart, char_u *match_text) { colnr_T col = startcol; int c1, c2; int len1, len2; int match; for (;;) { match = TRUE; len2 = MB_CHAR2LEN(regstart); for (len1 = 0; match_text[len1] != NUL; len1 += MB_CHAR2LEN(c1)) { c1 = PTR2CHAR(match_text + len1); c2 = PTR2CHAR(rex.line + col + len2); if (c1 != c2 && (!rex.reg_ic || MB_CASEFOLD(c1) != MB_CASEFOLD(c2))) { match = FALSE; break; } len2 += MB_CHAR2LEN(c2); } if (match && !(enc_utf8 && utf_iscomposing(PTR2CHAR(rex.line + col + len2)))) { cleanup_subexpr(); if (REG_MULTI) { rex.reg_startpos[0].lnum = rex.lnum; rex.reg_startpos[0].col = col; rex.reg_endpos[0].lnum = rex.lnum; rex.reg_endpos[0].col = col + len2; } else { rex.reg_startp[0] = rex.line + col; rex.reg_endp[0] = rex.line + col + len2; } return 1L; } col += MB_CHAR2LEN(regstart); if (skip_to_start(regstart, &col) == FAIL) break; } return 0L; }",visit repo url,src/regexp_nfa.c,https://github.com/vim/vim,256490470771387,1 1500,[],"static inline int tg_has_rt_tasks(struct task_group *tg) { struct task_struct *g, *p; do_each_thread(g, p) { if (rt_task(p) && rt_rq_of_se(&p->rt)->tg == tg) return 1; } while_each_thread(g, p); return 0; }",linux-2.6,,,110084111403644240531269902462432257512,0 9,CWE-476,"krb5_ldap_get_password_policy_from_dn(krb5_context context, char *pol_name, char *pol_dn, osa_policy_ent_t *policy) { krb5_error_code st=0, tempst=0; LDAP *ld=NULL; LDAPMessage *result=NULL,*ent=NULL; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; krb5_clear_error_message(context); if (pol_dn == NULL) return EINVAL; *policy = NULL; SETUP_CONTEXT(); GET_HANDLE(); *(policy) = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec)); if (*policy == NULL) { st = ENOMEM; goto cleanup; } memset(*policy, 0, sizeof(osa_policy_ent_rec)); LDAP_SEARCH(pol_dn, LDAP_SCOPE_BASE, ""(objectclass=krbPwdPolicy)"", password_policy_attributes); ent=ldap_first_entry(ld, result); if (ent != NULL) { if ((st = populate_policy(context, ld, ent, pol_name, *policy)) != 0) goto cleanup; } cleanup: ldap_msgfree(result); if (st != 0) { if (*policy != NULL) { krb5_ldap_free_password_policy(context, *policy); *policy = NULL; } } krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return st; }",visit repo url,src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c,https://github.com/krb5/krb5,275807027382704,1 8,[],"calc_enc_length(gnutls_session_t session, int data_size, int hash_size, uint8 * pad, int random_pad, cipher_type_t block_algo, uint16 blocksize) { uint8 rnd; int length; *pad = 0; switch (block_algo) { case CIPHER_STREAM: length = data_size + hash_size; break; case CIPHER_BLOCK: if (_gnutls_get_random(&rnd, 1, GNUTLS_WEAK_RANDOM) < 0) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } if (session->security_parameters.version == GNUTLS_SSL3 || random_pad == 0) { rnd = 0; } else { rnd = (rnd / blocksize) * blocksize; if (rnd > blocksize) rnd -= blocksize; } length = data_size + hash_size; *pad = (uint8) (blocksize - (length % blocksize)) + rnd; length += *pad; if (session->security_parameters.version >= GNUTLS_TLS1_1) length += blocksize; break; default: gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } return length; }",gnutls,,,224408452404072381369701724052741091799,0 407,CWE-125,"static irqreturn_t snd_msnd_interrupt(int irq, void *dev_id) { struct snd_msnd *chip = dev_id; void *pwDSPQData = chip->mappedbase + DSPQ_DATA_BUFF; while (readw(chip->DSPQ + JQS_wTail) != readw(chip->DSPQ + JQS_wHead)) { u16 wTmp; snd_msnd_eval_dsp_msg(chip, readw(pwDSPQData + 2 * readw(chip->DSPQ + JQS_wHead))); wTmp = readw(chip->DSPQ + JQS_wHead) + 1; if (wTmp > readw(chip->DSPQ + JQS_wSize)) writew(0, chip->DSPQ + JQS_wHead); else writew(wTmp, chip->DSPQ + JQS_wHead); } inb(chip->io + HP_RXL); return IRQ_HANDLED; }",visit repo url,sound/isa/msnd/msnd_pinnacle.c,https://github.com/torvalds/linux,174045699285414,1 4771,['CWE-20'],"static int ext4_release_dquot(struct dquot *dquot) { int ret, err; handle_t *handle; handle = ext4_journal_start(dquot_to_inode(dquot), EXT4_QUOTA_DEL_BLOCKS(dquot->dq_sb)); if (IS_ERR(handle)) { dquot_release(dquot); return PTR_ERR(handle); } ret = dquot_release(dquot); err = ext4_journal_stop(handle); if (!ret) ret = err; return ret; }",linux-2.6,,,298742906203551018358785815997997229950,0 5660,CWE-415,"_clone_pdu_header(netsnmp_pdu *pdu) { netsnmp_pdu *newpdu; struct snmp_secmod_def *sptr; int ret; if (!pdu) return NULL; newpdu = (netsnmp_pdu *) malloc(sizeof(netsnmp_pdu)); if (!newpdu) return NULL; memmove(newpdu, pdu, sizeof(netsnmp_pdu)); newpdu->variables = NULL; newpdu->enterprise = NULL; newpdu->community = NULL; newpdu->securityEngineID = NULL; newpdu->securityName = NULL; newpdu->contextEngineID = NULL; newpdu->contextName = NULL; newpdu->transport_data = NULL; if (snmp_clone_mem((void **) &newpdu->enterprise, pdu->enterprise, sizeof(oid) * pdu->enterprise_length) || snmp_clone_mem((void **) &newpdu->community, pdu->community, pdu->community_len) || snmp_clone_mem((void **) &newpdu->contextEngineID, pdu->contextEngineID, pdu->contextEngineIDLen) || snmp_clone_mem((void **) &newpdu->securityEngineID, pdu->securityEngineID, pdu->securityEngineIDLen) || snmp_clone_mem((void **) &newpdu->contextName, pdu->contextName, pdu->contextNameLen) || snmp_clone_mem((void **) &newpdu->securityName, pdu->securityName, pdu->securityNameLen) || snmp_clone_mem((void **) &newpdu->transport_data, pdu->transport_data, pdu->transport_data_length)) { snmp_free_pdu(newpdu); return NULL; } if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2) { netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL); ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef, (struct usmStateReference **) &newpdu->securityStateRef ); if (ret) { snmp_free_pdu(newpdu); return NULL; } } if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL && sptr->pdu_clone != NULL) { (*sptr->pdu_clone) (pdu, newpdu); } return newpdu; }",visit repo url,snmplib/snmp_client.c,https://github.com/net-snmp/net-snmp,90155096495844,1 2172,['CWE-400'],"static void init_once(void *foo) { struct shmem_inode_info *p = (struct shmem_inode_info *) foo; inode_init_once(&p->vfs_inode); #ifdef CONFIG_TMPFS_POSIX_ACL p->i_acl = NULL; p->i_default_acl = NULL; #endif }",linux-2.6,,,67577473304572418242949343214904587120,0 1001,CWE-119,"static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc, unsigned int *rsize) { struct lg_drv_data *drv_data = hid_get_drvdata(hdev); struct usb_device_descriptor *udesc; __u16 bcdDevice, rev_maj, rev_min; if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 && rdesc[84] == 0x8c && rdesc[85] == 0x02) { hid_info(hdev, ""fixing up Logitech keyboard report descriptor\n""); rdesc[84] = rdesc[89] = 0x4d; rdesc[85] = rdesc[90] = 0x10; } if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 && rdesc[32] == 0x81 && rdesc[33] == 0x06 && rdesc[49] == 0x81 && rdesc[50] == 0x06) { hid_info(hdev, ""fixing up rel/abs in Logitech report descriptor\n""); rdesc[33] = rdesc[50] = 0x02; } switch (hdev->product) { case USB_DEVICE_ID_LOGITECH_WHEEL: udesc = &(hid_to_usb_dev(hdev)->descriptor); if (!udesc) { hid_err(hdev, ""NULL USB device descriptor\n""); break; } bcdDevice = le16_to_cpu(udesc->bcdDevice); rev_maj = bcdDevice >> 8; rev_min = bcdDevice & 0xff; if (rev_maj == 1 && rev_min == 2 && *rsize == DF_RDESC_ORIG_SIZE) { hid_info(hdev, ""fixing up Logitech Driving Force report descriptor\n""); rdesc = df_rdesc_fixed; *rsize = sizeof(df_rdesc_fixed); } break; case USB_DEVICE_ID_LOGITECH_MOMO_WHEEL: if (*rsize == MOMO_RDESC_ORIG_SIZE) { hid_info(hdev, ""fixing up Logitech Momo Force (Red) report descriptor\n""); rdesc = momo_rdesc_fixed; *rsize = sizeof(momo_rdesc_fixed); } break; case USB_DEVICE_ID_LOGITECH_MOMO_WHEEL2: if (*rsize == MOMO2_RDESC_ORIG_SIZE) { hid_info(hdev, ""fixing up Logitech Momo Racing Force (Black) report descriptor\n""); rdesc = momo2_rdesc_fixed; *rsize = sizeof(momo2_rdesc_fixed); } break; case USB_DEVICE_ID_LOGITECH_VIBRATION_WHEEL: if (*rsize == FV_RDESC_ORIG_SIZE) { hid_info(hdev, ""fixing up Logitech Formula Vibration report descriptor\n""); rdesc = fv_rdesc_fixed; *rsize = sizeof(fv_rdesc_fixed); } break; case USB_DEVICE_ID_LOGITECH_DFP_WHEEL: if (*rsize == DFP_RDESC_ORIG_SIZE) { hid_info(hdev, ""fixing up Logitech Driving Force Pro report descriptor\n""); rdesc = dfp_rdesc_fixed; *rsize = sizeof(dfp_rdesc_fixed); } break; case USB_DEVICE_ID_LOGITECH_WII_WHEEL: if (*rsize >= 101 && rdesc[41] == 0x95 && rdesc[42] == 0x0B && rdesc[47] == 0x05 && rdesc[48] == 0x09) { hid_info(hdev, ""fixing up Logitech Speed Force Wireless report descriptor\n""); rdesc[41] = 0x05; rdesc[42] = 0x09; rdesc[47] = 0x95; rdesc[48] = 0x0B; } break; } return rdesc; }",visit repo url,drivers/hid/hid-lg.c,https://github.com/torvalds/linux,141060500300496,1 4444,['CWE-264'],"static void proto_seq_printf(struct seq_file *seq, struct proto *proto) { seq_printf(seq, ""%-9s %4u %6d %6d %-3s %6u %-3s %-10s "" ""%2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c\n"", proto->name, proto->obj_size, sock_prot_inuse_get(seq_file_net(seq), proto), proto->memory_allocated != NULL ? atomic_read(proto->memory_allocated) : -1, proto->memory_pressure != NULL ? *proto->memory_pressure ? ""yes"" : ""no"" : ""NI"", proto->max_header, proto->slab == NULL ? ""no"" : ""yes"", module_name(proto->owner), proto_method_implemented(proto->close), proto_method_implemented(proto->connect), proto_method_implemented(proto->disconnect), proto_method_implemented(proto->accept), proto_method_implemented(proto->ioctl), proto_method_implemented(proto->init), proto_method_implemented(proto->destroy), proto_method_implemented(proto->shutdown), proto_method_implemented(proto->setsockopt), proto_method_implemented(proto->getsockopt), proto_method_implemented(proto->sendmsg), proto_method_implemented(proto->recvmsg), proto_method_implemented(proto->sendpage), proto_method_implemented(proto->bind), proto_method_implemented(proto->backlog_rcv), proto_method_implemented(proto->hash), proto_method_implemented(proto->unhash), proto_method_implemented(proto->get_port), proto_method_implemented(proto->enter_memory_pressure)); }",linux-2.6,,,49520579717766866545979902874934240716,0 3403,['CWE-264'],"static struct file *do_filp_open(int dfd, const char *filename, int flags, int mode) { int namei_flags, error; struct nameidata nd; namei_flags = flags; if ((namei_flags+1) & O_ACCMODE) namei_flags++; error = open_namei(dfd, filename, namei_flags, mode, &nd); if (!error) return nameidata_to_filp(&nd, flags); return ERR_PTR(error); }",linux-2.6,,,191401549806972034613029758170924794909,0 2882,['CWE-189'],"void jpc_mqenc_getstate(jpc_mqenc_t *mqenc, jpc_mqencstate_t *state) { state->areg = mqenc->areg; state->creg = mqenc->creg; state->ctreg = mqenc->ctreg; state->lastbyte = mqenc->lastbyte; }",jasper,,,327947975052953950567398456185486647338,0 5023,CWE-125,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 2698,CWE-190,"SPL_METHOD(SplFileObject, hasChildren) { if (zend_parse_parameters_none() == FAILURE) { return; } RETURN_FALSE; } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,25860985487066,1 6181,['CWE-200'],"static void neigh_hash_grow(struct neigh_table *tbl, unsigned long new_entries) { struct neighbour **new_hash, **old_hash; unsigned int i, new_hash_mask, old_entries; NEIGH_CACHE_STAT_INC(tbl, hash_grows); BUG_ON(new_entries & (new_entries - 1)); new_hash = neigh_hash_alloc(new_entries); if (!new_hash) return; old_entries = tbl->hash_mask + 1; new_hash_mask = new_entries - 1; old_hash = tbl->hash_buckets; get_random_bytes(&tbl->hash_rnd, sizeof(tbl->hash_rnd)); for (i = 0; i < old_entries; i++) { struct neighbour *n, *next; for (n = old_hash[i]; n; n = next) { unsigned int hash_val = tbl->hash(n->primary_key, n->dev); hash_val &= new_hash_mask; next = n->next; n->next = new_hash[hash_val]; new_hash[hash_val] = n; } } tbl->hash_buckets = new_hash; tbl->hash_mask = new_hash_mask; neigh_hash_free(old_hash, old_entries); }",linux-2.6,,,288704301496856933244917171617536347200,0 5743,CWE-125,"void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; NDPI_LOG_DBG(ndpi_struct, ""search ORACLE\n""); if(packet->tcp != NULL) { sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); NDPI_LOG_DBG2(ndpi_struct, ""calculating ORACLE over tcp\n""); if ((dport == 1521 || sport == 1521) && (((packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00)) || ((packet->payload_packet_len >= 232) && ((packet->payload[0] == 0x00) || (packet->payload[0] == 0x01)) && (packet->payload[1] != 0x00) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x00)))) { NDPI_LOG_INFO(ndpi_struct, ""found oracle\n""); ndpi_int_oracle_add_connection(ndpi_struct, flow); } else if (packet->payload_packet_len == 213 && packet->payload[0] == 0x00 && packet->payload[1] == 0xd5 && packet->payload[2] == 0x00 && packet->payload[3] == 0x00 ) { NDPI_LOG_INFO(ndpi_struct, ""found oracle\n""); ndpi_int_oracle_add_connection(ndpi_struct, flow); } } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } }",visit repo url,src/lib/protocols/oracle.c,https://github.com/ntop/nDPI,63973195072680,1 366,CWE-362,"static bool add_free_nid(struct f2fs_sb_info *sbi, nid_t nid, bool build) { struct f2fs_nm_info *nm_i = NM_I(sbi); struct free_nid *i; struct nat_entry *ne; int err; if (unlikely(nid == 0)) return false; if (build) { ne = __lookup_nat_cache(nm_i, nid); if (ne && (!get_nat_flag(ne, IS_CHECKPOINTED) || nat_get_blkaddr(ne) != NULL_ADDR)) return false; } i = f2fs_kmem_cache_alloc(free_nid_slab, GFP_NOFS); i->nid = nid; i->state = NID_NEW; if (radix_tree_preload(GFP_NOFS)) { kmem_cache_free(free_nid_slab, i); return true; } spin_lock(&nm_i->nid_list_lock); err = __insert_nid_to_list(sbi, i, FREE_NID_LIST, true); spin_unlock(&nm_i->nid_list_lock); radix_tree_preload_end(); if (err) { kmem_cache_free(free_nid_slab, i); return true; } return true; }",visit repo url,fs/f2fs/node.c,https://github.com/torvalds/linux,46505396416981,1 1834,CWE-367,"void nfc_unregister_device(struct nfc_dev *dev) { int rc; pr_debug(""dev_name=%s\n"", dev_name(&dev->dev)); rc = nfc_genl_device_removed(dev); if (rc) pr_debug(""The userspace won't be notified that the device %s "" ""was removed\n"", dev_name(&dev->dev)); device_lock(&dev->dev); if (dev->rfkill) { rfkill_unregister(dev->rfkill); rfkill_destroy(dev->rfkill); } device_unlock(&dev->dev); if (dev->ops->check_presence) { device_lock(&dev->dev); dev->shutting_down = true; device_unlock(&dev->dev); del_timer_sync(&dev->check_pres_timer); cancel_work_sync(&dev->check_pres_work); } nfc_llcp_unregister_device(dev); mutex_lock(&nfc_devlist_mutex); nfc_devlist_generation++; device_del(&dev->dev); mutex_unlock(&nfc_devlist_mutex); }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,8784179369229,1 1495,CWE-119,"vhost_scsi_make_tpg(struct se_wwn *wwn, struct config_group *group, const char *name) { struct vhost_scsi_tport *tport = container_of(wwn, struct vhost_scsi_tport, tport_wwn); struct vhost_scsi_tpg *tpg; unsigned long tpgt; int ret; if (strstr(name, ""tpgt_"") != name) return ERR_PTR(-EINVAL); if (kstrtoul(name + 5, 10, &tpgt) || tpgt > UINT_MAX) return ERR_PTR(-EINVAL); tpg = kzalloc(sizeof(struct vhost_scsi_tpg), GFP_KERNEL); if (!tpg) { pr_err(""Unable to allocate struct vhost_scsi_tpg""); return ERR_PTR(-ENOMEM); } mutex_init(&tpg->tv_tpg_mutex); INIT_LIST_HEAD(&tpg->tv_tpg_list); tpg->tport = tport; tpg->tport_tpgt = tpgt; ret = core_tpg_register(&vhost_scsi_fabric_configfs->tf_ops, wwn, &tpg->se_tpg, tpg, TRANSPORT_TPG_TYPE_NORMAL); if (ret < 0) { kfree(tpg); return NULL; } mutex_lock(&vhost_scsi_mutex); list_add_tail(&tpg->tv_tpg_list, &vhost_scsi_list); mutex_unlock(&vhost_scsi_mutex); return &tpg->se_tpg; }",visit repo url,drivers/vhost/scsi.c,https://github.com/torvalds/linux,114086795830276,1 3006,['CWE-189'],"static jas_cmprof_t *jas_cmprof_create() { int i; jas_cmprof_t *prof; if (!(prof = jas_malloc(sizeof(jas_cmprof_t)))) return 0; memset(prof, 0, sizeof(jas_cmprof_t)); prof->iccprof = 0; for (i = 0; i < JAS_CMPROF_NUMPXFORMSEQS; ++i) prof->pxformseqs[i] = 0; return prof; }",jasper,,,54106123456028078556113783084078099117,0 3048,CWE-189,"varbit_in(PG_FUNCTION_ARGS) { char *input_string = PG_GETARG_CSTRING(0); #ifdef NOT_USED Oid typelem = PG_GETARG_OID(1); #endif int32 atttypmod = PG_GETARG_INT32(2); VarBit *result; char *sp; bits8 *r; int len, bitlen, slen; bool bit_not_hex; int bc; bits8 x = 0; if (input_string[0] == 'b' || input_string[0] == 'B') { bit_not_hex = true; sp = input_string + 1; } else if (input_string[0] == 'x' || input_string[0] == 'X') { bit_not_hex = false; sp = input_string + 1; } else { bit_not_hex = true; sp = input_string; } slen = strlen(sp); if (bit_not_hex) bitlen = slen; else bitlen = slen * 4; if (atttypmod <= 0) atttypmod = bitlen; else if (bitlen > atttypmod) ereport(ERROR, (errcode(ERRCODE_STRING_DATA_RIGHT_TRUNCATION), errmsg(""bit string too long for type bit varying(%d)"", atttypmod))); len = VARBITTOTALLEN(bitlen); result = (VarBit *) palloc0(len); SET_VARSIZE(result, len); VARBITLEN(result) = Min(bitlen, atttypmod); r = VARBITS(result); if (bit_not_hex) { x = HIGHBIT; for (; *sp; sp++) { if (*sp == '1') *r |= x; else if (*sp != '0') ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""\""%c\"" is not a valid binary digit"", *sp))); x >>= 1; if (x == 0) { x = HIGHBIT; r++; } } } else { for (bc = 0; *sp; sp++) { if (*sp >= '0' && *sp <= '9') x = (bits8) (*sp - '0'); else if (*sp >= 'A' && *sp <= 'F') x = (bits8) (*sp - 'A') + 10; else if (*sp >= 'a' && *sp <= 'f') x = (bits8) (*sp - 'a') + 10; else ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""\""%c\"" is not a valid hexadecimal digit"", *sp))); if (bc) { *r++ |= x; bc = 0; } else { *r = x << 4; bc = 1; } } } PG_RETURN_VARBIT_P(result); }",visit repo url,src/backend/utils/adt/varbit.c,https://github.com/postgres/postgres,23387350775144,1 4995,CWE-787,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 6522,CWE-125,"MOBI_RET mobi_search_links_kf7(MOBIResult *result, const unsigned char *data_start, const unsigned char *data_end) { if (!result) { debug_print(""Result structure is null%s"", ""\n""); return MOBI_PARAM_ERR; } result->start = result->end = NULL; *(result->value) = '\0'; if (!data_start || !data_end) { debug_print(""Data is null%s"", ""\n""); return MOBI_PARAM_ERR; } const char *needle1 = ""filepos=""; const char *needle2 = ""recindex=""; const size_t needle1_length = strlen(needle1); const size_t needle2_length = strlen(needle2); const size_t needle_length = max(needle1_length,needle2_length); if (data_start + needle_length > data_end) { return MOBI_SUCCESS; } unsigned char *data = (unsigned char *) data_start; const unsigned char tag_open = '<'; const unsigned char tag_close = '>'; unsigned char last_border = tag_open; while (data <= data_end) { if (*data == tag_open || *data == tag_close) { last_border = *data; } if (data + needle_length <= data_end && (memcmp(data, needle1, needle1_length) == 0 || memcmp(data, needle2, needle2_length) == 0)) { if (last_border != tag_open) { data += needle_length; continue; } while (data >= data_start && !isspace(*data) && *data != tag_open) { data--; } result->start = ++data; int i = 0; while (data <= data_end && !isspace(*data) && *data != tag_close && i < MOBI_ATTRVALUE_MAXSIZE) { result->value[i++] = (char) *data++; } if (*(data - 1) == '/' && *data == '>') { --data; --i; } result->end = data; result->value[i] = '\0'; return MOBI_SUCCESS; } data++; } return MOBI_SUCCESS; }",visit repo url,src/parse_rawml.c,https://github.com/bfabiszewski/libmobi,103044538538743,1 4527,['CWE-20'],"static inline unsigned dx_get_limit(struct dx_entry *entries) { return le16_to_cpu(((struct dx_countlimit *) entries)->limit); }",linux-2.6,,,318464015766906053043682052070441537175,0 1892,CWE-416,"static void ene_remove(struct pnp_dev *pnp_dev) { struct ene_device *dev = pnp_get_drvdata(pnp_dev); unsigned long flags; spin_lock_irqsave(&dev->hw_lock, flags); ene_rx_disable(dev); ene_rx_restore_hw_buffer(dev); spin_unlock_irqrestore(&dev->hw_lock, flags); free_irq(dev->irq, dev); release_region(dev->hw_io, ENE_IO_SIZE); rc_unregister_device(dev->rdev); kfree(dev); }",visit repo url,drivers/media/rc/ene_ir.c,https://github.com/torvalds/linux,158899293788260,1 693,CWE-20,"int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct atm_vcc *vcc; struct sk_buff *skb; int copied, error = -EINVAL; msg->msg_namelen = 0; if (sock->state != SS_CONNECTED) return -ENOTCONN; if (flags & ~(MSG_DONTWAIT | MSG_PEEK)) return -EOPNOTSUPP; vcc = ATM_SD(sock); if (test_bit(ATM_VF_RELEASED, &vcc->flags) || test_bit(ATM_VF_CLOSE, &vcc->flags) || !test_bit(ATM_VF_READY, &vcc->flags)) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &error); if (!skb) return error; copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } error = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (error) return error; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { pr_debug(""%d -= %d\n"", atomic_read(&sk->sk_rmem_alloc), skb->truesize); atm_return(vcc, skb->truesize); } skb_free_datagram(sk, skb); return copied; }",visit repo url,net/atm/common.c,https://github.com/torvalds/linux,240275613128050,1 5688,['CWE-476'],"int udp_ioctl(struct sock *sk, int cmd, unsigned long arg) { switch(cmd) { case SIOCOUTQ: { int amount = atomic_read(&sk->sk_wmem_alloc); return put_user(amount, (int __user *)arg); } case SIOCINQ: { struct sk_buff *skb; unsigned long amount; amount = 0; spin_lock_bh(&sk->sk_receive_queue.lock); skb = skb_peek(&sk->sk_receive_queue); if (skb != NULL) { amount = skb->len - sizeof(struct udphdr); } spin_unlock_bh(&sk->sk_receive_queue.lock); return put_user(amount, (int __user *)arg); } default: return -ENOIOCTLCMD; } return(0); }",linux-2.6,,,140853893734833540568835458200451972548,0 1105,['CWE-399'],"int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, compat_sigset_t *set, struct pt_regs *regs) { struct rt_sigframe __user *frame; struct exec_domain *ed = current_thread_info()->exec_domain; void __user *restorer; int err = 0; static const struct { u8 movl; u32 val; u16 int80; u16 pad; u8 pad2; } __attribute__((packed)) code = { 0xb8, __NR_ia32_rt_sigreturn, 0x80cd, 0, }; frame = get_sigframe(ka, regs, sizeof(*frame)); if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) goto give_sigsegv; err |= __put_user((ed && ed->signal_invmap && sig < 32 ? ed->signal_invmap[sig] : sig), &frame->sig); err |= __put_user(ptr_to_compat(&frame->info), &frame->pinfo); err |= __put_user(ptr_to_compat(&frame->uc), &frame->puc); err |= copy_siginfo_to_user32(&frame->info, info); if (err) goto give_sigsegv; err |= __put_user(0, &frame->uc.uc_flags); err |= __put_user(0, &frame->uc.uc_link); err |= __put_user(current->sas_ss_sp, &frame->uc.uc_stack.ss_sp); err |= __put_user(sas_ss_flags(regs->sp), &frame->uc.uc_stack.ss_flags); err |= __put_user(current->sas_ss_size, &frame->uc.uc_stack.ss_size); err |= ia32_setup_sigcontext(&frame->uc.uc_mcontext, &frame->fpstate, regs, set->sig[0]); err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)); if (err) goto give_sigsegv; if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; else restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); err |= __put_user(ptr_to_compat(restorer), &frame->pretcode); err |= __copy_to_user(frame->retcode, &code, 8); if (err) goto give_sigsegv; regs->sp = (unsigned long) frame; regs->ip = (unsigned long) ka->sa.sa_handler; regs->ax = sig; regs->dx = (unsigned long) &frame->info; regs->cx = (unsigned long) &frame->uc; regs->ax = sig; regs->dx = (unsigned long) &frame->info; regs->cx = (unsigned long) &frame->uc; asm volatile(""movl %0,%%ds"" :: ""r"" (__USER32_DS)); asm volatile(""movl %0,%%es"" :: ""r"" (__USER32_DS)); regs->cs = __USER32_CS; regs->ss = __USER32_DS; set_fs(USER_DS); regs->flags &= ~(X86_EFLAGS_TF | X86_EFLAGS_DF); if (test_thread_flag(TIF_SINGLESTEP)) ptrace_notify(SIGTRAP); #if DEBUG_SIG printk(KERN_DEBUG ""SIG deliver (%s:%d): sp=%p pc=%lx ra=%u\n"", current->comm, current->pid, frame, regs->ip, frame->pretcode); #endif return 0; give_sigsegv: force_sigsegv(sig, current); return -EFAULT; }",linux-2.6,,,172898258087773930721026450833085893496,0 5783,['CWE-200'],"static int rose_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock *sk = sock->sk; struct rose_sock *rose = rose_sk(sk); struct sockaddr_rose *usrose = (struct sockaddr_rose *)msg->msg_name; int err; struct full_sockaddr_rose srose; struct sk_buff *skb; unsigned char *asmptr; int n, size, qbit = 0; if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT)) return -EINVAL; if (sock_flag(sk, SOCK_ZAPPED)) return -EADDRNOTAVAIL; if (sk->sk_shutdown & SEND_SHUTDOWN) { send_sig(SIGPIPE, current, 0); return -EPIPE; } if (rose->neighbour == NULL || rose->device == NULL) return -ENETUNREACH; if (usrose != NULL) { if (msg->msg_namelen != sizeof(struct sockaddr_rose) && msg->msg_namelen != sizeof(struct full_sockaddr_rose)) return -EINVAL; memset(&srose, 0, sizeof(struct full_sockaddr_rose)); memcpy(&srose, usrose, msg->msg_namelen); if (rosecmp(&rose->dest_addr, &srose.srose_addr) != 0 || ax25cmp(&rose->dest_call, &srose.srose_call) != 0) return -EISCONN; if (srose.srose_ndigis != rose->dest_ndigis) return -EISCONN; if (srose.srose_ndigis == rose->dest_ndigis) { for (n = 0 ; n < srose.srose_ndigis ; n++) if (ax25cmp(&rose->dest_digis[n], &srose.srose_digis[n])) return -EISCONN; } if (srose.srose_family != AF_ROSE) return -EINVAL; } else { if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; srose.srose_family = AF_ROSE; srose.srose_addr = rose->dest_addr; srose.srose_call = rose->dest_call; srose.srose_ndigis = rose->dest_ndigis; for (n = 0 ; n < rose->dest_ndigis ; n++) srose.srose_digis[n] = rose->dest_digis[n]; } SOCK_DEBUG(sk, ""ROSE: sendto: Addresses built.\n""); SOCK_DEBUG(sk, ""ROSE: sendto: building packet.\n""); if (len > 65535) return -EMSGSIZE; size = len + AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + ROSE_MIN_LEN; if ((skb = sock_alloc_send_skb(sk, size, msg->msg_flags & MSG_DONTWAIT, &err)) == NULL) return err; skb_reserve(skb, AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + ROSE_MIN_LEN); SOCK_DEBUG(sk, ""ROSE: Appending user data\n""); skb_reset_transport_header(skb); skb_put(skb, len); err = memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len); if (err) { kfree_skb(skb); return err; } if (rose->qbitincl) { qbit = skb->data[0]; skb_pull(skb, 1); } asmptr = skb_push(skb, ROSE_MIN_LEN); SOCK_DEBUG(sk, ""ROSE: Building Network Header.\n""); asmptr[0] = ((rose->lci >> 8) & 0x0F) | ROSE_GFI; asmptr[1] = (rose->lci >> 0) & 0xFF; asmptr[2] = ROSE_DATA; if (qbit) asmptr[0] |= ROSE_Q_BIT; SOCK_DEBUG(sk, ""ROSE: Built header.\n""); SOCK_DEBUG(sk, ""ROSE: Transmitting buffer\n""); if (sk->sk_state != TCP_ESTABLISHED) { kfree_skb(skb); return -ENOTCONN; } #ifdef M_BIT #define ROSE_PACLEN (256-ROSE_MIN_LEN) if (skb->len - ROSE_MIN_LEN > ROSE_PACLEN) { unsigned char header[ROSE_MIN_LEN]; struct sk_buff *skbn; int frontlen; int lg; skb_copy_from_linear_data(skb, header, ROSE_MIN_LEN); skb_pull(skb, ROSE_MIN_LEN); frontlen = skb_headroom(skb); while (skb->len > 0) { if ((skbn = sock_alloc_send_skb(sk, frontlen + ROSE_PACLEN, 0, &err)) == NULL) { kfree_skb(skb); return err; } skbn->sk = sk; skbn->free = 1; skbn->arp = 1; skb_reserve(skbn, frontlen); lg = (ROSE_PACLEN > skb->len) ? skb->len : ROSE_PACLEN; skb_copy_from_linear_data(skb, skb_put(skbn, lg), lg); skb_pull(skb, lg); skb_push(skbn, ROSE_MIN_LEN); skb_copy_to_linear_data(skbn, header, ROSE_MIN_LEN); if (skb->len > 0) skbn->data[2] |= M_BIT; skb_queue_tail(&sk->sk_write_queue, skbn); } skb->free = 1; kfree_skb(skb); } else { skb_queue_tail(&sk->sk_write_queue, skb); } #else skb_queue_tail(&sk->sk_write_queue, skb); #endif rose_kick(sk); return len; }",linux-2.6,,,276511488761383285032477826379500858021,0 4816,CWE-119,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 3935,CWE-416,"is_qf_win(win_T *win, qf_info_T *qi) { if (bt_quickfix(win->w_buffer)) if ((IS_QF_STACK(qi) && win->w_llist_ref == NULL) || (IS_LL_STACK(qi) && win->w_llist_ref == qi)) return TRUE; return FALSE; }",visit repo url,src/quickfix.c,https://github.com/vim/vim,155363089895460,1 4880,CWE-674,"iasecc_select_file(struct sc_card *card, const struct sc_path *path, struct sc_file **file_out) { struct sc_context *ctx = card->ctx; struct sc_path lpath; int cache_valid = card->cache.valid, df_from_cache = 0; int rv, ii; LOG_FUNC_CALLED(ctx); memcpy(&lpath, path, sizeof(struct sc_path)); if (file_out) *file_out = NULL; sc_log(ctx, ""iasecc_select_file(card:%p) path.len %""SC_FORMAT_LEN_SIZE_T""u; path.type %i; aid_len %""SC_FORMAT_LEN_SIZE_T""u"", card, path->len, path->type, path->aid.len); sc_log(ctx, ""iasecc_select_file() path:%s"", sc_print_path(path)); sc_print_cache(card); if (lpath.len >= 2 && lpath.value[0] == 0x3F && lpath.value[1] == 0x00) { sc_log(ctx, ""EF.ATR(aid:'%s')"", card->ef_atr ? sc_dump_hex(card->ef_atr->aid.value, card->ef_atr->aid.len) : """"); rv = iasecc_select_mf(card, file_out); LOG_TEST_RET(ctx, rv, ""MF selection error""); if (lpath.len >= 2 && lpath.value[0] == 0x3F && lpath.value[1] == 0x00) { memmove(&lpath.value[0], &lpath.value[2], lpath.len - 2); lpath.len -= 2; } } if (lpath.aid.len) { struct sc_file *file = NULL; struct sc_path ppath; sc_log(ctx, ""iasecc_select_file() select parent AID:%p/%""SC_FORMAT_LEN_SIZE_T""u"", lpath.aid.value, lpath.aid.len); sc_log(ctx, ""iasecc_select_file() select parent AID:%s"", sc_dump_hex(lpath.aid.value, lpath.aid.len)); memset(&ppath, 0, sizeof(ppath)); memcpy(ppath.value, lpath.aid.value, lpath.aid.len); ppath.len = lpath.aid.len; ppath.type = SC_PATH_TYPE_DF_NAME; if (card->cache.valid && card->cache.current_df && card->cache.current_df->path.len == lpath.aid.len && !memcmp(card->cache.current_df->path.value, lpath.aid.value, lpath.aid.len)) df_from_cache = 1; rv = iasecc_select_file(card, &ppath, &file); LOG_TEST_RET(ctx, rv, ""select AID path failed""); if (file_out) *file_out = file; else sc_file_free(file); if (lpath.type == SC_PATH_TYPE_DF_NAME) lpath.type = SC_PATH_TYPE_FROM_CURRENT; } if (lpath.type == SC_PATH_TYPE_PATH) lpath.type = SC_PATH_TYPE_FROM_CURRENT; if (!lpath.len) LOG_FUNC_RETURN(ctx, SC_SUCCESS); sc_print_cache(card); if (card->cache.valid && card->cache.current_df && lpath.type == SC_PATH_TYPE_DF_NAME && card->cache.current_df->path.len == lpath.len && !memcmp(card->cache.current_df->path.value, lpath.value, lpath.len)) { sc_log(ctx, ""returns current DF path %s"", sc_print_path(&card->cache.current_df->path)); if (file_out) { sc_file_free(*file_out); sc_file_dup(file_out, card->cache.current_df); } sc_print_cache(card); LOG_FUNC_RETURN(ctx, SC_SUCCESS); } do { struct sc_apdu apdu; struct sc_file *file = NULL; unsigned char rbuf[SC_MAX_APDU_BUFFER_SIZE]; int pathlen = lpath.len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0x00, 0x00); if (card->type != SC_CARD_TYPE_IASECC_GEMALTO && card->type != SC_CARD_TYPE_IASECC_OBERTHUR && card->type != SC_CARD_TYPE_IASECC_SAGEM && card->type != SC_CARD_TYPE_IASECC_AMOS && card->type != SC_CARD_TYPE_IASECC_MI && card->type != SC_CARD_TYPE_IASECC_MI2) LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, ""Unsupported card""); if (lpath.type == SC_PATH_TYPE_FILE_ID) { apdu.p1 = 0x02; if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) { apdu.p1 = 0x01; apdu.p2 = 0x04; } if (card->type == SC_CARD_TYPE_IASECC_AMOS) apdu.p2 = 0x04; if (card->type == SC_CARD_TYPE_IASECC_MI) apdu.p2 = 0x04; if (card->type == SC_CARD_TYPE_IASECC_MI2) apdu.p2 = 0x04; } else if (lpath.type == SC_PATH_TYPE_FROM_CURRENT) { apdu.p1 = 0x09; if (card->type == SC_CARD_TYPE_IASECC_OBERTHUR) apdu.p2 = 0x04; if (card->type == SC_CARD_TYPE_IASECC_AMOS) apdu.p2 = 0x04; if (card->type == SC_CARD_TYPE_IASECC_MI) apdu.p2 = 0x04; if (card->type == SC_CARD_TYPE_IASECC_MI2) apdu.p2 = 0x04; } else if (lpath.type == SC_PATH_TYPE_PARENT) { apdu.p1 = 0x03; pathlen = 0; apdu.cse = SC_APDU_CASE_2_SHORT; } else if (lpath.type == SC_PATH_TYPE_DF_NAME) { apdu.p1 = 0x04; if (card->type == SC_CARD_TYPE_IASECC_AMOS) apdu.p2 = 0x04; if (card->type == SC_CARD_TYPE_IASECC_MI2) apdu.p2 = 0x04; } else { sc_log(ctx, ""Invalid PATH type: 0x%X"", lpath.type); LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, ""iasecc_select_file() invalid PATH type""); } for (ii=0; ii<2; ii++) { apdu.lc = pathlen; apdu.data = lpath.value; apdu.datalen = pathlen; apdu.resp = rbuf; apdu.resplen = sizeof(rbuf); apdu.le = 256; rv = sc_transmit_apdu(card, &apdu); LOG_TEST_RET(ctx, rv, ""APDU transmit failed""); rv = sc_check_sw(card, apdu.sw1, apdu.sw2); if (rv == SC_ERROR_INCORRECT_PARAMETERS && lpath.type == SC_PATH_TYPE_DF_NAME && apdu.p2 == 0x00) { apdu.p2 = 0x0C; continue; } if (ii) { apdu.resplen = sizeof(rbuf); rv = iasecc_emulate_fcp(ctx, &apdu); LOG_TEST_RET(ctx, rv, ""Failed to emulate DF FCP""); } break; } if (rv == SC_ERROR_FILE_NOT_FOUND && cache_valid && df_from_cache) { sc_invalidate_cache(card); sc_log(ctx, ""iasecc_select_file() file not found, retry without cached DF""); if (file_out) { sc_file_free(*file_out); *file_out = NULL; } rv = iasecc_select_file(card, path, file_out); LOG_FUNC_RETURN(ctx, rv); } LOG_TEST_RET(ctx, rv, ""iasecc_select_file() check SW failed""); sc_log(ctx, ""iasecc_select_file() apdu.resp %""SC_FORMAT_LEN_SIZE_T""u"", apdu.resplen); if (apdu.resplen) { sc_log(ctx, ""apdu.resp %02X:%02X:%02X..."", apdu.resp[0], apdu.resp[1], apdu.resp[2]); switch (apdu.resp[0]) { case 0x62: case 0x6F: file = sc_file_new(); if (file == NULL) LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY); file->path = lpath; rv = iasecc_process_fci(card, file, apdu.resp, apdu.resplen); if (rv) LOG_FUNC_RETURN(ctx, rv); break; default: LOG_FUNC_RETURN(ctx, SC_ERROR_UNKNOWN_DATA_RECEIVED); } sc_log(ctx, ""FileType %i"", file->type); if (file->type == SC_FILE_TYPE_DF) { if (card->cache.valid) sc_file_free(card->cache.current_df); card->cache.current_df = NULL; if (card->cache.valid) sc_file_free(card->cache.current_ef); card->cache.current_ef = NULL; sc_file_dup(&card->cache.current_df, file); card->cache.valid = 1; } else { if (card->cache.valid) sc_file_free(card->cache.current_ef); card->cache.current_ef = NULL; sc_file_dup(&card->cache.current_ef, file); } if (file_out) { sc_file_free(*file_out); *file_out = file; } else { sc_file_free(file); } } else if (lpath.type == SC_PATH_TYPE_DF_NAME) { sc_file_free(card->cache.current_df); card->cache.current_df = NULL; sc_file_free(card->cache.current_ef); card->cache.current_ef = NULL; card->cache.valid = 1; } } while(0); sc_print_cache(card); LOG_FUNC_RETURN(ctx, SC_SUCCESS); }",visit repo url,src/libopensc/card-iasecc.c,https://github.com/OpenSC/OpenSC,104393790476450,1 4010,['CWE-362'],"static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid, char *action, struct audit_krule *rule, int res) { struct audit_buffer *ab; if (!audit_enabled) return; ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); if (!ab) return; audit_log_format(ab, ""auid=%u ses=%u"", loginuid, sessionid); if (sid) { char *ctx = NULL; u32 len; if (security_secid_to_secctx(sid, &ctx, &len)) audit_log_format(ab, "" ssid=%u"", sid); else { audit_log_format(ab, "" subj=%s"", ctx); security_release_secctx(ctx, len); } } audit_log_format(ab, "" op=%s rule key="", action); if (rule->filterkey) audit_log_untrustedstring(ab, rule->filterkey); else audit_log_format(ab, ""(null)""); audit_log_format(ab, "" list=%d res=%d"", rule->listnr, res); audit_log_end(ab); }",linux-2.6,,,185103155053972288994793132989522898942,0 2130,CWE-319,"static int __mincore_unmapped_range(unsigned long addr, unsigned long end, struct vm_area_struct *vma, unsigned char *vec) { unsigned long nr = (end - addr) >> PAGE_SHIFT; int i; if (vma->vm_file) { pgoff_t pgoff; pgoff = linear_page_index(vma, addr); for (i = 0; i < nr; i++, pgoff++) vec[i] = mincore_page(vma->vm_file->f_mapping, pgoff); } else { for (i = 0; i < nr; i++) vec[i] = 0; } return nr; }",visit repo url,mm/mincore.c,https://github.com/torvalds/linux,279591642354351,1 2435,CWE-476,"static int dnxhd_find_frame_end(DNXHDParserContext *dctx, const uint8_t *buf, int buf_size) { ParseContext *pc = &dctx->pc; uint64_t state = pc->state64; int pic_found = pc->frame_start_found; int i = 0; if (!pic_found) { for (i = 0; i < buf_size; i++) { state = (state << 8) | buf[i]; if (ff_dnxhd_check_header_prefix(state & 0xffffffffff00LL) != 0) { i++; pic_found = 1; dctx->cur_byte = 0; dctx->remaining = 0; break; } } } if (pic_found && !dctx->remaining) { if (!buf_size) return 0; for (; i < buf_size; i++) { dctx->cur_byte++; state = (state << 8) | buf[i]; if (dctx->cur_byte == 24) { dctx->h = (state >> 32) & 0xFFFF; } else if (dctx->cur_byte == 26) { dctx->w = (state >> 32) & 0xFFFF; } else if (dctx->cur_byte == 42) { int cid = (state >> 32) & 0xFFFFFFFF; if (cid <= 0) continue; dctx->remaining = avpriv_dnxhd_get_frame_size(cid); if (dctx->remaining <= 0) { dctx->remaining = ff_dnxhd_get_hr_frame_size(cid, dctx->w, dctx->h); if (dctx->remaining <= 0) return dctx->remaining; } if (buf_size - i + 47 >= dctx->remaining) { int remaining = dctx->remaining; pc->frame_start_found = 0; pc->state64 = -1; dctx->cur_byte = 0; dctx->remaining = 0; return remaining; } else { dctx->remaining -= buf_size; } } } } else if (pic_found) { if (dctx->remaining > buf_size) { dctx->remaining -= buf_size; } else { int remaining = dctx->remaining; pc->frame_start_found = 0; pc->state64 = -1; dctx->cur_byte = 0; dctx->remaining = 0; return remaining; } } pc->frame_start_found = pic_found; pc->state64 = state; return END_NOT_FOUND; }",visit repo url,libavcodec/dnxhd_parser.c,https://github.com/FFmpeg/FFmpeg,10181916975713,1 3915,CWE-121,"win_new_width(win_T *wp, int width) { wp->w_width = width; wp->w_lines_valid = 0; changed_line_abv_curs_win(wp); if (p_spsc) { invalidate_botline_win(wp); if (wp == curwin) { update_topline(); curs_columns(TRUE); } } redraw_win_later(wp, UPD_NOT_VALID); wp->w_redr_status = TRUE; }",visit repo url,src/window.c,https://github.com/vim/vim,144116367147416,1 4858,CWE-119,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 3347,[],"static inline int nla_len(const struct nlattr *nla) { return nla->nla_len - NLA_HDRLEN; }",linux-2.6,,,57785358999028903438312998386135725486,0 5658,['CWE-476'],"static int udp_seq_open(struct inode *inode, struct file *file) { struct udp_seq_afinfo *afinfo = PDE(inode)->data; struct seq_file *seq; int rc = -ENOMEM; struct udp_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL); if (!s) goto out; s->family = afinfo->family; s->seq_ops.start = udp_seq_start; s->seq_ops.next = udp_seq_next; s->seq_ops.show = afinfo->seq_show; s->seq_ops.stop = udp_seq_stop; rc = seq_open(file, &s->seq_ops); if (rc) goto out_kfree; seq = file->private_data; seq->private = s; out: return rc; out_kfree: kfree(s); goto out; }",linux-2.6,,,83647233125291944369899229282685788557,0 2830,CWE-125,"static int update_prepare_order_info(rdpContext* context, ORDER_INFO* orderInfo, UINT32 orderType) { int length = 1; orderInfo->fieldFlags = 0; orderInfo->orderType = orderType; orderInfo->controlFlags = ORDER_STANDARD; orderInfo->controlFlags |= ORDER_TYPE_CHANGE; length += 1; length += PRIMARY_DRAWING_ORDER_FIELD_BYTES[orderInfo->orderType]; length += update_prepare_bounds(context, orderInfo); return length; }",visit repo url,libfreerdp/core/update.c,https://github.com/FreeRDP/FreeRDP,247436419964045,1 3243,CWE-125,"cisco_autorp_print(netdissect_options *ndo, register const u_char *bp, register u_int len) { int type; int numrps; int hold; ND_TCHECK(bp[0]); ND_PRINT((ndo, "" auto-rp "")); type = bp[0]; switch (type) { case 0x11: ND_PRINT((ndo, ""candidate-advert"")); break; case 0x12: ND_PRINT((ndo, ""mapping"")); break; default: ND_PRINT((ndo, ""type-0x%02x"", type)); break; } ND_TCHECK(bp[1]); numrps = bp[1]; ND_TCHECK2(bp[2], 2); ND_PRINT((ndo, "" Hold "")); hold = EXTRACT_16BITS(&bp[2]); if (hold) unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[2])); else ND_PRINT((ndo, ""FOREVER"")); bp += 8; len -= 8; while (numrps--) { int nentries; char s; ND_TCHECK2(bp[0], 4); ND_PRINT((ndo, "" RP %s"", ipaddr_string(ndo, bp))); ND_TCHECK(bp[4]); switch (bp[4] & 0x3) { case 0: ND_PRINT((ndo, "" PIMv?"")); break; case 1: ND_PRINT((ndo, "" PIMv1"")); break; case 2: ND_PRINT((ndo, "" PIMv2"")); break; case 3: ND_PRINT((ndo, "" PIMv1+2"")); break; } if (bp[4] & 0xfc) ND_PRINT((ndo, "" [rsvd=0x%02x]"", bp[4] & 0xfc)); ND_TCHECK(bp[5]); nentries = bp[5]; bp += 6; len -= 6; s = ' '; for (; nentries; nentries--) { ND_TCHECK2(bp[0], 6); ND_PRINT((ndo, ""%c%s%s/%d"", s, bp[0] & 1 ? ""!"" : """", ipaddr_string(ndo, &bp[2]), bp[1])); if (bp[0] & 0x02) { ND_PRINT((ndo, "" bidir"")); } if (bp[0] & 0xfc) { ND_PRINT((ndo, ""[rsvd=0x%02x]"", bp[0] & 0xfc)); } s = ','; bp += 6; len -= 6; } } return; trunc: ND_PRINT((ndo, ""[|autorp]"")); return; }",visit repo url,print-pim.c,https://github.com/the-tcpdump-group/tcpdump,183776567035968,1 244,[],"int fat_scan(struct inode *dir, const unsigned char *name, struct fat_slot_info *sinfo) { struct super_block *sb = dir->i_sb; sinfo->slot_off = 0; sinfo->bh = NULL; while (fat_get_short_entry(dir, &sinfo->slot_off, &sinfo->bh, &sinfo->de) >= 0) { if (!strncmp(sinfo->de->name, name, MSDOS_NAME)) { sinfo->slot_off -= sizeof(*sinfo->de); sinfo->nr_slots = 1; sinfo->i_pos = fat_make_i_pos(sb, sinfo->bh, sinfo->de); return 0; } } return -ENOENT; }",linux-2.6,,,242997434149988672907768954940445739083,0 1663,CWE-416,"static void perf_event_exit_cpu(int cpu) { struct swevent_htable *swhash = &per_cpu(swevent_htable, cpu); perf_event_exit_cpu_context(cpu); mutex_lock(&swhash->hlist_mutex); swhash->online = false; swevent_hlist_release(swhash); mutex_unlock(&swhash->hlist_mutex); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,174915583866734,1 3473,CWE-295,"init_connection_options(MYSQL *mysql) { my_bool handle_expired= (opt_connect_expired_password || !status.batch) ? TRUE : FALSE; if (opt_init_command) mysql_options(mysql, MYSQL_INIT_COMMAND, opt_init_command); if (opt_connect_timeout) { uint timeout= opt_connect_timeout; mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (char*) &timeout); } if (opt_bind_addr) mysql_options(mysql, MYSQL_OPT_BIND, opt_bind_addr); if (opt_compress) mysql_options(mysql, MYSQL_OPT_COMPRESS, NullS); if (!opt_secure_auth) mysql_options(mysql, MYSQL_SECURE_AUTH, (char *) &opt_secure_auth); if (using_opt_local_infile) mysql_options(mysql, MYSQL_OPT_LOCAL_INFILE, (char*) &opt_local_infile); #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) if (opt_use_ssl) { mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (char*) &opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(mysql, MYSQL_OPT_PROTOCOL, (char*) &opt_protocol); #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) if (shared_memory_base_name) mysql_options(mysql, MYSQL_SHARED_MEMORY_BASE_NAME, shared_memory_base_name); #endif if (safe_updates) { char init_command[100]; sprintf(init_command, ""SET SQL_SAFE_UPDATES=1,SQL_SELECT_LIMIT=%lu,MAX_JOIN_SIZE=%lu"", select_limit, max_join_size); mysql_options(mysql, MYSQL_INIT_COMMAND, init_command); } mysql_set_character_set(mysql, default_charset); if (opt_plugin_dir && *opt_plugin_dir) mysql_options(mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir); if (opt_default_auth && *opt_default_auth) mysql_options(mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); #if !defined(HAVE_YASSL) if (opt_server_public_key && *opt_server_public_key) mysql_options(mysql, MYSQL_SERVER_PUBLIC_KEY, opt_server_public_key); #endif if (using_opt_enable_cleartext_plugin) mysql_options(mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, (char*) &opt_enable_cleartext_plugin); mysql_options(mysql, MYSQL_OPT_CONNECT_ATTR_RESET, 0); mysql_options4(mysql, MYSQL_OPT_CONNECT_ATTR_ADD, ""program_name"", ""mysql""); mysql_options(mysql, MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS, &handle_expired); }",visit repo url,client/mysql.cc,https://github.com/mysql/mysql-server,269663625210552,1 6240,['CWE-200'],"static int qdisc_notify(struct sk_buff *oskb, struct nlmsghdr *n, u32 clid, struct Qdisc *old, struct Qdisc *new) { struct sk_buff *skb; u32 pid = oskb ? NETLINK_CB(oskb).pid : 0; skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) return -ENOBUFS; if (old && old->handle) { if (tc_fill_qdisc(skb, old, clid, pid, n->nlmsg_seq, 0, RTM_DELQDISC) < 0) goto err_out; } if (new) { if (tc_fill_qdisc(skb, new, clid, pid, n->nlmsg_seq, old ? NLM_F_REPLACE : 0, RTM_NEWQDISC) < 0) goto err_out; } if (skb->len) return rtnetlink_send(skb, pid, RTMGRP_TC, n->nlmsg_flags&NLM_F_ECHO); err_out: kfree_skb(skb); return -EINVAL; }",linux-2.6,,,164094868669562948425312986530122860814,0 6502,CWE-787,"void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) { LOG_DEBUG(__FUNCTION__); INIT_ERROR_STATE SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); mpz_t privateKeyMpz; mpz_init(privateKeyMpz); point pKey = point_init(); point pKey_test = point_init(); CHECK_STATE(encryptedPrivateKey); CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_y); int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN); CHECK_STATUS2(""AES_decrypt failed with status %d""); skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0'; strncpy(errString, skey, 1024); status = mpz_set_str(privateKeyMpz, skey, ECDSA_SKEY_BASE); CHECK_STATUS(""mpz_set_str failed for private key""); signature_extract_public_key(pKey, privateKeyMpz, curve); point_multiplication(pKey_test, privateKeyMpz, curve->G, curve); if (!point_cmp(pKey, pKey_test)) { snprintf(errString, BUF_LEN, ""Points are not equal""); LOG_ERROR(errString); *errStatus = -11; goto clean; } SAFE_CHAR_BUF(arr_x, BUF_LEN); mpz_get_str(arr_x, ECDSA_SKEY_BASE, pKey->x); int n_zeroes = 64 - strlen(arr_x); for (int i = 0; i < n_zeroes; i++) { pub_key_x[i] = '0'; } strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); SAFE_CHAR_BUF(arr_y, BUF_LEN); mpz_get_str(arr_y, ECDSA_SKEY_BASE, pKey->y); n_zeroes = 64 - strlen(arr_y); for (int i = 0; i < n_zeroes; i++) { pub_key_y[i] = '0'; } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); SET_SUCCESS clean: mpz_clear(privateKeyMpz); point_clear(pKey); point_clear(pKey_test); static uint64_t counter = 0; if (counter % 1000 == 0) { LOG_INFO(__FUNCTION__); LOG_INFO(""Thousand SGX calls completed""); } counter++; }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,217844587261352,1 2068,[],"static int udp_push_pending_frames(struct sock *sk) { struct udp_sock *up = udp_sk(sk); struct inet_sock *inet = inet_sk(sk); struct flowi *fl = &inet->cork.fl; struct sk_buff *skb; struct udphdr *uh; int err = 0; __wsum csum = 0; if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) goto out; uh = udp_hdr(skb); uh->source = fl->fl_ip_sport; uh->dest = fl->fl_ip_dport; uh->len = htons(up->len); uh->check = 0; if (up->pcflag) csum = udplite_csum_outgoing(sk, skb); else if (sk->sk_no_check == UDP_CSUM_NOXMIT) { skb->ip_summed = CHECKSUM_NONE; goto send; } else if (skb->ip_summed == CHECKSUM_PARTIAL) { udp4_hwcsum_outgoing(sk, skb, fl->fl4_src,fl->fl4_dst, up->len); goto send; } else csum = udp_csum_outgoing(sk, skb); uh->check = csum_tcpudp_magic(fl->fl4_src, fl->fl4_dst, up->len, sk->sk_protocol, csum ); if (uh->check == 0) uh->check = CSUM_MANGLED_0; send: err = ip_push_pending_frames(sk); out: up->len = 0; up->pending = 0; if (!err) UDP_INC_STATS_USER(UDP_MIB_OUTDATAGRAMS, up->pcflag); return err; }",linux-2.6,,,266048951738804647411483795153510350748,0 4284,CWE-400,"static ut64 estimate_slide(RBinFile *bf, RDyldCache *cache, ut64 value_mask, ut64 value_add) { ut64 slide = 0; if (cache->n_hdr > 1) { return slide; } ut64 *classlist = malloc (64); if (!classlist) { goto beach; } RListIter *iter; RDyldBinImage *bin; r_list_foreach (cache->bins, iter, bin) { bool found_sample = false; struct MACH0_(opts_t) opts = {0}; opts.verbose = bf->rbin->verbose; opts.header_at = bin->header_at; opts.symbols_off = 0; struct MACH0_(obj_t) *mach0 = MACH0_(new_buf) (cache->buf, &opts); if (!mach0) { goto beach; } struct section_t *sections = NULL; if (!(sections = MACH0_(get_sections) (mach0))) { MACH0_(mach0_free) (mach0); goto beach; } int i; int incomplete = 2; int classlist_idx = 0, data_idx = 0; for (i = 0; !sections[i].last && incomplete; i++) { if (sections[i].size == 0) { continue; } if (strstr (sections[i].name, ""__objc_classlist"")) { incomplete--; classlist_idx = i; continue; } if (strstr (sections[i].name, ""__objc_data"")) { incomplete--; data_idx = i; continue; } } if (incomplete) { goto next_bin; } int classlist_sample_size = R_MIN (64, sections[classlist_idx].size); int n_classes = classlist_sample_size / 8; ut64 sect_offset = sections[classlist_idx].offset + bin->hdr_offset; if (r_buf_fread_at (cache->buf, sect_offset, (ut8*) classlist, ""l"", n_classes) < classlist_sample_size) { goto next_bin; } ut64 data_addr = sections[data_idx].addr; ut64 data_tail = data_addr & 0xfff; ut64 data_tail_end = (data_addr + sections[data_idx].size) & 0xfff; for (i = 0; i < n_classes; i++) { ut64 cl_addr = (classlist[i] & value_mask) + value_add; ut64 cl_tail = cl_addr & 0xfff; if (cl_tail >= data_tail && cl_tail < data_tail_end) { ut64 off = cl_tail - data_tail; slide = ((cl_addr - off) & value_mask) - (data_addr & value_mask); found_sample = true; break; } } next_bin: MACH0_(mach0_free) (mach0); R_FREE (sections); if (found_sample) { break; } } beach: R_FREE (classlist); return slide; }",visit repo url,libr/bin/p/bin_dyldcache.c,https://github.com/radareorg/radare2,123395889225374,1 5147,['CWE-20'],"static int alloc_apic_access_page(struct kvm *kvm) { struct kvm_userspace_memory_region kvm_userspace_mem; int r = 0; down_write(&kvm->slots_lock); if (kvm->arch.apic_access_page) goto out; kvm_userspace_mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT; kvm_userspace_mem.flags = 0; kvm_userspace_mem.guest_phys_addr = 0xfee00000ULL; kvm_userspace_mem.memory_size = PAGE_SIZE; r = __kvm_set_memory_region(kvm, &kvm_userspace_mem, 0); if (r) goto out; kvm->arch.apic_access_page = gfn_to_page(kvm, 0xfee00); out: up_write(&kvm->slots_lock); return r; }",linux-2.6,,,191847196343864448809828908693740644173,0 4045,CWE-125,"static Sdb *store_versioninfo_gnu_verdef(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz) { const char *section_name = """"; const char *link_section_name = """"; char *end = NULL; Elf_(Shdr) *link_shdr = NULL; ut8 dfs[sizeof (Elf_(Verdef))] = {0}; Sdb *sdb; int cnt, i; if (shdr->sh_link > bin->ehdr.e_shnum) { return false; } link_shdr = &bin->shdr[shdr->sh_link]; if (shdr->sh_size < 1) { return false; } Elf_(Verdef) *defs = calloc (shdr->sh_size, sizeof (char)); if (!defs) { return false; } if (bin->shstrtab && shdr->sh_name < bin->shstrtab_size) { section_name = &bin->shstrtab[shdr->sh_name]; } if (link_shdr && bin->shstrtab && link_shdr->sh_name < bin->shstrtab_size) { link_section_name = &bin->shstrtab[link_shdr->sh_name]; } if (!defs) { bprintf (""Warning: Cannot allocate memory (Check Elf_(Verdef))\n""); return NULL; } sdb = sdb_new0 (); end = (char *)defs + shdr->sh_size; sdb_set (sdb, ""section_name"", section_name, 0); sdb_num_set (sdb, ""entries"", shdr->sh_info, 0); sdb_num_set (sdb, ""addr"", shdr->sh_addr, 0); sdb_num_set (sdb, ""offset"", shdr->sh_offset, 0); sdb_num_set (sdb, ""link"", shdr->sh_link, 0); sdb_set (sdb, ""link_section_name"", link_section_name, 0); for (cnt = 0, i = 0; i >= 0 && cnt < shdr->sh_info && ((char *)defs + i < end); ++cnt) { Sdb *sdb_verdef = sdb_new0 (); char *vstart = ((char*)defs) + i; char key[32] = {0}; Elf_(Verdef) *verdef = (Elf_(Verdef)*)vstart; Elf_(Verdaux) aux = {0}; int j = 0; int isum = 0; r_buf_read_at (bin->b, shdr->sh_offset + i, dfs, sizeof (Elf_(Verdef))); verdef->vd_version = READ16 (dfs, j) verdef->vd_flags = READ16 (dfs, j) verdef->vd_ndx = READ16 (dfs, j) verdef->vd_cnt = READ16 (dfs, j) verdef->vd_hash = READ32 (dfs, j) verdef->vd_aux = READ32 (dfs, j) verdef->vd_next = READ32 (dfs, j) vstart += verdef->vd_aux; if (vstart > end || vstart + sizeof (Elf_(Verdaux)) > end) { sdb_free (sdb_verdef); goto out_error; } j = 0; aux.vda_name = READ32 (vstart, j) aux.vda_next = READ32 (vstart, j) isum = i + verdef->vd_aux; if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); goto out_error; } sdb_num_set (sdb_verdef, ""idx"", i, 0); sdb_num_set (sdb_verdef, ""vd_version"", verdef->vd_version, 0); sdb_num_set (sdb_verdef, ""vd_ndx"", verdef->vd_ndx, 0); sdb_num_set (sdb_verdef, ""vd_cnt"", verdef->vd_cnt, 0); sdb_set (sdb_verdef, ""vda_name"", &bin->dynstr[aux.vda_name], 0); sdb_set (sdb_verdef, ""flags"", get_ver_flags (verdef->vd_flags), 0); for (j = 1; j < verdef->vd_cnt; ++j) { int k; Sdb *sdb_parent = sdb_new0 (); isum += aux.vda_next; vstart += aux.vda_next; if (vstart > end || vstart + sizeof(Elf_(Verdaux)) > end) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } k = 0; aux.vda_name = READ32 (vstart, k) aux.vda_next = READ32 (vstart, k) if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } sdb_num_set (sdb_parent, ""idx"", isum, 0); sdb_num_set (sdb_parent, ""parent"", j, 0); sdb_set (sdb_parent, ""vda_name"", &bin->dynstr[aux.vda_name], 0); snprintf (key, sizeof (key), ""parent%d"", j - 1); sdb_ns_set (sdb_verdef, key, sdb_parent); } snprintf (key, sizeof (key), ""verdef%d"", cnt); sdb_ns_set (sdb, key, sdb_verdef); if (!verdef->vd_next) { sdb_free (sdb_verdef); goto out_error; } if ((st32)verdef->vd_next < 1) { eprintf (""Warning: Invalid vd_next in the ELF version\n""); break; } i += verdef->vd_next; } free (defs); return sdb; out_error: free (defs); sdb_free (sdb); return NULL; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radare/radare2,125242403278618,1 267,[],"static int do_usbdevfs_discsignal(unsigned int fd, unsigned int cmd, unsigned long arg) { struct usbdevfs_disconnectsignal kdis; struct usbdevfs_disconnectsignal32 __user *udis; mm_segment_t old_fs; u32 uctx; int err; udis = compat_ptr(arg); if (get_user(kdis.signr, &udis->signr) || __get_user(uctx, &udis->context)) return -EFAULT; kdis.context = compat_ptr(uctx); old_fs = get_fs(); set_fs(KERNEL_DS); err = sys_ioctl(fd, USBDEVFS_DISCSIGNAL, (unsigned long) &kdis); set_fs(old_fs); return err; }",linux-2.6,,,275778873328819208533120689734886858820,0 3097,['CWE-189'],"static int jpc_encrawrefpass(jpc_bitstream_t *out, int bitpos, int vcausalflag, jas_matrix_t *flags, jas_matrix_t *data, int term, long *nmsedec) { int i; int j; int k; int one; int vscanlen; int width; int height; int frowstep; int drowstep; int fstripestep; int dstripestep; jpc_fix_t *fstripestart; jpc_fix_t *dstripestart; jpc_fix_t *fvscanstart; jpc_fix_t *dvscanstart; jpc_fix_t *dp; jpc_fix_t *fp; *nmsedec = 0; width = jas_matrix_numcols(data); height = jas_matrix_numrows(data); frowstep = jas_matrix_rowstep(flags); drowstep = jas_matrix_rowstep(data); fstripestep = frowstep << 2; dstripestep = drowstep << 2; one = 1 << (bitpos + JPC_NUMEXTRABITS); fstripestart = jas_matrix_getref(flags, 1, 1); dstripestart = jas_matrix_getref(data, 0, 0); for (i = height; i > 0; i -= 4, fstripestart += fstripestep, dstripestart += dstripestep) { fvscanstart = fstripestart; dvscanstart = dstripestart; vscanlen = JAS_MIN(i, 4); for (j = width; j > 0; --j, ++fvscanstart, ++dvscanstart) { fp = fvscanstart; dp = dvscanstart; k = vscanlen; rawrefpass_step(fp, dp, bitpos, one, nmsedec, out, vcausalflag); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; rawrefpass_step(fp, dp, bitpos, one, nmsedec, out, vcausalflag); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; rawrefpass_step(fp, dp, bitpos, one, nmsedec, out, vcausalflag); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; rawrefpass_step(fp, dp, bitpos, one, nmsedec, out, vcausalflag); } } if (term) { jpc_bitstream_outalign(out, 0x2a); } return 0; }",jasper,,,109937138750337760396884305257094946978,0 5487,CWE-754,"Expr *sqlite3CreateColumnExpr(sqlite3 *db, SrcList *pSrc, int iSrc, int iCol){ Expr *p = sqlite3ExprAlloc(db, TK_COLUMN, 0, 0); if( p ){ struct SrcList_item *pItem = &pSrc->a[iSrc]; p->y.pTab = pItem->pTab; p->iTable = pItem->iCursor; if( p->y.pTab->iPKey==iCol ){ p->iColumn = -1; }else{ p->iColumn = (ynVar)iCol; testcase( iCol==BMS ); testcase( iCol==BMS-1 ); pItem->colUsed |= ((Bitmask)1)<<(iCol>=BMS ? BMS-1 : iCol); } } return p; }",visit repo url,src/resolve.c,https://github.com/sqlite/sqlite,1733951507959,1 3933,['CWE-362'],"static struct audit_watch *audit_init_watch(char *path) { struct audit_watch *watch; watch = kzalloc(sizeof(*watch), GFP_KERNEL); if (unlikely(!watch)) return ERR_PTR(-ENOMEM); INIT_LIST_HEAD(&watch->rules); atomic_set(&watch->count, 1); watch->path = path; watch->dev = (dev_t)-1; watch->ino = (unsigned long)-1; return watch; }",linux-2.6,,,313867961973011495464129567400225346144,0 4127,CWE-119,"static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) { unsigned long len; GET_STATE(self); Check_Type(object_nl, T_STRING); len = RSTRING_LEN(object_nl); if (len == 0) { if (state->object_nl) { ruby_xfree(state->object_nl); state->object_nl = NULL; } } else { if (state->object_nl) ruby_xfree(state->object_nl); state->object_nl = strdup(RSTRING_PTR(object_nl)); state->object_nl_len = len; } return Qnil; }",visit repo url,ext/json/ext/generator/generator.c,https://github.com/flori/json,119247935686469,1 721,CWE-20,"static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; int len; if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { rfcomm_dlc_accept(d); msg->msg_namelen = 0; return 0; } len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); lock_sock(sk); if (!(flags & MSG_PEEK) && len > 0) atomic_sub(len, &sk->sk_rmem_alloc); if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); release_sock(sk); return len; }",visit repo url,net/bluetooth/rfcomm/sock.c,https://github.com/torvalds/linux,68043523665785,1 4130,CWE-119,"static VALUE cState_space_before_set(VALUE self, VALUE space_before) { unsigned long len; GET_STATE(self); Check_Type(space_before, T_STRING); len = RSTRING_LEN(space_before); if (len == 0) { if (state->space_before) { ruby_xfree(state->space_before); state->space_before = NULL; state->space_before_len = 0; } } else { if (state->space_before) ruby_xfree(state->space_before); state->space_before = strdup(RSTRING_PTR(space_before)); state->space_before_len = len; } return Qnil; }",visit repo url,ext/json/ext/generator/generator.c,https://github.com/flori/json,182466980064038,1 1378,CWE-362,"void set_task_blockstep(struct task_struct *task, bool on) { unsigned long debugctl; local_irq_disable(); debugctl = get_debugctlmsr(); if (on) { debugctl |= DEBUGCTLMSR_BTF; set_tsk_thread_flag(task, TIF_BLOCKSTEP); } else { debugctl &= ~DEBUGCTLMSR_BTF; clear_tsk_thread_flag(task, TIF_BLOCKSTEP); } if (task == current) update_debugctlmsr(debugctl); local_irq_enable(); }",visit repo url,arch/x86/kernel/step.c,https://github.com/torvalds/linux,153847793215877,1 5233,CWE-436,"find_auth_end (FlatpakProxyClient *client, Buffer *buffer) { guchar *match; int i; if (client->auth_end_offset > 0) { gsize left = strlen (AUTH_END_STRING) - client->auth_end_offset; gsize to_match = MIN (left, buffer->pos); if (memcmp (buffer->data, &AUTH_END_STRING[client->auth_end_offset], to_match) == 0) { client->auth_end_offset += to_match; if (client->auth_end_offset == strlen (AUTH_END_STRING)) return to_match; return -1; } client->auth_end_offset = -1; } match = memmem (buffer, buffer->pos, AUTH_END_STRING, strlen (AUTH_END_STRING)); if (match != NULL) return match - buffer->data + strlen (AUTH_END_STRING); for (i = MIN (strlen (AUTH_END_STRING) - 1, buffer->pos); i > 0; i--) { if (memcmp (buffer->data + buffer->pos - i, AUTH_END_STRING, i) == 0) { client->auth_end_offset = i; break; } } return -1; }",visit repo url,dbus-proxy/flatpak-proxy.c,https://github.com/flatpak/flatpak,11397007120025,1 95,CWE-617,"kdc_process_for_user(kdc_realm_t *kdc_active_realm, krb5_pa_data *pa_data, krb5_keyblock *tgs_session, krb5_pa_s4u_x509_user **s4u_x509_user, const char **status) { krb5_error_code code; krb5_pa_for_user *for_user; krb5_data req_data; req_data.length = pa_data->length; req_data.data = (char *)pa_data->contents; code = decode_krb5_pa_for_user(&req_data, &for_user); if (code) return code; code = verify_for_user_checksum(kdc_context, tgs_session, for_user); if (code) { *status = ""INVALID_S4U2SELF_CHECKSUM""; krb5_free_pa_for_user(kdc_context, for_user); return code; } *s4u_x509_user = calloc(1, sizeof(krb5_pa_s4u_x509_user)); if (*s4u_x509_user == NULL) { krb5_free_pa_for_user(kdc_context, for_user); return ENOMEM; } (*s4u_x509_user)->user_id.user = for_user->user; for_user->user = NULL; krb5_free_pa_for_user(kdc_context, for_user); return 0; }",visit repo url,src/kdc/kdc_util.c,https://github.com/krb5/krb5,188748299735138,1 2557,CWE-399,"crm_send_remote_msg(void *session, xmlNode * msg, gboolean encrypted) { if (encrypted) { #ifdef HAVE_GNUTLS_GNUTLS_H cib_send_tls(session, msg); #else CRM_ASSERT(encrypted == FALSE); #endif } else { cib_send_plaintext(GPOINTER_TO_INT(session), msg); } }",visit repo url,lib/common/remote.c,https://github.com/ClusterLabs/pacemaker,90889135236113,1 4075,['CWE-399'],"static int svc_accept(struct socket *sock,struct socket *newsock,int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; struct atmsvc_msg *msg; struct atm_vcc *old_vcc = ATM_SD(sock); struct atm_vcc *new_vcc; int error; lock_sock(sk); error = svc_create(sock_net(sk), newsock,0); if (error) goto out; new_vcc = ATM_SD(newsock); pr_debug(""svc_accept %p -> %p\n"",old_vcc,new_vcc); while (1) { DEFINE_WAIT(wait); prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); while (!(skb = skb_dequeue(&sk->sk_receive_queue)) && sigd) { if (test_bit(ATM_VF_RELEASED,&old_vcc->flags)) break; if (test_bit(ATM_VF_CLOSE,&old_vcc->flags)) { error = -sk->sk_err; break; } if (flags & O_NONBLOCK) { error = -EAGAIN; break; } release_sock(sk); schedule(); lock_sock(sk); if (signal_pending(current)) { error = -ERESTARTSYS; break; } prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); } finish_wait(sk->sk_sleep, &wait); if (error) goto out; if (!skb) { error = -EUNATCH; goto out; } msg = (struct atmsvc_msg *) skb->data; new_vcc->qos = msg->qos; set_bit(ATM_VF_HASQOS,&new_vcc->flags); new_vcc->remote = msg->svc; new_vcc->local = msg->local; new_vcc->sap = msg->sap; error = vcc_connect(newsock, msg->pvc.sap_addr.itf, msg->pvc.sap_addr.vpi, msg->pvc.sap_addr.vci); dev_kfree_skb(skb); sk->sk_ack_backlog--; if (error) { sigd_enq2(NULL,as_reject,old_vcc,NULL,NULL, &old_vcc->qos,error); error = error == -EAGAIN ? -EBUSY : error; goto out; } set_bit(ATM_VF_WAITING, &new_vcc->flags); prepare_to_wait(sk_atm(new_vcc)->sk_sleep, &wait, TASK_UNINTERRUPTIBLE); sigd_enq(new_vcc,as_accept,old_vcc,NULL,NULL); while (test_bit(ATM_VF_WAITING, &new_vcc->flags) && sigd) { release_sock(sk); schedule(); lock_sock(sk); prepare_to_wait(sk_atm(new_vcc)->sk_sleep, &wait, TASK_UNINTERRUPTIBLE); } finish_wait(sk_atm(new_vcc)->sk_sleep, &wait); if (!sigd) { error = -EUNATCH; goto out; } if (!sk_atm(new_vcc)->sk_err) break; if (sk_atm(new_vcc)->sk_err != ERESTARTSYS) { error = -sk_atm(new_vcc)->sk_err; goto out; } } newsock->state = SS_CONNECTED; out: release_sock(sk); return error; }",linux-2.6,,,263823990307522905978000457793719275699,0 2477,['CWE-119'],"static void skip_uninteresting(struct tree_desc *t, const char *base, int baselen, struct diff_options *opt) { int all_interesting = 0; while (t->size) { int show; if (all_interesting) show = 1; else { show = tree_entry_interesting(t, base, baselen, opt); if (show == 2) all_interesting = 1; } if (!show) { update_tree_entry(t); continue; } if (show < 0) t->size = 0; return; } }",git,,,115874246686076496156691324958180677210,0 4969,['CWE-20'],"static void *nfs_server_list_next(struct seq_file *p, void *v, loff_t *pos) { return seq_list_next(v, &nfs_client_list, pos); }",linux-2.6,,,114416385674118361461978756772432974879,0 621,CWE-17,"static void destroy_super(struct super_block *s) { int i; list_lru_destroy(&s->s_dentry_lru); list_lru_destroy(&s->s_inode_lru); #ifdef CONFIG_SMP free_percpu(s->s_files); #endif for (i = 0; i < SB_FREEZE_LEVELS; i++) percpu_counter_destroy(&s->s_writers.counter[i]); security_sb_free(s); WARN_ON(!list_empty(&s->s_mounts)); kfree(s->s_subtype); kfree(s->s_options); kfree_rcu(s, rcu); }",visit repo url,fs/super.c,https://github.com/torvalds/linux,46639896955527,1 1474,CWE-264,"int perf_event_task_disable(void) { struct perf_event *event; mutex_lock(¤t->perf_event_mutex); list_for_each_entry(event, ¤t->perf_event_list, owner_entry) perf_event_for_each_child(event, perf_event_disable); mutex_unlock(¤t->perf_event_mutex); return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,252796135314288,1 5900,NVD-CWE-noinfo,"sixel_dither_new( sixel_dither_t **ppdither, int ncolors, sixel_allocator_t *allocator) { SIXELSTATUS status = SIXEL_FALSE; size_t headsize; size_t datasize; size_t wholesize; int quality_mode; if (ppdither == NULL) { sixel_helper_set_additional_message( ""sixel_dither_new: ppdither is null.""); status = SIXEL_BAD_ARGUMENT; goto end; } if (allocator == NULL) { status = sixel_allocator_new(&allocator, NULL, NULL, NULL, NULL); if (SIXEL_FAILED(status)) { *ppdither = NULL; goto end; } } else { sixel_allocator_ref(allocator); } if (ncolors < 0) { ncolors = 256; quality_mode = SIXEL_QUALITY_HIGHCOLOR; } else { if (ncolors > SIXEL_PALETTE_MAX) { ncolors = 256; } else if (ncolors < 2) { ncolors = 2; } quality_mode = SIXEL_QUALITY_LOW; } headsize = sizeof(sixel_dither_t); datasize = (size_t)(ncolors * 3); wholesize = headsize + datasize; *ppdither = (sixel_dither_t *)sixel_allocator_malloc(allocator, wholesize); if (*ppdither == NULL) { sixel_allocator_unref(allocator); sixel_helper_set_additional_message( ""sixel_dither_new: sixel_allocator_malloc() failed.""); status = SIXEL_BAD_ALLOCATION; goto end; } (*ppdither)->ref = 1; (*ppdither)->palette = (unsigned char*)(*ppdither + 1); (*ppdither)->cachetable = NULL; (*ppdither)->reqcolors = ncolors; (*ppdither)->ncolors = ncolors; (*ppdither)->origcolors = (-1); (*ppdither)->keycolor = (-1); (*ppdither)->optimized = 0; (*ppdither)->optimize_palette = 0; (*ppdither)->complexion = 1; (*ppdither)->bodyonly = 0; (*ppdither)->method_for_largest = SIXEL_LARGE_NORM; (*ppdither)->method_for_rep = SIXEL_REP_CENTER_BOX; (*ppdither)->method_for_diffuse = SIXEL_DIFFUSE_FS; (*ppdither)->quality_mode = quality_mode; (*ppdither)->pixelformat = SIXEL_PIXELFORMAT_RGB888; (*ppdither)->allocator = allocator; status = SIXEL_OK; end: return status; }",visit repo url,src/dither.c,https://github.com/saitoha/libsixel,158546233022829,1 3749,[],"static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); int noblock = flags & MSG_DONTWAIT; struct sk_buff *skb; int err; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; mutex_lock(&u->readlock); skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { unix_state_lock(sk); if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && (sk->sk_shutdown & RCV_SHUTDOWN)) err = 0; unix_state_unlock(sk); goto out_unlock; } wake_up_interruptible_sync(&u->peer_wait); if (msg->msg_name) unix_copy_addr(msg, skb->sk); if (size > skb->len) size = skb->len; else if (size < skb->len) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size); if (err) goto out_free; if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } siocb->scm->creds = *UNIXCREDS(skb); unix_set_secdata(siocb->scm, skb); if (!(flags & MSG_PEEK)) { if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); } else { if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); } err = size; scm_recv(sock, msg, siocb->scm, flags); out_free: skb_free_datagram(sk,skb); out_unlock: mutex_unlock(&u->readlock); out: return err; }",linux-2.6,,,163054465201881157044316048449689274377,0 2424,['CWE-119'],"static struct commit *get_revision_internal(struct rev_info *revs) { struct commit *c = NULL; struct commit_list *l; if (revs->boundary == 2) { c = pop_commit(&revs->commits); if (c) c->object.flags |= SHOWN; return c; } if (revs->reverse) { int limit = -1; if (0 <= revs->max_count) { limit = revs->max_count; if (0 < revs->skip_count) limit += revs->skip_count; } l = NULL; while ((c = get_revision_1(revs))) { commit_list_insert(c, &l); if ((0 < limit) && !--limit) break; } revs->commits = l; revs->reverse = 0; revs->max_count = -1; c = NULL; } c = get_revision_1(revs); if (c) { while (0 < revs->skip_count) { revs->skip_count--; c = get_revision_1(revs); if (!c) break; } } switch (revs->max_count) { case -1: break; case 0: c = NULL; break; default: revs->max_count--; } if (c) c->object.flags |= SHOWN; if (!revs->boundary) { return c; } if (!c) { revs->boundary = 2; create_boundary_commit_list(revs); return get_revision_internal(revs); } for (l = c->parents; l; l = l->next) { struct object *p; p = &(l->item->object); if (p->flags & (CHILD_SHOWN | SHOWN)) continue; p->flags |= CHILD_SHOWN; gc_boundary(&revs->boundary_commits); add_object_array(p, NULL, &revs->boundary_commits); } return c; }",git,,,104119670945811047040870695827583032782,0 6529,CWE-787,"void mobi_buffer_move(MOBIBuffer *buf, const int offset, const size_t len) { size_t aoffset = (size_t) abs(offset); unsigned char *source = buf->data + buf->offset; if (offset >= 0) { if (buf->offset + aoffset + len > buf->maxlen) { debug_print(""%s"", ""End of buffer\n""); buf->error = MOBI_BUFFER_END; return; } source += aoffset; } else { if (buf->offset < aoffset) { debug_print(""%s"", ""End of buffer\n""); buf->error = MOBI_BUFFER_END; return; } source -= aoffset; } memmove(buf->data + buf->offset, source, len); buf->offset += len; }",visit repo url,src/buffer.c,https://github.com/bfabiszewski/libmobi,233374939319372,1 946,['CWE-200'],"static int shmem_encode_fh(struct dentry *dentry, __u32 *fh, int *len, int connectable) { struct inode *inode = dentry->d_inode; if (*len < 3) return 255; if (hlist_unhashed(&inode->i_hash)) { static DEFINE_SPINLOCK(lock); spin_lock(&lock); if (hlist_unhashed(&inode->i_hash)) __insert_inode_hash(inode, inode->i_ino + inode->i_generation); spin_unlock(&lock); } fh[0] = inode->i_generation; fh[1] = inode->i_ino; fh[2] = ((__u64)inode->i_ino) >> 32; *len = 3; return 1; }",linux-2.6,,,100837547704393578833686082005129996220,0 5251,['CWE-264'],"static char *create_pai_buf(canon_ace *file_ace_list, canon_ace *dir_ace_list, bool pai_protected, size_t *store_size) { char *pai_buf = NULL; canon_ace *ace_list = NULL; char *entry_offset = NULL; unsigned int num_entries = 0; unsigned int num_def_entries = 0; for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) if (ace_list->inherited) num_entries++; for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) if (ace_list->inherited) num_def_entries++; DEBUG(10,(""create_pai_buf: num_entries = %u, num_def_entries = %u\n"", num_entries, num_def_entries )); *store_size = PAI_ENTRIES_BASE + ((num_entries + num_def_entries)*PAI_ENTRY_LENGTH); pai_buf = (char *)SMB_MALLOC(*store_size); if (!pai_buf) { return NULL; } memset(pai_buf, '\0', PAI_ENTRIES_BASE); SCVAL(pai_buf,PAI_VERSION_OFFSET,PAI_VERSION); SCVAL(pai_buf,PAI_FLAG_OFFSET,(pai_protected ? PAI_ACL_FLAG_PROTECTED : 0)); SSVAL(pai_buf,PAI_NUM_ENTRIES_OFFSET,num_entries); SSVAL(pai_buf,PAI_NUM_DEFAULT_ENTRIES_OFFSET,num_def_entries); entry_offset = pai_buf + PAI_ENTRIES_BASE; for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) { if (ace_list->inherited) { uint8 type_val = (unsigned char)ace_list->owner_type; uint32 entry_val = get_entry_val(ace_list); SCVAL(entry_offset,0,type_val); SIVAL(entry_offset,1,entry_val); entry_offset += PAI_ENTRY_LENGTH; } } for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) { if (ace_list->inherited) { uint8 type_val = (unsigned char)ace_list->owner_type; uint32 entry_val = get_entry_val(ace_list); SCVAL(entry_offset,0,type_val); SIVAL(entry_offset,1,entry_val); entry_offset += PAI_ENTRY_LENGTH; } } return pai_buf; }",samba,,,122373204409411743327978970954732881098,0 3104,CWE-264,"_fep_open_control_socket (Fep *fep) { struct sockaddr_un sun; char *path; int fd; ssize_t sun_len; fd = socket (AF_UNIX, SOCK_STREAM, 0); if (fd < 0) { perror (""socket""); return -1; } path = create_socket_name (""fep-XXXXXX/control""); if (strlen (path) + 1 >= sizeof(sun.sun_path)) { fep_log (FEP_LOG_LEVEL_WARNING, ""unix domain socket path too long: %d + 1 >= %d"", strlen (path), sizeof (sun.sun_path)); free (path); return -1; } memset (&sun, 0, sizeof(sun)); sun.sun_family = AF_UNIX; #ifdef __linux__ sun.sun_path[0] = '\0'; memcpy (sun.sun_path + 1, path, strlen (path)); sun_len = offsetof (struct sockaddr_un, sun_path) + strlen (path) + 1; remove_control_socket (path); #else memcpy (sun.sun_path, path, strlen (path)); sun_len = sizeof (struct sockaddr_un); #endif if (bind (fd, (const struct sockaddr *) &sun, sun_len) < 0) { perror (""bind""); free (path); close (fd); return -1; } if (listen (fd, 5) < 0) { perror (""listen""); free (path); close (fd); return -1; } fep->server = fd; fep->control_socket_path = path; return 0; }",visit repo url,fep/control.c,https://github.com/ueno/libfep,162108381913245,1 1340,CWE-287,"static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock_iocb *siocb = kiocb_to_siocb(kiocb); struct sock *sk = sock->sk; struct netlink_sock *nlk = nlk_sk(sk); struct sockaddr_nl *addr = msg->msg_name; u32 dst_pid; u32 dst_group; struct sk_buff *skb; int err; struct scm_cookie scm; if (msg->msg_flags&MSG_OOB) return -EOPNOTSUPP; if (NULL == siocb->scm) siocb->scm = &scm; err = scm_send(sock, msg, siocb->scm); if (err < 0) return err; if (msg->msg_namelen) { err = -EINVAL; if (addr->nl_family != AF_NETLINK) goto out; dst_pid = addr->nl_pid; dst_group = ffs(addr->nl_groups); err = -EPERM; if (dst_group && !netlink_capable(sock, NL_NONROOT_SEND)) goto out; } else { dst_pid = nlk->dst_pid; dst_group = nlk->dst_group; } if (!nlk->pid) { err = netlink_autobind(sock); if (err) goto out; } err = -EMSGSIZE; if (len > sk->sk_sndbuf - 32) goto out; err = -ENOBUFS; skb = alloc_skb(len, GFP_KERNEL); if (skb == NULL) goto out; NETLINK_CB(skb).pid = nlk->pid; NETLINK_CB(skb).dst_group = dst_group; memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); err = -EFAULT; if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { kfree_skb(skb); goto out; } err = security_netlink_send(sk, skb); if (err) { kfree_skb(skb); goto out; } if (dst_group) { atomic_inc(&skb->users); netlink_broadcast(sk, skb, dst_pid, dst_group, GFP_KERNEL); } err = netlink_unicast(sk, skb, dst_pid, msg->msg_flags&MSG_DONTWAIT); out: scm_destroy(siocb->scm); return err; }",visit repo url,net/netlink/af_netlink.c,https://github.com/torvalds/linux,41956871618607,1 29,CWE-763,"spnego_gss_unwrap( OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, gss_qop_t *qop_state) { OM_uint32 ret; ret = gss_unwrap(minor_status, context_handle, input_message_buffer, output_message_buffer, conf_state, qop_state); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,10735924580401,1 4189,CWE-732,"int sandbox(void* sandbox_arg) { (void)sandbox_arg; pid_t child_pid = getpid(); if (arg_debug) printf(""Initializing child process\n""); close(parent_to_child_fds[1]); close(child_to_parent_fds[0]); wait_for_other(parent_to_child_fds[0]); if (arg_debug && child_pid == 1) printf(""PID namespace installed\n""); if (cfg.hostname) { if (sethostname(cfg.hostname, strlen(cfg.hostname)) < 0) errExit(""sethostname""); } if (mount(NULL, ""/"", NULL, MS_SLAVE | MS_REC, NULL) < 0) { chk_chroot(); } preproc_mount_mnt_dir(); if (mount(LIBDIR ""/firejail"", RUN_FIREJAIL_LIB_DIR, ""none"", MS_BIND, NULL) < 0) errExit(""mounting "" RUN_FIREJAIL_LIB_DIR); if (cfg.name) fs_logger2(""sandbox name:"", cfg.name); fs_logger2int(""sandbox pid:"", (int) sandbox_pid); if (cfg.chrootdir) fs_logger(""sandbox filesystem: chroot""); else if (arg_overlay) fs_logger(""sandbox filesystem: overlay""); else fs_logger(""sandbox filesystem: local""); fs_logger(""install mount namespace""); if (arg_netfilter && any_bridge_configured()) { netfilter(arg_netfilter_file); } if (arg_netfilter6 && any_bridge_configured()) { netfilter6(arg_netfilter6_file); } int gw_cfg_failed = 0; if (arg_nonetwork) { net_if_up(""lo""); if (arg_debug) printf(""Network namespace enabled, only loopback interface available\n""); } else if (arg_netns) { netns(arg_netns); if (arg_debug) printf(""Network namespace '%s' activated\n"", arg_netns); } else if (any_bridge_configured() || any_interface_configured()) { net_if_up(""lo""); if (mac_not_zero(cfg.bridge0.macsandbox)) net_config_mac(cfg.bridge0.devsandbox, cfg.bridge0.macsandbox); sandbox_if_up(&cfg.bridge0); if (mac_not_zero(cfg.bridge1.macsandbox)) net_config_mac(cfg.bridge1.devsandbox, cfg.bridge1.macsandbox); sandbox_if_up(&cfg.bridge1); if (mac_not_zero(cfg.bridge2.macsandbox)) net_config_mac(cfg.bridge2.devsandbox, cfg.bridge2.macsandbox); sandbox_if_up(&cfg.bridge2); if (mac_not_zero(cfg.bridge3.macsandbox)) net_config_mac(cfg.bridge3.devsandbox, cfg.bridge3.macsandbox); sandbox_if_up(&cfg.bridge3); if (cfg.interface0.configured && cfg.interface0.ip) { if (arg_debug) printf(""Configuring %d.%d.%d.%d address on interface %s\n"", PRINT_IP(cfg.interface0.ip), cfg.interface0.dev); net_config_interface(cfg.interface0.dev, cfg.interface0.ip, cfg.interface0.mask, cfg.interface0.mtu); } if (cfg.interface1.configured && cfg.interface1.ip) { if (arg_debug) printf(""Configuring %d.%d.%d.%d address on interface %s\n"", PRINT_IP(cfg.interface1.ip), cfg.interface1.dev); net_config_interface(cfg.interface1.dev, cfg.interface1.ip, cfg.interface1.mask, cfg.interface1.mtu); } if (cfg.interface2.configured && cfg.interface2.ip) { if (arg_debug) printf(""Configuring %d.%d.%d.%d address on interface %s\n"", PRINT_IP(cfg.interface2.ip), cfg.interface2.dev); net_config_interface(cfg.interface2.dev, cfg.interface2.ip, cfg.interface2.mask, cfg.interface2.mtu); } if (cfg.interface3.configured && cfg.interface3.ip) { if (arg_debug) printf(""Configuring %d.%d.%d.%d address on interface %s\n"", PRINT_IP(cfg.interface3.ip), cfg.interface3.dev); net_config_interface(cfg.interface3.dev, cfg.interface3.ip, cfg.interface3.mask, cfg.interface3.mtu); } if (cfg.defaultgw) { if (net_add_route(0, 0, cfg.defaultgw)) { fwarning(""cannot configure default route\n""); gw_cfg_failed = 1; } } if (arg_debug) printf(""Network namespace enabled\n""); } if (!arg_quiet) { if (any_bridge_configured() || any_interface_configured() || cfg.defaultgw || cfg.dns1) { fmessage(""\n""); if (any_bridge_configured() || any_interface_configured()) { if (arg_scan) sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 3, PATH_FNET, ""printif"", ""scan""); else sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, PATH_FNET, ""printif""); } if (cfg.defaultgw != 0) { if (gw_cfg_failed) fmessage(""Default gateway configuration failed\n""); else fmessage(""Default gateway %d.%d.%d.%d\n"", PRINT_IP(cfg.defaultgw)); } if (cfg.dns1 != NULL) fmessage(""DNS server %s\n"", cfg.dns1); if (cfg.dns2 != NULL) fmessage(""DNS server %s\n"", cfg.dns2); if (cfg.dns3 != NULL) fmessage(""DNS server %s\n"", cfg.dns3); if (cfg.dns4 != NULL) fmessage(""DNS server %s\n"", cfg.dns4); fmessage(""\n""); } } if (arg_nonetwork || any_bridge_configured() || any_interface_configured()) { } else { EUID_USER(); env_ibus_load(); EUID_ROOT(); } #ifdef HAVE_SECCOMP if (cfg.protocol) { if (arg_debug) printf(""Build protocol filter: %s\n"", cfg.protocol); int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 5, PATH_FSECCOMP, ""protocol"", ""build"", cfg.protocol, RUN_SECCOMP_PROTOCOL); if (rv) exit(rv); } if (arg_seccomp && (cfg.seccomp_list || cfg.seccomp_list_drop || cfg.seccomp_list_keep)) arg_seccomp_postexec = 1; #endif bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec; if (getuid() != 0 && (arg_appimage || cfg.chrootdir || arg_overlay)) { enforce_filters(); need_preload = arg_trace || arg_tracelog; } if (need_preload) fs_trace_preload(); if (cfg.hosts_file) fs_store_hosts_file(); #ifdef HAVE_CHROOT if (cfg.chrootdir) { fs_chroot(cfg.chrootdir); if (need_preload) fs_trace_preload(); } else #endif #ifdef HAVE_OVERLAYFS if (arg_overlay) fs_overlayfs(); else #endif fs_basic_fs(); if (arg_private) { if (cfg.home_private) { if (cfg.chrootdir) fwarning(""private=directory feature is disabled in chroot\n""); else if (arg_overlay) fwarning(""private=directory feature is disabled in overlay\n""); else fs_private_homedir(); } else if (cfg.home_private_keep) { if (cfg.chrootdir) fwarning(""private-home= feature is disabled in chroot\n""); else if (arg_overlay) fwarning(""private-home= feature is disabled in overlay\n""); else fs_private_home_list(); } else fs_private(); } if (arg_private_dev) fs_private_dev(); if (arg_private_etc) { if (cfg.chrootdir) fwarning(""private-etc feature is disabled in chroot\n""); else if (arg_overlay) fwarning(""private-etc feature is disabled in overlay\n""); else { fs_private_dir_list(""/etc"", RUN_ETC_DIR, cfg.etc_private_keep); if (need_preload) fs_trace_preload(); } } if (arg_private_opt) { if (cfg.chrootdir) fwarning(""private-opt feature is disabled in chroot\n""); else if (arg_overlay) fwarning(""private-opt feature is disabled in overlay\n""); else { fs_private_dir_list(""/opt"", RUN_OPT_DIR, cfg.opt_private_keep); } } if (arg_private_srv) { if (cfg.chrootdir) fwarning(""private-srv feature is disabled in chroot\n""); else if (arg_overlay) fwarning(""private-srv feature is disabled in overlay\n""); else { fs_private_dir_list(""/srv"", RUN_SRV_DIR, cfg.srv_private_keep); } } if (arg_private_bin && !arg_appimage) { if (cfg.chrootdir) fwarning(""private-bin feature is disabled in chroot\n""); else if (arg_overlay) fwarning(""private-bin feature is disabled in overlay\n""); else { if (arg_x11_xorg) { EUID_USER(); char *tmp; if (asprintf(&tmp, ""%s,xauth"", cfg.bin_private_keep) == -1) errExit(""asprintf""); cfg.bin_private_keep = tmp; EUID_ROOT(); } fs_private_bin_list(); } } if (arg_private_lib && !arg_appimage) { if (cfg.chrootdir) fwarning(""private-lib feature is disabled in chroot\n""); else if (arg_overlay) fwarning(""private-lib feature is disabled in overlay\n""); else { fs_private_lib(); } } if (arg_private_cache) { if (cfg.chrootdir) fwarning(""private-cache feature is disabled in chroot\n""); else if (arg_overlay) fwarning(""private-cache feature is disabled in overlay\n""); else fs_private_cache(); } if (arg_private_tmp) { EUID_USER(); fs_private_tmp(); EUID_ROOT(); } if (arg_nodbus) dbus_session_disable(); if (cfg.hostname) fs_hostname(cfg.hostname); if (cfg.hosts_file) fs_mount_hosts_file(); if (arg_netns) netns_mounts(arg_netns); fs_proc_sys_dev_boot(); if (checkcfg(CFG_DISABLE_MNT)) fs_mnt(1); else if (arg_disable_mnt) fs_mnt(0); fs_whitelist(); fs_blacklist(); if (arg_nosound) { pulseaudio_disable(); fs_dev_disable_sound(); } else if (!arg_noautopulse) pulseaudio_init(); if (arg_no3d) fs_dev_disable_3d(); if (arg_notv) fs_dev_disable_tv(); if (arg_nodvd) fs_dev_disable_dvd(); if (arg_nou2f) fs_dev_disable_u2f(); if (arg_novideo) fs_dev_disable_video(); if (need_preload) fs_trace(); fs_resolvconf(); fs_logger_print(); fs_logger_change_owner(); EUID_USER(); int cwd = 0; if (cfg.cwd) { if (chdir(cfg.cwd) == 0) cwd = 1; } if (!cwd) { if (chdir(""/"") < 0) errExit(""chdir""); if (cfg.homedir) { struct stat s; if (stat(cfg.homedir, &s) == 0) { if (chdir(cfg.homedir) < 0) errExit(""chdir""); } } } if (arg_debug) { char *cpath = get_current_dir_name(); if (cpath) { printf(""Current directory: %s\n"", cpath); free(cpath); } } EUID_ROOT(); fs_x11(); if (arg_x11_xorg) x11_xorg(); save_umask(); save_nonewprivs(); set_caps(); save_cpu(); save_cgroup(); #ifdef HAVE_SECCOMP #ifdef SYS_socket if (cfg.protocol) { if (arg_debug) printf(""Install protocol filter: %s\n"", cfg.protocol); seccomp_load(RUN_SECCOMP_PROTOCOL); protocol_filter_save(); } else { int rv = unlink(RUN_SECCOMP_PROTOCOL); (void) rv; } #endif if (arg_seccomp == 1) { if (cfg.seccomp_list_keep) seccomp_filter_keep(); else seccomp_filter_drop(); } else { int rv = unlink(RUN_SECCOMP_CFG); rv |= unlink(RUN_SECCOMP_32); (void) rv; } if (arg_memory_deny_write_execute) { if (arg_debug) printf(""Install memory write&execute filter\n""); seccomp_load(RUN_SECCOMP_MDWX); } else { int rv = unlink(RUN_SECCOMP_MDWX); (void) rv; } #endif FILE *rj = create_ready_for_join_file(); save_nogroups(); if (arg_noroot) { int rv = unshare(CLONE_NEWUSER); if (rv == -1) { fwarning(""cannot create a new user namespace, going forward without it...\n""); arg_noroot = 0; } } notify_other(child_to_parent_fds[1]); close(child_to_parent_fds[1]); wait_for_other(parent_to_child_fds[0]); close(parent_to_child_fds[0]); if (arg_noroot) { if (arg_debug) printf(""noroot user namespace installed\n""); set_caps(); } if (arg_nonewprivs) { prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); if (prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0) != 1) { fwarning(""cannot set NO_NEW_PRIVS, it requires a Linux kernel version 3.5 or newer.\n""); if (force_nonewprivs) { fprintf(stderr, ""Error: NO_NEW_PRIVS required for this sandbox, exiting ...\n""); exit(1); } } else if (arg_debug) printf(""NO_NEW_PRIVS set\n""); } drop_privs(arg_nogroups); prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); if (cfg.cpus) set_cpu_affinity(); pid_t app_pid = fork(); if (app_pid == -1) errExit(""fork""); if (app_pid == 0) { #ifdef HAVE_APPARMOR if (checkcfg(CFG_APPARMOR) && arg_apparmor) { errno = 0; if (aa_change_onexec(""firejail-default"")) { fwarning(""Cannot confine the application using AppArmor.\n"" ""Maybe firejail-default AppArmor profile is not loaded into the kernel.\n"" ""As root, run \""aa-enforce firejail-default\"" to load it.\n""); } else if (arg_debug) printf(""AppArmor enabled\n""); } #endif if (arg_nice) set_nice(cfg.nice); set_rlimits(); start_application(0, rj); } fclose(rj); int status = monitor_application(app_pid); flush_stdin(); if (WIFEXITED(status)) { return WEXITSTATUS(status); } else { return -1; } }",visit repo url,src/firejail/sandbox.c,https://github.com/netblue30/firejail,60692192142464,1 3432,['CWE-264'],"long do_splice_direct(struct file *in, loff_t *ppos, struct file *out, size_t len, unsigned int flags) { struct pipe_inode_info *pipe; long ret, bytes; loff_t out_off; umode_t i_mode; int i; i_mode = in->f_dentry->d_inode->i_mode; if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode))) return -EINVAL; pipe = current->splice_pipe; if (unlikely(!pipe)) { pipe = alloc_pipe_info(NULL); if (!pipe) return -ENOMEM; pipe->readers = 1; current->splice_pipe = pipe; } ret = 0; bytes = 0; out_off = 0; while (len) { size_t read_len, max_read_len; max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE)); ret = do_splice_to(in, ppos, pipe, max_read_len, flags); if (unlikely(ret < 0)) goto out_release; read_len = ret; ret = do_splice_from(pipe, out, &out_off, read_len, flags & ~SPLICE_F_NONBLOCK); if (unlikely(ret < 0)) goto out_release; bytes += ret; len -= ret; if ((flags & SPLICE_F_NONBLOCK) && (read_len < max_read_len)) break; } pipe->nrbufs = pipe->curbuf = 0; return bytes; out_release: for (i = 0; i < PIPE_BUFFERS; i++) { struct pipe_buffer *buf = pipe->bufs + i; if (buf->ops) { buf->ops->release(pipe, buf); buf->ops = NULL; } } pipe->nrbufs = pipe->curbuf = 0; if (bytes > 0) return bytes; return ret; }",linux-2.6,,,251111801260719453905152993053287263090,0 6319,['CWE-200'],"static inline iw_handler get_handler(struct net_device *dev, unsigned int cmd) { unsigned int index; if(dev->wireless_handlers == NULL) return NULL; index = cmd - SIOCIWFIRST; if(index < dev->wireless_handlers->num_standard) return dev->wireless_handlers->standard[index]; index = cmd - SIOCIWFIRSTPRIV; if(index < dev->wireless_handlers->num_private) return dev->wireless_handlers->private[index]; return NULL; }",linux-2.6,,,154827649771879468211726160401633028650,0 4278,['CWE-264'],"int __attribute__((weak)) arch_dup_task_struct(struct task_struct *dst, struct task_struct *src) { *dst = *src; return 0; }",linux-2.6,,,130925451604345774012121583370703224358,0 288,[],"static int ioc_settimeout(unsigned int fd, unsigned int cmd, unsigned long arg) { return rw_long(fd, AUTOFS_IOC_SETTIMEOUT, arg); }",linux-2.6,,,209072802268999401649878025257991025563,0 666,[],"static int jpc_coc_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_coc_t *coc = &ms->parms.coc; assert(coc->compparms.numdlvls <= 32); if (cstate->numcomps <= 256) { if (jpc_putuint8(out, coc->compno)) { return -1; } } else { if (jpc_putuint16(out, coc->compno)) { return -1; } } if (jpc_putuint8(out, coc->compparms.csty)) { return -1; } if (jpc_cox_putcompparms(ms, cstate, out, (coc->compparms.csty & JPC_COX_PRT) != 0, &coc->compparms)) { return -1; } return 0; }",jasper,,,103395472296360023265675388006958031429,0 5356,CWE-787,"static void load_xref_from_plaintext(FILE *fp, xref_t *xref) { int i, buf_idx, obj_id, added_entries; char c, buf[32] = {0}; long start, pos; start = ftell(fp); pos = xref->end; fseek(fp, pos, SEEK_SET); while (ftell(fp) != 0) if (SAFE_F(fp, (fgetc(fp) == '/' && fgetc(fp) == 'S'))) break; else SAFE_E(fseek(fp, --pos, SEEK_SET), 0, ""Failed seek to xref /Size.\n""); SAFE_E(fread(buf, 1, 21, fp), 21, ""Failed to load entry Size string.\n""); xref->n_entries = atoi(buf + strlen(""ize "")); xref->entries = calloc(1, xref->n_entries * sizeof(struct _xref_entry)); obj_id = 0; fseek(fp, xref->start + strlen(""xref""), SEEK_SET); added_entries = 0; for (i=0; in_entries; i++) { c = fgetc(fp); while (c == '\n' || c == '\r') c = fgetc(fp); buf_idx = 0; while (c != '\n' && c != '\r' && !feof(fp) && !ferror(fp) && buf_idx < sizeof(buf)) { buf[buf_idx++] = c; c = fgetc(fp); } if (buf_idx >= sizeof(buf)) { ERR(""Failed to locate newline character. "" ""This might be a corrupt PDF.\n""); exit(EXIT_FAILURE); } buf[buf_idx] = '\0'; if (strchr(buf, 't')) break; if (strlen(buf) > 17) { xref->entries[i].obj_id = obj_id++; xref->entries[i].offset = atol(strtok(buf, "" "")); xref->entries[i].gen_num = atoi(strtok(NULL, "" "")); xref->entries[i].f_or_n = buf[17]; ++added_entries; } else { obj_id = atoi(buf); --i; } } xref->n_entries = added_entries; fseek(fp, start, SEEK_SET); }",visit repo url,pdf.c,https://github.com/enferex/pdfresurrect,128385721282570,1 695,CWE-20,"static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int err = 0; lock_sock(sk); if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) { err = -ENOTCONN; goto out; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (!ax25_sk(sk)->pidincl) skb_pull(skb, 1); skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (msg->msg_namelen != 0) { struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; ax25_digi digi; ax25_address src; const unsigned char *mac = skb_mac_header(skb); memset(sax, 0, sizeof(struct full_sockaddr_ax25)); ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, &digi, NULL, NULL); sax->sax25_family = AF_AX25; sax->sax25_ndigis = digi.ndigi; sax->sax25_call = src; if (sax->sax25_ndigis != 0) { int ct; struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax; for (ct = 0; ct < digi.ndigi; ct++) fsa->fsa_digipeater[ct] = digi.calls[ct]; } msg->msg_namelen = sizeof(struct full_sockaddr_ax25); } skb_free_datagram(sk, skb); err = copied; out: release_sock(sk); return err; }",visit repo url,net/ax25/af_ax25.c,https://github.com/torvalds/linux,113629503405761,1 1011,['CWE-94'],"static inline struct pipe_inode_info *pipe_info(struct inode *inode) { if (S_ISFIFO(inode->i_mode)) return inode->i_pipe; return NULL; }",linux-2.6,,,224878968080344999618841939216514482103,0 1546,[],"static void init_defrootdomain(void) { init_rootdomain(&def_root_domain); atomic_set(&def_root_domain.refcount, 1); }",linux-2.6,,,161115772800491912895432840720348068927,0 2766,CWE-190,"ZEND_API void ZEND_FASTCALL _zend_hash_init(HashTable *ht, uint32_t nSize, dtor_func_t pDestructor, zend_bool persistent ZEND_FILE_LINE_DC) { GC_REFCOUNT(ht) = 1; GC_TYPE_INFO(ht) = IS_ARRAY; ht->u.flags = (persistent ? HASH_FLAG_PERSISTENT : 0) | HASH_FLAG_APPLY_PROTECTION | HASH_FLAG_STATIC_KEYS; ht->nTableSize = zend_hash_check_size(nSize); ht->nTableMask = HT_MIN_MASK; HT_SET_DATA_ADDR(ht, &uninitialized_bucket); ht->nNumUsed = 0; ht->nNumOfElements = 0; ht->nInternalPointer = HT_INVALID_IDX; ht->nNextFreeElement = 0; ht->pDestructor = pDestructor; }",visit repo url,Zend/zend_hash.c,https://github.com/php/php-src,15620561692572,1 3033,['CWE-189'],"int jpc_mqenc_codelps(jpc_mqenc_t *mqenc) { jpc_mqenc_codelps2(mqenc->areg, mqenc->creg, mqenc->ctreg, mqenc->curctx, mqenc); return jpc_mqenc_error(mqenc) ? (-1) : 0; }",jasper,,,207929921114988488332649619290114232549,0 991,['CWE-94'],"static int user_page_pipe_buf_steal(struct pipe_inode_info *pipe, struct pipe_buffer *buf) { if (!(buf->flags & PIPE_BUF_FLAG_GIFT)) return 1; buf->flags |= PIPE_BUF_FLAG_LRU; return generic_pipe_buf_steal(pipe, buf); }",linux-2.6,,,221577013687485585397228458535382945825,0 3812,CWE-122,"ex_retab(exarg_T *eap) { linenr_T lnum; int got_tab = FALSE; long num_spaces = 0; long num_tabs; long len; long col; long vcol; long start_col = 0; long start_vcol = 0; long old_len; char_u *ptr; char_u *new_line = (char_u *)1; int did_undo; #ifdef FEAT_VARTABS int *new_vts_array = NULL; char_u *new_ts_str; #else int temp; int new_ts; #endif int save_list; linenr_T first_line = 0; linenr_T last_line = 0; save_list = curwin->w_p_list; curwin->w_p_list = 0; #ifdef FEAT_VARTABS new_ts_str = eap->arg; if (tabstop_set(eap->arg, &new_vts_array) == FAIL) return; while (vim_isdigit(*(eap->arg)) || *(eap->arg) == ',') ++(eap->arg); if (new_vts_array == NULL) { new_vts_array = curbuf->b_p_vts_array; new_ts_str = NULL; } else new_ts_str = vim_strnsave(new_ts_str, eap->arg - new_ts_str); #else ptr = eap->arg; new_ts = getdigits(&ptr); if (new_ts < 0 && *eap->arg == '-') { emsg(_(e_argument_must_be_positive)); return; } if (new_ts < 0 || new_ts > 9999) { semsg(_(e_invalid_argument_str), eap->arg); return; } if (new_ts == 0) new_ts = curbuf->b_p_ts; #endif for (lnum = eap->line1; !got_int && lnum <= eap->line2; ++lnum) { ptr = ml_get(lnum); col = 0; vcol = 0; did_undo = FALSE; for (;;) { if (VIM_ISWHITE(ptr[col])) { if (!got_tab && num_spaces == 0) { start_vcol = vcol; start_col = col; } if (ptr[col] == ' ') num_spaces++; else got_tab = TRUE; } else { if (got_tab || (eap->forceit && num_spaces > 1)) { len = num_spaces = vcol - start_vcol; num_tabs = 0; if (!curbuf->b_p_et) { #ifdef FEAT_VARTABS int t, s; tabstop_fromto(start_vcol, vcol, curbuf->b_p_ts, new_vts_array, &t, &s); num_tabs = t; num_spaces = s; #else temp = new_ts - (start_vcol % new_ts); if (num_spaces >= temp) { num_spaces -= temp; num_tabs++; } num_tabs += num_spaces / new_ts; num_spaces -= (num_spaces / new_ts) * new_ts; #endif } if (curbuf->b_p_et || got_tab || (num_spaces + num_tabs < len)) { if (did_undo == FALSE) { did_undo = TRUE; if (u_save((linenr_T)(lnum - 1), (linenr_T)(lnum + 1)) == FAIL) { new_line = NULL; break; } } len = num_spaces + num_tabs; old_len = (long)STRLEN(ptr); new_line = alloc(old_len - col + start_col + len + 1); if (new_line == NULL) break; if (start_col > 0) mch_memmove(new_line, ptr, (size_t)start_col); mch_memmove(new_line + start_col + len, ptr + col, (size_t)(old_len - col + 1)); ptr = new_line + start_col; for (col = 0; col < len; col++) ptr[col] = (col < num_tabs) ? '\t' : ' '; if (ml_replace(lnum, new_line, FALSE) == OK) new_line = curbuf->b_ml.ml_line_ptr; if (first_line == 0) first_line = lnum; last_line = lnum; ptr = new_line; col = start_col + len; } } got_tab = FALSE; num_spaces = 0; } if (ptr[col] == NUL) break; vcol += chartabsize(ptr + col, (colnr_T)vcol); if (has_mbyte) col += (*mb_ptr2len)(ptr + col); else ++col; } if (new_line == NULL) break; line_breakcheck(); } if (got_int) emsg(_(e_interrupted)); #ifdef FEAT_VARTABS if (tabstop_count(curbuf->b_p_vts_array) == 0 && tabstop_count(new_vts_array) == 1 && curbuf->b_p_ts == tabstop_first(new_vts_array)) ; else if (tabstop_count(curbuf->b_p_vts_array) > 0 && tabstop_eq(curbuf->b_p_vts_array, new_vts_array)) ; else redraw_curbuf_later(NOT_VALID); #else if (curbuf->b_p_ts != new_ts) redraw_curbuf_later(NOT_VALID); #endif if (first_line != 0) changed_lines(first_line, 0, last_line + 1, 0L); curwin->w_p_list = save_list; #ifdef FEAT_VARTABS if (new_ts_str != NULL) { int *old_vts_ary = curbuf->b_p_vts_array; if (tabstop_count(old_vts_ary) > 0 || tabstop_count(new_vts_array) > 1) { set_string_option_direct((char_u *)""vts"", -1, new_ts_str, OPT_FREE|OPT_LOCAL, 0); curbuf->b_p_vts_array = new_vts_array; vim_free(old_vts_ary); } else { curbuf->b_p_ts = tabstop_first(new_vts_array); vim_free(new_vts_array); } vim_free(new_ts_str); } #else curbuf->b_p_ts = new_ts; #endif coladvance(curwin->w_curswant); u_clearline(); }",visit repo url,src/indent.c,https://github.com/vim/vim,97136076102267,1 6356,CWE-787,"parse_table(tree_t *t, float left, float right, float bottom, float top, float *x, float *y, int *page, int needspace) { int col, row, header_row = -1, tcol, colspan, rowspan, alloc_rows, regular_cols; hdtable_t table; float col_width, col_min, col_pref, col_height, cellspacing, width, pref_width, span_width, regular_width, actual_width, table_width, min_width, temp_width, header_height = 0.0, table_y, temp_bottom, temp_top; int temp_page, table_page; uchar *var, *height_var, *header_height_var = NULL; tree_t *temprow, *tempcol, *tempnext, ***cells, *caption; float temp_height; uchar *bgcolor; float bgrgb[3]; const char *htmldoc_debug; DEBUG_puts(""\n\nTABLE""); DEBUG_printf((""parse_table(t=%p, left=%.1f, right=%.1f, x=%.1f, y=%.1f, page=%d\n"", (void *)t, left, right, *x, *y, *page)); if (t->child == NULL) return; memset(&table, 0, sizeof(table)); if ((htmldoc_debug = getenv(""HTMLDOC_DEBUG"")) != NULL && (strstr(htmldoc_debug, ""table"") || strstr(htmldoc_debug, ""all""))) table.debug = 1; else table.debug = 0; cells = NULL; if ((var = htmlGetVariable(t, (uchar *)""WIDTH"")) != NULL) { if (var[strlen((char *)var) - 1] == '%') table_width = (float)(atof((char *)var) * (right - left) / 100.0f); else table_width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); if (table_width < 0.0f || table_width > PagePrintWidth) table_width = right - left; } else table_width = right - left; if ((var = htmlGetVariable(t, (uchar *)""HEIGHT"")) != NULL) { if (var[strlen((char *)var) - 1] == '%') table.height = (float)(atof((char *)var) * (top - bottom) / 100.0f); else table.height = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); } else table.height = -1.0f; DEBUG_printf((""table_width = %.1f\n"", table_width)); if ((var = htmlGetVariable(t, (uchar *)""CELLPADDING"")) != NULL) { if ((table.cellpadding = atoi((char *)var)) < 0.0f) table.cellpadding = 0.0f; else if (table.cellpadding > 20.0f) table.cellpadding = 20.0f; } else table.cellpadding = 1.0f; if ((var = htmlGetVariable(t, (uchar *)""CELLSPACING"")) != NULL) { if ((cellspacing = atoi((char *)var)) < 0.0f) cellspacing = 0.0f; else if (cellspacing > 20.0f) cellspacing = 20.0f; } else cellspacing = 0.0f; if ((var = htmlGetVariable(t, (uchar *)""BORDER"")) != NULL) { if ((table.border = (float)atof((char *)var)) <= 0.0 && var[0] != '0') table.border = 1.0f; else if (table.border > 20.0f) table.border = 20.0f; table.cellpadding += table.border; } else table.border = 0.0f; if (table.debug && table.border == 0.0f) table.border = 0.01f; table.border_rgb[0] = t->red / 255.0f; table.border_rgb[1] = t->green / 255.0f; table.border_rgb[2] = t->blue / 255.0f; if ((var = htmlGetVariable(t, (uchar *)""BORDERCOLOR"")) != NULL) get_color(var, table.border_rgb, 0); if (table.border == 0.0f && table.cellpadding > 0.0f) { table.cellpadding += 1.0f; } table.border_size = table.border - 1.0f; cellspacing *= PagePrintWidth / _htmlBrowserWidth; table.cellpadding *= PagePrintWidth / _htmlBrowserWidth; table.border *= PagePrintWidth / _htmlBrowserWidth; table.border_size *= PagePrintWidth / _htmlBrowserWidth; DEBUG_printf((""border = %.1f, cellpadding = %.1f\n"", table.border, table.cellpadding)); temp_bottom = bottom - table.cellpadding; temp_top = top + table.cellpadding; for (temprow = t->child, table.num_cols = 0, table.num_rows = 0, alloc_rows = 0, caption = NULL; temprow != NULL; temprow = tempnext) { tempnext = temprow->next; if (temprow->markup == MARKUP_CAPTION) { if ((var = htmlGetVariable(temprow, (uchar *)""ALIGN"")) == NULL || strcasecmp((char *)var, ""bottom"")) { parse_paragraph(temprow, left, right, bottom, top, x, y, page, needspace); needspace = 1; } else { caption = temprow; } } else if (temprow->markup == MARKUP_TR || ((temprow->markup == MARKUP_TBODY || temprow->markup == MARKUP_THEAD || temprow->markup == MARKUP_TFOOT) && temprow->child != NULL)) { if (temprow->markup == MARKUP_THEAD) header_row = table.num_rows; if (temprow->markup == MARKUP_TBODY || temprow->markup == MARKUP_THEAD || temprow->markup == MARKUP_TFOOT) temprow = temprow->child; if ((tempnext = temprow->next) == NULL) if (temprow->parent->markup == MARKUP_TBODY || temprow->parent->markup == MARKUP_THEAD || temprow->parent->markup == MARKUP_TFOOT) tempnext = temprow->parent->next; if (table.num_rows >= alloc_rows) { alloc_rows += ALLOC_ROWS; if (alloc_rows == ALLOC_ROWS) cells = (tree_t ***)malloc(sizeof(tree_t **) * (size_t)alloc_rows); else cells = (tree_t ***)realloc(cells, sizeof(tree_t **) * (size_t)alloc_rows); if (cells == (tree_t ***)0) { progress_error(HD_ERROR_OUT_OF_MEMORY, ""Unable to allocate memory for table!""); return; } } if ((cells[table.num_rows] = (tree_t **)calloc(sizeof(tree_t *), MAX_COLUMNS)) == NULL) { progress_error(HD_ERROR_OUT_OF_MEMORY, ""Unable to allocate memory for table!""); free(cells); return; } #ifdef DEBUG printf(""BEFORE row %d: num_cols = %d\n"", table.num_rows, table.num_cols); if (table.num_rows) for (col = 0; col < table.num_cols; col ++) printf("" col %d: row_spans[] = %d\n"", col, table.row_spans[col]); #endif if (table.num_rows) { for (col = 0, rowspan = 9999; col < table.num_cols; col ++) if (table.row_spans[col] < rowspan) rowspan = table.row_spans[col]; for (col = 0; col < table.num_cols; col ++) table.row_spans[col] -= rowspan; for (col = 0; table.row_spans[col] && col < table.num_cols; col ++) cells[table.num_rows][col] = cells[table.num_rows - 1][col]; } else col = 0; for (tempcol = temprow->child; tempcol != NULL && col < MAX_COLUMNS; tempcol = tempcol->next) { if (tempcol->markup == MARKUP_TH && table.num_rows == 0) header_row = table.num_rows; if (tempcol->markup == MARKUP_TD || tempcol->markup == MARKUP_TH) { if ((var = htmlGetVariable(tempcol, (uchar *)""COLSPAN"")) != NULL) colspan = atoi((char *)var); else colspan = 1; if ((var = htmlGetVariable(tempcol, (uchar *)""ROWSPAN"")) != NULL) { table.row_spans[col] = atoi((char *)var); if (table.row_spans[col] == 1) table.row_spans[col] = 0; for (tcol = 1; tcol < colspan; tcol ++) table.row_spans[col + tcol] = table.row_spans[col]; } col_width = get_cell_size(tempcol, 0.0f, table_width, &col_min, &col_pref, &col_height); if ((var = htmlGetVariable(tempcol, (uchar *)""WIDTH"")) != NULL) { if (var[strlen((char *)var) - 1] == '%') { col_width -= 2.0 * table.cellpadding - cellspacing; if (colspan <= 1) table.col_percent[col] = 1; } else { col_width -= 2.0 * table.cellpadding; } } else col_width = 0.0f; tempcol->height = col_height; DEBUG_printf((""%d,%d: colsp=%d, rowsp=%d, width=%.1f, minw=%.1f, prefw=%.1f, minh=%.1f\n"", col, table.num_rows, colspan, table.row_spans[col], col_width, col_min, col_pref, col_height)); if (colspan > 1) { if (colspan > table.col_spans[col]) table.col_spans[col] = colspan; if (col_width > table.col_swidths[col]) table.col_swidths[col] = col_width; if (col_min > table.col_smins[col]) table.col_smins[col] = col_min; temp_width = col_width / colspan; for (int i = 0; i < colspan; i ++) { if (temp_width > table.col_widths[col + i]) table.col_widths[col + i] = temp_width; } } else { if (col_width > 0.0f) table.col_fixed[col] = 1; if (col_width > table.col_widths[col]) table.col_widths[col] = col_width; if (col_pref > table.col_prefs[col]) table.col_prefs[col] = col_pref; if (col_min > table.col_mins[col]) table.col_mins[col] = col_min; } while (colspan > 0 && col < MAX_COLUMNS) { cells[table.num_rows][col] = tempcol; col ++; colspan --; } while (table.row_spans[col] && col < table.num_cols) { cells[table.num_rows][col] = cells[table.num_rows - 1][col]; col ++; } } } DEBUG_printf((""header_row=%d\n"", header_row)); if (col > table.num_cols) table.num_cols = col; #ifdef DEBUG printf(""AFTER row %d: num_cols = %d\n"", table.num_rows, table.num_cols); for (col = 0; col < table.num_cols; col ++) printf("" col %d: row_spans[] = %d\n"", col, table.row_spans[col]); #endif table.num_rows ++; for (col = 0; col < table.num_cols; col ++) if (table.row_spans[col]) table.row_spans[col] --; } } if (table.num_cols == 0) return; if ((var = htmlGetVariable(t, (uchar *)""WIDTH"")) != NULL) { if (var[strlen((char *)var) - 1] == '%') width = (float)(atof((char *)var) * (right - left) / 100.0f); else width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); } else { for (col = 0, width = 0.0; col < table.num_cols; col ++) width += table.col_prefs[col]; width += (2 * table.cellpadding + cellspacing) * table.num_cols - cellspacing; if (width > (right - left)) width = right - left; } DEBUG_printf((""\nTABLE: %dx%d\n\n"", table.num_cols, table.num_rows)); actual_width = (2 * table.cellpadding + cellspacing) * table.num_cols - cellspacing; regular_width = (width - actual_width) / table.num_cols; DEBUG_printf(("" width = %.1f, actual_width = %.1f, regular_width = %.1f\n\n"", width, actual_width, regular_width)); DEBUG_puts("" Col Width Min Pref Fixed? Percent?""); DEBUG_puts("" --- ------ ------ ------ ------ --------""); #ifdef DEBUG for (col = 0; col < table.num_cols; col ++) printf("" %-3d %-6.1f %-6.1f %-6.1f %-6s %s\n"", col, table.col_widths[col], table.col_mins[col], table.col_prefs[col], table.col_fixed[col] ? ""YES"" : ""NO"", table.col_percent[col] ? ""YES"" : ""NO""); puts(""""); #endif DEBUG_puts(""PASS 1: fixed width handling\n""); for (col = 0, regular_cols = 0; col < table.num_cols; col ++) if (table.col_widths[col] > 0.0f) { if (table.col_mins[col] > table.col_widths[col]) { DEBUG_printf(("" updating column %d to width=%.1f\n"", col, table.col_mins[col])); table.col_widths[col] = table.col_mins[col]; } actual_width += table.col_widths[col]; } else { regular_cols ++; actual_width += table.col_mins[col]; } DEBUG_printf(("" actual_width = %.1f, regular_cols = %d\n\n"", actual_width,regular_cols)); DEBUG_puts(""PASS 2: preferred width handling\n""); for (col = 0, pref_width = 0.0f; col < table.num_cols; col ++) if (table.col_widths[col] == 0.0f) pref_width += table.col_prefs[col] - table.col_mins[col]; DEBUG_printf(("" pref_width = %.1f\n"", pref_width)); if (pref_width > 0.0f) { if ((regular_width = (width - actual_width) / pref_width) < 0.0f) regular_width = 0.0f; else if (regular_width > 1.0f) regular_width = 1.0f; DEBUG_printf(("" regular_width = %.1f\n"", regular_width)); for (col = 0; col < table.num_cols; col ++) if (table.col_widths[col] == 0.0f) { pref_width = (table.col_prefs[col] - table.col_mins[col]) * regular_width; if ((actual_width + pref_width) > width) { if (col == (table.num_cols - 1) && (width - actual_width) >= table.col_mins[col]) table.col_widths[col] = width - actual_width; else table.col_widths[col] = table.col_mins[col]; } else table.col_widths[col] = pref_width + table.col_mins[col]; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col, table.col_widths[col])); actual_width += table.col_widths[col] - table.col_mins[col]; } } else { for (col = 0; col < table.num_cols; col ++) if (table.col_widths[col] == 0.0f) table.col_widths[col] = table.col_mins[col]; } DEBUG_printf(("" actual_width = %.1f\n\n"", actual_width)); DEBUG_puts(""PASS 3: colspan handling\n\n""); for (col = 0; col < table.num_cols; col ++) { DEBUG_printf(("" col %d, colspan %d\n"", col, table.col_spans[col])); if (table.col_spans[col] > 1) { for (colspan = 0, span_width = 0.0f; colspan < table.col_spans[col]; colspan ++) span_width += table.col_widths[col + colspan]; pref_width = 0.0f; if (span_width < table.col_swidths[col]) pref_width = table.col_swidths[col]; if (span_width < table.col_smins[col] && pref_width < table.col_smins[col]) pref_width = table.col_smins[col]; for (colspan = 0; colspan < table.col_spans[col]; colspan ++) if (table.col_fixed[col + colspan]) { span_width -= table.col_widths[col + colspan]; pref_width -= table.col_widths[col + colspan]; } DEBUG_printf(("" col_swidths=%.1f, col_smins=%.1f, span_width=%.1f, pref_width=%.1f\n"", table.col_swidths[col], table.col_smins[col], span_width, pref_width)); if (pref_width > 0.0f && pref_width > span_width) { if (span_width >= 1.0f) { regular_width = pref_width / span_width; for (colspan = 0; colspan < table.col_spans[col]; colspan ++) if (!table.col_fixed[col + colspan]) { actual_width -= table.col_widths[col + colspan]; table.col_widths[col + colspan] *= regular_width; actual_width += table.col_widths[col + colspan]; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col + colspan, table.col_widths[col + colspan])); } } else { regular_width = pref_width / table.col_spans[col]; for (colspan = 0; colspan < table.col_spans[col]; colspan ++) { actual_width += regular_width; table.col_widths[col + colspan] += regular_width; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col, table.col_widths[col])); } } } } } DEBUG_printf(("" actual_width = %.1f\n\n"", actual_width)); DEBUG_puts(""PASS 4: divide remaining space, if any...\n""); if (width > actual_width) { for (col = 0, colspan = 0; col < table.num_cols; col ++) if (!table.col_fixed[col] || table.col_percent[col]) colspan ++; if (colspan > 0) { regular_width = (width - actual_width) / table.num_cols; for (col = 0; col < table.num_cols; col ++) if (!table.col_fixed[col]) { table.col_widths[col] += regular_width; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col, table.col_widths[col])); } } } else width = actual_width; DEBUG_puts(""""); DEBUG_puts(""PASS 5: Squeeze table as needed...""); if (width > table_width) { for (col = 0, min_width = -cellspacing; col < table.num_cols; col ++) min_width += table.col_mins[col] + 2 * table.cellpadding + cellspacing; DEBUG_printf(("" table_width = %.1f, width = %.1f, min_width = %.1f\n"", table_width, width, min_width)); temp_width = table_width - min_width; if (temp_width < 0.0f) temp_width = 0.0f; width -= min_width; if (width < 1.0f) width = 1.0f; for (col = 0; col < table.num_cols; col ++) { table.col_widths[col] = table.col_mins[col] + temp_width * (table.col_widths[col] - table.col_mins[col]) / width; DEBUG_printf(("" col_widths[%d] = %.1f\n"", col, table.col_widths[col])); } for (col = 0, width = -cellspacing; col < table.num_cols; col ++) width += table.col_widths[col] + 2 * table.cellpadding + cellspacing; DEBUG_printf(("" new width = %.1f, max width = %.1f\n"", width, right - left)); } if ((width - right + left) > 0.001f && OverflowErrors) progress_error(HD_ERROR_CONTENT_TOO_LARGE, ""Table on page %d too wide - truncation or overlapping may occur!"", *page + 1); DEBUG_puts(""""); DEBUG_printf((""Final table width = %.1f, alignment = %d\n"", width, t->halignment)); switch (t->halignment) { case ALIGN_LEFT : *x = left + table.cellpadding; break; case ALIGN_CENTER : *x = left + 0.5f * (right - left - width) + table.cellpadding; break; case ALIGN_RIGHT : *x = right - width + table.cellpadding; break; } for (col = 0; col < table.num_cols; col ++) { table.col_lefts[col] = *x; table.col_rights[col] = *x + table.col_widths[col]; *x = table.col_rights[col] + 2 * table.cellpadding + cellspacing; DEBUG_printf((""left[%d] = %.1f, right[%d] = %.1f\n"", col, table.col_lefts[col], col, table.col_rights[col])); } if (*y < top && needspace) *y -= _htmlSpacings[SIZE_P]; if (table.debug) { check_pages(*page); render_t *r; char table_text[255]; snprintf(table_text, sizeof(table_text), ""t=%p"", (void *)t); r = new_render(*page, RENDER_TEXT, left, *y, get_width((uchar *)table_text, TYPE_COURIER, STYLE_NORMAL, 3), _htmlSizes[3], table_text); r->data.text.typeface = TYPE_COURIER; r->data.text.style = STYLE_NORMAL; r->data.text.size = (float)_htmlSizes[3]; } table_page = *page; table_y = *y; for (row = 0; row < table.num_rows; row ++) { height_var = NULL; if (cells[row][0] != NULL) { if (cells[row][0]->parent->prev != NULL && cells[row][0]->parent->prev->markup == MARKUP_COMMENT) parse_comment(cells[row][0]->parent->prev, &left, &right, &temp_bottom, &temp_top, x, y, page, NULL, 0); if ((height_var = htmlGetVariable(cells[row][0]->parent, (uchar *)""HEIGHT"")) == NULL) for (col = 0; col < table.num_cols; col ++) if (htmlGetVariable(cells[row][col], (uchar *)""ROWSPAN"") == NULL) if ((height_var = htmlGetVariable(cells[row][col], (uchar *)""HEIGHT"")) != NULL) break; } if (height_var != NULL && row == header_row) header_height_var = height_var; if (cells[row][0] != NULL && height_var != NULL) { if (height_var[strlen((char *)height_var) - 1] == '%') temp_height = (float)(atof((char *)height_var) * 0.01f * (PagePrintLength - 2 * table.cellpadding)); else temp_height = (float)(atof((char *)height_var) * PagePrintWidth / _htmlBrowserWidth); if (table.height > 0.0f && temp_height > table.height) temp_height = table.height; temp_height -= 2 * table.cellpadding; } else { for (col = 0, temp_height = (float)_htmlSpacings[SIZE_P]; col < table.num_cols; col ++) if (cells[row][col] != NULL && cells[row][col]->height > temp_height && !htmlGetVariable(cells[row][col], (uchar *)""ROWSPAN"")) temp_height = cells[row][col]->height; if (table.height > 0.0) { if (temp_height > table.height) temp_height = table.height; temp_height -= 2 * table.cellpadding; } else if (temp_height > (PageLength / 8.0) && height_var == NULL) temp_height = PageLength / 8.0; } DEBUG_printf((""BEFORE row = %d, temp_height = %.1f, *y = %.1f, *page = %d\n"", row, temp_height, *y, *page)); if (*y < (bottom + 2 * table.cellpadding + temp_height) && temp_height <= (top - bottom - 2 * table.cellpadding)) { DEBUG_puts(""NEW PAGE""); *y = top - header_height; (*page) ++; if (Verbosity) progress_show(""Formatting page %d"", *page); if (row > 0 && header_row >= 0) { render_table_row(table, cells, header_row, header_height_var, left, right, bottom, top, x, y, page); } } float start_y = *y; temp_page = *page; render_table_row(table, cells, row, height_var, left, right, bottom, top, x, y, page); if (header_row >= 0 && row == header_row) { header_height = *y - start_y; top += header_height; } else if (temp_page != *page && header_row >= 0) { do { float temp_y = top - header_height; temp_page ++; render_table_row(table, cells, header_row, header_height_var, left, right, bottom, top, x, &temp_y, &temp_page); } while (temp_page < *page); } if (row < (table.num_rows - 1)) (*y) -= cellspacing; DEBUG_printf((""END row = %d, *y = %.1f, *page = %d\n"", row, *y, *page)); } top -= header_height; if ((bgcolor = htmlGetVariable(t, (uchar *)""BGCOLOR"")) != NULL) { memcpy(bgrgb, background_color, sizeof(bgrgb)); get_color(bgcolor, bgrgb, 0); table.border_left = table.col_lefts[0] - table.cellpadding; width = table.col_rights[table.num_cols - 1] - table.col_lefts[0] + 2 * table.cellpadding; if (table_page != *page) { new_render(table_page, RENDER_BOX, table.border_left, bottom, width, table_y - bottom, bgrgb, pages[table_page].start); for (temp_page = table_page + 1; temp_page < *page; temp_page ++) { new_render(temp_page, RENDER_BOX, table.border_left, bottom, width, top - bottom, bgrgb, pages[temp_page].start); } check_pages(*page); new_render(*page, RENDER_BOX, table.border_left, *y, width, top - *y, bgrgb, pages[*page].start); } else { new_render(table_page, RENDER_BOX, table.border_left, *y, width, table_y - *y, bgrgb, pages[table_page].start); } } *x = left; if (caption) { parse_paragraph(caption, left, right, bottom, top, x, y, page, needspace); needspace = 1; } if (table.num_rows > 0) { for (row = 0; row < table.num_rows; row ++) free(cells[row]); free(cells); } }",visit repo url,htmldoc/ps-pdf.cxx,https://github.com/michaelrsweet/htmldoc,86000036184642,1 769,['CWE-119'],"isdn_net_close(struct net_device *dev) { struct net_device *p; #ifdef CONFIG_ISDN_X25 struct concap_proto * cprot = ( (isdn_net_local *) dev->priv ) -> netdev -> cprot; #endif #ifdef CONFIG_ISDN_X25 if( cprot && cprot -> pops ) cprot -> pops -> close( cprot ); #endif netif_stop_queue(dev); if ((p = (((isdn_net_local *) dev->priv)->slave))) { while (p) { #ifdef CONFIG_ISDN_X25 cprot = ( (isdn_net_local *) p->priv ) -> netdev -> cprot; if( cprot && cprot -> pops ) cprot -> pops -> close( cprot ); #endif isdn_net_hangup(p); p = (((isdn_net_local *) p->priv)->slave); } } isdn_net_hangup(dev); isdn_unlock_drivers(); return 0; }",linux-2.6,,,141271667101455035697749643499723304805,0 5630,[],"SYSCALL_DEFINE2(rt_sigsuspend, sigset_t __user *, unewset, size_t, sigsetsize) { sigset_t newset; if (sigsetsize != sizeof(sigset_t)) return -EINVAL; if (copy_from_user(&newset, unewset, sizeof(newset))) return -EFAULT; sigdelsetmask(&newset, sigmask(SIGKILL)|sigmask(SIGSTOP)); spin_lock_irq(¤t->sighand->siglock); current->saved_sigmask = current->blocked; current->blocked = newset; recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); current->state = TASK_INTERRUPTIBLE; schedule(); set_restore_sigmask(); return -ERESTARTNOHAND; }",linux-2.6,,,333196738064922592501328424057258849133,0 3685,CWE-119,"monitor_sync(struct monitor *pmonitor) { if (options.compression) { mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); } }",visit repo url,usr.bin/ssh/monitor.c,https://github.com/openbsd/src,8753158721686,1 6583,['CWE-200'],"applet_get_exported_connection_for_device (NMDevice *device, NMApplet *applet) { const GPtrArray *active_connections; int i; active_connections = nm_client_get_active_connections (applet->nm_client); for (i = 0; active_connections && (i < active_connections->len); i++) { NMActiveConnection *active; NMAGConfConnection *gconf_connection; const char *service_name; const char *connection_path; const GPtrArray *devices; active = g_ptr_array_index (active_connections, i); devices = nm_active_connection_get_devices (active); service_name = nm_active_connection_get_service_name (active); connection_path = nm_active_connection_get_connection (active); if (strcmp (service_name, NM_DBUS_SERVICE_USER_SETTINGS) != 0) continue; if (!nm_g_ptr_array_contains (devices, device)) continue; gconf_connection = nma_gconf_settings_get_by_dbus_path (applet->gconf_settings, connection_path); if (!gconf_connection || !nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (gconf_connection))) continue; return gconf_connection; } return NULL; }",network-manager-applet,,,152480945056650122153728161506581889014,0 4572,CWE-119,"Bool GPAC_EventProc(void *ptr, GF_Event *evt) { if (!term) return 0; if (gui_mode==1) { if (evt->type==GF_EVENT_QUIT) { Run = 0; } else if (evt->type==GF_EVENT_KEYDOWN) { switch (evt->key.key_code) { case GF_KEY_C: if (evt->key.flags & (GF_KEY_MOD_CTRL|GF_KEY_MOD_ALT)) { hide_shell(shell_visible ? 1 : 0); if (shell_visible) gui_mode=2; } break; default: break; } } return 0; } switch (evt->type) { case GF_EVENT_DURATION: Duration = (u64) ( 1000 * (s64) evt->duration.duration); CanSeek = evt->duration.can_seek; break; case GF_EVENT_MESSAGE: { const char *servName; if (!evt->message.service || !strcmp(evt->message.service, the_url)) { servName = """"; } else if (!strnicmp(evt->message.service, ""data:"", 5)) { servName = ""(embedded data)""; } else { servName = evt->message.service; } if (!evt->message.message) return 0; if (evt->message.error) { if (!is_connected) last_error = evt->message.error; if (evt->message.error==GF_SCRIPT_INFO) { GF_LOG(GF_LOG_INFO, GF_LOG_CONSOLE, (""%s\n"", evt->message.message)); } else { GF_LOG(GF_LOG_ERROR, GF_LOG_CONSOLE, (""%s %s: %s\n"", servName, evt->message.message, gf_error_to_string(evt->message.error))); } } else if (!be_quiet) GF_LOG(GF_LOG_INFO, GF_LOG_CONSOLE, (""%s %s\n"", servName, evt->message.message)); } break; case GF_EVENT_PROGRESS: { char *szTitle = """"; if (evt->progress.progress_type==0) { szTitle = ""Buffer ""; if (bench_mode && (bench_mode!=3) ) { if (evt->progress.done >= evt->progress.total) bench_buffer = 0; else bench_buffer = 1 + 100*evt->progress.done / evt->progress.total; break; } } else if (evt->progress.progress_type==1) { if (bench_mode) break; szTitle = ""Download ""; } else if (evt->progress.progress_type==2) szTitle = ""Import ""; gf_set_progress(szTitle, evt->progress.done, evt->progress.total); } break; case GF_EVENT_DBLCLICK: gf_term_set_option(term, GF_OPT_FULLSCREEN, !gf_term_get_option(term, GF_OPT_FULLSCREEN)); return 0; case GF_EVENT_MOUSEDOWN: if (evt->mouse.button==GF_MOUSE_RIGHT) { right_down = 1; last_x = evt->mouse.x; last_y = evt->mouse.y; } return 0; case GF_EVENT_MOUSEUP: if (evt->mouse.button==GF_MOUSE_RIGHT) { right_down = 0; last_x = evt->mouse.x; last_y = evt->mouse.y; } return 0; case GF_EVENT_MOUSEMOVE: if (right_down && (user.init_flags & GF_TERM_WINDOWLESS) ) { GF_Event move; move.move.x = evt->mouse.x - last_x; move.move.y = last_y-evt->mouse.y; move.type = GF_EVENT_MOVE; move.move.relative = 1; gf_term_user_event(term, &move); } return 0; case GF_EVENT_KEYUP: switch (evt->key.key_code) { case GF_KEY_SPACE: if (evt->key.flags & GF_KEY_MOD_CTRL) switch_bench(!bench_mode); break; } break; case GF_EVENT_KEYDOWN: gf_term_process_shortcut(term, evt); switch (evt->key.key_code) { case GF_KEY_SPACE: if (evt->key.flags & GF_KEY_MOD_CTRL) { if (!bench_mode) switch_bench(!bench_mode); } break; case GF_KEY_PAGEDOWN: case GF_KEY_MEDIANEXTTRACK: request_next_playlist_item = 1; break; case GF_KEY_MEDIAPREVIOUSTRACK: break; case GF_KEY_ESCAPE: gf_term_set_option(term, GF_OPT_FULLSCREEN, !gf_term_get_option(term, GF_OPT_FULLSCREEN)); break; case GF_KEY_C: if (evt->key.flags & (GF_KEY_MOD_CTRL|GF_KEY_MOD_ALT)) { hide_shell(shell_visible ? 1 : 0); if (!shell_visible) gui_mode=1; } break; case GF_KEY_F: if (evt->key.flags & GF_KEY_MOD_CTRL) fprintf(stderr, ""Rendering rate: %f FPS\n"", gf_term_get_framerate(term, 0)); break; case GF_KEY_T: if (evt->key.flags & GF_KEY_MOD_CTRL) fprintf(stderr, ""Scene Time: %f \n"", gf_term_get_time_in_ms(term)/1000.0); break; case GF_KEY_D: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_DRAW_MODE, (gf_term_get_option(term, GF_OPT_DRAW_MODE)==GF_DRAW_MODE_DEFER) ? GF_DRAW_MODE_IMMEDIATE : GF_DRAW_MODE_DEFER ); break; case GF_KEY_4: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_4_3); break; case GF_KEY_5: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_16_9); break; case GF_KEY_6: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_FILL_SCREEN); break; case GF_KEY_7: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_KEEP); break; case GF_KEY_O: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { if (gf_term_get_option(term, GF_OPT_MAIN_ADDON)) { fprintf(stderr, ""Resuming to main content\n""); gf_term_set_option(term, GF_OPT_PLAY_STATE, GF_STATE_PLAY_LIVE); } else { fprintf(stderr, ""Main addon not enabled\n""); } } break; case GF_KEY_P: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { u32 pause_state = gf_term_get_option(term, GF_OPT_PLAY_STATE) ; fprintf(stderr, ""[Status: %s]\n"", pause_state ? ""Playing"" : ""Paused""); if ((pause_state == GF_STATE_PAUSED) && (evt->key.flags & GF_KEY_MOD_SHIFT)) { gf_term_set_option(term, GF_OPT_PLAY_STATE, GF_STATE_PLAY_LIVE); } else { gf_term_set_option(term, GF_OPT_PLAY_STATE, (pause_state==GF_STATE_PAUSED) ? GF_STATE_PLAYING : GF_STATE_PAUSED); } } break; case GF_KEY_S: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { gf_term_set_option(term, GF_OPT_PLAY_STATE, GF_STATE_STEP_PAUSE); fprintf(stderr, ""Step time: ""); PrintTime(gf_term_get_time_in_ms(term)); fprintf(stderr, ""\n""); } break; case GF_KEY_B: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) ViewODs(term, 1); break; case GF_KEY_M: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) ViewODs(term, 0); break; case GF_KEY_H: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { gf_term_switch_quality(term, 1); } break; case GF_KEY_L: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { gf_term_switch_quality(term, 0); } break; case GF_KEY_F5: if (is_connected) reload = 1; break; case GF_KEY_A: addon_visible = !addon_visible; gf_term_toggle_addons(term, addon_visible); break; case GF_KEY_UP: if ((evt->key.flags & VK_MOD) && is_connected) { do_set_speed(playback_speed * 2); } break; case GF_KEY_DOWN: if ((evt->key.flags & VK_MOD) && is_connected) { do_set_speed(playback_speed / 2); } break; case GF_KEY_LEFT: if ((evt->key.flags & VK_MOD) && is_connected) { do_set_speed(-1 * playback_speed ); } break; } break; case GF_EVENT_CONNECT: if (evt->connect.is_connected) { is_connected = 1; fprintf(stderr, ""Service Connected\n""); eos_seen = GF_FALSE; if (playback_speed != FIX_ONE) gf_term_set_speed(term, playback_speed); } else if (is_connected) { fprintf(stderr, ""Service %s\n"", is_connected ? ""Disconnected"" : ""Connection Failed""); is_connected = 0; Duration = 0; } if (init_w && init_h) { gf_term_set_size(term, init_w, init_h); } ResetCaption(); break; case GF_EVENT_EOS: eos_seen = GF_TRUE; if (playlist) { if (Duration>1500) request_next_playlist_item = GF_TRUE; } else if (loop_at_end) { restart = 1; } break; case GF_EVENT_SIZE: if (user.init_flags & GF_TERM_WINDOWLESS) { GF_Event move; move.type = GF_EVENT_MOVE; move.move.align_x = align_mode & 0xFF; move.move.align_y = (align_mode>>8) & 0xFF; move.move.relative = 2; gf_term_user_event(term, &move); } break; case GF_EVENT_SCENE_SIZE: if (forced_width && forced_height) { GF_Event size; size.type = GF_EVENT_SIZE; size.size.width = forced_width; size.size.height = forced_height; gf_term_user_event(term, &size); } break; case GF_EVENT_METADATA: ResetCaption(); break; case GF_EVENT_RELOAD: if (is_connected) reload = 1; break; case GF_EVENT_DROPFILE: { u32 i, pos; if (readonly_playlist) { gf_fclose(playlist); playlist = NULL; } readonly_playlist = 0; if (!playlist) { readonly_playlist = 0; playlist = gf_temp_file_new(NULL); } pos = ftell(playlist); i=0; while (iopen_file.nb_files) { if (evt->open_file.files[i] != NULL) { fprintf(playlist, ""%s\n"", evt->open_file.files[i]); } i++; } fseek(playlist, pos, SEEK_SET); request_next_playlist_item = 1; } return 1; case GF_EVENT_QUIT: if (evt->message.error) { fprintf(stderr, ""A fatal error was encoutered: %s (%s) - exiting ...\n"", evt->message.message ? evt->message.message : ""no details"", gf_error_to_string(evt->message.error) ); } Run = 0; break; case GF_EVENT_DISCONNECT: gf_term_disconnect(term); break; case GF_EVENT_MIGRATE: { } break; case GF_EVENT_NAVIGATE_INFO: if (evt->navigate.to_url) fprintf(stderr, ""Go to URL: \""%s\""\r"", evt->navigate.to_url); break; case GF_EVENT_NAVIGATE: if (gf_term_is_supported_url(term, evt->navigate.to_url, 1, no_mime_check)) { strcpy(the_url, evt->navigate.to_url); fprintf(stderr, ""Navigating to URL %s\n"", the_url); gf_term_navigate_to(term, evt->navigate.to_url); return 1; } else { fprintf(stderr, ""Navigation destination not supported\nGo to URL: %s\n"", evt->navigate.to_url); } break; case GF_EVENT_SET_CAPTION: gf_term_user_event(term, evt); break; case GF_EVENT_AUTHORIZATION: { int maxTries = 1; assert( evt->type == GF_EVENT_AUTHORIZATION); assert( evt->auth.user); assert( evt->auth.password); assert( evt->auth.site_url); while ((!strlen(evt->auth.user) || !strlen(evt->auth.password)) && (maxTries--) >= 0) { fprintf(stderr, ""**** Authorization required for site %s ****\n"", evt->auth.site_url); fprintf(stderr, ""login : ""); read_line_input(evt->auth.user, 50, 1); fprintf(stderr, ""\npassword: ""); read_line_input(evt->auth.password, 50, 0); fprintf(stderr, ""*********\n""); } if (maxTries < 0) { fprintf(stderr, ""**** No User or password has been filled, aborting ***\n""); return 0; } return 1; } case GF_EVENT_ADDON_DETECTED: if (enable_add_ons) { fprintf(stderr, ""Media Addon %s detected - enabling it\n"", evt->addon_connect.addon_url); addon_visible = 1; } return enable_add_ons; } return 0; }",visit repo url,applications/mp4client/main.c,https://github.com/gpac/gpac,70700846870518,1 2841,['CWE-119'],"nfs4_acl_get_whotype(char *p, u32 len) { int i; for (i = 0; i < ARRAY_SIZE(s2t_map); i++) { if (s2t_map[i].stringlen == len && 0 == memcmp(s2t_map[i].string, p, len)) return s2t_map[i].type; } return NFS4_ACL_WHO_NAMED; }",linux-2.6,,,102859505322045978664592745613009872978,0 3845,CWE-125,"suggest_trie_walk( suginfo_T *su, langp_T *lp, char_u *fword, int soundfold) { char_u tword[MAXWLEN]; trystate_T stack[MAXWLEN]; char_u preword[MAXWLEN * 3]; char_u compflags[MAXWLEN]; trystate_T *sp; int newscore; int score; char_u *byts, *fbyts, *pbyts; idx_T *idxs, *fidxs, *pidxs; int depth; int c, c2, c3; int n = 0; int flags; garray_T *gap; idx_T arridx; int len; char_u *p; fromto_T *ftp; int fl = 0, tl; int repextra = 0; slang_T *slang = lp->lp_slang; int fword_ends; int goodword_ends; #ifdef DEBUG_TRIEWALK char_u changename[MAXWLEN][80]; #endif int breakcheckcount = 1000; #ifdef FEAT_RELTIME proftime_T time_limit; #endif int compound_ok; depth = 0; sp = &stack[0]; CLEAR_POINTER(sp); sp->ts_curi = 1; if (soundfold) { byts = fbyts = slang->sl_sbyts; idxs = fidxs = slang->sl_sidxs; pbyts = NULL; pidxs = NULL; sp->ts_prefixdepth = PFD_NOPREFIX; sp->ts_state = STATE_START; } else { fbyts = slang->sl_fbyts; fidxs = slang->sl_fidxs; pbyts = slang->sl_pbyts; pidxs = slang->sl_pidxs; if (pbyts != NULL) { byts = pbyts; idxs = pidxs; sp->ts_prefixdepth = PFD_PREFIXTREE; sp->ts_state = STATE_NOPREFIX; } else { byts = fbyts; idxs = fidxs; sp->ts_prefixdepth = PFD_NOPREFIX; sp->ts_state = STATE_START; } } #ifdef FEAT_RELTIME if (spell_suggest_timeout > 0) profile_setlimit(spell_suggest_timeout, &time_limit); #endif while (depth >= 0 && !got_int) { sp = &stack[depth]; switch (sp->ts_state) { case STATE_START: case STATE_NOPREFIX: arridx = sp->ts_arridx; len = byts[arridx]; arridx += sp->ts_curi; if (sp->ts_prefixdepth == PFD_PREFIXTREE) { for (n = 0; n < len && byts[arridx + n] == 0; ++n) ; sp->ts_curi += n; n = (int)sp->ts_state; PROF_STORE(sp->ts_state) sp->ts_state = STATE_ENDNUL; sp->ts_save_badflags = su->su_badflags; if (depth < MAXWLEN - 1 && (byts[arridx] == 0 || n == (int)STATE_NOPREFIX)) { if (has_mbyte) n = nofold_len(fword, sp->ts_fidx, su->su_badptr); else n = sp->ts_fidx; flags = badword_captype(su->su_badptr, su->su_badptr + n); su->su_badflags = badword_captype(su->su_badptr + n, su->su_badptr + su->su_badlen); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""prefix""); #endif go_deeper(stack, depth, 0); ++depth; sp = &stack[depth]; sp->ts_prefixdepth = depth - 1; byts = fbyts; idxs = fidxs; sp->ts_arridx = 0; tword[sp->ts_twordlen] = NUL; make_case_word(tword + sp->ts_splitoff, preword + sp->ts_prewordlen, flags); sp->ts_prewordlen = (char_u)STRLEN(preword); sp->ts_splitoff = sp->ts_twordlen; } break; } if (sp->ts_curi > len || byts[arridx] != 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_ENDNUL; sp->ts_save_badflags = su->su_badflags; break; } ++sp->ts_curi; flags = (int)idxs[arridx]; if (flags & WF_NOSUGGEST) break; fword_ends = (fword[sp->ts_fidx] == NUL || (soundfold ? VIM_ISWHITE(fword[sp->ts_fidx]) : !spell_iswordp(fword + sp->ts_fidx, curwin))); tword[sp->ts_twordlen] = NUL; if (sp->ts_prefixdepth <= PFD_NOTSPECIAL && (sp->ts_flags & TSF_PREFIXOK) == 0 && pbyts != NULL) { n = stack[sp->ts_prefixdepth].ts_arridx; len = pbyts[n++]; for (c = 0; c < len && pbyts[n + c] == 0; ++c) ; if (c > 0) { c = valid_word_prefix(c, n, flags, tword + sp->ts_splitoff, slang, FALSE); if (c == 0) break; if (c & WF_RAREPFX) flags |= WF_RARE; sp->ts_flags |= TSF_PREFIXOK; } } if (sp->ts_complen == sp->ts_compsplit && fword_ends && (flags & WF_NEEDCOMP)) goodword_ends = FALSE; else goodword_ends = TRUE; p = NULL; compound_ok = TRUE; if (sp->ts_complen > sp->ts_compsplit) { if (slang->sl_nobreak) { if (sp->ts_fidx - sp->ts_splitfidx == sp->ts_twordlen - sp->ts_splitoff && STRNCMP(fword + sp->ts_splitfidx, tword + sp->ts_splitoff, sp->ts_fidx - sp->ts_splitfidx) == 0) { preword[sp->ts_prewordlen] = NUL; newscore = score_wordcount_adj(slang, sp->ts_score, preword + sp->ts_prewordlen, sp->ts_prewordlen > 0); if (newscore <= su->su_maxscore) add_suggestion(su, &su->su_ga, preword, sp->ts_splitfidx - repextra, newscore, 0, FALSE, lp->lp_sallang, FALSE); break; } } else { if (((unsigned)flags >> 24) == 0 || sp->ts_twordlen - sp->ts_splitoff < slang->sl_compminlen) break; if (has_mbyte && slang->sl_compminlen > 0 && mb_charlen(tword + sp->ts_splitoff) < slang->sl_compminlen) break; compflags[sp->ts_complen] = ((unsigned)flags >> 24); compflags[sp->ts_complen + 1] = NUL; vim_strncpy(preword + sp->ts_prewordlen, tword + sp->ts_splitoff, sp->ts_twordlen - sp->ts_splitoff); if (match_checkcompoundpattern(preword, sp->ts_prewordlen, &slang->sl_comppat)) compound_ok = FALSE; if (compound_ok) { p = preword; while (*skiptowhite(p) != NUL) p = skipwhite(skiptowhite(p)); if (fword_ends && !can_compound(slang, p, compflags + sp->ts_compsplit)) compound_ok = FALSE; } p = preword + sp->ts_prewordlen; MB_PTR_BACK(preword, p); } } if (soundfold) STRCPY(preword + sp->ts_prewordlen, tword + sp->ts_splitoff); else if (flags & WF_KEEPCAP) find_keepcap_word(slang, tword + sp->ts_splitoff, preword + sp->ts_prewordlen); else { c = su->su_badflags; if ((c & WF_ALLCAP) && su->su_badlen == (*mb_ptr2len)(su->su_badptr)) c = WF_ONECAP; c |= flags; if (p != NULL && spell_iswordp_nmw(p, curwin)) c &= ~WF_ONECAP; make_case_word(tword + sp->ts_splitoff, preword + sp->ts_prewordlen, c); } if (!soundfold) { if (flags & WF_BANNED) { add_banned(su, preword + sp->ts_prewordlen); break; } if ((sp->ts_complen == sp->ts_compsplit && WAS_BANNED(su, preword + sp->ts_prewordlen)) || WAS_BANNED(su, preword)) { if (slang->sl_compprog == NULL) break; goodword_ends = FALSE; } } newscore = 0; if (!soundfold) { if ((flags & WF_REGION) && (((unsigned)flags >> 16) & lp->lp_region) == 0) newscore += SCORE_REGION; if (flags & WF_RARE) newscore += SCORE_RARE; if (!spell_valid_case(su->su_badflags, captype(preword + sp->ts_prewordlen, NULL))) newscore += SCORE_ICASE; } if (fword_ends && goodword_ends && sp->ts_fidx >= sp->ts_fidxtry && compound_ok) { #ifdef DEBUG_TRIEWALK if (soundfold && STRCMP(preword, ""smwrd"") == 0) { int j; smsg(""------ %s -------"", fword); for (j = 0; j < depth; ++j) smsg(""%s"", changename[j]); } #endif if (soundfold) { add_sound_suggest(su, preword, sp->ts_score, lp); } else if (sp->ts_fidx > 0) { p = fword + sp->ts_fidx; MB_PTR_BACK(fword, p); if (!spell_iswordp(p, curwin) && *preword != NUL) { p = preword + STRLEN(preword); MB_PTR_BACK(preword, p); if (spell_iswordp(p, curwin)) newscore += SCORE_NONWORD; } score = score_wordcount_adj(slang, sp->ts_score + newscore, preword + sp->ts_prewordlen, sp->ts_prewordlen > 0); if (score <= su->su_maxscore) { add_suggestion(su, &su->su_ga, preword, sp->ts_fidx - repextra, score, 0, FALSE, lp->lp_sallang, FALSE); if (su->su_badflags & WF_MIXCAP) { c = captype(preword, NULL); if (c == 0 || c == WF_ALLCAP) { make_case_word(tword + sp->ts_splitoff, preword + sp->ts_prewordlen, c == 0 ? WF_ALLCAP : 0); add_suggestion(su, &su->su_ga, preword, sp->ts_fidx - repextra, score + SCORE_ICASE, 0, FALSE, lp->lp_sallang, FALSE); } } } } } if ((sp->ts_fidx >= sp->ts_fidxtry || fword_ends) && (!has_mbyte || sp->ts_tcharlen == 0)) { int try_compound; int try_split; try_split = (sp->ts_fidx - repextra < su->su_badlen) && !soundfold; try_compound = FALSE; if (!soundfold && !slang->sl_nocompoundsugs && slang->sl_compprog != NULL && ((unsigned)flags >> 24) != 0 && sp->ts_twordlen - sp->ts_splitoff >= slang->sl_compminlen && (!has_mbyte || slang->sl_compminlen == 0 || mb_charlen(tword + sp->ts_splitoff) >= slang->sl_compminlen) && (slang->sl_compsylmax < MAXWLEN || sp->ts_complen + 1 - sp->ts_compsplit < slang->sl_compmax) && (can_be_compound(sp, slang, compflags, ((unsigned)flags >> 24)))) { try_compound = TRUE; compflags[sp->ts_complen] = ((unsigned)flags >> 24); compflags[sp->ts_complen + 1] = NUL; } if (slang->sl_nobreak && !slang->sl_nocompoundsugs) try_compound = TRUE; else if (!fword_ends && try_compound && (sp->ts_flags & TSF_DIDSPLIT) == 0) { try_compound = FALSE; sp->ts_flags |= TSF_DIDSPLIT; --sp->ts_curi; compflags[sp->ts_complen] = NUL; } else sp->ts_flags &= ~TSF_DIDSPLIT; if (try_split || try_compound) { if (!try_compound && (!fword_ends || !goodword_ends)) { if (sp->ts_complen == sp->ts_compsplit && (flags & WF_NEEDCOMP)) break; p = preword; while (*skiptowhite(p) != NUL) p = skipwhite(skiptowhite(p)); if (sp->ts_complen > sp->ts_compsplit && !can_compound(slang, p, compflags + sp->ts_compsplit)) break; if (slang->sl_nosplitsugs) newscore += SCORE_SPLIT_NO; else newscore += SCORE_SPLIT; newscore = score_wordcount_adj(slang, newscore, preword + sp->ts_prewordlen, TRUE); } if (TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK if (!try_compound && !fword_ends) sprintf(changename[depth], ""%.*s-%s: split"", sp->ts_twordlen, tword, fword + sp->ts_fidx); else sprintf(changename[depth], ""%.*s-%s: compound"", sp->ts_twordlen, tword, fword + sp->ts_fidx); #endif sp->ts_save_badflags = su->su_badflags; PROF_STORE(sp->ts_state) sp->ts_state = STATE_SPLITUNDO; ++depth; sp = &stack[depth]; if (!try_compound && !fword_ends) STRCAT(preword, "" ""); sp->ts_prewordlen = (char_u)STRLEN(preword); sp->ts_splitoff = sp->ts_twordlen; sp->ts_splitfidx = sp->ts_fidx; if (((!try_compound && !spell_iswordp_nmw(fword + sp->ts_fidx, curwin)) || fword_ends) && fword[sp->ts_fidx] != NUL && goodword_ends) { int l; l = mb_ptr2len(fword + sp->ts_fidx); if (fword_ends) { mch_memmove(preword + sp->ts_prewordlen, fword + sp->ts_fidx, l); sp->ts_prewordlen += l; preword[sp->ts_prewordlen] = NUL; } else sp->ts_score -= SCORE_SPLIT - SCORE_SUBST; sp->ts_fidx += l; } if (try_compound) ++sp->ts_complen; else sp->ts_compsplit = sp->ts_complen; sp->ts_prefixdepth = PFD_NOPREFIX; if (has_mbyte) n = nofold_len(fword, sp->ts_fidx, su->su_badptr); else n = sp->ts_fidx; su->su_badflags = badword_captype(su->su_badptr + n, su->su_badptr + su->su_badlen); sp->ts_arridx = 0; if (pbyts != NULL) { byts = pbyts; idxs = pidxs; sp->ts_prefixdepth = PFD_PREFIXTREE; PROF_STORE(sp->ts_state) sp->ts_state = STATE_NOPREFIX; } } } } break; case STATE_SPLITUNDO: su->su_badflags = sp->ts_save_badflags; PROF_STORE(sp->ts_state) sp->ts_state = STATE_START; byts = fbyts; idxs = fidxs; break; case STATE_ENDNUL: su->su_badflags = sp->ts_save_badflags; if (fword[sp->ts_fidx] == NUL && sp->ts_tcharlen == 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_DEL; break; } PROF_STORE(sp->ts_state) sp->ts_state = STATE_PLAIN; case STATE_PLAIN: arridx = sp->ts_arridx; if (sp->ts_curi > byts[arridx]) { PROF_STORE(sp->ts_state) if (sp->ts_fidx >= sp->ts_fidxtry) sp->ts_state = STATE_DEL; else sp->ts_state = STATE_FINAL; } else { arridx += sp->ts_curi++; c = byts[arridx]; if (c == fword[sp->ts_fidx] || (sp->ts_tcharlen > 0 && sp->ts_isdiff != DIFF_NONE)) newscore = 0; else newscore = SCORE_SUBST; if ((newscore == 0 || (sp->ts_fidx >= sp->ts_fidxtry && ((sp->ts_flags & TSF_DIDDEL) == 0 || c != fword[sp->ts_delidx]))) && TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK if (newscore > 0) sprintf(changename[depth], ""%.*s-%s: subst %c to %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, fword[sp->ts_fidx], c); else sprintf(changename[depth], ""%.*s-%s: accept %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, fword[sp->ts_fidx]); #endif ++depth; sp = &stack[depth]; if (fword[sp->ts_fidx] != NUL) ++sp->ts_fidx; tword[sp->ts_twordlen++] = c; sp->ts_arridx = idxs[arridx]; if (newscore == SCORE_SUBST) sp->ts_isdiff = DIFF_YES; if (has_mbyte) { if (sp->ts_tcharlen == 0) { sp->ts_tcharidx = 0; sp->ts_tcharlen = MB_BYTE2LEN(c); sp->ts_fcharstart = sp->ts_fidx - 1; sp->ts_isdiff = (newscore != 0) ? DIFF_YES : DIFF_NONE; } else if (sp->ts_isdiff == DIFF_INSERT) --sp->ts_fidx; if (++sp->ts_tcharidx == sp->ts_tcharlen) { if (sp->ts_isdiff == DIFF_YES) { sp->ts_fidx = sp->ts_fcharstart + mb_ptr2len( fword + sp->ts_fcharstart); if (enc_utf8 && utf_iscomposing( utf_ptr2char(tword + sp->ts_twordlen - sp->ts_tcharlen)) && utf_iscomposing( utf_ptr2char(fword + sp->ts_fcharstart))) sp->ts_score -= SCORE_SUBST - SCORE_SUBCOMP; else if (!soundfold && slang->sl_has_map && similar_chars(slang, mb_ptr2char(tword + sp->ts_twordlen - sp->ts_tcharlen), mb_ptr2char(fword + sp->ts_fcharstart))) sp->ts_score -= SCORE_SUBST - SCORE_SIMILAR; } else if (sp->ts_isdiff == DIFF_INSERT && sp->ts_twordlen > sp->ts_tcharlen) { p = tword + sp->ts_twordlen - sp->ts_tcharlen; c = mb_ptr2char(p); if (enc_utf8 && utf_iscomposing(c)) { sp->ts_score -= SCORE_INS - SCORE_INSCOMP; } else { MB_PTR_BACK(tword, p); if (c == mb_ptr2char(p)) sp->ts_score -= SCORE_INS - SCORE_INSDUP; } } sp->ts_tcharlen = 0; } } else { if (newscore != 0 && !soundfold && slang->sl_has_map && similar_chars(slang, c, fword[sp->ts_fidx - 1])) sp->ts_score -= SCORE_SUBST - SCORE_SIMILAR; } } } break; case STATE_DEL: if (has_mbyte && sp->ts_tcharlen > 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } PROF_STORE(sp->ts_state) sp->ts_state = STATE_INS_PREP; sp->ts_curi = 1; if (soundfold && sp->ts_fidx == 0 && fword[sp->ts_fidx] == '*') newscore = 2 * SCORE_DEL / 3; else newscore = SCORE_DEL; if (fword[sp->ts_fidx] != NUL && TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: delete %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, fword[sp->ts_fidx]); #endif ++depth; stack[depth].ts_flags |= TSF_DIDDEL; stack[depth].ts_delidx = sp->ts_fidx; if (has_mbyte) { c = mb_ptr2char(fword + sp->ts_fidx); stack[depth].ts_fidx += mb_ptr2len(fword + sp->ts_fidx); if (enc_utf8 && utf_iscomposing(c)) stack[depth].ts_score -= SCORE_DEL - SCORE_DELCOMP; else if (c == mb_ptr2char(fword + stack[depth].ts_fidx)) stack[depth].ts_score -= SCORE_DEL - SCORE_DELDUP; } else { ++stack[depth].ts_fidx; if (fword[sp->ts_fidx] == fword[sp->ts_fidx + 1]) stack[depth].ts_score -= SCORE_DEL - SCORE_DELDUP; } break; } case STATE_INS_PREP: if (sp->ts_flags & TSF_DIDDEL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP; break; } n = sp->ts_arridx; for (;;) { if (sp->ts_curi > byts[n]) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP; break; } if (byts[n + sp->ts_curi] != NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_INS; break; } ++sp->ts_curi; } break; case STATE_INS: n = sp->ts_arridx; if (sp->ts_curi > byts[n]) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP; break; } n += sp->ts_curi++; c = byts[n]; if (soundfold && sp->ts_twordlen == 0 && c == '*') newscore = 2 * SCORE_INS / 3; else newscore = SCORE_INS; if (c != fword[sp->ts_fidx] && TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: insert %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, c); #endif ++depth; sp = &stack[depth]; tword[sp->ts_twordlen++] = c; sp->ts_arridx = idxs[n]; if (has_mbyte) { fl = MB_BYTE2LEN(c); if (fl > 1) { sp->ts_tcharlen = fl; sp->ts_tcharidx = 1; sp->ts_isdiff = DIFF_INSERT; } } else fl = 1; if (fl == 1) { if (sp->ts_twordlen >= 2 && tword[sp->ts_twordlen - 2] == c) sp->ts_score -= SCORE_INS - SCORE_INSDUP; } } break; case STATE_SWAP: p = fword + sp->ts_fidx; c = *p; if (c == NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } if (!soundfold && !spell_iswordp(p, curwin)) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (has_mbyte) { n = MB_CPTR2LEN(p); c = mb_ptr2char(p); if (p[n] == NUL) c2 = NUL; else if (!soundfold && !spell_iswordp(p + n, curwin)) c2 = c; else c2 = mb_ptr2char(p + n); } else { if (p[1] == NUL) c2 = NUL; else if (!soundfold && !spell_iswordp(p + 1, curwin)) c2 = c; else c2 = p[1]; } if (c2 == NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (c == c2) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP3; break; } if (c2 != NUL && TRY_DEEPER(su, stack, depth, SCORE_SWAP)) { go_deeper(stack, depth, SCORE_SWAP); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: swap %c and %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, c, c2); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNSWAP; ++depth; if (has_mbyte) { fl = mb_char2len(c2); mch_memmove(p, p + n, fl); mb_char2bytes(c, p + fl); stack[depth].ts_fidxtry = sp->ts_fidx + n + fl; } else { p[0] = c2; p[1] = c; stack[depth].ts_fidxtry = sp->ts_fidx + 2; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNSWAP: p = fword + sp->ts_fidx; if (has_mbyte) { n = mb_ptr2len(p); c = mb_ptr2char(p + n); mch_memmove(p + mb_ptr2len(p + n), p, n); mb_char2bytes(c, p); } else { c = *p; *p = p[1]; p[1] = c; } case STATE_SWAP3: p = fword + sp->ts_fidx; if (has_mbyte) { n = MB_CPTR2LEN(p); c = mb_ptr2char(p); fl = MB_CPTR2LEN(p + n); c2 = mb_ptr2char(p + n); if (!soundfold && !spell_iswordp(p + n + fl, curwin)) c3 = c; else c3 = mb_ptr2char(p + n + fl); } else { c = *p; c2 = p[1]; if (!soundfold && !spell_iswordp(p + 2, curwin)) c3 = c; else c3 = p[2]; } if (c == c3 || c3 == NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (TRY_DEEPER(su, stack, depth, SCORE_SWAP3)) { go_deeper(stack, depth, SCORE_SWAP3); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: swap3 %c and %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, c, c3); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNSWAP3; ++depth; if (has_mbyte) { tl = mb_char2len(c3); mch_memmove(p, p + n + fl, tl); mb_char2bytes(c2, p + tl); mb_char2bytes(c, p + fl + tl); stack[depth].ts_fidxtry = sp->ts_fidx + n + fl + tl; } else { p[0] = p[2]; p[2] = c; stack[depth].ts_fidxtry = sp->ts_fidx + 3; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNSWAP3: p = fword + sp->ts_fidx; if (has_mbyte) { n = mb_ptr2len(p); c2 = mb_ptr2char(p + n); fl = mb_ptr2len(p + n); c = mb_ptr2char(p + n + fl); tl = mb_ptr2len(p + n + fl); mch_memmove(p + fl + tl, p, n); mb_char2bytes(c, p); mb_char2bytes(c2, p + tl); p = p + tl; } else { c = *p; *p = p[2]; p[2] = c; ++p; } if (!soundfold && !spell_iswordp(p, curwin)) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (TRY_DEEPER(su, stack, depth, SCORE_SWAP3)) { go_deeper(stack, depth, SCORE_SWAP3); #ifdef DEBUG_TRIEWALK p = fword + sp->ts_fidx; sprintf(changename[depth], ""%.*s-%s: rotate left %c%c%c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, p[0], p[1], p[2]); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNROT3L; ++depth; p = fword + sp->ts_fidx; if (has_mbyte) { n = MB_CPTR2LEN(p); c = mb_ptr2char(p); fl = MB_CPTR2LEN(p + n); fl += MB_CPTR2LEN(p + n + fl); mch_memmove(p, p + n, fl); mb_char2bytes(c, p + fl); stack[depth].ts_fidxtry = sp->ts_fidx + n + fl; } else { c = *p; *p = p[1]; p[1] = p[2]; p[2] = c; stack[depth].ts_fidxtry = sp->ts_fidx + 3; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNROT3L: p = fword + sp->ts_fidx; if (has_mbyte) { n = mb_ptr2len(p); n += mb_ptr2len(p + n); c = mb_ptr2char(p + n); tl = mb_ptr2len(p + n); mch_memmove(p + tl, p, n); mb_char2bytes(c, p); } else { c = p[2]; p[2] = p[1]; p[1] = *p; *p = c; } if (TRY_DEEPER(su, stack, depth, SCORE_SWAP3)) { go_deeper(stack, depth, SCORE_SWAP3); #ifdef DEBUG_TRIEWALK p = fword + sp->ts_fidx; sprintf(changename[depth], ""%.*s-%s: rotate right %c%c%c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, p[0], p[1], p[2]); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNROT3R; ++depth; p = fword + sp->ts_fidx; if (has_mbyte) { n = MB_CPTR2LEN(p); n += MB_CPTR2LEN(p + n); c = mb_ptr2char(p + n); tl = MB_CPTR2LEN(p + n); mch_memmove(p + tl, p, n); mb_char2bytes(c, p); stack[depth].ts_fidxtry = sp->ts_fidx + n + tl; } else { c = p[2]; p[2] = p[1]; p[1] = *p; *p = c; stack[depth].ts_fidxtry = sp->ts_fidx + 3; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNROT3R: p = fword + sp->ts_fidx; if (has_mbyte) { c = mb_ptr2char(p); tl = mb_ptr2len(p); n = mb_ptr2len(p + tl); n += mb_ptr2len(p + tl + n); mch_memmove(p, p + tl, n); mb_char2bytes(c, p + n); } else { c = *p; *p = p[1]; p[1] = p[2]; p[2] = c; } case STATE_REP_INI: if ((lp->lp_replang == NULL && !soundfold) || sp->ts_score + SCORE_REP >= su->su_maxscore || sp->ts_fidx < sp->ts_fidxtry) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } if (soundfold) sp->ts_curi = slang->sl_repsal_first[fword[sp->ts_fidx]]; else sp->ts_curi = lp->lp_replang->sl_rep_first[fword[sp->ts_fidx]]; if (sp->ts_curi < 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP; case STATE_REP: p = fword + sp->ts_fidx; if (soundfold) gap = &slang->sl_repsal; else gap = &lp->lp_replang->sl_rep; while (sp->ts_curi < gap->ga_len) { ftp = (fromto_T *)gap->ga_data + sp->ts_curi++; if (*ftp->ft_from != *p) { sp->ts_curi = gap->ga_len; break; } if (STRNCMP(ftp->ft_from, p, STRLEN(ftp->ft_from)) == 0 && TRY_DEEPER(su, stack, depth, SCORE_REP)) { go_deeper(stack, depth, SCORE_REP); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: replace %s with %s"", sp->ts_twordlen, tword, fword + sp->ts_fidx, ftp->ft_from, ftp->ft_to); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_UNDO; ++depth; fl = (int)STRLEN(ftp->ft_from); tl = (int)STRLEN(ftp->ft_to); if (fl != tl) { STRMOVE(p + tl, p + fl); repextra += tl - fl; } mch_memmove(p, ftp->ft_to, tl); stack[depth].ts_fidxtry = sp->ts_fidx + tl; stack[depth].ts_tcharlen = 0; break; } } if (sp->ts_curi >= gap->ga_len && sp->ts_state == STATE_REP) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; } break; case STATE_REP_UNDO: if (soundfold) gap = &slang->sl_repsal; else gap = &lp->lp_replang->sl_rep; ftp = (fromto_T *)gap->ga_data + sp->ts_curi - 1; fl = (int)STRLEN(ftp->ft_from); tl = (int)STRLEN(ftp->ft_to); p = fword + sp->ts_fidx; if (fl != tl) { STRMOVE(p + fl, p + tl); repextra -= tl - fl; } mch_memmove(p, ftp->ft_from, fl); PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP; break; default: --depth; if (depth >= 0 && stack[depth].ts_prefixdepth == PFD_PREFIXTREE) { byts = pbyts; idxs = pidxs; } if (--breakcheckcount == 0) { ui_breakcheck(); breakcheckcount = 1000; #ifdef FEAT_RELTIME if (spell_suggest_timeout > 0 && profile_passed_limit(&time_limit)) got_int = TRUE; #endif } } } }",visit repo url,src/spellsuggest.c,https://github.com/vim/vim,143526481923881,1 3877,['CWE-119'],"static int lbs_scan_create_channel_list(struct lbs_private *priv, struct chanscanparamset *scanchanlist) { struct region_channel *scanregion; struct chan_freq_power *cfp; int rgnidx; int chanidx; int nextchan; uint8_t scantype; chanidx = 0; scantype = CMD_SCAN_TYPE_ACTIVE; for (rgnidx = 0; rgnidx < ARRAY_SIZE(priv->region_channel); rgnidx++) { if (priv->enable11d && (priv->connect_status != LBS_CONNECTED) && (priv->mesh_connect_status != LBS_CONNECTED)) { if (!priv->universal_channel[rgnidx].valid) continue; scanregion = &priv->universal_channel[rgnidx]; memset(&priv->parsed_region_chan, 0x00, sizeof(priv->parsed_region_chan)); } else { if (!priv->region_channel[rgnidx].valid) continue; scanregion = &priv->region_channel[rgnidx]; } for (nextchan = 0; nextchan < scanregion->nrcfp; nextchan++, chanidx++) { struct chanscanparamset *chan = &scanchanlist[chanidx]; cfp = scanregion->CFP + nextchan; if (priv->enable11d) scantype = lbs_get_scan_type_11d(cfp->channel, &priv->parsed_region_chan); if (scanregion->band == BAND_B || scanregion->band == BAND_G) chan->radiotype = CMD_SCAN_RADIO_TYPE_BG; if (scantype == CMD_SCAN_TYPE_PASSIVE) { chan->maxscantime = cpu_to_le16(MRVDRV_PASSIVE_SCAN_CHAN_TIME); chan->chanscanmode.passivescan = 1; } else { chan->maxscantime = cpu_to_le16(MRVDRV_ACTIVE_SCAN_CHAN_TIME); chan->chanscanmode.passivescan = 0; } chan->channumber = cfp->channel; } } return chanidx; }",linux-2.6,,,97133248476021733562389449216210883606,0 2636,CWE-125,"PHP_FUNCTION( locale_get_region ) { get_icu_value_src_php( LOC_REGION_TAG , INTERNAL_FUNCTION_PARAM_PASSTHRU ); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,133999914020226,1 1855,CWE-416,"void rose_stop_timer(struct sock *sk) { del_timer(&rose_sk(sk)->timer); }",visit repo url,net/rose/rose_timer.c,https://github.com/torvalds/linux,240700467408386,1 58,['CWE-787'],"static int cirrus_bitblt_cputovideo(CirrusVGAState * s) { int w; s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC; s->cirrus_srcptr = &s->cirrus_bltbuf[0]; s->cirrus_srcptr_end = &s->cirrus_bltbuf[0]; if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) { if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) { s->cirrus_blt_srcpitch = 8; } else { s->cirrus_blt_srcpitch = 8 * 8 * s->cirrus_blt_pixelwidth; } s->cirrus_srccounter = s->cirrus_blt_srcpitch; } else { if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) { w = s->cirrus_blt_width / s->cirrus_blt_pixelwidth; if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_DWORDGRANULARITY) s->cirrus_blt_srcpitch = ((w + 31) >> 5); else s->cirrus_blt_srcpitch = ((w + 7) >> 3); } else { s->cirrus_blt_srcpitch = (s->cirrus_blt_width + 3) & ~3; } s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height; } s->cirrus_srcptr = s->cirrus_bltbuf; s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch; cirrus_update_memory_access(s); return 1; }",qemu,,,182255418906972706419317108259439593249,0 2119,CWE-416,"nvkm_vmm_put_locked(struct nvkm_vmm *vmm, struct nvkm_vma *vma) { const struct nvkm_vmm_page *page = vmm->func->page; struct nvkm_vma *next = vma; BUG_ON(vma->part); if (vma->mapref || !vma->sparse) { do { const bool map = next->memory != NULL; const u8 refd = next->refd; const u64 addr = next->addr; u64 size = next->size; while ((next = node(next, next)) && next->part && (next->memory != NULL) == map && (next->refd == refd)) size += next->size; if (map) { nvkm_vmm_ptes_unmap_put(vmm, &page[refd], addr, size, vma->sparse); } else if (refd != NVKM_VMA_PAGE_NONE) { nvkm_vmm_ptes_put(vmm, &page[refd], addr, size); } } while (next && next->part); } next = vma; do { if (next->memory) nvkm_vmm_unmap_region(vmm, next); } while ((next = node(vma, next)) && next->part); if (vma->sparse && !vma->mapref) { nvkm_vmm_ptes_sparse_put(vmm, &page[vma->refd], vma->addr, vma->size); } else if (vma->sparse) { nvkm_vmm_ptes_sparse(vmm, vma->addr, vma->size, false); } rb_erase(&vma->tree, &vmm->root); vma->page = NVKM_VMA_PAGE_NONE; vma->refd = NVKM_VMA_PAGE_NONE; vma->used = false; vma->user = false; nvkm_vmm_put_region(vmm, vma); }",visit repo url,drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c,https://github.com/torvalds/linux,195933593672850,1 6477,[],"find_module (lt_dlhandle *handle, const char *dir, const char *libdir, const char *dlname, const char *old_name, int installed, lt_dladvise advise) { if (old_name && tryall_dlopen (handle, old_name, advise, lt_dlloader_find (""lt_preopen"") ) == 0) { return 0; } if (dlname) { if (installed && libdir) { if (tryall_dlopen_module (handle, (const char *) 0, libdir, dlname, advise) == 0) return 0; } if (!installed) { if (tryall_dlopen_module (handle, dir, objdir, dlname, advise) == 0) return 0; } { if (dir && (tryall_dlopen_module (handle, (const char *) 0, dir, dlname, advise) == 0)) return 0; } } return 1; }",libtool,,,45447065521208170367846050920044981870,0 5937,CWE-120,"Jsi_RC Jsi_RegExpMatch(Jsi_Interp *interp, Jsi_Value *pattern, const char *v, int *rc, Jsi_DString *dStr) { Jsi_Regex *re; int regexec_flags = 0; if (rc) *rc = 0; if (pattern == NULL || pattern->vt != JSI_VT_OBJECT || pattern->d.obj->ot != JSI_OT_REGEXP) return Jsi_LogError(""expected pattern""); re = pattern->d.obj->d.robj; regex_t *reg = &re->reg; regmatch_t pos = {}; if (dStr) Jsi_DSInit(dStr); int r = regexec(reg, v, 1, &pos, regexec_flags); if (r >= REG_BADPAT) { char buf[100]; regerror(r, reg, buf, sizeof(buf)); return Jsi_LogError(""error while matching pattern: %s"", buf); } if (r != REG_NOMATCH) { if (rc) *rc = 1; if (dStr && pos.rm_so >= 0 && pos.rm_eo >= 0 && pos.rm_eo >= pos.rm_so) Jsi_DSAppendLen(dStr, v + pos.rm_so, pos.rm_eo - pos.rm_so); } return JSI_OK; }",visit repo url,src/jsiRegexp.c,https://github.com/pcmacdon/jsish,39476191899584,1 6328,CWE-295,"int main_configure(char *arg1, char *arg2) { int cmdline_status; cmdline_status=options_cmdline(arg1, arg2); if(cmdline_status) return cmdline_status; options_apply(); str_canary_init(); log_open(SINK_SYSLOG); if(bind_ports()) return 1; #ifdef HAVE_CHROOT if(change_root()) return 1; #endif if(drop_privileges(1)) return 1; if(log_open(SINK_OUTFILE)) return 1; #ifndef USE_FORK num_clients=0; #endif log_flush(LOG_MODE_CONFIGURED); return 0; }",visit repo url,src/stunnel.c,https://github.com/mtrojnar/stunnel,66645756570668,1 5033,CWE-191,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 3664,CWE-119,"int main(int argc, char *argv[]) { opj_dinfo_t* dinfo; opj_event_mgr_t event_mgr; int tnum; unsigned int snum; opj_mj2_t *movie; mj2_tk_t *track; mj2_sample_t *sample; unsigned char* frame_codestream; FILE *file, *outfile; char outfilename[50]; mj2_dparameters_t parameters; if (argc != 3) { printf(""Usage: %s mj2filename output_location\n"", argv[0]); printf(""Example: %s foreman.mj2 output/foreman\n"", argv[0]); return 1; } file = fopen(argv[1], ""rb""); if (!file) { fprintf(stderr, ""failed to open %s for reading\n"", argv[1]); return 1; } memset(&event_mgr, 0, sizeof(opj_event_mgr_t)); event_mgr.error_handler = error_callback; event_mgr.warning_handler = warning_callback; event_mgr.info_handler = info_callback; dinfo = mj2_create_decompress(); opj_set_event_mgr((opj_common_ptr)dinfo, &event_mgr, stderr); memset(¶meters, 0, sizeof(mj2_dparameters_t)); movie = (opj_mj2_t*) dinfo->mj2_handle; mj2_setup_decoder(movie, ¶meters); if (mj2_read_struct(file, movie)) { return 1; } tnum = 0; while (movie->tk[tnum].track_type != 0) { tnum ++; } track = &movie->tk[tnum]; fprintf(stdout, ""Extracting %d frames from file...\n"", track->num_samples); for (snum = 0; snum < track->num_samples; snum++) { sample = &track->sample[snum]; frame_codestream = (unsigned char*) malloc(sample->sample_size - 8); fseek(file, sample->offset + 8, SEEK_SET); fread(frame_codestream, sample->sample_size - 8, 1, file); sprintf(outfilename, ""%s_%05d.j2k"", argv[2], snum); outfile = fopen(outfilename, ""wb""); if (!outfile) { fprintf(stderr, ""failed to open %s for writing\n"", outfilename); return 1; } fwrite(frame_codestream, sample->sample_size - 8, 1, outfile); fclose(outfile); free(frame_codestream); } fclose(file); fprintf(stdout, ""%d frames correctly extracted\n"", snum); if (dinfo) { mj2_destroy_decompress((opj_mj2_t*)dinfo->mj2_handle); } return 0; }",visit repo url,src/bin/mj2/opj_mj2_extract.c,https://github.com/uclouvain/openjpeg,187264464091594,1 5226,CWE-116,"print_perm_line (int idx, GPtrArray *items, int cols) { g_autoptr(GString) res = g_string_new (NULL); int i; g_string_append_printf (res, "" [%d] %s"", idx, (char *) items->pdata[0]); for (i = 1; i < items->len; i++) { char *p; int len; p = strrchr (res->str, '\n'); if (!p) p = res->str; len = (res->str + strlen (res->str)) - p; if (len + strlen ((char *) items->pdata[i]) + 2 >= cols) g_string_append_printf (res, "",\n %s"", (char *) items->pdata[i]); else g_string_append_printf (res, "", %s"", (char *) items->pdata[i]); } g_print (""%s\n"", res->str); }",visit repo url,app/flatpak-cli-transaction.c,https://github.com/flatpak/flatpak,137067907549573,1 6606,['CWE-200'],"nma_menu_add_devices (GtkWidget *menu, NMApplet *applet) { const GPtrArray *temp = NULL; GSList *devices = NULL, *iter = NULL; gint n_wifi_devices = 0; gint n_usable_wifi_devices = 0; gint n_wired_devices = 0; gint n_mb_devices = 0; int i; temp = nm_client_get_devices (applet->nm_client); for (i = 0; temp && (i < temp->len); i++) devices = g_slist_append (devices, g_ptr_array_index (temp, i)); if (devices) devices = g_slist_sort (devices, sort_devices); for (iter = devices; iter; iter = iter->next) { NMDevice *device = NM_DEVICE (iter->data); if (!(nm_device_get_capabilities (device) & NM_DEVICE_CAP_NM_SUPPORTED)) continue; if (NM_IS_DEVICE_WIFI (device)) { n_wifi_devices++; if ( nm_client_wireless_get_enabled (applet->nm_client) && (nm_device_get_state (device) >= NM_DEVICE_STATE_DISCONNECTED)) n_usable_wifi_devices++; } else if (NM_IS_DEVICE_ETHERNET (device)) n_wired_devices++; else if (NM_IS_CDMA_DEVICE (device) || NM_IS_GSM_DEVICE (device)) n_mb_devices++; } if (!n_wired_devices && !n_wifi_devices && !n_mb_devices) { nma_menu_add_text_item (menu, _(""No network devices available"")); goto out; } for (iter = devices; iter; iter = iter->next) { NMDevice *device = NM_DEVICE (iter->data); gint n_devices = 0; NMADeviceClass *dclass; NMConnection *active; if (!(nm_device_get_capabilities (device) & NM_DEVICE_CAP_NM_SUPPORTED)) continue; if (NM_IS_DEVICE_WIFI (device)) n_devices = n_wifi_devices; else if (NM_IS_DEVICE_ETHERNET (device)) n_devices = n_wired_devices; else if (NM_IS_CDMA_DEVICE (device) || NM_IS_GSM_DEVICE (device)) n_devices = n_mb_devices; active = applet_find_active_connection_for_device (device, applet, NULL); dclass = get_device_class (device, applet); if (dclass) dclass->add_menu_item (device, n_devices, active, menu, applet); } out: g_slist_free (devices); return n_usable_wifi_devices; }",network-manager-applet,,,180039823008507318149748008412976171705,0 1674,[],"static void __update_rq_clock(struct rq *rq) { u64 prev_raw = rq->prev_clock_raw; u64 now = sched_clock(); s64 delta = now - prev_raw; u64 clock = rq->clock; #ifdef CONFIG_SCHED_DEBUG WARN_ON_ONCE(cpu_of(rq) != smp_processor_id()); #endif if (unlikely(delta < 0)) { clock++; rq->clock_warps++; } else { u64 max_jump = max_skipped_ticks(rq) * TICK_NSEC; u64 max_time = rq->tick_timestamp + max_jump; if (unlikely(clock + delta > max_time)) { if (clock < max_time) clock = max_time; else clock++; rq->clock_overflows++; } else { if (unlikely(delta > rq->clock_max_delta)) rq->clock_max_delta = delta; clock += delta; } } rq->prev_clock_raw = now; rq->clock = clock; }",linux-2.6,,,254862540538728992142564399118377068672,0 1271,CWE-362,"static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *raw_data) { struct super_block *s; struct ecryptfs_sb_info *sbi; struct ecryptfs_dentry_info *root_info; const char *err = ""Getting sb failed""; struct inode *inode; struct path path; int rc; sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL); if (!sbi) { rc = -ENOMEM; goto out; } rc = ecryptfs_parse_options(sbi, raw_data); if (rc) { err = ""Error parsing options""; goto out; } s = sget(fs_type, NULL, set_anon_super, NULL); if (IS_ERR(s)) { rc = PTR_ERR(s); goto out; } s->s_flags = flags; rc = bdi_setup_and_register(&sbi->bdi, ""ecryptfs"", BDI_CAP_MAP_COPY); if (rc) goto out1; ecryptfs_set_superblock_private(s, sbi); s->s_bdi = &sbi->bdi; sbi = NULL; s->s_op = &ecryptfs_sops; s->s_d_op = &ecryptfs_dops; err = ""Reading sb failed""; rc = kern_path(dev_name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path); if (rc) { ecryptfs_printk(KERN_WARNING, ""kern_path() failed\n""); goto out1; } if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) { rc = -EINVAL; printk(KERN_ERR ""Mount on filesystem of type "" ""eCryptfs explicitly disallowed due to "" ""known incompatibilities\n""); goto out_free; } ecryptfs_set_superblock_lower(s, path.dentry->d_sb); s->s_maxbytes = path.dentry->d_sb->s_maxbytes; s->s_blocksize = path.dentry->d_sb->s_blocksize; s->s_magic = ECRYPTFS_SUPER_MAGIC; inode = ecryptfs_get_inode(path.dentry->d_inode, s); rc = PTR_ERR(inode); if (IS_ERR(inode)) goto out_free; s->s_root = d_alloc_root(inode); if (!s->s_root) { iput(inode); rc = -ENOMEM; goto out_free; } rc = -ENOMEM; root_info = kmem_cache_zalloc(ecryptfs_dentry_info_cache, GFP_KERNEL); if (!root_info) goto out_free; ecryptfs_set_dentry_private(s->s_root, root_info); ecryptfs_set_dentry_lower(s->s_root, path.dentry); ecryptfs_set_dentry_lower_mnt(s->s_root, path.mnt); s->s_flags |= MS_ACTIVE; return dget(s->s_root); out_free: path_put(&path); out1: deactivate_locked_super(s); out: if (sbi) { ecryptfs_destroy_mount_crypt_stat(&sbi->mount_crypt_stat); kmem_cache_free(ecryptfs_sb_info_cache, sbi); } printk(KERN_ERR ""%s; rc = [%d]\n"", err, rc); return ERR_PTR(rc); }",visit repo url,fs/ecryptfs/main.c,https://github.com/torvalds/linux,278814133131574,1 5120,['CWE-20'],"static void fix_pmode_dataseg(int seg, struct kvm_save_segment *save) { struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg]; if (vmcs_readl(sf->base) == save->base && (save->base & AR_S_MASK)) { vmcs_write16(sf->selector, save->selector); vmcs_writel(sf->base, save->base); vmcs_write32(sf->limit, save->limit); vmcs_write32(sf->ar_bytes, save->ar); } else { u32 dpl = (vmcs_read16(sf->selector) & SELECTOR_RPL_MASK) << AR_DPL_SHIFT; vmcs_write32(sf->ar_bytes, 0x93 | dpl); } }",linux-2.6,,,19129360614920551921549739820580551006,0 5455,CWE-617,"update_bar_address(struct vmctx *ctx, struct pci_vdev *dev, uint64_t addr, int idx, int type, bool ignore_reg_unreg) { bool decode = false; uint64_t orig_addr = dev->bar[idx].addr; if (!ignore_reg_unreg) { if (dev->bar[idx].type == PCIBAR_IO) decode = porten(dev); else decode = memen(dev); } if (decode) unregister_bar(dev, idx); switch (type) { case PCIBAR_IO: case PCIBAR_MEM32: dev->bar[idx].addr = addr; break; case PCIBAR_MEM64: dev->bar[idx].addr &= ~0xffffffffUL; dev->bar[idx].addr |= addr; break; case PCIBAR_MEMHI64: dev->bar[idx].addr &= 0xffffffff; dev->bar[idx].addr |= addr; break; default: assert(0); } if (decode) register_bar(dev, idx); if (dev->dev_ops->vdev_update_bar_map && decode) dev->dev_ops->vdev_update_bar_map(ctx, dev, idx, orig_addr); }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,19044493179151,1 3552,['CWE-20'],"sctp_disposition_t sctp_sf_do_prm_asoc(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *repl; struct sctp_association* my_asoc; sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_COOKIE_WAIT)); repl = sctp_make_init(asoc, &asoc->base.bind_addr, GFP_ATOMIC, 0); if (!repl) goto nomem; my_asoc = (struct sctp_association *)asoc; sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(my_asoc)); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_CHOOSE_TRANSPORT, SCTP_CHUNK(repl)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); return SCTP_DISPOSITION_CONSUME; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,67698448849279540389463083523021194884,0 2068,NVD-CWE-noinfo,"sg_build_indirect(Sg_scatter_hold * schp, Sg_fd * sfp, int buff_size) { int ret_sz = 0, i, k, rem_sz, num, mx_sc_elems; int sg_tablesize = sfp->parentdp->sg_tablesize; int blk_size = buff_size, order; gfp_t gfp_mask = GFP_ATOMIC | __GFP_COMP | __GFP_NOWARN; struct sg_device *sdp = sfp->parentdp; if (blk_size < 0) return -EFAULT; if (0 == blk_size) ++blk_size; blk_size = ALIGN(blk_size, SG_SECTOR_SZ); SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sfp->parentdp, ""sg_build_indirect: buff_size=%d, blk_size=%d\n"", buff_size, blk_size)); mx_sc_elems = sg_build_sgat(schp, sfp, sg_tablesize); if (mx_sc_elems < 0) return mx_sc_elems; num = scatter_elem_sz; if (unlikely(num != scatter_elem_sz_prev)) { if (num < PAGE_SIZE) { scatter_elem_sz = PAGE_SIZE; scatter_elem_sz_prev = PAGE_SIZE; } else scatter_elem_sz_prev = num; } if (sdp->device->host->unchecked_isa_dma) gfp_mask |= GFP_DMA; if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SYS_RAWIO)) gfp_mask |= __GFP_ZERO; order = get_order(num); retry: ret_sz = 1 << (PAGE_SHIFT + order); for (k = 0, rem_sz = blk_size; rem_sz > 0 && k < mx_sc_elems; k++, rem_sz -= ret_sz) { num = (rem_sz > scatter_elem_sz_prev) ? scatter_elem_sz_prev : rem_sz; schp->pages[k] = alloc_pages(gfp_mask, order); if (!schp->pages[k]) goto out; if (num == scatter_elem_sz_prev) { if (unlikely(ret_sz > scatter_elem_sz_prev)) { scatter_elem_sz = ret_sz; scatter_elem_sz_prev = ret_sz; } } SCSI_LOG_TIMEOUT(5, sg_printk(KERN_INFO, sfp->parentdp, ""sg_build_indirect: k=%d, num=%d, ret_sz=%d\n"", k, num, ret_sz)); } schp->page_order = order; schp->k_use_sg = k; SCSI_LOG_TIMEOUT(5, sg_printk(KERN_INFO, sfp->parentdp, ""sg_build_indirect: k_use_sg=%d, rem_sz=%d\n"", k, rem_sz)); schp->bufflen = blk_size; if (rem_sz > 0) return -ENOMEM; return 0; out: for (i = 0; i < k; i++) __free_pages(schp->pages[i], order); if (--order >= 0) goto retry; return -ENOMEM; }",visit repo url,drivers/scsi/sg.c,https://github.com/torvalds/linux,86691341000841,1 1558,CWE-264,"static void bt_tags_for_each(struct blk_mq_tags *tags, struct blk_mq_bitmap_tags *bt, unsigned int off, busy_tag_iter_fn *fn, void *data, bool reserved) { struct request *rq; int bit, i; if (!tags->rqs) return; for (i = 0; i < bt->map_nr; i++) { struct blk_align_bitmap *bm = &bt->map[i]; for (bit = find_first_bit(&bm->word, bm->depth); bit < bm->depth; bit = find_next_bit(&bm->word, bm->depth, bit + 1)) { rq = blk_mq_tag_to_rq(tags, off + bit); fn(rq, data, reserved); } off += (1 << bt->bits_per_word); } }",visit repo url,block/blk-mq-tag.c,https://github.com/torvalds/linux,244808224400453,1 1726,[],"account_entity_enqueue(struct cfs_rq *cfs_rq, struct sched_entity *se) { update_load_add(&cfs_rq->load, se->load.weight); if (!parent_entity(se)) inc_cpu_load(rq_of(cfs_rq), se->load.weight); if (entity_is_task(se)) add_cfs_task_weight(cfs_rq, se->load.weight); cfs_rq->nr_running++; se->on_rq = 1; list_add(&se->group_node, &cfs_rq->tasks); }",linux-2.6,,,208637522593368165131813459133737014249,0 927,['CWE-200'],"static int shmem_create(struct inode *dir, struct dentry *dentry, int mode, struct nameidata *nd) { return shmem_mknod(dir, dentry, mode | S_IFREG, 0); }",linux-2.6,,,321533812571246122758447146624943840333,0 5366,CWE-193,"static void ssdp_recv(int sd) { ssize_t len; struct sockaddr sa; socklen_t salen; char buf[MAX_PKT_SIZE]; memset(buf, 0, sizeof(buf)); len = recvfrom(sd, buf, sizeof(buf), MSG_DONTWAIT, &sa, &salen); if (len > 0) { buf[len] = 0; if (sa.sa_family != AF_INET) return; if (strstr(buf, ""M-SEARCH *"")) { size_t i; char *ptr, *type; struct ifsock *ifs; struct sockaddr_in *sin = (struct sockaddr_in *)&sa; ifs = find_outbound(&sa); if (!ifs) { logit(LOG_DEBUG, ""No matching socket for client %s"", inet_ntoa(sin->sin_addr)); return; } logit(LOG_DEBUG, ""Matching socket for client %s"", inet_ntoa(sin->sin_addr)); type = strcasestr(buf, ""\r\nST:""); if (!type) { logit(LOG_DEBUG, ""No Search Type (ST:) found in M-SEARCH *, assuming "" SSDP_ST_ALL); type = SSDP_ST_ALL; send_message(ifs, type, &sa); return; } type = strchr(type, ':'); if (!type) return; type++; while (isspace(*type)) type++; ptr = strstr(type, ""\r\n""); if (!ptr) return; *ptr = 0; for (i = 0; supported_types[i]; i++) { if (!strcmp(supported_types[i], type)) { logit(LOG_DEBUG, ""M-SEARCH * ST: %s from %s port %d"", type, inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); send_message(ifs, type, &sa); return; } } logit(LOG_DEBUG, ""M-SEARCH * for unsupported ST: %s from %s"", type, inet_ntoa(sin->sin_addr)); } } }",visit repo url,ssdpd.c,https://github.com/troglobit/ssdp-responder,215720258129999,1 6022,['CWE-200'],"static __inline__ int cbq_dump_wrr(struct sk_buff *skb, struct cbq_class *cl) { unsigned char *b = skb->tail; struct tc_cbq_wrropt opt; opt.flags = 0; opt.allot = cl->allot; opt.priority = cl->priority+1; opt.cpriority = cl->cpriority+1; opt.weight = cl->weight; RTA_PUT(skb, TCA_CBQ_WRROPT, sizeof(opt), &opt); return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,60533124528135460869267196103235345691,0 1078,CWE-20,"void rose_write_internal(struct sock *sk, int frametype) { struct rose_sock *rose = rose_sk(sk); struct sk_buff *skb; unsigned char *dptr; unsigned char lci1, lci2; char buffer[100]; int len, faclen = 0; len = AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + ROSE_MIN_LEN + 1; switch (frametype) { case ROSE_CALL_REQUEST: len += 1 + ROSE_ADDR_LEN + ROSE_ADDR_LEN; faclen = rose_create_facilities(buffer, rose); len += faclen; break; case ROSE_CALL_ACCEPTED: case ROSE_CLEAR_REQUEST: case ROSE_RESET_REQUEST: len += 2; break; } if ((skb = alloc_skb(len, GFP_ATOMIC)) == NULL) return; skb_reserve(skb, AX25_BPQ_HEADER_LEN + AX25_MAX_HEADER_LEN + 1); dptr = skb_put(skb, skb_tailroom(skb)); lci1 = (rose->lci >> 8) & 0x0F; lci2 = (rose->lci >> 0) & 0xFF; switch (frametype) { case ROSE_CALL_REQUEST: *dptr++ = ROSE_GFI | lci1; *dptr++ = lci2; *dptr++ = frametype; *dptr++ = 0xAA; memcpy(dptr, &rose->dest_addr, ROSE_ADDR_LEN); dptr += ROSE_ADDR_LEN; memcpy(dptr, &rose->source_addr, ROSE_ADDR_LEN); dptr += ROSE_ADDR_LEN; memcpy(dptr, buffer, faclen); dptr += faclen; break; case ROSE_CALL_ACCEPTED: *dptr++ = ROSE_GFI | lci1; *dptr++ = lci2; *dptr++ = frametype; *dptr++ = 0x00; *dptr++ = 0; break; case ROSE_CLEAR_REQUEST: *dptr++ = ROSE_GFI | lci1; *dptr++ = lci2; *dptr++ = frametype; *dptr++ = rose->cause; *dptr++ = rose->diagnostic; break; case ROSE_RESET_REQUEST: *dptr++ = ROSE_GFI | lci1; *dptr++ = lci2; *dptr++ = frametype; *dptr++ = ROSE_DTE_ORIGINATED; *dptr++ = 0; break; case ROSE_RR: case ROSE_RNR: *dptr++ = ROSE_GFI | lci1; *dptr++ = lci2; *dptr = frametype; *dptr++ |= (rose->vr << 5) & 0xE0; break; case ROSE_CLEAR_CONFIRMATION: case ROSE_RESET_CONFIRMATION: *dptr++ = ROSE_GFI | lci1; *dptr++ = lci2; *dptr++ = frametype; break; default: printk(KERN_ERR ""ROSE: rose_write_internal - invalid frametype %02X\n"", frametype); kfree_skb(skb); return; } rose_transmit_link(skb, rose->neighbour); }",visit repo url,net/rose/rose_subr.c,https://github.com/torvalds/linux,35229371464841,1 2419,CWE-119,"static int store_icy(URLContext *h, int size) { HTTPContext *s = h->priv_data; int remaining = s->icy_metaint - s->icy_data_read; if (remaining < 0) return AVERROR_INVALIDDATA; if (!remaining) { uint8_t ch; int len = http_read_stream_all(h, &ch, 1); if (len < 0) return len; if (ch > 0) { char data[255 * 16 + 1]; int ret; len = ch * 16; ret = http_read_stream_all(h, data, len); if (ret < 0) return ret; data[len + 1] = 0; if ((ret = av_opt_set(s, ""icy_metadata_packet"", data, 0)) < 0) return ret; update_metadata(s, data); } s->icy_data_read = 0; remaining = s->icy_metaint; } return FFMIN(size, remaining); }",visit repo url,libavformat/http.c,https://github.com/FFmpeg/FFmpeg,64493862422989,1 989,CWE-189,"static void kvm_unpin_pages(struct kvm *kvm, pfn_t pfn, unsigned long npages) { unsigned long i; for (i = 0; i < npages; ++i) kvm_release_pfn_clean(pfn + i); }",visit repo url,virt/kvm/iommu.c,https://github.com/torvalds/linux,213960059936437,1 4048,['CWE-362'],"static inline __s32 inotify_add_watch(struct inotify_handle *ih, struct inotify_watch *watch, struct inode *inode, __u32 mask) { return -EOPNOTSUPP; }",linux-2.6,,,130872724695033709318507075546021451825,0 3789,[],"static int unix_listen(struct socket *sock, int backlog) { int err; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); err = -EOPNOTSUPP; if (sock->type!=SOCK_STREAM && sock->type!=SOCK_SEQPACKET) goto out; err = -EINVAL; if (!u->addr) goto out; unix_state_lock(sk); if (sk->sk_state != TCP_CLOSE && sk->sk_state != TCP_LISTEN) goto out_unlock; if (backlog > sk->sk_max_ack_backlog) wake_up_interruptible_all(&u->peer_wait); sk->sk_max_ack_backlog = backlog; sk->sk_state = TCP_LISTEN; sk->sk_peercred.pid = current->tgid; sk->sk_peercred.uid = current->euid; sk->sk_peercred.gid = current->egid; err = 0; out_unlock: unix_state_unlock(sk); out: return err; }",linux-2.6,,,213817001700875898417784878888306367890,0 6295,NVD-CWE-noinfo,"static void save_client_addr(struct ip_addr *client_ip, uint8_t *hwaddr) { uint8_t d = (uint8_t)ip4_addr4(client_ip); xSemaphoreTake(dhcps_ip_table_semaphore, portMAX_DELAY); memcpy(ip_table.client_mac[d], hwaddr, 6); #if (debug_dhcps) printf(""\r\n%s: ip %d.%d.%d.%d, hwaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x\n"", __func__, ip4_addr1(client_ip), ip4_addr2(client_ip), ip4_addr3(client_ip), ip4_addr4(client_ip), hwaddr[0], hwaddr[1], hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]); #endif xSemaphoreGive(dhcps_ip_table_semaphore); }",visit repo url,component/common/network/dhcp/dhcps.c,https://github.com/ambiot/amb1_sdk,279158469290413,1 2586,[],"static int exec_grep(int argc, const char **argv) { pid_t pid; int status; argv[argc] = NULL; pid = fork(); if (pid < 0) return pid; if (!pid) { execvp(""grep"", (char **) argv); exit(255); } while (waitpid(pid, &status, 0) < 0) { if (errno == EINTR) continue; return -1; } if (WIFEXITED(status)) { if (!WEXITSTATUS(status)) return 1; return 0; } return -1; }",git,,,130620948247332009512582666812130752071,0 2552,CWE-399,"cib_recv_tls(gnutls_session * session) { char *buf = NULL; int rc = 0; int len = 0; int chunk_size = 1024; if (session == NULL) { return NULL; } buf = calloc(1, chunk_size); while (TRUE) { errno = 0; rc = gnutls_record_recv(*session, buf + len, chunk_size); crm_trace(""Got %d more bytes. errno=%d"", rc, errno); if (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN) { crm_trace(""Retry""); } else if (rc == GNUTLS_E_UNEXPECTED_PACKET_LENGTH) { crm_trace(""Session disconnected""); goto bail; } else if (rc < 0) { crm_err(""Error receiving message: %s (%d)"", gnutls_strerror(rc), rc); goto bail; } else if (rc == chunk_size) { len += rc; chunk_size *= 2; buf = realloc(buf, len + chunk_size); crm_trace(""Retry with %d more bytes"", (int)chunk_size); CRM_ASSERT(buf != NULL); } else if (buf[len + rc - 1] != 0) { crm_trace(""Last char is %d '%c'"", buf[len + rc - 1], buf[len + rc - 1]); crm_trace(""Retry with %d more bytes"", (int)chunk_size); len += rc; buf = realloc(buf, len + chunk_size); CRM_ASSERT(buf != NULL); } else { crm_trace(""Got %d more bytes"", (int)rc); return buf; } } bail: free(buf); return NULL; }",visit repo url,lib/common/remote.c,https://github.com/ClusterLabs/pacemaker,151441945806436,1 1891,['CWE-20'],"void pud_clear_bad(pud_t *pud) { pud_ERROR(*pud); pud_clear(pud); }",linux-2.6,,,104654580017157498926712104076488206911,0 5285,['CWE-119'],"static struct tun_struct *tun_get(struct file *file) { return __tun_get(file->private_data); }",linux-2.6,,,115253595356349709382171879868611649922,0 3210,CWE-125,"l2tp_accm_print(netdissect_options *ndo, const u_char *dat) { const uint16_t *ptr = (const uint16_t *)dat; uint16_t val_h, val_l; ptr++; val_h = EXTRACT_16BITS(ptr); ptr++; val_l = EXTRACT_16BITS(ptr); ptr++; ND_PRINT((ndo, ""send=%08x "", (val_h<<16) + val_l)); val_h = EXTRACT_16BITS(ptr); ptr++; val_l = EXTRACT_16BITS(ptr); ptr++; ND_PRINT((ndo, ""recv=%08x "", (val_h<<16) + val_l)); }",visit repo url,print-l2tp.c,https://github.com/the-tcpdump-group/tcpdump,163120132898957,1 3465,['CWE-20'],"static int sctp_verify_ext_param(union sctp_params param) { __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); int have_auth = 0; int have_asconf = 0; int i; for (i = 0; i < num_ext; i++) { switch (param.ext->chunks[i]) { case SCTP_CID_AUTH: have_auth = 1; break; case SCTP_CID_ASCONF: case SCTP_CID_ASCONF_ACK: have_asconf = 1; break; } } if (sctp_addip_noauth) return 1; if (sctp_addip_enable && !have_auth && have_asconf) return 0; return 1; }",linux-2.6,,,123801894020228190742911327025119973305,0 18,['CWE-264'],"static int sqlite_handle_commit(pdo_dbh_t *dbh TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; char *errmsg = NULL; if (sqlite3_exec(H->db, ""COMMIT"", NULL, NULL, &errmsg) != SQLITE_OK) { pdo_sqlite_error(dbh); if (errmsg) sqlite3_free(errmsg); return 0; } return 1; }",php-src,,,207446557111677945394695466997973279182,0 1894,CWE-763,"static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn) { #define BPF_INSN_2_LBL(x, y) [BPF_##x | BPF_##y] = &&x##_##y #define BPF_INSN_3_LBL(x, y, z) [BPF_##x | BPF_##y | BPF_##z] = &&x##_##y##_##z static const void * const jumptable[256] __annotate_jump_table = { [0 ... 255] = &&default_label, BPF_INSN_MAP(BPF_INSN_2_LBL, BPF_INSN_3_LBL), [BPF_JMP | BPF_CALL_ARGS] = &&JMP_CALL_ARGS, [BPF_JMP | BPF_TAIL_CALL] = &&JMP_TAIL_CALL, [BPF_ST | BPF_NOSPEC] = &&ST_NOSPEC, [BPF_LDX | BPF_PROBE_MEM | BPF_B] = &&LDX_PROBE_MEM_B, [BPF_LDX | BPF_PROBE_MEM | BPF_H] = &&LDX_PROBE_MEM_H, [BPF_LDX | BPF_PROBE_MEM | BPF_W] = &&LDX_PROBE_MEM_W, [BPF_LDX | BPF_PROBE_MEM | BPF_DW] = &&LDX_PROBE_MEM_DW, }; #undef BPF_INSN_3_LBL #undef BPF_INSN_2_LBL u32 tail_call_cnt = 0; #define CONT ({ insn++; goto select_insn; }) #define CONT_JMP ({ insn++; goto select_insn; }) select_insn: goto *jumptable[insn->code]; #define SHT(OPCODE, OP) \ ALU64_##OPCODE##_X: \ DST = DST OP (SRC & 63); \ CONT; \ ALU_##OPCODE##_X: \ DST = (u32) DST OP ((u32) SRC & 31); \ CONT; \ ALU64_##OPCODE##_K: \ DST = DST OP IMM; \ CONT; \ ALU_##OPCODE##_K: \ DST = (u32) DST OP (u32) IMM; \ CONT; #define ALU(OPCODE, OP) \ ALU64_##OPCODE##_X: \ DST = DST OP SRC; \ CONT; \ ALU_##OPCODE##_X: \ DST = (u32) DST OP (u32) SRC; \ CONT; \ ALU64_##OPCODE##_K: \ DST = DST OP IMM; \ CONT; \ ALU_##OPCODE##_K: \ DST = (u32) DST OP (u32) IMM; \ CONT; ALU(ADD, +) ALU(SUB, -) ALU(AND, &) ALU(OR, |) ALU(XOR, ^) ALU(MUL, *) SHT(LSH, <<) SHT(RSH, >>) #undef SHT #undef ALU ALU_NEG: DST = (u32) -DST; CONT; ALU64_NEG: DST = -DST; CONT; ALU_MOV_X: DST = (u32) SRC; CONT; ALU_MOV_K: DST = (u32) IMM; CONT; ALU64_MOV_X: DST = SRC; CONT; ALU64_MOV_K: DST = IMM; CONT; LD_IMM_DW: DST = (u64) (u32) insn[0].imm | ((u64) (u32) insn[1].imm) << 32; insn++; CONT; ALU_ARSH_X: DST = (u64) (u32) (((s32) DST) >> (SRC & 31)); CONT; ALU_ARSH_K: DST = (u64) (u32) (((s32) DST) >> IMM); CONT; ALU64_ARSH_X: (*(s64 *) &DST) >>= (SRC & 63); CONT; ALU64_ARSH_K: (*(s64 *) &DST) >>= IMM; CONT; ALU64_MOD_X: div64_u64_rem(DST, SRC, &AX); DST = AX; CONT; ALU_MOD_X: AX = (u32) DST; DST = do_div(AX, (u32) SRC); CONT; ALU64_MOD_K: div64_u64_rem(DST, IMM, &AX); DST = AX; CONT; ALU_MOD_K: AX = (u32) DST; DST = do_div(AX, (u32) IMM); CONT; ALU64_DIV_X: DST = div64_u64(DST, SRC); CONT; ALU_DIV_X: AX = (u32) DST; do_div(AX, (u32) SRC); DST = (u32) AX; CONT; ALU64_DIV_K: DST = div64_u64(DST, IMM); CONT; ALU_DIV_K: AX = (u32) DST; do_div(AX, (u32) IMM); DST = (u32) AX; CONT; ALU_END_TO_BE: switch (IMM) { case 16: DST = (__force u16) cpu_to_be16(DST); break; case 32: DST = (__force u32) cpu_to_be32(DST); break; case 64: DST = (__force u64) cpu_to_be64(DST); break; } CONT; ALU_END_TO_LE: switch (IMM) { case 16: DST = (__force u16) cpu_to_le16(DST); break; case 32: DST = (__force u32) cpu_to_le32(DST); break; case 64: DST = (__force u64) cpu_to_le64(DST); break; } CONT; JMP_CALL: BPF_R0 = (__bpf_call_base + insn->imm)(BPF_R1, BPF_R2, BPF_R3, BPF_R4, BPF_R5); CONT; JMP_CALL_ARGS: BPF_R0 = (__bpf_call_base_args + insn->imm)(BPF_R1, BPF_R2, BPF_R3, BPF_R4, BPF_R5, insn + insn->off + 1); CONT; JMP_TAIL_CALL: { struct bpf_map *map = (struct bpf_map *) (unsigned long) BPF_R2; struct bpf_array *array = container_of(map, struct bpf_array, map); struct bpf_prog *prog; u32 index = BPF_R3; if (unlikely(index >= array->map.max_entries)) goto out; if (unlikely(tail_call_cnt >= MAX_TAIL_CALL_CNT)) goto out; tail_call_cnt++; prog = READ_ONCE(array->ptrs[index]); if (!prog) goto out; insn = prog->insnsi; goto select_insn; out: CONT; } JMP_JA: insn += insn->off; CONT; JMP_EXIT: return BPF_R0; #define COND_JMP(SIGN, OPCODE, CMP_OP) \ JMP_##OPCODE##_X: \ if ((SIGN##64) DST CMP_OP (SIGN##64) SRC) { \ insn += insn->off; \ CONT_JMP; \ } \ CONT; \ JMP32_##OPCODE##_X: \ if ((SIGN##32) DST CMP_OP (SIGN##32) SRC) { \ insn += insn->off; \ CONT_JMP; \ } \ CONT; \ JMP_##OPCODE##_K: \ if ((SIGN##64) DST CMP_OP (SIGN##64) IMM) { \ insn += insn->off; \ CONT_JMP; \ } \ CONT; \ JMP32_##OPCODE##_K: \ if ((SIGN##32) DST CMP_OP (SIGN##32) IMM) { \ insn += insn->off; \ CONT_JMP; \ } \ CONT; COND_JMP(u, JEQ, ==) COND_JMP(u, JNE, !=) COND_JMP(u, JGT, >) COND_JMP(u, JLT, <) COND_JMP(u, JGE, >=) COND_JMP(u, JLE, <=) COND_JMP(u, JSET, &) COND_JMP(s, JSGT, >) COND_JMP(s, JSLT, <) COND_JMP(s, JSGE, >=) COND_JMP(s, JSLE, <=) #undef COND_JMP ST_NOSPEC: #ifdef CONFIG_X86 barrier_nospec(); #endif CONT; #define LDST(SIZEOP, SIZE) \ STX_MEM_##SIZEOP: \ *(SIZE *)(unsigned long) (DST + insn->off) = SRC; \ CONT; \ ST_MEM_##SIZEOP: \ *(SIZE *)(unsigned long) (DST + insn->off) = IMM; \ CONT; \ LDX_MEM_##SIZEOP: \ DST = *(SIZE *)(unsigned long) (SRC + insn->off); \ CONT; \ LDX_PROBE_MEM_##SIZEOP: \ bpf_probe_read_kernel(&DST, sizeof(SIZE), \ (const void *)(long) (SRC + insn->off)); \ DST = *((SIZE *)&DST); \ CONT; LDST(B, u8) LDST(H, u16) LDST(W, u32) LDST(DW, u64) #undef LDST #define ATOMIC_ALU_OP(BOP, KOP) \ case BOP: \ if (BPF_SIZE(insn->code) == BPF_W) \ atomic_##KOP((u32) SRC, (atomic_t *)(unsigned long) \ (DST + insn->off)); \ else \ atomic64_##KOP((u64) SRC, (atomic64_t *)(unsigned long) \ (DST + insn->off)); \ break; \ case BOP | BPF_FETCH: \ if (BPF_SIZE(insn->code) == BPF_W) \ SRC = (u32) atomic_fetch_##KOP( \ (u32) SRC, \ (atomic_t *)(unsigned long) (DST + insn->off)); \ else \ SRC = (u64) atomic64_fetch_##KOP( \ (u64) SRC, \ (atomic64_t *)(unsigned long) (DST + insn->off)); \ break; STX_ATOMIC_DW: STX_ATOMIC_W: switch (IMM) { ATOMIC_ALU_OP(BPF_ADD, add) ATOMIC_ALU_OP(BPF_AND, and) ATOMIC_ALU_OP(BPF_OR, or) ATOMIC_ALU_OP(BPF_XOR, xor) #undef ATOMIC_ALU_OP case BPF_XCHG: if (BPF_SIZE(insn->code) == BPF_W) SRC = (u32) atomic_xchg( (atomic_t *)(unsigned long) (DST + insn->off), (u32) SRC); else SRC = (u64) atomic64_xchg( (atomic64_t *)(unsigned long) (DST + insn->off), (u64) SRC); break; case BPF_CMPXCHG: if (BPF_SIZE(insn->code) == BPF_W) BPF_R0 = (u32) atomic_cmpxchg( (atomic_t *)(unsigned long) (DST + insn->off), (u32) BPF_R0, (u32) SRC); else BPF_R0 = (u64) atomic64_cmpxchg( (atomic64_t *)(unsigned long) (DST + insn->off), (u64) BPF_R0, (u64) SRC); break; default: goto default_label; } CONT; default_label: pr_warn(""BPF interpreter: unknown opcode %02x (imm: 0x%x)\n"", insn->code, insn->imm); BUG_ON(1); return 0; }",visit repo url,kernel/bpf/core.c,https://github.com/torvalds/linux,257839648018182,1 4079,CWE-416,"struct lib_t* MACH0_(get_libs)(struct MACH0_(obj_t)* bin) { struct lib_t *libs; int i; if (!bin->nlibs) return NULL; if (!(libs = calloc ((bin->nlibs + 1), sizeof(struct lib_t)))) return NULL; for (i = 0; i < bin->nlibs; i++) { strncpy (libs[i].name, bin->libs[i], R_BIN_MACH0_STRING_LENGTH); libs[i].name[R_BIN_MACH0_STRING_LENGTH-1] = '\0'; libs[i].last = 0; } libs[i].last = 1; return libs; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radare/radare2,45858721649713,1 732,CWE-20,"static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int copied = 0; int target; int err = 0; long timeo; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; err = -EAGAIN; if (sk->sk_state == CAIF_CONNECTING) goto out; caif_read_lock(sk); target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); do { int chunk; struct sk_buff *skb; lock_sock(sk); skb = skb_dequeue(&sk->sk_receive_queue); caif_check_flow_release(sk); if (skb == NULL) { if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; err = -ECONNRESET; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; err = -EPIPE; if (sk->sk_state != CAIF_CONNECTED) goto unlock; if (sock_flag(sk, SOCK_DEAD)) goto unlock; release_sock(sk); err = -EAGAIN; if (!timeo) break; caif_read_unlock(sk); timeo = caif_stream_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } caif_read_lock(sk); continue; unlock: release_sock(sk); break; } release_sock(sk); chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); caif_read_unlock(sk); out: return copied ? : err; }",visit repo url,net/caif/caif_socket.c,https://github.com/torvalds/linux,221882276043621,1 1883,['CWE-189'],"_gnutls_read_client_hello (gnutls_session_t session, opaque * data, int datalen) { uint8_t session_id_len; int pos = 0, ret; uint16_t suite_size, comp_size; gnutls_protocol_t adv_version; int neg_version; int len = datalen; opaque rnd[TLS_RANDOM_SIZE], *suite_ptr, *comp_ptr; if (session->internals.v2_hello != 0) { return _gnutls_read_client_hello_v2 (session, data, datalen); } DECR_LEN (len, 2); _gnutls_handshake_log (""HSK[%x]: Client's version: %d.%d\n"", session, data[pos], data[pos + 1]); adv_version = _gnutls_version_get (data[pos], data[pos + 1]); set_adv_version (session, data[pos], data[pos + 1]); pos += 2; neg_version = _gnutls_negotiate_version( session, adv_version); if (neg_version < 0) { gnutls_assert(); return neg_version; } DECR_LEN (len, TLS_RANDOM_SIZE); _gnutls_set_client_random (session, &data[pos]); pos += TLS_RANDOM_SIZE; _gnutls_tls_create_random (rnd); _gnutls_set_server_random (session, rnd); session->security_parameters.timestamp = time (NULL); DECR_LEN (len, 1); session_id_len = data[pos++]; if (session_id_len > TLS_MAX_SESSION_ID_SIZE) { gnutls_assert (); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } DECR_LEN (len, session_id_len); ret = _gnutls_server_restore_session (session, &data[pos], session_id_len); pos += session_id_len; if (ret == 0) { resume_copy_required_values (session); session->internals.resumed = RESUME_TRUE; return _gnutls_user_hello_func( session, adv_version); } else { _gnutls_generate_session_id (session->security_parameters. session_id, &session->security_parameters. session_id_size); session->internals.resumed = RESUME_FALSE; } DECR_LEN (len, 2); suite_size = _gnutls_read_uint16 (&data[pos]); pos += 2; DECR_LEN (len, suite_size); suite_ptr = &data[pos]; pos += suite_size; DECR_LEN (len, 1); comp_size = data[pos++]; DECR_LEN (len, comp_size); comp_ptr = &data[pos]; pos += comp_size; if (neg_version >= GNUTLS_TLS1) { ret = _gnutls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); if (ret < 0) { gnutls_assert (); return ret; } } ret = _gnutls_user_hello_func( session, adv_version); if (ret < 0) { gnutls_assert(); return ret; } if (neg_version >= GNUTLS_TLS1) { ret = _gnutls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); if (ret < 0) { gnutls_assert (); return ret; } } ret = _gnutls_server_select_suite (session, suite_ptr, suite_size); if (ret < 0) { gnutls_assert (); return ret; } ret = _gnutls_server_select_comp_method (session, comp_ptr, comp_size); if (ret < 0) { gnutls_assert (); return ret; } return 0; }",gnutls,,,39306871543120951795510876797009900472,0 2687,[],"static long sctp_get_port_local(struct sock *sk, union sctp_addr *addr) { struct sctp_bind_hashbucket *head; struct sctp_bind_bucket *pp; struct hlist_node *node; unsigned short snum; int ret; snum = ntohs(addr->v4.sin_port); SCTP_DEBUG_PRINTK(""sctp_get_port() begins, snum=%d\n"", snum); sctp_local_bh_disable(); if (snum == 0) { int low, high, remaining, index; unsigned int rover; inet_get_local_port_range(&low, &high); remaining = (high - low) + 1; rover = net_random() % remaining + low; do { rover++; if ((rover < low) || (rover > high)) rover = low; index = sctp_phashfn(rover); head = &sctp_port_hashtable[index]; sctp_spin_lock(&head->lock); sctp_for_each_hentry(pp, node, &head->chain) if (pp->port == rover) goto next; break; next: sctp_spin_unlock(&head->lock); } while (--remaining > 0); ret = 1; if (remaining <= 0) goto fail; snum = rover; } else { head = &sctp_port_hashtable[sctp_phashfn(snum)]; sctp_spin_lock(&head->lock); sctp_for_each_hentry(pp, node, &head->chain) { if (pp->port == snum) goto pp_found; } } pp = NULL; goto pp_not_found; pp_found: if (!hlist_empty(&pp->owner)) { int reuse = sk->sk_reuse; struct sock *sk2; struct hlist_node *node; SCTP_DEBUG_PRINTK(""sctp_get_port() found a possible match\n""); if (pp->fastreuse && sk->sk_reuse && sk->sk_state != SCTP_SS_LISTENING) goto success; sk_for_each_bound(sk2, node, &pp->owner) { struct sctp_endpoint *ep2; ep2 = sctp_sk(sk2)->ep; if (sk == sk2 || (reuse && sk2->sk_reuse && sk2->sk_state != SCTP_SS_LISTENING)) continue; if (sctp_bind_addr_conflict(&ep2->base.bind_addr, addr, sctp_sk(sk2), sctp_sk(sk))) { ret = (long)sk2; goto fail_unlock; } } SCTP_DEBUG_PRINTK(""sctp_get_port(): Found a match\n""); } pp_not_found: ret = 1; if (!pp && !(pp = sctp_bucket_create(head, snum))) goto fail_unlock; if (hlist_empty(&pp->owner)) { if (sk->sk_reuse && sk->sk_state != SCTP_SS_LISTENING) pp->fastreuse = 1; else pp->fastreuse = 0; } else if (pp->fastreuse && (!sk->sk_reuse || sk->sk_state == SCTP_SS_LISTENING)) pp->fastreuse = 0; success: if (!sctp_sk(sk)->bind_hash) { inet_sk(sk)->num = snum; sk_add_bind_node(sk, &pp->owner); sctp_sk(sk)->bind_hash = pp; } ret = 0; fail_unlock: sctp_spin_unlock(&head->lock); fail: sctp_local_bh_enable(); return ret; }",linux-2.6,,,257311152898359121963146531634168203736,0 6640,CWE-122,"de265_error seq_parameter_set::read(error_queue* errqueue, bitreader* br) { int vlc; video_parameter_set_id = get_bits(br,4); sps_max_sub_layers = get_bits(br,3) +1; if (sps_max_sub_layers>7) { return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } sps_temporal_id_nesting_flag = get_bits(br,1); profile_tier_level_.read(br, sps_max_sub_layers); READ_VLC(seq_parameter_set_id, uvlc); if (seq_parameter_set_id >= DE265_MAX_SPS_SETS) { return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } READ_VLC(chroma_format_idc, uvlc); if (chroma_format_idc == 3) { separate_colour_plane_flag = get_bits(br,1); } else { separate_colour_plane_flag = 0; } if (chroma_format_idc<0 || chroma_format_idc>3) { errqueue->add_warning(DE265_WARNING_INVALID_CHROMA_FORMAT, false); return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } READ_VLC(pic_width_in_luma_samples, uvlc); READ_VLC(pic_height_in_luma_samples, uvlc); if (pic_width_in_luma_samples == 0 || pic_height_in_luma_samples == 0) { return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } if (pic_width_in_luma_samples > MAX_PICTURE_WIDTH || pic_height_in_luma_samples> MAX_PICTURE_HEIGHT) { return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } conformance_window_flag = get_bits(br,1); if (conformance_window_flag) { READ_VLC(conf_win_left_offset, uvlc); READ_VLC(conf_win_right_offset, uvlc); READ_VLC(conf_win_top_offset, uvlc); READ_VLC(conf_win_bottom_offset,uvlc); } else { conf_win_left_offset = 0; conf_win_right_offset = 0; conf_win_top_offset = 0; conf_win_bottom_offset= 0; } READ_VLC_OFFSET(bit_depth_luma, uvlc, 8); READ_VLC_OFFSET(bit_depth_chroma,uvlc, 8); if (bit_depth_luma > 16 || bit_depth_chroma > 16) { errqueue->add_warning(DE265_WARNING_SPS_HEADER_INVALID, false); return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } READ_VLC_OFFSET(log2_max_pic_order_cnt_lsb, uvlc, 4); if (log2_max_pic_order_cnt_lsb<4 || log2_max_pic_order_cnt_lsb>16) { errqueue->add_warning(DE265_WARNING_SPS_HEADER_INVALID, false); return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } MaxPicOrderCntLsb = 1<<(log2_max_pic_order_cnt_lsb); sps_sub_layer_ordering_info_present_flag = get_bits(br,1); int firstLayer = (sps_sub_layer_ordering_info_present_flag ? 0 : sps_max_sub_layers-1 ); for (int i=firstLayer ; i <= sps_max_sub_layers-1; i++ ) { vlc=get_uvlc(br); if (vlc == UVLC_ERROR || vlc+1 > MAX_NUM_REF_PICS) { errqueue->add_warning(DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE, false); return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } sps_max_dec_pic_buffering[i] = vlc+1; READ_VLC(sps_max_num_reorder_pics[i], uvlc); READ_VLC(sps_max_latency_increase_plus1[i], uvlc); SpsMaxLatencyPictures[i] = (sps_max_num_reorder_pics[i] + sps_max_latency_increase_plus1[i]-1); } if (sps_sub_layer_ordering_info_present_flag) { int ref = sps_max_sub_layers-1; assert(ref<7); for (int i=0 ; i < sps_max_sub_layers-1; i++ ) { sps_max_dec_pic_buffering[i] = sps_max_dec_pic_buffering[ref]; sps_max_num_reorder_pics[i] = sps_max_num_reorder_pics[ref]; sps_max_latency_increase_plus1[i] = sps_max_latency_increase_plus1[ref]; } } READ_VLC_OFFSET(log2_min_luma_coding_block_size, uvlc, 3); READ_VLC (log2_diff_max_min_luma_coding_block_size, uvlc); READ_VLC_OFFSET(log2_min_transform_block_size, uvlc, 2); READ_VLC(log2_diff_max_min_transform_block_size, uvlc); READ_VLC(max_transform_hierarchy_depth_inter, uvlc); READ_VLC(max_transform_hierarchy_depth_intra, uvlc); if (log2_min_luma_coding_block_size > 6) { return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } if (log2_min_luma_coding_block_size + log2_diff_max_min_luma_coding_block_size > 6) { return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } if (log2_min_transform_block_size > 5) { return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } if (log2_min_transform_block_size + log2_diff_max_min_transform_block_size > 5) { return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } scaling_list_enable_flag = get_bits(br,1); if (scaling_list_enable_flag) { sps_scaling_list_data_present_flag = get_bits(br,1); if (sps_scaling_list_data_present_flag) { de265_error err; if ((err=read_scaling_list(br,this, &scaling_list, false)) != DE265_OK) { return err; } } else { set_default_scaling_lists(&scaling_list); } } amp_enabled_flag = get_bits(br,1); sample_adaptive_offset_enabled_flag = get_bits(br,1); pcm_enabled_flag = get_bits(br,1); if (pcm_enabled_flag) { pcm_sample_bit_depth_luma = get_bits(br,4)+1; pcm_sample_bit_depth_chroma = get_bits(br,4)+1; READ_VLC_OFFSET(log2_min_pcm_luma_coding_block_size, uvlc, 3); READ_VLC(log2_diff_max_min_pcm_luma_coding_block_size, uvlc); pcm_loop_filter_disable_flag = get_bits(br,1); if (pcm_sample_bit_depth_luma > bit_depth_luma) { errqueue->add_warning(DE265_WARNING_PCM_BITDEPTH_TOO_LARGE, false); return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } if (pcm_sample_bit_depth_chroma > bit_depth_chroma) { errqueue->add_warning(DE265_WARNING_PCM_BITDEPTH_TOO_LARGE, false); return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } } else { pcm_sample_bit_depth_luma = 0; pcm_sample_bit_depth_chroma = 0; log2_min_pcm_luma_coding_block_size = 0; log2_diff_max_min_pcm_luma_coding_block_size = 0; pcm_loop_filter_disable_flag = 0; } int num_short_term_ref_pic_sets; READ_VLC(num_short_term_ref_pic_sets, uvlc); if (num_short_term_ref_pic_sets < 0 || num_short_term_ref_pic_sets > 64) { errqueue->add_warning(DE265_WARNING_NUMBER_OF_SHORT_TERM_REF_PIC_SETS_OUT_OF_RANGE, false); return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } ref_pic_sets.resize(num_short_term_ref_pic_sets); for (int i = 0; i < num_short_term_ref_pic_sets; i++) { bool success = read_short_term_ref_pic_set(errqueue,this,br, &ref_pic_sets[i], i, ref_pic_sets, false); if (!success) { return DE265_WARNING_SPS_HEADER_INVALID; } } long_term_ref_pics_present_flag = get_bits(br,1); if (long_term_ref_pics_present_flag) { READ_VLC(num_long_term_ref_pics_sps, uvlc); if (num_long_term_ref_pics_sps > MAX_NUM_LT_REF_PICS_SPS) { return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE; } for (int i = 0; i < num_long_term_ref_pics_sps; i++ ) { lt_ref_pic_poc_lsb_sps[i] = get_bits(br, log2_max_pic_order_cnt_lsb); used_by_curr_pic_lt_sps_flag[i] = get_bits(br,1); } } else { num_long_term_ref_pics_sps = 0; } sps_temporal_mvp_enabled_flag = get_bits(br,1); strong_intra_smoothing_enable_flag = get_bits(br,1); vui_parameters_present_flag = get_bits(br,1); if (vui_parameters_present_flag) { vui.read(errqueue, br, this); } sps_extension_present_flag = get_bits(br,1); if (sps_extension_present_flag) { sps_range_extension_flag = get_bits(br,1); sps_multilayer_extension_flag = get_bits(br,1); sps_extension_6bits = get_bits(br,6); } else { sps_range_extension_flag = 0; } if (sps_range_extension_flag) { de265_error err = range_extension.read(errqueue, br); if (err != DE265_OK) { return err; } } de265_error err = compute_derived_values(); if (err != DE265_OK) { return err; } sps_read = true; return DE265_OK; }",visit repo url,libde265/sps.cc,https://github.com/strukturag/libde265,175245445977484,1 5051,CWE-190,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 1684,[],"void idle_task_exit(void) { struct mm_struct *mm = current->active_mm; BUG_ON(cpu_online(smp_processor_id())); if (mm != &init_mm) switch_mm(mm, &init_mm, current); mmdrop(mm); }",linux-2.6,,,288080324747980810347085017192943072523,0 3781,[],"static void scan_inflight(struct sock *x, void (*func)(struct sock *), struct sk_buff_head *hitlist) { struct sk_buff *skb; struct sk_buff *next; spin_lock(&x->sk_receive_queue.lock); receive_queue_for_each_skb(x, next, skb) { if (UNIXCB(skb).fp) { bool hit = false; int nfd = UNIXCB(skb).fp->count; struct file **fp = UNIXCB(skb).fp->fp; while (nfd--) { struct sock *sk = unix_get_socket(*fp++); if(sk) { hit = true; func(sk); } } if (hit && hitlist != NULL) { __skb_unlink(skb, &x->sk_receive_queue); __skb_queue_tail(hitlist, skb); } } } spin_unlock(&x->sk_receive_queue.lock); }",linux-2.6,,,233907040316139828400255463819606740716,0 4458,CWE-787,"static void WritePixel(struct ngiflib_img * i, struct ngiflib_decode_context * context, u8 v) { struct ngiflib_gif * p = i->parent; if(v!=i->gce.transparent_color || !i->gce.transparent_flag) { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif *context->frbuff_p.p8 = v; #ifndef NGIFLIB_INDEXED_ONLY } else *context->frbuff_p.p32 = GifIndexToTrueColor(i->palette, v); #endif } if(--(context->Xtogo) <= 0) { #ifdef NGIFLIB_ENABLE_CALLBACKS if(p->line_cb) p->line_cb(p, context->line_p, context->curY); #endif context->Xtogo = i->width; switch(context->pass) { case 0: context->curY++; break; case 1: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 4; } break; case 2: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 2; } break; case 3: context->curY += 4; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 1; } break; case 4: context->curY += 2; break; } #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width; context->frbuff_p.p8 = context->line_p.p8 + i->posX; #else context->frbuff_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width + i->posX; #endif #ifndef NGIFLIB_INDEXED_ONLY } else { #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width; context->frbuff_p.p32 = context->line_p.p32 + i->posX; #else context->frbuff_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width + i->posX; #endif } #endif } else { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif context->frbuff_p.p8++; #ifndef NGIFLIB_INDEXED_ONLY } else { context->frbuff_p.p32++; } #endif } }",visit repo url,ngiflib.c,https://github.com/miniupnp/ngiflib,7890393301892,1 3098,CWE-119,"int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { char *str; ASN1_TIME atm; long offset; char buff1[24], buff2[24], *p; int i, j; p = buff1; i = ctm->length; str = (char *)ctm->data; if (ctm->type == V_ASN1_UTCTIME) { if ((i < 11) || (i > 17)) return 0; memcpy(p, str, 10); p += 10; str += 10; } else { if (i < 13) return 0; memcpy(p, str, 12); p += 12; str += 12; } if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++) = '0'; *(p++) = '0'; } else { *(p++) = *(str++); *(p++) = *(str++); if (*str == '.') { str++; while ((*str >= '0') && (*str <= '9')) str++; } } *(p++) = 'Z'; *(p++) = '\0'; if (*str == 'Z') offset = 0; else { if ((*str != '+') && (*str != '-')) return 0; offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; offset += (str[3] - '0') * 10 + (str[4] - '0'); if (*str == '-') offset = -offset; } atm.type = ctm->type; atm.flags = 0; atm.length = sizeof(buff2); atm.data = (unsigned char *)buff2; if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) return 0; if (ctm->type == V_ASN1_UTCTIME) { i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); if (i < 50) i += 100; j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); if (j < 50) j += 100; if (i < j) return -1; if (i > j) return 1; } i = strcmp(buff1, buff2); if (i == 0) return -1; else return i; }",visit repo url,crypto/x509/x509_vfy.c,https://github.com/openssl/openssl,64149917035887,1 342,CWE-362,"static void put_ucounts(struct ucounts *ucounts) { unsigned long flags; if (atomic_dec_and_test(&ucounts->count)) { spin_lock_irqsave(&ucounts_lock, flags); hlist_del_init(&ucounts->node); spin_unlock_irqrestore(&ucounts_lock, flags); kfree(ucounts); } }",visit repo url,kernel/ucount.c,https://github.com/torvalds/linux,151822748577366,1 5844,['CWE-200'],"static int econet_notifier(struct notifier_block *this, unsigned long msg, void *data) { struct net_device *dev = (struct net_device *)data; struct ec_device *edev; if (!net_eq(dev_net(dev), &init_net)) return NOTIFY_DONE; switch (msg) { case NETDEV_UNREGISTER: edev = dev->ec_ptr; if (edev) { if (net2dev_map[0] == dev) net2dev_map[0] = NULL; net2dev_map[edev->net] = NULL; kfree(edev); dev->ec_ptr = NULL; } break; } return NOTIFY_DONE; }",linux-2.6,,,321696865844790297785766330233509088851,0 4713,CWE-78,"static void cmd_parse_lsub(struct ImapData *idata, char *s) { char buf[STRING]; char errstr[STRING]; struct Buffer err, token; struct Url url; struct ImapList list; if (idata->cmddata && idata->cmdtype == IMAP_CT_LIST) { cmd_parse_list(idata, s); return; } if (!ImapCheckSubscribed) return; idata->cmdtype = IMAP_CT_LIST; idata->cmddata = &list; cmd_parse_list(idata, s); idata->cmddata = NULL; if (!list.name || list.noselect) return; mutt_debug(3, ""Subscribing to %s\n"", list.name); mutt_str_strfcpy(buf, ""mailboxes \"""", sizeof(buf)); mutt_account_tourl(&idata->conn->account, &url); imap_quote_string(errstr, sizeof(errstr), list.name); url.path = errstr + 1; url.path[strlen(url.path) - 1] = '\0'; if (mutt_str_strcmp(url.user, ImapUser) == 0) url.user = NULL; url_tostring(&url, buf + 11, sizeof(buf) - 11, 0); mutt_str_strcat(buf, sizeof(buf), ""\""""); mutt_buffer_init(&token); mutt_buffer_init(&err); err.data = errstr; err.dsize = sizeof(errstr); if (mutt_parse_rc_line(buf, &token, &err)) mutt_debug(1, ""Error adding subscribed mailbox: %s\n"", errstr); FREE(&token.data); }",visit repo url,imap/command.c,https://github.com/neomutt/neomutt,44879147197278,1 6513,CWE-476,"static ram_addr_t find_ram_offset(struct uc_struct *uc, ram_addr_t size) { RAMBlock *block, *next_block; ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX; assert(size != 0); if (QLIST_EMPTY(&uc->ram_list.blocks)) { return 0; } RAMBLOCK_FOREACH(block) { ram_addr_t candidate, next = RAM_ADDR_MAX; candidate = block->offset + block->max_length; candidate = ROUND_UP(candidate, BITS_PER_LONG << TARGET_PAGE_BITS); RAMBLOCK_FOREACH(next_block) { if (next_block->offset >= candidate) { next = MIN(next, next_block->offset); } } if (next - candidate >= size && next - candidate < mingap) { offset = candidate; mingap = next - candidate; } } if (offset == RAM_ADDR_MAX) { fprintf(stderr, ""Failed to find gap of requested size: %"" PRIu64 ""\n"", (uint64_t)size); abort(); } return offset; }",visit repo url,qemu/exec.c,https://github.com/unicorn-engine/unicorn,174626572241499,1 5820,NVD-CWE-Other,"static ssize_t _epoll_write(oe_fd_t* epoll_, const void* buf, size_t count) { ssize_t ret = -1; epoll_t* epoll = _cast_epoll(epoll_); oe_errno = 0; if (oe_syscall_write_ocall(&ret, epoll->host_fd, buf, count) != OE_OK) OE_RAISE_ERRNO(OE_EINVAL); done: return ret; }",visit repo url,syscall/devices/hostepoll/hostepoll.c,https://github.com/openenclave/openenclave,133161369849784,1 1992,['CWE-20'],"static inline int is_cow_mapping(unsigned int flags) { return (flags & (VM_SHARED | VM_MAYWRITE)) == VM_MAYWRITE; }",linux-2.6,,,169270760150627463978815962007626095517,0 4323,CWE-125,"int main(int argc, char *argv[]) { libettercap_init(); ef_globals_alloc(); select_text_interface(); libettercap_ui_init(); fprintf(stdout, ""\n"" EC_COLOR_BOLD ""%s %s"" EC_COLOR_END "" copyright %s %s\n\n"", PROGRAM, EC_VERSION, EC_COPYRIGHT, EC_AUTHORS); EF_GBL->lineno = 1; parse_options(argc, argv); if (EF_GBL_OPTIONS->source_file) { yyin = fopen(EF_GBL_OPTIONS->source_file, ""r""); if (yyin == NULL) FATAL_ERROR(""Input file not found !""); } else { FATAL_ERROR(""No source file.""); } setbuf(yyin, NULL); setbuf(stdout, NULL); setbuf(stderr, NULL); load_tables(); load_constants(); fprintf(stdout, ""\n Parsing source file \'%s\' "", EF_GBL_OPTIONS->source_file); fflush(stdout); ef_debug(1, ""\n""); if (yyparse() == 0) fprintf(stdout, "" done.\n\n""); else fprintf(stdout, ""\n\nThe script contains errors...\n\n""); if (write_output() != E_SUCCESS) FATAL_ERROR(""Cannot write output file (%s)"", EF_GBL_OPTIONS->output_file); ef_globals_free(); return 0; }",visit repo url,utils/etterfilter/ef_main.c,https://github.com/LocutusOfBorg/ettercap,228483089638135,1 5956,['CWE-200'],"static struct inet6_ifaddr *if6_get_first(struct seq_file *seq) { struct inet6_ifaddr *ifa = NULL; struct if6_iter_state *state = seq->private; for (state->bucket = 0; state->bucket < IN6_ADDR_HSIZE; ++state->bucket) { ifa = inet6_addr_lst[state->bucket]; if (ifa) break; } return ifa; }",linux-2.6,,,204728320970597749725756160539362973795,0 3047,['CWE-189'],"void jas_matrix_clip(jas_matrix_t *matrix, jas_seqent_t minval, jas_seqent_t maxval) { int i; int j; jas_seqent_t v; jas_seqent_t *rowstart; jas_seqent_t *data; int rowstep; if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) { assert(matrix->rows_); rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { data = rowstart; for (j = matrix->numcols_, data = rowstart; j > 0; --j, ++data) { v = *data; if (v < minval) { *data = minval; } else if (v > maxval) { *data = maxval; } } } } }",jasper,,,35396328342202705423692777469096547295,0 3190,CWE-125,"zephyr_print(netdissect_options *ndo, const u_char *cp, int length) { struct z_packet z; const char *parse = (const char *) cp; int parselen = length; const char *s; int lose = 0; z.kind = 0; z.class = 0; z.inst = 0; z.opcode = 0; z.sender = 0; z.recipient = 0; #define PARSE_STRING \ s = parse_field(ndo, &parse, &parselen); \ if (!s) lose = 1; #define PARSE_FIELD_INT(field) \ PARSE_STRING \ if (!lose) field = strtol(s, 0, 16); #define PARSE_FIELD_STR(field) \ PARSE_STRING \ if (!lose) field = s; PARSE_FIELD_STR(z.version); if (lose) return; if (strncmp(z.version, ""ZEPH"", 4)) return; PARSE_FIELD_INT(z.numfields); PARSE_FIELD_INT(z.kind); PARSE_FIELD_STR(z.uid); PARSE_FIELD_INT(z.port); PARSE_FIELD_INT(z.auth); PARSE_FIELD_INT(z.authlen); PARSE_FIELD_STR(z.authdata); PARSE_FIELD_STR(z.class); PARSE_FIELD_STR(z.inst); PARSE_FIELD_STR(z.opcode); PARSE_FIELD_STR(z.sender); PARSE_FIELD_STR(z.recipient); PARSE_FIELD_STR(z.format); PARSE_FIELD_INT(z.cksum); PARSE_FIELD_INT(z.multi); PARSE_FIELD_STR(z.multi_uid); if (lose) { ND_PRINT((ndo, "" [|zephyr] (%d)"", length)); return; } ND_PRINT((ndo, "" zephyr"")); if (strncmp(z.version+4, ""0.2"", 3)) { ND_PRINT((ndo, "" v%s"", z.version+4)); return; } ND_PRINT((ndo, "" %s"", tok2str(z_types, ""type %d"", z.kind))); if (z.kind == Z_PACKET_SERVACK) { const char *ackdata = NULL; PARSE_FIELD_STR(ackdata); if (!lose && strcmp(ackdata, ""SENT"")) ND_PRINT((ndo, ""/%s"", str_to_lower(ackdata))); } if (*z.sender) ND_PRINT((ndo, "" %s"", z.sender)); if (!strcmp(z.class, ""USER_LOCATE"")) { if (!strcmp(z.opcode, ""USER_HIDE"")) ND_PRINT((ndo, "" hide"")); else if (!strcmp(z.opcode, ""USER_UNHIDE"")) ND_PRINT((ndo, "" unhide"")); else ND_PRINT((ndo, "" locate %s"", z.inst)); return; } if (!strcmp(z.class, ""ZEPHYR_ADMIN"")) { ND_PRINT((ndo, "" zephyr-admin %s"", str_to_lower(z.opcode))); return; } if (!strcmp(z.class, ""ZEPHYR_CTL"")) { if (!strcmp(z.inst, ""CLIENT"")) { if (!strcmp(z.opcode, ""SUBSCRIBE"") || !strcmp(z.opcode, ""SUBSCRIBE_NODEFS"") || !strcmp(z.opcode, ""UNSUBSCRIBE"")) { ND_PRINT((ndo, "" %ssub%s"", strcmp(z.opcode, ""SUBSCRIBE"") ? ""un"" : """", strcmp(z.opcode, ""SUBSCRIBE_NODEFS"") ? """" : ""-nodefs"")); if (z.kind != Z_PACKET_SERVACK) { const char *c = NULL, *i = NULL, *r = NULL; PARSE_FIELD_STR(c); PARSE_FIELD_STR(i); PARSE_FIELD_STR(r); if (!lose) ND_PRINT((ndo, "" %s"", z_triple(c, i, r))); } return; } if (!strcmp(z.opcode, ""GIMME"")) { ND_PRINT((ndo, "" ret"")); return; } if (!strcmp(z.opcode, ""GIMMEDEFS"")) { ND_PRINT((ndo, "" gimme-defs"")); return; } if (!strcmp(z.opcode, ""CLEARSUB"")) { ND_PRINT((ndo, "" clear-subs"")); return; } ND_PRINT((ndo, "" %s"", str_to_lower(z.opcode))); return; } if (!strcmp(z.inst, ""HM"")) { ND_PRINT((ndo, "" %s"", str_to_lower(z.opcode))); return; } if (!strcmp(z.inst, ""REALM"")) { if (!strcmp(z.opcode, ""ADD_SUBSCRIBE"")) ND_PRINT((ndo, "" realm add-subs"")); if (!strcmp(z.opcode, ""REQ_SUBSCRIBE"")) ND_PRINT((ndo, "" realm req-subs"")); if (!strcmp(z.opcode, ""RLM_SUBSCRIBE"")) ND_PRINT((ndo, "" realm rlm-sub"")); if (!strcmp(z.opcode, ""RLM_UNSUBSCRIBE"")) ND_PRINT((ndo, "" realm rlm-unsub"")); return; } } if (!strcmp(z.class, ""HM_CTL"")) { ND_PRINT((ndo, "" hm_ctl %s"", str_to_lower(z.inst))); ND_PRINT((ndo, "" %s"", str_to_lower(z.opcode))); return; } if (!strcmp(z.class, ""HM_STAT"")) { if (!strcmp(z.inst, ""HMST_CLIENT"") && !strcmp(z.opcode, ""GIMMESTATS"")) { ND_PRINT((ndo, "" get-client-stats"")); return; } } if (!strcmp(z.class, ""WG_CTL"")) { ND_PRINT((ndo, "" wg_ctl %s"", str_to_lower(z.inst))); ND_PRINT((ndo, "" %s"", str_to_lower(z.opcode))); return; } if (!strcmp(z.class, ""LOGIN"")) { if (!strcmp(z.opcode, ""USER_FLUSH"")) { ND_PRINT((ndo, "" flush_locs"")); return; } if (!strcmp(z.opcode, ""NONE"") || !strcmp(z.opcode, ""OPSTAFF"") || !strcmp(z.opcode, ""REALM-VISIBLE"") || !strcmp(z.opcode, ""REALM-ANNOUNCED"") || !strcmp(z.opcode, ""NET-VISIBLE"") || !strcmp(z.opcode, ""NET-ANNOUNCED"")) { ND_PRINT((ndo, "" set-exposure %s"", str_to_lower(z.opcode))); return; } } if (!*z.recipient) z.recipient = ""*""; ND_PRINT((ndo, "" to %s"", z_triple(z.class, z.inst, z.recipient))); if (*z.opcode) ND_PRINT((ndo, "" op %s"", z.opcode)); }",visit repo url,print-zephyr.c,https://github.com/the-tcpdump-group/tcpdump,85592931368016,1 1148,['CWE-362'],"void dnotify_parent(struct dentry *dentry, unsigned long event) { struct dentry *parent; if (!dir_notify_enable) return; spin_lock(&dentry->d_lock); parent = dentry->d_parent; if (parent->d_inode->i_dnotify_mask & event) { dget(parent); spin_unlock(&dentry->d_lock); __inode_dir_notify(parent->d_inode, event); dput(parent); } else { spin_unlock(&dentry->d_lock); } }",linux-2.6,,,209917504689263128550677025822742851377,0 108,CWE-674,"decode_atype(const taginfo *t, const uint8_t *asn1, size_t len, const struct atype_info *a, void *val) { krb5_error_code ret; switch (a->type) { case atype_fn: { const struct fn_info *fn = a->tinfo; assert(fn->dec != NULL); return fn->dec(t, asn1, len, val); } case atype_sequence: return decode_sequence(asn1, len, a->tinfo, val); case atype_ptr: { const struct ptr_info *ptrinfo = a->tinfo; void *ptr = LOADPTR(val, ptrinfo); assert(ptrinfo->basetype != NULL); if (ptr != NULL) { return decode_atype(t, asn1, len, ptrinfo->basetype, ptr); } else { ret = decode_atype_to_ptr(t, asn1, len, ptrinfo->basetype, &ptr); if (ret) return ret; STOREPTR(ptr, ptrinfo, val); break; } } case atype_offset: { const struct offset_info *off = a->tinfo; assert(off->basetype != NULL); return decode_atype(t, asn1, len, off->basetype, (char *)val + off->dataoff); } case atype_optional: { const struct optional_info *opt = a->tinfo; return decode_atype(t, asn1, len, opt->basetype, val); } case atype_counted: { const struct counted_info *counted = a->tinfo; void *dataptr = (char *)val + counted->dataoff; size_t count; assert(counted->basetype != NULL); ret = decode_cntype(t, asn1, len, counted->basetype, dataptr, &count); if (ret) return ret; return store_count(count, counted, val); } case atype_tagged_thing: { const struct tagged_info *tag = a->tinfo; taginfo inner_tag; const taginfo *tp = t; const uint8_t *rem; size_t rlen; if (!tag->implicit) { ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen); if (ret) return ret; tp = &inner_tag; if (!check_atype_tag(tag->basetype, tp)) return ASN1_BAD_ID; } return decode_atype(tp, asn1, len, tag->basetype, val); } case atype_bool: { intmax_t intval; ret = k5_asn1_decode_bool(asn1, len, &intval); if (ret) return ret; return store_int(intval, a->size, val); } case atype_int: { intmax_t intval; ret = k5_asn1_decode_int(asn1, len, &intval); if (ret) return ret; return store_int(intval, a->size, val); } case atype_uint: { uintmax_t intval; ret = k5_asn1_decode_uint(asn1, len, &intval); if (ret) return ret; return store_uint(intval, a->size, val); } case atype_int_immediate: { const struct immediate_info *imm = a->tinfo; intmax_t intval; ret = k5_asn1_decode_int(asn1, len, &intval); if (ret) return ret; if (intval != imm->val && imm->err != 0) return imm->err; break; } default: assert(a->type != atype_nullterm_sequence_of); assert(a->type != atype_nonempty_nullterm_sequence_of); assert(a->type > atype_min); assert(a->type < atype_max); abort(); } return 0; }",visit repo url,src/lib/krb5/asn.1/asn1_encode.c,https://github.com/krb5/krb5,249203310176288,1 7,[],"inline static void mac_deinit(mac_hd_t td, opaque * res, int ver) { if (ver == GNUTLS_SSL3) { _gnutls_mac_deinit_ssl3(td, res); } else { _gnutls_hmac_deinit(td, res); } }",gnutls,,,123187747839242397648315345367591237543,0 2189,['CWE-193'],"struct page *find_or_create_page(struct address_space *mapping, pgoff_t index, gfp_t gfp_mask) { struct page *page; int err; repeat: page = find_lock_page(mapping, index); if (!page) { page = __page_cache_alloc(gfp_mask); if (!page) return NULL; err = add_to_page_cache_lru(page, mapping, index, gfp_mask); if (unlikely(err)) { page_cache_release(page); page = NULL; if (err == -EEXIST) goto repeat; } } return page; }",linux-2.6,,,195741769104888653021644015420822686255,0 3880,['CWE-119'],"static inline int is_same_network(struct bss_descriptor *src, struct bss_descriptor *dst) { return ((src->ssid_len == dst->ssid_len) && (src->channel == dst->channel) && !compare_ether_addr(src->bssid, dst->bssid) && !memcmp(src->ssid, dst->ssid, src->ssid_len)); }",linux-2.6,,,293994150630665408414945221845800089004,0 2720,[],"static int sctp_setsockopt_initmsg(struct sock *sk, char __user *optval, int optlen) { struct sctp_initmsg sinit; struct sctp_sock *sp = sctp_sk(sk); if (optlen != sizeof(struct sctp_initmsg)) return -EINVAL; if (copy_from_user(&sinit, optval, optlen)) return -EFAULT; if (sinit.sinit_num_ostreams) sp->initmsg.sinit_num_ostreams = sinit.sinit_num_ostreams; if (sinit.sinit_max_instreams) sp->initmsg.sinit_max_instreams = sinit.sinit_max_instreams; if (sinit.sinit_max_attempts) sp->initmsg.sinit_max_attempts = sinit.sinit_max_attempts; if (sinit.sinit_max_init_timeo) sp->initmsg.sinit_max_init_timeo = sinit.sinit_max_init_timeo; return 0; }",linux-2.6,,,74116363345005160146735517631052078901,0 4512,CWE-404,"GF_Err load_svg_run(GF_SceneLoader *load) { u32 in_time; GF_Err e; GF_SVG_Parser *parser = (GF_SVG_Parser *)load->loader_priv; if (!parser) { e = gf_sm_load_initialize_svg(load, NULL, GF_FALSE); if (e) return e; parser = (GF_SVG_Parser *)load->loader_priv; } in_time = gf_sys_clock(); e = gf_xml_sax_parse_file(parser->sax_parser, (const char *)load->fileName, svg_progress); if (parser->last_error<0) e = parser->last_error; if (e<0) return svg_report(parser, e, ""Unable to parse file %s: %s"", load->fileName, gf_xml_sax_get_error(parser->sax_parser) ); GF_LOG(GF_LOG_INFO, GF_LOG_PARSER, (""[Parser] Scene parsed and Scene Graph built in %d ms\n"", gf_sys_clock() - in_time)); svg_flush_animations(parser); gf_sm_svg_flush_state(parser); return e; }",visit repo url,src/scene_manager/loader_svg.c,https://github.com/gpac/gpac,6420403432848,1 4192,CWE-787,"static plist_t parse_bin_node(struct bplist_data *bplist, const char** object) { uint16_t type = 0; uint64_t size = 0; if (!object) return NULL; type = (**object) & BPLIST_MASK; size = (**object) & BPLIST_FILL; (*object)++; if (size == BPLIST_FILL) { switch (type) { case BPLIST_DATA: case BPLIST_STRING: case BPLIST_UNICODE: case BPLIST_ARRAY: case BPLIST_SET: case BPLIST_DICT: { uint16_t next_size = **object & BPLIST_FILL; if ((**object & BPLIST_MASK) != BPLIST_UINT) { PLIST_BIN_ERR(""%s: invalid size node type for node type 0x%02x: found 0x%02x, expected 0x%02x\n"", __func__, type, **object & BPLIST_MASK, BPLIST_UINT); return NULL; } (*object)++; next_size = 1 << next_size; if (*object + next_size > bplist->offset_table) { PLIST_BIN_ERR(""%s: size node data bytes for node type 0x%02x point outside of valid range\n"", __func__, type); return NULL; } size = UINT_TO_HOST(*object, next_size); (*object) += next_size; break; } default: break; } } switch (type) { case BPLIST_NULL: switch (size) { case BPLIST_TRUE: { plist_data_t data = plist_new_plist_data(); data->type = PLIST_BOOLEAN; data->boolval = TRUE; data->length = 1; return node_create(NULL, data); } case BPLIST_FALSE: { plist_data_t data = plist_new_plist_data(); data->type = PLIST_BOOLEAN; data->boolval = FALSE; data->length = 1; return node_create(NULL, data); } case BPLIST_NULL: default: return NULL; } case BPLIST_UINT: if (*object + (uint64_t)(1 << size) > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_UINT data bytes point outside of valid range\n"", __func__); return NULL; } return parse_uint_node(object, size); case BPLIST_REAL: if (*object + (uint64_t)(1 << size) > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_REAL data bytes point outside of valid range\n"", __func__); return NULL; } return parse_real_node(object, size); case BPLIST_DATE: if (3 != size) { PLIST_BIN_ERR(""%s: invalid data size for BPLIST_DATE node\n"", __func__); return NULL; } if (*object + (uint64_t)(1 << size) > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_DATE data bytes point outside of valid range\n"", __func__); return NULL; } return parse_date_node(object, size); case BPLIST_DATA: if (*object + size > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_DATA data bytes point outside of valid range\n"", __func__); return NULL; } return parse_data_node(object, size); case BPLIST_STRING: if (*object + size > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_STRING data bytes point outside of valid range\n"", __func__); return NULL; } return parse_string_node(object, size); case BPLIST_UNICODE: if (size*2 < size) { PLIST_BIN_ERR(""%s: Integer overflow when calculating BPLIST_UNICODE data size.\n"", __func__); return NULL; } if (*object + size*2 > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_UNICODE data bytes point outside of valid range\n"", __func__); return NULL; } return parse_unicode_node(object, size); case BPLIST_SET: case BPLIST_ARRAY: if (*object + size > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_ARRAY data bytes point outside of valid range\n"", __func__); return NULL; } return parse_array_node(bplist, object, size); case BPLIST_UID: if (*object + size+1 > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_UID data bytes point outside of valid range\n"", __func__); return NULL; } return parse_uid_node(object, size); case BPLIST_DICT: if (*object + size > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_REAL data bytes point outside of valid range\n"", __func__); return NULL; } return parse_dict_node(bplist, object, size); default: PLIST_BIN_ERR(""%s: unexpected node type 0x%02x\n"", __func__, type); return NULL; } return NULL; }",visit repo url,src/bplist.c,https://github.com/libimobiledevice/libplist,230957414097460,1 1643,CWE-362,"int ext4_collapse_range(struct inode *inode, loff_t offset, loff_t len) { struct super_block *sb = inode->i_sb; ext4_lblk_t punch_start, punch_stop; handle_t *handle; unsigned int credits; loff_t new_size, ioffset; int ret; if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) return -EOPNOTSUPP; if (offset & (EXT4_CLUSTER_SIZE(sb) - 1) || len & (EXT4_CLUSTER_SIZE(sb) - 1)) return -EINVAL; if (!S_ISREG(inode->i_mode)) return -EINVAL; trace_ext4_collapse_range(inode, offset, len); punch_start = offset >> EXT4_BLOCK_SIZE_BITS(sb); punch_stop = (offset + len) >> EXT4_BLOCK_SIZE_BITS(sb); if (ext4_should_journal_data(inode)) { ret = ext4_force_commit(inode->i_sb); if (ret) return ret; } ioffset = round_down(offset, PAGE_SIZE); ret = filemap_write_and_wait_range(inode->i_mapping, ioffset, LLONG_MAX); if (ret) return ret; mutex_lock(&inode->i_mutex); if (offset + len >= i_size_read(inode)) { ret = -EINVAL; goto out_mutex; } if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) { ret = -EOPNOTSUPP; goto out_mutex; } truncate_pagecache(inode, ioffset); ext4_inode_block_unlocked_dio(inode); inode_dio_wait(inode); credits = ext4_writepage_trans_blocks(inode); handle = ext4_journal_start(inode, EXT4_HT_TRUNCATE, credits); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out_dio; } down_write(&EXT4_I(inode)->i_data_sem); ext4_discard_preallocations(inode); ret = ext4_es_remove_extent(inode, punch_start, EXT_MAX_BLOCKS - punch_start); if (ret) { up_write(&EXT4_I(inode)->i_data_sem); goto out_stop; } ret = ext4_ext_remove_space(inode, punch_start, punch_stop - 1); if (ret) { up_write(&EXT4_I(inode)->i_data_sem); goto out_stop; } ext4_discard_preallocations(inode); ret = ext4_ext_shift_extents(inode, handle, punch_stop, punch_stop - punch_start, SHIFT_LEFT); if (ret) { up_write(&EXT4_I(inode)->i_data_sem); goto out_stop; } new_size = i_size_read(inode) - len; i_size_write(inode, new_size); EXT4_I(inode)->i_disksize = new_size; up_write(&EXT4_I(inode)->i_data_sem); if (IS_SYNC(inode)) ext4_handle_sync(handle); inode->i_mtime = inode->i_ctime = ext4_current_time(inode); ext4_mark_inode_dirty(handle, inode); out_stop: ext4_journal_stop(handle); out_dio: ext4_inode_resume_unlocked_dio(inode); out_mutex: mutex_unlock(&inode->i_mutex); return ret; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,97731011866193,1 2982,CWE-399,"mprint(struct magic_set *ms, struct magic *m) { uint64_t v; float vf; double vd; int64_t t = 0; char buf[128], tbuf[26]; union VALUETYPE *p = &ms->ms_value; switch (m->type) { case FILE_BYTE: v = file_signextend(ms, m, (uint64_t)p->b); switch (check_fmt(ms, m)) { case -1: return -1; case 1: (void)snprintf(buf, sizeof(buf), ""%d"", (unsigned char)v); if (file_printf(ms, F(ms, m, ""%s""), buf) == -1) return -1; break; default: if (file_printf(ms, F(ms, m, ""%d""), (unsigned char) v) == -1) return -1; break; } t = ms->offset + sizeof(char); break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: v = file_signextend(ms, m, (uint64_t)p->h); switch (check_fmt(ms, m)) { case -1: return -1; case 1: (void)snprintf(buf, sizeof(buf), ""%u"", (unsigned short)v); if (file_printf(ms, F(ms, m, ""%s""), buf) == -1) return -1; break; default: if (file_printf(ms, F(ms, m, ""%u""), (unsigned short) v) == -1) return -1; break; } t = ms->offset + sizeof(short); break; case FILE_LONG: case FILE_BELONG: case FILE_LELONG: case FILE_MELONG: v = file_signextend(ms, m, (uint64_t)p->l); switch (check_fmt(ms, m)) { case -1: return -1; case 1: (void)snprintf(buf, sizeof(buf), ""%u"", (uint32_t) v); if (file_printf(ms, F(ms, m, ""%s""), buf) == -1) return -1; break; default: if (file_printf(ms, F(ms, m, ""%u""), (uint32_t) v) == -1) return -1; break; } t = ms->offset + sizeof(int32_t); break; case FILE_QUAD: case FILE_BEQUAD: case FILE_LEQUAD: v = file_signextend(ms, m, p->q); switch (check_fmt(ms, m)) { case -1: return -1; case 1: (void)snprintf(buf, sizeof(buf), ""%"" INT64_T_FORMAT ""u"", (unsigned long long)v); if (file_printf(ms, F(ms, m, ""%s""), buf) == -1) return -1; break; default: if (file_printf(ms, F(ms, m, ""%"" INT64_T_FORMAT ""u""), (unsigned long long) v) == -1) return -1; break; } t = ms->offset + sizeof(int64_t); break; case FILE_STRING: case FILE_PSTRING: case FILE_BESTRING16: case FILE_LESTRING16: if (m->reln == '=' || m->reln == '!') { if (file_printf(ms, F(ms, m, ""%s""), m->value.s) == -1) return -1; t = ms->offset + m->vallen; } else { char *str = p->s; t = ms->offset + strlen(str); if (*m->value.s == '\0') str[strcspn(str, ""\n"")] = '\0'; if (m->str_flags & STRING_TRIM) { char *last; while (isspace((unsigned char)*str)) str++; last = str; while (*last) last++; --last; while (isspace((unsigned char)*last)) last--; *++last = '\0'; } if (file_printf(ms, F(ms, m, ""%s""), str) == -1) return -1; if (m->type == FILE_PSTRING) t += file_pstring_length_size(m); } break; case FILE_DATE: case FILE_BEDATE: case FILE_LEDATE: case FILE_MEDATE: if (file_printf(ms, F(ms, m, ""%s""), file_fmttime(p->l, FILE_T_LOCAL, tbuf)) == -1) return -1; t = ms->offset + sizeof(uint32_t); break; case FILE_LDATE: case FILE_BELDATE: case FILE_LELDATE: case FILE_MELDATE: if (file_printf(ms, F(ms, m, ""%s""), file_fmttime(p->l, 0, tbuf)) == -1) return -1; t = ms->offset + sizeof(uint32_t); break; case FILE_QDATE: case FILE_BEQDATE: case FILE_LEQDATE: if (file_printf(ms, F(ms, m, ""%s""), file_fmttime(p->q, FILE_T_LOCAL, tbuf)) == -1) return -1; t = ms->offset + sizeof(uint64_t); break; case FILE_QLDATE: case FILE_BEQLDATE: case FILE_LEQLDATE: if (file_printf(ms, F(ms, m, ""%s""), file_fmttime(p->q, 0, tbuf)) == -1) return -1; t = ms->offset + sizeof(uint64_t); break; case FILE_QWDATE: case FILE_BEQWDATE: case FILE_LEQWDATE: if (file_printf(ms, F(ms, m, ""%s""), file_fmttime(p->q, FILE_T_WINDOWS, tbuf)) == -1) return -1; t = ms->offset + sizeof(uint64_t); break; case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: vf = p->f; switch (check_fmt(ms, m)) { case -1: return -1; case 1: (void)snprintf(buf, sizeof(buf), ""%g"", vf); if (file_printf(ms, F(ms, m, ""%s""), buf) == -1) return -1; break; default: if (file_printf(ms, F(ms, m, ""%g""), vf) == -1) return -1; break; } t = ms->offset + sizeof(float); break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: vd = p->d; switch (check_fmt(ms, m)) { case -1: return -1; case 1: (void)snprintf(buf, sizeof(buf), ""%g"", vd); if (file_printf(ms, F(ms, m, ""%s""), buf) == -1) return -1; break; default: if (file_printf(ms, F(ms, m, ""%g""), vd) == -1) return -1; break; } t = ms->offset + sizeof(double); break; case FILE_REGEX: { char *cp; int rval; cp = strndup((const char *)ms->search.s, ms->search.rm_len); if (cp == NULL) { file_oomem(ms, ms->search.rm_len); return -1; } rval = file_printf(ms, F(ms, m, ""%s""), cp); free(cp); if (rval == -1) return -1; if ((m->str_flags & REGEX_OFFSET_START)) t = ms->search.offset; else t = ms->search.offset + ms->search.rm_len; break; } case FILE_SEARCH: if (file_printf(ms, F(ms, m, ""%s""), m->value.s) == -1) return -1; if ((m->str_flags & REGEX_OFFSET_START)) t = ms->search.offset; else t = ms->search.offset + m->vallen; break; case FILE_DEFAULT: case FILE_CLEAR: if (file_printf(ms, ""%s"", m->desc) == -1) return -1; t = ms->offset; break; case FILE_INDIRECT: case FILE_USE: case FILE_NAME: t = ms->offset; break; default: file_magerror(ms, ""invalid m->type (%d) in mprint()"", m->type); return -1; } return (int32_t)t; }",visit repo url,src/softmagic.c,https://github.com/file/file,228245299156876,1 2347,['CWE-120'],"struct dentry *lock_rename(struct dentry *p1, struct dentry *p2) { struct dentry *p; if (p1 == p2) { mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT); return NULL; } mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex); for (p = p1; p->d_parent != p; p = p->d_parent) { if (p->d_parent == p2) { mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT); mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD); return p; } } for (p = p2; p->d_parent != p; p = p->d_parent) { if (p->d_parent == p1) { mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT); mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD); return p; } } mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT); mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD); return NULL; }",linux-2.6,,,216054640570691605588133666659768353534,0 1923,CWE-125,"static int set_geometry(unsigned int cmd, struct floppy_struct *g, int drive, int type, struct block_device *bdev) { int cnt; if (g->sect <= 0 || g->head <= 0 || (unsigned char)((g->sect << 2) >> FD_SIZECODE(g)) == 0 || g->track <= 0 || g->track > UDP->tracks >> STRETCH(g) || (g->stretch & ~(FD_STRETCH | FD_SWAPSIDES | FD_SECTBASEMASK)) != 0) return -EINVAL; if (type) { if (!capable(CAP_SYS_ADMIN)) return -EPERM; mutex_lock(&open_lock); if (lock_fdc(drive)) { mutex_unlock(&open_lock); return -EINTR; } floppy_type[type] = *g; floppy_type[type].name = ""user format""; for (cnt = type << 2; cnt < (type << 2) + 4; cnt++) floppy_sizes[cnt] = floppy_sizes[cnt + 0x80] = floppy_type[type].size + 1; process_fd_request(); for (cnt = 0; cnt < N_DRIVE; cnt++) { struct block_device *bdev = opened_bdev[cnt]; if (!bdev || ITYPE(drive_state[cnt].fd_device) != type) continue; __invalidate_device(bdev, true); } mutex_unlock(&open_lock); } else { int oldStretch; if (lock_fdc(drive)) return -EINTR; if (cmd != FDDEFPRM) { if (poll_drive(true, FD_RAW_NEED_DISK) == -EINTR) return -EINTR; } oldStretch = g->stretch; user_params[drive] = *g; if (buffer_drive == drive) SUPBOUND(buffer_max, user_params[drive].sect); current_type[drive] = &user_params[drive]; floppy_sizes[drive] = user_params[drive].size; if (cmd == FDDEFPRM) DRS->keep_data = -1; else DRS->keep_data = 1; if (DRS->maxblock > user_params[drive].sect || DRS->maxtrack || ((user_params[drive].sect ^ oldStretch) & (FD_SWAPSIDES | FD_SECTBASEMASK))) invalidate_drive(bdev); else process_fd_request(); } return 0; }",visit repo url,drivers/block/floppy.c,https://github.com/torvalds/linux,23783784052469,1 5187,['CWE-20'],"static bool guest_state_valid(struct kvm_vcpu *vcpu) { if (!(vcpu->arch.cr0 & X86_CR0_PE)) { if (!rmode_segment_valid(vcpu, VCPU_SREG_CS)) return false; if (!rmode_segment_valid(vcpu, VCPU_SREG_SS)) return false; if (!rmode_segment_valid(vcpu, VCPU_SREG_DS)) return false; if (!rmode_segment_valid(vcpu, VCPU_SREG_ES)) return false; if (!rmode_segment_valid(vcpu, VCPU_SREG_FS)) return false; if (!rmode_segment_valid(vcpu, VCPU_SREG_GS)) return false; } else { if (!cs_ss_rpl_check(vcpu)) return false; if (!code_segment_valid(vcpu)) return false; if (!stack_segment_valid(vcpu)) return false; if (!data_segment_valid(vcpu, VCPU_SREG_DS)) return false; if (!data_segment_valid(vcpu, VCPU_SREG_ES)) return false; if (!data_segment_valid(vcpu, VCPU_SREG_FS)) return false; if (!data_segment_valid(vcpu, VCPU_SREG_GS)) return false; if (!tr_valid(vcpu)) return false; if (!ldtr_valid(vcpu)) return false; } return true; }",linux-2.6,,,117775213914464385261362895629183400716,0 5607,[],"void recalc_sigpending_and_wake(struct task_struct *t) { if (recalc_sigpending_tsk(t)) signal_wake_up(t, 0); }",linux-2.6,,,72174694727166305803618831470748714959,0 2760,['CWE-189'],"int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp) { struct crypto_hash *tfm = NULL; __u16 id; if (!sctp_auth_enable) { ep->auth_hmacs = NULL; return 0; } if (ep->auth_hmacs) return 0; ep->auth_hmacs = kzalloc( sizeof(struct crypto_hash *) * SCTP_AUTH_NUM_HMACS, gfp); if (!ep->auth_hmacs) return -ENOMEM; for (id = 0; id < SCTP_AUTH_NUM_HMACS; id++) { if (!sctp_hmac_list[id].hmac_name) continue; if (ep->auth_hmacs[id]) continue; tfm = crypto_alloc_hash(sctp_hmac_list[id].hmac_name, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(tfm)) goto out_err; ep->auth_hmacs[id] = tfm; } return 0; out_err: sctp_auth_destroy_hmacs(ep->auth_hmacs); return -ENOMEM; }",linux-2.6,,,50223400189943534617014155707743548690,0 1665,[],"void __wake_up(wait_queue_head_t *q, unsigned int mode, int nr_exclusive, void *key) { unsigned long flags; spin_lock_irqsave(&q->lock, flags); __wake_up_common(q, mode, nr_exclusive, 0, key); spin_unlock_irqrestore(&q->lock, flags); }",linux-2.6,,,18777069071713698935995227100779679287,0 2550,CWE-399,"cib_timeout_handler(gpointer data) { struct timer_rec_s *timer = data; timer_expired = TRUE; crm_err(""Call %d timed out after %ds"", timer->call_id, timer->timeout); return TRUE; }",visit repo url,lib/cib/cib_remote.c,https://github.com/ClusterLabs/pacemaker,80858358581122,1 1824,['CWE-189'],"_gnutls_handshake_hash_buffers_clear (gnutls_session_t session) { _gnutls_hash_deinit (&session->internals.handshake_mac_handle_md5, NULL); _gnutls_hash_deinit (&session->internals.handshake_mac_handle_sha, NULL); _gnutls_handshake_buffer_clear (session); }",gnutls,,,247861553127146023072910661223859872403,0 420,CWE-190,"int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) { u16 offset = sizeof(struct ipv6hdr); unsigned int packet_len = skb_tail_pointer(skb) - skb_network_header(skb); int found_rhdr = 0; *nexthdr = &ipv6_hdr(skb)->nexthdr; while (offset <= packet_len) { struct ipv6_opt_hdr *exthdr; switch (**nexthdr) { case NEXTHDR_HOP: break; case NEXTHDR_ROUTING: found_rhdr = 1; break; case NEXTHDR_DEST: #if IS_ENABLED(CONFIG_IPV6_MIP6) if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0) break; #endif if (found_rhdr) return offset; break; default: return offset; } if (offset + sizeof(struct ipv6_opt_hdr) > packet_len) return -EINVAL; exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) + offset); offset += ipv6_optlen(exthdr); *nexthdr = &exthdr->nexthdr; } return -EINVAL; }",visit repo url,net/ipv6/output_core.c,https://github.com/torvalds/linux,35203578047375,1 90,CWE-772,"set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, arg->princ, NULL)) { ret.code = KADM5_AUTH_MODIFY; log_unauth(""kadm5_mod_strings"", prime_arg, &client_name, &service_name, rqstp); } else { ret.code = kadm5_set_string((void *)handle, arg->princ, arg->key, arg->value); if (ret.code != 0) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_mod_strings"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,7648118793287,1 6562,['CWE-200'],"update_connection_row (GtkListStore *store, GtkTreeIter *iter, NMExportedConnection *exported) { NMConnection *connection; NMSettingConnection *s_con; char *last_used; connection = nm_exported_connection_get_connection (exported); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_assert (s_con); last_used = format_last_used (nm_setting_connection_get_timestamp (s_con)); gtk_list_store_set (store, iter, COL_ID, nm_setting_connection_get_id (s_con), COL_LAST_USED, last_used, COL_TIMESTAMP, nm_setting_connection_get_timestamp (s_con), COL_CONNECTION, exported, -1); g_free (last_used); }",network-manager-applet,,,245929502467044594026845377032378575246,0 4342,['CWE-399'],"static long get_instantiation_keyring(key_serial_t ringid, struct request_key_auth *rka, struct key **_dest_keyring) { key_ref_t dkref; *_dest_keyring = NULL; if (ringid == 0) return 0; if (ringid > 0) { dkref = lookup_user_key(ringid, 1, 0, KEY_WRITE); if (IS_ERR(dkref)) return PTR_ERR(dkref); *_dest_keyring = key_ref_to_ptr(dkref); return 0; } if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) return -EINVAL; if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { *_dest_keyring = rka->dest_keyring; return 0; } return -ENOKEY; }",linux-2.6,,,327896374682342642692683610733118462322,0 5513,['CWE-119'],"write_tag_66_packet(char *signature, u8 cipher_code, struct ecryptfs_crypt_stat *crypt_stat, char **packet, size_t *packet_len) { size_t i = 0; size_t j; size_t data_len; size_t checksum = 0; size_t packet_size_len; char *message; int rc; data_len = (5 + ECRYPTFS_SIG_SIZE_HEX + crypt_stat->key_size); *packet = kmalloc(data_len, GFP_KERNEL); message = *packet; if (!message) { ecryptfs_printk(KERN_ERR, ""Unable to allocate memory\n""); rc = -ENOMEM; goto out; } message[i++] = ECRYPTFS_TAG_66_PACKET_TYPE; rc = ecryptfs_write_packet_length(&message[i], ECRYPTFS_SIG_SIZE_HEX, &packet_size_len); if (rc) { ecryptfs_printk(KERN_ERR, ""Error generating tag 66 packet "" ""header; cannot generate packet length\n""); goto out; } i += packet_size_len; memcpy(&message[i], signature, ECRYPTFS_SIG_SIZE_HEX); i += ECRYPTFS_SIG_SIZE_HEX; rc = ecryptfs_write_packet_length(&message[i], crypt_stat->key_size + 3, &packet_size_len); if (rc) { ecryptfs_printk(KERN_ERR, ""Error generating tag 66 packet "" ""header; cannot generate packet length\n""); goto out; } i += packet_size_len; message[i++] = cipher_code; memcpy(&message[i], crypt_stat->key, crypt_stat->key_size); i += crypt_stat->key_size; for (j = 0; j < crypt_stat->key_size; j++) checksum += crypt_stat->key[j]; message[i++] = (checksum / 256) % 256; message[i++] = (checksum % 256); *packet_len = i; out: return rc; }",linux-2.6,,,42430578451057404554753348499327259705,0 3149,CWE-17,"gnutls_x509_crt_verify (gnutls_x509_crt_t cert, const gnutls_x509_crt_t * CA_list, int CA_list_length, unsigned int flags, unsigned int *verify) { int ret; ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, verify); if (ret < 0) { gnutls_assert (); return ret; } return 0; }",visit repo url,lib/x509/verify.c,https://gitlab.com/gnutls/gnutls,151698839970169,1 3343,CWE-119,"GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) { int i, j, ret; unsigned char count; if(flag) { scd->curbit = 0; scd->lastbit = 0; scd->last_byte = 0; scd->done = FALSE; return 0; } if((scd->curbit + code_size) >= scd->lastbit) { if(scd->done) { if(scd->curbit >= scd->lastbit) { } return -1; } scd->buf[0] = scd->buf[scd->last_byte - 2]; scd->buf[1] = scd->buf[scd->last_byte - 1]; if((count = GetDataBlock(fd, &scd->buf[2], ZeroDataBlockP)) <= 0) { scd->done = TRUE; } scd->last_byte = 2 + count; scd->curbit = (scd->curbit - scd->lastbit) + 16; scd->lastbit = (2 + count) * 8; } ret = 0; for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) { ret |= ((scd->buf[i / 8] & (1 << (i % 8))) != 0) << j; } scd->curbit += code_size; return ret; }",visit repo url,src/gd_gif_in.c,https://bitbucket.org/libgd/gd-libgd,13130410982883,1 3530,['CWE-20'],"void sctp_chunk_hold(struct sctp_chunk *ch) { atomic_inc(&ch->refcnt); }",linux-2.6,,,104231956180582308923755976421733926754,0 1952,CWE-401,"static int nl80211_get_ftm_responder_stats(struct sk_buff *skb, struct genl_info *info) { struct cfg80211_registered_device *rdev = info->user_ptr[0]; struct net_device *dev = info->user_ptr[1]; struct wireless_dev *wdev = dev->ieee80211_ptr; struct cfg80211_ftm_responder_stats ftm_stats = {}; struct sk_buff *msg; void *hdr; struct nlattr *ftm_stats_attr; int err; if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval) return -EOPNOTSUPP; err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats); if (err) return err; if (!ftm_stats.filled) return -ENODATA; msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); if (!msg) return -ENOMEM; hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0, NL80211_CMD_GET_FTM_RESPONDER_STATS); if (!hdr) return -ENOBUFS; if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex)) goto nla_put_failure; ftm_stats_attr = nla_nest_start_noflag(msg, NL80211_ATTR_FTM_RESPONDER_STATS); if (!ftm_stats_attr) goto nla_put_failure; #define SET_FTM(field, name, type) \ do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \ nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \ ftm_stats.field)) \ goto nla_put_failure; } while (0) #define SET_FTM_U64(field, name) \ do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \ nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \ ftm_stats.field, NL80211_FTM_STATS_PAD)) \ goto nla_put_failure; } while (0) SET_FTM(success_num, SUCCESS_NUM, u32); SET_FTM(partial_num, PARTIAL_NUM, u32); SET_FTM(failed_num, FAILED_NUM, u32); SET_FTM(asap_num, ASAP_NUM, u32); SET_FTM(non_asap_num, NON_ASAP_NUM, u32); SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC); SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32); SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32); SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32); #undef SET_FTM nla_nest_end(msg, ftm_stats_attr); genlmsg_end(msg, hdr); return genlmsg_reply(msg, info); nla_put_failure: nlmsg_free(msg); return -ENOBUFS; }",visit repo url,net/wireless/nl80211.c,https://github.com/torvalds/linux,8034403466000,1 5641,CWE-125,"handle_keywordonly_args(struct compiling *c, const node *n, int start, asdl_seq *kwonlyargs, asdl_seq *kwdefaults) { PyObject *argname; node *ch; expr_ty expression, annotation; arg_ty arg = NULL; int i = start; int j = 0; if (kwonlyargs == NULL) { ast_error(c, CHILD(n, start), ""named arguments must follow bare *""); return -1; } assert(kwdefaults != NULL); while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case vfpdef: case tfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) goto error; asdl_seq_SET(kwdefaults, j, expression); i += 2; } else { asdl_seq_SET(kwdefaults, j, NULL); } if (NCH(ch) == 3) { annotation = ast_for_expr(c, CHILD(ch, 2)); if (!annotation) goto error; } else { annotation = NULL; } ch = CHILD(ch, 0); argname = NEW_IDENTIFIER(ch); if (!argname) goto error; if (forbidden_name(c, argname, ch, 0)) goto error; arg = arg(argname, annotation, NULL, LINENO(ch), ch->n_col_offset, c->c_arena); if (!arg) goto error; asdl_seq_SET(kwonlyargs, j++, arg); i += 1; if (TYPE(CHILD(n, i)) == COMMA) i += 1; break; case TYPE_COMMENT: arg->type_comment = NEW_TYPE_COMMENT(ch); if (!arg->type_comment) goto error; i += 1; break; case DOUBLESTAR: return i; default: ast_error(c, ch, ""unexpected node""); goto error; } } return i; error: return -1; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,108378553040801,1 4458,['CWE-264'],"static void sock_def_destruct(struct sock *sk) { kfree(sk->sk_protinfo); }",linux-2.6,,,331491615123831694954704575966509433581,0 1886,['CWE-189'],"_gnutls_server_select_comp_method (gnutls_session_t session, opaque * data, int datalen) { int x, i, j; uint8_t *comps; x = _gnutls_supported_compression_methods (session, &comps); if (x < 0) { gnutls_assert (); return x; } memset (&session->internals.compression_method, 0, sizeof (gnutls_compression_method_t)); for (j = 0; j < datalen; j++) { for (i = 0; i < x; i++) { if (comps[i] == data[j]) { gnutls_compression_method_t method = _gnutls_compression_get_id (comps[i]); session->internals.compression_method = method; gnutls_free (comps); _gnutls_handshake_log (""HSK[%x]: Selected Compression Method: %s\n"", session, gnutls_compression_get_name (session->internals. compression_method)); return 0; } } } gnutls_free (comps); gnutls_assert (); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; }",gnutls,,,174283776803264552353514333167213989465,0 6059,CWE-190,"void bn_gen_prime_stron(bn_t a, int bits) { dig_t i, j; int found, k; bn_t r, s, t; bn_null(r); bn_null(s); bn_null(t); RLC_TRY { bn_new(r); bn_new(s); bn_new(t); do { do { bn_rand(s, RLC_POS, bits / 2 - RLC_DIG / 2); bn_rand(t, RLC_POS, bits / 2 - RLC_DIG / 2); } while (!bn_is_prime(s) || !bn_is_prime(t)); found = 1; bn_rand(a, RLC_POS, bits / 2 - bn_bits(t) - 1); i = a->dp[0]; bn_dbl(t, t); do { bn_mul_dig(r, t, i); bn_add_dig(r, r, 1); i++; if (bn_bits(r) > bits / 2 - 1) { found = 0; break; } } while (!bn_is_prime(r)); if (found == 0) { continue; } bn_sub_dig(t, r, 2); #if BN_MOD != PMERS bn_mxp(t, s, t, r); #else bn_exp(t, s, t, r); #endif bn_mul(t, t, s); bn_dbl(t, t); bn_sub_dig(t, t, 1); k = bits - bn_bits(r); k -= bn_bits(s); bn_rand(a, RLC_POS, k); j = a->dp[0]; do { bn_mul(a, r, s); bn_mul_dig(a, a, j); bn_dbl(a, a); bn_add(a, a, t); j++; if (bn_bits(a) > bits) { found = 0; break; } } while (!bn_is_prime(a)); } while (found == 0 && bn_bits(a) != bits); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(r); bn_free(s); bn_free(t); } }",visit repo url,src/bn/relic_bn_prime.c,https://github.com/relic-toolkit/relic,72784349318146,1 6269,['CWE-200'],"int neightbl_dump_info(struct sk_buff *skb, struct netlink_callback *cb) { int idx, family; int s_idx = cb->args[0]; struct neigh_table *tbl; family = ((struct rtgenmsg *)NLMSG_DATA(cb->nlh))->rtgen_family; read_lock(&neigh_tbl_lock); for (tbl = neigh_tables, idx = 0; tbl; tbl = tbl->next) { struct neigh_parms *p; if (idx < s_idx || (family && tbl->family != family)) continue; if (neightbl_fill_info(tbl, skb, cb) <= 0) break; for (++idx, p = tbl->parms.next; p; p = p->next, idx++) { if (idx < s_idx) continue; if (neightbl_fill_param_info(tbl, p, skb, cb) <= 0) goto out; } } out: read_unlock(&neigh_tbl_lock); cb->args[0] = idx; return skb->len; }",linux-2.6,,,64315831731346249201002094683744184353,0 4810,['CWE-399'],"static int inotify_release(struct inode *ignored, struct file *file) { struct inotify_device *dev = file->private_data; inotify_destroy(dev->ih); mutex_lock(&dev->ev_mutex); while (!list_empty(&dev->events)) inotify_dev_event_dequeue(dev); mutex_unlock(&dev->ev_mutex); put_inotify_dev(dev); return 0; }",linux-2.6,,,209446307428206530185300615494891995799,0 272,CWE-416,"static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, int closing, int tx_ring) { struct pgv *pg_vec = NULL; struct packet_sock *po = pkt_sk(sk); int was_running, order = 0; struct packet_ring_buffer *rb; struct sk_buff_head *rb_queue; __be16 num; int err = -EINVAL; struct tpacket_req *req = &req_u->req; if (!closing && tx_ring && (po->tp_version > TPACKET_V2)) { net_warn_ratelimited(""Tx-ring is not supported.\n""); goto out; } rb = tx_ring ? &po->tx_ring : &po->rx_ring; rb_queue = tx_ring ? &sk->sk_write_queue : &sk->sk_receive_queue; err = -EBUSY; if (!closing) { if (atomic_read(&po->mapped)) goto out; if (packet_read_pending(rb)) goto out; } if (req->tp_block_nr) { err = -EBUSY; if (unlikely(rb->pg_vec)) goto out; switch (po->tp_version) { case TPACKET_V1: po->tp_hdrlen = TPACKET_HDRLEN; break; case TPACKET_V2: po->tp_hdrlen = TPACKET2_HDRLEN; break; case TPACKET_V3: po->tp_hdrlen = TPACKET3_HDRLEN; break; } err = -EINVAL; if (unlikely((int)req->tp_block_size <= 0)) goto out; if (unlikely(!PAGE_ALIGNED(req->tp_block_size))) goto out; if (po->tp_version >= TPACKET_V3 && (int)(req->tp_block_size - BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) goto out; if (unlikely(req->tp_frame_size < po->tp_hdrlen + po->tp_reserve)) goto out; if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1))) goto out; rb->frames_per_block = req->tp_block_size / req->tp_frame_size; if (unlikely(rb->frames_per_block == 0)) goto out; if (unlikely((rb->frames_per_block * req->tp_block_nr) != req->tp_frame_nr)) goto out; err = -ENOMEM; order = get_order(req->tp_block_size); pg_vec = alloc_pg_vec(req, order); if (unlikely(!pg_vec)) goto out; switch (po->tp_version) { case TPACKET_V3: if (!tx_ring) init_prb_bdqc(po, rb, pg_vec, req_u); break; default: break; } } else { err = -EINVAL; if (unlikely(req->tp_frame_nr)) goto out; } lock_sock(sk); spin_lock(&po->bind_lock); was_running = po->running; num = po->num; if (was_running) { po->num = 0; __unregister_prot_hook(sk, false); } spin_unlock(&po->bind_lock); synchronize_net(); err = -EBUSY; mutex_lock(&po->pg_vec_lock); if (closing || atomic_read(&po->mapped) == 0) { err = 0; spin_lock_bh(&rb_queue->lock); swap(rb->pg_vec, pg_vec); rb->frame_max = (req->tp_frame_nr - 1); rb->head = 0; rb->frame_size = req->tp_frame_size; spin_unlock_bh(&rb_queue->lock); swap(rb->pg_vec_order, order); swap(rb->pg_vec_len, req->tp_block_nr); rb->pg_vec_pages = req->tp_block_size/PAGE_SIZE; po->prot_hook.func = (po->rx_ring.pg_vec) ? tpacket_rcv : packet_rcv; skb_queue_purge(rb_queue); if (atomic_read(&po->mapped)) pr_err(""packet_mmap: vma is busy: %d\n"", atomic_read(&po->mapped)); } mutex_unlock(&po->pg_vec_lock); spin_lock(&po->bind_lock); if (was_running) { po->num = num; register_prot_hook(sk); } spin_unlock(&po->bind_lock); if (closing && (po->tp_version > TPACKET_V2)) { if (!tx_ring) prb_shutdown_retire_blk_timer(po, rb_queue); } release_sock(sk); if (pg_vec) free_pg_vec(pg_vec, order, req->tp_block_nr); out: return err; }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,220400262189082,1 6004,CWE-120,"static PyObject *__pyx_f_17clickhouse_driver_14bufferedwriter___pyx_unpickle_BufferedSocketWriter__set_state(struct __pyx_obj_17clickhouse_driver_14bufferedwriter_BufferedSocketWriter *__pyx_v___pyx_result, PyObject *__pyx_v___pyx_state) { PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; char *__pyx_t_2; Py_ssize_t __pyx_t_3; int __pyx_t_4; int __pyx_t_5; int __pyx_t_6; PyObject *__pyx_t_7 = NULL; PyObject *__pyx_t_8 = NULL; PyObject *__pyx_t_9 = NULL; __Pyx_RefNannySetupContext(""__pyx_unpickle_BufferedSocketWriter__set_state"", 0); if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 0, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = __Pyx_PyObject_AsWritableString(__pyx_t_1); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error) __pyx_v___pyx_result->__pyx_base.buffer = __pyx_t_2; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 1, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_3 = __Pyx_PyIndex_AsSsize_t(__pyx_t_1); if (unlikely((__pyx_t_3 == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_v___pyx_result->__pyx_base.buffer_size = __pyx_t_3; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 2, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_3 = __Pyx_PyIndex_AsSsize_t(__pyx_t_1); if (unlikely((__pyx_t_3 == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_v___pyx_result->__pyx_base.position = __pyx_t_3; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 3, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_GIVEREF(__pyx_t_1); __Pyx_GOTREF(__pyx_v___pyx_result->sock); __Pyx_DECREF(__pyx_v___pyx_result->sock); __pyx_v___pyx_result->sock = __pyx_t_1; __pyx_t_1 = 0; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""object of type 'NoneType' has no len()""); __PYX_ERR(1, 13, __pyx_L1_error) } __pyx_t_3 = PyTuple_GET_SIZE(__pyx_v___pyx_state); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(1, 13, __pyx_L1_error) __pyx_t_5 = ((__pyx_t_3 > 4) != 0); if (__pyx_t_5) { } else { __pyx_t_4 = __pyx_t_5; goto __pyx_L4_bool_binop_done; } __pyx_t_5 = __Pyx_HasAttr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(__pyx_t_5 == ((int)-1))) __PYX_ERR(1, 13, __pyx_L1_error) __pyx_t_6 = (__pyx_t_5 != 0); __pyx_t_4 = __pyx_t_6; __pyx_L4_bool_binop_done:; if (__pyx_t_4) { __pyx_t_7 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(!__pyx_t_7)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_7); __pyx_t_8 = __Pyx_PyObject_GetAttrStr(__pyx_t_7, __pyx_n_s_update); if (unlikely(!__pyx_t_8)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_8); __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 14, __pyx_L1_error) } __pyx_t_7 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 4, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_7)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_7); __pyx_t_9 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_8))) { __pyx_t_9 = PyMethod_GET_SELF(__pyx_t_8); if (likely(__pyx_t_9)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_8); __Pyx_INCREF(__pyx_t_9); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_8, function); } } __pyx_t_1 = (__pyx_t_9) ? __Pyx_PyObject_Call2Args(__pyx_t_8, __pyx_t_9, __pyx_t_7) : __Pyx_PyObject_CallOneArg(__pyx_t_8, __pyx_t_7); __Pyx_XDECREF(__pyx_t_9); __pyx_t_9 = 0; __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0; if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_DECREF(__pyx_t_8); __pyx_t_8 = 0; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; } __pyx_r = Py_None; __Pyx_INCREF(Py_None); goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_7); __Pyx_XDECREF(__pyx_t_8); __Pyx_XDECREF(__pyx_t_9); __Pyx_AddTraceback(""clickhouse_driver.bufferedwriter.__pyx_unpickle_BufferedSocketWriter__set_state"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = 0; __pyx_L0:; __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedwriter.c,https://github.com/mymarilyn/clickhouse-driver,243616189419815,1 2371,CWE-787,"static av_cold int vqa_decode_init(AVCodecContext *avctx) { VqaContext *s = avctx->priv_data; int i, j, codebook_index, ret; s->avctx = avctx; avctx->pix_fmt = AV_PIX_FMT_PAL8; if (s->avctx->extradata_size != VQA_HEADER_SIZE) { av_log(s->avctx, AV_LOG_ERROR, ""expected extradata size of %d\n"", VQA_HEADER_SIZE); return AVERROR(EINVAL); } s->vqa_version = s->avctx->extradata[0]; switch (s->vqa_version) { case 1: case 2: break; case 3: avpriv_report_missing_feature(avctx, ""VQA Version %d"", s->vqa_version); return AVERROR_PATCHWELCOME; default: avpriv_request_sample(avctx, ""VQA Version %i"", s->vqa_version); return AVERROR_PATCHWELCOME; } s->width = AV_RL16(&s->avctx->extradata[6]); s->height = AV_RL16(&s->avctx->extradata[8]); if ((ret = av_image_check_size(s->width, s->height, 0, avctx)) < 0) { s->width= s->height= 0; return ret; } s->vector_width = s->avctx->extradata[10]; s->vector_height = s->avctx->extradata[11]; s->partial_count = s->partial_countdown = s->avctx->extradata[13]; if ((s->vector_width != 4) || ((s->vector_height != 2) && (s->vector_height != 4))) { return AVERROR_INVALIDDATA; } if (s->width % s->vector_width || s->height % s->vector_height) { av_log(avctx, AV_LOG_ERROR, ""Image size not multiple of block size\n""); return AVERROR_INVALIDDATA; } s->codebook_size = MAX_CODEBOOK_SIZE; s->codebook = av_malloc(s->codebook_size); if (!s->codebook) goto fail; s->next_codebook_buffer = av_malloc(s->codebook_size); if (!s->next_codebook_buffer) goto fail; s->decode_buffer_size = (s->width / s->vector_width) * (s->height / s->vector_height) * 2; s->decode_buffer = av_mallocz(s->decode_buffer_size); if (!s->decode_buffer) goto fail; if (s->vector_height == 4) { codebook_index = 0xFF00 * 16; for (i = 0; i < 256; i++) for (j = 0; j < 16; j++) s->codebook[codebook_index++] = i; } else { codebook_index = 0xF00 * 8; for (i = 0; i < 256; i++) for (j = 0; j < 8; j++) s->codebook[codebook_index++] = i; } s->next_codebook_buffer_index = 0; return 0; fail: av_freep(&s->codebook); av_freep(&s->next_codebook_buffer); av_freep(&s->decode_buffer); return AVERROR(ENOMEM); }",visit repo url,libavcodec/vqavideo.c,https://github.com/FFmpeg/FFmpeg,12585690761628,1 1706,[],"static inline void finish_lock_switch(struct rq *rq, struct task_struct *prev) { #ifdef CONFIG_DEBUG_SPINLOCK rq->lock.owner = current; #endif spin_acquire(&rq->lock.dep_map, 0, 0, _THIS_IP_); spin_unlock_irq(&rq->lock); }",linux-2.6,,,189592741616343868085051969504486698490,0 6535,['CWE-200'],"nma_menu_disconnect_vpn_item_activate (GtkMenuItem *item, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); NMActiveConnection *active_vpn = NULL; NMVPNConnectionState state = NM_VPN_CONNECTION_STATE_UNKNOWN; active_vpn = applet_get_first_active_vpn_connection (applet, &state); if (active_vpn) nm_client_deactivate_connection (applet->nm_client, active_vpn); else g_warning (""%s: deactivate clicked but no active VPN connection could be found."", __func__); }",network-manager-applet,,,301412779066429295126120793743976745522,0 1828,CWE-367,"int nfc_fw_download(struct nfc_dev *dev, const char *firmware_name) { int rc = 0; pr_debug(""%s do firmware %s\n"", dev_name(&dev->dev), firmware_name); device_lock(&dev->dev); if (!device_is_registered(&dev->dev)) { rc = -ENODEV; goto error; } if (dev->dev_up) { rc = -EBUSY; goto error; } if (!dev->ops->fw_download) { rc = -EOPNOTSUPP; goto error; } dev->fw_download_in_progress = true; rc = dev->ops->fw_download(dev, firmware_name); if (rc) dev->fw_download_in_progress = false; error: device_unlock(&dev->dev); return rc; }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,278403073438469,1 791,['CWE-119'],"isdn_net_ciscohdlck_alloc_skb(isdn_net_local *lp, int len) { unsigned short hl = dev->drv[lp->isdn_device]->interface->hl_hdrlen; struct sk_buff *skb; skb = alloc_skb(hl + len, GFP_ATOMIC); if (skb) skb_reserve(skb, hl); else printk(""isdn out of mem at %s:%d!\n"", __FILE__, __LINE__); return skb; }",linux-2.6,,,86943454838659718355616549011443288839,0 4171,CWE-787,"HandleRFBServerMessage(rfbClient* client) { rfbServerToClientMsg msg; if (client->serverPort==-1) client->vncRec->readTimestamp = TRUE; if (!ReadFromRFBServer(client, (char *)&msg, 1)) return FALSE; switch (msg.type) { case rfbSetColourMapEntries: { break; } case rfbFramebufferUpdate: { rfbFramebufferUpdateRectHeader rect; int linesToRead; int bytesPerLine; int i; if (!ReadFromRFBServer(client, ((char *)&msg.fu) + 1, sz_rfbFramebufferUpdateMsg - 1)) return FALSE; msg.fu.nRects = rfbClientSwap16IfLE(msg.fu.nRects); for (i = 0; i < msg.fu.nRects; i++) { if (!ReadFromRFBServer(client, (char *)&rect, sz_rfbFramebufferUpdateRectHeader)) return FALSE; rect.encoding = rfbClientSwap32IfLE(rect.encoding); if (rect.encoding == rfbEncodingLastRect) break; rect.r.x = rfbClientSwap16IfLE(rect.r.x); rect.r.y = rfbClientSwap16IfLE(rect.r.y); rect.r.w = rfbClientSwap16IfLE(rect.r.w); rect.r.h = rfbClientSwap16IfLE(rect.r.h); if (rect.encoding == rfbEncodingXCursor || rect.encoding == rfbEncodingRichCursor) { if (!HandleCursorShape(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h, rect.encoding)) { return FALSE; } continue; } if (rect.encoding == rfbEncodingPointerPos) { if (!client->HandleCursorPos(client,rect.r.x, rect.r.y)) { return FALSE; } continue; } if (rect.encoding == rfbEncodingKeyboardLedState) { client->KeyboardLedStateEnabled = 1; if (client->HandleKeyboardLedState!=NULL) client->HandleKeyboardLedState(client, rect.r.x, 0); client->CurrentKeyboardLedState = rect.r.x; continue; } if (rect.encoding == rfbEncodingNewFBSize) { client->width = rect.r.w; client->height = rect.r.h; client->updateRect.x = client->updateRect.y = 0; client->updateRect.w = client->width; client->updateRect.h = client->height; if (!client->MallocFrameBuffer(client)) return FALSE; SendFramebufferUpdateRequest(client, 0, 0, rect.r.w, rect.r.h, FALSE); rfbClientLog(""Got new framebuffer size: %dx%d\n"", rect.r.w, rect.r.h); continue; } if (rect.encoding == rfbEncodingSupportedMessages) { int loop; if (!ReadFromRFBServer(client, (char *)&client->supportedMessages, sz_rfbSupportedMessages)) return FALSE; rfbClientLog(""client2server supported messages (bit flags)\n""); for (loop=0;loop<32;loop+=8) rfbClientLog(""%02X: %04x %04x %04x %04x - %04x %04x %04x %04x\n"", loop, client->supportedMessages.client2server[loop], client->supportedMessages.client2server[loop+1], client->supportedMessages.client2server[loop+2], client->supportedMessages.client2server[loop+3], client->supportedMessages.client2server[loop+4], client->supportedMessages.client2server[loop+5], client->supportedMessages.client2server[loop+6], client->supportedMessages.client2server[loop+7]); rfbClientLog(""server2client supported messages (bit flags)\n""); for (loop=0;loop<32;loop+=8) rfbClientLog(""%02X: %04x %04x %04x %04x - %04x %04x %04x %04x\n"", loop, client->supportedMessages.server2client[loop], client->supportedMessages.server2client[loop+1], client->supportedMessages.server2client[loop+2], client->supportedMessages.server2client[loop+3], client->supportedMessages.server2client[loop+4], client->supportedMessages.server2client[loop+5], client->supportedMessages.server2client[loop+6], client->supportedMessages.server2client[loop+7]); continue; } if (rect.encoding == rfbEncodingSupportedEncodings) { char *buffer; buffer = malloc(rect.r.w); if (!ReadFromRFBServer(client, buffer, rect.r.w)) { free(buffer); return FALSE; } free(buffer); continue; } if (rect.encoding == rfbEncodingServerIdentity) { char *buffer; buffer = malloc(rect.r.w+1); if (!ReadFromRFBServer(client, buffer, rect.r.w)) { free(buffer); return FALSE; } buffer[rect.r.w]=0; rfbClientLog(""Connected to Server \""%s\""\n"", buffer); free(buffer); continue; } if (rect.encoding != rfbEncodingUltraZip) { if ((rect.r.x + rect.r.w > client->width) || (rect.r.y + rect.r.h > client->height)) { rfbClientLog(""Rect too large: %dx%d at (%d, %d)\n"", rect.r.w, rect.r.h, rect.r.x, rect.r.y); return FALSE; } client->SoftCursorLockArea(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h); } switch (rect.encoding) { case rfbEncodingRaw: { int y=rect.r.y, h=rect.r.h; bytesPerLine = rect.r.w * client->format.bitsPerPixel / 8; linesToRead = bytesPerLine ? (RFB_BUFFER_SIZE / bytesPerLine) : 0; while (linesToRead && h > 0) { if (linesToRead > h) linesToRead = h; if (!ReadFromRFBServer(client, client->buffer,bytesPerLine * linesToRead)) return FALSE; client->GotBitmap(client, (uint8_t *)client->buffer, rect.r.x, y, rect.r.w,linesToRead); h -= linesToRead; y += linesToRead; } break; } case rfbEncodingCopyRect: { rfbCopyRect cr; if (!ReadFromRFBServer(client, (char *)&cr, sz_rfbCopyRect)) return FALSE; cr.srcX = rfbClientSwap16IfLE(cr.srcX); cr.srcY = rfbClientSwap16IfLE(cr.srcY); client->SoftCursorLockArea(client, cr.srcX, cr.srcY, rect.r.w, rect.r.h); client->GotCopyRect(client, cr.srcX, cr.srcY, rect.r.w, rect.r.h, rect.r.x, rect.r.y); break; } case rfbEncodingRRE: { switch (client->format.bitsPerPixel) { case 8: if (!HandleRRE8(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 16: if (!HandleRRE16(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 32: if (!HandleRRE32(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; } break; } case rfbEncodingCoRRE: { switch (client->format.bitsPerPixel) { case 8: if (!HandleCoRRE8(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 16: if (!HandleCoRRE16(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 32: if (!HandleCoRRE32(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; } break; } case rfbEncodingHextile: { switch (client->format.bitsPerPixel) { case 8: if (!HandleHextile8(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 16: if (!HandleHextile16(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 32: if (!HandleHextile32(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; } break; } case rfbEncodingUltra: { switch (client->format.bitsPerPixel) { case 8: if (!HandleUltra8(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 16: if (!HandleUltra16(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 32: if (!HandleUltra32(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; } break; } case rfbEncodingUltraZip: { switch (client->format.bitsPerPixel) { case 8: if (!HandleUltraZip8(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 16: if (!HandleUltraZip16(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 32: if (!HandleUltraZip32(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; } break; } case rfbEncodingTRLE: { switch (client->format.bitsPerPixel) { case 8: if (!HandleTRLE8(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return FALSE; break; case 16: if (client->si.format.greenMax > 0x1F) { if (!HandleTRLE16(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return FALSE; } else { if (!HandleTRLE15(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return FALSE; } break; case 32: { uint32_t maxColor = (client->format.redMax << client->format.redShift) | (client->format.greenMax << client->format.greenShift) | (client->format.blueMax << client->format.blueShift); if ((client->format.bigEndian && (maxColor & 0xff) == 0) || (!client->format.bigEndian && (maxColor & 0xff000000) == 0)) { if (!HandleTRLE24(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return FALSE; } else if (!client->format.bigEndian && (maxColor & 0xff) == 0) { if (!HandleTRLE24Up(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return FALSE; } else if (client->format.bigEndian && (maxColor & 0xff000000) == 0) { if (!HandleTRLE24Down(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return FALSE; } else if (!HandleTRLE32(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h)) return FALSE; break; } } break; } #ifdef LIBVNCSERVER_HAVE_LIBZ case rfbEncodingZlib: { switch (client->format.bitsPerPixel) { case 8: if (!HandleZlib8(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 16: if (!HandleZlib16(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 32: if (!HandleZlib32(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; } break; } #ifdef LIBVNCSERVER_HAVE_LIBJPEG case rfbEncodingTight: { switch (client->format.bitsPerPixel) { case 8: if (!HandleTight8(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 16: if (!HandleTight16(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 32: if (!HandleTight32(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; } break; } #endif case rfbEncodingZRLE: client->appData.qualityLevel = 9; case rfbEncodingZYWRLE: { switch (client->format.bitsPerPixel) { case 8: if (!HandleZRLE8(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; case 16: if (client->si.format.greenMax > 0x1F) { if (!HandleZRLE16(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; } else { if (!HandleZRLE15(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; } break; case 32: { uint32_t maxColor=(client->format.redMax<format.redShift)| (client->format.greenMax<format.greenShift)| (client->format.blueMax<format.blueShift); if ((client->format.bigEndian && (maxColor&0xff)==0) || (!client->format.bigEndian && (maxColor&0xff000000)==0)) { if (!HandleZRLE24(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; } else if (!client->format.bigEndian && (maxColor&0xff)==0) { if (!HandleZRLE24Up(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; } else if (client->format.bigEndian && (maxColor&0xff000000)==0) { if (!HandleZRLE24Down(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; } else if (!HandleZRLE32(client, rect.r.x,rect.r.y,rect.r.w,rect.r.h)) return FALSE; break; } } break; } #endif default: { rfbBool handled = FALSE; rfbClientProtocolExtension* e; for(e = rfbClientExtensions; !handled && e; e = e->next) if(e->handleEncoding && e->handleEncoding(client, &rect)) handled = TRUE; if(!handled) { rfbClientLog(""Unknown rect encoding %d\n"", (int)rect.encoding); return FALSE; } } } client->SoftCursorUnlockScreen(client); client->GotFrameBufferUpdate(client, rect.r.x, rect.r.y, rect.r.w, rect.r.h); } if (!SendIncrementalFramebufferUpdateRequest(client)) return FALSE; if (client->FinishedFrameBufferUpdate) client->FinishedFrameBufferUpdate(client); break; } case rfbBell: { client->Bell(client); break; } case rfbServerCutText: { char *buffer; if (!ReadFromRFBServer(client, ((char *)&msg) + 1, sz_rfbServerCutTextMsg - 1)) return FALSE; msg.sct.length = rfbClientSwap32IfLE(msg.sct.length); if (msg.sct.length > 1<<20) { rfbClientErr(""Ignoring too big cut text length sent by server: %u B > 1 MB\n"", (unsigned int)msg.sct.length); return FALSE; } buffer = malloc((uint64_t)msg.sct.length+1); if (!ReadFromRFBServer(client, buffer, msg.sct.length)) { free(buffer); return FALSE; } buffer[msg.sct.length] = 0; if (client->GotXCutText) client->GotXCutText(client, buffer, msg.sct.length); free(buffer); break; } case rfbTextChat: { char *buffer=NULL; if (!ReadFromRFBServer(client, ((char *)&msg) + 1, sz_rfbTextChatMsg- 1)) return FALSE; msg.tc.length = rfbClientSwap32IfLE(msg.sct.length); switch(msg.tc.length) { case rfbTextChatOpen: rfbClientLog(""Received TextChat Open\n""); if (client->HandleTextChat!=NULL) client->HandleTextChat(client, (int)rfbTextChatOpen, NULL); break; case rfbTextChatClose: rfbClientLog(""Received TextChat Close\n""); if (client->HandleTextChat!=NULL) client->HandleTextChat(client, (int)rfbTextChatClose, NULL); break; case rfbTextChatFinished: rfbClientLog(""Received TextChat Finished\n""); if (client->HandleTextChat!=NULL) client->HandleTextChat(client, (int)rfbTextChatFinished, NULL); break; default: buffer=malloc(msg.tc.length+1); if (!ReadFromRFBServer(client, buffer, msg.tc.length)) { free(buffer); return FALSE; } buffer[msg.tc.length]=0; rfbClientLog(""Received TextChat \""%s\""\n"", buffer); if (client->HandleTextChat!=NULL) client->HandleTextChat(client, (int)msg.tc.length, buffer); free(buffer); break; } break; } case rfbXvp: { if (!ReadFromRFBServer(client, ((char *)&msg) + 1, sz_rfbXvpMsg -1)) return FALSE; SetClient2Server(client, rfbXvp); SetServer2Client(client, rfbXvp); if(client->HandleXvpMsg) client->HandleXvpMsg(client, msg.xvp.version, msg.xvp.code); break; } case rfbResizeFrameBuffer: { if (!ReadFromRFBServer(client, ((char *)&msg) + 1, sz_rfbResizeFrameBufferMsg -1)) return FALSE; client->width = rfbClientSwap16IfLE(msg.rsfb.framebufferWidth); client->height = rfbClientSwap16IfLE(msg.rsfb.framebufferHeigth); client->updateRect.x = client->updateRect.y = 0; client->updateRect.w = client->width; client->updateRect.h = client->height; if (!client->MallocFrameBuffer(client)) return FALSE; SendFramebufferUpdateRequest(client, 0, 0, client->width, client->height, FALSE); rfbClientLog(""Got new framebuffer size: %dx%d\n"", client->width, client->height); break; } case rfbPalmVNCReSizeFrameBuffer: { if (!ReadFromRFBServer(client, ((char *)&msg) + 1, sz_rfbPalmVNCReSizeFrameBufferMsg -1)) return FALSE; client->width = rfbClientSwap16IfLE(msg.prsfb.buffer_w); client->height = rfbClientSwap16IfLE(msg.prsfb.buffer_h); client->updateRect.x = client->updateRect.y = 0; client->updateRect.w = client->width; client->updateRect.h = client->height; if (!client->MallocFrameBuffer(client)) return FALSE; SendFramebufferUpdateRequest(client, 0, 0, client->width, client->height, FALSE); rfbClientLog(""Got new framebuffer size: %dx%d\n"", client->width, client->height); break; } default: { rfbBool handled = FALSE; rfbClientProtocolExtension* e; for(e = rfbClientExtensions; !handled && e; e = e->next) if(e->handleMessage && e->handleMessage(client, &msg)) handled = TRUE; if(!handled) { char buffer[256]; rfbClientLog(""Unknown message type %d from VNC server\n"",msg.type); ReadFromRFBServer(client, buffer, 256); return FALSE; } } } return TRUE; }",visit repo url,libvncclient/rfbproto.c,https://github.com/LibVNC/libvncserver,183887350371274,1 653,CWE-20,"static int pn_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct sk_buff *skb = NULL; struct sockaddr_pn sa; int rval = -EOPNOTSUPP; int copylen; if (flags & ~(MSG_PEEK|MSG_TRUNC|MSG_DONTWAIT|MSG_NOSIGNAL| MSG_CMSG_COMPAT)) goto out_nofree; if (addr_len) *addr_len = sizeof(sa); skb = skb_recv_datagram(sk, flags, noblock, &rval); if (skb == NULL) goto out_nofree; pn_skb_get_src_sockaddr(skb, &sa); copylen = skb->len; if (len < copylen) { msg->msg_flags |= MSG_TRUNC; copylen = len; } rval = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copylen); if (rval) { rval = -EFAULT; goto out; } rval = (flags & MSG_TRUNC) ? skb->len : copylen; if (msg->msg_name != NULL) memcpy(msg->msg_name, &sa, sizeof(struct sockaddr_pn)); out: skb_free_datagram(sk, skb); out_nofree: return rval; }",visit repo url,net/phonet/datagram.c,https://github.com/torvalds/linux,163310526685294,1 2525,CWE-20,"cleanup_pathname(struct archive_write_disk *a) { char *dest, *src; char separator = '\0'; dest = src = a->name; if (*src == '\0') { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Invalid empty pathname""); return (ARCHIVE_FAILED); } #if defined(__CYGWIN__) cleanup_pathname_win(a); #endif if (*src == '/') { if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Path is absolute""); return (ARCHIVE_FAILED); } separator = *src++; } for (;;) { if (src[0] == '\0') { break; } else if (src[0] == '/') { src++; continue; } else if (src[0] == '.') { if (src[1] == '\0') { break; } else if (src[1] == '/') { src += 2; continue; } else if (src[1] == '.') { if (src[2] == '/' || src[2] == '\0') { if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Path contains '..'""); return (ARCHIVE_FAILED); } } } } if (separator) *dest++ = '/'; while (*src != '\0' && *src != '/') { *dest++ = *src++; } if (*src == '\0') break; separator = *src++; } if (dest == a->name) { if (separator) *dest++ = '/'; else *dest++ = '.'; } *dest = '\0'; return (ARCHIVE_OK); }",visit repo url,libarchive/archive_write_disk_posix.c,https://github.com/libarchive/libarchive,186733801828152,1 3506,['CWE-20'],"void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) { if (!chunk->has_tsn) { chunk->subh.data_hdr->tsn = htonl(sctp_association_get_next_tsn(chunk->asoc)); chunk->has_tsn = 1; } }",linux-2.6,,,50273580505680547804571723992812962560,0 2109,CWE-200,"static int crypto_report_akcipher(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_akcipher rakcipher; strlcpy(rakcipher.type, ""akcipher"", sizeof(rakcipher.type)); if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER, sizeof(struct crypto_report_akcipher), &rakcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user_base.c,https://github.com/torvalds/linux,35960275363971,1 4359,CWE-59,"int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, rpmpsm psm, char ** failedFile) { FD_t payload = rpmtePayload(te); rpmfi fi = rpmfiNewArchiveReader(payload, files, RPMFI_ITER_READ_ARCHIVE); rpmfs fs = rpmteGetFileStates(te); rpmPlugins plugins = rpmtsPlugins(ts); struct stat sb; int saveerrno = errno; int rc = 0; int nodigest = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOFILEDIGEST) ? 1 : 0; int nofcaps = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOCAPS) ? 1 : 0; int firsthardlink = -1; int skip; rpmFileAction action; char *tid = NULL; const char *suffix; char *fpath = NULL; if (fi == NULL) { rc = RPMERR_BAD_MAGIC; goto exit; } rasprintf(&tid, "";%08x"", (unsigned)rpmtsGetTid(ts)); rc = fsmMkdirs(files, fs, plugins); while (!rc) { rc = rpmfiNext(fi); if (rc < 0) { if (rc == RPMERR_ITER_END) rc = 0; break; } action = rpmfsGetAction(fs, rpmfiFX(fi)); skip = XFA_SKIPPING(action); suffix = S_ISDIR(rpmfiFMode(fi)) ? NULL : tid; if (action != FA_TOUCH) { fpath = fsmFsPath(fi, suffix); } else { fpath = fsmFsPath(fi, """"); } rc = rpmfiStat(fi, 1, &sb); fsmDebug(fpath, action, &sb); if (rc) break; rc = rpmpluginsCallFsmFilePre(plugins, fi, fpath, sb.st_mode, action); if (rc) { skip = 1; } else { setFileState(fs, rpmfiFX(fi)); } if (!skip) { int setmeta = 1; if (!suffix) { rc = fsmBackup(fi, action); } if (!suffix) { rc = fsmVerify(fpath, fi); } else { rc = (action == FA_TOUCH) ? 0 : RPMERR_ENOENT; } if (S_ISREG(sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmMkfile(fi, fpath, files, psm, nodigest, &setmeta, &firsthardlink); } } else if (S_ISDIR(sb.st_mode)) { if (rc == RPMERR_ENOENT) { mode_t mode = sb.st_mode; mode &= ~07777; mode |= 00700; rc = fsmMkdir(fpath, mode); } } else if (S_ISLNK(sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmSymlink(rpmfiFLink(fi), fpath); } } else if (S_ISFIFO(sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmMkfifo(fpath, 0000); } } else if (S_ISCHR(sb.st_mode) || S_ISBLK(sb.st_mode) || S_ISSOCK(sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmMknod(fpath, sb.st_mode, sb.st_rdev); } } else { if (!IS_DEV_LOG(fpath)) rc = RPMERR_UNKNOWN_FILETYPE; } if (!rc && setmeta) { rc = fsmSetmeta(fpath, fi, plugins, action, &sb, nofcaps); } } else if (firsthardlink >= 0 && rpmfiArchiveHasContent(fi)) { char *fn = rpmfilesFN(files, firsthardlink); rc = expandRegular(fi, fn, psm, 0, nodigest, 0); firsthardlink = -1; free(fn); } if (rc) { if (!skip) { if (suffix && (action != FA_TOUCH)) { (void) fsmRemove(fpath, sb.st_mode); } errno = saveerrno; } } else { rpmpsmNotify(psm, RPMCALLBACK_INST_PROGRESS, rpmfiArchiveTell(fi)); if (!skip) { if (suffix) rc = fsmBackup(fi, action); if (!rc) rc = fsmCommit(&fpath, fi, action, suffix); } } if (rc) *failedFile = xstrdup(fpath); rpmpluginsCallFsmFilePost(plugins, fi, fpath, sb.st_mode, action, rc); fpath = _free(fpath); } rpmswAdd(rpmtsOp(ts, RPMTS_OP_UNCOMPRESS), fdOp(payload, FDSTAT_READ)); rpmswAdd(rpmtsOp(ts, RPMTS_OP_DIGEST), fdOp(payload, FDSTAT_DIGEST)); exit: rpmfiArchiveClose(fi); rpmfiFree(fi); Fclose(payload); free(tid); free(fpath); return rc; }",visit repo url,lib/fsm.c,https://github.com/rpm-software-management/rpm,199721437859011,1 5426,['CWE-476'],"int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data) { switch (msr) { case MSR_EFER: set_efer(vcpu, data); break; case MSR_IA32_MC0_STATUS: pr_unimpl(vcpu, ""%s: MSR_IA32_MC0_STATUS 0x%llx, nop\n"", __func__, data); break; case MSR_IA32_MCG_STATUS: pr_unimpl(vcpu, ""%s: MSR_IA32_MCG_STATUS 0x%llx, nop\n"", __func__, data); break; case MSR_IA32_MCG_CTL: pr_unimpl(vcpu, ""%s: MSR_IA32_MCG_CTL 0x%llx, nop\n"", __func__, data); break; case MSR_IA32_DEBUGCTLMSR: if (!data) { break; } else if (data & ~(DEBUGCTLMSR_LBR | DEBUGCTLMSR_BTF)) { return 1; } pr_unimpl(vcpu, ""%s: MSR_IA32_DEBUGCTLMSR 0x%llx, nop\n"", __func__, data); break; case MSR_IA32_UCODE_REV: case MSR_IA32_UCODE_WRITE: case MSR_VM_HSAVE_PA: break; case 0x200 ... 0x2ff: return set_msr_mtrr(vcpu, msr, data); case MSR_IA32_APICBASE: kvm_set_apic_base(vcpu, data); break; case MSR_IA32_MISC_ENABLE: vcpu->arch.ia32_misc_enable_msr = data; break; case MSR_KVM_WALL_CLOCK: vcpu->kvm->arch.wall_clock = data; kvm_write_wall_clock(vcpu->kvm, data); break; case MSR_KVM_SYSTEM_TIME: { if (vcpu->arch.time_page) { kvm_release_page_dirty(vcpu->arch.time_page); vcpu->arch.time_page = NULL; } vcpu->arch.time = data; if (!(data & 1)) break; vcpu->arch.time_offset = data & ~(PAGE_MASK | 1); vcpu->arch.time_page = gfn_to_page(vcpu->kvm, data >> PAGE_SHIFT); if (is_error_page(vcpu->arch.time_page)) { kvm_release_page_clean(vcpu->arch.time_page); vcpu->arch.time_page = NULL; } kvm_request_guest_time_update(vcpu); break; } default: pr_unimpl(vcpu, ""unhandled wrmsr: 0x%x data %llx\n"", msr, data); return 1; } return 0; }",linux-2.6,,,162361240264060788809609696727082435522,0 3368,CWE-119,"MagickBooleanType sixel_decode(unsigned char *p, unsigned char **pixels, size_t *pwidth, size_t *pheight, unsigned char **palette, size_t *ncolors ) { int n, i, r, g, b, sixel_vertical_mask, c; int posision_x, posision_y; int max_x, max_y; int attributed_pan, attributed_pad; int attributed_ph, attributed_pv; int repeat_count, color_index, max_color_index = 2, background_color_index; int param[10]; int sixel_palet[SIXEL_PALETTE_MAX]; unsigned char *imbuf, *dmbuf; int imsx, imsy; int dmsx, dmsy; int y; posision_x = posision_y = 0; max_x = max_y = 0; attributed_pan = 2; attributed_pad = 1; attributed_ph = attributed_pv = 0; repeat_count = 1; color_index = 0; background_color_index = 0; imsx = 2048; imsy = 2048; imbuf = (unsigned char *) AcquireQuantumMemory(imsx * imsy,1); if (imbuf == NULL) { return(MagickFalse); } for (n = 0; n < 16; n++) { sixel_palet[n] = sixel_default_color_table[n]; } for (r = 0; r < 6; r++) { for (g = 0; g < 6; g++) { for (b = 0; b < 6; b++) { sixel_palet[n++] = SIXEL_RGB(r * 51, g * 51, b * 51); } } } for (i = 0; i < 24; i++) { sixel_palet[n++] = SIXEL_RGB(i * 11, i * 11, i * 11); } for (; n < SIXEL_PALETTE_MAX; n++) { sixel_palet[n] = SIXEL_RGB(255, 255, 255); } (void) ResetMagickMemory(imbuf, background_color_index, imsx * imsy); while (*p != '\0') { if ((p[0] == '\033' && p[1] == 'P') || *p == 0x90) { if (*p == '\033') { p++; } p = get_params(++p, param, &n); if (*p == 'q') { p++; if (n > 0) { switch(param[0]) { case 0: case 1: attributed_pad = 2; break; case 2: attributed_pad = 5; break; case 3: attributed_pad = 4; break; case 4: attributed_pad = 4; break; case 5: attributed_pad = 3; break; case 6: attributed_pad = 3; break; case 7: attributed_pad = 2; break; case 8: attributed_pad = 2; break; case 9: attributed_pad = 1; break; } } if (n > 2) { if (param[2] == 0) { param[2] = 10; } attributed_pan = attributed_pan * param[2] / 10; attributed_pad = attributed_pad * param[2] / 10; if (attributed_pan <= 0) attributed_pan = 1; if (attributed_pad <= 0) attributed_pad = 1; } } } else if ((p[0] == '\033' && p[1] == '\\') || *p == 0x9C) { break; } else if (*p == '""') { p = get_params(++p, param, &n); if (n > 0) attributed_pad = param[0]; if (n > 1) attributed_pan = param[1]; if (n > 2 && param[2] > 0) attributed_ph = param[2]; if (n > 3 && param[3] > 0) attributed_pv = param[3]; if (attributed_pan <= 0) attributed_pan = 1; if (attributed_pad <= 0) attributed_pad = 1; if (imsx < attributed_ph || imsy < attributed_pv) { dmsx = imsx > attributed_ph ? imsx : attributed_ph; dmsy = imsy > attributed_pv ? imsy : attributed_pv; dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx * dmsy,1); if (dmbuf == (unsigned char *) NULL) { imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); return (MagickFalse); } (void) ResetMagickMemory(dmbuf, background_color_index, dmsx * dmsy); for (y = 0; y < imsy; ++y) { (void) CopyMagickMemory(dmbuf + dmsx * y, imbuf + imsx * y, imsx); } imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); imsx = dmsx; imsy = dmsy; imbuf = dmbuf; } } else if (*p == '!') { p = get_params(++p, param, &n); if (n > 0) { repeat_count = param[0]; } } else if (*p == '#') { p = get_params(++p, param, &n); if (n > 0) { if ((color_index = param[0]) < 0) { color_index = 0; } else if (color_index >= SIXEL_PALETTE_MAX) { color_index = SIXEL_PALETTE_MAX - 1; } } if (n > 4) { if (param[1] == 1) { if (param[2] > 360) param[2] = 360; if (param[3] > 100) param[3] = 100; if (param[4] > 100) param[4] = 100; sixel_palet[color_index] = hls_to_rgb(param[2] * 100 / 360, param[3], param[4]); } else if (param[1] == 2) { if (param[2] > 100) param[2] = 100; if (param[3] > 100) param[3] = 100; if (param[4] > 100) param[4] = 100; sixel_palet[color_index] = SIXEL_XRGB(param[2], param[3], param[4]); } } } else if (*p == '$') { p++; posision_x = 0; repeat_count = 1; } else if (*p == '-') { p++; posision_x = 0; posision_y += 6; repeat_count = 1; } else if (*p >= '?' && *p <= '\177') { if (imsx < (posision_x + repeat_count) || imsy < (posision_y + 6)) { int nx = imsx * 2; int ny = imsy * 2; while (nx < (posision_x + repeat_count) || ny < (posision_y + 6)) { nx *= 2; ny *= 2; } dmsx = nx; dmsy = ny; dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx * dmsy,1); if (dmbuf == (unsigned char *) NULL) { imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); return (MagickFalse); } (void) ResetMagickMemory(dmbuf, background_color_index, dmsx * dmsy); for (y = 0; y < imsy; ++y) { (void) CopyMagickMemory(dmbuf + dmsx * y, imbuf + imsx * y, imsx); } imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); imsx = dmsx; imsy = dmsy; imbuf = dmbuf; } if (color_index > max_color_index) { max_color_index = color_index; } if ((b = *(p++) - '?') == 0) { posision_x += repeat_count; } else { sixel_vertical_mask = 0x01; if (repeat_count <= 1) { for (i = 0; i < 6; i++) { if ((b & sixel_vertical_mask) != 0) { imbuf[imsx * (posision_y + i) + posision_x] = color_index; if (max_x < posision_x) { max_x = posision_x; } if (max_y < (posision_y + i)) { max_y = posision_y + i; } } sixel_vertical_mask <<= 1; } posision_x += 1; } else { for (i = 0; i < 6; i++) { if ((b & sixel_vertical_mask) != 0) { c = sixel_vertical_mask << 1; for (n = 1; (i + n) < 6; n++) { if ((b & c) == 0) { break; } c <<= 1; } for (y = posision_y + i; y < posision_y + i + n; ++y) { (void) ResetMagickMemory(imbuf + imsx * y + posision_x, color_index, repeat_count); } if (max_x < (posision_x + repeat_count - 1)) { max_x = posision_x + repeat_count - 1; } if (max_y < (posision_y + i + n - 1)) { max_y = posision_y + i + n - 1; } i += (n - 1); sixel_vertical_mask <<= (n - 1); } sixel_vertical_mask <<= 1; } posision_x += repeat_count; } } repeat_count = 1; } else { p++; } } if (++max_x < attributed_ph) { max_x = attributed_ph; } if (++max_y < attributed_pv) { max_y = attributed_pv; } if (imsx > max_x || imsy > max_y) { dmsx = max_x; dmsy = max_y; if ((dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx * dmsy,1)) == NULL) { imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); return (MagickFalse); } for (y = 0; y < dmsy; ++y) { (void) CopyMagickMemory(dmbuf + dmsx * y, imbuf + imsx * y, dmsx); } imbuf = (unsigned char *) RelinquishMagickMemory(imbuf); imsx = dmsx; imsy = dmsy; imbuf = dmbuf; } *pixels = imbuf; *pwidth = imsx; *pheight = imsy; *ncolors = max_color_index + 1; *palette = (unsigned char *) AcquireQuantumMemory(*ncolors,4); for (n = 0; n < (ssize_t) *ncolors; ++n) { (*palette)[n * 4 + 0] = sixel_palet[n] >> 16 & 0xff; (*palette)[n * 4 + 1] = sixel_palet[n] >> 8 & 0xff; (*palette)[n * 4 + 2] = sixel_palet[n] & 0xff; (*palette)[n * 4 + 3] = 0xff; } return(MagickTrue); }",visit repo url,coders/sixel.c,https://github.com/ImageMagick/ImageMagick,54849527919600,1 5045,CWE-787,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 118,['CWE-787'],"void isa_cirrus_vga_init(DisplayState *ds, uint8_t *vga_ram_base, unsigned long vga_ram_offset, int vga_ram_size) { CirrusVGAState *s; s = qemu_mallocz(sizeof(CirrusVGAState)); vga_common_init((VGAState *)s, ds, vga_ram_base, vga_ram_offset, vga_ram_size); cirrus_init_common(s, CIRRUS_ID_CLGD5430, 0); s->console = graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, s->text_update, s); }",qemu,,,39670308120443436878860438554011202811,0 896,['CWE-200'],"static int shmem_set_policy(struct vm_area_struct *vma, struct mempolicy *new) { struct inode *i = vma->vm_file->f_path.dentry->d_inode; return mpol_set_shared_policy(&SHMEM_I(i)->policy, vma, new); }",linux-2.6,,,331103912993487483470253714061620511772,0 5728,CWE-787,"int luaD_pretailcall (lua_State *L, CallInfo *ci, StkId func, int narg1, int delta) { retry: switch (ttypetag(s2v(func))) { case LUA_VCCL: return precallC(L, func, LUA_MULTRET, clCvalue(s2v(func))->f); case LUA_VLCF: return precallC(L, func, LUA_MULTRET, fvalue(s2v(func))); case LUA_VLCL: { Proto *p = clLvalue(s2v(func))->p; int fsize = p->maxstacksize; int nfixparams = p->numparams; int i; ci->func -= delta; for (i = 0; i < narg1; i++) setobjs2s(L, ci->func + i, func + i); checkstackGC(L, fsize); func = ci->func; for (; narg1 <= nfixparams; narg1++) setnilvalue(s2v(func + narg1)); ci->top = func + 1 + fsize; lua_assert(ci->top <= L->stack_last); ci->u.l.savedpc = p->code; ci->callstatus |= CIST_TAIL; L->top = func + narg1; return -1; } default: { func = luaD_tryfuncTM(L, func); narg1++; goto retry; } } }",visit repo url,ldo.c,https://github.com/lua/lua,222168173574608,1 1337,['CWE-399'],"static int __init sit_init(void) { int err; printk(KERN_INFO ""IPv6 over IPv4 tunneling driver\n""); if (xfrm4_tunnel_register(&sit_handler, AF_INET6) < 0) { printk(KERN_INFO ""sit init: Can't add protocol\n""); return -EAGAIN; } err = register_pernet_gen_device(&sit_net_id, &sit_net_ops); if (err < 0) xfrm4_tunnel_deregister(&sit_handler, AF_INET6); return err; }",linux-2.6,,,68763291547098362766145212431422740830,0 4009,['CWE-362'],"static inline int audit_dupe_lsm_field(struct audit_field *df, struct audit_field *sf) { int ret = 0; char *lsm_str; lsm_str = kstrdup(sf->lsm_str, GFP_KERNEL); if (unlikely(!lsm_str)) return -ENOMEM; df->lsm_str = lsm_str; ret = security_audit_rule_init(df->type, df->op, df->lsm_str, (void **)&df->lsm_rule); if (ret == -EINVAL) { printk(KERN_WARNING ""audit rule for LSM \'%s\' is "" ""invalid\n"", df->lsm_str); ret = 0; } return ret; }",linux-2.6,,,324321152343489501143243083261972858237,0 4209,CWE-787,"get_html_data (MAPI_Attr *a) { VarLenData **body = XCALLOC(VarLenData*, a->num_values + 1); int j; for (j = 0; j < a->num_values; j++) { body[j] = XMALLOC(VarLenData, 1); body[j]->len = a->values[j].len; body[j]->data = CHECKED_XCALLOC(unsigned char, a->values[j].len); memmove (body[j]->data, a->values[j].data.buf, body[j]->len); } return body; }",visit repo url,src/tnef.c,https://github.com/verdammelt/tnef,113940098504507,1 1755,[],"static unsigned long wakeup_gran(struct sched_entity *se) { unsigned long gran = sysctl_sched_wakeup_granularity; gran = calc_delta_asym(sysctl_sched_wakeup_granularity, se); return gran; }",linux-2.6,,,97115506079938432295094560807820992819,0 4622,['CWE-399'],"static void ext4_free_branches(handle_t *handle, struct inode *inode, struct buffer_head *parent_bh, __le32 *first, __le32 *last, int depth) { ext4_fsblk_t nr; __le32 *p; if (ext4_handle_is_aborted(handle)) return; if (depth--) { struct buffer_head *bh; int addr_per_block = EXT4_ADDR_PER_BLOCK(inode->i_sb); p = last; while (--p >= first) { nr = le32_to_cpu(*p); if (!nr) continue; bh = sb_bread(inode->i_sb, nr); if (!bh) { ext4_error(inode->i_sb, ""ext4_free_branches"", ""Read failure, inode=%lu, block=%llu"", inode->i_ino, nr); continue; } BUFFER_TRACE(bh, ""free child branches""); ext4_free_branches(handle, inode, bh, (__le32 *) bh->b_data, (__le32 *) bh->b_data + addr_per_block, depth); ext4_forget(handle, 1, inode, bh, bh->b_blocknr); if (ext4_handle_is_aborted(handle)) return; if (try_to_extend_transaction(handle, inode)) { ext4_mark_inode_dirty(handle, inode); ext4_journal_test_restart(handle, inode); } ext4_free_blocks(handle, inode, nr, 1, 1); if (parent_bh) { BUFFER_TRACE(parent_bh, ""get_write_access""); if (!ext4_journal_get_write_access(handle, parent_bh)){ *p = 0; BUFFER_TRACE(parent_bh, ""call ext4_handle_dirty_metadata""); ext4_handle_dirty_metadata(handle, inode, parent_bh); } } } } else { BUFFER_TRACE(parent_bh, ""free data blocks""); ext4_free_data(handle, inode, parent_bh, first, last); } }",linux-2.6,,,315286347221841906000854861039578197669,0 679,CWE-20,"static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t total_len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int error = 0; if (sk->sk_state & PPPOX_BOUND) { error = -EIO; goto end; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &error); if (error < 0) goto end; m->msg_namelen = 0; if (skb) { total_len = min_t(size_t, total_len, skb->len); error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len); if (error == 0) { consume_skb(skb); return total_len; } } kfree_skb(skb); end: return error; }",visit repo url,drivers/net/ppp/pppoe.c,https://github.com/torvalds/linux,210801352169286,1 3111,['CWE-189'],"void jpc_mqenc_setctxs(jpc_mqenc_t *mqenc, int numctxs, jpc_mqctx_t *ctxs) { jpc_mqstate_t **ctx; int n; ctx = mqenc->ctxs; n = JAS_MIN(mqenc->maxctxs, numctxs); while (--n >= 0) { *ctx = &jpc_mqstates[2 * ctxs->ind + ctxs->mps]; ++ctx; ++ctxs; } n = mqenc->maxctxs - numctxs; while (--n >= 0) { *ctx = &jpc_mqstates[0]; ++ctx; } }",jasper,,,55028813428272817461276883656234503176,0 5439,['CWE-476'],"void kvm_set_cr8(struct kvm_vcpu *vcpu, unsigned long cr8) { if (cr8 & CR8_RESERVED_BITS) { printk(KERN_DEBUG ""set_cr8: #GP, reserved bits 0x%lx\n"", cr8); kvm_inject_gp(vcpu, 0); return; } if (irqchip_in_kernel(vcpu->kvm)) kvm_lapic_set_tpr(vcpu, cr8); else vcpu->arch.cr8 = cr8; }",linux-2.6,,,94932680741401737240682694184717105912,0 6536,['CWE-200'],"service_get_secrets (NMExportedConnection *exported, const gchar *setting_name, const gchar **hints, gboolean request_new, DBusGMethodInvocation *context) { NMConnection *connection; GError *error = NULL; GHashTable *settings = NULL; GHashTable *secrets = NULL; NMSettingConnection *s_con; NMSetting *setting; const char *connection_id; const char *connection_type; connection = nm_exported_connection_get_connection (exported); setting = nm_connection_get_setting_by_name (connection, setting_name); if (!setting) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, ""%s.%d - Connection didn't have requested setting '%s'."", __FILE__, __LINE__, setting_name); secrets_return_error (context, error); return; } s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); connection_id = s_con ? nm_setting_connection_get_id (s_con) : NULL; connection_type = s_con ? nm_setting_connection_get_connection_type (s_con) : NULL; if (!s_con || !connection_id || !strlen (connection_id) || !connection_type) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, ""%s.%d - Connection didn't have required '"" NM_SETTING_CONNECTION_SETTING_NAME ""' setting , or the connection name was invalid."", __FILE__, __LINE__); secrets_return_error (context, error); return; } if (!strcmp (connection_type, NM_SETTING_VPN_SETTING_NAME)) goto get_secrets; if (request_new) { nm_info (""New secrets for %s/%s requested; ask the user"", connection_id, setting_name); nm_connection_clear_secrets (connection); goto get_secrets; } secrets = nm_gconf_get_keyring_items (connection, setting_name, FALSE, &error); if (!secrets) { if (error) { secrets_return_error (context, error); return; } nm_info (""No keyring secrets found for %s/%s; asking user."", connection_id, setting_name); goto get_secrets; } if (g_hash_table_size (secrets) == 0) { g_hash_table_destroy (secrets); nm_warning (""%s.%d - Secrets were found for setting '%s' but none"" "" were valid."", __FILE__, __LINE__, setting_name); goto get_secrets; } if (hints && g_strv_length ((char **) hints)) { FindHintsInfo info = { .found = FALSE, .hints = hints }; g_hash_table_foreach (secrets, find_hints_in_secrets, &info); if (info.found == FALSE) { g_hash_table_destroy (secrets); goto get_secrets; } } settings = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_hash_table_destroy); g_hash_table_insert (settings, g_strdup (setting_name), secrets); dbus_g_method_return (context, settings); g_hash_table_destroy (settings); return; get_secrets: g_signal_emit (exported, signals[NEW_SECRETS_REQUESTED], 0, setting_name, hints, request_new, context); }",network-manager-applet,,,281249232631965310165921238481869543468,0 6366,CWE-787,"show_tree(tree_t *t, int indent) { while (t) { if (t->markup == MARKUP_NONE) printf(""%*s\""%s\""\n"", indent, """", t->data); else printf(""%*s%s\n"", indent, """", _htmlMarkups[t->markup]); if (t->child) show_tree(t->child, indent + 2); t = t->next; } }",visit repo url,htmldoc/testhtml.cxx,https://github.com/michaelrsweet/htmldoc,222155520337651,1 236,CWE-362,"static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, unsigned long address, unsigned int *flags, int *nonblocking) { unsigned int fault_flags = 0; int ret; if ((*flags & (FOLL_POPULATE | FOLL_MLOCK)) == FOLL_MLOCK) return -ENOENT; if ((*flags & FOLL_POPULATE) && (stack_guard_page_start(vma, address) || stack_guard_page_end(vma, address + PAGE_SIZE))) return -ENOENT; if (*flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (*flags & FOLL_REMOTE) fault_flags |= FAULT_FLAG_REMOTE; if (nonblocking) fault_flags |= FAULT_FLAG_ALLOW_RETRY; if (*flags & FOLL_NOWAIT) fault_flags |= FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_RETRY_NOWAIT; if (*flags & FOLL_TRIED) { VM_WARN_ON_ONCE(fault_flags & FAULT_FLAG_ALLOW_RETRY); fault_flags |= FAULT_FLAG_TRIED; } ret = handle_mm_fault(vma, address, fault_flags); if (ret & VM_FAULT_ERROR) { if (ret & VM_FAULT_OOM) return -ENOMEM; if (ret & (VM_FAULT_HWPOISON | VM_FAULT_HWPOISON_LARGE)) return *flags & FOLL_HWPOISON ? -EHWPOISON : -EFAULT; if (ret & (VM_FAULT_SIGBUS | VM_FAULT_SIGSEGV)) return -EFAULT; BUG(); } if (tsk) { if (ret & VM_FAULT_MAJOR) tsk->maj_flt++; else tsk->min_flt++; } if (ret & VM_FAULT_RETRY) { if (nonblocking) *nonblocking = 0; return -EBUSY; } if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE)) *flags &= ~FOLL_WRITE; return 0; }",visit repo url,mm/gup.c,https://github.com/torvalds/linux,15206973430361,1 3574,['CWE-20'],"sctp_disposition_t sctp_sf_not_impl(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { return SCTP_DISPOSITION_NOT_IMPL; }",linux-2.6,,,131727410146873788803167124185248654701,0 3617,CWE-20,"mm_sshpam_init_ctx(Authctxt *authctxt) { Buffer m; int success; debug3(""%s"", __func__); buffer_init(&m); buffer_put_cstring(&m, authctxt->user); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); debug3(""%s: waiting for MONITOR_ANS_PAM_INIT_CTX"", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); success = buffer_get_int(&m); if (success == 0) { debug3(""%s: pam_init_ctx failed"", __func__); buffer_free(&m); return (NULL); } buffer_free(&m); return (authctxt); }",visit repo url,monitor_wrap.c,https://github.com/openssh/openssh-portable,180417249241003,1 3275,['CWE-189'],"static int bmp_gobble(jas_stream_t *in, long n) { while (--n >= 0) { if (jas_stream_getc(in) == EOF) { return -1; } } return 0; }",jasper,,,299526442829608633947158668466803284249,0 5263,['CWE-264'],"static bool nt4_compatible_acls(void) { int compat = lp_acl_compatibility(); if (compat == ACL_COMPAT_AUTO) { enum remote_arch_types ra_type = get_remote_arch(); return (ra_type <= RA_WINNT); } else return (compat == ACL_COMPAT_WINNT); }",samba,,,33177879429870682475784830997368920834,0 3780,CWE-416,"get_function_body( exarg_T *eap, garray_T *newlines, char_u *line_arg_in, char_u **line_to_free) { linenr_T sourcing_lnum_top = SOURCING_LNUM; linenr_T sourcing_lnum_off; int saved_wait_return = need_wait_return; char_u *line_arg = line_arg_in; int vim9_function = eap->cmdidx == CMD_def || eap->cmdidx == CMD_block; #define MAX_FUNC_NESTING 50 char nesting_def[MAX_FUNC_NESTING]; char nesting_inline[MAX_FUNC_NESTING]; int nesting = 0; getline_opt_T getline_options; int indent = 2; char_u *skip_until = NULL; int ret = FAIL; int is_heredoc = FALSE; int heredoc_concat_len = 0; garray_T heredoc_ga; char_u *heredoc_trimmed = NULL; ga_init2(&heredoc_ga, 1, 500); sourcing_lnum_off = get_sourced_lnum(eap->getline, eap->cookie); if (SOURCING_LNUM < sourcing_lnum_off) { sourcing_lnum_off -= SOURCING_LNUM; if (ga_grow(newlines, sourcing_lnum_off) == FAIL) goto theend; while (sourcing_lnum_off-- > 0) ((char_u **)(newlines->ga_data))[newlines->ga_len++] = NULL; } nesting_def[0] = vim9_function; nesting_inline[0] = eap->cmdidx == CMD_block; getline_options = vim9_function ? GETLINE_CONCAT_CONTBAR : GETLINE_CONCAT_CONT; for (;;) { char_u *theline; char_u *p; char_u *arg; if (KeyTyped) { msg_scroll = TRUE; saved_wait_return = FALSE; } need_wait_return = FALSE; if (line_arg != NULL) { theline = line_arg; p = vim_strchr(theline, '\n'); if (p == NULL) line_arg += STRLEN(line_arg); else { *p = NUL; line_arg = p + 1; } } else { vim_free(*line_to_free); if (eap->getline == NULL) theline = getcmdline(':', 0L, indent, getline_options); else theline = eap->getline(':', eap->cookie, indent, getline_options); *line_to_free = theline; } if (KeyTyped) lines_left = Rows - 1; if (theline == NULL) { SOURCING_LNUM = sourcing_lnum_top; if (skip_until != NULL) semsg(_(e_missing_heredoc_end_marker_str), skip_until); else if (nesting_inline[nesting]) emsg(_(e_missing_end_block)); else if (eap->cmdidx == CMD_def) emsg(_(e_missing_enddef)); else emsg(_(""E126: Missing :endfunction"")); goto theend; } sourcing_lnum_off = get_sourced_lnum(eap->getline, eap->cookie); if (SOURCING_LNUM < sourcing_lnum_off) sourcing_lnum_off -= SOURCING_LNUM; else sourcing_lnum_off = 0; if (skip_until != NULL) { if (heredoc_trimmed == NULL || (is_heredoc && skipwhite(theline) == theline) || STRNCMP(theline, heredoc_trimmed, STRLEN(heredoc_trimmed)) == 0) { if (heredoc_trimmed == NULL) p = theline; else if (is_heredoc) p = skipwhite(theline) == theline ? theline : theline + STRLEN(heredoc_trimmed); else p = theline + STRLEN(heredoc_trimmed); if (STRCMP(p, skip_until) == 0) { VIM_CLEAR(skip_until); VIM_CLEAR(heredoc_trimmed); getline_options = vim9_function ? GETLINE_CONCAT_CONTBAR : GETLINE_CONCAT_CONT; is_heredoc = FALSE; if (heredoc_concat_len > 0) { ga_concat(&heredoc_ga, theline); vim_free(((char_u **)(newlines->ga_data))[ heredoc_concat_len - 1]); ((char_u **)(newlines->ga_data))[ heredoc_concat_len - 1] = heredoc_ga.ga_data; ga_init(&heredoc_ga); heredoc_concat_len = 0; theline += STRLEN(theline); } } } } else { int c; char_u *end; for (p = theline; VIM_ISWHITE(*p) || *p == ':'; ++p) ; if (nesting_inline[nesting] ? *p == '}' : (checkforcmd(&p, nesting_def[nesting] ? ""enddef"" : ""endfunction"", 4) && *p != ':')) { if (nesting-- == 0) { char_u *nextcmd = NULL; if (*p == '|' || *p == '}') nextcmd = p + 1; else if (line_arg != NULL && *skipwhite(line_arg) != NUL) nextcmd = line_arg; else if (*p != NUL && *p != (vim9_function ? '#' : '""') && (vim9_function || p_verbose > 0)) { SOURCING_LNUM = sourcing_lnum_top + newlines->ga_len + 1; if (eap->cmdidx == CMD_def) semsg(_(e_text_found_after_enddef_str), p); else give_warning2((char_u *) _(""W22: Text found after :endfunction: %s""), p, TRUE); } if (nextcmd != NULL && *skipwhite(nextcmd) != NUL) { eap->nextcmd = nextcmd; if (*line_to_free != NULL) { vim_free(*eap->cmdlinep); *eap->cmdlinep = *line_to_free; *line_to_free = NULL; } } break; } } else if (nesting_def[nesting]) { if (checkforcmd(&p, ""endfunction"", 4) && *p != ':') emsg(_(e_mismatched_endfunction)); } else if (eap->cmdidx == CMD_def && checkforcmd(&p, ""enddef"", 4)) emsg(_(e_mismatched_enddef)); if (indent > 2 && (*p == '}' || STRNCMP(p, ""end"", 3) == 0)) indent -= 2; else if (STRNCMP(p, ""if"", 2) == 0 || STRNCMP(p, ""wh"", 2) == 0 || STRNCMP(p, ""for"", 3) == 0 || STRNCMP(p, ""try"", 3) == 0) indent += 2; c = *p; if (is_function_cmd(&p) || (eap->cmdidx == CMD_def && checkforcmd(&p, ""def"", 3))) { if (*p == '!') p = skipwhite(p + 1); p += eval_fname_script(p); vim_free(trans_function_name(&p, NULL, TRUE, 0, NULL, NULL, NULL)); if (*skipwhite(p) == '(') { if (nesting == MAX_FUNC_NESTING - 1) emsg(_(e_function_nesting_too_deep)); else { ++nesting; nesting_def[nesting] = (c == 'd'); nesting_inline[nesting] = FALSE; indent += 2; } } } if (nesting_def[nesting] ? *p != '#' : *p != '""') { end = p + STRLEN(p) - 1; while (end > p && VIM_ISWHITE(*end)) --end; if (end > p + 1 && *end == '{' && VIM_ISWHITE(end[-1])) { int is_block; --end; while (end > p && VIM_ISWHITE(*end)) --end; is_block = end > p + 2 && end[-1] == '=' && end[0] == '>'; if (!is_block) { char_u *s = p; is_block = checkforcmd_noparen(&s, ""autocmd"", 2) || checkforcmd_noparen(&s, ""command"", 3); } if (is_block) { if (nesting == MAX_FUNC_NESTING - 1) emsg(_(e_function_nesting_too_deep)); else { ++nesting; nesting_def[nesting] = TRUE; nesting_inline[nesting] = TRUE; indent += 2; } } } } p = skip_range(p, FALSE, NULL); if (!vim9_function && ((p[0] == 'a' && (!ASCII_ISALPHA(p[1]) || p[1] == 'p')) || (p[0] == 'c' && (!ASCII_ISALPHA(p[1]) || (p[1] == 'h' && (!ASCII_ISALPHA(p[2]) || (p[2] == 'a' && (STRNCMP(&p[3], ""nge"", 3) != 0 || !ASCII_ISALPHA(p[6]))))))) || (p[0] == 'i' && (!ASCII_ISALPHA(p[1]) || (p[1] == 'n' && (!ASCII_ISALPHA(p[2]) || (p[2] == 's' && (!ASCII_ISALPHA(p[3]) || p[3] == 'e')))))))) skip_until = vim_strsave((char_u *)"".""); arg = skipwhite(skiptowhite(p)); if (arg[0] == '<' && arg[1] =='<' && ((p[0] == 'p' && p[1] == 'y' && (!ASCII_ISALNUM(p[2]) || p[2] == 't' || ((p[2] == '3' || p[2] == 'x') && !ASCII_ISALPHA(p[3])))) || (p[0] == 'p' && p[1] == 'e' && (!ASCII_ISALPHA(p[2]) || p[2] == 'r')) || (p[0] == 't' && p[1] == 'c' && (!ASCII_ISALPHA(p[2]) || p[2] == 'l')) || (p[0] == 'l' && p[1] == 'u' && p[2] == 'a' && !ASCII_ISALPHA(p[3])) || (p[0] == 'r' && p[1] == 'u' && p[2] == 'b' && (!ASCII_ISALPHA(p[3]) || p[3] == 'y')) || (p[0] == 'm' && p[1] == 'z' && (!ASCII_ISALPHA(p[2]) || p[2] == 's')) )) { p = skipwhite(arg + 2); if (STRNCMP(p, ""trim"", 4) == 0) { p = skipwhite(p + 4); heredoc_trimmed = vim_strnsave(theline, skipwhite(theline) - theline); } if (*p == NUL) skip_until = vim_strsave((char_u *)"".""); else skip_until = vim_strnsave(p, skiptowhite(p) - p); getline_options = GETLINE_NONE; is_heredoc = TRUE; if (eap->cmdidx == CMD_def) heredoc_concat_len = newlines->ga_len + 1; } arg = skipwhite(skiptowhite(p)); if (*arg == '[') arg = vim_strchr(arg, ']'); if (arg != NULL) { int found = (eap->cmdidx == CMD_def && arg[0] == '=' && arg[1] == '<' && arg[2] =='<'); if (!found) arg = skipwhite(skiptowhite(arg)); if (found || (arg[0] == '=' && arg[1] == '<' && arg[2] =='<' && (checkforcmd(&p, ""let"", 2) || checkforcmd(&p, ""var"", 3) || checkforcmd(&p, ""final"", 5) || checkforcmd(&p, ""const"", 5)))) { p = skipwhite(arg + 3); if (STRNCMP(p, ""trim"", 4) == 0) { p = skipwhite(p + 4); heredoc_trimmed = vim_strnsave(theline, skipwhite(theline) - theline); } skip_until = vim_strnsave(p, skiptowhite(p) - p); getline_options = GETLINE_NONE; is_heredoc = TRUE; } } } if (ga_grow(newlines, 1 + sourcing_lnum_off) == FAIL) goto theend; if (heredoc_concat_len > 0) { ga_concat(&heredoc_ga, theline); ga_concat(&heredoc_ga, (char_u *)""\n""); p = vim_strsave((char_u *)""""); } else { p = vim_strsave(theline); } if (p == NULL) goto theend; ((char_u **)(newlines->ga_data))[newlines->ga_len++] = p; while (sourcing_lnum_off-- > 0) ((char_u **)(newlines->ga_data))[newlines->ga_len++] = NULL; if (line_arg != NULL && *line_arg == NUL) line_arg = NULL; } if (!did_emsg) ret = OK; theend: vim_free(skip_until); vim_free(heredoc_trimmed); vim_free(heredoc_ga.ga_data); need_wait_return |= saved_wait_return; return ret; }",visit repo url,src/userfunc.c,https://github.com/vim/vim,25806854287349,1 187,CWE-476,"void ax25_disconnect(ax25_cb *ax25, int reason) { ax25_clear_queues(ax25); if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY)) ax25_stop_heartbeat(ax25); ax25_stop_t1timer(ax25); ax25_stop_t2timer(ax25); ax25_stop_t3timer(ax25); ax25_stop_idletimer(ax25); ax25->state = AX25_STATE_0; ax25_link_failed(ax25, reason); if (ax25->sk != NULL) { local_bh_disable(); bh_lock_sock(ax25->sk); ax25->sk->sk_state = TCP_CLOSE; ax25->sk->sk_err = reason; ax25->sk->sk_shutdown |= SEND_SHUTDOWN; if (!sock_flag(ax25->sk, SOCK_DEAD)) { ax25->sk->sk_state_change(ax25->sk); sock_set_flag(ax25->sk, SOCK_DEAD); } bh_unlock_sock(ax25->sk); local_bh_enable(); } }",visit repo url,net/ax25/ax25_subr.c,https://github.com/torvalds/linux,24526027454288,1 6378,['CWE-200'],"static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n, void *arg) { struct net *net = sock_net(skb->sk); struct nlattr *tca[TCA_MAX + 1]; spinlock_t *root_lock; struct tcmsg *t; u32 protocol; u32 prio; u32 nprio; u32 parent; struct net_device *dev; struct Qdisc *q; struct tcf_proto **back, **chain; struct tcf_proto *tp; struct tcf_proto_ops *tp_ops; const struct Qdisc_class_ops *cops; unsigned long cl; unsigned long fh; int err; int tp_created = 0; if (net != &init_net) return -EINVAL; replay: t = NLMSG_DATA(n); protocol = TC_H_MIN(t->tcm_info); prio = TC_H_MAJ(t->tcm_info); nprio = prio; parent = t->tcm_parent; cl = 0; if (prio == 0) { if (n->nlmsg_type != RTM_NEWTFILTER || !(n->nlmsg_flags&NLM_F_CREATE)) return -ENOENT; prio = TC_H_MAKE(0x80000000U, 0U); } dev = __dev_get_by_index(&init_net, t->tcm_ifindex); if (dev == NULL) return -ENODEV; err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL); if (err < 0) return err; if (!parent) { q = dev->qdisc; parent = q->handle; } else { q = qdisc_lookup(dev, TC_H_MAJ(t->tcm_parent)); if (q == NULL) return -EINVAL; } if ((cops = q->ops->cl_ops) == NULL) return -EINVAL; if (cops->tcf_chain == NULL) return -EOPNOTSUPP; if (TC_H_MIN(parent)) { cl = cops->get(q, parent); if (cl == 0) return -ENOENT; } chain = cops->tcf_chain(q, cl); err = -EINVAL; if (chain == NULL) goto errout; for (back = chain; (tp=*back) != NULL; back = &tp->next) { if (tp->prio >= prio) { if (tp->prio == prio) { if (!nprio || (tp->protocol != protocol && protocol)) goto errout; } else tp = NULL; break; } } root_lock = qdisc_root_sleeping_lock(q); if (tp == NULL) { if (tca[TCA_KIND] == NULL || !protocol) goto errout; err = -ENOENT; if (n->nlmsg_type != RTM_NEWTFILTER || !(n->nlmsg_flags&NLM_F_CREATE)) goto errout; err = -ENOBUFS; tp = kzalloc(sizeof(*tp), GFP_KERNEL); if (tp == NULL) goto errout; err = -ENOENT; tp_ops = tcf_proto_lookup_ops(tca[TCA_KIND]); if (tp_ops == NULL) { #ifdef CONFIG_MODULES struct nlattr *kind = tca[TCA_KIND]; char name[IFNAMSIZ]; if (kind != NULL && nla_strlcpy(name, kind, IFNAMSIZ) < IFNAMSIZ) { rtnl_unlock(); request_module(""cls_%s"", name); rtnl_lock(); tp_ops = tcf_proto_lookup_ops(kind); if (tp_ops != NULL) { module_put(tp_ops->owner); err = -EAGAIN; } } #endif kfree(tp); goto errout; } tp->ops = tp_ops; tp->protocol = protocol; tp->prio = nprio ? : TC_H_MAJ(tcf_auto_prio(*back)); tp->q = q; tp->classify = tp_ops->classify; tp->classid = parent; err = tp_ops->init(tp); if (err != 0) { module_put(tp_ops->owner); kfree(tp); goto errout; } tp_created = 1; } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) goto errout; fh = tp->ops->get(tp, t->tcm_handle); if (fh == 0) { if (n->nlmsg_type == RTM_DELTFILTER && t->tcm_handle == 0) { spin_lock_bh(root_lock); *back = tp->next; spin_unlock_bh(root_lock); tfilter_notify(skb, n, tp, fh, RTM_DELTFILTER); tcf_destroy(tp); err = 0; goto errout; } err = -ENOENT; if (n->nlmsg_type != RTM_NEWTFILTER || !(n->nlmsg_flags & NLM_F_CREATE)) goto errout; } else { switch (n->nlmsg_type) { case RTM_NEWTFILTER: err = -EEXIST; if (n->nlmsg_flags & NLM_F_EXCL) { if (tp_created) tcf_destroy(tp); goto errout; } break; case RTM_DELTFILTER: err = tp->ops->delete(tp, fh); if (err == 0) tfilter_notify(skb, n, tp, fh, RTM_DELTFILTER); goto errout; case RTM_GETTFILTER: err = tfilter_notify(skb, n, tp, fh, RTM_NEWTFILTER); goto errout; default: err = -EINVAL; goto errout; } } err = tp->ops->change(tp, cl, t->tcm_handle, tca, &fh); if (err == 0) { if (tp_created) { spin_lock_bh(root_lock); tp->next = *back; *back = tp; spin_unlock_bh(root_lock); } tfilter_notify(skb, n, tp, fh, RTM_NEWTFILTER); } else { if (tp_created) tcf_destroy(tp); } errout: if (cl) cops->put(q, cl); if (err == -EAGAIN) goto replay; return err; }",linux-2.6,,,138355701075448118124249098728767193098,0 929,CWE-362,"void ath_tx_aggr_sleep(struct ieee80211_sta *sta, struct ath_softc *sc, struct ath_node *an) { struct ath_atx_tid *tid; struct ath_atx_ac *ac; struct ath_txq *txq; bool buffered; int tidno; for (tidno = 0, tid = &an->tid[tidno]; tidno < IEEE80211_NUM_TIDS; tidno++, tid++) { if (!tid->sched) continue; ac = tid->ac; txq = ac->txq; ath_txq_lock(sc, txq); buffered = ath_tid_has_buffered(tid); tid->sched = false; list_del(&tid->list); if (ac->sched) { ac->sched = false; list_del(&ac->list); } ath_txq_unlock(sc, txq); ieee80211_sta_set_buffered(sta, tidno, buffered); } }",visit repo url,drivers/net/wireless/ath/ath9k/xmit.c,https://github.com/torvalds/linux,56367039888776,1 4546,['CWE-20'],"static struct stats dx_show_leaf(struct dx_hash_info *hinfo, struct ext4_dir_entry_2 *de, int size, int show_names) { unsigned names = 0, space = 0; char *base = (char *) de; struct dx_hash_info h = *hinfo; printk(""names: ""); while ((char *) de < base + size) { if (de->inode) { if (show_names) { int len = de->name_len; char *name = de->name; while (len--) printk(""%c"", *name++); ext4fs_dirhash(de->name, de->name_len, &h); printk("":%x.%u "", h.hash, ((char *) de - base)); } space += EXT4_DIR_REC_LEN(de->name_len); names++; } de = ext4_next_entry(de); } printk(""(%i)\n"", names); return (struct stats) { names, space, 1 }; }",linux-2.6,,,168986737373606814614402262886125504361,0 416,CWE-416,"static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification) { int ret; struct fd f; struct sock *sock; struct inode *inode; struct mqueue_inode_info *info; struct sk_buff *nc; audit_mq_notify(mqdes, notification); nc = NULL; sock = NULL; if (notification != NULL) { if (unlikely(notification->sigev_notify != SIGEV_NONE && notification->sigev_notify != SIGEV_SIGNAL && notification->sigev_notify != SIGEV_THREAD)) return -EINVAL; if (notification->sigev_notify == SIGEV_SIGNAL && !valid_signal(notification->sigev_signo)) { return -EINVAL; } if (notification->sigev_notify == SIGEV_THREAD) { long timeo; nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL); if (!nc) { ret = -ENOMEM; goto out; } if (copy_from_user(nc->data, notification->sigev_value.sival_ptr, NOTIFY_COOKIE_LEN)) { ret = -EFAULT; goto out; } skb_put(nc, NOTIFY_COOKIE_LEN); retry: f = fdget(notification->sigev_signo); if (!f.file) { ret = -EBADF; goto out; } sock = netlink_getsockbyfilp(f.file); fdput(f); if (IS_ERR(sock)) { ret = PTR_ERR(sock); sock = NULL; goto out; } timeo = MAX_SCHEDULE_TIMEOUT; ret = netlink_attachskb(sock, nc, &timeo, NULL); if (ret == 1) goto retry; if (ret) { sock = NULL; nc = NULL; goto out; } } } f = fdget(mqdes); if (!f.file) { ret = -EBADF; goto out; } inode = file_inode(f.file); if (unlikely(f.file->f_op != &mqueue_file_operations)) { ret = -EBADF; goto out_fput; } info = MQUEUE_I(inode); ret = 0; spin_lock(&info->lock); if (notification == NULL) { if (info->notify_owner == task_tgid(current)) { remove_notification(info); inode->i_atime = inode->i_ctime = current_time(inode); } } else if (info->notify_owner != NULL) { ret = -EBUSY; } else { switch (notification->sigev_notify) { case SIGEV_NONE: info->notify.sigev_notify = SIGEV_NONE; break; case SIGEV_THREAD: info->notify_sock = sock; info->notify_cookie = nc; sock = NULL; nc = NULL; info->notify.sigev_notify = SIGEV_THREAD; break; case SIGEV_SIGNAL: info->notify.sigev_signo = notification->sigev_signo; info->notify.sigev_value = notification->sigev_value; info->notify.sigev_notify = SIGEV_SIGNAL; break; } info->notify_owner = get_pid(task_tgid(current)); info->notify_user_ns = get_user_ns(current_user_ns()); inode->i_atime = inode->i_ctime = current_time(inode); } spin_unlock(&info->lock); out_fput: fdput(f); out: if (sock) netlink_detachskb(sock, nc); else if (nc) dev_kfree_skb(nc); return ret; }",visit repo url,ipc/mqueue.c,https://github.com/torvalds/linux,185228712830535,1 4226,['CWE-399'],"static void pfifo_fast_reset(struct Qdisc* qdisc) { int prio; struct sk_buff_head *list = qdisc_priv(qdisc); for (prio = 0; prio < PFIFO_FAST_BANDS; prio++) __qdisc_reset_queue(qdisc, list + prio); qdisc->qstats.backlog = 0; qdisc->q.qlen = 0; }",linux-2.6,,,100926861755323071248082800622493777495,0 2197,['CWE-193'],"int filemap_write_and_wait(struct address_space *mapping) { int err = 0; if (mapping->nrpages) { err = filemap_fdatawrite(mapping); if (err != -EIO) { int err2 = filemap_fdatawait(mapping); if (!err) err = err2; } } return err; }",linux-2.6,,,99481310929163452645720239355511589629,0 3100,CWE-125,"int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) { char obj_txt[128]; int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); BIO_write(bio, obj_txt, len); BIO_write(bio, ""\n"", 1); return 1; }",visit repo url,crypto/ts/ts_lib.c,https://github.com/openssl/openssl,43342318276711,1 3279,['CWE-189'],"void jpc_pi_destroy(jpc_pi_t *pi) { jpc_picomp_t *picomp; int compno; if (pi->picomps) { for (compno = 0, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++picomp) { jpc_picomp_destroy(picomp); } jas_free(pi->picomps); } if (pi->pchglist) { jpc_pchglist_destroy(pi->pchglist); } jas_free(pi); }",jasper,,,85501482946431780781124527353872429049,0 5485,['CWE-476'],"int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) { struct fxsave *fxsave = (struct fxsave *)&vcpu->arch.guest_fx_image; vcpu_load(vcpu); memcpy(fxsave->st_space, fpu->fpr, 128); fxsave->cwd = fpu->fcw; fxsave->swd = fpu->fsw; fxsave->twd = fpu->ftwx; fxsave->fop = fpu->last_opcode; fxsave->rip = fpu->last_ip; fxsave->rdp = fpu->last_dp; memcpy(fxsave->xmm_space, fpu->xmm, sizeof fxsave->xmm_space); vcpu_put(vcpu); return 0; }",linux-2.6,,,61212624490117688464349211378872437620,0 4620,CWE-476,"GF_Err HintFile(GF_ISOFile *file, u32 MTUSize, u32 max_ptime, u32 rtp_rate, u32 base_flags, Bool copy_data, Bool interleave, Bool regular_iod, Bool single_group, Bool hint_no_offset) { GF_ESD *esd; GF_InitialObjectDescriptor *iod; u32 i, val, res, streamType; u32 sl_mode, prev_ocr, single_ocr, nb_done, tot_bw, bw, flags, spec_type; GF_Err e; char szPayload[30]; GF_RTPHinter *hinter; Bool copy, has_iod, single_av; u8 init_payt = BASE_PAYT; u32 mtype; GF_SDP_IODProfile iod_mode = GF_SDP_IOD_NONE; u32 media_group = 0; u8 media_prio = 0; tot_bw = 0; prev_ocr = 0; single_ocr = 1; has_iod = 1; iod = (GF_InitialObjectDescriptor *) gf_isom_get_root_od(file); if (!iod) has_iod = 0; else { if (!gf_list_count(iod->ESDescriptors)) has_iod = 0; gf_odf_desc_del((GF_Descriptor *) iod); } spec_type = gf_isom_guess_specification(file); single_av = single_group ? 1 : gf_isom_is_single_av(file); for (i=0; idecoderConfig->streamType; if (!prev_ocr) { prev_ocr = esd->OCRESID; if (!esd->OCRESID) prev_ocr = esd->ESID; } else if (esd->OCRESID && prev_ocr != esd->OCRESID) { single_ocr = 0; } if (streamType==1) copy = 1; } gf_odf_desc_del((GF_Descriptor *) esd); if (!regular_iod && gf_isom_is_track_in_root_od(file, i+1)) { if (gf_isom_get_sample_count(file, i+1)==1) { GF_ISOSample *samp = gf_isom_get_sample(file, i+1, 1, &val); if (streamType) { res = gf_hinter_can_embbed_data(samp->data, samp->dataLength, streamType); } else { res = 0; } if (samp) gf_isom_sample_del(&samp); if (res) continue; } } if (interleave) sl_mode |= GP_RTP_PCK_USE_INTERLEAVING; hinter = gf_hinter_track_new(file, i+1, MTUSize, max_ptime, rtp_rate, sl_mode, init_payt, copy, media_group, media_prio, &e); if (!hinter) { if (e) { M4_LOG(nb_done ? GF_LOG_WARNING : GF_LOG_ERROR, (""Cannot create hinter (%s)\n"", gf_error_to_string(e) )); if (!nb_done) return e; } continue; } if (hint_no_offset) gf_hinter_track_force_no_offsets(hinter); bw = gf_hinter_track_get_bandwidth(hinter); tot_bw += bw; flags = gf_hinter_track_get_flags(hinter); gf_isom_set_nalu_extract_mode(file, i+1, GF_ISOM_NALU_EXTRACT_LAYER_ONLY); gf_hinter_track_get_payload_name(hinter, szPayload); M4_LOG(GF_LOG_INFO, (""Hinting track ID %d - Type \""%s:%s\"" (%s) - BW %d kbps\n"", gf_isom_get_track_id(file, i+1), gf_4cc_to_str(mtype), gf_4cc_to_str(mtype), szPayload, bw)); if (flags & GP_RTP_PCK_SYSTEMS_CAROUSEL) M4_LOG(GF_LOG_INFO, (""\tMPEG-4 Systems stream carousel enabled\n"")); e = gf_hinter_track_process(hinter); if (!e) e = gf_hinter_track_finalize(hinter, has_iod); gf_hinter_track_del(hinter); if (e) { M4_LOG(GF_LOG_ERROR, (""Error while hinting (%s)\n"", gf_error_to_string(e))); if (!nb_done) return e; } init_payt++; nb_done ++; } if (has_iod) { iod_mode = GF_SDP_IOD_ISMA; if (regular_iod) iod_mode = GF_SDP_IOD_REGULAR; } else { iod_mode = GF_SDP_IOD_NONE; } gf_hinter_finalize(file, iod_mode, tot_bw); if (!single_ocr) M4_LOG(GF_LOG_WARNING, (""Warning: at least 2 timelines found in the file\nThis may not be supported by servers/players\n\n"")); return GF_OK; }",visit repo url,applications/mp4box/main.c,https://github.com/gpac/gpac,200438188596347,1 6539,CWE-552,"static char *get_data(struct libmnt_fs *fs, int num) { char *str = NULL; const char *t = NULL, *v = NULL; int col_id = get_column_id(num); switch (col_id) { case COL_SOURCES: if ((flags & FL_EVALUATE) && mnt_fs_get_tag(fs, &t, &v) == 0) { blkid_dev_iterate iter; blkid_dev dev; blkid_cache cache = NULL; struct ul_buffer buf = UL_INIT_BUFFER; int i = 0; if (blkid_get_cache(&cache, NULL) < 0) break; blkid_probe_all(cache); iter = blkid_dev_iterate_begin(cache); blkid_dev_set_search(iter, t, v); while (blkid_dev_next(iter, &dev) == 0) { dev = blkid_verify(cache, dev); if (!dev) continue; if (i != 0) ul_buffer_append_data(&buf, ""\n"", 1); ul_buffer_append_string(&buf, blkid_dev_devname(dev)); i++; } blkid_dev_iterate_end(iter); str = ul_buffer_get_data(&buf, NULL, NULL); break; } case COL_SOURCE: { const char *root = mnt_fs_get_root(fs); const char *spec = mnt_fs_get_srcpath(fs); char *cn = NULL; if (spec && (flags & FL_CANONICALIZE)) spec = cn = mnt_resolve_path(spec, cache); if (!spec) { spec = mnt_fs_get_source(fs); if (spec && (flags & FL_EVALUATE)) spec = cn = mnt_resolve_spec(spec, cache); } if (root && spec && !(flags & FL_NOFSROOT) && strcmp(root, ""/"") != 0) xasprintf(&str, ""%s[%s]"", spec, root); else if (spec) str = xstrdup(spec); if (!cache) free(cn); break; } case COL_TARGET: if (mnt_fs_get_target(fs)) str = xstrdup(mnt_fs_get_target(fs)); break; case COL_FSTYPE: if (mnt_fs_get_fstype(fs)) str = xstrdup(mnt_fs_get_fstype(fs)); break; case COL_OPTIONS: if (mnt_fs_get_options(fs)) str = xstrdup(mnt_fs_get_options(fs)); break; case COL_VFS_OPTIONS: if (flags & FL_VFS_ALL) str = mnt_fs_get_vfs_options_all(fs); else if (mnt_fs_get_vfs_options(fs)) str = xstrdup(mnt_fs_get_vfs_options(fs)); break; case COL_FS_OPTIONS: if (mnt_fs_get_fs_options(fs)) str = xstrdup(mnt_fs_get_fs_options(fs)); break; case COL_OPT_FIELDS: if (mnt_fs_get_optional_fields(fs)) str = xstrdup(mnt_fs_get_optional_fields(fs)); break; case COL_UUID: str = get_tag(fs, ""UUID"", col_id); break; case COL_PARTUUID: str = get_tag(fs, ""PARTUUID"", col_id); break; case COL_LABEL: str = get_tag(fs, ""LABEL"", col_id); break; case COL_PARTLABEL: str = get_tag(fs, ""PARTLABEL"", col_id); break; case COL_MAJMIN: { dev_t devno = mnt_fs_get_devno(fs); if (!devno) break; if ((flags & FL_RAW) || (flags & FL_EXPORT) || (flags & FL_JSON)) xasprintf(&str, ""%u:%u"", major(devno), minor(devno)); else xasprintf(&str, ""%3u:%-3u"", major(devno), minor(devno)); break; } case COL_SIZE: case COL_AVAIL: case COL_USED: case COL_USEPERC: str = get_vfs_attr(fs, col_id); break; case COL_FSROOT: if (mnt_fs_get_root(fs)) str = xstrdup(mnt_fs_get_root(fs)); break; case COL_TID: if (mnt_fs_get_tid(fs)) xasprintf(&str, ""%d"", mnt_fs_get_tid(fs)); break; case COL_ID: if (mnt_fs_get_id(fs)) xasprintf(&str, ""%d"", mnt_fs_get_id(fs)); break; case COL_PARENT: if (mnt_fs_get_parent_id(fs)) xasprintf(&str, ""%d"", mnt_fs_get_parent_id(fs)); break; case COL_PROPAGATION: if (mnt_fs_is_kernel(fs)) { unsigned long fl = 0; char *n = NULL; if (mnt_fs_get_propagation(fs, &fl) != 0) break; n = xstrdup((fl & MS_SHARED) ? ""shared"" : ""private""); if (fl & MS_SLAVE) { xasprintf(&str, ""%s,slave"", n); free(n); n = str; } if (fl & MS_UNBINDABLE) { xasprintf(&str, ""%s,unbindable"", n); free(n); n = str; } str = n; } break; case COL_FREQ: if (!mnt_fs_is_kernel(fs)) xasprintf(&str, ""%d"", mnt_fs_get_freq(fs)); break; case COL_PASSNO: if (!mnt_fs_is_kernel(fs)) xasprintf(&str, ""%d"", mnt_fs_get_passno(fs)); break; case COL_DELETED: str = xstrdup(mnt_fs_is_deleted(fs) ? ""1"" : ""0""); break; default: break; } return str; }",visit repo url,misc-utils/findmnt.c,https://github.com/util-linux/util-linux,109648821565761,1 6146,['CWE-200'],"struct neigh_parms *neigh_parms_alloc(struct net_device *dev, struct neigh_table *tbl) { struct neigh_parms *p = kmalloc(sizeof(*p), GFP_KERNEL); if (p) { memcpy(p, &tbl->parms, sizeof(*p)); p->tbl = tbl; atomic_set(&p->refcnt, 1); INIT_RCU_HEAD(&p->rcu_head); p->reachable_time = neigh_rand_reach_time(p->base_reachable_time); if (dev) { if (dev->neigh_setup && dev->neigh_setup(dev, p)) { kfree(p); return NULL; } dev_hold(dev); p->dev = dev; } p->sysctl_table = NULL; write_lock_bh(&tbl->lock); p->next = tbl->parms.next; tbl->parms.next = p; write_unlock_bh(&tbl->lock); } return p; }",linux-2.6,,,329265098453432390742388405733687323750,0 6104,['CWE-200'],"void addrconf_dad_failure(struct inet6_ifaddr *ifp) { if (net_ratelimit()) printk(KERN_INFO ""%s: duplicate address detected!\n"", ifp->idev->dev->name); if (ifp->flags&IFA_F_PERMANENT) { spin_lock_bh(&ifp->lock); addrconf_del_timer(ifp); ifp->flags |= IFA_F_TENTATIVE; spin_unlock_bh(&ifp->lock); in6_ifa_put(ifp); #ifdef CONFIG_IPV6_PRIVACY } else if (ifp->flags&IFA_F_TEMPORARY) { struct inet6_ifaddr *ifpub; spin_lock_bh(&ifp->lock); ifpub = ifp->ifpub; if (ifpub) { in6_ifa_hold(ifpub); spin_unlock_bh(&ifp->lock); ipv6_create_tempaddr(ifpub, ifp); in6_ifa_put(ifpub); } else { spin_unlock_bh(&ifp->lock); } ipv6_del_addr(ifp); #endif } else ipv6_del_addr(ifp); }",linux-2.6,,,73960311224547646820537514742017193253,0 582,[],"static ssize_t bad_file_splice_read(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { return -EIO; }",linux-2.6,,,305295236020963101790446385649418699458,0 810,CWE-20,"static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; unsigned int copied, rlen; struct sk_buff *skb, *cskb; int err = 0; pr_debug(""%p %zu\n"", sk, len); msg->msg_namelen = 0; lock_sock(sk); if (sk->sk_state == LLCP_CLOSED && skb_queue_empty(&sk->sk_receive_queue)) { release_sock(sk); return 0; } release_sock(sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { pr_err(""Recv datagram failed state %d %d %d"", sk->sk_state, err, sock_error(sk)); if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } rlen = skb->len; copied = min_t(unsigned int, rlen, len); cskb = skb; if (skb_copy_datagram_iovec(cskb, 0, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } sock_recv_timestamp(msg, sk, skb); if (sk->sk_type == SOCK_DGRAM && msg->msg_name) { struct nfc_llcp_ui_cb *ui_cb = nfc_llcp_ui_skb_cb(skb); struct sockaddr_nfc_llcp *sockaddr = (struct sockaddr_nfc_llcp *) msg->msg_name; msg->msg_namelen = sizeof(struct sockaddr_nfc_llcp); pr_debug(""Datagram socket %d %d\n"", ui_cb->dsap, ui_cb->ssap); memset(sockaddr, 0, sizeof(*sockaddr)); sockaddr->sa_family = AF_NFC; sockaddr->nfc_protocol = NFC_PROTO_NFC_DEP; sockaddr->dsap = ui_cb->dsap; sockaddr->ssap = ui_cb->ssap; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) { skb_pull(skb, copied); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); goto done; } } kfree_skb(skb); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/nfc/llcp_sock.c,https://github.com/torvalds/linux,259541481085604,1 2307,CWE-189,"static int opl3_load_patch(int dev, int format, const char __user *addr, int offs, int count, int pmgr_flag) { struct sbi_instrument ins; if (count = SBFM_MAXINSTR) { printk(KERN_WARNING ""FM Error: Invalid instrument number %d\n"", ins.channel); return -EINVAL; } ins.key = format; return store_instr(ins.channel, &ins); }",visit repo url,sound/oss/opl3.c,https://github.com/torvalds/linux,43984181509315,1 787,['CWE-119'],"static __inline__ int isdn_net_device_started(isdn_net_dev *n) { isdn_net_local *lp = n->local; struct net_device *dev; if (lp->master) dev = lp->master; else dev = n->dev; return netif_running(dev); }",linux-2.6,,,29260550235983162830868923818998069945,0 3526,['CWE-20'],"sctp_disposition_t sctp_sf_do_9_2_start_shutdown( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *reply; reply = sctp_make_shutdown(asoc, NULL); if (!reply) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN)); if (asoc->autoclose) sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_SHUTDOWN_SENT)); sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply)); return SCTP_DISPOSITION_CONSUME; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,24468236183245870245640473046318231003,0 5896,['CWE-200'],"static void nr_info_stop(struct seq_file *seq, void *v) { spin_unlock_bh(&nr_list_lock); }",linux-2.6,,,70720356136541710717783042836978521833,0 6058,['CWE-200'],"static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca, u32 pid, u32 seq, int event, unsigned int flags) { struct ifaddrmsg *ifm; struct nlmsghdr *nlh; struct ifa_cacheinfo ci; unsigned char *b = skb->tail; nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*ifm), flags); ifm = NLMSG_DATA(nlh); ifm->ifa_family = AF_INET6; ifm->ifa_prefixlen = 128; ifm->ifa_flags = IFA_F_PERMANENT; ifm->ifa_scope = RT_SCOPE_UNIVERSE; if (ipv6_addr_scope(&ifaca->aca_addr)&IFA_SITE) ifm->ifa_scope = RT_SCOPE_SITE; ifm->ifa_index = ifaca->aca_idev->dev->ifindex; RTA_PUT(skb, IFA_ANYCAST, 16, &ifaca->aca_addr); ci.cstamp = (__u32)(TIME_DELTA(ifaca->aca_cstamp, INITIAL_JIFFIES) / HZ * 100 + TIME_DELTA(ifaca->aca_cstamp, INITIAL_JIFFIES) % HZ * 100 / HZ); ci.tstamp = (__u32)(TIME_DELTA(ifaca->aca_tstamp, INITIAL_JIFFIES) / HZ * 100 + TIME_DELTA(ifaca->aca_tstamp, INITIAL_JIFFIES) % HZ * 100 / HZ); ci.ifa_prefered = INFINITY_LIFE_TIME; ci.ifa_valid = INFINITY_LIFE_TIME; RTA_PUT(skb, IFA_CACHEINFO, sizeof(ci), &ci); nlh->nlmsg_len = skb->tail - b; return skb->len; nlmsg_failure: rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,107699781408690212550433945392736114287,0 6181,CWE-190,"int fb_bits(const fb_t a) { int i = RLC_FB_DIGS - 1; while (i >= 0 && a[i] == 0) { i--; } if (i > 0) { return (i << RLC_DIG_LOG) + util_bits_dig(a[i]); } else { return util_bits_dig(a[0]); } }",visit repo url,src/fb/relic_fb_util.c,https://github.com/relic-toolkit/relic,142050207838007,1 436,[],"pfm_get_new_msg(pfm_context_t *ctx) { int idx, next; next = (ctx->ctx_msgq_tail+1) % PFM_MAX_MSGS; DPRINT((""ctx_fd=%p head=%d tail=%d\n"", ctx, ctx->ctx_msgq_head, ctx->ctx_msgq_tail)); if (next == ctx->ctx_msgq_head) return NULL; idx = ctx->ctx_msgq_tail; ctx->ctx_msgq_tail = next; DPRINT((""ctx=%p head=%d tail=%d msg=%d\n"", ctx, ctx->ctx_msgq_head, ctx->ctx_msgq_tail, idx)); return ctx->ctx_msgq+idx; }",linux-2.6,,,223229911998735496308633578671609454481,0 3706,[],"static struct sock *unix_seq_idx(struct seq_file *seq, loff_t pos) { struct unix_iter_state *iter = seq->private; loff_t off = 0; struct sock *s; for (s = first_unix_socket(&iter->i); s; s = next_unix_socket(&iter->i, s)) { if (sock_net(s) != seq_file_net(seq)) continue; if (off == pos) return s; ++off; } return NULL; }",linux-2.6,,,33034264550121532416910364643981788460,0 1029,['CWE-20'],"asmlinkage long sys_getresuid(uid_t __user *ruid, uid_t __user *euid, uid_t __user *suid) { int retval; if (!(retval = put_user(current->uid, ruid)) && !(retval = put_user(current->euid, euid))) retval = put_user(current->suid, suid); return retval; }",linux-2.6,,,131421256123114186152346452171562323562,0 5849,CWE-125,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_pli( const void *buf, pj_size_t length) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; PJ_ASSERT_RETURN(buf, PJ_EINVAL); if (length < 12) return PJ_ETOOSMALL; if (hdr->pt != RTCP_PSFB || hdr->count != 1) return PJ_ENOTFOUND; return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,17469031542658,1 85,['CWE-787'],"void isa_cirrus_vga_init(DisplayState *ds, uint8_t *vga_ram_base, unsigned long vga_ram_offset, int vga_ram_size) { CirrusVGAState *s; s = qemu_mallocz(sizeof(CirrusVGAState)); vga_common_init((VGAState *)s, ds, vga_ram_base, vga_ram_offset, vga_ram_size); cirrus_init_common(s, CIRRUS_ID_CLGD5430, 0); }",qemu,,,182836164532218607095796423356835835291,0 945,CWE-19,"xfs_attr3_leaf_clearflag( struct xfs_da_args *args) { struct xfs_attr_leafblock *leaf; struct xfs_attr_leaf_entry *entry; struct xfs_attr_leaf_name_remote *name_rmt; struct xfs_buf *bp; int error; #ifdef DEBUG struct xfs_attr3_icleaf_hdr ichdr; xfs_attr_leaf_name_local_t *name_loc; int namelen; char *name; #endif trace_xfs_attr_leaf_clearflag(args); error = xfs_attr3_leaf_read(args->trans, args->dp, args->blkno, -1, &bp); if (error) return(error); leaf = bp->b_addr; entry = &xfs_attr3_leaf_entryp(leaf)[args->index]; ASSERT(entry->flags & XFS_ATTR_INCOMPLETE); #ifdef DEBUG xfs_attr3_leaf_hdr_from_disk(&ichdr, leaf); ASSERT(args->index < ichdr.count); ASSERT(args->index >= 0); if (entry->flags & XFS_ATTR_LOCAL) { name_loc = xfs_attr3_leaf_name_local(leaf, args->index); namelen = name_loc->namelen; name = (char *)name_loc->nameval; } else { name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index); namelen = name_rmt->namelen; name = (char *)name_rmt->name; } ASSERT(be32_to_cpu(entry->hashval) == args->hashval); ASSERT(namelen == args->namelen); ASSERT(memcmp(name, args->name, namelen) == 0); #endif entry->flags &= ~XFS_ATTR_INCOMPLETE; xfs_trans_log_buf(args->trans, bp, XFS_DA_LOGRANGE(leaf, entry, sizeof(*entry))); if (args->rmtblkno) { ASSERT((entry->flags & XFS_ATTR_LOCAL) == 0); name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index); name_rmt->valueblk = cpu_to_be32(args->rmtblkno); name_rmt->valuelen = cpu_to_be32(args->valuelen); xfs_trans_log_buf(args->trans, bp, XFS_DA_LOGRANGE(leaf, name_rmt, sizeof(*name_rmt))); } return xfs_trans_roll(&args->trans, args->dp); }",visit repo url,fs/xfs/xfs_attr_leaf.c,https://github.com/torvalds/linux,225674625388006,1 3065,['CWE-189'],"static jas_iccattrval_t *jas_iccattrval_create0() { jas_iccattrval_t *attrval; if (!(attrval = jas_malloc(sizeof(jas_iccattrval_t)))) return 0; memset(attrval, 0, sizeof(jas_iccattrval_t)); attrval->refcnt = 0; attrval->ops = 0; attrval->type = 0; return attrval; }",jasper,,,58132860740248826164613412434165983587,0 3093,['CWE-189'],"jas_image_fmtinfo_t *jas_image_lookupfmtbyid(int id) { int i; jas_image_fmtinfo_t *fmtinfo; for (i = 0, fmtinfo = jas_image_fmtinfos; i < jas_image_numfmts; ++i, ++fmtinfo) { if (fmtinfo->id == id) { return fmtinfo; } } return 0; }",jasper,,,89373933722412143770116350822974265300,0 909,['CWE-200'],"static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *symname) { int error; int len; struct inode *inode; struct page *page = NULL; char *kaddr; struct shmem_inode_info *info; len = strlen(symname) + 1; if (len > PAGE_CACHE_SIZE) return -ENAMETOOLONG; inode = shmem_get_inode(dir->i_sb, S_IFLNK|S_IRWXUGO, 0); if (!inode) return -ENOSPC; error = security_inode_init_security(inode, dir, NULL, NULL, NULL); if (error) { if (error != -EOPNOTSUPP) { iput(inode); return error; } error = 0; } info = SHMEM_I(inode); inode->i_size = len-1; if (len <= (char *)inode - (char *)info) { memcpy(info, symname, len); inode->i_op = &shmem_symlink_inline_operations; } else { error = shmem_getpage(inode, 0, &page, SGP_WRITE, NULL); if (error) { iput(inode); return error; } inode->i_op = &shmem_symlink_inode_operations; kaddr = kmap_atomic(page, KM_USER0); memcpy(kaddr, symname, len); kunmap_atomic(kaddr, KM_USER0); set_page_dirty(page); page_cache_release(page); } if (dir->i_mode & S_ISGID) inode->i_gid = dir->i_gid; dir->i_size += BOGO_DIRENT_SIZE; dir->i_ctime = dir->i_mtime = CURRENT_TIME; d_instantiate(dentry, inode); dget(dentry); return 0; }",linux-2.6,,,37388357712280682092764134053098719783,0 3398,['CWE-264'],"asmlinkage long sys_chroot(const char __user * filename) { struct nameidata nd; int error; error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); if (error) goto out; error = vfs_permission(&nd, MAY_EXEC); if (error) goto dput_and_out; error = -EPERM; if (!capable(CAP_SYS_CHROOT)) goto dput_and_out; set_fs_root(current->fs, nd.mnt, nd.dentry); set_fs_altroot(); error = 0; dput_and_out: path_release(&nd); out: return error; }",linux-2.6,,,283656528200951505397234773063589060959,0 617,['CWE-189'],"static int ieee80211_verify_qos_info(struct ieee80211_qos_information_element *info_element, int sub_type) { if (info_element->qui_subtype != sub_type) return -1; if (memcmp(info_element->qui, qos_oui, QOS_OUI_LEN)) return -1; if (info_element->qui_type != QOS_OUI_TYPE) return -1; if (info_element->version != QOS_VERSION_1) return -1; return 0; }",linux-2.6,,,271392616173083822450202804077373324024,0 157,CWE-416,"static int sco_sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) { struct sock *sk = sock->sk; int err; BT_DBG(""sock %p, sk %p"", sock, sk); err = sock_error(sk); if (err) return err; if (msg->msg_flags & MSG_OOB) return -EOPNOTSUPP; lock_sock(sk); if (sk->sk_state == BT_CONNECTED) err = sco_send_frame(sk, msg, len); else err = -ENOTCONN; release_sock(sk); return err; }",visit repo url,net/bluetooth/sco.c,https://github.com/torvalds/linux,125898630952018,1 4263,CWE-125,"R_API bool r_io_bank_map_add_top(RIO *io, const ut32 bankid, const ut32 mapid) { RIOBank *bank = r_io_bank_get (io, bankid); RIOMap *map = r_io_map_get (io, mapid); r_return_val_if_fail (io && bank && map, false); RIOMapRef *mapref = _mapref_from_map (map); if (!mapref) { return false; } RIOSubMap *sm = r_io_submap_new (io, mapref); if (!sm) { free (mapref); return false; } RRBNode *entry = _find_entry_submap_node (bank, sm); if (!entry) { if (!r_crbtree_insert (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL)) { free (sm); free (mapref); return false; } r_list_append (bank->maprefs, mapref); return true; } bank->last_used = NULL; RIOSubMap *bd = (RIOSubMap *)entry->data; if (r_io_submap_to (bd) == r_io_submap_to (sm) && r_io_submap_from (bd) >= r_io_submap_from (sm)) { memcpy (bd, sm, sizeof (RIOSubMap)); free (sm); r_list_append (bank->maprefs, mapref); return true; } if (r_io_submap_from (bd) < r_io_submap_from (sm) && r_io_submap_to (sm) < r_io_submap_to (bd)) { RIOSubMap *bdsm = R_NEWCOPY (RIOSubMap, bd); if (!bdsm) { free (sm); free (mapref); return false; } r_io_submap_set_from (bdsm, r_io_submap_to (sm) + 1); r_io_submap_set_to (bd, r_io_submap_from (sm) - 1); if (!r_crbtree_insert (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL)) { free (sm); free (bdsm); free (mapref); return false; } if (!r_crbtree_insert (bank->submaps, bdsm, _find_sm_by_from_vaddr_cb, NULL)) { r_crbtree_delete (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL); free (sm); free (bdsm); free (mapref); return false; } r_list_append (bank->maprefs, mapref); return true; } if (r_io_submap_from (bd) < r_io_submap_from (sm)) { r_io_submap_set_to (bd, r_io_submap_from (sm) - 1); entry = r_rbnode_next (entry); } while (entry && r_io_submap_to (((RIOSubMap *)entry->data)) <= r_io_submap_to (sm)) { RRBNode *next = r_rbnode_next (entry); r_crbtree_delete (bank->submaps, entry->data, _find_sm_by_from_vaddr_cb, NULL); entry = next; } if (entry && r_io_submap_from (((RIOSubMap *)entry->data)) <= r_io_submap_to (sm)) { bd = (RIOSubMap *)entry->data; r_io_submap_set_from (bd, r_io_submap_to (sm) + 1); } if (!r_crbtree_insert (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL)) { free (sm); free (mapref); return false; } r_list_append (bank->maprefs, mapref); return true; }",visit repo url,libr/io/io_bank.c,https://github.com/radareorg/radare2,55638449573057,1 2325,CWE-20,"static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, X509 *cert) { if (SSL_get_verify_result(ssl) != X509_V_OK) { unsigned char md[EVP_MAX_MD_SIZE]; unsigned int n; char *str; g_warning(""Could not verify SSL servers certificate:""); if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL) g_warning("" Could not get subject-name from peer certificate""); else { g_warning("" Subject : %s"", str); free(str); } if ((str = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0)) == NULL) g_warning("" Could not get issuer-name from peer certificate""); else { g_warning("" Issuer : %s"", str); free(str); } if (! X509_digest(cert, EVP_md5(), md, &n)) g_warning("" Could not get fingerprint from peer certificate""); else { char hex[] = ""0123456789ABCDEF""; char fp[EVP_MAX_MD_SIZE*3]; if (n < sizeof(fp)) { unsigned int i; for (i = 0; i < n; i++) { fp[i*3+0] = hex[(md[i] >> 4) & 0xF]; fp[i*3+1] = hex[(md[i] >> 0) & 0xF]; fp[i*3+2] = i == n - 1 ? '\0' : ':'; } g_warning("" MD5 Fingerprint : %s"", fp); } } return FALSE; } return TRUE; }",visit repo url,src/core/network-openssl.c,https://github.com/ensc/irssi-proxy,246485064244658,1 6234,['CWE-200'],"int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb) { struct neigh_table *tbl; int t, family, s_t; read_lock(&neigh_tbl_lock); family = ((struct rtgenmsg *)NLMSG_DATA(cb->nlh))->rtgen_family; s_t = cb->args[0]; for (tbl = neigh_tables, t = 0; tbl; tbl = tbl->next, t++) { if (t < s_t || (family && tbl->family != family)) continue; if (t > s_t) memset(&cb->args[1], 0, sizeof(cb->args) - sizeof(cb->args[0])); if (neigh_dump_table(tbl, skb, cb) < 0) break; } read_unlock(&neigh_tbl_lock); cb->args[0] = t; return skb->len; }",linux-2.6,,,153104363676976623724188715551111326133,0 2842,CWE-681,"static BOOL update_recv_secondary_order(rdpUpdate* update, wStream* s, BYTE flags) { BOOL rc = FALSE; size_t start, end, diff; BYTE orderType; UINT16 extraFlags; UINT16 orderLength; rdpContext* context = update->context; rdpSettings* settings = context->settings; rdpSecondaryUpdate* secondary = update->secondary; const char* name; if (Stream_GetRemainingLength(s) < 5) { WLog_Print(update->log, WLOG_ERROR, ""Stream_GetRemainingLength(s) < 5""); return FALSE; } Stream_Read_UINT16(s, orderLength); Stream_Read_UINT16(s, extraFlags); Stream_Read_UINT8(s, orderType); if (Stream_GetRemainingLength(s) < orderLength + 7U) { WLog_Print(update->log, WLOG_ERROR, ""Stream_GetRemainingLength(s) %"" PRIuz "" < %"" PRIu16, Stream_GetRemainingLength(s), orderLength + 7); return FALSE; } start = Stream_GetPosition(s); name = secondary_order_string(orderType); WLog_Print(update->log, WLOG_DEBUG, ""Secondary Drawing Order %s"", name); if (!check_secondary_order_supported(update->log, settings, orderType, name)) return FALSE; switch (orderType) { case ORDER_TYPE_BITMAP_UNCOMPRESSED: case ORDER_TYPE_CACHE_BITMAP_COMPRESSED: { const BOOL compressed = (orderType == ORDER_TYPE_CACHE_BITMAP_COMPRESSED); CACHE_BITMAP_ORDER* order = update_read_cache_bitmap_order(update, s, compressed, extraFlags); if (order) { rc = IFCALLRESULT(FALSE, secondary->CacheBitmap, context, order); free_cache_bitmap_order(context, order); } } break; case ORDER_TYPE_BITMAP_UNCOMPRESSED_V2: case ORDER_TYPE_BITMAP_COMPRESSED_V2: { const BOOL compressed = (orderType == ORDER_TYPE_BITMAP_COMPRESSED_V2); CACHE_BITMAP_V2_ORDER* order = update_read_cache_bitmap_v2_order(update, s, compressed, extraFlags); if (order) { rc = IFCALLRESULT(FALSE, secondary->CacheBitmapV2, context, order); free_cache_bitmap_v2_order(context, order); } } break; case ORDER_TYPE_BITMAP_COMPRESSED_V3: { CACHE_BITMAP_V3_ORDER* order = update_read_cache_bitmap_v3_order(update, s, extraFlags); if (order) { rc = IFCALLRESULT(FALSE, secondary->CacheBitmapV3, context, order); free_cache_bitmap_v3_order(context, order); } } break; case ORDER_TYPE_CACHE_COLOR_TABLE: { CACHE_COLOR_TABLE_ORDER* order = update_read_cache_color_table_order(update, s, extraFlags); if (order) { rc = IFCALLRESULT(FALSE, secondary->CacheColorTable, context, order); free_cache_color_table_order(context, order); } } break; case ORDER_TYPE_CACHE_GLYPH: { switch (settings->GlyphSupportLevel) { case GLYPH_SUPPORT_PARTIAL: case GLYPH_SUPPORT_FULL: { CACHE_GLYPH_ORDER* order = update_read_cache_glyph_order(update, s, extraFlags); if (order) { rc = IFCALLRESULT(FALSE, secondary->CacheGlyph, context, order); free_cache_glyph_order(context, order); } } break; case GLYPH_SUPPORT_ENCODE: { CACHE_GLYPH_V2_ORDER* order = update_read_cache_glyph_v2_order(update, s, extraFlags); if (order) { rc = IFCALLRESULT(FALSE, secondary->CacheGlyphV2, context, order); free_cache_glyph_v2_order(context, order); } } break; case GLYPH_SUPPORT_NONE: default: break; } } break; case ORDER_TYPE_CACHE_BRUSH: { CACHE_BRUSH_ORDER* order = update_read_cache_brush_order(update, s, extraFlags); if (order) { rc = IFCALLRESULT(FALSE, secondary->CacheBrush, context, order); free_cache_brush_order(context, order); } } break; default: WLog_Print(update->log, WLOG_WARN, ""SECONDARY ORDER %s not supported"", name); break; } if (!rc) { WLog_Print(update->log, WLOG_ERROR, ""SECONDARY ORDER %s failed"", name); } start += orderLength + 7; end = Stream_GetPosition(s); if (start > end) { WLog_Print(update->log, WLOG_WARN, ""SECONDARY_ORDER %s: read %"" PRIuz ""bytes too much"", name, end - start); return FALSE; } diff = start - end; if (diff > 0) { WLog_Print(update->log, WLOG_DEBUG, ""SECONDARY_ORDER %s: read %"" PRIuz ""bytes short, skipping"", name, diff); Stream_Seek(s, diff); } return rc; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,63493696254834,1 1494,[],"static unsigned long long __sync_cpu_clock(cycles_t time, int cpu) { unsigned long flags; spin_lock_irqsave(&time_sync_lock, flags); if (time < prev_global_time) { per_cpu(time_offset, cpu) += prev_global_time - time; time = prev_global_time; } else { prev_global_time = time; } spin_unlock_irqrestore(&time_sync_lock, flags); return time; }",linux-2.6,,,180792140315571705317521896484164463208,0 6383,CWE-20,"error_t dm9000ReceivePacket(NetInterface *interface) { error_t error; size_t i; size_t n; size_t length; volatile uint8_t status; volatile uint16_t data; Dm9000Context *context; context = (Dm9000Context *) interface->nicContext; data = dm9000ReadReg(DM9000_REG_MRCMDX); DM9000_INDEX_REG = DM9000_REG_MRCMDX1; status = LSB(DM9000_DATA_REG); if(status == 0x01) { DM9000_INDEX_REG = DM9000_REG_MRCMD; status = MSB(DM9000_DATA_REG); length = DM9000_DATA_REG; n = MIN(length, ETH_MAX_FRAME_SIZE); i = 0; if((status & (RSR_LCS | RSR_RWTO | RSR_PLE | RSR_AE | RSR_CE | RSR_FOE)) == 0) { while((i + 1) < n) { data = DM9000_DATA_REG; context->rxBuffer[i++] = LSB(data); context->rxBuffer[i++] = MSB(data); } if((i + 1) == n) { data = DM9000_DATA_REG; context->rxBuffer[i] = LSB(data); i += 2; } error = NO_ERROR; } else { error = ERROR_INVALID_PACKET; } while(i < length) { data = DM9000_DATA_REG; i += 2; } } else { error = ERROR_BUFFER_EMPTY; } if(!error) { NetRxAncillary ancillary; ancillary = NET_DEFAULT_RX_ANCILLARY; nicProcessPacket(interface, context->rxBuffer, n, &ancillary); } return error; }",visit repo url,drivers/eth/dm9000_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,161418516466116,1 2730,CWE-415,"_php_mb_regex_init_options(const char *parg, int narg, OnigOptionType *option, OnigSyntaxType **syntax, int *eval) { int n; char c; int optm = 0; *syntax = ONIG_SYNTAX_RUBY; if (parg != NULL) { n = 0; while(n < narg) { c = parg[n++]; switch (c) { case 'i': optm |= ONIG_OPTION_IGNORECASE; break; case 'x': optm |= ONIG_OPTION_EXTEND; break; case 'm': optm |= ONIG_OPTION_MULTILINE; break; case 's': optm |= ONIG_OPTION_SINGLELINE; break; case 'p': optm |= ONIG_OPTION_MULTILINE | ONIG_OPTION_SINGLELINE; break; case 'l': optm |= ONIG_OPTION_FIND_LONGEST; break; case 'n': optm |= ONIG_OPTION_FIND_NOT_EMPTY; break; case 'j': *syntax = ONIG_SYNTAX_JAVA; break; case 'u': *syntax = ONIG_SYNTAX_GNU_REGEX; break; case 'g': *syntax = ONIG_SYNTAX_GREP; break; case 'c': *syntax = ONIG_SYNTAX_EMACS; break; case 'r': *syntax = ONIG_SYNTAX_RUBY; break; case 'z': *syntax = ONIG_SYNTAX_PERL; break; case 'b': *syntax = ONIG_SYNTAX_POSIX_BASIC; break; case 'd': *syntax = ONIG_SYNTAX_POSIX_EXTENDED; break; case 'e': if (eval != NULL) *eval = 1; break; default: break; } } if (option != NULL) *option|=optm; } }",visit repo url,ext/mbstring/php_mbregex.c,https://github.com/php/php-src,60617545397787,1 3747,CWE-476,"file_transfer_t *imcb_file_send_start(struct im_connection *ic, char *handle, char *file_name, size_t file_size) { bee_t *bee = ic->bee; bee_user_t *bu = bee_user_by_handle(bee, ic, handle); if (bee->ui->ft_in_start) { return bee->ui->ft_in_start(bee, bu, file_name, file_size); } else { return NULL; } }",visit repo url,protocols/bee_ft.c,https://github.com/bitlbee/bitlbee,30601872530856,1 1822,CWE-476,"static bool malidp_check_pages_threshold(struct malidp_plane_state *ms, u32 pgsize) { int i; for (i = 0; i < ms->n_planes; i++) { struct drm_gem_object *obj; struct drm_gem_cma_object *cma_obj; struct sg_table *sgt; struct scatterlist *sgl; obj = drm_gem_fb_get_obj(ms->base.fb, i); cma_obj = to_drm_gem_cma_obj(obj); if (cma_obj->sgt) sgt = cma_obj->sgt; else sgt = obj->funcs->get_sg_table(obj); if (!sgt) return false; sgl = sgt->sgl; while (sgl) { if (sgl->length < pgsize) { if (!cma_obj->sgt) kfree(sgt); return false; } sgl = sg_next(sgl); } if (!cma_obj->sgt) kfree(sgt); } return true; }",visit repo url,drivers/gpu/drm/arm/malidp_planes.c,https://github.com/torvalds/linux,253445673873358,1 4805,['CWE-399'],"static struct inotify_kernel_event * kernel_event(s32 wd, u32 mask, u32 cookie, const char *name) { struct inotify_kernel_event *kevent; kevent = kmem_cache_alloc(event_cachep, GFP_NOFS); if (unlikely(!kevent)) return NULL; memset(&kevent->event, 0, sizeof(struct inotify_event)); kevent->event.wd = wd; kevent->event.mask = mask; kevent->event.cookie = cookie; INIT_LIST_HEAD(&kevent->list); if (name) { size_t len, rem, event_size = sizeof(struct inotify_event); len = strlen(name) + 1; rem = event_size - len; if (len > event_size) { rem = event_size - (len % event_size); if (len % event_size == 0) rem = 0; } kevent->name = kmalloc(len + rem, GFP_KERNEL); if (unlikely(!kevent->name)) { kmem_cache_free(event_cachep, kevent); return NULL; } memcpy(kevent->name, name, len); if (rem) memset(kevent->name + len, 0, rem); kevent->event.len = len + rem; } else { kevent->event.len = 0; kevent->name = NULL; } return kevent; }",linux-2.6,,,4807772534563443337853574050247240460,0 6366,[],"void saveVCalendar (TNEFStruct *tnef, const gchar *tmpdir) { gchar *ifilename; variableLength *filename; gchar *charptr, *charptr2; FILE *fptr; gint index; DWORD *dword_ptr; DWORD dword_val; dtr thedate; ifilename = g_build_filename (tmpdir, ""calendar.vcf"", NULL); printf(""%s\n"", ifilename); if ((fptr = fopen(ifilename, ""wb""))==NULL) { printf(""Error writing file to disk!""); } else { fprintf(fptr, ""BEGIN:VCALENDAR\n""); if (tnef->messageClass[0] != 0) { charptr2=tnef->messageClass; charptr=charptr2; while (*charptr != 0) { if (*charptr == '.') { charptr2 = charptr; } charptr++; } if (strcmp(charptr2, "".MtgCncl"") == 0) { fprintf(fptr, ""METHOD:CANCEL\n""); } else { fprintf(fptr, ""METHOD:REQUEST\n""); } } else { fprintf(fptr, ""METHOD:REQUEST\n""); } fprintf(fptr, ""VERSION:2.0\n""); fprintf(fptr, ""BEGIN:VEVENT\n""); filename = NULL; if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_BINARY, 0x3))) == MAPI_UNDEFINED) { if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_BINARY, 0x23))) == MAPI_UNDEFINED) { filename = NULL; } } if (filename!=NULL) { fprintf(fptr, ""UID:""); for (index=0;indexsize;index++) { fprintf(fptr,""%02X"", (guchar)filename->data[index]); } fprintf(fptr,""\n""); } filename = NULL; if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_LONG, 0x8201))) != MAPI_UNDEFINED) { dword_ptr = (DWORD*)filename->data; fprintf(fptr, ""SEQUENCE:%i\n"", (gint) *dword_ptr); } if ((filename=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_BINARY, PR_SENDER_SEARCH_KEY))) != MAPI_UNDEFINED) { charptr = filename->data; charptr2 = strstr(charptr, "":""); if (charptr2 == NULL) charptr2 = charptr; else charptr2++; fprintf(fptr, ""ORGANIZER;CN=\""%s\"":MAILTO:%s\n"", charptr2, charptr2); } if ((filename = MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x823b))) != MAPI_UNDEFINED) { if (filename->size > 1) { charptr = filename->data-1; while (charptr != NULL) { charptr++; charptr2 = strstr(charptr, "";""); if (charptr2 != NULL) { *charptr2 = 0; } while (*charptr == ' ') charptr++; fprintf(fptr, ""ATTENDEE;PARTSTAT=NEEDS-ACTION;""); fprintf(fptr, ""ROLE=REQ-PARTICIPANT;RSVP=TRUE;""); fprintf(fptr, ""CN=\""%s\"":MAILTO:%s\n"", charptr, charptr); charptr = charptr2; } } if ((filename = MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x823c))) != MAPI_UNDEFINED) { if (filename->size > 1) { charptr = filename->data-1; while (charptr != NULL) { charptr++; charptr2 = strstr(charptr, "";""); if (charptr2 != NULL) { *charptr2 = 0; } while (*charptr == ' ') charptr++; fprintf(fptr, ""ATTENDEE;PARTSTAT=NEEDS-ACTION;""); fprintf(fptr, ""ROLE=OPT-PARTICIPANT;RSVP=TRUE;""); fprintf(fptr, ""CN=\""%s\"":MAILTO:%s\n"", charptr, charptr); charptr = charptr2; } } } } else if ((filename = MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x8238))) != MAPI_UNDEFINED) { if (filename->size > 1) { charptr = filename->data-1; while (charptr != NULL) { charptr++; charptr2 = strstr(charptr, "";""); if (charptr2 != NULL) { *charptr2 = 0; } while (*charptr == ' ') charptr++; fprintf(fptr, ""ATTENDEE;PARTSTAT=NEEDS-ACTION;""); fprintf(fptr, ""ROLE=REQ-PARTICIPANT;RSVP=TRUE;""); fprintf(fptr, ""CN=\""%s\"":MAILTO:%s\n"", charptr, charptr); charptr = charptr2; } } } filename = NULL; if ((filename=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_CONVERSATION_TOPIC))) != MAPI_UNDEFINED) { fprintf(fptr, ""SUMMARY:""); cstylefprint (fptr, filename); fprintf(fptr, ""\n""); } if ((filename=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_BINARY, PR_RTF_COMPRESSED))) != MAPI_UNDEFINED) { variableLength buf; if ((buf.data = (gchar *) DecompressRTF (filename, &buf.size)) != NULL) { fprintf(fptr, ""DESCRIPTION:""); printRtf (fptr, &buf); free (buf.data); } } filename = NULL; if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x0002))) == MAPI_UNDEFINED) { if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x8208))) == MAPI_UNDEFINED) { filename = NULL; } } if (filename != NULL) { fprintf(fptr,""LOCATION: %s\n"", filename->data); } filename = NULL; if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_SYSTIME, 0x820d))) == MAPI_UNDEFINED) { if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_SYSTIME, 0x8516))) == MAPI_UNDEFINED) { filename=NULL; } } if (filename != NULL) { fprintf(fptr, ""DTSTART:""); MAPISysTimetoDTR ((guchar *) filename->data, &thedate); fprintf(fptr,""%04i%02i%02iT%02i%02i%02iZ\n"", thedate.wYear, thedate.wMonth, thedate.wDay, thedate.wHour, thedate.wMinute, thedate.wSecond); } filename = NULL; if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_SYSTIME, 0x820e))) == MAPI_UNDEFINED) { if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_SYSTIME, 0x8517))) == MAPI_UNDEFINED) { filename=NULL; } } if (filename != NULL) { fprintf(fptr, ""DTEND:""); MAPISysTimetoDTR ((guchar *) filename->data, &thedate); fprintf(fptr,""%04i%02i%02iT%02i%02i%02iZ\n"", thedate.wYear, thedate.wMonth, thedate.wDay, thedate.wHour, thedate.wMinute, thedate.wSecond); } filename = NULL; if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_SYSTIME, 0x8202))) != MAPI_UNDEFINED) { fprintf(fptr, ""CREATED:""); MAPISysTimetoDTR ((guchar *) filename->data, &thedate); fprintf(fptr,""%04i%02i%02iT%02i%02i%02iZ\n"", thedate.wYear, thedate.wMonth, thedate.wDay, thedate.wHour, thedate.wMinute, thedate.wSecond); } filename = NULL; if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_BOOLEAN, 0x8506))) != MAPI_UNDEFINED) { dword_ptr = (DWORD*)filename->data; dword_val = SwapDWord ((BYTE*)dword_ptr); fprintf(fptr, ""CLASS:"" ); if (*dword_ptr == 1) { fprintf(fptr,""PRIVATE\n""); } else { fprintf(fptr,""PUBLIC\n""); } } filename = NULL; if ((filename=MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_BINARY, 0x8216))) != MAPI_UNDEFINED) { printRrule (fptr, filename->data, filename->size, tnef); } fprintf(fptr, ""END:VEVENT\n""); fprintf(fptr, ""END:VCALENDAR\n""); fclose (fptr); } g_free (ifilename); }",evolution,,,203510093158569760544696106776622828348,0 5753,['CWE-200'],"static int irda_release(struct socket *sock) { struct sock *sk = sock->sk; IRDA_DEBUG(2, ""%s()\n"", __func__); if (sk == NULL) return 0; lock_sock(sk); sk->sk_state = TCP_CLOSE; sk->sk_shutdown |= SEND_SHUTDOWN; sk->sk_state_change(sk); irda_destroy_socket(irda_sk(sk)); sock_orphan(sk); sock->sk = NULL; release_sock(sk); skb_queue_purge(&sk->sk_receive_queue); sock_put(sk); return 0; }",linux-2.6,,,303997685011292944697905307173739782301,0 2133,['CWE-119'],"static inline void native_write_ldt_entry(struct desc_struct *ldt, int entry, const void *desc) { memcpy(&ldt[entry], desc, 8); }",linux-2.6,,,142440315865880082606324674581001222284,0 679,[],"static void jpc_poc_destroyparms(jpc_ms_t *ms) { jpc_poc_t *poc = &ms->parms.poc; if (poc->pchgs) { jas_free(poc->pchgs); } }",jasper,,,306997461776417113282554910081712917062,0 3112,CWE-119,"void IGDstartelt(void * d, const char * name, int l) { struct IGDdatas * datas = (struct IGDdatas *)d; memcpy( datas->cureltname, name, l); datas->cureltname[l] = '\0'; datas->level++; if( (l==7) && !memcmp(name, ""service"", l) ) { datas->tmp.controlurl[0] = '\0'; datas->tmp.eventsuburl[0] = '\0'; datas->tmp.scpdurl[0] = '\0'; datas->tmp.servicetype[0] = '\0'; } }",visit repo url,miniupnpc/igd_desc_parse.c,https://github.com/miniupnp/miniupnp,182733921065125,1 6370,CWE-787,"write_file(tree_t *t, FILE *fp, int col) { int i; uchar *ptr; while (t != NULL) { if (t->markup == MARKUP_NONE) { if (t->preformatted) { for (ptr = t->data; *ptr != '\0'; ptr ++) fputs((char *)iso8859(*ptr), fp); if (t->data[strlen((char *)t->data) - 1] == '\n') col = 0; else col += strlen((char *)t->data); } else { if ((col + (int)strlen((char *)t->data)) > 72 && col > 0) { putc('\n', fp); col = 0; } for (ptr = t->data; *ptr != '\0'; ptr ++) fputs((char *)iso8859(*ptr), fp); col += strlen((char *)t->data); if (col > 72) { putc('\n', fp); col = 0; } } } else if (t->markup == MARKUP_COMMENT) fprintf(fp, ""\n\n"", t->data); else if (t->markup > 0) { switch (t->markup) { case MARKUP_AREA : case MARKUP_BR : case MARKUP_CENTER : case MARKUP_COMMENT : case MARKUP_DD : case MARKUP_DL : case MARKUP_DT : case MARKUP_H1 : case MARKUP_H2 : case MARKUP_H3 : case MARKUP_H4 : case MARKUP_H5 : case MARKUP_H6 : case MARKUP_HEAD : case MARKUP_HR : case MARKUP_LI : case MARKUP_MAP : case MARKUP_OL : case MARKUP_P : case MARKUP_PRE : case MARKUP_TABLE : case MARKUP_TITLE : case MARKUP_TR : case MARKUP_UL : case MARKUP_DIR : case MARKUP_MENU : if (col > 0) { putc('\n', fp); col = 0; } default : break; } col += fprintf(fp, ""<%s"", _htmlMarkups[t->markup]); for (i = 0; i < t->nvars; i ++) { if (col > 72 && !t->preformatted) { putc('\n', fp); col = 0; } if (col > 0) { putc(' ', fp); col ++; } if (t->vars[i].value == NULL) col += fprintf(fp, ""%s"", t->vars[i].name); else if (strchr((char *)t->vars[i].value, '\""') != NULL) col += fprintf(fp, ""%s=\'%s\'"", t->vars[i].name, t->vars[i].value); else col += fprintf(fp, ""%s=\""%s\"""", t->vars[i].name, t->vars[i].value); } putc('>', fp); col ++; if (col > 72 && !t->preformatted) { putc('\n', fp); col = 0; } if (t->child != NULL) { col = write_file(t->child, fp, col); if (col > 72 && !t->preformatted) { putc('\n', fp); col = 0; } col += fprintf(fp, """", _htmlMarkups[t->markup]); switch (t->markup) { case MARKUP_AREA : case MARKUP_BR : case MARKUP_CENTER : case MARKUP_COMMENT : case MARKUP_DD : case MARKUP_DL : case MARKUP_DT : case MARKUP_H1 : case MARKUP_H2 : case MARKUP_H3 : case MARKUP_H4 : case MARKUP_H5 : case MARKUP_H6 : case MARKUP_HEAD : case MARKUP_HR : case MARKUP_LI : case MARKUP_MAP : case MARKUP_OL : case MARKUP_P : case MARKUP_PRE : case MARKUP_TABLE : case MARKUP_TITLE : case MARKUP_TR : case MARKUP_UL : case MARKUP_DIR : case MARKUP_MENU : putc('\n', fp); col = 0; default : break; } } } t = t->next; } return (col); }",visit repo url,htmldoc/htmllib.cxx,https://github.com/michaelrsweet/htmldoc,118119904538603,1 4552,['CWE-20'],"static int ext4_symlink(struct inode *dir, struct dentry *dentry, const char *symname) { handle_t *handle; struct inode *inode; int l, err, retries = 0; l = strlen(symname)+1; if (l > dir->i_sb->s_blocksize) return -ENAMETOOLONG; retry: handle = ext4_journal_start(dir, EXT4_DATA_TRANS_BLOCKS(dir->i_sb) + EXT4_INDEX_EXTRA_TRANS_BLOCKS + 5 + 2*EXT4_QUOTA_INIT_BLOCKS(dir->i_sb)); if (IS_ERR(handle)) return PTR_ERR(handle); if (IS_DIRSYNC(dir)) ext4_handle_sync(handle); inode = ext4_new_inode(handle, dir, S_IFLNK|S_IRWXUGO); err = PTR_ERR(inode); if (IS_ERR(inode)) goto out_stop; if (l > sizeof(EXT4_I(inode)->i_data)) { inode->i_op = &ext4_symlink_inode_operations; ext4_set_aops(inode); err = __page_symlink(inode, symname, l, 1); if (err) { clear_nlink(inode); unlock_new_inode(inode); ext4_mark_inode_dirty(handle, inode); iput(inode); goto out_stop; } } else { EXT4_I(inode)->i_flags &= ~EXT4_EXTENTS_FL; inode->i_op = &ext4_fast_symlink_inode_operations; memcpy((char *)&EXT4_I(inode)->i_data, symname, l); inode->i_size = l-1; } EXT4_I(inode)->i_disksize = inode->i_size; err = ext4_add_nondir(handle, dentry, inode); out_stop: ext4_journal_stop(handle); if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries)) goto retry; return err; }",linux-2.6,,,285959431841467605949868956692445311295,0 4350,['CWE-399'],"long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) { key_ref_t keyring_ref, key_ref; long ret; keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE); if (IS_ERR(keyring_ref)) { ret = PTR_ERR(keyring_ref); goto error; } key_ref = lookup_user_key(id, 1, 0, KEY_LINK); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); goto error2; } ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); key_ref_put(key_ref); error2: key_ref_put(keyring_ref); error: return ret; } ",linux-2.6,,,16530619396709140783862255187685518683,0 91,['CWE-787'],"static void cirrus_cursor_invalidate(VGAState *s1) { CirrusVGAState *s = (CirrusVGAState *)s1; int size; if (!s->sr[0x12] & CIRRUS_CURSOR_SHOW) { size = 0; } else { if (s->sr[0x12] & CIRRUS_CURSOR_LARGE) size = 64; else size = 32; } if (s->last_hw_cursor_size != size || s->last_hw_cursor_x != s->hw_cursor_x || s->last_hw_cursor_y != s->hw_cursor_y) { invalidate_cursor1(s); s->last_hw_cursor_size = size; s->last_hw_cursor_x = s->hw_cursor_x; s->last_hw_cursor_y = s->hw_cursor_y; cirrus_cursor_compute_yrange(s); invalidate_cursor1(s); } }",qemu,,,52834188195518314068716196171984629509,0 4218,['CWE-399'],"static void dev_watchdog(unsigned long arg) { struct net_device *dev = (struct net_device *)arg; netif_tx_lock(dev); if (dev->qdisc != &noop_qdisc) { if (netif_device_present(dev) && netif_running(dev) && netif_carrier_ok(dev)) { if (netif_queue_stopped(dev) && time_after(jiffies, dev->trans_start + dev->watchdog_timeo)) { printk(KERN_INFO ""NETDEV WATCHDOG: %s: transmit timed out\n"", dev->name); dev->tx_timeout(dev); } if (!mod_timer(&dev->watchdog_timer, round_jiffies(jiffies + dev->watchdog_timeo))) dev_hold(dev); } } netif_tx_unlock(dev); dev_put(dev); }",linux-2.6,,,281301547186412873095458320275444881906,0 5875,['CWE-200'],"static int nr_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock *sk = sock->sk; struct nr_sock *nr = nr_sk(sk); struct sockaddr_ax25 *usax = (struct sockaddr_ax25 *)msg->msg_name; int err; struct sockaddr_ax25 sax; struct sk_buff *skb; unsigned char *asmptr; int size; if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_EOR|MSG_CMSG_COMPAT)) return -EINVAL; lock_sock(sk); if (sock_flag(sk, SOCK_ZAPPED)) { err = -EADDRNOTAVAIL; goto out; } if (sk->sk_shutdown & SEND_SHUTDOWN) { send_sig(SIGPIPE, current, 0); err = -EPIPE; goto out; } if (nr->device == NULL) { err = -ENETUNREACH; goto out; } if (usax) { if (msg->msg_namelen < sizeof(sax)) { err = -EINVAL; goto out; } sax = *usax; if (ax25cmp(&nr->dest_addr, &sax.sax25_call) != 0) { err = -EISCONN; goto out; } if (sax.sax25_family != AF_NETROM) { err = -EINVAL; goto out; } } else { if (sk->sk_state != TCP_ESTABLISHED) { err = -ENOTCONN; goto out; } sax.sax25_family = AF_NETROM; sax.sax25_call = nr->dest_addr; } SOCK_DEBUG(sk, ""NET/ROM: sendto: Addresses built.\n""); if (len > 65536) { err = -EMSGSIZE; goto out; } SOCK_DEBUG(sk, ""NET/ROM: sendto: building packet.\n""); size = len + NR_NETWORK_LEN + NR_TRANSPORT_LEN; if ((skb = sock_alloc_send_skb(sk, size, msg->msg_flags & MSG_DONTWAIT, &err)) == NULL) goto out; skb_reserve(skb, size - len); skb_reset_transport_header(skb); asmptr = skb_push(skb, NR_TRANSPORT_LEN); SOCK_DEBUG(sk, ""Building NET/ROM Header.\n""); *asmptr++ = nr->your_index; *asmptr++ = nr->your_id; *asmptr++ = 0; *asmptr++ = 0; *asmptr++ = NR_INFO; SOCK_DEBUG(sk, ""Built header.\n""); skb_put(skb, len); SOCK_DEBUG(sk, ""NET/ROM: Appending user data\n""); if (memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len)) { kfree_skb(skb); err = -EFAULT; goto out; } SOCK_DEBUG(sk, ""NET/ROM: Transmitting buffer\n""); if (sk->sk_state != TCP_ESTABLISHED) { kfree_skb(skb); err = -ENOTCONN; goto out; } nr_output(sk, skb); err = len; out: release_sock(sk); return err; }",linux-2.6,,,57652077106035321947693170715904348651,0 4755,CWE-119,"static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* serial) { cac_private_data_t * priv = CAC_DATA(card); SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->serialnr.len) { *serial = card->serialnr; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } if (priv->cac_id_len) { serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR); memcpy(serial->value, priv->cac_id, priv->cac_id_len); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); }",visit repo url,src/libopensc/card-cac.c,https://github.com/OpenSC/OpenSC,194185458772061,1 2750,['CWE-189'],"struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id) { return &sctp_hmac_list[hmac_id]; }",linux-2.6,,,290306546532428654175668992186363892496,0 395,[],"pfm_unreserve_session(pfm_context_t *ctx, int is_syswide, unsigned int cpu) { unsigned long flags; LOCK_PFS(flags); DPRINT((""in sys_sessions=%u task_sessions=%u dbregs=%u syswide=%d cpu=%u\n"", pfm_sessions.pfs_sys_sessions, pfm_sessions.pfs_task_sessions, pfm_sessions.pfs_sys_use_dbregs, is_syswide, cpu)); if (is_syswide) { pfm_sessions.pfs_sys_session[cpu] = NULL; if (ctx && ctx->ctx_fl_using_dbreg) { if (pfm_sessions.pfs_sys_use_dbregs == 0) { printk(KERN_ERR ""perfmon: invalid release for ctx %p sys_use_dbregs=0\n"", ctx); } else { pfm_sessions.pfs_sys_use_dbregs--; } } pfm_sessions.pfs_sys_sessions--; } else { pfm_sessions.pfs_task_sessions--; } DPRINT((""out sys_sessions=%u task_sessions=%u dbregs=%u syswide=%d cpu=%u\n"", pfm_sessions.pfs_sys_sessions, pfm_sessions.pfs_task_sessions, pfm_sessions.pfs_sys_use_dbregs, is_syswide, cpu)); if (pfm_sessions.pfs_task_sessions == 0 && pfm_sessions.pfs_sys_sessions == 0) update_pal_halt_status(1); UNLOCK_PFS(flags); return 0; }",linux-2.6,,,192890507037808454522760483338592027642,0 6134,CWE-190,"void ep_mul_dig(ep_t r, const ep_t p, dig_t k) { ep_t t; bn_t _k; int8_t u, naf[RLC_DIG + 1]; int l; ep_null(t); bn_null(_k); if (k == 0 || ep_is_infty(p)) { ep_set_infty(r); return; } RLC_TRY { ep_new(t); bn_new(_k); bn_set_dig(_k, k); l = RLC_DIG + 1; bn_rec_naf(naf, &l, _k, 2); ep_set_infty(t); for (int i = l - 1; i >= 0; i--) { ep_dbl(t, t); u = naf[i]; if (u > 0) { ep_add(t, t, p); } else if (u < 0) { ep_sub(t, t, p); } } ep_norm(r, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { ep_free(t); bn_free(_k); } }",visit repo url,src/ep/relic_ep_mul.c,https://github.com/relic-toolkit/relic,246956027671210,1 2826,[],"static int dio_new_bio(struct dio *dio, sector_t start_sector) { sector_t sector; int ret, nr_pages; ret = dio_bio_reap(dio); if (ret) goto out; sector = start_sector << (dio->blkbits - 9); nr_pages = min(dio->pages_in_io, bio_get_nr_vecs(dio->map_bh.b_bdev)); BUG_ON(nr_pages <= 0); ret = dio_bio_alloc(dio, dio->map_bh.b_bdev, sector, nr_pages); dio->boundary = 0; out: return ret; }",linux-2.6,,,231041248270047874164321565191016777108,0 4577,CWE-476,"GF_Err gf_isom_box_parse_ex(GF_Box **outBox, GF_BitStream *bs, u32 parent_type, Bool is_root_box) { u32 type, uuid_type, hdr_size; u64 size, start, payload_start, end; char uuid[16]; GF_Err e; GF_Box *newBox; Bool skip_logs = gf_bs_get_cookie(bs) ? GF_TRUE : GF_FALSE; Bool is_special = GF_TRUE; if ((bs == NULL) || (outBox == NULL) ) return GF_BAD_PARAM; *outBox = NULL; if (gf_bs_available(bs) < 8) { return GF_ISOM_INCOMPLETE_FILE; } start = gf_bs_get_position(bs); uuid_type = 0; size = (u64) gf_bs_read_u32(bs); hdr_size = 4; if ((size >= 2) && (size <= 4)) { size = 4; type = GF_ISOM_BOX_TYPE_VOID; } else { type = gf_bs_read_u32(bs); hdr_size += 4; if (type == GF_ISOM_BOX_TYPE_TOTL) size = 12; if (!size) { if (is_root_box) { if (!skip_logs) { GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Warning Read Box type %s (0x%08X) size 0 reading till the end of file\n"", gf_4cc_to_str(type), type)); } size = gf_bs_available(bs) + 8; } else { if (!skip_logs) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Read Box type %s (0x%08X) at position ""LLU"" has size 0 but is not at root/file level, skipping\n"", gf_4cc_to_str(type), type, start)); } return GF_OK; } } } memset(uuid, 0, 16); if (type == GF_ISOM_BOX_TYPE_UUID ) { if (gf_bs_available(bs) < 16) { return GF_ISOM_INCOMPLETE_FILE; } gf_bs_read_data(bs, uuid, 16); hdr_size += 16; uuid_type = gf_isom_solve_uuid_box(uuid); } if (size == 1) { if (gf_bs_available(bs) < 8) { return GF_ISOM_INCOMPLETE_FILE; } size = gf_bs_read_u64(bs); hdr_size += 8; } GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Read Box type %s size ""LLD"" start ""LLD""\n"", gf_4cc_to_str(type), LLD_CAST size, LLD_CAST start)); if ( size < hdr_size ) { GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Box size ""LLD"" less than box header size %d\n"", LLD_CAST size, hdr_size)); return GF_ISOM_INVALID_FILE; } if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_TREF)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_REFT); if (!newBox) return GF_OUT_OF_MEM; ((GF_TrackReferenceTypeBox*)newBox)->reference_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_IREF)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_REFI); if (!newBox) return GF_OUT_OF_MEM; ((GF_ItemReferenceTypeBox*)newBox)->reference_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_TRGR)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_TRGT); if (!newBox) return GF_OUT_OF_MEM; ((GF_TrackGroupTypeBox*)newBox)->group_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_GRPL)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_GRPT); if (!newBox) return GF_OUT_OF_MEM; ((GF_EntityToGroupTypeBox*)newBox)->grouping_type = type; } else { is_special = GF_FALSE; newBox = gf_isom_box_new_ex(uuid_type ? uuid_type : type, parent_type, skip_logs, is_root_box); if (!newBox) return GF_OUT_OF_MEM; } if (type==GF_ISOM_BOX_TYPE_UUID && !is_special) { memcpy(((GF_UUIDBox *)newBox)->uuid, uuid, 16); ((GF_UUIDBox *)newBox)->internal_4cc = uuid_type; } if (!newBox->type) newBox->type = type; payload_start = gf_bs_get_position(bs); retry_unknown_box: end = gf_bs_available(bs); if (size - hdr_size > end ) { newBox->size = size - hdr_size - end; *outBox = newBox; return GF_ISOM_INCOMPLETE_FILE; } newBox->size = size - hdr_size; if (newBox->size) { e = gf_isom_full_box_read(newBox, bs); if (!e) e = gf_isom_box_read(newBox, bs); newBox->size = size; end = gf_bs_get_position(bs); } else { newBox->size = size; e = GF_OK; end = gf_bs_get_position(bs); } if (e && (e != GF_ISOM_INCOMPLETE_FILE)) { gf_isom_box_del(newBox); *outBox = NULL; if (parent_type==GF_ISOM_BOX_TYPE_STSD) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_UNKNOWN); ((GF_UnknownBox *)newBox)->original_4cc = type; newBox->size = size; gf_bs_seek(bs, payload_start); goto retry_unknown_box; } if (!skip_logs) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Read Box \""%s\"" (start ""LLU"") failed (%s) - skipping\n"", gf_4cc_to_str(type), start, gf_error_to_string(e))); } return e; } if (end-start > size) { if (!skip_logs) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Box \""%s\"" size ""LLU"" (start ""LLU"") invalid (read ""LLU"")\n"", gf_4cc_to_str(type), LLU_CAST size, start, LLU_CAST (end-start) )); } gf_bs_seek(bs, start+size); } else if (end-start < size) { u32 to_skip = (u32) (size-(end-start)); if (!skip_logs) { if ((to_skip!=4) || gf_bs_peek_bits(bs, 32, 0)) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Box \""%s\"" (start ""LLU"") has %u extra bytes\n"", gf_4cc_to_str(type), start, to_skip)); } } gf_bs_skip_bytes(bs, to_skip); } *outBox = newBox; return e; }",visit repo url,src/isomedia/box_funcs.c,https://github.com/gpac/gpac,167384918219195,1 5725,['CWE-200'],"static int irda_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) { struct sockaddr_irda saddr; struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); memset(&saddr, 0, sizeof(saddr)); if (peer) { if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; saddr.sir_family = AF_IRDA; saddr.sir_lsap_sel = self->dtsap_sel; saddr.sir_addr = self->daddr; } else { saddr.sir_family = AF_IRDA; saddr.sir_lsap_sel = self->stsap_sel; saddr.sir_addr = self->saddr; } IRDA_DEBUG(1, ""%s(), tsap_sel = %#x\n"", __func__, saddr.sir_lsap_sel); IRDA_DEBUG(1, ""%s(), addr = %08x\n"", __func__, saddr.sir_addr); *uaddr_len = sizeof (struct sockaddr_irda); memcpy(uaddr, &saddr, *uaddr_len); return 0; }",linux-2.6,,,340179629490478655838997120725011708348,0 5403,CWE-787,"Bool rfbOptPamAuth(void) { SecTypeData *s; for (s = secTypes; s->name != NULL; s++) { if ((!strcmp(s->name, ""unixlogin"") || !strcmp(&s->name[strlen(s->name) - 5], ""plain"")) && s->enabled) return TRUE; } return FALSE; }",visit repo url,unix/Xvnc/programs/Xserver/hw/vnc/auth.c,https://github.com/TurboVNC/turbovnc,228964697415592,1 1833,CWE-367,"int nfc_dep_link_up(struct nfc_dev *dev, int target_index, u8 comm_mode) { int rc = 0; u8 *gb; size_t gb_len; struct nfc_target *target; pr_debug(""dev_name=%s comm %d\n"", dev_name(&dev->dev), comm_mode); if (!dev->ops->dep_link_up) return -EOPNOTSUPP; device_lock(&dev->dev); if (!device_is_registered(&dev->dev)) { rc = -ENODEV; goto error; } if (dev->dep_link_up == true) { rc = -EALREADY; goto error; } gb = nfc_llcp_general_bytes(dev, &gb_len); if (gb_len > NFC_MAX_GT_LEN) { rc = -EINVAL; goto error; } target = nfc_find_target(dev, target_index); if (target == NULL) { rc = -ENOTCONN; goto error; } rc = dev->ops->dep_link_up(dev, target, comm_mode, gb, gb_len); if (!rc) { dev->active_target = target; dev->rf_mode = NFC_RF_INITIATOR; } error: device_unlock(&dev->dev); return rc; }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,8296087901895,1 5176,CWE-787,"void ocall_malloc(size_t size, uint8_t **ret) { *ret = static_cast(malloc(size)); }",visit repo url,src/enclave/App/App.cpp,https://github.com/ucbrise/opaque,248332280749695,1 5554,[],"finish_stop(int stop_count) { if (tracehook_notify_jctl(stop_count == 0, CLD_STOPPED)) { read_lock(&tasklist_lock); do_notify_parent_cldstop(current, CLD_STOPPED); read_unlock(&tasklist_lock); } do { schedule(); } while (try_to_freeze()); current->exit_code = 0; }",linux-2.6,,,65902749611023574968548174990746507646,0 5894,CWE-125,"ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, uint32_t default_ttl, const ldns_rdf *origin, ldns_rdf **prev, bool question) { ldns_rr *new; const ldns_rr_descriptor *desc; ldns_rr_type rr_type; ldns_buffer *rr_buf = NULL; ldns_buffer *rd_buf = NULL; uint32_t ttl_val; char *owner = NULL; char *ttl = NULL; ldns_rr_class clas_val; char *clas = NULL; char *type = NULL; size_t type_sz; char *rdata = NULL; char *rd = NULL; char *xtok = NULL; size_t rd_strlen; const char *delimiters; ssize_t c; ldns_rdf *owner_dname; const char* endptr; int was_unknown_rr_format = 0; ldns_status status = LDNS_STATUS_OK; bool done; bool quoted; ldns_rdf *r = NULL; uint16_t r_cnt; uint16_t r_min; uint16_t r_max; size_t pre_data_pos; uint16_t hex_data_size; char *hex_data_str = NULL; uint16_t cur_hex_data_size; size_t hex_pos = 0; uint8_t *hex_data = NULL; new = ldns_rr_new(); owner = LDNS_XMALLOC(char, LDNS_MAX_DOMAINLEN + 1); ttl = LDNS_XMALLOC(char, LDNS_TTL_DATALEN); clas = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN); rdata = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN + 1); rr_buf = LDNS_MALLOC(ldns_buffer); rd_buf = LDNS_MALLOC(ldns_buffer); rd = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); xtok = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); if (rr_buf) { rr_buf->_data = NULL; } if (rd_buf) { rd_buf->_data = NULL; } if (!new || !owner || !ttl || !clas || !rdata || !rr_buf || !rd_buf || !rd || !xtok) { goto memerror; } ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str)); if (ldns_bget_token(rr_buf, owner, ""\t\n "", LDNS_MAX_DOMAINLEN) == -1){ status = LDNS_STATUS_SYNTAX_ERR; goto error; } if (ldns_bget_token(rr_buf, ttl, ""\t\n "", LDNS_TTL_DATALEN) == -1) { status = LDNS_STATUS_SYNTAX_TTL_ERR; goto error; } ttl_val = (uint32_t) ldns_str2period(ttl, &endptr); if (strlen(ttl) > 0 && !isdigit((int) ttl[0])) { if (default_ttl == 0) { ttl_val = LDNS_DEFAULT_TTL; } else { ttl_val = default_ttl; } clas_val = ldns_get_rr_class_by_name(ttl); if (clas_val == 0) { clas_val = LDNS_RR_CLASS_IN; type_sz = strlen(ttl) + 1; type = LDNS_XMALLOC(char, type_sz); if (!type) { goto memerror; } strlcpy(type, ttl, type_sz); } } else { if (-1 == ldns_bget_token( rr_buf, clas, ""\t\n "", LDNS_SYNTAX_DATALEN)) { status = LDNS_STATUS_SYNTAX_CLASS_ERR; goto error; } clas_val = ldns_get_rr_class_by_name(clas); if (clas_val == 0) { clas_val = LDNS_RR_CLASS_IN; type_sz = strlen(clas) + 1; type = LDNS_XMALLOC(char, type_sz); if (!type) { goto memerror; } strlcpy(type, clas, type_sz); } } if (!type) { type = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN); if (!type) { goto memerror; } if (-1 == ldns_bget_token( rr_buf, type, ""\t\n "", LDNS_SYNTAX_DATALEN)) { status = LDNS_STATUS_SYNTAX_TYPE_ERR; goto error; } } if (ldns_bget_token(rr_buf, rdata, ""\0"", LDNS_MAX_PACKETLEN) == -1) { } ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata)); if (strlen(owner) <= 1 && strncmp(owner, ""@"", 1) == 0) { if (origin) { ldns_rr_set_owner(new, ldns_rdf_clone(origin)); } else if (prev && *prev) { ldns_rr_set_owner(new, ldns_rdf_clone(*prev)); } else { ldns_rr_set_owner(new, ldns_dname_new_frm_str(""."")); } if (prev) { ldns_rdf_deep_free(*prev); *prev = ldns_rdf_clone(ldns_rr_owner(new)); if (!*prev) { goto memerror; } } } else { if (strlen(owner) == 0) { if (prev && *prev) { ldns_rr_set_owner(new, ldns_rdf_clone(*prev)); } else if (origin) { ldns_rr_set_owner(new, ldns_rdf_clone(origin)); } else { ldns_rr_set_owner(new, ldns_dname_new_frm_str(""."")); } if(!ldns_rr_owner(new)) { goto memerror; } } else { owner_dname = ldns_dname_new_frm_str(owner); if (!owner_dname) { status = LDNS_STATUS_SYNTAX_ERR; goto error; } ldns_rr_set_owner(new, owner_dname); if (!ldns_dname_str_absolute(owner) && origin) { if(ldns_dname_cat(ldns_rr_owner(new), origin) != LDNS_STATUS_OK) { status = LDNS_STATUS_SYNTAX_ERR; goto error; } } if (prev) { ldns_rdf_deep_free(*prev); *prev = ldns_rdf_clone(ldns_rr_owner(new)); if (!*prev) { goto error; } } } } LDNS_FREE(owner); ldns_rr_set_question(new, question); ldns_rr_set_ttl(new, ttl_val); LDNS_FREE(ttl); ldns_rr_set_class(new, clas_val); LDNS_FREE(clas); rr_type = ldns_get_rr_type_by_name(type); LDNS_FREE(type); desc = ldns_rr_descript((uint16_t)rr_type); ldns_rr_set_type(new, rr_type); if (desc) { r_max = ldns_rr_descriptor_maximum(desc); r_min = ldns_rr_descriptor_minimum(desc); } else { r_min = 0; r_max = 1; } for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) { quoted = false; switch (ldns_rr_descriptor_field_type(desc, r_cnt)) { case LDNS_RDF_TYPE_B64 : case LDNS_RDF_TYPE_HEX : case LDNS_RDF_TYPE_LOC : case LDNS_RDF_TYPE_WKS : case LDNS_RDF_TYPE_IPSECKEY : case LDNS_RDF_TYPE_AMTRELAY : case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) { delimiters = ""\n""; break; } default : delimiters = ""\n\t ""; } if (ldns_rdf_type_maybe_quoted( ldns_rr_descriptor_field_type( desc, r_cnt)) && ldns_buffer_remaining(rd_buf) > 0){ while (*(ldns_buffer_current(rd_buf)) == ' ') { ldns_buffer_skip(rd_buf, 1); } if (*(ldns_buffer_current(rd_buf)) == '\""') { delimiters = ""\""\0""; ldns_buffer_skip(rd_buf, 1); quoted = true; } else if (ldns_rr_descriptor_field_type(desc, r_cnt) == LDNS_RDF_TYPE_LONG_STR) { status = LDNS_STATUS_SYNTAX_RDATA_ERR; goto error; } } while (ldns_buffer_position(rd_buf) < ldns_buffer_limit(rd_buf) && *(ldns_buffer_current(rd_buf)) == ' ' && !quoted) { ldns_buffer_skip(rd_buf, 1); } pre_data_pos = ldns_buffer_position(rd_buf); if (-1 == (c = ldns_bget_token( rd_buf, rd, delimiters, LDNS_MAX_RDFLEN))) { done = true; (void)done; break; } rd_strlen = strlen(rd); if (strncmp(rd, ""\\#"", 2) == 0 && !quoted && (rd_strlen == 2 || rd[2]==' ')) { was_unknown_rr_format = 1; ldns_buffer_set_position(rd_buf, pre_data_pos); delimiters = ""\n\t ""; (void)ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN); c = ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN); if (c == -1) { status = LDNS_STATUS_SYNTAX_RDATA_ERR; goto error; } hex_data_size = (uint16_t) atoi(rd); hex_data_str = LDNS_XMALLOC(char, 2*hex_data_size + 1); if (!hex_data_str) { goto memerror; } cur_hex_data_size = 0; while(cur_hex_data_size < 2 * hex_data_size) { c = ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN); if (c == -1) { status = LDNS_STATUS_SYNTAX_RDATA_ERR; goto error; } rd_strlen = strlen(rd); if ((size_t)cur_hex_data_size + rd_strlen > 2 * (size_t)hex_data_size) { status = LDNS_STATUS_SYNTAX_RDATA_ERR; goto error; } strlcpy(hex_data_str + cur_hex_data_size, rd, rd_strlen + 1); cur_hex_data_size += rd_strlen; } hex_data_str[cur_hex_data_size] = '\0'; if (desc) { hex_pos = 0; hex_data = LDNS_XMALLOC(uint8_t, hex_data_size+2); if (!hex_data) { goto memerror; } ldns_write_uint16(hex_data, hex_data_size); ldns_hexstring_to_data( hex_data + 2, hex_data_str); status = ldns_wire2rdf(new, hex_data, hex_data_size + 2, &hex_pos); if (status != LDNS_STATUS_OK) { goto error; } LDNS_FREE(hex_data); } else { r = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_HEX, hex_data_str); if (!r) { goto memerror; } ldns_rdf_set_type(r, LDNS_RDF_TYPE_UNKNOWN); if (!ldns_rr_push_rdf(new, r)) { goto memerror; } } LDNS_FREE(hex_data_str); } else if(rd_strlen > 0 || quoted) { switch(ldns_rr_descriptor_field_type(desc, r_cnt)) { case LDNS_RDF_TYPE_HEX: case LDNS_RDF_TYPE_B64: if (r_cnt == r_max - 1) { c = ldns_bget_token(rd_buf, xtok, ""\n"", LDNS_MAX_RDFLEN); if (c != -1) { (void) strncat(rd, xtok, LDNS_MAX_RDFLEN - strlen(rd) - 1); } } r = ldns_rdf_new_frm_str( ldns_rr_descriptor_field_type( desc, r_cnt), rd); break; case LDNS_RDF_TYPE_HIP: do { if (ldns_bget_token(rd_buf, xtok, delimiters, LDNS_MAX_RDFLEN) == -1) break; (void) strncat(rd, "" "", LDNS_MAX_RDFLEN - strlen(rd) - 1); (void) strncat(rd, xtok, LDNS_MAX_RDFLEN - strlen(rd) - 1); if (ldns_bget_token(rd_buf, xtok, delimiters, LDNS_MAX_RDFLEN) == -1) break; (void) strncat(rd, "" "", LDNS_MAX_RDFLEN - strlen(rd) - 1); (void) strncat(rd, xtok, LDNS_MAX_RDFLEN - strlen(rd) - 1); } while (false); r = ldns_rdf_new_frm_str( ldns_rr_descriptor_field_type( desc, r_cnt), rd); break; case LDNS_RDF_TYPE_DNAME: r = ldns_rdf_new_frm_str( ldns_rr_descriptor_field_type( desc, r_cnt), rd); if (r && ldns_rdf_size(r) > 1 && ldns_rdf_data(r)[0] == 1 && ldns_rdf_data(r)[1] == '@') { ldns_rdf_deep_free(r); r = origin ? ldns_rdf_clone(origin) : ( rr_type == LDNS_RR_TYPE_SOA ? ldns_rdf_clone( ldns_rr_owner(new)) : ldns_rdf_new_frm_str( LDNS_RDF_TYPE_DNAME, ""."") ); } else if (r && rd_strlen >= 1 && origin && !ldns_dname_str_absolute(rd)) { status = ldns_dname_cat(r, origin); if (status != LDNS_STATUS_OK) { goto error; } } break; default: r = ldns_rdf_new_frm_str( ldns_rr_descriptor_field_type( desc, r_cnt), rd); break; } if (!r) { status = LDNS_STATUS_SYNTAX_RDATA_ERR; goto error; } ldns_rr_push_rdf(new, r); } if (quoted) { if (ldns_buffer_available(rd_buf, 1)) { ldns_buffer_skip(rd_buf, 1); } else { done = true; } } } LDNS_FREE(rd); LDNS_FREE(xtok); ldns_buffer_free(rr_buf); LDNS_FREE(rdata); if (ldns_buffer_remaining(rd_buf) > 0) { ldns_buffer_free(rd_buf); ldns_rr_free(new); return LDNS_STATUS_SYNTAX_SUPERFLUOUS_TEXT_ERR; } ldns_buffer_free(rd_buf); if (!question && desc && !was_unknown_rr_format && ldns_rr_rd_count(new) < r_min) { ldns_rr_free(new); return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; } if (newrr) { *newrr = new; } else { ldns_rr_free(new); } return LDNS_STATUS_OK; memerror: status = LDNS_STATUS_MEM_ERR; error: if (rd_buf && rd_buf->_data) { ldns_buffer_free(rd_buf); } else { LDNS_FREE(rd_buf); } if (rr_buf && rr_buf->_data) { ldns_buffer_free(rr_buf); } else { LDNS_FREE(rr_buf); } LDNS_FREE(type); LDNS_FREE(owner); LDNS_FREE(ttl); LDNS_FREE(clas); LDNS_FREE(hex_data); LDNS_FREE(hex_data_str); LDNS_FREE(xtok); LDNS_FREE(rd); LDNS_FREE(rdata); ldns_rr_free(new); return status; }",visit repo url,rr.c,https://github.com/NLnetLabs/ldns,234490041849632,1 254,CWE-264,"static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct inet_sock *inet = inet_sk(sk); struct sockaddr_l2tpip *addr = (struct sockaddr_l2tpip *) uaddr; struct net *net = sock_net(sk); int ret; int chk_addr_ret; if (!sock_flag(sk, SOCK_ZAPPED)) return -EINVAL; if (addr_len < sizeof(struct sockaddr_l2tpip)) return -EINVAL; if (addr->l2tp_family != AF_INET) return -EINVAL; ret = -EADDRINUSE; read_lock_bh(&l2tp_ip_lock); if (__l2tp_ip_bind_lookup(net, addr->l2tp_addr.s_addr, sk->sk_bound_dev_if, addr->l2tp_conn_id)) goto out_in_use; read_unlock_bh(&l2tp_ip_lock); lock_sock(sk); if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_l2tpip)) goto out; chk_addr_ret = inet_addr_type(net, addr->l2tp_addr.s_addr); ret = -EADDRNOTAVAIL; if (addr->l2tp_addr.s_addr && chk_addr_ret != RTN_LOCAL && chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST) goto out; if (addr->l2tp_addr.s_addr) inet->inet_rcv_saddr = inet->inet_saddr = addr->l2tp_addr.s_addr; if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST) inet->inet_saddr = 0; sk_dst_reset(sk); l2tp_ip_sk(sk)->conn_id = addr->l2tp_conn_id; write_lock_bh(&l2tp_ip_lock); sk_add_bind_node(sk, &l2tp_ip_bind_table); sk_del_node_init(sk); write_unlock_bh(&l2tp_ip_lock); ret = 0; sock_reset_flag(sk, SOCK_ZAPPED); out: release_sock(sk); return ret; out_in_use: read_unlock_bh(&l2tp_ip_lock); return ret; }",visit repo url,net/l2tp/l2tp_ip.c,https://github.com/torvalds/linux,96348929524646,1 5006,CWE-119,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 886,CWE-20,"static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr = msg->msg_name; int copied = 0; int check_creds = 0; int target; int err = 0; long timeo; int skip; err = -EINVAL; if (sk->sk_state != TCP_ESTABLISHED) goto out; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); msg->msg_namelen = 0; if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(timeo); goto out; } do { int chunk; struct sk_buff *skb, *last; unix_state_lock(sk); last = skb = skb_peek(&sk->sk_receive_queue); again: if (skb == NULL) { unix_sk(sk)->recursion_level = 0; if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; unix_state_unlock(sk); err = -EAGAIN; if (!timeo) break; mutex_unlock(&u->readlock); timeo = unix_stream_data_wait(sk, timeo, last); if (signal_pending(current) || mutex_lock_interruptible(&u->readlock)) { err = sock_intr_errno(timeo); goto out; } continue; unlock: unix_state_unlock(sk); break; } skip = sk_peek_offset(sk, flags); while (skip >= unix_skb_len(skb)) { skip -= unix_skb_len(skb); last = skb; skb = skb_peek_next(skb, &sk->sk_receive_queue); if (!skb) goto again; } unix_state_unlock(sk); if (check_creds) { if ((UNIXCB(skb).pid != siocb->scm->pid) || !uid_eq(UNIXCB(skb).uid, siocb->scm->creds.uid) || !gid_eq(UNIXCB(skb).gid, siocb->scm->creds.gid)) break; } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); check_creds = 1; } if (sunaddr) { unix_copy_addr(msg, skb->sk); sunaddr = NULL; } chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); if (skb_copy_datagram_iovec(skb, UNIXCB(skb).consumed + skip, msg->msg_iov, chunk)) { if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { UNIXCB(skb).consumed += chunk; sk_peek_offset_bwd(sk, chunk); if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); if (unix_skb_len(skb)) break; skb_unlink(skb, &sk->sk_receive_queue); consume_skb(skb); if (siocb->scm->fp) break; } else { if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); sk_peek_offset_fwd(sk, chunk); break; } } while (size); mutex_unlock(&u->readlock); scm_recv(sock, msg, siocb->scm, flags); out: return copied ? : err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,252330469564730,1 1360,CWE-362,"static int ext4_split_unwritten_extents(handle_t *handle, struct inode *inode, struct ext4_map_blocks *map, struct ext4_ext_path *path, int flags) { ext4_lblk_t eof_block; ext4_lblk_t ee_block; struct ext4_extent *ex; unsigned int ee_len; int split_flag = 0, depth; ext_debug(""ext4_split_unwritten_extents: inode %lu, logical"" ""block %llu, max_blocks %u\n"", inode->i_ino, (unsigned long long)map->m_lblk, map->m_len); eof_block = (inode->i_size + inode->i_sb->s_blocksize - 1) >> inode->i_sb->s_blocksize_bits; if (eof_block < map->m_lblk + map->m_len) eof_block = map->m_lblk + map->m_len; depth = ext_depth(inode); ex = path[depth].p_ext; ee_block = le32_to_cpu(ex->ee_block); ee_len = ext4_ext_get_actual_len(ex); split_flag |= ee_block + ee_len <= eof_block ? EXT4_EXT_MAY_ZEROOUT : 0; split_flag |= EXT4_EXT_MARK_UNINIT2; flags |= EXT4_GET_BLOCKS_PRE_IO; return ext4_split_extent(handle, inode, path, map, split_flag, flags); }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,264834657851102,1 6700,CWE-90,"errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, const char *input, char **sanitized) { return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL); }",visit repo url,src/util/util.c,https://github.com/SSSD/sssd,215138502274303,1 1430,CWE-20,"static struct block_device *ext3_blkdev_get(dev_t dev, struct super_block *sb) { struct block_device *bdev; char b[BDEVNAME_SIZE]; bdev = blkdev_get_by_dev(dev, FMODE_READ|FMODE_WRITE|FMODE_EXCL, sb); if (IS_ERR(bdev)) goto fail; return bdev; fail: ext3_msg(sb, ""error: failed to open journal device %s: %ld"", __bdevname(dev, b), PTR_ERR(bdev)); return NULL; }",visit repo url,fs/ext3/super.c,https://github.com/torvalds/linux,35810821483176,1 1290,[],"produce_frozen_state (const char *name) { FILE *file; int h; symbol *sym; const builtin *bp; if (file = fopen (name, O_BINARY ? ""wb"" : ""w""), !file) { M4ERROR ((warning_status, errno, ""%s"", name)); return; } xfprintf (file, ""# This is a frozen state file generated by %s\n"", PACKAGE_STRING); xfprintf (file, ""V1\n""); if (strcmp (lquote.string, DEF_LQUOTE) || strcmp (rquote.string, DEF_RQUOTE)) { xfprintf (file, ""Q%d,%d\n"", (int) lquote.length, (int) rquote.length); fputs (lquote.string, file); fputs (rquote.string, file); fputc ('\n', file); } if (strcmp (bcomm.string, DEF_BCOMM) || strcmp (ecomm.string, DEF_ECOMM)) { xfprintf (file, ""C%d,%d\n"", (int) bcomm.length, (int) ecomm.length); fputs (bcomm.string, file); fputs (ecomm.string, file); fputc ('\n', file); } for (h = 0; h < hash_table_size; h++) { symtab[h] = reverse_symbol_list (symtab[h]); for (sym = symtab[h]; sym; sym = SYMBOL_NEXT (sym)) { switch (SYMBOL_TYPE (sym)) { case TOKEN_TEXT: xfprintf (file, ""T%d,%d\n"", (int) strlen (SYMBOL_NAME (sym)), (int) strlen (SYMBOL_TEXT (sym))); fputs (SYMBOL_NAME (sym), file); fputs (SYMBOL_TEXT (sym), file); fputc ('\n', file); break; case TOKEN_FUNC: bp = find_builtin_by_addr (SYMBOL_FUNC (sym)); if (bp == NULL) { M4ERROR ((warning_status, 0, ""\ INTERNAL ERROR: builtin not found in builtin table!"")); abort (); } xfprintf (file, ""F%d,%d\n"", (int) strlen (SYMBOL_NAME (sym)), (int) strlen (bp->name)); fputs (SYMBOL_NAME (sym), file); fputs (bp->name, file); fputc ('\n', file); break; case TOKEN_VOID: break; default: M4ERROR ((warning_status, 0, ""\ INTERNAL ERROR: bad token data type in freeze_one_symbol ()"")); abort (); break; } } symtab[h] = reverse_symbol_list (symtab[h]); } freeze_diversions (file); fputs (""# End of frozen state file\n"", file); if (close_stream (file) != 0) M4ERROR ((EXIT_FAILURE, errno, ""unable to create frozen state"")); }",m4,,,262299427790479934435622892960652054618,0 3250,CWE-125,"print_attr_string(netdissect_options *ndo, register const u_char *data, u_int length, u_short attr_code) { register u_int i; ND_TCHECK2(data[0],length); switch(attr_code) { case TUNNEL_PASS: if (length < 3) { ND_PRINT((ndo, ""%s"", tstr)); return; } if (*data && (*data <=0x1F) ) ND_PRINT((ndo, ""Tag[%u] "", *data)); else ND_PRINT((ndo, ""Tag[Unused] "")); data++; length--; ND_PRINT((ndo, ""Salt %u "", EXTRACT_16BITS(data))); data+=2; length-=2; break; case TUNNEL_CLIENT_END: case TUNNEL_SERVER_END: case TUNNEL_PRIV_GROUP: case TUNNEL_ASSIGN_ID: case TUNNEL_CLIENT_AUTH: case TUNNEL_SERVER_AUTH: if (*data <= 0x1F) { if (length < 1) { ND_PRINT((ndo, ""%s"", tstr)); return; } if (*data) ND_PRINT((ndo, ""Tag[%u] "", *data)); else ND_PRINT((ndo, ""Tag[Unused] "")); data++; length--; } break; case EGRESS_VLAN_NAME: ND_PRINT((ndo, ""%s (0x%02x) "", tok2str(rfc4675_tagged,""Unknown tag"",*data), *data)); data++; length--; break; } for (i=0; *data && i < length ; i++, data++) ND_PRINT((ndo, ""%c"", (*data < 32 || *data > 126) ? '.' : *data)); return; trunc: ND_PRINT((ndo, ""%s"", tstr)); }",visit repo url,print-radius.c,https://github.com/the-tcpdump-group/tcpdump,84437884153129,1 5892,CWE-787,"search_impl(i_ctx_t *i_ctx_p, bool forward) { os_ptr op = osp; os_ptr op1 = op - 1; uint size = r_size(op); uint count; byte *pat; byte *ptr; byte ch; int incr = forward ? 1 : -1; check_read_type(*op1, t_string); check_read_type(*op, t_string); if (size > r_size(op1)) { make_false(op); return 0; } count = r_size(op1) - size; ptr = op1->value.bytes; if (size == 0) goto found; if (!forward) ptr += count; pat = op->value.bytes; ch = pat[0]; do { if (*ptr == ch && (size == 1 || !memcmp(ptr, pat, size))) goto found; ptr += incr; } while (count--); make_false(op); return 0; found: op->tas.type_attrs = op1->tas.type_attrs; op->value.bytes = ptr; r_set_size(op, size); push(2); op[-1] = *op1; r_set_size(op - 1, ptr - op[-1].value.bytes); op1->value.bytes = ptr + size; r_set_size(op1, count + (!forward ? (size - 1) : 0)); make_true(op); return 0; }",visit repo url,psi/zstring.c,https://github.com/ArtifexSoftware/ghostpdl,122497952576071,1 5584,[],"static int sigkill_pending(struct task_struct *tsk) { return sigismember(&tsk->pending.signal, SIGKILL) || sigismember(&tsk->signal->shared_pending.signal, SIGKILL); }",linux-2.6,,,240992802044017468621395170375287326120,0 852,CWE-20,"SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, unsigned int, flags, struct sockaddr __user *, addr, int __user *, addr_len) { struct socket *sock; struct iovec iov; struct msghdr msg; struct sockaddr_storage address; int err, err2; int fput_needed; if (size > INT_MAX) size = INT_MAX; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_iovlen = 1; msg.msg_iov = &iov; iov.iov_len = size; iov.iov_base = ubuf; msg.msg_name = (struct sockaddr *)&address; msg.msg_namelen = sizeof(address); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = sock_recvmsg(sock, &msg, size, flags); if (err >= 0 && addr != NULL) { err2 = move_addr_to_user(&address, msg.msg_namelen, addr, addr_len); if (err2 < 0) err = err2; } fput_light(sock->file, fput_needed); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,89843130858034,1 57,['CWE-787'],"static void cirrus_linear_bitblt_writel(void *opaque, target_phys_addr_t addr, uint32_t val) { #ifdef TARGET_WORDS_BIGENDIAN cirrus_linear_bitblt_writeb(opaque, addr, (val >> 24) & 0xff); cirrus_linear_bitblt_writeb(opaque, addr + 1, (val >> 16) & 0xff); cirrus_linear_bitblt_writeb(opaque, addr + 2, (val >> 8) & 0xff); cirrus_linear_bitblt_writeb(opaque, addr + 3, val & 0xff); #else cirrus_linear_bitblt_writeb(opaque, addr, val & 0xff); cirrus_linear_bitblt_writeb(opaque, addr + 1, (val >> 8) & 0xff); cirrus_linear_bitblt_writeb(opaque, addr + 2, (val >> 16) & 0xff); cirrus_linear_bitblt_writeb(opaque, addr + 3, (val >> 24) & 0xff); #endif }",qemu,,,174694787130787510114399877962672170426,0 743,CWE-20,"int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, struct sockaddr_storage *kern_address, int mode) { int tot_len; if (kern_msg->msg_namelen) { if (mode == VERIFY_READ) { int err = move_addr_to_kernel(kern_msg->msg_name, kern_msg->msg_namelen, kern_address); if (err < 0) return err; } kern_msg->msg_name = kern_address; } else kern_msg->msg_name = NULL; tot_len = iov_from_user_compat_to_kern(kern_iov, (struct compat_iovec __user *)kern_msg->msg_iov, kern_msg->msg_iovlen); if (tot_len >= 0) kern_msg->msg_iov = kern_iov; return tot_len; }",visit repo url,net/compat.c,https://github.com/torvalds/linux,209053982154124,1 2972,['CWE-189'],"jas_image_fmtinfo_t *jas_image_lookupfmtbyname(const char *name) { int i; jas_image_fmtinfo_t *fmtinfo; for (i = 0, fmtinfo = jas_image_fmtinfos; i < jas_image_numfmts; ++i, ++fmtinfo) { if (!strcmp(fmtinfo->name, name)) { return fmtinfo; } } return 0; }",jasper,,,270059074890946628750655905667440040016,0 1025,['CWE-20'],"asmlinkage long sys_getsid(pid_t pid) { if (!pid) return process_session(current); else { int retval; struct task_struct *p; read_lock(&tasklist_lock); p = find_task_by_pid(pid); retval = -ESRCH; if (p) { retval = security_task_getsid(p); if (!retval) retval = process_session(p); } read_unlock(&tasklist_lock); return retval; } }",linux-2.6,,,264765832069728698732470539007109385953,0 6219,['CWE-200'],"static int rtnetlink_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, int type, u32 pid, u32 seq, u32 change, unsigned int flags) { struct ifinfomsg *r; struct nlmsghdr *nlh; unsigned char *b = skb->tail; nlh = NLMSG_NEW(skb, pid, seq, type, sizeof(*r), flags); r = NLMSG_DATA(nlh); r->ifi_family = AF_UNSPEC; r->__ifi_pad = 0; r->ifi_type = dev->type; r->ifi_index = dev->ifindex; r->ifi_flags = dev_get_flags(dev); r->ifi_change = change; RTA_PUT(skb, IFLA_IFNAME, strlen(dev->name)+1, dev->name); if (1) { u32 txqlen = dev->tx_queue_len; RTA_PUT(skb, IFLA_TXQLEN, sizeof(txqlen), &txqlen); } if (1) { u32 weight = dev->weight; RTA_PUT(skb, IFLA_WEIGHT, sizeof(weight), &weight); } if (1) { struct rtnl_link_ifmap map = { .mem_start = dev->mem_start, .mem_end = dev->mem_end, .base_addr = dev->base_addr, .irq = dev->irq, .dma = dev->dma, .port = dev->if_port, }; RTA_PUT(skb, IFLA_MAP, sizeof(map), &map); } if (dev->addr_len) { RTA_PUT(skb, IFLA_ADDRESS, dev->addr_len, dev->dev_addr); RTA_PUT(skb, IFLA_BROADCAST, dev->addr_len, dev->broadcast); } if (1) { u32 mtu = dev->mtu; RTA_PUT(skb, IFLA_MTU, sizeof(mtu), &mtu); } if (dev->ifindex != dev->iflink) { u32 iflink = dev->iflink; RTA_PUT(skb, IFLA_LINK, sizeof(iflink), &iflink); } if (dev->qdisc_sleeping) RTA_PUT(skb, IFLA_QDISC, strlen(dev->qdisc_sleeping->ops->id) + 1, dev->qdisc_sleeping->ops->id); if (dev->master) { u32 master = dev->master->ifindex; RTA_PUT(skb, IFLA_MASTER, sizeof(master), &master); } if (dev->get_stats) { unsigned long *stats = (unsigned long*)dev->get_stats(dev); if (stats) { struct rtattr *a; __u32 *s; int i; int n = sizeof(struct rtnl_link_stats)/4; a = __RTA_PUT(skb, IFLA_STATS, n*4); s = RTA_DATA(a); for (i=0; inlmsg_len = skb->tail - b; return skb->len; nlmsg_failure: rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,76898825001424212848200316724368008957,0 6339,CWE-190,"void appendCommand(client *c) { size_t totlen; robj *o, *append; o = lookupKeyWrite(c->db,c->argv[1]); if (o == NULL) { c->argv[2] = tryObjectEncoding(c->argv[2]); dbAdd(c->db,c->argv[1],c->argv[2]); incrRefCount(c->argv[2]); totlen = stringObjectLen(c->argv[2]); } else { if (checkType(c,o,OBJ_STRING)) return; append = c->argv[2]; totlen = stringObjectLen(o)+sdslen(append->ptr); if (checkStringLength(c,totlen) != C_OK) return; o = dbUnshareStringValue(c->db,c->argv[1],o); o->ptr = sdscatlen(o->ptr,append->ptr,sdslen(append->ptr)); totlen = sdslen(o->ptr); } signalModifiedKey(c,c->db,c->argv[1]); notifyKeyspaceEvent(NOTIFY_STRING,""append"",c->argv[1],c->db->id); server.dirty++; addReplyLongLong(c,totlen); }",visit repo url,src/t_string.c,https://github.com/redis/redis,74078823122047,1 5198,['CWE-20'],"static void allocate_vpid(struct vcpu_vmx *vmx) { int vpid; vmx->vpid = 0; if (!enable_vpid || !cpu_has_vmx_vpid()) return; spin_lock(&vmx_vpid_lock); vpid = find_first_zero_bit(vmx_vpid_bitmap, VMX_NR_VPIDS); if (vpid < VMX_NR_VPIDS) { vmx->vpid = vpid; __set_bit(vpid, vmx_vpid_bitmap); } spin_unlock(&vmx_vpid_lock); }",linux-2.6,,,46607016675392445237471465275328753503,0 6758,CWE-121,"gpointer parse_commands(gpointer user_data) { fflush(stdout); char buf[BUFSIZE]; while (1) { printf(""> ""); fflush(stdout); scanf(""%s"", buf); if (strcmp(buf, ""stop"") == 0) { cpdbDeleteFrontendObj(f); g_message(""Stopping front end..\n""); exit(0); } else if (strcmp(buf, ""restart"") == 0) { cpdbDisconnectFromDBus(f); cpdbConnectToDBus(f); } else if (strcmp(buf, ""hide-remote"") == 0) { cpdbHideRemotePrinters(f); g_message(""Hiding remote printers discovered by the backend..\n""); } else if (strcmp(buf, ""unhide-remote"") == 0) { cpdbUnhideRemotePrinters(f); g_message(""Unhiding remote printers discovered by the backend..\n""); } else if (strcmp(buf, ""hide-temporary"") == 0) { cpdbHideTemporaryPrinters(f); g_message(""Hiding remote printers discovered by the backend..\n""); } else if (strcmp(buf, ""unhide-temporary"") == 0) { cpdbUnhideTemporaryPrinters(f); g_message(""Unhiding remote printers discovered by the backend..\n""); } else if (strcmp(buf, ""get-all-options"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); g_message(""Getting all attributes ..\n""); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); if(p == NULL) continue; cpdb_options_t *opts = cpdbGetAllOptions(p); printf(""Retrieved %d options.\n"", opts->count); GHashTableIter iter; gpointer value; g_hash_table_iter_init(&iter, opts->table); while (g_hash_table_iter_next(&iter, NULL, &value)) { printOption(value); } } else if (strcmp(buf, ""get-all-media"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); g_message(""Getting all attributes ..\n""); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); if(p == NULL) continue; cpdb_options_t *opts = cpdbGetAllOptions(p); printf(""Retrieved %d medias.\n"", opts->media_count); GHashTableIter iter; gpointer value; g_hash_table_iter_init(&iter, opts->media); while (g_hash_table_iter_next(&iter, NULL, &value)) { printMedia(value); } } else if (strcmp(buf, ""get-default"") == 0) { char printer_id[BUFSIZE], backend_name[BUFSIZE], option_name[BUFSIZE]; scanf(""%s%s%s"", option_name, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); char *ans = cpdbGetDefault(p, option_name); if (!ans) printf(""cpdb_option_t %s doesn't exist."", option_name); else printf(""Default : %s\n"", ans); } else if (strcmp(buf, ""get-setting"") == 0) { char printer_id[BUFSIZE], backend_name[BUFSIZE], setting_name[BUFSIZE]; scanf(""%s%s%s"", setting_name, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); char *ans = cpdbGetSetting(p, setting_name); if (!ans) printf(""Setting %s doesn't exist.\n"", setting_name); else printf(""Setting value : %s\n"", ans); } else if (strcmp(buf, ""get-current"") == 0) { char printer_id[BUFSIZE], backend_name[BUFSIZE], option_name[BUFSIZE]; scanf(""%s%s%s"", option_name, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); char *ans = cpdbGetCurrent(p, option_name); if (!ans) printf(""cpdb_option_t %s doesn't exist."", option_name); else printf(""Current value : %s\n"", ans); } else if (strcmp(buf, ""add-setting"") == 0) { char printer_id[BUFSIZE], backend_name[BUFSIZE], option_name[BUFSIZE], option_val[BUFSIZE]; scanf(""%s %s %s %s"", option_name, option_val, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); printf(""%s : %s\n"", option_name, option_val); cpdbAddSettingToPrinter(p, cpdbGetStringCopy(option_name), cpdbGetStringCopy(option_val)); } else if (strcmp(buf, ""clear-setting"") == 0) { char printer_id[BUFSIZE], backend_name[BUFSIZE], option_name[BUFSIZE]; scanf(""%s%s%s"", option_name, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); cpdbClearSettingFromPrinter(p, option_name); } else if (strcmp(buf, ""get-state"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); printf(""%s\n"", cpdbGetState(p)); } else if (strcmp(buf, ""is-accepting-jobs"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); printf(""Accepting jobs ? : %d \n"", cpdbIsAcceptingJobs(p)); } else if (strcmp(buf, ""help"") == 0) { display_help(); } else if (strcmp(buf, ""ping"") == 0) { char printer_id[BUFSIZE], backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); print_backend_call_ping_sync(p->backend_proxy, p->id, NULL, NULL); } else if (strcmp(buf, ""get-default-printer"") == 0) { cpdb_printer_obj_t *p = cpdbGetDefaultPrinter(f); if (p) printf(""%s#%s\n"", p->name, p->backend_name); else printf(""No default printer found\n""); } else if (strcmp(buf, ""get-default-printer-for-backend"") == 0) { char backend_name[BUFSIZE]; scanf(""%s"", backend_name); cpdb_printer_obj_t *p = cpdbGetDefaultPrinterForBackend(f, backend_name); printf(""%s\n"", p->name); } else if (strcmp(buf, ""set-user-default-printer"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); if (p) { if (cpdbSetUserDefaultPrinter(p)) printf(""Set printer as user default\n""); else printf(""Couldn't set printer as user default\n""); } } else if (strcmp(buf, ""set-system-default-printer"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); if (p) { if (cpdbSetSystemDefaultPrinter(p)) printf(""Set printer as system default\n""); else printf(""Couldn't set printer as system default\n""); } } else if (strcmp(buf, ""print-file"") == 0) { char printer_id[BUFSIZE], backend_name[BUFSIZE], file_path[BUFSIZE]; scanf(""%s%s%s"", file_path, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); if(strcmp(backend_name, ""FILE"") == 0) { char final_file_path[BUFSIZE]; printf(""Please give the final file path: ""); scanf(""%s"", final_file_path); cpdbPrintFilePath(p, file_path, final_file_path); continue; } cpdbAddSettingToPrinter(p, ""copies"", ""3""); cpdbPrintFile(p, file_path); } else if (strcmp(buf, ""get-active-jobs-count"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); printf(""%d jobs currently active.\n"", cpdbGetActiveJobsCount(p)); } else if (strcmp(buf, ""get-all-jobs"") == 0) { int active_only; scanf(""%d"", &active_only); cpdb_job_t *j; int x = cpdbGetAllJobs(f, &j, active_only); printf(""Total %d jobs\n"", x); int i; for (i = 0; i < x; i++) { printf(""%s .. %s .. %s .. %s .. %s\n"", j[i].job_id, j[i].title, j[i].printer_id, j[i].state, j[i].submitted_at); } } else if (strcmp(buf, ""cancel-job"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; char job_id[BUFSIZE]; scanf(""%s%s%s"", job_id, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); if (cpdbCancelJob(p, job_id)) printf(""cpdb_job_t %s has been cancelled.\n"", job_id); else printf(""Unable to cancel job %s\n"", job_id); } else if (strcmp(buf, ""pickle-printer"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; char job_id[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); cpdbPicklePrinterToFile(p, ""/tmp/.printer-pickle"", f); } else if (strcmp(buf, ""get-option-translation"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; char option_name[BUFSIZE]; scanf(""%s%s%s"", option_name, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); printf(""%s\n"", cpdbGetOptionTranslation(p, option_name, locale)); } else if (strcmp(buf, ""get-choice-translation"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; char option_name[BUFSIZE]; char choice_name[BUFSIZE]; scanf(""%s%s%s%s"", option_name, choice_name, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); printf(""%s\n"", cpdbGetChoiceTranslation(p, option_name, choice_name, locale)); } else if (strcmp(buf, ""get-group-translation"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; char group_name[BUFSIZE]; scanf(""%s%s%s"", group_name, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); printf(""%s\n"", cpdbGetGroupTranslation(p, group_name, locale)); } else if (strcmp(buf, ""get-all-translations"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); cpdbGetAllTranslations(p, locale); printTranslations(p); } else if (strcmp(buf, ""get-media-size"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; char media[BUFSIZE]; int width, length; scanf(""%s%s%s"", media, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); int ok = cpdbGetMediaSize(p, media, &width, &length); if (ok) printf(""%dx%d\n"", width, length); } else if (strcmp(buf, ""get-media-margins"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; char media[BUFSIZE]; scanf(""%s%s%s"", media, printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); cpdb_margin_t *margins; int num_margins = cpdbGetMediaMargins(p, media, &margins); for (int i = 0; i < num_margins; i++) printf(""%d %d %d %d\n"", margins[i].left, margins[i].right, margins[i].top, margins[i].bottom); } else if (strcmp(buf, ""acquire-details"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); if(p == NULL) continue; g_message(""Acquiring printer details asynchronously...\n""); cpdbAcquireDetails(p, acquire_details_callback, NULL); } else if (strcmp(buf, ""acquire-translations"") == 0) { char printer_id[BUFSIZE]; char backend_name[BUFSIZE]; scanf(""%s%s"", printer_id, backend_name); cpdb_printer_obj_t *p = cpdbFindPrinterObj(f, printer_id, backend_name); if(p == NULL) continue; g_message(""Acquiring printer translations asynchronously...\n""); cpdbAcquireTranslations(p, locale, acquire_translations_callback, NULL); } } }",visit repo url,tools/cpdb-text-frontend.c,https://github.com/OpenPrinting/cpdb-libs,186275236076432,1 5685,['CWE-476'],"static int udp_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags) { struct udp_sock *up = udp_sk(sk); int ret; if (!up->pending) { struct msghdr msg = { .msg_flags = flags|MSG_MORE }; ret = udp_sendmsg(NULL, sk, &msg, 0); if (ret < 0) return ret; } lock_sock(sk); if (unlikely(!up->pending)) { release_sock(sk); LIMIT_NETDEBUG(KERN_DEBUG ""udp cork app bug 3\n""); return -EINVAL; } ret = ip_append_page(sk, page, offset, size, flags); if (ret == -EOPNOTSUPP) { release_sock(sk); return sock_no_sendpage(sk->sk_socket, page, offset, size, flags); } if (ret < 0) { udp_flush_pending_frames(sk); goto out; } up->len += size; if (!(up->corkflag || (flags&MSG_MORE))) ret = udp_push_pending_frames(sk, up); if (!ret) ret = size; out: release_sock(sk); return ret; }",linux-2.6,,,54860591699040357830182329901576533978,0 4533,CWE-122,"void gf_isom_check_position(GF_Box *s, GF_Box *child, u32 *pos) { if (!s || !s->child_boxes || !child || !pos) return; if (s->internal_flags & GF_ISOM_ORDER_FREEZE) return; s32 cur_pos = gf_list_find(s->child_boxes, child); if (cur_pos < 0) return; if (cur_pos != (s32) *pos) { gf_list_del_item(s->child_boxes, child); gf_list_insert(s->child_boxes, child, *pos); } (*pos)++;",visit repo url,src/isomedia/box_funcs.c,https://github.com/gpac/gpac,70747931783263,1 1562,[],"static inline void prepare_lock_switch(struct rq *rq, struct task_struct *next) { #ifdef CONFIG_SMP next->oncpu = 1; #endif #ifdef __ARCH_WANT_INTERRUPTS_ON_CTXSW spin_unlock_irq(&rq->lock); #else spin_unlock(&rq->lock); #endif }",linux-2.6,,,235442157320106116568960981966674958783,0 4828,CWE-119,"int sc_file_set_sec_attr(sc_file_t *file, const u8 *sec_attr, size_t sec_attr_len) { u8 *tmp; if (!sc_file_valid(file)) { return SC_ERROR_INVALID_ARGUMENTS; } if (sec_attr == NULL) { if (file->sec_attr != NULL) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return 0; } tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); if (!tmp) { if (file->sec_attr) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; return 0; }",visit repo url,src/libopensc/sc.c,https://github.com/OpenSC/OpenSC,171861329616562,1 2892,CWE-119,"PredictorEncodeTile(TIFF* tif, uint8* bp0, tmsize_t cc0, uint16 s) { static const char module[] = ""PredictorEncodeTile""; TIFFPredictorState *sp = PredictorState(tif); uint8 *working_copy; tmsize_t cc = cc0, rowsize; unsigned char* bp; int result_code; assert(sp != NULL); assert(sp->encodepfunc != NULL); assert(sp->encodetile != NULL); working_copy = (uint8*) _TIFFmalloc(cc0); if( working_copy == NULL ) { TIFFErrorExt(tif->tif_clientdata, module, ""Out of memory allocating "" TIFF_SSIZE_FORMAT "" byte temp buffer."", cc0 ); return 0; } memcpy( working_copy, bp0, cc0 ); bp = working_copy; rowsize = sp->rowsize; assert(rowsize > 0); assert((cc0%rowsize)==0); while (cc > 0) { (*sp->encodepfunc)(tif, bp, rowsize); cc -= rowsize; bp += rowsize; } result_code = (*sp->encodetile)(tif, working_copy, cc0, s); _TIFFfree( working_copy ); return result_code; }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,13827436236530,1 3029,['CWE-189'],"static int jas_icctxt_copy(jas_iccattrval_t *attrval, jas_iccattrval_t *othattrval) { jas_icctxt_t *txt = &attrval->data.txt; jas_icctxt_t *othtxt = &othattrval->data.txt; if (!(txt->string = jas_strdup(othtxt->string))) return -1; return 0; }",jasper,,,188016119674362033399462639130017946981,0 5375,['CWE-476'],"void fx_init(struct kvm_vcpu *vcpu) { unsigned after_mxcsr_mask; if (!used_math()) kvm_fx_save(&vcpu->arch.host_fx_image); preempt_disable(); kvm_fx_save(&vcpu->arch.host_fx_image); kvm_fx_finit(); kvm_fx_save(&vcpu->arch.guest_fx_image); kvm_fx_restore(&vcpu->arch.host_fx_image); preempt_enable(); vcpu->arch.cr0 |= X86_CR0_ET; after_mxcsr_mask = offsetof(struct i387_fxsave_struct, st_space); vcpu->arch.guest_fx_image.mxcsr = 0x1f80; memset((void *)&vcpu->arch.guest_fx_image + after_mxcsr_mask, 0, sizeof(struct i387_fxsave_struct) - after_mxcsr_mask); }",linux-2.6,,,691270245185018933541845424761539342,0 1778,CWE-476,"static bool assoc_array_insert_into_terminal_node(struct assoc_array_edit *edit, const struct assoc_array_ops *ops, const void *index_key, struct assoc_array_walk_result *result) { struct assoc_array_shortcut *shortcut, *new_s0; struct assoc_array_node *node, *new_n0, *new_n1, *side; struct assoc_array_ptr *ptr; unsigned long dissimilarity, base_seg, blank; size_t keylen; bool have_meta; int level, diff; int slot, next_slot, free_slot, i, j; node = result->terminal_node.node; level = result->terminal_node.level; edit->segment_cache[ASSOC_ARRAY_FAN_OUT] = result->terminal_node.slot; pr_devel(""-->%s()\n"", __func__); free_slot = -1; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { ptr = node->slots[i]; if (!ptr) { free_slot = i; continue; } if (ops->compare_object(assoc_array_ptr_to_leaf(ptr), index_key)) { pr_devel(""replace in slot %d\n"", i); edit->leaf_p = &node->slots[i]; edit->dead_leaf = node->slots[i]; pr_devel(""<--%s() = ok [replace]\n"", __func__); return true; } } if (free_slot >= 0) { pr_devel(""insert in free slot %d\n"", free_slot); edit->leaf_p = &node->slots[free_slot]; edit->adjust_count_on = node; pr_devel(""<--%s() = ok [insert]\n"", __func__); return true; } new_n0 = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL); if (!new_n0) return false; edit->new_meta[0] = assoc_array_node_to_ptr(new_n0); new_n1 = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL); if (!new_n1) return false; edit->new_meta[1] = assoc_array_node_to_ptr(new_n1); pr_devel(""no spare slots\n""); have_meta = false; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { ptr = node->slots[i]; if (assoc_array_ptr_is_meta(ptr)) { edit->segment_cache[i] = 0xff; have_meta = true; continue; } base_seg = ops->get_object_key_chunk( assoc_array_ptr_to_leaf(ptr), level); base_seg >>= level & ASSOC_ARRAY_KEY_CHUNK_MASK; edit->segment_cache[i] = base_seg & ASSOC_ARRAY_FAN_MASK; } if (have_meta) { pr_devel(""have meta\n""); goto split_node; } dissimilarity = 0; base_seg = edit->segment_cache[0]; for (i = 1; i < ASSOC_ARRAY_FAN_OUT; i++) dissimilarity |= edit->segment_cache[i] ^ base_seg; pr_devel(""only leaves; dissimilarity=%lx\n"", dissimilarity); if ((dissimilarity & ASSOC_ARRAY_FAN_MASK) == 0) { if ((edit->segment_cache[ASSOC_ARRAY_FAN_OUT] ^ base_seg) == 0) goto all_leaves_cluster_together; goto present_leaves_cluster_but_not_new_leaf; } split_node: pr_devel(""split node\n""); edit->set[0].to = assoc_array_node_to_ptr(new_n0); new_n0->back_pointer = node->back_pointer; new_n0->parent_slot = node->parent_slot; new_n1->back_pointer = assoc_array_node_to_ptr(new_n0); new_n1->parent_slot = -1; do_split_node: pr_devel(""do_split_node\n""); new_n0->nr_leaves_on_branch = node->nr_leaves_on_branch; new_n1->nr_leaves_on_branch = 0; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { slot = edit->segment_cache[i]; if (slot != 0xff) for (j = i + 1; j < ASSOC_ARRAY_FAN_OUT + 1; j++) if (edit->segment_cache[j] == slot) goto found_slot_for_multiple_occupancy; } found_slot_for_multiple_occupancy: pr_devel(""same slot: %x %x [%02x]\n"", i, j, slot); BUG_ON(i >= ASSOC_ARRAY_FAN_OUT); BUG_ON(j >= ASSOC_ARRAY_FAN_OUT + 1); BUG_ON(slot >= ASSOC_ARRAY_FAN_OUT); new_n1->parent_slot = slot; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) if (assoc_array_ptr_is_meta(node->slots[i])) new_n0->slots[i] = node->slots[i]; else new_n0->slots[i] = NULL; BUG_ON(new_n0->slots[slot] != NULL); new_n0->slots[slot] = assoc_array_node_to_ptr(new_n1); free_slot = -1; next_slot = 0; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { if (assoc_array_ptr_is_meta(node->slots[i])) continue; if (edit->segment_cache[i] == slot) { new_n1->slots[next_slot++] = node->slots[i]; new_n1->nr_leaves_on_branch++; } else { do { free_slot++; } while (new_n0->slots[free_slot] != NULL); new_n0->slots[free_slot] = node->slots[i]; } } pr_devel(""filtered: f=%x n=%x\n"", free_slot, next_slot); if (edit->segment_cache[ASSOC_ARRAY_FAN_OUT] != slot) { do { free_slot++; } while (new_n0->slots[free_slot] != NULL); edit->leaf_p = &new_n0->slots[free_slot]; edit->adjust_count_on = new_n0; } else { edit->leaf_p = &new_n1->slots[next_slot++]; edit->adjust_count_on = new_n1; } BUG_ON(next_slot <= 1); edit->set_backpointers_to = assoc_array_node_to_ptr(new_n0); for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { if (edit->segment_cache[i] == 0xff) { ptr = node->slots[i]; BUG_ON(assoc_array_ptr_is_leaf(ptr)); if (assoc_array_ptr_is_node(ptr)) { side = assoc_array_ptr_to_node(ptr); edit->set_backpointers[i] = &side->back_pointer; } else { shortcut = assoc_array_ptr_to_shortcut(ptr); edit->set_backpointers[i] = &shortcut->back_pointer; } } } ptr = node->back_pointer; if (!ptr) edit->set[0].ptr = &edit->array->root; else if (assoc_array_ptr_is_node(ptr)) edit->set[0].ptr = &assoc_array_ptr_to_node(ptr)->slots[node->parent_slot]; else edit->set[0].ptr = &assoc_array_ptr_to_shortcut(ptr)->next_node; edit->excised_meta[0] = assoc_array_node_to_ptr(node); pr_devel(""<--%s() = ok [split node]\n"", __func__); return true; present_leaves_cluster_but_not_new_leaf: pr_devel(""present leaves cluster but not new leaf\n""); new_n0->back_pointer = node->back_pointer; new_n0->parent_slot = node->parent_slot; new_n0->nr_leaves_on_branch = node->nr_leaves_on_branch; new_n1->back_pointer = assoc_array_node_to_ptr(new_n0); new_n1->parent_slot = edit->segment_cache[0]; new_n1->nr_leaves_on_branch = node->nr_leaves_on_branch; edit->adjust_count_on = new_n0; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) new_n1->slots[i] = node->slots[i]; new_n0->slots[edit->segment_cache[0]] = assoc_array_node_to_ptr(new_n0); edit->leaf_p = &new_n0->slots[edit->segment_cache[ASSOC_ARRAY_FAN_OUT]]; edit->set[0].ptr = &assoc_array_ptr_to_node(node->back_pointer)->slots[node->parent_slot]; edit->set[0].to = assoc_array_node_to_ptr(new_n0); edit->excised_meta[0] = assoc_array_node_to_ptr(node); pr_devel(""<--%s() = ok [insert node before]\n"", __func__); return true; all_leaves_cluster_together: pr_devel(""all leaves cluster together\n""); diff = INT_MAX; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { int x = ops->diff_objects(assoc_array_ptr_to_leaf(node->slots[i]), index_key); if (x < diff) { BUG_ON(x < 0); diff = x; } } BUG_ON(diff == INT_MAX); BUG_ON(diff < level + ASSOC_ARRAY_LEVEL_STEP); keylen = round_up(diff, ASSOC_ARRAY_KEY_CHUNK_SIZE); keylen >>= ASSOC_ARRAY_KEY_CHUNK_SHIFT; new_s0 = kzalloc(sizeof(struct assoc_array_shortcut) + keylen * sizeof(unsigned long), GFP_KERNEL); if (!new_s0) return false; edit->new_meta[2] = assoc_array_shortcut_to_ptr(new_s0); edit->set[0].to = assoc_array_shortcut_to_ptr(new_s0); new_s0->back_pointer = node->back_pointer; new_s0->parent_slot = node->parent_slot; new_s0->next_node = assoc_array_node_to_ptr(new_n0); new_n0->back_pointer = assoc_array_shortcut_to_ptr(new_s0); new_n0->parent_slot = 0; new_n1->back_pointer = assoc_array_node_to_ptr(new_n0); new_n1->parent_slot = -1; new_s0->skip_to_level = level = diff & ~ASSOC_ARRAY_LEVEL_STEP_MASK; pr_devel(""skip_to_level = %d [diff %d]\n"", level, diff); BUG_ON(level <= 0); for (i = 0; i < keylen; i++) new_s0->index_key[i] = ops->get_key_chunk(index_key, i * ASSOC_ARRAY_KEY_CHUNK_SIZE); blank = ULONG_MAX << (level & ASSOC_ARRAY_KEY_CHUNK_MASK); pr_devel(""blank off [%zu] %d: %lx\n"", keylen - 1, level, blank); new_s0->index_key[keylen - 1] &= ~blank; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { ptr = node->slots[i]; base_seg = ops->get_object_key_chunk(assoc_array_ptr_to_leaf(ptr), level); base_seg >>= level & ASSOC_ARRAY_KEY_CHUNK_MASK; edit->segment_cache[i] = base_seg & ASSOC_ARRAY_FAN_MASK; } base_seg = ops->get_key_chunk(index_key, level); base_seg >>= level & ASSOC_ARRAY_KEY_CHUNK_MASK; edit->segment_cache[ASSOC_ARRAY_FAN_OUT] = base_seg & ASSOC_ARRAY_FAN_MASK; goto do_split_node; }",visit repo url,lib/assoc_array.c,https://github.com/torvalds/linux,97477057302666,1 6143,CWE-190,"void ep_mul_sim_joint(ep_t r, const ep_t p, const bn_t k, const ep_t q, const bn_t m) { bn_t n, _k, _m; ep_t t[5]; int i, l, u_i, offset; int8_t jsf[2 * (RLC_FP_BITS + 1)]; if (bn_is_zero(k) || ep_is_infty(p)) { ep_mul(r, q, m); return; } if (bn_is_zero(m) || ep_is_infty(q)) { ep_mul(r, p, k); return; } bn_null(n); bn_null(_k); bn_null(_m); RLC_TRY { bn_new(n); bn_new(_k); bn_new(_m); for (i = 0; i < 5; i++) { ep_null(t[i]); ep_new(t[i]); } ep_curve_get_ord(n); bn_mod(_k, k, n); bn_mod(_m, m, n); ep_set_infty(t[0]); ep_copy(t[1], q); if (bn_sign(_m) == RLC_NEG) { ep_neg(t[1], t[1]); } ep_copy(t[2], p); if (bn_sign(_k) == RLC_NEG) { ep_neg(t[2], t[2]); } ep_add(t[3], t[2], t[1]); ep_sub(t[4], t[2], t[1]); #if defined(EP_MIXED) ep_norm_sim(t + 3, (const ep_t *)t + 3, 2); #endif l = 2 * (RLC_FP_BITS + 1); bn_rec_jsf(jsf, &l, _k, _m); ep_set_infty(r); offset = RLC_MAX(bn_bits(_k), bn_bits(_m)) + 1; for (i = l - 1; i >= 0; i--) { ep_dbl(r, r); if (jsf[i] != 0 && jsf[i] == -jsf[i + offset]) { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { ep_sub(r, r, t[4]); } else { ep_add(r, r, t[4]); } } else { u_i = jsf[i] * 2 + jsf[i + offset]; if (u_i < 0) { ep_sub(r, r, t[-u_i]); } else { ep_add(r, r, t[u_i]); } } } ep_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(_k); bn_free(_m); for (i = 0; i < 5; i++) { ep_free(t[i]); } } }",visit repo url,src/ep/relic_ep_mul_sim.c,https://github.com/relic-toolkit/relic,241626413131590,1 2560,[],"static void debug_info(const char *what, struct attr_stack *elem) { fprintf(stderr, ""%s: %s\n"", what, elem->origin ? elem->origin : ""()""); }",git,,,301074805586853702042060601787169927540,0 6239,['CWE-200'],"static void neigh_app_notify(struct neighbour *n) { struct nlmsghdr *nlh; int size = NLMSG_SPACE(sizeof(struct ndmsg) + 256); struct sk_buff *skb = alloc_skb(size, GFP_ATOMIC); if (!skb) return; if (neigh_fill_info(skb, n, 0, 0, RTM_NEWNEIGH, 0) < 0) { kfree_skb(skb); return; } nlh = (struct nlmsghdr *)skb->data; NETLINK_CB(skb).dst_groups = RTMGRP_NEIGH; netlink_broadcast(rtnl, skb, 0, RTMGRP_NEIGH, GFP_ATOMIC); }",linux-2.6,,,232329079549366721921118604100032593912,0 696,[],"static int jpc_unk_dumpparms(jpc_ms_t *ms, FILE *out) { unsigned int i; jpc_unk_t *unk = &ms->parms.unk; for (i = 0; i < unk->len; ++i) { fprintf(out, ""%02x "", unk->data[i]); } return 0; }",jasper,,,286186616599688349773946869978766123307,0 2673,[],"static void sctp_endpoint_bh_rcv(struct work_struct *work) { struct sctp_endpoint *ep = container_of(work, struct sctp_endpoint, base.inqueue.immediate); struct sctp_association *asoc; struct sock *sk; struct sctp_transport *transport; struct sctp_chunk *chunk; struct sctp_inq *inqueue; sctp_subtype_t subtype; sctp_state_t state; int error = 0; int first_time = 1; if (ep->base.dead) return; asoc = NULL; inqueue = &ep->base.inqueue; sk = ep->base.sk; while (NULL != (chunk = sctp_inq_pop(inqueue))) { subtype = SCTP_ST_CHUNK(chunk->chunk_hdr->type); if (first_time && (subtype.chunk == SCTP_CID_AUTH)) { struct sctp_chunkhdr *next_hdr; next_hdr = sctp_inq_peek(inqueue); if (!next_hdr) goto normal; if (next_hdr->type == SCTP_CID_COOKIE_ECHO) { chunk->auth_chunk = skb_clone(chunk->skb, GFP_ATOMIC); chunk->auth = 1; continue; } } normal: if (NULL == chunk->asoc) { asoc = sctp_endpoint_lookup_assoc(ep, sctp_source(chunk), &transport); chunk->asoc = asoc; chunk->transport = transport; } state = asoc ? asoc->state : SCTP_STATE_CLOSED; if (sctp_auth_recv_cid(subtype.chunk, asoc) && !chunk->auth) continue; if (asoc && sctp_chunk_is_data(chunk)) asoc->peer.last_data_from = chunk->transport; else SCTP_INC_STATS(SCTP_MIB_INCTRLCHUNKS); if (chunk->transport) chunk->transport->last_time_heard = jiffies; error = sctp_do_sm(SCTP_EVENT_T_CHUNK, subtype, state, ep, asoc, chunk, GFP_ATOMIC); if (error && chunk) chunk->pdiscard = 1; if (!sctp_sk(sk)->ep) break; if (first_time) first_time = 0; } }",linux-2.6,,,212683153357637252737082862783973472392,0 1416,CWE-310,"static int crypto_report_one(struct crypto_alg *alg, struct crypto_user_alg *ualg, struct sk_buff *skb) { memcpy(&ualg->cru_name, &alg->cra_name, sizeof(ualg->cru_name)); memcpy(&ualg->cru_driver_name, &alg->cra_driver_name, sizeof(ualg->cru_driver_name)); memcpy(&ualg->cru_module_name, module_name(alg->cra_module), CRYPTO_MAX_ALG_NAME); ualg->cru_flags = alg->cra_flags; ualg->cru_refcnt = atomic_read(&alg->cra_refcnt); if (nla_put_u32(skb, CRYPTOCFGA_PRIORITY_VAL, alg->cra_priority)) goto nla_put_failure; if (alg->cra_flags & CRYPTO_ALG_LARVAL) { struct crypto_report_larval rl; snprintf(rl.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""larval""); if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL, sizeof(struct crypto_report_larval), &rl)) goto nla_put_failure; goto out; } if (alg->cra_type && alg->cra_type->report) { if (alg->cra_type->report(skb, alg)) goto nla_put_failure; goto out; } switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) { case CRYPTO_ALG_TYPE_CIPHER: if (crypto_report_cipher(skb, alg)) goto nla_put_failure; break; case CRYPTO_ALG_TYPE_COMPRESS: if (crypto_report_comp(skb, alg)) goto nla_put_failure; break; } out: return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user.c,https://github.com/torvalds/linux,140209224756124,1 3700,CWE-426,"main(int ac, char **av) { int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0; int sock, fd, ch, result, saved_errno; u_int nalloc; char *shell, *format, *pidstr, *agentsocket = NULL; fd_set *readsetp = NULL, *writesetp = NULL; struct rlimit rlim; extern int optind; extern char *optarg; pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; struct timeval *tvp = NULL; size_t len; mode_t prev_mask; ssh_malloc_init(); sanitise_stdfd(); setegid(getgid()); setgid(getgid()); #ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); #endif while ((ch = getopt(ac, av, ""cDdksE:a:t:"")) != -1) { switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); if (fingerprint_hash == -1) fatal(""Invalid hash algorithm \""%s\"""", optarg); break; case 'c': if (s_flag) usage(); c_flag++; break; case 'k': k_flag++; break; case 's': if (c_flag) usage(); s_flag++; break; case 'd': if (d_flag || D_flag) usage(); d_flag++; break; case 'D': if (d_flag || D_flag) usage(); D_flag++; break; case 'a': agentsocket = optarg; break; case 't': if ((lifetime = convtime(optarg)) == -1) { fprintf(stderr, ""Invalid lifetime\n""); usage(); } break; default: usage(); } } ac -= optind; av += optind; if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) usage(); if (ac == 0 && !c_flag && !s_flag) { shell = getenv(""SHELL""); if (shell != NULL && (len = strlen(shell)) > 2 && strncmp(shell + len - 3, ""csh"", 3) == 0) c_flag = 1; } if (k_flag) { const char *errstr = NULL; pidstr = getenv(SSH_AGENTPID_ENV_NAME); if (pidstr == NULL) { fprintf(stderr, ""%s not set, cannot kill agent\n"", SSH_AGENTPID_ENV_NAME); exit(1); } pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr); if (errstr) { fprintf(stderr, ""%s=\""%s\"", which is not a good PID: %s\n"", SSH_AGENTPID_ENV_NAME, pidstr, errstr); exit(1); } if (kill(pid, SIGTERM) == -1) { perror(""kill""); exit(1); } format = c_flag ? ""unsetenv %s;\n"" : ""unset %s;\n""; printf(format, SSH_AUTHSOCKET_ENV_NAME); printf(format, SSH_AGENTPID_ENV_NAME); printf(""echo Agent pid %ld killed;\n"", (long)pid); exit(0); } parent_pid = getpid(); if (agentsocket == NULL) { mktemp_proto(socket_dir, sizeof(socket_dir)); if (mkdtemp(socket_dir) == NULL) { perror(""mkdtemp: private socket dir""); exit(1); } snprintf(socket_name, sizeof socket_name, ""%s/agent.%ld"", socket_dir, (long)parent_pid); } else { socket_dir[0] = '\0'; strlcpy(socket_name, agentsocket, sizeof socket_name); } prev_mask = umask(0177); sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0); if (sock < 0) { *socket_name = '\0'; cleanup_exit(1); } umask(prev_mask); if (D_flag || d_flag) { log_init(__progname, d_flag ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 1); format = c_flag ? ""setenv %s %s;\n"" : ""%s=%s; export %s;\n""; printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, SSH_AUTHSOCKET_ENV_NAME); printf(""echo Agent pid %ld;\n"", (long)parent_pid); fflush(stdout); goto skip; } pid = fork(); if (pid == -1) { perror(""fork""); cleanup_exit(1); } if (pid != 0) { close(sock); snprintf(pidstrbuf, sizeof pidstrbuf, ""%ld"", (long)pid); if (ac == 0) { format = c_flag ? ""setenv %s %s;\n"" : ""%s=%s; export %s;\n""; printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, SSH_AUTHSOCKET_ENV_NAME); printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, SSH_AGENTPID_ENV_NAME); printf(""echo Agent pid %ld;\n"", (long)pid); exit(0); } if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 || setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) { perror(""setenv""); exit(1); } execvp(av[0], av); perror(av[0]); exit(1); } log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0); if (setsid() == -1) { error(""setsid: %s"", strerror(errno)); cleanup_exit(1); } (void)chdir(""/""); if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO); (void)dup2(fd, STDERR_FILENO); if (fd > 2) close(fd); } rlim.rlim_cur = rlim.rlim_max = 0; if (setrlimit(RLIMIT_CORE, &rlim) < 0) { error(""setrlimit RLIMIT_CORE: %s"", strerror(errno)); cleanup_exit(1); } skip: cleanup_pid = getpid(); #ifdef ENABLE_PKCS11 pkcs11_init(0); #endif new_socket(AUTH_SOCKET, sock); if (ac > 0) parent_alive_interval = 10; idtab_init(); signal(SIGPIPE, SIG_IGN); signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN); signal(SIGHUP, cleanup_handler); signal(SIGTERM, cleanup_handler); nalloc = 0; if (pledge(""stdio cpath unix id proc exec"", NULL) == -1) fatal(""%s: pledge: %s"", __progname, strerror(errno)); while (1) { prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); saved_errno = errno; if (parent_alive_interval != 0) check_parent_exists(); (void) reaper(); if (result < 0) { if (saved_errno == EINTR) continue; fatal(""select: %s"", strerror(saved_errno)); } else if (result > 0) after_select(readsetp, writesetp); } }",visit repo url,usr.bin/ssh/ssh-agent.c,https://github.com/openbsd/src,228339576263225,1 5877,['CWE-200'],"static int nr_listen(struct socket *sock, int backlog) { struct sock *sk = sock->sk; lock_sock(sk); if (sk->sk_state != TCP_LISTEN) { memset(&nr_sk(sk)->user_addr, 0, AX25_ADDR_LEN); sk->sk_max_ack_backlog = backlog; sk->sk_state = TCP_LISTEN; release_sock(sk); return 0; } release_sock(sk); return -EOPNOTSUPP; }",linux-2.6,,,139299569987275033944848579393478695240,0 2534,CWE-416,"archive_read_format_rar_read_data(struct archive_read *a, const void **buff, size_t *size, int64_t *offset) { struct rar *rar = (struct rar *)(a->format->data); int ret; if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) { rar->has_encrypted_entries = 0; } if (rar->bytes_unconsumed > 0) { __archive_read_consume(a, rar->bytes_unconsumed); rar->bytes_unconsumed = 0; } *buff = NULL; if (rar->entry_eof || rar->offset_seek >= rar->unp_size) { *size = 0; *offset = rar->offset; if (*offset < rar->unp_size) *offset = rar->unp_size; return (ARCHIVE_EOF); } switch (rar->compression_method) { case COMPRESS_METHOD_STORE: ret = read_data_stored(a, buff, size, offset); break; case COMPRESS_METHOD_FASTEST: case COMPRESS_METHOD_FAST: case COMPRESS_METHOD_NORMAL: case COMPRESS_METHOD_GOOD: case COMPRESS_METHOD_BEST: ret = read_data_compressed(a, buff, size, offset); if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); break; default: archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Unsupported compression method for RAR file.""); ret = ARCHIVE_FATAL; break; } return (ret); }",visit repo url,libarchive/archive_read_support_format_rar.c,https://github.com/libarchive/libarchive,269859462291541,1 4327,CWE-119,"void CLASS foveon_load_camf() { unsigned type, wide, high, i, j, row, col, diff; ushort huff[258], vpred[2][2] = {{512,512},{512,512}}, hpred[2]; fseek (ifp, meta_offset, SEEK_SET); type = get4(); get4(); get4(); wide = get4(); high = get4(); if (type == 2) { fread (meta_data, 1, meta_length, ifp); for (i=0; i < meta_length; i++) { high = (high * 1597 + 51749) % 244944; wide = high * (INT64) 301593171 >> 24; meta_data[i] ^= ((((high << 8) - wide) >> 1) + wide) >> 17; } } else if (type == 4) { free (meta_data); meta_data = (char *) malloc (meta_length = wide*high*3/2); merror (meta_data, ""foveon_load_camf()""); foveon_huff (huff); get4(); getbits(-1); for (j=row=0; row < high; row++) { for (col=0; col < wide; col++) { diff = ljpeg_diff(huff); if (col < 2) hpred[col] = vpred[row & 1][col] += diff; else hpred[col & 1] += diff; if (col & 1) { meta_data[j++] = hpred[0] >> 4; meta_data[j++] = hpred[0] << 4 | hpred[1] >> 8; meta_data[j++] = hpred[1]; } } } } else fprintf (stderr,_(""%s has unknown CAMF type %d.\n""), ifname, type); }",visit repo url,dcraw_foveon.c,https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2,223331887590693,1 3495,['CWE-20'],"sctp_disposition_t sctp_sf_shutdown_pending_abort( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; if (!sctp_vtag_verify_either(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t))) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (SCTP_ADDR_DEL == sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest)) return sctp_sf_discard_chunk(ep, asoc, type, arg, commands); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD)); return __sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands); }",linux-2.6,,,142179542279725338565977742908113825325,0 3438,['CWE-264'],"static long do_vmsplice(struct file *file, const struct iovec __user *iov, unsigned long nr_segs, unsigned int flags) { struct pipe_inode_info *pipe = file->f_dentry->d_inode->i_pipe; struct page *pages[PIPE_BUFFERS]; struct partial_page partial[PIPE_BUFFERS]; struct splice_pipe_desc spd = { .pages = pages, .partial = partial, .flags = flags, .ops = &user_page_pipe_buf_ops, }; if (unlikely(!pipe)) return -EBADF; if (unlikely(nr_segs > UIO_MAXIOV)) return -EINVAL; else if (unlikely(!nr_segs)) return 0; spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial, flags & SPLICE_F_GIFT); if (spd.nr_pages <= 0) return spd.nr_pages; return splice_to_pipe(pipe, &spd); }",linux-2.6,,,90119652291776253737803494675820293770,0 32,CWE-763,"spnego_gss_context_time( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, OM_uint32 *time_rec) { OM_uint32 ret; ret = gss_context_time(minor_status, context_handle, time_rec); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,153222982797517,1 2387,['CWE-119'],"static void do_oneway_diff(struct unpack_trees_options *o, struct cache_entry *idx, struct cache_entry *tree) { struct oneway_unpack_data *cbdata = o->unpack_data; struct rev_info *revs = cbdata->revs; int match_missing, cached; cached = o->index_only; match_missing = !revs->ignore_merges; if (cached && idx && ce_stage(idx)) { if (tree) diff_unmerge(&revs->diffopt, idx->name, idx->ce_mode, idx->sha1); return; } if (!tree) { show_new_file(cbdata, idx, cached, match_missing); return; } if (!idx) { diff_index_show_file(revs, ""-"", tree, tree->sha1, tree->ce_mode); return; } show_modified(cbdata, tree, idx, 1, cached, match_missing); }",git,,,179840638331738093431022521317627435534,0 4567,CWE-787,"void gf_bt_check_line(GF_BTParser *parser) { while (1) { switch (parser->line_buffer[parser->line_pos]) { case ' ': case '\t': case '\n': case '\r': parser->line_pos++; continue; default: break; } break; } if (parser->line_buffer[parser->line_pos]=='#') { parser->line_size = parser->line_pos; } else if ((parser->line_buffer[parser->line_pos]=='/') && (parser->line_buffer[parser->line_pos+1]=='/') ) parser->line_size = parser->line_pos; if (parser->line_size == parser->line_pos) { if (!parser->gz_in) { parser->done = 1; return; } next_line: parser->line_start_pos = (s32) gf_gztell(parser->gz_in); parser->line_buffer[0] = 0; if (parser->unicode_type) { u8 c1, c2; unsigned short wchar; unsigned short l[BT_LINE_SIZE]; unsigned short *dst = l; Bool is_ret = 0; u32 last_space_pos, last_space_pos_stream; u32 go = BT_LINE_SIZE - 1; last_space_pos = last_space_pos_stream = 0; while (go && !gf_gzeof(parser->gz_in) ) { c1 = gf_gzgetc(parser->gz_in); c2 = gf_gzgetc(parser->gz_in); if (parser->unicode_type==2) { if (c2) { wchar = c2; wchar <<=8; wchar |= c1; } else wchar = c1; } else { wchar = c1; if (c2) { wchar <<= 8; wchar |= c2; } } *dst = wchar; if (wchar=='\r') is_ret = 1; else if (wchar=='\n') { dst++; break; } else if (is_ret) { u32 fpos = (u32) gf_gztell(parser->gz_in); gf_gzseek(parser->gz_in, fpos-2, SEEK_SET); break; } if (wchar==' ') { last_space_pos = (u32) (dst - l); } dst++; go--; } *dst = 0; if (!go) { u32 rew_pos = (u32) (gf_gztell(parser->gz_in) - 2*(dst - &l[last_space_pos]) ); gf_gzseek(parser->gz_in, rew_pos, SEEK_SET); l[last_space_pos+1] = 0; } if (l[0]==0xFFFF) { parser->done = 1; return; } dst = l; gf_utf8_wcstombs(parser->line_buffer, BT_LINE_SIZE, (const unsigned short **) &dst); if (!strlen(parser->line_buffer) && gf_gzeof(parser->gz_in)) { parser->done = 1; return; } } else { if ((gf_gzgets(parser->gz_in, parser->line_buffer, BT_LINE_SIZE) == NULL) || (!strlen(parser->line_buffer) && gf_gzeof(parser->gz_in))) { parser->done = 1; return; } if (1 + strlen(parser->line_buffer) == BT_LINE_SIZE) { u32 rew, pos, go; rew = 0; go = 1; while (go) { switch (parser->line_buffer[strlen(parser->line_buffer)-1]) { case ' ': case ',': case '[': case ']': go = 0; break; default: parser->line_buffer[strlen(parser->line_buffer)-1] = 0; rew++; break; } } pos = (u32) gf_gztell(parser->gz_in); gf_gzseek(parser->gz_in, pos-rew, SEEK_SET); } } while (1) { char c; u32 len = (u32) strlen(parser->line_buffer); if (!len) break; c = parser->line_buffer[len-1]; if (!strchr(""\n\r\t"", c)) break; parser->line_buffer[len-1] = 0; } parser->line_size = (u32) strlen(parser->line_buffer); parser->line_pos = 0; parser->line++; { u32 pos = (u32) gf_gztell(parser->gz_in); if (pos>=parser->file_pos) { parser->file_pos = pos; if (parser->line>1) gf_set_progress(""BT Parsing"", pos, parser->file_size); } } while ((parser->line_buffer[parser->line_pos]==' ') || (parser->line_buffer[parser->line_pos]=='\t')) parser->line_pos++; if ( (parser->line_buffer[parser->line_pos]=='#') || ( (parser->line_buffer[parser->line_pos]=='/') && (parser->line_buffer[parser->line_pos+1]=='/')) ) { if (parser->line==1) { if (strstr(parser->line_buffer, ""VRML"")) { if (strstr(parser->line_buffer, ""VRML V2.0"")) parser->is_wrl = 1; else if (strstr(parser->line_buffer, ""VRML2.0"")) parser->is_wrl = 1; else { gf_bt_report(parser, GF_NOT_SUPPORTED, ""%s: VRML Version Not Supported"", parser->line_buffer); return; } } else if (strstr(parser->line_buffer, ""X3D"")) { if (strstr(parser->line_buffer, ""X3D V3.0"")) parser->is_wrl = 2; else { gf_bt_report(parser, GF_NOT_SUPPORTED, ""%s: X3D Version Not Supported"", parser->line_buffer); return; } } } if (!strnicmp(parser->line_buffer+parser->line_pos, ""#define "", 8) && !parser->block_comment) { char *buf, *sep; parser->line_pos+=8; buf = parser->line_buffer+parser->line_pos; sep = strchr(buf, ' '); if (sep && (sep[1]!='\n') ) { BTDefSymbol *def; GF_SAFEALLOC(def, BTDefSymbol); if (!def) { GF_LOG(GF_LOG_ERROR, GF_LOG_PARSER, (""Fail to allocate DEF node\n"")); return; } sep[0] = 0; def->name = gf_strdup(buf); sep[0] = ' '; buf = sep+1; while (strchr("" \t"", buf[0])) buf++; def->value = gf_strdup(buf); gf_list_add(parser->def_symbols, def); } } else if (!strnicmp(parser->line_buffer+parser->line_pos, ""#if "", 4)) { u32 len = 0; parser->line_pos+=4; while (1) { if (parser->line_pos+(s32)len==parser->line_size) break; if (strchr("" \n\t"", parser->line_buffer[parser->line_pos+len])) break; len++; } if (len) { if (len==1) { if (!strnicmp(parser->line_buffer+parser->line_pos, ""0"", 1)) { parser->block_comment++; } } else { u32 i, count; char *keyWord = NULL; count = gf_list_count(parser->def_symbols); for (i=0; idef_symbols, i); if (!strnicmp(parser->line_buffer+parser->line_pos, def->name, len)) { keyWord = def->value; break; } } if (keyWord && !strcmp(keyWord, ""0"")) { parser->block_comment++; } } } } else if (!strnicmp(parser->line_buffer+parser->line_pos, ""#endif"", 6)) { if (parser->block_comment) parser->block_comment--; } else if (!strnicmp(parser->line_buffer+parser->line_pos, ""#else"", 5)) { if (parser->block_comment) parser->block_comment--; else parser->block_comment++; } else if (!strnicmp(parser->line_buffer+parser->line_pos, ""#size"", 5)) { char *buf; parser->line_pos+=6; buf = parser->line_buffer+parser->line_pos; while (strchr("" \t"", buf[0])) buf++; sscanf(buf, ""%dx%d"", &parser->def_w, &parser->def_h); } goto next_line; } if (parser->block_comment) goto next_line; if (parser->line_pos < parser->line_size) { u32 i, count; count = gf_list_count(parser->def_symbols); while (1) { Bool found = 0; for (i=0; idef_symbols, i); char *start = strstr(parser->line_buffer, def->name); if (!start) continue; symb_len = (u32) strlen(def->name); if (!strchr("" \n\r\t,[]{}\'\"""", start[symb_len])) continue; val_len = (u32) strlen(def->value); copy_len = (u32) strlen(start + symb_len) + 1; memmove(start + val_len, start + symb_len, sizeof(char)*copy_len); memcpy(start, def->value, sizeof(char)*val_len); parser->line_size = (u32) strlen(parser->line_buffer); found = 1; } if (!found) break; } } } if (!parser->line_size) { if (!gf_gzeof(parser->gz_in)) gf_bt_check_line(parser); else parser->done = 1; } else if (!parser->done && (parser->line_size == parser->line_pos)) gf_bt_check_line(parser); }",visit repo url,src/scene_manager/loader_bt.c,https://github.com/gpac/gpac,169048449143536,1 4276,CWE-400,"static bool r_bin_mdmp_init_directory_entry(struct r_bin_mdmp_obj *obj, struct minidump_directory *entry) { r_strf_buffer (128); struct minidump_handle_operation_list handle_operation_list; struct minidump_memory_list memory_list; struct minidump_memory64_list memory64_list; struct minidump_memory_info_list memory_info_list; struct minidump_module_list module_list; struct minidump_thread_list thread_list; struct minidump_thread_ex_list thread_ex_list; struct minidump_thread_info_list thread_info_list; struct minidump_token_info_list token_info_list; struct minidump_unloaded_module_list unloaded_module_list; ut64 offset; int i, r; if ((ut64)entry->location.rva + entry->location.data_size > r_buf_size (obj->b)) { eprintf (""[ERROR] Size Mismatch - Stream data is larger than file size!\n""); return false; } switch (entry->stream_type) { case THREAD_LIST_STREAM: r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)&thread_list, sizeof (thread_list)); if (r != sizeof (thread_list)) { break; } sdb_set (obj->kv, ""mdmp_thread.format"", ""ddddq?? "" ""ThreadId SuspendCount PriorityClass Priority "" ""Teb (mdmp_memory_descriptor)Stack "" ""(mdmp_location_descriptor)ThreadContext"", 0); sdb_num_set (obj->kv, ""mdmp_thread_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_thread_list.format"", r_strf (""d[%d]? "" ""NumberOfThreads (mdmp_thread)Threads"", thread_list.number_of_threads), 0); break; case MODULE_LIST_STREAM: module_list.number_of_modules = r_buf_read_le32_at (obj->b, entry->location.rva); sdb_set (obj->kv, ""mdmp_module.format"", ""qddtd???qq "" ""BaseOfImage SizeOfImage CheckSum "" ""TimeDateStamp ModuleNameRVA "" ""(mdmp_vs_fixedfileinfo)VersionInfo "" ""(mdmp_location_descriptor)CvRecord "" ""(mdmp_location_descriptor)MiscRecord "" ""Reserved0 Reserved1"", 0); sdb_num_set (obj->kv, ""mdmp_module_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_module_list.format"", r_strf (""d[%d]? "" ""NumberOfModule (mdmp_module)Modules"", module_list.number_of_modules), 0); offset = entry->location.rva + sizeof (module_list); for (i = 0; i < module_list.number_of_modules; i++) { struct minidump_module *module = R_NEW (struct minidump_module); if (!module) { break; } read_module (obj->b, offset, module); r_list_append (obj->streams.modules, module); offset += sizeof (*module); } break; case MEMORY_LIST_STREAM: r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)&memory_list, sizeof (memory_list)); if (r != sizeof (memory_list)) { break; } sdb_num_set (obj->kv, ""mdmp_memory_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_memory_list.format"", r_strf (""d[%d]? "" ""NumberOfMemoryRanges "" ""(mdmp_memory_descriptor)MemoryRanges "", memory_list.number_of_memory_ranges), 0); offset = entry->location.rva + sizeof (memory_list); for (i = 0; i < memory_list.number_of_memory_ranges; i++) { struct minidump_memory_descriptor *desc = R_NEW (struct minidump_memory_descriptor); if (!desc) { break; } r = r_buf_read_at (obj->b, offset, (ut8 *)desc, sizeof (*desc)); if (r != sizeof (*desc)) { break; } r_list_append (obj->streams.memories, desc); offset += sizeof (*desc); } break; case EXCEPTION_STREAM: obj->streams.exception = R_NEW (struct minidump_exception_stream); if (!obj->streams.exception) { break; } r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)obj->streams.exception, sizeof (*obj->streams.exception)); if (r != sizeof (*obj->streams.exception)) { break; } sdb_set (obj->kv, ""mdmp_exception.format"", ""[4]E[4]Eqqdd[15]q "" ""(mdmp_exception_code)ExceptionCode "" ""(mdmp_exception_flags)ExceptionFlags "" ""ExceptionRecord ExceptionAddress "" ""NumberParameters __UnusedAlignment "" ""ExceptionInformation"", 0); sdb_num_set (obj->kv, ""mdmp_exception_stream.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_exception_stream.format"", ""dd?? "" ""ThreadId __Alignment "" ""(mdmp_exception)ExceptionRecord "" ""(mdmp_location_descriptor)ThreadContext"", 0); break; case SYSTEM_INFO_STREAM: obj->streams.system_info = R_NEW (struct minidump_system_info); if (!obj->streams.system_info) { break; } r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)obj->streams.system_info, sizeof (*obj->streams.system_info)); if (r != sizeof (*obj->streams.system_info)) { break; } sdb_num_set (obj->kv, ""mdmp_system_info.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_system_info.format"", ""[2]EwwbBddd[4]Ed[2]Ew[2]q "" ""(mdmp_processor_architecture)ProcessorArchitecture "" ""ProcessorLevel ProcessorRevision NumberOfProcessors "" ""(mdmp_product_type)ProductType "" ""MajorVersion MinorVersion BuildNumber (mdmp_platform_id)PlatformId "" ""CsdVersionRva (mdmp_suite_mask)SuiteMask Reserved2 ProcessorFeatures"", 0); break; case THREAD_EX_LIST_STREAM: r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)&thread_ex_list, sizeof (thread_ex_list)); if (r != sizeof (thread_ex_list)) { break; } sdb_set (obj->kv, ""mdmp_thread_ex.format"", ""ddddq??? "" ""ThreadId SuspendCount PriorityClass Priority "" ""Teb (mdmp_memory_descriptor)Stack "" ""(mdmp_location_descriptor)ThreadContext "" ""(mdmp_memory_descriptor)BackingStore"", 0); sdb_num_set (obj->kv, ""mdmp_thread_ex_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_thread_ex_list.format"", r_strf (""d[%d]? NumberOfThreads "" ""(mdmp_thread_ex)Threads"", thread_ex_list.number_of_threads), 0); offset = entry->location.rva + sizeof (thread_ex_list); for (i = 0; i < thread_ex_list.number_of_threads; i++) { struct minidump_thread_ex *thread = R_NEW (struct minidump_thread_ex); if (!thread) { break; } r = r_buf_read_at (obj->b, offset, (ut8 *)thread, sizeof (*thread)); if (r != sizeof (*thread)) { break; } r_list_append (obj->streams.ex_threads, thread); offset += sizeof (*thread); } break; case MEMORY_64_LIST_STREAM: read_memory64_list (obj->b, entry->location.rva, &memory64_list); sdb_num_set (obj->kv, ""mdmp_memory64_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_memory64_list.format"", r_strf (""qq[%""PFMT64d""]? NumberOfMemoryRanges "" ""BaseRva "" ""(mdmp_memory_descriptor64)MemoryRanges"", memory64_list.number_of_memory_ranges), 0); obj->streams.memories64.base_rva = memory64_list.base_rva; offset = entry->location.rva + sizeof (memory64_list); for (i = 0; i < memory64_list.number_of_memory_ranges; i++) { struct minidump_memory_descriptor64 *desc = R_NEW (struct minidump_memory_descriptor64); if (!desc) { break; } read_desc (obj->b, offset, desc); r_list_append (obj->streams.memories64.memories, desc); offset += sizeof (*desc); } break; case COMMENT_STREAM_A: obj->streams.comments_a = R_NEWS (ut8, COMMENTS_SIZE); if (!obj->streams.comments_a) { break; } r = r_buf_read_at (obj->b, entry->location.rva, obj->streams.comments_a, COMMENTS_SIZE); if (r != COMMENTS_SIZE) { break; } sdb_num_set (obj->kv, ""mdmp_comment_stream_a.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_comment_stream_a.format"", ""s CommentA"", 0); break; case COMMENT_STREAM_W: obj->streams.comments_w = R_NEWS (ut8, COMMENTS_SIZE); if (!obj->streams.comments_w) { break; } r = r_buf_read_at (obj->b, entry->location.rva, obj->streams.comments_w, COMMENTS_SIZE); if (r != COMMENTS_SIZE) { break; } sdb_num_set (obj->kv, ""mdmp_comment_stream_w.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_comment_stream_w.format"", ""s CommentW"", 0); break; case HANDLE_DATA_STREAM: obj->streams.handle_data = R_NEW (struct minidump_handle_data_stream); if (!obj->streams.handle_data) { break; } r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)obj->streams.handle_data, sizeof (*obj->streams.handle_data)); if (r != sizeof (*obj->streams.handle_data)) { break; } sdb_num_set (obj->kv, ""mdmp_handle_data_stream.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_handle_data_stream.format"", ""dddd "" ""SizeOfHeader SizeOfDescriptor "" ""NumberOfDescriptors Reserved"", 0); break; case FUNCTION_TABLE_STREAM: obj->streams.function_table = R_NEW (struct minidump_function_table_stream); if (!obj->streams.function_table) { break; } r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)obj->streams.function_table, sizeof (*obj->streams.function_table)); if (r != sizeof (*obj->streams.function_table)) { break; } sdb_num_set (obj->kv, ""mdmp_function_table_stream.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_function_table_stream.format"", ""dddddd "" ""SizeOfHeader SizeOfDescriptor SizeOfNativeDescriptor "" ""SizeOfFunctionEntry NumberOfDescriptors SizeOfAlignPad"", 0); break; case UNLOADED_MODULE_LIST_STREAM: r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)&unloaded_module_list, sizeof (unloaded_module_list)); if (r != sizeof (unloaded_module_list)) { break; } sdb_set (obj->kv, ""mdmp_unloaded_module.format"", ""qddtd "" ""BaseOfImage SizeOfImage CheckSum TimeDateStamp "" ""ModuleNameRva"", 0); sdb_num_set (obj->kv, ""mdmp_unloaded_module_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_unloaded_module_list.format"", ""ddd "" ""SizeOfHeader SizeOfEntry NumberOfEntries"", 0); offset = entry->location.rva + sizeof (unloaded_module_list); for (i = 0; i < unloaded_module_list.number_of_entries; i++) { struct minidump_unloaded_module *module = R_NEW (struct minidump_unloaded_module); if (!module) { break; } r = r_buf_read_at (obj->b, offset, (ut8 *)module, sizeof (*module)); if (r != sizeof (*module)) { break; } r_list_append (obj->streams.unloaded_modules, module); offset += sizeof (*module); } break; case MISC_INFO_STREAM: obj->streams.misc_info.misc_info_1 = R_NEW (struct minidump_misc_info); if (!obj->streams.misc_info.misc_info_1) { break; } r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)obj->streams.misc_info.misc_info_1, sizeof (*obj->streams.misc_info.misc_info_1)); if (r != sizeof (*obj->streams.misc_info.misc_info_1)) { break; } sdb_num_set (obj->kv, ""mdmp_misc_info.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_misc_info.format"", ""d[4]Bdtttddddd "" ""SizeOfInfo (mdmp_misc1_flags)Flags1 ProcessId "" ""ProcessCreateTime ProcessUserTime ProcessKernelTime "" ""ProcessorMaxMhz ProcessorCurrentMhz "" ""ProcessorMhzLimit ProcessorMaxIdleState "" ""ProcessorCurrentIdleState"", 0); break; case MEMORY_INFO_LIST_STREAM: r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)&memory_info_list, sizeof (memory_info_list)); if (r != sizeof (memory_info_list)) { break; } sdb_set (obj->kv, ""mdmp_memory_info.format"", ""qq[4]Edq[4]E[4]E[4]Ed BaseAddress AllocationBase "" ""(mdmp_page_protect)AllocationProtect __Alignment1 RegionSize "" ""(mdmp_mem_state)State (mdmp_page_protect)Protect "" ""(mdmp_mem_type)Type __Alignment2"", 0); sdb_num_set (obj->kv, ""mdmp_memory_info_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_memory_info_list.format"", r_strf (""ddq[%""PFMT64d""]? SizeOfHeader SizeOfEntry "" ""NumberOfEntries (mdmp_memory_info)MemoryInfo"", memory_info_list.number_of_entries), 0); offset = entry->location.rva + sizeof (memory_info_list); for (i = 0; i < memory_info_list.number_of_entries; i++) { struct minidump_memory_info *info = R_NEW (struct minidump_memory_info); if (!info) { break; } r = r_buf_read_at (obj->b, offset, (ut8 *)info, sizeof (*info)); if (r != sizeof (*info)) { break; } r_list_append (obj->streams.memory_infos, info); offset += sizeof (*info); } break; case THREAD_INFO_LIST_STREAM: r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)&thread_info_list, sizeof (thread_info_list)); if (r != sizeof (thread_info_list)) { break; } sdb_set (obj->kv, ""mdmp_thread_info.format"", ""ddddttttqq "" ""ThreadId DumpFlags DumpError ExitStatus CreateTime "" ""ExitTime KernelTime UserTime StartAddress Affinity"", 0); sdb_num_set (obj->kv, ""mdmp_thread_info_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_thread_info_list.format"", ""ddd "" ""SizeOfHeader SizeOfEntry NumberOfEntries"", 0); offset = entry->location.rva + sizeof (thread_info_list); for (i = 0; i < thread_info_list.number_of_entries; i++) { struct minidump_thread_info *info = R_NEW (struct minidump_thread_info); if (!info) { break; } r = r_buf_read_at (obj->b, offset, (ut8 *)info, sizeof (*info)); if (r != sizeof (*info)) { break; } r_list_append (obj->streams.thread_infos, info); offset += sizeof (*info); } break; case HANDLE_OPERATION_LIST_STREAM: r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)&handle_operation_list, sizeof (handle_operation_list)); if (r != sizeof (handle_operation_list)) { break; } sdb_num_set (obj->kv, ""mdmp_handle_operation_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_handle_operation_list.format"", ""dddd "" ""SizeOfHeader SizeOfEntry NumberOfEntries Reserved"", 0); offset = entry->location.rva + sizeof (handle_operation_list); for (i = 0; i < handle_operation_list.number_of_entries; i++) { struct avrf_handle_operation *op = R_NEW (struct avrf_handle_operation); if (!op) { break; } r = r_buf_read_at (obj->b, offset, (ut8 *)op, sizeof (*op)); if (r != sizeof (*op)) { break; } r_list_append (obj->streams.operations, op); offset += sizeof (*op); } break; case TOKEN_STREAM: r = r_buf_read_at (obj->b, entry->location.rva, (ut8 *)&token_info_list, sizeof (token_info_list)); if (r != sizeof (token_info_list)) { break; } sdb_set (obj->kv, ""mdmp_token_info.format"", ""ddq "" ""TokenSize TokenId TokenHandle"", 0); sdb_num_set (obj->kv, ""mdmp_token_info_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_token_info_list.format"", ""dddd "" ""TokenListSize TokenListEntries ListHeaderSize ElementHeaderSize"", 0); offset = entry->location.rva + sizeof (token_info_list); for (i = 0; i < token_info_list.number_of_entries; i++) { struct minidump_token_info *info = R_NEW (struct minidump_token_info); if (!info) { break; } r = r_buf_read_at (obj->b, offset, (ut8 *)info, sizeof (*info)); if (r != sizeof (*info)) { break; } r_list_append (obj->streams.token_infos, info); offset += sizeof (*info); } break; case LAST_RESERVED_STREAM: break; case UNUSED_STREAM: case RESERVED_STREAM_0: case RESERVED_STREAM_1: break; default: eprintf (""[WARN] Invalid or unsupported enumeration encountered %d\n"", entry->stream_type); break; } return true; }",visit repo url,libr/bin/format/mdmp/mdmp.c,https://github.com/radareorg/radare2,125867594161165,1 1464,[],"int sched_create_sysfs_power_savings_entries(struct sysdev_class *cls) { int err = 0; #ifdef CONFIG_SCHED_SMT if (smt_capable()) err = sysfs_create_file(&cls->kset.kobj, &attr_sched_smt_power_savings.attr); #endif #ifdef CONFIG_SCHED_MC if (!err && mc_capable()) err = sysfs_create_file(&cls->kset.kobj, &attr_sched_mc_power_savings.attr); #endif return err; }",linux-2.6,,,307147011833422766406199715283617863463,0 5135,['CWE-20'],"static void __init vmx_check_processor_compat(void *rtn) { struct vmcs_config vmcs_conf; *(int *)rtn = 0; if (setup_vmcs_config(&vmcs_conf) < 0) *(int *)rtn = -EIO; if (memcmp(&vmcs_config, &vmcs_conf, sizeof(struct vmcs_config)) != 0) { printk(KERN_ERR ""kvm: CPU %d feature inconsistency!\n"", smp_processor_id()); *(int *)rtn = -EIO; } }",linux-2.6,,,271471195309013014557011623148862197720,0 709,CWE-20,"int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int err = 0; size_t target, copied = 0; long timeo; if (flags & MSG_OOB) return -EOPNOTSUPP; msg->msg_namelen = 0; BT_DBG(""sk %p size %zu"", sk, size); lock_sock(sk); target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); do { struct sk_buff *skb; int chunk; skb = skb_dequeue(&sk->sk_receive_queue); if (!skb) { if (copied >= target) break; err = sock_error(sk); if (err) break; if (sk->sk_shutdown & RCV_SHUTDOWN) break; err = -EAGAIN; if (!timeo) break; timeo = bt_sock_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } continue; } chunk = min_t(unsigned int, skb->len, size); if (skb_copy_datagram_iovec(skb, 0, msg->msg_iov, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (!copied) copied = -EFAULT; break; } copied += chunk; size -= chunk; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { int skb_len = skb_headlen(skb); if (chunk <= skb_len) { __skb_pull(skb, chunk); } else { struct sk_buff *frag; __skb_pull(skb, skb_len); chunk -= skb_len; skb_walk_frags(skb, frag) { if (chunk <= frag->len) { skb->len -= chunk; skb->data_len -= chunk; __skb_pull(frag, chunk); break; } else if (frag->len) { chunk -= frag->len; skb->len -= frag->len; skb->data_len -= frag->len; __skb_pull(frag, frag->len); } } } if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); out: release_sock(sk); return copied ? : err; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,130876190644773,1 3859,[],"static inline void cap_emulate_setxuid (int old_ruid, int old_euid, int old_suid) { if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && (current->uid != 0 && current->euid != 0 && current->suid != 0) && !issecure(SECURE_KEEP_CAPS)) { cap_clear (current->cap_permitted); cap_clear (current->cap_effective); } if (old_euid == 0 && current->euid != 0) { cap_clear (current->cap_effective); } if (old_euid != 0 && current->euid == 0) { current->cap_effective = current->cap_permitted; } }",linux-2.6,,,169005887048009857574501283423070745546,0 5172,['CWE-20'],"static int handle_apic_access(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { u64 exit_qualification; enum emulation_result er; unsigned long offset; exit_qualification = vmcs_read64(EXIT_QUALIFICATION); offset = exit_qualification & 0xffful; er = emulate_instruction(vcpu, kvm_run, 0, 0, 0); if (er != EMULATE_DONE) { printk(KERN_ERR ""Fail to handle apic access vmexit! Offset is 0x%lx\n"", offset); return -ENOTSUPP; } return 1; }",linux-2.6,,,275798967982459608521246754039188377540,0 4082,CWE-787,"grub_ext2_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) { struct grub_ext2_data *data = node->data; struct grub_ext2_inode *inode = &node->inode; int blknr = -1; unsigned int blksz = EXT2_BLOCK_SIZE (data); int log2_blksz = LOG2_EXT2_BLOCK_SIZE (data); if (grub_le_to_cpu32(inode->flags) & EXT4_EXTENTS_FLAG) { #ifndef _MSC_VER char buf[EXT2_BLOCK_SIZE (data)]; #else char * buf = grub_malloc (EXT2_BLOCK_SIZE(data)); #endif struct grub_ext4_extent_header *leaf; struct grub_ext4_extent *ext; int i; leaf = grub_ext4_find_leaf (data, buf, (struct grub_ext4_extent_header *) inode->blocks.dir_blocks, fileblock); if (! leaf) { grub_error (GRUB_ERR_BAD_FS, ""invalid extent""); return -1; } ext = (struct grub_ext4_extent *) (leaf + 1); for (i = 0; i < grub_le_to_cpu16 (leaf->entries); i++) { if (fileblock < grub_le_to_cpu32 (ext[i].block)) break; } if (--i >= 0) { fileblock -= grub_le_to_cpu32 (ext[i].block); if (fileblock >= grub_le_to_cpu16 (ext[i].len)) return 0; else { grub_disk_addr_t start; start = grub_le_to_cpu16 (ext[i].start_hi); start = (start << 32) + grub_le_to_cpu32 (ext[i].start); return fileblock + start; } } else { grub_error (GRUB_ERR_BAD_FS, ""something wrong with extent""); return -1; } } if (fileblock < INDIRECT_BLOCKS) blknr = grub_le_to_cpu32 (inode->blocks.dir_blocks[fileblock]); else if (fileblock < INDIRECT_BLOCKS + blksz / 4) { grub_uint32_t *indir; indir = grub_malloc (blksz); if (! indir) return grub_errno; if (grub_disk_read (data->disk, ((grub_disk_addr_t) grub_le_to_cpu32 (inode->blocks.indir_block)) << log2_blksz, 0, blksz, indir)) return grub_errno; blknr = grub_le_to_cpu32 (indir[fileblock - INDIRECT_BLOCKS]); grub_free (indir); } else if (fileblock < (grub_disk_addr_t)(INDIRECT_BLOCKS + blksz / 4) \ * (grub_disk_addr_t)(blksz / 4 + 1)) { unsigned int perblock = blksz / 4; unsigned int rblock = fileblock - (INDIRECT_BLOCKS + blksz / 4); grub_uint32_t *indir; indir = grub_malloc (blksz); if (! indir) return grub_errno; if (grub_disk_read (data->disk, ((grub_disk_addr_t) grub_le_to_cpu32 (inode->blocks.double_indir_block)) << log2_blksz, 0, blksz, indir)) return grub_errno; if (grub_disk_read (data->disk, ((grub_disk_addr_t) grub_le_to_cpu32 (indir[rblock / perblock])) << log2_blksz, 0, blksz, indir)) return grub_errno; blknr = grub_le_to_cpu32 (indir[rblock % perblock]); grub_free (indir); } else { grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, ""ext2fs doesn't support triple indirect blocks""); } return blknr; }",visit repo url,shlr/grub/fs/ext2.c,https://github.com/radare/radare2,274711549192828,1 964,CWE-264,"bool inode_capable(const struct inode *inode, int cap) { struct user_namespace *ns = current_user_ns(); return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid); }",visit repo url,kernel/capability.c,https://github.com/torvalds/linux,10160611304322,1 3354,[],"static inline int nla_put_string(struct sk_buff *skb, int attrtype, const char *str) { return nla_put(skb, attrtype, strlen(str) + 1, str); }",linux-2.6,,,236261384462471404503510663625218249654,0 1345,CWE-399,"static int do_siocgstamp(struct net *net, struct socket *sock, unsigned int cmd, void __user *up) { mm_segment_t old_fs = get_fs(); struct timeval ktv; int err; set_fs(KERNEL_DS); err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv); set_fs(old_fs); if (!err) err = compat_put_timeval(up, &ktv); return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,99345921518749,1 4044,['CWE-362'],"void inotify_destroy(struct inotify_handle *ih) { while (1) { struct inotify_watch *watch; struct list_head *watches; struct super_block *sb; struct inode *inode; int how; mutex_lock(&ih->mutex); watches = &ih->watches; if (list_empty(watches)) { mutex_unlock(&ih->mutex); break; } watch = list_first_entry(watches, struct inotify_watch, h_list); sb = watch->inode->i_sb; how = pin_to_kill(ih, watch); if (!how) continue; inode = watch->inode; mutex_lock(&inode->inotify_mutex); mutex_lock(&ih->mutex); if (likely(idr_find(&ih->idr, watch->wd))) { remove_watch_no_event(watch, ih); put_inotify_watch(watch); } mutex_unlock(&ih->mutex); mutex_unlock(&inode->inotify_mutex); unpin_and_kill(watch, how); } put_inotify_handle(ih); }",linux-2.6,,,76400466914787488389034309611003464179,0 5098,CWE-125,"PyParser_AddToken(parser_state *ps, int type, char *str, int lineno, int col_offset, int end_lineno, int end_col_offset, int *expected_ret) { int ilabel; int err; D(printf(""Token %s/'%s' ... "", _PyParser_TokenNames[type], str)); ilabel = classify(ps, type, str); if (ilabel < 0) return E_SYNTAX; for (;;) { dfa *d = ps->p_stack.s_top->s_dfa; state *s = &d->d_state[ps->p_stack.s_top->s_state]; D(printf("" DFA '%s', state %d:"", d->d_name, ps->p_stack.s_top->s_state)); if (s->s_lower <= ilabel && ilabel < s->s_upper) { int x = s->s_accel[ilabel - s->s_lower]; if (x != -1) { if (x & (1<<7)) { int nt = (x >> 8) + NT_OFFSET; int arrow = x & ((1<<7)-1); dfa *d1 = PyGrammar_FindDFA( ps->p_grammar, nt); if ((err = push(&ps->p_stack, nt, d1, arrow, lineno, col_offset, end_lineno, end_col_offset)) > 0) { D(printf("" MemError: push\n"")); return err; } D(printf("" Push ...\n"")); continue; } if ((err = shift(&ps->p_stack, type, str, x, lineno, col_offset, end_lineno, end_col_offset)) > 0) { D(printf("" MemError: shift.\n"")); return err; } D(printf("" Shift.\n"")); while (s = &d->d_state [ps->p_stack.s_top->s_state], s->s_accept && s->s_narcs == 1) { D(printf("" DFA '%s', state %d: "" ""Direct pop.\n"", d->d_name, ps->p_stack.s_top->s_state)); #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD #if 0 if (d->d_name[0] == 'i' && strcmp(d->d_name, ""import_stmt"") == 0) future_hack(ps); #endif #endif s_pop(&ps->p_stack); if (s_empty(&ps->p_stack)) { D(printf("" ACCEPT.\n"")); return E_DONE; } d = ps->p_stack.s_top->s_dfa; } return E_OK; } } if (s->s_accept) { #ifdef PY_PARSER_REQUIRES_FUTURE_KEYWORD #if 0 if (d->d_name[0] == 'i' && strcmp(d->d_name, ""import_stmt"") == 0) future_hack(ps); #endif #endif s_pop(&ps->p_stack); D(printf("" Pop ...\n"")); if (s_empty(&ps->p_stack)) { D(printf("" Error: bottom of stack.\n"")); return E_SYNTAX; } continue; } D(printf("" Error.\n"")); if (expected_ret) { if (s->s_lower == s->s_upper - 1) { *expected_ret = ps->p_grammar-> g_ll.ll_label[s->s_lower].lb_type; } else *expected_ret = -1; } return E_SYNTAX; } }",visit repo url,Parser/parser.c,https://github.com/python/cpython,29358263927902,1 3519,CWE-20,"static int parse_exports_table(long long *table_start) { int res; int indexes = SQUASHFS_LOOKUP_BLOCKS(sBlk.s.inodes); long long export_index_table[indexes]; res = read_fs_bytes(fd, sBlk.s.lookup_table_start, SQUASHFS_LOOKUP_BLOCK_BYTES(sBlk.s.inodes), export_index_table); if(res == FALSE) { ERROR(""parse_exports_table: failed to read export index table\n""); return FALSE; } SQUASHFS_INSWAP_LOOKUP_BLOCKS(export_index_table, indexes); *table_start = export_index_table[0]; return TRUE; }",visit repo url,squashfs-tools/unsquash-4.c,https://github.com/plougher/squashfs-tools,93109027179777,1 6689,['CWE-200'],"static void nma_menu_add_text_item (GtkWidget *menu, char *text) { GtkWidget *menu_item; g_return_if_fail (text != NULL); g_return_if_fail (menu != NULL); menu_item = gtk_menu_item_new_with_label (text); gtk_widget_set_sensitive (menu_item, FALSE); gtk_menu_shell_append (GTK_MENU_SHELL (menu), menu_item); gtk_widget_show (menu_item); }",network-manager-applet,,,236468875485748030312331764082595326564,0 4374,['CWE-264'],"static void release_proto_idx(struct proto *prot) { if (prot->inuse_idx != PROTO_INUSE_NR - 1) clear_bit(prot->inuse_idx, proto_inuse_idx); }",linux-2.6,,,14353827055977757517662191532731030314,0 6651,['CWE-200'],"error_dialog (GtkWindow *parent, const char *heading, const char *format, ...) { GtkWidget *dialog; va_list args; char *message; dialog = gtk_message_dialog_new (parent, GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE, ""%s"", heading); va_start (args, format); message = g_strdup_vprintf (format, args); va_end (args); gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG (dialog), ""%s"", message); g_free (message); gtk_widget_show_all (dialog); gtk_window_present (GTK_WINDOW (dialog)); gtk_dialog_run (GTK_DIALOG (dialog)); gtk_widget_destroy (dialog); }",network-manager-applet,,,225730351810002543164320070348261876768,0 3527,CWE-190,"static int jpc_dec_process_siz(jpc_dec_t *dec, jpc_ms_t *ms) { jpc_siz_t *siz = &ms->parms.siz; int compno; int tileno; jpc_dec_tile_t *tile; jpc_dec_tcomp_t *tcomp; int htileno; int vtileno; jpc_dec_cmpt_t *cmpt; dec->xstart = siz->xoff; dec->ystart = siz->yoff; dec->xend = siz->width; dec->yend = siz->height; dec->tilewidth = siz->tilewidth; dec->tileheight = siz->tileheight; dec->tilexoff = siz->tilexoff; dec->tileyoff = siz->tileyoff; dec->numcomps = siz->numcomps; if (!(dec->cp = jpc_dec_cp_create(dec->numcomps))) { return -1; } if (!(dec->cmpts = jas_alloc2(dec->numcomps, sizeof(jpc_dec_cmpt_t)))) { return -1; } for (compno = 0, cmpt = dec->cmpts; compno < dec->numcomps; ++compno, ++cmpt) { cmpt->prec = siz->comps[compno].prec; cmpt->sgnd = siz->comps[compno].sgnd; cmpt->hstep = siz->comps[compno].hsamp; cmpt->vstep = siz->comps[compno].vsamp; cmpt->width = JPC_CEILDIV(dec->xend, cmpt->hstep) - JPC_CEILDIV(dec->xstart, cmpt->hstep); cmpt->height = JPC_CEILDIV(dec->yend, cmpt->vstep) - JPC_CEILDIV(dec->ystart, cmpt->vstep); cmpt->hsubstep = 0; cmpt->vsubstep = 0; } dec->image = 0; dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); dec->numtiles = dec->numhtiles * dec->numvtiles; JAS_DBGLOG(10, (""numtiles = %d; numhtiles = %d; numvtiles = %d;\n"", dec->numtiles, dec->numhtiles, dec->numvtiles)); if (!(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) { return -1; } for (tileno = 0, tile = dec->tiles; tileno < dec->numtiles; ++tileno, ++tile) { htileno = tileno % dec->numhtiles; vtileno = tileno / dec->numhtiles; tile->realmode = 0; tile->state = JPC_TILE_INIT; tile->xstart = JAS_MAX(dec->tilexoff + htileno * dec->tilewidth, dec->xstart); tile->ystart = JAS_MAX(dec->tileyoff + vtileno * dec->tileheight, dec->ystart); tile->xend = JAS_MIN(dec->tilexoff + (htileno + 1) * dec->tilewidth, dec->xend); tile->yend = JAS_MIN(dec->tileyoff + (vtileno + 1) * dec->tileheight, dec->yend); tile->numparts = 0; tile->partno = 0; tile->pkthdrstream = 0; tile->pkthdrstreampos = 0; tile->pptstab = 0; tile->cp = 0; tile->pi = 0; if (!(tile->tcomps = jas_alloc2(dec->numcomps, sizeof(jpc_dec_tcomp_t)))) { return -1; } for (compno = 0, cmpt = dec->cmpts, tcomp = tile->tcomps; compno < dec->numcomps; ++compno, ++cmpt, ++tcomp) { tcomp->rlvls = 0; tcomp->numrlvls = 0; tcomp->data = 0; tcomp->xstart = JPC_CEILDIV(tile->xstart, cmpt->hstep); tcomp->ystart = JPC_CEILDIV(tile->ystart, cmpt->vstep); tcomp->xend = JPC_CEILDIV(tile->xend, cmpt->hstep); tcomp->yend = JPC_CEILDIV(tile->yend, cmpt->vstep); tcomp->tsfb = 0; } } dec->pkthdrstreams = 0; dec->state = JPC_MH; return 0; }",visit repo url,src/libjasper/jpc/jpc_dec.c,https://github.com/mdadams/jasper,66696293242756,1 6562,CWE-908,"void ZydisFormatterBufferInitTokenized(ZydisFormatterBuffer* buffer, ZydisFormatterToken** first_token, void* user_buffer, ZyanUSize length) { ZYAN_ASSERT(buffer); ZYAN_ASSERT(first_token); ZYAN_ASSERT(user_buffer); ZYAN_ASSERT(length); *first_token = user_buffer; (*first_token)->type = ZYDIS_TOKEN_INVALID; (*first_token)->next = 0; user_buffer = (ZyanU8*)user_buffer + sizeof(ZydisFormatterToken); length -= sizeof(ZydisFormatterToken); buffer->is_token_list = ZYAN_TRUE; buffer->capacity = length; buffer->string.flags = ZYAN_STRING_HAS_FIXED_CAPACITY; buffer->string.vector.allocator = ZYAN_NULL; buffer->string.vector.element_size = sizeof(char); buffer->string.vector.size = 1; buffer->string.vector.capacity = length; buffer->string.vector.data = user_buffer; *(char*)user_buffer = '\0'; }",visit repo url,src/Formatter.c,https://github.com/zyantific/zydis,130593635660323,1 4486,CWE-203,"int ecc_map(ecc_point* P, mp_int* modulus, mp_digit mp) { #ifndef WOLFSSL_SP_MATH #ifdef WOLFSSL_SMALL_STACK mp_int* t1 = NULL; mp_int* t2 = NULL; #ifdef ALT_ECC_SIZE mp_int* rx = NULL; mp_int* ry = NULL; mp_int* rz = NULL; #endif #else mp_int t1[1], t2[1]; #ifdef ALT_ECC_SIZE mp_int rx[1], ry[1], rz[1]; #endif #endif mp_int *x, *y, *z; int err; if (P == NULL || modulus == NULL) return ECC_BAD_ARG_E; if (mp_cmp_d(P->z, 0) == MP_EQ) { err = mp_set(P->x, 0); if (err == MP_OKAY) err = mp_set(P->y, 0); if (err == MP_OKAY) err = mp_set(P->z, 1); return err; } #ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK_CACHE if (P->key != NULL) { t1 = P->key->t1; t2 = P->key->t2; #ifdef ALT_ECC_SIZE rx = P->key->x; ry = P->key->y; rz = P->key->z; #endif } else #endif { t1 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); t2 = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); if (t1 == NULL || t2 == NULL) { XFREE(t2, NULL, DYNAMIC_TYPE_ECC); XFREE(t1, NULL, DYNAMIC_TYPE_ECC); return MEMORY_E; } #ifdef ALT_ECC_SIZE rx = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); ry = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); rz = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_ECC); if (rx == NULL || ry == NULL || rz == NULL) { XFREE(rz, NULL, DYNAMIC_TYPE_ECC); XFREE(ry, NULL, DYNAMIC_TYPE_ECC); XFREE(rx, NULL, DYNAMIC_TYPE_ECC); XFREE(t2, NULL, DYNAMIC_TYPE_ECC); XFREE(t1, NULL, DYNAMIC_TYPE_ECC); return MEMORY_E; } #endif } #endif if ((err = mp_init_multi(t1, t2, NULL, NULL, NULL, NULL)) != MP_OKAY) { #ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK_CACHE if (P->key == NULL) #endif { #ifdef ALT_ECC_SIZE XFREE(rz, NULL, DYNAMIC_TYPE_ECC); XFREE(ry, NULL, DYNAMIC_TYPE_ECC); XFREE(rx, NULL, DYNAMIC_TYPE_ECC); #endif XFREE(t2, NULL, DYNAMIC_TYPE_ECC); XFREE(t1, NULL, DYNAMIC_TYPE_ECC); } #endif return MEMORY_E; } #ifdef ALT_ECC_SIZE x = rx; y = ry; z = rz; if ((err = mp_init_multi(x, y, z, NULL, NULL, NULL)) != MP_OKAY) { goto done; } if (err == MP_OKAY) err = mp_copy(P->x, x); if (err == MP_OKAY) err = mp_copy(P->y, y); if (err == MP_OKAY) err = mp_copy(P->z, z); if (err != MP_OKAY) { goto done; } #else x = P->x; y = P->y; z = P->z; #endif err = mp_montgomery_reduce(z, modulus, mp); if (err == MP_OKAY) err = mp_invmod(z, modulus, t1); if (err == MP_OKAY) err = mp_sqr(t1, t2); if (err == MP_OKAY) err = mp_mod(t2, modulus, t2); if (err == MP_OKAY) err = mp_mul(t1, t2, t1); if (err == MP_OKAY) err = mp_mod(t1, modulus, t1); if (err == MP_OKAY) err = mp_mul(x, t2, x); if (err == MP_OKAY) err = mp_montgomery_reduce(x, modulus, mp); if (err == MP_OKAY) err = mp_mul(y, t1, y); if (err == MP_OKAY) err = mp_montgomery_reduce(y, modulus, mp); if (err == MP_OKAY) err = mp_set(z, 1); #ifdef ALT_ECC_SIZE if (err == MP_OKAY) err = mp_copy(x, P->x); if (err == MP_OKAY) err = mp_copy(y, P->y); if (err == MP_OKAY) err = mp_copy(z, P->z); done: #endif mp_clear(t1); mp_clear(t2); #ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK_CACHE if (P->key == NULL) #endif { #ifdef ALT_ECC_SIZE XFREE(rz, NULL, DYNAMIC_TYPE_ECC); XFREE(ry, NULL, DYNAMIC_TYPE_ECC); XFREE(rx, NULL, DYNAMIC_TYPE_ECC); #endif XFREE(t2, NULL, DYNAMIC_TYPE_ECC); XFREE(t1, NULL, DYNAMIC_TYPE_ECC); } #endif return err; #else if (P == NULL || modulus == NULL) return ECC_BAD_ARG_E; (void)mp; #ifndef WOLFSSL_SP_NO_256 if (mp_count_bits(modulus) == 256) { return sp_ecc_map_256(P->x, P->y, P->z); } #endif #ifdef WOLFSSL_SP_384 if (mp_count_bits(modulus) == 384) { return sp_ecc_map_384(P->x, P->y, P->z); } #endif return ECC_BAD_ARG_E; #endif }",visit repo url,wolfcrypt/src/ecc.c,https://github.com/wolfSSL/wolfssl,260175006007492,1 2709,[],"static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, char __user *optval, int __user *optlen) { int val; if (len < sizeof(int)) return -EINVAL; len = sizeof(int); val = (sctp_sk(sk)->disable_fragments == 1); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) return -EFAULT; return 0; }",linux-2.6,,,307274099001394400981532435084834240146,0 6333,['CWE-200'],"static inline int ioctl_private_call(struct net_device * dev, struct ifreq * ifr, unsigned int cmd, iw_handler handler) { struct iwreq * iwr = (struct iwreq *) ifr; const struct iw_priv_args * descr = NULL; struct iw_request_info info; int extra_size = 0; int i; int ret = -EINVAL; for(i = 0; i < dev->wireless_handlers->num_private_args; i++) if(cmd == dev->wireless_handlers->private_args[i].cmd) { descr = &(dev->wireless_handlers->private_args[i]); break; } #ifdef WE_IOCTL_DEBUG printk(KERN_DEBUG ""%s (WE) : Found private handler for 0x%04X\n"", ifr->ifr_name, cmd); if(descr) { printk(KERN_DEBUG ""%s (WE) : Name %s, set %X, get %X\n"", dev->name, descr->name, descr->set_args, descr->get_args); } #endif if(descr != NULL) { if(IW_IS_SET(cmd)) { int offset = 0; if(descr->name[0] == '\0') offset = sizeof(__u32); extra_size = get_priv_size(descr->set_args); if((descr->set_args & IW_PRIV_SIZE_FIXED) && ((extra_size + offset) <= IFNAMSIZ)) extra_size = 0; } else { extra_size = get_priv_size(descr->get_args); if((descr->get_args & IW_PRIV_SIZE_FIXED) && (extra_size <= IFNAMSIZ)) extra_size = 0; } } info.cmd = cmd; info.flags = 0; if(extra_size == 0) { ret = handler(dev, &info, &(iwr->u), (char *) &(iwr->u)); } else { char * extra; int err; if(IW_IS_SET(cmd)) { if((iwr->u.data.pointer == NULL) && (iwr->u.data.length != 0)) return -EFAULT; if(iwr->u.data.length > (descr->set_args & IW_PRIV_SIZE_MASK)) return -E2BIG; } else { if(iwr->u.data.pointer == NULL) return -EFAULT; } #ifdef WE_IOCTL_DEBUG printk(KERN_DEBUG ""%s (WE) : Malloc %d bytes\n"", dev->name, extra_size); #endif extra = kmalloc(extra_size, GFP_KERNEL); if (extra == NULL) { return -ENOMEM; } if(IW_IS_SET(cmd) && (iwr->u.data.length != 0)) { err = copy_from_user(extra, iwr->u.data.pointer, extra_size); if (err) { kfree(extra); return -EFAULT; } #ifdef WE_IOCTL_DEBUG printk(KERN_DEBUG ""%s (WE) : Got %d elem\n"", dev->name, iwr->u.data.length); #endif } ret = handler(dev, &info, &(iwr->u), extra); if (!ret && IW_IS_GET(cmd)) { if (!(descr->get_args & IW_PRIV_SIZE_FIXED)) { extra_size = adjust_priv_size(descr->get_args, &(iwr->u)); } err = copy_to_user(iwr->u.data.pointer, extra, extra_size); if (err) ret = -EFAULT; #ifdef WE_IOCTL_DEBUG printk(KERN_DEBUG ""%s (WE) : Wrote %d elem\n"", dev->name, iwr->u.data.length); #endif } kfree(extra); } if(ret == -EIWCOMMIT) ret = call_commit_handler(dev); return ret; }",linux-2.6,,,199290507362025418508626102659794486117,0 5152,CWE-125,"parsestr(struct compiling *c, const node *n, int *bytesmode, int *rawmode, PyObject **result, const char **fstr, Py_ssize_t *fstrlen) { size_t len; const char *s = STR(n); int quote = Py_CHARMASK(*s); int fmode = 0; *bytesmode = 0; *rawmode = 0; *result = NULL; *fstr = NULL; if (Py_ISALPHA(quote)) { while (!*bytesmode || !*rawmode) { if (quote == 'b' || quote == 'B') { quote = *++s; *bytesmode = 1; } else if (quote == 'u' || quote == 'U') { quote = *++s; } else if (quote == 'r' || quote == 'R') { quote = *++s; *rawmode = 1; } else if (quote == 'f' || quote == 'F') { quote = *++s; fmode = 1; } else { break; } } } if (fmode && *bytesmode) { PyErr_BadInternalCall(); return -1; } if (quote != '\'' && quote != '\""') { PyErr_BadInternalCall(); return -1; } s++; len = strlen(s); if (len > INT_MAX) { PyErr_SetString(PyExc_OverflowError, ""string to parse is too long""); return -1; } if (s[--len] != quote) { PyErr_BadInternalCall(); return -1; } if (len >= 4 && s[0] == quote && s[1] == quote) { s += 2; len -= 2; if (s[--len] != quote || s[--len] != quote) { PyErr_BadInternalCall(); return -1; } } if (fmode) { *fstr = s; *fstrlen = len; return 0; } *rawmode = *rawmode || strchr(s, '\\') == NULL; if (*bytesmode) { const char *ch; for (ch = s; *ch; ch++) { if (Py_CHARMASK(*ch) >= 0x80) { ast_error(c, n, ""bytes can only contain ASCII "" ""literal characters.""); return -1; } } if (*rawmode) *result = PyBytes_FromStringAndSize(s, len); else *result = decode_bytes_with_escapes(c, n, s, len); } else { if (*rawmode) *result = PyUnicode_DecodeUTF8Stateful(s, len, NULL, NULL); else *result = decode_unicode_with_escapes(c, n, s, len); } return *result == NULL ? -1 : 0; }",visit repo url,Python/ast.c,https://github.com/python/cpython,215076405842395,1 4037,['CWE-362'],"void put_inotify_watch(struct inotify_watch *watch) { if (atomic_dec_and_test(&watch->count)) { struct inotify_handle *ih = watch->ih; iput(watch->inode); ih->in_ops->destroy_watch(watch); put_inotify_handle(ih); } }",linux-2.6,,,265737577381445405547215287073068443564,0 3090,CWE-310,"void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) { BN_ULONG t1,t2; BN_ULONG c1,c2,c3; c1=0; c2=0; c3=0; mul_add_c(a[0],b[0],c1,c2,c3); r[0]=c1; c1=0; mul_add_c(a[0],b[1],c2,c3,c1); mul_add_c(a[1],b[0],c2,c3,c1); r[1]=c2; c2=0; mul_add_c(a[2],b[0],c3,c1,c2); mul_add_c(a[1],b[1],c3,c1,c2); mul_add_c(a[0],b[2],c3,c1,c2); r[2]=c3; c3=0; mul_add_c(a[0],b[3],c1,c2,c3); mul_add_c(a[1],b[2],c1,c2,c3); mul_add_c(a[2],b[1],c1,c2,c3); mul_add_c(a[3],b[0],c1,c2,c3); r[3]=c1; c1=0; mul_add_c(a[3],b[1],c2,c3,c1); mul_add_c(a[2],b[2],c2,c3,c1); mul_add_c(a[1],b[3],c2,c3,c1); r[4]=c2; c2=0; mul_add_c(a[2],b[3],c3,c1,c2); mul_add_c(a[3],b[2],c3,c1,c2); r[5]=c3; c3=0; mul_add_c(a[3],b[3],c1,c2,c3); r[6]=c1; r[7]=c2; }",visit repo url,crypto/bn/asm/x86_64-gcc.c,https://github.com/openssl/openssl,251296944071519,1 6167,['CWE-200'],"int pim_rcv_v1(struct sk_buff * skb) { struct igmphdr *pim; struct iphdr *encap; struct net_device *reg_dev = NULL; if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap))) goto drop; pim = (struct igmphdr*)skb->h.raw; if (!mroute_do_pim || skb->len < sizeof(*pim) + sizeof(*encap) || pim->group != PIM_V1_VERSION || pim->code != PIM_V1_REGISTER) goto drop; encap = (struct iphdr*)(skb->h.raw + sizeof(struct igmphdr)); if (!MULTICAST(encap->daddr) || encap->tot_len == 0 || ntohs(encap->tot_len) + sizeof(*pim) > skb->len) goto drop; read_lock(&mrt_lock); if (reg_vif_num >= 0) reg_dev = vif_table[reg_vif_num].dev; if (reg_dev) dev_hold(reg_dev); read_unlock(&mrt_lock); if (reg_dev == NULL) goto drop; skb->mac.raw = skb->nh.raw; skb_pull(skb, (u8*)encap - skb->data); skb->nh.iph = (struct iphdr *)skb->data; skb->dev = reg_dev; memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); skb->protocol = htons(ETH_P_IP); skb->ip_summed = 0; skb->pkt_type = PACKET_HOST; dst_release(skb->dst); skb->dst = NULL; ((struct net_device_stats*)reg_dev->priv)->rx_bytes += skb->len; ((struct net_device_stats*)reg_dev->priv)->rx_packets++; nf_reset(skb); netif_rx(skb); dev_put(reg_dev); return 0; drop: kfree_skb(skb); return 0; }",linux-2.6,,,221716227587136767215093960706545073749,0 6284,CWE-908,"static int ssl_verify_cert(struct tunnel *tunnel) { int ret = -1; int cert_valid = 0; unsigned char digest[SHA256LEN]; unsigned int len; struct x509_digest *elem; char digest_str[SHA256STRLEN], *subject, *issuer; char *line; int i; X509_NAME *subj; char common_name[FIELD_SIZE + 1]; SSL_set_verify(tunnel->ssl_handle, SSL_VERIFY_PEER, NULL); X509 *cert = SSL_get_peer_certificate(tunnel->ssl_handle); if (cert == NULL) { log_error(""Unable to get gateway certificate.\n""); return 1; } subj = X509_get_subject_name(cert); #ifdef HAVE_X509_CHECK_HOST if (X509_check_host(cert, common_name, FIELD_SIZE, 0, NULL) == 1) cert_valid = 1; #else if (subj && X509_NAME_get_text_by_NID(subj, NID_commonName, common_name, FIELD_SIZE) > 0 && strncasecmp(common_name, tunnel->config->gateway_host, FIELD_SIZE) == 0) cert_valid = 1; #endif if (cert_valid && SSL_get_verify_result(tunnel->ssl_handle) == X509_V_OK) { log_debug(""Gateway certificate validation succeeded.\n""); ret = 0; goto free_cert; } log_debug(""Gateway certificate validation failed.\n""); if (X509_digest(cert, EVP_sha256(), digest, &len) <= 0 || len != SHA256LEN) { log_error(""Could not compute certificate sha256 digest.\n""); goto free_cert; } for (i = 0; i < SHA256LEN; i++) sprintf(&digest_str[2 * i], ""%02x"", digest[i]); digest_str[SHA256STRLEN - 1] = '\0'; for (elem = tunnel->config->cert_whitelist; elem != NULL; elem = elem->next) if (memcmp(digest_str, elem->data, SHA256STRLEN - 1) == 0) break; if (elem != NULL) { log_debug(""Gateway certificate digest found in white list.\n""); ret = 0; goto free_cert; } subject = X509_NAME_oneline(subj, NULL, 0); issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); log_error(""Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:\n""); log_error("" --trusted-cert %s\n"", digest_str); log_error(""or add this line to your config file:\n""); log_error("" trusted-cert = %s\n"", digest_str); log_error(""Gateway certificate:\n""); log_error("" subject:\n""); for (line = strtok(subject, ""/""); line != NULL; line = strtok(NULL, ""/"")) log_error("" %s\n"", line); log_error("" issuer:\n""); for (line = strtok(issuer, ""/""); line != NULL; line = strtok(NULL, ""/"")) log_error("" %s\n"", line); log_error("" sha256 digest:\n""); log_error("" %s\n"", digest_str); free_cert: X509_free(cert); return ret; }",visit repo url,src/tunnel.c,https://github.com/adrienverge/openfortivpn,202971563487275,1 4414,['CWE-264'],"int sock_no_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t len) { return -EOPNOTSUPP; }",linux-2.6,,,155063301868170040715574242642660587331,0 6274,['CWE-200'],"static inline void rtmsg_iwinfo(struct net_device * dev, char * event, int event_len) { struct sk_buff *skb; int size = NLMSG_GOODSIZE; skb = alloc_skb(size, GFP_ATOMIC); if (!skb) return; if (rtnetlink_fill_iwinfo(skb, dev, RTM_NEWLINK, event, event_len) < 0) { kfree_skb(skb); return; } NETLINK_CB(skb).dst_groups = RTMGRP_LINK; netlink_broadcast(rtnl, skb, 0, RTMGRP_LINK, GFP_ATOMIC); }",linux-2.6,,,339427506146295129723497951018927143325,0 2697,CWE-190,"SPL_METHOD(SplFileInfo, setFileClass) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); zend_class_entry *ce = spl_ce_SplFileObject; zend_error_handling error_handling; zend_replace_error_handling(EH_THROW, spl_ce_UnexpectedValueException, &error_handling TSRMLS_CC); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""|C"", &ce) == SUCCESS) { intern->file_class = ce; } zend_restore_error_handling(&error_handling TSRMLS_CC); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,255401483859933,1 5188,CWE-787,"TfLiteStatus Prepare(TfLiteContext* context, TfLiteNode* node) { const auto* params = reinterpret_cast( node->builtin_data); TF_LITE_ENSURE_EQ(context, node->inputs->size, 12); TF_LITE_ENSURE_EQ(context, node->outputs->size, params->merge_outputs ? 1 : 2); const TfLiteTensor* input = GetInput(context, node, kInputTensor); const TfLiteTensor* fw_input_weights = GetInput(context, node, kFwWeightsTensor); const TfLiteTensor* fw_recurrent_weights = GetInput(context, node, kFwRecurrentWeightsTensor); const TfLiteTensor* fw_bias = GetInput(context, node, kFwBiasTensor); const TfLiteTensor* fw_hidden_state = GetInput(context, node, kFwHiddenStateTensor); const TfLiteTensor* bw_input_weights = GetInput(context, node, kBwWeightsTensor); const TfLiteTensor* bw_recurrent_weights = GetInput(context, node, kBwRecurrentWeightsTensor); const TfLiteTensor* bw_bias = GetInput(context, node, kBwBiasTensor); const TfLiteTensor* bw_hidden_state = GetInput(context, node, kBwHiddenStateTensor); const TfLiteTensor* aux_input = GetOptionalInputTensor(context, node, kAuxInputTensor); const TfLiteTensor* fw_aux_input_weights = GetOptionalInputTensor(context, node, kFwAuxWeightsTensor); const TfLiteTensor* bw_aux_input_weights = GetOptionalInputTensor(context, node, kBwAuxWeightsTensor); const bool aux_inputs_weights_or_none = ((fw_aux_input_weights != nullptr) && (bw_aux_input_weights != nullptr)) || ((fw_aux_input_weights == nullptr) && (bw_aux_input_weights == nullptr)); TF_LITE_ENSURE(context, aux_inputs_weights_or_none); const bool has_aux_input = (fw_aux_input_weights != nullptr); TF_LITE_ENSURE_TYPES_EQ(context, input->type, kTfLiteFloat32); TF_LITE_ENSURE_EQ(context, input->dims->size, 3); const bool time_major = params->time_major; const int batch_size = (time_major) ? input->dims->data[1] : input->dims->data[0]; const int max_time = (time_major) ? input->dims->data[0] : input->dims->data[1]; const int fw_num_units = fw_input_weights->dims->data[0]; const int bw_num_units = bw_input_weights->dims->data[0]; TF_LITE_ENSURE_EQ(context, input->dims->data[2], fw_input_weights->dims->data[1]); TF_LITE_ENSURE_EQ(context, input->dims->data[2], bw_input_weights->dims->data[1]); TF_LITE_ENSURE_EQ(context, fw_input_weights->dims->data[0], fw_bias->dims->data[0]); TF_LITE_ENSURE_EQ(context, bw_input_weights->dims->data[0], bw_bias->dims->data[0]); TF_LITE_ENSURE_EQ(context, fw_recurrent_weights->dims->data[0], fw_bias->dims->data[0]); TF_LITE_ENSURE_EQ(context, bw_recurrent_weights->dims->data[1], bw_bias->dims->data[0]); TF_LITE_ENSURE_EQ(context, NumDimensions(fw_hidden_state), 2); TF_LITE_ENSURE_EQ(context, fw_hidden_state->dims->data[0], batch_size); TF_LITE_ENSURE_EQ(context, fw_hidden_state->dims->data[1], fw_num_units); TF_LITE_ENSURE_EQ(context, NumDimensions(bw_hidden_state), 2); TF_LITE_ENSURE_EQ(context, bw_hidden_state->dims->data[0], batch_size); TF_LITE_ENSURE_EQ(context, bw_hidden_state->dims->data[1], bw_num_units); if (has_aux_input) { TF_LITE_ASSERT_EQ(aux_input->dims->data[0], input->dims->data[0]); TF_LITE_ASSERT_EQ(aux_input->dims->data[1], input->dims->data[1]); TF_LITE_ASSERT_EQ(fw_aux_input_weights->dims->data[0], fw_num_units); TF_LITE_ASSERT_EQ(bw_aux_input_weights->dims->data[0], bw_num_units); TF_LITE_ASSERT_EQ(aux_input->dims->data[2], fw_aux_input_weights->dims->data[1]); TF_LITE_ASSERT_EQ(aux_input->dims->data[2], bw_aux_input_weights->dims->data[1]); } if (IsHybridOp(input, fw_input_weights)) { OpData* op_data = reinterpret_cast(node->user_data); op_data->fw_compute_row_sums = true; op_data->bw_compute_row_sums = true; TfLiteIntArrayFree(node->temporaries); if (has_aux_input) { node->temporaries = TfLiteIntArrayCreate(kNumTemporaryTensors); } else { node->temporaries = TfLiteIntArrayCreate(kNumTemporaryTensors - 1); } node->temporaries->data[kInputQuantized] = op_data->scratch_tensor_index + kInputQuantized; TfLiteTensor* input_quantized = GetTemporary(context, node, kInputQuantized); input_quantized->type = fw_input_weights->type; input_quantized->allocation_type = kTfLiteArenaRw; if (!TfLiteIntArrayEqual(input_quantized->dims, input->dims)) { TfLiteIntArray* input_quantized_size = TfLiteIntArrayCopy(input->dims); TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, input_quantized, input_quantized_size)); } node->temporaries->data[kFwHiddenStateQuantized] = op_data->scratch_tensor_index + kFwHiddenStateQuantized; TfLiteTensor* fw_hidden_state_quantized = GetTemporary(context, node, kFwHiddenStateQuantized); fw_hidden_state_quantized->type = fw_input_weights->type; fw_hidden_state_quantized->allocation_type = kTfLiteArenaRw; if (!TfLiteIntArrayEqual(fw_hidden_state_quantized->dims, fw_hidden_state->dims)) { TfLiteIntArray* fw_hidden_state_quantized_size = TfLiteIntArrayCopy(fw_hidden_state->dims); TF_LITE_ENSURE_OK( context, context->ResizeTensor(context, fw_hidden_state_quantized, fw_hidden_state_quantized_size)); } node->temporaries->data[kBwHiddenStateQuantized] = op_data->scratch_tensor_index + kBwHiddenStateQuantized; TfLiteTensor* bw_hidden_state_quantized = GetTemporary(context, node, kBwHiddenStateQuantized); bw_hidden_state_quantized->type = fw_input_weights->type; bw_hidden_state_quantized->allocation_type = kTfLiteArenaRw; if (!TfLiteIntArrayEqual(bw_hidden_state_quantized->dims, bw_hidden_state->dims)) { TfLiteIntArray* bw_hidden_state_quantized_size = TfLiteIntArrayCopy(bw_hidden_state->dims); TF_LITE_ENSURE_OK( context, context->ResizeTensor(context, bw_hidden_state_quantized, bw_hidden_state_quantized_size)); } node->temporaries->data[kScalingFactors] = op_data->scratch_tensor_index + kScalingFactors; TfLiteTensor* scaling_factors = GetTemporary(context, node, kScalingFactors); scaling_factors->type = kTfLiteFloat32; scaling_factors->allocation_type = kTfLiteArenaRw; int scaling_dims[1] = {batch_size}; if (!TfLiteIntArrayEqualsArray(scaling_factors->dims, 1, scaling_dims)) { TfLiteIntArray* scaling_factors_size = TfLiteIntArrayCreate(1); scaling_factors_size->data[0] = batch_size; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, scaling_factors, scaling_factors_size)); } node->temporaries->data[kAccumScratch] = op_data->scratch_tensor_index + kAccumScratch; TfLiteTensor* accum_scratch = GetTemporary(context, node, kAccumScratch); accum_scratch->type = kTfLiteInt32; accum_scratch->allocation_type = kTfLiteArenaRw; int accum_scratch_dims[2] = {std::max(fw_num_units, bw_num_units), batch_size}; if (!TfLiteIntArrayEqualsArray(accum_scratch->dims, 2, accum_scratch_dims)) { TfLiteIntArray* accum_scratch_size = TfLiteIntArrayCreate(2); accum_scratch_size->data[0] = accum_scratch_dims[0]; accum_scratch_size->data[1] = accum_scratch_dims[1]; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, accum_scratch, accum_scratch_size)); } node->temporaries->data[kZeroPoints] = op_data->scratch_tensor_index + kZeroPoints; TfLiteTensor* zero_points = GetTemporary(context, node, kZeroPoints); zero_points->type = kTfLiteInt32; zero_points->allocation_type = kTfLiteArenaRw; int zero_points_dims[1] = {batch_size}; if (!TfLiteIntArrayEqualsArray(zero_points->dims, 1, zero_points_dims)) { TfLiteIntArray* zero_points_size = TfLiteIntArrayCreate(1); zero_points_size->data[0] = batch_size; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, zero_points, zero_points_size)); } const int num_row_sums = has_aux_input ? 3 : 2; node->temporaries->data[kFwRowSums] = op_data->scratch_tensor_index + kFwRowSums; TfLiteTensor* fw_row_sums = GetTemporary(context, node, kFwRowSums); fw_row_sums->type = kTfLiteInt32; fw_row_sums->allocation_type = kTfLiteArenaRwPersistent; int fw_row_sums_dims[2] = {num_row_sums, fw_num_units}; if (!TfLiteIntArrayEqualsArray(fw_row_sums->dims, 2, fw_row_sums_dims)) { TfLiteIntArray* fw_row_sums_size = TfLiteIntArrayCreate(2); fw_row_sums_size->data[0] = fw_row_sums_dims[0]; fw_row_sums_size->data[1] = fw_row_sums_dims[1]; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, fw_row_sums, fw_row_sums_size)); } node->temporaries->data[kBwRowSums] = op_data->scratch_tensor_index + kBwRowSums; TfLiteTensor* bw_row_sums = GetTemporary(context, node, kBwRowSums); bw_row_sums->type = kTfLiteInt32; bw_row_sums->allocation_type = kTfLiteArenaRwPersistent; int bw_row_sums_dims[2] = {num_row_sums, bw_num_units}; if (!TfLiteIntArrayEqualsArray(bw_row_sums->dims, 2, bw_row_sums_dims)) { TfLiteIntArray* bw_row_sums_size = TfLiteIntArrayCreate(2); bw_row_sums_size->data[0] = bw_row_sums_dims[0]; bw_row_sums_size->data[1] = bw_row_sums_dims[1]; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, bw_row_sums, bw_row_sums_size)); } if (has_aux_input) { node->temporaries->data[kAuxInputQuantized] = op_data->scratch_tensor_index + kAuxInputQuantized; TfLiteTensor* aux_input_quantized = GetTemporary(context, node, kAuxInputQuantized); aux_input_quantized->type = fw_input_weights->type; aux_input_quantized->allocation_type = kTfLiteArenaRw; if (!TfLiteIntArrayEqual(aux_input_quantized->dims, aux_input->dims)) { TfLiteIntArray* aux_input_quantized_size = TfLiteIntArrayCopy(aux_input->dims); TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, aux_input_quantized, aux_input_quantized_size)); } } } TfLiteTensor* fw_output = GetOutput(context, node, kFwOutputTensor); TfLiteIntArray* fw_output_size_array = TfLiteIntArrayCreate(3); fw_output_size_array->data[0] = (time_major) ? max_time : batch_size; fw_output_size_array->data[1] = (time_major) ? batch_size : max_time; fw_output_size_array->data[2] = params->merge_outputs ? fw_num_units + bw_num_units : fw_num_units; TF_LITE_ENSURE_OK( context, context->ResizeTensor(context, fw_output, fw_output_size_array)); if (!params->merge_outputs) { TfLiteTensor* bw_output = GetOutput(context, node, kBwOutputTensor); TfLiteIntArray* bw_output_size_array = TfLiteIntArrayCreate(3); bw_output_size_array->data[0] = batch_size; bw_output_size_array->data[1] = max_time; bw_output_size_array->data[2] = bw_num_units; TF_LITE_ENSURE_OK(context, context->ResizeTensor(context, bw_output, bw_output_size_array)); } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/bidirectional_sequence_rnn.cc,https://github.com/tensorflow/tensorflow,59136426851253,1 2241,CWE-787,"static int l2cap_build_conf_req(struct sock *sk, void *data) { struct l2cap_pinfo *pi = l2cap_pi(sk); struct l2cap_conf_req *req = data; struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; void *ptr = req->data; BT_DBG(""sk %p"", sk); switch (pi->mode) { case L2CAP_MODE_BASIC: if (pi->imtu != L2CAP_DEFAULT_MTU) l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu); break; case L2CAP_MODE_ERTM: rfc.mode = L2CAP_MODE_ERTM; rfc.txwin_size = L2CAP_DEFAULT_RX_WINDOW; rfc.max_transmit = L2CAP_DEFAULT_MAX_RECEIVE; rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO); rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO); rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_RX_APDU); l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), (unsigned long) &rfc); break; } req->dcid = cpu_to_le16(pi->dcid); req->flags = cpu_to_le16(0); return ptr - data; }",visit repo url,net/bluetooth/l2cap.c,https://github.com/torvalds/linux,128306686216648,1 5794,['CWE-200'],"static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name; struct ddpehdr *ddp; int copied = 0; int offset = 0; int err = 0; struct sk_buff *skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) return err; ddp = ddp_hdr(skb); copied = ntohs(ddp->deh_len_hops) & 1023; if (sk->sk_type != SOCK_RAW) { offset = sizeof(*ddp); copied -= offset; } if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied); if (!err) { if (sat) { sat->sat_family = AF_APPLETALK; sat->sat_port = ddp->deh_sport; sat->sat_addr.s_node = ddp->deh_snode; sat->sat_addr.s_net = ddp->deh_snet; } msg->msg_namelen = sizeof(*sat); } skb_free_datagram(sk, skb); return err ? : copied; }",linux-2.6,,,81474987792949085595887058239557535718,0 5813,['CWE-200'],"static int ddp_device_event(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *dev = ptr; if (!net_eq(dev_net(dev), &init_net)) return NOTIFY_DONE; if (event == NETDEV_DOWN) atalk_dev_down(dev); return NOTIFY_DONE; }",linux-2.6,,,181170422250238145167028354186025654665,0 4667,['CWE-399'],"int ext4_writepage_trans_blocks(struct inode *inode) { int bpp = ext4_journal_blocks_per_page(inode); int ret; ret = ext4_meta_trans_blocks(inode, bpp, 0); if (ext4_should_journal_data(inode)) ret += bpp; return ret; }",linux-2.6,,,111015188839776424413761009979507620882,0 5892,['CWE-200'],"static int nr_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) { struct sock *sk = sock->sk; struct nr_sock *nr = nr_sk(sk); int opt; if (level != SOL_NETROM) return -ENOPROTOOPT; if (optlen < sizeof(int)) return -EINVAL; if (get_user(opt, (int __user *)optval)) return -EFAULT; switch (optname) { case NETROM_T1: if (opt < 1) return -EINVAL; nr->t1 = opt * HZ; return 0; case NETROM_T2: if (opt < 1) return -EINVAL; nr->t2 = opt * HZ; return 0; case NETROM_N2: if (opt < 1 || opt > 31) return -EINVAL; nr->n2 = opt; return 0; case NETROM_T4: if (opt < 1) return -EINVAL; nr->t4 = opt * HZ; return 0; case NETROM_IDLE: if (opt < 0) return -EINVAL; nr->idle = opt * 60 * HZ; return 0; default: return -ENOPROTOOPT; } }",linux-2.6,,,124999113066880615100883498055279479682,0 5740,CWE-444,"ngx_http_lua_copy_request_headers(ngx_http_request_t *sr, ngx_http_request_t *r) { ngx_table_elt_t *header; ngx_list_part_t *part; ngx_uint_t i; if (ngx_list_init(&sr->headers_in.headers, sr->pool, 20, sizeof(ngx_table_elt_t)) != NGX_OK) { return NGX_ERROR; } dd(""before: parent req headers count: %d"", (int) r->headers_in.headers.part.nelts); part = &r->headers_in.headers.part; header = part->elts; for (i = 0; ; i++) { if (i >= part->nelts) { if (part->next == NULL) { break; } part = part->next; header = part->elts; i = 0; } dd(""setting request header %.*s: %.*s"", (int) header[i].key.len, header[i].key.data, (int) header[i].value.len, header[i].value.data); if (ngx_http_lua_set_input_header(sr, header[i].key, header[i].value, 0) == NGX_ERROR) { return NGX_ERROR; } } dd(""after: parent req headers count: %d"", (int) r->headers_in.headers.part.nelts); return NGX_OK; }",visit repo url,src/ngx_http_lua_subrequest.c,https://github.com/openresty/lua-nginx-module,81220993829848,1 5199,CWE-404,"static int xfrm_dump_policy_done(struct netlink_callback *cb) { struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; xfrm_policy_walk_done(walk); return 0; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/flar2/ElementalX-N9,61402839633733,1 1813,[],"static inline void prepare_lock_switch(struct rq *rq, struct task_struct *next) { }",linux-2.6,,,29746684233282940993247226071463880077,0 2442,CWE-834,"static int asf_read_marker(AVFormatContext *s, int64_t size) { AVIOContext *pb = s->pb; ASFContext *asf = s->priv_data; int i, count, name_len, ret; char name[1024]; avio_rl64(pb); avio_rl64(pb); count = avio_rl32(pb); avio_rl16(pb); name_len = avio_rl16(pb); for (i = 0; i < name_len; i++) avio_r8(pb); for (i = 0; i < count; i++) { int64_t pres_time; int name_len; avio_rl64(pb); pres_time = avio_rl64(pb); pres_time -= asf->hdr.preroll * 10000; avio_rl16(pb); avio_rl32(pb); avio_rl32(pb); name_len = avio_rl32(pb); if ((ret = avio_get_str16le(pb, name_len * 2, name, sizeof(name))) < name_len) avio_skip(pb, name_len - ret); avpriv_new_chapter(s, i, (AVRational) { 1, 10000000 }, pres_time, AV_NOPTS_VALUE, name); } return 0; }",visit repo url,libavformat/asfdec_f.c,https://github.com/FFmpeg/FFmpeg,237575467267819,1 4380,['CWE-264'],"int sock_get_timestampns(struct sock *sk, struct timespec __user *userstamp) { struct timespec ts; if (!sock_flag(sk, SOCK_TIMESTAMP)) sock_enable_timestamp(sk); ts = ktime_to_timespec(sk->sk_stamp); if (ts.tv_sec == -1) return -ENOENT; if (ts.tv_sec == 0) { sk->sk_stamp = ktime_get_real(); ts = ktime_to_timespec(sk->sk_stamp); } return copy_to_user(userstamp, &ts, sizeof(ts)) ? -EFAULT : 0; }",linux-2.6,,,55741778676495635493256407375226940639,0 3773,[],"static int unix_seq_open(struct inode *inode, struct file *file) { struct seq_file *seq; int rc = -ENOMEM; int *iter = kmalloc(sizeof(int), GFP_KERNEL); if (!iter) goto out; rc = seq_open(file, &unix_seq_ops); if (rc) goto out_kfree; seq = file->private_data; seq->private = iter; *iter = 0; out: return rc; out_kfree: kfree(iter); goto out; }",linux-2.6,,,229614726358899942270031185319148634126,0 5118,['CWE-20'],"static void vmx_disable_intercept_for_msr(struct page *msr_bitmap, u32 msr) { void *va; if (!cpu_has_vmx_msr_bitmap()) return; va = kmap(msr_bitmap); if (msr <= 0x1fff) { __clear_bit(msr, va + 0x000); __clear_bit(msr, va + 0x800); } else if ((msr >= 0xc0000000) && (msr <= 0xc0001fff)) { msr &= 0x1fff; __clear_bit(msr, va + 0x400); __clear_bit(msr, va + 0xc00); } kunmap(msr_bitmap); }",linux-2.6,,,272069784620743042422942741443807367869,0 1863,['CWE-189'],"_gnutls_handshake_hash_init (gnutls_session_t session) { if (session->internals.handshake_mac_handle_init == 0) { int ret = _gnutls_hash_init (&session->internals.handshake_mac_handle_md5, GNUTLS_MAC_MD5); if (ret < 0) { gnutls_assert (); return ret; } ret = _gnutls_hash_init(&session->internals.handshake_mac_handle_sha, GNUTLS_MAC_SHA1); if (ret < 0) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } session->internals.handshake_mac_handle_init = 1; } return 0; }",gnutls,,,84955200433420239010955757541761263625,0 1380,CWE-362,"asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, compat_long_t addr, compat_long_t data) { struct task_struct *child; long ret; if (request == PTRACE_TRACEME) { ret = ptrace_traceme(); goto out; } child = ptrace_get_task_struct(pid); if (IS_ERR(child)) { ret = PTR_ERR(child); goto out; } if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) { ret = ptrace_attach(child, request, addr, data); if (!ret) arch_ptrace_attach(child); goto out_put_task_struct; } ret = ptrace_check_attach(child, request == PTRACE_KILL || request == PTRACE_INTERRUPT); if (!ret) ret = compat_arch_ptrace(child, request, addr, data); out_put_task_struct: put_task_struct(child); out: return ret; }",visit repo url,kernel/ptrace.c,https://github.com/torvalds/linux,99781082343190,1 3543,['CWE-20'],"static void *sctp_addto_param(struct sctp_chunk *chunk, int len, const void *data) { void *target; int chunklen = ntohs(chunk->chunk_hdr->length); target = skb_put(chunk->skb, len); memcpy(target, data, len); chunk->chunk_hdr->length = htons(chunklen + len); chunk->chunk_end = skb_tail_pointer(chunk->skb); return target; }",linux-2.6,,,75785593610136902591926563709405451531,0 1843,['CWE-189'],"_gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen) { int ret; if (session->security_parameters.entity == GNUTLS_CLIENT) { ret = _gnutls_read_server_hello (session, data, datalen); if (ret < 0) { gnutls_assert (); return ret; } } else { ret = _gnutls_read_client_hello (session, data, datalen); if (ret < 0) { gnutls_assert (); return ret; } } return ret; }",gnutls,,,79430419130544781012017988303748133347,0 5246,['CWE-264'],"static unsigned int num_inherited_entries(canon_ace *ace_list) { unsigned int num_entries = 0; for (; ace_list; ace_list = ace_list->next) if (ace_list->inherited) num_entries++; return num_entries; }",samba,,,172578768363501040725247243020616210902,0 6257,['CWE-200'],"static int pim_rcv(struct sk_buff * skb) { struct pimreghdr *pim; struct iphdr *encap; struct net_device *reg_dev = NULL; if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap))) goto drop; pim = (struct pimreghdr*)skb->h.raw; if (pim->type != ((PIM_VERSION<<4)|(PIM_REGISTER)) || (pim->flags&PIM_NULL_REGISTER) || (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 && (u16)csum_fold(skb_checksum(skb, 0, skb->len, 0)))) goto drop; encap = (struct iphdr*)(skb->h.raw + sizeof(struct pimreghdr)); if (!MULTICAST(encap->daddr) || encap->tot_len == 0 || ntohs(encap->tot_len) + sizeof(*pim) > skb->len) goto drop; read_lock(&mrt_lock); if (reg_vif_num >= 0) reg_dev = vif_table[reg_vif_num].dev; if (reg_dev) dev_hold(reg_dev); read_unlock(&mrt_lock); if (reg_dev == NULL) goto drop; skb->mac.raw = skb->nh.raw; skb_pull(skb, (u8*)encap - skb->data); skb->nh.iph = (struct iphdr *)skb->data; skb->dev = reg_dev; memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); skb->protocol = htons(ETH_P_IP); skb->ip_summed = 0; skb->pkt_type = PACKET_HOST; dst_release(skb->dst); ((struct net_device_stats*)reg_dev->priv)->rx_bytes += skb->len; ((struct net_device_stats*)reg_dev->priv)->rx_packets++; skb->dst = NULL; nf_reset(skb); netif_rx(skb); dev_put(reg_dev); return 0; drop: kfree_skb(skb); return 0; }",linux-2.6,,,188287531721290858112765440679147904460,0 3038,CWE-189,"queryin(char *buf) { QPRS_STATE state; int32 i; ltxtquery *query; int32 commonlen; ITEM *ptr; NODE *tmp; int32 pos = 0; #ifdef BS_DEBUG char pbuf[16384], *cur; #endif state.buf = buf; state.state = WAITOPERAND; state.count = 0; state.num = 0; state.str = NULL; state.sumlen = 0; state.lenop = 64; state.curop = state.op = (char *) palloc(state.lenop); *(state.curop) = '\0'; makepol(&state); if (!state.num) ereport(ERROR, (errcode(ERRCODE_SYNTAX_ERROR), errmsg(""syntax error""), errdetail(""Empty query.""))); commonlen = COMPUTESIZE(state.num, state.sumlen); query = (ltxtquery *) palloc(commonlen); SET_VARSIZE(query, commonlen); query->size = state.num; ptr = GETQUERY(query); for (i = 0; i < state.num; i++) { ptr[i].type = state.str->type; ptr[i].val = state.str->val; ptr[i].distance = state.str->distance; ptr[i].length = state.str->length; ptr[i].flag = state.str->flag; tmp = state.str->next; pfree(state.str); state.str = tmp; } memcpy((void *) GETOPERAND(query), (void *) state.op, state.sumlen); pfree(state.op); pos = 0; findoprnd(ptr, &pos); return query; }",visit repo url,contrib/ltree/ltxtquery_io.c,https://github.com/postgres/postgres,108740694685117,1 3806,['CWE-120'],"static struct uvc_entity *uvc_entity_by_reference(struct uvc_device *dev, int id, struct uvc_entity *entity) { unsigned int i; if (entity == NULL) entity = list_entry(&dev->entities, struct uvc_entity, list); list_for_each_entry_continue(entity, &dev->entities, list) { switch (UVC_ENTITY_TYPE(entity)) { case TT_STREAMING: if (entity->output.bSourceID == id) return entity; break; case VC_PROCESSING_UNIT: if (entity->processing.bSourceID == id) return entity; break; case VC_SELECTOR_UNIT: for (i = 0; i < entity->selector.bNrInPins; ++i) if (entity->selector.baSourceID[i] == id) return entity; break; case VC_EXTENSION_UNIT: for (i = 0; i < entity->extension.bNrInPins; ++i) if (entity->extension.baSourceID[i] == id) return entity; break; } } return NULL; }",linux-2.6,,,87740878448092628070241487865003515459,0 4767,['CWE-20'],"static int ext4_quota_on_mount(struct super_block *sb, int type) { return vfs_quota_on_mount(sb, EXT4_SB(sb)->s_qf_names[type], EXT4_SB(sb)->s_jquota_fmt, type); }",linux-2.6,,,132437819101870488008569179133118157005,0 5393,CWE-125,"double GetGPMFSampleRateAndTimes(size_t handle, GPMF_stream *gs, double rate, uint32_t index, double *in, double *out) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return 0.0; uint32_t key, insamples; uint32_t repeat, outsamples; GPMF_stream find_stream; if (gs == NULL || mp4->metaoffsets == 0 || mp4->indexcount == 0 || mp4->basemetadataduration == 0 || mp4->meta_clockdemon == 0 || in == NULL || out == NULL) return 0.0; key = GPMF_Key(gs); repeat = GPMF_Repeat(gs); if (rate == 0.0) rate = GetGPMFSampleRate(handle, key, GPMF_SAMPLE_RATE_FAST); if (rate == 0.0) { *in = *out = 0.0; return 0.0; } GPMF_CopyState(gs, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TOTAL_SAMPLES, GPMF_CURRENT_LEVEL)) { outsamples = BYTESWAP32(*(uint32_t *)GPMF_RawData(&find_stream)); insamples = outsamples - repeat; *in = ((double)insamples / (double)rate); *out = ((double)outsamples / (double)rate); } else { *in = ((double)index * (double)mp4->basemetadataduration / (double)mp4->meta_clockdemon); *out = ((double)(index + 1) * (double)mp4->basemetadataduration / (double)mp4->meta_clockdemon); } return rate; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,259952087012547,1 1414,CWE-310,"static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_cipher rcipher; snprintf(rcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""cipher""); rcipher.blocksize = alg->cra_blocksize; rcipher.min_keysize = alg->cra_cipher.cia_min_keysize; rcipher.max_keysize = alg->cra_cipher.cia_max_keysize; if (nla_put(skb, CRYPTOCFGA_REPORT_CIPHER, sizeof(struct crypto_report_cipher), &rcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user.c,https://github.com/torvalds/linux,281170485397244,1 1841,CWE-476,"static bool kvm_vcpu_check_breakpoint(struct kvm_vcpu *vcpu, int *r) { if (unlikely(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) && (vcpu->arch.guest_debug_dr7 & DR7_BP_EN_MASK)) { struct kvm_run *kvm_run = vcpu->run; unsigned long eip = kvm_get_linear_rip(vcpu); u32 dr6 = kvm_vcpu_check_hw_bp(eip, 0, vcpu->arch.guest_debug_dr7, vcpu->arch.eff_db); if (dr6 != 0) { kvm_run->debug.arch.dr6 = dr6 | DR6_ACTIVE_LOW; kvm_run->debug.arch.pc = eip; kvm_run->debug.arch.exception = DB_VECTOR; kvm_run->exit_reason = KVM_EXIT_DEBUG; *r = 0; return true; } } if (unlikely(vcpu->arch.dr7 & DR7_BP_EN_MASK) && !(kvm_get_rflags(vcpu) & X86_EFLAGS_RF)) { unsigned long eip = kvm_get_linear_rip(vcpu); u32 dr6 = kvm_vcpu_check_hw_bp(eip, 0, vcpu->arch.dr7, vcpu->arch.db); if (dr6 != 0) { kvm_queue_exception_p(vcpu, DB_VECTOR, dr6); *r = 1; return true; } } return false; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,264270004468881,1 2647,[],"static int sctp_setsockopt_peer_primary_addr(struct sock *sk, char __user *optval, int optlen) { struct sctp_sock *sp; struct sctp_endpoint *ep; struct sctp_association *asoc = NULL; struct sctp_setpeerprim prim; struct sctp_chunk *chunk; int err; sp = sctp_sk(sk); ep = sp->ep; if (!sctp_addip_enable) return -EPERM; if (optlen != sizeof(struct sctp_setpeerprim)) return -EINVAL; if (copy_from_user(&prim, optval, optlen)) return -EFAULT; asoc = sctp_id2assoc(sk, prim.sspp_assoc_id); if (!asoc) return -EINVAL; if (!asoc->peer.asconf_capable) return -EPERM; if (asoc->peer.addip_disabled_mask & SCTP_PARAM_SET_PRIMARY) return -EPERM; if (!sctp_state(asoc, ESTABLISHED)) return -ENOTCONN; if (!sctp_assoc_lookup_laddr(asoc, (union sctp_addr *)&prim.sspp_addr)) return -EADDRNOTAVAIL; chunk = sctp_make_asconf_set_prim(asoc, (union sctp_addr *)&prim.sspp_addr); if (!chunk) return -ENOMEM; err = sctp_send_asconf(asoc, chunk); SCTP_DEBUG_PRINTK(""We set peer primary addr primitively.\n""); return err; }",linux-2.6,,,45829189889840792941662825652879063052,0 1666,[],"static void __init init_aggregate(void) { int i; for_each_possible_cpu(i) spin_lock_init(&per_cpu(aggregate_lock, i)); }",linux-2.6,,,133768739567922980585549541884294025204,0 1155,['CWE-189'],"static void hrtimer_get_softirq_time(struct hrtimer_cpu_base *base) { ktime_t xtim, tomono; struct timespec xts; unsigned long seq; do { seq = read_seqbegin(&xtime_lock); #ifdef CONFIG_NO_HZ getnstimeofday(&xts); #else xts = xtime; #endif } while (read_seqretry(&xtime_lock, seq)); xtim = timespec_to_ktime(xts); tomono = timespec_to_ktime(wall_to_monotonic); base->clock_base[CLOCK_REALTIME].softirq_time = xtim; base->clock_base[CLOCK_MONOTONIC].softirq_time = ktime_add(xtim, tomono); }",linux-2.6,,,293028299702568805817698923156226980997,0 2498,['CWE-119'],"void diff_flush(struct diff_options *options) { struct diff_queue_struct *q = &diff_queued_diff; int i, output_format = options->output_format; int separator = 0; if (!q->nr) goto free_queue; if (output_format & (DIFF_FORMAT_RAW | DIFF_FORMAT_NAME | DIFF_FORMAT_NAME_STATUS | DIFF_FORMAT_CHECKDIFF)) { for (i = 0; i < q->nr; i++) { struct diff_filepair *p = q->queue[i]; if (check_pair_status(p)) flush_one_pair(p, options); } separator++; } if (output_format & (DIFF_FORMAT_DIFFSTAT|DIFF_FORMAT_SHORTSTAT|DIFF_FORMAT_NUMSTAT)) { struct diffstat_t diffstat; memset(&diffstat, 0, sizeof(struct diffstat_t)); diffstat.xm.consume = diffstat_consume; for (i = 0; i < q->nr; i++) { struct diff_filepair *p = q->queue[i]; if (check_pair_status(p)) diff_flush_stat(p, options, &diffstat); } if (output_format & DIFF_FORMAT_NUMSTAT) show_numstat(&diffstat, options); if (output_format & DIFF_FORMAT_DIFFSTAT) show_stats(&diffstat, options); if (output_format & DIFF_FORMAT_SHORTSTAT) show_shortstats(&diffstat, options); free_diffstat_info(&diffstat); separator++; } if (output_format & DIFF_FORMAT_DIRSTAT) show_dirstat(options); if (output_format & DIFF_FORMAT_SUMMARY && !is_summary_empty(q)) { for (i = 0; i < q->nr; i++) diff_summary(options->file, q->queue[i]); separator++; } if (output_format & DIFF_FORMAT_PATCH) { if (separator) { if (options->stat_sep) { fputs(options->stat_sep, options->file); } else { putc(options->line_termination, options->file); } } for (i = 0; i < q->nr; i++) { struct diff_filepair *p = q->queue[i]; if (check_pair_status(p)) diff_flush_patch(p, options); } } if (output_format & DIFF_FORMAT_CALLBACK) options->format_callback(q, options, options->format_callback_data); for (i = 0; i < q->nr; i++) diff_free_filepair(q->queue[i]); free_queue: free(q->queue); q->queue = NULL; q->nr = q->alloc = 0; if (options->close_file) fclose(options->file); }",git,,,308738556650741370533609406183676954616,0 1470,CWE-264,"int perf_event_refresh(struct perf_event *event, int refresh) { if (event->attr.inherit || !is_sampling_event(event)) return -EINVAL; atomic_add(refresh, &event->event_limit); perf_event_enable(event); return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,151277313027093,1 465,[],"pfm_buf_fmt_exit(pfm_buffer_fmt_t *fmt, struct task_struct *task, void *buf, struct pt_regs *regs) { int ret = 0; if (fmt->fmt_exit) ret = (*fmt->fmt_exit)(task, buf, regs); return ret; }",linux-2.6,,,322492825555874893109243758730522648733,0 2640,[],"static void sctp_sock_rfree_frag(struct sk_buff *skb) { struct sk_buff *frag; if (!skb->data_len) goto done; for (frag = skb_shinfo(skb)->frag_list; frag; frag = frag->next) sctp_sock_rfree_frag(frag); done: sctp_sock_rfree(skb); }",linux-2.6,,,137531548197372351309835649444265796874,0 4258,CWE-416,"R_API void r_core_anal_type_match(RCore *core, RAnalFunction *fcn) { RAnalBlock *bb; RListIter *it; RAnalOp aop = {0}; bool resolved = false; r_return_if_fail (core && core->anal && fcn); if (!core->anal->esil) { eprintf (""Please run aeim\n""); return; } RAnal *anal = core->anal; Sdb *TDB = anal->sdb_types; bool chk_constraint = r_config_get_i (core->config, ""anal.types.constraint""); int ret, bsize = R_MAX (64, core->blocksize); const int mininstrsz = r_anal_archinfo (anal, R_ANAL_ARCHINFO_MIN_OP_SIZE); const int minopcode = R_MAX (1, mininstrsz); int cur_idx , prev_idx = 0; RConfigHold *hc = r_config_hold_new (core->config); if (!hc) { return; } RDebugTrace *dt = NULL; RAnalEsilTrace *et = NULL; if (!anal_emul_init (core, hc, &dt, &et) || !fcn) { anal_emul_restore (core, hc, dt, et); return; } ut8 *buf = malloc (bsize); if (!buf) { anal_emul_restore (core, hc, dt, et); return; } Sdb *etracedb = core->anal->esil->trace->db; HtPPOptions opt = etracedb->ht->opt; ht_pp_free (etracedb->ht); etracedb->ht = ht_pp_new_size (fcn->ninstr * 0xf, opt.dupvalue, opt.freefn, opt.calcsizeV); etracedb->ht->opt = opt; RDebugTrace *dtrace = core->dbg->trace; opt = dtrace->ht->opt; ht_pp_free (dtrace->ht); dtrace->ht = ht_pp_new_size (fcn->ninstr, opt.dupvalue, opt.freefn, opt.calcsizeV); dtrace->ht->opt = opt; char *fcn_name = NULL; char *ret_type = NULL; bool str_flag = false; bool prop = false; bool prev_var = false; char prev_type[256] = {0}; const char *prev_dest = NULL; char *ret_reg = NULL; const char *_pc = r_reg_get_name (core->dbg->reg, R_REG_NAME_PC); if (!_pc) { free (buf); return; } char *pc = strdup (_pc); RRegItem *r = r_reg_get (core->dbg->reg, pc, -1); if (!r) { free (buf); return; } r_cons_break_push (NULL, NULL); r_list_sort (fcn->bbs, bb_cmpaddr); r_list_foreach (fcn->bbs, it, bb) { ut64 addr = bb->addr; int i = 0; r_reg_set_value (core->dbg->reg, r, addr); while (1) { if (r_cons_is_breaked ()) { goto out_function; } if (i >= (bsize - 32)) { i = 0; } ut64 pcval = r_reg_getv (anal->reg, pc); if ((addr >= bb->addr + bb->size) || (addr < bb->addr) || pcval != addr) { break; } if (!i) { r_io_read_at (core->io, addr, buf, bsize); } ret = r_anal_op (anal, &aop, addr, buf + i, bsize - i, R_ANAL_OP_MASK_BASIC | R_ANAL_OP_MASK_VAL); if (ret <= 0) { i += minopcode; addr += minopcode; r_anal_op_fini (&aop); continue; } int loop_count = sdb_num_get (anal->esil->trace->db, sdb_fmt (""0x%""PFMT64x"".count"", addr), 0); if (loop_count > LOOP_MAX || aop.type == R_ANAL_OP_TYPE_RET) { r_anal_op_fini (&aop); break; } sdb_num_set (anal->esil->trace->db, sdb_fmt (""0x%""PFMT64x"".count"", addr), loop_count + 1, 0); if (r_anal_op_nonlinear (aop.type)) { r_reg_set_value (core->dbg->reg, r, addr + ret); } else { r_core_esil_step (core, UT64_MAX, NULL, NULL, false); } bool userfnc = false; Sdb *trace = anal->esil->trace->db; cur_idx = sdb_num_get (trace, ""idx"", 0); RAnalVar *var = r_anal_get_used_function_var (anal, aop.addr); RAnalOp *next_op = r_core_anal_op (core, addr + ret, R_ANAL_OP_MASK_BASIC); ut32 type = aop.type & R_ANAL_OP_TYPE_MASK; if (aop.type == R_ANAL_OP_TYPE_CALL || aop.type & R_ANAL_OP_TYPE_UCALL) { char *full_name = NULL; ut64 callee_addr; if (aop.type == R_ANAL_OP_TYPE_CALL) { RAnalFunction *fcn_call = r_anal_get_fcn_in (anal, aop.jump, -1); if (fcn_call) { full_name = fcn_call->name; callee_addr = fcn_call->addr; } } else if (aop.ptr != UT64_MAX) { RFlagItem *flag = r_flag_get_by_spaces (core->flags, aop.ptr, R_FLAGS_FS_IMPORTS, NULL); if (flag && flag->realname) { full_name = flag->realname; callee_addr = aop.ptr; } } if (full_name) { if (r_type_func_exist (TDB, full_name)) { fcn_name = strdup (full_name); } else { fcn_name = r_type_func_guess (TDB, full_name); } if (!fcn_name) { fcn_name = strdup (full_name); userfnc = true; } const char* Cc = r_anal_cc_func (anal, fcn_name); if (Cc && r_anal_cc_exist (anal, Cc)) { char *cc = strdup (Cc); type_match (core, fcn_name, addr, bb->addr, cc, prev_idx, userfnc, callee_addr); prev_idx = cur_idx; R_FREE (ret_type); const char *rt = r_type_func_ret (TDB, fcn_name); if (rt) { ret_type = strdup (rt); } R_FREE (ret_reg); const char *rr = r_anal_cc_ret (anal, cc); if (rr) { ret_reg = strdup (rr); } resolved = false; free (cc); } if (!strcmp (fcn_name, ""__stack_chk_fail"")) { const char *query = sdb_fmt (""%d.addr"", cur_idx - 1); ut64 mov_addr = sdb_num_get (trace, query, 0); RAnalOp *mop = r_core_anal_op (core, mov_addr, R_ANAL_OP_MASK_VAL | R_ANAL_OP_MASK_BASIC); if (mop) { RAnalVar *mopvar = r_anal_get_used_function_var (anal, mop->addr); ut32 type = mop->type & R_ANAL_OP_TYPE_MASK; if (type == R_ANAL_OP_TYPE_MOV) { __var_rename (anal, mopvar, ""canary"", addr); } } r_anal_op_free (mop); } free (fcn_name); } } else if (!resolved && ret_type && ret_reg) { char src[REGNAME_SIZE] = {0}; const char *query = sdb_fmt (""%d.reg.write"", cur_idx); const char *cur_dest = sdb_const_get (trace, query, 0); get_src_regname (core, aop.addr, src, sizeof (src)); if (ret_reg && *src && strstr (ret_reg, src)) { if (var && aop.direction == R_ANAL_OP_DIR_WRITE) { __var_retype (anal, var, NULL, ret_type, false, false); resolved = true; } else if (type == R_ANAL_OP_TYPE_MOV) { R_FREE (ret_reg); if (cur_dest) { ret_reg = strdup (cur_dest); } } } else if (cur_dest) { char *foo = strdup (cur_dest); char *tmp = strchr (foo, ','); if (tmp) { *tmp++ = '\0'; } if (ret_reg && (strstr (ret_reg, foo) || (tmp && strstr (ret_reg, tmp)))) { resolved = true; } else if (type == R_ANAL_OP_TYPE_MOV && (next_op && next_op->type == R_ANAL_OP_TYPE_MOV)){ char nsrc[REGNAME_SIZE] = {0}; get_src_regname (core, next_op->addr, nsrc, sizeof (nsrc)); if (ret_reg && *nsrc && strstr (ret_reg, nsrc) && var && aop.direction == R_ANAL_OP_DIR_READ) { __var_retype (anal, var, NULL, ret_type, true, false); } } free (foo); } } if (var) { bool sign = false; if ((type == R_ANAL_OP_TYPE_CMP) && next_op) { if (next_op->sign) { sign = true; } else { __var_retype (anal, var, NULL, ""unsigned"", false, true); } } if (sign || aop.sign) { __var_retype (anal, var, NULL, ""signed"", false, true); } if (prev_dest && (type == R_ANAL_OP_TYPE_MOV || type == R_ANAL_OP_TYPE_STORE)) { char reg[REGNAME_SIZE] = {0}; get_src_regname (core, addr, reg, sizeof (reg)); bool match = strstr (prev_dest, reg) != NULL; if (str_flag && match) { __var_retype (anal, var, NULL, ""const char *"", false, false); } if (prop && match && prev_var) { __var_retype (anal, var, NULL, prev_type, false, false); } } if (chk_constraint && var && (type == R_ANAL_OP_TYPE_CMP && aop.disp != UT64_MAX) && next_op && next_op->type == R_ANAL_OP_TYPE_CJMP) { bool jmp = false; RAnalOp *jmp_op = {0}; ut64 jmp_addr = next_op->jump; RAnalBlock *jmpbb = r_anal_fcn_bbget_in (anal, fcn, jmp_addr); for (i = 0; i < MAX_INSTR ; i++) { jmp_op = r_core_anal_op (core, jmp_addr, R_ANAL_OP_MASK_BASIC); if (!jmp_op) { break; } if ((jmp_op->type == R_ANAL_OP_TYPE_RET && r_anal_block_contains (jmpbb, jmp_addr)) || jmp_op->type == R_ANAL_OP_TYPE_CJMP) { jmp = true; r_anal_op_free (jmp_op); break; } jmp_addr += jmp_op->size; r_anal_op_free (jmp_op); } RAnalVarConstraint constr = { .cond = jmp? cond_invert (anal, next_op->cond): next_op->cond, .val = aop.val }; r_anal_var_add_constraint (var, &constr); } } prev_var = (var && aop.direction == R_ANAL_OP_DIR_READ); str_flag = false; prop = false; prev_dest = NULL; switch (type) { case R_ANAL_OP_TYPE_MOV: case R_ANAL_OP_TYPE_LEA: case R_ANAL_OP_TYPE_LOAD: if (aop.ptr && aop.refptr && aop.ptr != UT64_MAX) { if (type == R_ANAL_OP_TYPE_LOAD) { ut8 buf[256] = {0}; r_io_read_at (core->io, aop.ptr, buf, sizeof (buf) - 1); ut64 ptr = r_read_ble (buf, core->print->big_endian, aop.refptr * 8); if (ptr && ptr != UT64_MAX) { RFlagItem *f = r_flag_get_by_spaces (core->flags, ptr, R_FLAGS_FS_STRINGS, NULL); if (f) { str_flag = true; } } } else if (r_flag_exist_at (core->flags, ""str"", 3, aop.ptr)) { str_flag = true; } } if (var && str_flag) { __var_retype (anal, var, NULL, ""const char *"", false, false); } const char *query = sdb_fmt (""%d.reg.write"", cur_idx); prev_dest = sdb_const_get (trace, query, 0); if (var) { strncpy (prev_type, var->type, sizeof (prev_type) - 1); prop = true; } } i += ret; addr += ret; r_anal_op_free (next_op); r_anal_op_fini (&aop); } } RList *list = r_anal_var_list (anal, fcn, R_ANAL_VAR_KIND_REG); RAnalVar *rvar; RListIter *iter; r_list_foreach (list, iter, rvar) { RAnalVar *lvar = r_anal_var_get_dst_var (rvar); RRegItem *i = r_reg_index_get (anal->reg, rvar->delta); if (!i) { continue; } if (lvar) { __var_retype (anal, rvar, NULL, lvar->type, false, false); __var_retype (anal, lvar, NULL, rvar->type, false, false); } } r_list_free (list); out_function: R_FREE (ret_reg); R_FREE (ret_type); free (buf); r_cons_break_pop(); anal_emul_restore (core, hc, dt, et); free (pc); }",visit repo url,libr/core/anal_tp.c,https://github.com/radareorg/radare2,266734664526926,1 6474,[],"lt_dladdsearchdir (const char *search_dir) { int errors = 0; if (search_dir && *search_dir) { if (lt_dlpath_insertdir (&user_search_path, 0, search_dir) != 0) ++errors; } return errors; }",libtool,,,132997846812612618754646284819507560966,0 4028,CWE-476,"tar_directory_for_file (GsfInfileTar *dir, const char *name, gboolean last) { const char *s = name; while (1) { const char *s0 = s; char *dirname; while (1) { if (*s == 0) { if (last && s != s0) break; else return dir; } if (*s == '/') break; s++; } dirname = g_strndup (s0, s - s0); while (*s == '/') s++; if (strcmp (dirname, ""."") != 0) { GsfInput *subdir = gsf_infile_child_by_name (GSF_INFILE (dir), dirname); if (subdir) { g_object_unref (subdir); dir = GSF_INFILE_TAR (subdir); } else dir = tar_create_dir (dir, dirname); } g_free (dirname); } }",visit repo url,gsf/gsf-infile-tar.c,https://github.com/GNOME/libgsf,40916604091763,1 3712,[],"static inline int unix_writable(struct sock *sk) { return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf; }",linux-2.6,,,68172198931340770386984527542728059861,0 1626,CWE-264,"static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) { struct ipv6_txoptions opt_space; DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name); struct in6_addr *daddr, *final_p, final; struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct raw6_sock *rp = raw6_sk(sk); struct ipv6_txoptions *opt = NULL; struct ip6_flowlabel *flowlabel = NULL; struct dst_entry *dst = NULL; struct raw6_frag_vec rfv; struct flowi6 fl6; int addr_len = msg->msg_namelen; int hlimit = -1; int tclass = -1; int dontfrag = -1; u16 proto; int err; if (len > INT_MAX) return -EMSGSIZE; if (msg->msg_flags & MSG_OOB) return -EOPNOTSUPP; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_mark = sk->sk_mark; if (sin6) { if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; if (sin6->sin6_family && sin6->sin6_family != AF_INET6) return -EAFNOSUPPORT; proto = ntohs(sin6->sin6_port); if (!proto) proto = inet->inet_num; else if (proto != inet->inet_num) return -EINVAL; if (proto > 255) return -EINVAL; daddr = &sin6->sin6_addr; if (np->sndflow) { fl6.flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK; if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } } if (sk->sk_state == TCP_ESTABLISHED && ipv6_addr_equal(daddr, &sk->sk_v6_daddr)) daddr = &sk->sk_v6_daddr; if (addr_len >= sizeof(struct sockaddr_in6) && sin6->sin6_scope_id && __ipv6_addr_needs_scope_id(__ipv6_addr_type(daddr))) fl6.flowi6_oif = sin6->sin6_scope_id; } else { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; proto = inet->inet_num; daddr = &sk->sk_v6_daddr; fl6.flowlabel = np->flow_label; } if (fl6.flowi6_oif == 0) fl6.flowi6_oif = sk->sk_bound_dev_if; if (msg->msg_controllen) { opt = &opt_space; memset(opt, 0, sizeof(struct ipv6_txoptions)); opt->tot_len = sizeof(struct ipv6_txoptions); err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt, &hlimit, &tclass, &dontfrag); if (err < 0) { fl6_sock_release(flowlabel); return err; } if ((fl6.flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; } if (!opt) opt = np->opt; if (flowlabel) opt = fl6_merge_options(&opt_space, flowlabel, opt); opt = ipv6_fixup_options(&opt_space, opt); fl6.flowi6_proto = proto; rfv.msg = msg; rfv.hlen = 0; err = rawv6_probe_proto_opt(&rfv, &fl6); if (err) goto out; if (!ipv6_addr_any(daddr)) fl6.daddr = *daddr; else fl6.daddr.s6_addr[15] = 0x1; if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr)) fl6.saddr = np->saddr; final_p = fl6_update_dst(&fl6, opt, &final); if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) fl6.flowi6_oif = np->mcast_oif; else if (!fl6.flowi6_oif) fl6.flowi6_oif = np->ucast_oif; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); if (inet->hdrincl) fl6.flowi6_flags |= FLOWI_FLAG_KNOWN_NH; dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { err = PTR_ERR(dst); goto out; } if (hlimit < 0) hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); if (tclass < 0) tclass = np->tclass; if (dontfrag < 0) dontfrag = np->dontfrag; if (msg->msg_flags&MSG_CONFIRM) goto do_confirm; back_from_confirm: if (inet->hdrincl) err = rawv6_send_hdrinc(sk, msg, len, &fl6, &dst, msg->msg_flags); else { lock_sock(sk); err = ip6_append_data(sk, raw6_getfrag, &rfv, len, 0, hlimit, tclass, opt, &fl6, (struct rt6_info *)dst, msg->msg_flags, dontfrag); if (err) ip6_flush_pending_frames(sk); else if (!(msg->msg_flags & MSG_MORE)) err = rawv6_push_pending_frames(sk, &fl6, rp); release_sock(sk); } done: dst_release(dst); out: fl6_sock_release(flowlabel); return err < 0 ? err : len; do_confirm: dst_confirm(dst); if (!(msg->msg_flags & MSG_PROBE) || len) goto back_from_confirm; err = 0; goto done; }",visit repo url,net/ipv6/raw.c,https://github.com/torvalds/linux,33723257750216,1 33,CWE-763,"spnego_gss_unwrap_aead(OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer, gss_buffer_t input_assoc_buffer, gss_buffer_t output_payload_buffer, int *conf_state, gss_qop_t *qop_state) { OM_uint32 ret; ret = gss_unwrap_aead(minor_status, context_handle, input_message_buffer, input_assoc_buffer, output_payload_buffer, conf_state, qop_state); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,155589527015659,1 813,CWE-20,"static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; unsigned int copied, rlen; struct sk_buff *skb, *cskb; int err = 0; pr_debug(""%p %zu\n"", sk, len); msg->msg_namelen = 0; lock_sock(sk); if (sk->sk_state == LLCP_CLOSED && skb_queue_empty(&sk->sk_receive_queue)) { release_sock(sk); return 0; } release_sock(sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { pr_err(""Recv datagram failed state %d %d %d"", sk->sk_state, err, sock_error(sk)); if (sk->sk_shutdown & RCV_SHUTDOWN) return 0; return err; } rlen = skb->len; copied = min_t(unsigned int, rlen, len); cskb = skb; if (skb_copy_datagram_iovec(cskb, 0, msg->msg_iov, copied)) { if (!(flags & MSG_PEEK)) skb_queue_head(&sk->sk_receive_queue, skb); return -EFAULT; } sock_recv_timestamp(msg, sk, skb); if (sk->sk_type == SOCK_DGRAM && msg->msg_name) { struct nfc_llcp_ui_cb *ui_cb = nfc_llcp_ui_skb_cb(skb); struct sockaddr_nfc_llcp *sockaddr = (struct sockaddr_nfc_llcp *) msg->msg_name; msg->msg_namelen = sizeof(struct sockaddr_nfc_llcp); pr_debug(""Datagram socket %d %d\n"", ui_cb->dsap, ui_cb->ssap); memset(sockaddr, 0, sizeof(*sockaddr)); sockaddr->sa_family = AF_NFC; sockaddr->nfc_protocol = NFC_PROTO_NFC_DEP; sockaddr->dsap = ui_cb->dsap; sockaddr->ssap = ui_cb->ssap; } if (!(flags & MSG_PEEK)) { if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) { skb_pull(skb, copied); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); goto done; } } kfree_skb(skb); } done: if (sk->sk_type == SOCK_SEQPACKET && (flags & MSG_TRUNC)) copied = rlen; return copied; }",visit repo url,net/nfc/llcp_sock.c,https://github.com/torvalds/linux,259541481085604,1 6042,CWE-190,"dig_t bn_get_prime(int pos) { if (pos >= BASIC_TESTS) { return 0; } return primes[pos]; }",visit repo url,src/bn/relic_bn_prime.c,https://github.com/relic-toolkit/relic,22308212796149,1 102,['CWE-787'],"static void cirrus_vga_save(QEMUFile *f, void *opaque) { CirrusVGAState *s = opaque; if (s->pci_dev) pci_device_save(s->pci_dev, f); qemu_put_be32s(f, &s->latch); qemu_put_8s(f, &s->sr_index); qemu_put_buffer(f, s->sr, 256); qemu_put_8s(f, &s->gr_index); qemu_put_8s(f, &s->cirrus_shadow_gr0); qemu_put_8s(f, &s->cirrus_shadow_gr1); qemu_put_buffer(f, s->gr + 2, 254); qemu_put_8s(f, &s->ar_index); qemu_put_buffer(f, s->ar, 21); qemu_put_be32(f, s->ar_flip_flop); qemu_put_8s(f, &s->cr_index); qemu_put_buffer(f, s->cr, 256); qemu_put_8s(f, &s->msr); qemu_put_8s(f, &s->fcr); qemu_put_8s(f, &s->st00); qemu_put_8s(f, &s->st01); qemu_put_8s(f, &s->dac_state); qemu_put_8s(f, &s->dac_sub_index); qemu_put_8s(f, &s->dac_read_index); qemu_put_8s(f, &s->dac_write_index); qemu_put_buffer(f, s->dac_cache, 3); qemu_put_buffer(f, s->palette, 768); qemu_put_be32(f, s->bank_offset); qemu_put_8s(f, &s->cirrus_hidden_dac_lockindex); qemu_put_8s(f, &s->cirrus_hidden_dac_data); qemu_put_be32s(f, &s->hw_cursor_x); qemu_put_be32s(f, &s->hw_cursor_y); }",qemu,,,70932604365626628254069575058805645317,0 4990,CWE-787,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 5072,['CWE-20'],"static void vmx_intr_assist(struct kvm_vcpu *vcpu) { update_tpr_threshold(vcpu); vmx_update_window_states(vcpu); if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS); if (vcpu->arch.nmi_pending && !vcpu->arch.nmi_injected) { if (vcpu->arch.interrupt.pending) { enable_nmi_window(vcpu); } else if (vcpu->arch.nmi_window_open) { vcpu->arch.nmi_pending = false; vcpu->arch.nmi_injected = true; } else { enable_nmi_window(vcpu); return; } } if (vcpu->arch.nmi_injected) { vmx_inject_nmi(vcpu); if (vcpu->arch.nmi_pending) enable_nmi_window(vcpu); else if (kvm_cpu_has_interrupt(vcpu)) enable_irq_window(vcpu); return; } if (!vcpu->arch.interrupt.pending && kvm_cpu_has_interrupt(vcpu)) { if (vcpu->arch.interrupt_window_open) kvm_queue_interrupt(vcpu, kvm_cpu_get_interrupt(vcpu)); else enable_irq_window(vcpu); } if (vcpu->arch.interrupt.pending) { vmx_inject_irq(vcpu, vcpu->arch.interrupt.nr); if (kvm_cpu_has_interrupt(vcpu)) enable_irq_window(vcpu); } }",linux-2.6,,,75933783012298196354519645995539351640,0 2702,CWE-190,"SPL_METHOD(SplFileInfo, getPath) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); char *path; int path_len; if (zend_parse_parameters_none() == FAILURE) { return; } path = spl_filesystem_object_get_path(intern, &path_len TSRMLS_CC); RETURN_STRINGL(path, path_len, 1); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,275982177640943,1 299,CWE-404,"static int cp2112_gpio_direction_input(struct gpio_chip *chip, unsigned offset) { struct cp2112_device *dev = gpiochip_get_data(chip); struct hid_device *hdev = dev->hdev; u8 *buf = dev->in_out_buffer; unsigned long flags; int ret; spin_lock_irqsave(&dev->lock, flags); ret = hid_hw_raw_request(hdev, CP2112_GPIO_CONFIG, buf, CP2112_GPIO_CONFIG_LENGTH, HID_FEATURE_REPORT, HID_REQ_GET_REPORT); if (ret != CP2112_GPIO_CONFIG_LENGTH) { hid_err(hdev, ""error requesting GPIO config: %d\n"", ret); goto exit; } buf[1] &= ~(1 << offset); buf[2] = gpio_push_pull; ret = hid_hw_raw_request(hdev, CP2112_GPIO_CONFIG, buf, CP2112_GPIO_CONFIG_LENGTH, HID_FEATURE_REPORT, HID_REQ_SET_REPORT); if (ret < 0) { hid_err(hdev, ""error setting GPIO config: %d\n"", ret); goto exit; } ret = 0; exit: spin_unlock_irqrestore(&dev->lock, flags); return ret <= 0 ? ret : -EIO; }",visit repo url,drivers/hid/hid-cp2112.c,https://github.com/torvalds/linux,197389818323923,1 3917,CWE-122,"compile_redir(char_u *line, exarg_T *eap, cctx_T *cctx) { char_u *arg = eap->arg; lhs_T *lhs = &cctx->ctx_redir_lhs; if (lhs->lhs_name != NULL) { if (STRNCMP(arg, ""END"", 3) == 0) { if (lhs->lhs_append) { if (compile_load_lhs_with_index(lhs, lhs->lhs_whole, cctx) == FAIL) return NULL; } generate_instr_type(cctx, ISN_REDIREND, &t_string); if (lhs->lhs_append) generate_CONCAT(cctx, 2); if (lhs->lhs_has_index) { if (compile_assign_unlet(lhs->lhs_whole, lhs, TRUE, &t_string, cctx) == FAIL) return NULL; } else if (generate_store_lhs(cctx, lhs, -1, FALSE) == FAIL) return NULL; VIM_CLEAR(lhs->lhs_name); VIM_CLEAR(lhs->lhs_whole); return arg + 3; } emsg(_(e_cannot_nest_redir)); return NULL; } if (arg[0] == '=' && arg[1] == '>') { int append = FALSE; arg += 2; if (*arg == '>') { ++arg; append = TRUE; } arg = skipwhite(arg); if (compile_assign_lhs(arg, lhs, CMD_redir, FALSE, FALSE, FALSE, 1, cctx) == FAIL) return NULL; if (need_type(&t_string, lhs->lhs_member_type, -1, 0, cctx, FALSE, FALSE) == FAIL) return NULL; generate_instr(cctx, ISN_REDIRSTART); lhs->lhs_append = append; if (lhs->lhs_has_index) { lhs->lhs_whole = vim_strnsave(arg, lhs->lhs_varlen_total); if (lhs->lhs_whole == NULL) return NULL; } return arg + lhs->lhs_varlen_total; } return compile_exec(line, eap, cctx); }",visit repo url,src/vim9cmds.c,https://github.com/vim/vim,236279444435909,1 4894,CWE-476,"static Image *ReadOneJNGImage(MngInfo *mng_info, const ImageInfo *image_info, ExceptionInfo *exception) { Image *alpha_image, *color_image, *image, *jng_image; ImageInfo *alpha_image_info, *color_image_info; MagickBooleanType logging; int unique_filenames; ssize_t y; MagickBooleanType status; png_uint_32 jng_height, jng_width; png_byte jng_color_type, jng_image_sample_depth, jng_image_compression_method, jng_image_interlace_method, jng_alpha_sample_depth, jng_alpha_compression_method, jng_alpha_filter_method, jng_alpha_interlace_method; register const PixelPacket *s; register ssize_t i, x; register PixelPacket *q; register unsigned char *p; unsigned int read_JSEP, reading_idat; size_t length; jng_alpha_compression_method=0; jng_alpha_sample_depth=8; jng_color_type=0; jng_height=0; jng_width=0; alpha_image=(Image *) NULL; color_image=(Image *) NULL; alpha_image_info=(ImageInfo *) NULL; color_image_info=(ImageInfo *) NULL; unique_filenames=0; logging=LogMagickEvent(CoderEvent,GetMagickModule(), "" Enter ReadOneJNGImage()""); image=mng_info->image; if (GetAuthenticPixelQueue(image) != (PixelPacket *) NULL) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" AcquireNextImage()""); AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) return(DestroyImageList(image)); image=SyncNextImageInList(image); } mng_info->image=image; read_JSEP=MagickFalse; reading_idat=MagickFalse; for (;;) { char type[MaxTextExtent]; unsigned char *chunk; unsigned int count; status=SetImageProgress(image,LoadImagesTag,TellBlob(image), 2*GetBlobSize(image)); if (status == MagickFalse) break; type[0]='\0'; (void) ConcatenateMagickString(type,""errr"",MaxTextExtent); length=(size_t) ReadBlobMSBLong(image); count=(unsigned int) ReadBlob(image,4,(unsigned char *) type); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading JNG chunk type %c%c%c%c, length: %.20g"", type[0],type[1],type[2],type[3],(double) length); if (length > PNG_UINT_31_MAX || count == 0) { DestroyJNG(NULL,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(CorruptImageError,""CorruptImage""); } p=NULL; chunk=(unsigned char *) NULL; if (length != 0) { if (length > GetBlobSize(image)) { DestroyJNG(NULL,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(CorruptImageError, ""InsufficientImageDataInFile""); } chunk=(unsigned char *) AcquireQuantumMemory(length,sizeof(*chunk)); if (chunk == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); for (i=0; i < (ssize_t) length; i++) { int c; c=ReadBlobByte(image); if (c == EOF) break; chunk[i]=(unsigned char) c; } for ( ; i < (ssize_t) length; i++) chunk[i]='\0'; p=chunk; } (void) ReadBlobMSBLong(image); if (memcmp(type,mng_JHDR,4) == 0) { if (length == 16) { jng_width=(png_uint_32)mng_get_long(p); jng_height=(png_uint_32)mng_get_long(&p[4]); if ((jng_width == 0) || (jng_height == 0)) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(CorruptImageError,""NegativeOrZeroImageSize""); } jng_color_type=p[8]; jng_image_sample_depth=p[9]; jng_image_compression_method=p[10]; jng_image_interlace_method=p[11]; image->interlace=jng_image_interlace_method != 0 ? PNGInterlace : NoInterlace; jng_alpha_sample_depth=p[12]; jng_alpha_compression_method=p[13]; jng_alpha_filter_method=p[14]; jng_alpha_interlace_method=p[15]; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_width: %16lu, jng_height: %16lu\n"" "" jng_color_type: %16d, jng_image_sample_depth: %3d\n"" "" jng_image_compression_method:%3d"", (unsigned long) jng_width, (unsigned long) jng_height, jng_color_type, jng_image_sample_depth, jng_image_compression_method); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_image_interlace_method: %3d"" "" jng_alpha_sample_depth: %3d"", jng_image_interlace_method, jng_alpha_sample_depth); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_alpha_compression_method:%3d\n"" "" jng_alpha_filter_method: %3d\n"" "" jng_alpha_interlace_method: %3d"", jng_alpha_compression_method, jng_alpha_filter_method, jng_alpha_interlace_method); } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); if (jng_width > 65535 || jng_height > 65535 || (long) jng_width > GetMagickResourceLimit(WidthResource) || (long) jng_height > GetMagickResourceLimit(HeightResource)) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" JNG width or height too large: (%lu x %lu)"", (long) jng_width, (long) jng_height); DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } continue; } if ((reading_idat == MagickFalse) && (read_JSEP == MagickFalse) && ((memcmp(type,mng_JDAT,4) == 0) || (memcmp(type,mng_JdAA,4) == 0) || (memcmp(type,mng_IDAT,4) == 0) || (memcmp(type,mng_JDAA,4) == 0))) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Creating color_blob.""); color_image_info=(ImageInfo *)AcquireMagickMemory(sizeof(ImageInfo)); if (color_image_info == (ImageInfo *) NULL) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } GetImageInfo(color_image_info); color_image=AcquireImage(color_image_info); if (color_image == (Image *) NULL) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } (void) AcquireUniqueFilename(color_image->filename); unique_filenames++; status=OpenBlob(color_image_info,color_image,WriteBinaryBlobMode, exception); if (status == MagickFalse) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); return(DestroyImageList(image)); } if ((image_info->ping == MagickFalse) && (jng_color_type >= 12)) { alpha_image_info=(ImageInfo *) AcquireMagickMemory(sizeof(ImageInfo)); if (alpha_image_info == (ImageInfo *) NULL) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } GetImageInfo(alpha_image_info); alpha_image=AcquireImage(alpha_image_info); if (alpha_image == (Image *) NULL) { DestroyJNG(chunk,&color_image,&color_image_info, &alpha_image,&alpha_image_info); ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Creating alpha_blob.""); (void) AcquireUniqueFilename(alpha_image->filename); unique_filenames++; status=OpenBlob(alpha_image_info,alpha_image,WriteBinaryBlobMode, exception); if (status == MagickFalse) { alpha_image=DestroyImage(alpha_image); alpha_image_info=DestroyImageInfo(alpha_image_info); color_image=DestroyImage(color_image); return(DestroyImageList(image)); } if (jng_alpha_compression_method == 0) { unsigned char data[18]; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing IHDR chunk to alpha_blob.""); (void) WriteBlob(alpha_image,8,(const unsigned char *) ""\211PNG\r\n\032\n""); (void) WriteBlobMSBULong(alpha_image,13L); PNGType(data,mng_IHDR); LogPNGChunk(logging,mng_IHDR,13L); PNGLong(data+4,jng_width); PNGLong(data+8,jng_height); data[12]=jng_alpha_sample_depth; data[13]=0; data[14]=0; data[15]=0; data[16]=0; (void) WriteBlob(alpha_image,17,data); (void) WriteBlobMSBULong(alpha_image,crc32(0,data,17)); } } reading_idat=MagickTrue; } if (memcmp(type,mng_JDAT,4) == 0) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying JDAT chunk data to color_blob.""); if (length != 0) { (void) WriteBlob(color_image,length,chunk); chunk=(unsigned char *) RelinquishMagickMemory(chunk); } continue; } if (memcmp(type,mng_IDAT,4) == 0) { png_byte data[5]; if (alpha_image != NULL && image_info->ping == MagickFalse) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying IDAT chunk data to alpha_blob.""); (void) WriteBlobMSBULong(alpha_image,(size_t) length); PNGType(data,mng_IDAT); LogPNGChunk(logging,mng_IDAT,length); (void) WriteBlob(alpha_image,4,data); (void) WriteBlob(alpha_image,length,chunk); (void) WriteBlobMSBULong(alpha_image, crc32(crc32(0,data,4),chunk,(uInt) length)); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if ((memcmp(type,mng_JDAA,4) == 0) || (memcmp(type,mng_JdAA,4) == 0)) { if (alpha_image != NULL && image_info->ping == MagickFalse) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying JDAA chunk data to alpha_blob.""); (void) WriteBlob(alpha_image,length,chunk); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_JSEP,4) == 0) { read_JSEP=MagickTrue; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_bKGD,4) == 0) { if (length == 2) { image->background_color.red=ScaleCharToQuantum(p[1]); image->background_color.green=image->background_color.red; image->background_color.blue=image->background_color.red; } if (length == 6) { image->background_color.red=ScaleCharToQuantum(p[1]); image->background_color.green=ScaleCharToQuantum(p[3]); image->background_color.blue=ScaleCharToQuantum(p[5]); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_gAMA,4) == 0) { if (length == 4) image->gamma=((float) mng_get_long(p))*0.00001; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_cHRM,4) == 0) { if (length == 32) { image->chromaticity.white_point.x=0.00001*mng_get_long(p); image->chromaticity.white_point.y=0.00001*mng_get_long(&p[4]); image->chromaticity.red_primary.x=0.00001*mng_get_long(&p[8]); image->chromaticity.red_primary.y=0.00001*mng_get_long(&p[12]); image->chromaticity.green_primary.x=0.00001*mng_get_long(&p[16]); image->chromaticity.green_primary.y=0.00001*mng_get_long(&p[20]); image->chromaticity.blue_primary.x=0.00001*mng_get_long(&p[24]); image->chromaticity.blue_primary.y=0.00001*mng_get_long(&p[28]); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_sRGB,4) == 0) { if (length == 1) { image->rendering_intent= Magick_RenderingIntent_from_PNG_RenderingIntent(p[0]); image->gamma=1.000f/2.200f; image->chromaticity.red_primary.x=0.6400f; image->chromaticity.red_primary.y=0.3300f; image->chromaticity.green_primary.x=0.3000f; image->chromaticity.green_primary.y=0.6000f; image->chromaticity.blue_primary.x=0.1500f; image->chromaticity.blue_primary.y=0.0600f; image->chromaticity.white_point.x=0.3127f; image->chromaticity.white_point.y=0.3290f; } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_oFFs,4) == 0) { if (length > 8) { image->page.x=(ssize_t) mng_get_long(p); image->page.y=(ssize_t) mng_get_long(&p[4]); if ((int) p[8] != 0) { image->page.x/=10000; image->page.y/=10000; } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_pHYs,4) == 0) { if (length > 8) { image->x_resolution=(double) mng_get_long(p); image->y_resolution=(double) mng_get_long(&p[4]); if ((int) p[8] == PNG_RESOLUTION_METER) { image->units=PixelsPerCentimeterResolution; image->x_resolution=image->x_resolution/100.0f; image->y_resolution=image->y_resolution/100.0f; } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } #if 0 if (memcmp(type,mng_iCCP,4) == 0) { chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } #endif chunk=(unsigned char *) RelinquishMagickMemory(chunk); if (memcmp(type,mng_IEND,4)) continue; break; } if (color_image_info == (ImageInfo *) NULL) { assert(color_image == (Image *) NULL); assert(alpha_image == (Image *) NULL); return(DestroyImageList(image)); } if (color_image == (Image *) NULL) { assert(alpha_image == (Image *) NULL); return(DestroyImageList(image)); } (void) SeekBlob(color_image,0,SEEK_SET); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading jng_image from color_blob.""); assert(color_image_info != (ImageInfo *) NULL); (void) FormatLocaleString(color_image_info->filename,MaxTextExtent,""%s"", color_image->filename); color_image_info->ping=MagickFalse; jng_image=ReadImage(color_image_info,exception); (void) RelinquishUniqueFileResource(color_image->filename); unique_filenames--; color_image=DestroyImage(color_image); color_image_info=DestroyImageInfo(color_image_info); if (jng_image == (Image *) NULL) { DestroyJNG(NULL,NULL,NULL,&alpha_image,&alpha_image_info); return(DestroyImageList(image)); } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying jng_image pixels to main image.""); image->columns=jng_width; image->rows=jng_height; length=image->columns*sizeof(PixelPacket); status=SetImageExtent(image,image->columns,image->rows); if (status == MagickFalse) { jng_image=DestroyImageList(jng_image); DestroyJNG(NULL,&color_image,&color_image_info,&alpha_image, &alpha_image_info); InheritException(exception,&image->exception); return(DestroyImageList(image)); } if ((image->columns != jng_image->columns) || (image->rows != jng_image->rows)) { jng_image=DestroyImageList(jng_image); DestroyJNG(NULL,&color_image,&color_image_info,&alpha_image, &alpha_image_info); InheritException(exception,&image->exception); return(DestroyImageList(image)); } for (y=0; y < (ssize_t) image->rows; y++) { s=GetVirtualPixels(jng_image,0,y,image->columns,1,&image->exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if ((s == (const PixelPacket *) NULL) || (q == (PixelPacket *) NULL)) break; (void) memcpy(q,s,length); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } jng_image=DestroyImage(jng_image); if ((image_info->ping == MagickFalse) && (jng_color_type >= 12)) { if (jng_alpha_compression_method == 0) { png_byte data[5]; (void) WriteBlobMSBULong(alpha_image,0x00000000L); PNGType(data,mng_IEND); LogPNGChunk(logging,mng_IEND,0L); (void) WriteBlob(alpha_image,4,data); (void) WriteBlobMSBULong(alpha_image,crc32(0,data,4)); } (void) SeekBlob(alpha_image,0,SEEK_SET); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading opacity from alpha_blob.""); (void) FormatLocaleString(alpha_image_info->filename,MaxTextExtent, ""%s"",alpha_image->filename); jng_image=ReadImage(alpha_image_info,exception); if (jng_image != (Image *) NULL) for (y=0; y < (ssize_t) image->rows; y++) { s=GetVirtualPixels(jng_image,0,y,image->columns,1,&image->exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if ((s == (const PixelPacket *) NULL) || (q == (PixelPacket *) NULL)) break; if (image->matte != MagickFalse) for (x=(ssize_t) image->columns; x != 0; x--,q++,s++) SetPixelOpacity(q,QuantumRange-GetPixelRed(s)); else for (x=(ssize_t) image->columns; x != 0; x--,q++,s++) { SetPixelAlpha(q,GetPixelRed(s)); if (GetPixelOpacity(q) != OpaqueOpacity) image->matte=MagickTrue; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } (void) RelinquishUniqueFileResource(alpha_image->filename); unique_filenames--; alpha_image=DestroyImage(alpha_image); alpha_image_info=DestroyImageInfo(alpha_image_info); if (jng_image != (Image *) NULL) jng_image=DestroyImage(jng_image); } if (mng_info->mng_type == 0) { mng_info->mng_width=jng_width; mng_info->mng_height=jng_height; } if (image->page.width == 0 && image->page.height == 0) { image->page.width=jng_width; image->page.height=jng_height; } if (image->page.x == 0 && image->page.y == 0) { image->page.x=mng_info->x_off[mng_info->object_id]; image->page.y=mng_info->y_off[mng_info->object_id]; } else { image->page.y=mng_info->y_off[mng_info->object_id]; } mng_info->image_found++; status=SetImageProgress(image,LoadImagesTag,2*TellBlob(image), 2*GetBlobSize(image)); if (status == MagickFalse) return(DestroyImageList(image)); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" exit ReadOneJNGImage(); unique_filenames=%d"",unique_filenames); return(image); }",visit repo url,coders/png.c,https://github.com/ImageMagick/ImageMagick6,51392408327436,1 1574,CWE-362,"void sctp_generate_proto_unreach_event(unsigned long data) { struct sctp_transport *transport = (struct sctp_transport *) data; struct sctp_association *asoc = transport->asoc; struct net *net = sock_net(asoc->base.sk); bh_lock_sock(asoc->base.sk); if (sock_owned_by_user(asoc->base.sk)) { pr_debug(""%s: sock is busy\n"", __func__); if (!mod_timer(&transport->proto_unreach_timer, jiffies + (HZ/20))) sctp_association_hold(asoc); goto out_unlock; } if (asoc->base.dead) goto out_unlock; sctp_do_sm(net, SCTP_EVENT_T_OTHER, SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH), asoc->state, asoc->ep, asoc, transport, GFP_ATOMIC); out_unlock: bh_unlock_sock(asoc->base.sk); sctp_association_put(asoc); }",visit repo url,net/sctp/sm_sideeffect.c,https://github.com/torvalds/linux,269976869364177,1 2362,['CWE-200'],"get_sdev(int dev) { struct seq_oss_synth *rec; unsigned long flags; spin_lock_irqsave(®ister_lock, flags); rec = synth_devs[dev]; if (rec) snd_use_lock_use(&rec->use_lock); spin_unlock_irqrestore(®ister_lock, flags); return rec; }",linux-2.6,,,193108557359277039623780002233606203485,0 1249,[],"shipout_int (struct obstack *obs, int val) { const char *s; s = ntoa ((int32_t) val, 10); obstack_grow (obs, s, strlen (s)); }",m4,,,5275441583009830516399097202606842924,0 2539,['CWE-119'],"static void diff_summary(FILE *file, struct diff_filepair *p) { switch(p->status) { case DIFF_STATUS_DELETED: show_file_mode_name(file, ""delete"", p->one); break; case DIFF_STATUS_ADDED: show_file_mode_name(file, ""create"", p->two); break; case DIFF_STATUS_COPIED: show_rename_copy(file, ""copy"", p); break; case DIFF_STATUS_RENAMED: show_rename_copy(file, ""rename"", p); break; default: if (p->score) { fputs("" rewrite "", file); write_name_quoted(p->two->path, file, ' '); fprintf(file, ""(%d%%)\n"", similarity_index(p)); } show_mode_change(file, p, !p->score); break; } }",git,,,311984113184832257264040072535700861625,0 4422,CWE-125,"mrb_vm_exec(mrb_state *mrb, const struct RProc *proc, const mrb_code *pc) { const mrb_irep *irep = proc->body.irep; const mrb_pool_value *pool = irep->pool; const mrb_sym *syms = irep->syms; mrb_code insn; int ai = mrb_gc_arena_save(mrb); struct mrb_jmpbuf *prev_jmp = mrb->jmp; struct mrb_jmpbuf c_jmp; uint32_t a; uint16_t b; uint16_t c; mrb_sym mid; const struct mrb_irep_catch_handler *ch; #ifdef DIRECT_THREADED static const void * const optable[] = { #define OPCODE(x,_) &&L_OP_ ## x, #include ""mruby/ops.h"" #undef OPCODE }; #endif mrb_bool exc_catched = FALSE; RETRY_TRY_BLOCK: MRB_TRY(&c_jmp) { if (exc_catched) { exc_catched = FALSE; mrb_gc_arena_restore(mrb, ai); if (mrb->exc && mrb->exc->tt == MRB_TT_BREAK) goto L_BREAK; goto L_RAISE; } mrb->jmp = &c_jmp; mrb_vm_ci_proc_set(mrb->c->ci, proc); #define regs (mrb->c->ci->stack) INIT_DISPATCH { CASE(OP_NOP, Z) { NEXT; } CASE(OP_MOVE, BB) { regs[a] = regs[b]; NEXT; } CASE(OP_LOADL, BB) { switch (pool[b].tt) { case IREP_TT_INT32: regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i32); break; case IREP_TT_INT64: #if defined(MRB_INT64) regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; #else #if defined(MRB_64BIT) if (INT32_MIN <= pool[b].u.i64 && pool[b].u.i64 <= INT32_MAX) { regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; } #endif goto L_INT_OVERFLOW; #endif case IREP_TT_BIGINT: goto L_INT_OVERFLOW; #ifndef MRB_NO_FLOAT case IREP_TT_FLOAT: regs[a] = mrb_float_value(mrb, pool[b].u.f); break; #endif default: regs[a] = mrb_nil_value(); break; } NEXT; } CASE(OP_LOADI, BB) { SET_FIXNUM_VALUE(regs[a], b); NEXT; } CASE(OP_LOADINEG, BB) { SET_FIXNUM_VALUE(regs[a], -b); NEXT; } CASE(OP_LOADI__1,B) goto L_LOADI; CASE(OP_LOADI_0,B) goto L_LOADI; CASE(OP_LOADI_1,B) goto L_LOADI; CASE(OP_LOADI_2,B) goto L_LOADI; CASE(OP_LOADI_3,B) goto L_LOADI; CASE(OP_LOADI_4,B) goto L_LOADI; CASE(OP_LOADI_5,B) goto L_LOADI; CASE(OP_LOADI_6,B) goto L_LOADI; CASE(OP_LOADI_7, B) { L_LOADI: SET_FIXNUM_VALUE(regs[a], (mrb_int)insn - (mrb_int)OP_LOADI_0); NEXT; } CASE(OP_LOADI16, BS) { SET_FIXNUM_VALUE(regs[a], (mrb_int)(int16_t)b); NEXT; } CASE(OP_LOADI32, BSS) { SET_INT_VALUE(mrb, regs[a], (int32_t)(((uint32_t)b<<16)+c)); NEXT; } CASE(OP_LOADSYM, BB) { SET_SYM_VALUE(regs[a], syms[b]); NEXT; } CASE(OP_LOADNIL, B) { SET_NIL_VALUE(regs[a]); NEXT; } CASE(OP_LOADSELF, B) { regs[a] = regs[0]; NEXT; } CASE(OP_LOADT, B) { SET_TRUE_VALUE(regs[a]); NEXT; } CASE(OP_LOADF, B) { SET_FALSE_VALUE(regs[a]); NEXT; } CASE(OP_GETGV, BB) { mrb_value val = mrb_gv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETGV, BB) { mrb_gv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETSV, BB) { mrb_value val = mrb_vm_special_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETSV, BB) { mrb_vm_special_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIV, BB) { regs[a] = mrb_iv_get(mrb, regs[0], syms[b]); NEXT; } CASE(OP_SETIV, BB) { mrb_iv_set(mrb, regs[0], syms[b], regs[a]); NEXT; } CASE(OP_GETCV, BB) { mrb_value val; val = mrb_vm_cv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETCV, BB) { mrb_vm_cv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIDX, B) { mrb_value va = regs[a], vb = regs[a+1]; switch (mrb_type(va)) { case MRB_TT_ARRAY: if (!mrb_integer_p(vb)) goto getidx_fallback; regs[a] = mrb_ary_entry(va, mrb_integer(vb)); break; case MRB_TT_HASH: regs[a] = mrb_hash_get(mrb, va, vb); break; case MRB_TT_STRING: switch (mrb_type(vb)) { case MRB_TT_INTEGER: case MRB_TT_STRING: case MRB_TT_RANGE: regs[a] = mrb_str_aref(mrb, va, vb, mrb_undef_value()); break; default: goto getidx_fallback; } break; default: getidx_fallback: mid = MRB_OPSYM(aref); goto L_SEND_SYM; } NEXT; } CASE(OP_SETIDX, B) { c = 2; mid = MRB_OPSYM(aset); SET_NIL_VALUE(regs[a+3]); goto L_SENDB_SYM; } CASE(OP_GETCONST, BB) { regs[a] = mrb_vm_const_get(mrb, syms[b]); NEXT; } CASE(OP_SETCONST, BB) { mrb_vm_const_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETMCNST, BB) { regs[a] = mrb_const_get(mrb, regs[a], syms[b]); NEXT; } CASE(OP_SETMCNST, BB) { mrb_const_set(mrb, regs[a+1], syms[b], regs[a]); NEXT; } CASE(OP_GETUPVAR, BBB) { mrb_value *regs_a = regs + a; struct REnv *e = uvenv(mrb, c); if (e && b < MRB_ENV_LEN(e)) { *regs_a = e->stack[b]; } else { *regs_a = mrb_nil_value(); } NEXT; } CASE(OP_SETUPVAR, BBB) { struct REnv *e = uvenv(mrb, c); if (e) { mrb_value *regs_a = regs + a; if (b < MRB_ENV_LEN(e)) { e->stack[b] = *regs_a; mrb_write_barrier(mrb, (struct RBasic*)e); } } NEXT; } CASE(OP_JMP, S) { pc += (int16_t)a; JUMP; } CASE(OP_JMPIF, BS) { if (mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNOT, BS) { if (!mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNIL, BS) { if (mrb_nil_p(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPUW, S) { a = (uint32_t)((pc - irep->iseq) + (int16_t)a); CHECKPOINT_RESTORE(RBREAK_TAG_JUMP) { struct RBreak *brk = (struct RBreak*)mrb->exc; mrb_value target = mrb_break_value_get(brk); mrb_assert(mrb_integer_p(target)); a = (uint32_t)mrb_integer(target); mrb_assert(a >= 0 && a < irep->ilen); } CHECKPOINT_MAIN(RBREAK_TAG_JUMP) { ch = catch_handler_find(mrb, mrb->c->ci, pc, MRB_CATCH_FILTER_ENSURE); if (ch) { if (a < mrb_irep_catch_handler_unpack(ch->begin) || a >= mrb_irep_catch_handler_unpack(ch->end)) { THROW_TAGGED_BREAK(mrb, RBREAK_TAG_JUMP, proc, mrb_fixnum_value(a)); } } } CHECKPOINT_END(RBREAK_TAG_JUMP); mrb->exc = NULL; pc = irep->iseq + a; JUMP; } CASE(OP_EXCEPT, B) { mrb_value exc; if (mrb->exc == NULL) { exc = mrb_nil_value(); } else { switch (mrb->exc->tt) { case MRB_TT_BREAK: case MRB_TT_EXCEPTION: exc = mrb_obj_value(mrb->exc); break; default: mrb_assert(!""bad mrb_type""); exc = mrb_nil_value(); break; } mrb->exc = NULL; } regs[a] = exc; NEXT; } CASE(OP_RESCUE, BB) { mrb_value exc = regs[a]; mrb_value e = regs[b]; struct RClass *ec; switch (mrb_type(e)) { case MRB_TT_CLASS: case MRB_TT_MODULE: break; default: { mrb_value exc; exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""class or module required for rescue clause""); mrb_exc_set(mrb, exc); goto L_RAISE; } } ec = mrb_class_ptr(e); regs[b] = mrb_bool_value(mrb_obj_is_kind_of(mrb, exc, ec)); NEXT; } CASE(OP_RAISEIF, B) { mrb_value exc = regs[a]; if (mrb_break_p(exc)) { mrb->exc = mrb_obj_ptr(exc); goto L_BREAK; } mrb_exc_set(mrb, exc); if (mrb->exc) { goto L_RAISE; } NEXT; } CASE(OP_SSEND, BBB) { regs[a] = regs[0]; insn = OP_SEND; } goto L_SENDB; CASE(OP_SSENDB, BBB) { regs[a] = regs[0]; } goto L_SENDB; CASE(OP_SEND, BBB) goto L_SENDB; L_SEND_SYM: c = 1; SET_NIL_VALUE(regs[a+2]); goto L_SENDB_SYM; CASE(OP_SENDB, BBB) L_SENDB: mid = syms[b]; L_SENDB_SYM: { mrb_callinfo *ci = mrb->c->ci; mrb_method_t m; struct RClass *cls; mrb_value recv, blk; ARGUMENT_NORMALIZE(a, &c, insn); recv = regs[a]; cls = mrb_class(mrb, recv); m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &c, blk, 0); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, c); if (MRB_METHOD_CFUNC_P(m)) { if (MRB_METHOD_PROC_P(m)) { struct RProc *p = MRB_METHOD_PROC(m); mrb_vm_ci_proc_set(ci, p); recv = p->body.func(mrb, recv); } else { if (MRB_METHOD_NOARG_P(m)) { check_method_noarg(mrb, ci); } recv = MRB_METHOD_FUNC(m)(mrb, recv); } mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (p && !MRB_PROC_STRICT_P(p) && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } if (!ci->u.target_class) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return recv; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } ci->stack[0] = recv; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } } JUMP; CASE(OP_CALL, Z) { mrb_callinfo *ci = mrb->c->ci; mrb_value recv = ci->stack[0]; struct RProc *m = mrb_proc_ptr(recv); ci->u.target_class = MRB_PROC_TARGET_CLASS(m); mrb_vm_ci_proc_set(ci, m); if (MRB_PROC_ENV_P(m)) { ci->mid = MRB_PROC_ENV(m)->mid; } if (MRB_PROC_CFUNC_P(m)) { recv = MRB_PROC_CFUNC(m)(mrb, recv); mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = cipop(mrb); pc = ci->pc; ci[1].stack[0] = recv; irep = mrb->c->ci->proc->body.irep; } else { proc = m; irep = m->body.irep; if (!irep) { mrb->c->ci->stack[0] = mrb_nil_value(); a = 0; c = OP_R_NORMAL; goto L_OP_RETURN_BODY; } mrb_int nargs = mrb_ci_bidx(ci)+1; if (nargs < irep->nregs) { mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+nargs, irep->nregs-nargs); } if (MRB_PROC_ENV_P(m)) { regs[0] = MRB_PROC_ENV(m)->stack[0]; } pc = irep->iseq; } pool = irep->pool; syms = irep->syms; JUMP; } CASE(OP_SUPER, BB) { mrb_method_t m; struct RClass *cls; mrb_callinfo *ci = mrb->c->ci; mrb_value recv, blk; const struct RProc *p = ci->proc; mrb_sym mid = ci->mid; struct RClass* target_class = MRB_PROC_TARGET_CLASS(p); if (MRB_PROC_ENV_P(p) && p->e.env->mid && p->e.env->mid != mid) { mid = p->e.env->mid; } if (mid == 0 || !target_class) { mrb_value exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (target_class->flags & MRB_FL_CLASS_IS_PREPENDED) { target_class = mrb_vm_ci_target_class(ci); } else if (target_class->tt == MRB_TT_MODULE) { target_class = mrb_vm_ci_target_class(ci); if (target_class->tt != MRB_TT_ICLASS) { goto super_typeerror; } } recv = regs[0]; if (!mrb_obj_is_kind_of(mrb, recv, target_class)) { super_typeerror: ; mrb_value exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""self has wrong type to call super in this context""); mrb_exc_set(mrb, exc); goto L_RAISE; } ARGUMENT_NORMALIZE(a, &b, OP_SUPER); cls = target_class->super; m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &b, blk, 1); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, b); ci->stack[0] = recv; if (MRB_METHOD_CFUNC_P(m)) { mrb_value v; if (MRB_METHOD_PROC_P(m)) { mrb_vm_ci_proc_set(ci, MRB_METHOD_PROC(m)); } v = MRB_METHOD_CFUNC(m)(mrb, recv); mrb_gc_arena_restore(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; mrb_assert(!mrb_break_p(v)); if (!mrb_vm_ci_target_class(ci)) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return v; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } mrb->c->ci->stack[0] = v; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } JUMP; } CASE(OP_ARGARY, BS) { mrb_int m1 = (b>>11)&0x3f; mrb_int r = (b>>10)&0x1; mrb_int m2 = (b>>5)&0x1f; mrb_int kd = (b>>4)&0x1; mrb_int lv = (b>>0)&0xf; mrb_value *stack; if (mrb->c->ci->mid == 0 || mrb_vm_ci_target_class(mrb->c->ci) == NULL) { mrb_value exc; L_NOSUPER: exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e) goto L_NOSUPER; if (MRB_ENV_LEN(e) <= m1+r+m2+1) goto L_NOSUPER; stack = e->stack + 1; } if (r == 0) { regs[a] = mrb_ary_new_from_values(mrb, m1+m2, stack); } else { mrb_value *pp = NULL; struct RArray *rest; mrb_int len = 0; if (mrb_array_p(stack[m1])) { struct RArray *ary = mrb_ary_ptr(stack[m1]); pp = ARY_PTR(ary); len = ARY_LEN(ary); } regs[a] = mrb_ary_new_capa(mrb, m1+len+m2); rest = mrb_ary_ptr(regs[a]); if (m1 > 0) { stack_copy(ARY_PTR(rest), stack, m1); } if (len > 0) { stack_copy(ARY_PTR(rest)+m1, pp, len); } if (m2 > 0) { stack_copy(ARY_PTR(rest)+m1+len, stack+m1+1, m2); } ARY_SET_LEN(rest, m1+len+m2); } if (kd) { regs[a+1] = stack[m1+r+m2]; regs[a+2] = stack[m1+r+m2+1]; } else { regs[a+1] = stack[m1+r+m2]; } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ENTER, W) { mrb_int m1 = MRB_ASPEC_REQ(a); mrb_int o = MRB_ASPEC_OPT(a); mrb_int r = MRB_ASPEC_REST(a); mrb_int m2 = MRB_ASPEC_POST(a); mrb_int kd = (MRB_ASPEC_KEY(a) > 0 || MRB_ASPEC_KDICT(a))? 1 : 0; mrb_int const len = m1 + o + r + m2; mrb_callinfo *ci = mrb->c->ci; mrb_int argc = ci->n; mrb_value *argv = regs+1; mrb_value * const argv0 = argv; mrb_int const kw_pos = len + kd; mrb_int const blk_pos = kw_pos + 1; mrb_value blk = regs[mrb_ci_bidx(ci)]; mrb_value kdict = mrb_nil_value(); if (ci->nk > 0) { mrb_int kidx = mrb_ci_kidx(ci); kdict = regs[kidx]; if (!mrb_hash_p(kdict) || mrb_hash_size(mrb, kdict) == 0) { kdict = mrb_nil_value(); ci->nk = 0; } } if (!kd && !mrb_nil_p(kdict)) { if (argc < 14) { ci->n++; argc++; } else if (argc == 14) { regs[1] = mrb_ary_new_from_values(mrb, argc+1, ®s[1]); argc = ci->n = 15; } else { mrb_ary_push(mrb, regs[1], regs[2]); } ci->nk = 0; } if (kd && MRB_ASPEC_KEY(a) > 0 && mrb_hash_p(kdict)) { kdict = mrb_hash_dup(mrb, kdict); } if (argc == 15) { struct RArray *ary = mrb_ary_ptr(regs[1]); argv = ARY_PTR(ary); argc = (int)ARY_LEN(ary); mrb_gc_protect(mrb, regs[1]); } if (ci->proc && MRB_PROC_STRICT_P(ci->proc)) { if (argc < m1 + m2 || (r == 0 && argc > len)) { argnum_error(mrb, m1+m2); goto L_RAISE; } } else if (len > 1 && argc == 1 && mrb_array_p(argv[0])) { mrb_gc_protect(mrb, argv[0]); argc = (int)RARRAY_LEN(argv[0]); argv = RARRAY_PTR(argv[0]); } mrb_value rest = mrb_nil_value(); if (argc < len) { mrb_int mlen = m2; if (argc < m1+m2) { mlen = m1 < argc ? argc - m1 : 0; } if (argv0 != argv && argv) { value_move(®s[1], argv, argc-mlen); } if (argc < m1) { stack_clear(®s[argc+1], m1-argc); } if (mlen) { value_move(®s[len-m2+1], &argv[argc-mlen], mlen); } if (mlen < m2) { stack_clear(®s[len-m2+mlen+1], m2-mlen); } if (r) { rest = mrb_ary_new_capa(mrb, 0); regs[m1+o+1] = rest; } if (o > 0 && argc > m1+m2) pc += (argc - m1 - m2)*3; } else { mrb_int rnum = 0; if (argv0 != argv) { value_move(®s[1], argv, m1+o); } if (r) { rnum = argc-m1-o-m2; rest = mrb_ary_new_from_values(mrb, rnum, argv+m1+o); regs[m1+o+1] = rest; } if (m2 > 0 && argc-m2 > m1) { value_move(®s[m1+o+r+1], &argv[m1+o+rnum], m2); } pc += o*3; } regs[blk_pos] = blk; if (kd) { if (mrb_nil_p(kdict)) kdict = mrb_hash_new_capa(mrb, 0); regs[kw_pos] = kdict; } mrb->c->ci->n = len; if (irep->nlocals-blk_pos-1 > 0) { stack_clear(®s[blk_pos+1], irep->nlocals-blk_pos-1); } JUMP; } CASE(OP_KARG, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx < 0 || !mrb_hash_p(kdict=regs[kidx]) || !mrb_hash_key_p(mrb, kdict, k)) { mrb_value str = mrb_format(mrb, ""missing keyword: %v"", k); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } regs[a] = mrb_hash_get(mrb, kdict, k); mrb_hash_delete_key(mrb, kdict, k); NEXT; } CASE(OP_KEY_P, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; mrb_bool key_p = FALSE; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx])) { key_p = mrb_hash_key_p(mrb, kdict, k); } regs[a] = mrb_bool_value(key_p); NEXT; } CASE(OP_KEYEND, Z) { mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx]) && !mrb_hash_empty_p(mrb, kdict)) { mrb_value keys = mrb_hash_keys(mrb, kdict); mrb_value key1 = RARRAY_PTR(keys)[0]; mrb_value str = mrb_format(mrb, ""unknown keyword: %v"", key1); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } NEXT; } CASE(OP_BREAK, B) { c = OP_R_BREAK; goto L_RETURN; } CASE(OP_RETURN_BLK, B) { c = OP_R_RETURN; goto L_RETURN; } CASE(OP_RETURN, B) c = OP_R_NORMAL; L_RETURN: { mrb_callinfo *ci; ci = mrb->c->ci; if (ci->mid) { mrb_value blk = regs[mrb_ci_bidx(ci)]; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p) && ci > mrb->c->cibase && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } } if (mrb->exc) { L_RAISE: ci = mrb->c->ci; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) goto L_FTOP; goto L_CATCH; } while ((ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL)) == NULL) { ci = cipop(mrb); if (ci[1].cci == CINFO_SKIP && prev_jmp) { mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } pc = ci[0].pc; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) { L_FTOP: if (mrb->c == mrb->root_c) { mrb->c->ci->stack = mrb->c->stbase; goto L_STOP; } else { struct mrb_context *c = mrb->c; c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; c->prev = NULL; goto L_RAISE; } } break; } } L_CATCH: if (ch == NULL) goto L_STOP; if (FALSE) { L_CATCH_TAGGED_BREAK: ci = mrb->c->ci; } proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); pc = irep->iseq + mrb_irep_catch_handler_unpack(ch->target); } else { mrb_int acc; mrb_value v; ci = mrb->c->ci; v = regs[a]; mrb_gc_protect(mrb, v); switch (c) { case OP_R_RETURN: if (ci->cci == CINFO_NONE && MRB_PROC_ENV_P(proc) && !MRB_PROC_STRICT_P(proc)) { const struct RProc *dst; mrb_callinfo *cibase; cibase = mrb->c->cibase; dst = top_proc(mrb, proc); if (MRB_PROC_ENV_P(dst)) { struct REnv *e = MRB_PROC_ENV(dst); if (!MRB_ENV_ONSTACK_P(e) || (e->cxt && e->cxt != mrb->c)) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } } while (cibase <= ci && ci->proc != dst) { if (ci->cci > CINFO_NONE) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci--; } if (ci <= cibase) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci = mrb->c->ci; while (cibase <= ci && ci->proc != dst) { CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_BLOCK) { cibase = mrb->c->cibase; dst = top_proc(mrb, proc); } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_BLOCK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_BLOCK, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_BLOCK); ci = cipop(mrb); pc = ci->pc; } proc = ci->proc; mrb->exc = NULL; break; } case OP_R_NORMAL: NORMAL_RETURN: if (ci == mrb->c->cibase) { struct mrb_context *c; c = mrb->c; if (!c->prev) { regs[irep->nlocals] = v; goto CHECKPOINT_LABEL_MAKE(RBREAK_TAG_STOP); } if (!c->vmexec && c->prev->ci == c->prev->cibase) { mrb_value exc = mrb_exc_new_lit(mrb, E_FIBER_ERROR, ""double resume""); mrb_exc_set(mrb, exc); goto L_RAISE; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_TOPLEVEL) { c = mrb->c; } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_TOPLEVEL) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_TOPLEVEL, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_TOPLEVEL); c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; mrb->c->status = MRB_FIBER_RUNNING; c->prev = NULL; if (c->vmexec) { mrb_gc_arena_restore(mrb, ai); c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } ci = mrb->c->ci; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN) { } CHECKPOINT_MAIN(RBREAK_TAG_RETURN) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN); mrb->exc = NULL; break; case OP_R_BREAK: if (MRB_PROC_STRICT_P(proc)) goto NORMAL_RETURN; if (MRB_PROC_ORPHAN_P(proc)) { mrb_value exc; L_BREAK_ERROR: exc = mrb_exc_new_lit(mrb, E_LOCALJUMP_ERROR, ""break from proc-closure""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (!MRB_PROC_ENV_P(proc) || !MRB_ENV_ONSTACK_P(MRB_PROC_ENV(proc))) { goto L_BREAK_ERROR; } else { struct REnv *e = MRB_PROC_ENV(proc); if (e->cxt != mrb->c) { goto L_BREAK_ERROR; } } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK); if (ci == mrb->c->cibase && ci->pc) { struct mrb_context *c = mrb->c; mrb->c = c->prev; c->prev = NULL; ci = mrb->c->ci; } if (ci->cci > CINFO_NONE) { ci = cipop(mrb); mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } if (FALSE) { struct RBreak *brk; L_BREAK: brk = (struct RBreak*)mrb->exc; proc = mrb_break_proc_get(brk); v = mrb_break_value_get(brk); ci = mrb->c->ci; switch (mrb_break_tag_get(brk)) { #define DISPATCH_CHECKPOINTS(n, i) case n: goto CHECKPOINT_LABEL_MAKE(n); RBREAK_TAG_FOREACH(DISPATCH_CHECKPOINTS) #undef DISPATCH_CHECKPOINTS default: mrb_assert(!""wrong break tag""); } } while (mrb->c->cibase < ci && ci[-1].proc != proc->upper) { if (ci[-1].cci == CINFO_SKIP) { goto L_BREAK_ERROR; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_UPPER) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_UPPER) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_UPPER, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_UPPER); ci = cipop(mrb); pc = ci->pc; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_INTARGET) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_INTARGET) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_INTARGET, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_INTARGET); if (ci == mrb->c->cibase) { goto L_BREAK_ERROR; } mrb->exc = NULL; break; default: break; } mrb_assert(ci == mrb->c->ci); mrb_assert(mrb->exc == NULL); if (mrb->c->vmexec && !mrb_vm_ci_target_class(ci)) { mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } acc = ci->cci; ci = cipop(mrb); if (acc == CINFO_SKIP || acc == CINFO_DIRECT) { mrb_gc_arena_restore(mrb, ai); mrb->jmp = prev_jmp; return v; } pc = ci->pc; DEBUG(fprintf(stderr, ""from :%s\n"", mrb_sym_name(mrb, ci->mid))); proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; ci[1].stack[0] = v; mrb_gc_arena_restore(mrb, ai); } JUMP; } CASE(OP_BLKPUSH, BS) { int m1 = (b>>11)&0x3f; int r = (b>>10)&0x1; int m2 = (b>>5)&0x1f; int kd = (b>>4)&0x1; int lv = (b>>0)&0xf; mrb_value *stack; if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e || (!MRB_ENV_ONSTACK_P(e) && e->mid == 0) || MRB_ENV_LEN(e) <= m1+r+m2+1) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } stack = e->stack + 1; } if (mrb_nil_p(stack[m1+r+m2+kd])) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } regs[a] = stack[m1+r+m2+kd]; NEXT; } L_INT_OVERFLOW: { mrb_value exc = mrb_exc_new_lit(mrb, E_RANGE_ERROR, ""integer overflow""); mrb_exc_set(mrb, exc); } goto L_RAISE; #define TYPES2(a,b) ((((uint16_t)(a))<<8)|(((uint16_t)(b))&0xff)) #define OP_MATH(op_name) \ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { \ OP_MATH_CASE_INTEGER(op_name); \ OP_MATH_CASE_FLOAT(op_name, integer, float); \ OP_MATH_CASE_FLOAT(op_name, float, integer); \ OP_MATH_CASE_FLOAT(op_name, float, float); \ OP_MATH_CASE_STRING_##op_name(); \ default: \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATH_CASE_INTEGER(op_name) \ case TYPES2(MRB_TT_INTEGER, MRB_TT_INTEGER): \ { \ mrb_int x = mrb_integer(regs[a]), y = mrb_integer(regs[a+1]), z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATH_CASE_FLOAT(op_name, t1, t2) (void)0 #else #define OP_MATH_CASE_FLOAT(op_name, t1, t2) \ case TYPES2(OP_MATH_TT_##t1, OP_MATH_TT_##t2): \ { \ mrb_float z = mrb_##t1(regs[a]) OP_MATH_OP_##op_name mrb_##t2(regs[a+1]); \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif #define OP_MATH_OVERFLOW_INT() goto L_INT_OVERFLOW #define OP_MATH_CASE_STRING_add() \ case TYPES2(MRB_TT_STRING, MRB_TT_STRING): \ regs[a] = mrb_str_plus(mrb, regs[a], regs[a+1]); \ mrb_gc_arena_restore(mrb, ai); \ break #define OP_MATH_CASE_STRING_sub() (void)0 #define OP_MATH_CASE_STRING_mul() (void)0 #define OP_MATH_OP_add + #define OP_MATH_OP_sub - #define OP_MATH_OP_mul * #define OP_MATH_TT_integer MRB_TT_INTEGER #define OP_MATH_TT_float MRB_TT_FLOAT CASE(OP_ADD, B) { OP_MATH(add); } CASE(OP_SUB, B) { OP_MATH(sub); } CASE(OP_MUL, B) { OP_MATH(mul); } CASE(OP_DIV, B) { #ifndef MRB_NO_FLOAT mrb_float x, y, f; #endif switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER): { mrb_int x = mrb_integer(regs[a]); mrb_int y = mrb_integer(regs[a+1]); mrb_int div = mrb_div_int(mrb, x, y); SET_INT_VALUE(mrb, regs[a], div); } NEXT; #ifndef MRB_NO_FLOAT case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT): x = (mrb_float)mrb_integer(regs[a]); y = mrb_float(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER): x = mrb_float(regs[a]); y = (mrb_float)mrb_integer(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): x = mrb_float(regs[a]); y = mrb_float(regs[a+1]); break; #endif default: mid = MRB_OPSYM(div); goto L_SEND_SYM; } #ifndef MRB_NO_FLOAT f = mrb_div_float(x, y); SET_FLOAT_VALUE(mrb, regs[a], f); #endif NEXT; } #define OP_MATHI(op_name) \ \ switch (mrb_type(regs[a])) { \ OP_MATHI_CASE_INTEGER(op_name); \ OP_MATHI_CASE_FLOAT(op_name); \ default: \ SET_INT_VALUE(mrb,regs[a+1], b); \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATHI_CASE_INTEGER(op_name) \ case MRB_TT_INTEGER: \ { \ mrb_int x = mrb_integer(regs[a]), y = (mrb_int)b, z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATHI_CASE_FLOAT(op_name) (void)0 #else #define OP_MATHI_CASE_FLOAT(op_name) \ case MRB_TT_FLOAT: \ { \ mrb_float z = mrb_float(regs[a]) OP_MATH_OP_##op_name b; \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif CASE(OP_ADDI, BB) { OP_MATHI(add); } CASE(OP_SUBI, BB) { OP_MATHI(sub); } #define OP_CMP_BODY(op,v1,v2) (v1(regs[a]) op v2(regs[a+1])) #ifdef MRB_NO_FLOAT #define OP_CMP(op,sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #else #define OP_CMP(op, sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_float);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_float,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_float,mrb_float);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #endif CASE(OP_EQ, B) { if (mrb_obj_eq(mrb, regs[a], regs[a+1])) { SET_TRUE_VALUE(regs[a]); } else { OP_CMP(==,eq); } NEXT; } CASE(OP_LT, B) { OP_CMP(<,lt); NEXT; } CASE(OP_LE, B) { OP_CMP(<=,le); NEXT; } CASE(OP_GT, B) { OP_CMP(>,gt); NEXT; } CASE(OP_GE, B) { OP_CMP(>=,ge); NEXT; } CASE(OP_ARRAY, BB) { regs[a] = mrb_ary_new_from_values(mrb, b, ®s[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARRAY2, BBB) { regs[a] = mrb_ary_new_from_values(mrb, c, ®s[b]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYCAT, B) { mrb_value splat = mrb_ary_splat(mrb, regs[a+1]); if (mrb_nil_p(regs[a])) { regs[a] = splat; } else { mrb_assert(mrb_array_p(regs[a])); mrb_ary_concat(mrb, regs[a], splat); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYPUSH, BB) { mrb_assert(mrb_array_p(regs[a])); for (mrb_int i=0; i pre + post) { v = mrb_ary_new_from_values(mrb, len - pre - post, ARY_PTR(ary)+pre); regs[a++] = v; while (post--) { regs[a++] = ARY_PTR(ary)[len-post-1]; } } else { v = mrb_ary_new_capa(mrb, 0); regs[a++] = v; for (idx=0; idx+pre> 2; if (pool[b].tt & IREP_TT_SFLAG) { sym = mrb_intern_static(mrb, pool[b].u.str, len); } else { sym = mrb_intern(mrb, pool[b].u.str, len); } regs[a] = mrb_symbol_value(sym); NEXT; } CASE(OP_STRING, BB) { size_t len; mrb_assert((pool[b].tt&IREP_TT_NFLAG)==0); len = pool[b].tt >> 2; if (pool[b].tt & IREP_TT_SFLAG) { regs[a] = mrb_str_new_static(mrb, pool[b].u.str, len); } else { regs[a] = mrb_str_new(mrb, pool[b].u.str, len); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_STRCAT, B) { mrb_assert(mrb_string_p(regs[a])); mrb_str_concat(mrb, regs[a], regs[a+1]); NEXT; } CASE(OP_HASH, BB) { mrb_value hash = mrb_hash_new_capa(mrb, b); int i; int lim = a+b*2; for (i=a; ireps[b]; if (c & OP_L_CAPTURE) { p = mrb_closure_new(mrb, nirep); } else { p = mrb_proc_new(mrb, nirep); p->flags |= MRB_PROC_SCOPE; } if (c & OP_L_STRICT) p->flags |= MRB_PROC_STRICT; regs[a] = mrb_obj_value(p); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_BLOCK, BB) { c = OP_L_BLOCK; goto L_MAKE_LAMBDA; } CASE(OP_METHOD, BB) { c = OP_L_METHOD; goto L_MAKE_LAMBDA; } CASE(OP_RANGE_INC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], FALSE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_RANGE_EXC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], TRUE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_OCLASS, B) { regs[a] = mrb_obj_value(mrb->object_class); NEXT; } CASE(OP_CLASS, BB) { struct RClass *c = 0, *baseclass; mrb_value base, super; mrb_sym id = syms[b]; base = regs[a]; super = regs[a+1]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } c = mrb_vm_define_class(mrb, base, super, id); regs[a] = mrb_obj_value(c); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_MODULE, BB) { struct RClass *cls = 0, *baseclass; mrb_value base; mrb_sym id = syms[b]; base = regs[a]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } cls = mrb_vm_define_module(mrb, base, id); regs[a] = mrb_obj_value(cls); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_EXEC, BB) { mrb_value recv = regs[a]; struct RProc *p; const mrb_irep *nirep = irep->reps[b]; p = mrb_proc_new(mrb, nirep); p->c = NULL; mrb_field_write_barrier(mrb, (struct RBasic*)p, (struct RBasic*)proc); MRB_PROC_SET_TARGET_CLASS(p, mrb_class_ptr(recv)); p->flags |= MRB_PROC_SCOPE; cipush(mrb, a, 0, mrb_class_ptr(recv), p, 0, 0); irep = p->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+1, irep->nregs-1); pc = irep->iseq; JUMP; } CASE(OP_DEF, BB) { struct RClass *target = mrb_class_ptr(regs[a]); struct RProc *p = mrb_proc_ptr(regs[a+1]); mrb_method_t m; mrb_sym mid = syms[b]; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, target, mid, m); mrb_method_added(mrb, target, mid); mrb_gc_arena_restore(mrb, ai); regs[a] = mrb_symbol_value(mid); NEXT; } CASE(OP_SCLASS, B) { regs[a] = mrb_singleton_class(mrb, regs[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_TCLASS, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; regs[a] = mrb_obj_value(target); NEXT; } CASE(OP_ALIAS, BB) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_alias_method(mrb, target, syms[a], syms[b]); mrb_method_added(mrb, target, syms[a]); NEXT; } CASE(OP_UNDEF, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_undef_method_id(mrb, target, syms[a]); NEXT; } CASE(OP_DEBUG, Z) { FETCH_BBB(); #ifdef MRB_USE_DEBUG_HOOK mrb->debug_op_hook(mrb, irep, pc, regs); #else #ifndef MRB_NO_STDIO printf(""OP_DEBUG %d %d %d\n"", a, b, c); #else abort(); #endif #endif NEXT; } CASE(OP_ERR, B) { size_t len = pool[a].tt >> 2; mrb_value exc; mrb_assert((pool[a].tt&IREP_TT_NFLAG)==0); exc = mrb_exc_new(mrb, E_LOCALJUMP_ERROR, pool[a].u.str, len); mrb_exc_set(mrb, exc); goto L_RAISE; } CASE(OP_EXT1, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _1(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT2, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _2(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT3, Z) { uint8_t insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _3(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_STOP, Z) { CHECKPOINT_RESTORE(RBREAK_TAG_STOP) { } CHECKPOINT_MAIN(RBREAK_TAG_STOP) { UNWIND_ENSURE(mrb, mrb->c->ci, pc, RBREAK_TAG_STOP, proc, mrb_nil_value()); } CHECKPOINT_END(RBREAK_TAG_STOP); L_STOP: mrb->jmp = prev_jmp; if (mrb->exc) { mrb_assert(mrb->exc->tt == MRB_TT_EXCEPTION); return mrb_obj_value(mrb->exc); } return regs[irep->nlocals]; } } END_DISPATCH; #undef regs } MRB_CATCH(&c_jmp) { mrb_callinfo *ci = mrb->c->ci; while (ci > mrb->c->cibase && ci->cci == CINFO_DIRECT) { ci = cipop(mrb); } exc_catched = TRUE; pc = ci->pc; goto RETRY_TRY_BLOCK; } MRB_END_EXC(&c_jmp); }",visit repo url,src/vm.c,https://github.com/mruby/mruby,131986444842577,1 6759,['CWE-310'],"utils_filter_connections_for_device (NMDevice *device, GSList *connections) { GSList *iter; GSList *filtered = NULL; for (iter = connections; iter; iter = g_slist_next (iter)) { NMConnection *connection = NM_CONNECTION (iter->data); if (utils_connection_valid_for_device (connection, device, NULL)) filtered = g_slist_append (filtered, connection); } return filtered; }",network-manager-applet,,,244807339075148627626788383903681016952,0 414,[],"pfm_get_psr(void) { unsigned long tmp; tmp = ia64_getreg(_IA64_REG_PSR); ia64_srlz_i(); return tmp; }",linux-2.6,,,44057589135249663419761605176081989810,0 189,CWE-862,"static int ptrace_setoptions(struct task_struct *child, unsigned long data) { unsigned flags; if (data & ~(unsigned long)PTRACE_O_MASK) return -EINVAL; if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) { if (!IS_ENABLED(CONFIG_CHECKPOINT_RESTORE) || !IS_ENABLED(CONFIG_SECCOMP)) return -EINVAL; if (!capable(CAP_SYS_ADMIN)) return -EPERM; if (seccomp_mode(¤t->seccomp) != SECCOMP_MODE_DISABLED || current->ptrace & PT_SUSPEND_SECCOMP) return -EPERM; } flags = child->ptrace; flags &= ~(PTRACE_O_MASK << PT_OPT_FLAG_SHIFT); flags |= (data << PT_OPT_FLAG_SHIFT); child->ptrace = flags; return 0; }",visit repo url,kernel/ptrace.c,https://github.com/torvalds/linux,101042937706444,1 3234,['CWE-189'],"static long uptomult(long x, long y) { assert(x >= 0); return ((x + y - 1) / y) * y; }",jasper,,,262590918659951862214226207431127440353,0 6197,CWE-190,"int fp_size_str(const fp_t a, int radix) { bn_t t; int digits = 0; bn_null(t); RLC_TRY { bn_new(t); fp_prime_back(t, a); digits = bn_size_str(t, radix); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } return digits; }",visit repo url,src/fp/relic_fp_util.c,https://github.com/relic-toolkit/relic,144479184846155,1 2992,CWE-399,"file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf, size_t nbytes) { union { int32_t l; char c[sizeof (int32_t)]; } u; int clazz; int swap; struct stat st; off_t fsize; int flags = 0; Elf32_Ehdr elf32hdr; Elf64_Ehdr elf64hdr; uint16_t type; if (ms->flags & (MAGIC_MIME|MAGIC_APPLE)) return 0; if (buf[EI_MAG0] != ELFMAG0 || (buf[EI_MAG1] != ELFMAG1 && buf[EI_MAG1] != OLFMAG1) || buf[EI_MAG2] != ELFMAG2 || buf[EI_MAG3] != ELFMAG3) return 0; if((lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) && (errno == ESPIPE)) fd = file_pipe2file(ms, fd, buf, nbytes); if (fstat(fd, &st) == -1) { file_badread(ms); return -1; } fsize = st.st_size; clazz = buf[EI_CLASS]; switch (clazz) { case ELFCLASS32: #undef elf_getu #define elf_getu(a, b) elf_getu32(a, b) #undef elfhdr #define elfhdr elf32hdr #include ""elfclass.h"" case ELFCLASS64: #undef elf_getu #define elf_getu(a, b) elf_getu64(a, b) #undef elfhdr #define elfhdr elf64hdr #include ""elfclass.h"" default: if (file_printf(ms, "", unknown class %d"", clazz) == -1) return -1; break; } return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,54728918918258,1 3294,CWE-284,"static int http_connect(http_subtransport *t) { int error; if (t->connected && http_should_keep_alive(&t->parser) && t->parse_finished) return 0; if (t->io) { git_stream_close(t->io); git_stream_free(t->io); t->io = NULL; t->connected = 0; } if (t->connection_data.use_ssl) { error = git_tls_stream_new(&t->io, t->connection_data.host, t->connection_data.port); } else { #ifdef GIT_CURL error = git_curl_stream_new(&t->io, t->connection_data.host, t->connection_data.port); #else error = git_socket_stream_new(&t->io, t->connection_data.host, t->connection_data.port); #endif } if (error < 0) return error; GITERR_CHECK_VERSION(t->io, GIT_STREAM_VERSION, ""git_stream""); apply_proxy_config(t); error = git_stream_connect(t->io); if ((!error || error == GIT_ECERTIFICATE) && t->owner->certificate_check_cb != NULL && git_stream_is_encrypted(t->io)) { git_cert *cert; int is_valid; if ((error = git_stream_certificate(&cert, t->io)) < 0) return error; giterr_clear(); is_valid = error != GIT_ECERTIFICATE; error = t->owner->certificate_check_cb(cert, is_valid, t->connection_data.host, t->owner->message_cb_payload); if (error < 0) { if (!giterr_last()) giterr_set(GITERR_NET, ""user cancelled certificate check""); return error; } } if (error < 0) return error; t->connected = 1; return 0; }",visit repo url,src/transports/http.c,https://github.com/libgit2/libgit2,356130309278,1 6594,['CWE-200'],"nma_context_menu_update (NMApplet *applet) { NMState state; gboolean have_wireless = FALSE; gboolean wireless_hw_enabled; gboolean notifications_enabled = TRUE; state = nm_client_get_state (applet->nm_client); gtk_widget_set_sensitive (applet->info_menu_item, state == NM_STATE_CONNECTED); g_signal_handler_block (G_OBJECT (applet->networking_enabled_item), applet->networking_enabled_toggled_id); gtk_check_menu_item_set_active (GTK_CHECK_MENU_ITEM (applet->networking_enabled_item), state != NM_STATE_ASLEEP); g_signal_handler_unblock (G_OBJECT (applet->networking_enabled_item), applet->networking_enabled_toggled_id); g_signal_handler_block (G_OBJECT (applet->wifi_enabled_item), applet->wifi_enabled_toggled_id); gtk_check_menu_item_set_active (GTK_CHECK_MENU_ITEM (applet->wifi_enabled_item), nm_client_wireless_get_enabled (applet->nm_client)); g_signal_handler_unblock (G_OBJECT (applet->wifi_enabled_item), applet->wifi_enabled_toggled_id); wireless_hw_enabled = nm_client_wireless_hardware_get_enabled (applet->nm_client); gtk_widget_set_sensitive (GTK_WIDGET (applet->wifi_enabled_item), wireless_hw_enabled); g_signal_handler_block (G_OBJECT (applet->notifications_enabled_item), applet->notifications_enabled_toggled_id); if ( gconf_client_get_bool (applet->gconf_client, PREF_DISABLE_CONNECTED_NOTIFICATIONS, NULL) && gconf_client_get_bool (applet->gconf_client, PREF_DISABLE_DISCONNECTED_NOTIFICATIONS, NULL) && gconf_client_get_bool (applet->gconf_client, PREF_SUPPRESS_WIRELESS_NETWORKS_AVAILABLE, NULL)) notifications_enabled = FALSE; gtk_check_menu_item_set_active (GTK_CHECK_MENU_ITEM (applet->notifications_enabled_item), notifications_enabled); g_signal_handler_unblock (G_OBJECT (applet->notifications_enabled_item), applet->notifications_enabled_toggled_id); if (state != NM_STATE_ASLEEP) { const GPtrArray *devices; int i; devices = nm_client_get_devices (applet->nm_client); for (i = 0; devices && (i < devices->len); i++) { if (NM_IS_DEVICE_WIFI (g_ptr_array_index (devices, i))) { have_wireless = TRUE; break; } } } if (have_wireless) gtk_widget_show_all (applet->wifi_enabled_item); else gtk_widget_hide (applet->wifi_enabled_item); }",network-manager-applet,,,201797129123174201521097638440176538787,0 6752,CWE-787,"int dns_HTTPS_add_ipv4hint(struct dns_rr_nested *svcparam, unsigned char addr[][DNS_RR_A_LEN], int addr_num) { if (_dns_left_len(&svcparam->context) < 4 + addr_num * DNS_RR_A_LEN) { return -1; } unsigned short value = DNS_HTTPS_T_IPV4HINT; dns_add_rr_nested_memcpy(svcparam, &value, 2); value = addr_num * DNS_RR_A_LEN; dns_add_rr_nested_memcpy(svcparam, &value, 2); for (int i = 0; i < addr_num; i++) { dns_add_rr_nested_memcpy(svcparam, addr[i], DNS_RR_A_LEN); } return 0; }",visit repo url,src/dns.c,https://github.com/pymumu/smartdns,8190770235701,1 4448,['CWE-264'],"void *sock_kmalloc(struct sock *sk, int size, gfp_t priority) { if ((unsigned)size <= sysctl_optmem_max && atomic_read(&sk->sk_omem_alloc) + size < sysctl_optmem_max) { void *mem; atomic_add(size, &sk->sk_omem_alloc); mem = kmalloc(size, priority); if (mem) return mem; atomic_sub(size, &sk->sk_omem_alloc); } return NULL; }",linux-2.6,,,13045361966334458831320042423193832803,0 6090,['CWE-200'],"void addrconf_join_anycast(struct inet6_ifaddr *ifp) { struct in6_addr addr; ipv6_addr_prefix(&addr, &ifp->addr, ifp->prefix_len); if (ipv6_addr_any(&addr)) return; ipv6_dev_ac_inc(ifp->idev->dev, &addr); }",linux-2.6,,,287852714495114017934138520527392993843,0 1162,CWE-400,"static void alpha_perf_event_irq_handler(unsigned long la_ptr, struct pt_regs *regs) { struct cpu_hw_events *cpuc; struct perf_sample_data data; struct perf_event *event; struct hw_perf_event *hwc; int idx, j; __get_cpu_var(irq_pmi_count)++; cpuc = &__get_cpu_var(cpu_hw_events); wrperfmon(PERFMON_CMD_DISABLE, cpuc->idx_mask); if (unlikely(la_ptr >= alpha_pmu->num_pmcs)) { irq_err_count++; pr_warning(""PMI: silly index %ld\n"", la_ptr); wrperfmon(PERFMON_CMD_ENABLE, cpuc->idx_mask); return; } idx = la_ptr; perf_sample_data_init(&data, 0); for (j = 0; j < cpuc->n_events; j++) { if (cpuc->current_idx[j] == idx) break; } if (unlikely(j == cpuc->n_events)) { wrperfmon(PERFMON_CMD_ENABLE, cpuc->idx_mask); return; } event = cpuc->event[j]; if (unlikely(!event)) { irq_err_count++; pr_warning(""PMI: No event at index %d!\n"", idx); wrperfmon(PERFMON_CMD_ENABLE, cpuc->idx_mask); return; } hwc = &event->hw; alpha_perf_event_update(event, hwc, idx, alpha_pmu->pmc_max_period[idx]+1); data.period = event->hw.last_period; if (alpha_perf_event_set_period(event, hwc, idx)) { if (perf_event_overflow(event, 1, &data, regs)) { alpha_pmu_stop(event, 0); } } wrperfmon(PERFMON_CMD_ENABLE, cpuc->idx_mask); return; }",visit repo url,arch/alpha/kernel/perf_event.c,https://github.com/torvalds/linux,268279121705395,1 1854,CWE-416,"void rose_start_t2timer(struct sock *sk) { struct rose_sock *rose = rose_sk(sk); del_timer(&rose->timer); rose->timer.function = rose_timer_expiry; rose->timer.expires = jiffies + rose->t2; add_timer(&rose->timer); }",visit repo url,net/rose/rose_timer.c,https://github.com/torvalds/linux,239863304376408,1 6388,['CWE-200'],"static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); int t; int s_t; struct net_device *dev; struct Qdisc *q; struct tcf_proto *tp, **chain; struct tcmsg *tcm = (struct tcmsg *)NLMSG_DATA(cb->nlh); unsigned long cl = 0; const struct Qdisc_class_ops *cops; struct tcf_dump_args arg; if (net != &init_net) return 0; if (cb->nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*tcm))) return skb->len; if ((dev = dev_get_by_index(&init_net, tcm->tcm_ifindex)) == NULL) return skb->len; if (!tcm->tcm_parent) q = dev->qdisc; else q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent)); if (!q) goto out; if ((cops = q->ops->cl_ops) == NULL) goto errout; if (cops->tcf_chain == NULL) goto errout; if (TC_H_MIN(tcm->tcm_parent)) { cl = cops->get(q, tcm->tcm_parent); if (cl == 0) goto errout; } chain = cops->tcf_chain(q, cl); if (chain == NULL) goto errout; s_t = cb->args[0]; for (tp=*chain, t=0; tp; tp = tp->next, t++) { if (t < s_t) continue; if (TC_H_MAJ(tcm->tcm_info) && TC_H_MAJ(tcm->tcm_info) != tp->prio) continue; if (TC_H_MIN(tcm->tcm_info) && TC_H_MIN(tcm->tcm_info) != tp->protocol) continue; if (t > s_t) memset(&cb->args[1], 0, sizeof(cb->args)-sizeof(cb->args[0])); if (cb->args[1] == 0) { if (tcf_fill_node(skb, tp, 0, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWTFILTER) <= 0) break; cb->args[1] = 1; } if (tp->ops->walk == NULL) continue; arg.w.fn = tcf_node_dump; arg.skb = skb; arg.cb = cb; arg.w.stop = 0; arg.w.skip = cb->args[1]-1; arg.w.count = 0; tp->ops->walk(tp, &arg.w); cb->args[1] = arg.w.count+1; if (arg.w.stop) break; } cb->args[0] = t; errout: if (cl) cops->put(q, cl); out: dev_put(dev); return skb->len; }",linux-2.6,,,176940286742005756076321648295177460308,0 3753,[],"static inline void unix_remove_socket(struct sock *sk) { spin_lock(&unix_table_lock); __unix_remove_socket(sk); spin_unlock(&unix_table_lock); }",linux-2.6,,,283105798287458660834544617072749112374,0 4122,CWE-20,"label (const uint8_t * src, size_t srclen, uint8_t * dst, size_t * dstlen, int flags) { size_t plen; uint32_t *p; int rc; size_t tmpl; if (_idn2_ascii_p (src, srclen)) { if (flags & IDN2_ALABEL_ROUNDTRIP) return IDN2_INVALID_FLAGS; if (srclen > IDN2_LABEL_MAX_LENGTH) return IDN2_TOO_BIG_LABEL; if (srclen > *dstlen) return IDN2_TOO_BIG_DOMAIN; memcpy (dst, src, srclen); *dstlen = srclen; return IDN2_OK; } rc = _idn2_u8_to_u32_nfc (src, srclen, &p, &plen, flags & IDN2_NFC_INPUT); if (rc != IDN2_OK) return rc; if (!(flags & IDN2_TRANSITIONAL)) { rc = _idn2_label_test( TEST_NFC | TEST_2HYPHEN | TEST_LEADING_COMBINING | TEST_DISALLOWED | TEST_CONTEXTJ_RULE | TEST_CONTEXTO_WITH_RULE | TEST_UNASSIGNED | TEST_BIDI | ((flags & IDN2_NONTRANSITIONAL) ? TEST_NONTRANSITIONAL : 0) | ((flags & IDN2_USE_STD3_ASCII_RULES) ? 0 : TEST_ALLOW_STD3_DISALLOWED), p, plen); if (rc != IDN2_OK) { free(p); return rc; } } dst[0] = 'x'; dst[1] = 'n'; dst[2] = '-'; dst[3] = '-'; tmpl = *dstlen - 4; rc = _idn2_punycode_encode (plen, p, &tmpl, (char *) dst + 4); free (p); if (rc != IDN2_OK) return rc; *dstlen = 4 + tmpl; return IDN2_OK; }",visit repo url,lib/lookup.c,https://gitlab.com/libidn/libidn2,103153270042798,1 2098,CWE-416,"static void smp_task_done(struct sas_task *task) { if (!del_timer(&task->slow_task->timer)) return; complete(&task->slow_task->completion); }",visit repo url,drivers/scsi/libsas/sas_expander.c,https://github.com/torvalds/linux,125699019529386,1 6289,NVD-CWE-noinfo,"void dhcps_deinit(void) { if (dhcps_pcb != NULL) { udp_remove(dhcps_pcb); dhcps_pcb = NULL; } if (dhcps_ip_table_semaphore != NULL) { vSemaphoreDelete(dhcps_ip_table_semaphore); dhcps_ip_table_semaphore = NULL; } }",visit repo url,component/common/network/dhcp/dhcps.c,https://github.com/ambiot/amb1_sdk,105199726284835,1 3104,['CWE-189'],"static void jp2_bpcc_destroy(jp2_box_t *box) { jp2_bpcc_t *bpcc = &box->data.bpcc; if (bpcc->bpcs) { jas_free(bpcc->bpcs); bpcc->bpcs = 0; } }",jasper,,,118316245041816185961659279835073065107,0 184,[],"asmlinkage long compat_sys_ppoll(struct pollfd __user *ufds, unsigned int nfds, struct compat_timespec __user *tsp, const compat_sigset_t __user *sigmask, compat_size_t sigsetsize) { compat_sigset_t ss32; sigset_t ksigmask, sigsaved; struct compat_timespec ts; s64 timeout = -1; int ret; if (tsp) { if (copy_from_user(&ts, tsp, sizeof(ts))) return -EFAULT; timeout = ROUND_UP(ts.tv_nsec, 1000000000/HZ); timeout += ts.tv_sec * HZ; } if (sigmask) { if (sigsetsize != sizeof(compat_sigset_t)) return -EINVAL; if (copy_from_user(&ss32, sigmask, sizeof(ss32))) return -EFAULT; sigset_from_compat(&ksigmask, &ss32); sigdelsetmask(&ksigmask, sigmask(SIGKILL)|sigmask(SIGSTOP)); sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved); } ret = do_sys_poll(ufds, nfds, &timeout); if (ret == -EINTR) { if (sigmask) { memcpy(¤t->saved_sigmask, &sigsaved, sizeof(sigsaved)); set_thread_flag(TIF_RESTORE_SIGMASK); } ret = -ERESTARTNOHAND; } else if (sigmask) sigprocmask(SIG_SETMASK, &sigsaved, NULL); if (tsp && timeout >= 0) { struct compat_timespec rts; if (current->personality & STICKY_TIMEOUTS) goto sticky; rts.tv_nsec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ)) * 1000; rts.tv_sec = timeout; if (compat_timespec_compare(&rts, &ts) >= 0) rts = ts; if (copy_to_user(tsp, &rts, sizeof(rts))) { sticky: if (ret == -ERESTARTNOHAND && timeout >= 0) ret = -EINTR; } } return ret; }",linux-2.6,,,256773120535873890176225862633166296793,0 6420,['CWE-190'],"add_color_map (const gint32 image_id, PSDimage *img_a) { GimpParasite *parasite; if (img_a->color_map_len) { if (img_a->color_mode != PSD_DUOTONE) gimp_image_set_colormap (image_id, img_a->color_map, img_a->color_map_entries); else { IFDBG(2) g_debug (""Add Duotone color data parasite""); parasite = gimp_parasite_new (PSD_PARASITE_DUOTONE_DATA, 0, img_a->color_map_len, img_a->color_map); gimp_image_parasite_attach (image_id, parasite); gimp_parasite_free (parasite); } g_free (img_a->color_map); } return 0; }",gimp,,,240690494077533350072995348082991007301,0 5466,CWE-617,"pci_bus_configured(int bus) { assert(bus >= 0 && bus < MAXBUSES); return (pci_businfo[bus] != NULL); }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,254502891336236,1 3808,['CWE-120'],"static struct uvc_format_desc *uvc_format_by_guid(const __u8 guid[16]) { unsigned int len = ARRAY_SIZE(uvc_fmts); unsigned int i; for (i = 0; i < len; ++i) { if (memcmp(guid, uvc_fmts[i].guid, 16) == 0) return &uvc_fmts[i]; } return NULL; }",linux-2.6,,,94089433778230924021502498429262901685,0 134,[],"static void *do_smb_super_data_conv(void *raw_data) { struct smb_mount_data *s = raw_data; struct compat_smb_mount_data *c_s = raw_data; if (c_s->version != SMB_MOUNT_OLDVERSION) goto out; s->dir_mode = c_s->dir_mode; s->file_mode = c_s->file_mode; s->gid = c_s->gid; s->uid = c_s->uid; s->mounted_uid = c_s->mounted_uid; out: return raw_data; }",linux-2.6,,,62855480203562842668564113418708860995,0 5194,CWE-787," void Compute(OpKernelContext* context) override { const Tensor& x = context->input(0); const Tensor& y = context->input(1); const float min_x = context->input(2).flat()(0); const float max_x = context->input(3).flat()(0); const float min_y = context->input(4).flat()(0); const float max_y = context->input(5).flat()(0); BCast bcast(BCast::FromShape(x.shape()), BCast::FromShape(y.shape())); if (!bcast.IsValid()) { context->SetStatus(errors::InvalidArgument( ""Incompatible shapes: "", x.shape().DebugString(), "" vs. "", y.shape().DebugString())); return; } Tensor* z; OP_REQUIRES_OK(context, context->allocate_output( 0, BCast::ToShape(bcast.output_shape()), &z)); OP_REQUIRES(context, (max_x > min_x), errors::InvalidArgument(""max_x must be larger than min_a."")); OP_REQUIRES(context, (max_y > min_y), errors::InvalidArgument(""max_x must be larger than min_b."")); const int32 offset_x = FloatToQuantizedUnclamped(0.0f, min_x, max_x); const int32 offset_y = FloatToQuantizedUnclamped(0.0f, min_y, max_y); const T* x_data = x.flat().data(); const T* y_data = y.flat().data(); Toutput* z_data = z->flat().data(); const int ndims = bcast.x_reshape().size(); if (ndims <= 1) { if (x.NumElements() == 1) { ScalarMultiply(context, y_data, offset_y, y.NumElements(), x_data[0], offset_x, z_data); } else if (y.NumElements() == 1) { ScalarMultiply(context, x_data, offset_x, x.NumElements(), y_data[0], offset_y, z_data); } else { VectorMultiply(context, x_data, offset_x, y_data, offset_y, x.NumElements(), z_data); } } else if (ndims == 2) { const T* vector_data; int64 vector_num_elements; int32 vector_offset; const T* tensor_data; int64 tensor_num_elements; int32 tensor_offset; if (x.NumElements() < y.NumElements()) { vector_data = x_data; vector_num_elements = x.NumElements(); vector_offset = offset_x; tensor_data = y_data; tensor_num_elements = y.NumElements(); tensor_offset = offset_y; } else { vector_data = y_data; vector_num_elements = y.NumElements(); vector_offset = offset_y; tensor_data = x_data; tensor_num_elements = x.NumElements(); tensor_offset = offset_x; } if (vector_num_elements == 0) { context->SetStatus( errors::InvalidArgument(""vector must have at least 1 element"")); return; } VectorTensorMultiply( vector_data, vector_offset, vector_num_elements, tensor_data, tensor_offset, tensor_num_elements, z_data); } else { LOG(INFO) << ""ndims="" << ndims; LOG(INFO) << ""bcast.x_reshape()="" << TensorShape(bcast.x_reshape()).DebugString(); LOG(INFO) << ""bcast.y_reshape()="" << TensorShape(bcast.y_reshape()).DebugString(); LOG(INFO) << ""bcast.x_bcast()="" << TensorShape(bcast.x_bcast()).DebugString(); LOG(INFO) << ""bcast.y_bcast()="" << TensorShape(bcast.y_bcast()).DebugString(); context->SetStatus(errors::Unimplemented( ""Broadcast between "", context->input(0).shape().DebugString(), "" and "", context->input(1).shape().DebugString(), "" is not supported yet."")); return; } float min_z_value; float max_z_value; QuantizationRangeForMultiplication( min_x, max_x, min_y, max_y, &min_z_value, &max_z_value); Tensor* z_min = nullptr; OP_REQUIRES_OK(context, context->allocate_output(1, {}, &z_min)); z_min->flat()(0) = min_z_value; Tensor* z_max = nullptr; OP_REQUIRES_OK(context, context->allocate_output(2, {}, &z_max)); z_max->flat()(0) = max_z_value; }",visit repo url,tensorflow/core/kernels/quantized_mul_op.cc,https://github.com/tensorflow/tensorflow,271893405492198,1 1339,CWE-287,"static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) { memset(scm, 0, sizeof(*scm)); unix_get_peersec_dgram(sock, scm); if (msg->msg_controllen <= 0) return 0; return __scm_send(sock, msg, scm); }",visit repo url,include/net/scm.h,https://github.com/torvalds/linux,101177715888478,1 1318,['CWE-119'],"asn1_oid_decode(struct asn1_ctx *ctx, unsigned char *eoc, unsigned long **oid, unsigned int *len) { unsigned long subid; unsigned int size; unsigned long *optr; size = eoc - ctx->pointer + 1; if (size < 2 || size > ULONG_MAX/sizeof(unsigned long)) return 0; *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC); if (*oid == NULL) return 0; optr = *oid; if (!asn1_subid_decode(ctx, &subid)) { kfree(*oid); *oid = NULL; return 0; } if (subid < 40) { optr[0] = 0; optr[1] = subid; } else if (subid < 80) { optr[0] = 1; optr[1] = subid - 40; } else { optr[0] = 2; optr[1] = subid - 80; } *len = 2; optr += 2; while (ctx->pointer < eoc) { if (++(*len) > size) { ctx->error = ASN1_ERR_DEC_BADVALUE; kfree(*oid); *oid = NULL; return 0; } if (!asn1_subid_decode(ctx, optr++)) { kfree(*oid); *oid = NULL; return 0; } } return 1; }",linux-2.6,,,209671489983628610806383286429311286631,0 6422,CWE-20,"error_t lpc546xxEthSendPacket(NetInterface *interface, const NetBuffer *buffer, size_t offset, NetTxAncillary *ancillary) { size_t length; length = netBufferGetLength(buffer) - offset; if(length > LPC546XX_ETH_TX_BUFFER_SIZE) { osSetEvent(&interface->nicTxEvent); return ERROR_INVALID_LENGTH; } if((txDmaDesc[txIndex].tdes3 & ENET_TDES3_OWN) != 0) { return ERROR_FAILURE; } netBufferRead(txBuffer[txIndex], buffer, offset, length); txDmaDesc[txIndex].tdes0 = (uint32_t) txBuffer[txIndex]; txDmaDesc[txIndex].tdes2 = ENET_TDES2_IOC | (length & ENET_TDES2_B1L); txDmaDesc[txIndex].tdes3 = ENET_TDES3_OWN | ENET_TDES3_FD | ENET_TDES3_LD; ENET->DMA_CH[0].DMA_CHX_STAT = ENET_DMA_CH_DMA_CHX_STAT_TBU_MASK; ENET->DMA_CH[0].DMA_CHX_TXDESC_TAIL_PTR = 0; if(++txIndex >= LPC546XX_ETH_TX_BUFFER_COUNT) { txIndex = 0; } if((txDmaDesc[txIndex].tdes3 & ENET_TDES3_OWN) == 0) { osSetEvent(&interface->nicTxEvent); } return NO_ERROR; }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,203944479730778,1 1987,['CWE-20'],"static inline int remap_pmd_range(struct mm_struct *mm, pud_t *pud, unsigned long addr, unsigned long end, unsigned long pfn, pgprot_t prot) { pmd_t *pmd; unsigned long next; pfn -= addr >> PAGE_SHIFT; pmd = pmd_alloc(mm, pud, addr); if (!pmd) return -ENOMEM; do { next = pmd_addr_end(addr, end); if (remap_pte_range(mm, pmd, addr, next, pfn + (addr >> PAGE_SHIFT), prot)) return -ENOMEM; } while (pmd++, addr = next, addr != end); return 0; }",linux-2.6,,,147352277404002540197550298412269725581,0 6738,CWE-79,"const char *GetClipboardText(void) { #if defined(PLATFORM_DESKTOP) return glfwGetClipboardString(CORE.Window.handle); #endif #if defined(PLATFORM_WEB) emscripten_run_script_string(""navigator.clipboard.readText() \ .then(text => { document.getElementById('clipboard').innerText = text; console.log('Pasted content: ', text); }) \ .catch(err => { console.error('Failed to read clipboard contents: ', err); });"" ); return NULL; #endif return NULL; }",visit repo url,src/rcore.c,https://github.com/raysan5/raylib,262352100207711,1 2923,['CWE-189'],"static int jas_cmshapmat_invmat(jas_cmreal_t out[3][4], jas_cmreal_t in[3][4]) { jas_cmreal_t d; d = in[0][0] * (in[1][1] * in[2][2] - in[1][2] * in[2][1]) - in[0][1] * (in[1][0] * in[2][2] - in[1][2] * in[2][0]) + in[0][2] * (in[1][0] * in[2][1] - in[1][1] * in[2][0]); #if 0 jas_eprintf(""delta=%f\n"", d); #endif if (JAS_ABS(d) < 1e-6) return -1; out[0][0] = (in[1][1] * in[2][2] - in[1][2] * in[2][1]) / d; out[1][0] = -(in[1][0] * in[2][2] - in[1][2] * in[2][0]) / d; out[2][0] = (in[1][0] * in[2][1] - in[1][1] * in[2][0]) / d; out[0][1] = -(in[0][1] * in[2][2] - in[0][2] * in[2][1]) / d; out[1][1] = (in[0][0] * in[2][2] - in[0][2] * in[2][0]) / d; out[2][1] = -(in[0][0] * in[2][1] - in[0][1] * in[2][0]) / d; out[0][2] = (in[0][1] * in[1][2] - in[0][2] * in[1][1]) / d; out[1][2] = -(in[0][0] * in[1][2] - in[1][0] * in[0][2]) / d; out[2][2] = (in[0][0] * in[1][1] - in[0][1] * in[1][0]) / d; out[0][3] = -in[0][3]; out[1][3] = -in[1][3]; out[2][3] = -in[2][3]; #if 0 jas_eprintf(""[ %f %f %f %f ]\n[ %f %f %f %f ]\n[ %f %f %f %f ]\n"", in[0][0], in[0][1], in[0][2], in[0][3], in[1][0], in[1][1], in[1][2], in[1][3], in[2][0], in[2][1], in[2][2], in[2][3]); jas_eprintf(""[ %f %f %f %f ]\n[ %f %f %f %f ]\n[ %f %f %f %f ]\n"", out[0][0], out[0][1], out[0][2], out[0][3], out[1][0], out[1][1], out[1][2], out[1][3], out[2][0], out[2][1], out[2][2], out[2][3]); #endif return 0; }",jasper,,,66138948250920373271626886367960841929,0 2202,CWE-416,"static struct desc_struct *get_desc(unsigned short sel) { struct desc_ptr gdt_desc = {0, 0}; unsigned long desc_base; #ifdef CONFIG_MODIFY_LDT_SYSCALL if ((sel & SEGMENT_TI_MASK) == SEGMENT_LDT) { struct desc_struct *desc = NULL; struct ldt_struct *ldt; sel >>= 3; mutex_lock(¤t->active_mm->context.lock); ldt = current->active_mm->context.ldt; if (ldt && sel < ldt->nr_entries) desc = &ldt->entries[sel]; mutex_unlock(¤t->active_mm->context.lock); return desc; } #endif native_store_gdt(&gdt_desc); desc_base = sel & ~(SEGMENT_RPL_MASK | SEGMENT_TI_MASK); if (desc_base > gdt_desc.size) return NULL; return (struct desc_struct *)(gdt_desc.address + desc_base); }",visit repo url,arch/x86/lib/insn-eval.c,https://github.com/torvalds/linux,145259531083920,1 2705,[],"SCTP_STATIC int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len) { struct sctp_sock *sp = sctp_sk(sk); struct sctp_endpoint *ep = sp->ep; struct sctp_bind_addr *bp = &ep->base.bind_addr; struct sctp_af *af; unsigned short snum; int ret = 0; af = sctp_sockaddr_af(sp, addr, len); if (!af) { SCTP_DEBUG_PRINTK(""sctp_do_bind(sk: %p, newaddr: %p, len: %d) EINVAL\n"", sk, addr, len); return -EINVAL; } snum = ntohs(addr->v4.sin_port); SCTP_DEBUG_PRINTK_IPADDR(""sctp_do_bind(sk: %p, new addr: "", "", port: %d, new port: %d, len: %d)\n"", sk, addr, bp->port, snum, len); if (!sp->pf->bind_verify(sp, addr)) return -EADDRNOTAVAIL; if (bp->port) { if (!snum) snum = bp->port; else if (snum != bp->port) { SCTP_DEBUG_PRINTK(""sctp_do_bind:"" "" New port %d does not match existing port "" ""%d.\n"", snum, bp->port); return -EINVAL; } } if (snum && snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE)) return -EACCES; if (sctp_bind_addr_match(bp, addr, sp)) return -EINVAL; addr->v4.sin_port = htons(snum); if ((ret = sctp_get_port_local(sk, addr))) { return -EADDRINUSE; } if (!bp->port) bp->port = inet_sk(sk)->num; ret = sctp_add_bind_addr(bp, addr, SCTP_ADDR_SRC, GFP_ATOMIC); if (!ret) { inet_sk(sk)->sport = htons(inet_sk(sk)->num); af->to_sk_saddr(addr, sk); } return ret; }",linux-2.6,,,305658409645886446311477192390423823951,0 3093,CWE-119,"int dtls1_get_record(SSL *s) { int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); dtls1_process_buffered_records(s); if (dtls1_get_processed_record(s)) return 1; again: if ( (s->rstate != SSL_ST_READ_BODY) || (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); if (n <= 0) return(n); if (s->packet_length != DTLS1_RT_HEADER_LENGTH) { s->packet_length = 0; goto again; } s->rstate=SSL_ST_READ_BODY; p=s->packet; if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); rr->type= *(p++); ssl_major= *(p++); ssl_minor= *(p++); version=(ssl_major<<8)|ssl_minor; n2s(p,rr->epoch); memcpy(&(s->s3->read_sequence[2]), p, 6); p+=6; n2s(p,rr->length); if (!s->first_packet) { if (version != s->version) { rr->length = 0; s->packet_length = 0; goto again; } } if ((version & 0xff00) != (s->version & 0xff00)) { rr->length = 0; s->packet_length = 0; goto again; } if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { rr->length = 0; s->packet_length = 0; goto again; } } if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH) { i=rr->length; n=ssl3_read_n(s,i,i,1); if ( n != i) { rr->length = 0; s->packet_length = 0; goto again; } } s->rstate=SSL_ST_READ_HEADER; bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); if ( bitmap == NULL) { rr->length = 0; s->packet_length = 0; goto again; } #ifndef OPENSSL_NO_SCTP if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) { #endif if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && s->packet_length > DTLS1_RT_HEADER_LENGTH && s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; s->packet_length=0; goto again; } #ifndef OPENSSL_NO_SCTP } #endif if (rr->length == 0) goto again; if (is_next_epoch) { if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); } rr->length = 0; s->packet_length = 0; goto again; } if (!dtls1_process_record(s)) { rr->length = 0; s->packet_length = 0; goto again; } return(1); }",visit repo url,ssl/d1_pkt.c,https://github.com/openssl/openssl,105388234743722,1 3616,CWE-20,"mm_answer_pam_init_ctx(int sock, Buffer *m) { debug3(""%s"", __func__); authctxt->user = buffer_get_string(m, NULL); sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); sshpam_authok = NULL; buffer_clear(m); if (sshpam_ctxt != NULL) { monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1); buffer_put_int(m, 1); } else { buffer_put_int(m, 0); } mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m); return (0); }",visit repo url,monitor.c,https://github.com/openssh/openssh-portable,852418401973,1 2562,CWE-119,"int CLASS parse_tiff_ifd(int base) { unsigned entries, tag, type, len, plen = 16, save; int ifd, use_cm = 0, cfa, i, j, c, ima_len = 0; char *cbuf, *cp; uchar cfa_pat[16], cfa_pc[] = {0, 1, 2, 3}, tab[256]; double fm[3][4], cc[4][4], cm[4][3], cam_xyz[4][3], num; double ab[] = {1, 1, 1, 1}, asn[] = {0, 0, 0, 0}, xyz[] = {1, 1, 1}; unsigned sony_curve[] = {0, 0, 0, 0, 0, 4095}; unsigned *buf, sony_offset = 0, sony_length = 0, sony_key = 0; struct jhead jh; int pana_raw = 0; #ifndef LIBRAW_LIBRARY_BUILD FILE *sfp; #endif if (tiff_nifds >= sizeof tiff_ifd / sizeof tiff_ifd[0]) return 1; ifd = tiff_nifds++; for (j = 0; j < 4; j++) for (i = 0; i < 4; i++) cc[j][i] = i == j; entries = get2(); if (entries > 512) return 1; #ifdef LIBRAW_LIBRARY_BUILD INT64 fsize = ifp->size(); #endif while (entries--) { tiff_get(base, &tag, &type, &len, &save); #ifdef LIBRAW_LIBRARY_BUILD INT64 savepos = ftell(ifp); if (len > 8 && len + savepos > fsize * 2) continue; if (callbacks.exif_cb) { callbacks.exif_cb(callbacks.exifparser_data, tag | (pana_raw ? 0x30000 : 0), type, len, order, ifp); fseek(ifp, savepos, SEEK_SET); } #endif #ifdef LIBRAW_LIBRARY_BUILD if (!strncasecmp(make, ""SONY"", 4) || (!strncasecmp(make, ""Hasselblad"", 10) && (!strncasecmp(model, ""Stellar"", 7) || !strncasecmp(model, ""Lunar"", 5) || !strncasecmp(model, ""HV"", 2)))) { switch (tag) { case 0x7300: for (int i = 0; i < 4 && i < len; i++) cblack[i] = get2(); break; case 0x7480: case 0x7820: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Daylight][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Daylight][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Daylight][1]; break; case 0x7481: case 0x7821: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Cloudy][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Cloudy][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Cloudy][1]; break; case 0x7482: case 0x7822: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][1]; break; case 0x7483: case 0x7823: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Flash][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Flash][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Flash][1]; break; case 0x7484: case 0x7824: imgdata.color.WBCT_Coeffs[0][0] = 4500; FORC3 imgdata.color.WBCT_Coeffs[0][c + 1] = get2(); imgdata.color.WBCT_Coeffs[0][4] = imgdata.color.WBCT_Coeffs[0][2]; break; case 0x7486: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Fluorescent][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Fluorescent][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Fluorescent][1]; break; case 0x7825: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][1]; break; case 0x7826: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][1]; break; case 0x7827: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_N][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_N][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_N][1]; break; case 0x7828: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][1]; break; case 0x7829: FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][c] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][3] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][1]; break; case 0x782a: imgdata.color.WBCT_Coeffs[1][0] = 8500; FORC3 imgdata.color.WBCT_Coeffs[1][c + 1] = get2(); imgdata.color.WBCT_Coeffs[1][4] = imgdata.color.WBCT_Coeffs[1][2]; break; case 0x782b: imgdata.color.WBCT_Coeffs[2][0] = 6000; FORC3 imgdata.color.WBCT_Coeffs[2][c + 1] = get2(); imgdata.color.WBCT_Coeffs[2][4] = imgdata.color.WBCT_Coeffs[2][2]; break; case 0x782c: imgdata.color.WBCT_Coeffs[3][0] = 3200; FORC3 imgdata.color.WB_Coeffs[LIBRAW_WBI_StudioTungsten][c] = imgdata.color.WBCT_Coeffs[3][c + 1] = get2(); imgdata.color.WB_Coeffs[LIBRAW_WBI_StudioTungsten][3] = imgdata.color.WBCT_Coeffs[3][4] = imgdata.color.WB_Coeffs[LIBRAW_WBI_StudioTungsten][1]; break; case 0x782d: imgdata.color.WBCT_Coeffs[4][0] = 2500; FORC3 imgdata.color.WBCT_Coeffs[4][c + 1] = get2(); imgdata.color.WBCT_Coeffs[4][4] = imgdata.color.WBCT_Coeffs[4][2]; break; case 0x787f: FORC3 imgdata.color.linear_max[c] = get2(); imgdata.color.linear_max[3] = imgdata.color.linear_max[1]; break; } } #endif switch (tag) { case 1: if (len == 4) pana_raw = get4(); break; case 5: width = get2(); break; case 6: height = get2(); break; case 7: width += get2(); break; case 9: if ((i = get2())) filters = i; #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw && len == 1 && type == 3) pana_black[3] += i; #endif break; case 8: case 10: #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw && len == 1 && type == 3) pana_black[3] += get2(); #endif break; case 14: case 15: case 16: #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw) { imgdata.color.linear_max[tag - 14] = get2(); if (tag == 15) imgdata.color.linear_max[3] = imgdata.color.linear_max[1]; } #endif break; case 17: case 18: if (type == 3 && len == 1) cam_mul[(tag - 17) * 2] = get2() / 256.0; break; #ifdef LIBRAW_LIBRARY_BUILD case 19: if (pana_raw) { ushort nWB, cnt, tWB; nWB = get2(); if (nWB > 0x100) break; for (cnt = 0; cnt < nWB; cnt++) { tWB = get2(); if (tWB < 0x100) { imgdata.color.WB_Coeffs[tWB][0] = get2(); imgdata.color.WB_Coeffs[tWB][2] = get2(); imgdata.color.WB_Coeffs[tWB][1] = imgdata.color.WB_Coeffs[tWB][3] = 0x100; } else get4(); } } break; #endif case 23: if (type == 3) iso_speed = get2(); break; case 28: case 29: case 30: #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw && len == 1 && type == 3) { pana_black[tag - 28] = get2(); } else #endif { cblack[tag - 28] = get2(); cblack[3] = cblack[1]; } break; case 36: case 37: case 38: cam_mul[tag - 36] = get2(); break; case 39: #ifdef LIBRAW_LIBRARY_BUILD if (pana_raw) { ushort nWB, cnt, tWB; nWB = get2(); if (nWB > 0x100) break; for (cnt = 0; cnt < nWB; cnt++) { tWB = get2(); if (tWB < 0x100) { imgdata.color.WB_Coeffs[tWB][0] = get2(); imgdata.color.WB_Coeffs[tWB][1] = imgdata.color.WB_Coeffs[tWB][3] = get2(); imgdata.color.WB_Coeffs[tWB][2] = get2(); } else fseek(ifp, 6, SEEK_CUR); } } break; #endif if (len < 50 || cam_mul[0]) break; fseek(ifp, 12, SEEK_CUR); FORC3 cam_mul[c] = get2(); break; case 46: if (type != 7 || fgetc(ifp) != 0xff || fgetc(ifp) != 0xd8) break; thumb_offset = ftell(ifp) - 2; thumb_length = len; break; case 61440: fseek(ifp, get4() + base, SEEK_SET); parse_tiff_ifd(base); break; case 2: case 256: case 61441: tiff_ifd[ifd].t_width = getint(type); break; case 3: case 257: case 61442: tiff_ifd[ifd].t_height = getint(type); break; case 258: case 61443: tiff_ifd[ifd].samples = len & 7; tiff_ifd[ifd].bps = getint(type); if (tiff_bps < tiff_ifd[ifd].bps) tiff_bps = tiff_ifd[ifd].bps; break; case 61446: raw_height = 0; if (tiff_ifd[ifd].bps > 12) break; load_raw = &CLASS packed_load_raw; load_flags = get4() ? 24 : 80; break; case 259: tiff_ifd[ifd].comp = getint(type); break; case 262: tiff_ifd[ifd].phint = get2(); break; case 270: fread(desc, 512, 1, ifp); break; case 271: fgets(make, 64, ifp); break; case 272: fgets(model, 64, ifp); break; #ifdef LIBRAW_LIBRARY_BUILD case 278: tiff_ifd[ifd].rows_per_strip = getint(type); break; #endif case 280: if (type != 4) break; load_raw = &CLASS panasonic_load_raw; load_flags = 0x2008; case 273: #ifdef LIBRAW_LIBRARY_BUILD if (len > 1 && len < 16384) { off_t sav = ftell(ifp); tiff_ifd[ifd].strip_offsets = (int *)calloc(len, sizeof(int)); tiff_ifd[ifd].strip_offsets_count = len; for (int i = 0; i < len; i++) tiff_ifd[ifd].strip_offsets[i] = get4() + base; fseek(ifp, sav, SEEK_SET); } #endif case 513: case 61447: tiff_ifd[ifd].offset = get4() + base; if (!tiff_ifd[ifd].bps && tiff_ifd[ifd].offset > 0) { fseek(ifp, tiff_ifd[ifd].offset, SEEK_SET); if (ljpeg_start(&jh, 1)) { tiff_ifd[ifd].comp = 6; tiff_ifd[ifd].t_width = jh.wide; tiff_ifd[ifd].t_height = jh.high; tiff_ifd[ifd].bps = jh.bits; tiff_ifd[ifd].samples = jh.clrs; if (!(jh.sraw || (jh.clrs & 1))) tiff_ifd[ifd].t_width *= jh.clrs; if ((tiff_ifd[ifd].t_width > 4 * tiff_ifd[ifd].t_height) & ~jh.clrs) { tiff_ifd[ifd].t_width /= 2; tiff_ifd[ifd].t_height *= 2; } i = order; parse_tiff(tiff_ifd[ifd].offset + 12); order = i; } } break; case 274: tiff_ifd[ifd].t_flip = ""50132467""[get2() & 7] - '0'; break; case 277: tiff_ifd[ifd].samples = getint(type) & 7; break; case 279: #ifdef LIBRAW_LIBRARY_BUILD if (len > 1 && len < 16384) { off_t sav = ftell(ifp); tiff_ifd[ifd].strip_byte_counts = (int *)calloc(len, sizeof(int)); tiff_ifd[ifd].strip_byte_counts_count = len; for (int i = 0; i < len; i++) tiff_ifd[ifd].strip_byte_counts[i] = get4(); fseek(ifp, sav, SEEK_SET); } #endif case 514: case 61448: tiff_ifd[ifd].bytes = get4(); break; case 61454: FORC3 cam_mul[(4 - c) % 3] = getint(type); break; case 305: case 11: fgets(software, 64, ifp); if (!strncmp(software, ""Adobe"", 5) || !strncmp(software, ""dcraw"", 5) || !strncmp(software, ""UFRaw"", 5) || !strncmp(software, ""Bibble"", 6) || !strcmp(software, ""Digital Photo Professional"")) is_raw = 0; break; case 306: get_timestamp(0); break; case 315: fread(artist, 64, 1, ifp); break; case 317: tiff_ifd[ifd].predictor = getint(type); break; case 322: tiff_ifd[ifd].t_tile_width = getint(type); break; case 323: tiff_ifd[ifd].t_tile_length = getint(type); break; case 324: tiff_ifd[ifd].offset = len > 1 ? ftell(ifp) : get4(); if (len == 1) tiff_ifd[ifd].t_tile_width = tiff_ifd[ifd].t_tile_length = 0; if (len == 4) { load_raw = &CLASS sinar_4shot_load_raw; is_raw = 5; } break; case 325: tiff_ifd[ifd].bytes = len > 1 ? ftell(ifp) : get4(); break; case 330: if (!strcmp(model, ""DSLR-A100"") && tiff_ifd[ifd].t_width == 3872) { load_raw = &CLASS sony_arw_load_raw; data_offset = get4() + base; ifd++; break; } #ifdef LIBRAW_LIBRARY_BUILD if (!strncmp(make, ""Hasselblad"", 10) && libraw_internal_data.unpacker_data.hasselblad_parser_flag) { fseek(ifp, ftell(ifp) + 4, SEEK_SET); fseek(ifp, get4() + base, SEEK_SET); parse_tiff_ifd(base); break; } #endif if (len > 1000) len = 1000; while (len--) { i = ftell(ifp); fseek(ifp, get4() + base, SEEK_SET); if (parse_tiff_ifd(base)) break; fseek(ifp, i + 4, SEEK_SET); } break; case 339: tiff_ifd[ifd].sample_format = getint(type); break; case 400: strcpy(make, ""Sarnoff""); maximum = 0xfff; break; #ifdef LIBRAW_LIBRARY_BUILD case 700: if ((type == 1 || type == 2 || type == 6 || type == 7) && len > 1 && len < 5100000) { xmpdata = (char *)malloc(xmplen = len + 1); fread(xmpdata, len, 1, ifp); xmpdata[len] = 0; } break; #endif case 28688: FORC4 sony_curve[c + 1] = get2() >> 2 & 0xfff; for (i = 0; i < 5; i++) for (j = sony_curve[i] + 1; j <= sony_curve[i + 1]; j++) curve[j] = curve[j - 1] + (1 << i); break; case 29184: sony_offset = get4(); break; case 29185: sony_length = get4(); break; case 29217: sony_key = get4(); break; case 29264: parse_minolta(ftell(ifp)); raw_width = 0; break; case 29443: FORC4 cam_mul[c ^ (c < 2)] = get2(); break; case 29459: FORC4 cam_mul[c] = get2(); i = (cam_mul[1] == 1024 && cam_mul[2] == 1024) << 1; SWAP(cam_mul[i], cam_mul[i + 1]) break; #ifdef LIBRAW_LIBRARY_BUILD case 30720: for (i = 0; i < 3; i++) { float num = 0.0; for (c = 0; c < 3; c++) { imgdata.color.ccm[i][c] = (float)((short)get2()); num += imgdata.color.ccm[i][c]; } if (num > 0.01) FORC3 imgdata.color.ccm[i][c] = imgdata.color.ccm[i][c] / num; } break; #endif case 29456: FORC4 cblack[c ^ c >> 1] = get2(); i = cblack[3]; FORC3 if (i > cblack[c]) i = cblack[c]; FORC4 cblack[c] -= i; black = i; #ifdef DCRAW_VERBOSE if (verbose) fprintf(stderr, _(""...Sony black: %u cblack: %u %u %u %u\n""), black, cblack[0], cblack[1], cblack[2], cblack[3]); #endif break; case 33405: fgets(model2, 64, ifp); break; case 33421: if (get2() == 6 && get2() == 6) filters = 9; break; case 33422: if (filters == 9) { FORC(36)((char *)xtrans)[c] = fgetc(ifp) & 3; break; } case 64777: if (len == 36) { filters = 9; colors = 3; FORC(36) xtrans[0][c] = fgetc(ifp) & 3; } else if (len > 0) { if ((plen = len) > 16) plen = 16; fread(cfa_pat, 1, plen, ifp); for (colors = cfa = i = 0; i < plen && colors < 4; i++) { colors += !(cfa & (1 << cfa_pat[i])); cfa |= 1 << cfa_pat[i]; } if (cfa == 070) memcpy(cfa_pc, ""\003\004\005"", 3); if (cfa == 072) memcpy(cfa_pc, ""\005\003\004\001"", 4); goto guess_cfa_pc; } break; case 33424: case 65024: fseek(ifp, get4() + base, SEEK_SET); parse_kodak_ifd(base); break; case 33434: tiff_ifd[ifd].t_shutter = shutter = getreal(type); break; case 33437: aperture = getreal(type); break; #ifdef LIBRAW_LIBRARY_BUILD case 0xa405: imgdata.lens.FocalLengthIn35mmFormat = get2(); break; case 0xa431: case 0xc62f: stmread(imgdata.shootinginfo.BodySerial, len, ifp); break; case 0xa432: imgdata.lens.MinFocal = getreal(type); imgdata.lens.MaxFocal = getreal(type); imgdata.lens.MaxAp4MinFocal = getreal(type); imgdata.lens.MaxAp4MaxFocal = getreal(type); break; case 0xa435: stmread(imgdata.lens.LensSerial, len, ifp); break; case 0xc630: imgdata.lens.MinFocal = getreal(type); imgdata.lens.MaxFocal = getreal(type); imgdata.lens.MaxAp4MinFocal = getreal(type); imgdata.lens.MaxAp4MaxFocal = getreal(type); break; case 0xa433: stmread(imgdata.lens.LensMake, len, ifp); break; case 0xa434: stmread(imgdata.lens.Lens, len, ifp); if (!strncmp(imgdata.lens.Lens, ""----"", 4)) imgdata.lens.Lens[0] = 0; break; case 0x9205: imgdata.lens.EXIF_MaxAp = powf64(2.0f, (getreal(type) / 2.0f)); break; #endif case 34306: FORC4 cam_mul[c ^ 1] = 4096.0 / get2(); break; case 34307: fread(software, 1, 7, ifp); if (strncmp(software, ""MATRIX"", 6)) break; colors = 4; for (raw_color = i = 0; i < 3; i++) { FORC4 fscanf(ifp, ""%f"", &rgb_cam[i][c ^ 1]); if (!use_camera_wb) continue; num = 0; FORC4 num += rgb_cam[i][c]; FORC4 rgb_cam[i][c] /= MAX(1, num); } break; case 34310: parse_mos(ftell(ifp)); case 34303: strcpy(make, ""Leaf""); break; case 34665: fseek(ifp, get4() + base, SEEK_SET); parse_exif(base); break; case 34853: { unsigned pos; fseek(ifp, pos = (get4() + base), SEEK_SET); parse_gps(base); #ifdef LIBRAW_LIBRARY_BUILD fseek(ifp, pos, SEEK_SET); parse_gps_libraw(base); #endif } break; case 34675: case 50831: profile_offset = ftell(ifp); profile_length = len; break; case 37122: kodak_cbpp = get4(); break; case 37386: focal_len = getreal(type); break; case 37393: shot_order = getint(type); break; case 37400: for (raw_color = i = 0; i < 3; i++) { getreal(type); FORC3 rgb_cam[i][c] = getreal(type); } break; case 40976: strip_offset = get4(); switch (tiff_ifd[ifd].comp) { case 32770: load_raw = &CLASS samsung_load_raw; break; case 32772: load_raw = &CLASS samsung2_load_raw; break; case 32773: load_raw = &CLASS samsung3_load_raw; break; } break; case 46275: strcpy(make, ""Imacon""); data_offset = ftell(ifp); ima_len = len; break; case 46279: if (!ima_len) break; fseek(ifp, 38, SEEK_CUR); case 46274: fseek(ifp, 40, SEEK_CUR); raw_width = get4(); raw_height = get4(); left_margin = get4() & 7; width = raw_width - left_margin - (get4() & 7); top_margin = get4() & 7; height = raw_height - top_margin - (get4() & 7); if (raw_width == 7262 && ima_len == 234317952) { height = 5412; width = 7216; left_margin = 7; filters = 0; } else if (raw_width == 7262) { height = 5444; width = 7244; left_margin = 7; } fseek(ifp, 52, SEEK_CUR); FORC3 cam_mul[c] = getreal(11); fseek(ifp, 114, SEEK_CUR); flip = (get2() >> 7) * 90; if (width * height * 6 == ima_len) { if (flip % 180 == 90) SWAP(width, height); raw_width = width; raw_height = height; left_margin = top_margin = filters = flip = 0; } sprintf(model, ""Ixpress %d-Mp"", height * width / 1000000); load_raw = &CLASS imacon_full_load_raw; if (filters) { if (left_margin & 1) filters = 0x61616161; load_raw = &CLASS unpacked_load_raw; } maximum = 0xffff; break; case 50454: case 50455: if (len > 2560000 || !(cbuf = (char *)malloc(len))) break; #ifndef LIBRAW_LIBRARY_BUILD fread(cbuf, 1, len, ifp); #else if (fread(cbuf, 1, len, ifp) != len) throw LIBRAW_EXCEPTION_IO_CORRUPT; #endif cbuf[len - 1] = 0; for (cp = cbuf - 1; cp && cp < cbuf + len; cp = strchr(cp, '\n')) if (!strncmp(++cp, ""Neutral "", 8)) sscanf(cp + 8, ""%f %f %f"", cam_mul, cam_mul + 1, cam_mul + 2); free(cbuf); break; case 50458: if (!make[0]) strcpy(make, ""Hasselblad""); break; case 50459: #ifdef LIBRAW_LIBRARY_BUILD libraw_internal_data.unpacker_data.hasselblad_parser_flag = 1; #endif i = order; j = ftell(ifp); c = tiff_nifds; order = get2(); fseek(ifp, j + (get2(), get4()), SEEK_SET); parse_tiff_ifd(j); maximum = 0xffff; tiff_nifds = c; order = i; break; case 50706: FORC4 dng_version = (dng_version << 8) + fgetc(ifp); if (!make[0]) strcpy(make, ""DNG""); is_raw = 1; break; case 50708: #ifdef LIBRAW_LIBRARY_BUILD stmread(imgdata.color.UniqueCameraModel, len, ifp); imgdata.color.UniqueCameraModel[sizeof(imgdata.color.UniqueCameraModel) - 1] = 0; #endif if (model[0]) break; #ifndef LIBRAW_LIBRARY_BUILD fgets(make, 64, ifp); #else strncpy(make, imgdata.color.UniqueCameraModel, MIN(len, sizeof(imgdata.color.UniqueCameraModel))); #endif if ((cp = strchr(make, ' '))) { strcpy(model, cp + 1); *cp = 0; } break; case 50710: if (filters == 9) break; if (len > 4) len = 4; colors = len; fread(cfa_pc, 1, colors, ifp); guess_cfa_pc: FORCC tab[cfa_pc[c]] = c; cdesc[c] = 0; for (i = 16; i--;) filters = filters << 2 | tab[cfa_pat[i % plen]]; filters -= !filters; break; case 50711: if (get2() == 2) fuji_width = 1; break; case 291: case 50712: #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].lineartable_offset = ftell(ifp); tiff_ifd[ifd].lineartable_len = len; #endif linear_table(len); break; case 50713: #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_cblack[4] = #endif cblack[4] = get2(); #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_cblack[5] = #endif cblack[5] = get2(); if (cblack[4] * cblack[5] > (sizeof(cblack) / sizeof(cblack[0]) - 6)) #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_cblack[4] = tiff_ifd[ifd].dng_levels.dng_cblack[5] = #endif cblack[4] = cblack[5] = 1; break; #ifdef LIBRAW_LIBRARY_BUILD case 0xf00c: { unsigned fwb[4]; FORC4 fwb[c] = get4(); if (fwb[3] < 0x100) { imgdata.color.WB_Coeffs[fwb[3]][0] = fwb[1]; imgdata.color.WB_Coeffs[fwb[3]][1] = imgdata.color.WB_Coeffs[fwb[3]][3] = fwb[0]; imgdata.color.WB_Coeffs[fwb[3]][2] = fwb[2]; if ((fwb[3] == 17) && libraw_internal_data.unpacker_data.lenRAFData > 3 && libraw_internal_data.unpacker_data.lenRAFData < 10240000) { long long f_save = ftell(ifp); int fj, found = 0; ushort *rafdata = (ushort *)malloc(sizeof(ushort) * libraw_internal_data.unpacker_data.lenRAFData); fseek(ifp, libraw_internal_data.unpacker_data.posRAFData, SEEK_SET); fread(rafdata, sizeof(ushort), libraw_internal_data.unpacker_data.lenRAFData, ifp); fseek(ifp, f_save, SEEK_SET); for (int fi = 0; fi < (libraw_internal_data.unpacker_data.lenRAFData - 3); fi++) { if ((fwb[0] == rafdata[fi]) && (fwb[1] == rafdata[fi + 1]) && (fwb[2] == rafdata[fi + 2])) { if (rafdata[fi - 15] != fwb[0]) continue; fi = fi - 15; imgdata.color.WB_Coeffs[LIBRAW_WBI_FineWeather][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FineWeather][3] = rafdata[fi]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FineWeather][0] = rafdata[fi + 1]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FineWeather][2] = rafdata[fi + 2]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][3] = rafdata[fi + 3]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][0] = rafdata[fi + 4]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Shade][2] = rafdata[fi + 5]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][3] = rafdata[fi + 6]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][0] = rafdata[fi + 7]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_D][2] = rafdata[fi + 8]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][3] = rafdata[fi + 9]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][0] = rafdata[fi + 10]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_L][2] = rafdata[fi + 11]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][3] = rafdata[fi + 12]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][0] = rafdata[fi + 13]; imgdata.color.WB_Coeffs[LIBRAW_WBI_FL_W][2] = rafdata[fi + 14]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][1] = imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][3] = rafdata[fi + 15]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][0] = rafdata[fi + 16]; imgdata.color.WB_Coeffs[LIBRAW_WBI_Tungsten][2] = rafdata[fi + 17]; fi += 111; for (fj = fi; fj < (fi + 15); fj += 3) if (rafdata[fj] != rafdata[fi]) { found = 1; break; } if (found) { int FujiCCT_K[31] = {2500, 2550, 2650, 2700, 2800, 2850, 2950, 3000, 3100, 3200, 3300, 3400, 3600, 3700, 3800, 4000, 4200, 4300, 4500, 4800, 5000, 5300, 5600, 5900, 6300, 6700, 7100, 7700, 8300, 9100, 10000}; fj = fj - 93; for (int iCCT = 0; iCCT < 31; iCCT++) { imgdata.color.WBCT_Coeffs[iCCT][0] = FujiCCT_K[iCCT]; imgdata.color.WBCT_Coeffs[iCCT][1] = rafdata[iCCT * 3 + 1 + fj]; imgdata.color.WBCT_Coeffs[iCCT][2] = imgdata.color.WBCT_Coeffs[iCCT][4] = rafdata[iCCT * 3 + fj]; imgdata.color.WBCT_Coeffs[iCCT][3] = rafdata[iCCT * 3 + 2 + fj]; } } free(rafdata); break; } } } } FORC4 fwb[c] = get4(); if (fwb[3] < 0x100) { imgdata.color.WB_Coeffs[fwb[3]][0] = fwb[1]; imgdata.color.WB_Coeffs[fwb[3]][1] = imgdata.color.WB_Coeffs[fwb[3]][3] = fwb[0]; imgdata.color.WB_Coeffs[fwb[3]][2] = fwb[2]; } } break; #endif #ifdef LIBRAW_LIBRARY_BUILD case 50709: stmread(imgdata.color.LocalizedCameraModel, len, ifp); break; #endif case 61450: cblack[4] = cblack[5] = MIN(sqrt((double)len), 64); case 50714: #ifdef LIBRAW_LIBRARY_BUILD if (tiff_ifd[ifd].samples > 1 && tiff_ifd[ifd].samples == len) { for (i = 0; i < colors && i < 4 && i < len; i++) tiff_ifd[ifd].dng_levels.dng_cblack[i] = cblack[i] = getreal(type) + 0.5; tiff_ifd[ifd].dng_levels.dng_black = black = 0; } else #endif if ((cblack[4] * cblack[5] < 2) && len == 1) { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_black = #endif black = getreal(type); } else if (cblack[4] * cblack[5] <= len) { FORC(cblack[4] * cblack[5]) cblack[6 + c] = getreal(type); black = 0; FORC4 cblack[c] = 0; #ifdef LIBRAW_LIBRARY_BUILD if (tag == 50714) { FORC(cblack[4] * cblack[5]) tiff_ifd[ifd].dng_levels.dng_cblack[6 + c] = cblack[6 + c]; tiff_ifd[ifd].dng_levels.dng_black = 0; FORC4 tiff_ifd[ifd].dng_levels.dng_cblack[c] = 0; } #endif } break; case 50715: case 50716: for (num = i = 0; i < len && i < 65536; i++) num += getreal(type); black += num / len + 0.5; #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_black += num / len + 0.5; #endif break; case 50717: #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.dng_whitelevel[0] = #endif maximum = getint(type); #ifdef LIBRAW_LIBRARY_BUILD if (tiff_ifd[ifd].samples > 1) for (i = 1; i < colors && i < 4 && i < len; i++) tiff_ifd[ifd].dng_levels.dng_whitelevel[i] = getint(type); #endif break; case 50718: pixel_aspect = getreal(type); pixel_aspect /= getreal(type); if (pixel_aspect > 0.995 && pixel_aspect < 1.005) pixel_aspect = 1.0; break; #ifdef LIBRAW_LIBRARY_BUILD case 50778: tiff_ifd[ifd].dng_color[0].illuminant = get2(); break; case 50779: tiff_ifd[ifd].dng_color[1].illuminant = get2(); break; #endif case 50721: case 50722: #ifdef LIBRAW_LIBRARY_BUILD i = tag == 50721 ? 0 : 1; #endif FORCC for (j = 0; j < 3; j++) { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_color[i].colormatrix[c][j] = #endif cm[c][j] = getreal(type); } use_cm = 1; break; case 0xc714: case 0xc715: #ifdef LIBRAW_LIBRARY_BUILD i = tag == 0xc714 ? 0 : 1; #endif for (j = 0; j < 3; j++) FORCC { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_color[i].forwardmatrix[j][c] = #endif fm[j][c] = getreal(type); } break; case 50723: case 50724: #ifdef LIBRAW_LIBRARY_BUILD j = tag == 50723 ? 0 : 1; #endif for (i = 0; i < colors; i++) FORCC { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_color[j].calibration[i][c] = #endif cc[i][c] = getreal(type); } break; case 50727: FORCC { #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].dng_levels.analogbalance[c] = #endif ab[c] = getreal(type); } break; case 50728: FORCC asn[c] = getreal(type); break; case 50729: xyz[0] = getreal(type); xyz[1] = getreal(type); xyz[2] = 1 - xyz[0] - xyz[1]; FORC3 xyz[c] /= d65_white[c]; break; #ifdef LIBRAW_LIBRARY_BUILD case 50730: baseline_exposure = getreal(type); break; #endif case 50740: #ifdef LIBRAW_LIBRARY_BUILD { char mbuf[64]; unsigned short makernote_found = 0; INT64 curr_pos, start_pos = ftell(ifp); unsigned MakN_order, m_sorder = order; unsigned MakN_length; unsigned pos_in_original_raw; fread(mbuf, 1, 6, ifp); if (!strcmp(mbuf, ""Adobe"")) { order = 0x4d4d; curr_pos = start_pos + 6; while (curr_pos + 8 - start_pos <= len) { fread(mbuf, 1, 4, ifp); curr_pos += 8; if (!strncmp(mbuf, ""MakN"", 4)) { makernote_found = 1; MakN_length = get4(); MakN_order = get2(); pos_in_original_raw = get4(); order = MakN_order; parse_makernote_0xc634(curr_pos + 6 - pos_in_original_raw, 0, AdobeDNG); break; } } } else { fread(mbuf + 6, 1, 2, ifp); if (!strcmp(mbuf, ""PENTAX "") || !strcmp(mbuf, ""SAMSUNG"")) { makernote_found = 1; fseek(ifp, start_pos, SEEK_SET); parse_makernote_0xc634(base, 0, CameraDNG); } } fseek(ifp, start_pos, SEEK_SET); order = m_sorder; } #endif if (dng_version) break; parse_minolta(j = get4() + base); fseek(ifp, j, SEEK_SET); parse_tiff_ifd(base); break; case 50752: read_shorts(cr2_slice, 3); break; case 50829: top_margin = getint(type); left_margin = getint(type); height = getint(type) - top_margin; width = getint(type) - left_margin; break; case 50830: for (i = 0; i < len && i < 32; i++) ((int *)mask)[i] = getint(type); black = 0; break; case 51009: #ifdef LIBRAW_LIBRARY_BUILD tiff_ifd[ifd].opcode2_offset = #endif meta_offset = ftell(ifp); break; case 64772: if (len < 13) break; fseek(ifp, 16, SEEK_CUR); data_offset = get4(); fseek(ifp, 28, SEEK_CUR); data_offset += get4(); load_raw = &CLASS packed_load_raw; break; case 65026: if (type == 2) fgets(model2, 64, ifp); } fseek(ifp, save, SEEK_SET); } if (sony_length && sony_length < 10240000 && (buf = (unsigned *)malloc(sony_length))) { fseek(ifp, sony_offset, SEEK_SET); fread(buf, sony_length, 1, ifp); sony_decrypt(buf, sony_length / 4, 1, sony_key); #ifndef LIBRAW_LIBRARY_BUILD sfp = ifp; if ((ifp = tmpfile())) { fwrite(buf, sony_length, 1, ifp); fseek(ifp, 0, SEEK_SET); parse_tiff_ifd(-sony_offset); fclose(ifp); } ifp = sfp; #else if (!ifp->tempbuffer_open(buf, sony_length)) { parse_tiff_ifd(-sony_offset); ifp->tempbuffer_close(); } #endif free(buf); } for (i = 0; i < colors; i++) FORCC cc[i][c] *= ab[i]; if (use_cm) { FORCC for (i = 0; i < 3; i++) for (cam_xyz[c][i] = j = 0; j < colors; j++) cam_xyz[c][i] += cc[c][j] * cm[j][i] * xyz[i]; cam_xyz_coeff(cmatrix, cam_xyz); } if (asn[0]) { cam_mul[3] = 0; FORCC cam_mul[c] = 1 / asn[c]; } if (!use_cm) FORCC pre_mul[c] /= cc[c][c]; return 0; }",visit repo url,internal/dcraw_common.cpp,https://github.com/LibRaw/LibRaw,53214275065039,1 5707,CWE-787,"void luaD_call (lua_State *L, StkId func, int nresults) { lua_CFunction f; retry: switch (ttypetag(s2v(func))) { case LUA_VCCL: f = clCvalue(s2v(func))->f; goto Cfunc; case LUA_VLCF: f = fvalue(s2v(func)); Cfunc: { int n; CallInfo *ci = next_ci(L); checkstackp(L, LUA_MINSTACK, func); ci->nresults = nresults; ci->callstatus = CIST_C; ci->top = L->top + LUA_MINSTACK; ci->func = func; L->ci = ci; lua_assert(ci->top <= L->stack_last); if (L->hookmask & LUA_MASKCALL) { int narg = cast_int(L->top - func) - 1; luaD_hook(L, LUA_HOOKCALL, -1, 1, narg); } lua_unlock(L); n = (*f)(L); lua_lock(L); api_checknelems(L, n); luaD_poscall(L, ci, n); break; } case LUA_VLCL: { CallInfo *ci = next_ci(L); Proto *p = clLvalue(s2v(func))->p; int narg = cast_int(L->top - func) - 1; int nfixparams = p->numparams; int fsize = p->maxstacksize; checkstackp(L, fsize, func); ci->nresults = nresults; ci->u.l.savedpc = p->code; ci->callstatus = 0; ci->top = func + 1 + fsize; ci->func = func; L->ci = ci; for (; narg < nfixparams; narg++) setnilvalue(s2v(L->top++)); lua_assert(ci->top <= L->stack_last); luaV_execute(L, ci); break; } default: { checkstackp(L, 1, func); luaD_tryfuncTM(L, func); goto retry; } } }",visit repo url,ldo.c,https://github.com/lua/lua,128617765926143,1 368,[],"pfm_proc_show(struct seq_file *m, void *v) { unsigned long psr; unsigned int i; int cpu; if (v == PFM_PROC_SHOW_HEADER) { pfm_proc_show_header(m); return 0; } cpu = (long)v - 1; seq_printf(m, ""CPU%-2d overflow intrs : %lu\n"" ""CPU%-2d overflow cycles : %lu\n"" ""CPU%-2d overflow min : %lu\n"" ""CPU%-2d overflow max : %lu\n"" ""CPU%-2d smpl handler calls : %lu\n"" ""CPU%-2d smpl handler cycles : %lu\n"" ""CPU%-2d spurious intrs : %lu\n"" ""CPU%-2d replay intrs : %lu\n"" ""CPU%-2d syst_wide : %d\n"" ""CPU%-2d dcr_pp : %d\n"" ""CPU%-2d exclude idle : %d\n"" ""CPU%-2d owner : %d\n"" ""CPU%-2d context : %p\n"" ""CPU%-2d activations : %lu\n"", cpu, pfm_stats[cpu].pfm_ovfl_intr_count, cpu, pfm_stats[cpu].pfm_ovfl_intr_cycles, cpu, pfm_stats[cpu].pfm_ovfl_intr_cycles_min, cpu, pfm_stats[cpu].pfm_ovfl_intr_cycles_max, cpu, pfm_stats[cpu].pfm_smpl_handler_calls, cpu, pfm_stats[cpu].pfm_smpl_handler_cycles, cpu, pfm_stats[cpu].pfm_spurious_ovfl_intr_count, cpu, pfm_stats[cpu].pfm_replay_ovfl_intr_count, cpu, pfm_get_cpu_data(pfm_syst_info, cpu) & PFM_CPUINFO_SYST_WIDE ? 1 : 0, cpu, pfm_get_cpu_data(pfm_syst_info, cpu) & PFM_CPUINFO_DCR_PP ? 1 : 0, cpu, pfm_get_cpu_data(pfm_syst_info, cpu) & PFM_CPUINFO_EXCL_IDLE ? 1 : 0, cpu, pfm_get_cpu_data(pmu_owner, cpu) ? pfm_get_cpu_data(pmu_owner, cpu)->pid: -1, cpu, pfm_get_cpu_data(pmu_ctx, cpu), cpu, pfm_get_cpu_data(pmu_activation_number, cpu)); if (num_online_cpus() == 1 && pfm_sysctl.debug > 0) { psr = pfm_get_psr(); ia64_srlz_d(); seq_printf(m, ""CPU%-2d psr : 0x%lx\n"" ""CPU%-2d pmc0 : 0x%lx\n"", cpu, psr, cpu, ia64_get_pmc(0)); for (i=0; PMC_IS_LAST(i) == 0; i++) { if (PMC_IS_COUNTING(i) == 0) continue; seq_printf(m, ""CPU%-2d pmc%u : 0x%lx\n"" ""CPU%-2d pmd%u : 0x%lx\n"", cpu, i, ia64_get_pmc(i), cpu, i, ia64_get_pmd(i)); } } return 0; }",linux-2.6,,,11585900788346200003944629246454962129,0 2056,['CWE-269'],"static int attach_recursive_mnt(struct vfsmount *source_mnt, struct nameidata *nd, struct nameidata *parent_nd) { LIST_HEAD(tree_list); struct vfsmount *dest_mnt = nd->mnt; struct dentry *dest_dentry = nd->dentry; struct vfsmount *child, *p; if (propagate_mnt(dest_mnt, dest_dentry, source_mnt, &tree_list)) return -EINVAL; if (IS_MNT_SHARED(dest_mnt)) { for (p = source_mnt; p; p = next_mnt(p, source_mnt)) set_mnt_shared(p); } spin_lock(&vfsmount_lock); if (parent_nd) { detach_mnt(source_mnt, parent_nd); attach_mnt(source_mnt, nd); touch_mnt_namespace(current->nsproxy->mnt_ns); } else { mnt_set_mountpoint(dest_mnt, dest_dentry, source_mnt); commit_tree(source_mnt); } list_for_each_entry_safe(child, p, &tree_list, mnt_hash) { list_del_init(&child->mnt_hash); commit_tree(child); } spin_unlock(&vfsmount_lock); return 0; }",linux-2.6,,,141637951176660362546052153116441566237,0 4268,CWE-416,"static pyc_object *get_array_object_generic(RBuffer *buffer, ut32 size) { pyc_object *tmp = NULL; pyc_object *ret = NULL; ut32 i = 0; ret = R_NEW0 (pyc_object); if (!ret) { return NULL; } ret->data = r_list_newf ((RListFree)free_object); if (!ret->data) { free (ret); return NULL; } for (i = 0; i < size; i++) { tmp = get_object (buffer); if (!tmp) { r_list_free (ret->data); R_FREE (ret); return NULL; } if (!r_list_append (ret->data, tmp)) { free_object (tmp); r_list_free (ret->data); free (ret); return NULL; } } return ret; }",visit repo url,libr/bin/format/pyc/marshal.c,https://github.com/radareorg/radare2,192308462382784,1 2908,['CWE-189'],"static double gammafn(double x, double gamma) { if (x == 0.0) return 0.0; return pow(x, gamma); }",jasper,,,307948911651719868480968593996795221940,0 3646,['CWE-287'],"void sctp_assoc_rwnd_decrease(struct sctp_association *asoc, unsigned len) { SCTP_ASSERT(asoc->rwnd, ""rwnd zero"", return); SCTP_ASSERT(!asoc->rwnd_over, ""rwnd_over not zero"", return); if (asoc->rwnd >= len) { asoc->rwnd -= len; } else { asoc->rwnd_over = len - asoc->rwnd; asoc->rwnd = 0; } SCTP_DEBUG_PRINTK(""%s: asoc %p rwnd decreased by %d to (%u, %u)\n"", __func__, asoc, len, asoc->rwnd, asoc->rwnd_over); }",linux-2.6,,,130474674467046101148957106252270268473,0 5549,[],"send_sig(int sig, struct task_struct *p, int priv) { return send_sig_info(sig, __si_special(priv), p); }",linux-2.6,,,13995079112084388177933015425396784991,0 3230,['CWE-189'],"static void jp2_pclr_destroy(jp2_box_t *box) { jp2_pclr_t *pclr = &box->data.pclr; if (pclr->lutdata) { jas_free(pclr->lutdata); } if (pclr->bpc) jas_free(pclr->bpc); }",jasper,,,100663631360199741420064167975746270680,0 5542,CWE-125,"ast_type_reduce(PyObject *self, PyObject *unused) { PyObject *res; _Py_IDENTIFIER(__dict__); PyObject *dict = _PyObject_GetAttrId(self, &PyId___dict__); if (dict == NULL) { if (PyErr_ExceptionMatches(PyExc_AttributeError)) PyErr_Clear(); else return NULL; } if (dict) { res = Py_BuildValue(""O()O"", Py_TYPE(self), dict); Py_DECREF(dict); return res; } return Py_BuildValue(""O()"", Py_TYPE(self)); }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,7118425629915,1 795,['CWE-119'],"static void isdn_net_softint(struct work_struct *work) { isdn_net_local *lp = container_of(work, isdn_net_local, tqueue); struct sk_buff *skb; spin_lock_bh(&lp->xmit_lock); while (!isdn_net_lp_busy(lp)) { skb = skb_dequeue(&lp->super_tx_queue); if (!skb) break; isdn_net_writebuf_skb(lp, skb); } spin_unlock_bh(&lp->xmit_lock); }",linux-2.6,,,65395157613782742598162514647992643648,0 1296,CWE-119,"static int iwl_process_add_sta_resp(struct iwl_priv *priv, struct iwl_addsta_cmd *addsta, struct iwl_rx_packet *pkt) { u8 sta_id = addsta->sta.sta_id; unsigned long flags; int ret = -EIO; if (pkt->hdr.flags & IWL_CMD_FAILED_MSK) { IWL_ERR(priv, ""Bad return from REPLY_ADD_STA (0x%08X)\n"", pkt->hdr.flags); return ret; } IWL_DEBUG_INFO(priv, ""Processing response for adding station %u\n"", sta_id); spin_lock_irqsave(&priv->shrd->sta_lock, flags); switch (pkt->u.add_sta.status) { case ADD_STA_SUCCESS_MSK: IWL_DEBUG_INFO(priv, ""REPLY_ADD_STA PASSED\n""); iwl_sta_ucode_activate(priv, sta_id); ret = 0; break; case ADD_STA_NO_ROOM_IN_TABLE: IWL_ERR(priv, ""Adding station %d failed, no room in table.\n"", sta_id); break; case ADD_STA_NO_BLOCK_ACK_RESOURCE: IWL_ERR(priv, ""Adding station %d failed, no block ack "" ""resource.\n"", sta_id); break; case ADD_STA_MODIFY_NON_EXIST_STA: IWL_ERR(priv, ""Attempting to modify non-existing station %d\n"", sta_id); break; default: IWL_DEBUG_ASSOC(priv, ""Received REPLY_ADD_STA:(0x%08X)\n"", pkt->u.add_sta.status); break; } IWL_DEBUG_INFO(priv, ""%s station id %u addr %pM\n"", priv->stations[sta_id].sta.mode == STA_CONTROL_MODIFY_MSK ? ""Modified"" : ""Added"", sta_id, priv->stations[sta_id].sta.sta.addr); IWL_DEBUG_INFO(priv, ""%s station according to cmd buffer %pM\n"", priv->stations[sta_id].sta.mode == STA_CONTROL_MODIFY_MSK ? ""Modified"" : ""Added"", addsta->sta.addr); spin_unlock_irqrestore(&priv->shrd->sta_lock, flags); return ret; }",visit repo url,drivers/net/wireless/iwlwifi/iwl-agn-sta.c,https://github.com/torvalds/linux,263932019502069,1 597,['CWE-200'],"static void __init htab_init_page_sizes(void) { int rc; memcpy(mmu_psize_defs, mmu_psize_defaults_old, sizeof(mmu_psize_defaults_old)); rc = of_scan_flat_dt(htab_dt_scan_page_sizes, NULL); if (rc != 0) goto found; if (cpu_has_feature(CPU_FTR_16M_PAGE)) memcpy(mmu_psize_defs, mmu_psize_defaults_gp, sizeof(mmu_psize_defaults_gp)); found: if (mmu_psize_defs[MMU_PAGE_16M].shift) mmu_linear_psize = MMU_PAGE_16M; else if (mmu_psize_defs[MMU_PAGE_1M].shift) mmu_linear_psize = MMU_PAGE_1M; #ifdef CONFIG_PPC_64K_PAGES if (mmu_psize_defs[MMU_PAGE_64K].shift) { mmu_virtual_psize = MMU_PAGE_64K; mmu_vmalloc_psize = MMU_PAGE_64K; if (cpu_has_feature(CPU_FTR_CI_LARGE_PAGE)) mmu_io_psize = MMU_PAGE_64K; else mmu_ci_restrictions = 1; } #endif printk(KERN_DEBUG ""Page orders: linear mapping = %d, "" ""virtual = %d, io = %d\n"", mmu_psize_defs[mmu_linear_psize].shift, mmu_psize_defs[mmu_virtual_psize].shift, mmu_psize_defs[mmu_io_psize].shift); #ifdef CONFIG_HUGETLB_PAGE if (mmu_psize_defs[MMU_PAGE_16M].shift) mmu_huge_psize = MMU_PAGE_16M; else if (mmu_psize_defs[MMU_PAGE_1M].shift) mmu_huge_psize = MMU_PAGE_1M; if (mmu_psize_defs[mmu_huge_psize].shift > MIN_HUGEPTE_SHIFT && mmu_psize_defs[mmu_huge_psize].shift < SID_SHIFT) HPAGE_SHIFT = mmu_psize_defs[mmu_huge_psize].shift; else HPAGE_SHIFT = 0; #endif }",linux-2.6,,,118329290436560952666907260449823536107,0 265,CWE-787,"int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user) { struct net_device *dev = skb->dev; int fhoff, nhoff, ret; struct frag_hdr *fhdr; struct frag_queue *fq; struct ipv6hdr *hdr; u8 prevhdr; if (ipv6_hdr(skb)->payload_len == 0) { pr_debug(""payload len = 0\n""); return -EINVAL; } if (find_prev_fhdr(skb, &prevhdr, &nhoff, &fhoff) < 0) return -EINVAL; if (!pskb_may_pull(skb, fhoff + sizeof(*fhdr))) return -ENOMEM; skb_set_transport_header(skb, fhoff); hdr = ipv6_hdr(skb); fhdr = (struct frag_hdr *)skb_transport_header(skb); fq = fq_find(net, fhdr->identification, user, &hdr->saddr, &hdr->daddr, skb->dev ? skb->dev->ifindex : 0, ip6_frag_ecn(hdr)); if (fq == NULL) { pr_debug(""Can't find and can't create new queue\n""); return -ENOMEM; } spin_lock_bh(&fq->q.lock); if (nf_ct_frag6_queue(fq, skb, fhdr, nhoff) < 0) { ret = -EINVAL; goto out_unlock; } ret = -EINPROGRESS; if (fq->q.flags == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && fq->q.meat == fq->q.len && nf_ct_frag6_reasm(fq, skb, dev)) ret = 0; out_unlock: spin_unlock_bh(&fq->q.lock); inet_frag_put(&fq->q, &nf_frags); return ret; }",visit repo url,net/ipv6/netfilter/nf_conntrack_reasm.c,https://github.com/torvalds/linux,43672289398781,1 2028,['CWE-269'],"asmlinkage long sys_oldumount(char __user * name) { return sys_umount(name, 0); }",linux-2.6,,,294957927194917850923467160722920628344,0 2462,CWE-89,"char *curl_easy_escape(CURL *handle, const char *string, int inlength) { size_t alloc = (inlength?(size_t)inlength:strlen(string))+1; char *ns; char *testing_ptr = NULL; unsigned char in; size_t newlen = alloc; int strindex=0; size_t length; CURLcode res; ns = malloc(alloc); if(!ns) return NULL; length = alloc-1; while(length--) { in = *string; if(Curl_isunreserved(in)) ns[strindex++]=in; else { newlen += 2; if(newlen > alloc) { alloc *= 2; testing_ptr = realloc(ns, alloc); if(!testing_ptr) { free( ns ); return NULL; } else { ns = testing_ptr; } } res = Curl_convert_to_network(handle, &in, 1); if(res) { free(ns); return NULL; } snprintf(&ns[strindex], 4, ""%%%02X"", in); strindex+=3; } string++; } ns[strindex]=0; return ns; }",visit repo url,lib/escape.c,https://github.com/bagder/curl,40263439360389,1 2432,['CWE-119'],"struct diff_filepair *diff_queue(struct diff_queue_struct *queue, struct diff_filespec *one, struct diff_filespec *two) { struct diff_filepair *dp = xcalloc(1, sizeof(*dp)); dp->one = one; dp->two = two; if (queue) diff_q(queue, dp); return dp; }",git,,,99985570625899049389391180538185171715,0 6050,CWE-190,"void bn_gcd_ext_lehme(bn_t c, bn_t d, bn_t e, const bn_t a, const bn_t b) { bn_t x, y, u, v, t0, t1, t2, t3, t4; dig_t _x, _y, q, _q, t, _t; dis_t _a, _b, _c, _d; int swap; if (bn_is_zero(a)) { bn_abs(c, b); bn_zero(d); if (e != NULL) { bn_set_dig(e, 1); } return; } if (bn_is_zero(b)) { bn_abs(c, a); bn_set_dig(d, 1); if (e != NULL) { bn_zero(e); } return; } bn_null(x); bn_null(y); bn_null(u); bn_null(v); bn_null(t0); bn_null(t1); bn_null(t2); bn_null(t3); bn_null(t4); RLC_TRY { bn_new(x); bn_new(y); bn_new(u); bn_new(v); bn_new(t0); bn_new(t1); bn_new(t2); bn_new(t3); bn_new(t4); if (bn_cmp_abs(a, b) != RLC_LT) { bn_abs(x, a); bn_abs(y, b); swap = 0; } else { bn_abs(x, b); bn_abs(y, a); swap = 1; } bn_zero(t4); bn_set_dig(d, 1); while (y->used > 1) { bn_rsh(u, x, bn_bits(x) - RLC_DIG); _x = u->dp[0]; bn_rsh(v, y, bn_bits(x) - RLC_DIG); _y = v->dp[0]; _a = _d = 1; _b = _c = 0; t = 0; if (_y != 0) { q = _x / _y; t = _x % _y; } if (t >= ((dig_t)1 << (RLC_DIG / 2))) { while (1) { _q = _y / t; _t = _y % t; if (_t < ((dig_t)1 << (RLC_DIG / 2))) { break; } _x = _y; _y = t; t = _a - q * _c; _a = _c; _c = t; t = _b - q * _d; _b = _d; _d = t; t = _t; q = _q; } } if (_b == 0) { bn_div_rem(t1, t0, x, y); bn_copy(x, y); bn_copy(y, t0); bn_mul(t1, t1, d); bn_sub(t1, t4, t1); bn_copy(t4, d); bn_copy(d, t1); } else { bn_rsh(u, x, bn_bits(x) - 2 * RLC_DIG); bn_rsh(v, y, bn_bits(x) - 2 * RLC_DIG); if (_a < 0) { bn_mul_dig(t0, u, -_a); bn_neg(t0, t0); } else { bn_mul_dig(t0, u, _a); } if (_b < 0) { bn_mul_dig(t1, v, -_b); bn_neg(t1, t1); } else { bn_mul_dig(t1, v, _b); } if (_c < 0) { bn_mul_dig(t2, u, -_c); bn_neg(t2, t2); } else { bn_mul_dig(t2, u, _c); } if (_d < 0) { bn_mul_dig(t3, v, -_d); bn_neg(t3, t3); } else { bn_mul_dig(t3, v, _d); } bn_add(u, t0, t1); bn_add(v, t2, t3); bn_rsh(t0, u, bn_bits(u) - RLC_DIG); _x = t0->dp[0]; bn_rsh(t1, v, bn_bits(u) - RLC_DIG); _y = t1->dp[0]; t = 0; if (_y != 0) { q = _x / _y; t = _x % _y; } if (t >= ((dig_t)1 << RLC_DIG / 2)) { while (1) { _q = _y / t; _t = _y % t; if (_t < ((dig_t)1 << RLC_DIG / 2)) { break; } _x = _y; _y = t; t = _a - q * _c; _a = _c; _c = t; t = _b - q * _d; _b = _d; _d = t; t = _t; q = _q; } } if (_a < 0) { bn_mul_dig(t0, x, -_a); bn_neg(t0, t0); } else { bn_mul_dig(t0, x, _a); } if (_b < 0) { bn_mul_dig(t1, y, -_b); bn_neg(t1, t1); } else { bn_mul_dig(t1, y, _b); } if (_c < 0) { bn_mul_dig(t2, x, -_c); bn_neg(t2, t2); } else { bn_mul_dig(t2, x, _c); } if (_d < 0) { bn_mul_dig(t3, y, -_d); bn_neg(t3, t3); } else { bn_mul_dig(t3, y, _d); } bn_add(x, t0, t1); bn_add(y, t2, t3); if (_a < 0) { bn_mul_dig(t0, t4, -_a); bn_neg(t0, t0); } else { bn_mul_dig(t0, t4, _a); } if (_b < 0) { bn_mul_dig(t1, d, -_b); bn_neg(t1, t1); } else { bn_mul_dig(t1, d, _b); } if (_c < 0) { bn_mul_dig(t2, t4, -_c); bn_neg(t2, t2); } else { bn_mul_dig(t2, t4, _c); } if (_d < 0) { bn_mul_dig(t3, d, -_d); bn_neg(t3, t3); } else { bn_mul_dig(t3, d, _d); } bn_add(t4, t0, t1); bn_add(d, t2, t3); } } bn_gcd_ext_dig(c, u, v, x, y->dp[0]); if (!swap) { bn_mul(t0, t4, u); bn_mul(t1, d, v); bn_add(t4, t0, t1); bn_mul(x, b, t4); bn_sub(x, c, x); bn_div(d, x, a); } else { bn_mul(t0, t4, u); bn_mul(t1, d, v); bn_add(d, t0, t1); bn_mul(x, a, d); bn_sub(x, c, x); bn_div(t4, x, b); } if (e != NULL) { bn_copy(e, t4); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(x); bn_free(y); bn_free(u); bn_free(v); bn_free(t0); bn_free(t1); bn_free(t2); bn_free(t3); bn_free(t4); } }",visit repo url,src/bn/relic_bn_gcd.c,https://github.com/relic-toolkit/relic,76466010422792,1 6732,CWE-770,"stream_read(pdfio_stream_t *st, char *buffer, size_t bytes) { ssize_t rbytes; if (st->filter == PDFIO_FILTER_NONE) { if (bytes > st->remaining) rbytes = _pdfioFileRead(st->pdf, buffer, st->remaining); else rbytes = _pdfioFileRead(st->pdf, buffer, bytes); if (rbytes > 0) { st->remaining -= (size_t)rbytes; if (st->crypto_cb) (st->crypto_cb)(&st->crypto_ctx, (uint8_t *)buffer, (uint8_t *)buffer, (size_t)rbytes); } return (rbytes); } else if (st->filter == PDFIO_FILTER_FLATE) { int status; if (st->predictor == _PDFIO_PREDICTOR_NONE) { PDFIO_DEBUG(""stream_read: No predictor.\n""); if (st->flate.avail_in == 0) { if (sizeof(st->cbuffer) > st->remaining) rbytes = _pdfioFileRead(st->pdf, st->cbuffer, st->remaining); else rbytes = _pdfioFileRead(st->pdf, st->cbuffer, sizeof(st->cbuffer)); if (rbytes <= 0) return (-1); if (st->crypto_cb) rbytes = (ssize_t)(st->crypto_cb)(&st->crypto_ctx, st->cbuffer, st->cbuffer, (size_t)rbytes); st->remaining -= (size_t)rbytes; st->flate.next_in = (Bytef *)st->cbuffer; st->flate.avail_in = (uInt)rbytes; } st->flate.next_out = (Bytef *)buffer; st->flate.avail_out = (uInt)bytes; if ((status = inflate(&(st->flate), Z_NO_FLUSH)) < Z_OK) { _pdfioFileError(st->pdf, ""Unable to decompress stream data: %s"", zstrerror(status)); return (-1); } return (st->flate.next_out - (Bytef *)buffer); } else if (st->predictor == _PDFIO_PREDICTOR_TIFF2) { size_t pbpixel = st->pbpixel, remaining = st->pbsize; unsigned char *bufptr = (unsigned char *)buffer, *bufsecond = (unsigned char *)buffer + pbpixel, *sptr = st->psbuffer; PDFIO_DEBUG(""stream_read: TIFF predictor 2.\n""); if (bytes < st->pbsize) { _pdfioFileError(st->pdf, ""Read buffer too small for stream.""); return (-1); } st->flate.next_out = (Bytef *)sptr; st->flate.avail_out = (uInt)st->pbsize; while (st->flate.avail_out > 0) { if (st->flate.avail_in == 0) { if (sizeof(st->cbuffer) > st->remaining) rbytes = _pdfioFileRead(st->pdf, st->cbuffer, st->remaining); else rbytes = _pdfioFileRead(st->pdf, st->cbuffer, sizeof(st->cbuffer)); if (rbytes <= 0) return (-1); if (st->crypto_cb) rbytes = (ssize_t)(st->crypto_cb)(&st->crypto_ctx, st->cbuffer, st->cbuffer, (size_t)rbytes); st->remaining -= (size_t)rbytes; st->flate.next_in = (Bytef *)st->cbuffer; st->flate.avail_in = (uInt)rbytes; } if ((status = inflate(&(st->flate), Z_NO_FLUSH)) < Z_OK) { _pdfioFileError(st->pdf, ""Unable to decompress stream data: %s"", zstrerror(status)); return (-1); } else if (status == Z_STREAM_END) break; } if (st->flate.avail_out > 0) return (-1); for (; bufptr < bufsecond; remaining --, sptr ++) *bufptr++ = *sptr; for (; remaining > 0; remaining --, sptr ++, bufptr ++) *bufptr = *sptr + bufptr[-(int)pbpixel]; return ((ssize_t)st->pbsize); } else { size_t pbpixel = st->pbpixel, remaining = st->pbsize - 1; unsigned char *bufptr = (unsigned char *)buffer, *bufsecond = (unsigned char *)buffer + pbpixel, *sptr = st->psbuffer + 1, *pptr = st->prbuffer; PDFIO_DEBUG(""stream_read: PNG predictor.\n""); if (bytes < (st->pbsize - 1)) { _pdfioFileError(st->pdf, ""Read buffer too small for stream.""); return (-1); } st->flate.next_out = (Bytef *)sptr - 1; st->flate.avail_out = (uInt)st->pbsize; while (st->flate.avail_out > 0) { if (st->flate.avail_in == 0) { if (sizeof(st->cbuffer) > st->remaining) rbytes = _pdfioFileRead(st->pdf, st->cbuffer, st->remaining); else rbytes = _pdfioFileRead(st->pdf, st->cbuffer, sizeof(st->cbuffer)); if (rbytes <= 0) return (-1); if (st->crypto_cb) rbytes = (ssize_t)(st->crypto_cb)(&st->crypto_ctx, st->cbuffer, st->cbuffer, (size_t)rbytes); st->remaining -= (size_t)rbytes; st->flate.next_in = (Bytef *)st->cbuffer; st->flate.avail_in = (uInt)rbytes; } if ((status = inflate(&(st->flate), Z_NO_FLUSH)) < Z_OK) { _pdfioFileError(st->pdf, ""Unable to decompress stream data: %s"", zstrerror(status)); return (-1); } else if (status == Z_STREAM_END) break; } if (st->flate.avail_out > 0) { PDFIO_DEBUG(""stream_read: Early EOF (remaining=%u, avail_in=%d, avail_out=%d, data_type=%d, next_in=<%02X%02X%02X%02X...>).\n"", (unsigned)st->remaining, st->flate.avail_in, st->flate.avail_out, st->flate.data_type, st->flate.next_in[0], st->flate.next_in[1], st->flate.next_in[2], st->flate.next_in[3]); return (-1); } PDFIO_DEBUG(""stream_read: Line %02X %02X %02X %02X %02X.\n"", sptr[-1], sptr[0], sptr[0], sptr[2], sptr[3]); switch (sptr[-1]) { case 0 : case 10 : memcpy(buffer, sptr, remaining); break; case 1 : case 11 : for (; bufptr < bufsecond; remaining --, sptr ++) *bufptr++ = *sptr; for (; remaining > 0; remaining --, sptr ++, bufptr ++) *bufptr = *sptr + bufptr[-(int)pbpixel]; break; case 2 : case 12 : for (; remaining > 0; remaining --, sptr ++, pptr ++) *bufptr++ = *sptr + *pptr; break; case 3 : case 13 : for (; bufptr < bufsecond; remaining --, sptr ++, pptr ++) *bufptr++ = *sptr + *pptr / 2; for (; remaining > 0; remaining --, sptr ++, pptr ++, bufptr ++) *bufptr = *sptr + (bufptr[-(int)pbpixel] + *pptr) / 2; break; case 4 : case 14 : for (; bufptr < bufsecond; remaining --, sptr ++, pptr ++) *bufptr++ = *sptr + stream_paeth(0, *pptr, 0); for (; remaining > 0; remaining --, sptr ++, pptr ++, bufptr ++) *bufptr = *sptr + stream_paeth(bufptr[-(int)pbpixel], *pptr, pptr[-(int)pbpixel]); break; default : _pdfioFileError(st->pdf, ""Bad PNG filter %d in data stream."", sptr[-1]); return (-1); } memcpy(st->prbuffer, buffer, st->pbsize - 1); return ((ssize_t)(st->pbsize - 1)); } } return (-1); }",visit repo url,pdfio-stream.c,https://github.com/michaelrsweet/pdfio,227306091669171,1 198,[],"static int atalk_release(struct socket *sock) { struct sock *sk = sock->sk; if (sk) { sock_orphan(sk); sock->sk = NULL; atalk_destroy_socket(sk); } return 0; }",history,,,305389990904513007303504171818727326994,0 1579,CWE-399,"static int ovl_copy_up_locked(struct dentry *workdir, struct dentry *upperdir, struct dentry *dentry, struct path *lowerpath, struct kstat *stat, struct iattr *attr, const char *link) { struct inode *wdir = workdir->d_inode; struct inode *udir = upperdir->d_inode; struct dentry *newdentry = NULL; struct dentry *upper = NULL; umode_t mode = stat->mode; int err; newdentry = ovl_lookup_temp(workdir, dentry); err = PTR_ERR(newdentry); if (IS_ERR(newdentry)) goto out; upper = lookup_one_len(dentry->d_name.name, upperdir, dentry->d_name.len); err = PTR_ERR(upper); if (IS_ERR(upper)) goto out1; stat->mode &= S_IFMT; err = ovl_create_real(wdir, newdentry, stat, link, NULL, true); stat->mode = mode; if (err) goto out2; if (S_ISREG(stat->mode)) { struct path upperpath; ovl_path_upper(dentry, &upperpath); BUG_ON(upperpath.dentry != NULL); upperpath.dentry = newdentry; err = ovl_copy_up_data(lowerpath, &upperpath, stat->size); if (err) goto out_cleanup; } err = ovl_copy_xattr(lowerpath->dentry, newdentry); if (err) goto out_cleanup; mutex_lock(&newdentry->d_inode->i_mutex); err = ovl_set_attr(newdentry, stat); if (!err && attr) err = notify_change(newdentry, attr, NULL); mutex_unlock(&newdentry->d_inode->i_mutex); if (err) goto out_cleanup; err = ovl_do_rename(wdir, newdentry, udir, upper, 0); if (err) goto out_cleanup; ovl_dentry_update(dentry, newdentry); newdentry = NULL; if (!S_ISDIR(stat->mode)) ovl_dentry_set_opaque(dentry, true); out2: dput(upper); out1: dput(newdentry); out: return err; out_cleanup: ovl_cleanup(wdir, newdentry); goto out; }",visit repo url,fs/overlayfs/copy_up.c,https://github.com/torvalds/linux,224867382472698,1 3437,['CWE-264'],"asmlinkage long sys_vmsplice(int fd, const struct iovec __user *iov, unsigned long nr_segs, unsigned int flags) { struct file *file; long error; int fput; error = -EBADF; file = fget_light(fd, &fput); if (file) { if (file->f_mode & FMODE_WRITE) error = do_vmsplice(file, iov, nr_segs, flags); fput_light(file, fput); } return error; }",linux-2.6,,,200611010232105456164473645666686209011,0 1074,CWE-20,"static int rose_parse_national(unsigned char *p, struct rose_facilities_struct *facilities, int len) { unsigned char *pt; unsigned char l, lg, n = 0; int fac_national_digis_received = 0; do { switch (*p & 0xC0) { case 0x00: p += 2; n += 2; len -= 2; break; case 0x40: if (*p == FAC_NATIONAL_RAND) facilities->rand = ((p[1] << 8) & 0xFF00) + ((p[2] << 0) & 0x00FF); p += 3; n += 3; len -= 3; break; case 0x80: p += 4; n += 4; len -= 4; break; case 0xC0: l = p[1]; if (*p == FAC_NATIONAL_DEST_DIGI) { if (!fac_national_digis_received) { memcpy(&facilities->source_digis[0], p + 2, AX25_ADDR_LEN); facilities->source_ndigis = 1; } } else if (*p == FAC_NATIONAL_SRC_DIGI) { if (!fac_national_digis_received) { memcpy(&facilities->dest_digis[0], p + 2, AX25_ADDR_LEN); facilities->dest_ndigis = 1; } } else if (*p == FAC_NATIONAL_FAIL_CALL) { memcpy(&facilities->fail_call, p + 2, AX25_ADDR_LEN); } else if (*p == FAC_NATIONAL_FAIL_ADD) { memcpy(&facilities->fail_addr, p + 3, ROSE_ADDR_LEN); } else if (*p == FAC_NATIONAL_DIGIS) { fac_national_digis_received = 1; facilities->source_ndigis = 0; facilities->dest_ndigis = 0; for (pt = p + 2, lg = 0 ; lg < l ; pt += AX25_ADDR_LEN, lg += AX25_ADDR_LEN) { if (pt[6] & AX25_HBIT) memcpy(&facilities->dest_digis[facilities->dest_ndigis++], pt, AX25_ADDR_LEN); else memcpy(&facilities->source_digis[facilities->source_ndigis++], pt, AX25_ADDR_LEN); } } p += l + 2; n += l + 2; len -= l + 2; break; } } while (*p != 0x00 && len > 0); return n; }",visit repo url,net/rose/rose_subr.c,https://github.com/torvalds/linux,189329202706966,1 3365,[],"static inline __be16 nla_get_be16(struct nlattr *nla) { return *(__be16 *) nla_data(nla); }",linux-2.6,,,133727983984831840578458634232044764634,0 1637,CWE-416,"int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) { struct ipv6_txoptions opt_space; struct udp_sock *up = udp_sk(sk); struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name); struct in6_addr *daddr, *final_p, final; struct ipv6_txoptions *opt = NULL; struct ip6_flowlabel *flowlabel = NULL; struct flowi6 fl6; struct dst_entry *dst; int addr_len = msg->msg_namelen; int ulen = len; int hlimit = -1; int tclass = -1; int dontfrag = -1; int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; int err; int connected = 0; int is_udplite = IS_UDPLITE(sk); int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); if (sin6) { if (addr_len < offsetof(struct sockaddr, sa_data)) return -EINVAL; switch (sin6->sin6_family) { case AF_INET6: if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; daddr = &sin6->sin6_addr; break; case AF_INET: goto do_udp_sendmsg; case AF_UNSPEC: msg->msg_name = sin6 = NULL; msg->msg_namelen = addr_len = 0; daddr = NULL; break; default: return -EINVAL; } } else if (!up->pending) { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; daddr = &sk->sk_v6_daddr; } else daddr = NULL; if (daddr) { if (ipv6_addr_v4mapped(daddr)) { struct sockaddr_in sin; sin.sin_family = AF_INET; sin.sin_port = sin6 ? sin6->sin6_port : inet->inet_dport; sin.sin_addr.s_addr = daddr->s6_addr32[3]; msg->msg_name = &sin; msg->msg_namelen = sizeof(sin); do_udp_sendmsg: if (__ipv6_only_sock(sk)) return -ENETUNREACH; return udp_sendmsg(sk, msg, len); } } if (up->pending == AF_INET) return udp_sendmsg(sk, msg, len); if (len > INT_MAX - sizeof(struct udphdr)) return -EMSGSIZE; getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; if (up->pending) { lock_sock(sk); if (likely(up->pending)) { if (unlikely(up->pending != AF_INET6)) { release_sock(sk); return -EAFNOSUPPORT; } dst = NULL; goto do_append_data; } release_sock(sk); } ulen += sizeof(struct udphdr); memset(&fl6, 0, sizeof(fl6)); if (sin6) { if (sin6->sin6_port == 0) return -EINVAL; fl6.fl6_dport = sin6->sin6_port; daddr = &sin6->sin6_addr; if (np->sndflow) { fl6.flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK; if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } } if (sk->sk_state == TCP_ESTABLISHED && ipv6_addr_equal(daddr, &sk->sk_v6_daddr)) daddr = &sk->sk_v6_daddr; if (addr_len >= sizeof(struct sockaddr_in6) && sin6->sin6_scope_id && __ipv6_addr_needs_scope_id(__ipv6_addr_type(daddr))) fl6.flowi6_oif = sin6->sin6_scope_id; } else { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; fl6.fl6_dport = inet->inet_dport; daddr = &sk->sk_v6_daddr; fl6.flowlabel = np->flow_label; connected = 1; } if (!fl6.flowi6_oif) fl6.flowi6_oif = sk->sk_bound_dev_if; if (!fl6.flowi6_oif) fl6.flowi6_oif = np->sticky_pktinfo.ipi6_ifindex; fl6.flowi6_mark = sk->sk_mark; if (msg->msg_controllen) { opt = &opt_space; memset(opt, 0, sizeof(struct ipv6_txoptions)); opt->tot_len = sizeof(*opt); err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt, &hlimit, &tclass, &dontfrag); if (err < 0) { fl6_sock_release(flowlabel); return err; } if ((fl6.flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; connected = 0; } if (!opt) opt = np->opt; if (flowlabel) opt = fl6_merge_options(&opt_space, flowlabel, opt); opt = ipv6_fixup_options(&opt_space, opt); fl6.flowi6_proto = sk->sk_protocol; if (!ipv6_addr_any(daddr)) fl6.daddr = *daddr; else fl6.daddr.s6_addr[15] = 0x1; if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr)) fl6.saddr = np->saddr; fl6.fl6_sport = inet->inet_sport; final_p = fl6_update_dst(&fl6, opt, &final); if (final_p) connected = 0; if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) { fl6.flowi6_oif = np->mcast_oif; connected = 0; } else if (!fl6.flowi6_oif) fl6.flowi6_oif = np->ucast_oif; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); dst = ip6_sk_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { err = PTR_ERR(dst); dst = NULL; goto out; } if (hlimit < 0) hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); if (tclass < 0) tclass = np->tclass; if (msg->msg_flags&MSG_CONFIRM) goto do_confirm; back_from_confirm: if (!corkreq) { struct sk_buff *skb; skb = ip6_make_skb(sk, getfrag, msg, ulen, sizeof(struct udphdr), hlimit, tclass, opt, &fl6, (struct rt6_info *)dst, msg->msg_flags, dontfrag); err = PTR_ERR(skb); if (!IS_ERR_OR_NULL(skb)) err = udp_v6_send_skb(skb, &fl6); goto release_dst; } lock_sock(sk); if (unlikely(up->pending)) { release_sock(sk); net_dbg_ratelimited(""udp cork app bug 2\n""); err = -EINVAL; goto out; } up->pending = AF_INET6; do_append_data: if (dontfrag < 0) dontfrag = np->dontfrag; up->len += ulen; err = ip6_append_data(sk, getfrag, msg, ulen, sizeof(struct udphdr), hlimit, tclass, opt, &fl6, (struct rt6_info *)dst, corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags, dontfrag); if (err) udp_v6_flush_pending_frames(sk); else if (!corkreq) err = udp_v6_push_pending_frames(sk); else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) up->pending = 0; if (err > 0) err = np->recverr ? net_xmit_errno(err) : 0; release_sock(sk); release_dst: if (dst) { if (connected) { ip6_dst_store(sk, dst, ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr) ? &sk->sk_v6_daddr : NULL, #ifdef CONFIG_IPV6_SUBTREES ipv6_addr_equal(&fl6.saddr, &np->saddr) ? &np->saddr : #endif NULL); } else { dst_release(dst); } dst = NULL; } out: dst_release(dst); fl6_sock_release(flowlabel); if (!err) return len; if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_SNDBUFERRORS, is_udplite); } return err; do_confirm: dst_confirm(dst); if (!(msg->msg_flags&MSG_PROBE) || len) goto back_from_confirm; err = 0; goto out; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,80813634374848,1 4328,['CWE-119'],"bool _af_ima_adpcm_format_ok (_AudioFormat *f) { if (f->channelCount != 1) { _af_error(AF_BAD_COMPRESSION, ""IMA ADPCM compression requires 1 channel""); return AF_FALSE; } if (f->sampleFormat != AF_SAMPFMT_TWOSCOMP || f->sampleWidth != 16) { _af_error(AF_BAD_COMPRESSION, ""IMA ADPCM compression requires 16-bit signed integer format""); f->sampleFormat = AF_SAMPFMT_TWOSCOMP; f->sampleWidth = 16; } if (f->byteOrder != AF_BYTEORDER_BIGENDIAN) { _af_error(AF_BAD_COMPRESSION, ""IMA ADPCM compression requires big endian format""); f->byteOrder = AF_BYTEORDER_BIGENDIAN; } return AF_TRUE; }",audiofile,,,82291082135467934724947578092924565342,0 2976,CWE-119,"do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, int swap __attribute__((__unused__)), uint32_t namesz, uint32_t descsz, size_t noff, size_t doff, int *flags) { if (namesz == 4 && strcmp((char *)&nbuf[noff], ""GNU"") == 0 && type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) { uint8_t desc[20]; const char *btype; uint32_t i; *flags |= FLAGS_DID_BUILD_ID; switch (descsz) { case 8: btype = ""xxHash""; break; case 16: btype = ""md5/uuid""; break; case 20: btype = ""sha1""; break; default: btype = ""unknown""; break; } if (file_printf(ms, "", BuildID[%s]="", btype) == -1) return 1; (void)memcpy(desc, &nbuf[doff], descsz); for (i = 0; i < descsz; i++) if (file_printf(ms, ""%02x"", desc[i]) == -1) return 1; return 1; } return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,147980320126477,1 1676,[],"static void normalize_task(struct rq *rq, struct task_struct *p) { int on_rq; update_rq_clock(rq); on_rq = p->se.on_rq; if (on_rq) deactivate_task(rq, p, 0); __setscheduler(rq, p, SCHED_NORMAL, 0); if (on_rq) { activate_task(rq, p, 0); resched_task(rq->curr); } }",linux-2.6,,,125002788738913618681587728856057928868,0 1973,['CWE-20'],"int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t prot) { pgd_t *pgd; unsigned long next; unsigned long end = addr + PAGE_ALIGN(size); struct mm_struct *mm = vma->vm_mm; int err; if (is_cow_mapping(vma->vm_flags)) { if (addr != vma->vm_start || end != vma->vm_end) return -EINVAL; vma->vm_pgoff = pfn; } vma->vm_flags |= VM_IO | VM_RESERVED | VM_PFNMAP; BUG_ON(addr >= end); pfn -= addr >> PAGE_SHIFT; pgd = pgd_offset(mm, addr); flush_cache_range(vma, addr, end); do { next = pgd_addr_end(addr, end); err = remap_pud_range(mm, pgd, addr, next, pfn + (addr >> PAGE_SHIFT), prot); if (err) break; } while (pgd++, addr = next, addr != end); return err; }",linux-2.6,,,104501357885003673270619222252693815227,0 6122,CWE-190,"static void ed_mul_sim_plain(ed_t r, const ed_t p, const bn_t k, const ed_t q, const bn_t m, const ed_t *t) { int i, l, l0, l1, n0, n1, w, gen; int8_t naf0[RLC_FP_BITS + 1], naf1[RLC_FP_BITS + 1], *_k, *_m; ed_t t0[1 << (ED_WIDTH - 2)]; ed_t t1[1 << (ED_WIDTH - 2)]; RLC_TRY { gen = (t == NULL ? 0 : 1); if (!gen) { for (i = 0; i < (1 << (ED_WIDTH - 2)); i++) { ed_null(t0[i]); ed_new(t0[i]); } ed_tab(t0, p, ED_WIDTH); t = (const ed_t *)t0; } for (i = 0; i < (1 << (ED_WIDTH - 2)); i++) { ed_null(t1[i]); ed_new(t1[i]); } ed_tab(t1, q, ED_WIDTH); if (gen) { w = ED_DEPTH; } else { w = ED_WIDTH; } l0 = l1 = RLC_FP_BITS + 1; bn_rec_naf(naf0, &l0, k, w); bn_rec_naf(naf1, &l1, m, ED_WIDTH); l = RLC_MAX(l0, l1); if (bn_sign(k) == RLC_NEG) { for (i = 0; i < l0; i++) { naf0[i] = -naf0[i]; } } if (bn_sign(m) == RLC_NEG) { for (i = 0; i < l1; i++) { naf1[i] = -naf1[i]; } } _k = naf0 + l - 1; _m = naf1 + l - 1; ed_set_infty(r); for (i = l - 1; i >= 0; i--, _k--, _m--) { ed_dbl(r, r); n0 = *_k; n1 = *_m; if (n0 > 0) { ed_add(r, r, t[n0 / 2]); } if (n0 < 0) { ed_sub(r, r, t[-n0 / 2]); } if (n1 > 0) { ed_add(r, r, t1[n1 / 2]); } if (n1 < 0) { ed_sub(r, r, t1[-n1 / 2]); } } ed_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { if (!gen) { for (i = 0; i < 1 << (ED_WIDTH - 2); i++) { ed_free(t0[i]); } } for (i = 0; i < 1 << (ED_WIDTH - 2); i++) { ed_free(t1[i]); } } }",visit repo url,src/ed/relic_ed_mul_sim.c,https://github.com/relic-toolkit/relic,106909715577813,1 105,['CWE-787'],"static uint32_t vga_ioport_read(void *opaque, uint32_t addr) { CirrusVGAState *s = opaque; int val, index; if ((addr >= 0x3b0 && addr <= 0x3bf && (s->msr & MSR_COLOR_EMULATION)) || (addr >= 0x3d0 && addr <= 0x3df && !(s->msr & MSR_COLOR_EMULATION))) { val = 0xff; } else { switch (addr) { case 0x3c0: if (s->ar_flip_flop == 0) { val = s->ar_index; } else { val = 0; } break; case 0x3c1: index = s->ar_index & 0x1f; if (index < 21) val = s->ar[index]; else val = 0; break; case 0x3c2: val = s->st00; break; case 0x3c4: val = s->sr_index; break; case 0x3c5: if (cirrus_hook_read_sr(s, s->sr_index, &val)) break; val = s->sr[s->sr_index]; #ifdef DEBUG_VGA_REG printf(""vga: read SR%x = 0x%02x\n"", s->sr_index, val); #endif break; case 0x3c6: cirrus_read_hidden_dac(s, &val); break; case 0x3c7: val = s->dac_state; break; case 0x3c8: val = s->dac_write_index; s->cirrus_hidden_dac_lockindex = 0; break; case 0x3c9: if (cirrus_hook_read_palette(s, &val)) break; val = s->palette[s->dac_read_index * 3 + s->dac_sub_index]; if (++s->dac_sub_index == 3) { s->dac_sub_index = 0; s->dac_read_index++; } break; case 0x3ca: val = s->fcr; break; case 0x3cc: val = s->msr; break; case 0x3ce: val = s->gr_index; break; case 0x3cf: if (cirrus_hook_read_gr(s, s->gr_index, &val)) break; val = s->gr[s->gr_index]; #ifdef DEBUG_VGA_REG printf(""vga: read GR%x = 0x%02x\n"", s->gr_index, val); #endif break; case 0x3b4: case 0x3d4: val = s->cr_index; break; case 0x3b5: case 0x3d5: if (cirrus_hook_read_cr(s, s->cr_index, &val)) break; val = s->cr[s->cr_index]; #ifdef DEBUG_VGA_REG printf(""vga: read CR%x = 0x%02x\n"", s->cr_index, val); #endif break; case 0x3ba: case 0x3da: s->st01 ^= ST01_V_RETRACE | ST01_DISP_ENABLE; val = s->st01; s->ar_flip_flop = 0; break; default: val = 0x00; break; } } #if defined(DEBUG_VGA) printf(""VGA: read addr=0x%04x data=0x%02x\n"", addr, val); #endif return val; }",qemu,,,62046292504297573732763434203508139248,0 1293,[],"reload_frozen_state (const char *name) { FILE *file; int character; int operation; char *string[2]; int allocated[2]; int number[2]; const builtin *bp; #define GET_CHARACTER \ (character = getc (file)) #define GET_NUMBER(Number) \ do \ { \ (Number) = 0; \ while (isdigit (character)) \ { \ (Number) = 10 * (Number) + character - '0'; \ GET_CHARACTER; \ } \ } \ while (0) #define VALIDATE(Expected) \ do \ { \ if (character != (Expected)) \ issue_expect_message ((Expected)); \ } \ while (0) #define GET_DIRECTIVE \ do \ { \ GET_CHARACTER; \ if (character == '#') \ { \ while (character != EOF && character != '\n') \ GET_CHARACTER; \ VALIDATE ('\n'); \ } \ } \ while (character == '\n') file = m4_path_search (name, NULL); if (file == NULL) M4ERROR ((EXIT_FAILURE, errno, ""cannot open %s"", name)); allocated[0] = 100; string[0] = xcharalloc ((size_t) allocated[0]); allocated[1] = 100; string[1] = xcharalloc ((size_t) allocated[1]); GET_DIRECTIVE; VALIDATE ('V'); GET_CHARACTER; GET_NUMBER (number[0]); if (number[0] > 1) M4ERROR ((EXIT_MISMATCH, 0, ""frozen file version %d greater than max supported of 1"", number[0])); else if (number[0] < 1) M4ERROR ((EXIT_FAILURE, 0, ""ill-formed frozen file, version directive expected"")); VALIDATE ('\n'); GET_DIRECTIVE; while (character != EOF) { switch (character) { default: M4ERROR ((EXIT_FAILURE, 0, ""ill-formed frozen file"")); case 'C': case 'D': case 'F': case 'T': case 'Q': operation = character; GET_CHARACTER; if (operation == 'D' && character == '-') { GET_CHARACTER; GET_NUMBER (number[0]); number[0] = -number[0]; } else GET_NUMBER (number[0]); VALIDATE (','); GET_CHARACTER; GET_NUMBER (number[1]); VALIDATE ('\n'); if (operation != 'D') { if (number[0] + 1 > allocated[0]) { free (string[0]); allocated[0] = number[0] + 1; string[0] = xcharalloc ((size_t) allocated[0]); } if (number[0] > 0) if (!fread (string[0], (size_t) number[0], 1, file)) M4ERROR ((EXIT_FAILURE, 0, ""premature end of frozen file"")); string[0][number[0]] = '\0'; } if (number[1] + 1 > allocated[1]) { free (string[1]); allocated[1] = number[1] + 1; string[1] = xcharalloc ((size_t) allocated[1]); } if (number[1] > 0) if (!fread (string[1], (size_t) number[1], 1, file)) M4ERROR ((EXIT_FAILURE, 0, ""premature end of frozen file"")); string[1][number[1]] = '\0'; GET_CHARACTER; VALIDATE ('\n'); switch (operation) { case 'C': set_comment (string[0], string[1]); break; case 'D': make_diversion (number[0]); if (number[1] > 0) output_text (string[1], number[1]); break; case 'F': bp = find_builtin_by_name (string[1]); define_builtin (string[0], bp, SYMBOL_PUSHDEF); break; case 'T': define_user_macro (string[0], string[1], SYMBOL_PUSHDEF); break; case 'Q': set_quotes (string[0], string[1]); break; default: break; } break; } GET_DIRECTIVE; } free (string[0]); free (string[1]); errno = 0; if (ferror (file) || fclose (file) != 0) M4ERROR ((EXIT_FAILURE, errno, ""unable to read frozen state"")); #undef GET_CHARACTER #undef GET_DIRECTIVE #undef GET_NUMBER #undef VALIDATE }",m4,,,152271292503035039069943605657698231987,0 3702,CWE-264,"server_request_direct_streamlocal(void) { Channel *c = NULL; char *target, *originator; u_short originator_port; target = packet_get_string(NULL); originator = packet_get_string(NULL); originator_port = packet_get_int(); packet_check_eom(); debug(""server_request_direct_streamlocal: originator %s port %d, target %s"", originator, originator_port, target); if ((options.allow_streamlocal_forwarding & FORWARD_LOCAL) != 0 && !no_port_forwarding_flag && !options.disable_forwarding) { c = channel_connect_to_path(target, ""direct-streamlocal@openssh.com"", ""direct-streamlocal""); } else { logit(""refused streamlocal port forward: "" ""originator %s port %d, target %s"", originator, originator_port, target); } free(originator); free(target); return c; }",visit repo url,usr.bin/ssh/serverloop.c,https://github.com/openbsd/src,254953353352344,1 1522,[],"static u64 cpuusage_read(struct cgroup *cgrp, struct cftype *cft) { struct cpuacct *ca = cgroup_ca(cgrp); u64 totalcpuusage = 0; int i; for_each_possible_cpu(i) { u64 *cpuusage = percpu_ptr(ca->cpuusage, i); spin_lock_irq(&cpu_rq(i)->lock); totalcpuusage += *cpuusage; spin_unlock_irq(&cpu_rq(i)->lock); } return totalcpuusage; }",linux-2.6,,,206444977673084571617498892721254326586,0 2263,['CWE-120'],"int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) { struct inode *inode = old_dentry->d_inode; int error; if (!inode) return -ENOENT; error = may_create(dir, new_dentry, NULL); if (error) return error; if (dir->i_sb != inode->i_sb) return -EXDEV; if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) return -EPERM; if (!dir->i_op || !dir->i_op->link) return -EPERM; if (S_ISDIR(old_dentry->d_inode->i_mode)) return -EPERM; error = security_inode_link(old_dentry, dir, new_dentry); if (error) return error; mutex_lock(&old_dentry->d_inode->i_mutex); DQUOT_INIT(dir); error = dir->i_op->link(old_dentry, dir, new_dentry); mutex_unlock(&old_dentry->d_inode->i_mutex); if (!error) fsnotify_link(dir, old_dentry->d_inode, new_dentry); return error; }",linux-2.6,,,58210182545915945163500013372353568491,0 4706,CWE-119,"static int msg_cache_check(const char *id, struct BodyCache *bcache, void *data) { struct Context *ctx = (struct Context *) data; if (!ctx) return -1; struct PopData *pop_data = (struct PopData *) ctx->data; if (!pop_data) return -1; #ifdef USE_HCACHE if (strcmp(HC_FNAME ""."" HC_FEXT, id) == 0) return 0; #endif for (int i = 0; i < ctx->msgcount; i++) { if (ctx->hdrs[i]->data && (mutt_str_strcmp(ctx->hdrs[i]->data, id) == 0)) return 0; } return mutt_bcache_del(bcache, id); }",visit repo url,pop.c,https://github.com/neomutt/neomutt,183834456600690,1 2608,[],"static int sctp_getsockopt_context(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_assoc_value params; struct sctp_sock *sp; struct sctp_association *asoc; if (len < sizeof(struct sctp_assoc_value)) return -EINVAL; len = sizeof(struct sctp_assoc_value); if (copy_from_user(¶ms, optval, len)) return -EFAULT; sp = sctp_sk(sk); if (params.assoc_id != 0) { asoc = sctp_id2assoc(sk, params.assoc_id); if (!asoc) return -EINVAL; params.assoc_value = asoc->default_rcv_context; } else { params.assoc_value = sp->default_rcv_context; } if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, ¶ms, len)) return -EFAULT; return 0; }",linux-2.6,,,16647468102753887844057019393578857702,0 3524,CWE-476,"int jpc_tsfb_synthesize(jpc_tsfb_t *tsfb, jas_seq2d_t *a) { return (tsfb->numlvls > 0) ? jpc_tsfb_synthesize2(tsfb, jas_seq2d_getref(a, jas_seq2d_xstart(a), jas_seq2d_ystart(a)), jas_seq2d_xstart(a), jas_seq2d_ystart(a), jas_seq2d_width(a), jas_seq2d_height(a), jas_seq2d_rowstep(a), tsfb->numlvls - 1) : 0; }",visit repo url,src/libjasper/jpc/jpc_tsfb.c,https://github.com/mdadams/jasper,40530317128447,1 126,CWE-824,"static int xemaclite_of_probe(struct platform_device *ofdev) { struct resource *res; struct net_device *ndev = NULL; struct net_local *lp = NULL; struct device *dev = &ofdev->dev; int rc = 0; dev_info(dev, ""Device Tree Probing\n""); ndev = alloc_etherdev(sizeof(struct net_local)); if (!ndev) return -ENOMEM; dev_set_drvdata(dev, ndev); SET_NETDEV_DEV(ndev, &ofdev->dev); lp = netdev_priv(ndev); lp->ndev = ndev; res = platform_get_resource(ofdev, IORESOURCE_IRQ, 0); if (!res) { dev_err(dev, ""no IRQ found\n""); rc = -ENXIO; goto error; } ndev->irq = res->start; res = platform_get_resource(ofdev, IORESOURCE_MEM, 0); lp->base_addr = devm_ioremap_resource(&ofdev->dev, res); if (IS_ERR(lp->base_addr)) { rc = PTR_ERR(lp->base_addr); goto error; } ndev->mem_start = res->start; ndev->mem_end = res->end; spin_lock_init(&lp->reset_lock); lp->next_tx_buf_to_use = 0x0; lp->next_rx_buf_to_use = 0x0; lp->tx_ping_pong = get_bool(ofdev, ""xlnx,tx-ping-pong""); lp->rx_ping_pong = get_bool(ofdev, ""xlnx,rx-ping-pong""); rc = of_get_mac_address(ofdev->dev.of_node, ndev->dev_addr); if (rc) { dev_warn(dev, ""No MAC address found, using random\n""); eth_hw_addr_random(ndev); } xemaclite_writel(0, lp->base_addr + XEL_TSR_OFFSET); xemaclite_writel(0, lp->base_addr + XEL_BUFFER_OFFSET + XEL_TSR_OFFSET); xemaclite_update_address(lp, ndev->dev_addr); lp->phy_node = of_parse_phandle(ofdev->dev.of_node, ""phy-handle"", 0); xemaclite_mdio_setup(lp, &ofdev->dev); dev_info(dev, ""MAC address is now %pM\n"", ndev->dev_addr); ndev->netdev_ops = &xemaclite_netdev_ops; ndev->ethtool_ops = &xemaclite_ethtool_ops; ndev->flags &= ~IFF_MULTICAST; ndev->watchdog_timeo = TX_TIMEOUT; rc = register_netdev(ndev); if (rc) { dev_err(dev, ""Cannot register network device, aborting\n""); goto error; } dev_info(dev, ""Xilinx EmacLite at 0x%08lX mapped to 0x%08lX, irq=%d\n"", (unsigned long __force)ndev->mem_start, (unsigned long __force)lp->base_addr, ndev->irq); return 0; error: free_netdev(ndev); return rc; }",visit repo url,drivers/net/ethernet/xilinx/xilinx_emaclite.c,https://github.com/torvalds/linux,104623733621512,1 3709,[],"static int __init af_unix_init(void) { int rc = -1; struct sk_buff *dummy_skb; BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb)); rc = proto_register(&unix_proto, 1); if (rc != 0) { printk(KERN_CRIT ""%s: Cannot create unix_sock SLAB cache!\n"", __func__); goto out; } sock_register(&unix_family_ops); register_pernet_subsys(&unix_net_ops); out: return rc; }",linux-2.6,,,49563573999804244017793282670070083770,0 4785,[],"int selinux_netlbl_socket_post_create(struct socket *sock) { return selinux_netlbl_sock_setsid(sock->sk); }",linux-2.6,,,47094832749617404588567451840390249249,0 4017,CWE-787,"local block_state deflate_huff(s, flush) deflate_state *s; int flush; { int bflush; for (;;) { if (s->lookahead == 0) { fill_window(s); if (s->lookahead == 0) { if (flush == Z_NO_FLUSH) return need_more; break; } } s->match_length = 0; Tracevv((stderr,""%c"", s->window[s->strstart])); _tr_tally_lit (s, s->window[s->strstart], bflush); s->lookahead--; s->strstart++; if (bflush) FLUSH_BLOCK(s, 0); } s->insert = 0; if (flush == Z_FINISH) { FLUSH_BLOCK(s, 1); return finish_done; } if (s->last_lit) FLUSH_BLOCK(s, 0); return block_done; }",visit repo url,deflate.c,https://github.com/madler/zlib,240926190459669,1 1247,NVD-CWE-noinfo,"static void ifb_setup(struct net_device *dev) { dev->destructor = free_netdev; dev->netdev_ops = &ifb_netdev_ops; ether_setup(dev); dev->tx_queue_len = TX_Q_LIMIT; dev->features |= IFB_FEATURES; dev->vlan_features |= IFB_FEATURES; dev->flags |= IFF_NOARP; dev->flags &= ~IFF_MULTICAST; dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; random_ether_addr(dev->dev_addr); }",visit repo url,drivers/net/ifb.c,https://github.com/torvalds/linux,127352497930585,1 1017,CWE-399,"static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end, void *obuf, size_t olen) { struct ceph_x_encrypt_header head; size_t head_len = sizeof(head); int len, ret; len = ceph_decode_32(p); if (*p + len > end) return -EINVAL; dout(""ceph_x_decrypt len %d\n"", len); ret = ceph_decrypt2(secret, &head, &head_len, obuf, &olen, *p, len); if (ret) return ret; if (head.struct_v != 1 || le64_to_cpu(head.magic) != CEPHX_ENC_MAGIC) return -EPERM; *p += len; return olen; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,236481976604243,1 1250,NVD-CWE-noinfo,"void vlan_setup(struct net_device *dev) { ether_setup(dev); dev->priv_flags |= IFF_802_1Q_VLAN; dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; dev->tx_queue_len = 0; dev->netdev_ops = &vlan_netdev_ops; dev->destructor = free_netdev; dev->ethtool_ops = &vlan_ethtool_ops; memset(dev->broadcast, 0, ETH_ALEN); }",visit repo url,net/8021q/vlan_dev.c,https://github.com/torvalds/linux,76026987429604,1 6398,['CWE-59'],"static int open_cred_file(char * file_name) { char * line_buf; char * temp_val; FILE * fs; int i, length; i = access(file_name, R_OK); if (i) return i; fs = fopen(file_name,""r""); if(fs == NULL) return errno; line_buf = (char *)malloc(4096); if(line_buf == NULL) { fclose(fs); return ENOMEM; } while(fgets(line_buf,4096,fs)) { for(i=0;i<4086;i++) { if((line_buf[i] != ' ') && (line_buf[i] != '\t')) break; } if (strncasecmp(""username"",line_buf+i,8) == 0) { temp_val = strchr(line_buf + i,'='); if(temp_val) { temp_val++; for(length = 0;length<4087;length++) { if ((temp_val[length] == '\n') || (temp_val[length] == '\0')) { temp_val[length] = '\0'; break; } } if(length > 4086) { fprintf(stderr, ""mount.cifs failed due to malformed username in credentials file\n""); memset(line_buf,0,4096); exit(EX_USAGE); } else { got_user = 1; user_name = (char *)calloc(1 + length,1); strlcpy(user_name,temp_val, length+1); } } } else if (strncasecmp(""password"",line_buf+i,8) == 0) { temp_val = strchr(line_buf+i,'='); if(temp_val) { temp_val++; for(length = 0;length MOUNT_PASSWD_SIZE) { fprintf(stderr, ""mount.cifs failed: password in credentials file too long\n""); memset(line_buf,0, 4096); exit(EX_USAGE); } else { if(mountpassword == NULL) { mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1); } else memset(mountpassword,0,MOUNT_PASSWD_SIZE); if(mountpassword) { strlcpy(mountpassword,temp_val,MOUNT_PASSWD_SIZE+1); got_password = 1; } } } } else if (strncasecmp(""domain"",line_buf+i,6) == 0) { temp_val = strchr(line_buf+i,'='); if(temp_val) { temp_val++; if(verboseflag) fprintf(stderr, ""\nDomain %s\n"",temp_val); for(length = 0;length DOMAIN_SIZE) { fprintf(stderr, ""mount.cifs failed: domain in credentials file too long\n""); exit(EX_USAGE); } else { if(domain_name == NULL) { domain_name = (char *)calloc(DOMAIN_SIZE+1,1); } else memset(domain_name,0,DOMAIN_SIZE); if(domain_name) { strlcpy(domain_name,temp_val,DOMAIN_SIZE+1); got_domain = 1; } } } } } fclose(fs); SAFE_FREE(line_buf); return 0; }",samba,,,116538591996981303174529074847530953281,0 3165,CWE-125,"atm_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int length = h->len; uint32_t llchdr; u_int hdrlen = 0; if (caplen < 1 || length < 1) { ND_PRINT((ndo, ""%s"", tstr)); return (caplen); } if (*p == LLC_UI) { if (ndo->ndo_eflag) ND_PRINT((ndo, ""CNLPID "")); isoclns_print(ndo, p + 1, length - 1, caplen - 1); return hdrlen; } if (caplen < 3 || length < 3) { ND_PRINT((ndo, ""%s"", tstr)); return (caplen); } llchdr = EXTRACT_24BITS(p); if (llchdr != LLC_UI_HDR(LLCSAP_SNAP) && llchdr != LLC_UI_HDR(LLCSAP_ISONS) && llchdr != LLC_UI_HDR(LLCSAP_IP)) { if (caplen < 20 || length < 20) { ND_PRINT((ndo, ""%s"", tstr)); return (caplen); } if (ndo->ndo_eflag) ND_PRINT((ndo, ""%08x%08x %08x%08x "", EXTRACT_32BITS(p), EXTRACT_32BITS(p+4), EXTRACT_32BITS(p+8), EXTRACT_32BITS(p+12))); p += 20; length -= 20; caplen -= 20; hdrlen += 20; } hdrlen += atm_llc_print(ndo, p, length, caplen); return (hdrlen); }",visit repo url,print-atm.c,https://github.com/the-tcpdump-group/tcpdump,214407969977609,1 2446,CWE-834,"static int nsv_parse_NSVf_header(AVFormatContext *s) { NSVContext *nsv = s->priv_data; AVIOContext *pb = s->pb; unsigned int av_unused file_size; unsigned int size; int64_t duration; int strings_size; int table_entries; int table_entries_used; nsv->state = NSV_UNSYNC; size = avio_rl32(pb); if (size < 28) return -1; nsv->NSVf_end = size; file_size = (uint32_t)avio_rl32(pb); av_log(s, AV_LOG_TRACE, ""NSV NSVf chunk_size %u\n"", size); av_log(s, AV_LOG_TRACE, ""NSV NSVf file_size %u\n"", file_size); nsv->duration = duration = avio_rl32(pb); av_log(s, AV_LOG_TRACE, ""NSV NSVf duration %""PRId64"" ms\n"", duration); strings_size = avio_rl32(pb); table_entries = avio_rl32(pb); table_entries_used = avio_rl32(pb); av_log(s, AV_LOG_TRACE, ""NSV NSVf info-strings size: %d, table entries: %d, bis %d\n"", strings_size, table_entries, table_entries_used); if (avio_feof(pb)) return -1; av_log(s, AV_LOG_TRACE, ""NSV got header; filepos %""PRId64""\n"", avio_tell(pb)); if (strings_size > 0) { char *strings; char *p, *endp; char *token, *value; char quote; p = strings = av_mallocz((size_t)strings_size + 1); if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) { while (*p == ' ') p++; if (p >= endp-2) break; token = p; p = strchr(p, '='); if (!p || p >= endp-2) break; *p++ = '\0'; quote = *p++; value = p; p = strchr(p, quote); if (!p || p >= endp) break; *p++ = '\0'; av_log(s, AV_LOG_TRACE, ""NSV NSVf INFO: %s='%s'\n"", token, value); av_dict_set(&s->metadata, token, value, 0); } av_free(strings); } if (avio_feof(pb)) return -1; av_log(s, AV_LOG_TRACE, ""NSV got infos; filepos %""PRId64""\n"", avio_tell(pb)); if (table_entries_used > 0) { int i; nsv->index_entries = table_entries_used; if((unsigned)table_entries_used >= UINT_MAX / sizeof(uint32_t)) return -1; nsv->nsvs_file_offset = av_malloc_array((unsigned)table_entries_used, sizeof(uint32_t)); if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) { nsv->nsvs_timestamps = av_malloc_array((unsigned)table_entries_used, sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); } } } av_log(s, AV_LOG_TRACE, ""NSV got index; filepos %""PRId64""\n"", avio_tell(pb)); avio_seek(pb, nsv->base_offset + size, SEEK_SET); if (avio_feof(pb)) return -1; nsv->state = NSV_HAS_READ_NSVF; return 0; }",visit repo url,libavformat/nsvdec.c,https://github.com/FFmpeg/FFmpeg,269555736058955,1 5085,['CWE-20'],"static inline int vm_need_tpr_shadow(struct kvm *kvm) { return ((cpu_has_vmx_tpr_shadow()) && (irqchip_in_kernel(kvm))); }",linux-2.6,,,95030893121819610659170361582470718047,0 5925,['CWE-909'],"void qdisc_watchdog_init(struct qdisc_watchdog *wd, struct Qdisc *qdisc) { hrtimer_init(&wd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_ABS); wd->timer.function = qdisc_watchdog; wd->qdisc = qdisc; }",linux-2.6,,,243776588132603942821046289933297242031,0 709,[],"static int jpc_poc_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_poc_t *poc = &ms->parms.poc; jpc_pocpchg_t *pchg; int pchgno; for (pchgno = 0, pchg = poc->pchgs; pchgno < poc->numpchgs; ++pchgno, ++pchg) { if (jpc_putuint8(out, pchg->rlvlnostart) || ((cstate->numcomps > 256) ? jpc_putuint16(out, pchg->compnostart) : jpc_putuint8(out, pchg->compnostart)) || jpc_putuint16(out, pchg->lyrnoend) || jpc_putuint8(out, pchg->rlvlnoend) || ((cstate->numcomps > 256) ? jpc_putuint16(out, pchg->compnoend) : jpc_putuint8(out, pchg->compnoend)) || jpc_putuint8(out, pchg->prgord)) { return -1; } } return 0; }",jasper,,,32257095163365419942391433787487123470,0 1941,['CWE-20'],"int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP))); BUG_ON((vma->vm_flags & (VM_PFNMAP|VM_MIXEDMAP)) == (VM_PFNMAP|VM_MIXEDMAP)); BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags)); BUG_ON((vma->vm_flags & VM_MIXEDMAP) && pfn_valid(pfn)); if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; return insert_pfn(vma, addr, pfn, vma->vm_page_prot); }",linux-2.6,,,121267150857170039227504368504109682927,0 4132,CWE-119,"static VALUE cState_space_set(VALUE self, VALUE space) { unsigned long len; GET_STATE(self); Check_Type(space, T_STRING); len = RSTRING_LEN(space); if (len == 0) { if (state->space) { ruby_xfree(state->space); state->space = NULL; state->space_len = 0; } } else { if (state->space) ruby_xfree(state->space); state->space = strdup(RSTRING_PTR(space)); state->space_len = len; } return Qnil; }",visit repo url,ext/json/ext/generator/generator.c,https://github.com/flori/json,71714040818279,1 4382,CWE-125,"static void iwjpeg_scan_exif(struct iwjpegrcontext *rctx, const iw_byte *d, size_t d_len) { struct iw_exif_state e; iw_uint32 ifd; if(d_len<8) return; iw_zeromem(&e,sizeof(struct iw_exif_state)); e.d = d; e.d_len = d_len; e.endian = d[0]=='I' ? IW_ENDIAN_LITTLE : IW_ENDIAN_BIG; ifd = iw_get_ui32_e(&d[4],e.endian); iwjpeg_scan_exif_ifd(rctx,&e,ifd); }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,120861542998554,1 2841,CWE-190,"TRIO_PUBLIC_STRING size_t trio_length TRIO_ARGS1((string), TRIO_CONST char* string) { return strlen(string); }",visit repo url,winpr/libwinpr/utils/trio/triostr.c,https://github.com/FreeRDP/FreeRDP,5795792856966,1 1663,[],"static int arch_init_sched_domains(const cpumask_t *cpu_map) { int err; arch_update_cpu_topology(); ndoms_cur = 1; doms_cur = kmalloc(sizeof(cpumask_t), GFP_KERNEL); if (!doms_cur) doms_cur = &fallback_doms; cpus_andnot(*doms_cur, *cpu_map, cpu_isolated_map); dattr_cur = NULL; err = build_sched_domains(doms_cur); register_sched_domain_sysctl(); return err; }",linux-2.6,,,312425495541682362448976408337127435438,0 1973,CWE-908,"static int kvaser_usb_leaf_set_opt_mode(const struct kvaser_usb_net_priv *priv) { struct kvaser_cmd *cmd; int rc; cmd = kmalloc(sizeof(*cmd), GFP_KERNEL); if (!cmd) return -ENOMEM; cmd->id = CMD_SET_CTRL_MODE; cmd->len = CMD_HEADER_LEN + sizeof(struct kvaser_cmd_ctrl_mode); cmd->u.ctrl_mode.tid = 0xff; cmd->u.ctrl_mode.channel = priv->channel; if (priv->can.ctrlmode & CAN_CTRLMODE_LISTENONLY) cmd->u.ctrl_mode.ctrl_mode = KVASER_CTRL_MODE_SILENT; else cmd->u.ctrl_mode.ctrl_mode = KVASER_CTRL_MODE_NORMAL; rc = kvaser_usb_send_cmd(priv->dev, cmd, cmd->len); kfree(cmd); return rc; }",visit repo url,drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c,https://github.com/torvalds/linux,269170646876683,1 806,['CWE-16'],"static int esp_input_done2(struct sk_buff *skb, int err) { struct xfrm_state *x = xfrm_input_state(skb); struct esp_data *esp = x->data; struct crypto_aead *aead = esp->aead; int alen = crypto_aead_authsize(aead); int hlen = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); int elen = skb->len - hlen; int hdr_len = skb_network_header_len(skb); int padlen; u8 nexthdr[2]; kfree(ESP_SKB_CB(skb)->tmp); if (unlikely(err)) goto out; if (skb_copy_bits(skb, skb->len - alen - 2, nexthdr, 2)) BUG(); err = -EINVAL; padlen = nexthdr[0]; if (padlen + 2 + alen >= elen) { LIMIT_NETDEBUG(KERN_WARNING ""ipsec esp packet is garbage "" ""padlen=%d, elen=%d\n"", padlen + 2, elen - alen); goto out; } pskb_trim(skb, skb->len - alen - padlen - 2); __skb_pull(skb, hlen); skb_set_transport_header(skb, -hdr_len); err = nexthdr[1]; if (err == IPPROTO_NONE) err = -EINVAL; out: return err; }",linux-2.6,,,72843089725076234232239125197093535831,0 4749,CWE-119,"static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* serial) { cac_private_data_t * priv = CAC_DATA(card); SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->serialnr.len) { *serial = card->serialnr; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } if (priv->cac_id_len) { serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR); memcpy(serial->value, priv->cac_id, priv->cac_id_len); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); }",visit repo url,src/libopensc/card-cac.c,https://github.com/OpenSC/OpenSC,194185458772061,1 4704,CWE-119,"static int pop_fetch_message(struct Context *ctx, struct Message *msg, int msgno) { void *uidl = NULL; char buf[LONG_STRING]; char path[PATH_MAX]; struct Progress progressbar; struct PopData *pop_data = (struct PopData *) ctx->data; struct PopCache *cache = NULL; struct Header *h = ctx->hdrs[msgno]; unsigned short bcache = 1; msg->fp = mutt_bcache_get(pop_data->bcache, h->data); if (msg->fp) return 0; cache = &pop_data->cache[h->index % POP_CACHE_LEN]; if (cache->path) { if (cache->index == h->index) { msg->fp = fopen(cache->path, ""r""); if (msg->fp) return 0; mutt_perror(cache->path); return -1; } else { unlink(cache->path); FREE(&cache->path); } } while (true) { if (pop_reconnect(ctx) < 0) return -1; if (h->refno < 0) { mutt_error( _(""The message index is incorrect. Try reopening the mailbox."")); return -1; } mutt_progress_init(&progressbar, _(""Fetching message...""), MUTT_PROGRESS_SIZE, NetInc, h->content->length + h->content->offset - 1); msg->fp = mutt_bcache_put(pop_data->bcache, h->data); if (!msg->fp) { bcache = 0; mutt_mktemp(path, sizeof(path)); msg->fp = mutt_file_fopen(path, ""w+""); if (!msg->fp) { mutt_perror(path); return -1; } } snprintf(buf, sizeof(buf), ""RETR %d\r\n"", h->refno); const int ret = pop_fetch_data(pop_data, buf, &progressbar, fetch_message, msg->fp); if (ret == 0) break; mutt_file_fclose(&msg->fp); if (!bcache) unlink(path); if (ret == -2) { mutt_error(""%s"", pop_data->err_msg); return -1; } if (ret == -3) { mutt_error(_(""Can't write message to temporary file!"")); return -1; } } if (bcache) mutt_bcache_commit(pop_data->bcache, h->data); else { cache->index = h->index; cache->path = mutt_str_strdup(path); } rewind(msg->fp); uidl = h->data; if (ctx->subj_hash && h->env->real_subj) mutt_hash_delete(ctx->subj_hash, h->env->real_subj, h); mutt_label_hash_remove(ctx, h); mutt_env_free(&h->env); h->env = mutt_rfc822_read_header(msg->fp, h, 0, 0); if (ctx->subj_hash && h->env->real_subj) mutt_hash_insert(ctx->subj_hash, h->env->real_subj, h); mutt_label_hash_add(ctx, h); h->data = uidl; h->lines = 0; fgets(buf, sizeof(buf), msg->fp); while (!feof(msg->fp)) { ctx->hdrs[msgno]->lines++; fgets(buf, sizeof(buf), msg->fp); } h->content->length = ftello(msg->fp) - h->content->offset; if (!WithCrypto) h->security = crypt_query(h->content); mutt_clear_error(); rewind(msg->fp); return 0; }",visit repo url,pop.c,https://github.com/neomutt/neomutt,123289171942740,1 4145,['CWE-399'],"int avahi_server_is_record_local(AvahiServer *s, AvahiIfIndex interface, AvahiProtocol protocol, AvahiRecord *record) { AvahiEntry *e; assert(s); assert(record); for (e = avahi_hashmap_lookup(s->entries_by_key, record->key); e; e = e->by_key_next) if ((e->interface == interface || e->interface <= 0 || interface <= 0) && (e->protocol == protocol || e->protocol == AVAHI_PROTO_UNSPEC || protocol == AVAHI_PROTO_UNSPEC) && (!e->group || e->group->state == AVAHI_ENTRY_GROUP_ESTABLISHED || e->group->state == AVAHI_ENTRY_GROUP_REGISTERING) && avahi_record_equal_no_ttl(record, e->record)) return 1; return 0; }",avahi,,,251692336274807159330384152158967522903,0 5883,CWE-120,"static void parse_version(pj_scanner *scanner, volatile parse_context *ctx) { ctx->last_error = PJMEDIA_SDP_EINVER; if (*(scanner->curptr+1) != '=') { on_scanner_error(scanner); return; } if (*(scanner->curptr+2) != '0') { on_scanner_error(scanner); return; } pj_scan_skip_line(scanner); }",visit repo url,pjmedia/src/pjmedia/sdp.c,https://github.com/pjsip/pjproject,135775393342441,1 5214,['CWE-20'],"static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { unsigned long exit_qualification; unsigned long val; int dr, reg; dr = vmcs_readl(GUEST_DR7); if (dr & DR7_GD) { if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) { kvm_run->debug.arch.dr6 = vcpu->arch.dr6; kvm_run->debug.arch.dr7 = dr; kvm_run->debug.arch.pc = vmcs_readl(GUEST_CS_BASE) + vmcs_readl(GUEST_RIP); kvm_run->debug.arch.exception = DB_VECTOR; kvm_run->exit_reason = KVM_EXIT_DEBUG; return 0; } else { vcpu->arch.dr7 &= ~DR7_GD; vcpu->arch.dr6 |= DR6_BD; vmcs_writel(GUEST_DR7, vcpu->arch.dr7); kvm_queue_exception(vcpu, DB_VECTOR); return 1; } } exit_qualification = vmcs_readl(EXIT_QUALIFICATION); dr = exit_qualification & DEBUG_REG_ACCESS_NUM; reg = DEBUG_REG_ACCESS_REG(exit_qualification); if (exit_qualification & TYPE_MOV_FROM_DR) { switch (dr) { case 0 ... 3: val = vcpu->arch.db[dr]; break; case 6: val = vcpu->arch.dr6; break; case 7: val = vcpu->arch.dr7; break; default: val = 0; } kvm_register_write(vcpu, reg, val); KVMTRACE_2D(DR_READ, vcpu, (u32)dr, (u32)val, handler); } else { val = vcpu->arch.regs[reg]; switch (dr) { case 0 ... 3: vcpu->arch.db[dr] = val; if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)) vcpu->arch.eff_db[dr] = val; break; case 4 ... 5: if (vcpu->arch.cr4 & X86_CR4_DE) kvm_queue_exception(vcpu, UD_VECTOR); break; case 6: if (val & 0xffffffff00000000ULL) { kvm_queue_exception(vcpu, GP_VECTOR); break; } vcpu->arch.dr6 = (val & DR6_VOLATILE) | DR6_FIXED_1; break; case 7: if (val & 0xffffffff00000000ULL) { kvm_queue_exception(vcpu, GP_VECTOR); break; } vcpu->arch.dr7 = (val & DR7_VOLATILE) | DR7_FIXED_1; if (!(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)) { vmcs_writel(GUEST_DR7, vcpu->arch.dr7); vcpu->arch.switch_db_regs = (val & DR7_BP_EN_MASK); } break; } KVMTRACE_2D(DR_WRITE, vcpu, (u32)dr, (u32)val, handler); } skip_emulated_instruction(vcpu); return 1; }",linux-2.6,,,279135175023136270703637436202578193413,0 283,[],"static int __fat_readdir(struct inode *inode, struct file *filp, void *dirent, filldir_t filldir, int short_only, int both) { struct super_block *sb = inode->i_sb; struct msdos_sb_info *sbi = MSDOS_SB(sb); struct buffer_head *bh; struct msdos_dir_entry *de; struct nls_table *nls_io = sbi->nls_io; struct nls_table *nls_disk = sbi->nls_disk; unsigned char long_slots; const char *fill_name; int fill_len; wchar_t bufuname[14]; wchar_t *unicode = NULL; unsigned char c, work[8], bufname[56], *ptname = bufname; unsigned long lpos, dummy, *furrfu = &lpos; int uni_xlate = sbi->options.unicode_xlate; int isvfat = sbi->options.isvfat; int utf8 = sbi->options.utf8; int nocase = sbi->options.nocase; unsigned short opt_shortname = sbi->options.shortname; unsigned long inum; int chi, chl, i, i2, j, last, last_u, dotoffset = 0; loff_t cpos; int ret = 0; lock_kernel(); cpos = filp->f_pos; if (inode->i_ino == MSDOS_ROOT_INO) { while (cpos < 2) { if (filldir(dirent, "".."", cpos+1, cpos, MSDOS_ROOT_INO, DT_DIR) < 0) goto out; cpos++; filp->f_pos++; } if (cpos == 2) { dummy = 2; furrfu = &dummy; cpos = 0; } } if (cpos & (sizeof(struct msdos_dir_entry)-1)) { ret = -ENOENT; goto out; } bh = NULL; GetNew: if (fat_get_entry(inode, &cpos, &bh, &de) == -1) goto EODir; parse_record: long_slots = 0; if (isvfat) { if (de->name[0] == DELETED_FLAG) goto RecEnd; if (de->attr != ATTR_EXT && (de->attr & ATTR_VOLUME)) goto RecEnd; if (de->attr != ATTR_EXT && IS_FREE(de->name)) goto RecEnd; } else { if ((de->attr & ATTR_VOLUME) || IS_FREE(de->name)) goto RecEnd; } if (isvfat && de->attr == ATTR_EXT) { int status = fat_parse_long(inode, &cpos, &bh, &de, &unicode, &long_slots); if (status < 0) { filp->f_pos = cpos; ret = status; goto out; } else if (status == PARSE_INVALID) goto RecEnd; else if (status == PARSE_NOT_LONGNAME) goto parse_record; else if (status == PARSE_EOF) goto EODir; } if (sbi->options.dotsOK) { ptname = bufname; dotoffset = 0; if (de->attr & ATTR_HIDDEN) { *ptname++ = '.'; dotoffset = 1; } } memcpy(work, de->name, sizeof(de->name)); if (work[0] == 0x05) work[0] = 0xE5; for (i = 0, j = 0, last = 0, last_u = 0; i < 8;) { if (!(c = work[i])) break; chl = fat_shortname2uni(nls_disk, &work[i], 8 - i, &bufuname[j++], opt_shortname, de->lcase & CASE_LOWER_BASE); if (chl <= 1) { ptname[i++] = (!nocase && c>='A' && c<='Z') ? c+32 : c; if (c != ' ') { last = i; last_u = j; } } else { last_u = j; for (chi = 0; chi < chl && i < 8; chi++) { ptname[i] = work[i]; i++; last = i; } } } i = last; j = last_u; fat_short2uni(nls_disk, ""."", 1, &bufuname[j++]); ptname[i++] = '.'; for (i2 = 0; i2 < 3;) { if (!(c = de->ext[i2])) break; chl = fat_shortname2uni(nls_disk, &de->ext[i2], 3 - i2, &bufuname[j++], opt_shortname, de->lcase & CASE_LOWER_EXT); if (chl <= 1) { i2++; ptname[i++] = (!nocase && c>='A' && c<='Z') ? c+32 : c; if (c != ' ') { last = i; last_u = j; } } else { last_u = j; for (chi = 0; chi < chl && i2 < 3; chi++) { ptname[i++] = de->ext[i2++]; last = i; } } } if (!last) goto RecEnd; i = last + dotoffset; j = last_u; lpos = cpos - (long_slots+1)*sizeof(struct msdos_dir_entry); if (!memcmp(de->name, MSDOS_DOT, MSDOS_NAME)) inum = inode->i_ino; else if (!memcmp(de->name, MSDOS_DOTDOT, MSDOS_NAME)) { inum = parent_ino(filp->f_dentry); } else { loff_t i_pos = fat_make_i_pos(sb, bh, de); struct inode *tmp = fat_iget(sb, i_pos); if (tmp) { inum = tmp->i_ino; iput(tmp); } else inum = iunique(sb, MSDOS_ROOT_INO); } if (isvfat) { bufuname[j] = 0x0000; i = utf8 ? utf8_wcstombs(bufname, bufuname, sizeof(bufname)) : uni16_to_x8(bufname, bufuname, uni_xlate, nls_io); } fill_name = bufname; fill_len = i; if (!short_only && long_slots) { void *longname = unicode + 261; int buf_size = PAGE_SIZE - (261 * sizeof(unicode[0])); int long_len = utf8 ? utf8_wcstombs(longname, unicode, buf_size) : uni16_to_x8(longname, unicode, uni_xlate, nls_io); if (!both) { fill_name = longname; fill_len = long_len; } else { struct fat_ioctl_filldir_callback *p = dirent; p->longname = longname; p->long_len = long_len; p->shortname = bufname; p->short_len = i; fill_name = NULL; fill_len = 0; } } if (filldir(dirent, fill_name, fill_len, *furrfu, inum, (de->attr & ATTR_DIR) ? DT_DIR : DT_REG) < 0) goto FillFailed; RecEnd: furrfu = &lpos; filp->f_pos = cpos; goto GetNew; EODir: filp->f_pos = cpos; FillFailed: brelse(bh); if (unicode) free_page((unsigned long)unicode); out: unlock_kernel(); return ret; }",linux-2.6,,,93722495409293431712776765151350085938,0 2879,CWE-787,"loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned char **read_ptr) { uint32 i; float xres = 0.0, yres = 0.0; uint16 nstrips = 0, ntiles = 0, planar = 0; uint16 bps = 0, spp = 0, res_unit = 0; uint16 orientation = 0; uint16 input_compression = 0, input_photometric = 0; uint16 subsampling_horiz, subsampling_vert; uint32 width = 0, length = 0; uint32 stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; uint32 tw = 0, tl = 0; uint32 tile_rowsize = 0; unsigned char *read_buff = NULL; unsigned char *new_buff = NULL; int readunit = 0; static uint32 prev_readsize = 0; TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); TIFFGetFieldDefaulted(in, TIFFTAG_ORIENTATION, &orientation); if (! TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric)) TIFFError(""loadImage"",""Image lacks Photometric interpreation tag""); if (! TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width)) TIFFError(""loadimage"",""Image lacks image width tag""); if(! TIFFGetField(in, TIFFTAG_IMAGELENGTH, &length)) TIFFError(""loadimage"",""Image lacks image length tag""); TIFFGetFieldDefaulted(in, TIFFTAG_XRESOLUTION, &xres); TIFFGetFieldDefaulted(in, TIFFTAG_YRESOLUTION, &yres); if (!TIFFGetFieldDefaulted(in, TIFFTAG_RESOLUTIONUNIT, &res_unit)) res_unit = RESUNIT_INCH; if (!TIFFGetField(in, TIFFTAG_COMPRESSION, &input_compression)) input_compression = COMPRESSION_NONE; #ifdef DEBUG2 char compressionid[16]; switch (input_compression) { case COMPRESSION_NONE: strcpy (compressionid, ""None/dump""); break; case COMPRESSION_CCITTRLE: strcpy (compressionid, ""Huffman RLE""); break; case COMPRESSION_CCITTFAX3: strcpy (compressionid, ""Group3 Fax""); break; case COMPRESSION_CCITTFAX4: strcpy (compressionid, ""Group4 Fax""); break; case COMPRESSION_LZW: strcpy (compressionid, ""LZW""); break; case COMPRESSION_OJPEG: strcpy (compressionid, ""Old Jpeg""); break; case COMPRESSION_JPEG: strcpy (compressionid, ""New Jpeg""); break; case COMPRESSION_NEXT: strcpy (compressionid, ""Next RLE""); break; case COMPRESSION_CCITTRLEW: strcpy (compressionid, ""CITTRLEW""); break; case COMPRESSION_PACKBITS: strcpy (compressionid, ""Mac Packbits""); break; case COMPRESSION_THUNDERSCAN: strcpy (compressionid, ""Thunderscan""); break; case COMPRESSION_IT8CTPAD: strcpy (compressionid, ""IT8 padded""); break; case COMPRESSION_IT8LW: strcpy (compressionid, ""IT8 RLE""); break; case COMPRESSION_IT8MP: strcpy (compressionid, ""IT8 mono""); break; case COMPRESSION_IT8BL: strcpy (compressionid, ""IT8 lineart""); break; case COMPRESSION_PIXARFILM: strcpy (compressionid, ""Pixar 10 bit""); break; case COMPRESSION_PIXARLOG: strcpy (compressionid, ""Pixar 11bit""); break; case COMPRESSION_DEFLATE: strcpy (compressionid, ""Deflate""); break; case COMPRESSION_ADOBE_DEFLATE: strcpy (compressionid, ""Adobe deflate""); break; default: strcpy (compressionid, ""None/unknown""); break; } TIFFError(""loadImage"", ""Input compression %s"", compressionid); #endif scanlinesize = TIFFScanlineSize(in); image->bps = bps; image->spp = spp; image->planar = planar; image->width = width; image->length = length; image->xres = xres; image->yres = yres; image->res_unit = res_unit; image->compression = input_compression; image->photometric = input_photometric; #ifdef DEBUG2 char photometricid[12]; switch (input_photometric) { case PHOTOMETRIC_MINISWHITE: strcpy (photometricid, ""MinIsWhite""); break; case PHOTOMETRIC_MINISBLACK: strcpy (photometricid, ""MinIsBlack""); break; case PHOTOMETRIC_RGB: strcpy (photometricid, ""RGB""); break; case PHOTOMETRIC_PALETTE: strcpy (photometricid, ""Palette""); break; case PHOTOMETRIC_MASK: strcpy (photometricid, ""Mask""); break; case PHOTOMETRIC_SEPARATED: strcpy (photometricid, ""Separated""); break; case PHOTOMETRIC_YCBCR: strcpy (photometricid, ""YCBCR""); break; case PHOTOMETRIC_CIELAB: strcpy (photometricid, ""CIELab""); break; case PHOTOMETRIC_ICCLAB: strcpy (photometricid, ""ICCLab""); break; case PHOTOMETRIC_ITULAB: strcpy (photometricid, ""ITULab""); break; case PHOTOMETRIC_LOGL: strcpy (photometricid, ""LogL""); break; case PHOTOMETRIC_LOGLUV: strcpy (photometricid, ""LOGLuv""); break; default: strcpy (photometricid, ""Unknown""); break; } TIFFError(""loadImage"", ""Input photometric interpretation %s"", photometricid); #endif image->orientation = orientation; switch (orientation) { case 0: case ORIENTATION_TOPLEFT: image->adjustments = 0; break; case ORIENTATION_TOPRIGHT: image->adjustments = MIRROR_HORIZ; break; case ORIENTATION_BOTRIGHT: image->adjustments = ROTATECW_180; break; case ORIENTATION_BOTLEFT: image->adjustments = MIRROR_VERT; break; case ORIENTATION_LEFTTOP: image->adjustments = MIRROR_VERT | ROTATECW_90; break; case ORIENTATION_RIGHTTOP: image->adjustments = ROTATECW_90; break; case ORIENTATION_RIGHTBOT: image->adjustments = MIRROR_VERT | ROTATECW_270; break; case ORIENTATION_LEFTBOT: image->adjustments = ROTATECW_270; break; default: image->adjustments = 0; image->orientation = ORIENTATION_TOPLEFT; } if ((bps == 0) || (spp == 0)) { TIFFError(""loadImage"", ""Invalid samples per pixel (%d) or bits per sample (%d)"", spp, bps); return (-1); } if (TIFFIsTiled(in)) { readunit = TILE; tlsize = TIFFTileSize(in); ntiles = TIFFNumberOfTiles(in); TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); tile_rowsize = TIFFTileRowSize(in); if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) { TIFFError(""loadImage"", ""File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.""); exit(-1); } buffsize = tlsize * ntiles; if (tlsize != (buffsize / ntiles)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) { buffsize = ntiles * tl * tile_rowsize; if (ntiles != (buffsize / tl / tile_rowsize)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } #ifdef DEBUG2 TIFFError(""loadImage"", ""Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu"", tlsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Tilesize: %u, Number of Tiles: %u, Tile row size: %u"", tlsize, ntiles, tile_rowsize); } else { uint32 buffsize_check; readunit = STRIP; TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); stsize = TIFFStripSize(in); nstrips = TIFFNumberOfStrips(in); if (nstrips == 0 || stsize == 0) { TIFFError(""loadImage"", ""File appears to be striped, but the number of stipes or stripe size is zero.""); exit(-1); } buffsize = stsize * nstrips; if (stsize != (buffsize / nstrips)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } buffsize_check = ((length * width * spp * bps) + 7); if (length != ((buffsize_check - 7) / width / spp / bps)) { TIFFError(""loadImage"", ""Integer overflow detected.""); exit(-1); } if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) { buffsize = ((length * width * spp * bps) + 7) / 8; #ifdef DEBUG2 TIFFError(""loadImage"", ""Stripsize %u is too small, using imagelength * width * spp * bps / 8 = %lu"", stsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Stripsize: %u, Number of Strips: %u, Rows per Strip: %u, Scanline size: %u"", stsize, nstrips, rowsperstrip, scanlinesize); } if (input_compression == COMPRESSION_JPEG) { jpegcolormode = JPEGCOLORMODE_RGB; TIFFSetField(in, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { if (input_photometric == PHOTOMETRIC_YCBCR) { TIFFGetFieldDefaulted(in, TIFFTAG_YCBCRSUBSAMPLING, &subsampling_horiz, &subsampling_vert); if (subsampling_horiz != 1 || subsampling_vert != 1) { TIFFError(""loadImage"", ""Can't copy/convert subsampled image with subsampling %d horiz %d vert"", subsampling_horiz, subsampling_vert); return (-1); } } } read_buff = *read_ptr; if (!read_buff) read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); else { if (prev_readsize < buffsize) { new_buff = _TIFFrealloc(read_buff, buffsize+3); if (!new_buff) { free (read_buff); read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); } else read_buff = new_buff; } } if (!read_buff) { TIFFError(""loadImage"", ""Unable to allocate/reallocate read buffer""); return (-1); } read_buff[buffsize] = 0; read_buff[buffsize+1] = 0; read_buff[buffsize+2] = 0; prev_readsize = buffsize; *read_ptr = read_buff; switch (readunit) { case STRIP: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigStripsIntoBuffer(in, read_buff))) { TIFFError(""loadImage"", ""Unable to read contiguous strips into buffer""); return (-1); } } else { if (!(readSeparateStripsIntoBuffer(in, read_buff, length, width, spp, dump))) { TIFFError(""loadImage"", ""Unable to read separate strips into buffer""); return (-1); } } break; case TILE: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read contiguous tiles into buffer""); return (-1); } } else { if (!(readSeparateTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read separate tiles into buffer""); return (-1); } } break; default: TIFFError(""loadImage"", ""Unsupported image file format""); return (-1); break; } if ((dump->infile != NULL) && (dump->level == 2)) { dump_info (dump->infile, dump->format, ""loadImage"", ""Image width %d, length %d, Raw image data, %4d bytes"", width, length, buffsize); dump_info (dump->infile, dump->format, """", ""Bits per sample %d, Samples per pixel %d"", bps, spp); for (i = 0; i < length; i++) dump_buffer(dump->infile, dump->format, 1, scanlinesize, i, read_buff + (i * scanlinesize)); } return (0); } ",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,240254658313187,1 3280,['CWE-189'],"static void jpc_dec_cp_destroy(jpc_dec_cp_t *cp) { if (cp->ccps) { jas_free(cp->ccps); } if (cp->pchglist) { jpc_pchglist_destroy(cp->pchglist); } jas_free(cp); }",jasper,,,150333375343524315514964962554972720873,0 1543,CWE-399,"int udpv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct inet_sock *inet = inet_sk(sk); struct sk_buff *skb; unsigned int ulen, copied; int peeked, off = 0; int err; int is_udplite = IS_UDPLITE(sk); int is_udp4; bool slow; if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len, addr_len); if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len, addr_len); try_again: skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), &peeked, &off, &err); if (!skb) goto out; ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) copied = ulen; else if (copied < ulen) msg->msg_flags |= MSG_TRUNC; is_udp4 = (skb->protocol == htons(ETH_P_IP)); if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { if (udp_lib_checksum_complete(skb)) goto csum_copy_err; } if (skb_csum_unnecessary(skb)) err = skb_copy_datagram_msg(skb, sizeof(struct udphdr), msg, copied); else { err = skb_copy_and_csum_datagram_msg(skb, sizeof(struct udphdr), msg); if (err == -EINVAL) goto csum_copy_err; } if (unlikely(err)) { trace_kfree_skb(skb, udpv6_recvmsg); if (!peeked) { atomic_inc(&sk->sk_drops); if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } goto out_free; } if (!peeked) { if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); } sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) { DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name); sin6->sin6_family = AF_INET6; sin6->sin6_port = udp_hdr(skb)->source; sin6->sin6_flowinfo = 0; if (is_udp4) { ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &sin6->sin6_addr); sin6->sin6_scope_id = 0; } else { sin6->sin6_addr = ipv6_hdr(skb)->saddr; sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, inet6_iif(skb)); } *addr_len = sizeof(*sin6); } if (np->rxopt.all) ip6_datagram_recv_common_ctl(sk, msg, skb); if (is_udp4) { if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); } else { if (np->rxopt.all) ip6_datagram_recv_specific_ctl(sk, msg, skb); } err = copied; if (flags & MSG_TRUNC) err = ulen; out_free: skb_free_datagram_locked(sk, skb); out: return err; csum_copy_err: slow = lock_sock_fast(sk); if (!skb_kill_datagram(sk, skb, flags)) { if (is_udp4) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } else { UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } } unlock_sock_fast(sk, slow); if (noblock) return -EAGAIN; msg->msg_flags &= ~MSG_TRUNC; goto try_again; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,154413193433852,1 79,CWE-772,"setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_SETKEY, arg->princ, NULL)) { ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ, arg->keepold, arg->n_ks_tuple, arg->ks_tuple, arg->keyblocks, arg->n_keys); } else { log_unauth(""kadm5_setkey_principal"", prime_arg, &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_SETKEY; } if(ret.code != KADM5_AUTH_SETKEY) { if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_setkey_principal"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,218322855499181,1 1790,[],"static int cpuacct_populate(struct cgroup_subsys *ss, struct cgroup *cgrp) { return cgroup_add_files(cgrp, ss, files, ARRAY_SIZE(files)); }",linux-2.6,,,181036118002174284816911838228457977097,0 6121,['CWE-200'],"static int rsvp_init(struct tcf_proto *tp) { struct rsvp_head *data; data = kmalloc(sizeof(struct rsvp_head), GFP_KERNEL); if (data) { memset(data, 0, sizeof(struct rsvp_head)); tp->root = data; return 0; } return -ENOBUFS; }",linux-2.6,,,156500036253551640516234479006518517225,0 4386,CWE-125,"static void iwjpeg_scan_exif(struct iwjpegrcontext *rctx, const iw_byte *d, size_t d_len) { struct iw_exif_state e; iw_uint32 ifd; if(d_len<8) return; iw_zeromem(&e,sizeof(struct iw_exif_state)); e.d = d; e.d_len = d_len; e.endian = d[0]=='I' ? IW_ENDIAN_LITTLE : IW_ENDIAN_BIG; ifd = iw_get_ui32_e(&d[4],e.endian); iwjpeg_scan_exif_ifd(rctx,&e,ifd); }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,120861542998554,1 4488,['CWE-264'],"static int skfp_ctl_set_mac_address(struct net_device *dev, void *addr) { struct s_smc *smc = netdev_priv(dev); struct sockaddr *p_sockaddr = (struct sockaddr *) addr; skfddi_priv *bp = &smc->os; unsigned long Flags; memcpy(dev->dev_addr, p_sockaddr->sa_data, FDDI_K_ALEN); spin_lock_irqsave(&bp->DriverLock, Flags); ResetAdapter(smc); spin_unlock_irqrestore(&bp->DriverLock, Flags); return (0); } ",linux-2.6,,,88481114248709059570471947655724178403,0 987,['CWE-94'],"asmlinkage long sys_tee(int fdin, int fdout, size_t len, unsigned int flags) { struct file *in; int error, fput_in; if (unlikely(!len)) return 0; error = -EBADF; in = fget_light(fdin, &fput_in); if (in) { if (in->f_mode & FMODE_READ) { int fput_out; struct file *out = fget_light(fdout, &fput_out); if (out) { if (out->f_mode & FMODE_WRITE) error = do_tee(in, out, len, flags); fput_light(out, fput_out); } } fput_light(in, fput_in); } return error; }",linux-2.6,,,219533414637333212211062836413259885495,0 3007,CWE-22,"wiki_handle_http_request(HttpRequest *req) { HttpResponse *res = http_response_new(req); char *page = http_request_get_path_info(req); char *command = http_request_get_query_string(req); char *wikitext = """"; util_dehttpize(page); if (!strcmp(page, ""/"")) { if (access(""WikiHome"", R_OK) != 0) wiki_redirect(res, ""/WikiHome?create""); page = ""/WikiHome""; } if (!strcmp(page, ""/styles.css"")) { http_response_set_content_type(res, ""text/css""); http_response_printf(res, ""%s"", CssData); http_response_send(res); exit(0); } if (!strcmp(page, ""/favicon.ico"")) { http_response_set_content_type(res, ""image/ico""); http_response_set_data(res, FaviconData, FaviconDataLen); http_response_send(res); exit(0); } page = page + 1; if (!strncmp(page, ""api/"", 4)) { char *p; page += 4; for (p=page; *p != '\0'; p++) if (*p=='?') { *p ='\0'; break; } wiki_handle_rest_call(req, res, page); exit(0); } if (strchr(page, '/')) { http_response_set_status(res, 404, ""Not Found""); http_response_printf(res, ""404 Not Found\n""); http_response_send(res); exit(0); } if (!strcmp(page, ""Changes"")) { wiki_show_changes_page(res); } else if (!strcmp(page, ""ChangesRss"")) { wiki_show_changes_page_rss(res); } else if (!strcmp(page, ""Search"")) { wiki_show_search_results_page(res, http_request_param_get(req, ""expr"")); } else if (!strcmp(page, ""Create"")) { if ( (wikitext = http_request_param_get(req, ""title"")) != NULL) { wiki_redirect(res, http_request_param_get(req, ""title"")); } else { wiki_show_create_page(res); } } else { if ( (wikitext = http_request_param_get(req, ""wikitext"")) != NULL) { file_write(page, wikitext); } if (access(page, R_OK) == 0) { wikitext = file_read(page); if (!strcmp(command, ""edit"")) { wiki_show_edit_page(res, wikitext, page); } else { wiki_show_page(res, wikitext, page); } } else { if (!strcmp(command, ""create"")) { wiki_show_edit_page(res, NULL, page); } else { char buf[1024]; snprintf(buf, 1024, ""%s?create"", page); wiki_redirect(res, buf); } } } }",visit repo url,src/wiki.c,https://github.com/yarolig/didiwiki,265301324222513,1 3010,CWE-125,"int read_header_tga(gdIOCtx *ctx, oTga *tga) { unsigned char header[18]; if (gdGetBuf(header, sizeof(header), ctx) < 18) { gd_error(""fail to read header""); return -1; } tga->identsize = header[0]; tga->colormaptype = header[1]; tga->imagetype = header[2]; tga->colormapstart = header[3] + (header[4] << 8); tga->colormaplength = header[5] + (header[6] << 8); tga->colormapbits = header[7]; tga->xstart = header[8] + (header[9] << 8); tga->ystart = header[10] + (header[11] << 8); tga->width = header[12] + (header[13] << 8); tga->height = header[14] + (header[15] << 8); tga->bits = header[16]; tga->alphabits = header[17] & 0x0f; tga->fliph = (header[17] & 0x10) ? 1 : 0; tga->flipv = (header[17] & 0x20) ? 0 : 1; #if DEBUG printf(""format bps: %i\n"", tga->bits); printf(""flip h/v: %i / %i\n"", tga->fliph, tga->flipv); printf(""alpha: %i\n"", tga->alphabits); printf(""wxh: %i %i\n"", tga->width, tga->height); #endif switch(tga->bits) { case 8: case 16: case 24: case 32: break; default: gd_error(""bps %i not supported"", tga->bits); return -1; break; } tga->ident = NULL; if (tga->identsize > 0) { tga->ident = (char *) gdMalloc(tga->identsize * sizeof(char)); if(tga->ident == NULL) { return -1; } gdGetBuf(tga->ident, tga->identsize, ctx); } return 1; }",visit repo url,src/gd_tga.c,https://github.com/libgd/libgd,263945629622128,1 46,['CWE-787'],"glue(glue(cirrus_bitblt_rop_bkwd_transp_, ROP_NAME),_8)(CirrusVGAState *s, uint8_t *dst,const uint8_t *src, int dstpitch,int srcpitch, int bltwidth,int bltheight) { int x,y; uint8_t p; dstpitch += bltwidth; srcpitch += bltwidth; for (y = 0; y < bltheight; y++) { for (x = 0; x < bltwidth; x++) { p = *dst; ROP_OP(p, *src); if (p != s->gr[0x34]) *dst = p; dst--; src--; } dst += dstpitch; src += srcpitch; } }",qemu,,,202656166810501028692110517888269482110,0 1450,CWE-189,"ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, const unsigned char *src, size_t src_size) { u8 current_bit_offset = 0; size_t src_byte_offset = 0; size_t dst_byte_offset = 0; if (dst == NULL) { (*dst_size) = ecryptfs_max_decoded_size(src_size); goto out; } while (src_byte_offset < src_size) { unsigned char src_byte = filename_rev_map[(int)src[src_byte_offset]]; switch (current_bit_offset) { case 0: dst[dst_byte_offset] = (src_byte << 2); current_bit_offset = 6; break; case 6: dst[dst_byte_offset++] |= (src_byte >> 4); dst[dst_byte_offset] = ((src_byte & 0xF) << 4); current_bit_offset = 4; break; case 4: dst[dst_byte_offset++] |= (src_byte >> 2); dst[dst_byte_offset] = (src_byte << 6); current_bit_offset = 2; break; case 2: dst[dst_byte_offset++] |= (src_byte); dst[dst_byte_offset] = 0; current_bit_offset = 0; break; } src_byte_offset++; } (*dst_size) = dst_byte_offset; out: return; }",visit repo url,fs/ecryptfs/crypto.c,https://github.com/torvalds/linux,260328827093901,1 3545,['CWE-20'],"struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, union sctp_addr *addr) { sctp_addip_param_t param; struct sctp_chunk *retval; int len = sizeof(param); union sctp_addr_param addrparam; int addrlen; struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); addrlen = af->to_addr_param(addr, &addrparam); if (!addrlen) return NULL; len += addrlen; retval = sctp_make_asconf(asoc, addr, len); if (!retval) return NULL; param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; param.param_hdr.length = htons(len); param.crr_id = 0; sctp_addto_chunk(retval, sizeof(param), ¶m); sctp_addto_chunk(retval, addrlen, &addrparam); return retval; }",linux-2.6,,,132405937614122858384741799535127840472,0 6236,CWE-190,"void fp12_write_bin(uint8_t *bin, int len, const fp12_t a, int pack) { fp12_t t; fp12_null(t); RLC_TRY { fp12_new(t); if (pack) { if (len != 8 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); } fp12_pck(t, a); fp2_write_bin(bin, 2 * RLC_FP_BYTES, a[0][1], 0); fp2_write_bin(bin + 2 * RLC_FP_BYTES, 2 * RLC_FP_BYTES, a[0][2], 0); fp2_write_bin(bin + 4 * RLC_FP_BYTES, 2 * RLC_FP_BYTES, a[1][0], 0); fp2_write_bin(bin + 6 * RLC_FP_BYTES, 2 * RLC_FP_BYTES, a[1][2], 0); } else { if (len != 12 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); } fp6_write_bin(bin, 6 * RLC_FP_BYTES, a[0]); fp6_write_bin(bin + 6 * RLC_FP_BYTES, 6 * RLC_FP_BYTES, a[1]); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp12_free(t); } }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,77636417084804,1 4718,['CWE-20'],"static ssize_t ext4_ui_proc_write(struct file *file, const char __user *buf, size_t cnt, loff_t *ppos) { unsigned long *p = PDE(file->f_path.dentry->d_inode)->data; char str[32]; if (cnt >= sizeof(str)) return -EINVAL; if (copy_from_user(str, buf, cnt)) return -EFAULT; *p = simple_strtoul(str, NULL, 0); return cnt; }",linux-2.6,,,18296928070590842506453605167186007610,0 2421,['CWE-119'],"static char *malloc_fullname(const char *base, int baselen, const char *path, int pathlen) { char *fullname = xmalloc(baselen + pathlen + 1); memcpy(fullname, base, baselen); memcpy(fullname + baselen, path, pathlen); fullname[baselen + pathlen] = 0; return fullname; }",git,,,334285339888438541231975230780526791732,0 44,CWE-763,"spnego_gss_init_sec_context( OM_uint32 *minor_status, gss_cred_id_t claimant_cred_handle, gss_ctx_id_t *context_handle, gss_name_t target_name, gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_OID *actual_mech, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec) { send_token_flag send_token = NO_TOKEN_SEND; OM_uint32 tmpmin, ret, negState; gss_buffer_t mechtok_in, mechListMIC_in, mechListMIC_out; gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER; spnego_gss_cred_id_t spcred = NULL; spnego_gss_ctx_id_t spnego_ctx = NULL; dsyslog(""Entering init_sec_context\n""); mechtok_in = mechListMIC_out = mechListMIC_in = GSS_C_NO_BUFFER; negState = REJECT; if (minor_status != NULL) *minor_status = 0; if (output_token != GSS_C_NO_BUFFER) { output_token->length = 0; output_token->value = NULL; } if (minor_status == NULL || output_token == GSS_C_NO_BUFFER || context_handle == NULL) return GSS_S_CALL_INACCESSIBLE_WRITE; if (actual_mech != NULL) *actual_mech = GSS_C_NO_OID; spcred = (spnego_gss_cred_id_t)claimant_cred_handle; if (*context_handle == GSS_C_NO_CONTEXT) { ret = init_ctx_new(minor_status, spcred, context_handle, &send_token); if (ret != GSS_S_CONTINUE_NEEDED) { goto cleanup; } } else { ret = init_ctx_cont(minor_status, context_handle, input_token, &mechtok_in, &mechListMIC_in, &negState, &send_token); if (HARD_ERROR(ret)) { goto cleanup; } } spnego_ctx = (spnego_gss_ctx_id_t)*context_handle; if (!spnego_ctx->mech_complete) { ret = init_ctx_call_init( minor_status, spnego_ctx, spcred, target_name, req_flags, time_req, mechtok_in, actual_mech, &mechtok_out, ret_flags, time_rec, &negState, &send_token); if (!HARD_ERROR(ret) && mech_requires_mechlistMIC(spnego_ctx)) spnego_ctx->mic_reqd = 1; } if (!HARD_ERROR(ret) && spnego_ctx->mech_complete && (spnego_ctx->ctx_flags & GSS_C_INTEG_FLAG)) { ret = handle_mic(minor_status, mechListMIC_in, (mechtok_out.length != 0), spnego_ctx, &mechListMIC_out, &negState, &send_token); } cleanup: if (send_token == INIT_TOKEN_SEND) { if (make_spnego_tokenInit_msg(spnego_ctx, 0, mechListMIC_out, req_flags, &mechtok_out, send_token, output_token) < 0) { ret = GSS_S_FAILURE; } } else if (send_token != NO_TOKEN_SEND) { if (make_spnego_tokenTarg_msg(negState, GSS_C_NO_OID, &mechtok_out, mechListMIC_out, send_token, output_token) < 0) { ret = GSS_S_FAILURE; } } gss_release_buffer(&tmpmin, &mechtok_out); if (ret == GSS_S_COMPLETE) { *context_handle = (gss_ctx_id_t)spnego_ctx->ctx_handle; if (actual_mech != NULL) *actual_mech = spnego_ctx->actual_mech; if (ret_flags != NULL) *ret_flags = spnego_ctx->ctx_flags; release_spnego_ctx(&spnego_ctx); } else if (ret != GSS_S_CONTINUE_NEEDED) { if (spnego_ctx != NULL) { gss_delete_sec_context(&tmpmin, &spnego_ctx->ctx_handle, GSS_C_NO_BUFFER); release_spnego_ctx(&spnego_ctx); } *context_handle = GSS_C_NO_CONTEXT; } if (mechtok_in != GSS_C_NO_BUFFER) { gss_release_buffer(&tmpmin, mechtok_in); free(mechtok_in); } if (mechListMIC_in != GSS_C_NO_BUFFER) { gss_release_buffer(&tmpmin, mechListMIC_in); free(mechListMIC_in); } if (mechListMIC_out != GSS_C_NO_BUFFER) { gss_release_buffer(&tmpmin, mechListMIC_out); free(mechListMIC_out); } return ret; } ",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,273574138968373,1 6593,['CWE-200'],"connection_update_add_done (NMExportedConnection *exported, gboolean success, gpointer user_data) { ConnectionUpdateInfo *info = (ConnectionUpdateInfo *) user_data; if (success) { GtkWindow *parent; info->added_connection = exported ? g_object_ref (exported) : NULL; parent = nm_connection_editor_get_window (info->editor); remove_connection (info->original, parent, connection_update_remove_done, info); } else connection_update_done (info, success); }",network-manager-applet,,,95382559897603640238382690662821818199,0 4535,['CWE-20'],"static int ext4_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t rdev) { handle_t *handle; struct inode *inode; int err, retries = 0; if (!new_valid_dev(rdev)) return -EINVAL; retry: handle = ext4_journal_start(dir, EXT4_DATA_TRANS_BLOCKS(dir->i_sb) + EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3 + 2*EXT4_QUOTA_INIT_BLOCKS(dir->i_sb)); if (IS_ERR(handle)) return PTR_ERR(handle); if (IS_DIRSYNC(dir)) ext4_handle_sync(handle); inode = ext4_new_inode(handle, dir, mode); err = PTR_ERR(inode); if (!IS_ERR(inode)) { init_special_inode(inode, inode->i_mode, rdev); #ifdef CONFIG_EXT4_FS_XATTR inode->i_op = &ext4_special_inode_operations; #endif err = ext4_add_nondir(handle, dentry, inode); } ext4_journal_stop(handle); if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries)) goto retry; return err; }",linux-2.6,,,2551661372569290726161019728035505024,0 3210,['CWE-189'],"static void pass_destroy(jpc_enc_pass_t *pass) { }",jasper,,,325223179965415676137298386212325559285,0 708,CWE-20,"int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; size_t copied; int err; BT_DBG(""sock %p sk %p len %zu"", sock, sk, len); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) { msg->msg_namelen = 0; return 0; } return err; } copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err == 0) { sock_recv_ts_and_drops(msg, sk, skb); if (bt_sk(sk)->skb_msg_name) bt_sk(sk)->skb_msg_name(skb, msg->msg_name, &msg->msg_namelen); else msg->msg_namelen = 0; } skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,145229541403126,1 5613,[],"SYSCALL_DEFINE2(signal, int, sig, __sighandler_t, handler) { struct k_sigaction new_sa, old_sa; int ret; new_sa.sa.sa_handler = handler; new_sa.sa.sa_flags = SA_ONESHOT | SA_NOMASK; sigemptyset(&new_sa.sa.sa_mask); ret = do_sigaction(sig, &new_sa, &old_sa); return ret ? ret : (unsigned long)old_sa.sa.sa_handler; }",linux-2.6,,,315957587114738424628330162312593072820,0 1186,['CWE-189'],static inline void hrtimer_init_hres(struct hrtimer_cpu_base *base) { },linux-2.6,,,81301274157114409762273120975981545494,0 4527,CWE-401,"static void lsr_read_rare_full(GF_LASeRCodec *lsr, GF_Node *n) { GF_FieldInfo info; u32 i, nb_rare, field_rare; s32 field_tag; GF_LSR_READ_INT(lsr, nb_rare, 1, ""has_rare""); if (!nb_rare) return; GF_LSR_READ_INT(lsr, nb_rare, 6, ""nbOfAttributes""); for (i=0; iinfo->cfg.extensionIDBits, ""extensionID""); len = lsr_read_vluimsbf5(lsr, ""len""); if (extID==2) { GF_LSR_READ_INT(lsr, len, 2, ""nbOfAttributes""); for (j=0; jlast_error = gf_node_get_attribute_by_tag(n, TAG_SVG_ATT_syncMaster, GF_TRUE, GF_FALSE, &info); GF_LSR_READ_INT(lsr, *(SVG_Boolean *)info.far_ptr, 1, ""syncMaster""); break; case 1: lsr->last_error = gf_node_get_attribute_by_tag(n, TAG_SVG_ATT_focusHighlight, GF_TRUE, GF_FALSE, &info); GF_LSR_READ_INT(lsr, *(SVG_FocusHighlight *)info.far_ptr, 2, ""focusHighlight""); break; case 2: lsr->last_error = gf_node_get_attribute_by_tag(n, TAG_SVG_ATT_initialVisibility, GF_TRUE, GF_FALSE, &info); GF_LSR_READ_INT(lsr, *(SVG_InitialVisibility *)info.far_ptr, 2, ""initialVisibility""); break; case 3: lsr->last_error = gf_node_get_attribute_by_tag(n, TAG_SVG_ATT_fullscreen, GF_TRUE, GF_FALSE, &info); GF_LSR_READ_INT(lsr, *(SVG_Boolean *)info.far_ptr, 1, ""fullscreen""); break; case 4: lsr->last_error = gf_node_get_attribute_by_tag(n, TAG_SVG_ATT_requiredFonts, GF_TRUE, GF_FALSE, &info); lsr_read_byte_align_string_list(lsr, *(GF_List **)info.far_ptr, ""requiredFonts"", GF_FALSE, GF_TRUE); break; } } } else { gf_bs_read_int(lsr->bs, len); } GF_LSR_READ_INT(lsr, extID, 1, ""hasNextExtension""); if (!extID) break; } continue; } field_tag = gf_lsr_rare_type_to_attribute(field_rare); if (field_tag==-1) { return; } lsr->last_error = gf_node_get_attribute_by_tag(n, field_tag, GF_TRUE, GF_FALSE, &info); if (!info.far_ptr) lsr->last_error = GF_NOT_SUPPORTED; if (lsr->last_error) return; switch (field_tag) { case TAG_SVG_ATT__class: lsr_read_byte_align_string(lsr, info.far_ptr, ""class""); break; case TAG_SVG_ATT_audio_level: ((SVG_Number*)info.far_ptr)->value = lsr_read_fixed_clamp(lsr, ""audio-level""); break; case TAG_SVG_ATT_color: lsr_read_paint(lsr, (SVG_Paint *)info.far_ptr, ""color""); break; case TAG_SVG_ATT_color_rendering: GF_LSR_READ_INT(lsr, *(SVG_RenderingHint*)info.far_ptr, 2, ""color-rendering""); break; case TAG_SVG_ATT_display: GF_LSR_READ_INT(lsr, *(SVG_Display*)info.far_ptr, 5, ""display""); break; case TAG_SVG_ATT_display_align: GF_LSR_READ_INT(lsr, *(SVG_DisplayAlign*)info.far_ptr, 3, ""display-align""); break; case TAG_SVG_ATT_fill_opacity: ((SVG_Number*)info.far_ptr)->type = SVG_NUMBER_VALUE; ((SVG_Number*)info.far_ptr)->value = lsr_read_fixed_clamp(lsr, ""fill-opacity""); break; case TAG_SVG_ATT_fill_rule: GF_LSR_READ_INT(lsr, *(SVG_FillRule*)info.far_ptr, 2, ""fill-rule""); break; case TAG_SVG_ATT_image_rendering: GF_LSR_READ_INT(lsr, *(SVG_RenderingHint*)info.far_ptr, 2, ""image-rendering""); break; case TAG_SVG_ATT_line_increment: lsr_read_line_increment_type(lsr, info.far_ptr, ""line-increment""); break; case TAG_SVG_ATT_pointer_events: GF_LSR_READ_INT(lsr, *(SVG_PointerEvents*)info.far_ptr, 4, ""pointer-events""); break; case TAG_SVG_ATT_shape_rendering: GF_LSR_READ_INT(lsr, *(SVG_RenderingHint*)info.far_ptr, 3, ""shape-rendering""); break; case TAG_SVG_ATT_solid_color: lsr_read_paint(lsr, info.far_ptr, ""solid-color""); break; case TAG_SVG_ATT_solid_opacity: ((SVG_Number*)info.far_ptr)->type = SVG_NUMBER_VALUE; ((SVG_Number*)info.far_ptr)->value = lsr_read_fixed_clamp(lsr, ""solid-opacity""); break; case TAG_SVG_ATT_stop_color: lsr_read_paint(lsr, info.far_ptr, ""stop-color""); break; case TAG_SVG_ATT_stop_opacity: ((SVG_Number*)info.far_ptr)->type = SVG_NUMBER_VALUE; ((SVG_Number*)info.far_ptr)->value = lsr_read_fixed_clamp(lsr, ""stop-opacity""); break; case TAG_SVG_ATT_stroke_dasharray: { u32 j, flag; SVG_StrokeDashArray *da = (SVG_StrokeDashArray *)info.far_ptr; GF_LSR_READ_INT(lsr, flag, 1, ""dashArray""); if (flag) { da->type=SVG_STROKEDASHARRAY_INHERIT; } else { da->type=SVG_STROKEDASHARRAY_ARRAY; da->array.count = lsr_read_vluimsbf5(lsr, ""len""); da->array.vals = (Fixed*)gf_malloc(sizeof(Fixed)*da->array.count); da->array.units = (u8*)gf_malloc(sizeof(u8)*da->array.count); if (!da->array.vals || !da->array.units) { lsr->last_error = GF_OUT_OF_MEM; return; } for (j=0; jarray.count; j++) { da->array.vals[j] = lsr_read_fixed_16_8(lsr, ""dash""); da->array.units[j] = 0; if (lsr->last_error) return; } } } break; case TAG_SVG_ATT_stroke_dashoffset: lsr_read_fixed_16_8i(lsr, info.far_ptr, ""dashOffset""); break; case TAG_SVG_ATT_stroke_linecap: GF_LSR_READ_INT(lsr, *(SVG_StrokeLineCap*)info.far_ptr, 2, ""stroke-linecap""); break; case TAG_SVG_ATT_stroke_linejoin: GF_LSR_READ_INT(lsr, *(SVG_StrokeLineJoin*)info.far_ptr, 2, ""stroke-linejoin""); break; case TAG_SVG_ATT_stroke_miterlimit: lsr_read_fixed_16_8i(lsr, info.far_ptr, ""miterLimit""); break; case TAG_SVG_ATT_stroke_opacity: ((SVG_Number*)info.far_ptr)->type = SVG_NUMBER_VALUE; ((SVG_Number*)info.far_ptr)->value = lsr_read_fixed_clamp(lsr, ""stroke-opacity""); break; case TAG_SVG_ATT_stroke_width: lsr_read_fixed_16_8i(lsr, info.far_ptr, ""strokeWidth""); break; case TAG_SVG_ATT_text_anchor: GF_LSR_READ_INT(lsr, *(SVG_TextAnchor*)info.far_ptr, 2, ""text-achor""); break; case TAG_SVG_ATT_text_rendering: GF_LSR_READ_INT(lsr, *(SVG_RenderingHint*)info.far_ptr, 3, ""text-rendering""); break; case TAG_SVG_ATT_viewport_fill: lsr_read_paint(lsr, info.far_ptr, ""viewport-fill""); break; case TAG_SVG_ATT_viewport_fill_opacity: ((SVG_Number*)info.far_ptr)->type = SVG_NUMBER_VALUE; ((SVG_Number*)info.far_ptr)->value = lsr_read_fixed_clamp(lsr, ""viewport-fill-opacity""); break; case TAG_SVG_ATT_vector_effect: GF_LSR_READ_INT(lsr, *(SVG_VectorEffect*)info.far_ptr, 4, ""vector-effect""); break; case TAG_SVG_ATT_visibility: GF_LSR_READ_INT(lsr, *(SVG_Visibility*)info.far_ptr, 2, ""visibility""); break; case TAG_SVG_ATT_requiredExtensions: lsr_read_byte_align_string_list(lsr, *(GF_List**)info.far_ptr, ""requiredExtensions"", GF_TRUE, GF_FALSE); break; case TAG_SVG_ATT_requiredFormats: lsr_read_byte_align_string_list(lsr, *(GF_List**)info.far_ptr, ""requiredFormats"", GF_FALSE, GF_FALSE); break; case TAG_SVG_ATT_requiredFeatures: { u32 j, fcount = lsr_read_vluimsbf5(lsr, ""count""); for (j=0; jlast_error) return; } } break; case TAG_SVG_ATT_systemLanguage: lsr_read_byte_align_string_list(lsr, *(GF_List**)info.far_ptr, ""systemLanguage"", GF_FALSE, GF_FALSE); break; case TAG_XML_ATT_base: lsr_read_byte_align_string(lsr, &((XMLRI*)info.far_ptr)->string, ""xml:base""); ((XMLRI*)info.far_ptr)->type = XMLRI_STRING; break; case TAG_XML_ATT_lang: lsr_read_byte_align_string(lsr, info.far_ptr, ""xml:lang""); break; case TAG_XML_ATT_space: GF_LSR_READ_INT(lsr, *(XML_Space*)info.far_ptr, 1, ""xml:space""); break; case TAG_SVG_ATT_nav_next: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusNext""); break; case TAG_SVG_ATT_nav_up: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusNorth""); break; case TAG_SVG_ATT_nav_up_left: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusNorthEast""); break; case TAG_SVG_ATT_nav_up_right: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusNorthWest""); break; case TAG_SVG_ATT_nav_prev: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusPrev""); break; case TAG_SVG_ATT_nav_down: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusSouth""); break; case TAG_SVG_ATT_nav_down_left: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusSouthEast""); break; case TAG_SVG_ATT_nav_down_right: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusSouthWest""); break; case TAG_SVG_ATT_nav_left: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusEast""); break; case TAG_SVG_ATT_focusable: GF_LSR_READ_INT(lsr, *(SVG_Focusable*)info.far_ptr, 2, ""focusable""); break; case TAG_SVG_ATT_nav_right: lsr_read_focus(lsr, (SVG_Focus*)info.far_ptr, ""focusWest""); break; case TAG_SVG_ATT_transform: lsr_read_matrix(lsr, info.far_ptr); break; case TAG_SVG_ATT_text_decoration: lsr_read_byte_align_string_list(lsr, *(GF_List**)info.far_ptr, ""textDecoration"", GF_FALSE, GF_FALSE); break; case TAG_SVG_ATT_font_variant: GF_LSR_READ_INT(lsr, *(SVG_FontVariant*)info.far_ptr, 2, ""font-variant""); break; case TAG_SVG_ATT_font_family: { u32 flag; GF_LSR_READ_INT(lsr, flag, 1, ""isInherit""); if (flag) { ((SVG_FontFamily*)info.far_ptr)->type = SVG_FONTFAMILY_INHERIT; } else { char *ft; ((SVG_FontFamily*)info.far_ptr)->type = SVG_FONTFAMILY_VALUE; GF_LSR_READ_INT(lsr, flag, lsr->fontIndexBits, ""fontIndex""); ft = (char*)gf_list_get(lsr->font_table, flag); if (ft) ((SVG_FontFamily*)info.far_ptr)->value = gf_strdup(ft); } } break; case TAG_SVG_ATT_font_size: lsr_read_fixed_16_8i(lsr, info.far_ptr, ""fontSize""); break; case TAG_SVG_ATT_font_style: GF_LSR_READ_INT(lsr, *(SVG_FontStyle*)info.far_ptr, 3, ""fontStyle""); break; case TAG_SVG_ATT_font_weight: GF_LSR_READ_INT(lsr, *(SVG_FontWeight*)info.far_ptr, 4, ""fontWeight""); break; case TAG_XLINK_ATT_title: lsr_read_byte_align_string(lsr, info.far_ptr, ""xlink:title""); break; case TAG_XLINK_ATT_type: GF_LSR_READ_INT(lsr, field_rare, 3, ""xlink:type""); break; case TAG_XLINK_ATT_role: lsr_read_any_uri(lsr, info.far_ptr, ""xlink:role""); break; case TAG_XLINK_ATT_arcrole: lsr_read_any_uri(lsr, info.far_ptr, ""xlink:arcrole""); break; case TAG_XLINK_ATT_actuate: GF_LSR_READ_INT(lsr, field_rare, 2, ""xlink:actuate""); break; case TAG_XLINK_ATT_show: GF_LSR_READ_INT(lsr, field_rare, 3, ""xlink:show""); break; case TAG_SVG_ATT_end: lsr_read_smil_times(lsr, NULL, 0, info.far_ptr, ""end"", 0); break; case TAG_SVG_ATT_max: lsr_read_duration_ex(lsr, NULL, 0, info.far_ptr, ""min"", 0); break; case TAG_SVG_ATT_min: lsr_read_duration_ex(lsr, NULL, 0, info.far_ptr, ""min"", 0); break; } if (lsr->last_error) return; } }",visit repo url,src/laser/lsr_dec.c,https://github.com/gpac/gpac,251129201506713,1 5724,['CWE-200'],"static int irda_sendmsg_dgram(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock *sk = sock->sk; struct irda_sock *self; struct sk_buff *skb; int err; IRDA_DEBUG(4, ""%s(), len=%zd\n"", __func__, len); if (msg->msg_flags & ~(MSG_DONTWAIT|MSG_CMSG_COMPAT)) return -EINVAL; if (sk->sk_shutdown & SEND_SHUTDOWN) { send_sig(SIGPIPE, current, 0); return -EPIPE; } if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; self = irda_sk(sk); if (len > self->max_data_size) { IRDA_DEBUG(0, ""%s(), Warning to much data! "" ""Chopping frame from %zd to %d bytes!\n"", __func__, len, self->max_data_size); len = self->max_data_size; } skb = sock_alloc_send_skb(sk, len + self->max_header_size, msg->msg_flags & MSG_DONTWAIT, &err); if (!skb) return -ENOBUFS; skb_reserve(skb, self->max_header_size); skb_reset_transport_header(skb); IRDA_DEBUG(4, ""%s(), appending user data\n"", __func__); skb_put(skb, len); err = memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len); if (err) { kfree_skb(skb); return err; } err = irttp_udata_request(self->tsap, skb); if (err) { IRDA_DEBUG(0, ""%s(), err=%d\n"", __func__, err); return err; } return len; }",linux-2.6,,,317253786056699994947363377800248395332,0 5317,CWE-787,"static uint get_alen(char *arg, int default_len) { int j; int alen; alen = default_len; for (j = 0; j < 8; j++) { if (arg[j] == '.') { alen = arg[j+1] - '0'; break; } else if (arg[j] == '\0') break; } return alen; }",visit repo url,cmd/i2c.c,https://github.com/u-boot/u-boot,195617315179898,1 3358,[],"static inline struct nlattr *nlmsg_attrdata(const struct nlmsghdr *nlh, int hdrlen) { unsigned char *data = nlmsg_data(nlh); return (struct nlattr *) (data + NLMSG_ALIGN(hdrlen)); }",linux-2.6,,,6917563936793673807897860627117517879,0 5514,CWE-125,"fp_setreadl(struct tok_state *tok, const char* enc) { PyObject *readline, *io, *stream; _Py_IDENTIFIER(open); _Py_IDENTIFIER(readline); int fd; long pos; fd = fileno(tok->fp); pos = ftell(tok->fp); if (pos == -1 || lseek(fd, (off_t)(pos > 0 ? pos - 1 : pos), SEEK_SET) == (off_t)-1) { PyErr_SetFromErrnoWithFilename(PyExc_OSError, NULL); return 0; } io = PyImport_ImportModuleNoBlock(""io""); if (io == NULL) return 0; stream = _PyObject_CallMethodId(io, &PyId_open, ""isisOOO"", fd, ""r"", -1, enc, Py_None, Py_None, Py_False); Py_DECREF(io); if (stream == NULL) return 0; readline = _PyObject_GetAttrId(stream, &PyId_readline); Py_DECREF(stream); if (readline == NULL) return 0; Py_XSETREF(tok->decoding_readline, readline); if (pos > 0) { PyObject *bufobj = PyObject_CallObject(readline, NULL); if (bufobj == NULL) return 0; Py_DECREF(bufobj); } return 1; }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,240747956105804,1 4584,CWE-476,"GF_Err gf_isom_set_extraction_slc(GF_ISOFile *the_file, u32 trackNumber, u32 StreamDescriptionIndex, const GF_SLConfig *slConfig) { GF_TrackBox *trak; GF_SampleEntryBox *entry; GF_Err e; GF_SLConfig **slc; trak = gf_isom_get_track_from_file(the_file, trackNumber); if (!trak) return GF_BAD_PARAM; e = Media_GetSampleDesc(trak->Media, StreamDescriptionIndex, &entry, NULL); if (e) return e; switch (entry->type) { case GF_ISOM_BOX_TYPE_MP4S: if (((GF_MPEGSampleEntryBox *)entry)->esd->desc->slConfig->predefined != SLPredef_MP4) return GF_BAD_PARAM; slc = & ((GF_MPEGSampleEntryBox *)entry)->slc; break; case GF_ISOM_BOX_TYPE_MP4A: if (((GF_MPEGAudioSampleEntryBox *)entry)->esd->desc->slConfig->predefined != SLPredef_MP4) return GF_BAD_PARAM; slc = & ((GF_MPEGAudioSampleEntryBox *)entry)->slc; break; case GF_ISOM_BOX_TYPE_MP4V: if (((GF_MPEGVisualSampleEntryBox *)entry)->esd->desc->slConfig->predefined != SLPredef_MP4) return GF_BAD_PARAM; slc = & ((GF_MPEGVisualSampleEntryBox *)entry)->slc; break; default: return GF_BAD_PARAM; } if (*slc) { gf_odf_desc_del((GF_Descriptor *)*slc); *slc = NULL; } if (!slConfig) return GF_OK; return gf_odf_desc_copy((GF_Descriptor *) slConfig, (GF_Descriptor **) slc); }",visit repo url,src/isomedia/isom_write.c,https://github.com/gpac/gpac,110621648108970,1 4697,['CWE-20'],"static int ext4_dquot_initialize(struct inode *inode, int type) { handle_t *handle; int ret, err; handle = ext4_journal_start(inode, 2*EXT4_QUOTA_INIT_BLOCKS(inode->i_sb)); if (IS_ERR(handle)) return PTR_ERR(handle); ret = dquot_initialize(inode, type); err = ext4_journal_stop(handle); if (!ret) ret = err; return ret; }",linux-2.6,,,231286468988779643286266316457812060342,0 2103,[],"int udp_lib_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen, int (*push_pending_frames)(struct sock *)) { struct udp_sock *up = udp_sk(sk); int val; int err = 0; if (optlencorkflag = 1; } else { up->corkflag = 0; lock_sock(sk); (*push_pending_frames)(sk); release_sock(sk); } break; case UDP_ENCAP: switch (val) { case 0: case UDP_ENCAP_ESPINUDP: case UDP_ENCAP_ESPINUDP_NON_IKE: up->encap_rcv = xfrm4_udp_encap_rcv; case UDP_ENCAP_L2TPINUDP: up->encap_type = val; break; default: err = -ENOPROTOOPT; break; } break; case UDPLITE_SEND_CSCOV: if (!up->pcflag) return -ENOPROTOOPT; if (val != 0 && val < 8) val = 8; up->pcslen = val; up->pcflag |= UDPLITE_SEND_CC; break; case UDPLITE_RECV_CSCOV: if (!up->pcflag) return -ENOPROTOOPT; if (val != 0 && val < 8) val = 8; up->pcrlen = val; up->pcflag |= UDPLITE_RECV_CC; break; default: err = -ENOPROTOOPT; break; } return err; }",linux-2.6,,,178386063891848017218594676757706428829,0 5053,['CWE-20'],"static void kvm_do_inject_irq(struct kvm_vcpu *vcpu) { int word_index = __ffs(vcpu->arch.irq_summary); int bit_index = __ffs(vcpu->arch.irq_pending[word_index]); int irq = word_index * BITS_PER_LONG + bit_index; clear_bit(bit_index, &vcpu->arch.irq_pending[word_index]); if (!vcpu->arch.irq_pending[word_index]) clear_bit(word_index, &vcpu->arch.irq_summary); kvm_queue_interrupt(vcpu, irq); }",linux-2.6,,,59097945817763318828085563431750491200,0 6219,CWE-190,"void fp6_write_bin(uint8_t *bin, int len, const fp6_t a) { if (len != 6 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp2_write_bin(bin, 2 * RLC_FP_BYTES, a[0], 0); fp2_write_bin(bin + 2 * RLC_FP_BYTES, 2 * RLC_FP_BYTES, a[1], 0); fp2_write_bin(bin + 4 * RLC_FP_BYTES, 2 * RLC_FP_BYTES, a[2], 0); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,139079526608905,1 1347,CWE-20,"int ext4_orphan_add(handle_t *handle, struct inode *inode) { struct super_block *sb = inode->i_sb; struct ext4_iloc iloc; int err = 0, rc; if (!ext4_handle_valid(handle)) return 0; mutex_lock(&EXT4_SB(sb)->s_orphan_lock); if (!list_empty(&EXT4_I(inode)->i_orphan)) goto out_unlock; J_ASSERT((S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) || inode->i_nlink == 0); BUFFER_TRACE(EXT4_SB(sb)->s_sbh, ""get_write_access""); err = ext4_journal_get_write_access(handle, EXT4_SB(sb)->s_sbh); if (err) goto out_unlock; err = ext4_reserve_inode_write(handle, inode, &iloc); if (err) goto out_unlock; if (NEXT_ORPHAN(inode) && NEXT_ORPHAN(inode) <= (le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count))) goto mem_insert; NEXT_ORPHAN(inode) = le32_to_cpu(EXT4_SB(sb)->s_es->s_last_orphan); EXT4_SB(sb)->s_es->s_last_orphan = cpu_to_le32(inode->i_ino); err = ext4_handle_dirty_super(handle, sb); rc = ext4_mark_iloc_dirty(handle, inode, &iloc); if (!err) err = rc; mem_insert: if (!err) list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan); jbd_debug(4, ""superblock will point to %lu\n"", inode->i_ino); jbd_debug(4, ""orphan inode %lu will point to %d\n"", inode->i_ino, NEXT_ORPHAN(inode)); out_unlock: mutex_unlock(&EXT4_SB(sb)->s_orphan_lock); ext4_std_error(inode->i_sb, err); return err; }",visit repo url,fs/ext4/namei.c,https://github.com/torvalds/linux,138375188874847,1 1959,CWE-401,"int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, struct nlattr **attrs) { struct net *net = sock_net(in_skb->sk); struct crypto_user_alg *p = nlmsg_data(in_nlh); struct crypto_alg *alg; struct sk_buff *skb; struct crypto_dump_info info; int err; if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) return -EINVAL; alg = crypto_alg_match(p, 0); if (!alg) return -ENOENT; err = -ENOMEM; skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); if (!skb) goto drop_alg; info.in_skb = in_skb; info.out_skb = skb; info.nlmsg_seq = in_nlh->nlmsg_seq; info.nlmsg_flags = 0; err = crypto_reportstat_alg(alg, &info); drop_alg: crypto_mod_put(alg); if (err) return err; return nlmsg_unicast(net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid); }",visit repo url,crypto/crypto_user_stat.c,https://github.com/torvalds/linux,26111660972678,1 5925,CWE-120,"static Jsi_RC DebugInfoCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { if (!interp->breakpointHash) { Jsi_ValueMakeArrayObject(interp, ret, NULL); return JSI_OK; } int argc = Jsi_ValueGetLength(interp, args); if (argc == 0) return Jsi_HashKeysDump(interp, interp->breakpointHash, ret, 0); Jsi_Value *val = Jsi_ValueArrayIndex(interp, args, 0); int num; char nbuf[100]; if (Jsi_GetIntFromValue(interp, val, &num) != JSI_OK) return Jsi_LogError(""bad number""); snprintf(nbuf, sizeof(nbuf), ""%d"", num); Jsi_HashEntry *hPtr = Jsi_HashEntryFind(interp->breakpointHash, nbuf); if (!hPtr) return Jsi_LogError(""unknown breakpoint""); jsi_BreakPoint* bp = (jsi_BreakPoint*)Jsi_HashValueGet(hPtr); if (!bp) return JSI_ERROR; Jsi_DString dStr = {}; if (bp->func) Jsi_DSPrintf(&dStr, ""{id:%d, type:\""func\"", func:\""%s\"", hits:%d, enabled:%s, temporary:%s}"", bp->id, bp->func, bp->hits, bp->enabled?""true"":""false"", bp->temp?""true"":""false""); else Jsi_DSPrintf(&dStr, ""{id:%d, type:\""line\"", file:\""%s\"", line:%d, hits:%d, enabled:%s}"", bp->id, bp->file?bp->file:"""", bp->line, bp->hits, bp->enabled?""true"":""false""); Jsi_RC rc = Jsi_JSONParse(interp, Jsi_DSValue(&dStr), ret, 0); Jsi_DSFree(&dStr); return rc; }",visit repo url,src/jsiCmds.c,https://github.com/pcmacdon/jsish,74998407165897,1 6103,['CWE-200'],"void inet6_ifinfo_notify(int event, struct inet6_dev *idev) { struct sk_buff *skb; int size = NLMSG_SPACE(sizeof(struct ifinfomsg)+128); skb = alloc_skb(size, GFP_ATOMIC); if (!skb) { netlink_set_err(rtnl, 0, RTMGRP_IPV6_IFINFO, ENOBUFS); return; } if (inet6_fill_ifinfo(skb, idev, current->pid, 0, event, 0) < 0) { kfree_skb(skb); netlink_set_err(rtnl, 0, RTMGRP_IPV6_IFINFO, EINVAL); return; } NETLINK_CB(skb).dst_groups = RTMGRP_IPV6_IFINFO; netlink_broadcast(rtnl, skb, 0, RTMGRP_IPV6_IFINFO, GFP_ATOMIC); }",linux-2.6,,,155055723386642998740091376694557490068,0 1455,[],"void __cpuinit init_idle(struct task_struct *idle, int cpu) { struct rq *rq = cpu_rq(cpu); unsigned long flags; __sched_fork(idle); idle->se.exec_start = sched_clock(); idle->prio = idle->normal_prio = MAX_PRIO; idle->cpus_allowed = cpumask_of_cpu(cpu); __set_task_cpu(idle, cpu); spin_lock_irqsave(&rq->lock, flags); rq->curr = rq->idle = idle; #if defined(CONFIG_SMP) && defined(__ARCH_WANT_UNLOCKED_CTXSW) idle->oncpu = 1; #endif spin_unlock_irqrestore(&rq->lock, flags); task_thread_info(idle)->preempt_count = 0; idle->sched_class = &idle_sched_class; }",linux-2.6,,,226952803395635539731798260616199046071,0 3566,['CWE-20'],"sctp_disposition_t sctp_sf_do_9_1_abort(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; if (!sctp_vtag_verify_either(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t))) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (SCTP_ADDR_DEL == sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest)) return sctp_sf_discard_chunk(ep, asoc, type, arg, commands); return __sctp_sf_do_9_1_abort(ep, asoc, type, arg, commands); }",linux-2.6,,,288113669157193280642563722294663168411,0 2963,['CWE-189'],"static void jas_iccattrtab_destroy(jas_iccattrtab_t *tab) { if (tab->attrs) { while (tab->numattrs > 0) { jas_iccattrtab_delete(tab, 0); } jas_free(tab->attrs); } jas_free(tab); }",jasper,,,250532161227087848901958703918588375215,0 6320,CWE-295,"NOEXPORT int init_section(int eof, SERVICE_OPTIONS **section_ptr) { char *errstr; #ifndef USE_WIN32 (*section_ptr)->option.log_stderr=new_global_options.option.log_stderr; #endif if(*section_ptr==&new_service_options) { errstr=parse_global_option(CMD_INITIALIZE, NULL, NULL); if(errstr) { s_log(LOG_ERR, ""Global options: %s"", errstr); return 1; } } if(*section_ptr!=&new_service_options || eof) { if(*section_ptr==&new_service_options) s_log(LOG_INFO, ""Initializing inetd mode configuration""); else s_log(LOG_INFO, ""Initializing service [%s]"", (*section_ptr)->servname); errstr=parse_service_option(CMD_INITIALIZE, section_ptr, NULL, NULL); if(errstr) { if(*section_ptr==&new_service_options) s_log(LOG_ERR, ""Inetd mode: %s"", errstr); else s_log(LOG_ERR, ""Service [%s]: %s"", (*section_ptr)->servname, errstr); return 1; } } return 0; }",visit repo url,src/options.c,https://github.com/mtrojnar/stunnel,97367698909650,1 749,['CWE-119'],"isdn_net_getcfg(isdn_net_ioctl_cfg * cfg) { isdn_net_dev *p = isdn_net_findif(cfg->name); if (p) { isdn_net_local *lp = p->local; strcpy(cfg->eaz, lp->msn); cfg->exclusive = lp->exclusive; if (lp->pre_device >= 0) { sprintf(cfg->drvid, ""%s,%d"", dev->drvid[lp->pre_device], lp->pre_channel); } else cfg->drvid[0] = '\0'; cfg->onhtime = lp->onhtime; cfg->charge = lp->charge; cfg->l2_proto = lp->l2_proto; cfg->l3_proto = lp->l3_proto; cfg->p_encap = lp->p_encap; cfg->secure = (lp->flags & ISDN_NET_SECURE) ? 1 : 0; cfg->callback = 0; if (lp->flags & ISDN_NET_CALLBACK) cfg->callback = 1; if (lp->flags & ISDN_NET_CBOUT) cfg->callback = 2; cfg->cbhup = (lp->flags & ISDN_NET_CBHUP) ? 1 : 0; cfg->dialmode = lp->flags & ISDN_NET_DIALMODE_MASK; cfg->chargehup = (lp->hupflags & 4) ? 1 : 0; cfg->ihup = (lp->hupflags & 8) ? 1 : 0; cfg->cbdelay = lp->cbdelay; cfg->dialmax = lp->dialmax; cfg->triggercps = lp->triggercps; cfg->slavedelay = lp->slavedelay / HZ; cfg->chargeint = (lp->hupflags & ISDN_CHARGEHUP) ? (lp->chargeint / HZ) : 0; cfg->pppbind = lp->pppbind; cfg->dialtimeout = lp->dialtimeout >= 0 ? lp->dialtimeout / HZ : -1; cfg->dialwait = lp->dialwait / HZ; if (lp->slave) { if (strlen(lp->slave->name) > 8) strcpy(cfg->slave, ""too-long""); else strcpy(cfg->slave, lp->slave->name); } else cfg->slave[0] = '\0'; if (lp->master) { if (strlen(lp->master->name) > 8) strcpy(cfg->master, ""too-long""); strcpy(cfg->master, lp->master->name); } else cfg->master[0] = '\0'; return 0; } return -ENODEV; }",linux-2.6,,,174912943783236737146462826932766404766,0 3418,['CWE-264'],"static int vfs_statfs_native(struct dentry *dentry, struct statfs *buf) { struct kstatfs st; int retval; retval = vfs_statfs(dentry, &st); if (retval) return retval; if (sizeof(*buf) == sizeof(st)) memcpy(buf, &st, sizeof(st)); else { if (sizeof buf->f_blocks == 4) { if ((st.f_blocks | st.f_bfree | st.f_bavail) & 0xffffffff00000000ULL) return -EOVERFLOW; if (st.f_files != -1 && (st.f_files & 0xffffffff00000000ULL)) return -EOVERFLOW; if (st.f_ffree != -1 && (st.f_ffree & 0xffffffff00000000ULL)) return -EOVERFLOW; } buf->f_type = st.f_type; buf->f_bsize = st.f_bsize; buf->f_blocks = st.f_blocks; buf->f_bfree = st.f_bfree; buf->f_bavail = st.f_bavail; buf->f_files = st.f_files; buf->f_ffree = st.f_ffree; buf->f_fsid = st.f_fsid; buf->f_namelen = st.f_namelen; buf->f_frsize = st.f_frsize; memset(buf->f_spare, 0, sizeof(buf->f_spare)); } return 0; }",linux-2.6,,,54342671088894067087720503049545936661,0 2514,['CWE-119'],"static int scale_linear(int it, int width, int max_change) { if (max_change < 2) return it; return ((it - 1) * (width - 1) + max_change - 1) / (max_change - 1); }",git,,,139465467177510207024059951257568893412,0 6263,['CWE-200'],"static void mroute_clean_tables(struct sock *sk) { int i; for(i=0; imfc_flags&MFC_STATIC) { cp = &c->next; continue; } write_lock_bh(&mrt_lock); *cp = c->next; write_unlock_bh(&mrt_lock); kmem_cache_free(mrt_cachep, c); } } if (atomic_read(&cache_resolve_queue_len) != 0) { struct mfc_cache *c; spin_lock_bh(&mfc_unres_lock); while (mfc_unres_queue != NULL) { c = mfc_unres_queue; mfc_unres_queue = c->next; spin_unlock_bh(&mfc_unres_lock); ipmr_destroy_unres(c); spin_lock_bh(&mfc_unres_lock); } spin_unlock_bh(&mfc_unres_lock); } }",linux-2.6,,,106745876146545126358296946648697930195,0 5276,CWE-330,"static int oidc_cache_crypto_decrypt_impl(request_rec *r, unsigned char *ciphertext, int ciphertext_len, const unsigned char *aad, int aad_len, const unsigned char *tag, int tag_len, unsigned char *key, const unsigned char *iv, int iv_len, unsigned char *plaintext) { EVP_CIPHER_CTX *ctx; int len; int plaintext_len; int ret; if (!(ctx = EVP_CIPHER_CTX_new())) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_new""); return -1; } if (!EVP_DecryptInit_ex(ctx, OIDC_CACHE_CIPHER, NULL, NULL, NULL)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptInit_ex""); return -1; } if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_SET_IVLEN, iv_len, NULL)) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_ctrl""); return -1; } if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptInit_ex""); return -1; } if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptUpdate aad: aad_len=%d"", aad_len); return -1; } if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptUpdate ciphertext""); return -1; } plaintext_len = len; if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_SET_TAG, tag_len, (void *) tag)) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_ctrl""); return -1; } ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len); EVP_CIPHER_CTX_free(ctx); if (ret > 0) { plaintext_len += len; return plaintext_len; } else { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptFinal_ex""); return -1; } }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,272140247053342,1 757,CWE-20,"static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct ipx_sock *ipxs = ipx_sk(sk); struct sockaddr_ipx *sipx = (struct sockaddr_ipx *)msg->msg_name; struct ipxhdr *ipx = NULL; struct sk_buff *skb; int copied, rc; lock_sock(sk); if (!ipxs->port) { struct sockaddr_ipx uaddr; uaddr.sipx_port = 0; uaddr.sipx_network = 0; #ifdef CONFIG_IPX_INTERN rc = -ENETDOWN; if (!ipxs->intrfc) goto out; memcpy(uaddr.sipx_node, ipxs->intrfc->if_node, IPX_NODE_LEN); #endif rc = __ipx_bind(sock, (struct sockaddr *)&uaddr, sizeof(struct sockaddr_ipx)); if (rc) goto out; } rc = -ENOTCONN; if (sock_flag(sk, SOCK_ZAPPED)) goto out; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); if (!skb) goto out; ipx = ipx_hdr(skb); copied = ntohs(ipx->ipx_pktsize) - sizeof(struct ipxhdr); if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } rc = skb_copy_datagram_iovec(skb, sizeof(struct ipxhdr), msg->msg_iov, copied); if (rc) goto out_free; if (skb->tstamp.tv64) sk->sk_stamp = skb->tstamp; msg->msg_namelen = sizeof(*sipx); if (sipx) { sipx->sipx_family = AF_IPX; sipx->sipx_port = ipx->ipx_source.sock; memcpy(sipx->sipx_node, ipx->ipx_source.node, IPX_NODE_LEN); sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net; sipx->sipx_type = ipx->ipx_type; sipx->sipx_zero = 0; } rc = copied; out_free: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/ipx/af_ipx.c,https://github.com/torvalds/linux,233280970032934,1 1125,CWE-362,"struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb, struct request_sock *req, struct dst_entry *dst) { struct inet_request_sock *ireq; struct inet_sock *newinet; struct tcp_sock *newtp; struct sock *newsk; #ifdef CONFIG_TCP_MD5SIG struct tcp_md5sig_key *key; #endif if (sk_acceptq_is_full(sk)) goto exit_overflow; if (!dst && (dst = inet_csk_route_req(sk, req)) == NULL) goto exit; newsk = tcp_create_openreq_child(sk, req, skb); if (!newsk) goto exit_nonewsk; newsk->sk_gso_type = SKB_GSO_TCPV4; sk_setup_caps(newsk, dst); newtp = tcp_sk(newsk); newinet = inet_sk(newsk); ireq = inet_rsk(req); newinet->inet_daddr = ireq->rmt_addr; newinet->inet_rcv_saddr = ireq->loc_addr; newinet->inet_saddr = ireq->loc_addr; newinet->opt = ireq->opt; ireq->opt = NULL; newinet->mc_index = inet_iif(skb); newinet->mc_ttl = ip_hdr(skb)->ttl; inet_csk(newsk)->icsk_ext_hdr_len = 0; if (newinet->opt) inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen; newinet->inet_id = newtp->write_seq ^ jiffies; tcp_mtup_init(newsk); tcp_sync_mss(newsk, dst_mtu(dst)); newtp->advmss = dst_metric_advmss(dst); if (tcp_sk(sk)->rx_opt.user_mss && tcp_sk(sk)->rx_opt.user_mss < newtp->advmss) newtp->advmss = tcp_sk(sk)->rx_opt.user_mss; tcp_initialize_rcv_mss(newsk); #ifdef CONFIG_TCP_MD5SIG key = tcp_v4_md5_do_lookup(sk, newinet->inet_daddr); if (key != NULL) { char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); if (newkey != NULL) tcp_v4_md5_do_add(newsk, newinet->inet_daddr, newkey, key->keylen); sk_nocaps_add(newsk, NETIF_F_GSO_MASK); } #endif if (__inet_inherit_port(sk, newsk) < 0) { sock_put(newsk); goto exit; } __inet_hash_nolisten(newsk, NULL); return newsk; exit_overflow: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); exit_nonewsk: dst_release(dst); exit: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); return NULL; }",visit repo url,net/ipv4/tcp_ipv4.c,https://github.com/torvalds/linux,207995623401035,1 6688,CWE-1284,"int read_password(unsigned char* buffer, encryptmode_t mode) { #ifndef WIN32 #define PASS_EOF EOF struct termios t; int echo_enabled; int tty; FILE* ftty; unsigned char pwd[MAX_PASSWD_BUF]; unsigned char pwd_confirm[MAX_PASSWD_BUF]; unsigned char* p; #else #define PASS_EOF L'\x003' FILE* ftty = stderr; wchar_t* pwd = (wchar_t *)buffer; wchar_t pwd_confirm[MAX_PASSWD_LEN+1]; wchar_t* p; #endif int c; int chars_read; int i; int match; #ifndef WIN32 ftty = fopen(""/dev/tty"", ""r+""); if (ftty == NULL) { return AESCRYPT_READPWD_FOPEN; } tty = fileno(ftty); if (tty < 0) { return AESCRYPT_READPWD_FILENO; } if (tcgetattr(tty, &t) < 0) { fclose(ftty); return AESCRYPT_READPWD_TCGETATTR; } #endif for (i = 0; (i == 0) || (i == 1 && mode == ENC); i++) { if (!i) { p = pwd; } else { p = pwd_confirm; } if (i) { fprintf(ftty, ""Re-""); } fprintf(ftty, ""Enter password: ""); fflush(ftty); #ifndef WIN32 if (t.c_lflag & ECHO) { t.c_lflag &= ~ECHO; if (tcsetattr(tty, TCSANOW, &t) < 0) { memset_secure(pwd, 0, MAX_PASSWD_BUF); memset_secure(pwd_confirm, 0, MAX_PASSWD_BUF); fclose(ftty); return AESCRYPT_READPWD_TCSETATTR; } echo_enabled = 1; } else { echo_enabled = 0; } #endif chars_read = 0; #ifdef WIN32 while (((c = _getwch()) != L'\r') && (c != PASS_EOF)) #else while (((c = fgetc(ftty)) != '\n') && (c != PASS_EOF)) #endif { if (chars_read <= MAX_PASSWD_LEN) { #ifdef WIN32 p[chars_read] = (wchar_t) c; #else p[chars_read] = (char) c; #endif } chars_read++; } if (chars_read <= MAX_PASSWD_LEN) { p[chars_read] = '\0'; } fprintf(ftty, ""\n""); #ifndef WIN32 if (echo_enabled) { t.c_lflag |= ECHO; if (tcsetattr(tty, TCSANOW, &t) < 0) { memset_secure(pwd, 0, MAX_PASSWD_BUF); memset_secure(pwd_confirm, 0, MAX_PASSWD_BUF); fclose(ftty); return AESCRYPT_READPWD_TCSETATTR; } } #endif if (c == PASS_EOF) { memset_secure(pwd, 0, MAX_PASSWD_BUF); memset_secure(pwd_confirm, 0, MAX_PASSWD_BUF); if (ftty != stderr) fclose(ftty); return AESCRYPT_READPWD_FGETC; } if (chars_read > MAX_PASSWD_LEN) { memset_secure(pwd, 0, MAX_PASSWD_BUF); memset_secure(pwd_confirm, 0, MAX_PASSWD_BUF); if (ftty != stderr) fclose(ftty); return AESCRYPT_READPWD_TOOLONG; } } if (ftty != stderr) fclose(ftty); if (mode == ENC) { match = strcmp((char*)pwd, (char*)pwd_confirm); memset_secure(pwd_confirm, 0, MAX_PASSWD_BUF); if (match != 0) { memset_secure(pwd, 0, MAX_PASSWD_BUF); return AESCRYPT_READPWD_NOMATCH; } } #ifdef WIN32 chars_read *= 2; #else chars_read = passwd_to_utf16( pwd, chars_read, MAX_PASSWD_LEN, buffer); if (chars_read < 0) { memset_secure(pwd_confirm, 0, MAX_PASSWD_BUF); memset_secure(pwd, 0, MAX_PASSWD_BUF); return AESCRYPT_READPWD_ICONV; } #endif return chars_read; }",visit repo url,Linux/src/password.c,https://github.com/paulej/AESCrypt,75843210725647,1 2612,CWE-134,"static void zend_throw_or_error(int fetch_type, zend_class_entry *exception_ce, const char *format, ...) { va_list va; char *message = NULL; va_start(va, format); zend_vspprintf(&message, 0, format, va); if (fetch_type & ZEND_FETCH_CLASS_EXCEPTION) { zend_throw_error(exception_ce, message); } else { zend_error(E_ERROR, ""%s"", message); } efree(message); va_end(va); }",visit repo url,Zend/zend_execute_API.c,https://github.com/php/php-src,251504346040352,1 3054,CWE-787,"bool HHVM_FUNCTION(mb_parse_str, const String& encoded_string, VRefParam result ) { php_mb_encoding_handler_info_t info; info.data_type = PARSE_STRING; info.separator = "";&""; info.force_register_globals = false; info.report_errors = 1; info.to_encoding = MBSTRG(current_internal_encoding); info.to_language = MBSTRG(current_language); info.from_encodings = MBSTRG(http_input_list); info.num_from_encodings = MBSTRG(http_input_list_size); info.from_language = MBSTRG(current_language); char *encstr = strndup(encoded_string.data(), encoded_string.size()); Array resultArr = Array::Create(); mbfl_encoding *detected = _php_mb_encoding_handler_ex(&info, resultArr, encstr); free(encstr); result.assignIfRef(resultArr); MBSTRG(http_input_identify) = detected; return detected != nullptr; }",visit repo url,hphp/runtime/ext/mbstring/ext_mbstring.cpp,https://github.com/facebook/hhvm,181520495324107,1 1782,CWE-264,"check_entry_size_and_hooks(struct ipt_entry *e, struct xt_table_info *newinfo, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks) { unsigned int h; int err; if ((unsigned long)e % __alignof__(struct ipt_entry) != 0 || (unsigned char *)e + sizeof(struct ipt_entry) >= limit || (unsigned char *)e + e->next_offset > limit) { duprintf(""Bad offset %p\n"", e); return -EINVAL; } if (e->next_offset < sizeof(struct ipt_entry) + sizeof(struct xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } if (!ip_checkentry(&e->ip)) return -EINVAL; err = xt_check_entry_offsets(e, e->target_offset, e->next_offset); if (err) return err; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if (!(valid_hooks & (1 << h))) continue; if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) { if (!check_underflow(e)) { pr_debug(""Underflows must be unconditional and "" ""use the STANDARD target with "" ""ACCEPT/DROP\n""); return -EINVAL; } newinfo->underflow[h] = underflows[h]; } } e->counters = ((struct xt_counters) { 0, 0 }); e->comefrom = 0; return 0; }",visit repo url,net/ipv4/netfilter/ip_tables.c,https://github.com/torvalds/linux,238001057597989,1 3919,CWE-416,"did_set_spelllang(win_T *wp) { garray_T ga; char_u *splp; char_u *region; char_u region_cp[3]; int filename; int region_mask; slang_T *slang; int c; char_u lang[MAXWLEN + 1]; char_u spf_name[MAXPATHL]; int len; char_u *p; int round; char_u *spf; char_u *use_region = NULL; int dont_use_region = FALSE; int nobreak = FALSE; int i, j; langp_T *lp, *lp2; static int recursive = FALSE; char *ret_msg = NULL; char_u *spl_copy; bufref_T bufref; set_bufref(&bufref, wp->w_buffer); if (recursive) return NULL; recursive = TRUE; ga_init2(&ga, sizeof(langp_T), 2); clear_midword(wp); spl_copy = vim_strsave(wp->w_s->b_p_spl); if (spl_copy == NULL) goto theend; wp->w_s->b_cjk = 0; for (splp = spl_copy; *splp != NUL; ) { copy_option_part(&splp, lang, MAXWLEN, "",""); region = NULL; len = (int)STRLEN(lang); if (!valid_spelllang(lang)) continue; if (STRCMP(lang, ""cjk"") == 0) { wp->w_s->b_cjk = 1; continue; } if (len > 4 && fnamecmp(lang + len - 4, "".spl"") == 0) { filename = TRUE; p = vim_strchr(gettail(lang), '_'); if (p != NULL && ASCII_ISALPHA(p[1]) && ASCII_ISALPHA(p[2]) && !ASCII_ISALPHA(p[3])) { vim_strncpy(region_cp, p + 1, 2); mch_memmove(p, p + 3, len - (p - lang) - 2); region = region_cp; } else dont_use_region = TRUE; FOR_ALL_SPELL_LANGS(slang) if (fullpathcmp(lang, slang->sl_fname, FALSE, TRUE) == FPC_SAME) break; } else { filename = FALSE; if (len > 3 && lang[len - 3] == '_') { region = lang + len - 2; len -= 3; lang[len] = NUL; } else dont_use_region = TRUE; FOR_ALL_SPELL_LANGS(slang) if (STRICMP(lang, slang->sl_name) == 0) break; } if (region != NULL) { if (use_region != NULL && STRCMP(region, use_region) != 0) dont_use_region = TRUE; use_region = region; } if (slang == NULL) { if (filename) (void)spell_load_file(lang, lang, NULL, FALSE); else { spell_load_lang(lang); if (!bufref_valid(&bufref)) { ret_msg = N_(e_spellfilemising_autocommand_deleted_buffer); goto theend; } } } FOR_ALL_SPELL_LANGS(slang) if (filename ? fullpathcmp(lang, slang->sl_fname, FALSE, TRUE) == FPC_SAME : STRICMP(lang, slang->sl_name) == 0) { region_mask = REGION_ALL; if (!filename && region != NULL) { c = find_region(slang->sl_regions, region); if (c == REGION_ALL) { if (slang->sl_add) { if (*slang->sl_regions != NUL) region_mask = 0; } else smsg(_(""Warning: region %s not supported""), region); } else region_mask = 1 << c; } if (region_mask != 0) { if (ga_grow(&ga, 1) == FAIL) { ga_clear(&ga); ret_msg = e_out_of_memory; goto theend; } LANGP_ENTRY(ga, ga.ga_len)->lp_slang = slang; LANGP_ENTRY(ga, ga.ga_len)->lp_region = region_mask; ++ga.ga_len; use_midword(slang, wp); if (slang->sl_nobreak) nobreak = TRUE; } } } spf = curwin->w_s->b_p_spf; for (round = 0; round == 0 || *spf != NUL; ++round) { if (round == 0) { if (int_wordlist == NULL) continue; int_wordlist_spl(spf_name); } else { copy_option_part(&spf, spf_name, MAXPATHL - 5, "",""); STRCAT(spf_name, "".spl""); for (c = 0; c < ga.ga_len; ++c) { p = LANGP_ENTRY(ga, c)->lp_slang->sl_fname; if (p != NULL && fullpathcmp(spf_name, p, FALSE, TRUE) == FPC_SAME) break; } if (c < ga.ga_len) continue; } FOR_ALL_SPELL_LANGS(slang) if (fullpathcmp(spf_name, slang->sl_fname, FALSE, TRUE) == FPC_SAME) break; if (slang == NULL) { if (round == 0) STRCPY(lang, ""internal wordlist""); else { vim_strncpy(lang, gettail(spf_name), MAXWLEN); p = vim_strchr(lang, '.'); if (p != NULL) *p = NUL; } slang = spell_load_file(spf_name, lang, NULL, TRUE); if (slang != NULL && nobreak) slang->sl_nobreak = TRUE; } if (slang != NULL && ga_grow(&ga, 1) == OK) { region_mask = REGION_ALL; if (use_region != NULL && !dont_use_region) { c = find_region(slang->sl_regions, use_region); if (c != REGION_ALL) region_mask = 1 << c; else if (*slang->sl_regions != NUL) region_mask = 0; } if (region_mask != 0) { LANGP_ENTRY(ga, ga.ga_len)->lp_slang = slang; LANGP_ENTRY(ga, ga.ga_len)->lp_sallang = NULL; LANGP_ENTRY(ga, ga.ga_len)->lp_replang = NULL; LANGP_ENTRY(ga, ga.ga_len)->lp_region = region_mask; ++ga.ga_len; use_midword(slang, wp); } } } ga_clear(&wp->w_s->b_langp); wp->w_s->b_langp = ga; for (i = 0; i < ga.ga_len; ++i) { lp = LANGP_ENTRY(ga, i); if (lp->lp_slang->sl_sal.ga_len > 0) lp->lp_sallang = lp->lp_slang; else for (j = 0; j < ga.ga_len; ++j) { lp2 = LANGP_ENTRY(ga, j); if (lp2->lp_slang->sl_sal.ga_len > 0 && STRNCMP(lp->lp_slang->sl_name, lp2->lp_slang->sl_name, 2) == 0) { lp->lp_sallang = lp2->lp_slang; break; } } if (lp->lp_slang->sl_rep.ga_len > 0) lp->lp_replang = lp->lp_slang; else for (j = 0; j < ga.ga_len; ++j) { lp2 = LANGP_ENTRY(ga, j); if (lp2->lp_slang->sl_rep.ga_len > 0 && STRNCMP(lp->lp_slang->sl_name, lp2->lp_slang->sl_name, 2) == 0) { lp->lp_replang = lp2->lp_slang; break; } } } redraw_win_later(wp, UPD_NOT_VALID); theend: vim_free(spl_copy); recursive = FALSE; return ret_msg; }",visit repo url,src/spell.c,https://github.com/vim/vim,102051615607360,1 706,[],"static void jpc_unk_destroyparms(jpc_ms_t *ms) { jpc_unk_t *unk = &ms->parms.unk; if (unk->data) { jas_free(unk->data); } }",jasper,,,114535231284617502048536000957182279072,0 4962,CWE-125,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 1550,[],"__wake_up_sync(wait_queue_head_t *q, unsigned int mode, int nr_exclusive) { unsigned long flags; int sync = 1; if (unlikely(!q)) return; if (unlikely(!nr_exclusive)) sync = 0; spin_lock_irqsave(&q->lock, flags); __wake_up_common(q, mode, nr_exclusive, sync, NULL); spin_unlock_irqrestore(&q->lock, flags); }",linux-2.6,,,266694048628572376141457240431222370771,0 389,[],"pfm_setup_buffer_fmt(struct task_struct *task, struct file *filp, pfm_context_t *ctx, unsigned int ctx_flags, unsigned int cpu, pfarg_context_t *arg) { pfm_buffer_fmt_t *fmt = NULL; unsigned long size = 0UL; void *uaddr = NULL; void *fmt_arg = NULL; int ret = 0; #define PFM_CTXARG_BUF_ARG(a) (pfm_buffer_fmt_t *)(a+1) fmt = pfm_find_buffer_fmt(arg->ctx_smpl_buf_id); if (fmt == NULL) { DPRINT((""[%d] cannot find buffer format\n"", task->pid)); return -EINVAL; } if (fmt->fmt_arg_size) fmt_arg = PFM_CTXARG_BUF_ARG(arg); ret = pfm_buf_fmt_validate(fmt, task, ctx_flags, cpu, fmt_arg); DPRINT((""[%d] after validate(0x%x,%d,%p)=%d\n"", task->pid, ctx_flags, cpu, fmt_arg, ret)); if (ret) goto error; ctx->ctx_buf_fmt = fmt; ret = pfm_buf_fmt_getsize(fmt, task, ctx_flags, cpu, fmt_arg, &size); if (ret) goto error; if (size) { ret = pfm_smpl_buffer_alloc(current, filp, ctx, size, &uaddr); if (ret) goto error; arg->ctx_smpl_vaddr = uaddr; } ret = pfm_buf_fmt_init(fmt, task, ctx->ctx_smpl_hdr, ctx_flags, cpu, fmt_arg); error: return ret; }",linux-2.6,,,339043743602263673856930925678001604489,0 6591,CWE-787,"static RzDyldRebaseInfos *get_rebase_infos(RzDyldCache *cache) { RzDyldRebaseInfos *result = RZ_NEW0(RzDyldRebaseInfos); if (!result) { return NULL; } if (!cache->hdr->slideInfoOffset || !cache->hdr->slideInfoSize) { ut32 total_slide_infos = 0; ut32 n_slide_infos[MAX_N_HDR]; ut32 i; for (i = 0; i < cache->n_hdr && i < MAX_N_HDR; i++) { ut64 hdr_offset = cache->hdr_offset[i]; if (!rz_buf_read_le32_at(cache->buf, 0x13c + hdr_offset, &n_slide_infos[i])) { goto beach; } total_slide_infos += n_slide_infos[i]; } if (!total_slide_infos) { goto beach; } RzDyldRebaseInfosEntry *infos = RZ_NEWS0(RzDyldRebaseInfosEntry, total_slide_infos); if (!infos) { goto beach; } ut32 k = 0; for (i = 0; i < cache->n_hdr && i < MAX_N_HDR; i++) { ut64 hdr_offset = cache->hdr_offset[i]; if (!n_slide_infos[i]) { continue; } ut32 sio; if (!rz_buf_read_le32_at(cache->buf, 0x138 + hdr_offset, &sio)) { continue; } ut64 slide_infos_offset = sio; if (!slide_infos_offset) { continue; } slide_infos_offset += hdr_offset; ut32 j; RzDyldRebaseInfo *prev_info = NULL; for (j = 0; j < n_slide_infos[i]; j++) { ut64 offset = slide_infos_offset + j * sizeof(cache_mapping_slide); cache_mapping_slide entry; if (rz_buf_fread_at(cache->buf, offset, (ut8 *)&entry, ""6lii"", 1) != sizeof(cache_mapping_slide)) { break; } if (entry.slideInfoOffset && entry.slideInfoSize) { infos[k].start = entry.fileOffset + hdr_offset; infos[k].end = infos[k].start + entry.size; ut64 slide = prev_info ? prev_info->slide : UT64_MAX; infos[k].info = get_rebase_info(cache, entry.slideInfoOffset + hdr_offset, entry.slideInfoSize, entry.fileOffset + hdr_offset, slide); prev_info = infos[k].info; k++; } } } if (!k) { free(infos); goto beach; } if (k < total_slide_infos) { RzDyldRebaseInfosEntry *pruned_infos = RZ_NEWS0(RzDyldRebaseInfosEntry, k); if (!pruned_infos) { free(infos); goto beach; } memcpy(pruned_infos, infos, sizeof(RzDyldRebaseInfosEntry) * k); free(infos); infos = pruned_infos; } result->entries = infos; result->length = k; return result; } if (cache->hdr->mappingCount > 1) { RzDyldRebaseInfosEntry *infos = RZ_NEWS0(RzDyldRebaseInfosEntry, 1); if (!infos) { goto beach; } infos[0].start = cache->maps[1].fileOffset; infos[0].end = infos[0].start + cache->maps[1].size; infos[0].info = get_rebase_info(cache, cache->hdr->slideInfoOffset, cache->hdr->slideInfoSize, infos[0].start, UT64_MAX); result->entries = infos; result->length = 1; return result; } beach: free(result); return NULL; }",visit repo url,librz/bin/format/mach0/dyldcache.c,https://github.com/rizinorg/rizin,227182137720760,1 3386,['CWE-264'],"asmlinkage long sys_fchownat(int dfd, const char __user *filename, uid_t user, gid_t group, int flag) { struct nameidata nd; int error = -EINVAL; int follow; if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; follow = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; error = __user_walk_fd(dfd, filename, follow, &nd); if (error) goto out; error = chown_common(nd.dentry, user, group); path_release(&nd); out: return error; }",linux-2.6,,,26828401307746491100941638835031567188,0 1549,[],"long sched_group_rt_runtime(struct task_group *tg) { u64 rt_runtime_us; if (tg->rt_bandwidth.rt_runtime == RUNTIME_INF) return -1; rt_runtime_us = tg->rt_bandwidth.rt_runtime; do_div(rt_runtime_us, NSEC_PER_USEC); return rt_runtime_us; }",linux-2.6,,,46640950325591642262274160466482074646,0 5508,['CWE-119'],"ecryptfs_find_global_auth_tok_for_sig( struct ecryptfs_global_auth_tok **global_auth_tok, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig) { struct ecryptfs_global_auth_tok *walker; int rc = 0; (*global_auth_tok) = NULL; mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); list_for_each_entry(walker, &mount_crypt_stat->global_auth_tok_list, mount_crypt_stat_list) { if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) { (*global_auth_tok) = walker; goto out; } } rc = -EINVAL; out: mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); return rc; }",linux-2.6,,,267917333583210785643708700867673384210,0 4016,CWE-787,"int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, version, stream_size) z_streamp strm; int level; int method; int windowBits; int memLevel; int strategy; const char *version; int stream_size; { deflate_state *s; int wrap = 1; static const char my_version[] = ZLIB_VERSION; ushf *overlay; if (version == Z_NULL || version[0] != my_version[0] || stream_size != sizeof(z_stream)) { return Z_VERSION_ERROR; } if (strm == Z_NULL) return Z_STREAM_ERROR; strm->msg = Z_NULL; if (strm->zalloc == (alloc_func)0) { #ifdef Z_SOLO return Z_STREAM_ERROR; #else strm->zalloc = zcalloc; strm->opaque = (voidpf)0; #endif } if (strm->zfree == (free_func)0) #ifdef Z_SOLO return Z_STREAM_ERROR; #else strm->zfree = zcfree; #endif #ifdef FASTEST if (level != 0) level = 1; #else if (level == Z_DEFAULT_COMPRESSION) level = 6; #endif if (windowBits < 0) { wrap = 0; windowBits = -windowBits; } #ifdef GZIP else if (windowBits > 15) { wrap = 2; windowBits -= 16; } #endif if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED || windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || strategy < 0 || strategy > Z_FIXED || (windowBits == 8 && wrap != 1)) { return Z_STREAM_ERROR; } if (windowBits == 8) windowBits = 9; s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state)); if (s == Z_NULL) return Z_MEM_ERROR; strm->state = (struct internal_state FAR *)s; s->strm = strm; s->status = INIT_STATE; s->wrap = wrap; s->gzhead = Z_NULL; s->w_bits = (uInt)windowBits; s->w_size = 1 << s->w_bits; s->w_mask = s->w_size - 1; s->hash_bits = (uInt)memLevel + 7; s->hash_size = 1 << s->hash_bits; s->hash_mask = s->hash_size - 1; s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH); s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte)); s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos)); s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos)); s->high_water = 0; s->lit_bufsize = 1 << (memLevel + 6); overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); s->pending_buf = (uchf *) overlay; s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || s->pending_buf == Z_NULL) { s->status = FINISH_STATE; strm->msg = ERR_MSG(Z_MEM_ERROR); deflateEnd (strm); return Z_MEM_ERROR; } s->d_buf = overlay + s->lit_bufsize/sizeof(ush); s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; s->level = level; s->strategy = strategy; s->method = (Byte)method; return deflateReset(strm); }",visit repo url,deflate.c,https://github.com/madler/zlib,206240432241391,1 6414,['CWE-190'],"ReadColorMap (FILE *fd, guchar buffer[256][3], gint number, gint size, gboolean *grey) { gint i; guchar rgb[4]; *grey = (number > 2); for (i = 0; i < number ; i++) { if (!ReadOK (fd, rgb, size)) { g_message (_(""Bad colormap"")); return FALSE; } buffer[i][0] = rgb[2]; buffer[i][1] = rgb[1]; buffer[i][2] = rgb[0]; *grey = ((*grey) && (rgb[0]==rgb[1]) && (rgb[1]==rgb[2])); } return TRUE; }",gimp,,,210693937754458308034058876979748510742,0 4729,CWE-125,"int mutt_seqset_iterator_next(struct SeqsetIterator *iter, unsigned int *next) { if (!iter || !next) return -1; if (iter->in_range) { if ((iter->down && (iter->range_cur == (iter->range_end - 1))) || (!iter->down && (iter->range_cur == (iter->range_end + 1)))) { iter->in_range = 0; } } if (!iter->in_range) { iter->substr_cur = iter->substr_end; if (iter->substr_cur == iter->eostr) return 1; while (!*(iter->substr_cur)) iter->substr_cur++; iter->substr_end = strchr(iter->substr_cur, ','); if (!iter->substr_end) iter->substr_end = iter->eostr; else *(iter->substr_end) = '\0'; char *range_sep = strchr(iter->substr_cur, ':'); if (range_sep) *range_sep++ = '\0'; if (mutt_str_atoui(iter->substr_cur, &iter->range_cur) != 0) return -1; if (range_sep) { if (mutt_str_atoui(range_sep, &iter->range_end) != 0) return -1; } else iter->range_end = iter->range_cur; iter->down = (iter->range_end < iter->range_cur); iter->in_range = 1; } *next = iter->range_cur; if (iter->down) iter->range_cur--; else iter->range_cur++; return 0; }",visit repo url,imap/util.c,https://github.com/neomutt/neomutt,13235113444215,1 1852,CWE-416,"void rose_start_hbtimer(struct sock *sk) { struct rose_sock *rose = rose_sk(sk); del_timer(&rose->timer); rose->timer.function = rose_timer_expiry; rose->timer.expires = jiffies + rose->hb; add_timer(&rose->timer); }",visit repo url,net/rose/rose_timer.c,https://github.com/torvalds/linux,166403839801855,1 1198,['CWE-189'],"struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, unsigned long *flags) { struct hrtimer_clock_base *base; for (;;) { base = timer->base; if (likely(base != NULL)) { spin_lock_irqsave(&base->cpu_base->lock, *flags); if (likely(base == timer->base)) return base; spin_unlock_irqrestore(&base->cpu_base->lock, *flags); } cpu_relax(); } }",linux-2.6,,,127314044178947927463067409163176543617,0 58,CWE-18,"static int gss_iakerbmechglue_init(void) { struct gss_mech_config mech_iakerb; struct gss_config iakerb_mechanism = krb5_mechanism; iakerb_mechanism.gss_accept_sec_context = iakerb_gss_accept_sec_context; iakerb_mechanism.gss_init_sec_context = iakerb_gss_init_sec_context; iakerb_mechanism.gss_delete_sec_context = iakerb_gss_delete_sec_context; iakerb_mechanism.gss_acquire_cred = iakerb_gss_acquire_cred; iakerb_mechanism.gssspi_acquire_cred_with_password = iakerb_gss_acquire_cred_with_password; memset(&mech_iakerb, 0, sizeof(mech_iakerb)); mech_iakerb.mech = &iakerb_mechanism; mech_iakerb.mechNameStr = ""iakerb""; mech_iakerb.mech_type = (gss_OID)gss_mech_iakerb; gssint_register_mechinfo(&mech_iakerb); return 0; }",visit repo url,src/lib/gssapi/krb5/gssapi_krb5.c,https://github.com/krb5/krb5,174411165938453,1 7,CWE-476,"acc_ctx_cont(OM_uint32 *minstat, gss_buffer_t buf, gss_ctx_id_t *ctx, gss_buffer_t *responseToken, gss_buffer_t *mechListMIC, OM_uint32 *negState, send_token_flag *return_token) { OM_uint32 ret, tmpmin; gss_OID supportedMech; spnego_gss_ctx_id_t sc; unsigned int len; unsigned char *ptr, *bufstart; sc = (spnego_gss_ctx_id_t)*ctx; ret = GSS_S_DEFECTIVE_TOKEN; *negState = REJECT; *minstat = 0; supportedMech = GSS_C_NO_OID; *return_token = ERROR_TOKEN_SEND; *responseToken = *mechListMIC = GSS_C_NO_BUFFER; ptr = bufstart = buf->value; #define REMAIN (buf->length - (ptr - bufstart)) if (REMAIN > INT_MAX) return GSS_S_DEFECTIVE_TOKEN; if (*ptr == HEADER_ID) { ret = g_verify_token_header(gss_mech_spnego, &len, &ptr, 0, REMAIN); if (ret) { *minstat = ret; return GSS_S_DEFECTIVE_TOKEN; } } if (*ptr != (CONTEXT | 0x01)) { return GSS_S_DEFECTIVE_TOKEN; } ret = get_negTokenResp(minstat, ptr, REMAIN, negState, &supportedMech, responseToken, mechListMIC); if (ret != GSS_S_COMPLETE) goto cleanup; if (*responseToken == GSS_C_NO_BUFFER && *mechListMIC == GSS_C_NO_BUFFER) { ret = GSS_S_DEFECTIVE_TOKEN; goto cleanup; } if (supportedMech != GSS_C_NO_OID) { ret = GSS_S_DEFECTIVE_TOKEN; goto cleanup; } sc->firstpass = 0; *negState = ACCEPT_INCOMPLETE; *return_token = CONT_TOKEN_SEND; cleanup: if (supportedMech != GSS_C_NO_OID) { generic_gss_release_oid(&tmpmin, &supportedMech); } return ret; #undef REMAIN }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,244517264738106,1 6504,['CWE-20'],"static inline int writeback(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops) { int rc; struct decode_cache *c = &ctxt->decode; switch (c->dst.type) { case OP_REG: switch (c->dst.bytes) { case 1: *(u8 *)c->dst.ptr = (u8)c->dst.val; break; case 2: *(u16 *)c->dst.ptr = (u16)c->dst.val; break; case 4: *c->dst.ptr = (u32)c->dst.val; break; case 8: *c->dst.ptr = c->dst.val; break; } break; case OP_MEM: if (c->lock_prefix) rc = ops->cmpxchg_emulated( (unsigned long)c->dst.ptr, &c->dst.orig_val, &c->dst.val, c->dst.bytes, ctxt->vcpu); else rc = ops->write_emulated( (unsigned long)c->dst.ptr, &c->dst.val, c->dst.bytes, ctxt->vcpu); if (rc != 0) return rc; break; case OP_NONE: break; default: break; } return 0; }",kvm,,,45358860649919686277992404024049566676,0 5171,['CWE-20'],"static void guest_write_tsc(u64 guest_tsc, u64 host_tsc) { vmcs_write64(TSC_OFFSET, guest_tsc - host_tsc); }",linux-2.6,,,268130949963888955827458973971430799517,0 4104,['CWE-399'],"int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mode, unsigned int cmd, void __user *arg) { int err; if (!q || blk_get_queue(q)) return -ENXIO; switch (cmd) { case SG_GET_VERSION_NUM: err = sg_get_version(arg); break; case SCSI_IOCTL_GET_IDLUN: err = scsi_get_idlun(q, arg); break; case SCSI_IOCTL_GET_BUS_NUMBER: err = scsi_get_bus(q, arg); break; case SG_SET_TIMEOUT: err = sg_set_timeout(q, arg); break; case SG_GET_TIMEOUT: err = sg_get_timeout(q); break; case SG_GET_RESERVED_SIZE: err = sg_get_reserved_size(q, arg); break; case SG_SET_RESERVED_SIZE: err = sg_set_reserved_size(q, arg); break; case SG_EMULATED_HOST: err = sg_emulated_host(q, arg); break; case SG_IO: { struct sg_io_hdr hdr; err = -EFAULT; if (copy_from_user(&hdr, arg, sizeof(hdr))) break; err = sg_io(q, bd_disk, &hdr, mode); if (err == -EFAULT) break; if (copy_to_user(arg, &hdr, sizeof(hdr))) err = -EFAULT; break; } case CDROM_SEND_PACKET: { struct cdrom_generic_command cgc; struct sg_io_hdr hdr; err = -EFAULT; if (copy_from_user(&cgc, arg, sizeof(cgc))) break; cgc.timeout = clock_t_to_jiffies(cgc.timeout); memset(&hdr, 0, sizeof(hdr)); hdr.interface_id = 'S'; hdr.cmd_len = sizeof(cgc.cmd); hdr.dxfer_len = cgc.buflen; err = 0; switch (cgc.data_direction) { case CGC_DATA_UNKNOWN: hdr.dxfer_direction = SG_DXFER_UNKNOWN; break; case CGC_DATA_WRITE: hdr.dxfer_direction = SG_DXFER_TO_DEV; break; case CGC_DATA_READ: hdr.dxfer_direction = SG_DXFER_FROM_DEV; break; case CGC_DATA_NONE: hdr.dxfer_direction = SG_DXFER_NONE; break; default: err = -EINVAL; } if (err) break; hdr.dxferp = cgc.buffer; hdr.sbp = cgc.sense; if (hdr.sbp) hdr.mx_sb_len = sizeof(struct request_sense); hdr.timeout = jiffies_to_msecs(cgc.timeout); hdr.cmdp = ((struct cdrom_generic_command __user*) arg)->cmd; hdr.cmd_len = sizeof(cgc.cmd); err = sg_io(q, bd_disk, &hdr, mode); if (err == -EFAULT) break; if (hdr.status) err = -EIO; cgc.stat = err; cgc.buflen = hdr.resid; if (copy_to_user(arg, &cgc, sizeof(cgc))) err = -EFAULT; break; } case SCSI_IOCTL_SEND_COMMAND: printk(KERN_WARNING ""program %s is using a deprecated SCSI ioctl, please convert it to SG_IO\n"", current->comm); err = -EINVAL; if (!arg) break; err = sg_scsi_ioctl(q, bd_disk, mode, arg); break; case CDROMCLOSETRAY: err = blk_send_start_stop(q, bd_disk, 0x03); break; case CDROMEJECT: err = blk_send_start_stop(q, bd_disk, 0x02); break; default: err = -ENOTTY; } blk_put_queue(q); return err; }",linux-2.6,,,50125255627673898718601894212328092774,0 5245,CWE-125,"l_int32 main(int argc, char **argv) { L_DEWARP *dew1, *dew2; L_DEWARPA *dewa; PIX *pixs, *pixn, *pixg, *pixb, *pixd, *pixt1, *pixt2; PIX *pixs2, *pixn2, *pixg2, *pixb2, *pixd2; setLeptDebugOK(1); lept_mkdir(""lept/model""); pixs = pixRead(""cat.035.jpg""); pixn = pixBackgroundNormSimple(pixs, NULL, NULL); pixg = pixConvertRGBToGray(pixn, 0.5, 0.3, 0.2); pixb = pixThresholdToBinary(pixg, 130); dewa = dewarpaCreate(2, 30, 1, 10, 30); dewarpaUseBothArrays(dewa, 1); dew1 = dewarpCreate(pixb, 35); dewarpaInsertDewarp(dewa, dew1); dewarpBuildPageModel(dew1, ""/tmp/lept/model/dewarp_model1.pdf""); dewarpaApplyDisparity(dewa, 35, pixg, 200, 0, 0, &pixd, ""/tmp/lept/model/dewarp_apply1.pdf""); lept_rmdir(""lept/dewtest""); lept_mkdir(""lept/dewtest""); pixWrite(""/tmp/lept/dewtest/001.jpg"", pixs, IFF_JFIF_JPEG); pixWrite(""/tmp/lept/dewtest/002.jpg"", pixn, IFF_JFIF_JPEG); pixWrite(""/tmp/lept/dewtest/003.jpg"", pixg, IFF_JFIF_JPEG); pixWrite(""/tmp/lept/dewtest/004.png"", pixb, IFF_TIFF_G4); pixWrite(""/tmp/lept/dewtest/005.jpg"", pixd, IFF_JFIF_JPEG); pixt1 = pixRead(""/tmp/lept/dewmod/0020.png""); pixWrite(""/tmp/lept/dewtest/006.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewmod/0030.png""); pixWrite(""/tmp/lept/dewtest/007.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewmod/0060.png""); pixWrite(""/tmp/lept/dewtest/008.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewmod/0070.png""); pixWrite(""/tmp/lept/dewtest/009.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewapply/002.png""); pixWrite(""/tmp/lept/dewtest/010.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewapply/003.png""); pixWrite(""/tmp/lept/dewtest/011.png"", pixt1, IFF_PNG); pixt2 = pixThresholdToBinary(pixt1, 130); pixWrite(""/tmp/lept/dewtest/012.png"", pixt2, IFF_TIFF_G4); pixDestroy(&pixt1); pixDestroy(&pixt2); pixt1 = pixRead(""/tmp/lept/dewmod/0041.png""); pixWrite(""/tmp/lept/dewtest/013.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewmod/0042.png""); pixWrite(""/tmp/lept/dewtest/014.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewmod/0051.png""); pixWrite(""/tmp/lept/dewtest/015.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewmod/0052.png""); pixWrite(""/tmp/lept/dewtest/016.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixs2 = pixRead(""cat.007.jpg""); pixn2 = pixBackgroundNormSimple(pixs2, NULL, NULL); pixg2 = pixConvertRGBToGray(pixn2, 0.5, 0.3, 0.2); pixb2 = pixThresholdToBinary(pixg2, 130); dew2 = dewarpCreate(pixb2, 7); dewarpaInsertDewarp(dewa, dew2); dewarpaInsertRefModels(dewa, 0, 1); dewarpaInfo(stderr, dewa); dewarpaApplyDisparity(dewa, 7, pixg2, 200, 0, 0, &pixd2, ""/tmp/lept/model/dewarp_apply2.pdf""); dewarpaDestroy(&dewa); pixWrite(""/tmp/lept/dewtest/017.jpg"", pixs2, IFF_JFIF_JPEG); pixWrite(""/tmp/lept/dewtest/018.jpg"", pixg2, IFF_JFIF_JPEG); pixWrite(""/tmp/lept/dewtest/019.png"", pixb2, IFF_TIFF_G4); pixWrite(""/tmp/lept/dewtest/020.jpg"", pixd2, IFF_JFIF_JPEG); pixt1 = pixRead(""/tmp/lept/dewmod/0060.png""); pixWrite(""/tmp/lept/dewtest/021.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewapply/002.png""); pixWrite(""/tmp/lept/dewtest/022.png"", pixt1, IFF_PNG); pixt2 = pixThresholdToBinary(pixt1, 130); pixWrite(""/tmp/lept/dewtest/023.png"", pixt2, IFF_TIFF_G4); pixDestroy(&pixt1); pixDestroy(&pixt2); pixt1 = pixRead(""/tmp/lept/dewmod/0070.png""); pixWrite(""/tmp/lept/dewtest/024.png"", pixt1, IFF_PNG); pixDestroy(&pixt1); pixt1 = pixRead(""/tmp/lept/dewapply/003.png""); pixWrite(""/tmp/lept/dewtest/025.png"", pixt1, IFF_PNG); pixt2 = pixThresholdToBinary(pixt1, 130); pixWrite(""/tmp/lept/dewtest/026.png"", pixt2, IFF_TIFF_G4); pixDestroy(&pixt1); pixDestroy(&pixt2); convertFilesToPdf(""/tmp/lept/dewtest"", NULL, 135, 1.0, 0, 0, ""Dewarp Test"", ""/tmp/lept/dewarptest1.pdf""); lept_stderr(""pdf file made: /tmp/lept/model/dewarptest1.pdf\n""); lept_rmdir(""lept/dewmod""); lept_rmdir(""lept/dewtest""); pixDestroy(&pixs); pixDestroy(&pixn); pixDestroy(&pixg); pixDestroy(&pixb); pixDestroy(&pixd); pixDestroy(&pixs2); pixDestroy(&pixn2); pixDestroy(&pixg2); pixDestroy(&pixb2); pixDestroy(&pixd2); return 0; }",visit repo url,prog/dewarptest1.c,https://github.com/DanBloomberg/leptonica,28758555580941,1 2660,CWE-190,"static int spl_filesystem_file_open(spl_filesystem_object *intern, int use_include_path, int silent TSRMLS_DC) { zval tmp; intern->type = SPL_FS_FILE; php_stat(intern->file_name, intern->file_name_len, FS_IS_DIR, &tmp TSRMLS_CC); if (Z_LVAL(tmp)) { intern->u.file.open_mode = NULL; intern->file_name = NULL; zend_throw_exception_ex(spl_ce_LogicException, 0 TSRMLS_CC, ""Cannot use SplFileObject with directories""); return FAILURE; } intern->u.file.context = php_stream_context_from_zval(intern->u.file.zcontext, 0); intern->u.file.stream = php_stream_open_wrapper_ex(intern->file_name, intern->u.file.open_mode, (use_include_path ? USE_PATH : 0) | REPORT_ERRORS, NULL, intern->u.file.context); if (!intern->file_name_len || !intern->u.file.stream) { if (!EG(exception)) { zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, ""Cannot open file '%s'"", intern->file_name_len ? intern->file_name : """"); } intern->file_name = NULL; intern->u.file.open_mode = NULL; return FAILURE; } if (intern->u.file.zcontext) { zend_list_addref(Z_RESVAL_P(intern->u.file.zcontext)); } if (intern->file_name_len > 1 && IS_SLASH_AT(intern->file_name, intern->file_name_len-1)) { intern->file_name_len--; } intern->orig_path = estrndup(intern->u.file.stream->orig_path, strlen(intern->u.file.stream->orig_path)); intern->file_name = estrndup(intern->file_name, intern->file_name_len); intern->u.file.open_mode = estrndup(intern->u.file.open_mode, intern->u.file.open_mode_len); ZVAL_RESOURCE(&intern->u.file.zresource, php_stream_get_resource_id(intern->u.file.stream)); Z_SET_REFCOUNT(intern->u.file.zresource, 1); intern->u.file.delimiter = ','; intern->u.file.enclosure = '""'; intern->u.file.escape = '\\'; zend_hash_find(&intern->std.ce->function_table, ""getcurrentline"", sizeof(""getcurrentline""), (void **) &intern->u.file.func_getCurr); return SUCCESS; } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,102744870656423,1 2353,['CWE-120'],"asmlinkage long sys_symlink(const char __user *oldname, const char __user *newname) { return sys_symlinkat(oldname, AT_FDCWD, newname); }",linux-2.6,,,119267933029673983492460141050466562125,0 363,CWE-125,"static void __skb_complete_tx_timestamp(struct sk_buff *skb, struct sock *sk, int tstype) { struct sock_exterr_skb *serr; int err; serr = SKB_EXT_ERR(skb); memset(serr, 0, sizeof(*serr)); serr->ee.ee_errno = ENOMSG; serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING; serr->ee.ee_info = tstype; if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) { serr->ee.ee_data = skb_shinfo(skb)->tskey; if (sk->sk_protocol == IPPROTO_TCP && sk->sk_type == SOCK_STREAM) serr->ee.ee_data -= sk->sk_tskey; } err = sock_queue_err_skb(sk, skb); if (err) kfree_skb(skb);",visit repo url,net/core/skbuff.c,https://github.com/torvalds/linux,223644974148859,1 3441,CWE-119,"void show_object_with_name(FILE *out, struct object *obj, struct strbuf *path, const char *component) { char *name = path_name(path, component); char *p; fprintf(out, ""%s "", oid_to_hex(&obj->oid)); for (p = name; *p && *p != '\n'; p++) fputc(*p, out); fputc('\n', out); free(name); }",visit repo url,revision.c,https://github.com/git/git,239064812361754,1 967,['CWE-189'],"SProcShmAttach(client) ClientPtr client; { register int n; REQUEST(xShmAttachReq); swaps(&stuff->length, n); REQUEST_SIZE_MATCH(xShmAttachReq); swapl(&stuff->shmseg, n); swapl(&stuff->shmid, n); return ProcShmAttach(client); }",xserver,,,225624053935804789670367007879142129137,0 300,CWE-404,"static int cp2112_gpio_get_all(struct gpio_chip *chip) { struct cp2112_device *dev = gpiochip_get_data(chip); struct hid_device *hdev = dev->hdev; u8 *buf = dev->in_out_buffer; unsigned long flags; int ret; spin_lock_irqsave(&dev->lock, flags); ret = hid_hw_raw_request(hdev, CP2112_GPIO_GET, buf, CP2112_GPIO_GET_LENGTH, HID_FEATURE_REPORT, HID_REQ_GET_REPORT); if (ret != CP2112_GPIO_GET_LENGTH) { hid_err(hdev, ""error requesting GPIO values: %d\n"", ret); ret = ret < 0 ? ret : -EIO; goto exit; } ret = buf[1]; exit: spin_unlock_irqrestore(&dev->lock, flags); return ret; }",visit repo url,drivers/hid/hid-cp2112.c,https://github.com/torvalds/linux,270380317463524,1 3074,['CWE-189'],"int jas_stream_puts(jas_stream_t *stream, const char *s) { while (*s != '\0') { if (jas_stream_putc_macro(stream, *s) == EOF) { return -1; } ++s; } return 0; }",jasper,,,62506029879386238702596861270716980649,0 3851,CWE-787,"diff_mark_adjust_tp( tabpage_T *tp, int idx, linenr_T line1, linenr_T line2, long amount, long amount_after) { diff_T *dp; diff_T *dprev; diff_T *dnext; int i; int inserted, deleted; int n, off; linenr_T last; linenr_T lnum_deleted = line1; int check_unchanged; if (diff_internal()) { tp->tp_diff_invalid = TRUE; tp->tp_diff_update = TRUE; } if (line2 == MAXLNUM) { inserted = amount; deleted = 0; } else if (amount_after > 0) { inserted = amount_after; deleted = 0; } else { inserted = 0; deleted = -amount_after; } dprev = NULL; dp = tp->tp_first_diff; for (;;) { if ((dp == NULL || dp->df_lnum[idx] - 1 > line2 || (line2 == MAXLNUM && dp->df_lnum[idx] > line1)) && (dprev == NULL || dprev->df_lnum[idx] + dprev->df_count[idx] < line1) && !diff_busy) { dnext = diff_alloc_new(tp, dprev, dp); if (dnext == NULL) return; dnext->df_lnum[idx] = line1; dnext->df_count[idx] = inserted; for (i = 0; i < DB_COUNT; ++i) if (tp->tp_diffbuf[i] != NULL && i != idx) { if (dprev == NULL) dnext->df_lnum[i] = line1; else dnext->df_lnum[i] = line1 + (dprev->df_lnum[i] + dprev->df_count[i]) - (dprev->df_lnum[idx] + dprev->df_count[idx]); dnext->df_count[i] = deleted; } } if (dp == NULL) break; last = dp->df_lnum[idx] + dp->df_count[idx] - 1; if (last >= line1 - 1) { if (dp->df_lnum[idx] - (deleted + inserted != 0) > line2) { if (amount_after == 0) break; dp->df_lnum[idx] += amount_after; } else { check_unchanged = FALSE; if (deleted > 0) { if (dp->df_lnum[idx] >= line1) { off = dp->df_lnum[idx] - lnum_deleted; if (last <= line2) { if (dp->df_next != NULL && dp->df_next->df_lnum[idx] - 1 <= line2) { n = dp->df_next->df_lnum[idx] - lnum_deleted; deleted -= n; n -= dp->df_count[idx]; lnum_deleted = dp->df_next->df_lnum[idx]; } else n = deleted - dp->df_count[idx]; dp->df_count[idx] = 0; } else { n = off; dp->df_count[idx] -= line2 - dp->df_lnum[idx] + 1; check_unchanged = TRUE; } dp->df_lnum[idx] = line1; } else { off = 0; if (last < line2) { dp->df_count[idx] -= last - lnum_deleted + 1; if (dp->df_next != NULL && dp->df_next->df_lnum[idx] - 1 <= line2) { n = dp->df_next->df_lnum[idx] - 1 - last; deleted -= dp->df_next->df_lnum[idx] - lnum_deleted; lnum_deleted = dp->df_next->df_lnum[idx]; } else n = line2 - last; check_unchanged = TRUE; } else { n = 0; dp->df_count[idx] -= deleted; } } for (i = 0; i < DB_COUNT; ++i) if (tp->tp_diffbuf[i] != NULL && i != idx) { dp->df_lnum[i] -= off; dp->df_count[i] += n; } } else { if (dp->df_lnum[idx] <= line1) { dp->df_count[idx] += inserted; check_unchanged = TRUE; } else dp->df_lnum[idx] += inserted; } if (check_unchanged) diff_check_unchanged(tp, dp); } } if (dprev != NULL && dprev->df_lnum[idx] + dprev->df_count[idx] == dp->df_lnum[idx]) { for (i = 0; i < DB_COUNT; ++i) if (tp->tp_diffbuf[i] != NULL) dprev->df_count[i] += dp->df_count[i]; dprev->df_next = dp->df_next; vim_free(dp); dp = dprev->df_next; } else { dprev = dp; dp = dp->df_next; } } dprev = NULL; dp = tp->tp_first_diff; while (dp != NULL) { for (i = 0; i < DB_COUNT; ++i) if (tp->tp_diffbuf[i] != NULL && dp->df_count[i] != 0) break; if (i == DB_COUNT) { dnext = dp->df_next; vim_free(dp); dp = dnext; if (dprev == NULL) tp->tp_first_diff = dnext; else dprev->df_next = dnext; } else { dprev = dp; dp = dp->df_next; } } if (tp == curtab) { need_diff_redraw = TRUE; diff_need_scrollbind = TRUE; } }",visit repo url,src/diff.c,https://github.com/vim/vim,235561281131003,1 4032,CWE-787,"host_name_lookup(void) { int old_pool, rc; int sep = 0; uschar *save_hostname; uschar **aliases; uschar *ordername; const uschar *list = host_lookup_order; dns_answer * dnsa = store_get_dns_answer(); dns_scan dnss; sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE; HDEBUG(D_host_lookup) debug_printf(""looking up host name for %s\n"", sender_host_address); if (f.running_in_test_harness && Ustrcmp(sender_host_address, ""99.99.99.99"") == 0) { HDEBUG(D_host_lookup) debug_printf(""Test harness: host name lookup returns DEFER\n""); host_lookup_deferred = TRUE; return DEFER; } while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) { if (strcmpic(ordername, US""bydns"") == 0) { uschar * name = dns_build_reverse(sender_host_address); dns_init(FALSE, FALSE, FALSE); rc = dns_lookup_timerwrap(dnsa, name, T_PTR, NULL); if (rc == DNS_SUCCEED) { uschar **aptr = NULL; int ssize = 264; int count = 0; int old_pool = store_pool; sender_host_dnssec = dns_is_secure(dnsa); DEBUG(D_dns) debug_printf(""Reverse DNS security status: %s\n"", sender_host_dnssec ? ""DNSSEC verified (AD)"" : ""unverified""); store_pool = POOL_PERM; for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR) count++; aptr = sender_host_aliases = store_get(count * sizeof(uschar *), FALSE); for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_PTR) { uschar * s = store_get(ssize, TRUE); if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, US (rr->data), (DN_EXPAND_ARG4_TYPE)(s), ssize) < 0) { log_write(0, LOG_MAIN, ""host name alias list truncated for %s"", sender_host_address); break; } store_release_above(s + Ustrlen(s) + 1); if (!s[0]) { HDEBUG(D_host_lookup) debug_printf(""IP address lookup yielded an "" ""empty name: treated as non-existent host name\n""); continue; } if (!sender_host_name) sender_host_name = s; else *aptr++ = s; while (*s) { *s = tolower(*s); s++; } } *aptr = NULL; store_pool = old_pool; if (sender_host_name) break; } if (rc == DNS_AGAIN) { HDEBUG(D_host_lookup) debug_printf(""IP address PTR lookup gave temporary error\n""); host_lookup_deferred = TRUE; return DEFER; } } else if (strcmpic(ordername, US""byaddr"") == 0) { HDEBUG(D_host_lookup) debug_printf(""IP address lookup using gethostbyaddr()\n""); rc = host_name_lookup_byaddr(); if (rc == DEFER) { host_lookup_deferred = TRUE; return rc; } if (rc == OK) break; } } if (!sender_host_name) { if (host_checking || !f.log_testing_mode) log_write(L_host_lookup_failed, LOG_MAIN, ""no host name found for IP "" ""address %s"", sender_host_address); host_lookup_msg = US"" (failed to find host name from IP address)""; host_lookup_failed = TRUE; return FAIL; } HDEBUG(D_host_lookup) { uschar **aliases = sender_host_aliases; debug_printf(""IP address lookup yielded \""%s\""\n"", sender_host_name); while (*aliases != NULL) debug_printf("" alias \""%s\""\n"", *aliases++); } save_hostname = sender_host_name; aliases = sender_host_aliases; for (uschar * hname = sender_host_name; hname; hname = *aliases++) { int rc; BOOL ok = FALSE; host_item h = { .next = NULL, .name = hname, .mx = MX_NONE, .address = NULL }; dnssec_domains d = { .request = sender_host_dnssec ? US""*"" : NULL, .require = NULL }; if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A | HOST_FIND_BY_AAAA, NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND || rc == HOST_FOUND_LOCAL ) { HDEBUG(D_host_lookup) debug_printf(""checking addresses for %s\n"", hname); DEBUG(D_dns) debug_printf(""Forward DNS security status: %s\n"", h.dnssec == DS_YES ? ""DNSSEC verified (AD)"" : ""unverified""); if (h.dnssec != DS_YES) sender_host_dnssec = FALSE; for (host_item * hh = &h; hh; hh = hh->next) if (host_is_in_net(hh->address, sender_host_address, 0)) { HDEBUG(D_host_lookup) debug_printf("" %s OK\n"", hh->address); ok = TRUE; break; } else HDEBUG(D_host_lookup) debug_printf("" %s\n"", hh->address); if (!ok) HDEBUG(D_host_lookup) debug_printf(""no IP address for %s matched %s\n"", hname, sender_host_address); } else if (rc == HOST_FIND_AGAIN) { HDEBUG(D_host_lookup) debug_printf(""temporary error for host name lookup\n""); host_lookup_deferred = TRUE; sender_host_name = NULL; return DEFER; } else HDEBUG(D_host_lookup) debug_printf(""no IP addresses found for %s\n"", hname); if (!ok) { if (hname == sender_host_name) sender_host_name = NULL; else { uschar **a; a = --aliases; while (*a != NULL) { *a = a[1]; a++; } } } } if (sender_host_name == NULL && *sender_host_aliases != NULL) sender_host_name = *sender_host_aliases++; if (sender_host_name != NULL) return OK; HDEBUG(D_host_lookup) debug_printf(""%s does not match any IP address for %s\n"", sender_host_address, save_hostname); old_pool = store_pool; store_pool = POOL_PERM; host_lookup_msg = string_sprintf("" (%s does not match any IP address for %s)"", sender_host_address, save_hostname); store_pool = old_pool; host_lookup_failed = TRUE; return FAIL; }",visit repo url,src/src/host.c,https://github.com/Exim/exim,45370802331383,1 3061,['CWE-189'],"static void jas_image_cmpt_destroy(jas_image_cmpt_t *cmpt) { if (cmpt->stream_) { jas_stream_close(cmpt->stream_); } jas_free(cmpt); }",jasper,,,308261290152105628767755084675548180758,0 3649,['CWE-287'],"int sctp_assoc_set_id(struct sctp_association *asoc, gfp_t gfp) { int assoc_id; int error = 0; retry: if (unlikely(!idr_pre_get(&sctp_assocs_id, gfp))) return -ENOMEM; spin_lock_bh(&sctp_assocs_id_lock); error = idr_get_new_above(&sctp_assocs_id, (void *)asoc, 1, &assoc_id); spin_unlock_bh(&sctp_assocs_id_lock); if (error == -EAGAIN) goto retry; else if (error) return error; asoc->assoc_id = (sctp_assoc_t) assoc_id; return error; }",linux-2.6,,,274925115602891453189423014949402274082,0 1167,CWE-400,"static int swp_handler(struct pt_regs *regs, unsigned int instr) { unsigned int address, destreg, data, type; unsigned int res = 0; perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, regs->ARM_pc); if (current->pid != previous_pid) { pr_debug(""\""%s\"" (%ld) uses deprecated SWP{B} instruction\n"", current->comm, (unsigned long)current->pid); previous_pid = current->pid; } address = regs->uregs[EXTRACT_REG_NUM(instr, RN_OFFSET)]; data = regs->uregs[EXTRACT_REG_NUM(instr, RT2_OFFSET)]; destreg = EXTRACT_REG_NUM(instr, RT_OFFSET); type = instr & TYPE_SWPB; pr_debug(""addr in r%d->0x%08x, dest is r%d, source in r%d->0x%08x)\n"", EXTRACT_REG_NUM(instr, RN_OFFSET), address, destreg, EXTRACT_REG_NUM(instr, RT2_OFFSET), data); if (!access_ok(VERIFY_WRITE, (address & ~3), 4)) { pr_debug(""SWP{B} emulation: access to %p not allowed!\n"", (void *)address); res = -EFAULT; } else { res = emulate_swpX(address, &data, type); } if (res == 0) { regs->ARM_pc += 4; regs->uregs[destreg] = data; } else if (res == -EFAULT) { set_segfault(regs, address); } return 0; }",visit repo url,arch/arm/kernel/swp_emulate.c,https://github.com/torvalds/linux,40756202127218,1 5396,['CWE-476'],"static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { return (!vcpu->arch.irq_summary && kvm_run->request_interrupt_window && vcpu->arch.interrupt_window_open && (kvm_x86_ops->get_rflags(vcpu) & X86_EFLAGS_IF)); }",linux-2.6,,,179837887391958938585952218680305320793,0 5223,['CWE-264'],"static void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid) { uid_to_sid( powner_sid, psbuf->st_uid ); gid_to_sid( pgroup_sid, psbuf->st_gid ); }",samba,,,115928549601022587257126211026615344613,0 2073,[],"int compat_udp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { if (level == SOL_UDP || level == SOL_UDPLITE) return udp_lib_getsockopt(sk, level, optname, optval, optlen); return compat_ip_getsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,338885236170024792466103504029631081078,0 192,CWE-476,"static int stimer_set_config(struct kvm_vcpu_hv_stimer *stimer, u64 config, bool host) { union hv_stimer_config new_config = {.as_uint64 = config}, old_config = {.as_uint64 = stimer->config.as_uint64}; struct kvm_vcpu *vcpu = hv_stimer_to_vcpu(stimer); struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu); struct kvm_vcpu_hv_synic *synic = to_hv_synic(vcpu); if (!synic->active && !host) return 1; if (unlikely(!host && hv_vcpu->enforce_cpuid && new_config.direct_mode && !(hv_vcpu->cpuid_cache.features_edx & HV_STIMER_DIRECT_MODE_AVAILABLE))) return 1; trace_kvm_hv_stimer_set_config(hv_stimer_to_vcpu(stimer)->vcpu_id, stimer->index, config, host); stimer_cleanup(stimer); if (old_config.enable && !new_config.direct_mode && new_config.sintx == 0) new_config.enable = 0; stimer->config.as_uint64 = new_config.as_uint64; if (stimer->config.enable) stimer_mark_pending(stimer, false); return 0; }",visit repo url,arch/x86/kvm/hyperv.c,https://github.com/torvalds/linux,78434202428279,1 1994,CWE-674,"int __nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head, int len, const struct nla_policy *policy, unsigned int validate, struct netlink_ext_ack *extack) { return __nla_validate_parse(head, len, maxtype, policy, validate, extack, tb); }",visit repo url,lib/nlattr.c,https://github.com/torvalds/linux,19627106736427,1 1,CWE-252,"_dl_dst_substitute (struct link_map *l, const char *name, char *result, int is_path) { char *last_elem, *wp; last_elem = wp = result; do { if (*name == '$') { const char *repl; size_t len; if ((((strncmp (&name[1], ""ORIGIN"", 6) == 0 && (len = 7) != 0) || (strncmp (&name[1], ""PLATFORM"", 8) == 0 && (len = 9) != 0)) && (name[len] == '\0' || name[len] == '/' || (is_path && name[len] == ':'))) || (name[1] == '{' && ((strncmp (&name[2], ""ORIGIN}"", 7) == 0 && (len = 9) != 0) || (strncmp (&name[2], ""PLATFORM}"", 9) == 0 && (len = 11) != 0)))) { repl = ((len == 7 || name[2] == 'O') ? (__libc_enable_secure ? NULL : l->l_origin) : _dl_platform); if (repl != NULL && repl != (const char *) -1) { wp = __stpcpy (wp, repl); name += len; } else { wp = last_elem; name += len; while (*name != '\0' && (!is_path || *name != ':')) ++name; } } else *wp++ = *name++; } else if (is_path && *name == ':') { *wp++ = *name++; last_elem = wp; } else *wp++ = *name++; } while (*name != '\0'); *wp = '\0'; return result; }",visit repo url,elf/dl-load.c,https://github.com/bminor/glibc,55813330607761,1 5096,['CWE-20'],"static void vmcs_writel(unsigned long field, unsigned long value) { u8 error; asm volatile (__ex(ASM_VMX_VMWRITE_RAX_RDX) ""; setna %0"" : ""=q""(error) : ""a""(value), ""d""(field) : ""cc""); if (unlikely(error)) vmwrite_error(field, value); }",linux-2.6,,,326580699432316361196693177505401164630,0 834,CWE-20,"static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct rose_sock *rose = rose_sk(sk); struct sockaddr_rose *srose = (struct sockaddr_rose *)msg->msg_name; size_t copied; unsigned char *asmptr; struct sk_buff *skb; int n, er, qbit; if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; if ((skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &er)) == NULL) return er; qbit = (skb->data[0] & ROSE_Q_BIT) == ROSE_Q_BIT; skb_pull(skb, ROSE_MIN_LEN); if (rose->qbitincl) { asmptr = skb_push(skb, 1); *asmptr = qbit; } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (srose != NULL) { memset(srose, 0, msg->msg_namelen); srose->srose_family = AF_ROSE; srose->srose_addr = rose->dest_addr; srose->srose_call = rose->dest_call; srose->srose_ndigis = rose->dest_ndigis; if (msg->msg_namelen >= sizeof(struct full_sockaddr_rose)) { struct full_sockaddr_rose *full_srose = (struct full_sockaddr_rose *)msg->msg_name; for (n = 0 ; n < rose->dest_ndigis ; n++) full_srose->srose_digis[n] = rose->dest_digis[n]; msg->msg_namelen = sizeof(struct full_sockaddr_rose); } else { if (rose->dest_ndigis >= 1) { srose->srose_ndigis = 1; srose->srose_digi = rose->dest_digis[0]; } msg->msg_namelen = sizeof(struct sockaddr_rose); } } skb_free_datagram(sk, skb); return copied; }",visit repo url,net/rose/af_rose.c,https://github.com/torvalds/linux,102675711192841,1 3600,['CWE-20'],"sctp_disposition_t sctp_sf_do_5_2_4_dupcook(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { sctp_disposition_t retval; struct sctp_chunk *chunk = arg; struct sctp_association *new_asoc; int error = 0; char action; struct sctp_chunk *err_chk_p; if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data; if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t))) goto nomem; new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error, &err_chk_p); if (!new_asoc) { switch (error) { case -SCTP_IERROR_NOMEM: goto nomem; case -SCTP_IERROR_STALE_COOKIE: sctp_send_stale_cookie_err(ep, asoc, chunk, commands, err_chk_p); return sctp_sf_pdiscard(ep, asoc, type, arg, commands); case -SCTP_IERROR_BAD_SIG: default: return sctp_sf_pdiscard(ep, asoc, type, arg, commands); } } action = sctp_tietags_compare(new_asoc, asoc); switch (action) { case 'A': retval = sctp_sf_do_dupcook_a(ep, asoc, chunk, commands, new_asoc); break; case 'B': retval = sctp_sf_do_dupcook_b(ep, asoc, chunk, commands, new_asoc); break; case 'C': retval = sctp_sf_do_dupcook_c(ep, asoc, chunk, commands, new_asoc); break; case 'D': retval = sctp_sf_do_dupcook_d(ep, asoc, chunk, commands, new_asoc); break; default: retval = sctp_sf_pdiscard(ep, asoc, type, arg, commands); break; } sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc)); sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); return retval; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,171347866139493036252251302421724150566,0 1604,CWE-416,"static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req) { struct inet_request_sock *ireq = inet_rsk(req); struct ipv6_pinfo *np = inet6_sk(sk); struct sk_buff *skb; struct in6_addr *final_p, final; struct flowi6 fl6; int err = -1; struct dst_entry *dst; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_proto = IPPROTO_DCCP; fl6.daddr = ireq->ir_v6_rmt_addr; fl6.saddr = ireq->ir_v6_loc_addr; fl6.flowlabel = 0; fl6.flowi6_oif = ireq->ir_iif; fl6.fl6_dport = ireq->ir_rmt_port; fl6.fl6_sport = htons(ireq->ir_num); security_req_classify_flow(req, flowi6_to_flowi(&fl6)); final_p = fl6_update_dst(&fl6, np->opt, &final); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { err = PTR_ERR(dst); dst = NULL; goto done; } skb = dccp_make_response(sk, dst, req); if (skb != NULL) { struct dccp_hdr *dh = dccp_hdr(skb); dh->dccph_checksum = dccp_v6_csum_finish(skb, &ireq->ir_v6_loc_addr, &ireq->ir_v6_rmt_addr); fl6.daddr = ireq->ir_v6_rmt_addr; err = ip6_xmit(sk, skb, &fl6, np->opt, np->tclass); err = net_xmit_eval(err); } done: dst_release(dst); return err; }",visit repo url,net/dccp/ipv6.c,https://github.com/torvalds/linux,204337145341448,1 6394,CWE-20,"void enc28j60EventHandler(NetInterface *interface) { error_t error; uint16_t status; uint16_t value; status = enc28j60ReadReg(interface, ENC28J60_REG_EIR); if((status & EIR_LINKIF) != 0) { enc28j60ReadPhyReg(interface, ENC28J60_PHY_REG_PHIR); enc28j60ClearBit(interface, ENC28J60_REG_EIR, EIR_LINKIF); value = enc28j60ReadPhyReg(interface, ENC28J60_PHY_REG_PHSTAT2); if((value & PHSTAT2_LSTAT) != 0) { interface->linkSpeed = NIC_LINK_SPEED_10MBPS; #if (ENC28J60_FULL_DUPLEX_SUPPORT == ENABLED) interface->duplexMode = NIC_FULL_DUPLEX_MODE; #else interface->duplexMode = NIC_HALF_DUPLEX_MODE; #endif interface->linkState = TRUE; } else { interface->linkState = FALSE; } nicNotifyLinkChange(interface); } if((status & EIR_PKTIF) != 0) { enc28j60ClearBit(interface, ENC28J60_REG_EIR, EIR_PKTIF); do { error = enc28j60ReceivePacket(interface); } while(error != ERROR_BUFFER_EMPTY); } enc28j60SetBit(interface, ENC28J60_REG_EIE, EIE_LINKIE | EIE_PKTIE); }",visit repo url,drivers/eth/enc28j60_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,24698718292035,1 1629,[],"do_wait_for_common(struct completion *x, long timeout, int state) { if (!x->done) { DECLARE_WAITQUEUE(wait, current); wait.flags |= WQ_FLAG_EXCLUSIVE; __add_wait_queue_tail(&x->wait, &wait); do { if ((state == TASK_INTERRUPTIBLE && signal_pending(current)) || (state == TASK_KILLABLE && fatal_signal_pending(current))) { __remove_wait_queue(&x->wait, &wait); return -ERESTARTSYS; } __set_current_state(state); spin_unlock_irq(&x->wait.lock); timeout = schedule_timeout(timeout); spin_lock_irq(&x->wait.lock); if (!timeout) { __remove_wait_queue(&x->wait, &wait); return timeout; } } while (!x->done); __remove_wait_queue(&x->wait, &wait); } x->done--; return timeout; }",linux-2.6,,,274697841924585047243509907463219801467,0 4590,CWE-190,"static s32 gf_media_vvc_read_pps_bs_internal(GF_BitStream *bs, VVCState *vvc) { u32 i; s32 pps_id; VVC_PPS *pps; pps_id = gf_bs_read_int_log(bs, 6, ""pps_id""); if ((pps_id < 0) || (pps_id >= 64)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] wrong PPS ID %d in PPS\n"", pps_id)); return -1; } pps = &vvc->pps[pps_id]; if (!pps->state) { pps->id = pps_id; pps->state = 1; } pps->sps_id = gf_bs_read_int_log(bs, 4, ""sps_id""); if (pps->sps_id >= 16) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] wrong SPS ID %d in PPS\n"", pps->sps_id)); pps->sps_id=0; return -1; } vvc->sps_active_idx = pps->sps_id; pps->mixed_nal_types = gf_bs_read_int_log(bs, 1, ""mixed_nal_types""); pps->width = gf_bs_read_ue_log(bs, ""width""); pps->height = gf_bs_read_ue_log(bs, ""height""); pps->conf_window = gf_bs_read_int_log(bs, 1, ""conformance_window_flag""); if (pps->conf_window) { pps->cw_left = gf_bs_read_ue_log(bs, ""conf_win_left_offset""); pps->cw_right = gf_bs_read_ue_log(bs, ""conf_win_right_offset""); pps->cw_top = gf_bs_read_ue_log(bs, ""conf_win_top_offset""); pps->cw_bottom = gf_bs_read_ue_log(bs, ""conf_win_bottom_offset""); } if (gf_bs_read_int_log(bs, 1, ""scaling_window_explicit_signalling_flag"")) { gf_bs_read_se_log(bs, ""scaling_win_left_offset""); gf_bs_read_se_log(bs, ""scaling_win_right_offset""); gf_bs_read_se_log(bs, ""scaling_win_top_offset""); gf_bs_read_se_log(bs, ""scaling_win_bottom_offset""); } pps->output_flag_present_flag = gf_bs_read_int_log(bs, 1, ""output_flag_present_flag""); pps->no_pic_partition_flag = gf_bs_read_int_log(bs, 1, ""no_pic_partition_flag""); pps->subpic_id_mapping_present_flag = gf_bs_read_int_log(bs, 1, ""subpic_id_mapping_present_flag""); if (pps->subpic_id_mapping_present_flag) { u32 pps_subpic_id_len, pps_num_subpics=0; if (!pps->no_pic_partition_flag) { pps_num_subpics = 1+gf_bs_read_ue_log(bs, ""pps_num_subpics_minus1""); } pps_subpic_id_len = 1 + gf_bs_read_ue(bs); for (i=0; ino_pic_partition_flag) { gf_bs_read_int_log(bs, 2, ""pps_log2_ctu_size_minus5""); u32 num_exp_tile_columns = 1 + gf_bs_read_ue_log(bs, ""num_exp_tile_columns_minus1""); u32 num_exp_tile_rows = 1 + gf_bs_read_ue_log(bs, ""num_exp_tile_rows_minus1""); for (i=0; ioverall_error_count > asoc->max_retrans) { sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ETIMEDOUT)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_NO_ERROR)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); return SCTP_DISPOSITION_DELETE_TCB; } if (transport->param_flags & SPP_HB_ENABLE) { if (SCTP_DISPOSITION_NOMEM == sctp_sf_heartbeat(ep, asoc, type, arg, commands)) return SCTP_DISPOSITION_NOMEM; sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_RESET, SCTP_TRANSPORT(transport)); } sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMER_UPDATE, SCTP_TRANSPORT(transport)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,315005561558043341629239057308768692699,0 2871,CWE-119,"tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ tsize_t written=0; unsigned char* buffer=NULL; unsigned char* samplebuffer=NULL; tsize_t bufferoffset=0; tsize_t samplebufferoffset=0; tsize_t read=0; tstrip_t i=0; tstrip_t j=0; tstrip_t stripcount=0; tsize_t stripsize=0; tsize_t sepstripcount=0; tsize_t sepstripsize=0; #ifdef OJPEG_SUPPORT toff_t inputoffset=0; uint16 h_samp=1; uint16 v_samp=1; uint16 ri=1; uint32 rows=0; #endif #ifdef JPEG_SUPPORT unsigned char* jpt; float* xfloatp; uint64* sbc; unsigned char* stripbuffer; tsize_t striplength=0; uint32 max_striplength=0; #endif if (t2p->t2p_error != T2P_ERR_OK) return(0); if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){ #ifdef CCITT_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_G4){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if (buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for "" ""t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB){ TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef ZIP_SUPPORT if (t2p->pdf_compression == T2P_COMPRESS_ZIP) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB) { TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef OJPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_OJPEG) { if(t2p->tiff_dataoffset != 0) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if(t2p->pdf_ojpegiflength==0){ inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); t2pReadFile(input, (tdata_t) buffer, t2p->tiff_datasize); t2pSeekFile(input, inputoffset, SEEK_SET); t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } else { inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); bufferoffset = t2pReadFile(input, (tdata_t) buffer, t2p->pdf_ojpegiflength); t2p->pdf_ojpegiflength = 0; t2pSeekFile(input, inputoffset, SEEK_SET); TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &h_samp, &v_samp); buffer[bufferoffset++]= 0xff; buffer[bufferoffset++]= 0xdd; buffer[bufferoffset++]= 0x00; buffer[bufferoffset++]= 0x04; h_samp*=8; v_samp*=8; ri=(t2p->tiff_width+h_samp-1) / h_samp; TIFFGetField(input, TIFFTAG_ROWSPERSTRIP, &rows); ri*=(rows+v_samp-1)/v_samp; buffer[bufferoffset++]= (ri>>8) & 0xff; buffer[bufferoffset++]= ri & 0xff; stripcount=TIFFNumberOfStrips(input); for(i=0;ipdf_ojpegdata){ TIFFError(TIFF2PDF_MODULE, ""No support for OJPEG image %s with bad tables"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); _TIFFmemcpy(buffer, t2p->pdf_ojpegdata, t2p->pdf_ojpegdatalength); bufferoffset=t2p->pdf_ojpegdatalength; stripcount=TIFFNumberOfStrips(input); for(i=0;it2p_error = T2P_ERR_ERROR; return(0); #endif } } #endif #ifdef JPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_JPEG) { uint32 count = 0; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if (TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { if(count > 4) { _TIFFmemcpy(buffer, jpt, count); bufferoffset += count - 2; } } stripcount=TIFFNumberOfStrips(input); TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc); for(i=0;imax_striplength) max_striplength=sbc[i]; } stripbuffer = (unsigned char*) _TIFFmalloc(max_striplength); if(stripbuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s"", max_striplength, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } for(i=0;itiff_length)){ TIFFError(TIFF2PDF_MODULE, ""Can't process JPEG data in input file %s"", TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } } buffer[bufferoffset++]=0xff; buffer[bufferoffset++]=0xd9; t2pWriteFile(output, (tdata_t) buffer, bufferoffset); _TIFFfree(stripbuffer); _TIFFfree(buffer); return(bufferoffset); } #endif (void)0; } if(t2p->pdf_sample==T2P_SAMPLE_NOTHING){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } } else { if(t2p->pdf_sample & T2P_SAMPLE_PLANAR_SEPARATE_TO_CONTIG){ sepstripsize=TIFFStripSize(input); sepstripcount=TIFFNumberOfStrips(input); stripsize=sepstripsize*t2p->tiff_samplesperpixel; stripcount=sepstripcount/t2p->tiff_samplesperpixel; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); samplebuffer = (unsigned char*) _TIFFmalloc(stripsize); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } for(i=0;itiff_samplesperpixel;j++){ read = TIFFReadEncodedStrip(input, i + j*stripcount, (tdata_t) &(samplebuffer[samplebufferoffset]), TIFFmin(sepstripsize, stripsize - samplebufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i + j*stripcount, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } samplebufferoffset+=read; } t2p_sample_planar_separate_to_contig( t2p, &(buffer[bufferoffset]), samplebuffer, samplebufferoffset); bufferoffset+=samplebufferoffset; } _TIFFfree(samplebuffer); goto dataready; } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } if(t2p->pdf_sample & T2P_SAMPLE_REALIZE_PALETTE){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t) buffer, t2p->tiff_datasize * t2p->tiff_samplesperpixel); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; t2p->tiff_datasize *= t2p->tiff_samplesperpixel; } t2p_sample_realize_palette(t2p, buffer); } if(t2p->pdf_sample & T2P_SAMPLE_RGBA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgba_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_RGBAA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgbaa_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_YCBCR_TO_RGB){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length*4); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; } if(!TIFFReadRGBAImageOriented( input, t2p->tiff_width, t2p->tiff_length, (uint32*)buffer, ORIENTATION_TOPLEFT, 0)){ TIFFError(TIFF2PDF_MODULE, ""Can't use TIFFReadRGBAImageOriented to extract RGB image from %s"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } t2p->tiff_datasize=t2p_sample_abgr_to_rgb( (tdata_t) buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_LAB_SIGNED_TO_UNSIGNED){ t2p->tiff_datasize=t2p_sample_lab_signed_to_unsigned( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } } dataready: t2p_disable(output); TIFFSetField(output, TIFFTAG_PHOTOMETRIC, t2p->tiff_photometric); TIFFSetField(output, TIFFTAG_BITSPERSAMPLE, t2p->tiff_bitspersample); TIFFSetField(output, TIFFTAG_SAMPLESPERPIXEL, t2p->tiff_samplesperpixel); TIFFSetField(output, TIFFTAG_IMAGEWIDTH, t2p->tiff_width); TIFFSetField(output, TIFFTAG_IMAGELENGTH, t2p->tiff_length); TIFFSetField(output, TIFFTAG_ROWSPERSTRIP, t2p->tiff_length); TIFFSetField(output, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); TIFFSetField(output, TIFFTAG_FILLORDER, FILLORDER_MSB2LSB); switch(t2p->pdf_compression){ case T2P_COMPRESS_NONE: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_NONE); break; #ifdef CCITT_SUPPORT case T2P_COMPRESS_G4: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_CCITTFAX4); break; #endif #ifdef JPEG_SUPPORT case T2P_COMPRESS_JPEG: if(t2p->tiff_photometric==PHOTOMETRIC_YCBCR) { uint16 hor = 0, ver = 0; if (TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &hor, &ver) !=0 ) { if(hor != 0 && ver != 0){ TIFFSetField(output, TIFFTAG_YCBCRSUBSAMPLING, hor, ver); } } if(TIFFGetField(input, TIFFTAG_REFERENCEBLACKWHITE, &xfloatp)!=0){ TIFFSetField(output, TIFFTAG_REFERENCEBLACKWHITE, xfloatp); } } if(TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_JPEG)==0){ TIFFError(TIFF2PDF_MODULE, ""Unable to use JPEG compression for input %s and output %s"", TIFFFileName(input), TIFFFileName(output)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFSetField(output, TIFFTAG_JPEGTABLESMODE, 0); if(t2p->pdf_colorspace & (T2P_CS_RGB | T2P_CS_LAB)){ TIFFSetField(output, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_YCBCR); if(t2p->tiff_photometric != PHOTOMETRIC_YCBCR){ TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RAW); } } if(t2p->pdf_colorspace & T2P_CS_GRAY){ (void)0; } if(t2p->pdf_colorspace & T2P_CS_CMYK){ (void)0; } if(t2p->pdf_defaultcompressionquality != 0){ TIFFSetField(output, TIFFTAG_JPEGQUALITY, t2p->pdf_defaultcompressionquality); } break; #endif #ifdef ZIP_SUPPORT case T2P_COMPRESS_ZIP: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_DEFLATE); if(t2p->pdf_defaultcompressionquality%100 != 0){ TIFFSetField(output, TIFFTAG_PREDICTOR, t2p->pdf_defaultcompressionquality % 100); } if(t2p->pdf_defaultcompressionquality/100 != 0){ TIFFSetField(output, TIFFTAG_ZIPQUALITY, (t2p->pdf_defaultcompressionquality / 100)); } break; #endif default: break; } t2p_enable(output); t2p->outputwritten = 0; #ifdef JPEG_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_JPEG && t2p->tiff_photometric == PHOTOMETRIC_YCBCR){ bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, stripsize * stripcount); } else #endif { bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, t2p->tiff_datasize); } if (buffer != NULL) { _TIFFfree(buffer); buffer=NULL; } if (bufferoffset == (tsize_t)-1) { TIFFError(TIFF2PDF_MODULE, ""Error writing encoded strip to output PDF %s"", TIFFFileName(output)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } written = t2p->outputwritten; return(written); }",visit repo url,tools/tiff2pdf.c,https://github.com/vadz/libtiff,108893693056642,1 2965,CWE-20,"static void ikev2_parent_outI1_continue(struct pluto_crypto_req_cont *pcrc, struct pluto_crypto_req *r, err_t ugh) { struct ke_continuation *ke = (struct ke_continuation *)pcrc; struct msg_digest *md = ke->md; struct state *const st = md->st; stf_status e; DBG(DBG_CONTROLMORE, DBG_log(""ikev2 parent outI1: calculated ke+nonce, sending I1"")); if (st == NULL) { loglog(RC_LOG_SERIOUS, ""%s: Request was disconnected from state"", __FUNCTION__); if (ke->md) release_md(ke->md); return; } passert(ugh == NULL); passert(cur_state == NULL); passert(st != NULL); passert(st->st_suspended_md == ke->md); set_suspended(st, NULL); set_cur_state(st); st->st_calculating = FALSE; e = ikev2_parent_outI1_tail(pcrc, r); if (ke->md != NULL) { complete_v2_state_transition(&ke->md, e); if (ke->md) release_md(ke->md); } reset_cur_state(); reset_globals(); passert(GLOBALS_ARE_RESET()); }",visit repo url,programs/pluto/ikev2_parent.c,https://github.com/libreswan/libreswan,45629255410773,1 678,CWE-20,"static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t total_len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int error = 0; if (sk->sk_state & PPPOX_BOUND) { error = -EIO; goto end; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &error); if (error < 0) goto end; m->msg_namelen = 0; if (skb) { total_len = min_t(size_t, total_len, skb->len); error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len); if (error == 0) { consume_skb(skb); return total_len; } } kfree_skb(skb); end: return error; }",visit repo url,drivers/net/ppp/pppoe.c,https://github.com/torvalds/linux,210801352169286,1 3039,CWE-189,"queryin(char *buf) { QPRS_STATE state; int32 i; ltxtquery *query; int32 commonlen; ITEM *ptr; NODE *tmp; int32 pos = 0; #ifdef BS_DEBUG char pbuf[16384], *cur; #endif state.buf = buf; state.state = WAITOPERAND; state.count = 0; state.num = 0; state.str = NULL; state.sumlen = 0; state.lenop = 64; state.curop = state.op = (char *) palloc(state.lenop); *(state.curop) = '\0'; makepol(&state); if (!state.num) ereport(ERROR, (errcode(ERRCODE_SYNTAX_ERROR), errmsg(""syntax error""), errdetail(""Empty query.""))); commonlen = COMPUTESIZE(state.num, state.sumlen); query = (ltxtquery *) palloc(commonlen); SET_VARSIZE(query, commonlen); query->size = state.num; ptr = GETQUERY(query); for (i = 0; i < state.num; i++) { ptr[i].type = state.str->type; ptr[i].val = state.str->val; ptr[i].distance = state.str->distance; ptr[i].length = state.str->length; ptr[i].flag = state.str->flag; tmp = state.str->next; pfree(state.str); state.str = tmp; } memcpy((void *) GETOPERAND(query), (void *) state.op, state.sumlen); pfree(state.op); pos = 0; findoprnd(ptr, &pos); return query; }",visit repo url,contrib/ltree/ltxtquery_io.c,https://github.com/postgres/postgres,108740694685117,1 2642,CWE-125,"PHP_FUNCTION(locale_get_display_script) { get_icu_disp_value_src_php( LOC_SCRIPT_TAG , INTERNAL_FUNCTION_PARAM_PASSTHRU ); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,200883455284409,1 3039,['CWE-189'],"static int jp2_colr_getdata(jp2_box_t *box, jas_stream_t *in) { jp2_colr_t *colr = &box->data.colr; colr->csid = 0; colr->iccp = 0; colr->iccplen = 0; if (jp2_getuint8(in, &colr->method) || jp2_getuint8(in, &colr->pri) || jp2_getuint8(in, &colr->approx)) { return -1; } switch (colr->method) { case JP2_COLR_ENUM: if (jp2_getuint32(in, &colr->csid)) { return -1; } break; case JP2_COLR_ICC: colr->iccplen = box->datalen - 3; if (!(colr->iccp = jas_alloc2(colr->iccplen, sizeof(uint_fast8_t)))) { return -1; } if (jas_stream_read(in, colr->iccp, colr->iccplen) != colr->iccplen) { return -1; } break; } return 0; }",jasper,,,278817130848304081620159448361785345592,0 6469,CWE-119,"void * pvPortMalloc( size_t xWantedSize ) { BlockLink_t * pxBlock, * pxPreviousBlock, * pxNewBlockLink; void * pvReturn = NULL; vTaskSuspendAll(); { if( pxEnd == NULL ) { prvHeapInit(); } else { mtCOVERAGE_TEST_MARKER(); } if( ( xWantedSize & xBlockAllocatedBit ) == 0 ) { if( xWantedSize > 0 ) { xWantedSize += xHeapStructSize; if( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) != 0x00 ) { xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); configASSERT( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) == 0 ); } else { mtCOVERAGE_TEST_MARKER(); } } else { mtCOVERAGE_TEST_MARKER(); } if( ( xWantedSize > 0 ) && ( xWantedSize <= xFreeBytesRemaining ) ) { pxPreviousBlock = &xStart; pxBlock = xStart.pxNextFreeBlock; while( ( pxBlock->xBlockSize < xWantedSize ) && ( pxBlock->pxNextFreeBlock != NULL ) ) { pxPreviousBlock = pxBlock; pxBlock = pxBlock->pxNextFreeBlock; } if( pxBlock != pxEnd ) { pvReturn = ( void * ) ( ( ( uint8_t * ) pxPreviousBlock->pxNextFreeBlock ) + xHeapStructSize ); pxPreviousBlock->pxNextFreeBlock = pxBlock->pxNextFreeBlock; if( ( pxBlock->xBlockSize - xWantedSize ) > heapMINIMUM_BLOCK_SIZE ) { pxNewBlockLink = ( void * ) ( ( ( uint8_t * ) pxBlock ) + xWantedSize ); configASSERT( ( ( ( size_t ) pxNewBlockLink ) & portBYTE_ALIGNMENT_MASK ) == 0 ); pxNewBlockLink->xBlockSize = pxBlock->xBlockSize - xWantedSize; pxBlock->xBlockSize = xWantedSize; prvInsertBlockIntoFreeList( pxNewBlockLink ); } else { mtCOVERAGE_TEST_MARKER(); } xFreeBytesRemaining -= pxBlock->xBlockSize; if( xFreeBytesRemaining < xMinimumEverFreeBytesRemaining ) { xMinimumEverFreeBytesRemaining = xFreeBytesRemaining; } else { mtCOVERAGE_TEST_MARKER(); } pxBlock->xBlockSize |= xBlockAllocatedBit; pxBlock->pxNextFreeBlock = NULL; xNumberOfSuccessfulAllocations++; } else { mtCOVERAGE_TEST_MARKER(); } } else { mtCOVERAGE_TEST_MARKER(); } } else { mtCOVERAGE_TEST_MARKER(); } traceMALLOC( pvReturn, xWantedSize ); } ( void ) xTaskResumeAll(); #if ( configUSE_MALLOC_FAILED_HOOK == 1 ) { if( pvReturn == NULL ) { extern void vApplicationMallocFailedHook( void ); vApplicationMallocFailedHook(); } else { mtCOVERAGE_TEST_MARKER(); } } #endif configASSERT( ( ( ( size_t ) pvReturn ) & ( size_t ) portBYTE_ALIGNMENT_MASK ) == 0 ); return pvReturn; } ",visit repo url,portable/MemMang/heap_4.c,https://github.com/FreeRTOS/FreeRTOS-Kernel,51231061822116,1 5855,['CWE-200'],"static int raw_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { struct sock *sk = sock->sk; struct raw_sock *ro = raw_sk(sk); int len; void *val; int err = 0; if (level != SOL_CAN_RAW) return -EINVAL; if (get_user(len, optlen)) return -EFAULT; if (len < 0) return -EINVAL; switch (optname) { case CAN_RAW_FILTER: lock_sock(sk); if (ro->count > 0) { int fsize = ro->count * sizeof(struct can_filter); if (len > fsize) len = fsize; if (copy_to_user(optval, ro->filter, len)) err = -EFAULT; } else len = 0; release_sock(sk); if (!err) err = put_user(len, optlen); return err; case CAN_RAW_ERR_FILTER: if (len > sizeof(can_err_mask_t)) len = sizeof(can_err_mask_t); val = &ro->err_mask; break; case CAN_RAW_LOOPBACK: if (len > sizeof(int)) len = sizeof(int); val = &ro->loopback; break; case CAN_RAW_RECV_OWN_MSGS: if (len > sizeof(int)) len = sizeof(int); val = &ro->recv_own_msgs; break; default: return -ENOPROTOOPT; } if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, val, len)) return -EFAULT; return 0; }",linux-2.6,,,333245901524319079358871791344565248328,0 3012,CWE-125,"int read_image_tga( gdIOCtx *ctx, oTga *tga ) { int pixel_block_size = (tga->bits / 8); int image_block_size = (tga->width * tga->height) * pixel_block_size; int* decompression_buffer = NULL; unsigned char* conversion_buffer = NULL; int buffer_caret = 0; int bitmap_caret = 0; int i = 0; int encoded_pixels; int rle_size; if(overflow2(tga->width, tga->height)) { return -1; } if(overflow2(tga->width * tga->height, pixel_block_size)) { return -1; } if(overflow2(image_block_size, sizeof(int))) { return -1; } if (tga->imagetype != TGA_TYPE_RGB && tga->imagetype != TGA_TYPE_RGB_RLE) return -1; tga->bitmap = (int *) gdMalloc(image_block_size * sizeof(int)); if (tga->bitmap == NULL) return -1; switch (tga->imagetype) { case TGA_TYPE_RGB: conversion_buffer = (unsigned char *) gdMalloc(image_block_size * sizeof(unsigned char)); if (conversion_buffer == NULL) { return -1; } if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { gd_error(""gd-tga: premature end of image data\n""); gdFree(conversion_buffer); return -1; } while (buffer_caret < image_block_size) { tga->bitmap[buffer_caret] = (int) conversion_buffer[buffer_caret]; buffer_caret++; } gdFree(conversion_buffer); break; case TGA_TYPE_RGB_RLE: decompression_buffer = (int*) gdMalloc(image_block_size * sizeof(int)); if (decompression_buffer == NULL) { return -1; } conversion_buffer = (unsigned char *) gdMalloc(image_block_size * sizeof(unsigned char)); if (conversion_buffer == NULL) { gd_error(""gd-tga: premature end of image data\n""); gdFree( decompression_buffer ); return -1; } rle_size = gdGetBuf(conversion_buffer, image_block_size, ctx); if (rle_size <= 0) { gdFree(conversion_buffer); gdFree(decompression_buffer); return -1; } buffer_caret = 0; while( buffer_caret < rle_size) { decompression_buffer[buffer_caret] = (int)conversion_buffer[buffer_caret]; buffer_caret++; } buffer_caret = 0; while( bitmap_caret < image_block_size ) { if ((decompression_buffer[buffer_caret] & TGA_RLE_FLAG) == TGA_RLE_FLAG) { encoded_pixels = ( ( decompression_buffer[ buffer_caret ] & ~TGA_RLE_FLAG ) + 1 ); buffer_caret++; if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size) { gdFree( decompression_buffer ); gdFree( conversion_buffer ); return -1; } for (i = 0; i < encoded_pixels; i++) { memcpy(tga->bitmap + bitmap_caret, decompression_buffer + buffer_caret, pixel_block_size * sizeof(int)); bitmap_caret += pixel_block_size; } buffer_caret += pixel_block_size; } else { encoded_pixels = decompression_buffer[ buffer_caret ] + 1; buffer_caret++; if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size) { gdFree( decompression_buffer ); gdFree( conversion_buffer ); return -1; } memcpy(tga->bitmap + bitmap_caret, decompression_buffer + buffer_caret, encoded_pixels * pixel_block_size * sizeof(int)); bitmap_caret += (encoded_pixels * pixel_block_size); buffer_caret += (encoded_pixels * pixel_block_size); } } gdFree( decompression_buffer ); gdFree( conversion_buffer ); break; } return 1; }",visit repo url,src/gd_tga.c,https://github.com/libgd/libgd,201821283176484,1 2384,CWE-252,"static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const uint8_t *buf, int size) { GetBitContext gb; PutBitContext pb; MPEG4AudioConfig m4ac; int off; init_get_bits(&gb, buf, size * 8); off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s); if (off < 0) return off; skip_bits_long(&gb, off); adts->objecttype = m4ac.object_type - 1; adts->sample_rate_index = m4ac.sampling_index; adts->channel_conf = m4ac.chan_config; if (adts->objecttype > 3U) { av_log(s, AV_LOG_ERROR, ""MPEG-4 AOT %d is not allowed in ADTS\n"", adts->objecttype+1); return AVERROR_INVALIDDATA; } if (adts->sample_rate_index == 15) { av_log(s, AV_LOG_ERROR, ""Escape sample rate index illegal in ADTS\n""); return AVERROR_INVALIDDATA; } if (get_bits(&gb, 1)) { av_log(s, AV_LOG_ERROR, ""960/120 MDCT window is not allowed in ADTS\n""); return AVERROR_INVALIDDATA; } if (get_bits(&gb, 1)) { av_log(s, AV_LOG_ERROR, ""Scalable configurations are not allowed in ADTS\n""); return AVERROR_INVALIDDATA; } if (get_bits(&gb, 1)) { av_log(s, AV_LOG_ERROR, ""Extension flag is not allowed in ADTS\n""); return AVERROR_INVALIDDATA; } if (!adts->channel_conf) { init_put_bits(&pb, adts->pce_data, MAX_PCE_SIZE); put_bits(&pb, 3, 5); adts->pce_size = (ff_copy_pce_data(&pb, &gb) + 3) / 8; flush_put_bits(&pb); } adts->write_adts = 1; return 0; }",visit repo url,libavformat/adtsenc.c,https://github.com/FFmpeg/FFmpeg,270109267028477,1 467,CWE-20,"void big_key_describe(const struct key *key, struct seq_file *m) { size_t datalen = (size_t)key->payload.data[big_key_len]; seq_puts(m, key->description); if (key_is_instantiated(key)) seq_printf(m, "": %zu [%s]"", datalen, datalen > BIG_KEY_FILE_THRESHOLD ? ""file"" : ""buff""); }",visit repo url,security/keys/big_key.c,https://github.com/torvalds/linux,45357260668658,1 6071,['CWE-200'],"static void dev_forward_change(struct inet6_dev *idev) { struct net_device *dev; struct inet6_ifaddr *ifa; struct in6_addr addr; if (!idev) return; dev = idev->dev; if (dev && (dev->flags & IFF_MULTICAST)) { ipv6_addr_all_routers(&addr); if (idev->cnf.forwarding) ipv6_dev_mc_inc(dev, &addr); else ipv6_dev_mc_dec(dev, &addr); } for (ifa=idev->addr_list; ifa; ifa=ifa->if_next) { if (idev->cnf.forwarding) addrconf_join_anycast(ifa); else addrconf_leave_anycast(ifa); } }",linux-2.6,,,129979830107934687632446769019822771363,0 1517,[],"static void inc_nr_running(struct rq *rq) { rq->nr_running++; }",linux-2.6,,,234949207726179385294985835574541157679,0 3796,[],"static inline struct sock *unix_find_socket_byname(struct sockaddr_un *sunname, int len, int type, unsigned hash) { struct sock *s; spin_lock(&unix_table_lock); s = __unix_find_socket_byname(sunname, len, type, hash); if (s) sock_hold(s); spin_unlock(&unix_table_lock); return s; }",linux-2.6,,,239111473362592435062246591109221772619,0 6624,CWE-120,"int64_t GmfOpenMesh(const char *FilNam, int mod, ...) { int KwdCod, res, *PtrVer, *PtrDim, err; int64_t MshIdx; char str[ GmfStrSiz ]; va_list VarArg; GmfMshSct *msh; if(!(msh = calloc(1, sizeof(GmfMshSct)))) return(0); MshIdx = (int64_t)msh; if( (err = setjmp(msh->err)) != 0) { #ifdef GMFDEBUG printf(""libMeshb : mesh %p : error %d\n"", msh, err); #endif if(msh->hdl != NULL) fclose(msh->hdl); if(msh->FilDes != 0) #ifdef GMF_WINDOWS _close(msh->FilDes); #else close(msh->FilDes); #endif free(msh); return(0); } if(strlen(FilNam) + 7 >= GmfStrSiz) longjmp(msh->err, -4); strcpy(msh->FilNam, FilNam); msh->mod = mod; msh->buf = (void *)msh->DblBuf; msh->FltBuf = (void *)msh->DblBuf; msh->IntBuf = (void *)msh->DblBuf; if(strstr(msh->FilNam, "".meshb"")) msh->typ |= (Bin | MshFil); else if(strstr(msh->FilNam, "".mesh"")) msh->typ |= (Asc | MshFil); else if(strstr(msh->FilNam, "".solb"")) msh->typ |= (Bin | SolFil); else if(strstr(msh->FilNam, "".sol"")) msh->typ |= (Asc | SolFil); else longjmp(msh->err, -5); if(msh->mod == GmfRead) { va_start(VarArg, mod); PtrVer = va_arg(VarArg, int *); PtrDim = va_arg(VarArg, int *); va_end(VarArg); if(msh->typ & Bin) { #ifdef WITH_GMF_AIO msh->FilDes = open(msh->FilNam, OPEN_READ_FLAGS, OPEN_READ_MODE); if(msh->FilDes <= 0) longjmp(msh->err, -6); if(read(msh->FilDes, &msh->cod, WrdSiz) != WrdSiz) longjmp(msh->err, -7); #else if(!(msh->hdl = fopen(msh->FilNam, ""rb""))) longjmp(msh->err, -8); safe_fread(&msh->cod, WrdSiz, 1, msh->hdl, msh->err); #endif if( (msh->cod != 1) && (msh->cod != 16777216) ) longjmp(msh->err, -9); ScaWrd(msh, (unsigned char *)&msh->ver); if( (msh->ver < 1) || (msh->ver > 4) ) longjmp(msh->err, -10); if( (msh->ver >= 3) && (sizeof(int64_t) != 8) ) longjmp(msh->err, -11); ScaWrd(msh, (unsigned char *)&KwdCod); if(KwdCod != GmfDimension) longjmp(msh->err, -12); GetPos(msh); ScaWrd(msh, (unsigned char *)&msh->dim); } else { if(!(msh->hdl = fopen(msh->FilNam, ""rb""))) longjmp(msh->err, -13); do { res = fscanf(msh->hdl, ""%s"", str); }while( (res != EOF) && strcmp(str, ""MeshVersionFormatted"") ); if(res == EOF) longjmp(msh->err, -14); safe_fscanf(msh->hdl, ""%d"", &msh->ver, msh->err); if( (msh->ver < 1) || (msh->ver > 4) ) longjmp(msh->err, -15); do { res = fscanf(msh->hdl, ""%s"", str); }while( (res != EOF) && strcmp(str, ""Dimension"") ); if(res == EOF) longjmp(msh->err, -16); safe_fscanf(msh->hdl, ""%d"", &msh->dim, msh->err); } if( (msh->dim != 2) && (msh->dim != 3) ) longjmp(msh->err, -17); (*PtrVer) = msh->ver; (*PtrDim) = msh->dim; if(msh->ver == 1) msh->FltSiz = 32; else msh->FltSiz = 64; if(!ScaKwdTab(msh)) return(0); return(MshIdx); } else if(msh->mod == GmfWrite) { msh->cod = 1; va_start(VarArg, mod); msh->ver = va_arg(VarArg, int); msh->dim = va_arg(VarArg, int); va_end(VarArg); if( (msh->ver < 1) || (msh->ver > 4) ) longjmp(msh->err, -18); if( (msh->ver >= 3) && (sizeof(int64_t) != 8) ) longjmp(msh->err, -19); if( (msh->dim != 2) && (msh->dim != 3) ) longjmp(msh->err, -20); if(msh->ver == 1) msh->FltSiz = 32; else msh->FltSiz = 64; if(msh->typ & Bin) { #ifdef WITH_GMF_AIO msh->FilDes = open(msh->FilNam, OPEN_WRITE_FLAGS, OPEN_WRITE_MODE); if(msh->FilDes <= 0) longjmp(msh->err, -21); #else if(!(msh->hdl = fopen(msh->FilNam, ""wb""))) longjmp(msh->err, -22); #endif } else if(!(msh->hdl = fopen(msh->FilNam, ""wb""))) longjmp(msh->err, -23); if(msh->typ & Asc) { fprintf(msh->hdl, ""%s %d\n\n"", GmfKwdFmt[ GmfVersionFormatted ][0], msh->ver); fprintf(msh->hdl, ""%s %d\n"", GmfKwdFmt[ GmfDimension ][0], msh->dim); } else { RecWrd(msh, (unsigned char *)&msh->cod); RecWrd(msh, (unsigned char *)&msh->ver); GmfSetKwd(MshIdx, GmfDimension, 0); RecWrd(msh, (unsigned char *)&msh->dim); } return(MshIdx); } else { free(msh); return(0); } }",visit repo url,sources/libmeshb7.c,https://github.com/LoicMarechal/libMeshb,109427706811530,1 2791,CWE-787,"static void nsc_decode(NSC_CONTEXT* context) { UINT16 x; UINT16 y; UINT16 rw = ROUND_UP_TO(context->width, 8); BYTE shift = context->ColorLossLevel - 1; BYTE* bmpdata = context->BitmapData; for (y = 0; y < context->height; y++) { const BYTE* yplane; const BYTE* coplane; const BYTE* cgplane; const BYTE* aplane = context->priv->PlaneBuffers[3] + y * context->width; if (context->ChromaSubsamplingLevel) { yplane = context->priv->PlaneBuffers[0] + y * rw; coplane = context->priv->PlaneBuffers[1] + (y >> 1) * (rw >> 1); cgplane = context->priv->PlaneBuffers[2] + (y >> 1) * (rw >> 1); } else { yplane = context->priv->PlaneBuffers[0] + y * context->width; coplane = context->priv->PlaneBuffers[1] + y * context->width; cgplane = context->priv->PlaneBuffers[2] + y * context->width; } for (x = 0; x < context->width; x++) { INT16 y_val = (INT16) * yplane; INT16 co_val = (INT16)(INT8)(*coplane << shift); INT16 cg_val = (INT16)(INT8)(*cgplane << shift); INT16 r_val = y_val + co_val - cg_val; INT16 g_val = y_val + cg_val; INT16 b_val = y_val - co_val - cg_val; *bmpdata++ = MINMAX(b_val, 0, 0xFF); *bmpdata++ = MINMAX(g_val, 0, 0xFF); *bmpdata++ = MINMAX(r_val, 0, 0xFF); *bmpdata++ = *aplane; yplane++; coplane += (context->ChromaSubsamplingLevel ? x % 2 : 1); cgplane += (context->ChromaSubsamplingLevel ? x % 2 : 1); aplane++; } } }",visit repo url,libfreerdp/codec/nsc.c,https://github.com/FreeRDP/FreeRDP,125241065670652,1 4568,CWE-125,"char *gf_bt_get_next(GF_BTParser *parser, Bool point_break) { u32 has_quote; Bool go = 1; s32 i; gf_bt_check_line(parser); i=0; has_quote = 0; while (go) { if (parser->line_buffer[parser->line_pos + i] == '\""') { if (!has_quote) has_quote = 1; else has_quote = 0; parser->line_pos += 1; if (parser->line_pos+i==parser->line_size) break; continue; } if (!has_quote) { switch (parser->line_buffer[parser->line_pos + i]) { case 0: case ' ': case '\t': case '\r': case '\n': case '{': case '}': case ']': case '[': case ',': go = 0; break; case '.': if (point_break) go = 0; break; } if (!go) break; } parser->cur_buffer[i] = parser->line_buffer[parser->line_pos + i]; i++; if (parser->line_pos+i==parser->line_size) break; } parser->cur_buffer[i] = 0; parser->line_pos += i; return parser->cur_buffer; }",visit repo url,src/scene_manager/loader_bt.c,https://github.com/gpac/gpac,278194903578254,1 5460,['CWE-476'],"static struct kvm_io_device *vcpu_find_pervcpu_dev(struct kvm_vcpu *vcpu, gpa_t addr, int len, int is_write) { struct kvm_io_device *dev; if (vcpu->arch.apic) { dev = &vcpu->arch.apic->dev; if (dev->in_range(dev, addr, len, is_write)) return dev; } return NULL; }",linux-2.6,,,4608209576947547987939155067213700103,0 5450,CWE-617,"pci_bus_write_dsdt(int bus) { struct businfo *bi; struct slotinfo *si; struct pci_vdev *dev; int count, func, slot; bi = pci_businfo[bus]; if (bi == NULL) { if (bus != 0) return; } dsdt_line("" Device (PCI%01X)"", bus); dsdt_line("" {""); dsdt_line("" Name (_HID, EisaId (\""PNP0A03\""))""); dsdt_line("" Name (_ADR, Zero)""); dsdt_line("" Method (_BBN, 0, NotSerialized)""); dsdt_line("" {""); dsdt_line("" Return (0x%08X)"", bus); dsdt_line("" }""); dsdt_line("" Name (_CRS, ResourceTemplate ()""); dsdt_line("" {""); dsdt_line("" WordBusNumber (ResourceProducer, MinFixed, "" ""MaxFixed, PosDecode,""); dsdt_line("" 0x0000, // Granularity""); dsdt_line("" 0x%04X, // Range Minimum"", bus); dsdt_line("" 0x%04X, // Range Maximum"", bus); dsdt_line("" 0x0000, // Translation Offset""); dsdt_line("" 0x0001, // Length""); dsdt_line("" ,, )""); if (bus == 0) { dsdt_indent(3); dsdt_fixed_ioport(0xCF8, 8); dsdt_unindent(3); dsdt_line("" WordIO (ResourceProducer, MinFixed, MaxFixed, "" ""PosDecode, EntireRange,""); dsdt_line("" 0x0000, // Granularity""); dsdt_line("" 0x0000, // Range Minimum""); dsdt_line("" 0x0CF7, // Range Maximum""); dsdt_line("" 0x0000, // Translation Offset""); dsdt_line("" 0x0CF8, // Length""); dsdt_line("" ,, , TypeStatic)""); dsdt_line("" WordIO (ResourceProducer, MinFixed, MaxFixed, "" ""PosDecode, EntireRange,""); dsdt_line("" 0x0000, // Granularity""); dsdt_line("" 0x0D00, // Range Minimum""); dsdt_line("" 0x%04X, // Range Maximum"", PCI_EMUL_IOBASE - 1); dsdt_line("" 0x0000, // Translation Offset""); dsdt_line("" 0x%04X, // Length"", PCI_EMUL_IOBASE - 0x0D00); dsdt_line("" ,, , TypeStatic)""); if (bi == NULL) { dsdt_line("" })""); goto done; } } assert(bi != NULL); dsdt_line("" WordIO (ResourceProducer, MinFixed, MaxFixed, "" ""PosDecode, EntireRange,""); dsdt_line("" 0x0000, // Granularity""); dsdt_line("" 0x%04X, // Range Minimum"", bi->iobase); dsdt_line("" 0x%04X, // Range Maximum"", bi->iolimit - 1); dsdt_line("" 0x0000, // Translation Offset""); dsdt_line("" 0x%04X, // Length"", bi->iolimit - bi->iobase); dsdt_line("" ,, , TypeStatic)""); dsdt_line("" DWordMemory (ResourceProducer, PosDecode, "" ""MinFixed, MaxFixed, NonCacheable, ReadWrite,""); dsdt_line("" 0x00000000, // Granularity""); dsdt_line("" 0x%08X, // Range Minimum\n"", bi->membase32); dsdt_line("" 0x%08X, // Range Maximum\n"", bi->memlimit32 - 1); dsdt_line("" 0x00000000, // Translation Offset""); dsdt_line("" 0x%08X, // Length\n"", bi->memlimit32 - bi->membase32); dsdt_line("" ,, , AddressRangeMemory, TypeStatic)""); dsdt_line("" QWordMemory (ResourceProducer, PosDecode, "" ""MinFixed, MaxFixed, NonCacheable, ReadWrite,""); dsdt_line("" 0x0000000000000000, // Granularity""); dsdt_line("" 0x%016lX, // Range Minimum\n"", bi->membase64); dsdt_line("" 0x%016lX, // Range Maximum\n"", bi->memlimit64 - 1); dsdt_line("" 0x0000000000000000, // Translation Offset""); dsdt_line("" 0x%016lX, // Length\n"", bi->memlimit64 - bi->membase64); dsdt_line("" ,, , AddressRangeMemory, TypeStatic)""); dsdt_line("" })""); if (!is_rtvm) { count = pci_count_lintr(bus); if (count != 0) { dsdt_indent(2); dsdt_line(""Name (PPRT, Package ()""); dsdt_line(""{""); pci_walk_lintr(bus, pci_pirq_prt_entry, NULL); dsdt_line(""})""); dsdt_line(""Name (APRT, Package ()""); dsdt_line(""{""); pci_walk_lintr(bus, pci_apic_prt_entry, NULL); dsdt_line(""})""); dsdt_line(""Method (_PRT, 0, NotSerialized)""); dsdt_line(""{""); dsdt_line("" If (PICM)""); dsdt_line("" {""); dsdt_line("" Return (APRT)""); dsdt_line("" }""); dsdt_line("" Else""); dsdt_line("" {""); dsdt_line("" Return (PPRT)""); dsdt_line("" }""); dsdt_line(""}""); dsdt_unindent(2); } } dsdt_indent(2); for (slot = 0; slot < MAXSLOTS; slot++) { si = &bi->slotinfo[slot]; for (func = 0; func < MAXFUNCS; func++) { dev = si->si_funcs[func].fi_devi; if (dev != NULL && dev->dev_ops->vdev_write_dsdt != NULL) dev->dev_ops->vdev_write_dsdt(dev); } } dsdt_unindent(2); done: dsdt_line("" }""); }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,115415942751337,1 1853,['CWE-189'],"int _gnutls_negotiate_version( gnutls_session_t session, gnutls_protocol_t adv_version) { int ret; if (_gnutls_version_is_supported (session, adv_version) == 0) { ret = _gnutls_version_max (session); if (ret == GNUTLS_VERSION_UNKNOWN) { gnutls_assert (); return GNUTLS_E_UNKNOWN_CIPHER_SUITE; } } else { ret = adv_version; } _gnutls_set_current_version (session, ret); return ret; }",gnutls,,,116595270789361850418031064065917323469,0 5614,[],"static inline void __wake_up_parent(struct task_struct *p, struct task_struct *parent) { wake_up_interruptible_sync(&parent->signal->wait_chldexit); }",linux-2.6,,,27850224474292332569169231432813872191,0 6685,CWE-1284,"int main(int argc, char *argv[]) { int option; int passlen=0; FILE *outfp = NULL; char outfile[1024]; unsigned char pass[MAX_PASSWD_BUF]; int file_count = 0; unsigned char bom[2]; int password_acquired = 0; while ((option = getopt(argc, argv, ""vhg:p:o:"")) != -1) { switch (option) { case 'h': usage(argv[0]); return 0; case 'v': version(argv[0]); return 0; case 'g': if (password_acquired) { fprintf(stderr, ""Error: password supplied twice\n""); return -1; } if (optarg != 0) { passlen = generate_password(atoi((char*) optarg), pass); if (passlen < 0) { return -1; } } password_acquired = 1; break; case 'p': if (password_acquired) { fprintf(stderr, ""Error: password supplied twice\n""); return -1; } if (optarg != 0) { passlen = passwd_to_utf16( (unsigned char*) optarg, strlen((char *)optarg), MAX_PASSWD_LEN, pass); if (passlen < 0) { return -1; } } password_acquired = 1; break; default: fprintf(stderr, ""Error: Unknown option '%c'\n"", option); return -1; } } file_count = argc - optind; if (file_count != 1) { fprintf(stderr, ""Error: A single output file must be specified.\n""); usage(argv[0]); memset_secure(pass, 0, MAX_PASSWD_BUF); return -1; } else { strncpy(outfile, argv[optind++], 1024); outfile[1023] = '\0'; } if (passlen == 0) { passlen = read_password(pass, ENC); switch (passlen) { case 0: fprintf(stderr, ""Error: No password supplied.\n""); return -1; case AESCRYPT_READPWD_FOPEN: case AESCRYPT_READPWD_FILENO: case AESCRYPT_READPWD_TCGETATTR: case AESCRYPT_READPWD_TCSETATTR: case AESCRYPT_READPWD_FGETC: case AESCRYPT_READPWD_TOOLONG: case AESCRYPT_READPWD_ICONV: fprintf(stderr, ""Error in read_password: %s.\n"", read_password_error(passlen)); return -1; case AESCRYPT_READPWD_NOMATCH: fprintf(stderr, ""Error: Passwords don't match.\n""); return -1; } } if(!strcmp(""-"", outfile)) { outfp = stdout; } else if ((outfp = fopen(outfile, ""w"")) == NULL) { fprintf(stderr, ""Error opening output file %s : "", outfile); perror(""""); memset_secure(pass, 0, MAX_PASSWD_BUF); return -1; } bom[0] = 0xFF; bom[1] = 0xFE; if (fwrite(bom, 1, 2, outfp) != 2) { fprintf(stderr, ""Error: Could not write BOM to password file.\n""); if (strcmp(""-"",outfile)) { fclose(outfp); } cleanup(outfile); return -1; } if (fwrite(pass, 1, passlen, outfp) != (size_t) passlen) { fprintf(stderr, ""Error: Could not write password file.\n""); if (strcmp(""-"",outfile)) { fclose(outfp); } cleanup(outfile); return -1; } if (strcmp(""-"",outfile)) { fclose(outfp); } memset_secure(pass, 0, MAX_PASSWD_BUF); return 0; }",visit repo url,Linux/src/aescrypt_keygen.c,https://github.com/paulej/AESCrypt,112259747315944,1 1869,['CWE-189'],"gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max) { session->internals.max_handshake_data_buffer_size = max; }",gnutls,,,236585913754170853827423750708080071651,0 722,CWE-20,"static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; int len; if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { rfcomm_dlc_accept(d); msg->msg_namelen = 0; return 0; } len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); lock_sock(sk); if (!(flags & MSG_PEEK) && len > 0) atomic_sub(len, &sk->sk_rmem_alloc); if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); release_sock(sk); return len; }",visit repo url,net/bluetooth/rfcomm/sock.c,https://github.com/torvalds/linux,68043523665785,1 507,CWE-835,"static long madvise_willneed(struct vm_area_struct *vma, struct vm_area_struct **prev, unsigned long start, unsigned long end) { struct file *file = vma->vm_file; #ifdef CONFIG_SWAP if (!file) { *prev = vma; force_swapin_readahead(vma, start, end); return 0; } if (shmem_mapping(file->f_mapping)) { *prev = vma; force_shm_swapin_readahead(vma, start, end, file->f_mapping); return 0; } #else if (!file) return -EBADF; #endif if (IS_DAX(file_inode(file))) { return 0; } *prev = vma; start = ((start - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; if (end > vma->vm_end) end = vma->vm_end; end = ((end - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; force_page_cache_readahead(file->f_mapping, file, start, end - start); return 0; }",visit repo url,mm/madvise.c,https://github.com/torvalds/linux,218774838119430,1 2319,CWE-190,"static inline void process_get_command(conn *c, token_t *tokens, size_t ntokens, bool return_cas) { char *key; size_t nkey; int i = 0; item *it; token_t *key_token = &tokens[KEY_TOKEN]; char *suffix; assert(c != NULL); do { while(key_token->length != 0) { key = key_token->value; nkey = key_token->length; if(nkey > KEY_MAX_LENGTH) { out_string(c, ""CLIENT_ERROR bad command line format""); while (i-- > 0) { item_remove(*(c->ilist + i)); } return; } it = item_get(key, nkey, c, DO_UPDATE); if (settings.detail_enabled) { stats_prefix_record_get(key, nkey, NULL != it); } if (it) { if (i >= c->isize) { item **new_list = realloc(c->ilist, sizeof(item *) * c->isize * 2); if (new_list) { c->isize *= 2; c->ilist = new_list; } else { STATS_LOCK(); stats.malloc_fails++; STATS_UNLOCK(); item_remove(it); break; } } if (return_cas || !settings.inline_ascii_response) { MEMCACHED_COMMAND_GET(c->sfd, ITEM_key(it), it->nkey, it->nbytes, ITEM_get_cas(it)); if (i >= c->suffixsize) { char **new_suffix_list = realloc(c->suffixlist, sizeof(char *) * c->suffixsize * 2); if (new_suffix_list) { c->suffixsize *= 2; c->suffixlist = new_suffix_list; } else { STATS_LOCK(); stats.malloc_fails++; STATS_UNLOCK(); item_remove(it); break; } } suffix = do_cache_alloc(c->thread->suffix_cache); if (suffix == NULL) { STATS_LOCK(); stats.malloc_fails++; STATS_UNLOCK(); out_of_memory(c, ""SERVER_ERROR out of memory making CAS suffix""); item_remove(it); while (i-- > 0) { item_remove(*(c->ilist + i)); } return; } *(c->suffixlist + i) = suffix; int suffix_len = make_ascii_get_suffix(suffix, it, return_cas); if (add_iov(c, ""VALUE "", 6) != 0 || add_iov(c, ITEM_key(it), it->nkey) != 0 || (settings.inline_ascii_response && add_iov(c, ITEM_suffix(it), it->nsuffix - 2) != 0) || add_iov(c, suffix, suffix_len) != 0) { item_remove(it); break; } if ((it->it_flags & ITEM_CHUNKED) == 0) { add_iov(c, ITEM_data(it), it->nbytes); } else if (add_chunked_item_iovs(c, it, it->nbytes) != 0) { item_remove(it); break; } } else { MEMCACHED_COMMAND_GET(c->sfd, ITEM_key(it), it->nkey, it->nbytes, ITEM_get_cas(it)); if (add_iov(c, ""VALUE "", 6) != 0 || add_iov(c, ITEM_key(it), it->nkey) != 0) { item_remove(it); break; } if ((it->it_flags & ITEM_CHUNKED) == 0) { if (add_iov(c, ITEM_suffix(it), it->nsuffix + it->nbytes) != 0) { item_remove(it); break; } } else if (add_iov(c, ITEM_suffix(it), it->nsuffix) != 0 || add_chunked_item_iovs(c, it, it->nbytes) != 0) { item_remove(it); break; } } if (settings.verbose > 1) { int ii; fprintf(stderr, "">%d sending key "", c->sfd); for (ii = 0; ii < it->nkey; ++ii) { fprintf(stderr, ""%c"", key[ii]); } fprintf(stderr, ""\n""); } pthread_mutex_lock(&c->thread->stats.mutex); c->thread->stats.slab_stats[ITEM_clsid(it)].get_hits++; c->thread->stats.get_cmds++; pthread_mutex_unlock(&c->thread->stats.mutex); *(c->ilist + i) = it; i++; } else { pthread_mutex_lock(&c->thread->stats.mutex); c->thread->stats.get_misses++; c->thread->stats.get_cmds++; pthread_mutex_unlock(&c->thread->stats.mutex); MEMCACHED_COMMAND_GET(c->sfd, key, nkey, -1, 0); } key_token++; } if(key_token->value != NULL) { ntokens = tokenize_command(key_token->value, tokens, MAX_TOKENS); key_token = tokens; } } while(key_token->value != NULL); c->icurr = c->ilist; c->ileft = i; if (return_cas || !settings.inline_ascii_response) { c->suffixcurr = c->suffixlist; c->suffixleft = i; } if (settings.verbose > 1) fprintf(stderr, "">%d END\n"", c->sfd); if (key_token->value != NULL || add_iov(c, ""END\r\n"", 5) != 0 || (IS_UDP(c->transport) && build_udp_headers(c) != 0)) { out_of_memory(c, ""SERVER_ERROR out of memory writing get response""); } else { conn_set_state(c, conn_mwrite); c->msgcurr = 0; } }",visit repo url,memcached.c,https://github.com/memcached/memcached,97903353043574,1 5982,['CWE-200'],"static void ip6_tnl_add_linklocal(struct inet6_dev *idev) { struct net_device *link_dev; if (idev->dev->iflink && (link_dev = __dev_get_by_index(idev->dev->iflink))) { if (!ipv6_inherit_linklocal(idev, link_dev)) return; } for (link_dev = dev_base; link_dev; link_dev = link_dev->next) { if (!ipv6_inherit_linklocal(idev, link_dev)) return; } printk(KERN_DEBUG ""init ip6-ip6: add_linklocal failed\n""); }",linux-2.6,,,94335215545555183832734375194989689273,0 2867,CWE-787,"tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ tsize_t written=0; unsigned char* buffer=NULL; unsigned char* samplebuffer=NULL; tsize_t bufferoffset=0; tsize_t samplebufferoffset=0; tsize_t read=0; tstrip_t i=0; tstrip_t j=0; tstrip_t stripcount=0; tsize_t stripsize=0; tsize_t sepstripcount=0; tsize_t sepstripsize=0; #ifdef OJPEG_SUPPORT toff_t inputoffset=0; uint16 h_samp=1; uint16 v_samp=1; uint16 ri=1; uint32 rows=0; #endif #ifdef JPEG_SUPPORT unsigned char* jpt; float* xfloatp; uint64* sbc; unsigned char* stripbuffer; tsize_t striplength=0; uint32 max_striplength=0; #endif if (t2p->t2p_error != T2P_ERR_OK) return(0); if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){ #ifdef CCITT_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_G4){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if (buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for "" ""t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB){ TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef ZIP_SUPPORT if (t2p->pdf_compression == T2P_COMPRESS_ZIP) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB) { TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef OJPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_OJPEG) { if(t2p->tiff_dataoffset != 0) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if(t2p->pdf_ojpegiflength==0){ inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); t2pReadFile(input, (tdata_t) buffer, t2p->tiff_datasize); t2pSeekFile(input, inputoffset, SEEK_SET); t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } else { inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); bufferoffset = t2pReadFile(input, (tdata_t) buffer, t2p->pdf_ojpegiflength); t2p->pdf_ojpegiflength = 0; t2pSeekFile(input, inputoffset, SEEK_SET); TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &h_samp, &v_samp); buffer[bufferoffset++]= 0xff; buffer[bufferoffset++]= 0xdd; buffer[bufferoffset++]= 0x00; buffer[bufferoffset++]= 0x04; h_samp*=8; v_samp*=8; ri=(t2p->tiff_width+h_samp-1) / h_samp; TIFFGetField(input, TIFFTAG_ROWSPERSTRIP, &rows); ri*=(rows+v_samp-1)/v_samp; buffer[bufferoffset++]= (ri>>8) & 0xff; buffer[bufferoffset++]= ri & 0xff; stripcount=TIFFNumberOfStrips(input); for(i=0;ipdf_ojpegdata){ TIFFError(TIFF2PDF_MODULE, ""No support for OJPEG image %s with bad tables"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); _TIFFmemcpy(buffer, t2p->pdf_ojpegdata, t2p->pdf_ojpegdatalength); bufferoffset=t2p->pdf_ojpegdatalength; stripcount=TIFFNumberOfStrips(input); for(i=0;it2p_error = T2P_ERR_ERROR; return(0); #endif } } #endif #ifdef JPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_JPEG) { uint32 count = 0; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if (TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { if(count > 4) { _TIFFmemcpy(buffer, jpt, count); bufferoffset += count - 2; } } stripcount=TIFFNumberOfStrips(input); TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc); for(i=0;imax_striplength) max_striplength=sbc[i]; } stripbuffer = (unsigned char*) _TIFFmalloc(max_striplength); if(stripbuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s"", max_striplength, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } for(i=0;itiff_length)){ TIFFError(TIFF2PDF_MODULE, ""Can't process JPEG data in input file %s"", TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } } buffer[bufferoffset++]=0xff; buffer[bufferoffset++]=0xd9; t2pWriteFile(output, (tdata_t) buffer, bufferoffset); _TIFFfree(stripbuffer); _TIFFfree(buffer); return(bufferoffset); } #endif (void)0; } if(t2p->pdf_sample==T2P_SAMPLE_NOTHING){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } } else { if(t2p->pdf_sample & T2P_SAMPLE_PLANAR_SEPARATE_TO_CONTIG){ sepstripsize=TIFFStripSize(input); sepstripcount=TIFFNumberOfStrips(input); stripsize=sepstripsize*t2p->tiff_samplesperpixel; stripcount=sepstripcount/t2p->tiff_samplesperpixel; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); samplebuffer = (unsigned char*) _TIFFmalloc(stripsize); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } for(i=0;itiff_samplesperpixel;j++){ read = TIFFReadEncodedStrip(input, i + j*stripcount, (tdata_t) &(samplebuffer[samplebufferoffset]), TIFFmin(sepstripsize, stripsize - samplebufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i + j*stripcount, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } samplebufferoffset+=read; } t2p_sample_planar_separate_to_contig( t2p, &(buffer[bufferoffset]), samplebuffer, samplebufferoffset); bufferoffset+=samplebufferoffset; } _TIFFfree(samplebuffer); goto dataready; } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } if(t2p->pdf_sample & T2P_SAMPLE_REALIZE_PALETTE){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t) buffer, t2p->tiff_datasize * t2p->tiff_samplesperpixel); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; t2p->tiff_datasize *= t2p->tiff_samplesperpixel; } t2p_sample_realize_palette(t2p, buffer); } if(t2p->pdf_sample & T2P_SAMPLE_RGBA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgba_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_RGBAA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgbaa_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_YCBCR_TO_RGB){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length*4); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; } if(!TIFFReadRGBAImageOriented( input, t2p->tiff_width, t2p->tiff_length, (uint32*)buffer, ORIENTATION_TOPLEFT, 0)){ TIFFError(TIFF2PDF_MODULE, ""Can't use TIFFReadRGBAImageOriented to extract RGB image from %s"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } t2p->tiff_datasize=t2p_sample_abgr_to_rgb( (tdata_t) buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_LAB_SIGNED_TO_UNSIGNED){ t2p->tiff_datasize=t2p_sample_lab_signed_to_unsigned( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } } dataready: t2p_disable(output); TIFFSetField(output, TIFFTAG_PHOTOMETRIC, t2p->tiff_photometric); TIFFSetField(output, TIFFTAG_BITSPERSAMPLE, t2p->tiff_bitspersample); TIFFSetField(output, TIFFTAG_SAMPLESPERPIXEL, t2p->tiff_samplesperpixel); TIFFSetField(output, TIFFTAG_IMAGEWIDTH, t2p->tiff_width); TIFFSetField(output, TIFFTAG_IMAGELENGTH, t2p->tiff_length); TIFFSetField(output, TIFFTAG_ROWSPERSTRIP, t2p->tiff_length); TIFFSetField(output, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); TIFFSetField(output, TIFFTAG_FILLORDER, FILLORDER_MSB2LSB); switch(t2p->pdf_compression){ case T2P_COMPRESS_NONE: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_NONE); break; #ifdef CCITT_SUPPORT case T2P_COMPRESS_G4: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_CCITTFAX4); break; #endif #ifdef JPEG_SUPPORT case T2P_COMPRESS_JPEG: if(t2p->tiff_photometric==PHOTOMETRIC_YCBCR) { uint16 hor = 0, ver = 0; if (TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &hor, &ver) !=0 ) { if(hor != 0 && ver != 0){ TIFFSetField(output, TIFFTAG_YCBCRSUBSAMPLING, hor, ver); } } if(TIFFGetField(input, TIFFTAG_REFERENCEBLACKWHITE, &xfloatp)!=0){ TIFFSetField(output, TIFFTAG_REFERENCEBLACKWHITE, xfloatp); } } if(TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_JPEG)==0){ TIFFError(TIFF2PDF_MODULE, ""Unable to use JPEG compression for input %s and output %s"", TIFFFileName(input), TIFFFileName(output)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFSetField(output, TIFFTAG_JPEGTABLESMODE, 0); if(t2p->pdf_colorspace & (T2P_CS_RGB | T2P_CS_LAB)){ TIFFSetField(output, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_YCBCR); if(t2p->tiff_photometric != PHOTOMETRIC_YCBCR){ TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RAW); } } if(t2p->pdf_colorspace & T2P_CS_GRAY){ (void)0; } if(t2p->pdf_colorspace & T2P_CS_CMYK){ (void)0; } if(t2p->pdf_defaultcompressionquality != 0){ TIFFSetField(output, TIFFTAG_JPEGQUALITY, t2p->pdf_defaultcompressionquality); } break; #endif #ifdef ZIP_SUPPORT case T2P_COMPRESS_ZIP: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_DEFLATE); if(t2p->pdf_defaultcompressionquality%100 != 0){ TIFFSetField(output, TIFFTAG_PREDICTOR, t2p->pdf_defaultcompressionquality % 100); } if(t2p->pdf_defaultcompressionquality/100 != 0){ TIFFSetField(output, TIFFTAG_ZIPQUALITY, (t2p->pdf_defaultcompressionquality / 100)); } break; #endif default: break; } t2p_enable(output); t2p->outputwritten = 0; #ifdef JPEG_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_JPEG && t2p->tiff_photometric == PHOTOMETRIC_YCBCR){ bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, stripsize * stripcount); } else #endif { bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, t2p->tiff_datasize); } if (buffer != NULL) { _TIFFfree(buffer); buffer=NULL; } if (bufferoffset == (tsize_t)-1) { TIFFError(TIFF2PDF_MODULE, ""Error writing encoded strip to output PDF %s"", TIFFFileName(output)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } written = t2p->outputwritten; return(written); }",visit repo url,tools/tiff2pdf.c,https://github.com/vadz/libtiff,108893693056642,1 5821,['CWE-200'],"static int econet_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) { struct sock *sk; struct econet_sock *eo; struct sockaddr_ec *sec = (struct sockaddr_ec *)uaddr; if (peer) return -EOPNOTSUPP; memset(sec, 0, sizeof(*sec)); mutex_lock(&econet_mutex); sk = sock->sk; eo = ec_sk(sk); sec->sec_family = AF_ECONET; sec->port = eo->port; sec->addr.station = eo->station; sec->addr.net = eo->net; mutex_unlock(&econet_mutex); *uaddr_len = sizeof(*sec); return 0; }",linux-2.6,,,120501452440107819619759135303988599286,0 5150,CWE-125,"ast_for_arg(struct compiling *c, const node *n) { identifier name; expr_ty annotation = NULL; node *ch; arg_ty ret; assert(TYPE(n) == tfpdef || TYPE(n) == vfpdef); ch = CHILD(n, 0); name = NEW_IDENTIFIER(ch); if (!name) return NULL; if (forbidden_name(c, name, ch, 0)) return NULL; if (NCH(n) == 3 && TYPE(CHILD(n, 1)) == COLON) { annotation = ast_for_expr(c, CHILD(n, 2)); if (!annotation) return NULL; } ret = arg(name, annotation, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); if (!ret) return NULL; return ret; }",visit repo url,Python/ast.c,https://github.com/python/cpython,18802146494823,1 3131,['CWE-189'],"jas_iccattrval_t *jas_iccattrval_create(jas_iccuint32_t type) { jas_iccattrval_t *attrval; jas_iccattrvalinfo_t *info; if (!(info = jas_iccattrvalinfo_lookup(type))) goto error; if (!(attrval = jas_iccattrval_create0())) goto error; attrval->ops = &info->ops; attrval->type = type; ++attrval->refcnt; memset(&attrval->data, 0, sizeof(attrval->data)); return attrval; error: return 0; }",jasper,,,281437276201588373814953085937899746868,0 6641,['CWE-200'],"connection_removed (NMExportedConnection *connection, gpointer user_data) { NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (user_data); priv->connections = g_slist_remove (priv->connections, connection); g_object_unref (connection); }",network-manager-applet,,,169260276069364192937599498996017495773,0 3584,CWE-190,"int mif_validate(jas_stream_t *in) { uchar buf[MIF_MAGICLEN]; uint_fast32_t magic; int i; int n; assert(JAS_STREAM_MAXPUTBACK >= MIF_MAGICLEN); if ((n = jas_stream_read(in, buf, MIF_MAGICLEN)) < 0) { return -1; } for (i = n - 1; i >= 0; --i) { if (jas_stream_ungetc(in, buf[i]) == EOF) { return -1; } } if (n < MIF_MAGICLEN) { return -1; } magic = (JAS_CAST(uint_fast32_t, buf[0]) << 24) | (JAS_CAST(uint_fast32_t, buf[1]) << 16) | (JAS_CAST(uint_fast32_t, buf[2]) << 8) | buf[3]; if (magic != MIF_MAGIC) { return -1; } return 0; }",visit repo url,src/libjasper/mif/mif_cod.c,https://github.com/mdadams/jasper,229605400366530,1 1181,['CWE-189'],"static int hrtimer_switch_to_hres(void) { struct hrtimer_cpu_base *base = &__get_cpu_var(hrtimer_bases); unsigned long flags; if (base->hres_active) return 1; local_irq_save(flags); if (tick_init_highres()) { local_irq_restore(flags); return 0; } base->hres_active = 1; base->clock_base[CLOCK_REALTIME].resolution = KTIME_HIGH_RES; base->clock_base[CLOCK_MONOTONIC].resolution = KTIME_HIGH_RES; tick_setup_sched_timer(); retrigger_next_event(NULL); local_irq_restore(flags); printk(KERN_INFO ""Switched to high resolution mode on CPU %d\n"", smp_processor_id()); return 1; }",linux-2.6,,,230807270565880242175498527904944749033,0 4513,['CWE-20'],"static void dx_show_index(char * label, struct dx_entry *entries) { int i, n = dx_get_count (entries); printk(KERN_DEBUG ""%s index "", label); for (i = 0; i < n; i++) { printk(""%x->%lu "", i ? dx_get_hash(entries + i) : 0, (unsigned long)dx_get_block(entries + i)); } printk(""\n""); }",linux-2.6,,,157148555698241067769514587808459276472,0 2992,['CWE-189'],"void jpc_enc_destroy(jpc_enc_t *enc) { if (enc->curtile) { jpc_enc_tile_destroy(enc->curtile); } if (enc->cp) { jpc_enc_cp_destroy(enc->cp); } if (enc->cstate) { jpc_cstate_destroy(enc->cstate); } if (enc->tmpstream) { jas_stream_close(enc->tmpstream); } jas_free(enc); }",jasper,,,63531027921201636816854485658762122883,0 4281,CWE-400,"struct r_bin_pe_addr_t *PE_(check_unknow)(RBinPEObj *pe) { struct r_bin_pe_addr_t *entry; if (!pe || !pe->b) { return 0LL; } ut8 b[512]; ZERO_FILL (b); entry = PE_ (r_bin_pe_get_entrypoint) (pe); if (r_buf_read_at (pe->b, entry->paddr, b, 512) < 1) { pe_printf (""Warning: Cannot read entry at 0x%08""PFMT64x""\n"", entry->paddr); free (entry); return NULL; } if (b[367] == 0xe8) { follow_offset (entry, pe->b, b, sizeof (b), pe->big_endian, 367); return entry; } size_t i; for (i = 0; i < 512 - 16 ; i++) { if (!memcmp (b + i, ""\xff\x15"", 2)) { if (b[i + 6] == 0x50) { if (b[i + 7] == 0xe8) { follow_offset (entry, pe->b, b, sizeof (b), pe->big_endian, i + 7); return entry; } } } } free (entry); return NULL; }",visit repo url,libr/bin/format/pe/pe.c,https://github.com/radareorg/radare2,206385808147654,1 2415,CWE-119,"static int http_open(URLContext *h, const char *uri, int flags, AVDictionary **options) { HTTPContext *s = h->priv_data; int ret; if( s->seekable == 1 ) h->is_streamed = 0; else h->is_streamed = 1; s->filesize = -1; s->location = av_strdup(uri); if (!s->location) return AVERROR(ENOMEM); if (options) av_dict_copy(&s->chained_options, *options, 0); if (s->headers) { int len = strlen(s->headers); if (len < 2 || strcmp(""\r\n"", s->headers + len - 2)) { av_log(h, AV_LOG_WARNING, ""No trailing CRLF found in HTTP header.\n""); ret = av_reallocp(&s->headers, len + 3); if (ret < 0) return ret; s->headers[len] = '\r'; s->headers[len + 1] = '\n'; s->headers[len + 2] = '\0'; } } if (s->listen) { return http_listen(h, uri, flags, options); } ret = http_open_cnx(h, options); if (ret < 0) av_dict_free(&s->chained_options); return ret; }",visit repo url,libavformat/http.c,https://github.com/FFmpeg/FFmpeg,123387598016316,1 6763,['CWE-310'],"destroy_wifi_dialog (gpointer user_data, GObject *finalized) { NMWifiInfo *info = user_data; gtk_widget_hide (info->dialog); gtk_widget_destroy (info->dialog); g_free (info->setting_name); g_free (info); }",network-manager-applet,,,178235805313262915352668072755176714192,0 3137,CWE-17,"apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes) { core_server_config *conf; apr_bucket *e; http_ctx_t *ctx = f->ctx; apr_status_t rv; apr_off_t totalread; int again; conf = (core_server_config *) ap_get_module_config(f->r->server->module_config, &core_module); if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE) { return ap_get_brigade(f->next, b, mode, block, readbytes); } if (!ctx) { const char *tenc, *lenp; f->ctx = ctx = apr_pcalloc(f->r->pool, sizeof(*ctx)); ctx->state = BODY_NONE; if (!f->r->proxyreq) { ctx->limit = ap_get_limit_req_body(f->r); } else { ctx->limit = 0; } tenc = apr_table_get(f->r->headers_in, ""Transfer-Encoding""); lenp = apr_table_get(f->r->headers_in, ""Content-Length""); if (tenc) { if (strcasecmp(tenc, ""chunked"") == 0 || ap_find_last_token(f->r->pool, tenc, ""chunked"")) { ctx->state = BODY_CHUNK; } else if (f->r->proxyreq == PROXYREQ_RESPONSE) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(02555) ""Unknown Transfer-Encoding: %s;"" "" using read-until-close"", tenc); tenc = NULL; } else { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01585) ""Unknown Transfer-Encoding: %s"", tenc); return APR_EGENERAL; } lenp = NULL; } if (lenp) { char *endstr; ctx->state = BODY_LENGTH; if (apr_strtoff(&ctx->remaining, lenp, &endstr, 10) || endstr == lenp || *endstr || ctx->remaining < 0) { ctx->remaining = 0; ap_log_rerror( APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01587) ""Invalid Content-Length""); return APR_ENOSPC; } if (ctx->limit && ctx->limit < ctx->remaining) { ap_log_rerror( APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01588) ""Requested content-length of %"" APR_OFF_T_FMT "" is larger than the configured limit"" "" of %"" APR_OFF_T_FMT, ctx->remaining, ctx->limit); return APR_ENOSPC; } } if (ctx->state == BODY_NONE && f->r->proxyreq != PROXYREQ_RESPONSE) { e = apr_bucket_eos_create(f->c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(b, e); ctx->eos_sent = 1; return APR_SUCCESS; } if ((ctx->state == BODY_CHUNK || (ctx->state == BODY_LENGTH && ctx->remaining > 0)) && f->r->expecting_100 && f->r->proto_num >= HTTP_VERSION(1,1) && !(f->r->eos_sent || f->r->bytes_sent)) { if (!ap_is_HTTP_SUCCESS(f->r->status)) { ctx->state = BODY_NONE; ctx->eos_sent = 1; } else { char *tmp; int len; apr_bucket_brigade *bb; bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc); f->r->expecting_100 = 0; tmp = apr_pstrcat(f->r->pool, AP_SERVER_PROTOCOL "" "", ap_get_status_line(HTTP_CONTINUE), CRLF CRLF, NULL); len = strlen(tmp); ap_xlate_proto_to_ascii(tmp, len); e = apr_bucket_pool_create(tmp, len, f->r->pool, f->c->bucket_alloc); APR_BRIGADE_INSERT_HEAD(bb, e); e = apr_bucket_flush_create(f->c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(bb, e); rv = ap_pass_brigade(f->c->output_filters, bb); if (rv != APR_SUCCESS) { return AP_FILTER_ERROR; } } } } if (ctx->eos_sent) { e = apr_bucket_eos_create(f->c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(b, e); return APR_SUCCESS; } do { apr_brigade_cleanup(b); again = 0; switch (ctx->state) { case BODY_CHUNK: case BODY_CHUNK_PART: case BODY_CHUNK_EXT: case BODY_CHUNK_END: { rv = ap_get_brigade(f->next, b, AP_MODE_GETLINE, block, 0); if (block == APR_NONBLOCK_READ && ((rv == APR_SUCCESS && APR_BRIGADE_EMPTY(b)) || (APR_STATUS_IS_EAGAIN(rv)))) { return APR_EAGAIN; } if (rv == APR_EOF) { return APR_INCOMPLETE; } if (rv != APR_SUCCESS) { return rv; } e = APR_BRIGADE_FIRST(b); while (e != APR_BRIGADE_SENTINEL(b)) { const char *buffer; apr_size_t len; if (!APR_BUCKET_IS_METADATA(e)) { rv = apr_bucket_read(e, &buffer, &len, APR_BLOCK_READ); if (rv == APR_SUCCESS) { rv = parse_chunk_size(ctx, buffer, len, f->r->server->limit_req_fieldsize); } if (rv != APR_SUCCESS) { ap_log_rerror( APLOG_MARK, APLOG_INFO, rv, f->r, APLOGNO(01590) ""Error reading chunk %s "", (APR_ENOSPC == rv) ? ""(overflow)"" : """"); return rv; } } apr_bucket_delete(e); e = APR_BRIGADE_FIRST(b); } again = 1; if (ctx->state == BODY_CHUNK_TRAILER) { int merge_trailers = conf->merge_trailers == AP_MERGE_TRAILERS_ENABLE; return read_chunked_trailers(ctx, f, b, merge_trailers); } break; } case BODY_NONE: case BODY_LENGTH: case BODY_CHUNK_DATA: { if (ctx->state != BODY_NONE && ctx->remaining < readbytes) { readbytes = ctx->remaining; } if (readbytes > 0) { rv = ap_get_brigade(f->next, b, mode, block, readbytes); if (block == APR_NONBLOCK_READ && ((rv == APR_SUCCESS && APR_BRIGADE_EMPTY(b)) || (APR_STATUS_IS_EAGAIN(rv)))) { return APR_EAGAIN; } if (rv == APR_EOF && ctx->state != BODY_NONE && ctx->remaining > 0) { return APR_INCOMPLETE; } if (rv != APR_SUCCESS) { return rv; } apr_brigade_length(b, 0, &totalread); AP_DEBUG_ASSERT(totalread >= 0); if (ctx->state != BODY_NONE) { ctx->remaining -= totalread; if (ctx->remaining > 0) { e = APR_BRIGADE_LAST(b); if (APR_BUCKET_IS_EOS(e)) { apr_bucket_delete(e); return APR_INCOMPLETE; } } else if (ctx->state == BODY_CHUNK_DATA) { ctx->state = BODY_CHUNK_END; ctx->chunk_used = 0; } } } if (ctx->state == BODY_LENGTH && ctx->remaining == 0) { e = apr_bucket_eos_create(f->c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(b, e); ctx->eos_sent = 1; } if (ctx->limit) { ctx->limit_used += totalread; if (ctx->limit < ctx->limit_used) { ap_log_rerror( APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01591) ""Read content-length of %"" APR_OFF_T_FMT "" is larger than the configured limit"" "" of %"" APR_OFF_T_FMT, ctx->limit_used, ctx->limit); return APR_ENOSPC; } } break; } case BODY_CHUNK_TRAILER: { rv = ap_get_brigade(f->next, b, mode, block, readbytes); if (block == APR_NONBLOCK_READ && ((rv == APR_SUCCESS && APR_BRIGADE_EMPTY(b)) || (APR_STATUS_IS_EAGAIN(rv)))) { return APR_EAGAIN; } if (rv != APR_SUCCESS) { return rv; } break; } default: { break; } } } while (again); return APR_SUCCESS; }",visit repo url,modules/http/http_filters.c,https://github.com/apache/httpd,269357152304926,1 4902,['CWE-20'],"static struct dentry *nfs_atomic_lookup(struct inode *dir, struct dentry *dentry, struct nameidata *nd) { struct dentry *res = NULL; int error; dfprintk(VFS, ""NFS: atomic_lookup(%s/%ld), %s\n"", dir->i_sb->s_id, dir->i_ino, dentry->d_name.name); if (!is_atomic_open(dir, nd)) goto no_open; if (dentry->d_name.len > NFS_SERVER(dir)->namelen) { res = ERR_PTR(-ENAMETOOLONG); goto out; } dentry->d_op = NFS_PROTO(dir)->dentry_ops; if (nd->intent.open.flags & O_EXCL) { d_add(dentry, NULL); goto out; } lock_kernel(); error = nfs_revalidate_inode(NFS_SERVER(dir), dir); if (error < 0) { res = ERR_PTR(error); unlock_kernel(); goto out; } if (nd->intent.open.flags & O_CREAT) { nfs_begin_data_update(dir); res = nfs4_atomic_open(dir, dentry, nd); nfs_end_data_update(dir); } else res = nfs4_atomic_open(dir, dentry, nd); unlock_kernel(); if (IS_ERR(res)) { error = PTR_ERR(res); switch (error) { case -ENOENT: res = NULL; goto out; case -EISDIR: case -ENOTDIR: goto no_open; case -ELOOP: if (!(nd->intent.open.flags & O_NOFOLLOW)) goto no_open; default: goto out; } } else if (res != NULL) dentry = res; nfs_renew_times(dentry); nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); out: return res; no_open: return nfs_lookup(dir, dentry, nd); }",linux-2.6,,,117012814966069720485118019755665224485,0 1860,CWE-125,"static int smb2_get_data_area_len(unsigned int *off, unsigned int *len, struct smb2_hdr *hdr) { int ret = 0; *off = 0; *len = 0; if (hdr->Status && hdr->Status != STATUS_MORE_PROCESSING_REQUIRED && (((struct smb2_err_rsp *)hdr)->StructureSize) == SMB2_ERROR_STRUCTURE_SIZE2_LE) return ret; switch (hdr->Command) { case SMB2_SESSION_SETUP: *off = le16_to_cpu(((struct smb2_sess_setup_req *)hdr)->SecurityBufferOffset); *len = le16_to_cpu(((struct smb2_sess_setup_req *)hdr)->SecurityBufferLength); break; case SMB2_TREE_CONNECT: *off = le16_to_cpu(((struct smb2_tree_connect_req *)hdr)->PathOffset); *len = le16_to_cpu(((struct smb2_tree_connect_req *)hdr)->PathLength); break; case SMB2_CREATE: { if (((struct smb2_create_req *)hdr)->CreateContextsLength) { *off = le32_to_cpu(((struct smb2_create_req *) hdr)->CreateContextsOffset); *len = le32_to_cpu(((struct smb2_create_req *) hdr)->CreateContextsLength); break; } *off = le16_to_cpu(((struct smb2_create_req *)hdr)->NameOffset); *len = le16_to_cpu(((struct smb2_create_req *)hdr)->NameLength); break; } case SMB2_QUERY_INFO: *off = le16_to_cpu(((struct smb2_query_info_req *)hdr)->InputBufferOffset); *len = le32_to_cpu(((struct smb2_query_info_req *)hdr)->InputBufferLength); break; case SMB2_SET_INFO: *off = le16_to_cpu(((struct smb2_set_info_req *)hdr)->BufferOffset); *len = le32_to_cpu(((struct smb2_set_info_req *)hdr)->BufferLength); break; case SMB2_READ: *off = le16_to_cpu(((struct smb2_read_req *)hdr)->ReadChannelInfoOffset); *len = le16_to_cpu(((struct smb2_read_req *)hdr)->ReadChannelInfoLength); break; case SMB2_WRITE: if (((struct smb2_write_req *)hdr)->DataOffset) { *off = le16_to_cpu(((struct smb2_write_req *)hdr)->DataOffset); *len = le32_to_cpu(((struct smb2_write_req *)hdr)->Length); break; } *off = le16_to_cpu(((struct smb2_write_req *)hdr)->WriteChannelInfoOffset); *len = le16_to_cpu(((struct smb2_write_req *)hdr)->WriteChannelInfoLength); break; case SMB2_QUERY_DIRECTORY: *off = le16_to_cpu(((struct smb2_query_directory_req *)hdr)->FileNameOffset); *len = le16_to_cpu(((struct smb2_query_directory_req *)hdr)->FileNameLength); break; case SMB2_LOCK: { int lock_count; lock_count = le16_to_cpu(((struct smb2_lock_req *)hdr)->LockCount) - 1; if (lock_count > 0) { *off = __SMB2_HEADER_STRUCTURE_SIZE + 48; *len = sizeof(struct smb2_lock_element) * lock_count; } break; } case SMB2_IOCTL: *off = le32_to_cpu(((struct smb2_ioctl_req *)hdr)->InputOffset); *len = le32_to_cpu(((struct smb2_ioctl_req *)hdr)->InputCount); break; default: ksmbd_debug(SMB, ""no length check for command\n""); break; } if (*off > 4096) { ksmbd_debug(SMB, ""offset %d too large\n"", *off); ret = -EINVAL; } else if ((u64)*off + *len > MAX_STREAM_PROT_LEN) { ksmbd_debug(SMB, ""Request is larger than maximum stream protocol length(%u): %llu\n"", MAX_STREAM_PROT_LEN, (u64)*off + *len); ret = -EINVAL; } return ret; }",visit repo url,fs/ksmbd/smb2misc.c,https://github.com/torvalds/linux,50194724857353,1 3609,['CWE-20'],"struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) { struct sctp_chunk *retval; struct sctp_sackhdr sack; int len; __u32 ctsn; __u16 num_gabs, num_dup_tsns; struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; ctsn = sctp_tsnmap_get_ctsn(map); SCTP_DEBUG_PRINTK(""sackCTSNAck sent: 0x%x.\n"", ctsn); num_gabs = sctp_tsnmap_num_gabs(map); num_dup_tsns = sctp_tsnmap_num_dups(map); sack.cum_tsn_ack = htonl(ctsn); sack.a_rwnd = htonl(asoc->a_rwnd); sack.num_gap_ack_blocks = htons(num_gabs); sack.num_dup_tsns = htons(num_dup_tsns); len = sizeof(sack) + sizeof(struct sctp_gap_ack_block) * num_gabs + sizeof(__u32) * num_dup_tsns; retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); if (!retval) goto nodata; retval->transport = asoc->peer.last_data_from; retval->subh.sack_hdr = sctp_addto_chunk(retval, sizeof(sack), &sack); if (num_gabs) sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, sctp_tsnmap_get_gabs(map)); if (num_dup_tsns) sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, sctp_tsnmap_get_dups(map)); nodata: return retval; }",linux-2.6,,,327881371815198476336524737847118693473,0 4195,['CWE-399'],"static void legacy_unicast_reflect_slot_timeout(AvahiTimeEvent *e, void *userdata) { AvahiLegacyUnicastReflectSlot *slot = userdata; assert(e); assert(slot); assert(slot->time_event == e); deallocate_slot(slot->server, slot); }",avahi,,,197737441803404080067737533435347014296,0 6408,CWE-20,"bool_t ksz8851IrqHandler(NetInterface *interface) { bool_t flag; size_t n; uint16_t ier; uint16_t isr; flag = FALSE; ier = ksz8851ReadReg(interface, KSZ8851_REG_IER); ksz8851WriteReg(interface, KSZ8851_REG_IER, 0); isr = ksz8851ReadReg(interface, KSZ8851_REG_ISR); if((isr & ISR_LCIS) != 0) { ier &= ~IER_LCIE; interface->nicEvent = TRUE; flag |= osSetEventFromIsr(&netEvent); } if((isr & ISR_TXIS) != 0) { ksz8851WriteReg(interface, KSZ8851_REG_ISR, ISR_TXIS); n = ksz8851ReadReg(interface, KSZ8851_REG_TXMIR) & TXMIR_TXMA_MASK; if(n >= (ETH_MAX_FRAME_SIZE + 8)) { flag |= osSetEventFromIsr(&interface->nicTxEvent); } } if((isr & ISR_RXIS) != 0) { ier &= ~IER_RXIE; interface->nicEvent = TRUE; flag |= osSetEventFromIsr(&netEvent); } ksz8851WriteReg(interface, KSZ8851_REG_IER, ier); return flag; }",visit repo url,drivers/eth/ksz8851_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,14769148355092,1 2907,['CWE-189'],"static int jas_icclut16_input(jas_iccattrval_t *attrval, jas_stream_t *in, int cnt) { int i; int j; int clutsize; jas_icclut16_t *lut16 = &attrval->data.lut16; lut16->clut = 0; lut16->intabs = 0; lut16->intabsbuf = 0; lut16->outtabs = 0; lut16->outtabsbuf = 0; if (jas_iccgetuint8(in, &lut16->numinchans) || jas_iccgetuint8(in, &lut16->numoutchans) || jas_iccgetuint8(in, &lut16->clutlen) || jas_stream_getc(in) == EOF) goto error; for (i = 0; i < 3; ++i) { for (j = 0; j < 3; ++j) { if (jas_iccgetsint32(in, &lut16->e[i][j])) goto error; } } if (jas_iccgetuint16(in, &lut16->numintabents) || jas_iccgetuint16(in, &lut16->numouttabents)) goto error; clutsize = jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans; if (!(lut16->clut = jas_alloc2(clutsize, sizeof(jas_iccuint16_t))) || !(lut16->intabsbuf = jas_alloc3(lut16->numinchans, lut16->numintabents, sizeof(jas_iccuint16_t))) || !(lut16->intabs = jas_alloc2(lut16->numinchans, sizeof(jas_iccuint16_t *)))) goto error; for (i = 0; i < lut16->numinchans; ++i) lut16->intabs[i] = &lut16->intabsbuf[i * lut16->numintabents]; if (!(lut16->outtabsbuf = jas_alloc3(lut16->numoutchans, lut16->numouttabents, sizeof(jas_iccuint16_t))) || !(lut16->outtabs = jas_alloc2(lut16->numoutchans, sizeof(jas_iccuint16_t *)))) goto error; for (i = 0; i < lut16->numoutchans; ++i) lut16->outtabs[i] = &lut16->outtabsbuf[i * lut16->numouttabents]; for (i = 0; i < lut16->numinchans; ++i) { for (j = 0; j < JAS_CAST(int, lut16->numintabents); ++j) { if (jas_iccgetuint16(in, &lut16->intabs[i][j])) goto error; } } for (i = 0; i < lut16->numoutchans; ++i) { for (j = 0; j < JAS_CAST(int, lut16->numouttabents); ++j) { if (jas_iccgetuint16(in, &lut16->outtabs[i][j])) goto error; } } for (i = 0; i < clutsize; ++i) { if (jas_iccgetuint16(in, &lut16->clut[i])) goto error; } if (JAS_CAST(int, 44 + 2 * (lut16->numinchans * lut16->numintabents + lut16->numoutchans * lut16->numouttabents + jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans)) != cnt) goto error; return 0; error: jas_icclut16_destroy(attrval); return -1; }",jasper,,,272157365553267771237455208306270672303,0 439,CWE-362,"static int fanout_add(struct sock *sk, u16 id, u16 type_flags) { struct packet_rollover *rollover = NULL; struct packet_sock *po = pkt_sk(sk); struct packet_fanout *f, *match; u8 type = type_flags & 0xff; u8 flags = type_flags >> 8; int err; switch (type) { case PACKET_FANOUT_ROLLOVER: if (type_flags & PACKET_FANOUT_FLAG_ROLLOVER) return -EINVAL; case PACKET_FANOUT_HASH: case PACKET_FANOUT_LB: case PACKET_FANOUT_CPU: case PACKET_FANOUT_RND: case PACKET_FANOUT_QM: case PACKET_FANOUT_CBPF: case PACKET_FANOUT_EBPF: break; default: return -EINVAL; } mutex_lock(&fanout_mutex); err = -EINVAL; if (!po->running) goto out; err = -EALREADY; if (po->fanout) goto out; if (type == PACKET_FANOUT_ROLLOVER || (type_flags & PACKET_FANOUT_FLAG_ROLLOVER)) { err = -ENOMEM; rollover = kzalloc(sizeof(*rollover), GFP_KERNEL); if (!rollover) goto out; atomic_long_set(&rollover->num, 0); atomic_long_set(&rollover->num_huge, 0); atomic_long_set(&rollover->num_failed, 0); po->rollover = rollover; } if (type_flags & PACKET_FANOUT_FLAG_UNIQUEID) { if (id != 0) { err = -EINVAL; goto out; } if (!fanout_find_new_id(sk, &id)) { err = -ENOMEM; goto out; } flags &= ~(PACKET_FANOUT_FLAG_UNIQUEID >> 8); } match = NULL; list_for_each_entry(f, &fanout_list, list) { if (f->id == id && read_pnet(&f->net) == sock_net(sk)) { match = f; break; } } err = -EINVAL; if (match && match->flags != flags) goto out; if (!match) { err = -ENOMEM; match = kzalloc(sizeof(*match), GFP_KERNEL); if (!match) goto out; write_pnet(&match->net, sock_net(sk)); match->id = id; match->type = type; match->flags = flags; INIT_LIST_HEAD(&match->list); spin_lock_init(&match->lock); refcount_set(&match->sk_ref, 0); fanout_init_data(match); match->prot_hook.type = po->prot_hook.type; match->prot_hook.dev = po->prot_hook.dev; match->prot_hook.func = packet_rcv_fanout; match->prot_hook.af_packet_priv = match; match->prot_hook.id_match = match_fanout_group; list_add(&match->list, &fanout_list); } err = -EINVAL; if (match->type == type && match->prot_hook.type == po->prot_hook.type && match->prot_hook.dev == po->prot_hook.dev) { err = -ENOSPC; if (refcount_read(&match->sk_ref) < PACKET_FANOUT_MAX) { __dev_remove_pack(&po->prot_hook); po->fanout = match; refcount_set(&match->sk_ref, refcount_read(&match->sk_ref) + 1); __fanout_link(sk, po); err = 0; } } out: if (err && rollover) { kfree(rollover); po->rollover = NULL; } mutex_unlock(&fanout_mutex); return err; }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,231543872224476,1 5843,CWE-120,"PJ_DEF(void) pjsip_auth_create_digest( pj_str_t *result, const pj_str_t *nonce, const pj_str_t *nc, const pj_str_t *cnonce, const pj_str_t *qop, const pj_str_t *uri, const pj_str_t *realm, const pjsip_cred_info *cred_info, const pj_str_t *method) { char ha1[PJSIP_MD5STRLEN]; char ha2[PJSIP_MD5STRLEN]; unsigned char digest[16]; pj_md5_context pms; pj_assert(result->slen >= PJSIP_MD5STRLEN); AUTH_TRACE_((THIS_FILE, ""Begin creating digest"")); if ((cred_info->data_type & PASSWD_MASK) == PJSIP_CRED_DATA_PLAIN_PASSWD) { pj_md5_init(&pms); MD5_APPEND( &pms, cred_info->username.ptr, cred_info->username.slen); MD5_APPEND( &pms, "":"", 1); MD5_APPEND( &pms, realm->ptr, realm->slen); MD5_APPEND( &pms, "":"", 1); MD5_APPEND( &pms, cred_info->data.ptr, cred_info->data.slen); pj_md5_final(&pms, digest); digestNtoStr(digest, 16, ha1); } else if ((cred_info->data_type & PASSWD_MASK) == PJSIP_CRED_DATA_DIGEST) { pj_assert(cred_info->data.slen == 32); pj_memcpy( ha1, cred_info->data.ptr, cred_info->data.slen ); } else { pj_assert(!""Invalid data_type""); } AUTH_TRACE_((THIS_FILE, "" ha1=%.32s"", ha1)); pj_md5_init(&pms); MD5_APPEND( &pms, method->ptr, method->slen); MD5_APPEND( &pms, "":"", 1); MD5_APPEND( &pms, uri->ptr, uri->slen); pj_md5_final(&pms, digest); digestNtoStr(digest, 16, ha2); AUTH_TRACE_((THIS_FILE, "" ha2=%.32s"", ha2)); pj_md5_init(&pms); MD5_APPEND( &pms, ha1, PJSIP_MD5STRLEN); MD5_APPEND( &pms, "":"", 1); MD5_APPEND( &pms, nonce->ptr, nonce->slen); if (qop && qop->slen != 0) { MD5_APPEND( &pms, "":"", 1); MD5_APPEND( &pms, nc->ptr, nc->slen); MD5_APPEND( &pms, "":"", 1); MD5_APPEND( &pms, cnonce->ptr, cnonce->slen); MD5_APPEND( &pms, "":"", 1); MD5_APPEND( &pms, qop->ptr, qop->slen); } MD5_APPEND( &pms, "":"", 1); MD5_APPEND( &pms, ha2, PJSIP_MD5STRLEN); pj_md5_final(&pms, digest); result->slen = PJSIP_MD5STRLEN; digestNtoStr(digest, 16, result->ptr); AUTH_TRACE_((THIS_FILE, "" digest=%.32s"", result->ptr)); AUTH_TRACE_((THIS_FILE, ""Digest created"")); }",visit repo url,pjsip/src/pjsip/sip_auth_client.c,https://github.com/pjsip/pjproject,151394308593637,1 2700,[],"SCTP_STATIC int sctp_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen) { int retval = 0; SCTP_DEBUG_PRINTK(""sctp_setsockopt(sk: %p... optname: %d)\n"", sk, optname); if (level != SOL_SCTP) { struct sctp_af *af = sctp_sk(sk)->pf->af; retval = af->setsockopt(sk, level, optname, optval, optlen); goto out_nounlock; } sctp_lock_sock(sk); switch (optname) { case SCTP_SOCKOPT_BINDX_ADD: retval = sctp_setsockopt_bindx(sk, (struct sockaddr __user *)optval, optlen, SCTP_BINDX_ADD_ADDR); break; case SCTP_SOCKOPT_BINDX_REM: retval = sctp_setsockopt_bindx(sk, (struct sockaddr __user *)optval, optlen, SCTP_BINDX_REM_ADDR); break; case SCTP_SOCKOPT_CONNECTX_OLD: retval = sctp_setsockopt_connectx_old(sk, (struct sockaddr __user *)optval, optlen); break; case SCTP_SOCKOPT_CONNECTX: retval = sctp_setsockopt_connectx(sk, (struct sockaddr __user *)optval, optlen); break; case SCTP_DISABLE_FRAGMENTS: retval = sctp_setsockopt_disable_fragments(sk, optval, optlen); break; case SCTP_EVENTS: retval = sctp_setsockopt_events(sk, optval, optlen); break; case SCTP_AUTOCLOSE: retval = sctp_setsockopt_autoclose(sk, optval, optlen); break; case SCTP_PEER_ADDR_PARAMS: retval = sctp_setsockopt_peer_addr_params(sk, optval, optlen); break; case SCTP_DELAYED_ACK: retval = sctp_setsockopt_delayed_ack(sk, optval, optlen); break; case SCTP_PARTIAL_DELIVERY_POINT: retval = sctp_setsockopt_partial_delivery_point(sk, optval, optlen); break; case SCTP_INITMSG: retval = sctp_setsockopt_initmsg(sk, optval, optlen); break; case SCTP_DEFAULT_SEND_PARAM: retval = sctp_setsockopt_default_send_param(sk, optval, optlen); break; case SCTP_PRIMARY_ADDR: retval = sctp_setsockopt_primary_addr(sk, optval, optlen); break; case SCTP_SET_PEER_PRIMARY_ADDR: retval = sctp_setsockopt_peer_primary_addr(sk, optval, optlen); break; case SCTP_NODELAY: retval = sctp_setsockopt_nodelay(sk, optval, optlen); break; case SCTP_RTOINFO: retval = sctp_setsockopt_rtoinfo(sk, optval, optlen); break; case SCTP_ASSOCINFO: retval = sctp_setsockopt_associnfo(sk, optval, optlen); break; case SCTP_I_WANT_MAPPED_V4_ADDR: retval = sctp_setsockopt_mappedv4(sk, optval, optlen); break; case SCTP_MAXSEG: retval = sctp_setsockopt_maxseg(sk, optval, optlen); break; case SCTP_ADAPTATION_LAYER: retval = sctp_setsockopt_adaptation_layer(sk, optval, optlen); break; case SCTP_CONTEXT: retval = sctp_setsockopt_context(sk, optval, optlen); break; case SCTP_FRAGMENT_INTERLEAVE: retval = sctp_setsockopt_fragment_interleave(sk, optval, optlen); break; case SCTP_MAX_BURST: retval = sctp_setsockopt_maxburst(sk, optval, optlen); break; case SCTP_AUTH_CHUNK: retval = sctp_setsockopt_auth_chunk(sk, optval, optlen); break; case SCTP_HMAC_IDENT: retval = sctp_setsockopt_hmac_ident(sk, optval, optlen); break; case SCTP_AUTH_KEY: retval = sctp_setsockopt_auth_key(sk, optval, optlen); break; case SCTP_AUTH_ACTIVE_KEY: retval = sctp_setsockopt_active_key(sk, optval, optlen); break; case SCTP_AUTH_DELETE_KEY: retval = sctp_setsockopt_del_key(sk, optval, optlen); break; default: retval = -ENOPROTOOPT; break; } sctp_release_sock(sk); out_nounlock: return retval; }",linux-2.6,,,219335902027612399395452000126127458305,0 4158,['CWE-399'],"static int setup_sockets(AvahiServer *s) { assert(s); s->fd_ipv4 = s->config.use_ipv4 ? avahi_open_socket_ipv4(s->config.disallow_other_stacks) : -1; s->fd_ipv6 = s->config.use_ipv6 ? avahi_open_socket_ipv6(s->config.disallow_other_stacks) : -1; if (s->fd_ipv6 < 0 && s->fd_ipv4 < 0) return AVAHI_ERR_NO_NETWORK; if (s->fd_ipv4 < 0 && s->config.use_ipv4) avahi_log_notice(""Failed to create IPv4 socket, proceeding in IPv6 only mode""); else if (s->fd_ipv6 < 0 && s->config.use_ipv6) avahi_log_notice(""Failed to create IPv6 socket, proceeding in IPv4 only mode""); s->fd_legacy_unicast_ipv4 = s->fd_ipv4 >= 0 && s->config.enable_reflector ? avahi_open_unicast_socket_ipv4() : -1; s->fd_legacy_unicast_ipv6 = s->fd_ipv6 >= 0 && s->config.enable_reflector ? avahi_open_unicast_socket_ipv6() : -1; s->watch_ipv4 = s->watch_ipv6 = s->watch_legacy_unicast_ipv4 = s->watch_legacy_unicast_ipv6 = NULL; if (s->fd_ipv4 >= 0) s->watch_ipv4 = s->poll_api->watch_new(s->poll_api, s->fd_ipv4, AVAHI_WATCH_IN, mcast_socket_event, s); if (s->fd_ipv6 >= 0) s->watch_ipv6 = s->poll_api->watch_new(s->poll_api, s->fd_ipv6, AVAHI_WATCH_IN, mcast_socket_event, s); if (s->fd_legacy_unicast_ipv4 >= 0) s->watch_legacy_unicast_ipv4 = s->poll_api->watch_new(s->poll_api, s->fd_legacy_unicast_ipv4, AVAHI_WATCH_IN, legacy_unicast_socket_event, s); if (s->fd_legacy_unicast_ipv6 >= 0) s->watch_legacy_unicast_ipv6 = s->poll_api->watch_new(s->poll_api, s->fd_legacy_unicast_ipv6, AVAHI_WATCH_IN, legacy_unicast_socket_event, s); return 0; }",avahi,,,266597600778685670645990003608262398405,0 2537,CWE-787,"archive_string_append_from_wcs(struct archive_string *as, const wchar_t *w, size_t len) { int n, ret_val = 0; char *p; char *end; #if HAVE_WCRTOMB mbstate_t shift_state; memset(&shift_state, 0, sizeof(shift_state)); #else wctomb(NULL, L'\0'); #endif if (archive_string_ensure(as, as->length + len + 1) == NULL) return (-1); p = as->s + as->length; end = as->s + as->buffer_length - MB_CUR_MAX -1; while (*w != L'\0' && len > 0) { if (p >= end) { as->length = p - as->s; as->s[as->length] = '\0'; if (archive_string_ensure(as, as->length + len * 2 + 1) == NULL) return (-1); p = as->s + as->length; end = as->s + as->buffer_length - MB_CUR_MAX -1; } #if HAVE_WCRTOMB n = wcrtomb(p, *w++, &shift_state); #else n = wctomb(p, *w++); #endif if (n == -1) { if (errno == EILSEQ) { *p++ = '?'; ret_val = -1; } else { ret_val = -1; break; } } else p += n; len--; } as->length = p - as->s; as->s[as->length] = '\0'; return (ret_val); }",visit repo url,libarchive/archive_string.c,https://github.com/libarchive/libarchive,279514831376111,1 3720,[],"static void inc_inflight_move_tail(struct unix_sock *u) { atomic_long_inc(&u->inflight); if (u->gc_maybe_cycle) list_move_tail(&u->link, &gc_candidates); }",linux-2.6,,,202414927693860487935681599647187088308,0 4538,['CWE-20'],"static inline unsigned dx_get_count(struct dx_entry *entries) { return le16_to_cpu(((struct dx_countlimit *) entries)->count); }",linux-2.6,,,69207970858754216893738666016652304320,0 1057,CWE-20,"static ssize_t generic_perform_write(struct file *file, struct iov_iter *i, loff_t pos) { struct address_space *mapping = file->f_mapping; const struct address_space_operations *a_ops = mapping->a_ops; long status = 0; ssize_t written = 0; unsigned int flags = 0; if (segment_eq(get_fs(), KERNEL_DS)) flags |= AOP_FLAG_UNINTERRUPTIBLE; do { struct page *page; pgoff_t index; unsigned long offset; unsigned long bytes; size_t copied; void *fsdata; offset = (pos & (PAGE_CACHE_SIZE - 1)); index = pos >> PAGE_CACHE_SHIFT; bytes = min_t(unsigned long, PAGE_CACHE_SIZE - offset, iov_iter_count(i)); again: if (unlikely(iov_iter_fault_in_readable(i, bytes))) { status = -EFAULT; break; } status = a_ops->write_begin(file, mapping, pos, bytes, flags, &page, &fsdata); if (unlikely(status)) break; pagefault_disable(); copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes); pagefault_enable(); flush_dcache_page(page); status = a_ops->write_end(file, mapping, pos, bytes, copied, page, fsdata); if (unlikely(status < 0)) break; copied = status; cond_resched(); if (unlikely(copied == 0)) { bytes = min_t(unsigned long, PAGE_CACHE_SIZE - offset, iov_iter_single_seg_count(i)); goto again; } iov_iter_advance(i, copied); pos += copied; written += copied; balance_dirty_pages_ratelimited(mapping); } while (iov_iter_count(i)); return written ? written : status; }",visit repo url,mm/filemap.c,https://github.com/torvalds/linux,22909494732503,1 4120,CWE-125,"static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) { int ret; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; unsigned char *p = NULL, *end = NULL; MBEDTLS_SSL_DEBUG_MSG( 2, ( ""=> parse server key exchange"" ) ); #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( ""<= skip parse server key exchange"" ) ); ssl->state++; return( 0 ); } ((void) p); ((void) end); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) { if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ""ssl_get_ecdh_params_from_cert"", ret ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( ret ); } MBEDTLS_SSL_DEBUG_MSG( 2, ( ""<= skip parse server key exchange"" ) ); ssl->state++; return( 0 ); } ((void) p); ((void) end); #endif if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ""mbedtls_ssl_read_record"", ret ); return( ret ); } if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE ) { if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) { ssl->keep_current_message = 1; goto exit; } MBEDTLS_SSL_DEBUG_MSG( 1, ( ""server key exchange message must "" ""not be skipped"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); end = ssl->in_msg + ssl->in_hslen; MBEDTLS_SSL_DEBUG_BUF( 3, ""server key exchange"", p, end - p ); #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } #endif #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) ; else #endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) { if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } else #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) { if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } else #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, p, end - p ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, ""mbedtls_ecjpake_read_round_two"", ret ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } else #endif { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""should never happen"" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) { size_t sig_len, hashlen; unsigned char hash[64]; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); size_t params_len = p - params; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { if( ssl_parse_signature_algorithm( ssl, &p, end, &md_alg, &pk_alg ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } if( pk_alg != mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } else #endif #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) { pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE ) md_alg = MBEDTLS_MD_SHA1; } else #endif { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""should never happen"" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } if( p > end - 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } sig_len = ( p[0] << 8 ) | p[1]; p += 2; if( end != p + sig_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } MBEDTLS_SSL_DEBUG_BUF( 3, ""signature"", p, sig_len ); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) if( md_alg == MBEDTLS_MD_NONE ) { hashlen = 36; ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params, params_len ); if( ret != 0 ) return( ret ); } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) if( md_alg != MBEDTLS_MD_NONE ) { hashlen = 0; ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, params, params_len, md_alg ); if( ret != 0 ) return( ret ); } else #endif { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""should never happen"" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } MBEDTLS_SSL_DEBUG_BUF( 3, ""parameters hash"", hash, hashlen != 0 ? hashlen : (unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) ); if( ssl->session_negotiate->peer_cert == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( ""certificate required"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( ""bad server key exchange message"" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); } if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk, md_alg, hash, hashlen, p, sig_len ) ) != 0 ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); MBEDTLS_SSL_DEBUG_RET( 1, ""mbedtls_pk_verify"", ret ); return( ret ); } } #endif exit: ssl->state++; MBEDTLS_SSL_DEBUG_MSG( 2, ( ""<= parse server key exchange"" ) ); return( 0 ); }",visit repo url,library/ssl_cli.c,https://github.com/ARMmbed/mbedtls,226062363862489,1 5408,CWE-863,"parsegid(const char *s, gid_t *gid) { struct group *gr; const char *errstr; if ((gr = getgrnam(s)) != NULL) { *gid = gr->gr_gid; return 0; } #if !defined(__linux__) && !defined(__NetBSD__) *gid = strtonum(s, 0, GID_MAX, &errstr); #else sscanf(s, ""%d"", gid); #endif if (errstr) return -1; return 0; }",visit repo url,doas.c,https://github.com/slicer69/doas,151489711142308,1 2056,CWE-665,"static struct ib_ucontext *hns_roce_alloc_ucontext(struct ib_device *ib_dev, struct ib_udata *udata) { int ret = 0; struct hns_roce_ucontext *context; struct hns_roce_ib_alloc_ucontext_resp resp; struct hns_roce_dev *hr_dev = to_hr_dev(ib_dev); resp.qp_tab_size = hr_dev->caps.num_qps; context = kmalloc(sizeof(*context), GFP_KERNEL); if (!context) return ERR_PTR(-ENOMEM); ret = hns_roce_uar_alloc(hr_dev, &context->uar); if (ret) goto error_fail_uar_alloc; if (hr_dev->caps.flags & HNS_ROCE_CAP_FLAG_RECORD_DB) { INIT_LIST_HEAD(&context->page_list); mutex_init(&context->page_mutex); } ret = ib_copy_to_udata(udata, &resp, sizeof(resp)); if (ret) goto error_fail_copy_to_udata; return &context->ibucontext; error_fail_copy_to_udata: hns_roce_uar_free(hr_dev, &context->uar); error_fail_uar_alloc: kfree(context); return ERR_PTR(ret); }",visit repo url,drivers/infiniband/hw/hns/hns_roce_main.c,https://github.com/torvalds/linux,238774771942251,1 6194,CWE-190,"void fp_prime_set_pairf(const bn_t x, int pairf) { bn_t p, t0, t1; ctx_t *ctx = core_get(); int len = bn_bits(x) + 1; int8_t s[RLC_FP_BITS + 1]; bn_null(p); bn_null(t0); bn_null(t1); RLC_TRY { bn_new(p); bn_new(t0); bn_new(t1); bn_copy(&(ctx->par), x); bn_copy(t0, x); switch (pairf) { case EP_BN: bn_set_dig(p, 1); bn_mul_dig(t1, t0, 6); bn_add(p, p, t1); bn_mul(t1, t0, t0); bn_mul_dig(t1, t1, 24); bn_add(p, p, t1); bn_mul(t1, t0, t0); bn_mul(t1, t1, t0); bn_mul_dig(t1, t1, 36); bn_add(p, p, t1); bn_mul(t0, t0, t0); bn_mul(t1, t0, t0); bn_mul_dig(t1, t1, 36); bn_add(p, p, t1); fp_prime_set_dense(p); break; case EP_B12: bn_sqr(t1, t0); bn_sqr(p, t1); bn_sub(p, p, t1); bn_add_dig(p, p, 1); bn_sub(t1, t1, t0); bn_sub(t1, t1, t0); bn_add_dig(t1, t1, 1); bn_mul(p, p, t1); bn_div_dig(p, p, 3); bn_add(p, p, t0); fp_prime_set_dense(p); break; case EP_OT8: bn_set_dig(p, 4); bn_mul_dig(t1, t0, 4); bn_add(p, p, t1); bn_sqr(t0, t0); bn_add(p, p, t0); bn_sqr(t1, t0); bn_add(p, p, t1); bn_add(p, p, t1); bn_add(p, p, t1); bn_add(p, p, t1); bn_add(p, p, t1); bn_mul(t1, t1, t0); bn_add(p, p, t1); bn_mul(t1, t1, t0); bn_add(p, p, t1); bn_div_dig(p, p, 4); fp_prime_set_dense(p); break; case EP_B24: bn_sqr(t1, t0); bn_sqr(t1, t1); bn_sqr(p, t1); bn_sub(p, p, t1); bn_add_dig(p, p, 1); bn_sub_dig(t1, t0, 1); bn_sqr(t1, t1); bn_mul(p, p, t1); bn_div_dig(p, p, 3); bn_add(p, p, t0); fp_prime_set_dense(p); break; case EP_B48: bn_sqr(t1, t0); bn_sqr(t1, t1); bn_sqr(p, t1); bn_sqr(t1, p); bn_sub(t1, t1, p); bn_add_dig(t1, t1, 1); bn_sub_dig(p, t0, 1); bn_sqr(p, p); bn_mul(p, p, t1); bn_div_dig(p, p, 3); bn_add(p, p, t0); fp_prime_set_dense(p); break; case EP_K54: bn_set_dig(p, 1); bn_mul_dig(t1, t0, 3); bn_add(p, p, t1); bn_sqr(t1, t0); bn_add(p, p, t1); bn_add(p, p, t1); bn_add(p, p, t1); bn_sqr(t1, t1); bn_sqr(t1, t1); bn_mul(t1, t1, t0); bn_mul_dig(t1, t1, 243); bn_add(p, p, t1); bn_mul(t1, t1, t0); bn_add(p, p, t1); bn_mul_dig(t1, t1, 3); bn_add(p, p, t1); bn_mul(t1, t1, t0); bn_add(p, p, t1); bn_mul_dig(t1, t1, 27); bn_mul(t1, t1, t0); bn_mul(t1, t1, t0); bn_mul(t1, t1, t0); bn_mul(t1, t1, t0); bn_mul(t1, t1, t0); bn_mul(t1, t1, t0); bn_mul(t1, t1, t0); bn_add(p, p, t1); bn_mul_dig(t1, t1, 3); bn_mul(t1, t1, t0); bn_add(p, p, t1); bn_mul(t1, t1, t0); bn_add(p, p, t1); fp_prime_set_dense(p); break; } ctx->par_len = 0; bn_rec_naf(s, &len, &(ctx->par), 2); if (s[0] == -1) { s[0] = 1; s[1] = -1; } for (int i = 0; i < len && ctx->par_len < RLC_TERMS; i++) { if (s[i] > 0) { ctx->par_sps[ctx->par_len++] = i; } if (s[i] < 0) { ctx->par_sps[ctx->par_len++] = -i; } } if (ctx->par_len == RLC_TERMS) { RLC_THROW(ERR_NO_VALID); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(p); bn_free(t0); bn_free(t1); } }",visit repo url,src/fp/relic_fp_prime.c,https://github.com/relic-toolkit/relic,69418594097849,1 2764,['CWE-189'],"void sctp_auth_key_put(struct sctp_auth_bytes *key) { if (!key) return; if (atomic_dec_and_test(&key->refcnt)) { kfree(key); SCTP_DBG_OBJCNT_DEC(keys); } }",linux-2.6,,,102818374461066317207229023286835542941,0 1341,['CWE-399'],"ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) { int err = 0; struct ip_tunnel_parm p; struct ip_tunnel_prl prl; struct ip_tunnel *t; struct net *net = dev_net(dev); struct sit_net *sitn = net_generic(net, sit_net_id); switch (cmd) { case SIOCGETTUNNEL: t = NULL; if (dev == sitn->fb_tunnel_dev) { if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { err = -EFAULT; break; } t = ipip6_tunnel_locate(net, &p, 0); } if (t == NULL) t = netdev_priv(dev); memcpy(&p, &t->parms, sizeof(p)); if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) err = -EFAULT; break; case SIOCADDTUNNEL: case SIOCCHGTUNNEL: err = -EPERM; if (!capable(CAP_NET_ADMIN)) goto done; err = -EFAULT; if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) goto done; err = -EINVAL; if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPV6 || p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF))) goto done; if (p.iph.ttl) p.iph.frag_off |= htons(IP_DF); t = ipip6_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL); if (dev != sitn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { if (t != NULL) { if (t->dev != dev) { err = -EEXIST; break; } } else { if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) || (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) { err = -EINVAL; break; } t = netdev_priv(dev); ipip6_tunnel_unlink(sitn, t); t->parms.iph.saddr = p.iph.saddr; t->parms.iph.daddr = p.iph.daddr; memcpy(dev->dev_addr, &p.iph.saddr, 4); memcpy(dev->broadcast, &p.iph.daddr, 4); ipip6_tunnel_link(sitn, t); netdev_state_change(dev); } } if (t) { err = 0; if (cmd == SIOCCHGTUNNEL) { t->parms.iph.ttl = p.iph.ttl; t->parms.iph.tos = p.iph.tos; if (t->parms.link != p.link) { t->parms.link = p.link; ipip6_tunnel_bind_dev(dev); netdev_state_change(dev); } } if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p))) err = -EFAULT; } else err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); break; case SIOCDELTUNNEL: err = -EPERM; if (!capable(CAP_NET_ADMIN)) goto done; if (dev == sitn->fb_tunnel_dev) { err = -EFAULT; if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) goto done; err = -ENOENT; if ((t = ipip6_tunnel_locate(net, &p, 0)) == NULL) goto done; err = -EPERM; if (t == netdev_priv(sitn->fb_tunnel_dev)) goto done; dev = t->dev; } unregister_netdevice(dev); err = 0; break; case SIOCGETPRL: case SIOCADDPRL: case SIOCDELPRL: case SIOCCHGPRL: err = -EPERM; if (cmd != SIOCGETPRL && !capable(CAP_NET_ADMIN)) goto done; err = -EINVAL; if (dev == sitn->fb_tunnel_dev) goto done; err = -EFAULT; if (copy_from_user(&prl, ifr->ifr_ifru.ifru_data, sizeof(prl))) goto done; err = -ENOENT; if (!(t = netdev_priv(dev))) goto done; switch (cmd) { case SIOCGETPRL: err = ipip6_tunnel_get_prl(t, &prl); if (!err && copy_to_user(ifr->ifr_ifru.ifru_data, &prl, sizeof(prl))) err = -EFAULT; break; case SIOCDELPRL: err = ipip6_tunnel_del_prl(t, &prl); break; case SIOCADDPRL: case SIOCCHGPRL: err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL); break; } if (cmd != SIOCGETPRL) netdev_state_change(dev); break; default: err = -EINVAL; } done: return err; }",linux-2.6,,,339700465609974129502041844307526400764,0 1835,['CWE-189'],"_gnutls_read_server_hello (gnutls_session_t session, opaque * data, int datalen) { uint8_t session_id_len = 0; int pos = 0; int ret = 0; gnutls_protocol_t version; int len = datalen; if (datalen < 38) { gnutls_assert (); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } _gnutls_handshake_log (""HSK[%x]: Server's version: %d.%d\n"", session, data[pos], data[pos + 1]); DECR_LEN (len, 2); version = _gnutls_version_get (data[pos], data[pos + 1]); if (_gnutls_version_is_supported (session, version) == 0) { gnutls_assert (); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } else { _gnutls_set_current_version (session, version); } pos += 2; DECR_LEN (len, TLS_RANDOM_SIZE); _gnutls_set_server_random (session, &data[pos]); pos += TLS_RANDOM_SIZE; DECR_LEN (len, 1); session_id_len = data[pos++]; if (len < session_id_len) { gnutls_assert (); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } DECR_LEN (len, session_id_len); if (_gnutls_client_check_if_resuming (session, &data[pos], session_id_len) == 0) return 0; pos += session_id_len; DECR_LEN (len, 2); ret = _gnutls_client_set_ciphersuite (session, &data[pos]); if (ret < 0) { gnutls_assert (); return ret; } pos += 2; DECR_LEN (len, 1); ret = _gnutls_client_set_comp_method (session, data[pos++]); if (ret < 0) { gnutls_assert (); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } if (version >= GNUTLS_TLS1) { ret = _gnutls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); if (ret < 0) { gnutls_assert (); return ret; } } return ret; }",gnutls,,,204016198838287832575454242322797253545,0 2567,CWE-121,"static ssize_t drop_sync(QIOChannel *ioc, size_t size) { ssize_t ret = 0; char small[1024]; char *buffer; buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size)); while (size > 0) { ssize_t count = read_sync(ioc, buffer, MIN(65536, size)); if (count <= 0) { goto cleanup; } assert(count <= size); size -= count; ret += count; } cleanup: if (buffer != small) { g_free(buffer); } return ret; }",visit repo url,nbd/client.c,https://github.com/qemu/qemu,270178504469508,1 4496,CWE-416,"GF_Err audio_sample_entry_Read(GF_Box *s, GF_BitStream *bs) { GF_MPEGAudioSampleEntryBox *ptr; char *data; u8 a, b, c, d; u32 i, size, v, nb_alnum; GF_Err e; u64 pos, start; ptr = (GF_MPEGAudioSampleEntryBox *)s; start = gf_bs_get_position(bs); gf_bs_seek(bs, start + 8); v = gf_bs_read_u16(bs); if (v) ptr->is_qtff = 1; if (v==1) { gf_bs_seek(bs, start + 8 + 20 + 4); a = gf_bs_read_u8(bs); b = gf_bs_read_u8(bs); c = gf_bs_read_u8(bs); d = gf_bs_read_u8(bs); nb_alnum = 0; if (isalnum(a)) nb_alnum++; if (isalnum(b)) nb_alnum++; if (isalnum(c)) nb_alnum++; if (isalnum(d)) nb_alnum++; if (nb_alnum>2) ptr->is_qtff = 0; } gf_bs_seek(bs, start); e = gf_isom_audio_sample_entry_read((GF_AudioSampleEntryBox*)s, bs); if (e) return e; pos = gf_bs_get_position(bs); size = (u32) s->size; if (gf_bs_get_cookie(bs)) { ptr->is_qtff |= 1<<16; } e = gf_isom_box_array_read(s, bs, audio_sample_entry_AddBox); if (!e) return GF_OK; if (size<8) return GF_ISOM_INVALID_FILE; gf_bs_seek(bs, pos); data = (char*)gf_malloc(sizeof(char) * size); gf_bs_read_data(bs, data, size); for (i=0; iesd) { gf_isom_box_del((GF_Box *)ptr->esd); ptr->esd=NULL; } e = gf_isom_box_parse((GF_Box **)&ptr->esd, mybs); if (e==GF_OK) { gf_isom_box_add_for_dump_mode((GF_Box*)ptr, (GF_Box*)ptr->esd); } else if (ptr->esd) { gf_isom_box_del((GF_Box *)ptr->esd); ptr->esd=NULL; } gf_bs_del(mybs); break; } } gf_free(data); return e; }",visit repo url,src/isomedia/box_code_base.c,https://github.com/gpac/gpac,12203855638604,1 1410,CWE-310,"static int crypto_report_one(struct crypto_alg *alg, struct crypto_user_alg *ualg, struct sk_buff *skb) { memcpy(&ualg->cru_name, &alg->cra_name, sizeof(ualg->cru_name)); memcpy(&ualg->cru_driver_name, &alg->cra_driver_name, sizeof(ualg->cru_driver_name)); memcpy(&ualg->cru_module_name, module_name(alg->cra_module), CRYPTO_MAX_ALG_NAME); ualg->cru_flags = alg->cra_flags; ualg->cru_refcnt = atomic_read(&alg->cra_refcnt); if (nla_put_u32(skb, CRYPTOCFGA_PRIORITY_VAL, alg->cra_priority)) goto nla_put_failure; if (alg->cra_flags & CRYPTO_ALG_LARVAL) { struct crypto_report_larval rl; snprintf(rl.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""larval""); if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL, sizeof(struct crypto_report_larval), &rl)) goto nla_put_failure; goto out; } if (alg->cra_type && alg->cra_type->report) { if (alg->cra_type->report(skb, alg)) goto nla_put_failure; goto out; } switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) { case CRYPTO_ALG_TYPE_CIPHER: if (crypto_report_cipher(skb, alg)) goto nla_put_failure; break; case CRYPTO_ALG_TYPE_COMPRESS: if (crypto_report_comp(skb, alg)) goto nla_put_failure; break; } out: return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user.c,https://github.com/torvalds/linux,140209224756124,1 3291,['CWE-189'],"static long jas_iccpadtomult(long x, long y) { return ((x + y - 1) / y) * y; }",jasper,,,20853660910654740960722707471003163078,0 3676,['CWE-119'],"void hfsplus_cat_build_key(struct super_block *sb, hfsplus_btree_key *key, u32 parent, struct qstr *str) { int len; key->cat.parent = cpu_to_be32(parent); if (str) { hfsplus_asc2uni(sb, &key->cat.name, str->name, str->len); len = be16_to_cpu(key->cat.name.length); } else { key->cat.name.length = 0; len = 0; } key->key_len = cpu_to_be16(6 + 2 * len); }",linux-2.6,,,258533925044615494612995218749151493831,0 2556,CWE-399,"create_tls_session(int csock, int type ) { int rc = 0; gnutls_session *session = gnutls_malloc(sizeof(gnutls_session)); gnutls_init(session, type); # ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT gnutls_priority_set_direct(*session, ""NORMAL:+ANON-DH"", NULL); # else gnutls_set_default_priority(*session); gnutls_kx_set_priority(*session, tls_kx_order); # endif gnutls_transport_set_ptr(*session, (gnutls_transport_ptr) GINT_TO_POINTER(csock)); switch (type) { case GNUTLS_SERVER: gnutls_credentials_set(*session, GNUTLS_CRD_ANON, anon_cred_s); break; case GNUTLS_CLIENT: gnutls_credentials_set(*session, GNUTLS_CRD_ANON, anon_cred_c); break; } do { rc = gnutls_handshake(*session); } while (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN); if (rc < 0) { crm_err(""Handshake failed: %s"", gnutls_strerror(rc)); gnutls_deinit(*session); gnutls_free(session); return NULL; } return session; }",visit repo url,lib/common/remote.c,https://github.com/ClusterLabs/pacemaker,72108260290940,1 3373,['CWE-399'],"generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags) { struct address_space *mapping = out->f_mapping; struct inode *inode = mapping->host; ssize_t ret; int err; err = should_remove_suid(out->f_path.dentry); if (unlikely(err)) { mutex_lock(&inode->i_mutex); err = __remove_suid(out->f_path.dentry, err); mutex_unlock(&inode->i_mutex); if (err) return err; } ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file); if (ret > 0) { unsigned long nr_pages; *ppos += ret; nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) { mutex_lock(&inode->i_mutex); err = generic_osync_inode(inode, mapping, OSYNC_METADATA|OSYNC_DATA); mutex_unlock(&inode->i_mutex); if (err) ret = err; } balance_dirty_pages_ratelimited_nr(mapping, nr_pages); } return ret; }",linux-2.6,,,100473487891850356637574736972824540310,0 6545,['CWE-200'],"sort_devices (gconstpointer a, gconstpointer b) { NMDevice *aa = NM_DEVICE (a); NMDevice *bb = NM_DEVICE (b); GType aa_type; GType bb_type; aa_type = G_OBJECT_TYPE (G_OBJECT (aa)); bb_type = G_OBJECT_TYPE (G_OBJECT (bb)); if (aa_type == bb_type) { char *aa_desc = NULL; char *bb_desc = NULL; aa_desc = (char *) utils_get_device_description (aa); if (!aa_desc) aa_desc = (char *) nm_device_get_iface (aa); bb_desc = (char *) utils_get_device_description (bb); if (!bb_desc) bb_desc = (char *) nm_device_get_iface (bb); if (!aa_desc && bb_desc) return -1; else if (aa_desc && !bb_desc) return 1; else if (!aa_desc && !bb_desc) return 0; g_assert (aa_desc); g_assert (bb_desc); return strcmp (aa_desc, bb_desc); } if (aa_type == NM_TYPE_DEVICE_ETHERNET && bb_type == NM_TYPE_DEVICE_WIFI) return -1; if (aa_type == NM_TYPE_DEVICE_ETHERNET && bb_type == NM_TYPE_GSM_DEVICE) return -1; if (aa_type == NM_TYPE_DEVICE_ETHERNET && bb_type == NM_TYPE_CDMA_DEVICE) return -1; if (aa_type == NM_TYPE_GSM_DEVICE && bb_type == NM_TYPE_CDMA_DEVICE) return -1; if (aa_type == NM_TYPE_GSM_DEVICE && bb_type == NM_TYPE_DEVICE_WIFI) return -1; if (aa_type == NM_TYPE_CDMA_DEVICE && bb_type == NM_TYPE_DEVICE_WIFI) return -1; return 1; }",network-manager-applet,,,307033620096546597935345868473447662525,0 3276,['CWE-189'],"void jas_image_destroy(jas_image_t *image) { int i; if (image->cmpts_) { for (i = 0; i < image->numcmpts_; ++i) { jas_image_cmpt_destroy(image->cmpts_[i]); image->cmpts_[i] = 0; } jas_free(image->cmpts_); } if (image->cmprof_) jas_cmprof_destroy(image->cmprof_); jas_free(image); }",jasper,,,73118846238407708978865833197708301266,0 4468,['CWE-264'],"static int skfp_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) { struct net_device *dev; struct s_smc *smc; void __iomem *mem; int err; PRINTK(KERN_INFO ""entering skfp_init_one\n""); if (num_boards == 0) printk(""%s\n"", boot_msg); err = pci_enable_device(pdev); if (err) return err; err = pci_request_regions(pdev, ""skfddi""); if (err) goto err_out1; pci_set_master(pdev); #ifdef MEM_MAPPED_IO if (!(pci_resource_flags(pdev, 0) & IORESOURCE_MEM)) { printk(KERN_ERR ""skfp: region is not an MMIO resource\n""); err = -EIO; goto err_out2; } mem = ioremap(pci_resource_start(pdev, 0), 0x4000); #else if (!(pci_resource_flags(pdev, 1) & IO_RESOURCE_IO)) { printk(KERN_ERR ""skfp: region is not PIO resource\n""); err = -EIO; goto err_out2; } mem = ioport_map(pci_resource_start(pdev, 1), FP_IO_LEN); #endif if (!mem) { printk(KERN_ERR ""skfp: Unable to map register, "" ""FDDI adapter will be disabled.\n""); err = -EIO; goto err_out2; } dev = alloc_fddidev(sizeof(struct s_smc)); if (!dev) { printk(KERN_ERR ""skfp: Unable to allocate fddi device, "" ""FDDI adapter will be disabled.\n""); err = -ENOMEM; goto err_out3; } dev->irq = pdev->irq; dev->netdev_ops = &skfp_netdev_ops; SET_NETDEV_DEV(dev, &pdev->dev); smc = netdev_priv(dev); smc->os.dev = dev; smc->os.bus_type = SK_BUS_TYPE_PCI; smc->os.pdev = *pdev; smc->os.QueueSkb = MAX_TX_QUEUE_LEN; smc->os.MaxFrameSize = MAX_FRAME_SIZE; smc->os.dev = dev; smc->hw.slot = -1; smc->hw.iop = mem; smc->os.ResetRequested = FALSE; skb_queue_head_init(&smc->os.SendSkbQueue); dev->base_addr = (unsigned long)mem; err = skfp_driver_init(dev); if (err) goto err_out4; err = register_netdev(dev); if (err) goto err_out5; ++num_boards; pci_set_drvdata(pdev, dev); if ((pdev->subsystem_device & 0xff00) == 0x5500 || (pdev->subsystem_device & 0xff00) == 0x5800) printk(""%s: SysKonnect FDDI PCI adapter"" "" found (SK-%04X)\n"", dev->name, pdev->subsystem_device); else printk(""%s: FDDI PCI adapter found\n"", dev->name); return 0; err_out5: if (smc->os.SharedMemAddr) pci_free_consistent(pdev, smc->os.SharedMemSize, smc->os.SharedMemAddr, smc->os.SharedMemDMA); pci_free_consistent(pdev, MAX_FRAME_SIZE, smc->os.LocalRxBuffer, smc->os.LocalRxBufferDMA); err_out4: free_netdev(dev); err_out3: #ifdef MEM_MAPPED_IO iounmap(mem); #else ioport_unmap(mem); #endif err_out2: pci_release_regions(pdev); err_out1: pci_disable_device(pdev); return err; }",linux-2.6,,,338535128372704253227021164428008987571,0 517,['CWE-399'],"int pwc_try_video_mode(struct pwc_device *pdev, int width, int height, int new_fps, int new_compression, int new_snapshot) { int ret, start; pwc_isoc_cleanup(pdev); pwc_reset_buffers(pdev); start = ret = pwc_set_video_mode(pdev, width, height, new_fps, new_compression, new_snapshot); if (ret) { PWC_DEBUG_FLOW(""pwc_set_video_mode attempt 1 failed.\n""); start = pwc_set_video_mode(pdev, pdev->view.x, pdev->view.y, pdev->vframes, pdev->vcompression, pdev->vsnapshot); if (start) { PWC_DEBUG_FLOW(""pwc_set_video_mode attempt 2 failed.\n""); } } if (start == 0) { if (pwc_isoc_init(pdev) < 0) { PWC_WARNING(""Failed to restart ISOC transfers in pwc_try_video_mode.\n""); ret = -EAGAIN; } } pdev->drop_frames++; return ret; }",linux-2.6,,,146618453271260010750843879188857724617,0 4780,['CWE-20'],"static unsigned long ext4_get_stripe_size(struct ext4_sb_info *sbi) { unsigned long stride = le16_to_cpu(sbi->s_es->s_raid_stride); unsigned long stripe_width = le32_to_cpu(sbi->s_es->s_raid_stripe_width); if (sbi->s_stripe && sbi->s_stripe <= sbi->s_blocks_per_group) return sbi->s_stripe; if (stripe_width <= sbi->s_blocks_per_group) return stripe_width; if (stride <= sbi->s_blocks_per_group) return stride; return 0; }",linux-2.6,,,165426115455249775724242038939478786973,0 1829,['CWE-189'],"_gnutls_client_check_if_resuming (gnutls_session_t session, opaque * session_id, int session_id_len) { opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; _gnutls_handshake_log (""HSK[%x]: SessionID length: %d\n"", session, session_id_len); _gnutls_handshake_log (""HSK[%x]: SessionID: %s\n"", session, _gnutls_bin2hex (session_id, session_id_len, buf, sizeof (buf))); if (session_id_len > 0 && session->internals.resumed_security_parameters.session_id_size == session_id_len && memcmp (session_id, session->internals.resumed_security_parameters. session_id, session_id_len) == 0) { memcpy (session->internals. resumed_security_parameters.server_random, session->security_parameters.server_random, TLS_RANDOM_SIZE); memcpy (session->internals. resumed_security_parameters.client_random, session->security_parameters.client_random, TLS_RANDOM_SIZE); session->internals.resumed = RESUME_TRUE; return 0; } else { session->internals.resumed = RESUME_FALSE; session->security_parameters.session_id_size = session_id_len; memcpy (session->security_parameters.session_id, session_id, session_id_len); return -1; } }",gnutls,,,179824077734409727802473469993817856128,0 5425,CWE-908,"vips_tracked_malloc( size_t size ) { void *buf; vips_tracked_init(); size += 16; if( !(buf = g_try_malloc( size )) ) { #ifdef DEBUG g_assert_not_reached(); #endif vips_error( ""vips_tracked"", _( ""out of memory --- size == %dMB"" ), (int) (size / (1024.0 * 1024.0)) ); g_warning( _( ""out of memory --- size == %dMB"" ), (int) (size / (1024.0 * 1024.0)) ); return( NULL ); } g_mutex_lock( vips_tracked_mutex ); *((size_t *)buf) = size; buf = (void *) ((char *)buf + 16); vips_tracked_mem += size; if( vips_tracked_mem > vips_tracked_mem_highwater ) vips_tracked_mem_highwater = vips_tracked_mem; vips_tracked_allocs += 1; #ifdef DEBUG_VERBOSE printf( ""vips_tracked_malloc: %p, %zd bytes\n"", buf, size ); #endif g_mutex_unlock( vips_tracked_mutex ); VIPS_GATE_MALLOC( size ); return( buf ); }",visit repo url,libvips/iofuncs/memory.c,https://github.com/libvips/libvips,214208180913272,1 921,['CWE-200'],"static int shmem_match(struct inode *ino, void *vfh) { __u32 *fh = vfh; __u64 inum = fh[2]; inum = (inum << 32) | fh[1]; return ino->i_ino == inum && fh[0] == ino->i_generation; }",linux-2.6,,,256749370421204342445282603928432729793,0 4976,CWE-190,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 4089,['CWE-399'],"static long bsg_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { struct bsg_device *bd = file->private_data; int __user *uarg = (int __user *) arg; int ret; switch (cmd) { case SG_GET_COMMAND_Q: return put_user(bd->max_queue, uarg); case SG_SET_COMMAND_Q: { int queue; if (get_user(queue, uarg)) return -EFAULT; if (queue < 1) return -EINVAL; spin_lock_irq(&bd->lock); bd->max_queue = queue; spin_unlock_irq(&bd->lock); return 0; } case SG_GET_VERSION_NUM: case SCSI_IOCTL_GET_IDLUN: case SCSI_IOCTL_GET_BUS_NUMBER: case SG_SET_TIMEOUT: case SG_GET_TIMEOUT: case SG_GET_RESERVED_SIZE: case SG_SET_RESERVED_SIZE: case SG_EMULATED_HOST: case SCSI_IOCTL_SEND_COMMAND: { void __user *uarg = (void __user *) arg; return scsi_cmd_ioctl(bd->queue, NULL, file->f_mode, cmd, uarg); } case SG_IO: { struct request *rq; struct bio *bio, *bidi_bio = NULL; struct sg_io_v4 hdr; if (copy_from_user(&hdr, uarg, sizeof(hdr))) return -EFAULT; rq = bsg_map_hdr(bd, &hdr, file->f_mode & FMODE_WRITE); if (IS_ERR(rq)) return PTR_ERR(rq); bio = rq->bio; if (rq->next_rq) bidi_bio = rq->next_rq->bio; blk_execute_rq(bd->queue, NULL, rq, 0); ret = blk_complete_sgv4_hdr_rq(rq, &hdr, bio, bidi_bio); if (copy_to_user(uarg, &hdr, sizeof(hdr))) return -EFAULT; return ret; } default: #if 0 return ioctl_by_bdev(bd->bdev, cmd, arg); #else return -ENOTTY; #endif } }",linux-2.6,,,216079441830167763265927600250928174036,0 1604,[],"unsigned long sched_group_shares(struct task_group *tg) { return tg->shares; }",linux-2.6,,,52041330771300089124799497809809078316,0 5952,CWE-190,"static Jsi_Interp* jsi_InterpNew(Jsi_Interp *parent, Jsi_Value *opts, Jsi_InterpOpts *iopts) { Jsi_Interp* interp; if (parent && parent->noSubInterps) { interp = parent; Jsi_LogError(""subinterps disallowed""); return NULL; } if (opts && parent && (Jsi_ValueIsObjType(parent, opts, JSI_OT_OBJECT)==0 || Jsi_TreeSize(opts->d.obj->tree)<=0)) opts = NULL; interp = (Jsi_Interp *)Jsi_Calloc(1,sizeof(*interp) + sizeof(jsi_Frame)); interp->framePtr = (jsi_Frame*)(((uchar*)interp)+sizeof(*interp)); if (!parent) interp->maxInterpDepth = JSI_MAX_SUBINTERP_DEPTH; else { interp->maxInterpDepth = parent->maxInterpDepth; interp->interpDepth = parent->interpDepth+1; if (interp->interpDepth > interp->maxInterpDepth) { Jsi_Free(interp); interp = parent; Jsi_LogError(""exceeded max subinterp depth""); return NULL; } } interp->maxDepth = JSI_MAX_EVAL_DEPTH; interp->maxIncDepth = JSI_MAX_INCLUDE_DEPTH; interp->typeWarnMax = 50; interp->subOpts.dblPrec = __DBL_DECIMAL_DIG__-1; interp->subOpts.prompt = ""$ ""; interp->subOpts.prompt2 = ""> ""; int iocnt; if (iopts) { iopts->interp = interp; interp->opts = *iopts; } interp->logOpts.file = 1; interp->logOpts.func = 1; interp->logOpts.Info = 1; interp->logOpts.Warn = 1; interp->logOpts.Error = 1; int argc = interp->opts.argc; char **argv = interp->opts.argv; char *argv0 = (argv?argv[0]:NULL); interp->parent = parent; interp->topInterp = (parent == NULL ? interp: parent->topInterp); if (jsiIntData.mainInterp == NULL) jsiIntData.mainInterp = interp->topInterp; interp->mainInterp = jsiIntData.mainInterp; interp->memDebug = interp->opts.mem_debug; if (parent) { interp->dbPtr = parent->dbPtr; } else { interp->dbPtr = &interp->dbStatic; } #ifdef JSI_MEM_DEBUG if (!interp->dbPtr->valueDebugTbl) { interp->dbPtr->valueDebugTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, NULL); interp->dbPtr->objDebugTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, NULL); } #endif if (parent) { if (parent->pkgDirs) interp->pkgDirs = Jsi_ValueDupJSON(interp, parent->pkgDirs); } else { #ifdef JSI_PKG_DIRS interp->pkgDirs = Jsi_StringSplit(interp, JSI_PKG_DIRS, "",""); Jsi_IncrRefCount(interp, interp->pkgDirs); #endif } #ifdef JSI_USE_COMPAT interp->compat = JSI_USE_COMPAT; #endif #ifndef JSI_CONF_ARGS #define JSI_CONF_ARGS """" #endif interp->confArgs = JSI_CONF_ARGS; for (iocnt = 1; (iocnt+1)memDebug=strtol(aio2+sizeof(""memDebug""), NULL, 0); else if (!Jsi_Strncmp(""compat"", aio2, sizeof(""compat""))) interp->subOpts.compat=strtol(aio2+sizeof(""compat""), NULL, 0); continue; } break; } SIGINIT(interp,INTERP); interp->NullValue = Jsi_ValueNewNull(interp); Jsi_IncrRefCount(interp, interp->NullValue); #ifdef __WIN32 Jsi_DString cwdStr; Jsi_DSInit(&cwdStr); interp->curDir = Jsi_Strdup(Jsi_GetCwd(interp, &cwdStr)); Jsi_DSFree(&cwdStr); #else char buf[JSI_BUFSIZ]; interp->curDir = getcwd(buf, sizeof(buf)); interp->curDir = Jsi_Strdup(interp->curDir?interp->curDir:"".""); #endif interp->onDeleteTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, freeOnDeleteTbl); interp->assocTbl = Jsi_HashNew(interp, JSI_KEYS_STRING, freeAssocTbl); interp->cmdSpecTbl = Jsi_MapNew(interp, JSI_MAP_TREE, JSI_KEYS_STRING, freeCmdSpecTbl); interp->eventTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, freeEventTbl); interp->fileTbl = Jsi_HashNew(interp, JSI_KEYS_STRING, jsi_HashFree); interp->funcObjTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, freeFuncObjTbl); interp->funcsTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, freeFuncsTbl); interp->bindTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, freeBindObjTbl); interp->protoTbl = Jsi_HashNew(interp, JSI_KEYS_STRING, NULL ); interp->regexpTbl = Jsi_HashNew(interp, JSI_KEYS_STRING, regExpFree); interp->preserveTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, jsi_HashFree); interp->loadTbl = (parent?parent->loadTbl:Jsi_HashNew(interp, JSI_KEYS_STRING, jsi_FreeOneLoadHandle)); interp->packageHash = Jsi_HashNew(interp, JSI_KEYS_STRING, packageHashFree); interp->aliasHash = Jsi_HashNew(interp, JSI_KEYS_STRING, jsi_AliasFree); interp->lockTimeout = -1; #ifdef JSI_LOCK_TIMEOUT interp->lockTimeout JSI_LOCK_TIMEOUT; #endif #ifndef JSI_DO_UNLOCK #define JSI_DO_UNLOCK 1 #endif interp->subOpts.mutexUnlock = JSI_DO_UNLOCK; Jsi_Map_Type mapType = JSI_MAP_HASH; #ifdef JSI_USE_MANY_STRKEY mapType = JSI_MAP_TREE; #endif if (interp == jsiIntData.mainInterp || interp->threadId != jsiIntData.mainInterp->threadId) { interp->strKeyTbl = Jsi_MapNew(interp, mapType, JSI_KEYS_STRING, NULL); interp->subOpts.privKeys = 1; } for (iocnt = 1; (iocnt+1)parent; iocnt+=2) { const char *aio = argv[iocnt]; if (Jsi_Strcmp(aio, ""--F"") == 0) { interp->traceCall |= (jsi_callTraceFuncs |jsi_callTraceArgs |jsi_callTraceReturn | jsi_callTraceBefore | jsi_callTraceFullPath); iocnt--; interp->iskips++; continue; } if (Jsi_Strcmp(aio, ""--U"") == 0) { interp->asserts = 1; interp->unitTest = 1; iocnt--; interp->iskips++; continue; } if (Jsi_Strcmp(aio, ""--V"") == 0) { interp->asserts = 1; interp->unitTest = 5; interp->tracePuts = 1; iocnt--; interp->iskips++; continue; } if (Jsi_Strcmp(aio, ""--C"") == 0) { if (interp->confFile) Jsi_LogWarn(""overriding confFile: %s"", interp->confFile); interp->confFile = argv[iocnt+1]; interp->iskips+=2; continue; } if (Jsi_Strcmp(aio, ""--L"") == 0) { struct stat sb; const char* path = argv[iocnt+1]; if (!path || stat(path, &sb) || !((S_ISREG(sb.st_mode) && !access(path, W_OK)) || (S_ISDIR(sb.st_mode) && !access(path, X_OK)))) { Jsi_LogError(""Lockdown path must exist and be a writable file or executable dir: %s"", path); Jsi_InterpDelete(interp); return NULL; } interp->isSafe = true; interp->safeMode = jsi_safe_Lockdown; if (interp->safeWriteDirs) { Jsi_LogWarn(""Overriding safeWriteDirs""); Jsi_DecrRefCount(interp, interp->safeWriteDirs); } const char *vda[2] = {}; char npath[PATH_MAX]; vda[0] = Jsi_FileRealpathStr(interp, path, npath); interp->safeWriteDirs = Jsi_ValueNewArray(interp, vda, 1); Jsi_IncrRefCount(interp, interp->safeWriteDirs); if (!interp->safeReadDirs) { interp->safeReadDirs = interp->safeWriteDirs; Jsi_IncrRefCount(interp, interp->safeReadDirs); } interp->iskips+=2; continue; } if (Jsi_Strcmp(aio, ""--T"") == 0) { if (jsi_ParseTypeCheckStr(interp, argv[iocnt+1]) != JSI_OK) { Jsi_InterpDelete(interp); return NULL; } interp->iskips+=2; continue; } if (!Jsi_Strcmp(aio, ""--I"")) { bool bv = 1; char *aio2 = argv[iocnt+1], *aioc = Jsi_Strchr(aio2, ':'), argNamS[50], *argNam = aio2; const char *argVal; if (!Jsi_Strcmp(""traceCall"", aio2)) interp->traceCall |= (jsi_callTraceFuncs |jsi_callTraceArgs |jsi_callTraceReturn | jsi_callTraceBefore | jsi_callTraceFullPath); else { if (aioc) { argNam = argNamS; argVal = aioc+1; snprintf(argNamS, sizeof(argNamS), ""%.*s"", (int)(aioc-aio2), aio2); } DECL_VALINIT(argV); Jsi_Value *argValue = &argV; Jsi_Number dv; if (!aioc || Jsi_GetBool(interp, argVal, &bv) == JSI_OK) { Jsi_ValueMakeBool(interp, &argValue, bv); } else if (!Jsi_Strcmp(""null"", argVal)) { Jsi_ValueMakeNull(interp, &argValue); } else if (Jsi_GetDouble(interp, argVal, &dv) == JSI_OK) { Jsi_ValueMakeNumber(interp, &argValue, dv); } else { Jsi_ValueMakeStringKey(interp, &argValue, argVal); } if (JSI_OK != Jsi_OptionsSet(interp, InterpOptions, interp, argNam, argValue, 0)) { Jsi_InterpDelete(interp); return NULL; } } interp->iskips+=2; continue; } break; } if (!interp->strKeyTbl) interp->strKeyTbl = jsiIntData.mainInterp->strKeyTbl; if (opts) { interp->inopts = opts = Jsi_ValueDupJSON(interp, opts); if (Jsi_OptionsProcess(interp, InterpOptions, interp, opts, 0) < 0) { Jsi_DecrRefCount(interp, opts); interp->inopts = NULL; Jsi_InterpDelete(interp); return NULL; } } if (interp == jsiIntData.mainInterp) { interp->subthread = 0; } else { if (opts) { if (interp->subOpts.privKeys && interp->strKeyTbl == jsiIntData.mainInterp->strKeyTbl) { Jsi_OptionsFree(interp, InterpOptions, interp, 0); interp->strKeyTbl = Jsi_MapNew(interp, mapType, JSI_KEYS_STRING, NULL); if (opts->vt != JSI_VT_NULL) Jsi_OptionsProcess(interp, InterpOptions, interp, opts, 0); } else if (interp->subOpts.privKeys == 0 && interp->strKeyTbl != jsiIntData.mainInterp->strKeyTbl) { Jsi_OptionsFree(interp, InterpOptions, interp, 0); Jsi_MapDelete(interp->strKeyTbl); interp->strKeyTbl = jsiIntData.mainInterp->strKeyTbl; if (opts->vt != JSI_VT_NULL) Jsi_OptionsProcess(interp, InterpOptions, interp, opts, 0); } } if (parent && parent->isSafe) { interp->isSafe = 1; interp->safeMode = parent->safeMode; } if (interp->subthread && interp->isSafe) { interp->subthread = 0; Jsi_LogError(""threading disallowed in safe mode""); Jsi_InterpDelete(interp); return NULL; } if (interp->subthread) jsiIntData.mainInterp->threadCnt++; if (interp->subthread && interp->strKeyTbl == jsiIntData.mainInterp->strKeyTbl) jsiIntData.mainInterp->threadShrCnt++; if (jsiIntData.mainInterp->threadShrCnt) #ifdef JSI_USE_MANY_STRKEY jsiIntData.mainInterp->strKeyTbl->v.tree->opts.lockTreeProc = KeyLockerTree; #else jsiIntData.mainInterp->strKeyTbl->v.hash->opts.lockHashProc = KeyLocker; #endif } if (parent && parent->isSafe) { interp->isSafe = 1; interp->safeMode = parent->safeMode; interp->maxOpCnt = parent->maxOpCnt; if (interp->safeWriteDirs || interp->safeReadDirs || interp->safeExecPattern) { Jsi_LogWarn(""ignoring safe* options in safe sub-sub-interp""); if (interp->safeWriteDirs) Jsi_DecrRefCount(interp, interp->safeWriteDirs); if (interp->safeReadDirs) Jsi_DecrRefCount(interp, interp->safeReadDirs); interp->safeWriteDirs = interp->safeReadDirs = NULL; interp->safeExecPattern = NULL; } } jsi_InterpConfFiles(interp); if (!interp->udata) { interp->udata = Jsi_ValueNewObj(interp, NULL); Jsi_IncrRefCount(interp, interp->udata); } if (interp->subthread && !interp->scriptStr && !interp->scriptFile) { Jsi_LogError(""subthread interp must be specify either scriptFile or scriptStr""); Jsi_InterpDelete(interp); return NULL; } #ifndef JSI_MEM_DEBUG static int warnNoDebug = 0; if (interp->memDebug && warnNoDebug == 0) { Jsi_LogWarn(""ignoring memDebug as jsi was compiled without memory debugging""); warnNoDebug = 1; } #endif interp->threadId = Jsi_CurrentThread(); if (interp->parent && interp->subthread==0 && interp->threadId != interp->parent->threadId) { interp->threadId = interp->parent->threadId; #ifndef JSI_MEM_DEBUG Jsi_LogWarn(""non-threaded sub-interp created by different thread than parent""); #endif } if (interp->safeMode != jsi_safe_None) interp->isSafe = interp->startSafe = 1; if (!interp->parent) { if (interp->isSafe) interp->startSafe = 1; if (interp->debugOpts.msgCallback) Jsi_LogWarn(""ignoring msgCallback""); if (interp->debugOpts.putsCallback) Jsi_LogWarn(""ignoring putsCallback""); if (interp->busyCallback) Jsi_LogWarn(""ignoring busyCallback""); if (interp->debugOpts.traceCallback) Jsi_LogWarn(""ignoring traceCallback""); } else if (interp->busyCallback && interp->threadId != interp->parent->threadId) { Jsi_LogWarn(""disabling busyCallback due to threads""); interp->busyCallback = NULL; } if (interp == jsiIntData.mainInterp) interp->lexkeyTbl = Jsi_HashNew(interp, JSI_KEYS_STRING, NULL); else interp->lexkeyTbl = jsiIntData.mainInterp->lexkeyTbl; interp->thisTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, freeValueTbl); interp->userdataTbl = Jsi_HashNew(interp, JSI_KEYS_STRING, freeUserdataTbl); interp->varTbl = Jsi_HashNew(interp, JSI_KEYS_STRING, NULL); interp->codeTbl = Jsi_HashNew(interp, JSI_KEYS_STRING, freeCodeTbl); interp->genValueTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD,freeValueTbl); interp->genObjTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, freeGenObjTbl); #ifdef JSI_MEM_DEBUG interp->codesTbl = (interp == jsiIntData.mainInterp ? Jsi_HashNew(interp, JSI_KEYS_ONEWORD, NULL) : jsiIntData.mainInterp->codesTbl); #endif if (interp->typeCheck.all|interp->typeCheck.parse|interp->typeCheck.funcsig) interp->staticFuncsTbl = Jsi_HashNew(interp, JSI_KEYS_STRING, NULL); interp->maxArrayList = MAX_ARRAY_LIST; if (!jsiIntData.isInit) { jsiIntData.isInit = 1; jsi_InitValue(interp, 0); jsiIntData.interpsTbl = Jsi_HashNew(interp, JSI_KEYS_ONEWORD, 0); } interp->csc = Jsi_ValueNew1(interp); Jsi_ValueMakeObject(interp, &interp->csc, Jsi_ObjNew(interp)); interp->framePtr->incsc = interp->csc; #define JSIDOINIT(nam) if (!jsi_ModBlacklisted(interp,#nam)) { if (jsi_Init##nam(interp, 0) != JSI_OK) { Jsi_LogBug(""Init failure in %s"", #nam); } } #define JSIDOINIT2(nam) if (!jsi_ModBlacklisted(interp,#nam)) { if (Jsi_Init##nam(interp, 0) != JSI_OK) { Jsi_LogBug(""Init failure in %s"", #nam); } } JSIDOINIT(Proto); if (interp->pkgDirs) interp->pkgDirs->d.obj->__proto__ = interp->Array_prototype; Jsi_Value *modObj = Jsi_ValueNewObj(interp, Jsi_ObjNewType(interp, JSI_OT_OBJECT)); Jsi_ValueInsert(interp, interp->csc, ""Jsi_Auto"", modObj, JSI_OM_DONTDEL); interp->framePtr->ingsc = interp->gsc = jsi_ScopeChainNew(interp, 0); interp->ps = jsi_PstateNew(interp); if (interp->unitTest&2) { interp->logOpts.before = 1; interp->logOpts.full = 1; interp->tracePuts = 1; interp->noStderr = 1; } if (interp->args && argc) { Jsi_LogBug(""args may not be specified both as options and parameter""); Jsi_InterpDelete(interp); return NULL; } if (interp->maxDepth>JSI_MAX_EVAL_DEPTH) interp->maxDepth = JSI_MAX_EVAL_DEPTH; if (argc >= 0 && !interp->args) { Jsi_Value *iargs = Jsi_ValueNew1(interp); iargs->f.bits.dontdel = 1; iargs->f.bits.readonly = 1; Jsi_Obj *iobj = Jsi_ObjNew(interp); Jsi_ValueMakeArrayObject(interp, &iargs, iobj); int i = 1, ii = (iocnt>1 ? iocnt : 1); int msiz = (argc?argc-iocnt:0); Jsi_ObjArraySizer(interp, iobj, msiz); iobj->arrMaxSize = msiz; iocnt--; iobj->arrCnt = argc-iocnt; for (i = 1; ii < argc; ++ii, i++) { iobj->arr[i-1] = Jsi_ValueNewStringKey(interp, argv[ii]); Jsi_IncrRefCount(interp, iobj->arr[i-1]); jsi_ValueDebugLabel(iobj->arr[i-1], ""InterpCreate"", ""args""); } Jsi_ObjSetLength(interp, iobj, msiz); interp->args = iargs; } else if (interp->parent && interp->args) { Jsi_Value *nar = Jsi_ValueDupJSON(interp, interp->args); Jsi_DecrRefCount(interp, interp->args); interp->args = nar; } JSIDOINIT(Options); JSIDOINIT(Cmds); JSIDOINIT(Interp); JSIDOINIT(JSON); interp->retValue = Jsi_ValueNew1(interp); interp->Mutex = Jsi_MutexNew(interp, -1, JSI_MUTEX_RECURSIVE); if (1 || interp->subthread) { interp->QMutex = Jsi_MutexNew(interp, -1, JSI_MUTEX_RECURSIVE); } JSIDOINIT(Lexer); if (interp != jsiIntData.mainInterp && !parent) Jsi_HashSet(jsiIntData.interpsTbl, interp, NULL); if (!interp->isSafe) { JSIDOINIT(Load); #if JSI__SIGNAL==1 JSIDOINIT(Signal); #endif } if (interp->isSafe == 0 || interp->startSafe || interp->safeWriteDirs!=NULL || interp->safeReadDirs!=NULL) { #if JSI__FILESYS==1 JSIDOINIT(FileCmds); JSIDOINIT(Filesys); #endif } #if JSI__SQLITE==1 JSIDOINIT2(Sqlite); #else Jsi_initSqlite(interp, 0); #endif #if JSI__MYSQL==1 if (!interp->noNetwork) { JSIDOINIT2(MySql); } #endif #if JSI__SOCKET==1 JSIDOINIT2(Socket); #endif #if JSI__WEBSOCKET==1 JSIDOINIT2(WebSocket); #endif #if JSI__CDATA==1 JSIDOINIT(CData); #endif #ifdef JSI_USER_EXTENSION extern int JSI_USER_EXTENSION(Jsi_Interp *interp, int release); if (JSI_USER_EXTENSION (interp, 0) != JSI_OK) { fprintf(stderr, ""extension load failed""); return jsi_DoExit(interp, 1); } #endif Jsi_PkgProvide(interp, ""Jsi"", JSI_VERSION, NULL); if (argc > 0) { char *ss = argv0; char epath[PATH_MAX] = """"; #ifdef __WIN32 if (GetModuleFileName(NULL, epath, sizeof(epath))>0) ss = epath; #else #ifndef PROC_SELF_DIR #define PROC_SELF_DIR ""/proc/self/exe"" #endif if (ss && *ss != '/' && readlink(PROC_SELF_DIR, epath, sizeof(epath)) && epath[0]) ss = epath; #endif Jsi_Value *src = Jsi_ValueNewStringDup(interp, ss); Jsi_IncrRefCount(interp, src); jsiIntData.execName = Jsi_Realpath(interp, src, NULL); Jsi_DecrRefCount(interp, src); if (!jsiIntData.execName) jsiIntData.execName = Jsi_Strdup(""""); jsiIntData.execValue = Jsi_ValueNewString(interp, jsiIntData.execName, -1); Jsi_IncrRefCount(interp, jsiIntData.execValue); Jsi_HashSet(interp->genValueTbl, jsiIntData.execValue, jsiIntData.execValue); } if (interp->debugOpts.debugCallback && !interp->debugOpts.hook) { interp->debugOpts.hook = jsi_InterpDebugHook; } interp->startTime = jsi_GetTimestamp(); #ifdef JSI_INTERP_EXTENSION_CODE JSI_INTERP_EXTENSION_CODE #endif if (interp->opts.initProc && (*interp->opts.initProc)(interp, 0) != JSI_OK) Jsi_LogBug(""Init failure in initProc""); return interp; }",visit repo url,src/jsiInterp.c,https://github.com/pcmacdon/jsish,236411278770981,1 47,CWE-763,"spnego_gss_get_mic_iov_length(OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_qop_t qop_req, gss_iov_buffer_desc *iov, int iov_count) { return gss_get_mic_iov_length(minor_status, context_handle, qop_req, iov, iov_count); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,3140819732465,1 246,[],"int fat_alloc_new_dir(struct inode *dir, struct timespec *ts) { struct super_block *sb = dir->i_sb; struct msdos_sb_info *sbi = MSDOS_SB(sb); struct buffer_head *bhs[MAX_BUF_PER_PAGE]; struct msdos_dir_entry *de; sector_t blknr; __le16 date, time; int err, cluster; err = fat_alloc_clusters(dir, &cluster, 1); if (err) goto error; blknr = fat_clus_to_blknr(sbi, cluster); bhs[0] = sb_getblk(sb, blknr); if (!bhs[0]) { err = -ENOMEM; goto error_free; } fat_date_unix2dos(ts->tv_sec, &time, &date); de = (struct msdos_dir_entry *)bhs[0]->b_data; memcpy(de[0].name, MSDOS_DOT, MSDOS_NAME); memcpy(de[1].name, MSDOS_DOTDOT, MSDOS_NAME); de->attr = de[1].attr = ATTR_DIR; de[0].lcase = de[1].lcase = 0; de[0].time = de[1].time = time; de[0].date = de[1].date = date; de[0].ctime_cs = de[1].ctime_cs = 0; if (sbi->options.isvfat) { de[0].ctime = de[1].ctime = time; de[0].adate = de[0].cdate = de[1].adate = de[1].cdate = date; } else { de[0].ctime = de[1].ctime = 0; de[0].adate = de[0].cdate = de[1].adate = de[1].cdate = 0; } de[0].start = cpu_to_le16(cluster); de[0].starthi = cpu_to_le16(cluster >> 16); de[1].start = cpu_to_le16(MSDOS_I(dir)->i_logstart); de[1].starthi = cpu_to_le16(MSDOS_I(dir)->i_logstart >> 16); de[0].size = de[1].size = 0; memset(de + 2, 0, sb->s_blocksize - 2 * sizeof(*de)); set_buffer_uptodate(bhs[0]); mark_buffer_dirty(bhs[0]); err = fat_zeroed_cluster(dir, blknr, 1, bhs, MAX_BUF_PER_PAGE); if (err) goto error_free; return cluster; error_free: fat_free_clusters(dir, cluster); error: return err; }",linux-2.6,,,336015034083447433503196623438521935552,0 4154,['CWE-399'],"int avahi_server_get_group_of_service(AvahiServer *s, AvahiIfIndex interface, AvahiProtocol protocol, const char *name, const char *type, const char *domain, AvahiSEntryGroup** ret_group) { AvahiKey *key = NULL; AvahiEntry *e; int ret; char n[AVAHI_DOMAIN_NAME_MAX]; assert(s); assert(name); assert(type); assert(ret_group); AVAHI_CHECK_VALIDITY(s, AVAHI_IF_VALID(interface), AVAHI_ERR_INVALID_INTERFACE); AVAHI_CHECK_VALIDITY(s, AVAHI_PROTO_VALID(protocol), AVAHI_ERR_INVALID_PROTOCOL); AVAHI_CHECK_VALIDITY(s, avahi_is_valid_service_name(name), AVAHI_ERR_INVALID_SERVICE_NAME); AVAHI_CHECK_VALIDITY(s, avahi_is_valid_service_type_strict(type), AVAHI_ERR_INVALID_SERVICE_TYPE); AVAHI_CHECK_VALIDITY(s, !domain || avahi_is_valid_domain_name(domain), AVAHI_ERR_INVALID_DOMAIN_NAME); if ((ret = avahi_service_name_join(n, sizeof(n), name, type, domain) < 0)) return avahi_server_set_errno(s, ret); if (!(key = avahi_key_new(n, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_SRV))) return avahi_server_set_errno(s, AVAHI_ERR_NO_MEMORY); e = find_entry(s, interface, protocol, key); avahi_key_unref(key); if (e) { *ret_group = e->group; return AVAHI_OK; } return avahi_server_set_errno(s, AVAHI_ERR_NOT_FOUND); }",avahi,,,312221552002682589006322086518457231609,0 3024,CWE-415,"BGD_DECLARE(void) gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) { gdImagePtr pim = 0, tim = im; int interlace, BitsPerPixel; interlace = im->interlace; if(im->trueColor) { pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); if(!pim) { return; } tim = pim; } BitsPerPixel = colorstobpp(tim->colorsTotal); GIFEncode( out, tim->sx, tim->sy, interlace, 0, tim->transparent, BitsPerPixel, tim->red, tim->green, tim->blue, tim); if(pim) { gdImageDestroy( pim); } }",visit repo url,src/gd_gif_out.c,https://github.com/libgd/libgd,184384728133206,1 67,NVD-CWE-Other,"kadm5_modify_principal(void *server_handle, kadm5_principal_ent_t entry, long mask) { int ret, ret2, i; kadm5_policy_ent_rec pol; krb5_boolean have_pol = FALSE; krb5_db_entry *kdb; krb5_tl_data *tl_data_orig; osa_princ_ent_rec adb; kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); krb5_clear_error_message(handle->context); if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED)) return KADM5_BAD_MASK; if((mask & ~ALL_PRINC_MASK)) return KADM5_BAD_MASK; if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) return KADM5_BAD_MASK; if(entry == (kadm5_principal_ent_t) NULL) return EINVAL; if (mask & KADM5_TL_DATA) { tl_data_orig = entry->tl_data; while (tl_data_orig) { if (tl_data_orig->tl_data_type < 256) return KADM5_BAD_TL_TYPE; tl_data_orig = tl_data_orig->tl_data_next; } } ret = kdb_get_entry(handle, entry->principal, &kdb, &adb); if (ret) return(ret); if ((mask & KADM5_POLICY)) { ret = get_policy(handle, entry->policy, &pol, &have_pol); if (ret) goto done; adb.aux_attributes |= KADM5_POLICY; if (adb.policy) free(adb.policy); adb.policy = strdup(entry->policy); } if (have_pol) { if (pol.pw_max_life) { ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb, &(kdb->pw_expiration)); if (ret) goto done; kdb->pw_expiration += pol.pw_max_life; } else { kdb->pw_expiration = 0; } } if ((mask & KADM5_POLICY_CLR) && (adb.aux_attributes & KADM5_POLICY)) { free(adb.policy); adb.policy = NULL; adb.aux_attributes &= ~KADM5_POLICY; kdb->pw_expiration = 0; } if ((mask & KADM5_ATTRIBUTES)) kdb->attributes = entry->attributes; if ((mask & KADM5_MAX_LIFE)) kdb->max_life = entry->max_life; if ((mask & KADM5_PRINC_EXPIRE_TIME)) kdb->expiration = entry->princ_expire_time; if (mask & KADM5_PW_EXPIRATION) kdb->pw_expiration = entry->pw_expiration; if (mask & KADM5_MAX_RLIFE) kdb->max_renewable_life = entry->max_renewable_life; if((mask & KADM5_KVNO)) { for (i = 0; i < kdb->n_key_data; i++) kdb->key_data[i].key_data_kvno = entry->kvno; } if (mask & KADM5_TL_DATA) { krb5_tl_data *tl; for (tl = entry->tl_data; tl; tl = tl->tl_data_next) { ret = krb5_dbe_update_tl_data(handle->context, kdb, tl); if( ret ) { goto done; } } } if (mask & KADM5_FAIL_AUTH_COUNT) { if (entry->fail_auth_count != 0) { ret = KADM5_BAD_SERVER_PARAMS; goto done; } kdb->fail_auth_count = 0; } kdb->mask = mask; ret = k5_kadm5_hook_modify(handle->context, handle->hook_handles, KADM5_HOOK_STAGE_PRECOMMIT, entry, mask); if (ret) goto done; ret = kdb_put_entry(handle, kdb, &adb); if (ret) goto done; (void) k5_kadm5_hook_modify(handle->context, handle->hook_handles, KADM5_HOOK_STAGE_POSTCOMMIT, entry, mask); ret = KADM5_OK; done: if (have_pol) { ret2 = kadm5_free_policy_ent(handle->lhandle, &pol); ret = ret ? ret : ret2; } kdb_free_entry(handle, kdb, &adb); return ret; }",visit repo url,src/lib/kadm5/srv/svr_principal.c,https://github.com/krb5/krb5,59571474914802,1 2176,['CWE-400'],"static ssize_t shmem_file_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos) { struct file *filp = iocb->ki_filp; ssize_t retval; unsigned long seg; size_t count; loff_t *ppos = &iocb->ki_pos; retval = generic_segment_checks(iov, &nr_segs, &count, VERIFY_WRITE); if (retval) return retval; for (seg = 0; seg < nr_segs; seg++) { read_descriptor_t desc; desc.written = 0; desc.arg.buf = iov[seg].iov_base; desc.count = iov[seg].iov_len; if (desc.count == 0) continue; desc.error = 0; do_shmem_file_read(filp, ppos, &desc, file_read_actor); retval += desc.written; if (desc.error) { retval = retval ?: desc.error; break; } if (desc.count > 0) break; } return retval; }",linux-2.6,,,60485845794091191674671602346309473549,0 5029,CWE-125,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 5249,CWE-369,"pixBlockconv(PIX *pix, l_int32 wc, l_int32 hc) { l_int32 w, h, d; PIX *pixs, *pixd, *pixr, *pixrc, *pixg, *pixgc, *pixb, *pixbc; PROCNAME(""pixBlockconv""); if (!pix) return (PIX *)ERROR_PTR(""pix not defined"", procName, NULL); if (wc < 0) wc = 0; if (hc < 0) hc = 0; pixGetDimensions(pix, &w, &h, &d); if (w < 2 * wc + 1 || h < 2 * hc + 1) { wc = L_MIN(wc, (w - 1) / 2); hc = L_MIN(hc, (h - 1) / 2); L_WARNING(""kernel too large; reducing!\n"", procName); L_INFO(""wc = %d, hc = %d\n"", procName, wc, hc); } if (wc == 0 && hc == 0) return pixCopy(NULL, pix); if ((d == 2 || d == 4 || d == 8) && pixGetColormap(pix)) { L_WARNING(""pix has colormap; removing\n"", procName); pixs = pixRemoveColormap(pix, REMOVE_CMAP_BASED_ON_SRC); d = pixGetDepth(pixs); } else { pixs = pixClone(pix); } if (d != 8 && d != 32) { pixDestroy(&pixs); return (PIX *)ERROR_PTR(""depth not 8 or 32 bpp"", procName, NULL); } if (d == 8) { pixd = pixBlockconvGray(pixs, NULL, wc, hc); } else { pixr = pixGetRGBComponent(pixs, COLOR_RED); pixrc = pixBlockconvGray(pixr, NULL, wc, hc); pixDestroy(&pixr); pixg = pixGetRGBComponent(pixs, COLOR_GREEN); pixgc = pixBlockconvGray(pixg, NULL, wc, hc); pixDestroy(&pixg); pixb = pixGetRGBComponent(pixs, COLOR_BLUE); pixbc = pixBlockconvGray(pixb, NULL, wc, hc); pixDestroy(&pixb); pixd = pixCreateRGBImage(pixrc, pixgc, pixbc); pixDestroy(&pixrc); pixDestroy(&pixgc); pixDestroy(&pixbc); } pixDestroy(&pixs); return pixd; }",visit repo url,src/convolve.c,https://github.com/DanBloomberg/leptonica,18532140051186,1 6477,CWE-787,"int fmt_mtm_load_song(song_t *song, slurp_t *fp, unsigned int lflags) { uint8_t b[192]; uint8_t nchan, nord, npat, nsmp; uint16_t ntrk, comment_len; int n, pat, chan, smp, rows, todo = 0; song_note_t *note; uint16_t tmp; uint32_t tmplong; song_note_t **trackdata, *tracknote; song_sample_t *sample; slurp_read(fp, b, 3); if (memcmp(b, ""MTM"", 3) != 0) return LOAD_UNSUPPORTED; n = slurp_getc(fp); sprintf(song->tracker_id, ""MultiTracker %d.%d"", n >> 4, n & 0xf); slurp_read(fp, song->title, 20); song->title[20] = 0; slurp_read(fp, &ntrk, 2); ntrk = bswapLE16(ntrk); npat = slurp_getc(fp); nord = slurp_getc(fp) + 1; slurp_read(fp, &comment_len, 2); comment_len = bswapLE16(comment_len); nsmp = slurp_getc(fp); slurp_getc(fp); rows = slurp_getc(fp); if (rows != 64) todo |= 64; rows = MIN(rows, 64); nchan = slurp_getc(fp); if (slurp_eof(fp)) { return LOAD_FORMAT_ERROR; } for (n = 0; n < 32; n++) { int pan = slurp_getc(fp) & 0xf; pan = SHORT_PANNING(pan); pan *= 4; song->channels[n].panning = pan; } for (n = nchan; n < MAX_CHANNELS; n++) song->channels[n].flags = CHN_MUTE; if (nsmp > MAX_SAMPLES) { log_appendf(4, "" Warning: Too many samples""); } for (n = 1, sample = song->samples + 1; n <= nsmp; n++, sample++) { if (n > MAX_SAMPLES) { slurp_seek(fp, 37, SEEK_CUR); continue; } char name[23]; slurp_read(fp, name, 22); name[22] = '\0'; strcpy(sample->name, name); slurp_read(fp, &tmplong, 4); sample->length = bswapLE32(tmplong); slurp_read(fp, &tmplong, 4); sample->loop_start = bswapLE32(tmplong); slurp_read(fp, &tmplong, 4); sample->loop_end = bswapLE32(tmplong); if ((sample->loop_end - sample->loop_start) > 2) { sample->flags |= CHN_LOOP; } else { sample->loop_start = 0; sample->loop_end = 0; } song->samples[n].c5speed = MOD_FINETUNE(slurp_getc(fp)); sample->volume = slurp_getc(fp); sample->volume *= 4; sample->global_volume = 64; if (slurp_getc(fp) & 1) { todo |= 16; sample->flags |= CHN_16BIT; sample->length >>= 1; sample->loop_start >>= 1; sample->loop_end >>= 1; } song->samples[n].vib_type = 0; song->samples[n].vib_rate = 0; song->samples[n].vib_depth = 0; song->samples[n].vib_speed = 0; } slurp_read(fp, song->orderlist, 128); memset(song->orderlist + nord, ORDER_LAST, MAX_ORDERS - nord); trackdata = mem_calloc(ntrk, sizeof(song_note_t *)); for (n = 0; n < ntrk; n++) { slurp_read(fp, b, 3 * rows); trackdata[n] = mem_calloc(rows, sizeof(song_note_t)); mtm_unpack_track(b, trackdata[n], rows); } if (npat >= MAX_PATTERNS) { log_appendf(4, "" Warning: Too many patterns""); } for (pat = 0; pat <= npat; pat++) { if (pat >= MAX_PATTERNS) { slurp_seek(fp, 64, SEEK_CUR); continue; } song->patterns[pat] = csf_allocate_pattern(MAX(rows, 32)); song->pattern_size[pat] = song->pattern_alloc_size[pat] = 64; tracknote = trackdata[n]; for (chan = 0; chan < 32; chan++) { slurp_read(fp, &tmp, 2); tmp = bswapLE16(tmp); if (tmp == 0) { continue; } else if (tmp > ntrk) { for (n = 0; n < ntrk; n++) free(trackdata[n]); free(trackdata); return LOAD_FORMAT_ERROR; } note = song->patterns[pat] + chan; tracknote = trackdata[tmp - 1]; for (n = 0; n < rows; n++, tracknote++, note += MAX_CHANNELS) *note = *tracknote; } if (rows < 32) { note = song->patterns[pat] + 64 * (rows - 1); while (note->effect || note->param) note++; note->effect = FX_PATTERNBREAK; } } for (n = 0; n < ntrk; n++) free(trackdata[n]); free(trackdata); read_lined_message(song->message, fp, comment_len, 40); if (!(lflags & LOAD_NOSAMPLES)) { for (smp = 1; smp <= nsmp && smp <= MAX_SAMPLES; smp++) { uint32_t ssize; if (song->samples[smp].length == 0) continue; ssize = csf_read_sample(song->samples + smp, (SF_LE | SF_PCMU | SF_M | ((song->samples[smp].flags & CHN_16BIT) ? SF_16 : SF_8)), fp->data + fp->pos, fp->length - fp->pos); slurp_seek(fp, ssize, SEEK_CUR); } } song->flags = SONG_ITOLDEFFECTS | SONG_COMPATGXX; if (todo & 64) log_appendf(2, "" TODO: test this file with other players (beats per track != 64)""); if (todo & 16) log_appendf(2, "" TODO: double check 16 bit sample loading""); return LOAD_SUCCESS; }",visit repo url,fmt/mtm.c,https://github.com/schismtracker/schismtracker,280657723704606,1 3804,CWE-787,"block_insert( oparg_T *oap, char_u *s, int b_insert, struct block_def *bdp) { int ts_val; int count = 0; int spaces = 0; colnr_T offset; colnr_T startcol; unsigned s_len; char_u *newp, *oldp; linenr_T lnum; int oldstate = State; State = INSERT; s_len = (unsigned)STRLEN(s); for (lnum = oap->start.lnum + 1; lnum <= oap->end.lnum; lnum++) { block_prep(oap, bdp, lnum, TRUE); if (bdp->is_short && b_insert) continue; oldp = ml_get(lnum); if (b_insert) { ts_val = bdp->start_char_vcols; spaces = bdp->startspaces; if (spaces != 0) count = ts_val - 1; offset = bdp->textcol; } else { ts_val = bdp->end_char_vcols; if (!bdp->is_short) { spaces = (bdp->endspaces ? ts_val - bdp->endspaces : 0); if (spaces != 0) count = ts_val - 1; offset = bdp->textcol + bdp->textlen - (spaces != 0); } else { if (!bdp->is_MAX) spaces = (oap->end_vcol - bdp->end_vcol) + 1; count = spaces; offset = bdp->textcol + bdp->textlen; } } if (has_mbyte && spaces > 0) { int off; if (b_insert) { off = (*mb_head_off)(oldp, oldp + offset + spaces); } else { off = (*mb_off_next)(oldp, oldp + offset); offset += off; } spaces -= off; count -= off; } if (spaces < 0) spaces = 0; newp = alloc(STRLEN(oldp) + s_len + count + 1); if (newp == NULL) continue; mch_memmove(newp, oldp, (size_t)(offset)); oldp += offset; vim_memset(newp + offset, ' ', (size_t)spaces); startcol = offset + spaces; mch_memmove(newp + startcol, s, (size_t)s_len); offset += s_len; if (spaces && !bdp->is_short) { vim_memset(newp + offset + spaces, ' ', (size_t)(ts_val - spaces)); oldp++; count++; } if (spaces > 0) offset += count; STRMOVE(newp + offset, oldp); ml_replace(lnum, newp, FALSE); if (b_insert) inserted_bytes(lnum, startcol, s_len); if (lnum == oap->end.lnum) { curbuf->b_op_end.lnum = oap->end.lnum; curbuf->b_op_end.col = offset; } } changed_lines(oap->start.lnum + 1, 0, oap->end.lnum + 1, 0L); State = oldstate; }",visit repo url,src/ops.c,https://github.com/vim/vim,40360265428472,1 264,[],"static int do_ncp_getmountuid2(unsigned int fd, unsigned int cmd, unsigned long arg) { mm_segment_t old_fs = get_fs(); __kernel_uid_t kuid; int err; cmd = NCP_IOC_GETMOUNTUID2; set_fs(KERNEL_DS); err = sys_ioctl(fd, cmd, (unsigned long)&kuid); set_fs(old_fs); if (!err) err = put_user(kuid, (unsigned int __user *) compat_ptr(arg)); return err; }",linux-2.6,,,138890348557707838111383299786324078341,0 4300,CWE-787,"static void parse_relocation_info(struct MACH0_(obj_t) *bin, RSkipList *relocs, ut32 offset, ut32 num) { if (!num || !offset || (st32)num < 0) { return; } ut64 total_size = num * sizeof (struct relocation_info); if (offset > bin->size) { return; } if (total_size > bin->size) { total_size = bin->size - offset; num = total_size /= sizeof (struct relocation_info); } struct relocation_info *info = calloc (num, sizeof (struct relocation_info)); if (!info) { return; } if (r_buf_read_at (bin->b, offset, (ut8 *) info, total_size) < total_size) { free (info); return; } size_t i; for (i = 0; i < num; i++) { struct relocation_info a_info = info[i]; ut32 sym_num = a_info.r_symbolnum; if (sym_num > bin->nsymtab) { continue; } ut32 stridx = bin->symtab[sym_num].n_strx; char *sym_name = get_name (bin, stridx, false); if (!sym_name) { continue; } struct reloc_t *reloc = R_NEW0 (struct reloc_t); if (!reloc) { free (info); free (sym_name); return; } reloc->addr = offset_to_vaddr (bin, a_info.r_address); reloc->offset = a_info.r_address; reloc->ord = sym_num; reloc->type = a_info.r_type; reloc->external = a_info.r_extern; reloc->pc_relative = a_info.r_pcrel; reloc->size = a_info.r_length; r_str_ncpy (reloc->name, sym_name, sizeof (reloc->name) - 1); r_skiplist_insert (relocs, reloc); free (sym_name); } free (info); }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radareorg/radare2,66154660496975,1 1409,CWE-310,"static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_comp rcomp; snprintf(rcomp.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""compression""); if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, sizeof(struct crypto_report_comp), &rcomp)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user.c,https://github.com/torvalds/linux,133008035110244,1 2798,CWE-787,"static UINT32 nsc_rle_encode(BYTE* in, BYTE* out, UINT32 originalSize) { UINT32 left; UINT32 runlength = 1; UINT32 planeSize = 0; left = originalSize; while (left > 4 && planeSize < originalSize - 4) { if (left > 5 && *in == *(in + 1)) { runlength++; } else if (runlength == 1) { *out++ = *in; planeSize++; } else if (runlength < 256) { *out++ = *in; *out++ = *in; *out++ = runlength - 2; runlength = 1; planeSize += 3; } else { *out++ = *in; *out++ = *in; *out++ = 0xFF; *out++ = (runlength & 0x000000FF); *out++ = (runlength & 0x0000FF00) >> 8; *out++ = (runlength & 0x00FF0000) >> 16; *out++ = (runlength & 0xFF000000) >> 24; runlength = 1; planeSize += 7; } in++; left--; } if (planeSize < originalSize - 4) CopyMemory(out, in, 4); planeSize += 4; return planeSize; }",visit repo url,libfreerdp/codec/nsc_encode.c,https://github.com/FreeRDP/FreeRDP,92511836934329,1 1329,['CWE-119'],"asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag) { unsigned char ch; *tag = 0; do { if (!asn1_octet_decode(ctx, &ch)) return 0; *tag <<= 7; *tag |= ch & 0x7F; } while ((ch & 0x80) == 0x80); return 1; }",linux-2.6,,,191394309865164537413347336194976358620,0 4818,CWE-119,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 3717,[],"static void unix_write_space(struct sock *sk) { read_lock(&sk->sk_callback_lock); if (unix_writable(sk)) { if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) wake_up_interruptible_sync(sk->sk_sleep); sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); } read_unlock(&sk->sk_callback_lock); }",linux-2.6,,,206581795712016854775427355237896747879,0 5706,['CWE-200'],"static int llc_ui_wait_for_busy_core(struct sock *sk, long timeout) { DEFINE_WAIT(wait); struct llc_sock *llc = llc_sk(sk); int rc; while (1) { prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); rc = 0; if (sk_wait_event(sk, &timeout, (sk->sk_shutdown & RCV_SHUTDOWN) || (!llc_data_accept_state(llc->state) && !llc->remote_busy_flag && !llc->p_flag))) break; rc = -ERESTARTSYS; if (signal_pending(current)) break; rc = -EAGAIN; if (!timeout) break; } finish_wait(sk->sk_sleep, &wait); return rc; }",linux-2.6,,,7349394791068354528000373692886204963,0 786,['CWE-119'],"isdn_net_newslave(char *parm) { char *p = strchr(parm, ','); isdn_net_dev *n; char newname[10]; if (p) { if (!strlen(p + 1)) return NULL; strcpy(newname, p + 1); *p = 0; if (!(n = isdn_net_findif(parm))) return NULL; if (n->local->master) return NULL; if (isdn_net_device_started(n)) return NULL; return (isdn_net_new(newname, n->dev)); } return NULL; }",linux-2.6,,,179320790853224078078937889725679882890,0 6371,CWE-787,"write_file(tree_t *t, FILE *fp, int col) { int i; uchar *ptr; while (t != NULL) { if (t->markup == MARKUP_NONE) { if (t->preformatted) { for (ptr = t->data; *ptr != '\0'; ptr ++) fputs((char *)iso8859(*ptr), fp); if (t->data[strlen((char *)t->data) - 1] == '\n') col = 0; else col += strlen((char *)t->data); } else { if ((col + (int)strlen((char *)t->data)) > 72 && col > 0) { putc('\n', fp); col = 0; } for (ptr = t->data; *ptr != '\0'; ptr ++) fputs((char *)iso8859(*ptr), fp); col += strlen((char *)t->data); if (col > 72) { putc('\n', fp); col = 0; } } } else if (t->markup == MARKUP_COMMENT) fprintf(fp, ""\n\n"", t->data); else if (t->markup > 0) { switch (t->markup) { case MARKUP_AREA : case MARKUP_BR : case MARKUP_CENTER : case MARKUP_COMMENT : case MARKUP_DD : case MARKUP_DL : case MARKUP_DT : case MARKUP_H1 : case MARKUP_H2 : case MARKUP_H3 : case MARKUP_H4 : case MARKUP_H5 : case MARKUP_H6 : case MARKUP_HEAD : case MARKUP_HR : case MARKUP_LI : case MARKUP_MAP : case MARKUP_OL : case MARKUP_P : case MARKUP_PRE : case MARKUP_TABLE : case MARKUP_TITLE : case MARKUP_TR : case MARKUP_UL : case MARKUP_DIR : case MARKUP_MENU : if (col > 0) { putc('\n', fp); col = 0; } default : break; } col += fprintf(fp, ""<%s"", _htmlMarkups[t->markup]); for (i = 0; i < t->nvars; i ++) { if (col > 72 && !t->preformatted) { putc('\n', fp); col = 0; } if (col > 0) { putc(' ', fp); col ++; } if (t->vars[i].value == NULL) col += fprintf(fp, ""%s"", t->vars[i].name); else if (strchr((char *)t->vars[i].value, '\""') != NULL) col += fprintf(fp, ""%s=\'%s\'"", t->vars[i].name, t->vars[i].value); else col += fprintf(fp, ""%s=\""%s\"""", t->vars[i].name, t->vars[i].value); } putc('>', fp); col ++; if (col > 72 && !t->preformatted) { putc('\n', fp); col = 0; } if (t->child != NULL) { col = write_file(t->child, fp, col); if (col > 72 && !t->preformatted) { putc('\n', fp); col = 0; } col += fprintf(fp, """", _htmlMarkups[t->markup]); switch (t->markup) { case MARKUP_AREA : case MARKUP_BR : case MARKUP_CENTER : case MARKUP_COMMENT : case MARKUP_DD : case MARKUP_DL : case MARKUP_DT : case MARKUP_H1 : case MARKUP_H2 : case MARKUP_H3 : case MARKUP_H4 : case MARKUP_H5 : case MARKUP_H6 : case MARKUP_HEAD : case MARKUP_HR : case MARKUP_LI : case MARKUP_MAP : case MARKUP_OL : case MARKUP_P : case MARKUP_PRE : case MARKUP_TABLE : case MARKUP_TITLE : case MARKUP_TR : case MARKUP_UL : case MARKUP_DIR : case MARKUP_MENU : putc('\n', fp); col = 0; default : break; } } } t = t->next; } return (col); }",visit repo url,htmldoc/htmllib.cxx,https://github.com/michaelrsweet/htmldoc,118119904538603,1 2025,CWE-476,"int get_evtchn_to_irq(evtchn_port_t evtchn) { if (evtchn >= xen_evtchn_max_channels()) return -1; if (evtchn_to_irq[EVTCHN_ROW(evtchn)] == NULL) return -1; return evtchn_to_irq[EVTCHN_ROW(evtchn)][EVTCHN_COL(evtchn)]; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,6430717779714,1 4265,CWE-416,"static pyc_object *get_object(RBuffer *buffer) { bool error = false; pyc_object *ret = NULL; ut8 code = get_ut8 (buffer, &error); bool flag = (code & FLAG_REF); RListIter *ref_idx = NULL; ut8 type = (code & ~FLAG_REF); if (error) { return NULL; } if (flag) { pyc_object *noneret = get_none_object (); if (noneret) { ref_idx = r_list_append (refs, noneret); } } switch (type) { case TYPE_NULL: free_object (ret); return NULL; case TYPE_TRUE: return get_true_object (); case TYPE_FALSE: free_object (ret); return get_false_object (); case TYPE_NONE: free_object (ret); return get_none_object (); case TYPE_REF: free_object (ret); return get_ref_object (buffer); case TYPE_SMALL_TUPLE: ret = get_small_tuple_object (buffer); break; case TYPE_TUPLE: ret = get_tuple_object (buffer); break; case TYPE_STRING: ret = get_string_object (buffer); break; case TYPE_CODE_v0: ret = get_code_object (buffer); if (ret) { ret->type = TYPE_CODE_v0; } break; case TYPE_CODE_v1: ret = get_code_object (buffer); if (ret) { ret->type = TYPE_CODE_v1; } break; case TYPE_INT: ret = get_int_object (buffer); break; case TYPE_ASCII_INTERNED: ret = get_ascii_interned_object (buffer); break; case TYPE_SHORT_ASCII: ret = get_short_ascii_object (buffer); break; case TYPE_ASCII: ret = get_ascii_object (buffer); break; case TYPE_SHORT_ASCII_INTERNED: ret = get_short_ascii_interned_object (buffer); break; case TYPE_INT64: ret = get_int64_object (buffer); break; case TYPE_INTERNED: ret = get_interned_object (buffer); break; case TYPE_STRINGREF: ret = get_stringref_object (buffer); break; case TYPE_FLOAT: ret = get_float_object (buffer); break; case TYPE_BINARY_FLOAT: ret = get_binary_float_object (buffer); break; case TYPE_COMPLEX: ret = get_complex_object (buffer); break; case TYPE_BINARY_COMPLEX: ret = get_binary_complex_object (buffer); break; case TYPE_LIST: ret = get_list_object (buffer); break; case TYPE_LONG: ret = get_long_object (buffer); break; case TYPE_UNICODE: ret = get_unicode_object (buffer); break; case TYPE_DICT: ret = get_dict_object (buffer); break; case TYPE_FROZENSET: case TYPE_SET: ret = get_set_object (buffer); break; case TYPE_STOPITER: case TYPE_ELLIPSIS: ret = R_NEW0 (pyc_object); break; case TYPE_UNKNOWN: eprintf (""Get not implemented for type 0x%x\n"", type); r_list_pop (refs); free_object (ret); return NULL; case 0: break; default: eprintf (""Undefined type in get_object (0x%x)\n"", type); return NULL; } if (ret && flag && ref_idx) { if (ref_idx->data != ret) { free_object (ref_idx->data); } ref_idx->data = copy_object (ret); } if (ret) { return ret; } ret = get_none_object (); if (!ret) { return NULL; } r_list_append (refs, ret); return ret; }",visit repo url,libr/bin/format/pyc/marshal.c,https://github.com/radareorg/radare2,185543989403573,1 3989,CWE-352,"void set_content_type(HttpResponse res, const char *mime) { set_header(res, ""Content-Type"", mime); }",visit repo url,src/http/processor.c,https://bitbucket.org/tildeslash/monit,8805352985591,1 619,['CWE-189'],"static void update_network(struct ieee80211_network *dst, struct ieee80211_network *src) { int qos_active; u8 old_param; ieee80211_network_reset(dst); dst->ibss_dfs = src->ibss_dfs; if (dst->channel == src->stats.received_channel) memcpy(&dst->stats, &src->stats, sizeof(struct ieee80211_rx_stats)); else IEEE80211_DEBUG_SCAN(""Network "" MAC_FMT "" info received "" ""off channel (%d vs. %d)\n"", MAC_ARG(src->bssid), dst->channel, src->stats.received_channel); dst->capability = src->capability; memcpy(dst->rates, src->rates, src->rates_len); dst->rates_len = src->rates_len; memcpy(dst->rates_ex, src->rates_ex, src->rates_ex_len); dst->rates_ex_len = src->rates_ex_len; dst->mode = src->mode; dst->flags = src->flags; dst->time_stamp[0] = src->time_stamp[0]; dst->time_stamp[1] = src->time_stamp[1]; dst->beacon_interval = src->beacon_interval; dst->listen_interval = src->listen_interval; dst->atim_window = src->atim_window; dst->erp_value = src->erp_value; dst->tim = src->tim; memcpy(dst->wpa_ie, src->wpa_ie, src->wpa_ie_len); dst->wpa_ie_len = src->wpa_ie_len; memcpy(dst->rsn_ie, src->rsn_ie, src->rsn_ie_len); dst->rsn_ie_len = src->rsn_ie_len; dst->last_scanned = jiffies; qos_active = src->qos_data.active; old_param = dst->qos_data.old_param_count; if (dst->flags & NETWORK_HAS_QOS_MASK) memcpy(&dst->qos_data, &src->qos_data, sizeof(struct ieee80211_qos_data)); else { dst->qos_data.supported = src->qos_data.supported; dst->qos_data.param_count = src->qos_data.param_count; } if (dst->qos_data.supported == 1) { if (dst->ssid_len) IEEE80211_DEBUG_QOS (""QoS the network %s is QoS supported\n"", dst->ssid); else IEEE80211_DEBUG_QOS (""QoS the network is QoS supported\n""); } dst->qos_data.active = qos_active; dst->qos_data.old_param_count = old_param; }",linux-2.6,,,335098015141382422093317385537422468122,0 4761,['CWE-20'],"handle_t *ext4_journal_start_sb(struct super_block *sb, int nblocks) { journal_t *journal; if (sb->s_flags & MS_RDONLY) return ERR_PTR(-EROFS); journal = EXT4_SB(sb)->s_journal; if (journal) { if (is_journal_aborted(journal)) { ext4_abort(sb, __func__, ""Detected aborted journal""); return ERR_PTR(-EROFS); } return jbd2_journal_start(journal, nblocks); } current->journal_info = EXT4_NOJOURNAL_HANDLE; return current->journal_info; }",linux-2.6,,,70249353983970091701130471898226350185,0 930,CWE-200,"static int sched_read_attr(struct sched_attr __user *uattr, struct sched_attr *attr, unsigned int usize) { int ret; if (!access_ok(VERIFY_WRITE, uattr, usize)) return -EFAULT; if (usize < sizeof(*attr)) { unsigned char *addr; unsigned char *end; addr = (void *)attr + usize; end = (void *)attr + sizeof(*attr); for (; addr < end; addr++) { if (*addr) goto err_size; } attr->size = usize; } ret = copy_to_user(uattr, attr, usize); if (ret) return -EFAULT; out: return ret; err_size: ret = -E2BIG; goto out; }",visit repo url,kernel/sched/core.c,https://github.com/torvalds/linux,134194343844175,1 4317,CWE-125,"static int init_shdr(ELFOBJ *bin) { ut32 shdr_size; ut8 shdr[sizeof (Elf_(Shdr))] = {0}; size_t i, j, len; r_return_val_if_fail (bin && !bin->shdr, false); if (!UT32_MUL (&shdr_size, bin->ehdr.e_shnum, sizeof (Elf_(Shdr)))) { return false; } if (shdr_size < 1) { return false; } if (shdr_size > bin->size) { return false; } if (bin->ehdr.e_shoff > bin->size) { return false; } if (bin->ehdr.e_shoff + shdr_size > bin->size) { return false; } if (!(bin->shdr = R_NEWS0 (Elf_(Shdr), bin->ehdr.e_shnum))) { r_sys_perror (""malloc (shdr)""); return false; } sdb_num_set (bin->kv, ""elf_shdr.offset"", bin->ehdr.e_shoff, 0); sdb_num_set (bin->kv, ""elf_shdr.size"", sizeof (Elf_(Shdr)), 0); sdb_set (bin->kv, ""elf_s_type.cparse"", ""enum elf_s_type {SHT_NULL=0,SHT_PROGBITS=1,"" ""SHT_SYMTAB=2,SHT_STRTAB=3,SHT_RELA=4,SHT_HASH=5,SHT_DYNAMIC=6,SHT_NOTE=7,"" ""SHT_NOBITS=8,SHT_REL=9,SHT_SHLIB=10,SHT_DYNSYM=11,SHT_LOOS=0x60000000,"" ""SHT_HIOS=0x6fffffff,SHT_LOPROC=0x70000000,SHT_HIPROC=0x7fffffff};"", 0); for (i = 0; i < bin->ehdr.e_shnum; i++) { j = 0; len = r_buf_read_at (bin->b, bin->ehdr.e_shoff + i * sizeof (Elf_(Shdr)), shdr, sizeof (Elf_(Shdr))); if (len < 1) { R_LOG_ERROR (""read (shdr) at 0x%"" PFMT64x, (ut64) bin->ehdr.e_shoff); R_FREE (bin->shdr); return false; } bin->shdr[i].sh_name = READ32 (shdr, j); bin->shdr[i].sh_type = READ32 (shdr, j); bin->shdr[i].sh_flags = R_BIN_ELF_READWORD (shdr, j); bin->shdr[i].sh_addr = R_BIN_ELF_READWORD (shdr, j); bin->shdr[i].sh_offset = R_BIN_ELF_READWORD (shdr, j); bin->shdr[i].sh_size = R_BIN_ELF_READWORD (shdr, j); bin->shdr[i].sh_link = READ32 (shdr, j); bin->shdr[i].sh_info = READ32 (shdr, j); bin->shdr[i].sh_addralign = R_BIN_ELF_READWORD (shdr, j); bin->shdr[i].sh_entsize = R_BIN_ELF_READWORD (shdr, j); } #if R_BIN_ELF64 sdb_set (bin->kv, ""elf_s_flags_64.cparse"", ""enum elf_s_flags_64 {SF64_None=0,SF64_Exec=1,"" ""SF64_Alloc=2,SF64_Alloc_Exec=3,SF64_Write=4,SF64_Write_Exec=5,"" ""SF64_Write_Alloc=6,SF64_Write_Alloc_Exec=7};"", 0); sdb_set (bin->kv, ""elf_shdr.format"", ""x[4]E[8]Eqqqxxqq name (elf_s_type)type"" "" (elf_s_flags_64)flags addr offset size link info addralign entsize"", 0); #else sdb_set (bin->kv, ""elf_s_flags_32.cparse"", ""enum elf_s_flags_32 {SF32_None=0,SF32_Exec=1,"" ""SF32_Alloc=2,SF32_Alloc_Exec=3,SF32_Write=4,SF32_Write_Exec=5,"" ""SF32_Write_Alloc=6,SF32_Write_Alloc_Exec=7};"", 0); sdb_set (bin->kv, ""elf_shdr.format"", ""x[4]E[4]Exxxxxxx name (elf_s_type)type"" "" (elf_s_flags_32)flags addr offset size link info addralign entsize"", 0); #endif return true; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radareorg/radare2,88249900822614,1 6699,CWE-90,"static void test_sss_certmap_get_search_filter(void **state) { int ret; struct sss_certmap_ctx *ctx; char *filter; char **domains; const char *dom_list[] = {""test.dom"", NULL}; ret = sss_certmap_init(NULL, ext_debug, NULL, &ctx); assert_int_equal(ret, EOK); assert_non_null(ctx); assert_null(ctx->prio_list); ret = sss_certmap_add_rule(ctx, 100, ""KRB5:CN=Certificate Authority,O=IPA.DEVEL"", ""LDAP:rule100={issuer_dn}{subject_dn}"", NULL); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert_der), sizeof(test_cert_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""rule100=CN=Certificate Authority,O=IPA.DEVEL"" ""CN=ipa-devel.ipa.devel,O=IPA.DEVEL""); assert_null(domains); ret = sss_certmap_add_rule(ctx, 99, ""KRB5:CN=Certificate Authority,O=IPA.DEVEL"", ""LDAP:rule99={issuer_dn}{subject_dn}"", dom_list); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert_der), sizeof(test_cert_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""rule99=CN=Certificate Authority,O=IPA.DEVEL"" ""CN=ipa-devel.ipa.devel,O=IPA.DEVEL""); assert_non_null(domains); assert_string_equal(domains[0], ""test.dom""); assert_null(domains[1]); ret = sss_certmap_add_rule(ctx, 98, ""KRB5:CN=Certificate Authority,O=IPA.DEVEL"", ""LDAP:rule98=userCertificate;binary={cert!bin}"", dom_list); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert_der), sizeof(test_cert_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""rule98=userCertificate;binary="" TEST_CERT_BIN); assert_non_null(domains); assert_string_equal(domains[0], ""test.dom""); assert_null(domains[1]); ret = sss_certmap_add_rule(ctx, 97, ""KRB5:CN=Certificate Authority,O=IPA.DEVEL"", ""LDAP:rule97={issuer_dn!nss_x500}{subject_dn}"", dom_list); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert_der), sizeof(test_cert_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""rule97=O=IPA.DEVEL,CN=Certificate Authority"" ""CN=ipa-devel.ipa.devel,O=IPA.DEVEL""); assert_non_null(domains); assert_string_equal(domains[0], ""test.dom""); assert_null(domains[1]); ret = sss_certmap_add_rule(ctx, 96, ""KRB5:CN=Certificate Authority,O=IPA.DEVEL"", ""LDAP:rule96={issuer_dn!nss_x500}{subject_dn!nss_x500}"", dom_list); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert_der), sizeof(test_cert_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""rule96=O=IPA.DEVEL,CN=Certificate Authority"" ""O=IPA.DEVEL,CN=ipa-devel.ipa.devel""); assert_non_null(domains); assert_string_equal(domains[0], ""test.dom""); assert_null(domains[1]); ret = sss_certmap_add_rule(ctx, 95, ""KRB5:CN=Certificate Authority,O=IPA.DEVEL"", NULL, NULL); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert_der), sizeof(test_cert_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""(userCertificate;binary="" TEST_CERT_BIN "")""); assert_null(domains); ret = sss_certmap_add_rule(ctx, 94, ""KRB5:CN=Certificate Authority,O=IPA.DEVEL"", ""LDAP:rule94={issuer_dn!ad_x500}{subject_dn!ad_x500}"", dom_list); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert_der), sizeof(test_cert_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""rule94=O=IPA.DEVEL,CN=Certificate Authority"" ""O=IPA.DEVEL,CN=ipa-devel.ipa.devel""); assert_non_null(domains); assert_string_equal(domains[0], ""test.dom""); assert_null(domains[1]); ret = sss_certmap_add_rule(ctx, 89, NULL, ""(rule89={subject_nt_principal})"", NULL); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert2_der), sizeof(test_cert2_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""(rule89=tu1@ad.devel)""); assert_null(domains); ret = sss_certmap_add_rule(ctx, 88, NULL, ""(rule88={subject_nt_principal.short_name})"", NULL); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert2_der), sizeof(test_cert2_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""(rule88=tu1)""); assert_null(domains); ret = sss_certmap_add_rule(ctx, 87, NULL, ""LDAP:rule87={issuer_dn!nss_x500}{subject_dn!nss_x500}"", NULL); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert2_der), sizeof(test_cert2_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""rule87=DC=devel,DC=ad,CN=ad-AD-SERVER-CA"" ""DC=devel,DC=ad,CN=Users,CN=t u,E=test.user@email.domain""); assert_null(domains); ret = sss_certmap_add_rule(ctx, 86, NULL, ""LDAP:rule86={issuer_dn!ad_x500}{subject_dn!ad_x500}"", NULL); assert_int_equal(ret, 0); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert2_der), sizeof(test_cert2_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""rule86=DC=devel,DC=ad,CN=ad-AD-SERVER-CA"" ""DC=devel,DC=ad,CN=Users,CN=t u,E=test.user@email.domain""); assert_null(domains); sss_certmap_free_ctx(ctx); ret = sss_certmap_init(NULL, ext_debug, NULL, &ctx); assert_int_equal(ret, EOK); assert_non_null(ctx); assert_null(ctx->prio_list); ret = sss_certmap_get_search_filter(ctx, discard_const(test_cert2_der), sizeof(test_cert2_der), &filter, &domains); assert_int_equal(ret, 0); assert_non_null(filter); assert_string_equal(filter, ""(userCertificate;binary="" TEST_CERT2_BIN"")""); assert_null(domains); sss_certmap_free_ctx(ctx); }",visit repo url,src/tests/cmocka/test_certmap.c,https://github.com/SSSD/sssd,236967258994197,1 3355,CWE-284,"static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]) { chanacs_t *ca; mowgli_node_t *n; char *channel = parv[0]; char *target = sstrdup(parv[1]); char *flagstr = parv[2]; const char *str1; unsigned int addflags, removeflags, restrictflags; hook_channel_acl_req_t req; mychan_t *mc; if (parc < 1) { command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, ""FLAGS""); command_fail(si, fault_needmoreparams, _(""Syntax: FLAGS [target] [flags]"")); return; } mc = mychan_find(channel); if (!mc) { command_fail(si, fault_nosuch_target, _(""Channel \2%s\2 is not registered.""), channel); return; } if (metadata_find(mc, ""private:close:closer"") && (target || !has_priv(si, PRIV_CHAN_AUSPEX))) { command_fail(si, fault_noprivs, _(""\2%s\2 is closed.""), channel); return; } if (!target || (target && target[0] == '+' && flagstr == NULL)) { unsigned int flags = (target != NULL) ? flags_to_bitmask(target, 0) : 0; do_list(si, mc, flags); return; } else if (!strcasecmp(target, ""LIST"") && myentity_find_ext(target) == NULL) { do_list(si, mc, 0); free(target); return; } else if (!strcasecmp(target, ""CLEAR"") && myentity_find_ext(target) == NULL) { free(target); if (!chanacs_source_has_flag(mc, si, CA_FOUNDER)) { command_fail(si, fault_noprivs, ""You are not authorized to perform this operation.""); return; } mowgli_node_t *tn; MOWGLI_ITER_FOREACH_SAFE(n, tn, mc->chanacs.head) { ca = n->data; if (ca->level & CA_FOUNDER) continue; object_unref(ca); } logcommand(si, CMDLOG_DO, ""CLEAR:FLAGS: \2%s\2"", mc->name); command_success_nodata(si, _(""Cleared flags in \2%s\2.""), mc->name); return; } else if (!strcasecmp(target, ""MODIFY"") && myentity_find_ext(target) == NULL) { free(target); if (parc < 3) { command_fail(si, fault_needmoreparams, STR_INSUFFICIENT_PARAMS, ""FLAGS""); command_fail(si, fault_needmoreparams, _(""Syntax: FLAGS <#channel> MODIFY [target] "")); return; } flagstr = strchr(parv[2], ' '); if (flagstr) *flagstr++ = '\0'; target = strdup(parv[2]); } { myentity_t *mt; if (!si->smu) { command_fail(si, fault_noprivs, _(""You are not logged in."")); return; } if (!flagstr) { if (!(mc->flags & MC_PUBACL) && !chanacs_source_has_flag(mc, si, CA_ACLVIEW)) { command_fail(si, fault_noprivs, _(""You are not authorized to execute this command."")); return; } if (validhostmask(target)) ca = chanacs_find_host_literal(mc, target, 0); else { if (!(mt = myentity_find_ext(target))) { command_fail(si, fault_nosuch_target, _(""\2%s\2 is not registered.""), target); return; } free(target); target = sstrdup(mt->name); ca = chanacs_find_literal(mc, mt, 0); } if (ca != NULL) { str1 = bitmask_to_flags2(ca->level, 0); command_success_string(si, str1, _(""Flags for \2%s\2 in \2%s\2 are \2%s\2.""), target, channel, str1); } else command_success_string(si, """", _(""No flags for \2%s\2 in \2%s\2.""), target, channel); logcommand(si, CMDLOG_GET, ""FLAGS: \2%s\2 on \2%s\2"", mc->name, target); return; } restrictflags = chanacs_source_flags(mc, si); if (restrictflags & CA_FOUNDER) restrictflags = ca_all; else { if (!(restrictflags & CA_FLAGS)) { if (restrictflags & CA_AKICK || si->smu == NULL || irccasecmp(target, entity(si->smu)->name) || strcmp(flagstr, ""-*"")) { command_fail(si, fault_noprivs, _(""You are not authorized to execute this command."")); return; } } if (irccasecmp(target, entity(si->smu)->name)) restrictflags = allow_flags(mc, restrictflags); else restrictflags |= allow_flags(mc, restrictflags); } if (*flagstr == '+' || *flagstr == '-' || *flagstr == '=') { flags_make_bitmasks(flagstr, &addflags, &removeflags); if (addflags == 0 && removeflags == 0) { command_fail(si, fault_badparams, _(""No valid flags given, use /%s%s HELP FLAGS for a list""), ircd->uses_rcommand ? """" : ""msg "", chansvs.me->disp); return; } } else { addflags = get_template_flags(mc, flagstr); if (addflags == 0) { if (*target == '+' || *target == '-' || *target == '=') command_fail(si, fault_badparams, _(""Usage: FLAGS %s [target] [flags]""), mc->name); else command_fail(si, fault_badparams, _(""Invalid template name given, use /%s%s TEMPLATE %s for a list""), ircd->uses_rcommand ? """" : ""msg "", chansvs.me->disp, mc->name); return; } removeflags = ca_all & ~addflags; } if (!validhostmask(target)) { if (!(mt = myentity_find_ext(target))) { command_fail(si, fault_nosuch_target, _(""\2%s\2 is not registered.""), target); return; } free(target); target = sstrdup(mt->name); ca = chanacs_open(mc, mt, NULL, true, entity(si->smu)); if (ca->level & CA_FOUNDER && removeflags & CA_FLAGS && !(removeflags & CA_FOUNDER)) { command_fail(si, fault_noprivs, _(""You may not remove a founder's +f access."")); return; } if (ca->level & CA_FOUNDER && removeflags & CA_FOUNDER && mychan_num_founders(mc) == 1) { command_fail(si, fault_noprivs, _(""You may not remove the last founder."")); return; } if (!(ca->level & CA_FOUNDER) && addflags & CA_FOUNDER) { if (mychan_num_founders(mc) >= chansvs.maxfounders) { command_fail(si, fault_noprivs, _(""Only %d founders allowed per channel.""), chansvs.maxfounders); chanacs_close(ca); return; } if (!myentity_can_register_channel(mt)) { command_fail(si, fault_toomany, _(""\2%s\2 has too many channels registered.""), mt->name); chanacs_close(ca); return; } if (!myentity_allow_foundership(mt)) { command_fail(si, fault_toomany, _(""\2%s\2 cannot take foundership of a channel.""), mt->name); chanacs_close(ca); return; } } if (addflags & CA_FOUNDER) addflags |= CA_FLAGS, removeflags &= ~CA_FLAGS; if (isuser(mt) && (MU_NEVEROP & user(mt)->flags && addflags != CA_AKICK && addflags != 0 && (ca->level == 0 || ca->level == CA_AKICK))) { command_fail(si, fault_noprivs, _(""\2%s\2 does not wish to be added to channel access lists (NEVEROP set).""), mt->name); chanacs_close(ca); return; } if (ca->level == 0 && chanacs_is_table_full(ca)) { command_fail(si, fault_toomany, _(""Channel %s access list is full.""), mc->name); chanacs_close(ca); return; } req.ca = ca; req.oldlevel = ca->level; if (!chanacs_modify(ca, &addflags, &removeflags, restrictflags)) { command_fail(si, fault_noprivs, _(""You are not allowed to set \2%s\2 on \2%s\2 in \2%s\2.""), bitmask_to_flags2(addflags, removeflags), mt->name, mc->name); chanacs_close(ca); return; } req.newlevel = ca->level; hook_call_channel_acl_change(&req); chanacs_close(ca); } else { if (addflags & CA_FOUNDER) { command_fail(si, fault_badparams, _(""You may not set founder status on a hostmask."")); return; } ca = chanacs_open(mc, NULL, target, true, entity(si->smu)); if (ca->level == 0 && chanacs_is_table_full(ca)) { command_fail(si, fault_toomany, _(""Channel %s access list is full.""), mc->name); chanacs_close(ca); return; } req.ca = ca; req.oldlevel = ca->level; if (!chanacs_modify(ca, &addflags, &removeflags, restrictflags)) { command_fail(si, fault_noprivs, _(""You are not allowed to set \2%s\2 on \2%s\2 in \2%s\2.""), bitmask_to_flags2(addflags, removeflags), target, mc->name); chanacs_close(ca); return; } req.newlevel = ca->level; hook_call_channel_acl_change(&req); chanacs_close(ca); } if ((addflags | removeflags) == 0) { command_fail(si, fault_nochange, _(""Channel access to \2%s\2 for \2%s\2 unchanged.""), channel, target); return; } flagstr = bitmask_to_flags2(addflags, removeflags); command_success_nodata(si, _(""Flags \2%s\2 were set on \2%s\2 in \2%s\2.""), flagstr, target, channel); logcommand(si, CMDLOG_SET, ""FLAGS: \2%s\2 \2%s\2 \2%s\2"", mc->name, target, flagstr); verbose(mc, ""\2%s\2 set flags \2%s\2 on \2%s\2"", get_source_name(si), flagstr, target); } free(target); }",visit repo url,modules/chanserv/flags.c,https://github.com/atheme/atheme,75017585101321,1 4927,['CWE-20'],"static struct dentry *nfs_lookup(struct inode *dir, struct dentry * dentry, struct nameidata *nd) { struct dentry *res; struct inode *inode = NULL; int error; struct nfs_fh fhandle; struct nfs_fattr fattr; dfprintk(VFS, ""NFS: lookup(%s/%s)\n"", dentry->d_parent->d_name.name, dentry->d_name.name); nfs_inc_stats(dir, NFSIOS_VFSLOOKUP); res = ERR_PTR(-ENAMETOOLONG); if (dentry->d_name.len > NFS_SERVER(dir)->namelen) goto out; res = ERR_PTR(-ENOMEM); dentry->d_op = NFS_PROTO(dir)->dentry_ops; lock_kernel(); if (nfs_is_exclusive_create(dir, nd)) { d_instantiate(dentry, NULL); res = NULL; goto out_unlock; } error = NFS_PROTO(dir)->lookup(dir, &dentry->d_name, &fhandle, &fattr); if (error == -ENOENT) goto no_entry; if (error < 0) { res = ERR_PTR(error); goto out_unlock; } error = nfs_reval_fsid(dir, &fattr); if (error < 0) { res = ERR_PTR(error); goto out_unlock; } inode = nfs_fhget(dentry->d_sb, &fhandle, &fattr); res = (struct dentry *)inode; if (IS_ERR(res)) goto out_unlock; no_entry: res = d_materialise_unique(dentry, inode); if (res != NULL) { struct dentry *parent; if (IS_ERR(res)) goto out_unlock; parent = dget_parent(res); if (!IS_ROOT(parent)) nfs_mark_for_revalidate(parent->d_inode); dput(parent); dentry = res; } nfs_renew_times(dentry); nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); out_unlock: unlock_kernel(); out: return res; }",linux-2.6,,,215781099488693972955535681777485849437,0 297,[],"static int cdrom_do_generic_command(unsigned int fd, unsigned int cmd, unsigned long arg) { struct cdrom_generic_command __user *cgc; struct cdrom_generic_command32 __user *cgc32; u32 data; unsigned char dir; int itmp; cgc = compat_alloc_user_space(sizeof(*cgc)); cgc32 = compat_ptr(arg); if (copy_in_user(&cgc->cmd, &cgc32->cmd, sizeof(cgc->cmd)) || get_user(data, &cgc32->buffer) || put_user(compat_ptr(data), &cgc->buffer) || copy_in_user(&cgc->buflen, &cgc32->buflen, (sizeof(unsigned int) + sizeof(int))) || get_user(data, &cgc32->sense) || put_user(compat_ptr(data), &cgc->sense) || get_user(dir, &cgc32->data_direction) || put_user(dir, &cgc->data_direction) || get_user(itmp, &cgc32->quiet) || put_user(itmp, &cgc->quiet) || get_user(itmp, &cgc32->timeout) || put_user(itmp, &cgc->timeout) || get_user(data, &cgc32->reserved[0]) || put_user(compat_ptr(data), &cgc->reserved[0])) return -EFAULT; return sys_ioctl(fd, cmd, (unsigned long) cgc); }",linux-2.6,,,40927852787957161220786353471499424422,0 6173,CWE-190,"void ep4_mul_sim_lot(ep4_t r, const ep4_t p[], const bn_t k[], int n) { const int len = RLC_FP_BITS + 1; int i, j, m, l, *_l = RLC_ALLOCA(int, 8 * n); bn_t _k[8], q, x; int8_t *naf = RLC_ALLOCA(int8_t, 8 * n * len); bn_null(q); bn_null(x); if (n <= 10) { ep4_t *_p = RLC_ALLOCA(ep4_t, 8 * n); RLC_TRY { bn_new(q); bn_new(x); for (j = 0; j < 8; j++) { bn_null(_k[j]); bn_new(_k[j]); for (i = 0; i < n; i++) { ep4_null(_p[8*i + j]); ep4_new(_p[8*i + j]); } } for (int i = 0; i < n; i++) { ep4_norm(_p[8*i], p[i]); ep4_frb(_p[8*i + 1], _p[8*i], 1); ep4_frb(_p[8*i + 2], _p[8*i + 1], 1); ep4_frb(_p[8*i + 3], _p[8*i + 2], 1); ep4_frb(_p[8*i + 4], _p[8*i + 3], 1); ep4_frb(_p[8*i + 5], _p[8*i + 4], 1); ep4_frb(_p[8*i + 6], _p[8*i + 5], 1); ep4_frb(_p[8*i + 7], _p[8*i + 6], 1); } ep_curve_get_ord(q); fp_prime_get_par(x); l = 0; for (i = 0; i < n; i++) { bn_rec_frb(_k, 8, k[i], q, x, ep_curve_is_pairf() == EP_BN); for (j = 0; j < 8; j++) { _l[8*i + j] = len; bn_rec_naf(&naf[(8*i + j)*len], &_l[8*i + j], _k[j], 2); if (bn_sign(_k[j]) == RLC_NEG) { ep4_neg(_p[8*i + j], _p[8*i + j]); } l = RLC_MAX(l, _l[8*i + j]); } } for (i = 0; i < n; i++) { for (j = 0; j < 8; j++) { for (m = _l[8*i + j]; m < l; m++) { naf[(8*i + j)*len + m] = 0; } } } ep4_set_infty(r); for (i = l - 1; i >= 0; i--) { ep4_dbl(r, r); for (j = 0; j < n; j++) { for (m = 0; m < 8; m++) { if (naf[(8*j + m)*len + i] > 0) { ep4_add(r, r, _p[8*j + m]); } if (naf[(8*j + m)*len + i] < 0) { ep4_sub(r, r, _p[8*j + m]); } } } } ep4_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(q); bn_free(x); for (j = 0; j < 8; j++) { bn_free(_k[j]); for (i = 0; i < n; i++) { ep4_free(_p[8*i + j]); } } RLC_FREE(_l); RLC_FREE(_p); RLC_FREE(naf); } } else { const int w = RLC_MAX(2, util_bits_dig(n) - 2), c = (1 << (w - 2)); ep4_t s, t, u, v, *_p = RLC_ALLOCA(ep4_t, 8 * c); int8_t ptr; ep4_null(s); ep4_null(t); ep4_null(u); ep4_null(v); RLC_TRY { bn_new(q); bn_new(x); ep4_new(s); ep4_new(t); ep4_new(u); ep4_new(v); for (i = 0; i < 8; i++) { bn_null(_k[i]); bn_new(_k[i]); for (j = 0; j < c; j++) { ep4_null(_p[i*c + j]); ep4_new(_p[i*c + j]); ep4_set_infty(_p[i*c + j]); } } ep_curve_get_ord(q); fp_prime_get_par(x); l = 0; for (i = 0; i < n; i++) { bn_rec_frb(_k, 8, k[i], q, x, ep_curve_is_pairf() == EP_BN); for (j = 0; j < 8; j++) { _l[8*i + j] = len; bn_rec_naf(&naf[(8*i + j)*len], &_l[8*i + j], _k[j], w); l = RLC_MAX(l, _l[8*i + j]); } } for (i = 0; i < n; i++) { for (j = 0; j < 8; j++) { for (m = _l[8*i + j]; m < l; m++) { naf[(8*i + j)*len + m] = 0; } } } ep4_set_infty(s); for (i = l - 1; i >= 0; i--) { for (j = 0; j < n; j++) { for (m = 0; m < 8; m++) { ptr = naf[(8*j + m)*len + i]; if (ptr != 0) { ep4_copy(t, p[j]); if (ptr < 0) { ptr = -ptr; ep4_neg(t, t); } if (bn_sign(_k[m]) == RLC_NEG) { ep4_neg(t, t); } ep4_add(_p[m*c + (ptr/2)], _p[m*c + (ptr/2)], t); } } } ep4_set_infty(t); for (m = 3; m >= 0; m--) { ep4_frb(t, t, 1); ep4_set_infty(u); ep4_set_infty(v); for (j = c - 1; j >= 0; j--) { ep4_add(u, u, _p[m*c + j]); if (j == 0) { ep4_dbl(v, v); } ep4_add(v, v, u); ep4_set_infty(_p[m*c + j]); } ep4_add(t, t, v); } ep4_dbl(s, s); ep4_add(s, s, t); } ep4_norm(r, s); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(q); bn_free(x); ep4_free(s); ep4_free(t); ep4_free(u); ep4_free(v); for (i = 0; i < 8; i++) { bn_free(_k[i]); for (j = 0; j < c; j++) { ep4_free(_p[i*c + j]); } } RLC_FREE(_l); RLC_FREE(_p); RLC_FREE(naf); } } }",visit repo url,src/epx/relic_ep4_mul_sim.c,https://github.com/relic-toolkit/relic,225704423130846,1 3876,['CWE-119'],"static int lbs_scan_add_chanlist_tlv(uint8_t *tlv, struct chanscanparamset *chan_list, int chan_count) { size_t size = sizeof(struct chanscanparamset) *chan_count; struct mrvlietypes_chanlistparamset *chan_tlv = (void *)tlv; chan_tlv->header.type = cpu_to_le16(TLV_TYPE_CHANLIST); memcpy(chan_tlv->chanscanparam, chan_list, size); chan_tlv->header.len = cpu_to_le16(size); return sizeof(chan_tlv->header) + size; }",linux-2.6,,,193179353410081700717207583962027909599,0 1165,['CWE-189'],"static inline int hrtimer_hres_active(void) { return __get_cpu_var(hrtimer_bases).hres_active; }",linux-2.6,,,80620898563209459478913559587966431037,0 4629,['CWE-399'],"void ext4_get_inode_flags(struct ext4_inode_info *ei) { unsigned int flags = ei->vfs_inode.i_flags; ei->i_flags &= ~(EXT4_SYNC_FL|EXT4_APPEND_FL| EXT4_IMMUTABLE_FL|EXT4_NOATIME_FL|EXT4_DIRSYNC_FL); if (flags & S_SYNC) ei->i_flags |= EXT4_SYNC_FL; if (flags & S_APPEND) ei->i_flags |= EXT4_APPEND_FL; if (flags & S_IMMUTABLE) ei->i_flags |= EXT4_IMMUTABLE_FL; if (flags & S_NOATIME) ei->i_flags |= EXT4_NOATIME_FL; if (flags & S_DIRSYNC) ei->i_flags |= EXT4_DIRSYNC_FL; }",linux-2.6,,,77384304416982134108082459441341393073,0 6633,CWE-120,"njs_array_prototype_concat(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs, njs_index_t unused) { double idx; int64_t k, len, length; njs_int_t ret; njs_uint_t i; njs_value_t this, retval, *e; njs_array_t *array, *keys; ret = njs_value_to_object(vm, &args[0]); if (njs_slow_path(ret != NJS_OK)) { return ret; } array = njs_array_alloc(vm, 0, 0, NJS_ARRAY_SPARE); if (njs_slow_path(array == NULL)) { return NJS_ERROR; } njs_set_array(&this, array); len = 0; length = 0; for (i = 0; i < nargs; i++) { e = njs_argument(args, i); ret = njs_is_concat_spreadable(vm, e); if (njs_slow_path(ret == NJS_ERROR)) { return NJS_ERROR; } if (ret == NJS_OK) { ret = njs_object_length(vm, e, &len); if (njs_slow_path(ret == NJS_ERROR)) { return ret; } if (njs_slow_path((length + len) > NJS_MAX_LENGTH)) { njs_type_error(vm, ""Invalid length""); return NJS_ERROR; } if (njs_is_fast_array(e) || njs_fast_object(len)) { for (k = 0; k < len; k++, length++) { ret = njs_value_property_i64(vm, e, k, &retval); if (njs_slow_path(ret != NJS_OK)) { if (ret == NJS_ERROR) { return NJS_ERROR; } njs_set_invalid(&retval); } ret = njs_array_add(vm, array, &retval); if (njs_slow_path(ret != NJS_OK)) { return NJS_ERROR; } } continue; } keys = njs_array_indices(vm, e); if (njs_slow_path(keys == NULL)) { return NJS_ERROR; } for (k = 0; k < keys->length; k++) { ret = njs_value_property(vm, e, &keys->start[k], &retval); if (njs_slow_path(ret == NJS_ERROR)) { return ret; } if (ret == NJS_OK) { idx = njs_string_to_index(&keys->start[k]) + length; ret = njs_value_property_i64_set(vm, &this, idx, &retval); if (njs_slow_path(ret == NJS_ERROR)) { njs_array_destroy(vm, keys); return ret; } } } njs_array_destroy(vm, keys); length += len; continue; } if (njs_slow_path((length + len) >= NJS_MAX_LENGTH)) { njs_type_error(vm, ""Invalid length""); return NJS_ERROR; } ret = njs_value_property_i64_set(vm, &this, length, e); if (njs_slow_path(ret == NJS_ERROR)) { return ret; } length++; } ret = njs_object_length_set(vm, &this, length); if (njs_slow_path(ret != NJS_OK)) { return NJS_ERROR; } vm->retval = this; return NJS_OK; }",visit repo url,src/njs_array.c,https://github.com/nginx/njs,133755956692772,1 5600,CWE-125,"num_stmts(const node *n) { int i, l; node *ch; switch (TYPE(n)) { case single_input: if (TYPE(CHILD(n, 0)) == NEWLINE) return 0; else return num_stmts(CHILD(n, 0)); case file_input: l = 0; for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == stmt) l += num_stmts(ch); } return l; case stmt: return num_stmts(CHILD(n, 0)); case compound_stmt: return 1; case simple_stmt: return NCH(n) / 2; case suite: if (NCH(n) == 1) return num_stmts(CHILD(n, 0)); else { i = 2; l = 0; if (TYPE(CHILD(n, 1)) == TYPE_COMMENT) i += 2; for (; i < (NCH(n) - 1); i++) l += num_stmts(CHILD(n, i)); return l; } default: { char buf[128]; sprintf(buf, ""Non-statement found: %d %d"", TYPE(n), NCH(n)); Py_FatalError(buf); } } assert(0); return 0; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,273989109925958,1 2158,['CWE-400'],"shmem_write_end(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned copied, struct page *page, void *fsdata) { struct inode *inode = mapping->host; if (pos + copied > inode->i_size) i_size_write(inode, pos + copied); unlock_page(page); set_page_dirty(page); page_cache_release(page); return copied; }",linux-2.6,,,252963675049606348646209913764887105053,0 1366,CWE-119,"static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen) { struct page *pages[NFS4ACL_MAXPAGES] = {NULL, }; struct nfs_getaclargs args = { .fh = NFS_FH(inode), .acl_pages = pages, .acl_len = buflen, }; struct nfs_getaclres res = { .acl_len = buflen, }; struct rpc_message msg = { .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_GETACL], .rpc_argp = &args, .rpc_resp = &res, }; unsigned int npages = DIV_ROUND_UP(buflen, PAGE_SIZE); int ret = -ENOMEM, i; if (npages == 0) npages = 1; if (npages > ARRAY_SIZE(pages)) return -ERANGE; for (i = 0; i < npages; i++) { pages[i] = alloc_page(GFP_KERNEL); if (!pages[i]) goto out_free; } res.acl_scratch = alloc_page(GFP_KERNEL); if (!res.acl_scratch) goto out_free; args.acl_len = npages * PAGE_SIZE; args.acl_pgbase = 0; dprintk(""%s buf %p buflen %zu npages %d args.acl_len %zu\n"", __func__, buf, buflen, npages, args.acl_len); ret = nfs4_call_sync(NFS_SERVER(inode)->client, NFS_SERVER(inode), &msg, &args.seq_args, &res.seq_res, 0); if (ret) goto out_free; if (res.acl_flags & NFS4_ACL_TRUNC) { if (buf == NULL) goto out_ok; ret = -ERANGE; goto out_free; } nfs4_write_cached_acl(inode, pages, res.acl_data_offset, res.acl_len); if (buf) _copy_from_pages(buf, pages, res.acl_data_offset, res.acl_len); out_ok: ret = res.acl_len; out_free: for (i = 0; i < npages; i++) if (pages[i]) __free_page(pages[i]); if (res.acl_scratch) __free_page(res.acl_scratch); return ret; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,72007700940337,1 6165,['CWE-200'],"static int wireless_seq_show(struct seq_file *seq, void *v) { if (v == SEQ_START_TOKEN) seq_printf(seq, ""Inter-| sta-| Quality | Discarded "" ""packets | Missed | WE\n"" "" face | tus | link level noise | nwid "" ""crypt frag retry misc | beacon | %d\n"", WIRELESS_EXT); else wireless_seq_printf_stats(seq, v); return 0; }",linux-2.6,,,42384607496866040242526388749973197529,0 6111,['CWE-200'],"static void ipv6_regen_rndid(unsigned long data) { struct inet6_dev *idev = (struct inet6_dev *) data; unsigned long expires; read_lock_bh(&addrconf_lock); write_lock_bh(&idev->lock); if (idev->dead) goto out; if (__ipv6_regen_rndid(idev) < 0) goto out; expires = jiffies + idev->cnf.temp_prefered_lft * HZ - idev->cnf.regen_max_retry * idev->cnf.dad_transmits * idev->nd_parms->retrans_time - desync_factor; if (time_before(expires, jiffies)) { printk(KERN_WARNING ""ipv6_regen_rndid(): too short regeneration interval; timer disabled for %s.\n"", idev->dev->name); goto out; } if (!mod_timer(&idev->regen_timer, expires)) in6_dev_hold(idev); out: write_unlock_bh(&idev->lock); read_unlock_bh(&addrconf_lock); in6_dev_put(idev); }",linux-2.6,,,267828891133914211210219444119964680298,0 289,CWE-119,"static int atusb_get_and_show_build(struct atusb *atusb) { struct usb_device *usb_dev = atusb->usb_dev; char build[ATUSB_BUILD_SIZE + 1]; int ret; ret = atusb_control_msg(atusb, usb_rcvctrlpipe(usb_dev, 0), ATUSB_BUILD, ATUSB_REQ_FROM_DEV, 0, 0, build, ATUSB_BUILD_SIZE, 1000); if (ret >= 0) { build[ret] = 0; dev_info(&usb_dev->dev, ""Firmware: build %s\n"", build); } return ret; }",visit repo url,drivers/net/ieee802154/atusb.c,https://github.com/torvalds/linux,25745533949949,1 112,['CWE-787'],"static void cirrus_linear_writew(void *opaque, target_phys_addr_t addr, uint32_t val) { #ifdef TARGET_WORDS_BIGENDIAN cirrus_linear_writeb(opaque, addr, (val >> 8) & 0xff); cirrus_linear_writeb(opaque, addr + 1, val & 0xff); #else cirrus_linear_writeb(opaque, addr, val & 0xff); cirrus_linear_writeb(opaque, addr + 1, (val >> 8) & 0xff); #endif }",qemu,,,130388580580474379604498604575343646850,0 3632,CWE-674,"static int rm_rf_children_inner( int fd, const char *fname, int is_dir, RemoveFlags flags, const struct stat *root_dev) { struct stat st; int r, q = 0; assert(fd >= 0); assert(fname); if (is_dir < 0 || root_dev || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags); if (r < 0) return r; is_dir = S_ISDIR(st.st_mode); } if (is_dir) { _cleanup_close_ int subdir_fd = -1; if (root_dev && st.st_dev != root_dev->st_dev) return 0; r = fd_is_mount_point(fd, fname, 0); if (r < 0) return r; if (r > 0) return 0; if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); if (r < 0) { if (!IN_SET(r, -ENOTTY, -EINVAL)) return r; } else return 1; } subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); if (subdir_fd < 0) return -errno; q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); } else if (flags & REMOVE_ONLY_DIRECTORIES) return 0; r = unlinkat_harder(fd, fname, is_dir ? AT_REMOVEDIR : 0, flags); if (r < 0) return r; if (q < 0) return q; return 1; }",visit repo url,src/shared/rm-rf.c,https://github.com/systemd/systemd,150924613695030,1 6468,CWE-119,"void * pvPortMalloc( size_t xWantedSize ) { BlockLink_t * pxBlock, * pxPreviousBlock, * pxNewBlockLink; static BaseType_t xHeapHasBeenInitialised = pdFALSE; void * pvReturn = NULL; vTaskSuspendAll(); { if( xHeapHasBeenInitialised == pdFALSE ) { prvHeapInit(); xHeapHasBeenInitialised = pdTRUE; } if( xWantedSize > 0 ) { xWantedSize += heapSTRUCT_SIZE; if( ( xWantedSize & portBYTE_ALIGNMENT_MASK ) != 0 ) { xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); } } if( ( xWantedSize > 0 ) && ( xWantedSize < configADJUSTED_HEAP_SIZE ) ) { pxPreviousBlock = &xStart; pxBlock = xStart.pxNextFreeBlock; while( ( pxBlock->xBlockSize < xWantedSize ) && ( pxBlock->pxNextFreeBlock != NULL ) ) { pxPreviousBlock = pxBlock; pxBlock = pxBlock->pxNextFreeBlock; } if( pxBlock != &xEnd ) { pvReturn = ( void * ) ( ( ( uint8_t * ) pxPreviousBlock->pxNextFreeBlock ) + heapSTRUCT_SIZE ); pxPreviousBlock->pxNextFreeBlock = pxBlock->pxNextFreeBlock; if( ( pxBlock->xBlockSize - xWantedSize ) > heapMINIMUM_BLOCK_SIZE ) { pxNewBlockLink = ( void * ) ( ( ( uint8_t * ) pxBlock ) + xWantedSize ); pxNewBlockLink->xBlockSize = pxBlock->xBlockSize - xWantedSize; pxBlock->xBlockSize = xWantedSize; prvInsertBlockIntoFreeList( ( pxNewBlockLink ) ); } xFreeBytesRemaining -= pxBlock->xBlockSize; } } traceMALLOC( pvReturn, xWantedSize ); } ( void ) xTaskResumeAll(); #if ( configUSE_MALLOC_FAILED_HOOK == 1 ) { if( pvReturn == NULL ) { extern void vApplicationMallocFailedHook( void ); vApplicationMallocFailedHook(); } } #endif return pvReturn; } ",visit repo url,portable/MemMang/heap_2.c,https://github.com/FreeRTOS/FreeRTOS-Kernel,115862613608856,1 6330,['CWE-200'],"static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n, void *arg) { struct rtattr **tca = arg; u32 pid = skb ? NETLINK_CB(skb).pid : 0; int ret = 0, ovr = 0; if (tca[TCA_ACT_TAB-1] == NULL) { printk(""tc_ctl_action: received NO action attribs\n""); return -EINVAL; } switch (n->nlmsg_type) { case RTM_NEWACTION: if (n->nlmsg_flags&NLM_F_REPLACE) ovr = 1; replay: ret = tcf_action_add(tca[TCA_ACT_TAB-1], n, pid, ovr); if (ret == -EAGAIN) goto replay; break; case RTM_DELACTION: ret = tca_action_gd(tca[TCA_ACT_TAB-1], n, pid, RTM_DELACTION); break; case RTM_GETACTION: ret = tca_action_gd(tca[TCA_ACT_TAB-1], n, pid, RTM_GETACTION); break; default: BUG(); } return ret; }",linux-2.6,,,232398225250576293365885223348775759797,0 5753,CWE-190,"int bson_check_string( bson *b, const char *string, const int length ) { return bson_validate_string( b, ( const unsigned char * )string, length, 1, 0, 0 ); }",visit repo url,src/encoding.c,https://github.com/10gen-archive/mongo-c-driver-legacy,112455135978985,1 219,CWE-476,"static int tower_probe (struct usb_interface *interface, const struct usb_device_id *id) { struct device *idev = &interface->dev; struct usb_device *udev = interface_to_usbdev(interface); struct lego_usb_tower *dev = NULL; struct usb_host_interface *iface_desc; struct usb_endpoint_descriptor* endpoint; struct tower_get_version_reply get_version_reply; int i; int retval = -ENOMEM; int result; dev = kmalloc (sizeof(struct lego_usb_tower), GFP_KERNEL); if (!dev) goto exit; mutex_init(&dev->lock); dev->udev = udev; dev->open_count = 0; dev->read_buffer = NULL; dev->read_buffer_length = 0; dev->read_packet_length = 0; spin_lock_init (&dev->read_buffer_lock); dev->packet_timeout_jiffies = msecs_to_jiffies(packet_timeout); dev->read_last_arrival = jiffies; init_waitqueue_head (&dev->read_wait); init_waitqueue_head (&dev->write_wait); dev->interrupt_in_buffer = NULL; dev->interrupt_in_endpoint = NULL; dev->interrupt_in_urb = NULL; dev->interrupt_in_running = 0; dev->interrupt_in_done = 0; dev->interrupt_out_buffer = NULL; dev->interrupt_out_endpoint = NULL; dev->interrupt_out_urb = NULL; dev->interrupt_out_busy = 0; iface_desc = interface->cur_altsetting; for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) { endpoint = &iface_desc->endpoint[i].desc; if (usb_endpoint_xfer_int(endpoint)) { if (usb_endpoint_dir_in(endpoint)) dev->interrupt_in_endpoint = endpoint; else dev->interrupt_out_endpoint = endpoint; } } if(dev->interrupt_in_endpoint == NULL) { dev_err(idev, ""interrupt in endpoint not found\n""); goto error; } if (dev->interrupt_out_endpoint == NULL) { dev_err(idev, ""interrupt out endpoint not found\n""); goto error; } dev->read_buffer = kmalloc (read_buffer_size, GFP_KERNEL); if (!dev->read_buffer) goto error; dev->interrupt_in_buffer = kmalloc (usb_endpoint_maxp(dev->interrupt_in_endpoint), GFP_KERNEL); if (!dev->interrupt_in_buffer) goto error; dev->interrupt_in_urb = usb_alloc_urb(0, GFP_KERNEL); if (!dev->interrupt_in_urb) goto error; dev->interrupt_out_buffer = kmalloc (write_buffer_size, GFP_KERNEL); if (!dev->interrupt_out_buffer) goto error; dev->interrupt_out_urb = usb_alloc_urb(0, GFP_KERNEL); if (!dev->interrupt_out_urb) goto error; dev->interrupt_in_interval = interrupt_in_interval ? interrupt_in_interval : dev->interrupt_in_endpoint->bInterval; dev->interrupt_out_interval = interrupt_out_interval ? interrupt_out_interval : dev->interrupt_out_endpoint->bInterval; usb_set_intfdata (interface, dev); retval = usb_register_dev (interface, &tower_class); if (retval) { dev_err(idev, ""Not able to get a minor for this device.\n""); usb_set_intfdata (interface, NULL); goto error; } dev->minor = interface->minor; dev_info(&interface->dev, ""LEGO USB Tower #%d now attached to major "" ""%d minor %d\n"", (dev->minor - LEGO_USB_TOWER_MINOR_BASE), USB_MAJOR, dev->minor); result = usb_control_msg (udev, usb_rcvctrlpipe(udev, 0), LEGO_USB_TOWER_REQUEST_GET_VERSION, USB_TYPE_VENDOR | USB_DIR_IN | USB_RECIP_DEVICE, 0, 0, &get_version_reply, sizeof(get_version_reply), 1000); if (result < 0) { dev_err(idev, ""LEGO USB Tower get version control request failed\n""); retval = result; goto error; } dev_info(&interface->dev, ""LEGO USB Tower firmware version is %d.%d "" ""build %d\n"", get_version_reply.major, get_version_reply.minor, le16_to_cpu(get_version_reply.build_no)); exit: return retval; error: tower_delete(dev); return retval; }",visit repo url,drivers/usb/misc/legousbtower.c,https://github.com/torvalds/linux,29291464459244,1 699,[],"static int jpc_cod_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_cod_t *cod = &ms->parms.cod; int i; fprintf(out, ""csty = 0x%02x;\n"", cod->compparms.csty); fprintf(out, ""numdlvls = %d; qmfbid = %d; mctrans = %d\n"", cod->compparms.numdlvls, cod->compparms.qmfbid, cod->mctrans); fprintf(out, ""prg = %d; numlyrs = %d;\n"", cod->prg, cod->numlyrs); fprintf(out, ""cblkwidthval = %d; cblkheightval = %d; "" ""cblksty = 0x%02x;\n"", cod->compparms.cblkwidthval, cod->compparms.cblkheightval, cod->compparms.cblksty); if (cod->csty & JPC_COX_PRT) { for (i = 0; i < cod->compparms.numrlvls; ++i) { jas_eprintf(""prcwidth[%d] = %d, prcheight[%d] = %d\n"", i, cod->compparms.rlvls[i].parwidthval, i, cod->compparms.rlvls[i].parheightval); } } return 0; }",jasper,,,162257693715937064781137228228333926982,0 2799,['CWE-264'],"skip_tail( unsigned int ioaddr, unsigned int tail_len, u32 crc ) { while( tail_len-- ) crc = CRC32( inb( ioaddr + DAT ), crc ); return crc == CRC32_REMAINDER; }",linux-2.6,,,121952166828115489112190651834463931609,0 1426,[],"static void update_stats_enqueue(struct cfs_rq *cfs_rq, struct sched_entity *se) { if (se != cfs_rq->curr) update_stats_wait_start(cfs_rq, se); }",linux-2.6,,,280709910047278189858826461312298553862,0 1586,CWE-476,"void migrate_page_copy(struct page *newpage, struct page *page) { int cpupid; if (PageHuge(page) || PageTransHuge(page)) copy_huge_page(newpage, page); else copy_highpage(newpage, page); if (PageError(page)) SetPageError(newpage); if (PageReferenced(page)) SetPageReferenced(newpage); if (PageUptodate(page)) SetPageUptodate(newpage); if (TestClearPageActive(page)) { VM_BUG_ON_PAGE(PageUnevictable(page), page); SetPageActive(newpage); } else if (TestClearPageUnevictable(page)) SetPageUnevictable(newpage); if (PageChecked(page)) SetPageChecked(newpage); if (PageMappedToDisk(page)) SetPageMappedToDisk(newpage); if (PageDirty(page)) { clear_page_dirty_for_io(page); if (PageSwapBacked(page)) SetPageDirty(newpage); else __set_page_dirty_nobuffers(newpage); } if (page_is_young(page)) set_page_young(newpage); if (page_is_idle(page)) set_page_idle(newpage); cpupid = page_cpupid_xchg_last(page, -1); page_cpupid_xchg_last(newpage, cpupid); ksm_migrate_page(newpage, page); if (PageSwapCache(page)) ClearPageSwapCache(page); ClearPagePrivate(page); set_page_private(page, 0); if (PageWriteback(newpage)) end_page_writeback(newpage); }",visit repo url,mm/migrate.c,https://github.com/torvalds/linux,199678577472442,1 4781,['CWE-20'],"static int init_inodecache(void) { ext4_inode_cachep = kmem_cache_create(""ext4_inode_cache"", sizeof(struct ext4_inode_info), 0, (SLAB_RECLAIM_ACCOUNT| SLAB_MEM_SPREAD), init_once); if (ext4_inode_cachep == NULL) return -ENOMEM; return 0; }",linux-2.6,,,220713140468079638096127397337218028592,0 5029,[],"static void child_read_request(struct winbindd_cli_state *state) { ssize_t len; len = read_data(state->sock, (char *)&state->request, sizeof(state->request)); if (len != sizeof(state->request)) { DEBUG(len > 0 ? 0 : 3, (""Got invalid request length: %d\n"", (int)len)); state->finished = True; return; } if (state->request.extra_len == 0) { state->request.extra_data.data = NULL; return; } DEBUG(10, (""Need to read %d extra bytes\n"", (int)state->request.extra_len)); state->request.extra_data.data = SMB_MALLOC_ARRAY(char, state->request.extra_len + 1); if (state->request.extra_data.data == NULL) { DEBUG(0, (""malloc failed\n"")); state->finished = True; return; } state->request.extra_data.data[state->request.extra_len] = '\0'; len = read_data(state->sock, state->request.extra_data.data, state->request.extra_len); if (len != state->request.extra_len) { DEBUG(0, (""Could not read extra data\n"")); state->finished = True; return; } }",samba,,,333877043890362244205216284233010672606,0 6727,CWE-78,"sigterm_handler(int sig) { (void)sig; fprintf(stderr, ""DEBUG: beh: Job canceled.\n""); if (job_canceled) _exit(CUPS_BACKEND_OK); else job_canceled = 1; }",visit repo url,backend/beh.c,https://github.com/OpenPrinting/cups-filters,193148992256708,1 4615,CWE-190,"static s32 gf_media_vvc_read_sps_bs_internal(GF_BitStream *bs, VVCState *vvc, u8 layer_id, u32 *vui_flag_pos) { s32 vps_id, sps_id; u32 i, CtbSizeY; VVC_SPS *sps; u8 sps_ptl_dpb_hrd_params_present_flag; if (vui_flag_pos) *vui_flag_pos = 0; sps_id = gf_bs_read_int_log(bs, 4, ""sps_id""); if (sps_id >= 16) { return -1; } vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) { return -1; } if (!vps_id && !vvc->vps[0].state) { vvc->vps[0].state = 1; vvc->vps[0].num_ptl = 1; vvc->vps[0].max_layers = 1; vvc->vps[0].all_layers_independent = 1; } sps = &vvc->sps[sps_id]; if (!sps->state) { sps->state = 1; sps->id = sps_id; sps->vps_id = vps_id; } sps->max_sublayers = 1 + gf_bs_read_int_log(bs, 3, ""max_sublayers_minus1""); sps->chroma_format_idc = gf_bs_read_int_log(bs, 2, ""chroma_format_idc""); sps->log2_ctu_size = 5 + gf_bs_read_int_log(bs, 2, ""log2_ctu_size_minus5""); CtbSizeY = 1<log2_ctu_size; sps_ptl_dpb_hrd_params_present_flag = gf_bs_read_int_log(bs, 1, ""sps_ptl_dpb_hrd_params_present_flag""); if (sps_ptl_dpb_hrd_params_present_flag) { VVC_ProfileTierLevel ptl, *p_ptl; if (sps->vps_id) { p_ptl = &ptl; } else { p_ptl = &vvc->vps[0].ptl[0]; } memset(p_ptl, 0, sizeof(VVC_ProfileTierLevel)); p_ptl->pt_present = 1; p_ptl->ptl_max_tid = sps->max_sublayers; vvc_profile_tier_level(bs, p_ptl, 0); } sps->gdr_enabled = gf_bs_read_int_log(bs, 1, ""gdr_enabled""); sps->ref_pic_resampling = gf_bs_read_int_log(bs, 1, ""ref_pic_resampling""); if (sps->ref_pic_resampling) sps->res_change_in_clvs = gf_bs_read_int_log(bs, 1, ""res_change_in_clvs""); sps->width = gf_bs_read_ue_log(bs, ""width""); sps->height = gf_bs_read_ue_log(bs, ""height""); sps->conf_window = gf_bs_read_int_log(bs, 1, ""conformance_window_present_flag""); if (sps->conf_window) { sps->cw_left = gf_bs_read_ue_log(bs, ""conformance_window_left""); sps->cw_right = gf_bs_read_ue_log(bs, ""conformance_window_right""); sps->cw_top = gf_bs_read_ue_log(bs, ""conformance_window_top""); sps->cw_bottom = gf_bs_read_ue_log(bs, ""conformance_window_bottom""); } sps->subpic_info_present = gf_bs_read_int_log(bs, 1, ""subpic_info_present""); if (sps->subpic_info_present) { sps->nb_subpics = 1 + gf_bs_read_ue_log(bs, ""nb_subpics_minus1""); if (sps->nb_subpics>1) { u32 tmpWidthVal, tmpHeightVal; sps->independent_subpic_flags = gf_bs_read_int_log(bs, 1, ""independent_subpic_flags""); sps->subpic_same_size = gf_bs_read_int_log(bs, 1, ""subpic_same_size""); tmpWidthVal = (sps->width + CtbSizeY-1) / CtbSizeY; tmpWidthVal = gf_get_bit_size(tmpWidthVal); tmpHeightVal = (sps->height + CtbSizeY-1) / CtbSizeY; tmpHeightVal = gf_get_bit_size(tmpHeightVal); for (i=0; inb_subpics; i++) { if( !sps->subpic_same_size || !i) { if (i && (sps->width > CtbSizeY)) gf_bs_read_int_log(bs, tmpWidthVal, ""subpic_ctu_top_left_x""); if (i && (sps->height > CtbSizeY)) gf_bs_read_int_log(bs, tmpHeightVal, ""subpic_ctu_top_left_y""); if ((i+1 < sps->nb_subpics) && (sps->width > CtbSizeY)) gf_bs_read_int_log(bs, tmpWidthVal, ""subpic_width_minus1""); if ((i+1 < sps->nb_subpics) && (sps->height > CtbSizeY)) gf_bs_read_int_log(bs, tmpHeightVal, ""subpic_height_minus1""); } if (!sps->independent_subpic_flags) { gf_bs_read_int_log(bs, 1, ""subpic_treated_as_pic_flag""); gf_bs_read_int_log(bs, 1, ""loop_filter_across_subpic_enabled_flag""); } } sps->subpicid_len = gf_bs_read_ue_log(bs, ""subpic_id_len_minus1"") + 1; sps->subpicid_mapping_explicit = gf_bs_read_int_log(bs, 1, ""subpic_id_mapping_explicitly_signalled_flag""); if (sps->subpicid_mapping_explicit) { sps->subpicid_mapping_present = gf_bs_read_int_log(bs, 1, ""subpic_id_mapping_present_flag""); if (sps->subpicid_mapping_present) { for (i=0; inb_subpics; i++) { gf_bs_read_ue_log(bs, ""subpic_id""); } } } } } sps->bitdepth = gf_bs_read_ue_log(bs, ""bitdepth_minus8"") + 8; gf_bs_read_int_log(bs, 1, ""entropy_coding_sync_enabled_flag""); gf_bs_read_int_log(bs, 1, ""entry_point_offsets_present_flag""); sps->log2_max_poc_lsb = 4 + gf_bs_read_int_log(bs, 4, ""log2_max_poc_lsb_minus4""); if ((sps->poc_msb_cycle_flag = gf_bs_read_int_log(bs, 1, ""poc_msb_cycle_flag""))) sps->poc_msb_cycle_len = 1 + gf_bs_read_ue_log(bs, ""poc_msb_cycle_len_minus1""); u8 sps_num_extra_ph_bits = 8 * gf_bs_read_int_log(bs, 2, ""sps_num_extra_ph_bytes""); for (i=0; iph_num_extra_bits++; } u8 sps_num_extra_sh_bits = 8 * gf_bs_read_int_log(bs, 2, ""num_extra_sh_bytes""); for (i=0; ish_num_extra_bits++; } if (sps_ptl_dpb_hrd_params_present_flag) { u8 sps_sublayer_dpb_params_flag = 0; if (sps->max_sublayers>1) { sps_sublayer_dpb_params_flag = gf_bs_read_int_log(bs, 1, ""sps_sublayer_dpb_params_flag""); } for (i=(sps_sublayer_dpb_params_flag ? 0 : sps->max_sublayers-1); i < sps->max_sublayers; i++ ) { gf_bs_read_ue_log_idx(bs, ""dpb_max_dec_pic_buffering_minus1"", i); gf_bs_read_ue_log_idx(bs, ""dpb_max_num_reorder_pics"", i); gf_bs_read_ue_log_idx(bs, ""dpb_max_latency_increase_plus1"", i); } } gf_bs_read_ue_log(bs, ""sps_log2_min_luma_coding_block_size_minus2""); gf_bs_read_int_log(bs, 1, ""sps_partition_constraints_override_enabled_flag""); gf_bs_read_ue_log(bs, ""sps_log2_min_luma_coding_block_size_minus2""); u8 sps_max_mtt_hierarchy_depth_intra_slice_luma = gf_bs_read_ue_log(bs, ""sps_max_mtt_hierarchy_depth_intra_slice_luma""); if (sps_max_mtt_hierarchy_depth_intra_slice_luma != 0) { gf_bs_read_ue_log(bs, ""sps_log2_diff_max_bt_min_qt_intra_slice_luma""); gf_bs_read_ue_log(bs, ""sps_log2_diff_max_tt_min_qt_intra_slice_luma""); } u8 sps_qtbtt_dual_tree_intra_flag = 0; if (sps->chroma_format_idc) { sps_qtbtt_dual_tree_intra_flag = gf_bs_read_int_log(bs, 1, ""sps_qtbtt_dual_tree_intra_flag""); } if (sps_qtbtt_dual_tree_intra_flag) { gf_bs_read_ue_log(bs, ""sps_log2_diff_min_qt_min_cb_intra_slice_chroma""); u8 sps_max_mtt_hierarchy_depth_intra_slice_chroma = gf_bs_read_ue_log(bs, ""sps_max_mtt_hierarchy_depth_intra_slice_chroma""); if( sps_max_mtt_hierarchy_depth_intra_slice_chroma != 0) { gf_bs_read_ue_log(bs, ""sps_log2_diff_max_bt_min_qt_intra_slice_chroma""); gf_bs_read_ue_log(bs, ""sps_log2_diff_max_tt_min_qt_intra_slice_chroma""); } } gf_bs_read_ue_log(bs, ""sps_log2_diff_min_qt_min_cb_inter_slice""); u8 sps_max_mtt_hierarchy_depth_inter_slice = gf_bs_read_ue_log(bs, ""sps_max_mtt_hierarchy_depth_inter_slice""); if (sps_max_mtt_hierarchy_depth_inter_slice != 0) { gf_bs_read_ue_log(bs, ""sps_log2_diff_max_bt_min_qt_inter_slice""); gf_bs_read_ue_log(bs, ""sps_log2_diff_max_tt_min_qt_inter_slice""); } if (CtbSizeY > 32) { gf_bs_read_int_log(bs, 1, ""sps_max_luma_transform_size_64_flag""); } u8 sps_transform_skip_enabled_flag = gf_bs_read_int_log(bs, 1, ""sps_transform_skip_enabled_flag""); if (sps_transform_skip_enabled_flag) { gf_bs_read_ue_log(bs, ""sps_log2_transform_skip_max_size_minus2""); gf_bs_read_int_log(bs, 1, ""sps_bdpcm_enabled_flag""); } if (gf_bs_read_int_log(bs, 1, ""sps_mts_enabled_flag"")) { gf_bs_read_int_log(bs, 1, ""sps_explicit_mts_intra_enabled_flag""); gf_bs_read_int_log(bs, 1, ""sps_explicit_mts_inter_enabled_flag""); } gf_bs_read_int_log(bs, 1, ""sps_lfnst_enabled_flag""); if (sps->chroma_format_idc) { u8 sps_joint_cbcr_enabled_flag = gf_bs_read_int_log(bs, 1, ""sps_joint_cbcr_enabled_flag""); u8 sps_same_qp_table_for_chroma_flag = gf_bs_read_int_log(bs, 1, ""sps_same_qp_table_for_chroma_flag""); u32 numQpTables = sps_same_qp_table_for_chroma_flag ? 1 : (sps_joint_cbcr_enabled_flag ? 3 : 2); for (i=0; ialf_enabled_flag = gf_bs_read_int_log(bs, 1, ""sps_alf_enabled_flag""); if (sps->alf_enabled_flag && sps->chroma_format_idc) { gf_bs_read_int_log(bs, 1, ""sps_ccalf_enabled_flag""); } return sps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,77414370045047,1 4904,CWE-125,"matchCurrentInput( const InString *input, int pos, const widechar *passInstructions, int passIC) { int k; int kk = pos; for (k = passIC + 2; k < passIC + 2 + passInstructions[passIC + 1]; k++) if (input->chars[kk] == ENDSEGMENT || passInstructions[k] != input->chars[kk++]) return 0; return 1; }",visit repo url,liblouis/lou_translateString.c,https://github.com/liblouis/liblouis,127859976582755,1 3316,[],"static inline int nla_nest_end(struct sk_buff *skb, struct nlattr *start) { start->nla_len = skb_tail_pointer(skb) - (unsigned char *)start; return skb->len; }",linux-2.6,,,246573189491469986672173221207119016013,0 2555,['CWE-119'],"static int handle_one_reflog_ent(unsigned char *osha1, unsigned char *nsha1, const char *email, unsigned long timestamp, int tz, const char *message, void *cb_data) { handle_one_reflog_commit(osha1, cb_data); handle_one_reflog_commit(nsha1, cb_data); return 0; }",git,,,32795544619685046932162613923860033027,0 2751,['CWE-189'],"int sctp_auth_asoc_init_active_key(struct sctp_association *asoc, gfp_t gfp) { struct sctp_auth_bytes *secret; struct sctp_shared_key *ep_key; if (!sctp_auth_enable || !asoc->peer.auth_capable) return 0; ep_key = sctp_auth_get_shkey(asoc, asoc->active_key_id); BUG_ON(!ep_key); secret = sctp_auth_asoc_create_secret(asoc, ep_key, gfp); if (!secret) return -ENOMEM; sctp_auth_key_put(asoc->asoc_shared_key); asoc->asoc_shared_key = secret; return 0; }",linux-2.6,,,141671710150658494648104483370568787407,0 1840,['CWE-189'],"_gnutls_send_empty_handshake (gnutls_session_t session, gnutls_handshake_description_t type, int again) { opaque data = 0; opaque *ptr; if (again == 0) ptr = &data; else ptr = NULL; return _gnutls_send_handshake (session, ptr, 0, type); }",gnutls,,,271719128079851640234005493979482588569,0 6190,['CWE-200'],"static inline int rtnetlink_fill_iwinfo(struct sk_buff * skb, struct net_device * dev, int type, char * event, int event_len) { struct ifinfomsg *r; struct nlmsghdr *nlh; unsigned char *b = skb->tail; nlh = NLMSG_PUT(skb, 0, 0, type, sizeof(*r)); r = NLMSG_DATA(nlh); r->ifi_family = AF_UNSPEC; r->__ifi_pad = 0; r->ifi_type = dev->type; r->ifi_index = dev->ifindex; r->ifi_flags = dev->flags; r->ifi_change = 0; RTA_PUT(skb, IFLA_WIRELESS, event_len, event); nlh->nlmsg_len = skb->tail - b; return skb->len; nlmsg_failure: rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,165017963994712210933135124359464565336,0 1322,CWE-362,"static inline int pmd_none_or_trans_huge_or_clear_bad(pmd_t *pmd) { pmd_t pmdval = *pmd; #ifdef CONFIG_TRANSPARENT_HUGEPAGE barrier(); #endif if (pmd_none(pmdval)) return 1; if (unlikely(pmd_bad(pmdval))) { if (!pmd_trans_huge(pmdval)) pmd_clear_bad(pmd); return 1; } return 0; }",visit repo url,include/asm-generic/pgtable.h,https://github.com/torvalds/linux,249942446355150,1 3777,CWE-122,"find_start_brace(void) { pos_T cursor_save; pos_T *trypos; pos_T *pos; static pos_T pos_copy; cursor_save = curwin->w_cursor; while ((trypos = findmatchlimit(NULL, '{', FM_BLOCKSTOP, 0)) != NULL) { pos_copy = *trypos; trypos = &pos_copy; curwin->w_cursor = *trypos; pos = NULL; if ((colnr_T)cin_skip2pos(trypos) == trypos->col && (pos = ind_find_start_CORS(NULL)) == NULL) break; if (pos != NULL) curwin->w_cursor.lnum = pos->lnum; } curwin->w_cursor = cursor_save; return trypos; }",visit repo url,src/cindent.c,https://github.com/vim/vim,73556140652775,1 5165,CWE-125,"ast_for_arguments(struct compiling *c, const node *n) { int i, j, k, nposargs = 0, nkwonlyargs = 0; int nposdefaults = 0, found_default = 0; asdl_seq *posargs, *posdefaults, *kwonlyargs, *kwdefaults; arg_ty vararg = NULL, kwarg = NULL; arg_ty arg = NULL; node *ch; if (TYPE(n) == parameters) { if (NCH(n) == 2) return arguments(NULL, NULL, NULL, NULL, NULL, NULL, c->c_arena); n = CHILD(n, 1); } assert(TYPE(n) == typedargslist || TYPE(n) == varargslist); for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == STAR) { i++; if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { i++; } break; } if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == vfpdef || TYPE(ch) == tfpdef) nposargs++; if (TYPE(ch) == EQUAL) nposdefaults++; } for ( ; i < NCH(n); ++i) { ch = CHILD(n, i); if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == tfpdef || TYPE(ch) == vfpdef) nkwonlyargs++; } posargs = (nposargs ? _Py_asdl_seq_new(nposargs, c->c_arena) : NULL); if (!posargs && nposargs) return NULL; kwonlyargs = (nkwonlyargs ? _Py_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwonlyargs && nkwonlyargs) return NULL; posdefaults = (nposdefaults ? _Py_asdl_seq_new(nposdefaults, c->c_arena) : NULL); if (!posdefaults && nposdefaults) return NULL; kwdefaults = (nkwonlyargs ? _Py_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwdefaults && nkwonlyargs) return NULL; i = 0; j = 0; k = 0; while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case tfpdef: case vfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expr_ty expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) return NULL; assert(posdefaults != NULL); asdl_seq_SET(posdefaults, j++, expression); i += 2; found_default = 1; } else if (found_default) { ast_error(c, n, ""non-default argument follows default argument""); return NULL; } arg = ast_for_arg(c, ch); if (!arg) return NULL; asdl_seq_SET(posargs, k++, arg); i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; break; case STAR: if (i+1 >= NCH(n) || (i+2 == NCH(n) && (TYPE(CHILD(n, i+1)) == COMMA || TYPE(CHILD(n, i+1)) == TYPE_COMMENT))) { ast_error(c, CHILD(n, i), ""named arguments must follow bare *""); return NULL; } ch = CHILD(n, i+1); if (TYPE(ch) == COMMA) { int res = 0; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { ast_error(c, CHILD(n, i), ""bare * has associated type comment""); return NULL; } res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } else { vararg = ast_for_arg(c, ch); if (!vararg) return NULL; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { vararg->type_comment = NEW_TYPE_COMMENT(CHILD(n, i)); if (!vararg->type_comment) return NULL; i += 1; } if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { int res = 0; res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } } break; case DOUBLESTAR: ch = CHILD(n, i+1); assert(TYPE(ch) == tfpdef || TYPE(ch) == vfpdef); kwarg = ast_for_arg(c, ch); if (!kwarg) return NULL; i += 2; if (TYPE(CHILD(n, i)) == COMMA) i += 1; break; case TYPE_COMMENT: assert(i); if (kwarg) arg = kwarg; arg->type_comment = NEW_TYPE_COMMENT(ch); if (!arg->type_comment) return NULL; i += 1; break; default: PyErr_Format(PyExc_SystemError, ""unexpected node in varargslist: %d @ %d"", TYPE(ch), i); return NULL; } } return arguments(posargs, vararg, kwonlyargs, kwdefaults, kwarg, posdefaults, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,99696554721392,1 4333,CWE-358,"BuildTestPacket(uint16_t id, uint16_t off, int mf, const char content, int content_len) { Packet *p = NULL; int hlen = 20; int ttl = 64; uint8_t *pcontent; IPV4Hdr ip4h; p = SCCalloc(1, sizeof(*p) + default_packet_size); if (unlikely(p == NULL)) return NULL; PACKET_INITIALIZE(p); gettimeofday(&p->ts, NULL); ip4h.ip_verhl = 4 << 4; ip4h.ip_verhl |= hlen >> 2; ip4h.ip_len = htons(hlen + content_len); ip4h.ip_id = htons(id); ip4h.ip_off = htons(off); if (mf) ip4h.ip_off = htons(IP_MF | off); else ip4h.ip_off = htons(off); ip4h.ip_ttl = ttl; ip4h.ip_proto = IPPROTO_ICMP; ip4h.s_ip_src.s_addr = 0x01010101; ip4h.s_ip_dst.s_addr = 0x02020202; PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h)); p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p); SET_IPV4_SRC_ADDR(p, &p->src); SET_IPV4_DST_ADDR(p, &p->dst); pcontent = SCCalloc(1, content_len); if (unlikely(pcontent == NULL)) return NULL; memset(pcontent, content, content_len); PacketCopyDataOffset(p, hlen, pcontent, content_len); SET_PKT_LEN(p, hlen + content_len); SCFree(pcontent); p->ip4h->ip_csum = IPV4CalculateChecksum((uint16_t *)GET_PKT_DATA(p), hlen); if (IPV4_GET_VER(p) != 4) goto error; if (IPV4_GET_HLEN(p) != hlen) goto error; if (IPV4_GET_IPLEN(p) != hlen + content_len) goto error; if (IPV4_GET_IPID(p) != id) goto error; if (IPV4_GET_IPOFFSET(p) != off) goto error; if (IPV4_GET_MF(p) != mf) goto error; if (IPV4_GET_IPTTL(p) != ttl) goto error; if (IPV4_GET_IPPROTO(p) != IPPROTO_ICMP) goto error; return p; error: if (p != NULL) SCFree(p); return NULL; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,113385331187683,1 1584,CWE-476,"static int hash_accept(struct socket *sock, struct socket *newsock, int flags) { struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct hash_ctx *ctx = ask->private; struct ahash_request *req = &ctx->req; char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req))]; struct sock *sk2; struct alg_sock *ask2; struct hash_ctx *ctx2; int err; err = crypto_ahash_export(req, state); if (err) return err; err = af_alg_accept(ask->parent, newsock); if (err) return err; sk2 = newsock->sk; ask2 = alg_sk(sk2); ctx2 = ask2->private; ctx2->more = 1; err = crypto_ahash_import(&ctx2->req, state); if (err) { sock_orphan(sk2); sock_put(sk2); } return err; }",visit repo url,crypto/algif_hash.c,https://github.com/torvalds/linux,136965059704135,1 2043,['CWE-269'],"void mntput_no_expire(struct vfsmount *mnt) { repeat: if (atomic_dec_and_lock(&mnt->mnt_count, &vfsmount_lock)) { if (likely(!mnt->mnt_pinned)) { spin_unlock(&vfsmount_lock); __mntput(mnt); return; } atomic_add(mnt->mnt_pinned + 1, &mnt->mnt_count); mnt->mnt_pinned = 0; spin_unlock(&vfsmount_lock); acct_auto_close_mnt(mnt); security_sb_umount_close(mnt); goto repeat; } }",linux-2.6,,,271266010144417691609174322700149768897,0 453,CWE-416,"void usb_serial_console_disconnect(struct usb_serial *serial) { if (serial->port[0] == usbcons_info.port) { usb_serial_console_exit(); usb_serial_put(serial); } }",visit repo url,drivers/usb/serial/console.c,https://github.com/torvalds/linux,40536348728648,1 3518,CWE-20,"static int read_fragment_table(long long *directory_table_end) { int res, i; int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); long long fragment_table_index[indexes]; TRACE(""read_fragment_table: %d fragments, reading %d fragment indexes "" ""from 0x%llx\n"", sBlk.s.fragments, indexes, sBlk.s.fragment_table_start); if(sBlk.s.fragments == 0) { *directory_table_end = sBlk.s.fragment_table_start; return TRUE; } fragment_table = malloc(bytes); if(fragment_table == NULL) EXIT_UNSQUASH(""read_fragment_table: failed to allocate "" ""fragment table\n""); res = read_fs_bytes(fd, sBlk.s.fragment_table_start, SQUASHFS_FRAGMENT_INDEX_BYTES(sBlk.s.fragments), fragment_table_index); if(res == FALSE) { ERROR(""read_fragment_table: failed to read fragment table "" ""index\n""); return FALSE; } SQUASHFS_INSWAP_FRAGMENT_INDEXES(fragment_table_index, indexes); for(i = 0; i < indexes; i++) { int expected = (i + 1) != indexes ? SQUASHFS_METADATA_SIZE : bytes & (SQUASHFS_METADATA_SIZE - 1); int length = read_block(fd, fragment_table_index[i], NULL, expected, ((char *) fragment_table) + (i * SQUASHFS_METADATA_SIZE)); TRACE(""Read fragment table block %d, from 0x%llx, length %d\n"", i, fragment_table_index[i], length); if(length == FALSE) { ERROR(""read_fragment_table: failed to read fragment "" ""table index\n""); return FALSE; } } for(i = 0; i < sBlk.s.fragments; i++) SQUASHFS_INSWAP_FRAGMENT_ENTRY(&fragment_table[i]); *directory_table_end = fragment_table_index[0]; return TRUE; }",visit repo url,squashfs-tools/unsquash-4.c,https://github.com/plougher/squashfs-tools,269866167980227,1 4424,['CWE-264']," __releases(proto_list_lock) { read_unlock(&proto_list_lock); }",linux-2.6,,,135929625619426358424396658651520272831,0 3880,CWE-78,"f_writefile(typval_T *argvars, typval_T *rettv) { int binary = FALSE; int append = FALSE; #ifdef HAVE_FSYNC int do_fsync = p_fs; #endif char_u *fname; FILE *fd; int ret = 0; listitem_T *li; list_T *list = NULL; blob_T *blob = NULL; rettv->vval.v_number = -1; if (check_restricted() || check_secure()) return; if (argvars[0].v_type == VAR_LIST) { list = argvars[0].vval.v_list; if (list == NULL) return; for (li = list->lv_first; li != NULL; li = li->li_next) if (tv_get_string_chk(&li->li_tv) == NULL) return; } else if (argvars[0].v_type == VAR_BLOB) { blob = argvars[0].vval.v_blob; if (blob == NULL) return; } else { semsg(_(e_invarg2), ""writefile()""); return; } if (argvars[2].v_type != VAR_UNKNOWN) { char_u *arg2 = tv_get_string_chk(&argvars[2]); if (arg2 == NULL) return; if (vim_strchr(arg2, 'b') != NULL) binary = TRUE; if (vim_strchr(arg2, 'a') != NULL) append = TRUE; #ifdef HAVE_FSYNC if (vim_strchr(arg2, 's') != NULL) do_fsync = TRUE; else if (vim_strchr(arg2, 'S') != NULL) do_fsync = FALSE; #endif } fname = tv_get_string_chk(&argvars[1]); if (fname == NULL) return; if (*fname == NUL || (fd = mch_fopen((char *)fname, append ? APPENDBIN : WRITEBIN)) == NULL) { semsg(_(e_notcreate), *fname == NUL ? (char_u *)_("""") : fname); ret = -1; } else if (blob) { if (write_blob(fd, blob) == FAIL) ret = -1; #ifdef HAVE_FSYNC else if (do_fsync) vim_ignored = fsync(fileno(fd)); #endif fclose(fd); } else { if (write_list(fd, list, binary) == FAIL) ret = -1; #ifdef HAVE_FSYNC else if (do_fsync) vim_ignored = fsync(fileno(fd)); #endif fclose(fd); } rettv->vval.v_number = ret; }",visit repo url,src/evalfunc.c,https://github.com/vim/vim,14002726249085,1 4549,CWE-369,"Bool naludmx_create_avc_decoder_config(GF_NALUDmxCtx *ctx, u8 **dsi, u32 *dsi_size, u8 **dsi_enh, u32 *dsi_enh_size, u32 *max_width, u32 *max_height, u32 *max_enh_width, u32 *max_enh_height, GF_Fraction *sar) { u32 i, count; Bool first = GF_TRUE; Bool first_svc = GF_TRUE; GF_AVCConfig *cfg; GF_AVCConfig *avcc; GF_AVCConfig *svcc; u32 max_w, max_h, max_ew, max_eh; max_w = max_h = max_ew = max_eh = 0; sar->num = sar->den = 0; if (!ctx->analyze && (!gf_list_count(ctx->sps) || !gf_list_count(ctx->pps))) return GF_FALSE; avcc = gf_odf_avc_cfg_new(); svcc = gf_odf_avc_cfg_new(); avcc->nal_unit_size = ctx->nal_length; svcc->nal_unit_size = ctx->nal_length; ctx->is_mvc = GF_FALSE; count = gf_list_count(ctx->sps); for (i=0; isps, i); AVC_SPS *sps = &ctx->avc_state->sps[sl->id]; u32 nal_type = sl->data[0] & 0x1F; if ((sps->profile_idc == 118) || (sps->profile_idc == 128)) { ctx->is_mvc = GF_TRUE; } if (ctx->explicit) { cfg = svcc; } else if (nal_type == GF_AVC_NALU_SVC_SUBSEQ_PARAM) { cfg = svcc; is_svc = GF_TRUE; } else { cfg = avcc; } if (first || (is_svc && first_svc) ) { cfg->configurationVersion = 1; cfg->profile_compatibility = sps->prof_compat; cfg->AVCProfileIndication = sps->profile_idc; cfg->AVCLevelIndication = sps->level_idc; cfg->chroma_format = sps->chroma_format; cfg->luma_bit_depth = 8 + sps->luma_bit_depth_m8; cfg->chroma_bit_depth = 8 + sps->chroma_bit_depth_m8; if (!gf_avcc_use_extensions(cfg->AVCProfileIndication) && ((cfg->chroma_format>1) || (cfg->luma_bit_depth>8) || (cfg->chroma_bit_depth>8)) ) { if ((cfg->luma_bit_depth>8) || (cfg->chroma_bit_depth>8)) { cfg->AVCProfileIndication = 110; } else { cfg->AVCProfileIndication = (cfg->chroma_format==3) ? 244 : 122; } } if (sps->vui_parameters_present_flag && sps->vui.par_num && sps->vui.par_den) { sar->num = sps->vui.par_num; sar->den = sps->vui.par_den; } ctx->interlaced = sps->frame_mbs_only_flag ? GF_FALSE : GF_TRUE; if (first && (!ctx->fps.num || !ctx->fps.den) && sps->vui.timing_info_present_flag && (sps->vui.time_scale <= 1000*sps->vui.num_units_in_tick) ) { u8 DeltaTfiDivisorIdx; if (!sps->vui.pic_struct_present_flag) { DeltaTfiDivisorIdx = 1 + (1 - ctx->avc_state->s_info.field_pic_flag); } else { if (!ctx->avc_state->sei.pic_timing.pic_struct) DeltaTfiDivisorIdx = 2; else if (ctx->avc_state->sei.pic_timing.pic_struct == 8) DeltaTfiDivisorIdx = 6; else DeltaTfiDivisorIdx = (ctx->avc_state->sei.pic_timing.pic_struct+1) / 2; } if (ctx->notime && sps->vui.time_scale && sps->vui.num_units_in_tick) { ctx->cur_fps.num = 2 * sps->vui.time_scale; ctx->cur_fps.den = 2 * sps->vui.num_units_in_tick * DeltaTfiDivisorIdx; if (!ctx->fps.num && ctx->dts==ctx->fps.den) ctx->dts = ctx->cur_fps.den; } if (! sps->vui.fixed_frame_rate_flag) GF_LOG(GF_LOG_INFO, GF_LOG_MEDIA, (""[%s] Possible Variable Frame Rate: VUI \""fixed_frame_rate_flag\"" absent\n"", ctx->log_name)); } ctx->fps = ctx->cur_fps; } first = GF_FALSE; if (is_svc) { first_svc = GF_FALSE; if (sps->width > max_ew) max_ew = sps->width; if (sps->height > max_eh) max_eh = sps->height; } else { if (sps->width > max_w) max_w = sps->width; if (sps->height > max_h) max_h = sps->height; } if (!ctx->analyze) gf_list_add(cfg->sequenceParameterSets, sl); } cfg = ctx->explicit ? svcc : avcc; count = gf_list_count(ctx->sps_ext); for (i=0; isps_ext, i); if (!cfg->sequenceParameterSetExtensions) cfg->sequenceParameterSetExtensions = gf_list_new(); if (!ctx->analyze) gf_list_add(cfg->sequenceParameterSetExtensions, sl); } cfg = ctx->explicit ? svcc : avcc; count = gf_list_count(ctx->pps); for (i=0; ipps, i); if (!ctx->analyze) gf_list_add(cfg->pictureParameterSets, sl); } cfg = svcc; count = gf_list_count(ctx->pps_svc); for (i=0; ipps_svc, i); if (!ctx->analyze) gf_list_add(cfg->pictureParameterSets, sl); } *dsi = *dsi_enh = NULL; *dsi_size = *dsi_enh_size = 0; if (ctx->explicit) { gf_odf_avc_cfg_write(svcc, dsi, dsi_size); } else { gf_odf_avc_cfg_write(avcc, dsi, dsi_size); if (gf_list_count(svcc->sequenceParameterSets) || svcc->sequenceParameterSetExtensions) { gf_odf_avc_cfg_write(svcc, dsi_enh, dsi_enh_size); } } gf_list_reset(avcc->sequenceParameterSets); gf_list_reset(avcc->sequenceParameterSetExtensions); gf_list_reset(avcc->pictureParameterSets); gf_list_reset(svcc->sequenceParameterSets); gf_list_reset(svcc->sequenceParameterSetExtensions); gf_list_reset(svcc->pictureParameterSets); gf_odf_avc_cfg_del(avcc); gf_odf_avc_cfg_del(svcc); *max_width = max_w; *max_height = max_h; *max_enh_width = max_ew; *max_enh_height = max_eh; return GF_TRUE; }",visit repo url,src/filters/reframe_nalu.c,https://github.com/gpac/gpac,147336769734832,1 4078,['CWE-399'],"static int svc_release(struct socket *sock) { struct sock *sk = sock->sk; struct atm_vcc *vcc; if (sk) { vcc = ATM_SD(sock); pr_debug(""svc_release %p\n"", vcc); clear_bit(ATM_VF_READY, &vcc->flags); svc_disconnect(vcc); vcc_release(sock); } return 0; }",linux-2.6,,,279908359054969505555117552412984277477,0 2024,CWE-476,"static void clear_evtchn_to_irq_row(unsigned row) { unsigned col; for (col = 0; col < EVTCHN_PER_ROW; col++) evtchn_to_irq[row][col] = -1; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,272758822395205,1 2723,CWE-415,"static void _php_mb_regex_globals_dtor(zend_mb_regex_globals *pglobals TSRMLS_DC) { zend_hash_destroy(&pglobals->ht_rc); }",visit repo url,ext/mbstring/php_mbregex.c,https://github.com/php/php-src,10998759320345,1 5292,CWE-190,"TEE_Result syscall_cryp_derive_key(unsigned long state, const struct utee_attribute *usr_params, unsigned long param_count, unsigned long derived_key) { TEE_Result res = TEE_ERROR_NOT_SUPPORTED; struct tee_ta_session *sess; struct tee_obj *ko; struct tee_obj *so; struct tee_cryp_state *cs; struct tee_cryp_obj_secret *sk; const struct tee_cryp_obj_type_props *type_props; TEE_Attribute *params = NULL; struct user_ta_ctx *utc; res = tee_ta_get_current_session(&sess); if (res != TEE_SUCCESS) return res; utc = to_user_ta_ctx(sess->ctx); res = tee_svc_cryp_get_state(sess, tee_svc_uref_to_vaddr(state), &cs); if (res != TEE_SUCCESS) return res; params = malloc(sizeof(TEE_Attribute) * param_count); if (!params) return TEE_ERROR_OUT_OF_MEMORY; res = copy_in_attrs(utc, usr_params, param_count, params); if (res != TEE_SUCCESS) goto out; res = tee_obj_get(utc, cs->key1, &ko); if (res != TEE_SUCCESS) goto out; res = tee_obj_get(utc, tee_svc_uref_to_vaddr(derived_key), &so); if (res != TEE_SUCCESS) goto out; sk = so->attr; type_props = tee_svc_find_type_props(so->info.objectType); if (!type_props) { res = TEE_ERROR_NOT_SUPPORTED; goto out; } if (cs->algo == TEE_ALG_DH_DERIVE_SHARED_SECRET) { size_t alloc_size; struct bignum *pub; struct bignum *ss; if (param_count != 1 || params[0].attributeID != TEE_ATTR_DH_PUBLIC_VALUE) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } alloc_size = params[0].content.ref.length * 8; pub = crypto_bignum_allocate(alloc_size); ss = crypto_bignum_allocate(alloc_size); if (pub && ss) { crypto_bignum_bin2bn(params[0].content.ref.buffer, params[0].content.ref.length, pub); res = crypto_acipher_dh_shared_secret(ko->attr, pub, ss); if (res == TEE_SUCCESS) { sk->key_size = crypto_bignum_num_bytes(ss); crypto_bignum_bn2bin(ss, (uint8_t *)(sk + 1)); so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } } else { res = TEE_ERROR_OUT_OF_MEMORY; } crypto_bignum_free(pub); crypto_bignum_free(ss); } else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_ECDH) { size_t alloc_size; struct ecc_public_key key_public; uint8_t *pt_secret; unsigned long pt_secret_len; if (param_count != 2 || params[0].attributeID != TEE_ATTR_ECC_PUBLIC_VALUE_X || params[1].attributeID != TEE_ATTR_ECC_PUBLIC_VALUE_Y) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } switch (cs->algo) { case TEE_ALG_ECDH_P192: alloc_size = 192; break; case TEE_ALG_ECDH_P224: alloc_size = 224; break; case TEE_ALG_ECDH_P256: alloc_size = 256; break; case TEE_ALG_ECDH_P384: alloc_size = 384; break; case TEE_ALG_ECDH_P521: alloc_size = 521; break; default: res = TEE_ERROR_NOT_IMPLEMENTED; goto out; } res = crypto_acipher_alloc_ecc_public_key(&key_public, alloc_size); if (res != TEE_SUCCESS) goto out; key_public.curve = ((struct ecc_keypair *)ko->attr)->curve; crypto_bignum_bin2bn(params[0].content.ref.buffer, params[0].content.ref.length, key_public.x); crypto_bignum_bin2bn(params[1].content.ref.buffer, params[1].content.ref.length, key_public.y); pt_secret = (uint8_t *)(sk + 1); pt_secret_len = sk->alloc_size; res = crypto_acipher_ecc_shared_secret(ko->attr, &key_public, pt_secret, &pt_secret_len); if (res == TEE_SUCCESS) { sk->key_size = pt_secret_len; so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } crypto_acipher_free_ecc_public_key(&key_public); } #if defined(CFG_CRYPTO_HKDF) else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_HKDF) { void *salt, *info; size_t salt_len, info_len, okm_len; uint32_t hash_id = TEE_ALG_GET_DIGEST_HASH(cs->algo); struct tee_cryp_obj_secret *ik = ko->attr; const uint8_t *ikm = (const uint8_t *)(ik + 1); res = get_hkdf_params(params, param_count, &salt, &salt_len, &info, &info_len, &okm_len); if (res != TEE_SUCCESS) goto out; if (okm_len > ik->alloc_size) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } res = tee_cryp_hkdf(hash_id, ikm, ik->key_size, salt, salt_len, info, info_len, (uint8_t *)(sk + 1), okm_len); if (res == TEE_SUCCESS) { sk->key_size = okm_len; so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } } #endif #if defined(CFG_CRYPTO_CONCAT_KDF) else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_CONCAT_KDF) { void *info; size_t info_len, derived_key_len; uint32_t hash_id = TEE_ALG_GET_DIGEST_HASH(cs->algo); struct tee_cryp_obj_secret *ss = ko->attr; const uint8_t *shared_secret = (const uint8_t *)(ss + 1); res = get_concat_kdf_params(params, param_count, &info, &info_len, &derived_key_len); if (res != TEE_SUCCESS) goto out; if (derived_key_len > ss->alloc_size) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } res = tee_cryp_concat_kdf(hash_id, shared_secret, ss->key_size, info, info_len, (uint8_t *)(sk + 1), derived_key_len); if (res == TEE_SUCCESS) { sk->key_size = derived_key_len; so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } } #endif #if defined(CFG_CRYPTO_PBKDF2) else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_PBKDF2) { void *salt; size_t salt_len, iteration_count, derived_key_len; uint32_t hash_id = TEE_ALG_GET_DIGEST_HASH(cs->algo); struct tee_cryp_obj_secret *ss = ko->attr; const uint8_t *password = (const uint8_t *)(ss + 1); res = get_pbkdf2_params(params, param_count, &salt, &salt_len, &derived_key_len, &iteration_count); if (res != TEE_SUCCESS) goto out; if (derived_key_len > ss->alloc_size) { res = TEE_ERROR_BAD_PARAMETERS; goto out; } res = tee_cryp_pbkdf2(hash_id, password, ss->key_size, salt, salt_len, iteration_count, (uint8_t *)(sk + 1), derived_key_len); if (res == TEE_SUCCESS) { sk->key_size = derived_key_len; so->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; set_attribute(so, type_props, TEE_ATTR_SECRET_VALUE); } } #endif else res = TEE_ERROR_NOT_SUPPORTED; out: free(params); return res; }",visit repo url,core/tee/tee_svc_cryp.c,https://github.com/OP-TEE/optee_os,147387645842528,1 2789,['CWE-264'],"send_complete( struct net_local *nl ) { #ifdef CONFIG_SBNI_MULTILINE ((struct net_local *) nl->master->priv)->stats.tx_packets++; ((struct net_local *) nl->master->priv)->stats.tx_bytes += nl->tx_buf_p->len; #else nl->stats.tx_packets++; nl->stats.tx_bytes += nl->tx_buf_p->len; #endif dev_kfree_skb_irq( nl->tx_buf_p ); nl->tx_buf_p = NULL; nl->outpos = 0; nl->state &= ~(FL_WAIT_ACK | FL_NEED_RESEND); nl->framelen = 0; }",linux-2.6,,,51832587408821347730143461170254861332,0 3741,[],"static inline int unix_recvq_full(struct sock const *sk) { return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog; }",linux-2.6,,,340262675419134094728052886444716788940,0 5353,CWE-787,"int main(int argc, char **argv) { int i, n_valid, do_write, do_scrub; char *c, *dname, *name; DIR *dir; FILE *fp; pdf_t *pdf; pdf_flag_t flags; if (argc < 2) usage(); do_write = do_scrub = flags = 0; name = NULL; for (i=1; in_xrefs; i++) if (pdf->xrefs[i].version) ++n_valid; if (n_valid < 2) { if (!(flags & (PDF_FLAG_QUIET | PDF_FLAG_DISP_CREATOR))) printf(""%s: There is only one version of this PDF\n"", pdf->name); if (do_write) { fclose(fp); pdf_delete(pdf); return 0; } } dname = NULL; if (do_write) { if ((c = strrchr(name, '/'))) name = c + 1; if ((c = strrchr(name, '.'))) *c = '\0'; dname = malloc(strlen(name) + 16); sprintf(dname, ""%s-versions"", name); if (!(dir = opendir(dname))) mkdir(dname, S_IRWXU); else { ERR(""This directory already exists, PDF version extraction will "" ""not occur.\n""); fclose(fp); closedir(dir); free(dname); pdf_delete(pdf); return -1; } for (i=0; in_xrefs; i++) if (pdf->xrefs[i].version) write_version(fp, name, dname, &pdf->xrefs[i]); } pdf_summarize(fp, pdf, dname, flags); if (do_scrub) scrub_document(fp, pdf); if (flags & PDF_FLAG_DISP_CREATOR) display_creator(fp, pdf); fclose(fp); free(dname); pdf_delete(pdf); return 0; }",visit repo url,main.c,https://github.com/enferex/pdfresurrect,30483352655417,1 6025,CWE-787,"input_csi_dispatch_sgr_colon(struct input_ctx *ictx, u_int i) { struct grid_cell *gc = &ictx->cell.cell; char *s = ictx->param_list[i].str, *copy, *ptr, *out; int p[8]; u_int n; const char *errstr; for (n = 0; n < nitems(p); n++) p[n] = -1; n = 0; ptr = copy = xstrdup(s); while ((out = strsep(&ptr, "":"")) != NULL) { if (*out != '\0') { p[n++] = strtonum(out, 0, INT_MAX, &errstr); if (errstr != NULL || n == nitems(p)) { free(copy); return; } } else n++; log_debug(""%s: %u = %d"", __func__, n - 1, p[n - 1]); } free(copy); if (n == 0) return; if (p[0] == 4) { if (n != 2) return; switch (p[1]) { case 0: gc->attr &= ~GRID_ATTR_ALL_UNDERSCORE; break; case 1: gc->attr &= ~GRID_ATTR_ALL_UNDERSCORE; gc->attr |= GRID_ATTR_UNDERSCORE; break; case 2: gc->attr &= ~GRID_ATTR_ALL_UNDERSCORE; gc->attr |= GRID_ATTR_UNDERSCORE_2; break; case 3: gc->attr &= ~GRID_ATTR_ALL_UNDERSCORE; gc->attr |= GRID_ATTR_UNDERSCORE_3; break; case 4: gc->attr &= ~GRID_ATTR_ALL_UNDERSCORE; gc->attr |= GRID_ATTR_UNDERSCORE_4; break; case 5: gc->attr &= ~GRID_ATTR_ALL_UNDERSCORE; gc->attr |= GRID_ATTR_UNDERSCORE_5; break; } return; } if (n < 2 || (p[0] != 38 && p[0] != 48 && p[0] != 58)) return; switch (p[1]) { case 2: if (n < 3) break; if (n == 5) i = 2; else i = 3; if (n < i + 3) break; input_csi_dispatch_sgr_rgb_do(ictx, p[0], p[i], p[i + 1], p[i + 2]); break; case 5: if (n < 3) break; input_csi_dispatch_sgr_256_do(ictx, p[0], p[2]); break; } }",visit repo url,input.c,https://github.com/tmux/tmux,238630743738396,1 4108,['CWE-399'],"static void bsg_add_command(struct bsg_device *bd, struct request_queue *q, struct bsg_command *bc, struct request *rq) { rq->sense = bc->sense; rq->sense_len = 0; bc->rq = rq; bc->bio = rq->bio; if (rq->next_rq) bc->bidi_bio = rq->next_rq->bio; bc->hdr.duration = jiffies; spin_lock_irq(&bd->lock); list_add_tail(&bc->list, &bd->busy_list); spin_unlock_irq(&bd->lock); dprintk(""%s: queueing rq %p, bc %p\n"", bd->name, rq, bc); rq->end_io_data = bc; blk_execute_rq_nowait(q, NULL, rq, 1, bsg_rq_end_io); }",linux-2.6,,,260062436724140059203076259162628650936,0 5369,CWE-125,"int modbus_reply(modbus_t *ctx, const uint8_t *req, int req_length, modbus_mapping_t *mb_mapping) { int offset; int slave; int function; uint16_t address; uint8_t rsp[MAX_MESSAGE_LENGTH]; int rsp_length = 0; sft_t sft; if (ctx == NULL) { errno = EINVAL; return -1; } offset = ctx->backend->header_length; slave = req[offset - 1]; function = req[offset]; address = (req[offset + 1] << 8) + req[offset + 2]; sft.slave = slave; sft.function = function; sft.t_id = ctx->backend->prepare_response_tid(req, &req_length); switch (function) { case MODBUS_FC_READ_COILS: case MODBUS_FC_READ_DISCRETE_INPUTS: { unsigned int is_input = (function == MODBUS_FC_READ_DISCRETE_INPUTS); int start_bits = is_input ? mb_mapping->start_input_bits : mb_mapping->start_bits; int nb_bits = is_input ? mb_mapping->nb_input_bits : mb_mapping->nb_bits; uint8_t *tab_bits = is_input ? mb_mapping->tab_input_bits : mb_mapping->tab_bits; const char * const name = is_input ? ""read_input_bits"" : ""read_bits""; int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - start_bits; if (nb < 1 || MODBUS_MAX_READ_BITS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal nb of values %d in %s (max %d)\n"", nb, name, MODBUS_MAX_READ_BITS); } else if (mapping_address < 0 || (mapping_address + nb) > nb_bits) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in %s\n"", mapping_address < 0 ? address : address + nb, name); } else { rsp_length = ctx->backend->build_response_basis(&sft, rsp); rsp[rsp_length++] = (nb / 8) + ((nb % 8) ? 1 : 0); rsp_length = response_io_status(tab_bits, mapping_address, nb, rsp, rsp_length); } } break; case MODBUS_FC_READ_HOLDING_REGISTERS: case MODBUS_FC_READ_INPUT_REGISTERS: { unsigned int is_input = (function == MODBUS_FC_READ_INPUT_REGISTERS); int start_registers = is_input ? mb_mapping->start_input_registers : mb_mapping->start_registers; int nb_registers = is_input ? mb_mapping->nb_input_registers : mb_mapping->nb_registers; uint16_t *tab_registers = is_input ? mb_mapping->tab_input_registers : mb_mapping->tab_registers; const char * const name = is_input ? ""read_input_registers"" : ""read_registers""; int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - start_registers; if (nb < 1 || MODBUS_MAX_READ_REGISTERS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal nb of values %d in %s (max %d)\n"", nb, name, MODBUS_MAX_READ_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in %s\n"", mapping_address < 0 ? address : address + nb, name); } else { int i; rsp_length = ctx->backend->build_response_basis(&sft, rsp); rsp[rsp_length++] = nb << 1; for (i = mapping_address; i < mapping_address + nb; i++) { rsp[rsp_length++] = tab_registers[i] >> 8; rsp[rsp_length++] = tab_registers[i] & 0xFF; } } } break; case MODBUS_FC_WRITE_SINGLE_COIL: { int mapping_address = address - mb_mapping->start_bits; if (mapping_address < 0 || mapping_address >= mb_mapping->nb_bits) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_bit\n"", address); } else { int data = (req[offset + 3] << 8) + req[offset + 4]; if (data == 0xFF00 || data == 0x0) { mb_mapping->tab_bits[mapping_address] = data ? ON : OFF; memcpy(rsp, req, req_length); rsp_length = req_length; } else { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, FALSE, ""Illegal data value 0x%0X in write_bit request at address %0X\n"", data, address); } } } break; case MODBUS_FC_WRITE_SINGLE_REGISTER: { int mapping_address = address - mb_mapping->start_registers; if (mapping_address < 0 || mapping_address >= mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_register\n"", address); } else { int data = (req[offset + 3] << 8) + req[offset + 4]; mb_mapping->tab_registers[mapping_address] = data; memcpy(rsp, req, req_length); rsp_length = req_length; } } break; case MODBUS_FC_WRITE_MULTIPLE_COILS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - mb_mapping->start_bits; if (nb < 1 || MODBUS_MAX_WRITE_BITS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal number of values %d in write_bits (max %d)\n"", nb, MODBUS_MAX_WRITE_BITS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_bits) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_bits\n"", mapping_address < 0 ? address : address + nb); } else { modbus_set_bits_from_bytes(mb_mapping->tab_bits, mapping_address, nb, &req[offset + 6]); rsp_length = ctx->backend->build_response_basis(&sft, rsp); memcpy(rsp + rsp_length, req + rsp_length, 4); rsp_length += 4; } } break; case MODBUS_FC_WRITE_MULTIPLE_REGISTERS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; int mapping_address = address - mb_mapping->start_registers; if (nb < 1 || MODBUS_MAX_WRITE_REGISTERS < nb) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal number of values %d in write_registers (max %d)\n"", nb, MODBUS_MAX_WRITE_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_registers\n"", mapping_address < 0 ? address : address + nb); } else { int i, j; for (i = mapping_address, j = 6; i < mapping_address + nb; i++, j += 2) { mb_mapping->tab_registers[i] = (req[offset + j] << 8) + req[offset + j + 1]; } rsp_length = ctx->backend->build_response_basis(&sft, rsp); memcpy(rsp + rsp_length, req + rsp_length, 4); rsp_length += 4; } } break; case MODBUS_FC_REPORT_SLAVE_ID: { int str_len; int byte_count_pos; rsp_length = ctx->backend->build_response_basis(&sft, rsp); byte_count_pos = rsp_length++; rsp[rsp_length++] = _REPORT_SLAVE_ID; rsp[rsp_length++] = 0xFF; str_len = 3 + strlen(LIBMODBUS_VERSION_STRING); memcpy(rsp + rsp_length, ""LMB"" LIBMODBUS_VERSION_STRING, str_len); rsp_length += str_len; rsp[byte_count_pos] = rsp_length - byte_count_pos - 1; } break; case MODBUS_FC_READ_EXCEPTION_STATUS: if (ctx->debug) { fprintf(stderr, ""FIXME Not implemented\n""); } errno = ENOPROTOOPT; return -1; break; case MODBUS_FC_MASK_WRITE_REGISTER: { int mapping_address = address - mb_mapping->start_registers; if (mapping_address < 0 || mapping_address >= mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data address 0x%0X in write_register\n"", address); } else { uint16_t data = mb_mapping->tab_registers[mapping_address]; uint16_t and = (req[offset + 3] << 8) + req[offset + 4]; uint16_t or = (req[offset + 5] << 8) + req[offset + 6]; data = (data & and) | (or & (~and)); mb_mapping->tab_registers[mapping_address] = data; memcpy(rsp, req, req_length); rsp_length = req_length; } } break; case MODBUS_FC_WRITE_AND_READ_REGISTERS: { int nb = (req[offset + 3] << 8) + req[offset + 4]; uint16_t address_write = (req[offset + 5] << 8) + req[offset + 6]; int nb_write = (req[offset + 7] << 8) + req[offset + 8]; int nb_write_bytes = req[offset + 9]; int mapping_address = address - mb_mapping->start_registers; int mapping_address_write = address_write - mb_mapping->start_registers; if (nb_write < 1 || MODBUS_MAX_WR_WRITE_REGISTERS < nb_write || nb < 1 || MODBUS_MAX_WR_READ_REGISTERS < nb || nb_write_bytes != nb_write * 2) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_VALUE, rsp, TRUE, ""Illegal nb of values (W%d, R%d) in write_and_read_registers (max W%d, R%d)\n"", nb_write, nb, MODBUS_MAX_WR_WRITE_REGISTERS, MODBUS_MAX_WR_READ_REGISTERS); } else if (mapping_address < 0 || (mapping_address + nb) > mb_mapping->nb_registers || mapping_address < 0 || (mapping_address_write + nb_write) > mb_mapping->nb_registers) { rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_DATA_ADDRESS, rsp, FALSE, ""Illegal data read address 0x%0X or write address 0x%0X write_and_read_registers\n"", mapping_address < 0 ? address : address + nb, mapping_address_write < 0 ? address_write : address_write + nb_write); } else { int i, j; rsp_length = ctx->backend->build_response_basis(&sft, rsp); rsp[rsp_length++] = nb << 1; for (i = mapping_address_write, j = 10; i < mapping_address_write + nb_write; i++, j += 2) { mb_mapping->tab_registers[i] = (req[offset + j] << 8) + req[offset + j + 1]; } for (i = mapping_address; i < mapping_address + nb; i++) { rsp[rsp_length++] = mb_mapping->tab_registers[i] >> 8; rsp[rsp_length++] = mb_mapping->tab_registers[i] & 0xFF; } } } break; default: rsp_length = response_exception( ctx, &sft, MODBUS_EXCEPTION_ILLEGAL_FUNCTION, rsp, TRUE, ""Unknown Modbus function code: 0x%0X\n"", function); break; } return (ctx->backend->backend_type == _MODBUS_BACKEND_TYPE_RTU && slave == MODBUS_BROADCAST_ADDRESS) ? 0 : send_msg(ctx, rsp, rsp_length); }",visit repo url,src/modbus.c,https://github.com/stephane/libmodbus,143864198595027,1 1336,['CWE-399'],"static inline struct ip_tunnel **ipip6_bucket(struct sit_net *sitn, struct ip_tunnel *t) { return __ipip6_bucket(sitn, &t->parms); }",linux-2.6,,,69572436814902154816300902844182694557,0 1111,CWE-362,"void ip_options_build(struct sk_buff * skb, struct ip_options * opt, __be32 daddr, struct rtable *rt, int is_frag) { unsigned char *iph = skb_network_header(skb); memcpy(&(IPCB(skb)->opt), opt, sizeof(struct ip_options)); memcpy(iph+sizeof(struct iphdr), opt->__data, opt->optlen); opt = &(IPCB(skb)->opt); if (opt->srr) memcpy(iph+opt->srr+iph[opt->srr+1]-4, &daddr, 4); if (!is_frag) { if (opt->rr_needaddr) ip_rt_get_source(iph+opt->rr+iph[opt->rr+2]-5, rt); if (opt->ts_needaddr) ip_rt_get_source(iph+opt->ts+iph[opt->ts+2]-9, rt); if (opt->ts_needtime) { struct timespec tv; __be32 midtime; getnstimeofday(&tv); midtime = htonl((tv.tv_sec % 86400) * MSEC_PER_SEC + tv.tv_nsec / NSEC_PER_MSEC); memcpy(iph+opt->ts+iph[opt->ts+2]-5, &midtime, 4); } return; } if (opt->rr) { memset(iph+opt->rr, IPOPT_NOP, iph[opt->rr+1]); opt->rr = 0; opt->rr_needaddr = 0; } if (opt->ts) { memset(iph+opt->ts, IPOPT_NOP, iph[opt->ts+1]); opt->ts = 0; opt->ts_needaddr = opt->ts_needtime = 0; } }",visit repo url,net/ipv4/ip_options.c,https://github.com/torvalds/linux,21793410306060,1 3268,CWE-125,"rpki_rtr_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) { u_int tlen, pdu_type, pdu_len; const u_char *tptr; const rpki_rtr_pdu *pdu_header; tptr = pptr; tlen = len; if (!ndo->ndo_vflag) { ND_PRINT((ndo, "", RPKI-RTR"")); return; } while (tlen >= sizeof(rpki_rtr_pdu)) { ND_TCHECK2(*tptr, sizeof(rpki_rtr_pdu)); pdu_header = (const rpki_rtr_pdu *)tptr; pdu_type = pdu_header->pdu_type; pdu_len = EXTRACT_32BITS(pdu_header->length); ND_TCHECK2(*tptr, pdu_len); if (!pdu_type || !pdu_len) { break; } if (tlen < pdu_len) { goto trunc; } if (rpki_rtr_pdu_print(ndo, tptr, 8)) goto trunc; tlen -= pdu_len; tptr += pdu_len; } return; trunc: ND_PRINT((ndo, ""\n\t%s"", tstr)); }",visit repo url,print-rpki-rtr.c,https://github.com/the-tcpdump-group/tcpdump,257037913844024,1 4954,CWE-787,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 3522,CWE-476,"static int bmp_getint32(jas_stream_t *in, int_fast32_t *val) { int n; uint_fast32_t v; int c; for (n = 4, v = 0;;) { if ((c = jas_stream_getc(in)) == EOF) { return -1; } v |= (c << 24); if (--n <= 0) { break; } v >>= 8; } if (val) { *val = v; } return 0; }",visit repo url,src/libjasper/bmp/bmp_dec.c,https://github.com/mdadams/jasper,245608727213403,1 6168,['CWE-200'],"void *neigh_seq_next(struct seq_file *seq, void *v, loff_t *pos) { struct neigh_seq_state *state; void *rc; if (v == SEQ_START_TOKEN) { rc = neigh_get_idx(seq, pos); goto out; } state = seq->private; if (!(state->flags & NEIGH_SEQ_IS_PNEIGH)) { rc = neigh_get_next(seq, v, NULL); if (rc) goto out; if (!(state->flags & NEIGH_SEQ_NEIGH_ONLY)) rc = pneigh_get_first(seq); } else { BUG_ON(state->flags & NEIGH_SEQ_NEIGH_ONLY); rc = pneigh_get_next(seq, v, NULL); } out: ++(*pos); return rc; }",linux-2.6,,,84128681886761979828729172264192723954,0 3145,CWE-125,"static u16 read_16(cdk_stream_t s) { byte buf[2]; size_t nread; assert(s != NULL); stream_read(s, buf, 2, &nread); if (nread != 2) return (u16) - 1; return buf[0] << 8 | buf[1]; }",visit repo url,lib/opencdk/read-packet.c,https://gitlab.com/gnutls/gnutls,219335741155619,1 705,[],"static void jpc_ppm_destroyparms(jpc_ms_t *ms) { jpc_ppm_t *ppm = &ms->parms.ppm; if (ppm->data) { jas_free(ppm->data); } }",jasper,,,243158991813405307877957858461351419608,0 213,[],"static int atalk_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt) { struct ddpehdr *ddp; struct sock *sock; struct atalk_iface *atif; struct sockaddr_at tosat; int origlen; struct ddpebits ddphv; if (!(skb = skb_share_check(skb, GFP_ATOMIC))) goto out; if (!pskb_may_pull(skb, sizeof(*ddp))) goto freeit; ddp = ddp_hdr(skb); *((__u16 *)&ddphv) = ntohs(*((__u16 *)ddp)); origlen = skb->len; skb_trim(skb, min_t(unsigned int, skb->len, ddphv.deh_len)); if (skb->len < sizeof(*ddp)) goto freeit; if (ddp->deh_sum && atalk_checksum(skb, ddphv.deh_len) != ddp->deh_sum) goto freeit; if (!ddp->deh_dnet) atif = atalk_find_anynet(ddp->deh_dnode, dev); else atif = atalk_find_interface(ddp->deh_dnet, ddp->deh_dnode); if (!atif) { atalk_route_packet(skb, dev, ddp, &ddphv, origlen); goto out; } if (is_ip_over_ddp(skb)) return handle_ip_over_ddp(skb); tosat.sat_addr.s_net = ddp->deh_dnet; tosat.sat_addr.s_node = ddp->deh_dnode; tosat.sat_port = ddp->deh_dport; sock = atalk_search_socket(&tosat, atif); if (!sock) goto freeit; skb->sk = sock; if (sock_queue_rcv_skb(sock, skb) < 0) goto freeit; out: return 0; freeit: kfree_skb(skb); goto out; }",history,,,99753648447417508603236675579785500035,0 2821,[],"static int dio_bio_add_page(struct dio *dio) { int ret; ret = bio_add_page(dio->bio, dio->cur_page, dio->cur_page_len, dio->cur_page_offset); if (ret == dio->cur_page_len) { if ((dio->cur_page_len + dio->cur_page_offset) == PAGE_SIZE) dio->pages_in_io--; page_cache_get(dio->cur_page); dio->final_block_in_bio = dio->cur_page_block + (dio->cur_page_len >> dio->blkbits); ret = 0; } else { ret = 1; } return ret; }",linux-2.6,,,24449681947595907018930200455906165341,0 660,CWE-20,"static int hash_recvmsg(struct kiocb *unused, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct hash_ctx *ctx = ask->private; unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); int err; if (len > ds) len = ds; else if (len < ds) msg->msg_flags |= MSG_TRUNC; msg->msg_namelen = 0; lock_sock(sk); if (ctx->more) { ctx->more = 0; ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0); err = af_alg_wait_for_completion(crypto_ahash_final(&ctx->req), &ctx->completion); if (err) goto unlock; } err = memcpy_toiovec(msg->msg_iov, ctx->result, len); unlock: release_sock(sk); return err ?: len; }",visit repo url,crypto/algif_hash.c,https://github.com/torvalds/linux,98472359415908,1 4962,['CWE-20'],"static struct dentry *nfs_readdir_lookup(nfs_readdir_descriptor_t *desc) { struct dentry *parent = desc->file->f_path.dentry; struct inode *dir = parent->d_inode; struct nfs_entry *entry = desc->entry; struct dentry *dentry, *alias; struct qstr name = { .name = entry->name, .len = entry->len, }; struct inode *inode; switch (name.len) { case 2: if (name.name[0] == '.' && name.name[1] == '.') return dget_parent(parent); break; case 1: if (name.name[0] == '.') return dget(parent); } name.hash = full_name_hash(name.name, name.len); dentry = d_lookup(parent, &name); if (dentry != NULL) { if (dentry->d_inode != NULL && (NFS_FILEID(dentry->d_inode) == entry->ino || d_mountpoint(dentry))) { if (!desc->plus || entry->fh->size == 0) return dentry; if (nfs_compare_fh(NFS_FH(dentry->d_inode), entry->fh) == 0) goto out_renew; } d_drop(dentry); dput(dentry); } if (!desc->plus || !(entry->fattr->valid & NFS_ATTR_FATTR)) return NULL; if (name.len > NFS_SERVER(dir)->namelen) return NULL; dentry = d_alloc(parent, &name); if (dentry == NULL) return NULL; dentry->d_op = NFS_PROTO(dir)->dentry_ops; inode = nfs_fhget(dentry->d_sb, entry->fh, entry->fattr); if (IS_ERR(inode)) { dput(dentry); return NULL; } alias = d_materialise_unique(dentry, inode); if (alias != NULL) { dput(dentry); if (IS_ERR(alias)) return NULL; dentry = alias; } nfs_renew_times(dentry); nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); return dentry; out_renew: nfs_renew_times(dentry); nfs_refresh_verifier(dentry, nfs_save_change_attribute(dir)); return dentry; }",linux-2.6,,,77069567289346712276485682233506678275,0 593,['CWE-200'],"void flush_hash_range(unsigned long number, int local) { if (ppc_md.flush_hash_range) ppc_md.flush_hash_range(number, local); else { int i; struct ppc64_tlb_batch *batch = &__get_cpu_var(ppc64_tlb_batch); for (i = 0; i < number; i++) flush_hash_page(batch->vaddr[i], batch->pte[i], batch->psize, local); } }",linux-2.6,,,19363520022630791237340042891924259,0 5,[],"int _gnutls_encrypt(gnutls_session_t session, const opaque * headers, size_t headers_size, const opaque * data, size_t data_size, opaque * ciphertext, size_t ciphertext_size, content_type_t type, int random_pad) { gnutls_datum_t plain; gnutls_datum_t comp; int ret; int free_comp = 1; plain.data = (opaque *) data; plain.size = data_size; if (plain.size == 0 || is_write_comp_null(session) == 0) { comp = plain; free_comp = 0; } else { ret = _gnutls_m_plaintext2compressed(session, &comp, plain); if (ret < 0) { gnutls_assert(); return ret; } } ret = _gnutls_compressed2ciphertext(session, &ciphertext[headers_size], ciphertext_size - headers_size, comp, type, random_pad); if (free_comp) _gnutls_free_datum(&comp); if (ret < 0) { gnutls_assert(); return ret; } memcpy(ciphertext, headers, headers_size); _gnutls_write_uint16(ret, &ciphertext[3]); return ret + headers_size; }",gnutls,,,294926889118506914771512745949269390737,0 1995,['CWE-20'],"static void reset_vma_truncate_counts(struct address_space *mapping) { struct vm_area_struct *vma; struct prio_tree_iter iter; vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, 0, ULONG_MAX) vma->vm_truncate_count = 0; list_for_each_entry(vma, &mapping->i_mmap_nonlinear, shared.vm_set.list) vma->vm_truncate_count = 0; }",linux-2.6,,,192304733430139049481061888496551710960,0 5424,CWE-190,"ReadNextCell( mat_t *mat, matvar_t *matvar ) { size_t bytesread = 0, i; int err; matvar_t **cells = NULL; size_t nelems = 1; err = SafeMulDims(matvar, &nelems); if ( err ) { Mat_Critical(""Integer multiplication overflow""); return bytesread; } matvar->data_size = sizeof(matvar_t *); err = SafeMul(&matvar->nbytes, nelems, matvar->data_size); if ( err ) { Mat_Critical(""Integer multiplication overflow""); return bytesread; } matvar->data = calloc(nelems, matvar->data_size); if ( NULL == matvar->data ) { if ( NULL != matvar->name ) Mat_Critical(""Couldn't allocate memory for %s->data"", matvar->name); return bytesread; } cells = (matvar_t **)matvar->data; if ( matvar->compression == MAT_COMPRESSION_ZLIB ) { #if defined(HAVE_ZLIB) mat_uint32_t uncomp_buf[16] = {0,}; int nbytes; mat_uint32_t array_flags; for ( i = 0; i < nelems; i++ ) { cells[i] = Mat_VarCalloc(); if ( NULL == cells[i] ) { Mat_Critical(""Couldn't allocate memory for cell %"" SIZE_T_FMTSTR, i); continue; } uncomp_buf[0] = 0; uncomp_buf[1] = 0; bytesread += InflateVarTag(mat,matvar,uncomp_buf); if ( mat->byteswap ) { (void)Mat_uint32Swap(uncomp_buf); (void)Mat_uint32Swap(uncomp_buf+1); } nbytes = uncomp_buf[1]; if ( 0 == nbytes ) { free(cells[i]->internal); cells[i]->internal = NULL; continue; } else if ( uncomp_buf[0] != MAT_T_MATRIX ) { Mat_VarFree(cells[i]); cells[i] = NULL; Mat_Critical(""cells[%"" SIZE_T_FMTSTR ""], Uncompressed type not MAT_T_MATRIX"", i); break; } cells[i]->compression = MAT_COMPRESSION_ZLIB; bytesread += InflateArrayFlags(mat,matvar,uncomp_buf); nbytes -= 16; if ( mat->byteswap ) { (void)Mat_uint32Swap(uncomp_buf); (void)Mat_uint32Swap(uncomp_buf+1); (void)Mat_uint32Swap(uncomp_buf+2); (void)Mat_uint32Swap(uncomp_buf+3); } if ( uncomp_buf[0] == MAT_T_UINT32 ) { array_flags = uncomp_buf[2]; cells[i]->class_type = CLASS_FROM_ARRAY_FLAGS(array_flags); cells[i]->isComplex = (array_flags & MAT_F_COMPLEX); cells[i]->isGlobal = (array_flags & MAT_F_GLOBAL); cells[i]->isLogical = (array_flags & MAT_F_LOGICAL); if ( cells[i]->class_type == MAT_C_SPARSE ) { cells[i]->nbytes = uncomp_buf[3]; } } else { Mat_Critical(""Expected MAT_T_UINT32 for array tags, got %d"", uncomp_buf[0]); bytesread+=InflateSkip(mat,matvar->internal->z,nbytes); } if ( cells[i]->class_type != MAT_C_OPAQUE ) { mat_uint32_t* dims = NULL; int do_clean = 0; bytesread += InflateRankDims(mat,matvar,uncomp_buf,sizeof(uncomp_buf),&dims); if ( NULL == dims ) dims = uncomp_buf + 2; else do_clean = 1; nbytes -= 8; if ( mat->byteswap ) { (void)Mat_uint32Swap(uncomp_buf); (void)Mat_uint32Swap(uncomp_buf+1); } if ( uncomp_buf[0] == MAT_T_INT32 ) { int j; cells[i]->rank = uncomp_buf[1]; nbytes -= cells[i]->rank; cells[i]->rank /= 4; cells[i]->dims = (size_t*)malloc(cells[i]->rank*sizeof(*cells[i]->dims)); if ( mat->byteswap ) { for ( j = 0; j < cells[i]->rank; j++ ) cells[i]->dims[j] = Mat_uint32Swap(dims + j); } else { for ( j = 0; j < cells[i]->rank; j++ ) cells[i]->dims[j] = dims[j]; } if ( cells[i]->rank % 2 != 0 ) nbytes -= 4; } if ( do_clean ) free(dims); bytesread += InflateVarTag(mat,matvar,uncomp_buf); nbytes -= 8; if ( mat->byteswap ) { (void)Mat_uint32Swap(uncomp_buf); (void)Mat_uint32Swap(uncomp_buf+1); } if ( uncomp_buf[1] > 0 ) { if ( uncomp_buf[0] == MAT_T_INT8 ) { mat_uint32_t len = uncomp_buf[1]; if ( len % 8 > 0 ) len = len+(8-(len % 8)); cells[i]->name = (char*)malloc(len+1); nbytes -= len; if ( NULL != cells[i]->name ) { bytesread += InflateVarName(mat,matvar,cells[i]->name,len); cells[i]->name[len] = '\0'; } } else { mat_uint32_t len = (uncomp_buf[0] & 0xffff0000) >> 16; if ( ((uncomp_buf[0] & 0x0000ffff) == MAT_T_INT8) && len > 0 && len <= 4 ) { cells[i]->name = (char*)malloc(len+1); if ( NULL != cells[i]->name ) { memcpy(cells[i]->name,uncomp_buf+1,len); cells[i]->name[len] = '\0'; } } } } cells[i]->internal->z = (z_streamp)calloc(1,sizeof(z_stream)); if ( cells[i]->internal->z != NULL ) { err = inflateCopy(cells[i]->internal->z,matvar->internal->z); if ( err == Z_OK ) { cells[i]->internal->datapos = ftell((FILE*)mat->fp); if ( cells[i]->internal->datapos != -1L ) { cells[i]->internal->datapos -= matvar->internal->z->avail_in; if ( cells[i]->class_type == MAT_C_STRUCT ) bytesread+=ReadNextStructField(mat,cells[i]); else if ( cells[i]->class_type == MAT_C_CELL ) bytesread+=ReadNextCell(mat,cells[i]); else if ( nbytes <= (1 << MAX_WBITS) ) { Mat_VarRead5(mat,cells[i]); cells[i]->internal->data = cells[i]->data; cells[i]->data = NULL; } (void)fseek((FILE*)mat->fp,cells[i]->internal->datapos,SEEK_SET); } else { Mat_Critical(""Couldn't determine file position""); } if ( cells[i]->internal->data != NULL || cells[i]->class_type == MAT_C_STRUCT || cells[i]->class_type == MAT_C_CELL ) { inflateEnd(cells[i]->internal->z); free(cells[i]->internal->z); cells[i]->internal->z = NULL; } } else { Mat_Critical(""inflateCopy returned error %s"",zError(err)); } } else { Mat_Critical(""Couldn't allocate memory""); } } bytesread+=InflateSkip(mat,matvar->internal->z,nbytes); } #else Mat_Critical(""Not compiled with zlib support""); #endif } else { mat_uint32_t buf[6]; int nBytes; mat_uint32_t array_flags; for ( i = 0; i < nelems; i++ ) { int cell_bytes_read,name_len; cells[i] = Mat_VarCalloc(); if ( !cells[i] ) { Mat_Critical(""Couldn't allocate memory for cell %"" SIZE_T_FMTSTR, i); continue; } cell_bytes_read = fread(buf,4,2,(FILE*)mat->fp); if ( !cell_bytes_read ) continue; bytesread += cell_bytes_read; if ( mat->byteswap ) { (void)Mat_uint32Swap(buf); (void)Mat_uint32Swap(buf+1); } nBytes = buf[1]; if ( 0 == nBytes ) { free(cells[i]->internal); cells[i]->internal = NULL; continue; } else if ( buf[0] != MAT_T_MATRIX ) { Mat_VarFree(cells[i]); cells[i] = NULL; Mat_Critical(""cells[%"" SIZE_T_FMTSTR ""] not MAT_T_MATRIX, fpos = %ld"", i, ftell((FILE*)mat->fp)); break; } bytesread += fread(buf,4,6,(FILE*)mat->fp); if ( mat->byteswap ) { (void)Mat_uint32Swap(buf); (void)Mat_uint32Swap(buf+1); (void)Mat_uint32Swap(buf+2); (void)Mat_uint32Swap(buf+3); (void)Mat_uint32Swap(buf+4); (void)Mat_uint32Swap(buf+5); } nBytes-=24; if ( buf[0] == MAT_T_UINT32 ) { array_flags = buf[2]; cells[i]->class_type = CLASS_FROM_ARRAY_FLAGS(array_flags); cells[i]->isComplex = (array_flags & MAT_F_COMPLEX); cells[i]->isGlobal = (array_flags & MAT_F_GLOBAL); cells[i]->isLogical = (array_flags & MAT_F_LOGICAL); if ( cells[i]->class_type == MAT_C_SPARSE ) { cells[i]->nbytes = buf[3]; } } { size_t nbytes = ReadRankDims(mat, cells[i], (enum matio_types)buf[4], buf[5]); bytesread += nbytes; nBytes -= nbytes; } bytesread+=fread(buf,1,8,(FILE*)mat->fp); nBytes-=8; if ( mat->byteswap ) { (void)Mat_uint32Swap(buf); (void)Mat_uint32Swap(buf+1); } name_len = 0; if ( buf[1] > 0 ) { if ( buf[0] == MAT_T_INT8 ) { name_len = buf[1]; if ( name_len % 8 > 0 ) name_len = name_len+(8-(name_len % 8)); nBytes -= name_len; (void)fseek((FILE*)mat->fp,name_len,SEEK_CUR); } } cells[i]->internal->datapos = ftell((FILE*)mat->fp); if ( cells[i]->internal->datapos != -1L ) { if ( cells[i]->class_type == MAT_C_STRUCT ) bytesread+=ReadNextStructField(mat,cells[i]); if ( cells[i]->class_type == MAT_C_CELL ) bytesread+=ReadNextCell(mat,cells[i]); (void)fseek((FILE*)mat->fp,cells[i]->internal->datapos+nBytes,SEEK_SET); } else { Mat_Critical(""Couldn't determine file position""); } } } return bytesread; }",visit repo url,src/mat5.c,https://github.com/tbeu/matio,109393818523180,1 1080,CWE-476,"static void m_stop(struct seq_file *m, void *v) { struct proc_maps_private *priv = m->private; struct vm_area_struct *vma = v; vma_stop(priv, vma); if (priv->task) put_task_struct(priv->task); }",visit repo url,fs/proc/task_mmu.c,https://github.com/torvalds/linux,181524162946928,1 1212,['CWE-20'],"CairoFont::matches(Ref &other) { return (other.num == ref.num && other.gen == ref.gen); }",poppler,,,117601825805029483916978772335767542539,0 1120,CWE-362,"static int ip_setup_cork(struct sock *sk, struct inet_cork *cork, struct ipcm_cookie *ipc, struct rtable **rtp) { struct inet_sock *inet = inet_sk(sk); struct ip_options *opt; struct rtable *rt; opt = ipc->opt; if (opt) { if (cork->opt == NULL) { cork->opt = kmalloc(sizeof(struct ip_options) + 40, sk->sk_allocation); if (unlikely(cork->opt == NULL)) return -ENOBUFS; } memcpy(cork->opt, opt, sizeof(struct ip_options) + opt->optlen); cork->flags |= IPCORK_OPT; cork->addr = ipc->addr; } rt = *rtp; if (unlikely(!rt)) return -EFAULT; *rtp = NULL; cork->fragsize = inet->pmtudisc == IP_PMTUDISC_PROBE ? rt->dst.dev->mtu : dst_mtu(rt->dst.path); cork->dst = &rt->dst; cork->length = 0; cork->tx_flags = ipc->tx_flags; cork->page = NULL; cork->off = 0; return 0; }",visit repo url,net/ipv4/ip_output.c,https://github.com/torvalds/linux,23602974319485,1 952,CWE-17,"static void iov_fault_in_pages_read(struct iovec *iov, unsigned long len) { while (!iov->iov_len) iov++; while (len > 0) { unsigned long this_len; this_len = min_t(unsigned long, len, iov->iov_len); fault_in_pages_readable(iov->iov_base, this_len); len -= this_len; iov++; } }",visit repo url,fs/pipe.c,https://github.com/torvalds/linux,230234198008118,1 4975,['CWE-20'],"static void nfs4_shutdown_client(struct nfs_client *clp) { #ifdef CONFIG_NFS_V4 if (__test_and_clear_bit(NFS_CS_RENEWD, &clp->cl_res_state)) nfs4_kill_renewd(clp); BUG_ON(!RB_EMPTY_ROOT(&clp->cl_state_owners)); if (__test_and_clear_bit(NFS_CS_IDMAP, &clp->cl_res_state)) nfs_idmap_delete(clp); #endif }",linux-2.6,,,188039657682417300882790381552875415472,0 3759,CWE-119,"int yr_object_array_set_item( YR_OBJECT* object, YR_OBJECT* item, int index) { YR_OBJECT_ARRAY* array; int i; int count; assert(index >= 0); assert(object->type == OBJECT_TYPE_ARRAY); array = object_as_array(object); if (array->items == NULL) { count = yr_max(64, (index + 1) * 2); array->items = (YR_ARRAY_ITEMS*) yr_malloc( sizeof(YR_ARRAY_ITEMS) + count * sizeof(YR_OBJECT*)); if (array->items == NULL) return ERROR_INSUFFICIENT_MEMORY; memset(array->items->objects, 0, count * sizeof(YR_OBJECT*)); array->items->count = count; } else if (index >= array->items->count) { count = array->items->count * 2; array->items = (YR_ARRAY_ITEMS*) yr_realloc( array->items, sizeof(YR_ARRAY_ITEMS) + count * sizeof(YR_OBJECT*)); if (array->items == NULL) return ERROR_INSUFFICIENT_MEMORY; for (i = array->items->count; i < count; i++) array->items->objects[i] = NULL; array->items->count = count; } item->parent = object; array->items->objects[index] = item; return ERROR_SUCCESS; }",visit repo url,libyara/object.c,https://github.com/VirusTotal/yara,48323266000203,1 2693,[],"static int sctp_getsockopt_active_key(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_authkeyid val; struct sctp_association *asoc; if (!sctp_auth_enable) return -EACCES; if (len < sizeof(struct sctp_authkeyid)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(struct sctp_authkeyid))) return -EFAULT; asoc = sctp_id2assoc(sk, val.scact_assoc_id); if (!asoc && val.scact_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (asoc) val.scact_keynumber = asoc->active_key_id; else val.scact_keynumber = sctp_sk(sk)->ep->active_key_id; len = sizeof(struct sctp_authkeyid); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) return -EFAULT; return 0; }",linux-2.6,,,27627261976178825253744605618182527349,0 6118,CWE-190,"static void ed_mul_reg_imp(ed_t r, const ed_t p, const bn_t k) { bn_t _k; int i, j, l, n; int8_t s, reg[RLC_CEIL(RLC_FP_BITS + 1, ED_WIDTH - 1)]; ed_t t[1 << (ED_WIDTH - 2)], u, v; bn_null(_k); if (bn_is_zero(k)) { ed_set_infty(r); return; } RLC_TRY { bn_new(_k); ed_new(u); ed_new(v); for (i = 0; i < (1 << (ED_WIDTH - 2)); i++) { ed_null(t[i]); ed_new(t[i]); } ed_tab(t, p, ED_WIDTH); bn_abs(_k, k); _k->dp[0] |= bn_is_even(_k); l = RLC_CEIL(RLC_FP_BITS + 1, ED_WIDTH - 1); bn_rec_reg(reg, &l, _k, RLC_FP_BITS, ED_WIDTH); ed_set_infty(r); for (i = l - 1; i >= 0; i--) { for (j = 0; j < ED_WIDTH - 1; j++) { #if ED_ADD == EXTND r->coord = EXTND; #endif ed_dbl(r, r); } n = reg[i]; s = (n >> 7); n = ((n ^ s) - s) >> 1; for (j = 0; j < (1 << (EP_WIDTH - 2)); j++) { dv_copy_cond(u->x, t[j]->x, RLC_FP_DIGS, j == n); dv_copy_cond(u->y, t[j]->y, RLC_FP_DIGS, j == n); dv_copy_cond(u->z, t[j]->z, RLC_FP_DIGS, j == n); } ed_neg(v, u); dv_copy_cond(u->x, v->x, RLC_FP_DIGS, s != 0); ed_add(r, r, u); } ed_sub(u, r, t[0]); dv_copy_cond(r->x, u->x, RLC_FP_DIGS, bn_is_even(k)); dv_copy_cond(r->y, u->y, RLC_FP_DIGS, bn_is_even(k)); dv_copy_cond(r->z, u->z, RLC_FP_DIGS, bn_is_even(k)); ed_norm(r, r); ed_neg(u, r); dv_copy_cond(r->x, u->x, RLC_FP_DIGS, bn_sign(k) == RLC_NEG); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (ED_WIDTH - 2)); i++) { ed_free(t[i]); } bn_free(_k); } }",visit repo url,src/ed/relic_ed_mul.c,https://github.com/relic-toolkit/relic,49540766199397,1 1516,CWE-200,"static void umount_tree(struct mount *mnt, enum umount_tree_flags how) { LIST_HEAD(tmp_list); struct mount *p; if (how & UMOUNT_PROPAGATE) propagate_mount_unlock(mnt); for (p = mnt; p; p = next_mnt(p, mnt)) { p->mnt.mnt_flags |= MNT_UMOUNT; list_move(&p->mnt_list, &tmp_list); } list_for_each_entry(p, &tmp_list, mnt_list) { list_del_init(&p->mnt_child); } if (how & UMOUNT_PROPAGATE) propagate_umount(&tmp_list); while (!list_empty(&tmp_list)) { bool disconnect; p = list_first_entry(&tmp_list, struct mount, mnt_list); list_del_init(&p->mnt_expire); list_del_init(&p->mnt_list); __touch_mnt_namespace(p->mnt_ns); p->mnt_ns = NULL; if (how & UMOUNT_SYNC) p->mnt.mnt_flags |= MNT_SYNC_UMOUNT; disconnect = !IS_MNT_LOCKED_AND_LAZY(p); pin_insert_group(&p->mnt_umount, &p->mnt_parent->mnt, disconnect ? &unmounted : NULL); if (mnt_has_parent(p)) { mnt_add_count(p->mnt_parent, -1); if (!disconnect) { list_add_tail(&p->mnt_child, &p->mnt_parent->mnt_mounts); } else { umount_mnt(p); } } change_mnt_propagation(p, MS_PRIVATE); } }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,101912256118143,1 5590,[],"static void complete_signal(int sig, struct task_struct *p, int group) { struct signal_struct *signal = p->signal; struct task_struct *t; if (wants_signal(sig, p)) t = p; else if (!group || thread_group_empty(p)) return; else { t = signal->curr_target; while (!wants_signal(sig, t)) { t = next_thread(t); if (t == signal->curr_target) return; } signal->curr_target = t; } if (sig_fatal(p, sig) && !(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) && !sigismember(&t->real_blocked, sig) && (sig == SIGKILL || !tracehook_consider_fatal_signal(t, sig))) { if (!sig_kernel_coredump(sig)) { signal->flags = SIGNAL_GROUP_EXIT; signal->group_exit_code = sig; signal->group_stop_count = 0; t = p; do { sigaddset(&t->pending.signal, SIGKILL); signal_wake_up(t, 1); } while_each_thread(p, t); return; } } signal_wake_up(t, sig == SIGKILL); return; }",linux-2.6,,,71786781292994770334314552516051979366,0 2332,['CWE-120'],"int get_write_access(struct inode * inode) { spin_lock(&inode->i_lock); if (atomic_read(&inode->i_writecount) < 0) { spin_unlock(&inode->i_lock); return -ETXTBSY; } atomic_inc(&inode->i_writecount); spin_unlock(&inode->i_lock); return 0; }",linux-2.6,,,63211416073762931347301914788699847199,0 4157,['CWE-399'],"static void* reflect_cache_walk_callback(AvahiCache *c, AvahiKey *pattern, AvahiCacheEntry *e, void* userdata) { AvahiServer *s = userdata; assert(c); assert(pattern); assert(e); assert(s); avahi_record_list_push(s->record_list, e->record, e->cache_flush, 0, 0); return NULL; }",avahi,,,182243367159715927238925963062829618101,0 5076,['CWE-20'],"static int handle_wbinvd(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { skip_emulated_instruction(vcpu); return 1; }",linux-2.6,,,329679537893933851634675719276884514890,0 4685,CWE-78,"int imap_subscribe (char *path, int subscribe) { IMAP_DATA *idata; char buf[LONG_STRING]; char mbox[LONG_STRING]; char errstr[STRING]; BUFFER err, token; IMAP_MBOX mx; if (!mx_is_imap (path) || imap_parse_path (path, &mx) || !mx.mbox) { mutt_error (_(""Bad mailbox name"")); return -1; } if (!(idata = imap_conn_find (&(mx.account), 0))) goto fail; imap_fix_path (idata, mx.mbox, buf, sizeof (buf)); if (!*buf) strfcpy (buf, ""INBOX"", sizeof (buf)); if (option (OPTIMAPCHECKSUBSCRIBED)) { mutt_buffer_init (&token); mutt_buffer_init (&err); err.data = errstr; err.dsize = sizeof (errstr); snprintf (mbox, sizeof (mbox), ""%smailboxes \""%s\"""", subscribe ? """" : ""un"", path); if (mutt_parse_rc_line (mbox, &token, &err)) dprint (1, (debugfile, ""Error adding subscribed mailbox: %s\n"", errstr)); FREE (&token.data); } if (subscribe) mutt_message (_(""Subscribing to %s...""), buf); else mutt_message (_(""Unsubscribing from %s...""), buf); imap_munge_mbox_name (idata, mbox, sizeof(mbox), buf); snprintf (buf, sizeof (buf), ""%sSUBSCRIBE %s"", subscribe ? """" : ""UN"", mbox); if (imap_exec (idata, buf, 0) < 0) goto fail; imap_unmunge_mbox_name(idata, mx.mbox); if (subscribe) mutt_message (_(""Subscribed to %s""), mx.mbox); else mutt_message (_(""Unsubscribed from %s""), mx.mbox); FREE (&mx.mbox); return 0; fail: FREE (&mx.mbox); return -1; }",visit repo url,imap/imap.c,https://gitlab.com/muttmua/mutt,55093664943907,1 4977,['CWE-20'],"static int nfs_do_access(struct inode *inode, struct rpc_cred *cred, int mask) { struct nfs_access_entry cache; int status; status = nfs_access_get_cached(inode, cred, &cache); if (status == 0) goto out; cache.mask = MAY_EXEC | MAY_WRITE | MAY_READ; cache.cred = cred; cache.jiffies = jiffies; status = NFS_PROTO(inode)->access(inode, &cache); if (status != 0) return status; nfs_access_add_cache(inode, &cache); out: if ((cache.mask & mask) == mask) return 0; return -EACCES; }",linux-2.6,,,195596598932901633188221199963372046919,0 1617,[],"static void set_domain_attribute(struct sched_domain *sd, struct sched_domain_attr *attr) { int request; if (!attr || attr->relax_domain_level < 0) { if (default_relax_domain_level < 0) return; else request = default_relax_domain_level; } else request = attr->relax_domain_level; if (request < sd->level) { sd->flags &= ~(SD_WAKE_IDLE|SD_BALANCE_NEWIDLE); } else { sd->flags |= (SD_WAKE_IDLE_FAR|SD_BALANCE_NEWIDLE); } }",linux-2.6,,,298253249996623488097164299805328091915,0 6336,['CWE-200'],"void rtnl_lock(void) { rtnl_shlock(); }",linux-2.6,,,86857427222378789584035211840479437434,0 1594,NVD-CWE-Other,"static unsigned int unix_dgram_poll(struct file *file, struct socket *sock, poll_table *wait) { struct sock *sk = sock->sk, *other; unsigned int mask, writable; sock_poll_wait(file, sk_sleep(sk), wait); mask = 0; if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue)) mask |= POLLERR | (sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? POLLPRI : 0); if (sk->sk_shutdown & RCV_SHUTDOWN) mask |= POLLRDHUP | POLLIN | POLLRDNORM; if (sk->sk_shutdown == SHUTDOWN_MASK) mask |= POLLHUP; if (!skb_queue_empty(&sk->sk_receive_queue)) mask |= POLLIN | POLLRDNORM; if (sk->sk_type == SOCK_SEQPACKET) { if (sk->sk_state == TCP_CLOSE) mask |= POLLHUP; if (sk->sk_state == TCP_SYN_SENT) return mask; } if (!(poll_requested_events(wait) & (POLLWRBAND|POLLWRNORM|POLLOUT))) return mask; writable = unix_writable(sk); other = unix_peer_get(sk); if (other) { if (unix_peer(other) != sk) { sock_poll_wait(file, &unix_sk(other)->peer_wait, wait); if (unix_recvq_full(other)) writable = 0; } sock_put(other); } if (writable) mask |= POLLOUT | POLLWRNORM | POLLWRBAND; else set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags); return mask; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,22049090037370,1 5765,CWE-190,"static mongo_message *mongo_message_create( int len , int id , int responseTo , int op ) { mongo_message *mm = ( mongo_message * )bson_malloc( len ); if ( !id ) id = rand(); mm->head.len = len; mm->head.id = id; mm->head.responseTo = responseTo; mm->head.op = op; return mm; }",visit repo url,src/mongo.c,https://github.com/10gen-archive/mongo-c-driver-legacy,17026244097272,1 956,CWE-19,"static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, struct pt_regs *regs) { struct task_struct *tsk; struct mm_struct *mm; int fault, sig, code; unsigned long vm_flags = VM_READ | VM_WRITE; unsigned int mm_flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; tsk = current; mm = tsk->mm; if (interrupts_enabled(regs)) local_irq_enable(); if (in_atomic() || !mm) goto no_context; if (user_mode(regs)) mm_flags |= FAULT_FLAG_USER; if (esr & ESR_LNX_EXEC) { vm_flags = VM_EXEC; } else if ((esr & ESR_EL1_WRITE) && !(esr & ESR_EL1_CM)) { vm_flags = VM_WRITE; mm_flags |= FAULT_FLAG_WRITE; } if (!down_read_trylock(&mm->mmap_sem)) { if (!user_mode(regs) && !search_exception_tables(regs->pc)) goto no_context; retry: down_read(&mm->mmap_sem); } else { might_sleep(); #ifdef CONFIG_DEBUG_VM if (!user_mode(regs) && !search_exception_tables(regs->pc)) goto no_context; #endif } fault = __do_page_fault(mm, addr, mm_flags, vm_flags, tsk); if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) return 0; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr); if (mm_flags & FAULT_FLAG_ALLOW_RETRY) { if (fault & VM_FAULT_MAJOR) { tsk->maj_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, regs, addr); } else { tsk->min_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, regs, addr); } if (fault & VM_FAULT_RETRY) { mm_flags &= ~FAULT_FLAG_ALLOW_RETRY; goto retry; } } up_read(&mm->mmap_sem); if (likely(!(fault & (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS)))) return 0; if (!user_mode(regs)) goto no_context; if (fault & VM_FAULT_OOM) { pagefault_out_of_memory(); return 0; } if (fault & VM_FAULT_SIGBUS) { sig = SIGBUS; code = BUS_ADRERR; } else { sig = SIGSEGV; code = fault == VM_FAULT_BADACCESS ? SEGV_ACCERR : SEGV_MAPERR; } __do_user_fault(tsk, addr, esr, sig, code, regs); return 0; no_context: __do_kernel_fault(mm, addr, esr, regs); return 0; }",visit repo url,arch/arm64/mm/fault.c,https://github.com/torvalds/linux,250846828150654,1 3016,CWE-415,"BGD_DECLARE(void *) gdImageWebpPtrEx (gdImagePtr im, int *size, int quality) { void *rv; gdIOCtx *out = gdNewDynamicCtx(2048, NULL); if (out == NULL) { return NULL; } gdImageWebpCtx(im, out, quality); rv = gdDPExtractData(out, size); out->gd_free(out); return rv; }",visit repo url,src/gd_webp.c,https://github.com/libgd/libgd,184108808625792,1 6660,['CWE-200'],"applet_menu_item_activate_helper_part2 (NMConnection *connection, gboolean auto_created, gboolean canceled, gpointer user_data) { AppletItemActivateInfo *info = user_data; const char *con_path; gboolean is_system = FALSE; if (canceled) { applet_item_activate_info_destroy (info); return; } g_return_if_fail (connection != NULL); if (!auto_created) is_system = is_system_connection (connection); else { NMAGConfConnection *exported; exported = nma_gconf_settings_add_connection (info->applet->gconf_settings, connection); if (!exported) { NMADeviceClass *dclass = get_device_class (info->device, info->applet); g_assert (dclass); nm_warning (""Invalid connection; asking for more information.""); if (dclass->get_more_info) dclass->get_more_info (info->device, connection, info->applet, info->dclass_data); g_object_unref (connection); applet_item_activate_info_destroy (info); return; } g_object_unref (connection); } g_assert (connection); con_path = nm_connection_get_path (connection); g_assert (con_path); nm_client_activate_connection (info->applet->nm_client, is_system ? NM_DBUS_SERVICE_SYSTEM_SETTINGS : NM_DBUS_SERVICE_USER_SETTINGS, con_path, info->device, info->specific_object, activate_connection_cb, info->applet); applet_item_activate_info_destroy (info); }",network-manager-applet,,,72294495827716670640428720866817721509,0 2118,CWE-416,"nvkm_vmm_unmap_region(struct nvkm_vmm *vmm, struct nvkm_vma *vma) { struct nvkm_vma *next; nvkm_memory_tags_put(vma->memory, vmm->mmu->subdev.device, &vma->tags); nvkm_memory_unref(&vma->memory); if (vma->part) { struct nvkm_vma *prev = node(vma, prev); if (!prev->memory) { prev->size += vma->size; rb_erase(&vma->tree, &vmm->root); list_del(&vma->head); kfree(vma); vma = prev; } } next = node(vma, next); if (next && next->part) { if (!next->memory) { vma->size += next->size; rb_erase(&next->tree, &vmm->root); list_del(&next->head); kfree(next); } } }",visit repo url,drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c,https://github.com/torvalds/linux,140409409568787,1 5507,CWE-125,"fp_setreadl(struct tok_state *tok, const char* enc) { PyObject *readline, *io, *stream; _Py_IDENTIFIER(open); _Py_IDENTIFIER(readline); int fd; long pos; fd = fileno(tok->fp); pos = ftell(tok->fp); if (pos == -1 || lseek(fd, (off_t)(pos > 0 ? pos - 1 : pos), SEEK_SET) == (off_t)-1) { PyErr_SetFromErrnoWithFilename(PyExc_OSError, NULL); return 0; } io = PyImport_ImportModuleNoBlock(""io""); if (io == NULL) return 0; stream = _PyObject_CallMethodId(io, &PyId_open, ""isisOOO"", fd, ""r"", -1, enc, Py_None, Py_None, Py_False); Py_DECREF(io); if (stream == NULL) return 0; readline = _PyObject_GetAttrId(stream, &PyId_readline); Py_DECREF(stream); if (readline == NULL) return 0; Py_XSETREF(tok->decoding_readline, readline); if (pos > 0) { PyObject *bufobj = PyObject_CallObject(readline, NULL); if (bufobj == NULL) return 0; Py_DECREF(bufobj); } return 1; }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,240747956105804,1 4,[],"inline static int is_read_comp_null(gnutls_session_t session) { if (session->security_parameters.read_compression_algorithm == GNUTLS_COMP_NULL) return 0; return 1; }",gnutls,,,186331153386239778509824193020346552887,0 1624,CWE-416,"static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, char __user *optval, unsigned int optlen) { struct ipv6_pinfo *np = inet6_sk(sk); struct net *net = sock_net(sk); int val, valbool; int retv = -ENOPROTOOPT; bool needs_rtnl = setsockopt_needs_rtnl(optname); if (!optval) val = 0; else { if (optlen >= sizeof(int)) { if (get_user(val, (int __user *) optval)) return -EFAULT; } else val = 0; } valbool = (val != 0); if (ip6_mroute_opt(optname)) return ip6_mroute_setsockopt(sk, optname, optval, optlen); if (needs_rtnl) rtnl_lock(); lock_sock(sk); switch (optname) { case IPV6_ADDRFORM: if (optlen < sizeof(int)) goto e_inval; if (val == PF_INET) { struct ipv6_txoptions *opt; struct sk_buff *pktopt; if (sk->sk_type == SOCK_RAW) break; if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) { struct udp_sock *up = udp_sk(sk); if (up->pending == AF_INET6) { retv = -EBUSY; break; } } else if (sk->sk_protocol != IPPROTO_TCP) break; if (sk->sk_state != TCP_ESTABLISHED) { retv = -ENOTCONN; break; } if (ipv6_only_sock(sk) || !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) { retv = -EADDRNOTAVAIL; break; } fl6_free_socklist(sk); ipv6_sock_mc_close(sk); sk_refcnt_debug_dec(sk); if (sk->sk_protocol == IPPROTO_TCP) { struct inet_connection_sock *icsk = inet_csk(sk); local_bh_disable(); sock_prot_inuse_add(net, sk->sk_prot, -1); sock_prot_inuse_add(net, &tcp_prot, 1); local_bh_enable(); sk->sk_prot = &tcp_prot; icsk->icsk_af_ops = &ipv4_specific; sk->sk_socket->ops = &inet_stream_ops; sk->sk_family = PF_INET; tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); } else { struct proto *prot = &udp_prot; if (sk->sk_protocol == IPPROTO_UDPLITE) prot = &udplite_prot; local_bh_disable(); sock_prot_inuse_add(net, sk->sk_prot, -1); sock_prot_inuse_add(net, prot, 1); local_bh_enable(); sk->sk_prot = prot; sk->sk_socket->ops = &inet_dgram_ops; sk->sk_family = PF_INET; } opt = xchg(&np->opt, NULL); if (opt) sock_kfree_s(sk, opt, opt->tot_len); pktopt = xchg(&np->pktoptions, NULL); kfree_skb(pktopt); sk->sk_destruct = inet_sock_destruct; sk_refcnt_debug_inc(sk); module_put(THIS_MODULE); retv = 0; break; } goto e_inval; case IPV6_V6ONLY: if (optlen < sizeof(int) || inet_sk(sk)->inet_num) goto e_inval; sk->sk_ipv6only = valbool; retv = 0; break; case IPV6_RECVPKTINFO: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxinfo = valbool; retv = 0; break; case IPV6_2292PKTINFO: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxoinfo = valbool; retv = 0; break; case IPV6_RECVHOPLIMIT: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxhlim = valbool; retv = 0; break; case IPV6_2292HOPLIMIT: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxohlim = valbool; retv = 0; break; case IPV6_RECVRTHDR: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.srcrt = valbool; retv = 0; break; case IPV6_2292RTHDR: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.osrcrt = valbool; retv = 0; break; case IPV6_RECVHOPOPTS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.hopopts = valbool; retv = 0; break; case IPV6_2292HOPOPTS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.ohopopts = valbool; retv = 0; break; case IPV6_RECVDSTOPTS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.dstopts = valbool; retv = 0; break; case IPV6_2292DSTOPTS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.odstopts = valbool; retv = 0; break; case IPV6_TCLASS: if (optlen < sizeof(int)) goto e_inval; if (val < -1 || val > 0xff) goto e_inval; if (val == -1) val = 0; np->tclass = val; retv = 0; break; case IPV6_RECVTCLASS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxtclass = valbool; retv = 0; break; case IPV6_FLOWINFO: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxflow = valbool; retv = 0; break; case IPV6_RECVPATHMTU: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxpmtu = valbool; retv = 0; break; case IPV6_TRANSPARENT: if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && !ns_capable(net->user_ns, CAP_NET_RAW)) { retv = -EPERM; break; } if (optlen < sizeof(int)) goto e_inval; inet_sk(sk)->transparent = valbool; retv = 0; break; case IPV6_RECVORIGDSTADDR: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxorigdstaddr = valbool; retv = 0; break; case IPV6_HOPOPTS: case IPV6_RTHDRDSTOPTS: case IPV6_RTHDR: case IPV6_DSTOPTS: { struct ipv6_txoptions *opt; if (optlen == 0) optval = NULL; else if (!optval) goto e_inval; else if (optlen < sizeof(struct ipv6_opt_hdr) || optlen & 0x7 || optlen > 8 * 255) goto e_inval; retv = -EPERM; if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) break; opt = ipv6_renew_options(sk, np->opt, optname, (struct ipv6_opt_hdr __user *)optval, optlen); if (IS_ERR(opt)) { retv = PTR_ERR(opt); break; } retv = -EINVAL; if (optname == IPV6_RTHDR && opt && opt->srcrt) { struct ipv6_rt_hdr *rthdr = opt->srcrt; switch (rthdr->type) { #if IS_ENABLED(CONFIG_IPV6_MIP6) case IPV6_SRCRT_TYPE_2: if (rthdr->hdrlen != 2 || rthdr->segments_left != 1) goto sticky_done; break; #endif default: goto sticky_done; } } retv = 0; opt = ipv6_update_options(sk, opt); sticky_done: if (opt) sock_kfree_s(sk, opt, opt->tot_len); break; } case IPV6_PKTINFO: { struct in6_pktinfo pkt; if (optlen == 0) goto e_inval; else if (optlen < sizeof(struct in6_pktinfo) || !optval) goto e_inval; if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) { retv = -EFAULT; break; } if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) goto e_inval; np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex; np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr; retv = 0; break; } case IPV6_2292PKTOPTIONS: { struct ipv6_txoptions *opt = NULL; struct msghdr msg; struct flowi6 fl6; int junk; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = sk->sk_mark; if (optlen == 0) goto update; retv = -EINVAL; if (optlen > 64*1024) break; opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL); retv = -ENOBUFS; if (!opt) break; memset(opt, 0, sizeof(*opt)); opt->tot_len = sizeof(*opt) + optlen; retv = -EFAULT; if (copy_from_user(opt+1, optval, optlen)) goto done; msg.msg_controllen = optlen; msg.msg_control = (void *)(opt+1); retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk, &junk, &junk); if (retv) goto done; update: retv = 0; opt = ipv6_update_options(sk, opt); done: if (opt) sock_kfree_s(sk, opt, opt->tot_len); break; } case IPV6_UNICAST_HOPS: if (optlen < sizeof(int)) goto e_inval; if (val > 255 || val < -1) goto e_inval; np->hop_limit = val; retv = 0; break; case IPV6_MULTICAST_HOPS: if (sk->sk_type == SOCK_STREAM) break; if (optlen < sizeof(int)) goto e_inval; if (val > 255 || val < -1) goto e_inval; np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val); retv = 0; break; case IPV6_MULTICAST_LOOP: if (optlen < sizeof(int)) goto e_inval; if (val != valbool) goto e_inval; np->mc_loop = valbool; retv = 0; break; case IPV6_UNICAST_IF: { struct net_device *dev = NULL; int ifindex; if (optlen != sizeof(int)) goto e_inval; ifindex = (__force int)ntohl((__force __be32)val); if (ifindex == 0) { np->ucast_oif = 0; retv = 0; break; } dev = dev_get_by_index(net, ifindex); retv = -EADDRNOTAVAIL; if (!dev) break; dev_put(dev); retv = -EINVAL; if (sk->sk_bound_dev_if) break; np->ucast_oif = ifindex; retv = 0; break; } case IPV6_MULTICAST_IF: if (sk->sk_type == SOCK_STREAM) break; if (optlen < sizeof(int)) goto e_inval; if (val) { struct net_device *dev; if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val) goto e_inval; dev = dev_get_by_index(net, val); if (!dev) { retv = -ENODEV; break; } dev_put(dev); } np->mcast_oif = val; retv = 0; break; case IPV6_ADD_MEMBERSHIP: case IPV6_DROP_MEMBERSHIP: { struct ipv6_mreq mreq; if (optlen < sizeof(struct ipv6_mreq)) goto e_inval; retv = -EPROTO; if (inet_sk(sk)->is_icsk) break; retv = -EFAULT; if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) break; if (optname == IPV6_ADD_MEMBERSHIP) retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); else retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); break; } case IPV6_JOIN_ANYCAST: case IPV6_LEAVE_ANYCAST: { struct ipv6_mreq mreq; if (optlen < sizeof(struct ipv6_mreq)) goto e_inval; retv = -EFAULT; if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) break; if (optname == IPV6_JOIN_ANYCAST) retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); else retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); break; } case MCAST_JOIN_GROUP: case MCAST_LEAVE_GROUP: { struct group_req greq; struct sockaddr_in6 *psin6; if (optlen < sizeof(struct group_req)) goto e_inval; retv = -EFAULT; if (copy_from_user(&greq, optval, sizeof(struct group_req))) break; if (greq.gr_group.ss_family != AF_INET6) { retv = -EADDRNOTAVAIL; break; } psin6 = (struct sockaddr_in6 *)&greq.gr_group; if (optname == MCAST_JOIN_GROUP) retv = ipv6_sock_mc_join(sk, greq.gr_interface, &psin6->sin6_addr); else retv = ipv6_sock_mc_drop(sk, greq.gr_interface, &psin6->sin6_addr); break; } case MCAST_JOIN_SOURCE_GROUP: case MCAST_LEAVE_SOURCE_GROUP: case MCAST_BLOCK_SOURCE: case MCAST_UNBLOCK_SOURCE: { struct group_source_req greqs; int omode, add; if (optlen < sizeof(struct group_source_req)) goto e_inval; if (copy_from_user(&greqs, optval, sizeof(greqs))) { retv = -EFAULT; break; } if (greqs.gsr_group.ss_family != AF_INET6 || greqs.gsr_source.ss_family != AF_INET6) { retv = -EADDRNOTAVAIL; break; } if (optname == MCAST_BLOCK_SOURCE) { omode = MCAST_EXCLUDE; add = 1; } else if (optname == MCAST_UNBLOCK_SOURCE) { omode = MCAST_EXCLUDE; add = 0; } else if (optname == MCAST_JOIN_SOURCE_GROUP) { struct sockaddr_in6 *psin6; psin6 = (struct sockaddr_in6 *)&greqs.gsr_group; retv = ipv6_sock_mc_join(sk, greqs.gsr_interface, &psin6->sin6_addr); if (retv && retv != -EADDRINUSE) break; omode = MCAST_INCLUDE; add = 1; } else { omode = MCAST_INCLUDE; add = 0; } retv = ip6_mc_source(add, omode, sk, &greqs); break; } case MCAST_MSFILTER: { struct group_filter *gsf; if (optlen < GROUP_FILTER_SIZE(0)) goto e_inval; if (optlen > sysctl_optmem_max) { retv = -ENOBUFS; break; } gsf = kmalloc(optlen, GFP_KERNEL); if (!gsf) { retv = -ENOBUFS; break; } retv = -EFAULT; if (copy_from_user(gsf, optval, optlen)) { kfree(gsf); break; } if (gsf->gf_numsrc >= 0x1ffffffU || gsf->gf_numsrc > sysctl_mld_max_msf) { kfree(gsf); retv = -ENOBUFS; break; } if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { kfree(gsf); retv = -EINVAL; break; } retv = ip6_mc_msfilter(sk, gsf); kfree(gsf); break; } case IPV6_ROUTER_ALERT: if (optlen < sizeof(int)) goto e_inval; retv = ip6_ra_control(sk, val); break; case IPV6_MTU_DISCOVER: if (optlen < sizeof(int)) goto e_inval; if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT) goto e_inval; np->pmtudisc = val; retv = 0; break; case IPV6_MTU: if (optlen < sizeof(int)) goto e_inval; if (val && val < IPV6_MIN_MTU) goto e_inval; np->frag_size = val; retv = 0; break; case IPV6_RECVERR: if (optlen < sizeof(int)) goto e_inval; np->recverr = valbool; if (!val) skb_queue_purge(&sk->sk_error_queue); retv = 0; break; case IPV6_FLOWINFO_SEND: if (optlen < sizeof(int)) goto e_inval; np->sndflow = valbool; retv = 0; break; case IPV6_FLOWLABEL_MGR: retv = ipv6_flowlabel_opt(sk, optval, optlen); break; case IPV6_IPSEC_POLICY: case IPV6_XFRM_POLICY: retv = -EPERM; if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) break; retv = xfrm_user_policy(sk, optname, optval, optlen); break; case IPV6_ADDR_PREFERENCES: { unsigned int pref = 0; unsigned int prefmask = ~0; if (optlen < sizeof(int)) goto e_inval; retv = -EINVAL; switch (val & (IPV6_PREFER_SRC_PUBLIC| IPV6_PREFER_SRC_TMP| IPV6_PREFER_SRC_PUBTMP_DEFAULT)) { case IPV6_PREFER_SRC_PUBLIC: pref |= IPV6_PREFER_SRC_PUBLIC; break; case IPV6_PREFER_SRC_TMP: pref |= IPV6_PREFER_SRC_TMP; break; case IPV6_PREFER_SRC_PUBTMP_DEFAULT: break; case 0: goto pref_skip_pubtmp; default: goto e_inval; } prefmask &= ~(IPV6_PREFER_SRC_PUBLIC| IPV6_PREFER_SRC_TMP); pref_skip_pubtmp: switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) { case IPV6_PREFER_SRC_HOME: break; case IPV6_PREFER_SRC_COA: pref |= IPV6_PREFER_SRC_COA; case 0: goto pref_skip_coa; default: goto e_inval; } prefmask &= ~IPV6_PREFER_SRC_COA; pref_skip_coa: switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) { case IPV6_PREFER_SRC_CGA: case IPV6_PREFER_SRC_NONCGA: case 0: break; default: goto e_inval; } np->srcprefs = (np->srcprefs & prefmask) | pref; retv = 0; break; } case IPV6_MINHOPCOUNT: if (optlen < sizeof(int)) goto e_inval; if (val < 0 || val > 255) goto e_inval; np->min_hopcount = val; retv = 0; break; case IPV6_DONTFRAG: np->dontfrag = valbool; retv = 0; break; case IPV6_AUTOFLOWLABEL: np->autoflowlabel = valbool; retv = 0; break; } release_sock(sk); if (needs_rtnl) rtnl_unlock(); return retv; e_inval: release_sock(sk); if (needs_rtnl) rtnl_unlock(); return -EINVAL; }",visit repo url,net/ipv6/ipv6_sockglue.c,https://github.com/torvalds/linux,179725991694853,1 3355,[],"static inline void *nlmsg_data(const struct nlmsghdr *nlh) { return (unsigned char *) nlh + NLMSG_HDRLEN; }",linux-2.6,,,282360321548568090875665125391711680420,0 1127,['CWE-399'],"static int s390_compat_regs_set(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, const void *kbuf, const void __user *ubuf) { int rc = 0; if (target == current) save_access_regs(target->thread.acrs); if (kbuf) { const compat_ulong_t *k = kbuf; while (count > 0 && !rc) { rc = __poke_user_compat(target, pos, *k++); count -= sizeof(*k); pos += sizeof(*k); } } else { const compat_ulong_t __user *u = ubuf; while (count > 0 && !rc) { compat_ulong_t word; rc = __get_user(word, u++); if (rc) break; rc = __poke_user_compat(target, pos, word); count -= sizeof(*u); pos += sizeof(*u); } } if (rc == 0 && target == current) restore_access_regs(target->thread.acrs); return rc; }",linux-2.6,,,251704184031593669683389948211870645778,0 5336,CWE-787,"static void ToPropertyDescriptor(js_State *J, js_Object *obj, const char *name, js_Object *desc) { int haswritable = 0; int hasvalue = 0; int enumerable = 0; int configurable = 0; int writable = 0; int atts = 0; js_pushobject(J, obj); js_pushobject(J, desc); if (js_hasproperty(J, -1, ""writable"")) { haswritable = 1; writable = js_toboolean(J, -1); js_pop(J, 1); } if (js_hasproperty(J, -1, ""enumerable"")) { enumerable = js_toboolean(J, -1); js_pop(J, 1); } if (js_hasproperty(J, -1, ""configurable"")) { configurable = js_toboolean(J, -1); js_pop(J, 1); } if (js_hasproperty(J, -1, ""value"")) { hasvalue = 1; js_setproperty(J, -3, name); } if (!writable) atts |= JS_READONLY; if (!enumerable) atts |= JS_DONTENUM; if (!configurable) atts |= JS_DONTCONF; if (js_hasproperty(J, -1, ""get"")) { if (haswritable || hasvalue) js_typeerror(J, ""value/writable and get/set attributes are exclusive""); } else { js_pushundefined(J); } if (js_hasproperty(J, -2, ""set"")) { if (haswritable || hasvalue) js_typeerror(J, ""value/writable and get/set attributes are exclusive""); } else { js_pushundefined(J); } js_defaccessor(J, -4, name, atts); js_pop(J, 2); }",visit repo url,jsobject.c,https://github.com/ccxvii/mujs,278562241229719,1 1699,CWE-19,"static enum integrity_status evm_verify_hmac(struct dentry *dentry, const char *xattr_name, char *xattr_value, size_t xattr_value_len, struct integrity_iint_cache *iint) { struct evm_ima_xattr_data *xattr_data = NULL; struct evm_ima_xattr_data calc; enum integrity_status evm_status = INTEGRITY_PASS; int rc, xattr_len; if (iint && iint->evm_status == INTEGRITY_PASS) return iint->evm_status; rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0, GFP_NOFS); if (rc <= 0) { evm_status = INTEGRITY_FAIL; if (rc == -ENODATA) { rc = evm_find_protected_xattrs(dentry); if (rc > 0) evm_status = INTEGRITY_NOLABEL; else if (rc == 0) evm_status = INTEGRITY_NOXATTRS; } else if (rc == -EOPNOTSUPP) { evm_status = INTEGRITY_UNKNOWN; } goto out; } xattr_len = rc; switch (xattr_data->type) { case EVM_XATTR_HMAC: rc = evm_calc_hmac(dentry, xattr_name, xattr_value, xattr_value_len, calc.digest); if (rc) break; rc = memcmp(xattr_data->digest, calc.digest, sizeof(calc.digest)); if (rc) rc = -EINVAL; break; case EVM_IMA_XATTR_DIGSIG: rc = evm_calc_hash(dentry, xattr_name, xattr_value, xattr_value_len, calc.digest); if (rc) break; rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM, (const char *)xattr_data, xattr_len, calc.digest, sizeof(calc.digest)); if (!rc) { if (!IS_RDONLY(d_backing_inode(dentry)) && !IS_IMMUTABLE(d_backing_inode(dentry))) evm_update_evmxattr(dentry, xattr_name, xattr_value, xattr_value_len); } break; default: rc = -EINVAL; break; } if (rc) evm_status = (rc == -ENODATA) ? INTEGRITY_NOXATTRS : INTEGRITY_FAIL; out: if (iint) iint->evm_status = evm_status; kfree(xattr_data); return evm_status; }",visit repo url,security/integrity/evm/evm_main.c,https://github.com/torvalds/linux,74249299217755,1 6045,['CWE-200'],"static void cbq_undelay(unsigned long arg) { struct Qdisc *sch = (struct Qdisc*)arg; struct cbq_sched_data *q = qdisc_priv(sch); long delay = 0; unsigned pmask; pmask = q->pmask; q->pmask = 0; while (pmask) { int prio = ffz(~pmask); long tmp; pmask &= ~(1< 0) { q->pmask |= 1<delay_timer.expires = jiffies + delay; add_timer(&q->delay_timer); } sch->flags &= ~TCQ_F_THROTTLED; netif_schedule(sch->dev); }",linux-2.6,,,333641400445009325277396869731082078367,0 765,CWE-20,"static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); int noblock = flags & MSG_DONTWAIT; size_t copied = 0; int target, err; long timeo; IRDA_DEBUG(3, ""%s()\n"", __func__); if ((err = sock_error(sk)) < 0) return err; if (sock->flags & __SO_ACCEPTCON) return -EINVAL; err =-EOPNOTSUPP; if (flags & MSG_OOB) return -EOPNOTSUPP; err = 0; target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, noblock); msg->msg_namelen = 0; do { int chunk; struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue); if (skb == NULL) { DEFINE_WAIT(wait); err = 0; if (copied >= target) break; prepare_to_wait_exclusive(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); err = sock_error(sk); if (err) ; else if (sk->sk_shutdown & RCV_SHUTDOWN) ; else if (noblock) err = -EAGAIN; else if (signal_pending(current)) err = sock_intr_errno(timeo); else if (sk->sk_state != TCP_ESTABLISHED) err = -ENOTCONN; else if (skb_peek(&sk->sk_receive_queue) == NULL) schedule(); finish_wait(sk_sleep(sk), &wait); if (err) return err; if (sk->sk_shutdown & RCV_SHUTDOWN) break; continue; } chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { IRDA_DEBUG(1, ""%s(), back on q!\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { IRDA_DEBUG(0, ""%s() questionable!?\n"", __func__); skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",visit repo url,net/irda/af_irda.c,https://github.com/torvalds/linux,219986388594170,1 2879,['CWE-189'],"int jas_image_depalettize(jas_image_t *image, int cmptno, int numlutents, int_fast32_t *lutents, int dtype, int newcmptno) { jas_image_cmptparm_t cmptparms; int_fast32_t v; int i; int j; jas_image_cmpt_t *cmpt; cmpt = image->cmpts_[cmptno]; cmptparms.tlx = cmpt->tlx_; cmptparms.tly = cmpt->tly_; cmptparms.hstep = cmpt->hstep_; cmptparms.vstep = cmpt->vstep_; cmptparms.width = cmpt->width_; cmptparms.height = cmpt->height_; cmptparms.prec = JAS_IMAGE_CDT_GETPREC(dtype); cmptparms.sgnd = JAS_IMAGE_CDT_GETSGND(dtype); if (jas_image_addcmpt(image, newcmptno, &cmptparms)) { return -1; } if (newcmptno <= cmptno) { ++cmptno; cmpt = image->cmpts_[cmptno]; } for (j = 0; j < cmpt->height_; ++j) { for (i = 0; i < cmpt->width_; ++i) { v = jas_image_readcmptsample(image, cmptno, i, j); if (v < 0) { v = 0; } else if (v >= numlutents) { v = numlutents - 1; } jas_image_writecmptsample(image, newcmptno, i, j, lutents[v]); } } return 0; }",jasper,,,316928626900660182740792006283102317966,0 6360,[],"void quotedfprint (FILE *fptr, variableLength *vl) { gint index; for (index=0;indexsize-1; index++) { if (vl->data[index] == '\n') { fprintf(fptr, ""=0A""); } else if (vl->data[index] == '\r') { } else { fprintf(fptr, ""%c"", vl->data[index]); } } }",evolution,,,321903222401150125515153441312853864238,0 2810,['CWE-264'],"calc_crc32( u32 crc, u8 *p, u32 len ) { while( len-- ) crc = CRC32( *p++, crc ); return crc; }",linux-2.6,,,309264170669819501158852569058444697325,0 2874,CWE-787,"loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned char **read_ptr) { uint32 i; float xres = 0.0, yres = 0.0; uint16 nstrips = 0, ntiles = 0, planar = 0; uint16 bps = 0, spp = 0, res_unit = 0; uint16 orientation = 0; uint16 input_compression = 0, input_photometric = 0; uint16 subsampling_horiz, subsampling_vert; uint32 width = 0, length = 0; uint32 stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; uint32 tw = 0, tl = 0; uint32 tile_rowsize = 0; unsigned char *read_buff = NULL; unsigned char *new_buff = NULL; int readunit = 0; static uint32 prev_readsize = 0; TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); TIFFGetFieldDefaulted(in, TIFFTAG_ORIENTATION, &orientation); if (! TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric)) TIFFError(""loadImage"",""Image lacks Photometric interpreation tag""); if (! TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width)) TIFFError(""loadimage"",""Image lacks image width tag""); if(! TIFFGetField(in, TIFFTAG_IMAGELENGTH, &length)) TIFFError(""loadimage"",""Image lacks image length tag""); TIFFGetFieldDefaulted(in, TIFFTAG_XRESOLUTION, &xres); TIFFGetFieldDefaulted(in, TIFFTAG_YRESOLUTION, &yres); if (!TIFFGetFieldDefaulted(in, TIFFTAG_RESOLUTIONUNIT, &res_unit)) res_unit = RESUNIT_INCH; if (!TIFFGetField(in, TIFFTAG_COMPRESSION, &input_compression)) input_compression = COMPRESSION_NONE; #ifdef DEBUG2 char compressionid[16]; switch (input_compression) { case COMPRESSION_NONE: strcpy (compressionid, ""None/dump""); break; case COMPRESSION_CCITTRLE: strcpy (compressionid, ""Huffman RLE""); break; case COMPRESSION_CCITTFAX3: strcpy (compressionid, ""Group3 Fax""); break; case COMPRESSION_CCITTFAX4: strcpy (compressionid, ""Group4 Fax""); break; case COMPRESSION_LZW: strcpy (compressionid, ""LZW""); break; case COMPRESSION_OJPEG: strcpy (compressionid, ""Old Jpeg""); break; case COMPRESSION_JPEG: strcpy (compressionid, ""New Jpeg""); break; case COMPRESSION_NEXT: strcpy (compressionid, ""Next RLE""); break; case COMPRESSION_CCITTRLEW: strcpy (compressionid, ""CITTRLEW""); break; case COMPRESSION_PACKBITS: strcpy (compressionid, ""Mac Packbits""); break; case COMPRESSION_THUNDERSCAN: strcpy (compressionid, ""Thunderscan""); break; case COMPRESSION_IT8CTPAD: strcpy (compressionid, ""IT8 padded""); break; case COMPRESSION_IT8LW: strcpy (compressionid, ""IT8 RLE""); break; case COMPRESSION_IT8MP: strcpy (compressionid, ""IT8 mono""); break; case COMPRESSION_IT8BL: strcpy (compressionid, ""IT8 lineart""); break; case COMPRESSION_PIXARFILM: strcpy (compressionid, ""Pixar 10 bit""); break; case COMPRESSION_PIXARLOG: strcpy (compressionid, ""Pixar 11bit""); break; case COMPRESSION_DEFLATE: strcpy (compressionid, ""Deflate""); break; case COMPRESSION_ADOBE_DEFLATE: strcpy (compressionid, ""Adobe deflate""); break; default: strcpy (compressionid, ""None/unknown""); break; } TIFFError(""loadImage"", ""Input compression %s"", compressionid); #endif scanlinesize = TIFFScanlineSize(in); image->bps = bps; image->spp = spp; image->planar = planar; image->width = width; image->length = length; image->xres = xres; image->yres = yres; image->res_unit = res_unit; image->compression = input_compression; image->photometric = input_photometric; #ifdef DEBUG2 char photometricid[12]; switch (input_photometric) { case PHOTOMETRIC_MINISWHITE: strcpy (photometricid, ""MinIsWhite""); break; case PHOTOMETRIC_MINISBLACK: strcpy (photometricid, ""MinIsBlack""); break; case PHOTOMETRIC_RGB: strcpy (photometricid, ""RGB""); break; case PHOTOMETRIC_PALETTE: strcpy (photometricid, ""Palette""); break; case PHOTOMETRIC_MASK: strcpy (photometricid, ""Mask""); break; case PHOTOMETRIC_SEPARATED: strcpy (photometricid, ""Separated""); break; case PHOTOMETRIC_YCBCR: strcpy (photometricid, ""YCBCR""); break; case PHOTOMETRIC_CIELAB: strcpy (photometricid, ""CIELab""); break; case PHOTOMETRIC_ICCLAB: strcpy (photometricid, ""ICCLab""); break; case PHOTOMETRIC_ITULAB: strcpy (photometricid, ""ITULab""); break; case PHOTOMETRIC_LOGL: strcpy (photometricid, ""LogL""); break; case PHOTOMETRIC_LOGLUV: strcpy (photometricid, ""LOGLuv""); break; default: strcpy (photometricid, ""Unknown""); break; } TIFFError(""loadImage"", ""Input photometric interpretation %s"", photometricid); #endif image->orientation = orientation; switch (orientation) { case 0: case ORIENTATION_TOPLEFT: image->adjustments = 0; break; case ORIENTATION_TOPRIGHT: image->adjustments = MIRROR_HORIZ; break; case ORIENTATION_BOTRIGHT: image->adjustments = ROTATECW_180; break; case ORIENTATION_BOTLEFT: image->adjustments = MIRROR_VERT; break; case ORIENTATION_LEFTTOP: image->adjustments = MIRROR_VERT | ROTATECW_90; break; case ORIENTATION_RIGHTTOP: image->adjustments = ROTATECW_90; break; case ORIENTATION_RIGHTBOT: image->adjustments = MIRROR_VERT | ROTATECW_270; break; case ORIENTATION_LEFTBOT: image->adjustments = ROTATECW_270; break; default: image->adjustments = 0; image->orientation = ORIENTATION_TOPLEFT; } if ((bps == 0) || (spp == 0)) { TIFFError(""loadImage"", ""Invalid samples per pixel (%d) or bits per sample (%d)"", spp, bps); return (-1); } if (TIFFIsTiled(in)) { readunit = TILE; tlsize = TIFFTileSize(in); ntiles = TIFFNumberOfTiles(in); TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); tile_rowsize = TIFFTileRowSize(in); if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) { TIFFError(""loadImage"", ""File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.""); exit(-1); } buffsize = tlsize * ntiles; if (tlsize != (buffsize / ntiles)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) { buffsize = ntiles * tl * tile_rowsize; if (ntiles != (buffsize / tl / tile_rowsize)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } #ifdef DEBUG2 TIFFError(""loadImage"", ""Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu"", tlsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Tilesize: %u, Number of Tiles: %u, Tile row size: %u"", tlsize, ntiles, tile_rowsize); } else { uint32 buffsize_check; readunit = STRIP; TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); stsize = TIFFStripSize(in); nstrips = TIFFNumberOfStrips(in); if (nstrips == 0 || stsize == 0) { TIFFError(""loadImage"", ""File appears to be striped, but the number of stipes or stripe size is zero.""); exit(-1); } buffsize = stsize * nstrips; if (stsize != (buffsize / nstrips)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } buffsize_check = ((length * width * spp * bps) + 7); if (length != ((buffsize_check - 7) / width / spp / bps)) { TIFFError(""loadImage"", ""Integer overflow detected.""); exit(-1); } if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) { buffsize = ((length * width * spp * bps) + 7) / 8; #ifdef DEBUG2 TIFFError(""loadImage"", ""Stripsize %u is too small, using imagelength * width * spp * bps / 8 = %lu"", stsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Stripsize: %u, Number of Strips: %u, Rows per Strip: %u, Scanline size: %u"", stsize, nstrips, rowsperstrip, scanlinesize); } if (input_compression == COMPRESSION_JPEG) { jpegcolormode = JPEGCOLORMODE_RGB; TIFFSetField(in, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { if (input_photometric == PHOTOMETRIC_YCBCR) { TIFFGetFieldDefaulted(in, TIFFTAG_YCBCRSUBSAMPLING, &subsampling_horiz, &subsampling_vert); if (subsampling_horiz != 1 || subsampling_vert != 1) { TIFFError(""loadImage"", ""Can't copy/convert subsampled image with subsampling %d horiz %d vert"", subsampling_horiz, subsampling_vert); return (-1); } } } read_buff = *read_ptr; if (!read_buff) read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); else { if (prev_readsize < buffsize) { new_buff = _TIFFrealloc(read_buff, buffsize+3); if (!new_buff) { free (read_buff); read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); } else read_buff = new_buff; } } if (!read_buff) { TIFFError(""loadImage"", ""Unable to allocate/reallocate read buffer""); return (-1); } read_buff[buffsize] = 0; read_buff[buffsize+1] = 0; read_buff[buffsize+2] = 0; prev_readsize = buffsize; *read_ptr = read_buff; switch (readunit) { case STRIP: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigStripsIntoBuffer(in, read_buff))) { TIFFError(""loadImage"", ""Unable to read contiguous strips into buffer""); return (-1); } } else { if (!(readSeparateStripsIntoBuffer(in, read_buff, length, width, spp, dump))) { TIFFError(""loadImage"", ""Unable to read separate strips into buffer""); return (-1); } } break; case TILE: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read contiguous tiles into buffer""); return (-1); } } else { if (!(readSeparateTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read separate tiles into buffer""); return (-1); } } break; default: TIFFError(""loadImage"", ""Unsupported image file format""); return (-1); break; } if ((dump->infile != NULL) && (dump->level == 2)) { dump_info (dump->infile, dump->format, ""loadImage"", ""Image width %d, length %d, Raw image data, %4d bytes"", width, length, buffsize); dump_info (dump->infile, dump->format, """", ""Bits per sample %d, Samples per pixel %d"", bps, spp); for (i = 0; i < length; i++) dump_buffer(dump->infile, dump->format, 1, scanlinesize, i, read_buff + (i * scanlinesize)); } return (0); } ",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,240254658313187,1 2883,CWE-119,"DECLAREreadFunc(readContigTilesIntoBuffer) { int status = 1; tsize_t tilesize = TIFFTileSize(in); tdata_t tilebuf; uint32 imagew = TIFFScanlineSize(in); uint32 tilew = TIFFTileRowSize(in); int iskew = imagew - tilew; uint8* bufp = (uint8*) buf; uint32 tw, tl; uint32 row; (void) spp; tilebuf = _TIFFmalloc(tilesize); if (tilebuf == 0) return 0; _TIFFmemset(tilebuf, 0, tilesize); (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); for (row = 0; row < imagelength; row += tl) { uint32 nrow = (row+tl > imagelength) ? imagelength-row : tl; uint32 colb = 0; uint32 col; for (col = 0; col < imagewidth; col += tw) { if (TIFFReadTile(in, tilebuf, col, row, 0, 0) < 0 && !ignore) { TIFFError(TIFFFileName(in), ""Error, can't read tile at %lu %lu"", (unsigned long) col, (unsigned long) row); status = 0; goto done; } if (colb + tilew > imagew) { uint32 width = imagew - colb; uint32 oskew = tilew - width; cpStripToTile(bufp + colb, tilebuf, nrow, width, oskew + iskew, oskew ); } else cpStripToTile(bufp + colb, tilebuf, nrow, tilew, iskew, 0); colb += tilew; } bufp += imagew * nrow; } done: _TIFFfree(tilebuf); return status; }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,104304349065370,1 963,CWE-264,"xfs_ioctl_setattr( xfs_inode_t *ip, struct fsxattr *fa, int mask) { struct xfs_mount *mp = ip->i_mount; struct xfs_trans *tp; unsigned int lock_flags = 0; struct xfs_dquot *udqp = NULL; struct xfs_dquot *pdqp = NULL; struct xfs_dquot *olddquot = NULL; int code; trace_xfs_ioctl_setattr(ip); if (mp->m_flags & XFS_MOUNT_RDONLY) return XFS_ERROR(EROFS); if (XFS_FORCED_SHUTDOWN(mp)) return XFS_ERROR(EIO); if ((mask & FSX_PROJID) && (fa->fsx_projid > (__uint16_t)-1) && !xfs_sb_version_hasprojid32bit(&ip->i_mount->m_sb)) return XFS_ERROR(EINVAL); if (XFS_IS_QUOTA_ON(mp) && (mask & FSX_PROJID)) { code = xfs_qm_vop_dqalloc(ip, ip->i_d.di_uid, ip->i_d.di_gid, fa->fsx_projid, XFS_QMOPT_PQUOTA, &udqp, NULL, &pdqp); if (code) return code; } tp = xfs_trans_alloc(mp, XFS_TRANS_SETATTR_NOT_SIZE); code = xfs_trans_reserve(tp, &M_RES(mp)->tr_ichange, 0, 0); if (code) goto error_return; lock_flags = XFS_ILOCK_EXCL; xfs_ilock(ip, lock_flags); if (!inode_owner_or_capable(VFS_I(ip))) { code = XFS_ERROR(EPERM); goto error_return; } if (mask & FSX_PROJID) { if (current_user_ns() != &init_user_ns) { code = XFS_ERROR(EINVAL); goto error_return; } if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_PQUOTA_ON(mp) && xfs_get_projid(ip) != fa->fsx_projid) { ASSERT(tp); code = xfs_qm_vop_chown_reserve(tp, ip, udqp, NULL, pdqp, capable(CAP_FOWNER) ? XFS_QMOPT_FORCE_RES : 0); if (code) goto error_return; } } if (mask & FSX_EXTSIZE) { if (ip->i_d.di_nextents && ((ip->i_d.di_extsize << mp->m_sb.sb_blocklog) != fa->fsx_extsize)) { code = XFS_ERROR(EINVAL); goto error_return; } if (fa->fsx_extsize != 0) { xfs_extlen_t size; xfs_fsblock_t extsize_fsb; extsize_fsb = XFS_B_TO_FSB(mp, fa->fsx_extsize); if (extsize_fsb > MAXEXTLEN) { code = XFS_ERROR(EINVAL); goto error_return; } if (XFS_IS_REALTIME_INODE(ip) || ((mask & FSX_XFLAGS) && (fa->fsx_xflags & XFS_XFLAG_REALTIME))) { size = mp->m_sb.sb_rextsize << mp->m_sb.sb_blocklog; } else { size = mp->m_sb.sb_blocksize; if (extsize_fsb > mp->m_sb.sb_agblocks / 2) { code = XFS_ERROR(EINVAL); goto error_return; } } if (fa->fsx_extsize % size) { code = XFS_ERROR(EINVAL); goto error_return; } } } if (mask & FSX_XFLAGS) { if ((ip->i_d.di_nextents || ip->i_delayed_blks) && (XFS_IS_REALTIME_INODE(ip)) != (fa->fsx_xflags & XFS_XFLAG_REALTIME)) { code = XFS_ERROR(EINVAL); goto error_return; } if ((fa->fsx_xflags & XFS_XFLAG_REALTIME)) { if ((mp->m_sb.sb_rblocks == 0) || (mp->m_sb.sb_rextsize == 0) || (ip->i_d.di_extsize % mp->m_sb.sb_rextsize)) { code = XFS_ERROR(EINVAL); goto error_return; } } if ((ip->i_d.di_flags & (XFS_DIFLAG_IMMUTABLE|XFS_DIFLAG_APPEND) || (fa->fsx_xflags & (XFS_XFLAG_IMMUTABLE | XFS_XFLAG_APPEND))) && !capable(CAP_LINUX_IMMUTABLE)) { code = XFS_ERROR(EPERM); goto error_return; } } xfs_trans_ijoin(tp, ip, 0); if (mask & FSX_PROJID) { if ((ip->i_d.di_mode & (S_ISUID|S_ISGID)) && !inode_capable(VFS_I(ip), CAP_FSETID)) ip->i_d.di_mode &= ~(S_ISUID|S_ISGID); if (xfs_get_projid(ip) != fa->fsx_projid) { if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_PQUOTA_ON(mp)) { olddquot = xfs_qm_vop_chown(tp, ip, &ip->i_pdquot, pdqp); } xfs_set_projid(ip, fa->fsx_projid); if (ip->i_d.di_version == 1) xfs_bump_ino_vers2(tp, ip); } } if (mask & FSX_EXTSIZE) ip->i_d.di_extsize = fa->fsx_extsize >> mp->m_sb.sb_blocklog; if (mask & FSX_XFLAGS) { xfs_set_diflags(ip, fa->fsx_xflags); xfs_diflags_to_linux(ip); } xfs_trans_ichgtime(tp, ip, XFS_ICHGTIME_CHG); xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); XFS_STATS_INC(xs_ig_attrchg); if (mp->m_flags & XFS_MOUNT_WSYNC) xfs_trans_set_sync(tp); code = xfs_trans_commit(tp, 0); xfs_iunlock(ip, lock_flags); xfs_qm_dqrele(olddquot); xfs_qm_dqrele(udqp); xfs_qm_dqrele(pdqp); return code; error_return: xfs_qm_dqrele(udqp); xfs_qm_dqrele(pdqp); xfs_trans_cancel(tp, 0); if (lock_flags) xfs_iunlock(ip, lock_flags); return code; }",visit repo url,fs/xfs/xfs_ioctl.c,https://github.com/torvalds/linux,154988790872795,1 2143,CWE-476,"int btrfs_scrub_progress(struct btrfs_fs_info *fs_info, u64 devid, struct btrfs_scrub_progress *progress) { struct btrfs_device *dev; struct scrub_ctx *sctx = NULL; mutex_lock(&fs_info->fs_devices->device_list_mutex); dev = btrfs_find_device(fs_info->fs_devices, devid, NULL, NULL); if (dev) sctx = dev->scrub_ctx; if (sctx) memcpy(progress, &sctx->stat, sizeof(*progress)); mutex_unlock(&fs_info->fs_devices->device_list_mutex); return dev ? (sctx ? 0 : -ENOTCONN) : -ENODEV; }",visit repo url,fs/btrfs/scrub.c,https://github.com/torvalds/linux,237129634935935,1 672,CWE-20,"mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sk_buff *skb; struct sock *sk = sock->sk; struct sockaddr_mISDN *maddr; int copied, err; if (*debug & DEBUG_SOCKET) printk(KERN_DEBUG ""%s: len %d, flags %x ch.nr %d, proto %x\n"", __func__, (int)len, flags, _pms(sk)->ch.nr, sk->sk_protocol); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == MISDN_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (!skb) return err; if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) { msg->msg_namelen = sizeof(struct sockaddr_mISDN); maddr = (struct sockaddr_mISDN *)msg->msg_name; maddr->family = AF_ISDN; maddr->dev = _pms(sk)->dev->id; if ((sk->sk_protocol == ISDN_P_LAPD_TE) || (sk->sk_protocol == ISDN_P_LAPD_NT)) { maddr->channel = (mISDN_HEAD_ID(skb) >> 16) & 0xff; maddr->tei = (mISDN_HEAD_ID(skb) >> 8) & 0xff; maddr->sapi = mISDN_HEAD_ID(skb) & 0xff; } else { maddr->channel = _pms(sk)->ch.nr; maddr->sapi = _pms(sk)->ch.addr & 0xFF; maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF; } } else { if (msg->msg_namelen) printk(KERN_WARNING ""%s: too small namelen %d\n"", __func__, msg->msg_namelen); msg->msg_namelen = 0; } copied = skb->len + MISDN_HEADER_LEN; if (len < copied) { if (flags & MSG_PEEK) atomic_dec(&skb->users); else skb_queue_head(&sk->sk_receive_queue, skb); return -ENOSPC; } memcpy(skb_push(skb, MISDN_HEADER_LEN), mISDN_HEAD_P(skb), MISDN_HEADER_LEN); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); mISDN_sock_cmsg(sk, msg, skb); skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,drivers/isdn/mISDN/socket.c,https://github.com/torvalds/linux,109946884267745,1 532,NVD-CWE-Other,"ftrace_regex_lseek(struct file *file, loff_t offset, int whence) { loff_t ret; if (file->f_mode & FMODE_READ) ret = seq_lseek(file, offset, whence); else file->f_pos = ret = 1; return ret; }",visit repo url,kernel/trace/ftrace.c,https://github.com/torvalds/linux,5938331361606,1 6049,CWE-190,"void bn_gcd_lehme(bn_t c, const bn_t a, const bn_t b) { bn_t x, y, u, v, t0, t1, t2, t3; dig_t _x, _y, q, _q, t, _t; dis_t _a, _b, _c, _d; if (bn_is_zero(a)) { bn_abs(c, b); return; } if (bn_is_zero(b)) { bn_abs(c, a); return; } bn_null(x); bn_null(y); bn_null(u); bn_null(v); bn_null(t0); bn_null(t1); bn_null(t2); bn_null(t3); RLC_TRY { bn_new(x); bn_new(y); bn_new(u); bn_new(v); bn_new(t0); bn_new(t1); bn_new(t2); bn_new(t3); if (bn_cmp_abs(a, b) == RLC_GT) { bn_abs(x, a); bn_abs(y, b); } else { bn_abs(x, b); bn_abs(y, a); } while (y->used > 1) { bn_rsh(u, x, bn_bits(x) - RLC_DIG); _x = u->dp[0]; bn_rsh(v, y, bn_bits(x) - RLC_DIG); _y = v->dp[0]; _a = _d = 1; _b = _c = 0; t = 0; if (_y != 0) { q = _x / _y; t = _x % _y; } if (t >= ((dig_t)1 << (RLC_DIG / 2))) { while (1) { _q = _y / t; _t = _y % t; if (_t < ((dig_t)1 << (RLC_DIG / 2))) { break; } _x = _y; _y = t; t = _a - q * _c; _a = _c; _c = t; t = _b - q * _d; _b = _d; _d = t; t = _t; q = _q; } } if (_b == 0) { bn_mod(t0, x, y); bn_copy(x, y); bn_copy(y, t0); } else { bn_rsh(u, x, bn_bits(x) - 2 * RLC_DIG); bn_rsh(v, y, bn_bits(x) - 2 * RLC_DIG); if (_a < 0) { bn_mul_dig(t0, u, -_a); bn_neg(t0, t0); } else { bn_mul_dig(t0, u, _a); } if (_b < 0) { bn_mul_dig(t1, v, -_b); bn_neg(t1, t1); } else { bn_mul_dig(t1, v, _b); } if (_c < 0) { bn_mul_dig(t2, u, -_c); bn_neg(t2, t2); } else { bn_mul_dig(t2, u, _c); } if (_d < 0) { bn_mul_dig(t3, v, -_d); bn_neg(t3, t3); } else { bn_mul_dig(t3, v, _d); } bn_add(u, t0, t1); bn_add(v, t2, t3); bn_rsh(t0, u, bn_bits(u) - RLC_DIG); _x = t0->dp[0]; bn_rsh(t1, v, bn_bits(u) - RLC_DIG); _y = t1->dp[0]; t = 0; if (_y != 0) { q = _x / _y; t = _x % _y; } if (t >= ((dig_t)1 << RLC_DIG / 2)) { while (1) { _q = _y / t; _t = _y % t; if (_t < ((dig_t)1 << RLC_DIG / 2)) { break; } _x = _y; _y = t; t = _a - q * _c; _a = _c; _c = t; t = _b - q * _d; _b = _d; _d = t; t = _t; q = _q; } } if (_a < 0) { bn_mul_dig(t0, x, -_a); bn_neg(t0, t0); } else { bn_mul_dig(t0, x, _a); } if (_b < 0) { bn_mul_dig(t1, y, -_b); bn_neg(t1, t1); } else { bn_mul_dig(t1, y, _b); } if (_c < 0) { bn_mul_dig(t2, x, -_c); bn_neg(t2, t2); } else { bn_mul_dig(t2, x, _c); } if (_d < 0) { bn_mul_dig(t3, y, -_d); bn_neg(t3, t3); } else { bn_mul_dig(t3, y, _d); } bn_add(x, t0, t1); bn_add(y, t2, t3); } } bn_gcd_ext_dig(c, u, v, x, y->dp[0]); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(x); bn_free(y); bn_free(u); bn_free(v); bn_free(t0); bn_free(t1); bn_free(t2); bn_free(t3); } }",visit repo url,src/bn/relic_bn_gcd.c,https://github.com/relic-toolkit/relic,221968841266309,1 1741,[],"static int get_user_cpu_mask(unsigned long __user *user_mask_ptr, unsigned len, cpumask_t *new_mask) { if (len < sizeof(cpumask_t)) { memset(new_mask, 0, sizeof(cpumask_t)); } else if (len > sizeof(cpumask_t)) { len = sizeof(cpumask_t); } return copy_from_user(new_mask, user_mask_ptr, len) ? -EFAULT : 0; }",linux-2.6,,,22071899394951459761598324290076911332,0 3746,CWE-125,"int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum) { WavpackHeader *wphdr = (WavpackHeader *) buffer; uint32_t checksum_passed = 0, bcount, meta_bc; unsigned char *dp, meta_id, c1, c2; if (strncmp (wphdr->ckID, ""wvpk"", 4) || wphdr->ckSize + 8 < sizeof (WavpackHeader)) return FALSE; bcount = wphdr->ckSize - sizeof (WavpackHeader) + 8; dp = (unsigned char *)(wphdr + 1); while (bcount >= 2) { meta_id = *dp++; c1 = *dp++; meta_bc = c1 << 1; bcount -= 2; if (meta_id & ID_LARGE) { if (bcount < 2) return FALSE; c1 = *dp++; c2 = *dp++; meta_bc += ((uint32_t) c1 << 9) + ((uint32_t) c2 << 17); bcount -= 2; } if (bcount < meta_bc) return FALSE; if (verify_checksum && (meta_id & ID_UNIQUE) == ID_BLOCK_CHECKSUM) { #ifdef BITSTREAM_SHORTS uint16_t *csptr = (uint16_t*) buffer; #else unsigned char *csptr = buffer; #endif int wcount = (int)(dp - 2 - buffer) >> 1; uint32_t csum = (uint32_t) -1; if ((meta_id & ID_ODD_SIZE) || meta_bc < 2 || meta_bc > 4) return FALSE; #ifdef BITSTREAM_SHORTS while (wcount--) csum = (csum * 3) + *csptr++; #else WavpackNativeToLittleEndian ((WavpackHeader *) buffer, WavpackHeaderFormat); while (wcount--) { csum = (csum * 3) + csptr [0] + (csptr [1] << 8); csptr += 2; } WavpackLittleEndianToNative ((WavpackHeader *) buffer, WavpackHeaderFormat); #endif if (meta_bc == 4) { if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff)) return FALSE; } else { csum ^= csum >> 16; if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff)) return FALSE; } checksum_passed++; } bcount -= meta_bc; dp += meta_bc; } return (bcount == 0) && (!verify_checksum || !(wphdr->flags & HAS_CHECKSUM) || checksum_passed); }",visit repo url,src/open_utils.c,https://github.com/dbry/WavPack,95643356488077,1 2114,CWE-400,"static int usb_enumerate_device_otg(struct usb_device *udev) { int err = 0; #ifdef CONFIG_USB_OTG if (!udev->bus->is_b_host && udev->config && udev->parent == udev->bus->root_hub) { struct usb_otg_descriptor *desc = NULL; struct usb_bus *bus = udev->bus; unsigned port1 = udev->portnum; err = __usb_get_extra_descriptor(udev->rawdescriptors[0], le16_to_cpu(udev->config[0].desc.wTotalLength), USB_DT_OTG, (void **) &desc); if (err || !(desc->bmAttributes & USB_OTG_HNP)) return 0; dev_info(&udev->dev, ""Dual-Role OTG device on %sHNP port\n"", (port1 == bus->otg_port) ? """" : ""non-""); if (port1 == bus->otg_port) { bus->b_hnp_enable = 1; err = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), USB_REQ_SET_FEATURE, 0, USB_DEVICE_B_HNP_ENABLE, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); if (err < 0) { dev_err(&udev->dev, ""can't set HNP mode: %d\n"", err); bus->b_hnp_enable = 0; } } else if (desc->bLength == sizeof (struct usb_otg_descriptor)) { err = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), USB_REQ_SET_FEATURE, 0, USB_DEVICE_A_ALT_HNP_SUPPORT, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); if (err < 0) dev_err(&udev->dev, ""set a_alt_hnp_support failed: %d\n"", err); } } #endif return err; }",visit repo url,drivers/usb/core/hub.c,https://github.com/torvalds/linux,5680679579805,1 3114,NVD-CWE-noinfo,"getHTTPResponse(int s, int * size) { char buf[2048]; int n; int endofheaders = 0; int chunked = 0; int content_length = -1; unsigned int chunksize = 0; unsigned int bytestocopy = 0; char * header_buf; unsigned int header_buf_len = 2048; unsigned int header_buf_used = 0; char * content_buf; unsigned int content_buf_len = 2048; unsigned int content_buf_used = 0; char chunksize_buf[32]; unsigned int chunksize_buf_index; header_buf = malloc(header_buf_len); content_buf = malloc(content_buf_len); chunksize_buf[0] = '\0'; chunksize_buf_index = 0; while((n = receivedata(s, buf, 2048, 5000, NULL)) > 0) { if(endofheaders == 0) { int i; int linestart=0; int colon=0; int valuestart=0; if(header_buf_used + n > header_buf_len) { header_buf = realloc(header_buf, header_buf_used + n); header_buf_len = header_buf_used + n; } memcpy(header_buf + header_buf_used, buf, n); header_buf_used += n; i = 0; while(i < ((int)header_buf_used-1) && (endofheaders == 0)) { if(header_buf[i] == '\r') { i++; if(header_buf[i] == '\n') { i++; if(i < (int)header_buf_used && header_buf[i] == '\r') { i++; if(i < (int)header_buf_used && header_buf[i] == '\n') { endofheaders = i+1; } } } } else if(header_buf[i] == '\n') { i++; if(header_buf[i] == '\n') { endofheaders = i+1; } } i++; } if(endofheaders == 0) continue; for(i = 0; i < endofheaders - 1; i++) { if(colon <= linestart && header_buf[i]==':') { colon = i; while(i < (endofheaders-1) && (header_buf[i+1] == ' ' || header_buf[i+1] == '\t')) i++; valuestart = i + 1; } else if(header_buf[i]=='\r' || header_buf[i]=='\n') { if(colon > linestart && valuestart > colon) { #ifdef DEBUG printf(""header='%.*s', value='%.*s'\n"", colon-linestart, header_buf+linestart, i-valuestart, header_buf+valuestart); #endif if(0==strncasecmp(header_buf+linestart, ""content-length"", colon-linestart)) { content_length = atoi(header_buf+valuestart); #ifdef DEBUG printf(""Content-Length: %d\n"", content_length); #endif } else if(0==strncasecmp(header_buf+linestart, ""transfer-encoding"", colon-linestart) && 0==strncasecmp(header_buf+valuestart, ""chunked"", 7)) { #ifdef DEBUG printf(""chunked transfer-encoding!\n""); #endif chunked = 1; } } while(header_buf[i]=='\r' || header_buf[i] == '\n') i++; linestart = i; colon = linestart; valuestart = 0; } } n = header_buf_used - endofheaders; memcpy(buf, header_buf + endofheaders, n); } if(endofheaders) { if(chunked) { int i = 0; while(i < n) { if(chunksize == 0) { if(chunksize_buf_index == 0) { if(i= '0' && chunksize_buf[j] <= '9') chunksize = (chunksize << 4) + (chunksize_buf[j] - '0'); else chunksize = (chunksize << 4) + ((chunksize_buf[j] | 32) - 'a' + 10); } chunksize_buf[0] = '\0'; chunksize_buf_index = 0; i++; } else { continue; } #ifdef DEBUG printf(""chunksize = %u (%x)\n"", chunksize, chunksize); #endif if(chunksize == 0) { #ifdef DEBUG printf(""end of HTTP content - %d %d\n"", i, n); #endif goto end_of_stream; } } bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i); if((content_buf_used + bytestocopy) > content_buf_len) { if(content_length >= (int)(content_buf_used + bytestocopy)) { content_buf_len = content_length; } else { content_buf_len = content_buf_used + bytestocopy; } content_buf = (char *)realloc((void *)content_buf, content_buf_len); } memcpy(content_buf + content_buf_used, buf + i, bytestocopy); content_buf_used += bytestocopy; i += bytestocopy; chunksize -= bytestocopy; } } else { if(content_length > 0 && (int)(content_buf_used + n) > content_length) { n = content_length - content_buf_used; } if(content_buf_used + n > content_buf_len) { if(content_length >= (int)(content_buf_used + n)) { content_buf_len = content_length; } else { content_buf_len = content_buf_used + n; } content_buf = (char *)realloc((void *)content_buf, content_buf_len); } memcpy(content_buf + content_buf_used, buf, n); content_buf_used += n; } } if(content_length > 0 && (int)content_buf_used >= content_length) { #ifdef DEBUG printf(""End of HTTP content\n""); #endif break; } } end_of_stream: free(header_buf); header_buf = NULL; *size = content_buf_used; if(content_buf_used == 0) { free(content_buf); content_buf = NULL; } return content_buf; }",visit repo url,miniupnpc/miniwget.c,https://github.com/miniupnp/miniupnp,149691722227454,1 2301,['CWE-120'],"static int open_will_write_to_fs(int flag, struct inode *inode) { if (special_file(inode->i_mode)) return 0; return (flag & O_TRUNC); }",linux-2.6,,,76674972749513564951568987529445891702,0 83,CWE-772,"rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg1, *prime_arg2; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; const char *errmsg = NULL; size_t tlen1, tlen2, clen, slen; char *tdots1, *tdots2, *cdots, *sdots; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->src, &prime_arg1) || krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } tlen1 = strlen(prime_arg1); trunc_name(&tlen1, &tdots1); tlen2 = strlen(prime_arg2); trunc_name(&tlen2, &tdots2); clen = client_name.length; trunc_name(&clen, &cdots); slen = service_name.length; trunc_name(&slen, &sdots); ret.code = KADM5_OK; if (! CHANGEPW_SERVICE(rqstp)) { if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, arg->src, NULL)) ret.code = KADM5_AUTH_DELETE; if (!kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, arg->dest, &rp) || rp) { if (ret.code == KADM5_AUTH_DELETE) ret.code = KADM5_AUTH_INSUFFICIENT; else ret.code = KADM5_AUTH_ADD; } } else ret.code = KADM5_AUTH_INSUFFICIENT; if (ret.code != KADM5_OK) { krb5_klog_syslog(LOG_NOTICE, _(""Unauthorized request: kadm5_rename_principal, "" ""%.*s%s to %.*s%s, "" ""client=%.*s%s, service=%.*s%s, addr=%s""), (int)tlen1, prime_arg1, tdots1, (int)tlen2, prime_arg2, tdots2, (int)clen, (char *)client_name.value, cdots, (int)slen, (char *)service_name.value, sdots, client_addr(rqstp->rq_xprt)); } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); krb5_klog_syslog(LOG_NOTICE, _(""Request: kadm5_rename_principal, "" ""%.*s%s to %.*s%s, %s, "" ""client=%.*s%s, service=%.*s%s, addr=%s""), (int)tlen1, prime_arg1, tdots1, (int)tlen2, prime_arg2, tdots2, errmsg ? errmsg : _(""success""), (int)clen, (char *)client_name.value, cdots, (int)slen, (char *)service_name.value, sdots, client_addr(rqstp->rq_xprt)); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg1); free(prime_arg2); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,258342463599213,1 6257,CWE-190,"void rand_seed(uint8_t *buf, int size) { ctx_t *ctx = core_get(); int len = (RLC_RAND_SIZE - 1) / 2; if (size <= 0) { RLC_THROW(ERR_NO_VALID); return; } if (sizeof(int) > 4 && size > (1 << 32)) { RLC_THROW(ERR_NO_VALID); return; } ctx->rand[0] = 0x0; if (ctx->seeded == 0) { rand_hash(ctx->rand + 1, len, buf, size); rand_hash(ctx->rand + 1 + len, len, ctx->rand, len + 1); } else { int tmp_size = 1 + len + size; uint8_t* tmp = RLC_ALLOCA(uint8_t, tmp_size); if (tmp == NULL) { RLC_THROW(ERR_NO_MEMORY); return; } tmp[0] = 1; memcpy(tmp + 1, ctx->rand + 1, len); memcpy(tmp + 1 + len, buf, size); rand_hash(ctx->rand + 1, len, tmp, tmp_size); rand_hash(ctx->rand + 1 + len, len, ctx->rand, len + 1); RLC_FREE(tmp); } ctx->counter = ctx->seeded = 1; }",visit repo url,src/rand/relic_rand_hashd.c,https://github.com/relic-toolkit/relic,257951629939402,1 1703,[],"account_entity_dequeue(struct cfs_rq *cfs_rq, struct sched_entity *se) { update_load_sub(&cfs_rq->load, se->load.weight); if (!parent_entity(se)) dec_cpu_load(rq_of(cfs_rq), se->load.weight); if (entity_is_task(se)) add_cfs_task_weight(cfs_rq, -se->load.weight); cfs_rq->nr_running--; se->on_rq = 0; list_del_init(&se->group_node); }",linux-2.6,,,215251262453860257949117540039044913650,0 4486,['CWE-264'],"void dma_complete(struct s_smc *smc, volatile union s_fp_descr *descr, int flag) { if (flag & DMA_WR) { skfddi_priv *bp = &smc->os; volatile struct s_smt_fp_rxd *r = &descr->r; if (r->rxd_os.skb && r->rxd_os.dma_addr) { int MaxFrameSize = bp->MaxFrameSize; pci_unmap_single(&bp->pdev, r->rxd_os.dma_addr, MaxFrameSize, PCI_DMA_FROMDEVICE); r->rxd_os.dma_addr = 0; } } } ",linux-2.6,,,302562238939029076569189868849950980500,0 5713,CWE-787,"void luaT_adjustvarargs (lua_State *L, int nfixparams, CallInfo *ci, const Proto *p) { int i; int actual = cast_int(L->top - ci->func) - 1; int nextra = actual - nfixparams; ci->u.l.nextraargs = nextra; checkstackGC(L, p->maxstacksize + 1); setobjs2s(L, L->top++, ci->func); for (i = 1; i <= nfixparams; i++) { setobjs2s(L, L->top++, ci->func + i); setnilvalue(s2v(ci->func + i)); } ci->func += actual + 1; ci->top += actual + 1; lua_assert(L->top <= ci->top && ci->top <= L->stack_last); }",visit repo url,ltm.c,https://github.com/lua/lua,51103291179864,1 1038,NVD-CWE-noinfo,"static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu) { u32 intr_info = vmcs_read32(VM_EXIT_INTR_INFO); struct vcpu_vmx *vmx = to_vmx(vcpu); struct vmcs12 *vmcs12 = get_vmcs12(vcpu); u32 exit_reason = vmx->exit_reason; trace_kvm_nested_vmexit(kvm_rip_read(vcpu), exit_reason, vmcs_readl(EXIT_QUALIFICATION), vmx->idt_vectoring_info, intr_info, vmcs_read32(VM_EXIT_INTR_ERROR_CODE), KVM_ISA_VMX); if (vmx->nested.nested_run_pending) return 0; if (unlikely(vmx->fail)) { pr_info_ratelimited(""%s failed vm entry %x\n"", __func__, vmcs_read32(VM_INSTRUCTION_ERROR)); return 1; } switch (exit_reason) { case EXIT_REASON_EXCEPTION_NMI: if (!is_exception(intr_info)) return 0; else if (is_page_fault(intr_info)) return enable_ept; else if (is_no_device(intr_info) && !(vmcs12->guest_cr0 & X86_CR0_TS)) return 0; return vmcs12->exception_bitmap & (1u << (intr_info & INTR_INFO_VECTOR_MASK)); case EXIT_REASON_EXTERNAL_INTERRUPT: return 0; case EXIT_REASON_TRIPLE_FAULT: return 1; case EXIT_REASON_PENDING_INTERRUPT: return nested_cpu_has(vmcs12, CPU_BASED_VIRTUAL_INTR_PENDING); case EXIT_REASON_NMI_WINDOW: return nested_cpu_has(vmcs12, CPU_BASED_VIRTUAL_NMI_PENDING); case EXIT_REASON_TASK_SWITCH: return 1; case EXIT_REASON_CPUID: if (kvm_register_read(vcpu, VCPU_REGS_RAX) == 0xa) return 0; return 1; case EXIT_REASON_HLT: return nested_cpu_has(vmcs12, CPU_BASED_HLT_EXITING); case EXIT_REASON_INVD: return 1; case EXIT_REASON_INVLPG: return nested_cpu_has(vmcs12, CPU_BASED_INVLPG_EXITING); case EXIT_REASON_RDPMC: return nested_cpu_has(vmcs12, CPU_BASED_RDPMC_EXITING); case EXIT_REASON_RDTSC: return nested_cpu_has(vmcs12, CPU_BASED_RDTSC_EXITING); case EXIT_REASON_VMCALL: case EXIT_REASON_VMCLEAR: case EXIT_REASON_VMLAUNCH: case EXIT_REASON_VMPTRLD: case EXIT_REASON_VMPTRST: case EXIT_REASON_VMREAD: case EXIT_REASON_VMRESUME: case EXIT_REASON_VMWRITE: case EXIT_REASON_VMOFF: case EXIT_REASON_VMON: case EXIT_REASON_INVEPT: return 1; case EXIT_REASON_CR_ACCESS: return nested_vmx_exit_handled_cr(vcpu, vmcs12); case EXIT_REASON_DR_ACCESS: return nested_cpu_has(vmcs12, CPU_BASED_MOV_DR_EXITING); case EXIT_REASON_IO_INSTRUCTION: return nested_vmx_exit_handled_io(vcpu, vmcs12); case EXIT_REASON_MSR_READ: case EXIT_REASON_MSR_WRITE: return nested_vmx_exit_handled_msr(vcpu, vmcs12, exit_reason); case EXIT_REASON_INVALID_STATE: return 1; case EXIT_REASON_MWAIT_INSTRUCTION: return nested_cpu_has(vmcs12, CPU_BASED_MWAIT_EXITING); case EXIT_REASON_MONITOR_INSTRUCTION: return nested_cpu_has(vmcs12, CPU_BASED_MONITOR_EXITING); case EXIT_REASON_PAUSE_INSTRUCTION: return nested_cpu_has(vmcs12, CPU_BASED_PAUSE_EXITING) || nested_cpu_has2(vmcs12, SECONDARY_EXEC_PAUSE_LOOP_EXITING); case EXIT_REASON_MCE_DURING_VMENTRY: return 0; case EXIT_REASON_TPR_BELOW_THRESHOLD: return nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW); case EXIT_REASON_APIC_ACCESS: return nested_cpu_has2(vmcs12, SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES); case EXIT_REASON_EPT_VIOLATION: return 0; case EXIT_REASON_EPT_MISCONFIG: return 0; case EXIT_REASON_WBINVD: return nested_cpu_has2(vmcs12, SECONDARY_EXEC_WBINVD_EXITING); case EXIT_REASON_XSETBV: return 1; default: return 1; } }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,107411256501861,1 2123,CWE-835,"static void update_blocked_averages(int cpu) { struct rq *rq = cpu_rq(cpu); struct cfs_rq *cfs_rq, *pos; const struct sched_class *curr_class; struct rq_flags rf; bool done = true; rq_lock_irqsave(rq, &rf); update_rq_clock(rq); for_each_leaf_cfs_rq_safe(rq, cfs_rq, pos) { struct sched_entity *se; if (throttled_hierarchy(cfs_rq)) continue; if (update_cfs_rq_load_avg(cfs_rq_clock_task(cfs_rq), cfs_rq)) update_tg_load_avg(cfs_rq, 0); se = cfs_rq->tg->se[cpu]; if (se && !skip_blocked_update(se)) update_load_avg(cfs_rq_of(se), se, 0); if (cfs_rq_is_decayed(cfs_rq)) list_del_leaf_cfs_rq(cfs_rq); if (cfs_rq_has_blocked(cfs_rq)) done = false; } curr_class = rq->curr->sched_class; update_rt_rq_load_avg(rq_clock_task(rq), rq, curr_class == &rt_sched_class); update_dl_rq_load_avg(rq_clock_task(rq), rq, curr_class == &dl_sched_class); update_irq_load_avg(rq, 0); if (others_have_blocked(rq)) done = false; #ifdef CONFIG_NO_HZ_COMMON rq->last_blocked_load_update_tick = jiffies; if (done) rq->has_blocked_load = 0; #endif rq_unlock_irqrestore(rq, &rf); }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,222146212080607,1 543,['CWE-399'],"static const char *pwc_sensor_type_to_string(unsigned int sensor_type) { switch(sensor_type) { case 0x00: return ""Hyundai CMOS sensor""; case 0x20: return ""Sony CCD sensor + TDA8787""; case 0x2E: return ""Sony CCD sensor + Exas 98L59""; case 0x2F: return ""Sony CCD sensor + ADI 9804""; case 0x30: return ""Sharp CCD sensor + TDA8787""; case 0x3E: return ""Sharp CCD sensor + Exas 98L59""; case 0x3F: return ""Sharp CCD sensor + ADI 9804""; case 0x40: return ""UPA 1021 sensor""; case 0x100: return ""VGA sensor""; case 0x101: return ""PAL MR sensor""; default: return ""unknown type of sensor""; } }",linux-2.6,,,256787604646126745911652175613227206506,0 3814,['CWE-120'],"static int uvc_suspend(struct usb_interface *intf, pm_message_t message) { struct uvc_device *dev = usb_get_intfdata(intf); uvc_trace(UVC_TRACE_SUSPEND, ""Suspending interface %u\n"", intf->cur_altsetting->desc.bInterfaceNumber); if (intf->cur_altsetting->desc.bInterfaceSubClass == SC_VIDEOCONTROL) return uvc_status_suspend(dev); if (dev->video.streaming->intf != intf) { uvc_trace(UVC_TRACE_SUSPEND, ""Suspend: video streaming USB "" ""interface mismatch.\n""); return -EINVAL; } return uvc_video_suspend(&dev->video); }",linux-2.6,,,229520323177076922023609559297460506215,0 1544,[],"long __sched io_schedule_timeout(long timeout) { struct rq *rq = &__raw_get_cpu_var(runqueues); long ret; delayacct_blkio_start(); atomic_inc(&rq->nr_iowait); ret = schedule_timeout(timeout); atomic_dec(&rq->nr_iowait); delayacct_blkio_end(); return ret; }",linux-2.6,,,294748483450013468632247819286498686779,0 2941,CWE-59,"static int setup_ttydir_console(const struct lxc_rootfs *rootfs, const struct lxc_console *console, char *ttydir) { char path[MAXPATHLEN], lxcpath[MAXPATHLEN]; int ret; ret = snprintf(path, sizeof(path), ""%s/dev/%s"", rootfs->mount, ttydir); if (ret >= sizeof(path)) return -1; ret = mkdir(path, 0755); if (ret && errno != EEXIST) { SYSERROR(""failed with errno %d to create %s"", errno, path); return -1; } INFO(""created %s"", path); ret = snprintf(lxcpath, sizeof(lxcpath), ""%s/dev/%s/console"", rootfs->mount, ttydir); if (ret >= sizeof(lxcpath)) { ERROR(""console path too long""); return -1; } snprintf(path, sizeof(path), ""%s/dev/console"", rootfs->mount); ret = unlink(path); if (ret && errno != ENOENT) { SYSERROR(""error unlinking %s"", path); return -1; } ret = creat(lxcpath, 0660); if (ret==-1 && errno != EEXIST) { SYSERROR(""error %d creating %s"", errno, lxcpath); return -1; } if (ret >= 0) close(ret); if (console->master < 0) { INFO(""no console""); return 0; } if (mount(console->name, lxcpath, ""none"", MS_BIND, 0)) { ERROR(""failed to mount '%s' on '%s'"", console->name, lxcpath); return -1; } ret = snprintf(lxcpath, sizeof(lxcpath), ""%s/console"", ttydir); if (ret >= sizeof(lxcpath)) { ERROR(""lxc/console path too long""); return -1; } ret = symlink(lxcpath, path); if (ret) { SYSERROR(""failed to create symlink for console""); return -1; } INFO(""console has been setup on %s"", lxcpath); return 0; }",visit repo url,src/lxc/conf.c,https://github.com/lxc/lxc,124784066343640,1 4942,['CWE-20'],"static int nfs4_init_server(struct nfs_server *server, const struct nfs4_mount_data *data, rpc_authflavor_t authflavour) { int error; dprintk(""--> nfs4_init_server()\n""); server->flags = data->flags & NFS_MOUNT_FLAGMASK; server->caps |= NFS_CAP_ATOMIC_OPEN; if (data->rsize) server->rsize = nfs_block_size(data->rsize, NULL); if (data->wsize) server->wsize = nfs_block_size(data->wsize, NULL); server->acregmin = data->acregmin * HZ; server->acregmax = data->acregmax * HZ; server->acdirmin = data->acdirmin * HZ; server->acdirmax = data->acdirmax * HZ; error = nfs_init_server_rpcclient(server, authflavour); dprintk(""<-- nfs4_init_server() = %d\n"", error); return error; }",linux-2.6,,,286765744496670774860237510250776254336,0 1134,NVD-CWE-Other,"static void ip_expire(unsigned long arg) { struct ipq *qp; struct net *net; qp = container_of((struct inet_frag_queue *) arg, struct ipq, q); net = container_of(qp->q.net, struct net, ipv4.frags); spin_lock(&qp->q.lock); if (qp->q.last_in & INET_FRAG_COMPLETE) goto out; ipq_kill(qp); IP_INC_STATS_BH(net, IPSTATS_MIB_REASMTIMEOUT); IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS); if ((qp->q.last_in & INET_FRAG_FIRST_IN) && qp->q.fragments != NULL) { struct sk_buff *head = qp->q.fragments; rcu_read_lock(); head->dev = dev_get_by_index_rcu(net, qp->iif); if (!head->dev) goto out_rcu_unlock; if (qp->user == IP_DEFRAG_CONNTRACK_IN && !skb_dst(head)) { const struct iphdr *iph = ip_hdr(head); int err = ip_route_input(head, iph->daddr, iph->saddr, iph->tos, head->dev); if (unlikely(err)) goto out_rcu_unlock; if (skb_rtable(head)->rt_type != RTN_LOCAL) goto out_rcu_unlock; } icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0); out_rcu_unlock: rcu_read_unlock(); } out: spin_unlock(&qp->q.lock); ipq_put(qp); }",visit repo url,net/ipv4/ip_fragment.c,https://github.com/torvalds/linux,68973259835266,1 2590,NVD-CWE-Other,"guestfs___first_line_of_file (guestfs_h *g, const char *filename) { CLEANUP_FREE char **lines = NULL; int64_t size; char *ret; size = guestfs_filesize (g, filename); if (size == -1) return NULL; if (size > MAX_SMALL_FILE_SIZE) { error (g, _(""size of %s is unreasonably large (%"" PRIi64 "" bytes)""), filename, size); return NULL; } lines = guestfs_head_n (g, 1, filename); if (lines == NULL) return NULL; if (lines[0] == NULL) { guestfs___free_string_list (lines); return safe_strdup (g, """"); } ret = lines[0]; return ret; }",visit repo url,src/inspect-fs.c,https://github.com/libguestfs/libguestfs,94396983068056,1 5336,['CWE-476'],"void kvm_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg) { kvm_x86_ops->get_segment(vcpu, var, seg); }",linux-2.6,,,268388709091463787868701780875484447121,0 971,CWE-416,"static int snd_ctl_elem_add(struct snd_ctl_file *file, struct snd_ctl_elem_info *info, int replace) { struct snd_card *card = file->card; struct snd_kcontrol kctl, *_kctl; unsigned int access; long private_size; struct user_element *ue; int idx, err; if (!replace && card->user_ctl_count >= MAX_USER_CONTROLS) return -ENOMEM; if (info->count < 1) return -EINVAL; access = info->access == 0 ? SNDRV_CTL_ELEM_ACCESS_READWRITE : (info->access & (SNDRV_CTL_ELEM_ACCESS_READWRITE| SNDRV_CTL_ELEM_ACCESS_INACTIVE| SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE)); info->id.numid = 0; memset(&kctl, 0, sizeof(kctl)); down_write(&card->controls_rwsem); _kctl = snd_ctl_find_id(card, &info->id); err = 0; if (_kctl) { if (replace) err = snd_ctl_remove(card, _kctl); else err = -EBUSY; } else { if (replace) err = -ENOENT; } up_write(&card->controls_rwsem); if (err < 0) return err; memcpy(&kctl.id, &info->id, sizeof(info->id)); kctl.count = info->owner ? info->owner : 1; access |= SNDRV_CTL_ELEM_ACCESS_USER; if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) kctl.info = snd_ctl_elem_user_enum_info; else kctl.info = snd_ctl_elem_user_info; if (access & SNDRV_CTL_ELEM_ACCESS_READ) kctl.get = snd_ctl_elem_user_get; if (access & SNDRV_CTL_ELEM_ACCESS_WRITE) kctl.put = snd_ctl_elem_user_put; if (access & SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE) { kctl.tlv.c = snd_ctl_elem_user_tlv; access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; } switch (info->type) { case SNDRV_CTL_ELEM_TYPE_BOOLEAN: case SNDRV_CTL_ELEM_TYPE_INTEGER: private_size = sizeof(long); if (info->count > 128) return -EINVAL; break; case SNDRV_CTL_ELEM_TYPE_INTEGER64: private_size = sizeof(long long); if (info->count > 64) return -EINVAL; break; case SNDRV_CTL_ELEM_TYPE_ENUMERATED: private_size = sizeof(unsigned int); if (info->count > 128 || info->value.enumerated.items == 0) return -EINVAL; break; case SNDRV_CTL_ELEM_TYPE_BYTES: private_size = sizeof(unsigned char); if (info->count > 512) return -EINVAL; break; case SNDRV_CTL_ELEM_TYPE_IEC958: private_size = sizeof(struct snd_aes_iec958); if (info->count != 1) return -EINVAL; break; default: return -EINVAL; } private_size *= info->count; ue = kzalloc(sizeof(struct user_element) + private_size, GFP_KERNEL); if (ue == NULL) return -ENOMEM; ue->card = card; ue->info = *info; ue->info.access = 0; ue->elem_data = (char *)ue + sizeof(*ue); ue->elem_data_size = private_size; if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) { err = snd_ctl_elem_init_enum_names(ue); if (err < 0) { kfree(ue); return err; } } kctl.private_free = snd_ctl_elem_user_free; _kctl = snd_ctl_new(&kctl, access); if (_kctl == NULL) { kfree(ue->priv_data); kfree(ue); return -ENOMEM; } _kctl->private_data = ue; for (idx = 0; idx < _kctl->count; idx++) _kctl->vd[idx].owner = file; err = snd_ctl_add(card, _kctl); if (err < 0) return err; down_write(&card->controls_rwsem); card->user_ctl_count++; up_write(&card->controls_rwsem); return 0; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,94360227213978,1 1484,CWE-264,"perf_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { struct perf_event *event = file->private_data; return perf_read_hw(event, buf, count); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,152543625157634,1 5582,CWE-125,"ast_for_arguments(struct compiling *c, const node *n) { int i, j, k, nposargs = 0, nkwonlyargs = 0; int nposdefaults = 0, found_default = 0; asdl_seq *posargs, *posdefaults, *kwonlyargs, *kwdefaults; arg_ty vararg = NULL, kwarg = NULL; arg_ty arg; node *ch; if (TYPE(n) == parameters) { if (NCH(n) == 2) return arguments(NULL, NULL, NULL, NULL, NULL, NULL, c->c_arena); n = CHILD(n, 1); } assert(TYPE(n) == typedargslist || TYPE(n) == varargslist); for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == STAR) { i++; if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { i++; } break; } if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == vfpdef || TYPE(ch) == tfpdef) nposargs++; if (TYPE(ch) == EQUAL) nposdefaults++; } for ( ; i < NCH(n); ++i) { ch = CHILD(n, i); if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == tfpdef || TYPE(ch) == vfpdef) nkwonlyargs++; } posargs = (nposargs ? _Ta3_asdl_seq_new(nposargs, c->c_arena) : NULL); if (!posargs && nposargs) return NULL; kwonlyargs = (nkwonlyargs ? _Ta3_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwonlyargs && nkwonlyargs) return NULL; posdefaults = (nposdefaults ? _Ta3_asdl_seq_new(nposdefaults, c->c_arena) : NULL); if (!posdefaults && nposdefaults) return NULL; kwdefaults = (nkwonlyargs ? _Ta3_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwdefaults && nkwonlyargs) return NULL; if (nposargs + nkwonlyargs > 255) { ast_error(c, n, ""more than 255 arguments""); return NULL; } i = 0; j = 0; k = 0; while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case tfpdef: case vfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expr_ty expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) return NULL; assert(posdefaults != NULL); asdl_seq_SET(posdefaults, j++, expression); i += 2; found_default = 1; } else if (found_default) { ast_error(c, n, ""non-default argument follows default argument""); return NULL; } arg = ast_for_arg(c, ch); if (!arg) return NULL; asdl_seq_SET(posargs, k++, arg); i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; break; case STAR: if (i+1 >= NCH(n) || (i+2 == NCH(n) && (TYPE(CHILD(n, i+1)) == COMMA || TYPE(CHILD(n, i+1)) == TYPE_COMMENT))) { ast_error(c, CHILD(n, i), ""named arguments must follow bare *""); return NULL; } ch = CHILD(n, i+1); if (TYPE(ch) == COMMA) { int res = 0; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { ast_error(c, CHILD(n, i), ""bare * has associated type comment""); return NULL; } res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } else { vararg = ast_for_arg(c, ch); if (!vararg) return NULL; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { vararg->type_comment = NEW_TYPE_COMMENT(CHILD(n, i)); i += 1; } if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { int res = 0; res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } } break; case DOUBLESTAR: ch = CHILD(n, i+1); assert(TYPE(ch) == tfpdef || TYPE(ch) == vfpdef); kwarg = ast_for_arg(c, ch); if (!kwarg) return NULL; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; break; case TYPE_COMMENT: assert(i); if (kwarg) arg = kwarg; arg->type_comment = NEW_TYPE_COMMENT(ch); i += 1; break; default: PyErr_Format(PyExc_SystemError, ""unexpected node in varargslist: %d @ %d"", TYPE(ch), i); return NULL; } } return arguments(posargs, vararg, kwonlyargs, kwdefaults, kwarg, posdefaults, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,120752446262511,1 1621,CWE-264,"static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, char __user *optval, unsigned int optlen) { struct ipv6_pinfo *np = inet6_sk(sk); struct net *net = sock_net(sk); int val, valbool; int retv = -ENOPROTOOPT; bool needs_rtnl = setsockopt_needs_rtnl(optname); if (!optval) val = 0; else { if (optlen >= sizeof(int)) { if (get_user(val, (int __user *) optval)) return -EFAULT; } else val = 0; } valbool = (val != 0); if (ip6_mroute_opt(optname)) return ip6_mroute_setsockopt(sk, optname, optval, optlen); if (needs_rtnl) rtnl_lock(); lock_sock(sk); switch (optname) { case IPV6_ADDRFORM: if (optlen < sizeof(int)) goto e_inval; if (val == PF_INET) { struct ipv6_txoptions *opt; struct sk_buff *pktopt; if (sk->sk_type == SOCK_RAW) break; if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) { struct udp_sock *up = udp_sk(sk); if (up->pending == AF_INET6) { retv = -EBUSY; break; } } else if (sk->sk_protocol != IPPROTO_TCP) break; if (sk->sk_state != TCP_ESTABLISHED) { retv = -ENOTCONN; break; } if (ipv6_only_sock(sk) || !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) { retv = -EADDRNOTAVAIL; break; } fl6_free_socklist(sk); ipv6_sock_mc_close(sk); sk_refcnt_debug_dec(sk); if (sk->sk_protocol == IPPROTO_TCP) { struct inet_connection_sock *icsk = inet_csk(sk); local_bh_disable(); sock_prot_inuse_add(net, sk->sk_prot, -1); sock_prot_inuse_add(net, &tcp_prot, 1); local_bh_enable(); sk->sk_prot = &tcp_prot; icsk->icsk_af_ops = &ipv4_specific; sk->sk_socket->ops = &inet_stream_ops; sk->sk_family = PF_INET; tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); } else { struct proto *prot = &udp_prot; if (sk->sk_protocol == IPPROTO_UDPLITE) prot = &udplite_prot; local_bh_disable(); sock_prot_inuse_add(net, sk->sk_prot, -1); sock_prot_inuse_add(net, prot, 1); local_bh_enable(); sk->sk_prot = prot; sk->sk_socket->ops = &inet_dgram_ops; sk->sk_family = PF_INET; } opt = xchg(&np->opt, NULL); if (opt) sock_kfree_s(sk, opt, opt->tot_len); pktopt = xchg(&np->pktoptions, NULL); kfree_skb(pktopt); sk->sk_destruct = inet_sock_destruct; sk_refcnt_debug_inc(sk); module_put(THIS_MODULE); retv = 0; break; } goto e_inval; case IPV6_V6ONLY: if (optlen < sizeof(int) || inet_sk(sk)->inet_num) goto e_inval; sk->sk_ipv6only = valbool; retv = 0; break; case IPV6_RECVPKTINFO: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxinfo = valbool; retv = 0; break; case IPV6_2292PKTINFO: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxoinfo = valbool; retv = 0; break; case IPV6_RECVHOPLIMIT: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxhlim = valbool; retv = 0; break; case IPV6_2292HOPLIMIT: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxohlim = valbool; retv = 0; break; case IPV6_RECVRTHDR: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.srcrt = valbool; retv = 0; break; case IPV6_2292RTHDR: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.osrcrt = valbool; retv = 0; break; case IPV6_RECVHOPOPTS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.hopopts = valbool; retv = 0; break; case IPV6_2292HOPOPTS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.ohopopts = valbool; retv = 0; break; case IPV6_RECVDSTOPTS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.dstopts = valbool; retv = 0; break; case IPV6_2292DSTOPTS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.odstopts = valbool; retv = 0; break; case IPV6_TCLASS: if (optlen < sizeof(int)) goto e_inval; if (val < -1 || val > 0xff) goto e_inval; if (val == -1) val = 0; np->tclass = val; retv = 0; break; case IPV6_RECVTCLASS: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxtclass = valbool; retv = 0; break; case IPV6_FLOWINFO: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxflow = valbool; retv = 0; break; case IPV6_RECVPATHMTU: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxpmtu = valbool; retv = 0; break; case IPV6_TRANSPARENT: if (valbool && !ns_capable(net->user_ns, CAP_NET_ADMIN) && !ns_capable(net->user_ns, CAP_NET_RAW)) { retv = -EPERM; break; } if (optlen < sizeof(int)) goto e_inval; inet_sk(sk)->transparent = valbool; retv = 0; break; case IPV6_RECVORIGDSTADDR: if (optlen < sizeof(int)) goto e_inval; np->rxopt.bits.rxorigdstaddr = valbool; retv = 0; break; case IPV6_HOPOPTS: case IPV6_RTHDRDSTOPTS: case IPV6_RTHDR: case IPV6_DSTOPTS: { struct ipv6_txoptions *opt; if (optlen == 0) optval = NULL; else if (!optval) goto e_inval; else if (optlen < sizeof(struct ipv6_opt_hdr) || optlen & 0x7 || optlen > 8 * 255) goto e_inval; retv = -EPERM; if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) break; opt = ipv6_renew_options(sk, np->opt, optname, (struct ipv6_opt_hdr __user *)optval, optlen); if (IS_ERR(opt)) { retv = PTR_ERR(opt); break; } retv = -EINVAL; if (optname == IPV6_RTHDR && opt && opt->srcrt) { struct ipv6_rt_hdr *rthdr = opt->srcrt; switch (rthdr->type) { #if IS_ENABLED(CONFIG_IPV6_MIP6) case IPV6_SRCRT_TYPE_2: if (rthdr->hdrlen != 2 || rthdr->segments_left != 1) goto sticky_done; break; #endif default: goto sticky_done; } } retv = 0; opt = ipv6_update_options(sk, opt); sticky_done: if (opt) sock_kfree_s(sk, opt, opt->tot_len); break; } case IPV6_PKTINFO: { struct in6_pktinfo pkt; if (optlen == 0) goto e_inval; else if (optlen < sizeof(struct in6_pktinfo) || !optval) goto e_inval; if (copy_from_user(&pkt, optval, sizeof(struct in6_pktinfo))) { retv = -EFAULT; break; } if (sk->sk_bound_dev_if && pkt.ipi6_ifindex != sk->sk_bound_dev_if) goto e_inval; np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex; np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr; retv = 0; break; } case IPV6_2292PKTOPTIONS: { struct ipv6_txoptions *opt = NULL; struct msghdr msg; struct flowi6 fl6; int junk; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = sk->sk_mark; if (optlen == 0) goto update; retv = -EINVAL; if (optlen > 64*1024) break; opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL); retv = -ENOBUFS; if (!opt) break; memset(opt, 0, sizeof(*opt)); opt->tot_len = sizeof(*opt) + optlen; retv = -EFAULT; if (copy_from_user(opt+1, optval, optlen)) goto done; msg.msg_controllen = optlen; msg.msg_control = (void *)(opt+1); retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, opt, &junk, &junk, &junk); if (retv) goto done; update: retv = 0; opt = ipv6_update_options(sk, opt); done: if (opt) sock_kfree_s(sk, opt, opt->tot_len); break; } case IPV6_UNICAST_HOPS: if (optlen < sizeof(int)) goto e_inval; if (val > 255 || val < -1) goto e_inval; np->hop_limit = val; retv = 0; break; case IPV6_MULTICAST_HOPS: if (sk->sk_type == SOCK_STREAM) break; if (optlen < sizeof(int)) goto e_inval; if (val > 255 || val < -1) goto e_inval; np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val); retv = 0; break; case IPV6_MULTICAST_LOOP: if (optlen < sizeof(int)) goto e_inval; if (val != valbool) goto e_inval; np->mc_loop = valbool; retv = 0; break; case IPV6_UNICAST_IF: { struct net_device *dev = NULL; int ifindex; if (optlen != sizeof(int)) goto e_inval; ifindex = (__force int)ntohl((__force __be32)val); if (ifindex == 0) { np->ucast_oif = 0; retv = 0; break; } dev = dev_get_by_index(net, ifindex); retv = -EADDRNOTAVAIL; if (!dev) break; dev_put(dev); retv = -EINVAL; if (sk->sk_bound_dev_if) break; np->ucast_oif = ifindex; retv = 0; break; } case IPV6_MULTICAST_IF: if (sk->sk_type == SOCK_STREAM) break; if (optlen < sizeof(int)) goto e_inval; if (val) { struct net_device *dev; if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val) goto e_inval; dev = dev_get_by_index(net, val); if (!dev) { retv = -ENODEV; break; } dev_put(dev); } np->mcast_oif = val; retv = 0; break; case IPV6_ADD_MEMBERSHIP: case IPV6_DROP_MEMBERSHIP: { struct ipv6_mreq mreq; if (optlen < sizeof(struct ipv6_mreq)) goto e_inval; retv = -EPROTO; if (inet_sk(sk)->is_icsk) break; retv = -EFAULT; if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) break; if (optname == IPV6_ADD_MEMBERSHIP) retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); else retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr); break; } case IPV6_JOIN_ANYCAST: case IPV6_LEAVE_ANYCAST: { struct ipv6_mreq mreq; if (optlen < sizeof(struct ipv6_mreq)) goto e_inval; retv = -EFAULT; if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) break; if (optname == IPV6_JOIN_ANYCAST) retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); else retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr); break; } case MCAST_JOIN_GROUP: case MCAST_LEAVE_GROUP: { struct group_req greq; struct sockaddr_in6 *psin6; if (optlen < sizeof(struct group_req)) goto e_inval; retv = -EFAULT; if (copy_from_user(&greq, optval, sizeof(struct group_req))) break; if (greq.gr_group.ss_family != AF_INET6) { retv = -EADDRNOTAVAIL; break; } psin6 = (struct sockaddr_in6 *)&greq.gr_group; if (optname == MCAST_JOIN_GROUP) retv = ipv6_sock_mc_join(sk, greq.gr_interface, &psin6->sin6_addr); else retv = ipv6_sock_mc_drop(sk, greq.gr_interface, &psin6->sin6_addr); break; } case MCAST_JOIN_SOURCE_GROUP: case MCAST_LEAVE_SOURCE_GROUP: case MCAST_BLOCK_SOURCE: case MCAST_UNBLOCK_SOURCE: { struct group_source_req greqs; int omode, add; if (optlen < sizeof(struct group_source_req)) goto e_inval; if (copy_from_user(&greqs, optval, sizeof(greqs))) { retv = -EFAULT; break; } if (greqs.gsr_group.ss_family != AF_INET6 || greqs.gsr_source.ss_family != AF_INET6) { retv = -EADDRNOTAVAIL; break; } if (optname == MCAST_BLOCK_SOURCE) { omode = MCAST_EXCLUDE; add = 1; } else if (optname == MCAST_UNBLOCK_SOURCE) { omode = MCAST_EXCLUDE; add = 0; } else if (optname == MCAST_JOIN_SOURCE_GROUP) { struct sockaddr_in6 *psin6; psin6 = (struct sockaddr_in6 *)&greqs.gsr_group; retv = ipv6_sock_mc_join(sk, greqs.gsr_interface, &psin6->sin6_addr); if (retv && retv != -EADDRINUSE) break; omode = MCAST_INCLUDE; add = 1; } else { omode = MCAST_INCLUDE; add = 0; } retv = ip6_mc_source(add, omode, sk, &greqs); break; } case MCAST_MSFILTER: { struct group_filter *gsf; if (optlen < GROUP_FILTER_SIZE(0)) goto e_inval; if (optlen > sysctl_optmem_max) { retv = -ENOBUFS; break; } gsf = kmalloc(optlen, GFP_KERNEL); if (!gsf) { retv = -ENOBUFS; break; } retv = -EFAULT; if (copy_from_user(gsf, optval, optlen)) { kfree(gsf); break; } if (gsf->gf_numsrc >= 0x1ffffffU || gsf->gf_numsrc > sysctl_mld_max_msf) { kfree(gsf); retv = -ENOBUFS; break; } if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { kfree(gsf); retv = -EINVAL; break; } retv = ip6_mc_msfilter(sk, gsf); kfree(gsf); break; } case IPV6_ROUTER_ALERT: if (optlen < sizeof(int)) goto e_inval; retv = ip6_ra_control(sk, val); break; case IPV6_MTU_DISCOVER: if (optlen < sizeof(int)) goto e_inval; if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT) goto e_inval; np->pmtudisc = val; retv = 0; break; case IPV6_MTU: if (optlen < sizeof(int)) goto e_inval; if (val && val < IPV6_MIN_MTU) goto e_inval; np->frag_size = val; retv = 0; break; case IPV6_RECVERR: if (optlen < sizeof(int)) goto e_inval; np->recverr = valbool; if (!val) skb_queue_purge(&sk->sk_error_queue); retv = 0; break; case IPV6_FLOWINFO_SEND: if (optlen < sizeof(int)) goto e_inval; np->sndflow = valbool; retv = 0; break; case IPV6_FLOWLABEL_MGR: retv = ipv6_flowlabel_opt(sk, optval, optlen); break; case IPV6_IPSEC_POLICY: case IPV6_XFRM_POLICY: retv = -EPERM; if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) break; retv = xfrm_user_policy(sk, optname, optval, optlen); break; case IPV6_ADDR_PREFERENCES: { unsigned int pref = 0; unsigned int prefmask = ~0; if (optlen < sizeof(int)) goto e_inval; retv = -EINVAL; switch (val & (IPV6_PREFER_SRC_PUBLIC| IPV6_PREFER_SRC_TMP| IPV6_PREFER_SRC_PUBTMP_DEFAULT)) { case IPV6_PREFER_SRC_PUBLIC: pref |= IPV6_PREFER_SRC_PUBLIC; break; case IPV6_PREFER_SRC_TMP: pref |= IPV6_PREFER_SRC_TMP; break; case IPV6_PREFER_SRC_PUBTMP_DEFAULT: break; case 0: goto pref_skip_pubtmp; default: goto e_inval; } prefmask &= ~(IPV6_PREFER_SRC_PUBLIC| IPV6_PREFER_SRC_TMP); pref_skip_pubtmp: switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) { case IPV6_PREFER_SRC_HOME: break; case IPV6_PREFER_SRC_COA: pref |= IPV6_PREFER_SRC_COA; case 0: goto pref_skip_coa; default: goto e_inval; } prefmask &= ~IPV6_PREFER_SRC_COA; pref_skip_coa: switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) { case IPV6_PREFER_SRC_CGA: case IPV6_PREFER_SRC_NONCGA: case 0: break; default: goto e_inval; } np->srcprefs = (np->srcprefs & prefmask) | pref; retv = 0; break; } case IPV6_MINHOPCOUNT: if (optlen < sizeof(int)) goto e_inval; if (val < 0 || val > 255) goto e_inval; np->min_hopcount = val; retv = 0; break; case IPV6_DONTFRAG: np->dontfrag = valbool; retv = 0; break; case IPV6_AUTOFLOWLABEL: np->autoflowlabel = valbool; retv = 0; break; } release_sock(sk); if (needs_rtnl) rtnl_unlock(); return retv; e_inval: release_sock(sk); if (needs_rtnl) rtnl_unlock(); return -EINVAL; }",visit repo url,net/ipv6/ipv6_sockglue.c,https://github.com/torvalds/linux,179725991694853,1 676,CWE-20,"mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sk_buff *skb; struct sock *sk = sock->sk; struct sockaddr_mISDN *maddr; int copied, err; if (*debug & DEBUG_SOCKET) printk(KERN_DEBUG ""%s: len %d, flags %x ch.nr %d, proto %x\n"", __func__, (int)len, flags, _pms(sk)->ch.nr, sk->sk_protocol); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == MISDN_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (!skb) return err; if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) { msg->msg_namelen = sizeof(struct sockaddr_mISDN); maddr = (struct sockaddr_mISDN *)msg->msg_name; maddr->family = AF_ISDN; maddr->dev = _pms(sk)->dev->id; if ((sk->sk_protocol == ISDN_P_LAPD_TE) || (sk->sk_protocol == ISDN_P_LAPD_NT)) { maddr->channel = (mISDN_HEAD_ID(skb) >> 16) & 0xff; maddr->tei = (mISDN_HEAD_ID(skb) >> 8) & 0xff; maddr->sapi = mISDN_HEAD_ID(skb) & 0xff; } else { maddr->channel = _pms(sk)->ch.nr; maddr->sapi = _pms(sk)->ch.addr & 0xFF; maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF; } } else { if (msg->msg_namelen) printk(KERN_WARNING ""%s: too small namelen %d\n"", __func__, msg->msg_namelen); msg->msg_namelen = 0; } copied = skb->len + MISDN_HEADER_LEN; if (len < copied) { if (flags & MSG_PEEK) atomic_dec(&skb->users); else skb_queue_head(&sk->sk_receive_queue, skb); return -ENOSPC; } memcpy(skb_push(skb, MISDN_HEADER_LEN), mISDN_HEAD_P(skb), MISDN_HEADER_LEN); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); mISDN_sock_cmsg(sk, msg, skb); skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,drivers/isdn/mISDN/socket.c,https://github.com/torvalds/linux,109946884267745,1 467,[],"pfmfs_delete_dentry(struct dentry *dentry) { return 1; }",linux-2.6,,,29770927932540614078640510430503399585,0 6465,CWE-476,"writefile(const char *name, struct string *s) { FILE *f; int ret; f = fopen(name, ""w""); if (!f) { warn(""open %s:"", name); return -1; } ret = 0; if (fwrite(s->s, 1, s->n, f) != s->n || fflush(f) != 0) { warn(""write %s:"", name); ret = -1; } fclose(f); return ret; }",visit repo url,util.c,https://github.com/michaelforney/samurai,138057333548620,1 186,CWE-476,"static void ax25_kill_by_device(struct net_device *dev) { ax25_dev *ax25_dev; ax25_cb *s; struct sock *sk; if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL) return; spin_lock_bh(&ax25_list_lock); again: ax25_for_each(s, &ax25_list) { if (s->ax25_dev == ax25_dev) { sk = s->sk; if (!sk) { spin_unlock_bh(&ax25_list_lock); s->ax25_dev = NULL; ax25_disconnect(s, ENETUNREACH); spin_lock_bh(&ax25_list_lock); goto again; } sock_hold(sk); spin_unlock_bh(&ax25_list_lock); lock_sock(sk); s->ax25_dev = NULL; if (sk->sk_socket) { dev_put_track(ax25_dev->dev, &ax25_dev->dev_tracker); ax25_dev_put(ax25_dev); } ax25_disconnect(s, ENETUNREACH); release_sock(sk); spin_lock_bh(&ax25_list_lock); sock_put(sk); goto again; } } spin_unlock_bh(&ax25_list_lock); }",visit repo url,net/ax25/af_ax25.c,https://github.com/torvalds/linux,210458843061075,1 3120,CWE-119,"bool extract_sockaddr(char *url, char **sockaddr_url, char **sockaddr_port) { char *url_begin, *url_end, *ipv6_begin, *ipv6_end, *port_start = NULL; char url_address[256], port[6]; int url_len, port_len = 0; *sockaddr_url = url; url_begin = strstr(url, ""//""); if (!url_begin) url_begin = url; else url_begin += 2; ipv6_begin = strstr(url_begin, ""[""); ipv6_end = strstr(url_begin, ""]""); if (ipv6_begin && ipv6_end && ipv6_end > ipv6_begin) url_end = strstr(ipv6_end, "":""); else url_end = strstr(url_begin, "":""); if (url_end) { url_len = url_end - url_begin; port_len = strlen(url_begin) - url_len - 1; if (port_len < 1) return false; port_start = url_end + 1; } else url_len = strlen(url_begin); if (url_len < 1) return false; sprintf(url_address, ""%.*s"", url_len, url_begin); if (port_len) { char *slash; snprintf(port, 6, ""%.*s"", port_len, port_start); slash = strchr(port, '/'); if (slash) *slash = '\0'; } else strcpy(port, ""80""); *sockaddr_port = strdup(port); *sockaddr_url = strdup(url_address); return true; }",visit repo url,util.c,https://github.com/ckolivas/cgminer,141653320381313,1 526,['CWE-399'],"static void pwc_reset_buffers(struct pwc_device *pdev) { int i; unsigned long flags; PWC_DEBUG_MEMORY("">> %s __enter__\n"", __FUNCTION__); spin_lock_irqsave(&pdev->ptrlock, flags); pdev->full_frames = NULL; pdev->full_frames_tail = NULL; for (i = 0; i < default_fbufs; i++) { pdev->fbuf[i].filled = 0; if (i > 0) pdev->fbuf[i].next = &pdev->fbuf[i - 1]; else pdev->fbuf->next = NULL; } pdev->empty_frames = &pdev->fbuf[default_fbufs - 1]; pdev->empty_frames_tail = pdev->fbuf; pdev->read_frame = NULL; pdev->fill_frame = pdev->empty_frames; pdev->empty_frames = pdev->empty_frames->next; pdev->image_read_pos = 0; pdev->fill_image = 0; spin_unlock_irqrestore(&pdev->ptrlock, flags); PWC_DEBUG_MEMORY(""<< %s __leaving__\n"", __FUNCTION__); }",linux-2.6,,,332617154910689345401765349046396559532,0 5961,CWE-276,"zfs_groupmember(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr) { #ifdef HAVE_KSID ksid_t *ksid = crgetsid(cr, KSID_GROUP); ksidlist_t *ksidlist = crgetsidlist(cr); uid_t gid; if (ksid && ksidlist) { int i; ksid_t *ksid_groups; uint32_t idx = FUID_INDEX(id); uint32_t rid = FUID_RID(id); ksid_groups = ksidlist->ksl_sids; for (i = 0; i != ksidlist->ksl_nsid; i++) { if (idx == 0) { if (id != IDMAP_WK_CREATOR_GROUP_GID && id == ksid_groups[i].ks_id) { return (B_TRUE); } } else { const char *domain; domain = zfs_fuid_find_by_idx(zfsvfs, idx); ASSERT(domain != NULL); if (strcmp(domain, IDMAP_WK_CREATOR_SID_AUTHORITY) == 0) return (B_FALSE); if ((strcmp(domain, ksid_groups[i].ks_domain->kd_name) == 0) && rid == ksid_groups[i].ks_rid) return (B_TRUE); } } } gid = zfs_fuid_map_id(zfsvfs, id, cr, ZFS_GROUP); return (groupmember(gid, cr)); #else return (B_TRUE); #endif }",visit repo url,module/zfs/zfs_fuid.c,https://github.com/openzfs/zfs,233701998061661,1 860,['CWE-119'],"static char *map_drvname(int di) { if ((di < 0) || (di >= ISDN_MAX_DRIVERS)) return(NULL); return(dev->drvid[di]); } ",linux-2.6,,,42852013137103995234493826249413517356,0 1301,['CWE-119'],"static unsigned char asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid) { unsigned char ch; *subid = 0; do { if (!asn1_octet_decode(ctx, &ch)) return 0; *subid <<= 7; *subid |= ch & 0x7F; } while ((ch & 0x80) == 0x80); return 1; }",linux-2.6,,,242821694743699828555592172708457277914,0 4279,CWE-400,"static bool bin_pe_init_metadata_hdr(RBinPEObj* pe) { PE_(image_metadata_header) * metadata = R_NEW0 (PE_(image_metadata_header)); if (!metadata) { return false; } PE_DWord metadata_directory = pe->clr_hdr? PE_(va2pa) (pe, pe->clr_hdr->MetaDataDirectoryAddress): 0; if (!metadata_directory) { free (metadata); return false; } int rr = r_buf_fread_at (pe->b, metadata_directory, (ut8*) metadata, pe->big_endian? ""1I2S"": ""1i2s"", 1); if (rr < 1) { goto fail; } rr = r_buf_fread_at (pe->b, metadata_directory + 8, (ut8*) (&metadata->Reserved), pe->big_endian? ""1I"": ""1i"", 1); if (rr < 1) { goto fail; } rr = r_buf_fread_at (pe->b, metadata_directory + 12, (ut8*) (&metadata->VersionStringLength), pe->big_endian? ""1I"": ""1i"", 1); if (rr < 1) { goto fail; } eprintf (""Metadata Signature: 0x%""PFMT64x"" 0x%""PFMT64x"" %d\n"", (ut64)metadata_directory, (ut64)metadata->Signature, (int)metadata->VersionStringLength); int len = metadata->VersionStringLength; if (len > 0) { metadata->VersionString = calloc (1, len + 1); if (!metadata->VersionString) { goto fail; } rr = r_buf_read_at (pe->b, metadata_directory + 16, (ut8*)(metadata->VersionString), len); if (rr != len) { eprintf (""Warning: read (metadata header) - cannot parse version string\n""); free (metadata->VersionString); free (metadata); return 0; } eprintf ("".NET Version: %s\n"", metadata->VersionString); } rr = r_buf_fread_at (pe->b, metadata_directory + 16 + metadata->VersionStringLength, (ut8*) (&metadata->Flags), pe->big_endian? ""2S"": ""2s"", 1); if (rr < 1) { goto fail; } eprintf (""Number of Metadata Streams: %d\n"", metadata->NumberOfStreams); pe->metadata_header = metadata; int stream_addr = metadata_directory + 20 + metadata->VersionStringLength; PE_(image_metadata_stream) * stream; PE_(image_metadata_stream) **streams = calloc (sizeof (PE_(image_metadata_stream)*), metadata->NumberOfStreams); if (!streams) { goto fail; } int count; for (count = 0; count < metadata->NumberOfStreams; count++) { stream = R_NEW0 (PE_(image_metadata_stream)); if (!stream) { free (streams); goto fail; } if (r_buf_size (pe->b) < (stream_addr + 8 + MAX_METADATA_STRING_LENGTH)) { eprintf (""Truncated\n""); free (stream); free (streams); goto fail; } if (r_buf_fread_at (pe->b, stream_addr, (ut8*) stream, pe->big_endian? ""2I"": ""2i"", 1) < 1) { free (stream); free (streams); goto fail; } eprintf (""DirectoryAddress: %x Size: %x\n"", stream->Offset, stream->Size); char* stream_name = calloc (1, MAX_METADATA_STRING_LENGTH + 1); if (!stream_name) { free (stream); free (streams); goto fail; } int c = bin_pe_read_metadata_string (stream_name, pe->b, stream_addr + 8); if (c == 0) { free (stream_name); free (stream); free (streams); goto fail; } eprintf (""Stream name: %s %d\n"", stream_name, c); stream->Name = stream_name; streams[count] = stream; stream_addr += 8 + c; } pe->streams = streams; return true; fail: eprintf (""Warning: read (metadata header)\n""); free (metadata); return false; }",visit repo url,libr/bin/format/pe/pe.c,https://github.com/radareorg/radare2,136683433998164,1 4449,['CWE-264'],"int sock_prot_inuse_get(struct net *net, struct proto *prot) { int cpu, idx = prot->inuse_idx; int res = 0; for_each_possible_cpu(cpu) res += per_cpu_ptr(net->core.inuse, cpu)->val[idx]; return res >= 0 ? res : 0; }",linux-2.6,,,54096069667510009977704991163629340616,0 996,CWE-20,"int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) { int result = parse_rock_ridge_inode_internal(de, inode, 0); if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1) && (ISOFS_SB(inode->i_sb)->s_rock == 2)) { result = parse_rock_ridge_inode_internal(de, inode, 14); } return result; }",visit repo url,fs/isofs/rock.c,https://github.com/torvalds/linux,111691240116390,1 4046,CWE-119,"static Sdb *store_versioninfo_gnu_verdef(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz) { const char *section_name = """"; const char *link_section_name = """"; char *end = NULL; Elf_(Shdr) *link_shdr = NULL; ut8 dfs[sizeof (Elf_(Verdef))] = {0}; Sdb *sdb; int cnt, i; if (shdr->sh_link > bin->ehdr.e_shnum) { return false; } link_shdr = &bin->shdr[shdr->sh_link]; if (shdr->sh_size < 1) { return false; } Elf_(Verdef) *defs = calloc (shdr->sh_size, sizeof (char)); if (!defs) { return false; } if (bin->shstrtab && shdr->sh_name < bin->shstrtab_size) { section_name = &bin->shstrtab[shdr->sh_name]; } if (link_shdr && bin->shstrtab && link_shdr->sh_name < bin->shstrtab_size) { link_section_name = &bin->shstrtab[link_shdr->sh_name]; } if (!defs) { bprintf (""Warning: Cannot allocate memory (Check Elf_(Verdef))\n""); return NULL; } sdb = sdb_new0 (); end = (char *)defs + shdr->sh_size; sdb_set (sdb, ""section_name"", section_name, 0); sdb_num_set (sdb, ""entries"", shdr->sh_info, 0); sdb_num_set (sdb, ""addr"", shdr->sh_addr, 0); sdb_num_set (sdb, ""offset"", shdr->sh_offset, 0); sdb_num_set (sdb, ""link"", shdr->sh_link, 0); sdb_set (sdb, ""link_section_name"", link_section_name, 0); for (cnt = 0, i = 0; i >= 0 && cnt < shdr->sh_info && ((char *)defs + i < end); ++cnt) { Sdb *sdb_verdef = sdb_new0 (); char *vstart = ((char*)defs) + i; char key[32] = {0}; Elf_(Verdef) *verdef = (Elf_(Verdef)*)vstart; Elf_(Verdaux) aux = {0}; int j = 0; int isum = 0; r_buf_read_at (bin->b, shdr->sh_offset + i, dfs, sizeof (Elf_(Verdef))); verdef->vd_version = READ16 (dfs, j) verdef->vd_flags = READ16 (dfs, j) verdef->vd_ndx = READ16 (dfs, j) verdef->vd_cnt = READ16 (dfs, j) verdef->vd_hash = READ32 (dfs, j) verdef->vd_aux = READ32 (dfs, j) verdef->vd_next = READ32 (dfs, j) int vdaux = verdef->vd_aux; if (vdaux < 1) { sdb_free (sdb_verdef); goto out_error; } vstart += vdaux; if (vstart > end || vstart + sizeof (Elf_(Verdaux)) > end) { sdb_free (sdb_verdef); goto out_error; } j = 0; aux.vda_name = READ32 (vstart, j) aux.vda_next = READ32 (vstart, j) isum = i + verdef->vd_aux; if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); goto out_error; } sdb_num_set (sdb_verdef, ""idx"", i, 0); sdb_num_set (sdb_verdef, ""vd_version"", verdef->vd_version, 0); sdb_num_set (sdb_verdef, ""vd_ndx"", verdef->vd_ndx, 0); sdb_num_set (sdb_verdef, ""vd_cnt"", verdef->vd_cnt, 0); sdb_set (sdb_verdef, ""vda_name"", &bin->dynstr[aux.vda_name], 0); sdb_set (sdb_verdef, ""flags"", get_ver_flags (verdef->vd_flags), 0); for (j = 1; j < verdef->vd_cnt; ++j) { int k; Sdb *sdb_parent = sdb_new0 (); isum += aux.vda_next; vstart += aux.vda_next; if (vstart > end || vstart + sizeof(Elf_(Verdaux)) > end) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } k = 0; aux.vda_name = READ32 (vstart, k) aux.vda_next = READ32 (vstart, k) if (aux.vda_name > bin->dynstr_size) { sdb_free (sdb_verdef); sdb_free (sdb_parent); goto out_error; } sdb_num_set (sdb_parent, ""idx"", isum, 0); sdb_num_set (sdb_parent, ""parent"", j, 0); sdb_set (sdb_parent, ""vda_name"", &bin->dynstr[aux.vda_name], 0); snprintf (key, sizeof (key), ""parent%d"", j - 1); sdb_ns_set (sdb_verdef, key, sdb_parent); } snprintf (key, sizeof (key), ""verdef%d"", cnt); sdb_ns_set (sdb, key, sdb_verdef); if (!verdef->vd_next) { sdb_free (sdb_verdef); goto out_error; } if ((st32)verdef->vd_next < 1) { eprintf (""Warning: Invalid vd_next in the ELF version\n""); break; } i += verdef->vd_next; } free (defs); return sdb; out_error: free (defs); sdb_free (sdb); return NULL; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radare/radare2,112902309773853,1 5371,['CWE-476'],"void kvm_arch_hardware_disable(void *garbage) { kvm_x86_ops->hardware_disable(garbage); }",linux-2.6,,,297088937050436038029050094133497923822,0 936,CWE-17,"pipe_read(struct kiocb *iocb, const struct iovec *_iov, unsigned long nr_segs, loff_t pos) { struct file *filp = iocb->ki_filp; struct pipe_inode_info *pipe = filp->private_data; int do_wakeup; ssize_t ret; struct iovec *iov = (struct iovec *)_iov; size_t total_len; total_len = iov_length(iov, nr_segs); if (unlikely(total_len == 0)) return 0; do_wakeup = 0; ret = 0; __pipe_lock(pipe); for (;;) { int bufs = pipe->nrbufs; if (bufs) { int curbuf = pipe->curbuf; struct pipe_buffer *buf = pipe->bufs + curbuf; const struct pipe_buf_operations *ops = buf->ops; void *addr; size_t chars = buf->len; int error, atomic; if (chars > total_len) chars = total_len; error = ops->confirm(pipe, buf); if (error) { if (!ret) ret = error; break; } atomic = !iov_fault_in_pages_write(iov, chars); redo: if (atomic) addr = kmap_atomic(buf->page); else addr = kmap(buf->page); error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic); if (atomic) kunmap_atomic(addr); else kunmap(buf->page); if (unlikely(error)) { if (atomic) { atomic = 0; goto redo; } if (!ret) ret = error; break; } ret += chars; buf->offset += chars; buf->len -= chars; if (buf->flags & PIPE_BUF_FLAG_PACKET) { total_len = chars; buf->len = 0; } if (!buf->len) { buf->ops = NULL; ops->release(pipe, buf); curbuf = (curbuf + 1) & (pipe->buffers - 1); pipe->curbuf = curbuf; pipe->nrbufs = --bufs; do_wakeup = 1; } total_len -= chars; if (!total_len) break; } if (bufs) continue; if (!pipe->writers) break; if (!pipe->waiting_writers) { if (ret) break; if (filp->f_flags & O_NONBLOCK) { ret = -EAGAIN; break; } } if (signal_pending(current)) { if (!ret) ret = -ERESTARTSYS; break; } if (do_wakeup) { wake_up_interruptible_sync_poll(&pipe->wait, POLLOUT | POLLWRNORM); kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); } pipe_wait(pipe); } __pipe_unlock(pipe); if (do_wakeup) { wake_up_interruptible_sync_poll(&pipe->wait, POLLOUT | POLLWRNORM); kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); } if (ret > 0) file_accessed(filp); return ret; }",visit repo url,fs/pipe.c,https://github.com/torvalds/linux,89943858466634,1 3768,[],"static void dec_inflight(struct unix_sock *usk) { atomic_long_dec(&usk->inflight); }",linux-2.6,,,243900684040113369283802095300303289489,0 1032,CWE-20,"sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net, const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *asconf_ack = arg; struct sctp_chunk *last_asconf = asoc->addip_last_asconf; struct sctp_chunk *abort; struct sctp_paramhdr *err_param = NULL; sctp_addiphdr_t *addip_hdr; __u32 sent_serial, rcvd_serial; if (!sctp_vtag_verify(asconf_ack, asoc)) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, SCTP_NULL()); return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); } if (!net->sctp.addip_noauth && !asconf_ack->auth) return sctp_sf_discard_chunk(net, ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(asconf_ack, sizeof(sctp_addip_chunk_t))) return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, commands); addip_hdr = (sctp_addiphdr_t *)asconf_ack->skb->data; rcvd_serial = ntohl(addip_hdr->serial); if (!sctp_verify_asconf(asoc, (sctp_paramhdr_t *)addip_hdr->params, (void *)asconf_ack->chunk_end, &err_param)) return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, (void *)err_param, commands); if (last_asconf) { addip_hdr = (sctp_addiphdr_t *)last_asconf->subh.addip_hdr; sent_serial = ntohl(addip_hdr->serial); } else { sent_serial = asoc->addip_serial - 1; } if (ADDIP_SERIAL_gte(rcvd_serial, sent_serial + 1) && !(asoc->addip_last_asconf)) { abort = sctp_make_abort(asoc, asconf_ack, sizeof(sctp_errhdr_t)); if (abort) { sctp_init_cause(abort, SCTP_ERROR_ASCONF_ACK, 0); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); } sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_ASCONF_ACK)); SCTP_INC_STATS(net, SCTP_MIB_ABORTEDS); SCTP_DEC_STATS(net, SCTP_MIB_CURRESTAB); return SCTP_DISPOSITION_ABORT; } if ((rcvd_serial == sent_serial) && asoc->addip_last_asconf) { sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); if (!sctp_process_asconf_ack((struct sctp_association *)asoc, asconf_ack)) { sctp_add_cmd_sf(commands, SCTP_CMD_SEND_NEXT_ASCONF, SCTP_NULL()); return SCTP_DISPOSITION_CONSUME; } abort = sctp_make_abort(asoc, asconf_ack, sizeof(sctp_errhdr_t)); if (abort) { sctp_init_cause(abort, SCTP_ERROR_RSRC_LOW, 0); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); } sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_ASCONF_ACK)); SCTP_INC_STATS(net, SCTP_MIB_ABORTEDS); SCTP_DEC_STATS(net, SCTP_MIB_CURRESTAB); return SCTP_DISPOSITION_ABORT; } return SCTP_DISPOSITION_DISCARD; }",visit repo url,net/sctp/sm_statefuns.c,https://github.com/torvalds/linux,136557601682027,1 4340,['CWE-119'],"static status ParseCues (AFfilehandle filehandle, AFvirtualfile *fp, uint32_t id, size_t size) { _Track *track; uint32_t markerCount; int i; track = _af_filehandle_get_track(filehandle, AF_DEFAULT_TRACK); af_read_uint32_le(&markerCount, fp); track->markerCount = markerCount; if (markerCount == 0) { track->markers = NULL; return AF_SUCCEED; } if ((track->markers = _af_marker_new(markerCount)) == NULL) return AF_FAIL; for (i=0; imarkers[i]; af_read_uint32_le(&id, fp); af_read_uint32_le(&position, fp); af_read_uint32_le(&chunkid, fp); af_read_uint32_le(&chunkByteOffset, fp); af_read_uint32_le(&blockByteOffset, fp); af_read_uint32_le(&sampleFrameOffset, fp); marker->id = id; marker->position = sampleFrameOffset; marker->name = _af_strdup(""""); marker->comment = _af_strdup(""""); } return AF_SUCCEED; }",audiofile,,,182094807074497821552791491977601863175,0 800,CWE-20,"static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(kiocb); struct scm_cookie scm; struct sock *sk = sock->sk; struct netlink_sock *nlk = nlk_sk(sk); int noblock = flags&MSG_DONTWAIT; size_t copied; struct sk_buff *skb, *data_skb; int err, ret; if (flags&MSG_OOB) return -EOPNOTSUPP; copied = 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (skb == NULL) goto out; data_skb = skb; #ifdef CONFIG_COMPAT_NETLINK_MESSAGES if (unlikely(skb_shinfo(skb)->frag_list)) { if (flags & MSG_CMSG_COMPAT) data_skb = skb_shinfo(skb)->frag_list; } #endif msg->msg_namelen = 0; copied = data_skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(data_skb); err = skb_copy_datagram_iovec(data_skb, 0, msg->msg_iov, copied); if (msg->msg_name) { struct sockaddr_nl *addr = (struct sockaddr_nl *)msg->msg_name; addr->nl_family = AF_NETLINK; addr->nl_pad = 0; addr->nl_pid = NETLINK_CB(skb).portid; addr->nl_groups = netlink_group_mask(NETLINK_CB(skb).dst_group); msg->msg_namelen = sizeof(*addr); } if (nlk->flags & NETLINK_RECV_PKTINFO) netlink_cmsg_recv_pktinfo(msg, skb); if (NULL == siocb->scm) { memset(&scm, 0, sizeof(scm)); siocb->scm = &scm; } siocb->scm->creds = *NETLINK_CREDS(skb); if (flags & MSG_TRUNC) copied = data_skb->len; skb_free_datagram(sk, skb); if (nlk->cb_running && atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) { ret = netlink_dump(sk); if (ret) { sk->sk_err = ret; sk->sk_error_report(sk); } } scm_recv(sock, msg, siocb->scm, flags); out: netlink_rcv_wake(sk); return err ? : copied; }",visit repo url,net/netlink/af_netlink.c,https://github.com/torvalds/linux,280528127100709,1 6339,['CWE-200'],"static inline int ioctl_export_private(struct net_device * dev, struct ifreq * ifr) { struct iwreq * iwr = (struct iwreq *) ifr; if((dev->wireless_handlers->num_private_args == 0) || (dev->wireless_handlers->private_args == NULL)) return -EOPNOTSUPP; if(iwr->u.data.pointer == NULL) return -EFAULT; if(iwr->u.data.length < dev->wireless_handlers->num_private_args) { iwr->u.data.length = dev->wireless_handlers->num_private_args; return -E2BIG; } iwr->u.data.length = dev->wireless_handlers->num_private_args; if (copy_to_user(iwr->u.data.pointer, dev->wireless_handlers->private_args, sizeof(struct iw_priv_args) * iwr->u.data.length)) return -EFAULT; return 0; }",linux-2.6,,,266145112078689449887351957255228459326,0 2739,CWE-119,"PHP_FUNCTION(curl_escape) { char *str = NULL, *res = NULL; size_t str_len = 0; zval *zid; php_curl *ch; if (zend_parse_parameters(ZEND_NUM_ARGS(), ""rs"", &zid, &str, &str_len) == FAILURE) { return; } if ((ch = (php_curl*)zend_fetch_resource(Z_RES_P(zid), le_curl_name, le_curl)) == NULL) { RETURN_FALSE; } if ((res = curl_easy_escape(ch->cp, str, str_len))) { RETVAL_STRING(res); curl_free(res); } else { RETURN_FALSE; } }",visit repo url,ext/curl/interface.c,https://github.com/php/php-src,50877119897955,1 2053,['CWE-269'],"static void __init init_mount_tree(void) { struct vfsmount *mnt; struct mnt_namespace *ns; mnt = do_kern_mount(""rootfs"", 0, ""rootfs"", NULL); if (IS_ERR(mnt)) panic(""Can't create rootfs""); ns = kmalloc(sizeof(*ns), GFP_KERNEL); if (!ns) panic(""Can't allocate initial namespace""); atomic_set(&ns->count, 1); INIT_LIST_HEAD(&ns->list); init_waitqueue_head(&ns->poll); ns->event = 0; list_add(&mnt->mnt_list, &ns->list); ns->root = mnt; mnt->mnt_ns = ns; init_task.nsproxy->mnt_ns = ns; get_mnt_ns(ns); set_fs_pwd(current->fs, ns->root, ns->root->mnt_root); set_fs_root(current->fs, ns->root, ns->root->mnt_root); }",linux-2.6,,,297573248824917060555637710167354621644,0 1953,CWE-401,"static int mwifiex_pcie_alloc_cmdrsp_buf(struct mwifiex_adapter *adapter) { struct pcie_service_card *card = adapter->card; struct sk_buff *skb; skb = dev_alloc_skb(MWIFIEX_UPLD_SIZE); if (!skb) { mwifiex_dbg(adapter, ERROR, ""Unable to allocate skb for command response data.\n""); return -ENOMEM; } skb_put(skb, MWIFIEX_UPLD_SIZE); if (mwifiex_map_pci_memory(adapter, skb, MWIFIEX_UPLD_SIZE, PCI_DMA_FROMDEVICE)) return -1; card->cmdrsp_buf = skb; return 0; }",visit repo url,drivers/net/wireless/marvell/mwifiex/pcie.c,https://github.com/torvalds/linux,235515917117326,1 2315,['CWE-120'],"void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd) { struct page *page = NULL; nd_set_link(nd, page_getlink(dentry, &page)); return page; }",linux-2.6,,,220050130648614089466708481080961145131,0 5380,['CWE-476'],"static int emulator_cmpxchg_emulated(unsigned long addr, const void *old, const void *new, unsigned int bytes, struct kvm_vcpu *vcpu) { static int reported; if (!reported) { reported = 1; printk(KERN_WARNING ""kvm: emulating exchange as write\n""); } #ifndef CONFIG_X86_64 if (bytes == 8) { gpa_t gpa; struct page *page; char *kaddr; u64 val; gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, addr); if (gpa == UNMAPPED_GVA || (gpa & PAGE_MASK) == APIC_DEFAULT_PHYS_BASE) goto emul_write; if (((gpa + bytes - 1) & PAGE_MASK) != (gpa & PAGE_MASK)) goto emul_write; val = *(u64 *)new; page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT); kaddr = kmap_atomic(page, KM_USER0); set_64bit((u64 *)(kaddr + offset_in_page(gpa)), val); kunmap_atomic(kaddr, KM_USER0); kvm_release_page_dirty(page); } emul_write: #endif return emulator_write_emulated(addr, new, bytes, vcpu); }",linux-2.6,,,228110453027675193709377403451663021662,0 3986,CWE-352,"static void doPost(HttpRequest req, HttpResponse res) { set_content_type(res, ""text/html""); if (ACTION(RUN)) handle_run(req, res); else if (ACTION(STATUS)) print_status(req, res, 1); else if (ACTION(STATUS2)) print_status(req, res, 2); else if (ACTION(SUMMARY)) print_summary(req, res); else if (ACTION(REPORT)) _printReport(req, res); else if (ACTION(DOACTION)) handle_do_action(req, res); else handle_action(req, res); }",visit repo url,src/http/cervlet.c,https://bitbucket.org/tildeslash/monit,46032107820563,1 5150,['CWE-20'],"static int handle_invlpg(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { u64 exit_qualification = vmcs_read64(EXIT_QUALIFICATION); kvm_mmu_invlpg(vcpu, exit_qualification); skip_emulated_instruction(vcpu); return 1; }",linux-2.6,,,203195557685012054981735334201023267542,0 383,CWE-119,"int hns_rcb_get_ring_sset_count(int stringset) { if (stringset == ETH_SS_STATS) return HNS_RING_STATIC_REG_NUM; return 0; }",visit repo url,drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c,https://github.com/torvalds/linux,102679595159739,1 5058,CWE-787,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 3656,['CWE-287'],"struct sctp_transport *sctp_assoc_choose_shutdown_transport( struct sctp_association *asoc) { if (!asoc->shutdown_last_sent_to) return asoc->peer.active_path; else { if (asoc->shutdown_last_sent_to == asoc->peer.retran_path) sctp_assoc_update_retran_path(asoc); return asoc->peer.retran_path; } }",linux-2.6,,,70882576964651563926295847792753361082,0 6304,['CWE-200'],"static void ipmr_vif_seq_stop(struct seq_file *seq, void *v) { read_unlock(&mrt_lock); }",linux-2.6,,,148407697799894951752878371046668132932,0 4869,['CWE-189'],"int ecryptfs_decode_and_decrypt_filename(char **plaintext_name, size_t *plaintext_name_size, struct dentry *ecryptfs_dir_dentry, const char *name, size_t name_size) { char *decoded_name; size_t decoded_name_size; size_t packet_size; int rc = 0; if ((name_size > ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) && (strncmp(name, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE) == 0)) { struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private( ecryptfs_dir_dentry->d_sb)->mount_crypt_stat; const char *orig_name = name; size_t orig_name_size = name_size; name += ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; name_size -= ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE; ecryptfs_decode_from_filename(NULL, &decoded_name_size, name, name_size); decoded_name = kmalloc(decoded_name_size, GFP_KERNEL); if (!decoded_name) { printk(KERN_ERR ""%s: Out of memory whilst attempting "" ""to kmalloc [%zd] bytes\n"", __func__, decoded_name_size); rc = -ENOMEM; goto out; } ecryptfs_decode_from_filename(decoded_name, &decoded_name_size, name, name_size); rc = ecryptfs_parse_tag_70_packet(plaintext_name, plaintext_name_size, &packet_size, mount_crypt_stat, decoded_name, decoded_name_size); if (rc) { printk(KERN_INFO ""%s: Could not parse tag 70 packet "" ""from filename; copying through filename "" ""as-is\n"", __func__); rc = ecryptfs_copy_filename(plaintext_name, plaintext_name_size, orig_name, orig_name_size); goto out_free; } } else { rc = ecryptfs_copy_filename(plaintext_name, plaintext_name_size, name, name_size); goto out; } out_free: kfree(decoded_name); out: return rc; }",linux-2.6,,,76364448369858437915186972748033706758,0 2916,CWE-119,"cpStripToTile(uint8* out, uint8* in, uint32 rows, uint32 cols, int outskew, int inskew) { while (rows-- > 0) { uint32 j = cols; while (j-- > 0) *out++ = *in++; out += outskew; in += inskew; } }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,7859566377893,1 259,[],"static int sg_grt_trans(unsigned int fd, unsigned int cmd, unsigned long arg) { int err, i; sg_req_info_t __user *r; struct compat_sg_req_info __user *o = (void __user *)arg; r = compat_alloc_user_space(sizeof(sg_req_info_t)*SG_MAX_QUEUE); err = sys_ioctl(fd,cmd,(unsigned long)r); if (err < 0) return err; for (i = 0; i < SG_MAX_QUEUE; i++) { void __user *ptr; int d; if (copy_in_user(o + i, r + i, offsetof(sg_req_info_t, usr_ptr)) || get_user(ptr, &r[i].usr_ptr) || get_user(d, &r[i].duration) || put_user((u32)(unsigned long)(ptr), &o[i].usr_ptr) || put_user(d, &o[i].duration)) return -EFAULT; } return err; }",linux-2.6,,,180161896121068804720741762965669042166,0 6492,CWE-787,"trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len, uint8_t *decrypted_dkg_secret) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE CHECK_STATE(encrypted_dkg_secret); CHECK_STATE(decrypted_dkg_secret); int status = AES_decrypt(encrypted_dkg_secret, enc_len, (char *) decrypted_dkg_secret, 3072); CHECK_STATUS2(""aes decrypt data - encrypted_dkg_secret failed with status %d"") SET_SUCCESS clean: ; LOG_INFO(__FUNCTION__ ); LOG_INFO(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,131780807662198,1 1718,[],"void __init migration_init(void) { void *cpu = (void *)(long)smp_processor_id(); int err; err = migration_call(&migration_notifier, CPU_UP_PREPARE, cpu); BUG_ON(err == NOTIFY_BAD); migration_call(&migration_notifier, CPU_ONLINE, cpu); register_cpu_notifier(&migration_notifier); }",linux-2.6,,,39000821600947274331061307927892347405,0 1756,[],"static void hrtick_start(struct rq *rq, u64 delay, int reset) { assert_spin_locked(&rq->lock); rq->hrtick_expire = ktime_add_ns(rq->hrtick_timer.base->get_time(), delay); __set_bit(HRTICK_SET, &rq->hrtick_flags); if (reset) __set_bit(HRTICK_RESET, &rq->hrtick_flags); if (reset) resched_hrt(rq->curr); }",linux-2.6,,,97398593390742582298953035214861243388,0 492,[],"static void *snd_malloc_dev_pages(struct device *dev, size_t size, dma_addr_t *dma) { int pg; void *res; gfp_t gfp_flags; snd_assert(size > 0, return NULL); snd_assert(dma != NULL, return NULL); pg = get_order(size); gfp_flags = GFP_KERNEL | __GFP_COMP | __GFP_NORETRY | __GFP_NOWARN; res = dma_alloc_coherent(dev, PAGE_SIZE << pg, dma, gfp_flags); if (res != NULL) inc_snd_pages(pg); return res; }",linux-2.6,,,52280141679979086151572723380160032904,0 1509,[],"static void sched_migrate_task(struct task_struct *p, int dest_cpu) { struct migration_req req; unsigned long flags; struct rq *rq; rq = task_rq_lock(p, &flags); if (!cpu_isset(dest_cpu, p->cpus_allowed) || unlikely(cpu_is_offline(dest_cpu))) goto out; if (migrate_task(p, dest_cpu, &req)) { struct task_struct *mt = rq->migration_thread; get_task_struct(mt); task_rq_unlock(rq, &flags); wake_up_process(mt); put_task_struct(mt); wait_for_completion(&req.done); return; } out: task_rq_unlock(rq, &flags); }",linux-2.6,,,170034660277541023516170257152549575205,0 4496,['CWE-264'],"void smt_timer_poll(struct s_smc *smc) { } ",linux-2.6,,,174325477476000095407597914312665422538,0 5413,['CWE-476'],"void kvm_enable_efer_bits(u64 mask) { efer_reserved_bits &= ~mask; }",linux-2.6,,,322834903729131049293779692024005058332,0 207,[],"static struct atalk_addr *atalk_find_primary(void) { struct atalk_iface *fiface = NULL; struct atalk_addr *retval; struct atalk_iface *iface; read_lock_bh(&atalk_interfaces_lock); for (iface = atalk_interfaces; iface; iface = iface->next) { if (!fiface && !(iface->dev->flags & IFF_LOOPBACK)) fiface = iface; if (!(iface->dev->flags & (IFF_LOOPBACK | IFF_POINTOPOINT))) { retval = &iface->address; goto out; } } if (fiface) retval = &fiface->address; else if (atalk_interfaces) retval = &atalk_interfaces->address; else retval = NULL; out: read_unlock_bh(&atalk_interfaces_lock); return retval; }",history,,,247623475224763890251084120491898067514,0 3813,['CWE-120'],"static void uvc_unregister_video(struct uvc_device *dev) { if (dev->video.vdev) { if (dev->video.vdev->minor == -1) video_device_release(dev->video.vdev); else video_unregister_device(dev->video.vdev); dev->video.vdev = NULL; } }",linux-2.6,,,329552600049468750480956131934840711255,0 988,CWE-189,"int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) { gfn_t gfn, end_gfn; pfn_t pfn; int r = 0; struct iommu_domain *domain = kvm->arch.iommu_domain; int flags; if (!domain) return 0; gfn = slot->base_gfn; end_gfn = gfn + slot->npages; flags = IOMMU_READ; if (!(slot->flags & KVM_MEM_READONLY)) flags |= IOMMU_WRITE; if (!kvm->arch.iommu_noncoherent) flags |= IOMMU_CACHE; while (gfn < end_gfn) { unsigned long page_size; if (iommu_iova_to_phys(domain, gfn_to_gpa(gfn))) { gfn += 1; continue; } page_size = kvm_host_page_size(kvm, gfn); while ((gfn + (page_size >> PAGE_SHIFT)) > end_gfn) page_size >>= 1; while ((gfn << PAGE_SHIFT) & (page_size - 1)) page_size >>= 1; while (__gfn_to_hva_memslot(slot, gfn) & (page_size - 1)) page_size >>= 1; pfn = kvm_pin_pages(slot, gfn, page_size); if (is_error_noslot_pfn(pfn)) { gfn += 1; continue; } r = iommu_map(domain, gfn_to_gpa(gfn), pfn_to_hpa(pfn), page_size, flags); if (r) { printk(KERN_ERR ""kvm_iommu_map_address:"" ""iommu failed to map pfn=%llx\n"", pfn); goto unmap_pages; } gfn += page_size >> PAGE_SHIFT; } return 0; unmap_pages: kvm_iommu_put_pages(kvm, slot->base_gfn, gfn); return r; }",visit repo url,virt/kvm/iommu.c,https://github.com/torvalds/linux,118930025954972,1 3709,CWE-476,"filter_session_io(struct io *io, int evt, void *arg) { struct filter_session *fs = arg; char *line = NULL; ssize_t len; log_trace(TRACE_IO, ""filter session: %p: %s %s"", fs, io_strevent(evt), io_strio(io)); switch (evt) { case IO_DATAIN: nextline: line = io_getline(fs->io, &len); if (line == NULL) return; filter_data(fs->id, line); goto nextline; case IO_DISCONNECTED: io_free(fs->io); fs->io = NULL; break; } }",visit repo url,usr.sbin/smtpd/lka_filter.c,https://github.com/openbsd/src,19397969597785,1 3434,CWE-119,"static void mark_commit(struct commit *c, void *data) { mark_object(&c->object, NULL, NULL, data); }",visit repo url,reachable.c,https://github.com/git/git,163575200506803,1 678,[],"static int jpc_sop_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_sop_t *sop = &ms->parms.sop; cstate = 0; if (jpc_putuint16(out, sop->seqno)) { return -1; } return 0; }",jasper,,,161363035014495883306106771954828767814,0 5356,['CWE-476'],"int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs) { int mmu_reset_needed = 0; int i, pending_vec, max_bits; struct descriptor_table dt; vcpu_load(vcpu); dt.limit = sregs->idt.limit; dt.base = sregs->idt.base; kvm_x86_ops->set_idt(vcpu, &dt); dt.limit = sregs->gdt.limit; dt.base = sregs->gdt.base; kvm_x86_ops->set_gdt(vcpu, &dt); vcpu->arch.cr2 = sregs->cr2; mmu_reset_needed |= vcpu->arch.cr3 != sregs->cr3; down_read(&vcpu->kvm->slots_lock); if (gfn_to_memslot(vcpu->kvm, sregs->cr3 >> PAGE_SHIFT)) vcpu->arch.cr3 = sregs->cr3; else set_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests); up_read(&vcpu->kvm->slots_lock); kvm_set_cr8(vcpu, sregs->cr8); mmu_reset_needed |= vcpu->arch.shadow_efer != sregs->efer; kvm_x86_ops->set_efer(vcpu, sregs->efer); kvm_set_apic_base(vcpu, sregs->apic_base); kvm_x86_ops->decache_cr4_guest_bits(vcpu); mmu_reset_needed |= vcpu->arch.cr0 != sregs->cr0; kvm_x86_ops->set_cr0(vcpu, sregs->cr0); vcpu->arch.cr0 = sregs->cr0; mmu_reset_needed |= vcpu->arch.cr4 != sregs->cr4; kvm_x86_ops->set_cr4(vcpu, sregs->cr4); if (!is_long_mode(vcpu) && is_pae(vcpu)) load_pdptrs(vcpu, vcpu->arch.cr3); if (mmu_reset_needed) kvm_mmu_reset_context(vcpu); if (!irqchip_in_kernel(vcpu->kvm)) { memcpy(vcpu->arch.irq_pending, sregs->interrupt_bitmap, sizeof vcpu->arch.irq_pending); vcpu->arch.irq_summary = 0; for (i = 0; i < ARRAY_SIZE(vcpu->arch.irq_pending); ++i) if (vcpu->arch.irq_pending[i]) __set_bit(i, &vcpu->arch.irq_summary); } else { max_bits = (sizeof sregs->interrupt_bitmap) << 3; pending_vec = find_first_bit( (const unsigned long *)sregs->interrupt_bitmap, max_bits); if (pending_vec < max_bits) { kvm_x86_ops->set_irq(vcpu, pending_vec); pr_debug(""Set back pending irq %d\n"", pending_vec); } kvm_pic_clear_isr_ack(vcpu->kvm); } kvm_set_segment(vcpu, &sregs->cs, VCPU_SREG_CS); kvm_set_segment(vcpu, &sregs->ds, VCPU_SREG_DS); kvm_set_segment(vcpu, &sregs->es, VCPU_SREG_ES); kvm_set_segment(vcpu, &sregs->fs, VCPU_SREG_FS); kvm_set_segment(vcpu, &sregs->gs, VCPU_SREG_GS); kvm_set_segment(vcpu, &sregs->ss, VCPU_SREG_SS); kvm_set_segment(vcpu, &sregs->tr, VCPU_SREG_TR); kvm_set_segment(vcpu, &sregs->ldt, VCPU_SREG_LDTR); if (vcpu->vcpu_id == 0 && kvm_rip_read(vcpu) == 0xfff0 && sregs->cs.selector == 0xf000 && sregs->cs.base == 0xffff0000 && !(vcpu->arch.cr0 & X86_CR0_PE)) vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; vcpu_put(vcpu); return 0; }",linux-2.6,,,49601244961412583570892673584717970328,0 4826,CWE-119,"int sc_file_set_sec_attr(sc_file_t *file, const u8 *sec_attr, size_t sec_attr_len) { u8 *tmp; if (!sc_file_valid(file)) { return SC_ERROR_INVALID_ARGUMENTS; } if (sec_attr == NULL) { if (file->sec_attr != NULL) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return 0; } tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); if (!tmp) { if (file->sec_attr) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; return 0; }",visit repo url,src/libopensc/sc.c,https://github.com/OpenSC/OpenSC,171861329616562,1 4884,['CWE-189'],"ecryptfs_add_new_key_tfm(struct ecryptfs_key_tfm **key_tfm, char *cipher_name, size_t key_size) { struct ecryptfs_key_tfm *tmp_tfm; int rc = 0; BUG_ON(!mutex_is_locked(&key_tfm_list_mutex)); tmp_tfm = kmem_cache_alloc(ecryptfs_key_tfm_cache, GFP_KERNEL); if (key_tfm != NULL) (*key_tfm) = tmp_tfm; if (!tmp_tfm) { rc = -ENOMEM; printk(KERN_ERR ""Error attempting to allocate from "" ""ecryptfs_key_tfm_cache\n""); goto out; } mutex_init(&tmp_tfm->key_tfm_mutex); strncpy(tmp_tfm->cipher_name, cipher_name, ECRYPTFS_MAX_CIPHER_NAME_SIZE); tmp_tfm->cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE] = '\0'; tmp_tfm->key_size = key_size; rc = ecryptfs_process_key_cipher(&tmp_tfm->key_tfm, tmp_tfm->cipher_name, &tmp_tfm->key_size); if (rc) { printk(KERN_ERR ""Error attempting to initialize key TFM "" ""cipher with name = [%s]; rc = [%d]\n"", tmp_tfm->cipher_name, rc); kmem_cache_free(ecryptfs_key_tfm_cache, tmp_tfm); if (key_tfm != NULL) (*key_tfm) = NULL; goto out; } list_add(&tmp_tfm->key_tfm_list, &key_tfm_list); out: return rc; }",linux-2.6,,,200558284613230635732568948747683801704,0 271,[],"static int do_siocgstamp(unsigned int fd, unsigned int cmd, unsigned long arg) { struct compat_timeval __user *up = compat_ptr(arg); struct timeval ktv; mm_segment_t old_fs = get_fs(); int err; set_fs(KERNEL_DS); err = sys_ioctl(fd, cmd, (unsigned long)&ktv); set_fs(old_fs); if(!err) { err = put_user(ktv.tv_sec, &up->tv_sec); err |= __put_user(ktv.tv_usec, &up->tv_usec); } return err; }",linux-2.6,,,22045618035662909124450525109584072723,0 1642,CWE-362,"int ext4_insert_range(struct inode *inode, loff_t offset, loff_t len) { struct super_block *sb = inode->i_sb; handle_t *handle; struct ext4_ext_path *path; struct ext4_extent *extent; ext4_lblk_t offset_lblk, len_lblk, ee_start_lblk = 0; unsigned int credits, ee_len; int ret = 0, depth, split_flag = 0; loff_t ioffset; if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) return -EOPNOTSUPP; if (offset & (EXT4_CLUSTER_SIZE(sb) - 1) || len & (EXT4_CLUSTER_SIZE(sb) - 1)) return -EINVAL; if (!S_ISREG(inode->i_mode)) return -EOPNOTSUPP; trace_ext4_insert_range(inode, offset, len); offset_lblk = offset >> EXT4_BLOCK_SIZE_BITS(sb); len_lblk = len >> EXT4_BLOCK_SIZE_BITS(sb); if (ext4_should_journal_data(inode)) { ret = ext4_force_commit(inode->i_sb); if (ret) return ret; } ioffset = round_down(offset, PAGE_SIZE); ret = filemap_write_and_wait_range(inode->i_mapping, ioffset, LLONG_MAX); if (ret) return ret; mutex_lock(&inode->i_mutex); if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) { ret = -EOPNOTSUPP; goto out_mutex; } if (inode->i_size + len > inode->i_sb->s_maxbytes) { ret = -EFBIG; goto out_mutex; } if (offset >= i_size_read(inode)) { ret = -EINVAL; goto out_mutex; } truncate_pagecache(inode, ioffset); ext4_inode_block_unlocked_dio(inode); inode_dio_wait(inode); credits = ext4_writepage_trans_blocks(inode); handle = ext4_journal_start(inode, EXT4_HT_TRUNCATE, credits); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out_dio; } inode->i_size += len; EXT4_I(inode)->i_disksize += len; inode->i_mtime = inode->i_ctime = ext4_current_time(inode); ret = ext4_mark_inode_dirty(handle, inode); if (ret) goto out_stop; down_write(&EXT4_I(inode)->i_data_sem); ext4_discard_preallocations(inode); path = ext4_find_extent(inode, offset_lblk, NULL, 0); if (IS_ERR(path)) { up_write(&EXT4_I(inode)->i_data_sem); goto out_stop; } depth = ext_depth(inode); extent = path[depth].p_ext; if (extent) { ee_start_lblk = le32_to_cpu(extent->ee_block); ee_len = ext4_ext_get_actual_len(extent); if ((offset_lblk > ee_start_lblk) && (offset_lblk < (ee_start_lblk + ee_len))) { if (ext4_ext_is_unwritten(extent)) split_flag = EXT4_EXT_MARK_UNWRIT1 | EXT4_EXT_MARK_UNWRIT2; ret = ext4_split_extent_at(handle, inode, &path, offset_lblk, split_flag, EXT4_EX_NOCACHE | EXT4_GET_BLOCKS_PRE_IO | EXT4_GET_BLOCKS_METADATA_NOFAIL); } ext4_ext_drop_refs(path); kfree(path); if (ret < 0) { up_write(&EXT4_I(inode)->i_data_sem); goto out_stop; } } ret = ext4_es_remove_extent(inode, offset_lblk, EXT_MAX_BLOCKS - offset_lblk); if (ret) { up_write(&EXT4_I(inode)->i_data_sem); goto out_stop; } ret = ext4_ext_shift_extents(inode, handle, ee_start_lblk > offset_lblk ? ee_start_lblk : offset_lblk, len_lblk, SHIFT_RIGHT); up_write(&EXT4_I(inode)->i_data_sem); if (IS_SYNC(inode)) ext4_handle_sync(handle); out_stop: ext4_journal_stop(handle); out_dio: ext4_inode_resume_unlocked_dio(inode); out_mutex: mutex_unlock(&inode->i_mutex); return ret; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,204483937319933,1 2191,CWE-125,"SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) { struct smb_rqst rqst; struct smb2_negotiate_req *req; struct smb2_negotiate_rsp *rsp; struct kvec iov[1]; struct kvec rsp_iov; int rc = 0; int resp_buftype; struct TCP_Server_Info *server = ses->server; int blob_offset, blob_length; char *security_blob; int flags = CIFS_NEG_OP; unsigned int total_len; cifs_dbg(FYI, ""Negotiate protocol\n""); if (!server) { WARN(1, ""%s: server is NULL!\n"", __func__); return -EIO; } rc = smb2_plain_req_init(SMB2_NEGOTIATE, NULL, (void **) &req, &total_len); if (rc) return rc; req->sync_hdr.SessionId = 0; memset(server->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); memset(ses->preauth_sha_hash, 0, SMB2_PREAUTH_HASH_SIZE); if (strcmp(ses->server->vals->version_string, SMB3ANY_VERSION_STRING) == 0) { req->Dialects[0] = cpu_to_le16(SMB30_PROT_ID); req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID); req->DialectCount = cpu_to_le16(2); total_len += 4; } else if (strcmp(ses->server->vals->version_string, SMBDEFAULT_VERSION_STRING) == 0) { req->Dialects[0] = cpu_to_le16(SMB21_PROT_ID); req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID); req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID); req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID); req->DialectCount = cpu_to_le16(4); total_len += 8; } else { req->Dialects[0] = cpu_to_le16(ses->server->vals->protocol_id); req->DialectCount = cpu_to_le16(1); total_len += 2; } if (ses->sign) req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_REQUIRED); else if (global_secflags & CIFSSEC_MAY_SIGN) req->SecurityMode = cpu_to_le16(SMB2_NEGOTIATE_SIGNING_ENABLED); else req->SecurityMode = 0; req->Capabilities = cpu_to_le32(ses->server->vals->req_capabilities); if (ses->server->vals->protocol_id == SMB20_PROT_ID) memset(req->ClientGUID, 0, SMB2_CLIENT_GUID_SIZE); else { memcpy(req->ClientGUID, server->client_guid, SMB2_CLIENT_GUID_SIZE); if ((ses->server->vals->protocol_id == SMB311_PROT_ID) || (strcmp(ses->server->vals->version_string, SMBDEFAULT_VERSION_STRING) == 0)) assemble_neg_contexts(req, &total_len); } iov[0].iov_base = (char *)req; iov[0].iov_len = total_len; memset(&rqst, 0, sizeof(struct smb_rqst)); rqst.rq_iov = iov; rqst.rq_nvec = 1; rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov); cifs_small_buf_release(req); rsp = (struct smb2_negotiate_rsp *)rsp_iov.iov_base; if (rc == -EOPNOTSUPP) { cifs_dbg(VFS, ""Dialect not supported by server. Consider "" ""specifying vers=1.0 or vers=2.0 on mount for accessing"" "" older servers\n""); goto neg_exit; } else if (rc != 0) goto neg_exit; if (strcmp(ses->server->vals->version_string, SMB3ANY_VERSION_STRING) == 0) { if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { cifs_dbg(VFS, ""SMB2 dialect returned but not requested\n""); return -EIO; } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { cifs_dbg(VFS, ""SMB2.1 dialect returned but not requested\n""); return -EIO; } } else if (strcmp(ses->server->vals->version_string, SMBDEFAULT_VERSION_STRING) == 0) { if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) { cifs_dbg(VFS, ""SMB2 dialect returned but not requested\n""); return -EIO; } else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) { ses->server->ops = &smb21_operations; } else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) ses->server->ops = &smb311_operations; } else if (le16_to_cpu(rsp->DialectRevision) != ses->server->vals->protocol_id) { cifs_dbg(VFS, ""Illegal 0x%x dialect returned: not requested\n"", le16_to_cpu(rsp->DialectRevision)); return -EIO; } cifs_dbg(FYI, ""mode 0x%x\n"", rsp->SecurityMode); if (rsp->DialectRevision == cpu_to_le16(SMB20_PROT_ID)) cifs_dbg(FYI, ""negotiated smb2.0 dialect\n""); else if (rsp->DialectRevision == cpu_to_le16(SMB21_PROT_ID)) cifs_dbg(FYI, ""negotiated smb2.1 dialect\n""); else if (rsp->DialectRevision == cpu_to_le16(SMB30_PROT_ID)) cifs_dbg(FYI, ""negotiated smb3.0 dialect\n""); else if (rsp->DialectRevision == cpu_to_le16(SMB302_PROT_ID)) cifs_dbg(FYI, ""negotiated smb3.02 dialect\n""); else if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) cifs_dbg(FYI, ""negotiated smb3.1.1 dialect\n""); else { cifs_dbg(VFS, ""Illegal dialect returned by server 0x%x\n"", le16_to_cpu(rsp->DialectRevision)); rc = -EIO; goto neg_exit; } server->dialect = le16_to_cpu(rsp->DialectRevision); memcpy(server->preauth_sha_hash, ses->preauth_sha_hash, SMB2_PREAUTH_HASH_SIZE); server->negflavor = CIFS_NEGFLAVOR_EXTENDED; server->maxBuf = min_t(unsigned int, le32_to_cpu(rsp->MaxTransactSize), SMB2_MAX_BUFFER_SIZE); server->max_read = le32_to_cpu(rsp->MaxReadSize); server->max_write = le32_to_cpu(rsp->MaxWriteSize); server->sec_mode = le16_to_cpu(rsp->SecurityMode); if ((server->sec_mode & SMB2_SEC_MODE_FLAGS_ALL) != server->sec_mode) cifs_dbg(FYI, ""Server returned unexpected security mode 0x%x\n"", server->sec_mode); server->capabilities = le32_to_cpu(rsp->Capabilities); server->capabilities |= SMB2_NT_FIND | SMB2_LARGE_FILES; security_blob = smb2_get_data_area_len(&blob_offset, &blob_length, (struct smb2_sync_hdr *)rsp); if (blob_length == 0) { cifs_dbg(FYI, ""missing security blob on negprot\n""); server->sec_ntlmssp = true; } rc = cifs_enable_signing(server, ses->sign); if (rc) goto neg_exit; if (blob_length) { rc = decode_negTokenInit(security_blob, blob_length, server); if (rc == 1) rc = 0; else if (rc == 0) rc = -EIO; } if (rsp->DialectRevision == cpu_to_le16(SMB311_PROT_ID)) { if (rsp->NegotiateContextCount) rc = smb311_decode_neg_context(rsp, server, rsp_iov.iov_len); else cifs_dbg(VFS, ""Missing expected negotiate contexts\n""); } neg_exit: free_rsp_buf(resp_buftype, rsp); return rc; }",visit repo url,fs/cifs/smb2pdu.c,https://github.com/torvalds/linux,112514023351447,1 2661,[],"void sctp_endpoint_hold(struct sctp_endpoint *ep) { atomic_inc(&ep->base.refcnt); }",linux-2.6,,,70493511557296021220596556854080938106,0 5552,[],"SYSCALL_DEFINE4(rt_sigprocmask, int, how, sigset_t __user *, set, sigset_t __user *, oset, size_t, sigsetsize) { int error = -EINVAL; sigset_t old_set, new_set; if (sigsetsize != sizeof(sigset_t)) goto out; if (set) { error = -EFAULT; if (copy_from_user(&new_set, set, sizeof(*set))) goto out; sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP)); error = sigprocmask(how, &new_set, &old_set); if (error) goto out; if (oset) goto set_old; } else if (oset) { spin_lock_irq(¤t->sighand->siglock); old_set = current->blocked; spin_unlock_irq(¤t->sighand->siglock); set_old: error = -EFAULT; if (copy_to_user(oset, &old_set, sizeof(*oset))) goto out; } error = 0; out: return error; }",linux-2.6,,,127186445302350531069296492257983509578,0 1802,[],"static void arch_destroy_sched_domains(const cpumask_t *cpu_map, cpumask_t *tmpmask) { free_sched_groups(cpu_map, tmpmask); }",linux-2.6,,,71153679099177947504900350566444805791,0 1843,CWE-667,"int pipe_resize_ring(struct pipe_inode_info *pipe, unsigned int nr_slots) { struct pipe_buffer *bufs; unsigned int head, tail, mask, n; mask = pipe->ring_size - 1; head = pipe->head; tail = pipe->tail; n = pipe_occupancy(pipe->head, pipe->tail); if (nr_slots < n) return -EBUSY; bufs = kcalloc(nr_slots, sizeof(*bufs), GFP_KERNEL_ACCOUNT | __GFP_NOWARN); if (unlikely(!bufs)) return -ENOMEM; if (n > 0) { unsigned int h = head & mask; unsigned int t = tail & mask; if (h > t) { memcpy(bufs, pipe->bufs + t, n * sizeof(struct pipe_buffer)); } else { unsigned int tsize = pipe->ring_size - t; if (h > 0) memcpy(bufs + tsize, pipe->bufs, h * sizeof(struct pipe_buffer)); memcpy(bufs, pipe->bufs + t, tsize * sizeof(struct pipe_buffer)); } } head = n; tail = 0; kfree(pipe->bufs); pipe->bufs = bufs; pipe->ring_size = nr_slots; if (pipe->max_usage > nr_slots) pipe->max_usage = nr_slots; pipe->tail = tail; pipe->head = head; wake_up_interruptible(&pipe->wr_wait); return 0; }",visit repo url,fs/pipe.c,https://github.com/torvalds/linux,50552763430704,1 4530,CWE-122,"GF_Err dac3_box_write(GF_Box *s, GF_BitStream *bs) { GF_Err e; GF_AC3ConfigBox *ptr = (GF_AC3ConfigBox *)s; if (ptr->cfg.is_ec3) s->type = GF_ISOM_BOX_TYPE_DEC3; e = gf_isom_box_write_header(s, bs); if (ptr->cfg.is_ec3) s->type = GF_ISOM_BOX_TYPE_DAC3; if (e) return e; e = gf_odf_ac3_cfg_write_bs(&ptr->cfg, bs); if (e) return e; if (ptr->cfg.atmos_ec3_ext || ptr->cfg.complexity_index_type) { gf_bs_write_int(bs, 0, 7); gf_bs_write_int(bs, ptr->cfg.atmos_ec3_ext, 1); gf_bs_write_u8(bs, ptr->cfg.complexity_index_type); } return GF_OK; }",visit repo url,src/isomedia/box_code_base.c,https://github.com/gpac/gpac,45703999781439,1 1919,CWE-476,"static int f2fs_set_data_page_dirty(struct page *page) { struct address_space *mapping = page->mapping; struct inode *inode = mapping->host; trace_f2fs_set_page_dirty(page, DATA); if (!PageUptodate(page)) SetPageUptodate(page); if (f2fs_is_atomic_file(inode) && !f2fs_is_commit_atomic_write(inode)) { if (!IS_ATOMIC_WRITTEN_PAGE(page)) { f2fs_register_inmem_page(inode, page); return 1; } return 0; } if (!PageDirty(page)) { __set_page_dirty_nobuffers(page); f2fs_update_dirty_page(inode, page); return 1; } return 0; }",visit repo url,fs/f2fs/data.c,https://github.com/torvalds/linux,248546608792086,1 590,[],"static struct dentry *bad_inode_lookup(struct inode *dir, struct dentry *dentry, struct nameidata *nd) { return ERR_PTR(-EIO); }",linux-2.6,,,77410976213868256873211838165464707940,0 447,CWE-200,"SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *, infop, int, options, struct rusage __user *, ru) { struct rusage r; struct waitid_info info = {.status = 0}; long err = kernel_waitid(which, upid, &info, options, ru ? &r : NULL); int signo = 0; if (err > 0) { signo = SIGCHLD; err = 0; } if (!err) { if (ru && copy_to_user(ru, &r, sizeof(struct rusage))) return -EFAULT; } if (!infop) return err; user_access_begin(); unsafe_put_user(signo, &infop->si_signo, Efault); unsafe_put_user(0, &infop->si_errno, Efault); unsafe_put_user(info.cause, &infop->si_code, Efault); unsafe_put_user(info.pid, &infop->si_pid, Efault); unsafe_put_user(info.uid, &infop->si_uid, Efault); unsafe_put_user(info.status, &infop->si_status, Efault); user_access_end(); return err; Efault: user_access_end(); return -EFAULT; }",visit repo url,kernel/exit.c,https://github.com/torvalds/linux,228993989710223,1 2264,NVD-CWE-Other,"ext4_ext_handle_uninitialized_extents(handle_t *handle, struct inode *inode, ext4_lblk_t iblock, unsigned int max_blocks, struct ext4_ext_path *path, int flags, unsigned int allocated, struct buffer_head *bh_result, ext4_fsblk_t newblock) { int ret = 0; int err = 0; ext4_io_end_t *io = EXT4_I(inode)->cur_aio_dio; ext_debug(""ext4_ext_handle_uninitialized_extents: inode %lu, logical"" ""block %llu, max_blocks %u, flags %d, allocated %u"", inode->i_ino, (unsigned long long)iblock, max_blocks, flags, allocated); ext4_ext_show_leaf(inode, path); if (flags == EXT4_GET_BLOCKS_PRE_IO) { ret = ext4_split_unwritten_extents(handle, inode, path, iblock, max_blocks, flags); if (io) io->flag = EXT4_IO_UNWRITTEN; else ext4_set_inode_state(inode, EXT4_STATE_DIO_UNWRITTEN); goto out; } if (flags == EXT4_GET_BLOCKS_CONVERT) { ret = ext4_convert_unwritten_extents_endio(handle, inode, path); if (ret >= 0) ext4_update_inode_fsync_trans(handle, inode, 1); goto out2; } if (flags & EXT4_GET_BLOCKS_UNINIT_EXT) goto map_out; if ((flags & EXT4_GET_BLOCKS_CREATE) == 0) { set_buffer_unwritten(bh_result); goto out1; } ret = ext4_ext_convert_to_initialized(handle, inode, path, iblock, max_blocks); if (ret >= 0) ext4_update_inode_fsync_trans(handle, inode, 1); out: if (ret <= 0) { err = ret; goto out2; } else allocated = ret; set_buffer_new(bh_result); if (allocated > max_blocks) { unmap_underlying_metadata_blocks(inode->i_sb->s_bdev, newblock + max_blocks, allocated - max_blocks); allocated = max_blocks; } if (flags & EXT4_GET_BLOCKS_DELALLOC_RESERVE) ext4_da_update_reserve_space(inode, allocated, 0); map_out: set_buffer_mapped(bh_result); out1: if (allocated > max_blocks) allocated = max_blocks; ext4_ext_show_leaf(inode, path); bh_result->b_bdev = inode->i_sb->s_bdev; bh_result->b_blocknr = newblock; out2: if (path) { ext4_ext_drop_refs(path); kfree(path); } return err ? err : allocated; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,211207167929982,1 3271,['CWE-189'],"int rateallocate(jpc_enc_t *enc, int numlyrs, uint_fast32_t *cumlens) { jpc_flt_t lo; jpc_flt_t hi; jas_stream_t *out; long cumlen; int lyrno; jpc_flt_t thresh; jpc_flt_t goodthresh; int success; long pos; long oldpos; int numiters; jpc_enc_tcmpt_t *comp; jpc_enc_tcmpt_t *endcomps; jpc_enc_rlvl_t *lvl; jpc_enc_rlvl_t *endlvls; jpc_enc_band_t *band; jpc_enc_band_t *endbands; jpc_enc_cblk_t *cblk; jpc_enc_cblk_t *endcblks; jpc_enc_pass_t *pass; jpc_enc_pass_t *endpasses; jpc_enc_pass_t *pass1; jpc_flt_t mxrdslope; jpc_flt_t mnrdslope; jpc_enc_tile_t *tile; jpc_enc_prc_t *prc; int prcno; tile = enc->curtile; for (lyrno = 1; lyrno < numlyrs - 1; ++lyrno) { if (cumlens[lyrno - 1] > cumlens[lyrno]) { abort(); } } if (!(out = jas_stream_memopen(0, 0))) { return -1; } mnrdslope = DBL_MAX; mxrdslope = 0; endcomps = &tile->tcmpts[tile->numtcmpts]; for (comp = tile->tcmpts; comp != endcomps; ++comp) { endlvls = &comp->rlvls[comp->numrlvls]; for (lvl = comp->rlvls; lvl != endlvls; ++lvl) { if (!lvl->bands) { continue; } endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { continue; } for (prcno = 0, prc = band->prcs; prcno < lvl->numprcs; ++prcno, ++prc) { if (!prc->cblks) { continue; } endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { calcrdslopes(cblk); endpasses = &cblk->passes[cblk->numpasses]; for (pass = cblk->passes; pass != endpasses; ++pass) { if (pass->rdslope > 0) { if (pass->rdslope < mnrdslope) { mnrdslope = pass->rdslope; } if (pass->rdslope > mxrdslope) { mxrdslope = pass->rdslope; } } } } } } } } if (jas_getdbglevel()) { jas_eprintf(""min rdslope = %f max rdslope = %f\n"", mnrdslope, mxrdslope); } jpc_init_t2state(enc, 1); for (lyrno = 0; lyrno < numlyrs; ++lyrno) { lo = mnrdslope; hi = mxrdslope; success = 0; goodthresh = 0; numiters = 0; do { cumlen = cumlens[lyrno]; if (cumlen == UINT_FAST32_MAX) { assert(lyrno == numlyrs - 1); goodthresh = -1; success = 1; break; } thresh = (lo + hi) / 2; jpc_save_t2state(enc); oldpos = jas_stream_tell(out); assert(oldpos >= 0); endcomps = &tile->tcmpts[tile->numtcmpts]; for (comp = tile->tcmpts; comp != endcomps; ++comp) { endlvls = &comp->rlvls[comp->numrlvls]; for (lvl = comp->rlvls; lvl != endlvls; ++lvl) { if (!lvl->bands) { continue; } endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { continue; } for (prcno = 0, prc = band->prcs; prcno < lvl->numprcs; ++prcno, ++prc) { if (!prc->cblks) { continue; } endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { if (cblk->curpass) { endpasses = &cblk->passes[cblk->numpasses]; pass1 = cblk->curpass; for (pass = cblk->curpass; pass != endpasses; ++pass) { if (pass->rdslope >= thresh) { pass1 = &pass[1]; } } for (pass = cblk->curpass; pass != pass1; ++pass) { pass->lyrno = lyrno; } for (; pass != endpasses; ++pass) { pass->lyrno = -1; } } } } } } } endcomps = &tile->tcmpts[tile->numtcmpts]; for (comp = tile->tcmpts; comp != endcomps; ++comp) { endlvls = &comp->rlvls[comp->numrlvls]; for (lvl = comp->rlvls; lvl != endlvls; ++lvl) { if (!lvl->bands) { continue; } for (prcno = 0; prcno < lvl->numprcs; ++prcno) { if (jpc_enc_encpkt(enc, out, comp - tile->tcmpts, lvl - comp->rlvls, prcno, lyrno)) { return -1; } } } } pos = jas_stream_tell(out); assert(pos >= 0); if (pos > cumlen) { lo = thresh; } else if (pos <= cumlen) { hi = thresh; if (!success || thresh < goodthresh) { goodthresh = thresh; success = 1; } } jpc_restore_t2state(enc); if (jas_stream_seek(out, oldpos, SEEK_SET) < 0) { abort(); } if (jas_getdbglevel()) { jas_eprintf(""maxlen=%08ld actuallen=%08ld thresh=%f\n"", cumlen, pos, thresh); } ++numiters; } while (lo < hi - 1e-3 && numiters < 32); if (!success) { jas_eprintf(""warning: empty layer generated\n""); } if (jas_getdbglevel()) { jas_eprintf(""success %d goodthresh %f\n"", success, goodthresh); } endcomps = &tile->tcmpts[tile->numtcmpts]; for (comp = tile->tcmpts; comp != endcomps; ++comp) { endlvls = &comp->rlvls[comp->numrlvls]; for (lvl = comp->rlvls; lvl != endlvls; ++lvl) { if (!lvl->bands) { continue; } endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { continue; } for (prcno = 0, prc = band->prcs; prcno < lvl->numprcs; ++prcno, ++prc) { if (!prc->cblks) { continue; } endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { if (cblk->curpass) { endpasses = &cblk->passes[cblk->numpasses]; pass1 = cblk->curpass; if (success) { for (pass = cblk->curpass; pass != endpasses; ++pass) { if (pass->rdslope >= goodthresh) { pass1 = &pass[1]; } } } for (pass = cblk->curpass; pass != pass1; ++pass) { pass->lyrno = lyrno; } for (; pass != endpasses; ++pass) { pass->lyrno = -1; } } } } } } } endcomps = &tile->tcmpts[tile->numtcmpts]; for (comp = tile->tcmpts; comp != endcomps; ++comp) { endlvls = &comp->rlvls[comp->numrlvls]; for (lvl = comp->rlvls; lvl != endlvls; ++lvl) { if (!lvl->bands) { continue; } for (prcno = 0; prcno < lvl->numprcs; ++prcno) { if (jpc_enc_encpkt(enc, out, comp - tile->tcmpts, lvl - comp->rlvls, prcno, lyrno)) { return -1; } } } } } if (jas_getdbglevel() >= 5) { dump_layeringinfo(enc); } jas_stream_close(out); JAS_DBGLOG(10, (""done doing rateallocation\n"")); #if 0 jas_eprintf(""DONE RATE ALLOCATE\n""); #endif return 0; }",jasper,,,272363820496339562035724702034517256587,0 4685,['CWE-399'],"static inline __le16 ext4_rec_len_to_disk(unsigned len) { if (len == (1 << 16)) return cpu_to_le16(EXT4_MAX_REC_LEN); else if (len > (1 << 16)) BUG(); return cpu_to_le16(len);",linux-2.6,,,248094407898162335224434675156009322226,0 4271,['CWE-264'],"struct fs_struct *copy_fs_struct(struct fs_struct *old) { return __copy_fs_struct(old); }",linux-2.6,,,289752381420691141118602818572604118047,0 5885,['CWE-200'],"static void nr_destroy_timer(unsigned long data) { struct sock *sk=(struct sock *)data; bh_lock_sock(sk); sock_hold(sk); nr_destroy_socket(sk); bh_unlock_sock(sk); sock_put(sk); }",linux-2.6,,,116260520829410762424046367862902478965,0 6482,[],"lt_dladvise_global (lt_dladvise *padvise) { assert (padvise && *padvise); (*padvise)->is_symglobal = 1; return 0; }",libtool,,,22118419876800756512470296873903676309,0 1377,NVD-CWE-noinfo,"int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name, const char *xattr_value, size_t xattr_value_len) { struct inode *inode = dentry->d_inode; struct evm_ima_xattr_data xattr_data; int rc = 0; rc = evm_calc_hmac(dentry, xattr_name, xattr_value, xattr_value_len, xattr_data.digest); if (rc == 0) { xattr_data.type = EVM_XATTR_HMAC; rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM, &xattr_data, sizeof(xattr_data), 0); } else if (rc == -ENODATA) rc = inode->i_op->removexattr(dentry, XATTR_NAME_EVM); return rc; }",visit repo url,security/integrity/evm/evm_crypto.c,https://github.com/torvalds/linux,41652004367332,1 4113,CWE-415,"_zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, bool local, zip_error_t *error) { zip_uint8_t buf[CDENTRYSIZE]; zip_uint16_t dostime, dosdate; zip_uint32_t size, variable_size; zip_uint16_t filename_len, comment_len, ef_len; bool from_buffer = (buffer != NULL); size = local ? LENTRYSIZE : CDENTRYSIZE; if (buffer) { if (_zip_buffer_left(buffer) < size) { zip_error_set(error, ZIP_ER_NOZIP, 0); return -1; } } else { if ((buffer = _zip_buffer_new_from_source(src, size, buf, error)) == NULL) { return -1; } } if (memcmp(_zip_buffer_get(buffer, 4), (local ? LOCAL_MAGIC : CENTRAL_MAGIC), 4) != 0) { zip_error_set(error, ZIP_ER_NOZIP, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } _zip_dirent_init(zde); if (!local) zde->version_madeby = _zip_buffer_get_16(buffer); else zde->version_madeby = 0; zde->version_needed = _zip_buffer_get_16(buffer); zde->bitflags = _zip_buffer_get_16(buffer); zde->comp_method = _zip_buffer_get_16(buffer); dostime = _zip_buffer_get_16(buffer); dosdate = _zip_buffer_get_16(buffer); zde->last_mod = _zip_d2u_time(dostime, dosdate); zde->crc = _zip_buffer_get_32(buffer); zde->comp_size = _zip_buffer_get_32(buffer); zde->uncomp_size = _zip_buffer_get_32(buffer); filename_len = _zip_buffer_get_16(buffer); ef_len = _zip_buffer_get_16(buffer); if (local) { comment_len = 0; zde->disk_number = 0; zde->int_attrib = 0; zde->ext_attrib = 0; zde->offset = 0; } else { comment_len = _zip_buffer_get_16(buffer); zde->disk_number = _zip_buffer_get_16(buffer); zde->int_attrib = _zip_buffer_get_16(buffer); zde->ext_attrib = _zip_buffer_get_32(buffer); zde->offset = _zip_buffer_get_32(buffer); } if (!_zip_buffer_ok(buffer)) { zip_error_set(error, ZIP_ER_INTERNAL, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (zde->bitflags & ZIP_GPBF_ENCRYPTED) { if (zde->bitflags & ZIP_GPBF_STRONG_ENCRYPTION) { zde->encryption_method = ZIP_EM_UNKNOWN; } else { zde->encryption_method = ZIP_EM_TRAD_PKWARE; } } else { zde->encryption_method = ZIP_EM_NONE; } zde->filename = NULL; zde->extra_fields = NULL; zde->comment = NULL; variable_size = (zip_uint32_t)filename_len+(zip_uint32_t)ef_len+(zip_uint32_t)comment_len; if (from_buffer) { if (_zip_buffer_left(buffer) < variable_size) { zip_error_set(error, ZIP_ER_INCONS, 0); return -1; } } else { _zip_buffer_free(buffer); if ((buffer = _zip_buffer_new_from_source(src, variable_size, NULL, error)) == NULL) { return -1; } } if (filename_len) { zde->filename = _zip_read_string(buffer, src, filename_len, 1, error); if (!zde->filename) { if (zip_error_code_zip(error) == ZIP_ER_EOF) { zip_error_set(error, ZIP_ER_INCONS, 0); } if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (zde->bitflags & ZIP_GPBF_ENCODING_UTF_8) { if (_zip_guess_encoding(zde->filename, ZIP_ENCODING_UTF8_KNOWN) == ZIP_ENCODING_ERROR) { zip_error_set(error, ZIP_ER_INCONS, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } } } if (ef_len) { zip_uint8_t *ef = _zip_read_data(buffer, src, ef_len, 0, error); if (ef == NULL) { if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (!_zip_ef_parse(ef, ef_len, local ? ZIP_EF_LOCAL : ZIP_EF_CENTRAL, &zde->extra_fields, error)) { free(ef); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } free(ef); if (local) zde->local_extra_fields_read = 1; } if (comment_len) { zde->comment = _zip_read_string(buffer, src, comment_len, 0, error); if (!zde->comment) { if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (zde->bitflags & ZIP_GPBF_ENCODING_UTF_8) { if (_zip_guess_encoding(zde->comment, ZIP_ENCODING_UTF8_KNOWN) == ZIP_ENCODING_ERROR) { zip_error_set(error, ZIP_ER_INCONS, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } } } zde->filename = _zip_dirent_process_ef_utf_8(zde, ZIP_EF_UTF_8_NAME, zde->filename); zde->comment = _zip_dirent_process_ef_utf_8(zde, ZIP_EF_UTF_8_COMMENT, zde->comment); if (zde->uncomp_size == ZIP_UINT32_MAX || zde->comp_size == ZIP_UINT32_MAX || zde->offset == ZIP_UINT32_MAX) { zip_uint16_t got_len; zip_buffer_t *ef_buffer; const zip_uint8_t *ef = _zip_ef_get_by_id(zde->extra_fields, &got_len, ZIP_EF_ZIP64, 0, local ? ZIP_EF_LOCAL : ZIP_EF_CENTRAL, error); if (ef == NULL) { if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if ((ef_buffer = _zip_buffer_new((zip_uint8_t *)ef, got_len)) == NULL) { zip_error_set(error, ZIP_ER_MEMORY, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (zde->uncomp_size == ZIP_UINT32_MAX) zde->uncomp_size = _zip_buffer_get_64(ef_buffer); else if (local) { (void)_zip_buffer_skip(ef_buffer, 8); } if (zde->comp_size == ZIP_UINT32_MAX) zde->comp_size = _zip_buffer_get_64(ef_buffer); if (!local) { if (zde->offset == ZIP_UINT32_MAX) zde->offset = _zip_buffer_get_64(ef_buffer); if (zde->disk_number == ZIP_UINT16_MAX) zde->disk_number = _zip_buffer_get_32(buffer); } if (!_zip_buffer_eof(ef_buffer)) { zip_error_set(error, ZIP_ER_INCONS, 0); _zip_buffer_free(ef_buffer); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } _zip_buffer_free(ef_buffer); } if (!_zip_buffer_ok(buffer)) { zip_error_set(error, ZIP_ER_INTERNAL, 0); if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } if (!from_buffer) { _zip_buffer_free(buffer); } if (zde->offset > ZIP_INT64_MAX) { zip_error_set(error, ZIP_ER_SEEK, EFBIG); return -1; } if (!_zip_dirent_process_winzip_aes(zde, error)) { if (!from_buffer) { _zip_buffer_free(buffer); } return -1; } zde->extra_fields = _zip_ef_remove_internal(zde->extra_fields); return (zip_int64_t)(size + variable_size); }",visit repo url,lib/zip_dirent.c,https://github.com/nih-at/libzip,91723824183531,1 1747,CWE-19,"int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, unsigned int flags, struct timespec *timeout) { int fput_needed, err, datagrams; struct socket *sock; struct mmsghdr __user *entry; struct compat_mmsghdr __user *compat_entry; struct msghdr msg_sys; struct timespec end_time; if (timeout && poll_select_set_timeout(&end_time, timeout->tv_sec, timeout->tv_nsec)) return -EINVAL; datagrams = 0; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) return err; err = sock_error(sock->sk); if (err) goto out_put; entry = mmsg; compat_entry = (struct compat_mmsghdr __user *)mmsg; while (datagrams < vlen) { if (MSG_CMSG_COMPAT & flags) { err = ___sys_recvmsg(sock, (struct user_msghdr __user *)compat_entry, &msg_sys, flags & ~MSG_WAITFORONE, datagrams); if (err < 0) break; err = __put_user(err, &compat_entry->msg_len); ++compat_entry; } else { err = ___sys_recvmsg(sock, (struct user_msghdr __user *)entry, &msg_sys, flags & ~MSG_WAITFORONE, datagrams); if (err < 0) break; err = put_user(err, &entry->msg_len); ++entry; } if (err) break; ++datagrams; if (flags & MSG_WAITFORONE) flags |= MSG_DONTWAIT; if (timeout) { ktime_get_ts(timeout); *timeout = timespec_sub(end_time, *timeout); if (timeout->tv_sec < 0) { timeout->tv_sec = timeout->tv_nsec = 0; break; } if (timeout->tv_nsec == 0 && timeout->tv_sec == 0) break; } if (msg_sys.msg_flags & MSG_OOB) break; cond_resched(); } out_put: fput_light(sock->file, fput_needed); if (err == 0) return datagrams; if (datagrams != 0) { if (err != -EAGAIN) { sock->sk->sk_err = -err; } return datagrams; } return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,200993458781131,1 1878,CWE-362,"static int efi_capsule_flush(struct file *file, fl_owner_t id) { int ret = 0; struct capsule_info *cap_info = file->private_data; if (cap_info->index > 0) { pr_err(""capsule upload not complete\n""); efi_free_all_buff_pages(cap_info); ret = -ECANCELED; } return ret; }",visit repo url,drivers/firmware/efi/capsule-loader.c,https://github.com/torvalds/linux,172570249547240,1 3493,CWE-119,"set_cs_start(char *line) { char *p, *q, *r; if ((p = strstr(line, ""string currentfile""))) { if (!strstr(line, ""readstring"")) return; *p = '\0'; q = strrchr(line, '/'); if (q) { r = cs_start; ++q; while (!isspace(*q) && *q != '{') *r++ = *q++; *r = '\0'; } *p = 's'; } }",visit repo url,t1disasm.c,https://github.com/kohler/t1utils,104996552332199,1 3624,CWE-617,"lldp_decode(struct lldpd *cfg, char *frame, int s, struct lldpd_hardware *hardware, struct lldpd_chassis **newchassis, struct lldpd_port **newport) { struct lldpd_chassis *chassis; struct lldpd_port *port; const char lldpaddr[] = LLDP_MULTICAST_ADDR; const char dot1[] = LLDP_TLV_ORG_DOT1; const char dot3[] = LLDP_TLV_ORG_DOT3; const char med[] = LLDP_TLV_ORG_MED; const char dcbx[] = LLDP_TLV_ORG_DCBX; unsigned char orgid[3]; int length, gotend = 0, ttl_received = 0; int tlv_size, tlv_type, tlv_subtype; u_int8_t *pos, *tlv; char *b; #ifdef ENABLE_DOT1 struct lldpd_vlan *vlan = NULL; int vlan_len; struct lldpd_ppvid *ppvid; struct lldpd_pi *pi = NULL; #endif struct lldpd_mgmt *mgmt; int af; u_int8_t addr_str_length, addr_str_buffer[32]; u_int8_t addr_family, addr_length, *addr_ptr, iface_subtype; u_int32_t iface_number, iface; #ifdef ENABLE_CUSTOM struct lldpd_custom *custom = NULL; #endif log_debug(""lldp"", ""receive LLDP PDU on %s"", hardware->h_ifname); if ((chassis = calloc(1, sizeof(struct lldpd_chassis))) == NULL) { log_warn(""lldp"", ""failed to allocate remote chassis""); return -1; } TAILQ_INIT(&chassis->c_mgmt); if ((port = calloc(1, sizeof(struct lldpd_port))) == NULL) { log_warn(""lldp"", ""failed to allocate remote port""); free(chassis); return -1; } #ifdef ENABLE_DOT1 TAILQ_INIT(&port->p_vlans); TAILQ_INIT(&port->p_ppvids); TAILQ_INIT(&port->p_pids); #endif #ifdef ENABLE_CUSTOM TAILQ_INIT(&port->p_custom_list); #endif length = s; pos = (u_int8_t*)frame; if (length < 2*ETHER_ADDR_LEN + sizeof(u_int16_t)) { log_warnx(""lldp"", ""too short frame received on %s"", hardware->h_ifname); goto malformed; } if (PEEK_CMP(lldpaddr, ETHER_ADDR_LEN) != 0) { log_info(""lldp"", ""frame not targeted at LLDP multicast address received on %s"", hardware->h_ifname); goto malformed; } PEEK_DISCARD(ETHER_ADDR_LEN); if (PEEK_UINT16 != ETHERTYPE_LLDP) { log_info(""lldp"", ""non LLDP frame received on %s"", hardware->h_ifname); goto malformed; } while (length && (!gotend)) { if (length < 2) { log_warnx(""lldp"", ""tlv header too short received on %s"", hardware->h_ifname); goto malformed; } tlv_size = PEEK_UINT16; tlv_type = tlv_size >> 9; tlv_size = tlv_size & 0x1ff; (void)PEEK_SAVE(tlv); if (length < tlv_size) { log_warnx(""lldp"", ""frame too short for tlv received on %s"", hardware->h_ifname); goto malformed; } switch (tlv_type) { case LLDP_TLV_END: if (tlv_size != 0) { log_warnx(""lldp"", ""lldp end received with size not null on %s"", hardware->h_ifname); goto malformed; } if (length) log_debug(""lldp"", ""extra data after lldp end on %s"", hardware->h_ifname); gotend = 1; break; case LLDP_TLV_CHASSIS_ID: case LLDP_TLV_PORT_ID: CHECK_TLV_SIZE(2, ""Port Id""); tlv_subtype = PEEK_UINT8; if ((tlv_subtype == 0) || (tlv_subtype > 7)) { log_warnx(""lldp"", ""unknown subtype for tlv id received on %s"", hardware->h_ifname); goto malformed; } if ((b = (char *)calloc(1, tlv_size - 1)) == NULL) { log_warn(""lldp"", ""unable to allocate memory for id tlv "" ""received on %s"", hardware->h_ifname); goto malformed; } PEEK_BYTES(b, tlv_size - 1); if (tlv_type == LLDP_TLV_PORT_ID) { port->p_id_subtype = tlv_subtype; port->p_id = b; port->p_id_len = tlv_size - 1; } else { chassis->c_id_subtype = tlv_subtype; chassis->c_id = b; chassis->c_id_len = tlv_size - 1; } break; case LLDP_TLV_TTL: CHECK_TLV_SIZE(2, ""TTL""); chassis->c_ttl = PEEK_UINT16; ttl_received = 1; break; case LLDP_TLV_PORT_DESCR: case LLDP_TLV_SYSTEM_NAME: case LLDP_TLV_SYSTEM_DESCR: if (tlv_size < 1) { log_debug(""lldp"", ""empty tlv received on %s"", hardware->h_ifname); break; } if ((b = (char *)calloc(1, tlv_size + 1)) == NULL) { log_warn(""lldp"", ""unable to allocate memory for string tlv "" ""received on %s"", hardware->h_ifname); goto malformed; } PEEK_BYTES(b, tlv_size); if (tlv_type == LLDP_TLV_PORT_DESCR) port->p_descr = b; else if (tlv_type == LLDP_TLV_SYSTEM_NAME) chassis->c_name = b; else chassis->c_descr = b; break; case LLDP_TLV_SYSTEM_CAP: CHECK_TLV_SIZE(4, ""System capabilities""); chassis->c_cap_available = PEEK_UINT16; chassis->c_cap_enabled = PEEK_UINT16; break; case LLDP_TLV_MGMT_ADDR: CHECK_TLV_SIZE(1, ""Management address""); addr_str_length = PEEK_UINT8; if (addr_str_length > sizeof(addr_str_buffer)) { log_warnx(""lldp"", ""too large management address on %s"", hardware->h_ifname); goto malformed; } CHECK_TLV_SIZE(1 + addr_str_length, ""Management address""); PEEK_BYTES(addr_str_buffer, addr_str_length); addr_length = addr_str_length - 1; addr_family = addr_str_buffer[0]; addr_ptr = &addr_str_buffer[1]; CHECK_TLV_SIZE(1 + addr_str_length + 5, ""Management address""); iface_subtype = PEEK_UINT8; iface_number = PEEK_UINT32; af = lldpd_af_from_lldp_proto(addr_family); if (af == LLDPD_AF_UNSPEC) break; if (iface_subtype == LLDP_MGMT_IFACE_IFINDEX) iface = iface_number; else iface = 0; mgmt = lldpd_alloc_mgmt(af, addr_ptr, addr_length, iface); if (mgmt == NULL) { assert(errno == ENOMEM); log_warn(""lldp"", ""unable to allocate memory "" ""for management address""); goto malformed; } TAILQ_INSERT_TAIL(&chassis->c_mgmt, mgmt, m_entries); break; case LLDP_TLV_ORG: CHECK_TLV_SIZE(1 + (int)sizeof(orgid), ""Organisational""); PEEK_BYTES(orgid, sizeof(orgid)); tlv_subtype = PEEK_UINT8; if (memcmp(dot1, orgid, sizeof(orgid)) == 0) { #ifndef ENABLE_DOT1 hardware->h_rx_unrecognized_cnt++; #else switch (tlv_subtype) { case LLDP_TLV_DOT1_VLANNAME: CHECK_TLV_SIZE(7, ""VLAN""); if ((vlan = (struct lldpd_vlan *)calloc(1, sizeof(struct lldpd_vlan))) == NULL) { log_warn(""lldp"", ""unable to alloc vlan "" ""structure for "" ""tlv received on %s"", hardware->h_ifname); goto malformed; } vlan->v_vid = PEEK_UINT16; vlan_len = PEEK_UINT8; CHECK_TLV_SIZE(7 + vlan_len, ""VLAN""); if ((vlan->v_name = (char *)calloc(1, vlan_len + 1)) == NULL) { log_warn(""lldp"", ""unable to alloc vlan name for "" ""tlv received on %s"", hardware->h_ifname); goto malformed; } PEEK_BYTES(vlan->v_name, vlan_len); TAILQ_INSERT_TAIL(&port->p_vlans, vlan, v_entries); vlan = NULL; break; case LLDP_TLV_DOT1_PVID: CHECK_TLV_SIZE(6, ""PVID""); port->p_pvid = PEEK_UINT16; break; case LLDP_TLV_DOT1_PPVID: CHECK_TLV_SIZE(7, ""PPVID""); if ((ppvid = (struct lldpd_ppvid *)calloc(1, sizeof(struct lldpd_ppvid))) == NULL) { log_warn(""lldp"", ""unable to alloc ppvid "" ""structure for "" ""tlv received on %s"", hardware->h_ifname); goto malformed; } ppvid->p_cap_status = PEEK_UINT8; ppvid->p_ppvid = PEEK_UINT16; TAILQ_INSERT_TAIL(&port->p_ppvids, ppvid, p_entries); break; case LLDP_TLV_DOT1_PI: CHECK_TLV_SIZE(5, ""PI""); if ((pi = (struct lldpd_pi *)calloc(1, sizeof(struct lldpd_pi))) == NULL) { log_warn(""lldp"", ""unable to alloc PI "" ""structure for "" ""tlv received on %s"", hardware->h_ifname); goto malformed; } pi->p_pi_len = PEEK_UINT8; CHECK_TLV_SIZE(5 + pi->p_pi_len, ""PI""); if ((pi->p_pi = (char *)calloc(1, pi->p_pi_len)) == NULL) { log_warn(""lldp"", ""unable to alloc pid name for "" ""tlv received on %s"", hardware->h_ifname); goto malformed; } PEEK_BYTES(pi->p_pi, pi->p_pi_len); TAILQ_INSERT_TAIL(&port->p_pids, pi, p_entries); pi = NULL; break; default: hardware->h_rx_unrecognized_cnt++; } #endif } else if (memcmp(dot3, orgid, sizeof(orgid)) == 0) { #ifndef ENABLE_DOT3 hardware->h_rx_unrecognized_cnt++; #else switch (tlv_subtype) { case LLDP_TLV_DOT3_MAC: CHECK_TLV_SIZE(9, ""MAC/PHY""); port->p_macphy.autoneg_support = PEEK_UINT8; port->p_macphy.autoneg_enabled = (port->p_macphy.autoneg_support & 0x2) >> 1; port->p_macphy.autoneg_support = port->p_macphy.autoneg_support & 0x1; port->p_macphy.autoneg_advertised = PEEK_UINT16; port->p_macphy.mau_type = PEEK_UINT16; break; case LLDP_TLV_DOT3_LA: CHECK_TLV_SIZE(9, ""Link aggregation""); PEEK_DISCARD_UINT8; port->p_aggregid = PEEK_UINT32; break; case LLDP_TLV_DOT3_MFS: CHECK_TLV_SIZE(6, ""MFS""); port->p_mfs = PEEK_UINT16; break; case LLDP_TLV_DOT3_POWER: CHECK_TLV_SIZE(7, ""Power""); port->p_power.devicetype = PEEK_UINT8; port->p_power.supported = (port->p_power.devicetype & 0x2) >> 1; port->p_power.enabled = (port->p_power.devicetype & 0x4) >> 2; port->p_power.paircontrol = (port->p_power.devicetype & 0x8) >> 3; port->p_power.devicetype = (port->p_power.devicetype & 0x1)? LLDP_DOT3_POWER_PSE:LLDP_DOT3_POWER_PD; port->p_power.pairs = PEEK_UINT8; port->p_power.class = PEEK_UINT8; if (tlv_size >= 12) { port->p_power.powertype = PEEK_UINT8; port->p_power.source = (port->p_power.powertype & (1<<5 | 1<<4)) >> 4; port->p_power.priority = (port->p_power.powertype & (1<<1 | 1<<0)); port->p_power.powertype = (port->p_power.powertype & (1<<7))? LLDP_DOT3_POWER_8023AT_TYPE1: LLDP_DOT3_POWER_8023AT_TYPE2; port->p_power.requested = PEEK_UINT16; port->p_power.allocated = PEEK_UINT16; } else port->p_power.powertype = LLDP_DOT3_POWER_8023AT_OFF; break; default: hardware->h_rx_unrecognized_cnt++; } #endif } else if (memcmp(med, orgid, sizeof(orgid)) == 0) { #ifndef ENABLE_LLDPMED hardware->h_rx_unrecognized_cnt++; #else u_int32_t policy; unsigned loctype; unsigned power; switch (tlv_subtype) { case LLDP_TLV_MED_CAP: CHECK_TLV_SIZE(7, ""LLDP-MED capabilities""); chassis->c_med_cap_available = PEEK_UINT16; chassis->c_med_type = PEEK_UINT8; port->p_med_cap_enabled |= LLDP_MED_CAP_CAP; break; case LLDP_TLV_MED_POLICY: CHECK_TLV_SIZE(8, ""LLDP-MED policy""); policy = PEEK_UINT32; if (((policy >> 24) < 1) || ((policy >> 24) > LLDP_MED_APPTYPE_LAST)) { log_info(""lldp"", ""unknown policy field %d "" ""received on %s"", policy, hardware->h_ifname); break; } port->p_med_policy[(policy >> 24) - 1].type = (policy >> 24); port->p_med_policy[(policy >> 24) - 1].unknown = ((policy & 0x800000) != 0); port->p_med_policy[(policy >> 24) - 1].tagged = ((policy & 0x400000) != 0); port->p_med_policy[(policy >> 24) - 1].vid = (policy & 0x001FFE00) >> 9; port->p_med_policy[(policy >> 24) - 1].priority = (policy & 0x1C0) >> 6; port->p_med_policy[(policy >> 24) - 1].dscp = policy & 0x3F; port->p_med_cap_enabled |= LLDP_MED_CAP_POLICY; break; case LLDP_TLV_MED_LOCATION: CHECK_TLV_SIZE(5, ""LLDP-MED Location""); loctype = PEEK_UINT8; if ((loctype < 1) || (loctype > LLDP_MED_LOCFORMAT_LAST)) { log_info(""lldp"", ""unknown location type "" ""received on %s"", hardware->h_ifname); break; } if ((port->p_med_location[loctype - 1].data = (char*)malloc(tlv_size - 5)) == NULL) { log_warn(""lldp"", ""unable to allocate memory "" ""for LLDP-MED location for "" ""frame received on %s"", hardware->h_ifname); goto malformed; } PEEK_BYTES(port->p_med_location[loctype - 1].data, tlv_size - 5); port->p_med_location[loctype - 1].data_len = tlv_size - 5; port->p_med_location[loctype - 1].format = loctype; port->p_med_cap_enabled |= LLDP_MED_CAP_LOCATION; break; case LLDP_TLV_MED_MDI: CHECK_TLV_SIZE(7, ""LLDP-MED PoE-MDI""); power = PEEK_UINT8; switch (power & 0xC0) { case 0x0: port->p_med_power.devicetype = LLDP_MED_POW_TYPE_PSE; port->p_med_cap_enabled |= LLDP_MED_CAP_MDI_PSE; switch (power & 0x30) { case 0x0: port->p_med_power.source = LLDP_MED_POW_SOURCE_UNKNOWN; break; case 0x10: port->p_med_power.source = LLDP_MED_POW_SOURCE_PRIMARY; break; case 0x20: port->p_med_power.source = LLDP_MED_POW_SOURCE_BACKUP; break; default: port->p_med_power.source = LLDP_MED_POW_SOURCE_RESERVED; } break; case 0x40: port->p_med_power.devicetype = LLDP_MED_POW_TYPE_PD; port->p_med_cap_enabled |= LLDP_MED_CAP_MDI_PD; switch (power & 0x30) { case 0x0: port->p_med_power.source = LLDP_MED_POW_SOURCE_UNKNOWN; break; case 0x10: port->p_med_power.source = LLDP_MED_POW_SOURCE_PSE; break; case 0x20: port->p_med_power.source = LLDP_MED_POW_SOURCE_LOCAL; break; default: port->p_med_power.source = LLDP_MED_POW_SOURCE_BOTH; } break; default: port->p_med_power.devicetype = LLDP_MED_POW_TYPE_RESERVED; } if ((power & 0x0F) > LLDP_MED_POW_PRIO_LOW) port->p_med_power.priority = LLDP_MED_POW_PRIO_UNKNOWN; else port->p_med_power.priority = power & 0x0F; port->p_med_power.val = PEEK_UINT16; break; case LLDP_TLV_MED_IV_HW: case LLDP_TLV_MED_IV_SW: case LLDP_TLV_MED_IV_FW: case LLDP_TLV_MED_IV_SN: case LLDP_TLV_MED_IV_MANUF: case LLDP_TLV_MED_IV_MODEL: case LLDP_TLV_MED_IV_ASSET: if (tlv_size <= 4) b = NULL; else { if ((b = (char*)malloc(tlv_size - 3)) == NULL) { log_warn(""lldp"", ""unable to allocate "" ""memory for LLDP-MED "" ""inventory for frame "" ""received on %s"", hardware->h_ifname); goto malformed; } PEEK_BYTES(b, tlv_size - 4); b[tlv_size - 4] = '\0'; } switch (tlv_subtype) { case LLDP_TLV_MED_IV_HW: chassis->c_med_hw = b; break; case LLDP_TLV_MED_IV_FW: chassis->c_med_fw = b; break; case LLDP_TLV_MED_IV_SW: chassis->c_med_sw = b; break; case LLDP_TLV_MED_IV_SN: chassis->c_med_sn = b; break; case LLDP_TLV_MED_IV_MANUF: chassis->c_med_manuf = b; break; case LLDP_TLV_MED_IV_MODEL: chassis->c_med_model = b; break; case LLDP_TLV_MED_IV_ASSET: chassis->c_med_asset = b; break; } port->p_med_cap_enabled |= LLDP_MED_CAP_IV; break; default: hardware->h_rx_unrecognized_cnt++; } #endif } else if (memcmp(dcbx, orgid, sizeof(orgid)) == 0) { log_debug(""lldp"", ""unsupported DCBX tlv received on %s - ignore"", hardware->h_ifname); hardware->h_rx_unrecognized_cnt++; } else { log_debug(""lldp"", ""unknown org tlv [%02x:%02x:%02x] received on %s"", orgid[0], orgid[1], orgid[2], hardware->h_ifname); hardware->h_rx_unrecognized_cnt++; #ifdef ENABLE_CUSTOM custom = (struct lldpd_custom*)calloc(1, sizeof(struct lldpd_custom)); if (!custom) { log_warn(""lldp"", ""unable to allocate memory for custom TLV""); goto malformed; } custom->oui_info_len = tlv_size > 4 ? tlv_size - 4 : 0; memcpy(custom->oui, orgid, sizeof(custom->oui)); custom->subtype = tlv_subtype; if (custom->oui_info_len > 0) { custom->oui_info = malloc(custom->oui_info_len); if (!custom->oui_info) { log_warn(""lldp"", ""unable to allocate memory for custom TLV data""); goto malformed; } PEEK_BYTES(custom->oui_info, custom->oui_info_len); } TAILQ_INSERT_TAIL(&port->p_custom_list, custom, next); custom = NULL; #endif } break; default: log_warnx(""lldp"", ""unknown tlv (%d) received on %s"", tlv_type, hardware->h_ifname); goto malformed; } if (pos > tlv + tlv_size) { log_warnx(""lldp"", ""BUG: already past TLV!""); goto malformed; } PEEK_DISCARD(tlv + tlv_size - pos); } if ((chassis->c_id == NULL) || (port->p_id == NULL) || (!ttl_received) || (gotend == 0)) { log_warnx(""lldp"", ""some mandatory tlv are missing for frame received on %s"", hardware->h_ifname); goto malformed; } *newchassis = chassis; *newport = port; return 1; malformed: #ifdef ENABLE_CUSTOM free(custom); #endif #ifdef ENABLE_DOT1 free(vlan); free(pi); #endif lldpd_chassis_cleanup(chassis, 1); lldpd_port_cleanup(port, 1); free(port); return -1; }",visit repo url,src/daemon/protocols/lldp.c,https://github.com/vincentbernat/lldpd,78253004435428,1 2845,CWE-119,"horizontalDifferenceF(float *ip, int n, int stride, uint16 *wp, uint16 *FromLT2) { int32 r1, g1, b1, a1, r2, g2, b2, a2, mask; float fltsize = Fltsize; #define CLAMP(v) ( (v<(float)0.) ? 0 \ : (v<(float)2.) ? FromLT2[(int)(v*fltsize)] \ : (v>(float)24.2) ? 2047 \ : LogK1*log(v*LogK2) + 0.5 ) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); a2 = wp[3] = (uint16) CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = (int32) CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,249185675440749,1 4913,CWE-200,"char *url_decode_r(char *to, char *url, size_t size) { char *s = url, *d = to, *e = &to[size - 1]; while(*s && d < e) { if(unlikely(*s == '%')) { if(likely(s[1] && s[2])) { *d++ = from_hex(s[1]) << 4 | from_hex(s[2]); s += 2; } } else if(unlikely(*s == '+')) *d++ = ' '; else *d++ = *s; s++; } *d = '\0'; return to; }",visit repo url,libnetdata/url/url.c,https://github.com/netdata/netdata,126743033781353,1 4518,['CWE-20'],"int ext4_orphan_del(handle_t *handle, struct inode *inode) { struct list_head *prev; struct ext4_inode_info *ei = EXT4_I(inode); struct ext4_sb_info *sbi; __u32 ino_next; struct ext4_iloc iloc; int err = 0; if (!ext4_handle_valid(handle)) return 0; lock_super(inode->i_sb); if (list_empty(&ei->i_orphan)) { unlock_super(inode->i_sb); return 0; } ino_next = NEXT_ORPHAN(inode); prev = ei->i_orphan.prev; sbi = EXT4_SB(inode->i_sb); jbd_debug(4, ""remove inode %lu from orphan list\n"", inode->i_ino); list_del_init(&ei->i_orphan); if (sbi->s_journal && !handle) goto out; err = ext4_reserve_inode_write(handle, inode, &iloc); if (err) goto out_err; if (prev == &sbi->s_orphan) { jbd_debug(4, ""superblock will point to %u\n"", ino_next); BUFFER_TRACE(sbi->s_sbh, ""get_write_access""); err = ext4_journal_get_write_access(handle, sbi->s_sbh); if (err) goto out_brelse; sbi->s_es->s_last_orphan = cpu_to_le32(ino_next); err = ext4_handle_dirty_metadata(handle, inode, sbi->s_sbh); } else { struct ext4_iloc iloc2; struct inode *i_prev = &list_entry(prev, struct ext4_inode_info, i_orphan)->vfs_inode; jbd_debug(4, ""orphan inode %lu will point to %u\n"", i_prev->i_ino, ino_next); err = ext4_reserve_inode_write(handle, i_prev, &iloc2); if (err) goto out_brelse; NEXT_ORPHAN(i_prev) = ino_next; err = ext4_mark_iloc_dirty(handle, i_prev, &iloc2); } if (err) goto out_brelse; NEXT_ORPHAN(inode) = 0; err = ext4_mark_iloc_dirty(handle, inode, &iloc); out_err: ext4_std_error(inode->i_sb, err); out: unlock_super(inode->i_sb); return err; out_brelse: brelse(iloc.bh); goto out_err; }",linux-2.6,,,319893338018768651841635859210083383569,0 5411,CWE-269,"main(int argc, char **argv) { const char *safepath = SAFE_PATH; const char *confpath = NULL; char *shargv[] = { NULL, NULL }; char *sh; const char *cmd; char cmdline[LINE_MAX]; char myname[_PW_NAME_LEN + 1]; struct passwd *original_pw, *target_pw; struct rule *rule; uid_t uid; uid_t target = 0; gid_t groups[NGROUPS_MAX + 1]; int ngroups; int i, ch; int sflag = 0; int nflag = 0; char cwdpath[PATH_MAX]; const char *cwd; char *login_style = NULL; char **envp; #ifndef linux setprogname(""doas""); #endif #ifndef linux closefrom(STDERR_FILENO + 1); #endif uid = getuid(); while ((ch = getopt(argc, argv, ""a:C:nsu:"")) != -1) { switch (ch) { case 'a': login_style = optarg; break; case 'C': confpath = optarg; break; case 'u': if (parseuid(optarg, &target) != 0) errx(1, ""unknown user""); break; case 'n': nflag = 1; break; case 's': sflag = 1; break; default: usage(); break; } } argv += optind; argc -= optind; if (confpath) { if (sflag) usage(); } else if ((!sflag && !argc) || (sflag && argc)) usage(); original_pw = getpwuid(uid); if (! original_pw) err(1, ""getpwuid failed""); if (strlcpy(myname, original_pw->pw_name, sizeof(myname)) >= sizeof(myname)) errx(1, ""pw_name too long""); ngroups = getgroups(NGROUPS_MAX, groups); if (ngroups == -1) err(1, ""can't get groups""); groups[ngroups++] = getgid(); if (sflag) { sh = getenv(""SHELL""); if (sh == NULL || *sh == '\0') { shargv[0] = strdup(original_pw->pw_shell); if (shargv[0] == NULL) err(1, NULL); } else shargv[0] = sh; argv = shargv; argc = 1; } if (confpath) { checkconfig(confpath, argc, argv, uid, groups, ngroups, target); exit(1); } if (geteuid()) errx(1, ""not installed setuid""); parseconfig(DOAS_CONF, 1); (void)strlcpy(cmdline, argv[0], sizeof(cmdline)); for (i = 1; i < argc; i++) { if (strlcat(cmdline, "" "", sizeof(cmdline)) >= sizeof(cmdline)) break; if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline)) break; } cmd = argv[0]; if (!permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, ""failed command for %s: %s"", myname, cmdline); errc(1, EPERM, NULL); } if (!(rule->options & NOPASS)) { if (nflag) errx(1, ""Authorization required""); #if defined(USE_BSD_AUTH) authuser(myname, login_style, rule->options & PERSIST); #elif defined(USE_PAM) #define PAM_END(msg) do { \ syslog(LOG_ERR, ""%s: %s"", msg, pam_strerror(pamh, pam_err)); \ warnx(""%s: %s"", msg, pam_strerror(pamh, pam_err)); \ pam_end(pamh, pam_err); \ exit(EXIT_FAILURE); \ } while ( 0) pam_handle_t *pamh = NULL; int pam_err; int temp_stdin; temp_stdin = dup(STDIN_FILENO); if (temp_stdin == -1) err(1, ""dup""); close(STDIN_FILENO); int temp_stdout = dup(1); if (temp_stdout == -1) err(1, ""dup""); close(1); if (dup2(2, 1) == -1) err(1, ""dup2""); pam_err = pam_start(""doas"", myname, &pamc, &pamh); if (pam_err != PAM_SUCCESS) { if (pamh != NULL) PAM_END(""pam_start""); syslog(LOG_ERR, ""pam_start failed: %s"", pam_strerror(pamh, pam_err)); errx(EXIT_FAILURE, ""pam_start failed""); } switch (pam_err = pam_authenticate(pamh, PAM_SILENT)) { case PAM_SUCCESS: switch (pam_err = pam_acct_mgmt(pamh, PAM_SILENT)) { case PAM_SUCCESS: break; case PAM_NEW_AUTHTOK_REQD: pam_err = pam_chauthtok(pamh, PAM_SILENT|PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_err != PAM_SUCCESS) PAM_END(""pam_chauthtok""); break; case PAM_AUTH_ERR: case PAM_USER_UNKNOWN: case PAM_MAXTRIES: syslog(LOG_AUTHPRIV | LOG_NOTICE, ""failed auth for %s"", myname); errx(EXIT_FAILURE, ""second authentication failed""); break; default: PAM_END(""pam_acct_mgmt""); break; } break; case PAM_AUTH_ERR: case PAM_USER_UNKNOWN: case PAM_MAXTRIES: syslog(LOG_AUTHPRIV | LOG_NOTICE, ""failed auth for %s"", myname); errx(EXIT_FAILURE, ""authentication failed""); break; default: PAM_END(""pam_authenticate""); break; } pam_end(pamh, pam_err); #ifndef linux if (dup2(temp_stdin, STDIN_FILENO) == -1) err(1, ""dup2""); close(temp_stdin); #else close(1); if (dup2(temp_stdout, 1) == -1) err(1, ""dup2""); #endif #else #error No auth module! #endif } target_pw = getpwuid(target); if (! target_pw) errx(1, ""no passwd entry for target""); #if defined(HAVE_LOGIN_CAP_H) if (setusercontext(NULL, target_pw, target, LOGIN_SETGROUP | LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK | LOGIN_SETUSER) != 0) errx(1, ""failed to set user context for target""); #endif if (getcwd(cwdpath, sizeof(cwdpath)) == NULL) cwd = ""(failed)""; else cwd = cwdpath; #ifndef HAVE_LOGIN_CAP_H if (target != 0) setuid(target); if ( geteuid() == ROOT_UID ) setuid(ROOT_UID); #endif syslog(LOG_AUTHPRIV | LOG_INFO, ""%s ran command %s as %s from %s"", myname, cmdline, target_pw->pw_name, cwd); envp = prepenv(rule, original_pw, target_pw); if (rule->cmd) { if (setenv(""PATH"", safepath, 1) == -1) err(1, ""failed to set PATH '%s'"", safepath); } execvpe(cmd, argv, envp); if (errno == ENOENT) errx(1, ""%s: command not found"", cmd); err(1, ""%s"", cmd); }",visit repo url,doas.c,https://github.com/slicer69/doas,60958580479421,1 2868,['CWE-189'],"static jas_cmpxform_t *jas_cmpxform_create0() { jas_cmpxform_t *pxform; if (!(pxform = jas_malloc(sizeof(jas_cmpxform_t)))) return 0; memset(pxform, 0, sizeof(jas_cmpxform_t)); pxform->refcnt = 0; pxform->ops = 0; return pxform; }",jasper,,,138466897990243647448827880113397329809,0 5927,['CWE-909'],"static int check_loop(struct Qdisc *q, struct Qdisc *p, int depth) { struct check_loop_arg arg; if (q->ops->cl_ops == NULL) return 0; arg.w.stop = arg.w.skip = arg.w.count = 0; arg.w.fn = check_loop_fn; arg.depth = depth; arg.p = p; q->ops->cl_ops->walk(q, &arg.w); return arg.w.stop ? -ELOOP : 0; }",linux-2.6,,,188979766778433251815661195460145735268,0 4616,['CWE-399'],"#ifdef __KERNEL__ static inline struct ext4_sb_info *EXT4_SB(struct super_block *sb) { return sb->s_fs_info;",linux-2.6,,,196732934853963976344305033940736969984,0 4124,['CWE-399'],"static int sg_get_version(int __user *p) { static const int sg_version_num = 30527; return put_user(sg_version_num, p); }",linux-2.6,,,303577502448757877398198223679641731045,0 2979,['CWE-189'],"static jas_iccattrtab_t *jas_iccattrtab_create() { jas_iccattrtab_t *tab; tab = 0; if (!(tab = jas_malloc(sizeof(jas_iccattrtab_t)))) goto error; tab->maxattrs = 0; tab->numattrs = 0; tab->attrs = 0; if (jas_iccattrtab_resize(tab, 32)) goto error; return tab; error: if (tab) jas_iccattrtab_destroy(tab); return 0; }",jasper,,,169416010340381060123400626240566097622,0 3380,CWE-20,"static Image *ReadOneJNGImage(MngInfo *mng_info, const ImageInfo *image_info, ExceptionInfo *exception) { Image *alpha_image, *color_image, *image, *jng_image; ImageInfo *alpha_image_info, *color_image_info; MagickBooleanType logging; ssize_t y; MagickBooleanType status; png_uint_32 jng_height, jng_width; png_byte jng_color_type, jng_image_sample_depth, jng_image_compression_method, jng_image_interlace_method, jng_alpha_sample_depth, jng_alpha_compression_method, jng_alpha_filter_method, jng_alpha_interlace_method; register const Quantum *s; register ssize_t i, x; register Quantum *q; register unsigned char *p; unsigned int read_JSEP, reading_idat; size_t length; jng_alpha_compression_method=0; jng_alpha_sample_depth=8; jng_color_type=0; jng_height=0; jng_width=0; alpha_image=(Image *) NULL; color_image=(Image *) NULL; alpha_image_info=(ImageInfo *) NULL; color_image_info=(ImageInfo *) NULL; logging=LogMagickEvent(CoderEvent,GetMagickModule(), "" Enter ReadOneJNGImage()""); image=mng_info->image; if (GetAuthenticPixelQueue(image) != (Quantum *) NULL) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" AcquireNextImage()""); AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) return(DestroyImageList(image)); image=SyncNextImageInList(image); } mng_info->image=image; read_JSEP=MagickFalse; reading_idat=MagickFalse; for (;;) { char type[MagickPathExtent]; unsigned char *chunk; unsigned int count; status=SetImageProgress(image,LoadImagesTag,TellBlob(image), 2*GetBlobSize(image)); if (status == MagickFalse) break; type[0]='\0'; (void) ConcatenateMagickString(type,""errr"",MagickPathExtent); length=ReadBlobMSBLong(image); count=(unsigned int) ReadBlob(image,4,(unsigned char *) type); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading JNG chunk type %c%c%c%c, length: %.20g"", type[0],type[1],type[2],type[3],(double) length); if (length > PNG_UINT_31_MAX || count == 0) ThrowReaderException(CorruptImageError,""CorruptImage""); p=NULL; chunk=(unsigned char *) NULL; if (length != 0) { chunk=(unsigned char *) AcquireQuantumMemory(length,sizeof(*chunk)); if (chunk == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); for (i=0; i < (ssize_t) length; i++) chunk[i]=(unsigned char) ReadBlobByte(image); p=chunk; } (void) ReadBlobMSBLong(image); if (memcmp(type,mng_JHDR,4) == 0) { if (length == 16) { jng_width=(size_t) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); jng_height=(size_t) ((p[4] << 24) | (p[5] << 16) | (p[6] << 8) | p[7]); if ((jng_width == 0) || (jng_height == 0)) ThrowReaderException(CorruptImageError, ""NegativeOrZeroImageSize""); jng_color_type=p[8]; jng_image_sample_depth=p[9]; jng_image_compression_method=p[10]; jng_image_interlace_method=p[11]; image->interlace=jng_image_interlace_method != 0 ? PNGInterlace : NoInterlace; jng_alpha_sample_depth=p[12]; jng_alpha_compression_method=p[13]; jng_alpha_filter_method=p[14]; jng_alpha_interlace_method=p[15]; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_width: %16lu, jng_height: %16lu\n"" "" jng_color_type: %16d, jng_image_sample_depth: %3d\n"" "" jng_image_compression_method:%3d"", (unsigned long) jng_width, (unsigned long) jng_height, jng_color_type, jng_image_sample_depth, jng_image_compression_method); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_image_interlace_method: %3d"" "" jng_alpha_sample_depth: %3d"", jng_image_interlace_method, jng_alpha_sample_depth); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_alpha_compression_method:%3d\n"" "" jng_alpha_filter_method: %3d\n"" "" jng_alpha_interlace_method: %3d"", jng_alpha_compression_method, jng_alpha_filter_method, jng_alpha_interlace_method); } } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if ((reading_idat == MagickFalse) && (read_JSEP == MagickFalse) && ((memcmp(type,mng_JDAT,4) == 0) || (memcmp(type,mng_JdAA,4) == 0) || (memcmp(type,mng_IDAT,4) == 0) || (memcmp(type,mng_JDAA,4) == 0))) { color_image_info=(ImageInfo *)AcquireMagickMemory(sizeof(ImageInfo)); if (color_image_info == (ImageInfo *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); GetImageInfo(color_image_info); color_image=AcquireImage(color_image_info,exception); if (color_image == (Image *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Creating color_blob.""); (void) AcquireUniqueFilename(color_image->filename); status=OpenBlob(color_image_info,color_image,WriteBinaryBlobMode, exception); if (status == MagickFalse) { color_image=DestroyImage(color_image); return(DestroyImageList(image)); } if ((image_info->ping == MagickFalse) && (jng_color_type >= 12)) { alpha_image_info=(ImageInfo *) AcquireMagickMemory(sizeof(ImageInfo)); if (alpha_image_info == (ImageInfo *) NULL) { color_image=DestroyImage(color_image); ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } GetImageInfo(alpha_image_info); alpha_image=AcquireImage(alpha_image_info,exception); if (alpha_image == (Image *) NULL) { alpha_image_info=DestroyImageInfo(alpha_image_info); color_image=DestroyImage(color_image); ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Creating alpha_blob.""); (void) AcquireUniqueFilename(alpha_image->filename); status=OpenBlob(alpha_image_info,alpha_image,WriteBinaryBlobMode, exception); if (status == MagickFalse) { alpha_image=DestroyImage(alpha_image); alpha_image_info=DestroyImageInfo(alpha_image_info); color_image=DestroyImage(color_image); return(DestroyImageList(image)); } if (jng_alpha_compression_method == 0) { unsigned char data[18]; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing IHDR chunk to alpha_blob.""); (void) WriteBlob(alpha_image,8,(const unsigned char *) ""\211PNG\r\n\032\n""); (void) WriteBlobMSBULong(alpha_image,13L); PNGType(data,mng_IHDR); LogPNGChunk(logging,mng_IHDR,13L); PNGLong(data+4,jng_width); PNGLong(data+8,jng_height); data[12]=jng_alpha_sample_depth; data[13]=0; data[14]=0; data[15]=0; data[16]=0; (void) WriteBlob(alpha_image,17,data); (void) WriteBlobMSBULong(alpha_image,crc32(0,data,17)); } } reading_idat=MagickTrue; } if (memcmp(type,mng_JDAT,4) == 0) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying JDAT chunk data to color_blob.""); (void) WriteBlob(color_image,length,chunk); if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_IDAT,4) == 0) { png_byte data[5]; if (alpha_image != NULL && image_info->ping == MagickFalse) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying IDAT chunk data to alpha_blob.""); (void) WriteBlobMSBULong(alpha_image,(size_t) length); PNGType(data,mng_IDAT); LogPNGChunk(logging,mng_IDAT,length); (void) WriteBlob(alpha_image,4,data); (void) WriteBlob(alpha_image,length,chunk); (void) WriteBlobMSBULong(alpha_image, crc32(crc32(0,data,4),chunk,(uInt) length)); } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if ((memcmp(type,mng_JDAA,4) == 0) || (memcmp(type,mng_JdAA,4) == 0)) { if (alpha_image != NULL && image_info->ping == MagickFalse) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying JDAA chunk data to alpha_blob.""); (void) WriteBlob(alpha_image,length,chunk); } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_JSEP,4) == 0) { read_JSEP=MagickTrue; if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_bKGD,4) == 0) { if (length == 2) { image->background_color.red=ScaleCharToQuantum(p[1]); image->background_color.green=image->background_color.red; image->background_color.blue=image->background_color.red; } if (length == 6) { image->background_color.red=ScaleCharToQuantum(p[1]); image->background_color.green=ScaleCharToQuantum(p[3]); image->background_color.blue=ScaleCharToQuantum(p[5]); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_gAMA,4) == 0) { if (length == 4) image->gamma=((float) mng_get_long(p))*0.00001; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_cHRM,4) == 0) { if (length == 32) { image->chromaticity.white_point.x=0.00001*mng_get_long(p); image->chromaticity.white_point.y=0.00001*mng_get_long(&p[4]); image->chromaticity.red_primary.x=0.00001*mng_get_long(&p[8]); image->chromaticity.red_primary.y=0.00001*mng_get_long(&p[12]); image->chromaticity.green_primary.x=0.00001*mng_get_long(&p[16]); image->chromaticity.green_primary.y=0.00001*mng_get_long(&p[20]); image->chromaticity.blue_primary.x=0.00001*mng_get_long(&p[24]); image->chromaticity.blue_primary.y=0.00001*mng_get_long(&p[28]); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_sRGB,4) == 0) { if (length == 1) { image->rendering_intent= Magick_RenderingIntent_from_PNG_RenderingIntent(p[0]); image->gamma=1.000f/2.200f; image->chromaticity.red_primary.x=0.6400f; image->chromaticity.red_primary.y=0.3300f; image->chromaticity.green_primary.x=0.3000f; image->chromaticity.green_primary.y=0.6000f; image->chromaticity.blue_primary.x=0.1500f; image->chromaticity.blue_primary.y=0.0600f; image->chromaticity.white_point.x=0.3127f; image->chromaticity.white_point.y=0.3290f; } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_oFFs,4) == 0) { if (length > 8) { image->page.x=(ssize_t) mng_get_long(p); image->page.y=(ssize_t) mng_get_long(&p[4]); if ((int) p[8] != 0) { image->page.x/=10000; image->page.y/=10000; } } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_pHYs,4) == 0) { if (length > 8) { image->resolution.x=(double) mng_get_long(p); image->resolution.y=(double) mng_get_long(&p[4]); if ((int) p[8] == PNG_RESOLUTION_METER) { image->units=PixelsPerCentimeterResolution; image->resolution.x=image->resolution.x/100.0f; image->resolution.y=image->resolution.y/100.0f; } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } #if 0 if (memcmp(type,mng_iCCP,4) == 0) { if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } #endif if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); if (memcmp(type,mng_IEND,4)) continue; break; } if (color_image_info == (ImageInfo *) NULL) { assert(color_image == (Image *) NULL); assert(alpha_image == (Image *) NULL); return(DestroyImageList(image)); } if (color_image == (Image *) NULL) { assert(alpha_image == (Image *) NULL); return(DestroyImageList(image)); } (void) SeekBlob(color_image,0,SEEK_SET); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading jng_image from color_blob.""); assert(color_image_info != (ImageInfo *) NULL); (void) FormatLocaleString(color_image_info->filename,MagickPathExtent,""%s"", color_image->filename); color_image_info->ping=MagickFalse; jng_image=ReadImage(color_image_info,exception); (void) RelinquishUniqueFileResource(color_image->filename); color_image=DestroyImage(color_image); color_image_info=DestroyImageInfo(color_image_info); if (jng_image == (Image *) NULL) return(DestroyImageList(image)); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying jng_image pixels to main image.""); image->rows=jng_height; image->columns=jng_width; status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); for (y=0; y < (ssize_t) image->rows; y++) { s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); for (x=(ssize_t) image->columns; x != 0; x--) { SetPixelRed(image,GetPixelRed(jng_image,s),q); SetPixelGreen(image,GetPixelGreen(jng_image,s),q); SetPixelBlue(image,GetPixelBlue(jng_image,s),q); q+=GetPixelChannels(image); s+=GetPixelChannels(jng_image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } jng_image=DestroyImage(jng_image); if (image_info->ping == MagickFalse) { if (jng_color_type >= 12) { if (jng_alpha_compression_method == 0) { png_byte data[5]; (void) WriteBlobMSBULong(alpha_image,0x00000000L); PNGType(data,mng_IEND); LogPNGChunk(logging,mng_IEND,0L); (void) WriteBlob(alpha_image,4,data); (void) WriteBlobMSBULong(alpha_image,crc32(0,data,4)); } (void) CloseBlob(alpha_image); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading alpha from alpha_blob.""); (void) FormatLocaleString(alpha_image_info->filename,MagickPathExtent, ""%s"",alpha_image->filename); jng_image=ReadImage(alpha_image_info,exception); if (jng_image != (Image *) NULL) for (y=0; y < (ssize_t) image->rows; y++) { s=GetVirtualPixels(jng_image,0,y,image->columns,1, exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (image->alpha_trait != UndefinedPixelTrait) for (x=(ssize_t) image->columns; x != 0; x--) { SetPixelAlpha(image,GetPixelRed(jng_image,s),q); q+=GetPixelChannels(image); s+=GetPixelChannels(jng_image); } else for (x=(ssize_t) image->columns; x != 0; x--) { SetPixelAlpha(image,GetPixelRed(jng_image,s),q); if (GetPixelAlpha(image,q) != OpaqueAlpha) image->alpha_trait=BlendPixelTrait; q+=GetPixelChannels(image); s+=GetPixelChannels(jng_image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } (void) RelinquishUniqueFileResource(alpha_image->filename); alpha_image=DestroyImage(alpha_image); alpha_image_info=DestroyImageInfo(alpha_image_info); if (jng_image != (Image *) NULL) jng_image=DestroyImage(jng_image); } } if (mng_info->mng_type == 0) { mng_info->mng_width=jng_width; mng_info->mng_height=jng_height; } if (image->page.width == 0 && image->page.height == 0) { image->page.width=jng_width; image->page.height=jng_height; } if (image->page.x == 0 && image->page.y == 0) { image->page.x=mng_info->x_off[mng_info->object_id]; image->page.y=mng_info->y_off[mng_info->object_id]; } else { image->page.y=mng_info->y_off[mng_info->object_id]; } mng_info->image_found++; status=SetImageProgress(image,LoadImagesTag,2*TellBlob(image), 2*GetBlobSize(image)); if (status == MagickFalse) return(DestroyImageList(image)); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" exit ReadOneJNGImage()""); return(image); }",visit repo url,coders/png.c,https://github.com/ImageMagick/ImageMagick,18973135933469,1 3621,[],"void __exit rtc_dev_exit(void) { if (rtc_devt) unregister_chrdev_region(rtc_devt, RTC_DEV_MAX); }",linux-2.6,,,140095043994273473552554854176372205272,0 6416,['CWE-190'],"get_psd_color_mode_name (PSDColorMode mode) { static gchar * const psd_color_mode_names[] = { ""BITMAP"", ""GRAYSCALE"", ""INDEXED"", ""RGB"", ""CMYK"", ""UNKNOWN (5)"", ""UNKNOWN (6)"", ""MULTICHANNEL"", ""DUOTONE"", ""LAB"" }; static gchar *err_name = NULL; if (mode >= PSD_BITMAP && mode <= PSD_LAB) return psd_color_mode_names[mode]; g_free (err_name); err_name = g_strdup_printf (""UNKNOWN (%d)"", mode); return err_name; }",gimp,,,269691605615071631916792555245187365932,0 781,CWE-20,"static int pfkey_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct pfkey_sock *pfk = pfkey_sk(sk); struct sk_buff *skb; int copied, err; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) goto out; msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); err = (flags & MSG_TRUNC) ? skb->len : copied; if (pfk->dump.dump != NULL && 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) pfkey_do_dump(pfk); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/key/af_key.c,https://github.com/torvalds/linux,186000895945295,1 4279,['CWE-264'],"void mm_release(struct task_struct *tsk, struct mm_struct *mm) { struct completion *vfork_done = tsk->vfork_done; #ifdef CONFIG_FUTEX if (unlikely(tsk->robust_list)) exit_robust_list(tsk); #ifdef CONFIG_COMPAT if (unlikely(tsk->compat_robust_list)) compat_exit_robust_list(tsk); #endif #endif deactivate_mm(tsk, mm); if (vfork_done) { tsk->vfork_done = NULL; complete(vfork_done); } if (tsk->clear_child_tid && !(tsk->flags & PF_SIGNALED) && atomic_read(&mm->mm_users) > 1) { u32 __user * tidptr = tsk->clear_child_tid; tsk->clear_child_tid = NULL; put_user(0, tidptr); sys_futex(tidptr, FUTEX_WAKE, 1, NULL, NULL, 0); } }",linux-2.6,,,115464283264463375925458879953409492406,0 2712,[],"static int sctp_setsockopt_maxburst(struct sock *sk, char __user *optval, int optlen) { struct sctp_assoc_value params; struct sctp_sock *sp; struct sctp_association *asoc; int val; int assoc_id = 0; if (optlen < sizeof(int)) return -EINVAL; if (optlen == sizeof(int)) { printk(KERN_WARNING ""SCTP: Use of int in max_burst socket option deprecated\n""); printk(KERN_WARNING ""SCTP: Use struct sctp_assoc_value instead\n""); if (copy_from_user(&val, optval, optlen)) return -EFAULT; } else if (optlen == sizeof(struct sctp_assoc_value)) { if (copy_from_user(¶ms, optval, optlen)) return -EFAULT; val = params.assoc_value; assoc_id = params.assoc_id; } else return -EINVAL; sp = sctp_sk(sk); if (assoc_id != 0) { asoc = sctp_id2assoc(sk, assoc_id); if (!asoc) return -EINVAL; asoc->max_burst = val; } else sp->max_burst = val; return 0; }",linux-2.6,,,147113505640321156348734649213907907819,0 3193,CWE-835,"ikev2_n_print(netdissect_options *ndo, u_char tpay _U_, const struct isakmp_gen *ext, u_int item_len, const u_char *ep, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto _U_, int depth _U_) { const struct ikev2_n *p; struct ikev2_n n; const u_char *cp; u_char showspi, showdata, showsomedata; const char *notify_name; uint32_t type; p = (const struct ikev2_n *)ext; ND_TCHECK(*p); UNALIGNED_MEMCPY(&n, ext, sizeof(n)); ikev2_pay_print(ndo, NPSTR(ISAKMP_NPTYPE_N), n.h.critical); showspi = 1; showdata = 0; showsomedata=0; notify_name=NULL; ND_PRINT((ndo,"" prot_id=%s"", PROTOIDSTR(n.prot_id))); type = ntohs(n.type); switch(type) { case IV2_NOTIFY_UNSUPPORTED_CRITICAL_PAYLOAD: notify_name = ""unsupported_critical_payload""; showspi = 0; break; case IV2_NOTIFY_INVALID_IKE_SPI: notify_name = ""invalid_ike_spi""; showspi = 1; break; case IV2_NOTIFY_INVALID_MAJOR_VERSION: notify_name = ""invalid_major_version""; showspi = 0; break; case IV2_NOTIFY_INVALID_SYNTAX: notify_name = ""invalid_syntax""; showspi = 1; break; case IV2_NOTIFY_INVALID_MESSAGE_ID: notify_name = ""invalid_message_id""; showspi = 1; break; case IV2_NOTIFY_INVALID_SPI: notify_name = ""invalid_spi""; showspi = 1; break; case IV2_NOTIFY_NO_PROPOSAL_CHOSEN: notify_name = ""no_protocol_chosen""; showspi = 1; break; case IV2_NOTIFY_INVALID_KE_PAYLOAD: notify_name = ""invalid_ke_payload""; showspi = 1; break; case IV2_NOTIFY_AUTHENTICATION_FAILED: notify_name = ""authentication_failed""; showspi = 1; break; case IV2_NOTIFY_SINGLE_PAIR_REQUIRED: notify_name = ""single_pair_required""; showspi = 1; break; case IV2_NOTIFY_NO_ADDITIONAL_SAS: notify_name = ""no_additional_sas""; showspi = 0; break; case IV2_NOTIFY_INTERNAL_ADDRESS_FAILURE: notify_name = ""internal_address_failure""; showspi = 0; break; case IV2_NOTIFY_FAILED_CP_REQUIRED: notify_name = ""failed:cp_required""; showspi = 0; break; case IV2_NOTIFY_INVALID_SELECTORS: notify_name = ""invalid_selectors""; showspi = 0; break; case IV2_NOTIFY_INITIAL_CONTACT: notify_name = ""initial_contact""; showspi = 0; break; case IV2_NOTIFY_SET_WINDOW_SIZE: notify_name = ""set_window_size""; showspi = 0; break; case IV2_NOTIFY_ADDITIONAL_TS_POSSIBLE: notify_name = ""additional_ts_possible""; showspi = 0; break; case IV2_NOTIFY_IPCOMP_SUPPORTED: notify_name = ""ipcomp_supported""; showspi = 0; break; case IV2_NOTIFY_NAT_DETECTION_SOURCE_IP: notify_name = ""nat_detection_source_ip""; showspi = 1; break; case IV2_NOTIFY_NAT_DETECTION_DESTINATION_IP: notify_name = ""nat_detection_destination_ip""; showspi = 1; break; case IV2_NOTIFY_COOKIE: notify_name = ""cookie""; showspi = 1; showsomedata= 1; showdata= 0; break; case IV2_NOTIFY_USE_TRANSPORT_MODE: notify_name = ""use_transport_mode""; showspi = 0; break; case IV2_NOTIFY_HTTP_CERT_LOOKUP_SUPPORTED: notify_name = ""http_cert_lookup_supported""; showspi = 0; break; case IV2_NOTIFY_REKEY_SA: notify_name = ""rekey_sa""; showspi = 1; break; case IV2_NOTIFY_ESP_TFC_PADDING_NOT_SUPPORTED: notify_name = ""tfc_padding_not_supported""; showspi = 0; break; case IV2_NOTIFY_NON_FIRST_FRAGMENTS_ALSO: notify_name = ""non_first_fragment_also""; showspi = 0; break; default: if (type < 8192) { notify_name=""error""; } else if(type < 16384) { notify_name=""private-error""; } else if(type < 40960) { notify_name=""status""; } else { notify_name=""private-status""; } } if(notify_name) { ND_PRINT((ndo,"" type=%u(%s)"", type, notify_name)); } if (showspi && n.spi_size) { ND_PRINT((ndo,"" spi="")); if (!rawprint(ndo, (const uint8_t *)(p + 1), n.spi_size)) goto trunc; } cp = (const u_char *)(p + 1) + n.spi_size; if(3 < ndo->ndo_vflag) { showdata = 1; } if ((showdata || (showsomedata && ep-cp < 30)) && cp < ep) { ND_PRINT((ndo,"" data=("")); if (!rawprint(ndo, (const uint8_t *)(cp), ep - cp)) goto trunc; ND_PRINT((ndo,"")"")); } else if(showsomedata && cp < ep) { if(!ike_show_somedata(ndo, cp, ep)) goto trunc; } return (const u_char *)ext + item_len; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(ISAKMP_NPTYPE_N))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,191933173710567,1 6115,['CWE-200'],"int addrconf_set_dstaddr(void __user *arg) { struct in6_ifreq ireq; struct net_device *dev; int err = -EINVAL; rtnl_lock(); err = -EFAULT; if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq))) goto err_exit; dev = __dev_get_by_index(ireq.ifr6_ifindex); err = -ENODEV; if (dev == NULL) goto err_exit; if (dev->type == ARPHRD_SIT) { struct ifreq ifr; mm_segment_t oldfs; struct ip_tunnel_parm p; err = -EADDRNOTAVAIL; if (!(ipv6_addr_type(&ireq.ifr6_addr) & IPV6_ADDR_COMPATv4)) goto err_exit; memset(&p, 0, sizeof(p)); p.iph.daddr = ireq.ifr6_addr.s6_addr32[3]; p.iph.saddr = 0; p.iph.version = 4; p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; ifr.ifr_ifru.ifru_data = (void __user *)&p; oldfs = get_fs(); set_fs(KERNEL_DS); err = dev->do_ioctl(dev, &ifr, SIOCADDTUNNEL); set_fs(oldfs); if (err == 0) { err = -ENOBUFS; if ((dev = __dev_get_by_name(p.name)) == NULL) goto err_exit; err = dev_open(dev); } } err_exit: rtnl_unlock(); return err; }",linux-2.6,,,8207509786179889802855081648778819528,0 155,[],"int compat_core_sys_select(int n, compat_ulong_t __user *inp, compat_ulong_t __user *outp, compat_ulong_t __user *exp, s64 *timeout) { fd_set_bits fds; char *bits; int size, max_fdset, ret = -EINVAL; struct fdtable *fdt; if (n < 0) goto out_nofds; rcu_read_lock(); fdt = files_fdtable(current->files); max_fdset = fdt->max_fdset; rcu_read_unlock(); if (n > max_fdset) n = max_fdset; ret = -ENOMEM; size = FDS_BYTES(n); bits = kmalloc(6 * size, GFP_KERNEL); if (!bits) goto out_nofds; fds.in = (unsigned long *) bits; fds.out = (unsigned long *) (bits + size); fds.ex = (unsigned long *) (bits + 2*size); fds.res_in = (unsigned long *) (bits + 3*size); fds.res_out = (unsigned long *) (bits + 4*size); fds.res_ex = (unsigned long *) (bits + 5*size); if ((ret = compat_get_fd_set(n, inp, fds.in)) || (ret = compat_get_fd_set(n, outp, fds.out)) || (ret = compat_get_fd_set(n, exp, fds.ex))) goto out; zero_fd_set(n, fds.res_in); zero_fd_set(n, fds.res_out); zero_fd_set(n, fds.res_ex); ret = do_select(n, &fds, timeout); if (ret < 0) goto out; if (!ret) { ret = -ERESTARTNOHAND; if (signal_pending(current)) goto out; ret = 0; } compat_set_fd_set(n, inp, fds.res_in); compat_set_fd_set(n, outp, fds.res_out); compat_set_fd_set(n, exp, fds.res_ex); out: kfree(bits); out_nofds: return ret; }",linux-2.6,,,220337607187713020243647708291531325229,0 661,CWE-20,"static int hash_recvmsg(struct kiocb *unused, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct hash_ctx *ctx = ask->private; unsigned ds = crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)); int err; if (len > ds) len = ds; else if (len < ds) msg->msg_flags |= MSG_TRUNC; msg->msg_namelen = 0; lock_sock(sk); if (ctx->more) { ctx->more = 0; ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0); err = af_alg_wait_for_completion(crypto_ahash_final(&ctx->req), &ctx->completion); if (err) goto unlock; } err = memcpy_toiovec(msg->msg_iov, ctx->result, len); unlock: release_sock(sk); return err ?: len; }",visit repo url,crypto/algif_hash.c,https://github.com/torvalds/linux,98472359415908,1 4705,CWE-119,"static int pop_sync_mailbox(struct Context *ctx, int *index_hint) { int i, j, ret = 0; char buf[LONG_STRING]; struct PopData *pop_data = (struct PopData *) ctx->data; struct Progress progress; #ifdef USE_HCACHE header_cache_t *hc = NULL; #endif pop_data->check_time = 0; while (true) { if (pop_reconnect(ctx) < 0) return -1; mutt_progress_init(&progress, _(""Marking messages deleted...""), MUTT_PROGRESS_MSG, WriteInc, ctx->deleted); #ifdef USE_HCACHE hc = pop_hcache_open(pop_data, ctx->path); #endif for (i = 0, j = 0, ret = 0; ret == 0 && i < ctx->msgcount; i++) { if (ctx->hdrs[i]->deleted && ctx->hdrs[i]->refno != -1) { j++; if (!ctx->quiet) mutt_progress_update(&progress, j, -1); snprintf(buf, sizeof(buf), ""DELE %d\r\n"", ctx->hdrs[i]->refno); ret = pop_query(pop_data, buf, sizeof(buf)); if (ret == 0) { mutt_bcache_del(pop_data->bcache, ctx->hdrs[i]->data); #ifdef USE_HCACHE mutt_hcache_delete(hc, ctx->hdrs[i]->data, strlen(ctx->hdrs[i]->data)); #endif } } #ifdef USE_HCACHE if (ctx->hdrs[i]->changed) { mutt_hcache_store(hc, ctx->hdrs[i]->data, strlen(ctx->hdrs[i]->data), ctx->hdrs[i], 0); } #endif } #ifdef USE_HCACHE mutt_hcache_close(hc); #endif if (ret == 0) { mutt_str_strfcpy(buf, ""QUIT\r\n"", sizeof(buf)); ret = pop_query(pop_data, buf, sizeof(buf)); } if (ret == 0) { pop_data->clear_cache = true; pop_clear_cache(pop_data); pop_data->status = POP_DISCONNECTED; return 0; } if (ret == -2) { mutt_error(""%s"", pop_data->err_msg); return -1; } } }",visit repo url,pop.c,https://github.com/neomutt/neomutt,164685958259298,1 4216,['CWE-399'],"static int pfifo_fast_requeue(struct sk_buff *skb, struct Qdisc* qdisc) { qdisc->q.qlen++; return __qdisc_requeue(skb, qdisc, prio2list(skb, qdisc)); }",linux-2.6,,,205186209563558012156081337943662433896,0 1611,[],"static void active_load_balance(struct rq *busiest_rq, int busiest_cpu) { int target_cpu = busiest_rq->push_cpu; struct sched_domain *sd; struct rq *target_rq; if (busiest_rq->nr_running <= 1) return; target_rq = cpu_rq(target_cpu); BUG_ON(busiest_rq == target_rq); double_lock_balance(busiest_rq, target_rq); update_rq_clock(busiest_rq); update_rq_clock(target_rq); for_each_domain(target_cpu, sd) { if ((sd->flags & SD_LOAD_BALANCE) && cpu_isset(busiest_cpu, sd->span)) break; } if (likely(sd)) { schedstat_inc(sd, alb_count); if (move_one_task(target_rq, target_cpu, busiest_rq, sd, CPU_IDLE)) schedstat_inc(sd, alb_pushed); else schedstat_inc(sd, alb_failed); } spin_unlock(&target_rq->lock); }",linux-2.6,,,206631112680498232167507286375712564514,0 1216,['CWE-20'],"static void cairo_font_face_destroy (void *data) { CairoFont *font = (CairoFont *) data; delete font; }",poppler,,,152719111680170250442106720219069681015,0 3255,CWE-125,"ikev1_attr_print(netdissect_options *ndo, const u_char *p, const u_char *ep) { int totlen; uint32_t t; if (p[0] & 0x80) totlen = 4; else totlen = 4 + EXTRACT_16BITS(&p[2]); if (ep < p + totlen) { ND_PRINT((ndo,""[|attr]"")); return ep + 1; } ND_PRINT((ndo,""("")); t = EXTRACT_16BITS(&p[0]) & 0x7fff; ND_PRINT((ndo,""type=#%d "", t)); if (p[0] & 0x80) { ND_PRINT((ndo,""value="")); t = p[2]; rawprint(ndo, (const uint8_t *)&p[2], 2); } else { ND_PRINT((ndo,""len=%d value="", EXTRACT_16BITS(&p[2]))); rawprint(ndo, (const uint8_t *)&p[4], EXTRACT_16BITS(&p[2])); } ND_PRINT((ndo,"")"")); return p + totlen; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,101833809166827,1 1809,CWE-190,"int ring_buffer_resize(struct ring_buffer *buffer, unsigned long size, int cpu_id) { struct ring_buffer_per_cpu *cpu_buffer; unsigned long nr_pages; int cpu, err = 0; if (!buffer) return size; if (cpu_id != RING_BUFFER_ALL_CPUS && !cpumask_test_cpu(cpu_id, buffer->cpumask)) return size; size = DIV_ROUND_UP(size, BUF_PAGE_SIZE); size *= BUF_PAGE_SIZE; if (size < BUF_PAGE_SIZE * 2) size = BUF_PAGE_SIZE * 2; nr_pages = DIV_ROUND_UP(size, BUF_PAGE_SIZE); if (atomic_read(&buffer->resize_disabled)) return -EBUSY; mutex_lock(&buffer->mutex); if (cpu_id == RING_BUFFER_ALL_CPUS) { for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; cpu_buffer->nr_pages_to_update = nr_pages - cpu_buffer->nr_pages; if (cpu_buffer->nr_pages_to_update <= 0) continue; INIT_LIST_HEAD(&cpu_buffer->new_pages); if (__rb_allocate_pages(cpu_buffer->nr_pages_to_update, &cpu_buffer->new_pages, cpu)) { err = -ENOMEM; goto out_err; } } get_online_cpus(); for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; if (!cpu_buffer->nr_pages_to_update) continue; if (!cpu_online(cpu)) { rb_update_pages(cpu_buffer); cpu_buffer->nr_pages_to_update = 0; } else { schedule_work_on(cpu, &cpu_buffer->update_pages_work); } } for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; if (!cpu_buffer->nr_pages_to_update) continue; if (cpu_online(cpu)) wait_for_completion(&cpu_buffer->update_done); cpu_buffer->nr_pages_to_update = 0; } put_online_cpus(); } else { if (!cpumask_test_cpu(cpu_id, buffer->cpumask)) goto out; cpu_buffer = buffer->buffers[cpu_id]; if (nr_pages == cpu_buffer->nr_pages) goto out; cpu_buffer->nr_pages_to_update = nr_pages - cpu_buffer->nr_pages; INIT_LIST_HEAD(&cpu_buffer->new_pages); if (cpu_buffer->nr_pages_to_update > 0 && __rb_allocate_pages(cpu_buffer->nr_pages_to_update, &cpu_buffer->new_pages, cpu_id)) { err = -ENOMEM; goto out_err; } get_online_cpus(); if (!cpu_online(cpu_id)) rb_update_pages(cpu_buffer); else { schedule_work_on(cpu_id, &cpu_buffer->update_pages_work); wait_for_completion(&cpu_buffer->update_done); } cpu_buffer->nr_pages_to_update = 0; put_online_cpus(); } out: if (atomic_read(&buffer->record_disabled)) { atomic_inc(&buffer->record_disabled); synchronize_sched(); for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; rb_check_pages(cpu_buffer); } atomic_dec(&buffer->record_disabled); } mutex_unlock(&buffer->mutex); return size; out_err: for_each_buffer_cpu(buffer, cpu) { struct buffer_page *bpage, *tmp; cpu_buffer = buffer->buffers[cpu]; cpu_buffer->nr_pages_to_update = 0; if (list_empty(&cpu_buffer->new_pages)) continue; list_for_each_entry_safe(bpage, tmp, &cpu_buffer->new_pages, list) { list_del_init(&bpage->list); free_buffer_page(bpage); } } mutex_unlock(&buffer->mutex); return err; }",visit repo url,kernel/trace/ring_buffer.c,https://github.com/torvalds/linux,191738620453978,1 6173,['CWE-200'],"static struct net_device_stats *reg_vif_get_stats(struct net_device *dev) { return (struct net_device_stats*)dev->priv; }",linux-2.6,,,229582029309502496770986396286779254922,0 6237,['CWE-200'],"tcf_action_get_1(struct rtattr *rta, struct nlmsghdr *n, u32 pid, int *err) { struct rtattr *tb[TCA_ACT_MAX+1]; struct tc_action *a; int index; *err = -EINVAL; if (rtattr_parse_nested(tb, TCA_ACT_MAX, rta) < 0) return NULL; if (tb[TCA_ACT_INDEX - 1] == NULL || RTA_PAYLOAD(tb[TCA_ACT_INDEX - 1]) < sizeof(index)) return NULL; index = *(int *)RTA_DATA(tb[TCA_ACT_INDEX - 1]); *err = -ENOMEM; a = kmalloc(sizeof(struct tc_action), GFP_KERNEL); if (a == NULL) return NULL; memset(a, 0, sizeof(struct tc_action)); *err = -EINVAL; a->ops = tc_lookup_action(tb[TCA_ACT_KIND - 1]); if (a->ops == NULL) goto err_free; if (a->ops->lookup == NULL) goto err_mod; *err = -ENOENT; if (a->ops->lookup(a, index) == 0) goto err_mod; module_put(a->ops->owner); *err = 0; return a; err_mod: module_put(a->ops->owner); err_free: kfree(a); return NULL; }",linux-2.6,,,81066978735567056087393840386094154001,0 1950,['CWE-20'],"static __init int vdso_setup(void) { struct lib32_elfinfo v32; struct lib64_elfinfo v64; v32.hdr = vdso32_kbase; #ifdef CONFIG_PPC64 v64.hdr = vdso64_kbase; #endif if (vdso_do_find_sections(&v32, &v64)) return -1; if (vdso_fixup_datapage(&v32, &v64)) return -1; if (vdso_fixup_features(&v32, &v64)) return -1; if (vdso_fixup_alt_funcs(&v32, &v64)) return -1; vdso_setup_trampolines(&v32, &v64); return 0; }",linux-2.6,,,12079784168080657735435229687425758132,0 1979,CWE-125,"static void set_fdc(int drive) { if (drive >= 0 && drive < N_DRIVE) { fdc = FDC(drive); current_drive = drive; } if (fdc != 1 && fdc != 0) { pr_info(""bad fdc value\n""); return; } set_dor(fdc, ~0, 8); #if N_FDC > 1 set_dor(1 - fdc, ~8, 0); #endif if (FDCS->rawcmd == 2) reset_fdc_info(1); if (fd_inb(FD_STATUS) != STATUS_READY) FDCS->reset = 1; }",visit repo url,drivers/block/floppy.c,https://github.com/torvalds/linux,245720663743211,1 2785,CWE-125,"int ntlm_read_message_fields_buffer(wStream* s, NTLM_MESSAGE_FIELDS* fields) { if (fields->Len > 0) { if ((fields->BufferOffset + fields->Len) > Stream_Length(s)) return -1; fields->Buffer = (PBYTE) malloc(fields->Len); if (!fields->Buffer) return -1; Stream_SetPosition(s, fields->BufferOffset); Stream_Read(s, fields->Buffer, fields->Len); } return 1; }",visit repo url,winpr/libwinpr/sspi/NTLM/ntlm_message.c,https://github.com/FreeRDP/FreeRDP,34948079689688,1 984,CWE-269,"static int do_remount(struct path *path, int flags, int mnt_flags, void *data) { int err; struct super_block *sb = path->mnt->mnt_sb; struct mount *mnt = real_mount(path->mnt); if (!check_mnt(mnt)) return -EINVAL; if (path->dentry != path->mnt->mnt_root) return -EINVAL; err = security_sb_remount(sb, data); if (err) return err; down_write(&sb->s_umount); if (flags & MS_BIND) err = change_mount_flags(path->mnt, flags); else if (!capable(CAP_SYS_ADMIN)) err = -EPERM; else err = do_remount_sb(sb, flags, data, 0); if (!err) { lock_mount_hash(); mnt_flags |= mnt->mnt.mnt_flags & MNT_PROPAGATION_MASK; mnt->mnt.mnt_flags = mnt_flags; touch_mnt_namespace(mnt->mnt_ns); unlock_mount_hash(); } up_write(&sb->s_umount); return err; }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,243298096110472,1 4207,[],"static rsRetVal addListner(void __attribute__((unused)) *pVal, uchar *pNewVal) { DEFiRet; uchar *bindAddr; int *newSocks; int *tmpSocks; int iSrc, iDst; if(pszBindAddr == NULL) bindAddr = NULL; else if(pszBindAddr[0] == '*' && pszBindAddr[1] == '\0') bindAddr = NULL; else bindAddr = pszBindAddr; dbgprintf(""Trying to open syslog UDP ports at %s:%s.\n"", (bindAddr == NULL) ? (uchar*)""*"" : bindAddr, pNewVal); newSocks = net.create_udp_socket(bindAddr, (pNewVal == NULL || *pNewVal == '\0') ? (uchar*) ""514"" : pNewVal, 1); if(newSocks != NULL) { if(udpLstnSocks == NULL) { udpLstnSocks = newSocks; } else { if((tmpSocks = malloc(sizeof(int) * 1 + newSocks[0] + udpLstnSocks[0])) == NULL) { dbgprintf(""out of memory trying to allocate udp listen socket array\n""); free(newSocks); ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); } else { iDst = 1; for(iSrc = 1 ; iSrc <= udpLstnSocks[0] ; ++iSrc) tmpSocks[iDst++] = udpLstnSocks[iSrc]; for(iSrc = 1 ; iSrc <= newSocks[0] ; ++iSrc) tmpSocks[iDst++] = newSocks[iSrc]; tmpSocks[0] = udpLstnSocks[0] + newSocks[0]; free(newSocks); free(udpLstnSocks); udpLstnSocks = tmpSocks; } } } finalize_it: free(pNewVal); RETiRet; }",rsyslog,,,54725310617480737042039080382261830340,0 3820,CWE-121,"ga_concat_shorten_esc(garray_T *gap, char_u *str) { char_u *p; char_u *s; int c; int clen; char_u buf[NUMBUFLEN]; int same_len; if (str == NULL) { ga_concat(gap, (char_u *)""NULL""); return; } for (p = str; *p != NUL; ++p) { same_len = 1; s = p; c = mb_ptr2char_adv(&s); clen = s - p; while (*s != NUL && c == mb_ptr2char(s)) { ++same_len; s += clen; } if (same_len > 20) { ga_concat(gap, (char_u *)""\\[""); ga_concat_esc(gap, p, clen); ga_concat(gap, (char_u *)"" occurs ""); vim_snprintf((char *)buf, NUMBUFLEN, ""%d"", same_len); ga_concat(gap, buf); ga_concat(gap, (char_u *)"" times]""); p = s - 1; } else ga_concat_esc(gap, p, clen); } }",visit repo url,src/testing.c,https://github.com/vim/vim,189256135766257,1 2309,CWE-119,"static void opl3_setup_voice(int dev, int voice, int chn) { struct channel_info *info = &synth_devs[dev]->chn_info[chn]; opl3_set_instr(dev, voice, info->pgm_num); devc->voc[voice].bender = 0; devc->voc[voice].bender_range = info->bender_range; devc->voc[voice].volume = info->controllers[CTL_MAIN_VOLUME]; devc->voc[voice].panning = (info->controllers[CTL_PAN] * 2) - 128; }",visit repo url,sound/oss/opl3.c,https://github.com/torvalds/linux,213322456394049,1 989,['CWE-94'],"__generic_file_splice_read(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { struct address_space *mapping = in->f_mapping; unsigned int loff, nr_pages, req_pages; struct page *pages[PIPE_BUFFERS]; struct partial_page partial[PIPE_BUFFERS]; struct page *page; pgoff_t index, end_index; loff_t isize; int error, page_nr; struct splice_pipe_desc spd = { .pages = pages, .partial = partial, .flags = flags, .ops = &page_cache_pipe_buf_ops, .spd_release = spd_release_page, }; index = *ppos >> PAGE_CACHE_SHIFT; loff = *ppos & ~PAGE_CACHE_MASK; req_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; nr_pages = min(req_pages, (unsigned)PIPE_BUFFERS); spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages); index += spd.nr_pages; if (spd.nr_pages < nr_pages) page_cache_sync_readahead(mapping, &in->f_ra, in, index, req_pages - spd.nr_pages); error = 0; while (spd.nr_pages < nr_pages) { page = find_get_page(mapping, index); if (!page) { page = page_cache_alloc_cold(mapping); if (!page) break; error = add_to_page_cache_lru(page, mapping, index, GFP_KERNEL); if (unlikely(error)) { page_cache_release(page); if (error == -EEXIST) continue; break; } unlock_page(page); } pages[spd.nr_pages++] = page; index++; } index = *ppos >> PAGE_CACHE_SHIFT; nr_pages = spd.nr_pages; spd.nr_pages = 0; for (page_nr = 0; page_nr < nr_pages; page_nr++) { unsigned int this_len; if (!len) break; this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff); page = pages[page_nr]; if (PageReadahead(page)) page_cache_async_readahead(mapping, &in->f_ra, in, page, index, req_pages - page_nr); if (!PageUptodate(page)) { if (flags & SPLICE_F_NONBLOCK) { if (TestSetPageLocked(page)) break; } else lock_page(page); if (!page->mapping) { unlock_page(page); break; } if (PageUptodate(page)) { unlock_page(page); goto fill_it; } error = mapping->a_ops->readpage(in, page); if (unlikely(error)) { if (error == AOP_TRUNCATED_PAGE) error = 0; break; } } fill_it: isize = i_size_read(mapping->host); end_index = (isize - 1) >> PAGE_CACHE_SHIFT; if (unlikely(!isize || index > end_index)) break; if (end_index == index) { unsigned int plen; plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1; if (plen <= loff) break; this_len = min(this_len, plen - loff); len = this_len; } partial[page_nr].offset = loff; partial[page_nr].len = this_len; len -= this_len; loff = 0; spd.nr_pages++; index++; } while (page_nr < nr_pages) page_cache_release(pages[page_nr++]); in->f_ra.prev_pos = (loff_t)index << PAGE_CACHE_SHIFT; if (spd.nr_pages) return splice_to_pipe(pipe, &spd); return error; }",linux-2.6,,,138822394049114435527266340814496045767,0 4867,CWE-415,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 5257,CWE-119,"char* _multi_string_alloc_and_copy( LPCWSTR in ) { char *chr; int len = 0; if ( !in ) { return in; } while ( in[ len ] != 0 || in[ len + 1 ] != 0 ) { len ++; } chr = malloc( len + 2 ); len = 0; while ( in[ len ] != 0 || in[ len + 1 ] != 0 ) { chr[ len ] = 0xFF & in[ len ]; len ++; } chr[ len ++ ] = '\0'; chr[ len ++ ] = '\0'; return chr; }",visit repo url,odbcinst/SQLCreateDataSource.c,https://github.com/lurcher/unixODBC,41682690437363,1 1609,[],"static unsigned long cpu_avg_load_per_task(int cpu) { struct rq *rq = cpu_rq(cpu); unsigned long total = weighted_cpuload(cpu); unsigned long n = rq->nr_running; return n ? total / n : SCHED_LOAD_SCALE; }",linux-2.6,,,150978487161952980430527706692436179150,0 5341,['CWE-476'],"static void cpuid_fix_nx_cap(struct kvm_vcpu *vcpu) { int i; struct kvm_cpuid_entry2 *e, *entry; entry = NULL; for (i = 0; i < vcpu->arch.cpuid_nent; ++i) { e = &vcpu->arch.cpuid_entries[i]; if (e->function == 0x80000001) { entry = e; break; } } if (entry && (entry->edx & (1 << 20)) && !is_efer_nx()) { entry->edx &= ~(1 << 20); printk(KERN_INFO ""kvm: guest NX capability removed\n""); } }",linux-2.6,,,110270504201536272658263395786221643284,0 720,[],"static int jpc_qcx_putcompparms(jpc_qcxcp_t *compparms, jpc_cstate_t *cstate, jas_stream_t *out) { int i; cstate = 0; jpc_putuint8(out, ((compparms->numguard & 7) << 5) | compparms->qntsty); for (i = 0; i < compparms->numstepsizes; ++i) { if (compparms->qntsty == JPC_QCX_NOQNT) { if (jpc_putuint8(out, JPC_QCX_GETEXPN( compparms->stepsizes[i]) << 3)) { return -1; } } else { if (jpc_putuint16(out, compparms->stepsizes[i])) { return -1; } } } return 0; }",jasper,,,294954521885543965134641288549216199666,0 4952,CWE-125,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 6016,['CWE-200'],"static void addrconf_del_timer(struct inet6_ifaddr *ifp) { if (del_timer(&ifp->timer)) __in6_ifa_put(ifp); }",linux-2.6,,,101102526541385182796240270035115300152,0 4563,CWE-1077,"static s16 swf_get_s16(SWFReader *read) { s16 val; u8 v1; v1 = swf_read_int(read, 8); val = swf_read_sint(read, 8); val = (val<<8)&0xFF00; val |= (v1&0xFF); return val; }",visit repo url,src/scene_manager/swf_parse.c,https://github.com/gpac/gpac,218356315062452,1 236,[],"int fat_remove_entries(struct inode *dir, struct fat_slot_info *sinfo) { struct msdos_dir_entry *de; struct buffer_head *bh; int err = 0, nr_slots; nr_slots = sinfo->nr_slots; de = sinfo->de; sinfo->de = NULL; bh = sinfo->bh; sinfo->bh = NULL; while (nr_slots && de >= (struct msdos_dir_entry *)bh->b_data) { de->name[0] = DELETED_FLAG; de--; nr_slots--; } mark_buffer_dirty(bh); if (IS_DIRSYNC(dir)) err = sync_dirty_buffer(bh); brelse(bh); if (err) return err; dir->i_version++; if (nr_slots) { err = __fat_remove_entries(dir, sinfo->slot_off, nr_slots); if (err) { printk(KERN_WARNING ""FAT: Couldn't remove the long name slots\n""); } } dir->i_mtime = dir->i_atime = CURRENT_TIME_SEC; if (IS_DIRSYNC(dir)) (void)fat_sync_inode(dir); else mark_inode_dirty(dir); return 0; }",linux-2.6,,,61417595878589694904440836623086059376,0 5524,['CWE-119'],"static int ecryptfs_verify_version(u16 version) { int rc = 0; unsigned char major; unsigned char minor; major = ((version >> 8) & 0xFF); minor = (version & 0xFF); if (major != ECRYPTFS_VERSION_MAJOR) { ecryptfs_printk(KERN_ERR, ""Major version number mismatch. "" ""Expected [%d]; got [%d]\n"", ECRYPTFS_VERSION_MAJOR, major); rc = -EINVAL; goto out; } if (minor != ECRYPTFS_VERSION_MINOR) { ecryptfs_printk(KERN_ERR, ""Minor version number mismatch. "" ""Expected [%d]; got [%d]\n"", ECRYPTFS_VERSION_MINOR, minor); rc = -EINVAL; goto out; } out: return rc; }",linux-2.6,,,135501838227639320031786972341046477517,0 4189,['CWE-399'],"static AvahiLegacyUnicastReflectSlot* allocate_slot(AvahiServer *s) { unsigned n, idx = (unsigned) -1; AvahiLegacyUnicastReflectSlot *slot; assert(s); if (!s->legacy_unicast_reflect_slots) s->legacy_unicast_reflect_slots = avahi_new0(AvahiLegacyUnicastReflectSlot*, AVAHI_LEGACY_UNICAST_REFLECT_SLOTS_MAX); for (n = 0; n < AVAHI_LEGACY_UNICAST_REFLECT_SLOTS_MAX; n++, s->legacy_unicast_reflect_id++) { idx = s->legacy_unicast_reflect_id % AVAHI_LEGACY_UNICAST_REFLECT_SLOTS_MAX; if (!s->legacy_unicast_reflect_slots[idx]) break; } if (idx == (unsigned) -1 || s->legacy_unicast_reflect_slots[idx]) return NULL; if (!(slot = avahi_new(AvahiLegacyUnicastReflectSlot, 1))) return NULL; s->legacy_unicast_reflect_slots[idx] = slot; slot->id = s->legacy_unicast_reflect_id++; slot->server = s; return slot; }",avahi,,,59790515654429130233771259619105256682,0 5260,['CWE-264'],"int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) { int ret; files_struct *fsp; SMB_STRUCT_STAT st; if(!CAN_WRITE(conn)) { return -1; } ret = SMB_VFS_CHOWN(conn, fname, uid, gid); if (ret == 0) return 0; if (lp_enable_privileges()) { bool has_take_ownership_priv = user_has_privileges(current_user.nt_user_token, &se_take_ownership); bool has_restore_priv = user_has_privileges(current_user.nt_user_token, &se_restore); if ( ( has_take_ownership_priv && ( uid == current_user.ut.uid ) ) || ( has_restore_priv ) ) { become_root(); ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1); unbecome_root(); return ret; } } if (!lp_dos_filemode(SNUM(conn))) { errno = EPERM; return -1; } if (uid != current_user.ut.uid) { errno = EPERM; return -1; } if (SMB_VFS_STAT(conn,fname,&st)) { return -1; } if (!NT_STATUS_IS_OK(open_file_fchmod(conn,fname,&st,&fsp))) { return -1; } become_root(); ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1); unbecome_root(); close_file_fchmod(fsp); return ret; }",samba,,,188838127657703079665400590001783468144,0 2638,[],"static int sctp_getsockopt_peer_addr_info(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_paddrinfo pinfo; struct sctp_transport *transport; int retval = 0; if (len < sizeof(pinfo)) { retval = -EINVAL; goto out; } len = sizeof(pinfo); if (copy_from_user(&pinfo, optval, len)) { retval = -EFAULT; goto out; } transport = sctp_addr_id2transport(sk, &pinfo.spinfo_address, pinfo.spinfo_assoc_id); if (!transport) return -EINVAL; pinfo.spinfo_assoc_id = sctp_assoc2id(transport->asoc); pinfo.spinfo_state = transport->state; pinfo.spinfo_cwnd = transport->cwnd; pinfo.spinfo_srtt = transport->srtt; pinfo.spinfo_rto = jiffies_to_msecs(transport->rto); pinfo.spinfo_mtu = transport->pathmtu; if (pinfo.spinfo_state == SCTP_UNKNOWN) pinfo.spinfo_state = SCTP_ACTIVE; if (put_user(len, optlen)) { retval = -EFAULT; goto out; } if (copy_to_user(optval, &pinfo, len)) { retval = -EFAULT; goto out; } out: return (retval); }",linux-2.6,,,80258251296703896096278441392853422954,0 223,CWE-285,"ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type) { int name_index; void *value = NULL; size_t size = 0; int error; switch(type) { case ACL_TYPE_ACCESS: name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS; if (acl) { error = posix_acl_equiv_mode(acl, &inode->i_mode); if (error < 0) return error; else { inode->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(inode); if (error == 0) acl = NULL; } } break; case ACL_TYPE_DEFAULT: name_index = EXT2_XATTR_INDEX_POSIX_ACL_DEFAULT; if (!S_ISDIR(inode->i_mode)) return acl ? -EACCES : 0; break; default: return -EINVAL; } if (acl) { value = ext2_acl_to_disk(acl, &size); if (IS_ERR(value)) return (int)PTR_ERR(value); } error = ext2_xattr_set(inode, name_index, """", value, size, 0); kfree(value); if (!error) set_cached_acl(inode, type, acl); return error; }",visit repo url,fs/ext2/acl.c,https://github.com/torvalds/linux,197253602484005,1 4751,['CWE-20'],"static int parse_options(char *options, struct super_block *sb, unsigned long *journal_devnum, unsigned int *journal_ioprio, ext4_fsblk_t *n_blocks_count, int is_remount) { struct ext4_sb_info *sbi = EXT4_SB(sb); char *p; substring_t args[MAX_OPT_ARGS]; int data_opt = 0; int option; #ifdef CONFIG_QUOTA int qtype, qfmt; char *qname; #endif ext4_fsblk_t last_block; if (!options) return 1; while ((p = strsep(&options, "","")) != NULL) { int token; if (!*p) continue; token = match_token(p, tokens, args); switch (token) { case Opt_bsd_df: clear_opt(sbi->s_mount_opt, MINIX_DF); break; case Opt_minix_df: set_opt(sbi->s_mount_opt, MINIX_DF); break; case Opt_grpid: set_opt(sbi->s_mount_opt, GRPID); break; case Opt_nogrpid: clear_opt(sbi->s_mount_opt, GRPID); break; case Opt_resuid: if (match_int(&args[0], &option)) return 0; sbi->s_resuid = option; break; case Opt_resgid: if (match_int(&args[0], &option)) return 0; sbi->s_resgid = option; break; case Opt_sb: break; case Opt_err_panic: clear_opt(sbi->s_mount_opt, ERRORS_CONT); clear_opt(sbi->s_mount_opt, ERRORS_RO); set_opt(sbi->s_mount_opt, ERRORS_PANIC); break; case Opt_err_ro: clear_opt(sbi->s_mount_opt, ERRORS_CONT); clear_opt(sbi->s_mount_opt, ERRORS_PANIC); set_opt(sbi->s_mount_opt, ERRORS_RO); break; case Opt_err_cont: clear_opt(sbi->s_mount_opt, ERRORS_RO); clear_opt(sbi->s_mount_opt, ERRORS_PANIC); set_opt(sbi->s_mount_opt, ERRORS_CONT); break; case Opt_nouid32: set_opt(sbi->s_mount_opt, NO_UID32); break; case Opt_debug: set_opt(sbi->s_mount_opt, DEBUG); break; case Opt_oldalloc: set_opt(sbi->s_mount_opt, OLDALLOC); break; case Opt_orlov: clear_opt(sbi->s_mount_opt, OLDALLOC); break; #ifdef CONFIG_EXT4_FS_XATTR case Opt_user_xattr: set_opt(sbi->s_mount_opt, XATTR_USER); break; case Opt_nouser_xattr: clear_opt(sbi->s_mount_opt, XATTR_USER); break; #else case Opt_user_xattr: case Opt_nouser_xattr: printk(KERN_ERR ""EXT4 (no)user_xattr options "" ""not supported\n""); break; #endif #ifdef CONFIG_EXT4_FS_POSIX_ACL case Opt_acl: set_opt(sbi->s_mount_opt, POSIX_ACL); break; case Opt_noacl: clear_opt(sbi->s_mount_opt, POSIX_ACL); break; #else case Opt_acl: case Opt_noacl: printk(KERN_ERR ""EXT4 (no)acl options "" ""not supported\n""); break; #endif case Opt_reservation: set_opt(sbi->s_mount_opt, RESERVATION); break; case Opt_noreservation: clear_opt(sbi->s_mount_opt, RESERVATION); break; case Opt_journal_update: if (is_remount) { printk(KERN_ERR ""EXT4-fs: cannot specify "" ""journal on remount\n""); return 0; } set_opt(sbi->s_mount_opt, UPDATE_JOURNAL); break; case Opt_journal_dev: if (is_remount) { printk(KERN_ERR ""EXT4-fs: cannot specify "" ""journal on remount\n""); return 0; } if (match_int(&args[0], &option)) return 0; *journal_devnum = option; break; case Opt_journal_checksum: set_opt(sbi->s_mount_opt, JOURNAL_CHECKSUM); break; case Opt_journal_async_commit: set_opt(sbi->s_mount_opt, JOURNAL_ASYNC_COMMIT); set_opt(sbi->s_mount_opt, JOURNAL_CHECKSUM); break; case Opt_noload: set_opt(sbi->s_mount_opt, NOLOAD); break; case Opt_commit: if (match_int(&args[0], &option)) return 0; if (option < 0) return 0; if (option == 0) option = JBD2_DEFAULT_MAX_COMMIT_AGE; sbi->s_commit_interval = HZ * option; break; case Opt_max_batch_time: if (match_int(&args[0], &option)) return 0; if (option < 0) return 0; if (option == 0) option = EXT4_DEF_MAX_BATCH_TIME; sbi->s_max_batch_time = option; break; case Opt_min_batch_time: if (match_int(&args[0], &option)) return 0; if (option < 0) return 0; sbi->s_min_batch_time = option; break; case Opt_data_journal: data_opt = EXT4_MOUNT_JOURNAL_DATA; goto datacheck; case Opt_data_ordered: data_opt = EXT4_MOUNT_ORDERED_DATA; goto datacheck; case Opt_data_writeback: data_opt = EXT4_MOUNT_WRITEBACK_DATA; datacheck: if (is_remount) { if ((sbi->s_mount_opt & EXT4_MOUNT_DATA_FLAGS) != data_opt) { printk(KERN_ERR ""EXT4-fs: cannot change data "" ""mode on remount\n""); return 0; } } else { sbi->s_mount_opt &= ~EXT4_MOUNT_DATA_FLAGS; sbi->s_mount_opt |= data_opt; } break; case Opt_data_err_abort: set_opt(sbi->s_mount_opt, DATA_ERR_ABORT); break; case Opt_data_err_ignore: clear_opt(sbi->s_mount_opt, DATA_ERR_ABORT); break; #ifdef CONFIG_QUOTA case Opt_usrjquota: qtype = USRQUOTA; goto set_qf_name; case Opt_grpjquota: qtype = GRPQUOTA; set_qf_name: if ((sb_any_quota_enabled(sb) || sb_any_quota_suspended(sb)) && !sbi->s_qf_names[qtype]) { printk(KERN_ERR ""EXT4-fs: Cannot change journaled "" ""quota options when quota turned on.\n""); return 0; } qname = match_strdup(&args[0]); if (!qname) { printk(KERN_ERR ""EXT4-fs: not enough memory for "" ""storing quotafile name.\n""); return 0; } if (sbi->s_qf_names[qtype] && strcmp(sbi->s_qf_names[qtype], qname)) { printk(KERN_ERR ""EXT4-fs: %s quota file already "" ""specified.\n"", QTYPE2NAME(qtype)); kfree(qname); return 0; } sbi->s_qf_names[qtype] = qname; if (strchr(sbi->s_qf_names[qtype], '/')) { printk(KERN_ERR ""EXT4-fs: quotafile must be on "" ""filesystem root.\n""); kfree(sbi->s_qf_names[qtype]); sbi->s_qf_names[qtype] = NULL; return 0; } set_opt(sbi->s_mount_opt, QUOTA); break; case Opt_offusrjquota: qtype = USRQUOTA; goto clear_qf_name; case Opt_offgrpjquota: qtype = GRPQUOTA; clear_qf_name: if ((sb_any_quota_enabled(sb) || sb_any_quota_suspended(sb)) && sbi->s_qf_names[qtype]) { printk(KERN_ERR ""EXT4-fs: Cannot change "" ""journaled quota options when "" ""quota turned on.\n""); return 0; } sbi->s_qf_names[qtype] = NULL; break; case Opt_jqfmt_vfsold: qfmt = QFMT_VFS_OLD; goto set_qf_format; case Opt_jqfmt_vfsv0: qfmt = QFMT_VFS_V0; set_qf_format: if ((sb_any_quota_enabled(sb) || sb_any_quota_suspended(sb)) && sbi->s_jquota_fmt != qfmt) { printk(KERN_ERR ""EXT4-fs: Cannot change "" ""journaled quota options when "" ""quota turned on.\n""); return 0; } sbi->s_jquota_fmt = qfmt; break; case Opt_quota: case Opt_usrquota: set_opt(sbi->s_mount_opt, QUOTA); set_opt(sbi->s_mount_opt, USRQUOTA); break; case Opt_grpquota: set_opt(sbi->s_mount_opt, QUOTA); set_opt(sbi->s_mount_opt, GRPQUOTA); break; case Opt_noquota: if (sb_any_quota_enabled(sb)) { printk(KERN_ERR ""EXT4-fs: Cannot change quota "" ""options when quota turned on.\n""); return 0; } clear_opt(sbi->s_mount_opt, QUOTA); clear_opt(sbi->s_mount_opt, USRQUOTA); clear_opt(sbi->s_mount_opt, GRPQUOTA); break; #else case Opt_quota: case Opt_usrquota: case Opt_grpquota: printk(KERN_ERR ""EXT4-fs: quota options not supported.\n""); break; case Opt_usrjquota: case Opt_grpjquota: case Opt_offusrjquota: case Opt_offgrpjquota: case Opt_jqfmt_vfsold: case Opt_jqfmt_vfsv0: printk(KERN_ERR ""EXT4-fs: journaled quota options not "" ""supported.\n""); break; case Opt_noquota: break; #endif case Opt_abort: set_opt(sbi->s_mount_opt, ABORT); break; case Opt_barrier: if (match_int(&args[0], &option)) return 0; if (option) set_opt(sbi->s_mount_opt, BARRIER); else clear_opt(sbi->s_mount_opt, BARRIER); break; case Opt_ignore: break; case Opt_resize: if (!is_remount) { printk(""EXT4-fs: resize option only available "" ""for remount\n""); return 0; } if (match_int(&args[0], &option) != 0) return 0; *n_blocks_count = option; break; case Opt_nobh: set_opt(sbi->s_mount_opt, NOBH); break; case Opt_bh: clear_opt(sbi->s_mount_opt, NOBH); break; case Opt_extents: if (!EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_EXTENTS)) { ext4_warning(sb, __func__, ""extents feature not enabled "" ""on this filesystem, use tune2fs""); return 0; } set_opt(sbi->s_mount_opt, EXTENTS); break; case Opt_noextents: last_block = ext4_blocks_count(sbi->s_es) - 1; if (last_block > 0xffffffffULL) { printk(KERN_ERR ""EXT4-fs: Filesystem too "" ""large to mount with "" ""-o noextents options\n""); return 0; } clear_opt(sbi->s_mount_opt, EXTENTS); break; case Opt_i_version: set_opt(sbi->s_mount_opt, I_VERSION); sb->s_flags |= MS_I_VERSION; break; case Opt_nodelalloc: clear_opt(sbi->s_mount_opt, DELALLOC); break; case Opt_stripe: if (match_int(&args[0], &option)) return 0; if (option < 0) return 0; sbi->s_stripe = option; break; case Opt_delalloc: set_opt(sbi->s_mount_opt, DELALLOC); break; case Opt_inode_readahead_blks: if (match_int(&args[0], &option)) return 0; if (option < 0 || option > (1 << 30)) return 0; sbi->s_inode_readahead_blks = option; break; case Opt_journal_ioprio: if (match_int(&args[0], &option)) return 0; if (option < 0 || option > 7) break; *journal_ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, option); break; default: printk(KERN_ERR ""EXT4-fs: Unrecognized mount option \""%s\"" "" ""or missing value\n"", p); return 0; } } #ifdef CONFIG_QUOTA if (sbi->s_qf_names[USRQUOTA] || sbi->s_qf_names[GRPQUOTA]) { if ((sbi->s_mount_opt & EXT4_MOUNT_USRQUOTA) && sbi->s_qf_names[USRQUOTA]) clear_opt(sbi->s_mount_opt, USRQUOTA); if ((sbi->s_mount_opt & EXT4_MOUNT_GRPQUOTA) && sbi->s_qf_names[GRPQUOTA]) clear_opt(sbi->s_mount_opt, GRPQUOTA); if ((sbi->s_qf_names[USRQUOTA] && (sbi->s_mount_opt & EXT4_MOUNT_GRPQUOTA)) || (sbi->s_qf_names[GRPQUOTA] && (sbi->s_mount_opt & EXT4_MOUNT_USRQUOTA))) { printk(KERN_ERR ""EXT4-fs: old and new quota "" ""format mixing.\n""); return 0; } if (!sbi->s_jquota_fmt) { printk(KERN_ERR ""EXT4-fs: journaled quota format "" ""not specified.\n""); return 0; } } else { if (sbi->s_jquota_fmt) { printk(KERN_ERR ""EXT4-fs: journaled quota format "" ""specified with no journaling "" ""enabled.\n""); return 0; } } #endif return 1; }",linux-2.6,,,273935293353249571715872549923758772331,0 3829,CWE-476,"buflist_match( regmatch_T *rmp, buf_T *buf, int ignore_case) { char_u *match; match = fname_match(rmp, buf->b_sfname, ignore_case); if (match == NULL) match = fname_match(rmp, buf->b_ffname, ignore_case); return match; }",visit repo url,src/buffer.c,https://github.com/vim/vim,257192661503444,1 5647,CWE-120,"choose_windows(s) const char *s; { register int i; for (i = 0; winchoices[i].procs; i++) { if ('+' == winchoices[i].procs->name[0]) continue; if ('-' == winchoices[i].procs->name[0]) continue; if (!strcmpi(s, winchoices[i].procs->name)) { windowprocs = *winchoices[i].procs; if (last_winchoice && last_winchoice->ini_routine) (*last_winchoice->ini_routine)(WININIT_UNDO); if (winchoices[i].ini_routine) (*winchoices[i].ini_routine)(WININIT); last_winchoice = &winchoices[i]; return; } } if (!windowprocs.win_raw_print) windowprocs.win_raw_print = def_raw_print; if (!windowprocs.win_wait_synch) windowprocs.win_wait_synch = def_wait_synch; if (!winchoices[0].procs) { raw_printf(""No window types?""); nh_terminate(EXIT_FAILURE); } if (!winchoices[1].procs) { config_error_add( ""Window type %s not recognized. The only choice is: %s"", s, winchoices[0].procs->name); } else { char buf[BUFSZ]; boolean first = TRUE; buf[0] = '\0'; for (i = 0; winchoices[i].procs; i++) { if ('+' == winchoices[i].procs->name[0]) continue; if ('-' == winchoices[i].procs->name[0]) continue; Sprintf(eos(buf), ""%s%s"", first ? """" : "", "", winchoices[i].procs->name); first = FALSE; } config_error_add(""Window type %s not recognized. Choices are: %s"", s, buf); } if (windowprocs.win_raw_print == def_raw_print || WINDOWPORT(""safe-startup"")) nh_terminate(EXIT_SUCCESS); }",visit repo url,src/windows.c,https://github.com/NetHack/NetHack,33347180604746,1 835,['CWE-119'],"static int map_namedrv(char *id) { int i; for (i = 0; i < ISDN_MAX_DRIVERS; i++) { if (!strcmp(dev->drvid[i],id)) return(i); } return(-1); } ",linux-2.6,,,265121202094756736112213251027827430693,0 321,CWE-362,"static int fanout_add(struct sock *sk, u16 id, u16 type_flags) { struct packet_sock *po = pkt_sk(sk); struct packet_fanout *f, *match; u8 type = type_flags & 0xff; u8 flags = type_flags >> 8; int err; switch (type) { case PACKET_FANOUT_ROLLOVER: if (type_flags & PACKET_FANOUT_FLAG_ROLLOVER) return -EINVAL; case PACKET_FANOUT_HASH: case PACKET_FANOUT_LB: case PACKET_FANOUT_CPU: case PACKET_FANOUT_RND: case PACKET_FANOUT_QM: case PACKET_FANOUT_CBPF: case PACKET_FANOUT_EBPF: break; default: return -EINVAL; } if (!po->running) return -EINVAL; if (po->fanout) return -EALREADY; if (type == PACKET_FANOUT_ROLLOVER || (type_flags & PACKET_FANOUT_FLAG_ROLLOVER)) { po->rollover = kzalloc(sizeof(*po->rollover), GFP_KERNEL); if (!po->rollover) return -ENOMEM; atomic_long_set(&po->rollover->num, 0); atomic_long_set(&po->rollover->num_huge, 0); atomic_long_set(&po->rollover->num_failed, 0); } mutex_lock(&fanout_mutex); match = NULL; list_for_each_entry(f, &fanout_list, list) { if (f->id == id && read_pnet(&f->net) == sock_net(sk)) { match = f; break; } } err = -EINVAL; if (match && match->flags != flags) goto out; if (!match) { err = -ENOMEM; match = kzalloc(sizeof(*match), GFP_KERNEL); if (!match) goto out; write_pnet(&match->net, sock_net(sk)); match->id = id; match->type = type; match->flags = flags; INIT_LIST_HEAD(&match->list); spin_lock_init(&match->lock); atomic_set(&match->sk_ref, 0); fanout_init_data(match); match->prot_hook.type = po->prot_hook.type; match->prot_hook.dev = po->prot_hook.dev; match->prot_hook.func = packet_rcv_fanout; match->prot_hook.af_packet_priv = match; match->prot_hook.id_match = match_fanout_group; dev_add_pack(&match->prot_hook); list_add(&match->list, &fanout_list); } err = -EINVAL; if (match->type == type && match->prot_hook.type == po->prot_hook.type && match->prot_hook.dev == po->prot_hook.dev) { err = -ENOSPC; if (atomic_read(&match->sk_ref) < PACKET_FANOUT_MAX) { __dev_remove_pack(&po->prot_hook); po->fanout = match; atomic_inc(&match->sk_ref); __fanout_link(sk, po); err = 0; } } out: mutex_unlock(&fanout_mutex); if (err) { kfree(po->rollover); po->rollover = NULL; } return err; }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,248889457389333,1 1007,['CWE-94'],"static long do_tee(struct file *in, struct file *out, size_t len, unsigned int flags) { struct pipe_inode_info *ipipe = pipe_info(in->f_path.dentry->d_inode); struct pipe_inode_info *opipe = pipe_info(out->f_path.dentry->d_inode); int ret = -EINVAL; if (ipipe && opipe && ipipe != opipe) { ret = link_ipipe_prep(ipipe, flags); if (!ret) { ret = link_opipe_prep(opipe, flags); if (!ret) { ret = link_pipe(ipipe, opipe, len, flags); if (!ret && (flags & SPLICE_F_NONBLOCK)) ret = -EAGAIN; } } } return ret; }",linux-2.6,,,149859112686493620625877482354497503599,0 1041,CWE-125,"static void perf_syscall_enter(void *ignore, struct pt_regs *regs, long id) { struct syscall_metadata *sys_data; struct syscall_trace_enter *rec; struct hlist_head *head; int syscall_nr; int rctx; int size; syscall_nr = trace_get_syscall_nr(current, regs); if (syscall_nr < 0) return; if (!test_bit(syscall_nr, enabled_perf_enter_syscalls)) return; sys_data = syscall_nr_to_meta(syscall_nr); if (!sys_data) return; head = this_cpu_ptr(sys_data->enter_event->perf_events); if (hlist_empty(head)) return; size = sizeof(unsigned long) * sys_data->nb_args + sizeof(*rec); size = ALIGN(size + sizeof(u32), sizeof(u64)); size -= sizeof(u32); rec = (struct syscall_trace_enter *)perf_trace_buf_prepare(size, sys_data->enter_event->event.type, regs, &rctx); if (!rec) return; rec->nr = syscall_nr; syscall_get_arguments(current, regs, 0, sys_data->nb_args, (unsigned long *)&rec->args); perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head, NULL); }",visit repo url,kernel/trace/trace_syscalls.c,https://github.com/torvalds/linux,161108815932476,1 2886,['CWE-189'],"jas_iccprof_t *jas_iccprof_createfromcmprof(jas_cmprof_t *prof) { return jas_iccprof_copy(prof->iccprof); }",jasper,,,2057902477969771131889954662672387717,0 5711,CWE-416,"void luaT_adjustvarargs (lua_State *L, int nfixparams, CallInfo *ci, const Proto *p) { int i; int actual = cast_int(L->top - ci->func) - 1; int nextra = actual - nfixparams; ci->u.l.nextraargs = nextra; checkstackGC(L, p->maxstacksize + 1); setobjs2s(L, L->top++, ci->func); for (i = 1; i <= nfixparams; i++) { setobjs2s(L, L->top++, ci->func + i); setnilvalue(s2v(ci->func + i)); } ci->func += actual + 1; ci->top += actual + 1; lua_assert(L->top <= ci->top && ci->top <= L->stack_last); }",visit repo url,ltm.c,https://github.com/lua/lua,51103291179864,1 2324,CWE-20,"int irssi_ssl_handshake(GIOChannel *handle) { GIOSSLChannel *chan = (GIOSSLChannel *)handle; int ret, err; X509 *cert; const char *errstr; ret = SSL_connect(chan->ssl); if (ret <= 0) { err = SSL_get_error(chan->ssl, ret); switch (err) { case SSL_ERROR_WANT_READ: return 1; case SSL_ERROR_WANT_WRITE: return 3; case SSL_ERROR_ZERO_RETURN: g_warning(""SSL handshake failed: %s"", ""server closed connection""); return -1; case SSL_ERROR_SYSCALL: errstr = ERR_reason_error_string(ERR_get_error()); if (errstr == NULL && ret == -1) errstr = strerror(errno); g_warning(""SSL handshake failed: %s"", errstr != NULL ? errstr : ""server closed connection unexpectedly""); return -1; default: errstr = ERR_reason_error_string(ERR_get_error()); g_warning(""SSL handshake failed: %s"", errstr != NULL ? errstr : ""unknown SSL error""); return -1; } } cert = SSL_get_peer_certificate(chan->ssl); if (cert == NULL) { g_warning(""SSL server supplied no certificate""); return -1; } ret = !chan->verify || irssi_ssl_verify(chan->ssl, chan->ctx, cert); X509_free(cert); return ret ? 0 : -1; }",visit repo url,src/core/network-openssl.c,https://github.com/ensc/irssi-proxy,158395467628474,1 3977,['CWE-362'],"void inotify_evict_watch(struct inotify_watch *watch) { get_inotify_watch(watch); mutex_lock(&watch->ih->mutex); inotify_remove_watch_locked(watch->ih, watch); mutex_unlock(&watch->ih->mutex); }",linux-2.6,,,297782909170877189443784743169396675513,0 4408,['CWE-264'],"static void sock_copy(struct sock *nsk, const struct sock *osk) { #ifdef CONFIG_SECURITY_NETWORK void *sptr = nsk->sk_security; #endif memcpy(nsk, osk, osk->sk_prot->obj_size); #ifdef CONFIG_SECURITY_NETWORK nsk->sk_security = sptr; security_sk_clone(osk, nsk); #endif }",linux-2.6,,,322023157817752136247857654981690950898,0 2659,CWE-125,"static inline LineContribType *_gdContributionsCalc(unsigned int line_size, unsigned int src_size, double scale_d, const interpolation_method pFilter) { double width_d; double scale_f_d = 1.0; const double filter_width_d = DEFAULT_BOX_RADIUS; int windows_size; unsigned int u; LineContribType *res; if (scale_d < 1.0) { width_d = filter_width_d / scale_d; scale_f_d = scale_d; } else { width_d= filter_width_d; } windows_size = 2 * (int)ceil(width_d) + 1; res = _gdContributionsAlloc(line_size, windows_size); for (u = 0; u < line_size; u++) { const double dCenter = (double)u / scale_d; register int iLeft = MAX(0, (int)floor (dCenter - width_d)); int iRight = MIN((int)ceil(dCenter + width_d), (int)src_size - 1); double dTotalWeight = 0.0; int iSrc; res->ContribRow[u].Left = iLeft; res->ContribRow[u].Right = iRight; if (iRight - iLeft + 1 > windows_size) { if (iLeft < ((int)src_size - 1 / 2)) { iLeft++; } else { iRight--; } } for (iSrc = iLeft; iSrc <= iRight; iSrc++) { dTotalWeight += (res->ContribRow[u].Weights[iSrc-iLeft] = scale_f_d * (*pFilter)(scale_f_d * (dCenter - (double)iSrc))); } if (dTotalWeight < 0.0) { _gdContributionsFree(res); return NULL; } if (dTotalWeight > 0.0) { for (iSrc = iLeft; iSrc <= iRight; iSrc++) { res->ContribRow[u].Weights[iSrc-iLeft] /= dTotalWeight; } } } return res; }",visit repo url,ext/gd/libgd/gd_interpolation.c,https://github.com/php/php-src,87633731925363,1 5030,CWE-125,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 6296,NVD-CWE-noinfo,"static void dhcps_receive_udp_packet_handler(void *arg, struct udp_pcb *udp_pcb, struct pbuf *udp_packet_buffer, struct ip_addr *sender_addr, uint16_t sender_port) { int16_t total_length_of_packet_buffer; struct pbuf *merged_packet_buffer = NULL; dhcp_message_repository = (struct dhcp_msg *)udp_packet_buffer->payload; if (udp_packet_buffer == NULL) { printf(""\n\r Error!!!! System doesn't allocate any buffer \n\r""); return; } if (sender_port == DHCP_CLIENT_PORT) { total_length_of_packet_buffer = udp_packet_buffer->tot_len; if (udp_packet_buffer->next != NULL) { merged_packet_buffer = pbuf_coalesce(udp_packet_buffer, PBUF_TRANSPORT); if (merged_packet_buffer->tot_len != total_length_of_packet_buffer) { pbuf_free(udp_packet_buffer); return; } } switch (dhcps_check_msg_and_handle_options(udp_packet_buffer)) { case DHCP_SERVER_STATE_OFFER: #if (debug_dhcps) printf(""%s DHCP_SERVER_STATE_OFFER\n"",__func__); #endif dhcps_send_offer(udp_packet_buffer); break; case DHCP_SERVER_STATE_ACK: #if (debug_dhcps) printf(""%s DHCP_SERVER_STATE_ACK\n"",__func__); #endif dhcps_send_ack(udp_packet_buffer); #if (!IS_USE_FIXED_IP) mark_ip_in_table((uint8_t)ip4_addr4(&dhcps_allocated_client_address)); #ifdef CONFIG_DHCPS_KEPT_CLIENT_INFO save_client_addr(&dhcps_allocated_client_address, client_addr); memset(&client_request_ip, 0, sizeof(client_request_ip)); memset(&client_addr, 0, sizeof(client_addr)); memset(&dhcps_allocated_client_address, 0, sizeof(dhcps_allocated_client_address)); #if (debug_dhcps) dump_client_table(); #endif #endif #endif dhcp_server_state_machine = DHCP_SERVER_STATE_IDLE; break; case DHCP_SERVER_STATE_NAK: #if (debug_dhcps) printf(""%s DHCP_SERVER_STATE_NAK\n"",__func__); #endif dhcps_send_nak(udp_packet_buffer); dhcp_server_state_machine = DHCP_SERVER_STATE_IDLE; break; case DHCP_OPTION_CODE_END: #if (debug_dhcps) printf(""%s DHCP_OPTION_CODE_END\n"",__func__); #endif break; } } udp_disconnect(udp_pcb); if (merged_packet_buffer != NULL) pbuf_free(merged_packet_buffer); else pbuf_free(udp_packet_buffer); }",visit repo url,component/common/network/dhcp/dhcps.c,https://github.com/ambiot/amb1_sdk,63985451591538,1 6481,[],"lt_argz_insert (char **pargz, size_t *pargz_len, char *before, const char *entry) { error_t error; if (before) error = argz_insert (pargz, pargz_len, before, entry); else error = argz_append (pargz, pargz_len, entry, 1 + strlen (entry)); if (error) { switch (error) { case ENOMEM: LT__SETERROR (NO_MEMORY); break; default: LT__SETERROR (UNKNOWN); break; } return 1; } return 0; }",libtool,,,220467681972952095098316352239176770180,0 4802,CWE-415,"sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; unsigned char buff[128]; int r, i; size_t field_length = 0, modulus_length = 0; sc_path_t tmppath; set_string (&p15card->tokeninfo->label, ""ID-kaart""); set_string (&p15card->tokeninfo->manufacturer_id, ""AS Sertifitseerimiskeskus""); sc_format_path (""3f00eeee5044"", &tmppath); r = sc_select_file (card, &tmppath, NULL); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""select esteid PD failed""); r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""read document number failed""); buff[r] = '\0'; set_string (&p15card->tokeninfo->serial_number, (const char *) buff); p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT | SC_PKCS15_TOKEN_READONLY; for (i = 0; i < 2; i++) { static const char *esteid_cert_names[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; static char const *esteid_cert_paths[2] = { ""3f00eeeeaace"", ""3f00eeeeddce""}; static int esteid_cert_ids[2] = {1, 2}; struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); cert_info.id.value[0] = esteid_cert_ids[i]; cert_info.id.len = 1; sc_format_path(esteid_cert_paths[i], &cert_info.path); strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label)); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; if (i == 0) { sc_pkcs15_cert_t *cert = NULL; r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); if (r < 0) return SC_ERROR_INTERNAL; if (cert->key->algorithm == SC_ALGORITHM_EC) field_length = cert->key->u.ec.params.field_length; else modulus_length = cert->key->u.rsa.modulus.len * 8; if (r == SC_SUCCESS) { static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }}; u8 *cn_name = NULL; size_t cn_len = 0; sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len); if (cn_len > 0) { char *token_name = malloc(cn_len+1); if (token_name) { memcpy(token_name, cn_name, cn_len); token_name[cn_len] = '\0'; set_string(&p15card->tokeninfo->label, (const char*)token_name); free(token_name); } } free(cn_name); sc_pkcs15_free_certificate(cert); } } } sc_format_path (""3f000016"", &tmppath); r = sc_select_file (card, &tmppath, NULL); if (r < 0) return SC_ERROR_INTERNAL; for (i = 0; i < 3; i++) { unsigned char tries_left; static const char *esteid_pin_names[3] = { ""PIN1"", ""PIN2"", ""PUK"" }; static const int esteid_pin_min[3] = {4, 5, 8}; static const int esteid_pin_ref[3] = {1, 2, 0}; static const int esteid_pin_authid[3] = {1, 2, 3}; static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN}; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = esteid_pin_authid[i]; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = esteid_pin_ref[i]; pin_info.attrs.pin.flags = esteid_pin_flags[i]; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = esteid_pin_min[i]; pin_info.attrs.pin.stored_length = 12; pin_info.attrs.pin.max_length = 12; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = (int)tries_left; pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; if (i < 2) { pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 3; } r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) return SC_ERROR_INTERNAL; } for (i = 0; i < 2; i++) { static int prkey_pin[2] = {1, 2}; static const char *prkey_name[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); prkey_info.id.len = 1; prkey_info.id.value[0] = prkey_pin[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; prkey_info.field_length = field_length; prkey_info.modulus_length = modulus_length; if (i == 1) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; else if(field_length > 0) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE; else prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; prkey_obj.auth_id.value[0] = prkey_pin[i]; prkey_obj.user_consent = 0; prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; if(field_length > 0) r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); else r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if (r < 0) return SC_ERROR_INTERNAL; } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-esteid.c,https://github.com/OpenSC/OpenSC,125994446105878,1 3996,CWE-416,"void Curl_detach_connnection(struct Curl_easy *data) { struct connectdata *conn = data->conn; if(conn) Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL); data->conn = NULL; }",visit repo url,lib/multi.c,https://github.com/curl/curl,196492975696853,1 4506,CWE-476,"static void gf_dump_vrml_simple_field(GF_SceneDumper *sdump, GF_FieldInfo field, GF_Node *parent) { u32 i, sf_type; GF_ChildNodeItem *list; void *slot_ptr; switch (field.fieldType) { case GF_SG_VRML_SFNODE: gf_dump_vrml_node(sdump, field.far_ptr ? *(GF_Node **)field.far_ptr : NULL, 0, NULL); return; case GF_SG_VRML_MFNODE: list = * ((GF_ChildNodeItem **) field.far_ptr); assert( list ); sdump->indent++; while (list) { gf_dump_vrml_node(sdump, list->node, 1, NULL); list = list->next; } sdump->indent--; return; case GF_SG_VRML_SFCOMMANDBUFFER: return; } if (gf_sg_vrml_is_sf_field(field.fieldType)) { if (sdump->XMLDump) StartAttribute(sdump, ""value""); gf_dump_vrml_sffield(sdump, field.fieldType, field.far_ptr, 0, parent); if (sdump->XMLDump) EndAttribute(sdump); } else { GenMFField *mffield; mffield = (GenMFField *) field.far_ptr; sf_type = gf_sg_vrml_get_sf_type(field.fieldType); if (!sdump->XMLDump) { gf_fprintf(sdump->trace, ""[""); } else if (sf_type==GF_SG_VRML_SFSTRING) { gf_fprintf(sdump->trace, "" value=\'""); } else { StartAttribute(sdump, ""value""); } for (i=0; icount; i++) { if (i) gf_fprintf(sdump->trace, "" ""); gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, 1, parent); } if (!sdump->XMLDump) { gf_fprintf(sdump->trace, ""]""); } else if (sf_type==GF_SG_VRML_SFSTRING) { gf_fprintf(sdump->trace, ""\'""); } else { EndAttribute(sdump); } } }",visit repo url,src/scene_manager/scene_dump.c,https://github.com/gpac/gpac,15620326075730,1 2548,['CWE-119'],"int do_diff_cache(const unsigned char *tree_sha1, struct diff_options *opt) { struct tree *tree; struct rev_info revs; int i; struct cache_entry **dst; struct cache_entry *last = NULL; struct unpack_trees_options opts; struct tree_desc t; struct oneway_unpack_data unpack_cb; dst = active_cache; for (i = 0; i < active_nr; i++) { struct cache_entry *ce = active_cache[i]; if (ce_stage(ce)) { if (last && !strcmp(ce->name, last->name)) continue; cache_tree_invalidate_path(active_cache_tree, ce->name); last = ce; ce->ce_flags |= CE_REMOVE; } *dst++ = ce; } active_nr = dst - active_cache; init_revisions(&revs, NULL); revs.prune_data = opt->paths; tree = parse_tree_indirect(tree_sha1); if (!tree) die(""bad tree object %s"", sha1_to_hex(tree_sha1)); unpack_cb.revs = &revs; unpack_cb.symcache[0] = '\0'; memset(&opts, 0, sizeof(opts)); opts.head_idx = 1; opts.index_only = 1; opts.merge = 1; opts.fn = oneway_diff; opts.unpack_data = &unpack_cb; opts.src_index = &the_index; opts.dst_index = &the_index; init_tree_desc(&t, tree->buffer, tree->size); if (unpack_trees(1, &t, &opts)) exit(128); return 0; }",git,,,139064340352749572711925018478001355249,0 4583,CWE-787,"GF_Err gf_hinter_track_process(GF_RTPHinter *tkHint) { GF_Err e; u32 i, descIndex, duration; u64 ts; u8 PadBits; GF_Fraction ft; GF_ISOSample *samp; tkHint->HintSample = tkHint->RTPTime = 0; tkHint->TotalSample = gf_isom_get_sample_count(tkHint->file, tkHint->TrackNum); ft.num = tkHint->rtp_p->sl_config.timestampResolution; ft.den = tkHint->OrigTimeScale; e = GF_OK; for (i=0; iTotalSample; i++) { samp = gf_isom_get_sample(tkHint->file, tkHint->TrackNum, i+1, &descIndex); if (!samp) return gf_isom_last_error(tkHint->file); tkHint->CurrentSample = i + 1; if (samp->IsRAP==RAP_REDUNDANT) { tkHint->rtp_p->sl_header.AU_sequenceNumber -= 1; samp->IsRAP = RAP; } ts = ft.num * (samp->DTS+samp->CTS_Offset) / ft.den; tkHint->rtp_p->sl_header.compositionTimeStamp = ts; ts = ft.num * samp->DTS / ft.den; tkHint->rtp_p->sl_header.decodingTimeStamp = ts; tkHint->rtp_p->sl_header.randomAccessPointFlag = samp->IsRAP; tkHint->base_offset_in_sample = 0; if (tkHint->rtp_p->slMap.IV_length) { GF_ISMASample *s = gf_isom_get_ismacryp_sample(tkHint->file, tkHint->TrackNum, samp, descIndex); if (s->flags & GF_ISOM_ISMA_USE_SEL_ENC) tkHint->base_offset_in_sample += 1; if (s->flags & GF_ISOM_ISMA_IS_ENCRYPTED) tkHint->base_offset_in_sample += s->IV_length + s->KI_length; gf_free(samp->data); samp->data = s->data; samp->dataLength = s->dataLength; gf_rtp_builder_set_cryp_info(tkHint->rtp_p, s->IV, (char*)s->key_indicator, (s->flags & GF_ISOM_ISMA_IS_ENCRYPTED) ? 1 : 0); s->data = NULL; s->dataLength = 0; gf_isom_ismacryp_delete_sample(s); } if (tkHint->rtp_p->sl_config.usePaddingFlag) { gf_isom_get_sample_padding_bits(tkHint->file, tkHint->TrackNum, i+1, &PadBits); tkHint->rtp_p->sl_header.paddingBits = PadBits; } else { tkHint->rtp_p->sl_header.paddingBits = 0; } duration = gf_isom_get_sample_duration(tkHint->file, tkHint->TrackNum, i+1); if (tkHint->avc_nalu_size) { u32 v, size; u32 remain = samp->dataLength; char *ptr = samp->data; tkHint->rtp_p->sl_header.accessUnitStartFlag = 1; tkHint->rtp_p->sl_header.accessUnitEndFlag = 0; while (remain) { size = 0; v = tkHint->avc_nalu_size; if (v>remain) { GF_LOG(GF_LOG_ERROR, GF_LOG_RTP, (""[rtp hinter] Broken AVC nalu encapsulation: NALU size length is %d but only %d bytes left in sample %d\n"", v, remain, tkHint->CurrentSample)); break; } while (v) { size |= (u8) *ptr; ptr++; remain--; v-=1; if (v) size<<=8; } tkHint->base_offset_in_sample = samp->dataLength-remain; if (remain < size) { GF_LOG(GF_LOG_ERROR, GF_LOG_RTP, (""[rtp hinter] Broken AVC nalu encapsulation: NALU size is %d but only %d bytes left in sample %d\n"", size, remain, tkHint->CurrentSample)); break; } remain -= size; tkHint->rtp_p->sl_header.accessUnitEndFlag = remain ? 0 : 1; e = gf_rtp_builder_process(tkHint->rtp_p, ptr, size, (u8) !remain, samp->dataLength, duration, (u8) (descIndex + GF_RTP_TX3G_SIDX_OFFSET) ); ptr += size; tkHint->rtp_p->sl_header.accessUnitStartFlag = 0; } } else { e = gf_rtp_builder_process(tkHint->rtp_p, samp->data, samp->dataLength, 1, samp->dataLength, duration, (u8) (descIndex + GF_RTP_TX3G_SIDX_OFFSET) ); } tkHint->rtp_p->sl_header.packetSequenceNumber += 1; gf_set_progress(""Hinting"", tkHint->CurrentSample, tkHint->TotalSample); tkHint->rtp_p->sl_header.AU_sequenceNumber += 1; gf_isom_sample_del(&samp); if (e) return e; } gf_rtp_builder_process(tkHint->rtp_p, NULL, 0, 1, 0, 0, 0); gf_isom_end_hint_sample(tkHint->file, tkHint->HintTrack, (u8) tkHint->SampleIsRAP); return GF_OK; }",visit repo url,src/media_tools/isom_hinter.c,https://github.com/gpac/gpac,266008199433632,1 3234,CWE-125,"ip_printroute(netdissect_options *ndo, register const u_char *cp, u_int length) { register u_int ptr; register u_int len; if (length < 3) { ND_PRINT((ndo, "" [bad length %u]"", length)); return; } if ((length + 1) & 3) ND_PRINT((ndo, "" [bad length %u]"", length)); ptr = cp[2] - 1; if (ptr < 3 || ((ptr + 1) & 3) || ptr > length + 1) ND_PRINT((ndo, "" [bad ptr %u]"", cp[2])); for (len = 3; len < length; len += 4) { ND_PRINT((ndo, "" %s"", ipaddr_string(ndo, &cp[len]))); if (ptr > len) ND_PRINT((ndo, "","")); } }",visit repo url,print-ip.c,https://github.com/the-tcpdump-group/tcpdump,103606575858604,1 1183,['CWE-189'],"static void __devinit init_hrtimers_cpu(int cpu) { struct hrtimer_cpu_base *cpu_base = &per_cpu(hrtimer_bases, cpu); int i; spin_lock_init(&cpu_base->lock); lockdep_set_class(&cpu_base->lock, &cpu_base->lock_key); for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++) cpu_base->clock_base[i].cpu_base = cpu_base; hrtimer_init_hres(cpu_base); }",linux-2.6,,,44337289243387065544774910249451194795,0 1463,CWE-19,"static int nft_flush_table(struct nft_ctx *ctx) { int err; struct nft_chain *chain, *nc; struct nft_set *set, *ns; list_for_each_entry_safe(chain, nc, &ctx->table->chains, list) { ctx->chain = chain; err = nft_delrule_by_chain(ctx); if (err < 0) goto out; err = nft_delchain(ctx); if (err < 0) goto out; } list_for_each_entry_safe(set, ns, &ctx->table->sets, list) { if (set->flags & NFT_SET_ANONYMOUS && !list_empty(&set->bindings)) continue; err = nft_delset(ctx, set); if (err < 0) goto out; } err = nft_deltable(ctx); out: return err; }",visit repo url,net/netfilter/nf_tables_api.c,https://github.com/torvalds/linux,180988221841105,1 1121,CWE-362,"static int do_ip_setsockopt(struct sock *sk, int level, int optname, char __user *optval, unsigned int optlen) { struct inet_sock *inet = inet_sk(sk); int val = 0, err; if (((1<= sizeof(int)) { if (get_user(val, (int __user *) optval)) return -EFAULT; } else if (optlen >= sizeof(char)) { unsigned char ucval; if (get_user(ucval, (unsigned char __user *) optval)) return -EFAULT; val = (int) ucval; } } if (ip_mroute_opt(optname)) return ip_mroute_setsockopt(sk, optname, optval, optlen); err = 0; lock_sock(sk); switch (optname) { case IP_OPTIONS: { struct ip_options *opt = NULL; if (optlen > 40) goto e_inval; err = ip_options_get_from_user(sock_net(sk), &opt, optval, optlen); if (err) break; if (inet->is_icsk) { struct inet_connection_sock *icsk = inet_csk(sk); #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) if (sk->sk_family == PF_INET || (!((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) && inet->inet_daddr != LOOPBACK4_IPV6)) { #endif if (inet->opt) icsk->icsk_ext_hdr_len -= inet->opt->optlen; if (opt) icsk->icsk_ext_hdr_len += opt->optlen; icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie); #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) } #endif } opt = xchg(&inet->opt, opt); kfree(opt); break; } case IP_PKTINFO: if (val) inet->cmsg_flags |= IP_CMSG_PKTINFO; else inet->cmsg_flags &= ~IP_CMSG_PKTINFO; break; case IP_RECVTTL: if (val) inet->cmsg_flags |= IP_CMSG_TTL; else inet->cmsg_flags &= ~IP_CMSG_TTL; break; case IP_RECVTOS: if (val) inet->cmsg_flags |= IP_CMSG_TOS; else inet->cmsg_flags &= ~IP_CMSG_TOS; break; case IP_RECVOPTS: if (val) inet->cmsg_flags |= IP_CMSG_RECVOPTS; else inet->cmsg_flags &= ~IP_CMSG_RECVOPTS; break; case IP_RETOPTS: if (val) inet->cmsg_flags |= IP_CMSG_RETOPTS; else inet->cmsg_flags &= ~IP_CMSG_RETOPTS; break; case IP_PASSSEC: if (val) inet->cmsg_flags |= IP_CMSG_PASSSEC; else inet->cmsg_flags &= ~IP_CMSG_PASSSEC; break; case IP_RECVORIGDSTADDR: if (val) inet->cmsg_flags |= IP_CMSG_ORIGDSTADDR; else inet->cmsg_flags &= ~IP_CMSG_ORIGDSTADDR; break; case IP_TOS: if (sk->sk_type == SOCK_STREAM) { val &= ~3; val |= inet->tos & 3; } if (inet->tos != val) { inet->tos = val; sk->sk_priority = rt_tos2priority(val); sk_dst_reset(sk); } break; case IP_TTL: if (optlen < 1) goto e_inval; if (val != -1 && (val < 0 || val > 255)) goto e_inval; inet->uc_ttl = val; break; case IP_HDRINCL: if (sk->sk_type != SOCK_RAW) { err = -ENOPROTOOPT; break; } inet->hdrincl = val ? 1 : 0; break; case IP_NODEFRAG: if (sk->sk_type != SOCK_RAW) { err = -ENOPROTOOPT; break; } inet->nodefrag = val ? 1 : 0; break; case IP_MTU_DISCOVER: if (val < IP_PMTUDISC_DONT || val > IP_PMTUDISC_PROBE) goto e_inval; inet->pmtudisc = val; break; case IP_RECVERR: inet->recverr = !!val; if (!val) skb_queue_purge(&sk->sk_error_queue); break; case IP_MULTICAST_TTL: if (sk->sk_type == SOCK_STREAM) goto e_inval; if (optlen < 1) goto e_inval; if (val == -1) val = 1; if (val < 0 || val > 255) goto e_inval; inet->mc_ttl = val; break; case IP_MULTICAST_LOOP: if (optlen < 1) goto e_inval; inet->mc_loop = !!val; break; case IP_MULTICAST_IF: { struct ip_mreqn mreq; struct net_device *dev = NULL; if (sk->sk_type == SOCK_STREAM) goto e_inval; if (optlen < sizeof(struct in_addr)) goto e_inval; err = -EFAULT; if (optlen >= sizeof(struct ip_mreqn)) { if (copy_from_user(&mreq, optval, sizeof(mreq))) break; } else { memset(&mreq, 0, sizeof(mreq)); if (optlen >= sizeof(struct in_addr) && copy_from_user(&mreq.imr_address, optval, sizeof(struct in_addr))) break; } if (!mreq.imr_ifindex) { if (mreq.imr_address.s_addr == htonl(INADDR_ANY)) { inet->mc_index = 0; inet->mc_addr = 0; err = 0; break; } dev = ip_dev_find(sock_net(sk), mreq.imr_address.s_addr); if (dev) mreq.imr_ifindex = dev->ifindex; } else dev = dev_get_by_index(sock_net(sk), mreq.imr_ifindex); err = -EADDRNOTAVAIL; if (!dev) break; dev_put(dev); err = -EINVAL; if (sk->sk_bound_dev_if && mreq.imr_ifindex != sk->sk_bound_dev_if) break; inet->mc_index = mreq.imr_ifindex; inet->mc_addr = mreq.imr_address.s_addr; err = 0; break; } case IP_ADD_MEMBERSHIP: case IP_DROP_MEMBERSHIP: { struct ip_mreqn mreq; err = -EPROTO; if (inet_sk(sk)->is_icsk) break; if (optlen < sizeof(struct ip_mreq)) goto e_inval; err = -EFAULT; if (optlen >= sizeof(struct ip_mreqn)) { if (copy_from_user(&mreq, optval, sizeof(mreq))) break; } else { memset(&mreq, 0, sizeof(mreq)); if (copy_from_user(&mreq, optval, sizeof(struct ip_mreq))) break; } if (optname == IP_ADD_MEMBERSHIP) err = ip_mc_join_group(sk, &mreq); else err = ip_mc_leave_group(sk, &mreq); break; } case IP_MSFILTER: { struct ip_msfilter *msf; if (optlen < IP_MSFILTER_SIZE(0)) goto e_inval; if (optlen > sysctl_optmem_max) { err = -ENOBUFS; break; } msf = kmalloc(optlen, GFP_KERNEL); if (!msf) { err = -ENOBUFS; break; } err = -EFAULT; if (copy_from_user(msf, optval, optlen)) { kfree(msf); break; } if (msf->imsf_numsrc >= 0x3ffffffcU || msf->imsf_numsrc > sysctl_igmp_max_msf) { kfree(msf); err = -ENOBUFS; break; } if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) { kfree(msf); err = -EINVAL; break; } err = ip_mc_msfilter(sk, msf, 0); kfree(msf); break; } case IP_BLOCK_SOURCE: case IP_UNBLOCK_SOURCE: case IP_ADD_SOURCE_MEMBERSHIP: case IP_DROP_SOURCE_MEMBERSHIP: { struct ip_mreq_source mreqs; int omode, add; if (optlen != sizeof(struct ip_mreq_source)) goto e_inval; if (copy_from_user(&mreqs, optval, sizeof(mreqs))) { err = -EFAULT; break; } if (optname == IP_BLOCK_SOURCE) { omode = MCAST_EXCLUDE; add = 1; } else if (optname == IP_UNBLOCK_SOURCE) { omode = MCAST_EXCLUDE; add = 0; } else if (optname == IP_ADD_SOURCE_MEMBERSHIP) { struct ip_mreqn mreq; mreq.imr_multiaddr.s_addr = mreqs.imr_multiaddr; mreq.imr_address.s_addr = mreqs.imr_interface; mreq.imr_ifindex = 0; err = ip_mc_join_group(sk, &mreq); if (err && err != -EADDRINUSE) break; omode = MCAST_INCLUDE; add = 1; } else { omode = MCAST_INCLUDE; add = 0; } err = ip_mc_source(add, omode, sk, &mreqs, 0); break; } case MCAST_JOIN_GROUP: case MCAST_LEAVE_GROUP: { struct group_req greq; struct sockaddr_in *psin; struct ip_mreqn mreq; if (optlen < sizeof(struct group_req)) goto e_inval; err = -EFAULT; if (copy_from_user(&greq, optval, sizeof(greq))) break; psin = (struct sockaddr_in *)&greq.gr_group; if (psin->sin_family != AF_INET) goto e_inval; memset(&mreq, 0, sizeof(mreq)); mreq.imr_multiaddr = psin->sin_addr; mreq.imr_ifindex = greq.gr_interface; if (optname == MCAST_JOIN_GROUP) err = ip_mc_join_group(sk, &mreq); else err = ip_mc_leave_group(sk, &mreq); break; } case MCAST_JOIN_SOURCE_GROUP: case MCAST_LEAVE_SOURCE_GROUP: case MCAST_BLOCK_SOURCE: case MCAST_UNBLOCK_SOURCE: { struct group_source_req greqs; struct ip_mreq_source mreqs; struct sockaddr_in *psin; int omode, add; if (optlen != sizeof(struct group_source_req)) goto e_inval; if (copy_from_user(&greqs, optval, sizeof(greqs))) { err = -EFAULT; break; } if (greqs.gsr_group.ss_family != AF_INET || greqs.gsr_source.ss_family != AF_INET) { err = -EADDRNOTAVAIL; break; } psin = (struct sockaddr_in *)&greqs.gsr_group; mreqs.imr_multiaddr = psin->sin_addr.s_addr; psin = (struct sockaddr_in *)&greqs.gsr_source; mreqs.imr_sourceaddr = psin->sin_addr.s_addr; mreqs.imr_interface = 0; if (optname == MCAST_BLOCK_SOURCE) { omode = MCAST_EXCLUDE; add = 1; } else if (optname == MCAST_UNBLOCK_SOURCE) { omode = MCAST_EXCLUDE; add = 0; } else if (optname == MCAST_JOIN_SOURCE_GROUP) { struct ip_mreqn mreq; psin = (struct sockaddr_in *)&greqs.gsr_group; mreq.imr_multiaddr = psin->sin_addr; mreq.imr_address.s_addr = 0; mreq.imr_ifindex = greqs.gsr_interface; err = ip_mc_join_group(sk, &mreq); if (err && err != -EADDRINUSE) break; greqs.gsr_interface = mreq.imr_ifindex; omode = MCAST_INCLUDE; add = 1; } else { omode = MCAST_INCLUDE; add = 0; } err = ip_mc_source(add, omode, sk, &mreqs, greqs.gsr_interface); break; } case MCAST_MSFILTER: { struct sockaddr_in *psin; struct ip_msfilter *msf = NULL; struct group_filter *gsf = NULL; int msize, i, ifindex; if (optlen < GROUP_FILTER_SIZE(0)) goto e_inval; if (optlen > sysctl_optmem_max) { err = -ENOBUFS; break; } gsf = kmalloc(optlen, GFP_KERNEL); if (!gsf) { err = -ENOBUFS; break; } err = -EFAULT; if (copy_from_user(gsf, optval, optlen)) goto mc_msf_out; if (gsf->gf_numsrc >= 0x1ffffff || gsf->gf_numsrc > sysctl_igmp_max_msf) { err = -ENOBUFS; goto mc_msf_out; } if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen) { err = -EINVAL; goto mc_msf_out; } msize = IP_MSFILTER_SIZE(gsf->gf_numsrc); msf = kmalloc(msize, GFP_KERNEL); if (!msf) { err = -ENOBUFS; goto mc_msf_out; } ifindex = gsf->gf_interface; psin = (struct sockaddr_in *)&gsf->gf_group; if (psin->sin_family != AF_INET) { err = -EADDRNOTAVAIL; goto mc_msf_out; } msf->imsf_multiaddr = psin->sin_addr.s_addr; msf->imsf_interface = 0; msf->imsf_fmode = gsf->gf_fmode; msf->imsf_numsrc = gsf->gf_numsrc; err = -EADDRNOTAVAIL; for (i = 0; i < gsf->gf_numsrc; ++i) { psin = (struct sockaddr_in *)&gsf->gf_slist[i]; if (psin->sin_family != AF_INET) goto mc_msf_out; msf->imsf_slist[i] = psin->sin_addr.s_addr; } kfree(gsf); gsf = NULL; err = ip_mc_msfilter(sk, msf, ifindex); mc_msf_out: kfree(msf); kfree(gsf); break; } case IP_MULTICAST_ALL: if (optlen < 1) goto e_inval; if (val != 0 && val != 1) goto e_inval; inet->mc_all = val; break; case IP_ROUTER_ALERT: err = ip_ra_control(sk, val ? 1 : 0, NULL); break; case IP_FREEBIND: if (optlen < 1) goto e_inval; inet->freebind = !!val; break; case IP_IPSEC_POLICY: case IP_XFRM_POLICY: err = -EPERM; if (!capable(CAP_NET_ADMIN)) break; err = xfrm_user_policy(sk, optname, optval, optlen); break; case IP_TRANSPARENT: if (!capable(CAP_NET_ADMIN)) { err = -EPERM; break; } if (optlen < 1) goto e_inval; inet->transparent = !!val; break; case IP_MINTTL: if (optlen < 1) goto e_inval; if (val < 0 || val > 255) goto e_inval; inet->min_ttl = val; break; default: err = -ENOPROTOOPT; break; } release_sock(sk); return err; e_inval: release_sock(sk); return -EINVAL; }",visit repo url,net/ipv4/ip_sockglue.c,https://github.com/torvalds/linux,138432762939600,1 1286,[],"m4_regexp (struct obstack *obs, int argc, token_data **argv) { const char *victim; const char *regexp; const char *repl; struct re_pattern_buffer buf; struct re_registers regs; const char *msg; int startpos; int length; if (bad_argc (argv[0], argc, 3, 4)) { if (argc == 2) shipout_int (obs, 0); return; } victim = TOKEN_DATA_TEXT (argv[1]); regexp = TOKEN_DATA_TEXT (argv[2]); init_pattern_buffer (&buf, ®s); msg = re_compile_pattern (regexp, strlen (regexp), &buf); if (msg != NULL) { M4ERROR ((warning_status, 0, ""bad regular expression: `%s': %s"", regexp, msg)); free_pattern_buffer (&buf, ®s); return; } length = strlen (victim); startpos = re_search (&buf, victim, length, 0, length, argc == 3 ? NULL : ®s); if (startpos == -2) M4ERROR ((warning_status, 0, ""error matching regular expression `%s'"", regexp)); else if (argc == 3) shipout_int (obs, startpos); else if (startpos >= 0) { repl = TOKEN_DATA_TEXT (argv[3]); substitute (obs, victim, repl, ®s); } free_pattern_buffer (&buf, ®s); }",m4,,,29223973710942386824457395147563595195,0 2421,CWE-119,"static void parse_content_range(URLContext *h, const char *p) { HTTPContext *s = h->priv_data; const char *slash; if (!strncmp(p, ""bytes "", 6)) { p += 6; s->off = strtoll(p, NULL, 10); if ((slash = strchr(p, '/')) && strlen(slash) > 0) s->filesize = strtoll(slash + 1, NULL, 10); } if (s->seekable == -1 && (!s->is_akamai || s->filesize != 2147483647)) h->is_streamed = 0; }",visit repo url,libavformat/http.c,https://github.com/FFmpeg/FFmpeg,80394293372281,1 3749,CWE-125,"name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { int name_end = -1; int j = *idx; int ptr_count = 0; #define GET32(x) do { if (j + 4 > length) goto err; memcpy(&t32_, packet + j, 4); j += 4; x = ntohl(t32_); } while (0) #define GET16(x) do { if (j + 2 > length) goto err; memcpy(&t_, packet + j, 2); j += 2; x = ntohs(t_); } while (0) #define GET8(x) do { if (j >= length) goto err; x = packet[j++]; } while (0) char *cp = name_out; const char *const end = name_out + name_out_len; for (;;) { u8 label_len; if (j >= length) return -1; GET8(label_len); if (!label_len) break; if (label_len & 0xc0) { u8 ptr_low; GET8(ptr_low); if (name_end < 0) name_end = j; j = (((int)label_len & 0x3f) << 8) + ptr_low; if (j < 0 || j >= length) return -1; if (++ptr_count > length) return -1; continue; } if (label_len > 63) return -1; if (cp != name_out) { if (cp + 1 >= end) return -1; *cp++ = '.'; } if (cp + label_len >= end) return -1; memcpy(cp, packet + j, label_len); cp += label_len; j += label_len; } if (cp >= end) return -1; *cp = '\0'; if (name_end < 0) *idx = j; else *idx = name_end; return 0; err: return -1; }",visit repo url,evdns.c,https://github.com/libevent/libevent,132214673863393,1 2722,[],"SCTP_STATIC int sctp_msghdr_parse(const struct msghdr *msg, sctp_cmsgs_t *cmsgs) { struct cmsghdr *cmsg; struct msghdr *my_msg = (struct msghdr *)msg; for (cmsg = CMSG_FIRSTHDR(msg); cmsg != NULL; cmsg = CMSG_NXTHDR(my_msg, cmsg)) { if (!CMSG_OK(my_msg, cmsg)) return -EINVAL; if (cmsg->cmsg_level != IPPROTO_SCTP) continue; switch (cmsg->cmsg_type) { case SCTP_INIT: if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct sctp_initmsg))) return -EINVAL; cmsgs->init = (struct sctp_initmsg *)CMSG_DATA(cmsg); break; case SCTP_SNDRCV: if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct sctp_sndrcvinfo))) return -EINVAL; cmsgs->info = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); if (cmsgs->info->sinfo_flags & ~(SCTP_UNORDERED | SCTP_ADDR_OVER | SCTP_ABORT | SCTP_EOF)) return -EINVAL; break; default: return -EINVAL; } } return 0; }",linux-2.6,,,238248846431930855092422279891434646326,0 2119,['CWE-119'],"static inline unsigned long get_desc_limit(const struct desc_struct *desc) { return desc->limit0 | (desc->limit << 16); }",linux-2.6,,,214069198175820608636587515501880547139,0 4111,['CWE-399'],"static int sg_get_timeout(struct request_queue *q) { return q->sg_timeout / (HZ / USER_HZ); }",linux-2.6,,,117712159797224127001937928327752497592,0 1660,[],"__move_group_shares(struct task_group *tg, struct sched_domain *sd, int scpu, int dcpu) { unsigned long shares; shares = tg->cfs_rq[scpu]->shares + tg->cfs_rq[dcpu]->shares; __update_group_shares_cpu(tg, sd, scpu); __update_group_shares_cpu(tg, sd, dcpu); shares -= tg->cfs_rq[scpu]->shares + tg->cfs_rq[dcpu]->shares; if (shares) tg->cfs_rq[dcpu]->shares += shares; }",linux-2.6,,,189937755279518016350748594393845699950,0 309,[],"static int mt_ioctl_trans(unsigned int fd, unsigned int cmd, unsigned long arg) { mm_segment_t old_fs = get_fs(); struct mtget get; struct mtget32 __user *umget32; struct mtpos pos; struct mtpos32 __user *upos32; unsigned long kcmd; void *karg; int err = 0; switch(cmd) { case MTIOCPOS32: kcmd = MTIOCPOS; karg = &pos; break; case MTIOCGET32: kcmd = MTIOCGET; karg = &get; break; default: do { static int count; if (++count <= 20) printk(""mt_ioctl: Unknown cmd fd(%d) "" ""cmd(%08x) arg(%08x)\n"", (int)fd, (unsigned int)cmd, (unsigned int)arg); } while(0); return -EINVAL; } set_fs (KERNEL_DS); err = sys_ioctl (fd, kcmd, (unsigned long)karg); set_fs (old_fs); if (err) return err; switch (cmd) { case MTIOCPOS32: upos32 = compat_ptr(arg); err = __put_user(pos.mt_blkno, &upos32->mt_blkno); break; case MTIOCGET32: umget32 = compat_ptr(arg); err = __put_user(get.mt_type, &umget32->mt_type); err |= __put_user(get.mt_resid, &umget32->mt_resid); err |= __put_user(get.mt_dsreg, &umget32->mt_dsreg); err |= __put_user(get.mt_gstat, &umget32->mt_gstat); err |= __put_user(get.mt_erreg, &umget32->mt_erreg); err |= __put_user(get.mt_fileno, &umget32->mt_fileno); err |= __put_user(get.mt_blkno, &umget32->mt_blkno); break; } return err ? -EFAULT: 0; }",linux-2.6,,,58698381982449183396200727433969922447,0 1394,CWE-310,"static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_blkcipher rblkcipher; snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""givcipher""); snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", alg->cra_ablkcipher.geniv ?: """"); rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize; rblkcipher.ivsize = alg->cra_ablkcipher.ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, sizeof(struct crypto_report_blkcipher), &rblkcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/ablkcipher.c,https://github.com/torvalds/linux,228992141557548,1 2288,CWE-119,"static inline struct futex_hash_bucket *queue_lock(struct futex_q *q) { struct futex_hash_bucket *hb; get_futex_key_refs(&q->key); hb = hash_futex(&q->key); q->lock_ptr = &hb->lock; spin_lock(&hb->lock); return hb; }",visit repo url,kernel/futex.c,https://github.com/torvalds/linux,59737140605234,1 5679,['CWE-476'],"static void udpv6_close(struct sock *sk, long timeout) { sk_common_release(sk); }",linux-2.6,,,206009106967811932486546168012491735192,0 1783,[],"iter_move_one_task(struct rq *this_rq, int this_cpu, struct rq *busiest, struct sched_domain *sd, enum cpu_idle_type idle, struct rq_iterator *iterator) { struct task_struct *p = iterator->start(iterator->arg); int pinned = 0; while (p) { if (can_migrate_task(p, busiest, this_cpu, sd, idle, &pinned)) { pull_task(busiest, p, this_rq, this_cpu); schedstat_inc(sd, lb_gained[idle]); return 1; } p = iterator->next(iterator->arg); } return 0; }",linux-2.6,,,47521398064954262064356444455156266617,0 302,CWE-388,"static int cp2112_gpio_direction_input(struct gpio_chip *chip, unsigned offset) { struct cp2112_device *dev = gpiochip_get_data(chip); struct hid_device *hdev = dev->hdev; u8 *buf = dev->in_out_buffer; int ret; mutex_lock(&dev->lock); ret = hid_hw_raw_request(hdev, CP2112_GPIO_CONFIG, buf, CP2112_GPIO_CONFIG_LENGTH, HID_FEATURE_REPORT, HID_REQ_GET_REPORT); if (ret != CP2112_GPIO_CONFIG_LENGTH) { hid_err(hdev, ""error requesting GPIO config: %d\n"", ret); goto exit; } buf[1] &= ~(1 << offset); buf[2] = gpio_push_pull; ret = hid_hw_raw_request(hdev, CP2112_GPIO_CONFIG, buf, CP2112_GPIO_CONFIG_LENGTH, HID_FEATURE_REPORT, HID_REQ_SET_REPORT); if (ret < 0) { hid_err(hdev, ""error setting GPIO config: %d\n"", ret); goto exit; } ret = 0; exit: mutex_unlock(&dev->lock); return ret <= 0 ? ret : -EIO; }",visit repo url,drivers/hid/hid-cp2112.c,https://github.com/torvalds/linux,64677997887312,1 66,['CWE-787'],"static uint32_t cirrus_linear_bitblt_readl(void *opaque, target_phys_addr_t addr) { uint32_t v; #ifdef TARGET_WORDS_BIGENDIAN v = cirrus_linear_bitblt_readb(opaque, addr) << 24; v |= cirrus_linear_bitblt_readb(opaque, addr + 1) << 16; v |= cirrus_linear_bitblt_readb(opaque, addr + 2) << 8; v |= cirrus_linear_bitblt_readb(opaque, addr + 3); #else v = cirrus_linear_bitblt_readb(opaque, addr); v |= cirrus_linear_bitblt_readb(opaque, addr + 1) << 8; v |= cirrus_linear_bitblt_readb(opaque, addr + 2) << 16; v |= cirrus_linear_bitblt_readb(opaque, addr + 3) << 24; #endif return v; }",qemu,,,201257623220802248054218539134876526667,0 4561,['CWE-20'],"static int ext4_mkdir(struct inode *dir, struct dentry *dentry, int mode) { handle_t *handle; struct inode *inode; struct buffer_head *dir_block; struct ext4_dir_entry_2 *de; int err, retries = 0; if (EXT4_DIR_LINK_MAX(dir)) return -EMLINK; retry: handle = ext4_journal_start(dir, EXT4_DATA_TRANS_BLOCKS(dir->i_sb) + EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3 + 2*EXT4_QUOTA_INIT_BLOCKS(dir->i_sb)); if (IS_ERR(handle)) return PTR_ERR(handle); if (IS_DIRSYNC(dir)) ext4_handle_sync(handle); inode = ext4_new_inode(handle, dir, S_IFDIR | mode); err = PTR_ERR(inode); if (IS_ERR(inode)) goto out_stop; inode->i_op = &ext4_dir_inode_operations; inode->i_fop = &ext4_dir_operations; inode->i_size = EXT4_I(inode)->i_disksize = inode->i_sb->s_blocksize; dir_block = ext4_bread(handle, inode, 0, 1, &err); if (!dir_block) goto out_clear_inode; BUFFER_TRACE(dir_block, ""get_write_access""); ext4_journal_get_write_access(handle, dir_block); de = (struct ext4_dir_entry_2 *) dir_block->b_data; de->inode = cpu_to_le32(inode->i_ino); de->name_len = 1; de->rec_len = ext4_rec_len_to_disk(EXT4_DIR_REC_LEN(de->name_len)); strcpy(de->name, "".""); ext4_set_de_type(dir->i_sb, de, S_IFDIR); de = ext4_next_entry(de); de->inode = cpu_to_le32(dir->i_ino); de->rec_len = ext4_rec_len_to_disk(inode->i_sb->s_blocksize - EXT4_DIR_REC_LEN(1)); de->name_len = 2; strcpy(de->name, ""..""); ext4_set_de_type(dir->i_sb, de, S_IFDIR); inode->i_nlink = 2; BUFFER_TRACE(dir_block, ""call ext4_handle_dirty_metadata""); ext4_handle_dirty_metadata(handle, dir, dir_block); brelse(dir_block); ext4_mark_inode_dirty(handle, inode); err = ext4_add_entry(handle, dentry, inode); if (err) { out_clear_inode: clear_nlink(inode); unlock_new_inode(inode); ext4_mark_inode_dirty(handle, inode); iput(inode); goto out_stop; } ext4_inc_count(handle, dir); ext4_update_dx_flag(dir); ext4_mark_inode_dirty(handle, dir); d_instantiate(dentry, inode); unlock_new_inode(inode); out_stop: ext4_journal_stop(handle); if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries)) goto retry; return err; }",linux-2.6,,,21845364206062429186617384049110770370,0 1575,CWE-362,"void sctp_generate_t3_rtx_event(unsigned long peer) { int error; struct sctp_transport *transport = (struct sctp_transport *) peer; struct sctp_association *asoc = transport->asoc; struct net *net = sock_net(asoc->base.sk); bh_lock_sock(asoc->base.sk); if (sock_owned_by_user(asoc->base.sk)) { pr_debug(""%s: sock is busy\n"", __func__); if (!mod_timer(&transport->T3_rtx_timer, jiffies + (HZ/20))) sctp_transport_hold(transport); goto out_unlock; } if (transport->dead) goto out_unlock; error = sctp_do_sm(net, SCTP_EVENT_T_TIMEOUT, SCTP_ST_TIMEOUT(SCTP_EVENT_TIMEOUT_T3_RTX), asoc->state, asoc->ep, asoc, transport, GFP_ATOMIC); if (error) asoc->base.sk->sk_err = -error; out_unlock: bh_unlock_sock(asoc->base.sk); sctp_transport_put(transport); }",visit repo url,net/sctp/sm_sideeffect.c,https://github.com/torvalds/linux,91053551867017,1 5169,['CWE-20'],"static void vmcs_set_bits(unsigned long field, u32 mask) { vmcs_writel(field, vmcs_readl(field) | mask); }",linux-2.6,,,176105802863627423879686572843334331777,0 4901,CWE-787,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { #define MaxPixelChannels 32 #define ThrowTIFFException(severity,message) \ { \ if (pixel_info != (MemoryInfo *) NULL) \ pixel_info=RelinquishVirtualMemory(pixel_info); \ if (quantum_info != (QuantumInfo *) NULL) \ quantum_info=DestroyQuantumInfo(quantum_info); \ TIFFClose(tiff); \ ThrowReaderException(severity,message); \ } const char *option; float *chromaticity = (float *) NULL, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status = 0; MagickBooleanType more_frames; MagickStatusType status; MemoryInfo *pixel_info = (MemoryInfo *) NULL; QuantumInfo *quantum_info; QuantumType quantum_type; size_t number_pixels; ssize_t i, scanline_size, y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag = 0, bits_per_sample = 0, endian = 0, extra_samples = 0, interlace = 0, max_sample_value = 0, min_sample_value = 0, orientation = 0, pages = 0, photometric = 0, *sample_info = NULL, sample_format = 0, samples_per_pixel = 0, units = 0, value = 0; uint32 height, rows_per_strip, width; unsigned char *pixels; void *sans[8] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); if (IsEventLogging() != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); image=AcquireImage(image_info); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { if (exception->severity == UndefinedException) ThrowReaderException(CorruptImageError,""UnableToReadImageData""); image=DestroyImageList(image); return((Image *) NULL); } if (exception->severity > ErrorException) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t)TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } more_frames=MagickTrue; do { photometric=PHOTOMETRIC_RGB; if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value,sans) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (((sample_format != SAMPLEFORMAT_IEEEFP) || (bits_per_sample != 64)) && ((bits_per_sample <= 0) || (bits_per_sample > 32))) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""UnsupportedBitsPerPixel""); } if (samples_per_pixel > MaxPixelChannels) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""MaximumChannelsExceeded""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point""); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black""); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white""); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette""); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB""); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB""); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)""); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV""); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK""); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated""); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR""); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown""); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"")); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb""); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb""); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) image->colorspace=GRAYColorspace; if (photometric == PHOTOMETRIC_SEPARATED) image->colorspace=CMYKColorspace; if (photometric == PHOTOMETRIC_CIELAB) image->colorspace=LabColorspace; if ((photometric == PHOTOMETRIC_YCBCR) && (compress_tag != COMPRESSION_OJPEG) && (compress_tag != COMPRESSION_JPEG)) image->colorspace=YCbCrColorspace; status=TIFFGetProfiles(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=TIFFGetProperties(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } option=GetImageOption(image_info,""tiff:exif-properties""); if ((option == (const char *) NULL) || (IsMagickTrue(option) != MagickFalse)) (void) TIFFGetEXIFProperties(tiff,image); option=GetImageOption(image_info,""tiff:gps-properties""); if ((option == (const char *) NULL) || (IsMagickTrue(option) != MagickFalse)) (void) TIFFGetGPSProperties(tiff,image); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution,sans) == 1)) { image->x_resolution=x_resolution; image->y_resolution=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units,sans,sans) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1)) { image->page.x=CastDoubleToLong(ceil(x_position* image->x_resolution-0.5)); image->page.y=CastDoubleToLong(ceil(y_position* image->y_resolution-0.5)); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if ((chromaticity != (float *) NULL) && (*chromaticity != 0.0)) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MaxTextExtent]; int tiff_status; uint16 horizontal, vertical; tiff_status=TIFFGetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,&horizontal, &vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MaxTextExtent,""%dx%d"", horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; #if defined(COMPRESSION_WEBP) case COMPRESSION_WEBP: image->compression=WebPCompression; break; #endif #if defined(COMPRESSION_ZSTD) case COMPRESSION_ZSTD: image->compression=ZstdCompression; break; #endif default: image->compression=RLECompression; break; } quantum_info=(QuantumInfo *) NULL; if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages,sans) == 1) image->scene=value; if (image->storage_class == PseudoClass) { int tiff_status; size_t range; uint16 *blue_colormap = (uint16 *) NULL, *green_colormap = (uint16 *) NULL, *red_colormap = (uint16 *) NULL; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=SetImageColorspace(image,image->colorspace); status&=ResetImagePixels(image,exception); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } extra_samples=0; tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info,sans); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified""); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->matte=MagickTrue; } else for (i=0; i < extra_samples; i++) { image->matte=MagickTrue; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated""); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""unassociated""); } } } if (image->matte != MagickFalse) (void) SetImageAlphaChannel(image,OpaqueAlphaChannel); method=ReadGenericMethod; rows_per_strip=(uint32) image->rows; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char value[MaxTextExtent]; (void) FormatLocaleString(value,MaxTextExtent,""%u"",(unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",value); method=ReadStripMethod; if (rows_per_strip > (uint32) image->rows) rows_per_strip=(uint32) image->rows; } if (TIFFIsTiled(tiff) != MagickFalse) { uint32 columns, rows; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); if ((AcquireMagickResource(WidthResource,columns) == MagickFalse) || (AcquireMagickResource(HeightResource,rows) == MagickFalse)) ThrowTIFFException(ImageError,""WidthOrHeightExceedsLimit""); method=ReadTileMethod; } if ((photometric == PHOTOMETRIC_LOGLUV) || (compress_tag == COMPRESSION_CCITTFAX3)) method=ReadGenericMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); quantum_info->endian=LSBEndian; scanline_size=TIFFScanlineSize(tiff); if (scanline_size <= 0) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=MagickMax((MagickSizeType) image->columns*samples_per_pixel* pow(2.0,ceil(log(bits_per_sample)/log(2.0))),image->columns* rows_per_strip); if ((double) scanline_size > 1.5*number_pixels) ThrowTIFFException(CorruptImageError,""CorruptImage""); number_pixels=MagickMax((MagickSizeType) scanline_size,number_pixels); pixel_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); (void) ResetMagickMemory(pixels,0,number_pixels*sizeof(uint32)); quantum_type=GrayQuantum; if (image->storage_class == PseudoClass) quantum_type=IndexQuantum; if (interlace != PLANARCONFIG_SEPARATE) { size_t pad; pad=(size_t) MagickMax((ssize_t) samples_per_pixel-1,0); if (image->matte != MagickFalse) { if (image->storage_class == PseudoClass) quantum_type=IndexAlphaQuantum; else quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; } if ((samples_per_pixel > 2) && (interlace != PLANARCONFIG_SEPARATE)) { quantum_type=RGBQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel+ extra_samples-3,0); if (image->matte != MagickFalse) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel+ extra_samples-4,0); } if (image->colorspace == CMYKColorspace) { quantum_type=CMYKQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel+ extra_samples-4,0); if (image->matte != MagickFalse) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel+ extra_samples-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); } } switch (method) { case ReadYCCKMethod: { for (y=0; y < (ssize_t) image->rows; y++) { int status; IndexPacket *indexes; PixelPacket *magick_restrict q; ssize_t x; unsigned char *p; status=TIFFReadPixels(tiff,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; indexes=GetAuthenticIndexQueue(image); p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456))); SetPixelMagenta(q,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984))); SetPixelYellow(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816))); SetPixelBlack(indexes+x,ScaleCharToQuantum((unsigned char)*(p+3))); q++; p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { unsigned char *p; size_t extent; ssize_t stride, strip_id; tsize_t strip_size; unsigned char *strip_pixels; extent=4*(samples_per_pixel+1)*TIFFStripSize(tiff); strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*strip_pixels)); if (strip_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); stride=TIFFVStripSize(tiff,1); strip_id=0; p=strip_pixels; for (i=0; i < (ssize_t) samples_per_pixel; i++) { size_t rows_remaining; switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } rows_remaining=0; for (y=0; y < (ssize_t) image->rows; y++) { PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; if (rows_remaining == 0) { strip_size=TIFFReadEncodedStrip(tiff,strip_id,strip_pixels, TIFFStripSize(tiff)); if (strip_size == -1) break; rows_remaining=rows_per_strip; if ((y+rows_per_strip) > (ssize_t) image->rows) rows_remaining=(rows_per_strip-(y+rows_per_strip- image->rows)); p=strip_pixels; strip_id++; } (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=stride; rows_remaining--; if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } strip_pixels=(unsigned char *) RelinquishMagickMemory(strip_pixels); break; } case ReadTileMethod: { unsigned char *p; size_t extent; uint32 columns, rows; unsigned char *tile_pixels; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff), TIFFTileSize(tiff)); tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*tile_pixels)); if (tile_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(tile_pixels,0,extent*sizeof(*tile_pixels)); for (i=0; i < (ssize_t) samples_per_pixel; i++) { switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { quantum_type=AlphaQuantum; if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; default: break; } for (y=0; y < (ssize_t) image->rows; y+=rows) { ssize_t x; size_t rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t columns_remaining, row; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; tiff_status=TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y, 0,i); if (tiff_status == -1) break; p=tile_pixels; for (row=0; row < rows_remaining; row++) { PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,x,y+row,columns_remaining,1, exception); if (q == (PixelPacket *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=TIFFTileRowSize(tiff); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) i, samples_per_pixel); if (status == MagickFalse) break; } } tile_pixels=(unsigned char *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *generic_info = (MemoryInfo *) NULL; uint32 *p; uint32 *pixels; if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=(MagickSizeType) image->columns*image->rows; generic_info=AcquireVirtualMemory(number_pixels,sizeof(*pixels)); if (generic_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(uint32 *) GetVirtualMemoryBlob(generic_info); tiff_status=TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32) image->rows,(uint32 *) pixels,0); if (tiff_status == -1) { generic_info=RelinquishVirtualMemory(generic_info); break; } p=pixels+(image->columns*image->rows)-1; for (y=0; y < (ssize_t) image->rows; y++) { ssize_t x; PixelPacket *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; q+=image->columns-1; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(q,ScaleCharToQuantum((unsigned char) TIFFGetR(*p))); SetPixelGreen(q,ScaleCharToQuantum((unsigned char) TIFFGetG(*p))); SetPixelBlue(q,ScaleCharToQuantum((unsigned char) TIFFGetB(*p))); if (image->matte == MagickFalse) SetPixelOpacity(q,OpaqueOpacity); else SetPixelAlpha(q,ScaleCharToQuantum((unsigned char) TIFFGetA(*p))); p--; q--; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } generic_info=RelinquishVirtualMemory(generic_info); break; } } pixel_info=RelinquishVirtualMemory(pixel_info); SetQuantumImageType(image,quantum_type); next_tiff_frame: if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (tiff_status == -1) { status=MagickFalse; break; } if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; more_frames=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (more_frames != MagickFalse) { AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { status=MagickFalse; break; } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while ((status != MagickFalse) && (more_frames != MagickFalse)); TIFFClose(tiff); if ((image_info->number_scenes != 0) && (image_info->scene >= GetImageListLength(image))) status=MagickFalse; if (status == MagickFalse) return(DestroyImageList(image)); TIFFReadPhotoshopLayers(image_info,image,exception); return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick6,92407718727371,1 5756,['CWE-200'],"static int rose_create(struct net *net, struct socket *sock, int protocol) { struct sock *sk; struct rose_sock *rose; if (net != &init_net) return -EAFNOSUPPORT; if (sock->type != SOCK_SEQPACKET || protocol != 0) return -ESOCKTNOSUPPORT; sk = sk_alloc(net, PF_ROSE, GFP_ATOMIC, &rose_proto); if (sk == NULL) return -ENOMEM; rose = rose_sk(sk); sock_init_data(sock, sk); skb_queue_head_init(&rose->ack_queue); #ifdef M_BIT skb_queue_head_init(&rose->frag_queue); rose->fraglen = 0; #endif sock->ops = &rose_proto_ops; sk->sk_protocol = protocol; init_timer(&rose->timer); init_timer(&rose->idletimer); rose->t1 = msecs_to_jiffies(sysctl_rose_call_request_timeout); rose->t2 = msecs_to_jiffies(sysctl_rose_reset_request_timeout); rose->t3 = msecs_to_jiffies(sysctl_rose_clear_request_timeout); rose->hb = msecs_to_jiffies(sysctl_rose_ack_hold_back_timeout); rose->idle = msecs_to_jiffies(sysctl_rose_no_activity_timeout); rose->state = ROSE_STATE_0; return 0; }",linux-2.6,,,222990023099320885402266400235910187861,0 1024,CWE-476,"struct key *request_key_and_link(struct key_type *type, const char *description, const void *callout_info, size_t callout_len, void *aux, struct key *dest_keyring, unsigned long flags) { struct keyring_search_context ctx = { .index_key.type = type, .index_key.description = description, .cred = current_cred(), .match_data.cmp = type->match, .match_data.raw_data = description, .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, }; struct key *key; key_ref_t key_ref; int ret; kenter(""%s,%s,%p,%zu,%p,%p,%lx"", ctx.index_key.type->name, ctx.index_key.description, callout_info, callout_len, aux, dest_keyring, flags); if (type->match_preparse) { ret = type->match_preparse(&ctx.match_data); if (ret < 0) { key = ERR_PTR(ret); goto error; } } key_ref = search_process_keyrings(&ctx); if (!IS_ERR(key_ref)) { key = key_ref_to_ptr(key_ref); if (dest_keyring) { construct_get_dest_keyring(&dest_keyring); ret = key_link(dest_keyring, key); key_put(dest_keyring); if (ret < 0) { key_put(key); key = ERR_PTR(ret); goto error_free; } } } else if (PTR_ERR(key_ref) != -EAGAIN) { key = ERR_CAST(key_ref); } else { key = ERR_PTR(-ENOKEY); if (!callout_info) goto error_free; key = construct_key_and_link(&ctx, callout_info, callout_len, aux, dest_keyring, flags); } error_free: if (type->match_free) type->match_free(&ctx.match_data); error: kleave("" = %p"", key); return key; }",visit repo url,security/keys/request_key.c,https://github.com/torvalds/linux,196931399125641,1 4881,CWE-119,"static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf, size_t outlen, int invert) { const u8 *in = inbuf; u8 *out = (u8 *) outbuf; int zero_bits = *in & 0x07; size_t octets_left = inlen - 1; int i, count = 0; memset(outbuf, 0, outlen); in++; if (outlen < octets_left) return SC_ERROR_BUFFER_TOO_SMALL; if (inlen < 1) return SC_ERROR_INVALID_ASN1_OBJECT; while (octets_left) { int bits_to_go; *out = 0; if (octets_left == 1) bits_to_go = 8 - zero_bits; else bits_to_go = 8; if (invert) for (i = 0; i < bits_to_go; i++) { *out |= ((*in >> (7 - i)) & 1) << i; } else { *out = *in; } out++; in++; octets_left--; count++; } return (count * 8) - zero_bits; }",visit repo url,src/libopensc/asn1.c,https://github.com/OpenSC/OpenSC,118655602625870,1 456,[],"pfm_new_counter_value (pfm_counter_t *reg, int is_long_reset) { unsigned long val = is_long_reset ? reg->long_reset : reg->short_reset; unsigned long new_seed, old_seed = reg->seed, mask = reg->mask; extern unsigned long carta_random32 (unsigned long seed); if (reg->flags & PFM_REGFL_RANDOM) { new_seed = carta_random32(old_seed); val -= (old_seed & mask); if ((mask >> 32) != 0) new_seed |= carta_random32(old_seed >> 32) << 32; reg->seed = new_seed; } reg->lval = val; return val; }",linux-2.6,,,93144097660634716154733281436667192248,0 5801,CWE-190,"static int8_t parse_ext_option(uint16_t *dst, uint8_t **packet_data_pptr, uint8_t *packet_data_start_ptr, uint16_t packet_len, uint16_t *message_left) { uint16_t option_number = *dst; if (option_number == 13) { uint8_t option_ext; int8_t read_result = sn_coap_parser_read_packet_u8(&option_ext, *packet_data_pptr, packet_data_start_ptr, packet_len); if (read_result != 0) { tr_error(""sn_coap_parser_options_parse - **packet_data_pptr overflow !""); return -1; } else { option_number += option_ext; *message_left = sn_coap_parser_move_packet_ptr(packet_data_pptr, packet_data_start_ptr, packet_len, 1); } } else if (option_number == 14) { int8_t read_result = sn_coap_parser_read_packet_u16(&option_number, *packet_data_pptr, packet_data_start_ptr, packet_len); if (read_result != 0) { tr_error(""sn_coap_parser_options_parse - **packet_data_pptr overflow !""); return -1; } else { option_number += 269; *message_left = sn_coap_parser_move_packet_ptr(packet_data_pptr, packet_data_start_ptr, packet_len, 2); } } else if (option_number == 15) { tr_error(""sn_coap_parser_options_parse - invalid option number(15)!""); return -1; } *dst = option_number; return 0; }",visit repo url,source/sn_coap_parser.c,https://github.com/mjurczak/mbed-coap,251577035468665,1 4449,CWE-125,"static int xar_get_toc_data_values(xmlTextReaderPtr reader, long *length, long *offset, long *size, int *encoding, unsigned char ** a_cksum, int * a_hash, unsigned char ** e_cksum, int * e_hash) { const xmlChar *name; int indata = 0, inea = 0; int rc, gotoffset=0, gotlength=0, gotsize=0; *a_cksum = NULL; *a_hash = XAR_CKSUM_NONE; *e_cksum = NULL; *e_hash = XAR_CKSUM_NONE; *encoding = CL_TYPE_ANY; rc = xmlTextReaderRead(reader); while (rc == 1) { name = xmlTextReaderConstLocalName(reader); if (indata || inea) { if (xmlStrEqual(name, (const xmlChar *)""offset"") && xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { if (CL_SUCCESS == xar_get_numeric_from_xml_element(reader, offset)) gotoffset=1; } else if (xmlStrEqual(name, (const xmlChar *)""length"") && xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { if (CL_SUCCESS == xar_get_numeric_from_xml_element(reader, length)) gotlength=1; } else if (xmlStrEqual(name, (const xmlChar *)""size"") && xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { if (CL_SUCCESS == xar_get_numeric_from_xml_element(reader, size)) gotsize=1; } else if (xmlStrEqual(name, (const xmlChar *)""archived-checksum"") && xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { cli_dbgmsg(""cli_scanxar: :\n""); xar_get_checksum_values(reader, a_cksum, a_hash); } else if ((xmlStrEqual(name, (const xmlChar *)""extracted-checksum"") || xmlStrEqual(name, (const xmlChar *)""unarchived-checksum"")) && xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { cli_dbgmsg(""cli_scanxar: :\n""); xar_get_checksum_values(reader, e_cksum, e_hash); } else if (xmlStrEqual(name, (const xmlChar *)""encoding"") && xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { xmlChar * style = xmlTextReaderGetAttribute(reader, (const xmlChar *)""style""); if (style == NULL) { cli_dbgmsg(""cli_scaxar: xmlTextReaderGetAttribute no style attribute "" ""for encoding element\n""); *encoding = CL_TYPE_ANY; } else if (xmlStrEqual(style, (const xmlChar *)""application/x-gzip"")) { cli_dbgmsg(""cli_scanxar: encoding = application/x-gzip.\n""); *encoding = CL_TYPE_GZ; } else if (xmlStrEqual(style, (const xmlChar *)""application/octet-stream"")) { cli_dbgmsg(""cli_scanxar: encoding = application/octet-stream.\n""); *encoding = CL_TYPE_ANY; } else if (xmlStrEqual(style, (const xmlChar *)""application/x-bzip2"")) { cli_dbgmsg(""cli_scanxar: encoding = application/x-bzip2.\n""); *encoding = CL_TYPE_BZ; } else if (xmlStrEqual(style, (const xmlChar *)""application/x-lzma"")) { cli_dbgmsg(""cli_scanxar: encoding = application/x-lzma.\n""); *encoding = CL_TYPE_7Z; } else if (xmlStrEqual(style, (const xmlChar *)""application/x-xz"")) { cli_dbgmsg(""cli_scanxar: encoding = application/x-xz.\n""); *encoding = CL_TYPE_XZ; } else { cli_dbgmsg(""cli_scaxar: unknown style value=%s for encoding element\n"", style); *encoding = CL_TYPE_ANY; } if (style != NULL) xmlFree(style); } else if (indata && xmlStrEqual(name, (const xmlChar *)""data"") && xmlTextReaderNodeType(reader) == XML_READER_TYPE_END_ELEMENT) { break; } else if (inea && xmlStrEqual(name, (const xmlChar *)""ea"") && xmlTextReaderNodeType(reader) == XML_READER_TYPE_END_ELEMENT) { break; } } else { if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { if (xmlStrEqual(name, (const xmlChar *)""data"")) { cli_dbgmsg(""cli_scanxar: xmlTextReaderRead read \n""); indata = 1; } else if (xmlStrEqual(name, (const xmlChar *)""ea"")) { cli_dbgmsg(""cli_scanxar: xmlTextReaderRead read \n""); inea = 1; } } else if ((xmlTextReaderNodeType(reader) == XML_READER_TYPE_END_ELEMENT) && xmlStrEqual(name, (const xmlChar *)""xar"")) { cli_dbgmsg(""cli_scanxar: finished parsing xar TOC.\n""); break; } } rc = xmlTextReaderRead(reader); } if (gotoffset && gotlength && gotsize) { rc = CL_SUCCESS; } else if (0 == gotoffset + gotlength + gotsize) rc = CL_BREAK; else rc = CL_EFORMAT; return rc; }",visit repo url,libclamav/xar.c,https://github.com/Cisco-Talos/clamav-devel,189640372903992,1 1693,[],"void wake_up_idle_cpu(int cpu) { struct rq *rq = cpu_rq(cpu); if (cpu == smp_processor_id()) return; if (rq->curr != rq->idle) return; set_tsk_thread_flag(rq->idle, TIF_NEED_RESCHED); smp_mb(); if (!tsk_is_polling(rq->idle)) smp_send_reschedule(cpu); }",linux-2.6,,,252291645404808526445970335327310342205,0 701,[],"int jpc_getuint32(jas_stream_t *in, uint_fast32_t *val) { uint_fast32_t v; int c; if ((c = jas_stream_getc(in)) == EOF) { return -1; } v = c; if ((c = jas_stream_getc(in)) == EOF) { return -1; } v = (v << 8) | c; if ((c = jas_stream_getc(in)) == EOF) { return -1; } v = (v << 8) | c; if ((c = jas_stream_getc(in)) == EOF) { return -1; } v = (v << 8) | c; if (val) { *val = v; } return 0; }",jasper,,,5068494328539396735571883424007127798,0 4193,CWE-20,"main (int argc, char **argv) { mode_t old_umask; cleanup_free char *base_path = NULL; int clone_flags; char *old_cwd = NULL; pid_t pid; int event_fd = -1; int child_wait_fd = -1; int setup_finished_pipe[] = {-1, -1}; const char *new_cwd; uid_t ns_uid; gid_t ns_gid; struct stat sbuf; uint64_t val; int res UNUSED; cleanup_free char *seccomp_data = NULL; size_t seccomp_len; struct sock_fprog seccomp_prog; cleanup_free char *args_data = NULL; if (argc == 2 && (strcmp (argv[1], ""--version"") == 0)) print_version_and_exit (); real_uid = getuid (); real_gid = getgid (); acquire_privs (); if (prctl (PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) die_with_error (""prctl(PR_SET_NO_NEW_CAPS) failed""); read_overflowids (); argv0 = argv[0]; if (isatty (1)) host_tty_dev = ttyname (1); argv++; argc--; if (argc == 0) usage (EXIT_FAILURE, stderr); parse_args (&argc, (const char ***) &argv); args_data = opt_args_data; opt_args_data = NULL; if ((requested_caps[0] || requested_caps[1]) && is_privileged) die (""--cap-add in setuid mode can be used only by root""); if (opt_userns_block_fd != -1 && !opt_unshare_user) die (""--userns-block-fd requires --unshare-user""); if (opt_userns_block_fd != -1 && opt_info_fd == -1) die (""--userns-block-fd requires --info-fd""); if (!is_privileged && getuid () != 0) opt_unshare_user = TRUE; #ifdef ENABLE_REQUIRE_USERNS if (is_privileged && getuid () != 0) opt_unshare_user = TRUE; #endif if (opt_unshare_user_try && stat (""/proc/self/ns/user"", &sbuf) == 0) { bool disabled = FALSE; if (stat (""/sys/module/user_namespace/parameters/enable"", &sbuf) == 0) { cleanup_free char *enable = NULL; enable = load_file_at (AT_FDCWD, ""/sys/module/user_namespace/parameters/enable""); if (enable != NULL && enable[0] == 'N') disabled = TRUE; } if (stat (""/proc/sys/user/max_user_namespaces"", &sbuf) == 0) { cleanup_free char *max_user_ns = NULL; max_user_ns = load_file_at (AT_FDCWD, ""/proc/sys/user/max_user_namespaces""); if (max_user_ns != NULL && strcmp(max_user_ns, ""0\n"") == 0) disabled = TRUE; } if (!disabled) opt_unshare_user = TRUE; } if (argc == 0) usage (EXIT_FAILURE, stderr); __debug__ ((""Creating root mount point\n"")); if (opt_sandbox_uid == -1) opt_sandbox_uid = real_uid; if (opt_sandbox_gid == -1) opt_sandbox_gid = real_gid; if (!opt_unshare_user && opt_sandbox_uid != real_uid) die (""Specifying --uid requires --unshare-user""); if (!opt_unshare_user && opt_sandbox_gid != real_gid) die (""Specifying --gid requires --unshare-user""); if (!opt_unshare_uts && opt_sandbox_hostname != NULL) die (""Specifying --hostname requires --unshare-uts""); if (opt_as_pid_1 && !opt_unshare_pid) die (""Specifying --as-pid-1 requires --unshare-pid""); if (opt_as_pid_1 && lock_files != NULL) die (""Specifying --as-pid-1 and --lock-file is not permitted""); proc_fd = open (""/proc"", O_PATH); if (proc_fd == -1) die_with_error (""Can't open /proc""); base_path = xasprintf (""/run/user/%d/.bubblewrap"", real_uid); if (ensure_dir (base_path, 0755)) { free (base_path); base_path = xasprintf (""/tmp/.bubblewrap-%d"", real_uid); if (ensure_dir (base_path, 0755)) die_with_error (""Creating root mountpoint failed""); } __debug__ ((""creating new namespace\n"")); if (opt_unshare_pid && !opt_as_pid_1) { event_fd = eventfd (0, EFD_CLOEXEC | EFD_NONBLOCK); if (event_fd == -1) die_with_error (""eventfd()""); } block_sigchild (); clone_flags = SIGCHLD | CLONE_NEWNS; if (opt_unshare_user) clone_flags |= CLONE_NEWUSER; if (opt_unshare_pid) clone_flags |= CLONE_NEWPID; if (opt_unshare_net) clone_flags |= CLONE_NEWNET; if (opt_unshare_ipc) clone_flags |= CLONE_NEWIPC; if (opt_unshare_uts) clone_flags |= CLONE_NEWUTS; if (opt_unshare_cgroup) { if (stat (""/proc/self/ns/cgroup"", &sbuf)) { if (errno == ENOENT) die (""Cannot create new cgroup namespace because the kernel does not support it""); else die_with_error (""stat on /proc/self/ns/cgroup failed""); } clone_flags |= CLONE_NEWCGROUP; } if (opt_unshare_cgroup_try) if (!stat (""/proc/self/ns/cgroup"", &sbuf)) clone_flags |= CLONE_NEWCGROUP; child_wait_fd = eventfd (0, EFD_CLOEXEC); if (child_wait_fd == -1) die_with_error (""eventfd()""); if (opt_json_status_fd != -1) { int ret; ret = pipe2 (setup_finished_pipe, O_CLOEXEC); if (ret == -1) die_with_error (""pipe2()""); } pid = raw_clone (clone_flags, NULL); if (pid == -1) { if (opt_unshare_user) { if (errno == EINVAL) die (""Creating new namespace failed, likely because the kernel does not support user namespaces. bwrap must be installed setuid on such systems.""); else if (errno == EPERM && !is_privileged) die (""No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.""); } die_with_error (""Creating new namespace failed""); } ns_uid = opt_sandbox_uid; ns_gid = opt_sandbox_gid; if (pid != 0) { if (is_privileged && opt_unshare_user && opt_userns_block_fd == -1) { write_uid_gid_map (ns_uid, real_uid, ns_gid, real_gid, pid, TRUE, opt_needs_devpts); } drop_privs (FALSE); handle_die_with_parent (); if (opt_info_fd != -1) { cleanup_free char *output = xasprintf (""{\n \""child-pid\"": %i\n}\n"", pid); dump_info (opt_info_fd, output, TRUE); close (opt_info_fd); } if (opt_json_status_fd != -1) { cleanup_free char *output = xasprintf (""{ \""child-pid\"": %i }\n"", pid); dump_info (opt_json_status_fd, output, TRUE); } if (opt_userns_block_fd != -1) { char b[1]; (void) TEMP_FAILURE_RETRY (read (opt_userns_block_fd, b, 1)); close (opt_userns_block_fd); } val = 1; res = write (child_wait_fd, &val, 8); close (child_wait_fd); return monitor_child (event_fd, pid, setup_finished_pipe[0]); } if (opt_info_fd != -1) close (opt_info_fd); if (opt_json_status_fd != -1) close (opt_json_status_fd); res = read (child_wait_fd, &val, 8); close (child_wait_fd); switch_to_user_with_privs (); if (opt_unshare_net) loopback_setup (); ns_uid = opt_sandbox_uid; ns_gid = opt_sandbox_gid; if (!is_privileged && opt_unshare_user && opt_userns_block_fd == -1) { if (opt_needs_devpts) { ns_uid = 0; ns_gid = 0; } write_uid_gid_map (ns_uid, real_uid, ns_gid, real_gid, -1, TRUE, FALSE); } old_umask = umask (0); resolve_symlinks_in_ops (); if (mount (NULL, ""/"", NULL, MS_SLAVE | MS_REC, NULL) < 0) die_with_error (""Failed to make / slave""); if (mount (""tmpfs"", base_path, ""tmpfs"", MS_NODEV | MS_NOSUID, NULL) != 0) die_with_error (""Failed to mount tmpfs""); old_cwd = get_current_dir_name (); if (chdir (base_path) != 0) die_with_error (""chdir base_path""); if (mkdir (""newroot"", 0755)) die_with_error (""Creating newroot failed""); if (mount (""newroot"", ""newroot"", NULL, MS_MGC_VAL | MS_BIND | MS_REC, NULL) < 0) die_with_error (""setting up newroot bind""); if (mkdir (""oldroot"", 0755)) die_with_error (""Creating oldroot failed""); if (pivot_root (base_path, ""oldroot"")) die_with_error (""pivot_root""); if (chdir (""/"") != 0) die_with_error (""chdir / (base path)""); if (is_privileged) { pid_t child; int privsep_sockets[2]; if (socketpair (AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, privsep_sockets) != 0) die_with_error (""Can't create privsep socket""); child = fork (); if (child == -1) die_with_error (""Can't fork unprivileged helper""); if (child == 0) { drop_privs (FALSE); close (privsep_sockets[0]); setup_newroot (opt_unshare_pid, privsep_sockets[1]); exit (0); } else { int status; uint32_t buffer[2048]; uint32_t op, flags; const char *arg1, *arg2; cleanup_fd int unpriv_socket = -1; unpriv_socket = privsep_sockets[0]; close (privsep_sockets[1]); do { op = read_priv_sec_op (unpriv_socket, buffer, sizeof (buffer), &flags, &arg1, &arg2); privileged_op (-1, op, flags, arg1, arg2); if (write (unpriv_socket, buffer, 1) != 1) die (""Can't write to op_socket""); } while (op != PRIV_SEP_OP_DONE); waitpid (child, &status, 0); } } else { setup_newroot (opt_unshare_pid, -1); } close_ops_fd (); if (mount (""oldroot"", ""oldroot"", NULL, MS_REC | MS_PRIVATE, NULL) != 0) die_with_error (""Failed to make old root rprivate""); if (umount2 (""oldroot"", MNT_DETACH)) die_with_error (""unmount old root""); { cleanup_fd int oldrootfd = open (""/"", O_DIRECTORY | O_RDONLY); if (oldrootfd < 0) die_with_error (""can't open /""); if (chdir (""/newroot"") != 0) die_with_error (""chdir /newroot""); if (pivot_root (""."", ""."") != 0) die_with_error (""pivot_root(/newroot)""); if (fchdir (oldrootfd) < 0) die_with_error (""fchdir to oldroot""); if (umount2 (""."", MNT_DETACH) < 0) die_with_error (""umount old root""); if (chdir (""/"") != 0) die_with_error (""chdir /""); } if (opt_unshare_user && (ns_uid != opt_sandbox_uid || ns_gid != opt_sandbox_gid) && opt_userns_block_fd == -1) { if (unshare (CLONE_NEWUSER)) die_with_error (""unshare user ns""); write_uid_gid_map (opt_sandbox_uid, ns_uid, opt_sandbox_gid, ns_gid, -1, FALSE, FALSE); } drop_privs (!is_privileged); if (opt_block_fd != -1) { char b[1]; (void) TEMP_FAILURE_RETRY (read (opt_block_fd, b, 1)); close (opt_block_fd); } if (opt_seccomp_fd != -1) { seccomp_data = load_file_data (opt_seccomp_fd, &seccomp_len); if (seccomp_data == NULL) die_with_error (""Can't read seccomp data""); if (seccomp_len % 8 != 0) die (""Invalid seccomp data, must be multiple of 8""); seccomp_prog.len = seccomp_len / 8; seccomp_prog.filter = (struct sock_filter *) seccomp_data; close (opt_seccomp_fd); } umask (old_umask); new_cwd = ""/""; if (opt_chdir_path) { if (chdir (opt_chdir_path)) die_with_error (""Can't chdir to %s"", opt_chdir_path); new_cwd = opt_chdir_path; } else if (chdir (old_cwd) == 0) { new_cwd = old_cwd; } else { const char *home = getenv (""HOME""); if (home != NULL && chdir (home) == 0) new_cwd = home; } xsetenv (""PWD"", new_cwd, 1); free (old_cwd); if (opt_new_session && setsid () == (pid_t) -1) die_with_error (""setsid""); if (label_exec (opt_exec_label) == -1) die_with_error (""label_exec %s"", argv[0]); __debug__ ((""forking for child\n"")); if (!opt_as_pid_1 && (opt_unshare_pid || lock_files != NULL || opt_sync_fd != -1)) { pid = fork (); if (pid == -1) die_with_error (""Can't fork for pid 1""); if (pid != 0) { drop_all_caps (FALSE); { int dont_close[3]; int j = 0; if (event_fd != -1) dont_close[j++] = event_fd; if (opt_sync_fd != -1) dont_close[j++] = opt_sync_fd; dont_close[j++] = -1; fdwalk (proc_fd, close_extra_fds, dont_close); } return do_init (event_fd, pid, seccomp_data != NULL ? &seccomp_prog : NULL); } } __debug__ ((""launch executable %s\n"", argv[0])); if (proc_fd != -1) close (proc_fd); if (!opt_as_pid_1) { if (opt_sync_fd != -1) close (opt_sync_fd); } unblock_sigchild (); handle_die_with_parent (); if (!is_privileged) set_ambient_capabilities (); if (seccomp_data != NULL && prctl (PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &seccomp_prog) != 0) die_with_error (""prctl(PR_SET_SECCOMP)""); if (setup_finished_pipe[1] != -1) { char data = 0; res = write_to_fd (setup_finished_pipe[1], &data, 1); } if (execvp (argv[0], argv) == -1) { if (setup_finished_pipe[1] != -1) { int saved_errno = errno; char data = 0; res = write_to_fd (setup_finished_pipe[1], &data, 1); errno = saved_errno; } die_with_error (""execvp %s"", argv[0]); } return 0; }",visit repo url,bubblewrap.c,https://github.com/projectatomic/bubblewrap,241629604934540,1 14,NVD-CWE-Other,"krb5_gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name, lifetime_rec, mech_type, ret_flags, locally_initiated, opened) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_name_t *initiator_name; gss_name_t *acceptor_name; OM_uint32 *lifetime_rec; gss_OID *mech_type; OM_uint32 *ret_flags; int *locally_initiated; int *opened; { krb5_context context; krb5_error_code code; krb5_gss_ctx_id_rec *ctx; krb5_gss_name_t initiator, acceptor; krb5_timestamp now; krb5_deltat lifetime; if (initiator_name) *initiator_name = (gss_name_t) NULL; if (acceptor_name) *acceptor_name = (gss_name_t) NULL; ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { *minor_status = KG_CTX_INCOMPLETE; return(GSS_S_NO_CONTEXT); } initiator = NULL; acceptor = NULL; context = ctx->k5_context; if ((code = krb5_timeofday(context, &now))) { *minor_status = code; save_error_info(*minor_status, context); return(GSS_S_FAILURE); } if ((lifetime = ctx->krb_times.endtime - now) < 0) lifetime = 0; if (initiator_name) { if ((code = kg_duplicate_name(context, ctx->initiate ? ctx->here : ctx->there, &initiator))) { *minor_status = code; save_error_info(*minor_status, context); return(GSS_S_FAILURE); } } if (acceptor_name) { if ((code = kg_duplicate_name(context, ctx->initiate ? ctx->there : ctx->here, &acceptor))) { if (initiator) kg_release_name(context, &initiator); *minor_status = code; save_error_info(*minor_status, context); return(GSS_S_FAILURE); } } if (initiator_name) *initiator_name = (gss_name_t) initiator; if (acceptor_name) *acceptor_name = (gss_name_t) acceptor; if (lifetime_rec) *lifetime_rec = lifetime; if (mech_type) *mech_type = (gss_OID) ctx->mech_used; if (ret_flags) *ret_flags = ctx->gss_flags; if (locally_initiated) *locally_initiated = ctx->initiate; if (opened) *opened = ctx->established; *minor_status = 0; return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE); }",visit repo url,src/lib/gssapi/krb5/inq_context.c,https://github.com/krb5/krb5,28786178769129,1 1210,['CWE-20'],"CairoFont::getGlyph(CharCode code, Unicode *u, int uLen) { FT_UInt gid; if (codeToGID && code < codeToGIDLen) { gid = (FT_UInt)codeToGID[code]; } else { gid = (FT_UInt)code; } return gid; }",poppler,,,324412137948543614768303107516644166414,0 2626,[],"static void sctp_unhash(struct sock *sk) { }",linux-2.6,,,48842436698641437278992504038772641066,0 568,CWE-264,"asmlinkage int arm_syscall(int no, struct pt_regs *regs) { struct thread_info *thread = current_thread_info(); siginfo_t info; if ((no >> 16) != (__ARM_NR_BASE>> 16)) return bad_syscall(no, regs); switch (no & 0xffff) { case 0: info.si_signo = SIGSEGV; info.si_errno = 0; info.si_code = SEGV_MAPERR; info.si_addr = NULL; arm_notify_die(""branch through zero"", regs, &info, 0, 0); return 0; case NR(breakpoint): regs->ARM_pc -= thumb_mode(regs) ? 2 : 4; ptrace_break(current, regs); return regs->ARM_r0; case NR(cacheflush): return do_cache_op(regs->ARM_r0, regs->ARM_r1, regs->ARM_r2); case NR(usr26): if (!(elf_hwcap & HWCAP_26BIT)) break; regs->ARM_cpsr &= ~MODE32_BIT; return regs->ARM_r0; case NR(usr32): if (!(elf_hwcap & HWCAP_26BIT)) break; regs->ARM_cpsr |= MODE32_BIT; return regs->ARM_r0; case NR(set_tls): thread->tp_value = regs->ARM_r0; if (tls_emu) return 0; if (has_tls_reg) { asm (""mcr p15, 0, %0, c13, c0, 3"" : : ""r"" (regs->ARM_r0)); } else { *((unsigned int *)0xffff0ff0) = regs->ARM_r0; } return 0; #ifdef CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG case NR(cmpxchg): for (;;) { extern void do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs); unsigned long val; unsigned long addr = regs->ARM_r2; struct mm_struct *mm = current->mm; pgd_t *pgd; pmd_t *pmd; pte_t *pte; spinlock_t *ptl; regs->ARM_cpsr &= ~PSR_C_BIT; down_read(&mm->mmap_sem); pgd = pgd_offset(mm, addr); if (!pgd_present(*pgd)) goto bad_access; pmd = pmd_offset(pgd, addr); if (!pmd_present(*pmd)) goto bad_access; pte = pte_offset_map_lock(mm, pmd, addr, &ptl); if (!pte_present(*pte) || !pte_write(*pte) || !pte_dirty(*pte)) { pte_unmap_unlock(pte, ptl); goto bad_access; } val = *(unsigned long *)addr; val -= regs->ARM_r0; if (val == 0) { *(unsigned long *)addr = regs->ARM_r1; regs->ARM_cpsr |= PSR_C_BIT; } pte_unmap_unlock(pte, ptl); up_read(&mm->mmap_sem); return val; bad_access: up_read(&mm->mmap_sem); do_DataAbort(addr, 15 + (1 << 11), regs); } #endif default: if ((no & 0xffff) <= 0x7ff) return -ENOSYS; break; } #ifdef CONFIG_DEBUG_USER if (user_debug & UDBG_SYSCALL) { printk(""[%d] %s: arm syscall %d\n"", task_pid_nr(current), current->comm, no); dump_instr("""", regs); if (user_mode(regs)) { __show_regs(regs); c_backtrace(regs->ARM_fp, processor_mode(regs)); } } #endif info.si_signo = SIGILL; info.si_errno = 0; info.si_code = ILL_ILLTRP; info.si_addr = (void __user *)instruction_pointer(regs) - (thumb_mode(regs) ? 2 : 4); arm_notify_die(""Oops - bad syscall(2)"", regs, &info, no, 0); return 0; }",visit repo url,arch/arm/kernel/traps.c,https://github.com/torvalds/linux,190068224995058,1 5566,CWE-125,"obj2ast_mod(PyObject* obj, mod_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; if (obj == Py_None) { *out = NULL; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Module_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; asdl_seq* type_ignores; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Module field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Module field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Module""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_type_ignores)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_type_ignores); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Module field \""type_ignores\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); type_ignores = _Ta3_asdl_seq_new(len, arena); if (type_ignores == NULL) goto failed; for (i = 0; i < len; i++) { type_ignore_ty value; res = obj2ast_type_ignore(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Module field \""type_ignores\"" changed size during iteration""); goto failed; } asdl_seq_SET(type_ignores, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""type_ignores\"" missing from Module""); return 1; } *out = Module(body, type_ignores, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Interactive_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Interactive field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Interactive field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Interactive""); return 1; } *out = Interactive(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Expression_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty body; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &body, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Expression""); return 1; } *out = Expression(body, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)FunctionType_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* argtypes; expr_ty returns; if (_PyObject_HasAttrId(obj, &PyId_argtypes)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_argtypes); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionType field \""argtypes\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); argtypes = _Ta3_asdl_seq_new(len, arena); if (argtypes == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionType field \""argtypes\"" changed size during iteration""); goto failed; } asdl_seq_SET(argtypes, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""argtypes\"" missing from FunctionType""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_returns)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_returns); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""returns\"" missing from FunctionType""); return 1; } *out = FunctionType(argtypes, returns, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Suite_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Suite field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Suite field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Suite""); return 1; } *out = Suite(body, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of mod, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,245161245447634,1 6255,CWE-190,"static void rand_hash(uint8_t *out, int out_len, uint8_t *in, int in_len) { uint32_t j = util_conv_big(8 * out_len); int len = RLC_CEIL(out_len, RLC_MD_LEN); uint8_t* buf = RLC_ALLOCA(uint8_t, 1 + sizeof(uint32_t) + in_len); uint8_t hash[RLC_MD_LEN]; if (buf == NULL) { RLC_THROW(ERR_NO_MEMORY); return; } buf[0] = 1; memcpy(buf + 1, &j, sizeof(uint32_t)); memcpy(buf + 1 + sizeof(uint32_t), in, in_len); for (int i = 0; i < len; i++) { md_map(hash, buf, 1 + sizeof(uint32_t) + in_len); memcpy(out, hash, RLC_MIN(RLC_MD_LEN, out_len)); out += RLC_MD_LEN; out_len -= RLC_MD_LEN; buf[0]++; } RLC_FREE(buf); }",visit repo url,src/rand/relic_rand_hashd.c,https://github.com/relic-toolkit/relic,126082625370899,1 1311,['CWE-119'],"static unsigned char asn1_null_decode(struct asn1_ctx *ctx, unsigned char *eoc) { ctx->pointer = eoc; return 1; }",linux-2.6,,,77464281990344425542125552167890396590,0 5377,['CWE-476'],"int kvm_emulate_pio(struct kvm_vcpu *vcpu, struct kvm_run *run, int in, int size, unsigned port) { struct kvm_io_device *pio_dev; unsigned long val; vcpu->run->exit_reason = KVM_EXIT_IO; vcpu->run->io.direction = in ? KVM_EXIT_IO_IN : KVM_EXIT_IO_OUT; vcpu->run->io.size = vcpu->arch.pio.size = size; vcpu->run->io.data_offset = KVM_PIO_PAGE_OFFSET * PAGE_SIZE; vcpu->run->io.count = vcpu->arch.pio.count = vcpu->arch.pio.cur_count = 1; vcpu->run->io.port = vcpu->arch.pio.port = port; vcpu->arch.pio.in = in; vcpu->arch.pio.string = 0; vcpu->arch.pio.down = 0; vcpu->arch.pio.rep = 0; if (vcpu->run->io.direction == KVM_EXIT_IO_IN) KVMTRACE_2D(IO_READ, vcpu, vcpu->run->io.port, (u32)size, handler); else KVMTRACE_2D(IO_WRITE, vcpu, vcpu->run->io.port, (u32)size, handler); val = kvm_register_read(vcpu, VCPU_REGS_RAX); memcpy(vcpu->arch.pio_data, &val, 4); pio_dev = vcpu_find_pio_dev(vcpu, port, size, !in); if (pio_dev) { kernel_pio(pio_dev, vcpu, vcpu->arch.pio_data); complete_pio(vcpu); return 1; } return 0; }",linux-2.6,,,9018142222977440161140558760847332954,0 5378,['CWE-476'],"static int get_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) { u64 *p = (u64 *)&vcpu->arch.mtrr_state.fixed_ranges; if (!msr_mtrr_valid(msr)) return 1; if (msr == MSR_MTRRdefType) *pdata = vcpu->arch.mtrr_state.def_type + (vcpu->arch.mtrr_state.enabled << 10); else if (msr == MSR_MTRRfix64K_00000) *pdata = p[0]; else if (msr == MSR_MTRRfix16K_80000 || msr == MSR_MTRRfix16K_A0000) *pdata = p[1 + msr - MSR_MTRRfix16K_80000]; else if (msr >= MSR_MTRRfix4K_C0000 && msr <= MSR_MTRRfix4K_F8000) *pdata = p[3 + msr - MSR_MTRRfix4K_C0000]; else if (msr == MSR_IA32_CR_PAT) *pdata = vcpu->arch.pat; else { int idx, is_mtrr_mask; u64 *pt; idx = (msr - 0x200) / 2; is_mtrr_mask = msr - 0x200 - 2 * idx; if (!is_mtrr_mask) pt = (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].base_lo; else pt = (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].mask_lo; *pdata = *pt; } return 0; }",linux-2.6,,,219110547569917795529706421973388150981,0 5974,['CWE-200'],"int __init if6_proc_init(void) { if (!proc_net_fops_create(""if_inet6"", S_IRUGO, &if6_fops)) return -ENOMEM; return 0; }",linux-2.6,,,6063040668258375169224750783622691818,0 6498,CWE-787,"void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE CHECK_STATE(encryptedPrivateKey); CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_y); RANDOM_CHAR_BUF(rand_char, 32); mpz_t seed; mpz_init(seed); mpz_t skey; mpz_init(skey); point Pkey = point_init(); mpz_import(seed, 32, 1, sizeof(rand_char[0]), 0, 0, rand_char); mpz_mod(skey, seed, curve->p); signature_extract_public_key(Pkey, skey, curve); SAFE_CHAR_BUF(arr_x, BUF_LEN); mpz_get_str(arr_x, ECDSA_SKEY_BASE, Pkey->x); int n_zeroes = 64 - strlen(arr_x); for (int i = 0; i < n_zeroes; i++) { pub_key_x[i] = '0'; } strncpy(pub_key_x + n_zeroes, arr_x, 1024 - n_zeroes); SAFE_CHAR_BUF(arr_y, BUF_LEN); mpz_get_str(arr_y, ECDSA_SKEY_BASE, Pkey->y); n_zeroes = 64 - strlen(arr_y); for (int i = 0; i < n_zeroes; i++) { pub_key_y[i] = '0'; } strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes); SAFE_CHAR_BUF(skey_str, ECDSA_SKEY_LEN);SAFE_CHAR_BUF(arr_skey_str, mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2); mpz_get_str(arr_skey_str, ECDSA_SKEY_BASE, skey); n_zeroes = 64 - strlen(arr_skey_str); for (int i = 0; i < n_zeroes; i++) { skey_str[i] = '0'; } strncpy(skey_str + n_zeroes, arr_skey_str, 65 - n_zeroes); skey_str[ECDSA_SKEY_LEN - 1] = 0; snprintf(errString, BUF_LEN, ""skey len is %d\n"", (int) strlen(skey_str)); int status = AES_encrypt((char *) skey_str, encryptedPrivateKey, BUF_LEN); CHECK_STATUS(""ecdsa private key encryption failed""); *enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; status = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN); CHECK_STATUS2(""ecdsa private key decr failed with status %d""); SET_SUCCESS clean: mpz_clear(seed); mpz_clear(skey); point_clear(Pkey); LOG_INFO(__FUNCTION__ ); LOG_INFO(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,174565080509053,1 5297,CWE-190,"TEE_Result syscall_asymm_operate(unsigned long state, const struct utee_attribute *usr_params, size_t num_params, const void *src_data, size_t src_len, void *dst_data, uint64_t *dst_len) { TEE_Result res; struct tee_cryp_state *cs; struct tee_ta_session *sess; uint64_t dlen64; size_t dlen; struct tee_obj *o; void *label = NULL; size_t label_len = 0; size_t n; int salt_len; TEE_Attribute *params = NULL; struct user_ta_ctx *utc; res = tee_ta_get_current_session(&sess); if (res != TEE_SUCCESS) return res; utc = to_user_ta_ctx(sess->ctx); res = tee_svc_cryp_get_state(sess, tee_svc_uref_to_vaddr(state), &cs); if (res != TEE_SUCCESS) return res; res = tee_mmu_check_access_rights( utc, TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, (uaddr_t) src_data, src_len); if (res != TEE_SUCCESS) return res; res = tee_svc_copy_from_user(&dlen64, dst_len, sizeof(dlen64)); if (res != TEE_SUCCESS) return res; dlen = dlen64; res = tee_mmu_check_access_rights( utc, TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_WRITE | TEE_MEMORY_ACCESS_ANY_OWNER, (uaddr_t) dst_data, dlen); if (res != TEE_SUCCESS) return res; params = malloc(sizeof(TEE_Attribute) * num_params); if (!params) return TEE_ERROR_OUT_OF_MEMORY; res = copy_in_attrs(utc, usr_params, num_params, params); if (res != TEE_SUCCESS) goto out; res = tee_obj_get(utc, cs->key1, &o); if (res != TEE_SUCCESS) goto out; if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) == 0) { res = TEE_ERROR_GENERIC; goto out; } switch (cs->algo) { case TEE_ALG_RSA_NOPAD: if (cs->mode == TEE_MODE_ENCRYPT) { res = crypto_acipher_rsanopad_encrypt(o->attr, src_data, src_len, dst_data, &dlen); } else if (cs->mode == TEE_MODE_DECRYPT) { res = crypto_acipher_rsanopad_decrypt(o->attr, src_data, src_len, dst_data, &dlen); } else { res = TEE_ERROR_GENERIC; } break; case TEE_ALG_RSAES_PKCS1_V1_5: case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA1: case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA224: case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA256: case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA384: case TEE_ALG_RSAES_PKCS1_OAEP_MGF1_SHA512: for (n = 0; n < num_params; n++) { if (params[n].attributeID == TEE_ATTR_RSA_OAEP_LABEL) { label = params[n].content.ref.buffer; label_len = params[n].content.ref.length; break; } } if (cs->mode == TEE_MODE_ENCRYPT) { res = crypto_acipher_rsaes_encrypt(cs->algo, o->attr, label, label_len, src_data, src_len, dst_data, &dlen); } else if (cs->mode == TEE_MODE_DECRYPT) { res = crypto_acipher_rsaes_decrypt( cs->algo, o->attr, label, label_len, src_data, src_len, dst_data, &dlen); } else { res = TEE_ERROR_BAD_PARAMETERS; } break; #if defined(CFG_CRYPTO_RSASSA_NA1) case TEE_ALG_RSASSA_PKCS1_V1_5: #endif case TEE_ALG_RSASSA_PKCS1_V1_5_MD5: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA1: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA224: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA256: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA384: case TEE_ALG_RSASSA_PKCS1_V1_5_SHA512: case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA1: case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA224: case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256: case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA384: case TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA512: if (cs->mode != TEE_MODE_SIGN) { res = TEE_ERROR_BAD_PARAMETERS; break; } salt_len = pkcs1_get_salt_len(params, num_params, src_len); res = crypto_acipher_rsassa_sign(cs->algo, o->attr, salt_len, src_data, src_len, dst_data, &dlen); break; case TEE_ALG_DSA_SHA1: case TEE_ALG_DSA_SHA224: case TEE_ALG_DSA_SHA256: res = crypto_acipher_dsa_sign(cs->algo, o->attr, src_data, src_len, dst_data, &dlen); break; case TEE_ALG_ECDSA_P192: case TEE_ALG_ECDSA_P224: case TEE_ALG_ECDSA_P256: case TEE_ALG_ECDSA_P384: case TEE_ALG_ECDSA_P521: res = crypto_acipher_ecc_sign(cs->algo, o->attr, src_data, src_len, dst_data, &dlen); break; default: res = TEE_ERROR_BAD_PARAMETERS; break; } out: free(params); if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) { TEE_Result res2; dlen64 = dlen; res2 = tee_svc_copy_to_user(dst_len, &dlen64, sizeof(*dst_len)); if (res2 != TEE_SUCCESS) return res2; } return res; }",visit repo url,core/tee/tee_svc_cryp.c,https://github.com/OP-TEE/optee_os,27344130122756,1 3424,CWE-119,"void traverse_commit_list(struct rev_info *revs, show_commit_fn show_commit, show_object_fn show_object, void *data) { int i; struct commit *commit; struct strbuf base; strbuf_init(&base, PATH_MAX); while ((commit = get_revision(revs)) != NULL) { if (commit->tree) add_pending_tree(revs, commit->tree); show_commit(commit, data); } for (i = 0; i < revs->pending.nr; i++) { struct object_array_entry *pending = revs->pending.objects + i; struct object *obj = pending->item; const char *name = pending->name; const char *path = pending->path; if (obj->flags & (UNINTERESTING | SEEN)) continue; if (obj->type == OBJ_TAG) { obj->flags |= SEEN; show_object(obj, NULL, name, data); continue; } if (!path) path = """"; if (obj->type == OBJ_TREE) { process_tree(revs, (struct tree *)obj, show_object, &base, path, data); continue; } if (obj->type == OBJ_BLOB) { process_blob(revs, (struct blob *)obj, show_object, NULL, path, data); continue; } die(""unknown pending object %s (%s)"", oid_to_hex(&obj->oid), name); } object_array_clear(&revs->pending); strbuf_release(&base); }",visit repo url,list-objects.c,https://github.com/git/git,254327483000851,1 4776,CWE-119,"static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) { muscle_private_t* priv = MUSCLE_DATA(card); mscfs_t *fs = priv->fs; int x; int count = 0; mscfs_check_cache(priv->fs); for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ""FILE: %02X%02X%02X%02X\n"", oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; if(buf[0] == 0x00 && buf[1] == 0x00) continue; buf += 2; count+=2; } } return count; }",visit repo url,src/libopensc/card-muscle.c,https://github.com/OpenSC/OpenSC,15195210024435,1 465,CWE-20,"static void dns_resolver_describe(const struct key *key, struct seq_file *m) { seq_puts(m, key->description); if (key_is_instantiated(key)) { int err = PTR_ERR(key->payload.data[dns_key_error]); if (err) seq_printf(m, "": %d"", err); else seq_printf(m, "": %u"", key->datalen); } }",visit repo url,net/dns_resolver/dns_key.c,https://github.com/torvalds/linux,68314461793690,1 5440,CWE-20,"void svhandler_flash_pgm_word(void) { uint32_t dst = _param_1; uint32_t src = _param_2; if ((dst >= BSTRP_FLASH_SECT_START) && (dst <= (BSTRP_FLASH_SECT_START + BSTRP_FLASH_SECT_LEN))) { return; } if ((dst >= BLDR_FLASH_SECT_START) && (dst <= (BLDR_FLASH_SECT_START + 2 * BLDR_FLASH_SECT_LEN))) { return; } flash_clear_status_flags(); flash_unlock(); flash_program_word(dst, src); _param_1 = !!flash_chk_status(); _param_2 = 0; _param_3 = 0; flash_wait_for_last_operation(); FLASH_CR &= ~FLASH_CR_PG; FLASH_CR |= FLASH_CR_LOCK; }",visit repo url,lib/board/supervise.c,https://github.com/keepkey/keepkey-firmware,152498303447939,1 2694,CWE-190,"static void spl_filesystem_tree_it_rewind(zend_object_iterator *iter TSRMLS_DC) { spl_filesystem_iterator *iterator = (spl_filesystem_iterator *)iter; spl_filesystem_object *object = spl_filesystem_iterator_to_object(iterator); object->u.dir.index = 0; if (object->u.dir.dirp) { php_stream_rewinddir(object->u.dir.dirp); } do { spl_filesystem_dir_read(object TSRMLS_CC); } while (spl_filesystem_is_dot(object->u.dir.entry.d_name)); if (iterator->current) { zval_ptr_dtor(&iterator->current); iterator->current = NULL; } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,231924348932554,1 2803,['CWE-264'],"cleanup_module( void ) { struct net_device *dev; int num; for( num = 0; num < SBNI_MAX_NUM_CARDS; ++num ) if( (dev = sbni_cards[ num ]) != NULL ) { unregister_netdev( dev ); release_region( dev->base_addr, SBNI_IO_EXTENT ); free_netdev( dev ); } }",linux-2.6,,,89403646537829410806018064619390183533,0 2503,['CWE-119'],"static void diff_index_show_file(struct rev_info *revs, const char *prefix, struct cache_entry *ce, const unsigned char *sha1, unsigned int mode) { diff_addremove(&revs->diffopt, prefix[0], mode, sha1, ce->name); }",git,,,53878270658572529522846176536690673806,0 6308,['CWE-200'],"struct tc_action *tcf_action_init_1(struct rtattr *rta, struct rtattr *est, char *name, int ovr, int bind, int *err) { struct tc_action *a; struct tc_action_ops *a_o; char act_name[IFNAMSIZ]; struct rtattr *tb[TCA_ACT_MAX+1]; struct rtattr *kind; *err = -EINVAL; if (name == NULL) { if (rtattr_parse_nested(tb, TCA_ACT_MAX, rta) < 0) goto err_out; kind = tb[TCA_ACT_KIND-1]; if (kind == NULL) goto err_out; if (rtattr_strlcpy(act_name, kind, IFNAMSIZ) >= IFNAMSIZ) goto err_out; } else { if (strlcpy(act_name, name, IFNAMSIZ) >= IFNAMSIZ) goto err_out; } a_o = tc_lookup_action_n(act_name); if (a_o == NULL) { #ifdef CONFIG_KMOD rtnl_unlock(); request_module(act_name); rtnl_lock(); a_o = tc_lookup_action_n(act_name); if (a_o != NULL) { *err = -EAGAIN; goto err_mod; } #endif goto err_out; } *err = -ENOMEM; a = kmalloc(sizeof(*a), GFP_KERNEL); if (a == NULL) goto err_mod; memset(a, 0, sizeof(*a)); if (name == NULL) *err = a_o->init(tb[TCA_ACT_OPTIONS-1], est, a, ovr, bind); else *err = a_o->init(rta, est, a, ovr, bind); if (*err < 0) goto err_free; if (*err != ACT_P_CREATED) module_put(a_o->owner); a->ops = a_o; DPRINTK(""tcf_action_init_1: successfull %s\n"", act_name); *err = 0; return a; err_free: kfree(a); err_mod: module_put(a_o->owner); err_out: return NULL; }",linux-2.6,,,11075176450066311317042440903479015271,0 3857,[],"int cap_netlink_send(struct sock *sk, struct sk_buff *skb) { NETLINK_CB(skb).eff_cap = current->cap_effective; return 0; }",linux-2.6,,,236664627247921073999820043439340925407,0 5563,[],"SYSCALL_DEFINE2(tkill, pid_t, pid, int, sig) { if (pid <= 0) return -EINVAL; return do_tkill(0, pid, sig); }",linux-2.6,,,97104176988796187838336592214838251554,0 1070,CWE-189,"int do_adjtimex(struct timex *txc) { long mtemp, save_adjust, rem; s64 freq_adj; int result; if (txc->modes && !capable(CAP_SYS_TIME)) return -EPERM; if ((txc->modes & ADJ_OFFSET_SINGLESHOT) == ADJ_OFFSET_SINGLESHOT) { if (txc->modes != ADJ_OFFSET_SINGLESHOT && txc->modes != ADJ_OFFSET_SS_READ) return -EINVAL; } if (txc->modes != ADJ_OFFSET_SINGLESHOT && (txc->modes & ADJ_OFFSET)) if (txc->offset <= - MAXPHASE || txc->offset >= MAXPHASE ) return -EINVAL; if (txc->modes & ADJ_TICK) if (txc->tick < 900000/USER_HZ || txc->tick > 1100000/USER_HZ) return -EINVAL; write_seqlock_irq(&xtime_lock); result = time_state; save_adjust = time_adjust; #if 0 time_status &= ~STA_CLOCKERR; #endif if (txc->modes) { if (txc->modes & ADJ_STATUS) time_status = (txc->status & ~STA_RONLY) | (time_status & STA_RONLY); if (txc->modes & ADJ_FREQUENCY) { if (txc->freq > MAXFREQ || txc->freq < -MAXFREQ) { result = -EINVAL; goto leave; } time_freq = ((s64)txc->freq * NSEC_PER_USEC) >> (SHIFT_USEC - SHIFT_NSEC); } if (txc->modes & ADJ_MAXERROR) { if (txc->maxerror < 0 || txc->maxerror >= NTP_PHASE_LIMIT) { result = -EINVAL; goto leave; } time_maxerror = txc->maxerror; } if (txc->modes & ADJ_ESTERROR) { if (txc->esterror < 0 || txc->esterror >= NTP_PHASE_LIMIT) { result = -EINVAL; goto leave; } time_esterror = txc->esterror; } if (txc->modes & ADJ_TIMECONST) { if (txc->constant < 0) { result = -EINVAL; goto leave; } time_constant = min(txc->constant + 4, (long)MAXTC); } if (txc->modes & ADJ_OFFSET) { if (txc->modes == ADJ_OFFSET_SINGLESHOT) { time_adjust = txc->offset; } else if (time_status & STA_PLL) { time_offset = txc->offset * NSEC_PER_USEC; time_offset = min(time_offset, (s64)MAXPHASE * NSEC_PER_USEC); time_offset = max(time_offset, (s64)-MAXPHASE * NSEC_PER_USEC); if (time_status & STA_FREQHOLD || time_reftime == 0) time_reftime = xtime.tv_sec; mtemp = xtime.tv_sec - time_reftime; time_reftime = xtime.tv_sec; freq_adj = time_offset * mtemp; freq_adj = shift_right(freq_adj, time_constant * 2 + (SHIFT_PLL + 2) * 2 - SHIFT_NSEC); if (mtemp >= MINSEC && (time_status & STA_FLL || mtemp > MAXSEC)) freq_adj += div_s64(time_offset << (SHIFT_NSEC - SHIFT_FLL), mtemp); freq_adj += time_freq; freq_adj = min(freq_adj, (s64)MAXFREQ_NSEC); time_freq = max(freq_adj, (s64)-MAXFREQ_NSEC); time_offset = div_long_long_rem_signed(time_offset, NTP_INTERVAL_FREQ, &rem); time_offset <<= SHIFT_UPDATE; } } if (txc->modes & ADJ_TICK) tick_usec = txc->tick; if (txc->modes & (ADJ_TICK|ADJ_FREQUENCY|ADJ_OFFSET)) ntp_update_frequency(); } leave: if ((time_status & (STA_UNSYNC|STA_CLOCKERR)) != 0) result = TIME_ERROR; if ((txc->modes == ADJ_OFFSET_SINGLESHOT) || (txc->modes == ADJ_OFFSET_SS_READ)) txc->offset = save_adjust; else txc->offset = ((long)shift_right(time_offset, SHIFT_UPDATE)) * NTP_INTERVAL_FREQ / 1000; txc->freq = (time_freq / NSEC_PER_USEC) << (SHIFT_USEC - SHIFT_NSEC); txc->maxerror = time_maxerror; txc->esterror = time_esterror; txc->status = time_status; txc->constant = time_constant; txc->precision = 1; txc->tolerance = MAXFREQ; txc->tick = tick_usec; txc->ppsfreq = 0; txc->jitter = 0; txc->shift = 0; txc->stabil = 0; txc->jitcnt = 0; txc->calcnt = 0; txc->errcnt = 0; txc->stbcnt = 0; write_sequnlock_irq(&xtime_lock); do_gettimeofday(&txc->time); notify_cmos_timer(); return(result); }",visit repo url,kernel/time/ntp.c,https://github.com/torvalds/linux,99840860115528,1 2655,CWE-125,"PHP_FUNCTION(locale_accept_from_http) { UEnumeration *available; char *http_accept = NULL; int http_accept_len; UErrorCode status = 0; int len; char resultLocale[INTL_MAX_LOCALE_LEN+1]; UAcceptResult outResult; if(zend_parse_parameters( ZEND_NUM_ARGS() TSRMLS_CC, ""s"", &http_accept, &http_accept_len) == FAILURE) { intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ""locale_accept_from_http: unable to parse input parameters"", 0 TSRMLS_CC ); RETURN_FALSE; } available = ures_openAvailableLocales(NULL, &status); INTL_CHECK_STATUS(status, ""locale_accept_from_http: failed to retrieve locale list""); len = uloc_acceptLanguageFromHTTP(resultLocale, INTL_MAX_LOCALE_LEN, &outResult, http_accept, available, &status); uenum_close(available); INTL_CHECK_STATUS(status, ""locale_accept_from_http: failed to find acceptable locale""); if (len < 0 || outResult == ULOC_ACCEPT_FAILED) { RETURN_FALSE; } RETURN_STRINGL(resultLocale, len, 1); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,93111750805721,1 398,[],"pfm_proc_start(struct seq_file *m, loff_t *pos) { if (*pos == 0) { return PFM_PROC_SHOW_HEADER; } while (*pos <= NR_CPUS) { if (cpu_online(*pos - 1)) { return (void *)*pos; } ++*pos; } return NULL; }",linux-2.6,,,147563598956748190259300440347759026746,0 571,[],"static int bad_inode_link (struct dentry *old_dentry, struct inode *dir, struct dentry *dentry) { return -EIO; }",linux-2.6,,,263500691229190435846832312181008413264,0 1742,[],"static int sched_domain_debug_one(struct sched_domain *sd, int cpu, int level, cpumask_t *groupmask) { struct sched_group *group = sd->groups; char str[256]; cpulist_scnprintf(str, sizeof(str), sd->span); cpus_clear(*groupmask); printk(KERN_DEBUG ""%*s domain %d: "", level, """", level); if (!(sd->flags & SD_LOAD_BALANCE)) { printk(""does not load-balance\n""); if (sd->parent) printk(KERN_ERR ""ERROR: !SD_LOAD_BALANCE domain"" "" has parent""); return -1; } printk(KERN_CONT ""span %s\n"", str); if (!cpu_isset(cpu, sd->span)) { printk(KERN_ERR ""ERROR: domain->span does not contain "" ""CPU%d\n"", cpu); } if (!cpu_isset(cpu, group->cpumask)) { printk(KERN_ERR ""ERROR: domain->groups does not contain"" "" CPU%d\n"", cpu); } printk(KERN_DEBUG ""%*s groups:"", level + 1, """"); do { if (!group) { printk(""\n""); printk(KERN_ERR ""ERROR: group is NULL\n""); break; } if (!group->__cpu_power) { printk(KERN_CONT ""\n""); printk(KERN_ERR ""ERROR: domain->cpu_power not "" ""set\n""); break; } if (!cpus_weight(group->cpumask)) { printk(KERN_CONT ""\n""); printk(KERN_ERR ""ERROR: empty group\n""); break; } if (cpus_intersects(*groupmask, group->cpumask)) { printk(KERN_CONT ""\n""); printk(KERN_ERR ""ERROR: repeated CPUs\n""); break; } cpus_or(*groupmask, *groupmask, group->cpumask); cpulist_scnprintf(str, sizeof(str), group->cpumask); printk(KERN_CONT "" %s"", str); group = group->next; } while (group != sd->groups); printk(KERN_CONT ""\n""); if (!cpus_equal(sd->span, *groupmask)) printk(KERN_ERR ""ERROR: groups don't span domain->span\n""); if (sd->parent && !cpus_subset(*groupmask, sd->parent->span)) printk(KERN_ERR ""ERROR: parent span is not a superset "" ""of domain->span\n""); return 0; }",linux-2.6,,,319732781428628235066939104714296664702,0 426,CWE-416,"static int snd_ctl_elem_write_user(struct snd_ctl_file *file, struct snd_ctl_elem_value __user *_control) { struct snd_ctl_elem_value *control; struct snd_card *card; int result; control = memdup_user(_control, sizeof(*control)); if (IS_ERR(control)) return PTR_ERR(control); card = file->card; snd_power_lock(card); result = snd_power_wait(card, SNDRV_CTL_POWER_D0); if (result >= 0) result = snd_ctl_elem_write(card, file, control); snd_power_unlock(card); if (result >= 0) if (copy_to_user(_control, control, sizeof(*control))) result = -EFAULT; kfree(control); return result; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,22088815731470,1 2363,['CWE-200'],"snd_seq_oss_synth_make_info(struct seq_oss_devinfo *dp, int dev, struct synth_info *inf) { struct seq_oss_synth *rec; if (dev < 0 || dev >= dp->max_synthdev) return -ENXIO; if (dp->synths[dev].is_midi) { struct midi_info minf; snd_seq_oss_midi_make_info(dp, dp->synths[dev].midi_mapped, &minf); inf->synth_type = SYNTH_TYPE_MIDI; inf->synth_subtype = 0; inf->nr_voices = 16; inf->device = dev; strlcpy(inf->name, minf.name, sizeof(inf->name)); } else { if ((rec = get_synthdev(dp, dev)) == NULL) return -ENXIO; inf->synth_type = rec->synth_type; inf->synth_subtype = rec->synth_subtype; inf->nr_voices = rec->nr_voices; inf->device = dev; strlcpy(inf->name, rec->name, sizeof(inf->name)); snd_use_lock_free(&rec->use_lock); } return 0; }",linux-2.6,,,66031690331120697621678339487637279812,0 520,['CWE-399'],"static int pwc_video_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) { return video_usercopy(inode, file, cmd, arg, pwc_video_do_ioctl); }",linux-2.6,,,89491180776607814205431704262894551069,0 4604,['CWE-399'],"static int ext4_do_update_inode(handle_t *handle, struct inode *inode, struct ext4_iloc *iloc) { struct ext4_inode *raw_inode = ext4_raw_inode(iloc); struct ext4_inode_info *ei = EXT4_I(inode); struct buffer_head *bh = iloc->bh; int err = 0, rc, block; if (ei->i_state & EXT4_STATE_NEW) memset(raw_inode, 0, EXT4_SB(inode->i_sb)->s_inode_size); ext4_get_inode_flags(ei); raw_inode->i_mode = cpu_to_le16(inode->i_mode); if (!(test_opt(inode->i_sb, NO_UID32))) { raw_inode->i_uid_low = cpu_to_le16(low_16_bits(inode->i_uid)); raw_inode->i_gid_low = cpu_to_le16(low_16_bits(inode->i_gid)); if (!ei->i_dtime) { raw_inode->i_uid_high = cpu_to_le16(high_16_bits(inode->i_uid)); raw_inode->i_gid_high = cpu_to_le16(high_16_bits(inode->i_gid)); } else { raw_inode->i_uid_high = 0; raw_inode->i_gid_high = 0; } } else { raw_inode->i_uid_low = cpu_to_le16(fs_high2lowuid(inode->i_uid)); raw_inode->i_gid_low = cpu_to_le16(fs_high2lowgid(inode->i_gid)); raw_inode->i_uid_high = 0; raw_inode->i_gid_high = 0; } raw_inode->i_links_count = cpu_to_le16(inode->i_nlink); EXT4_INODE_SET_XTIME(i_ctime, inode, raw_inode); EXT4_INODE_SET_XTIME(i_mtime, inode, raw_inode); EXT4_INODE_SET_XTIME(i_atime, inode, raw_inode); EXT4_EINODE_SET_XTIME(i_crtime, ei, raw_inode); if (ext4_inode_blocks_set(handle, raw_inode, ei)) goto out_brelse; raw_inode->i_dtime = cpu_to_le32(ei->i_dtime); raw_inode->i_flags = cpu_to_le32(ei->i_flags & ~EXT4_EXT_MIGRATE); if (EXT4_SB(inode->i_sb)->s_es->s_creator_os != cpu_to_le32(EXT4_OS_HURD)) raw_inode->i_file_acl_high = cpu_to_le16(ei->i_file_acl >> 32); raw_inode->i_file_acl_lo = cpu_to_le32(ei->i_file_acl); ext4_isize_set(raw_inode, ei->i_disksize); if (ei->i_disksize > 0x7fffffffULL) { struct super_block *sb = inode->i_sb; if (!EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_LARGE_FILE) || EXT4_SB(sb)->s_es->s_rev_level == cpu_to_le32(EXT4_GOOD_OLD_REV)) { err = ext4_journal_get_write_access(handle, EXT4_SB(sb)->s_sbh); if (err) goto out_brelse; ext4_update_dynamic_rev(sb); EXT4_SET_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_LARGE_FILE); sb->s_dirt = 1; ext4_handle_sync(handle); err = ext4_handle_dirty_metadata(handle, inode, EXT4_SB(sb)->s_sbh); } } raw_inode->i_generation = cpu_to_le32(inode->i_generation); if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode)) { if (old_valid_dev(inode->i_rdev)) { raw_inode->i_block[0] = cpu_to_le32(old_encode_dev(inode->i_rdev)); raw_inode->i_block[1] = 0; } else { raw_inode->i_block[0] = 0; raw_inode->i_block[1] = cpu_to_le32(new_encode_dev(inode->i_rdev)); raw_inode->i_block[2] = 0; } } else for (block = 0; block < EXT4_N_BLOCKS; block++) raw_inode->i_block[block] = ei->i_data[block]; raw_inode->i_disk_version = cpu_to_le32(inode->i_version); if (ei->i_extra_isize) { if (EXT4_FITS_IN_INODE(raw_inode, ei, i_version_hi)) raw_inode->i_version_hi = cpu_to_le32(inode->i_version >> 32); raw_inode->i_extra_isize = cpu_to_le16(ei->i_extra_isize); } BUFFER_TRACE(bh, ""call ext4_handle_dirty_metadata""); rc = ext4_handle_dirty_metadata(handle, inode, bh); if (!err) err = rc; ei->i_state &= ~EXT4_STATE_NEW; out_brelse: brelse(bh); ext4_std_error(inode->i_sb, err); return err; }",linux-2.6,,,25399957676812140644562995140031743996,0 5002,['CWE-120'],"static int utf8_encoded_expected_len(const char *str) { unsigned char c = (unsigned char)str[0]; if (c < 0x80) return 1; if ((c & 0xe0) == 0xc0) return 2; if ((c & 0xf0) == 0xe0) return 3; if ((c & 0xf8) == 0xf0) return 4; if ((c & 0xfc) == 0xf8) return 5; if ((c & 0xfe) == 0xfc) return 6; return 0; }",udev,,,256127015334813263581801085103652188798,0 3477,['CWE-20'],"sctp_disposition_t sctp_sf_do_5_2_1_siminit(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands); }",linux-2.6,,,282150522587815065888758735187589212131,0 3428,CWE-119,"static void show_object(struct object *object, struct strbuf *path, const char *last, void *data) { struct bitmap *base = data; bitmap_set(base, find_object_pos(object->oid.hash)); mark_as_seen(object); }",visit repo url,pack-bitmap-write.c,https://github.com/git/git,96420771696847,1 5462,CWE-617,"pci_emul_add_msicap(struct pci_vdev *dev, int msgnum) { struct msicap msicap; pci_populate_msicap(&msicap, msgnum, 0); return pci_emul_add_capability(dev, (u_char *)&msicap, sizeof(msicap)); }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,231796162240971,1 4301,['CWE-264'],"static int unshare_vm(unsigned long unshare_flags, struct mm_struct **new_mmp) { struct mm_struct *mm = current->mm; if ((unshare_flags & CLONE_VM) && (mm && atomic_read(&mm->mm_users) > 1)) { return -EINVAL; } return 0; }",linux-2.6,,,78258104355523393054650094888282940397,0 3915,['CWE-399'],"static int chip_write(struct CHIPSTATE *chip, int subaddr, int val) { unsigned char buffer[2]; if (subaddr < 0) { v4l_dbg(1, debug, chip->c, ""%s: chip_write: 0x%x\n"", chip->c->name, val); chip->shadow.bytes[1] = val; buffer[0] = val; if (1 != i2c_master_send(chip->c,buffer,1)) { v4l_warn(chip->c, ""%s: I/O error (write 0x%x)\n"", chip->c->name, val); return -1; } } else { if (subaddr + 1 >= ARRAY_SIZE(chip->shadow.bytes)) { v4l_info(chip->c, ""Tried to access a non-existent register: %d\n"", subaddr); return -EINVAL; } v4l_dbg(1, debug, chip->c, ""%s: chip_write: reg%d=0x%x\n"", chip->c->name, subaddr, val); chip->shadow.bytes[subaddr+1] = val; buffer[0] = subaddr; buffer[1] = val; if (2 != i2c_master_send(chip->c,buffer,2)) { v4l_warn(chip->c, ""%s: I/O error (write reg%d=0x%x)\n"", chip->c->name, subaddr, val); return -1; } } return 0; }",linux-2.6,,,201026780630920137291546598653616843655,0 880,['CWE-200'],"static inline void shmem_dir_free(struct page *page) { __free_pages(page, PAGE_CACHE_SHIFT-PAGE_SHIFT); }",linux-2.6,,,136939256170479297506870447283799552978,0 4169,['CWE-399'],"void* avahi_server_get_data(AvahiServer *s) { assert(s); return s->userdata; }",avahi,,,305581277743063074814255501016442542157,0 457,CWE-416,"static int snd_seq_ioctl_create_port(struct snd_seq_client *client, void *arg) { struct snd_seq_port_info *info = arg; struct snd_seq_client_port *port; struct snd_seq_port_callback *callback; if (info->addr.client != client->number) return -EPERM; port = snd_seq_create_port(client, (info->flags & SNDRV_SEQ_PORT_FLG_GIVEN_PORT) ? info->addr.port : -1); if (port == NULL) return -ENOMEM; if (client->type == USER_CLIENT && info->kernel) { snd_seq_delete_port(client, port->addr.port); return -EINVAL; } if (client->type == KERNEL_CLIENT) { if ((callback = info->kernel) != NULL) { if (callback->owner) port->owner = callback->owner; port->private_data = callback->private_data; port->private_free = callback->private_free; port->event_input = callback->event_input; port->c_src.open = callback->subscribe; port->c_src.close = callback->unsubscribe; port->c_dest.open = callback->use; port->c_dest.close = callback->unuse; } } info->addr = port->addr; snd_seq_set_port_info(port, info); snd_seq_system_client_ev_port_start(port->addr.client, port->addr.port); return 0; }",visit repo url,sound/core/seq/seq_clientmgr.c,https://github.com/torvalds/linux,87954522610749,1 873,CWE-20,"static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); int noblock = flags & MSG_DONTWAIT; struct sk_buff *skb; int err; int peeked, skip; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); goto out; } skip = sk_peek_offset(sk, flags); skb = __skb_recv_datagram(sk, flags, &peeked, &skip, &err); if (!skb) { unix_state_lock(sk); if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && (sk->sk_shutdown & RCV_SHUTDOWN)) err = 0; unix_state_unlock(sk); goto out_unlock; } wake_up_interruptible_sync_poll(&u->peer_wait, POLLOUT | POLLWRNORM | POLLWRBAND); if (msg->msg_name) unix_copy_addr(msg, skb->sk); if (size > skb->len - skip) size = skb->len - skip; else if (size < skb->len - skip) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, skip, msg->msg_iov, size); if (err) goto out_free; if (sock_flag(sk, SOCK_RCVTSTAMP)) __sock_recv_timestamp(msg, sk, skb); if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); unix_set_secdata(siocb->scm, skb); if (!(flags & MSG_PEEK)) { if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); sk_peek_offset_bwd(sk, skb->len); } else { sk_peek_offset_fwd(sk, size); if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); } err = (flags & MSG_TRUNC) ? skb->len - skip : size; scm_recv(sock, msg, siocb->scm, flags); out_free: skb_free_datagram(sk, skb); out_unlock: mutex_unlock(&u->readlock); out: return err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,179527283060615,1 4390,['CWE-264'],"unsigned long sock_i_ino(struct sock *sk) { unsigned long ino; read_lock(&sk->sk_callback_lock); ino = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_ino : 0; read_unlock(&sk->sk_callback_lock); return ino; }",linux-2.6,,,66144155211038994083853940233072859741,0 5845,['CWE-200'],"static int econet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { struct sock *sk = sock->sk; void __user *argp = (void __user *)arg; switch(cmd) { case SIOCGSTAMP: return sock_get_timestamp(sk, argp); case SIOCGSTAMPNS: return sock_get_timestampns(sk, argp); case SIOCSIFADDR: case SIOCGIFADDR: return ec_dev_ioctl(sock, cmd, argp); break; default: return -ENOIOCTLCMD; } return 0; }",linux-2.6,,,223676094441469772926543692794845610495,0 1270,[],"m4_decr (struct obstack *obs, int argc, token_data **argv) { int value; if (bad_argc (argv[0], argc, 2, 2)) return; if (!numeric_arg (argv[0], ARG (1), &value)) return; shipout_int (obs, value - 1); }",m4,,,311474902702830460065163814910229277117,0 6010,CWE-120,"static int __pyx_pf_17clickhouse_driver_14bufferedwriter_14BufferedWriter___init__(struct __pyx_obj_17clickhouse_driver_14bufferedwriter_BufferedWriter *__pyx_v_self, Py_ssize_t __pyx_v_bufsize) { int __pyx_r; __Pyx_RefNannyDeclarations int __pyx_t_1; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; __Pyx_RefNannySetupContext(""__init__"", 0); __pyx_v_self->buffer = ((char *)PyMem_Malloc(__pyx_v_bufsize)); __pyx_t_1 = ((!(__pyx_v_self->buffer != 0)) != 0); if (unlikely(__pyx_t_1)) { PyErr_NoMemory(); __PYX_ERR(0, 15, __pyx_L1_error) } __pyx_v_self->position = 0; __pyx_v_self->buffer_size = __pyx_v_bufsize; __pyx_t_3 = PyTuple_New(2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 20, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_INCREF(((PyObject *)__pyx_ptype_17clickhouse_driver_14bufferedwriter_BufferedWriter)); __Pyx_GIVEREF(((PyObject *)__pyx_ptype_17clickhouse_driver_14bufferedwriter_BufferedWriter)); PyTuple_SET_ITEM(__pyx_t_3, 0, ((PyObject *)__pyx_ptype_17clickhouse_driver_14bufferedwriter_BufferedWriter)); __Pyx_INCREF(((PyObject *)__pyx_v_self)); __Pyx_GIVEREF(((PyObject *)__pyx_v_self)); PyTuple_SET_ITEM(__pyx_t_3, 1, ((PyObject *)__pyx_v_self)); __pyx_t_4 = __Pyx_PyObject_Call(__pyx_builtin_super, __pyx_t_3, NULL); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 20, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __pyx_t_3 = __Pyx_PyObject_GetAttrStr(__pyx_t_4, __pyx_n_s_init); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 20, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_3))) { __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_3); if (likely(__pyx_t_4)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3); __Pyx_INCREF(__pyx_t_4); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_3, function); } } __pyx_t_2 = (__pyx_t_4) ? __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4) : __Pyx_PyObject_CallNoArg(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0; if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 20, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_r = 0; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_AddTraceback(""clickhouse_driver.bufferedwriter.BufferedWriter.__init__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = -1; __pyx_L0:; __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedwriter.c,https://github.com/mymarilyn/clickhouse-driver,77394453626872,1 5818,['CWE-200'],"static __be16 atalk_checksum(const struct sk_buff *skb, int len) { unsigned long sum; sum = atalk_sum_skb(skb, 4, len-4, 0); return sum ? htons((unsigned short)sum) : htons(0xFFFF); }",linux-2.6,,,146823308276955445137309130000193021727,0 61,['CWE-787'],"static uint32_t cirrus_linear_readb(void *opaque, target_phys_addr_t addr) { CirrusVGAState *s = (CirrusVGAState *) opaque; uint32_t ret; addr &= s->cirrus_addr_mask; if (((s->sr[0x17] & 0x44) == 0x44) && ((addr & s->linear_mmio_mask) == s->linear_mmio_mask)) { ret = cirrus_mmio_blt_read(s, addr & 0xff); } else if (0) { ret = 0xff; } else { if ((s->gr[0x0B] & 0x14) == 0x14) { addr <<= 4; } else if (s->gr[0x0B] & 0x02) { addr <<= 3; } addr &= s->cirrus_addr_mask; ret = *(s->vram_ptr + addr); } return ret; }",qemu,,,93560200994936361550746745666666712304,0 5402,['CWE-476'],"static void get_segment_descriptor_dtable(struct kvm_vcpu *vcpu, u16 selector, struct descriptor_table *dtable) { if (selector & 1 << 2) { struct kvm_segment kvm_seg; kvm_get_segment(vcpu, &kvm_seg, VCPU_SREG_LDTR); if (kvm_seg.unusable) dtable->limit = 0; else dtable->limit = kvm_seg.limit; dtable->base = kvm_seg.base; } else kvm_x86_ops->get_gdt(vcpu, dtable); }",linux-2.6,,,145906055647012858852260906554368759813,0 5814,['CWE-200'],"static int atalk_create(struct net *net, struct socket *sock, int protocol) { struct sock *sk; int rc = -ESOCKTNOSUPPORT; if (net != &init_net) return -EAFNOSUPPORT; if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM) goto out; rc = -ENOMEM; sk = sk_alloc(net, PF_APPLETALK, GFP_KERNEL, &ddp_proto); if (!sk) goto out; rc = 0; sock->ops = &atalk_dgram_ops; sock_init_data(sock, sk); sock_set_flag(sk, SOCK_ZAPPED); out: return rc; }",linux-2.6,,,339582068234185119089224155962177992552,0 359,CWE-476,"int fscrypt_get_crypt_info(struct inode *inode) { struct fscrypt_info *crypt_info; struct fscrypt_context ctx; struct crypto_skcipher *ctfm; const char *cipher_str; int keysize; u8 *raw_key = NULL; int res; res = fscrypt_initialize(inode->i_sb->s_cop->flags); if (res) return res; if (!inode->i_sb->s_cop->get_context) return -EOPNOTSUPP; retry: crypt_info = ACCESS_ONCE(inode->i_crypt_info); if (crypt_info) { if (!crypt_info->ci_keyring_key || key_validate(crypt_info->ci_keyring_key) == 0) return 0; fscrypt_put_encryption_info(inode, crypt_info); goto retry; } res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); if (res < 0) { if (!fscrypt_dummy_context_enabled(inode) || inode->i_sb->s_cop->is_encrypted(inode)) return res; memset(&ctx, 0, sizeof(ctx)); ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS; ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS; memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE); } else if (res != sizeof(ctx)) { return -EINVAL; } if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1) return -EINVAL; if (ctx.flags & ~FS_POLICY_FLAGS_VALID) return -EINVAL; crypt_info = kmem_cache_alloc(fscrypt_info_cachep, GFP_NOFS); if (!crypt_info) return -ENOMEM; crypt_info->ci_flags = ctx.flags; crypt_info->ci_data_mode = ctx.contents_encryption_mode; crypt_info->ci_filename_mode = ctx.filenames_encryption_mode; crypt_info->ci_ctfm = NULL; crypt_info->ci_keyring_key = NULL; memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor, sizeof(crypt_info->ci_master_key)); res = determine_cipher_type(crypt_info, inode, &cipher_str, &keysize); if (res) goto out; res = -ENOMEM; raw_key = kmalloc(FS_MAX_KEY_SIZE, GFP_NOFS); if (!raw_key) goto out; res = validate_user_key(crypt_info, &ctx, raw_key, FS_KEY_DESC_PREFIX); if (res && inode->i_sb->s_cop->key_prefix) { int res2 = validate_user_key(crypt_info, &ctx, raw_key, inode->i_sb->s_cop->key_prefix); if (res2) { if (res2 == -ENOKEY) res = -ENOKEY; goto out; } } else if (res) { goto out; } ctfm = crypto_alloc_skcipher(cipher_str, 0, 0); if (!ctfm || IS_ERR(ctfm)) { res = ctfm ? PTR_ERR(ctfm) : -ENOMEM; printk(KERN_DEBUG ""%s: error %d (inode %u) allocating crypto tfm\n"", __func__, res, (unsigned) inode->i_ino); goto out; } crypt_info->ci_ctfm = ctfm; crypto_skcipher_clear_flags(ctfm, ~0); crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_REQ_WEAK_KEY); res = crypto_skcipher_setkey(ctfm, raw_key, keysize); if (res) goto out; kzfree(raw_key); raw_key = NULL; if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) != NULL) { put_crypt_info(crypt_info); goto retry; } return 0; out: if (res == -ENOKEY) res = 0; put_crypt_info(crypt_info); kzfree(raw_key); return res; }",visit repo url,fs/crypto/keyinfo.c,https://github.com/torvalds/linux,22535470607510,1 1267,[],"include (int argc, token_data **argv, bool silent) { FILE *fp; char *name; if (bad_argc (argv[0], argc, 2, 2)) return; fp = m4_path_search (ARG (1), &name); if (fp == NULL) { if (!silent) { M4ERROR ((warning_status, errno, ""cannot open `%s'"", ARG (1))); retcode = EXIT_FAILURE; } return; } push_file (fp, name, true); free (name); }",m4,,,54136612570127309652578668953839887192,0 3757,CWE-674,"int yyparse (void *yyscanner, HEX_LEX_ENVIRONMENT *lex_env) { int yychar; YY_INITIAL_VALUE (static YYSTYPE yyval_default;) YYSTYPE yylval YY_INITIAL_VALUE (= yyval_default); int yynerrs; int yystate; int yyerrstatus; yytype_int16 yyssa[YYINITDEPTH]; yytype_int16 *yyss; yytype_int16 *yyssp; YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs; YYSTYPE *yyvsp; YYSIZE_T yystacksize; int yyn; int yyresult; int yytoken = 0; YYSTYPE yyval; #if YYERROR_VERBOSE char yymsgbuf[128]; char *yymsg = yymsgbuf; YYSIZE_T yymsg_alloc = sizeof yymsgbuf; #endif #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) int yylen = 0; yyssp = yyss = yyssa; yyvsp = yyvs = yyvsa; yystacksize = YYINITDEPTH; YYDPRINTF ((stderr, ""Starting parse\n"")); yystate = 0; yyerrstatus = 0; yynerrs = 0; yychar = YYEMPTY; goto yysetstate; yynewstate: yyssp++; yysetstate: *yyssp = yystate; if (yyss + yystacksize - 1 <= yyssp) { YYSIZE_T yysize = yyssp - yyss + 1; #ifdef yyoverflow { YYSTYPE *yyvs1 = yyvs; yytype_int16 *yyss1 = yyss; yyoverflow (YY_(""memory exhausted""), &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), &yystacksize); yyss = yyss1; yyvs = yyvs1; } #else # ifndef YYSTACK_RELOCATE goto yyexhaustedlab; # else if (YYMAXDEPTH <= yystacksize) goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; { yytype_int16 *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } # endif #endif yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; YYDPRINTF ((stderr, ""Stack size increased to %lu\n"", (unsigned long int) yystacksize)); if (yyss + yystacksize - 1 <= yyssp) YYABORT; } YYDPRINTF ((stderr, ""Entering state %d\n"", yystate)); if (yystate == YYFINAL) YYACCEPT; goto yybackup; yybackup: yyn = yypact[yystate]; if (yypact_value_is_default (yyn)) goto yydefault; if (yychar == YYEMPTY) { YYDPRINTF ((stderr, ""Reading a token: "")); yychar = yylex (&yylval, yyscanner, lex_env); } if (yychar <= YYEOF) { yychar = yytoken = YYEOF; YYDPRINTF ((stderr, ""Now at end of input.\n"")); } else { yytoken = YYTRANSLATE (yychar); YY_SYMBOL_PRINT (""Next token is"", yytoken, &yylval, &yylloc); } yyn += yytoken; if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) goto yydefault; yyn = yytable[yyn]; if (yyn <= 0) { if (yytable_value_is_error (yyn)) goto yyerrlab; yyn = -yyn; goto yyreduce; } if (yyerrstatus) yyerrstatus--; YY_SYMBOL_PRINT (""Shifting"", yytoken, &yylval, &yylloc); yychar = YYEMPTY; yystate = yyn; YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END goto yynewstate; yydefault: yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; goto yyreduce; yyreduce: yylen = yyr2[yyn]; yyval = yyvsp[1-yylen]; YY_REDUCE_PRINT (yyn); switch (yyn) { case 2: #line 106 ""hex_grammar.y"" { RE_AST* re_ast = yyget_extra(yyscanner); re_ast->root_node = (yyvsp[-1].re_node); } #line 1330 ""hex_grammar.c"" break; case 3: #line 115 ""hex_grammar.y"" { (yyval.re_node) = (yyvsp[0].re_node); } #line 1338 ""hex_grammar.c"" break; case 4: #line 119 ""hex_grammar.y"" { (yyval.re_node) = yr_re_node_create(RE_NODE_CONCAT, (yyvsp[-1].re_node), (yyvsp[0].re_node)); DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[-1].re_node)); DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[0].re_node)); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); } #line 1351 ""hex_grammar.c"" break; case 5: #line 128 ""hex_grammar.y"" { RE_NODE* new_concat; RE_NODE* leftmost_concat = NULL; RE_NODE* leftmost_node = (yyvsp[-1].re_node); (yyval.re_node) = NULL; while (leftmost_node->type == RE_NODE_CONCAT) { leftmost_concat = leftmost_node; leftmost_node = leftmost_node->left; } new_concat = yr_re_node_create( RE_NODE_CONCAT, (yyvsp[-2].re_node), leftmost_node); if (new_concat != NULL) { if (leftmost_concat != NULL) { leftmost_concat->left = new_concat; (yyval.re_node) = yr_re_node_create(RE_NODE_CONCAT, (yyvsp[-1].re_node), (yyvsp[0].re_node)); } else { (yyval.re_node) = yr_re_node_create(RE_NODE_CONCAT, new_concat, (yyvsp[0].re_node)); } } DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[-2].re_node)); DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[-1].re_node)); DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[0].re_node)); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); } #line 1413 ""hex_grammar.c"" break; case 6: #line 190 ""hex_grammar.y"" { (yyval.re_node) = (yyvsp[0].re_node); } #line 1421 ""hex_grammar.c"" break; case 7: #line 194 ""hex_grammar.y"" { (yyval.re_node) = yr_re_node_create(RE_NODE_CONCAT, (yyvsp[-1].re_node), (yyvsp[0].re_node)); DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[-1].re_node)); DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[0].re_node)); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); } #line 1434 ""hex_grammar.c"" break; case 8: #line 207 ""hex_grammar.y"" { (yyval.re_node) = (yyvsp[0].re_node); } #line 1442 ""hex_grammar.c"" break; case 9: #line 211 ""hex_grammar.y"" { (yyval.re_node) = (yyvsp[0].re_node); (yyval.re_node)->greedy = FALSE; } #line 1451 ""hex_grammar.c"" break; case 10: #line 220 ""hex_grammar.y"" { lex_env->token_count++; if (lex_env->token_count > MAX_HEX_STRING_TOKENS) { yr_re_node_destroy((yyvsp[0].re_node)); yyerror(yyscanner, lex_env, ""string too long""); YYABORT; } (yyval.re_node) = (yyvsp[0].re_node); } #line 1468 ""hex_grammar.c"" break; case 11: #line 233 ""hex_grammar.y"" { lex_env->inside_or++; } #line 1476 ""hex_grammar.c"" break; case 12: #line 237 ""hex_grammar.y"" { (yyval.re_node) = (yyvsp[-1].re_node); lex_env->inside_or--; } #line 1485 ""hex_grammar.c"" break; case 13: #line 246 ""hex_grammar.y"" { if ((yyvsp[-1].integer) <= 0) { yyerror(yyscanner, lex_env, ""invalid jump length""); YYABORT; } if (lex_env->inside_or && (yyvsp[-1].integer) > STRING_CHAINING_THRESHOLD) { yyerror(yyscanner, lex_env, ""jumps over "" STR(STRING_CHAINING_THRESHOLD) "" now allowed inside alternation (|)""); YYABORT; } (yyval.re_node) = yr_re_node_create(RE_NODE_RANGE_ANY, NULL, NULL); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); (yyval.re_node)->start = (int) (yyvsp[-1].integer); (yyval.re_node)->end = (int) (yyvsp[-1].integer); } #line 1512 ""hex_grammar.c"" break; case 14: #line 269 ""hex_grammar.y"" { if (lex_env->inside_or && ((yyvsp[-3].integer) > STRING_CHAINING_THRESHOLD || (yyvsp[-1].integer) > STRING_CHAINING_THRESHOLD) ) { yyerror(yyscanner, lex_env, ""jumps over "" STR(STRING_CHAINING_THRESHOLD) "" now allowed inside alternation (|)""); YYABORT; } if ((yyvsp[-3].integer) < 0 || (yyvsp[-1].integer) < 0) { yyerror(yyscanner, lex_env, ""invalid negative jump length""); YYABORT; } if ((yyvsp[-3].integer) > (yyvsp[-1].integer)) { yyerror(yyscanner, lex_env, ""invalid jump range""); YYABORT; } (yyval.re_node) = yr_re_node_create(RE_NODE_RANGE_ANY, NULL, NULL); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); (yyval.re_node)->start = (int) (yyvsp[-3].integer); (yyval.re_node)->end = (int) (yyvsp[-1].integer); } #line 1548 ""hex_grammar.c"" break; case 15: #line 301 ""hex_grammar.y"" { if (lex_env->inside_or) { yyerror(yyscanner, lex_env, ""unbounded jumps not allowed inside alternation (|)""); YYABORT; } if ((yyvsp[-2].integer) < 0) { yyerror(yyscanner, lex_env, ""invalid negative jump length""); YYABORT; } (yyval.re_node) = yr_re_node_create(RE_NODE_RANGE_ANY, NULL, NULL); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); (yyval.re_node)->start = (int) (yyvsp[-2].integer); (yyval.re_node)->end = INT_MAX; } #line 1574 ""hex_grammar.c"" break; case 16: #line 323 ""hex_grammar.y"" { if (lex_env->inside_or) { yyerror(yyscanner, lex_env, ""unbounded jumps not allowed inside alternation (|)""); YYABORT; } (yyval.re_node) = yr_re_node_create(RE_NODE_RANGE_ANY, NULL, NULL); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); (yyval.re_node)->start = 0; (yyval.re_node)->end = INT_MAX; } #line 1594 ""hex_grammar.c"" break; case 17: #line 343 ""hex_grammar.y"" { (yyval.re_node) = (yyvsp[0].re_node); } #line 1602 ""hex_grammar.c"" break; case 18: #line 347 ""hex_grammar.y"" { mark_as_not_fast_regexp(); (yyval.re_node) = yr_re_node_create(RE_NODE_ALT, (yyvsp[-2].re_node), (yyvsp[0].re_node)); DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[-2].re_node)); DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[0].re_node)); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); } #line 1617 ""hex_grammar.c"" break; case 19: #line 361 ""hex_grammar.y"" { (yyval.re_node) = yr_re_node_create(RE_NODE_LITERAL, NULL, NULL); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); (yyval.re_node)->value = (int) (yyvsp[0].integer); } #line 1629 ""hex_grammar.c"" break; case 20: #line 369 ""hex_grammar.y"" { uint8_t mask = (uint8_t) ((yyvsp[0].integer) >> 8); if (mask == 0x00) { (yyval.re_node) = yr_re_node_create(RE_NODE_ANY, NULL, NULL); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); } else { (yyval.re_node) = yr_re_node_create(RE_NODE_MASKED_LITERAL, NULL, NULL); ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY); (yyval.re_node)->value = (yyvsp[0].integer) & 0xFF; (yyval.re_node)->mask = mask; } } #line 1653 ""hex_grammar.c"" break; #line 1657 ""hex_grammar.c"" default: break; } YY_SYMBOL_PRINT (""-> $$ ="", yyr1[yyn], &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; yyn = yyr1[yyn]; yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) yystate = yytable[yystate]; else yystate = yydefgoto[yyn - YYNTOKENS]; goto yynewstate; yyerrlab: yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); if (!yyerrstatus) { ++yynerrs; #if ! YYERROR_VERBOSE yyerror (yyscanner, lex_env, YY_(""syntax error"")); #else # define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ yyssp, yytoken) { char const *yymsgp = YY_(""syntax error""); int yysyntax_error_status; yysyntax_error_status = YYSYNTAX_ERROR; if (yysyntax_error_status == 0) yymsgp = yymsg; else if (yysyntax_error_status == 1) { if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); if (!yymsg) { yymsg = yymsgbuf; yymsg_alloc = sizeof yymsgbuf; yysyntax_error_status = 2; } else { yysyntax_error_status = YYSYNTAX_ERROR; yymsgp = yymsg; } } yyerror (yyscanner, lex_env, yymsgp); if (yysyntax_error_status == 2) goto yyexhaustedlab; } # undef YYSYNTAX_ERROR #endif } if (yyerrstatus == 3) { if (yychar <= YYEOF) { if (yychar == YYEOF) YYABORT; } else { yydestruct (""Error: discarding"", yytoken, &yylval, yyscanner, lex_env); yychar = YYEMPTY; } } goto yyerrlab1; yyerrorlab: if ( 0) goto yyerrorlab; YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; yyerrlab1: yyerrstatus = 3; for (;;) { yyn = yypact[yystate]; if (!yypact_value_is_default (yyn)) { yyn += YYTERROR; if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) { yyn = yytable[yyn]; if (0 < yyn) break; } } if (yyssp == yyss) YYABORT; yydestruct (""Error: popping"", yystos[yystate], yyvsp, yyscanner, lex_env); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END YY_SYMBOL_PRINT (""Shifting"", yystos[yyn], yyvsp, yylsp); yystate = yyn; goto yynewstate; yyacceptlab: yyresult = 0; goto yyreturn; yyabortlab: yyresult = 1; goto yyreturn; #if !defined yyoverflow || YYERROR_VERBOSE yyexhaustedlab: yyerror (yyscanner, lex_env, YY_(""memory exhausted"")); yyresult = 2; #endif yyreturn: if (yychar != YYEMPTY) { yytoken = YYTRANSLATE (yychar); yydestruct (""Cleanup: discarding lookahead"", yytoken, &yylval, yyscanner, lex_env); } YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct (""Cleanup: popping"", yystos[*yyssp], yyvsp, yyscanner, lex_env); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif #if YYERROR_VERBOSE if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); #endif",visit repo url,libyara/hex_grammar.c,https://github.com/VirusTotal/yara,68926530953022,1 109,CWE-674,"get_tag(const uint8_t *asn1, size_t len, taginfo *tag_out, const uint8_t **contents_out, size_t *clen_out, const uint8_t **remainder_out, size_t *rlen_out) { krb5_error_code ret; uint8_t o; const uint8_t *c, *p, *tag_start = asn1; size_t clen, llen, i; taginfo t; *contents_out = *remainder_out = NULL; *clen_out = *rlen_out = 0; if (len == 0) return ASN1_OVERRUN; o = *asn1++; len--; tag_out->asn1class = o & 0xC0; tag_out->construction = o & 0x20; if ((o & 0x1F) != 0x1F) { tag_out->tagnum = o & 0x1F; } else { tag_out->tagnum = 0; do { if (len == 0) return ASN1_OVERRUN; o = *asn1++; len--; tag_out->tagnum = (tag_out->tagnum << 7) | (o & 0x7F); } while (o & 0x80); } if (len == 0) return ASN1_OVERRUN; o = *asn1++; len--; if (o == 0x80) { if (tag_out->construction != CONSTRUCTED) return ASN1_MISMATCH_INDEF; p = asn1; while (!(len >= 2 && p[0] == 0 && p[1] == 0)) { ret = get_tag(p, len, &t, &c, &clen, &p, &len); if (ret) return ret; } tag_out->tag_end_len = 2; *contents_out = asn1; *clen_out = p - asn1; *remainder_out = p + 2; *rlen_out = len - 2; } else if ((o & 0x80) == 0) { if (o > len) return ASN1_OVERRUN; tag_out->tag_end_len = 0; *contents_out = asn1; *clen_out = o; *remainder_out = asn1 + *clen_out; *rlen_out = len - (*remainder_out - asn1); } else { llen = o & 0x7F; if (llen > len) return ASN1_OVERRUN; if (llen > sizeof(*clen_out)) return ASN1_OVERFLOW; for (i = 0, clen = 0; i < llen; i++) clen = (clen << 8) | asn1[i]; if (clen > len - llen) return ASN1_OVERRUN; tag_out->tag_end_len = 0; *contents_out = asn1 + llen; *clen_out = clen; *remainder_out = *contents_out + clen; *rlen_out = len - (*remainder_out - asn1); } tag_out->tag_len = *contents_out - tag_start; return 0; }",visit repo url,src/lib/krb5/asn.1/asn1_encode.c,https://github.com/krb5/krb5,259533229047772,1 458,CWE-362,"struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client, int port) { unsigned long flags; struct snd_seq_client_port *new_port, *p; int num = -1; if (snd_BUG_ON(!client)) return NULL; if (client->num_ports >= SNDRV_SEQ_MAX_PORTS) { pr_warn(""ALSA: seq: too many ports for client %d\n"", client->number); return NULL; } new_port = kzalloc(sizeof(*new_port), GFP_KERNEL); if (!new_port) return NULL; new_port->addr.client = client->number; new_port->addr.port = -1; new_port->owner = THIS_MODULE; sprintf(new_port->name, ""port-%d"", num); snd_use_lock_init(&new_port->use_lock); port_subs_info_init(&new_port->c_src); port_subs_info_init(&new_port->c_dest); num = port >= 0 ? port : 0; mutex_lock(&client->ports_mutex); write_lock_irqsave(&client->ports_lock, flags); list_for_each_entry(p, &client->ports_list_head, list) { if (p->addr.port > num) break; if (port < 0) num = p->addr.port + 1; } list_add_tail(&new_port->list, &p->list); client->num_ports++; new_port->addr.port = num; write_unlock_irqrestore(&client->ports_lock, flags); mutex_unlock(&client->ports_mutex); sprintf(new_port->name, ""port-%d"", num); return new_port; }",visit repo url,sound/core/seq/seq_ports.c,https://github.com/torvalds/linux,23764600262519,1 125,CWE-863,"static int do_misc_fixups(struct bpf_verifier_env *env) { struct bpf_prog *prog = env->prog; bool expect_blinding = bpf_jit_blinding_enabled(prog); struct bpf_insn *insn = prog->insnsi; const struct bpf_func_proto *fn; const int insn_cnt = prog->len; const struct bpf_map_ops *ops; struct bpf_insn_aux_data *aux; struct bpf_insn insn_buf[16]; struct bpf_prog *new_prog; struct bpf_map *map_ptr; int i, ret, cnt, delta = 0; for (i = 0; i < insn_cnt; i++, insn++) { if (insn->code == (BPF_ALU64 | BPF_MOD | BPF_X) || insn->code == (BPF_ALU64 | BPF_DIV | BPF_X) || insn->code == (BPF_ALU | BPF_MOD | BPF_X) || insn->code == (BPF_ALU | BPF_DIV | BPF_X)) { bool is64 = BPF_CLASS(insn->code) == BPF_ALU64; bool isdiv = BPF_OP(insn->code) == BPF_DIV; struct bpf_insn *patchlet; struct bpf_insn chk_and_div[] = { BPF_RAW_INSN((is64 ? BPF_JMP : BPF_JMP32) | BPF_JNE | BPF_K, insn->src_reg, 0, 2, 0), BPF_ALU32_REG(BPF_XOR, insn->dst_reg, insn->dst_reg), BPF_JMP_IMM(BPF_JA, 0, 0, 1), *insn, }; struct bpf_insn chk_and_mod[] = { BPF_RAW_INSN((is64 ? BPF_JMP : BPF_JMP32) | BPF_JEQ | BPF_K, insn->src_reg, 0, 1 + (is64 ? 0 : 1), 0), *insn, BPF_JMP_IMM(BPF_JA, 0, 0, 1), BPF_MOV32_REG(insn->dst_reg, insn->dst_reg), }; patchlet = isdiv ? chk_and_div : chk_and_mod; cnt = isdiv ? ARRAY_SIZE(chk_and_div) : ARRAY_SIZE(chk_and_mod) - (is64 ? 2 : 0); new_prog = bpf_patch_insn_data(env, i + delta, patchlet, cnt); if (!new_prog) return -ENOMEM; delta += cnt - 1; env->prog = prog = new_prog; insn = new_prog->insnsi + i + delta; continue; } if (BPF_CLASS(insn->code) == BPF_LD && (BPF_MODE(insn->code) == BPF_ABS || BPF_MODE(insn->code) == BPF_IND)) { cnt = env->ops->gen_ld_abs(insn, insn_buf); if (cnt == 0 || cnt >= ARRAY_SIZE(insn_buf)) { verbose(env, ""bpf verifier is misconfigured\n""); return -EINVAL; } new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) return -ENOMEM; delta += cnt - 1; env->prog = prog = new_prog; insn = new_prog->insnsi + i + delta; continue; } if (insn->code == (BPF_ALU64 | BPF_ADD | BPF_X) || insn->code == (BPF_ALU64 | BPF_SUB | BPF_X)) { const u8 code_add = BPF_ALU64 | BPF_ADD | BPF_X; const u8 code_sub = BPF_ALU64 | BPF_SUB | BPF_X; struct bpf_insn *patch = &insn_buf[0]; bool issrc, isneg; u32 off_reg; aux = &env->insn_aux_data[i + delta]; if (!aux->alu_state || aux->alu_state == BPF_ALU_NON_POINTER) continue; isneg = aux->alu_state & BPF_ALU_NEG_VALUE; issrc = (aux->alu_state & BPF_ALU_SANITIZE) == BPF_ALU_SANITIZE_SRC; off_reg = issrc ? insn->src_reg : insn->dst_reg; if (isneg) *patch++ = BPF_ALU64_IMM(BPF_MUL, off_reg, -1); *patch++ = BPF_MOV32_IMM(BPF_REG_AX, aux->alu_limit); *patch++ = BPF_ALU64_REG(BPF_SUB, BPF_REG_AX, off_reg); *patch++ = BPF_ALU64_REG(BPF_OR, BPF_REG_AX, off_reg); *patch++ = BPF_ALU64_IMM(BPF_NEG, BPF_REG_AX, 0); *patch++ = BPF_ALU64_IMM(BPF_ARSH, BPF_REG_AX, 63); *patch++ = BPF_ALU64_REG(BPF_AND, BPF_REG_AX, off_reg); if (!issrc) *patch++ = BPF_MOV64_REG(insn->dst_reg, insn->src_reg); insn->src_reg = BPF_REG_AX; if (isneg) insn->code = insn->code == code_add ? code_sub : code_add; *patch++ = *insn; if (issrc && isneg) *patch++ = BPF_ALU64_IMM(BPF_MUL, off_reg, -1); cnt = patch - insn_buf; new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) return -ENOMEM; delta += cnt - 1; env->prog = prog = new_prog; insn = new_prog->insnsi + i + delta; continue; } if (insn->code != (BPF_JMP | BPF_CALL)) continue; if (insn->src_reg == BPF_PSEUDO_CALL) continue; if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL) { ret = fixup_kfunc_call(env, insn); if (ret) return ret; continue; } if (insn->imm == BPF_FUNC_get_route_realm) prog->dst_needed = 1; if (insn->imm == BPF_FUNC_get_prandom_u32) bpf_user_rnd_init_once(); if (insn->imm == BPF_FUNC_override_return) prog->kprobe_override = 1; if (insn->imm == BPF_FUNC_tail_call) { prog->cb_access = 1; if (!allow_tail_call_in_subprogs(env)) prog->aux->stack_depth = MAX_BPF_STACK; prog->aux->max_pkt_offset = MAX_PACKET_OFF; insn->imm = 0; insn->code = BPF_JMP | BPF_TAIL_CALL; aux = &env->insn_aux_data[i + delta]; if (env->bpf_capable && !expect_blinding && prog->jit_requested && !bpf_map_key_poisoned(aux) && !bpf_map_ptr_poisoned(aux) && !bpf_map_ptr_unpriv(aux)) { struct bpf_jit_poke_descriptor desc = { .reason = BPF_POKE_REASON_TAIL_CALL, .tail_call.map = BPF_MAP_PTR(aux->map_ptr_state), .tail_call.key = bpf_map_key_immediate(aux), .insn_idx = i + delta, }; ret = bpf_jit_add_poke_descriptor(prog, &desc); if (ret < 0) { verbose(env, ""adding tail call poke descriptor failed\n""); return ret; } insn->imm = ret + 1; continue; } if (!bpf_map_ptr_unpriv(aux)) continue; if (bpf_map_ptr_poisoned(aux)) { verbose(env, ""tail_call abusing map_ptr\n""); return -EINVAL; } map_ptr = BPF_MAP_PTR(aux->map_ptr_state); insn_buf[0] = BPF_JMP_IMM(BPF_JGE, BPF_REG_3, map_ptr->max_entries, 2); insn_buf[1] = BPF_ALU32_IMM(BPF_AND, BPF_REG_3, container_of(map_ptr, struct bpf_array, map)->index_mask); insn_buf[2] = *insn; cnt = 3; new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) return -ENOMEM; delta += cnt - 1; env->prog = prog = new_prog; insn = new_prog->insnsi + i + delta; continue; } if (prog->jit_requested && BITS_PER_LONG == 64 && (insn->imm == BPF_FUNC_map_lookup_elem || insn->imm == BPF_FUNC_map_update_elem || insn->imm == BPF_FUNC_map_delete_elem || insn->imm == BPF_FUNC_map_push_elem || insn->imm == BPF_FUNC_map_pop_elem || insn->imm == BPF_FUNC_map_peek_elem || insn->imm == BPF_FUNC_redirect_map)) { aux = &env->insn_aux_data[i + delta]; if (bpf_map_ptr_poisoned(aux)) goto patch_call_imm; map_ptr = BPF_MAP_PTR(aux->map_ptr_state); ops = map_ptr->ops; if (insn->imm == BPF_FUNC_map_lookup_elem && ops->map_gen_lookup) { cnt = ops->map_gen_lookup(map_ptr, insn_buf); if (cnt == -EOPNOTSUPP) goto patch_map_ops_generic; if (cnt <= 0 || cnt >= ARRAY_SIZE(insn_buf)) { verbose(env, ""bpf verifier is misconfigured\n""); return -EINVAL; } new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) return -ENOMEM; delta += cnt - 1; env->prog = prog = new_prog; insn = new_prog->insnsi + i + delta; continue; } BUILD_BUG_ON(!__same_type(ops->map_lookup_elem, (void *(*)(struct bpf_map *map, void *key))NULL)); BUILD_BUG_ON(!__same_type(ops->map_delete_elem, (int (*)(struct bpf_map *map, void *key))NULL)); BUILD_BUG_ON(!__same_type(ops->map_update_elem, (int (*)(struct bpf_map *map, void *key, void *value, u64 flags))NULL)); BUILD_BUG_ON(!__same_type(ops->map_push_elem, (int (*)(struct bpf_map *map, void *value, u64 flags))NULL)); BUILD_BUG_ON(!__same_type(ops->map_pop_elem, (int (*)(struct bpf_map *map, void *value))NULL)); BUILD_BUG_ON(!__same_type(ops->map_peek_elem, (int (*)(struct bpf_map *map, void *value))NULL)); BUILD_BUG_ON(!__same_type(ops->map_redirect, (int (*)(struct bpf_map *map, u32 ifindex, u64 flags))NULL)); patch_map_ops_generic: switch (insn->imm) { case BPF_FUNC_map_lookup_elem: insn->imm = BPF_CAST_CALL(ops->map_lookup_elem) - __bpf_call_base; continue; case BPF_FUNC_map_update_elem: insn->imm = BPF_CAST_CALL(ops->map_update_elem) - __bpf_call_base; continue; case BPF_FUNC_map_delete_elem: insn->imm = BPF_CAST_CALL(ops->map_delete_elem) - __bpf_call_base; continue; case BPF_FUNC_map_push_elem: insn->imm = BPF_CAST_CALL(ops->map_push_elem) - __bpf_call_base; continue; case BPF_FUNC_map_pop_elem: insn->imm = BPF_CAST_CALL(ops->map_pop_elem) - __bpf_call_base; continue; case BPF_FUNC_map_peek_elem: insn->imm = BPF_CAST_CALL(ops->map_peek_elem) - __bpf_call_base; continue; case BPF_FUNC_redirect_map: insn->imm = BPF_CAST_CALL(ops->map_redirect) - __bpf_call_base; continue; } goto patch_call_imm; } if (prog->jit_requested && BITS_PER_LONG == 64 && insn->imm == BPF_FUNC_jiffies64) { struct bpf_insn ld_jiffies_addr[2] = { BPF_LD_IMM64(BPF_REG_0, (unsigned long)&jiffies), }; insn_buf[0] = ld_jiffies_addr[0]; insn_buf[1] = ld_jiffies_addr[1]; insn_buf[2] = BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0); cnt = 3; new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) return -ENOMEM; delta += cnt - 1; env->prog = prog = new_prog; insn = new_prog->insnsi + i + delta; continue; } patch_call_imm: fn = env->ops->get_func_proto(insn->imm, env->prog); if (!fn->func) { verbose(env, ""kernel subsystem misconfigured func %s#%d\n"", func_id_name(insn->imm), insn->imm); return -EFAULT; } insn->imm = fn->func - __bpf_call_base; } for (i = 0; i < prog->aux->size_poke_tab; i++) { map_ptr = prog->aux->poke_tab[i].tail_call.map; if (!map_ptr->ops->map_poke_track || !map_ptr->ops->map_poke_untrack || !map_ptr->ops->map_poke_run) { verbose(env, ""bpf verifier is misconfigured\n""); return -EINVAL; } ret = map_ptr->ops->map_poke_track(map_ptr, prog->aux); if (ret < 0) { verbose(env, ""tracking tail call prog failed\n""); return ret; } } sort_kfunc_descs_by_imm(env->prog); return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,218402057869755,1 5500,['CWE-476'],"static int kvm_vm_ioctl_set_nr_mmu_pages(struct kvm *kvm, u32 kvm_nr_mmu_pages) { if (kvm_nr_mmu_pages < KVM_MIN_ALLOC_MMU_PAGES) return -EINVAL; down_write(&kvm->slots_lock); kvm_mmu_change_mmu_pages(kvm, kvm_nr_mmu_pages); kvm->arch.n_requested_mmu_pages = kvm_nr_mmu_pages; up_write(&kvm->slots_lock); return 0; }",linux-2.6,,,294100999073750152536453166947309026440,0 6657,CWE-697,"ctcompare(const char *a, const char *b) { int result = 0; while (*a && *b) { result |= *a ^ *b; a ++; b ++; } return (result); }",visit repo url,scheduler/cert.c,https://github.com/OpenPrinting/cups,160586146450281,1 1281,[],"m4_m4exit (struct obstack *obs, int argc, token_data **argv) { int exit_code = EXIT_SUCCESS; bad_argc (argv[0], argc, 1, 2); if (argc >= 2 && !numeric_arg (argv[0], ARG (1), &exit_code)) exit_code = EXIT_FAILURE; if (exit_code < 0 || exit_code > 255) { M4ERROR ((warning_status, 0, ""exit status out of range: `%d'"", exit_code)); exit_code = EXIT_FAILURE; } debug_set_output (NULL); debug_flush_files (); if (exit_code == EXIT_SUCCESS && retcode != EXIT_SUCCESS) exit_code = retcode; if (exit_code != EXIT_SUCCESS) exit_failure = exit_code; exit (exit_code); }",m4,,,111567613718164153786674330050127482580,0 529,['CWE-399'],"static ssize_t store_pan_tilt(struct class_device *class_dev, const char *buf, size_t count) { struct pwc_device *pdev = cd_to_pwc(class_dev); int pan, tilt; int ret = -EINVAL; if (strncmp(buf, ""reset"", 5) == 0) ret = pwc_mpt_reset(pdev, 0x3); else if (sscanf(buf, ""%d %d"", &pan, &tilt) > 0) ret = pwc_mpt_set_angle(pdev, pan, tilt); if (ret < 0) return ret; return strlen(buf); }",linux-2.6,,,164911033334544709120465391425071090310,0 2571,CWE-119,"static int stellaris_enet_init(SysBusDevice *sbd) { DeviceState *dev = DEVICE(sbd); stellaris_enet_state *s = STELLARIS_ENET(dev); memory_region_init_io(&s->mmio, OBJECT(s), &stellaris_enet_ops, s, ""stellaris_enet"", 0x1000); sysbus_init_mmio(sbd, &s->mmio); sysbus_init_irq(sbd, &s->irq); qemu_macaddr_default_if_unset(&s->conf.macaddr); s->nic = qemu_new_nic(&net_stellaris_enet_info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s); qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); stellaris_enet_reset(s); register_savevm(dev, ""stellaris_enet"", -1, 1, stellaris_enet_save, stellaris_enet_load, s); return 0; }",visit repo url,hw/net/stellaris_enet.c,https://github.com/qemu/qemu,197126648119704,1 3181,CWE-125,"parserep(netdissect_options *ndo, register const struct sunrpc_msg *rp, register u_int length) { register const uint32_t *dp; u_int len; enum sunrpc_accept_stat astat; dp = ((const uint32_t *)&rp->rm_reply) + 1; ND_TCHECK(dp[1]); len = EXTRACT_32BITS(&dp[1]); if (len >= length) return (NULL); dp += (len + (2*sizeof(uint32_t) + 3)) / sizeof(uint32_t); ND_TCHECK2(dp[0], 0); astat = (enum sunrpc_accept_stat) EXTRACT_32BITS(dp); if (astat != SUNRPC_SUCCESS) { ND_PRINT((ndo, "" %s"", tok2str(sunrpc_str, ""ar_stat %d"", astat))); nfserr = 1; return (NULL); } ND_TCHECK2(*dp, sizeof(astat)); return ((const uint32_t *) (sizeof(astat) + ((const char *)dp))); trunc: return (0); }",visit repo url,print-nfs.c,https://github.com/the-tcpdump-group/tcpdump,174226443482717,1 2648,[],"static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_sack_info params; struct sctp_association *asoc = NULL; struct sctp_sock *sp = sctp_sk(sk); if (len >= sizeof(struct sctp_sack_info)) { len = sizeof(struct sctp_sack_info); if (copy_from_user(¶ms, optval, len)) return -EFAULT; } else if (len == sizeof(struct sctp_assoc_value)) { printk(KERN_WARNING ""SCTP: Use of struct sctp_sack_info "" ""in delayed_ack socket option deprecated\n""); printk(KERN_WARNING ""SCTP: struct sctp_sack_info instead\n""); if (copy_from_user(¶ms, optval, len)) return -EFAULT; } else return - EINVAL; asoc = sctp_id2assoc(sk, params.sack_assoc_id); if (!asoc && params.sack_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (asoc) { if (asoc->param_flags & SPP_SACKDELAY_ENABLE) { params.sack_delay = jiffies_to_msecs( asoc->sackdelay); params.sack_freq = asoc->sackfreq; } else { params.sack_delay = 0; params.sack_freq = 1; } } else { if (sp->param_flags & SPP_SACKDELAY_ENABLE) { params.sack_delay = sp->sackdelay; params.sack_freq = sp->sackfreq; } else { params.sack_delay = 0; params.sack_freq = 1; } } if (copy_to_user(optval, ¶ms, len)) return -EFAULT; if (put_user(len, optlen)) return -EFAULT; return 0; }",linux-2.6,,,162630573291546074601521378336422114047,0 5282,CWE-79,"static int oidc_session_redirect_parent_window_to_logout(request_rec *r, oidc_cfg *c) { oidc_debug(r, ""enter""); char *java_script = apr_psprintf(r->pool, "" \n"", oidc_get_redirect_uri(r, c)); return oidc_util_html_send(r, ""Redirecting..."", java_script, NULL, NULL, OK); }",visit repo url,src/mod_auth_openidc.c,https://github.com/zmartzone/mod_auth_openidc,78327271356552,1 6719,CWE-193,"char *url_canonize2(char *d, char const * const s, size_t n, unsigned syn33, unsigned m32, unsigned m64, unsigned m96) { size_t i = 0; if (d == s) for (;s[i] && i < n; d++, i++) if (s[i] == '%') break; for (;s[i] && i < n; d++, i++) { unsigned char c = s[i], h1, h2; if (c != '%') { if (!IS_SYN33(syn33, c) && IS_EXCLUDED(c, m32, m64, m96)) return NULL; *d = c; continue; } if (i >= strlen(s) - 1) return NULL; h1 = s[i + 1], h2 = s[i + 2]; if (!IS_HEX(h1) || !IS_HEX(h2)) { *d = '\0'; return NULL; } #define UNHEX(a) (a - (a >= 'a' ? 'a' - 10 : (a >= 'A' ? 'A' - 10 : '0'))) c = (UNHEX(h1) << 4) | UNHEX(h2); if (!IS_EXCLUDED(c, m32, m64, m96)) { *d = c, i += 2; continue; } if (h1 >= 'a' ) h1 = h1 - 'a' + 'A'; if (h2 >= 'a' ) h2 = h2 - 'a' + 'A'; d[0] = '%', d[1] = h1, d[2] = h2; d +=2, i += 2; #undef UNHEX } *d = '\0'; return d; }",visit repo url,libsofia-sip-ua/url/url.c,https://github.com/davehorton/sofia-sip,220959239264334,1 5530,['CWE-20'],"int huft_build(b, n, s, d, e, t, m) unsigned *b; unsigned n; unsigned s; ush *d; ush *e; struct huft **t; int *m; { unsigned a; unsigned c[BMAX+1]; unsigned f; int g; int h; register unsigned i; register unsigned j; register int k; int l; register unsigned *p; register struct huft *q; struct huft r; struct huft *u[BMAX]; unsigned v[N_MAX]; register int w; unsigned x[BMAX+1]; unsigned *xp; int y; unsigned z; memzero(c, sizeof(c)); p = b; i = n; do { Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? ""%c %d\n"" : ""0x%x %d\n""), n-i, *p)); c[*p]++; p++; } while (--i); if (c[0] == n) { q = (struct huft *) malloc (3 * sizeof *q); if (!q) return 3; hufts += 3; q[0].v.t = (struct huft *) NULL; q[1].e = 99; q[1].b = 1; q[2].e = 99; q[2].b = 1; *t = q + 1; *m = 1; return 0; } l = *m; for (j = 1; j <= BMAX; j++) if (c[j]) break; k = j; if ((unsigned)l < j) l = j; for (i = BMAX; i; i--) if (c[i]) break; g = i; if ((unsigned)l > i) l = i; *m = l; for (y = 1 << j; j < i; j++, y <<= 1) if ((y -= c[j]) < 0) return 2; if ((y -= c[i]) < 0) return 2; c[i] += y; x[1] = j = 0; p = c + 1; xp = x + 2; while (--i) { *xp++ = (j += *p++); } p = b; i = 0; do { if ((j = *p++) != 0) v[x[j]++] = i; } while (++i < n); n = x[g]; x[0] = i = 0; p = v; h = -1; w = -l; u[0] = (struct huft *)NULL; q = (struct huft *)NULL; z = 0; for (; k <= g; k++) { a = c[k]; while (a--) { while (k > w + l) { h++; w += l; z = (z = g - w) > (unsigned)l ? l : z; if ((f = 1 << (j = k - w)) > a + 1) { f -= a + 1; xp = c + k; if (j < z) while (++j < z) { if ((f <<= 1) <= *++xp) break; f -= *xp; } } z = 1 << j; if ((q = (struct huft *)malloc((z + 1)*sizeof(struct huft))) == (struct huft *)NULL) { if (h) huft_free(u[0]); return 3; } hufts += z + 1; *t = q + 1; *(t = &(q->v.t)) = (struct huft *)NULL; u[h] = ++q; if (h) { x[h] = i; r.b = (uch)l; r.e = (uch)(16 + j); r.v.t = q; j = i >> (w - l); u[h-1][j] = r; } } r.b = (uch)(k - w); if (p >= v + n) r.e = 99; else if (*p < s) { r.e = (uch)(*p < 256 ? 16 : 15); r.v.n = (ush)(*p); p++; } else { r.e = (uch)e[*p - s]; r.v.n = d[*p++ - s]; } f = 1 << (k - w); for (j = i >> w; j < z; j += f) q[j] = r; for (j = 1 << (k - 1); i & j; j >>= 1) i ^= j; i ^= j; while ((i & ((1 << w) - 1)) != x[h]) { h--; w -= l; } } } return y != 0 && g != 1; }",gzip,,,40435760655553370193381337376953302604,0 819,CWE-20,"static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int rc; pr_debug(""sock=%p sk=%p len=%zu flags=%d\n"", sock, sk, len, flags); skb = skb_recv_datagram(sk, flags, noblock, &rc); if (!skb) return rc; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); return rc ? : copied; }",visit repo url,net/nfc/rawsock.c,https://github.com/torvalds/linux,193439535934568,1 6545,CWE-190,"static inline struct htx_blk *htx_add_header(struct htx *htx, const struct ist name, const struct ist value) { struct htx_blk *blk; blk = htx_add_blk(htx, HTX_BLK_HDR, name.len + value.len); if (!blk) return NULL; blk->info += (value.len << 8) + name.len; ist2bin_lc(htx_get_blk_ptr(htx, blk), name); memcpy(htx_get_blk_ptr(htx, blk) + name.len, value.ptr, value.len); return blk; }",visit repo url,include/haproxy/htx.h,https://github.com/haproxy/haproxy,82185400231597,1 2187,CWE-416,"static inline void pipe_buf_get(struct pipe_inode_info *pipe, struct pipe_buffer *buf) { buf->ops->get(pipe, buf); }",visit repo url,include/linux/pipe_fs_i.h,https://github.com/torvalds/linux,198135745087450,1 1528,[],"set_table_entry(struct ctl_table *entry, const char *procname, void *data, int maxlen, mode_t mode, proc_handler *proc_handler) { entry->procname = procname; entry->data = data; entry->maxlen = maxlen; entry->mode = mode; entry->proc_handler = proc_handler; }",linux-2.6,,,97223423330511119093503277499929078229,0 3931,CWE-416,"do_ecmd( int fnum, char_u *ffname, char_u *sfname, exarg_T *eap, linenr_T newlnum, int flags, win_T *oldwin) { int other_file; int oldbuf; int auto_buf = FALSE; char_u *new_name = NULL; #if defined(FEAT_EVAL) int did_set_swapcommand = FALSE; #endif buf_T *buf; bufref_T bufref; bufref_T old_curbuf; char_u *free_fname = NULL; #ifdef FEAT_BROWSE char_u dot_path[] = "".""; char_u *browse_file = NULL; #endif int retval = FAIL; long n; pos_T orig_pos; linenr_T topline = 0; int newcol = -1; int solcol = -1; pos_T *pos; char_u *command = NULL; #ifdef FEAT_SPELL int did_get_winopts = FALSE; #endif int readfile_flags = 0; int did_inc_redrawing_disabled = FALSE; long *so_ptr = curwin->w_p_so >= 0 ? &curwin->w_p_so : &p_so; #ifdef FEAT_PROP_POPUP if (ERROR_IF_TERM_POPUP_WINDOW) return FAIL; #endif if (eap != NULL) command = eap->do_ecmd_cmd; set_bufref(&old_curbuf, curbuf); if (fnum != 0) { if (fnum == curbuf->b_fnum) return OK; other_file = TRUE; } else { #ifdef FEAT_BROWSE if ((cmdmod.cmod_flags & CMOD_BROWSE) && !exiting) { if ( # ifdef FEAT_GUI !gui.in_use && # endif au_has_group((char_u *)""FileExplorer"")) { if (ffname == NULL || !mch_isdir(ffname)) ffname = dot_path; } else { browse_file = do_browse(0, (char_u *)_(""Edit File""), ffname, NULL, NULL, NULL, curbuf); if (browse_file == NULL) goto theend; ffname = browse_file; } } #endif if (sfname == NULL) sfname = ffname; #ifdef USE_FNAME_CASE if (sfname != NULL) fname_case(sfname, 0); #endif if ((flags & (ECMD_ADDBUF | ECMD_ALTBUF)) && (ffname == NULL || *ffname == NUL)) goto theend; if (ffname == NULL) other_file = TRUE; else if (*ffname == NUL && curbuf->b_ffname == NULL) other_file = FALSE; else { if (*ffname == NUL) { ffname = curbuf->b_ffname; sfname = curbuf->b_fname; } free_fname = fix_fname(ffname); if (free_fname != NULL) ffname = free_fname; other_file = otherfile(ffname); } } if ( ((!other_file && !(flags & ECMD_OLDBUF)) || (curbuf->b_nwindows == 1 && !(flags & (ECMD_HIDE | ECMD_ADDBUF | ECMD_ALTBUF)))) && check_changed(curbuf, (p_awa ? CCGD_AW : 0) | (other_file ? 0 : CCGD_MULTWIN) | ((flags & ECMD_FORCEIT) ? CCGD_FORCEIT : 0) | (eap == NULL ? 0 : CCGD_EXCMD))) { if (fnum == 0 && other_file && ffname != NULL) (void)setaltfname(ffname, sfname, newlnum < 0 ? 0 : newlnum); goto theend; } reset_VIsual(); #if defined(FEAT_EVAL) if ((command != NULL || newlnum > (linenr_T)0) && *get_vim_var_str(VV_SWAPCOMMAND) == NUL) { int len; char_u *p; if (command != NULL) len = (int)STRLEN(command) + 3; else len = 30; p = alloc(len); if (p != NULL) { if (command != NULL) vim_snprintf((char *)p, len, "":%s\r"", command); else vim_snprintf((char *)p, len, ""%ldG"", (long)newlnum); set_vim_var_string(VV_SWAPCOMMAND, p, -1); did_set_swapcommand = TRUE; vim_free(p); } } #endif if (other_file) { int prev_alt_fnum = curwin->w_alt_fnum; if (!(flags & (ECMD_ADDBUF | ECMD_ALTBUF))) { if ((cmdmod.cmod_flags & CMOD_KEEPALT) == 0) curwin->w_alt_fnum = curbuf->b_fnum; if (oldwin != NULL) buflist_altfpos(oldwin); } if (fnum) buf = buflist_findnr(fnum); else { if (flags & (ECMD_ADDBUF | ECMD_ALTBUF)) { linenr_T tlnum = 0; buf_T *newbuf; if (command != NULL) { tlnum = atol((char *)command); if (tlnum <= 0) tlnum = 1L; } newbuf = buflist_new(ffname, sfname, tlnum, BLN_LISTED | BLN_NOCURWIN); if (newbuf != NULL) { if (flags & ECMD_ALTBUF) curwin->w_alt_fnum = newbuf->b_fnum; if (tlnum > 0) newbuf->b_last_cursor.lnum = tlnum; } goto theend; } buf = buflist_new(ffname, sfname, 0L, BLN_CURBUF | ((flags & ECMD_SET_HELP) ? 0 : BLN_LISTED)); if (oldwin != NULL) oldwin = curwin; set_bufref(&old_curbuf, curbuf); } if (buf == NULL) goto theend; if (curwin->w_alt_fnum == buf->b_fnum && prev_alt_fnum != 0) curwin->w_alt_fnum = prev_alt_fnum; if (buf->b_ml.ml_mfp == NULL) { oldbuf = FALSE; } else { oldbuf = TRUE; set_bufref(&bufref, buf); (void)buf_check_timestamp(buf, FALSE); if (!bufref_valid(&bufref) || curbuf != old_curbuf.br_buf) goto theend; #ifdef FEAT_EVAL if (aborting()) goto theend; #endif } if ((oldbuf && newlnum == ECMD_LASTL) || newlnum == ECMD_LAST) { pos = buflist_findfpos(buf); newlnum = pos->lnum; solcol = pos->col; } if (buf != curbuf) { bufref_T save_au_new_curbuf; int save_cmdwin_type = cmdwin_type; cmdwin_type = 0; if (buf->b_fname != NULL) new_name = vim_strsave(buf->b_fname); save_au_new_curbuf = au_new_curbuf; set_bufref(&au_new_curbuf, buf); apply_autocmds(EVENT_BUFLEAVE, NULL, NULL, FALSE, curbuf); cmdwin_type = save_cmdwin_type; if (!bufref_valid(&au_new_curbuf)) { delbuf_msg(new_name); au_new_curbuf = save_au_new_curbuf; goto theend; } #ifdef FEAT_EVAL if (aborting()) { vim_free(new_name); au_new_curbuf = save_au_new_curbuf; goto theend; } #endif if (buf == curbuf) auto_buf = TRUE; else { win_T *the_curwin = curwin; int did_decrement; buf_T *was_curbuf = curbuf; the_curwin->w_closing = TRUE; ++buf->b_locked; if (curbuf == old_curbuf.br_buf) buf_copy_options(buf, BCO_ENTER); u_sync(FALSE); did_decrement = close_buffer(oldwin, curbuf, (flags & ECMD_HIDE) ? 0 : DOBUF_UNLOAD, FALSE, FALSE); if (win_valid(the_curwin)) the_curwin->w_closing = FALSE; --buf->b_locked; #ifdef FEAT_EVAL if (aborting() && curwin->w_buffer != NULL) { vim_free(new_name); au_new_curbuf = save_au_new_curbuf; goto theend; } #endif if (!bufref_valid(&au_new_curbuf)) { delbuf_msg(new_name); au_new_curbuf = save_au_new_curbuf; goto theend; } if (buf == curbuf) { if (did_decrement && buf_valid(was_curbuf)) ++was_curbuf->b_nwindows; if (win_valid_any_tab(oldwin) && oldwin->w_buffer == NULL) oldwin->w_buffer = was_curbuf; auto_buf = TRUE; } else { #ifdef FEAT_SYN_HL if (curwin->w_buffer == NULL || curwin->w_s == &(curwin->w_buffer->b_s)) curwin->w_s = &(buf->b_s); #endif curwin->w_buffer = buf; curbuf = buf; ++curbuf->b_nwindows; if (!oldbuf && eap != NULL) { set_file_options(TRUE, eap); set_forced_fenc(eap); } } get_winopts(curbuf); #ifdef FEAT_SPELL did_get_winopts = TRUE; #endif } vim_free(new_name); au_new_curbuf = save_au_new_curbuf; } curwin->w_pcmark.lnum = 1; curwin->w_pcmark.col = 0; } else { if ((flags & (ECMD_ADDBUF | ECMD_ALTBUF)) || check_fname() == FAIL) goto theend; oldbuf = (flags & ECMD_OLDBUF); } ++RedrawingDisabled; did_inc_redrawing_disabled = TRUE; buf = curbuf; if ((flags & ECMD_SET_HELP) || keep_help_flag) { prepare_help_buffer(); } else { if (!curbuf->b_help) set_buflisted(TRUE); } if (buf != curbuf) goto theend; #ifdef FEAT_EVAL if (aborting()) goto theend; #endif did_filetype = FALSE; if (!other_file && !oldbuf) { set_last_cursor(curwin); if (newlnum == ECMD_LAST || newlnum == ECMD_LASTL) { newlnum = curwin->w_cursor.lnum; solcol = curwin->w_cursor.col; } buf = curbuf; if (buf->b_fname != NULL) new_name = vim_strsave(buf->b_fname); else new_name = NULL; set_bufref(&bufref, buf); if (!(curbuf->b_flags & BF_NEVERLOADED) && (p_ur < 0 || curbuf->b_ml.ml_line_count <= p_ur)) { u_sync(FALSE); if (u_savecommon(0, curbuf->b_ml.ml_line_count + 1, 0, TRUE) == FAIL) { vim_free(new_name); goto theend; } u_unchanged(curbuf); buf_freeall(curbuf, BFA_KEEP_UNDO); readfile_flags = READ_KEEP_UNDO; } else buf_freeall(curbuf, 0); if (!bufref_valid(&bufref)) { delbuf_msg(new_name); goto theend; } vim_free(new_name); if (buf != curbuf) goto theend; #ifdef FEAT_EVAL if (aborting()) goto theend; #endif buf_clear_file(curbuf); curbuf->b_op_start.lnum = 0; curbuf->b_op_end.lnum = 0; } retval = OK; if (!other_file) curbuf->b_flags &= ~BF_NOTEDITED; check_arg_idx(curwin); if (!auto_buf) { curwin_init(); #ifdef FEAT_FOLDING { win_T *win; tabpage_T *tp; FOR_ALL_TAB_WINDOWS(tp, win) if (win->w_buffer == curbuf) foldUpdateAll(win); } #endif DO_AUTOCHDIR; orig_pos = curwin->w_cursor; topline = curwin->w_topline; if (!oldbuf) { #ifdef FEAT_PROP_POPUP if (WIN_IS_POPUP(curwin)) curbuf->b_flags |= BF_NO_SEA; #endif swap_exists_action = SEA_DIALOG; curbuf->b_flags |= BF_CHECK_RO; if (flags & ECMD_NOWINENTER) readfile_flags |= READ_NOWINENTER; #if defined(FEAT_EVAL) if (should_abort(open_buffer(FALSE, eap, readfile_flags))) retval = FAIL; #else (void)open_buffer(FALSE, eap, readfile_flags); #endif #ifdef FEAT_PROP_POPUP curbuf->b_flags &= ~BF_NO_SEA; #endif if (swap_exists_action == SEA_QUIT) retval = FAIL; handle_swap_exists(&old_curbuf); } else { do_modelines(OPT_WINONLY); apply_autocmds_retval(EVENT_BUFENTER, NULL, NULL, FALSE, curbuf, &retval); if ((flags & ECMD_NOWINENTER) == 0) apply_autocmds_retval(EVENT_BUFWINENTER, NULL, NULL, FALSE, curbuf, &retval); } check_arg_idx(curwin); if (!EQUAL_POS(curwin->w_cursor, orig_pos)) { char_u *text = ml_get_curline(); if (curwin->w_cursor.lnum != orig_pos.lnum || curwin->w_cursor.col != (int)(skipwhite(text) - text)) { newlnum = curwin->w_cursor.lnum; newcol = curwin->w_cursor.col; } } if (curwin->w_topline == topline) topline = 0; changed_line_abv_curs(); maketitle(); #if defined(FEAT_PROP_POPUP) && defined(FEAT_QUICKFIX) if (WIN_IS_POPUP(curwin) && curwin->w_p_pvw && retval != FAIL) popup_set_title(curwin); #endif } #ifdef FEAT_DIFF if (curwin->w_p_diff) { diff_buf_add(curbuf); diff_invalidate(curbuf); } #endif #ifdef FEAT_SPELL if (did_get_winopts && curwin->w_p_spell && *curwin->w_s->b_p_spl != NUL) (void)parse_spelllang(curwin); #endif if (command == NULL) { if (newcol >= 0) { curwin->w_cursor.lnum = newlnum; curwin->w_cursor.col = newcol; check_cursor(); } else if (newlnum > 0) { curwin->w_cursor.lnum = newlnum; check_cursor_lnum(); if (solcol >= 0 && !p_sol) { curwin->w_cursor.col = solcol; check_cursor_col(); curwin->w_cursor.coladd = 0; curwin->w_set_curswant = TRUE; } else beginline(BL_SOL | BL_FIX); } else { if (exmode_active) curwin->w_cursor.lnum = curbuf->b_ml.ml_line_count; beginline(BL_WHITE | BL_FIX); } } check_lnums(FALSE); if (oldbuf && !auto_buf) { int msg_scroll_save = msg_scroll; if (shortmess(SHM_OVERALL) && !exiting && p_verbose == 0) msg_scroll = FALSE; if (!msg_scroll) check_for_delay(FALSE); msg_start(); msg_scroll = msg_scroll_save; msg_scrolled_ign = TRUE; if (!shortmess(SHM_FILEINFO)) fileinfo(FALSE, TRUE, FALSE); msg_scrolled_ign = FALSE; } #ifdef FEAT_VIMINFO curbuf->b_last_used = vim_time(); #endif if (command != NULL) do_cmdline(command, NULL, NULL, DOCMD_VERBOSE|DOCMD_RANGEOK); #ifdef FEAT_KEYMAP if (curbuf->b_kmap_state & KEYMAP_INIT) (void)keymap_init(); #endif if (RedrawingDisabled > 0) --RedrawingDisabled; did_inc_redrawing_disabled = FALSE; if (!skip_redraw) { n = *so_ptr; if (topline == 0 && command == NULL) *so_ptr = 9999; update_topline(); curwin->w_scbind_pos = curwin->w_topline; *so_ptr = n; redraw_curbuf_later(UPD_NOT_VALID); } if (p_im && (State & MODE_INSERT) == 0) need_start_insertmode = TRUE; #ifdef FEAT_AUTOCHDIR if (p_acd && curbuf->b_ffname != NULL) { char_u curdir[MAXPATHL]; char_u filedir[MAXPATHL]; vim_strncpy(filedir, curbuf->b_ffname, MAXPATHL - 1); *gettail_sep(filedir) = NUL; if (mch_dirname(curdir, MAXPATHL) != FAIL && vim_fnamecmp(curdir, filedir) != 0) do_autochdir(); } #endif #if defined(FEAT_NETBEANS_INTG) if (curbuf->b_ffname != NULL) { # ifdef FEAT_NETBEANS_INTG if ((flags & ECMD_SET_HELP) != ECMD_SET_HELP) netbeans_file_opened(curbuf); # endif } #endif theend: if (did_inc_redrawing_disabled && RedrawingDisabled > 0) --RedrawingDisabled; #if defined(FEAT_EVAL) if (did_set_swapcommand) set_vim_var_string(VV_SWAPCOMMAND, NULL, -1); #endif #ifdef FEAT_BROWSE vim_free(browse_file); #endif vim_free(free_fname); return retval; }",visit repo url,src/ex_cmds.c,https://github.com/vim/vim,246501783843218,1 4105,CWE-119,"void Huff_offsetTransmit (huff_t *huff, int ch, byte *fout, int *offset) { bloc = *offset; send(huff->loc[ch], NULL, fout); *offset = bloc; }",visit repo url,code/qcommon/huffman.c,https://github.com/ioquake/ioq3,180356778272416,1 6715,['CWE-310'],"wireless_dialog_response_cb (GtkDialog *foo, gint response, gpointer user_data) { NMAWirelessDialog *dialog = NMA_WIRELESS_DIALOG (foo); NMApplet *applet = NM_APPLET (user_data); NMConnection *connection = NULL, *fuzzy_match = NULL; NMDevice *device = NULL; NMAccessPoint *ap = NULL; NMAGConfConnection *gconf_connection; const char *service = NM_DBUS_SERVICE_USER_SETTINGS; if (response != GTK_RESPONSE_OK) goto done; if (!nma_wireless_dialog_get_nag_ignored (dialog)) { GtkWidget *nag_dialog; nag_dialog = nma_wireless_dialog_nag_user (dialog); if (nag_dialog) { gtk_window_set_transient_for (GTK_WINDOW (nag_dialog), GTK_WINDOW (dialog)); g_signal_connect (nag_dialog, ""response"", G_CALLBACK (nag_dialog_response_cb), dialog); return; } } connection = nma_wireless_dialog_get_connection (dialog, &device, &ap); g_assert (connection); g_assert (device); if (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_SYSTEM) { service = NM_DBUS_SERVICE_SYSTEM_SETTINGS; goto activate; } gconf_connection = nma_gconf_settings_get_by_connection (applet->gconf_settings, connection); if (gconf_connection) { nma_gconf_connection_save (gconf_connection); } else { GSList *all, *iter; all = applet_get_all_connections (applet); for (iter = all; iter; iter = g_slist_next (iter)) { if (nm_connection_compare (connection, NM_CONNECTION (iter->data), (NM_SETTING_COMPARE_FLAG_FUZZY | NM_SETTING_COMPARE_FLAG_IGNORE_ID))) { fuzzy_match = g_object_ref (NM_CONNECTION (iter->data)); break; } } g_slist_free (all); if (fuzzy_match) { if (nm_connection_get_scope (fuzzy_match) == NM_CONNECTION_SCOPE_SYSTEM) { } else { NMSettingWirelessSecurity *s_wireless_sec; s_wireless_sec = NM_SETTING_WIRELESS_SECURITY (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY)); if (s_wireless_sec) { GHashTable *hash; NMSetting *dup_setting; hash = nm_setting_to_hash (NM_SETTING (s_wireless_sec)); dup_setting = nm_setting_new_from_hash (NM_TYPE_SETTING_WIRELESS_SECURITY, hash); g_hash_table_destroy (hash); nm_connection_add_setting (fuzzy_match, dup_setting); } } g_object_unref (connection); connection = g_object_ref (fuzzy_match); } else { NMSettingConnection *s_con; char *id; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); id = (char *) nm_setting_connection_get_id (s_con); if (!id) { NMSettingWireless *s_wireless; const GByteArray *ssid; const char *mode; s_wireless = NM_SETTING_WIRELESS (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS)); ssid = nm_setting_wireless_get_ssid (s_wireless); id = nm_utils_ssid_to_utf8 ((const char *) ssid->data, ssid->len); g_object_set (s_con, NM_SETTING_CONNECTION_ID, id, NULL); g_free (id); mode = nm_setting_wireless_get_mode (s_wireless); if (!mode || !strcmp (mode, ""infrastructure"")) g_object_set (s_con, NM_SETTING_CONNECTION_AUTOCONNECT, TRUE, NULL); } gconf_connection = nma_gconf_settings_add_connection (applet->gconf_settings, connection); if (!gconf_connection) { nm_warning (""Couldn't create other network connection.""); goto done; } } } activate: nm_client_activate_connection (applet->nm_client, service, nm_connection_get_path (connection), device, ap ? nm_object_get_path (NM_OBJECT (ap)) : NULL, activate_device_cb, applet); done: if (connection) g_object_unref (connection); gtk_widget_hide (GTK_WIDGET (dialog)); gtk_widget_destroy (GTK_WIDGET (dialog)); }",network-manager-applet,,,226685837038415771013952911970758685094,0 1923,['CWE-20'],"void pgd_clear_bad(pgd_t *pgd) { pgd_ERROR(*pgd); pgd_clear(pgd); }",linux-2.6,,,313037044480901233814376681951950672872,0 2232,['CWE-193'],"static void shrink_readahead_size_eio(struct file *filp, struct file_ra_state *ra) { if (!ra->ra_pages) return; ra->ra_pages /= 4; }",linux-2.6,,,131854324328610216575820636952032804413,0 2010,['CWE-269'],"void set_fs_root(struct fs_struct *fs, struct vfsmount *mnt, struct dentry *dentry) { struct dentry *old_root; struct vfsmount *old_rootmnt; write_lock(&fs->lock); old_root = fs->root; old_rootmnt = fs->rootmnt; fs->rootmnt = mntget(mnt); fs->root = dget(dentry); write_unlock(&fs->lock); if (old_root) { dput(old_root); mntput(old_rootmnt); } }",linux-2.6,,,156841103454849393300889125970694898970,0 3067,CWE-787,"char *string_crypt(const char *key, const char *salt) { assertx(key); assertx(salt); char random_salt[12]; if (!*salt) { memcpy(random_salt,""$1$"",3); ito64(random_salt+3,rand(),8); random_salt[11] = '\0'; return string_crypt(key, random_salt); } auto const saltLen = strlen(salt); if ((saltLen > sizeof(""$2X$00$"")) && (salt[0] == '$') && (salt[1] == '2') && (salt[2] >= 'a') && (salt[2] <= 'z') && (salt[3] == '$') && (salt[4] >= '0') && (salt[4] <= '3') && (salt[5] >= '0') && (salt[5] <= '9') && (salt[6] == '$')) { char output[61]; static constexpr size_t maxSaltLength = 123; char paddedSalt[maxSaltLength + 1]; paddedSalt[0] = paddedSalt[maxSaltLength] = '\0'; memset(&paddedSalt[1], '$', maxSaltLength - 1); memcpy(paddedSalt, salt, std::min(maxSaltLength, saltLen)); paddedSalt[saltLen] = '\0'; if (php_crypt_blowfish_rn(key, paddedSalt, output, sizeof(output))) { return strdup(output); } } else { #ifdef USE_PHP_CRYPT_R return php_crypt_r(key, salt); #else static Mutex mutex; Lock lock(mutex); char *crypt_res = crypt(key,salt); if (crypt_res) { return strdup(crypt_res); } #endif } return ((salt[0] == '*') && (salt[1] == '0')) ? strdup(""*1"") : strdup(""*0""); }",visit repo url,hphp/zend/zend-string.cpp,https://github.com/facebook/hhvm,171278930242578,1 6233,['CWE-200'],"void wireless_spy_update(struct net_device * dev, unsigned char * address, struct iw_quality * wstats) { struct iw_spy_data * spydata = get_spydata(dev); int i; int match = -1; if(!spydata) return; #ifdef WE_SPY_DEBUG printk(KERN_DEBUG ""wireless_spy_update() : offset %ld, spydata %p, address %02X:%02X:%02X:%02X:%02X:%02X\n"", dev->wireless_handlers->spy_offset, spydata, address[0], address[1], address[2], address[3], address[4], address[5]); #endif for(i = 0; i < spydata->spy_number; i++) if(!memcmp(address, spydata->spy_address[i], ETH_ALEN)) { memcpy(&(spydata->spy_stat[i]), wstats, sizeof(struct iw_quality)); match = i; } if(match >= 0) { if(spydata->spy_thr_under[match]) { if(wstats->level > spydata->spy_thr_high.level) { spydata->spy_thr_under[match] = 0; iw_send_thrspy_event(dev, spydata, address, wstats); } } else { if(wstats->level < spydata->spy_thr_low.level) { spydata->spy_thr_under[match] = 1; iw_send_thrspy_event(dev, spydata, address, wstats); } } } }",linux-2.6,,,140616274045403093851604917342110530452,0 2261,NVD-CWE-Other,"struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user) { struct sk_buff *clone; struct net_device *dev = skb->dev; struct frag_hdr *fhdr; struct nf_ct_frag6_queue *fq; struct ipv6hdr *hdr; int fhoff, nhoff; u8 prevhdr; struct sk_buff *ret_skb = NULL; if (ipv6_hdr(skb)->payload_len == 0) { pr_debug(""payload len = 0\n""); return skb; } if (find_prev_fhdr(skb, &prevhdr, &nhoff, &fhoff) < 0) return skb; clone = skb_clone(skb, GFP_ATOMIC); if (clone == NULL) { pr_debug(""Can't clone skb\n""); return skb; } NFCT_FRAG6_CB(clone)->orig = skb; if (!pskb_may_pull(clone, fhoff + sizeof(*fhdr))) { pr_debug(""message is too short.\n""); goto ret_orig; } skb_set_transport_header(clone, fhoff); hdr = ipv6_hdr(clone); fhdr = (struct frag_hdr *)skb_transport_header(clone); if (!(fhdr->frag_off & htons(0xFFF9))) { pr_debug(""Invalid fragment offset\n""); goto ret_orig; } if (atomic_read(&nf_init_frags.mem) > nf_init_frags.high_thresh) nf_ct_frag6_evictor(); fq = fq_find(fhdr->identification, user, &hdr->saddr, &hdr->daddr); if (fq == NULL) { pr_debug(""Can't find and can't create new queue\n""); goto ret_orig; } spin_lock_bh(&fq->q.lock); if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) { spin_unlock_bh(&fq->q.lock); pr_debug(""Can't insert skb to queue\n""); fq_put(fq); goto ret_orig; } if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && fq->q.meat == fq->q.len) { ret_skb = nf_ct_frag6_reasm(fq, dev); if (ret_skb == NULL) pr_debug(""Can't reassemble fragmented packets\n""); } spin_unlock_bh(&fq->q.lock); fq_put(fq); return ret_skb; ret_orig: kfree_skb(clone); return skb; }",visit repo url,net/ipv6/netfilter/nf_conntrack_reasm.c,https://github.com/torvalds/linux,147903532346974,1 4852,['CWE-189'],"int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry) { struct ecryptfs_crypt_stat *crypt_stat = &ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat; struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private( ecryptfs_dentry->d_sb)->mount_crypt_stat; int cipher_name_len; int rc = 0; ecryptfs_set_default_crypt_stat_vals(crypt_stat, mount_crypt_stat); crypt_stat->flags |= (ECRYPTFS_ENCRYPTED | ECRYPTFS_KEY_VALID); ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, mount_crypt_stat); rc = ecryptfs_copy_mount_wide_sigs_to_inode_sigs(crypt_stat, mount_crypt_stat); if (rc) { printk(KERN_ERR ""Error attempting to copy mount-wide key sigs "" ""to the inode key sigs; rc = [%d]\n"", rc); goto out; } cipher_name_len = strlen(mount_crypt_stat->global_default_cipher_name); memcpy(crypt_stat->cipher, mount_crypt_stat->global_default_cipher_name, cipher_name_len); crypt_stat->cipher[cipher_name_len] = '\0'; crypt_stat->key_size = mount_crypt_stat->global_default_cipher_key_size; ecryptfs_generate_new_key(crypt_stat); rc = ecryptfs_init_crypt_ctx(crypt_stat); if (rc) ecryptfs_printk(KERN_ERR, ""Error initializing cryptographic "" ""context for cipher [%s]: rc = [%d]\n"", crypt_stat->cipher, rc); out: return rc; }",linux-2.6,,,317666200339354240452312549417284074317,0 2388,CWE-190,"static int build_open_gop_key_points(AVStream *st) { int k; int sample_id = 0; uint32_t cra_index; MOVStreamContext *sc = st->priv_data; if (st->codecpar->codec_id != AV_CODEC_ID_HEVC || !sc->sync_group_count) return 0; sc->sample_offsets_count = 0; for (uint32_t i = 0; i < sc->ctts_count; i++) sc->sample_offsets_count += sc->ctts_data[i].count; av_freep(&sc->sample_offsets); sc->sample_offsets = av_calloc(sc->sample_offsets_count, sizeof(*sc->sample_offsets)); if (!sc->sample_offsets) return AVERROR(ENOMEM); k = 0; for (uint32_t i = 0; i < sc->ctts_count; i++) for (int j = 0; j < sc->ctts_data[i].count; j++) sc->sample_offsets[k++] = sc->ctts_data[i].duration; cra_index = get_sgpd_sync_index(sc, HEVC_NAL_CRA_NUT); if (!cra_index) return 0; sc->open_key_samples_count = 0; for (uint32_t i = 0; i < sc->sync_group_count; i++) if (sc->sync_group[i].index == cra_index) sc->open_key_samples_count += sc->sync_group[i].count; av_freep(&sc->open_key_samples); sc->open_key_samples = av_calloc(sc->open_key_samples_count, sizeof(*sc->open_key_samples)); if (!sc->open_key_samples) return AVERROR(ENOMEM); k = 0; for (uint32_t i = 0; i < sc->sync_group_count; i++) { const MOVSbgp *sg = &sc->sync_group[i]; if (sg->index == cra_index) for (uint32_t j = 0; j < sg->count; j++) sc->open_key_samples[k++] = sample_id; sample_id += sg->count; } sc->min_sample_duration = UINT_MAX; for (uint32_t i = 0; i < sc->stts_count; i++) sc->min_sample_duration = FFMIN(sc->min_sample_duration, sc->stts_data[i].duration); return 0; }",visit repo url,libavformat/mov.c,https://github.com/FFmpeg/FFmpeg,111917582519137,1 4043,['CWE-362'],"static void audit_list_rules(int pid, int seq, struct sk_buff_head *q) { struct sk_buff *skb; struct audit_entry *e; int i; for (i=0; irule); if (unlikely(!data)) break; skb = audit_make_reply(pid, seq, AUDIT_LIST_RULES, 0, 1, data, sizeof(*data) + data->buflen); if (skb) skb_queue_tail(q, skb); kfree(data); } } for (i=0; i< AUDIT_INODE_BUCKETS; i++) { list_for_each_entry(e, &audit_inode_hash[i], list) { struct audit_rule_data *data; data = audit_krule_to_data(&e->rule); if (unlikely(!data)) break; skb = audit_make_reply(pid, seq, AUDIT_LIST_RULES, 0, 1, data, sizeof(*data) + data->buflen); if (skb) skb_queue_tail(q, skb); kfree(data); } } skb = audit_make_reply(pid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0); if (skb) skb_queue_tail(q, skb); }",linux-2.6,,,269623184076403442724347213038600442349,0 1646,CWE-362,"static int ext4_dax_fault(struct vm_area_struct *vma, struct vm_fault *vmf) { int result; handle_t *handle = NULL; struct super_block *sb = file_inode(vma->vm_file)->i_sb; bool write = vmf->flags & FAULT_FLAG_WRITE; if (write) { sb_start_pagefault(sb); file_update_time(vma->vm_file); handle = ext4_journal_start_sb(sb, EXT4_HT_WRITE_PAGE, EXT4_DATA_TRANS_BLOCKS(sb)); } if (IS_ERR(handle)) result = VM_FAULT_SIGBUS; else result = __dax_fault(vma, vmf, ext4_get_block_dax, ext4_end_io_unwritten); if (write) { if (!IS_ERR(handle)) ext4_journal_stop(handle); sb_end_pagefault(sb); } return result; }",visit repo url,fs/ext4/file.c,https://github.com/torvalds/linux,72434060486014,1 4260,['CWE-119'],"sctp_disposition_t sctp_sf_t1_cookie_timer_expire(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *repl = NULL; int attempts = asoc->init_err_counter + 1; SCTP_DEBUG_PRINTK(""Timer T1 expired (COOKIE-ECHO).\n""); SCTP_INC_STATS(SCTP_MIB_T1_COOKIE_EXPIREDS); if (attempts <= asoc->max_init_attempts) { repl = sctp_make_cookie_echo(asoc, NULL); if (!repl) return SCTP_DISPOSITION_NOMEM; sctp_add_cmd_sf(commands, SCTP_CMD_INIT_CHOOSE_TRANSPORT, SCTP_CHUNK(repl)); sctp_add_cmd_sf(commands, SCTP_CMD_COOKIEECHO_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); } else { sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ETIMEDOUT)); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, SCTP_PERR(SCTP_ERROR_NO_ERROR)); return SCTP_DISPOSITION_DELETE_TCB; } return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,3996349522964129005830471147087904786,0 398,CWE-20,"static void __munlock_pagevec(struct pagevec *pvec, struct zone *zone) { int i; int nr = pagevec_count(pvec); int delta_munlocked; struct pagevec pvec_putback; int pgrescued = 0; pagevec_init(&pvec_putback, 0); spin_lock_irq(zone_lru_lock(zone)); for (i = 0; i < nr; i++) { struct page *page = pvec->pages[i]; if (TestClearPageMlocked(page)) { if (__munlock_isolate_lru_page(page, false)) continue; else __munlock_isolation_failed(page); } pagevec_add(&pvec_putback, pvec->pages[i]); pvec->pages[i] = NULL; } delta_munlocked = -nr + pagevec_count(&pvec_putback); __mod_zone_page_state(zone, NR_MLOCK, delta_munlocked); spin_unlock_irq(zone_lru_lock(zone)); pagevec_release(&pvec_putback); for (i = 0; i < nr; i++) { struct page *page = pvec->pages[i]; if (page) { lock_page(page); if (!__putback_lru_fast_prepare(page, &pvec_putback, &pgrescued)) { get_page(page); __munlock_isolated_page(page); unlock_page(page); put_page(page); } } } if (pagevec_count(&pvec_putback)) __putback_lru_fast(&pvec_putback, pgrescued); }",visit repo url,mm/mlock.c,https://github.com/torvalds/linux,108235579018900,1 2687,CWE-190,"SPL_METHOD(RecursiveDirectoryIterator, getSubPath) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } if (intern->u.dir.sub_path) { RETURN_STRINGL(intern->u.dir.sub_path, intern->u.dir.sub_path_len, 1); } else { RETURN_STRINGL("""", 0, 1); } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,216902577616297,1 5131,CWE-125,"PyAST_FromNodeObject(const node *n, PyCompilerFlags *flags, PyObject *filename, PyArena *arena) { int i, j, k, num; asdl_seq *stmts = NULL; stmt_ty s; node *ch; struct compiling c; mod_ty res = NULL; c.c_arena = arena; c.c_filename = filename; c.c_normalize = NULL; if (TYPE(n) == encoding_decl) n = CHILD(n, 0); k = 0; switch (TYPE(n)) { case file_input: stmts = _Py_asdl_seq_new(num_stmts(n), arena); if (!stmts) goto out; for (i = 0; i < NCH(n) - 1; i++) { ch = CHILD(n, i); if (TYPE(ch) == NEWLINE) continue; REQ(ch, stmt); num = num_stmts(ch); if (num == 1) { s = ast_for_stmt(&c, ch); if (!s) goto out; asdl_seq_SET(stmts, k++, s); } else { ch = CHILD(ch, 0); REQ(ch, simple_stmt); for (j = 0; j < num; j++) { s = ast_for_stmt(&c, CHILD(ch, j * 2)); if (!s) goto out; asdl_seq_SET(stmts, k++, s); } } } res = Module(stmts, arena); break; case eval_input: { expr_ty testlist_ast; testlist_ast = ast_for_testlist(&c, CHILD(n, 0)); if (!testlist_ast) goto out; res = Expression(testlist_ast, arena); break; } case single_input: if (TYPE(CHILD(n, 0)) == NEWLINE) { stmts = _Py_asdl_seq_new(1, arena); if (!stmts) goto out; asdl_seq_SET(stmts, 0, Pass(n->n_lineno, n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, arena)); if (!asdl_seq_GET(stmts, 0)) goto out; res = Interactive(stmts, arena); } else { n = CHILD(n, 0); num = num_stmts(n); stmts = _Py_asdl_seq_new(num, arena); if (!stmts) goto out; if (num == 1) { s = ast_for_stmt(&c, n); if (!s) goto out; asdl_seq_SET(stmts, 0, s); } else { REQ(n, simple_stmt); for (i = 0; i < NCH(n); i += 2) { if (TYPE(CHILD(n, i)) == NEWLINE) break; s = ast_for_stmt(&c, CHILD(n, i)); if (!s) goto out; asdl_seq_SET(stmts, i / 2, s); } } res = Interactive(stmts, arena); } break; default: PyErr_Format(PyExc_SystemError, ""invalid node %d for PyAST_FromNode"", TYPE(n)); goto out; } out: if (c.c_normalize) { Py_DECREF(c.c_normalize); } return res; }",visit repo url,Python/ast.c,https://github.com/python/cpython,126056246113001,1 6428,['CWE-190'],"read_image_resource_block (PSDimage *img_a, FILE *f, GError **error) { guint32 block_len; guint32 block_end; if (fread (&block_len, 4, 1, f) < 1) { psd_set_error (feof (f), errno, error); return -1; } img_a->image_res_len = GUINT32_FROM_BE (block_len); IFDBG(1) g_debug (""Image resource block size = %d"", (int)img_a->image_res_len); img_a->image_res_start = ftell (f); block_end = img_a->image_res_start + img_a->image_res_len; if (fseek (f, block_end, SEEK_SET) < 0) { psd_set_error (feof (f), errno, error); return -1; } return 0; }",gimp,,,42725259657294622378958213538160307204,0 1052,['CWE-20'],"static void k_getrusage(struct task_struct *p, int who, struct rusage *r) { struct task_struct *t; unsigned long flags; cputime_t utime, stime; memset((char *) r, 0, sizeof *r); utime = stime = cputime_zero; rcu_read_lock(); if (!lock_task_sighand(p, &flags)) { rcu_read_unlock(); return; } switch (who) { case RUSAGE_BOTH: case RUSAGE_CHILDREN: utime = p->signal->cutime; stime = p->signal->cstime; r->ru_nvcsw = p->signal->cnvcsw; r->ru_nivcsw = p->signal->cnivcsw; r->ru_minflt = p->signal->cmin_flt; r->ru_majflt = p->signal->cmaj_flt; if (who == RUSAGE_CHILDREN) break; case RUSAGE_SELF: utime = cputime_add(utime, p->signal->utime); stime = cputime_add(stime, p->signal->stime); r->ru_nvcsw += p->signal->nvcsw; r->ru_nivcsw += p->signal->nivcsw; r->ru_minflt += p->signal->min_flt; r->ru_majflt += p->signal->maj_flt; t = p; do { utime = cputime_add(utime, t->utime); stime = cputime_add(stime, t->stime); r->ru_nvcsw += t->nvcsw; r->ru_nivcsw += t->nivcsw; r->ru_minflt += t->min_flt; r->ru_majflt += t->maj_flt; t = next_thread(t); } while (t != p); break; default: BUG(); } unlock_task_sighand(p, &flags); rcu_read_unlock(); cputime_to_timeval(utime, &r->ru_utime); cputime_to_timeval(stime, &r->ru_stime); }",linux-2.6,,,264953772063160582762749009449976474812,0 4925,CWE-59,"dump_threads(void) { FILE *fp; char time_buf[26]; element e; vrrp_t *vrrp; char *file_name; file_name = make_file_name(""/tmp/thread_dump.dat"", ""vrrp"", #if HAVE_DECL_CLONE_NEWNET global_data->network_namespace, #else NULL, #endif global_data->instance_name); fp = fopen(file_name, ""a""); FREE(file_name); set_time_now(); ctime_r(&time_now.tv_sec, time_buf); fprintf(fp, ""\n%.19s.%6.6ld: Thread dump\n"", time_buf, time_now.tv_usec); dump_thread_data(master, fp); fprintf(fp, ""alloc = %lu\n"", master->alloc); fprintf(fp, ""\n""); LIST_FOREACH(vrrp_data->vrrp, vrrp, e) { ctime_r(&vrrp->sands.tv_sec, time_buf); fprintf(fp, ""VRRP instance %s, sands %.19s.%6.6lu, status %s\n"", vrrp->iname, time_buf, vrrp->sands.tv_usec, vrrp->state == VRRP_STATE_INIT ? ""INIT"" : vrrp->state == VRRP_STATE_BACK ? ""BACKUP"" : vrrp->state == VRRP_STATE_MAST ? ""MASTER"" : vrrp->state == VRRP_STATE_FAULT ? ""FAULT"" : vrrp->state == VRRP_STATE_STOP ? ""STOP"" : vrrp->state == VRRP_DISPATCHER ? ""DISPATCHER"" : ""unknown""); } fclose(fp); }",visit repo url,keepalived/vrrp/vrrp_scheduler.c,https://github.com/acassen/keepalived,37287206035235,1 1650,[],"cpu_cgroup_can_attach(struct cgroup_subsys *ss, struct cgroup *cgrp, struct task_struct *tsk) { #ifdef CONFIG_RT_GROUP_SCHED if (rt_task(tsk) && cgroup_tg(cgrp)->rt_bandwidth.rt_runtime == 0) return -EINVAL; #else if (tsk->sched_class != &fair_sched_class) return -EINVAL; #endif return 0; }",linux-2.6,,,167739588871819525864481888599846573287,0 3349,CWE-119,"test_compressed_stream_overflow (xd3_stream *stream, int ignore) { int ret; int i; uint8_t *buf; if ((buf = (uint8_t*) malloc (TWO_MEGS_AND_DELTA)) == NULL) { return ENOMEM; } memset (buf, 0, TWO_MEGS_AND_DELTA); for (i = 0; i < (2 << 20); i += 256) { int j; int off = mt_random(& static_mtrand) % 10; for (j = 0; j < 256; j++) { buf[i + j] = j + off; } } if (SIZEOF_XOFF_T == 4) { ret = test_streaming (stream, buf, buf + (1 << 20), buf + (2 << 20), (1 << 12) + 1); if (ret == XD3_INVALID_INPUT && MSG_IS (""decoder file offset overflow"")) { ret = 0; } else { XPR(NT XD3_LIB_ERRMSG (stream, ret)); stream->msg = ""expected overflow condition""; ret = XD3_INTERNAL; goto fail; } } if ((ret = test_streaming (stream, buf, buf + (1 << 20), buf + (2 << 20), 1 << 12))) { goto fail; } fail: free (buf); return ret; }",visit repo url,xdelta3/xdelta3-test.h,https://github.com/jmacd/xdelta-devel,205076746337265,1 2265,['CWE-120'],"int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen) { struct nameidata nd; void *cookie; int res; nd.depth = 0; cookie = dentry->d_inode->i_op->follow_link(dentry, &nd); if (IS_ERR(cookie)) return PTR_ERR(cookie); res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd)); if (dentry->d_inode->i_op->put_link) dentry->d_inode->i_op->put_link(dentry, &nd, cookie); return res; }",linux-2.6,,,310478493864063579659120026701247099285,0 2099,CWE-416,"static void smp_task_timedout(struct timer_list *t) { struct sas_task_slow *slow = from_timer(slow, t, timer); struct sas_task *task = slow->task; unsigned long flags; spin_lock_irqsave(&task->task_state_lock, flags); if (!(task->task_state_flags & SAS_TASK_STATE_DONE)) task->task_state_flags |= SAS_TASK_STATE_ABORTED; spin_unlock_irqrestore(&task->task_state_lock, flags); complete(&task->slow_task->completion); }",visit repo url,drivers/scsi/libsas/sas_expander.c,https://github.com/torvalds/linux,62143327441293,1 6638,CWE-276,"static int samldb_spn_uniqueness_check(struct samldb_ctx *ac, struct ldb_message_element *spn_el) { struct ldb_context *ldb = ldb_module_get_ctx(ac->module); int ret; const char *spn = NULL; size_t i; TALLOC_CTX *tmp_ctx = talloc_new(ac->msg); if (tmp_ctx == NULL) { return ldb_oom(ldb); } for (i = 0; i < spn_el->num_values; i++) { int n_components; spn = (char *)spn_el->values[i].data; n_components = count_spn_components(spn_el->values[i]); if (n_components > 3 || n_components < 2) { ldb_asprintf_errstring(ldb, ""samldb: spn[%s] invalid with %u components"", spn, n_components); talloc_free(tmp_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } ret = check_spn_direct_collision(ldb, tmp_ctx, spn, ac->msg->dn); if (ret == LDB_ERR_COMPARE_TRUE) { DBG_INFO(""SPN %s re-added to the same object\n"", spn); talloc_free(tmp_ctx); return LDB_SUCCESS; } if (ret != LDB_SUCCESS) { DBG_ERR(""SPN %s failed direct uniqueness check\n"", spn); talloc_free(tmp_ctx); return ret; } ret = check_spn_alias_collision(ldb, tmp_ctx, spn, ac->msg->dn); if (ret == LDB_ERR_NO_SUCH_OBJECT) { break; } if (ret != LDB_SUCCESS) { DBG_ERR(""SPN %s failed alias uniqueness check\n"", spn); talloc_free(tmp_ctx); return ret; } DBG_INFO(""SPN %s seems to be unique\n"", spn); } talloc_free(tmp_ctx); return LDB_SUCCESS; }",visit repo url,source4/dsdb/samdb/ldb_modules/samldb.c,https://github.com/samba-team/samba,45076198994246,1 5765,['CWE-200'],"static int rose_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) { struct full_sockaddr_rose *srose = (struct full_sockaddr_rose *)uaddr; struct sock *sk = sock->sk; struct rose_sock *rose = rose_sk(sk); int n; memset(srose, 0, sizeof(*srose)); if (peer != 0) { if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; srose->srose_family = AF_ROSE; srose->srose_addr = rose->dest_addr; srose->srose_call = rose->dest_call; srose->srose_ndigis = rose->dest_ndigis; for (n = 0; n < rose->dest_ndigis; n++) srose->srose_digis[n] = rose->dest_digis[n]; } else { srose->srose_family = AF_ROSE; srose->srose_addr = rose->source_addr; srose->srose_call = rose->source_call; srose->srose_ndigis = rose->source_ndigis; for (n = 0; n < rose->source_ndigis; n++) srose->srose_digis[n] = rose->source_digis[n]; } *uaddr_len = sizeof(struct full_sockaddr_rose); return 0; }",linux-2.6,,,172108593269131955619792279702209936602,0 1946,['CWE-20'],"static Elf64_Sym * __init find_symbol64(struct lib64_elfinfo *lib, const char *symname) { unsigned int i; char name[MAX_SYMNAME], *c; for (i = 0; i < (lib->dynsymsize / sizeof(Elf64_Sym)); i++) { if (lib->dynsym[i].st_name == 0) continue; strlcpy(name, lib->dynstr + lib->dynsym[i].st_name, MAX_SYMNAME); c = strchr(name, '@'); if (c) *c = 0; if (strcmp(symname, name) == 0) return &lib->dynsym[i]; } return NULL; }",linux-2.6,,,114196314408366127146663788185172557865,0 6752,['CWE-310'],"utils_connection_valid_for_device (NMConnection *connection, NMDevice *device, gpointer specific_object) { NMSettingConnection *s_con; g_return_val_if_fail (connection != NULL, FALSE); g_return_val_if_fail (device != NULL, FALSE); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_return_val_if_fail (s_con != NULL, FALSE); g_return_val_if_fail (nm_setting_connection_get_connection_type (s_con) != NULL, FALSE); if (NM_IS_DEVICE_ETHERNET (device)) return connection_valid_for_wired (connection, s_con, device, specific_object); else if (NM_IS_DEVICE_WIFI (device)) return connection_valid_for_wireless (connection, s_con, device, specific_object); else if (NM_IS_GSM_DEVICE (device)) return connection_valid_for_gsm (connection, s_con, device, specific_object); else if (NM_IS_CDMA_DEVICE (device)) return connection_valid_for_cdma (connection, s_con, device, specific_object); else g_warning (""Unknown device type '%s'"", g_type_name (G_OBJECT_TYPE(device))); return FALSE; }",network-manager-applet,,,258190161011077389816161946860430143508,0 2968,['CWE-189'],"static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt) { int n; int ret; jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj; long newbufsize; long newpos; newpos = m->pos_ + cnt; if (newpos > m->bufsize_ && m->growable_) { newbufsize = m->bufsize_; while (newbufsize < newpos) { newbufsize <<= 1; assert(newbufsize >= 0); } if (mem_resize(m, newbufsize)) { return -1; } } if (m->pos_ > m->len_) { n = JAS_MIN(m->pos_, m->bufsize_) - m->len_; if (n > 0) { memset(&m->buf_[m->len_], 0, n); m->len_ += n; } if (m->pos_ != m->len_) { return 0; } } n = m->bufsize_ - m->pos_; ret = JAS_MIN(n, cnt); if (ret > 0) { memcpy(&m->buf_[m->pos_], buf, ret); m->pos_ += ret; } if (m->pos_ > m->len_) { m->len_ = m->pos_; } assert(ret == cnt); return ret; }",jasper,,,179130158104563388203049534573482895033,0 2065,['CWE-269'],"static inline unsigned long hash(struct vfsmount *mnt, struct dentry *dentry) { unsigned long tmp = ((unsigned long)mnt / L1_CACHE_BYTES); tmp += ((unsigned long)dentry / L1_CACHE_BYTES); tmp = tmp + (tmp >> hash_bits); return tmp & hash_mask; }",linux-2.6,,,67775449670475967120054579240963470854,0 4365,['CWE-264'],"int sk_wait_data(struct sock *sk, long *timeo) { int rc; DEFINE_WAIT(wait); prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); rc = sk_wait_event(sk, timeo, !skb_queue_empty(&sk->sk_receive_queue)); clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags); finish_wait(sk->sk_sleep, &wait); return rc; }",linux-2.6,,,140409859525838796636886504958017649811,0 1651,CWE-369,"static int kvm_vm_ioctl_set_pit(struct kvm *kvm, struct kvm_pit_state *ps) { mutex_lock(&kvm->arch.vpit->pit_state.lock); memcpy(&kvm->arch.vpit->pit_state, ps, sizeof(struct kvm_pit_state)); kvm_pit_load_count(kvm, 0, ps->channels[0].count, 0); mutex_unlock(&kvm->arch.vpit->pit_state.lock); return 0; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,106075200946323,1 1911,CWE-416,"static int llcp_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) { struct sock *sk = sock->sk; struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk); struct nfc_llcp_local *local; struct nfc_dev *dev; struct sockaddr_nfc_llcp llcp_addr; int len, ret = 0; if (!addr || alen < offsetofend(struct sockaddr, sa_family) || addr->sa_family != AF_NFC) return -EINVAL; pr_debug(""sk %p addr %p family %d\n"", sk, addr, addr->sa_family); memset(&llcp_addr, 0, sizeof(llcp_addr)); len = min_t(unsigned int, sizeof(llcp_addr), alen); memcpy(&llcp_addr, addr, len); if (llcp_addr.dsap != 0) return -EINVAL; lock_sock(sk); if (sk->sk_state != LLCP_CLOSED) { ret = -EBADFD; goto error; } dev = nfc_get_device(llcp_addr.dev_idx); if (dev == NULL) { ret = -ENODEV; goto error; } local = nfc_llcp_find_local(dev); if (local == NULL) { ret = -ENODEV; goto put_dev; } llcp_sock->dev = dev; llcp_sock->local = nfc_llcp_local_get(local); llcp_sock->nfc_protocol = llcp_addr.nfc_protocol; llcp_sock->service_name_len = min_t(unsigned int, llcp_addr.service_name_len, NFC_LLCP_MAX_SERVICE_NAME); llcp_sock->service_name = kmemdup(llcp_addr.service_name, llcp_sock->service_name_len, GFP_KERNEL); if (!llcp_sock->service_name) { ret = -ENOMEM; goto sock_llcp_put_local; } llcp_sock->ssap = nfc_llcp_get_sdp_ssap(local, llcp_sock); if (llcp_sock->ssap == LLCP_SAP_MAX) { ret = -EADDRINUSE; goto free_service_name; } llcp_sock->reserved_ssap = llcp_sock->ssap; nfc_llcp_sock_link(&local->sockets, sk); pr_debug(""Socket bound to SAP %d\n"", llcp_sock->ssap); sk->sk_state = LLCP_BOUND; nfc_put_device(dev); release_sock(sk); return 0; free_service_name: kfree(llcp_sock->service_name); llcp_sock->service_name = NULL; sock_llcp_put_local: nfc_llcp_local_put(llcp_sock->local); llcp_sock->local = NULL; llcp_sock->dev = NULL; put_dev: nfc_put_device(dev); error: release_sock(sk); return ret; }",visit repo url,net/nfc/llcp_sock.c,https://github.com/torvalds/linux,58594976642238,1 2597,NVD-CWE-noinfo,"static int stream_process(struct sip_msg * msg, struct sdp_stream_cell *cell, str * s, str* ss, regex_t* re, int op,int description) { static sdp_payload_attr_t static_payloads[] = { { NULL,0,{ ""0"",1},{""PCMU"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""3"",1},{ ""GSM"",3},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""4"",1},{""G723"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""5"",1},{""DVI4"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""6"",1},{""DVI4"",4},{""16000"",5},{NULL,0},{NULL,0} }, { NULL,0,{ ""7"",1},{ ""LPC"",3},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""8"",1},{""PCMA"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{ ""9"",1},{""G722"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""10"",2},{ ""L16"",3},{""44100"",5},{NULL,0},{NULL,0} }, { NULL,0,{""11"",2},{ ""L16"",3},{""44100"",5},{NULL,0},{NULL,0} }, { NULL,0,{""12"",2},{""QCELP"",5},{""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""13"",2},{ ""CN"",2},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""14"",2},{ ""MPA"",3},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""15"",2},{""G728"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""16"",2},{""DVI4"",4},{""11025"",5},{NULL,0},{NULL,0} }, { NULL,0,{""17"",2},{""DVI4"",4},{""22050"",5},{NULL,0},{NULL,0} }, { NULL,0,{""18"",2},{""G729"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""25"",2},{""CelB"",4},{ ""8000"",4},{NULL,0},{NULL,0} }, { NULL,0,{""26"",2},{""JPEG"",4},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""28"",2},{ ""nv"",2},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""31"",2},{""H261"",4},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""32"",2},{ ""MPV"",3},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""33"",2},{""MP2T"",4},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""34"",2},{""H263"",4},{""90000"",5},{NULL,0},{NULL,0} }, { NULL,0,{""t38"",3},{""t38"",3},{ """",0},{NULL,0},{NULL,0} }, { NULL,0,{NULL,0},{ NULL,0},{ NULL,0},{NULL,0},{NULL,0} } }; sdp_payload_attr_t *payload; char *cur, *tmp, *buff, temp; struct lump * lmp; str found; int ret, i,match, buff_len, is_static; regmatch_t pmatch; lmp = get_associated_lump(msg, cell); if( lmp == NULL) { LM_ERR(""There is no lump for this sdp cell\n""); return -1; } if (lmp->len == 0) return -1; buff_len = 0; ret = 0; buff = pkg_malloc(lmp->len+1); if( buff == NULL) { LM_ERR(""Out of memory\n""); return -1; } is_static = 0; payload = cell->payload_attr; while(payload) { if( payload->rtp_enc.s == NULL || (payload->rtp_clock.s == NULL && ss != NULL) || payload->rtp_payload.s == NULL) { goto next_payload; } match = 0; if( description == DESC_REGEXP ||description == DESC_REGEXP_COMPLEMENT ) { if (is_static) { match = regexec( re, payload->rtp_enc.s, 1, &pmatch, 0) == 0; } else { temp = payload->rtp_enc.s[payload->rtp_enc.len]; payload->rtp_enc.s[payload->rtp_enc.len] = 0; match = regexec( re, payload->rtp_enc.s, 1, &pmatch, 0) == 0; payload->rtp_enc.s[payload->rtp_enc.len] = temp; } } if( description == DESC_REGEXP_COMPLEMENT) match = !match; if( description == DESC_NAME ) { match = s->len == payload->rtp_enc.len && strncasecmp( s->s, payload->rtp_enc.s , payload->rtp_enc.len) == 0; } if( description == DESC_NAME_AND_CLOCK) { match = s->len == payload->rtp_enc.len && strncasecmp( s->s, payload->rtp_enc.s , payload->rtp_enc.len) == 0 && (ss == NULL || ( ss->len == payload->rtp_clock.len && strncasecmp( ss->s, payload->rtp_clock.s , payload->rtp_clock.len) == 0 ) ); } if (match) { match = 0; cur = lmp->u.value; while( !match && cur < lmp->u.value + lmp->len) { found.s = cur; while( cur < lmp->u.value + lmp->len && *cur != ' ' ) cur++; found.len = cur - found.s; if ( found.len == payload->rtp_payload.len && strncmp( found.s,payload->rtp_payload.s,found.len) == 0) { match = 1; } else { while( cur < lmp->u.value + lmp->len && * cur == ' ' ) cur++; } } if (match) { if(op == FIND) { ret = 1; goto end; } if( op == DELETE && !is_static ) { if( delete_sdp_line( msg, payload->rtp_enc.s) < 0 ) { LM_ERR(""Unable to add delete lump for a=\n""); ret = -1; goto end; } if( delete_sdp_line( msg, payload->fmtp_string.s) < 0 ) { LM_ERR(""Unable to add delete lump for a=\n""); ret = -1; goto end; } } { while (found.s > lmp->u.value && *(found.s - 1) == ' ') { found.s--; found.len++; } if (cur == lmp->u.value + lmp->len) { tmp = found.s; while (*(--tmp) == ' ') { found.s--; found.len++; } } for(tmp=found.s ; tmp< lmp->u.value + lmp->len ; tmp++ ) *tmp = *(tmp+found.len); lmp->len -= found.len; } if( op == ADD_TO_FRONT || op == ADD_TO_BACK) { memcpy(&buff[buff_len],"" "",1); buff_len++; memcpy(&buff[buff_len],payload->rtp_payload.s, payload->rtp_payload.len); buff_len += payload->rtp_payload.len; } ret = 1; } } next_payload: if (!is_static) { payload = payload->next; if (payload==NULL) { payload = static_payloads; is_static = 1; } } else { payload ++; if (payload->rtp_payload.s==NULL) payload=NULL; } } if( op == ADD_TO_FRONT && buff_len >0 ) { lmp->u.value = (char*)pkg_realloc(lmp->u.value, lmp->len+buff_len); if(!lmp->u.value) { LM_ERR(""No more pkg memory\n""); ret = -1; goto end; } for( i = lmp->len -1 ; i>=0;i--) lmp->u.value[i+buff_len] = lmp->u.value[i]; memcpy(lmp->u.value,buff,buff_len); lmp->len += buff_len; } if( op == ADD_TO_BACK && buff_len >0 ) { lmp->u.value = (char*)pkg_realloc(lmp->u.value, lmp->len+buff_len); if(!lmp->u.value) { LM_ERR(""No more pkg memory\n""); ret = -1; goto end; } memcpy(&lmp->u.value[lmp->len],buff,buff_len); lmp->len += buff_len; } if (lmp->len == 0) { lmp = del_lump(msg, cell->port.s - msg->buf - 1, cell->port.len + 2, 0); if (!lmp) { LM_ERR(""could not add lump to disable stream!\n""); goto end; } tmp = pkg_malloc(3); if (!tmp) { LM_ERR(""oom for port 0\n""); goto end; } memcpy(tmp, "" 0 "", 3); if (!insert_new_lump_after(lmp, tmp, 3, 0)) LM_ERR(""could not insert lump to disable stream!\n""); } end: pkg_free(buff); return ret; }",visit repo url,modules/sipmsgops/codecs.c,https://github.com/OpenSIPS/opensips,238633040672730,1 4521,CWE-190,"static Fixed lsr_translate_coords(GF_LASeRCodec *lsr, u32 val, u32 nb_bits) { if (!nb_bits) return 0; #ifdef GPAC_FIXED_POINT if (val >> (nb_bits-1) ) { s32 neg = (s32) val - (1<res_factor); return gf_divfix(INT2FIX(neg), lsr->res_factor); } else { if (val > FIX_ONE / 2) return 2 * gf_divfix(INT2FIX(val/2), lsr->res_factor); return gf_divfix(INT2FIX(val), lsr->res_factor); } #else if (val >> (nb_bits-1) ) { s32 neg = (s32) val - (1<res_factor); } else { return gf_divfix(INT2FIX(val), lsr->res_factor); } #endif }",visit repo url,src/laser/lsr_dec.c,https://github.com/gpac/gpac,141622124066206,1 6432,CWE-20,"void rza1EthEventHandler(NetInterface *interface) { error_t error; if((ETHER.EESR0 & ETHER_EESR0_FR) != 0) { ETHER.EESR0 = ETHER_EESR0_FR; do { error = rza1EthReceivePacket(interface); } while(error != ERROR_BUFFER_EMPTY); } ETHER.EESIPR0 = ETHER_EESIPR0_TWBIP | ETHER_EESIPR0_FRIP; }",visit repo url,drivers/mac/rza1_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,128136443446368,1 1449,CWE-269,"struct crypto_template *crypto_lookup_template(const char *name) { return try_then_request_module(__crypto_lookup_template(name), ""%s"", name); }",visit repo url,crypto/algapi.c,https://github.com/torvalds/linux,264693983618482,1 4255,['CWE-119'],"static sctp_disposition_t sctp_sf_violation_paramlen( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, void *ext, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_paramhdr *param = ext; struct sctp_chunk *abort = NULL; if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)) goto discard; abort = sctp_make_violation_paramlen(asoc, chunk, param); if (!abort) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_PROTO_VIOLATION)); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); discard: sctp_sf_pdiscard(ep, asoc, SCTP_ST_CHUNK(0), arg, commands); return SCTP_DISPOSITION_ABORT; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,126512961201879581261321100536299629765,0 2801,CWE-252,"LPSTR tr_esc_str(LPCSTR arg, bool format) { LPSTR tmp = NULL; size_t cs = 0, x, ds, len; size_t s; if (NULL == arg) return NULL; s = strlen(arg); while ((s > 0) && isspace(arg[s - 1])) s--; ds = s + 1; if (s) tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not allocate string buffer.\n""); exit(-2); } memset(tmp, 0, ds * sizeof(CHAR)); for (x = 0; x < s; x++) { switch (arg[x]) { case '<': len = format ? 13 : 4; ds += len - 1; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-3); } if (format) strncpy(&tmp[cs], """", len); else strncpy(&tmp[cs], ""<"", len); cs += len; break; case '>': len = format ? 14 : 4; ds += len - 1; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-4); } if (format) strncpy(&tmp[cs], """", len); else strncpy(&tmp[cs], ""<"", len); cs += len; break; case '\'': ds += 5; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-5); } tmp[cs++] = '&'; tmp[cs++] = 'a'; tmp[cs++] = 'p'; tmp[cs++] = 'o'; tmp[cs++] = 's'; tmp[cs++] = ';'; break; case '""': ds += 5; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-6); } tmp[cs++] = '&'; tmp[cs++] = 'q'; tmp[cs++] = 'u'; tmp[cs++] = 'o'; tmp[cs++] = 't'; tmp[cs++] = ';'; break; case '&': ds += 4; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-7); } tmp[cs++] = '&'; tmp[cs++] = 'a'; tmp[cs++] = 'm'; tmp[cs++] = 'p'; tmp[cs++] = ';'; break; default: tmp[cs++] = arg[x]; break; } tmp[ds - 1] = '\0'; } return tmp; }",visit repo url,client/X11/generate_argument_docbook.c,https://github.com/FreeRDP/FreeRDP,15709147883795,1 485,[],"pfm_ovfl_notify_user(pfm_context_t *ctx, unsigned long ovfl_pmds) { pfm_msg_t *msg = NULL; if (ctx->ctx_fl_no_msg == 0) { msg = pfm_get_new_msg(ctx); if (msg == NULL) { printk(KERN_ERR ""perfmon: pfm_ovfl_notify_user no more notification msgs\n""); return -1; } msg->pfm_ovfl_msg.msg_type = PFM_MSG_OVFL; msg->pfm_ovfl_msg.msg_ctx_fd = ctx->ctx_fd; msg->pfm_ovfl_msg.msg_active_set = 0; msg->pfm_ovfl_msg.msg_ovfl_pmds[0] = ovfl_pmds; msg->pfm_ovfl_msg.msg_ovfl_pmds[1] = 0UL; msg->pfm_ovfl_msg.msg_ovfl_pmds[2] = 0UL; msg->pfm_ovfl_msg.msg_ovfl_pmds[3] = 0UL; msg->pfm_ovfl_msg.msg_tstamp = 0UL; } DPRINT((""ovfl msg: msg=%p no_msg=%d fd=%d ovfl_pmds=0x%lx\n"", msg, ctx->ctx_fl_no_msg, ctx->ctx_fd, ovfl_pmds)); return pfm_notify_user(ctx, msg); }",linux-2.6,,,317786959950012598050479897928920455455,0 821,['CWE-16'],"static void __exit esp4_fini(void) { if (inet_del_protocol(&esp4_protocol, IPPROTO_ESP) < 0) printk(KERN_INFO ""ip esp close: can't remove protocol\n""); if (xfrm_unregister_type(&esp_type, AF_INET) < 0) printk(KERN_INFO ""ip esp close: can't remove xfrm type\n""); }",linux-2.6,,,219212954632494796890029832652543297750,0 6612,['CWE-200'],"notify_connected_dont_show_cb (NotifyNotification *notify, gchar *id, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); if (!id) return; if ( strcmp (id, PREF_DISABLE_CONNECTED_NOTIFICATIONS) && strcmp (id, PREF_DISABLE_DISCONNECTED_NOTIFICATIONS)) return; gconf_client_set_bool (applet->gconf_client, id, TRUE, NULL); }",network-manager-applet,,,52112777429753903735479622756767438129,0 497,[],"int snd_dma_alloc_pages_fallback(int type, struct device *device, size_t size, struct snd_dma_buffer *dmab) { int err; snd_assert(size > 0, return -ENXIO); snd_assert(dmab != NULL, return -ENXIO); while ((err = snd_dma_alloc_pages(type, device, size, dmab)) < 0) { if (err != -ENOMEM) return err; size >>= 1; if (size <= PAGE_SIZE) return -ENOMEM; } if (! dmab->area) return -ENOMEM; return 0; }",linux-2.6,,,254236942506459796292131926188079542681,0 1171,CWE-400,"static int simulate_rdhwr(struct pt_regs *regs, unsigned int opcode) { struct thread_info *ti = task_thread_info(current); if ((opcode & OPCODE) == SPEC3 && (opcode & FUNC) == RDHWR) { int rd = (opcode & RD) >> 11; int rt = (opcode & RT) >> 16; perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); switch (rd) { case 0: regs->regs[rt] = smp_processor_id(); return 0; case 1: regs->regs[rt] = min(current_cpu_data.dcache.linesz, current_cpu_data.icache.linesz); return 0; case 2: regs->regs[rt] = read_c0_count(); return 0; case 3: switch (current_cpu_data.cputype) { case CPU_20KC: case CPU_25KF: regs->regs[rt] = 1; break; default: regs->regs[rt] = 2; } return 0; case 29: regs->regs[rt] = ti->tp_value; return 0; default: return -1; } } return -1; }",visit repo url,arch/mips/kernel/traps.c,https://github.com/torvalds/linux,134399153321765,1 1555,CWE-264,"static bool blk_kick_flush(struct request_queue *q, struct blk_flush_queue *fq) { struct list_head *pending = &fq->flush_queue[fq->flush_pending_idx]; struct request *first_rq = list_first_entry(pending, struct request, flush.list); struct request *flush_rq = fq->flush_rq; if (fq->flush_pending_idx != fq->flush_running_idx || list_empty(pending)) return false; if (!list_empty(&fq->flush_data_in_flight) && time_before(jiffies, fq->flush_pending_since + FLUSH_PENDING_TIMEOUT)) return false; fq->flush_pending_idx ^= 1; blk_rq_init(q, flush_rq); if (q->mq_ops) { flush_rq->mq_ctx = first_rq->mq_ctx; flush_rq->tag = first_rq->tag; } flush_rq->cmd_type = REQ_TYPE_FS; flush_rq->cmd_flags = WRITE_FLUSH | REQ_FLUSH_SEQ; flush_rq->rq_disk = first_rq->rq_disk; flush_rq->end_io = flush_end_io; return blk_flush_queue_rq(flush_rq, false); }",visit repo url,block/blk-flush.c,https://github.com/torvalds/linux,245530075803102,1 4417,CWE-476,"gen_hash(codegen_scope *s, node *tree, int val, int limit) { int slimit = GEN_VAL_STACK_MAX; if (cursp() >= GEN_LIT_ARY_MAX) slimit = INT16_MAX; int len = 0; mrb_bool update = FALSE; while (tree) { if (nint(tree->car->car->car) == NODE_KW_REST_ARGS) { if (len > 0) { pop_n(len*2); if (!update) { genop_2(s, OP_HASH, cursp(), len); } else { pop(); genop_2(s, OP_HASHADD, cursp(), len); } push(); } codegen(s, tree->car->cdr, val); if (len > 0 || update) { pop(); pop(); genop_1(s, OP_HASHCAT, cursp()); push(); } update = TRUE; len = 0; } else { codegen(s, tree->car->car, val); codegen(s, tree->car->cdr, val); len++; } tree = tree->cdr; if (val && cursp() >= slimit) { pop_n(len*2); if (!update) { genop_2(s, OP_HASH, cursp(), len); } else { pop(); genop_2(s, OP_HASHADD, cursp(), len); } push(); update = TRUE; len = 0; } } if (update) { if (len > 0) { pop_n(len*2+1); genop_2(s, OP_HASHADD, cursp(), len); push(); } return -1; } if (update) return -1; return len; }",visit repo url,mrbgems/mruby-compiler/core/codegen.c,https://github.com/mruby/mruby,91905893164115,1 2497,['CWE-119'],"int git_diff_ui_config(const char *var, const char *value, void *cb) { if (!strcmp(var, ""diff.renamelimit"")) { diff_rename_limit_default = git_config_int(var, value); return 0; } if (!strcmp(var, ""diff.color"") || !strcmp(var, ""color.diff"")) { diff_use_color_default = git_config_colorbool(var, value, -1); return 0; } if (!strcmp(var, ""diff.renames"")) { if (!value) diff_detect_rename_default = DIFF_DETECT_RENAME; else if (!strcasecmp(value, ""copies"") || !strcasecmp(value, ""copy"")) diff_detect_rename_default = DIFF_DETECT_COPY; else if (git_config_bool(var,value)) diff_detect_rename_default = DIFF_DETECT_RENAME; return 0; } if (!strcmp(var, ""diff.autorefreshindex"")) { diff_auto_refresh_index = git_config_bool(var, value); return 0; } if (!strcmp(var, ""diff.external"")) return git_config_string(&external_diff_cmd_cfg, var, value); if (!prefixcmp(var, ""diff."")) { const char *ep = strrchr(var, '.'); if (ep != var + 4 && !strcmp(ep, "".command"")) return parse_lldiff_command(var, ep, value); } return git_diff_basic_config(var, value, cb); }",git,,,304009446252804059109543069238612808853,0 6646,CWE-125,"static int get_recurse_data_length(compiler_common *common, PCRE2_SPTR cc, PCRE2_SPTR ccend, BOOL *needs_control_head, BOOL *has_quit, BOOL *has_accept) { int length = 1; int size; PCRE2_SPTR alternative; BOOL quit_found = FALSE; BOOL accept_found = FALSE; BOOL setsom_found = FALSE; BOOL setmark_found = FALSE; BOOL capture_last_found = FALSE; BOOL control_head_found = FALSE; #if defined DEBUG_FORCE_CONTROL_HEAD && DEBUG_FORCE_CONTROL_HEAD SLJIT_ASSERT(common->control_head_ptr != 0); control_head_found = TRUE; #endif while (cc < ccend) { size = 0; switch(*cc) { case OP_SET_SOM: SLJIT_ASSERT(common->has_set_som); setsom_found = TRUE; cc += 1; break; case OP_RECURSE: if (common->has_set_som) setsom_found = TRUE; if (common->mark_ptr != 0) setmark_found = TRUE; if (common->capture_last_ptr != 0) capture_last_found = TRUE; cc += 1 + LINK_SIZE; break; case OP_KET: if (PRIVATE_DATA(cc) != 0) { length++; SLJIT_ASSERT(PRIVATE_DATA(cc + 1) != 0); cc += PRIVATE_DATA(cc + 1); } cc += 1 + LINK_SIZE; break; case OP_ASSERT: case OP_ASSERT_NOT: case OP_ASSERTBACK: case OP_ASSERTBACK_NOT: case OP_ASSERT_NA: case OP_ASSERTBACK_NA: case OP_ONCE: case OP_SCRIPT_RUN: case OP_BRAPOS: case OP_SBRA: case OP_SBRAPOS: case OP_SCOND: length++; SLJIT_ASSERT(PRIVATE_DATA(cc) != 0); cc += 1 + LINK_SIZE; break; case OP_CBRA: case OP_SCBRA: length += 2; if (common->capture_last_ptr != 0) capture_last_found = TRUE; if (common->optimized_cbracket[GET2(cc, 1 + LINK_SIZE)] == 0) length++; cc += 1 + LINK_SIZE + IMM2_SIZE; break; case OP_CBRAPOS: case OP_SCBRAPOS: length += 2 + 2; if (common->capture_last_ptr != 0) capture_last_found = TRUE; cc += 1 + LINK_SIZE + IMM2_SIZE; break; case OP_COND: alternative = cc + GET(cc, 1); if (*alternative == OP_KETRMAX || *alternative == OP_KETRMIN) length++; cc += 1 + LINK_SIZE; break; CASE_ITERATOR_PRIVATE_DATA_1 if (PRIVATE_DATA(cc) != 0) length++; cc += 2; #ifdef SUPPORT_UNICODE if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]); #endif break; CASE_ITERATOR_PRIVATE_DATA_2A if (PRIVATE_DATA(cc) != 0) length += 2; cc += 2; #ifdef SUPPORT_UNICODE if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]); #endif break; CASE_ITERATOR_PRIVATE_DATA_2B if (PRIVATE_DATA(cc) != 0) length += 2; cc += 2 + IMM2_SIZE; #ifdef SUPPORT_UNICODE if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]); #endif break; CASE_ITERATOR_TYPE_PRIVATE_DATA_1 if (PRIVATE_DATA(cc) != 0) length++; cc += 1; break; CASE_ITERATOR_TYPE_PRIVATE_DATA_2A if (PRIVATE_DATA(cc) != 0) length += 2; cc += 1; break; CASE_ITERATOR_TYPE_PRIVATE_DATA_2B if (PRIVATE_DATA(cc) != 0) length += 2; cc += 1 + IMM2_SIZE; break; case OP_CLASS: case OP_NCLASS: #if defined SUPPORT_UNICODE || PCRE2_CODE_UNIT_WIDTH != 8 case OP_XCLASS: size = (*cc == OP_XCLASS) ? GET(cc, 1) : 1 + 32 / (int)sizeof(PCRE2_UCHAR); #else size = 1 + 32 / (int)sizeof(PCRE2_UCHAR); #endif if (PRIVATE_DATA(cc) != 0) length += get_class_iterator_size(cc + size); cc += size; break; case OP_MARK: case OP_COMMIT_ARG: case OP_PRUNE_ARG: case OP_THEN_ARG: SLJIT_ASSERT(common->mark_ptr != 0); if (!setmark_found) setmark_found = TRUE; if (common->control_head_ptr != 0) control_head_found = TRUE; if (*cc != OP_MARK) quit_found = TRUE; cc += 1 + 2 + cc[1]; break; case OP_PRUNE: case OP_SKIP: case OP_COMMIT: quit_found = TRUE; cc++; break; case OP_SKIP_ARG: quit_found = TRUE; cc += 1 + 2 + cc[1]; break; case OP_THEN: SLJIT_ASSERT(common->control_head_ptr != 0); quit_found = TRUE; if (!control_head_found) control_head_found = TRUE; cc++; break; case OP_ACCEPT: case OP_ASSERT_ACCEPT: accept_found = TRUE; cc++; break; default: cc = next_opcode(common, cc); SLJIT_ASSERT(cc != NULL); break; } } SLJIT_ASSERT(cc == ccend); if (control_head_found) length++; if (capture_last_found) length++; if (quit_found) { if (setsom_found) length++; if (setmark_found) length++; } *needs_control_head = control_head_found; *has_quit = quit_found; *has_accept = accept_found; return length; }",visit repo url,src/pcre2_jit_compile.c,https://github.com/PCRE2Project/pcre2,152713220206130,1 4040,CWE-119,"de_dotdot( char* file ) { char* cp; char* cp2; int l; while ( ( cp = strstr( file, ""//"") ) != (char*) 0 ) { for ( cp2 = cp + 2; *cp2 == '/'; ++cp2 ) continue; (void) strcpy( cp + 1, cp2 ); } while ( strncmp( file, ""./"", 2 ) == 0 ) (void) memmove( file, file + 2, strlen( file ) - 1 ); while ( ( cp = strstr( file, ""/./"") ) != (char*) 0 ) (void) memmove( cp, cp + 2, strlen( file ) - 1 ); for (;;) { while ( strncmp( file, ""../"", 3 ) == 0 ) (void) memmove( file, file + 3, strlen( file ) - 2 ); cp = strstr( file, ""/../"" ); if ( cp == (char*) 0 ) break; for ( cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2 ) continue; (void) strcpy( cp2 + 1, cp + 4 ); } while ( ( l = strlen( file ) ) > 3 && strcmp( ( cp = file + l - 3 ), ""/.."" ) == 0 ) { for ( cp2 = cp - 1; cp2 >= file && *cp2 != '/'; --cp2 ) continue; if ( cp2 < file ) break; *cp2 = '\0'; } }",visit repo url,src/libhttpd.c,https://github.com/blueness/sthttpd,47542365516981,1 4691,CWE-119,"static int msg_cache_check (const char *id, body_cache_t *bcache, void *data) { CONTEXT *ctx; POP_DATA *pop_data; int i; if (!(ctx = (CONTEXT *)data)) return -1; if (!(pop_data = (POP_DATA *)ctx->data)) return -1; #ifdef USE_HCACHE if (strcmp (HC_FNAME ""."" HC_FEXT, id) == 0) return 0; #endif for (i = 0; i < ctx->msgcount; i++) if (ctx->hdrs[i]->data && mutt_strcmp (ctx->hdrs[i]->data, id) == 0) return 0; return mutt_bcache_del (bcache, id); }",visit repo url,pop.c,https://gitlab.com/muttmua/mutt,124503144756448,1 5482,NVD-CWE-noinfo,"static int isShadowTableName(sqlite3 *db, char *zName){ char *zTail; Table *pTab; Module *pMod; zTail = strrchr(zName, '_'); if( zTail==0 ) return 0; *zTail = 0; pTab = sqlite3FindTable(db, zName, 0); *zTail = '_'; if( pTab==0 ) return 0; if( !IsVirtual(pTab) ) return 0; pMod = (Module*)sqlite3HashFind(&db->aModule, pTab->azModuleArg[0]); if( pMod==0 ) return 0; if( pMod->pModule->iVersion<3 ) return 0; if( pMod->pModule->xShadowName==0 ) return 0; return pMod->pModule->xShadowName(zTail+1); }",visit repo url,src/build.c,https://github.com/sqlite/sqlite,177708259467563,1 5255,['CWE-264'],"static SMB_ACL_T create_posix_acl_from_wire(connection_struct *conn, uint16 num_acls, const char *pdata) { unsigned int i; SMB_ACL_T the_acl = SMB_VFS_SYS_ACL_INIT(conn, num_acls); if (the_acl == NULL) { return NULL; } for (i = 0; i < num_acls; i++) { SMB_ACL_ENTRY_T the_entry; SMB_ACL_PERMSET_T the_permset; SMB_ACL_TAG_T tag_type; if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &the_entry) == -1) { DEBUG(0,(""create_posix_acl_from_wire: Failed to create entry %u. (%s)\n"", i, strerror(errno) )); goto fail; } if (!unix_ex_wire_to_tagtype(CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), &tag_type)) { DEBUG(0,(""create_posix_acl_from_wire: invalid wire tagtype %u on entry %u.\n"", CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), i )); goto fail; } if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, the_entry, tag_type) == -1) { DEBUG(0,(""create_posix_acl_from_wire: Failed to set tagtype on entry %u. (%s)\n"", i, strerror(errno) )); goto fail; } if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, the_entry, &the_permset) == -1) { DEBUG(0,(""create_posix_acl_from_wire: Failed to get permset on entry %u. (%s)\n"", i, strerror(errno) )); goto fail; } if (!unix_ex_wire_to_permset(conn, CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+1), &the_permset)) { DEBUG(0,(""create_posix_acl_from_wire: invalid permset %u on entry %u.\n"", CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE) + 1), i )); goto fail; } if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, the_entry, the_permset) == -1) { DEBUG(0,(""create_posix_acl_from_wire: Failed to add permset on entry %u. (%s)\n"", i, strerror(errno) )); goto fail; } if (tag_type == SMB_ACL_USER) { uint32 uidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2); uid_t uid = (uid_t)uidval; if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&uid) == -1) { DEBUG(0,(""create_posix_acl_from_wire: Failed to set uid %u on entry %u. (%s)\n"", (unsigned int)uid, i, strerror(errno) )); goto fail; } } if (tag_type == SMB_ACL_GROUP) { uint32 gidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2); gid_t gid = (uid_t)gidval; if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&gid) == -1) { DEBUG(0,(""create_posix_acl_from_wire: Failed to set gid %u on entry %u. (%s)\n"", (unsigned int)gid, i, strerror(errno) )); goto fail; } } } return the_acl; fail: if (the_acl != NULL) { SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl); } return NULL; }",samba,,,47443806104858516023442039433904616957,0 6716,CWE-129,"dumpppp(f) FILE *f; { int c, n, k; int nb, nl, dn, proto, rv; char *dir, *q; unsigned char *p, *r, *endp; unsigned char *d; unsigned short fcs; struct pkt *pkt; spkt.cnt = rpkt.cnt = 0; spkt.esc = rpkt.esc = 0; while ((c = getc(f)) != EOF) { switch (c) { case 1: case 2: if (reverse) c = 3 - c; dir = c==1? ""sent"": ""rcvd""; pkt = c==1? &spkt: &rpkt; n = getc(f); n = (n << 8) + getc(f); *(c==1? &tot_sent: &tot_rcvd) += n; for (; n > 0; --n) { c = getc(f); switch (c) { case EOF: printf(""\nEOF\n""); if (spkt.cnt > 0) printf(""[%d bytes in incomplete send packet]\n"", spkt.cnt); if (rpkt.cnt > 0) printf(""[%d bytes in incomplete recv packet]\n"", rpkt.cnt); exit(0); case '~': if (pkt->cnt > 0) { q = dir; if (pkt->esc) { printf(""%s aborted packet:\n "", dir); q = "" ""; } nb = pkt->cnt; p = pkt->buf; pkt->cnt = 0; pkt->esc = 0; if (nb <= 2) { printf(""%s short packet [%d bytes]:"", q, nb); for (k = 0; k < nb; ++k) printf("" %.2x"", p[k]); printf(""\n""); break; } fcs = PPP_INITFCS; for (k = 0; k < nb; ++k) fcs = PPP_FCS(fcs, p[k]); fcs &= 0xFFFF; nb -= 2; endp = p + nb; r = p; if (r[0] == 0xff && r[1] == 3) r += 2; if ((r[0] & 1) == 0) ++r; ++r; if (endp - r > mru) printf("" ERROR: length (%zd) > MRU (%d)\n"", endp - r, mru); if (decompress && fcs == PPP_GOODFCS) { d = dbuf; r = p; if (r[0] == 0xff && r[1] == 3) { *d++ = *r++; *d++ = *r++; } proto = r[0]; if ((proto & 1) == 0) proto = (proto << 8) + r[1]; if (proto == PPP_CCP) { handle_ccp(pkt, r + 2, endp - r - 2); } else if (proto == PPP_COMP) { if ((pkt->flags & CCP_ISUP) && (pkt->flags & CCP_DECOMP_RUN) && pkt->state && (pkt->flags & CCP_ERR) == 0) { rv = pkt->comp->decompress(pkt->state, r, endp - r, d, &dn); switch (rv) { case DECOMP_OK: p = dbuf; nb = d + dn - p; if ((d[0] & 1) == 0) --dn; --dn; if (dn > mru) printf("" ERROR: decompressed length (%d) > MRU (%d)\n"", dn, mru); break; case DECOMP_ERROR: printf("" DECOMPRESSION ERROR\n""); pkt->flags |= CCP_ERROR; break; case DECOMP_FATALERROR: printf("" FATAL DECOMPRESSION ERROR\n""); pkt->flags |= CCP_FATALERROR; break; } } } else if (pkt->state && (pkt->flags & CCP_DECOMP_RUN)) { pkt->comp->incomp(pkt->state, r, endp - r); } } do { nl = nb < 16? nb: 16; printf(""%s "", q); for (k = 0; k < nl; ++k) printf("" %.2x"", p[k]); for (; k < 16; ++k) printf("" ""); printf("" ""); for (k = 0; k < nl; ++k) { c = p[k]; putchar((' ' <= c && c <= '~')? c: '.'); } printf(""\n""); q = "" ""; p += nl; nb -= nl; } while (nb > 0); if (fcs != PPP_GOODFCS) printf("" BAD FCS: (residue = %x)\n"", fcs); } break; case '}': if (!pkt->esc) { pkt->esc = 1; break; } default: if (pkt->esc) { c ^= 0x20; pkt->esc = 0; } pkt->buf[pkt->cnt++] = c; break; } } break; case 3: case 4: if (reverse) c = 7 - c; dir = c==3? ""send"": ""recv""; pkt = c==3? &spkt: &rpkt; printf(""end %s"", dir); if (pkt->cnt > 0) printf("" [%d bytes in incomplete packet]"", pkt->cnt); printf(""\n""); break; case 5: case 6: case 7: show_time(f, c); break; default: printf(""?%.2x\n"", c); } } }",visit repo url,pppdump/pppdump.c,https://github.com/ppp-project/ppp,260566365449916,1 5773,['CWE-200'],"static int rose_accept(struct socket *sock, struct socket *newsock, int flags) { struct sk_buff *skb; struct sock *newsk; DEFINE_WAIT(wait); struct sock *sk; int err = 0; if ((sk = sock->sk) == NULL) return -EINVAL; lock_sock(sk); if (sk->sk_type != SOCK_SEQPACKET) { err = -EOPNOTSUPP; goto out_release; } if (sk->sk_state != TCP_LISTEN) { err = -EINVAL; goto out_release; } for (;;) { prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); skb = skb_dequeue(&sk->sk_receive_queue); if (skb) break; if (flags & O_NONBLOCK) { err = -EWOULDBLOCK; break; } if (!signal_pending(current)) { release_sock(sk); schedule(); lock_sock(sk); continue; } err = -ERESTARTSYS; break; } finish_wait(sk->sk_sleep, &wait); if (err) goto out_release; newsk = skb->sk; sock_graft(newsk, newsock); skb->sk = NULL; kfree_skb(skb); sk->sk_ack_backlog--; out_release: release_sock(sk); return err; }",linux-2.6,,,269725848360297696955126590819715274418,0 6666,['CWE-200'],"nma_menu_vpn_item_clicked (GtkMenuItem *item, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); VPNActivateInfo *info; NMConnection *connection; NMSettingConnection *s_con; NMActiveConnection *active; NMDevice *device = NULL; gboolean is_system; active = applet_get_default_active_connection (applet, &device); if (!active || !device) { g_warning (""%s: no active connection or device."", __func__); return; } connection = NM_CONNECTION (g_object_get_data (G_OBJECT (item), ""connection"")); if (!connection) { g_warning (""%s: no connection associated with menu item!"", __func__); return; } if (applet_get_active_for_connection (applet, connection)) return; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); info = g_malloc0 (sizeof (VPNActivateInfo)); info->applet = applet; info->vpn_name = g_strdup (nm_setting_connection_get_id (s_con)); is_system = is_system_connection (connection); nm_client_activate_connection (applet->nm_client, is_system ? NM_DBUS_SERVICE_SYSTEM_SETTINGS : NM_DBUS_SERVICE_USER_SETTINGS, nm_connection_get_path (connection), device, nm_object_get_path (NM_OBJECT (active)), activate_vpn_cb, info); start_animation_timeout (applet); }",network-manager-applet,,,108174036950033740937243026284319091635,0 262,[],"static int do_ncp_getfsinfo2(unsigned int fd, unsigned int cmd, unsigned long arg) { mm_segment_t old_fs = get_fs(); struct ncp_fs_info_v2_32 n32; struct ncp_fs_info_v2 n; int err; if (copy_from_user(&n32, compat_ptr(arg), sizeof(n32))) return -EFAULT; if (n32.version != NCP_GET_FS_INFO_VERSION_V2) return -EINVAL; n.version = NCP_GET_FS_INFO_VERSION_V2; set_fs(KERNEL_DS); err = sys_ioctl(fd, NCP_IOC_GET_FS_INFO_V2, (unsigned long)&n); set_fs(old_fs); if (!err) { n32.version = n.version; n32.mounted_uid = n.mounted_uid; n32.connection = n.connection; n32.buffer_size = n.buffer_size; n32.volume_number = n.volume_number; n32.directory_id = n.directory_id; n32.dummy1 = n.dummy1; n32.dummy2 = n.dummy2; n32.dummy3 = n.dummy3; err = copy_to_user(compat_ptr(arg), &n32, sizeof(n32)) ? -EFAULT : 0; } return err; }",linux-2.6,,,4931371313630926364254453623035593797,0 5815,CWE-120,"int l2tp_packet_send(int sock, struct l2tp_packet_t *pack) { uint8_t *buf = mempool_alloc(buf_pool); struct l2tp_avp_t *avp; struct l2tp_attr_t *attr; uint8_t *ptr; int n; int len = sizeof(pack->hdr); if (!buf) { log_emerg(""l2tp: out of memory\n""); return -1; } memset(buf, 0, L2TP_MAX_PACKET_SIZE); ptr = buf + sizeof(pack->hdr); list_for_each_entry(attr, &pack->attrs, entry) { if (len + sizeof(*avp) + attr->length >= L2TP_MAX_PACKET_SIZE) { log_error(""l2tp: cann't send packet (exceeds maximum size)\n""); mempool_free(buf); return -1; } avp = (struct l2tp_avp_t *)ptr; avp->type = htons(attr->attr->id); avp->M = attr->M; avp->H = attr->H; avp->length = sizeof(*avp) + attr->length; *(uint16_t *)ptr = htons(*(uint16_t *)ptr); if (attr->H) memcpy(avp->val, attr->val.octets, attr->length); else switch (attr->attr->type) { case ATTR_TYPE_INT16: *(int16_t *)avp->val = htons(attr->val.int16); break; case ATTR_TYPE_INT32: *(int32_t *)avp->val = htonl(attr->val.int32); break; case ATTR_TYPE_INT64: *(uint64_t *)avp->val = htobe64(attr->val.uint64); break; case ATTR_TYPE_STRING: case ATTR_TYPE_OCTETS: memcpy(avp->val, attr->val.string, attr->length); break; } ptr += sizeof(*avp) + attr->length; len += sizeof(*avp) + attr->length; } pack->hdr.length = htons(len); memcpy(buf, &pack->hdr, sizeof(pack->hdr)); n = sendto(sock, buf, ntohs(pack->hdr.length), 0, &pack->addr, sizeof(pack->addr)); mempool_free(buf); if (n < 0) { if (errno == EAGAIN) { if (conf_verbose) log_warn(""l2tp: buffer overflow (packet lost)\n""); } else { if (conf_verbose) log_warn(""l2tp: sendto: %s\n"", strerror(errno)); return -1; } } if (n != ntohs(pack->hdr.length)) { if (conf_verbose) log_warn(""l2tp: short write (%i/%i)\n"", n, ntohs(pack->hdr.length)); } return 0; }",visit repo url,accel-pppd/ctrl/l2tp/packet.c,https://github.com/accel-ppp/accel-ppp,110196780369999,1 5071,['CWE-20'],"static void move_msr_up(struct vcpu_vmx *vmx, int from, int to) { struct kvm_msr_entry tmp; tmp = vmx->guest_msrs[to]; vmx->guest_msrs[to] = vmx->guest_msrs[from]; vmx->guest_msrs[from] = tmp; tmp = vmx->host_msrs[to]; vmx->host_msrs[to] = vmx->host_msrs[from]; vmx->host_msrs[from] = tmp; }",linux-2.6,,,324722964053795119659565793987608811799,0 772,CWE-20,"static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); struct sk_buff *skb; size_t copied; int err; IRDA_DEBUG(4, ""%s()\n"", __func__); msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) return err; skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { IRDA_DEBUG(2, ""%s(), Received truncated frame (%zd < %zd)!\n"", __func__, copied, size); copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",visit repo url,net/irda/af_irda.c,https://github.com/torvalds/linux,97188153830666,1 80,CWE-772,"getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) { static getprivs_ret ret; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_getprivs_ret, &ret); if ((ret.code = new_server_handle(*arg, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } ret.code = kadm5_get_privs((void *)handle, &ret.privs); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_get_privs"", client_name.value, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,227871782296867,1 5296,['CWE-119'],"static __inline__ ssize_t tun_get_user(struct tun_struct *tun, const struct iovec *iv, size_t count, int noblock) { struct tun_pi pi = { 0, cpu_to_be16(ETH_P_IP) }; struct sk_buff *skb; size_t len = count, align = 0; struct virtio_net_hdr gso = { 0 }; int offset = 0; if (!(tun->flags & TUN_NO_PI)) { if ((len -= sizeof(pi)) > count) return -EINVAL; if (memcpy_fromiovecend((void *)&pi, iv, 0, sizeof(pi))) return -EFAULT; offset += sizeof(pi); } if (tun->flags & TUN_VNET_HDR) { if ((len -= sizeof(gso)) > count) return -EINVAL; if (memcpy_fromiovecend((void *)&gso, iv, offset, sizeof(gso))) return -EFAULT; if ((gso.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && gso.csum_start + gso.csum_offset + 2 > gso.hdr_len) gso.hdr_len = gso.csum_start + gso.csum_offset + 2; if (gso.hdr_len > len) return -EINVAL; offset += sizeof(gso); } if ((tun->flags & TUN_TYPE_MASK) == TUN_TAP_DEV) { align = NET_IP_ALIGN; if (unlikely(len < ETH_HLEN || (gso.hdr_len && gso.hdr_len < ETH_HLEN))) return -EINVAL; } skb = tun_alloc_skb(tun, align, len, gso.hdr_len, noblock); if (IS_ERR(skb)) { if (PTR_ERR(skb) != -EAGAIN) tun->dev->stats.rx_dropped++; return PTR_ERR(skb); } if (skb_copy_datagram_from_iovec(skb, 0, iv, offset, len)) { tun->dev->stats.rx_dropped++; kfree_skb(skb); return -EFAULT; } if (gso.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) { if (!skb_partial_csum_set(skb, gso.csum_start, gso.csum_offset)) { tun->dev->stats.rx_frame_errors++; kfree_skb(skb); return -EINVAL; } } else if (tun->flags & TUN_NOCHECKSUM) skb->ip_summed = CHECKSUM_UNNECESSARY; switch (tun->flags & TUN_TYPE_MASK) { case TUN_TUN_DEV: if (tun->flags & TUN_NO_PI) { switch (skb->data[0] & 0xf0) { case 0x40: pi.proto = htons(ETH_P_IP); break; case 0x60: pi.proto = htons(ETH_P_IPV6); break; default: tun->dev->stats.rx_dropped++; kfree_skb(skb); return -EINVAL; } } skb_reset_mac_header(skb); skb->protocol = pi.proto; skb->dev = tun->dev; break; case TUN_TAP_DEV: skb->protocol = eth_type_trans(skb, tun->dev); break; }; if (gso.gso_type != VIRTIO_NET_HDR_GSO_NONE) { pr_debug(""GSO!\n""); switch (gso.gso_type & ~VIRTIO_NET_HDR_GSO_ECN) { case VIRTIO_NET_HDR_GSO_TCPV4: skb_shinfo(skb)->gso_type = SKB_GSO_TCPV4; break; case VIRTIO_NET_HDR_GSO_TCPV6: skb_shinfo(skb)->gso_type = SKB_GSO_TCPV6; break; default: tun->dev->stats.rx_frame_errors++; kfree_skb(skb); return -EINVAL; } if (gso.gso_type & VIRTIO_NET_HDR_GSO_ECN) skb_shinfo(skb)->gso_type |= SKB_GSO_TCP_ECN; skb_shinfo(skb)->gso_size = gso.gso_size; if (skb_shinfo(skb)->gso_size == 0) { tun->dev->stats.rx_frame_errors++; kfree_skb(skb); return -EINVAL; } skb_shinfo(skb)->gso_type |= SKB_GSO_DODGY; skb_shinfo(skb)->gso_segs = 0; } netif_rx_ni(skb); tun->dev->stats.rx_packets++; tun->dev->stats.rx_bytes += len; return count; }",linux-2.6,,,88105641529389423923485688371262736199,0 4038,['CWE-362'],"static inline struct list_head *chunk_hash(const struct inode *inode) { unsigned long n = (unsigned long)inode / L1_CACHE_BYTES; return chunk_hash_heads + n % HASH_SIZE; }",linux-2.6,,,71614131554888938976586252656315652288,0 1100,CWE-362,"static int inet_sk_reselect_saddr(struct sock *sk) { struct inet_sock *inet = inet_sk(sk); __be32 old_saddr = inet->inet_saddr; __be32 daddr = inet->inet_daddr; struct flowi4 fl4; struct rtable *rt; __be32 new_saddr; if (inet->opt && inet->opt->srr) daddr = inet->opt->faddr; rt = ip_route_connect(&fl4, daddr, 0, RT_CONN_FLAGS(sk), sk->sk_bound_dev_if, sk->sk_protocol, inet->inet_sport, inet->inet_dport, sk, false); if (IS_ERR(rt)) return PTR_ERR(rt); sk_setup_caps(sk, &rt->dst); new_saddr = rt->rt_src; if (new_saddr == old_saddr) return 0; if (sysctl_ip_dynaddr > 1) { printk(KERN_INFO ""%s(): shifting inet->saddr from %pI4 to %pI4\n"", __func__, &old_saddr, &new_saddr); } inet->inet_saddr = inet->inet_rcv_saddr = new_saddr; __sk_prot_rehash(sk); return 0; }",visit repo url,net/ipv4/af_inet.c,https://github.com/torvalds/linux,35502956441827,1 6365,[],"void processTnef (TNEFStruct *tnef, const gchar *tmpdir) { variableLength *filename; variableLength *filedata; Attachment *p; gint RealAttachment; gint object; gchar *ifilename = NULL; gchar *absfilename, *file; gint count; gint foundCal=0; FILE *fptr; if (tnef->messageClass[0] != 0) { if (strcmp(tnef->messageClass, ""IPM.Contact"") == 0) { saveVCard (tnef, tmpdir); } if (strcmp(tnef->messageClass, ""IPM.Task"") == 0) { saveVTask (tnef, tmpdir); } if (strcmp(tnef->messageClass, ""IPM.Appointment"") == 0) { saveVCalendar (tnef, tmpdir); foundCal = 1; } } if ((filename = MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8,0x24))) != MAPI_UNDEFINED) { if (strcmp(filename->data, ""IPM.Appointment"") == 0) { if (foundCal == 0) { saveVCalendar (tnef, tmpdir); } } } if (strcmp(tnef->messageClass, ""IPM.Microsoft Mail.Note"") == 0) { if ((saveRTF == 1) && (tnef->subject.size > 0)) { if ((filename=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_BINARY, PR_RTF_COMPRESSED))) != MAPI_UNDEFINED) { variableLength buf; if ((buf.data = (gchar *) DecompressRTF (filename, &buf.size)) != NULL) { file = sanitize_filename (tnef->subject.data); if (!file) return; absfilename = g_strconcat (file, "".rtf"", NULL); ifilename = g_build_filename (tmpdir, file, NULL); g_free (absfilename); g_free (file); if ((fptr = fopen(ifilename, ""wb""))==NULL) { printf(""ERROR: Error writing file to disk!""); } else { fwrite (buf.data, sizeof (BYTE), buf.size, fptr); fclose (fptr); } free (buf.data); } } } } p = tnef->starting_attach.next; count = 0; while (p != NULL) { count++; if (p->FileData.size > 0) { object = 1; if ((filedata = MAPIFindProperty (&(p->MAPI), PROP_TAG (PT_OBJECT, PR_ATTACH_DATA_OBJ))) == MAPI_UNDEFINED) { if ((filedata = MAPIFindProperty (&(p->MAPI), PROP_TAG (PT_BINARY, PR_ATTACH_DATA_OBJ))) == MAPI_UNDEFINED) { filedata = &(p->FileData); object = 0; } } RealAttachment = 1; if (object == 1) { TNEFStruct emb_tnef; DWORD signature; memcpy (&signature, filedata->data+16, sizeof (DWORD)); if (TNEFCheckForSignature (signature) == 0) { TNEFInitialize (&emb_tnef); emb_tnef.Debug = tnef->Debug; if (TNEFParseMemory ((guchar *) filedata->data+16, filedata->size-16, &emb_tnef) != -1) { processTnef (&emb_tnef, tmpdir); RealAttachment = 0; } TNEFFree (&emb_tnef); } } else { TNEFStruct emb_tnef; DWORD signature; memcpy (&signature, filedata->data, sizeof (DWORD)); if (TNEFCheckForSignature (signature) == 0) { TNEFInitialize (&emb_tnef); emb_tnef.Debug = tnef->Debug; if (TNEFParseMemory ((guchar *) filedata->data, filedata->size, &emb_tnef) != -1) { processTnef (&emb_tnef, tmpdir); RealAttachment = 0; } TNEFFree (&emb_tnef); } } if ((RealAttachment == 1) || (saveintermediate == 1)) { gchar tmpname[20]; if ((filename = MAPIFindProperty (&(p->MAPI), PROP_TAG (PT_STRING8, PR_ATTACH_LONG_FILENAME))) == MAPI_UNDEFINED) { if ((filename = MAPIFindProperty (&(p->MAPI), PROP_TAG (PT_STRING8, PR_DISPLAY_NAME))) == MAPI_UNDEFINED) { filename = &(p->Title); } } if (filename->size == 1) { filename->size = 20; g_sprintf(tmpname, ""file_%03i.dat"", count); filename->data = tmpname; } absfilename = sanitize_filename (filename->data); if (!absfilename) return; ifilename = g_build_filename (tmpdir, absfilename, NULL); g_free (absfilename); if ((fptr = fopen(ifilename, ""wb""))==NULL) { printf(""ERROR: Error writing file to disk!""); } else { if (object == 1) { fwrite (filedata->data + 16, sizeof (BYTE), filedata->size - 16, fptr); } else { fwrite (filedata->data, sizeof (BYTE), filedata->size, fptr); } fclose (fptr); } } } p=p->next; } g_free (ifilename); }",evolution,,,236289704046063203001460583108593158670,0 1708,[],"asmlinkage void __sched schedule(void) { struct task_struct *prev, *next; unsigned long *switch_count; struct rq *rq; int cpu; need_resched: preempt_disable(); cpu = smp_processor_id(); rq = cpu_rq(cpu); rcu_qsctr_inc(cpu); prev = rq->curr; switch_count = &prev->nivcsw; release_kernel_lock(prev); need_resched_nonpreemptible: schedule_debug(prev); hrtick_clear(rq); local_irq_disable(); __update_rq_clock(rq); spin_lock(&rq->lock); clear_tsk_need_resched(prev); if (prev->state && !(preempt_count() & PREEMPT_ACTIVE)) { if (unlikely((prev->state & TASK_INTERRUPTIBLE) && signal_pending(prev))) { prev->state = TASK_RUNNING; } else { deactivate_task(rq, prev, 1); } switch_count = &prev->nvcsw; } #ifdef CONFIG_SMP if (prev->sched_class->pre_schedule) prev->sched_class->pre_schedule(rq, prev); #endif if (unlikely(!rq->nr_running)) idle_balance(cpu, rq); prev->sched_class->put_prev_task(rq, prev); next = pick_next_task(rq, prev); sched_info_switch(prev, next); if (likely(prev != next)) { rq->nr_switches++; rq->curr = next; ++*switch_count; context_switch(rq, prev, next); cpu = smp_processor_id(); rq = cpu_rq(cpu); } else spin_unlock_irq(&rq->lock); hrtick_set(rq); if (unlikely(reacquire_kernel_lock(current) < 0)) goto need_resched_nonpreemptible; preempt_enable_no_resched(); if (unlikely(test_thread_flag(TIF_NEED_RESCHED))) goto need_resched; }",linux-2.6,,,169113908827453050170403063733980994042,0 154,[],"static void ioctl32_insert_translation(struct ioctl_trans *trans) { unsigned long hash; struct ioctl_trans *t; hash = ioctl32_hash (trans->cmd); if (!ioctl32_hash_table[hash]) ioctl32_hash_table[hash] = trans; else { t = ioctl32_hash_table[hash]; while (t->next) t = t->next; trans->next = NULL; t->next = trans; } }",linux-2.6,,,18858559045220774643870160326925213581,0 6018,CWE-863,"static void settings_changed(struct btd_adapter *adapter, uint32_t settings) { uint32_t changed_mask; changed_mask = adapter->current_settings ^ settings; adapter->current_settings = settings; adapter->pending_settings &= ~changed_mask; DBG(""Changed settings: 0x%08x"", changed_mask); DBG(""Pending settings: 0x%08x"", adapter->pending_settings); if (changed_mask & MGMT_SETTING_POWERED) { g_dbus_emit_property_changed(dbus_conn, adapter->path, ADAPTER_INTERFACE, ""Powered""); if (adapter->current_settings & MGMT_SETTING_POWERED) { adapter_start(adapter); } else { adapter_stop(adapter); if (powering_down) { adapter_remaining--; if (!adapter_remaining) btd_exit(); } } } if ((changed_mask & MGMT_SETTING_LE) && btd_adapter_get_powered(adapter) && (adapter->current_settings & MGMT_SETTING_LE)) trigger_passive_scanning(adapter); if (changed_mask & MGMT_SETTING_DISCOVERABLE) { g_dbus_emit_property_changed(dbus_conn, adapter->path, ADAPTER_INTERFACE, ""Discoverable""); store_adapter_info(adapter); btd_adv_manager_refresh(adapter->adv_manager); } if (changed_mask & MGMT_SETTING_BONDABLE) { g_dbus_emit_property_changed(dbus_conn, adapter->path, ADAPTER_INTERFACE, ""Pairable""); trigger_pairable_timeout(adapter); } }",visit repo url,src/adapter.c,https://github.com/bluez/bluez,222258442958729,1 1776,[],"void account_system_time(struct task_struct *p, int hardirq_offset, cputime_t cputime) { struct cpu_usage_stat *cpustat = &kstat_this_cpu.cpustat; struct rq *rq = this_rq(); cputime64_t tmp; if ((p->flags & PF_VCPU) && (irq_count() - hardirq_offset == 0)) return account_guest_time(p, cputime); p->stime = cputime_add(p->stime, cputime); tmp = cputime_to_cputime64(cputime); if (hardirq_count() - hardirq_offset) cpustat->irq = cputime64_add(cpustat->irq, tmp); else if (softirq_count()) cpustat->softirq = cputime64_add(cpustat->softirq, tmp); else if (p != rq->idle) cpustat->system = cputime64_add(cpustat->system, tmp); else if (atomic_read(&rq->nr_iowait) > 0) cpustat->iowait = cputime64_add(cpustat->iowait, tmp); else cpustat->idle = cputime64_add(cpustat->idle, tmp); acct_update_integrals(p); }",linux-2.6,,,329553189684109723732747242668078546436,0 3562,CWE-190,"static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf, int bufsize) { assert(!stream->bufbase_); if (bufmode != JAS_STREAM_UNBUF) { if (!buf) { if ((stream->bufbase_ = jas_malloc(JAS_STREAM_BUFSIZE + JAS_STREAM_MAXPUTBACK))) { stream->bufmode_ |= JAS_STREAM_FREEBUF; stream->bufsize_ = JAS_STREAM_BUFSIZE; } else { stream->bufbase_ = stream->tinybuf_; stream->bufsize_ = 1; } } else { assert(bufsize > JAS_STREAM_MAXPUTBACK); stream->bufbase_ = JAS_CAST(uchar *, buf); stream->bufsize_ = bufsize - JAS_STREAM_MAXPUTBACK; } } else { assert(!buf); stream->bufbase_ = stream->tinybuf_; stream->bufsize_ = 1; } stream->bufstart_ = &stream->bufbase_[JAS_STREAM_MAXPUTBACK]; stream->ptr_ = stream->bufstart_; stream->cnt_ = 0; stream->bufmode_ |= bufmode & JAS_STREAM_BUFMODEMASK; }",visit repo url,src/libjasper/base/jas_stream.c,https://github.com/mdadams/jasper,98761166910627,1 3085,NVD-CWE-Other,"int dtls1_get_record(SSL *s) { int ssl_major,ssl_minor; int i,n; SSL3_RECORD *rr; unsigned char *p = NULL; unsigned short version; DTLS1_BITMAP *bitmap; unsigned int is_next_epoch; rr= &(s->s3->rrec); dtls1_process_buffered_records(s); if (dtls1_get_processed_record(s)) return 1; again: if ( (s->rstate != SSL_ST_READ_BODY) || (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); if (n <= 0) return(n); if (s->packet_length != DTLS1_RT_HEADER_LENGTH) { s->packet_length = 0; goto again; } s->rstate=SSL_ST_READ_BODY; p=s->packet; if (s->msg_callback) s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); rr->type= *(p++); ssl_major= *(p++); ssl_minor= *(p++); version=(ssl_major<<8)|ssl_minor; n2s(p,rr->epoch); memcpy(&(s->s3->read_sequence[2]), p, 6); p+=6; n2s(p,rr->length); if (!s->first_packet) { if (version != s->version) { rr->length = 0; s->packet_length = 0; goto again; } } if ((version & 0xff00) != (s->version & 0xff00)) { rr->length = 0; s->packet_length = 0; goto again; } if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { rr->length = 0; s->packet_length = 0; goto again; } } if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH) { i=rr->length; n=ssl3_read_n(s,i,i,1); if (n <= 0) return(n); if ( n != i) { rr->length = 0; s->packet_length = 0; goto again; } } s->rstate=SSL_ST_READ_HEADER; bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); if ( bitmap == NULL) { rr->length = 0; s->packet_length = 0; goto again; } #ifndef OPENSSL_NO_SCTP if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) { #endif if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && *p == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; s->packet_length=0; goto again; } #ifndef OPENSSL_NO_SCTP } #endif if (rr->length == 0) goto again; if (is_next_epoch) { if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); } rr->length = 0; s->packet_length = 0; goto again; } if (!dtls1_process_record(s)) { rr->length = 0; s->packet_length = 0; goto again; } return(1); }",visit repo url,ssl/d1_pkt.c,https://github.com/openssl/openssl,142323681853638,1 2393,['CWE-119'],"int handle_revision_arg(const char *arg, struct rev_info *revs, int flags, int cant_be_filename) { unsigned mode; char *dotdot; struct object *object; unsigned char sha1[20]; int local_flags; dotdot = strstr(arg, ""..""); if (dotdot) { unsigned char from_sha1[20]; const char *next = dotdot + 2; const char *this = arg; int symmetric = *next == '.'; unsigned int flags_exclude = flags ^ UNINTERESTING; *dotdot = 0; next += symmetric; if (!*next) next = ""HEAD""; if (dotdot == arg) this = ""HEAD""; if (!get_sha1(this, from_sha1) && !get_sha1(next, sha1)) { struct commit *a, *b; struct commit_list *exclude; a = lookup_commit_reference(from_sha1); b = lookup_commit_reference(sha1); if (!a || !b) { die(symmetric ? ""Invalid symmetric difference expression %s...%s"" : ""Invalid revision range %s..%s"", arg, next); } if (!cant_be_filename) { *dotdot = '.'; verify_non_filename(revs->prefix, arg); } if (symmetric) { exclude = get_merge_bases(a, b, 1); add_pending_commit_list(revs, exclude, flags_exclude); free_commit_list(exclude); a->object.flags |= flags | SYMMETRIC_LEFT; } else a->object.flags |= flags_exclude; b->object.flags |= flags; add_pending_object(revs, &a->object, this); add_pending_object(revs, &b->object, next); return 0; } *dotdot = '.'; } dotdot = strstr(arg, ""^@""); if (dotdot && !dotdot[2]) { *dotdot = 0; if (add_parents_only(revs, arg, flags)) return 0; *dotdot = '^'; } dotdot = strstr(arg, ""^!""); if (dotdot && !dotdot[2]) { *dotdot = 0; if (!add_parents_only(revs, arg, flags ^ UNINTERESTING)) *dotdot = '^'; } local_flags = 0; if (*arg == '^') { local_flags = UNINTERESTING; arg++; } if (get_sha1_with_mode(arg, sha1, &mode)) return -1; if (!cant_be_filename) verify_non_filename(revs->prefix, arg); object = get_reference(revs, arg, sha1, flags ^ local_flags); add_pending_object_with_mode(revs, object, arg, mode); return 0; }",git,,,131079860842666814548483543688785992986,0 2204,['CWE-193'],"struct page *__page_cache_alloc(gfp_t gfp) { if (cpuset_do_page_mem_spread()) { int n = cpuset_mem_spread_node(); return alloc_pages_node(n, gfp, 0); } return alloc_pages(gfp, 0); }",linux-2.6,,,206026268084138732905114938724454729251,0 4865,CWE-119,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 2194,['CWE-193'],"inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, int isblk) { struct inode *inode = file->f_mapping->host; unsigned long limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; if (unlikely(*pos < 0)) return -EINVAL; if (!isblk) { if (file->f_flags & O_APPEND) *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { if (*pos >= limit) { send_sig(SIGXFSZ, current, 0); return -EFBIG; } if (*count > limit - (typeof(limit))*pos) { *count = limit - (typeof(limit))*pos; } } } if (unlikely(*pos + *count > MAX_NON_LFS && !(file->f_flags & O_LARGEFILE))) { if (*pos >= MAX_NON_LFS) { return -EFBIG; } if (*count > MAX_NON_LFS - (unsigned long)*pos) { *count = MAX_NON_LFS - (unsigned long)*pos; } } if (likely(!isblk)) { if (unlikely(*pos >= inode->i_sb->s_maxbytes)) { if (*count || *pos > inode->i_sb->s_maxbytes) { return -EFBIG; } } if (unlikely(*pos + *count > inode->i_sb->s_maxbytes)) *count = inode->i_sb->s_maxbytes - *pos; } else { #ifdef CONFIG_BLOCK loff_t isize; if (bdev_read_only(I_BDEV(inode))) return -EPERM; isize = i_size_read(inode); if (*pos >= isize) { if (*count || *pos > isize) return -ENOSPC; } if (*pos + *count > isize) *count = isize - *pos; #else return -EPERM; #endif } return 0; }",linux-2.6,,,145137086531870423680233382481104759663,0 3823,CWE-476,"uc_list(char_u *name, size_t name_len) { int i, j; int found = FALSE; ucmd_T *cmd; int len; int over; long a; garray_T *gap; gap = #ifdef FEAT_CMDWIN is_in_cmdwin() ? &prevwin->w_buffer->b_ucmds : #endif &curbuf->b_ucmds; for (;;) { for (i = 0; i < gap->ga_len; ++i) { cmd = USER_CMD_GA(gap, i); a = (long)cmd->uc_argt; if (STRNCMP(name, cmd->uc_name, name_len) != 0 || message_filtered(cmd->uc_name)) continue; if (!found) msg_puts_title(_(""\n Name Args Address Complete Definition"")); found = TRUE; msg_putchar('\n'); if (got_int) break; len = 4; if (a & EX_BANG) { msg_putchar('!'); --len; } if (a & EX_REGSTR) { msg_putchar('""'); --len; } if (gap != &ucmds) { msg_putchar('b'); --len; } if (a & EX_TRLBAR) { msg_putchar('|'); --len; } while (len-- > 0) msg_putchar(' '); msg_outtrans_attr(cmd->uc_name, HL_ATTR(HLF_D)); len = (int)STRLEN(cmd->uc_name) + 4; do { msg_putchar(' '); ++len; } while (len < 22); over = len - 22; len = 0; switch ((int)(a & (EX_EXTRA|EX_NOSPC|EX_NEEDARG))) { case 0: IObuff[len++] = '0'; break; case (EX_EXTRA): IObuff[len++] = '*'; break; case (EX_EXTRA|EX_NOSPC): IObuff[len++] = '?'; break; case (EX_EXTRA|EX_NEEDARG): IObuff[len++] = '+'; break; case (EX_EXTRA|EX_NOSPC|EX_NEEDARG): IObuff[len++] = '1'; break; } do { IObuff[len++] = ' '; } while (len < 5 - over); if (a & (EX_RANGE|EX_COUNT)) { if (a & EX_COUNT) { sprintf((char *)IObuff + len, ""%ldc"", cmd->uc_def); len += (int)STRLEN(IObuff + len); } else if (a & EX_DFLALL) IObuff[len++] = '%'; else if (cmd->uc_def >= 0) { sprintf((char *)IObuff + len, ""%ld"", cmd->uc_def); len += (int)STRLEN(IObuff + len); } else IObuff[len++] = '.'; } do { IObuff[len++] = ' '; } while (len < 8 - over); for (j = 0; addr_type_complete[j].expand != ADDR_NONE; ++j) if (addr_type_complete[j].expand != ADDR_LINES && addr_type_complete[j].expand == cmd->uc_addr_type) { STRCPY(IObuff + len, addr_type_complete[j].shortname); len += (int)STRLEN(IObuff + len); break; } do { IObuff[len++] = ' '; } while (len < 13 - over); for (j = 0; command_complete[j].expand != 0; ++j) if (command_complete[j].expand == cmd->uc_compl) { STRCPY(IObuff + len, command_complete[j].name); len += (int)STRLEN(IObuff + len); #ifdef FEAT_EVAL if (p_verbose > 0 && cmd->uc_compl_arg != NULL && STRLEN(cmd->uc_compl_arg) < 200) { IObuff[len] = ','; STRCPY(IObuff + len + 1, cmd->uc_compl_arg); len += (int)STRLEN(IObuff + len); } #endif break; } do { IObuff[len++] = ' '; } while (len < 25 - over); IObuff[len] = '\0'; msg_outtrans(IObuff); msg_outtrans_special(cmd->uc_rep, FALSE, name_len == 0 ? Columns - 47 : 0); #ifdef FEAT_EVAL if (p_verbose > 0) last_set_msg(cmd->uc_script_ctx); #endif out_flush(); ui_breakcheck(); if (got_int) break; } if (gap == &ucmds || i < gap->ga_len) break; gap = &ucmds; } if (!found) msg(_(""No user-defined commands found"")); }",visit repo url,src/usercmd.c,https://github.com/vim/vim,224491094153075,1 6400,['CWE-59'],"uppercase_string(char *string) { if (!string) return 1; while (*string) { if ((unsigned char) string[0] & 0x80) return 0; *string = toupper((unsigned char) *string); string++; } return 1; }",samba,,,263716957714504682504615421490201729642,0 1127,CWE-362,"int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct sockaddr_in *usin = (struct sockaddr_in *)uaddr; struct inet_sock *inet = inet_sk(sk); struct tcp_sock *tp = tcp_sk(sk); __be16 orig_sport, orig_dport; __be32 daddr, nexthop; struct flowi4 fl4; struct rtable *rt; int err; if (addr_len < sizeof(struct sockaddr_in)) return -EINVAL; if (usin->sin_family != AF_INET) return -EAFNOSUPPORT; nexthop = daddr = usin->sin_addr.s_addr; if (inet->opt && inet->opt->srr) { if (!daddr) return -EINVAL; nexthop = inet->opt->faddr; } orig_sport = inet->inet_sport; orig_dport = usin->sin_port; rt = ip_route_connect(&fl4, nexthop, inet->inet_saddr, RT_CONN_FLAGS(sk), sk->sk_bound_dev_if, IPPROTO_TCP, orig_sport, orig_dport, sk, true); if (IS_ERR(rt)) { err = PTR_ERR(rt); if (err == -ENETUNREACH) IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES); return err; } if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) { ip_rt_put(rt); return -ENETUNREACH; } if (!inet->opt || !inet->opt->srr) daddr = rt->rt_dst; if (!inet->inet_saddr) inet->inet_saddr = rt->rt_src; inet->inet_rcv_saddr = inet->inet_saddr; if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) { tp->rx_opt.ts_recent = 0; tp->rx_opt.ts_recent_stamp = 0; tp->write_seq = 0; } if (tcp_death_row.sysctl_tw_recycle && !tp->rx_opt.ts_recent_stamp && rt->rt_dst == daddr) { struct inet_peer *peer = rt_get_peer(rt); if (peer) { inet_peer_refcheck(peer); if ((u32)get_seconds() - peer->tcp_ts_stamp <= TCP_PAWS_MSL) { tp->rx_opt.ts_recent_stamp = peer->tcp_ts_stamp; tp->rx_opt.ts_recent = peer->tcp_ts; } } } inet->inet_dport = usin->sin_port; inet->inet_daddr = daddr; inet_csk(sk)->icsk_ext_hdr_len = 0; if (inet->opt) inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen; tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT; tcp_set_state(sk, TCP_SYN_SENT); err = inet_hash_connect(&tcp_death_row, sk); if (err) goto failure; rt = ip_route_newports(&fl4, rt, orig_sport, orig_dport, inet->inet_sport, inet->inet_dport, sk); if (IS_ERR(rt)) { err = PTR_ERR(rt); rt = NULL; goto failure; } sk->sk_gso_type = SKB_GSO_TCPV4; sk_setup_caps(sk, &rt->dst); if (!tp->write_seq) tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr, inet->inet_daddr, inet->inet_sport, usin->sin_port); inet->inet_id = tp->write_seq ^ jiffies; err = tcp_connect(sk); rt = NULL; if (err) goto failure; return 0; failure: tcp_set_state(sk, TCP_CLOSE); ip_rt_put(rt); sk->sk_route_caps = 0; inet->inet_dport = 0; return err; }",visit repo url,net/ipv4/tcp_ipv4.c,https://github.com/torvalds/linux,55400805322598,1 2375,['CWE-119'],"void diff_change(struct diff_options *options, unsigned old_mode, unsigned new_mode, const unsigned char *old_sha1, const unsigned char *new_sha1, const char *concatpath) { struct diff_filespec *one, *two; if (DIFF_OPT_TST(options, IGNORE_SUBMODULES) && S_ISGITLINK(old_mode) && S_ISGITLINK(new_mode)) return; if (DIFF_OPT_TST(options, REVERSE_DIFF)) { unsigned tmp; const unsigned char *tmp_c; tmp = old_mode; old_mode = new_mode; new_mode = tmp; tmp_c = old_sha1; old_sha1 = new_sha1; new_sha1 = tmp_c; } if (options->prefix && strncmp(concatpath, options->prefix, options->prefix_length)) return; one = alloc_filespec(concatpath); two = alloc_filespec(concatpath); fill_filespec(one, old_sha1, old_mode); fill_filespec(two, new_sha1, new_mode); diff_queue(&diff_queued_diff, one, two); DIFF_OPT_SET(options, HAS_CHANGES); }",git,,,222480947992836709270622958948229525808,0 742,CWE-20,"static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int copied = 0; int target; int err = 0; long timeo; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; err = -EAGAIN; if (sk->sk_state == CAIF_CONNECTING) goto out; caif_read_lock(sk); target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); do { int chunk; struct sk_buff *skb; lock_sock(sk); skb = skb_dequeue(&sk->sk_receive_queue); caif_check_flow_release(sk); if (skb == NULL) { if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; err = -ECONNRESET; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; err = -EPIPE; if (sk->sk_state != CAIF_CONNECTED) goto unlock; if (sock_flag(sk, SOCK_DEAD)) goto unlock; release_sock(sk); err = -EAGAIN; if (!timeo) break; caif_read_unlock(sk); timeo = caif_stream_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } caif_read_lock(sk); continue; unlock: release_sock(sk); break; } release_sock(sk); chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); caif_read_unlock(sk); out: return copied ? : err; }",visit repo url,net/caif/caif_socket.c,https://github.com/torvalds/linux,221882276043621,1 2219,NVD-CWE-noinfo,"nfs4_atomic_open(struct inode *dir, struct dentry *dentry, struct nameidata *nd) { struct path path = { .mnt = nd->path.mnt, .dentry = dentry, }; struct dentry *parent; struct iattr attr; struct rpc_cred *cred; struct nfs4_state *state; struct dentry *res; if (nd->flags & LOOKUP_CREATE) { attr.ia_mode = nd->intent.open.create_mode; attr.ia_valid = ATTR_MODE; if (!IS_POSIXACL(dir)) attr.ia_mode &= ~current->fs->umask; } else { attr.ia_valid = 0; BUG_ON(nd->intent.open.flags & O_CREAT); } cred = rpc_lookup_cred(); if (IS_ERR(cred)) return (struct dentry *)cred; parent = dentry->d_parent; nfs_block_sillyrename(parent); state = nfs4_do_open(dir, &path, nd->intent.open.flags, &attr, cred); put_rpccred(cred); if (IS_ERR(state)) { if (PTR_ERR(state) == -ENOENT) { d_add(dentry, NULL); nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); } nfs_unblock_sillyrename(parent); return (struct dentry *)state; } res = d_add_unique(dentry, igrab(state->inode)); if (res != NULL) path.dentry = res; nfs_set_verifier(path.dentry, nfs_save_change_attribute(dir)); nfs_unblock_sillyrename(parent); nfs4_intent_set_file(nd, &path, state); return res; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,220581473663971,1 6637,NVD-CWE-noinfo,"njs_typed_array_set_value(njs_vm_t *vm, njs_typed_array_t *array, uint32_t index, njs_value_t *setval) { double num; njs_int_t ret; njs_array_buffer_t *buffer; ret = njs_value_to_number(vm, setval, &num); if (njs_slow_path(ret != NJS_OK)) { return ret; } buffer = njs_typed_array_writable(vm, array); if (njs_slow_path(buffer == NULL)) { return NJS_ERROR; } njs_typed_array_prop_set(vm, array, index, num); njs_set_number(setval, num); return NJS_OK; }",visit repo url,src/njs_typed_array.c,https://github.com/nginx/njs,35039231172510,1 6694,['CWE-200'],"get_model_for_connection (NMConnectionList *list, NMExportedConnection *exported) { NMConnection *connection; NMSettingConnection *s_con; GtkTreeView *treeview; GtkTreeModel *model; const char *str_type; connection = nm_exported_connection_get_connection (exported); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); str_type = s_con ? nm_setting_connection_get_connection_type (s_con) : NULL; if (!str_type) { g_warning (""Ignoring incomplete connection""); return NULL; } if (!strcmp (str_type, NM_SETTING_CDMA_SETTING_NAME)) str_type = NM_SETTING_GSM_SETTING_NAME; treeview = get_treeview_for_type (list, nm_connection_lookup_setting_type (str_type)); if (!treeview) { g_warning (""No registered treeview for connection type '%s'"", str_type); return NULL; } model = gtk_tree_view_get_model (treeview); if (GTK_IS_TREE_MODEL_SORT (model)) return GTK_LIST_STORE (gtk_tree_model_sort_get_model (GTK_TREE_MODEL_SORT (model))); return GTK_LIST_STORE (model); }",network-manager-applet,,,105877902650384390486384612326134563965,0 4216,CWE-125,"static bool r_bin_mdmp_init_directory_entry(struct r_bin_mdmp_obj *obj, struct minidump_directory *entry) { int i; struct minidump_handle_operation_list *handle_operation_list; struct minidump_memory_list *memory_list; struct minidump_memory64_list *memory64_list; struct minidump_memory_info_list *memory_info_list; struct minidump_module_list *module_list; struct minidump_thread_list *thread_list; struct minidump_thread_ex_list *thread_ex_list; struct minidump_thread_info_list *thread_info_list; struct minidump_unloaded_module_list *unloaded_module_list; struct avrf_handle_operation *handle_operations; struct minidump_memory_descriptor *memories; struct minidump_memory_descriptor64 *memories64; struct minidump_memory_info *memory_infos; struct minidump_module *modules; struct minidump_thread *threads; struct minidump_thread_ex *ex_threads; struct minidump_thread_info *thread_infos; struct minidump_unloaded_module *unloaded_modules; if (entry->location.rva + entry->location.data_size > obj->b->length) { eprintf(""[ERROR] Size Mismatch - Stream data is larger than file size!\n""); return false; } switch (entry->stream_type) { case THREAD_LIST_STREAM: thread_list = (struct minidump_thread_list *)(obj->b->buf + entry->location.rva); sdb_set (obj->kv, ""mdmp_thread.format"", ""ddddq?? "" ""ThreadId SuspendCount PriorityClass Priority "" ""Teb (mdmp_memory_descriptor)Stack "" ""(mdmp_location_descriptor)ThreadContext"", 0); sdb_num_set (obj->kv, ""mdmp_thread_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_thread_list.format"", sdb_fmt (""d[%i]? "" ""NumberOfThreads (mdmp_thread)Threads"", thread_list->number_of_threads), 0); for (i = 0; i < thread_list->number_of_threads; i++) { threads = (struct minidump_thread *)(&(thread_list->threads)); r_list_append (obj->streams.threads, &(threads[i])); } break; case MODULE_LIST_STREAM: module_list = (struct minidump_module_list *)(obj->b->buf + entry->location.rva); sdb_set (obj->kv, ""mdmp_module.format"", ""qddtd???qq "" ""BaseOfImage SizeOfImage CheckSum "" ""TimeDateStamp ModuleNameRVA "" ""(mdmp_vs_fixedfileinfo)VersionInfo "" ""(mdmp_location_descriptor)CvRecord "" ""(mdmp_location_descriptor)MiscRecord "" ""Reserved0 Reserved1"", 0); sdb_num_set (obj->kv, ""mdmp_module_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_module_list.format"", sdb_fmt (""d[%i]? "" ""NumberOfModule (mdmp_module)Modules"", module_list->number_of_modules, 0), 0); for (i = 0; i < module_list->number_of_modules; i++) { modules = (struct minidump_module *)(&(module_list->modules)); r_list_append(obj->streams.modules, &(modules[i])); } break; case MEMORY_LIST_STREAM: memory_list = (struct minidump_memory_list *)(obj->b->buf + entry->location.rva); sdb_num_set (obj->kv, ""mdmp_memory_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_memory_list.format"", sdb_fmt (""d[%i]? "" ""NumberOfMemoryRanges "" ""(mdmp_memory_descriptor)MemoryRanges "", memory_list->number_of_memory_ranges, 0), 0); for (i = 0; i < memory_list->number_of_memory_ranges; i++) { memories = (struct minidump_memory_descriptor *)(&(memory_list->memory_ranges)); r_list_append (obj->streams.memories, &(memories[i])); } break; case EXCEPTION_STREAM: obj->streams.exception = (struct minidump_exception_stream *)(obj->b->buf + entry->location.rva); sdb_set (obj->kv, ""mdmp_exception.format"", ""[4]E[4]Eqqdd[15]q "" ""(mdmp_exception_code)ExceptionCode "" ""(mdmp_exception_flags)ExceptionFlags "" ""ExceptionRecord ExceptionAddress "" ""NumberParameters __UnusedAlignment "" ""ExceptionInformation"", 0); sdb_num_set (obj->kv, ""mdmp_exception_stream.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_exception_stream.format"", ""dd?? "" ""ThreadId __Alignment "" ""(mdmp_exception)ExceptionRecord "" ""(mdmp_location_descriptor)ThreadContext"", 0); break; case SYSTEM_INFO_STREAM: obj->streams.system_info = (struct minidump_system_info *)(obj->b->buf + entry->location.rva); sdb_num_set (obj->kv, ""mdmp_system_info.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_system_info.format"", ""[2]EwwbBddd[4]Ed[2]Ew[2]q "" ""(mdmp_processor_architecture)ProcessorArchitecture "" ""ProcessorLevel ProcessorRevision NumberOfProcessors "" ""(mdmp_product_type)ProductType "" ""MajorVersion MinorVersion BuildNumber (mdmp_platform_id)PlatformId "" ""CsdVersionRva (mdmp_suite_mask)SuiteMask Reserved2 ProcessorFeatures"", 0); break; case THREAD_EX_LIST_STREAM: thread_ex_list = (struct minidump_thread_ex_list *)(obj->b->buf + entry->location.rva); sdb_set (obj->kv, ""mdmp_thread_ex.format"", ""ddddq??? "" ""ThreadId SuspendCount PriorityClass Priority "" ""Teb (mdmp_memory_descriptor)Stack "" ""(mdmp_location_descriptor)ThreadContext "" ""(mdmp_memory_descriptor)BackingStore"", 0); sdb_num_set (obj->kv, ""mdmp_thread_ex_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_thread_ex_list.format"", sdb_fmt (""d[%i]? NumberOfThreads "" ""(mdmp_thread_ex)Threads"", thread_ex_list->number_of_threads, 0), 0); for (i = 0; i < thread_ex_list->number_of_threads; i++) { ex_threads = (struct minidump_thread_ex *)(&(thread_ex_list->threads)); r_list_append (obj->streams.ex_threads, &(ex_threads[i])); } break; case MEMORY_64_LIST_STREAM: memory64_list = (struct minidump_memory64_list *)(obj->b->buf + entry->location.rva); sdb_num_set (obj->kv, ""mdmp_memory64_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_memory64_list.format"", sdb_fmt (""qq[%i]? NumberOfMemoryRanges "" ""BaseRva "" ""(mdmp_memory_descriptor64)MemoryRanges"", memory64_list->number_of_memory_ranges), 0); obj->streams.memories64.base_rva = memory64_list->base_rva; for (i = 0; i < memory64_list->number_of_memory_ranges; i++) { memories64 = (struct minidump_memory_descriptor64 *)(&(memory64_list->memory_ranges)); r_list_append (obj->streams.memories64.memories, &(memories64[i])); } break; case COMMENT_STREAM_A: obj->streams.comments_a = obj->b->buf + entry->location.rva; sdb_num_set (obj->kv, ""mdmp_comment_stream_a.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_comment_stream_a.format"", ""s CommentA"", 0); break; case COMMENT_STREAM_W: obj->streams.comments_w = obj->b->buf + entry->location.rva; sdb_num_set (obj->kv, ""mdmp_comment_stream_w.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_comment_stream_w.format"", ""s CommentW"", 0); break; case HANDLE_DATA_STREAM: obj->streams.handle_data = (struct minidump_handle_data_stream *)(obj->b->buf + entry->location.rva); sdb_num_set (obj->kv, ""mdmp_handle_data_stream.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_handle_data_stream.format"", ""dddd "" ""SizeOfHeader SizeOfDescriptor "" ""NumberOfDescriptors Reserved"", 0); break; case FUNCTION_TABLE_STREAM: obj->streams.function_table = (struct minidump_function_table_stream *)(obj->b->buf + entry->location.rva); sdb_num_set (obj->kv, ""mdmp_function_table_stream.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_function_table_stream.format"", ""dddddd "" ""SizeOfHeader SizeOfDescriptor SizeOfNativeDescriptor "" ""SizeOfFunctionEntry NumberOfDescriptors SizeOfAlignPad"", 0); break; case UNLOADED_MODULE_LIST_STREAM: unloaded_module_list = (struct minidump_unloaded_module_list *)(obj->b->buf + entry->location.rva); sdb_set (obj->kv, ""mdmp_unloaded_module.format"", ""qddtd "" ""BaseOfImage SizeOfImage CheckSum TimeDateStamp "" ""ModuleNameRva"", 0); sdb_num_set (obj->kv, ""mdmp_unloaded_module_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_unloaded_module_list.format"", ""ddd "" ""SizeOfHeader SizeOfEntry NumberOfEntries"", 0); for (i = 0; i < unloaded_module_list->number_of_entries; i++) { unloaded_modules = (struct minidump_unloaded_module *)((ut8 *)&unloaded_module_list + sizeof (struct minidump_unloaded_module_list)); r_list_append (obj->streams.unloaded_modules, &(unloaded_modules[i])); } break; case MISC_INFO_STREAM: obj->streams.misc_info.misc_info_1 = (struct minidump_misc_info *)(obj->b->buf + entry->location.rva); sdb_num_set (obj->kv, ""mdmp_misc_info.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_misc_info.format"", ""d[4]Bdtttddddd "" ""SizeOfInfo (mdmp_misc1_flags)Flags1 ProcessId "" ""ProcessCreateTime ProcessUserTime ProcessKernelTime "" ""ProcessorMaxMhz ProcessorCurrentMhz "" ""ProcessorMhzLimit ProcessorMaxIdleState "" ""ProcessorCurrentIdleState"", 0); break; case MEMORY_INFO_LIST_STREAM: memory_info_list = (struct minidump_memory_info_list *)(obj->b->buf + entry->location.rva); sdb_set (obj->kv, ""mdmp_memory_info.format"", ""qq[4]Edq[4]E[4]E[4]Ed BaseAddress AllocationBase "" ""(mdmp_page_protect)AllocationProtect __Alignment1 RegionSize "" ""(mdmp_mem_state)State (mdmp_page_protect)Protect "" ""(mdmp_mem_type)Type __Alignment2"", 0); sdb_num_set (obj->kv, ""mdmp_memory_info_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_memory_info_list.format"", sdb_fmt (""ddq[%i]? SizeOfHeader SizeOfEntry "" ""NumberOfEntries (mdmp_memory_info)MemoryInfo"", memory_info_list->number_of_entries), 0); for (i = 0; i < memory_info_list->number_of_entries; i++) { memory_infos = (struct minidump_memory_info *)((ut8 *)memory_info_list + sizeof (struct minidump_memory_info_list)); r_list_append (obj->streams.memory_infos, &(memory_infos[i])); } break; case THREAD_INFO_LIST_STREAM: thread_info_list = (struct minidump_thread_info_list *)(obj->b->buf + entry->location.rva); sdb_set (obj->kv, ""mdmp_thread_info.format"", ""ddddttttqq "" ""ThreadId DumpFlags DumpError ExitStatus CreateTime "" ""ExitTime KernelTime UserTime StartAddress Affinity"", 0); sdb_num_set (obj->kv, ""mdmp_thread_info_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_thread_info_list.format"", ""ddd "" ""SizeOfHeader SizeOfEntry NumberOfEntries"", 0); for (i = 0; i < thread_info_list->number_of_entries; i++) { thread_infos = (struct minidump_thread_info *)((ut8 *)thread_info_list + sizeof (struct minidump_thread_info_list)); r_list_append (obj->streams.thread_infos, &(thread_infos[i])); } break; case HANDLE_OPERATION_LIST_STREAM: handle_operation_list = (struct minidump_handle_operation_list *)(obj->b->buf + entry->location.rva); sdb_num_set (obj->kv, ""mdmp_handle_operation_list.offset"", entry->location.rva, 0); sdb_set (obj->kv, ""mdmp_handle_operation_list.format"", ""dddd "" ""SizeOfHeader SizeOfEntry NumberOfEntries Reserved"", 0); for (i = 0; i < handle_operation_list->number_of_entries; i++) { handle_operations = (struct avrf_handle_operation *)((ut8 *)handle_operation_list + sizeof (struct minidump_handle_operation_list)); r_list_append (obj->streams.operations, &(handle_operations[i])); } break; case LAST_RESERVED_STREAM: break; case UNUSED_STREAM: case RESERVED_STREAM_0: case RESERVED_STREAM_1: break; default: eprintf (""[WARN] Invalid or unsupported enumeration encountered %i\n"", entry->stream_type); return false; } return true; }",visit repo url,libr/bin/format/mdmp/mdmp.c,https://github.com/radareorg/radare2,83153112481737,1 5565,CWE-125,"static int exists_not_none(PyObject *obj, _Py_Identifier *id) { int isnone; PyObject *attr = _PyObject_GetAttrId(obj, id); if (!attr) { PyErr_Clear(); return 0; } isnone = attr == Py_None; Py_DECREF(attr); return !isnone; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,225503859159888,1 4107,CWE-119,"void Huff_transmit (huff_t *huff, int ch, byte *fout) { int i; if (huff->loc[ch] == NULL) { Huff_transmit(huff, NYT, fout); for (i = 7; i >= 0; i--) { add_bit((char)((ch >> i) & 0x1), fout); } } else { send(huff->loc[ch], NULL, fout); } }",visit repo url,code/qcommon/huffman.c,https://github.com/ioquake/ioq3,226804572368146,1 1320,['CWE-119'],"static void asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len) { ctx->begin = buf; ctx->end = buf + len; ctx->pointer = buf; ctx->error = ASN1_ERR_NOERROR; }",linux-2.6,,,50473821620594827516126309745270134531,0 4985,['CWE-20'],"static struct nfs_client *__nfs_find_client(const struct sockaddr_in *addr, int nfsversion, int match_port) { struct nfs_client *clp; list_for_each_entry(clp, &nfs_client_list, cl_share_link) { if (clp->cl_cons_state < 0) continue; if (clp->cl_nfsversion != nfsversion) continue; if (memcmp(&clp->cl_addr.sin_addr, &addr->sin_addr, sizeof(clp->cl_addr.sin_addr)) != 0) continue; if (!match_port || clp->cl_addr.sin_port == addr->sin_port) goto found; } return NULL; found: atomic_inc(&clp->cl_count); return clp; }",linux-2.6,,,125942698794073313095769788940002263297,0 1903,CWE-416,"int nfc_llcp_send_symm(struct nfc_dev *dev) { struct sk_buff *skb; struct nfc_llcp_local *local; u16 size = 0; local = nfc_llcp_find_local(dev); if (local == NULL) return -ENODEV; size += LLCP_HEADER_SIZE; size += dev->tx_headroom + dev->tx_tailroom + NFC_HEADER_SIZE; skb = alloc_skb(size, GFP_KERNEL); if (skb == NULL) return -ENOMEM; skb_reserve(skb, dev->tx_headroom + NFC_HEADER_SIZE); skb = llcp_add_header(skb, 0, 0, LLCP_PDU_SYMM); __net_timestamp(skb); nfc_llcp_send_to_raw_sock(local, skb, NFC_DIRECTION_TX); return nfc_data_exchange(dev, local->target_idx, skb, nfc_llcp_recv, local); }",visit repo url,net/nfc/llcp_commands.c,https://github.com/torvalds/linux,151565563227246,1 4473,CWE-476,"h2v2_merged_upsample_565_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf, JDIMENSION in_row_group_ctr, JSAMPARRAY output_buf) { my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; register int y, cred, cgreen, cblue; int cb, cr; register JSAMPROW outptr0, outptr1; JSAMPROW inptr00, inptr01, inptr1, inptr2; JDIMENSION col; register JSAMPLE *range_limit = cinfo->sample_range_limit; int *Crrtab = upsample->Cr_r_tab; int *Cbbtab = upsample->Cb_b_tab; JLONG *Crgtab = upsample->Cr_g_tab; JLONG *Cbgtab = upsample->Cb_g_tab; unsigned int r, g, b; JLONG rgb; SHIFT_TEMPS inptr00 = input_buf[0][in_row_group_ctr * 2]; inptr01 = input_buf[0][in_row_group_ctr * 2 + 1]; inptr1 = input_buf[1][in_row_group_ctr]; inptr2 = input_buf[2][in_row_group_ctr]; outptr0 = output_buf[0]; outptr1 = output_buf[1]; for (col = cinfo->output_width >> 1; col > 0; col--) { cb = GETJSAMPLE(*inptr1++); cr = GETJSAMPLE(*inptr2++); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr00++); r = range_limit[y + cred]; g = range_limit[y + cgreen]; b = range_limit[y + cblue]; rgb = PACK_SHORT_565(r, g, b); y = GETJSAMPLE(*inptr00++); r = range_limit[y + cred]; g = range_limit[y + cgreen]; b = range_limit[y + cblue]; rgb = PACK_TWO_PIXELS(rgb, PACK_SHORT_565(r, g, b)); WRITE_TWO_PIXELS(outptr0, rgb); outptr0 += 4; y = GETJSAMPLE(*inptr01++); r = range_limit[y + cred]; g = range_limit[y + cgreen]; b = range_limit[y + cblue]; rgb = PACK_SHORT_565(r, g, b); y = GETJSAMPLE(*inptr01++); r = range_limit[y + cred]; g = range_limit[y + cgreen]; b = range_limit[y + cblue]; rgb = PACK_TWO_PIXELS(rgb, PACK_SHORT_565(r, g, b)); WRITE_TWO_PIXELS(outptr1, rgb); outptr1 += 4; } if (cinfo->output_width & 1) { cb = GETJSAMPLE(*inptr1); cr = GETJSAMPLE(*inptr2); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr00); r = range_limit[y + cred]; g = range_limit[y + cgreen]; b = range_limit[y + cblue]; rgb = PACK_SHORT_565(r, g, b); *(INT16 *)outptr0 = (INT16)rgb; y = GETJSAMPLE(*inptr01); r = range_limit[y + cred]; g = range_limit[y + cgreen]; b = range_limit[y + cblue]; rgb = PACK_SHORT_565(r, g, b); *(INT16 *)outptr1 = (INT16)rgb; } }",visit repo url,jdmrg565.c,https://github.com/libjpeg-turbo/libjpeg-turbo,228430643152937,1 3569,['CWE-20'],"sctp_disposition_t sctp_sf_do_5_1D_ce(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_association *new_asoc; sctp_init_chunk_t *peer_init; struct sctp_chunk *repl; struct sctp_ulpevent *ev, *ai_ev = NULL; int error = 0; struct sctp_chunk *err_chk_p; struct sock *sk; if (ep == sctp_sk((sctp_get_ctl_sock()))->ep) return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); sk = ep->base.sk; if (!sctp_sstate(sk, LISTENING) || (sctp_style(sk, TCP) && sk_acceptq_is_full(sk))) return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data; if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t))) goto nomem; new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error, &err_chk_p); if (!new_asoc) { switch (error) { case -SCTP_IERROR_NOMEM: goto nomem; case -SCTP_IERROR_STALE_COOKIE: sctp_send_stale_cookie_err(ep, asoc, chunk, commands, err_chk_p); return sctp_sf_pdiscard(ep, asoc, type, arg, commands); case -SCTP_IERROR_BAD_SIG: default: return sctp_sf_pdiscard(ep, asoc, type, arg, commands); } } peer_init = &chunk->subh.cookie_hdr->c.peer_init[0]; if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, &chunk->subh.cookie_hdr->c.peer_addr, peer_init, GFP_ATOMIC)) goto nomem_init; error = sctp_auth_asoc_init_active_key(new_asoc, GFP_ATOMIC); if (error) goto nomem_init; if (chunk->auth_chunk) { struct sctp_chunk auth; sctp_ierror_t ret; auth.skb = chunk->auth_chunk; auth.asoc = chunk->asoc; auth.sctp_hdr = chunk->sctp_hdr; auth.chunk_hdr = (sctp_chunkhdr_t *)skb_push(chunk->auth_chunk, sizeof(sctp_chunkhdr_t)); skb_pull(chunk->auth_chunk, sizeof(sctp_chunkhdr_t)); auth.transport = chunk->transport; ret = sctp_sf_authenticate(ep, new_asoc, type, &auth); kfree_skb(chunk->auth_chunk); if (ret != SCTP_IERROR_NO_ERROR) { sctp_association_free(new_asoc); return sctp_sf_pdiscard(ep, asoc, type, arg, commands); } } repl = sctp_make_cookie_ack(new_asoc, chunk); if (!repl) goto nomem_init; ev = sctp_ulpevent_make_assoc_change(new_asoc, 0, SCTP_COMM_UP, 0, new_asoc->c.sinit_num_ostreams, new_asoc->c.sinit_max_instreams, NULL, GFP_ATOMIC); if (!ev) goto nomem_ev; if (new_asoc->peer.adaptation_ind) { ai_ev = sctp_ulpevent_make_adaptation_indication(new_asoc, GFP_ATOMIC); if (!ai_ev) goto nomem_aiev; } sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_ESTABLISHED)); SCTP_INC_STATS(SCTP_MIB_CURRESTAB); SCTP_INC_STATS(SCTP_MIB_PASSIVEESTABS); sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL()); if (new_asoc->autoclose) sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev)); if (ai_ev) sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ai_ev)); return SCTP_DISPOSITION_CONSUME; nomem_aiev: sctp_ulpevent_free(ev); nomem_ev: sctp_chunk_free(repl); nomem_init: sctp_association_free(new_asoc); nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,275324165931705836225315223071499223613,0 1101,CWE-362,"int cipso_v4_req_setattr(struct request_sock *req, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) { int ret_val = -EPERM; unsigned char *buf = NULL; u32 buf_len; u32 opt_len; struct ip_options *opt = NULL; struct inet_request_sock *req_inet; buf_len = CIPSO_V4_OPT_LEN_MAX; buf = kmalloc(buf_len, GFP_ATOMIC); if (buf == NULL) { ret_val = -ENOMEM; goto req_setattr_failure; } ret_val = cipso_v4_genopt(buf, buf_len, doi_def, secattr); if (ret_val < 0) goto req_setattr_failure; buf_len = ret_val; opt_len = (buf_len + 3) & ~3; opt = kzalloc(sizeof(*opt) + opt_len, GFP_ATOMIC); if (opt == NULL) { ret_val = -ENOMEM; goto req_setattr_failure; } memcpy(opt->__data, buf, buf_len); opt->optlen = opt_len; opt->cipso = sizeof(struct iphdr); kfree(buf); buf = NULL; req_inet = inet_rsk(req); opt = xchg(&req_inet->opt, opt); kfree(opt); return 0; req_setattr_failure: kfree(buf); kfree(opt); return ret_val; }",visit repo url,net/ipv4/cipso_ipv4.c,https://github.com/torvalds/linux,153537662880993,1 3860,[],"void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted) { target->cap_effective = *effective; target->cap_inheritable = *inheritable; target->cap_permitted = *permitted; }",linux-2.6,,,105478946399625775996462665600269188341,0 5152,['CWE-20'],"static void enter_pmode(struct kvm_vcpu *vcpu) { unsigned long flags; struct vcpu_vmx *vmx = to_vmx(vcpu); vmx->emulation_required = 1; vcpu->arch.rmode.active = 0; vmcs_writel(GUEST_TR_BASE, vcpu->arch.rmode.tr.base); vmcs_write32(GUEST_TR_LIMIT, vcpu->arch.rmode.tr.limit); vmcs_write32(GUEST_TR_AR_BYTES, vcpu->arch.rmode.tr.ar); flags = vmcs_readl(GUEST_RFLAGS); flags &= ~(X86_EFLAGS_IOPL | X86_EFLAGS_VM); flags |= (vcpu->arch.rmode.save_iopl << IOPL_SHIFT); vmcs_writel(GUEST_RFLAGS, flags); vmcs_writel(GUEST_CR4, (vmcs_readl(GUEST_CR4) & ~X86_CR4_VME) | (vmcs_readl(CR4_READ_SHADOW) & X86_CR4_VME)); update_exception_bitmap(vcpu); if (emulate_invalid_guest_state) return; fix_pmode_dataseg(VCPU_SREG_ES, &vcpu->arch.rmode.es); fix_pmode_dataseg(VCPU_SREG_DS, &vcpu->arch.rmode.ds); fix_pmode_dataseg(VCPU_SREG_GS, &vcpu->arch.rmode.gs); fix_pmode_dataseg(VCPU_SREG_FS, &vcpu->arch.rmode.fs); vmcs_write16(GUEST_SS_SELECTOR, 0); vmcs_write32(GUEST_SS_AR_BYTES, 0x93); vmcs_write16(GUEST_CS_SELECTOR, vmcs_read16(GUEST_CS_SELECTOR) & ~SELECTOR_RPL_MASK); vmcs_write32(GUEST_CS_AR_BYTES, 0x9b); }",linux-2.6,,,210035074010234555089259622414062179808,0 5220,['CWE-264'],"SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl) { SMB_ACL_ENTRY_T entry; if (!the_acl) return NULL; if (SMB_VFS_SYS_ACL_GET_ENTRY(conn, the_acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) { SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl); return NULL; } return the_acl; }",samba,,,89848806466876941114741122899524878556,0 2603,CWE-119,"php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, const char *path, const char *mode, int options, char **opened_path, php_stream_context *context, int redirect_max, int flags STREAMS_DC TSRMLS_DC) { php_stream *stream = NULL; php_url *resource = NULL; int use_ssl; int use_proxy = 0; char *scratch = NULL; char *tmp = NULL; char *ua_str = NULL; zval **ua_zval = NULL, **tmpzval = NULL, *ssl_proxy_peer_name = NULL; int scratch_len = 0; int body = 0; char location[HTTP_HEADER_BLOCK_SIZE]; zval *response_header = NULL; int reqok = 0; char *http_header_line = NULL; char tmp_line[128]; size_t chunk_size = 0, file_size = 0; int eol_detect = 0; char *transport_string, *errstr = NULL; int transport_len, have_header = 0, request_fulluri = 0, ignore_errors = 0; char *protocol_version = NULL; int protocol_version_len = 3; struct timeval timeout; char *user_headers = NULL; int header_init = ((flags & HTTP_WRAPPER_HEADER_INIT) != 0); int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0); int follow_location = 1; php_stream_filter *transfer_encoding = NULL; int response_code; tmp_line[0] = '\0'; if (redirect_max < 1) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""Redirection limit reached, aborting""); return NULL; } resource = php_url_parse(path); if (resource == NULL) { return NULL; } if (strncasecmp(resource->scheme, ""http"", sizeof(""http"")) && strncasecmp(resource->scheme, ""https"", sizeof(""https""))) { if (!context || php_stream_context_get_option(context, wrapper->wops->label, ""proxy"", &tmpzval) == FAILURE || Z_TYPE_PP(tmpzval) != IS_STRING || Z_STRLEN_PP(tmpzval) <= 0) { php_url_free(resource); return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context); } request_fulluri = 1; use_ssl = 0; use_proxy = 1; transport_len = Z_STRLEN_PP(tmpzval); transport_string = estrndup(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval)); } else { if (strpbrk(mode, ""awx+"")) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""HTTP wrapper does not support writeable connections""); php_url_free(resource); return NULL; } use_ssl = resource->scheme && (strlen(resource->scheme) > 4) && resource->scheme[4] == 's'; if (use_ssl && resource->port == 0) resource->port = 443; else if (resource->port == 0) resource->port = 80; if (context && php_stream_context_get_option(context, wrapper->wops->label, ""proxy"", &tmpzval) == SUCCESS && Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) { use_proxy = 1; transport_len = Z_STRLEN_PP(tmpzval); transport_string = estrndup(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval)); } else { transport_len = spprintf(&transport_string, 0, ""%s://%s:%d"", use_ssl ? ""ssl"" : ""tcp"", resource->host, resource->port); } } if (context && php_stream_context_get_option(context, wrapper->wops->label, ""timeout"", &tmpzval) == SUCCESS) { SEPARATE_ZVAL(tmpzval); convert_to_double_ex(tmpzval); timeout.tv_sec = (time_t) Z_DVAL_PP(tmpzval); timeout.tv_usec = (size_t) ((Z_DVAL_PP(tmpzval) - timeout.tv_sec) * 1000000); } else { timeout.tv_sec = FG(default_socket_timeout); timeout.tv_usec = 0; } stream = php_stream_xport_create(transport_string, transport_len, options, STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, NULL, &timeout, context, &errstr, NULL); if (stream) { php_stream_set_option(stream, PHP_STREAM_OPTION_READ_TIMEOUT, 0, &timeout); } if (errstr) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""%s"", errstr); efree(errstr); errstr = NULL; } efree(transport_string); if (stream && use_proxy && use_ssl) { smart_str header = {0}; if (!context || php_stream_context_get_option(context, ""ssl"", ""peer_name"", &tmpzval) == FAILURE) { MAKE_STD_ZVAL(ssl_proxy_peer_name); ZVAL_STRING(ssl_proxy_peer_name, resource->host, 1); php_stream_context_set_option(stream->context, ""ssl"", ""peer_name"", ssl_proxy_peer_name); } smart_str_appendl(&header, ""CONNECT "", sizeof(""CONNECT "")-1); smart_str_appends(&header, resource->host); smart_str_appendc(&header, ':'); smart_str_append_unsigned(&header, resource->port); smart_str_appendl(&header, "" HTTP/1.0\r\n"", sizeof("" HTTP/1.0\r\n"")-1); if (context && php_stream_context_get_option(context, ""http"", ""header"", &tmpzval) == SUCCESS) { char *s, *p; if (Z_TYPE_PP(tmpzval) == IS_ARRAY) { HashPosition pos; zval **tmpheader = NULL; for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(tmpzval), &pos); SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(tmpzval), (void *)&tmpheader, &pos); zend_hash_move_forward_ex(Z_ARRVAL_PP(tmpzval), &pos)) { if (Z_TYPE_PP(tmpheader) == IS_STRING) { s = Z_STRVAL_PP(tmpheader); do { while (*s == ' ' || *s == '\t') s++; p = s; while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++; if (*p == ':') { p++; if (p - s == sizeof(""Proxy-Authorization:"") - 1 && zend_binary_strcasecmp(s, sizeof(""Proxy-Authorization:"") - 1, ""Proxy-Authorization:"", sizeof(""Proxy-Authorization:"") - 1) == 0) { while (*p != 0 && *p != '\r' && *p !='\n') p++; smart_str_appendl(&header, s, p - s); smart_str_appendl(&header, ""\r\n"", sizeof(""\r\n"")-1); goto finish; } else { while (*p != 0 && *p != '\r' && *p !='\n') p++; } } s = p; while (*s == '\r' || *s == '\n') s++; } while (*s != 0); } } } else if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval)) { s = Z_STRVAL_PP(tmpzval); do { while (*s == ' ' || *s == '\t') s++; p = s; while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++; if (*p == ':') { p++; if (p - s == sizeof(""Proxy-Authorization:"") - 1 && zend_binary_strcasecmp(s, sizeof(""Proxy-Authorization:"") - 1, ""Proxy-Authorization:"", sizeof(""Proxy-Authorization:"") - 1) == 0) { while (*p != 0 && *p != '\r' && *p !='\n') p++; smart_str_appendl(&header, s, p - s); smart_str_appendl(&header, ""\r\n"", sizeof(""\r\n"")-1); goto finish; } else { while (*p != 0 && *p != '\r' && *p !='\n') p++; } } s = p; while (*s == '\r' || *s == '\n') s++; } while (*s != 0); } } finish: smart_str_appendl(&header, ""\r\n"", sizeof(""\r\n"")-1); if (php_stream_write(stream, header.c, header.len) != header.len) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""Cannot connect to HTTPS server through proxy""); php_stream_close(stream); stream = NULL; } smart_str_free(&header); if (stream) { char header_line[HTTP_HEADER_BLOCK_SIZE]; while (php_stream_gets(stream, header_line, HTTP_HEADER_BLOCK_SIZE-1) != NULL) { if (header_line[0] == '\n' || header_line[0] == '\r' || header_line[0] == '\0') { break; } } } if (stream) { if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL TSRMLS_CC) < 0 || php_stream_xport_crypto_enable(stream, 1 TSRMLS_CC) < 0) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""Cannot connect to HTTPS server through proxy""); php_stream_close(stream); stream = NULL; } } } if (stream == NULL) goto out; if (options & STREAM_WILL_CAST) chunk_size = php_stream_set_chunk_size(stream, 1); eol_detect = stream->flags & (PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC); stream->flags &= ~(PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC); php_stream_context_set(stream, context); php_stream_notify_info(context, PHP_STREAM_NOTIFY_CONNECT, NULL, 0); if (header_init && context && php_stream_context_get_option(context, ""http"", ""max_redirects"", &tmpzval) == SUCCESS) { SEPARATE_ZVAL(tmpzval); convert_to_long_ex(tmpzval); redirect_max = Z_LVAL_PP(tmpzval); } if (context && php_stream_context_get_option(context, ""http"", ""method"", &tmpzval) == SUCCESS) { if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) { if (!redirected || (Z_STRLEN_PP(tmpzval) == 3 && memcmp(""GET"", Z_STRVAL_PP(tmpzval), 3) == 0) || (Z_STRLEN_PP(tmpzval) == 4 && memcmp(""HEAD"",Z_STRVAL_PP(tmpzval), 4) == 0) ) { scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); scratch = emalloc(scratch_len); strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); strncat(scratch, "" "", 1); } } } if (context && php_stream_context_get_option(context, ""http"", ""protocol_version"", &tmpzval) == SUCCESS) { SEPARATE_ZVAL(tmpzval); convert_to_double_ex(tmpzval); protocol_version_len = spprintf(&protocol_version, 0, ""%.1F"", Z_DVAL_PP(tmpzval)); } if (!scratch) { scratch_len = strlen(path) + 29 + protocol_version_len; scratch = emalloc(scratch_len); strncpy(scratch, ""GET "", scratch_len); } if (!request_fulluri && context && php_stream_context_get_option(context, ""http"", ""request_fulluri"", &tmpzval) == SUCCESS) { zval ztmp = **tmpzval; zval_copy_ctor(&ztmp); convert_to_boolean(&ztmp); request_fulluri = Z_BVAL(ztmp) ? 1 : 0; zval_dtor(&ztmp); } if (request_fulluri) { strcat(scratch, path); } else { if (resource->path && *resource->path) { strlcat(scratch, resource->path, scratch_len); } else { strlcat(scratch, ""/"", scratch_len); } if (resource->query) { strlcat(scratch, ""?"", scratch_len); strlcat(scratch, resource->query, scratch_len); } } if (protocol_version) { strlcat(scratch, "" HTTP/"", scratch_len); strlcat(scratch, protocol_version, scratch_len); strlcat(scratch, ""\r\n"", scratch_len); } else { strlcat(scratch, "" HTTP/1.0\r\n"", scratch_len); } php_stream_write(stream, scratch, strlen(scratch)); if (context && php_stream_context_get_option(context, ""http"", ""header"", &tmpzval) == SUCCESS) { tmp = NULL; if (Z_TYPE_PP(tmpzval) == IS_ARRAY) { HashPosition pos; zval **tmpheader = NULL; smart_str tmpstr = {0}; for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(tmpzval), &pos); SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(tmpzval), (void *)&tmpheader, &pos); zend_hash_move_forward_ex(Z_ARRVAL_PP(tmpzval), &pos) ) { if (Z_TYPE_PP(tmpheader) == IS_STRING) { smart_str_appendl(&tmpstr, Z_STRVAL_PP(tmpheader), Z_STRLEN_PP(tmpheader)); smart_str_appendl(&tmpstr, ""\r\n"", sizeof(""\r\n"") - 1); } } smart_str_0(&tmpstr); if (tmpstr.c) { tmp = php_trim(tmpstr.c, strlen(tmpstr.c), NULL, 0, NULL, 3 TSRMLS_CC); smart_str_free(&tmpstr); } } if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval)) { tmp = php_trim(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval), NULL, 0, NULL, 3 TSRMLS_CC); } if (tmp && strlen(tmp) > 0) { char *s; user_headers = estrdup(tmp); php_strtolower(tmp, strlen(tmp)); if (!header_init) { strip_header(user_headers, tmp, ""content-length:""); strip_header(user_headers, tmp, ""content-type:""); } if ((s = strstr(tmp, ""user-agent:"")) && (s == tmp || *(s-1) == '\r' || *(s-1) == '\n' || *(s-1) == '\t' || *(s-1) == ' ')) { have_header |= HTTP_HEADER_USER_AGENT; } if ((s = strstr(tmp, ""host:"")) && (s == tmp || *(s-1) == '\r' || *(s-1) == '\n' || *(s-1) == '\t' || *(s-1) == ' ')) { have_header |= HTTP_HEADER_HOST; } if ((s = strstr(tmp, ""from:"")) && (s == tmp || *(s-1) == '\r' || *(s-1) == '\n' || *(s-1) == '\t' || *(s-1) == ' ')) { have_header |= HTTP_HEADER_FROM; } if ((s = strstr(tmp, ""authorization:"")) && (s == tmp || *(s-1) == '\r' || *(s-1) == '\n' || *(s-1) == '\t' || *(s-1) == ' ')) { have_header |= HTTP_HEADER_AUTH; } if ((s = strstr(tmp, ""content-length:"")) && (s == tmp || *(s-1) == '\r' || *(s-1) == '\n' || *(s-1) == '\t' || *(s-1) == ' ')) { have_header |= HTTP_HEADER_CONTENT_LENGTH; } if ((s = strstr(tmp, ""content-type:"")) && (s == tmp || *(s-1) == '\r' || *(s-1) == '\n' || *(s-1) == '\t' || *(s-1) == ' ')) { have_header |= HTTP_HEADER_TYPE; } if ((s = strstr(tmp, ""connection:"")) && (s == tmp || *(s-1) == '\r' || *(s-1) == '\n' || *(s-1) == '\t' || *(s-1) == ' ')) { have_header |= HTTP_HEADER_CONNECTION; } if (use_proxy && use_ssl && (s = strstr(tmp, ""proxy-authorization:"")) && (s == tmp || *(s-1) == '\r' || *(s-1) == '\n' || *(s-1) == '\t' || *(s-1) == ' ')) { char *p = s + sizeof(""proxy-authorization:"") - 1; while (s > tmp && (*(s-1) == ' ' || *(s-1) == '\t')) s--; while (*p != 0 && *p != '\r' && *p != '\n') p++; while (*p == '\r' || *p == '\n') p++; if (*p == 0) { if (s == tmp) { efree(user_headers); user_headers = NULL; } else { while (s > tmp && (*(s-1) == '\r' || *(s-1) == '\n')) s--; user_headers[s - tmp] = 0; } } else { memmove(user_headers + (s - tmp), user_headers + (p - tmp), strlen(p) + 1); } } } if (tmp) { efree(tmp); } } if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) { php_url_decode(resource->user, strlen(resource->user)); strcpy(scratch, resource->user); strcat(scratch, "":""); if (resource->pass) { php_url_decode(resource->pass, strlen(resource->pass)); strcat(scratch, resource->pass); } tmp = (char*)php_base64_encode((unsigned char*)scratch, strlen(scratch), NULL); if (snprintf(scratch, scratch_len, ""Authorization: Basic %s\r\n"", tmp) > 0) { php_stream_write(stream, scratch, strlen(scratch)); php_stream_notify_info(context, PHP_STREAM_NOTIFY_AUTH_REQUIRED, NULL, 0); } efree(tmp); tmp = NULL; } if (((have_header & HTTP_HEADER_FROM) == 0) && FG(from_address)) { if (snprintf(scratch, scratch_len, ""From: %s\r\n"", FG(from_address)) > 0) php_stream_write(stream, scratch, strlen(scratch)); } if ((have_header & HTTP_HEADER_HOST) == 0) { if ((use_ssl && resource->port != 443 && resource->port != 0) || (!use_ssl && resource->port != 80 && resource->port != 0)) { if (snprintf(scratch, scratch_len, ""Host: %s:%i\r\n"", resource->host, resource->port) > 0) php_stream_write(stream, scratch, strlen(scratch)); } else { if (snprintf(scratch, scratch_len, ""Host: %s\r\n"", resource->host) > 0) { php_stream_write(stream, scratch, strlen(scratch)); } } } if ((have_header & HTTP_HEADER_CONNECTION) == 0) { php_stream_write_string(stream, ""Connection: close\r\n""); } if (context && php_stream_context_get_option(context, ""http"", ""user_agent"", &ua_zval) == SUCCESS && Z_TYPE_PP(ua_zval) == IS_STRING) { ua_str = Z_STRVAL_PP(ua_zval); } else if (FG(user_agent)) { ua_str = FG(user_agent); } if (((have_header & HTTP_HEADER_USER_AGENT) == 0) && ua_str) { #define _UA_HEADER ""User-Agent: %s\r\n"" char *ua; size_t ua_len; ua_len = sizeof(_UA_HEADER) + strlen(ua_str); if (ua_len > sizeof(_UA_HEADER)) { ua = emalloc(ua_len + 1); if ((ua_len = slprintf(ua, ua_len, _UA_HEADER, ua_str)) > 0) { ua[ua_len] = 0; php_stream_write(stream, ua, ua_len); } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Cannot construct User-agent header""); } if (ua) { efree(ua); } } } if (user_headers) { if ( header_init && context && !(have_header & HTTP_HEADER_CONTENT_LENGTH) && php_stream_context_get_option(context, ""http"", ""content"", &tmpzval) == SUCCESS && Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0 ) { scratch_len = slprintf(scratch, scratch_len, ""Content-Length: %d\r\n"", Z_STRLEN_PP(tmpzval)); php_stream_write(stream, scratch, scratch_len); have_header |= HTTP_HEADER_CONTENT_LENGTH; } php_stream_write(stream, user_headers, strlen(user_headers)); php_stream_write(stream, ""\r\n"", sizeof(""\r\n"")-1); efree(user_headers); } if (header_init && context && php_stream_context_get_option(context, ""http"", ""content"", &tmpzval) == SUCCESS && Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) { if (!(have_header & HTTP_HEADER_CONTENT_LENGTH)) { scratch_len = slprintf(scratch, scratch_len, ""Content-Length: %d\r\n"", Z_STRLEN_PP(tmpzval)); php_stream_write(stream, scratch, scratch_len); } if (!(have_header & HTTP_HEADER_TYPE)) { php_stream_write(stream, ""Content-Type: application/x-www-form-urlencoded\r\n"", sizeof(""Content-Type: application/x-www-form-urlencoded\r\n"") - 1); php_error_docref(NULL TSRMLS_CC, E_NOTICE, ""Content-type not specified assuming application/x-www-form-urlencoded""); } php_stream_write(stream, ""\r\n"", sizeof(""\r\n"")-1); php_stream_write(stream, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval)); } else { php_stream_write(stream, ""\r\n"", sizeof(""\r\n"")-1); } location[0] = '\0'; if (!EG(active_symbol_table)) { zend_rebuild_symbol_table(TSRMLS_C); } if (header_init) { zval *ztmp; MAKE_STD_ZVAL(ztmp); array_init(ztmp); ZEND_SET_SYMBOL(EG(active_symbol_table), ""http_response_header"", ztmp); } { zval **rh; if(zend_hash_find(EG(active_symbol_table), ""http_response_header"", sizeof(""http_response_header""), (void **) &rh) != SUCCESS || Z_TYPE_PP(rh) != IS_ARRAY) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""HTTP request failed, http_response_header overwritten""); goto out; } response_header = *rh; Z_ADDREF_P(response_header); } if (!php_stream_eof(stream)) { size_t tmp_line_len; if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) { zval *http_response; if (tmp_line_len > 9) { response_code = atoi(tmp_line + 9); } else { response_code = 0; } if (context && SUCCESS==php_stream_context_get_option(context, ""http"", ""ignore_errors"", &tmpzval)) { ignore_errors = zend_is_true(*tmpzval); } if ((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) { reqok = 1; } if (response_code >= 100 && response_code < 200) { while ( !php_stream_eof(stream) && php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL && ( tmp_line_len < sizeof(""HTTP/1"") - 1 || strncasecmp(tmp_line, ""HTTP/1"", sizeof(""HTTP/1"") - 1) ) ); if (tmp_line_len > 9) { response_code = atoi(tmp_line + 9); } else { response_code = 0; } } if (response_code >= 200 && response_code < 400) { reqok = 1; } else { switch(response_code) { case 403: php_stream_notify_error(context, PHP_STREAM_NOTIFY_AUTH_RESULT, tmp_line, response_code); break; default: if (!tmp_line_len) { tmp_line[0] = '\0'; } php_stream_notify_error(context, PHP_STREAM_NOTIFY_FAILURE, tmp_line, response_code); } } if (tmp_line[tmp_line_len - 1] == '\n') { --tmp_line_len; if (tmp_line[tmp_line_len - 1] == '\r') { --tmp_line_len; } } MAKE_STD_ZVAL(http_response); ZVAL_STRINGL(http_response, tmp_line, tmp_line_len, 1); zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_response, sizeof(zval *), NULL); } } else { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""HTTP request failed, unexpected end of socket!""); goto out; } http_header_line = emalloc(HTTP_HEADER_BLOCK_SIZE); while (!body && !php_stream_eof(stream)) { size_t http_header_line_length; if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') { char *e = http_header_line + http_header_line_length - 1; if (*e != '\n') { do { if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) == NULL) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""Failed to read HTTP headers""); goto out; } e = http_header_line + http_header_line_length - 1; } while (*e != '\n'); continue; } while (*e == '\n' || *e == '\r') { e--; } http_header_line_length = e - http_header_line + 1; http_header_line[http_header_line_length] = '\0'; if (!strncasecmp(http_header_line, ""Location: "", 10)) { if (context && php_stream_context_get_option(context, ""http"", ""follow_location"", &tmpzval) == SUCCESS) { SEPARATE_ZVAL(tmpzval); convert_to_long_ex(tmpzval); follow_location = Z_LVAL_PP(tmpzval); } else if (!(response_code >= 300 && response_code < 304 || 307 == response_code || 308 == response_code)) { follow_location = 0; } strlcpy(location, http_header_line + 10, sizeof(location)); } else if (!strncasecmp(http_header_line, ""Content-Type: "", 14)) { php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, http_header_line + 14, 0); } else if (!strncasecmp(http_header_line, ""Content-Length: "", 16)) { file_size = atoi(http_header_line + 16); php_stream_notify_file_size(context, file_size, http_header_line, 0); } else if (!strncasecmp(http_header_line, ""Transfer-Encoding: chunked"", sizeof(""Transfer-Encoding: chunked""))) { if (!(options & STREAM_ONLY_GET_HEADERS)) { long decode = 1; if (context && php_stream_context_get_option(context, ""http"", ""auto_decode"", &tmpzval) == SUCCESS) { SEPARATE_ZVAL(tmpzval); convert_to_boolean(*tmpzval); decode = Z_LVAL_PP(tmpzval); } if (decode) { transfer_encoding = php_stream_filter_create(""dechunk"", NULL, php_stream_is_persistent(stream) TSRMLS_CC); if (transfer_encoding) { continue; } } } } if (http_header_line[0] == '\0') { body = 1; } else { zval *http_header; MAKE_STD_ZVAL(http_header); ZVAL_STRINGL(http_header, http_header_line, http_header_line_length, 1); zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_header, sizeof(zval *), NULL); } } else { break; } } if (!reqok || (location[0] != '\0' && follow_location)) { if (!follow_location || (((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) && redirect_max <= 1)) { goto out; } if (location[0] != '\0') php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, location, 0); php_stream_close(stream); stream = NULL; if (location[0] != '\0') { char new_path[HTTP_HEADER_BLOCK_SIZE]; char loc_path[HTTP_HEADER_BLOCK_SIZE]; *new_path='\0'; if (strlen(location)<8 || (strncasecmp(location, ""http://"", sizeof(""http://"")-1) && strncasecmp(location, ""https://"", sizeof(""https://"")-1) && strncasecmp(location, ""ftp://"", sizeof(""ftp://"")-1) && strncasecmp(location, ""ftps://"", sizeof(""ftps://"")-1))) { if (*location != '/') { if (*(location+1) != '\0' && resource->path) { char *s = strrchr(resource->path, '/'); if (!s) { s = resource->path; if (!s[0]) { efree(s); s = resource->path = estrdup(""/""); } else { *s = '/'; } } s[1] = '\0'; if (resource->path && *(resource->path) == '/' && *(resource->path + 1) == '\0') { snprintf(loc_path, sizeof(loc_path) - 1, ""%s%s"", resource->path, location); } else { snprintf(loc_path, sizeof(loc_path) - 1, ""%s/%s"", resource->path, location); } } else { snprintf(loc_path, sizeof(loc_path) - 1, ""/%s"", location); } } else { strlcpy(loc_path, location, sizeof(loc_path)); } if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) { snprintf(new_path, sizeof(new_path) - 1, ""%s://%s:%d%s"", resource->scheme, resource->host, resource->port, loc_path); } else { snprintf(new_path, sizeof(new_path) - 1, ""%s://%s%s"", resource->scheme, resource->host, loc_path); } } else { strlcpy(new_path, location, sizeof(new_path)); } php_url_free(resource); if ((resource = php_url_parse(new_path)) == NULL) { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""Invalid redirect URL! %s"", new_path); goto out; } #define CHECK_FOR_CNTRL_CHARS(val) { \ if (val) { \ unsigned char *s, *e; \ int l; \ l = php_url_decode(val, strlen(val)); \ s = (unsigned char*)val; e = s + l; \ while (s < e) { \ if (iscntrl(*s)) { \ php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""Invalid redirect URL! %s"", new_path); \ goto out; \ } \ s++; \ } \ } \ } if (strncasecmp(new_path, ""http://"", sizeof(""http://"") - 1) || strncasecmp(new_path, ""https://"", sizeof(""https://"") - 1)) { CHECK_FOR_CNTRL_CHARS(resource->user) CHECK_FOR_CNTRL_CHARS(resource->pass) CHECK_FOR_CNTRL_CHARS(resource->path) } stream = php_stream_url_wrap_http_ex(wrapper, new_path, mode, options, opened_path, context, --redirect_max, HTTP_WRAPPER_REDIRECTED STREAMS_CC TSRMLS_CC); } else { php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, ""HTTP request failed! %s"", tmp_line); } } out: if (protocol_version) { efree(protocol_version); } if (http_header_line) { efree(http_header_line); } if (scratch) { efree(scratch); } if (resource) { php_url_free(resource); } if (stream) { if (header_init) { stream->wrapperdata = response_header; } else { if(response_header) { Z_DELREF_P(response_header); } } php_stream_notify_progress_init(context, 0, file_size); if (options & STREAM_WILL_CAST) php_stream_set_chunk_size(stream, chunk_size); stream->flags |= eol_detect; stream->position = 0; strlcpy(stream->mode, mode, sizeof(stream->mode)); if (transfer_encoding) { php_stream_filter_append(&stream->readfilters, transfer_encoding); } } else { if(response_header) { Z_DELREF_P(response_header); } if (transfer_encoding) { php_stream_filter_free(transfer_encoding TSRMLS_CC); } } return stream; }",visit repo url,ext/standard/http_fopen_wrapper.c,https://github.com/php/php-src,206138386331480,1 5986,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedreader_14BufferedReader_6read_one(struct __pyx_obj_17clickhouse_driver_14bufferedreader_BufferedReader *__pyx_v_self) { unsigned char __pyx_v_rv; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations int __pyx_t_1; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; int __pyx_t_5; __Pyx_RefNannySetupContext(""read_one"", 0); __pyx_t_1 = ((__pyx_v_self->position == __pyx_v_self->current_buffer_size) != 0); if (__pyx_t_1) { __pyx_t_3 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_read_into_buffer); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 55, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_3))) { __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_3); if (likely(__pyx_t_4)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3); __Pyx_INCREF(__pyx_t_4); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_3, function); } } __pyx_t_2 = (__pyx_t_4) ? __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4) : __Pyx_PyObject_CallNoArg(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0; if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 55, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_v_self->position = 0; } __pyx_t_5 = __Pyx_GetItemInt_ByteArray(__pyx_v_self->buffer, __pyx_v_self->position, Py_ssize_t, 1, PyInt_FromSsize_t, 0, 1, 1); if (unlikely(__pyx_t_5 == -1)) __PYX_ERR(0, 58, __pyx_L1_error) __pyx_v_rv = __pyx_t_5; __pyx_v_self->position = (__pyx_v_self->position + 1); __Pyx_XDECREF(__pyx_r); __pyx_t_2 = __Pyx_PyInt_From_unsigned_char(__pyx_v_rv); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 60, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_r = __pyx_t_2; __pyx_t_2 = 0; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.BufferedReader.read_one"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,204237119575761,1 5606,[],"int get_signal_to_deliver(siginfo_t *info, struct k_sigaction *return_ka, struct pt_regs *regs, void *cookie) { struct sighand_struct *sighand = current->sighand; struct signal_struct *signal = current->signal; int signr; relock: try_to_freeze(); spin_lock_irq(&sighand->siglock); if (unlikely(signal->flags & SIGNAL_CLD_MASK)) { int why = (signal->flags & SIGNAL_STOP_CONTINUED) ? CLD_CONTINUED : CLD_STOPPED; signal->flags &= ~SIGNAL_CLD_MASK; spin_unlock_irq(&sighand->siglock); if (unlikely(!tracehook_notify_jctl(1, why))) goto relock; read_lock(&tasklist_lock); do_notify_parent_cldstop(current->group_leader, why); read_unlock(&tasklist_lock); goto relock; } for (;;) { struct k_sigaction *ka; if (unlikely(signal->group_stop_count > 0) && do_signal_stop(0)) goto relock; signr = tracehook_get_signal(current, regs, info, return_ka); if (unlikely(signr < 0)) goto relock; if (unlikely(signr != 0)) ka = return_ka; else { signr = dequeue_signal(current, ¤t->blocked, info); if (!signr) break; if (signr != SIGKILL) { signr = ptrace_signal(signr, info, regs, cookie); if (!signr) continue; } ka = &sighand->action[signr-1]; } if (ka->sa.sa_handler == SIG_IGN) continue; if (ka->sa.sa_handler != SIG_DFL) { *return_ka = *ka; if (ka->sa.sa_flags & SA_ONESHOT) ka->sa.sa_handler = SIG_DFL; break; } if (sig_kernel_ignore(signr)) continue; if (unlikely(signal->flags & SIGNAL_UNKILLABLE) && !sig_kernel_only(signr)) continue; if (sig_kernel_stop(signr)) { if (signr != SIGSTOP) { spin_unlock_irq(&sighand->siglock); if (is_current_pgrp_orphaned()) goto relock; spin_lock_irq(&sighand->siglock); } if (likely(do_signal_stop(info->si_signo))) { goto relock; } continue; } spin_unlock_irq(&sighand->siglock); current->flags |= PF_SIGNALED; if (sig_kernel_coredump(signr)) { if (print_fatal_signals) print_fatal_signal(regs, info->si_signo); do_coredump(info->si_signo, info->si_signo, regs); } do_group_exit(info->si_signo); } spin_unlock_irq(&sighand->siglock); return signr; }",linux-2.6,,,184542328223664222600552877366545166997,0 3800,CWE-416,"compile_def_function( ufunc_T *ufunc, int check_return_type, compiletype_T compile_type, cctx_T *outer_cctx) { char_u *line = NULL; char_u *line_to_free = NULL; char_u *p; char *errormsg = NULL; cctx_T cctx; garray_T *instr; int did_emsg_before = did_emsg; int did_emsg_silent_before = did_emsg_silent; int ret = FAIL; sctx_T save_current_sctx = current_sctx; int save_estack_compiling = estack_compiling; int save_cmod_flags = cmdmod.cmod_flags; int do_estack_push; int new_def_function = FALSE; #ifdef FEAT_PROFILE int prof_lnum = -1; #endif int debug_lnum = -1; if (ufunc->uf_dfunc_idx > 0) { dfunc_T *dfunc = ((dfunc_T *)def_functions.ga_data) + ufunc->uf_dfunc_idx; isn_T *instr_dest = NULL; switch (compile_type) { case CT_PROFILE: #ifdef FEAT_PROFILE instr_dest = dfunc->df_instr_prof; break; #endif case CT_NONE: instr_dest = dfunc->df_instr; break; case CT_DEBUG: instr_dest = dfunc->df_instr_debug; break; } if (instr_dest != NULL) delete_def_function_contents(dfunc, FALSE); ga_clear_strings(&dfunc->df_var_names); } else { if (add_def_function(ufunc) == FAIL) return FAIL; new_def_function = TRUE; } ufunc->uf_def_status = UF_COMPILING; CLEAR_FIELD(cctx); cctx.ctx_compile_type = compile_type; cctx.ctx_ufunc = ufunc; cctx.ctx_lnum = -1; cctx.ctx_outer = outer_cctx; ga_init2(&cctx.ctx_locals, sizeof(lvar_T), 10); ga_init2(&cctx.ctx_type_stack, sizeof(type2_T), 50); ga_init2(&cctx.ctx_imports, sizeof(imported_T), 10); cctx.ctx_type_list = &ufunc->uf_type_list; ga_init2(&cctx.ctx_instr, sizeof(isn_T), 50); instr = &cctx.ctx_instr; current_sctx = ufunc->uf_script_ctx; current_sctx.sc_version = SCRIPT_VERSION_VIM9; cmdmod.cmod_flags &= ~CMOD_LEGACY; do_estack_push = !estack_top_is_ufunc(ufunc, 1); if (do_estack_push) estack_push_ufunc(ufunc, 1); estack_compiling = TRUE; if (check_args_shadowing(ufunc, &cctx) == FAIL) goto erret; if (ufunc->uf_def_args.ga_len > 0) { int count = ufunc->uf_def_args.ga_len; int first_def_arg = ufunc->uf_args.ga_len - count; int i; char_u *arg; int off = STACK_FRAME_SIZE + (ufunc->uf_va_name != NULL ? 1 : 0); int did_set_arg_type = FALSE; SOURCING_LNUM = 0; for (i = 0; i < count; ++i) { type_T *val_type; int arg_idx = first_def_arg + i; where_T where = WHERE_INIT; int r; int jump_instr_idx = instr->ga_len; isn_T *isn; if (generate_JUMP_IF_ARG_SET(&cctx, i - count - off) == FAIL) goto erret; ufunc->uf_args_visible = arg_idx; arg = ((char_u **)(ufunc->uf_def_args.ga_data))[i]; r = compile_expr0(&arg, &cctx); if (r == FAIL) goto erret; val_type = get_type_on_stack(&cctx, 0); where.wt_index = arg_idx + 1; if (ufunc->uf_arg_types[arg_idx] == &t_unknown) { did_set_arg_type = TRUE; ufunc->uf_arg_types[arg_idx] = val_type; } else if (need_type_where(val_type, ufunc->uf_arg_types[arg_idx], -1, where, &cctx, FALSE, FALSE) == FAIL) goto erret; if (generate_STORE(&cctx, ISN_STORE, i - count - off, NULL) == FAIL) goto erret; isn = ((isn_T *)instr->ga_data) + jump_instr_idx; isn->isn_arg.jumparg.jump_where = instr->ga_len; } if (did_set_arg_type) set_function_type(ufunc); } ufunc->uf_args_visible = ufunc->uf_args.ga_len; for (;;) { exarg_T ea; int starts_with_colon = FALSE; char_u *cmd; cmdmod_T local_cmdmod; if (did_emsg_before != did_emsg) goto erret; if (line != NULL && *line == '|') ++line; else if (line != NULL && *skipwhite(line) != NUL && !(*line == '#' && (line == cctx.ctx_line_start || VIM_ISWHITE(line[-1])))) { semsg(_(e_trailing_characters_str), line); goto erret; } else if (line != NULL && vim9_bad_comment(skipwhite(line))) goto erret; else { line = next_line_from_context(&cctx, FALSE); if (cctx.ctx_lnum >= ufunc->uf_lines.ga_len) { #ifdef FEAT_PROFILE if (cctx.ctx_skip != SKIP_YES) may_generate_prof_end(&cctx, prof_lnum); #endif break; } if (line != NULL) { line = vim_strsave(line); vim_free(line_to_free); line_to_free = line; } } CLEAR_FIELD(ea); ea.cmdlinep = &line; ea.cmd = skipwhite(line); if (*ea.cmd == '#') { line = (char_u *)""""; continue; } #ifdef FEAT_PROFILE if (cctx.ctx_compile_type == CT_PROFILE && cctx.ctx_lnum != prof_lnum && cctx.ctx_skip != SKIP_YES) { may_generate_prof_end(&cctx, prof_lnum); prof_lnum = cctx.ctx_lnum; generate_instr(&cctx, ISN_PROF_START); } #endif if (cctx.ctx_compile_type == CT_DEBUG && cctx.ctx_lnum != debug_lnum && cctx.ctx_skip != SKIP_YES) { debug_lnum = cctx.ctx_lnum; generate_instr_debug(&cctx); } cctx.ctx_prev_lnum = cctx.ctx_lnum + 1; switch (*ea.cmd) { case '}': { scopetype_T stype = cctx.ctx_scope == NULL ? NO_SCOPE : cctx.ctx_scope->se_type; if (stype == BLOCK_SCOPE) { compile_endblock(&cctx); line = ea.cmd; } else { emsg(_(e_using_rcurly_outside_if_block_scope)); goto erret; } if (line != NULL) line = skipwhite(ea.cmd + 1); continue; } case '{': if (ends_excmd(*skipwhite(ea.cmd + 1))) { line = compile_block(ea.cmd, &cctx); continue; } break; } cctx.ctx_has_cmdmod = FALSE; if (parse_command_modifiers(&ea, &errormsg, &local_cmdmod, FALSE) == FAIL) { if (errormsg != NULL) goto erret; line = (char_u *)""""; continue; } generate_cmdmods(&cctx, &local_cmdmod); undo_cmdmod(&local_cmdmod); for (p = ea.cmd; p >= line; --p) { if (*p == ':') starts_with_colon = TRUE; if (p < ea.cmd && !VIM_ISWHITE(*p)) break; } p = ea.cmd; if (!(local_cmdmod.cmod_flags & CMOD_LEGACY)) { if (checkforcmd(&ea.cmd, ""call"", 3)) { if (*ea.cmd == '(') ea.cmd = p; else ea.cmd = skipwhite(ea.cmd); } if (!starts_with_colon) { int assign; assign = may_compile_assignment(&ea, &line, &cctx); if (assign == OK) goto nextline; if (assign == FAIL) goto erret; } } cmd = ea.cmd; if ((*cmd != '$' || starts_with_colon) && (starts_with_colon || !(*cmd == '\'' || (cmd[0] != NUL && cmd[0] == cmd[1] && (*cmd == '+' || *cmd == '-'))))) { ea.cmd = skip_range(ea.cmd, TRUE, NULL); if (ea.cmd > cmd) { if (!starts_with_colon && !(local_cmdmod.cmod_flags & CMOD_LEGACY)) { semsg(_(e_colon_required_before_range_str), cmd); goto erret; } ea.addr_count = 1; if (ends_excmd2(line, ea.cmd)) { generate_EXEC(&cctx, ISN_EXECRANGE, vim_strnsave(cmd, ea.cmd - cmd)); line = ea.cmd; goto nextline; } } } p = find_ex_command(&ea, NULL, starts_with_colon || (local_cmdmod.cmod_flags & CMOD_LEGACY) ? NULL : item_exists, &cctx); if (p == NULL) { if (cctx.ctx_skip != SKIP_YES) emsg(_(e_ambiguous_use_of_user_defined_command)); goto erret; } if (local_cmdmod.cmod_flags & CMOD_LEGACY) { char_u *start = ea.cmd; switch (ea.cmdidx) { case CMD_if: case CMD_elseif: case CMD_else: case CMD_endif: case CMD_for: case CMD_endfor: case CMD_continue: case CMD_break: case CMD_while: case CMD_endwhile: case CMD_try: case CMD_catch: case CMD_finally: case CMD_endtry: semsg(_(e_cannot_use_legacy_with_command_str), ea.cmd); goto erret; default: break; } if (checkforcmd(&start, ""return"", 4)) ea.cmdidx = CMD_return; else ea.cmdidx = CMD_legacy; } if (p == ea.cmd && ea.cmdidx != CMD_SIZE) { if (cctx.ctx_skip == SKIP_YES && ea.cmdidx != CMD_eval) { line += STRLEN(line); goto nextline; } else if (ea.cmdidx != CMD_eval) { semsg(_(e_command_not_recognized_str), ea.cmd); goto erret; } } if (cctx.ctx_had_return && ea.cmdidx != CMD_elseif && ea.cmdidx != CMD_else && ea.cmdidx != CMD_endif && ea.cmdidx != CMD_endfor && ea.cmdidx != CMD_endwhile && ea.cmdidx != CMD_catch && ea.cmdidx != CMD_finally && ea.cmdidx != CMD_endtry) { emsg(_(e_unreachable_code_after_return)); goto erret; } p = skipwhite(p); if (ea.cmdidx != CMD_SIZE && ea.cmdidx != CMD_write && ea.cmdidx != CMD_read) { if (ea.cmdidx >= 0) ea.argt = excmd_get_argt(ea.cmdidx); if ((ea.argt & EX_BANG) && *p == '!') { ea.forceit = TRUE; p = skipwhite(p + 1); } } switch (ea.cmdidx) { case CMD_def: case CMD_function: ea.arg = p; line = compile_nested_function(&ea, &cctx, &line_to_free); break; case CMD_return: line = compile_return(p, check_return_type, local_cmdmod.cmod_flags & CMOD_LEGACY, &cctx); cctx.ctx_had_return = TRUE; break; case CMD_let: emsg(_(e_cannot_use_let_in_vim9_script)); break; case CMD_var: case CMD_final: case CMD_const: case CMD_increment: case CMD_decrement: line = compile_assignment(p, &ea, ea.cmdidx, &cctx); if (line == p) line = NULL; break; case CMD_unlet: case CMD_unlockvar: case CMD_lockvar: line = compile_unletlock(p, &ea, &cctx); break; case CMD_import: emsg(_(e_import_can_only_be_used_in_script)); line = NULL; break; case CMD_if: line = compile_if(p, &cctx); break; case CMD_elseif: line = compile_elseif(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_else: line = compile_else(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_endif: line = compile_endif(p, &cctx); break; case CMD_while: line = compile_while(p, &cctx); break; case CMD_endwhile: line = compile_endwhile(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_for: line = compile_for(p, &cctx); break; case CMD_endfor: line = compile_endfor(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_continue: line = compile_continue(p, &cctx); break; case CMD_break: line = compile_break(p, &cctx); break; case CMD_try: line = compile_try(p, &cctx); break; case CMD_catch: line = compile_catch(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_finally: line = compile_finally(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_endtry: line = compile_endtry(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_throw: line = compile_throw(p, &cctx); break; case CMD_eval: line = compile_eval(p, &cctx); break; case CMD_echo: case CMD_echon: case CMD_execute: case CMD_echomsg: case CMD_echoerr: case CMD_echoconsole: line = compile_mult_expr(p, ea.cmdidx, &cctx); break; case CMD_put: ea.cmd = cmd; line = compile_put(p, &ea, &cctx); break; case CMD_substitute: if (check_global_and_subst(ea.cmd, p) == FAIL) goto erret; if (cctx.ctx_skip == SKIP_YES) line = (char_u *)""""; else { ea.arg = p; line = compile_substitute(line, &ea, &cctx); } break; case CMD_redir: ea.arg = p; line = compile_redir(line, &ea, &cctx); break; case CMD_cexpr: case CMD_lexpr: case CMD_caddexpr: case CMD_laddexpr: case CMD_cgetexpr: case CMD_lgetexpr: #ifdef FEAT_QUICKFIX ea.arg = p; line = compile_cexpr(line, &ea, &cctx); #else ex_ni(&ea); line = NULL; #endif break; case CMD_append: case CMD_change: case CMD_insert: case CMD_k: case CMD_t: case CMD_xit: not_in_vim9(&ea); goto erret; case CMD_SIZE: if (cctx.ctx_skip != SKIP_YES) { semsg(_(e_invalid_command_str), ea.cmd); goto erret; } line = (char_u *)""""; break; case CMD_lua: case CMD_mzscheme: case CMD_perl: case CMD_py3: case CMD_python3: case CMD_python: case CMD_pythonx: case CMD_ruby: case CMD_tcl: ea.arg = p; if (vim_strchr(line, '\n') == NULL) line = compile_exec(line, &ea, &cctx); else line = compile_script(line, &cctx); break; case CMD_global: if (check_global_and_subst(ea.cmd, p) == FAIL) goto erret; default: ea.arg = p; line = compile_exec(line, &ea, &cctx); break; } nextline: if (line == NULL) goto erret; line = skipwhite(line); generate_undo_cmdmods(&cctx); if (cctx.ctx_type_stack.ga_len < 0) { iemsg(""Type stack underflow""); goto erret; } } if (cctx.ctx_scope != NULL) { if (cctx.ctx_scope->se_type == IF_SCOPE) emsg(_(e_missing_endif)); else if (cctx.ctx_scope->se_type == WHILE_SCOPE) emsg(_(e_missing_endwhile)); else if (cctx.ctx_scope->se_type == FOR_SCOPE) emsg(_(e_missing_endfor)); else emsg(_(e_missing_rcurly)); goto erret; } if (!cctx.ctx_had_return) { if (ufunc->uf_ret_type->tt_type == VAR_UNKNOWN) ufunc->uf_ret_type = &t_void; else if (ufunc->uf_ret_type->tt_type != VAR_VOID) { emsg(_(e_missing_return_statement)); goto erret; } generate_instr(&cctx, ISN_RETURN_VOID); } if (emsg_silent == 0 || did_emsg_silent == did_emsg_silent_before) { dfunc_T *dfunc = ((dfunc_T *)def_functions.ga_data) + ufunc->uf_dfunc_idx; dfunc->df_deleted = FALSE; dfunc->df_script_seq = current_sctx.sc_seq; #ifdef FEAT_PROFILE if (cctx.ctx_compile_type == CT_PROFILE) { dfunc->df_instr_prof = instr->ga_data; dfunc->df_instr_prof_count = instr->ga_len; } else #endif if (cctx.ctx_compile_type == CT_DEBUG) { dfunc->df_instr_debug = instr->ga_data; dfunc->df_instr_debug_count = instr->ga_len; } else { dfunc->df_instr = instr->ga_data; dfunc->df_instr_count = instr->ga_len; } dfunc->df_varcount = dfunc->df_var_names.ga_len; dfunc->df_has_closure = cctx.ctx_has_closure; if (cctx.ctx_outer_used) ufunc->uf_flags |= FC_CLOSURE; ufunc->uf_def_status = UF_COMPILED; } ret = OK; erret: if (ufunc->uf_def_status == UF_COMPILING) { dfunc_T *dfunc = ((dfunc_T *)def_functions.ga_data) + ufunc->uf_dfunc_idx; clear_instr_ga(instr); VIM_CLEAR(dfunc->df_name); ga_clear_strings(&dfunc->df_var_names); if (!dfunc->df_deleted && new_def_function && ufunc->uf_dfunc_idx == def_functions.ga_len - 1) { --def_functions.ga_len; ufunc->uf_dfunc_idx = 0; } ufunc->uf_def_status = UF_COMPILE_ERROR; while (cctx.ctx_scope != NULL) drop_scope(&cctx); if (errormsg != NULL) emsg(errormsg); else if (did_emsg == did_emsg_before) emsg(_(e_compiling_def_function_failed)); } if (cctx.ctx_redir_lhs.lhs_name != NULL) { if (ret == OK) { emsg(_(e_missing_redir_end)); ret = FAIL; } vim_free(cctx.ctx_redir_lhs.lhs_name); vim_free(cctx.ctx_redir_lhs.lhs_whole); } current_sctx = save_current_sctx; estack_compiling = save_estack_compiling; cmdmod.cmod_flags = save_cmod_flags; if (do_estack_push) estack_pop(); vim_free(line_to_free); free_imported(&cctx); free_locals(&cctx); ga_clear(&cctx.ctx_type_stack); return ret; }",visit repo url,src/vim9compile.c,https://github.com/vim/vim,218640454166559,1 3505,CWE-787,"static int kwajd_read_headers(struct mspack_system *sys, struct mspack_file *fh, struct mskwajd_header *hdr) { unsigned char buf[16]; int i; if (sys->read(fh, &buf[0], kwajh_SIZEOF) != kwajh_SIZEOF) { return MSPACK_ERR_READ; } if (((unsigned int) EndGetI32(&buf[kwajh_Signature1]) != 0x4A41574B) || ((unsigned int) EndGetI32(&buf[kwajh_Signature2]) != 0xD127F088)) { return MSPACK_ERR_SIGNATURE; } hdr->comp_type = EndGetI16(&buf[kwajh_CompMethod]); hdr->data_offset = EndGetI16(&buf[kwajh_DataOffset]); hdr->headers = EndGetI16(&buf[kwajh_Flags]); hdr->length = 0; hdr->filename = NULL; hdr->extra = NULL; hdr->extra_length = 0; if (hdr->headers & MSKWAJ_HDR_HASLENGTH) { if (sys->read(fh, &buf[0], 4) != 4) return MSPACK_ERR_READ; hdr->length = EndGetI32(&buf[0]); } if (hdr->headers & MSKWAJ_HDR_HASUNKNOWN1) { if (sys->read(fh, &buf[0], 2) != 2) return MSPACK_ERR_READ; } if (hdr->headers & MSKWAJ_HDR_HASUNKNOWN2) { if (sys->read(fh, &buf[0], 2) != 2) return MSPACK_ERR_READ; i = EndGetI16(&buf[0]); if (sys->seek(fh, (off_t)i, MSPACK_SYS_SEEK_CUR)) return MSPACK_ERR_SEEK; } if (hdr->headers & (MSKWAJ_HDR_HASFILENAME | MSKWAJ_HDR_HASFILEEXT)) { off_t pos = sys->tell(fh); char *fn = (char *) sys->alloc(sys, (size_t) 13); if (! fn) return MSPACK_ERR_NOMEMORY; hdr->filename = fn; if (hdr->headers & MSKWAJ_HDR_HASFILENAME) { if (sys->read(fh, &buf[0], 9) != 9) return MSPACK_ERR_READ; for (i = 0; i < 9; i++, fn++) if (!(*fn = buf[i])) break; pos += (i < 9) ? i+1 : 9; if (sys->seek(fh, pos, MSPACK_SYS_SEEK_START)) return MSPACK_ERR_SEEK; } if (hdr->headers & MSKWAJ_HDR_HASFILEEXT) { *fn++ = '.'; if (sys->read(fh, &buf[0], 4) != 4) return MSPACK_ERR_READ; for (i = 0; i < 4; i++, fn++) if (!(*fn = buf[i])) break; pos += (i < 4) ? i+1 : 4; if (sys->seek(fh, pos, MSPACK_SYS_SEEK_START)) return MSPACK_ERR_SEEK; } *fn = '\0'; } if (hdr->headers & MSKWAJ_HDR_HASEXTRATEXT) { if (sys->read(fh, &buf[0], 2) != 2) return MSPACK_ERR_READ; i = EndGetI16(&buf[0]); hdr->extra = (char *) sys->alloc(sys, (size_t)i+1); if (! hdr->extra) return MSPACK_ERR_NOMEMORY; if (sys->read(fh, hdr->extra, i) != i) return MSPACK_ERR_READ; hdr->extra[i] = '\0'; hdr->extra_length = i; } return MSPACK_ERR_OK; }",visit repo url,libmspack/mspack/kwajd.c,https://github.com/kyz/libmspack,49312306119916,1 5421,['CWE-476'],"void realmode_lmsw(struct kvm_vcpu *vcpu, unsigned long msw, unsigned long *rflags) { kvm_lmsw(vcpu, msw); *rflags = kvm_x86_ops->get_rflags(vcpu); }",linux-2.6,,,71590920887997140461043423072131132464,0 5330,CWE-674,"static int match(Reinst *pc, const char *sp, const char *bol, int flags, Resub *out) { Resub scratch; int i; Rune c; for (;;) { switch (pc->opcode) { case I_END: return 1; case I_JUMP: pc = pc->x; break; case I_SPLIT: scratch = *out; if (match(pc->x, sp, bol, flags, &scratch)) { *out = scratch; return 1; } pc = pc->y; break; case I_PLA: if (!match(pc->x, sp, bol, flags, out)) return 0; pc = pc->y; break; case I_NLA: scratch = *out; if (match(pc->x, sp, bol, flags, &scratch)) return 0; pc = pc->y; break; case I_ANYNL: sp += chartorune(&c, sp); if (c == 0) return 0; pc = pc + 1; break; case I_ANY: sp += chartorune(&c, sp); if (c == 0) return 0; if (isnewline(c)) return 0; pc = pc + 1; break; case I_CHAR: sp += chartorune(&c, sp); if (c == 0) return 0; if (flags & REG_ICASE) c = canon(c); if (c != pc->c) return 0; pc = pc + 1; break; case I_CCLASS: sp += chartorune(&c, sp); if (c == 0) return 0; if (flags & REG_ICASE) { if (!incclasscanon(pc->cc, canon(c))) return 0; } else { if (!incclass(pc->cc, c)) return 0; } pc = pc + 1; break; case I_NCCLASS: sp += chartorune(&c, sp); if (c == 0) return 0; if (flags & REG_ICASE) { if (incclasscanon(pc->cc, canon(c))) return 0; } else { if (incclass(pc->cc, c)) return 0; } pc = pc + 1; break; case I_REF: i = out->sub[pc->n].ep - out->sub[pc->n].sp; if (flags & REG_ICASE) { if (strncmpcanon(sp, out->sub[pc->n].sp, i)) return 0; } else { if (strncmp(sp, out->sub[pc->n].sp, i)) return 0; } if (i > 0) sp += i; pc = pc + 1; break; case I_BOL: if (sp == bol && !(flags & REG_NOTBOL)) { pc = pc + 1; break; } if (flags & REG_NEWLINE) { if (sp > bol && isnewline(sp[-1])) { pc = pc + 1; break; } } return 0; case I_EOL: if (*sp == 0) { pc = pc + 1; break; } if (flags & REG_NEWLINE) { if (isnewline(*sp)) { pc = pc + 1; break; } } return 0; case I_WORD: i = sp > bol && iswordchar(sp[-1]); i ^= iswordchar(sp[0]); if (!i) return 0; pc = pc + 1; break; case I_NWORD: i = sp > bol && iswordchar(sp[-1]); i ^= iswordchar(sp[0]); if (i) return 0; pc = pc + 1; break; case I_LPAR: out->sub[pc->n].sp = sp; pc = pc + 1; break; case I_RPAR: out->sub[pc->n].ep = sp; pc = pc + 1; break; default: return 0; } } }",visit repo url,regexp.c,https://github.com/ccxvii/mujs,8778109961177,1 3378,['CWE-399'],"static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags) { int ret; if (unlikely(!out->f_op || !out->f_op->splice_write)) return -EINVAL; if (unlikely(!(out->f_mode & FMODE_WRITE))) return -EBADF; ret = rw_verify_area(WRITE, out, ppos, len); if (unlikely(ret < 0)) return ret; ret = security_file_permission(out, MAY_WRITE); if (unlikely(ret < 0)) return ret; return out->f_op->splice_write(pipe, out, ppos, len, flags); }",linux-2.6,,,120494597713070878600237456219291695853,0 4121,['CWE-399'],"static struct bsg_device *bsg_add_device(struct inode *inode, struct request_queue *rq, struct file *file) { struct bsg_device *bd; int ret; #ifdef BSG_DEBUG unsigned char buf[32]; #endif ret = blk_get_queue(rq); if (ret) return ERR_PTR(-ENXIO); bd = bsg_alloc_device(); if (!bd) { blk_put_queue(rq); return ERR_PTR(-ENOMEM); } bd->queue = rq; bsg_set_block(bd, file); atomic_set(&bd->ref_count, 1); mutex_lock(&bsg_mutex); hlist_add_head(&bd->dev_list, bsg_dev_idx_hash(iminor(inode))); strncpy(bd->name, rq->bsg_dev.class_dev->bus_id, sizeof(bd->name) - 1); dprintk(""bound to <%s>, max queue %d\n"", format_dev_t(buf, inode->i_rdev), bd->max_queue); mutex_unlock(&bsg_mutex); return bd; }",linux-2.6,,,149073949063668627844085107591573393134,0 3900,['CWE-399'],"static void tda985x_setmode(struct CHIPSTATE *chip, int mode) { int update = 1; int c6 = chip->shadow.bytes[TDA985x_C6+1] & 0x3f; switch (mode) { case V4L2_TUNER_MODE_MONO: c6 |= TDA985x_MONO; break; case V4L2_TUNER_MODE_STEREO: c6 |= TDA985x_STEREO; break; case V4L2_TUNER_MODE_LANG1: c6 |= TDA985x_SAP; break; default: update = 0; } if (update) chip_write(chip,TDA985x_C6,c6); }",linux-2.6,,,242869522224402021458081981494832119121,0 1754,[],"static void __sched_fork(struct task_struct *p) { p->se.exec_start = 0; p->se.sum_exec_runtime = 0; p->se.prev_sum_exec_runtime = 0; p->se.last_wakeup = 0; p->se.avg_overlap = 0; #ifdef CONFIG_SCHEDSTATS p->se.wait_start = 0; p->se.sum_sleep_runtime = 0; p->se.sleep_start = 0; p->se.block_start = 0; p->se.sleep_max = 0; p->se.block_max = 0; p->se.exec_max = 0; p->se.slice_max = 0; p->se.wait_max = 0; #endif INIT_LIST_HEAD(&p->rt.run_list); p->se.on_rq = 0; INIT_LIST_HEAD(&p->se.group_node); #ifdef CONFIG_PREEMPT_NOTIFIERS INIT_HLIST_HEAD(&p->preempt_notifiers); #endif p->state = TASK_RUNNING; }",linux-2.6,,,261408464030316201088108515098713852603,0 1793,NVD-CWE-Other,"static int replace_map_fd_with_map_ptr(struct verifier_env *env) { struct bpf_insn *insn = env->prog->insnsi; int insn_cnt = env->prog->len; int i, j; for (i = 0; i < insn_cnt; i++, insn++) { if (BPF_CLASS(insn->code) == BPF_LDX && (BPF_MODE(insn->code) != BPF_MEM || insn->imm != 0)) { verbose(""BPF_LDX uses reserved fields\n""); return -EINVAL; } if (BPF_CLASS(insn->code) == BPF_STX && ((BPF_MODE(insn->code) != BPF_MEM && BPF_MODE(insn->code) != BPF_XADD) || insn->imm != 0)) { verbose(""BPF_STX uses reserved fields\n""); return -EINVAL; } if (insn[0].code == (BPF_LD | BPF_IMM | BPF_DW)) { struct bpf_map *map; struct fd f; if (i == insn_cnt - 1 || insn[1].code != 0 || insn[1].dst_reg != 0 || insn[1].src_reg != 0 || insn[1].off != 0) { verbose(""invalid bpf_ld_imm64 insn\n""); return -EINVAL; } if (insn->src_reg == 0) goto next_insn; if (insn->src_reg != BPF_PSEUDO_MAP_FD) { verbose(""unrecognized bpf_ld_imm64 insn\n""); return -EINVAL; } f = fdget(insn->imm); map = __bpf_map_get(f); if (IS_ERR(map)) { verbose(""fd %d is not pointing to valid bpf_map\n"", insn->imm); fdput(f); return PTR_ERR(map); } insn[0].imm = (u32) (unsigned long) map; insn[1].imm = ((u64) (unsigned long) map) >> 32; for (j = 0; j < env->used_map_cnt; j++) if (env->used_maps[j] == map) { fdput(f); goto next_insn; } if (env->used_map_cnt >= MAX_USED_MAPS) { fdput(f); return -E2BIG; } env->used_maps[env->used_map_cnt++] = map; bpf_map_inc(map, false); fdput(f); next_insn: insn++; i++; } } return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,260875062791810,1 5689,['CWE-476'],"static int do_udp_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen) { struct udp_sock *up = udp_sk(sk); int val; int err = 0; if(optlencorkflag = 1; } else { up->corkflag = 0; lock_sock(sk); udp_push_pending_frames(sk, up); release_sock(sk); } break; case UDP_ENCAP: switch (val) { case 0: case UDP_ENCAP_ESPINUDP: case UDP_ENCAP_ESPINUDP_NON_IKE: up->encap_type = val; break; default: err = -ENOPROTOOPT; break; } break; default: err = -ENOPROTOOPT; break; }; return err; }",linux-2.6,,,88087625149357887851018832040962576813,0 2382,['CWE-119'],"struct commit *get_revision(struct rev_info *revs) { struct commit *c = get_revision_internal(revs); if (c && revs->graph) graph_update(revs->graph, c); return c; }",git,,,291090268477846821089377235770468565261,0 2508,CWE-20,"sds genRedisInfoString(void) { sds info; time_t uptime = time(NULL)-server.stat_starttime; int j; char hmem[64]; struct rusage self_ru, c_ru; getrusage(RUSAGE_SELF, &self_ru); getrusage(RUSAGE_CHILDREN, &c_ru); bytesToHuman(hmem,zmalloc_used_memory()); info = sdscatprintf(sdsempty(), ""redis_version:%s\r\n"" ""redis_git_sha1:%s\r\n"" ""redis_git_dirty:%d\r\n"" ""arch_bits:%s\r\n"" ""multiplexing_api:%s\r\n"" ""process_id:%ld\r\n"" ""uptime_in_seconds:%ld\r\n"" ""uptime_in_days:%ld\r\n"" ""lru_clock:%ld\r\n"" ""used_cpu_sys:%.2f\r\n"" ""used_cpu_user:%.2f\r\n"" ""used_cpu_sys_childrens:%.2f\r\n"" ""used_cpu_user_childrens:%.2f\r\n"" ""connected_clients:%d\r\n"" ""connected_slaves:%d\r\n"" ""blocked_clients:%d\r\n"" ""used_memory:%zu\r\n"" ""used_memory_human:%s\r\n"" ""used_memory_rss:%zu\r\n"" ""mem_fragmentation_ratio:%.2f\r\n"" ""use_tcmalloc:%d\r\n"" ""loading:%d\r\n"" ""aof_enabled:%d\r\n"" ""changes_since_last_save:%lld\r\n"" ""bgsave_in_progress:%d\r\n"" ""last_save_time:%ld\r\n"" ""bgrewriteaof_in_progress:%d\r\n"" ""total_connections_received:%lld\r\n"" ""total_commands_processed:%lld\r\n"" ""expired_keys:%lld\r\n"" ""evicted_keys:%lld\r\n"" ""keyspace_hits:%lld\r\n"" ""keyspace_misses:%lld\r\n"" ""hash_max_zipmap_entries:%zu\r\n"" ""hash_max_zipmap_value:%zu\r\n"" ""pubsub_channels:%ld\r\n"" ""pubsub_patterns:%u\r\n"" ""vm_enabled:%d\r\n"" ""role:%s\r\n"" ,REDIS_VERSION, redisGitSHA1(), strtol(redisGitDirty(),NULL,10) > 0, (sizeof(long) == 8) ? ""64"" : ""32"", aeGetApiName(), (long) getpid(), uptime, uptime/(3600*24), (unsigned long) server.lruclock, (float)self_ru.ru_utime.tv_sec+(float)self_ru.ru_utime.tv_usec/1000000, (float)self_ru.ru_stime.tv_sec+(float)self_ru.ru_stime.tv_usec/1000000, (float)c_ru.ru_utime.tv_sec+(float)c_ru.ru_utime.tv_usec/1000000, (float)c_ru.ru_stime.tv_sec+(float)c_ru.ru_stime.tv_usec/1000000, listLength(server.clients)-listLength(server.slaves), listLength(server.slaves), server.bpop_blocked_clients, zmalloc_used_memory(), hmem, zmalloc_get_rss(), zmalloc_get_fragmentation_ratio(), #ifdef USE_TCMALLOC 1, #else 0, #endif server.loading, server.appendonly, server.dirty, server.bgsavechildpid != -1, server.lastsave, server.bgrewritechildpid != -1, server.stat_numconnections, server.stat_numcommands, server.stat_expiredkeys, server.stat_evictedkeys, server.stat_keyspace_hits, server.stat_keyspace_misses, server.hash_max_zipmap_entries, server.hash_max_zipmap_value, dictSize(server.pubsub_channels), listLength(server.pubsub_patterns), server.vm_enabled != 0, server.masterhost == NULL ? ""master"" : ""slave"" ); if (server.masterhost) { info = sdscatprintf(info, ""master_host:%s\r\n"" ""master_port:%d\r\n"" ""master_link_status:%s\r\n"" ""master_last_io_seconds_ago:%d\r\n"" ""master_sync_in_progress:%d\r\n"" ,server.masterhost, server.masterport, (server.replstate == REDIS_REPL_CONNECTED) ? ""up"" : ""down"", server.master ? ((int)(time(NULL)-server.master->lastinteraction)) : -1, server.replstate == REDIS_REPL_TRANSFER ); if (server.replstate == REDIS_REPL_TRANSFER) { info = sdscatprintf(info, ""master_sync_left_bytes:%ld\r\n"" ""master_sync_last_io_seconds_ago:%d\r\n"" ,(long)server.repl_transfer_left, (int)(time(NULL)-server.repl_transfer_lastio) ); } } if (server.vm_enabled) { lockThreadedIO(); info = sdscatprintf(info, ""vm_conf_max_memory:%llu\r\n"" ""vm_conf_page_size:%llu\r\n"" ""vm_conf_pages:%llu\r\n"" ""vm_stats_used_pages:%llu\r\n"" ""vm_stats_swapped_objects:%llu\r\n"" ""vm_stats_swappin_count:%llu\r\n"" ""vm_stats_swappout_count:%llu\r\n"" ""vm_stats_io_newjobs_len:%lu\r\n"" ""vm_stats_io_processing_len:%lu\r\n"" ""vm_stats_io_processed_len:%lu\r\n"" ""vm_stats_io_active_threads:%lu\r\n"" ""vm_stats_blocked_clients:%lu\r\n"" ,(unsigned long long) server.vm_max_memory, (unsigned long long) server.vm_page_size, (unsigned long long) server.vm_pages, (unsigned long long) server.vm_stats_used_pages, (unsigned long long) server.vm_stats_swapped_objects, (unsigned long long) server.vm_stats_swapins, (unsigned long long) server.vm_stats_swapouts, (unsigned long) listLength(server.io_newjobs), (unsigned long) listLength(server.io_processing), (unsigned long) listLength(server.io_processed), (unsigned long) server.io_active_threads, (unsigned long) server.vm_blocked_clients ); unlockThreadedIO(); } if (server.loading) { double perc; time_t eta, elapsed; off_t remaining_bytes = server.loading_total_bytes- server.loading_loaded_bytes; perc = ((double)server.loading_loaded_bytes / server.loading_total_bytes) * 100; elapsed = time(NULL)-server.loading_start_time; if (elapsed == 0) { eta = 1; } else { eta = (elapsed*remaining_bytes)/server.loading_loaded_bytes; } info = sdscatprintf(info, ""loading_start_time:%ld\r\n"" ""loading_total_bytes:%llu\r\n"" ""loading_loaded_bytes:%llu\r\n"" ""loading_loaded_perc:%.2f\r\n"" ""loading_eta_seconds:%ld\r\n"" ,(unsigned long) server.loading_start_time, (unsigned long long) server.loading_total_bytes, (unsigned long long) server.loading_loaded_bytes, perc, eta ); } for (j = 0; j < server.dbnum; j++) { long long keys, vkeys; keys = dictSize(server.db[j].dict); vkeys = dictSize(server.db[j].expires); if (keys || vkeys) { info = sdscatprintf(info, ""db%d:keys=%lld,expires=%lld\r\n"", j, keys, vkeys); } } return info; }",visit repo url,src/redis.c,https://github.com/antirez/redis,185320396536309,1 1519,[],"static int effective_prio(struct task_struct *p) { p->normal_prio = normal_prio(p); if (!rt_prio(p->prio)) return p->normal_prio; return p->prio; }",linux-2.6,,,324466293269738186282164570749780863791,0 3559,['CWE-20'],"struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, const struct sctp_chunk *chunk, const void *payload, const size_t paylen) { struct sctp_chunk *retval; retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); if (!retval) goto nodata; retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); if (chunk) retval->transport = chunk->transport; nodata: return retval; }",linux-2.6,,,116785238168393244610458728597879996481,0 4854,CWE-415,"static int read_private_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; const sc_acl_entry_t *e; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I0012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select private key file: %s\n"", sc_strerror(r)); return 2; } e = sc_file_get_acl_entry(file, SC_AC_OP_READ); if (e == NULL || e->method == SC_AC_NEVER) return 10; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read private key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_private_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,178422530736789,1 5966,['CWE-200'],"static int addrconf_ifdown(struct net_device *dev, int how) { struct inet6_dev *idev; struct inet6_ifaddr *ifa, **bifa; int i; ASSERT_RTNL(); if (dev == &loopback_dev && how == 1) how = 0; rt6_ifdown(dev); neigh_ifdown(&nd_tbl, dev); idev = __in6_dev_get(dev); if (idev == NULL) return -ENODEV; if (how == 1) { write_lock_bh(&addrconf_lock); dev->ip6_ptr = NULL; idev->dead = 1; write_unlock_bh(&addrconf_lock); snmp6_unregister_dev(idev); } for (i=0; iidev == idev) { *bifa = ifa->lst_next; ifa->lst_next = NULL; addrconf_del_timer(ifa); in6_ifa_put(ifa); continue; } bifa = &ifa->lst_next; } write_unlock_bh(&addrconf_hash_lock); } write_lock_bh(&idev->lock); if (how != 1) idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD); #ifdef CONFIG_IPV6_PRIVACY if (how == 1 && del_timer(&idev->regen_timer)) in6_dev_put(idev); while ((ifa = idev->tempaddr_list) != NULL) { idev->tempaddr_list = ifa->tmp_next; ifa->tmp_next = NULL; ifa->dead = 1; write_unlock_bh(&idev->lock); spin_lock_bh(&ifa->lock); if (ifa->ifpub) { in6_ifa_put(ifa->ifpub); ifa->ifpub = NULL; } spin_unlock_bh(&ifa->lock); in6_ifa_put(ifa); write_lock_bh(&idev->lock); } #endif while ((ifa = idev->addr_list) != NULL) { idev->addr_list = ifa->if_next; ifa->if_next = NULL; ifa->dead = 1; addrconf_del_timer(ifa); write_unlock_bh(&idev->lock); __ipv6_ifa_notify(RTM_DELADDR, ifa); in6_ifa_put(ifa); write_lock_bh(&idev->lock); } write_unlock_bh(&idev->lock); if (how == 1) ipv6_mc_destroy_dev(idev); else ipv6_mc_down(idev); idev->tstamp = jiffies; inet6_ifinfo_notify(RTM_NEWLINK, idev); if (how == 1) { #ifdef CONFIG_SYSCTL addrconf_sysctl_unregister(&idev->cnf); neigh_sysctl_unregister(idev->nd_parms); #endif neigh_parms_release(&nd_tbl, idev->nd_parms); neigh_ifdown(&nd_tbl, dev); in6_dev_put(idev); } return 0; }",linux-2.6,,,163466720342415814944967773932131059157,0 658,[],"static int do_dccp_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen) { struct dccp_sock *dp = dccp_sk(sk); int val, err = 0; if (optlen < sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; if (optname == DCCP_SOCKOPT_SERVICE) return dccp_setsockopt_service(sk, val, optval, optlen); lock_sock(sk); switch (optname) { case DCCP_SOCKOPT_PACKET_SIZE: DCCP_WARN(""sockopt(PACKET_SIZE) is deprecated: fix your app\n""); err = 0; break; case DCCP_SOCKOPT_CHANGE_L: if (optlen != sizeof(struct dccp_so_feat)) err = -EINVAL; else err = dccp_setsockopt_change(sk, DCCPO_CHANGE_L, (struct dccp_so_feat __user *) optval); break; case DCCP_SOCKOPT_CHANGE_R: if (optlen != sizeof(struct dccp_so_feat)) err = -EINVAL; else err = dccp_setsockopt_change(sk, DCCPO_CHANGE_R, (struct dccp_so_feat __user *) optval); break; case DCCP_SOCKOPT_SEND_CSCOV: if (val < 0 || val > 15) err = -EINVAL; else dp->dccps_pcslen = val; break; case DCCP_SOCKOPT_RECV_CSCOV: if (val < 0 || val > 15) err = -EINVAL; else { dp->dccps_pcrlen = val; } break; default: err = -ENOPROTOOPT; break; } release_sock(sk); return err; }",linux-2.6,,,291146550168689169292527734204753345371,0 5464,['CWE-476'],"static int emulator_write_emulated_onepage(unsigned long addr, const void *val, unsigned int bytes, struct kvm_vcpu *vcpu) { struct kvm_io_device *mmio_dev; gpa_t gpa; gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, addr); if (gpa == UNMAPPED_GVA) { kvm_inject_page_fault(vcpu, addr, 2); return X86EMUL_PROPAGATE_FAULT; } if ((gpa & PAGE_MASK) == APIC_DEFAULT_PHYS_BASE) goto mmio; if (emulator_write_phys(vcpu, gpa, val, bytes)) return X86EMUL_CONTINUE; mmio: mutex_lock(&vcpu->kvm->lock); mmio_dev = vcpu_find_mmio_dev(vcpu, gpa, bytes, 1); if (mmio_dev) { kvm_iodevice_write(mmio_dev, gpa, bytes, val); mutex_unlock(&vcpu->kvm->lock); return X86EMUL_CONTINUE; } mutex_unlock(&vcpu->kvm->lock); vcpu->mmio_needed = 1; vcpu->mmio_phys_addr = gpa; vcpu->mmio_size = bytes; vcpu->mmio_is_write = 1; memcpy(vcpu->mmio_data, val, bytes); return X86EMUL_CONTINUE; }",linux-2.6,,,7579800095105817252762852570291087233,0 6395,['CWE-59'],"static int get_password_from_file(int file_descript, char * filename) { int rc = 0; int i; char c; if(mountpassword == NULL) mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1); else memset(mountpassword, 0, MOUNT_PASSWD_SIZE); if (mountpassword == NULL) { fprintf(stderr, ""malloc failed\n""); exit(EX_SYSERR); } if(filename != NULL) { rc = access(filename, R_OK); if (rc) { fprintf(stderr, ""mount.cifs failed: access check of %s failed: %s\n"", filename, strerror(errno)); exit(EX_SYSERR); } file_descript = open(filename, O_RDONLY); if(file_descript < 0) { fprintf(stderr, ""mount.cifs failed. %s attempting to open password file %s\n"", strerror(errno),filename); exit(EX_SYSERR); } } for(i=0;i> 1; if (numrows > 1) { lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { hptr[0] -= lptr[0]; hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { hptr[0] -= (lptr[0] + lptr[stride]) >> 1; hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { hptr[0] -= lptr[0]; } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr[0] += (hptr[0] + 1) >> 1; lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr[0] += (hptr[0] + hptr[stride] + 2) >> 2; lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr[0] += (hptr[0] + 1) >> 1; } } else { if (parity) { lptr = &a[0]; lptr[0] <<= 1; } } }",jasper,,,150908632071805048379310217254122078765,0 5739,['CWE-200'],"static int irda_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags) { struct sock *sk = sock->sk; struct sockaddr_irda *addr = (struct sockaddr_irda *) uaddr; struct irda_sock *self = irda_sk(sk); int err; IRDA_DEBUG(2, ""%s(%p)\n"", __func__, self); if ((sk->sk_type == SOCK_DGRAM) && (sk->sk_protocol == IRDAPROTO_ULTRA)) return -ESOCKTNOSUPPORT; if (sk->sk_state == TCP_ESTABLISHED && sock->state == SS_CONNECTING) { sock->state = SS_CONNECTED; return 0; } if (sk->sk_state == TCP_CLOSE && sock->state == SS_CONNECTING) { sock->state = SS_UNCONNECTED; return -ECONNREFUSED; } if (sk->sk_state == TCP_ESTABLISHED) return -EISCONN; sk->sk_state = TCP_CLOSE; sock->state = SS_UNCONNECTED; if (addr_len != sizeof(struct sockaddr_irda)) return -EINVAL; if ((!addr->sir_addr) || (addr->sir_addr == DEV_ADDR_ANY)) { err = irda_discover_daddr_and_lsap_sel(self, addr->sir_name); if (err) { IRDA_DEBUG(0, ""%s(), auto-connect failed!\n"", __func__); return err; } } else { self->daddr = addr->sir_addr; IRDA_DEBUG(1, ""%s(), daddr = %08x\n"", __func__, self->daddr); if((addr->sir_name[0] != '\0') || (addr->sir_lsap_sel >= 0x70)) { err = irda_find_lsap_sel(self, addr->sir_name); if (err) { IRDA_DEBUG(0, ""%s(), connect failed!\n"", __func__); return err; } } else { self->dtsap_sel = addr->sir_lsap_sel; } } if (!self->tsap) irda_open_tsap(self, LSAP_ANY, addr->sir_name); sock->state = SS_CONNECTING; sk->sk_state = TCP_SYN_SENT; err = irttp_connect_request(self->tsap, self->dtsap_sel, self->saddr, self->daddr, NULL, self->max_sdu_size_rx, NULL); if (err) { IRDA_DEBUG(0, ""%s(), connect failed!\n"", __func__); return err; } if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) return -EINPROGRESS; if (wait_event_interruptible(*(sk->sk_sleep), (sk->sk_state != TCP_SYN_SENT))) return -ERESTARTSYS; if (sk->sk_state != TCP_ESTABLISHED) { sock->state = SS_UNCONNECTED; err = sock_error(sk); return err? err : -ECONNRESET; } sock->state = SS_CONNECTED; self->saddr = irttp_get_saddr(self->tsap); return 0; }",linux-2.6,,,178099908447917320051948600173125641407,0 2463,['CWE-119'],"static void diff_flush_raw(struct diff_filepair *p, struct diff_options *opt) { int line_termination = opt->line_termination; int inter_name_termination = line_termination ? '\t' : '\0'; if (!(opt->output_format & DIFF_FORMAT_NAME_STATUS)) { fprintf(opt->file, "":%06o %06o %s "", p->one->mode, p->two->mode, diff_unique_abbrev(p->one->sha1, opt->abbrev)); fprintf(opt->file, ""%s "", diff_unique_abbrev(p->two->sha1, opt->abbrev)); } if (p->score) { fprintf(opt->file, ""%c%03d%c"", p->status, similarity_index(p), inter_name_termination); } else { fprintf(opt->file, ""%c%c"", p->status, inter_name_termination); } if (p->status == DIFF_STATUS_COPIED || p->status == DIFF_STATUS_RENAMED) { const char *name_a, *name_b; name_a = p->one->path; name_b = p->two->path; strip_prefix(opt->prefix_length, &name_a, &name_b); write_name_quoted(name_a, opt->file, inter_name_termination); write_name_quoted(name_b, opt->file, line_termination); } else { const char *name_a, *name_b; name_a = p->one->mode ? p->one->path : p->two->path; name_b = NULL; strip_prefix(opt->prefix_length, &name_a, &name_b); write_name_quoted(name_a, opt->file, line_termination); } }",git,,,297502833885162465578378200670538834836,0 6028,['CWE-200'],"static void addrconf_forward_change(void) { struct net_device *dev; struct inet6_dev *idev; read_lock(&dev_base_lock); for (dev=dev_base; dev; dev=dev->next) { read_lock(&addrconf_lock); idev = __in6_dev_get(dev); if (idev) { int changed = (!idev->cnf.forwarding) ^ (!ipv6_devconf.forwarding); idev->cnf.forwarding = ipv6_devconf.forwarding; if (changed) dev_forward_change(idev); } read_unlock(&addrconf_lock); } read_unlock(&dev_base_lock); }",linux-2.6,,,188141927951884716056710232545886303266,0 1738,[],"static void init_sched_groups_power(int cpu, struct sched_domain *sd) { struct sched_domain *child; struct sched_group *group; WARN_ON(!sd || !sd->groups); if (cpu != first_cpu(sd->groups->cpumask)) return; child = sd->child; sd->groups->__cpu_power = 0; if (!child || (!(sd->flags & SD_POWERSAVINGS_BALANCE) && (child->flags & (SD_SHARE_CPUPOWER | SD_SHARE_PKG_RESOURCES)))) { sg_inc_cpu_power(sd->groups, SCHED_LOAD_SCALE); return; } group = child->groups; do { sg_inc_cpu_power(sd->groups, group->__cpu_power); group = group->next; } while (group != child->groups); }",linux-2.6,,,73208741651417650702226717349822786215,0 2324,['CWE-120'],"int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, int mode) { int error = may_create(dir, dentry, NULL); if (error) return error; if (!dir->i_op || !dir->i_op->symlink) return -EPERM; error = security_inode_symlink(dir, dentry, oldname); if (error) return error; DQUOT_INIT(dir); error = dir->i_op->symlink(dir, dentry, oldname); if (!error) fsnotify_create(dir, dentry); return error; }",linux-2.6,,,12245138016232578573788313856030008851,0 4591,CWE-190,"static s32 gf_hevc_read_pps_bs_internal(GF_BitStream *bs, HEVCState *hevc) { u32 i; s32 pps_id; HEVC_PPS *pps; pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if ((pps_id < 0) || (pps_id >= 64)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] wrong PPS ID %d in PPS\n"", pps_id)); return -1; } pps = &hevc->pps[pps_id]; if (!pps->state) { pps->id = pps_id; pps->state = 1; } pps->sps_id = gf_bs_read_ue_log(bs, ""sps_id""); if (pps->sps_id >= 16) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] wrong SPS ID %d in PPS\n"", pps->sps_id)); pps->sps_id=0; return -1; } hevc->sps_active_idx = pps->sps_id; pps->dependent_slice_segments_enabled_flag = gf_bs_read_int_log(bs, 1, ""dependent_slice_segments_enabled_flag""); pps->output_flag_present_flag = gf_bs_read_int_log(bs, 1, ""output_flag_present_flag""); pps->num_extra_slice_header_bits = gf_bs_read_int_log(bs, 3, ""num_extra_slice_header_bits""); pps->sign_data_hiding_flag = gf_bs_read_int_log(bs, 1, ""sign_data_hiding_flag""); pps->cabac_init_present_flag = gf_bs_read_int_log(bs, 1, ""cabac_init_present_flag""); pps->num_ref_idx_l0_default_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l0_default_active""); pps->num_ref_idx_l1_default_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l1_default_active""); pps->pic_init_qp_minus26 = gf_bs_read_se_log(bs, ""pic_init_qp_minus26""); pps->constrained_intra_pred_flag = gf_bs_read_int_log(bs, 1, ""constrained_intra_pred_flag""); pps->transform_skip_enabled_flag = gf_bs_read_int_log(bs, 1, ""transform_skip_enabled_flag""); if ((pps->cu_qp_delta_enabled_flag = gf_bs_read_int_log(bs, 1, ""cu_qp_delta_enabled_flag""))) pps->diff_cu_qp_delta_depth = gf_bs_read_ue_log(bs, ""diff_cu_qp_delta_depth""); pps->pic_cb_qp_offset = gf_bs_read_se_log(bs, ""pic_cb_qp_offset""); pps->pic_cr_qp_offset = gf_bs_read_se_log(bs, ""pic_cr_qp_offset""); pps->slice_chroma_qp_offsets_present_flag = gf_bs_read_int_log(bs, 1, ""slice_chroma_qp_offsets_present_flag""); pps->weighted_pred_flag = gf_bs_read_int_log(bs, 1, ""weighted_pred_flag""); pps->weighted_bipred_flag = gf_bs_read_int_log(bs, 1, ""weighted_bipred_flag""); pps->transquant_bypass_enable_flag = gf_bs_read_int_log(bs, 1, ""transquant_bypass_enable_flag""); pps->tiles_enabled_flag = gf_bs_read_int_log(bs, 1, ""tiles_enabled_flag""); pps->entropy_coding_sync_enabled_flag = gf_bs_read_int_log(bs, 1, ""entropy_coding_sync_enabled_flag""); if (pps->tiles_enabled_flag) { pps->num_tile_columns = 1 + gf_bs_read_ue_log(bs, ""num_tile_columns_minus1""); pps->num_tile_rows = 1 + gf_bs_read_ue_log(bs, ""num_tile_rows_minus1""); pps->uniform_spacing_flag = gf_bs_read_int_log(bs, 1, ""uniform_spacing_flag""); if (!pps->uniform_spacing_flag) { for (i = 0; i < pps->num_tile_columns - 1; i++) { pps->column_width[i] = 1 + gf_bs_read_ue_log_idx(bs, ""column_width_minus1"", i); } for (i = 0; i < pps->num_tile_rows - 1; i++) { pps->row_height[i] = 1 + gf_bs_read_ue_log_idx(bs, ""row_height_minus1"", i); } } pps->loop_filter_across_tiles_enabled_flag = gf_bs_read_int_log(bs, 1, ""loop_filter_across_tiles_enabled_flag""); } pps->loop_filter_across_slices_enabled_flag = gf_bs_read_int_log(bs, 1, ""loop_filter_across_slices_enabled_flag""); if ((pps->deblocking_filter_control_present_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_control_present_flag""))) { pps->deblocking_filter_override_enabled_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_override_enabled_flag""); if (! (pps->pic_disable_deblocking_filter_flag = gf_bs_read_int_log(bs, 1, ""pic_disable_deblocking_filter_flag""))) { pps->beta_offset_div2 = gf_bs_read_se_log(bs, ""beta_offset_div2""); pps->tc_offset_div2 = gf_bs_read_se_log(bs, ""tc_offset_div2""); } } if ((pps->pic_scaling_list_data_present_flag = gf_bs_read_int_log(bs, 1, ""pic_scaling_list_data_present_flag""))) { hevc_scaling_list_data(bs); } pps->lists_modification_present_flag = gf_bs_read_int_log(bs, 1, ""lists_modification_present_flag""); pps->log2_parallel_merge_level_minus2 = gf_bs_read_ue_log(bs, ""log2_parallel_merge_level_minus2""); pps->slice_segment_header_extension_present_flag = gf_bs_read_int_log(bs, 1, ""slice_segment_header_extension_present_flag""); if (gf_bs_read_int_log(bs, 1, ""pps_extension_flag"")) { #if 0 while (gf_bs_available(bs)) { gf_bs_read_int(bs, 1); } #endif } return pps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,258780298581047,1 6609,CWE-787,"static int parse_json(ogs_sbi_message_t *message, char *content_type, char *json) { int rv = OGS_OK; cJSON *item = NULL; ogs_assert(message); if (!json) return OGS_OK; if (!content_type) { ogs_error(""No Content-type""); return OGS_ERROR; } ogs_log_print(OGS_LOG_TRACE, ""%s"", json); item = cJSON_Parse(json); if (!item) { ogs_error(""JSON parse error""); return OGS_ERROR; } if (content_type && !strncmp(content_type, OGS_SBI_CONTENT_PROBLEM_TYPE, strlen(OGS_SBI_CONTENT_PROBLEM_TYPE))) { message->ProblemDetails = OpenAPI_problem_details_parseFromJSON(item); } else if (content_type && !strncmp(content_type, OGS_SBI_CONTENT_PATCH_TYPE, strlen(OGS_SBI_CONTENT_PATCH_TYPE))) { if (item) { OpenAPI_patch_item_t *patch_item = NULL; cJSON *patchJSON = NULL; message->PatchItemList = OpenAPI_list_create(); cJSON_ArrayForEach(patchJSON, item) { if (!cJSON_IsObject(patchJSON)) { rv = OGS_ERROR; ogs_error(""Unknown JSON""); goto cleanup; } patch_item = OpenAPI_patch_item_parseFromJSON(patchJSON); OpenAPI_list_add(message->PatchItemList, patch_item); } } } else { SWITCH(message->h.service.name) CASE(OGS_SBI_SERVICE_NAME_NNRF_NFM) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_NF_INSTANCES) message->NFProfile = OpenAPI_nf_profile_parseFromJSON(item); if (!message->NFProfile) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SUBSCRIPTIONS) message->SubscriptionData = OpenAPI_subscription_data_parseFromJSON(item); if (!message->SubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_NF_STATUS_NOTIFY) message->NotificationData = OpenAPI_notification_data_parseFromJSON(item); if (!message->NotificationData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NNRF_DISC) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_NF_INSTANCES) message->SearchResult = OpenAPI_search_result_parseFromJSON(item); if (!message->SearchResult) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NAUSF_AUTH) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_UE_AUTHENTICATIONS) SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_POST) if (message->res_status == 0) { message->AuthenticationInfo = OpenAPI_authentication_info_parseFromJSON(item); if (!message->AuthenticationInfo) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->UeAuthenticationCtx = OpenAPI_ue_authentication_ctx_parseFromJSON(item); if (!message->UeAuthenticationCtx) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_HTTP_METHOD_PUT) if (message->res_status == 0) { message->ConfirmationData = OpenAPI_confirmation_data_parseFromJSON(item); if (!message->ConfirmationData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->ConfirmationDataResponse = OpenAPI_confirmation_data_response_parseFromJSON( item); if (!message->ConfirmationDataResponse) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown method [%s]"", message->h.method); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NUDM_UEAU) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_SECURITY_INFORMATION) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_GENERATE_AUTH_DATA) if (message->res_status == 0) { message->AuthenticationInfoRequest = OpenAPI_authentication_info_request_parseFromJSON( item); if (!message->AuthenticationInfoRequest) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->AuthenticationInfoResult = OpenAPI_authentication_info_result_parseFromJSON( item); if (!message->AuthenticationInfoResult) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; CASE(OGS_SBI_RESOURCE_NAME_AUTH_EVENTS) message->AuthEvent = OpenAPI_auth_event_parseFromJSON(item); if (!message->AuthEvent) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; CASE(OGS_SBI_SERVICE_NAME_NUDM_UECM) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_REGISTRATIONS) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_AMF_3GPP_ACCESS) message->Amf3GppAccessRegistration = OpenAPI_amf3_gpp_access_registration_parseFromJSON( item); if (!message->Amf3GppAccessRegistration) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; CASE(OGS_SBI_SERVICE_NAME_NUDM_SDM) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_AM_DATA) message->AccessAndMobilitySubscriptionData = OpenAPI_access_and_mobility_subscription_data_parseFromJSON( item); if (!message->AccessAndMobilitySubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SMF_SELECT_DATA) message->SmfSelectionSubscriptionData = OpenAPI_smf_selection_subscription_data_parseFromJSON(item); if (!message->SmfSelectionSubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_UE_CONTEXT_IN_SMF_DATA) message->UeContextInSmfData = OpenAPI_ue_context_in_smf_data_parseFromJSON(item); if (!message->UeContextInSmfData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SM_DATA) message->SessionManagementSubscriptionData = OpenAPI_session_management_subscription_data_parseFromJSON( item); if (!message->SessionManagementSubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; CASE(OGS_SBI_SERVICE_NAME_NUDR_DR) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_SUBSCRIPTION_DATA) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_AUTHENTICATION_DATA) SWITCH(message->h.resource.component[3]) CASE(OGS_SBI_RESOURCE_NAME_AUTHENTICATION_SUBSCRIPTION) if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->AuthenticationSubscription = OpenAPI_authentication_subscription_parseFromJSON(item); if (!message->AuthenticationSubscription) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_RESOURCE_NAME_AUTHENTICATION_STATUS) message->AuthEvent = OpenAPI_auth_event_parseFromJSON(item); if (!message->AuthEvent) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[3]); END break; CASE(OGS_SBI_RESOURCE_NAME_CONTEXT_DATA) message->Amf3GppAccessRegistration = OpenAPI_amf3_gpp_access_registration_parseFromJSON( item); if (!message->Amf3GppAccessRegistration) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT SWITCH(message->h.resource.component[3]) CASE(OGS_SBI_RESOURCE_NAME_PROVISIONED_DATA) SWITCH(message->h.resource.component[4]) CASE(OGS_SBI_RESOURCE_NAME_AM_DATA) message->AccessAndMobilitySubscriptionData = OpenAPI_access_and_mobility_subscription_data_parseFromJSON(item); if (!message->AccessAndMobilitySubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SMF_SELECTION_SUBSCRIPTION_DATA) message->SmfSelectionSubscriptionData = OpenAPI_smf_selection_subscription_data_parseFromJSON(item); if (!message->SmfSelectionSubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_UE_CONTEXT_IN_SMF_DATA) message->UeContextInSmfData = OpenAPI_ue_context_in_smf_data_parseFromJSON( item); if (!message->UeContextInSmfData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SM_DATA) message->SessionManagementSubscriptionData = OpenAPI_session_management_subscription_data_parseFromJSON(item); if (!message->SessionManagementSubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[4]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[3]); END END break; CASE(OGS_SBI_RESOURCE_NAME_POLICY_DATA) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_UES) SWITCH(message->h.resource.component[3]) CASE(OGS_SBI_RESOURCE_NAME_AM_DATA) message->AmPolicyData = OpenAPI_am_policy_data_parseFromJSON(item); if (!message->AmPolicyData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SM_DATA) message->SmPolicyData = OpenAPI_sm_policy_data_parseFromJSON(item); if (!message->SmPolicyData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[3]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NSMF_PDUSESSION) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_SM_CONTEXTS) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_MODIFY) if (message->res_status == 0) { message->SmContextUpdateData = OpenAPI_sm_context_update_data_parseFromJSON(item); if (!message->SmContextUpdateData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->SmContextUpdatedData = OpenAPI_sm_context_updated_data_parseFromJSON(item); if (!message->SmContextUpdatedData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_BAD_REQUEST || message->res_status == OGS_SBI_HTTP_STATUS_FORBIDDEN || message->res_status == OGS_SBI_HTTP_STATUS_NOT_FOUND || message->res_status == OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR || message->res_status == OGS_SBI_HTTP_STATUS_SERVICE_UNAVAILABLE || message->res_status == OGS_SBI_HTTP_STATUS_GATEWAY_TIMEOUT) { message->SmContextUpdateError = OpenAPI_sm_context_update_error_parseFromJSON(item); if (!message->SmContextUpdateError) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_RESOURCE_NAME_RELEASE) if (message->res_status == 0) { message->SmContextReleaseData = OpenAPI_sm_context_release_data_parseFromJSON(item); if (!message->SmContextReleaseData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_NO_CONTENT) { } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->SmContextReleasedData = OpenAPI_sm_context_released_data_parseFromJSON( item); if (!message->SmContextReleasedData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT if (message->res_status == 0) { message->SmContextCreateData = OpenAPI_sm_context_create_data_parseFromJSON(item); if (!message->SmContextCreateData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->SmContextCreatedData = OpenAPI_sm_context_created_data_parseFromJSON(item); if (!message->SmContextCreatedData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_BAD_REQUEST || message->res_status == OGS_SBI_HTTP_STATUS_FORBIDDEN || message->res_status == OGS_SBI_HTTP_STATUS_NOT_FOUND || message->res_status == OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR || message->res_status == OGS_SBI_HTTP_STATUS_SERVICE_UNAVAILABLE || message->res_status == OGS_SBI_HTTP_STATUS_GATEWAY_TIMEOUT) { message->SmContextCreateError = OpenAPI_sm_context_create_error_parseFromJSON(item); if (!message->SmContextCreateError) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NAMF_COMM) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_UE_CONTEXTS) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_N1_N2_MESSAGES) if (message->res_status == 0) { message->N1N2MessageTransferReqData = OpenAPI_n1_n2_message_transfer_req_data_parseFromJSON(item); if (!message->N1N2MessageTransferReqData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK || message->res_status == OGS_SBI_HTTP_STATUS_ACCEPTED) { message->N1N2MessageTransferRspData = OpenAPI_n1_n2_message_transfer_rsp_data_parseFromJSON(item); if (!message->N1N2MessageTransferRspData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NPCF_AM_POLICY_CONTROL) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_POLICIES) if (message->res_status == 0) { message->PolicyAssociationRequest = OpenAPI_policy_association_request_parseFromJSON( item); if (!message->PolicyAssociationRequest) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->PolicyAssociation = OpenAPI_policy_association_parseFromJSON(item); if (!message->PolicyAssociation) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NPCF_SMPOLICYCONTROL) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_SM_POLICIES) if (!message->h.resource.component[1]) { if (message->res_status == 0) { message->SmPolicyContextData = OpenAPI_sm_policy_context_data_parseFromJSON(item); if (!message->SmPolicyContextData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->SmPolicyDecision = OpenAPI_sm_policy_decision_parseFromJSON(item); if (!message->SmPolicyDecision) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } } else { SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_DELETE) if (message->res_status == 0) { message->SmPolicyDeleteData = OpenAPI_sm_policy_delete_data_parseFromJSON( item); if (!message->SmPolicyDeleteData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NNSSF_NSSELECTION) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_NETWORK_SLICE_INFORMATION) if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->AuthorizedNetworkSliceInfo = OpenAPI_authorized_network_slice_info_parseFromJSON( item); if (!message->AuthorizedNetworkSliceInfo) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NBSF_MANAGEMENT) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_PCF_BINDINGS) if (message->h.resource.component[1]) { SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_PATCH) if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->PcfBinding = OpenAPI_pcf_binding_parseFromJSON(item); if (!message->PcfBinding) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_HTTP_METHOD_DELETE) break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown method [%s]"", message->h.method); END break; } else { SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_POST) if (message->res_status == 0 || message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->PcfBinding = OpenAPI_pcf_binding_parseFromJSON(item); if (!message->PcfBinding) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_HTTP_METHOD_GET) if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->PcfBinding = OpenAPI_pcf_binding_parseFromJSON(item); if (!message->PcfBinding) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown method [%s]"", message->h.method); END break; } DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NPCF_POLICYAUTHORIZATION) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_APP_SESSIONS) if (message->h.resource.component[1]) { if (message->h.resource.component[2]) { SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_DELETE) break; DEFAULT rv = OGS_ERROR; ogs_error(""JSON parse error""); END } else { SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_PATCH) message->AppSessionContextUpdateDataPatch = OpenAPI_app_session_context_update_data_patch_parseFromJSON(item); if (!message->AppSessionContextUpdateDataPatch) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""JSON parse error""); END } } else { SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_POST) if (message->res_status == 0 || message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->AppSessionContext = OpenAPI_app_session_context_parseFromJSON(item); if (!message->AppSessionContext) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown method [%s]"", message->h.method); END } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NAMF_CALLBACK) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_SM_CONTEXT_STATUS) message->SmContextStatusNotification = OpenAPI_sm_context_status_notification_parseFromJSON(item); if (!message->SmContextStatusNotification) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; CASE(OGS_SBI_SERVICE_NAME_NSMF_CALLBACK) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_N1_N2_FAILURE_NOTIFY) message->N1N2MsgTxfrFailureNotification = OpenAPI_n1_n2_msg_txfr_failure_notification_parseFromJSON( item); if (!message->N1N2MsgTxfrFailureNotification) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SM_POLICY_NOTIFY) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_UPDATE) message->SmPolicyNotification = OpenAPI_sm_policy_notification_parseFromJSON(item); if (!message->SmPolicyNotification) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_TERMINATE) message->TerminationNotification = OpenAPI_termination_notification_parseFromJSON(item); if (!message->TerminationNotification) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Not implemented API name [%s]"", message->h.service.name); END } cleanup: cJSON_Delete(item); return rv; }",visit repo url,lib/sbi/message.c,https://github.com/open5gs/open5gs,129352543196487,1 4405,['CWE-264'],"int sock_no_listen(struct socket *sock, int backlog) { return -EOPNOTSUPP; }",linux-2.6,,,264335516076067997833088059156806634982,0 409,CWE-362,"struct dentry *debugfs_rename(struct dentry *old_dir, struct dentry *old_dentry, struct dentry *new_dir, const char *new_name) { int error; struct dentry *dentry = NULL, *trap; const char *old_name; trap = lock_rename(new_dir, old_dir); if (d_really_is_negative(old_dir) || d_really_is_negative(new_dir)) goto exit; if (d_really_is_negative(old_dentry) || old_dentry == trap || d_mountpoint(old_dentry)) goto exit; dentry = lookup_one_len(new_name, new_dir, strlen(new_name)); if (IS_ERR(dentry) || dentry == trap || d_really_is_positive(dentry)) goto exit; old_name = fsnotify_oldname_init(old_dentry->d_name.name); error = simple_rename(d_inode(old_dir), old_dentry, d_inode(new_dir), dentry, 0); if (error) { fsnotify_oldname_free(old_name); goto exit; } d_move(old_dentry, dentry); fsnotify_move(d_inode(old_dir), d_inode(new_dir), old_name, d_is_dir(old_dentry), NULL, old_dentry); fsnotify_oldname_free(old_name); unlock_rename(new_dir, old_dir); dput(dentry); return old_dentry; exit: if (dentry && !IS_ERR(dentry)) dput(dentry); unlock_rename(new_dir, old_dir); return NULL; }",visit repo url,fs/debugfs/inode.c,https://github.com/torvalds/linux,278277154014396,1 1800,NVD-CWE-Other,"static int replace_map_fd_with_map_ptr(struct verifier_env *env) { struct bpf_insn *insn = env->prog->insnsi; int insn_cnt = env->prog->len; int i, j; for (i = 0; i < insn_cnt; i++, insn++) { if (BPF_CLASS(insn->code) == BPF_LDX && (BPF_MODE(insn->code) != BPF_MEM || insn->imm != 0)) { verbose(""BPF_LDX uses reserved fields\n""); return -EINVAL; } if (BPF_CLASS(insn->code) == BPF_STX && ((BPF_MODE(insn->code) != BPF_MEM && BPF_MODE(insn->code) != BPF_XADD) || insn->imm != 0)) { verbose(""BPF_STX uses reserved fields\n""); return -EINVAL; } if (insn[0].code == (BPF_LD | BPF_IMM | BPF_DW)) { struct bpf_map *map; struct fd f; if (i == insn_cnt - 1 || insn[1].code != 0 || insn[1].dst_reg != 0 || insn[1].src_reg != 0 || insn[1].off != 0) { verbose(""invalid bpf_ld_imm64 insn\n""); return -EINVAL; } if (insn->src_reg == 0) goto next_insn; if (insn->src_reg != BPF_PSEUDO_MAP_FD) { verbose(""unrecognized bpf_ld_imm64 insn\n""); return -EINVAL; } f = fdget(insn->imm); map = __bpf_map_get(f); if (IS_ERR(map)) { verbose(""fd %d is not pointing to valid bpf_map\n"", insn->imm); return PTR_ERR(map); } insn[0].imm = (u32) (unsigned long) map; insn[1].imm = ((u64) (unsigned long) map) >> 32; for (j = 0; j < env->used_map_cnt; j++) if (env->used_maps[j] == map) { fdput(f); goto next_insn; } if (env->used_map_cnt >= MAX_USED_MAPS) { fdput(f); return -E2BIG; } env->used_maps[env->used_map_cnt++] = map; bpf_map_inc(map, false); fdput(f); next_insn: insn++; i++; } } return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,136209332561925,1 4047,CWE-119,"static Sdb *store_versioninfo_gnu_verneed(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz) { ut8 *end, *need = NULL; const char *section_name = """"; Elf_(Shdr) *link_shdr = NULL; const char *link_section_name = """"; Sdb *sdb_vernaux = NULL; Sdb *sdb_version = NULL; Sdb *sdb = NULL; int i, cnt; if (!bin || !bin->dynstr) { return NULL; } if (shdr->sh_link > bin->ehdr.e_shnum) { return NULL; } if (shdr->sh_size < 1) { return NULL; } sdb = sdb_new0 (); if (!sdb) { return NULL; } link_shdr = &bin->shdr[shdr->sh_link]; if (bin->shstrtab && shdr->sh_name < bin->shstrtab_size) { section_name = &bin->shstrtab[shdr->sh_name]; } if (bin->shstrtab && link_shdr->sh_name < bin->shstrtab_size) { link_section_name = &bin->shstrtab[link_shdr->sh_name]; } if (!(need = (ut8*) calloc (R_MAX (1, shdr->sh_size), sizeof (ut8)))) { bprintf (""Warning: Cannot allocate memory for Elf_(Verneed)\n""); goto beach; } end = need + shdr->sh_size; sdb_set (sdb, ""section_name"", section_name, 0); sdb_num_set (sdb, ""num_entries"", shdr->sh_info, 0); sdb_num_set (sdb, ""addr"", shdr->sh_addr, 0); sdb_num_set (sdb, ""offset"", shdr->sh_offset, 0); sdb_num_set (sdb, ""link"", shdr->sh_link, 0); sdb_set (sdb, ""link_section_name"", link_section_name, 0); if (shdr->sh_offset > bin->size || shdr->sh_offset + shdr->sh_size > bin->size) { goto beach; } if (shdr->sh_offset + shdr->sh_size < shdr->sh_size) { goto beach; } i = r_buf_read_at (bin->b, shdr->sh_offset, need, shdr->sh_size); if (i < 0) goto beach; for (i = 0, cnt = 0; cnt < shdr->sh_info; ++cnt) { int j, isum; ut8 *vstart = need + i; Elf_(Verneed) vvn = {0}; if (vstart + sizeof (Elf_(Verneed)) > end) { goto beach; } Elf_(Verneed) *entry = &vvn; char key[32] = {0}; sdb_version = sdb_new0 (); if (!sdb_version) { goto beach; } j = 0; vvn.vn_version = READ16 (vstart, j) vvn.vn_cnt = READ16 (vstart, j) vvn.vn_file = READ32 (vstart, j) vvn.vn_aux = READ32 (vstart, j) vvn.vn_next = READ32 (vstart, j) sdb_num_set (sdb_version, ""vn_version"", entry->vn_version, 0); sdb_num_set (sdb_version, ""idx"", i, 0); if (entry->vn_file > bin->dynstr_size) { goto beach; } { char *s = r_str_ndup (&bin->dynstr[entry->vn_file], 16); sdb_set (sdb_version, ""file_name"", s, 0); free (s); } sdb_num_set (sdb_version, ""cnt"", entry->vn_cnt, 0); st32 vnaux = entry->vn_aux; if (vnaux < 1) { goto beach; } vstart += vnaux; for (j = 0, isum = i + entry->vn_aux; j < entry->vn_cnt && vstart + sizeof (Elf_(Vernaux)) <= end; ++j) { int k; Elf_(Vernaux) * aux = NULL; Elf_(Vernaux) vaux = {0}; sdb_vernaux = sdb_new0 (); if (!sdb_vernaux) { goto beach; } aux = (Elf_(Vernaux)*)&vaux; k = 0; vaux.vna_hash = READ32 (vstart, k) vaux.vna_flags = READ16 (vstart, k) vaux.vna_other = READ16 (vstart, k) vaux.vna_name = READ32 (vstart, k) vaux.vna_next = READ32 (vstart, k) if (aux->vna_name > bin->dynstr_size) { goto beach; } sdb_num_set (sdb_vernaux, ""idx"", isum, 0); if (aux->vna_name > 0 && aux->vna_name + 8 < bin->dynstr_size) { char name [16]; strncpy (name, &bin->dynstr[aux->vna_name], sizeof (name)-1); name[sizeof(name)-1] = 0; sdb_set (sdb_vernaux, ""name"", name, 0); } sdb_set (sdb_vernaux, ""flags"", get_ver_flags (aux->vna_flags), 0); sdb_num_set (sdb_vernaux, ""version"", aux->vna_other, 0); isum += aux->vna_next; vstart += aux->vna_next; snprintf (key, sizeof (key), ""vernaux%d"", j); sdb_ns_set (sdb_version, key, sdb_vernaux); } if ((int)entry->vn_next < 0) { bprintf (""Invalid vn_next\n""); break; } i += entry->vn_next; snprintf (key, sizeof (key), ""version%d"", cnt ); sdb_ns_set (sdb, key, sdb_version); if (!entry->vn_next) { break; } } free (need); return sdb; beach: free (need); sdb_free (sdb_vernaux); sdb_free (sdb_version); sdb_free (sdb); return NULL; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radare/radare2,6676684882371,1 3942,CWE-476,"INTERNAL void vterm_allocator_free(VTerm *vt, void *ptr) { (*vt->allocator->free)(ptr, vt->allocdata); }",visit repo url,src/libvterm/src/vterm.c,https://github.com/vim/vim,228785433888244,1 758,['CWE-119'],"void isdn_net_write_super(isdn_net_local *lp, struct sk_buff *skb) { if (in_irq()) { skb_queue_tail(&lp->super_tx_queue, skb); schedule_work(&lp->tqueue); return; } spin_lock_bh(&lp->xmit_lock); if (!isdn_net_lp_busy(lp)) { isdn_net_writebuf_skb(lp, skb); } else { skb_queue_tail(&lp->super_tx_queue, skb); } spin_unlock_bh(&lp->xmit_lock); }",linux-2.6,,,70421912479544936320379695391102681953,0 3914,CWE-416,"ins_compl_next_buf(buf_T *buf, int flag) { static win_T *wp = NULL; if (flag == 'w') { if (buf == curbuf || wp == NULL) wp = curwin; while ((wp = (wp->w_next != NULL ? wp->w_next : firstwin)) != curwin && wp->w_buffer->b_scanned) ; buf = wp->w_buffer; } else while ((buf = (buf->b_next != NULL ? buf->b_next : firstbuf)) != curbuf && ((flag == 'U' ? buf->b_p_bl : (!buf->b_p_bl || (buf->b_ml.ml_mfp == NULL) != (flag == 'u'))) || buf->b_scanned)) ; return buf; }",visit repo url,src/insexpand.c,https://github.com/vim/vim,70010843076578,1 2952,CWE-59,"static char *lxclock_name(const char *p, const char *n) { int ret; int len; char *dest; char *rundir; len = strlen(""/lock/lxc/"") + strlen(n) + strlen(p) + 3; rundir = get_rundir(); if (!rundir) return NULL; len += strlen(rundir); if ((dest = malloc(len)) == NULL) { free(rundir); return NULL; } ret = snprintf(dest, len, ""%s/lock/lxc/%s"", rundir, p); if (ret < 0 || ret >= len) { free(dest); free(rundir); return NULL; } ret = mkdir_p(dest, 0755); if (ret < 0) { int l2 = 22 + strlen(n) + strlen(p); if (l2 > len) { char *d; d = realloc(dest, l2); if (!d) { free(dest); free(rundir); return NULL; } len = l2; dest = d; } ret = snprintf(dest, len, ""/tmp/%d/lxc%s"", geteuid(), p); if (ret < 0 || ret >= len) { free(dest); free(rundir); return NULL; } ret = mkdir_p(dest, 0755); if (ret < 0) { free(dest); free(rundir); return NULL; } ret = snprintf(dest, len, ""/tmp/%d/lxc%s/.%s"", geteuid(), p, n); } else ret = snprintf(dest, len, ""%s/lock/lxc/%s/.%s"", rundir, p, n); free(rundir); if (ret < 0 || ret >= len) { free(dest); return NULL; } return dest; }",visit repo url,src/lxc/lxclock.c,https://github.com/lxc/lxc,258841183484402,1 3166,['CWE-189'],"jas_stream_t *jas_stream_memopen(char *buf, int bufsize) { jas_stream_t *stream; jas_stream_memobj_t *obj; if (!(stream = jas_stream_create())) { return 0; } stream->openmode_ = JAS_STREAM_READ | JAS_STREAM_WRITE | JAS_STREAM_BINARY; jas_stream_initbuf(stream, JAS_STREAM_FULLBUF, 0, 0); stream->ops_ = &jas_stream_memops; if (!(obj = jas_malloc(sizeof(jas_stream_memobj_t)))) { jas_stream_destroy(stream); return 0; } stream->obj_ = (void *) obj; obj->myalloc_ = 0; obj->buf_ = 0; if (bufsize <= 0) { obj->bufsize_ = 1024; obj->growable_ = 1; } else { obj->bufsize_ = bufsize; obj->growable_ = 0; } if (buf) { obj->buf_ = (unsigned char *) buf; } else { obj->buf_ = jas_malloc(obj->bufsize_); obj->myalloc_ = 1; } if (!obj->buf_) { jas_stream_close(stream); return 0; } if (bufsize > 0 && buf) { obj->len_ = bufsize; } else { obj->len_ = 0; } obj->pos_ = 0; return stream; }",jasper,,,233650455905871572394895803974103076845,0 1073,NVD-CWE-Other,"static int rose_parse_national(unsigned char *p, struct rose_facilities_struct *facilities, int len) { unsigned char *pt; unsigned char l, lg, n = 0; int fac_national_digis_received = 0; do { switch (*p & 0xC0) { case 0x00: p += 2; n += 2; len -= 2; break; case 0x40: if (*p == FAC_NATIONAL_RAND) facilities->rand = ((p[1] << 8) & 0xFF00) + ((p[2] << 0) & 0x00FF); p += 3; n += 3; len -= 3; break; case 0x80: p += 4; n += 4; len -= 4; break; case 0xC0: l = p[1]; if (*p == FAC_NATIONAL_DEST_DIGI) { if (!fac_national_digis_received) { memcpy(&facilities->source_digis[0], p + 2, AX25_ADDR_LEN); facilities->source_ndigis = 1; } } else if (*p == FAC_NATIONAL_SRC_DIGI) { if (!fac_national_digis_received) { memcpy(&facilities->dest_digis[0], p + 2, AX25_ADDR_LEN); facilities->dest_ndigis = 1; } } else if (*p == FAC_NATIONAL_FAIL_CALL) { memcpy(&facilities->fail_call, p + 2, AX25_ADDR_LEN); } else if (*p == FAC_NATIONAL_FAIL_ADD) { memcpy(&facilities->fail_addr, p + 3, ROSE_ADDR_LEN); } else if (*p == FAC_NATIONAL_DIGIS) { fac_national_digis_received = 1; facilities->source_ndigis = 0; facilities->dest_ndigis = 0; for (pt = p + 2, lg = 0 ; lg < l ; pt += AX25_ADDR_LEN, lg += AX25_ADDR_LEN) { if (pt[6] & AX25_HBIT) memcpy(&facilities->dest_digis[facilities->dest_ndigis++], pt, AX25_ADDR_LEN); else memcpy(&facilities->source_digis[facilities->source_ndigis++], pt, AX25_ADDR_LEN); } } p += l + 2; n += l + 2; len -= l + 2; break; } } while (*p != 0x00 && len > 0); return n; }",visit repo url,net/rose/rose_subr.c,https://github.com/torvalds/linux,189329202706966,1 6726,CWE-120,"test_custom_handler(void **state) { (void) state; TSS2_RC_HANDLER old = Tss2_RC_SetHandler(1, ""cstm"", custom_err_handler); assert_null(old); unsigned i; for (i = 1; i < 4; i++) { TSS2_RC rc = TSS2_RC_LAYER(1) | i; char buf[256]; snprintf(buf, sizeof(buf), ""cstm:error %u"", i); const char *e = Tss2_RC_Decode(rc); assert_string_equal(e, buf); } TSS2_RC rc = TSS2_RC_LAYER(1) | 42; const char *e = Tss2_RC_Decode(rc); assert_string_equal(e, ""cstm:0x2A""); old = Tss2_RC_SetHandler(1, ""cstm"", NULL); assert_ptr_equal(old, custom_err_handler); e = Tss2_RC_Decode(rc); assert_string_equal(e, ""1:0x2A""); }",visit repo url,test/unit/test_tss2_rc.c,https://github.com/tpm2-software/tpm2-tss,261123000769430,1 3771,[],"static struct sock *unix_find_socket_byinode(struct inode *i) { struct sock *s; struct hlist_node *node; spin_lock(&unix_table_lock); sk_for_each(s, node, &unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) { struct dentry *dentry = unix_sk(s)->dentry; if(dentry && dentry->d_inode == i) { sock_hold(s); goto found; } } s = NULL; found: spin_unlock(&unix_table_lock); return s; }",linux-2.6,,,92972347583022565033805425013844967511,0 6248,['CWE-200'],"static int tcf_node_dump(struct tcf_proto *tp, unsigned long n, struct tcf_walker *arg) { struct tcf_dump_args *a = (void*)arg; return tcf_fill_node(a->skb, tp, n, NETLINK_CB(a->cb->skb).pid, a->cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWTFILTER); }",linux-2.6,,,299513483988204872301782747657142300960,0 692,CWE-20,"int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct atm_vcc *vcc; struct sk_buff *skb; int copied, error = -EINVAL; msg->msg_namelen = 0; if (sock->state != SS_CONNECTED) return -ENOTCONN; if (flags & ~(MSG_DONTWAIT | MSG_PEEK)) return -EOPNOTSUPP; vcc = ATM_SD(sock); if (test_bit(ATM_VF_RELEASED, &vcc->flags) || test_bit(ATM_VF_CLOSE, &vcc->flags) || !test_bit(ATM_VF_READY, &vcc->flags)) return 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &error); if (!skb) return error; copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } error = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (error) return error; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { pr_debug(""%d -= %d\n"", atomic_read(&sk->sk_rmem_alloc), skb->truesize); atm_return(vcc, skb->truesize); } skb_free_datagram(sk, skb); return copied; }",visit repo url,net/atm/common.c,https://github.com/torvalds/linux,240275613128050,1 5882,CWE-120,"static pjmedia_sdp_attr *parse_attr( pj_pool_t *pool, pj_scanner *scanner, volatile parse_context *ctx) { pjmedia_sdp_attr *attr; ctx->last_error = PJMEDIA_SDP_EINATTR; attr = PJ_POOL_ALLOC_T(pool, pjmedia_sdp_attr); if (*(scanner->curptr+1) != '=') { on_scanner_error(scanner); return NULL; } pj_scan_advance_n(scanner, 2, SKIP_WS); pj_scan_get(scanner, &cs_token, &attr->name); if (*scanner->curptr && *scanner->curptr != '\r' && *scanner->curptr != '\n') { if (*scanner->curptr == ':') pj_scan_get_char(scanner); if (*scanner->curptr != '\r' && *scanner->curptr != '\n') { pj_scan_get_until_chr(scanner, ""\r\n"", &attr->value); } else { attr->value.ptr = NULL; attr->value.slen = 0; } } else { attr->value.ptr = NULL; attr->value.slen = 0; } pj_scan_skip_line(scanner); return attr; }",visit repo url,pjmedia/src/pjmedia/sdp.c,https://github.com/pjsip/pjproject,132328618401859,1 6435,CWE-20,"error_t tja1100Init(NetInterface *interface) { uint16_t value; TRACE_INFO(""Initializing TJA1100...\r\n""); if(interface->phyAddr >= 32) { interface->phyAddr = TJA1100_PHY_ADDR; } if(interface->smiDriver != NULL) { interface->smiDriver->init(); } if(interface->extIntDriver != NULL) { interface->extIntDriver->init(); } tja1100WritePhyReg(interface, TJA1100_BASIC_CTRL, TJA1100_BASIC_CTRL_RESET); while(tja1100ReadPhyReg(interface, TJA1100_BASIC_CTRL) & TJA1100_BASIC_CTRL_RESET) { } tja1100DumpPhyReg(interface); value = tja1100ReadPhyReg(interface, TJA1100_EXTENDED_CTRL); value |= TJA1100_EXTENDED_CTRL_CONFIG_EN; tja1100WritePhyReg(interface, TJA1100_EXTENDED_CTRL, value); value = tja1100ReadPhyReg(interface, TJA1100_CONFIG1); value &= ~TJA1100_CONFIG1_MII_MODE; value |= TJA1100_CONFIG1_MII_MODE_RMII_25MHZ; tja1100WritePhyReg(interface, TJA1100_CONFIG1, value); value = tja1100ReadPhyReg(interface, TJA1100_CONFIG1); value |= TJA1100_CONFIG1_AUTO_OP; tja1100WritePhyReg(interface, TJA1100_CONFIG1, value); interface->phyEvent = TRUE; osSetEvent(&netEvent); return NO_ERROR; }",visit repo url,drivers/phy/tja1100_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,64707046873636,1 6489,[],"lt_dladvise_destroy (lt_dladvise *padvise) { if (padvise) FREE(*padvise); return 0; }",libtool,,,148303642862848950167993908320726294049,0 5074,CWE-787,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 1344,CWE-399,"static int do_siocgstampns(struct net *net, struct socket *sock, unsigned int cmd, void __user *up) { mm_segment_t old_fs = get_fs(); struct timespec kts; int err; set_fs(KERNEL_DS); err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts); set_fs(old_fs); if (!err) err = compat_put_timespec(up, &kts); return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,265711030182577,1 1543,[],"int in_sched_functions(unsigned long addr) { return in_lock_functions(addr) || (addr >= (unsigned long)__sched_text_start && addr < (unsigned long)__sched_text_end); }",linux-2.6,,,161688592816536624900368901830603403040,0 713,CWE-20,"static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied, err; BT_DBG(""sock %p, sk %p"", sock, sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == BT_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) return err; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); switch (hci_pi(sk)->channel) { case HCI_CHANNEL_RAW: hci_sock_cmsg(sk, msg, skb); break; case HCI_CHANNEL_USER: case HCI_CHANNEL_CONTROL: case HCI_CHANNEL_MONITOR: sock_recv_timestamp(msg, sk, skb); break; } skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/hci_sock.c,https://github.com/torvalds/linux,129040150037285,1 2219,['CWE-193'],"int sync_page_range(struct inode *inode, struct address_space *mapping, loff_t pos, loff_t count) { pgoff_t start = pos >> PAGE_CACHE_SHIFT; pgoff_t end = (pos + count - 1) >> PAGE_CACHE_SHIFT; int ret; if (!mapping_cap_writeback_dirty(mapping) || !count) return 0; ret = filemap_fdatawrite_range(mapping, pos, pos + count - 1); if (ret == 0) { mutex_lock(&inode->i_mutex); ret = generic_osync_inode(inode, mapping, OSYNC_METADATA); mutex_unlock(&inode->i_mutex); } if (ret == 0) ret = wait_on_page_writeback_range(mapping, start, end); return ret; }",linux-2.6,,,116042263812166709712763217385068920344,0 924,['CWE-200'],"static int shmem_unlink(struct inode *dir, struct dentry *dentry) { struct inode *inode = dentry->d_inode; if (inode->i_nlink > 1 && !S_ISDIR(inode->i_mode)) { struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb); if (sbinfo->max_inodes) { spin_lock(&sbinfo->stat_lock); sbinfo->free_inodes++; spin_unlock(&sbinfo->stat_lock); } } dir->i_size -= BOGO_DIRENT_SIZE; inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME; drop_nlink(inode); dput(dentry); return 0; }",linux-2.6,,,47623871262226284320090452912759597230,0 3297,['CWE-189'],"void jpc_tagtree_dump(jpc_tagtree_t *tree, FILE *out) { jpc_tagtreenode_t *node; int n; node = tree->nodes_; n = tree->numnodes_; while (--n >= 0) { fprintf(out, ""node %p, parent %p, value %d, lower %d, known %d\n"", (void *) node, (void *) node->parent_, node->value_, node->low_, node->known_); ++node; } }",jasper,,,224021395986607737508512391998095801342,0 2243,['CWE-193'],"void __remove_from_page_cache(struct page *page) { struct address_space *mapping = page->mapping; mem_cgroup_uncharge_cache_page(page); radix_tree_delete(&mapping->page_tree, page->index); page->mapping = NULL; mapping->nrpages--; __dec_zone_page_state(page, NR_FILE_PAGES); BUG_ON(page_mapped(page)); if (PageDirty(page) && mapping_cap_account_dirty(mapping)) { dec_zone_page_state(page, NR_FILE_DIRTY); dec_bdi_stat(mapping->backing_dev_info, BDI_RECLAIMABLE); } }",linux-2.6,,,103856044909117204731906963372405688009,0 1060,CWE-189,"jiffies_to_compat_timeval(unsigned long jiffies, struct compat_timeval *value) { u64 nsec = (u64)jiffies * TICK_NSEC; long rem; value->tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &rem); value->tv_usec = rem / NSEC_PER_USEC; }",visit repo url,arch/mips/kernel/binfmt_elfo32.c,https://github.com/torvalds/linux,219260031669265,1 4786,CWE-119,"static int tcos_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { sc_context_t *ctx; sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; unsigned int i; int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x04); switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) return SC_ERROR_INVALID_ARGUMENTS; case SC_PATH_TYPE_FROM_CURRENT: apdu.p1 = 9; break; case SC_PATH_TYPE_DF_NAME: apdu.p1 = 4; break; case SC_PATH_TYPE_PATH: apdu.p1 = 8; if (pathlen >= 2 && memcmp(path, ""\x3F\x00"", 2) == 0) path += 2, pathlen -= 2; if (pathlen == 0) apdu.p1 = 0; break; case SC_PATH_TYPE_PARENT: apdu.p1 = 3; pathlen = 0; break; default: SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; apdu.lc = pathlen; apdu.data = path; apdu.datalen = pathlen; if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); apdu.le = 256; } else { apdu.resplen = 0; apdu.le = 0; apdu.p2 = 0x0C; apdu.cse = (pathlen == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; } r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, ""APDU transmit failed""); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""received invalid template %02X\n"", apdu.resp[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); *file_out = file; file->path = *in_path; for(i=2; i+1size=0; for(j=0; jsize = (file->size<<8) | d[j]; break; case 0x82: file->shareable = (d[0] & 0x40) ? 1 : 0; file->ef_structure = d[0] & 7; switch ((d[0]>>3) & 7) { case 0: file->type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""invalid file type %02X in file descriptor\n"", d[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: file->id = (d[0]<<8) | d[1]; break; case 0x84: memcpy(file->name, d, len); file->namelen = len; break; case 0x86: sc_file_set_sec_attr(file, d, len); break; default: if (len>0) sc_file_set_prop_attr(file, d, len); } } file->magic = SC_FILE_MAGIC; parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len); return 0; }",visit repo url,src/libopensc/card-tcos.c,https://github.com/OpenSC/OpenSC,13139987058975,1 4332,NVD-CWE-noinfo,"void CL_InitRef( void ) { refimport_t ri; refexport_t *ret; #ifdef USE_RENDERER_DLOPEN GetRefAPI_t GetRefAPI; char dllName[MAX_OSPATH]; #endif Com_Printf( ""----- Initializing Renderer ----\n"" ); #ifdef USE_RENDERER_DLOPEN cl_renderer = Cvar_Get(""cl_renderer"", ""opengl1"", CVAR_ARCHIVE | CVAR_LATCH); Com_sprintf(dllName, sizeof(dllName), ""renderer_sp_%s_"" ARCH_STRING DLL_EXT, cl_renderer->string); if(!(rendererLib = Sys_LoadDll(dllName, qfalse)) && strcmp(cl_renderer->string, cl_renderer->resetString)) { Com_Printf(""failed:\n\""%s\""\n"", Sys_LibraryError()); Cvar_ForceReset(""cl_renderer""); Com_sprintf(dllName, sizeof(dllName), ""renderer_sp_opengl1_"" ARCH_STRING DLL_EXT); rendererLib = Sys_LoadDll(dllName, qfalse); } if(!rendererLib) { Com_Printf(""failed:\n\""%s\""\n"", Sys_LibraryError()); Com_Error(ERR_FATAL, ""Failed to load renderer""); } GetRefAPI = Sys_LoadFunction(rendererLib, ""GetRefAPI""); if(!GetRefAPI) { Com_Error(ERR_FATAL, ""Can't load symbol GetRefAPI: '%s'"", Sys_LibraryError()); } #endif ri.Cmd_AddCommand = Cmd_AddCommand; ri.Cmd_RemoveCommand = Cmd_RemoveCommand; ri.Cmd_Argc = Cmd_Argc; ri.Cmd_Argv = Cmd_Argv; ri.Cmd_ExecuteText = Cbuf_ExecuteText; ri.Printf = CL_RefPrintf; ri.Error = Com_Error; ri.Milliseconds = CL_ScaledMilliseconds; ri.Z_Malloc = Z_Malloc; ri.Free = Z_Free; ri.Hunk_Clear = Hunk_ClearToMark; #ifdef HUNK_DEBUG ri.Hunk_AllocDebug = Hunk_AllocDebug; #else ri.Hunk_Alloc = Hunk_Alloc; #endif ri.Hunk_AllocateTempMemory = Hunk_AllocateTempMemory; ri.Hunk_FreeTempMemory = Hunk_FreeTempMemory; ri.CM_ClusterPVS = CM_ClusterPVS; ri.CM_DrawDebugSurface = CM_DrawDebugSurface; ri.FS_ReadFile = FS_ReadFile; ri.FS_FreeFile = FS_FreeFile; ri.FS_WriteFile = FS_WriteFile; ri.FS_FreeFileList = FS_FreeFileList; ri.FS_ListFiles = FS_ListFiles; ri.FS_FileIsInPAK = FS_FileIsInPAK; ri.FS_FileExists = FS_FileExists; ri.Cvar_Get = Cvar_Get; ri.Cvar_Set = Cvar_Set; ri.Cvar_SetValue = Cvar_SetValue; ri.Cvar_CheckRange = Cvar_CheckRange; ri.Cvar_VariableIntegerValue = Cvar_VariableIntegerValue; ri.CIN_UploadCinematic = CIN_UploadCinematic; ri.CIN_PlayCinematic = CIN_PlayCinematic; ri.CIN_RunCinematic = CIN_RunCinematic; ri.CL_WriteAVIVideoFrame = CL_WriteAVIVideoFrame; ri.IN_Init = IN_Init; ri.IN_Shutdown = IN_Shutdown; ri.IN_Restart = IN_Restart; ri.ftol = Q_ftol; ri.Sys_SetEnv = Sys_SetEnv; ri.Sys_GLimpSafeInit = Sys_GLimpSafeInit; ri.Sys_GLimpInit = Sys_GLimpInit; ri.Sys_LowPhysicalMemory = Sys_LowPhysicalMemory; ret = GetRefAPI( REF_API_VERSION, &ri ); if ( !ret ) { Com_Error( ERR_FATAL, ""Couldn't initialize refresh"" ); } re = *ret; Com_Printf( ""---- Renderer Initialization Complete ----\n"" ); Cvar_Set( ""cl_paused"", ""0"" ); }",visit repo url,SP/code/client/cl_main.c,https://github.com/iortcw/iortcw,49055340036158,1 2122,['CWE-119'],"static inline void pack_gate(gate_desc *gate, unsigned char type, unsigned long base, unsigned dpl, unsigned flags, unsigned short seg) { gate->a = (seg << 16) | (base & 0xffff); gate->b = (base & 0xffff0000) | (((0x80 | type | (dpl << 5)) & 0xff) << 8); }",linux-2.6,,,171259316142076012240167464915905442800,0 2839,CWE-190,"TRIO_PRIVATE void TrioWriteString TRIO_ARGS5((self, string, flags, width, precision), trio_class_t* self, TRIO_CONST char* string, trio_flags_t flags, int width, int precision) { int length; int ch; assert(VALID(self)); assert(VALID(self->OutStream)); if (string == NULL) { string = internalNullString; length = sizeof(internalNullString) - 1; #if TRIO_FEATURE_QUOTE flags &= (~FLAGS_QUOTE); #endif width = 0; } else { if (precision == 0) { length = trio_length(string); } else { length = trio_length_max(string, precision); } } if ((NO_PRECISION != precision) && (precision < length)) { length = precision; } width -= length; #if TRIO_FEATURE_QUOTE if (flags & FLAGS_QUOTE) self->OutStream(self, CHAR_QUOTE); #endif if (!(flags & FLAGS_LEFTADJUST)) { while (width-- > 0) self->OutStream(self, CHAR_ADJUST); } while (length-- > 0) { ch = (int)((unsigned char)(*string++)); TrioWriteStringCharacter(self, ch, flags); } if (flags & FLAGS_LEFTADJUST) { while (width-- > 0) self->OutStream(self, CHAR_ADJUST); } #if TRIO_FEATURE_QUOTE if (flags & FLAGS_QUOTE) self->OutStream(self, CHAR_QUOTE); #endif }",visit repo url,winpr/libwinpr/utils/trio/trio.c,https://github.com/FreeRDP/FreeRDP,221161231423446,1 2108,CWE-200,"static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_cipher rcipher; strlcpy(rcipher.type, ""cipher"", sizeof(rcipher.type)); rcipher.blocksize = alg->cra_blocksize; rcipher.min_keysize = alg->cra_cipher.cia_min_keysize; rcipher.max_keysize = alg->cra_cipher.cia_max_keysize; if (nla_put(skb, CRYPTOCFGA_REPORT_CIPHER, sizeof(struct crypto_report_cipher), &rcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user_base.c,https://github.com/torvalds/linux,25952997715383,1 4025,NVD-CWE-noinfo,"int ZLIB_INTERNAL inflate_table(type, lens, codes, table, bits, work) codetype type; unsigned short FAR *lens; unsigned codes; code FAR * FAR *table; unsigned FAR *bits; unsigned short FAR *work; { unsigned len; unsigned sym; unsigned min, max; unsigned root; unsigned curr; unsigned drop; int left; unsigned used; unsigned huff; unsigned incr; unsigned fill; unsigned low; unsigned mask; code here; code FAR *next; const unsigned short FAR *base; const unsigned short FAR *extra; int end; unsigned short count[MAXBITS+1]; unsigned short offs[MAXBITS+1]; static const unsigned short lbase[31] = { 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; static const unsigned short lext[31] = { 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 203, 198}; static const unsigned short dbase[32] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577, 0, 0}; static const unsigned short dext[32] = { 16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22, 23, 23, 24, 24, 25, 25, 26, 26, 27, 27, 28, 28, 29, 29, 64, 64}; for (len = 0; len <= MAXBITS; len++) count[len] = 0; for (sym = 0; sym < codes; sym++) count[lens[sym]]++; root = *bits; for (max = MAXBITS; max >= 1; max--) if (count[max] != 0) break; if (root > max) root = max; if (max == 0) { here.op = (unsigned char)64; here.bits = (unsigned char)1; here.val = (unsigned short)0; *(*table)++ = here; *(*table)++ = here; *bits = 1; return 0; } for (min = 1; min < max; min++) if (count[min] != 0) break; if (root < min) root = min; left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= count[len]; if (left < 0) return -1; } if (left > 0 && (type == CODES || max != 1)) return -1; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + count[len]; for (sym = 0; sym < codes; sym++) if (lens[sym] != 0) work[offs[lens[sym]]++] = (unsigned short)sym; switch (type) { case CODES: base = extra = work; end = 19; break; case LENS: base = lbase; base -= 257; extra = lext; extra -= 257; end = 256; break; default: base = dbase; extra = dext; end = -1; } huff = 0; sym = 0; len = min; next = *table; curr = root; drop = 0; low = (unsigned)(-1); used = 1U << root; mask = used - 1; if ((type == LENS && used > ENOUGH_LENS) || (type == DISTS && used > ENOUGH_DISTS)) return 1; for (;;) { here.bits = (unsigned char)(len - drop); if ((int)(work[sym]) < end) { here.op = (unsigned char)0; here.val = work[sym]; } else if ((int)(work[sym]) > end) { here.op = (unsigned char)(extra[work[sym]]); here.val = base[work[sym]]; } else { here.op = (unsigned char)(32 + 64); here.val = 0; } incr = 1U << (len - drop); fill = 1U << curr; min = fill; do { fill -= incr; next[(huff >> drop) + fill] = here; } while (fill != 0); incr = 1U << (len - 1); while (huff & incr) incr >>= 1; if (incr != 0) { huff &= incr - 1; huff += incr; } else huff = 0; sym++; if (--(count[len]) == 0) { if (len == max) break; len = lens[work[sym]]; } if (len > root && (huff & mask) != low) { if (drop == 0) drop = root; next += min; curr = len - drop; left = (int)(1 << curr); while (curr + drop < max) { left -= count[curr + drop]; if (left <= 0) break; curr++; left <<= 1; } used += 1U << curr; if ((type == LENS && used > ENOUGH_LENS) || (type == DISTS && used > ENOUGH_DISTS)) return 1; low = huff & mask; (*table)[low].op = (unsigned char)curr; (*table)[low].bits = (unsigned char)root; (*table)[low].val = (unsigned short)(next - *table); } } if (huff != 0) { here.op = (unsigned char)64; here.bits = (unsigned char)(len - drop); here.val = (unsigned short)0; next[huff] = here; } *table += used; *bits = root; return 0; }",visit repo url,inftrees.c,https://github.com/madler/zlib,74955482893943,1 2606,CWE-415,"void gdImageJpegCtx (gdImagePtr im, gdIOCtx * outfile, int quality) { struct jpeg_compress_struct cinfo; struct jpeg_error_mgr jerr; int i, j, jidx; volatile JSAMPROW row = 0; JSAMPROW rowptr[1]; jmpbuf_wrapper jmpbufw; JDIMENSION nlines; char comment[255]; memset (&cinfo, 0, sizeof (cinfo)); memset (&jerr, 0, sizeof (jerr)); cinfo.err = jpeg_std_error (&jerr); cinfo.client_data = &jmpbufw; if (setjmp (jmpbufw.jmpbuf) != 0) { if (row) { gdFree (row); } return; } cinfo.err->error_exit = fatal_jpeg_error; jpeg_create_compress (&cinfo); cinfo.image_width = im->sx; cinfo.image_height = im->sy; cinfo.input_components = 3; cinfo.in_color_space = JCS_RGB; jpeg_set_defaults (&cinfo); cinfo.density_unit = 1; cinfo.X_density = im->res_x; cinfo.Y_density = im->res_y; if (quality >= 0) { jpeg_set_quality (&cinfo, quality, TRUE); } if (gdImageGetInterlaced (im)) { jpeg_simple_progression (&cinfo); } jpeg_gdIOCtx_dest (&cinfo, outfile); row = (JSAMPROW) safe_emalloc(cinfo.image_width * cinfo.input_components, sizeof(JSAMPLE), 0); memset(row, 0, cinfo.image_width * cinfo.input_components * sizeof(JSAMPLE)); rowptr[0] = row; jpeg_start_compress (&cinfo, TRUE); if (quality >= 0) { snprintf(comment, sizeof(comment)-1, ""CREATOR: gd-jpeg v%s (using IJG JPEG v%d), quality = %d\n"", GD_JPEG_VERSION, JPEG_LIB_VERSION, quality); } else { snprintf(comment, sizeof(comment)-1, ""CREATOR: gd-jpeg v%s (using IJG JPEG v%d), default quality\n"", GD_JPEG_VERSION, JPEG_LIB_VERSION); } jpeg_write_marker (&cinfo, JPEG_COM, (unsigned char *) comment, (unsigned int) strlen (comment)); if (im->trueColor) { #if BITS_IN_JSAMPLE == 12 gd_error(""gd-jpeg: error: jpeg library was compiled for 12-bit precision. This is mostly useless, because JPEGs on the web are 8-bit and such versions of the jpeg library won't read or write them. GD doesn't support these unusual images. Edit your jmorecfg.h file to specify the correct precision and completely 'make clean' and 'make install' libjpeg again. Sorry""); goto error; #endif for (i = 0; i < im->sy; i++) { for (jidx = 0, j = 0; j < im->sx; j++) { int val = im->tpixels[i][j]; row[jidx++] = gdTrueColorGetRed (val); row[jidx++] = gdTrueColorGetGreen (val); row[jidx++] = gdTrueColorGetBlue (val); } nlines = jpeg_write_scanlines (&cinfo, rowptr, 1); if (nlines != 1) { gd_error_ex(GD_WARNING, ""gd_jpeg: warning: jpeg_write_scanlines returns %u -- expected 1"", nlines); } } } else { for (i = 0; i < im->sy; i++) { for (jidx = 0, j = 0; j < im->sx; j++) { int idx = im->pixels[i][j]; #if BITS_IN_JSAMPLE == 8 row[jidx++] = im->red[idx]; row[jidx++] = im->green[idx]; row[jidx++] = im->blue[idx]; #elif BITS_IN_JSAMPLE == 12 row[jidx++] = im->red[idx] << 4; row[jidx++] = im->green[idx] << 4; row[jidx++] = im->blue[idx] << 4; #else #error IJG JPEG library BITS_IN_JSAMPLE value must be 8 or 12 #endif } nlines = jpeg_write_scanlines (&cinfo, rowptr, 1); if (nlines != 1) { gd_error_ex(GD_WARNING, ""gd_jpeg: warning: jpeg_write_scanlines returns %u -- expected 1"", nlines); } } } jpeg_finish_compress (&cinfo); jpeg_destroy_compress (&cinfo); gdFree (row); }",visit repo url,ext/gd/libgd/gd_jpeg.c,https://github.com/php/php-src,276201559387110,1 4322,['CWE-119'],"static status ParseInstrument (AFfilehandle filehandle, AFvirtualfile *fp, uint32_t id, size_t size) { uint8_t baseNote; int8_t detune, gain; uint8_t lowNote, highNote, lowVelocity, highVelocity; uint8_t padByte; af_fread(&baseNote, 1, 1, fp); af_fread(&detune, 1, 1, fp); af_fread(&gain, 1, 1, fp); af_fread(&lowNote, 1, 1, fp); af_fread(&highNote, 1, 1, fp); af_fread(&lowVelocity, 1, 1, fp); af_fread(&highVelocity, 1, 1, fp); af_fread(&padByte, 1, 1, fp); return AF_SUCCEED; }",audiofile,,,322297042386525735279442766969827276175,0 541,['CWE-399'],"static ssize_t show_pan_tilt(struct class_device *class_dev, char *buf) { struct pwc_device *pdev = cd_to_pwc(class_dev); return sprintf(buf, ""%d %d\n"", pdev->pan_angle, pdev->tilt_angle); }",linux-2.6,,,230598842113833927386653135605522094208,0 5216,CWE-276,"mark_op_resolved (FlatpakTransactionOperation *op, const char *commit, GFile *sideload_path, GBytes *metadata, GBytes *old_metadata) { g_debug (""marking op %s:%s resolved to %s"", kind_to_str (op->kind), flatpak_decomposed_get_ref (op->ref), commit ? commit : ""-""); g_assert (op != NULL); g_assert (commit != NULL); op->resolved = TRUE; if (op->resolved_commit != commit) { g_free (op->resolved_commit); op->resolved_commit = g_strdup (commit); } if (sideload_path) op->resolved_sideload_path = g_object_ref (sideload_path); if (metadata) { g_autoptr(GKeyFile) metakey = g_key_file_new (); if (g_key_file_load_from_bytes (metakey, metadata, G_KEY_FILE_NONE, NULL)) { op->resolved_metadata = g_bytes_ref (metadata); op->resolved_metakey = g_steal_pointer (&metakey); } else g_message (""Warning: Failed to parse metadata for %s\n"", flatpak_decomposed_get_ref (op->ref)); } if (old_metadata) { g_autoptr(GKeyFile) metakey = g_key_file_new (); if (g_key_file_load_from_bytes (metakey, old_metadata, G_KEY_FILE_NONE, NULL)) { op->resolved_old_metadata = g_bytes_ref (old_metadata); op->resolved_old_metakey = g_steal_pointer (&metakey); } else g_message (""Warning: Failed to parse old metadata for %s\n"", flatpak_decomposed_get_ref (op->ref)); } }",visit repo url,common/flatpak-transaction.c,https://github.com/flatpak/flatpak,117241269732432,1 4553,['CWE-20'],"static inline void ext4_set_de_type(struct super_block *sb, struct ext4_dir_entry_2 *de, umode_t mode) { if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FILETYPE)) de->file_type = ext4_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; }",linux-2.6,,,11524797176394075699173740081609917657,0 4012,['CWE-362'],"static void audit_inotify_unregister(struct list_head *in_list) { struct audit_parent *p, *n; list_for_each_entry_safe(p, n, in_list, ilist) { list_del(&p->ilist); inotify_rm_watch(audit_ih, &p->wdata); unpin_inotify_watch(&p->wdata); } }",linux-2.6,,,117675038419167144217659363088549369749,0 4238,['CWE-399'],"static int pfifo_fast_enqueue(struct sk_buff *skb, struct Qdisc* qdisc) { struct sk_buff_head *list = prio2list(skb, qdisc); if (skb_queue_len(list) < qdisc->dev->tx_queue_len) { qdisc->q.qlen++; return __qdisc_enqueue_tail(skb, qdisc, list); } return qdisc_drop(skb, qdisc); }",linux-2.6,,,201047663429400984825648196565919972807,0 6289,['CWE-200'],"static void *neigh_stat_seq_start(struct seq_file *seq, loff_t *pos) { struct proc_dir_entry *pde = seq->private; struct neigh_table *tbl = pde->data; int cpu; if (*pos == 0) return SEQ_START_TOKEN; for (cpu = *pos-1; cpu < NR_CPUS; ++cpu) { if (!cpu_possible(cpu)) continue; *pos = cpu+1; return per_cpu_ptr(tbl->stats, cpu); } return NULL; }",linux-2.6,,,126859253456796573227242920226663362412,0 1387,CWE-399,"static void xen_netbk_tx_submit(struct xen_netbk *netbk) { struct gnttab_copy *gop = netbk->tx_copy_ops; struct sk_buff *skb; while ((skb = __skb_dequeue(&netbk->tx_queue)) != NULL) { struct xen_netif_tx_request *txp; struct xenvif *vif; u16 pending_idx; unsigned data_len; pending_idx = *((u16 *)skb->data); vif = netbk->pending_tx_info[pending_idx].vif; txp = &netbk->pending_tx_info[pending_idx].req; if (unlikely(xen_netbk_tx_check_gop(netbk, skb, &gop))) { netdev_dbg(vif->dev, ""netback grant failed.\n""); skb_shinfo(skb)->nr_frags = 0; kfree_skb(skb); continue; } data_len = skb->len; memcpy(skb->data, (void *)(idx_to_kaddr(netbk, pending_idx)|txp->offset), data_len); if (data_len < txp->size) { txp->offset += data_len; txp->size -= data_len; } else { xen_netbk_idx_release(netbk, pending_idx); } if (txp->flags & XEN_NETTXF_csum_blank) skb->ip_summed = CHECKSUM_PARTIAL; else if (txp->flags & XEN_NETTXF_data_validated) skb->ip_summed = CHECKSUM_UNNECESSARY; xen_netbk_fill_frags(netbk, skb); if (skb_headlen(skb) < PKT_PROT_LEN && skb_is_nonlinear(skb)) { int target = min_t(int, skb->len, PKT_PROT_LEN); __pskb_pull_tail(skb, target - skb_headlen(skb)); } skb->dev = vif->dev; skb->protocol = eth_type_trans(skb, skb->dev); if (checksum_setup(vif, skb)) { netdev_dbg(vif->dev, ""Can't setup checksum in net_tx_action\n""); kfree_skb(skb); continue; } vif->dev->stats.rx_bytes += skb->len; vif->dev->stats.rx_packets++; xenvif_receive_skb(vif, skb); } }",visit repo url,drivers/net/xen-netback/netback.c,https://github.com/torvalds/linux,195157480776595,1 3379,['CWE-200'],"static int sctp_setsockopt_hmac_ident(struct sock *sk, char __user *optval, int optlen) { struct sctp_hmacalgo *hmacs; u32 idents; int err; if (!sctp_auth_enable) return -EACCES; if (optlen < sizeof(struct sctp_hmacalgo)) return -EINVAL; hmacs = kmalloc(optlen, GFP_KERNEL); if (!hmacs) return -ENOMEM; if (copy_from_user(hmacs, optval, optlen)) { err = -EFAULT; goto out; } idents = hmacs->shmac_num_idents; if (idents == 0 || idents > SCTP_AUTH_NUM_HMACS || (idents * sizeof(u16)) > (optlen - sizeof(struct sctp_hmacalgo))) { err = -EINVAL; goto out; } err = sctp_auth_ep_set_hmacs(sctp_sk(sk)->ep, hmacs); out: kfree(hmacs); return err; }",linux-2.6,,,193175288216181862558374449951411771819,0 5049,CWE-787,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 4094,CWE-835,"gsm_xsmp_client_disconnect (GsmXSMPClient *client) { if (client->priv->watch_id > 0) { g_source_remove (client->priv->watch_id); } if (client->priv->conn != NULL) { SmsCleanUp (client->priv->conn); } if (client->priv->ice_connection != NULL) { IceSetShutdownNegotiation (client->priv->ice_connection, FALSE); IceCloseConnection (client->priv->ice_connection); } if (client->priv->protocol_timeout > 0) { g_source_remove (client->priv->protocol_timeout); } }",visit repo url,gnome-session/gsm-xsmp-client.c,https://github.com/GNOME/gnome-session,115962292971134,1 5821,NVD-CWE-Other,"static ssize_t _epoll_readv( oe_fd_t* desc, const struct oe_iovec* iov, int iovcnt) { ssize_t ret = -1; epoll_t* file = _cast_epoll(desc); void* buf = NULL; size_t buf_size = 0; if (!file || (iovcnt && !iov) || iovcnt < 0 || iovcnt > OE_IOV_MAX) OE_RAISE_ERRNO(OE_EINVAL); if (oe_iov_pack(iov, iovcnt, &buf, &buf_size) != 0) OE_RAISE_ERRNO(OE_ENOMEM); if (oe_syscall_readv_ocall(&ret, file->host_fd, buf, iovcnt, buf_size) != OE_OK) { OE_RAISE_ERRNO(OE_EINVAL); } if (oe_iov_sync(iov, iovcnt, buf, buf_size) != 0) OE_RAISE_ERRNO(OE_EINVAL); done: if (buf) oe_free(buf); return ret; }",visit repo url,syscall/devices/hostepoll/hostepoll.c,https://github.com/openenclave/openenclave,169232203658102,1 291,CWE-119,"static enum led_brightness k90_backlight_get(struct led_classdev *led_cdev) { int ret; struct k90_led *led = container_of(led_cdev, struct k90_led, cdev); struct device *dev = led->cdev.dev->parent; struct usb_interface *usbif = to_usb_interface(dev->parent); struct usb_device *usbdev = interface_to_usbdev(usbif); int brightness; char data[8]; ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), K90_REQUEST_STATUS, USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, 0, 0, data, 8, USB_CTRL_SET_TIMEOUT); if (ret < 0) { dev_warn(dev, ""Failed to get K90 initial state (error %d).\n"", ret); return -EIO; } brightness = data[4]; if (brightness < 0 || brightness > 3) { dev_warn(dev, ""Read invalid backlight brightness: %02hhx.\n"", data[4]); return -EIO; } return brightness; }",visit repo url,drivers/hid/hid-corsair.c,https://github.com/torvalds/linux,174304537834072,1 1309,['CWE-119'],"static unsigned char snmp_object_decode(struct asn1_ctx *ctx, struct snmp_object **obj) { unsigned int cls, con, tag, len, idlen; unsigned short type; unsigned char *eoc, *end, *p; unsigned long *lp, *id; unsigned long ul; long l; *obj = NULL; id = NULL; if (!asn1_header_decode(ctx, &eoc, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ) return 0; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OJI) return 0; if (!asn1_oid_decode(ctx, end, &id, &idlen)) return 0; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) { kfree(id); return 0; } if (con != ASN1_PRI) { kfree(id); return 0; } type = 0; if (!snmp_tag_cls2syntax(tag, cls, &type)) { kfree(id); return 0; } l = 0; switch (type) { case SNMP_INTEGER: len = sizeof(long); if (!asn1_long_decode(ctx, end, &l)) { kfree(id); return 0; } *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC); if (*obj == NULL) { kfree(id); if (net_ratelimit()) printk(""OOM in bsalg (%d)\n"", __LINE__); return 0; } (*obj)->syntax.l[0] = l; break; case SNMP_OCTETSTR: case SNMP_OPAQUE: if (!asn1_octets_decode(ctx, end, &p, &len)) { kfree(id); return 0; } *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC); if (*obj == NULL) { kfree(id); if (net_ratelimit()) printk(""OOM in bsalg (%d)\n"", __LINE__); return 0; } memcpy((*obj)->syntax.c, p, len); kfree(p); break; case SNMP_NULL: case SNMP_NOSUCHOBJECT: case SNMP_NOSUCHINSTANCE: case SNMP_ENDOFMIBVIEW: len = 0; *obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC); if (*obj == NULL) { kfree(id); if (net_ratelimit()) printk(""OOM in bsalg (%d)\n"", __LINE__); return 0; } if (!asn1_null_decode(ctx, end)) { kfree(id); kfree(*obj); *obj = NULL; return 0; } break; case SNMP_OBJECTID: if (!asn1_oid_decode(ctx, end, (unsigned long **)&lp, &len)) { kfree(id); return 0; } len *= sizeof(unsigned long); *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC); if (*obj == NULL) { kfree(lp); kfree(id); if (net_ratelimit()) printk(""OOM in bsalg (%d)\n"", __LINE__); return 0; } memcpy((*obj)->syntax.ul, lp, len); kfree(lp); break; case SNMP_IPADDR: if (!asn1_octets_decode(ctx, end, &p, &len)) { kfree(id); return 0; } if (len != 4) { kfree(p); kfree(id); return 0; } *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC); if (*obj == NULL) { kfree(p); kfree(id); if (net_ratelimit()) printk(""OOM in bsalg (%d)\n"", __LINE__); return 0; } memcpy((*obj)->syntax.uc, p, len); kfree(p); break; case SNMP_COUNTER: case SNMP_GAUGE: case SNMP_TIMETICKS: len = sizeof(unsigned long); if (!asn1_ulong_decode(ctx, end, &ul)) { kfree(id); return 0; } *obj = kmalloc(sizeof(struct snmp_object) + len, GFP_ATOMIC); if (*obj == NULL) { kfree(id); if (net_ratelimit()) printk(""OOM in bsalg (%d)\n"", __LINE__); return 0; } (*obj)->syntax.ul[0] = ul; break; default: kfree(id); return 0; } (*obj)->syntax_len = len; (*obj)->type = type; (*obj)->id = id; (*obj)->id_len = idlen; if (!asn1_eoc_decode(ctx, eoc)) { kfree(id); kfree(*obj); *obj = NULL; return 0; } return 1; }",linux-2.6,,,328315322623786286133847133496404124717,0 5738,CWE-444,"ngx_http_lua_set_content_length_header(ngx_http_request_t *r, off_t len) { ngx_table_elt_t *h, *header; u_char *p; ngx_list_part_t *part; ngx_http_request_t *pr; ngx_uint_t i; r->headers_in.content_length_n = len; if (ngx_list_init(&r->headers_in.headers, r->pool, 20, sizeof(ngx_table_elt_t)) != NGX_OK) { return NGX_ERROR; } h = ngx_list_push(&r->headers_in.headers); if (h == NULL) { return NGX_ERROR; } h->key = ngx_http_lua_content_length_header_key; h->lowcase_key = ngx_pnalloc(r->pool, h->key.len); if (h->lowcase_key == NULL) { return NGX_ERROR; } ngx_strlow(h->lowcase_key, h->key.data, h->key.len); r->headers_in.content_length = h; p = ngx_palloc(r->pool, NGX_OFF_T_LEN); if (p == NULL) { return NGX_ERROR; } h->value.data = p; h->value.len = ngx_sprintf(h->value.data, ""%O"", len) - h->value.data; h->hash = ngx_http_lua_content_length_hash; #if 0 dd(""content length hash: %lu == %lu"", (unsigned long) h->hash, ngx_hash_key_lc((u_char *) ""Content-Length"", sizeof(""Content-Length"") - 1)); #endif dd(""r content length: %.*s"", (int) r->headers_in.content_length->value.len, r->headers_in.content_length->value.data); pr = r->parent; if (pr == NULL) { return NGX_OK; } part = &pr->headers_in.headers.part; header = part->elts; for (i = 0; ; i++) { if (i >= part->nelts) { if (part->next == NULL) { break; } part = part->next; header = part->elts; i = 0; } if (header[i].key.len == sizeof(""Content-Length"") - 1 && ngx_strncasecmp(header[i].key.data, (u_char *) ""Content-Length"", sizeof(""Content-Length"") - 1) == 0) { continue; } if (ngx_http_lua_set_input_header(r, header[i].key, header[i].value, 0) == NGX_ERROR) { return NGX_ERROR; } } return NGX_OK; }",visit repo url,src/ngx_http_lua_subrequest.c,https://github.com/openresty/lua-nginx-module,127418546466601,1 2415,['CWE-119'],"void diff_debug_filepair(const struct diff_filepair *p, int i) { diff_debug_filespec(p->one, i, ""one""); diff_debug_filespec(p->two, i, ""two""); fprintf(stderr, ""score %d, status %c rename_used %d broken %d\n"", p->score, p->status ? p->status : '?', p->one->rename_used, p->broken_pair); }",git,,,15055555774871160232175179516534626355,0 3018,['CWE-189'],"static void jas_icclut8_destroy(jas_iccattrval_t *attrval) { jas_icclut8_t *lut8 = &attrval->data.lut8; if (lut8->clut) { jas_free(lut8->clut); lut8->clut = 0; } if (lut8->intabs) { jas_free(lut8->intabs); lut8->intabs = 0; } if (lut8->intabsbuf) { jas_free(lut8->intabsbuf); lut8->intabsbuf = 0; } if (lut8->outtabs) { jas_free(lut8->outtabs); lut8->outtabs = 0; } if (lut8->outtabsbuf) { jas_free(lut8->outtabsbuf); lut8->outtabsbuf = 0; } }",jasper,,,237381868807754286338902157700284992812,0 6201,CWE-190,"int fp_get_bit(const fp_t a, int bit) { int d; RLC_RIP(bit, d, bit); return (a[d] >> bit) & 1; }",visit repo url,src/fp/relic_fp_util.c,https://github.com/relic-toolkit/relic,59813453678179,1 934,['CWE-200'],"static int shmem_xattr_security_set(struct inode *inode, const char *name, const void *value, size_t size, int flags) { if (strcmp(name, """") == 0) return -EINVAL; return security_inode_setsecurity(inode, name, value, size, flags); }",linux-2.6,,,225099927334731695832612253942092875938,0 5985,['CWE-200'],"static u32 gen_tunnel(struct rsvp_head *data) { int i, k; for (k=0; k<2; k++) { for (i=255; i>0; i--) { if (++data->tgenerator == 0) data->tgenerator = 1; if (tunnel_bts(data)) return data->tgenerator; } tunnel_recycle(data); } return 0; }",linux-2.6,,,231917797983977012404730890936246155974,0 3634,CWE-674,"int rm_rf_children( int fd, RemoveFlags flags, const struct stat *root_dev) { _cleanup_closedir_ DIR *d = NULL; int ret = 0, r; assert(fd >= 0); d = fdopendir(fd); if (!d) { safe_close(fd); return -errno; } if (!(flags & REMOVE_PHYSICAL)) { struct statfs sfs; if (fstatfs(dirfd(d), &sfs) < 0) return -errno; if (is_physical_fs(&sfs)) { _cleanup_free_ char *path = NULL; (void) fd_get_path(fd, &path); return log_error_errno(SYNTHETIC_ERRNO(EPERM), ""Attempted to remove disk file system under \""%s\"", and we can't allow that."", strna(path)); } } FOREACH_DIRENT_ALL(de, d, return -errno) { int is_dir; if (dot_or_dot_dot(de->d_name)) continue; is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR; r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); if (r < 0 && r != -ENOENT && ret == 0) ret = r; } if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) ret = -errno; return ret; }",visit repo url,src/shared/rm-rf.c,https://github.com/systemd/systemd,253782909048336,1 1740,CWE-264,"static struct ion_handle *ion_handle_get_by_id(struct ion_client *client, int id) { struct ion_handle *handle; mutex_lock(&client->lock); handle = idr_find(&client->idr, id); if (handle) ion_handle_get(handle); mutex_unlock(&client->lock); return handle ? handle : ERR_PTR(-EINVAL); }",visit repo url,drivers/staging/android/ion/ion.c,https://github.com/torvalds/linux,60487541295111,1 4937,['CWE-20'],"int nfs_readdir_filler(nfs_readdir_descriptor_t *desc, struct page *page) { struct file *file = desc->file; struct inode *inode = file->f_path.dentry->d_inode; struct rpc_cred *cred = nfs_file_cred(file); unsigned long timestamp; int error; dfprintk(DIRCACHE, ""NFS: %s: reading cookie %Lu into page %lu\n"", __FUNCTION__, (long long)desc->entry->cookie, page->index); again: timestamp = jiffies; error = NFS_PROTO(inode)->readdir(file->f_path.dentry, cred, desc->entry->cookie, page, NFS_SERVER(inode)->dtsize, desc->plus); if (error < 0) { if (error == -ENOTSUPP && desc->plus) { NFS_SERVER(inode)->caps &= ~NFS_CAP_READDIRPLUS; clear_bit(NFS_INO_ADVISE_RDPLUS, &NFS_FLAGS(inode)); desc->plus = 0; goto again; } goto error; } desc->timestamp = timestamp; desc->timestamp_valid = 1; SetPageUptodate(page); spin_lock(&inode->i_lock); NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ATIME; spin_unlock(&inode->i_lock); if (page->index == 0 && invalidate_inode_pages2_range(inode->i_mapping, PAGE_CACHE_SIZE, -1) < 0) { nfs_zap_mapping(inode, inode->i_mapping); } unlock_page(page); return 0; error: SetPageError(page); unlock_page(page); nfs_zap_caches(inode); desc->error = error; return -EIO; }",linux-2.6,,,306465394569828738643353801788001164537,0 2150,CWE-476,"static int btrfs_finish_sprout(struct btrfs_trans_handle *trans, struct btrfs_fs_info *fs_info) { struct btrfs_root *root = fs_info->chunk_root; struct btrfs_path *path; struct extent_buffer *leaf; struct btrfs_dev_item *dev_item; struct btrfs_device *device; struct btrfs_key key; u8 fs_uuid[BTRFS_FSID_SIZE]; u8 dev_uuid[BTRFS_UUID_SIZE]; u64 devid; int ret; path = btrfs_alloc_path(); if (!path) return -ENOMEM; key.objectid = BTRFS_DEV_ITEMS_OBJECTID; key.offset = 0; key.type = BTRFS_DEV_ITEM_KEY; while (1) { ret = btrfs_search_slot(trans, root, &key, path, 0, 1); if (ret < 0) goto error; leaf = path->nodes[0]; next_slot: if (path->slots[0] >= btrfs_header_nritems(leaf)) { ret = btrfs_next_leaf(root, path); if (ret > 0) break; if (ret < 0) goto error; leaf = path->nodes[0]; btrfs_item_key_to_cpu(leaf, &key, path->slots[0]); btrfs_release_path(path); continue; } btrfs_item_key_to_cpu(leaf, &key, path->slots[0]); if (key.objectid != BTRFS_DEV_ITEMS_OBJECTID || key.type != BTRFS_DEV_ITEM_KEY) break; dev_item = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_dev_item); devid = btrfs_device_id(leaf, dev_item); read_extent_buffer(leaf, dev_uuid, btrfs_device_uuid(dev_item), BTRFS_UUID_SIZE); read_extent_buffer(leaf, fs_uuid, btrfs_device_fsid(dev_item), BTRFS_FSID_SIZE); device = btrfs_find_device(fs_info->fs_devices, devid, dev_uuid, fs_uuid); BUG_ON(!device); if (device->fs_devices->seeding) { btrfs_set_device_generation(leaf, dev_item, device->generation); btrfs_mark_buffer_dirty(leaf); } path->slots[0]++; goto next_slot; } ret = 0; error: btrfs_free_path(path); return ret; }",visit repo url,fs/btrfs/volumes.c,https://github.com/torvalds/linux,56990187837853,1 3433,['CWE-264'],"ssize_t generic_file_splice_read(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { ssize_t spliced; int ret; ret = 0; spliced = 0; while (len) { ret = __generic_file_splice_read(in, ppos, pipe, len, flags); if (ret < 0) break; else if (!ret) { if (spliced) break; if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; } } *ppos += ret; len -= ret; spliced += ret; } if (spliced) return spliced; return ret; }",linux-2.6,,,40510603707795210138834457116639884349,0 2251,CWE-416,"static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) { struct inode *inode = dentry->d_inode; int error = -EACCES; path_put(&nd->path); if (!proc_fd_access_allowed(inode)) goto out; error = PROC_I(inode)->op.proc_get_link(inode, &nd->path); nd->last_type = LAST_BIND; out: return ERR_PTR(error); }",visit repo url,fs/proc/base.c,https://github.com/torvalds/linux,269610061399857,1 304,CWE-476,"int build_ntlmssp_auth_blob(unsigned char **pbuffer, u16 *buflen, struct cifs_ses *ses, const struct nls_table *nls_cp) { int rc; AUTHENTICATE_MESSAGE *sec_blob; __u32 flags; unsigned char *tmp; rc = setup_ntlmv2_rsp(ses, nls_cp); if (rc) { cifs_dbg(VFS, ""Error %d during NTLMSSP authentication\n"", rc); *buflen = 0; goto setup_ntlmv2_ret; } *pbuffer = kmalloc(size_of_ntlmssp_blob(ses), GFP_KERNEL); sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer; memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); sec_blob->MessageType = NtLmAuthenticate; flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC; if (ses->server->sign) { flags |= NTLMSSP_NEGOTIATE_SIGN; if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) flags |= NTLMSSP_NEGOTIATE_KEY_XCH; } tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); sec_blob->NegotiateFlags = cpu_to_le32(flags); sec_blob->LmChallengeResponse.BufferOffset = cpu_to_le32(sizeof(AUTHENTICATE_MESSAGE)); sec_blob->LmChallengeResponse.Length = 0; sec_blob->LmChallengeResponse.MaximumLength = 0; sec_blob->NtChallengeResponse.BufferOffset = cpu_to_le32(tmp - *pbuffer); if (ses->user_name != NULL) { memcpy(tmp, ses->auth_key.response + CIFS_SESS_KEY_SIZE, ses->auth_key.len - CIFS_SESS_KEY_SIZE); tmp += ses->auth_key.len - CIFS_SESS_KEY_SIZE; sec_blob->NtChallengeResponse.Length = cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); sec_blob->NtChallengeResponse.MaximumLength = cpu_to_le16(ses->auth_key.len - CIFS_SESS_KEY_SIZE); } else { sec_blob->NtChallengeResponse.Length = 0; sec_blob->NtChallengeResponse.MaximumLength = 0; } if (ses->domainName == NULL) { sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer); sec_blob->DomainName.Length = 0; sec_blob->DomainName.MaximumLength = 0; tmp += 2; } else { int len; len = cifs_strtoUTF16((__le16 *)tmp, ses->domainName, CIFS_MAX_DOMAINNAME_LEN, nls_cp); len *= 2; sec_blob->DomainName.BufferOffset = cpu_to_le32(tmp - *pbuffer); sec_blob->DomainName.Length = cpu_to_le16(len); sec_blob->DomainName.MaximumLength = cpu_to_le16(len); tmp += len; } if (ses->user_name == NULL) { sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer); sec_blob->UserName.Length = 0; sec_blob->UserName.MaximumLength = 0; tmp += 2; } else { int len; len = cifs_strtoUTF16((__le16 *)tmp, ses->user_name, CIFS_MAX_USERNAME_LEN, nls_cp); len *= 2; sec_blob->UserName.BufferOffset = cpu_to_le32(tmp - *pbuffer); sec_blob->UserName.Length = cpu_to_le16(len); sec_blob->UserName.MaximumLength = cpu_to_le16(len); tmp += len; } sec_blob->WorkstationName.BufferOffset = cpu_to_le32(tmp - *pbuffer); sec_blob->WorkstationName.Length = 0; sec_blob->WorkstationName.MaximumLength = 0; tmp += 2; if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) || (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) && !calc_seckey(ses)) { memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer); sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE); sec_blob->SessionKey.MaximumLength = cpu_to_le16(CIFS_CPHTXT_SIZE); tmp += CIFS_CPHTXT_SIZE; } else { sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer); sec_blob->SessionKey.Length = 0; sec_blob->SessionKey.MaximumLength = 0; } *buflen = tmp - *pbuffer; setup_ntlmv2_ret: return rc; }",visit repo url,fs/cifs/sess.c,https://github.com/torvalds/linux,77978463328217,1 5329,['CWE-119'],"static u32 tun_get_msglevel(struct net_device *dev) { #ifdef TUN_DEBUG struct tun_struct *tun = netdev_priv(dev); return tun->debug; #else return -EOPNOTSUPP; #endif }",linux-2.6,,,164036484113994630865524541086496833815,0 3339,[],"static inline int nlmsg_parse(struct nlmsghdr *nlh, int hdrlen, struct nlattr *tb[], int maxtype, const struct nla_policy *policy) { if (nlh->nlmsg_len < nlmsg_msg_size(hdrlen)) return -EINVAL; return nla_parse(tb, maxtype, nlmsg_attrdata(nlh, hdrlen), nlmsg_attrlen(nlh, hdrlen), policy); }",linux-2.6,,,255648091705661025965781318510417501332,0 2728,CWE-415,"PHP_FUNCTION(mb_split) { char *arg_pattern; int arg_pattern_len; php_mb_regex_t *re; OnigRegion *regs = NULL; char *string; OnigUChar *pos, *chunk_pos; int string_len; int n, err; long count = -1; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""ss|l"", &arg_pattern, &arg_pattern_len, &string, &string_len, &count) == FAILURE) { RETURN_FALSE; } if (count > 0) { count--; } if ((re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, MBREX(regex_default_options), MBREX(current_mbctype), MBREX(regex_default_syntax) TSRMLS_CC)) == NULL) { RETURN_FALSE; } array_init(return_value); chunk_pos = pos = (OnigUChar *)string; err = 0; regs = onig_region_new(); while (count != 0 && (pos - (OnigUChar *)string) < string_len) { int beg, end; err = onig_search(re, (OnigUChar *)string, (OnigUChar *)(string + string_len), pos, (OnigUChar *)(string + string_len), regs, 0); if (err < 0) { break; } beg = regs->beg[0], end = regs->end[0]; if ((pos - (OnigUChar *)string) < end) { if (beg < string_len && beg >= (chunk_pos - (OnigUChar *)string)) { add_next_index_stringl(return_value, (char *)chunk_pos, ((OnigUChar *)(string + beg) - chunk_pos), 1); --count; } else { err = -2; break; } chunk_pos = pos = (OnigUChar *)string + end; } else { pos++; } onig_region_free(regs, 0); } onig_region_free(regs, 1); if (err <= -2) { OnigUChar err_str[ONIG_MAX_ERROR_MESSAGE_LEN]; onig_error_code_to_str(err_str, err); php_error_docref(NULL TSRMLS_CC, E_WARNING, ""mbregex search failure in mbsplit(): %s"", err_str); zval_dtor(return_value); RETURN_FALSE; } n = ((OnigUChar *)(string + string_len) - chunk_pos); if (n > 0) { add_next_index_stringl(return_value, (char *)chunk_pos, n, 1); } else { add_next_index_stringl(return_value, """", 0, 1); } }",visit repo url,ext/mbstring/php_mbregex.c,https://github.com/php/php-src,241753030762819,1 4292,['CWE-264'],"static void cleanup_signal(struct task_struct *tsk) { struct signal_struct *sig = tsk->signal; atomic_dec(&sig->live); if (atomic_dec_and_test(&sig->count)) __cleanup_signal(sig); }",linux-2.6,,,226994400656814816274109607039397055445,0 5574,[],"void sigqueue_free(struct sigqueue *q) { unsigned long flags; spinlock_t *lock = ¤t->sighand->siglock; BUG_ON(!(q->flags & SIGQUEUE_PREALLOC)); spin_lock_irqsave(lock, flags); q->flags &= ~SIGQUEUE_PREALLOC; if (!list_empty(&q->list)) q = NULL; spin_unlock_irqrestore(lock, flags); if (q) __sigqueue_free(q); }",linux-2.6,,,67513882548833142917491667984439758678,0 3308,CWE-476,"smb2_flush(smb_request_t *sr) { smb_ofile_t *of = NULL; uint16_t StructSize; uint16_t reserved1; uint32_t reserved2; smb2fid_t smb2fid; uint32_t status; int rc = 0; rc = smb_mbc_decodef( &sr->smb_data, ""wwlqq"", &StructSize, &reserved1, &reserved2, &smb2fid.persistent, &smb2fid.temporal); if (rc) return (SDRC_ERROR); if (StructSize != 24) return (SDRC_ERROR); status = smb2sr_lookup_fid(sr, &smb2fid); if (status) { smb2sr_put_error(sr, status); return (SDRC_SUCCESS); } of = sr->fid_ofile; if ((of->f_node->flags & NODE_FLAGS_WRITE_THROUGH) == 0) (void) smb_fsop_commit(sr, of->f_cr, of->f_node); (void) smb_mbc_encodef( &sr->reply, ""wwl"", 4, 0); return (SDRC_SUCCESS); }",visit repo url,usr/src/uts/common/fs/smbsrv/smb2_flush.c,https://github.com/illumos/illumos-gate,163707948037620,1 6227,CWE-190,"void fp18_write_bin(uint8_t *bin, int len, const fp18_t a) { if (len != 18 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp9_write_bin(bin, 9 * RLC_FP_BYTES, a[0]); fp9_write_bin(bin + 9 * RLC_FP_BYTES, 9 * RLC_FP_BYTES, a[1]); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,241902331041794,1 6158,CWE-190,"static void ep2_mul_sim_plain(ep2_t r, const ep2_t p, const bn_t k, const ep2_t q, const bn_t m, const ep2_t *t) { int i, l, l0, l1, n0, n1, w, gen; int8_t naf0[2 * RLC_FP_BITS + 1], naf1[2 * RLC_FP_BITS + 1], *_k, *_m; ep2_t t0[1 << (EP_WIDTH - 2)]; ep2_t t1[1 << (EP_WIDTH - 2)]; RLC_TRY { gen = (t == NULL ? 0 : 1); if (!gen) { for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep2_null(t0[i]); ep2_new(t0[i]); } ep2_tab(t0, p, EP_WIDTH); t = (ep2_t *)t0; } for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep2_null(t1[i]); ep2_new(t1[i]); } ep2_tab(t1, q, EP_WIDTH); if (gen) { w = EP_DEPTH; } else { w = EP_WIDTH; } l0 = l1 = 2 * RLC_FP_BITS + 1; bn_rec_naf(naf0, &l0, k, w); bn_rec_naf(naf1, &l1, m, EP_WIDTH); l = RLC_MAX(l0, l1); _k = naf0 + l - 1; _m = naf1 + l - 1; if (bn_sign(k) == RLC_NEG) { for (i = 0; i < l0; i++) { naf0[i] = -naf0[i]; } } if (bn_sign(m) == RLC_NEG) { for (i = 0; i < l1; i++) { naf1[i] = -naf1[i]; } } ep2_set_infty(r); for (i = l - 1; i >= 0; i--, _k--, _m--) { ep2_dbl(r, r); n0 = *_k; n1 = *_m; if (n0 > 0) { ep2_add(r, r, t[n0 / 2]); } if (n0 < 0) { ep2_sub(r, r, t[-n0 / 2]); } if (n1 > 0) { ep2_add(r, r, t1[n1 / 2]); } if (n1 < 0) { ep2_sub(r, r, t1[-n1 / 2]); } } ep2_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { if (!gen) { for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep2_free(t0[i]); } } for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep2_free(t1[i]); } } }",visit repo url,src/epx/relic_ep2_mul_sim.c,https://github.com/relic-toolkit/relic,240155933538733,1 4857,['CWE-189'],"int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry) { int rc = 0; char *page_virt = NULL; struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode; struct ecryptfs_crypt_stat *crypt_stat = &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private( ecryptfs_dentry->d_sb)->mount_crypt_stat; ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, mount_crypt_stat); page_virt = kmem_cache_alloc(ecryptfs_header_cache_1, GFP_USER); if (!page_virt) { rc = -ENOMEM; printk(KERN_ERR ""%s: Unable to allocate page_virt\n"", __func__); goto out; } rc = ecryptfs_read_lower(page_virt, 0, crypt_stat->extent_size, ecryptfs_inode); if (!rc) rc = ecryptfs_read_headers_virt(page_virt, crypt_stat, ecryptfs_dentry, ECRYPTFS_VALIDATE_HEADER_SIZE); if (rc) { rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode); if (rc) { printk(KERN_DEBUG ""Valid eCryptfs headers not found in "" ""file header region or xattr region\n""); rc = -EINVAL; goto out; } rc = ecryptfs_read_headers_virt(page_virt, crypt_stat, ecryptfs_dentry, ECRYPTFS_DONT_VALIDATE_HEADER_SIZE); if (rc) { printk(KERN_DEBUG ""Valid eCryptfs headers not found in "" ""file xattr region either\n""); rc = -EINVAL; } if (crypt_stat->mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) { crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; } else { printk(KERN_WARNING ""Attempt to access file with "" ""crypto metadata only in the extended attribute "" ""region, but eCryptfs was mounted without "" ""xattr support enabled. eCryptfs will not treat "" ""this like an encrypted file.\n""); rc = -EINVAL; } } out: if (page_virt) { memset(page_virt, 0, PAGE_CACHE_SIZE); kmem_cache_free(ecryptfs_header_cache_1, page_virt); } return rc; }",linux-2.6,,,148463349741791392433725658919641662982,0 4799,['CWE-399'],"AvahiServerConfig* avahi_server_config_init(AvahiServerConfig *c) { assert(c); memset(c, 0, sizeof(AvahiServerConfig)); c->use_ipv6 = 1; c->use_ipv4 = 1; c->allow_interfaces = NULL; c->deny_interfaces = NULL; c->host_name = NULL; c->domain_name = NULL; c->check_response_ttl = 0; c->publish_hinfo = 1; c->publish_addresses = 1; c->publish_workstation = 1; c->publish_domain = 1; c->use_iff_running = 0; c->enable_reflector = 0; c->reflect_ipv = 0; c->add_service_cookie = 0; c->enable_wide_area = 0; c->n_wide_area_servers = 0; c->disallow_other_stacks = 0; c->browse_domains = NULL; c->disable_publishing = 0; c->allow_point_to_point = 0; c->publish_aaaa_on_ipv4 = 1; c->publish_a_on_ipv6 = 0; return c; }",avahi,,,29174478565520887006188005274773228526,0 3592,['CWE-20'],"static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, union sctp_params param, sctp_cid_t cid, struct sctp_chunk *chunk, struct sctp_chunk **err_chunk) { struct sctp_hmac_algo_param *hmacs; int retval = SCTP_IERROR_NO_ERROR; __u16 n_elt, id = 0; int i; switch (param.p->type) { case SCTP_PARAM_IPV4_ADDRESS: case SCTP_PARAM_IPV6_ADDRESS: case SCTP_PARAM_COOKIE_PRESERVATIVE: case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: case SCTP_PARAM_STATE_COOKIE: case SCTP_PARAM_HEARTBEAT_INFO: case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: case SCTP_PARAM_ECN_CAPABLE: case SCTP_PARAM_ADAPTATION_LAYER_IND: break; case SCTP_PARAM_SUPPORTED_EXT: if (!sctp_verify_ext_param(param)) return SCTP_IERROR_ABORT; break; case SCTP_PARAM_SET_PRIMARY: if (sctp_addip_enable) break; goto fallthrough; case SCTP_PARAM_HOST_NAME_ADDRESS: sctp_process_hn_param(asoc, param, chunk, err_chunk); retval = SCTP_IERROR_ABORT; break; case SCTP_PARAM_FWD_TSN_SUPPORT: if (sctp_prsctp_enable) break; goto fallthrough; case SCTP_PARAM_RANDOM: if (!sctp_auth_enable) goto fallthrough; if (SCTP_AUTH_RANDOM_LENGTH != ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { sctp_process_inv_paramlength(asoc, param.p, chunk, err_chunk); retval = SCTP_IERROR_ABORT; } break; case SCTP_PARAM_CHUNKS: if (!sctp_auth_enable) goto fallthrough; if (260 < ntohs(param.p->length)) { sctp_process_inv_paramlength(asoc, param.p, chunk, err_chunk); retval = SCTP_IERROR_ABORT; } break; case SCTP_PARAM_HMAC_ALGO: if (!sctp_auth_enable) goto fallthrough; hmacs = (struct sctp_hmac_algo_param *)param.p; n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; for (i = 0; i < n_elt; i++) { id = ntohs(hmacs->hmac_ids[i]); if (id == SCTP_AUTH_HMAC_ID_SHA1) break; } if (id != SCTP_AUTH_HMAC_ID_SHA1) { sctp_process_inv_paramlength(asoc, param.p, chunk, err_chunk); retval = SCTP_IERROR_ABORT; } break; fallthrough: default: SCTP_DEBUG_PRINTK(""Unrecognized param: %d for chunk %d.\n"", ntohs(param.p->type), cid); retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); break; } return retval; }",linux-2.6,,,113189575533324071036078293313075407973,0 1561,CWE-264,"static inline bool is_flush_request(struct request *rq, struct blk_flush_queue *fq, unsigned int tag) { return ((rq->cmd_flags & REQ_FLUSH_SEQ) && fq->flush_rq->tag == tag); }",visit repo url,block/blk-mq.c,https://github.com/torvalds/linux,174922815264187,1 3808,CWE-122,"bracketed_paste(paste_mode_T mode, int drop, garray_T *gap) { int c; char_u buf[NUMBUFLEN + MB_MAXBYTES]; int idx = 0; char_u *end = find_termcode((char_u *)""PE""); int ret_char = -1; int save_allow_keys = allow_keys; int save_paste = p_paste; if (end != NULL && STRLEN(end) >= NUMBUFLEN) end = NULL; ++no_mapping; allow_keys = 0; if (!p_paste) set_option_value((char_u *)""paste"", TRUE, NULL, 0); for (;;) { if (end == NULL && vpeekc() == NUL) break; do c = vgetc(); while (c == K_IGNORE || c == K_VER_SCROLLBAR || c == K_HOR_SCROLLBAR); if (c == NUL || got_int || (ex_normal_busy > 0 && c == Ctrl_C)) break; if (has_mbyte) idx += (*mb_char2bytes)(c, buf + idx); else buf[idx++] = c; buf[idx] = NUL; if (end != NULL && STRNCMP(buf, end, idx) == 0) { if (end[idx] == NUL) break; continue; } if (!drop) { switch (mode) { case PASTE_CMDLINE: put_on_cmdline(buf, idx, TRUE); break; case PASTE_EX: if (gap != NULL && ga_grow(gap, idx) == OK) { mch_memmove((char *)gap->ga_data + gap->ga_len, buf, (size_t)idx); gap->ga_len += idx; } break; case PASTE_INSERT: if (stop_arrow() == OK) { c = buf[0]; if (idx == 1 && (c == CAR || c == K_KENTER || c == NL)) ins_eol(c); else { ins_char_bytes(buf, idx); AppendToRedobuffLit(buf, idx); } } break; case PASTE_ONE_CHAR: if (ret_char == -1) { if (has_mbyte) ret_char = (*mb_ptr2char)(buf); else ret_char = buf[0]; } break; } } idx = 0; } --no_mapping; allow_keys = save_allow_keys; if (!save_paste) set_option_value((char_u *)""paste"", FALSE, NULL, 0); return ret_char; }",visit repo url,src/edit.c,https://github.com/vim/vim,128883213317918,1 6079,CWE-190,"void bn_read_bin(bn_t a, const uint8_t *bin, int len) { int i, j; dig_t d = (RLC_DIG / 8); int digs = (len % d == 0 ? len / d : len / d + 1); bn_grow(a, digs); bn_zero(a); a->used = digs; for (i = 0; i < digs - 1; i++) { d = 0; for (j = (RLC_DIG / 8) - 1; j >= 0; j--) { d = d << 8; d |= bin[len - 1 - (i * (RLC_DIG / 8) + j)]; } a->dp[i] = d; } d = 0; for (j = (RLC_DIG / 8) - 1; j >= 0; j--) { if ((int)(i * (RLC_DIG / 8) + j) < len) { d = d << 8; d |= bin[len - 1 - (i * (RLC_DIG / 8) + j)]; } } a->dp[i] = d; a->sign = RLC_POS; bn_trim(a); }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,145536012971397,1 3425,['CWE-264'],"asmlinkage long sys_openat(int dfd, const char __user *filename, int flags, int mode) { long ret; if (force_o_largefile()) flags |= O_LARGEFILE; ret = do_sys_open(dfd, filename, flags, mode); prevent_tail_call(ret); return ret; }",linux-2.6,,,333386609471112484430634781047261813461,0 2600,CWE-908,"char* parse_via(char* buffer, char* end, struct via_body *vbody) { char* tmp; char* param_start; unsigned char state; unsigned char saved_state; int c_nest; int err; struct via_body* vb; struct via_param* param; vb=vbody; parse_again: vb->error=PARSE_ERROR; state=F_SIP; saved_state=0; param_start=0; for(tmp=buffer;tmptransport.len=tmp-vb->transport.s; vb->proto=PROTO_UDP; state=F_HOST; goto main_via; case FIN_TCP: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_TCP; state=F_HOST; goto main_via; case FIN_TLS: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_TLS; state=F_HOST; goto main_via; case FIN_SCTP: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_SCTP; state=F_HOST; goto main_via; case FIN_WS: case WS_WSS: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_WS; state=F_HOST; goto main_via; case FIN_WSS: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_WSS; state=F_HOST; goto main_via; case OTHER_PROTO: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_OTHER; state=F_HOST; goto main_via; case FIN_SIP: vb->name.len=tmp-vb->name.s; state=L_VER; break; case FIN_VER: vb->version.len=tmp-vb->version.s; state=L_PROTO; break; case F_LF: case F_CRLF: case F_CR: state=saved_state; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case '\n': switch(state){ case L_VER: case F_SIP: case F_VER: case F_PROTO: case L_PROTO: saved_state=state; state=F_LF; break; case FIN_UDP: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_UDP; state=F_LF; saved_state=F_HOST; goto main_via; case FIN_TCP: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_TCP; state=F_LF; saved_state=F_HOST; goto main_via; case FIN_TLS: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_TLS; state=F_LF; saved_state=F_HOST; goto main_via; case WS_WSS: case FIN_WS: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_WS; state=F_LF; saved_state=F_HOST; goto main_via; case FIN_WSS: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_WS; state=F_LF; saved_state=F_HOST; goto main_via; case OTHER_PROTO: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_OTHER; state=F_LF; saved_state=F_HOST; goto main_via; case FIN_SIP: vb->name.len=tmp-vb->name.s; state=F_LF; saved_state=L_VER; break; case FIN_VER: vb->version.len=tmp-vb->version.s; state=F_LF; saved_state=L_PROTO; break; case F_CR: state=F_CRLF; break; case F_LF: case F_CRLF: state=saved_state; goto endofheader; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case '\r': switch(state){ case L_VER: case F_SIP: case F_VER: case F_PROTO: case L_PROTO: saved_state=state; state=F_CR; break; case FIN_UDP: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_UDP; state=F_CR; saved_state=F_HOST; goto main_via; case FIN_TCP: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_TCP; state=F_CR; saved_state=F_HOST; goto main_via; case FIN_TLS: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_TLS; state=F_CR; saved_state=F_HOST; goto main_via; case WS_WSS: case FIN_WS: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_WS; state=F_CR; saved_state=F_HOST; goto main_via; case FIN_WSS: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_WSS; state=F_CR; saved_state=F_HOST; goto main_via; case OTHER_PROTO: vb->transport.len=tmp-vb->transport.s; vb->proto=PROTO_OTHER; state=F_CR; saved_state=F_HOST; goto main_via; case FIN_SIP: vb->name.len=tmp-vb->name.s; state=F_CR; saved_state=L_VER; break; case FIN_VER: vb->version.len=tmp-vb->version.s; state=F_CR; saved_state=L_PROTO; break; case F_LF: case F_CR: case F_CRLF: state=saved_state; goto endofheader; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case '/': switch(state){ case FIN_SIP: vb->name.len=tmp-vb->name.s; state=F_VER; break; case FIN_VER: vb->version.len=tmp-vb->version.s; state=F_PROTO; break; case L_VER: state=F_VER; break; case L_PROTO: state=F_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case 'S': case 's': switch(state){ case F_SIP: state=SIP1; vb->name.s=tmp; break; case TLS2: state=FIN_TLS; break; case F_PROTO: state=SCTP1; vb->transport.s=tmp; break; case WS1: state=WS_WSS; break; case WS_WSS: state=FIN_WSS; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case 'I': case 'i': switch(state){ case SIP1: state=SIP2; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case 'p': case 'P': switch(state){ case SIP2: state=FIN_SIP; break; case UDP2: state=FIN_UDP; break; case TCP2: state=FIN_TCP; break; case SCTP3: state=FIN_SCTP; break; case OTHER_PROTO: break; case UDP1: case FIN_UDP: case TCP_TLS1: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case 'U': case 'u': switch(state){ case F_PROTO: state=UDP1; vb->transport.s=tmp; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case 'D': case 'd': switch(state){ case UDP1: state=UDP2; break; case OTHER_PROTO: break; case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case 'T': case 't': switch(state){ case F_PROTO: state=TCP_TLS1; vb->transport.s=tmp; break; case SCTP2: state=SCTP3; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case 'C': case 'c': switch(state){ case TCP_TLS1: state=TCP2; break; case SCTP1: state=SCTP2; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case 'L': case 'l': switch(state){ case TCP_TLS1: state=TLS2; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case 'W': case 'w': switch(state){ case F_PROTO: state=WS1; vb->transport.s=tmp; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case '2': switch(state){ case F_VER: state=VER1; vb->version.s=tmp; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case '.': switch(state){ case VER1: state=VER2; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; case '0': switch(state){ case VER2: state=FIN_VER; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; default: switch(state){ case F_PROTO: state=OTHER_PROTO; vb->transport.s=tmp; break; case OTHER_PROTO: break; case UDP1: case UDP2: case FIN_UDP: case TCP_TLS1: case TCP2: case FIN_TCP: case TLS2: case FIN_TLS: case SCTP1: case SCTP2: case SCTP3: case FIN_SCTP: case WS1: case WS_WSS: case FIN_WS: case FIN_WSS: state=OTHER_PROTO; break; default: LM_ERR(""bad char <%c> on state %d\n"", *tmp, state); goto parse_error; } break; } } LM_ERR(""bad via: end of packet on state=%d\n"", state); goto parse_error; main_via: tmp++; c_nest=0; ; for(;*tmp;tmp++){ switch(*tmp){ case ' ': case '\t': switch(state){ case F_HOST: break; case P_HOST: vb->host.len=tmp-vb->host.s; state=L_PORT; break; case L_PORT: case F_PORT: break; case P_PORT: vb->port_str.len=tmp-vb->port_str.s; state=L_PARAM; break; case L_PARAM: case F_PARAM: break; case P_PARAM: state=L_PARAM; break; case L_VIA: case F_VIA: break; case F_COMMENT: case P_COMMENT: break; case F_IP6HOST: case P_IP6HOST: LM_ERR(""bad ipv6 reference\n""); goto parse_error; case F_CRLF: case F_LF: case F_CR: state=saved_state; break; default: LM_CRIT(""on <%c>, state=%d\n"",*tmp, state); goto parse_error; } break; case '\n': switch(state){ case F_HOST: case L_PORT: case F_PORT: case L_PARAM: case F_PARAM: case F_VIA: case L_VIA: case F_COMMENT: case P_COMMENT: case F_IP6HOST: case P_IP6HOST: saved_state=state; state=F_LF; break; case P_HOST: vb->host.len=tmp-vb->host.s; saved_state=L_PORT; state=F_LF; break; case P_PORT: vb->port_str.len=tmp-vb->port_str.s; saved_state=L_PARAM; state=F_LF; break; case P_PARAM: saved_state=L_PARAM; state=F_LF; break; case F_CR: state=F_CRLF; break; case F_CRLF: case F_LF: state=saved_state; goto endofheader; default: LM_CRIT(""BUG on <%c>\n"",*tmp); goto parse_error; } break; case '\r': switch(state){ case F_HOST: case L_PORT: case F_PORT: case L_PARAM: case F_PARAM: case F_VIA: case L_VIA: case F_COMMENT: case P_COMMENT: case F_IP6HOST: case P_IP6HOST: saved_state=state; state=F_CR; break; case P_HOST: vb->host.len=tmp-vb->host.s; saved_state=L_PORT; state=F_CR; break; case P_PORT: vb->port_str.len=tmp-vb->port_str.s; saved_state=L_PARAM; state=F_CR; break; case P_PARAM: saved_state=L_PARAM; state=F_CR; break; case F_CRLF: case F_CR: case F_LF: state=saved_state; goto endofheader; default: LM_CRIT(""on <%c>\n"",*tmp); goto parse_error; } break; case ':': switch(state){ case F_HOST: case F_IP6HOST: state=P_IP6HOST; break; case P_IP6HOST: break; case P_HOST: vb->host.len=tmp-vb->host.s; state=F_PORT; break; case L_PORT: state=F_PORT; break; case P_PORT: LM_ERR(""bad port\n""); goto parse_error; case L_PARAM: case F_PARAM: case P_PARAM: LM_ERR(""bad char <%c> in state %d\n"", *tmp,state); goto parse_error; case L_VIA: case F_VIA: LM_ERR(""bad char in compact via\n""); goto parse_error; case F_CRLF: case F_LF: case F_CR: goto endofheader; case F_COMMENT: vb->comment.s=tmp; state=P_COMMENT; break; case P_COMMENT: break; default: LM_CRIT(""on <%c> state %d\n"", *tmp, state); goto parse_error; } break; case ';': switch(state){ case F_HOST: case F_IP6HOST: LM_ERR("" no host found\n""); goto parse_error; case P_IP6HOST: LM_ERR("" bad ipv6 reference\n""); goto parse_error; case P_HOST: vb->host.len=tmp-vb->host.s; state=F_PARAM; param_start=tmp+1; break; case P_PORT: vb->port_str.len=tmp-vb->port_str.s; case L_PORT: case L_PARAM: state=F_PARAM; param_start=tmp+1; break; case F_PORT: LM_ERR("" bad char <%c> in state %d\n"", *tmp,state); goto parse_error; case F_PARAM: LM_ERR(""null param?\n""); goto parse_error; case P_PARAM: state=F_PARAM; param_start=tmp+1; break; case L_VIA: case F_VIA: LM_ERR(""bad char <%c> in next via\n"", *tmp); goto parse_error; case F_CRLF: case F_LF: case F_CR: goto endofheader; case F_COMMENT: vb->comment.s=tmp; state=P_COMMENT; break; case P_COMMENT: break; default: LM_CRIT(""on <%c> state %d\n"", *tmp, state); goto parse_error; } break; case ',': switch(state){ case F_HOST: case F_IP6HOST: LM_ERR(""no host found\n""); goto parse_error; case P_IP6HOST: LM_ERR("" bad ipv6 reference\n""); goto parse_error; case P_HOST: vb->host.len=tmp-vb->host.s; state=F_VIA; break; case P_PORT: vb->port_str.len=tmp-vb->port_str.s; state=F_VIA; break; case L_PORT: case L_PARAM: case P_PARAM: case L_VIA: state=F_VIA; break; case F_PORT: case F_PARAM: LM_ERR(""invalid char <%c> in state %d\n"", *tmp,state); goto parse_error; case F_VIA: break; case F_CRLF: case F_LF: case F_CR: goto endofheader; case F_COMMENT: vb->comment.s=tmp; state=P_COMMENT; break; case P_COMMENT: break; default: LM_CRIT(""on <%c> state %d\n"",*tmp, state); goto parse_error; } break; case '(': switch(state){ case F_HOST: case F_PORT: case F_PARAM: case F_VIA: case F_IP6HOST: case P_IP6HOST: LM_ERR("" on <%c> state %d\n"", *tmp, state); goto parse_error; case P_HOST: vb->host.len=tmp-vb->host.s; state=F_COMMENT; c_nest++; break; case P_PORT: vb->port_str.len=tmp-vb->port_str.s; state=F_COMMENT; c_nest++; break; case P_PARAM: vb->params.len=tmp-vb->params.s; state=F_COMMENT; c_nest++; break; case L_PORT: case L_PARAM: case L_VIA: state=F_COMMENT; vb->params.len=tmp-vb->params.s; c_nest++; break; case P_COMMENT: case F_COMMENT: c_nest++; break; case F_CRLF: case F_LF: case F_CR: goto endofheader; default: LM_CRIT(""on <%c> state %d\n"", *tmp, state); goto parse_error; } break; case ')': switch(state){ case F_COMMENT: case P_COMMENT: if (c_nest){ c_nest--; if(c_nest==0){ state=L_VIA; vb->comment.len=tmp-vb->comment.s; break; } }else{ LM_ERR("" missing '(' - nesting= %d\n"", c_nest); goto parse_error; } break; case F_HOST: case F_PORT: case F_PARAM: case F_VIA: case P_HOST: case P_PORT: case P_PARAM: case L_PORT: case L_PARAM: case L_VIA: case F_IP6HOST: case P_IP6HOST: LM_ERR("" on <%c> state %d\n"",*tmp, state); goto parse_error; case F_CRLF: case F_LF: case F_CR: goto endofheader; default: LM_CRIT(""on <%c> state %d\n"", *tmp, state); goto parse_error; } break; case '[': switch(state){ case F_HOST: vb->host.s=tmp; state=F_IP6HOST; break; case F_COMMENT: vb->comment.s=tmp; state=P_COMMENT; break; case P_COMMENT: break; case F_CRLF: case F_LF: case F_CR: goto endofheader; default: LM_ERR(""on <%c> state %d\n"",*tmp, state); goto parse_error; } break; case ']': switch(state){ case P_IP6HOST: vb->host.len=(tmp-vb->host.s)+1; state=L_PORT; break; case F_CRLF: case F_LF: case F_CR: goto endofheader; case F_COMMENT: vb->comment.s=tmp; state=P_COMMENT; break; case P_COMMENT: break; default: LM_ERR(""on <%c> state %d\n"",*tmp, state); goto parse_error; } break; default: switch(state){ case F_HOST: state=P_HOST; vb->host.s=tmp; case P_HOST: if ( (*tmp<'a' || *tmp>'z') && (*tmp<'A' || *tmp>'Z') && (*tmp<'0' || *tmp>'9') && *tmp!='-' && *tmp!='.') goto parse_error; break; case F_PORT: state=P_PORT; vb->port_str.s=tmp; case P_PORT: if ( *tmp<'0' || *tmp>'9' ) goto parse_error; break; case F_PARAM: ; if(vb->params.s==0) vb->params.s=param_start; param=pkg_malloc(sizeof(struct via_param)); if (param==0){ LM_ERR(""no pkg memory left\n""); goto error; } memset(param,0, sizeof(struct via_param)); param->start=param_start; tmp=parse_via_param(tmp, end, &state, &saved_state, param); switch(state){ case F_PARAM: param_start=tmp+1; case L_PARAM: case F_LF: case F_CR: vb->params.len=tmp - vb->params.s; break; case F_VIA: vb->params.len=param->start+param->size -vb->params.s; break; case END_OF_HEADER: vb->params.len=param->start+param->size -vb->params.s; break; case PARAM_ERROR: pkg_free(param); goto parse_error; default: pkg_free(param); LM_ERR("" after parse_via_param: invalid "" ""char <%c> on state %d\n"",*tmp, state); goto parse_error; } if (vb->last_param) vb->last_param->next=param; else vb->param_lst=param; vb->last_param=param; switch(param->type){ case PARAM_BRANCH: vb->branch=param; break; case PARAM_RECEIVED: vb->received=param; break; case PARAM_RPORT: vb->rport=param; break; case PARAM_I: vb->i=param; break; case PARAM_ALIAS: vb->alias=param; break; case PARAM_MADDR: vb->maddr=param; break; } if (state==END_OF_HEADER){ state=saved_state; goto endofheader; } break; case P_PARAM: break; case F_VIA: goto nextvia; case L_PORT: case L_PARAM: case L_VIA: LM_ERR(""on <%c> state %d (default)\n"",*tmp, state); goto parse_error; case F_COMMENT: state=P_COMMENT; vb->comment.s=tmp; break; case P_COMMENT: break; case F_IP6HOST: state=P_IP6HOST; case P_IP6HOST: if ( (*tmp<'a' || *tmp>'f') && (*tmp<'A' || *tmp>'F') && (*tmp<'0' || *tmp>'9') && *tmp!=':') goto parse_error; break; case F_CRLF: case F_LF: case F_CR: goto endofheader; default: LM_CRIT(""invalid char <%c> in state %d\n"",*tmp, state); goto parse_error; } } } LM_DBG(""end of packet reached, state=%d\n"", state); goto endofpacket; endofheader: state=saved_state; LM_DBG(""end of header reached, state=%d\n"", state); endofpacket: switch(state){ case P_HOST: case L_PORT: case P_PORT: case L_PARAM: case P_PARAM: case P_VALUE: case GEN_PARAM: case FIN_HIDDEN: case L_VIA: break; default: LM_ERR("" invalid via - end of header in state %d\n"", state); goto parse_error; } vb->error=PARSE_OK; vb->bsize=tmp-buffer; if (vb->port_str.s){ vb->port=str2s(vb->port_str.s, vb->port_str.len, &err); if (err){ LM_ERR("" invalid port number <%.*s>\n"", vb->port_str.len, ZSW(vb->port_str.s)); goto parse_error; } } return tmp; nextvia: LM_DBG(""next_via\n""); vb->error=PARSE_OK; vb->bsize=tmp-buffer; if (vb->port_str.s){ vb->port=str2s(vb->port_str.s, vb->port_str.len, &err); if (err){ LM_ERR("" invalid port number <%.*s>\n"", vb->port_str.len, ZSW(vb->port_str.s)); goto parse_error; } } vb->next=pkg_malloc(sizeof(struct via_body)); if (vb->next==0){ LM_ERR("" out of pkg memory\n""); goto error; } vb=vb->next; memset(vb, 0, sizeof(struct via_body)); buffer=tmp; goto parse_again; parse_error: if (end>buffer){ LM_ERR("" <%.*s>\n"", (int)(end-buffer), ZSW(buffer)); } if ((tmp>buffer)&&(tmp\n"", (int)(tmp-buffer), ZSW(buffer) ); }else{ LM_ERR(""via parse failed\n""); } error: vb->error=PARSE_ERROR; vbody->error=PARSE_ERROR; return tmp; }",visit repo url,parser/parse_via.c,https://github.com/OpenSIPS/opensips,236835597567101,1 3241,CWE-125,"print_ipcp_config_options(netdissect_options *ndo, const u_char *p, int length) { int len, opt; u_int compproto, ipcomp_subopttotallen, ipcomp_subopt, ipcomp_suboptlen; if (length < 2) return 0; ND_TCHECK2(*p, 2); len = p[1]; opt = p[0]; if (length < len) return 0; if (len < 2) { ND_PRINT((ndo, ""\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)"", tok2str(ipcpopt_values,""unknown"",opt), opt, len)); return 0; } ND_PRINT((ndo, ""\n\t %s Option (0x%02x), length %u"", tok2str(ipcpopt_values,""unknown"",opt), opt, len)); switch (opt) { case IPCPOPT_2ADDR: if (len != 10) { ND_PRINT((ndo, "" (length bogus, should be = 10)"")); return len; } ND_TCHECK2(*(p + 6), 4); ND_PRINT((ndo, "": src %s, dst %s"", ipaddr_string(ndo, p + 2), ipaddr_string(ndo, p + 6))); break; case IPCPOPT_IPCOMP: if (len < 4) { ND_PRINT((ndo, "" (length bogus, should be >= 4)"")); return 0; } ND_TCHECK2(*(p + 2), 2); compproto = EXTRACT_16BITS(p+2); ND_PRINT((ndo, "": %s (0x%02x):"", tok2str(ipcpopt_compproto_values, ""Unknown"", compproto), compproto)); switch (compproto) { case PPP_VJC: break; case IPCPOPT_IPCOMP_HDRCOMP: if (len < IPCPOPT_IPCOMP_MINLEN) { ND_PRINT((ndo, "" (length bogus, should be >= %u)"", IPCPOPT_IPCOMP_MINLEN)); return 0; } ND_TCHECK2(*(p + 2), IPCPOPT_IPCOMP_MINLEN); ND_PRINT((ndo, ""\n\t TCP Space %u, non-TCP Space %u"" \ "", maxPeriod %u, maxTime %u, maxHdr %u"", EXTRACT_16BITS(p+4), EXTRACT_16BITS(p+6), EXTRACT_16BITS(p+8), EXTRACT_16BITS(p+10), EXTRACT_16BITS(p+12))); if (len > IPCPOPT_IPCOMP_MINLEN) { ipcomp_subopttotallen = len - IPCPOPT_IPCOMP_MINLEN; p += IPCPOPT_IPCOMP_MINLEN; ND_PRINT((ndo, ""\n\t Suboptions, length %u"", ipcomp_subopttotallen)); while (ipcomp_subopttotallen >= 2) { ND_TCHECK2(*p, 2); ipcomp_subopt = *p; ipcomp_suboptlen = *(p+1); if (ipcomp_subopt == 0 || ipcomp_suboptlen == 0 ) break; ND_PRINT((ndo, ""\n\t\t%s Suboption #%u, length %u"", tok2str(ipcpopt_compproto_subopt_values, ""Unknown"", ipcomp_subopt), ipcomp_subopt, ipcomp_suboptlen)); ipcomp_subopttotallen -= ipcomp_suboptlen; p += ipcomp_suboptlen; } } break; default: break; } break; case IPCPOPT_ADDR: case IPCPOPT_MOBILE4: case IPCPOPT_PRIDNS: case IPCPOPT_PRINBNS: case IPCPOPT_SECDNS: case IPCPOPT_SECNBNS: if (len != 6) { ND_PRINT((ndo, "" (length bogus, should be = 6)"")); return 0; } ND_TCHECK2(*(p + 2), 4); ND_PRINT((ndo, "": %s"", ipaddr_string(ndo, p + 2))); break; default: if (ndo->ndo_vflag < 2) print_unknown_data(ndo, &p[2], ""\n\t "", len - 2); break; } if (ndo->ndo_vflag > 1) print_unknown_data(ndo, &p[2], ""\n\t "", len - 2); return len; trunc: ND_PRINT((ndo, ""[|ipcp]"")); return 0; }",visit repo url,print-ppp.c,https://github.com/the-tcpdump-group/tcpdump,54476389129048,1 1209,CWE-400,"static void __intel_pmu_pebs_event(struct perf_event *event, struct pt_regs *iregs, void *__pebs) { struct pebs_record_core *pebs = __pebs; struct perf_sample_data data; struct pt_regs regs; if (!intel_pmu_save_and_restart(event)) return; perf_sample_data_init(&data, 0); data.period = event->hw.last_period; regs = *iregs; regs.ip = pebs->ip; regs.bp = pebs->bp; regs.sp = pebs->sp; if (event->attr.precise_ip > 1 && intel_pmu_pebs_fixup_ip(®s)) regs.flags |= PERF_EFLAGS_EXACT; else regs.flags &= ~PERF_EFLAGS_EXACT; if (perf_event_overflow(event, 1, &data, ®s)) x86_pmu_stop(event, 0); }",visit repo url,arch/x86/kernel/cpu/perf_event_intel_ds.c,https://github.com/torvalds/linux,173816697041825,1 6640,['CWE-200'],"ce_child_setup (gpointer user_data G_GNUC_UNUSED) { pid_t pid = getpid (); setpgid (pid, pid); }",network-manager-applet,,,104459913935094722494040830129452192918,0 364,CWE-125,"void skb_complete_tx_timestamp(struct sk_buff *skb, struct skb_shared_hwtstamps *hwtstamps) { struct sock *sk = skb->sk; if (!skb_may_tx_timestamp(sk, false)) return; if (likely(atomic_inc_not_zero(&sk->sk_refcnt))) { *skb_hwtstamps(skb) = *hwtstamps; __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND); sock_put(sk); }",visit repo url,net/core/skbuff.c,https://github.com/torvalds/linux,241598175192702,1 2086,CWE-787,"static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) { struct usb_yurex *dev; int retval = 0; int bytes_read = 0; char in_buffer[20]; unsigned long flags; dev = file->private_data; mutex_lock(&dev->io_mutex); if (!dev->interface) { retval = -ENODEV; goto exit; } spin_lock_irqsave(&dev->lock, flags); bytes_read = snprintf(in_buffer, 20, ""%lld\n"", dev->bbu); spin_unlock_irqrestore(&dev->lock, flags); if (*ppos < bytes_read) { if (copy_to_user(buffer, in_buffer + *ppos, bytes_read - *ppos)) retval = -EFAULT; else { retval = bytes_read - *ppos; *ppos += bytes_read; } } exit: mutex_unlock(&dev->io_mutex); return retval; }",visit repo url,drivers/usb/misc/yurex.c,https://github.com/torvalds/linux,192872124656125,1 4656,['CWE-399'],"static int ext4_da_writepages(struct address_space *mapping, struct writeback_control *wbc) { pgoff_t index; int range_whole = 0; handle_t *handle = NULL; struct mpage_da_data mpd; struct inode *inode = mapping->host; int no_nrwrite_index_update; int pages_written = 0; long pages_skipped; int needed_blocks, ret = 0, nr_to_writebump = 0; struct ext4_sb_info *sbi = EXT4_SB(mapping->host->i_sb); trace_mark(ext4_da_writepages, ""dev %s ino %lu nr_t_write %ld "" ""pages_skipped %ld range_start %llu "" ""range_end %llu nonblocking %d "" ""for_kupdate %d for_reclaim %d "" ""for_writepages %d range_cyclic %d"", inode->i_sb->s_id, inode->i_ino, wbc->nr_to_write, wbc->pages_skipped, (unsigned long long) wbc->range_start, (unsigned long long) wbc->range_end, wbc->nonblocking, wbc->for_kupdate, wbc->for_reclaim, wbc->for_writepages, wbc->range_cyclic); if (!mapping->nrpages || !mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) return 0; if (unlikely(sbi->s_mount_opt & EXT4_MOUNT_ABORT)) return -EROFS; if (wbc->nr_to_write < sbi->s_mb_stream_request) { nr_to_writebump = sbi->s_mb_stream_request - wbc->nr_to_write; wbc->nr_to_write = sbi->s_mb_stream_request; } if (wbc->range_start == 0 && wbc->range_end == LLONG_MAX) range_whole = 1; if (wbc->range_cyclic) index = mapping->writeback_index; else index = wbc->range_start >> PAGE_CACHE_SHIFT; mpd.wbc = wbc; mpd.inode = mapping->host; no_nrwrite_index_update = wbc->no_nrwrite_index_update; wbc->no_nrwrite_index_update = 1; pages_skipped = wbc->pages_skipped; while (!ret && wbc->nr_to_write > 0) { BUG_ON(ext4_should_journal_data(inode)); needed_blocks = ext4_da_writepages_trans_blocks(inode); handle = ext4_journal_start(inode, needed_blocks); if (IS_ERR(handle)) { ret = PTR_ERR(handle); printk(KERN_CRIT ""%s: jbd2_start: "" ""%ld pages, ino %lu; err %d\n"", __func__, wbc->nr_to_write, inode->i_ino, ret); dump_stack(); goto out_writepages; } mpd.get_block = ext4_da_get_block_write; ret = mpage_da_writepages(mapping, wbc, &mpd); ext4_journal_stop(handle); if (mpd.retval == -ENOSPC) { jbd2_journal_force_commit_nested(sbi->s_journal); wbc->pages_skipped = pages_skipped; ret = 0; } else if (ret == MPAGE_DA_EXTENT_TAIL) { pages_written += mpd.pages_written; wbc->pages_skipped = pages_skipped; ret = 0; } else if (wbc->nr_to_write) break; } if (pages_skipped != wbc->pages_skipped) printk(KERN_EMERG ""This should not happen leaving %s "" ""with nr_to_write = %ld ret = %d\n"", __func__, wbc->nr_to_write, ret); index += pages_written; if (wbc->range_cyclic || (range_whole && wbc->nr_to_write > 0)) mapping->writeback_index = index; out_writepages: if (!no_nrwrite_index_update) wbc->no_nrwrite_index_update = 0; wbc->nr_to_write -= nr_to_writebump; trace_mark(ext4_da_writepage_result, ""dev %s ino %lu ret %d pages_written %d "" ""pages_skipped %ld congestion %d "" ""more_io %d no_nrwrite_index_update %d"", inode->i_sb->s_id, inode->i_ino, ret, pages_written, wbc->pages_skipped, wbc->encountered_congestion, wbc->more_io, wbc->no_nrwrite_index_update); return ret; }",linux-2.6,,,319624319792502489253274046811177897435,0 4872,['CWE-189'],"static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num, struct ecryptfs_crypt_stat *crypt_stat) { (*offset) = (crypt_stat->num_header_bytes_at_front + (crypt_stat->extent_size * extent_num)); }",linux-2.6,,,104927600558702768080977763321133826671,0 434,CWE-200,"sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) { void __user *p = (void __user *)arg; int __user *ip = p; int result, val, read_only; Sg_device *sdp; Sg_fd *sfp; Sg_request *srp; unsigned long iflags; if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) return -ENXIO; SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, ""sg_ioctl: cmd=0x%x\n"", (int) cmd_in)); read_only = (O_RDWR != (filp->f_flags & O_ACCMODE)); switch (cmd_in) { case SG_IO: if (atomic_read(&sdp->detaching)) return -ENODEV; if (!scsi_block_when_processing_errors(sdp->device)) return -ENXIO; if (!access_ok(VERIFY_WRITE, p, SZ_SG_IO_HDR)) return -EFAULT; result = sg_new_write(sfp, filp, p, SZ_SG_IO_HDR, 1, read_only, 1, &srp); if (result < 0) return result; result = wait_event_interruptible(sfp->read_wait, (srp_done(sfp, srp) || atomic_read(&sdp->detaching))); if (atomic_read(&sdp->detaching)) return -ENODEV; write_lock_irq(&sfp->rq_list_lock); if (srp->done) { srp->done = 2; write_unlock_irq(&sfp->rq_list_lock); result = sg_new_read(sfp, p, SZ_SG_IO_HDR, srp); return (result < 0) ? result : 0; } srp->orphan = 1; write_unlock_irq(&sfp->rq_list_lock); return result; case SG_SET_TIMEOUT: result = get_user(val, ip); if (result) return result; if (val < 0) return -EIO; if (val >= mult_frac((s64)INT_MAX, USER_HZ, HZ)) val = min_t(s64, mult_frac((s64)INT_MAX, USER_HZ, HZ), INT_MAX); sfp->timeout_user = val; sfp->timeout = mult_frac(val, HZ, USER_HZ); return 0; case SG_GET_TIMEOUT: return sfp->timeout_user; case SG_SET_FORCE_LOW_DMA: return 0; case SG_GET_LOW_DMA: return put_user((int) sdp->device->host->unchecked_isa_dma, ip); case SG_GET_SCSI_ID: if (!access_ok(VERIFY_WRITE, p, sizeof (sg_scsi_id_t))) return -EFAULT; else { sg_scsi_id_t __user *sg_idp = p; if (atomic_read(&sdp->detaching)) return -ENODEV; __put_user((int) sdp->device->host->host_no, &sg_idp->host_no); __put_user((int) sdp->device->channel, &sg_idp->channel); __put_user((int) sdp->device->id, &sg_idp->scsi_id); __put_user((int) sdp->device->lun, &sg_idp->lun); __put_user((int) sdp->device->type, &sg_idp->scsi_type); __put_user((short) sdp->device->host->cmd_per_lun, &sg_idp->h_cmd_per_lun); __put_user((short) sdp->device->queue_depth, &sg_idp->d_queue_depth); __put_user(0, &sg_idp->unused[0]); __put_user(0, &sg_idp->unused[1]); return 0; } case SG_SET_FORCE_PACK_ID: result = get_user(val, ip); if (result) return result; sfp->force_packid = val ? 1 : 0; return 0; case SG_GET_PACK_ID: if (!access_ok(VERIFY_WRITE, ip, sizeof (int))) return -EFAULT; read_lock_irqsave(&sfp->rq_list_lock, iflags); list_for_each_entry(srp, &sfp->rq_list, entry) { if ((1 == srp->done) && (!srp->sg_io_owned)) { read_unlock_irqrestore(&sfp->rq_list_lock, iflags); __put_user(srp->header.pack_id, ip); return 0; } } read_unlock_irqrestore(&sfp->rq_list_lock, iflags); __put_user(-1, ip); return 0; case SG_GET_NUM_WAITING: read_lock_irqsave(&sfp->rq_list_lock, iflags); val = 0; list_for_each_entry(srp, &sfp->rq_list, entry) { if ((1 == srp->done) && (!srp->sg_io_owned)) ++val; } read_unlock_irqrestore(&sfp->rq_list_lock, iflags); return put_user(val, ip); case SG_GET_SG_TABLESIZE: return put_user(sdp->sg_tablesize, ip); case SG_SET_RESERVED_SIZE: result = get_user(val, ip); if (result) return result; if (val < 0) return -EINVAL; val = min_t(int, val, max_sectors_bytes(sdp->device->request_queue)); mutex_lock(&sfp->f_mutex); if (val != sfp->reserve.bufflen) { if (sfp->mmap_called || sfp->res_in_use) { mutex_unlock(&sfp->f_mutex); return -EBUSY; } sg_remove_scat(sfp, &sfp->reserve); sg_build_reserve(sfp, val); } mutex_unlock(&sfp->f_mutex); return 0; case SG_GET_RESERVED_SIZE: val = min_t(int, sfp->reserve.bufflen, max_sectors_bytes(sdp->device->request_queue)); return put_user(val, ip); case SG_SET_COMMAND_Q: result = get_user(val, ip); if (result) return result; sfp->cmd_q = val ? 1 : 0; return 0; case SG_GET_COMMAND_Q: return put_user((int) sfp->cmd_q, ip); case SG_SET_KEEP_ORPHAN: result = get_user(val, ip); if (result) return result; sfp->keep_orphan = val; return 0; case SG_GET_KEEP_ORPHAN: return put_user((int) sfp->keep_orphan, ip); case SG_NEXT_CMD_LEN: result = get_user(val, ip); if (result) return result; if (val > SG_MAX_CDB_SIZE) return -ENOMEM; sfp->next_cmd_len = (val > 0) ? val : 0; return 0; case SG_GET_VERSION_NUM: return put_user(sg_version_num, ip); case SG_GET_ACCESS_COUNT: val = (sdp->device ? 1 : 0); return put_user(val, ip); case SG_GET_REQUEST_TABLE: if (!access_ok(VERIFY_WRITE, p, SZ_SG_REQ_INFO * SG_MAX_QUEUE)) return -EFAULT; else { sg_req_info_t *rinfo; rinfo = kmalloc(SZ_SG_REQ_INFO * SG_MAX_QUEUE, GFP_KERNEL); if (!rinfo) return -ENOMEM; read_lock_irqsave(&sfp->rq_list_lock, iflags); sg_fill_request_table(sfp, rinfo); read_unlock_irqrestore(&sfp->rq_list_lock, iflags); result = __copy_to_user(p, rinfo, SZ_SG_REQ_INFO * SG_MAX_QUEUE); result = result ? -EFAULT : 0; kfree(rinfo); return result; } case SG_EMULATED_HOST: if (atomic_read(&sdp->detaching)) return -ENODEV; return put_user(sdp->device->host->hostt->emulated, ip); case SCSI_IOCTL_SEND_COMMAND: if (atomic_read(&sdp->detaching)) return -ENODEV; if (read_only) { unsigned char opcode = WRITE_6; Scsi_Ioctl_Command __user *siocp = p; if (copy_from_user(&opcode, siocp->data, 1)) return -EFAULT; if (sg_allow_access(filp, &opcode)) return -EPERM; } return sg_scsi_ioctl(sdp->device->request_queue, NULL, filp->f_mode, p); case SG_SET_DEBUG: result = get_user(val, ip); if (result) return result; sdp->sgdebug = (char) val; return 0; case BLKSECTGET: return put_user(max_sectors_bytes(sdp->device->request_queue), ip); case BLKTRACESETUP: return blk_trace_setup(sdp->device->request_queue, sdp->disk->disk_name, MKDEV(SCSI_GENERIC_MAJOR, sdp->index), NULL, p); case BLKTRACESTART: return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: return blk_trace_startstop(sdp->device->request_queue, 0); case BLKTRACETEARDOWN: return blk_trace_remove(sdp->device->request_queue); case SCSI_IOCTL_GET_IDLUN: case SCSI_IOCTL_GET_BUS_NUMBER: case SCSI_IOCTL_PROBE_HOST: case SG_GET_TRANSFORM: case SG_SCSI_RESET: if (atomic_read(&sdp->detaching)) return -ENODEV; break; default: if (read_only) return -EPERM; break; } result = scsi_ioctl_block_when_processing_errors(sdp->device, cmd_in, filp->f_flags & O_NDELAY); if (result) return result; return scsi_ioctl(sdp->device, cmd_in, p); }",visit repo url,drivers/scsi/sg.c,https://github.com/torvalds/linux,206237550142416,1 4863,CWE-119,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 4925,['CWE-20'],"static struct nfs_access_entry *nfs_access_search_rbtree(struct inode *inode, struct rpc_cred *cred) { struct rb_node *n = NFS_I(inode)->access_cache.rb_node; struct nfs_access_entry *entry; while (n != NULL) { entry = rb_entry(n, struct nfs_access_entry, rb_node); if (cred < entry->cred) n = n->rb_left; else if (cred > entry->cred) n = n->rb_right; else return entry; } return NULL; }",linux-2.6,,,86167815821020461110726719411386541833,0 6697,CWE-90,"static int get_filter(struct sss_certmap_ctx *ctx, struct ldap_mapping_rule *parsed_mapping_rule, struct sss_cert_content *cert_content, char **filter) { struct ldap_mapping_rule_comp *comp; char *result = NULL; char *expanded = NULL; int ret; result = talloc_strdup(ctx, """"); if (result == NULL) { return ENOMEM; } for (comp = parsed_mapping_rule->list; comp != NULL; comp = comp->next) { if (comp->type == comp_string) { result = talloc_strdup_append(result, comp->val); } else if (comp->type == comp_template) { ret = expand_template(ctx, comp->parsed_template, cert_content, &expanded); if (ret != 0) { CM_DEBUG(ctx, ""Failed to expanded template.""); goto done; } result = talloc_strdup_append(result, expanded); talloc_free(expanded); expanded = NULL; if (result == NULL) { ret = ENOMEM; goto done; } } else { ret = EINVAL; CM_DEBUG(ctx, ""Unsupported component type.""); goto done; } } ret = 0; done: talloc_free(expanded); if (ret == 0) { *filter = result; } else { talloc_free(result); } return ret; }",visit repo url,src/lib/certmap/sss_certmap.c,https://github.com/SSSD/sssd,87038247603937,1 1086,['CWE-20'],"static int notifier_chain_unregister(struct notifier_block **nl, struct notifier_block *n) { while ((*nl) != NULL) { if ((*nl) == n) { rcu_assign_pointer(*nl, n->next); return 0; } nl = &((*nl)->next); } return -ENOENT; }",linux-2.6,,,323874668550309145173240413581330515294,0 6312,CWE-295,"void log_flush(LOG_MODE new_mode) { CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_LOG_MODE]); if(log_mode!=LOG_MODE_CONFIGURED || new_mode!=LOG_MODE_ERROR) log_mode=new_mode; if(new_mode!=LOG_MODE_BUFFER) { CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_LOG_BUFFER]); while(head) { struct LIST *tmp=head; head=head->next; log_raw(tmp->opt, tmp->level, tmp->stamp, tmp->id, tmp->text); str_free(tmp); } head=tail=NULL; CRYPTO_THREAD_unlock(stunnel_locks[LOCK_LOG_BUFFER]); } CRYPTO_THREAD_unlock(stunnel_locks[LOCK_LOG_MODE]); }",visit repo url,src/log.c,https://github.com/mtrojnar/stunnel,111703632831871,1 3941,['CWE-362'],"static inline void audit_get_watch(struct audit_watch *watch) { atomic_inc(&watch->count); }",linux-2.6,,,116366344029316177610050663391720574479,0 164,[],"static ssize_t compat_do_readv_writev(int type, struct file *file, const struct compat_iovec __user *uvector, unsigned long nr_segs, loff_t *pos) { compat_ssize_t tot_len; struct iovec iovstack[UIO_FASTIOV]; struct iovec *iov=iovstack, *vector; ssize_t ret; int seg; io_fn_t fn; iov_fn_t fnv; ret = 0; if (nr_segs == 0) goto out; ret = -EINVAL; if ((nr_segs > UIO_MAXIOV) || (nr_segs <= 0)) goto out; if (!file->f_op) goto out; if (nr_segs > UIO_FASTIOV) { ret = -ENOMEM; iov = kmalloc(nr_segs*sizeof(struct iovec), GFP_KERNEL); if (!iov) goto out; } ret = -EFAULT; if (!access_ok(VERIFY_READ, uvector, nr_segs*sizeof(*uvector))) goto out; tot_len = 0; vector = iov; ret = -EINVAL; for (seg = 0 ; seg < nr_segs; seg++) { compat_ssize_t tmp = tot_len; compat_ssize_t len; compat_uptr_t buf; if (__get_user(len, &uvector->iov_len) || __get_user(buf, &uvector->iov_base)) { ret = -EFAULT; goto out; } if (len < 0) goto out; tot_len += len; if (tot_len < tmp) goto out; vector->iov_base = compat_ptr(buf); vector->iov_len = (compat_size_t) len; uvector++; vector++; } if (tot_len == 0) { ret = 0; goto out; } ret = rw_verify_area(type, file, pos, tot_len); if (ret < 0) goto out; ret = security_file_permission(file, type == READ ? MAY_READ:MAY_WRITE); if (ret) goto out; fnv = NULL; if (type == READ) { fn = file->f_op->read; fnv = file->f_op->aio_read; } else { fn = (io_fn_t)file->f_op->write; fnv = file->f_op->aio_write; } if (fnv) ret = do_sync_readv_writev(file, iov, nr_segs, tot_len, pos, fnv); else ret = do_loop_readv_writev(file, iov, nr_segs, pos, fn); out: if (iov != iovstack) kfree(iov); if ((ret + (type == READ)) > 0) { struct dentry *dentry = file->f_dentry; if (type == READ) fsnotify_access(dentry); else fsnotify_modify(dentry); } return ret; }",linux-2.6,,,296618438546088454740073754146415910303,0 1582,[],"static void __set_se_shares(struct sched_entity *se, unsigned long shares) { struct cfs_rq *cfs_rq = se->cfs_rq; int on_rq; on_rq = se->on_rq; if (on_rq) dequeue_entity(cfs_rq, se, 0); se->load.weight = shares; se->load.inv_weight = div64_64((1ULL<<32), shares); if (on_rq) enqueue_entity(cfs_rq, se, 0); }",linux-2.6,,,170093813653473839182186748867615149338,0 243,[],"fat_shortname2uni(struct nls_table *nls, unsigned char *buf, int buf_size, wchar_t *uni_buf, unsigned short opt, int lower) { int len = 0; if (opt & VFAT_SFN_DISPLAY_LOWER) len = fat_short2lower_uni(nls, buf, buf_size, uni_buf); else if (opt & VFAT_SFN_DISPLAY_WIN95) len = fat_short2uni(nls, buf, buf_size, uni_buf); else if (opt & VFAT_SFN_DISPLAY_WINNT) { if (lower) len = fat_short2lower_uni(nls, buf, buf_size, uni_buf); else len = fat_short2uni(nls, buf, buf_size, uni_buf); } else len = fat_short2uni(nls, buf, buf_size, uni_buf); return len; }",linux-2.6,,,94084903082884439110535622495073195072,0 6311,['CWE-200'],"static int tca_action_flush(struct rtattr *rta, struct nlmsghdr *n, u32 pid) { struct sk_buff *skb; unsigned char *b; struct nlmsghdr *nlh; struct tcamsg *t; struct netlink_callback dcb; struct rtattr *x; struct rtattr *tb[TCA_ACT_MAX+1]; struct rtattr *kind; struct tc_action *a = create_a(0); int err = -EINVAL; if (a == NULL) { printk(""tca_action_flush: couldnt create tc_action\n""); return err; } skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) { printk(""tca_action_flush: failed skb alloc\n""); kfree(a); return -ENOBUFS; } b = (unsigned char *)skb->tail; if (rtattr_parse_nested(tb, TCA_ACT_MAX, rta) < 0) goto err_out; kind = tb[TCA_ACT_KIND-1]; a->ops = tc_lookup_action(kind); if (a->ops == NULL) goto err_out; nlh = NLMSG_PUT(skb, pid, n->nlmsg_seq, RTM_DELACTION, sizeof(*t)); t = NLMSG_DATA(nlh); t->tca_family = AF_UNSPEC; t->tca__pad1 = 0; t->tca__pad2 = 0; x = (struct rtattr *) skb->tail; RTA_PUT(skb, TCA_ACT_TAB, 0, NULL); err = a->ops->walk(skb, &dcb, RTM_DELACTION, a); if (err < 0) goto rtattr_failure; x->rta_len = skb->tail - (u8 *) x; nlh->nlmsg_len = skb->tail - b; nlh->nlmsg_flags |= NLM_F_ROOT; module_put(a->ops->owner); kfree(a); err = rtnetlink_send(skb, pid, RTMGRP_TC, n->nlmsg_flags&NLM_F_ECHO); if (err > 0) return 0; return err; rtattr_failure: module_put(a->ops->owner); nlmsg_failure: err_out: kfree_skb(skb); kfree(a); return err; }",linux-2.6,,,250699792518078551606629250004078635915,0 3463,['CWE-20'],"sctp_disposition_t sctp_sf_operr_notify(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_ulpevent *ev; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); while (chunk->chunk_end > chunk->skb->data) { ev = sctp_ulpevent_make_remote_error(asoc, chunk, 0, GFP_ATOMIC); if (!ev) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev)); sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_OPERR, SCTP_CHUNK(chunk)); } return SCTP_DISPOSITION_CONSUME; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,229627857457450294379997657011194867784,0 1332,['CWE-399'],"static int ipip6_tunnel_change_mtu(struct net_device *dev, int new_mtu) { if (new_mtu < IPV6_MIN_MTU || new_mtu > 0xFFF8 - sizeof(struct iphdr)) return -EINVAL; dev->mtu = new_mtu; return 0; }",linux-2.6,,,225329906071755525591550610695956034029,0 2833,CWE-125,"static INLINE BOOL update_write_brush(wStream* s, rdpBrush* brush, BYTE fieldFlags) { if (fieldFlags & ORDER_FIELD_01) { Stream_Write_UINT8(s, brush->x); } if (fieldFlags & ORDER_FIELD_02) { Stream_Write_UINT8(s, brush->y); } if (fieldFlags & ORDER_FIELD_03) { Stream_Write_UINT8(s, brush->style); } if (brush->style & CACHED_BRUSH) { brush->hatch = brush->index; brush->bpp = BMF_BPP[brush->style & 0x07]; if (brush->bpp == 0) brush->bpp = 1; } if (fieldFlags & ORDER_FIELD_04) { Stream_Write_UINT8(s, brush->hatch); } if (fieldFlags & ORDER_FIELD_05) { brush->data = (BYTE*)brush->p8x8; Stream_Write_UINT8(s, brush->data[7]); Stream_Write_UINT8(s, brush->data[6]); Stream_Write_UINT8(s, brush->data[5]); Stream_Write_UINT8(s, brush->data[4]); Stream_Write_UINT8(s, brush->data[3]); Stream_Write_UINT8(s, brush->data[2]); Stream_Write_UINT8(s, brush->data[1]); brush->data[0] = brush->hatch; } return TRUE; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,230583621413762,1 237,CWE-362,"static struct page *follow_page_pte(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, unsigned int flags) { struct mm_struct *mm = vma->vm_mm; struct dev_pagemap *pgmap = NULL; struct page *page; spinlock_t *ptl; pte_t *ptep, pte; retry: if (unlikely(pmd_bad(*pmd))) return no_page_table(vma, flags); ptep = pte_offset_map_lock(mm, pmd, address, &ptl); pte = *ptep; if (!pte_present(pte)) { swp_entry_t entry; if (likely(!(flags & FOLL_MIGRATION))) goto no_page; if (pte_none(pte)) goto no_page; entry = pte_to_swp_entry(pte); if (!is_migration_entry(entry)) goto no_page; pte_unmap_unlock(ptep, ptl); migration_entry_wait(mm, pmd, address); goto retry; } if ((flags & FOLL_NUMA) && pte_protnone(pte)) goto no_page; if ((flags & FOLL_WRITE) && !pte_write(pte)) { pte_unmap_unlock(ptep, ptl); return NULL; } page = vm_normal_page(vma, address, pte); if (!page && pte_devmap(pte) && (flags & FOLL_GET)) { pgmap = get_dev_pagemap(pte_pfn(pte), NULL); if (pgmap) page = pte_page(pte); else goto no_page; } else if (unlikely(!page)) { if (flags & FOLL_DUMP) { page = ERR_PTR(-EFAULT); goto out; } if (is_zero_pfn(pte_pfn(pte))) { page = pte_page(pte); } else { int ret; ret = follow_pfn_pte(vma, address, ptep, flags); page = ERR_PTR(ret); goto out; } } if (flags & FOLL_SPLIT && PageTransCompound(page)) { int ret; get_page(page); pte_unmap_unlock(ptep, ptl); lock_page(page); ret = split_huge_page(page); unlock_page(page); put_page(page); if (ret) return ERR_PTR(ret); goto retry; } if (flags & FOLL_GET) { get_page(page); if (pgmap) { put_dev_pagemap(pgmap); pgmap = NULL; } } if (flags & FOLL_TOUCH) { if ((flags & FOLL_WRITE) && !pte_dirty(pte) && !PageDirty(page)) set_page_dirty(page); mark_page_accessed(page); } if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) { if (PageTransCompound(page)) goto out; if (page->mapping && trylock_page(page)) { lru_add_drain(); mlock_vma_page(page); unlock_page(page); } } out: pte_unmap_unlock(ptep, ptl); return page; no_page: pte_unmap_unlock(ptep, ptl); if (!pte_none(pte)) return NULL; return no_page_table(vma, flags); }",visit repo url,mm/gup.c,https://github.com/torvalds/linux,169109520380723,1 3516,CWE-20,"int read_filesystem_tables_4() { long long directory_table_end, table_start; if(read_xattrs_from_disk(fd, &sBlk.s, no_xattrs, &table_start) == 0) return FALSE; if(read_uids_guids(&table_start) == FALSE) return FALSE; if(parse_exports_table(&table_start) == FALSE) return FALSE; if(read_fragment_table(&directory_table_end) == FALSE) return FALSE; if(read_inode_table(sBlk.s.inode_table_start, sBlk.s.directory_table_start) == FALSE) return FALSE; if(read_directory_table(sBlk.s.directory_table_start, directory_table_end) == FALSE) return FALSE; if(no_xattrs) sBlk.s.xattr_id_table_start = SQUASHFS_INVALID_BLK; return TRUE; }",visit repo url,squashfs-tools/unsquash-4.c,https://github.com/plougher/squashfs-tools,131643065733459,1 5204,CWE-74,"export_desktop_file (const char *app, const char *branch, const char *arch, GKeyFile *metadata, const char * const *previous_ids, int parent_fd, const char *name, struct stat *stat_buf, char **target, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; glnx_autofd int desktop_fd = -1; g_autofree char *tmpfile_name = g_strdup_printf (""export-desktop-XXXXXX""); g_autoptr(GOutputStream) out_stream = NULL; g_autofree gchar *data = NULL; gsize data_len; g_autofree gchar *new_data = NULL; gsize new_data_len; g_autoptr(GKeyFile) keyfile = NULL; g_autofree gchar *old_exec = NULL; gint old_argc; g_auto(GStrv) old_argv = NULL; g_auto(GStrv) groups = NULL; GString *new_exec = NULL; g_autofree char *escaped_app = maybe_quote (app); g_autofree char *escaped_branch = maybe_quote (branch); g_autofree char *escaped_arch = maybe_quote (arch); int i; if (!flatpak_openat_noatime (parent_fd, name, &desktop_fd, cancellable, error)) goto out; if (!read_fd (desktop_fd, stat_buf, &data, &data_len, error)) goto out; keyfile = g_key_file_new (); if (!g_key_file_load_from_data (keyfile, data, data_len, G_KEY_FILE_KEEP_TRANSLATIONS, error)) goto out; if (g_str_has_suffix (name, "".service"")) { g_autofree gchar *dbus_name = NULL; g_autofree gchar *expected_dbus_name = g_strndup (name, strlen (name) - strlen ("".service"")); dbus_name = g_key_file_get_string (keyfile, ""D-BUS Service"", ""Name"", NULL); if (dbus_name == NULL || strcmp (dbus_name, expected_dbus_name) != 0) { return flatpak_fail_error (error, FLATPAK_ERROR_EXPORT_FAILED, _(""D-Bus service file '%s' has wrong name""), name); } } if (g_str_has_suffix (name, "".desktop"")) { gsize length; g_auto(GStrv) tags = g_key_file_get_string_list (metadata, ""Application"", ""tags"", &length, NULL); if (tags != NULL) { g_key_file_set_string_list (keyfile, G_KEY_FILE_DESKTOP_GROUP, ""X-Flatpak-Tags"", (const char * const *) tags, length); } g_key_file_set_string (keyfile, G_KEY_FILE_DESKTOP_GROUP, ""X-Flatpak"", app); if (previous_ids != NULL) { const char *X_FLATPAK_RENAMED_FROM = ""X-Flatpak-RenamedFrom""; g_auto(GStrv) renamed_from = g_key_file_get_string_list (keyfile, G_KEY_FILE_DESKTOP_GROUP, X_FLATPAK_RENAMED_FROM, NULL, NULL); g_autoptr(GPtrArray) merged = g_ptr_array_new_with_free_func (g_free); g_autoptr(GHashTable) seen = g_hash_table_new (g_str_hash, g_str_equal); const char *new_suffix; for (i = 0; renamed_from != NULL && renamed_from[i] != NULL; i++) { if (!g_hash_table_contains (seen, renamed_from[i])) { gchar *copy = g_strdup (renamed_from[i]); g_hash_table_insert (seen, copy, copy); g_ptr_array_add (merged, g_steal_pointer (©)); } } g_assert (g_str_has_prefix (name, app)); new_suffix = name + strlen (app); for (i = 0; previous_ids[i] != NULL; i++) { g_autofree gchar *previous_desktop = g_strconcat (previous_ids[i], new_suffix, NULL); if (!g_hash_table_contains (seen, previous_desktop)) { g_hash_table_insert (seen, previous_desktop, previous_desktop); g_ptr_array_add (merged, g_steal_pointer (&previous_desktop)); } } if (merged->len > 0) { g_ptr_array_add (merged, NULL); g_key_file_set_string_list (keyfile, G_KEY_FILE_DESKTOP_GROUP, X_FLATPAK_RENAMED_FROM, (const char * const *) merged->pdata, merged->len - 1); } } } groups = g_key_file_get_groups (keyfile, NULL); for (i = 0; groups[i] != NULL; i++) { g_auto(GStrv) flatpak_run_opts = g_key_file_get_string_list (keyfile, groups[i], ""X-Flatpak-RunOptions"", NULL, NULL); g_autofree char *flatpak_run_args = format_flatpak_run_args_from_run_opts (flatpak_run_opts); g_key_file_remove_key (keyfile, groups[i], ""X-Flatpak-RunOptions"", NULL); g_key_file_remove_key (keyfile, groups[i], ""TryExec"", NULL); g_key_file_remove_key (keyfile, groups[i], ""X-GNOME-Bugzilla-ExtraInfoScript"", NULL); new_exec = g_string_new (""""); g_string_append_printf (new_exec, FLATPAK_BINDIR ""/flatpak run --branch=%s --arch=%s"", escaped_branch, escaped_arch); if (flatpak_run_args != NULL) g_string_append_printf (new_exec, ""%s"", flatpak_run_args); old_exec = g_key_file_get_string (keyfile, groups[i], ""Exec"", NULL); if (old_exec && g_shell_parse_argv (old_exec, &old_argc, &old_argv, NULL) && old_argc >= 1) { int j; g_autofree char *command = maybe_quote (old_argv[0]); g_string_append_printf (new_exec, "" --command=%s"", command); for (j = 1; j < old_argc; j++) { if (strcasecmp (old_argv[j], ""%f"") == 0 || strcasecmp (old_argv[j], ""%u"") == 0) { g_string_append (new_exec, "" --file-forwarding""); break; } } g_string_append (new_exec, "" ""); g_string_append (new_exec, escaped_app); for (j = 1; j < old_argc; j++) { g_autofree char *arg = maybe_quote (old_argv[j]); if (strcasecmp (arg, ""%f"") == 0) g_string_append_printf (new_exec, "" @@ %s @@"", arg); else if (strcasecmp (arg, ""%u"") == 0) g_string_append_printf (new_exec, "" @@u %s @@"", arg); else if (strcmp (arg, ""@@"") == 0 || strcmp (arg, ""@@u"") == 0) g_print (_(""Skipping invalid Exec argument %s\n""), arg); else g_string_append_printf (new_exec, "" %s"", arg); } } else { g_string_append (new_exec, "" ""); g_string_append (new_exec, escaped_app); } g_key_file_set_string (keyfile, groups[i], G_KEY_FILE_DESKTOP_KEY_EXEC, new_exec->str); } new_data = g_key_file_to_data (keyfile, &new_data_len, error); if (new_data == NULL) goto out; if (!flatpak_open_in_tmpdir_at (parent_fd, 0755, tmpfile_name, &out_stream, cancellable, error)) goto out; if (!g_output_stream_write_all (out_stream, new_data, new_data_len, NULL, cancellable, error)) goto out; if (!g_output_stream_close (out_stream, cancellable, error)) goto out; if (target) *target = g_steal_pointer (&tmpfile_name); ret = TRUE; out: if (new_exec != NULL) g_string_free (new_exec, TRUE); return ret; }",visit repo url,common/flatpak-dir.c,https://github.com/flatpak/flatpak,80795250634272,1 1128,CWE-362,"int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len) { struct inet_sock *inet = inet_sk(sk); struct udp_sock *up = udp_sk(sk); struct flowi4 *fl4; int ulen = len; struct ipcm_cookie ipc; struct rtable *rt = NULL; int free = 0; int connected = 0; __be32 daddr, faddr, saddr; __be16 dport; u8 tos; int err, is_udplite = IS_UDPLITE(sk); int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); struct sk_buff *skb; if (len > 0xFFFF) return -EMSGSIZE; if (msg->msg_flags & MSG_OOB) return -EOPNOTSUPP; ipc.opt = NULL; ipc.tx_flags = 0; getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; if (up->pending) { lock_sock(sk); if (likely(up->pending)) { if (unlikely(up->pending != AF_INET)) { release_sock(sk); return -EINVAL; } goto do_append_data; } release_sock(sk); } ulen += sizeof(struct udphdr); if (msg->msg_name) { struct sockaddr_in * usin = (struct sockaddr_in *)msg->msg_name; if (msg->msg_namelen < sizeof(*usin)) return -EINVAL; if (usin->sin_family != AF_INET) { if (usin->sin_family != AF_UNSPEC) return -EAFNOSUPPORT; } daddr = usin->sin_addr.s_addr; dport = usin->sin_port; if (dport == 0) return -EINVAL; } else { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; daddr = inet->inet_daddr; dport = inet->inet_dport; connected = 1; } ipc.addr = inet->inet_saddr; ipc.oif = sk->sk_bound_dev_if; err = sock_tx_timestamp(sk, &ipc.tx_flags); if (err) return err; if (msg->msg_controllen) { err = ip_cmsg_send(sock_net(sk), msg, &ipc); if (err) return err; if (ipc.opt) free = 1; connected = 0; } if (!ipc.opt) ipc.opt = inet->opt; saddr = ipc.addr; ipc.addr = faddr = daddr; if (ipc.opt && ipc.opt->srr) { if (!daddr) return -EINVAL; faddr = ipc.opt->faddr; connected = 0; } tos = RT_TOS(inet->tos); if (sock_flag(sk, SOCK_LOCALROUTE) || (msg->msg_flags & MSG_DONTROUTE) || (ipc.opt && ipc.opt->is_strictroute)) { tos |= RTO_ONLINK; connected = 0; } if (ipv4_is_multicast(daddr)) { if (!ipc.oif) ipc.oif = inet->mc_index; if (!saddr) saddr = inet->mc_addr; connected = 0; } if (connected) rt = (struct rtable *)sk_dst_check(sk, 0); if (rt == NULL) { struct flowi4 fl4; struct net *net = sock_net(sk); flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos, RT_SCOPE_UNIVERSE, sk->sk_protocol, inet_sk_flowi_flags(sk)|FLOWI_FLAG_CAN_SLEEP, faddr, saddr, dport, inet->inet_sport); security_sk_classify_flow(sk, flowi4_to_flowi(&fl4)); rt = ip_route_output_flow(net, &fl4, sk); if (IS_ERR(rt)) { err = PTR_ERR(rt); rt = NULL; if (err == -ENETUNREACH) IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES); goto out; } err = -EACCES; if ((rt->rt_flags & RTCF_BROADCAST) && !sock_flag(sk, SOCK_BROADCAST)) goto out; if (connected) sk_dst_set(sk, dst_clone(&rt->dst)); } if (msg->msg_flags&MSG_CONFIRM) goto do_confirm; back_from_confirm: saddr = rt->rt_src; if (!ipc.addr) daddr = ipc.addr = rt->rt_dst; if (!corkreq) { skb = ip_make_skb(sk, getfrag, msg->msg_iov, ulen, sizeof(struct udphdr), &ipc, &rt, msg->msg_flags); err = PTR_ERR(skb); if (skb && !IS_ERR(skb)) err = udp_send_skb(skb, daddr, dport); goto out; } lock_sock(sk); if (unlikely(up->pending)) { release_sock(sk); LIMIT_NETDEBUG(KERN_DEBUG ""udp cork app bug 2\n""); err = -EINVAL; goto out; } fl4 = &inet->cork.fl.u.ip4; fl4->daddr = daddr; fl4->saddr = saddr; fl4->fl4_dport = dport; fl4->fl4_sport = inet->inet_sport; up->pending = AF_INET; do_append_data: up->len += ulen; err = ip_append_data(sk, getfrag, msg->msg_iov, ulen, sizeof(struct udphdr), &ipc, &rt, corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags); if (err) udp_flush_pending_frames(sk); else if (!corkreq) err = udp_push_pending_frames(sk); else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) up->pending = 0; release_sock(sk); out: ip_rt_put(rt); if (free) kfree(ipc.opt); if (!err) return len; if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_SNDBUFERRORS, is_udplite); } return err; do_confirm: dst_confirm(&rt->dst); if (!(msg->msg_flags&MSG_PROBE) || len) goto back_from_confirm; err = 0; goto out; }",visit repo url,net/ipv4/udp.c,https://github.com/torvalds/linux,87139360782520,1 6456,[],"trim (char **dest, const char *str) { const char *end = strrchr (str, '\''); size_t len = LT_STRLEN (str); char *tmp; FREE (*dest); if (!end) return 1; if (len > 3 && str[0] == '\'') { tmp = MALLOC (char, end - str); if (!tmp) return 1; memcpy(tmp, &str[1], (end - str) - 1); tmp[(end - str) - 1] = LT_EOS_CHAR; *dest = tmp; } else { *dest = 0; } return 0; }",libtool,,,330906598950714293525763762207155818619,0 6174,['CWE-200'],"int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics) { struct rtattr *mx = (struct rtattr*)skb->tail; int i; RTA_PUT(skb, RTA_METRICS, 0, NULL); for (i=0; irta_len = skb->tail - (u8*)mx; if (mx->rta_len == RTA_LENGTH(0)) skb_trim(skb, (u8*)mx - skb->data); return 0; rtattr_failure: skb_trim(skb, (u8*)mx - skb->data); return -1; }",linux-2.6,,,280317269142533367400577479466778873775,0 4235,['CWE-399'],"void dev_deactivate(struct net_device *dev) { struct Qdisc *qdisc; struct sk_buff *skb; int running; spin_lock_bh(&dev->queue_lock); qdisc = dev->qdisc; dev->qdisc = &noop_qdisc; qdisc_reset(qdisc); skb = dev->gso_skb; dev->gso_skb = NULL; spin_unlock_bh(&dev->queue_lock); kfree_skb(skb); dev_watchdog_down(dev); synchronize_rcu(); do { while (test_bit(__LINK_STATE_QDISC_RUNNING, &dev->state)) yield(); spin_lock_bh(&dev->queue_lock); running = test_bit(__LINK_STATE_QDISC_RUNNING, &dev->state); spin_unlock_bh(&dev->queue_lock); } while (WARN_ON_ONCE(running)); }",linux-2.6,,,192263118272255901951114761100584981255,0 3069,['CWE-189'],"static int jp2_jp_getdata(jp2_box_t *box, jas_stream_t *in) { jp2_jp_t *jp = &box->data.jp; if (jp2_getuint32(in, &jp->magic)) { return -1; } return 0; }",jasper,,,88452613139907849216089391447894982050,0 4658,CWE-415,"char *gf_text_get_utf8_line(char *szLine, u32 lineSize, FILE *txt_in, s32 unicode_type) { u32 i, j, len; char *sOK; char szLineConv[1024]; unsigned short *sptr; memset(szLine, 0, sizeof(char)*lineSize); sOK = gf_fgets(szLine, lineSize, txt_in); if (!sOK) return NULL; if (unicode_type<=1) { j=0; len = (u32) strlen(szLine); for (i=0; i> 6) & 0x3 ); j++; szLine[i] &= 0xbf; } else if ( (szLine[i] & 0xe0) == 0xc0) { szLineConv[j] = szLine[i]; i++; j++; } else if ( (szLine[i] & 0xf0) == 0xe0) { szLineConv[j] = szLine[i]; i++; j++; szLineConv[j] = szLine[i]; i++; j++; } else if ( (szLine[i] & 0xf8) == 0xf0) { szLineConv[j] = szLine[i]; i++; j++; szLineConv[j] = szLine[i]; i++; j++; szLineConv[j] = szLine[i]; i++; j++; } else { i+=1; continue; } } szLineConv[j] = szLine[i]; j++; } szLineConv[j] = 0; strcpy(szLine, szLineConv); return sOK; } #ifdef GPAC_BIG_ENDIAN if (unicode_type==3) #else if (unicode_type==2) #endif { i=0; while (1) { char c; if (!szLine[i] && !szLine[i+1]) break; c = szLine[i+1]; szLine[i+1] = szLine[i]; szLine[i] = c; i+=2; } } sptr = (u16 *)szLine; i = (u32) gf_utf8_wcstombs(szLineConv, 1024, (const unsigned short **) &sptr); szLineConv[i] = 0; strcpy(szLine, szLineConv); if (unicode_type==3) gf_fgetc(txt_in); return sOK; }",visit repo url,src/filters/load_text.c,https://github.com/gpac/gpac,243792975794261,1 2006,CWE-125,"static void vgacon_scrollback_update(struct vc_data *c, int t, int count) { void *p; if (!vgacon_scrollback_cur->data || !vgacon_scrollback_cur->size || c->vc_num != fg_console) return; p = (void *) (c->vc_origin + t * c->vc_size_row); while (count--) { if ((vgacon_scrollback_cur->tail + c->vc_size_row) > vgacon_scrollback_cur->size) vgacon_scrollback_cur->tail = 0; scr_memcpyw(vgacon_scrollback_cur->data + vgacon_scrollback_cur->tail, p, c->vc_size_row); vgacon_scrollback_cur->cnt++; p += c->vc_size_row; vgacon_scrollback_cur->tail += c->vc_size_row; if (vgacon_scrollback_cur->tail >= vgacon_scrollback_cur->size) vgacon_scrollback_cur->tail = 0; if (vgacon_scrollback_cur->cnt > vgacon_scrollback_cur->rows) vgacon_scrollback_cur->cnt = vgacon_scrollback_cur->rows; vgacon_scrollback_cur->cur = vgacon_scrollback_cur->cnt; } }",visit repo url,drivers/video/console/vgacon.c,https://github.com/torvalds/linux,255756816070375,1 5165,['CWE-20'],"static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) { struct vcpu_vmx *vmx = to_vmx(vcpu); struct kvm_msr_entry *msr; u64 host_tsc; int ret = 0; switch (msr_index) { case MSR_EFER: vmx_load_host_state(vmx); ret = kvm_set_msr_common(vcpu, msr_index, data); break; #ifdef CONFIG_X86_64 case MSR_FS_BASE: vmcs_writel(GUEST_FS_BASE, data); break; case MSR_GS_BASE: vmcs_writel(GUEST_GS_BASE, data); break; #endif case MSR_IA32_SYSENTER_CS: vmcs_write32(GUEST_SYSENTER_CS, data); break; case MSR_IA32_SYSENTER_EIP: vmcs_writel(GUEST_SYSENTER_EIP, data); break; case MSR_IA32_SYSENTER_ESP: vmcs_writel(GUEST_SYSENTER_ESP, data); break; case MSR_IA32_TIME_STAMP_COUNTER: rdtscll(host_tsc); guest_write_tsc(data, host_tsc); break; case MSR_P6_PERFCTR0: case MSR_P6_PERFCTR1: case MSR_P6_EVNTSEL0: case MSR_P6_EVNTSEL1: pr_unimpl(vcpu, ""unimplemented perfctr wrmsr: 0x%x data 0x%llx\n"", msr_index, data); break; case MSR_IA32_CR_PAT: if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) { vmcs_write64(GUEST_IA32_PAT, data); vcpu->arch.pat = data; break; } default: vmx_load_host_state(vmx); msr = find_msr_entry(vmx, msr_index); if (msr) { msr->data = data; break; } ret = kvm_set_msr_common(vcpu, msr_index, data); } return ret; }",linux-2.6,,,42311043724240959835802488087468909600,0 2669,[],"static int sctp_setsockopt_mappedv4(struct sock *sk, char __user *optval, int optlen) { int val; struct sctp_sock *sp = sctp_sk(sk); if (optlen < sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; if (val) sp->v4mapped = 1; else sp->v4mapped = 0; return 0; }",linux-2.6,,,336217891580725730026514037616704014758,0 915,CWE-362,"static inline int ldsem_cmpxchg(long *old, long new, struct ld_semaphore *sem) { long tmp = *old; *old = atomic_long_cmpxchg(&sem->count, *old, new); return *old == tmp; }",visit repo url,drivers/tty/tty_ldsem.c,https://github.com/torvalds/linux,171326608262926,1 2213,['CWE-193'],"int pagecache_write_begin(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned flags, struct page **pagep, void **fsdata) { const struct address_space_operations *aops = mapping->a_ops; if (aops->write_begin) { return aops->write_begin(file, mapping, pos, len, flags, pagep, fsdata); } else { int ret; pgoff_t index = pos >> PAGE_CACHE_SHIFT; unsigned offset = pos & (PAGE_CACHE_SIZE - 1); struct inode *inode = mapping->host; struct page *page; again: page = __grab_cache_page(mapping, index); *pagep = page; if (!page) return -ENOMEM; if (flags & AOP_FLAG_UNINTERRUPTIBLE && !PageUptodate(page)) { ret = aops->readpage(file, page); page_cache_release(page); if (ret) { if (ret == AOP_TRUNCATED_PAGE) goto again; return ret; } goto again; } ret = aops->prepare_write(file, page, offset, offset+len); if (ret) { unlock_page(page); page_cache_release(page); if (pos + len > inode->i_size) vmtruncate(inode, inode->i_size); } return ret; } }",linux-2.6,,,336981911229379235898420402326409150233,0 4961,CWE-125,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 6102,CWE-190,"void eb_map(eb_t p, const uint8_t *msg, int len) { bn_t k; fb_t t0, t1; int i; uint8_t digest[RLC_MD_LEN]; bn_null(k); fb_null(t0); fb_null(t1); RLC_TRY { bn_new(k); fb_new(t0); fb_new(t1); md_map(digest, msg, len); bn_read_bin(k, digest, RLC_MIN(RLC_FB_BYTES, RLC_MD_LEN)); fb_set_dig(p->z, 1); i = 0; while (1) { bn_add_dig(k, k, 1); bn_mod_2b(k, k, RLC_FB_BITS); dv_copy(p->x, k->dp, RLC_FB_DIGS); eb_rhs(t1, p); fb_sqr(t0, p->x); fb_inv(t0, t0); fb_mul(t0, t0, t1); if (fb_trc(t0) != 0) { i++; } else { fb_slv(t1, t0); fb_mul(p->y, t1, p->x); fb_set_dig(p->z, 1); p->coord = BASIC; break; } } eb_curve_get_cof(k); if (bn_bits(k) < RLC_DIG) { eb_mul_dig(p, p, k->dp[0]); } else { eb_mul(p, p, k); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(k); fb_free(t0); fb_free(t1); } }",visit repo url,src/eb/relic_eb_map.c,https://github.com/relic-toolkit/relic,75882899606245,1 5682,CWE-416,"gvdb_table_write_contents_async (GHashTable *table, const gchar *filename, gboolean byteswap, GCancellable *cancellable, GAsyncReadyCallback callback, gpointer user_data) { struct gvdb_pointer root; FileBuilder *fb; WriteContentsData *data; GString *str; GBytes *bytes; GFile *file; GTask *task; g_return_if_fail (table != NULL); g_return_if_fail (filename != NULL); g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); fb = file_builder_new (byteswap); file_builder_add_hash (fb, table, &root); str = file_builder_serialise (fb, root); bytes = g_string_free_to_bytes (str); file_builder_free (fb); file = g_file_new_for_path (filename); data = write_contents_data_new (bytes, file); task = g_task_new (NULL, cancellable, callback, user_data); g_task_set_task_data (task, data, (GDestroyNotify)write_contents_data_free); g_task_set_source_tag (task, gvdb_table_write_contents_async); g_file_replace_contents_async (file, str->str, str->len, NULL, FALSE, G_FILE_CREATE_PRIVATE | G_FILE_CREATE_REPLACE_DESTINATION, cancellable, replace_contents_cb, g_steal_pointer (&task)); g_bytes_unref (bytes); g_object_unref (file); }",visit repo url,gvdb-builder.c,https://github.com/GNOME/gvdb,111779744566039,1 6175,CWE-190,"void ep4_read_bin(ep4_t a, const uint8_t *bin, int len) { if (len == 1) { if (bin[0] == 0) { ep4_set_infty(a); return; } else { RLC_THROW(ERR_NO_BUFFER); return; } } if (len != (8 * RLC_FP_BYTES + 1)) { RLC_THROW(ERR_NO_BUFFER); return; } a->coord = BASIC; fp4_set_dig(a->z, 1); fp4_read_bin(a->x, bin + 1, 4 * RLC_FP_BYTES); if (len == 8 * RLC_FP_BYTES + 1) { if (bin[0] == 4) { fp4_read_bin(a->y, bin + 4 * RLC_FP_BYTES + 1, 4 * RLC_FP_BYTES); } else { RLC_THROW(ERR_NO_VALID); return; } } if (!ep4_on_curve(a)) { RLC_THROW(ERR_NO_VALID); } }",visit repo url,src/epx/relic_ep4_util.c,https://github.com/relic-toolkit/relic,187707054008499,1 2370,CWE-476,"int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *codec, AVDictionary **options) { int ret = 0; int codec_init_ok = 0; AVDictionary *tmp = NULL; const AVPixFmtDescriptor *pixdesc; if (avcodec_is_open(avctx)) return 0; if ((!codec && !avctx->codec)) { av_log(avctx, AV_LOG_ERROR, ""No codec provided to avcodec_open2()\n""); return AVERROR(EINVAL); } if ((codec && avctx->codec && codec != avctx->codec)) { av_log(avctx, AV_LOG_ERROR, ""This AVCodecContext was allocated for %s, "" ""but %s passed to avcodec_open2()\n"", avctx->codec->name, codec->name); return AVERROR(EINVAL); } if (!codec) codec = avctx->codec; if (avctx->extradata_size < 0 || avctx->extradata_size >= FF_MAX_EXTRADATA_SIZE) return AVERROR(EINVAL); if (options) av_dict_copy(&tmp, *options, 0); ff_lock_avcodec(avctx, codec); avctx->internal = av_mallocz(sizeof(*avctx->internal)); if (!avctx->internal) { ret = AVERROR(ENOMEM); goto end; } avctx->internal->pool = av_mallocz(sizeof(*avctx->internal->pool)); if (!avctx->internal->pool) { ret = AVERROR(ENOMEM); goto free_and_end; } avctx->internal->to_free = av_frame_alloc(); if (!avctx->internal->to_free) { ret = AVERROR(ENOMEM); goto free_and_end; } avctx->internal->compat_decode_frame = av_frame_alloc(); if (!avctx->internal->compat_decode_frame) { ret = AVERROR(ENOMEM); goto free_and_end; } avctx->internal->buffer_frame = av_frame_alloc(); if (!avctx->internal->buffer_frame) { ret = AVERROR(ENOMEM); goto free_and_end; } avctx->internal->buffer_pkt = av_packet_alloc(); if (!avctx->internal->buffer_pkt) { ret = AVERROR(ENOMEM); goto free_and_end; } avctx->internal->ds.in_pkt = av_packet_alloc(); if (!avctx->internal->ds.in_pkt) { ret = AVERROR(ENOMEM); goto free_and_end; } avctx->internal->last_pkt_props = av_packet_alloc(); if (!avctx->internal->last_pkt_props) { ret = AVERROR(ENOMEM); goto free_and_end; } avctx->internal->skip_samples_multiplier = 1; if (codec->priv_data_size > 0) { if (!avctx->priv_data) { avctx->priv_data = av_mallocz(codec->priv_data_size); if (!avctx->priv_data) { ret = AVERROR(ENOMEM); goto end; } if (codec->priv_class) { *(const AVClass **)avctx->priv_data = codec->priv_class; av_opt_set_defaults(avctx->priv_data); } } if (codec->priv_class && (ret = av_opt_set_dict(avctx->priv_data, &tmp)) < 0) goto free_and_end; } else { avctx->priv_data = NULL; } if ((ret = av_opt_set_dict(avctx, &tmp)) < 0) goto free_and_end; if (avctx->codec_whitelist && av_match_list(codec->name, avctx->codec_whitelist, ',') <= 0) { av_log(avctx, AV_LOG_ERROR, ""Codec (%s) not on whitelist \'%s\'\n"", codec->name, avctx->codec_whitelist); ret = AVERROR(EINVAL); goto free_and_end; } if (!(avctx->coded_width && avctx->coded_height && avctx->width && avctx->height && (avctx->codec_id == AV_CODEC_ID_H264 || avctx->codec_id == AV_CODEC_ID_VP6F || avctx->codec_id == AV_CODEC_ID_DXV))) { if (avctx->coded_width && avctx->coded_height) ret = ff_set_dimensions(avctx, avctx->coded_width, avctx->coded_height); else if (avctx->width && avctx->height) ret = ff_set_dimensions(avctx, avctx->width, avctx->height); if (ret < 0) goto free_and_end; } if ((avctx->coded_width || avctx->coded_height || avctx->width || avctx->height) && ( av_image_check_size2(avctx->coded_width, avctx->coded_height, avctx->max_pixels, AV_PIX_FMT_NONE, 0, avctx) < 0 || av_image_check_size2(avctx->width, avctx->height, avctx->max_pixels, AV_PIX_FMT_NONE, 0, avctx) < 0)) { av_log(avctx, AV_LOG_WARNING, ""Ignoring invalid width/height values\n""); ff_set_dimensions(avctx, 0, 0); } if (avctx->width > 0 && avctx->height > 0) { if (av_image_check_sar(avctx->width, avctx->height, avctx->sample_aspect_ratio) < 0) { av_log(avctx, AV_LOG_WARNING, ""ignoring invalid SAR: %u/%u\n"", avctx->sample_aspect_ratio.num, avctx->sample_aspect_ratio.den); avctx->sample_aspect_ratio = (AVRational){ 0, 1 }; } } if (av_codec_is_decoder(codec)) av_freep(&avctx->subtitle_header); if (avctx->channels > FF_SANE_NB_CHANNELS) { av_log(avctx, AV_LOG_ERROR, ""Too many channels: %d\n"", avctx->channels); ret = AVERROR(EINVAL); goto free_and_end; } avctx->codec = codec; if ((avctx->codec_type == AVMEDIA_TYPE_UNKNOWN || avctx->codec_type == codec->type) && avctx->codec_id == AV_CODEC_ID_NONE) { avctx->codec_type = codec->type; avctx->codec_id = codec->id; } if (avctx->codec_id != codec->id || (avctx->codec_type != codec->type && avctx->codec_type != AVMEDIA_TYPE_ATTACHMENT)) { av_log(avctx, AV_LOG_ERROR, ""Codec type or id mismatches\n""); ret = AVERROR(EINVAL); goto free_and_end; } avctx->frame_number = 0; avctx->codec_descriptor = avcodec_descriptor_get(avctx->codec_id); if ((avctx->codec->capabilities & AV_CODEC_CAP_EXPERIMENTAL) && avctx->strict_std_compliance > FF_COMPLIANCE_EXPERIMENTAL) { const char *codec_string = av_codec_is_encoder(codec) ? ""encoder"" : ""decoder""; AVCodec *codec2; av_log(avctx, AV_LOG_ERROR, ""The %s '%s' is experimental but experimental codecs are not enabled, "" ""add '-strict %d' if you want to use it.\n"", codec_string, codec->name, FF_COMPLIANCE_EXPERIMENTAL); codec2 = av_codec_is_encoder(codec) ? avcodec_find_encoder(codec->id) : avcodec_find_decoder(codec->id); if (!(codec2->capabilities & AV_CODEC_CAP_EXPERIMENTAL)) av_log(avctx, AV_LOG_ERROR, ""Alternatively use the non experimental %s '%s'.\n"", codec_string, codec2->name); ret = AVERROR_EXPERIMENTAL; goto free_and_end; } if (avctx->codec_type == AVMEDIA_TYPE_AUDIO && (!avctx->time_base.num || !avctx->time_base.den)) { avctx->time_base.num = 1; avctx->time_base.den = avctx->sample_rate; } if (!HAVE_THREADS) av_log(avctx, AV_LOG_WARNING, ""Warning: not compiled with thread support, using thread emulation\n""); if (CONFIG_FRAME_THREAD_ENCODER && av_codec_is_encoder(avctx->codec)) { ff_unlock_avcodec(codec); ret = ff_frame_thread_encoder_init(avctx, options ? *options : NULL); ff_lock_avcodec(avctx, codec); if (ret < 0) goto free_and_end; } if (av_codec_is_decoder(avctx->codec)) { ret = ff_decode_bsfs_init(avctx); if (ret < 0) goto free_and_end; } if (HAVE_THREADS && !(avctx->internal->frame_thread_encoder && (avctx->active_thread_type&FF_THREAD_FRAME))) { ret = ff_thread_init(avctx); if (ret < 0) { goto free_and_end; } } if (!HAVE_THREADS && !(codec->capabilities & AV_CODEC_CAP_AUTO_THREADS)) avctx->thread_count = 1; if (avctx->codec->max_lowres < avctx->lowres || avctx->lowres < 0) { av_log(avctx, AV_LOG_WARNING, ""The maximum value for lowres supported by the decoder is %d\n"", avctx->codec->max_lowres); avctx->lowres = avctx->codec->max_lowres; } if (av_codec_is_encoder(avctx->codec)) { int i; #if FF_API_CODED_FRAME FF_DISABLE_DEPRECATION_WARNINGS avctx->coded_frame = av_frame_alloc(); if (!avctx->coded_frame) { ret = AVERROR(ENOMEM); goto free_and_end; } FF_ENABLE_DEPRECATION_WARNINGS #endif if (avctx->time_base.num <= 0 || avctx->time_base.den <= 0) { av_log(avctx, AV_LOG_ERROR, ""The encoder timebase is not set.\n""); ret = AVERROR(EINVAL); goto free_and_end; } if (avctx->codec->sample_fmts) { for (i = 0; avctx->codec->sample_fmts[i] != AV_SAMPLE_FMT_NONE; i++) { if (avctx->sample_fmt == avctx->codec->sample_fmts[i]) break; if (avctx->channels == 1 && av_get_planar_sample_fmt(avctx->sample_fmt) == av_get_planar_sample_fmt(avctx->codec->sample_fmts[i])) { avctx->sample_fmt = avctx->codec->sample_fmts[i]; break; } } if (avctx->codec->sample_fmts[i] == AV_SAMPLE_FMT_NONE) { char buf[128]; snprintf(buf, sizeof(buf), ""%d"", avctx->sample_fmt); av_log(avctx, AV_LOG_ERROR, ""Specified sample format %s is invalid or not supported\n"", (char *)av_x_if_null(av_get_sample_fmt_name(avctx->sample_fmt), buf)); ret = AVERROR(EINVAL); goto free_and_end; } } if (avctx->codec->pix_fmts) { for (i = 0; avctx->codec->pix_fmts[i] != AV_PIX_FMT_NONE; i++) if (avctx->pix_fmt == avctx->codec->pix_fmts[i]) break; if (avctx->codec->pix_fmts[i] == AV_PIX_FMT_NONE && !((avctx->codec_id == AV_CODEC_ID_MJPEG || avctx->codec_id == AV_CODEC_ID_LJPEG) && avctx->strict_std_compliance <= FF_COMPLIANCE_UNOFFICIAL)) { char buf[128]; snprintf(buf, sizeof(buf), ""%d"", avctx->pix_fmt); av_log(avctx, AV_LOG_ERROR, ""Specified pixel format %s is invalid or not supported\n"", (char *)av_x_if_null(av_get_pix_fmt_name(avctx->pix_fmt), buf)); ret = AVERROR(EINVAL); goto free_and_end; } if (avctx->codec->pix_fmts[i] == AV_PIX_FMT_YUVJ420P || avctx->codec->pix_fmts[i] == AV_PIX_FMT_YUVJ411P || avctx->codec->pix_fmts[i] == AV_PIX_FMT_YUVJ422P || avctx->codec->pix_fmts[i] == AV_PIX_FMT_YUVJ440P || avctx->codec->pix_fmts[i] == AV_PIX_FMT_YUVJ444P) avctx->color_range = AVCOL_RANGE_JPEG; } if (avctx->codec->supported_samplerates) { for (i = 0; avctx->codec->supported_samplerates[i] != 0; i++) if (avctx->sample_rate == avctx->codec->supported_samplerates[i]) break; if (avctx->codec->supported_samplerates[i] == 0) { av_log(avctx, AV_LOG_ERROR, ""Specified sample rate %d is not supported\n"", avctx->sample_rate); ret = AVERROR(EINVAL); goto free_and_end; } } if (avctx->sample_rate < 0) { av_log(avctx, AV_LOG_ERROR, ""Specified sample rate %d is not supported\n"", avctx->sample_rate); ret = AVERROR(EINVAL); goto free_and_end; } if (avctx->codec->channel_layouts) { if (!avctx->channel_layout) { av_log(avctx, AV_LOG_WARNING, ""Channel layout not specified\n""); } else { for (i = 0; avctx->codec->channel_layouts[i] != 0; i++) if (avctx->channel_layout == avctx->codec->channel_layouts[i]) break; if (avctx->codec->channel_layouts[i] == 0) { char buf[512]; av_get_channel_layout_string(buf, sizeof(buf), -1, avctx->channel_layout); av_log(avctx, AV_LOG_ERROR, ""Specified channel layout '%s' is not supported\n"", buf); ret = AVERROR(EINVAL); goto free_and_end; } } } if (avctx->channel_layout && avctx->channels) { int channels = av_get_channel_layout_nb_channels(avctx->channel_layout); if (channels != avctx->channels) { char buf[512]; av_get_channel_layout_string(buf, sizeof(buf), -1, avctx->channel_layout); av_log(avctx, AV_LOG_ERROR, ""Channel layout '%s' with %d channels does not match number of specified channels %d\n"", buf, channels, avctx->channels); ret = AVERROR(EINVAL); goto free_and_end; } } else if (avctx->channel_layout) { avctx->channels = av_get_channel_layout_nb_channels(avctx->channel_layout); } if (avctx->channels < 0) { av_log(avctx, AV_LOG_ERROR, ""Specified number of channels %d is not supported\n"", avctx->channels); ret = AVERROR(EINVAL); goto free_and_end; } if(avctx->codec_type == AVMEDIA_TYPE_VIDEO) { pixdesc = av_pix_fmt_desc_get(avctx->pix_fmt); if ( avctx->bits_per_raw_sample < 0 || (avctx->bits_per_raw_sample > 8 && pixdesc->comp[0].depth <= 8)) { av_log(avctx, AV_LOG_WARNING, ""Specified bit depth %d not possible with the specified pixel formats depth %d\n"", avctx->bits_per_raw_sample, pixdesc->comp[0].depth); avctx->bits_per_raw_sample = pixdesc->comp[0].depth; } if (avctx->width <= 0 || avctx->height <= 0) { av_log(avctx, AV_LOG_ERROR, ""dimensions not set\n""); ret = AVERROR(EINVAL); goto free_and_end; } } if ( (avctx->codec_type == AVMEDIA_TYPE_VIDEO || avctx->codec_type == AVMEDIA_TYPE_AUDIO) && avctx->bit_rate>0 && avctx->bit_rate<1000) { av_log(avctx, AV_LOG_WARNING, ""Bitrate %""PRId64"" is extremely low, maybe you mean %""PRId64""k\n"", avctx->bit_rate, avctx->bit_rate); } if (!avctx->rc_initial_buffer_occupancy) avctx->rc_initial_buffer_occupancy = avctx->rc_buffer_size * 3LL / 4; if (avctx->ticks_per_frame && avctx->time_base.num && avctx->ticks_per_frame > INT_MAX / avctx->time_base.num) { av_log(avctx, AV_LOG_ERROR, ""ticks_per_frame %d too large for the timebase %d/%d."", avctx->ticks_per_frame, avctx->time_base.num, avctx->time_base.den); goto free_and_end; } if (avctx->hw_frames_ctx) { AVHWFramesContext *frames_ctx = (AVHWFramesContext*)avctx->hw_frames_ctx->data; if (frames_ctx->format != avctx->pix_fmt) { av_log(avctx, AV_LOG_ERROR, ""Mismatching AVCodecContext.pix_fmt and AVHWFramesContext.format\n""); ret = AVERROR(EINVAL); goto free_and_end; } if (avctx->sw_pix_fmt != AV_PIX_FMT_NONE && avctx->sw_pix_fmt != frames_ctx->sw_format) { av_log(avctx, AV_LOG_ERROR, ""Mismatching AVCodecContext.sw_pix_fmt (%s) "" ""and AVHWFramesContext.sw_format (%s)\n"", av_get_pix_fmt_name(avctx->sw_pix_fmt), av_get_pix_fmt_name(frames_ctx->sw_format)); ret = AVERROR(EINVAL); goto free_and_end; } avctx->sw_pix_fmt = frames_ctx->sw_format; } } avctx->pts_correction_num_faulty_pts = avctx->pts_correction_num_faulty_dts = 0; avctx->pts_correction_last_pts = avctx->pts_correction_last_dts = INT64_MIN; if ( !CONFIG_GRAY && avctx->flags & AV_CODEC_FLAG_GRAY && avctx->codec_descriptor->type == AVMEDIA_TYPE_VIDEO) av_log(avctx, AV_LOG_WARNING, ""gray decoding requested but not enabled at configuration time\n""); if ( avctx->codec->init && (!(avctx->active_thread_type&FF_THREAD_FRAME) || avctx->internal->frame_thread_encoder)) { ret = avctx->codec->init(avctx); if (ret < 0) { goto free_and_end; } codec_init_ok = 1; } ret=0; if (av_codec_is_decoder(avctx->codec)) { if (!avctx->bit_rate) avctx->bit_rate = get_bit_rate(avctx); if (avctx->channel_layout) { int channels = av_get_channel_layout_nb_channels(avctx->channel_layout); if (!avctx->channels) avctx->channels = channels; else if (channels != avctx->channels) { char buf[512]; av_get_channel_layout_string(buf, sizeof(buf), -1, avctx->channel_layout); av_log(avctx, AV_LOG_WARNING, ""Channel layout '%s' with %d channels does not match specified number of channels %d: "" ""ignoring specified channel layout\n"", buf, channels, avctx->channels); avctx->channel_layout = 0; } } if (avctx->channels && avctx->channels < 0 || avctx->channels > FF_SANE_NB_CHANNELS) { ret = AVERROR(EINVAL); goto free_and_end; } if (avctx->bits_per_coded_sample < 0) { ret = AVERROR(EINVAL); goto free_and_end; } if (avctx->sub_charenc) { if (avctx->codec_type != AVMEDIA_TYPE_SUBTITLE) { av_log(avctx, AV_LOG_ERROR, ""Character encoding is only "" ""supported with subtitles codecs\n""); ret = AVERROR(EINVAL); goto free_and_end; } else if (avctx->codec_descriptor->props & AV_CODEC_PROP_BITMAP_SUB) { av_log(avctx, AV_LOG_WARNING, ""Codec '%s' is bitmap-based, "" ""subtitles character encoding will be ignored\n"", avctx->codec_descriptor->name); avctx->sub_charenc_mode = FF_SUB_CHARENC_MODE_DO_NOTHING; } else { if (avctx->sub_charenc_mode == FF_SUB_CHARENC_MODE_AUTOMATIC) avctx->sub_charenc_mode = FF_SUB_CHARENC_MODE_PRE_DECODER; if (avctx->sub_charenc_mode == FF_SUB_CHARENC_MODE_PRE_DECODER) { #if CONFIG_ICONV iconv_t cd = iconv_open(""UTF-8"", avctx->sub_charenc); if (cd == (iconv_t)-1) { ret = AVERROR(errno); av_log(avctx, AV_LOG_ERROR, ""Unable to open iconv context "" ""with input character encoding \""%s\""\n"", avctx->sub_charenc); goto free_and_end; } iconv_close(cd); #else av_log(avctx, AV_LOG_ERROR, ""Character encoding subtitles "" ""conversion needs a libavcodec built with iconv support "" ""for this codec\n""); ret = AVERROR(ENOSYS); goto free_and_end; #endif } } } #if FF_API_AVCTX_TIMEBASE if (avctx->framerate.num > 0 && avctx->framerate.den > 0) avctx->time_base = av_inv_q(av_mul_q(avctx->framerate, (AVRational){avctx->ticks_per_frame, 1})); #endif } if (codec->priv_data_size > 0 && avctx->priv_data && codec->priv_class) { av_assert0(*(const AVClass **)avctx->priv_data == codec->priv_class); } end: ff_unlock_avcodec(codec); if (options) { av_dict_free(options); *options = tmp; } return ret; free_and_end: if (avctx->codec && (codec_init_ok || (avctx->codec->caps_internal & FF_CODEC_CAP_INIT_CLEANUP))) avctx->codec->close(avctx); if (codec->priv_class && codec->priv_data_size) av_opt_free(avctx->priv_data); av_opt_free(avctx); #if FF_API_CODED_FRAME FF_DISABLE_DEPRECATION_WARNINGS av_frame_free(&avctx->coded_frame); FF_ENABLE_DEPRECATION_WARNINGS #endif av_dict_free(&tmp); av_freep(&avctx->priv_data); if (avctx->internal) { av_frame_free(&avctx->internal->to_free); av_frame_free(&avctx->internal->compat_decode_frame); av_frame_free(&avctx->internal->buffer_frame); av_packet_free(&avctx->internal->buffer_pkt); av_packet_free(&avctx->internal->last_pkt_props); av_packet_free(&avctx->internal->ds.in_pkt); ff_decode_bsfs_uninit(avctx); av_freep(&avctx->internal->pool); } av_freep(&avctx->internal); avctx->codec = NULL; goto end; }",visit repo url,libavcodec/utils.c,https://github.com/FFmpeg/FFmpeg,248193467076733,1 1642,[],"static void enqueue_task(struct rq *rq, struct task_struct *p, int wakeup) { sched_info_queued(p); p->sched_class->enqueue_task(rq, p, wakeup); p->se.on_rq = 1; }",linux-2.6,,,324146011134268625740189602376624712693,0 3624,[],"static int rtc_dev_release(struct inode *inode, struct file *file) { struct rtc_device *rtc = file->private_data; #ifdef CONFIG_RTC_INTF_DEV_UIE_EMUL clear_uie(rtc); #endif rtc_irq_set_state(rtc, NULL, 0); if (rtc->ops->release) rtc->ops->release(rtc->dev.parent); if (file->f_flags & FASYNC) rtc_dev_fasync(-1, file, 0); clear_bit_unlock(RTC_DEV_BUSY, &rtc->flags); return 0; }",linux-2.6,,,89520339262543898175235715858236298808,0 2666,CWE-190,"SPL_METHOD(SplFileObject, setMaxLineLen) { long max_len; spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""l"", &max_len) == FAILURE) { return; } if (max_len < 0) { zend_throw_exception_ex(spl_ce_DomainException, 0 TSRMLS_CC, ""Maximum line length must be greater than or equal zero""); return; } intern->u.file.max_line_len = max_len; } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,130942810201124,1 5999,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedreader_20BufferedSocketReader_4__reduce_cython__(struct __pyx_obj_17clickhouse_driver_14bufferedreader_BufferedSocketReader *__pyx_v_self) { PyObject *__pyx_v_state = 0; PyObject *__pyx_v__dict = 0; int __pyx_v_use_setstate; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; int __pyx_t_4; int __pyx_t_5; int __pyx_t_6; __Pyx_RefNannySetupContext(""__reduce_cython__"", 0); __pyx_t_1 = PyInt_FromSsize_t(__pyx_v_self->__pyx_base.current_buffer_size); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = PyInt_FromSsize_t(__pyx_v_self->__pyx_base.position); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = PyTuple_New(4); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_INCREF(__pyx_v_self->__pyx_base.buffer); __Pyx_GIVEREF(__pyx_v_self->__pyx_base.buffer); PyTuple_SET_ITEM(__pyx_t_3, 0, __pyx_v_self->__pyx_base.buffer); __Pyx_GIVEREF(__pyx_t_1); PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_t_1); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_3, 2, __pyx_t_2); __Pyx_INCREF(__pyx_v_self->sock); __Pyx_GIVEREF(__pyx_v_self->sock); PyTuple_SET_ITEM(__pyx_t_3, 3, __pyx_v_self->sock); __pyx_t_1 = 0; __pyx_t_2 = 0; __pyx_v_state = ((PyObject*)__pyx_t_3); __pyx_t_3 = 0; __pyx_t_3 = __Pyx_GetAttr3(((PyObject *)__pyx_v_self), __pyx_n_s_dict, Py_None); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_v__dict = __pyx_t_3; __pyx_t_3 = 0; __pyx_t_4 = (__pyx_v__dict != Py_None); __pyx_t_5 = (__pyx_t_4 != 0); if (__pyx_t_5) { __pyx_t_3 = PyTuple_New(1); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_INCREF(__pyx_v__dict); __Pyx_GIVEREF(__pyx_v__dict); PyTuple_SET_ITEM(__pyx_t_3, 0, __pyx_v__dict); __pyx_t_2 = PyNumber_InPlaceAdd(__pyx_v_state, __pyx_t_3); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF_SET(__pyx_v_state, ((PyObject*)__pyx_t_2)); __pyx_t_2 = 0; __pyx_v_use_setstate = 1; goto __pyx_L3; } { __pyx_t_4 = (__pyx_v_self->__pyx_base.buffer != ((PyObject*)Py_None)); __pyx_t_6 = (__pyx_t_4 != 0); if (!__pyx_t_6) { } else { __pyx_t_5 = __pyx_t_6; goto __pyx_L4_bool_binop_done; } __pyx_t_6 = (__pyx_v_self->sock != Py_None); __pyx_t_4 = (__pyx_t_6 != 0); __pyx_t_5 = __pyx_t_4; __pyx_L4_bool_binop_done:; __pyx_v_use_setstate = __pyx_t_5; } __pyx_L3:; __pyx_t_5 = (__pyx_v_use_setstate != 0); if (__pyx_t_5) { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_pyx_unpickle_BufferedSocketRea); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = PyTuple_New(3); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_3, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_251251440); __Pyx_GIVEREF(__pyx_int_251251440); PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_int_251251440); __Pyx_INCREF(Py_None); __Pyx_GIVEREF(Py_None); PyTuple_SET_ITEM(__pyx_t_3, 2, Py_None); __pyx_t_1 = PyTuple_New(3); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_1, 1, __pyx_t_3); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_1, 2, __pyx_v_state); __pyx_t_2 = 0; __pyx_t_3 = 0; __pyx_r = __pyx_t_1; __pyx_t_1 = 0; goto __pyx_L0; } { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_pyx_unpickle_BufferedSocketRea); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_3 = PyTuple_New(3); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_3, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_251251440); __Pyx_GIVEREF(__pyx_int_251251440); PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_int_251251440); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_3, 2, __pyx_v_state); __pyx_t_2 = PyTuple_New(2); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_GIVEREF(__pyx_t_1); PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_t_3); __pyx_t_1 = 0; __pyx_t_3 = 0; __pyx_r = __pyx_t_2; __pyx_t_2 = 0; goto __pyx_L0; } __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.BufferedSocketReader.__reduce_cython__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XDECREF(__pyx_v_state); __Pyx_XDECREF(__pyx_v__dict); __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,6055139454216,1 4910,CWE-94,"char *url_decode_r(char *to, char *url, size_t size) { char *s = url, *d = to, *e = &to[size - 1]; while(*s && d < e) { if(unlikely(*s == '%')) { if(likely(s[1] && s[2])) { *d++ = from_hex(s[1]) << 4 | from_hex(s[2]); s += 2; } } else if(unlikely(*s == '+')) *d++ = ' '; else *d++ = *s; s++; } *d = '\0'; return to; }",visit repo url,libnetdata/url/url.c,https://github.com/netdata/netdata,126743033781353,1 3412,CWE-119,"char *strdup(const char *s1) { char *s2 = 0; if (s1) { s2 = malloc(strlen(s1) + 1); strcpy(s2, s1); } return s2; }",visit repo url,compat/nedmalloc/nedmalloc.c,https://github.com/git/git,223249677190193,1 5001,['CWE-346'],"struct udev_device *udev_monitor_receive_device(struct udev_monitor *udev_monitor) { struct udev_device *udev_device; struct msghdr smsg; struct iovec iov; char cred_msg[CMSG_SPACE(sizeof(struct ucred))]; struct cmsghdr *cmsg; struct sockaddr_nl snl; struct ucred *cred; char buf[4096]; size_t bufpos; int devpath_set = 0; int subsystem_set = 0; int action_set = 0; int maj = 0; int min = 0; if (udev_monitor == NULL) return NULL; memset(buf, 0x00, sizeof(buf)); iov.iov_base = &buf; iov.iov_len = sizeof(buf); memset (&smsg, 0x00, sizeof(struct msghdr)); smsg.msg_iov = &iov; smsg.msg_iovlen = 1; smsg.msg_control = cred_msg; smsg.msg_controllen = sizeof(cred_msg); if (udev_monitor->snl.nl_family != 0) { smsg.msg_name = &snl; smsg.msg_namelen = sizeof snl; } if (recvmsg(udev_monitor->sock, &smsg, 0) < 0) { if (errno != EINTR) info(udev_monitor->udev, ""unable to receive message\n""); return NULL; } if (udev_monitor->snl.nl_family != 0) { if (snl.nl_groups == 0) { info(udev_monitor->udev, ""unicast netlink message ignored\n""); return NULL; } if ((snl.nl_groups == UDEV_MONITOR_KERNEL) && (snl.nl_pid > 0)) { info(udev_monitor->udev, ""multicast kernel netlink message from pid %d ignored\n"", snl.nl_pid); return NULL; } } cmsg = CMSG_FIRSTHDR(&smsg); if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) { info(udev_monitor->udev, ""no sender credentials received, message ignored\n""); return NULL; } cred = (struct ucred *)CMSG_DATA(cmsg); if (cred->uid != 0) { info(udev_monitor->udev, ""sender uid=%d, message ignored\n"", cred->uid); return NULL; } bufpos = strlen(buf) + 1; if (bufpos < sizeof(""a@/d"") || bufpos >= sizeof(buf)) { info(udev_monitor->udev, ""invalid message length\n""); return NULL; } if (strstr(buf, ""@/"") == NULL) { info(udev_monitor->udev, ""unrecognized message header\n""); return NULL; } udev_device = device_new(udev_monitor->udev); if (udev_device == NULL) { return NULL; } while (bufpos < sizeof(buf)) { char *key; size_t keylen; key = &buf[bufpos]; keylen = strlen(key); if (keylen == 0) break; bufpos += keylen + 1; if (strncmp(key, ""DEVPATH="", 8) == 0) { char path[UTIL_PATH_SIZE]; util_strlcpy(path, udev_get_sys_path(udev_monitor->udev), sizeof(path)); util_strlcat(path, &key[8], sizeof(path)); udev_device_set_syspath(udev_device, path); devpath_set = 1; } else if (strncmp(key, ""SUBSYSTEM="", 10) == 0) { udev_device_set_subsystem(udev_device, &key[10]); subsystem_set = 1; } else if (strncmp(key, ""DEVTYPE="", 8) == 0) { udev_device_set_devtype(udev_device, &key[8]); } else if (strncmp(key, ""DEVNAME="", 8) == 0) { udev_device_set_devnode(udev_device, &key[8]); } else if (strncmp(key, ""DEVLINKS="", 9) == 0) { char devlinks[UTIL_PATH_SIZE]; char *slink; char *next; util_strlcpy(devlinks, &key[9], sizeof(devlinks)); slink = devlinks; next = strchr(slink, ' '); while (next != NULL) { next[0] = '\0'; udev_device_add_devlink(udev_device, slink); slink = &next[1]; next = strchr(slink, ' '); } if (slink[0] != '\0') udev_device_add_devlink(udev_device, slink); } else if (strncmp(key, ""DRIVER="", 7) == 0) { udev_device_set_driver(udev_device, &key[7]); } else if (strncmp(key, ""ACTION="", 7) == 0) { udev_device_set_action(udev_device, &key[7]); action_set = 1; } else if (strncmp(key, ""MAJOR="", 6) == 0) { maj = strtoull(&key[6], NULL, 10); } else if (strncmp(key, ""MINOR="", 6) == 0) { min = strtoull(&key[6], NULL, 10); } else if (strncmp(key, ""DEVPATH_OLD="", 12) == 0) { udev_device_set_devpath_old(udev_device, &key[12]); } else if (strncmp(key, ""PHYSDEVPATH="", 12) == 0) { udev_device_set_physdevpath(udev_device, &key[12]); } else if (strncmp(key, ""SEQNUM="", 7) == 0) { udev_device_set_seqnum(udev_device, strtoull(&key[7], NULL, 10)); } else if (strncmp(key, ""TIMEOUT="", 8) == 0) { udev_device_set_timeout(udev_device, strtoull(&key[8], NULL, 10)); } else if (strncmp(key, ""PHYSDEV"", 7) == 0) { continue; } else { udev_device_add_property_from_string(udev_device, key); } } if (!devpath_set || !subsystem_set || !action_set) { info(udev_monitor->udev, ""missing values, skip\n""); udev_device_unref(udev_device); return NULL; } if (maj > 0) udev_device_set_devnum(udev_device, makedev(maj, min)); udev_device_set_info_loaded(udev_device); return udev_device; }",udev,,,151728784927418776760472861345187553860,0 3285,['CWE-189'],"static long jas_iccpowi(int x, int n) { long y; y = 1; while (--n >= 0) y *= x; return y; }",jasper,,,116964088625623018042951851189438552815,0 4886,['CWE-399'],"static inline void highlight(const int s, const int e) { invert_screen(sel_cons, s, e-s+2, 1); }",linux-2.6,,,264097763409958506480073396389684804510,0 2154,['CWE-400'],"static int shmem_unuse_inode(struct shmem_inode_info *info, swp_entry_t entry, struct page *page) { struct inode *inode; unsigned long idx; unsigned long size; unsigned long limit; unsigned long stage; struct page **dir; struct page *subdir; swp_entry_t *ptr; int offset; int error; idx = 0; ptr = info->i_direct; spin_lock(&info->lock); if (!info->swapped) { list_del_init(&info->swaplist); goto lost2; } limit = info->next_index; size = limit; if (size > SHMEM_NR_DIRECT) size = SHMEM_NR_DIRECT; offset = shmem_find_swp(entry, ptr, ptr+size); if (offset >= 0) goto found; if (!info->i_indirect) goto lost2; dir = shmem_dir_map(info->i_indirect); stage = SHMEM_NR_DIRECT + ENTRIES_PER_PAGEPAGE/2; for (idx = SHMEM_NR_DIRECT; idx < limit; idx += ENTRIES_PER_PAGE, dir++) { if (unlikely(idx == stage)) { shmem_dir_unmap(dir-1); if (cond_resched_lock(&info->lock)) { if (limit > info->next_index) { limit = info->next_index; if (idx >= limit) goto lost2; } } dir = shmem_dir_map(info->i_indirect) + ENTRIES_PER_PAGE/2 + idx/ENTRIES_PER_PAGEPAGE; while (!*dir) { dir++; idx += ENTRIES_PER_PAGEPAGE; if (idx >= limit) goto lost1; } stage = idx + ENTRIES_PER_PAGEPAGE; subdir = *dir; shmem_dir_unmap(dir); dir = shmem_dir_map(subdir); } subdir = *dir; if (subdir && page_private(subdir)) { ptr = shmem_swp_map(subdir); size = limit - idx; if (size > ENTRIES_PER_PAGE) size = ENTRIES_PER_PAGE; offset = shmem_find_swp(entry, ptr, ptr+size); shmem_swp_unmap(ptr); if (offset >= 0) { shmem_dir_unmap(dir); goto found; } } } lost1: shmem_dir_unmap(dir-1); lost2: spin_unlock(&info->lock); return 0; found: idx += offset; inode = igrab(&info->vfs_inode); spin_unlock(&info->lock); if (shmem_swaplist.next != &info->swaplist) list_move_tail(&shmem_swaplist, &info->swaplist); mutex_unlock(&shmem_swaplist_mutex); error = 1; if (!inode) goto out; error = mem_cgroup_cache_charge(page, current->mm, GFP_KERNEL); if (error) goto out; error = radix_tree_preload(GFP_KERNEL); if (error) { mem_cgroup_uncharge_cache_page(page); goto out; } error = 1; spin_lock(&info->lock); ptr = shmem_swp_entry(info, idx, NULL); if (ptr && ptr->val == entry.val) { error = add_to_page_cache_locked(page, inode->i_mapping, idx, GFP_NOWAIT); } else mem_cgroup_uncharge_cache_page(page); if (error == -EEXIST) { struct page *filepage = find_get_page(inode->i_mapping, idx); error = 1; if (filepage) { if (PageUptodate(filepage)) error = 0; page_cache_release(filepage); } } if (!error) { delete_from_swap_cache(page); set_page_dirty(page); info->flags |= SHMEM_PAGEIN; shmem_swp_set(info, ptr, 0); swap_free(entry); error = 1; } if (ptr) shmem_swp_unmap(ptr); spin_unlock(&info->lock); radix_tree_preload_end(); out: unlock_page(page); page_cache_release(page); iput(inode); return error; }",linux-2.6,,,322825091881089491103068231843379993266,0 3172,CWE-125,"juniper_atm1_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { int llc_hdrlen; struct juniper_l2info_t l2info; l2info.pictype = DLT_JUNIPER_ATM1; if (juniper_parse_header(ndo, p, h, &l2info) == 0) return l2info.header_len; p+=l2info.header_len; if (l2info.cookie[0] == 0x80) { oam_print(ndo, p, l2info.length, ATM_OAM_NOHEC); return l2info.header_len; } if (EXTRACT_24BITS(p) == 0xfefe03 || EXTRACT_24BITS(p) == 0xaaaa03) { llc_hdrlen = llc_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL); if (llc_hdrlen > 0) return l2info.header_len; } if (p[0] == 0x03) { isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1); return l2info.header_len; } if (ip_heuristic_guess(ndo, p, l2info.length) != 0) return l2info.header_len; return l2info.header_len; }",visit repo url,print-juniper.c,https://github.com/the-tcpdump-group/tcpdump,270149086904661,1 5490,CWE-755,"int sqlite3WindowRewrite(Parse *pParse, Select *p){ int rc = SQLITE_OK; if( p->pWin && p->pPrior==0 && (p->selFlags & SF_WinRewrite)==0 ){ Vdbe *v = sqlite3GetVdbe(pParse); sqlite3 *db = pParse->db; Select *pSub = 0; SrcList *pSrc = p->pSrc; Expr *pWhere = p->pWhere; ExprList *pGroupBy = p->pGroupBy; Expr *pHaving = p->pHaving; ExprList *pSort = 0; ExprList *pSublist = 0; Window *pMWin = p->pWin; Window *pWin; Table *pTab; pTab = sqlite3DbMallocZero(db, sizeof(Table)); if( pTab==0 ){ return SQLITE_NOMEM; } p->pSrc = 0; p->pWhere = 0; p->pGroupBy = 0; p->pHaving = 0; p->selFlags &= ~SF_Aggregate; p->selFlags |= SF_WinRewrite; pSort = sqlite3ExprListDup(db, pMWin->pPartition, 0); pSort = exprListAppendList(pParse, pSort, pMWin->pOrderBy, 1); if( pSort && p->pOrderBy && p->pOrderBy->nExpr<=pSort->nExpr ){ int nSave = pSort->nExpr; pSort->nExpr = p->pOrderBy->nExpr; if( sqlite3ExprListCompare(pSort, p->pOrderBy, -1)==0 ){ sqlite3ExprListDelete(db, p->pOrderBy); p->pOrderBy = 0; } pSort->nExpr = nSave; } pMWin->iEphCsr = pParse->nTab++; pParse->nTab += 3; selectWindowRewriteEList(pParse, pMWin, pSrc, p->pEList, pTab, &pSublist); selectWindowRewriteEList(pParse, pMWin, pSrc, p->pOrderBy, pTab, &pSublist); pMWin->nBufferCol = (pSublist ? pSublist->nExpr : 0); pSublist = exprListAppendList(pParse, pSublist, pMWin->pPartition, 0); pSublist = exprListAppendList(pParse, pSublist, pMWin->pOrderBy, 0); for(pWin=pMWin; pWin; pWin=pWin->pNextWin){ ExprList *pArgs = pWin->pOwner->x.pList; if( pWin->pFunc->funcFlags & SQLITE_FUNC_SUBTYPE ){ selectWindowRewriteEList(pParse, pMWin, pSrc, pArgs, pTab, &pSublist); pWin->iArgCol = (pSublist ? pSublist->nExpr : 0); pWin->bExprArgs = 1; }else{ pWin->iArgCol = (pSublist ? pSublist->nExpr : 0); pSublist = exprListAppendList(pParse, pSublist, pArgs, 0); } if( pWin->pFilter ){ Expr *pFilter = sqlite3ExprDup(db, pWin->pFilter, 0); pSublist = sqlite3ExprListAppend(pParse, pSublist, pFilter); } pWin->regAccum = ++pParse->nMem; pWin->regResult = ++pParse->nMem; sqlite3VdbeAddOp2(v, OP_Null, 0, pWin->regAccum); } if( pSublist==0 ){ pSublist = sqlite3ExprListAppend(pParse, 0, sqlite3Expr(db, TK_INTEGER, ""0"") ); } pSub = sqlite3SelectNew( pParse, pSublist, pSrc, pWhere, pGroupBy, pHaving, pSort, 0, 0 ); p->pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0); if( p->pSrc ){ Table *pTab2; p->pSrc->a[0].pSelect = pSub; sqlite3SrcListAssignCursors(pParse, p->pSrc); pSub->selFlags |= SF_Expanded; pTab2 = sqlite3ResultSetOfSelect(pParse, pSub, SQLITE_AFF_NONE); if( pTab2==0 ){ rc = SQLITE_NOMEM; }else{ memcpy(pTab, pTab2, sizeof(Table)); pTab->tabFlags |= TF_Ephemeral; p->pSrc->a[0].pTab = pTab; pTab = pTab2; } sqlite3VdbeAddOp2(v, OP_OpenEphemeral, pMWin->iEphCsr, pSublist->nExpr); sqlite3VdbeAddOp2(v, OP_OpenDup, pMWin->iEphCsr+1, pMWin->iEphCsr); sqlite3VdbeAddOp2(v, OP_OpenDup, pMWin->iEphCsr+2, pMWin->iEphCsr); sqlite3VdbeAddOp2(v, OP_OpenDup, pMWin->iEphCsr+3, pMWin->iEphCsr); }else{ sqlite3SelectDelete(db, pSub); } if( db->mallocFailed ) rc = SQLITE_NOMEM; sqlite3DbFree(db, pTab); } return rc; }",visit repo url,src/window.c,https://github.com/sqlite/sqlite,110041404088200,1 1611,CWE-416,"static int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct in6_addr *daddr, *final_p, final; struct dst_entry *dst; struct flowi6 fl6; struct ip6_flowlabel *flowlabel = NULL; struct ipv6_txoptions *opt; int addr_type; int err; if (usin->sin6_family == AF_INET) { if (__ipv6_only_sock(sk)) return -EAFNOSUPPORT; err = __ip4_datagram_connect(sk, uaddr, addr_len); goto ipv4_connected; } if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; if (usin->sin6_family != AF_INET6) return -EAFNOSUPPORT; memset(&fl6, 0, sizeof(fl6)); if (np->sndflow) { fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK; if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } } addr_type = ipv6_addr_type(&usin->sin6_addr); if (addr_type == IPV6_ADDR_ANY) { usin->sin6_addr.s6_addr[15] = 0x01; } daddr = &usin->sin6_addr; if (addr_type == IPV6_ADDR_MAPPED) { struct sockaddr_in sin; if (__ipv6_only_sock(sk)) { err = -ENETUNREACH; goto out; } sin.sin_family = AF_INET; sin.sin_addr.s_addr = daddr->s6_addr32[3]; sin.sin_port = usin->sin6_port; err = __ip4_datagram_connect(sk, (struct sockaddr *) &sin, sizeof(sin)); ipv4_connected: if (err) goto out; ipv6_addr_set_v4mapped(inet->inet_daddr, &sk->sk_v6_daddr); if (ipv6_addr_any(&np->saddr) || ipv6_mapped_addr_any(&np->saddr)) ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr); if (ipv6_addr_any(&sk->sk_v6_rcv_saddr) || ipv6_mapped_addr_any(&sk->sk_v6_rcv_saddr)) { ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, &sk->sk_v6_rcv_saddr); if (sk->sk_prot->rehash) sk->sk_prot->rehash(sk); } goto out; } if (__ipv6_addr_needs_scope_id(addr_type)) { if (addr_len >= sizeof(struct sockaddr_in6) && usin->sin6_scope_id) { if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != usin->sin6_scope_id) { err = -EINVAL; goto out; } sk->sk_bound_dev_if = usin->sin6_scope_id; } if (!sk->sk_bound_dev_if && (addr_type & IPV6_ADDR_MULTICAST)) sk->sk_bound_dev_if = np->mcast_oif; if (!sk->sk_bound_dev_if) { err = -EINVAL; goto out; } } sk->sk_v6_daddr = *daddr; np->flow_label = fl6.flowlabel; inet->inet_dport = usin->sin6_port; fl6.flowi6_proto = sk->sk_protocol; fl6.daddr = sk->sk_v6_daddr; fl6.saddr = np->saddr; fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = sk->sk_mark; fl6.fl6_dport = inet->inet_dport; fl6.fl6_sport = inet->inet_sport; if (!fl6.flowi6_oif && (addr_type&IPV6_ADDR_MULTICAST)) fl6.flowi6_oif = np->mcast_oif; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); opt = flowlabel ? flowlabel->opt : np->opt; final_p = fl6_update_dst(&fl6, opt, &final); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); err = 0; if (IS_ERR(dst)) { err = PTR_ERR(dst); goto out; } if (ipv6_addr_any(&np->saddr)) np->saddr = fl6.saddr; if (ipv6_addr_any(&sk->sk_v6_rcv_saddr)) { sk->sk_v6_rcv_saddr = fl6.saddr; inet->inet_rcv_saddr = LOOPBACK4_IPV6; if (sk->sk_prot->rehash) sk->sk_prot->rehash(sk); } ip6_dst_store(sk, dst, ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr) ? &sk->sk_v6_daddr : NULL, #ifdef CONFIG_IPV6_SUBTREES ipv6_addr_equal(&fl6.saddr, &np->saddr) ? &np->saddr : #endif NULL); sk->sk_state = TCP_ESTABLISHED; sk_set_txhash(sk); out: fl6_sock_release(flowlabel); return err; }",visit repo url,net/ipv6/datagram.c,https://github.com/torvalds/linux,39393262186986,1 901,CWE-20,"static int x25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct x25_sock *x25 = x25_sk(sk); struct sockaddr_x25 *sx25 = (struct sockaddr_x25 *)msg->msg_name; size_t copied; int qbit, header_len; struct sk_buff *skb; unsigned char *asmptr; int rc = -ENOTCONN; lock_sock(sk); if (x25->neighbour == NULL) goto out; header_len = x25->neighbour->extended ? X25_EXT_MIN_LEN : X25_STD_MIN_LEN; if (sk->sk_state != TCP_ESTABLISHED) goto out; if (flags & MSG_OOB) { rc = -EINVAL; if (sock_flag(sk, SOCK_URGINLINE) || !skb_peek(&x25->interrupt_in_queue)) goto out; skb = skb_dequeue(&x25->interrupt_in_queue); if (!pskb_may_pull(skb, X25_STD_MIN_LEN)) goto out_free_dgram; skb_pull(skb, X25_STD_MIN_LEN); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = 0x00; } msg->msg_flags |= MSG_OOB; } else { release_sock(sk); skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); lock_sock(sk); if (!skb) goto out; if (!pskb_may_pull(skb, header_len)) goto out_free_dgram; qbit = (skb->data[0] & X25_Q_BIT) == X25_Q_BIT; skb_pull(skb, header_len); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = qbit; } } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } msg->msg_flags |= MSG_EOR; rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (rc) goto out_free_dgram; if (sx25) { sx25->sx25_family = AF_X25; sx25->sx25_addr = x25->dest_addr; } msg->msg_namelen = sizeof(struct sockaddr_x25); x25_check_rbuf(sk); rc = copied; out_free_dgram: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/x25/af_x25.c,https://github.com/torvalds/linux,15718660389662,1 80,['CWE-787'],"static void cirrus_linear_writeb(void *opaque, target_phys_addr_t addr, uint32_t val) { CirrusVGAState *s = (CirrusVGAState *) opaque; unsigned mode; addr &= s->cirrus_addr_mask; if (((s->sr[0x17] & 0x44) == 0x44) && ((addr & s->linear_mmio_mask) == s->linear_mmio_mask)) { cirrus_mmio_blt_write(s, addr & 0xff, val); } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) { *s->cirrus_srcptr++ = (uint8_t) val; if (s->cirrus_srcptr >= s->cirrus_srcptr_end) { cirrus_bitblt_cputovideo_next(s); } } else { if ((s->gr[0x0B] & 0x14) == 0x14) { addr <<= 4; } else if (s->gr[0x0B] & 0x02) { addr <<= 3; } addr &= s->cirrus_addr_mask; mode = s->gr[0x05] & 0x7; if (mode < 4 || mode > 5 || ((s->gr[0x0B] & 0x4) == 0)) { *(s->vram_ptr + addr) = (uint8_t) val; cpu_physical_memory_set_dirty(s->vram_offset + addr); } else { if ((s->gr[0x0B] & 0x14) != 0x14) { cirrus_mem_writeb_mode4and5_8bpp(s, mode, addr, val); } else { cirrus_mem_writeb_mode4and5_16bpp(s, mode, addr, val); } } } }",qemu,,,40508855693856031048094382026399437628,0 3310,CWE-476,"smb_com_flush(smb_request_t *sr) { smb_ofile_t *file; smb_llist_t *flist; int rc; if (smb_flush_required == 0) { rc = smbsr_encode_empty_result(sr); return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); } if (sr->smb_fid != 0xffff) { smbsr_lookup_file(sr); if (sr->fid_ofile == NULL) { smbsr_error(sr, NT_STATUS_INVALID_HANDLE, ERRDOS, ERRbadfid); return (SDRC_ERROR); } smb_flush_file(sr, sr->fid_ofile); } else { flist = &sr->tid_tree->t_ofile_list; smb_llist_enter(flist, RW_READER); file = smb_llist_head(flist); while (file) { mutex_enter(&file->f_mutex); smb_flush_file(sr, file); mutex_exit(&file->f_mutex); file = smb_llist_next(flist, file); } smb_llist_exit(flist); } rc = smbsr_encode_empty_result(sr); return ((rc == 0) ? SDRC_SUCCESS : SDRC_ERROR); }",visit repo url,usr/src/uts/common/fs/smbsrv/smb_flush.c,https://github.com/illumos/illumos-gate,69983464916768,1 6664,['CWE-200'],"vpn_connection_state_changed (NMVPNConnection *vpn, NMVPNConnectionState state, NMVPNConnectionStateReason reason, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); NMConnection *connection; const char *banner; char *title = NULL, *msg; gboolean device_activating, vpn_activating; device_activating = applet_is_any_device_activating (applet); vpn_activating = applet_is_any_vpn_activating (applet); switch (state) { case NM_VPN_CONNECTION_STATE_PREPARE: case NM_VPN_CONNECTION_STATE_NEED_AUTH: case NM_VPN_CONNECTION_STATE_CONNECT: case NM_VPN_CONNECTION_STATE_IP_CONFIG_GET: vpn_activating = TRUE; break; case NM_VPN_CONNECTION_STATE_ACTIVATED: banner = nm_vpn_connection_get_banner (vpn); if (banner && strlen (banner)) { title = _(""VPN Login Message""); msg = g_strdup_printf (""%s\n"", banner); applet_do_notify (applet, NOTIFY_URGENCY_LOW, title, msg, ""gnome-lockscreen"", NULL, NULL, NULL, NULL); g_free (msg); } connection = applet_get_connection_for_active (applet, NM_ACTIVE_CONNECTION (vpn)); if (connection) update_connection_timestamp (NM_ACTIVE_CONNECTION (vpn), connection, applet); break; case NM_VPN_CONNECTION_STATE_FAILED: title = _(""VPN Connection Failed""); msg = make_vpn_failure_message (vpn, reason, applet); applet_do_notify (applet, NOTIFY_URGENCY_LOW, title, msg, ""gnome-lockscreen"", NULL, NULL, NULL, NULL); g_free (msg); break; case NM_VPN_CONNECTION_STATE_DISCONNECTED: if (reason != NM_VPN_CONNECTION_STATE_REASON_USER_DISCONNECTED) { title = _(""VPN Connection Failed""); msg = make_vpn_disconnection_message (vpn, reason, applet); applet_do_notify (applet, NOTIFY_URGENCY_LOW, title, msg, ""gnome-lockscreen"", NULL, NULL, NULL, NULL); g_free (msg); } break; default: break; } if (device_activating || vpn_activating) start_animation_timeout (applet); else clear_animation_timeout (applet); applet_schedule_update_icon (applet); }",network-manager-applet,,,91445466359398136273046903129597405259,0 389,CWE-129,"nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_getdeviceinfo *gdev) { struct xdr_stream *xdr = &resp->xdr; const struct nfsd4_layout_ops *ops = nfsd4_layout_ops[gdev->gd_layout_type]; u32 starting_len = xdr->buf->len, needed_len; __be32 *p; dprintk(""%s: err %d\n"", __func__, be32_to_cpu(nfserr)); if (nfserr) goto out; nfserr = nfserr_resource; p = xdr_reserve_space(xdr, 4); if (!p) goto out; *p++ = cpu_to_be32(gdev->gd_layout_type); if (gdev->gd_maxcount != 0) { nfserr = ops->encode_getdeviceinfo(xdr, gdev); if (nfserr) { if (xdr->buf->len + 4 > gdev->gd_maxcount) goto toosmall; goto out; } } nfserr = nfserr_resource; if (gdev->gd_notify_types) { p = xdr_reserve_space(xdr, 4 + 4); if (!p) goto out; *p++ = cpu_to_be32(1); *p++ = cpu_to_be32(gdev->gd_notify_types); } else { p = xdr_reserve_space(xdr, 4); if (!p) goto out; *p++ = 0; } nfserr = 0; out: kfree(gdev->gd_device); dprintk(""%s: done: %d\n"", __func__, be32_to_cpu(nfserr)); return nfserr; toosmall: dprintk(""%s: maxcount too small\n"", __func__); needed_len = xdr->buf->len + 4 ; xdr_truncate_encode(xdr, starting_len); p = xdr_reserve_space(xdr, 4); if (!p) { nfserr = nfserr_resource; } else { *p++ = cpu_to_be32(needed_len); nfserr = nfserr_toosmall; } goto out; }",visit repo url,fs/nfsd/nfs4xdr.c,https://github.com/torvalds/linux,72202149100072,1 6355,['CWE-200'],"tca_action_gd(struct rtattr *rta, struct nlmsghdr *n, u32 pid, int event) { int i, ret = 0; struct rtattr *tb[TCA_ACT_MAX_PRIO+1]; struct tc_action *head = NULL, *act, *act_prev = NULL; if (rtattr_parse_nested(tb, TCA_ACT_MAX_PRIO, rta) < 0) return -EINVAL; if (event == RTM_DELACTION && n->nlmsg_flags&NLM_F_ROOT) { if (tb[0] != NULL && tb[1] == NULL) return tca_action_flush(tb[0], n, pid); } for (i=0; i < TCA_ACT_MAX_PRIO && tb[i]; i++) { act = tcf_action_get_1(tb[i], n, pid, &ret); if (act == NULL) goto err; act->order = i+1; if (head == NULL) head = act; else act_prev->next = act; act_prev = act; } if (event == RTM_GETACTION) ret = act_get_notify(pid, n, head, event); else { struct sk_buff *skb; skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) { ret = -ENOBUFS; goto err; } if (tca_get_fill(skb, head, pid, n->nlmsg_seq, 0, event, 0, 1) <= 0) { kfree_skb(skb); ret = -EINVAL; goto err; } tcf_action_destroy(head, 0); ret = rtnetlink_send(skb, pid, RTMGRP_TC, n->nlmsg_flags&NLM_F_ECHO); if (ret > 0) return 0; return ret; } err: cleanup_a(head); return ret; }",linux-2.6,,,197046365221294262365927906621873632011,0 1372,[],"static inline struct cfs_rq *cfs_rq_of(struct sched_entity *se) { struct task_struct *p = task_of(se); struct rq *rq = task_rq(p); return &rq->cfs; }",linux-2.6,,,46799909197675499590132376719042802823,0 3449,CWE-264,"static bool do_write_pids(pid_t tpid, const char *contrl, const char *cg, const char *file, const char *buf) { int sock[2] = {-1, -1}; pid_t qpid, cpid = -1; FILE *pids_file = NULL; bool answer = false, fail = false; pids_file = open_pids_file(contrl, cg); if (!pids_file) return false; if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sock) < 0) { perror(""socketpair""); goto out; } cpid = fork(); if (cpid == -1) goto out; if (!cpid) { fclose(pids_file); pid_from_ns_wrapper(sock[1], tpid); } const char *ptr = buf; while (sscanf(ptr, ""%d"", &qpid) == 1) { struct ucred cred; char v; if (write(sock[0], &qpid, sizeof(qpid)) != sizeof(qpid)) { fprintf(stderr, ""%s: error writing pid to child: %s\n"", __func__, strerror(errno)); goto out; } if (recv_creds(sock[0], &cred, &v)) { if (v == '0') { if (fprintf(pids_file, ""%d"", (int) cred.pid) < 0) fail = true; } } ptr = strchr(ptr, '\n'); if (!ptr) break; ptr++; } qpid = -1; if (write(sock[0], &qpid ,sizeof(qpid)) != sizeof(qpid)) fprintf(stderr, ""Warning: failed to ask child to exit\n""); if (!fail) answer = true; out: if (cpid != -1) wait_for_pid(cpid); if (sock[0] != -1) { close(sock[0]); close(sock[1]); } if (pids_file) { if (fclose(pids_file) != 0) answer = false; } return answer; }",visit repo url,lxcfs.c,https://github.com/lxc/lxcfs,121492700082160,1 343,CWE-362,"static struct ucounts *get_ucounts(struct user_namespace *ns, kuid_t uid) { struct hlist_head *hashent = ucounts_hashentry(ns, uid); struct ucounts *ucounts, *new; spin_lock_irq(&ucounts_lock); ucounts = find_ucounts(ns, uid, hashent); if (!ucounts) { spin_unlock_irq(&ucounts_lock); new = kzalloc(sizeof(*new), GFP_KERNEL); if (!new) return NULL; new->ns = ns; new->uid = uid; atomic_set(&new->count, 0); spin_lock_irq(&ucounts_lock); ucounts = find_ucounts(ns, uid, hashent); if (ucounts) { kfree(new); } else { hlist_add_head(&new->node, hashent); ucounts = new; } } if (!atomic_add_unless(&ucounts->count, 1, INT_MAX)) ucounts = NULL; spin_unlock_irq(&ucounts_lock); return ucounts; }",visit repo url,kernel/ucount.c,https://github.com/torvalds/linux,278316267386294,1 943,CWE-19,"xfs_attr_calc_size( struct xfs_inode *ip, int namelen, int valuelen, int *local) { struct xfs_mount *mp = ip->i_mount; int size; int nblks; size = xfs_attr_leaf_newentsize(namelen, valuelen, mp->m_sb.sb_blocksize, local); nblks = XFS_DAENTER_SPACE_RES(mp, XFS_ATTR_FORK); if (*local) { if (size > (mp->m_sb.sb_blocksize >> 1)) { nblks *= 2; } } else { uint dblocks = XFS_B_TO_FSB(mp, valuelen); nblks += dblocks; nblks += XFS_NEXTENTADD_SPACE_RES(mp, dblocks, XFS_ATTR_FORK); } return nblks; }",visit repo url,fs/xfs/xfs_attr.c,https://github.com/torvalds/linux,74946108148803,1 3981,['CWE-362'],"static void audit_remove_watch(struct audit_watch *watch) { list_del(&watch->wlist); put_inotify_watch(&watch->parent->wdata); watch->parent = NULL; audit_put_watch(watch); }",linux-2.6,,,61104198409129766187825793745547794664,0 59,CWE-18,"iakerb_alloc_context(iakerb_ctx_id_t *pctx) { iakerb_ctx_id_t ctx; krb5_error_code code; *pctx = NULL; ctx = k5alloc(sizeof(*ctx), &code); if (ctx == NULL) goto cleanup; ctx->defcred = GSS_C_NO_CREDENTIAL; ctx->magic = KG_IAKERB_CONTEXT; ctx->state = IAKERB_AS_REQ; ctx->count = 0; code = krb5_gss_init_context(&ctx->k5c); if (code != 0) goto cleanup; *pctx = ctx; cleanup: if (code != 0) iakerb_release_context(ctx); return code; }",visit repo url,src/lib/gssapi/krb5/iakerb.c,https://github.com/krb5/krb5,122352803147288,1 6546,['CWE-200'],"page_get_connections (gpointer user_data) { ActionInfo *info = (ActionInfo *) user_data; return g_slist_concat (nm_settings_list_connections (NM_SETTINGS (info->list->system_settings)), nm_settings_list_connections (NM_SETTINGS (info->list->gconf_settings))); }",network-manager-applet,,,145891878007989940440949735483419784413,0 5215,['CWE-20'],"static inline int is_invalid_opcode(u32 intr_info) { return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VECTOR_MASK | INTR_INFO_VALID_MASK)) == (INTR_TYPE_HARD_EXCEPTION | UD_VECTOR | INTR_INFO_VALID_MASK); }",linux-2.6,,,334010514042140960439567697033421858045,0 1452,CWE-119,"static int udf_symlink_filler(struct file *file, struct page *page) { struct inode *inode = page->mapping->host; struct buffer_head *bh = NULL; unsigned char *symlink; int err = -EIO; unsigned char *p = kmap(page); struct udf_inode_info *iinfo; uint32_t pos; iinfo = UDF_I(inode); pos = udf_block_map(inode, 0); down_read(&iinfo->i_data_sem); if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) { symlink = iinfo->i_ext.i_data + iinfo->i_lenEAttr; } else { bh = sb_bread(inode->i_sb, pos); if (!bh) goto out; symlink = bh->b_data; } udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p); brelse(bh); up_read(&iinfo->i_data_sem); SetPageUptodate(page); kunmap(page); unlock_page(page); return 0; out: up_read(&iinfo->i_data_sem); SetPageError(page); kunmap(page); unlock_page(page); return err; }",visit repo url,fs/udf/symlink.c,https://github.com/torvalds/linux,113622410077680,1 1029,CWE-20,"int sctp_verify_asconf(const struct sctp_association *asoc, struct sctp_paramhdr *param_hdr, void *chunk_end, struct sctp_paramhdr **errp) { sctp_addip_param_t *asconf_param; union sctp_params param; int length, plen; param.v = (sctp_paramhdr_t *) param_hdr; while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { length = ntohs(param.p->length); *errp = param.p; if (param.v > chunk_end - length || length < sizeof(sctp_paramhdr_t)) return 0; switch (param.p->type) { case SCTP_PARAM_ADD_IP: case SCTP_PARAM_DEL_IP: case SCTP_PARAM_SET_PRIMARY: asconf_param = (sctp_addip_param_t *)param.v; plen = ntohs(asconf_param->param_hdr.length); if (plen < sizeof(sctp_addip_param_t) + sizeof(sctp_paramhdr_t)) return 0; break; case SCTP_PARAM_SUCCESS_REPORT: case SCTP_PARAM_ADAPTATION_LAYER_IND: if (length != sizeof(sctp_addip_param_t)) return 0; break; default: break; } param.v += WORD_ROUND(length); } if (param.v != chunk_end) return 0; return 1; }",visit repo url,net/sctp/sm_make_chunk.c,https://github.com/torvalds/linux,147213493551016,1 6369,CWE-787,"write_node(FILE *out, tree_t *t, int col) { int i; uchar *ptr, *entity, *src, *realsrc, newsrc[1024]; if (out == NULL) return (0); switch (t->markup) { case MARKUP_NONE : if (t->data == NULL) break; if (t->preformatted) { for (ptr = t->data; *ptr; ptr ++) fputs((char *)iso8859(*ptr), out); if (t->data[strlen((char *)t->data) - 1] == '\n') col = 0; else col += strlen((char *)t->data); } else { if ((col + (int)strlen((char *)t->data)) > 72 && col > 0) { putc('\n', out); col = 0; } for (ptr = t->data; *ptr; ptr ++) fputs((char *)iso8859(*ptr), out); col += strlen((char *)t->data); if (col > 72) { putc('\n', out); col = 0; } } break; case MARKUP_COMMENT : case MARKUP_UNKNOWN : fputs(""\n\n"", out); col = 0; break; case MARKUP_AREA : case MARKUP_BODY : case MARKUP_DOCTYPE : case MARKUP_ERROR : case MARKUP_FILE : case MARKUP_HEAD : case MARKUP_HTML : case MARKUP_MAP : case MARKUP_META : case MARKUP_TITLE : break; case MARKUP_BR : case MARKUP_CENTER : case MARKUP_DD : case MARKUP_DL : case MARKUP_DT : case MARKUP_H1 : case MARKUP_H2 : case MARKUP_H3 : case MARKUP_H4 : case MARKUP_H5 : case MARKUP_H6 : case MARKUP_H7 : case MARKUP_H8 : case MARKUP_H9 : case MARKUP_H10 : case MARKUP_H11 : case MARKUP_H12 : case MARKUP_H13 : case MARKUP_H14 : case MARKUP_H15 : case MARKUP_HR : case MARKUP_LI : case MARKUP_OL : case MARKUP_P : case MARKUP_PRE : case MARKUP_TABLE : case MARKUP_TR : case MARKUP_UL : if (col > 0) { putc('\n', out); col = 0; } default : if (t->markup == MARKUP_IMG && OutputFiles && (src = htmlGetVariable(t, (uchar *)""SRC"")) != NULL && (realsrc = htmlGetVariable(t, (uchar *)""REALSRC"")) != NULL) { if (file_method((char *)src) == NULL && src[0] != '/' && src[0] != '\\' && (!isalpha(src[0]) || src[1] != ':')) { image_copy((char *)src, (char *)realsrc, OutputPath); strlcpy((char *)newsrc, file_basename((char *)src), sizeof(newsrc)); htmlSetVariable(t, (uchar *)""SRC"", newsrc); } } if (t->markup != MARKUP_EMBED) { col += fprintf(out, ""<%s"", _htmlMarkups[t->markup]); for (i = 0; i < t->nvars; i ++) { if (strcasecmp((char *)t->vars[i].name, ""BREAK"") == 0 && t->markup == MARKUP_HR) continue; if (strcasecmp((char *)t->vars[i].name, ""REALSRC"") == 0 && t->markup == MARKUP_IMG) continue; if (strncasecmp((char *)t->vars[i].name, ""_HD_"", 4) == 0) continue; if (col > 72 && !t->preformatted) { putc('\n', out); col = 0; } if (col > 0) { putc(' ', out); col ++; } if (t->vars[i].value == NULL) col += fprintf(out, ""%s"", t->vars[i].name); else { col += fprintf(out, ""%s=\"""", t->vars[i].name); for (ptr = t->vars[i].value; *ptr; ptr ++) { entity = iso8859(*ptr); fputs((char *)entity, out); col += strlen((char *)entity); } putc('\""', out); col ++; } } putc('>', out); col ++; if (col > 72 && !t->preformatted) { putc('\n', out); col = 0; } } break; } return (col); }",visit repo url,htmldoc/html.cxx,https://github.com/michaelrsweet/htmldoc,11465618801059,1 324,[],"static int broken_blkgetsize(unsigned int fd, unsigned int cmd, unsigned long arg) { return w_long(fd, BLKGETSIZE, arg); }",linux-2.6,,,216203451678586048354455690101839094937,0 6450,[],"list_files_by_dir (const char *dirnam, char **pargz, size_t *pargz_len) { DIR *dirp = 0; int errors = 0; assert (dirnam && *dirnam); assert (pargz); assert (pargz_len); assert (dirnam[LT_STRLEN(dirnam) -1] != '/'); dirp = opendir (dirnam); if (dirp) { struct dirent *dp = 0; while ((dp = readdir (dirp))) if (dp->d_name[0] != '.') if (lt_argz_insertdir (pargz, pargz_len, dirnam, dp)) { ++errors; break; } closedir (dirp); } else ++errors; return errors; }",libtool,,,113852128693142704065232603065607451016,0 733,CWE-20,"static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int ret; int copylen; ret = -EOPNOTSUPP; if (m->msg_flags&MSG_OOB) goto read_error; m->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, 0 , &ret); if (!skb) goto read_error; copylen = skb->len; if (len < copylen) { m->msg_flags |= MSG_TRUNC; copylen = len; } ret = skb_copy_datagram_iovec(skb, 0, m->msg_iov, copylen); if (ret) goto out_free; ret = (flags & MSG_TRUNC) ? skb->len : copylen; out_free: skb_free_datagram(sk, skb); caif_check_flow_release(sk); return ret; read_error: return ret; }",visit repo url,net/caif/caif_socket.c,https://github.com/torvalds/linux,109452384008025,1 2540,['CWE-119'],"static int opt_arg(const char *arg, int arg_short, const char *arg_long, int *val) { char c, *eq; int len; if (*arg != '-') return 0; c = *++arg; if (!c) return 0; if (c == arg_short) { c = *++arg; if (!c) return 1; if (val && isdigit(c)) { char *end; int n = strtoul(arg, &end, 10); if (*end) return 0; *val = n; return 1; } return 0; } if (c != '-') return 0; arg++; eq = strchr(arg, '='); if (eq) len = eq - arg; else len = strlen(arg); if (!len || strncmp(arg, arg_long, len)) return 0; if (eq) { int n; char *end; if (!isdigit(*++eq)) return 0; n = strtoul(eq, &end, 10); if (*end) return 0; *val = n; } return 1; }",git,,,221023626277533343452309069195006078615,0 74,['CWE-787'],"static uint32_t cirrus_linear_readl(void *opaque, target_phys_addr_t addr) { uint32_t v; #ifdef TARGET_WORDS_BIGENDIAN v = cirrus_linear_readb(opaque, addr) << 24; v |= cirrus_linear_readb(opaque, addr + 1) << 16; v |= cirrus_linear_readb(opaque, addr + 2) << 8; v |= cirrus_linear_readb(opaque, addr + 3); #else v = cirrus_linear_readb(opaque, addr); v |= cirrus_linear_readb(opaque, addr + 1) << 8; v |= cirrus_linear_readb(opaque, addr + 2) << 16; v |= cirrus_linear_readb(opaque, addr + 3) << 24; #endif return v; }",qemu,,,13088884793607907152514743733681067317,0 125,[],"compat_sys_writev(unsigned long fd, const struct compat_iovec __user *vec, unsigned long vlen) { struct file *file; ssize_t ret = -EBADF; file = fget(fd); if (!file) return -EBADF; if (!(file->f_mode & FMODE_WRITE)) goto out; ret = -EINVAL; if (!file->f_op || (!file->f_op->aio_write && !file->f_op->write)) goto out; ret = compat_do_readv_writev(WRITE, file, vec, vlen, &file->f_pos); out: fput(file); return ret; }",linux-2.6,,,326361551319845723090417820974037924,0 711,[],"static int jpc_com_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_com_t *com = &ms->parms.com; unsigned int i; int printable; fprintf(out, ""regid = %d;\n"", com->regid); printable = 1; for (i = 0; i < com->len; ++i) { if (!isprint(com->data[i])) { printable = 0; break; } } if (printable) { fprintf(out, ""data = ""); fwrite(com->data, sizeof(char), com->len, out); fprintf(out, ""\n""); } return 0; }",jasper,,,144352090381944071043110781626331269269,0 4329,['CWE-119'],"static status ParseINFOSubChunk (AFfilehandle filehandle, AFvirtualfile *fp, uint32_t id, size_t size) { AFfileoffset endPos=af_ftell(fp)+size; while (af_ftell(fp) < endPos) { int misctype = AF_MISC_UNRECOGNIZED; uint32_t miscid, miscsize; af_fread(&miscid, 4, 1, fp); af_read_uint32_le(&miscsize, fp); if (memcmp(&miscid, ""IART"", 4) == 0) misctype = AF_MISC_AUTH; else if (memcmp(&miscid, ""INAM"", 4) == 0) misctype = AF_MISC_NAME; else if (memcmp(&miscid, ""ICOP"", 4) == 0) misctype = AF_MISC_COPY; else if (memcmp(&miscid, ""ICMT"", 4) == 0) misctype = AF_MISC_ICMT; else if (memcmp(&miscid, ""ICRD"", 4) == 0) misctype = AF_MISC_ICRD; else if (memcmp(&miscid, ""ISFT"", 4) == 0) misctype = AF_MISC_ISFT; if (misctype != AF_MISC_UNRECOGNIZED) { char *string = _af_malloc(miscsize); af_fread(string, miscsize, 1, fp); filehandle->miscellaneousCount++; filehandle->miscellaneous = _af_realloc(filehandle->miscellaneous, sizeof (_Miscellaneous) * filehandle->miscellaneousCount); filehandle->miscellaneous[filehandle->miscellaneousCount-1].id = filehandle->miscellaneousCount; filehandle->miscellaneous[filehandle->miscellaneousCount-1].type = misctype; filehandle->miscellaneous[filehandle->miscellaneousCount-1].size = miscsize; filehandle->miscellaneous[filehandle->miscellaneousCount-1].position = 0; filehandle->miscellaneous[filehandle->miscellaneousCount-1].buffer = string; } else { af_fseek(fp, miscsize, SEEK_CUR); } if (miscsize % 2 != 0) af_fseek(fp, 1, SEEK_CUR); } return AF_SUCCEED; }",audiofile,,,19347472620554983488678547611456640555,0 883,CWE-20,"static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr = msg->msg_name; int copied = 0; int check_creds = 0; int target; int err = 0; long timeo; int skip; err = -EINVAL; if (sk->sk_state != TCP_ESTABLISHED) goto out; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); msg->msg_namelen = 0; if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(timeo); goto out; } do { int chunk; struct sk_buff *skb, *last; unix_state_lock(sk); last = skb = skb_peek(&sk->sk_receive_queue); again: if (skb == NULL) { unix_sk(sk)->recursion_level = 0; if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; unix_state_unlock(sk); err = -EAGAIN; if (!timeo) break; mutex_unlock(&u->readlock); timeo = unix_stream_data_wait(sk, timeo, last); if (signal_pending(current) || mutex_lock_interruptible(&u->readlock)) { err = sock_intr_errno(timeo); goto out; } continue; unlock: unix_state_unlock(sk); break; } skip = sk_peek_offset(sk, flags); while (skip >= unix_skb_len(skb)) { skip -= unix_skb_len(skb); last = skb; skb = skb_peek_next(skb, &sk->sk_receive_queue); if (!skb) goto again; } unix_state_unlock(sk); if (check_creds) { if ((UNIXCB(skb).pid != siocb->scm->pid) || !uid_eq(UNIXCB(skb).uid, siocb->scm->creds.uid) || !gid_eq(UNIXCB(skb).gid, siocb->scm->creds.gid)) break; } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); check_creds = 1; } if (sunaddr) { unix_copy_addr(msg, skb->sk); sunaddr = NULL; } chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); if (skb_copy_datagram_iovec(skb, UNIXCB(skb).consumed + skip, msg->msg_iov, chunk)) { if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { UNIXCB(skb).consumed += chunk; sk_peek_offset_bwd(sk, chunk); if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); if (unix_skb_len(skb)) break; skb_unlink(skb, &sk->sk_receive_queue); consume_skb(skb); if (siocb->scm->fp) break; } else { if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); sk_peek_offset_fwd(sk, chunk); break; } } while (size); mutex_unlock(&u->readlock); scm_recv(sock, msg, siocb->scm, flags); out: return copied ? : err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,252330469564730,1 4220,['CWE-399'],"static void dev_watchdog_down(struct net_device *dev) { netif_tx_lock_bh(dev); if (del_timer(&dev->watchdog_timer)) dev_put(dev); netif_tx_unlock_bh(dev); }",linux-2.6,,,128074058306187717465017555605210060107,0 250,[],"static inline void fat_dir_readahead(struct inode *dir, sector_t iblock, sector_t phys) { struct super_block *sb = dir->i_sb; struct msdos_sb_info *sbi = MSDOS_SB(sb); struct buffer_head *bh; int sec; if ((iblock & (sbi->sec_per_clus - 1)) || sbi->sec_per_clus == 1) return; if ((sbi->fat_bits != 32) && (dir->i_ino == MSDOS_ROOT_INO)) return; bh = sb_find_get_block(sb, phys); if (bh == NULL || !buffer_uptodate(bh)) { for (sec = 0; sec < sbi->sec_per_clus; sec++) sb_breadahead(sb, phys + sec); } brelse(bh); }",linux-2.6,,,177607143046777579812308004583698081357,0 885,CWE-20,"static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); int noblock = flags & MSG_DONTWAIT; struct sk_buff *skb; int err; int peeked, skip; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); goto out; } skip = sk_peek_offset(sk, flags); skb = __skb_recv_datagram(sk, flags, &peeked, &skip, &err); if (!skb) { unix_state_lock(sk); if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && (sk->sk_shutdown & RCV_SHUTDOWN)) err = 0; unix_state_unlock(sk); goto out_unlock; } wake_up_interruptible_sync_poll(&u->peer_wait, POLLOUT | POLLWRNORM | POLLWRBAND); if (msg->msg_name) unix_copy_addr(msg, skb->sk); if (size > skb->len - skip) size = skb->len - skip; else if (size < skb->len - skip) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, skip, msg->msg_iov, size); if (err) goto out_free; if (sock_flag(sk, SOCK_RCVTSTAMP)) __sock_recv_timestamp(msg, sk, skb); if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); unix_set_secdata(siocb->scm, skb); if (!(flags & MSG_PEEK)) { if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); sk_peek_offset_bwd(sk, skb->len); } else { sk_peek_offset_fwd(sk, size); if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); } err = (flags & MSG_TRUNC) ? skb->len - skip : size; scm_recv(sock, msg, siocb->scm, flags); out_free: skb_free_datagram(sk, skb); out_unlock: mutex_unlock(&u->readlock); out: return err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,179527283060615,1 2896,CWE-119,"PredictorDecodeRow(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) { TIFFPredictorState *sp = PredictorState(tif); assert(sp != NULL); assert(sp->decoderow != NULL); assert(sp->decodepfunc != NULL); if ((*sp->decoderow)(tif, op0, occ0, s)) { (*sp->decodepfunc)(tif, op0, occ0); return 1; } else return 0; }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,199634549996443,1 4924,CWE-59,"vrrp_print_data(void) { FILE *file = fopen (dump_file, ""w""); if (!file) { log_message(LOG_INFO, ""Can't open %s (%d: %s)"", dump_file, errno, strerror(errno)); return; } dump_data_vrrp(file); fclose(file); }",visit repo url,keepalived/vrrp/vrrp_print.c,https://github.com/acassen/keepalived,82204251403399,1 1561,[],"static ssize_t cpu_rt_runtime_write(struct cgroup *cgrp, struct cftype *cft, struct file *file, const char __user *userbuf, size_t nbytes, loff_t *unused_ppos) { char buffer[64]; int retval = 0; s64 val; char *end; if (!nbytes) return -EINVAL; if (nbytes >= sizeof(buffer)) return -E2BIG; if (copy_from_user(buffer, userbuf, nbytes)) return -EFAULT; buffer[nbytes] = 0; if (nbytes && (buffer[nbytes-1] == '\n')) buffer[nbytes-1] = 0; val = simple_strtoll(buffer, &end, 0); if (*end) return -EINVAL; retval = sched_group_set_rt_runtime(cgroup_tg(cgrp), val); if (!retval) retval = nbytes; return retval; }",linux-2.6,,,57533177670478712040569740552382294239,0 985,['CWE-94'],"static int link_pipe(struct pipe_inode_info *ipipe, struct pipe_inode_info *opipe, size_t len, unsigned int flags) { struct pipe_buffer *ibuf, *obuf; int ret = 0, i = 0, nbuf; inode_double_lock(ipipe->inode, opipe->inode); do { if (!opipe->readers) { send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; break; } if (i >= ipipe->nrbufs || opipe->nrbufs >= PIPE_BUFFERS) break; ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1)); nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1); ibuf->ops->get(ipipe, ibuf); obuf = opipe->bufs + nbuf; *obuf = *ibuf; obuf->flags &= ~PIPE_BUF_FLAG_GIFT; if (obuf->len > len) obuf->len = len; opipe->nrbufs++; ret += obuf->len; len -= obuf->len; i++; } while (len); inode_double_unlock(ipipe->inode, opipe->inode); if (ret > 0) { smp_mb(); if (waitqueue_active(&opipe->wait)) wake_up_interruptible(&opipe->wait); kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN); } return ret; }",linux-2.6,,,168175677350266915788727143378453617304,0 4002,CWE-416,"static void cil_reset_classperms_set(struct cil_classperms_set *cp_set) { cil_reset_classpermission(cp_set->set); }",visit repo url,libsepol/cil/src/cil_reset_ast.c,https://github.com/SELinuxProject/selinux,222989256928568,1 3203,['CWE-189'],"void jpc_quantize(jas_matrix_t *data, jpc_fix_t stepsize) { int i; int j; jpc_fix_t t; if (stepsize == jpc_inttofix(1)) { return; } for (i = 0; i < jas_matrix_numrows(data); ++i) { for (j = 0; j < jas_matrix_numcols(data); ++j) { t = jas_matrix_get(data, i, j); { if (t < 0) { t = jpc_fix_neg(jpc_fix_div(jpc_fix_neg(t), stepsize)); } else { t = jpc_fix_div(t, stepsize); } } jas_matrix_set(data, i, j, t); } } }",jasper,,,109499543464554717912741541984087025399,0 145,CWE-416,"max3421_set_address(struct usb_hcd *hcd, struct usb_device *dev, int epnum, int force_toggles) { struct max3421_hcd *max3421_hcd = hcd_to_max3421(hcd); int old_epnum, same_ep, rcvtog, sndtog; struct usb_device *old_dev; u8 hctl; old_dev = max3421_hcd->loaded_dev; old_epnum = max3421_hcd->loaded_epnum; same_ep = (dev == old_dev && epnum == old_epnum); if (same_ep && !force_toggles) return; if (old_dev && !same_ep) { u8 hrsl = spi_rd8(hcd, MAX3421_REG_HRSL); rcvtog = (hrsl >> MAX3421_HRSL_RCVTOGRD_BIT) & 1; sndtog = (hrsl >> MAX3421_HRSL_SNDTOGRD_BIT) & 1; usb_settoggle(old_dev, old_epnum, 0, rcvtog); usb_settoggle(old_dev, old_epnum, 1, sndtog); } rcvtog = usb_gettoggle(dev, epnum, 0); sndtog = usb_gettoggle(dev, epnum, 1); hctl = (BIT(rcvtog + MAX3421_HCTL_RCVTOG0_BIT) | BIT(sndtog + MAX3421_HCTL_SNDTOG0_BIT)); max3421_hcd->loaded_epnum = epnum; spi_wr8(hcd, MAX3421_REG_HCTL, hctl); max3421_hcd->loaded_dev = dev; spi_wr8(hcd, MAX3421_REG_PERADDR, dev->devnum); }",visit repo url,drivers/usb/host/max3421-hcd.c,https://github.com/torvalds/linux,254075053213890,1 2173,CWE-125,"static void ttm_put_pages(struct page **pages, unsigned npages, int flags, enum ttm_caching_state cstate) { struct ttm_page_pool *pool = ttm_get_pool(flags, false, cstate); #ifdef CONFIG_TRANSPARENT_HUGEPAGE struct ttm_page_pool *huge = ttm_get_pool(flags, true, cstate); #endif unsigned long irq_flags; unsigned i; if (pool == NULL) { i = 0; while (i < npages) { #ifdef CONFIG_TRANSPARENT_HUGEPAGE struct page *p = pages[i]; #endif unsigned order = 0, j; if (!pages[i]) { ++i; continue; } #ifdef CONFIG_TRANSPARENT_HUGEPAGE if (!(flags & TTM_PAGE_FLAG_DMA32) && (npages - i) >= HPAGE_PMD_NR) { for (j = 0; j < HPAGE_PMD_NR; ++j) if (p++ != pages[i + j]) break; if (j == HPAGE_PMD_NR) order = HPAGE_PMD_ORDER; } #endif if (page_count(pages[i]) != 1) pr_err(""Erroneous page count. Leaking pages.\n""); __free_pages(pages[i], order); j = 1 << order; while (j) { pages[i++] = NULL; --j; } } return; } i = 0; #ifdef CONFIG_TRANSPARENT_HUGEPAGE if (huge) { unsigned max_size, n2free; spin_lock_irqsave(&huge->lock, irq_flags); while ((npages - i) >= HPAGE_PMD_NR) { struct page *p = pages[i]; unsigned j; if (!p) break; for (j = 0; j < HPAGE_PMD_NR; ++j) if (p++ != pages[i + j]) break; if (j != HPAGE_PMD_NR) break; list_add_tail(&pages[i]->lru, &huge->list); for (j = 0; j < HPAGE_PMD_NR; ++j) pages[i++] = NULL; huge->npages++; } max_size = _manager->options.max_size; max_size /= HPAGE_PMD_NR; if (huge->npages > max_size) n2free = huge->npages - max_size; else n2free = 0; spin_unlock_irqrestore(&huge->lock, irq_flags); if (n2free) ttm_page_pool_free(huge, n2free, false); } #endif spin_lock_irqsave(&pool->lock, irq_flags); while (i < npages) { if (pages[i]) { if (page_count(pages[i]) != 1) pr_err(""Erroneous page count. Leaking pages.\n""); list_add_tail(&pages[i]->lru, &pool->list); pages[i] = NULL; pool->npages++; } ++i; } npages = 0; if (pool->npages > _manager->options.max_size) { npages = pool->npages - _manager->options.max_size; if (npages < NUM_PAGES_TO_ALLOC) npages = NUM_PAGES_TO_ALLOC; } spin_unlock_irqrestore(&pool->lock, irq_flags); if (npages) ttm_page_pool_free(pool, npages, false); }",visit repo url,drivers/gpu/drm/ttm/ttm_page_alloc.c,https://github.com/torvalds/linux,215842792609375,1 2326,['CWE-120'],"int permission(struct inode *inode, int mask, struct nameidata *nd) { int retval, submask; struct vfsmount *mnt = NULL; if (nd) mnt = nd->path.mnt; if (mask & MAY_WRITE) { umode_t mode = inode->i_mode; if (IS_RDONLY(inode) && (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) return -EROFS; if (IS_IMMUTABLE(inode)) return -EACCES; } if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) { if (mnt && (mnt->mnt_flags & MNT_NOEXEC)) return -EACCES; } submask = mask & ~MAY_APPEND; if (inode->i_op && inode->i_op->permission) { retval = inode->i_op->permission(inode, submask, nd); if (!retval) { if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode) && !(inode->i_mode & S_IXUGO)) return -EACCES; } } else { retval = generic_permission(inode, submask, NULL); } if (retval) return retval; retval = devcgroup_inode_permission(inode, mask); if (retval) return retval; return security_inode_permission(inode, mask, nd); }",linux-2.6,,,234494564693274589582237817731915993254,0 6191,CWE-190,"void fp_exp_slide(fp_t c, const fp_t a, const bn_t b) { fp_t t[1 << (FP_WIDTH - 1)], r; int i, j, l; uint8_t win[RLC_FP_BITS + 1]; fp_null(r); if (bn_is_zero(b)) { fp_set_dig(c, 1); return; } for (i = 0; i < (1 << (FP_WIDTH - 1)); i++) { fp_null(t[i]); } RLC_TRY { for (i = 0; i < (1 << (FP_WIDTH - 1)); i ++) { fp_new(t[i]); } fp_new(r); fp_copy(t[0], a); fp_sqr(r, a); for (i = 1; i < 1 << (FP_WIDTH - 1); i++) { fp_mul(t[i], t[i - 1], r); } fp_set_dig(r, 1); l = RLC_FP_BITS + 1; bn_rec_slw(win, &l, b, FP_WIDTH); for (i = 0; i < l; i++) { if (win[i] == 0) { fp_sqr(r, r); } else { for (j = 0; j < util_bits_dig(win[i]); j++) { fp_sqr(r, r); } fp_mul(r, r, t[win[i] >> 1]); } } if (bn_sign(b) == RLC_NEG) { fp_inv(c, r); } else { fp_copy(c, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (FP_WIDTH - 1)); i++) { fp_free(t[i]); } fp_free(r); } }",visit repo url,src/fp/relic_fp_exp.c,https://github.com/relic-toolkit/relic,145521906175631,1 2819,[],"static inline unsigned dio_pages_present(struct dio *dio) { return dio->tail - dio->head; }",linux-2.6,,,126010048244807429465673616952980984462,0 5149,CWE-125,"num_stmts(const node *n) { int i, l; node *ch; switch (TYPE(n)) { case single_input: if (TYPE(CHILD(n, 0)) == NEWLINE) return 0; else return num_stmts(CHILD(n, 0)); case file_input: l = 0; for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == stmt) l += num_stmts(ch); } return l; case stmt: return num_stmts(CHILD(n, 0)); case compound_stmt: return 1; case simple_stmt: return NCH(n) / 2; case suite: if (NCH(n) == 1) return num_stmts(CHILD(n, 0)); else { l = 0; for (i = 2; i < (NCH(n) - 1); i++) l += num_stmts(CHILD(n, i)); return l; } default: { char buf[128]; sprintf(buf, ""Non-statement found: %d %d"", TYPE(n), NCH(n)); Py_FatalError(buf); } } Py_UNREACHABLE(); }",visit repo url,Python/ast.c,https://github.com/python/cpython,18247354386035,1 3966,['CWE-362'],"void inotify_remove_watch_locked(struct inotify_handle *ih, struct inotify_watch *watch) { remove_watch_no_event(watch, ih); ih->in_ops->handle_event(watch, watch->wd, IN_IGNORED, 0, NULL, NULL); }",linux-2.6,,,219293710627820488401945817711213041731,0 5345,CWE-668,"do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, const unsigned char *ax) { #ifdef USE_AMD64_ASM return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, &dec_tables); #elif defined(USE_ARM_ASM) return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, &dec_tables); #else return do_decrypt_fn (ctx, bx, ax); #endif }",visit repo url,cipher/rijndael.c,https://github.com/gpg/libgcrypt,187170073430478,1 5075,CWE-119,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 3503,['CWE-20'],"sctp_disposition_t sctp_sf_do_asconf(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_chunk *asconf_ack = NULL; struct sctp_paramhdr *err_param = NULL; sctp_addiphdr_t *hdr; union sctp_addr_param *addr_param; __u32 serial; int length; if (!sctp_vtag_verify(chunk, asoc)) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, SCTP_NULL()); return sctp_sf_pdiscard(ep, asoc, type, arg, commands); } if (!sctp_addip_noauth && !chunk->auth) return sctp_sf_discard_chunk(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_addip_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); hdr = (sctp_addiphdr_t *)chunk->skb->data; serial = ntohl(hdr->serial); addr_param = (union sctp_addr_param *)hdr->params; length = ntohs(addr_param->p.length); if (length < sizeof(sctp_paramhdr_t)) return sctp_sf_violation_paramlen(ep, asoc, type, arg, (void *)addr_param, commands); if (!sctp_verify_asconf(asoc, (sctp_paramhdr_t *)((void *)addr_param + length), (void *)chunk->chunk_end, &err_param)) return sctp_sf_violation_paramlen(ep, asoc, type, arg, (void *)err_param, commands); if (serial == asoc->peer.addip_serial + 1) { if (!chunk->has_asconf) sctp_assoc_clean_asconf_ack_cache(asoc); asconf_ack = sctp_process_asconf((struct sctp_association *) asoc, chunk); if (!asconf_ack) return SCTP_DISPOSITION_NOMEM; } else if (serial < asoc->peer.addip_serial + 1) { asconf_ack = sctp_assoc_lookup_asconf_ack(asoc, hdr->serial); if (!asconf_ack) return SCTP_DISPOSITION_DISCARD; } else { return SCTP_DISPOSITION_DISCARD; } asconf_ack->dest = chunk->source; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asconf_ack)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,229171128443616130993086309169118889047,0 6720,CWE-617,"tport_t *tport_tsend(tport_t *self, msg_t *msg, tp_name_t const *_tpn, tag_type_t tag, tag_value_t value, ...) { ta_list ta; tagi_t const *t; int reuse, sdwn_after, close_after, resolved = 0, fresh; unsigned mtu; su_addrinfo_t *ai; tport_primary_t *primary; tp_name_t tpn[1]; struct sigcomp_compartment *cc; assert(self); if (!self || !msg || !_tpn) { msg_set_errno(msg, EINVAL); return NULL; } *tpn = *_tpn; SU_DEBUG_7((""tport_tsend(%p) tpn = "" TPN_FORMAT ""\n"", (void *)self, TPN_ARGS(tpn))); if (tport_is_master(self)) { primary = (tport_primary_t *)tport_primary_by_name(self, tpn); if (!primary) { msg_set_errno(msg, EPROTONOSUPPORT); return NULL; } } else { primary = self->tp_pri; } ta_start(ta, tag, value); reuse = primary->pri_primary->tp_reusable && self->tp_reusable; fresh = 0; sdwn_after = 0; close_after = 0; mtu = 0; cc = NULL; for (t = ta_args(ta); t; t = tl_next(t)) { tag_type_t tt = t->t_tag; if (tptag_reuse == tt) reuse = t->t_value != 0; else if (tptag_mtu == tt) mtu = t->t_value; else if (tptag_sdwn_after == tt) sdwn_after = t->t_value != 0; else if (tptag_close_after == tt) close_after = t->t_value != 0; else if (tptag_fresh == tt) fresh = t->t_value != 0; else if (tptag_compartment == tt) cc = (struct sigcomp_compartment *)t->t_value; } ta_end(ta); fresh = fresh || !reuse; ai = msg_addrinfo(msg); ai->ai_flags = 0; tpn->tpn_comp = tport_canonize_comp(tpn->tpn_comp); if (tpn->tpn_comp) { ai->ai_flags |= TP_AI_COMPRESSED; SU_DEBUG_9((""%s: compressed msg(%p) with %s\n"", __func__, (void *)msg, tpn->tpn_comp)); } if (!tpn->tpn_comp || cc == NONE) cc = NULL; if (sdwn_after) ai->ai_flags |= TP_AI_SHUTDOWN; if (close_after) ai->ai_flags |= TP_AI_CLOSE; if (fresh) { self = primary->pri_primary; } else if (tport_is_secondary(self) && tport_is_clear_to_send(self)) { ; } else { if (tport_resolve(primary->pri_primary, msg, tpn) < 0) { return NULL; } resolved = 1; tport_t* secondary = NULL ; tport_t* tp = tport_primaries( self ) ; if (tp) { do { secondary = tport_by_addrinfo((tport_primary_t *)tp, msg_addrinfo(msg), tpn); if (secondary) break; } while(NULL != (tp = tport_next(tp))); } if( secondary ) { self = secondary ; } else { self = primary->pri_primary; } } if (tport_is_primary(self)) { if (!resolved && tport_resolve(self, msg, tpn) < 0) { return NULL; } if (tport_is_connection_oriented(self) || self->tp_params->tpp_conn_orient) { #if 0 && HAVE_UPNP if (upnp_register_upnp_client(1) != 0) { upnp_check_for_nat(); } #endif tpn->tpn_proto = self->tp_protoname; if (!cc) tpn->tpn_comp = NULL; self = tport_connect(primary, msg_addrinfo(msg), tpn); #if 0 && HAVE_UPNP upnp_deregister_upnp_client(0, 0); #endif if (!self) { msg_set_errno(msg, su_errno()); SU_DEBUG_9((""tport_socket failed in tsend\n"" VA_NONE)); return NULL; } if (cc) tport_sigcomp_assign(self, cc); } } else if (tport_is_secondary(self)) { cc = tport_sigcomp_assign_if_needed(self, cc); } if (cc == NULL) tpn->tpn_comp = NULL; if (tport_is_secondary(self)) { tport_peer_address(self, msg); if (sdwn_after || close_after) self->tp_reusable = 0; } if (self->tp_pri->pri_vtable->vtp_prepare ? self->tp_pri->pri_vtable->vtp_prepare(self, msg, tpn, cc, mtu) < 0 : tport_prepare_and_send(self, msg, tpn, cc, mtu) < 0) return NULL; else return self; }",visit repo url,libsofia-sip-ua/tport/tport.c,https://github.com/davehorton/sofia-sip,113296044216878,1 2017,CWE-362,"int get_evtchn_to_irq(evtchn_port_t evtchn) { if (evtchn >= xen_evtchn_max_channels()) return -1; if (evtchn_to_irq[EVTCHN_ROW(evtchn)] == NULL) return -1; return evtchn_to_irq[EVTCHN_ROW(evtchn)][EVTCHN_COL(evtchn)]; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,6430717779714,1 6732,['CWE-310'],"nm_gconf_clear_keyring_items (NMConnection *connection) { NMSettingConnection *s_con; const char *uuid; GList *found_list = NULL; GnomeKeyringResult ret; GList *iter; g_return_if_fail (connection != NULL); s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); g_return_if_fail (s_con != NULL); uuid = nm_setting_connection_get_uuid (s_con); g_return_if_fail (uuid != NULL); pre_keyring_callback (); ret = gnome_keyring_find_itemsv_sync (GNOME_KEYRING_ITEM_GENERIC_SECRET, &found_list, KEYRING_UUID_TAG, GNOME_KEYRING_ATTRIBUTE_TYPE_STRING, nm_setting_connection_get_uuid (s_con), NULL); if (ret == GNOME_KEYRING_RESULT_OK) { for (iter = found_list; iter != NULL; iter = g_list_next (iter)) { GnomeKeyringFound *found = (GnomeKeyringFound *) iter->data; gnome_keyring_item_delete (found->keyring, found->item_id, delete_done, NULL, NULL); } gnome_keyring_found_list_free (found_list); } }",network-manager-applet,,,74053592539051706948502121641115528886,0 6189,CWE-190,"void fb_read_str(fb_t a, const char *str, int len, int radix) { bn_t t; bn_null(t); if (!valid_radix(radix)) { RLC_THROW(ERR_NO_VALID); } RLC_TRY { bn_new(t); bn_read_str(t, str, len, radix); if (bn_bits(t) > RLC_FB_BITS) { RLC_THROW(ERR_NO_BUFFER); } fb_zero(a); dv_copy(a, t->dp, t->used); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/fb/relic_fb_util.c,https://github.com/relic-toolkit/relic,237506844867364,1 3430,['CWE-264'],"static long do_splice(struct file *in, loff_t __user *off_in, struct file *out, loff_t __user *off_out, size_t len, unsigned int flags) { struct pipe_inode_info *pipe; loff_t offset, *off; long ret; pipe = in->f_dentry->d_inode->i_pipe; if (pipe) { if (off_in) return -ESPIPE; if (off_out) { if (out->f_op->llseek == no_llseek) return -EINVAL; if (copy_from_user(&offset, off_out, sizeof(loff_t))) return -EFAULT; off = &offset; } else off = &out->f_pos; ret = do_splice_from(pipe, out, off, len, flags); if (off_out && copy_to_user(off_out, off, sizeof(loff_t))) ret = -EFAULT; return ret; } pipe = out->f_dentry->d_inode->i_pipe; if (pipe) { if (off_out) return -ESPIPE; if (off_in) { if (in->f_op->llseek == no_llseek) return -EINVAL; if (copy_from_user(&offset, off_in, sizeof(loff_t))) return -EFAULT; off = &offset; } else off = &in->f_pos; ret = do_splice_to(in, off, pipe, len, flags); if (off_in && copy_to_user(off_in, off, sizeof(loff_t))) ret = -EFAULT; return ret; } return -EINVAL; }",linux-2.6,,,308743426811430849702322792936783687593,0 4226,CWE-74,"R_API size_t r_str_ansi_strip(char *str) { size_t i = 0; while (str[i]) { size_t chlen = __str_ansi_length (str + i); if (chlen > 1) { r_str_cpy (str + i + 1, str + i + chlen); } i++; } return i; }",visit repo url,libr/util/str.c,https://github.com/radareorg/radare2,1098998444799,1 1683,[],"void normalize_rt_tasks(void) { struct task_struct *g, *p; unsigned long flags; struct rq *rq; read_lock_irqsave(&tasklist_lock, flags); do_each_thread(g, p) { if (!p->mm) continue; p->se.exec_start = 0; #ifdef CONFIG_SCHEDSTATS p->se.wait_start = 0; p->se.sleep_start = 0; p->se.block_start = 0; #endif task_rq(p)->clock = 0; if (!rt_task(p)) { if (TASK_NICE(p) < 0 && p->mm) set_user_nice(p, 0); continue; } spin_lock(&p->pi_lock); rq = __task_rq_lock(p); normalize_task(rq, p); __task_rq_unlock(rq); spin_unlock(&p->pi_lock); } while_each_thread(g, p); read_unlock_irqrestore(&tasklist_lock, flags); }",linux-2.6,,,220043749593976346283700823969415405502,0 4581,CWE-476,"#ifndef GPAC_DISABLE_ISOM_HINTING void dump_isom_sdp(GF_ISOFile *file, char *inName, Bool is_final_name) { const char *sdp; u32 size, i; FILE *dump; if (inName) { char szBuf[1024]; strcpy(szBuf, inName); if (!is_final_name) { char *ext = strchr(szBuf, '.'); if (ext) ext[0] = 0; strcat(szBuf, ""_sdp.txt""); } dump = gf_fopen(szBuf, ""wt""); if (!dump) { fprintf(stderr, ""Failed to open %s for dumping\n"", szBuf); return; } } else { dump = stdout; fprintf(dump, ""* File SDP content *\n\n""); } gf_isom_sdp_get(file, &sdp, &size); fprintf(dump, ""%s"", sdp); fprintf(dump, ""\r\n""); for (i=0; iguest_debug & KVM_GUESTDBG_SINGLESTEP) vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO, GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS); if (vcpu->arch.nmi_pending && !vcpu->arch.nmi_injected) { if (vcpu->arch.interrupt.pending) { enable_nmi_window(vcpu); } else if (vcpu->arch.nmi_window_open) { vcpu->arch.nmi_pending = false; vcpu->arch.nmi_injected = true; } else { enable_nmi_window(vcpu); return; } } if (vcpu->arch.nmi_injected) { vmx_inject_nmi(vcpu); if (vcpu->arch.nmi_pending) enable_nmi_window(vcpu); else if (vcpu->arch.irq_summary || kvm_run->request_interrupt_window) enable_irq_window(vcpu); return; } if (vcpu->arch.interrupt_window_open) { if (vcpu->arch.irq_summary && !vcpu->arch.interrupt.pending) kvm_do_inject_irq(vcpu); if (vcpu->arch.interrupt.pending) vmx_inject_irq(vcpu, vcpu->arch.interrupt.nr); } if (!vcpu->arch.interrupt_window_open && (vcpu->arch.irq_summary || kvm_run->request_interrupt_window)) enable_irq_window(vcpu); }",linux-2.6,,,44928085267741754795444426727989894840,0 5645,CWE-269,"escapes(cp, tp) const char *cp; char *tp; { while (*cp) { int cval = 0, meta = 0; if (*cp == '\\' && cp[1] && index(""mM"", cp[1]) && cp[2]) { meta = 1; cp += 2; } if (*cp == '\\' && cp[1] && index(""0123456789xXoO"", cp[1]) && cp[2]) { NEARDATA const char hex[] = ""00112233445566778899aAbBcCdDeEfF""; const char *dp; int dcount = 0; cp++; if (*cp == 'x' || *cp == 'X') for (++cp; *cp && (dp = index(hex, *cp)) && (dcount++ < 2); cp++) cval = (cval * 16) + ((int)(dp - hex) / 2); else if (*cp == 'o' || *cp == 'O') for (++cp; *cp && (index(""01234567"",*cp)) && (dcount++ < 3); cp++) cval = (cval * 8) + (*cp - '0'); else for (; *cp && (index(""0123456789"",*cp)) && (dcount++ < 3); cp++) cval = (cval * 10) + (*cp - '0'); } else if (*cp == '\\' && cp[1]) { switch (*++cp) { case '\\': cval = '\\'; break; case 'n': cval = '\n'; break; case 't': cval = '\t'; break; case 'b': cval = '\b'; break; case 'r': cval = '\r'; break; default: cval = *cp; } cp++; } else if (*cp == '^' && cp[1]) { cval = (*++cp & 0x1f); cp++; } else cval = *cp++; if (meta) cval |= 0x80; *tp++ = cval; } *tp = '\0'; }",visit repo url,src/options.c,https://github.com/NetHack/NetHack,279687104823820,1 1773,[],"static void hrtick_clear(struct rq *rq) { if (hrtimer_active(&rq->hrtick_timer)) hrtimer_cancel(&rq->hrtick_timer); }",linux-2.6,,,88653874006361314774756386512823468642,0 189,[],"static int atrtr_ioctl(unsigned int cmd, void *arg) { struct rtentry rt; if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; switch (cmd) { case SIOCDELRT: if (rt.rt_dst.sa_family != AF_APPLETALK) return -EINVAL; return atrtr_delete(&((struct sockaddr_at *) &rt.rt_dst)->sat_addr); case SIOCADDRT: { struct net_device *dev = NULL; if (rt.rt_dev) { dev = __dev_get_by_name(rt.rt_dev); if (!dev) return -ENODEV; } return atrtr_create(&rt, dev); } } return -EINVAL; }",history,,,25481420792984083758882616491118751992,0 390,[],"pfm_read(struct file *filp, char __user *buf, size_t size, loff_t *ppos) { pfm_context_t *ctx; pfm_msg_t *msg; ssize_t ret; unsigned long flags; DECLARE_WAITQUEUE(wait, current); if (PFM_IS_FILE(filp) == 0) { printk(KERN_ERR ""perfmon: pfm_poll: bad magic [%d]\n"", current->pid); return -EINVAL; } ctx = (pfm_context_t *)filp->private_data; if (ctx == NULL) { printk(KERN_ERR ""perfmon: pfm_read: NULL ctx [%d]\n"", current->pid); return -EINVAL; } if (size < sizeof(pfm_msg_t)) { DPRINT((""message is too small ctx=%p (>=%ld)\n"", ctx, sizeof(pfm_msg_t))); return -EINVAL; } PROTECT_CTX(ctx, flags); add_wait_queue(&ctx->ctx_msgq_wait, &wait); for(;;) { set_current_state(TASK_INTERRUPTIBLE); DPRINT((""head=%d tail=%d\n"", ctx->ctx_msgq_head, ctx->ctx_msgq_tail)); ret = 0; if(PFM_CTXQ_EMPTY(ctx) == 0) break; UNPROTECT_CTX(ctx, flags); ret = -EAGAIN; if(filp->f_flags & O_NONBLOCK) break; if(signal_pending(current)) { ret = -EINTR; break; } schedule(); PROTECT_CTX(ctx, flags); } DPRINT((""[%d] back to running ret=%ld\n"", current->pid, ret)); set_current_state(TASK_RUNNING); remove_wait_queue(&ctx->ctx_msgq_wait, &wait); if (ret < 0) goto abort; ret = -EINVAL; msg = pfm_get_next_msg(ctx); if (msg == NULL) { printk(KERN_ERR ""perfmon: pfm_read no msg for ctx=%p [%d]\n"", ctx, current->pid); goto abort_locked; } DPRINT((""fd=%d type=%d\n"", msg->pfm_gen_msg.msg_ctx_fd, msg->pfm_gen_msg.msg_type)); ret = -EFAULT; if(copy_to_user(buf, msg, sizeof(pfm_msg_t)) == 0) ret = sizeof(pfm_msg_t); abort_locked: UNPROTECT_CTX(ctx, flags); abort: return ret; }",linux-2.6,,,3244568504160364066346782131133331459,0 6137,['CWE-200'],"int neigh_ifdown(struct neigh_table *tbl, struct net_device *dev) { int i; write_lock_bh(&tbl->lock); for (i = 0; i <= tbl->hash_mask; i++) { struct neighbour *n, **np = &tbl->hash_buckets[i]; while ((n = *np) != NULL) { if (dev && n->dev != dev) { np = &n->next; continue; } *np = n->next; write_lock(&n->lock); neigh_del_timer(n); n->dead = 1; if (atomic_read(&n->refcnt) != 1) { skb_queue_purge(&n->arp_queue); n->output = neigh_blackhole; if (n->nud_state & NUD_VALID) n->nud_state = NUD_NOARP; else n->nud_state = NUD_NONE; NEIGH_PRINTK2(""neigh %p is stray.\n"", n); } write_unlock(&n->lock); neigh_release(n); } } pneigh_ifdown(tbl, dev); write_unlock_bh(&tbl->lock); del_timer_sync(&tbl->proxy_timer); pneigh_queue_purge(&tbl->proxy_queue); return 0; }",linux-2.6,,,95235419158396761019364818630740787144,0 1400,[],"static inline u64 min_vruntime(u64 min_vruntime, u64 vruntime) { s64 delta = (s64)(vruntime - min_vruntime); if (delta < 0) min_vruntime = vruntime; return min_vruntime; }",linux-2.6,,,159257862537682391404038029453890068791,0 5683,['CWE-476'],"static int compat_udpv6_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { if (level != SOL_UDP) return compat_ipv6_getsockopt(sk, level, optname, optval, optlen); return do_udpv6_getsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,101848926955837935179240306741253755787,0 3458,CWE-362,"int my_redel(const char *org_name, const char *tmp_name, myf MyFlags) { int error=1; DBUG_ENTER(""my_redel""); DBUG_PRINT(""my"",(""org_name: '%s' tmp_name: '%s' MyFlags: %d"", org_name,tmp_name,MyFlags)); if (my_copystat(org_name,tmp_name,MyFlags) < 0) goto end; if (MyFlags & MY_REDEL_MAKE_BACKUP) { char name_buff[FN_REFLEN+20]; char ext[20]; ext[0]='-'; get_date(ext+1,2+4,(time_t) 0); strmov(strend(ext),REDEL_EXT); if (my_rename(org_name, fn_format(name_buff, org_name, """", ext, 2), MyFlags)) goto end; } else if (my_delete_allow_opened(org_name, MyFlags)) goto end; if (my_rename(tmp_name,org_name,MyFlags)) goto end; error=0; end: DBUG_RETURN(error); } ",visit repo url,mysys/my_redel.c,https://github.com/mysql/mysql-server,185598809863854,1 6437,CWE-20,"error_t ftpClientParsePwdReply(FtpClientContext *context, char_t *path, size_t maxLen) { size_t length; char_t *p; p = strrchr(context->buffer, '\""'); if(p == NULL) return ERROR_INVALID_SYNTAX; *p = '\0'; p = strchr(context->buffer, '\""'); if(p == NULL) return ERROR_INVALID_SYNTAX; length = osStrlen(p + 1); length = MIN(length, maxLen); osStrncpy(path, p + 1, length); path[length] = '\0'; return NO_ERROR; }",visit repo url,ftp/ftp_client_misc.c,https://github.com/Oryx-Embedded/CycloneTCP,19310442629450,1 1457,CWE-17,"int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname, int flen) { struct ustr *filename, *unifilename; int len = 0; filename = kmalloc(sizeof(struct ustr), GFP_NOFS); if (!filename) return 0; unifilename = kmalloc(sizeof(struct ustr), GFP_NOFS); if (!unifilename) goto out1; if (udf_build_ustr_exact(unifilename, sname, flen)) goto out2; if (UDF_QUERY_FLAG(sb, UDF_FLAG_UTF8)) { if (!udf_CS0toUTF8(filename, unifilename)) { udf_debug(""Failed in udf_get_filename: sname = %s\n"", sname); goto out2; } } else if (UDF_QUERY_FLAG(sb, UDF_FLAG_NLS_MAP)) { if (!udf_CS0toNLS(UDF_SB(sb)->s_nls_map, filename, unifilename)) { udf_debug(""Failed in udf_get_filename: sname = %s\n"", sname); goto out2; } } else goto out2; len = udf_translate_to_linux(dname, filename->u_name, filename->u_len, unifilename->u_name, unifilename->u_len); out2: kfree(unifilename); out1: kfree(filename); return len; }",visit repo url,fs/udf/unicode.c,https://github.com/torvalds/linux,214903632852278,1 1988,['CWE-20'],"int make_pages_present(unsigned long addr, unsigned long end) { int ret, len, write; struct vm_area_struct * vma; vma = find_vma(current->mm, addr); if (!vma) return -1; write = (vma->vm_flags & VM_WRITE) != 0; BUG_ON(addr >= end); BUG_ON(end > vma->vm_end); len = DIV_ROUND_UP(end, PAGE_SIZE) - addr/PAGE_SIZE; ret = get_user_pages(current, current->mm, addr, len, write, 0, NULL, NULL); if (ret < 0) return ret; return ret == len ? 0 : -1; }",linux-2.6,,,146169745831008062399740010391753403206,0 4398,['CWE-264'],"int sock_no_getname(struct socket *sock, struct sockaddr *saddr, int *len, int peer) { return -EOPNOTSUPP; }",linux-2.6,,,263581903653522228430619311902589073869,0 5832,['CWE-200'],"static int econet_create(struct net *net, struct socket *sock, int protocol) { struct sock *sk; struct econet_sock *eo; int err; if (net != &init_net) return -EAFNOSUPPORT; if (sock->type != SOCK_DGRAM) return -ESOCKTNOSUPPORT; sock->state = SS_UNCONNECTED; err = -ENOBUFS; sk = sk_alloc(net, PF_ECONET, GFP_KERNEL, &econet_proto); if (sk == NULL) goto out; sk->sk_reuse = 1; sock->ops = &econet_ops; sock_init_data(sock, sk); eo = ec_sk(sk); sock_reset_flag(sk, SOCK_ZAPPED); sk->sk_family = PF_ECONET; eo->num = protocol; econet_insert_socket(&econet_sklist, sk); return(0); out: return err; }",linux-2.6,,,404536188742799155125857946116183161,0 5217,['CWE-20'],"static void vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4) { unsigned long hw_cr4 = cr4 | (vcpu->arch.rmode.active ? KVM_RMODE_VM_CR4_ALWAYS_ON : KVM_PMODE_VM_CR4_ALWAYS_ON); vcpu->arch.cr4 = cr4; if (vm_need_ept()) ept_update_paging_mode_cr4(&hw_cr4, vcpu); vmcs_writel(CR4_READ_SHADOW, cr4); vmcs_writel(GUEST_CR4, hw_cr4); }",linux-2.6,,,81353471289976636394813563860518431382,0 3474,['CWE-20'],"sctp_disposition_t sctp_sf_t4_timer_expire( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = asoc->addip_last_asconf; struct sctp_transport *transport = chunk->transport; SCTP_INC_STATS(SCTP_MIB_T4_RTO_EXPIREDS); sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport)); sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk)); if (asoc->overall_error_count >= asoc->max_retrans) { sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ETIMEDOUT)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_NO_ERROR)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); SCTP_INC_STATS(SCTP_MIB_CURRESTAB); return SCTP_DISPOSITION_ABORT; } sctp_chunk_hold(asoc->addip_last_asconf); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asoc->addip_last_asconf)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,214148037313473503279553484042114936813,0 3003,['CWE-189'],"jas_stream_t *jas_stream_fdopen(int fd, const char *mode) { jas_stream_t *stream; jas_stream_fileobj_t *obj; if (!(stream = jas_stream_create())) { return 0; } stream->openmode_ = jas_strtoopenmode(mode); #if defined(WIN32) if (stream->openmode_ & JAS_STREAM_BINARY) { setmode(fd, O_BINARY); } #endif if (!(obj = jas_malloc(sizeof(jas_stream_fileobj_t)))) { jas_stream_destroy(stream); return 0; } obj->fd = fd; obj->flags = 0; obj->pathname[0] = '\0'; stream->obj_ = (void *) obj; obj->flags |= JAS_STREAM_FILEOBJ_NOCLOSE; jas_stream_initbuf(stream, JAS_STREAM_FULLBUF, 0, 0); stream->ops_ = &jas_stream_fileops; return stream; }",jasper,,,237234290430623959186842056062961563549,0 4882,['CWE-189'],"void ecryptfs_destroy_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) { struct ecryptfs_key_sig *key_sig, *key_sig_tmp; if (crypt_stat->tfm) crypto_free_blkcipher(crypt_stat->tfm); if (crypt_stat->hash_tfm) crypto_free_hash(crypt_stat->hash_tfm); mutex_lock(&crypt_stat->keysig_list_mutex); list_for_each_entry_safe(key_sig, key_sig_tmp, &crypt_stat->keysig_list, crypt_stat_list) { list_del(&key_sig->crypt_stat_list); kmem_cache_free(ecryptfs_key_sig_cache, key_sig); } mutex_unlock(&crypt_stat->keysig_list_mutex); memset(crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); }",linux-2.6,,,32384700665250473446489558679271884579,0 5201,CWE-74,"flatpak_run_add_environment_args (FlatpakBwrap *bwrap, const char *app_info_path, FlatpakRunFlags flags, const char *app_id, FlatpakContext *context, GFile *app_id_dir, GPtrArray *previous_app_id_dirs, FlatpakExports **exports_out, GCancellable *cancellable, GError **error) { g_autoptr(GError) my_error = NULL; g_autoptr(FlatpakExports) exports = NULL; g_autoptr(FlatpakBwrap) proxy_arg_bwrap = flatpak_bwrap_new (flatpak_bwrap_empty_env); gboolean has_wayland = FALSE; gboolean allow_x11 = FALSE; if ((context->shares & FLATPAK_CONTEXT_SHARED_IPC) == 0) { g_debug (""Disallowing ipc access""); flatpak_bwrap_add_args (bwrap, ""--unshare-ipc"", NULL); } if ((context->shares & FLATPAK_CONTEXT_SHARED_NETWORK) == 0) { g_debug (""Disallowing network access""); flatpak_bwrap_add_args (bwrap, ""--unshare-net"", NULL); } if (context->devices & FLATPAK_CONTEXT_DEVICE_ALL) { flatpak_bwrap_add_args (bwrap, ""--dev-bind"", ""/dev"", ""/dev"", NULL); if (g_file_test (""/dev/shm"", G_FILE_TEST_IS_DIR)) { if ((context->devices & FLATPAK_CONTEXT_DEVICE_SHM) == 0) flatpak_bwrap_add_args (bwrap, ""--tmpfs"", ""/dev/shm"", NULL); } else if (g_file_test (""/dev/shm"", G_FILE_TEST_IS_SYMLINK)) { g_autofree char *link = flatpak_readlink (""/dev/shm"", NULL); if (g_strcmp0 (link, ""/run/shm"") == 0) { if (context->devices & FLATPAK_CONTEXT_DEVICE_SHM && g_file_test (""/run/shm"", G_FILE_TEST_IS_DIR)) flatpak_bwrap_add_args (bwrap, ""--bind"", ""/run/shm"", ""/run/shm"", NULL); else flatpak_bwrap_add_args (bwrap, ""--dir"", ""/run/shm"", NULL); } else g_warning (""Unexpected /dev/shm symlink %s"", link); } } else { flatpak_bwrap_add_args (bwrap, ""--dev"", ""/dev"", NULL); if (context->devices & FLATPAK_CONTEXT_DEVICE_DRI) { g_debug (""Allowing dri access""); int i; char *dri_devices[] = { ""/dev/dri"", ""/dev/mali"", ""/dev/mali0"", ""/dev/umplock"", ""/dev/nvidiactl"", ""/dev/nvidia-modeset"", ""/dev/nvidia-uvm"", ""/dev/nvidia-uvm-tools"", }; for (i = 0; i < G_N_ELEMENTS (dri_devices); i++) { if (g_file_test (dri_devices[i], G_FILE_TEST_EXISTS)) flatpak_bwrap_add_args (bwrap, ""--dev-bind"", dri_devices[i], dri_devices[i], NULL); } char nvidia_dev[14]; for (i = 0; i < 20; i++) { g_snprintf (nvidia_dev, sizeof (nvidia_dev), ""/dev/nvidia%d"", i); if (g_file_test (nvidia_dev, G_FILE_TEST_EXISTS)) flatpak_bwrap_add_args (bwrap, ""--dev-bind"", nvidia_dev, nvidia_dev, NULL); } } if (context->devices & FLATPAK_CONTEXT_DEVICE_KVM) { g_debug (""Allowing kvm access""); if (g_file_test (""/dev/kvm"", G_FILE_TEST_EXISTS)) flatpak_bwrap_add_args (bwrap, ""--dev-bind"", ""/dev/kvm"", ""/dev/kvm"", NULL); } if (context->devices & FLATPAK_CONTEXT_DEVICE_SHM) { g_autofree char *real_dev_shm = realpath (""/dev/shm"", NULL); g_debug (""Allowing /dev/shm access (as %s)"", real_dev_shm); if (real_dev_shm != NULL) flatpak_bwrap_add_args (bwrap, ""--bind"", real_dev_shm, ""/dev/shm"", NULL); } } flatpak_context_append_bwrap_filesystem (context, bwrap, app_id, app_id_dir, previous_app_id_dirs, &exports); if (context->sockets & FLATPAK_CONTEXT_SOCKET_WAYLAND) { g_debug (""Allowing wayland access""); has_wayland = flatpak_run_add_wayland_args (bwrap); } if ((context->sockets & FLATPAK_CONTEXT_SOCKET_FALLBACK_X11) != 0) allow_x11 = !has_wayland; else allow_x11 = (context->sockets & FLATPAK_CONTEXT_SOCKET_X11) != 0; flatpak_run_add_x11_args (bwrap, allow_x11); if (context->sockets & FLATPAK_CONTEXT_SOCKET_SSH_AUTH) { flatpak_run_add_ssh_args (bwrap); } if (context->sockets & FLATPAK_CONTEXT_SOCKET_PULSEAUDIO) { g_debug (""Allowing pulseaudio access""); flatpak_run_add_pulseaudio_args (bwrap); } if (context->sockets & FLATPAK_CONTEXT_SOCKET_PCSC) { flatpak_run_add_pcsc_args (bwrap); } if (context->sockets & FLATPAK_CONTEXT_SOCKET_CUPS) { flatpak_run_add_cups_args (bwrap); } flatpak_run_add_session_dbus_args (bwrap, proxy_arg_bwrap, context, flags, app_id); flatpak_run_add_system_dbus_args (bwrap, proxy_arg_bwrap, context, flags); flatpak_run_add_a11y_dbus_args (bwrap, proxy_arg_bwrap, context, flags); if (g_environ_getenv (bwrap->envp, ""LD_LIBRARY_PATH"") != NULL) { flatpak_bwrap_add_args (bwrap, ""--setenv"", ""LD_LIBRARY_PATH"", g_environ_getenv (bwrap->envp, ""LD_LIBRARY_PATH""), NULL); flatpak_bwrap_unset_env (bwrap, ""LD_LIBRARY_PATH""); } if (g_environ_getenv (bwrap->envp, ""TMPDIR"") != NULL) { flatpak_bwrap_add_args (bwrap, ""--setenv"", ""TMPDIR"", g_environ_getenv (bwrap->envp, ""TMPDIR""), NULL); flatpak_bwrap_unset_env (bwrap, ""TMPDIR""); } if (!flatpak_run_in_transient_unit (app_id, &my_error)) { g_debug (""Failed to run in transient scope: %s"", my_error->message); g_clear_error (&my_error); } if (!flatpak_bwrap_is_empty (proxy_arg_bwrap) && !start_dbus_proxy (bwrap, proxy_arg_bwrap, app_info_path, error)) return FALSE; if (exports_out) *exports_out = g_steal_pointer (&exports); return TRUE; }",visit repo url,common/flatpak-run.c,https://github.com/flatpak/flatpak,144435064294351,1 1698,NVD-CWE-noinfo,"static void adjust_branches(struct bpf_prog *prog, int pos, int delta) { struct bpf_insn *insn = prog->insnsi; int insn_cnt = prog->len; int i; for (i = 0; i < insn_cnt; i++, insn++) { if (BPF_CLASS(insn->code) != BPF_JMP || BPF_OP(insn->code) == BPF_CALL || BPF_OP(insn->code) == BPF_EXIT) continue; if (i < pos && i + insn->off + 1 > pos) insn->off += delta; else if (i > pos && i + insn->off + 1 < pos) insn->off -= delta; } }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,2296481081849,1 5151,['CWE-20'],"static void setup_msrs(struct vcpu_vmx *vmx) { int save_nmsrs; vmx_load_host_state(vmx); save_nmsrs = 0; #ifdef CONFIG_X86_64 if (is_long_mode(&vmx->vcpu)) { int index; index = __find_msr_index(vmx, MSR_SYSCALL_MASK); if (index >= 0) move_msr_up(vmx, index, save_nmsrs++); index = __find_msr_index(vmx, MSR_LSTAR); if (index >= 0) move_msr_up(vmx, index, save_nmsrs++); index = __find_msr_index(vmx, MSR_CSTAR); if (index >= 0) move_msr_up(vmx, index, save_nmsrs++); index = __find_msr_index(vmx, MSR_KERNEL_GS_BASE); if (index >= 0) move_msr_up(vmx, index, save_nmsrs++); index = __find_msr_index(vmx, MSR_K6_STAR); if ((index >= 0) && (vmx->vcpu.arch.shadow_efer & EFER_SCE)) move_msr_up(vmx, index, save_nmsrs++); } #endif vmx->save_nmsrs = save_nmsrs; #ifdef CONFIG_X86_64 vmx->msr_offset_kernel_gs_base = __find_msr_index(vmx, MSR_KERNEL_GS_BASE); #endif vmx->msr_offset_efer = __find_msr_index(vmx, MSR_EFER); }",linux-2.6,,,126331572173895626121110637408097650690,0 3030,CWE-119,"static void gdCtxPrintf(gdIOCtx * out, const char *format, ...) { char buf[4096]; int len; va_list args; va_start(args, format); len = vsnprintf(buf, sizeof(buf)-1, format, args); va_end(args); out->putBuf(out, buf, len); }",visit repo url,src/gd_xbm.c,https://github.com/libgd/libgd,126790609329470,1 2055,['CWE-269'],"static struct vfsmount *skip_mnt_tree(struct vfsmount *p) { struct list_head *prev = p->mnt_mounts.prev; while (prev != &p->mnt_mounts) { p = list_entry(prev, struct vfsmount, mnt_child); prev = p->mnt_mounts.prev; } return p; }",linux-2.6,,,270965663712336375135290151325241232805,0 4917,['CWE-20'],"static int nfs_dentry_delete(struct dentry *dentry) { dfprintk(VFS, ""NFS: dentry_delete(%s/%s, %x)\n"", dentry->d_parent->d_name.name, dentry->d_name.name, dentry->d_flags); if (dentry->d_flags & DCACHE_NFSFS_RENAMED) { return 1; } if (!(dentry->d_sb->s_flags & MS_ACTIVE)) { return 1; } return 0; }",linux-2.6,,,3643478978007813679456587892923801817,0 6267,['CWE-200'],"static int rtnetlink_done(struct netlink_callback *cb) { return 0; }",linux-2.6,,,265120402275622297714793630529563840561,0 56,CWE-763,"spnego_gss_get_mic( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token) { OM_uint32 ret; ret = gss_get_mic(minor_status, context_handle, qop_req, message_buffer, message_token); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,9005515085524,1 1298,CWE-476,"static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp, struct cftype *cft, struct eventfd_ctx *eventfd) { struct mem_cgroup *memcg = mem_cgroup_from_cont(cgrp); struct mem_cgroup_thresholds *thresholds; struct mem_cgroup_threshold_ary *new; int type = MEMFILE_TYPE(cft->private); u64 usage; int i, j, size; mutex_lock(&memcg->thresholds_lock); if (type == _MEM) thresholds = &memcg->thresholds; else if (type == _MEMSWAP) thresholds = &memcg->memsw_thresholds; else BUG(); BUG_ON(!thresholds); usage = mem_cgroup_usage(memcg, type == _MEMSWAP); __mem_cgroup_threshold(memcg, type == _MEMSWAP); size = 0; for (i = 0; i < thresholds->primary->size; i++) { if (thresholds->primary->entries[i].eventfd != eventfd) size++; } new = thresholds->spare; if (!size) { kfree(new); new = NULL; goto swap_buffers; } new->size = size; new->current_threshold = -1; for (i = 0, j = 0; i < thresholds->primary->size; i++) { if (thresholds->primary->entries[i].eventfd == eventfd) continue; new->entries[j] = thresholds->primary->entries[i]; if (new->entries[j].threshold < usage) { ++new->current_threshold; } j++; } swap_buffers: thresholds->spare = thresholds->primary; rcu_assign_pointer(thresholds->primary, new); synchronize_rcu(); mutex_unlock(&memcg->thresholds_lock); }",visit repo url,mm/memcontrol.c,https://github.com/torvalds/linux,132870502175505,1 975,CWE-416,"int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) { struct snd_ctl_elem_id id; unsigned int idx; int err = -EINVAL; if (! kcontrol) return err; if (snd_BUG_ON(!card || !kcontrol->info)) goto error; id = kcontrol->id; down_write(&card->controls_rwsem); if (snd_ctl_find_id(card, &id)) { up_write(&card->controls_rwsem); dev_err(card->dev, ""control %i:%i:%i:%s:%i is already present\n"", id.iface, id.device, id.subdevice, id.name, id.index); err = -EBUSY; goto error; } if (snd_ctl_find_hole(card, kcontrol->count) < 0) { up_write(&card->controls_rwsem); err = -ENOMEM; goto error; } list_add_tail(&kcontrol->list, &card->controls); card->controls_count += kcontrol->count; kcontrol->id.numid = card->last_numid + 1; card->last_numid += kcontrol->count; up_write(&card->controls_rwsem); for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++) snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); return 0; error: snd_ctl_free_one(kcontrol); return err; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,264270759757913,1 905,CWE-362,"static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp) { ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT; shm_rmid(ns, shp); shm_unlock(shp); if (!is_file_hugepages(shp->shm_file)) shmem_lock(shp->shm_file, 0, shp->mlock_user); else if (shp->mlock_user) user_shm_unlock(file_inode(shp->shm_file)->i_size, shp->mlock_user); fput (shp->shm_file); ipc_rcu_putref(shp, shm_rcu_free); }",visit repo url,ipc/shm.c,https://github.com/torvalds/linux,9233086655689,1 4021,['CWE-362'],"void inotify_d_instantiate(struct dentry *entry, struct inode *inode) { struct dentry *parent; if (!inode) return; spin_lock(&entry->d_lock); parent = entry->d_parent; if (parent->d_inode && inotify_inode_watched(parent->d_inode)) entry->d_flags |= DCACHE_INOTIFY_PARENT_WATCHED; spin_unlock(&entry->d_lock); }",linux-2.6,,,21186938017093474072733619266585571777,0 5640,['CWE-476'],"static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket) { struct inet_sock *inet = inet_sk(sp); struct ipv6_pinfo *np = inet6_sk(sp); struct in6_addr *dest, *src; __u16 destp, srcp; dest = &np->daddr; src = &np->rcv_saddr; destp = ntohs(inet->dport); srcp = ntohs(inet->sport); seq_printf(seq, ""%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "" ""%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p\n"", bucket, src->s6_addr32[0], src->s6_addr32[1], src->s6_addr32[2], src->s6_addr32[3], srcp, dest->s6_addr32[0], dest->s6_addr32[1], dest->s6_addr32[2], dest->s6_addr32[3], destp, sp->sk_state, atomic_read(&sp->sk_wmem_alloc), atomic_read(&sp->sk_rmem_alloc), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp); }",linux-2.6,,,238964943826249580319880455039149253043,0 4439,CWE-787,"mrb_remove_method(mrb_state *mrb, struct RClass *c, mrb_sym mid) { mt_tbl *h; MRB_CLASS_ORIGIN(c); h = c->mt; if (h && mt_del(mrb, h, mid)) return; mrb_name_error(mrb, mid, ""method '%n' not defined in %C"", mid, c); }",visit repo url,src/class.c,https://github.com/mruby/mruby,74407301563626,1 2653,CWE-125,"static void get_icu_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAMETERS) { const char* loc_name = NULL; int loc_name_len = 0; char* tag_value = NULL; char* empty_result = """"; int result = 0; char* msg = NULL; UErrorCode status = U_ZERO_ERROR; intl_error_reset( NULL TSRMLS_CC ); if(zend_parse_parameters( ZEND_NUM_ARGS() TSRMLS_CC, ""s"", &loc_name ,&loc_name_len ) == FAILURE) { spprintf(&msg , 0, ""locale_get_%s : unable to parse input params"", tag_name ); intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, msg , 1 TSRMLS_CC ); efree(msg); RETURN_FALSE; } if(loc_name_len == 0) { loc_name = intl_locale_get_default(TSRMLS_C); } tag_value = get_icu_value_internal( loc_name , tag_name , &result ,0); if( result == -1 ) { if( tag_value){ efree( tag_value); } RETURN_STRING( empty_result , TRUE); } if( tag_value){ RETURN_STRING( tag_value , FALSE); } if( result ==0) { spprintf(&msg , 0, ""locale_get_%s : unable to get locale %s"", tag_name , tag_name ); intl_error_set( NULL, status, msg , 1 TSRMLS_CC ); efree(msg); RETURN_NULL(); } }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,69782223218595,1 4678,CWE-732,"M_fs_error_t M_fs_move(const char *path_old, const char *path_new, M_uint32 mode, M_fs_progress_cb_t cb, M_uint32 progress_flags) { char *norm_path_old; char *norm_path_new; char *resolve_path; M_fs_info_t *info; M_fs_progress_t *progress = NULL; M_uint64 entry_size; M_fs_error_t res; if (path_old == NULL || *path_old == '\0' || path_new == NULL || *path_new == '\0') { return M_FS_ERROR_INVALID; } res = M_fs_path_norm(&norm_path_new, path_new, M_FS_PATH_NORM_RESDIR, M_FS_SYSTEM_AUTO); if (res != M_FS_ERROR_SUCCESS) { M_free(norm_path_new); return res; } if (M_fs_isfileintodir(path_old, path_new, &norm_path_old)) { M_free(norm_path_new); res = M_fs_move(path_old, norm_path_old, mode, cb, progress_flags); M_free(norm_path_old); return res; } res = M_fs_path_norm(&norm_path_old, path_old, M_FS_PATH_NORM_RESALL, M_FS_SYSTEM_AUTO); if (res != M_FS_ERROR_SUCCESS) { M_free(norm_path_new); M_free(norm_path_old); return res; } progress = M_fs_progress_create(); res = M_fs_info(&info, path_old, (mode & M_FS_FILE_MODE_PRESERVE_PERMS)?M_FS_PATH_INFO_FLAGS_NONE:M_FS_PATH_INFO_FLAGS_BASIC); if (res != M_FS_ERROR_SUCCESS) { M_fs_progress_destroy(progress); M_free(norm_path_new); M_free(norm_path_old); return res; } if (!M_fs_check_overwrite_allowed(norm_path_old, norm_path_new, mode)) { M_fs_progress_destroy(progress); M_free(norm_path_new); M_free(norm_path_old); return M_FS_ERROR_FILE_EXISTS; } if (cb) { entry_size = M_fs_info_get_size(info); M_fs_progress_set_path(progress, norm_path_new); M_fs_progress_set_type(progress, M_fs_info_get_type(info)); if (progress_flags & M_FS_PROGRESS_SIZE_TOTAL) { M_fs_progress_set_size_total(progress, entry_size); M_fs_progress_set_size_total_progess(progress, entry_size); } if (progress_flags & M_FS_PROGRESS_SIZE_CUR) { M_fs_progress_set_size_current(progress, entry_size); M_fs_progress_set_size_current_progress(progress, entry_size); } if (progress_flags & M_FS_PROGRESS_COUNT) { M_fs_progress_set_count_total(progress, 1); M_fs_progress_set_count(progress, 1); } } if (M_fs_info_get_type(info) == M_FS_TYPE_SYMLINK) { res = M_fs_path_readlink(&resolve_path, norm_path_old); if (res == M_FS_ERROR_SUCCESS) { res = M_fs_symlink(norm_path_new, resolve_path); } M_free(resolve_path); } else { res = M_fs_move_file(norm_path_old, norm_path_new); } if (res == M_FS_ERROR_NOT_SAMEDEV) { if (M_fs_copy(norm_path_old, norm_path_new, mode, cb, progress_flags) == M_FS_ERROR_SUCCESS) { res = M_fs_delete(norm_path_old, M_TRUE, NULL, M_FS_PROGRESS_NOEXTRA); } else { if (!(mode & M_FS_FILE_MODE_OVERWRITE)) { M_fs_delete(norm_path_new, M_TRUE, NULL, M_FS_PROGRESS_NOEXTRA); } res = M_FS_ERROR_GENERIC; } } else { if (cb) { M_fs_progress_set_result(progress, res); if (!cb(progress)) { res = M_FS_ERROR_CANCELED; } } } M_fs_info_destroy(info); M_fs_progress_destroy(progress); M_free(norm_path_new); M_free(norm_path_old); return res; }",visit repo url,base/fs/m_fs.c,https://github.com/Monetra/mstdlib,48921938564470,1 2456,['CWE-119'],"enum commit_action simplify_commit(struct rev_info *revs, struct commit *commit) { if (commit->object.flags & SHOWN) return commit_ignore; if (revs->unpacked && has_sha1_pack(commit->object.sha1, revs->ignore_packed)) return commit_ignore; if (revs->show_all) return commit_show; if (commit->object.flags & UNINTERESTING) return commit_ignore; if (revs->min_age != -1 && (commit->date > revs->min_age)) return commit_ignore; if (revs->no_merges && commit->parents && commit->parents->next) return commit_ignore; if (!commit_match(commit, revs)) return commit_ignore; if (revs->prune && revs->dense) { if (commit->object.flags & TREESAME) { if (!revs->rewrite_parents) return commit_ignore; if (!commit->parents || !commit->parents->next) return commit_ignore; } if (revs->rewrite_parents && rewrite_parents(revs, commit) < 0) return commit_error; } return commit_show; }",git,,,198691329459764630659066850221267925498,0 693,[],"static int jpc_siz_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_siz_t *siz = &ms->parms.siz; unsigned int i; uint_fast8_t tmp; cstate = 0; if (jpc_getuint16(in, &siz->caps) || jpc_getuint32(in, &siz->width) || jpc_getuint32(in, &siz->height) || jpc_getuint32(in, &siz->xoff) || jpc_getuint32(in, &siz->yoff) || jpc_getuint32(in, &siz->tilewidth) || jpc_getuint32(in, &siz->tileheight) || jpc_getuint32(in, &siz->tilexoff) || jpc_getuint32(in, &siz->tileyoff) || jpc_getuint16(in, &siz->numcomps)) { return -1; } if (!siz->width || !siz->height || !siz->tilewidth || !siz->tileheight || !siz->numcomps) { return -1; } if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { return -1; } for (i = 0; i < siz->numcomps; ++i) { if (jpc_getuint8(in, &tmp) || jpc_getuint8(in, &siz->comps[i].hsamp) || jpc_getuint8(in, &siz->comps[i].vsamp)) { jas_free(siz->comps); return -1; } if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) { jas_eprintf(""invalid XRsiz value %d\n"", siz->comps[i].hsamp); jas_free(siz->comps); return -1; } if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) { jas_eprintf(""invalid YRsiz value %d\n"", siz->comps[i].vsamp); jas_free(siz->comps); return -1; } siz->comps[i].sgnd = (tmp >> 7) & 1; siz->comps[i].prec = (tmp & 0x7f) + 1; } if (jas_stream_eof(in)) { jas_free(siz->comps); return -1; } return 0; }",jasper,,,163056659276578656112280739535192073137,0 3893,['CWE-399'],"static int chip_command(struct i2c_client *client, unsigned int cmd, void *arg) { struct CHIPSTATE *chip = i2c_get_clientdata(client); struct CHIPDESC *desc = chip->desc; if (debug > 0) { v4l_i2c_print_ioctl(chip->c, cmd); printk(""\n""); } switch (cmd) { case AUDC_SET_RADIO: chip->radio = 1; chip->watch_stereo = 0; break; case VIDIOC_QUERYCTRL: { struct v4l2_queryctrl *qc = arg; switch (qc->id) { case V4L2_CID_AUDIO_MUTE: break; case V4L2_CID_AUDIO_VOLUME: case V4L2_CID_AUDIO_BALANCE: if (!(desc->flags & CHIP_HAS_VOLUME)) return -EINVAL; break; case V4L2_CID_AUDIO_BASS: case V4L2_CID_AUDIO_TREBLE: if (!(desc->flags & CHIP_HAS_BASSTREBLE)) return -EINVAL; break; default: return -EINVAL; } return v4l2_ctrl_query_fill_std(qc); } case VIDIOC_S_CTRL: return tvaudio_set_ctrl(chip, arg); case VIDIOC_G_CTRL: return tvaudio_get_ctrl(chip, arg); case VIDIOC_INT_G_AUDIO_ROUTING: { struct v4l2_routing *rt = arg; rt->input = chip->input; rt->output = 0; break; } case VIDIOC_INT_S_AUDIO_ROUTING: { struct v4l2_routing *rt = arg; if (!(desc->flags & CHIP_HAS_INPUTSEL) || rt->input >= 4) return -EINVAL; chip->input = rt->input; if (chip->muted) break; chip_write_masked(chip, desc->inputreg, desc->inputmap[chip->input], desc->inputmask); break; } case VIDIOC_S_TUNER: { struct v4l2_tuner *vt = arg; int mode = 0; if (chip->radio) break; switch (vt->audmode) { case V4L2_TUNER_MODE_MONO: case V4L2_TUNER_MODE_STEREO: case V4L2_TUNER_MODE_LANG1: case V4L2_TUNER_MODE_LANG2: mode = vt->audmode; break; case V4L2_TUNER_MODE_LANG1_LANG2: mode = V4L2_TUNER_MODE_STEREO; break; default: return -EINVAL; } chip->audmode = vt->audmode; if (desc->setmode && mode) { chip->watch_stereo = 0; chip->mode = mode; desc->setmode(chip, mode); } break; } case VIDIOC_G_TUNER: { struct v4l2_tuner *vt = arg; int mode = V4L2_TUNER_MODE_MONO; if (chip->radio) break; vt->audmode = chip->audmode; vt->rxsubchans = 0; vt->capability = V4L2_TUNER_CAP_STEREO | V4L2_TUNER_CAP_LANG1 | V4L2_TUNER_CAP_LANG2; if (desc->getmode) mode = desc->getmode(chip); if (mode & V4L2_TUNER_MODE_MONO) vt->rxsubchans |= V4L2_TUNER_SUB_MONO; if (mode & V4L2_TUNER_MODE_STEREO) vt->rxsubchans |= V4L2_TUNER_SUB_STEREO; if (mode & V4L2_TUNER_MODE_LANG1) vt->rxsubchans = V4L2_TUNER_SUB_LANG1 | V4L2_TUNER_SUB_LANG2; break; } case VIDIOC_S_STD: chip->radio = 0; break; case VIDIOC_S_FREQUENCY: chip->mode = 0; if (chip->thread) { desc->setmode(chip,V4L2_TUNER_MODE_MONO); if (chip->prevmode != V4L2_TUNER_MODE_MONO) chip->prevmode = -1; mod_timer(&chip->wt, jiffies+msecs_to_jiffies(2000)); } break; case VIDIOC_G_CHIP_IDENT: return v4l2_chip_ident_i2c_client(client, arg, V4L2_IDENT_TVAUDIO, 0); } return 0; }",linux-2.6,,,39700750793754414559297884948746696909,0 2112,CWE-863,"static __always_inline ssize_t __mcopy_atomic_hugetlb(struct mm_struct *dst_mm, struct vm_area_struct *dst_vma, unsigned long dst_start, unsigned long src_start, unsigned long len, bool zeropage) { int vm_alloc_shared = dst_vma->vm_flags & VM_SHARED; int vm_shared = dst_vma->vm_flags & VM_SHARED; ssize_t err; pte_t *dst_pte; unsigned long src_addr, dst_addr; long copied; struct page *page; struct hstate *h; unsigned long vma_hpagesize; pgoff_t idx; u32 hash; struct address_space *mapping; if (zeropage) { up_read(&dst_mm->mmap_sem); return -EINVAL; } src_addr = src_start; dst_addr = dst_start; copied = 0; page = NULL; vma_hpagesize = vma_kernel_pagesize(dst_vma); err = -EINVAL; if (dst_start & (vma_hpagesize - 1) || len & (vma_hpagesize - 1)) goto out_unlock; retry: if (!dst_vma) { err = -ENOENT; dst_vma = find_vma(dst_mm, dst_start); if (!dst_vma || !is_vm_hugetlb_page(dst_vma)) goto out_unlock; if (!dst_vma->vm_userfaultfd_ctx.ctx) goto out_unlock; if (dst_start < dst_vma->vm_start || dst_start + len > dst_vma->vm_end) goto out_unlock; err = -EINVAL; if (vma_hpagesize != vma_kernel_pagesize(dst_vma)) goto out_unlock; vm_shared = dst_vma->vm_flags & VM_SHARED; } if (WARN_ON(dst_addr & (vma_hpagesize - 1) || (len - copied) & (vma_hpagesize - 1))) goto out_unlock; err = -ENOMEM; if (!vm_shared) { if (unlikely(anon_vma_prepare(dst_vma))) goto out_unlock; } h = hstate_vma(dst_vma); while (src_addr < src_start + len) { pte_t dst_pteval; BUG_ON(dst_addr >= dst_start + len); VM_BUG_ON(dst_addr & ~huge_page_mask(h)); idx = linear_page_index(dst_vma, dst_addr); mapping = dst_vma->vm_file->f_mapping; hash = hugetlb_fault_mutex_hash(h, dst_mm, dst_vma, mapping, idx, dst_addr); mutex_lock(&hugetlb_fault_mutex_table[hash]); err = -ENOMEM; dst_pte = huge_pte_alloc(dst_mm, dst_addr, huge_page_size(h)); if (!dst_pte) { mutex_unlock(&hugetlb_fault_mutex_table[hash]); goto out_unlock; } err = -EEXIST; dst_pteval = huge_ptep_get(dst_pte); if (!huge_pte_none(dst_pteval)) { mutex_unlock(&hugetlb_fault_mutex_table[hash]); goto out_unlock; } err = hugetlb_mcopy_atomic_pte(dst_mm, dst_pte, dst_vma, dst_addr, src_addr, &page); mutex_unlock(&hugetlb_fault_mutex_table[hash]); vm_alloc_shared = vm_shared; cond_resched(); if (unlikely(err == -ENOENT)) { up_read(&dst_mm->mmap_sem); BUG_ON(!page); err = copy_huge_page_from_user(page, (const void __user *)src_addr, pages_per_huge_page(h), true); if (unlikely(err)) { err = -EFAULT; goto out; } down_read(&dst_mm->mmap_sem); dst_vma = NULL; goto retry; } else BUG_ON(page); if (!err) { dst_addr += vma_hpagesize; src_addr += vma_hpagesize; copied += vma_hpagesize; if (fatal_signal_pending(current)) err = -EINTR; } if (err) break; } out_unlock: up_read(&dst_mm->mmap_sem); out: if (page) { if (vm_alloc_shared) SetPagePrivate(page); else ClearPagePrivate(page); put_page(page); } BUG_ON(copied < 0); BUG_ON(err > 0); BUG_ON(!copied && !err); return copied ? copied : err; }",visit repo url,mm/userfaultfd.c,https://github.com/torvalds/linux,49216031980545,1 5000,CWE-787,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 4489,NVD-CWE-noinfo,"gimp_write_and_read_file (Gimp *gimp, gboolean with_unusual_stuff, gboolean compat_paths, gboolean use_gimp_2_8_features) { GimpImage *image; GimpImage *loaded_image; GimpPlugInProcedure *proc; gchar *filename; GFile *file; image = gimp_create_mainimage (gimp, with_unusual_stuff, compat_paths, use_gimp_2_8_features); gimp_assert_mainimage (image, with_unusual_stuff, compat_paths, use_gimp_2_8_features); filename = g_build_filename (g_get_tmp_dir (), ""gimp-test.xcf"", NULL); file = g_file_new_for_path (filename); g_free (filename); proc = gimp_plug_in_manager_file_procedure_find (image->gimp->plug_in_manager, GIMP_FILE_PROCEDURE_GROUP_SAVE, file, NULL ); file_save (gimp, image, NULL , file, proc, GIMP_RUN_NONINTERACTIVE, FALSE , FALSE , FALSE , NULL ); loaded_image = gimp_test_load_image (image->gimp, file); gimp_assert_mainimage (loaded_image, with_unusual_stuff, compat_paths, use_gimp_2_8_features); g_file_delete (file, NULL, NULL); g_object_unref (file); }",visit repo url,app/tests/test-xcf.c,https://github.com/GNOME/gimp,201566254000403,1 5197,['CWE-20'],"static int vmx_get_cpl(struct kvm_vcpu *vcpu) { struct kvm_segment kvm_seg; if (!(vcpu->arch.cr0 & X86_CR0_PE)) return 0; if (vmx_get_rflags(vcpu) & X86_EFLAGS_VM) return 3; vmx_get_segment(vcpu, &kvm_seg, VCPU_SREG_CS); return kvm_seg.selector & 3; }",linux-2.6,,,198442478290416229566586458743212686956,0 4533,['CWE-20'],"static int empty_dir(struct inode *inode) { unsigned int offset; struct buffer_head *bh; struct ext4_dir_entry_2 *de, *de1; struct super_block *sb; int err = 0; sb = inode->i_sb; if (inode->i_size < EXT4_DIR_REC_LEN(1) + EXT4_DIR_REC_LEN(2) || !(bh = ext4_bread(NULL, inode, 0, 0, &err))) { if (err) ext4_error(inode->i_sb, __func__, ""error %d reading directory #%lu offset 0"", err, inode->i_ino); else ext4_warning(inode->i_sb, __func__, ""bad directory (dir #%lu) - no data block"", inode->i_ino); return 1; } de = (struct ext4_dir_entry_2 *) bh->b_data; de1 = ext4_next_entry(de); if (le32_to_cpu(de->inode) != inode->i_ino || !le32_to_cpu(de1->inode) || strcmp(""."", de->name) || strcmp("".."", de1->name)) { ext4_warning(inode->i_sb, ""empty_dir"", ""bad directory (dir #%lu) - no `.' or `..'"", inode->i_ino); brelse(bh); return 1; } offset = ext4_rec_len_from_disk(de->rec_len) + ext4_rec_len_from_disk(de1->rec_len); de = ext4_next_entry(de1); while (offset < inode->i_size) { if (!bh || (void *) de >= (void *) (bh->b_data+sb->s_blocksize)) { err = 0; brelse(bh); bh = ext4_bread(NULL, inode, offset >> EXT4_BLOCK_SIZE_BITS(sb), 0, &err); if (!bh) { if (err) ext4_error(sb, __func__, ""error %d reading directory"" "" #%lu offset %u"", err, inode->i_ino, offset); offset += sb->s_blocksize; continue; } de = (struct ext4_dir_entry_2 *) bh->b_data; } if (!ext4_check_dir_entry(""empty_dir"", inode, de, bh, offset)) { de = (struct ext4_dir_entry_2 *)(bh->b_data + sb->s_blocksize); offset = (offset | (sb->s_blocksize - 1)) + 1; continue; } if (le32_to_cpu(de->inode)) { brelse(bh); return 0; } offset += ext4_rec_len_from_disk(de->rec_len); de = ext4_next_entry(de); } brelse(bh); return 1; }",linux-2.6,,,130774432597541954784346503770437108391,0 4432,CWE-476,"mrb_class_real(struct RClass* cl) { if (cl == 0) return NULL; while ((cl->tt == MRB_TT_SCLASS) || (cl->tt == MRB_TT_ICLASS)) { cl = cl->super; } return cl; }",visit repo url,src/class.c,https://github.com/mruby/mruby,160773973871522,1 6649,['CWE-200'],"add_connection_treeview (NMConnectionList *self, const char *prefix) { GtkTreeModel *model; GtkTreeModel *sort_model; GtkCellRenderer *renderer; GtkTreeSelection *selection; GValue val = { 0, }; char *name; GtkTreeView *treeview; name = g_strdup_printf (""%s_list"", prefix); treeview = GTK_TREE_VIEW (glade_xml_get_widget (self->gui, name)); g_free (name); gtk_tree_view_set_headers_visible (treeview, TRUE); model = GTK_TREE_MODEL (gtk_list_store_new (4, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_UINT64, G_TYPE_OBJECT)); sort_model = gtk_tree_model_sort_new_with_model (model); gtk_tree_sortable_set_sort_column_id (GTK_TREE_SORTABLE (sort_model), COL_TIMESTAMP, GTK_SORT_DESCENDING); gtk_tree_view_set_model (treeview, sort_model); gtk_tree_view_insert_column_with_attributes (treeview, -1, _(""Name""), gtk_cell_renderer_text_new (), ""text"", COL_ID, NULL); gtk_tree_view_column_set_expand (gtk_tree_view_get_column (treeview, 0), TRUE); renderer = gtk_cell_renderer_text_new (); g_value_init (&val, G_TYPE_STRING); g_value_set_string (&val, ""SlateGray""); g_object_set_property (G_OBJECT (renderer), ""foreground"", &val); gtk_tree_view_insert_column_with_attributes (treeview, -1, _(""Last Used""), renderer, ""text"", COL_LAST_USED, NULL); selection = gtk_tree_view_get_selection (treeview); gtk_tree_selection_set_mode (selection, GTK_SELECTION_SINGLE); return treeview; }",network-manager-applet,,,327753756170635566128448183970422942295,0 1035,['CWE-20'],"int srcu_notifier_chain_unregister(struct srcu_notifier_head *nh, struct notifier_block *n) { int ret; if (unlikely(system_state == SYSTEM_BOOTING)) return notifier_chain_unregister(&nh->head, n); mutex_lock(&nh->mutex); ret = notifier_chain_unregister(&nh->head, n); mutex_unlock(&nh->mutex); synchronize_srcu(&nh->srcu); return ret; }",linux-2.6,,,44923697373641437910539825567523072676,0 2867,['CWE-189'],"jas_iccattrval_t *jas_iccprof_getattr(jas_iccprof_t *prof, jas_iccattrname_t name) { int i; jas_iccattrval_t *attrval; if ((i = jas_iccattrtab_lookup(prof->attrtab, name)) < 0) goto error; if (!(attrval = jas_iccattrval_clone(prof->attrtab->attrs[i].val))) goto error; return attrval; error: return 0; }",jasper,,,208279635377992888230312835733399068953,0 6741,['CWE-310'],"nma_gconf_connection_changed (NMAGConfConnection *self) { NMAGConfConnectionPrivate *priv; GHashTable *settings; NMConnection *wrapped_connection; NMConnection *gconf_connection; GHashTable *new_settings; GError *error = NULL; g_return_val_if_fail (NMA_IS_GCONF_CONNECTION (self), FALSE); priv = NMA_GCONF_CONNECTION_GET_PRIVATE (self); wrapped_connection = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (self)); gconf_connection = nm_gconf_read_connection (priv->client, priv->dir, &error); if (!gconf_connection) { g_warning (""%s: (%s) error reading connection: (%d) %s"", __func__, priv->dir, error ? error->code : -1, error && error->message ? error->message : ""(unknown)""); goto invalid; } if (!utils_fill_connection_certs (gconf_connection, &error)) { g_warning (""%s: Invalid connection %s: failed to load connection certificates: (%d) %s"", __func__, priv->dir, error ? error->code : -1, error && error->message ? error->message : ""(unknown)""); goto invalid; } if (!nm_connection_verify (gconf_connection, &error)) { utils_clear_filled_connection_certs (gconf_connection); g_warning (""%s: Invalid connection %s: '%s' / '%s' invalid: %d"", __func__, priv->dir, g_type_name (nm_connection_lookup_setting_type_by_quark (error->domain)), error->message, error->code); goto invalid; } utils_clear_filled_connection_certs (gconf_connection); if ( nm_connection_compare (wrapped_connection, gconf_connection, NM_SETTING_COMPARE_FLAG_EXACT) && nm_gconf_compare_private_connection_values (wrapped_connection, gconf_connection)) return TRUE; nm_gconf_copy_private_connection_values (wrapped_connection, gconf_connection); if (!utils_fill_connection_certs (gconf_connection, &error)) { g_warning (""%s: Invalid connection %s: failed to load connection certificates: (%d) %s"", __func__, priv->dir, error ? error->code : -1, error && error->message ? error->message : ""(unknown)""); goto invalid; } new_settings = nm_connection_to_hash (gconf_connection); utils_clear_filled_connection_certs (gconf_connection); if (!nm_connection_replace_settings (wrapped_connection, new_settings, &error)) { utils_clear_filled_connection_certs (wrapped_connection); g_hash_table_destroy (new_settings); g_warning (""%s: '%s' / '%s' invalid: %d"", __func__, error ? g_type_name (nm_connection_lookup_setting_type_by_quark (error->domain)) : ""(none)"", (error && error->message) ? error->message : ""(none)"", error ? error->code : -1); goto invalid; } g_object_unref (gconf_connection); g_hash_table_destroy (new_settings); fill_vpn_user_name (wrapped_connection); settings = nm_connection_to_hash (wrapped_connection); utils_clear_filled_connection_certs (wrapped_connection); nm_exported_connection_signal_updated (NM_EXPORTED_CONNECTION (self), settings); g_hash_table_destroy (settings); return TRUE; invalid: g_clear_error (&error); nm_exported_connection_signal_removed (NM_EXPORTED_CONNECTION (self)); return FALSE; }",network-manager-applet,,,191147835693141061509450437710863483553,0 3761,CWE-476," */ static void re_yyensure_buffer_stack (yyscan_t yyscanner) { yy_size_t num_to_alloc; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!yyg->yy_buffer_stack) { num_to_alloc = 1; yyg->yy_buffer_stack = (struct yy_buffer_state**)re_yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) YY_FATAL_ERROR( ""out of dynamic memory in re_yyensure_buffer_stack()"" ); memset(yyg->yy_buffer_stack, 0, num_to_alloc * sizeof(struct yy_buffer_state*)); yyg->yy_buffer_stack_max = num_to_alloc; yyg->yy_buffer_stack_top = 0; return; } if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){ yy_size_t grow_size = 8 ; num_to_alloc = yyg->yy_buffer_stack_max + grow_size; yyg->yy_buffer_stack = (struct yy_buffer_state**)re_yyrealloc (yyg->yy_buffer_stack, num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) YY_FATAL_ERROR( ""out of dynamic memory in re_yyensure_buffer_stack()"" ); memset(yyg->yy_buffer_stack + yyg->yy_buffer_stack_max, 0, grow_size * sizeof(struct yy_buffer_state*)); yyg->yy_buffer_stack_max = num_to_alloc; }",visit repo url,libyara/re_lexer.c,https://github.com/VirusTotal/yara,17571739006054,1 2852,CWE-119,"horizontalDifference16(unsigned short *ip, int n, int stride, unsigned short *wp, uint16 *From14) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) From14[(v) >> 2] mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,33444542816717,1 4052,['CWE-362'],"void audit_put_chunk(struct audit_chunk *chunk) { if (atomic_long_dec_and_test(&chunk->refs)) free_chunk(chunk); }",linux-2.6,,,181160971742613136606165506107015965581,0 3026,CWE-415,"BGD_DECLARE(void *) gdImageJpegPtr(gdImagePtr im, int *size, int quality) { void *rv; gdIOCtx *out = gdNewDynamicCtx(2048, NULL); if (out == NULL) return NULL; gdImageJpegCtx(im, out, quality); rv = gdDPExtractData(out, size); out->gd_free(out); return rv; }",visit repo url,src/gd_jpeg.c,https://github.com/libgd/libgd,127118218235032,1 940,['CWE-200'],"static struct mempolicy *shmem_get_policy(struct vm_area_struct *vma, unsigned long addr) { struct inode *i = vma->vm_file->f_path.dentry->d_inode; unsigned long idx; idx = ((addr - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; return mpol_shared_policy_lookup(&SHMEM_I(i)->policy, idx); }",linux-2.6,,,91191694505487381444911524972068474269,0 6360,CWE-415,"jpeg_error_handler(j_common_ptr) { return; }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,22093014031765,1 2400,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *in) { unsigned x, y; AVFilterContext *ctx = inlink->dst; VignetteContext *s = ctx->priv; AVFilterLink *outlink = inlink->dst->outputs[0]; AVFrame *out; out = ff_get_video_buffer(outlink, outlink->w, outlink->h); if (!out) { av_frame_free(&in); return AVERROR(ENOMEM); } av_frame_copy_props(out, in); if (s->eval_mode == EVAL_MODE_FRAME) update_context(s, inlink, in); if (s->desc->flags & AV_PIX_FMT_FLAG_RGB) { uint8_t *dst = out->data[0]; const uint8_t *src = in ->data[0]; const float *fmap = s->fmap; const int dst_linesize = out->linesize[0]; const int src_linesize = in ->linesize[0]; const int fmap_linesize = s->fmap_linesize; for (y = 0; y < inlink->h; y++) { uint8_t *dstp = dst; const uint8_t *srcp = src; for (x = 0; x < inlink->w; x++, dstp += 3, srcp += 3) { const float f = fmap[x]; dstp[0] = av_clip_uint8(srcp[0] * f + get_dither_value(s)); dstp[1] = av_clip_uint8(srcp[1] * f + get_dither_value(s)); dstp[2] = av_clip_uint8(srcp[2] * f + get_dither_value(s)); } dst += dst_linesize; src += src_linesize; fmap += fmap_linesize; } } else { int plane; for (plane = 0; plane < 4 && in->data[plane]; plane++) { uint8_t *dst = out->data[plane]; const uint8_t *src = in ->data[plane]; const float *fmap = s->fmap; const int dst_linesize = out->linesize[plane]; const int src_linesize = in ->linesize[plane]; const int fmap_linesize = s->fmap_linesize; const int chroma = plane == 1 || plane == 2; const int hsub = chroma ? s->desc->log2_chroma_w : 0; const int vsub = chroma ? s->desc->log2_chroma_h : 0; const int w = FF_CEIL_RSHIFT(inlink->w, hsub); const int h = FF_CEIL_RSHIFT(inlink->h, vsub); for (y = 0; y < h; y++) { uint8_t *dstp = dst; const uint8_t *srcp = src; for (x = 0; x < w; x++) { const double dv = get_dither_value(s); if (chroma) *dstp++ = av_clip_uint8(fmap[x << hsub] * (*srcp++ - 127) + 127 + dv); else *dstp++ = av_clip_uint8(fmap[x ] * *srcp++ + dv); } dst += dst_linesize; src += src_linesize; fmap += fmap_linesize << vsub; } } } return ff_filter_frame(outlink, out); }",visit repo url,libavfilter/vf_vignette.c,https://github.com/FFmpeg/FFmpeg,107369152587295,1 5129,CWE-125,"arg(identifier arg, expr_ty annotation, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { arg_ty p; if (!arg) { PyErr_SetString(PyExc_ValueError, ""field arg is required for arg""); return NULL; } p = (arg_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->arg = arg; p->annotation = annotation; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,77105934558229,1 4066,['CWE-399'],"int svc_change_qos(struct atm_vcc *vcc,struct atm_qos *qos) { struct sock *sk = sk_atm(vcc); DEFINE_WAIT(wait); set_bit(ATM_VF_WAITING, &vcc->flags); prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE); sigd_enq2(vcc,as_modify,NULL,NULL,&vcc->local,qos,0); while (test_bit(ATM_VF_WAITING, &vcc->flags) && !test_bit(ATM_VF_RELEASED, &vcc->flags) && sigd) { schedule(); prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE); } finish_wait(sk->sk_sleep, &wait); if (!sigd) return -EUNATCH; return -sk->sk_err; }",linux-2.6,,,132838915555592583610649193759300336663,0 2227,['CWE-193'],"int generic_file_readonly_mmap(struct file *file, struct vm_area_struct *vma) { if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE)) return -EINVAL; return generic_file_mmap(file, vma); }",linux-2.6,,,235190759989621280953863798530513581633,0 3015,CWE-415,"BGD_DECLARE(void) gdImageWebpEx (gdImagePtr im, FILE * outFile, int quality) { gdIOCtx *out = gdNewFileCtx(outFile); if (out == NULL) { return; } gdImageWebpCtx(im, out, quality); out->gd_free(out); }",visit repo url,src/gd_webp.c,https://github.com/libgd/libgd,122320377708068,1 2131,['CWE-119'],"static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu) { return per_cpu(gdt_page, cpu).gdt; }",linux-2.6,,,303115340275940254208153451157736111916,0 523,['CWE-399'],"static int pwc_video_mmap(struct file *file, struct vm_area_struct *vma) { struct video_device *vdev = file->private_data; struct pwc_device *pdev; unsigned long start; unsigned long size; unsigned long page, pos = 0; int index; PWC_DEBUG_MEMORY("">> %s\n"", __FUNCTION__); pdev = vdev->priv; size = vma->vm_end - vma->vm_start; start = vma->vm_start; for (index = 0; index < pwc_mbufs; index++) { pos = pdev->images[index].offset; if ((pos>>PAGE_SHIFT) == vma->vm_pgoff) break; } if (index == MAX_IMAGES) return -EINVAL; if (index == 0) { unsigned long total_size; total_size = pwc_mbufs * pdev->len_per_image; if (size != pdev->len_per_image && size != total_size) { PWC_ERROR(""Wrong size (%lu) needed to be len_per_image=%d or total_size=%lu\n"", size, pdev->len_per_image, total_size); return -EINVAL; } } else if (size > pdev->len_per_image) return -EINVAL; vma->vm_flags |= VM_IO; pos += (unsigned long)pdev->image_data; while (size > 0) { page = vmalloc_to_pfn((void *)pos); if (remap_pfn_range(vma, start, page, PAGE_SIZE, PAGE_SHARED)) return -EAGAIN; start += PAGE_SIZE; pos += PAGE_SIZE; if (size > PAGE_SIZE) size -= PAGE_SIZE; else size = 0; } return 0; }",linux-2.6,,,207949925267297195535796064706999750849,0 416,[],"pfm_unfreeze_pmu(void) { ia64_set_pmc(0,0UL); ia64_srlz_d(); }",linux-2.6,,,76091336723070673017923766149886934103,0 1039,CWE-119,"static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn, unsigned long size) { gfn_t end_gfn; pfn_t pfn; pfn = gfn_to_pfn_memslot(slot, gfn); end_gfn = gfn + (size >> PAGE_SHIFT); gfn += 1; if (is_error_noslot_pfn(pfn)) return pfn; while (gfn < end_gfn) gfn_to_pfn_memslot(slot, gfn++); return pfn; }",visit repo url,virt/kvm/iommu.c,https://github.com/torvalds/linux,215044060801488,1 1053,CWE-399,"static int xfrm6_tunnel_rcv(struct sk_buff *skb) { struct ipv6hdr *iph = ipv6_hdr(skb); __be32 spi; spi = xfrm6_tunnel_spi_lookup((xfrm_address_t *)&iph->saddr); return xfrm6_rcv_spi(skb, spi); }",visit repo url,net/ipv6/xfrm6_tunnel.c,https://github.com/torvalds/linux,62606941596676,1 817,CWE-20,"static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int rc; pr_debug(""sock=%p sk=%p len=%zu flags=%d\n"", sock, sk, len, flags); skb = skb_recv_datagram(sk, flags, noblock, &rc); if (!skb) return rc; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); return rc ? : copied; }",visit repo url,net/nfc/rawsock.c,https://github.com/torvalds/linux,193439535934568,1 982,['CWE-189'],"ShmRegisterFuncs( ScreenPtr pScreen, ShmFuncsPtr funcs) { shmFuncs[pScreen->myNum] = funcs; }",xserver,,,262625902426050294029445543261743530859,0 6569,['CWE-200'],"nma_set_networking_enabled_cb (GtkWidget *widget, NMApplet *applet) { gboolean state; g_return_if_fail (applet != NULL); state = gtk_check_menu_item_get_active (GTK_CHECK_MENU_ITEM (widget)); nm_client_sleep (applet->nm_client, !state); }",network-manager-applet,,,11878651203996247383344701478829112701,0 1972,CWE-908,"static int kvaser_usb_leaf_simple_cmd_async(struct kvaser_usb_net_priv *priv, u8 cmd_id) { struct kvaser_cmd *cmd; int err; cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC); if (!cmd) return -ENOMEM; cmd->len = CMD_HEADER_LEN + sizeof(struct kvaser_cmd_simple); cmd->id = cmd_id; cmd->u.simple.channel = priv->channel; err = kvaser_usb_send_cmd_async(priv, cmd, cmd->len); if (err) kfree(cmd); return err; }",visit repo url,drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c,https://github.com/torvalds/linux,156840904512247,1 484,[],"pfm_release_debug_registers(struct task_struct *task) { unsigned long flags; int ret; if (pmu_conf->use_rr_dbregs == 0) return 0; LOCK_PFS(flags); if (pfm_sessions.pfs_ptrace_use_dbregs == 0) { printk(KERN_ERR ""perfmon: invalid release for [%d] ptrace_use_dbregs=0\n"", task->pid); ret = -1; } else { pfm_sessions.pfs_ptrace_use_dbregs--; ret = 0; } UNLOCK_PFS(flags); return ret; }",linux-2.6,,,224425826238621091807107156412749118012,0 3542,CWE-190,"static long mem_seek(jas_stream_obj_t *obj, long offset, int origin) { jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj; long newpos; JAS_DBGLOG(100, (""mem_seek(%p, %ld, %d)\n"", obj, offset, origin)); switch (origin) { case SEEK_SET: newpos = offset; break; case SEEK_END: newpos = m->len_ - offset; break; case SEEK_CUR: newpos = m->pos_ + offset; break; default: abort(); break; } if (newpos < 0) { return -1; } m->pos_ = newpos; return m->pos_; }",visit repo url,src/libjasper/base/jas_stream.c,https://github.com/mdadams/jasper,25658296742117,1 658,CWE-20,"static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) { struct fib* srbfib; int status; struct aac_srb *srbcmd = NULL; struct user_aac_srb *user_srbcmd = NULL; struct user_aac_srb __user *user_srb = arg; struct aac_srb_reply __user *user_reply; struct aac_srb_reply* reply; u32 fibsize = 0; u32 flags = 0; s32 rcode = 0; u32 data_dir; void __user *sg_user[32]; void *sg_list[32]; u32 sg_indx = 0; u32 byte_count = 0; u32 actual_fibsize64, actual_fibsize = 0; int i; if (dev->in_reset) { dprintk((KERN_DEBUG""aacraid: send raw srb -EBUSY\n"")); return -EBUSY; } if (!capable(CAP_SYS_ADMIN)){ dprintk((KERN_DEBUG""aacraid: No permission to send raw srb\n"")); return -EPERM; } if (!(srbfib = aac_fib_alloc(dev))) { return -ENOMEM; } aac_fib_init(srbfib); srbfib->hw_fib_va->header.XferState &= ~cpu_to_le32(FastResponseCapable); srbcmd = (struct aac_srb*) fib_data(srbfib); memset(sg_list, 0, sizeof(sg_list)); if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){ dprintk((KERN_DEBUG""aacraid: Could not copy data size from user\n"")); rcode = -EFAULT; goto cleanup; } if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) { rcode = -EINVAL; goto cleanup; } user_srbcmd = kmalloc(fibsize, GFP_KERNEL); if (!user_srbcmd) { dprintk((KERN_DEBUG""aacraid: Could not make a copy of the srb\n"")); rcode = -ENOMEM; goto cleanup; } if(copy_from_user(user_srbcmd, user_srb,fibsize)){ dprintk((KERN_DEBUG""aacraid: Could not copy srb from user\n"")); rcode = -EFAULT; goto cleanup; } user_reply = arg+fibsize; flags = user_srbcmd->flags; srbcmd->function = cpu_to_le32(SRBF_ExecuteScsi); srbcmd->channel = cpu_to_le32(user_srbcmd->channel); srbcmd->id = cpu_to_le32(user_srbcmd->id); srbcmd->lun = cpu_to_le32(user_srbcmd->lun); srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); srbcmd->flags = cpu_to_le32(flags); srbcmd->retry_limit = 0; srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size); memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb)); switch (flags & (SRB_DataIn | SRB_DataOut)) { case SRB_DataOut: data_dir = DMA_TO_DEVICE; break; case (SRB_DataIn | SRB_DataOut): data_dir = DMA_BIDIRECTIONAL; break; case SRB_DataIn: data_dir = DMA_FROM_DEVICE; break; default: data_dir = DMA_NONE; } if (user_srbcmd->sg.count > ARRAY_SIZE(sg_list)) { dprintk((KERN_DEBUG""aacraid: too many sg entries %d\n"", le32_to_cpu(srbcmd->sg.count))); rcode = -EINVAL; goto cleanup; } actual_fibsize = sizeof(struct aac_srb) - sizeof(struct sgentry) + ((user_srbcmd->sg.count & 0xff) * sizeof(struct sgentry)); actual_fibsize64 = actual_fibsize + (user_srbcmd->sg.count & 0xff) * (sizeof(struct sgentry64) - sizeof(struct sgentry)); if ((actual_fibsize != fibsize) && (actual_fibsize64 != fibsize)) { dprintk((KERN_DEBUG""aacraid: Bad Size specified in "" ""Raw SRB command calculated fibsize=%lu;%lu "" ""user_srbcmd->sg.count=%d aac_srb=%lu sgentry=%lu;%lu "" ""issued fibsize=%d\n"", actual_fibsize, actual_fibsize64, user_srbcmd->sg.count, sizeof(struct aac_srb), sizeof(struct sgentry), sizeof(struct sgentry64), fibsize)); rcode = -EINVAL; goto cleanup; } if ((data_dir == DMA_NONE) && user_srbcmd->sg.count) { dprintk((KERN_DEBUG""aacraid: SG with no direction specified in Raw SRB command\n"")); rcode = -EINVAL; goto cleanup; } byte_count = 0; if (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) { struct user_sgmap64* upsg = (struct user_sgmap64*)&user_srbcmd->sg; struct sgmap64* psg = (struct sgmap64*)&srbcmd->sg; if (actual_fibsize64 == fibsize) { actual_fibsize = actual_fibsize64; for (i = 0; i < upsg->count; i++) { u64 addr; void* p; if (upsg->sg[i].count > ((dev->adapter_info.options & AAC_OPT_NEW_COMM) ? (dev->scsi_host_ptr->max_sectors << 9) : 65536)) { rcode = -EINVAL; goto cleanup; } p = kmalloc(upsg->sg[i].count,GFP_KERNEL|__GFP_DMA); if(!p) { dprintk((KERN_DEBUG""aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n"", upsg->sg[i].count,i,upsg->count)); rcode = -ENOMEM; goto cleanup; } addr = (u64)upsg->sg[i].addr[0]; addr += ((u64)upsg->sg[i].addr[1]) << 32; sg_user[i] = (void __user *)(uintptr_t)addr; sg_list[i] = p; sg_indx = i; if (flags & SRB_DataOut) { if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ dprintk((KERN_DEBUG""aacraid: Could not copy sg data from user\n"")); rcode = -EFAULT; goto cleanup; } } addr = pci_map_single(dev->pdev, p, upsg->sg[i].count, data_dir); psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); psg->sg[i].addr[1] = cpu_to_le32(addr>>32); byte_count += upsg->sg[i].count; psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); } } else { struct user_sgmap* usg; usg = kmalloc(actual_fibsize - sizeof(struct aac_srb) + sizeof(struct sgmap), GFP_KERNEL); if (!usg) { dprintk((KERN_DEBUG""aacraid: Allocation error in Raw SRB command\n"")); rcode = -ENOMEM; goto cleanup; } memcpy (usg, upsg, actual_fibsize - sizeof(struct aac_srb) + sizeof(struct sgmap)); actual_fibsize = actual_fibsize64; for (i = 0; i < usg->count; i++) { u64 addr; void* p; if (usg->sg[i].count > ((dev->adapter_info.options & AAC_OPT_NEW_COMM) ? (dev->scsi_host_ptr->max_sectors << 9) : 65536)) { kfree(usg); rcode = -EINVAL; goto cleanup; } p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); if(!p) { dprintk((KERN_DEBUG ""aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n"", usg->sg[i].count,i,usg->count)); kfree(usg); rcode = -ENOMEM; goto cleanup; } sg_user[i] = (void __user *)(uintptr_t)usg->sg[i].addr; sg_list[i] = p; sg_indx = i; if (flags & SRB_DataOut) { if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ kfree (usg); dprintk((KERN_DEBUG""aacraid: Could not copy sg data from user\n"")); rcode = -EFAULT; goto cleanup; } } addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); psg->sg[i].addr[1] = cpu_to_le32(addr>>32); byte_count += usg->sg[i].count; psg->sg[i].count = cpu_to_le32(usg->sg[i].count); } kfree (usg); } srbcmd->count = cpu_to_le32(byte_count); psg->count = cpu_to_le32(sg_indx+1); status = aac_fib_send(ScsiPortCommand64, srbfib, actual_fibsize, FsaNormal, 1, 1,NULL,NULL); } else { struct user_sgmap* upsg = &user_srbcmd->sg; struct sgmap* psg = &srbcmd->sg; if (actual_fibsize64 == fibsize) { struct user_sgmap64* usg = (struct user_sgmap64 *)upsg; for (i = 0; i < upsg->count; i++) { uintptr_t addr; void* p; if (usg->sg[i].count > ((dev->adapter_info.options & AAC_OPT_NEW_COMM) ? (dev->scsi_host_ptr->max_sectors << 9) : 65536)) { rcode = -EINVAL; goto cleanup; } p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); if(!p) { dprintk((KERN_DEBUG""aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n"", usg->sg[i].count,i,usg->count)); rcode = -ENOMEM; goto cleanup; } addr = (u64)usg->sg[i].addr[0]; addr += ((u64)usg->sg[i].addr[1]) << 32; sg_user[i] = (void __user *)addr; sg_list[i] = p; sg_indx = i; if (flags & SRB_DataOut) { if(copy_from_user(p,sg_user[i],usg->sg[i].count)){ dprintk((KERN_DEBUG""aacraid: Could not copy sg data from user\n"")); rcode = -EFAULT; goto cleanup; } } addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); psg->sg[i].addr = cpu_to_le32(addr & 0xffffffff); byte_count += usg->sg[i].count; psg->sg[i].count = cpu_to_le32(usg->sg[i].count); } } else { for (i = 0; i < upsg->count; i++) { dma_addr_t addr; void* p; if (upsg->sg[i].count > ((dev->adapter_info.options & AAC_OPT_NEW_COMM) ? (dev->scsi_host_ptr->max_sectors << 9) : 65536)) { rcode = -EINVAL; goto cleanup; } p = kmalloc(upsg->sg[i].count, GFP_KERNEL); if (!p) { dprintk((KERN_DEBUG""aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n"", upsg->sg[i].count, i, upsg->count)); rcode = -ENOMEM; goto cleanup; } sg_user[i] = (void __user *)(uintptr_t)upsg->sg[i].addr; sg_list[i] = p; sg_indx = i; if (flags & SRB_DataOut) { if(copy_from_user(p, sg_user[i], upsg->sg[i].count)) { dprintk((KERN_DEBUG""aacraid: Could not copy sg data from user\n"")); rcode = -EFAULT; goto cleanup; } } addr = pci_map_single(dev->pdev, p, upsg->sg[i].count, data_dir); psg->sg[i].addr = cpu_to_le32(addr); byte_count += upsg->sg[i].count; psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); } } srbcmd->count = cpu_to_le32(byte_count); psg->count = cpu_to_le32(sg_indx+1); status = aac_fib_send(ScsiPortCommand, srbfib, actual_fibsize, FsaNormal, 1, 1, NULL, NULL); } if (status == -ERESTARTSYS) { rcode = -ERESTARTSYS; goto cleanup; } if (status != 0){ dprintk((KERN_DEBUG""aacraid: Could not send raw srb fib to hba\n"")); rcode = -ENXIO; goto cleanup; } if (flags & SRB_DataIn) { for(i = 0 ; i <= sg_indx; i++){ byte_count = le32_to_cpu( (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) ? ((struct sgmap64*)&srbcmd->sg)->sg[i].count : srbcmd->sg.sg[i].count); if(copy_to_user(sg_user[i], sg_list[i], byte_count)){ dprintk((KERN_DEBUG""aacraid: Could not copy sg data to user\n"")); rcode = -EFAULT; goto cleanup; } } } reply = (struct aac_srb_reply *) fib_data(srbfib); if(copy_to_user(user_reply,reply,sizeof(struct aac_srb_reply))){ dprintk((KERN_DEBUG""aacraid: Could not copy reply to user\n"")); rcode = -EFAULT; goto cleanup; } cleanup: kfree(user_srbcmd); for(i=0; i <= sg_indx; i++){ kfree(sg_list[i]); } if (rcode != -ERESTARTSYS) { aac_fib_complete(srbfib); aac_fib_free(srbfib); } return rcode; }",visit repo url,drivers/scsi/aacraid/commctrl.c,https://github.com/torvalds/linux,274645195060842,1 2810,CWE-125,"BOOL rdp_read_share_control_header(wStream* s, UINT16* length, UINT16* type, UINT16* channel_id) { if (Stream_GetRemainingLength(s) < 2) return FALSE; Stream_Read_UINT16(s, *length); if (*length == 0x8000) { rdp_read_flow_control_pdu(s, type); *channel_id = 0; *length = 8; return TRUE; } if (((size_t)*length - 2) > Stream_GetRemainingLength(s)) return FALSE; Stream_Read_UINT16(s, *type); *type &= 0x0F; if (*length > 4) Stream_Read_UINT16(s, *channel_id); else *channel_id = 0; return TRUE; }",visit repo url,libfreerdp/core/rdp.c,https://github.com/FreeRDP/FreeRDP,241951382504934,1 2977,['CWE-189'],"int jas_stream_fillbuf(jas_stream_t *stream, int getflag) { int c; if ((stream->flags_ & (JAS_STREAM_ERRMASK)) != 0) { return EOF; } if ((stream->openmode_ & JAS_STREAM_READ) == 0) { return EOF; } assert((stream->bufmode_ & JAS_STREAM_WRBUF) == 0); assert(stream->ptr_ - stream->bufstart_ <= stream->bufsize_); stream->bufmode_ |= JAS_STREAM_RDBUF; stream->ptr_ = stream->bufstart_; if ((stream->cnt_ = (*stream->ops_->read_)(stream->obj_, (char *) stream->bufstart_, stream->bufsize_)) <= 0) { if (stream->cnt_ < 0) { stream->flags_ |= JAS_STREAM_ERR; } else { stream->flags_ |= JAS_STREAM_EOF; } stream->cnt_ = 0; return EOF; } assert(stream->cnt_ > 0); c = (getflag) ? jas_stream_getc2(stream) : (*stream->ptr_); return c; }",jasper,,,251344906632611365156423021161895164233,0 1073,['CWE-20'],"static int __kprobes notifier_call_chain(struct notifier_block **nl, unsigned long val, void *v) { int ret = NOTIFY_DONE; struct notifier_block *nb, *next_nb; nb = rcu_dereference(*nl); while (nb) { next_nb = rcu_dereference(nb->next); ret = nb->notifier_call(nb, val, v); if ((ret & NOTIFY_STOP_MASK) == NOTIFY_STOP_MASK) break; nb = next_nb; } return ret; }",linux-2.6,,,267755464566175358524527729199595519751,0 6745,CWE-125,"static u32 crc32sum(u32 crc, u8 * RESTRICT buf, size_t size) { while (size--) crc = crc32Table[(crc ^ *(buf++)) & 0xff] ^ (crc >> 8); return crc; }",visit repo url,src/libbz3.c,https://github.com/kspalaiologos/bzip3,267968213728296,1 340,['CWE-20'],"static unsigned long convert_eip_to_linear(struct task_struct *child, struct pt_regs *regs) { unsigned long addr, seg; addr = regs->eip; seg = regs->xcs & 0xffff; if (regs->eflags & VM_MASK) { addr = (addr & 0xffff) + (seg << 4); return addr; } if (seg & LDT_SEGMENT) { u32 *desc; unsigned long base; seg &= ~7UL; down(&child->mm->context.sem); if (unlikely((seg >> 3) >= child->mm->context.size)) addr = -1L; else { desc = child->mm->context.ldt + seg; base = ((desc[0] >> 16) | ((desc[1] & 0xff) << 16) | (desc[1] & 0xff000000)); if (!((desc[1] >> 22) & 1)) addr &= 0xffff; addr += base; } up(&child->mm->context.sem); } return addr; }",linux-2.6,,,144698100908239209108053856753337555543,0 4005,CWE-125,"wrap_lines_smart(ASS_Renderer *render_priv, double max_text_width) { int i; GlyphInfo *cur, *s1, *e1, *s2, *s3; int last_space; int break_type; int exit; double pen_shift_x; double pen_shift_y; int cur_line; int run_offset; TextInfo *text_info = &render_priv->text_info; last_space = -1; text_info->n_lines = 1; break_type = 0; s1 = text_info->glyphs; for (i = 0; i < text_info->length; ++i) { int break_at = -1; double s_offset, len; cur = text_info->glyphs + i; s_offset = d6_to_double(s1->bbox.xMin + s1->pos.x); len = d6_to_double(cur->bbox.xMax + cur->pos.x) - s_offset; if (cur->symbol == '\n') { break_type = 2; break_at = i; ass_msg(render_priv->library, MSGL_DBG2, ""forced line break at %d"", break_at); } else if (cur->symbol == ' ') { last_space = i; } else if (len >= max_text_width && (render_priv->state.wrap_style != 2)) { break_type = 1; break_at = last_space; if (break_at >= 0) ass_msg(render_priv->library, MSGL_DBG2, ""line break at %d"", break_at); } if (break_at != -1) { int lead = break_at + 1; if (text_info->n_lines >= text_info->max_lines) { text_info->max_lines *= 2; text_info->lines = realloc(text_info->lines, sizeof(LineInfo) * text_info->max_lines); } if (lead < text_info->length) { text_info->glyphs[lead].linebreak = break_type; last_space = -1; s1 = text_info->glyphs + lead; text_info->n_lines++; } } } #define DIFF(x,y) (((x) < (y)) ? (y - x) : (x - y)) exit = 0; while (!exit && render_priv->state.wrap_style != 1) { exit = 1; s3 = text_info->glyphs; s1 = s2 = 0; for (i = 0; i <= text_info->length; ++i) { cur = text_info->glyphs + i; if ((i == text_info->length) || cur->linebreak) { s1 = s2; s2 = s3; s3 = cur; if (s1 && (s2->linebreak == 1)) { double l1, l2, l1_new, l2_new; GlyphInfo *w = s2; do { --w; } while ((w > s1) && (w->symbol == ' ')); while ((w > s1) && (w->symbol != ' ')) { --w; } e1 = w; while ((e1 > s1) && (e1->symbol == ' ')) { --e1; } if (w->symbol == ' ') ++w; l1 = d6_to_double(((s2 - 1)->bbox.xMax + (s2 - 1)->pos.x) - (s1->bbox.xMin + s1->pos.x)); l2 = d6_to_double(((s3 - 1)->bbox.xMax + (s3 - 1)->pos.x) - (s2->bbox.xMin + s2->pos.x)); l1_new = d6_to_double( (e1->bbox.xMax + e1->pos.x) - (s1->bbox.xMin + s1->pos.x)); l2_new = d6_to_double( ((s3 - 1)->bbox.xMax + (s3 - 1)->pos.x) - (w->bbox.xMin + w->pos.x)); if (DIFF(l1_new, l2_new) < DIFF(l1, l2)) { w->linebreak = 1; s2->linebreak = 0; exit = 0; } } } if (i == text_info->length) break; } } assert(text_info->n_lines >= 1); #undef DIFF measure_text(render_priv); trim_whitespace(render_priv); cur_line = 1; run_offset = 0; i = 0; cur = text_info->glyphs + i; while (i < text_info->length && cur->skip) cur = text_info->glyphs + ++i; pen_shift_x = d6_to_double(-cur->pos.x); pen_shift_y = 0.; for (i = 0; i < text_info->length; ++i) { cur = text_info->glyphs + i; if (cur->linebreak) { while (i < text_info->length && cur->skip && cur->symbol != '\n') cur = text_info->glyphs + ++i; double height = text_info->lines[cur_line - 1].desc + text_info->lines[cur_line].asc; text_info->lines[cur_line - 1].len = i - text_info->lines[cur_line - 1].offset; text_info->lines[cur_line].offset = i; cur_line++; run_offset++; pen_shift_x = d6_to_double(-cur->pos.x); pen_shift_y += height + render_priv->settings.line_spacing; } cur->pos.x += double_to_d6(pen_shift_x); cur->pos.y += double_to_d6(pen_shift_y); } text_info->lines[cur_line - 1].len = text_info->length - text_info->lines[cur_line - 1].offset; #if 0 for (i = 0; i < text_info->n_lines; i++) { printf(""line %d offset %d length %d\n"", i, text_info->lines[i].offset, text_info->lines[i].len); } #endif }",visit repo url,libass/ass_render.c,https://github.com/libass/libass,232654867167382,1 1298,['CWE-119'],"asn1_id_decode(struct asn1_ctx *ctx, unsigned int *cls, unsigned int *con, unsigned int *tag) { unsigned char ch; if (!asn1_octet_decode(ctx, &ch)) return 0; *cls = (ch & 0xC0) >> 6; *con = (ch & 0x20) >> 5; *tag = (ch & 0x1F); if (*tag == 0x1F) { if (!asn1_tag_decode(ctx, tag)) return 0; } return 1; }",linux-2.6,,,319139866455291881818907688225077107554,0 4333,['CWE-119'],"static status ParseData (AFfilehandle filehandle, AFvirtualfile *fp, uint32_t id, size_t size) { _Track *track; assert(filehandle != NULL); assert(fp != NULL); assert(!memcmp(&id, ""data"", 4)); track = _af_filehandle_get_track(filehandle, AF_DEFAULT_TRACK); track->fpos_first_frame = af_ftell(fp); track->data_size = size; return AF_SUCCEED; }",audiofile,,,245794963938089755365810563952182964437,0 2276,NVD-CWE-Other," __acquires(kernel_lock) { struct buffer_head *bh; struct ext4_super_block *es = NULL; struct ext4_sb_info *sbi; ext4_fsblk_t block; ext4_fsblk_t sb_block = get_sb_block(&data); ext4_fsblk_t logical_sb_block; unsigned long offset = 0; unsigned long journal_devnum = 0; unsigned long def_mount_opts; struct inode *root; char *cp; const char *descr; int ret = -EINVAL; int blocksize; unsigned int db_count; unsigned int i; int needs_recovery, has_huge_files; __u64 blocks_count; int err; unsigned int journal_ioprio = DEFAULT_JOURNAL_IOPRIO; sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); if (!sbi) return -ENOMEM; sbi->s_blockgroup_lock = kzalloc(sizeof(struct blockgroup_lock), GFP_KERNEL); if (!sbi->s_blockgroup_lock) { kfree(sbi); return -ENOMEM; } sb->s_fs_info = sbi; sbi->s_mount_opt = 0; sbi->s_resuid = EXT4_DEF_RESUID; sbi->s_resgid = EXT4_DEF_RESGID; sbi->s_inode_readahead_blks = EXT4_DEF_INODE_READAHEAD_BLKS; sbi->s_sb_block = sb_block; sbi->s_sectors_written_start = part_stat_read(sb->s_bdev->bd_part, sectors[1]); unlock_kernel(); for (cp = sb->s_id; (cp = strchr(cp, '/'));) *cp = '!'; blocksize = sb_min_blocksize(sb, EXT4_MIN_BLOCK_SIZE); if (!blocksize) { ext4_msg(sb, KERN_ERR, ""unable to set blocksize""); goto out_fail; } if (blocksize != EXT4_MIN_BLOCK_SIZE) { logical_sb_block = sb_block * EXT4_MIN_BLOCK_SIZE; offset = do_div(logical_sb_block, blocksize); } else { logical_sb_block = sb_block; } if (!(bh = sb_bread(sb, logical_sb_block))) { ext4_msg(sb, KERN_ERR, ""unable to read superblock""); goto out_fail; } es = (struct ext4_super_block *) (((char *)bh->b_data) + offset); sbi->s_es = es; sb->s_magic = le16_to_cpu(es->s_magic); if (sb->s_magic != EXT4_SUPER_MAGIC) goto cantfind_ext4; sbi->s_kbytes_written = le64_to_cpu(es->s_kbytes_written); def_mount_opts = le32_to_cpu(es->s_default_mount_opts); if (def_mount_opts & EXT4_DEFM_DEBUG) set_opt(sbi->s_mount_opt, DEBUG); if (def_mount_opts & EXT4_DEFM_BSDGROUPS) { ext4_msg(sb, KERN_WARNING, deprecated_msg, ""bsdgroups"", ""2.6.38""); set_opt(sbi->s_mount_opt, GRPID); } if (def_mount_opts & EXT4_DEFM_UID16) set_opt(sbi->s_mount_opt, NO_UID32); #ifdef CONFIG_EXT4_FS_XATTR if (def_mount_opts & EXT4_DEFM_XATTR_USER) set_opt(sbi->s_mount_opt, XATTR_USER); #endif #ifdef CONFIG_EXT4_FS_POSIX_ACL if (def_mount_opts & EXT4_DEFM_ACL) set_opt(sbi->s_mount_opt, POSIX_ACL); #endif if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_DATA) set_opt(sbi->s_mount_opt, JOURNAL_DATA); else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_ORDERED) set_opt(sbi->s_mount_opt, ORDERED_DATA); else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_WBACK) set_opt(sbi->s_mount_opt, WRITEBACK_DATA); if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC) set_opt(sbi->s_mount_opt, ERRORS_PANIC); else if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_CONTINUE) set_opt(sbi->s_mount_opt, ERRORS_CONT); else set_opt(sbi->s_mount_opt, ERRORS_RO); sbi->s_resuid = le16_to_cpu(es->s_def_resuid); sbi->s_resgid = le16_to_cpu(es->s_def_resgid); sbi->s_commit_interval = JBD2_DEFAULT_MAX_COMMIT_AGE * HZ; sbi->s_min_batch_time = EXT4_DEF_MIN_BATCH_TIME; sbi->s_max_batch_time = EXT4_DEF_MAX_BATCH_TIME; set_opt(sbi->s_mount_opt, BARRIER); set_opt(sbi->s_mount_opt, DELALLOC); if (!parse_options((char *) data, sb, &journal_devnum, &journal_ioprio, NULL, 0)) goto failed_mount; sb->s_flags = (sb->s_flags & ~MS_POSIXACL) | (test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0); if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV && (EXT4_HAS_COMPAT_FEATURE(sb, ~0U) || EXT4_HAS_RO_COMPAT_FEATURE(sb, ~0U) || EXT4_HAS_INCOMPAT_FEATURE(sb, ~0U))) ext4_msg(sb, KERN_WARNING, ""feature flags set on rev 0 fs, "" ""running e2fsck is recommended""); if (!ext4_feature_set_ok(sb, (sb->s_flags & MS_RDONLY))) goto failed_mount; blocksize = BLOCK_SIZE << le32_to_cpu(es->s_log_block_size); if (blocksize < EXT4_MIN_BLOCK_SIZE || blocksize > EXT4_MAX_BLOCK_SIZE) { ext4_msg(sb, KERN_ERR, ""Unsupported filesystem blocksize %d"", blocksize); goto failed_mount; } if (sb->s_blocksize != blocksize) { if (!sb_set_blocksize(sb, blocksize)) { ext4_msg(sb, KERN_ERR, ""bad block size %d"", blocksize); goto failed_mount; } brelse(bh); logical_sb_block = sb_block * EXT4_MIN_BLOCK_SIZE; offset = do_div(logical_sb_block, blocksize); bh = sb_bread(sb, logical_sb_block); if (!bh) { ext4_msg(sb, KERN_ERR, ""Can't read superblock on 2nd try""); goto failed_mount; } es = (struct ext4_super_block *)(((char *)bh->b_data) + offset); sbi->s_es = es; if (es->s_magic != cpu_to_le16(EXT4_SUPER_MAGIC)) { ext4_msg(sb, KERN_ERR, ""Magic mismatch, very weird!""); goto failed_mount; } } has_huge_files = EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_HUGE_FILE); sbi->s_bitmap_maxbytes = ext4_max_bitmap_size(sb->s_blocksize_bits, has_huge_files); sb->s_maxbytes = ext4_max_size(sb->s_blocksize_bits, has_huge_files); if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV) { sbi->s_inode_size = EXT4_GOOD_OLD_INODE_SIZE; sbi->s_first_ino = EXT4_GOOD_OLD_FIRST_INO; } else { sbi->s_inode_size = le16_to_cpu(es->s_inode_size); sbi->s_first_ino = le32_to_cpu(es->s_first_ino); if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) || (!is_power_of_2(sbi->s_inode_size)) || (sbi->s_inode_size > blocksize)) { ext4_msg(sb, KERN_ERR, ""unsupported inode size: %d"", sbi->s_inode_size); goto failed_mount; } if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) sb->s_time_gran = 1 << (EXT4_EPOCH_BITS - 2); } sbi->s_desc_size = le16_to_cpu(es->s_desc_size); if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_64BIT)) { if (sbi->s_desc_size < EXT4_MIN_DESC_SIZE_64BIT || sbi->s_desc_size > EXT4_MAX_DESC_SIZE || !is_power_of_2(sbi->s_desc_size)) { ext4_msg(sb, KERN_ERR, ""unsupported descriptor size %lu"", sbi->s_desc_size); goto failed_mount; } } else sbi->s_desc_size = EXT4_MIN_DESC_SIZE; sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group); sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group); if (EXT4_INODE_SIZE(sb) == 0 || EXT4_INODES_PER_GROUP(sb) == 0) goto cantfind_ext4; sbi->s_inodes_per_block = blocksize / EXT4_INODE_SIZE(sb); if (sbi->s_inodes_per_block == 0) goto cantfind_ext4; sbi->s_itb_per_group = sbi->s_inodes_per_group / sbi->s_inodes_per_block; sbi->s_desc_per_block = blocksize / EXT4_DESC_SIZE(sb); sbi->s_sbh = bh; sbi->s_mount_state = le16_to_cpu(es->s_state); sbi->s_addr_per_block_bits = ilog2(EXT4_ADDR_PER_BLOCK(sb)); sbi->s_desc_per_block_bits = ilog2(EXT4_DESC_PER_BLOCK(sb)); for (i = 0; i < 4; i++) sbi->s_hash_seed[i] = le32_to_cpu(es->s_hash_seed[i]); sbi->s_def_hash_version = es->s_def_hash_version; i = le32_to_cpu(es->s_flags); if (i & EXT2_FLAGS_UNSIGNED_HASH) sbi->s_hash_unsigned = 3; else if ((i & EXT2_FLAGS_SIGNED_HASH) == 0) { #ifdef __CHAR_UNSIGNED__ es->s_flags |= cpu_to_le32(EXT2_FLAGS_UNSIGNED_HASH); sbi->s_hash_unsigned = 3; #else es->s_flags |= cpu_to_le32(EXT2_FLAGS_SIGNED_HASH); #endif sb->s_dirt = 1; } if (sbi->s_blocks_per_group > blocksize * 8) { ext4_msg(sb, KERN_ERR, ""#blocks per group too big: %lu"", sbi->s_blocks_per_group); goto failed_mount; } if (sbi->s_inodes_per_group > blocksize * 8) { ext4_msg(sb, KERN_ERR, ""#inodes per group too big: %lu"", sbi->s_inodes_per_group); goto failed_mount; } if ((ext4_blocks_count(es) > (sector_t)(~0ULL) >> (sb->s_blocksize_bits - 9)) || (ext4_blocks_count(es) > (pgoff_t)(~0ULL) >> (PAGE_CACHE_SHIFT - sb->s_blocksize_bits))) { ext4_msg(sb, KERN_ERR, ""filesystem"" "" too large to mount safely on this system""); if (sizeof(sector_t) < 8) ext4_msg(sb, KERN_WARNING, ""CONFIG_LBDAF not enabled""); ret = -EFBIG; goto failed_mount; } if (EXT4_BLOCKS_PER_GROUP(sb) == 0) goto cantfind_ext4; blocks_count = sb->s_bdev->bd_inode->i_size >> sb->s_blocksize_bits; if (blocks_count && ext4_blocks_count(es) > blocks_count) { ext4_msg(sb, KERN_WARNING, ""bad geometry: block count %llu "" ""exceeds size of device (%llu blocks)"", ext4_blocks_count(es), blocks_count); goto failed_mount; } if (le32_to_cpu(es->s_first_data_block) >= ext4_blocks_count(es)) { ext4_msg(sb, KERN_WARNING, ""bad geometry: first data"" ""block %u is beyond end of filesystem (%llu)"", le32_to_cpu(es->s_first_data_block), ext4_blocks_count(es)); goto failed_mount; } blocks_count = (ext4_blocks_count(es) - le32_to_cpu(es->s_first_data_block) + EXT4_BLOCKS_PER_GROUP(sb) - 1); do_div(blocks_count, EXT4_BLOCKS_PER_GROUP(sb)); if (blocks_count > ((uint64_t)1<<32) - EXT4_DESC_PER_BLOCK(sb)) { ext4_msg(sb, KERN_WARNING, ""groups count too large: %u "" ""(block count %llu, first data block %u, "" ""blocks per group %lu)"", sbi->s_groups_count, ext4_blocks_count(es), le32_to_cpu(es->s_first_data_block), EXT4_BLOCKS_PER_GROUP(sb)); goto failed_mount; } sbi->s_groups_count = blocks_count; sbi->s_blockfile_groups = min_t(ext4_group_t, sbi->s_groups_count, (EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb))); db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) / EXT4_DESC_PER_BLOCK(sb); sbi->s_group_desc = kmalloc(db_count * sizeof(struct buffer_head *), GFP_KERNEL); if (sbi->s_group_desc == NULL) { ext4_msg(sb, KERN_ERR, ""not enough memory""); goto failed_mount; } #ifdef CONFIG_PROC_FS if (ext4_proc_root) sbi->s_proc = proc_mkdir(sb->s_id, ext4_proc_root); #endif bgl_lock_init(sbi->s_blockgroup_lock); for (i = 0; i < db_count; i++) { block = descriptor_loc(sb, logical_sb_block, i); sbi->s_group_desc[i] = sb_bread(sb, block); if (!sbi->s_group_desc[i]) { ext4_msg(sb, KERN_ERR, ""can't read group descriptor %d"", i); db_count = i; goto failed_mount2; } } if (!ext4_check_descriptors(sb)) { ext4_msg(sb, KERN_ERR, ""group descriptors corrupted!""); goto failed_mount2; } if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) if (!ext4_fill_flex_info(sb)) { ext4_msg(sb, KERN_ERR, ""unable to initialize "" ""flex_bg meta info!""); goto failed_mount2; } sbi->s_gdb_count = db_count; get_random_bytes(&sbi->s_next_generation, sizeof(u32)); spin_lock_init(&sbi->s_next_gen_lock); err = percpu_counter_init(&sbi->s_freeblocks_counter, ext4_count_free_blocks(sb)); if (!err) { err = percpu_counter_init(&sbi->s_freeinodes_counter, ext4_count_free_inodes(sb)); } if (!err) { err = percpu_counter_init(&sbi->s_dirs_counter, ext4_count_dirs(sb)); } if (!err) { err = percpu_counter_init(&sbi->s_dirtyblocks_counter, 0); } if (err) { ext4_msg(sb, KERN_ERR, ""insufficient memory""); goto failed_mount3; } sbi->s_stripe = ext4_get_stripe_size(sbi); sbi->s_max_writeback_mb_bump = 128; if (!test_opt(sb, NOLOAD) && EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)) sb->s_op = &ext4_sops; else sb->s_op = &ext4_nojournal_sops; sb->s_export_op = &ext4_export_ops; sb->s_xattr = ext4_xattr_handlers; #ifdef CONFIG_QUOTA sb->s_qcop = &ext4_qctl_operations; sb->dq_op = &ext4_quota_operations; #endif INIT_LIST_HEAD(&sbi->s_orphan); mutex_init(&sbi->s_orphan_lock); mutex_init(&sbi->s_resize_lock); sb->s_root = NULL; needs_recovery = (es->s_last_orphan != 0 || EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER)); if (!test_opt(sb, NOLOAD) && EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)) { if (ext4_load_journal(sb, es, journal_devnum)) goto failed_mount3; } else if (test_opt(sb, NOLOAD) && !(sb->s_flags & MS_RDONLY) && EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER)) { ext4_msg(sb, KERN_ERR, ""required journal recovery "" ""suppressed and not mounted read-only""); goto failed_mount4; } else { clear_opt(sbi->s_mount_opt, DATA_FLAGS); set_opt(sbi->s_mount_opt, WRITEBACK_DATA); sbi->s_journal = NULL; needs_recovery = 0; goto no_journal; } if (ext4_blocks_count(es) > 0xffffffffULL && !jbd2_journal_set_features(EXT4_SB(sb)->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_64BIT)) { ext4_msg(sb, KERN_ERR, ""Failed to set 64-bit journal feature""); goto failed_mount4; } if (test_opt(sb, JOURNAL_ASYNC_COMMIT)) { jbd2_journal_set_features(sbi->s_journal, JBD2_FEATURE_COMPAT_CHECKSUM, 0, JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT); } else if (test_opt(sb, JOURNAL_CHECKSUM)) { jbd2_journal_set_features(sbi->s_journal, JBD2_FEATURE_COMPAT_CHECKSUM, 0, 0); jbd2_journal_clear_features(sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT); } else { jbd2_journal_clear_features(sbi->s_journal, JBD2_FEATURE_COMPAT_CHECKSUM, 0, JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT); } switch (test_opt(sb, DATA_FLAGS)) { case 0: if (jbd2_journal_check_available_features (sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_REVOKE)) set_opt(sbi->s_mount_opt, ORDERED_DATA); else set_opt(sbi->s_mount_opt, JOURNAL_DATA); break; case EXT4_MOUNT_ORDERED_DATA: case EXT4_MOUNT_WRITEBACK_DATA: if (!jbd2_journal_check_available_features (sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_REVOKE)) { ext4_msg(sb, KERN_ERR, ""Journal does not support "" ""requested data journaling mode""); goto failed_mount4; } default: break; } set_task_ioprio(sbi->s_journal->j_task, journal_ioprio); no_journal: if (test_opt(sb, NOBH)) { if (!(test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_WRITEBACK_DATA)) { ext4_msg(sb, KERN_WARNING, ""Ignoring nobh option - "" ""its supported only with writeback mode""); clear_opt(sbi->s_mount_opt, NOBH); } } EXT4_SB(sb)->dio_unwritten_wq = create_workqueue(""ext4-dio-unwritten""); if (!EXT4_SB(sb)->dio_unwritten_wq) { printk(KERN_ERR ""EXT4-fs: failed to create DIO workqueue\n""); goto failed_mount_wq; } root = ext4_iget(sb, EXT4_ROOT_INO); if (IS_ERR(root)) { ext4_msg(sb, KERN_ERR, ""get root inode failed""); ret = PTR_ERR(root); goto failed_mount4; } if (!S_ISDIR(root->i_mode) || !root->i_blocks || !root->i_size) { iput(root); ext4_msg(sb, KERN_ERR, ""corrupt root inode, run e2fsck""); goto failed_mount4; } sb->s_root = d_alloc_root(root); if (!sb->s_root) { ext4_msg(sb, KERN_ERR, ""get root dentry failed""); iput(root); ret = -ENOMEM; goto failed_mount4; } ext4_setup_super(sb, es, sb->s_flags & MS_RDONLY); if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; if (EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_EXTRA_ISIZE)) { if (sbi->s_want_extra_isize < le16_to_cpu(es->s_want_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_want_extra_isize); if (sbi->s_want_extra_isize < le16_to_cpu(es->s_min_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_min_extra_isize); } } if (EXT4_GOOD_OLD_INODE_SIZE + sbi->s_want_extra_isize > sbi->s_inode_size) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; ext4_msg(sb, KERN_INFO, ""required extra inode space not"" ""available""); } if (test_opt(sb, DELALLOC) && (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA)) { ext4_msg(sb, KERN_WARNING, ""Ignoring delalloc option - "" ""requested data journaling mode""); clear_opt(sbi->s_mount_opt, DELALLOC); } err = ext4_setup_system_zone(sb); if (err) { ext4_msg(sb, KERN_ERR, ""failed to initialize system "" ""zone (%d)\n"", err); goto failed_mount4; } ext4_ext_init(sb); err = ext4_mb_init(sb, needs_recovery); if (err) { ext4_msg(sb, KERN_ERR, ""failed to initalize mballoc (%d)"", err); goto failed_mount4; } sbi->s_kobj.kset = ext4_kset; init_completion(&sbi->s_kobj_unregister); err = kobject_init_and_add(&sbi->s_kobj, &ext4_ktype, NULL, ""%s"", sb->s_id); if (err) { ext4_mb_release(sb); ext4_ext_release(sb); goto failed_mount4; }; EXT4_SB(sb)->s_mount_state |= EXT4_ORPHAN_FS; ext4_orphan_cleanup(sb, es); EXT4_SB(sb)->s_mount_state &= ~EXT4_ORPHAN_FS; if (needs_recovery) { ext4_msg(sb, KERN_INFO, ""recovery complete""); ext4_mark_recovery_complete(sb, es); } if (EXT4_SB(sb)->s_journal) { if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) descr = "" journalled data mode""; else if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_ORDERED_DATA) descr = "" ordered data mode""; else descr = "" writeback data mode""; } else descr = ""out journal""; ext4_msg(sb, KERN_INFO, ""mounted filesystem with%s"", descr); lock_kernel(); return 0; cantfind_ext4: if (!silent) ext4_msg(sb, KERN_ERR, ""VFS: Can't find ext4 filesystem""); goto failed_mount; failed_mount4: ext4_msg(sb, KERN_ERR, ""mount failed""); destroy_workqueue(EXT4_SB(sb)->dio_unwritten_wq); failed_mount_wq: ext4_release_system_zone(sb); if (sbi->s_journal) { jbd2_journal_destroy(sbi->s_journal); sbi->s_journal = NULL; } failed_mount3: if (sbi->s_flex_groups) { if (is_vmalloc_addr(sbi->s_flex_groups)) vfree(sbi->s_flex_groups); else kfree(sbi->s_flex_groups); } percpu_counter_destroy(&sbi->s_freeblocks_counter); percpu_counter_destroy(&sbi->s_freeinodes_counter); percpu_counter_destroy(&sbi->s_dirs_counter); percpu_counter_destroy(&sbi->s_dirtyblocks_counter); failed_mount2: for (i = 0; i < db_count; i++) brelse(sbi->s_group_desc[i]); kfree(sbi->s_group_desc); failed_mount: if (sbi->s_proc) { remove_proc_entry(sb->s_id, ext4_proc_root); } #ifdef CONFIG_QUOTA for (i = 0; i < MAXQUOTAS; i++) kfree(sbi->s_qf_names[i]); #endif ext4_blkdev_remove(sbi); brelse(bh); out_fail: sb->s_fs_info = NULL; kfree(sbi->s_blockgroup_lock); kfree(sbi); lock_kernel(); return ret; }",visit repo url,fs/ext4/super.c,https://github.com/torvalds/linux,73276662569371,1 5811,CWE-269,"dictionary * iniparser_load(const char * ininame) { FILE * in ; char line [ASCIILINESZ+1] ; char section [ASCIILINESZ+1] ; char key [ASCIILINESZ+1] ; char tmp [(ASCIILINESZ * 2) + 1] ; char val [ASCIILINESZ+1] ; int last=0 ; int len ; int lineno=0 ; int errs=0; dictionary * dict ; if ((in=fopen(ininame, ""r""))==NULL) { fprintf(stderr, ""iniparser: cannot open %s\n"", ininame); return NULL ; } dict = dictionary_new(0) ; if (!dict) { fclose(in); return NULL ; } memset(line, 0, ASCIILINESZ); memset(section, 0, ASCIILINESZ); memset(key, 0, ASCIILINESZ); memset(val, 0, ASCIILINESZ); last=0 ; while (fgets(line+last, ASCIILINESZ-last, in)!=NULL) { lineno++ ; len = (int)strlen(line)-1; if (len==0) continue; if (line[len]!='\n' && !feof(in)) { fprintf(stderr, ""iniparser: input line too long in %s (%d)\n"", ininame, lineno); dictionary_del(dict); fclose(in); return NULL ; } while ((len>=0) && ((line[len]=='\n') || (isspace(line[len])))) { line[len]=0 ; len-- ; } if (len < 0) { len = 0; } if (line[len]=='\\') { last=len ; continue ; } else { last=0 ; } switch (iniparser_line(line, section, key, val)) { case LINE_EMPTY: case LINE_COMMENT: break ; case LINE_SECTION: errs = dictionary_set(dict, section, NULL); break ; case LINE_VALUE: sprintf(tmp, ""%s:%s"", section, key); errs = dictionary_set(dict, tmp, val) ; break ; case LINE_ERROR: fprintf(stderr, ""iniparser: syntax error in %s (%d):\n"", ininame, lineno); fprintf(stderr, ""-> %s\n"", line); errs++ ; break; default: break ; } memset(line, 0, ASCIILINESZ); last=0; if (errs<0) { fprintf(stderr, ""iniparser: memory allocation failure\n""); break ; } } if (errs) { dictionary_del(dict); dict = NULL ; } fclose(in); return dict ; }",visit repo url,src/iniparser/iniparser.c,https://github.com/GNS3/ubridge,248994492991953,1 1284,CWE-119,"static ssize_t bat_socket_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { struct socket_client *socket_client = file->private_data; struct socket_packet *socket_packet; size_t packet_len; int error; if ((file->f_flags & O_NONBLOCK) && (socket_client->queue_len == 0)) return -EAGAIN; if ((!buf) || (count < sizeof(struct icmp_packet))) return -EINVAL; if (!access_ok(VERIFY_WRITE, buf, count)) return -EFAULT; error = wait_event_interruptible(socket_client->queue_wait, socket_client->queue_len); if (error) return error; spin_lock_bh(&socket_client->lock); socket_packet = list_first_entry(&socket_client->queue_list, struct socket_packet, list); list_del(&socket_packet->list); socket_client->queue_len--; spin_unlock_bh(&socket_client->lock); error = copy_to_user(buf, &socket_packet->icmp_packet, socket_packet->icmp_len); packet_len = socket_packet->icmp_len; kfree(socket_packet); if (error) return -EFAULT; return packet_len; }",visit repo url,net/batman-adv/icmp_socket.c,https://github.com/torvalds/linux,138615499403762,1 6573,['CWE-200'],"get_device_class (NMDevice *device, NMApplet *applet) { g_return_val_if_fail (device != NULL, NULL); g_return_val_if_fail (applet != NULL, NULL); if (NM_IS_DEVICE_ETHERNET (device)) return applet->wired_class; else if (NM_IS_DEVICE_WIFI (device)) return applet->wifi_class; else if (NM_IS_GSM_DEVICE (device)) return applet->gsm_class; else if (NM_IS_CDMA_DEVICE (device)) return applet->cdma_class; else g_message (""%s: Unknown device type '%s'"", __func__, G_OBJECT_TYPE_NAME (device)); return NULL; }",network-manager-applet,,,168789735472739282747887364520044361970,0 1058,['CWE-20'],"int set_current_groups(struct group_info *group_info) { int retval; struct group_info *old_info; retval = security_task_setgroups(group_info); if (retval) return retval; groups_sort(group_info); get_group_info(group_info); task_lock(current); old_info = current->group_info; current->group_info = group_info; task_unlock(current); put_group_info(old_info); return 0; }",linux-2.6,,,50736659833723420674479626528854390972,0 892,['CWE-200'],"static int shmem_statfs(struct dentry *dentry, struct kstatfs *buf) { struct shmem_sb_info *sbinfo = SHMEM_SB(dentry->d_sb); buf->f_type = TMPFS_MAGIC; buf->f_bsize = PAGE_CACHE_SIZE; buf->f_namelen = NAME_MAX; spin_lock(&sbinfo->stat_lock); if (sbinfo->max_blocks) { buf->f_blocks = sbinfo->max_blocks; buf->f_bavail = buf->f_bfree = sbinfo->free_blocks; } if (sbinfo->max_inodes) { buf->f_files = sbinfo->max_inodes; buf->f_ffree = sbinfo->free_inodes; } spin_unlock(&sbinfo->stat_lock); return 0; }",linux-2.6,,,5833047209883121221385606190815453366,0 4168,['CWE-399'],"static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddress *src_address, uint16_t port, const AvahiAddress *dst_address, AvahiIfIndex iface, int ttl) { AvahiInterface *i; int from_local_iface = 0; assert(s); assert(p); assert(src_address); assert(dst_address); assert(iface > 0); assert(src_address->proto == dst_address->proto); if (!(i = avahi_interface_monitor_get_interface(s->monitor, iface, src_address->proto)) || !i->announcing) { avahi_log_warn(""Received packet from invalid interface.""); return; } if (port <= 0) { avahi_log_warn(""Received packet from invalid source port.""); return; } if (avahi_address_is_ipv4_in_ipv6(src_address)) return; if (originates_from_local_legacy_unicast_socket(s, src_address, port)) return; if (s->config.enable_reflector) from_local_iface = originates_from_local_iface(s, iface, src_address, port); if (avahi_dns_packet_check_valid_multicast(p) < 0) { avahi_log_warn(""Received invalid packet.""); return; } if (avahi_dns_packet_is_query(p)) { int legacy_unicast = 0; if (avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_ARCOUNT) != 0) { avahi_log_warn(""Invalid query packet.""); return; } if (port != AVAHI_MDNS_PORT) { if ((avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_ANCOUNT) != 0 || avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_NSCOUNT) != 0)) { avahi_log_warn(""Invalid legacy unicast query packet.""); return; } legacy_unicast = 1; } if (legacy_unicast) reflect_legacy_unicast_query_packet(s, p, i, src_address, port); handle_query_packet(s, p, i, src_address, port, legacy_unicast, from_local_iface); } else { char t[AVAHI_ADDRESS_STR_MAX]; if (port != AVAHI_MDNS_PORT) { avahi_log_warn(""Received response from host %s with invalid source port %u on interface '%s.%i'"", avahi_address_snprint(t, sizeof(t), src_address), port, i->hardware->name, i->protocol); return; } if (ttl != 255 && s->config.check_response_ttl) { avahi_log_warn(""Received response from host %s with invalid TTL %u on interface '%s.%i'."", avahi_address_snprint(t, sizeof(t), src_address), ttl, i->hardware->name, i->protocol); return; } if (!is_mdns_mcast_address(dst_address) && !avahi_interface_address_on_link(i, src_address)) { avahi_log_warn(""Received non-local response from host %s on interface '%s.%i'."", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); return; } if (avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_QDCOUNT) != 0 || avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_ANCOUNT) == 0 || avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_NSCOUNT) != 0) { avahi_log_warn(""Invalid response packet from host %s."", avahi_address_snprint(t, sizeof(t), src_address)); return; } handle_response_packet(s, p, i, src_address, from_local_iface); } }",avahi,,,10584847004383218553894955368175662021,0 4221,['CWE-399']," __acquires(dev->ingress_lock) { spin_lock_bh(&dev->queue_lock); spin_lock(&dev->ingress_lock); }",linux-2.6,,,92815270118869843406032347545489298761,0 4123,['CWE-399'],"int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, struct scsi_ioctl_command __user *sic) { struct request *rq; int err; unsigned int in_len, out_len, bytes, opcode, cmdlen; char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; if (!sic) return -EINVAL; if (get_user(in_len, &sic->inlen)) return -EFAULT; if (get_user(out_len, &sic->outlen)) return -EFAULT; if (in_len > PAGE_SIZE || out_len > PAGE_SIZE) return -EINVAL; if (get_user(opcode, sic->data)) return -EFAULT; bytes = max(in_len, out_len); if (bytes) { buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN); if (!buffer) return -ENOMEM; } rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT); cmdlen = COMMAND_SIZE(opcode); err = -EFAULT; rq->cmd_len = cmdlen; if (copy_from_user(rq->cmd, sic->data, cmdlen)) goto error; if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; err = blk_verify_command(&q->cmd_filter, rq->cmd, mode & FMODE_WRITE); if (err) goto error; rq->retries = 5; switch (opcode) { case SEND_DIAGNOSTIC: case FORMAT_UNIT: rq->timeout = FORMAT_UNIT_TIMEOUT; rq->retries = 1; break; case START_STOP: rq->timeout = START_STOP_TIMEOUT; break; case MOVE_MEDIUM: rq->timeout = MOVE_MEDIUM_TIMEOUT; break; case READ_ELEMENT_STATUS: rq->timeout = READ_ELEMENT_STATUS_TIMEOUT; break; case READ_DEFECT_DATA: rq->timeout = READ_DEFECT_DATA_TIMEOUT; rq->retries = 1; break; default: rq->timeout = BLK_DEFAULT_SG_TIMEOUT; break; } if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, __GFP_WAIT)) { err = DRIVER_ERROR << 24; goto out; } memset(sense, 0, sizeof(sense)); rq->sense = sense; rq->sense_len = 0; rq->cmd_type = REQ_TYPE_BLOCK_PC; blk_execute_rq(q, disk, rq, 0); out: err = rq->errors & 0xff; if (err) { if (rq->sense_len && rq->sense) { bytes = (OMAX_SB_LEN > rq->sense_len) ? rq->sense_len : OMAX_SB_LEN; if (copy_to_user(sic->data, rq->sense, bytes)) err = -EFAULT; } } else { if (copy_to_user(sic->data, buffer, out_len)) err = -EFAULT; } error: kfree(buffer); blk_put_request(rq); return err; }",linux-2.6,,,149028341228274380302956631352534850997,0 5796,CWE-125,"snmp_engine(unsigned char *buff, uint32_t buff_len, unsigned char *out, uint32_t *out_len) { static snmp_header_t header; static snmp_varbind_t varbinds[SNMP_MAX_NR_VALUES]; static uint32_t varbind_length = SNMP_MAX_NR_VALUES; buff = snmp_message_decode(buff, buff_len, &header, varbinds, &varbind_length); if(buff == NULL) { return NULL; } if(header.version != SNMP_VERSION_1) { if(strncmp(header.community.community, SNMP_COMMUNITY, header.community.length)) { LOG_ERR(""Request with invalid community\n""); return NULL; } } switch(header.pdu_type) { case SNMP_DATA_TYPE_PDU_GET_REQUEST: if(snmp_engine_get(&header, varbinds, varbind_length) == -1) { return NULL; } break; case SNMP_DATA_TYPE_PDU_GET_NEXT_REQUEST: if(snmp_engine_get_next(&header, varbinds, varbind_length) == -1) { return NULL; } break; case SNMP_DATA_TYPE_PDU_GET_BULK: if(snmp_engine_get_bulk(&header, varbinds, &varbind_length) == -1) { return NULL; } break; default: LOG_ERR(""Invalid request type""); return NULL; } header.pdu_type = SNMP_DATA_TYPE_PDU_GET_RESPONSE; out = snmp_message_encode(out, out_len, &header, varbinds, varbind_length); return ++out; }",visit repo url,os/net/app-layer/snmp/snmp-engine.c,https://github.com/contiki-ng/contiki-ng,252158486742276,1 1221,[],"m4_dnl (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 1, 1)) return; skip_line (); }",m4,,,45773817996351505388834969106548936474,0 2470,['CWE-119'],"static void diff_fill_sha1_info(struct diff_filespec *one) { if (DIFF_FILE_VALID(one)) { if (!one->sha1_valid) { struct stat st; if (!strcmp(one->path, ""-"")) { hashcpy(one->sha1, null_sha1); return; } if (lstat(one->path, &st) < 0) die(""stat %s"", one->path); if (index_path(one->sha1, one->path, &st, 0)) die(""cannot hash %s\n"", one->path); } } else hashclr(one->sha1); }",git,,,75565546424763606799857910359560189525,0 798,CWE-20,"static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(kiocb); struct scm_cookie scm; struct sock *sk = sock->sk; struct netlink_sock *nlk = nlk_sk(sk); int noblock = flags&MSG_DONTWAIT; size_t copied; struct sk_buff *skb, *data_skb; int err, ret; if (flags&MSG_OOB) return -EOPNOTSUPP; copied = 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (skb == NULL) goto out; data_skb = skb; #ifdef CONFIG_COMPAT_NETLINK_MESSAGES if (unlikely(skb_shinfo(skb)->frag_list)) { if (flags & MSG_CMSG_COMPAT) data_skb = skb_shinfo(skb)->frag_list; } #endif msg->msg_namelen = 0; copied = data_skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(data_skb); err = skb_copy_datagram_iovec(data_skb, 0, msg->msg_iov, copied); if (msg->msg_name) { struct sockaddr_nl *addr = (struct sockaddr_nl *)msg->msg_name; addr->nl_family = AF_NETLINK; addr->nl_pad = 0; addr->nl_pid = NETLINK_CB(skb).portid; addr->nl_groups = netlink_group_mask(NETLINK_CB(skb).dst_group); msg->msg_namelen = sizeof(*addr); } if (nlk->flags & NETLINK_RECV_PKTINFO) netlink_cmsg_recv_pktinfo(msg, skb); if (NULL == siocb->scm) { memset(&scm, 0, sizeof(scm)); siocb->scm = &scm; } siocb->scm->creds = *NETLINK_CREDS(skb); if (flags & MSG_TRUNC) copied = data_skb->len; skb_free_datagram(sk, skb); if (nlk->cb_running && atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) { ret = netlink_dump(sk); if (ret) { sk->sk_err = ret; sk->sk_error_report(sk); } } scm_recv(sock, msg, siocb->scm, flags); out: netlink_rcv_wake(sk); return err ? : copied; }",visit repo url,net/netlink/af_netlink.c,https://github.com/torvalds/linux,280528127100709,1 466,[],"pfm_syst_wide_update_task(struct task_struct *task, unsigned long info, int is_ctxswin) { struct pt_regs *regs; unsigned long dcr; unsigned long dcr_pp; dcr_pp = info & PFM_CPUINFO_DCR_PP ? 1 : 0; if ((info & PFM_CPUINFO_EXCL_IDLE) == 0 || task->pid) { regs = task_pt_regs(task); ia64_psr(regs)->pp = is_ctxswin ? dcr_pp : 0; return; } if (dcr_pp) { dcr = ia64_getreg(_IA64_REG_CR_DCR); if (is_ctxswin) { ia64_setreg(_IA64_REG_CR_DCR, dcr & ~IA64_DCR_PP); pfm_clear_psr_pp(); ia64_srlz_i(); return; } ia64_setreg(_IA64_REG_CR_DCR, dcr |IA64_DCR_PP); pfm_set_psr_pp(); ia64_srlz_i(); } }",linux-2.6,,,313720137628321685794072600598365906260,0 1762,[],"asmlinkage long sys_sched_get_priority_max(int policy) { int ret = -EINVAL; switch (policy) { case SCHED_FIFO: case SCHED_RR: ret = MAX_USER_RT_PRIO-1; break; case SCHED_NORMAL: case SCHED_BATCH: case SCHED_IDLE: ret = 0; break; } return ret; }",linux-2.6,,,36327880010663975964322838353322740764,0 2272,['CWE-120'],"void unlock_rename(struct dentry *p1, struct dentry *p2) { mutex_unlock(&p1->d_inode->i_mutex); if (p1 != p2) { mutex_unlock(&p2->d_inode->i_mutex); mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex); } }",linux-2.6,,,177004251913984149277791666857934189316,0 3007,['CWE-189'],"static int jas_iccprof_writehdr(jas_stream_t *out, jas_icchdr_t *hdr) { if (jas_iccputuint32(out, hdr->size) || jas_iccputuint32(out, hdr->cmmtype) || jas_iccputuint32(out, hdr->version) || jas_iccputuint32(out, hdr->clas) || jas_iccputuint32(out, hdr->colorspc) || jas_iccputuint32(out, hdr->refcolorspc) || jas_iccputtime(out, &hdr->ctime) || jas_iccputuint32(out, hdr->magic) || jas_iccputuint32(out, hdr->platform) || jas_iccputuint32(out, hdr->flags) || jas_iccputuint32(out, hdr->maker) || jas_iccputuint32(out, hdr->model) || jas_iccputuint64(out, hdr->attr) || jas_iccputuint32(out, hdr->intent) || jas_iccputxyz(out, &hdr->illum) || jas_iccputuint32(out, hdr->creator) || jas_stream_pad(out, 44, 0) != 44) return -1; return 0; }",jasper,,,241509295624700831294814503864034255043,0 1392,CWE-310,"static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_blkcipher rblkcipher; snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""givcipher""); snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", alg->cra_ablkcipher.geniv ?: """"); rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize; rblkcipher.ivsize = alg->cra_ablkcipher.ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, sizeof(struct crypto_report_blkcipher), &rblkcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/ablkcipher.c,https://github.com/torvalds/linux,228992141557548,1 5378,CWE-125,"int main(int argc, char *argv[]) { int32_t ret = GPMF_OK; GPMF_stream metadata_stream, *ms = &metadata_stream; double metadatalength; uint32_t *payload = NULL; if (argc != 2) { printf(""usage: %s \n"", argv[0]); return -1; } size_t mp4 = OpenMP4Source(argv[1], MOV_GPMF_TRAK_TYPE, MOV_GPMF_TRAK_SUBTYPE); metadatalength = GetDuration(mp4); if (metadatalength > 0.0) { uint32_t index, payloads = GetNumberPayloads(mp4); #if 1 if (payloads == 1) { uint32_t payloadsize = GetPayloadSize(mp4,0); payload = GetPayload(mp4, payload, 0); if(payload == NULL) goto cleanup; ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; ret = GPMF_Validate(ms, GPMF_RECURSE_LEVELS); if (GPMF_OK != ret) { printf(""Invalid Structure\n""); goto cleanup; } GPMF_ResetState(ms); do { PrintGPMF(ms); } while (GPMF_OK == GPMF_Next(ms, GPMF_RECURSE_LEVELS)); GPMF_ResetState(ms); printf(""\n""); } #endif for (index = 0; index < payloads; index++) { uint32_t payloadsize = GetPayloadSize(mp4, index); float in = 0.0, out = 0.0; payload = GetPayload(mp4, payload, index); if (payload == NULL) goto cleanup; ret = GetPayloadTime(mp4, index, &in, &out); if (ret != GPMF_OK) goto cleanup; ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; #if 1 if (index == 0) { ret = GPMF_FindNext(ms, GPMF_KEY_STREAM, GPMF_RECURSE_LEVELS); while (GPMF_OK == ret) { ret = GPMF_SeekToSamples(ms); if (GPMF_OK == ret) { uint32_t key = GPMF_Key(ms); GPMF_SampleType type = GPMF_Type(ms); uint32_t elements = GPMF_ElementsInStruct(ms); uint32_t samples = GPMF_PayloadSampleCount(ms); if (samples) { printf("" STRM of %c%c%c%c "", PRINTF_4CC(key)); if (type == GPMF_TYPE_COMPLEX) { GPMF_stream find_stream; GPMF_CopyState(ms, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TYPE, GPMF_CURRENT_LEVEL)) { char tmp[64]; char *data = (char *)GPMF_RawData(&find_stream); int size = GPMF_RawDataSize(&find_stream); if (size < sizeof(tmp)) { memcpy(tmp, data, size); tmp[size] = 0; printf(""of type %s "", tmp); } } } else { printf(""of type %c "", type); } printf(""with %d sample%s "", samples, samples > 1 ? ""s"" : """"); if (elements > 1) printf(""-- %d elements per sample"", elements); printf(""\n""); } ret = GPMF_FindNext(ms, GPMF_KEY_STREAM, GPMF_RECURSE_LEVELS); } else { if (ret == GPMF_ERROR_BAD_STRUCTURE) { ret = GPMF_Next(ms, GPMF_CURRENT_LEVEL); } } } GPMF_ResetState(ms); printf(""\n""); } #endif #if 1 if (index == 0) { if (GPMF_OK == GPMF_FindNext(ms, STR2FOURCC(""GPS5""), GPMF_RECURSE_LEVELS) || GPMF_OK == GPMF_FindNext(ms, STR2FOURCC(""GPRI""), GPMF_RECURSE_LEVELS)) { uint32_t key = GPMF_Key(ms); uint32_t samples = GPMF_Repeat(ms); uint32_t elements = GPMF_ElementsInStruct(ms); uint32_t buffersize = samples * elements * sizeof(double); GPMF_stream find_stream; double *ptr, *tmpbuffer = malloc(buffersize); char units[10][6] = { """" }; uint32_t unit_samples = 1; printf(""MP4 Payload time %.3f to %.3f seconds\n"", in, out); if (tmpbuffer && samples) { uint32_t i, j; GPMF_CopyState(ms, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_SI_UNITS, GPMF_CURRENT_LEVEL) || GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_UNITS, GPMF_CURRENT_LEVEL)) { char *data = (char *)GPMF_RawData(&find_stream); int ssize = GPMF_StructSize(&find_stream); unit_samples = GPMF_Repeat(&find_stream); for (i = 0; i < unit_samples; i++) { memcpy(units[i], data, ssize); units[i][ssize] = 0; data += ssize; } } GPMF_ScaledData(ms, tmpbuffer, buffersize, 0, samples, GPMF_TYPE_DOUBLE); ptr = tmpbuffer; for (i = 0; i < samples; i++) { printf(""%c%c%c%c "", PRINTF_4CC(key)); for (j = 0; j < elements; j++) printf(""%.3f%s, "", *ptr++, units[j%unit_samples]); printf(""\n""); } free(tmpbuffer); } } GPMF_ResetState(ms); printf(""\n""); } #endif } #if 1 while (GPMF_OK == GPMF_FindNext(ms, GPMF_KEY_STREAM, GPMF_RECURSE_LEVELS)) { if (GPMF_OK == GPMF_SeekToSamples(ms)) { uint32_t fourcc = GPMF_Key(ms); double rate = GetGPMFSampleRate(mp4, fourcc, GPMF_SAMPLE_RATE_PRECISE); printf(""%c%c%c%c sampling rate = %f Hz\n"", PRINTF_4CC(fourcc), rate); } } #endif cleanup: if (payload) FreePayload(payload); payload = NULL; CloseSource(mp4); } return ret; }",visit repo url,demo/GPMF_demo.c,https://github.com/gopro/gpmf-parser,197991278856194,1 3414,CWE-119,"static void show_object(struct object *obj, struct strbuf *path, const char *last, void *data) { char *name = path_name(path, last); add_preferred_base_object(name); add_object_entry(obj->oid.hash, obj->type, name, 0); obj->flags |= OBJECT_ADDED; free((char *)name); }",visit repo url,builtin/pack-objects.c,https://github.com/git/git,249202727033266,1 5069,CWE-787,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 1542,[],"unsigned long nr_iowait(void) { unsigned long i, sum = 0; for_each_possible_cpu(i) sum += atomic_read(&cpu_rq(i)->nr_iowait); return sum; }",linux-2.6,,,206291486414993805389094220492516728350,0 3642,CWE-264,"static void timer_enter_running(Timer *t) { _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; int r; assert(t); if (unit_stop_pending(UNIT(t))) return; r = manager_add_job(UNIT(t)->manager, JOB_START, UNIT_TRIGGER(UNIT(t)), JOB_REPLACE, true, &error, NULL); if (r < 0) goto fail; dual_timestamp_get(&t->last_trigger); if (t->stamp_path) touch_file(t->stamp_path, true, t->last_trigger.realtime, UID_INVALID, GID_INVALID, 0); timer_set_state(t, TIMER_RUNNING); return; fail: log_unit_warning(UNIT(t), ""Failed to queue unit startup job: %s"", bus_error_message(&error, r)); timer_enter_dead(t, TIMER_FAILURE_RESOURCES); }",visit repo url,src/core/timer.c,https://github.com/systemd/systemd,43506916119490,1 187,[],"compat_sys_io_submit(aio_context_t ctx_id, int nr, u32 __user *iocb) { struct iocb __user * __user *iocb64; long ret; if (unlikely(nr < 0)) return -EINVAL; if (nr > MAX_AIO_SUBMITS) nr = MAX_AIO_SUBMITS; iocb64 = compat_alloc_user_space(nr * sizeof(*iocb64)); ret = copy_iocb(nr, iocb, iocb64); if (!ret) ret = sys_io_submit(ctx_id, nr, iocb64); return ret; }",linux-2.6,,,74950827494192264934506860816685247693,0 5528,CWE-125,"ast2obj_type_ignore(void* _o) { type_ignore_ty o = (type_ignore_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case TypeIgnore_kind: result = PyType_GenericNew(TypeIgnore_type, NULL, NULL); if (!result) goto failed; value = ast2obj_int(o->v.TypeIgnore.lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) == -1) goto failed; Py_DECREF(value); break; } return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,197629676551697,1 2947,CWE-59,"void lxc_execute_bind_init(struct lxc_conf *conf) { int ret; char path[PATH_MAX], destpath[PATH_MAX], *p; p = choose_init(conf->rootfs.mount); if (p) { free(p); return; } ret = snprintf(path, PATH_MAX, SBINDIR ""/init.lxc.static""); if (ret < 0 || ret >= PATH_MAX) { WARN(""Path name too long searching for lxc.init.static""); return; } if (!file_exists(path)) { INFO(""%s does not exist on host"", path); return; } ret = snprintf(destpath, PATH_MAX, ""%s%s"", conf->rootfs.mount, ""/init.lxc.static""); if (ret < 0 || ret >= PATH_MAX) { WARN(""Path name too long for container's lxc.init.static""); return; } if (!file_exists(destpath)) { FILE * pathfile = fopen(destpath, ""wb""); if (!pathfile) { SYSERROR(""Failed to create mount target '%s'"", destpath); return; } fclose(pathfile); } ret = mount(path, destpath, ""none"", MS_BIND, NULL); if (ret < 0) SYSERROR(""Failed to bind lxc.init.static into container""); INFO(""lxc.init.static bound into container at %s"", path); }",visit repo url,src/lxc/conf.c,https://github.com/lxc/lxc,32888628093303,1 1390,CWE-20,"struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags, int *peeked, int *off, int *err) { struct sk_buff *skb; long timeo; int error = sock_error(sk); if (error) goto no_packet; timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); do { unsigned long cpu_flags; struct sk_buff_head *queue = &sk->sk_receive_queue; spin_lock_irqsave(&queue->lock, cpu_flags); skb_queue_walk(queue, skb) { *peeked = skb->peeked; if (flags & MSG_PEEK) { if (*off >= skb->len) { *off -= skb->len; continue; } skb->peeked = 1; atomic_inc(&skb->users); } else __skb_unlink(skb, queue); spin_unlock_irqrestore(&queue->lock, cpu_flags); return skb; } spin_unlock_irqrestore(&queue->lock, cpu_flags); error = -EAGAIN; if (!timeo) goto no_packet; } while (!wait_for_packet(sk, err, &timeo)); return NULL; no_packet: *err = error; return NULL; }",visit repo url,net/core/datagram.c,https://github.com/torvalds/linux,137503915626016,1 2752,['CWE-189'],"int sctp_auth_recv_cid(sctp_cid_t chunk, const struct sctp_association *asoc) { if (!sctp_auth_enable || !asoc) return 0; return __sctp_auth_cid(chunk, (struct sctp_chunks_param *)asoc->c.auth_chunks); }",linux-2.6,,,87108991561112299017257179493080828073,0 5477,['CWE-476'],"void kvm_load_guest_fpu(struct kvm_vcpu *vcpu) { if (!vcpu->fpu_active || vcpu->guest_fpu_loaded) return; vcpu->guest_fpu_loaded = 1; kvm_fx_save(&vcpu->arch.host_fx_image); kvm_fx_restore(&vcpu->arch.guest_fx_image); }",linux-2.6,,,64504988339333847461327659771035699520,0 1478,[],"void aggregate_group_shares(struct task_group *tg, struct sched_domain *sd) { unsigned long shares = 0; int i; again: for_each_cpu_mask(i, sd->span) shares += tg->cfs_rq[i]->shares; if (unlikely(!shares && aggregate(tg, sd)->rq_weight)) { __aggregate_redistribute_shares(tg); goto again; } aggregate(tg, sd)->shares = shares; }",linux-2.6,,,292649833744838934197596946191163130732,0 944,['CWE-200'],"static inline int shmem_parse_mpol(char *value, int *policy, nodemask_t *policy_nodes) { char *nodelist = strchr(value, ':'); int err = 1; if (nodelist) { *nodelist++ = '\0'; if (nodelist_parse(nodelist, *policy_nodes)) goto out; if (!nodes_subset(*policy_nodes, node_states[N_HIGH_MEMORY])) goto out; } if (!strcmp(value, ""default"")) { *policy = MPOL_DEFAULT; if (!nodelist) err = 0; } else if (!strcmp(value, ""prefer"")) { *policy = MPOL_PREFERRED; if (nodelist) { char *rest = nodelist; while (isdigit(*rest)) rest++; if (!*rest) err = 0; } } else if (!strcmp(value, ""bind"")) { *policy = MPOL_BIND; if (nodelist) err = 0; } else if (!strcmp(value, ""interleave"")) { *policy = MPOL_INTERLEAVE; if (!nodelist) *policy_nodes = node_states[N_HIGH_MEMORY]; err = 0; } out: if (nodelist) *--nodelist = ':'; return err; }",linux-2.6,,,155493777917845989153150902102856077092,0 5394,['CWE-476'],"static int emulator_read_emulated(unsigned long addr, void *val, unsigned int bytes, struct kvm_vcpu *vcpu) { struct kvm_io_device *mmio_dev; gpa_t gpa; if (vcpu->mmio_read_completed) { memcpy(val, vcpu->mmio_data, bytes); vcpu->mmio_read_completed = 0; return X86EMUL_CONTINUE; } gpa = vcpu->arch.mmu.gva_to_gpa(vcpu, addr); if ((gpa & PAGE_MASK) == APIC_DEFAULT_PHYS_BASE) goto mmio; if (kvm_read_guest_virt(addr, val, bytes, vcpu) == X86EMUL_CONTINUE) return X86EMUL_CONTINUE; if (gpa == UNMAPPED_GVA) return X86EMUL_PROPAGATE_FAULT; mmio: mutex_lock(&vcpu->kvm->lock); mmio_dev = vcpu_find_mmio_dev(vcpu, gpa, bytes, 0); if (mmio_dev) { kvm_iodevice_read(mmio_dev, gpa, bytes, val); mutex_unlock(&vcpu->kvm->lock); return X86EMUL_CONTINUE; } mutex_unlock(&vcpu->kvm->lock); vcpu->mmio_needed = 1; vcpu->mmio_phys_addr = gpa; vcpu->mmio_size = bytes; vcpu->mmio_is_write = 0; return X86EMUL_UNHANDLEABLE; }",linux-2.6,,,152918666665745145050891672255268720820,0 3420,CWE-119,"static void finish_object(struct object *obj, struct strbuf *path, const char *name, void *cb_data) { struct rev_list_info *info = cb_data; if (obj->type == OBJ_BLOB && !has_object_file(&obj->oid)) die(""missing blob object '%s'"", oid_to_hex(&obj->oid)); if (info->revs->verify_objects && !obj->parsed && obj->type != OBJ_COMMIT) parse_object(obj->oid.hash); }",visit repo url,builtin/rev-list.c,https://github.com/git/git,124445513516221,1 1587,CWE-476,"int migrate_page_move_mapping(struct address_space *mapping, struct page *newpage, struct page *page, struct buffer_head *head, enum migrate_mode mode, int extra_count) { int expected_count = 1 + extra_count; void **pslot; if (!mapping) { if (page_count(page) != expected_count) return -EAGAIN; set_page_memcg(newpage, page_memcg(page)); newpage->index = page->index; newpage->mapping = page->mapping; if (PageSwapBacked(page)) SetPageSwapBacked(newpage); return MIGRATEPAGE_SUCCESS; } spin_lock_irq(&mapping->tree_lock); pslot = radix_tree_lookup_slot(&mapping->page_tree, page_index(page)); expected_count += 1 + page_has_private(page); if (page_count(page) != expected_count || radix_tree_deref_slot_protected(pslot, &mapping->tree_lock) != page) { spin_unlock_irq(&mapping->tree_lock); return -EAGAIN; } if (!page_freeze_refs(page, expected_count)) { spin_unlock_irq(&mapping->tree_lock); return -EAGAIN; } if (mode == MIGRATE_ASYNC && head && !buffer_migrate_lock_buffers(head, mode)) { page_unfreeze_refs(page, expected_count); spin_unlock_irq(&mapping->tree_lock); return -EAGAIN; } set_page_memcg(newpage, page_memcg(page)); newpage->index = page->index; newpage->mapping = page->mapping; if (PageSwapBacked(page)) SetPageSwapBacked(newpage); get_page(newpage); if (PageSwapCache(page)) { SetPageSwapCache(newpage); set_page_private(newpage, page_private(page)); } radix_tree_replace_slot(pslot, newpage); page_unfreeze_refs(page, expected_count - 1); __dec_zone_page_state(page, NR_FILE_PAGES); __inc_zone_page_state(newpage, NR_FILE_PAGES); if (!PageSwapCache(page) && PageSwapBacked(page)) { __dec_zone_page_state(page, NR_SHMEM); __inc_zone_page_state(newpage, NR_SHMEM); } spin_unlock_irq(&mapping->tree_lock); return MIGRATEPAGE_SUCCESS; }",visit repo url,mm/migrate.c,https://github.com/torvalds/linux,52061449138175,1 1505,CWE-20,"static inline int xsave_state(struct xsave_struct *fx, u64 mask) { u32 lmask = mask; u32 hmask = mask >> 32; int err = 0; alternative_input_2( ""1:""XSAVE, ""1:""XSAVEOPT, X86_FEATURE_XSAVEOPT, ""1:""XSAVES, X86_FEATURE_XSAVES, [fx] ""D"" (fx), ""a"" (lmask), ""d"" (hmask) : ""memory""); asm volatile(""2:\n\t"" xstate_fault : ""0"" (0) : ""memory""); return err; }",visit repo url,arch/x86/include/asm/xsave.h,https://github.com/torvalds/linux,71609023192248,1 3711,CWE-295,"x509_vfy_callback_indicate_success(X509_STORE_CTX *ctx) { return x509_vfy_internal_verify(ctx, 1); }",visit repo url,lib/libcrypto/x509/x509_vfy.c,https://github.com/openbsd/src,204988732105473,1 2716,[],"SCTP_STATIC int sctp_setsockopt_connectx_old(struct sock* sk, struct sockaddr __user *addrs, int addrs_size) { return __sctp_setsockopt_connectx(sk, addrs, addrs_size, NULL); }",linux-2.6,,,326222611503177501409207448091101693153,0 3686,[],"int hfs_cat_find_brec(struct super_block *sb, u32 cnid, struct hfs_find_data *fd) { hfs_cat_rec rec; int res, len, type; hfs_cat_build_key(sb, fd->search_key, cnid, NULL); res = hfs_brec_read(fd, &rec, sizeof(rec)); if (res) return res; type = rec.type; if (type != HFS_CDR_THD && type != HFS_CDR_FTH) { printk(KERN_ERR ""hfs: found bad thread record in catalog\n""); return -EIO; } fd->search_key->cat.ParID = rec.thread.ParID; len = fd->search_key->cat.CName.len = rec.thread.CName.len; if (len > HFS_NAMELEN) { printk(KERN_ERR ""hfs: bad catalog namelength\n""); return -EIO; } memcpy(fd->search_key->cat.CName.name, rec.thread.CName.name, len); return hfs_brec_find(fd); }",linux-2.6,,,78123133513677462438839504941786979267,0 5995,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedreader_24CompressedBufferedReader_4__reduce_cython__(struct __pyx_obj_17clickhouse_driver_14bufferedreader_CompressedBufferedReader *__pyx_v_self) { PyObject *__pyx_v_state = 0; PyObject *__pyx_v__dict = 0; int __pyx_v_use_setstate; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; int __pyx_t_4; int __pyx_t_5; int __pyx_t_6; __Pyx_RefNannySetupContext(""__reduce_cython__"", 0); __pyx_t_1 = PyInt_FromSsize_t(__pyx_v_self->__pyx_base.current_buffer_size); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = PyInt_FromSsize_t(__pyx_v_self->__pyx_base.position); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = PyTuple_New(4); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_INCREF(__pyx_v_self->__pyx_base.buffer); __Pyx_GIVEREF(__pyx_v_self->__pyx_base.buffer); PyTuple_SET_ITEM(__pyx_t_3, 0, __pyx_v_self->__pyx_base.buffer); __Pyx_GIVEREF(__pyx_t_1); PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_t_1); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_3, 2, __pyx_t_2); __Pyx_INCREF(__pyx_v_self->read_block); __Pyx_GIVEREF(__pyx_v_self->read_block); PyTuple_SET_ITEM(__pyx_t_3, 3, __pyx_v_self->read_block); __pyx_t_1 = 0; __pyx_t_2 = 0; __pyx_v_state = ((PyObject*)__pyx_t_3); __pyx_t_3 = 0; __pyx_t_3 = __Pyx_GetAttr3(((PyObject *)__pyx_v_self), __pyx_n_s_dict, Py_None); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_v__dict = __pyx_t_3; __pyx_t_3 = 0; __pyx_t_4 = (__pyx_v__dict != Py_None); __pyx_t_5 = (__pyx_t_4 != 0); if (__pyx_t_5) { __pyx_t_3 = PyTuple_New(1); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_INCREF(__pyx_v__dict); __Pyx_GIVEREF(__pyx_v__dict); PyTuple_SET_ITEM(__pyx_t_3, 0, __pyx_v__dict); __pyx_t_2 = PyNumber_InPlaceAdd(__pyx_v_state, __pyx_t_3); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF_SET(__pyx_v_state, ((PyObject*)__pyx_t_2)); __pyx_t_2 = 0; __pyx_v_use_setstate = 1; goto __pyx_L3; } { __pyx_t_4 = (__pyx_v_self->__pyx_base.buffer != ((PyObject*)Py_None)); __pyx_t_6 = (__pyx_t_4 != 0); if (!__pyx_t_6) { } else { __pyx_t_5 = __pyx_t_6; goto __pyx_L4_bool_binop_done; } __pyx_t_6 = (__pyx_v_self->read_block != Py_None); __pyx_t_4 = (__pyx_t_6 != 0); __pyx_t_5 = __pyx_t_4; __pyx_L4_bool_binop_done:; __pyx_v_use_setstate = __pyx_t_5; } __pyx_L3:; __pyx_t_5 = (__pyx_v_use_setstate != 0); if (__pyx_t_5) { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_pyx_unpickle_CompressedBuffere); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = PyTuple_New(3); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_3, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_25411819); __Pyx_GIVEREF(__pyx_int_25411819); PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_int_25411819); __Pyx_INCREF(Py_None); __Pyx_GIVEREF(Py_None); PyTuple_SET_ITEM(__pyx_t_3, 2, Py_None); __pyx_t_1 = PyTuple_New(3); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_1, 1, __pyx_t_3); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_1, 2, __pyx_v_state); __pyx_t_2 = 0; __pyx_t_3 = 0; __pyx_r = __pyx_t_1; __pyx_t_1 = 0; goto __pyx_L0; } { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_pyx_unpickle_CompressedBuffere); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_3 = PyTuple_New(3); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_3, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_25411819); __Pyx_GIVEREF(__pyx_int_25411819); PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_int_25411819); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_3, 2, __pyx_v_state); __pyx_t_2 = PyTuple_New(2); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_GIVEREF(__pyx_t_1); PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_t_3); __pyx_t_1 = 0; __pyx_t_3 = 0; __pyx_r = __pyx_t_2; __pyx_t_2 = 0; goto __pyx_L0; } __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.CompressedBufferedReader.__reduce_cython__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XDECREF(__pyx_v_state); __Pyx_XDECREF(__pyx_v__dict); __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,29644272220769,1 5196,['CWE-20'],"static int init_rmode_tss(struct kvm *kvm) { gfn_t fn = rmode_tss_base(kvm) >> PAGE_SHIFT; u16 data = 0; int ret = 0; int r; r = kvm_clear_guest_page(kvm, fn, 0, PAGE_SIZE); if (r < 0) goto out; data = TSS_BASE_SIZE + TSS_REDIRECTION_SIZE; r = kvm_write_guest_page(kvm, fn++, &data, TSS_IOPB_BASE_OFFSET, sizeof(u16)); if (r < 0) goto out; r = kvm_clear_guest_page(kvm, fn++, 0, PAGE_SIZE); if (r < 0) goto out; r = kvm_clear_guest_page(kvm, fn, 0, PAGE_SIZE); if (r < 0) goto out; data = ~0; r = kvm_write_guest_page(kvm, fn, &data, RMODE_TSS_SIZE - 2 * PAGE_SIZE - 1, sizeof(u8)); if (r < 0) goto out; ret = 1; out: return ret; }",linux-2.6,,,67726271431874781388064875399028558833,0 885,['CWE-200'],"static void shmem_put_super(struct super_block *sb) { kfree(sb->s_fs_info); sb->s_fs_info = NULL; }",linux-2.6,,,61257292063707822657657511669578828318,0 2244,['CWE-193'],"int pagecache_write_end(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned copied, struct page *page, void *fsdata) { const struct address_space_operations *aops = mapping->a_ops; int ret; if (aops->write_end) { mark_page_accessed(page); ret = aops->write_end(file, mapping, pos, len, copied, page, fsdata); } else { unsigned offset = pos & (PAGE_CACHE_SIZE - 1); struct inode *inode = mapping->host; flush_dcache_page(page); ret = aops->commit_write(file, page, offset, offset+len); unlock_page(page); mark_page_accessed(page); page_cache_release(page); if (ret < 0) { if (pos + len > inode->i_size) vmtruncate(inode, inode->i_size); } else if (ret > 0) ret = min_t(size_t, copied, ret); else ret = copied; } return ret; }",linux-2.6,,,103787926761011809307087102608339939517,0 6437,[],"lt_dlsym (lt_dlhandle place, const char *symbol) { size_t lensym; char lsym[LT_SYMBOL_LENGTH]; char *sym; void *address; lt_user_data data; lt_dlhandle handle; if (!place) { LT__SETERROR (INVALID_HANDLE); return 0; } handle = place; if (!symbol) { LT__SETERROR (SYMBOL_NOT_FOUND); return 0; } lensym = LT_STRLEN (symbol) + LT_STRLEN (handle->vtable->sym_prefix) + LT_STRLEN (handle->info.name); if (lensym + LT_SYMBOL_OVERHEAD < LT_SYMBOL_LENGTH) { sym = lsym; } else { sym = MALLOC (char, lensym + LT_SYMBOL_OVERHEAD + 1); if (!sym) { LT__SETERROR (BUFFER_OVERFLOW); return 0; } } data = handle->vtable->dlloader_data; if (handle->info.name) { const char *saved_error; LT__GETERROR (saved_error); if (handle->vtable->sym_prefix) { strcpy(sym, handle->vtable->sym_prefix); strcat(sym, handle->info.name); } else { strcpy(sym, handle->info.name); } strcat(sym, ""_LTX_""); strcat(sym, symbol); address = handle->vtable->find_sym (data, handle->module, sym); if (address) { if (sym != lsym) { FREE (sym); } return address; } LT__SETERRORSTR (saved_error); } if (handle->vtable->sym_prefix) { strcpy(sym, handle->vtable->sym_prefix); strcat(sym, symbol); } else { strcpy(sym, symbol); } address = handle->vtable->find_sym (data, handle->module, sym); if (sym != lsym) { FREE (sym); } return address; }",libtool,,,92279401259502595623052530955287505380,0 1203,CWE-400,"int do_mathemu(struct pt_regs *regs, struct task_struct *fpt) { int i; int retcode = 0; unsigned long insn; perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); #ifdef DEBUG_MATHEMU printk(""In do_mathemu()... pc is %08lx\n"", regs->pc); printk(""fpqdepth is %ld\n"", fpt->thread.fpqdepth); for (i = 0; i < fpt->thread.fpqdepth; i++) printk(""%d: %08lx at %08lx\n"", i, fpt->thread.fpqueue[i].insn, (unsigned long)fpt->thread.fpqueue[i].insn_addr); #endif if (fpt->thread.fpqdepth == 0) { #ifdef DEBUG_MATHEMU printk(""precise trap at %08lx\n"", regs->pc); #endif if (!get_user(insn, (u32 __user *) regs->pc)) { retcode = do_one_mathemu(insn, &fpt->thread.fsr, fpt->thread.float_regs); if (retcode) { regs->pc = regs->npc; regs->npc += 4; } } return retcode; } for (i = 0; i < fpt->thread.fpqdepth; i++) { retcode = do_one_mathemu(fpt->thread.fpqueue[i].insn, &(fpt->thread.fsr), fpt->thread.float_regs); if (!retcode) break; } if (retcode) fpt->thread.fsr &= ~(0x3000 | FSR_CEXC_MASK); else fpt->thread.fsr &= ~0x3000; fpt->thread.fpqdepth = 0; return retcode; }",visit repo url,arch/sparc/math-emu/math_32.c,https://github.com/torvalds/linux,165029538618982,1 5678,CWE-125,"pthread_mutex_unlock(pthread_mutex_t *mutex) { LeaveCriticalSection(mutex); return 0; }",visit repo url,include/compat/pthread.h,https://github.com/libressl-portable/portable,82411199462954,1 6282,CWE-295,"static int ssl_verify_cert(struct tunnel *tunnel) { int ret = -1; int cert_valid = 0; unsigned char digest[SHA256LEN]; unsigned int len; struct x509_digest *elem; char digest_str[SHA256STRLEN], *subject, *issuer; char *line; int i; X509_NAME *subj; char common_name[FIELD_SIZE + 1]; SSL_set_verify(tunnel->ssl_handle, SSL_VERIFY_PEER, NULL); X509 *cert = SSL_get_peer_certificate(tunnel->ssl_handle); if (cert == NULL) { log_error(""Unable to get gateway certificate.\n""); return 1; } subj = X509_get_subject_name(cert); #ifdef HAVE_X509_CHECK_HOST if (X509_check_host(cert, common_name, FIELD_SIZE, 0, NULL)) cert_valid = 1; #else if (subj && X509_NAME_get_text_by_NID(subj, NID_commonName, common_name, FIELD_SIZE) > 0 && strncasecmp(common_name, tunnel->config->gateway_host, FIELD_SIZE) == 0) cert_valid = 1; #endif if (cert_valid && SSL_get_verify_result(tunnel->ssl_handle) == X509_V_OK) { log_debug(""Gateway certificate validation succeeded.\n""); ret = 0; goto free_cert; } log_debug(""Gateway certificate validation failed.\n""); if (X509_digest(cert, EVP_sha256(), digest, &len) <= 0 || len != SHA256LEN) { log_error(""Could not compute certificate sha256 digest.\n""); goto free_cert; } for (i = 0; i < SHA256LEN; i++) sprintf(&digest_str[2 * i], ""%02x"", digest[i]); digest_str[SHA256STRLEN - 1] = '\0'; for (elem = tunnel->config->cert_whitelist; elem != NULL; elem = elem->next) if (memcmp(digest_str, elem->data, SHA256STRLEN - 1) == 0) break; if (elem != NULL) { log_debug(""Gateway certificate digest found in white list.\n""); ret = 0; goto free_cert; } subject = X509_NAME_oneline(subj, NULL, 0); issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); log_error(""Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:\n""); log_error("" --trusted-cert %s\n"", digest_str); log_error(""or add this line to your config file:\n""); log_error("" trusted-cert = %s\n"", digest_str); log_error(""Gateway certificate:\n""); log_error("" subject:\n""); for (line = strtok(subject, ""/""); line != NULL; line = strtok(NULL, ""/"")) log_error("" %s\n"", line); log_error("" issuer:\n""); for (line = strtok(issuer, ""/""); line != NULL; line = strtok(NULL, ""/"")) log_error("" %s\n"", line); log_error("" sha256 digest:\n""); log_error("" %s\n"", digest_str); free_cert: X509_free(cert); return ret; }",visit repo url,src/tunnel.c,https://github.com/adrienverge/openfortivpn,231486963473011,1 5224,['CWE-264'],"static bool unix_ex_wire_to_tagtype(unsigned char wire_tt, SMB_ACL_TAG_T *p_tt) { switch (wire_tt) { case SMB_POSIX_ACL_USER_OBJ: *p_tt = SMB_ACL_USER_OBJ; break; case SMB_POSIX_ACL_USER: *p_tt = SMB_ACL_USER; break; case SMB_POSIX_ACL_GROUP_OBJ: *p_tt = SMB_ACL_GROUP_OBJ; break; case SMB_POSIX_ACL_GROUP: *p_tt = SMB_ACL_GROUP; break; case SMB_POSIX_ACL_MASK: *p_tt = SMB_ACL_MASK; break; case SMB_POSIX_ACL_OTHER: *p_tt = SMB_ACL_OTHER; break; default: return False; } return True; }",samba,,,1356046671357440372741743789751565059,0 3415,CWE-119,"static void record_recent_object(struct object *obj, struct strbuf *path, const char *last, void *data) { sha1_array_append(&recent_objects, obj->oid.hash); }",visit repo url,builtin/pack-objects.c,https://github.com/git/git,63399151830367,1 5313,['CWE-119'],"static int tun_set_rx_csum(struct net_device *dev, u32 data) { struct tun_struct *tun = netdev_priv(dev); if (data) tun->flags &= ~TUN_NOCHECKSUM; else tun->flags |= TUN_NOCHECKSUM; return 0; }",linux-2.6,,,173433935657317087873265304658036886133,0 5683,CWE-404,"void AICast_ScriptLoad( void ) { char filename[MAX_QPATH]; vmCvar_t mapname; fileHandle_t f; int len; level.scriptAI = NULL; trap_Cvar_VariableStringBuffer( ""ai_scriptName"", filename, sizeof( filename ) ); if ( strlen( filename ) > 0 ) { trap_Cvar_Register( &mapname, ""ai_scriptName"", """", CVAR_ROM ); } else { trap_Cvar_Register( &mapname, ""mapname"", """", CVAR_SERVERINFO | CVAR_ROM ); } Q_strncpyz( filename, ""maps/"", sizeof( filename ) ); Q_strcat( filename, sizeof( filename ), mapname.string ); if ( g_gametype.integer <= GT_COOP ) { Q_strcat( filename, sizeof( filename ), "".coop.ai"" ); } else { Q_strcat( filename, sizeof( filename ), "".ai"" ); } len = trap_FS_FOpenFile( filename, &f, FS_READ ); G_Printf( ""Loading: %s\n"", filename ); if ( len < 0 ) { return; } level.scriptAI = G_Alloc( len ); trap_FS_Read( level.scriptAI, len, f ); trap_FS_FCloseFile( f ); return; }",visit repo url,code/game/ai_cast_script.c,https://github.com/rtcwcoop/rtcwcoop,193381275462651,1 3799,CWE-416,"compile_nested_function(exarg_T *eap, cctx_T *cctx, char_u **line_to_free) { int is_global = *eap->arg == 'g' && eap->arg[1] == ':'; char_u *name_start = eap->arg; char_u *name_end = to_name_end(eap->arg, TRUE); int off; char_u *func_name; char_u *lambda_name; ufunc_T *ufunc; int r = FAIL; compiletype_T compile_type; if (eap->forceit) { emsg(_(e_cannot_use_bang_with_nested_def)); return NULL; } if (*name_start == '/') { name_end = skip_regexp(name_start + 1, '/', TRUE); if (*name_end == '/') ++name_end; set_nextcmd(eap, name_end); } if (name_end == name_start || *skipwhite(name_end) != '(') { if (!ends_excmd2(name_start, name_end)) { semsg(_(e_invalid_command_str), eap->cmd); return NULL; } if (generate_DEF(cctx, name_start, name_end - name_start) == FAIL) return NULL; return eap->nextcmd == NULL ? (char_u *)"""" : eap->nextcmd; } if (name_start[1] == ':' && !is_global) { semsg(_(e_namespace_not_supported_str), name_start); return NULL; } if (check_defined(name_start, name_end - name_start, cctx, FALSE) == FAIL) return NULL; eap->arg = name_end; fill_exarg_from_cctx(eap, cctx); eap->forceit = FALSE; lambda_name = vim_strsave(get_lambda_name()); if (lambda_name == NULL) return NULL; off = is_global ? 2 : 0; func_name = vim_strnsave(name_start + off, name_end - name_start - off); if (func_name == NULL) { r = FAIL; goto theend; } ufunc = define_function(eap, lambda_name, line_to_free); if (ufunc == NULL) { r = eap->skip ? OK : FAIL; goto theend; } if (eap->nextcmd != NULL) { semsg(_(e_text_found_after_str_str), eap->cmdidx == CMD_def ? ""enddef"" : ""endfunction"", eap->nextcmd); r = FAIL; func_ptr_unref(ufunc); goto theend; } if (!is_global && cctx->ctx_ufunc->uf_block_depth > 0) { int block_depth = cctx->ctx_ufunc->uf_block_depth; ufunc->uf_block_ids = ALLOC_MULT(int, block_depth); if (ufunc->uf_block_ids != NULL) { mch_memmove(ufunc->uf_block_ids, cctx->ctx_ufunc->uf_block_ids, sizeof(int) * block_depth); ufunc->uf_block_depth = block_depth; } } compile_type = COMPILE_TYPE(ufunc); #ifdef FEAT_PROFILE if (cctx->ctx_compile_type == CT_PROFILE) compile_type = CT_PROFILE; #endif if (func_needs_compiling(ufunc, compile_type) && compile_def_function(ufunc, TRUE, compile_type, cctx) == FAIL) { func_ptr_unref(ufunc); goto theend; } #ifdef FEAT_PROFILE if (compile_type == CT_PROFILE && func_needs_compiling(ufunc, CT_NONE)) compile_def_function(ufunc, FALSE, CT_NONE, cctx); #endif if (is_global) { r = generate_NEWFUNC(cctx, lambda_name, func_name); func_name = NULL; lambda_name = NULL; } else { lvar_T *lvar = reserve_local(cctx, func_name, name_end - name_start, TRUE, ufunc->uf_func_type); if (lvar == NULL) goto theend; if (generate_FUNCREF(cctx, ufunc) == FAIL) goto theend; r = generate_STORE(cctx, ISN_STORE, lvar->lv_idx, NULL); } theend: vim_free(lambda_name); vim_free(func_name); return r == FAIL ? NULL : (char_u *)""""; }",visit repo url,src/vim9compile.c,https://github.com/vim/vim,173982359630734,1 3529,['CWE-20'],"static int sctp_process_missing_param(const struct sctp_association *asoc, sctp_param_t paramtype, struct sctp_chunk *chunk, struct sctp_chunk **errp) { struct __sctp_missing report; __u16 len; len = WORD_ROUND(sizeof(report)); if (!*errp) *errp = sctp_make_op_error_space(asoc, chunk, len); if (*errp) { report.num_missing = htonl(1); report.type = paramtype; sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, sizeof(report)); sctp_addto_chunk(*errp, sizeof(report), &report); } return 0; }",linux-2.6,,,133903559036119978622028201758808112064,0 6580,['CWE-200'],"nm_applet_new (GMainLoop *loop) { return g_object_new (NM_TYPE_APPLET, ""loop"", loop, NULL); }",network-manager-applet,,,218776180046575452873759299515625162822,0 1208,CWE-400,"static int intel_pmu_drain_bts_buffer(void) { struct cpu_hw_events *cpuc = &__get_cpu_var(cpu_hw_events); struct debug_store *ds = cpuc->ds; struct bts_record { u64 from; u64 to; u64 flags; }; struct perf_event *event = cpuc->events[X86_PMC_IDX_FIXED_BTS]; struct bts_record *at, *top; struct perf_output_handle handle; struct perf_event_header header; struct perf_sample_data data; struct pt_regs regs; if (!event) return 0; if (!x86_pmu.bts_active) return 0; at = (struct bts_record *)(unsigned long)ds->bts_buffer_base; top = (struct bts_record *)(unsigned long)ds->bts_index; if (top <= at) return 0; ds->bts_index = ds->bts_buffer_base; perf_sample_data_init(&data, 0); data.period = event->hw.last_period; regs.ip = 0; perf_prepare_sample(&header, &data, event, ®s); if (perf_output_begin(&handle, event, header.size * (top - at), 1, 1)) return 1; for (; at < top; at++) { data.ip = at->from; data.addr = at->to; perf_output_sample(&handle, &header, &data, event); } perf_output_end(&handle); event->hw.interrupts++; event->pending_kill = POLL_IN; return 1; }",visit repo url,arch/x86/kernel/cpu/perf_event_intel_ds.c,https://github.com/torvalds/linux,164389724254388,1 36,['CWE-787'],"static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s) { int copy_count; uint8_t *end_ptr; if (s->cirrus_srccounter > 0) { if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) { cirrus_bitblt_common_patterncopy(s, s->cirrus_bltbuf); the_end: s->cirrus_srccounter = 0; cirrus_bitblt_reset(s); } else { do { (*s->cirrus_rop)(s, s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1); cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0, s->cirrus_blt_width, 1); s->cirrus_blt_dstaddr += s->cirrus_blt_dstpitch; s->cirrus_srccounter -= s->cirrus_blt_srcpitch; if (s->cirrus_srccounter <= 0) goto the_end; end_ptr = s->cirrus_bltbuf + s->cirrus_blt_srcpitch; copy_count = s->cirrus_srcptr_end - end_ptr; memmove(s->cirrus_bltbuf, end_ptr, copy_count); s->cirrus_srcptr = s->cirrus_bltbuf + copy_count; s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch; } while (s->cirrus_srcptr >= s->cirrus_srcptr_end); } } }",qemu,,,133095023541236296864842176854564042681,0 329,CWE-190,"int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { int ret = proc_dointvec(table, write, buffer, lenp, ppos); if (ret || !write) return ret; if (sysctl_perf_cpu_time_max_percent == 100 || sysctl_perf_cpu_time_max_percent == 0) { printk(KERN_WARNING ""perf: Dynamic interrupt throttling disabled, can hang your system!\n""); WRITE_ONCE(perf_sample_allowed_ns, 0); } else { update_perf_cpu_limits(); } return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,21881491734897,1 3796,CWE-416,"ex_function(exarg_T *eap) { char_u *line_to_free = NULL; (void)define_function(eap, NULL, &line_to_free); vim_free(line_to_free); }",visit repo url,src/userfunc.c,https://github.com/vim/vim,184618977795621,1 3030,['CWE-189'],"void jas_matrix_destroy(jas_matrix_t *matrix) { if (matrix->data_) { assert(!(matrix->flags_ & JAS_MATRIX_REF)); jas_free(matrix->data_); matrix->data_ = 0; } if (matrix->rows_) { jas_free(matrix->rows_); matrix->rows_ = 0; } jas_free(matrix); }",jasper,,,164540231290098025004224951868050578681,0 5798,CWE-125,"snmp_mib_find_next(uint32_t *oid) { snmp_mib_resource_t *resource; resource = NULL; for(resource = list_head(snmp_mib); resource; resource = resource->next) { if(snmp_oid_cmp_oid(resource->oid, oid) > 0) { return resource; } } return NULL; }",visit repo url,os/net/app-layer/snmp/snmp-mib.c,https://github.com/contiki-ng/contiki-ng,44850883381873,1 5791,CWE-125,"snmp_ber_encode_integer(unsigned char *out, uint32_t *out_len, uint32_t number) { uint32_t original_out_len; original_out_len = *out_len; do { (*out_len)++; *out-- = (uint8_t)(number & 0xFF); number >>= 8; } while(number); out = snmp_ber_encode_length(out, out_len, ((*out_len - original_out_len) & 0xFF)); out = snmp_ber_encode_type(out, out_len, BER_DATA_TYPE_INTEGER); return out; }",visit repo url,os/net/app-layer/snmp/snmp-ber.c,https://github.com/contiki-ng/contiki-ng,8544750850054,1 593,CWE-264,"static void *arm_coherent_dma_alloc(struct device *dev, size_t size, dma_addr_t *handle, gfp_t gfp, struct dma_attrs *attrs) { pgprot_t prot = __get_dma_pgprot(attrs, pgprot_kernel); void *memory; if (dma_alloc_from_coherent(dev, size, handle, &memory)) return memory; return __dma_alloc(dev, size, handle, gfp, prot, true, __builtin_return_address(0)); }",visit repo url,arch/arm/mm/dma-mapping.c,https://github.com/torvalds/linux,131058730092997,1 4041,['CWE-362'],"int inotify_rm_wd(struct inotify_handle *ih, u32 wd) { struct inotify_watch *watch; struct super_block *sb; struct inode *inode; int how; mutex_lock(&ih->mutex); watch = idr_find(&ih->idr, wd); if (unlikely(!watch)) { mutex_unlock(&ih->mutex); return -EINVAL; } sb = watch->inode->i_sb; how = pin_to_kill(ih, watch); if (!how) return 0; inode = watch->inode; mutex_lock(&inode->inotify_mutex); mutex_lock(&ih->mutex); if (likely(idr_find(&ih->idr, wd) == watch)) inotify_remove_watch_locked(ih, watch); mutex_unlock(&ih->mutex); mutex_unlock(&inode->inotify_mutex); unpin_and_kill(watch, how); return 0; }",linux-2.6,,,128053184645923775381565933273401447577,0 5612,CWE-125,"ast_for_arguments(struct compiling *c, const node *n) { int i, j, k, nposargs = 0, nkwonlyargs = 0; int nposdefaults = 0, found_default = 0; asdl_seq *posargs, *posdefaults, *kwonlyargs, *kwdefaults; arg_ty vararg = NULL, kwarg = NULL; arg_ty arg; node *ch; if (TYPE(n) == parameters) { if (NCH(n) == 2) return arguments(NULL, NULL, NULL, NULL, NULL, NULL, c->c_arena); n = CHILD(n, 1); } assert(TYPE(n) == typedargslist || TYPE(n) == varargslist); for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == STAR) { i++; if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { i++; } break; } if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == vfpdef || TYPE(ch) == tfpdef) nposargs++; if (TYPE(ch) == EQUAL) nposdefaults++; } for ( ; i < NCH(n); ++i) { ch = CHILD(n, i); if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == tfpdef || TYPE(ch) == vfpdef) nkwonlyargs++; } posargs = (nposargs ? _Ta3_asdl_seq_new(nposargs, c->c_arena) : NULL); if (!posargs && nposargs) return NULL; kwonlyargs = (nkwonlyargs ? _Ta3_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwonlyargs && nkwonlyargs) return NULL; posdefaults = (nposdefaults ? _Ta3_asdl_seq_new(nposdefaults, c->c_arena) : NULL); if (!posdefaults && nposdefaults) return NULL; kwdefaults = (nkwonlyargs ? _Ta3_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwdefaults && nkwonlyargs) return NULL; if (nposargs + nkwonlyargs > 255) { ast_error(c, n, ""more than 255 arguments""); return NULL; } i = 0; j = 0; k = 0; while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case tfpdef: case vfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expr_ty expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) return NULL; assert(posdefaults != NULL); asdl_seq_SET(posdefaults, j++, expression); i += 2; found_default = 1; } else if (found_default) { ast_error(c, n, ""non-default argument follows default argument""); return NULL; } arg = ast_for_arg(c, ch); if (!arg) return NULL; asdl_seq_SET(posargs, k++, arg); i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; break; case STAR: if (i+1 >= NCH(n) || (i+2 == NCH(n) && (TYPE(CHILD(n, i+1)) == COMMA || TYPE(CHILD(n, i+1)) == TYPE_COMMENT))) { ast_error(c, CHILD(n, i), ""named arguments must follow bare *""); return NULL; } ch = CHILD(n, i+1); if (TYPE(ch) == COMMA) { int res = 0; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { ast_error(c, CHILD(n, i), ""bare * has associated type comment""); return NULL; } res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } else { vararg = ast_for_arg(c, ch); if (!vararg) return NULL; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { vararg->type_comment = NEW_TYPE_COMMENT(CHILD(n, i)); i += 1; } if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { int res = 0; res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } } break; case DOUBLESTAR: ch = CHILD(n, i+1); assert(TYPE(ch) == tfpdef || TYPE(ch) == vfpdef); kwarg = ast_for_arg(c, ch); if (!kwarg) return NULL; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; break; case TYPE_COMMENT: assert(i); if (kwarg) arg = kwarg; arg->type_comment = NEW_TYPE_COMMENT(ch); i += 1; break; default: PyErr_Format(PyExc_SystemError, ""unexpected node in varargslist: %d @ %d"", TYPE(ch), i); return NULL; } } return arguments(posargs, vararg, kwonlyargs, kwdefaults, kwarg, posdefaults, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,120752446262511,1 6187,CWE-190,"void fb_set_bit(fb_t a, int bit, int value) { int d; dig_t mask; RLC_RIP(bit, d, bit); mask = (dig_t)1 << bit; if (value == 1) { a[d] |= mask; } else { a[d] &= ~mask; } }",visit repo url,src/fb/relic_fb_util.c,https://github.com/relic-toolkit/relic,222410151496496,1 5685,CWE-416,"void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) { COMPS_HSList *tmplist, *tmp_subnodes; COMPS_HSListItem *it, *it2; struct Pair { COMPS_HSList * subnodes; char * key; char added; } *pair, *parent_pair; pair = malloc(sizeof(struct Pair)); pair->subnodes = rt2->subnodes; pair->key = NULL; tmplist = comps_hslist_create(); comps_hslist_init(tmplist, NULL, NULL, &free); comps_hslist_append(tmplist, pair, 0); while (tmplist->first != NULL) { it = tmplist->first; comps_hslist_remove(tmplist, tmplist->first); tmp_subnodes = ((struct Pair*)it->data)->subnodes; parent_pair = (struct Pair*) it->data; free(it); pair->added = 0; for (it = tmp_subnodes->first; it != NULL; it=it->next) { pair = malloc(sizeof(struct Pair)); pair->subnodes = ((COMPS_MRTreeData*)it->data)->subnodes; if (parent_pair->key != NULL) { pair->key = malloc(sizeof(char) * (strlen(((COMPS_MRTreeData*)it->data)->key) + strlen(parent_pair->key) + 1)); memcpy(pair->key, parent_pair->key, sizeof(char) * strlen(parent_pair->key)); memcpy(pair->key+strlen(parent_pair->key), ((COMPS_MRTreeData*)it->data)->key, sizeof(char)*(strlen(((COMPS_MRTreeData*)it->data)->key)+1)); } else { pair->key = malloc(sizeof(char)* (strlen(((COMPS_MRTreeData*)it->data)->key) + 1)); memcpy(pair->key, ((COMPS_MRTreeData*)it->data)->key, sizeof(char)*(strlen(((COMPS_MRTreeData*)it->data)->key)+1)); } if (((COMPS_MRTreeData*)it->data)->data->first != NULL) { for (it2 = ((COMPS_MRTreeData*)it->data)->data->first; it2 != NULL; it2 = it2->next) { comps_mrtree_set(rt1, pair->key, it2->data); } if (((COMPS_MRTreeData*)it->data)->subnodes->first) { comps_hslist_append(tmplist, pair, 0); } else { free(pair->key); free(pair); } } else { if (((COMPS_MRTreeData*)it->data)->subnodes->first) { comps_hslist_append(tmplist, pair, 0); } else { free(pair->key); free(pair); } } } free(parent_pair->key); free(parent_pair); } comps_hslist_destroy(&tmplist); }",visit repo url,libcomps/src/comps_mradix.c,https://github.com/rpm-software-management/libcomps,30088606386583,1 1872,['CWE-189'],"_gnutls_copy_comp_methods (gnutls_session_t session, opaque * ret_data, size_t ret_data_size) { int ret, i; uint8_t *compression_methods, comp_num; int datalen, pos; ret = _gnutls_supported_compression_methods (session, &compression_methods); if (ret < 0) { gnutls_assert (); return ret; } comp_num = ret; datalen = pos = 0; datalen += comp_num + 1; if ((size_t) datalen > ret_data_size) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } ret_data[pos++] = comp_num; for (i = 0; i < comp_num; i++) { ret_data[pos++] = compression_methods[i]; } gnutls_free (compression_methods); return datalen; }",gnutls,,,201535816437954066756288383691954378366,0 2371,['CWE-200'],"snd_seq_oss_synth_is_valid(struct seq_oss_devinfo *dp, int dev) { struct seq_oss_synth *rec; rec = get_synthdev(dp, dev); if (rec) { snd_use_lock_free(&rec->use_lock); return 1; } return 0; }",linux-2.6,,,144517854048292177968573436290472661253,0 1736,CWE-254,"static unsigned long mmap_legacy_base(unsigned long rnd) { if (mmap_is_ia32()) return TASK_UNMAPPED_BASE; else return TASK_UNMAPPED_BASE + rnd; }",visit repo url,arch/x86/mm/mmap.c,https://github.com/torvalds/linux,3790545551076,1 2624,CWE-190,"static inline void write_s3row_data( const entity_stage3_row *r, unsigned orig_cp, enum entity_charset charset, zval *arr) { char key[9] = """"; char entity[LONGEST_ENTITY_LENGTH + 2] = {'&'}; size_t written_k1; written_k1 = write_octet_sequence(key, charset, orig_cp); if (!r->ambiguous) { size_t l = r->data.ent.entity_len; memcpy(&entity[1], r->data.ent.entity, l); entity[l + 1] = ';'; add_assoc_stringl_ex(arr, key, written_k1 + 1, entity, l + 2, 1); } else { unsigned i, num_entries; const entity_multicodepoint_row *mcpr = r->data.multicodepoint_table; if (mcpr[0].leading_entry.default_entity != NULL) { size_t l = mcpr[0].leading_entry.default_entity_len; memcpy(&entity[1], mcpr[0].leading_entry.default_entity, l); entity[l + 1] = ';'; add_assoc_stringl_ex(arr, key, written_k1 + 1, entity, l + 2, 1); } num_entries = mcpr[0].leading_entry.size; for (i = 1; i <= num_entries; i++) { size_t l, written_k2; unsigned uni_cp, spe_cp; uni_cp = mcpr[i].normal_entry.second_cp; l = mcpr[i].normal_entry.entity_len; if (!CHARSET_UNICODE_COMPAT(charset)) { if (map_from_unicode(uni_cp, charset, &spe_cp) == FAILURE) continue; } else { spe_cp = uni_cp; } written_k2 = write_octet_sequence(&key[written_k1], charset, spe_cp); memcpy(&entity[1], mcpr[i].normal_entry.entity, l); entity[l + 1] = ';'; entity[l + 1] = '\0'; add_assoc_stringl_ex(arr, key, written_k1 + written_k2 + 1, entity, l + 1, 1); } } }",visit repo url,ext/standard/html.c,https://github.com/php/php-src,24897841844003,1 519,CWE-119,"static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) { struct bpf_reg_state *regs = cur_regs(env); u8 opcode = BPF_OP(insn->code); int err; if (opcode == BPF_END || opcode == BPF_NEG) { if (opcode == BPF_NEG) { if (BPF_SRC(insn->code) != 0 || insn->src_reg != BPF_REG_0 || insn->off != 0 || insn->imm != 0) { verbose(env, ""BPF_NEG uses reserved fields\n""); return -EINVAL; } } else { if (insn->src_reg != BPF_REG_0 || insn->off != 0 || (insn->imm != 16 && insn->imm != 32 && insn->imm != 64) || BPF_CLASS(insn->code) == BPF_ALU64) { verbose(env, ""BPF_END uses reserved fields\n""); return -EINVAL; } } err = check_reg_arg(env, insn->dst_reg, SRC_OP); if (err) return err; if (is_pointer_value(env, insn->dst_reg)) { verbose(env, ""R%d pointer arithmetic prohibited\n"", insn->dst_reg); return -EACCES; } err = check_reg_arg(env, insn->dst_reg, DST_OP); if (err) return err; } else if (opcode == BPF_MOV) { if (BPF_SRC(insn->code) == BPF_X) { if (insn->imm != 0 || insn->off != 0) { verbose(env, ""BPF_MOV uses reserved fields\n""); return -EINVAL; } err = check_reg_arg(env, insn->src_reg, SRC_OP); if (err) return err; } else { if (insn->src_reg != BPF_REG_0 || insn->off != 0) { verbose(env, ""BPF_MOV uses reserved fields\n""); return -EINVAL; } } err = check_reg_arg(env, insn->dst_reg, DST_OP); if (err) return err; if (BPF_SRC(insn->code) == BPF_X) { if (BPF_CLASS(insn->code) == BPF_ALU64) { regs[insn->dst_reg] = regs[insn->src_reg]; regs[insn->dst_reg].live |= REG_LIVE_WRITTEN; } else { if (is_pointer_value(env, insn->src_reg)) { verbose(env, ""R%d partial copy of pointer\n"", insn->src_reg); return -EACCES; } mark_reg_unknown(env, regs, insn->dst_reg); regs[insn->dst_reg].var_off = tnum_cast( regs[insn->dst_reg].var_off, 4); __update_reg_bounds(®s[insn->dst_reg]); } } else { regs[insn->dst_reg].type = SCALAR_VALUE; if (BPF_CLASS(insn->code) == BPF_ALU64) { __mark_reg_known(regs + insn->dst_reg, insn->imm); } else { __mark_reg_known(regs + insn->dst_reg, (u32)insn->imm); } } } else if (opcode > BPF_END) { verbose(env, ""invalid BPF_ALU opcode %x\n"", opcode); return -EINVAL; } else { if (BPF_SRC(insn->code) == BPF_X) { if (insn->imm != 0 || insn->off != 0) { verbose(env, ""BPF_ALU uses reserved fields\n""); return -EINVAL; } err = check_reg_arg(env, insn->src_reg, SRC_OP); if (err) return err; } else { if (insn->src_reg != BPF_REG_0 || insn->off != 0) { verbose(env, ""BPF_ALU uses reserved fields\n""); return -EINVAL; } } err = check_reg_arg(env, insn->dst_reg, SRC_OP); if (err) return err; if ((opcode == BPF_MOD || opcode == BPF_DIV) && BPF_SRC(insn->code) == BPF_K && insn->imm == 0) { verbose(env, ""div by zero\n""); return -EINVAL; } if ((opcode == BPF_LSH || opcode == BPF_RSH || opcode == BPF_ARSH) && BPF_SRC(insn->code) == BPF_K) { int size = BPF_CLASS(insn->code) == BPF_ALU64 ? 64 : 32; if (insn->imm < 0 || insn->imm >= size) { verbose(env, ""invalid shift %d\n"", insn->imm); return -EINVAL; } } err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); if (err) return err; return adjust_reg_min_max_vals(env, insn); } return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,200329745920793,1 2377,['CWE-119'],"static int parse_funcname_pattern(const char *var, const char *ep, const char *value) { const char *name; int namelen; struct funcname_pattern *pp; name = var + 5; namelen = ep - name; for (pp = funcname_pattern_list; pp; pp = pp->next) if (!strncmp(pp->name, name, namelen) && !pp->name[namelen]) break; if (!pp) { pp = xcalloc(1, sizeof(*pp)); pp->name = xmemdupz(name, namelen); pp->next = funcname_pattern_list; funcname_pattern_list = pp; } free(pp->pattern); pp->pattern = xstrdup(value); return 0; }",git,,,125737755001517027216922429077698419785,0 1219,CWE-400,"static void do_perf_sw_event(enum perf_type_id type, u32 event_id, u64 nr, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { struct swevent_htable *swhash = &__get_cpu_var(swevent_htable); struct perf_event *event; struct hlist_node *node; struct hlist_head *head; rcu_read_lock(); head = find_swevent_head_rcu(swhash, type, event_id); if (!head) goto end; hlist_for_each_entry_rcu(event, node, head, hlist_entry) { if (perf_swevent_match(event, type, event_id, data, regs)) perf_swevent_event(event, nr, nmi, data, regs); } end: rcu_read_unlock(); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,169412233753328,1 3116,CWE-119,"bool extract_sockaddr(char *url, char **sockaddr_url, char **sockaddr_port) { char *url_begin, *url_end, *ipv6_begin, *ipv6_end, *port_start = NULL; char url_address[256], port[6]; int url_len, port_len = 0; *sockaddr_url = url; url_begin = strstr(url, ""//""); if (!url_begin) url_begin = url; else url_begin += 2; ipv6_begin = strstr(url_begin, ""[""); ipv6_end = strstr(url_begin, ""]""); if (ipv6_begin && ipv6_end && ipv6_end > ipv6_begin) url_end = strstr(ipv6_end, "":""); else url_end = strstr(url_begin, "":""); if (url_end) { url_len = url_end - url_begin; port_len = strlen(url_begin) - url_len - 1; if (port_len < 1) return false; port_start = url_end + 1; } else url_len = strlen(url_begin); if (url_len < 1) return false; sprintf(url_address, ""%.*s"", url_len, url_begin); if (port_len) { char *slash; snprintf(port, 6, ""%.*s"", port_len, port_start); slash = strchr(port, '/'); if (slash) *slash = '\0'; } else strcpy(port, ""80""); *sockaddr_port = strdup(port); *sockaddr_url = strdup(url_address); return true; }",visit repo url,util.c,https://github.com/ckolivas/cgminer,141653320381313,1 2338,['CWE-120'],"static int __open_namei_create(struct nameidata *nd, struct path *path, int flag, int mode) { int error; struct dentry *dir = nd->path.dentry; if (!IS_POSIXACL(dir->d_inode)) mode &= ~current->fs->umask; error = vfs_create(dir->d_inode, path->dentry, mode, nd); mutex_unlock(&dir->d_inode->i_mutex); dput(nd->path.dentry); nd->path.dentry = path->dentry; if (error) return error; return may_open(nd, 0, flag & ~O_TRUNC); }",linux-2.6,,,186918897567574240000038458312176359829,0 3383,CWE-772,"static Image *ReadOneJNGImage(MngInfo *mng_info, const ImageInfo *image_info, ExceptionInfo *exception) { Image *alpha_image, *color_image, *image, *jng_image; ImageInfo *alpha_image_info, *color_image_info; MagickBooleanType logging; ssize_t y; MagickBooleanType status; png_uint_32 jng_height, jng_width; png_byte jng_color_type, jng_image_sample_depth, jng_image_compression_method, jng_image_interlace_method, jng_alpha_sample_depth, jng_alpha_compression_method, jng_alpha_filter_method, jng_alpha_interlace_method; register const Quantum *s; register ssize_t i, x; register Quantum *q; register unsigned char *p; unsigned int read_JSEP, reading_idat; size_t length; jng_alpha_compression_method=0; jng_alpha_sample_depth=8; jng_color_type=0; jng_height=0; jng_width=0; alpha_image=(Image *) NULL; color_image=(Image *) NULL; alpha_image_info=(ImageInfo *) NULL; color_image_info=(ImageInfo *) NULL; logging=LogMagickEvent(CoderEvent,GetMagickModule(), "" Enter ReadOneJNGImage()""); image=mng_info->image; if (GetAuthenticPixelQueue(image) != (Quantum *) NULL) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" AcquireNextImage()""); AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) return(DestroyImageList(image)); image=SyncNextImageInList(image); } mng_info->image=image; read_JSEP=MagickFalse; reading_idat=MagickFalse; for (;;) { char type[MagickPathExtent]; unsigned char *chunk; unsigned int count; status=SetImageProgress(image,LoadImagesTag,TellBlob(image), 2*GetBlobSize(image)); if (status == MagickFalse) break; type[0]='\0'; (void) ConcatenateMagickString(type,""errr"",MagickPathExtent); length=ReadBlobMSBLong(image); count=(unsigned int) ReadBlob(image,4,(unsigned char *) type); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading JNG chunk type %c%c%c%c, length: %.20g"", type[0],type[1],type[2],type[3],(double) length); if (length > PNG_UINT_31_MAX || count == 0) ThrowReaderException(CorruptImageError,""CorruptImage""); p=NULL; chunk=(unsigned char *) NULL; if (length != 0) { if (length > GetBlobSize(image)) ThrowReaderException(CorruptImageError,""InsufficientImageDataInFile""); chunk=(unsigned char *) AcquireQuantumMemory(length+MagickPathExtent, sizeof(*chunk)); if (chunk == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); for (i=0; i < (ssize_t) length; i++) { int c; c=ReadBlobByte(image); if (c == EOF) break; chunk[i]=(unsigned char) c; } p=chunk; } (void) ReadBlobMSBLong(image); if (memcmp(type,mng_JHDR,4) == 0) { if (length == 16) { jng_width=(size_t) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); jng_height=(size_t) ((p[4] << 24) | (p[5] << 16) | (p[6] << 8) | p[7]); if ((jng_width == 0) || (jng_height == 0)) ThrowReaderException(CorruptImageError, ""NegativeOrZeroImageSize""); jng_color_type=p[8]; jng_image_sample_depth=p[9]; jng_image_compression_method=p[10]; jng_image_interlace_method=p[11]; image->interlace=jng_image_interlace_method != 0 ? PNGInterlace : NoInterlace; jng_alpha_sample_depth=p[12]; jng_alpha_compression_method=p[13]; jng_alpha_filter_method=p[14]; jng_alpha_interlace_method=p[15]; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_width: %16lu, jng_height: %16lu\n"" "" jng_color_type: %16d, jng_image_sample_depth: %3d\n"" "" jng_image_compression_method:%3d"", (unsigned long) jng_width, (unsigned long) jng_height, jng_color_type, jng_image_sample_depth, jng_image_compression_method); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_image_interlace_method: %3d"" "" jng_alpha_sample_depth: %3d"", jng_image_interlace_method, jng_alpha_sample_depth); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" jng_alpha_compression_method:%3d\n"" "" jng_alpha_filter_method: %3d\n"" "" jng_alpha_interlace_method: %3d"", jng_alpha_compression_method, jng_alpha_filter_method, jng_alpha_interlace_method); } } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if ((reading_idat == MagickFalse) && (read_JSEP == MagickFalse) && ((memcmp(type,mng_JDAT,4) == 0) || (memcmp(type,mng_JdAA,4) == 0) || (memcmp(type,mng_IDAT,4) == 0) || (memcmp(type,mng_JDAA,4) == 0))) { color_image_info=(ImageInfo *)AcquireMagickMemory(sizeof(ImageInfo)); if (color_image_info == (ImageInfo *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); GetImageInfo(color_image_info); color_image=AcquireImage(color_image_info,exception); if (color_image == (Image *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Creating color_blob.""); (void) AcquireUniqueFilename(color_image->filename); status=OpenBlob(color_image_info,color_image,WriteBinaryBlobMode, exception); if (status == MagickFalse) { color_image=DestroyImage(color_image); return(DestroyImageList(image)); } if ((image_info->ping == MagickFalse) && (jng_color_type >= 12)) { alpha_image_info=(ImageInfo *) AcquireMagickMemory(sizeof(ImageInfo)); if (alpha_image_info == (ImageInfo *) NULL) { color_image=DestroyImage(color_image); ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } GetImageInfo(alpha_image_info); alpha_image=AcquireImage(alpha_image_info,exception); if (alpha_image == (Image *) NULL) { alpha_image_info=DestroyImageInfo(alpha_image_info); color_image=DestroyImage(color_image); ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Creating alpha_blob.""); (void) AcquireUniqueFilename(alpha_image->filename); status=OpenBlob(alpha_image_info,alpha_image,WriteBinaryBlobMode, exception); if (status == MagickFalse) { alpha_image=DestroyImage(alpha_image); alpha_image_info=DestroyImageInfo(alpha_image_info); color_image=DestroyImage(color_image); return(DestroyImageList(image)); } if (jng_alpha_compression_method == 0) { unsigned char data[18]; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing IHDR chunk to alpha_blob.""); (void) WriteBlob(alpha_image,8,(const unsigned char *) ""\211PNG\r\n\032\n""); (void) WriteBlobMSBULong(alpha_image,13L); PNGType(data,mng_IHDR); LogPNGChunk(logging,mng_IHDR,13L); PNGLong(data+4,jng_width); PNGLong(data+8,jng_height); data[12]=jng_alpha_sample_depth; data[13]=0; data[14]=0; data[15]=0; data[16]=0; (void) WriteBlob(alpha_image,17,data); (void) WriteBlobMSBULong(alpha_image,crc32(0,data,17)); } } reading_idat=MagickTrue; } if (memcmp(type,mng_JDAT,4) == 0) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying JDAT chunk data to color_blob.""); if (length != 0) { (void) WriteBlob(color_image,length,chunk); chunk=(unsigned char *) RelinquishMagickMemory(chunk); } continue; } if (memcmp(type,mng_IDAT,4) == 0) { png_byte data[5]; if (alpha_image != NULL && image_info->ping == MagickFalse) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying IDAT chunk data to alpha_blob.""); (void) WriteBlobMSBULong(alpha_image,(size_t) length); PNGType(data,mng_IDAT); LogPNGChunk(logging,mng_IDAT,length); (void) WriteBlob(alpha_image,4,data); (void) WriteBlob(alpha_image,length,chunk); (void) WriteBlobMSBULong(alpha_image, crc32(crc32(0,data,4),chunk,(uInt) length)); } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if ((memcmp(type,mng_JDAA,4) == 0) || (memcmp(type,mng_JdAA,4) == 0)) { if (alpha_image != NULL && image_info->ping == MagickFalse) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying JDAA chunk data to alpha_blob.""); (void) WriteBlob(alpha_image,length,chunk); } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_JSEP,4) == 0) { read_JSEP=MagickTrue; if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_bKGD,4) == 0) { if (length == 2) { image->background_color.red=ScaleCharToQuantum(p[1]); image->background_color.green=image->background_color.red; image->background_color.blue=image->background_color.red; } if (length == 6) { image->background_color.red=ScaleCharToQuantum(p[1]); image->background_color.green=ScaleCharToQuantum(p[3]); image->background_color.blue=ScaleCharToQuantum(p[5]); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_gAMA,4) == 0) { if (length == 4) image->gamma=((float) mng_get_long(p))*0.00001; chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_cHRM,4) == 0) { if (length == 32) { image->chromaticity.white_point.x=0.00001*mng_get_long(p); image->chromaticity.white_point.y=0.00001*mng_get_long(&p[4]); image->chromaticity.red_primary.x=0.00001*mng_get_long(&p[8]); image->chromaticity.red_primary.y=0.00001*mng_get_long(&p[12]); image->chromaticity.green_primary.x=0.00001*mng_get_long(&p[16]); image->chromaticity.green_primary.y=0.00001*mng_get_long(&p[20]); image->chromaticity.blue_primary.x=0.00001*mng_get_long(&p[24]); image->chromaticity.blue_primary.y=0.00001*mng_get_long(&p[28]); } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_sRGB,4) == 0) { if (length == 1) { image->rendering_intent= Magick_RenderingIntent_from_PNG_RenderingIntent(p[0]); image->gamma=1.000f/2.200f; image->chromaticity.red_primary.x=0.6400f; image->chromaticity.red_primary.y=0.3300f; image->chromaticity.green_primary.x=0.3000f; image->chromaticity.green_primary.y=0.6000f; image->chromaticity.blue_primary.x=0.1500f; image->chromaticity.blue_primary.y=0.0600f; image->chromaticity.white_point.x=0.3127f; image->chromaticity.white_point.y=0.3290f; } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_oFFs,4) == 0) { if (length > 8) { image->page.x=(ssize_t) mng_get_long(p); image->page.y=(ssize_t) mng_get_long(&p[4]); if ((int) p[8] != 0) { image->page.x/=10000; image->page.y/=10000; } } if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } if (memcmp(type,mng_pHYs,4) == 0) { if (length > 8) { image->resolution.x=(double) mng_get_long(p); image->resolution.y=(double) mng_get_long(&p[4]); if ((int) p[8] == PNG_RESOLUTION_METER) { image->units=PixelsPerCentimeterResolution; image->resolution.x=image->resolution.x/100.0f; image->resolution.y=image->resolution.y/100.0f; } } chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } #if 0 if (memcmp(type,mng_iCCP,4) == 0) { if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); continue; } #endif if (length != 0) chunk=(unsigned char *) RelinquishMagickMemory(chunk); if (memcmp(type,mng_IEND,4)) continue; break; } if (color_image_info == (ImageInfo *) NULL) { assert(color_image == (Image *) NULL); assert(alpha_image == (Image *) NULL); return(DestroyImageList(image)); } if (color_image == (Image *) NULL) { assert(alpha_image == (Image *) NULL); return(DestroyImageList(image)); } (void) SeekBlob(color_image,0,SEEK_SET); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading jng_image from color_blob.""); assert(color_image_info != (ImageInfo *) NULL); (void) FormatLocaleString(color_image_info->filename,MagickPathExtent,""%s"", color_image->filename); color_image_info->ping=MagickFalse; jng_image=ReadImage(color_image_info,exception); (void) RelinquishUniqueFileResource(color_image->filename); color_image=DestroyImage(color_image); color_image_info=DestroyImageInfo(color_image_info); if (jng_image == (Image *) NULL) return(DestroyImageList(image)); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Copying jng_image pixels to main image.""); image->rows=jng_height; image->columns=jng_width; status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); for (y=0; y < (ssize_t) image->rows; y++) { s=GetVirtualPixels(jng_image,0,y,image->columns,1,exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); for (x=(ssize_t) image->columns; x != 0; x--) { SetPixelRed(image,GetPixelRed(jng_image,s),q); SetPixelGreen(image,GetPixelGreen(jng_image,s),q); SetPixelBlue(image,GetPixelBlue(jng_image,s),q); q+=GetPixelChannels(image); s+=GetPixelChannels(jng_image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } jng_image=DestroyImage(jng_image); if (image_info->ping == MagickFalse) { if (jng_color_type >= 12) { if (jng_alpha_compression_method == 0) { png_byte data[5]; (void) WriteBlobMSBULong(alpha_image,0x00000000L); PNGType(data,mng_IEND); LogPNGChunk(logging,mng_IEND,0L); (void) WriteBlob(alpha_image,4,data); (void) WriteBlobMSBULong(alpha_image,crc32(0,data,4)); } (void) CloseBlob(alpha_image); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reading alpha from alpha_blob.""); (void) FormatLocaleString(alpha_image_info->filename,MagickPathExtent, ""%s"",alpha_image->filename); jng_image=ReadImage(alpha_image_info,exception); if (jng_image != (Image *) NULL) for (y=0; y < (ssize_t) image->rows; y++) { s=GetVirtualPixels(jng_image,0,y,image->columns,1, exception); q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (image->alpha_trait != UndefinedPixelTrait) for (x=(ssize_t) image->columns; x != 0; x--) { SetPixelAlpha(image,GetPixelRed(jng_image,s),q); q+=GetPixelChannels(image); s+=GetPixelChannels(jng_image); } else for (x=(ssize_t) image->columns; x != 0; x--) { SetPixelAlpha(image,GetPixelRed(jng_image,s),q); if (GetPixelAlpha(image,q) != OpaqueAlpha) image->alpha_trait=BlendPixelTrait; q+=GetPixelChannels(image); s+=GetPixelChannels(jng_image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } (void) RelinquishUniqueFileResource(alpha_image->filename); alpha_image=DestroyImage(alpha_image); alpha_image_info=DestroyImageInfo(alpha_image_info); if (jng_image != (Image *) NULL) jng_image=DestroyImage(jng_image); } } if (mng_info->mng_type == 0) { mng_info->mng_width=jng_width; mng_info->mng_height=jng_height; } if (image->page.width == 0 && image->page.height == 0) { image->page.width=jng_width; image->page.height=jng_height; } if (image->page.x == 0 && image->page.y == 0) { image->page.x=mng_info->x_off[mng_info->object_id]; image->page.y=mng_info->y_off[mng_info->object_id]; } else { image->page.y=mng_info->y_off[mng_info->object_id]; } mng_info->image_found++; status=SetImageProgress(image,LoadImagesTag,2*TellBlob(image), 2*GetBlobSize(image)); if (status == MagickFalse) return(DestroyImageList(image)); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" exit ReadOneJNGImage()""); return(image); }",visit repo url,coders/png.c,https://github.com/ImageMagick/ImageMagick,275076507205160,1 4340,CWE-358,"IPV6DefragReverseSimpleTest(void) { DefragContext *dc = NULL; Packet *p1 = NULL, *p2 = NULL, *p3 = NULL; Packet *reassembled = NULL; int id = 12; int i; int ret = 0; DefragInit(); dc = DefragContextNew(); if (dc == NULL) goto end; p1 = IPV6BuildTestPacket(id, 0, 1, 'A', 8); if (p1 == NULL) goto end; p2 = IPV6BuildTestPacket(id, 1, 1, 'B', 8); if (p2 == NULL) goto end; p3 = IPV6BuildTestPacket(id, 2, 0, 'C', 3); if (p3 == NULL) goto end; if (Defrag(NULL, NULL, p3, NULL) != NULL) goto end; if (Defrag(NULL, NULL, p2, NULL) != NULL) goto end; reassembled = Defrag(NULL, NULL, p1, NULL); if (reassembled == NULL) goto end; for (i = 40; i < 40 + 8; i++) { if (GET_PKT_DATA(reassembled)[i] != 'A') goto end; } for (i = 48; i < 48 + 8; i++) { if (GET_PKT_DATA(reassembled)[i] != 'B') goto end; } for (i = 56; i < 56 + 3; i++) { if (GET_PKT_DATA(reassembled)[i] != 'C') goto end; } ret = 1; end: if (dc != NULL) DefragContextDestroy(dc); if (p1 != NULL) SCFree(p1); if (p2 != NULL) SCFree(p2); if (p3 != NULL) SCFree(p3); if (reassembled != NULL) SCFree(reassembled); DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,238960566756555,1 4876,['CWE-189'],"static int ecryptfs_encrypt_extent(struct page *enc_extent_page, struct ecryptfs_crypt_stat *crypt_stat, struct page *page, unsigned long extent_offset) { loff_t extent_base; char extent_iv[ECRYPTFS_MAX_IV_BYTES]; int rc; extent_base = (((loff_t)page->index) * (PAGE_CACHE_SIZE / crypt_stat->extent_size)); rc = ecryptfs_derive_iv(extent_iv, crypt_stat, (extent_base + extent_offset)); if (rc) { ecryptfs_printk(KERN_ERR, ""Error attempting to "" ""derive IV for extent [0x%.16x]; "" ""rc = [%d]\n"", (extent_base + extent_offset), rc); goto out; } if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""Encrypting extent "" ""with iv:\n""); ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes); ecryptfs_printk(KERN_DEBUG, ""First 8 bytes before "" ""encryption:\n""); ecryptfs_dump_hex((char *) (page_address(page) + (extent_offset * crypt_stat->extent_size)), 8); } rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0, page, (extent_offset * crypt_stat->extent_size), crypt_stat->extent_size, extent_iv); if (rc < 0) { printk(KERN_ERR ""%s: Error attempting to encrypt page with "" ""page->index = [%ld], extent_offset = [%ld]; "" ""rc = [%d]\n"", __func__, page->index, extent_offset, rc); goto out; } rc = 0; if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""Encrypt extent [0x%.16x]; "" ""rc = [%d]\n"", (extent_base + extent_offset), rc); ecryptfs_printk(KERN_DEBUG, ""First 8 bytes after "" ""encryption:\n""); ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8); } out: return rc; }",linux-2.6,,,209994696376684665117491388544121694016,0 3667,CWE-119,"static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * p_code_block) { OPJ_UINT32 l_data_size; l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); if (l_data_size > p_code_block->data_size) { if (p_code_block->data) { opj_free(p_code_block->data - 1); } p_code_block->data = (OPJ_BYTE*) opj_malloc(l_data_size + 1); if (! p_code_block->data) { p_code_block->data_size = 0U; return OPJ_FALSE; } p_code_block->data_size = l_data_size; p_code_block->data[0] = 0; p_code_block->data += 1; } return OPJ_TRUE; }",visit repo url,src/lib/openjp2/tcd.c,https://github.com/uclouvain/openjpeg,244764315766426,1 6613,CWE-476,"int amf_namf_comm_handle_n1_n2_message_transfer( ogs_sbi_stream_t *stream, ogs_sbi_message_t *recvmsg) { int status; amf_ue_t *amf_ue = NULL; amf_sess_t *sess = NULL; ogs_pkbuf_t *n1buf = NULL; ogs_pkbuf_t *n2buf = NULL; ogs_pkbuf_t *gmmbuf = NULL; ogs_pkbuf_t *ngapbuf = NULL; char *supi = NULL; uint8_t pdu_session_id = OGS_NAS_PDU_SESSION_IDENTITY_UNASSIGNED; ogs_sbi_message_t sendmsg; ogs_sbi_response_t *response = NULL; OpenAPI_n1_n2_message_transfer_req_data_t *N1N2MessageTransferReqData; OpenAPI_n1_n2_message_transfer_rsp_data_t N1N2MessageTransferRspData; OpenAPI_n1_message_container_t *n1MessageContainer = NULL; OpenAPI_ref_to_binary_data_t *n1MessageContent = NULL; OpenAPI_n2_info_container_t *n2InfoContainer = NULL; OpenAPI_n2_sm_information_t *smInfo = NULL; OpenAPI_n2_info_content_t *n2InfoContent = NULL; OpenAPI_ref_to_binary_data_t *ngapData = NULL; ogs_assert(stream); ogs_assert(recvmsg); N1N2MessageTransferReqData = recvmsg->N1N2MessageTransferReqData; if (!N1N2MessageTransferReqData) { ogs_error(""No N1N2MessageTransferReqData""); return OGS_ERROR; } if (N1N2MessageTransferReqData->is_pdu_session_id == false) { ogs_error(""No PDU Session Identity""); return OGS_ERROR; } pdu_session_id = N1N2MessageTransferReqData->pdu_session_id; supi = recvmsg->h.resource.component[1]; if (!supi) { ogs_error(""No SUPI""); return OGS_ERROR; } amf_ue = amf_ue_find_by_supi(supi); if (!amf_ue) { ogs_error(""No UE context [%s]"", supi); return OGS_ERROR; } sess = amf_sess_find_by_psi(amf_ue, pdu_session_id); if (!sess) { ogs_error(""[%s] No PDU Session Context [%d]"", amf_ue->supi, pdu_session_id); return OGS_ERROR; } n1MessageContainer = N1N2MessageTransferReqData->n1_message_container; if (n1MessageContainer) { n1MessageContent = n1MessageContainer->n1_message_content; if (!n1MessageContent || !n1MessageContent->content_id) { ogs_error(""No n1MessageContent""); return OGS_ERROR; } n1buf = ogs_sbi_find_part_by_content_id( recvmsg, n1MessageContent->content_id); if (!n1buf) { ogs_error(""[%s] No N1 SM Content"", amf_ue->supi); return OGS_ERROR; } n1buf = ogs_pkbuf_copy(n1buf); ogs_assert(n1buf); } n2InfoContainer = N1N2MessageTransferReqData->n2_info_container; if (n2InfoContainer) { smInfo = n2InfoContainer->sm_info; if (!smInfo) { ogs_error(""No smInfo""); return OGS_ERROR; } n2InfoContent = smInfo->n2_info_content; if (!n2InfoContent) { ogs_error(""No n2InfoContent""); return OGS_ERROR; } ngapData = n2InfoContent->ngap_data; if (!ngapData || !ngapData->content_id) { ogs_error(""No ngapData""); return OGS_ERROR; } n2buf = ogs_sbi_find_part_by_content_id( recvmsg, ngapData->content_id); if (!n2buf) { ogs_error(""[%s] No N2 SM Content"", amf_ue->supi); return OGS_ERROR; } n2buf = ogs_pkbuf_copy(n2buf); ogs_assert(n2buf); } memset(&sendmsg, 0, sizeof(sendmsg)); status = OGS_SBI_HTTP_STATUS_OK; memset(&N1N2MessageTransferRspData, 0, sizeof(N1N2MessageTransferRspData)); N1N2MessageTransferRspData.cause = OpenAPI_n1_n2_message_transfer_cause_N1_N2_TRANSFER_INITIATED; sendmsg.N1N2MessageTransferRspData = &N1N2MessageTransferRspData; switch (n2InfoContent->ngap_ie_type) { case OpenAPI_ngap_ie_type_PDU_RES_SETUP_REQ: if (!n2buf) { ogs_error(""[%s] No N2 SM Content"", amf_ue->supi); return OGS_ERROR; } if (n1buf) { gmmbuf = gmm_build_dl_nas_transport(sess, OGS_NAS_PAYLOAD_CONTAINER_N1_SM_INFORMATION, n1buf, 0, 0); ogs_assert(gmmbuf); } if (gmmbuf) { ran_ue_t *ran_ue = NULL; ran_ue = ran_ue_cycle(amf_ue->ran_ue); ogs_assert(ran_ue); if (sess->pdu_session_establishment_accept) { ogs_pkbuf_free(sess->pdu_session_establishment_accept); sess->pdu_session_establishment_accept = NULL; } if (ran_ue->initial_context_setup_request_sent == true) { ngapbuf = ngap_sess_build_pdu_session_resource_setup_request( sess, gmmbuf, n2buf); ogs_assert(ngapbuf); } else { ngapbuf = ngap_sess_build_initial_context_setup_request( sess, gmmbuf, n2buf); ogs_assert(ngapbuf); ran_ue->initial_context_setup_request_sent = true; } if (SESSION_CONTEXT_IN_SMF(sess)) { if (nas_5gs_send_to_gnb(amf_ue, ngapbuf) != OGS_OK) ogs_error(""nas_5gs_send_to_gnb() failed""); } else { sess->pdu_session_establishment_accept = ngapbuf; } } else { if (CM_IDLE(amf_ue)) { ogs_sbi_server_t *server = NULL; ogs_sbi_header_t header; ogs_sbi_client_t *client = NULL; ogs_sockaddr_t *addr = NULL; if (!N1N2MessageTransferReqData->n1n2_failure_txf_notif_uri) { ogs_error(""[%s:%d] No n1-n2-failure-notification-uri"", amf_ue->supi, sess->psi); return OGS_ERROR; } addr = ogs_sbi_getaddr_from_uri( N1N2MessageTransferReqData->n1n2_failure_txf_notif_uri); if (!addr) { ogs_error(""[%s:%d] Invalid URI [%s]"", amf_ue->supi, sess->psi, N1N2MessageTransferReqData-> n1n2_failure_txf_notif_uri); return OGS_ERROR;; } client = ogs_sbi_client_find(addr); if (!client) { client = ogs_sbi_client_add(addr); ogs_assert(client); } OGS_SETUP_SBI_CLIENT(&sess->paging, client); ogs_freeaddrinfo(addr); status = OGS_SBI_HTTP_STATUS_ACCEPTED; N1N2MessageTransferRspData.cause = OpenAPI_n1_n2_message_transfer_cause_ATTEMPTING_TO_REACH_UE; server = ogs_sbi_server_from_stream(stream); ogs_assert(server); memset(&header, 0, sizeof(header)); header.service.name = (char *)OGS_SBI_SERVICE_NAME_NAMF_COMM; header.api.version = (char *)OGS_SBI_API_V1; header.resource.component[0] = (char *)OGS_SBI_RESOURCE_NAME_UE_CONTEXTS; header.resource.component[1] = amf_ue->supi; header.resource.component[2] = (char *)OGS_SBI_RESOURCE_NAME_N1_N2_MESSAGES; header.resource.component[3] = sess->sm_context_ref; sendmsg.http.location = ogs_sbi_server_uri(server, &header); AMF_SESS_STORE_PAGING_INFO( sess, sendmsg.http.location, N1N2MessageTransferReqData->n1n2_failure_txf_notif_uri); AMF_SESS_STORE_N2_TRANSFER( sess, pdu_session_resource_setup_request, n2buf); ogs_assert(OGS_OK == ngap_send_paging(amf_ue)); } else if (CM_CONNECTED(amf_ue)) { ogs_assert(OGS_OK == ngap_send_pdu_resource_setup_request(sess, n2buf)); } else { ogs_fatal(""[%s] Invalid AMF-UE state"", amf_ue->supi); ogs_assert_if_reached(); } } break; case OpenAPI_ngap_ie_type_PDU_RES_MOD_REQ: if (!n1buf) { ogs_error(""[%s] No N1 SM Content"", amf_ue->supi); return OGS_ERROR; } if (!n2buf) { ogs_error(""[%s] No N2 SM Content"", amf_ue->supi); return OGS_ERROR; } if (CM_IDLE(amf_ue)) { ogs_sbi_server_t *server = NULL; ogs_sbi_header_t header; status = OGS_SBI_HTTP_STATUS_ACCEPTED; N1N2MessageTransferRspData.cause = OpenAPI_n1_n2_message_transfer_cause_ATTEMPTING_TO_REACH_UE; server = ogs_sbi_server_from_stream(stream); ogs_assert(server); memset(&header, 0, sizeof(header)); header.service.name = (char *)OGS_SBI_SERVICE_NAME_NAMF_COMM; header.api.version = (char *)OGS_SBI_API_V1; header.resource.component[0] = (char *)OGS_SBI_RESOURCE_NAME_UE_CONTEXTS; header.resource.component[1] = amf_ue->supi; header.resource.component[2] = (char *)OGS_SBI_RESOURCE_NAME_N1_N2_MESSAGES; header.resource.component[3] = sess->sm_context_ref; sendmsg.http.location = ogs_sbi_server_uri(server, &header); AMF_SESS_STORE_PAGING_INFO( sess, sendmsg.http.location, NULL); AMF_SESS_STORE_5GSM_MESSAGE(sess, OGS_NAS_5GS_PDU_SESSION_MODIFICATION_COMMAND, n1buf, n2buf); ogs_assert(OGS_OK == ngap_send_paging(amf_ue)); } else if (CM_CONNECTED(amf_ue)) { gmmbuf = gmm_build_dl_nas_transport(sess, OGS_NAS_PAYLOAD_CONTAINER_N1_SM_INFORMATION, n1buf, 0, 0); ogs_assert(gmmbuf); ngapbuf = ngap_build_pdu_session_resource_modify_request( sess, gmmbuf, n2buf); ogs_assert(ngapbuf); if (nas_5gs_send_to_gnb(amf_ue, ngapbuf) != OGS_OK) ogs_error(""nas_5gs_send_to_gnb() failed""); } else { ogs_fatal(""[%s] Invalid AMF-UE state"", amf_ue->supi); ogs_assert_if_reached(); } break; case OpenAPI_ngap_ie_type_PDU_RES_REL_CMD: if (!n2buf) { ogs_error(""[%s] No N2 SM Content"", amf_ue->supi); return OGS_ERROR; } if (n1buf) ogs_pkbuf_free(n1buf); if (CM_IDLE(amf_ue)) { if (n2buf) ogs_pkbuf_free(n2buf); if (N1N2MessageTransferReqData->is_skip_ind == true && N1N2MessageTransferReqData->skip_ind == true) { N1N2MessageTransferRspData.cause = OpenAPI_n1_n2_message_transfer_cause_N1_MSG_NOT_TRANSFERRED; } else { ogs_fatal(""[%s] No skipInd"", amf_ue->supi); ogs_assert_if_reached(); } } else if (CM_CONNECTED(amf_ue)) { ngapbuf = ngap_build_pdu_session_resource_release_command( sess, NULL, n2buf); ogs_assert(ngapbuf); if (nas_5gs_send_to_gnb(amf_ue, ngapbuf) != OGS_OK) ogs_error(""nas_5gs_send_to_gnb() failed""); } else { ogs_fatal(""[%s] Invalid AMF-UE state"", amf_ue->supi); ogs_assert_if_reached(); } break; default: ogs_error(""Not implemented ngap_ie_type[%d]"", n2InfoContent->ngap_ie_type); ogs_assert_if_reached(); } response = ogs_sbi_build_response(&sendmsg, status); ogs_assert(response); ogs_assert(true == ogs_sbi_server_send_response(stream, response)); if (sendmsg.http.location) ogs_free(sendmsg.http.location); return OGS_OK; }",visit repo url,src/amf/namf-handler.c,https://github.com/open5gs/open5gs,260669485015096,1 4452,CWE-120,"LIBOPENMPT_MODPLUG_API unsigned int ModPlug_SampleName(ModPlugFile* file, unsigned int qual, char* buff) { const char* str; unsigned int retval; size_t tmpretval; if(!file) return 0; str = openmpt_module_get_sample_name(file->mod,qual-1); if(!str){ if(buff){ *buff = '\0'; } return 0; } tmpretval = strlen(str); if(tmpretval>=INT_MAX){ tmpretval = INT_MAX-1; } retval = (int)tmpretval; if(buff){ memcpy(buff,str,retval+1); buff[retval] = '\0'; } openmpt_free_string(str); return retval; }",visit repo url,libopenmpt/libopenmpt_modplug.c,https://github.com/OpenMPT/openmpt,185574336546524,1 2710,CWE-190,"SPL_METHOD(SplFileObject, setCsvControl) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); char delimiter = ',', enclosure = '""', escape='\\'; char *delim = NULL, *enclo = NULL, *esc = NULL; int d_len = 0, e_len = 0, esc_len = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""|sss"", &delim, &d_len, &enclo, &e_len, &esc, &esc_len) == SUCCESS) { switch(ZEND_NUM_ARGS()) { case 3: if (esc_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""escape must be a character""); RETURN_FALSE; } escape = esc[0]; case 2: if (e_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""enclosure must be a character""); RETURN_FALSE; } enclosure = enclo[0]; case 1: if (d_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""delimiter must be a character""); RETURN_FALSE; } delimiter = delim[0]; case 0: break; } intern->u.file.delimiter = delimiter; intern->u.file.enclosure = enclosure; intern->u.file.escape = escape; } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,71588809051109,1 2015,['CWE-269'],"static void chroot_fs_refs(struct nameidata *old_nd, struct nameidata *new_nd) { struct task_struct *g, *p; struct fs_struct *fs; read_lock(&tasklist_lock); do_each_thread(g, p) { task_lock(p); fs = p->fs; if (fs) { atomic_inc(&fs->count); task_unlock(p); if (fs->root == old_nd->dentry && fs->rootmnt == old_nd->mnt) set_fs_root(fs, new_nd->mnt, new_nd->dentry); if (fs->pwd == old_nd->dentry && fs->pwdmnt == old_nd->mnt) set_fs_pwd(fs, new_nd->mnt, new_nd->dentry); put_fs_struct(fs); } else task_unlock(p); } while_each_thread(g, p); read_unlock(&tasklist_lock); }",linux-2.6,,,154148220096138538772350260522860811433,0 1258,NVD-CWE-Other,"unsigned int get_random_int(void) { struct keydata *keyptr; __u32 *hash = get_cpu_var(get_random_int_hash); int ret; keyptr = get_keyptr(); hash[0] += current->pid + jiffies + get_cycles(); ret = half_md4_transform(hash, keyptr->secret); put_cpu_var(get_random_int_hash); return ret; }",visit repo url,drivers/char/random.c,https://github.com/torvalds/linux,234030068483719,1 3156,NVD-CWE-noinfo,"int xmkstemp(char **tmpname, char *dir) { char *localtmp; char *tmpenv; mode_t old_mode; int fd, rc; if (dir != NULL) tmpenv = dir; else tmpenv = getenv(""TMPDIR""); if (tmpenv) rc = asprintf(&localtmp, ""%s/%s.XXXXXX"", tmpenv, program_invocation_short_name); else rc = asprintf(&localtmp, ""%s/%s.XXXXXX"", _PATH_TMP, program_invocation_short_name); if (rc < 0) return -1; old_mode = umask(077); fd = mkostemp(localtmp, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC); umask(old_mode); if (fd == -1) { free(localtmp); localtmp = NULL; } *tmpname = localtmp; return fd; }",visit repo url,lib/fileutils.c,https://github.com/karelzak/util-linux,276258277709548,1 4942,CWE-125,"exif_mnote_data_fuji_load (ExifMnoteData *en, const unsigned char *buf, unsigned int buf_size) { ExifMnoteDataFuji *n = (ExifMnoteDataFuji*) en; ExifLong c; size_t i, tcount, o, datao; if (!n || !buf || !buf_size) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifMnoteDataFuji"", ""Short MakerNote""); return; } datao = 6 + n->offset; if ((datao + 12 < datao) || (datao + 12 < 12) || (datao + 12 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifMnoteDataFuji"", ""Short MakerNote""); return; } n->order = EXIF_BYTE_ORDER_INTEL; datao += exif_get_long (buf + datao + 8, EXIF_BYTE_ORDER_INTEL); if ((datao + 2 < datao) || (datao + 2 < 2) || (datao + 2 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifMnoteDataFuji"", ""Short MakerNote""); return; } c = exif_get_short (buf + datao, EXIF_BYTE_ORDER_INTEL); datao += 2; exif_mnote_data_fuji_clear (n); n->entries = exif_mem_alloc (en->mem, sizeof (MnoteFujiEntry) * c); if (!n->entries) { EXIF_LOG_NO_MEMORY(en->log, ""ExifMnoteDataFuji"", sizeof (MnoteFujiEntry) * c); return; } tcount = 0; for (i = c, o = datao; i; --i, o += 12) { size_t s; if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifMnoteDataFuji"", ""Short MakerNote""); break; } n->entries[tcount].tag = exif_get_short (buf + o, n->order); n->entries[tcount].format = exif_get_short (buf + o + 2, n->order); n->entries[tcount].components = exif_get_long (buf + o + 4, n->order); n->entries[tcount].order = n->order; exif_log (en->log, EXIF_LOG_CODE_DEBUG, ""ExifMnoteDataFuji"", ""Loading entry 0x%x ('%s')..."", n->entries[tcount].tag, mnote_fuji_tag_get_name (n->entries[tcount].tag)); s = exif_format_get_size (n->entries[tcount].format) * n->entries[tcount].components; n->entries[tcount].size = s; if (s) { size_t dataofs = o + 8; if (s > 4) dataofs = exif_get_long (buf + dataofs, n->order) + 6 + n->offset; if ((dataofs + s < dataofs) || (dataofs + s < s) || (dataofs + s >= buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, ""ExifMnoteDataFuji"", ""Tag data past end of "" ""buffer (%u >= %u)"", (unsigned)(dataofs + s), buf_size); continue; } n->entries[tcount].data = exif_mem_alloc (en->mem, s); if (!n->entries[tcount].data) { EXIF_LOG_NO_MEMORY(en->log, ""ExifMnoteDataFuji"", s); continue; } memcpy (n->entries[tcount].data, buf + dataofs, s); } ++tcount; } n->count = tcount; }",visit repo url,libexif/fuji/exif-mnote-data-fuji.c,https://github.com/libexif/libexif,51334565592322,1 863,CWE-20,"static int recv_stream(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t buf_len, int flags) { struct sock *sk = sock->sk; struct tipc_port *tport = tipc_sk_port(sk); struct sk_buff *buf; struct tipc_msg *msg; long timeout; unsigned int sz; int sz_to_copy, target, needed; int sz_copied = 0; u32 err; int res = 0; if (unlikely(!buf_len)) return -EINVAL; lock_sock(sk); if (unlikely((sock->state == SS_UNCONNECTED))) { res = -ENOTCONN; goto exit; } m->msg_namelen = 0; target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); restart: while (skb_queue_empty(&sk->sk_receive_queue)) { if (sock->state == SS_DISCONNECTING) { res = -ENOTCONN; goto exit; } if (timeout <= 0L) { res = timeout ? timeout : -EWOULDBLOCK; goto exit; } release_sock(sk); timeout = wait_event_interruptible_timeout(*sk_sleep(sk), tipc_rx_ready(sock), timeout); lock_sock(sk); } buf = skb_peek(&sk->sk_receive_queue); msg = buf_msg(buf); sz = msg_data_sz(msg); err = msg_errcode(msg); if ((!sz) && (!err)) { advance_rx_queue(sk); goto restart; } if (sz_copied == 0) { set_orig_addr(m, msg); res = anc_data_recv(m, msg, tport); if (res) goto exit; } if (!err) { u32 offset = (u32)(unsigned long)(TIPC_SKB_CB(buf)->handle); sz -= offset; needed = (buf_len - sz_copied); sz_to_copy = (sz <= needed) ? sz : needed; res = skb_copy_datagram_iovec(buf, msg_hdr_sz(msg) + offset, m->msg_iov, sz_to_copy); if (res) goto exit; sz_copied += sz_to_copy; if (sz_to_copy < sz) { if (!(flags & MSG_PEEK)) TIPC_SKB_CB(buf)->handle = (void *)(unsigned long)(offset + sz_to_copy); goto exit; } } else { if (sz_copied != 0) goto exit; if ((err == TIPC_CONN_SHUTDOWN) || m->msg_control) res = 0; else res = -ECONNRESET; } if (likely(!(flags & MSG_PEEK))) { if (unlikely(++tport->conn_unacked >= TIPC_FLOW_CONTROL_WIN)) tipc_acknowledge(tport->ref, tport->conn_unacked); advance_rx_queue(sk); } if ((sz_copied < buf_len) && (!skb_queue_empty(&sk->sk_receive_queue) || (sz_copied < target)) && (!(flags & MSG_PEEK)) && (!err)) goto restart; exit: release_sock(sk); return sz_copied ? sz_copied : res; }",visit repo url,net/tipc/socket.c,https://github.com/torvalds/linux,263298236416144,1 6221,['CWE-200'],"int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { struct ndmsg *ndm = NLMSG_DATA(nlh); struct rtattr **nda = arg; struct neigh_table *tbl; struct net_device *dev = NULL; int err = -ENODEV; if (ndm->ndm_ifindex && (dev = dev_get_by_index(ndm->ndm_ifindex)) == NULL) goto out; read_lock(&neigh_tbl_lock); for (tbl = neigh_tables; tbl; tbl = tbl->next) { struct rtattr *lladdr_attr = nda[NDA_LLADDR - 1]; struct rtattr *dst_attr = nda[NDA_DST - 1]; int override = 1; struct neighbour *n; if (tbl->family != ndm->ndm_family) continue; read_unlock(&neigh_tbl_lock); err = -EINVAL; if (!dst_attr || RTA_PAYLOAD(dst_attr) < tbl->key_len) goto out_dev_put; if (ndm->ndm_flags & NTF_PROXY) { err = -ENOBUFS; if (pneigh_lookup(tbl, RTA_DATA(dst_attr), dev, 1)) err = 0; goto out_dev_put; } err = -EINVAL; if (!dev) goto out; if (lladdr_attr && RTA_PAYLOAD(lladdr_attr) < dev->addr_len) goto out_dev_put; n = neigh_lookup(tbl, RTA_DATA(dst_attr), dev); if (n) { if (nlh->nlmsg_flags & NLM_F_EXCL) { err = -EEXIST; neigh_release(n); goto out_dev_put; } override = nlh->nlmsg_flags & NLM_F_REPLACE; } else if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { err = -ENOENT; goto out_dev_put; } else { n = __neigh_lookup_errno(tbl, RTA_DATA(dst_attr), dev); if (IS_ERR(n)) { err = PTR_ERR(n); goto out_dev_put; } } err = neigh_update(n, lladdr_attr ? RTA_DATA(lladdr_attr) : NULL, ndm->ndm_state, (override ? NEIGH_UPDATE_F_OVERRIDE : 0) | NEIGH_UPDATE_F_ADMIN); neigh_release(n); goto out_dev_put; } read_unlock(&neigh_tbl_lock); err = -EADDRNOTAVAIL; out_dev_put: if (dev) dev_put(dev); out: return err; }",linux-2.6,,,149389092893162853854977611409305079912,0 3420,['CWE-264'],"int nonseekable_open(struct inode *inode, struct file *filp) { filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE); return 0; }",linux-2.6,,,26302646783132152048363342693514849950,0 1432,CWE-119,"static void wdm_in_callback(struct urb *urb) { struct wdm_device *desc = urb->context; int status = urb->status; spin_lock(&desc->iuspin); clear_bit(WDM_RESPONDING, &desc->flags); if (status) { switch (status) { case -ENOENT: dev_dbg(&desc->intf->dev, ""nonzero urb status received: -ENOENT""); goto skip_error; case -ECONNRESET: dev_dbg(&desc->intf->dev, ""nonzero urb status received: -ECONNRESET""); goto skip_error; case -ESHUTDOWN: dev_dbg(&desc->intf->dev, ""nonzero urb status received: -ESHUTDOWN""); goto skip_error; case -EPIPE: dev_err(&desc->intf->dev, ""nonzero urb status received: -EPIPE\n""); break; default: dev_err(&desc->intf->dev, ""Unexpected error %d\n"", status); break; } } desc->rerr = status; desc->reslength = urb->actual_length; memmove(desc->ubuf + desc->length, desc->inbuf, desc->reslength); desc->length += desc->reslength; skip_error: wake_up(&desc->wait); set_bit(WDM_READ, &desc->flags); spin_unlock(&desc->iuspin); }",visit repo url,drivers/usb/class/cdc-wdm.c,https://github.com/torvalds/linux,66355064617719,1 405,CWE-125,"void snd_msndmidi_input_read(void *mpuv) { unsigned long flags; struct snd_msndmidi *mpu = mpuv; void *pwMIDQData = mpu->dev->mappedbase + MIDQ_DATA_BUFF; spin_lock_irqsave(&mpu->input_lock, flags); while (readw(mpu->dev->MIDQ + JQS_wTail) != readw(mpu->dev->MIDQ + JQS_wHead)) { u16 wTmp, val; val = readw(pwMIDQData + 2 * readw(mpu->dev->MIDQ + JQS_wHead)); if (test_bit(MSNDMIDI_MODE_BIT_INPUT_TRIGGER, &mpu->mode)) snd_rawmidi_receive(mpu->substream_input, (unsigned char *)&val, 1); wTmp = readw(mpu->dev->MIDQ + JQS_wHead) + 1; if (wTmp > readw(mpu->dev->MIDQ + JQS_wSize)) writew(0, mpu->dev->MIDQ + JQS_wHead); else writew(wTmp, mpu->dev->MIDQ + JQS_wHead); } spin_unlock_irqrestore(&mpu->input_lock, flags); }",visit repo url,sound/isa/msnd/msnd_midi.c,https://github.com/torvalds/linux,4504394644521,1 6415,['CWE-190'],"ToS (const guchar *puffer) { return (puffer[0] | puffer[1] << 8); }",gimp,,,148261622836273179239745162938843083736,0 3358,CWE-119,"int dbd_bind_ph(SV *sth, imp_sth_t *imp_sth, SV *param, SV *value, IV sql_type, SV *attribs, int is_inout, IV maxlen) { dTHX; int rc; int param_num= SvIV(param); int idx= param_num - 1; char err_msg[64]; D_imp_xxh(sth); #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION STRLEN slen; char *buffer= NULL; int buffer_is_null= 0; int buffer_length= slen; unsigned int buffer_type= 0; IV tmp; #endif D_imp_dbh_from_sth; ASYNC_CHECK_RETURN(sth, FALSE); if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), "" Called: dbd_bind_ph\n""); attribs= attribs; maxlen= maxlen; if (param_num <= 0 || param_num > DBIc_NUM_PARAMS(imp_sth)) { do_error(sth, JW_ERR_ILLEGAL_PARAM_NUM, ""Illegal parameter number"", NULL); return FALSE; } if (SvOK(value) && (sql_type == SQL_NUMERIC || sql_type == SQL_DECIMAL || sql_type == SQL_INTEGER || sql_type == SQL_SMALLINT || sql_type == SQL_FLOAT || sql_type == SQL_REAL || sql_type == SQL_DOUBLE) ) { if (! looks_like_number(value)) { sprintf(err_msg, ""Binding non-numeric field %d, value %s as a numeric!"", param_num, neatsvpv(value,0)); do_error(sth, JW_ERR_ILLEGAL_PARAM_NUM, err_msg, NULL); } } if (is_inout) { do_error(sth, JW_ERR_NOT_IMPLEMENTED, ""Output parameters not implemented"", NULL); return FALSE; } rc = bind_param(&imp_sth->params[idx], value, sql_type); #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION if (imp_sth->use_server_side_prepare) { switch(sql_type) { case SQL_NUMERIC: case SQL_INTEGER: case SQL_SMALLINT: case SQL_BIGINT: case SQL_TINYINT: buffer_type= MYSQL_TYPE_LONG; break; case SQL_DOUBLE: case SQL_DECIMAL: case SQL_FLOAT: case SQL_REAL: buffer_type= MYSQL_TYPE_DOUBLE; break; case SQL_CHAR: case SQL_VARCHAR: case SQL_DATE: case SQL_TIME: case SQL_TIMESTAMP: case SQL_LONGVARCHAR: case SQL_BINARY: case SQL_VARBINARY: case SQL_LONGVARBINARY: buffer_type= MYSQL_TYPE_BLOB; break; default: buffer_type= MYSQL_TYPE_STRING; } buffer_is_null = !(SvOK(imp_sth->params[idx].value) && imp_sth->params[idx].value); if (! buffer_is_null) { switch(buffer_type) { case MYSQL_TYPE_LONG: if (!SvIOK(imp_sth->params[idx].value) && DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tTRY TO BIND AN INT NUMBER\n""); buffer_length = sizeof imp_sth->fbind[idx].numeric_val.lval; tmp = SvIV(imp_sth->params[idx].value); if (tmp > INT32_MAX) croak(""Could not bind %ld: Integer too large for MYSQL_TYPE_LONG"", tmp); imp_sth->fbind[idx].numeric_val.lval= tmp; buffer=(void*)&(imp_sth->fbind[idx].numeric_val.lval); if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), "" SCALAR type %d ->%""PRId32""<- IS A INT NUMBER\n"", (int) sql_type, *(int32_t *)buffer); break; case MYSQL_TYPE_DOUBLE: if (!SvNOK(imp_sth->params[idx].value) && DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tTRY TO BIND A FLOAT NUMBER\n""); buffer_length = sizeof imp_sth->fbind[idx].numeric_val.dval; imp_sth->fbind[idx].numeric_val.dval= SvNV(imp_sth->params[idx].value); buffer=(char*)&(imp_sth->fbind[idx].numeric_val.dval); if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), "" SCALAR type %d ->%f<- IS A FLOAT NUMBER\n"", (int) sql_type, (double)(*buffer)); break; case MYSQL_TYPE_BLOB: if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), "" SCALAR type BLOB\n""); break; case MYSQL_TYPE_STRING: if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), "" SCALAR type STRING %d, buffertype=%d\n"", (int) sql_type, buffer_type); break; default: croak(""Bug in DBD::Mysql file dbdimp.c#dbd_bind_ph: do not know how to handle unknown buffer type.""); } if (buffer_type == MYSQL_TYPE_STRING || buffer_type == MYSQL_TYPE_BLOB) { buffer= SvPV(imp_sth->params[idx].value, slen); buffer_length= slen; if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), "" SCALAR type %d ->length %d<- IS A STRING or BLOB\n"", (int) sql_type, buffer_length); } } else { buffer= NULL; if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), "" SCALAR NULL VALUE: buffer type is: %d\n"", buffer_type); } if (imp_sth->bind[idx].buffer_type != buffer_type) { if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), "" FORCE REBIND: buffer type changed from %d to %d, sql-type=%d\n"", (int) imp_sth->bind[idx].buffer_type, buffer_type, (int) sql_type); imp_sth->has_been_bound = 0; } if (imp_sth->has_been_bound == 0) { imp_sth->bind[idx].buffer_type= buffer_type; imp_sth->bind[idx].buffer= buffer; imp_sth->bind[idx].buffer_length= buffer_length; } else { imp_sth->stmt->params[idx].buffer= buffer; imp_sth->stmt->params[idx].buffer_length= buffer_length; } imp_sth->fbind[idx].length= buffer_length; imp_sth->fbind[idx].is_null= buffer_is_null; } #endif return rc; }",visit repo url,dbdimp.c,https://github.com/perl5-dbi/DBD-mysql,178550306614827,1 4413,CWE-476,"proc_lambda(mrb_state *mrb, mrb_value self) { mrb_value blk; struct RProc *p; mrb_get_args(mrb, ""&"", &blk); if (mrb_nil_p(blk)) { mrb_raise(mrb, E_ARGUMENT_ERROR, ""tried to create Proc object without a block""); } if (!mrb_proc_p(blk)) { mrb_raise(mrb, E_ARGUMENT_ERROR, ""not a proc""); } p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p)) { struct RProc *p2 = MRB_OBJ_ALLOC(mrb, MRB_TT_PROC, p->c); mrb_proc_copy(p2, p); p2->flags |= MRB_PROC_STRICT; return mrb_obj_value(p2); } return blk; }",visit repo url,src/proc.c,https://github.com/mruby/mruby,69289486973802,1 5133,['CWE-20'],"static void enable_nmi_window(struct kvm_vcpu *vcpu) { u32 cpu_based_vm_exec_control; if (!cpu_has_virtual_nmis()) { enable_irq_window(vcpu); return; } cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL); cpu_based_vm_exec_control |= CPU_BASED_VIRTUAL_NMI_PENDING; vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, cpu_based_vm_exec_control); }",linux-2.6,,,170594227024459000106435896932501930312,0 5809,['CWE-200'],"static struct sock *atalk_search_socket(struct sockaddr_at *to, struct atalk_iface *atif) { struct sock *s; struct hlist_node *node; read_lock_bh(&atalk_sockets_lock); sk_for_each(s, node, &atalk_sockets) { struct atalk_sock *at = at_sk(s); if (to->sat_port != at->src_port) continue; if (to->sat_addr.s_net == ATADDR_ANYNET && to->sat_addr.s_node == ATADDR_BCAST) goto found; if (to->sat_addr.s_net == at->src_net && (to->sat_addr.s_node == at->src_node || to->sat_addr.s_node == ATADDR_BCAST || to->sat_addr.s_node == ATADDR_ANYNODE)) goto found; if (to->sat_addr.s_node == ATADDR_ANYNODE && to->sat_addr.s_net != ATADDR_ANYNET && atif->address.s_node == at->src_node) { to->sat_addr.s_node = atif->address.s_node; goto found; } } s = NULL; found: read_unlock_bh(&atalk_sockets_lock); return s; }",linux-2.6,,,336536472436574344760362596923774668345,0 2018,CWE-416,"static int set_evtchn_to_irq(evtchn_port_t evtchn, unsigned int irq) { unsigned row; unsigned col; if (evtchn >= xen_evtchn_max_channels()) return -EINVAL; row = EVTCHN_ROW(evtchn); col = EVTCHN_COL(evtchn); if (evtchn_to_irq[row] == NULL) { if (irq == -1) return 0; evtchn_to_irq[row] = (int *)get_zeroed_page(GFP_KERNEL); if (evtchn_to_irq[row] == NULL) return -ENOMEM; clear_evtchn_to_irq_row(row); } evtchn_to_irq[row][col] = irq; return 0; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,106482848074728,1 4571,['CWE-399'],"static int __ext4_journalled_writepage(struct page *page, struct writeback_control *wbc) { struct address_space *mapping = page->mapping; struct inode *inode = mapping->host; struct buffer_head *page_bufs; handle_t *handle = NULL; int ret = 0; int err; ret = block_prepare_write(page, 0, PAGE_CACHE_SIZE, ext4_normal_get_block_write); if (ret != 0) goto out_unlock; page_bufs = page_buffers(page); walk_page_buffers(handle, page_bufs, 0, PAGE_CACHE_SIZE, NULL, bget_one); unlock_page(page); handle = ext4_journal_start(inode, ext4_writepage_trans_blocks(inode)); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out; } ret = walk_page_buffers(handle, page_bufs, 0, PAGE_CACHE_SIZE, NULL, do_journal_get_write_access); err = walk_page_buffers(handle, page_bufs, 0, PAGE_CACHE_SIZE, NULL, write_end_fn); if (ret == 0) ret = err; err = ext4_journal_stop(handle); if (!ret) ret = err; walk_page_buffers(handle, page_bufs, 0, PAGE_CACHE_SIZE, NULL, bput_one); EXT4_I(inode)->i_state |= EXT4_STATE_JDATA; goto out; out_unlock: unlock_page(page); out: return ret; }",linux-2.6,,,145521107251114684446345219781058423157,0 5756,CWE-190,"static int bson_validate_string( bson *b, const unsigned char *string, const int length, const char check_utf8, const char check_dot, const char check_dollar ) { int position = 0; int sequence_length = 1; if( check_dollar && string[0] == '$' ) { if( !bson_string_is_db_ref( string, length ) ) b->err |= BSON_FIELD_INIT_DOLLAR; } while ( position < length ) { if ( check_dot && *( string + position ) == '.' ) { b->err |= BSON_FIELD_HAS_DOT; } if ( check_utf8 ) { sequence_length = trailingBytesForUTF8[*( string + position )] + 1; if ( ( position + sequence_length ) > length ) { b->err |= BSON_NOT_UTF8; return BSON_ERROR; } if ( !isLegalUTF8( string + position, sequence_length ) ) { b->err |= BSON_NOT_UTF8; return BSON_ERROR; } } position += sequence_length; } return BSON_OK; }",visit repo url,src/encoding.c,https://github.com/10gen-archive/mongo-c-driver-legacy,58638116255208,1 616,CWE-17,"void file_sb_list_add(struct file *file, struct super_block *sb) { if (likely(!(file->f_mode & FMODE_WRITE))) return; if (!S_ISREG(file_inode(file)->i_mode)) return; lg_local_lock(&files_lglock); __file_sb_list_add(file, sb); lg_local_unlock(&files_lglock); }",visit repo url,fs/file_table.c,https://github.com/torvalds/linux,68369806408456,1 801,CWE-20,"static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(kiocb); struct scm_cookie scm; struct sock *sk = sock->sk; struct netlink_sock *nlk = nlk_sk(sk); int noblock = flags&MSG_DONTWAIT; size_t copied; struct sk_buff *skb, *data_skb; int err, ret; if (flags&MSG_OOB) return -EOPNOTSUPP; copied = 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (skb == NULL) goto out; data_skb = skb; #ifdef CONFIG_COMPAT_NETLINK_MESSAGES if (unlikely(skb_shinfo(skb)->frag_list)) { if (flags & MSG_CMSG_COMPAT) data_skb = skb_shinfo(skb)->frag_list; } #endif msg->msg_namelen = 0; copied = data_skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(data_skb); err = skb_copy_datagram_iovec(data_skb, 0, msg->msg_iov, copied); if (msg->msg_name) { struct sockaddr_nl *addr = (struct sockaddr_nl *)msg->msg_name; addr->nl_family = AF_NETLINK; addr->nl_pad = 0; addr->nl_pid = NETLINK_CB(skb).portid; addr->nl_groups = netlink_group_mask(NETLINK_CB(skb).dst_group); msg->msg_namelen = sizeof(*addr); } if (nlk->flags & NETLINK_RECV_PKTINFO) netlink_cmsg_recv_pktinfo(msg, skb); if (NULL == siocb->scm) { memset(&scm, 0, sizeof(scm)); siocb->scm = &scm; } siocb->scm->creds = *NETLINK_CREDS(skb); if (flags & MSG_TRUNC) copied = data_skb->len; skb_free_datagram(sk, skb); if (nlk->cb_running && atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) { ret = netlink_dump(sk); if (ret) { sk->sk_err = ret; sk->sk_error_report(sk); } } scm_recv(sock, msg, siocb->scm, flags); out: netlink_rcv_wake(sk); return err ? : copied; }",visit repo url,net/netlink/af_netlink.c,https://github.com/torvalds/linux,280528127100709,1 669,CWE-20,"static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, struct msghdr *msg, size_t ignored, int flags) { struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct skcipher_ctx *ctx = ask->private; unsigned bs = crypto_ablkcipher_blocksize(crypto_ablkcipher_reqtfm( &ctx->req)); struct skcipher_sg_list *sgl; struct scatterlist *sg; unsigned long iovlen; struct iovec *iov; int err = -EAGAIN; int used; long copied = 0; lock_sock(sk); msg->msg_namelen = 0; for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; iovlen--, iov++) { unsigned long seglen = iov->iov_len; char __user *from = iov->iov_base; while (seglen) { sgl = list_first_entry(&ctx->tsgl, struct skcipher_sg_list, list); sg = sgl->sg; while (!sg->length) sg++; used = ctx->used; if (!used) { err = skcipher_wait_for_data(sk, flags); if (err) goto unlock; } used = min_t(unsigned long, used, seglen); used = af_alg_make_sg(&ctx->rsgl, from, used, 1); err = used; if (err < 0) goto unlock; if (ctx->more || used < ctx->used) used -= used % bs; err = -EINVAL; if (!used) goto free; ablkcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used, ctx->iv); err = af_alg_wait_for_completion( ctx->enc ? crypto_ablkcipher_encrypt(&ctx->req) : crypto_ablkcipher_decrypt(&ctx->req), &ctx->completion); free: af_alg_free_sg(&ctx->rsgl); if (err) goto unlock; copied += used; from += used; seglen -= used; skcipher_pull_sgl(sk, used); } } err = 0; unlock: skcipher_wmem_wakeup(sk); release_sock(sk); return copied ?: err; }",visit repo url,crypto/algif_skcipher.c,https://github.com/torvalds/linux,208261331521689,1 1285,[],"m4_ifelse (struct obstack *obs, int argc, token_data **argv) { const char *result; token_data *argv0; if (argc == 2) return; if (bad_argc (argv[0], argc, 4, -1)) return; else bad_argc (argv[0], (argc + 2) % 3, -1, 1); argv0 = argv[0]; argv++; argc--; result = NULL; while (result == NULL) if (strcmp (ARG (0), ARG (1)) == 0) result = ARG (2); else switch (argc) { case 3: return; case 4: case 5: result = ARG (3); break; default: argc -= 3; argv += 3; } obstack_grow (obs, result, strlen (result)); }",m4,,,237219545201804563405154096458001051615,0 1936,CWE-401,"static ssize_t qrtr_tun_write_iter(struct kiocb *iocb, struct iov_iter *from) { struct file *filp = iocb->ki_filp; struct qrtr_tun *tun = filp->private_data; size_t len = iov_iter_count(from); ssize_t ret; void *kbuf; kbuf = kzalloc(len, GFP_KERNEL); if (!kbuf) return -ENOMEM; if (!copy_from_iter_full(kbuf, len, from)) return -EFAULT; ret = qrtr_endpoint_post(&tun->ep, kbuf, len); return ret < 0 ? ret : len; }",visit repo url,net/qrtr/tun.c,https://github.com/torvalds/linux,89580905324374,1 6277,CWE-770,"setup_secureChannel(void) { TestingPolicy(&dummyPolicy, dummyCertificate, &fCalled, &keySizes); UA_SecureChannel_init(&testChannel, &UA_ConnectionConfig_default); UA_SecureChannel_setSecurityPolicy(&testChannel, &dummyPolicy, &dummyCertificate); testingConnection = createDummyConnection(65535, &sentData); UA_Connection_attachSecureChannel(&testingConnection, &testChannel); testChannel.connection = &testingConnection; testChannel.state = UA_SECURECHANNELSTATE_OPEN; }",visit repo url,tests/check_securechannel.c,https://github.com/open62541/open62541,82264071145218,1 431,[],"pfm_proc_next(struct seq_file *m, void *v, loff_t *pos) { ++*pos; return pfm_proc_start(m, pos); }",linux-2.6,,,146170398663363587895316830940118652762,0 6548,['CWE-200'],"nma_gconf_settings_get_by_connection (NMAGConfSettings *self, NMConnection *connection) { NMAGConfSettingsPrivate *priv; GSList *iter; g_return_val_if_fail (NMA_IS_GCONF_SETTINGS (self), NULL); g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL); priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self); for (iter = priv->connections; iter; iter = iter->next) { NMConnection *wrapped; wrapped = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (iter->data)); if (connection == wrapped) return NMA_GCONF_CONNECTION (iter->data); } return NULL; }",network-manager-applet,,,272665155918460666599634680998084943077,0 1395,[],"static inline int wake_idle(int cpu, struct task_struct *p) { return cpu; }",linux-2.6,,,6353101272045528339731218125318228758,0 947,['CWE-200'],"static void do_shmem_file_read(struct file *filp, loff_t *ppos, read_descriptor_t *desc, read_actor_t actor) { struct inode *inode = filp->f_path.dentry->d_inode; struct address_space *mapping = inode->i_mapping; unsigned long index, offset; index = *ppos >> PAGE_CACHE_SHIFT; offset = *ppos & ~PAGE_CACHE_MASK; for (;;) { struct page *page = NULL; unsigned long end_index, nr, ret; loff_t i_size = i_size_read(inode); end_index = i_size >> PAGE_CACHE_SHIFT; if (index > end_index) break; if (index == end_index) { nr = i_size & ~PAGE_CACHE_MASK; if (nr <= offset) break; } desc->error = shmem_getpage(inode, index, &page, SGP_READ, NULL); if (desc->error) { if (desc->error == -EINVAL) desc->error = 0; break; } nr = PAGE_CACHE_SIZE; i_size = i_size_read(inode); end_index = i_size >> PAGE_CACHE_SHIFT; if (index == end_index) { nr = i_size & ~PAGE_CACHE_MASK; if (nr <= offset) { if (page) page_cache_release(page); break; } } nr -= offset; if (page) { if (mapping_writably_mapped(mapping)) flush_dcache_page(page); if (!offset) mark_page_accessed(page); } else { page = ZERO_PAGE(0); page_cache_get(page); } ret = actor(desc, page, offset, nr); offset += ret; index += offset >> PAGE_CACHE_SHIFT; offset &= ~PAGE_CACHE_MASK; page_cache_release(page); if (ret != nr || !desc->count) break; cond_resched(); } *ppos = ((loff_t) index << PAGE_CACHE_SHIFT) + offset; file_accessed(filp); }",linux-2.6,,,64757569846201093770194895696612708471,0 6590,CWE-787,"static RzList *strings(RzBinFile *bf) { if (!bf) { return NULL; } LuacBinInfo *bin_info_obj = GET_INTERNAL_BIN_INFO_OBJ(bf); if (!bin_info_obj) { return NULL; } return bin_info_obj->string_list; }",visit repo url,librz/bin/p/bin_luac.c,https://github.com/rizinorg/rizin,29835736840228,1 6193,CWE-190,"void fp_prime_set_pmers(const int *f, int len) { bn_t p, t; bn_null(p); bn_null(t); RLC_TRY { bn_new(p); bn_new(t); if (len >= RLC_TERMS) { RLC_THROW(ERR_NO_VALID); return; } bn_set_2b(p, f[len - 1]); for (int i = len - 2; i > 0; i--) { if (f[i] > 0) { bn_set_2b(t, f[i]); bn_add(p, p, t); } else { bn_set_2b(t, -f[i]); bn_sub(p, p, t); } } if (f[0] > 0) { bn_add_dig(p, p, f[0]); } else { bn_sub_dig(p, p, -f[0]); } #if FP_RDC == QUICK || !defined(STRIP) ctx_t *ctx = core_get(); for (int i = 0; i < len; i++) { ctx->sps[i] = f[i]; } ctx->sps[len] = 0; ctx->sps_len = len; #endif fp_prime_set(p); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(p); bn_free(t); } }",visit repo url,src/fp/relic_fp_prime.c,https://github.com/relic-toolkit/relic,223633943506056,1 925,['CWE-200'],"static void shmem_delete_inode(struct inode *inode) { struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb); struct shmem_inode_info *info = SHMEM_I(inode); if (inode->i_op->truncate == shmem_truncate) { truncate_inode_pages(inode->i_mapping, 0); shmem_unacct_size(info->flags, inode->i_size); inode->i_size = 0; shmem_truncate(inode); if (!list_empty(&info->swaplist)) { spin_lock(&shmem_swaplist_lock); list_del_init(&info->swaplist); spin_unlock(&shmem_swaplist_lock); } } BUG_ON(inode->i_blocks); if (sbinfo->max_inodes) { spin_lock(&sbinfo->stat_lock); sbinfo->free_inodes++; spin_unlock(&sbinfo->stat_lock); } clear_inode(inode); }",linux-2.6,,,335161305794098255568675039013446039765,0 1945,['CWE-20'],"static int do_linear_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, int write_access, pte_t orig_pte) { pgoff_t pgoff = (((address & PAGE_MASK) - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; unsigned int flags = (write_access ? FAULT_FLAG_WRITE : 0); pte_unmap(page_table); return __do_fault(mm, vma, address, pmd, pgoff, flags, orig_pte); }",linux-2.6,,,7803898098435196373587896914742561657,0 6520,CWE-476,"MOBI_RET mobi_build_opf_metadata(OPF *opf, const MOBIData *m, const MOBIRawml *rawml) { if (m == NULL) { debug_print(""%s\n"", ""Initialization failed""); return MOBI_INIT_FAILED; } opf->metadata = calloc(1, sizeof(OPFmetadata)); if (opf->metadata == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } opf->metadata->meta = calloc(OPF_META_MAX_TAGS, sizeof(OPFmeta*)); if (opf->metadata->meta == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } opf->metadata->dc_meta = calloc(1, sizeof(OPFdcmeta)); if (opf->metadata->dc_meta == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } opf->metadata->x_meta = calloc(1, sizeof(OPFxmeta)); if (opf->metadata->x_meta == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } if (m->eh) { MOBI_RET ret = mobi_get_opf_from_exth(opf->metadata, m); if (ret != MOBI_SUCCESS) { return ret; } } if (opf->metadata->dc_meta->identifier == NULL) { char uid_string[11] = ""0""; if (m->mh && m->mh->uid) { snprintf(uid_string, 11, ""%u"", *m->mh->uid); } mobi_opf_set_tagtype(OPFidentifier, opf->metadata->dc_meta->identifier, value, uid_string); mobi_opf_set_tagtype(OPFidentifier, opf->metadata->dc_meta->identifier, id, ""uid""); } else { opf->metadata->dc_meta->identifier[0]->id = strdup(""uid""); } if (opf->metadata->dc_meta->title == NULL) { opf->metadata->dc_meta->title = calloc(OPF_META_MAX_TAGS, sizeof(char*)); if (opf->metadata->dc_meta->title == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } char *title = mobi_meta_get_title(m); if (title == NULL) { title = strdup(""Unknown""); } opf->metadata->dc_meta->title[0] = title; } if (opf->metadata->dc_meta->language == NULL) { opf->metadata->dc_meta->language = calloc(OPF_META_MAX_TAGS, sizeof(char*)); if (opf->metadata->dc_meta->language == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } const char *lang_string = NULL; if (m->mh && m->mh->locale) { uint32_t lang_code = *m->mh->locale; lang_string = mobi_get_locale_string(lang_code); } if (lang_string) { opf->metadata->dc_meta->language[0] = strdup(lang_string); } else { opf->metadata->dc_meta->language[0] = strdup(""en""); } } if (mobi_is_dictionary(m)) { if (opf->metadata->x_meta->dictionary_in_lang == NULL) { if (m->mh && m->mh->dict_input_lang) { opf->metadata->x_meta->dictionary_in_lang = calloc(OPF_META_MAX_TAGS, sizeof(char*)); if (opf->metadata->x_meta->dictionary_in_lang == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } uint32_t dict_lang_in = *m->mh->dict_input_lang; opf->metadata->x_meta->dictionary_in_lang[0] = strdup(mobi_get_locale_string(dict_lang_in)); } } if (opf->metadata->x_meta->dictionary_out_lang == NULL) { if (m->mh && m->mh->dict_output_lang) { opf->metadata->x_meta->dictionary_out_lang = calloc(OPF_META_MAX_TAGS, sizeof(char*)); if (opf->metadata->x_meta->dictionary_out_lang == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } uint32_t dict_lang_in = *m->mh->dict_output_lang; opf->metadata->x_meta->dictionary_out_lang[0] = strdup(mobi_get_locale_string(dict_lang_in)); } } if (rawml->orth->orth_index_name) { opf->metadata->x_meta->default_lookup_index = calloc(OPF_META_MAX_TAGS, sizeof(char*)); if (opf->metadata->x_meta->default_lookup_index == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } opf->metadata->x_meta->default_lookup_index[0] = strdup(rawml->orth->orth_index_name); } } return MOBI_SUCCESS; }",visit repo url,src/opf.c,https://github.com/bfabiszewski/libmobi,72360428931876,1 238,CWE-119,"static long vfio_pci_ioctl(void *device_data, unsigned int cmd, unsigned long arg) { struct vfio_pci_device *vdev = device_data; unsigned long minsz; if (cmd == VFIO_DEVICE_GET_INFO) { struct vfio_device_info info; minsz = offsetofend(struct vfio_device_info, num_irqs); if (copy_from_user(&info, (void __user *)arg, minsz)) return -EFAULT; if (info.argsz < minsz) return -EINVAL; info.flags = VFIO_DEVICE_FLAGS_PCI; if (vdev->reset_works) info.flags |= VFIO_DEVICE_FLAGS_RESET; info.num_regions = VFIO_PCI_NUM_REGIONS + vdev->num_regions; info.num_irqs = VFIO_PCI_NUM_IRQS; return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } else if (cmd == VFIO_DEVICE_GET_REGION_INFO) { struct pci_dev *pdev = vdev->pdev; struct vfio_region_info info; struct vfio_info_cap caps = { .buf = NULL, .size = 0 }; int i, ret; minsz = offsetofend(struct vfio_region_info, offset); if (copy_from_user(&info, (void __user *)arg, minsz)) return -EFAULT; if (info.argsz < minsz) return -EINVAL; switch (info.index) { case VFIO_PCI_CONFIG_REGION_INDEX: info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = pdev->cfg_size; info.flags = VFIO_REGION_INFO_FLAG_READ | VFIO_REGION_INFO_FLAG_WRITE; break; case VFIO_PCI_BAR0_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX: info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = pci_resource_len(pdev, info.index); if (!info.size) { info.flags = 0; break; } info.flags = VFIO_REGION_INFO_FLAG_READ | VFIO_REGION_INFO_FLAG_WRITE; if (vdev->bar_mmap_supported[info.index]) { info.flags |= VFIO_REGION_INFO_FLAG_MMAP; if (info.index == vdev->msix_bar) { ret = msix_sparse_mmap_cap(vdev, &caps); if (ret) return ret; } } break; case VFIO_PCI_ROM_REGION_INDEX: { void __iomem *io; size_t size; info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.flags = 0; info.size = pci_resource_len(pdev, info.index); if (!info.size) { if (pdev->resource[PCI_ROM_RESOURCE].flags & IORESOURCE_ROM_SHADOW) info.size = 0x20000; else break; } io = pci_map_rom(pdev, &size); if (!io || !size) { info.size = 0; break; } pci_unmap_rom(pdev, io); info.flags = VFIO_REGION_INFO_FLAG_READ; break; } case VFIO_PCI_VGA_REGION_INDEX: if (!vdev->has_vga) return -EINVAL; info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = 0xc0000; info.flags = VFIO_REGION_INFO_FLAG_READ | VFIO_REGION_INFO_FLAG_WRITE; break; default: if (info.index >= VFIO_PCI_NUM_REGIONS + vdev->num_regions) return -EINVAL; i = info.index - VFIO_PCI_NUM_REGIONS; info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = vdev->region[i].size; info.flags = vdev->region[i].flags; ret = region_type_cap(vdev, &caps, vdev->region[i].type, vdev->region[i].subtype); if (ret) return ret; } if (caps.size) { info.flags |= VFIO_REGION_INFO_FLAG_CAPS; if (info.argsz < sizeof(info) + caps.size) { info.argsz = sizeof(info) + caps.size; info.cap_offset = 0; } else { vfio_info_cap_shift(&caps, sizeof(info)); if (copy_to_user((void __user *)arg + sizeof(info), caps.buf, caps.size)) { kfree(caps.buf); return -EFAULT; } info.cap_offset = sizeof(info); } kfree(caps.buf); } return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } else if (cmd == VFIO_DEVICE_GET_IRQ_INFO) { struct vfio_irq_info info; minsz = offsetofend(struct vfio_irq_info, count); if (copy_from_user(&info, (void __user *)arg, minsz)) return -EFAULT; if (info.argsz < minsz || info.index >= VFIO_PCI_NUM_IRQS) return -EINVAL; switch (info.index) { case VFIO_PCI_INTX_IRQ_INDEX ... VFIO_PCI_MSIX_IRQ_INDEX: case VFIO_PCI_REQ_IRQ_INDEX: break; case VFIO_PCI_ERR_IRQ_INDEX: if (pci_is_pcie(vdev->pdev)) break; default: return -EINVAL; } info.flags = VFIO_IRQ_INFO_EVENTFD; info.count = vfio_pci_get_irq_count(vdev, info.index); if (info.index == VFIO_PCI_INTX_IRQ_INDEX) info.flags |= (VFIO_IRQ_INFO_MASKABLE | VFIO_IRQ_INFO_AUTOMASKED); else info.flags |= VFIO_IRQ_INFO_NORESIZE; return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } else if (cmd == VFIO_DEVICE_SET_IRQS) { struct vfio_irq_set hdr; u8 *data = NULL; int ret = 0; minsz = offsetofend(struct vfio_irq_set, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; if (hdr.argsz < minsz || hdr.index >= VFIO_PCI_NUM_IRQS || hdr.flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK | VFIO_IRQ_SET_ACTION_TYPE_MASK)) return -EINVAL; if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) { size_t size; int max = vfio_pci_get_irq_count(vdev, hdr.index); if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL) size = sizeof(uint8_t); else if (hdr.flags & VFIO_IRQ_SET_DATA_EVENTFD) size = sizeof(int32_t); else return -EINVAL; if (hdr.argsz - minsz < hdr.count * size || hdr.start >= max || hdr.start + hdr.count > max) return -EINVAL; data = memdup_user((void __user *)(arg + minsz), hdr.count * size); if (IS_ERR(data)) return PTR_ERR(data); } mutex_lock(&vdev->igate); ret = vfio_pci_set_irqs_ioctl(vdev, hdr.flags, hdr.index, hdr.start, hdr.count, data); mutex_unlock(&vdev->igate); kfree(data); return ret; } else if (cmd == VFIO_DEVICE_RESET) { return vdev->reset_works ? pci_try_reset_function(vdev->pdev) : -EINVAL; } else if (cmd == VFIO_DEVICE_GET_PCI_HOT_RESET_INFO) { struct vfio_pci_hot_reset_info hdr; struct vfio_pci_fill_info fill = { 0 }; struct vfio_pci_dependent_device *devices = NULL; bool slot = false; int ret = 0; minsz = offsetofend(struct vfio_pci_hot_reset_info, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; if (hdr.argsz < minsz) return -EINVAL; hdr.flags = 0; if (!pci_probe_reset_slot(vdev->pdev->slot)) slot = true; else if (pci_probe_reset_bus(vdev->pdev->bus)) return -ENODEV; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_count_devs, &fill.max, slot); if (ret) return ret; WARN_ON(!fill.max); if (hdr.argsz < sizeof(hdr) + (fill.max * sizeof(*devices))) { ret = -ENOSPC; hdr.count = fill.max; goto reset_info_exit; } devices = kcalloc(fill.max, sizeof(*devices), GFP_KERNEL); if (!devices) return -ENOMEM; fill.devices = devices; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_fill_devs, &fill, slot); if (!ret) hdr.count = fill.cur; reset_info_exit: if (copy_to_user((void __user *)arg, &hdr, minsz)) ret = -EFAULT; if (!ret) { if (copy_to_user((void __user *)(arg + minsz), devices, hdr.count * sizeof(*devices))) ret = -EFAULT; } kfree(devices); return ret; } else if (cmd == VFIO_DEVICE_PCI_HOT_RESET) { struct vfio_pci_hot_reset hdr; int32_t *group_fds; struct vfio_pci_group_entry *groups; struct vfio_pci_group_info info; bool slot = false; int i, count = 0, ret = 0; minsz = offsetofend(struct vfio_pci_hot_reset, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; if (hdr.argsz < minsz || hdr.flags) return -EINVAL; if (!pci_probe_reset_slot(vdev->pdev->slot)) slot = true; else if (pci_probe_reset_bus(vdev->pdev->bus)) return -ENODEV; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_count_devs, &count, slot); if (ret) return ret; if (!hdr.count || hdr.count > count) return -EINVAL; group_fds = kcalloc(hdr.count, sizeof(*group_fds), GFP_KERNEL); groups = kcalloc(hdr.count, sizeof(*groups), GFP_KERNEL); if (!group_fds || !groups) { kfree(group_fds); kfree(groups); return -ENOMEM; } if (copy_from_user(group_fds, (void __user *)(arg + minsz), hdr.count * sizeof(*group_fds))) { kfree(group_fds); kfree(groups); return -EFAULT; } for (i = 0; i < hdr.count; i++) { struct vfio_group *group; struct fd f = fdget(group_fds[i]); if (!f.file) { ret = -EBADF; break; } group = vfio_group_get_external_user(f.file); fdput(f); if (IS_ERR(group)) { ret = PTR_ERR(group); break; } groups[i].group = group; groups[i].id = vfio_external_user_iommu_id(group); } kfree(group_fds); if (ret) goto hot_reset_release; info.count = hdr.count; info.groups = groups; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_validate_devs, &info, slot); if (!ret) ret = slot ? pci_try_reset_slot(vdev->pdev->slot) : pci_try_reset_bus(vdev->pdev->bus); hot_reset_release: for (i--; i >= 0; i--) vfio_group_put_external_user(groups[i].group); kfree(groups); return ret; } return -ENOTTY; }",visit repo url,drivers/vfio/pci/vfio_pci.c,https://github.com/torvalds/linux,69856396326648,1 4727,['CWE-20'],"__u32 ext4_itable_unused_count(struct super_block *sb, struct ext4_group_desc *bg) { return le16_to_cpu(bg->bg_itable_unused_lo) | (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT ? (__u32)le16_to_cpu(bg->bg_itable_unused_hi) << 16 : 0); }",linux-2.6,,,233276069207500437989358991973936837936,0 195,[],"static int atalk_create(struct socket *sock, int protocol) { struct sock *sk; struct atalk_sock *at; int rc = -ESOCKTNOSUPPORT; if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM) goto out; rc = -ENOMEM; sk = sk_alloc(PF_APPLETALK, GFP_KERNEL, 1, NULL); if (!sk) goto out; at = at_sk(sk) = kmalloc(sizeof(*at), GFP_KERNEL); if (!at) goto outsk; rc = 0; sock->ops = &atalk_dgram_ops; sock_init_data(sock, sk); sk_set_owner(sk, THIS_MODULE); sk->sk_zapped = 1; out: return rc; outsk: sk_free(sk); goto out; }",history,,,62049636751351637621137865125651382843,0 1251,[],"define_user_macro (const char *name, const char *text, symbol_lookup mode) { symbol *s; char *defn = xstrdup (text ? text : """"); s = lookup_symbol (name, mode); if (SYMBOL_TYPE (s) == TOKEN_TEXT) free (SYMBOL_TEXT (s)); SYMBOL_TYPE (s) = TOKEN_TEXT; SYMBOL_TEXT (s) = defn; if (macro_sequence_inuse && text) { regoff_t offset = 0; size_t len = strlen (defn); while ((offset = re_search (¯o_sequence_buf, defn, len, offset, len - offset, ¯o_sequence_regs)) >= 0) { if (macro_sequence_regs.start[0] == macro_sequence_regs.end[0]) offset++; else { char tmp; offset = macro_sequence_regs.end[0]; tmp = defn[offset]; defn[offset] = '\0'; M4ERROR ((warning_status, 0, ""Warning: definition of `%s' contains sequence `%s'"", name, defn + macro_sequence_regs.start[0])); defn[offset] = tmp; } } if (offset == -2) M4ERROR ((warning_status, 0, ""error checking --warn-macro-sequence for macro `%s'"", name)); } }",m4,,,317519176958010507059904648855752245450,0 318,CWE-190,"int mem_check_range(struct rxe_mem *mem, u64 iova, size_t length) { switch (mem->type) { case RXE_MEM_TYPE_DMA: return 0; case RXE_MEM_TYPE_MR: case RXE_MEM_TYPE_FMR: return ((iova < mem->iova) || ((iova + length) > (mem->iova + mem->length))) ? -EFAULT : 0; default: return -EFAULT; } }",visit repo url,drivers/infiniband/sw/rxe/rxe_mr.c,https://github.com/torvalds/linux,240993513339085,1 4916,['CWE-20'],"static inline int nfs_reval_fsid(struct inode *dir, const struct nfs_fattr *fattr) { struct nfs_server *server = NFS_SERVER(dir); if (!nfs_fsid_equal(&server->fsid, &fattr->fsid)) return __nfs_revalidate_inode(server, dir); return 0; }",linux-2.6,,,270034016774208406704716169572951994066,0 751,CWE-20,"int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *address, int mode) { int size, ct, err; if (m->msg_namelen) { if (mode == VERIFY_READ) { void __user *namep; namep = (void __user __force *) m->msg_name; err = move_addr_to_kernel(namep, m->msg_namelen, address); if (err < 0) return err; } m->msg_name = address; } else { m->msg_name = NULL; } size = m->msg_iovlen * sizeof(struct iovec); if (copy_from_user(iov, (void __user __force *) m->msg_iov, size)) return -EFAULT; m->msg_iov = iov; err = 0; for (ct = 0; ct < m->msg_iovlen; ct++) { size_t len = iov[ct].iov_len; if (len > INT_MAX - err) { len = INT_MAX - err; iov[ct].iov_len = len; } err += len; } return err; }",visit repo url,net/core/iovec.c,https://github.com/torvalds/linux,95000477302680,1 4213,['CWE-399'],"void dev_shutdown(struct net_device *dev) { struct Qdisc *qdisc; qdisc_lock_tree(dev); qdisc = dev->qdisc_sleeping; dev->qdisc = &noop_qdisc; dev->qdisc_sleeping = &noop_qdisc; qdisc_destroy(qdisc); #if defined(CONFIG_NET_SCH_INGRESS) || defined(CONFIG_NET_SCH_INGRESS_MODULE) if ((qdisc = dev->qdisc_ingress) != NULL) { dev->qdisc_ingress = NULL; qdisc_destroy(qdisc); } #endif BUG_TRAP(!timer_pending(&dev->watchdog_timer)); qdisc_unlock_tree(dev); }",linux-2.6,,,208081035139201435089281879057328522542,0 2042,NVD-CWE-noinfo,"void sas_unregister_dev(struct asd_sas_port *port, struct domain_device *dev) { if (!test_bit(SAS_DEV_DESTROY, &dev->state) && !list_empty(&dev->disco_list_node)) { list_del_init(&dev->disco_list_node); sas_rphy_free(dev->rphy); sas_unregister_common_dev(port, dev); return; } if (!test_and_set_bit(SAS_DEV_DESTROY, &dev->state)) { sas_rphy_unlink(dev->rphy); list_move_tail(&dev->disco_list_node, &port->destroy_list); sas_discover_event(dev->port, DISCE_DESTRUCT); } }",visit repo url,drivers/scsi/libsas/sas_discover.c,https://github.com/torvalds/linux,166835146327544,1 1947,['CWE-20'],"static int do_pages_stat(struct mm_struct *mm, struct page_to_node *pm) { down_read(&mm->mmap_sem); for ( ; pm->node != MAX_NUMNODES; pm++) { struct vm_area_struct *vma; struct page *page; int err; err = -EFAULT; vma = find_vma(mm, pm->addr); if (!vma) goto set_status; page = follow_page(vma, pm->addr, 0); err = PTR_ERR(page); if (IS_ERR(page)) goto set_status; err = -ENOENT; if (!page || PageReserved(page)) goto set_status; err = page_to_nid(page); set_status: pm->status = err; } up_read(&mm->mmap_sem); return 0; }",linux-2.6,,,27325495020576491860838455712926736742,0 2604,['CWE-189'],"static int dccp_setsockopt_change(struct sock *sk, int type, struct dccp_so_feat __user *optval) { struct dccp_so_feat opt; u8 *val; int rc; if (copy_from_user(&opt, optval, sizeof(opt))) return -EFAULT; if (opt.dccpsf_len < 1) return -EINVAL; val = kmalloc(opt.dccpsf_len, GFP_KERNEL); if (!val) return -ENOMEM; if (copy_from_user(val, opt.dccpsf_val, opt.dccpsf_len)) { rc = -EFAULT; goto out_free_val; } rc = dccp_feat_change(dccp_msk(sk), type, opt.dccpsf_feat, val, opt.dccpsf_len, GFP_KERNEL); if (rc) goto out_free_val; out: return rc; out_free_val: kfree(val); goto out; }",linux-2.6,,,78779612884963753154791824378443907712,0 4845,CWE-119,"static int read_public_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I1012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_public_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,241413677709066,1 3584,['CWE-20'],"sctp_disposition_t sctp_sf_do_ecn_cwr(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { sctp_cwrhdr_t *cwr; struct sctp_chunk *chunk = arg; u32 lowest_tsn; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_ecne_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); cwr = (sctp_cwrhdr_t *) chunk->skb->data; skb_pull(chunk->skb, sizeof(sctp_cwrhdr_t)); lowest_tsn = ntohl(cwr->lowest_tsn); if (TSN_lte(asoc->last_ecne_tsn, lowest_tsn)) { sctp_add_cmd_sf(commands, SCTP_CMD_ECN_CWR, SCTP_U32(lowest_tsn)); } return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,168282732406552266837431729118885397484,0 1516,[],"void __kprobes sub_preempt_count(int val) { if (DEBUG_LOCKS_WARN_ON(val > preempt_count())) return; if (DEBUG_LOCKS_WARN_ON((val < PREEMPT_MASK) && !(preempt_count() & PREEMPT_MASK))) return; preempt_count() -= val; }",linux-2.6,,,165535745529453879383628139784614446199,0 3548,['CWE-20'],"sctp_disposition_t sctp_sf_t1_cookie_timer_expire(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *repl = NULL; int attempts = asoc->init_err_counter + 1; SCTP_DEBUG_PRINTK(""Timer T1 expired (COOKIE-ECHO).\n""); SCTP_INC_STATS(SCTP_MIB_T1_COOKIE_EXPIREDS); if (attempts <= asoc->max_init_attempts) { repl = sctp_make_cookie_echo(asoc, NULL); if (!repl) return SCTP_DISPOSITION_NOMEM; sctp_add_cmd_sf(commands, SCTP_CMD_COOKIEECHO_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); } else { sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ETIMEDOUT)); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, SCTP_PERR(SCTP_ERROR_NO_ERROR)); return SCTP_DISPOSITION_DELETE_TCB; } return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,110524632874864485996495609896124998961,0 4111,CWE-119,"commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *)) { struct commonio_entry **entries, *ptr; size_t n = 0, i; #if KEEP_NIS_AT_END struct commonio_entry *nis = NULL; #endif for (ptr = db->head; (NULL != ptr) #if KEEP_NIS_AT_END && (NULL != ptr->line) && ( ('+' != ptr->line[0]) && ('-' != ptr->line[0])) #endif ; ptr = ptr->next) { n++; } #if KEEP_NIS_AT_END if ((NULL != ptr) && (NULL != ptr->line)) { nis = ptr; } #endif if (n <= 1) { return 0; } entries = malloc (n * sizeof (struct commonio_entry *)); if (entries == NULL) { return -1; } n = 0; for (ptr = db->head; #if KEEP_NIS_AT_END nis != ptr; #else NULL != ptr; #endif ptr = ptr->next ) { entries[n] = ptr; n++; } qsort (entries, n, sizeof (struct commonio_entry *), cmp); db->head = entries[0]; n--; #if KEEP_NIS_AT_END if (NULL == nis) #endif { db->tail = entries[n]; } db->head->prev = NULL; db->head->next = entries[1]; entries[n]->prev = entries[n - 1]; #if KEEP_NIS_AT_END entries[n]->next = nis; #else entries[n]->next = NULL; #endif for (i = 1; i < n; i++) { entries[i]->prev = entries[i - 1]; entries[i]->next = entries[i + 1]; } free (entries); db->changed = true; return 0; }",visit repo url,lib/commonio.c,https://github.com/shadow-maint/shadow,193169864439640,1 4554,['CWE-20'],"dx_probe(const struct qstr *d_name, struct inode *dir, struct dx_hash_info *hinfo, struct dx_frame *frame_in, int *err) { unsigned count, indirect; struct dx_entry *at, *entries, *p, *q, *m; struct dx_root *root; struct buffer_head *bh; struct dx_frame *frame = frame_in; u32 hash; frame->bh = NULL; if (!(bh = ext4_bread (NULL,dir, 0, 0, err))) goto fail; root = (struct dx_root *) bh->b_data; if (root->info.hash_version != DX_HASH_TEA && root->info.hash_version != DX_HASH_HALF_MD4 && root->info.hash_version != DX_HASH_LEGACY) { ext4_warning(dir->i_sb, __func__, ""Unrecognised inode hash code %d"", root->info.hash_version); brelse(bh); *err = ERR_BAD_DX_DIR; goto fail; } hinfo->hash_version = root->info.hash_version; if (hinfo->hash_version <= DX_HASH_TEA) hinfo->hash_version += EXT4_SB(dir->i_sb)->s_hash_unsigned; hinfo->seed = EXT4_SB(dir->i_sb)->s_hash_seed; if (d_name) ext4fs_dirhash(d_name->name, d_name->len, hinfo); hash = hinfo->hash; if (root->info.unused_flags & 1) { ext4_warning(dir->i_sb, __func__, ""Unimplemented inode hash flags: %#06x"", root->info.unused_flags); brelse(bh); *err = ERR_BAD_DX_DIR; goto fail; } if ((indirect = root->info.indirect_levels) > 1) { ext4_warning(dir->i_sb, __func__, ""Unimplemented inode hash depth: %#06x"", root->info.indirect_levels); brelse(bh); *err = ERR_BAD_DX_DIR; goto fail; } entries = (struct dx_entry *) (((char *)&root->info) + root->info.info_length); if (dx_get_limit(entries) != dx_root_limit(dir, root->info.info_length)) { ext4_warning(dir->i_sb, __func__, ""dx entry: limit != root limit""); brelse(bh); *err = ERR_BAD_DX_DIR; goto fail; } dxtrace(printk(""Look up %x"", hash)); while (1) { count = dx_get_count(entries); if (!count || count > dx_get_limit(entries)) { ext4_warning(dir->i_sb, __func__, ""dx entry: no count or count > limit""); brelse(bh); *err = ERR_BAD_DX_DIR; goto fail2; } p = entries + 1; q = entries + count - 1; while (p <= q) { m = p + (q - p)/2; dxtrace(printk(""."")); if (dx_get_hash(m) > hash) q = m - 1; else p = m + 1; } if (0) { unsigned n = count - 1; at = entries; while (n--) { dxtrace(printk("","")); if (dx_get_hash(++at) > hash) { at--; break; } } assert (at == p - 1); } at = p - 1; dxtrace(printk("" %x->%u\n"", at == entries? 0: dx_get_hash(at), dx_get_block(at))); frame->bh = bh; frame->entries = entries; frame->at = at; if (!indirect--) return frame; if (!(bh = ext4_bread (NULL,dir, dx_get_block(at), 0, err))) goto fail2; at = entries = ((struct dx_node *) bh->b_data)->entries; if (dx_get_limit(entries) != dx_node_limit (dir)) { ext4_warning(dir->i_sb, __func__, ""dx entry: limit != node limit""); brelse(bh); *err = ERR_BAD_DX_DIR; goto fail2; } frame++; frame->bh = NULL; } fail2: while (frame >= frame_in) { brelse(frame->bh); frame--; } fail: if (*err == ERR_BAD_DX_DIR) ext4_warning(dir->i_sb, __func__, ""Corrupt dir inode %ld, running e2fsck is "" ""recommended."", dir->i_ino); return NULL; }",linux-2.6,,,110990741039037205504005792152579195480,0 758,CWE-20,"static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct ipx_sock *ipxs = ipx_sk(sk); struct sockaddr_ipx *sipx = (struct sockaddr_ipx *)msg->msg_name; struct ipxhdr *ipx = NULL; struct sk_buff *skb; int copied, rc; lock_sock(sk); if (!ipxs->port) { struct sockaddr_ipx uaddr; uaddr.sipx_port = 0; uaddr.sipx_network = 0; #ifdef CONFIG_IPX_INTERN rc = -ENETDOWN; if (!ipxs->intrfc) goto out; memcpy(uaddr.sipx_node, ipxs->intrfc->if_node, IPX_NODE_LEN); #endif rc = __ipx_bind(sock, (struct sockaddr *)&uaddr, sizeof(struct sockaddr_ipx)); if (rc) goto out; } rc = -ENOTCONN; if (sock_flag(sk, SOCK_ZAPPED)) goto out; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); if (!skb) goto out; ipx = ipx_hdr(skb); copied = ntohs(ipx->ipx_pktsize) - sizeof(struct ipxhdr); if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } rc = skb_copy_datagram_iovec(skb, sizeof(struct ipxhdr), msg->msg_iov, copied); if (rc) goto out_free; if (skb->tstamp.tv64) sk->sk_stamp = skb->tstamp; msg->msg_namelen = sizeof(*sipx); if (sipx) { sipx->sipx_family = AF_IPX; sipx->sipx_port = ipx->ipx_source.sock; memcpy(sipx->sipx_node, ipx->ipx_source.node, IPX_NODE_LEN); sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net; sipx->sipx_type = ipx->ipx_type; sipx->sipx_zero = 0; } rc = copied; out_free: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/ipx/af_ipx.c,https://github.com/torvalds/linux,233280970032934,1 4882,CWE-119,"static int asn1_decode_entry(sc_context_t *ctx,struct sc_asn1_entry *entry, const u8 *obj, size_t objlen, int depth) { void *parm = entry->parm; int (*callback_func)(sc_context_t *nctx, void *arg, const u8 *nobj, size_t nobjlen, int ndepth); size_t *len = (size_t *) entry->arg; int r = 0; callback_func = parm; sc_debug(ctx, SC_LOG_DEBUG_ASN1, ""%*.*sdecoding '%s', raw data:%s%s\n"", depth, depth, """", entry->name, sc_dump_hex(obj, objlen > 16 ? 16 : objlen), objlen > 16 ? ""..."" : """"); switch (entry->type) { case SC_ASN1_STRUCT: if (parm != NULL) r = asn1_decode(ctx, (struct sc_asn1_entry *) parm, obj, objlen, NULL, NULL, 0, depth + 1); break; case SC_ASN1_NULL: break; case SC_ASN1_BOOLEAN: if (parm != NULL) { if (objlen != 1) { sc_debug(ctx, SC_LOG_DEBUG_ASN1, ""invalid ASN.1 object length: %""SC_FORMAT_LEN_SIZE_T""u\n"", objlen); r = SC_ERROR_INVALID_ASN1_OBJECT; } else *((int *) parm) = obj[0] ? 1 : 0; } break; case SC_ASN1_INTEGER: case SC_ASN1_ENUMERATED: if (parm != NULL) { r = sc_asn1_decode_integer(obj, objlen, (int *) entry->parm); sc_debug(ctx, SC_LOG_DEBUG_ASN1, ""%*.*sdecoding '%s' returned %d\n"", depth, depth, """", entry->name, *((int *) entry->parm)); } break; case SC_ASN1_BIT_STRING_NI: case SC_ASN1_BIT_STRING: if (parm != NULL) { int invert = entry->type == SC_ASN1_BIT_STRING ? 1 : 0; assert(len != NULL); if (objlen < 1) { r = SC_ERROR_INVALID_ASN1_OBJECT; break; } if (entry->flags & SC_ASN1_ALLOC) { u8 **buf = (u8 **) parm; *buf = malloc(objlen-1); if (*buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; } *len = objlen-1; parm = *buf; } r = decode_bit_string(obj, objlen, (u8 *) parm, *len, invert); if (r >= 0) { *len = r; r = 0; } } break; case SC_ASN1_BIT_FIELD: if (parm != NULL) r = decode_bit_field(obj, objlen, (u8 *) parm, *len); break; case SC_ASN1_OCTET_STRING: if (parm != NULL) { size_t c; assert(len != NULL); if ((entry->flags & SC_ASN1_UNSIGNED) && obj[0] == 0x00 && objlen > 1) { objlen--; obj++; } if (entry->flags & SC_ASN1_ALLOC) { u8 **buf = (u8 **) parm; *buf = malloc(objlen); if (*buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; } c = *len = objlen; parm = *buf; } else c = objlen > *len ? *len : objlen; memcpy(parm, obj, c); *len = c; } break; case SC_ASN1_GENERALIZEDTIME: if (parm != NULL) { size_t c; assert(len != NULL); if (entry->flags & SC_ASN1_ALLOC) { u8 **buf = (u8 **) parm; *buf = malloc(objlen); if (*buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; } c = *len = objlen; parm = *buf; } else c = objlen > *len ? *len : objlen; memcpy(parm, obj, c); *len = c; } break; case SC_ASN1_OBJECT: if (parm != NULL) r = sc_asn1_decode_object_id(obj, objlen, (struct sc_object_id *) parm); break; case SC_ASN1_PRINTABLESTRING: case SC_ASN1_UTF8STRING: if (parm != NULL) { assert(len != NULL); if (entry->flags & SC_ASN1_ALLOC) { u8 **buf = (u8 **) parm; *buf = malloc(objlen+1); if (*buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; break; } *len = objlen+1; parm = *buf; } r = sc_asn1_decode_utf8string(obj, objlen, (u8 *) parm, len); if (entry->flags & SC_ASN1_ALLOC) { *len -= 1; } } break; case SC_ASN1_PATH: if (entry->parm != NULL) r = asn1_decode_path(ctx, obj, objlen, (sc_path_t *) parm, depth); break; case SC_ASN1_PKCS15_ID: if (entry->parm != NULL) { struct sc_pkcs15_id *id = (struct sc_pkcs15_id *) parm; size_t c = objlen > sizeof(id->value) ? sizeof(id->value) : objlen; memcpy(id->value, obj, c); id->len = c; } break; case SC_ASN1_PKCS15_OBJECT: if (entry->parm != NULL) r = asn1_decode_p15_object(ctx, obj, objlen, (struct sc_asn1_pkcs15_object *) parm, depth); break; case SC_ASN1_ALGORITHM_ID: if (entry->parm != NULL) r = sc_asn1_decode_algorithm_id(ctx, obj, objlen, (struct sc_algorithm_id *) parm, depth); break; case SC_ASN1_SE_INFO: if (entry->parm != NULL) r = asn1_decode_se_info(ctx, obj, objlen, (sc_pkcs15_sec_env_info_t ***)entry->parm, len, depth); break; case SC_ASN1_CALLBACK: if (entry->parm != NULL) r = callback_func(ctx, entry->arg, obj, objlen, depth); break; default: sc_debug(ctx, SC_LOG_DEBUG_ASN1, ""invalid ASN.1 type: %d\n"", entry->type); return SC_ERROR_INVALID_ASN1_OBJECT; } if (r) { sc_debug(ctx, SC_LOG_DEBUG_ASN1, ""decoding of ASN.1 object '%s' failed: %s\n"", entry->name, sc_strerror(r)); return r; } entry->flags |= SC_ASN1_PRESENT; return 0; }",visit repo url,src/libopensc/asn1.c,https://github.com/OpenSC/OpenSC,277050409921121,1 3467,['CWE-20'],"sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sk_buff *skb = chunk->skb; sctp_chunkhdr_t *ch; __u8 *ch_end; int ootb_shut_ack = 0; SCTP_INC_STATS(SCTP_MIB_OUTOFBLUES); ch = (sctp_chunkhdr_t *) chunk->chunk_hdr; do { if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t)) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); if (SCTP_CID_SHUTDOWN_ACK == ch->type) ootb_shut_ack = 1; if (SCTP_CID_ABORT == ch->type) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length)); if (ch_end > skb_tail_pointer(skb)) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); ch = (sctp_chunkhdr_t *) ch_end; } while (ch_end < skb_tail_pointer(skb)); if (ootb_shut_ack) return sctp_sf_shut_8_4_5(ep, asoc, type, arg, commands); else return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); }",linux-2.6,,,165541038043156020773462484802635417858,0 3739,CWE-787,"int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { int64_t infilesize, total_samples; DFFFileHeader dff_file_header; DFFChunkHeader dff_chunk_header; uint32_t bcount; infilesize = DoGetFileSize (infile); memcpy (&dff_file_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &dff_file_header) + 4, sizeof (DFFFileHeader) - 4, &bcount) || bcount != sizeof (DFFFileHeader) - 4) || strncmp (dff_file_header.formType, ""DSD "", 4)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &dff_file_header, sizeof (DFFFileHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } #if 1 WavpackBigEndianToNative (&dff_file_header, DFFFileHeaderFormat); if (infilesize && !(config->qmode & QMODE_IGNORE_LENGTH) && dff_file_header.ckDataSize && dff_file_header.ckDataSize + 1 && dff_file_header.ckDataSize + 12 != infilesize) { error_line (""%s is not a valid .DFF file (by total size)!"", infilename); return WAVPACK_SOFT_ERROR; } if (debug_logging_mode) error_line (""file header indicated length = %lld"", dff_file_header.ckDataSize); #endif while (1) { if (!DoReadFile (infile, &dff_chunk_header, sizeof (DFFChunkHeader), &bcount) || bcount != sizeof (DFFChunkHeader)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &dff_chunk_header, sizeof (DFFChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&dff_chunk_header, DFFChunkHeaderFormat); if (debug_logging_mode) error_line (""chunk header indicated length = %lld"", dff_chunk_header.ckDataSize); if (!strncmp (dff_chunk_header.ckID, ""FVER"", 4)) { uint32_t version; if (dff_chunk_header.ckDataSize != sizeof (version) || !DoReadFile (infile, &version, sizeof (version), &bcount) || bcount != sizeof (version)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &version, sizeof (version))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&version, ""L""); if (debug_logging_mode) error_line (""dsdiff file version = 0x%08x"", version); } else if (!strncmp (dff_chunk_header.ckID, ""PROP"", 4)) { char *prop_chunk; if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } if (debug_logging_mode) error_line (""got PROP chunk of %d bytes total"", (int) dff_chunk_header.ckDataSize); prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) || bcount != dff_chunk_header.ckDataSize) { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (prop_chunk); return WAVPACK_SOFT_ERROR; } if (!strncmp (prop_chunk, ""SND "", 4)) { char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize; uint16_t numChannels, chansSpecified, chanMask = 0; uint32_t sampleRate; while (eptr - cptr >= sizeof (dff_chunk_header)) { memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header)); cptr += sizeof (dff_chunk_header); WavpackBigEndianToNative (&dff_chunk_header, DFFChunkHeaderFormat); if (eptr - cptr >= dff_chunk_header.ckDataSize) { if (!strncmp (dff_chunk_header.ckID, ""FS "", 4) && dff_chunk_header.ckDataSize == 4) { memcpy (&sampleRate, cptr, sizeof (sampleRate)); WavpackBigEndianToNative (&sampleRate, ""L""); cptr += dff_chunk_header.ckDataSize; if (debug_logging_mode) error_line (""got sample rate of %u Hz"", sampleRate); } else if (!strncmp (dff_chunk_header.ckID, ""CHNL"", 4) && dff_chunk_header.ckDataSize >= 2) { memcpy (&numChannels, cptr, sizeof (numChannels)); WavpackBigEndianToNative (&numChannels, ""S""); cptr += sizeof (numChannels); chansSpecified = (int)(dff_chunk_header.ckDataSize - sizeof (numChannels)) / 4; while (chansSpecified--) { if (!strncmp (cptr, ""SLFT"", 4) || !strncmp (cptr, ""MLFT"", 4)) chanMask |= 0x1; else if (!strncmp (cptr, ""SRGT"", 4) || !strncmp (cptr, ""MRGT"", 4)) chanMask |= 0x2; else if (!strncmp (cptr, ""LS "", 4)) chanMask |= 0x10; else if (!strncmp (cptr, ""RS "", 4)) chanMask |= 0x20; else if (!strncmp (cptr, ""C "", 4)) chanMask |= 0x4; else if (!strncmp (cptr, ""LFE "", 4)) chanMask |= 0x8; else if (debug_logging_mode) error_line (""undefined channel ID %c%c%c%c"", cptr [0], cptr [1], cptr [2], cptr [3]); cptr += 4; } if (debug_logging_mode) error_line (""%d channels, mask = 0x%08x"", numChannels, chanMask); } else if (!strncmp (dff_chunk_header.ckID, ""CMPR"", 4) && dff_chunk_header.ckDataSize >= 4) { if (strncmp (cptr, ""DSD "", 4)) { error_line (""DSDIFF files must be uncompressed, not \""%c%c%c%c\""!"", cptr [0], cptr [1], cptr [2], cptr [3]); free (prop_chunk); return WAVPACK_SOFT_ERROR; } cptr += dff_chunk_header.ckDataSize; } else { if (debug_logging_mode) error_line (""got PROP/SND chunk type \""%c%c%c%c\"" of %d bytes"", dff_chunk_header.ckID [0], dff_chunk_header.ckID [1], dff_chunk_header.ckID [2], dff_chunk_header.ckID [3], dff_chunk_header.ckDataSize); cptr += dff_chunk_header.ckDataSize; } } else { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } } if (chanMask && (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED))) { error_line (""this DSDIFF file already has channel order information!""); free (prop_chunk); return WAVPACK_SOFT_ERROR; } else if (chanMask) config->channel_mask = chanMask; config->bits_per_sample = 8; config->bytes_per_sample = 1; config->num_channels = numChannels; config->sample_rate = sampleRate / 8; config->qmode |= QMODE_DSD_MSB_FIRST; } else if (debug_logging_mode) error_line (""got unknown PROP chunk type \""%c%c%c%c\"" of %d bytes"", prop_chunk [0], prop_chunk [1], prop_chunk [2], prop_chunk [3], dff_chunk_header.ckDataSize); free (prop_chunk); } else if (!strncmp (dff_chunk_header.ckID, ""DSD "", 4)) { total_samples = dff_chunk_header.ckDataSize / config->num_channels; break; } else { int bytes_to_copy = (int)(((dff_chunk_header.ckDataSize) + 1) & ~(int64_t)1); char *buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", dff_chunk_header.ckID [0], dff_chunk_header.ckID [1], dff_chunk_header.ckID [2], dff_chunk_header.ckID [3], dff_chunk_header.ckDataSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (debug_logging_mode) error_line (""setting configuration with %lld samples"", total_samples); if (!WavpackSetConfiguration64 (wpc, config, total_samples, NULL)) { error_line (""%s: %s"", infilename, WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } return WAVPACK_NO_ERROR; }",visit repo url,cli/dsdiff.c,https://github.com/dbry/WavPack,277916219578740,1 5287,['CWE-119'],"static int tun_chr_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) { struct tun_file *tfile = file->private_data; struct tun_struct *tun; void __user* argp = (void __user*)arg; struct ifreq ifr; int sndbuf; int ret; if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) if (copy_from_user(&ifr, argp, sizeof ifr)) return -EFAULT; if (cmd == TUNGETFEATURES) { return put_user(IFF_TUN | IFF_TAP | IFF_NO_PI | IFF_ONE_QUEUE | IFF_VNET_HDR, (unsigned int __user*)argp); } tun = __tun_get(tfile); if (cmd == TUNSETIFF && !tun) { int err; ifr.ifr_name[IFNAMSIZ-1] = '\0'; rtnl_lock(); err = tun_set_iff(tfile->net, file, &ifr); rtnl_unlock(); if (err) return err; if (copy_to_user(argp, &ifr, sizeof(ifr))) return -EFAULT; return 0; } if (!tun) return -EBADFD; DBG(KERN_INFO ""%s: tun_chr_ioctl cmd %d\n"", tun->dev->name, cmd); ret = 0; switch (cmd) { case TUNGETIFF: ret = tun_get_iff(current->nsproxy->net_ns, file, &ifr); if (ret) break; if (copy_to_user(argp, &ifr, sizeof(ifr))) ret = -EFAULT; break; case TUNSETNOCSUM: if (arg) tun->flags |= TUN_NOCHECKSUM; else tun->flags &= ~TUN_NOCHECKSUM; DBG(KERN_INFO ""%s: checksum %s\n"", tun->dev->name, arg ? ""disabled"" : ""enabled""); break; case TUNSETPERSIST: if (arg) tun->flags |= TUN_PERSIST; else tun->flags &= ~TUN_PERSIST; DBG(KERN_INFO ""%s: persist %s\n"", tun->dev->name, arg ? ""enabled"" : ""disabled""); break; case TUNSETOWNER: tun->owner = (uid_t) arg; DBG(KERN_INFO ""%s: owner set to %d\n"", tun->dev->name, tun->owner); break; case TUNSETGROUP: tun->group= (gid_t) arg; DBG(KERN_INFO ""%s: group set to %d\n"", tun->dev->name, tun->group); break; case TUNSETLINK: rtnl_lock(); if (tun->dev->flags & IFF_UP) { DBG(KERN_INFO ""%s: Linktype set failed because interface is up\n"", tun->dev->name); ret = -EBUSY; } else { tun->dev->type = (int) arg; DBG(KERN_INFO ""%s: linktype set to %d\n"", tun->dev->name, tun->dev->type); ret = 0; } rtnl_unlock(); break; #ifdef TUN_DEBUG case TUNSETDEBUG: tun->debug = arg; break; #endif case TUNSETOFFLOAD: rtnl_lock(); ret = set_offload(tun->dev, arg); rtnl_unlock(); break; case TUNSETTXFILTER: ret = -EINVAL; if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV) break; rtnl_lock(); ret = update_filter(&tun->txflt, (void __user *)arg); rtnl_unlock(); break; case SIOCGIFHWADDR: memcpy(ifr.ifr_hwaddr.sa_data, tun->dev->dev_addr, ETH_ALEN); ifr.ifr_hwaddr.sa_family = tun->dev->type; if (copy_to_user(argp, &ifr, sizeof ifr)) ret = -EFAULT; break; case SIOCSIFHWADDR: DBG(KERN_DEBUG ""%s: set hw address: %pM\n"", tun->dev->name, ifr.ifr_hwaddr.sa_data); rtnl_lock(); ret = dev_set_mac_address(tun->dev, &ifr.ifr_hwaddr); rtnl_unlock(); break; case TUNGETSNDBUF: sndbuf = tun->sk->sk_sndbuf; if (copy_to_user(argp, &sndbuf, sizeof(sndbuf))) ret = -EFAULT; break; case TUNSETSNDBUF: if (copy_from_user(&sndbuf, argp, sizeof(sndbuf))) { ret = -EFAULT; break; } tun->sk->sk_sndbuf = sndbuf; break; default: ret = -EINVAL; break; }; tun_put(tun); return ret; }",linux-2.6,,,137066738804770574242008705700416545242,0 1493,CWE-264,"int perf_event_task_enable(void) { struct perf_event *event; mutex_lock(¤t->perf_event_mutex); list_for_each_entry(event, ¤t->perf_event_list, owner_entry) perf_event_for_each_child(event, perf_event_enable); mutex_unlock(¤t->perf_event_mutex); return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,84469438710836,1 772,['CWE-119'],"isdn_net_setcfg(isdn_net_ioctl_cfg * cfg) { isdn_net_dev *p = isdn_net_findif(cfg->name); ulong features; int i; int drvidx; int chidx; char drvid[25]; if (p) { isdn_net_local *lp = p->local; features = ((1 << cfg->l2_proto) << ISDN_FEATURE_L2_SHIFT) | ((1 << cfg->l3_proto) << ISDN_FEATURE_L3_SHIFT); for (i = 0; i < ISDN_MAX_DRIVERS; i++) if (dev->drv[i]) if ((dev->drv[i]->interface->features & features) == features) break; if (i == ISDN_MAX_DRIVERS) { printk(KERN_WARNING ""isdn_net: No driver with selected features\n""); return -ENODEV; } if (lp->p_encap != cfg->p_encap){ #ifdef CONFIG_ISDN_X25 struct concap_proto * cprot = p -> cprot; #endif if (isdn_net_device_started(p)) { printk(KERN_WARNING ""%s: cannot change encap when if is up\n"", p->dev->name); return -EBUSY; } #ifdef CONFIG_ISDN_X25 if( cprot && cprot -> pops ) cprot -> pops -> proto_del ( cprot ); p -> cprot = NULL; lp -> dops = NULL; switch ( cfg -> p_encap ){ case ISDN_NET_ENCAP_X25IFACE: lp -> dops = &isdn_concap_reliable_dl_dops; } p -> cprot = isdn_concap_new( cfg -> p_encap ); #endif } switch ( cfg->p_encap ) { case ISDN_NET_ENCAP_SYNCPPP: #ifndef CONFIG_ISDN_PPP printk(KERN_WARNING ""%s: SyncPPP support not configured\n"", p->dev->name); return -EINVAL; #else p->dev->type = ARPHRD_PPP; p->dev->addr_len = 0; p->dev->do_ioctl = isdn_ppp_dev_ioctl; #endif break; case ISDN_NET_ENCAP_X25IFACE: #ifndef CONFIG_ISDN_X25 printk(KERN_WARNING ""%s: isdn-x25 support not configured\n"", p->dev->name); return -EINVAL; #else p->dev->type = ARPHRD_X25; p->dev->addr_len = 0; #endif break; case ISDN_NET_ENCAP_CISCOHDLCK: p->dev->do_ioctl = isdn_ciscohdlck_dev_ioctl; break; default: if( cfg->p_encap >= 0 && cfg->p_encap <= ISDN_NET_ENCAP_MAX_ENCAP ) break; printk(KERN_WARNING ""%s: encapsulation protocol %d not supported\n"", p->dev->name, cfg->p_encap); return -EINVAL; } if (strlen(cfg->drvid)) { char *c, *e; drvidx = -1; chidx = -1; strcpy(drvid, cfg->drvid); if ((c = strchr(drvid, ','))) { chidx = (int) simple_strtoul(c + 1, &e, 10); if (e == c) chidx = -1; *c = '\0'; } for (i = 0; i < ISDN_MAX_DRIVERS; i++) if (!(strcmp(dev->drvid[i], drvid))) { drvidx = i; break; } if ((drvidx == -1) || (chidx == -1)) return -ENODEV; } else { drvidx = lp->pre_device; chidx = lp->pre_channel; } if (cfg->exclusive > 0) { unsigned long flags; spin_lock_irqsave(&dev->lock, flags); if ((i = isdn_get_free_channel(ISDN_USAGE_NET, lp->l2_proto, lp->l3_proto, drvidx, chidx, lp->msn)) < 0) { lp->exclusive = -1; spin_unlock_irqrestore(&dev->lock, flags); return -EBUSY; } dev->usage[i] = ISDN_USAGE_EXCLUSIVE; isdn_info_update(); spin_unlock_irqrestore(&dev->lock, flags); lp->exclusive = i; } else { lp->exclusive = -1; if ((lp->pre_device != -1) && (cfg->exclusive == -1)) { isdn_unexclusive_channel(lp->pre_device, lp->pre_channel); isdn_free_channel(lp->pre_device, lp->pre_channel, ISDN_USAGE_NET); drvidx = -1; chidx = -1; } } strlcpy(lp->msn, cfg->eaz, sizeof(lp->msn)); lp->pre_device = drvidx; lp->pre_channel = chidx; lp->onhtime = cfg->onhtime; lp->charge = cfg->charge; lp->l2_proto = cfg->l2_proto; lp->l3_proto = cfg->l3_proto; lp->cbdelay = cfg->cbdelay; lp->dialmax = cfg->dialmax; lp->triggercps = cfg->triggercps; lp->slavedelay = cfg->slavedelay * HZ; lp->pppbind = cfg->pppbind; lp->dialtimeout = cfg->dialtimeout >= 0 ? cfg->dialtimeout * HZ : -1; lp->dialwait = cfg->dialwait * HZ; if (cfg->secure) lp->flags |= ISDN_NET_SECURE; else lp->flags &= ~ISDN_NET_SECURE; if (cfg->cbhup) lp->flags |= ISDN_NET_CBHUP; else lp->flags &= ~ISDN_NET_CBHUP; switch (cfg->callback) { case 0: lp->flags &= ~(ISDN_NET_CALLBACK | ISDN_NET_CBOUT); break; case 1: lp->flags |= ISDN_NET_CALLBACK; lp->flags &= ~ISDN_NET_CBOUT; break; case 2: lp->flags |= ISDN_NET_CBOUT; lp->flags &= ~ISDN_NET_CALLBACK; break; } lp->flags &= ~ISDN_NET_DIALMODE_MASK; if (cfg->dialmode && !(cfg->dialmode & ISDN_NET_DIALMODE_MASK)) { printk(KERN_WARNING ""Old isdnctrl version detected! Please update.\n""); lp->flags |= ISDN_NET_DM_OFF; } else { lp->flags |= cfg->dialmode; } if (cfg->chargehup) lp->hupflags |= ISDN_CHARGEHUP; else lp->hupflags &= ~ISDN_CHARGEHUP; if (cfg->ihup) lp->hupflags |= ISDN_INHUP; else lp->hupflags &= ~ISDN_INHUP; if (cfg->chargeint > 10) { lp->hupflags |= ISDN_CHARGEHUP | ISDN_HAVECHARGE | ISDN_MANCHARGE; lp->chargeint = cfg->chargeint * HZ; } if (cfg->p_encap != lp->p_encap) { if (cfg->p_encap == ISDN_NET_ENCAP_RAWIP) { p->dev->header_ops = NULL; p->dev->flags = IFF_NOARP|IFF_POINTOPOINT; } else { p->dev->header_ops = &isdn_header_ops; if (cfg->p_encap == ISDN_NET_ENCAP_ETHER) p->dev->flags = IFF_BROADCAST | IFF_MULTICAST; else p->dev->flags = IFF_NOARP|IFF_POINTOPOINT; } } lp->p_encap = cfg->p_encap; return 0; } return -ENODEV; }",linux-2.6,,,155181909137210519302296943237798383854,0 6213,['CWE-200'],"int rtnl_lock_interruptible(void) { return down_interruptible(&rtnl_sem); }",linux-2.6,,,325722879625321747627877349951625395766,0 5830,CWE-362,"static pj_status_t STATUS_FROM_SSL_ERR2(char *action, pj_ssl_sock_t *ssock, int ret, int err, int len) { unsigned long ssl_err = err; if (err == SSL_ERROR_SSL) { ssl_err = ERR_peek_error(); } SSLLogErrors(action, ret, err, len, ssock); ssock->last_err = ssl_err; return GET_STATUS_FROM_SSL_ERR(ssl_err); }",visit repo url,pjlib/src/pj/ssl_sock_ossl.c,https://github.com/pjsip/pjproject,243088810488500,1 4324,CWE-190,"bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid) { int frameSize = afGetVirtualFrameSize(infile, trackid, 1); const int kBufferFrameCount = 65536; void *buffer = malloc(kBufferFrameCount * frameSize); AFframecount totalFrames = afGetFrameCount(infile, AF_DEFAULT_TRACK); AFframecount totalFramesWritten = 0; bool success = true; while (totalFramesWritten < totalFrames) { AFframecount framesToRead = totalFrames - totalFramesWritten; if (framesToRead > kBufferFrameCount) framesToRead = kBufferFrameCount; AFframecount framesRead = afReadFrames(infile, trackid, buffer, framesToRead); if (framesRead < framesToRead) { fprintf(stderr, ""Bad read of audio track data.\n""); success = false; break; } AFframecount framesWritten = afWriteFrames(outfile, trackid, buffer, framesRead); if (framesWritten < framesRead) { fprintf(stderr, ""Bad write of audio track data.\n""); success = false; break; } totalFramesWritten += framesWritten; } free(buffer); return success; }",visit repo url,sfcommands/sfconvert.c,https://github.com/antlarr/audiofile,272910466480286,1 1931,CWE-400,"static void expire_cfs_rq_runtime(struct cfs_rq *cfs_rq) { struct cfs_bandwidth *cfs_b = tg_cfs_bandwidth(cfs_rq->tg); if (likely((s64)(rq_clock(rq_of(cfs_rq)) - cfs_rq->runtime_expires) < 0)) return; if (cfs_rq->runtime_remaining < 0) return; if (cfs_rq->expires_seq == cfs_b->expires_seq) { cfs_rq->runtime_expires += TICK_NSEC; } else { cfs_rq->runtime_remaining = 0; } }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,43251466689814,1 894,['CWE-200'],"static struct dentry *shmem_fh_to_dentry(struct super_block *sb, struct fid *fid, int fh_len, int fh_type) { struct inode *inode; struct dentry *dentry = NULL; u64 inum = fid->raw[2]; inum = (inum << 32) | fid->raw[1]; if (fh_len < 3) return NULL; inode = ilookup5(sb, (unsigned long)(inum + fid->raw[0]), shmem_match, fid->raw); if (inode) { dentry = d_find_alias(inode); iput(inode); } return dentry; }",linux-2.6,,,33143536216263360517680532842906976898,0 5707,['CWE-200'],"static void llc_ui_sk_init(struct socket *sock, struct sock *sk) { sock_graft(sk, sock); sk->sk_type = sock->type; sock->ops = &llc_ui_ops; }",linux-2.6,,,41875962267114711137297275748335037209,0 2681,CWE-190,"static int spl_filesystem_file_read_line(zval * this_ptr, spl_filesystem_object *intern, int silent TSRMLS_DC) { int ret = spl_filesystem_file_read_line_ex(this_ptr, intern, silent TSRMLS_CC); while (SPL_HAS_FLAG(intern->flags, SPL_FILE_OBJECT_SKIP_EMPTY) && ret == SUCCESS && spl_filesystem_file_is_empty_line(intern TSRMLS_CC)) { spl_filesystem_file_free_line(intern TSRMLS_CC); ret = spl_filesystem_file_read_line_ex(this_ptr, intern, silent TSRMLS_CC); } return ret; }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,180934194016237,1 5723,CWE-763,"static GCObject **correctgraylist (GCObject **p) { GCObject *curr; while ((curr = *p) != NULL) { switch (curr->tt) { case LUA_VTABLE: case LUA_VUSERDATA: { GCObject **next = getgclist(curr); if (getage(curr) == G_TOUCHED1) { lua_assert(isgray(curr)); gray2black(curr); changeage(curr, G_TOUCHED1, G_TOUCHED2); p = next; } else { if (!iswhite(curr)) { lua_assert(isold(curr)); if (getage(curr) == G_TOUCHED2) changeage(curr, G_TOUCHED2, G_OLD); gray2black(curr); } *p = *next; } break; } case LUA_VTHREAD: { lua_State *th = gco2th(curr); lua_assert(!isblack(th)); if (iswhite(th)) *p = th->gclist; else p = &th->gclist; break; } default: lua_assert(0); } } return p; }",visit repo url,lgc.c,https://github.com/lua/lua,172841765805192,1 2380,CWE-20,"static int get_cox(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c) { uint8_t byte; if (bytestream2_get_bytes_left(&s->g) < 5) return AVERROR_INVALIDDATA; c->nreslevels = bytestream2_get_byteu(&s->g) + 1; if (c->nreslevels >= JPEG2000_MAX_RESLEVELS) { av_log(s->avctx, AV_LOG_ERROR, ""nreslevels %d is invalid\n"", c->nreslevels); return AVERROR_INVALIDDATA; } if (c->nreslevels < s->reduction_factor) c->nreslevels2decode = 1; else c->nreslevels2decode = c->nreslevels - s->reduction_factor; c->log2_cblk_width = (bytestream2_get_byteu(&s->g) & 15) + 2; c->log2_cblk_height = (bytestream2_get_byteu(&s->g) & 15) + 2; if (c->log2_cblk_width > 10 || c->log2_cblk_height > 10 || c->log2_cblk_width + c->log2_cblk_height > 12) { av_log(s->avctx, AV_LOG_ERROR, ""cblk size invalid\n""); return AVERROR_INVALIDDATA; } if (c->log2_cblk_width > 6 || c->log2_cblk_height > 6) { avpriv_request_sample(s->avctx, ""cblk size > 64""); return AVERROR_PATCHWELCOME; } c->cblk_style = bytestream2_get_byteu(&s->g); if (c->cblk_style != 0) { av_log(s->avctx, AV_LOG_WARNING, ""extra cblk styles %X\n"", c->cblk_style); } c->transform = bytestream2_get_byteu(&s->g); if ((s->avctx->flags & CODEC_FLAG_BITEXACT) && (c->transform == FF_DWT97)) c->transform = FF_DWT97_INT; if (c->csty & JPEG2000_CSTY_PREC) { int i; for (i = 0; i < c->nreslevels; i++) { byte = bytestream2_get_byte(&s->g); c->log2_prec_widths[i] = byte & 0x0F; c->log2_prec_heights[i] = (byte >> 4) & 0x0F; } } else { memset(c->log2_prec_widths , 15, sizeof(c->log2_prec_widths )); memset(c->log2_prec_heights, 15, sizeof(c->log2_prec_heights)); } return 0; }",visit repo url,libavcodec/jpeg2000dec.c,https://github.com/FFmpeg/FFmpeg,121953631679393,1 5300,['CWE-119'],"static void addr_hash_set(u32 *mask, const u8 *addr) { int n = ether_crc(ETH_ALEN, addr) >> 26; mask[n >> 5] |= (1 << (n & 31)); }",linux-2.6,,,1515576106689368868199644570246107974,0 4106,CWE-119,"static void send(node_t *node, node_t *child, byte *fout) { if (node->parent) { send(node->parent, node, fout); } if (child) { if (node->right == child) { add_bit(1, fout); } else { add_bit(0, fout); } } }",visit repo url,code/qcommon/huffman.c,https://github.com/ioquake/ioq3,205366794765064,1 3504,CWE-189,"int lzxd_decompress(struct lzxd_stream *lzx, off_t out_bytes) { register unsigned int bit_buffer; register int bits_left, i=0; unsigned char *i_ptr, *i_end; register unsigned short sym; int match_length, length_footer, extra, verbatim_bits, bytes_todo; int this_run, main_element, aligned_bits, j; unsigned char *window, *runsrc, *rundest, buf[12]; unsigned int frame_size=0, end_frame, match_offset, window_posn; unsigned int R0, R1, R2; if (!lzx || (out_bytes < 0)) return MSPACK_ERR_ARGS; if (lzx->error) return lzx->error; i = lzx->o_end - lzx->o_ptr; if ((off_t) i > out_bytes) i = (int) out_bytes; if (i) { if (lzx->sys->write(lzx->output, lzx->o_ptr, i) != i) { return lzx->error = MSPACK_ERR_WRITE; } lzx->o_ptr += i; lzx->offset += i; out_bytes -= i; } if (out_bytes == 0) return MSPACK_ERR_OK; RESTORE_BITS; window = lzx->window; window_posn = lzx->window_posn; R0 = lzx->R0; R1 = lzx->R1; R2 = lzx->R2; end_frame = (unsigned int)((lzx->offset + out_bytes) / LZX_FRAME_SIZE) + 1; while (lzx->frame < end_frame) { if (lzx->reset_interval && ((lzx->frame % lzx->reset_interval) == 0)) { if (lzx->block_remaining) { D((""%d bytes remaining at reset interval"", lzx->block_remaining)) return lzx->error = MSPACK_ERR_DECRUNCH; } lzxd_reset_state(lzx); R0 = lzx->R0; R1 = lzx->R1; R2 = lzx->R2; } if (lzx->is_delta) { ENSURE_BITS(16); REMOVE_BITS(16); } if (!lzx->header_read) { j = 0; READ_BITS(i, 1); if (i) { READ_BITS(i, 16); READ_BITS(j, 16); } lzx->intel_filesize = (i << 16) | j; lzx->header_read = 1; } frame_size = LZX_FRAME_SIZE; if (lzx->length && (lzx->length - lzx->offset) < (off_t)frame_size) { frame_size = lzx->length - lzx->offset; } bytes_todo = lzx->frame_posn + frame_size - window_posn; while (bytes_todo > 0) { if (lzx->block_remaining == 0) { if ((lzx->block_type == LZX_BLOCKTYPE_UNCOMPRESSED) && (lzx->block_length & 1)) { READ_IF_NEEDED; i_ptr++; } READ_BITS(lzx->block_type, 3); READ_BITS(i, 16); READ_BITS(j, 8); lzx->block_remaining = lzx->block_length = (i << 8) | j; switch (lzx->block_type) { case LZX_BLOCKTYPE_ALIGNED: for (i = 0; i < 8; i++) { READ_BITS(j, 3); lzx->ALIGNED_len[i] = j; } BUILD_TABLE(ALIGNED); case LZX_BLOCKTYPE_VERBATIM: READ_LENGTHS(MAINTREE, 0, 256); READ_LENGTHS(MAINTREE, 256, LZX_NUM_CHARS + lzx->num_offsets); BUILD_TABLE(MAINTREE); if (lzx->MAINTREE_len[0xE8] != 0) lzx->intel_started = 1; READ_LENGTHS(LENGTH, 0, LZX_NUM_SECONDARY_LENGTHS); BUILD_TABLE_MAYBE_EMPTY(LENGTH); break; case LZX_BLOCKTYPE_UNCOMPRESSED: lzx->intel_started = 1; ENSURE_BITS(16); if (bits_left > 16) i_ptr -= 2; bits_left = 0; bit_buffer = 0; for (rundest = &buf[0], i = 0; i < 12; i++) { READ_IF_NEEDED; *rundest++ = *i_ptr++; } R0 = buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); R1 = buf[4] | (buf[5] << 8) | (buf[6] << 16) | (buf[7] << 24); R2 = buf[8] | (buf[9] << 8) | (buf[10] << 16) | (buf[11] << 24); break; default: D((""bad block type"")) return lzx->error = MSPACK_ERR_DECRUNCH; } } this_run = lzx->block_remaining; if (this_run > bytes_todo) this_run = bytes_todo; bytes_todo -= this_run; lzx->block_remaining -= this_run; switch (lzx->block_type) { case LZX_BLOCKTYPE_VERBATIM: while (this_run > 0) { READ_HUFFSYM(MAINTREE, main_element); if (main_element < LZX_NUM_CHARS) { window[window_posn++] = main_element; this_run--; } else { main_element -= LZX_NUM_CHARS; match_length = main_element & LZX_NUM_PRIMARY_LENGTHS; if (match_length == LZX_NUM_PRIMARY_LENGTHS) { if (lzx->LENGTH_empty) { D((""LENGTH symbol needed but tree is empty"")) return lzx->error = MSPACK_ERR_DECRUNCH; } READ_HUFFSYM(LENGTH, length_footer); match_length += length_footer; } match_length += LZX_MIN_MATCH; switch ((match_offset = (main_element >> 3))) { case 0: match_offset = R0; break; case 1: match_offset = R1; R1=R0; R0 = match_offset; break; case 2: match_offset = R2; R2=R0; R0 = match_offset; break; case 3: match_offset = 1; R2=R1; R1=R0; R0 = match_offset; break; default: extra = (match_offset >= 36) ? 17 : extra_bits[match_offset]; READ_BITS(verbatim_bits, extra); match_offset = position_base[match_offset] - 2 + verbatim_bits; R2 = R1; R1 = R0; R0 = match_offset; } if (match_length == LZX_MAX_MATCH && lzx->is_delta) { int extra_len = 0; ENSURE_BITS(3); if (PEEK_BITS(1) == 0) { REMOVE_BITS(1); READ_BITS(extra_len, 8); } else if (PEEK_BITS(2) == 2) { REMOVE_BITS(2); READ_BITS(extra_len, 10); extra_len += 0x100; } else if (PEEK_BITS(3) == 6) { REMOVE_BITS(3); READ_BITS(extra_len, 12); extra_len += 0x500; } else { REMOVE_BITS(3); READ_BITS(extra_len, 15); } match_length += extra_len; } if ((window_posn + match_length) > lzx->window_size) { D((""match ran over window wrap"")) return lzx->error = MSPACK_ERR_DECRUNCH; } rundest = &window[window_posn]; i = match_length; if (match_offset > window_posn) { if (match_offset > lzx->offset && (match_offset - window_posn) > lzx->ref_data_size) { D((""match offset beyond LZX stream"")) return lzx->error = MSPACK_ERR_DECRUNCH; } j = match_offset - window_posn; if (j > (int) lzx->window_size) { D((""match offset beyond window boundaries"")) return lzx->error = MSPACK_ERR_DECRUNCH; } runsrc = &window[lzx->window_size - j]; if (j < i) { i -= j; while (j-- > 0) *rundest++ = *runsrc++; runsrc = window; } while (i-- > 0) *rundest++ = *runsrc++; } else { runsrc = rundest - match_offset; while (i-- > 0) *rundest++ = *runsrc++; } this_run -= match_length; window_posn += match_length; } } break; case LZX_BLOCKTYPE_ALIGNED: while (this_run > 0) { READ_HUFFSYM(MAINTREE, main_element); if (main_element < LZX_NUM_CHARS) { window[window_posn++] = main_element; this_run--; } else { main_element -= LZX_NUM_CHARS; match_length = main_element & LZX_NUM_PRIMARY_LENGTHS; if (match_length == LZX_NUM_PRIMARY_LENGTHS) { if (lzx->LENGTH_empty) { D((""LENGTH symbol needed but tree is empty"")) return lzx->error = MSPACK_ERR_DECRUNCH; } READ_HUFFSYM(LENGTH, length_footer); match_length += length_footer; } match_length += LZX_MIN_MATCH; switch ((match_offset = (main_element >> 3))) { case 0: match_offset = R0; break; case 1: match_offset = R1; R1 = R0; R0 = match_offset; break; case 2: match_offset = R2; R2 = R0; R0 = match_offset; break; default: extra = (match_offset >= 36) ? 17 : extra_bits[match_offset]; match_offset = position_base[match_offset] - 2; if (extra > 3) { extra -= 3; READ_BITS(verbatim_bits, extra); match_offset += (verbatim_bits << 3); READ_HUFFSYM(ALIGNED, aligned_bits); match_offset += aligned_bits; } else if (extra == 3) { READ_HUFFSYM(ALIGNED, aligned_bits); match_offset += aligned_bits; } else if (extra > 0) { READ_BITS(verbatim_bits, extra); match_offset += verbatim_bits; } else { match_offset = 1; } R2 = R1; R1 = R0; R0 = match_offset; } if (match_length == LZX_MAX_MATCH && lzx->is_delta) { int extra_len = 0; ENSURE_BITS(3); if (PEEK_BITS(1) == 0) { REMOVE_BITS(1); READ_BITS(extra_len, 8); } else if (PEEK_BITS(2) == 2) { REMOVE_BITS(2); READ_BITS(extra_len, 10); extra_len += 0x100; } else if (PEEK_BITS(3) == 6) { REMOVE_BITS(3); READ_BITS(extra_len, 12); extra_len += 0x500; } else { REMOVE_BITS(3); READ_BITS(extra_len, 15); } match_length += extra_len; } if ((window_posn + match_length) > lzx->window_size) { D((""match ran over window wrap"")) return lzx->error = MSPACK_ERR_DECRUNCH; } rundest = &window[window_posn]; i = match_length; if (match_offset > window_posn) { if (match_offset > lzx->offset && (match_offset - window_posn) > lzx->ref_data_size) { D((""match offset beyond LZX stream"")) return lzx->error = MSPACK_ERR_DECRUNCH; } j = match_offset - window_posn; if (j > (int) lzx->window_size) { D((""match offset beyond window boundaries"")) return lzx->error = MSPACK_ERR_DECRUNCH; } runsrc = &window[lzx->window_size - j]; if (j < i) { i -= j; while (j-- > 0) *rundest++ = *runsrc++; runsrc = window; } while (i-- > 0) *rundest++ = *runsrc++; } else { runsrc = rundest - match_offset; while (i-- > 0) *rundest++ = *runsrc++; } this_run -= match_length; window_posn += match_length; } } break; case LZX_BLOCKTYPE_UNCOMPRESSED: rundest = &window[window_posn]; window_posn += this_run; while (this_run > 0) { if ((i = i_end - i_ptr) == 0) { READ_IF_NEEDED; } else { if (i > this_run) i = this_run; lzx->sys->copy(i_ptr, rundest, (size_t) i); rundest += i; i_ptr += i; this_run -= i; } } break; default: return lzx->error = MSPACK_ERR_DECRUNCH; } if (this_run < 0) { if ((unsigned int)(-this_run) > lzx->block_remaining) { D((""overrun went past end of block by %d (%d remaining)"", -this_run, lzx->block_remaining )) return lzx->error = MSPACK_ERR_DECRUNCH; } lzx->block_remaining -= -this_run; } } if ((window_posn - lzx->frame_posn) != frame_size) { D((""decode beyond output frame limits! %d != %d"", window_posn - lzx->frame_posn, frame_size)) return lzx->error = MSPACK_ERR_DECRUNCH; } if (bits_left > 0) ENSURE_BITS(16); if (bits_left & 15) REMOVE_BITS(bits_left & 15); if (lzx->o_ptr != lzx->o_end) { D((""%ld avail bytes, new %d frame"", (long)(lzx->o_end - lzx->o_ptr), frame_size)) return lzx->error = MSPACK_ERR_DECRUNCH; } if (lzx->intel_started && lzx->intel_filesize && (lzx->frame <= 32768) && (frame_size > 10)) { unsigned char *data = &lzx->e8_buf[0]; unsigned char *dataend = &lzx->e8_buf[frame_size - 10]; signed int curpos = lzx->intel_curpos; signed int filesize = lzx->intel_filesize; signed int abs_off, rel_off; lzx->o_ptr = data; lzx->sys->copy(&lzx->window[lzx->frame_posn], data, frame_size); while (data < dataend) { if (*data++ != 0xE8) { curpos++; continue; } abs_off = data[0] | (data[1]<<8) | (data[2]<<16) | (data[3]<<24); if ((abs_off >= -curpos) && (abs_off < filesize)) { rel_off = (abs_off >= 0) ? abs_off - curpos : abs_off + filesize; data[0] = (unsigned char) rel_off; data[1] = (unsigned char) (rel_off >> 8); data[2] = (unsigned char) (rel_off >> 16); data[3] = (unsigned char) (rel_off >> 24); } data += 4; curpos += 5; } lzx->intel_curpos += frame_size; } else { lzx->o_ptr = &lzx->window[lzx->frame_posn]; if (lzx->intel_filesize) lzx->intel_curpos += frame_size; } lzx->o_end = &lzx->o_ptr[frame_size]; i = (out_bytes < (off_t)frame_size) ? (unsigned int)out_bytes : frame_size; if (lzx->sys->write(lzx->output, lzx->o_ptr, i) != i) { return lzx->error = MSPACK_ERR_WRITE; } lzx->o_ptr += i; lzx->offset += i; out_bytes -= i; lzx->frame_posn += frame_size; lzx->frame++; if (window_posn == lzx->window_size) window_posn = 0; if (lzx->frame_posn == lzx->window_size) lzx->frame_posn = 0; } if (out_bytes) { D((""bytes left to output"")) return lzx->error = MSPACK_ERR_DECRUNCH; } STORE_BITS; lzx->window_posn = window_posn; lzx->R0 = R0; lzx->R1 = R1; lzx->R2 = R2; return MSPACK_ERR_OK; }",visit repo url,libmspack/trunk/mspack/lzxd.c,https://github.com/kyz/libmspack,210942097550255,1 801,['CWE-16'],"static int esp_init_aead(struct xfrm_state *x) { struct esp_data *esp = x->data; struct crypto_aead *aead; int err; aead = crypto_alloc_aead(x->aead->alg_name, 0, 0); err = PTR_ERR(aead); if (IS_ERR(aead)) goto error; esp->aead = aead; err = crypto_aead_setkey(aead, x->aead->alg_key, (x->aead->alg_key_len + 7) / 8); if (err) goto error; err = crypto_aead_setauthsize(aead, x->aead->alg_icv_len / 8); if (err) goto error; error: return err; }",linux-2.6,,,263449348222873300967157484455851524613,0 977,CWE-190,"int lzo1x_decompress_safe(const unsigned char *in, size_t in_len, unsigned char *out, size_t *out_len) { unsigned char *op; const unsigned char *ip; size_t t, next; size_t state = 0; const unsigned char *m_pos; const unsigned char * const ip_end = in + in_len; unsigned char * const op_end = out + *out_len; op = out; ip = in; if (unlikely(in_len < 3)) goto input_overrun; if (*ip > 17) { t = *ip++ - 17; if (t < 4) { next = t; goto match_next; } goto copy_literal_run; } for (;;) { t = *ip++; if (t < 16) { if (likely(state == 0)) { if (unlikely(t == 0)) { while (unlikely(*ip == 0)) { t += 255; ip++; NEED_IP(1); } t += 15 + *ip++; } t += 3; copy_literal_run: #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) { const unsigned char *ie = ip + t; unsigned char *oe = op + t; do { COPY8(op, ip); op += 8; ip += 8; COPY8(op, ip); op += 8; ip += 8; } while (ip < ie); ip = ie; op = oe; } else #endif { NEED_OP(t); NEED_IP(t + 3); do { *op++ = *ip++; } while (--t > 0); } state = 4; continue; } else if (state != 4) { next = t & 3; m_pos = op - 1; m_pos -= t >> 2; m_pos -= *ip++ << 2; TEST_LB(m_pos); NEED_OP(2); op[0] = m_pos[0]; op[1] = m_pos[1]; op += 2; goto match_next; } else { next = t & 3; m_pos = op - (1 + M2_MAX_OFFSET); m_pos -= t >> 2; m_pos -= *ip++ << 2; t = 3; } } else if (t >= 64) { next = t & 3; m_pos = op - 1; m_pos -= (t >> 2) & 7; m_pos -= *ip++ << 3; t = (t >> 5) - 1 + (3 - 1); } else if (t >= 32) { t = (t & 31) + (3 - 1); if (unlikely(t == 2)) { while (unlikely(*ip == 0)) { t += 255; ip++; NEED_IP(1); } t += 31 + *ip++; NEED_IP(2); } m_pos = op - 1; next = get_unaligned_le16(ip); ip += 2; m_pos -= next >> 2; next &= 3; } else { m_pos = op; m_pos -= (t & 8) << 11; t = (t & 7) + (3 - 1); if (unlikely(t == 2)) { while (unlikely(*ip == 0)) { t += 255; ip++; NEED_IP(1); } t += 7 + *ip++; NEED_IP(2); } next = get_unaligned_le16(ip); ip += 2; m_pos -= next >> 2; next &= 3; if (m_pos == op) goto eof_found; m_pos -= 0x4000; } TEST_LB(m_pos); #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) if (op - m_pos >= 8) { unsigned char *oe = op + t; if (likely(HAVE_OP(t + 15))) { do { COPY8(op, m_pos); op += 8; m_pos += 8; COPY8(op, m_pos); op += 8; m_pos += 8; } while (op < oe); op = oe; if (HAVE_IP(6)) { state = next; COPY4(op, ip); op += next; ip += next; continue; } } else { NEED_OP(t); do { *op++ = *m_pos++; } while (op < oe); } } else #endif { unsigned char *oe = op + t; NEED_OP(t); op[0] = m_pos[0]; op[1] = m_pos[1]; op += 2; m_pos += 2; do { *op++ = *m_pos++; } while (op < oe); } match_next: state = next; t = next; #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) if (likely(HAVE_IP(6) && HAVE_OP(4))) { COPY4(op, ip); op += t; ip += t; } else #endif { NEED_IP(t + 3); NEED_OP(t); while (t > 0) { *op++ = *ip++; t--; } } } eof_found: *out_len = op - out; return (t != 3 ? LZO_E_ERROR : ip == ip_end ? LZO_E_OK : ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN); input_overrun: *out_len = op - out; return LZO_E_INPUT_OVERRUN; output_overrun: *out_len = op - out; return LZO_E_OUTPUT_OVERRUN; lookbehind_overrun: *out_len = op - out; return LZO_E_LOOKBEHIND_OVERRUN; }",visit repo url,lib/lzo/lzo1x_decompress_safe.c,https://github.com/torvalds/linux,201226241805058,1 342,['CWE-20'],"long arch_ptrace(struct task_struct *child, long request, long addr, long data) { long i, ret; unsigned ui; switch (request) { case PTRACE_PEEKTEXT: case PTRACE_PEEKDATA: ret = generic_ptrace_peekdata(child, addr, data); break; case PTRACE_PEEKUSR: { unsigned long tmp; ret = -EIO; if ((addr & 7) || addr > sizeof(struct user) - 7) break; switch (addr) { case 0 ... sizeof(struct user_regs_struct) - sizeof(long): tmp = getreg(child, addr); break; case offsetof(struct user, u_debugreg[0]): tmp = child->thread.debugreg0; break; case offsetof(struct user, u_debugreg[1]): tmp = child->thread.debugreg1; break; case offsetof(struct user, u_debugreg[2]): tmp = child->thread.debugreg2; break; case offsetof(struct user, u_debugreg[3]): tmp = child->thread.debugreg3; break; case offsetof(struct user, u_debugreg[6]): tmp = child->thread.debugreg6; break; case offsetof(struct user, u_debugreg[7]): tmp = child->thread.debugreg7; break; default: tmp = 0; break; } ret = put_user(tmp,(unsigned long __user *) data); break; } case PTRACE_POKETEXT: case PTRACE_POKEDATA: ret = generic_ptrace_pokedata(child, addr, data); break; case PTRACE_POKEUSR: { int dsize = test_tsk_thread_flag(child, TIF_IA32) ? 3 : 7; ret = -EIO; if ((addr & 7) || addr > sizeof(struct user) - 7) break; switch (addr) { case 0 ... sizeof(struct user_regs_struct) - sizeof(long): ret = putreg(child, addr, data); break; case offsetof(struct user, u_debugreg[0]): if (data >= TASK_SIZE_OF(child) - dsize) break; child->thread.debugreg0 = data; ret = 0; break; case offsetof(struct user, u_debugreg[1]): if (data >= TASK_SIZE_OF(child) - dsize) break; child->thread.debugreg1 = data; ret = 0; break; case offsetof(struct user, u_debugreg[2]): if (data >= TASK_SIZE_OF(child) - dsize) break; child->thread.debugreg2 = data; ret = 0; break; case offsetof(struct user, u_debugreg[3]): if (data >= TASK_SIZE_OF(child) - dsize) break; child->thread.debugreg3 = data; ret = 0; break; case offsetof(struct user, u_debugreg[6]): if (data >> 32) break; child->thread.debugreg6 = data; ret = 0; break; case offsetof(struct user, u_debugreg[7]): data &= ~DR_CONTROL_RESERVED; for(i=0; i<4; i++) if ((0x5554 >> ((data >> (16 + 4*i)) & 0xf)) & 1) break; if (i == 4) { child->thread.debugreg7 = data; if (data) set_tsk_thread_flag(child, TIF_DEBUG); else clear_tsk_thread_flag(child, TIF_DEBUG); ret = 0; } break; } break; } case PTRACE_SYSCALL: case PTRACE_CONT: ret = -EIO; if (!valid_signal(data)) break; if (request == PTRACE_SYSCALL) set_tsk_thread_flag(child,TIF_SYSCALL_TRACE); else clear_tsk_thread_flag(child,TIF_SYSCALL_TRACE); clear_tsk_thread_flag(child, TIF_SINGLESTEP); child->exit_code = data; clear_singlestep(child); wake_up_process(child); ret = 0; break; #ifdef CONFIG_IA32_EMULATION case PTRACE_SET_THREAD_AREA: { struct user_desc __user *p; int old; p = (struct user_desc __user *)data; get_user(old, &p->entry_number); put_user(addr, &p->entry_number); ret = do_set_thread_area(&child->thread, p); put_user(old, &p->entry_number); break; case PTRACE_GET_THREAD_AREA: p = (struct user_desc __user *)data; get_user(old, &p->entry_number); put_user(addr, &p->entry_number); ret = do_get_thread_area(&child->thread, p); put_user(old, &p->entry_number); break; } #endif case PTRACE_ARCH_PRCTL: ret = do_arch_prctl(child, data, addr); break; case PTRACE_KILL: ret = 0; if (child->exit_state == EXIT_ZOMBIE) break; clear_tsk_thread_flag(child, TIF_SINGLESTEP); child->exit_code = SIGKILL; clear_singlestep(child); wake_up_process(child); break; case PTRACE_SINGLESTEP: ret = -EIO; if (!valid_signal(data)) break; clear_tsk_thread_flag(child,TIF_SYSCALL_TRACE); set_singlestep(child); child->exit_code = data; wake_up_process(child); ret = 0; break; case PTRACE_DETACH: ret = ptrace_detach(child, data); break; case PTRACE_GETREGS: { if (!access_ok(VERIFY_WRITE, (unsigned __user *)data, sizeof(struct user_regs_struct))) { ret = -EIO; break; } ret = 0; for (ui = 0; ui < sizeof(struct user_regs_struct); ui += sizeof(long)) { ret |= __put_user(getreg(child, ui),(unsigned long __user *) data); data += sizeof(long); } break; } case PTRACE_SETREGS: { unsigned long tmp; if (!access_ok(VERIFY_READ, (unsigned __user *)data, sizeof(struct user_regs_struct))) { ret = -EIO; break; } ret = 0; for (ui = 0; ui < sizeof(struct user_regs_struct); ui += sizeof(long)) { ret = __get_user(tmp, (unsigned long __user *) data); if (ret) break; ret = putreg(child, ui, tmp); if (ret) break; data += sizeof(long); } break; } case PTRACE_GETFPREGS: { if (!access_ok(VERIFY_WRITE, (unsigned __user *)data, sizeof(struct user_i387_struct))) { ret = -EIO; break; } ret = get_fpregs((struct user_i387_struct __user *)data, child); break; } case PTRACE_SETFPREGS: { if (!access_ok(VERIFY_READ, (unsigned __user *)data, sizeof(struct user_i387_struct))) { ret = -EIO; break; } set_stopped_child_used_math(child); ret = set_fpregs(child, (struct user_i387_struct __user *)data); break; } default: ret = ptrace_request(child, request, addr, data); break; } return ret; }",linux-2.6,,,308436442897270204011230078934199597470,0 5626,CWE-125,"ast_for_call(struct compiling *c, const node *n, expr_ty func) { int i, nargs, nkeywords, ngens; int ndoublestars; asdl_seq *args; asdl_seq *keywords; REQ(n, arglist); nargs = 0; nkeywords = 0; ngens = 0; for (i = 0; i < NCH(n); i++) { node *ch = CHILD(n, i); if (TYPE(ch) == argument) { if (NCH(ch) == 1) nargs++; else if (TYPE(CHILD(ch, 1)) == comp_for) ngens++; else if (TYPE(CHILD(ch, 0)) == STAR) nargs++; else nkeywords++; } } if (ngens > 1 || (ngens && (nargs || nkeywords))) { ast_error(c, n, ""Generator expression must be parenthesized "" ""if not sole argument""); return NULL; } if (nargs + nkeywords + ngens > 255) { ast_error(c, n, ""more than 255 arguments""); return NULL; } args = _Ta3_asdl_seq_new(nargs + ngens, c->c_arena); if (!args) return NULL; keywords = _Ta3_asdl_seq_new(nkeywords, c->c_arena); if (!keywords) return NULL; nargs = 0; nkeywords = 0; ndoublestars = 0; for (i = 0; i < NCH(n); i++) { node *ch = CHILD(n, i); if (TYPE(ch) == argument) { expr_ty e; node *chch = CHILD(ch, 0); if (NCH(ch) == 1) { if (nkeywords) { if (ndoublestars) { ast_error(c, chch, ""positional argument follows "" ""keyword argument unpacking""); } else { ast_error(c, chch, ""positional argument follows "" ""keyword argument""); } return NULL; } e = ast_for_expr(c, chch); if (!e) return NULL; asdl_seq_SET(args, nargs++, e); } else if (TYPE(chch) == STAR) { expr_ty starred; if (ndoublestars) { ast_error(c, chch, ""iterable argument unpacking follows "" ""keyword argument unpacking""); return NULL; } e = ast_for_expr(c, CHILD(ch, 1)); if (!e) return NULL; starred = Starred(e, Load, LINENO(chch), chch->n_col_offset, c->c_arena); if (!starred) return NULL; asdl_seq_SET(args, nargs++, starred); } else if (TYPE(chch) == DOUBLESTAR) { keyword_ty kw; i++; e = ast_for_expr(c, CHILD(ch, 1)); if (!e) return NULL; kw = keyword(NULL, e, c->c_arena); asdl_seq_SET(keywords, nkeywords++, kw); ndoublestars++; } else if (TYPE(CHILD(ch, 1)) == comp_for) { e = ast_for_genexp(c, ch); if (!e) return NULL; asdl_seq_SET(args, nargs++, e); } else { keyword_ty kw; identifier key, tmp; int k; e = ast_for_expr(c, chch); if (!e) return NULL; if (e->kind == Lambda_kind) { ast_error(c, chch, ""lambda cannot contain assignment""); return NULL; } else if (e->kind != Name_kind) { ast_error(c, chch, ""keyword can't be an expression""); return NULL; } else if (forbidden_name(c, e->v.Name.id, ch, 1)) { return NULL; } key = e->v.Name.id; for (k = 0; k < nkeywords; k++) { tmp = ((keyword_ty)asdl_seq_GET(keywords, k))->arg; if (tmp && !PyUnicode_Compare(tmp, key)) { ast_error(c, chch, ""keyword argument repeated""); return NULL; } } e = ast_for_expr(c, CHILD(ch, 2)); if (!e) return NULL; kw = keyword(key, e, c->c_arena); if (!kw) return NULL; asdl_seq_SET(keywords, nkeywords++, kw); } } } return Call(func, args, keywords, func->lineno, func->col_offset, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,230612730463727,1 5223,CWE-276,"flatpak_dir_pull (FlatpakDir *self, FlatpakRemoteState *state, const char *ref, const char *opt_rev, const char **subpaths, GFile *sideload_repo, GBytes *require_metadata, const char *token, OstreeRepo *repo, FlatpakPullFlags flatpak_flags, OstreeRepoPullFlags flags, FlatpakProgress *progress, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; g_autofree char *rev = NULL; g_autofree char *url = NULL; g_autoptr(GPtrArray) subdirs_arg = NULL; g_auto(GLnxLockFile) lock = { 0, }; g_autofree char *name = NULL; g_autofree char *current_checksum = NULL; if (!flatpak_dir_ensure_repo (self, cancellable, error)) return FALSE; if (repo == NULL && !flatpak_dir_repo_lock (self, &lock, LOCK_SH, cancellable, error)) return FALSE; if (flatpak_dir_get_remote_oci (self, state->remote_name)) return flatpak_dir_pull_oci (self, state, ref, opt_rev, repo, flatpak_flags, flags, token, progress, cancellable, error); if (!ostree_repo_remote_get_url (self->repo, state->remote_name, &url, error)) return FALSE; if (*url == 0) return TRUE; if (opt_rev != NULL) { rev = g_strdup (opt_rev); } else { flatpak_remote_state_lookup_ref (state, ref, &rev, NULL, NULL, NULL, error); if (rev == NULL && error != NULL && *error == NULL) flatpak_fail_error (error, FLATPAK_ERROR_REF_NOT_FOUND, _(""Couldn't find latest checksum for ref %s in remote %s""), ref, state->remote_name); if (rev == NULL) { g_assert (error == NULL || *error != NULL); return FALSE; } } g_debug (""%s: Using commit %s for pull of ref %s from remote %s%s%s"", G_STRFUNC, rev, ref, state->remote_name, sideload_repo ? ""sideloaded from "" : """", sideload_repo ? flatpak_file_get_path_cached (sideload_repo) : """" ); if (repo == NULL) repo = self->repo; if (subpaths != NULL && subpaths[0] != NULL) { subdirs_arg = g_ptr_array_new_with_free_func (g_free); int i; g_ptr_array_add (subdirs_arg, g_strdup (""/metadata"")); for (i = 0; subpaths[i] != NULL; i++) g_ptr_array_add (subdirs_arg, g_build_filename (""/files"", subpaths[i], NULL)); g_ptr_array_add (subdirs_arg, NULL); } if (!flatpak_dir_setup_extra_data (self, state, repo, ref, rev, sideload_repo, token, flatpak_flags, progress, cancellable, error)) goto out; if (!ostree_repo_prepare_transaction (repo, NULL, cancellable, error)) goto out; flatpak_repo_resolve_rev (repo, NULL, state->remote_name, ref, TRUE, ¤t_checksum, NULL, NULL); if (!repo_pull (repo, state, subdirs_arg ? (const char **) subdirs_arg->pdata : NULL, ref, rev, sideload_repo, token, flatpak_flags, flags, progress, cancellable, error)) { g_prefix_error (error, _(""While pulling %s from remote %s: ""), ref, state->remote_name); goto out; } if (require_metadata) { g_autoptr(GVariant) commit_data = NULL; if (!ostree_repo_load_commit (repo, rev, &commit_data, NULL, error) || !validate_commit_metadata (commit_data, ref, (const char *)g_bytes_get_data (require_metadata, NULL), g_bytes_get_size (require_metadata), TRUE, error)) goto out; } if (!flatpak_dir_pull_extra_data (self, repo, state->remote_name, ref, rev, flatpak_flags, progress, cancellable, error)) goto out; if (!ostree_repo_commit_transaction (repo, NULL, cancellable, error)) goto out; ret = TRUE; if (repo == self->repo) name = flatpak_dir_get_name (self); else { GFile *file = ostree_repo_get_path (repo); name = g_file_get_path (file); } (flatpak_dir_log) (self, __FILE__, __LINE__, __FUNCTION__, name, ""pull"", state->remote_name, ref, rev, current_checksum, NULL, ""Pulled %s from %s"", ref, state->remote_name); out: if (!ret) { ostree_repo_abort_transaction (repo, cancellable, NULL); g_assert (error == NULL || *error != NULL); } return ret; }",visit repo url,common/flatpak-dir.c,https://github.com/flatpak/flatpak,193069007367329,1 2308,CWE-189,"int sequencer_write(int dev, struct file *file, const char __user *buf, int count) { unsigned char event_rec[EV_SZ], ev_code; int p = 0, c, ev_size; int mode = translate_mode(file); dev = dev >> 4; DEB(printk(""sequencer_write(dev=%d, count=%d)\n"", dev, count)); if (mode == OPEN_READ) return -EIO; c = count; while (c >= 4) { if (copy_from_user((char *) event_rec, &(buf)[p], 4)) goto out; ev_code = event_rec[0]; if (ev_code == SEQ_FULLSIZE) { int err, fmt; dev = *(unsigned short *) &event_rec[2]; if (dev < 0 || dev >= max_synthdev || synth_devs[dev] == NULL) return -ENXIO; if (!(synth_open_mask & (1 << dev))) return -ENXIO; fmt = (*(short *) &event_rec[0]) & 0xffff; err = synth_devs[dev]->load_patch(dev, fmt, buf, p + 4, c, 0); if (err < 0) return err; return err; } if (ev_code >= 128) { if (seq_mode == SEQ_2 && ev_code == SEQ_EXTENDED) { printk(KERN_WARNING ""Sequencer: Invalid level 2 event %x\n"", ev_code); return -EINVAL; } ev_size = 8; if (c < ev_size) { if (!seq_playing) seq_startplay(); return count - c; } if (copy_from_user((char *)&event_rec[4], &(buf)[p + 4], 4)) goto out; } else { if (seq_mode == SEQ_2) { printk(KERN_WARNING ""Sequencer: 4 byte event in level 2 mode\n""); return -EINVAL; } ev_size = 4; if (event_rec[0] != SEQ_MIDIPUTC) obsolete_api_used = 1; } if (event_rec[0] == SEQ_MIDIPUTC) { if (!midi_opened[event_rec[2]]) { int err, mode; int dev = event_rec[2]; if (dev >= max_mididev || midi_devs[dev]==NULL) { return -ENXIO; } mode = translate_mode(file); if ((err = midi_devs[dev]->open(dev, mode, sequencer_midi_input, sequencer_midi_output)) < 0) { seq_reset(); printk(KERN_WARNING ""Sequencer Error: Unable to open Midi #%d\n"", dev); return err; } midi_opened[dev] = 1; } } if (!seq_queue(event_rec, (file->f_flags & (O_NONBLOCK) ? 1 : 0))) { int processed = count - c; if (!seq_playing) seq_startplay(); if (!processed && (file->f_flags & O_NONBLOCK)) return -EAGAIN; else return processed; } p += ev_size; c -= ev_size; } if (!seq_playing) seq_startplay(); out: return count; }",visit repo url,sound/oss/sequencer.c,https://github.com/torvalds/linux,113100594422841,1 3037,CWE-119,"main(void) { #line 52 ""dt_test2.pgc"" date date1 ; #line 53 ""dt_test2.pgc"" timestamp ts1 , ts2 ; #line 54 ""dt_test2.pgc"" char * text ; #line 55 ""dt_test2.pgc"" interval * i1 ; #line 56 ""dt_test2.pgc"" date * dc ; #line 57 ""dt_test2.pgc"" int i, j; char *endptr; ECPGdebug(1, stderr); ts1 = PGTYPEStimestamp_from_asc(""2003-12-04 17:34:29"", NULL); text = PGTYPEStimestamp_to_asc(ts1); printf(""timestamp: %s\n"", text); free(text); date1 = PGTYPESdate_from_timestamp(ts1); dc = PGTYPESdate_new(); *dc = date1; text = PGTYPESdate_to_asc(*dc); printf(""Date of timestamp: %s\n"", text); free(text); PGTYPESdate_free(dc); for (i = 0; dates[i]; i++) { bool err = false; date1 = PGTYPESdate_from_asc(dates[i], &endptr); if (date1 == INT_MIN) { err = true; } text = PGTYPESdate_to_asc(date1); printf(""Date[%d]: %s (%c - %c)\n"", i, err ? ""-"" : text, endptr ? 'N' : 'Y', err ? 'T' : 'F'); free(text); if (!err) { for (j = 0; times[j]; j++) { int length = strlen(dates[i]) + 1 + strlen(times[j]) + 1; char* t = malloc(length); sprintf(t, ""%s %s"", dates[i], times[j]); ts1 = PGTYPEStimestamp_from_asc(t, NULL); text = PGTYPEStimestamp_to_asc(ts1); if (i != 19 || j != 3) printf(""TS[%d,%d]: %s\n"", i, j, errno ? ""-"" : text); free(text); free(t); } } } ts1 = PGTYPEStimestamp_from_asc(""2004-04-04 23:23:23"", NULL); for (i = 0; intervals[i]; i++) { interval *ic; i1 = PGTYPESinterval_from_asc(intervals[i], &endptr); if (*endptr) printf(""endptr set to %s\n"", endptr); if (!i1) { printf(""Error parsing interval %d\n"", i); continue; } j = PGTYPEStimestamp_add_interval(&ts1, i1, &ts2); if (j < 0) continue; text = PGTYPESinterval_to_asc(i1); printf(""interval[%d]: %s\n"", i, text ? text : ""-""); free(text); ic = PGTYPESinterval_new(); PGTYPESinterval_copy(i1, ic); text = PGTYPESinterval_to_asc(i1); printf(""interval_copy[%d]: %s\n"", i, text ? text : ""-""); free(text); PGTYPESinterval_free(ic); PGTYPESinterval_free(i1); } return (0); }",visit repo url,src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c,https://github.com/postgres/postgres,91389131379422,1 2644,[],"static int sctp_send_asconf_del_ip(struct sock *sk, struct sockaddr *addrs, int addrcnt) { struct sctp_sock *sp; struct sctp_endpoint *ep; struct sctp_association *asoc; struct sctp_transport *transport; struct sctp_bind_addr *bp; struct sctp_chunk *chunk; union sctp_addr *laddr; void *addr_buf; struct sctp_af *af; struct sctp_sockaddr_entry *saddr; int i; int retval = 0; if (!sctp_addip_enable) return retval; sp = sctp_sk(sk); ep = sp->ep; SCTP_DEBUG_PRINTK(""%s: (sk: %p, addrs: %p, addrcnt: %d)\n"", __func__, sk, addrs, addrcnt); list_for_each_entry(asoc, &ep->asocs, asocs) { if (!asoc->peer.asconf_capable) continue; if (asoc->peer.addip_disabled_mask & SCTP_PARAM_DEL_IP) continue; if (!sctp_state(asoc, ESTABLISHED)) continue; addr_buf = addrs; for (i = 0; i < addrcnt; i++) { laddr = (union sctp_addr *)addr_buf; af = sctp_get_af_specific(laddr->v4.sin_family); if (!af) { retval = -EINVAL; goto out; } if (!sctp_assoc_lookup_laddr(asoc, laddr)) break; addr_buf += af->sockaddr_len; } if (i < addrcnt) continue; bp = &asoc->base.bind_addr; laddr = sctp_find_unmatch_addr(bp, (union sctp_addr *)addrs, addrcnt, sp); if (!laddr) continue; chunk = sctp_make_asconf_update_ip(asoc, laddr, addrs, addrcnt, SCTP_PARAM_DEL_IP); if (!chunk) { retval = -ENOMEM; goto out; } addr_buf = addrs; for (i = 0; i < addrcnt; i++) { laddr = (union sctp_addr *)addr_buf; af = sctp_get_af_specific(laddr->v4.sin_family); list_for_each_entry(saddr, &bp->address_list, list) { if (sctp_cmp_addr_exact(&saddr->a, laddr)) saddr->state = SCTP_ADDR_DEL; } addr_buf += af->sockaddr_len; } list_for_each_entry(transport, &asoc->peer.transport_addr_list, transports) { dst_release(transport->dst); sctp_transport_route(transport, NULL, sctp_sk(asoc->base.sk)); } retval = sctp_send_asconf(asoc, chunk); } out: return retval; }",linux-2.6,,,321318201692646764097248683273362510954,0 3426,['CWE-264'],"static int page_cache_pipe_buf_pin(struct pipe_inode_info *pipe, struct pipe_buffer *buf) { struct page *page = buf->page; int err; if (!PageUptodate(page)) { lock_page(page); if (!page->mapping) { err = -ENODATA; goto error; } if (!PageUptodate(page)) { err = -EIO; goto error; } unlock_page(page); } return 0; error: unlock_page(page); return err; }",linux-2.6,,,250712596109649273256901381088784263809,0 2374,CWE-787,"static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPacket *avpkt) { EXRContext *s = avctx->priv_data; ThreadFrame frame = { .f = data }; AVFrame *picture = data; uint8_t *ptr; int i, y, ret, ymax; int planes; int out_line_size; int nb_blocks; uint64_t start_offset_table; uint64_t start_next_scanline; PutByteContext offset_table_writer; bytestream2_init(&s->gb, avpkt->data, avpkt->size); if ((ret = decode_header(s, picture)) < 0) return ret; switch (s->pixel_type) { case EXR_FLOAT: case EXR_HALF: if (s->channel_offsets[3] >= 0) { if (!s->is_luma) { avctx->pix_fmt = AV_PIX_FMT_GBRAPF32; } else { avctx->pix_fmt = AV_PIX_FMT_GBRAPF32; } } else { if (!s->is_luma) { avctx->pix_fmt = AV_PIX_FMT_GBRPF32; } else { avctx->pix_fmt = AV_PIX_FMT_GRAYF32; } } break; case EXR_UINT: if (s->channel_offsets[3] >= 0) { if (!s->is_luma) { avctx->pix_fmt = AV_PIX_FMT_RGBA64; } else { avctx->pix_fmt = AV_PIX_FMT_YA16; } } else { if (!s->is_luma) { avctx->pix_fmt = AV_PIX_FMT_RGB48; } else { avctx->pix_fmt = AV_PIX_FMT_GRAY16; } } break; default: av_log(avctx, AV_LOG_ERROR, ""Missing channel list.\n""); return AVERROR_INVALIDDATA; } if (s->apply_trc_type != AVCOL_TRC_UNSPECIFIED) avctx->color_trc = s->apply_trc_type; switch (s->compression) { case EXR_RAW: case EXR_RLE: case EXR_ZIP1: s->scan_lines_per_block = 1; break; case EXR_PXR24: case EXR_ZIP16: s->scan_lines_per_block = 16; break; case EXR_PIZ: case EXR_B44: case EXR_B44A: s->scan_lines_per_block = 32; break; default: avpriv_report_missing_feature(avctx, ""Compression %d"", s->compression); return AVERROR_PATCHWELCOME; } if (s->xmin > s->xmax || s->ymin > s->ymax || s->ydelta == 0xFFFFFFFF || s->xdelta == 0xFFFFFFFF) { av_log(avctx, AV_LOG_ERROR, ""Wrong or missing size information.\n""); return AVERROR_INVALIDDATA; } if ((ret = ff_set_dimensions(avctx, s->w, s->h)) < 0) return ret; s->desc = av_pix_fmt_desc_get(avctx->pix_fmt); if (!s->desc) return AVERROR_INVALIDDATA; if (s->desc->flags & AV_PIX_FMT_FLAG_FLOAT) { planes = s->desc->nb_components; out_line_size = avctx->width * 4; } else { planes = 1; out_line_size = avctx->width * 2 * s->desc->nb_components; } if (s->is_tile) { nb_blocks = ((s->xdelta + s->tile_attr.xSize - 1) / s->tile_attr.xSize) * ((s->ydelta + s->tile_attr.ySize - 1) / s->tile_attr.ySize); } else { nb_blocks = (s->ydelta + s->scan_lines_per_block - 1) / s->scan_lines_per_block; } if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0) return ret; if (bytestream2_get_bytes_left(&s->gb)/8 < nb_blocks) return AVERROR_INVALIDDATA; if (!s->is_tile && bytestream2_peek_le64(&s->gb) == 0) { av_log(s->avctx, AV_LOG_DEBUG, ""recreating invalid scanline offset table\n""); start_offset_table = bytestream2_tell(&s->gb); start_next_scanline = start_offset_table + nb_blocks * 8; bytestream2_init_writer(&offset_table_writer, &avpkt->data[start_offset_table], nb_blocks * 8); for (y = 0; y < nb_blocks; y++) { bytestream2_put_le64(&offset_table_writer, start_next_scanline); bytestream2_seek(&s->gb, start_next_scanline + 4, SEEK_SET); start_next_scanline += (bytestream2_get_le32(&s->gb) + 8); } bytestream2_seek(&s->gb, start_offset_table, SEEK_SET); } s->buf = avpkt->data; s->buf_size = avpkt->size; for (i = 0; i < planes; i++) { ptr = picture->data[i]; for (y = 0; y < FFMIN(s->ymin, s->h); y++) { memset(ptr, 0, out_line_size); ptr += picture->linesize[i]; } } s->picture = picture; avctx->execute2(avctx, decode_block, s->thread_data, NULL, nb_blocks); ymax = FFMAX(0, s->ymax + 1); for (i = 0; i < planes; i++) { ptr = picture->data[i] + (ymax * picture->linesize[i]); for (y = ymax; y < avctx->height; y++) { memset(ptr, 0, out_line_size); ptr += picture->linesize[i]; } } picture->pict_type = AV_PICTURE_TYPE_I; *got_frame = 1; return avpkt->size; }",visit repo url,libavcodec/exr.c,https://github.com/FFmpeg/FFmpeg,101424598390044,1 6358,['CWE-200'],"__nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq, int type, int len, int flags) { struct nlmsghdr *nlh; int size = NLMSG_LENGTH(len); nlh = (struct nlmsghdr*)skb_put(skb, NLMSG_ALIGN(size)); nlh->nlmsg_type = type; nlh->nlmsg_len = size; nlh->nlmsg_flags = flags; nlh->nlmsg_pid = pid; nlh->nlmsg_seq = seq; memset(NLMSG_DATA(nlh) + len, 0, NLMSG_ALIGN(size) - size); return nlh; }",linux-2.6,,,263568561037541708052979296236954793624,0 890,['CWE-200'],"shmem_file_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { struct inode *inode = file->f_path.dentry->d_inode; loff_t pos; unsigned long written; ssize_t err; if ((ssize_t) count < 0) return -EINVAL; if (!access_ok(VERIFY_READ, buf, count)) return -EFAULT; mutex_lock(&inode->i_mutex); pos = *ppos; written = 0; err = generic_write_checks(file, &pos, &count, 0); if (err || !count) goto out; err = remove_suid(file->f_path.dentry); if (err) goto out; inode->i_ctime = inode->i_mtime = CURRENT_TIME; do { struct page *page = NULL; unsigned long bytes, index, offset; char *kaddr; int left; offset = (pos & (PAGE_CACHE_SIZE -1)); index = pos >> PAGE_CACHE_SHIFT; bytes = PAGE_CACHE_SIZE - offset; if (bytes > count) bytes = count; err = shmem_getpage(inode, index, &page, SGP_WRITE, NULL); if (err) break; left = bytes; if (PageHighMem(page)) { volatile unsigned char dummy; __get_user(dummy, buf); __get_user(dummy, buf + bytes - 1); kaddr = kmap_atomic(page, KM_USER0); left = __copy_from_user_inatomic(kaddr + offset, buf, bytes); kunmap_atomic(kaddr, KM_USER0); } if (left) { kaddr = kmap(page); left = __copy_from_user(kaddr + offset, buf, bytes); kunmap(page); } written += bytes; count -= bytes; pos += bytes; buf += bytes; if (pos > inode->i_size) i_size_write(inode, pos); flush_dcache_page(page); set_page_dirty(page); mark_page_accessed(page); page_cache_release(page); if (left) { pos -= left; written -= left; err = -EFAULT; break; } cond_resched(); } while (count); *ppos = pos; if (written) err = written; out: mutex_unlock(&inode->i_mutex); return err; }",linux-2.6,,,165584086320698627918775187520948798039,0 5751,['CWE-200'],"static int irda_listen(struct socket *sock, int backlog) { struct sock *sk = sock->sk; IRDA_DEBUG(2, ""%s()\n"", __func__); if ((sk->sk_type != SOCK_STREAM) && (sk->sk_type != SOCK_SEQPACKET) && (sk->sk_type != SOCK_DGRAM)) return -EOPNOTSUPP; if (sk->sk_state != TCP_LISTEN) { sk->sk_max_ack_backlog = backlog; sk->sk_state = TCP_LISTEN; return 0; } return -EOPNOTSUPP; }",linux-2.6,,,5255962213009473379590468168822067332,0 4356,CWE-59,"int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, rpmpsm psm, char ** failedFile) { FD_t payload = rpmtePayload(te); rpmfi fi = rpmfiNewArchiveReader(payload, files, RPMFI_ITER_READ_ARCHIVE); rpmfs fs = rpmteGetFileStates(te); rpmPlugins plugins = rpmtsPlugins(ts); struct stat sb; int saveerrno = errno; int rc = 0; int nodigest = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOFILEDIGEST) ? 1 : 0; int nofcaps = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOCAPS) ? 1 : 0; int firsthardlink = -1; int skip; rpmFileAction action; char *tid = NULL; const char *suffix; char *fpath = NULL; if (fi == NULL) { rc = RPMERR_BAD_MAGIC; goto exit; } rasprintf(&tid, "";%08x"", (unsigned)rpmtsGetTid(ts)); rc = fsmMkdirs(files, fs, plugins); while (!rc) { rc = rpmfiNext(fi); if (rc < 0) { if (rc == RPMERR_ITER_END) rc = 0; break; } action = rpmfsGetAction(fs, rpmfiFX(fi)); skip = XFA_SKIPPING(action); suffix = S_ISDIR(rpmfiFMode(fi)) ? NULL : tid; if (action != FA_TOUCH) { fpath = fsmFsPath(fi, suffix); } else { fpath = fsmFsPath(fi, """"); } rc = rpmfiStat(fi, 1, &sb); fsmDebug(fpath, action, &sb); if (rc) break; rc = rpmpluginsCallFsmFilePre(plugins, fi, fpath, sb.st_mode, action); if (rc) { skip = 1; } else { setFileState(fs, rpmfiFX(fi)); } if (!skip) { int setmeta = 1; if (!suffix) { rc = fsmBackup(fi, action); } if (!suffix) { rc = fsmVerify(fpath, fi); } else { rc = (action == FA_TOUCH) ? 0 : RPMERR_ENOENT; } if (S_ISREG(sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmMkfile(fi, fpath, files, psm, nodigest, &setmeta, &firsthardlink); } } else if (S_ISDIR(sb.st_mode)) { if (rc == RPMERR_ENOENT) { mode_t mode = sb.st_mode; mode &= ~07777; mode |= 00700; rc = fsmMkdir(fpath, mode); } } else if (S_ISLNK(sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmSymlink(rpmfiFLink(fi), fpath); } } else if (S_ISFIFO(sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmMkfifo(fpath, 0000); } } else if (S_ISCHR(sb.st_mode) || S_ISBLK(sb.st_mode) || S_ISSOCK(sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmMknod(fpath, sb.st_mode, sb.st_rdev); } } else { if (!IS_DEV_LOG(fpath)) rc = RPMERR_UNKNOWN_FILETYPE; } if (!rc && setmeta) { rc = fsmSetmeta(fpath, fi, plugins, action, &sb, nofcaps); } } else if (firsthardlink >= 0 && rpmfiArchiveHasContent(fi)) { char *fn = rpmfilesFN(files, firsthardlink); rc = expandRegular(fi, fn, psm, nodigest, 0); firsthardlink = -1; free(fn); } if (rc) { if (!skip) { if (suffix && (action != FA_TOUCH)) { (void) fsmRemove(fpath, sb.st_mode); } errno = saveerrno; } } else { rpmpsmNotify(psm, RPMCALLBACK_INST_PROGRESS, rpmfiArchiveTell(fi)); if (!skip) { if (suffix) rc = fsmBackup(fi, action); if (!rc) rc = fsmCommit(&fpath, fi, action, suffix); } } if (rc) *failedFile = xstrdup(fpath); rpmpluginsCallFsmFilePost(plugins, fi, fpath, sb.st_mode, action, rc); fpath = _free(fpath); } rpmswAdd(rpmtsOp(ts, RPMTS_OP_UNCOMPRESS), fdOp(payload, FDSTAT_READ)); rpmswAdd(rpmtsOp(ts, RPMTS_OP_DIGEST), fdOp(payload, FDSTAT_DIGEST)); exit: rpmfiArchiveClose(fi); rpmfiFree(fi); Fclose(payload); free(tid); free(fpath); return rc; }",visit repo url,lib/fsm.c,https://github.com/rpm-software-management/rpm,208223871032474,1 1211,CWE-400,"static void kgdb_hw_overflow_handler(struct perf_event *event, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { struct task_struct *tsk = current; int i; for (i = 0; i < 4; i++) if (breakinfo[i].enabled) tsk->thread.debugreg6 |= (DR_TRAP0 << i); }",visit repo url,arch/x86/kernel/kgdb.c,https://github.com/torvalds/linux,9330703926663,1 6424,CWE-20,"void lpc546xxEthEnableIrq(NetInterface *interface) { NVIC_EnableIRQ(ETHERNET_IRQn); if(interface->phyDriver != NULL) { interface->phyDriver->enableIrq(interface); } else if(interface->switchDriver != NULL) { interface->switchDriver->enableIrq(interface); } else { } }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,21080779635102,1 5778,['CWE-200'],"static int rose_device_event(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *dev = (struct net_device *)ptr; if (!net_eq(dev_net(dev), &init_net)) return NOTIFY_DONE; if (event != NETDEV_DOWN) return NOTIFY_DONE; switch (dev->type) { case ARPHRD_ROSE: rose_kill_by_device(dev); break; case ARPHRD_AX25: rose_link_device_down(dev); rose_rt_device_down(dev); break; } return NOTIFY_DONE; }",linux-2.6,,,169851340759627585236738845495358113032,0 3442,['CWE-264'],"generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags) { struct address_space *mapping = out->f_mapping; struct inode *inode = mapping->host; ssize_t ret; int err; err = should_remove_suid(out->f_dentry); if (unlikely(err)) { mutex_lock(&inode->i_mutex); err = __remove_suid(out->f_dentry, err); mutex_unlock(&inode->i_mutex); if (err) return err; } ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file); if (ret > 0) { *ppos += ret; if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) { mutex_lock(&inode->i_mutex); err = generic_osync_inode(inode, mapping, OSYNC_METADATA|OSYNC_DATA); mutex_unlock(&inode->i_mutex); if (err) ret = err; } } return ret; }",linux-2.6,,,225520489727463432598588928314741472553,0 91,CWE-772,"modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY, arg->rec.principal, &rp) || kadm5int_acl_impose_restrictions(handle->context, &arg->rec, &arg->mask, rp)) { ret.code = KADM5_AUTH_MODIFY; log_unauth(""kadm5_modify_principal"", prime_arg, &client_name, &service_name, rqstp); } else { ret.code = kadm5_modify_principal((void *)handle, &arg->rec, arg->mask); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_modify_principal"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,76793022697417,1 6648,['CWE-200'],"get_active_connection (GtkTreeView *treeview) { GtkTreeSelection *selection; GList *selected_rows; GtkTreeModel *model = NULL; GtkTreeIter iter; NMExportedConnection *exported = NULL; selection = gtk_tree_view_get_selection (treeview); selected_rows = gtk_tree_selection_get_selected_rows (selection, &model); if (!selected_rows) return NULL; if (gtk_tree_model_get_iter (model, &iter, (GtkTreePath *) selected_rows->data)) gtk_tree_model_get (model, &iter, COL_CONNECTION, &exported, -1); g_list_foreach (selected_rows, (GFunc) gtk_tree_path_free, NULL); g_list_free (selected_rows); return exported; }",network-manager-applet,,,206178490515917965861152946199508847690,0 4736,CWE-476,"ResolveStateAndPredicate(ExprDef *expr, enum xkb_match_operation *pred_rtrn, xkb_mod_mask_t *mods_rtrn, CompatInfo *info) { if (expr == NULL) { *pred_rtrn = MATCH_ANY_OR_NONE; *mods_rtrn = MOD_REAL_MASK_ALL; return true; } *pred_rtrn = MATCH_EXACTLY; if (expr->expr.op == EXPR_ACTION_DECL) { const char *pred_txt = xkb_atom_text(info->ctx, expr->action.name); if (!LookupString(symInterpretMatchMaskNames, pred_txt, pred_rtrn)) { log_err(info->ctx, ""Illegal modifier predicate \""%s\""; Ignored\n"", pred_txt); return false; } expr = expr->action.args; } else if (expr->expr.op == EXPR_IDENT) { const char *pred_txt = xkb_atom_text(info->ctx, expr->ident.ident); if (pred_txt && istreq(pred_txt, ""any"")) { *pred_rtrn = MATCH_ANY; *mods_rtrn = MOD_REAL_MASK_ALL; return true; } } return ExprResolveModMask(info->ctx, expr, MOD_REAL, &info->mods, mods_rtrn); }",visit repo url,src/xkbcomp/compat.c,https://github.com/xkbcommon/libxkbcommon,61015554447329,1 1317,['CWE-119'],"static int help(struct sk_buff *skb, unsigned int protoff, struct nf_conn *ct, enum ip_conntrack_info ctinfo) { int dir = CTINFO2DIR(ctinfo); unsigned int ret; const struct iphdr *iph = ip_hdr(skb); const struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); if (udph->source == htons(SNMP_PORT) && dir != IP_CT_DIR_REPLY) return NF_ACCEPT; if (udph->dest == htons(SNMP_TRAP_PORT) && dir != IP_CT_DIR_ORIGINAL) return NF_ACCEPT; if (!(ct->status & IPS_NAT_MASK)) return NF_ACCEPT; if (ntohs(udph->len) != skb->len - (iph->ihl << 2)) { if (net_ratelimit()) printk(KERN_WARNING ""SNMP: dropping malformed packet "" ""src=%u.%u.%u.%u dst=%u.%u.%u.%u\n"", NIPQUAD(iph->saddr), NIPQUAD(iph->daddr)); return NF_DROP; } if (!skb_make_writable(skb, skb->len)) return NF_DROP; spin_lock_bh(&snmp_lock); ret = snmp_translate(ct, ctinfo, skb); spin_unlock_bh(&snmp_lock); return ret; }",linux-2.6,,,99142440322720272450688087286760751565,0 75,['CWE-787'],"void pci_cirrus_vga_init(PCIBus *bus, DisplayState *ds, uint8_t *vga_ram_base, unsigned long vga_ram_offset, int vga_ram_size) { PCICirrusVGAState *d; uint8_t *pci_conf; CirrusVGAState *s; int device_id; device_id = CIRRUS_ID_CLGD5446; d = (PCICirrusVGAState *)pci_register_device(bus, ""Cirrus VGA"", sizeof(PCICirrusVGAState), -1, NULL, NULL); pci_conf = d->dev.config; pci_conf[0x00] = (uint8_t) (PCI_VENDOR_CIRRUS & 0xff); pci_conf[0x01] = (uint8_t) (PCI_VENDOR_CIRRUS >> 8); pci_conf[0x02] = (uint8_t) (device_id & 0xff); pci_conf[0x03] = (uint8_t) (device_id >> 8); pci_conf[0x04] = PCI_COMMAND_IOACCESS | PCI_COMMAND_MEMACCESS; pci_conf[0x0a] = PCI_CLASS_SUB_VGA; pci_conf[0x0b] = PCI_CLASS_BASE_DISPLAY; pci_conf[0x0e] = PCI_CLASS_HEADERTYPE_00h; s = &d->cirrus_vga; vga_common_init((VGAState *)s, ds, vga_ram_base, vga_ram_offset, vga_ram_size); cirrus_init_common(s, device_id, 1); graphic_console_init(s->ds, s->update, s->invalidate, s->screen_dump, s->text_update, s); s->pci_dev = (PCIDevice *)d; pci_register_io_region((PCIDevice *)d, 0, 0x2000000, PCI_ADDRESS_SPACE_MEM_PREFETCH, cirrus_pci_lfb_map); if (device_id == CIRRUS_ID_CLGD5446) { pci_register_io_region((PCIDevice *)d, 1, CIRRUS_PNPMMIO_SIZE, PCI_ADDRESS_SPACE_MEM, cirrus_pci_mmio_map); } }",qemu,,,66904972107156771773725884939132833585,0 898,['CWE-200'],"struct file *shmem_file_setup(char *name, loff_t size, unsigned long flags) { int error; struct file *file; struct inode *inode; struct dentry *dentry, *root; struct qstr this; if (IS_ERR(shm_mnt)) return (void *)shm_mnt; if (size < 0 || size > SHMEM_MAX_BYTES) return ERR_PTR(-EINVAL); if (shmem_acct_size(flags, size)) return ERR_PTR(-ENOMEM); error = -ENOMEM; this.name = name; this.len = strlen(name); this.hash = 0; root = shm_mnt->mnt_root; dentry = d_alloc(root, &this); if (!dentry) goto put_memory; error = -ENFILE; file = get_empty_filp(); if (!file) goto put_dentry; error = -ENOSPC; inode = shmem_get_inode(root->d_sb, S_IFREG | S_IRWXUGO, 0); if (!inode) goto close_file; SHMEM_I(inode)->flags = flags & VM_ACCOUNT; d_instantiate(dentry, inode); inode->i_size = size; inode->i_nlink = 0; init_file(file, shm_mnt, dentry, FMODE_WRITE | FMODE_READ, &shmem_file_operations); return file; close_file: put_filp(file); put_dentry: dput(dentry); put_memory: shmem_unacct_size(flags, size); return ERR_PTR(error); }",linux-2.6,,,28281390734012622810665742955649434931,0 5610,[],"static inline int may_ptrace_stop(void) { if (!likely(task_ptrace(current))) return 0; if (unlikely(current->mm->core_state) && unlikely(current->mm == current->parent->mm)) return 0; return 1; }",linux-2.6,,,271616955382290541409052073290759029762,0 450,[],"pfm_buf_fmt_getsize(pfm_buffer_fmt_t *fmt, struct task_struct *task, unsigned int flags, int cpu, void *arg, unsigned long *size) { int ret = 0; if (fmt->fmt_getsize) ret = (*fmt->fmt_getsize)(task, flags, cpu, arg, size); return ret; }",linux-2.6,,,167124300505254470062825663278181023298,0 6134,['CWE-200'],"rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *errp) { struct rtnetlink_link *link; struct rtnetlink_link *link_tab; int sz_idx, kind; int min_len; int family; int type; int err; if (!(nlh->nlmsg_flags&NLM_F_REQUEST)) return 0; type = nlh->nlmsg_type; if (type < RTM_BASE) return 0; if (type > RTM_MAX) goto err_inval; type -= RTM_BASE; if (nlh->nlmsg_len < NLMSG_LENGTH(sizeof(struct rtgenmsg))) return 0; family = ((struct rtgenmsg*)NLMSG_DATA(nlh))->rtgen_family; if (family >= NPROTO) { *errp = -EAFNOSUPPORT; return -1; } link_tab = rtnetlink_links[family]; if (link_tab == NULL) link_tab = rtnetlink_links[PF_UNSPEC]; link = &link_tab[type]; sz_idx = type>>2; kind = type&3; if (kind != 2 && security_netlink_recv(skb)) { *errp = -EPERM; return -1; } if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { u32 rlen; if (link->dumpit == NULL) link = &(rtnetlink_links[PF_UNSPEC][type]); if (link->dumpit == NULL) goto err_inval; if ((*errp = netlink_dump_start(rtnl, skb, nlh, link->dumpit, rtnetlink_done)) != 0) { return -1; } rlen = NLMSG_ALIGN(nlh->nlmsg_len); if (rlen > skb->len) rlen = skb->len; skb_pull(skb, rlen); return -1; } memset(rta_buf, 0, (rtattr_max * sizeof(struct rtattr *))); min_len = rtm_min[sz_idx]; if (nlh->nlmsg_len < min_len) goto err_inval; if (nlh->nlmsg_len > min_len) { int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); struct rtattr *attr = (void*)nlh + NLMSG_ALIGN(min_len); while (RTA_OK(attr, attrlen)) { unsigned flavor = attr->rta_type; if (flavor) { if (flavor > rta_max[sz_idx]) goto err_inval; rta_buf[flavor-1] = attr; } attr = RTA_NEXT(attr, attrlen); } } if (link->doit == NULL) link = &(rtnetlink_links[PF_UNSPEC][type]); if (link->doit == NULL) goto err_inval; err = link->doit(skb, nlh, (void *)&rta_buf[0]); *errp = err; return err; err_inval: *errp = -EINVAL; return -1; }",linux-2.6,,,315174260617463272231501016682750363409,0 5568,CWE-125,"ast2obj_arg(void* _o) { arg_ty o = (arg_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(arg_type, NULL, NULL); if (!result) return NULL; value = ast2obj_identifier(o->arg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_arg, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->annotation); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_annotation, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_int(o->lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) < 0) goto failed; Py_DECREF(value); value = ast2obj_int(o->col_offset); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_col_offset, value) < 0) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,254764894801723,1 1135,['CWE-399'],"static int s390_regs_set(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, const void *kbuf, const void __user *ubuf) { int rc = 0; if (target == current) save_access_regs(target->thread.acrs); if (kbuf) { const unsigned long *k = kbuf; while (count > 0 && !rc) { rc = __poke_user(target, pos, *k++); count -= sizeof(*k); pos += sizeof(*k); } } else { const unsigned long __user *u = ubuf; while (count > 0 && !rc) { unsigned long word; rc = __get_user(word, u++); if (rc) break; rc = __poke_user(target, pos, word); count -= sizeof(*u); pos += sizeof(*u); } } if (rc == 0 && target == current) restore_access_regs(target->thread.acrs); return rc; }",linux-2.6,,,12415915873243111452631790385667416136,0 1366,[],"hrtick_start_fair(struct rq *rq, struct task_struct *p) { }",linux-2.6,,,303064253235374157006145312793995431706,0 1444,[],"__load_balance_iterator(struct cfs_rq *cfs_rq, struct rb_node *curr) { struct task_struct *p = NULL; struct sched_entity *se; if (!curr) return NULL; do { se = rb_entry(curr, struct sched_entity, run_node); curr = rb_next(curr); } while (curr && !entity_is_task(se)); cfs_rq->rb_load_balance_curr = curr; if (entity_is_task(se)) p = task_of(se); return p; }",linux-2.6,,,8172638630788644671251470913262415014,0 2013,CWE-681,"static void scalar32_min_max_or(struct bpf_reg_state *dst_reg, struct bpf_reg_state *src_reg) { bool src_known = tnum_subreg_is_const(src_reg->var_off); bool dst_known = tnum_subreg_is_const(dst_reg->var_off); struct tnum var32_off = tnum_subreg(dst_reg->var_off); s32 smin_val = src_reg->smin_value; u32 umin_val = src_reg->umin_value; if (src_known && dst_known) return; dst_reg->u32_min_value = max(dst_reg->u32_min_value, umin_val); dst_reg->u32_max_value = var32_off.value | var32_off.mask; if (dst_reg->s32_min_value < 0 || smin_val < 0) { dst_reg->s32_min_value = S32_MIN; dst_reg->s32_max_value = S32_MAX; } else { dst_reg->s32_min_value = dst_reg->umin_value; dst_reg->s32_max_value = dst_reg->umax_value; } }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,202632133020681,1 2888,['CWE-189'],"static int mif_process_cmpt(mif_hdr_t *hdr, char *buf) { jas_tvparser_t *tvp; mif_cmpt_t *cmpt; int id; cmpt = 0; tvp = 0; if (!(cmpt = mif_cmpt_create())) { goto error; } cmpt->tlx = 0; cmpt->tly = 0; cmpt->sampperx = 0; cmpt->samppery = 0; cmpt->width = 0; cmpt->height = 0; cmpt->prec = 0; cmpt->sgnd = -1; cmpt->data = 0; if (!(tvp = jas_tvparser_create(buf))) { goto error; } while (!(id = jas_tvparser_next(tvp))) { switch (jas_taginfo_nonull(jas_taginfos_lookup(mif_tags, jas_tvparser_gettag(tvp)))->id) { case MIF_TLX: cmpt->tlx = atoi(jas_tvparser_getval(tvp)); break; case MIF_TLY: cmpt->tly = atoi(jas_tvparser_getval(tvp)); break; case MIF_WIDTH: cmpt->width = atoi(jas_tvparser_getval(tvp)); break; case MIF_HEIGHT: cmpt->height = atoi(jas_tvparser_getval(tvp)); break; case MIF_HSAMP: cmpt->sampperx = atoi(jas_tvparser_getval(tvp)); break; case MIF_VSAMP: cmpt->samppery = atoi(jas_tvparser_getval(tvp)); break; case MIF_PREC: cmpt->prec = atoi(jas_tvparser_getval(tvp)); break; case MIF_SGND: cmpt->sgnd = atoi(jas_tvparser_getval(tvp)); break; case MIF_DATA: if (!(cmpt->data = jas_strdup(jas_tvparser_getval(tvp)))) { return -1; } break; } } if (!cmpt->sampperx || !cmpt->samppery) { goto error; } if (mif_hdr_addcmpt(hdr, hdr->numcmpts, cmpt)) { goto error; } jas_tvparser_destroy(tvp); return 0; error: if (cmpt) { mif_cmpt_destroy(cmpt); } if (tvp) { jas_tvparser_destroy(tvp); } return -1; }",jasper,,,321844160789757923228324159251381235818,0 6639,['CWE-200'],"applet_get_device_icon_for_state (NMApplet *applet, char **tip) { NMActiveConnection *active; NMDevice *device = NULL; GdkPixbuf *pixbuf = NULL; NMDeviceState state = NM_DEVICE_STATE_UNKNOWN; NMADeviceClass *dclass; active = applet_get_best_activating_connection (applet, &device); if (!active || !device) { active = applet_get_default_active_connection (applet, &device); if (!active || !device) goto out; } state = nm_device_get_state (device); dclass = get_device_class (device, applet); if (dclass) { NMConnection *connection; connection = applet_find_active_connection_for_device (device, applet, NULL); pixbuf = dclass->get_icon (device, state, connection, tip, applet); if (!*tip) *tip = get_tip_for_device_state (device, state, connection); } out: if (!pixbuf) pixbuf = applet_common_get_device_icon (state, applet); return pixbuf; }",network-manager-applet,,,183236602533343367078780202395035444773,0 2977,CWE-125,"do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, int swap, uint32_t namesz, uint32_t descsz, size_t noff, size_t doff, int *flags, size_t size, int clazz) { #ifdef ELFCORE int os_style = -1; if ((namesz == 4 && strncmp((char *)&nbuf[noff], ""CORE"", 4) == 0) || (namesz == 5 && strcmp((char *)&nbuf[noff], ""CORE"") == 0)) { os_style = OS_STYLE_SVR4; } if ((namesz == 8 && strcmp((char *)&nbuf[noff], ""FreeBSD"") == 0)) { os_style = OS_STYLE_FREEBSD; } if ((namesz >= 11 && strncmp((char *)&nbuf[noff], ""NetBSD-CORE"", 11) == 0)) { os_style = OS_STYLE_NETBSD; } if (os_style != -1 && (*flags & FLAGS_DID_CORE_STYLE) == 0) { if (file_printf(ms, "", %s-style"", os_style_names[os_style]) == -1) return 1; *flags |= FLAGS_DID_CORE_STYLE; *flags |= os_style; } switch (os_style) { case OS_STYLE_NETBSD: if (type == NT_NETBSD_CORE_PROCINFO) { char sbuf[512]; struct NetBSD_elfcore_procinfo pi; memset(&pi, 0, sizeof(pi)); memcpy(&pi, nbuf + doff, descsz); if (file_printf(ms, "", from '%.31s', pid=%u, uid=%u, "" ""gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)"", file_printable(sbuf, sizeof(sbuf), CAST(char *, pi.cpi_name)), elf_getu32(swap, (uint32_t)pi.cpi_pid), elf_getu32(swap, pi.cpi_euid), elf_getu32(swap, pi.cpi_egid), elf_getu32(swap, pi.cpi_nlwps), elf_getu32(swap, (uint32_t)pi.cpi_siglwp), elf_getu32(swap, pi.cpi_signo), elf_getu32(swap, pi.cpi_sigcode)) == -1) return 1; *flags |= FLAGS_DID_CORE; return 1; } break; default: if (type == NT_PRPSINFO && *flags & FLAGS_IS_CORE) { size_t i, j; unsigned char c; for (i = 0; i < NOFFSETS; i++) { unsigned char *cname, *cp; size_t reloffset = prpsoffsets(i); size_t noffset = doff + reloffset; size_t k; for (j = 0; j < 16; j++, noffset++, reloffset++) { if (noffset >= size) goto tryanother; if (reloffset >= descsz) goto tryanother; c = nbuf[noffset]; if (c == '\0') { if (j == 0) goto tryanother; else break; } else { if (!isprint(c) || isquote(c)) goto tryanother; } } for (k = i + 1 ; k < NOFFSETS; k++) { size_t no; int adjust = 1; if (prpsoffsets(k) >= prpsoffsets(i)) continue; for (no = doff + prpsoffsets(k); no < doff + prpsoffsets(i); no++) adjust = adjust && isprint(nbuf[no]); if (adjust) i = k; } cname = (unsigned char *) &nbuf[doff + prpsoffsets(i)]; for (cp = cname; *cp && isprint(*cp); cp++) continue; while (cp > cname && isspace(cp[-1])) cp--; if (file_printf(ms, "", from '%.*s'"", (int)(cp - cname), cname) == -1) return 1; *flags |= FLAGS_DID_CORE; return 1; tryanother: ; } } break; } #endif return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,84665060823788,1 510,[],"static void snd_free_dev_pages(struct device *dev, size_t size, void *ptr, dma_addr_t dma) { int pg; if (ptr == NULL) return; pg = get_order(size); dec_snd_pages(pg); dma_free_coherent(dev, PAGE_SIZE << pg, ptr, dma); }",linux-2.6,,,189834855944337122567113067512784294490,0 5935,CWE-120,"static Jsi_RC NumberToStringCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { char buf[500]; int radix = 10, skip = 0, argc = Jsi_ValueGetLength(interp, args); Jsi_Number num; Jsi_Value *v; ChkStringN(_this, funcPtr, v); Jsi_GetDoubleFromValue(interp, v, &num); if (argc>skip && (Jsi_GetIntFromValue(interp, Jsi_ValueArrayIndex(interp, args, skip), &radix) != JSI_OK || radix<2)) return JSI_ERROR; if (argc==skip) return jsi_ObjectToStringCmd(interp, args, _this, ret, funcPtr); switch (radix) { case 16: snprintf(buf, sizeof(buf), ""%"" PRIx64, (Jsi_Wide)num); break; case 8: snprintf(buf, sizeof(buf), ""%"" PRIo64, (Jsi_Wide)num); break; case 10: snprintf(buf, sizeof(buf), ""%"" PRId64, (Jsi_Wide)num); break; default: return jsi_ObjectToStringCmd(interp, args, _this, ret, funcPtr); } Jsi_ValueMakeStringDup(interp, ret, buf); return JSI_OK; }",visit repo url,src/jsiNumber.c,https://github.com/pcmacdon/jsish,231809368988758,1 423,CWE-476,"static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, struct netlink_ext_ack *extack) { struct net *net = sock_net(in_skb->sk); struct rtmsg *rtm; struct nlattr *tb[RTA_MAX+1]; struct fib_result res = {}; struct rtable *rt = NULL; struct flowi4 fl4; __be32 dst = 0; __be32 src = 0; u32 iif; int err; int mark; struct sk_buff *skb; u32 table_id = RT_TABLE_MAIN; kuid_t uid; err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv4_policy, extack); if (err < 0) goto errout; rtm = nlmsg_data(nlh); skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) { err = -ENOBUFS; goto errout; } skb_reset_mac_header(skb); skb_reset_network_header(skb); src = tb[RTA_SRC] ? nla_get_in_addr(tb[RTA_SRC]) : 0; dst = tb[RTA_DST] ? nla_get_in_addr(tb[RTA_DST]) : 0; iif = tb[RTA_IIF] ? nla_get_u32(tb[RTA_IIF]) : 0; mark = tb[RTA_MARK] ? nla_get_u32(tb[RTA_MARK]) : 0; if (tb[RTA_UID]) uid = make_kuid(current_user_ns(), nla_get_u32(tb[RTA_UID])); else uid = (iif ? INVALID_UID : current_uid()); ip_hdr(skb)->protocol = IPPROTO_UDP; ip_hdr(skb)->saddr = src; ip_hdr(skb)->daddr = dst; skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr)); memset(&fl4, 0, sizeof(fl4)); fl4.daddr = dst; fl4.saddr = src; fl4.flowi4_tos = rtm->rtm_tos; fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0; fl4.flowi4_mark = mark; fl4.flowi4_uid = uid; rcu_read_lock(); if (iif) { struct net_device *dev; dev = dev_get_by_index_rcu(net, iif); if (!dev) { err = -ENODEV; goto errout_free; } skb->protocol = htons(ETH_P_IP); skb->dev = dev; skb->mark = mark; err = ip_route_input_rcu(skb, dst, src, rtm->rtm_tos, dev, &res); rt = skb_rtable(skb); if (err == 0 && rt->dst.error) err = -rt->dst.error; } else { rt = ip_route_output_key_hash_rcu(net, &fl4, &res, skb); err = 0; if (IS_ERR(rt)) err = PTR_ERR(rt); else skb_dst_set(skb, &rt->dst); } if (err) goto errout_free; if (rtm->rtm_flags & RTM_F_NOTIFY) rt->rt_flags |= RTCF_NOTIFY; if (rtm->rtm_flags & RTM_F_LOOKUP_TABLE) table_id = rt->rt_table_id; if (rtm->rtm_flags & RTM_F_FIB_MATCH) err = fib_dump_info(skb, NETLINK_CB(in_skb).portid, nlh->nlmsg_seq, RTM_NEWROUTE, table_id, rt->rt_type, res.prefix, res.prefixlen, fl4.flowi4_tos, res.fi, 0); else err = rt_fill_info(net, dst, src, table_id, &fl4, skb, NETLINK_CB(in_skb).portid, nlh->nlmsg_seq); if (err < 0) goto errout_free; rcu_read_unlock(); err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); errout: return err; errout_free: rcu_read_unlock(); kfree_skb(skb); goto errout; }",visit repo url,net/ipv4/route.c,https://github.com/torvalds/linux,242586287466439,1 294,[],"static int do_usbdevfs_control(unsigned int fd, unsigned int cmd, unsigned long arg) { struct usbdevfs_ctrltransfer32 __user *p32 = compat_ptr(arg); struct usbdevfs_ctrltransfer __user *p; __u32 udata; p = compat_alloc_user_space(sizeof(*p)); if (copy_in_user(p, p32, (sizeof(*p32) - sizeof(compat_caddr_t))) || get_user(udata, &p32->data) || put_user(compat_ptr(udata), &p->data)) return -EFAULT; return sys_ioctl(fd, USBDEVFS_CONTROL, (unsigned long)p); }",linux-2.6,,,130724172336404365234087002786521375188,0 4715,['CWE-20'],"static int ext4_write_info(struct super_block *sb, int type) { int ret, err; handle_t *handle; handle = ext4_journal_start(sb->s_root->d_inode, 2); if (IS_ERR(handle)) return PTR_ERR(handle); ret = dquot_commit_info(sb, type); err = ext4_journal_stop(handle); if (!ret) ret = err; return ret; }",linux-2.6,,,77457691403623327305355628306758111890,0 5333,CWE-787,"static void labeljumps(JF, js_JumpList *jump, int baddr, int caddr) { while (jump) { if (jump->type == STM_BREAK) labelto(J, F, jump->inst, baddr); if (jump->type == STM_CONTINUE) labelto(J, F, jump->inst, caddr); jump = jump->next; } }",visit repo url,jscompile.c,https://github.com/ccxvii/mujs,153550095775931,1 2130,['CWE-119'],"static inline void set_intr_gate_ist(int n, void *addr, unsigned ist) { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0, ist, __KERNEL_CS); }",linux-2.6,,,102205974207753681047055092175183884234,0 1177,['CWE-189'],"int hrtimer_get_res(const clockid_t which_clock, struct timespec *tp) { struct hrtimer_cpu_base *cpu_base; cpu_base = &__raw_get_cpu_var(hrtimer_bases); *tp = ktime_to_timespec(cpu_base->clock_base[which_clock].resolution); return 0; }",linux-2.6,,,55229119842633462623621649296859025154,0 788,CWE-20,"static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int err; struct sk_buff *skb; struct sock *sk = sock->sk; err = -EIO; if (sk->sk_state & PPPOX_BOUND) goto end; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) goto end; if (len > skb->len) len = skb->len; else if (len < skb->len) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len); if (likely(err == 0)) err = len; kfree_skb(skb); end: return err; }",visit repo url,net/l2tp/l2tp_ppp.c,https://github.com/torvalds/linux,83283590519134,1 2286,['CWE-120'],"asmlinkage long sys_renameat(int olddfd, const char __user *oldname, int newdfd, const char __user *newname) { int error; char * from; char * to; from = getname(oldname); if(IS_ERR(from)) return PTR_ERR(from); to = getname(newname); error = PTR_ERR(to); if (!IS_ERR(to)) { error = do_rename(olddfd, from, newdfd, to); putname(to); } putname(from); return error; }",linux-2.6,,,321757320257539938241195663783695292190,0 2505,CWE-20,"void addReply(redisClient *c, robj *obj) { if (_installWriteEvent(c) != REDIS_OK) return; redisAssert(!server.vm_enabled || obj->storage == REDIS_VM_MEMORY); if (obj->encoding == REDIS_ENCODING_RAW) { if (_addReplyToBuffer(c,obj->ptr,sdslen(obj->ptr)) != REDIS_OK) _addReplyObjectToList(c,obj); } else { obj = getDecodedObject(obj); if (_addReplyToBuffer(c,obj->ptr,sdslen(obj->ptr)) != REDIS_OK) _addReplyObjectToList(c,obj); decrRefCount(obj); } }",visit repo url,src/networking.c,https://github.com/antirez/redis,25161790501686,1 1412,[],"static int select_task_rq_fair(struct task_struct *p, int sync) { int cpu, this_cpu; struct rq *rq; struct sched_domain *sd, *this_sd = NULL; int new_cpu; cpu = task_cpu(p); rq = task_rq(p); this_cpu = smp_processor_id(); new_cpu = cpu; if (cpu == this_cpu) goto out_set_cpu; for_each_domain(this_cpu, sd) { if (cpu_isset(cpu, sd->span)) { this_sd = sd; break; } } if (unlikely(!cpu_isset(this_cpu, p->cpus_allowed))) goto out_set_cpu; if (this_sd) { int idx = this_sd->wake_idx; unsigned int imbalance; unsigned long load, this_load; imbalance = 100 + (this_sd->imbalance_pct - 100) / 2; load = source_load(cpu, idx); this_load = target_load(this_cpu, idx); new_cpu = this_cpu; if (this_sd->flags & SD_WAKE_AFFINE) { unsigned long tl = this_load; unsigned long tl_per_task; if (sync && !task_hot(p, rq->clock, this_sd)) goto out_set_cpu; schedstat_inc(p, se.nr_wakeups_affine_attempts); tl_per_task = cpu_avg_load_per_task(this_cpu); if (sync) tl -= current->se.load.weight; if ((tl <= load && tl + target_load(cpu, idx) <= tl_per_task) || 100*(tl + p->se.load.weight) <= imbalance*load) { schedstat_inc(this_sd, ttwu_move_affine); schedstat_inc(p, se.nr_wakeups_affine); goto out_set_cpu; } } if (this_sd->flags & SD_WAKE_BALANCE) { if (imbalance*this_load <= 100*load) { schedstat_inc(this_sd, ttwu_move_balance); schedstat_inc(p, se.nr_wakeups_passive); goto out_set_cpu; } } } new_cpu = cpu; out_set_cpu: return wake_idle(new_cpu, p); }",linux-2.6,,,311564686764259748893496260617609451612,0 1890,CWE-416,"static int snd_ctl_elem_read_user(struct snd_card *card, struct snd_ctl_elem_value __user *_control) { struct snd_ctl_elem_value *control; int result; control = memdup_user(_control, sizeof(*control)); if (IS_ERR(control)) return PTR_ERR(control); down_read(&card->controls_rwsem); result = snd_ctl_elem_read(card, control); up_read(&card->controls_rwsem); if (result < 0) goto error; if (copy_to_user(_control, control, sizeof(*control))) result = -EFAULT; error: kfree(control); return result; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,225325374308507,1 2806,CWE-252,"static BOOL region16_simplify_bands(REGION16* region) { RECTANGLE_16* band1, *band2, *endPtr, *endBand, *tmp; int nbRects, finalNbRects; int bandItems, toMove; finalNbRects = nbRects = region16_n_rects(region); if (nbRects < 2) return TRUE; band1 = region16_rects_noconst(region); endPtr = band1 + nbRects; do { band2 = next_band(band1, endPtr, &bandItems); if (band2 == endPtr) break; if ((band1->bottom == band2->top) && band_match(band1, band2, endPtr)) { tmp = band1; while (tmp < band2) { tmp->bottom = band2->bottom; tmp++; } endBand = band2 + bandItems; toMove = (endPtr - endBand) * sizeof(RECTANGLE_16); if (toMove) MoveMemory(band2, endBand, toMove); finalNbRects -= bandItems; endPtr -= bandItems; } else { band1 = band2; } } while (TRUE); if (finalNbRects != nbRects) { int allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16)); region->data = realloc(region->data, allocSize); if (!region->data) { region->data = &empty_region; return FALSE; } region->data->nbRects = finalNbRects; region->data->size = allocSize; } return TRUE; }",visit repo url,libfreerdp/codec/region.c,https://github.com/FreeRDP/FreeRDP,83468785683683,1 5676,['CWE-476'],"static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) { struct udp_sock *up = udp_sk(sk); int rc; if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) { kfree_skb(skb); return -1; } nf_reset(skb); if (up->encap_type) { int ret; ret = udp_encap_rcv(sk, skb); if (ret == 0) { kfree_skb(skb); return 0; } if (ret < 0) { ret = xfrm4_rcv_encap(skb, up->encap_type); UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS); return -ret; } } if (sk->sk_filter && skb->ip_summed != CHECKSUM_UNNECESSARY) { if (__udp_checksum_complete(skb)) { UDP_INC_STATS_BH(UDP_MIB_INERRORS); kfree_skb(skb); return -1; } skb->ip_summed = CHECKSUM_UNNECESSARY; } if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) { if (rc == -ENOMEM) UDP_INC_STATS_BH(UDP_MIB_RCVBUFERRORS); UDP_INC_STATS_BH(UDP_MIB_INERRORS); kfree_skb(skb); return -1; } UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS); return 0; }",linux-2.6,,,89142073437602852793088500166451688265,0 3635,CWE-674,"int rm_rf_child(int fd, const char *name, RemoveFlags flags) { if (fd < 0) return -EBADF; if (!filename_is_valid(name)) return -EINVAL; if ((flags & (REMOVE_ROOT|REMOVE_MISSING_OK)) != 0) return -EINVAL; if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) return -EINVAL; return rm_rf_children_inner(fd, name, -1, flags, NULL); }",visit repo url,src/shared/rm-rf.c,https://github.com/systemd/systemd,63258340843776,1 6167,CWE-190,"void ep4_mul_slide(ep4_t r, const ep4_t p, const bn_t k) { ep4_t t[1 << (EP_WIDTH - 1)], q; int i, j, l; uint8_t win[RLC_FP_BITS + 1]; ep4_null(q); if (bn_is_zero(k) || ep4_is_infty(p)) { ep4_set_infty(r); return; } RLC_TRY { for (i = 0; i < (1 << (EP_WIDTH - 1)); i ++) { ep4_null(t[i]); ep4_new(t[i]); } ep4_new(q); ep4_copy(t[0], p); ep4_dbl(q, p); #if defined(EP_MIXED) ep4_norm(q, q); #endif for (i = 1; i < (1 << (EP_WIDTH - 1)); i++) { ep4_add(t[i], t[i - 1], q); } #if defined(EP_MIXED) ep4_norm_sim(t + 1, t + 1, (1 << (EP_WIDTH - 1)) - 1); #endif ep4_set_infty(q); l = RLC_FP_BITS + 1; bn_rec_slw(win, &l, k, EP_WIDTH); for (i = 0; i < l; i++) { if (win[i] == 0) { ep4_dbl(q, q); } else { for (j = 0; j < util_bits_dig(win[i]); j++) { ep4_dbl(q, q); } ep4_add(q, q, t[win[i] >> 1]); } } ep4_norm(r, q); if (bn_sign(k) == RLC_NEG) { ep4_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (EP_WIDTH - 1)); i++) { ep4_free(t[i]); } ep4_free(q); } }",visit repo url,src/epx/relic_ep4_mul.c,https://github.com/relic-toolkit/relic,81696310554270,1 6542,['CWE-200'],"nma_gconf_settings_get_by_dbus_path (NMAGConfSettings *self, const char *path) { NMAGConfSettingsPrivate *priv; GSList *iter; g_return_val_if_fail (NMA_IS_GCONF_SETTINGS (self), NULL); g_return_val_if_fail (path != NULL, NULL); priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self); for (iter = priv->connections; iter; iter = iter->next) { NMAGConfConnection *connection = NMA_GCONF_CONNECTION (iter->data); NMConnection *wrapped; const char *sc_path; wrapped = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (connection)); sc_path = nm_connection_get_path (wrapped); if (sc_path && !strcmp (sc_path, path)) return connection; } return NULL; }",network-manager-applet,,,234772265779088124684728652952125612828,0 3464,['CWE-20'],"struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, const struct sctp_chunk *chunk, const size_t hint) { struct sctp_chunk *retval; __u8 flags = 0; if (!asoc) { if (chunk && chunk->chunk_hdr && chunk->chunk_hdr->type == SCTP_CID_INIT) flags = 0; else flags = SCTP_CHUNK_FLAG_T; } retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); if (retval && chunk) retval->transport = chunk->transport; return retval; }",linux-2.6,,,226136701088823928376009358294436738488,0 6631,CWE-416,"njs_function_lambda_call(njs_vm_t *vm) { uint32_t n; njs_int_t ret; njs_frame_t *frame; njs_value_t *args, **local, *value; njs_value_t **cur_local, **cur_closures, **cur_temp; njs_function_t *function; njs_declaration_t *declr; njs_function_lambda_t *lambda; frame = (njs_frame_t *) vm->top_frame; function = frame->native.function; if (function->global && !function->closure_copied) { ret = njs_function_capture_global_closures(vm, function); if (njs_slow_path(ret != NJS_OK)) { return NJS_ERROR; } } lambda = function->u.lambda; args = vm->top_frame->arguments; local = vm->top_frame->local + function->args_offset; for (n = 0; n < function->args_count; n++) { if (!njs_is_valid(args)) { njs_set_undefined(args); } *local++ = args++; } cur_local = vm->levels[NJS_LEVEL_LOCAL]; cur_closures = vm->levels[NJS_LEVEL_CLOSURE]; cur_temp = vm->levels[NJS_LEVEL_TEMP]; vm->levels[NJS_LEVEL_LOCAL] = vm->top_frame->local; vm->levels[NJS_LEVEL_CLOSURE] = njs_function_closures(function); vm->levels[NJS_LEVEL_TEMP] = frame->native.temp; if (lambda->rest_parameters) { ret = njs_function_rest_parameters_init(vm, &frame->native); if (njs_slow_path(ret != NJS_OK)) { return NJS_ERROR; } } if (lambda->self != NJS_INDEX_NONE) { value = njs_scope_value(vm, lambda->self); if (!njs_is_valid(value)) { njs_set_function(value, function); } } vm->active_frame = frame; n = lambda->ndeclarations; while (n != 0) { n--; declr = &lambda->declarations[n]; value = njs_scope_value(vm, declr->index); *value = *declr->value; function = njs_function_value_copy(vm, value); if (njs_slow_path(function == NULL)) { return NJS_ERROR; } ret = njs_function_capture_closure(vm, function, function->u.lambda); if (njs_slow_path(ret != NJS_OK)) { return ret; } } ret = njs_vmcode_interpreter(vm, lambda->start); vm->levels[NJS_LEVEL_LOCAL] = cur_local; vm->levels[NJS_LEVEL_CLOSURE] = cur_closures; vm->levels[NJS_LEVEL_TEMP] = cur_temp; return ret; }",visit repo url,src/njs_function.c,https://github.com/nginx/njs,169665556542050,1 4133,CWE-20,"is_link_trusted (NautilusFile *file, gboolean is_launcher) { GFile *location; gboolean res; if (!is_launcher) { return TRUE; } if (nautilus_file_can_execute (file)) { return TRUE; } res = FALSE; if (nautilus_file_is_local (file)) { location = nautilus_file_get_location (file); res = nautilus_is_in_system_dir (location); g_object_unref (location); } return res; }",visit repo url,src/nautilus-directory-async.c,https://github.com/GNOME/nautilus,166949335237521,1 4209,[]," if(pRcvBuf != NULL) { free(pRcvBuf); pRcvBuf = NULL; }",rsyslog,,,258336523076702054843315362406287532284,0 4539,['CWE-20'],"static int ext4_htree_next_block(struct inode *dir, __u32 hash, struct dx_frame *frame, struct dx_frame *frames, __u32 *start_hash) { struct dx_frame *p; struct buffer_head *bh; int err, num_frames = 0; __u32 bhash; p = frame; while (1) { if (++(p->at) < p->entries + dx_get_count(p->entries)) break; if (p == frames) return 0; num_frames++; p--; } bhash = dx_get_hash(p->at); if (start_hash) *start_hash = bhash; if ((hash & 1) == 0) { if ((bhash & ~1) != hash) return 0; } while (num_frames--) { if (!(bh = ext4_bread(NULL, dir, dx_get_block(p->at), 0, &err))) return err; p++; brelse(p->bh); p->bh = bh; p->at = p->entries = ((struct dx_node *) bh->b_data)->entries; } return 1; }",linux-2.6,,,290117274387773467226869813050583194000,0 4754,['CWE-20'],"static loff_t ext4_max_bitmap_size(int bits, int has_huge_files) { loff_t res = EXT4_NDIR_BLOCKS; int meta_blocks; loff_t upper_limit; if (!has_huge_files || sizeof(blkcnt_t) < sizeof(u64)) { upper_limit = (1LL << 32) - 1; upper_limit >>= (bits - 9); } else { upper_limit = (1LL << 48) - 1; } meta_blocks = 1; meta_blocks += 1 + (1LL << (bits-2)); meta_blocks += 1 + (1LL << (bits-2)) + (1LL << (2*(bits-2))); upper_limit -= meta_blocks; upper_limit <<= bits; res += 1LL << (bits-2); res += 1LL << (2*(bits-2)); res += 1LL << (3*(bits-2)); res <<= bits; if (res > upper_limit) res = upper_limit; if (res > MAX_LFS_FILESIZE) res = MAX_LFS_FILESIZE; return res; }",linux-2.6,,,143132797958974799598929054239553277877,0 6133,['CWE-200'],"int rtnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, int echo) { int err = 0; NETLINK_CB(skb).dst_groups = group; if (echo) atomic_inc(&skb->users); netlink_broadcast(rtnl, skb, pid, group, GFP_KERNEL); if (echo) err = netlink_unicast(rtnl, skb, pid, MSG_DONTWAIT); return err; }",linux-2.6,,,96824052407326843044768320167829583305,0 1018,['CWE-20'],"asmlinkage long sys_getgroups(int gidsetsize, gid_t __user *grouplist) { int i = 0; if (gidsetsize < 0) return -EINVAL; i = current->group_info->ngroups; if (gidsetsize) { if (i > gidsetsize) { i = -EINVAL; goto out; } if (groups_to_user(grouplist, current->group_info)) { i = -EFAULT; goto out; } } out: return i; }",linux-2.6,,,263887459955860389633496433851713512560,0 3171,['CWE-189'],"jpc_mqenc_t *jpc_mqenc_create(int maxctxs, jas_stream_t *out) { jpc_mqenc_t *mqenc; if (!(mqenc = jas_malloc(sizeof(jpc_mqenc_t)))) { goto error; } mqenc->out = out; mqenc->maxctxs = maxctxs; if (!(mqenc->ctxs = jas_alloc2(mqenc->maxctxs, sizeof(jpc_mqstate_t *)))) { goto error; } mqenc->curctx = mqenc->ctxs; jpc_mqenc_init(mqenc); jpc_mqenc_setctxs(mqenc, 0, 0); return mqenc; error: if (mqenc) { jpc_mqenc_destroy(mqenc); } return 0; }",jasper,,,327585018116823239320517354569742637711,0 1640,[],"static inline void inc_cpu_load(struct rq *rq, unsigned long load) { update_load_add(&rq->load, load); }",linux-2.6,,,110843425962680915199404886006591245184,0 2472,CWE-119,"log2vis_encoded_string (PyObject * string, const char *encoding, FriBidiParType base_direction, int clean, int reordernsm) { PyObject *logical = NULL; PyObject *result = NULL; logical = PyUnicode_Decode (PyString_AS_STRING (string), PyString_GET_SIZE (string), encoding, ""strict""); if (logical == NULL) return NULL; if (strcmp (encoding, ""utf-8"") == 0) result = log2vis_utf8 (string, PyUnicode_GET_SIZE (logical), base_direction, clean, reordernsm); else { PyObject *visual = log2vis_unicode (logical, base_direction, clean, reordernsm); if (visual) { result = PyUnicode_Encode (PyUnicode_AS_UNICODE (visual), PyUnicode_GET_SIZE (visual), encoding, ""strict""); Py_DECREF (visual); } } Py_DECREF (logical); return result; }",visit repo url,pyfribidi.c,https://github.com/pediapress/pyfribidi,204032615823424,1 3742,[],"static unsigned int unix_dgram_poll(struct file *file, struct socket *sock, poll_table *wait) { struct sock *sk = sock->sk, *other; unsigned int mask, writable; poll_wait(file, sk->sk_sleep, wait); mask = 0; if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue)) mask |= POLLERR; if (sk->sk_shutdown & RCV_SHUTDOWN) mask |= POLLRDHUP; if (sk->sk_shutdown == SHUTDOWN_MASK) mask |= POLLHUP; if (!skb_queue_empty(&sk->sk_receive_queue) || (sk->sk_shutdown & RCV_SHUTDOWN)) mask |= POLLIN | POLLRDNORM; if (sk->sk_type == SOCK_SEQPACKET) { if (sk->sk_state == TCP_CLOSE) mask |= POLLHUP; if (sk->sk_state == TCP_SYN_SENT) return mask; } writable = unix_writable(sk); if (writable) { other = unix_peer_get(sk); if (other) { if (unix_peer(other) != sk) { poll_wait(file, &unix_sk(other)->peer_wait, wait); if (unix_recvq_full(other)) writable = 0; } sock_put(other); } } if (writable) mask |= POLLOUT | POLLWRNORM | POLLWRBAND; else set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags); return mask; }",linux-2.6,,,40003575408855241193978585021740879679,0 1955,CWE-401,"int iwl_pcie_ctxt_info_gen3_init(struct iwl_trans *trans, const struct fw_img *fw) { struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); struct iwl_context_info_gen3 *ctxt_info_gen3; struct iwl_prph_scratch *prph_scratch; struct iwl_prph_scratch_ctrl_cfg *prph_sc_ctrl; struct iwl_prph_info *prph_info; void *iml_img; u32 control_flags = 0; int ret; int cmdq_size = max_t(u32, IWL_CMD_QUEUE_SIZE, trans->cfg->min_txq_size); prph_scratch = dma_alloc_coherent(trans->dev, sizeof(*prph_scratch), &trans_pcie->prph_scratch_dma_addr, GFP_KERNEL); if (!prph_scratch) return -ENOMEM; prph_sc_ctrl = &prph_scratch->ctrl_cfg; prph_sc_ctrl->version.version = 0; prph_sc_ctrl->version.mac_id = cpu_to_le16((u16)iwl_read32(trans, CSR_HW_REV)); prph_sc_ctrl->version.size = cpu_to_le16(sizeof(*prph_scratch) / 4); control_flags = IWL_PRPH_SCRATCH_RB_SIZE_4K | IWL_PRPH_SCRATCH_MTR_MODE | (IWL_PRPH_MTR_FORMAT_256B & IWL_PRPH_SCRATCH_MTR_FORMAT) | IWL_PRPH_SCRATCH_EARLY_DEBUG_EN | IWL_PRPH_SCRATCH_EDBG_DEST_DRAM; prph_sc_ctrl->control.control_flags = cpu_to_le32(control_flags); prph_sc_ctrl->rbd_cfg.free_rbd_addr = cpu_to_le64(trans_pcie->rxq->bd_dma); if (!iwl_trans_dbg_ini_valid(trans)) iwl_pcie_alloc_fw_monitor(trans, 0); if (trans->dbg.num_blocks) { prph_sc_ctrl->hwm_cfg.hwm_base_addr = cpu_to_le64(trans->dbg.fw_mon[0].physical); prph_sc_ctrl->hwm_cfg.hwm_size = cpu_to_le32(trans->dbg.fw_mon[0].size); } ret = iwl_pcie_init_fw_sec(trans, fw, &prph_scratch->dram); if (ret) { dma_free_coherent(trans->dev, sizeof(*prph_scratch), prph_scratch, trans_pcie->prph_scratch_dma_addr); return ret; } prph_info = dma_alloc_coherent(trans->dev, sizeof(*prph_info), &trans_pcie->prph_info_dma_addr, GFP_KERNEL); if (!prph_info) return -ENOMEM; ctxt_info_gen3 = dma_alloc_coherent(trans->dev, sizeof(*ctxt_info_gen3), &trans_pcie->ctxt_info_dma_addr, GFP_KERNEL); if (!ctxt_info_gen3) return -ENOMEM; ctxt_info_gen3->prph_info_base_addr = cpu_to_le64(trans_pcie->prph_info_dma_addr); ctxt_info_gen3->prph_scratch_base_addr = cpu_to_le64(trans_pcie->prph_scratch_dma_addr); ctxt_info_gen3->prph_scratch_size = cpu_to_le32(sizeof(*prph_scratch)); ctxt_info_gen3->cr_head_idx_arr_base_addr = cpu_to_le64(trans_pcie->rxq->rb_stts_dma); ctxt_info_gen3->tr_tail_idx_arr_base_addr = cpu_to_le64(trans_pcie->rxq->tr_tail_dma); ctxt_info_gen3->cr_tail_idx_arr_base_addr = cpu_to_le64(trans_pcie->rxq->cr_tail_dma); ctxt_info_gen3->cr_idx_arr_size = cpu_to_le16(IWL_NUM_OF_COMPLETION_RINGS); ctxt_info_gen3->tr_idx_arr_size = cpu_to_le16(IWL_NUM_OF_TRANSFER_RINGS); ctxt_info_gen3->mtr_base_addr = cpu_to_le64(trans_pcie->txq[trans_pcie->cmd_queue]->dma_addr); ctxt_info_gen3->mcr_base_addr = cpu_to_le64(trans_pcie->rxq->used_bd_dma); ctxt_info_gen3->mtr_size = cpu_to_le16(TFD_QUEUE_CB_SIZE(cmdq_size)); ctxt_info_gen3->mcr_size = cpu_to_le16(RX_QUEUE_CB_SIZE(MQ_RX_TABLE_SIZE)); trans_pcie->ctxt_info_gen3 = ctxt_info_gen3; trans_pcie->prph_info = prph_info; trans_pcie->prph_scratch = prph_scratch; iml_img = dma_alloc_coherent(trans->dev, trans->iml_len, &trans_pcie->iml_dma_addr, GFP_KERNEL); if (!iml_img) return -ENOMEM; memcpy(iml_img, trans->iml, trans->iml_len); iwl_enable_fw_load_int_ctx_info(trans); iwl_write64(trans, CSR_CTXT_INFO_ADDR, trans_pcie->ctxt_info_dma_addr); iwl_write64(trans, CSR_IML_DATA_ADDR, trans_pcie->iml_dma_addr); iwl_write32(trans, CSR_IML_SIZE_ADDR, trans->iml_len); iwl_set_bit(trans, CSR_CTXT_INFO_BOOT_CTRL, CSR_AUTO_FUNC_BOOT_ENA); if (trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_AX210) iwl_write_umac_prph(trans, UREG_CPU_INIT_RUN, 1); else iwl_set_bit(trans, CSR_GP_CNTRL, CSR_AUTO_FUNC_INIT); return 0; }",visit repo url,drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c,https://github.com/torvalds/linux,274032800259952,1 1773,CWE-119,"get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e, const char *hookname, const char **chainname, const char **comment, unsigned int *rulenum) { const struct xt_standard_target *t = (void *)ip6t_get_target_c(s); if (strcmp(t->target.u.kernel.target->name, XT_ERROR_TARGET) == 0) { *chainname = t->target.data; (*rulenum) = 0; } else if (s == e) { (*rulenum)++; if (s->target_offset == sizeof(struct ip6t_entry) && strcmp(t->target.u.kernel.target->name, XT_STANDARD_TARGET) == 0 && t->verdict < 0 && unconditional(&s->ipv6)) { *comment = *chainname == hookname ? comments[NF_IP6_TRACE_COMMENT_POLICY] : comments[NF_IP6_TRACE_COMMENT_RETURN]; } return 1; } else (*rulenum)++; return 0; }",visit repo url,net/ipv6/netfilter/ip6_tables.c,https://github.com/torvalds/linux,62137195714197,1 2700,CWE-190,"SPL_METHOD(SplFileObject, seek) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); long line_pos; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""l"", &line_pos) == FAILURE) { return; } if (line_pos < 0) { zend_throw_exception_ex(spl_ce_LogicException, 0 TSRMLS_CC, ""Can't seek file %s to negative line %ld"", intern->file_name, line_pos); RETURN_FALSE; } spl_filesystem_file_rewind(getThis(), intern TSRMLS_CC); while(intern->u.file.current_line_num < line_pos) { if (spl_filesystem_file_read_line(getThis(), intern, 1 TSRMLS_CC) == FAILURE) { break; } } } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,264484031868781,1 2989,['CWE-189'],"int jpc_enc_enccblk(jpc_enc_t *enc, jas_stream_t *out, jpc_enc_tcmpt_t *tcmpt, jpc_enc_band_t *band, jpc_enc_cblk_t *cblk) { jpc_enc_pass_t *pass; jpc_enc_pass_t *endpasses; int bitpos; int n; int adjust; int ret; int passtype; int t; jpc_bitstream_t *bout; jpc_enc_pass_t *termpass; jpc_enc_rlvl_t *rlvl; int vcausal; int segsym; int termmode; int c; bout = 0; rlvl = band->rlvl; cblk->stream = jas_stream_memopen(0, 0); assert(cblk->stream); cblk->mqenc = jpc_mqenc_create(JPC_NUMCTXS, cblk->stream); assert(cblk->mqenc); jpc_mqenc_setctxs(cblk->mqenc, JPC_NUMCTXS, jpc_mqctxs); cblk->numpasses = (cblk->numbps > 0) ? (3 * cblk->numbps - 2) : 0; if (cblk->numpasses > 0) { cblk->passes = jas_alloc2(cblk->numpasses, sizeof(jpc_enc_pass_t)); assert(cblk->passes); } else { cblk->passes = 0; } endpasses = (cblk->passes) ? &cblk->passes[cblk->numpasses] : 0; for (pass = cblk->passes; pass != endpasses; ++pass) { pass->start = 0; pass->end = 0; pass->term = JPC_ISTERMINATED(pass - cblk->passes, 0, cblk->numpasses, (tcmpt->cblksty & JPC_COX_TERMALL) != 0, (tcmpt->cblksty & JPC_COX_LAZY) != 0); pass->type = JPC_SEGTYPE(pass - cblk->passes, 0, (tcmpt->cblksty & JPC_COX_LAZY) != 0); pass->lyrno = -1; if (pass == endpasses - 1) { assert(pass->term == 1); pass->term = 1; } } cblk->flags = jas_matrix_create(jas_matrix_numrows(cblk->data) + 2, jas_matrix_numcols(cblk->data) + 2); assert(cblk->flags); bitpos = cblk->numbps - 1; pass = cblk->passes; n = cblk->numpasses; while (--n >= 0) { if (pass->type == JPC_SEG_MQ) { } else { assert(pass->type == JPC_SEG_RAW); if (!bout) { bout = jpc_bitstream_sopen(cblk->stream, ""w""); assert(bout); } } #if 1 passtype = (pass - cblk->passes + 2) % 3; #else passtype = JPC_PASSTYPE(pass - cblk->passes + 2); #endif pass->start = jas_stream_tell(cblk->stream); #if 0 assert(jas_stream_tell(cblk->stream) == jas_stream_getrwcount(cblk->stream)); #endif assert(bitpos >= 0); vcausal = (tcmpt->cblksty & JPC_COX_VSC) != 0; segsym = (tcmpt->cblksty & JPC_COX_SEGSYM) != 0; if (pass->term) { termmode = ((tcmpt->cblksty & JPC_COX_PTERM) ? JPC_MQENC_PTERM : JPC_MQENC_DEFTERM) + 1; } else { termmode = 0; } switch (passtype) { case JPC_SIGPASS: ret = (pass->type == JPC_SEG_MQ) ? jpc_encsigpass(cblk->mqenc, bitpos, band->orient, vcausal, cblk->flags, cblk->data, termmode, &pass->nmsedec) : jpc_encrawsigpass(bout, bitpos, vcausal, cblk->flags, cblk->data, termmode, &pass->nmsedec); break; case JPC_REFPASS: ret = (pass->type == JPC_SEG_MQ) ? jpc_encrefpass(cblk->mqenc, bitpos, vcausal, cblk->flags, cblk->data, termmode, &pass->nmsedec) : jpc_encrawrefpass(bout, bitpos, vcausal, cblk->flags, cblk->data, termmode, &pass->nmsedec); break; case JPC_CLNPASS: assert(pass->type == JPC_SEG_MQ); ret = jpc_encclnpass(cblk->mqenc, bitpos, band->orient, vcausal, segsym, cblk->flags, cblk->data, termmode, &pass->nmsedec); break; default: assert(0); break; } if (pass->type == JPC_SEG_MQ) { if (pass->term) { jpc_mqenc_init(cblk->mqenc); } jpc_mqenc_getstate(cblk->mqenc, &pass->mqencstate); pass->end = jas_stream_tell(cblk->stream); if (tcmpt->cblksty & JPC_COX_RESET) { jpc_mqenc_setctxs(cblk->mqenc, JPC_NUMCTXS, jpc_mqctxs); } } else { if (pass->term) { if (jpc_bitstream_pending(bout)) { jpc_bitstream_outalign(bout, 0x2a); } jpc_bitstream_close(bout); bout = 0; pass->end = jas_stream_tell(cblk->stream); } else { pass->end = jas_stream_tell(cblk->stream) + jpc_bitstream_pending(bout); } } #if 0 assert(jas_stream_tell(cblk->stream) == jas_stream_getrwcount(cblk->stream)); #endif pass->wmsedec = jpc_fixtodbl(band->rlvl->tcmpt->synweight) * jpc_fixtodbl(band->rlvl->tcmpt->synweight) * jpc_fixtodbl(band->synweight) * jpc_fixtodbl(band->synweight) * jpc_fixtodbl(band->absstepsize) * jpc_fixtodbl(band->absstepsize) * ((double) (1 << bitpos)) * ((double)(1 << bitpos)) * jpc_fixtodbl(pass->nmsedec); pass->cumwmsedec = pass->wmsedec; if (pass != cblk->passes) { pass->cumwmsedec += pass[-1].cumwmsedec; } if (passtype == JPC_CLNPASS) { --bitpos; } ++pass; } #if 0 dump_passes(cblk->passes, cblk->numpasses, cblk); #endif n = 0; endpasses = (cblk->passes) ? &cblk->passes[cblk->numpasses] : 0; for (pass = cblk->passes; pass != endpasses; ++pass) { if (pass->start < n) { pass->start = n; } if (pass->end < n) { pass->end = n; } if (!pass->term) { termpass = pass; while (termpass - pass < cblk->numpasses && !termpass->term) { ++termpass; } if (pass->type == JPC_SEG_MQ) { t = (pass->mqencstate.lastbyte == 0xff) ? 1 : 0; if (pass->mqencstate.ctreg >= 5) { adjust = 4 + t; } else { adjust = 5 + t; } pass->end += adjust; } if (pass->end > termpass->end) { pass->end = termpass->end; } if ((c = getthebyte(cblk->stream, pass->end - 1)) == EOF) { abort(); } if (c == 0xff) { ++pass->end; } n = JAS_MAX(n, pass->end); } else { n = JAS_MAX(n, pass->end); } } #if 0 dump_passes(cblk->passes, cblk->numpasses, cblk); #endif if (bout) { jpc_bitstream_close(bout); } return 0; }",jasper,,,325293823748511386700307350744793768922,0 92,['CWE-787'],"static void cirrus_linear_bitblt_writeb(void *opaque, target_phys_addr_t addr, uint32_t val) { CirrusVGAState *s = (CirrusVGAState *) opaque; if (s->cirrus_srcptr != s->cirrus_srcptr_end) { *s->cirrus_srcptr++ = (uint8_t) val; if (s->cirrus_srcptr >= s->cirrus_srcptr_end) { cirrus_bitblt_cputovideo_next(s); } } }",qemu,,,9086402196254720679785462019330202407,0 934,CWE-17,"pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len, int atomic) { unsigned long copy; while (len > 0) { while (!iov->iov_len) iov++; copy = min_t(unsigned long, len, iov->iov_len); if (atomic) { if (__copy_to_user_inatomic(iov->iov_base, from, copy)) return -EFAULT; } else { if (copy_to_user(iov->iov_base, from, copy)) return -EFAULT; } from += copy; len -= copy; iov->iov_base += copy; iov->iov_len -= copy; } return 0; }",visit repo url,fs/pipe.c,https://github.com/torvalds/linux,262448530983091,1 5780,['CWE-200'],"static void rose_set_lockdep_one(struct net_device *dev, struct netdev_queue *txq, void *_unused) { lockdep_set_class(&txq->_xmit_lock, &rose_netdev_xmit_lock_key); }",linux-2.6,,,221487819165037053384049255436695182596,0 6765,CWE-190," consume_count(type) const char **type; { int count = 0; if (!isdigit((unsigned char)**type)) return -1; while (isdigit((unsigned char)**type)) { count *= 10; if ((count % 10) != 0) { while (isdigit((unsigned char)**type)) (*type)++; return -1; } count += **type - '0'; (*type)++; } return (count); }",visit repo url,src/gnu_v2/cplus-dem.c,https://github.com/rizinorg/rz-libdemangle,128008144383896,1 939,['CWE-200'],"static inline struct shmem_sb_info *SHMEM_SB(struct super_block *sb) { return sb->s_fs_info; }",linux-2.6,,,165778236407955478753500597126586108338,0 3929,CWE-476,"get_register( int name, int copy) { yankreg_T *reg; int i; #ifdef FEAT_CLIPBOARD if (name == '*' && clip_star.available) { if (clip_isautosel_star()) clip_update_selection(&clip_star); may_get_selection(name); } if (name == '+' && clip_plus.available) { if (clip_isautosel_plus()) clip_update_selection(&clip_plus); may_get_selection(name); } #endif get_yank_register(name, 0); reg = ALLOC_ONE(yankreg_T); if (reg == NULL) return (void *)NULL; *reg = *y_current; if (copy) { if (reg->y_size == 0) reg->y_array = NULL; else reg->y_array = ALLOC_MULT(char_u *, reg->y_size); if (reg->y_array != NULL) { for (i = 0; i < reg->y_size; ++i) reg->y_array[i] = vim_strsave(y_current->y_array[i]); } } else y_current->y_array = NULL; return (void *)reg; }",visit repo url,src/register.c,https://github.com/vim/vim,143696876978140,1 2305,['CWE-120'],"asmlinkage long sys_unlinkat(int dfd, const char __user *pathname, int flag) { if ((flag & ~AT_REMOVEDIR) != 0) return -EINVAL; if (flag & AT_REMOVEDIR) return do_rmdir(dfd, pathname); return do_unlinkat(dfd, pathname); }",linux-2.6,,,323437963730591132350467534996412355839,0 4291,['CWE-264'],"static inline void free_thread_info(struct thread_info *ti) { free_pages((unsigned long)ti, THREAD_SIZE_ORDER); }",linux-2.6,,,239844365620555076613446739261363918640,0 5741,['CWE-200'],"static int irda_accept(struct socket *sock, struct socket *newsock, int flags) { struct sock *sk = sock->sk; struct irda_sock *new, *self = irda_sk(sk); struct sock *newsk; struct sk_buff *skb; int err; IRDA_DEBUG(2, ""%s()\n"", __func__); err = irda_create(sock_net(sk), newsock, sk->sk_protocol); if (err) return err; if (sock->state != SS_UNCONNECTED) return -EINVAL; if ((sk = sock->sk) == NULL) return -EINVAL; if ((sk->sk_type != SOCK_STREAM) && (sk->sk_type != SOCK_SEQPACKET) && (sk->sk_type != SOCK_DGRAM)) return -EOPNOTSUPP; if (sk->sk_state != TCP_LISTEN) return -EINVAL; while (1) { skb = skb_dequeue(&sk->sk_receive_queue); if (skb) break; if (flags & O_NONBLOCK) return -EWOULDBLOCK; err = wait_event_interruptible(*(sk->sk_sleep), skb_peek(&sk->sk_receive_queue)); if (err) return err; } newsk = newsock->sk; if (newsk == NULL) return -EIO; newsk->sk_state = TCP_ESTABLISHED; new = irda_sk(newsk); new->tsap = irttp_dup(self->tsap, new); if (!new->tsap) { IRDA_DEBUG(0, ""%s(), dup failed!\n"", __func__); kfree_skb(skb); return -1; } new->stsap_sel = new->tsap->stsap_sel; new->dtsap_sel = new->tsap->dtsap_sel; new->saddr = irttp_get_saddr(new->tsap); new->daddr = irttp_get_daddr(new->tsap); new->max_sdu_size_tx = self->max_sdu_size_tx; new->max_sdu_size_rx = self->max_sdu_size_rx; new->max_data_size = self->max_data_size; new->max_header_size = self->max_header_size; memcpy(&new->qos_tx, &self->qos_tx, sizeof(struct qos_info)); irttp_listen(self->tsap); kfree_skb(skb); sk->sk_ack_backlog--; newsock->state = SS_CONNECTED; irda_connect_response(new); return 0; }",linux-2.6,,,140166879824155578723405779017631282870,0 5083,CWE-125,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 419,[],"pfm_context_create(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { pfarg_context_t *req = (pfarg_context_t *)arg; struct file *filp; int ctx_flags; int ret; ret = pfarg_is_sane(current, req); if (ret < 0) return ret; ctx_flags = req->ctx_flags; ret = -ENOMEM; ctx = pfm_context_alloc(); if (!ctx) goto error; ret = pfm_alloc_fd(&filp); if (ret < 0) goto error_file; req->ctx_fd = ctx->ctx_fd = ret; filp->private_data = ctx; if (pfm_uuid_cmp(req->ctx_smpl_buf_id, pfm_null_uuid)) { ret = pfm_setup_buffer_fmt(current, filp, ctx, ctx_flags, 0, req); if (ret) goto buffer_error; } spin_lock_init(&ctx->ctx_lock); ctx->ctx_state = PFM_CTX_UNLOADED; ctx->ctx_fl_block = (ctx_flags & PFM_FL_NOTIFY_BLOCK) ? 1 : 0; ctx->ctx_fl_system = (ctx_flags & PFM_FL_SYSTEM_WIDE) ? 1: 0; ctx->ctx_fl_is_sampling = ctx->ctx_buf_fmt ? 1 : 0; ctx->ctx_fl_no_msg = (ctx_flags & PFM_FL_OVFL_NO_MSG) ? 1: 0; init_completion(&ctx->ctx_restart_done); ctx->ctx_last_activation = PFM_INVALID_ACTIVATION; SET_LAST_CPU(ctx, -1); ctx->ctx_msgq_head = ctx->ctx_msgq_tail = 0; init_waitqueue_head(&ctx->ctx_msgq_wait); init_waitqueue_head(&ctx->ctx_zombieq); DPRINT((""ctx=%p flags=0x%x system=%d notify_block=%d excl_idle=%d no_msg=%d ctx_fd=%d \n"", ctx, ctx_flags, ctx->ctx_fl_system, ctx->ctx_fl_block, ctx->ctx_fl_excl_idle, ctx->ctx_fl_no_msg, ctx->ctx_fd)); pfm_reset_pmu_state(ctx); return 0; buffer_error: pfm_free_fd(ctx->ctx_fd, filp); if (ctx->ctx_buf_fmt) { pfm_buf_fmt_exit(ctx->ctx_buf_fmt, current, NULL, regs); } error_file: pfm_context_free(ctx); error: return ret; }",linux-2.6,,,105736824997545183441964764630693665997,0 5243,CWE-119,"pixHtmlViewer(const char *dirin, const char *dirout, const char *rootname, l_int32 thumbwidth, l_int32 viewwidth) { char *fname, *fullname, *outname; char *mainname, *linkname, *linknameshort; char *viewfile, *thumbfile; char *shtml, *slink; char charbuf[512]; char htmlstring[] = """"; char framestring[] = """"; l_int32 i, nfiles, index, w, d, nimages, ret; l_float32 factor; PIX *pix, *pixthumb, *pixview; SARRAY *safiles, *sathumbs, *saviews, *sahtml, *salink; PROCNAME(""pixHtmlViewer""); if (!dirin) return ERROR_INT(""dirin not defined"", procName, 1); if (!dirout) return ERROR_INT(""dirout not defined"", procName, 1); if (!rootname) return ERROR_INT(""rootname not defined"", procName, 1); if (thumbwidth == 0) thumbwidth = DEFAULT_THUMB_WIDTH; if (thumbwidth < MIN_THUMB_WIDTH) { L_WARNING(""thumbwidth too small; using min value\n"", procName); thumbwidth = MIN_THUMB_WIDTH; } if (viewwidth == 0) viewwidth = DEFAULT_VIEW_WIDTH; if (viewwidth < MIN_VIEW_WIDTH) { L_WARNING(""viewwidth too small; using min value\n"", procName); viewwidth = MIN_VIEW_WIDTH; } #ifndef _WIN32 snprintf(charbuf, sizeof(charbuf), ""mkdir -p %s"", dirout); ret = system(charbuf); #else ret = CreateDirectory(dirout, NULL) ? 0 : 1; #endif if (ret) { L_ERROR(""output directory %s not made\n"", procName, dirout); return 1; } if ((safiles = getFilenamesInDirectory(dirin)) == NULL) return ERROR_INT(""safiles not made"", procName, 1); sprintf(charbuf, ""%s/%s.html"", dirout, rootname); mainname = stringNew(charbuf); sprintf(charbuf, ""%s/%s-links.html"", dirout, rootname); linkname = stringNew(charbuf); linknameshort = stringJoin(rootname, ""-links.html""); sathumbs = sarrayCreate(0); saviews = sarrayCreate(0); nfiles = sarrayGetCount(safiles); index = 0; for (i = 0; i < nfiles; i++) { fname = sarrayGetString(safiles, i, L_NOCOPY); fullname = genPathname(dirin, fname); fprintf(stderr, ""name: %s\n"", fullname); if ((pix = pixRead(fullname)) == NULL) { fprintf(stderr, ""file %s not a readable image\n"", fullname); lept_free(fullname); continue; } lept_free(fullname); pixGetDimensions(pix, &w, NULL, &d); factor = (l_float32)thumbwidth / (l_float32)w; pixthumb = pixScale(pix, factor, factor); sprintf(charbuf, ""%s_thumb_%03d"", rootname, index); sarrayAddString(sathumbs, charbuf, L_COPY); outname = genPathname(dirout, charbuf); WriteFormattedPix(outname, pixthumb); lept_free(outname); pixDestroy(&pixthumb); factor = (l_float32)viewwidth / (l_float32)w; if (factor >= 1.0) pixview = pixClone(pix); else pixview = pixScale(pix, factor, factor); snprintf(charbuf, sizeof(charbuf), ""%s_view_%03d"", rootname, index); sarrayAddString(saviews, charbuf, L_COPY); outname = genPathname(dirout, charbuf); WriteFormattedPix(outname, pixview); lept_free(outname); pixDestroy(&pixview); pixDestroy(&pix); index++; } sahtml = sarrayCreate(0); sarrayAddString(sahtml, htmlstring, L_COPY); sprintf(charbuf, """", thumbwidth + 30); sarrayAddString(sahtml, charbuf, L_COPY); sprintf(charbuf, """", linknameshort); sarrayAddString(sahtml, charbuf, L_COPY); sprintf(charbuf, """", sarrayGetString(saviews, 0, L_NOCOPY)); sarrayAddString(sahtml, charbuf, L_COPY); sarrayAddString(sahtml, framestring, L_COPY); shtml = sarrayToString(sahtml, 1); l_binaryWrite(mainname, ""w"", shtml, strlen(shtml)); fprintf(stderr, ""******************************************\n"" ""Writing html file: %s\n"" ""******************************************\n"", mainname); lept_free(shtml); lept_free(mainname); nimages = sarrayGetCount(saviews); fprintf(stderr, ""num. images = %d\n"", nimages); salink = sarrayCreate(0); for (i = 0; i < nimages; i++) { viewfile = sarrayGetString(saviews, i, L_NOCOPY); thumbfile = sarrayGetString(sathumbs, i, L_NOCOPY); sprintf(charbuf, """", viewfile, thumbfile); sarrayAddString(salink, charbuf, L_COPY); } slink = sarrayToString(salink, 1); l_binaryWrite(linkname, ""w"", slink, strlen(slink)); lept_free(slink); lept_free(linkname); lept_free(linknameshort); sarrayDestroy(&safiles); sarrayDestroy(&sathumbs); sarrayDestroy(&saviews); sarrayDestroy(&sahtml); sarrayDestroy(&salink); return 0; }",visit repo url,prog/htmlviewer.c,https://github.com/DanBloomberg/leptonica,265309954184193,1 1634,[],"asmlinkage long sys_sched_getscheduler(pid_t pid) { struct task_struct *p; int retval; if (pid < 0) return -EINVAL; retval = -ESRCH; read_lock(&tasklist_lock); p = find_process_by_pid(pid); if (p) { retval = security_task_getscheduler(p); if (!retval) retval = p->policy; } read_unlock(&tasklist_lock); return retval; }",linux-2.6,,,225961445669719906468374099481259910767,0 1550,CWE-20,"static int handle_pte_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *pte, pmd_t *pmd, unsigned int flags) { pte_t entry; spinlock_t *ptl; entry = *pte; barrier(); if (!pte_present(entry)) { if (pte_none(entry)) { if (vma->vm_ops) { if (likely(vma->vm_ops->fault)) return do_fault(mm, vma, address, pte, pmd, flags, entry); } return do_anonymous_page(mm, vma, address, pte, pmd, flags); } return do_swap_page(mm, vma, address, pte, pmd, flags, entry); } if (pte_protnone(entry)) return do_numa_page(mm, vma, address, entry, pte, pmd); ptl = pte_lockptr(mm, pmd); spin_lock(ptl); if (unlikely(!pte_same(*pte, entry))) goto unlock; if (flags & FAULT_FLAG_WRITE) { if (!pte_write(entry)) return do_wp_page(mm, vma, address, pte, pmd, ptl, entry); entry = pte_mkdirty(entry); } entry = pte_mkyoung(entry); if (ptep_set_access_flags(vma, address, pte, entry, flags & FAULT_FLAG_WRITE)) { update_mmu_cache(vma, address, pte); } else { if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } unlock: pte_unmap_unlock(pte, ptl); return 0; }",visit repo url,mm/memory.c,https://github.com/torvalds/linux,247053800371916,1 2479,['CWE-119'],"static void run_diff_cmd(const char *pgm, const char *name, const char *other, const char *attr_path, struct diff_filespec *one, struct diff_filespec *two, const char *xfrm_msg, struct diff_options *o, int complete_rewrite) { if (!DIFF_OPT_TST(o, ALLOW_EXTERNAL)) pgm = NULL; else { const char *cmd = external_diff_attr(attr_path); if (cmd) pgm = cmd; } if (pgm) { run_external_diff(pgm, name, other, one, two, xfrm_msg, complete_rewrite); return; } if (one && two) builtin_diff(name, other ? other : name, one, two, xfrm_msg, o, complete_rewrite); else fprintf(o->file, ""* Unmerged path %s\n"", name); }",git,,,65363537039518857155439009581826589419,0 964,['CWE-189'],"ProcPanoramiXShmGetImage(ClientPtr client) { PanoramiXRes *draw; DrawablePtr drawables[MAXSCREENS]; DrawablePtr pDraw; xShmGetImageReply xgi; ShmDescPtr shmdesc; int i, x, y, w, h, format, rc; Mask plane = 0, planemask; long lenPer = 0, length, widthBytesLine; Bool isRoot; REQUEST(xShmGetImageReq); REQUEST_SIZE_MATCH(xShmGetImageReq); if ((stuff->format != XYPixmap) && (stuff->format != ZPixmap)) { client->errorValue = stuff->format; return(BadValue); } if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass( client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess))) return BadDrawable; if (draw->type == XRT_PIXMAP) return ProcShmGetImage(client); rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, DixUnknownAccess); if (rc != Success) return rc; VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client); x = stuff->x; y = stuff->y; w = stuff->width; h = stuff->height; format = stuff->format; planemask = stuff->planeMask; isRoot = (draw->type == XRT_WINDOW) && draw->u.win.root; if(isRoot) { if( x < 0 || x + w > PanoramiXPixWidth || y < 0 || y + h > PanoramiXPixHeight ) return(BadMatch); } else { if( panoramiXdataPtr[0].x + pDraw->x + x < 0 || panoramiXdataPtr[0].x + pDraw->x + x + w > PanoramiXPixWidth || panoramiXdataPtr[0].y + pDraw->y + y < 0 || panoramiXdataPtr[0].y + pDraw->y + y + h > PanoramiXPixHeight || x < - wBorderWidth((WindowPtr)pDraw) || x + w > wBorderWidth((WindowPtr)pDraw) + (int)pDraw->width || y < -wBorderWidth((WindowPtr)pDraw) || y + h > wBorderWidth ((WindowPtr)pDraw) + (int)pDraw->height) return(BadMatch); } drawables[0] = pDraw; for(i = 1; i < PanoramiXNumScreens; i++) { rc = dixLookupDrawable(drawables+i, draw->info[i].id, client, 0, DixUnknownAccess); if (rc != Success) return rc; } xgi.visual = wVisual(((WindowPtr)pDraw)); xgi.type = X_Reply; xgi.length = 0; xgi.sequenceNumber = client->sequence; xgi.depth = pDraw->depth; if(format == ZPixmap) { widthBytesLine = PixmapBytePad(w, pDraw->depth); length = widthBytesLine * h; } else { widthBytesLine = PixmapBytePad(w, 1); lenPer = widthBytesLine * h; plane = ((Mask)1) << (pDraw->depth - 1); length = lenPer * Ones(planemask & (plane | (plane - 1))); } VERIFY_SHMSIZE(shmdesc, stuff->offset, length, client); xgi.size = length; if (length == 0) { } else if (format == ZPixmap) { XineramaGetImageData(drawables, x, y, w, h, format, planemask, shmdesc->addr + stuff->offset, widthBytesLine, isRoot); } else { length = stuff->offset; for (; plane; plane >>= 1) { if (planemask & plane) { XineramaGetImageData(drawables, x, y, w, h, format, plane, shmdesc->addr + length, widthBytesLine, isRoot); length += lenPer; } } } if (client->swapped) { register int n; swaps(&xgi.sequenceNumber, n); swapl(&xgi.length, n); swapl(&xgi.visual, n); swapl(&xgi.size, n); } WriteToClient(client, sizeof(xShmGetImageReply), (char *)&xgi); return(client->noClientException); }",xserver,,,266024930627613609518159347884732037800,0 2849,['CWE-119'],"free_state(struct posix_acl_state *state) { kfree(state->users); kfree(state->groups); }",linux-2.6,,,305537076849609193194646619964976691669,0 5031,CWE-191,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 6113,['CWE-200'],"static int cbq_init(struct Qdisc *sch, struct rtattr *opt) { struct cbq_sched_data *q = qdisc_priv(sch); struct rtattr *tb[TCA_CBQ_MAX]; struct tc_ratespec *r; if (rtattr_parse_nested(tb, TCA_CBQ_MAX, opt) < 0 || tb[TCA_CBQ_RTAB-1] == NULL || tb[TCA_CBQ_RATE-1] == NULL || RTA_PAYLOAD(tb[TCA_CBQ_RATE-1]) < sizeof(struct tc_ratespec)) return -EINVAL; if (tb[TCA_CBQ_LSSOPT-1] && RTA_PAYLOAD(tb[TCA_CBQ_LSSOPT-1]) < sizeof(struct tc_cbq_lssopt)) return -EINVAL; r = RTA_DATA(tb[TCA_CBQ_RATE-1]); if ((q->link.R_tab = qdisc_get_rtab(r, tb[TCA_CBQ_RTAB-1])) == NULL) return -EINVAL; q->link.refcnt = 1; q->link.sibling = &q->link; q->link.classid = sch->handle; q->link.qdisc = sch; if (!(q->link.q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops))) q->link.q = &noop_qdisc; q->link.priority = TC_CBQ_MAXPRIO-1; q->link.priority2 = TC_CBQ_MAXPRIO-1; q->link.cpriority = TC_CBQ_MAXPRIO-1; q->link.ovl_strategy = TC_CBQ_OVL_CLASSIC; q->link.overlimit = cbq_ovl_classic; q->link.allot = psched_mtu(sch->dev); q->link.quantum = q->link.allot; q->link.weight = q->link.R_tab->rate.rate; q->link.ewma_log = TC_CBQ_DEF_EWMA; q->link.avpkt = q->link.allot/2; q->link.minidle = -0x7FFFFFFF; q->link.stats_lock = &sch->dev->queue_lock; init_timer(&q->wd_timer); q->wd_timer.data = (unsigned long)sch; q->wd_timer.function = cbq_watchdog; init_timer(&q->delay_timer); q->delay_timer.data = (unsigned long)sch; q->delay_timer.function = cbq_undelay; q->toplevel = TC_CBQ_MAXLEVEL; PSCHED_GET_TIME(q->now); q->now_rt = q->now; cbq_link_class(&q->link); if (tb[TCA_CBQ_LSSOPT-1]) cbq_set_lss(&q->link, RTA_DATA(tb[TCA_CBQ_LSSOPT-1])); cbq_addprio(q, &q->link); return 0; }",linux-2.6,,,57034677787403245188806497163985195951,0 5275,['CWE-264'],"static void merge_aces( canon_ace **pp_list_head ) { canon_ace *list_head = *pp_list_head; canon_ace *curr_ace_outer; canon_ace *curr_ace_outer_next; for (curr_ace_outer = list_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) { canon_ace *curr_ace; canon_ace *curr_ace_next; curr_ace_outer_next = curr_ace_outer->next; for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) { curr_ace_next = curr_ace->next; if (identity_in_ace_equal(curr_ace, curr_ace_outer) && (curr_ace->attr == curr_ace_outer->attr)) { if( DEBUGLVL( 10 )) { dbgtext(""merge_aces: Merging ACE's\n""); print_canon_ace( curr_ace_outer, 0); print_canon_ace( curr_ace, 0); } curr_ace_outer->perms |= curr_ace->perms; DLIST_REMOVE(list_head, curr_ace); SAFE_FREE(curr_ace); curr_ace_outer_next = curr_ace_outer->next; } } } for (curr_ace_outer = list_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) { canon_ace *curr_ace; canon_ace *curr_ace_next; curr_ace_outer_next = curr_ace_outer->next; for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) { curr_ace_next = curr_ace->next; if (identity_in_ace_equal(curr_ace, curr_ace_outer) && (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) { if( DEBUGLVL( 10 )) { dbgtext(""merge_aces: Masking ACE's\n""); print_canon_ace( curr_ace_outer, 0); print_canon_ace( curr_ace, 0); } curr_ace->perms &= ~curr_ace_outer->perms; if (curr_ace->perms == 0) { DLIST_REMOVE(list_head, curr_ace); SAFE_FREE(curr_ace); curr_ace_outer_next = curr_ace_outer->next; } else { DLIST_REMOVE(list_head, curr_ace_outer); SAFE_FREE(curr_ace_outer); break; } } } } *pp_list_head = list_head; }",samba,,,109040959447875710139150220592180506803,0 6066,CWE-190,"void bn_rec_rtnaf(int8_t *tnaf, int *len, const bn_t k, int8_t u, int m, int w) { int i, l; bn_t tmp, r0, r1; int8_t beta[64], gama[64]; uint8_t t_w; dig_t t0, t1, mask; int s, t, u_i; bn_null(r0); bn_null(r1); bn_null(tmp); if (*len < (bn_bits(k) + 1)) { RLC_THROW(ERR_NO_BUFFER); return; } RLC_TRY { bn_new(r0); bn_new(r1); bn_new(tmp); memset(tnaf, 0, *len); bn_rec_tnaf_get(&t_w, beta, gama, u, w); bn_abs(tmp, k); bn_rec_tnaf_mod(r0, r1, tmp, u, m); mask = RLC_MASK(w); l = RLC_CEIL(m + 2, (w - 1)); i = 0; while (i < l) { if (w == 2) { t0 = r0->dp[0]; if (bn_sign(r0) == RLC_NEG) { t0 = (1 << w) - t0; } t1 = r1->dp[0]; if (bn_sign(r1) == RLC_NEG) { t1 = (1 << w) - t1; } u_i = ((t0 - 2 * t1) & mask) - 2; tnaf[i++] = u_i; if (u_i < 0) { bn_add_dig(r0, r0, -u_i); } else { bn_sub_dig(r0, r0, u_i); } } else { t0 = r0->dp[0]; if (bn_sign(r0) == RLC_NEG) { t0 = (1 << w) - t0; } t1 = r1->dp[0]; if (bn_sign(r1) == RLC_NEG) { t1 = (1 << w) - t1; } u_i = ((t0 + t_w * t1) & mask) - (1 << (w - 1)); if (u_i < 0) { tnaf[i++] = u_i; u_i = (int8_t)(-u_i >> 1); t = -beta[u_i]; s = -gama[u_i]; } else { tnaf[i++] = u_i; u_i = (int8_t)(u_i >> 1); t = beta[u_i]; s = gama[u_i]; } if (t > 0) { bn_sub_dig(r0, r0, t); } else { bn_add_dig(r0, r0, -t); } if (s > 0) { bn_sub_dig(r1, r1, s); } else { bn_add_dig(r1, r1, -s); } } for (int j = 0; j < (w - 1); j++) { bn_hlv(tmp, r0); if (u == -1) { bn_sub(r0, r1, tmp); } else { bn_add(r0, r1, tmp); } bn_copy(r1, tmp); r1->sign = tmp->sign ^ 1; } } s = r0->dp[0]; t = r1->dp[0]; if (bn_sign(r0) == RLC_NEG) { s = -s; } if (bn_sign(r1) == RLC_NEG) { t = -t; } if (s != 0 && t != 0) { for (int j = 0; j < (1 << (w - 2)); j++) { if (beta[j] == s && gama[j] == t) { tnaf[i++] = 2 * j + 1; break; } } for (int j = 0; j < (1 << (w - 2)); j++) { if (beta[j] == -s && gama[j] == -t) { tnaf[i++] = -(2 * j + 1); break; } } } else { if (t != 0) { tnaf[i++] = t; } else { tnaf[i++] = s; } } *len = i; } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(r0); bn_free(r1); bn_free(tmp); } }",visit repo url,src/bn/relic_bn_rec.c,https://github.com/relic-toolkit/relic,46937084298818,1 3675,CWE-787,"hb_set_invert (hb_set_t *set) { if (unlikely (hb_object_is_immutable (set))) return; set->invert (); }",visit repo url,src/hb-set.cc,https://github.com/harfbuzz/harfbuzz,148396131562827,1 5145,['CWE-20'],"static inline void __invept(int ext, u64 eptp, gpa_t gpa) { struct { u64 eptp, gpa; } operand = {eptp, gpa}; asm volatile (__ex(ASM_VMX_INVEPT) ""; ja 1f ; ud2 ; 1:\n"" : : ""a"" (&operand), ""c"" (ext) : ""cc"", ""memory""); }",linux-2.6,,,132833981658795892172183244875064419030,0 4821,CWE-119,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 2979,CWE-399,"parse(struct magic_set *ms, struct magic_entry *me, const char *line, size_t lineno, int action) { #ifdef ENABLE_CONDITIONALS static uint32_t last_cont_level = 0; #endif size_t i; struct magic *m; const char *l = line; char *t; int op; uint32_t cont_level; int32_t diff; cont_level = 0; while (*l == '>') { ++l; cont_level++; } #ifdef ENABLE_CONDITIONALS if (cont_level == 0 || cont_level > last_cont_level) if (file_check_mem(ms, cont_level) == -1) return -1; last_cont_level = cont_level; #endif if (cont_level != 0) { if (me->mp == NULL) { file_magerror(ms, ""No current entry for continuation""); return -1; } if (me->cont_count == 0) { file_magerror(ms, ""Continuations present with 0 count""); return -1; } m = &me->mp[me->cont_count - 1]; diff = (int32_t)cont_level - (int32_t)m->cont_level; if (diff > 1) file_magwarn(ms, ""New continuation level %u is more "" ""than one larger than current level %u"", cont_level, m->cont_level); if (me->cont_count == me->max_count) { struct magic *nm; size_t cnt = me->max_count + ALLOC_CHUNK; if ((nm = CAST(struct magic *, realloc(me->mp, sizeof(*nm) * cnt))) == NULL) { file_oomem(ms, sizeof(*nm) * cnt); return -1; } me->mp = m = nm; me->max_count = CAST(uint32_t, cnt); } m = &me->mp[me->cont_count++]; (void)memset(m, 0, sizeof(*m)); m->cont_level = cont_level; } else { static const size_t len = sizeof(*m) * ALLOC_CHUNK; if (me->mp != NULL) return 1; if ((m = CAST(struct magic *, malloc(len))) == NULL) { file_oomem(ms, len); return -1; } me->mp = m; me->max_count = ALLOC_CHUNK; (void)memset(m, 0, sizeof(*m)); m->factor_op = FILE_FACTOR_OP_NONE; m->cont_level = 0; me->cont_count = 1; } m->lineno = CAST(uint32_t, lineno); if (*l == '&') { ++l; m->flag |= OFFADD; } if (*l == '(') { ++l; m->flag |= INDIR; if (m->flag & OFFADD) m->flag = (m->flag & ~OFFADD) | INDIROFFADD; if (*l == '&') { ++l; m->flag |= OFFADD; } } if (m->cont_level == 0 && (m->flag & (OFFADD | INDIROFFADD))) if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""relative offset at level 0""); m->offset = (uint32_t)strtoul(l, &t, 0); if (l == t) if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""offset `%s' invalid"", l); l = t; if (m->flag & INDIR) { m->in_type = FILE_LONG; m->in_offset = 0; if (*l == '.') { l++; switch (*l) { case 'l': m->in_type = FILE_LELONG; break; case 'L': m->in_type = FILE_BELONG; break; case 'm': m->in_type = FILE_MELONG; break; case 'h': case 's': m->in_type = FILE_LESHORT; break; case 'H': case 'S': m->in_type = FILE_BESHORT; break; case 'c': case 'b': case 'C': case 'B': m->in_type = FILE_BYTE; break; case 'e': case 'f': case 'g': m->in_type = FILE_LEDOUBLE; break; case 'E': case 'F': case 'G': m->in_type = FILE_BEDOUBLE; break; case 'i': m->in_type = FILE_LEID3; break; case 'I': m->in_type = FILE_BEID3; break; default: if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""indirect offset type `%c' invalid"", *l); break; } l++; } m->in_op = 0; if (*l == '~') { m->in_op |= FILE_OPINVERSE; l++; } if ((op = get_op(*l)) != -1) { m->in_op |= op; l++; } if (*l == '(') { m->in_op |= FILE_OPINDIRECT; l++; } if (isdigit((unsigned char)*l) || *l == '-') { m->in_offset = (int32_t)strtol(l, &t, 0); if (l == t) if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""in_offset `%s' invalid"", l); l = t; } if (*l++ != ')' || ((m->in_op & FILE_OPINDIRECT) && *l++ != ')')) if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""missing ')' in indirect offset""); } EATAB; #ifdef ENABLE_CONDITIONALS m->cond = get_cond(l, &l); if (check_cond(ms, m->cond, cont_level) == -1) return -1; EATAB; #endif if (*l == 'u') { m->type = get_type(type_tbl, l + 1, &l); if (m->type == FILE_INVALID) { m->type = get_standard_integer_type(l, &l); } if (m->type != FILE_INVALID) m->flag |= UNSIGNED; } else { m->type = get_type(type_tbl, l, &l); if (m->type == FILE_INVALID) { if (*l == 'd') m->type = get_standard_integer_type(l, &l); else if (*l == 's' && !isalpha((unsigned char)l[1])) { m->type = FILE_STRING; ++l; } } } if (m->type == FILE_INVALID) { m->type = get_type(special_tbl, l, &l); } if (m->type == FILE_INVALID) { if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""type `%s' invalid"", l); return -1; } m->mask_op = 0; if (*l == '~') { if (!IS_STRING(m->type)) m->mask_op |= FILE_OPINVERSE; else if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""'~' invalid for string types""); ++l; } m->str_range = 0; m->str_flags = m->type == FILE_PSTRING ? PSTRING_1_LE : 0; if ((op = get_op(*l)) != -1) { if (!IS_STRING(m->type)) { uint64_t val; ++l; m->mask_op |= op; val = (uint64_t)strtoull(l, &t, 0); l = t; m->num_mask = file_signextend(ms, m, val); eatsize(&l); } else if (op == FILE_OPDIVIDE) { int have_range = 0; while (!isspace((unsigned char)*++l)) { switch (*l) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': if (have_range && (ms->flags & MAGIC_CHECK)) file_magwarn(ms, ""multiple ranges""); have_range = 1; m->str_range = CAST(uint32_t, strtoul(l, &t, 0)); if (m->str_range == 0) file_magwarn(ms, ""zero range""); l = t - 1; break; case CHAR_COMPACT_WHITESPACE: m->str_flags |= STRING_COMPACT_WHITESPACE; break; case CHAR_COMPACT_OPTIONAL_WHITESPACE: m->str_flags |= STRING_COMPACT_OPTIONAL_WHITESPACE; break; case CHAR_IGNORE_LOWERCASE: m->str_flags |= STRING_IGNORE_LOWERCASE; break; case CHAR_IGNORE_UPPERCASE: m->str_flags |= STRING_IGNORE_UPPERCASE; break; case CHAR_REGEX_OFFSET_START: m->str_flags |= REGEX_OFFSET_START; break; case CHAR_BINTEST: m->str_flags |= STRING_BINTEST; break; case CHAR_TEXTTEST: m->str_flags |= STRING_TEXTTEST; break; case CHAR_TRIM: m->str_flags |= STRING_TRIM; break; case CHAR_PSTRING_1_LE: if (m->type != FILE_PSTRING) goto bad; m->str_flags = (m->str_flags & ~PSTRING_LEN) | PSTRING_1_LE; break; case CHAR_PSTRING_2_BE: if (m->type != FILE_PSTRING) goto bad; m->str_flags = (m->str_flags & ~PSTRING_LEN) | PSTRING_2_BE; break; case CHAR_PSTRING_2_LE: if (m->type != FILE_PSTRING) goto bad; m->str_flags = (m->str_flags & ~PSTRING_LEN) | PSTRING_2_LE; break; case CHAR_PSTRING_4_BE: if (m->type != FILE_PSTRING) goto bad; m->str_flags = (m->str_flags & ~PSTRING_LEN) | PSTRING_4_BE; break; case CHAR_PSTRING_4_LE: if (m->type != FILE_PSTRING) goto bad; m->str_flags = (m->str_flags & ~PSTRING_LEN) | PSTRING_4_LE; break; case CHAR_PSTRING_LENGTH_INCLUDES_ITSELF: if (m->type != FILE_PSTRING) goto bad; m->str_flags |= PSTRING_LENGTH_INCLUDES_ITSELF; break; default: bad: if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""string extension `%c' "" ""invalid"", *l); return -1; } if (l[1] == '/' && !isspace((unsigned char)l[2])) l++; } if (string_modifier_check(ms, m) == -1) return -1; } else { if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""invalid string op: %c"", *t); return -1; } } EATAB; switch (*l) { case '>': case '<': m->reln = *l; ++l; if (*l == '=') { if (ms->flags & MAGIC_CHECK) { file_magwarn(ms, ""%c= not supported"", m->reln); return -1; } ++l; } break; case '&': case '^': case '=': m->reln = *l; ++l; if (*l == '=') { ++l; } break; case '!': m->reln = *l; ++l; break; default: m->reln = '='; if (*l == 'x' && ((isascii((unsigned char)l[1]) && isspace((unsigned char)l[1])) || !l[1])) { m->reln = *l; ++l; } break; } if (m->reln != 'x' && getvalue(ms, m, &l, action)) return -1; EATAB; if (l[0] == '\b') { ++l; m->flag |= NOSPACE; } else if ((l[0] == '\\') && (l[1] == 'b')) { ++l; ++l; m->flag |= NOSPACE; } for (i = 0; (m->desc[i++] = *l++) != '\0' && i < sizeof(m->desc); ) continue; if (i == sizeof(m->desc)) { m->desc[sizeof(m->desc) - 1] = '\0'; if (ms->flags & MAGIC_CHECK) file_magwarn(ms, ""description `%s' truncated"", m->desc); } if (ms->flags & MAGIC_CHECK) { if (check_format(ms, m) == -1) return -1; } #ifndef COMPILE_ONLY if (action == FILE_CHECK) { file_mdump(m); } #endif m->mimetype[0] = '\0'; return 0; }",visit repo url,src/apprentice.c,https://github.com/file/file,70450329808330,1 2645,CWE-125,"static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAMETERS) { const char* loc_name = NULL; int loc_name_len = 0; const char* disp_loc_name = NULL; int disp_loc_name_len = 0; int free_loc_name = 0; UChar* disp_name = NULL; int32_t disp_name_len = 0; char* mod_loc_name = NULL; int32_t buflen = 512; UErrorCode status = U_ZERO_ERROR; char* utf8value = NULL; int utf8value_len = 0; char* msg = NULL; int grOffset = 0; intl_error_reset( NULL TSRMLS_CC ); if(zend_parse_parameters( ZEND_NUM_ARGS() TSRMLS_CC, ""s|s"", &loc_name, &loc_name_len , &disp_loc_name ,&disp_loc_name_len ) == FAILURE) { spprintf(&msg , 0, ""locale_get_display_%s : unable to parse input params"", tag_name ); intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, msg , 1 TSRMLS_CC ); efree(msg); RETURN_FALSE; } if(loc_name_len > ULOC_FULLNAME_CAPACITY) { spprintf(&msg , 0, ""locale_get_display_%s : name too long"", tag_name ); intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, msg , 1 TSRMLS_CC ); efree(msg); RETURN_FALSE; } if(loc_name_len == 0) { loc_name = intl_locale_get_default(TSRMLS_C); } if( strcmp(tag_name, DISP_NAME) != 0 ){ grOffset = findOffset( LOC_GRANDFATHERED , loc_name ); if( grOffset >= 0 ){ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ mod_loc_name = getPreferredTag( loc_name ); } else { RETURN_FALSE; } } } if( mod_loc_name==NULL ){ mod_loc_name = estrdup( loc_name ); } if( !disp_loc_name){ disp_loc_name = estrdup(intl_locale_get_default(TSRMLS_C)); free_loc_name = 1; } do{ disp_name = erealloc( disp_name , buflen * sizeof(UChar) ); disp_name_len = buflen; if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ buflen = uloc_getDisplayLanguage ( mod_loc_name , disp_loc_name , disp_name , disp_name_len , &status); } else if( strcmp(tag_name , LOC_SCRIPT_TAG)==0 ){ buflen = uloc_getDisplayScript ( mod_loc_name , disp_loc_name , disp_name , disp_name_len , &status); } else if( strcmp(tag_name , LOC_REGION_TAG)==0 ){ buflen = uloc_getDisplayCountry ( mod_loc_name , disp_loc_name , disp_name , disp_name_len , &status); } else if( strcmp(tag_name , LOC_VARIANT_TAG)==0 ){ buflen = uloc_getDisplayVariant ( mod_loc_name , disp_loc_name , disp_name , disp_name_len , &status); } else if( strcmp(tag_name , DISP_NAME)==0 ){ buflen = uloc_getDisplayName ( mod_loc_name , disp_loc_name , disp_name , disp_name_len , &status); } if( U_FAILURE( status ) ) { if( status == U_BUFFER_OVERFLOW_ERROR ) { status = U_ZERO_ERROR; continue; } spprintf(&msg, 0, ""locale_get_display_%s : unable to get locale %s"", tag_name , tag_name ); intl_error_set( NULL, status, msg , 1 TSRMLS_CC ); efree(msg); if( disp_name){ efree( disp_name ); } if( mod_loc_name){ efree( mod_loc_name ); } if (free_loc_name) { efree((void *)disp_loc_name); disp_loc_name = NULL; } RETURN_FALSE; } } while( buflen > disp_name_len ); if( mod_loc_name){ efree( mod_loc_name ); } if (free_loc_name) { efree((void *)disp_loc_name); disp_loc_name = NULL; } intl_convert_utf16_to_utf8( &utf8value, &utf8value_len, disp_name, buflen, &status ); efree( disp_name ); if( U_FAILURE( status ) ) { spprintf(&msg, 0, ""locale_get_display_%s :error converting display name for %s to UTF-8"", tag_name , tag_name ); intl_error_set( NULL, status, msg , 1 TSRMLS_CC ); efree(msg); RETURN_FALSE; } RETVAL_STRINGL( utf8value, utf8value_len , FALSE); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,249214584360058,1 6753,CWE-787,"static int _dns_debug_display(struct dns_packet *packet) { int i = 0; int j = 0; int ttl = 0; struct dns_rrs *rrs = NULL; int rr_count = 0; char req_host[MAX_IP_LEN]; for (j = 1; j < DNS_RRS_END; j++) { rrs = dns_get_rrs_start(packet, j, &rr_count); printf(""section: %d\n"", j); for (i = 0; i < rr_count && rrs; i++, rrs = dns_get_rrs_next(packet, rrs)) { switch (rrs->type) { case DNS_T_A: { unsigned char addr[4]; char name[DNS_MAX_CNAME_LEN] = {0}; dns_get_A(rrs, name, DNS_MAX_CNAME_LEN, &ttl, addr); req_host[0] = '\0'; inet_ntop(AF_INET, addr, req_host, sizeof(req_host)); printf(""domain: %s A: %s TTL: %d\n"", name, req_host, ttl); } break; case DNS_T_AAAA: { unsigned char addr[16]; char name[DNS_MAX_CNAME_LEN] = {0}; dns_get_AAAA(rrs, name, DNS_MAX_CNAME_LEN, &ttl, addr); req_host[0] = '\0'; inet_ntop(AF_INET6, addr, req_host, sizeof(req_host)); printf(""domain: %s AAAA: %s TTL:%d\n"", name, req_host, ttl); } break; case DNS_T_HTTPS: { char name[DNS_MAX_CNAME_LEN] = {0}; char target[DNS_MAX_CNAME_LEN] = {0}; struct dns_https_param *p = NULL; int priority = 0; p = dns_get_HTTPS_svcparm_start(rrs, name, DNS_MAX_CNAME_LEN, &ttl, &priority, target, DNS_MAX_CNAME_LEN); if (p == NULL) { printf(""get HTTPS svcparm failed\n""); break; } printf(""domain: %s HTTPS: %s TTL: %d priority: %d\n"", name, target, ttl, priority); for (; p; p = dns_get_HTTPS_svcparm_next(rrs, p)) { switch (p->key) { case DNS_HTTPS_T_MANDATORY: { printf("" HTTPS: mandatory: %s\n"", p->value); } break; case DNS_HTTPS_T_ALPN: { printf("" HTTPS: alpn: %s\n"", p->value); } break; case DNS_HTTPS_T_NO_DEFAULT_ALPN: { printf("" HTTPS: no_default_alpn: %s\n"", p->value); } break; case DNS_HTTPS_T_PORT: { int port = *(unsigned short *)(p->value); printf("" HTTPS: port: %d\n"", port); } break; case DNS_HTTPS_T_IPV4HINT: { printf("" HTTPS: ipv4hint: %d\n"", p->len / 4); for (int k = 0; k < p->len / 4; k++) { char ip[16] = {0}; inet_ntop(AF_INET, p->value + k * 4, ip, sizeof(ip)); printf("" ipv4: %s\n"", ip); } } break; case DNS_HTTPS_T_ECH: { printf("" HTTPS: ech: ""); for (int k = 0; k < p->len; k++) { printf(""%02x "", p->value[k]); } printf(""\n""); } break; case DNS_HTTPS_T_IPV6HINT: { printf("" HTTPS: ipv6hint: %d\n"", p->len / 16); for (int k = 0; k < p->len / 16; k++) { char ip[64] = {0}; inet_ntop(AF_INET6, p->value + k * 16, ip, sizeof(ip)); printf("" ipv6: %s\n"", ip); } } break; } } } break; case DNS_T_NS: { char cname[DNS_MAX_CNAME_LEN]; char name[DNS_MAX_CNAME_LEN] = {0}; dns_get_CNAME(rrs, name, DNS_MAX_CNAME_LEN, &ttl, cname, DNS_MAX_CNAME_LEN); printf(""domain: %s TTL: %d NS: %s\n"", name, ttl, cname); } break; case DNS_T_CNAME: { char cname[DNS_MAX_CNAME_LEN]; char name[DNS_MAX_CNAME_LEN] = {0}; if (dns_conf_force_no_cname) { continue; } dns_get_CNAME(rrs, name, DNS_MAX_CNAME_LEN, &ttl, cname, DNS_MAX_CNAME_LEN); printf(""domain: %s TTL: %d CNAME: %s\n"", name, ttl, cname); } break; case DNS_T_SOA: { char name[DNS_MAX_CNAME_LEN] = {0}; struct dns_soa soa; dns_get_SOA(rrs, name, 128, &ttl, &soa); printf(""domain: %s SOA: mname: %s, rname: %s, serial: %d, refresh: %d, retry: %d, expire: "" ""%d, minimum: %d"", name, soa.mname, soa.rname, soa.serial, soa.refresh, soa.retry, soa.expire, soa.minimum); } break; default: break; } } printf(""\n""); } return 0; }",visit repo url,src/util.c,https://github.com/pymumu/smartdns,170868659721466,1 3272,CWE-125,"isis_print_is_reach_subtlv(netdissect_options *ndo, const uint8_t *tptr, u_int subt, u_int subl, const char *ident) { u_int te_class,priority_level,gmpls_switch_cap; union { float f; uint32_t i; } bw; ND_PRINT((ndo, ""%s%s subTLV #%u, length: %u"", ident, tok2str(isis_ext_is_reach_subtlv_values, ""unknown"", subt), subt, subl)); ND_TCHECK2(*tptr, subl); switch(subt) { case ISIS_SUBTLV_EXT_IS_REACH_ADMIN_GROUP: case ISIS_SUBTLV_EXT_IS_REACH_LINK_LOCAL_REMOTE_ID: case ISIS_SUBTLV_EXT_IS_REACH_LINK_REMOTE_ID: if (subl >= 4) { ND_PRINT((ndo, "", 0x%08x"", EXTRACT_32BITS(tptr))); if (subl == 8) ND_PRINT((ndo, "", 0x%08x"", EXTRACT_32BITS(tptr+4))); } break; case ISIS_SUBTLV_EXT_IS_REACH_IPV4_INTF_ADDR: case ISIS_SUBTLV_EXT_IS_REACH_IPV4_NEIGHBOR_ADDR: if (subl >= sizeof(struct in_addr)) ND_PRINT((ndo, "", %s"", ipaddr_string(ndo, tptr))); break; case ISIS_SUBTLV_EXT_IS_REACH_MAX_LINK_BW : case ISIS_SUBTLV_EXT_IS_REACH_RESERVABLE_BW: if (subl >= 4) { bw.i = EXTRACT_32BITS(tptr); ND_PRINT((ndo, "", %.3f Mbps"", bw.f * 8 / 1000000)); } break; case ISIS_SUBTLV_EXT_IS_REACH_UNRESERVED_BW : if (subl >= 32) { for (te_class = 0; te_class < 8; te_class++) { bw.i = EXTRACT_32BITS(tptr); ND_PRINT((ndo, ""%s TE-Class %u: %.3f Mbps"", ident, te_class, bw.f * 8 / 1000000)); tptr+=4; } } break; case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS: case ISIS_SUBTLV_EXT_IS_REACH_BW_CONSTRAINTS_OLD: ND_PRINT((ndo, ""%sBandwidth Constraints Model ID: %s (%u)"", ident, tok2str(diffserv_te_bc_values, ""unknown"", *tptr), *tptr)); tptr++; for (te_class = 0; te_class < (subl-1)/4; te_class++) { ND_TCHECK2(*tptr, 4); bw.i = EXTRACT_32BITS(tptr); ND_PRINT((ndo, ""%s Bandwidth constraint CT%u: %.3f Mbps"", ident, te_class, bw.f * 8 / 1000000)); tptr+=4; } break; case ISIS_SUBTLV_EXT_IS_REACH_TE_METRIC: if (subl >= 3) ND_PRINT((ndo, "", %u"", EXTRACT_24BITS(tptr))); break; case ISIS_SUBTLV_EXT_IS_REACH_LINK_ATTRIBUTE: if (subl == 2) { ND_PRINT((ndo, "", [ %s ] (0x%04x)"", bittok2str(isis_subtlv_link_attribute_values, ""Unknown"", EXTRACT_16BITS(tptr)), EXTRACT_16BITS(tptr))); } break; case ISIS_SUBTLV_EXT_IS_REACH_LINK_PROTECTION_TYPE: if (subl >= 2) { ND_PRINT((ndo, "", %s, Priority %u"", bittok2str(gmpls_link_prot_values, ""none"", *tptr), *(tptr+1))); } break; case ISIS_SUBTLV_SPB_METRIC: if (subl >= 6) { ND_PRINT((ndo, "", LM: %u"", EXTRACT_24BITS(tptr))); tptr=tptr+3; ND_PRINT((ndo, "", P: %u"", *(tptr))); tptr++; ND_PRINT((ndo, "", P-ID: %u"", EXTRACT_16BITS(tptr))); } break; case ISIS_SUBTLV_EXT_IS_REACH_INTF_SW_CAP_DESCR: if (subl >= 36) { gmpls_switch_cap = *tptr; ND_PRINT((ndo, ""%s Interface Switching Capability:%s"", ident, tok2str(gmpls_switch_cap_values, ""Unknown"", gmpls_switch_cap))); ND_PRINT((ndo, "", LSP Encoding: %s"", tok2str(gmpls_encoding_values, ""Unknown"", *(tptr + 1)))); tptr+=4; ND_PRINT((ndo, ""%s Max LSP Bandwidth:"", ident)); for (priority_level = 0; priority_level < 8; priority_level++) { bw.i = EXTRACT_32BITS(tptr); ND_PRINT((ndo, ""%s priority level %d: %.3f Mbps"", ident, priority_level, bw.f * 8 / 1000000)); tptr+=4; } subl-=36; switch (gmpls_switch_cap) { case GMPLS_PSC1: case GMPLS_PSC2: case GMPLS_PSC3: case GMPLS_PSC4: ND_TCHECK2(*tptr, 6); bw.i = EXTRACT_32BITS(tptr); ND_PRINT((ndo, ""%s Min LSP Bandwidth: %.3f Mbps"", ident, bw.f * 8 / 1000000)); ND_PRINT((ndo, ""%s Interface MTU: %u"", ident, EXTRACT_16BITS(tptr + 4))); break; case GMPLS_TSC: ND_TCHECK2(*tptr, 8); bw.i = EXTRACT_32BITS(tptr); ND_PRINT((ndo, ""%s Min LSP Bandwidth: %.3f Mbps"", ident, bw.f * 8 / 1000000)); ND_PRINT((ndo, ""%s Indication %s"", ident, tok2str(gmpls_switch_cap_tsc_indication_values, ""Unknown (%u)"", *(tptr + 4)))); break; default: if(subl>0){ if (!print_unknown_data(ndo, tptr, ""\n\t\t "", subl)) return(0); } } } break; default: if (!print_unknown_data(ndo, tptr, ""\n\t\t "", subl)) return(0); break; } return(1); trunc: return(0); }",visit repo url,print-isoclns.c,https://github.com/the-tcpdump-group/tcpdump,183721592397390,1 2221,NVD-CWE-noinfo,"static int nfs4_open_recover_helper(struct nfs4_opendata *opendata, mode_t openflags, struct nfs4_state **res) { struct nfs4_state *newstate; int ret; opendata->o_arg.open_flags = openflags; memset(&opendata->o_res, 0, sizeof(opendata->o_res)); memset(&opendata->c_res, 0, sizeof(opendata->c_res)); nfs4_init_opendata_res(opendata); ret = _nfs4_proc_open(opendata); if (ret != 0) return ret; newstate = nfs4_opendata_to_nfs4_state(opendata); if (IS_ERR(newstate)) return PTR_ERR(newstate); nfs4_close_state(&opendata->path, newstate, openflags); *res = newstate; return 0; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,236923189893574,1 2950,CWE-59,"static int setup_dev_console(const struct lxc_rootfs *rootfs, const struct lxc_console *console) { char path[MAXPATHLEN]; struct stat s; int ret; ret = snprintf(path, sizeof(path), ""%s/dev/console"", rootfs->mount); if (ret >= sizeof(path)) { ERROR(""console path too long""); return -1; } if (access(path, F_OK)) { WARN(""rootfs specified but no console found at '%s'"", path); return 0; } if (console->master < 0) { INFO(""no console""); return 0; } if (stat(path, &s)) { SYSERROR(""failed to stat '%s'"", path); return -1; } if (chmod(console->name, s.st_mode)) { SYSERROR(""failed to set mode '0%o' to '%s'"", s.st_mode, console->name); return -1; } if (mount(console->name, path, ""none"", MS_BIND, 0)) { ERROR(""failed to mount '%s' on '%s'"", console->name, path); return -1; } INFO(""console has been setup""); return 0; }",visit repo url,src/lxc/conf.c,https://github.com/lxc/lxc,57025503550601,1 833,['CWE-119'],"isdn_lock_drivers(void) { int i; for (i = 0; i < ISDN_MAX_DRIVERS; i++) { if (!dev->drv[i]) continue; isdn_lock_driver(dev->drv[i]); } }",linux-2.6,,,282232651089312450168586222326158837641,0 5233,['CWE-264'],"static bool get_protected_flag(struct pai_val *pal) { if (!pal) return False; return pal->pai_protected; }",samba,,,62917240983507421579373263363309180154,0 4182,['CWE-399'],"AvahiServerState avahi_server_get_state(AvahiServer *s) { assert(s); return s->state; }",avahi,,,88450113897616533231824691443075648477,0 2635,CWE-125,"static char* lookup_loc_range(const char* loc_range, HashTable* hash_arr, int canonicalize TSRMLS_DC) { int i = 0; int cur_arr_len = 0; int result = 0; char* lang_tag = NULL; zval** ele_value = NULL; char** cur_arr = NULL; char* cur_loc_range = NULL; char* can_loc_range = NULL; int saved_pos = 0; char* return_value = NULL; cur_arr = ecalloc(zend_hash_num_elements(hash_arr)*2, sizeof(char *)); for(zend_hash_internal_pointer_reset(hash_arr); zend_hash_has_more_elements(hash_arr) == SUCCESS; zend_hash_move_forward(hash_arr)) { if (zend_hash_get_current_data(hash_arr, (void**)&ele_value) == FAILURE) { continue; } if(Z_TYPE_PP(ele_value)!= IS_STRING) { intl_error_set(NULL, U_ILLEGAL_ARGUMENT_ERROR, ""lookup_loc_range: locale array element is not a string"", 0 TSRMLS_CC); LOOKUP_CLEAN_RETURN(NULL); } cur_arr[cur_arr_len*2] = estrndup(Z_STRVAL_PP(ele_value), Z_STRLEN_PP(ele_value)); result = strToMatch(Z_STRVAL_PP(ele_value), cur_arr[cur_arr_len*2]); if(result == 0) { intl_error_set(NULL, U_ILLEGAL_ARGUMENT_ERROR, ""lookup_loc_range: unable to canonicalize lang_tag"", 0 TSRMLS_CC); LOOKUP_CLEAN_RETURN(NULL); } cur_arr[cur_arr_len*2+1] = Z_STRVAL_PP(ele_value); cur_arr_len++ ; } if(canonicalize) { for(i=0; i 0) { for(i=0; i< cur_arr_len; i++){ if(cur_arr[i*2] != NULL && strlen(cur_arr[i*2]) == saved_pos && strncmp(cur_loc_range, cur_arr[i*2], saved_pos) == 0) { return_value = estrdup(canonicalize?cur_arr[i*2]:cur_arr[i*2+1]); efree(cur_loc_range); LOOKUP_CLEAN_RETURN(return_value); } } saved_pos = getStrrtokenPos(cur_loc_range, saved_pos); } efree(cur_loc_range); LOOKUP_CLEAN_RETURN(NULL); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,13121930872767,1 5632,CWE-125,"ast_for_funcdef(struct compiling *c, const node *n, asdl_seq *decorator_seq) { return ast_for_funcdef_impl(c, n, decorator_seq, 0 ); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,38466995684566,1 474,[],"pfm_set_psr_up(void) { ia64_ssm(IA64_PSR_UP); ia64_srlz_i(); }",linux-2.6,,,25592399294977742036040205496343042359,0 4792,[],"void selinux_netlbl_err(struct sk_buff *skb, int error, int gateway) { netlbl_skbuff_err(skb, error, gateway); }",linux-2.6,,,120460747979618323349115139266731635266,0 5244,['CWE-264'],"static void store_inheritance_attributes(files_struct *fsp, canon_ace *file_ace_list, canon_ace *dir_ace_list, bool pai_protected) { int ret; size_t store_size; char *pai_buf; if (!lp_map_acl_inherit(SNUM(fsp->conn))) return; if (!pai_protected && num_inherited_entries(file_ace_list) == 0 && num_inherited_entries(dir_ace_list) == 0) { if (fsp->fh->fd != -1) SMB_VFS_FREMOVEXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME); else SMB_VFS_REMOVEXATTR(fsp->conn, fsp->fsp_name, SAMBA_POSIX_INHERITANCE_EA_NAME); return; } pai_buf = create_pai_buf(file_ace_list, dir_ace_list, pai_protected, &store_size); if (fsp->fh->fd != -1) ret = SMB_VFS_FSETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME, pai_buf, store_size, 0); else ret = SMB_VFS_SETXATTR(fsp->conn,fsp->fsp_name, SAMBA_POSIX_INHERITANCE_EA_NAME, pai_buf, store_size, 0); SAFE_FREE(pai_buf); DEBUG(10,(""store_inheritance_attribute:%s for file %s\n"", pai_protected ? "" (protected)"" : """", fsp->fsp_name)); if (ret == -1 && !no_acl_syscall_error(errno)) DEBUG(1,(""store_inheritance_attribute: Error %s\n"", strerror(errno) )); }",samba,,,336857579969916366737045731330036356017,0 4990,['CWE-20'],"int find_dirent_page(nfs_readdir_descriptor_t *desc) { struct inode *inode = desc->file->f_path.dentry->d_inode; struct page *page; int status; dfprintk(DIRCACHE, ""NFS: %s: searching page %ld for target %Lu\n"", __FUNCTION__, desc->page_index, (long long) *desc->dir_cookie); desc->timestamp_valid = 0; page = read_cache_page(inode->i_mapping, desc->page_index, (filler_t *)nfs_readdir_filler, desc); if (IS_ERR(page)) { status = PTR_ERR(page); goto out; } desc->page = page; desc->ptr = kmap(page); if (*desc->dir_cookie != 0) status = find_dirent(desc); else status = find_dirent_index(desc); if (status < 0) dir_page_release(desc); out: dfprintk(DIRCACHE, ""NFS: %s: returns %d\n"", __FUNCTION__, status); return status; }",linux-2.6,,,82481367793029582896158923307376422488,0 1976,['CWE-20'],"static unsigned long unmap_page_range(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long addr, unsigned long end, long *zap_work, struct zap_details *details) { pgd_t *pgd; unsigned long next; if (details && !details->check_mapping && !details->nonlinear_vma) details = NULL; BUG_ON(addr >= end); tlb_start_vma(tlb, vma); pgd = pgd_offset(vma->vm_mm, addr); do { next = pgd_addr_end(addr, end); if (pgd_none_or_clear_bad(pgd)) { (*zap_work)--; continue; } next = zap_pud_range(tlb, vma, pgd, addr, next, zap_work, details); } while (pgd++, addr = next, (addr != end && *zap_work > 0)); tlb_end_vma(tlb, vma); return addr; }",linux-2.6,,,267789968637527576348453321321259356819,0 1761,[],"static inline struct task_group *cgroup_tg(struct cgroup *cgrp) { return container_of(cgroup_subsys_state(cgrp, cpu_cgroup_subsys_id), struct task_group, css); }",linux-2.6,,,306528724261751004780879600480695994041,0 976,['CWE-189'],"ProcPanoramiXShmCreatePixmap( register ClientPtr client) { ScreenPtr pScreen = NULL; PixmapPtr pMap = NULL; DrawablePtr pDraw; DepthPtr pDepth; int i, j, result, rc; ShmDescPtr shmdesc; REQUEST(xShmCreatePixmapReq); unsigned int width, height, depth; unsigned long size; PanoramiXRes *newPix; REQUEST_SIZE_MATCH(xShmCreatePixmapReq); client->errorValue = stuff->pid; if (!sharedPixmaps) return BadImplementation; LEGAL_NEW_RESOURCE(stuff->pid, client); rc = dixLookupDrawable(&pDraw, stuff->drawable, client, M_ANY, DixUnknownAccess); if (rc != Success) return rc; VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client); width = stuff->width; height = stuff->height; depth = stuff->depth; if (!width || !height || !depth) { client->errorValue = 0; return BadValue; } if (width > 32767 || height > 32767) return BadAlloc; if (stuff->depth != 1) { pDepth = pDraw->pScreen->allowedDepths; for (i=0; ipScreen->numDepths; i++, pDepth++) if (pDepth->depth == stuff->depth) goto CreatePmap; client->errorValue = stuff->depth; return BadValue; } CreatePmap: size = PixmapBytePad(width, depth) * height; if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { if (size < width * height) return BadAlloc; } if (stuff->offset + size < size) return BadAlloc; VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes)))) return BadAlloc; newPix->type = XRT_PIXMAP; newPix->u.pix.shared = TRUE; newPix->info[0].id = stuff->pid; for(j = 1; j < PanoramiXNumScreens; j++) newPix->info[j].id = FakeClientID(client->index); result = (client->noClientException); FOR_NSCREENS(j) { pScreen = screenInfo.screens[j]; pMap = (*shmFuncs[j]->CreatePixmap)(pScreen, stuff->width, stuff->height, stuff->depth, shmdesc->addr + stuff->offset); if (pMap) { dixSetPrivate(&pMap->devPrivates, shmPixmapPrivate, shmdesc); shmdesc->refcnt++; pMap->drawable.serialNumber = NEXT_SERIAL_NUMBER; pMap->drawable.id = newPix->info[j].id; if (!AddResource(newPix->info[j].id, RT_PIXMAP, (pointer)pMap)) { (*pScreen->DestroyPixmap)(pMap); result = BadAlloc; break; } } else { result = BadAlloc; break; } } if(result == BadAlloc) { while(j--) { (*pScreen->DestroyPixmap)(pMap); FreeResource(newPix->info[j].id, RT_NONE); } xfree(newPix); } else AddResource(stuff->pid, XRT_PIXMAP, newPix); return result; }",xserver,,,46669305826104672942996698496219153375,0 4272,['CWE-264'],"static int copy_io(unsigned long clone_flags, struct task_struct *tsk) { #ifdef CONFIG_BLOCK struct io_context *ioc = current->io_context; if (!ioc) return 0; if (clone_flags & CLONE_IO) { tsk->io_context = ioc_task_link(ioc); if (unlikely(!tsk->io_context)) return -ENOMEM; } else if (ioprio_valid(ioc->ioprio)) { tsk->io_context = alloc_io_context(GFP_KERNEL, -1); if (unlikely(!tsk->io_context)) return -ENOMEM; tsk->io_context->ioprio = ioc->ioprio; } #endif return 0; }",linux-2.6,,,191690229187063780720228977893221235477,0 6241,['CWE-200'],"static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb) { int t; int s_t; struct net_device *dev; struct Qdisc *q; struct tcf_proto *tp, **chain; struct tcmsg *tcm = (struct tcmsg*)NLMSG_DATA(cb->nlh); unsigned long cl = 0; struct Qdisc_class_ops *cops; struct tcf_dump_args arg; if (cb->nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*tcm))) return skb->len; if ((dev = dev_get_by_index(tcm->tcm_ifindex)) == NULL) return skb->len; read_lock_bh(&qdisc_tree_lock); if (!tcm->tcm_parent) q = dev->qdisc_sleeping; else q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent)); if (!q) goto out; if ((cops = q->ops->cl_ops) == NULL) goto errout; if (TC_H_MIN(tcm->tcm_parent)) { cl = cops->get(q, tcm->tcm_parent); if (cl == 0) goto errout; } chain = cops->tcf_chain(q, cl); if (chain == NULL) goto errout; s_t = cb->args[0]; for (tp=*chain, t=0; tp; tp = tp->next, t++) { if (t < s_t) continue; if (TC_H_MAJ(tcm->tcm_info) && TC_H_MAJ(tcm->tcm_info) != tp->prio) continue; if (TC_H_MIN(tcm->tcm_info) && TC_H_MIN(tcm->tcm_info) != tp->protocol) continue; if (t > s_t) memset(&cb->args[1], 0, sizeof(cb->args)-sizeof(cb->args[0])); if (cb->args[1] == 0) { if (tcf_fill_node(skb, tp, 0, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWTFILTER) <= 0) { break; } cb->args[1] = 1; } if (tp->ops->walk == NULL) continue; arg.w.fn = tcf_node_dump; arg.skb = skb; arg.cb = cb; arg.w.stop = 0; arg.w.skip = cb->args[1]-1; arg.w.count = 0; tp->ops->walk(tp, &arg.w); cb->args[1] = arg.w.count+1; if (arg.w.stop) break; } cb->args[0] = t; errout: if (cl) cops->put(q, cl); out: read_unlock_bh(&qdisc_tree_lock); dev_put(dev); return skb->len; }",linux-2.6,,,126225422520051645978766392366937191713,0 895,CWE-20,"static int vmci_transport_dgram_dequeue(struct kiocb *kiocb, struct vsock_sock *vsk, struct msghdr *msg, size_t len, int flags) { int err; int noblock; struct vmci_datagram *dg; size_t payload_len; struct sk_buff *skb; noblock = flags & MSG_DONTWAIT; if (flags & MSG_OOB || flags & MSG_ERRQUEUE) return -EOPNOTSUPP; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); if (err) return err; if (!skb) return -EAGAIN; dg = (struct vmci_datagram *)skb->data; if (!dg) goto out; payload_len = dg->payload_size; if (payload_len != skb->len - sizeof(*dg)) { err = -EINVAL; goto out; } if (payload_len > len) { payload_len = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, sizeof(*dg), msg->msg_iov, payload_len); if (err) goto out; if (msg->msg_name) { struct sockaddr_vm *vm_addr; vm_addr = (struct sockaddr_vm *)msg->msg_name; vsock_addr_init(vm_addr, dg->src.context, dg->src.resource); msg->msg_namelen = sizeof(*vm_addr); } err = payload_len; out: skb_free_datagram(&vsk->sk, skb); return err; }",visit repo url,net/vmw_vsock/vmci_transport.c,https://github.com/torvalds/linux,147465821146213,1 4596,['CWE-399'],"static inline void __unmap_underlying_blocks(struct inode *inode, struct buffer_head *bh) { struct block_device *bdev = inode->i_sb->s_bdev; int blocks, i; blocks = bh->b_size >> inode->i_blkbits; for (i = 0; i < blocks; i++) unmap_underlying_metadata(bdev, bh->b_blocknr + i); }",linux-2.6,,,258826862745582637297142119909836990401,0 6491,CWE-787,"void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares, uint8_t *encryptedPrivateKey, uint64_t key_len, uint8_t *encr_bls_key, uint32_t *enc_bls_key_len) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE CHECK_STATE(s_shares); CHECK_STATE(encryptedPrivateKey); CHECK_STATE(encr_bls_key); SAFE_CHAR_BUF(skey, ECDSA_SKEY_LEN); mpz_t sum; mpz_init(sum); mpz_set_ui(sum, 0); mpz_t q; mpz_init(q); mpz_set_str(q, ""21888242871839275222246405745257275088548364400416034343698204186575808495617"", 10); mpz_t bls_key; mpz_init(bls_key); int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN); CHECK_STATUS2(""aes decrypt failed with status %d""); skey[ECDSA_SKEY_LEN - 1] = 0; int num_shares = strlen(s_shares) / 192; for (int i = 0; i < num_shares; i++) { SAFE_CHAR_BUF(encr_sshare, 65); strncpy(encr_sshare, s_shares + 192 * i, 64); encr_sshare[64] = 0; SAFE_CHAR_BUF(s_share, 193); strncpy(s_share, s_shares + 192 * i, 192); s_share[192] = 0; SAFE_CHAR_BUF(common_key, 65); status = session_key_recover(skey, s_share, common_key); CHECK_STATUS(""session_key_recover failed""); common_key[64] = 0; SAFE_CHAR_BUF(decr_sshare, 65); status = xor_decrypt(common_key, encr_sshare, decr_sshare); CHECK_STATUS(""xor_decrypt failed""); decr_sshare[64] = 0; mpz_t decr_secret_share; mpz_init(decr_secret_share); if (mpz_set_str(decr_secret_share, decr_sshare, 16) == -1) { *errStatus = 111; snprintf(errString, BUF_LEN, ""invalid decrypted secret share""); LOG_ERROR(errString); mpz_clear(decr_secret_share); goto clean; } mpz_addmul_ui(sum, decr_secret_share, 1); mpz_clear(decr_secret_share); } mpz_mod(bls_key, sum, q); SAFE_CHAR_BUF(key_share, BLS_KEY_LENGTH); SAFE_CHAR_BUF(arr_skey_str, BUF_LEN); mpz_get_str(arr_skey_str, 16, bls_key); int n_zeroes = 64 - strlen(arr_skey_str); for (int i = 0; i < n_zeroes; i++) { key_share[i] = '0'; } strncpy(key_share + n_zeroes, arr_skey_str, 65 - n_zeroes); key_share[BLS_KEY_LENGTH - 1] = 0; status = AES_encrypt(key_share, encr_bls_key, BUF_LEN); CHECK_STATUS2(""aes encrypt bls private key failed with status %d ""); *enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; SET_SUCCESS clean: mpz_clear(bls_key); mpz_clear(sum); mpz_clear(q); LOG_INFO(__FUNCTION__ ); LOG_INFO(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,111059469769387,1 1975,CWE-787,"static int input_default_setkeycode(struct input_dev *dev, const struct input_keymap_entry *ke, unsigned int *old_keycode) { unsigned int index; int error; int i; if (!dev->keycodesize) return -EINVAL; if (ke->flags & INPUT_KEYMAP_BY_INDEX) { index = ke->index; } else { error = input_scancode_to_scalar(ke, &index); if (error) return error; } if (index >= dev->keycodemax) return -EINVAL; if (dev->keycodesize < sizeof(ke->keycode) && (ke->keycode >> (dev->keycodesize * 8))) return -EINVAL; switch (dev->keycodesize) { case 1: { u8 *k = (u8 *)dev->keycode; *old_keycode = k[index]; k[index] = ke->keycode; break; } case 2: { u16 *k = (u16 *)dev->keycode; *old_keycode = k[index]; k[index] = ke->keycode; break; } default: { u32 *k = (u32 *)dev->keycode; *old_keycode = k[index]; k[index] = ke->keycode; break; } } __clear_bit(*old_keycode, dev->keybit); __set_bit(ke->keycode, dev->keybit); for (i = 0; i < dev->keycodemax; i++) { if (input_fetch_keycode(dev, i) == *old_keycode) { __set_bit(*old_keycode, dev->keybit); break; } } return 0; }",visit repo url,drivers/input/input.c,https://github.com/torvalds/linux,201451806639382,1 4476,['CWE-264'],"void rmt_state_change(struct s_smc *smc, int r_state) { #ifdef DRIVERDEBUG char *s; switch (r_state) { case RM0_ISOLATED: s = ""RM0_ISOLATED""; break; case RM1_NON_OP: s = ""RM1_NON_OP - not operational""; break; case RM2_RING_OP: s = ""RM2_RING_OP - ring operational""; break; case RM3_DETECT: s = ""RM3_DETECT - detect dupl addresses""; break; case RM4_NON_OP_DUP: s = ""RM4_NON_OP_DUP - dupl. addr detected""; break; case RM5_RING_OP_DUP: s = ""RM5_RING_OP_DUP - ring oper. with dupl. addr""; break; case RM6_DIRECTED: s = ""RM6_DIRECTED - sending directed beacons""; break; case RM7_TRACE: s = ""RM7_TRACE - trace initiated""; break; default: s = ""unknown""; break; } PRINTK(KERN_INFO ""[rmt_state_change: %s]\n"", s); #endif } ",linux-2.6,,,268607242957916101959169575654364234787,0 4152,CWE-295,"fix_transited_encoding(krb5_context context, krb5_kdc_configuration *config, krb5_boolean check_policy, const TransitedEncoding *tr, EncTicketPart *et, const char *client_realm, const char *server_realm, const char *tgt_realm) { krb5_error_code ret = 0; char **realms, **tmp; unsigned int num_realms; size_t i; switch (tr->tr_type) { case DOMAIN_X500_COMPRESS: break; case 0: if (tr->contents.length == 0) break; kdc_log(context, config, 0, ""Transited type 0 with non empty content""); return KRB5KDC_ERR_TRTYPE_NOSUPP; default: kdc_log(context, config, 0, ""Unknown transited type: %u"", tr->tr_type); return KRB5KDC_ERR_TRTYPE_NOSUPP; } ret = krb5_domain_x500_decode(context, tr->contents, &realms, &num_realms, client_realm, server_realm); if(ret){ krb5_warn(context, ret, ""Decoding transited encoding""); return ret; } if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { if (num_realms + 1 > UINT_MAX/sizeof(*realms)) { ret = ERANGE; goto free_realms; } tmp = realloc(realms, (num_realms + 1) * sizeof(*realms)); if(tmp == NULL){ ret = ENOMEM; goto free_realms; } realms = tmp; realms[num_realms] = strdup(tgt_realm); if(realms[num_realms] == NULL){ ret = ENOMEM; goto free_realms; } num_realms++; } if(num_realms == 0) { if(strcmp(client_realm, server_realm)) kdc_log(context, config, 0, ""cross-realm %s -> %s"", client_realm, server_realm); } else { size_t l = 0; char *rs; for(i = 0; i < num_realms; i++) l += strlen(realms[i]) + 2; rs = malloc(l); if(rs != NULL) { *rs = '\0'; for(i = 0; i < num_realms; i++) { if(i > 0) strlcat(rs, "", "", l); strlcat(rs, realms[i], l); } kdc_log(context, config, 0, ""cross-realm %s -> %s via [%s]"", client_realm, server_realm, rs); free(rs); } } if(check_policy) { ret = krb5_check_transited(context, client_realm, server_realm, realms, num_realms, NULL); if(ret) { krb5_warn(context, ret, ""cross-realm %s -> %s"", client_realm, server_realm); goto free_realms; } et->flags.transited_policy_checked = 1; } et->transited.tr_type = DOMAIN_X500_COMPRESS; ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents); if(ret) krb5_warn(context, ret, ""Encoding transited encoding""); free_realms: for(i = 0; i < num_realms; i++) free(realms[i]); free(realms); return ret; }",visit repo url,kdc/krb5tgs.c,https://github.com/heimdal/heimdal,125569277589337,1 5776,['CWE-200'],"static void rose_set_lockdep_key(struct net_device *dev) { lockdep_set_class(&dev->addr_list_lock, &rose_netdev_addr_lock_key); netdev_for_each_tx_queue(dev, rose_set_lockdep_one, NULL); }",linux-2.6,,,230295969824175995818573000964725691406,0 6338,CWE-190,"static int checkStringLength(client *c, long long size) { if (!mustObeyClient(c) && size > server.proto_max_bulk_len) { addReplyError(c,""string exceeds maximum allowed size (proto-max-bulk-len)""); return C_ERR; } return C_OK; }",visit repo url,src/t_string.c,https://github.com/redis/redis,46394679243474,1 1954,['CWE-20'],"static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, int write_access, pte_t orig_pte) { spinlock_t *ptl; struct page *page; swp_entry_t entry; pte_t pte; int ret = 0; if (!pte_unmap_same(mm, pmd, page_table, orig_pte)) goto out; entry = pte_to_swp_entry(orig_pte); if (is_migration_entry(entry)) { migration_entry_wait(mm, pmd, address); goto out; } delayacct_set_flag(DELAYACCT_PF_SWAPIN); page = lookup_swap_cache(entry); if (!page) { grab_swap_token(); page = swapin_readahead(entry, GFP_HIGHUSER_MOVABLE, vma, address); if (!page) { page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) ret = VM_FAULT_OOM; delayacct_clear_flag(DELAYACCT_PF_SWAPIN); goto unlock; } ret = VM_FAULT_MAJOR; count_vm_event(PGMAJFAULT); } if (mem_cgroup_charge(page, mm, GFP_KERNEL)) { delayacct_clear_flag(DELAYACCT_PF_SWAPIN); ret = VM_FAULT_OOM; goto out; } mark_page_accessed(page); lock_page(page); delayacct_clear_flag(DELAYACCT_PF_SWAPIN); page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (unlikely(!pte_same(*page_table, orig_pte))) goto out_nomap; if (unlikely(!PageUptodate(page))) { ret = VM_FAULT_SIGBUS; goto out_nomap; } inc_mm_counter(mm, anon_rss); pte = mk_pte(page, vma->vm_page_prot); if (write_access && can_share_swap_page(page)) { pte = maybe_mkwrite(pte_mkdirty(pte), vma); write_access = 0; } flush_icache_page(vma, page); set_pte_at(mm, address, page_table, pte); page_add_anon_rmap(page, vma, address); swap_free(entry); if (vm_swap_full()) remove_exclusive_swap_page(page); unlock_page(page); if (write_access) { ret |= do_wp_page(mm, vma, address, page_table, pmd, ptl, pte); if (ret & VM_FAULT_ERROR) ret &= VM_FAULT_ERROR; goto out; } update_mmu_cache(vma, address, pte); unlock: pte_unmap_unlock(page_table, ptl); out: return ret; out_nomap: mem_cgroup_uncharge_page(page); pte_unmap_unlock(page_table, ptl); unlock_page(page); page_cache_release(page); return ret; }",linux-2.6,,,154924068829792973262647844613570368474,0 3306,['CWE-189'],"static int jpc_getcommacode(jpc_bitstream_t *in) { int n; int v; n = 0; for (;;) { if ((v = jpc_bitstream_getbit(in)) < 0) { return -1; } if (jpc_bitstream_eof(in)) { return -1; } if (!v) { break; } ++n; } return n; }",jasper,,,197811719069513817259436354589576007543,0 5213,['CWE-20'],"static void vmx_free_vcpu(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); spin_lock(&vmx_vpid_lock); if (vmx->vpid != 0) __clear_bit(vmx->vpid, vmx_vpid_bitmap); spin_unlock(&vmx_vpid_lock); vmx_free_vmcs(vcpu); kfree(vmx->host_msrs); kfree(vmx->guest_msrs); kvm_vcpu_uninit(vcpu); kmem_cache_free(kvm_vcpu_cache, vmx); }",linux-2.6,,,242261741459660268198422746073815080733,0 2222,['CWE-193'],"void unlock_page(struct page *page) { smp_mb__before_clear_bit(); if (!TestClearPageLocked(page)) BUG(); smp_mb__after_clear_bit(); wake_up_page(page, PG_locked); }",linux-2.6,,,8909865282308004623548968441798412232,0 288,CWE-119,"static int atusb_read_reg(struct atusb *atusb, uint8_t reg) { struct usb_device *usb_dev = atusb->usb_dev; int ret; uint8_t value; dev_dbg(&usb_dev->dev, ""atusb: reg = 0x%x\n"", reg); ret = atusb_control_msg(atusb, usb_rcvctrlpipe(usb_dev, 0), ATUSB_REG_READ, ATUSB_REQ_FROM_DEV, 0, reg, &value, 1, 1000); return ret >= 0 ? value : ret; }",visit repo url,drivers/net/ieee802154/atusb.c,https://github.com/torvalds/linux,194202704620009,1 2536,CWE-787,"strncat_from_utf8_libarchive2(struct archive_string *as, const void *_p, size_t len, struct archive_string_conv *sc) { const char *s; int n; char *p; char *end; uint32_t unicode; #if HAVE_WCRTOMB mbstate_t shift_state; memset(&shift_state, 0, sizeof(shift_state)); #else wctomb(NULL, L'\0'); #endif (void)sc; if (archive_string_ensure(as, as->length + len + 1) == NULL) return (-1); s = (const char *)_p; p = as->s + as->length; end = as->s + as->buffer_length - MB_CUR_MAX -1; while ((n = _utf8_to_unicode(&unicode, s, len)) != 0) { wchar_t wc; if (p >= end) { as->length = p - as->s; if (archive_string_ensure(as, as->length + len * 2 + 1) == NULL) return (-1); p = as->s + as->length; end = as->s + as->buffer_length - MB_CUR_MAX -1; } if (n < 0) { n *= -1; wc = L'?'; } else wc = (wchar_t)unicode; s += n; len -= n; #if HAVE_WCRTOMB n = (int)wcrtomb(p, wc, &shift_state); #else n = (int)wctomb(p, wc); #endif if (n == -1) return (-1); p += n; } as->length = p - as->s; as->s[as->length] = '\0'; return (0); }",visit repo url,libarchive/archive_string.c,https://github.com/libarchive/libarchive,171412996918346,1 3298,['CWE-189'],"long jas_stream_setrwcount(jas_stream_t *stream, long rwcnt) { int old; old = stream->rwcnt_; stream->rwcnt_ = rwcnt; return old; }",jasper,,,103852098105136801502678462504780649937,0 3489,CWE-295,"inf_gtk_certificate_manager_certificate_func(InfXmppConnection* connection, gnutls_session_t session, InfCertificateChain* chain, gpointer user_data) { InfGtkCertificateManager* manager; InfGtkCertificateManagerPrivate* priv; InfGtkCertificateDialogFlags flags; gnutls_x509_crt_t presented_cert; gnutls_x509_crt_t known_cert; gchar* hostname; gboolean match_hostname; gboolean issuer_known; gnutls_x509_crt_t root_cert; int ret; unsigned int verify; GHashTable* table; gboolean cert_equal; time_t expiration_time; InfGtkCertificateManagerQuery* query; gchar* text; GtkWidget* vbox; GtkWidget* label; GError* error; manager = INF_GTK_CERTIFICATE_MANAGER(user_data); priv = INF_GTK_CERTIFICATE_MANAGER_PRIVATE(manager); g_object_get(G_OBJECT(connection), ""remote-hostname"", &hostname, NULL); presented_cert = inf_certificate_chain_get_own_certificate(chain); match_hostname = gnutls_x509_crt_check_hostname(presented_cert, hostname); ret = gnutls_certificate_verify_peers2(session, &verify); error = NULL; if(ret != GNUTLS_E_SUCCESS) inf_gnutls_set_error(&error, ret); if(error == NULL) { issuer_known = TRUE; if(verify & GNUTLS_CERT_SIGNER_NOT_FOUND) { issuer_known = FALSE; root_cert = inf_certificate_chain_get_root_certificate(chain); ret = gnutls_x509_crt_list_verify( inf_certificate_chain_get_raw(chain), inf_certificate_chain_get_n_certificates(chain), &root_cert, 1, NULL, 0, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, &verify ); if(ret != GNUTLS_E_SUCCESS) inf_gnutls_set_error(&error, ret); else if(verify & GNUTLS_CERT_INVALID) inf_gnutls_certificate_verification_set_error(&error, verify); } } table = NULL; if(error == NULL) { known_cert = NULL; if(!match_hostname || !issuer_known) { table = inf_gtk_certificate_manager_ref_known_hosts(manager, &error); if(table != NULL) known_cert = g_hash_table_lookup(table, hostname); } } flags = 0; if(error == NULL) { if(known_cert != NULL) { cert_equal = inf_gtk_certificate_manager_compare_fingerprint( known_cert, presented_cert, &error ); if(error == NULL && cert_equal == FALSE) { if(!match_hostname) flags |= INF_GTK_CERTIFICATE_DIALOG_CERT_HOSTNAME_MISMATCH; if(!issuer_known) flags |= INF_GTK_CERTIFICATE_DIALOG_CERT_ISSUER_NOT_KNOWN; flags |= INF_GTK_CERTIFICATE_DIALOG_CERT_UNEXPECTED; expiration_time = gnutls_x509_crt_get_expiration_time(known_cert); if(expiration_time != (time_t)(-1)) { expiration_time -= INF_GTK_CERTIFICATE_MANAGER_EXPIRATION_TOLERANCE; if(time(NULL) > expiration_time) { flags |= INF_GTK_CERTIFICATE_DIALOG_CERT_OLD_EXPIRED; } } } } else { if(!match_hostname) flags |= INF_GTK_CERTIFICATE_DIALOG_CERT_HOSTNAME_MISMATCH; if(!issuer_known) flags |= INF_GTK_CERTIFICATE_DIALOG_CERT_ISSUER_NOT_KNOWN; } } if(error == NULL) { if(flags == 0) { if(match_hostname && issuer_known) { if(table != NULL && g_hash_table_remove(table, hostname) == TRUE) { inf_gtk_certificate_manager_write_known_hosts_with_warning( manager, table ); } } inf_xmpp_connection_certificate_verify_continue(connection); } else { query = g_slice_new(InfGtkCertificateManagerQuery); query->manager = manager; query->known_hosts = table; query->connection = connection; query->dialog = inf_gtk_certificate_dialog_new( priv->parent_window, 0, flags, hostname, chain ); query->certificate_chain = chain; table = NULL; g_object_ref(query->connection); inf_certificate_chain_ref(chain); g_signal_connect( G_OBJECT(connection), ""notify::status"", G_CALLBACK(inf_gtk_certificate_manager_notify_status_cb), query ); g_signal_connect( G_OBJECT(query->dialog), ""response"", G_CALLBACK(inf_gtk_certificate_manager_response_cb), query ); gtk_dialog_add_button( GTK_DIALOG(query->dialog), _(""_Cancel connection""), GTK_RESPONSE_REJECT ); gtk_dialog_add_button( GTK_DIALOG(query->dialog), _(""C_ontinue connection""), GTK_RESPONSE_ACCEPT ); text = g_strdup_printf( _(""Do you want to continue the connection to host \""%s\""? If you "" ""choose to continue, this certificate will be trusted in the "" ""future when connecting to this host.""), hostname ); label = gtk_label_new(text); gtk_label_set_line_wrap(GTK_LABEL(label), TRUE); gtk_label_set_line_wrap_mode(GTK_LABEL(label), PANGO_WRAP_WORD_CHAR); gtk_label_set_max_width_chars(GTK_LABEL(label), 60); gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0); gtk_widget_show(label); g_free(text); vbox = gtk_dialog_get_content_area(GTK_DIALOG(query->dialog)); gtk_box_pack_start(GTK_BOX(vbox), label, FALSE, FALSE, 0); priv->queries = g_slist_prepend(priv->queries, query); gtk_window_present(GTK_WINDOW(query->dialog)); } } else { inf_xmpp_connection_certificate_verify_cancel(connection, error); g_error_free(error); } if(table != NULL) g_hash_table_unref(table); g_free(hostname); }",visit repo url,libinfgtk/inf-gtk-certificate-manager.c,https://github.com/gobby/libinfinity,121586691778706,1 1451,CWE-200,"__switch_to(struct task_struct *prev_p, struct task_struct *next_p) { struct thread_struct *prev = &prev_p->thread; struct thread_struct *next = &next_p->thread; int cpu = smp_processor_id(); struct tss_struct *tss = &per_cpu(init_tss, cpu); unsigned fsindex, gsindex; fpu_switch_t fpu; fpu = switch_fpu_prepare(prev_p, next_p, cpu); load_sp0(tss, next); savesegment(es, prev->es); if (unlikely(next->es | prev->es)) loadsegment(es, next->es); savesegment(ds, prev->ds); if (unlikely(next->ds | prev->ds)) loadsegment(ds, next->ds); savesegment(fs, fsindex); savesegment(gs, gsindex); load_TLS(next, cpu); arch_end_context_switch(next_p); if (unlikely(fsindex | next->fsindex | prev->fs)) { loadsegment(fs, next->fsindex); if (fsindex) prev->fs = 0; } if (next->fs) wrmsrl(MSR_FS_BASE, next->fs); prev->fsindex = fsindex; if (unlikely(gsindex | next->gsindex | prev->gs)) { load_gs_index(next->gsindex); if (gsindex) prev->gs = 0; } if (next->gs) wrmsrl(MSR_KERNEL_GS_BASE, next->gs); prev->gsindex = gsindex; switch_fpu_finish(next_p, fpu); prev->usersp = this_cpu_read(old_rsp); this_cpu_write(old_rsp, next->usersp); this_cpu_write(current_task, next_p); task_thread_info(prev_p)->saved_preempt_count = this_cpu_read(__preempt_count); this_cpu_write(__preempt_count, task_thread_info(next_p)->saved_preempt_count); this_cpu_write(kernel_stack, (unsigned long)task_stack_page(next_p) + THREAD_SIZE - KERNEL_STACK_OFFSET); if (unlikely(task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT || task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV)) __switch_to_xtra(prev_p, next_p, tss); return prev_p; }",visit repo url,arch/x86/kernel/process_64.c,https://github.com/torvalds/linux,216580453397813,1 5504,['CWE-119'],"write_tag_11_packet(char *dest, size_t *remaining_bytes, char *contents, size_t contents_length, size_t *packet_length) { size_t packet_size_length; size_t max_packet_size; int rc = 0; (*packet_length) = 0; max_packet_size = (1 + 3 + 1 + 1 + 8 + 4 + contents_length); if (max_packet_size > (*remaining_bytes)) { printk(KERN_ERR ""Packet length larger than maximum allowable; "" ""need up to [%td] bytes, but there are only [%td] "" ""available\n"", max_packet_size, (*remaining_bytes)); rc = -EINVAL; goto out; } dest[(*packet_length)++] = ECRYPTFS_TAG_11_PACKET_TYPE; rc = ecryptfs_write_packet_length(&dest[(*packet_length)], (max_packet_size - 4), &packet_size_length); if (rc) { printk(KERN_ERR ""Error generating tag 11 packet header; cannot "" ""generate packet length. rc = [%d]\n"", rc); goto out; } (*packet_length) += packet_size_length; dest[(*packet_length)++] = 0x62; dest[(*packet_length)++] = 8; memcpy(&dest[(*packet_length)], ""_CONSOLE"", 8); (*packet_length) += 8; memset(&dest[(*packet_length)], 0x00, 4); (*packet_length) += 4; memcpy(&dest[(*packet_length)], contents, contents_length); (*packet_length) += contents_length; out: if (rc) (*packet_length) = 0; else (*remaining_bytes) -= (*packet_length); return rc; }",linux-2.6,,,51875343202100717987366198885969172775,0 3384,CWE-772,"static Image *ReadMATImage(const ImageInfo *image_info,ExceptionInfo *exception) { Image *image, *image2=NULL, *rotated_image; register Quantum *q; unsigned int status; MATHeader MATLAB_HDR; size_t size; size_t CellType; QuantumInfo *quantum_info; ImageInfo *clone_info; int i; ssize_t ldblk; unsigned char *BImgBuff = NULL; double MinVal, MaxVal; unsigned z, z2; unsigned Frames; int logging; int sample_size; MagickOffsetType filepos=0x80; BlobInfo *blob; size_t one; unsigned int (*ReadBlobXXXLong)(Image *image); unsigned short (*ReadBlobXXXShort)(Image *image); void (*ReadBlobDoublesXXX)(Image * image, size_t len, double *data); void (*ReadBlobFloatsXXX)(Image * image, size_t len, float *data); assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); logging = LogMagickEvent(CoderEvent,GetMagickModule(),""enter""); image = AcquireImage(image_info,exception); status = OpenBlob(image_info, image, ReadBinaryBlobMode, exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } quantum_info=(QuantumInfo *) NULL; clone_info=(ImageInfo *) NULL; if (ReadBlob(image,124,(unsigned char *) &MATLAB_HDR.identific) != 124) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (strncmp(MATLAB_HDR.identific,""MATLAB"",6) != 0) { image2=ReadMATImageV4(image_info,image,exception); if (image2 == NULL) goto MATLAB_KO; image=image2; goto END_OF_READING; } MATLAB_HDR.Version = ReadBlobLSBShort(image); if(ReadBlob(image,2,(unsigned char *) &MATLAB_HDR.EndianIndicator) != 2) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (logging) (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" Endian %c%c"", MATLAB_HDR.EndianIndicator[0],MATLAB_HDR.EndianIndicator[1]); if (!strncmp(MATLAB_HDR.EndianIndicator, ""IM"", 2)) { ReadBlobXXXLong = ReadBlobLSBLong; ReadBlobXXXShort = ReadBlobLSBShort; ReadBlobDoublesXXX = ReadBlobDoublesLSB; ReadBlobFloatsXXX = ReadBlobFloatsLSB; image->endian = LSBEndian; } else if (!strncmp(MATLAB_HDR.EndianIndicator, ""MI"", 2)) { ReadBlobXXXLong = ReadBlobMSBLong; ReadBlobXXXShort = ReadBlobMSBShort; ReadBlobDoublesXXX = ReadBlobDoublesMSB; ReadBlobFloatsXXX = ReadBlobFloatsMSB; image->endian = MSBEndian; } else goto MATLAB_KO; if (strncmp(MATLAB_HDR.identific, ""MATLAB"", 6)) MATLAB_KO: ThrowReaderException(CorruptImageError,""ImproperImageHeader""); filepos = TellBlob(image); while(!EOFBlob(image)) { Frames = 1; (void) SeekBlob(image,filepos,SEEK_SET); MATLAB_HDR.DataType = ReadBlobXXXLong(image); if(EOFBlob(image)) break; MATLAB_HDR.ObjectSize = ReadBlobXXXLong(image); if(EOFBlob(image)) break; if(MATLAB_HDR.ObjectSize+filepos > GetBlobSize(image)) goto MATLAB_KO; filepos += MATLAB_HDR.ObjectSize + 4 + 4; clone_info=CloneImageInfo(image_info); image2 = image; #if defined(MAGICKCORE_ZLIB_DELEGATE) if(MATLAB_HDR.DataType == miCOMPRESSED) { image2 = decompress_block(image,&MATLAB_HDR.ObjectSize,clone_info,exception); if(image2==NULL) continue; MATLAB_HDR.DataType = ReadBlobXXXLong(image2); } #endif if(MATLAB_HDR.DataType!=miMATRIX) continue; MATLAB_HDR.unknown1 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown2 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown5 = ReadBlobXXXLong(image2); MATLAB_HDR.StructureClass = MATLAB_HDR.unknown5 & 0xFF; MATLAB_HDR.StructureFlag = (MATLAB_HDR.unknown5>>8) & 0xFF; MATLAB_HDR.unknown3 = ReadBlobXXXLong(image2); if(image!=image2) MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.DimFlag = ReadBlobXXXLong(image2); MATLAB_HDR.SizeX = ReadBlobXXXLong(image2); MATLAB_HDR.SizeY = ReadBlobXXXLong(image2); switch(MATLAB_HDR.DimFlag) { case 8: z2=z=1; break; case 12: z2=z = ReadBlobXXXLong(image2); (void) ReadBlobXXXLong(image2); if(z!=3) ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); break; case 16: z2=z = ReadBlobXXXLong(image2); if(z!=3 && z!=1) ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); Frames = ReadBlobXXXLong(image2); if (Frames == 0) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); break; default: ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); } MATLAB_HDR.Flag1 = ReadBlobXXXShort(image2); MATLAB_HDR.NameFlag = ReadBlobXXXShort(image2); if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.StructureClass %d"",MATLAB_HDR.StructureClass); if (MATLAB_HDR.StructureClass != mxCHAR_CLASS && MATLAB_HDR.StructureClass != mxSINGLE_CLASS && MATLAB_HDR.StructureClass != mxDOUBLE_CLASS && MATLAB_HDR.StructureClass != mxINT8_CLASS && MATLAB_HDR.StructureClass != mxUINT8_CLASS && MATLAB_HDR.StructureClass != mxINT16_CLASS && MATLAB_HDR.StructureClass != mxUINT16_CLASS && MATLAB_HDR.StructureClass != mxINT32_CLASS && MATLAB_HDR.StructureClass != mxUINT32_CLASS && MATLAB_HDR.StructureClass != mxINT64_CLASS && MATLAB_HDR.StructureClass != mxUINT64_CLASS) ThrowReaderException(CoderError,""UnsupportedCellTypeInTheMatrix""); switch (MATLAB_HDR.NameFlag) { case 0: size = ReadBlobXXXLong(image2); size = 4 * (ssize_t) ((size + 3 + 1) / 4); (void) SeekBlob(image2, size, SEEK_CUR); break; case 1: case 2: case 3: case 4: (void) ReadBlob(image2, 4, (unsigned char *) &size); break; default: goto MATLAB_KO; } CellType = ReadBlobXXXLong(image2); if (logging) (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.CellType: %.20g"",(double) CellType); (void) ReadBlob(image2, 4, (unsigned char *) &size); NEXT_FRAME: switch (CellType) { case miINT8: case miUINT8: sample_size = 8; if(MATLAB_HDR.StructureFlag & FLAG_LOGICAL) image->depth = 1; else image->depth = 8; ldblk = (ssize_t) MATLAB_HDR.SizeX; break; case miINT16: case miUINT16: sample_size = 16; image->depth = 16; ldblk = (ssize_t) (2 * MATLAB_HDR.SizeX); break; case miINT32: case miUINT32: sample_size = 32; image->depth = 32; ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miINT64: case miUINT64: sample_size = 64; image->depth = 64; ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; case miSINGLE: sample_size = 32; image->depth = 32; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miDOUBLE: sample_size = 64; image->depth = 64; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); DisableMSCWarning(4127) if (sizeof(double) != 8) RestoreMSCWarning ThrowReaderException(CoderError, ""IncompatibleSizeOfDouble""); if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; default: ThrowReaderException(CoderError, ""UnsupportedCellTypeInTheMatrix""); } (void) sample_size; image->columns = MATLAB_HDR.SizeX; image->rows = MATLAB_HDR.SizeY; one=1; image->colors = one << image->depth; if (image->columns == 0 || image->rows == 0) goto MATLAB_KO; if((unsigned long)ldblk*MATLAB_HDR.SizeY > MATLAB_HDR.ObjectSize) goto MATLAB_KO; if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) { image->type=GrayscaleType; SetImageColorspace(image,GRAYColorspace,exception); } if (image_info->ping) { size_t temp = image->columns; image->columns = image->rows; image->rows = temp; goto done_reading; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); quantum_info=AcquireQuantumInfo(clone_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); BImgBuff = (unsigned char *) AcquireQuantumMemory((size_t) (ldblk),sizeof(double)); if (BImgBuff == NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); (void) ResetMagickMemory(BImgBuff,0,ldblk*sizeof(double)); MinVal = 0; MaxVal = 0; if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2, image_info->endian, MATLAB_HDR.SizeX, MATLAB_HDR.SizeY, CellType, ldblk, BImgBuff, &quantum_info->minimum, &quantum_info->maximum); } if(z==1) z=0; do { for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { q=GetAuthenticPixels(image,0,MATLAB_HDR.SizeY-i-1,image->columns,1,exception); if (q == (Quantum *) NULL) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT set image pixels returns unexpected NULL on a row %u."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto done_reading; } if(ReadBlob(image2,ldblk,(unsigned char *)BImgBuff) != (ssize_t) ldblk) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT cannot read scanrow %u from a file."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } if((CellType==miINT8 || CellType==miUINT8) && (MATLAB_HDR.StructureFlag & FLAG_LOGICAL)) { FixLogical((unsigned char *)BImgBuff,ldblk); if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) { ImportQuantumPixelsFailed: if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to ImportQuantumPixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); break; } } else { if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) goto ImportQuantumPixelsFailed; if (z<=1 && (CellType==miINT8 || CellType==miINT16 || CellType==miINT32 || CellType==miINT64)) FixSignedValues(image,q,MATLAB_HDR.SizeX); } if (!SyncAuthenticPixels(image,exception)) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to sync image pixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } } } while(z-- >= 2); ExitLoop: if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { CellType = ReadBlobXXXLong(image2); i = ReadBlobXXXLong(image2); if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2, image_info->endian, MATLAB_HDR.SizeX, MATLAB_HDR.SizeY, CellType, ldblk, BImgBuff, &MinVal, &MaxVal); } if (CellType==miDOUBLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobDoublesXXX(image2, ldblk, (double *)BImgBuff); InsertComplexDoubleRow(image, (double *)BImgBuff, i, MinVal, MaxVal, exception); } if (CellType==miSINGLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobFloatsXXX(image2, ldblk, (float *)BImgBuff); InsertComplexFloatRow(image,(float *)BImgBuff,i,MinVal,MaxVal, exception); } } if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) image->type=GrayscaleType; if (image->depth == 1) image->type=BilevelType; if(image2==image) image2 = NULL; rotated_image = RotateImage(image, 90.0, exception); if (rotated_image != (Image *) NULL) { rotated_image->page.x=0; rotated_image->page.y=0; blob = rotated_image->blob; rotated_image->blob = image->blob; rotated_image->colors = image->colors; image->blob = blob; AppendImageToList(&image,rotated_image); DeleteImageFromList(&image); } done_reading: if(image2!=NULL) if(image2!=image) { DeleteImageFromList(&image2); if(clone_info) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } AcquireNextImage(image_info,image,exception); if (image->next == (Image *) NULL) break; image=SyncNextImageInList(image); image->columns=image->rows=0; image->colors=0; RelinquishMagickMemory(BImgBuff); BImgBuff = NULL; if(--Frames>0) { z = z2; if(image2==NULL) image2 = image; goto NEXT_FRAME; } if ((image2!=NULL) && (image2!=image)) { DeleteImageFromList(&image2); if(clone_info) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } } RelinquishMagickMemory(BImgBuff); if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); END_OF_READING: if (clone_info) clone_info=DestroyImageInfo(clone_info); CloseBlob(image); { Image *p; ssize_t scene=0; p=image; image=NULL; while (p != (Image *) NULL) { Image *tmp=p; if ((p->rows == 0) || (p->columns == 0)) { p=p->previous; DeleteImageFromList(&tmp); } else { image=p; p=p->previous; } } for (p=image; p != (Image *) NULL; p=p->next) p->scene=scene++; } if(clone_info != NULL) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } DestroyImageInfo(clone_info); clone_info = NULL; } if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(),""return""); if(image==NULL) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); return (image); }",visit repo url,coders/mat.c,https://github.com/ImageMagick/ImageMagick,193841390213736,1 3453,['CWE-20'],"_dbus_validate_interface (const DBusString *str, int start, int len) { const unsigned char *s; const unsigned char *end; const unsigned char *iface; const unsigned char *last_dot; _dbus_assert (start >= 0); _dbus_assert (len >= 0); _dbus_assert (start <= _dbus_string_get_length (str)); if (len > _dbus_string_get_length (str) - start) return FALSE; if (len > DBUS_MAXIMUM_NAME_LENGTH) return FALSE; if (len == 0) return FALSE; last_dot = NULL; iface = _dbus_string_get_const_data (str) + start; end = iface + len; s = iface; if (_DBUS_UNLIKELY (*s == '.')) return FALSE; else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*s))) return FALSE; else ++s; while (s != end) { if (*s == '.') { if (_DBUS_UNLIKELY ((s + 1) == end)) return FALSE; else if (_DBUS_UNLIKELY (!VALID_INITIAL_NAME_CHARACTER (*(s + 1)))) return FALSE; last_dot = s; ++s; } else if (_DBUS_UNLIKELY (!VALID_NAME_CHARACTER (*s))) { return FALSE; } ++s; } if (_DBUS_UNLIKELY (last_dot == NULL)) return FALSE; return TRUE; }",dbus,,,223685488393192488083838062676609503917,0 2837,['CWE-119'],"static inline void add_to_mask(struct posix_acl_state *state, struct posix_ace_state *astate) { state->mask.allow |= astate->allow; }",linux-2.6,,,249695628672932303949923133534356265516,0 616,['CWE-189'],"static int ieee80211_network_init(struct ieee80211_device *ieee, struct ieee80211_probe_response *beacon, struct ieee80211_network *network, struct ieee80211_rx_stats *stats) { network->qos_data.active = 0; network->qos_data.supported = 0; network->qos_data.param_count = 0; network->qos_data.old_param_count = 0; memcpy(network->bssid, beacon->header.addr3, ETH_ALEN); network->capability = le16_to_cpu(beacon->capability); network->last_scanned = jiffies; network->time_stamp[0] = le32_to_cpu(beacon->time_stamp[0]); network->time_stamp[1] = le32_to_cpu(beacon->time_stamp[1]); network->beacon_interval = le16_to_cpu(beacon->beacon_interval); network->listen_interval = 0x0A; network->rates_len = network->rates_ex_len = 0; network->last_associate = 0; network->ssid_len = 0; network->flags = 0; network->atim_window = 0; network->erp_value = (network->capability & WLAN_CAPABILITY_IBSS) ? 0x3 : 0x0; if (stats->freq == IEEE80211_52GHZ_BAND) { network->channel = stats->received_channel; } else network->flags |= NETWORK_HAS_CCK; network->wpa_ie_len = 0; network->rsn_ie_len = 0; if (ieee80211_parse_info_param (beacon->info_element, stats->len - sizeof(*beacon), network)) return 1; network->mode = 0; if (stats->freq == IEEE80211_52GHZ_BAND) network->mode = IEEE_A; else { if (network->flags & NETWORK_HAS_OFDM) network->mode |= IEEE_G; if (network->flags & NETWORK_HAS_CCK) network->mode |= IEEE_B; } if (network->mode == 0) { IEEE80211_DEBUG_SCAN(""Filtered out '%s ("" MAC_FMT "")' "" ""network.\n"", escape_essid(network->ssid, network->ssid_len), MAC_ARG(network->bssid)); return 1; } if (ieee80211_is_empty_essid(network->ssid, network->ssid_len)) network->flags |= NETWORK_EMPTY_ESSID; memcpy(&network->stats, stats, sizeof(network->stats)); return 0; }",linux-2.6,,,217439106683583678437345655370002360046,0 5398,CWE-787,"size_t OpenMP4SourceUDTA(char *filename) { mp4object *mp4 = (mp4object *)malloc(sizeof(mp4object)); if (mp4 == NULL) return 0; memset(mp4, 0, sizeof(mp4object)); #ifdef _WINDOWS fopen_s(&mp4->mediafp, filename, ""rb""); #else mp4->mediafp = fopen(filename, ""rb""); #endif if (mp4->mediafp) { uint32_t qttag, qtsize32, len; int32_t nest = 0; uint64_t nestsize[MAX_NEST_LEVEL] = { 0 }; uint64_t lastsize = 0, qtsize; do { len = fread(&qtsize32, 1, 4, mp4->mediafp); len += fread(&qttag, 1, 4, mp4->mediafp); if (len == 8) { if (!GPMF_VALID_FOURCC(qttag)) { LONGSEEK(mp4->mediafp, lastsize - 8 - 8, SEEK_CUR); NESTSIZE(lastsize - 8); continue; } qtsize32 = BYTESWAP32(qtsize32); if (qtsize32 == 1) { fread(&qtsize, 1, 8, mp4->mediafp); qtsize = BYTESWAP64(qtsize) - 8; } else qtsize = qtsize32; nest++; if (qtsize < 8) break; if (nest >= MAX_NEST_LEVEL) break; nestsize[nest] = qtsize; lastsize = qtsize; if (qttag == MAKEID('m', 'd', 'a', 't') || qttag == MAKEID('f', 't', 'y', 'p')) { LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); continue; } if (qttag == MAKEID('G', 'P', 'M', 'F')) { mp4->videolength += 1.0; mp4->metadatalength += 1.0; mp4->indexcount = (int)mp4->metadatalength; mp4->metasizes = (uint32_t *)malloc(mp4->indexcount * 4 + 4); memset(mp4->metasizes, 0, mp4->indexcount * 4 + 4); mp4->metaoffsets = (uint64_t *)malloc(mp4->indexcount * 8 + 8); memset(mp4->metaoffsets, 0, mp4->indexcount * 8 + 8); mp4->metasizes[0] = (int)qtsize - 8; mp4->metaoffsets[0] = ftell(mp4->mediafp); mp4->metasize_count = 1; return (size_t)mp4; } if (qttag != MAKEID('m', 'o', 'o', 'v') && qttag != MAKEID('u', 'd', 't', 'a')) { LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); continue; } else { NESTSIZE(8); } } } while (len > 0); } return (size_t)mp4; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,243757314246142,1 3983,CWE-352,"static void handle_run(HttpRequest req, HttpResponse res) { const char *action = get_parameter(req, ""action""); if (action) { if (is_readonly(req)) { send_error(req, res, SC_FORBIDDEN, ""You do not have sufficient privileges to access this page""); return; } if (IS(action, ""validate"")) { LogInfo(""The Monit http server woke up on user request\n""); do_wakeupcall(); } else if (IS(action, ""stop"")) { LogInfo(""The Monit http server stopped on user request\n""); send_error(req, res, SC_SERVICE_UNAVAILABLE, ""The Monit http server is stopped""); Engine_stop(); return; } } LOCK(Run.mutex) do_runtime(req, res); END_LOCK; }",visit repo url,src/http/cervlet.c,https://bitbucket.org/tildeslash/monit,135321106737449,1 4540,['CWE-20'],"static inline unsigned dx_get_hash(struct dx_entry *entry) { return le32_to_cpu(entry->hash); }",linux-2.6,,,309936935031966839537413639278963345461,0 1937,CWE-401,"int bnxt_re_create_srq(struct ib_srq *ib_srq, struct ib_srq_init_attr *srq_init_attr, struct ib_udata *udata) { struct ib_pd *ib_pd = ib_srq->pd; struct bnxt_re_pd *pd = container_of(ib_pd, struct bnxt_re_pd, ib_pd); struct bnxt_re_dev *rdev = pd->rdev; struct bnxt_qplib_dev_attr *dev_attr = &rdev->dev_attr; struct bnxt_re_srq *srq = container_of(ib_srq, struct bnxt_re_srq, ib_srq); struct bnxt_qplib_nq *nq = NULL; int rc, entries; if (srq_init_attr->attr.max_wr >= dev_attr->max_srq_wqes) { dev_err(rdev_to_dev(rdev), ""Create CQ failed - max exceeded""); rc = -EINVAL; goto exit; } if (srq_init_attr->srq_type != IB_SRQT_BASIC) { rc = -EOPNOTSUPP; goto exit; } srq->rdev = rdev; srq->qplib_srq.pd = &pd->qplib_pd; srq->qplib_srq.dpi = &rdev->dpi_privileged; entries = roundup_pow_of_two(srq_init_attr->attr.max_wr + 1); if (entries > dev_attr->max_srq_wqes + 1) entries = dev_attr->max_srq_wqes + 1; srq->qplib_srq.max_wqe = entries; srq->qplib_srq.max_sge = srq_init_attr->attr.max_sge; srq->qplib_srq.threshold = srq_init_attr->attr.srq_limit; srq->srq_limit = srq_init_attr->attr.srq_limit; srq->qplib_srq.eventq_hw_ring_id = rdev->nq[0].ring_id; nq = &rdev->nq[0]; if (udata) { rc = bnxt_re_init_user_srq(rdev, pd, srq, udata); if (rc) goto fail; } rc = bnxt_qplib_create_srq(&rdev->qplib_res, &srq->qplib_srq); if (rc) { dev_err(rdev_to_dev(rdev), ""Create HW SRQ failed!""); goto fail; } if (udata) { struct bnxt_re_srq_resp resp; resp.srqid = srq->qplib_srq.id; rc = ib_copy_to_udata(udata, &resp, sizeof(resp)); if (rc) { dev_err(rdev_to_dev(rdev), ""SRQ copy to udata failed!""); bnxt_qplib_destroy_srq(&rdev->qplib_res, &srq->qplib_srq); goto exit; } } if (nq) nq->budget++; atomic_inc(&rdev->srq_count); return 0; fail: ib_umem_release(srq->umem); exit: return rc; }",visit repo url,drivers/infiniband/hw/bnxt_re/ib_verbs.c,https://github.com/torvalds/linux,271940307454020,1 5221,['CWE-264'],"static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid, canon_ace **ppfile_ace, canon_ace **ppdir_ace, SEC_ACL *dacl) { bool all_aces_are_inherit_only = (fsp->is_directory ? True : False); canon_ace *file_ace = NULL; canon_ace *dir_ace = NULL; canon_ace *current_ace = NULL; bool got_dir_allow = False; bool got_file_allow = False; int i, j; *ppfile_ace = NULL; *ppdir_ace = NULL; for(i = 0; i < dacl->num_aces; i++) { SEC_ACE *psa = &dacl->aces[i]; if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) { DEBUG(3,(""create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"")); return False; } if (nt4_compatible_acls()) { se_map_generic(&psa->access_mask, &file_generic_mapping); psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS); if(psa->access_mask != UNIX_ACCESS_NONE) psa->access_mask &= ~UNIX_ACCESS_NONE; } } for(i = 0; i < dacl->num_aces; i++) { SEC_ACE *psa1 = &dacl->aces[i]; for (j = i + 1; j < dacl->num_aces; j++) { SEC_ACE *psa2 = &dacl->aces[j]; if (psa1->access_mask != psa2->access_mask) continue; if (!sid_equal(&psa1->trustee, &psa2->trustee)) continue; if (psa1->flags & SEC_ACE_FLAG_INHERIT_ONLY) { psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) { psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); } } } for(i = 0; i < dacl->num_aces; i++) { SEC_ACE *psa = &dacl->aces[i]; if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) { free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); DEBUG(0,(""create_canon_ace_lists: malloc fail.\n"")); return False; } ZERO_STRUCTP(current_ace); sid_copy(¤t_ace->trustee, &psa->trustee); if( sid_equal(¤t_ace->trustee, &global_sid_World)) { current_ace->owner_type = WORLD_ACE; current_ace->unix_ug.world = -1; current_ace->type = SMB_ACL_OTHER; } else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Owner)) { current_ace->owner_type = UID_ACE; current_ace->unix_ug.uid = pst->st_uid; current_ace->type = SMB_ACL_USER_OBJ; if (nt4_compatible_acls()) psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY; } else if (sid_equal(¤t_ace->trustee, &global_sid_Creator_Group)) { current_ace->owner_type = GID_ACE; current_ace->unix_ug.gid = pst->st_gid; current_ace->type = SMB_ACL_GROUP_OBJ; if (nt4_compatible_acls()) psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY; } else if (sid_to_uid( ¤t_ace->trustee, ¤t_ace->unix_ug.uid)) { current_ace->owner_type = UID_ACE; if (current_ace->unix_ug.uid == pst->st_uid) { current_ace->type = SMB_ACL_USER_OBJ; } else { current_ace->type = SMB_ACL_USER; } } else if (sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid)) { current_ace->owner_type = GID_ACE; if (current_ace->unix_ug.gid == pst->st_gid) { current_ace->type = SMB_ACL_GROUP_OBJ; } else { current_ace->type = SMB_ACL_GROUP; } } else { if (non_mappable_sid(&psa->trustee)) { DEBUG(10, (""create_canon_ace_lists: ignoring "" ""non-mappable SID %s\n"", sid_string_dbg(&psa->trustee))); SAFE_FREE(current_ace); continue; } free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); DEBUG(0, (""create_canon_ace_lists: unable to map SID "" ""%s to uid or gid.\n"", sid_string_dbg(¤t_ace->trustee))); SAFE_FREE(current_ace); return False; } current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR); current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE; current_ace->inherited = ((psa->flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False); if (fsp->is_directory) { if ((psa->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) == (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) { DLIST_ADD_END(dir_ace, current_ace, canon_ace *); if (current_ace->attr == ALLOW_ACE) got_dir_allow = True; if ((current_ace->attr == DENY_ACE) && got_dir_allow) { DEBUG(0,(""create_canon_ace_lists: malformed ACL in inheritable ACL ! \ Deny entry after Allow entry. Failing to set on file %s.\n"", fsp->fsp_name )); free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); return False; } if( DEBUGLVL( 10 )) { dbgtext(""create_canon_ace_lists: adding dir ACL:\n""); print_canon_ace( current_ace, 0); } if (!(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) { canon_ace *dup_ace = dup_canon_ace(current_ace); if (!dup_ace) { DEBUG(0,(""create_canon_ace_lists: malloc fail !\n"")); free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); return False; } current_ace = dup_ace; } else { current_ace = NULL; } } } if (current_ace && !(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) { DLIST_ADD_END(file_ace, current_ace, canon_ace *); if (current_ace->attr == ALLOW_ACE) got_file_allow = True; if ((current_ace->attr == DENY_ACE) && got_file_allow) { DEBUG(0,(""create_canon_ace_lists: malformed ACL in file ACL ! \ Deny entry after Allow entry. Failing to set on file %s.\n"", fsp->fsp_name )); free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); return False; } if( DEBUGLVL( 10 )) { dbgtext(""create_canon_ace_lists: adding file ACL:\n""); print_canon_ace( current_ace, 0); } all_aces_are_inherit_only = False; current_ace = NULL; } SAFE_FREE(current_ace); } if (fsp->is_directory && all_aces_are_inherit_only) { DEBUG(10,(""create_canon_ace_lists: Win2k inherit acl traverse. Ignoring DACL.\n"")); free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); file_ace = NULL; dir_ace = NULL; } else { if (file_ace) { check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid); } if (dir_ace) { check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid); } } *ppfile_ace = file_ace; *ppdir_ace = dir_ace; return True; }",samba,,,204546760932536071461825434893835590130,0 1513,[],"static void migrate_dead(unsigned int dead_cpu, struct task_struct *p) { struct rq *rq = cpu_rq(dead_cpu); BUG_ON(!p->exit_state); BUG_ON(p->state == TASK_DEAD); get_task_struct(p); spin_unlock_irq(&rq->lock); move_task_off_dead_cpu(dead_cpu, p); spin_lock_irq(&rq->lock); put_task_struct(p); }",linux-2.6,,,98517111472825336206377174132038125016,0 5861,['CWE-200'],"static int raw_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size) { struct sock *sk = sock->sk; struct raw_sock *ro = raw_sk(sk); struct sk_buff *skb; struct net_device *dev; int ifindex; int err; if (msg->msg_name) { struct sockaddr_can *addr = (struct sockaddr_can *)msg->msg_name; if (addr->can_family != AF_CAN) return -EINVAL; ifindex = addr->can_ifindex; } else ifindex = ro->ifindex; if (size != sizeof(struct can_frame)) return -EINVAL; dev = dev_get_by_index(&init_net, ifindex); if (!dev) return -ENXIO; skb = sock_alloc_send_skb(sk, size, msg->msg_flags & MSG_DONTWAIT, &err); if (!skb) goto put_dev; err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); if (err < 0) goto free_skb; err = sock_tx_timestamp(msg, sk, skb_tx(skb)); if (err < 0) goto free_skb; skb->dev = dev; skb->sk = sk; err = can_send(skb, ro->loopback); dev_put(dev); if (err) goto send_failed; return size; free_skb: kfree_skb(skb); put_dev: dev_put(dev); send_failed: return err; }",linux-2.6,,,285591639437643835146348478523298278055,0 468,[],"pfm_context_alloc(void) { pfm_context_t *ctx; ctx = kzalloc(sizeof(pfm_context_t), GFP_KERNEL); if (ctx) { DPRINT((""alloc ctx @%p\n"", ctx)); } return ctx; }",linux-2.6,,,333363248781937834888228895103290524779,0 3481,CWE-295,"int main(int argc, char **argv) { int error; my_bool first_argument_uses_wildcards=0; char *wild; MYSQL mysql; MY_INIT(argv[0]); my_getopt_use_args_separator= TRUE; if (load_defaults(""my"",load_default_groups,&argc,&argv)) exit(1); my_getopt_use_args_separator= FALSE; get_options(&argc,&argv); wild=0; if (argc) { char *pos= argv[argc-1], *to; for (to= pos ; *pos ; pos++, to++) { switch (*pos) { case '*': *pos= '%'; first_argument_uses_wildcards= 1; break; case '?': *pos= '_'; first_argument_uses_wildcards= 1; break; case '%': case '_': first_argument_uses_wildcards= 1; break; case '\\': pos++; default: break; } *to= *pos; } *to= *pos; } if (first_argument_uses_wildcards) wild= argv[--argc]; else if (argc == 3) wild= argv[--argc]; if (argc > 2) { fprintf(stderr,""%s: Too many arguments\n"",my_progname); exit(1); } mysql_init(&mysql); if (opt_compress) mysql_options(&mysql,MYSQL_OPT_COMPRESS,NullS); #ifdef HAVE_OPENSSL if (opt_use_ssl) { mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); mysql_options(&mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(&mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } mysql_options(&mysql,MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (char*)&opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); if (opt_bind_addr) mysql_options(&mysql,MYSQL_OPT_BIND,opt_bind_addr); #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) if (shared_memory_base_name) mysql_options(&mysql,MYSQL_SHARED_MEMORY_BASE_NAME,shared_memory_base_name); #endif mysql_options(&mysql, MYSQL_SET_CHARSET_NAME, default_charset); if (opt_plugin_dir && *opt_plugin_dir) mysql_options(&mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir); if (opt_default_auth && *opt_default_auth) mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(&mysql, MYSQL_OPT_CONNECT_ATTR_RESET, 0); mysql_options4(&mysql, MYSQL_OPT_CONNECT_ATTR_ADD, ""program_name"", ""mysqlshow""); if (!(mysql_real_connect(&mysql,host,user,opt_password, (first_argument_uses_wildcards) ? """" : argv[0],opt_mysql_port,opt_mysql_unix_port, 0))) { fprintf(stderr,""%s: %s\n"",my_progname,mysql_error(&mysql)); exit(1); } mysql.reconnect= 1; switch (argc) { case 0: error=list_dbs(&mysql,wild); break; case 1: if (opt_status) error=list_table_status(&mysql,argv[0],wild); else error=list_tables(&mysql,argv[0],wild); break; default: if (opt_status && ! wild) error=list_table_status(&mysql,argv[0],argv[1]); else error=list_fields(&mysql,argv[0],argv[1],wild); break; } mysql_close(&mysql); my_free(opt_password); #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) my_free(shared_memory_base_name); #endif my_end(my_end_arg); exit(error ? 1 : 0); return 0; }",visit repo url,client/mysqlshow.c,https://github.com/mysql/mysql-server,78845629167133,1 1239,[],"find_builtin_by_addr (builtin_func *func) { const builtin *bp; for (bp = &builtin_tab[0]; bp->name != NULL; bp++) if (bp->func == func) return bp; if (func == m4_placeholder) return bp + 1; return NULL; }",m4,,,25151982139333678382958074562276152949,0 4918,['CWE-20'],"int dir_decode(nfs_readdir_descriptor_t *desc) { __be32 *p = desc->ptr; p = desc->decode(p, desc->entry, desc->plus); if (IS_ERR(p)) return PTR_ERR(p); desc->ptr = p; if (desc->timestamp_valid) desc->entry->fattr->time_start = desc->timestamp; else desc->entry->fattr->valid &= ~NFS_ATTR_FATTR; return 0; }",linux-2.6,,,50299348566167934097225888275518949292,0 229,[],"static struct atalk_iface *atalk_find_interface(int net, int node) { struct atalk_iface *iface; read_lock_bh(&atalk_interfaces_lock); for (iface = atalk_interfaces; iface; iface = iface->next) { if ((node == ATADDR_BCAST || node == ATADDR_ANYNODE || iface->address.s_node == node) && iface->address.s_net == net && !(iface->status & ATIF_PROBE)) break; if (node == ATADDR_ANYNODE && net != ATADDR_ANYNET && ntohs(iface->nets.nr_firstnet) <= ntohs(net) && ntohs(net) <= ntohs(iface->nets.nr_lastnet)) break; } read_unlock_bh(&atalk_interfaces_lock); return iface; }",history,,,164180754250066115724130293061286111661,0 3336,CWE-119,"flac_buffer_copy (SF_PRIVATE *psf) { FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ; const FLAC__Frame *frame = pflac->frame ; const int32_t* const *buffer = pflac->wbuffer ; unsigned i = 0, j, offset, channels, len ; if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE) { psf_log_printf (psf, ""Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n"", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ; psf->error = SFE_INTERNAL ; return 0 ; } ; if (frame->header.channels > FLAC__MAX_CHANNELS) psf_log_printf (psf, ""Ooops : frame->header.channels (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n"", __func__, __LINE__, frame->header.channels, FLAC__MAX_CHANNELS) ; channels = SF_MIN (frame->header.channels, FLAC__MAX_CHANNELS) ; if (pflac->ptr == NULL) { pflac->bufferbackup = SF_TRUE ; for (i = 0 ; i < channels ; i++) { if (pflac->rbuffer [i] == NULL) pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (int32_t)) ; memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (int32_t)) ; } ; pflac->wbuffer = (const int32_t* const*) pflac->rbuffer ; return 0 ; } ; len = SF_MIN (pflac->len, frame->header.blocksize) ; switch (pflac->pcmtype) { case PFLAC_PCM_SHORT : { short *retpcm = (short*) pflac->ptr ; int shift = 16 - frame->header.bits_per_sample ; if (shift < 0) { shift = abs (shift) ; for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = buffer [j][pflac->bufferpos] >> shift ; pflac->remain -= channels ; pflac->bufferpos++ ; } } else { for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = ((uint16_t) buffer [j][pflac->bufferpos]) << shift ; pflac->remain -= channels ; pflac->bufferpos++ ; } ; } ; } ; break ; case PFLAC_PCM_INT : { int *retpcm = (int*) pflac->ptr ; int shift = 32 - frame->header.bits_per_sample ; for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = ((uint32_t) buffer [j][pflac->bufferpos]) << shift ; pflac->remain -= channels ; pflac->bufferpos++ ; } ; } ; break ; case PFLAC_PCM_FLOAT : { float *retpcm = (float*) pflac->ptr ; float norm = (psf->norm_float == SF_TRUE) ? 1.0 / (1 << (frame->header.bits_per_sample - 1)) : 1.0 ; for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = buffer [j][pflac->bufferpos] * norm ; pflac->remain -= channels ; pflac->bufferpos++ ; } ; } ; break ; case PFLAC_PCM_DOUBLE : { double *retpcm = (double*) pflac->ptr ; double norm = (psf->norm_double == SF_TRUE) ? 1.0 / (1 << (frame->header.bits_per_sample - 1)) : 1.0 ; for (i = 0 ; i < len && pflac->remain > 0 ; i++) { offset = pflac->pos + i * channels ; if (pflac->bufferpos >= frame->header.blocksize) break ; if (offset + channels > pflac->len) break ; for (j = 0 ; j < channels ; j++) retpcm [offset + j] = buffer [j][pflac->bufferpos] * norm ; pflac->remain -= channels ; pflac->bufferpos++ ; } ; } ; break ; default : return 0 ; } ; offset = i * channels ; pflac->pos += i * channels ; return offset ; } ",visit repo url,src/flac.c,https://github.com/erikd/libsndfile,137586189829061,1 307,CWE-476,"void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb) { struct in_pktinfo *pktinfo = PKTINFO_SKB_CB(skb); bool prepare = (inet_sk(sk)->cmsg_flags & IP_CMSG_PKTINFO) || ipv6_sk_rxinfo(sk); if (prepare && skb_rtable(skb)) { if (pktinfo->ipi_ifindex == LOOPBACK_IFINDEX) pktinfo->ipi_ifindex = inet_iif(skb); pktinfo->ipi_spec_dst.s_addr = fib_compute_spec_dst(skb); } else { pktinfo->ipi_ifindex = 0; pktinfo->ipi_spec_dst.s_addr = 0; } skb_dst_drop(skb); }",visit repo url,net/ipv4/ip_sockglue.c,https://github.com/torvalds/linux,16497964770752,1 3227,['CWE-189'],"int jas_stream_rewind(jas_stream_t *stream) { return jas_stream_seek(stream, 0, SEEK_SET); }",jasper,,,203850434663992017648771522064925403497,0 5988,CWE-120,"static PyObject *__pyx_f_17clickhouse_driver_14bufferedreader___pyx_unpickle_CompressedBufferedReader__set_state(struct __pyx_obj_17clickhouse_driver_14bufferedreader_CompressedBufferedReader *__pyx_v___pyx_result, PyObject *__pyx_v___pyx_state) { PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; Py_ssize_t __pyx_t_2; int __pyx_t_3; int __pyx_t_4; int __pyx_t_5; PyObject *__pyx_t_6 = NULL; PyObject *__pyx_t_7 = NULL; PyObject *__pyx_t_8 = NULL; __Pyx_RefNannySetupContext(""__pyx_unpickle_CompressedBufferedReader__set_state"", 0); if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 0, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); if (!(likely(PyByteArray_CheckExact(__pyx_t_1))||((__pyx_t_1) == Py_None)||(PyErr_Format(PyExc_TypeError, ""Expected %.16s, got %.200s"", ""bytearray"", Py_TYPE(__pyx_t_1)->tp_name), 0))) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GIVEREF(__pyx_t_1); __Pyx_GOTREF(__pyx_v___pyx_result->__pyx_base.buffer); __Pyx_DECREF(__pyx_v___pyx_result->__pyx_base.buffer); __pyx_v___pyx_result->__pyx_base.buffer = ((PyObject*)__pyx_t_1); __pyx_t_1 = 0; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 1, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = __Pyx_PyIndex_AsSsize_t(__pyx_t_1); if (unlikely((__pyx_t_2 == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_v___pyx_result->__pyx_base.current_buffer_size = __pyx_t_2; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 2, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = __Pyx_PyIndex_AsSsize_t(__pyx_t_1); if (unlikely((__pyx_t_2 == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_v___pyx_result->__pyx_base.position = __pyx_t_2; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 3, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_GIVEREF(__pyx_t_1); __Pyx_GOTREF(__pyx_v___pyx_result->read_block); __Pyx_DECREF(__pyx_v___pyx_result->read_block); __pyx_v___pyx_result->read_block = __pyx_t_1; __pyx_t_1 = 0; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""object of type 'NoneType' has no len()""); __PYX_ERR(1, 13, __pyx_L1_error) } __pyx_t_2 = PyTuple_GET_SIZE(__pyx_v___pyx_state); if (unlikely(__pyx_t_2 == ((Py_ssize_t)-1))) __PYX_ERR(1, 13, __pyx_L1_error) __pyx_t_4 = ((__pyx_t_2 > 4) != 0); if (__pyx_t_4) { } else { __pyx_t_3 = __pyx_t_4; goto __pyx_L4_bool_binop_done; } __pyx_t_4 = __Pyx_HasAttr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(1, 13, __pyx_L1_error) __pyx_t_5 = (__pyx_t_4 != 0); __pyx_t_3 = __pyx_t_5; __pyx_L4_bool_binop_done:; if (__pyx_t_3) { __pyx_t_6 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(!__pyx_t_6)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_6); __pyx_t_7 = __Pyx_PyObject_GetAttrStr(__pyx_t_6, __pyx_n_s_update); if (unlikely(!__pyx_t_7)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_7); __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 14, __pyx_L1_error) } __pyx_t_6 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 4, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_6)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_6); __pyx_t_8 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_7))) { __pyx_t_8 = PyMethod_GET_SELF(__pyx_t_7); if (likely(__pyx_t_8)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_7); __Pyx_INCREF(__pyx_t_8); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_7, function); } } __pyx_t_1 = (__pyx_t_8) ? __Pyx_PyObject_Call2Args(__pyx_t_7, __pyx_t_8, __pyx_t_6) : __Pyx_PyObject_CallOneArg(__pyx_t_7, __pyx_t_6); __Pyx_XDECREF(__pyx_t_8); __pyx_t_8 = 0; __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0; if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; } __pyx_r = Py_None; __Pyx_INCREF(Py_None); goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_6); __Pyx_XDECREF(__pyx_t_7); __Pyx_XDECREF(__pyx_t_8); __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.__pyx_unpickle_CompressedBufferedReader__set_state"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = 0; __pyx_L0:; __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,24123075312588,1 2660,[],"static void sctp_enter_memory_pressure(struct sock *sk) { sctp_memory_pressure = 1; }",linux-2.6,,,212287886455623593915382589203443175293,0 3896,CWE-122,"n_start_visual_mode(int c) { #ifdef FEAT_CONCEAL int cursor_line_was_concealed = curwin->w_p_cole > 0 && conceal_cursor_line(curwin); #endif VIsual_mode = c; VIsual_active = TRUE; VIsual_reselect = TRUE; trigger_modechanged(); if (c == Ctrl_V && (get_ve_flags() & VE_BLOCK) && gchar_cursor() == TAB) { validate_virtcol(); coladvance(curwin->w_virtcol); } VIsual = curwin->w_cursor; #ifdef FEAT_FOLDING foldAdjustVisual(); #endif setmouse(); #ifdef FEAT_CONCEAL conceal_check_cursor_line(cursor_line_was_concealed); #endif if (p_smd && msg_silent == 0) redraw_cmdline = TRUE; #ifdef FEAT_CLIPBOARD clip_star.vmode = NUL; #endif if (curwin->w_redr_type < INVERTED) { curwin->w_old_cursor_lnum = curwin->w_cursor.lnum; curwin->w_old_visual_lnum = curwin->w_cursor.lnum; } }",visit repo url,src/normal.c,https://github.com/vim/vim,51935088539433,1 103,CWE-90,"krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, char **db_args) { int l=0, kerberos_principal_object_type=0; unsigned int ntrees=0, tre=0; krb5_error_code st=0, tempst=0; LDAP *ld=NULL; LDAPMessage *result=NULL, *ent=NULL; char **subtreelist = NULL; char *user=NULL, *subtree=NULL, *principal_dn=NULL; char **values=NULL, *strval[10]={NULL}, errbuf[1024]; char *filtuser=NULL; struct berval **bersecretkey=NULL; LDAPMod **mods=NULL; krb5_boolean create_standalone=FALSE; krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE; char *standalone_principal_dn=NULL; krb5_tl_data *tl_data=NULL; krb5_key_data **keys=NULL; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; osa_princ_ent_rec princ_ent = {0}; xargs_t xargs = {0}; char *polname = NULL; OPERATION optype; krb5_boolean found_entry = FALSE; krb5_clear_error_message(context); SETUP_CONTEXT(); if (ldap_context->lrparams == NULL || ldap_context->container_dn == NULL) return EINVAL; GET_HANDLE(); if (!is_principal_in_realm(ldap_context, entry->princ)) { st = EINVAL; k5_setmsg(context, st, _(""Principal does not belong to the default realm"")); goto cleanup; } if (((st=krb5_unparse_name(context, entry->princ, &user)) != 0) || ((st=krb5_ldap_unparse_principal_name(user)) != 0)) goto cleanup; filtuser = ldap_filter_correct(user); if (filtuser == NULL) { st = ENOMEM; goto cleanup; } if (entry->mask & KADM5_PRINCIPAL) optype = ADD_PRINCIPAL; else optype = MODIFY_PRINCIPAL; if (((st=krb5_get_princ_type(context, entry, &kerberos_principal_object_type)) != 0) || ((st=krb5_get_userdn(context, entry, &principal_dn)) != 0)) goto cleanup; if ((st=process_db_args(context, db_args, &xargs, optype)) != 0) goto cleanup; if (entry->mask & KADM5_LOAD) { unsigned int tree = 0; int numlentries = 0; char *filter = NULL; if (asprintf(&filter, FILTER""%s))"", filtuser) < 0) { filter = NULL; st = ENOMEM; goto cleanup; } if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0) goto cleanup; found_entry = FALSE; for (tree = 0; found_entry == FALSE && tree < ntrees; ++tree) { if (principal_dn == NULL) { LDAP_SEARCH_1(subtreelist[tree], ldap_context->lrparams->search_scope, filter, principal_attributes, IGNORE_STATUS); } else { LDAP_SEARCH_1(principal_dn, LDAP_SCOPE_BASE, filter, principal_attributes, IGNORE_STATUS); } if (st == LDAP_SUCCESS) { numlentries = ldap_count_entries(ld, result); if (numlentries > 1) { free(filter); st = EINVAL; k5_setmsg(context, st, _(""operation can not continue, more than one "" ""entry with principal name \""%s\"" found""), user); goto cleanup; } else if (numlentries == 1) { found_entry = TRUE; if (principal_dn == NULL) { ent = ldap_first_entry(ld, result); if (ent != NULL) { if ((principal_dn = ldap_get_dn(ld, ent)) == NULL) { ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st); st = set_ldap_error (context, st, 0); free(filter); goto cleanup; } } } } } else if (st != LDAP_NO_SUCH_OBJECT) { st = set_ldap_error (context, st, 0); free(filter); goto cleanup; } ldap_msgfree(result); result = NULL; } free(filter); if (found_entry == FALSE && principal_dn != NULL) { create_standalone = TRUE; standalone_principal_dn = strdup(principal_dn); CHECK_NULL(standalone_principal_dn); } } if (principal_dn == NULL && xargs.dn == NULL) { if (entry->princ->length == 2 && entry->princ->data[0].length == strlen(""krbtgt"") && strncmp(entry->princ->data[0].data, ""krbtgt"", entry->princ->data[0].length) == 0) { subtree = strdup(ldap_context->lrparams->realmdn); } else if (xargs.containerdn) { if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) { if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) { int ost = st; st = EINVAL; k5_wrapmsg(context, ost, st, _(""'%s' not found""), xargs.containerdn); } goto cleanup; } subtree = strdup(xargs.containerdn); } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) { subtree = strdup(ldap_context->lrparams->containerref); } else { subtree = strdup(ldap_context->lrparams->realmdn); } CHECK_NULL(subtree); if (asprintf(&standalone_principal_dn, ""krbprincipalname=%s,%s"", filtuser, subtree) < 0) standalone_principal_dn = NULL; CHECK_NULL(standalone_principal_dn); create_standalone = TRUE; free(subtree); subtree = NULL; } if (xargs.dn_from_kbd == TRUE) { int dnlen=0, subtreelen=0; char *dn=NULL; krb5_boolean outofsubtree=TRUE; if (xargs.dn != NULL) { dn = xargs.dn; } else if (xargs.linkdn != NULL) { dn = xargs.linkdn; } else if (standalone_principal_dn != NULL) { dn = standalone_principal_dn; } if (subtreelist == NULL) { st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees); if (st) goto cleanup; } for (tre=0; tre= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) { outofsubtree = FALSE; break; } } } if (outofsubtree == TRUE) { st = EINVAL; k5_setmsg(context, st, _(""DN is out of the realm subtree"")); goto cleanup; } if (standalone_principal_dn == NULL) { char *attributes[]={""krbticketpolicyreference"", ""krbprincipalname"", NULL}; ldap_msgfree(result); result = NULL; LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS); if (st == LDAP_SUCCESS) { ent = ldap_first_entry(ld, result); if (ent != NULL) { if ((values=ldap_get_values(ld, ent, ""krbticketpolicyreference"")) != NULL) { ldap_value_free(values); } if ((values=ldap_get_values(ld, ent, ""krbprincipalname"")) != NULL) { krb_identity_exists = TRUE; ldap_value_free(values); } } } else { st = set_ldap_error(context, st, OP_SEARCH); goto cleanup; } } } if (xargs.dn != NULL && krb_identity_exists == TRUE) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _(""ldap object is already kerberized"")); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } if (xargs.linkdn != NULL) { if (optype == MODIFY_PRINCIPAL && kerberos_principal_object_type != KDB_STANDALONE_PRINCIPAL_OBJECT) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _(""link information can not be set/updated as the "" ""kerberos principal belongs to an ldap object"")); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } { char **linkdns=NULL; int j=0; if ((st=krb5_get_linkdn(context, entry, &linkdns)) != 0) { snprintf(errbuf, sizeof(errbuf), _(""Failed getting object references"")); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } if (linkdns != NULL) { st = EINVAL; snprintf(errbuf, sizeof(errbuf), _(""kerberos principal is already linked to a ldap "" ""object"")); k5_setmsg(context, st, ""%s"", errbuf); for (j=0; linkdns[j] != NULL; ++j) free (linkdns[j]); free (linkdns); goto cleanup; } } establish_links = TRUE; } if (entry->mask & KADM5_LAST_SUCCESS) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->last_success)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastSuccessfulAuth"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_LAST_FAILED) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->last_failed)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastFailedAuth"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free(strval[0]); } if (entry->mask & KADM5_FAIL_AUTH_COUNT) { krb5_kvno fail_auth_count; fail_auth_count = entry->fail_auth_count; if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) fail_auth_count++; st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_REPLACE, fail_auth_count); if (st != 0) goto cleanup; } else if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) { int attr_mask = 0; krb5_boolean has_fail_count; st = krb5_get_attributes_mask(context, entry, &attr_mask); if (st != 0) goto cleanup; has_fail_count = ((attr_mask & KDB_FAIL_AUTH_COUNT_ATTR) != 0); #ifdef LDAP_MOD_INCREMENT if (ldap_server_handle->server_info->modify_increment && has_fail_count) { st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_INCREMENT, 1); if (st != 0) goto cleanup; } else { #endif if (has_fail_count) { st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_DELETE, entry->fail_auth_count); if (st != 0) goto cleanup; } st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_ADD, entry->fail_auth_count + 1); if (st != 0) goto cleanup; #ifdef LDAP_MOD_INCREMENT } #endif } else if (optype == ADD_PRINCIPAL) { st = krb5_add_int_mem_ldap_mod(&mods, ""krbLoginFailedCount"", LDAP_MOD_ADD, 0); } if (entry->mask & KADM5_MAX_LIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, ""krbmaxticketlife"", LDAP_MOD_REPLACE, entry->max_life)) != 0) goto cleanup; } if (entry->mask & KADM5_MAX_RLIFE) { if ((st=krb5_add_int_mem_ldap_mod(&mods, ""krbmaxrenewableage"", LDAP_MOD_REPLACE, entry->max_renewable_life)) != 0) goto cleanup; } if (entry->mask & KADM5_ATTRIBUTES) { if ((st=krb5_add_int_mem_ldap_mod(&mods, ""krbticketflags"", LDAP_MOD_REPLACE, entry->attributes)) != 0) goto cleanup; } if (entry->mask & KADM5_PRINCIPAL) { memset(strval, 0, sizeof(strval)); strval[0] = user; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbprincipalname"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } if (entry->mask & KADM5_PRINC_EXPIRE_TIME) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbprincipalexpiration"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_PW_EXPIRATION) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpasswordexpiration"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } if (entry->mask & KADM5_POLICY || entry->mask & KADM5_KEY_HIST) { memset(&princ_ent, 0, sizeof(princ_ent)); for (tl_data=entry->tl_data; tl_data; tl_data=tl_data->tl_data_next) { if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) { if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) { goto cleanup; } break; } } } if (entry->mask & KADM5_POLICY) { if (princ_ent.aux_attributes & KADM5_POLICY) { memset(strval, 0, sizeof(strval)); if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0) goto cleanup; strval[0] = polname; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpwdpolicyreference"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } else { st = EINVAL; k5_setmsg(context, st, ""Password policy value null""); goto cleanup; } } else if (entry->mask & KADM5_LOAD && found_entry == TRUE) { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpwdpolicyreference"", LDAP_MOD_REPLACE, NULL)) != 0) goto cleanup; } if (entry->mask & KADM5_POLICY_CLR) { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpwdpolicyreference"", LDAP_MOD_DELETE, NULL)) != 0) goto cleanup; } if (entry->mask & KADM5_KEY_HIST) { bersecretkey = krb5_encode_histkey(&princ_ent); if (bersecretkey == NULL) { st = ENOMEM; goto cleanup; } st = krb5_add_ber_mem_ldap_mod(&mods, ""krbpwdhistory"", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey); if (st != 0) goto cleanup; free_berdata(bersecretkey); bersecretkey = NULL; } if (entry->mask & KADM5_KEY_DATA || entry->mask & KADM5_KVNO) { krb5_kvno mkvno; if ((st=krb5_dbe_lookup_mkvno(context, entry, &mkvno)) != 0) goto cleanup; bersecretkey = krb5_encode_krbsecretkey (entry->key_data, entry->n_key_data, mkvno); if (bersecretkey == NULL) { st = ENOMEM; goto cleanup; } if (bersecretkey[0] != NULL || !create_standalone) { st = krb5_add_ber_mem_ldap_mod(&mods, ""krbprincipalkey"", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey); if (st != 0) goto cleanup; } if (!(entry->mask & KADM5_PRINCIPAL)) { memset(strval, 0, sizeof(strval)); if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbpasswordexpiration"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } { krb5_timestamp last_pw_changed; if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0) goto cleanup; memset(strval, 0, sizeof(strval)); if ((strval[0] = getstringtime(last_pw_changed)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastPwdChange"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } } st = update_ldap_mod_auth_ind(context, entry, &mods); if (st != 0) goto cleanup; if (entry->tl_data != NULL) { int count = 0; struct berval **ber_tl_data = NULL; krb5_tl_data *ptr; krb5_timestamp unlock_time; for (ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) { if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE #ifdef SECURID || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA || ptr->tl_data_type == KDB_TL_USER_INFO || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK) continue; count++; } if (count != 0) { int j; ber_tl_data = (struct berval **) calloc (count + 1, sizeof (struct berval*)); if (ber_tl_data == NULL) { st = ENOMEM; goto cleanup; } for (j = 0, ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) { if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE #ifdef SECURID || ptr->tl_data_type == KRB5_TL_DB_ARGS #endif || ptr->tl_data_type == KRB5_TL_KADM_DATA || ptr->tl_data_type == KDB_TL_USER_INFO || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK) continue; if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0) break; j++; } if (st == 0) { ber_tl_data[count] = NULL; st=krb5_add_ber_mem_ldap_mod(&mods, ""krbExtraData"", LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, ber_tl_data); } free_berdata(ber_tl_data); if (st != 0) goto cleanup; } if ((st=krb5_dbe_lookup_last_admin_unlock(context, entry, &unlock_time)) != 0) goto cleanup; if (unlock_time != 0) { memset(strval, 0, sizeof(strval)); if ((strval[0] = getstringtime(unlock_time)) == NULL) goto cleanup; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbLastAdminUnlock"", LDAP_MOD_REPLACE, strval)) != 0) { free (strval[0]); goto cleanup; } free (strval[0]); } } if (xargs.tktpolicydn != NULL) { int tmask=0; if (strlen(xargs.tktpolicydn) != 0) { st = checkattributevalue(ld, xargs.tktpolicydn, ""objectclass"", policyclass, &tmask); CHECK_CLASS_VALIDITY(st, tmask, _(""ticket policy object value: "")); strval[0] = xargs.tktpolicydn; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbticketpolicyreference"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } else { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbticketpolicyreference"", LDAP_MOD_DELETE, NULL)) != 0) goto cleanup; } } if (establish_links == TRUE) { memset(strval, 0, sizeof(strval)); strval[0] = xargs.linkdn; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""krbObjectReferences"", LDAP_MOD_REPLACE, strval)) != 0) goto cleanup; } if (mods == NULL) goto cleanup; if (create_standalone == TRUE) { memset(strval, 0, sizeof(strval)); strval[0] = ""krbprincipal""; strval[1] = ""krbprincipalaux""; strval[2] = ""krbTicketPolicyAux""; if ((st=krb5_add_str_mem_ldap_mod(&mods, ""objectclass"", LDAP_MOD_ADD, strval)) != 0) goto cleanup; st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL); if (st == LDAP_ALREADY_EXISTS && entry->mask & KADM5_LOAD) { st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL); if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _(""Principal delete failed (trying to replace "" ""entry): %s""), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } else { st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL); } } if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _(""Principal add failed: %s""), ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } } else { { char *attrvalues[] = {""krbprincipalaux"", ""krbTicketPolicyAux"", NULL}; int p, q, r=0, amask=0; if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn, ""objectclass"", attrvalues, &amask)) != 0) goto cleanup; memset(strval, 0, sizeof(strval)); for (p=1, q=0; p<=2; p<<=1, ++q) { if ((p & amask) == 0) strval[r++] = attrvalues[q]; } if (r != 0) { if ((st=krb5_add_str_mem_ldap_mod(&mods, ""objectclass"", LDAP_MOD_ADD, strval)) != 0) goto cleanup; } } if (xargs.dn != NULL) st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL); else st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL); if (st != LDAP_SUCCESS) { snprintf(errbuf, sizeof(errbuf), _(""User modification failed: %s""), ldap_err2string(st)); st = translate_ldap_error (st, OP_MOD); k5_setmsg(context, st, ""%s"", errbuf); goto cleanup; } if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) entry->fail_auth_count++; } cleanup: if (user) free(user); if (filtuser) free(filtuser); free_xargs(xargs); if (standalone_principal_dn) free(standalone_principal_dn); if (principal_dn) free (principal_dn); if (polname != NULL) free(polname); for (tre = 0; tre < ntrees; tre++) free(subtreelist[tre]); free(subtreelist); if (subtree) free (subtree); if (bersecretkey) { for (l=0; bersecretkey[l]; ++l) { if (bersecretkey[l]->bv_val) free (bersecretkey[l]->bv_val); free (bersecretkey[l]); } free (bersecretkey); } if (keys) free (keys); ldap_mods_free(mods, 1); ldap_osa_free_princ_ent(&princ_ent); ldap_msgfree(result); krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return(st); }",visit repo url,src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c,https://github.com/krb5/krb5,52442138191037,1 4951,CWE-125,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 5746,['CWE-200'],"static void irda_selective_discovery_indication(discinfo_t *discovery, DISCOVERY_MODE mode, void *priv) { struct irda_sock *self; IRDA_DEBUG(2, ""%s()\n"", __func__); self = (struct irda_sock *) priv; if (!self) { IRDA_WARNING(""%s: lost myself!\n"", __func__); return; } self->cachedaddr = discovery->daddr; wake_up_interruptible(&self->query_wait); }",linux-2.6,,,56337019854180128452357016600504870267,0 5142,CWE-125,"ast_for_arguments(struct compiling *c, const node *n) { int i, j, k, nposargs = 0, nkwonlyargs = 0; int nposdefaults = 0, found_default = 0; asdl_seq *posargs, *posdefaults, *kwonlyargs, *kwdefaults; arg_ty vararg = NULL, kwarg = NULL; arg_ty arg; node *ch; if (TYPE(n) == parameters) { if (NCH(n) == 2) return arguments(NULL, NULL, NULL, NULL, NULL, NULL, c->c_arena); n = CHILD(n, 1); } assert(TYPE(n) == typedargslist || TYPE(n) == varargslist); for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == STAR) { i++; if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { i++; } break; } if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == vfpdef || TYPE(ch) == tfpdef) nposargs++; if (TYPE(ch) == EQUAL) nposdefaults++; } for ( ; i < NCH(n); ++i) { ch = CHILD(n, i); if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == tfpdef || TYPE(ch) == vfpdef) nkwonlyargs++; } posargs = (nposargs ? _Py_asdl_seq_new(nposargs, c->c_arena) : NULL); if (!posargs && nposargs) return NULL; kwonlyargs = (nkwonlyargs ? _Py_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwonlyargs && nkwonlyargs) return NULL; posdefaults = (nposdefaults ? _Py_asdl_seq_new(nposdefaults, c->c_arena) : NULL); if (!posdefaults && nposdefaults) return NULL; kwdefaults = (nkwonlyargs ? _Py_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwdefaults && nkwonlyargs) return NULL; i = 0; j = 0; k = 0; while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case tfpdef: case vfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expr_ty expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) return NULL; assert(posdefaults != NULL); asdl_seq_SET(posdefaults, j++, expression); i += 2; found_default = 1; } else if (found_default) { ast_error(c, n, ""non-default argument follows default argument""); return NULL; } arg = ast_for_arg(c, ch); if (!arg) return NULL; asdl_seq_SET(posargs, k++, arg); i += 2; break; case STAR: if (i+1 >= NCH(n) || (i+2 == NCH(n) && TYPE(CHILD(n, i+1)) == COMMA)) { ast_error(c, CHILD(n, i), ""named arguments must follow bare *""); return NULL; } ch = CHILD(n, i+1); if (TYPE(ch) == COMMA) { int res = 0; i += 2; res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } else { vararg = ast_for_arg(c, ch); if (!vararg) return NULL; i += 3; if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { int res = 0; res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } } break; case DOUBLESTAR: ch = CHILD(n, i+1); assert(TYPE(ch) == tfpdef || TYPE(ch) == vfpdef); kwarg = ast_for_arg(c, ch); if (!kwarg) return NULL; i += 3; break; default: PyErr_Format(PyExc_SystemError, ""unexpected node in varargslist: %d @ %d"", TYPE(ch), i); return NULL; } } return arguments(posargs, vararg, kwonlyargs, kwdefaults, kwarg, posdefaults, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,55728997370176,1 478,[],"pfm_alt_save_pmu_state(void *data) { struct pt_regs *regs; regs = task_pt_regs(current); DPRINT((""called\n"")); pfm_clear_psr_up(); pfm_clear_psr_pp(); ia64_psr(regs)->pp = 0; pfm_freeze_pmu(); ia64_srlz_d(); }",linux-2.6,,,328016403015073374414748749209186716232,0 1425,[],"is_same_group(struct sched_entity *se, struct sched_entity *pse) { return 1; }",linux-2.6,,,223820633769708320447388802245627173042,0 637,CWE-20,"int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; struct sk_buff *skb; unsigned int ulen, copied; int peeked, off = 0; int err; int is_udplite = IS_UDPLITE(sk); bool slow; if (addr_len) *addr_len = sizeof(*sin); if (flags & MSG_ERRQUEUE) return ip_recv_error(sk, msg, len); try_again: skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), &peeked, &off, &err); if (!skb) goto out; ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) copied = ulen; else if (copied < ulen) msg->msg_flags |= MSG_TRUNC; if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { if (udp_lib_checksum_complete(skb)) goto csum_copy_err; } if (skb_csum_unnecessary(skb)) err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov, copied); else { err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (unlikely(err)) { trace_kfree_skb(skb, udp_recvmsg); if (!peeked) { atomic_inc(&sk->sk_drops); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } goto out_free; } if (!peeked) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); sock_recv_ts_and_drops(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_port = udp_hdr(skb)->source; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); } if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); err = copied; if (flags & MSG_TRUNC) err = ulen; out_free: skb_free_datagram_locked(sk, skb); out: return err; csum_copy_err: slow = lock_sock_fast(sk); if (!skb_kill_datagram(sk, skb, flags)) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } unlock_sock_fast(sk, slow); if (noblock) return -EAGAIN; msg->msg_flags &= ~MSG_TRUNC; goto try_again; }",visit repo url,net/ipv4/udp.c,https://github.com/torvalds/linux,230432308321716,1 6691,['CWE-200'],"foo_client_state_changed_cb (NMClient *client, GParamSpec *pspec, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); switch (nm_client_get_state (client)) { case NM_STATE_DISCONNECTED: applet_do_notify_with_pref (applet, _(""Disconnected""), _(""The network connection has been disconnected.""), ""nm-no-connection"", PREF_DISABLE_DISCONNECTED_NOTIFICATIONS); default: break; } applet_schedule_update_icon (applet); }",network-manager-applet,,,285497163798153719117249196899815612065,0 1223,[],"m4_esyscmd (struct obstack *obs, int argc, token_data **argv) { FILE *pin; int ch; if (bad_argc (argv[0], argc, 2, 2)) { sysval = 0; return; } debug_flush_files (); errno = 0; pin = popen (ARG (1), ""r""); if (pin == NULL) { M4ERROR ((warning_status, errno, ""cannot open pipe to command `%s'"", ARG (1))); sysval = -1; } else { while ((ch = getc (pin)) != EOF) obstack_1grow (obs, (char) ch); sysval = pclose (pin); } }",m4,,,93833692406186888100018852107143497211,0 5873,CWE-120,"PJ_DEF(void) pj_scan_advance_n( pj_scanner *scanner, unsigned N, pj_bool_t skip_ws) { if (scanner->curptr + N > scanner->end) { pj_scan_syntax_err(scanner); return; } scanner->curptr += N; if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && skip_ws) { pj_scan_skip_whitespace(scanner); } }",visit repo url,pjlib-util/src/pjlib-util/scanner.c,https://github.com/pjsip/pjproject,111259926638746,1 3117,CWE-119,"static bool parse_reconnect(struct pool *pool, json_t *val) { char *sockaddr_url, *stratum_port, *tmp; char *url, *port, address[256]; memset(address, 0, 255); url = (char *)json_string_value(json_array_get(val, 0)); if (!url) url = pool->sockaddr_url; else { char *dot_pool, *dot_reconnect; dot_pool = strchr(pool->sockaddr_url, '.'); if (!dot_pool) { applog(LOG_ERR, ""Denied stratum reconnect request for pool without domain '%s'"", pool->sockaddr_url); return false; } dot_reconnect = strchr(url, '.'); if (!dot_reconnect) { applog(LOG_ERR, ""Denied stratum reconnect request to url without domain '%s'"", url); return false; } if (strcmp(dot_pool, dot_reconnect)) { applog(LOG_ERR, ""Denied stratum reconnect request to non-matching domain url '%s'"", pool->sockaddr_url); return false; } } port = (char *)json_string_value(json_array_get(val, 1)); if (!port) port = pool->stratum_port; sprintf(address, ""%s:%s"", url, port); if (!extract_sockaddr(address, &sockaddr_url, &stratum_port)) return false; applog(LOG_WARNING, ""Stratum reconnect requested from pool %d to %s"", pool->pool_no, address); clear_pool_work(pool); mutex_lock(&pool->stratum_lock); __suspend_stratum(pool); tmp = pool->sockaddr_url; pool->sockaddr_url = sockaddr_url; pool->stratum_url = pool->sockaddr_url; free(tmp); tmp = pool->stratum_port; pool->stratum_port = stratum_port; free(tmp); mutex_unlock(&pool->stratum_lock); if (!restart_stratum(pool)) { pool_failed(pool); return false; } return true; }",visit repo url,util.c,https://github.com/ckolivas/cgminer,166297131953132,1 209,CWE-264,"static int apparmor_setprocattr(struct task_struct *task, char *name, void *value, size_t size) { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; char *command, *args = value; size_t arg_size; int error; if (size == 0) return -EINVAL; if (args[size - 1] != '\0') { if (size == PAGE_SIZE) return -EINVAL; args[size] = '\0'; } if (current != task) return -EACCES; args = value; args = strim(args); command = strsep(&args, "" ""); if (!args) return -EINVAL; args = skip_spaces(args); if (!*args) return -EINVAL; arg_size = size - (args - (char *) value); if (strcmp(name, ""current"") == 0) { if (strcmp(command, ""changehat"") == 0) { error = aa_setprocattr_changehat(args, arg_size, !AA_DO_TEST); } else if (strcmp(command, ""permhat"") == 0) { error = aa_setprocattr_changehat(args, arg_size, AA_DO_TEST); } else if (strcmp(command, ""changeprofile"") == 0) { error = aa_setprocattr_changeprofile(args, !AA_ONEXEC, !AA_DO_TEST); } else if (strcmp(command, ""permprofile"") == 0) { error = aa_setprocattr_changeprofile(args, !AA_ONEXEC, AA_DO_TEST); } else goto fail; } else if (strcmp(name, ""exec"") == 0) { if (strcmp(command, ""exec"") == 0) error = aa_setprocattr_changeprofile(args, AA_ONEXEC, !AA_DO_TEST); else goto fail; } else return -EINVAL; if (!error) error = size; return error; fail: sa.type = LSM_AUDIT_DATA_NONE; sa.aad = &aad; aad.profile = aa_current_profile(); aad.op = OP_SETPROCATTR; aad.info = name; aad.error = -EINVAL; aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL); return -EINVAL; }",visit repo url,security/apparmor/lsm.c,https://github.com/torvalds/linux,265518749379425,1 3727,CWE-369,"int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { int64_t infilesize, total_samples; DFFFileHeader dff_file_header; DFFChunkHeader dff_chunk_header; uint32_t bcount; infilesize = DoGetFileSize (infile); memcpy (&dff_file_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &dff_file_header) + 4, sizeof (DFFFileHeader) - 4, &bcount) || bcount != sizeof (DFFFileHeader) - 4) || strncmp (dff_file_header.formType, ""DSD "", 4)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &dff_file_header, sizeof (DFFFileHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } #if 1 WavpackBigEndianToNative (&dff_file_header, DFFFileHeaderFormat); if (infilesize && !(config->qmode & QMODE_IGNORE_LENGTH) && dff_file_header.ckDataSize && dff_file_header.ckDataSize + 1 && dff_file_header.ckDataSize + 12 != infilesize) { error_line (""%s is not a valid .DFF file (by total size)!"", infilename); return WAVPACK_SOFT_ERROR; } if (debug_logging_mode) error_line (""file header indicated length = %lld"", dff_file_header.ckDataSize); #endif while (1) { if (!DoReadFile (infile, &dff_chunk_header, sizeof (DFFChunkHeader), &bcount) || bcount != sizeof (DFFChunkHeader)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &dff_chunk_header, sizeof (DFFChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&dff_chunk_header, DFFChunkHeaderFormat); if (debug_logging_mode) error_line (""chunk header indicated length = %lld"", dff_chunk_header.ckDataSize); if (!strncmp (dff_chunk_header.ckID, ""FVER"", 4)) { uint32_t version; if (dff_chunk_header.ckDataSize != sizeof (version) || !DoReadFile (infile, &version, sizeof (version), &bcount) || bcount != sizeof (version)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &version, sizeof (version))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&version, ""L""); if (debug_logging_mode) error_line (""dsdiff file version = 0x%08x"", version); } else if (!strncmp (dff_chunk_header.ckID, ""PROP"", 4)) { char *prop_chunk; if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } if (debug_logging_mode) error_line (""got PROP chunk of %d bytes total"", (int) dff_chunk_header.ckDataSize); prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) || bcount != dff_chunk_header.ckDataSize) { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (prop_chunk); return WAVPACK_SOFT_ERROR; } if (!strncmp (prop_chunk, ""SND "", 4)) { char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize; uint16_t numChannels, chansSpecified, chanMask = 0; uint32_t sampleRate; while (eptr - cptr >= sizeof (dff_chunk_header)) { memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header)); cptr += sizeof (dff_chunk_header); WavpackBigEndianToNative (&dff_chunk_header, DFFChunkHeaderFormat); if (dff_chunk_header.ckDataSize > 0 && dff_chunk_header.ckDataSize <= eptr - cptr) { if (!strncmp (dff_chunk_header.ckID, ""FS "", 4) && dff_chunk_header.ckDataSize == 4) { memcpy (&sampleRate, cptr, sizeof (sampleRate)); WavpackBigEndianToNative (&sampleRate, ""L""); cptr += dff_chunk_header.ckDataSize; if (debug_logging_mode) error_line (""got sample rate of %u Hz"", sampleRate); } else if (!strncmp (dff_chunk_header.ckID, ""CHNL"", 4) && dff_chunk_header.ckDataSize >= 2) { memcpy (&numChannels, cptr, sizeof (numChannels)); WavpackBigEndianToNative (&numChannels, ""S""); cptr += sizeof (numChannels); chansSpecified = (int)(dff_chunk_header.ckDataSize - sizeof (numChannels)) / 4; if (numChannels < chansSpecified || numChannels < 1) { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } while (chansSpecified--) { if (!strncmp (cptr, ""SLFT"", 4) || !strncmp (cptr, ""MLFT"", 4)) chanMask |= 0x1; else if (!strncmp (cptr, ""SRGT"", 4) || !strncmp (cptr, ""MRGT"", 4)) chanMask |= 0x2; else if (!strncmp (cptr, ""LS "", 4)) chanMask |= 0x10; else if (!strncmp (cptr, ""RS "", 4)) chanMask |= 0x20; else if (!strncmp (cptr, ""C "", 4)) chanMask |= 0x4; else if (!strncmp (cptr, ""LFE "", 4)) chanMask |= 0x8; else if (debug_logging_mode) error_line (""undefined channel ID %c%c%c%c"", cptr [0], cptr [1], cptr [2], cptr [3]); cptr += 4; } if (debug_logging_mode) error_line (""%d channels, mask = 0x%08x"", numChannels, chanMask); } else if (!strncmp (dff_chunk_header.ckID, ""CMPR"", 4) && dff_chunk_header.ckDataSize >= 4) { if (strncmp (cptr, ""DSD "", 4)) { error_line (""DSDIFF files must be uncompressed, not \""%c%c%c%c\""!"", cptr [0], cptr [1], cptr [2], cptr [3]); free (prop_chunk); return WAVPACK_SOFT_ERROR; } cptr += dff_chunk_header.ckDataSize; } else { if (debug_logging_mode) error_line (""got PROP/SND chunk type \""%c%c%c%c\"" of %d bytes"", dff_chunk_header.ckID [0], dff_chunk_header.ckID [1], dff_chunk_header.ckID [2], dff_chunk_header.ckID [3], dff_chunk_header.ckDataSize); cptr += dff_chunk_header.ckDataSize; } } else { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } } if (chanMask && (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED))) { error_line (""this DSDIFF file already has channel order information!""); free (prop_chunk); return WAVPACK_SOFT_ERROR; } else if (chanMask) config->channel_mask = chanMask; config->bits_per_sample = 8; config->bytes_per_sample = 1; config->num_channels = numChannels; config->sample_rate = sampleRate / 8; config->qmode |= QMODE_DSD_MSB_FIRST; } else if (debug_logging_mode) error_line (""got unknown PROP chunk type \""%c%c%c%c\"" of %d bytes"", prop_chunk [0], prop_chunk [1], prop_chunk [2], prop_chunk [3], dff_chunk_header.ckDataSize); free (prop_chunk); } else if (!strncmp (dff_chunk_header.ckID, ""DSD "", 4)) { total_samples = dff_chunk_header.ckDataSize / config->num_channels; break; } else { int bytes_to_copy = (int)(((dff_chunk_header.ckDataSize) + 1) & ~(int64_t)1); char *buff; if (bytes_to_copy < 0 || bytes_to_copy > 4194304) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", dff_chunk_header.ckID [0], dff_chunk_header.ckID [1], dff_chunk_header.ckID [2], dff_chunk_header.ckID [3], dff_chunk_header.ckDataSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (debug_logging_mode) error_line (""setting configuration with %lld samples"", total_samples); if (!WavpackSetConfiguration64 (wpc, config, total_samples, NULL)) { error_line (""%s: %s"", infilename, WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } return WAVPACK_NO_ERROR; }",visit repo url,cli/dsdiff.c,https://github.com/dbry/WavPack,141854846556169,1 5990,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedreader_14BufferedReader_8position___get__(struct __pyx_obj_17clickhouse_driver_14bufferedreader_BufferedReader *__pyx_v_self) { PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; __Pyx_RefNannySetupContext(""__get__"", 0); __Pyx_XDECREF(__pyx_r); __pyx_t_1 = PyInt_FromSsize_t(__pyx_v_self->position); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 11, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_r = __pyx_t_1; __pyx_t_1 = 0; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.BufferedReader.position.__get__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,249958270887228,1 5897,CWE-22,"char *compose_path(ctrl_t *ctrl, char *path) { struct stat st; static char rpath[PATH_MAX]; char *name, *ptr; char dir[PATH_MAX] = { 0 }; strlcpy(dir, ctrl->cwd, sizeof(dir)); DBG(""Compose path from cwd: %s, arg: %s"", ctrl->cwd, path ?: """"); if (!path || !strlen(path)) goto check; if (path) { if (path[0] != '/') { if (dir[strlen(dir) - 1] != '/') strlcat(dir, ""/"", sizeof(dir)); } strlcat(dir, path, sizeof(dir)); } check: while ((ptr = strstr(dir, ""//""))) memmove(ptr, &ptr[1], strlen(&ptr[1]) + 1); if (!chrooted) { size_t len = strlen(home); DBG(""Server path from CWD: %s"", dir); if (len > 0 && home[len - 1] == '/') len--; memmove(dir + len, dir, strlen(dir) + 1); memcpy(dir, home, len); DBG(""Resulting non-chroot path: %s"", dir); } if (!stat(dir, &st) && S_ISDIR(st.st_mode)) { if (!realpath(dir, rpath)) return NULL; } else { name = basename(path); ptr = dirname(dir); memset(rpath, 0, sizeof(rpath)); if (!realpath(ptr, rpath)) { INFO(""Failed realpath(%s): %m"", ptr); return NULL; } if (rpath[1] != 0) strlcat(rpath, ""/"", sizeof(rpath)); strlcat(rpath, name, sizeof(rpath)); } if (!chrooted && strncmp(dir, home, strlen(home))) { DBG(""Failed non-chroot dir:%s vs home:%s"", dir, home); return NULL; } return rpath; }",visit repo url,src/common.c,https://github.com/troglobit/uftpd,125585818723698,1 4848,CWE-119,"static int read_private_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; const sc_acl_entry_t *e; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I0012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select private key file: %s\n"", sc_strerror(r)); return 2; } e = sc_file_get_acl_entry(file, SC_AC_OP_READ); if (e == NULL || e->method == SC_AC_NEVER) return 10; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read private key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_private_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,178422530736789,1 1811,CWE-415,"static int netlink_dump(struct sock *sk) { struct netlink_sock *nlk = nlk_sk(sk); struct netlink_callback *cb; struct sk_buff *skb = NULL; struct nlmsghdr *nlh; int len, err = -ENOBUFS; int alloc_min_size; int alloc_size; mutex_lock(nlk->cb_mutex); if (!nlk->cb_running) { err = -EINVAL; goto errout_skb; } if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) goto errout_skb; cb = &nlk->cb; alloc_min_size = max_t(int, cb->min_dump_alloc, NLMSG_GOODSIZE); if (alloc_min_size < nlk->max_recvmsg_len) { alloc_size = nlk->max_recvmsg_len; skb = alloc_skb(alloc_size, GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY); } if (!skb) { alloc_size = alloc_min_size; skb = alloc_skb(alloc_size, GFP_KERNEL); } if (!skb) goto errout_skb; skb_reserve(skb, skb_tailroom(skb) - alloc_size); netlink_skb_set_owner_r(skb, sk); len = cb->dump(skb, cb); if (len > 0) { mutex_unlock(nlk->cb_mutex); if (sk_filter(sk, skb)) kfree_skb(skb); else __netlink_sendskb(sk, skb); return 0; } nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI); if (!nlh) goto errout_skb; nl_dump_check_consistent(cb, nlh); memcpy(nlmsg_data(nlh), &len, sizeof(len)); if (sk_filter(sk, skb)) kfree_skb(skb); else __netlink_sendskb(sk, skb); if (cb->done) cb->done(cb); nlk->cb_running = false; mutex_unlock(nlk->cb_mutex); module_put(cb->module); consume_skb(cb->skb); return 0; errout_skb: mutex_unlock(nlk->cb_mutex); kfree_skb(skb); return err; }",visit repo url,net/netlink/af_netlink.c,https://github.com/torvalds/linux,250395124583955,1 1938,['CWE-20'],"static int __init gate_vma_init(void) { gate_vma.vm_mm = NULL; gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; gate_vma.vm_page_prot = __P101; gate_vma.vm_flags |= VM_ALWAYSDUMP; return 0; }",linux-2.6,,,5986039777819799244835268408927902313,0 1152,CWE-189,"SYSCALL_DEFINE2(osf_getdomainname, char __user *, name, int, namelen) { unsigned len; int i; if (!access_ok(VERIFY_WRITE, name, namelen)) return -EFAULT; len = namelen; if (namelen > 32) len = 32; down_read(&uts_sem); for (i = 0; i < len; ++i) { __put_user(utsname()->domainname[i], name + i); if (utsname()->domainname[i] == '\0') break; } up_read(&uts_sem); return 0; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,211716187258866,1 241,[],"static inline int fat_get_entry(struct inode *dir, loff_t *pos, struct buffer_head **bh, struct msdos_dir_entry **de) { if (*bh && *de && (*de - (struct msdos_dir_entry *)(*bh)->b_data) < MSDOS_SB(dir->i_sb)->dir_per_block - 1) { *pos += sizeof(struct msdos_dir_entry); (*de)++; return 0; } return fat__get_entry(dir, pos, bh, de); }",linux-2.6,,,148603442242144611784644048800988870839,0 6575,['CWE-200'],"system_pk_result_changed_cb (PolKitGnomeAction *gnome_action, PolKitResult result, ActionInfo *info) { gtk_widget_set_sensitive (info->button, check_sensitivity (info, result)); }",network-manager-applet,,,333285683702746487329959252975649883541,0 2581,[],"static int grep_object(struct grep_opt *opt, const char **paths, struct object *obj, const char *name) { if (obj->type == OBJ_BLOB) return grep_sha1(opt, obj->sha1, name, 0); if (obj->type == OBJ_COMMIT || obj->type == OBJ_TREE) { struct tree_desc tree; void *data; unsigned long size; int hit; data = read_object_with_reference(obj->sha1, tree_type, &size, NULL); if (!data) die(""unable to read tree (%s)"", sha1_to_hex(obj->sha1)); init_tree_desc(&tree, data, size); hit = grep_tree(opt, paths, &tree, name, """"); free(data); return hit; } die(""unable to grep from object of type %s"", typename(obj->type)); }",git,,,6941939086032129917228591415220635945,0 6099,['CWE-200'],"cbq_leaf(struct Qdisc *sch, unsigned long arg) { struct cbq_class *cl = (struct cbq_class*)arg; return cl ? cl->q : NULL; }",linux-2.6,,,93372547001999726404983323253708407965,0 1289,CWE-189,"static void nfs4_xdr_enc_getacl(struct rpc_rqst *req, struct xdr_stream *xdr, struct nfs_getaclargs *args) { struct compound_hdr hdr = { .minorversion = nfs4_xdr_minorversion(&args->seq_args), }; uint32_t replen; encode_compound_hdr(xdr, req, &hdr); encode_sequence(xdr, &args->seq_args, &hdr); encode_putfh(xdr, args->fh, &hdr); replen = hdr.replen + op_decode_hdr_maxsz + nfs4_fattr_bitmap_maxsz + 1; encode_getattr_two(xdr, FATTR4_WORD0_ACL, 0, &hdr); xdr_inline_pages(&req->rq_rcv_buf, replen << 2, args->acl_pages, args->acl_pgbase, args->acl_len); encode_nops(&hdr); }",visit repo url,fs/nfs/nfs4xdr.c,https://github.com/torvalds/linux,117532312414974,1 1174,CWE-400,"asmlinkage void do_ade(struct pt_regs *regs) { unsigned int __user *pc; mm_segment_t seg; perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, 0, regs, regs->cp0_badvaddr); if ((regs->cp0_badvaddr == regs->cp0_epc) || (regs->cp0_epc & 0x1)) goto sigbus; pc = (unsigned int __user *) exception_epc(regs); if (user_mode(regs) && !test_thread_flag(TIF_FIXADE)) goto sigbus; if (unaligned_action == UNALIGNED_ACTION_SIGNAL) goto sigbus; else if (unaligned_action == UNALIGNED_ACTION_SHOW) show_registers(regs); seg = get_fs(); if (!user_mode(regs)) set_fs(KERNEL_DS); emulate_load_store_insn(regs, (void __user *)regs->cp0_badvaddr, pc); set_fs(seg); return; sigbus: die_if_kernel(""Kernel unaligned instruction access"", regs); force_sig(SIGBUS, current); }",visit repo url,arch/mips/kernel/unaligned.c,https://github.com/torvalds/linux,123272126156027,1 2575,[],"static struct attr_stack *read_attr_from_file(const char *path, int macro_ok) { FILE *fp = fopen(path, ""r""); struct attr_stack *res; char buf[2048]; int lineno = 0; if (!fp) return NULL; res = xcalloc(1, sizeof(*res)); while (fgets(buf, sizeof(buf), fp)) handle_attr_line(res, buf, path, ++lineno, macro_ok); fclose(fp); return res; }",git,,,187629913790055004659407421025726134987,0 1904,CWE-416,"struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local) { kref_get(&local->ref); return local; }",visit repo url,net/nfc/llcp_core.c,https://github.com/torvalds/linux,113494207151707,1 6285,['CWE-200'],"int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { struct neigh_table *tbl; struct ndtmsg *ndtmsg = NLMSG_DATA(nlh); struct rtattr **tb = arg; int err = -EINVAL; if (!tb[NDTA_NAME - 1] || !RTA_PAYLOAD(tb[NDTA_NAME - 1])) return -EINVAL; read_lock(&neigh_tbl_lock); for (tbl = neigh_tables; tbl; tbl = tbl->next) { if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) continue; if (!rtattr_strcmp(tb[NDTA_NAME - 1], tbl->id)) break; } if (tbl == NULL) { err = -ENOENT; goto errout; } write_lock_bh(&tbl->lock); if (tb[NDTA_THRESH1 - 1]) tbl->gc_thresh1 = RTA_GET_U32(tb[NDTA_THRESH1 - 1]); if (tb[NDTA_THRESH2 - 1]) tbl->gc_thresh2 = RTA_GET_U32(tb[NDTA_THRESH2 - 1]); if (tb[NDTA_THRESH3 - 1]) tbl->gc_thresh3 = RTA_GET_U32(tb[NDTA_THRESH3 - 1]); if (tb[NDTA_GC_INTERVAL - 1]) tbl->gc_interval = RTA_GET_MSECS(tb[NDTA_GC_INTERVAL - 1]); if (tb[NDTA_PARMS - 1]) { struct rtattr *tbp[NDTPA_MAX]; struct neigh_parms *p; u32 ifindex = 0; if (rtattr_parse_nested(tbp, NDTPA_MAX, tb[NDTA_PARMS - 1]) < 0) goto rtattr_failure; if (tbp[NDTPA_IFINDEX - 1]) ifindex = RTA_GET_U32(tbp[NDTPA_IFINDEX - 1]); p = lookup_neigh_params(tbl, ifindex); if (p == NULL) { err = -ENOENT; goto rtattr_failure; } if (tbp[NDTPA_QUEUE_LEN - 1]) p->queue_len = RTA_GET_U32(tbp[NDTPA_QUEUE_LEN - 1]); if (tbp[NDTPA_PROXY_QLEN - 1]) p->proxy_qlen = RTA_GET_U32(tbp[NDTPA_PROXY_QLEN - 1]); if (tbp[NDTPA_APP_PROBES - 1]) p->app_probes = RTA_GET_U32(tbp[NDTPA_APP_PROBES - 1]); if (tbp[NDTPA_UCAST_PROBES - 1]) p->ucast_probes = RTA_GET_U32(tbp[NDTPA_UCAST_PROBES - 1]); if (tbp[NDTPA_MCAST_PROBES - 1]) p->mcast_probes = RTA_GET_U32(tbp[NDTPA_MCAST_PROBES - 1]); if (tbp[NDTPA_BASE_REACHABLE_TIME - 1]) p->base_reachable_time = RTA_GET_MSECS(tbp[NDTPA_BASE_REACHABLE_TIME - 1]); if (tbp[NDTPA_GC_STALETIME - 1]) p->gc_staletime = RTA_GET_MSECS(tbp[NDTPA_GC_STALETIME - 1]); if (tbp[NDTPA_DELAY_PROBE_TIME - 1]) p->delay_probe_time = RTA_GET_MSECS(tbp[NDTPA_DELAY_PROBE_TIME - 1]); if (tbp[NDTPA_RETRANS_TIME - 1]) p->retrans_time = RTA_GET_MSECS(tbp[NDTPA_RETRANS_TIME - 1]); if (tbp[NDTPA_ANYCAST_DELAY - 1]) p->anycast_delay = RTA_GET_MSECS(tbp[NDTPA_ANYCAST_DELAY - 1]); if (tbp[NDTPA_PROXY_DELAY - 1]) p->proxy_delay = RTA_GET_MSECS(tbp[NDTPA_PROXY_DELAY - 1]); if (tbp[NDTPA_LOCKTIME - 1]) p->locktime = RTA_GET_MSECS(tbp[NDTPA_LOCKTIME - 1]); } err = 0; rtattr_failure: write_unlock_bh(&tbl->lock); errout: read_unlock(&neigh_tbl_lock); return err; }",linux-2.6,,,331053750326453218805079429560233086638,0 104,CWE-617,"s4u_identify_user(krb5_context context, krb5_creds *in_creds, krb5_data *subject_cert, krb5_principal *canon_user) { krb5_error_code code; krb5_preauthtype ptypes[1] = { KRB5_PADATA_S4U_X509_USER }; krb5_creds creds; int use_master = 0; krb5_get_init_creds_opt *opts = NULL; krb5_principal_data client; krb5_s4u_userid userid; *canon_user = NULL; if (in_creds->client == NULL && subject_cert == NULL) { return EINVAL; } if (in_creds->client != NULL && in_creds->client->type != KRB5_NT_ENTERPRISE_PRINCIPAL) { int anonymous; anonymous = krb5_principal_compare(context, in_creds->client, krb5_anonymous_principal()); return krb5_copy_principal(context, anonymous ? in_creds->server : in_creds->client, canon_user); } memset(&creds, 0, sizeof(creds)); memset(&userid, 0, sizeof(userid)); if (subject_cert != NULL) userid.subject_cert = *subject_cert; code = krb5_get_init_creds_opt_alloc(context, &opts); if (code != 0) goto cleanup; krb5_get_init_creds_opt_set_tkt_life(opts, 15); krb5_get_init_creds_opt_set_renew_life(opts, 0); krb5_get_init_creds_opt_set_forwardable(opts, 0); krb5_get_init_creds_opt_set_proxiable(opts, 0); krb5_get_init_creds_opt_set_canonicalize(opts, 1); krb5_get_init_creds_opt_set_preauth_list(opts, ptypes, 1); if (in_creds->client != NULL) { client = *in_creds->client; client.realm = in_creds->server->realm; } else { client.magic = KV5M_PRINCIPAL; client.realm = in_creds->server->realm; client.data = NULL; client.length = 0; client.type = KRB5_NT_ENTERPRISE_PRINCIPAL; } code = k5_get_init_creds(context, &creds, &client, NULL, NULL, 0, NULL, opts, krb5_get_as_key_noop, &userid, &use_master, NULL); if (code == 0 || code == KRB5_PREAUTH_FAILED) { *canon_user = userid.user; userid.user = NULL; code = 0; } cleanup: krb5_free_cred_contents(context, &creds); if (opts != NULL) krb5_get_init_creds_opt_free(context, opts); if (userid.user != NULL) krb5_free_principal(context, userid.user); return code; }",visit repo url,src/lib/krb5/krb/s4u_creds.c,https://github.com/krb5/krb5,228809527514459,1 6337,['CWE-200'],"int tcf_action_exec(struct sk_buff *skb, struct tc_action *act, struct tcf_result *res) { struct tc_action *a; int ret = -1; if (skb->tc_verd & TC_NCLS) { skb->tc_verd = CLR_TC_NCLS(skb->tc_verd); D2PRINTK(""(%p)tcf_action_exec: cleared TC_NCLS in %s out %s\n"", skb, skb->input_dev ? skb->input_dev->name : ""xxx"", skb->dev->name); ret = TC_ACT_OK; goto exec_done; } while ((a = act) != NULL) { repeat: if (a->ops && a->ops->act) { ret = a->ops->act(&skb, a); if (TC_MUNGED & skb->tc_verd) { skb->tc_verd = SET_TC_OK2MUNGE(skb->tc_verd); skb->tc_verd = CLR_TC_MUNGED(skb->tc_verd); } if (ret == TC_ACT_REPEAT) goto repeat; if (ret != TC_ACT_PIPE) goto exec_done; } act = a->next; } exec_done: if (skb->tc_classid > 0) { res->classid = skb->tc_classid; res->class = 0; skb->tc_classid = 0; } return ret; }",linux-2.6,,,123764204150066637079616850029764420851,0 6021,['CWE-200'],"static int addrconf_sysctl_forward_strategy(ctl_table *table, int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp, void __user *newval, size_t newlen, void **context) { int *valp = table->data; int new; if (!newval || !newlen) return 0; if (newlen != sizeof(int)) return -EINVAL; if (get_user(new, (int __user *)newval)) return -EFAULT; if (new == *valp) return 0; if (oldval && oldlenp) { size_t len; if (get_user(len, oldlenp)) return -EFAULT; if (len) { if (len > table->maxlen) len = table->maxlen; if (copy_to_user(oldval, valp, len)) return -EFAULT; if (put_user(len, oldlenp)) return -EFAULT; } } if (valp != &ipv6_devconf_dflt.forwarding) { if (valp != &ipv6_devconf.forwarding) { struct inet6_dev *idev = (struct inet6_dev *)table->extra1; int changed; if (unlikely(idev == NULL)) return -ENODEV; changed = (!*valp) ^ (!new); *valp = new; if (changed) dev_forward_change(idev); } else { *valp = new; addrconf_forward_change(); } if (*valp) rt6_purge_dflt_routers(); } else *valp = new; return 1; }",linux-2.6,,,244606706466394543239016823445742038962,0 2364,['CWE-200'],"snd_seq_oss_synth_reset(struct seq_oss_devinfo *dp, int dev) { struct seq_oss_synth *rec; struct seq_oss_synthinfo *info; snd_assert(dev >= 0 && dev < dp->max_synthdev, return); info = &dp->synths[dev]; if (! info->opened) return; if (info->sysex) info->sysex->len = 0; reset_channels(info); if (info->is_midi) { if (midi_synth_dev.opened <= 0) return; snd_seq_oss_midi_reset(dp, info->midi_mapped); snd_seq_oss_midi_close(dp, dev); if (snd_seq_oss_midi_open(dp, info->midi_mapped, dp->file_mode) < 0) { midi_synth_dev.opened--; info->opened = 0; kfree(info->sysex); info->sysex = NULL; kfree(info->ch); info->ch = NULL; } return; } rec = get_sdev(dev); if (rec == NULL) return; if (rec->oper.reset) { rec->oper.reset(&info->arg); } else { struct snd_seq_event ev; memset(&ev, 0, sizeof(ev)); snd_seq_oss_fill_addr(dp, &ev, info->arg.addr.client, info->arg.addr.port); ev.type = SNDRV_SEQ_EVENT_RESET; snd_seq_oss_dispatch(dp, &ev, 0, 0); } snd_use_lock_free(&rec->use_lock); }",linux-2.6,,,103261070040900241088625940512845872143,0 650,[],"int inet_dccp_listen(struct socket *sock, int backlog) { struct sock *sk = sock->sk; unsigned char old_state; int err; lock_sock(sk); err = -EINVAL; if (sock->state != SS_UNCONNECTED || sock->type != SOCK_DCCP) goto out; old_state = sk->sk_state; if (!((1 << old_state) & (DCCPF_CLOSED | DCCPF_LISTEN))) goto out; if (old_state != DCCP_LISTEN) { err = dccp_listen_start(sk, backlog); if (err) goto out; } sk->sk_max_ack_backlog = backlog; err = 0; out: release_sock(sk); return err; }",linux-2.6,,,178477904315712703845155107449579218020,0 4464,CWE-125,"start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) { ppm_source_ptr source = (ppm_source_ptr)sinfo; int c; unsigned int w, h, maxval; boolean need_iobuffer, use_raw_buffer, need_rescale; if (getc(source->pub.input_file) != 'P') ERREXIT(cinfo, JERR_PPM_NOT); c = getc(source->pub.input_file); switch (c) { case '2': case '3': case '5': case '6': break; default: ERREXIT(cinfo, JERR_PPM_NOT); break; } w = read_pbm_integer(cinfo, source->pub.input_file, 65535); h = read_pbm_integer(cinfo, source->pub.input_file, 65535); maxval = read_pbm_integer(cinfo, source->pub.input_file, 65535); if (w <= 0 || h <= 0 || maxval <= 0) ERREXIT(cinfo, JERR_PPM_NOT); cinfo->data_precision = BITS_IN_JSAMPLE; cinfo->image_width = (JDIMENSION)w; cinfo->image_height = (JDIMENSION)h; source->maxval = maxval; need_iobuffer = TRUE; use_raw_buffer = FALSE; need_rescale = TRUE; switch (c) { case '2': if (cinfo->in_color_space == JCS_UNKNOWN) cinfo->in_color_space = JCS_GRAYSCALE; TRACEMS2(cinfo, 1, JTRC_PGM_TEXT, w, h); if (cinfo->in_color_space == JCS_GRAYSCALE) source->pub.get_pixel_rows = get_text_gray_row; else if (IsExtRGB(cinfo->in_color_space)) source->pub.get_pixel_rows = get_text_gray_rgb_row; else if (cinfo->in_color_space == JCS_CMYK) source->pub.get_pixel_rows = get_text_gray_cmyk_row; else ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE); need_iobuffer = FALSE; break; case '3': if (cinfo->in_color_space == JCS_UNKNOWN) cinfo->in_color_space = JCS_EXT_RGB; TRACEMS2(cinfo, 1, JTRC_PPM_TEXT, w, h); if (IsExtRGB(cinfo->in_color_space)) source->pub.get_pixel_rows = get_text_rgb_row; else if (cinfo->in_color_space == JCS_CMYK) source->pub.get_pixel_rows = get_text_rgb_cmyk_row; else ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE); need_iobuffer = FALSE; break; case '5': if (cinfo->in_color_space == JCS_UNKNOWN) cinfo->in_color_space = JCS_GRAYSCALE; TRACEMS2(cinfo, 1, JTRC_PGM, w, h); if (maxval > 255) { source->pub.get_pixel_rows = get_word_gray_row; } else if (maxval == MAXJSAMPLE && sizeof(JSAMPLE) == sizeof(U_CHAR) && cinfo->in_color_space == JCS_GRAYSCALE) { source->pub.get_pixel_rows = get_raw_row; use_raw_buffer = TRUE; need_rescale = FALSE; } else { if (cinfo->in_color_space == JCS_GRAYSCALE) source->pub.get_pixel_rows = get_scaled_gray_row; else if (IsExtRGB(cinfo->in_color_space)) source->pub.get_pixel_rows = get_gray_rgb_row; else if (cinfo->in_color_space == JCS_CMYK) source->pub.get_pixel_rows = get_gray_cmyk_row; else ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE); } break; case '6': if (cinfo->in_color_space == JCS_UNKNOWN) cinfo->in_color_space = JCS_EXT_RGB; TRACEMS2(cinfo, 1, JTRC_PPM, w, h); if (maxval > 255) { source->pub.get_pixel_rows = get_word_rgb_row; } else if (maxval == MAXJSAMPLE && sizeof(JSAMPLE) == sizeof(U_CHAR) && (cinfo->in_color_space == JCS_EXT_RGB #if RGB_RED == 0 && RGB_GREEN == 1 && RGB_BLUE == 2 && RGB_PIXELSIZE == 3 || cinfo->in_color_space == JCS_RGB #endif )) { source->pub.get_pixel_rows = get_raw_row; use_raw_buffer = TRUE; need_rescale = FALSE; } else { if (IsExtRGB(cinfo->in_color_space)) source->pub.get_pixel_rows = get_rgb_row; else if (cinfo->in_color_space == JCS_CMYK) source->pub.get_pixel_rows = get_rgb_cmyk_row; else ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE); } break; } if (IsExtRGB(cinfo->in_color_space)) cinfo->input_components = rgb_pixelsize[cinfo->in_color_space]; else if (cinfo->in_color_space == JCS_GRAYSCALE) cinfo->input_components = 1; else if (cinfo->in_color_space == JCS_CMYK) cinfo->input_components = 4; if (need_iobuffer) { if (c == '6') source->buffer_width = (size_t)w * 3 * ((maxval <= 255) ? sizeof(U_CHAR) : (2 * sizeof(U_CHAR))); else source->buffer_width = (size_t)w * ((maxval <= 255) ? sizeof(U_CHAR) : (2 * sizeof(U_CHAR))); source->iobuffer = (U_CHAR *) (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, source->buffer_width); } if (use_raw_buffer) { source->pixrow = (JSAMPROW)source->iobuffer; source->pub.buffer = &source->pixrow; source->pub.buffer_height = 1; } else { source->pub.buffer = (*cinfo->mem->alloc_sarray) ((j_common_ptr)cinfo, JPOOL_IMAGE, (JDIMENSION)w * cinfo->input_components, (JDIMENSION)1); source->pub.buffer_height = 1; } if (need_rescale) { long val, half_maxval; source->rescale = (JSAMPLE *) (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, (size_t)(((long)maxval + 1L) * sizeof(JSAMPLE))); half_maxval = maxval / 2; for (val = 0; val <= (long)maxval; val++) { source->rescale[val] = (JSAMPLE)((val * MAXJSAMPLE + half_maxval) / maxval); } } }",visit repo url,rdppm.c,https://github.com/libjpeg-turbo/libjpeg-turbo,239535447276594,1 1482,CWE-264,"void perf_event_disable(struct perf_event *event) { struct perf_event_context *ctx = event->ctx; struct task_struct *task = ctx->task; if (!task) { cpu_function_call(event->cpu, __perf_event_disable, event); return; } retry: if (!task_function_call(task, __perf_event_disable, event)) return; raw_spin_lock_irq(&ctx->lock); if (event->state == PERF_EVENT_STATE_ACTIVE) { raw_spin_unlock_irq(&ctx->lock); task = ctx->task; goto retry; } if (event->state == PERF_EVENT_STATE_INACTIVE) { update_group_times(event); event->state = PERF_EVENT_STATE_OFF; } raw_spin_unlock_irq(&ctx->lock); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,13429183114201,1 2291,['CWE-120'],"static int path_lookup_create(int dfd, const char *name, unsigned int lookup_flags, struct nameidata *nd, int open_flags, int create_mode) { return __path_lookup_intent_open(dfd, name, lookup_flags|LOOKUP_CREATE, nd, open_flags, create_mode); }",linux-2.6,,,292431338926122803641379173805021508797,0 1869,CWE-787,"static void set_ntacl_dacl(struct user_namespace *user_ns, struct smb_acl *pndacl, struct smb_acl *nt_dacl, const struct smb_sid *pownersid, const struct smb_sid *pgrpsid, struct smb_fattr *fattr) { struct smb_ace *ntace, *pndace; int nt_num_aces = le32_to_cpu(nt_dacl->num_aces), num_aces = 0; unsigned short size = 0; int i; pndace = (struct smb_ace *)((char *)pndacl + sizeof(struct smb_acl)); if (nt_num_aces) { ntace = (struct smb_ace *)((char *)nt_dacl + sizeof(struct smb_acl)); for (i = 0; i < nt_num_aces; i++) { memcpy((char *)pndace + size, ntace, le16_to_cpu(ntace->size)); size += le16_to_cpu(ntace->size); ntace = (struct smb_ace *)((char *)ntace + le16_to_cpu(ntace->size)); num_aces++; } } set_posix_acl_entries_dacl(user_ns, pndace, fattr, &num_aces, &size, nt_num_aces); pndacl->num_aces = cpu_to_le32(num_aces); pndacl->size = cpu_to_le16(le16_to_cpu(pndacl->size) + size); }",visit repo url,fs/ksmbd/smbacl.c,https://github.com/torvalds/linux,262480442121462,1 5156,CWE-125,"ast_for_expr_stmt(struct compiling *c, const node *n) { REQ(n, expr_stmt); if (NCH(n) == 1) { expr_ty e = ast_for_testlist(c, CHILD(n, 0)); if (!e) return NULL; return Expr(e, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else if (TYPE(CHILD(n, 1)) == augassign) { expr_ty expr1, expr2; operator_ty newoperator; node *ch = CHILD(n, 0); expr1 = ast_for_testlist(c, ch); if (!expr1) return NULL; if(!set_context(c, expr1, Store, ch)) return NULL; switch (expr1->kind) { case Name_kind: case Attribute_kind: case Subscript_kind: break; default: ast_error(c, ch, ""illegal expression for augmented assignment""); return NULL; } ch = CHILD(n, 2); if (TYPE(ch) == testlist) expr2 = ast_for_testlist(c, ch); else expr2 = ast_for_expr(c, ch); if (!expr2) return NULL; newoperator = ast_for_augassign(c, CHILD(n, 1)); if (!newoperator) return NULL; return AugAssign(expr1, newoperator, expr2, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else if (TYPE(CHILD(n, 1)) == annassign) { expr_ty expr1, expr2, expr3; node *ch = CHILD(n, 0); node *deep, *ann = CHILD(n, 1); int simple = 1; deep = ch; while (NCH(deep) == 1) { deep = CHILD(deep, 0); } if (NCH(deep) > 0 && TYPE(CHILD(deep, 0)) == LPAR) { simple = 0; } expr1 = ast_for_testlist(c, ch); if (!expr1) { return NULL; } switch (expr1->kind) { case Name_kind: if (forbidden_name(c, expr1->v.Name.id, n, 0)) { return NULL; } expr1->v.Name.ctx = Store; break; case Attribute_kind: if (forbidden_name(c, expr1->v.Attribute.attr, n, 1)) { return NULL; } expr1->v.Attribute.ctx = Store; break; case Subscript_kind: expr1->v.Subscript.ctx = Store; break; case List_kind: ast_error(c, ch, ""only single target (not list) can be annotated""); return NULL; case Tuple_kind: ast_error(c, ch, ""only single target (not tuple) can be annotated""); return NULL; default: ast_error(c, ch, ""illegal target for annotation""); return NULL; } if (expr1->kind != Name_kind) { simple = 0; } ch = CHILD(ann, 1); expr2 = ast_for_expr(c, ch); if (!expr2) { return NULL; } if (NCH(ann) == 2) { return AnnAssign(expr1, expr2, NULL, simple, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else { ch = CHILD(ann, 3); if (TYPE(ch) == testlist) { expr3 = ast_for_testlist(c, ch); } else { expr3 = ast_for_expr(c, ch); } if (!expr3) { return NULL; } return AnnAssign(expr1, expr2, expr3, simple, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } } else { int i; asdl_seq *targets; node *value; expr_ty expression; REQ(CHILD(n, 1), EQUAL); targets = _Py_asdl_seq_new(NCH(n) / 2, c->c_arena); if (!targets) return NULL; for (i = 0; i < NCH(n) - 2; i += 2) { expr_ty e; node *ch = CHILD(n, i); if (TYPE(ch) == yield_expr) { ast_error(c, ch, ""assignment to yield expression not possible""); return NULL; } e = ast_for_testlist(c, ch); if (!e) return NULL; if (!set_context(c, e, Store, CHILD(n, i))) return NULL; asdl_seq_SET(targets, i / 2, e); } value = CHILD(n, NCH(n) - 1); if (TYPE(value) == testlist_star_expr) expression = ast_for_testlist(c, value); else expression = ast_for_expr(c, value); if (!expression) return NULL; return Assign(targets, expression, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } }",visit repo url,Python/ast.c,https://github.com/python/cpython,51199671006440,1 6648,CWE-416,"static void binder_deferred_fd_close(int fd) { struct binder_task_work_cb *twcb; twcb = kzalloc(sizeof(*twcb), GFP_KERNEL); if (!twcb) return; init_task_work(&twcb->twork, binder_do_fd_close); __close_fd_get_file(fd, &twcb->file); if (twcb->file) task_work_add(current, &twcb->twork, TWA_RESUME); else kfree(twcb); }",visit repo url,drivers/android/binder.c,https://github.com/oracle/linux-uek,50845838622498,1 2160,CWE-401,"int genl_register_family(struct genl_family *family) { int err, i; int start = GENL_START_ALLOC, end = GENL_MAX_ID; err = genl_validate_ops(family); if (err) return err; genl_lock_all(); if (genl_family_find_byname(family->name)) { err = -EEXIST; goto errout_locked; } if (family == &genl_ctrl) { start = end = GENL_ID_CTRL; } else if (strcmp(family->name, ""pmcraid"") == 0) { start = end = GENL_ID_PMCRAID; } else if (strcmp(family->name, ""VFS_DQUOT"") == 0) { start = end = GENL_ID_VFS_DQUOT; } if (family->maxattr && !family->parallel_ops) { family->attrbuf = kmalloc_array(family->maxattr + 1, sizeof(struct nlattr *), GFP_KERNEL); if (family->attrbuf == NULL) { err = -ENOMEM; goto errout_locked; } } else family->attrbuf = NULL; family->id = idr_alloc(&genl_fam_idr, family, start, end + 1, GFP_KERNEL); if (family->id < 0) { err = family->id; goto errout_locked; } err = genl_validate_assign_mc_groups(family); if (err) goto errout_remove; genl_unlock_all(); genl_ctrl_event(CTRL_CMD_NEWFAMILY, family, NULL, 0); for (i = 0; i < family->n_mcgrps; i++) genl_ctrl_event(CTRL_CMD_NEWMCAST_GRP, family, &family->mcgrps[i], family->mcgrp_offset + i); return 0; errout_remove: idr_remove(&genl_fam_idr, family->id); kfree(family->attrbuf); errout_locked: genl_unlock_all(); return err; }",visit repo url,net/netlink/genetlink.c,https://github.com/torvalds/linux,21703338310279,1 2327,['CWE-120'],"asmlinkage long sys_link(const char __user *oldname, const char __user *newname) { return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0); }",linux-2.6,,,116976157086223505740698228929548270007,0 5762,['CWE-200'],"int rosecmpm(rose_address *addr1, rose_address *addr2, unsigned short mask) { unsigned int i, j; if (mask > 10) return 1; for (i = 0; i < mask; i++) { j = i / 2; if ((i % 2) != 0) { if ((addr1->rose_addr[j] & 0x0F) != (addr2->rose_addr[j] & 0x0F)) return 1; } else { if ((addr1->rose_addr[j] & 0xF0) != (addr2->rose_addr[j] & 0xF0)) return 1; } } return 0; }",linux-2.6,,,249174581242216757989976769614663954881,0 1982,['CWE-20'],"asmlinkage long sys_move_pages(pid_t pid, unsigned long nr_pages, const void __user * __user *pages, const int __user *nodes, int __user *status, int flags) { int err = 0; int i; struct task_struct *task; nodemask_t task_nodes; struct mm_struct *mm; struct page_to_node *pm = NULL; if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL)) return -EINVAL; if ((flags & MPOL_MF_MOVE_ALL) && !capable(CAP_SYS_NICE)) return -EPERM; read_lock(&tasklist_lock); task = pid ? find_task_by_vpid(pid) : current; if (!task) { read_unlock(&tasklist_lock); return -ESRCH; } mm = get_task_mm(task); read_unlock(&tasklist_lock); if (!mm) return -EINVAL; if ((current->euid != task->suid) && (current->euid != task->uid) && (current->uid != task->suid) && (current->uid != task->uid) && !capable(CAP_SYS_NICE)) { err = -EPERM; goto out2; } err = security_task_movememory(task); if (err) goto out2; task_nodes = cpuset_mems_allowed(task); if (nr_pages >= ULONG_MAX / sizeof(struct page_to_node) - 1) { err = -E2BIG; goto out2; } pm = vmalloc((nr_pages + 1) * sizeof(struct page_to_node)); if (!pm) { err = -ENOMEM; goto out2; } for (i = 0; i < nr_pages; i++) { const void __user *p; err = -EFAULT; if (get_user(p, pages + i)) goto out; pm[i].addr = (unsigned long)p; if (nodes) { int node; if (get_user(node, nodes + i)) goto out; err = -ENODEV; if (!node_state(node, N_HIGH_MEMORY)) goto out; err = -EACCES; if (!node_isset(node, task_nodes)) goto out; pm[i].node = node; } else pm[i].node = 0; } pm[nr_pages].node = MAX_NUMNODES; if (nodes) err = do_move_pages(mm, pm, flags & MPOL_MF_MOVE_ALL); else err = do_pages_stat(mm, pm); if (err >= 0) for (i = 0; i < nr_pages; i++) if (put_user(pm[i].status, status + i)) err = -EFAULT; out: vfree(pm); out2: mmput(mm); return err; }",linux-2.6,,,128877149430182686654629999771807532689,0 203,CWE-119,"static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg) { struct hid_device *hid = hiddev->hid; struct hiddev_report_info rinfo; struct hiddev_usage_ref_multi *uref_multi = NULL; struct hiddev_usage_ref *uref; struct hid_report *report; struct hid_field *field; int i; uref_multi = kmalloc(sizeof(struct hiddev_usage_ref_multi), GFP_KERNEL); if (!uref_multi) return -ENOMEM; uref = &uref_multi->uref; if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) { if (copy_from_user(uref_multi, user_arg, sizeof(*uref_multi))) goto fault; } else { if (copy_from_user(uref, user_arg, sizeof(*uref))) goto fault; } switch (cmd) { case HIDIOCGUCODE: rinfo.report_type = uref->report_type; rinfo.report_id = uref->report_id; if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL) goto inval; if (uref->field_index >= report->maxfield) goto inval; field = report->field[uref->field_index]; if (uref->usage_index >= field->maxusage) goto inval; uref->usage_code = field->usage[uref->usage_index].hid; if (copy_to_user(user_arg, uref, sizeof(*uref))) goto fault; goto goodreturn; default: if (cmd != HIDIOCGUSAGE && cmd != HIDIOCGUSAGES && uref->report_type == HID_REPORT_TYPE_INPUT) goto inval; if (uref->report_id == HID_REPORT_ID_UNKNOWN) { field = hiddev_lookup_usage(hid, uref); if (field == NULL) goto inval; } else { rinfo.report_type = uref->report_type; rinfo.report_id = uref->report_id; if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL) goto inval; if (uref->field_index >= report->maxfield) goto inval; field = report->field[uref->field_index]; if (cmd == HIDIOCGCOLLECTIONINDEX) { if (uref->usage_index >= field->maxusage) goto inval; } else if (uref->usage_index >= field->report_count) goto inval; else if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) && (uref_multi->num_values > HID_MAX_MULTI_USAGES || uref->usage_index + uref_multi->num_values > field->report_count)) goto inval; } switch (cmd) { case HIDIOCGUSAGE: uref->value = field->value[uref->usage_index]; if (copy_to_user(user_arg, uref, sizeof(*uref))) goto fault; goto goodreturn; case HIDIOCSUSAGE: field->value[uref->usage_index] = uref->value; goto goodreturn; case HIDIOCGCOLLECTIONINDEX: i = field->usage[uref->usage_index].collection_index; kfree(uref_multi); return i; case HIDIOCGUSAGES: for (i = 0; i < uref_multi->num_values; i++) uref_multi->values[i] = field->value[uref->usage_index + i]; if (copy_to_user(user_arg, uref_multi, sizeof(*uref_multi))) goto fault; goto goodreturn; case HIDIOCSUSAGES: for (i = 0; i < uref_multi->num_values; i++) field->value[uref->usage_index + i] = uref_multi->values[i]; goto goodreturn; } goodreturn: kfree(uref_multi); return 0; fault: kfree(uref_multi); return -EFAULT; inval: kfree(uref_multi); return -EINVAL; } }",visit repo url,drivers/hid/usbhid/hiddev.c,https://github.com/torvalds/linux,147707494582141,1 1529,CWE-476,"static int generate(struct crypto_rng *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int dlen) { return crypto_old_rng_alg(tfm)->rng_make_random(tfm, dst, dlen); }",visit repo url,crypto/rng.c,https://github.com/torvalds/linux,270008685024251,1 3735,CWE-125,"int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples, int qmode) { int do_rf64 = 0, write_junk = 1; ChunkHeader ds64hdr, datahdr, fmthdr; RiffChunkHeader riffhdr; DS64Chunk ds64_chunk; JunkChunk junkchunk; WaveHeader wavhdr; uint32_t bcount; int64_t total_data_bytes, total_riff_bytes; int num_channels = WavpackGetNumChannels (wpc); int32_t channel_mask = WavpackGetChannelMask (wpc); int32_t sample_rate = WavpackGetSampleRate (wpc); int bytes_per_sample = WavpackGetBytesPerSample (wpc); int bits_per_sample = WavpackGetBitsPerSample (wpc); int format = WavpackGetFloatNormExp (wpc) ? 3 : 1; int wavhdrsize = 16; if (format == 3 && WavpackGetFloatNormExp (wpc) != 127) { error_line (""can't create valid RIFF wav header for non-normalized floating data!""); return FALSE; } if (total_samples == -1) total_samples = 0x7ffff000 / (bytes_per_sample * num_channels); total_data_bytes = total_samples * bytes_per_sample * num_channels; if (total_data_bytes > 0xff000000) { if (debug_logging_mode) error_line (""total_data_bytes = %lld, so rf64"", total_data_bytes); write_junk = 0; do_rf64 = 1; } else if (debug_logging_mode) error_line (""total_data_bytes = %lld, so riff"", total_data_bytes); CLEAR (wavhdr); wavhdr.FormatTag = format; wavhdr.NumChannels = num_channels; wavhdr.SampleRate = sample_rate; wavhdr.BytesPerSecond = sample_rate * num_channels * bytes_per_sample; wavhdr.BlockAlign = bytes_per_sample * num_channels; wavhdr.BitsPerSample = bits_per_sample; if (num_channels > 2 || channel_mask != 0x5 - num_channels) { wavhdrsize = sizeof (wavhdr); wavhdr.cbSize = 22; wavhdr.ValidBitsPerSample = bits_per_sample; wavhdr.SubFormat = format; wavhdr.ChannelMask = channel_mask; wavhdr.FormatTag = 0xfffe; wavhdr.BitsPerSample = bytes_per_sample * 8; wavhdr.GUID [4] = 0x10; wavhdr.GUID [6] = 0x80; wavhdr.GUID [9] = 0xaa; wavhdr.GUID [11] = 0x38; wavhdr.GUID [12] = 0x9b; wavhdr.GUID [13] = 0x71; } strncpy (riffhdr.ckID, do_rf64 ? ""RF64"" : ""RIFF"", sizeof (riffhdr.ckID)); strncpy (riffhdr.formType, ""WAVE"", sizeof (riffhdr.formType)); total_riff_bytes = sizeof (riffhdr) + wavhdrsize + sizeof (datahdr) + ((total_data_bytes + 1) & ~(int64_t)1); if (do_rf64) total_riff_bytes += sizeof (ds64hdr) + sizeof (ds64_chunk); if (write_junk) total_riff_bytes += sizeof (junkchunk); strncpy (fmthdr.ckID, ""fmt "", sizeof (fmthdr.ckID)); strncpy (datahdr.ckID, ""data"", sizeof (datahdr.ckID)); fmthdr.ckSize = wavhdrsize; if (write_junk) { CLEAR (junkchunk); strncpy (junkchunk.ckID, ""junk"", sizeof (junkchunk.ckID)); junkchunk.ckSize = sizeof (junkchunk) - 8; WavpackNativeToLittleEndian (&junkchunk, ChunkHeaderFormat); } if (do_rf64) { strncpy (ds64hdr.ckID, ""ds64"", sizeof (ds64hdr.ckID)); ds64hdr.ckSize = sizeof (ds64_chunk); CLEAR (ds64_chunk); ds64_chunk.riffSize64 = total_riff_bytes; ds64_chunk.dataSize64 = total_data_bytes; ds64_chunk.sampleCount64 = total_samples; riffhdr.ckSize = (uint32_t) -1; datahdr.ckSize = (uint32_t) -1; WavpackNativeToLittleEndian (&ds64hdr, ChunkHeaderFormat); WavpackNativeToLittleEndian (&ds64_chunk, DS64ChunkFormat); } else { riffhdr.ckSize = (uint32_t) total_riff_bytes; datahdr.ckSize = (uint32_t) total_data_bytes; } WavpackNativeToLittleEndian (&riffhdr, ChunkHeaderFormat); WavpackNativeToLittleEndian (&fmthdr, ChunkHeaderFormat); WavpackNativeToLittleEndian (&wavhdr, WaveHeaderFormat); WavpackNativeToLittleEndian (&datahdr, ChunkHeaderFormat); if (!DoWriteFile (outfile, &riffhdr, sizeof (riffhdr), &bcount) || bcount != sizeof (riffhdr) || (do_rf64 && (!DoWriteFile (outfile, &ds64hdr, sizeof (ds64hdr), &bcount) || bcount != sizeof (ds64hdr))) || (do_rf64 && (!DoWriteFile (outfile, &ds64_chunk, sizeof (ds64_chunk), &bcount) || bcount != sizeof (ds64_chunk))) || (write_junk && (!DoWriteFile (outfile, &junkchunk, sizeof (junkchunk), &bcount) || bcount != sizeof (junkchunk))) || !DoWriteFile (outfile, &fmthdr, sizeof (fmthdr), &bcount) || bcount != sizeof (fmthdr) || !DoWriteFile (outfile, &wavhdr, wavhdrsize, &bcount) || bcount != wavhdrsize || !DoWriteFile (outfile, &datahdr, sizeof (datahdr), &bcount) || bcount != sizeof (datahdr)) { error_line (""can't write .WAV data, disk probably full!""); return FALSE; } return TRUE; }",visit repo url,cli/riff.c,https://github.com/dbry/WavPack,255242759280949,1 4650,['CWE-399'],"struct inode *ext4_iget(struct super_block *sb, unsigned long ino) { struct ext4_iloc iloc; struct ext4_inode *raw_inode; struct ext4_inode_info *ei; struct buffer_head *bh; struct inode *inode; long ret; int block; inode = iget_locked(sb, ino); if (!inode) return ERR_PTR(-ENOMEM); if (!(inode->i_state & I_NEW)) return inode; ei = EXT4_I(inode); #ifdef CONFIG_EXT4_FS_POSIX_ACL ei->i_acl = EXT4_ACL_NOT_CACHED; ei->i_default_acl = EXT4_ACL_NOT_CACHED; #endif ret = __ext4_get_inode_loc(inode, &iloc, 0); if (ret < 0) goto bad_inode; bh = iloc.bh; raw_inode = ext4_raw_inode(&iloc); inode->i_mode = le16_to_cpu(raw_inode->i_mode); inode->i_uid = (uid_t)le16_to_cpu(raw_inode->i_uid_low); inode->i_gid = (gid_t)le16_to_cpu(raw_inode->i_gid_low); if (!(test_opt(inode->i_sb, NO_UID32))) { inode->i_uid |= le16_to_cpu(raw_inode->i_uid_high) << 16; inode->i_gid |= le16_to_cpu(raw_inode->i_gid_high) << 16; } inode->i_nlink = le16_to_cpu(raw_inode->i_links_count); ei->i_state = 0; ei->i_dir_start_lookup = 0; ei->i_dtime = le32_to_cpu(raw_inode->i_dtime); if (inode->i_nlink == 0) { if (inode->i_mode == 0 || !(EXT4_SB(inode->i_sb)->s_mount_state & EXT4_ORPHAN_FS)) { brelse(bh); ret = -ESTALE; goto bad_inode; } } ei->i_flags = le32_to_cpu(raw_inode->i_flags); inode->i_blocks = ext4_inode_blocks(raw_inode, ei); ei->i_file_acl = le32_to_cpu(raw_inode->i_file_acl_lo); if (EXT4_SB(inode->i_sb)->s_es->s_creator_os != cpu_to_le32(EXT4_OS_HURD)) { ei->i_file_acl |= ((__u64)le16_to_cpu(raw_inode->i_file_acl_high)) << 32; } inode->i_size = ext4_isize(raw_inode); ei->i_disksize = inode->i_size; inode->i_generation = le32_to_cpu(raw_inode->i_generation); ei->i_block_group = iloc.block_group; for (block = 0; block < EXT4_N_BLOCKS; block++) ei->i_data[block] = raw_inode->i_block[block]; INIT_LIST_HEAD(&ei->i_orphan); if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) { ei->i_extra_isize = le16_to_cpu(raw_inode->i_extra_isize); if (EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize > EXT4_INODE_SIZE(inode->i_sb)) { brelse(bh); ret = -EIO; goto bad_inode; } if (ei->i_extra_isize == 0) { ei->i_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; } else { __le32 *magic = (void *)raw_inode + EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize; if (*magic == cpu_to_le32(EXT4_XATTR_MAGIC)) ei->i_state |= EXT4_STATE_XATTR; } } else ei->i_extra_isize = 0; EXT4_INODE_GET_XTIME(i_ctime, inode, raw_inode); EXT4_INODE_GET_XTIME(i_mtime, inode, raw_inode); EXT4_INODE_GET_XTIME(i_atime, inode, raw_inode); EXT4_EINODE_GET_XTIME(i_crtime, ei, raw_inode); inode->i_version = le32_to_cpu(raw_inode->i_disk_version); if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) { if (EXT4_FITS_IN_INODE(raw_inode, ei, i_version_hi)) inode->i_version |= (__u64)(le32_to_cpu(raw_inode->i_version_hi)) << 32; } if (S_ISREG(inode->i_mode)) { inode->i_op = &ext4_file_inode_operations; inode->i_fop = &ext4_file_operations; ext4_set_aops(inode); } else if (S_ISDIR(inode->i_mode)) { inode->i_op = &ext4_dir_inode_operations; inode->i_fop = &ext4_dir_operations; } else if (S_ISLNK(inode->i_mode)) { if (ext4_inode_is_fast_symlink(inode)) { inode->i_op = &ext4_fast_symlink_inode_operations; nd_terminate_link(ei->i_data, inode->i_size, sizeof(ei->i_data) - 1); } else { inode->i_op = &ext4_symlink_inode_operations; ext4_set_aops(inode); } } else { inode->i_op = &ext4_special_inode_operations; if (raw_inode->i_block[0]) init_special_inode(inode, inode->i_mode, old_decode_dev(le32_to_cpu(raw_inode->i_block[0]))); else init_special_inode(inode, inode->i_mode, new_decode_dev(le32_to_cpu(raw_inode->i_block[1]))); } brelse(iloc.bh); ext4_set_inode_flags(inode); unlock_new_inode(inode); return inode; bad_inode: iget_failed(inode); return ERR_PTR(ret); }",linux-2.6,,,88014064501081021617111257314868982114,0 1989,['CWE-20'],"static inline int copy_pmd_range(struct mm_struct *dst_mm, struct mm_struct *src_mm, pud_t *dst_pud, pud_t *src_pud, struct vm_area_struct *vma, unsigned long addr, unsigned long end) { pmd_t *src_pmd, *dst_pmd; unsigned long next; dst_pmd = pmd_alloc(dst_mm, dst_pud, addr); if (!dst_pmd) return -ENOMEM; src_pmd = pmd_offset(src_pud, addr); do { next = pmd_addr_end(addr, end); if (pmd_none_or_clear_bad(src_pmd)) continue; if (copy_pte_range(dst_mm, src_mm, dst_pmd, src_pmd, vma, addr, next)) return -ENOMEM; } while (dst_pmd++, src_pmd++, addr = next, addr != end); return 0; }",linux-2.6,,,127074167308538291689748632706991927443,0 1772,CWE-119,"check_entry_size_and_hooks(struct ip6t_entry *e, struct xt_table_info *newinfo, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks) { unsigned int h; int err; if ((unsigned long)e % __alignof__(struct ip6t_entry) != 0 || (unsigned char *)e + sizeof(struct ip6t_entry) >= limit || (unsigned char *)e + e->next_offset > limit) { duprintf(""Bad offset %p\n"", e); return -EINVAL; } if (e->next_offset < sizeof(struct ip6t_entry) + sizeof(struct xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } err = check_entry(e); if (err) return err; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if (!(valid_hooks & (1 << h))) continue; if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) { if (!check_underflow(e)) { pr_err(""Underflows must be unconditional and "" ""use the STANDARD target with "" ""ACCEPT/DROP\n""); return -EINVAL; } newinfo->underflow[h] = underflows[h]; } } e->counters = ((struct xt_counters) { 0, 0 }); e->comefrom = 0; return 0; }",visit repo url,net/ipv6/netfilter/ip6_tables.c,https://github.com/torvalds/linux,59965543372563,1 5204,['CWE-20'],"static bool data_segment_valid(struct kvm_vcpu *vcpu, int seg) { struct kvm_segment var; unsigned int rpl; vmx_get_segment(vcpu, &var, seg); rpl = var.selector & SELECTOR_RPL_MASK; if (var.unusable) return true; if (!var.s) return false; if (!var.present) return false; if (~var.type & (AR_TYPE_CODE_MASK|AR_TYPE_WRITEABLE_MASK)) { if (var.dpl < rpl) return false; } return true; }",linux-2.6,,,337888764824212070343485580428755585832,0 4266,CWE-119,"static void vector64_dst_append(RStrBuf *sb, csh *handle, cs_insn *insn, int n, int i) { cs_arm64_op op = INSOP64 (n); if (op.vector_index != -1) { i = op.vector_index; } #if CS_API_MAJOR == 4 const bool isvessas = (op.vess || op.vas); #else const bool isvessas = op.vas; #endif if (isvessas && i != -1) { int size = vector_size (&op); int shift = i * size; char *regc = ""l""; size_t s = sizeof (bitmask_by_width) / sizeof (*bitmask_by_width); size_t index = size > 0? (size - 1) % s: 0; if (index >= BITMASK_BY_WIDTH_COUNT) { index = 0; } ut64 mask = bitmask_by_width[index]; if (shift >= 64) { shift -= 64; regc = ""h""; } if (shift > 0 && shift < 64) { r_strbuf_appendf (sb, ""%d,SWAP,0x%""PFMT64x"",&,<<,%s%s,0x%""PFMT64x"",&,|,%s%s"", shift, mask, REG64 (n), regc, VEC64_MASK (shift, size), REG64 (n), regc); } else { int dimsize = size % 64; r_strbuf_appendf (sb, ""0x%""PFMT64x"",&,%s%s,0x%""PFMT64x"",&,|,%s%s"", mask, REG64 (n), regc, VEC64_MASK (shift, dimsize), REG64 (n), regc); } } else { r_strbuf_appendf (sb, ""%s"", REG64 (n)); } }",visit repo url,libr/anal/p/anal_arm_cs.c,https://github.com/radareorg/radare2,119096655054533,1 3692,CWE-119,"ssh_packet_get_compress_state(struct sshbuf *m, struct ssh *ssh) { struct session_state *state = ssh->state; struct sshbuf *b; int r; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if (state->compression_in_started) { if ((r = sshbuf_put_string(b, &state->compression_in_stream, sizeof(state->compression_in_stream))) != 0) goto out; } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) goto out; if (state->compression_out_started) { if ((r = sshbuf_put_string(b, &state->compression_out_stream, sizeof(state->compression_out_stream))) != 0) goto out; } else if ((r = sshbuf_put_string(b, NULL, 0)) != 0) goto out; r = sshbuf_put_stringb(m, b); out: sshbuf_free(b); return r; }",visit repo url,usr.bin/ssh/packet.c,https://github.com/openbsd/src,266125507100649,1 2774,CWE-119,"static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int store, int raw, zval **subarray) { u_short type, class, dlen; u_long ttl; long n, i; u_short s; u_char *tp, *p; char name[MAXHOSTNAMELEN]; int have_v6_break = 0, in_v6_break = 0; *subarray = NULL; n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2); if (n < 0) { return NULL; } cp += n; GETSHORT(type, cp); GETSHORT(class, cp); GETLONG(ttl, cp); GETSHORT(dlen, cp); if (type_to_fetch != T_ANY && type != type_to_fetch) { cp += dlen; return cp; } if (!store) { cp += dlen; return cp; } ALLOC_INIT_ZVAL(*subarray); array_init(*subarray); add_assoc_string(*subarray, ""host"", name, 1); add_assoc_string(*subarray, ""class"", ""IN"", 1); add_assoc_long(*subarray, ""ttl"", ttl); if (raw) { add_assoc_long(*subarray, ""type"", type); add_assoc_stringl(*subarray, ""data"", (char*) cp, (uint) dlen, 1); cp += dlen; return cp; } switch (type) { case DNS_T_A: add_assoc_string(*subarray, ""type"", ""A"", 1); snprintf(name, sizeof(name), ""%d.%d.%d.%d"", cp[0], cp[1], cp[2], cp[3]); add_assoc_string(*subarray, ""ip"", name, 1); cp += dlen; break; case DNS_T_MX: add_assoc_string(*subarray, ""type"", ""MX"", 1); GETSHORT(n, cp); add_assoc_long(*subarray, ""pri"", n); case DNS_T_CNAME: if (type == DNS_T_CNAME) { add_assoc_string(*subarray, ""type"", ""CNAME"", 1); } case DNS_T_NS: if (type == DNS_T_NS) { add_assoc_string(*subarray, ""type"", ""NS"", 1); } case DNS_T_PTR: if (type == DNS_T_PTR) { add_assoc_string(*subarray, ""type"", ""PTR"", 1); } n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); if (n < 0) { return NULL; } cp += n; add_assoc_string(*subarray, ""target"", name, 1); break; case DNS_T_HINFO: add_assoc_string(*subarray, ""type"", ""HINFO"", 1); n = *cp & 0xFF; cp++; add_assoc_stringl(*subarray, ""cpu"", (char*)cp, n, 1); cp += n; n = *cp & 0xFF; cp++; add_assoc_stringl(*subarray, ""os"", (char*)cp, n, 1); cp += n; break; case DNS_T_TXT: { int ll = 0; zval *entries = NULL; add_assoc_string(*subarray, ""type"", ""TXT"", 1); tp = emalloc(dlen + 1); MAKE_STD_ZVAL(entries); array_init(entries); while (ll < dlen) { n = cp[ll]; if ((ll + n) >= dlen) { n = dlen - (ll + 1); } memcpy(tp + ll , cp + ll + 1, n); add_next_index_stringl(entries, cp + ll + 1, n, 1); ll = ll + n + 1; } tp[dlen] = '\0'; cp += dlen; add_assoc_stringl(*subarray, ""txt"", tp, (dlen>0)?dlen - 1:0, 0); add_assoc_zval(*subarray, ""entries"", entries); } break; case DNS_T_SOA: add_assoc_string(*subarray, ""type"", ""SOA"", 1); n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2); if (n < 0) { return NULL; } cp += n; add_assoc_string(*subarray, ""mname"", name, 1); n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2); if (n < 0) { return NULL; } cp += n; add_assoc_string(*subarray, ""rname"", name, 1); GETLONG(n, cp); add_assoc_long(*subarray, ""serial"", n); GETLONG(n, cp); add_assoc_long(*subarray, ""refresh"", n); GETLONG(n, cp); add_assoc_long(*subarray, ""retry"", n); GETLONG(n, cp); add_assoc_long(*subarray, ""expire"", n); GETLONG(n, cp); add_assoc_long(*subarray, ""minimum-ttl"", n); break; case DNS_T_AAAA: tp = (u_char*)name; for(i=0; i < 8; i++) { GETSHORT(s, cp); if (s != 0) { if (tp > (u_char *)name) { in_v6_break = 0; tp[0] = ':'; tp++; } tp += sprintf((char*)tp,""%x"",s); } else { if (!have_v6_break) { have_v6_break = 1; in_v6_break = 1; tp[0] = ':'; tp++; } else if (!in_v6_break) { tp[0] = ':'; tp++; tp[0] = '0'; tp++; } } } if (have_v6_break && in_v6_break) { tp[0] = ':'; tp++; } tp[0] = '\0'; add_assoc_string(*subarray, ""type"", ""AAAA"", 1); add_assoc_string(*subarray, ""ipv6"", name, 1); break; case DNS_T_A6: p = cp; add_assoc_string(*subarray, ""type"", ""A6"", 1); n = ((int)cp[0]) & 0xFF; cp++; add_assoc_long(*subarray, ""masklen"", n); tp = (u_char*)name; if (n > 15) { have_v6_break = 1; in_v6_break = 1; tp[0] = ':'; tp++; } if (n % 16 > 8) { if (cp[0] != 0) { if (tp > (u_char *)name) { in_v6_break = 0; tp[0] = ':'; tp++; } sprintf((char*)tp, ""%x"", cp[0] & 0xFF); } else { if (!have_v6_break) { have_v6_break = 1; in_v6_break = 1; tp[0] = ':'; tp++; } else if (!in_v6_break) { tp[0] = ':'; tp++; tp[0] = '0'; tp++; } } cp++; } for (i = (n + 8) / 16; i < 8; i++) { GETSHORT(s, cp); if (s != 0) { if (tp > (u_char *)name) { in_v6_break = 0; tp[0] = ':'; tp++; } tp += sprintf((char*)tp,""%x"",s); } else { if (!have_v6_break) { have_v6_break = 1; in_v6_break = 1; tp[0] = ':'; tp++; } else if (!in_v6_break) { tp[0] = ':'; tp++; tp[0] = '0'; tp++; } } } if (have_v6_break && in_v6_break) { tp[0] = ':'; tp++; } tp[0] = '\0'; add_assoc_string(*subarray, ""ipv6"", name, 1); if (cp < p + dlen) { n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); if (n < 0) { return NULL; } cp += n; add_assoc_string(*subarray, ""chain"", name, 1); } break; case DNS_T_SRV: add_assoc_string(*subarray, ""type"", ""SRV"", 1); GETSHORT(n, cp); add_assoc_long(*subarray, ""pri"", n); GETSHORT(n, cp); add_assoc_long(*subarray, ""weight"", n); GETSHORT(n, cp); add_assoc_long(*subarray, ""port"", n); n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); if (n < 0) { return NULL; } cp += n; add_assoc_string(*subarray, ""target"", name, 1); break; case DNS_T_NAPTR: add_assoc_string(*subarray, ""type"", ""NAPTR"", 1); GETSHORT(n, cp); add_assoc_long(*subarray, ""order"", n); GETSHORT(n, cp); add_assoc_long(*subarray, ""pref"", n); n = (cp[0] & 0xFF); add_assoc_stringl(*subarray, ""flags"", (char*)++cp, n, 1); cp += n; n = (cp[0] & 0xFF); add_assoc_stringl(*subarray, ""services"", (char*)++cp, n, 1); cp += n; n = (cp[0] & 0xFF); add_assoc_stringl(*subarray, ""regex"", (char*)++cp, n, 1); cp += n; n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2); if (n < 0) { return NULL; } cp += n; add_assoc_string(*subarray, ""replacement"", name, 1); break; default: zval_ptr_dtor(subarray); *subarray = NULL; cp += dlen; break; } return cp; }",visit repo url,ext/standard/dns.c,https://github.com/php/php-src,23345750943224,1 2713,CWE-190,"SPL_METHOD(SplFileInfo, setInfoClass) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); zend_class_entry *ce = spl_ce_SplFileInfo; zend_error_handling error_handling; zend_replace_error_handling(EH_THROW, spl_ce_UnexpectedValueException, &error_handling TSRMLS_CC); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""|C"", &ce) == SUCCESS) { intern->info_class = ce; } zend_restore_error_handling(&error_handling TSRMLS_CC); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,79874890207130,1 1877,['CWE-189'],"_gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2]) { uint8_t z; cipher_suite_st *cipher_suites; int cipher_suite_num; int i, err; z = 1; cipher_suite_num = _gnutls_supported_ciphersuites (session, &cipher_suites); if (cipher_suite_num < 0) { gnutls_assert (); return cipher_suite_num; } for (i = 0; i < cipher_suite_num; i++) { if (memcmp (&cipher_suites[i], suite, 2) == 0) { z = 0; break; } } gnutls_free (cipher_suites); if (z != 0) { gnutls_assert (); return GNUTLS_E_UNKNOWN_CIPHER_SUITE; } memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); _gnutls_handshake_log (""HSK[%x]: Selected cipher suite: %s\n"", session, _gnutls_cipher_suite_get_name (&session-> security_parameters. current_cipher_suite)); if (_gnutls_get_kx_cred (session, _gnutls_cipher_suite_get_kx_algo (&session-> security_parameters. current_cipher_suite), &err) == NULL && err != 0) { gnutls_assert (); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } session->internals.auth_struct = _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo (&session->security_parameters. current_cipher_suite)); if (session->internals.auth_struct == NULL) { _gnutls_handshake_log (""HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n"", session); gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } return 0; }",gnutls,,,74444987702935519843967884869631804500,0 2718,[],"static int sctp_send_asconf_add_ip(struct sock *sk, struct sockaddr *addrs, int addrcnt) { struct sctp_sock *sp; struct sctp_endpoint *ep; struct sctp_association *asoc; struct sctp_bind_addr *bp; struct sctp_chunk *chunk; struct sctp_sockaddr_entry *laddr; union sctp_addr *addr; union sctp_addr saveaddr; void *addr_buf; struct sctp_af *af; struct list_head *p; int i; int retval = 0; if (!sctp_addip_enable) return retval; sp = sctp_sk(sk); ep = sp->ep; SCTP_DEBUG_PRINTK(""%s: (sk: %p, addrs: %p, addrcnt: %d)\n"", __func__, sk, addrs, addrcnt); list_for_each_entry(asoc, &ep->asocs, asocs) { if (!asoc->peer.asconf_capable) continue; if (asoc->peer.addip_disabled_mask & SCTP_PARAM_ADD_IP) continue; if (!sctp_state(asoc, ESTABLISHED)) continue; addr_buf = addrs; for (i = 0; i < addrcnt; i++) { addr = (union sctp_addr *)addr_buf; af = sctp_get_af_specific(addr->v4.sin_family); if (!af) { retval = -EINVAL; goto out; } if (sctp_assoc_lookup_laddr(asoc, addr)) break; addr_buf += af->sockaddr_len; } if (i < addrcnt) continue; bp = &asoc->base.bind_addr; p = bp->address_list.next; laddr = list_entry(p, struct sctp_sockaddr_entry, list); chunk = sctp_make_asconf_update_ip(asoc, &laddr->a, addrs, addrcnt, SCTP_PARAM_ADD_IP); if (!chunk) { retval = -ENOMEM; goto out; } retval = sctp_send_asconf(asoc, chunk); if (retval) goto out; addr_buf = addrs; for (i = 0; i < addrcnt; i++) { addr = (union sctp_addr *)addr_buf; af = sctp_get_af_specific(addr->v4.sin_family); memcpy(&saveaddr, addr, af->sockaddr_len); retval = sctp_add_bind_addr(bp, &saveaddr, SCTP_ADDR_NEW, GFP_ATOMIC); addr_buf += af->sockaddr_len; } } out: return retval; }",linux-2.6,,,320712509358761590955876412930974729310,0 2658,[],"static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_authchunks __user *p = (void __user *)optval; struct sctp_authchunks val; struct sctp_association *asoc; struct sctp_chunks_param *ch; u32 num_chunks = 0; char __user *to; if (!sctp_auth_enable) return -EACCES; if (len < sizeof(struct sctp_authchunks)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) return -EFAULT; to = p->gauth_chunks; asoc = sctp_id2assoc(sk, val.gauth_assoc_id); if (!asoc && val.gauth_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (asoc) ch = (struct sctp_chunks_param*)asoc->c.auth_chunks; else ch = sctp_sk(sk)->ep->auth_chunk_list; if (!ch) goto num; num_chunks = ntohs(ch->param_hdr.length) - sizeof(sctp_paramhdr_t); if (len < sizeof(struct sctp_authchunks) + num_chunks) return -EINVAL; if (copy_to_user(to, ch->chunks, num_chunks)) return -EFAULT; num: len = sizeof(struct sctp_authchunks) + num_chunks; if (put_user(len, optlen)) return -EFAULT; if (put_user(num_chunks, &p->gauth_number_of_chunks)) return -EFAULT; return 0; }",linux-2.6,,,167172004840571127305531103030248861740,0 4607,['CWE-399'],"int ext4_get_blocks_wrap(handle_t *handle, struct inode *inode, sector_t block, unsigned int max_blocks, struct buffer_head *bh, int create, int extend_disksize, int flag) { int retval; clear_buffer_mapped(bh); down_read((&EXT4_I(inode)->i_data_sem)); if (EXT4_I(inode)->i_flags & EXT4_EXTENTS_FL) { retval = ext4_ext_get_blocks(handle, inode, block, max_blocks, bh, 0, 0); } else { retval = ext4_get_blocks_handle(handle, inode, block, max_blocks, bh, 0, 0); } up_read((&EXT4_I(inode)->i_data_sem)); if (!create) return retval; if (retval > 0 && buffer_mapped(bh)) return retval; down_write((&EXT4_I(inode)->i_data_sem)); if (flag) EXT4_I(inode)->i_delalloc_reserved_flag = 1; if (EXT4_I(inode)->i_flags & EXT4_EXTENTS_FL) { retval = ext4_ext_get_blocks(handle, inode, block, max_blocks, bh, create, extend_disksize); } else { retval = ext4_get_blocks_handle(handle, inode, block, max_blocks, bh, create, extend_disksize); if (retval > 0 && buffer_new(bh)) { EXT4_I(inode)->i_flags = EXT4_I(inode)->i_flags & ~EXT4_EXT_MIGRATE; } } if (flag) { EXT4_I(inode)->i_delalloc_reserved_flag = 0; if ((retval > 0) && buffer_delay(bh)) ext4_da_update_reserve_space(inode, retval); } up_write((&EXT4_I(inode)->i_data_sem)); return retval; }",linux-2.6,,,106528403621899842082929249901072276536,0 4859,['CWE-189'],"ecryptfs_encrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, struct page *dst_page, int dst_offset, struct page *src_page, int src_offset, int size, unsigned char *iv) { struct scatterlist src_sg, dst_sg; sg_init_table(&src_sg, 1); sg_init_table(&dst_sg, 1); sg_set_page(&src_sg, src_page, size, src_offset); sg_set_page(&dst_sg, dst_page, size, dst_offset); return encrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv); }",linux-2.6,,,183798196938772397655950918983478031786,0 5347,['CWE-476'],"int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) { struct fxsave *fxsave = (struct fxsave *)&vcpu->arch.guest_fx_image; vcpu_load(vcpu); memcpy(fpu->fpr, fxsave->st_space, 128); fpu->fcw = fxsave->cwd; fpu->fsw = fxsave->swd; fpu->ftwx = fxsave->twd; fpu->last_opcode = fxsave->fop; fpu->last_ip = fxsave->rip; fpu->last_dp = fxsave->rdp; memcpy(fpu->xmm, fxsave->xmm_space, sizeof fxsave->xmm_space); vcpu_put(vcpu); return 0; }",linux-2.6,,,51525573860426647706268977492103566200,0 2947,['CWE-189'],"static void jas_icctxtdesc_dump(jas_iccattrval_t *attrval, FILE *out) { jas_icctxtdesc_t *txtdesc = &attrval->data.txtdesc; fprintf(out, ""ascii = \""%s\""\n"", txtdesc->ascdata); fprintf(out, ""uclangcode = %d; uclen = %d\n"", txtdesc->uclangcode, txtdesc->uclen); fprintf(out, ""sccode = %d\n"", txtdesc->sccode); fprintf(out, ""maclen = %d\n"", txtdesc->maclen); }",jasper,,,55125314175247320192259794040331501285,0 3560,CWE-190,"static int jas_iccgetuint64(jas_stream_t *in, jas_iccuint64_t *val) { ulonglong tmp; if (jas_iccgetuint(in, 8, &tmp)) return -1; *val = tmp; return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,54399428591160,1 6009,['CWE-200'],"void __exit addrconf_cleanup(void) { struct net_device *dev; struct inet6_dev *idev; struct inet6_ifaddr *ifa; int i; unregister_netdevice_notifier(&ipv6_dev_notf); rtnetlink_links[PF_INET6] = NULL; #ifdef CONFIG_SYSCTL addrconf_sysctl_unregister(&ipv6_devconf_dflt); addrconf_sysctl_unregister(&ipv6_devconf); #endif rtnl_lock(); for (dev=dev_base; dev; dev=dev->next) { if ((idev = __in6_dev_get(dev)) == NULL) continue; addrconf_ifdown(dev, 1); } addrconf_ifdown(&loopback_dev, 2); write_lock_bh(&addrconf_hash_lock); for (i=0; i < IN6_ADDR_HSIZE; i++) { for (ifa=inet6_addr_lst[i]; ifa; ) { struct inet6_ifaddr *bifa; bifa = ifa; ifa = ifa->lst_next; printk(KERN_DEBUG ""bug: IPv6 address leakage detected: ifa=%p\n"", bifa); } } write_unlock_bh(&addrconf_hash_lock); del_timer(&addr_chk_timer); rtnl_unlock(); #ifdef CONFIG_IPV6_PRIVACY if (likely(md5_tfm != NULL)) { crypto_free_tfm(md5_tfm); md5_tfm = NULL; } #endif #ifdef CONFIG_PROC_FS proc_net_remove(""if_inet6""); #endif }",linux-2.6,,,105431297440584557935883060685863942763,0 309,CWE-119,"static int get_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data) { int ret; ret = usb_control_msg(pegasus->usb, usb_rcvctrlpipe(pegasus->usb, 0), PEGASUS_REQ_GET_REGS, PEGASUS_REQT_READ, 0, indx, data, size, 1000); if (ret < 0) netif_dbg(pegasus, drv, pegasus->net, ""%s returned %d\n"", __func__, ret); return ret; }",visit repo url,drivers/net/usb/pegasus.c,https://github.com/torvalds/linux,224090967225640,1 2622,CWE-190,"static inline unsigned char unimap_bsearch(const uni_to_enc *table, unsigned code_key_a, size_t num) { const uni_to_enc *l = table, *h = &table[num-1], *m; unsigned short code_key; if (code_key_a > 0xFFFFU) return 0; code_key = (unsigned short) code_key_a; while (l <= h) { m = l + (h - l) / 2; if (code_key < m->un_code_point) h = m - 1; else if (code_key > m->un_code_point) l = m + 1; else return m->cs_code; } return 0; }",visit repo url,ext/standard/html.c,https://github.com/php/php-src,199821956101660,1 4009,CWE-476,"static int nsv_read_chunk(AVFormatContext *s, int fill_header) { NSVContext *nsv = s->priv_data; AVIOContext *pb = s->pb; AVStream *st[2] = {NULL, NULL}; NSVStream *nst; AVPacket *pkt; int i, err = 0; uint8_t auxcount; uint32_t vsize; uint16_t asize; uint16_t auxsize; if (nsv->ahead[0].data || nsv->ahead[1].data) return 0; null_chunk_retry: if (pb->eof_reached) return -1; for (i = 0; i < NSV_MAX_RESYNC_TRIES && nsv->state < NSV_FOUND_NSVS && !err; i++) err = nsv_resync(s); if (err < 0) return err; if (nsv->state == NSV_FOUND_NSVS) err = nsv_parse_NSVs_header(s); if (err < 0) return err; if (nsv->state != NSV_HAS_READ_NSVS && nsv->state != NSV_FOUND_BEEF) return -1; auxcount = avio_r8(pb); vsize = avio_rl16(pb); asize = avio_rl16(pb); vsize = (vsize << 4) | (auxcount >> 4); auxcount &= 0x0f; av_log(s, AV_LOG_TRACE, ""NSV CHUNK %""PRIu8"" aux, %""PRIu32"" bytes video, %""PRIu16"" bytes audio\n"", auxcount, vsize, asize); for (i = 0; i < auxcount; i++) { uint32_t av_unused auxtag; auxsize = avio_rl16(pb); auxtag = avio_rl32(pb); avio_skip(pb, auxsize); vsize -= auxsize + sizeof(uint16_t) + sizeof(uint32_t); } if (pb->eof_reached) return -1; if (!vsize && !asize) { nsv->state = NSV_UNSYNC; goto null_chunk_retry; } if (s->nb_streams > 0) st[s->streams[0]->id] = s->streams[0]; if (s->nb_streams > 1) st[s->streams[1]->id] = s->streams[1]; if (vsize && st[NSV_ST_VIDEO]) { nst = st[NSV_ST_VIDEO]->priv_data; pkt = &nsv->ahead[NSV_ST_VIDEO]; av_get_packet(pb, pkt, vsize); pkt->stream_index = st[NSV_ST_VIDEO]->index; pkt->dts = nst->frame_offset; pkt->flags |= nsv->state == NSV_HAS_READ_NSVS ? AV_PKT_FLAG_KEY : 0; for (i = 0; i < FFMIN(8, vsize); i++) av_log(s, AV_LOG_TRACE, ""NSV video: [%d] = %02""PRIx8""\n"", i, pkt->data[i]); } if(st[NSV_ST_VIDEO]) ((NSVStream*)st[NSV_ST_VIDEO]->priv_data)->frame_offset++; if (asize && st[NSV_ST_AUDIO]) { nst = st[NSV_ST_AUDIO]->priv_data; pkt = &nsv->ahead[NSV_ST_AUDIO]; if (asize && st[NSV_ST_AUDIO]->codecpar->codec_tag == MKTAG('P', 'C', 'M', ' ') ) { uint8_t bps; uint8_t channels; uint16_t samplerate; bps = avio_r8(pb); channels = avio_r8(pb); samplerate = avio_rl16(pb); if (!channels || !samplerate) return AVERROR_INVALIDDATA; asize-=4; av_log(s, AV_LOG_TRACE, ""NSV RAWAUDIO: bps %""PRIu8"", nchan %""PRIu8"", srate %""PRIu16""\n"", bps, channels, samplerate); if (fill_header) { st[NSV_ST_AUDIO]->need_parsing = AVSTREAM_PARSE_NONE; if (bps != 16) { av_log(s, AV_LOG_TRACE, ""NSV AUDIO bit/sample != 16 (%""PRIu8"")!!!\n"", bps); } bps /= channels; if (bps == 8) st[NSV_ST_AUDIO]->codecpar->codec_id = AV_CODEC_ID_PCM_U8; samplerate /= 4; channels = 1; st[NSV_ST_AUDIO]->codecpar->channels = channels; st[NSV_ST_AUDIO]->codecpar->sample_rate = samplerate; av_log(s, AV_LOG_TRACE, ""NSV RAWAUDIO: bps %""PRIu8"", nchan %""PRIu8"", srate %""PRIu16""\n"", bps, channels, samplerate); } } av_get_packet(pb, pkt, asize); pkt->stream_index = st[NSV_ST_AUDIO]->index; pkt->flags |= nsv->state == NSV_HAS_READ_NSVS ? AV_PKT_FLAG_KEY : 0; if( nsv->state == NSV_HAS_READ_NSVS && st[NSV_ST_VIDEO] ) { pkt->dts = (((NSVStream*)st[NSV_ST_VIDEO]->priv_data)->frame_offset-1); pkt->dts *= (int64_t)1000 * nsv->framerate.den; pkt->dts += (int64_t)nsv->avsync * nsv->framerate.num; av_log(s, AV_LOG_TRACE, ""NSV AUDIO: sync:%""PRId16"", dts:%""PRId64, nsv->avsync, pkt->dts); } nst->frame_offset++; } nsv->state = NSV_UNSYNC; return 0; }",visit repo url,libavformat/nsvdec.c,https://github.com/libav/libav,43145659400819,1 5410,CWE-908,"parsegid(const char *s, gid_t *gid) { struct group *gr; const char *errstr; if ((gr = getgrnam(s)) != NULL) { *gid = gr->gr_gid; return 0; } #if !defined(__linux__) && !defined(__NetBSD__) *gid = strtonum(s, 0, GID_MAX, &errstr); #else sscanf(s, ""%d"", gid); #endif if (errstr) return -1; return 0; }",visit repo url,doas.c,https://github.com/slicer69/doas,151489711142308,1 1937,['CWE-20'],"int __pte_alloc(struct mm_struct *mm, pmd_t *pmd, unsigned long address) { pgtable_t new = pte_alloc_one(mm, address); if (!new) return -ENOMEM; smp_wmb(); spin_lock(&mm->page_table_lock); if (!pmd_present(*pmd)) { mm->nr_ptes++; pmd_populate(mm, pmd, new); new = NULL; } spin_unlock(&mm->page_table_lock); if (new) pte_free(mm, new); return 0; }",linux-2.6,,,2332324207665356471337334221818934591,0 5556,CWE-125,"ast2obj_stmt(void* _o) { stmt_ty o = (stmt_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case FunctionDef_kind: result = PyType_GenericNew(FunctionDef_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.FunctionDef.name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_arguments(o->v.FunctionDef.args); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.FunctionDef.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.FunctionDef.decorator_list, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_decorator_list, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.FunctionDef.returns); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_returns, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.FunctionDef.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case AsyncFunctionDef_kind: result = PyType_GenericNew(AsyncFunctionDef_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.AsyncFunctionDef.name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_arguments(o->v.AsyncFunctionDef.args); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncFunctionDef.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncFunctionDef.decorator_list, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_decorator_list, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AsyncFunctionDef.returns); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_returns, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.AsyncFunctionDef.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case ClassDef_kind: result = PyType_GenericNew(ClassDef_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.ClassDef.name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ClassDef.bases, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_bases, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ClassDef.keywords, ast2obj_keyword); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_keywords, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ClassDef.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ClassDef.decorator_list, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_decorator_list, value) == -1) goto failed; Py_DECREF(value); break; case Return_kind: result = PyType_GenericNew(Return_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Return.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Delete_kind: result = PyType_GenericNew(Delete_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Delete.targets, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_targets, value) == -1) goto failed; Py_DECREF(value); break; case Assign_kind: result = PyType_GenericNew(Assign_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Assign.targets, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_targets, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Assign.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.Assign.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case AugAssign_kind: result = PyType_GenericNew(AugAssign_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.AugAssign.target); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_target, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_operator(o->v.AugAssign.op); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_op, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AugAssign.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case AnnAssign_kind: result = PyType_GenericNew(AnnAssign_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.AnnAssign.target); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_target, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AnnAssign.annotation); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_annotation, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AnnAssign.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_int(o->v.AnnAssign.simple); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_simple, value) == -1) goto failed; Py_DECREF(value); break; case For_kind: result = PyType_GenericNew(For_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.For.target); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_target, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.For.iter); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_iter, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.For.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.For.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.For.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case AsyncFor_kind: result = PyType_GenericNew(AsyncFor_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.AsyncFor.target); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_target, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.AsyncFor.iter); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_iter, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncFor.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncFor.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.AsyncFor.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case While_kind: result = PyType_GenericNew(While_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.While.test); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_test, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.While.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.While.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); break; case If_kind: result = PyType_GenericNew(If_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.If.test); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_test, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.If.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.If.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); break; case With_kind: result = PyType_GenericNew(With_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.With.items, ast2obj_withitem); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_items, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.With.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.With.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case AsyncWith_kind: result = PyType_GenericNew(AsyncWith_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.AsyncWith.items, ast2obj_withitem); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_items, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.AsyncWith.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.AsyncWith.type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); break; case Raise_kind: result = PyType_GenericNew(Raise_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Raise.exc); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_exc, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Raise.cause); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_cause, value) == -1) goto failed; Py_DECREF(value); break; case Try_kind: result = PyType_GenericNew(Try_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Try.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Try.handlers, ast2obj_excepthandler); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_handlers, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Try.orelse, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Try.finalbody, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_finalbody, value) == -1) goto failed; Py_DECREF(value); break; case Assert_kind: result = PyType_GenericNew(Assert_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Assert.test); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_test, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Assert.msg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_msg, value) == -1) goto failed; Py_DECREF(value); break; case Import_kind: result = PyType_GenericNew(Import_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Import.names, ast2obj_alias); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_names, value) == -1) goto failed; Py_DECREF(value); break; case ImportFrom_kind: result = PyType_GenericNew(ImportFrom_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.ImportFrom.module); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_module, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ImportFrom.names, ast2obj_alias); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_names, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_int(o->v.ImportFrom.level); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_level, value) == -1) goto failed; Py_DECREF(value); break; case Global_kind: result = PyType_GenericNew(Global_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Global.names, ast2obj_identifier); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_names, value) == -1) goto failed; Py_DECREF(value); break; case Nonlocal_kind: result = PyType_GenericNew(Nonlocal_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Nonlocal.names, ast2obj_identifier); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_names, value) == -1) goto failed; Py_DECREF(value); break; case Expr_kind: result = PyType_GenericNew(Expr_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Expr.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Pass_kind: result = PyType_GenericNew(Pass_type, NULL, NULL); if (!result) goto failed; break; case Break_kind: result = PyType_GenericNew(Break_type, NULL, NULL); if (!result) goto failed; break; case Continue_kind: result = PyType_GenericNew(Continue_type, NULL, NULL); if (!result) goto failed; break; } value = ast2obj_int(o->lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) < 0) goto failed; Py_DECREF(value); value = ast2obj_int(o->col_offset); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_col_offset, value) < 0) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,189172979788209,1 5388,CWE-125,"uint32_t GetPayloadTime(size_t handle, uint32_t index, float *in, float *out) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return 0; if (mp4->metaoffsets == 0 || mp4->basemetadataduration == 0 || mp4->meta_clockdemon == 0 || in == NULL || out == NULL) return 1; *in = (float)((double)index * (double)mp4->basemetadataduration / (double)mp4->meta_clockdemon); *out = (float)((double)(index + 1) * (double)mp4->basemetadataduration / (double)mp4->meta_clockdemon); return 0; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,157102844585889,1 3296,['CWE-189'],"jas_stream_t *jas_stream_fopen(const char *filename, const char *mode) { jas_stream_t *stream; jas_stream_fileobj_t *obj; int openflags; if (!(stream = jas_stream_create())) { return 0; } stream->openmode_ = jas_strtoopenmode(mode); if ((stream->openmode_ & JAS_STREAM_READ) && (stream->openmode_ & JAS_STREAM_WRITE)) { openflags = O_RDWR; } else if (stream->openmode_ & JAS_STREAM_READ) { openflags = O_RDONLY; } else if (stream->openmode_ & JAS_STREAM_WRITE) { openflags = O_WRONLY; } else { openflags = 0; } if (stream->openmode_ & JAS_STREAM_APPEND) { openflags |= O_APPEND; } if (stream->openmode_ & JAS_STREAM_BINARY) { openflags |= O_BINARY; } if (stream->openmode_ & JAS_STREAM_CREATE) { openflags |= O_CREAT | O_TRUNC; } if (!(obj = jas_malloc(sizeof(jas_stream_fileobj_t)))) { jas_stream_destroy(stream); return 0; } obj->fd = -1; obj->flags = 0; obj->pathname[0] = '\0'; stream->obj_ = (void *) obj; stream->ops_ = &jas_stream_fileops; if ((obj->fd = open(filename, openflags, JAS_STREAM_PERMS)) < 0) { jas_stream_destroy(stream); return 0; } jas_stream_initbuf(stream, JAS_STREAM_FULLBUF, 0, 0); return stream; }",jasper,,,273484447168649961167182010309202251460,0 5095,CWE-190,"_pickle_UnpicklerMemoProxy_copy_impl(UnpicklerMemoProxyObject *self) { Py_ssize_t i; PyObject *new_memo = PyDict_New(); if (new_memo == NULL) return NULL; for (i = 0; i < self->unpickler->memo_size; i++) { int status; PyObject *key, *value; value = self->unpickler->memo[i]; if (value == NULL) continue; key = PyLong_FromSsize_t(i); if (key == NULL) goto error; status = PyDict_SetItem(new_memo, key, value); Py_DECREF(key); if (status < 0) goto error; } return new_memo; error: Py_DECREF(new_memo); return NULL; }",visit repo url,Modules/_pickle.c,https://github.com/python/cpython,41444423084701,1 6743,['CWE-310'],"nm_gconf_set_int_helper (GConfClient *client, const char *path, const char *key, const char *setting, int value) { char * gc_key; g_return_val_if_fail (key != NULL, FALSE); g_return_val_if_fail (setting != NULL, FALSE); gc_key = g_strdup_printf (""%s/%s/%s"", path, setting, key); if (!gc_key) { g_warning (""Not enough memory to create gconf path""); return FALSE; } gconf_client_set_int (client, gc_key, value, NULL); g_free (gc_key); return TRUE; }",network-manager-applet,,,279011040229869594025576303557271699937,0 4319,CWE-824,"static bool vtable_is_addr_vtable_start_msvc(RVTableContext *context, ut64 curAddress) { RAnalRef *xref; RListIter *xrefIter; if (!curAddress || curAddress == UT64_MAX) { return false; } if (curAddress && !vtable_is_value_in_text_section (context, curAddress, NULL)) { return false; } RList *xrefs = r_anal_xrefs_get (context->anal, curAddress); if (r_list_empty (xrefs)) { r_list_free (xrefs); return false; } r_list_foreach (xrefs, xrefIter, xref) { if (vtable_addr_in_text_section (context, xref->addr)) { ut8 buf[VTABLE_BUFF_SIZE]; context->anal->iob.read_at (context->anal->iob.io, xref->addr, buf, sizeof(buf)); RAnalOp analop = {0}; r_anal_op (context->anal, &analop, xref->addr, buf, sizeof(buf), R_ANAL_OP_MASK_BASIC); if (analop.type == R_ANAL_OP_TYPE_MOV || analop.type == R_ANAL_OP_TYPE_LEA) { r_list_free (xrefs); r_anal_op_fini (&analop); return true; } r_anal_op_fini (&analop); } } r_list_free (xrefs); return false; }",visit repo url,libr/anal/vtable.c,https://github.com/radareorg/radare2,49256475974428,1 5737,CWE-212,"int secure_check(void *data) { const at91_secure_header_t *header; void *file; if (secure_decrypt(data, sizeof(*header), 0)) return -1; header = (const at91_secure_header_t *)data; if (header->magic != AT91_SECURE_MAGIC) return -1; file = (unsigned char *)data + sizeof(*header); return secure_decrypt(file, header->file_size, 1); }",visit repo url,driver/secure.c,https://github.com/linux4sam/at91bootstrap,65792788584860,1 2398,CWE-119,"static AVFrame *get_video_buffer(AVFilterLink *inlink, int w, int h) { PadContext *s = inlink->dst->priv; AVFrame *frame = ff_get_video_buffer(inlink->dst->outputs[0], w + (s->w - s->in_w), h + (s->h - s->in_h)); int plane; if (!frame) return NULL; frame->width = w; frame->height = h; for (plane = 0; plane < 4 && frame->data[plane]; plane++) { int hsub = s->draw.hsub[plane]; int vsub = s->draw.vsub[plane]; frame->data[plane] += (s->x >> hsub) * s->draw.pixelstep[plane] + (s->y >> vsub) * frame->linesize[plane]; } return frame; }",visit repo url,libavfilter/vf_pad.c,https://github.com/FFmpeg/FFmpeg,234745126151824,1 1259,[],"dump_args (struct obstack *obs, int argc, token_data **argv, const char *sep, bool quoted) { int i; size_t len = strlen (sep); for (i = 1; i < argc; i++) { if (i > 1) obstack_grow (obs, sep, len); if (quoted) obstack_grow (obs, lquote.string, lquote.length); obstack_grow (obs, TOKEN_DATA_TEXT (argv[i]), strlen (TOKEN_DATA_TEXT (argv[i]))); if (quoted) obstack_grow (obs, rquote.string, rquote.length); } }",m4,,,137376063114673286867660765745913681760,0 1135,CWE-20,"static int FNAME(walk_addr_generic)(struct guest_walker *walker, struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, gva_t addr, u32 access) { pt_element_t pte; pt_element_t __user *ptep_user; gfn_t table_gfn; unsigned index, pt_access, uninitialized_var(pte_access); gpa_t pte_gpa; bool eperm, present, rsvd_fault; int offset, write_fault, user_fault, fetch_fault; write_fault = access & PFERR_WRITE_MASK; user_fault = access & PFERR_USER_MASK; fetch_fault = access & PFERR_FETCH_MASK; trace_kvm_mmu_pagetable_walk(addr, write_fault, user_fault, fetch_fault); walk: present = true; eperm = rsvd_fault = false; walker->level = mmu->root_level; pte = mmu->get_cr3(vcpu); #if PTTYPE == 64 if (walker->level == PT32E_ROOT_LEVEL) { pte = kvm_pdptr_read_mmu(vcpu, mmu, (addr >> 30) & 3); trace_kvm_mmu_paging_element(pte, walker->level); if (!is_present_gpte(pte)) { present = false; goto error; } --walker->level; } #endif ASSERT((!is_long_mode(vcpu) && is_pae(vcpu)) || (mmu->get_cr3(vcpu) & CR3_NONPAE_RESERVED_BITS) == 0); pt_access = ACC_ALL; for (;;) { gfn_t real_gfn; unsigned long host_addr; index = PT_INDEX(addr, walker->level); table_gfn = gpte_to_gfn(pte); offset = index * sizeof(pt_element_t); pte_gpa = gfn_to_gpa(table_gfn) + offset; walker->table_gfn[walker->level - 1] = table_gfn; walker->pte_gpa[walker->level - 1] = pte_gpa; real_gfn = mmu->translate_gpa(vcpu, gfn_to_gpa(table_gfn), PFERR_USER_MASK|PFERR_WRITE_MASK); if (unlikely(real_gfn == UNMAPPED_GVA)) { present = false; break; } real_gfn = gpa_to_gfn(real_gfn); host_addr = gfn_to_hva(vcpu->kvm, real_gfn); if (unlikely(kvm_is_error_hva(host_addr))) { present = false; break; } ptep_user = (pt_element_t __user *)((void *)host_addr + offset); if (unlikely(copy_from_user(&pte, ptep_user, sizeof(pte)))) { present = false; break; } trace_kvm_mmu_paging_element(pte, walker->level); if (unlikely(!is_present_gpte(pte))) { present = false; break; } if (unlikely(is_rsvd_bits_set(&vcpu->arch.mmu, pte, walker->level))) { rsvd_fault = true; break; } if (unlikely(write_fault && !is_writable_pte(pte) && (user_fault || is_write_protection(vcpu)))) eperm = true; if (unlikely(user_fault && !(pte & PT_USER_MASK))) eperm = true; #if PTTYPE == 64 if (unlikely(fetch_fault && (pte & PT64_NX_MASK))) eperm = true; #endif if (!eperm && !rsvd_fault && unlikely(!(pte & PT_ACCESSED_MASK))) { int ret; trace_kvm_mmu_set_accessed_bit(table_gfn, index, sizeof(pte)); ret = FNAME(cmpxchg_gpte)(vcpu, mmu, table_gfn, index, pte, pte|PT_ACCESSED_MASK); if (ret < 0) { present = false; break; } else if (ret) goto walk; mark_page_dirty(vcpu->kvm, table_gfn); pte |= PT_ACCESSED_MASK; } pte_access = pt_access & FNAME(gpte_access)(vcpu, pte); walker->ptes[walker->level - 1] = pte; if ((walker->level == PT_PAGE_TABLE_LEVEL) || ((walker->level == PT_DIRECTORY_LEVEL) && is_large_pte(pte) && (PTTYPE == 64 || is_pse(vcpu))) || ((walker->level == PT_PDPE_LEVEL) && is_large_pte(pte) && mmu->root_level == PT64_ROOT_LEVEL)) { int lvl = walker->level; gpa_t real_gpa; gfn_t gfn; u32 ac; gfn = gpte_to_gfn_lvl(pte, lvl); gfn += (addr & PT_LVL_OFFSET_MASK(lvl)) >> PAGE_SHIFT; if (PTTYPE == 32 && walker->level == PT_DIRECTORY_LEVEL && is_cpuid_PSE36()) gfn += pse36_gfn_delta(pte); ac = write_fault | fetch_fault | user_fault; real_gpa = mmu->translate_gpa(vcpu, gfn_to_gpa(gfn), ac); if (real_gpa == UNMAPPED_GVA) return 0; walker->gfn = real_gpa >> PAGE_SHIFT; break; } pt_access = pte_access; --walker->level; } if (unlikely(!present || eperm || rsvd_fault)) goto error; if (write_fault && unlikely(!is_dirty_gpte(pte))) { int ret; trace_kvm_mmu_set_dirty_bit(table_gfn, index, sizeof(pte)); ret = FNAME(cmpxchg_gpte)(vcpu, mmu, table_gfn, index, pte, pte|PT_DIRTY_MASK); if (ret < 0) { present = false; goto error; } else if (ret) goto walk; mark_page_dirty(vcpu->kvm, table_gfn); pte |= PT_DIRTY_MASK; walker->ptes[walker->level - 1] = pte; } walker->pt_access = pt_access; walker->pte_access = pte_access; pgprintk(""%s: pte %llx pte_access %x pt_access %x\n"", __func__, (u64)pte, pte_access, pt_access); return 1; error: walker->fault.vector = PF_VECTOR; walker->fault.error_code_valid = true; walker->fault.error_code = 0; if (present) walker->fault.error_code |= PFERR_PRESENT_MASK; walker->fault.error_code |= write_fault | user_fault; if (fetch_fault && mmu->nx) walker->fault.error_code |= PFERR_FETCH_MASK; if (rsvd_fault) walker->fault.error_code |= PFERR_RSVD_MASK; walker->fault.address = addr; walker->fault.nested_page_fault = mmu != vcpu->arch.walk_mmu; trace_kvm_mmu_walker_error(walker->fault.error_code); return 0; }",visit repo url,arch/x86/kvm/paging_tmpl.h,https://github.com/torvalds/linux,248988158008425,1 2258,CWE-362,"static void __exit xfrm6_tunnel_fini(void) { unregister_pernet_subsys(&xfrm6_tunnel_net_ops); xfrm6_tunnel_spi_fini(); xfrm6_tunnel_deregister(&xfrm46_tunnel_handler, AF_INET); xfrm6_tunnel_deregister(&xfrm6_tunnel_handler, AF_INET6); xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6); }",visit repo url,net/ipv6/xfrm6_tunnel.c,https://github.com/torvalds/linux,174864817012110,1 6682,CWE-1284,"int encrypt_stream(FILE *infp, FILE *outfp, unsigned char* passwd, int passlen) { aes_context aes_ctx; sha256_context sha_ctx; aescrypt_hdr aeshdr; sha256_t digest; unsigned char IV[16]; unsigned char iv_key[48]; unsigned i, j; size_t bytes_read; unsigned char buffer[32]; unsigned char ipad[64], opad[64]; time_t current_time; pid_t process_id; void *aesrand; unsigned char tag_buffer[256]; if ((aesrand = aesrandom_open()) == NULL) { perror(""Error open random:""); return -1; } memset(iv_key, 0, 48); for (i=0; i<48; i+=16) { memset(buffer, 0, 32); sha256_starts(&sha_ctx); for(j=0; j<256; j++) { if ((bytes_read = aesrandom_read(aesrand, buffer, 32)) != 32) { fprintf(stderr, ""Error: Couldn't read from random : %u\n"", (unsigned) bytes_read); aesrandom_close(aesrand); return -1; } sha256_update(&sha_ctx, buffer, 32); } sha256_finish(&sha_ctx, digest); memcpy(iv_key+i, digest, 16); } buffer[0] = 'A'; buffer[1] = 'E'; buffer[2] = 'S'; buffer[3] = (unsigned char) 0x02; buffer[4] = '\0'; if (fwrite(buffer, 1, 5, outfp) != 5) { fprintf(stderr, ""Error: Could not write out header data\n""); aesrandom_close(aesrand); return -1; } j = 11 + strlen(PACKAGE_NAME) + 1 + strlen(PACKAGE_VERSION); if (j < 256) { buffer[0] = '\0'; buffer[1] = (unsigned char) (j & 0xff); if (fwrite(buffer, 1, 2, outfp) != 2) { fprintf(stderr, ""Error: Could not write tag to AES file (1)\n""); aesrandom_close(aesrand); return -1; } strncpy((char *)tag_buffer, ""CREATED_BY"", 255); tag_buffer[255] = '\0'; if (fwrite(tag_buffer, 1, 11, outfp) != 11) { fprintf(stderr, ""Error: Could not write tag to AES file (2)\n""); aesrandom_close(aesrand); return -1; } sprintf((char *)tag_buffer, ""%s %s"", PACKAGE_NAME, PACKAGE_VERSION); j = strlen((char *)tag_buffer); if (fwrite(tag_buffer, 1, j, outfp) != j) { fprintf(stderr, ""Error: Could not write tag to AES file (3)\n""); aesrandom_close(aesrand); return -1; } } buffer[0] = '\0'; buffer[1] = (unsigned char) 128; if (fwrite(buffer, 1, 2, outfp) != 2) { fprintf(stderr, ""Error: Could not write tag to AES file (4)\n""); aesrandom_close(aesrand); return -1; } memset(tag_buffer, 0, 128); if (fwrite(tag_buffer, 1, 128, outfp) != 128) { fprintf(stderr, ""Error: Could not write tag to AES file (5)\n""); aesrandom_close(aesrand); return -1; } buffer[0] = '\0'; buffer[1] = '\0'; if (fwrite(buffer, 1, 2, outfp) != 2) { fprintf(stderr, ""Error: Could not write tag to AES file (6)\n""); aesrandom_close(aesrand); return -1; } sha256_starts( &sha_ctx); current_time = time(NULL); sha256_update( &sha_ctx, (unsigned char *)&time, sizeof(current_time)); process_id = getpid(); sha256_update( &sha_ctx, (unsigned char *)&process_id, sizeof(process_id)); for (i=0; i<256; i++) { if (aesrandom_read(aesrand, buffer, 32) != 32) { fprintf(stderr, ""Error: Couldn't read from /dev/random\n""); aesrandom_close(aesrand); return -1; } sha256_update( &sha_ctx, buffer, 32); } sha256_finish( &sha_ctx, digest); memcpy(IV, digest, 16); aesrandom_close(aesrand); if (fwrite(IV, 1, 16, outfp) != 16) { fprintf(stderr, ""Error: Could not write out initialization vector\n""); return -1; } memset(digest, 0, 32); memcpy(digest, IV, 16); for(i=0; i<8192; i++) { sha256_starts( &sha_ctx); sha256_update( &sha_ctx, digest, 32); sha256_update( &sha_ctx, passwd, (unsigned long)passlen); sha256_finish( &sha_ctx, digest); } aes_set_key(&aes_ctx, digest, 256); memset(ipad, 0x36, 64); memset(opad, 0x5C, 64); for(i=0; i<32; i++) { ipad[i] ^= digest[i]; opad[i] ^= digest[i]; } sha256_starts(&sha_ctx); sha256_update(&sha_ctx, ipad, 64); for(i=0; i<48; i+=16) { memcpy(buffer, iv_key+i, 16); for(j=0; j<16; j++) { buffer[j] ^= IV[j]; } aes_encrypt(&aes_ctx, buffer, buffer); sha256_update(&sha_ctx, buffer, 16); if (fwrite(buffer, 1, 16, outfp) != 16) { fprintf(stderr, ""Error: Could not write iv_key data\n""); return -1; } memcpy(IV, buffer, 16); } sha256_finish(&sha_ctx, digest); sha256_starts(&sha_ctx); sha256_update(&sha_ctx, opad, 64); sha256_update(&sha_ctx, digest, 32); sha256_finish(&sha_ctx, digest); if (fwrite(digest, 1, 32, outfp) != 32) { fprintf(stderr, ""Error: Could not write iv_key HMAC\n""); return -1; } memcpy(IV, iv_key, 16); aes_set_key(&aes_ctx, iv_key+16, 256); memset(ipad, 0x36, 64); memset(opad, 0x5C, 64); for(i=0; i<32; i++) { ipad[i] ^= iv_key[i+16]; opad[i] ^= iv_key[i+16]; } memset_secure(iv_key, 0, 48); sha256_starts(&sha_ctx); sha256_update(&sha_ctx, ipad, 64); aeshdr.last_block_size = 0; while ((bytes_read = fread(buffer, 1, 16, infp)) > 0) { for(i=0; i<16; i++) { buffer[i] ^= IV[i]; } aes_encrypt(&aes_ctx, buffer, buffer); sha256_update(&sha_ctx, buffer, 16); if (fwrite(buffer, 1, 16, outfp) != 16) { fprintf(stderr, ""Error: Could not write to output file\n""); return -1; } memcpy(IV, buffer, 16); aeshdr.last_block_size = bytes_read; } if (ferror(infp)) { fprintf(stderr, ""Error: Couldn't read input file\n""); return -1; } buffer[0] = (char) (aeshdr.last_block_size & 0x0F); if (fwrite(buffer, 1, 1, outfp) != 1) { fprintf(stderr, ""Error: Could not write the file size modulo\n""); return -1; } sha256_finish(&sha_ctx, digest); sha256_starts(&sha_ctx); sha256_update(&sha_ctx, opad, 64); sha256_update(&sha_ctx, digest, 32); sha256_finish(&sha_ctx, digest); if (fwrite(digest, 1, 32, outfp) != 32) { fprintf(stderr, ""Error: Could not write the file HMAC\n""); return -1; } if (fflush(outfp)) { fprintf(stderr, ""Error: Could not flush output file buffer\n""); return -1; } return 0; }",visit repo url,Linux/src/aescrypt.c,https://github.com/paulej/AESCrypt,272510034080485,1 3850,CWE-476,"diff_redraw( int dofold) { win_T *wp; win_T *wp_other = NULL; int used_max_fill_other = FALSE; int used_max_fill_curwin = FALSE; int n; need_diff_redraw = FALSE; FOR_ALL_WINDOWS(wp) if (wp->w_p_diff) { redraw_win_later(wp, SOME_VALID); if (wp != curwin) wp_other = wp; #ifdef FEAT_FOLDING if (dofold && foldmethodIsDiff(wp)) foldUpdateAll(wp); #endif n = diff_check(wp, wp->w_topline); if ((wp != curwin && wp->w_topfill > 0) || n > 0) { if (wp->w_topfill > n) wp->w_topfill = (n < 0 ? 0 : n); else if (n > 0 && n > wp->w_topfill) { wp->w_topfill = n; if (wp == curwin) used_max_fill_curwin = TRUE; else if (wp_other != NULL) used_max_fill_other = TRUE; } check_topfill(wp, FALSE); } } if (wp_other != NULL && curwin->w_p_scb) { if (used_max_fill_curwin) diff_set_topline(wp_other, curwin); else if (used_max_fill_other) diff_set_topline(curwin, wp_other); } }",visit repo url,src/diff.c,https://github.com/vim/vim,216018511617667,1 4039,CWE-125,"uint32_t _WM_SetupMidiEvent(struct _mdi *mdi, uint8_t * event_data, uint8_t running_event) { uint32_t ret_cnt = 0; uint8_t command = 0; uint8_t channel = 0; uint8_t data_1 = 0; uint8_t data_2 = 0; char *text = NULL; if (event_data[0] >= 0x80) { command = *event_data & 0xf0; channel = *event_data++ & 0x0f; ret_cnt++; } else { command = running_event & 0xf0; channel = running_event & 0x0f; } switch(command) { case 0x80: _SETUP_NOTEOFF: data_1 = *event_data++; data_2 = *event_data++; _WM_midi_setup_noteoff(mdi, channel, data_1, data_2); ret_cnt += 2; break; case 0x90: if (event_data[1] == 0) goto _SETUP_NOTEOFF; data_1 = *event_data++; data_2 = *event_data++; midi_setup_noteon(mdi, channel, data_1, data_2); ret_cnt += 2; break; case 0xa0: data_1 = *event_data++; data_2 = *event_data++; midi_setup_aftertouch(mdi, channel, data_1, data_2); ret_cnt += 2; break; case 0xb0: data_1 = *event_data++; data_2 = *event_data++; midi_setup_control(mdi, channel, data_1, data_2); ret_cnt += 2; break; case 0xc0: data_1 = *event_data++; midi_setup_patch(mdi, channel, data_1); ret_cnt++; break; case 0xd0: data_1 = *event_data++; midi_setup_channel_pressure(mdi, channel, data_1); ret_cnt++; break; case 0xe0: data_1 = *event_data++; data_2 = *event_data++; midi_setup_pitch(mdi, channel, ((data_2 << 7) | (data_1 & 0x7f))); ret_cnt += 2; break; case 0xf0: if (channel == 0x0f) { uint32_t tmp_length = 0; if ((event_data[0] == 0x00) && (event_data[1] == 0x02)) { midi_setup_sequenceno(mdi, ((event_data[2] << 8) + event_data[3])); ret_cnt += 4; } else if (event_data[0] == 0x01) { event_data++; ret_cnt++; if (*event_data > 0x7f) { do { tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; } while (*event_data > 0x7f); } tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; text = malloc(tmp_length + 1); memcpy(text, event_data, tmp_length); text[tmp_length] = '\0'; midi_setup_text(mdi, text); ret_cnt += tmp_length; } else if (event_data[0] == 0x02) { event_data++; ret_cnt++; if (*event_data > 0x7f) { do { tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; } while (*event_data > 0x7f); } tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; if (mdi->extra_info.copyright) { mdi->extra_info.copyright = realloc(mdi->extra_info.copyright,(strlen(mdi->extra_info.copyright) + 1 + tmp_length + 1)); memcpy(&mdi->extra_info.copyright[strlen(mdi->extra_info.copyright) + 1], event_data, tmp_length); mdi->extra_info.copyright[strlen(mdi->extra_info.copyright) + 1 + tmp_length] = '\0'; mdi->extra_info.copyright[strlen(mdi->extra_info.copyright)] = '\n'; } else { mdi->extra_info.copyright = malloc(tmp_length + 1); memcpy(mdi->extra_info.copyright, event_data, tmp_length); mdi->extra_info.copyright[tmp_length] = '\0'; } text = malloc(tmp_length + 1); memcpy(text, event_data, tmp_length); text[tmp_length] = '\0'; midi_setup_copyright(mdi, text); ret_cnt += tmp_length; } else if (event_data[0] == 0x03) { event_data++; ret_cnt++; if (*event_data > 0x7f) { do { tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; } while (*event_data > 0x7f); } tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; text = malloc(tmp_length + 1); memcpy(text, event_data, tmp_length); text[tmp_length] = '\0'; midi_setup_trackname(mdi, text); ret_cnt += tmp_length; } else if (event_data[0] == 0x04) { event_data++; ret_cnt++; if (*event_data > 0x7f) { do { tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; } while (*event_data > 0x7f); } tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; text = malloc(tmp_length + 1); memcpy(text, event_data, tmp_length); text[tmp_length] = '\0'; midi_setup_instrumentname(mdi, text); ret_cnt += tmp_length; } else if (event_data[0] == 0x05) { event_data++; ret_cnt++; if (*event_data > 0x7f) { do { tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; } while (*event_data > 0x7f); } tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; text = malloc(tmp_length + 1); memcpy(text, event_data, tmp_length); text[tmp_length] = '\0'; midi_setup_lyric(mdi, text); ret_cnt += tmp_length; } else if (event_data[0] == 0x06) { event_data++; ret_cnt++; if (*event_data > 0x7f) { do { tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; } while (*event_data > 0x7f); } tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; text = malloc(tmp_length + 1); memcpy(text, event_data, tmp_length); text[tmp_length] = '\0'; midi_setup_marker(mdi, text); ret_cnt += tmp_length; } else if (event_data[0] == 0x07) { event_data++; ret_cnt++; if (*event_data > 0x7f) { do { tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; } while (*event_data > 0x7f); } tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; text = malloc(tmp_length + 1); memcpy(text, event_data, tmp_length); text[tmp_length] = '\0'; midi_setup_cuepoint(mdi, text); ret_cnt += tmp_length; } else if ((event_data[0] == 0x20) && (event_data[1] == 0x01)) { midi_setup_channelprefix(mdi, event_data[2]); ret_cnt += 3; } else if ((event_data[0] == 0x21) && (event_data[1] == 0x01)) { midi_setup_portprefix(mdi, event_data[2]); ret_cnt += 3; } else if ((event_data[0] == 0x2F) && (event_data[1] == 0x00)) { _WM_midi_setup_endoftrack(mdi); ret_cnt += 2; } else if ((event_data[0] == 0x51) && (event_data[1] == 0x03)) { _WM_midi_setup_tempo(mdi, ((event_data[2] << 16) + (event_data[3] << 8) + event_data[4])); ret_cnt += 5; } else if ((event_data[0] == 0x54) && (event_data[1] == 0x05)) { midi_setup_smpteoffset(mdi, ((event_data[3] << 24) + (event_data[4] << 16) + (event_data[5] << 8) + event_data[6])); mdi->events[mdi->events_size - 1].event_data.channel = event_data[2]; ret_cnt += 7; } else if ((event_data[0] == 0x58) && (event_data[1] == 0x04)) { midi_setup_timesignature(mdi, ((event_data[2] << 24) + (event_data[3] << 16) + (event_data[4] << 8) + event_data[5])); ret_cnt += 6; } else if ((event_data[0] == 0x59) && (event_data[1] == 0x02)) { midi_setup_keysignature(mdi, ((event_data[2] << 8) + event_data[3])); ret_cnt += 4; } else { event_data++; ret_cnt++; if (*event_data > 0x7f) { do { tmp_length = (tmp_length << 7) + (*event_data & 0x7f); event_data++; ret_cnt++; } while (*event_data > 0x7f); } tmp_length = (tmp_length << 7) + (*event_data & 0x7f); ret_cnt++; ret_cnt += tmp_length; } } else if ((channel == 0) || (channel == 7)) { uint32_t sysex_len = 0; uint8_t *sysex_store = NULL; if (*event_data > 0x7f) { do { sysex_len = (sysex_len << 7) + (*event_data & 0x7F); event_data++; ret_cnt++; } while (*event_data > 0x7f); } sysex_len = (sysex_len << 7) + (*event_data & 0x7F); event_data++; if (!sysex_len) break; ret_cnt++; sysex_store = malloc(sizeof(uint8_t) * sysex_len); memcpy(sysex_store, event_data, sysex_len); if (sysex_store[sysex_len - 1] == 0xF7) { uint8_t rolandsysexid[] = { 0x41, 0x10, 0x42, 0x12 }; if (memcmp(rolandsysexid, sysex_store, 4) == 0) { uint8_t sysex_cs = 0; uint32_t sysex_ofs = 4; do { sysex_cs += sysex_store[sysex_ofs]; if (sysex_cs > 0x7F) { sysex_cs -= 0x80; } sysex_ofs++; } while (sysex_store[sysex_ofs + 1] != 0xf7); sysex_cs = 128 - sysex_cs; if (sysex_cs == sysex_store[sysex_ofs]) { if (sysex_store[4] == 0x40) { if (((sysex_store[5] & 0xf0) == 0x10) && (sysex_store[6] == 0x15)) { uint8_t sysex_ch = 0x0f & sysex_store[5]; if (sysex_ch == 0x00) { sysex_ch = 0x09; } else if (sysex_ch <= 0x09) { sysex_ch -= 1; } midi_setup_sysex_roland_drum_track(mdi, sysex_ch, sysex_store[7]); } else if ((sysex_store[5] == 0x00) && (sysex_store[6] == 0x7F) && (sysex_store[7] == 0x00)) { midi_setup_sysex_roland_reset(mdi); } } } } else { uint8_t gm_reset[] = {0x7e, 0x7f, 0x09, 0x01, 0xf7}; uint8_t yamaha_reset[] = {0x43, 0x10, 0x4c, 0x00, 0x00, 0x7e, 0x00, 0xf7}; if (memcmp(gm_reset, sysex_store, 5) == 0) { midi_setup_sysex_gm_reset(mdi); } else if (memcmp(yamaha_reset,sysex_store,8) == 0) { midi_setup_sysex_yamaha_reset(mdi); } } } free(sysex_store); sysex_store = NULL; ret_cnt += sysex_len; } else { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(unrecognized meta type event)"", 0); return 0; } break; default: ret_cnt = 0; break; } if (ret_cnt == 0) _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_CORUPT, ""(missing event)"", 0); return ret_cnt; }",visit repo url,src/internal_midi.c,https://github.com/Mindwerks/wildmidi,126206874724748,1 5880,CWE-120,"PJ_DEF(pj_status_t) pjmedia_rtp_decode_rtp2( pjmedia_rtp_session *ses, const void *pkt, int pkt_len, const pjmedia_rtp_hdr **hdr, pjmedia_rtp_dec_hdr *dec_hdr, const void **payload, unsigned *payloadlen) { int offset; PJ_UNUSED_ARG(ses); *hdr = (pjmedia_rtp_hdr*)pkt; if ((*hdr)->v != RTP_VERSION) { return PJMEDIA_RTP_EINVER; } offset = sizeof(pjmedia_rtp_hdr) + ((*hdr)->cc * sizeof(pj_uint32_t)); if ((*hdr)->x) { if (offset + sizeof (pjmedia_rtp_ext_hdr) > (unsigned)pkt_len) return PJMEDIA_RTP_EINLEN; dec_hdr->ext_hdr = (pjmedia_rtp_ext_hdr*)(((pj_uint8_t*)pkt) + offset); dec_hdr->ext = (pj_uint32_t*)(dec_hdr->ext_hdr + 1); dec_hdr->ext_len = pj_ntohs((dec_hdr->ext_hdr)->length); offset += ((dec_hdr->ext_len + 1) * sizeof(pj_uint32_t)); } else { dec_hdr->ext_hdr = NULL; dec_hdr->ext = NULL; dec_hdr->ext_len = 0; } if (offset > pkt_len) return PJMEDIA_RTP_EINLEN; *payload = ((pj_uint8_t*)pkt) + offset; *payloadlen = pkt_len - offset; if ((*hdr)->p && *payloadlen > 0) { pj_uint8_t pad_len; pad_len = ((pj_uint8_t*)(*payload))[*payloadlen - 1]; if (pad_len <= *payloadlen) *payloadlen -= pad_len; } return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtp.c,https://github.com/pjsip/pjproject,168264183876576,1 5553,[],"static int do_tkill(pid_t tgid, pid_t pid, int sig) { struct siginfo info; info.si_signo = sig; info.si_errno = 0; info.si_code = SI_TKILL; info.si_pid = task_tgid_vnr(current); info.si_uid = current_uid(); return do_send_specific(tgid, pid, sig, &info); }",linux-2.6,,,296543265821813525761065580467795640784,0 6442,CWE-20,"error_t httpClientAddQueryParam(HttpClientContext *context, const char_t *name, const char_t *value) { size_t nameLen; size_t valueLen; char_t separator; char_t *p; if(context == NULL || name == NULL) return ERROR_INVALID_PARAMETER; if(name[0] == '\0') return ERROR_INVALID_PARAMETER; if(context->requestState != HTTP_REQ_STATE_FORMAT_HEADER) return ERROR_WRONG_STATE; if(context->bufferLen > HTTP_CLIENT_BUFFER_SIZE) return ERROR_INVALID_SYNTAX; context->buffer[context->bufferLen] = '\0'; p = strchr(context->buffer, ' '); if(p == NULL) return ERROR_INVALID_SYNTAX; p = strpbrk(p + 1, "" ?""); if(p == NULL) return ERROR_INVALID_SYNTAX; if(*p == '?') { p = strchr(p + 1, ' '); if(p == NULL) return ERROR_INVALID_SYNTAX; separator = '&'; } else { separator = '?'; } nameLen = osStrlen(name); if(value == NULL) { if((context->bufferLen + nameLen + 1) > HTTP_CLIENT_BUFFER_SIZE) return ERROR_BUFFER_OVERFLOW; osMemmove(p + nameLen + 1, p, context->buffer + context->bufferLen + 1 - p); p[0] = separator; osStrncpy(p + 1, name, nameLen); context->bufferLen += nameLen + 1; } else { valueLen = osStrlen(value); if((context->bufferLen + nameLen + valueLen + 2) > HTTP_CLIENT_BUFFER_SIZE) return ERROR_BUFFER_OVERFLOW; osMemmove(p + nameLen + valueLen + 2, p, context->buffer + context->bufferLen + 1 - p); p[0] = separator; osStrncpy(p + 1, name, nameLen); p[nameLen + 1] = '='; osStrncpy(p + nameLen + 2, value, valueLen); context->bufferLen += nameLen + valueLen + 2; } return NO_ERROR; }",visit repo url,http/http_client.c,https://github.com/Oryx-Embedded/CycloneTCP,45474965847871,1 1467,CWE-264,"SYSCALL_DEFINE5(perf_event_open, struct perf_event_attr __user *, attr_uptr, pid_t, pid, int, cpu, int, group_fd, unsigned long, flags) { struct perf_event *group_leader = NULL, *output_event = NULL; struct perf_event *event, *sibling; struct perf_event_attr attr; struct perf_event_context *ctx; struct file *event_file = NULL; struct fd group = {NULL, 0}; struct task_struct *task = NULL; struct pmu *pmu; int event_fd; int move_group = 0; int err; int f_flags = O_RDWR; if (flags & ~PERF_FLAG_ALL) return -EINVAL; err = perf_copy_attr(attr_uptr, &attr); if (err) return err; if (!attr.exclude_kernel) { if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) return -EACCES; } if (attr.freq) { if (attr.sample_freq > sysctl_perf_event_sample_rate) return -EINVAL; } else { if (attr.sample_period & (1ULL << 63)) return -EINVAL; } if ((flags & PERF_FLAG_PID_CGROUP) && (pid == -1 || cpu == -1)) return -EINVAL; if (flags & PERF_FLAG_FD_CLOEXEC) f_flags |= O_CLOEXEC; event_fd = get_unused_fd_flags(f_flags); if (event_fd < 0) return event_fd; if (group_fd != -1) { err = perf_fget_light(group_fd, &group); if (err) goto err_fd; group_leader = group.file->private_data; if (flags & PERF_FLAG_FD_OUTPUT) output_event = group_leader; if (flags & PERF_FLAG_FD_NO_GROUP) group_leader = NULL; } if (pid != -1 && !(flags & PERF_FLAG_PID_CGROUP)) { task = find_lively_task_by_vpid(pid); if (IS_ERR(task)) { err = PTR_ERR(task); goto err_group_fd; } } if (task && group_leader && group_leader->attr.inherit != attr.inherit) { err = -EINVAL; goto err_task; } get_online_cpus(); event = perf_event_alloc(&attr, cpu, task, group_leader, NULL, NULL, NULL); if (IS_ERR(event)) { err = PTR_ERR(event); goto err_cpus; } if (flags & PERF_FLAG_PID_CGROUP) { err = perf_cgroup_connect(pid, event, &attr, group_leader); if (err) { __free_event(event); goto err_cpus; } } if (is_sampling_event(event)) { if (event->pmu->capabilities & PERF_PMU_CAP_NO_INTERRUPT) { err = -ENOTSUPP; goto err_alloc; } } account_event(event); pmu = event->pmu; if (group_leader && (is_software_event(event) != is_software_event(group_leader))) { if (is_software_event(event)) { pmu = group_leader->pmu; } else if (is_software_event(group_leader) && (group_leader->group_flags & PERF_GROUP_SOFTWARE)) { move_group = 1; } } ctx = find_get_context(pmu, task, event->cpu); if (IS_ERR(ctx)) { err = PTR_ERR(ctx); goto err_alloc; } if (task) { put_task_struct(task); task = NULL; } if (group_leader) { err = -EINVAL; if (group_leader->group_leader != group_leader) goto err_context; if (move_group) { if (group_leader->ctx->type != ctx->type) goto err_context; } else { if (group_leader->ctx != ctx) goto err_context; } if (attr.exclusive || attr.pinned) goto err_context; } if (output_event) { err = perf_event_set_output(event, output_event); if (err) goto err_context; } event_file = anon_inode_getfile(""[perf_event]"", &perf_fops, event, f_flags); if (IS_ERR(event_file)) { err = PTR_ERR(event_file); goto err_context; } if (move_group) { struct perf_event_context *gctx = group_leader->ctx; mutex_lock(&gctx->mutex); perf_remove_from_context(group_leader, false); perf_event__state_init(group_leader); list_for_each_entry(sibling, &group_leader->sibling_list, group_entry) { perf_remove_from_context(sibling, false); perf_event__state_init(sibling); put_ctx(gctx); } mutex_unlock(&gctx->mutex); put_ctx(gctx); } WARN_ON_ONCE(ctx->parent_ctx); mutex_lock(&ctx->mutex); if (move_group) { synchronize_rcu(); perf_install_in_context(ctx, group_leader, group_leader->cpu); get_ctx(ctx); list_for_each_entry(sibling, &group_leader->sibling_list, group_entry) { perf_install_in_context(ctx, sibling, sibling->cpu); get_ctx(ctx); } } perf_install_in_context(ctx, event, event->cpu); perf_unpin_context(ctx); mutex_unlock(&ctx->mutex); put_online_cpus(); event->owner = current; mutex_lock(¤t->perf_event_mutex); list_add_tail(&event->owner_entry, ¤t->perf_event_list); mutex_unlock(¤t->perf_event_mutex); perf_event__header_size(event); perf_event__id_header_size(event); fdput(group); fd_install(event_fd, event_file); return event_fd; err_context: perf_unpin_context(ctx); put_ctx(ctx); err_alloc: free_event(event); err_cpus: put_online_cpus(); err_task: if (task) put_task_struct(task); err_group_fd: fdput(group); err_fd: put_unused_fd(event_fd); return err; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,159024856967877,1 2121,['CWE-119'],"static inline void pack_descriptor(struct desc_struct *desc, unsigned long base, unsigned long limit, unsigned char type, unsigned char flags) { desc->a = ((base & 0xffff) << 16) | (limit & 0xffff); desc->b = (base & 0xff000000) | ((base & 0xff0000) >> 16) | (limit & 0x000f0000) | ((type & 0xff) << 8) | ((flags & 0xf) << 20); desc->p = 1; }",linux-2.6,,,121899377511604698487339060463101174900,0 6518,CWE-476,"MOBI_RET mobi_trie_insert_infl(MOBITrie **root, const MOBIIndx *indx, size_t i) { MOBIIndexEntry e = indx->entries[i]; char *inflected = e.label; for (size_t j = 0; j < e.tags_count; j++) { MOBIIndexTag t = e.tags[j]; if (t.tagid == INDX_TAGARR_INFL_PARTS_V1) { for (size_t k = 0; k < t.tagvalues_count - 1; k += 2) { uint32_t len = t.tagvalues[k]; uint32_t offset = t.tagvalues[k + 1]; char *base = mobi_get_cncx_string_flat(indx->cncx_record, offset, len); if (base == NULL) { return MOBI_MALLOC_FAILED; } MOBI_RET ret = mobi_trie_insert_reversed(root, base, inflected); free(base); if (ret != MOBI_SUCCESS) { return ret; } } } } return MOBI_SUCCESS; }",visit repo url,src/index.c,https://github.com/bfabiszewski/libmobi,124406334535376,1 5694,CWE-125,"bgp_capability_parse (struct peer *peer, u_char *pnt, u_char length, u_char **error) { int ret; u_char *end; struct capability cap; end = pnt + length; while (pnt < end) { afi_t afi; safi_t safi; memcpy (&cap, pnt, sizeof (struct capability)); afi = ntohs(cap.mpc.afi); safi = cap.mpc.safi; if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s OPEN has CAPABILITY code: %d, length %d"", peer->host, cap.code, cap.length); if (pnt + 2 > end) { zlog_info (""%s Capability length error"", peer->host); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } if (pnt + (cap.length + 2) > end) { zlog_info (""%s Capability length error"", peer->host); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } if (cap.code == CAPABILITY_CODE_MP) { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s OPEN has MP_EXT CAP for afi/safi: %u/%u"", peer->host, afi, safi); if (! CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) { ret = bgp_capability_mp (peer, &cap); if (ret < 0) { memcpy (*error, &cap, cap.length + 2); *error += cap.length + 2; } } } else if (cap.code == CAPABILITY_CODE_REFRESH || cap.code == CAPABILITY_CODE_REFRESH_OLD) { if (cap.length != CAPABILITY_CODE_REFRESH_LEN) { zlog_info (""%s Route Refresh Capability length error %d"", peer->host, cap.length); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s OPEN has ROUTE-REFRESH capability(%s) for all address-families"", peer->host, cap.code == CAPABILITY_CODE_REFRESH_OLD ? ""old"" : ""new""); if (cap.code == CAPABILITY_CODE_REFRESH_OLD) SET_FLAG (peer->cap, PEER_CAP_REFRESH_OLD_RCV); else SET_FLAG (peer->cap, PEER_CAP_REFRESH_NEW_RCV); } else if (cap.code == CAPABILITY_CODE_ORF || cap.code == CAPABILITY_CODE_ORF_OLD) bgp_capability_orf (peer, &cap, pnt + sizeof (struct capability)); else if (cap.code == CAPABILITY_CODE_RESTART) { struct graceful_restart_af graf; u_int16_t restart_flag_time; int restart_bit = 0; u_char *restart_pnt; u_char *restart_end; if (cap.length < CAPABILITY_CODE_RESTART_LEN) { zlog_info (""%s Graceful Restart Capability length error %d"", peer->host, cap.length); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } SET_FLAG (peer->cap, PEER_CAP_RESTART_RCV); restart_flag_time = ntohs(cap.mpc.afi); if (CHECK_FLAG (restart_flag_time, RESTART_R_BIT)) restart_bit = 1; UNSET_FLAG (restart_flag_time, 0xF000); peer->v_gr_restart = restart_flag_time; if (BGP_DEBUG (normal, NORMAL)) { zlog_debug (""%s OPEN has Graceful Restart capability"", peer->host); zlog_debug (""%s Peer has%srestarted. Restart Time : %d"", peer->host, restart_bit ? "" "" : "" not "", peer->v_gr_restart); } restart_pnt = pnt + 4; restart_end = pnt + cap.length + 2; while (restart_pnt < restart_end) { memcpy (&graf, restart_pnt, sizeof (struct graceful_restart_af)); afi = ntohs(graf.afi); safi = graf.safi; if (CHECK_FLAG (graf.flag, RESTART_F_BIT)) SET_FLAG (peer->af_cap[afi][safi], PEER_CAP_RESTART_AF_PRESERVE_RCV); if (strcmp (afi_safi_print (afi, safi), ""Unknown"") == 0) { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s Addr-family %d/%d(afi/safi) not supported. I gnore the Graceful Restart capability"", peer->host, afi, safi); } else if (! peer->afc[afi][safi]) { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s Addr-family %d/%d(afi/safi) not enabled. Ignore the Graceful Restart capability"", peer->host, afi, safi); } else { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s Address family %s is%spreserved"", peer->host, afi_safi_print (afi, safi), CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_RESTART_AF_PRESERVE_RCV) ? "" "" : "" not ""); SET_FLAG (peer->af_cap[afi][safi], PEER_CAP_RESTART_AF_RCV); } restart_pnt += 4; } } else if (cap.code == CAPABILITY_CODE_DYNAMIC) { if (cap.length != CAPABILITY_CODE_DYNAMIC_LEN) { zlog_info (""%s Dynamic Capability length error %d"", peer->host, cap.length); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s OPEN has DYNAMIC capability"", peer->host); SET_FLAG (peer->cap, PEER_CAP_DYNAMIC_RCV); } else if (cap.code > 128) { zlog_warn (""%s Vendor specific capability %d"", peer->host, cap.code); } else { zlog_warn (""%s unrecognized capability code: %d - ignored"", peer->host, cap.code); memcpy (*error, &cap, cap.length + 2); *error += cap.length + 2; } pnt += cap.length + 2; } return 0; }",visit repo url,bgpd/bgp_open.c,https://github.com/FRRouting/frr,20543938682771,1 4148,CWE-416,"xmlAddRef(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, xmlAttrPtr attr) { xmlRefPtr ret; xmlRefTablePtr table; xmlListPtr ref_list; if (doc == NULL) { return(NULL); } if (value == NULL) { return(NULL); } if (attr == NULL) { return(NULL); } table = (xmlRefTablePtr) doc->refs; if (table == NULL) { doc->refs = table = xmlHashCreateDict(0, doc->dict); } if (table == NULL) { xmlVErrMemory(ctxt, ""xmlAddRef: Table creation failed!\n""); return(NULL); } ret = (xmlRefPtr) xmlMalloc(sizeof(xmlRef)); if (ret == NULL) { xmlVErrMemory(ctxt, ""malloc failed""); return(NULL); } ret->value = xmlStrdup(value); if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ret->name = xmlStrdup(attr->name); ret->attr = NULL; } else { ret->name = NULL; ret->attr = attr; } ret->lineno = xmlGetLineNo(attr->parent); if (NULL == (ref_list = xmlHashLookup(table, value))) { if (NULL == (ref_list = xmlListCreate(xmlFreeRef, xmlDummyCompare))) { xmlErrValid(NULL, XML_ERR_INTERNAL_ERROR, ""xmlAddRef: Reference list creation failed!\n"", NULL); goto failed; } if (xmlHashAddEntry(table, value, ref_list) < 0) { xmlListDelete(ref_list); xmlErrValid(NULL, XML_ERR_INTERNAL_ERROR, ""xmlAddRef: Reference list insertion failed!\n"", NULL); goto failed; } } if (xmlListAppend(ref_list, ret) != 0) { xmlErrValid(NULL, XML_ERR_INTERNAL_ERROR, ""xmlAddRef: Reference list insertion failed!\n"", NULL); goto failed; } return(ret); failed: if (ret != NULL) { if (ret->value != NULL) xmlFree((char *)ret->value); if (ret->name != NULL) xmlFree((char *)ret->name); xmlFree(ret); } return(NULL); }",visit repo url,valid.c,https://github.com/GNOME/libxml2,116376295032962,1 5802,['CWE-200'],"static int atalk_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) { struct sockaddr_at sat; struct sock *sk = sock->sk; struct atalk_sock *at = at_sk(sk); if (sock_flag(sk, SOCK_ZAPPED)) if (atalk_autobind(sk) < 0) return -ENOBUFS; *uaddr_len = sizeof(struct sockaddr_at); memset(&sat.sat_zero, 0, sizeof(sat.sat_zero)); if (peer) { if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; sat.sat_addr.s_net = at->dest_net; sat.sat_addr.s_node = at->dest_node; sat.sat_port = at->dest_port; } else { sat.sat_addr.s_net = at->src_net; sat.sat_addr.s_node = at->src_node; sat.sat_port = at->src_port; } sat.sat_family = AF_APPLETALK; memcpy(uaddr, &sat, sizeof(sat)); return 0; }",linux-2.6,,,179767459463602492121872633902530980979,0 1619,[],"prepare_task_switch(struct rq *rq, struct task_struct *prev, struct task_struct *next) { fire_sched_out_preempt_notifiers(prev, next); prepare_lock_switch(rq, next); prepare_arch_switch(next); }",linux-2.6,,,94463141963681561215238669662289174253,0 1889,['CWE-20'],"static int move_to_new_page(struct page *newpage, struct page *page) { struct address_space *mapping; int rc; if (TestSetPageLocked(newpage)) BUG(); newpage->index = page->index; newpage->mapping = page->mapping; mapping = page_mapping(page); if (!mapping) rc = migrate_page(mapping, newpage, page); else if (mapping->a_ops->migratepage) rc = mapping->a_ops->migratepage(mapping, newpage, page); else rc = fallback_migrate_page(mapping, newpage, page); if (!rc) { mem_cgroup_page_migration(page, newpage); remove_migration_ptes(page, newpage); } else newpage->mapping = NULL; unlock_page(newpage); return rc; }",linux-2.6,,,271465634283128390123765540408503767746,0 3937,['CWE-362'],"static inline void put_inotify_handle(struct inotify_handle *ih) { if (atomic_dec_and_test(&ih->count)) { idr_destroy(&ih->idr); kfree(ih); } }",linux-2.6,,,317282158487677276849740153710177903021,0 107,['CWE-787'],"cirrus_hook_write_sr(CirrusVGAState * s, unsigned reg_index, int reg_value) { switch (reg_index) { case 0x00: case 0x01: case 0x02: case 0x03: case 0x04: return CIRRUS_HOOK_NOT_HANDLED; case 0x06: reg_value &= 0x17; if (reg_value == 0x12) { s->sr[reg_index] = 0x12; } else { s->sr[reg_index] = 0x0f; } break; case 0x10: case 0x30: case 0x50: case 0x70: case 0x90: case 0xb0: case 0xd0: case 0xf0: s->sr[0x10] = reg_value; s->hw_cursor_x = (reg_value << 3) | (reg_index >> 5); break; case 0x11: case 0x31: case 0x51: case 0x71: case 0x91: case 0xb1: case 0xd1: case 0xf1: s->sr[0x11] = reg_value; s->hw_cursor_y = (reg_value << 3) | (reg_index >> 5); break; case 0x07: case 0x08: case 0x09: case 0x0a: case 0x0b: case 0x0c: case 0x0d: case 0x0e: case 0x0f: case 0x12: case 0x13: case 0x14: case 0x15: case 0x16: case 0x18: case 0x19: case 0x1a: case 0x1b: case 0x1c: case 0x1d: case 0x1e: case 0x1f: s->sr[reg_index] = reg_value; #ifdef DEBUG_CIRRUS printf(""cirrus: handled outport sr_index %02x, sr_value %02x\n"", reg_index, reg_value); #endif break; case 0x17: s->sr[reg_index] = (s->sr[reg_index] & 0x38) | (reg_value & 0xc7); cirrus_update_memory_access(s); break; default: #ifdef DEBUG_CIRRUS printf(""cirrus: outport sr_index %02x, sr_value %02x\n"", reg_index, reg_value); #endif break; } return CIRRUS_HOOK_HANDLED; }",qemu,,,35959918935483723114348334589763017330,0 4716,['CWE-20'],"static void ext4_commit_super(struct super_block *sb, struct ext4_super_block *es, int sync) { struct buffer_head *sbh = EXT4_SB(sb)->s_sbh; if (!sbh) return; if (buffer_write_io_error(sbh)) { printk(KERN_ERR ""ext4: previous I/O error to "" ""superblock detected for %s.\n"", sb->s_id); clear_buffer_write_io_error(sbh); set_buffer_uptodate(sbh); } es->s_wtime = cpu_to_le32(get_seconds()); ext4_free_blocks_count_set(es, percpu_counter_sum_positive( &EXT4_SB(sb)->s_freeblocks_counter)); es->s_free_inodes_count = cpu_to_le32(percpu_counter_sum_positive( &EXT4_SB(sb)->s_freeinodes_counter)); BUFFER_TRACE(sbh, ""marking dirty""); mark_buffer_dirty(sbh); if (sync) { sync_dirty_buffer(sbh); if (buffer_write_io_error(sbh)) { printk(KERN_ERR ""ext4: I/O error while writing "" ""superblock for %s.\n"", sb->s_id); clear_buffer_write_io_error(sbh); set_buffer_uptodate(sbh); } } }",linux-2.6,,,281459929697822324395687228692928186865,0 3257,['CWE-189'],"static jas_cmpxform_t *jas_cmpxform_createshapmat() { int i; int j; jas_cmpxform_t *pxform; jas_cmshapmat_t *shapmat; if (!(pxform = jas_cmpxform_create0())) return 0; pxform->ops = &shapmat_ops; shapmat = &pxform->data.shapmat; shapmat->mono = 0; shapmat->order = 0; shapmat->useluts = 0; shapmat->usemat = 0; for (i = 0; i < 3; ++i) jas_cmshapmatlut_init(&shapmat->luts[i]); for (i = 0; i < 3; ++i) { for (j = 0; j < 4; ++j) shapmat->mat[i][j] = 0.0; } ++pxform->refcnt; return pxform; }",jasper,,,273489084364532873206181863427538625790,0 2431,CWE-119,"static int cdxl_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPacket *pkt) { CDXLVideoContext *c = avctx->priv_data; AVFrame * const p = data; int ret, w, h, encoding, aligned_width, buf_size = pkt->size; const uint8_t *buf = pkt->data; if (buf_size < 32) return AVERROR_INVALIDDATA; encoding = buf[1] & 7; c->format = buf[1] & 0xE0; w = AV_RB16(&buf[14]); h = AV_RB16(&buf[16]); c->bpp = buf[19]; c->palette_size = AV_RB16(&buf[20]); c->palette = buf + 32; c->video = c->palette + c->palette_size; c->video_size = buf_size - c->palette_size - 32; if (c->palette_size > 512) return AVERROR_INVALIDDATA; if (buf_size < c->palette_size + 32) return AVERROR_INVALIDDATA; if (c->bpp < 1) return AVERROR_INVALIDDATA; if (c->format != BIT_PLANAR && c->format != BIT_LINE && c->format != CHUNKY) { avpriv_request_sample(avctx, ""Pixel format 0x%0x"", c->format); return AVERROR_PATCHWELCOME; } if ((ret = ff_set_dimensions(avctx, w, h)) < 0) return ret; if (c->format == CHUNKY) aligned_width = avctx->width; else aligned_width = FFALIGN(c->avctx->width, 16); c->padded_bits = aligned_width - c->avctx->width; if (c->video_size < aligned_width * avctx->height * (int64_t)c->bpp / 8) return AVERROR_INVALIDDATA; if (!encoding && c->palette_size && c->bpp <= 8 && c->format != CHUNKY) { avctx->pix_fmt = AV_PIX_FMT_PAL8; } else if (encoding == 1 && (c->bpp == 6 || c->bpp == 8)) { if (c->palette_size != (1 << (c->bpp - 1))) return AVERROR_INVALIDDATA; avctx->pix_fmt = AV_PIX_FMT_BGR24; } else if (!encoding && c->bpp == 24 && c->format == CHUNKY && !c->palette_size) { avctx->pix_fmt = AV_PIX_FMT_RGB24; } else { avpriv_request_sample(avctx, ""Encoding %d, bpp %d and format 0x%x"", encoding, c->bpp, c->format); return AVERROR_PATCHWELCOME; } if ((ret = ff_get_buffer(avctx, p, 0)) < 0) return ret; p->pict_type = AV_PICTURE_TYPE_I; if (encoding) { av_fast_padded_malloc(&c->new_video, &c->new_video_size, h * w + AV_INPUT_BUFFER_PADDING_SIZE); if (!c->new_video) return AVERROR(ENOMEM); if (c->bpp == 8) cdxl_decode_ham8(c, p); else cdxl_decode_ham6(c, p); } else if (avctx->pix_fmt == AV_PIX_FMT_PAL8) { cdxl_decode_rgb(c, p); } else { cdxl_decode_raw(c, p); } *got_frame = 1; return buf_size; }",visit repo url,libavcodec/cdxl.c,https://github.com/FFmpeg/FFmpeg,112993258416551,1 1559,CWE-362,"static void bt_for_each(struct blk_mq_hw_ctx *hctx, struct blk_mq_bitmap_tags *bt, unsigned int off, busy_iter_fn *fn, void *data, bool reserved) { struct request *rq; int bit, i; for (i = 0; i < bt->map_nr; i++) { struct blk_align_bitmap *bm = &bt->map[i]; for (bit = find_first_bit(&bm->word, bm->depth); bit < bm->depth; bit = find_next_bit(&bm->word, bm->depth, bit + 1)) { rq = blk_mq_tag_to_rq(hctx->tags, off + bit); if (rq->q == hctx->queue) fn(hctx, rq, data, reserved); } off += (1 << bt->bits_per_word); } }",visit repo url,block/blk-mq-tag.c,https://github.com/torvalds/linux,11798449567866,1 1164,['CWE-189'],"void hrtimer_init(struct hrtimer *timer, clockid_t clock_id, enum hrtimer_mode mode) { struct hrtimer_cpu_base *cpu_base; memset(timer, 0, sizeof(struct hrtimer)); cpu_base = &__raw_get_cpu_var(hrtimer_bases); if (clock_id == CLOCK_REALTIME && mode != HRTIMER_MODE_ABS) clock_id = CLOCK_MONOTONIC; timer->base = &cpu_base->clock_base[clock_id]; hrtimer_init_timer_hres(timer); #ifdef CONFIG_TIMER_STATS timer->start_site = NULL; timer->start_pid = -1; memset(timer->start_comm, 0, TASK_COMM_LEN); #endif }",linux-2.6,,,164039201945866326030599340562928145758,0 1175,CWE-400,"static int cop1Emulate(struct pt_regs *xcp, struct mips_fpu_struct *ctx, void *__user *fault_addr) { mips_instruction ir; unsigned long emulpc, contpc; unsigned int cond; if (!access_ok(VERIFY_READ, xcp->cp0_epc, sizeof(mips_instruction))) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = (mips_instruction __user *)xcp->cp0_epc; return SIGBUS; } if (__get_user(ir, (mips_instruction __user *) xcp->cp0_epc)) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = (mips_instruction __user *)xcp->cp0_epc; return SIGSEGV; } if ((xcp->cp0_cause & CAUSEF_BD) && !isBranchInstr(&ir)) xcp->cp0_cause &= ~CAUSEF_BD; if (xcp->cp0_cause & CAUSEF_BD) { emulpc = xcp->cp0_epc + 4; if (__compute_return_epc(xcp)) { #ifdef CP1DBG printk(""failed to emulate branch at %p\n"", (void *) (xcp->cp0_epc)); #endif return SIGILL; } if (!access_ok(VERIFY_READ, emulpc, sizeof(mips_instruction))) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = (mips_instruction __user *)emulpc; return SIGBUS; } if (__get_user(ir, (mips_instruction __user *) emulpc)) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = (mips_instruction __user *)emulpc; return SIGSEGV; } contpc = xcp->cp0_epc; xcp->cp0_epc = emulpc - 4; } else { emulpc = xcp->cp0_epc; contpc = xcp->cp0_epc + 4; } emul: perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, xcp, 0); MIPS_FPU_EMU_INC_STATS(emulated); switch (MIPSInst_OPCODE(ir)) { case ldc1_op:{ u64 __user *va = (u64 __user *) (xcp->regs[MIPSInst_RS(ir)] + MIPSInst_SIMM(ir)); u64 val; MIPS_FPU_EMU_INC_STATS(loads); if (!access_ok(VERIFY_READ, va, sizeof(u64))) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = va; return SIGBUS; } if (__get_user(val, va)) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = va; return SIGSEGV; } DITOREG(val, MIPSInst_RT(ir)); break; } case sdc1_op:{ u64 __user *va = (u64 __user *) (xcp->regs[MIPSInst_RS(ir)] + MIPSInst_SIMM(ir)); u64 val; MIPS_FPU_EMU_INC_STATS(stores); DIFROMREG(val, MIPSInst_RT(ir)); if (!access_ok(VERIFY_WRITE, va, sizeof(u64))) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = va; return SIGBUS; } if (__put_user(val, va)) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = va; return SIGSEGV; } break; } case lwc1_op:{ u32 __user *va = (u32 __user *) (xcp->regs[MIPSInst_RS(ir)] + MIPSInst_SIMM(ir)); u32 val; MIPS_FPU_EMU_INC_STATS(loads); if (!access_ok(VERIFY_READ, va, sizeof(u32))) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = va; return SIGBUS; } if (__get_user(val, va)) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = va; return SIGSEGV; } SITOREG(val, MIPSInst_RT(ir)); break; } case swc1_op:{ u32 __user *va = (u32 __user *) (xcp->regs[MIPSInst_RS(ir)] + MIPSInst_SIMM(ir)); u32 val; MIPS_FPU_EMU_INC_STATS(stores); SIFROMREG(val, MIPSInst_RT(ir)); if (!access_ok(VERIFY_WRITE, va, sizeof(u32))) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = va; return SIGBUS; } if (__put_user(val, va)) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = va; return SIGSEGV; } break; } case cop1_op: switch (MIPSInst_RS(ir)) { #if defined(__mips64) case dmfc_op: if (MIPSInst_RT(ir) != 0) { DIFROMREG(xcp->regs[MIPSInst_RT(ir)], MIPSInst_RD(ir)); } break; case dmtc_op: DITOREG(xcp->regs[MIPSInst_RT(ir)], MIPSInst_RD(ir)); break; #endif case mfc_op: if (MIPSInst_RT(ir) != 0) { SIFROMREG(xcp->regs[MIPSInst_RT(ir)], MIPSInst_RD(ir)); } break; case mtc_op: SITOREG(xcp->regs[MIPSInst_RT(ir)], MIPSInst_RD(ir)); break; case cfc_op:{ u32 value; if (MIPSInst_RD(ir) == FPCREG_CSR) { value = ctx->fcr31; value = (value & ~FPU_CSR_RM) | mips_rm[modeindex(value)]; #ifdef CSRTRACE printk(""%p gpr[%d]<-csr=%08x\n"", (void *) (xcp->cp0_epc), MIPSInst_RT(ir), value); #endif } else if (MIPSInst_RD(ir) == FPCREG_RID) value = 0; else value = 0; if (MIPSInst_RT(ir)) xcp->regs[MIPSInst_RT(ir)] = value; break; } case ctc_op:{ u32 value; if (MIPSInst_RT(ir) == 0) value = 0; else value = xcp->regs[MIPSInst_RT(ir)]; if (MIPSInst_RD(ir) == FPCREG_CSR) { #ifdef CSRTRACE printk(""%p gpr[%d]->csr=%08x\n"", (void *) (xcp->cp0_epc), MIPSInst_RT(ir), value); #endif ctx->fcr31 = (value & ~(FPU_CSR_RSVD | FPU_CSR_RM)) | ieee_rm[modeindex(value)]; } if ((ctx->fcr31 >> 5) & ctx->fcr31 & FPU_CSR_ALL_E) { return SIGFPE; } break; } case bc_op:{ int likely = 0; if (xcp->cp0_cause & CAUSEF_BD) return SIGILL; #if __mips >= 4 cond = ctx->fcr31 & fpucondbit[MIPSInst_RT(ir) >> 2]; #else cond = ctx->fcr31 & FPU_CSR_COND; #endif switch (MIPSInst_RT(ir) & 3) { case bcfl_op: likely = 1; case bcf_op: cond = !cond; break; case bctl_op: likely = 1; case bct_op: break; default: return SIGILL; } xcp->cp0_cause |= CAUSEF_BD; if (cond) { xcp->cp0_epc += 4; contpc = (xcp->cp0_epc + (MIPSInst_SIMM(ir) << 2)); if (!access_ok(VERIFY_READ, xcp->cp0_epc, sizeof(mips_instruction))) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = (mips_instruction __user *)xcp->cp0_epc; return SIGBUS; } if (__get_user(ir, (mips_instruction __user *) xcp->cp0_epc)) { MIPS_FPU_EMU_INC_STATS(errors); *fault_addr = (mips_instruction __user *)xcp->cp0_epc; return SIGSEGV; } switch (MIPSInst_OPCODE(ir)) { case lwc1_op: case swc1_op: #if (__mips >= 2 || defined(__mips64)) case ldc1_op: case sdc1_op: #endif case cop1_op: #if __mips >= 4 && __mips != 32 case cop1x_op: #endif goto emul; #if __mips >= 4 case spec_op: if (MIPSInst_FUNC(ir) == movc_op) goto emul; break; #endif } return mips_dsemul(xcp, ir, contpc); } else { if (likely) { xcp->cp0_epc += 4; contpc += 4; } } break; } default: if (!(MIPSInst_RS(ir) & 0x10)) return SIGILL; { int sig; if ((sig = fpu_emu(xcp, ctx, ir))) return sig; } } break; #if __mips >= 4 && __mips != 32 case cop1x_op:{ int sig = fpux_emu(xcp, ctx, ir, fault_addr); if (sig) return sig; break; } #endif #if __mips >= 4 case spec_op: if (MIPSInst_FUNC(ir) != movc_op) return SIGILL; cond = fpucondbit[MIPSInst_RT(ir) >> 2]; if (((ctx->fcr31 & cond) != 0) == ((MIPSInst_RT(ir) & 1) != 0)) xcp->regs[MIPSInst_RD(ir)] = xcp->regs[MIPSInst_RS(ir)]; break; #endif default: return SIGILL; } xcp->cp0_epc = contpc; xcp->cp0_cause &= ~CAUSEF_BD; return 0; }",visit repo url,arch/mips/math-emu/cp1emu.c,https://github.com/torvalds/linux,67449887026493,1 2993,['CWE-189'],"static mif_cmpt_t *mif_cmpt_create() { mif_cmpt_t *cmpt; if (!(cmpt = jas_malloc(sizeof(mif_cmpt_t)))) { return 0; } memset(cmpt, 0, sizeof(mif_cmpt_t)); return cmpt; }",jasper,,,74833378805558491662638621120551448657,0 1915,['CWE-20'],"int __pte_alloc_kernel(pmd_t *pmd, unsigned long address) { pte_t *new = pte_alloc_one_kernel(&init_mm, address); if (!new) return -ENOMEM; smp_wmb(); spin_lock(&init_mm.page_table_lock); if (!pmd_present(*pmd)) { pmd_populate_kernel(&init_mm, pmd, new); new = NULL; } spin_unlock(&init_mm.page_table_lock); if (new) pte_free_kernel(&init_mm, new); return 0; }",linux-2.6,,,190444451416611610670238941521510930049,0 5309,CWE-787,"static int readOHDRHeaderMessageDataLayout(struct READER *reader, struct DATAOBJECT *data) { int i, err; unsigned size; uint8_t dimensionality, layout_class; uint32_t dataset_element_size; uint64_t data_address, store, data_size; UNUSED(dataset_element_size); UNUSED(data_size); if (fgetc(reader->fhd) != 3) { mylog(""object OHDR message data layout message must have version 3\n""); return MYSOFA_INVALID_FORMAT; } layout_class = (uint8_t)fgetc(reader->fhd); mylog(""data layout %d\n"", layout_class); switch (layout_class) { #if 0 case 0: data_size = readValue(reader, 2); fseek(reader->fhd, data_size, SEEK_CUR); mylog(""TODO 0 SIZE %u\n"", data_size); break; #endif case 1: data_address = readValue(reader, reader->superblock.size_of_offsets); data_size = readValue(reader, reader->superblock.size_of_lengths); mylog(""CHUNK Contiguous SIZE %"" PRIu64 ""\n"", data_size); if (validAddress(reader, data_address)) { store = ftell(reader->fhd); if (fseek(reader->fhd, data_address, SEEK_SET) < 0) return errno; if (!data->data) { if (data_size > 0x10000000) return MYSOFA_INVALID_FORMAT; data->data_len = data_size; data->data = calloc(1, data_size); if (!data->data) return MYSOFA_NO_MEMORY; } err = fread(data->data, 1, data_size, reader->fhd); if (err != data_size) return MYSOFA_READ_ERROR; if (fseek(reader->fhd, store, SEEK_SET) < 0) return errno; } break; case 2: dimensionality = (uint8_t)fgetc(reader->fhd); mylog(""dimensionality %d\n"", dimensionality); if (dimensionality < 1 || dimensionality > DATAOBJECT_MAX_DIMENSIONALITY) { mylog(""data layout 2: invalid dimensionality %d %lu %lu\n"", dimensionality, sizeof(data->datalayout_chunk), sizeof(data->datalayout_chunk[0])); return MYSOFA_INVALID_FORMAT; } data_address = readValue(reader, reader->superblock.size_of_offsets); mylog("" CHUNK %"" PRIX64 ""\n"", data_address); for (i = 0; i < dimensionality; i++) { data->datalayout_chunk[i] = readValue(reader, 4); mylog("" %d\n"", data->datalayout_chunk[i]); } size = data->datalayout_chunk[dimensionality - 1]; for (i = 0; i < data->ds.dimensionality; i++) size *= data->ds.dimension_size[i]; if (validAddress(reader, data_address) && dimensionality <= 4) { store = ftell(reader->fhd); if (fseek(reader->fhd, data_address, SEEK_SET) < 0) return errno; if (!data->data) { if (size > 0x10000000) return MYSOFA_INVALID_FORMAT; data->data_len = size; data->data = calloc(1, size); if (!data->data) return MYSOFA_NO_MEMORY; } err = treeRead(reader, data); if (err) return err; if (fseek(reader->fhd, store, SEEK_SET) < 0) return errno; } break; default: mylog(""object OHDR message data layout message has unknown layout class "" ""%d\n"", layout_class); return MYSOFA_INVALID_FORMAT; } return MYSOFA_OK; }",visit repo url,src/hdf/dataobject.c,https://github.com/hoene/libmysofa,210620425364560,1 2175,CWE-416,"static inline void get_page(struct page *page) { page = compound_head(page); VM_BUG_ON_PAGE(page_ref_count(page) <= 0, page); page_ref_inc(page); }",visit repo url,include/linux/mm.h,https://github.com/torvalds/linux,132769726914608,1 1816,CWE-119,"int ecryptfs_privileged_open(struct file **lower_file, struct dentry *lower_dentry, struct vfsmount *lower_mnt, const struct cred *cred) { struct ecryptfs_open_req req; int flags = O_LARGEFILE; int rc = 0; init_completion(&req.done); req.lower_file = lower_file; req.path.dentry = lower_dentry; req.path.mnt = lower_mnt; flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR; (*lower_file) = dentry_open(&req.path, flags, cred); if (!IS_ERR(*lower_file)) goto out; if ((flags & O_ACCMODE) == O_RDONLY) { rc = PTR_ERR((*lower_file)); goto out; } mutex_lock(&ecryptfs_kthread_ctl.mux); if (ecryptfs_kthread_ctl.flags & ECRYPTFS_KTHREAD_ZOMBIE) { rc = -EIO; mutex_unlock(&ecryptfs_kthread_ctl.mux); printk(KERN_ERR ""%s: We are in the middle of shutting down; "" ""aborting privileged request to open lower file\n"", __func__); goto out; } list_add_tail(&req.kthread_ctl_list, &ecryptfs_kthread_ctl.req_list); mutex_unlock(&ecryptfs_kthread_ctl.mux); wake_up(&ecryptfs_kthread_ctl.wait); wait_for_completion(&req.done); if (IS_ERR(*lower_file)) rc = PTR_ERR(*lower_file); out: return rc; }",visit repo url,fs/ecryptfs/kthread.c,https://github.com/torvalds/linux,116181034774623,1 5520,['CWE-119'],"ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, size_t *packet_size, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *data, size_t max_packet_size) { struct ecryptfs_parse_tag_70_packet_silly_stack *s; int rc = 0; (*packet_size) = 0; (*filename_size) = 0; (*filename) = NULL; s = kmalloc(sizeof(*s), GFP_KERNEL); if (!s) { printk(KERN_ERR ""%s: Out of memory whilst trying to kmalloc "" ""[%zd] bytes of kernel memory\n"", __func__, sizeof(*s)); goto out; } s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; if (max_packet_size < (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)) { printk(KERN_WARNING ""%s: max_packet_size is [%zd]; it must be "" ""at least [%d]\n"", __func__, max_packet_size, (1 + 1 + ECRYPTFS_SIG_SIZE + 1 + 1)); rc = -EINVAL; goto out; } if (data[(*packet_size)++] != ECRYPTFS_TAG_70_PACKET_TYPE) { printk(KERN_WARNING ""%s: Invalid packet tag [0x%.2x]; must be "" ""tag [0x%.2x]\n"", __func__, data[((*packet_size) - 1)], ECRYPTFS_TAG_70_PACKET_TYPE); rc = -EINVAL; goto out; } rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &s->parsed_tag_70_packet_size, &s->packet_size_len); if (rc) { printk(KERN_WARNING ""%s: Error parsing packet length; "" ""rc = [%d]\n"", __func__, rc); goto out; } s->block_aligned_filename_size = (s->parsed_tag_70_packet_size - ECRYPTFS_SIG_SIZE - 1); if ((1 + s->packet_size_len + s->parsed_tag_70_packet_size) > max_packet_size) { printk(KERN_WARNING ""%s: max_packet_size is [%zd]; real packet "" ""size is [%zd]\n"", __func__, max_packet_size, (1 + s->packet_size_len + 1 + s->block_aligned_filename_size)); rc = -EINVAL; goto out; } (*packet_size) += s->packet_size_len; ecryptfs_to_hex(s->fnek_sig_hex, &data[(*packet_size)], ECRYPTFS_SIG_SIZE); s->fnek_sig_hex[ECRYPTFS_SIG_SIZE_HEX] = '\0'; (*packet_size) += ECRYPTFS_SIG_SIZE; s->cipher_code = data[(*packet_size)++]; rc = ecryptfs_cipher_code_to_string(s->cipher_string, s->cipher_code); if (rc) { printk(KERN_WARNING ""%s: Cipher code [%d] is invalid\n"", __func__, s->cipher_code); goto out; } rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, &s->tfm_mutex, s->cipher_string); if (unlikely(rc)) { printk(KERN_ERR ""Internal error whilst attempting to get "" ""tfm and mutex for cipher name [%s]; rc = [%d]\n"", s->cipher_string, rc); goto out; } mutex_lock(s->tfm_mutex); rc = virt_to_scatterlist(&data[(*packet_size)], s->block_aligned_filename_size, &s->src_sg, 1); if (rc != 1) { printk(KERN_ERR ""%s: Internal error whilst attempting to "" ""convert encrypted filename memory to scatterlist; "" ""expected rc = 1; got rc = [%d]. "" ""block_aligned_filename_size = [%zd]\n"", __func__, rc, s->block_aligned_filename_size); goto out_unlock; } (*packet_size) += s->block_aligned_filename_size; s->decrypted_filename = kmalloc(s->block_aligned_filename_size, GFP_KERNEL); if (!s->decrypted_filename) { printk(KERN_ERR ""%s: Out of memory whilst attempting to "" ""kmalloc [%zd] bytes\n"", __func__, s->block_aligned_filename_size); rc = -ENOMEM; goto out_unlock; } rc = virt_to_scatterlist(s->decrypted_filename, s->block_aligned_filename_size, &s->dst_sg, 1); if (rc != 1) { printk(KERN_ERR ""%s: Internal error whilst attempting to "" ""convert decrypted filename memory to scatterlist; "" ""expected rc = 1; got rc = [%d]. "" ""block_aligned_filename_size = [%zd]\n"", __func__, rc, s->block_aligned_filename_size); goto out_free_unlock; } memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); s->desc.info = s->iv; rc = ecryptfs_find_auth_tok_for_sig(&s->auth_tok, mount_crypt_stat, s->fnek_sig_hex); if (rc) { printk(KERN_ERR ""%s: Error attempting to find auth tok for "" ""fnek sig [%s]; rc = [%d]\n"", __func__, s->fnek_sig_hex, rc); goto out_free_unlock; } BUG_ON(s->auth_tok->token_type != ECRYPTFS_PASSWORD); rc = crypto_blkcipher_setkey( s->desc.tfm, s->auth_tok->token.password.session_key_encryption_key, mount_crypt_stat->global_default_fn_cipher_key_bytes); if (rc < 0) { printk(KERN_ERR ""%s: Error setting key for crypto context; "" ""rc = [%d]. s->auth_tok->token.password.session_key_"" ""encryption_key = [0x%p]; mount_crypt_stat->"" ""global_default_fn_cipher_key_bytes = [%zd]\n"", __func__, rc, s->auth_tok->token.password.session_key_encryption_key, mount_crypt_stat->global_default_fn_cipher_key_bytes); goto out_free_unlock; } rc = crypto_blkcipher_decrypt_iv(&s->desc, &s->dst_sg, &s->src_sg, s->block_aligned_filename_size); if (rc) { printk(KERN_ERR ""%s: Error attempting to decrypt filename; "" ""rc = [%d]\n"", __func__, rc); goto out_free_unlock; } s->i = 0; while (s->decrypted_filename[s->i] != '\0' && s->i < s->block_aligned_filename_size) s->i++; if (s->i == s->block_aligned_filename_size) { printk(KERN_WARNING ""%s: Invalid tag 70 packet; could not "" ""find valid separator between random characters and "" ""the filename\n"", __func__); rc = -EINVAL; goto out_free_unlock; } s->i++; (*filename_size) = (s->block_aligned_filename_size - s->i); if (!((*filename_size) > 0 && (*filename_size < PATH_MAX))) { printk(KERN_WARNING ""%s: Filename size is [%zd], which is "" ""invalid\n"", __func__, (*filename_size)); rc = -EINVAL; goto out_free_unlock; } (*filename) = kmalloc(((*filename_size) + 1), GFP_KERNEL); if (!(*filename)) { printk(KERN_ERR ""%s: Out of memory whilst attempting to "" ""kmalloc [%zd] bytes\n"", __func__, ((*filename_size) + 1)); rc = -ENOMEM; goto out_free_unlock; } memcpy((*filename), &s->decrypted_filename[s->i], (*filename_size)); (*filename)[(*filename_size)] = '\0'; out_free_unlock: kfree(s->decrypted_filename); out_unlock: mutex_unlock(s->tfm_mutex); out: if (rc) { (*packet_size) = 0; (*filename_size) = 0; (*filename) = NULL; } kfree(s); return rc; }",linux-2.6,,,24919887815834793050321768313579394795,0 4069,CWE-119,"static int dalvik_disassemble (RAsm *a, RAsmOp *op, const ut8 *buf, int len) { int vA, vB, vC, payload = 0, i = (int) buf[0]; int size = dalvik_opcodes[i].len; char str[1024], *strasm; ut64 offset; const char *flag_str; op->buf_asm[0] = 0; if (buf[0] == 0x00) { switch (buf[1]) { case 0x01: { unsigned short array_size = buf[2] | (buf[3] << 8); int first_key = buf[4] | (buf[5] << 8) | (buf[6] << 16) | (buf[7] << 24); sprintf (op->buf_asm, ""packed-switch-payload %d, %d"", array_size, first_key); size = 8; payload = 2 * (array_size * 2); len = 0; } break; case 0x02: { unsigned short array_size = buf[2] | (buf[3] << 8); sprintf (op->buf_asm, ""sparse-switch-payload %d"", array_size); size = 4; payload = 2 * (array_size*4); len = 0; } break; case 0x03: if (len > 7) { unsigned short elem_width = buf[2] | (buf[3] << 8); unsigned int array_size = buf[4] | (buf[5] << 8) | (buf[6] << 16) | (buf[7] << 24); snprintf (op->buf_asm, sizeof (op->buf_asm), ""fill-array-data-payload %d, %d"", elem_width, array_size); payload = 2 * ((array_size * elem_width+1)/2); } size = 8; len = 0; break; default: break; } } strasm = NULL; if (size <= len) { strncpy (op->buf_asm, dalvik_opcodes[i].name, sizeof (op->buf_asm) - 1); strasm = strdup (op->buf_asm); size = dalvik_opcodes[i].len; switch (dalvik_opcodes[i].fmt) { case fmtop: break; case fmtopvAvB: vA = buf[1] & 0x0f; vB = (buf[1] & 0xf0) >> 4; sprintf (str, "" v%i, v%i"", vA, vB); strasm = r_str_concat (strasm, str); break; case fmtopvAAvBBBB: vA = (int) buf[1]; vB = (buf[3] << 8) | buf[2]; sprintf (str, "" v%i, v%i"", vA, vB); strasm = r_str_concat (strasm, str); break; case fmtopvAAAAvBBBB: vA = (buf[3] << 8) | buf[2]; vB = (buf[5] << 8) | buf[4]; sprintf (str, "" v%i, v%i"", vA, vB); strasm = r_str_concat (strasm, str); break; case fmtopvAA: vA = (int) buf[1]; sprintf (str, "" v%i"", vA); strasm = r_str_concat (strasm, str); break; case fmtopvAcB: vA = buf[1] & 0x0f; vB = (buf[1] & 0xf0) >> 4; sprintf (str, "" v%i, %#x"", vA, vB); strasm = r_str_concat (strasm, str); break; case fmtopvAAcBBBB: vA = (int) buf[1]; { short sB = (buf[3] << 8) | buf[2]; sprintf (str, "" v%i, %#04hx"", vA, sB); strasm = r_str_concat (strasm, str); } break; case fmtopvAAcBBBBBBBB: vA = (int) buf[1]; vB = buf[2] | (buf[3] << 8) | (buf[4] << 16) | (buf[5] << 24); if (buf[0] == 0x17) { snprintf (str, sizeof (str), "" v%i:v%i, 0x%08x"", vA, vA + 1, vB); } else { snprintf (str, sizeof (str), "" v%i, 0x%08x"", vA, vB); } strasm = r_str_concat (strasm, str); break; case fmtopvAAcBBBB0000: vA = (int) buf[1]; vB = 0 | (buf[2] << 16) | (buf[3] << 24); if (buf[0] == 0x19) { snprintf (str, sizeof (str), "" v%i:v%i, 0x%08x"", vA, vA + 1, vB); } else { snprintf (str, sizeof (str), "" v%i, 0x%08x"", vA, vB); } strasm = r_str_concat (strasm, str); break; case fmtopvAAcBBBBBBBBBBBBBBBB: vA = (int) buf[1]; #define llint long long int llint lB = (llint)buf[2] | ((llint)buf[3] << 8)| ((llint)buf[4] << 16) | ((llint)buf[5] << 24)| ((llint)buf[6] << 32) | ((llint)buf[7] << 40)| ((llint)buf[8] << 48) | ((llint)buf[9] << 56); #undef llint sprintf (str, "" v%i:v%i, 0x%""PFMT64x, vA, vA + 1, lB); strasm = r_str_concat (strasm, str); break; case fmtopvAAvBBvCC: vA = (int) buf[1]; vB = (int) buf[2]; vC = (int) buf[3]; sprintf (str, "" v%i, v%i, v%i"", vA, vB, vC); strasm = r_str_concat (strasm, str); break; case fmtopvAAvBBcCC: vA = (int) buf[1]; vB = (int) buf[2]; vC = (int) buf[3]; sprintf (str, "" v%i, v%i, %#x"", vA, vB, vC); strasm = r_str_concat (strasm, str); break; case fmtopvAvBcCCCC: vA = buf[1] & 0x0f; vB = (buf[1] & 0xf0) >> 4; vC = (buf[3] << 8) | buf[2]; sprintf (str, "" v%i, v%i, %#x"", vA, vB, vC); strasm = r_str_concat (strasm, str); break; case fmtoppAA: vA = (char) buf[1]; snprintf (str, sizeof (str), "" 0x%08""PFMT64x, a->pc + (vA * 2)); strasm = r_str_concat (strasm, str); break; case fmtoppAAAA: vA = (short) (buf[3] << 8 | buf[2]); snprintf (str, sizeof (str), "" 0x%08""PFMT64x, a->pc + (vA * 2)); strasm = r_str_concat (strasm, str); break; case fmtopvAApBBBB: vA = (int) buf[1]; vB = (int) (buf[3] << 8 | buf[2]); snprintf (str, sizeof (str), "" v%i, 0x%08""PFMT64x, vA, a->pc + (vB * 2)); strasm = r_str_concat (strasm, str); break; case fmtoppAAAAAAAA: vA = (int) (buf[2] | (buf[3] << 8) | (buf[4] << 16) | (buf[5] << 24)); snprintf (str, sizeof (str), "" 0x%08""PFMT64x, a->pc + (vA*2)); strasm = r_str_concat (strasm, str); break; case fmtopvAvBpCCCC: vA = buf[1] & 0x0f; vB = (buf[1] & 0xf0) >> 4; vC = (int) (buf[3] << 8 | buf[2]); snprintf (str, sizeof (str),"" v%i, v%i, 0x%08""PFMT64x, vA, vB, a->pc + (vC * 2)); strasm = r_str_concat (strasm, str); break; case fmtopvAApBBBBBBBB: vA = (int) buf[1]; vB = (int) (buf[2] | (buf[3] << 8) | (buf[4] << 16) | (buf[5] << 24)); snprintf (str, sizeof (str), "" v%i, 0x%08""PFMT64x, vA, a->pc + vB); strasm = r_str_concat (strasm, str); break; case fmtoptinlineI: vA = (int) (buf[1] & 0x0f); vB = (buf[3] << 8) | buf[2]; *str = 0; switch (vA) { case 1: sprintf (str, "" {v%i}"", buf[4] & 0x0f); break; case 2: sprintf (str, "" {v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4); break; case 3: sprintf (str, "" {v%i, v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4, buf[5] & 0x0f); break; case 4: sprintf (str, "" {v%i, v%i, v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4, buf[5] & 0x0f, (buf[5] & 0xf0) >> 4); break; default: sprintf (str, "" {}""); } strasm = r_str_concat (strasm, str); sprintf (str, "", [%04x]"", vB); strasm = r_str_concat (strasm, str); break; case fmtoptinlineIR: case fmtoptinvokeVSR: vA = (int) buf[1]; vB = (buf[3] << 8) | buf[2]; vC = (buf[5] << 8) | buf[4]; sprintf (str, "" {v%i..v%i}, [%04x]"", vC, vC + vA - 1, vB); strasm = r_str_concat (strasm, str); break; case fmtoptinvokeVS: vA = (int) (buf[1] & 0xf0) >> 4; vB = (buf[3] << 8) | buf[2]; switch (vA) { case 1: sprintf (str, "" {v%i}"", buf[4] & 0x0f); break; case 2: sprintf (str, "" {v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4); break; case 3: sprintf (str, "" {v%i, v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4, buf[5] & 0x0f); break; case 4: sprintf (str, "" {v%i, v%i, v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4, buf[5] & 0x0f, (buf[5] & 0xf0) >> 4); break; default: sprintf (str, "" {}""); break; } strasm = r_str_concat (strasm, str); sprintf (str, "", [%04x]"", vB); strasm = r_str_concat (strasm, str); break; case fmtopvAAtBBBB: vA = (int) buf[1]; vB = (buf[3] << 8) | buf[2]; if (buf[0] == 0x1a) { offset = R_ASM_GET_OFFSET (a, 's', vB); if (offset == -1) { sprintf (str, "" v%i, string+%i"", vA, vB); } else { sprintf (str, "" v%i, 0x%""PFMT64x, vA, offset); } } else if (buf[0] == 0x1c || buf[0] == 0x1f || buf[0] == 0x22) { flag_str = R_ASM_GET_NAME (a, 'c', vB); if (!flag_str) { sprintf (str, "" v%i, class+%i"", vA, vB); } else { sprintf (str, "" v%i, %s"", vA, flag_str); } } else { flag_str = R_ASM_GET_NAME (a, 'f', vB); if (!flag_str) { sprintf (str, "" v%i, field+%i"", vA, vB); } else { sprintf (str, "" v%i, %s"", vA, flag_str); } } strasm = r_str_concat (strasm, str); break; case fmtoptopvAvBoCCCC: vA = (buf[1] & 0x0f); vB = (buf[1] & 0xf0) >> 4; vC = (buf[3]<<8) | buf[2]; offset = R_ASM_GET_OFFSET (a, 'o', vC); if (offset == -1) { sprintf (str, "" v%i, v%i, [obj+%04x]"", vA, vB, vC); } else { sprintf (str, "" v%i, v%i, [0x%""PFMT64x""]"", vA, vB, offset); } strasm = r_str_concat (strasm, str); break; case fmtopAAtBBBB: vA = (int) buf[1]; vB = (buf[3] << 8) | buf[2]; offset = R_ASM_GET_OFFSET (a, 't', vB); if (offset == -1) { sprintf (str, "" v%i, thing+%i"", vA, vB); } else { sprintf (str, "" v%i, 0x%""PFMT64x, vA, offset); } strasm = r_str_concat (strasm, str); break; case fmtopvAvBtCCCC: vA = (buf[1] & 0x0f); vB = (buf[1] & 0xf0) >> 4; vC = (buf[3] << 8) | buf[2]; if (buf[0] == 0x20 || buf[0] == 0x23) { flag_str = R_ASM_GET_NAME (a, 'c', vC); if (flag_str) { sprintf (str, "" v%i, v%i, %s"", vA, vB, flag_str); } else { sprintf (str, "" v%i, v%i, class+%i"", vA, vB, vC); } } else { flag_str = R_ASM_GET_NAME (a, 'f', vC); if (flag_str) { sprintf (str, "" v%i, v%i, %s"", vA, vB, flag_str); } else { sprintf (str, "" v%i, v%i, field+%i"", vA, vB, vC); } } strasm = r_str_concat (strasm, str); break; case fmtopvAAtBBBBBBBB: vA = (int) buf[1]; vB = (int) (buf[5] | (buf[4] << 8) | (buf[3] << 16) | (buf[2] << 24)); offset = R_ASM_GET_OFFSET (a, 's', vB); if (offset == -1) { sprintf (str, "" v%i, string+%i"", vA, vB); } else { sprintf (str, "" v%i, 0x%""PFMT64x, vA, offset); } strasm = r_str_concat (strasm, str); break; case fmtopvCCCCmBBBB: vA = (int) buf[1]; vB = (buf[3] << 8) | buf[2]; vC = (buf[5] << 8) | buf[4]; if (buf[0] == 0x25) { flag_str = R_ASM_GET_NAME (a, 'c', vB); if (flag_str) { sprintf (str, "" {v%i..v%i}, %s"", vC, vC + vA - 1, flag_str); } else { sprintf (str, "" {v%i..v%i}, class+%i"", vC, vC + vA - 1, vB); } } else { flag_str = R_ASM_GET_NAME (a, 'm', vB); if (flag_str) { sprintf (str, "" {v%i..v%i}, %s"", vC, vC + vA - 1, flag_str); } else { sprintf (str, "" {v%i..v%i}, method+%i"", vC, vC + vA - 1, vB); } } strasm = r_str_concat (strasm, str); break; case fmtopvXtBBBB: vA = (int) (buf[1] & 0xf0) >> 4; vB = (buf[3] << 8) | buf[2]; switch (vA) { case 1: sprintf (str, "" {v%i}"", buf[4] & 0x0f); break; case 2: sprintf (str, "" {v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4); break; case 3: sprintf (str, "" {v%i, v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4, buf[5] & 0x0f); break; case 4: sprintf (str, "" {v%i, v%i, v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4, buf[5] & 0x0f, (buf[5] & 0xf0) >> 4); break; case 5: sprintf (str, "" {v%i, v%i, v%i, v%i, v%i}"", buf[4] & 0x0f, (buf[4] & 0xf0) >> 4, buf[5] & 0x0f, (buf[5] & 0xf0) >> 4, buf[1] & 0x0f); break; default: sprintf (str, "" {}""); } strasm = r_str_concat (strasm, str); if (buf[0] == 0x24) { flag_str = R_ASM_GET_NAME (a, 'c', vB); if (flag_str) { sprintf (str, "", %s ; 0x%x"", flag_str, vB); } else { sprintf (str, "", class+%i"", vB); } } else { flag_str = R_ASM_GET_NAME (a, 'm', vB); if (flag_str) { sprintf (str, "", %s ; 0x%x"", flag_str, vB); } else { sprintf (str, "", method+%i"", vB); } } strasm = r_str_concat (strasm, str); break; case fmtoptinvokeI: case fmtoptinvokeIR: case fmt00: default: strcpy (op->buf_asm, ""invalid ""); free (strasm); strasm = NULL; size = 2; } if (strasm) { strncpy (op->buf_asm, strasm, sizeof (op->buf_asm) - 1); op->buf_asm[sizeof (op->buf_asm) - 1] = 0; } else { strcpy (op->buf_asm , ""invalid""); } } else if (len > 0) { strcpy (op->buf_asm, ""invalid ""); op->size = len; size = len; } op->payload = payload; size += payload; op->size = size; free (strasm); return size; }",visit repo url,libr/asm/p/asm_dalvik.c,https://github.com/radare/radare2,217502142633447,1 748,['CWE-119'],"isdn_net_ciscohdlck_slarp_send_keepalive(unsigned long data) { isdn_net_local *lp = (isdn_net_local *) data; struct sk_buff *skb; unsigned char *p; unsigned long last_cisco_myseq = lp->cisco_myseq; int myseq_diff = 0; if (!(lp->flags & ISDN_NET_CONNECTED) || lp->dialstate) { printk(""isdn BUG at %s:%d!\n"", __FILE__, __LINE__); return; } lp->cisco_myseq++; myseq_diff = (lp->cisco_myseq - lp->cisco_mineseen); if ((lp->cisco_line_state) && ((myseq_diff >= 3)||(myseq_diff <= -3))) { lp->cisco_line_state = 0; printk (KERN_WARNING ""UPDOWN: Line protocol on Interface %s,"" "" changed state to down\n"", lp->netdev->dev->name); } else if ((!lp->cisco_line_state) && (myseq_diff >= 0) && (myseq_diff <= 2)) { lp->cisco_line_state = 1; printk (KERN_WARNING ""UPDOWN: Line protocol on Interface %s,"" "" changed state to up\n"", lp->netdev->dev->name); } if (lp->cisco_debserint) printk (KERN_DEBUG ""%s: HDLC "" ""myseq %lu, mineseen %lu%c, yourseen %lu, %s\n"", lp->netdev->dev->name, last_cisco_myseq, lp->cisco_mineseen, ((last_cisco_myseq == lp->cisco_mineseen) ? '*' : 040), lp->cisco_yourseq, ((lp->cisco_line_state) ? ""line up"" : ""line down"")); skb = isdn_net_ciscohdlck_alloc_skb(lp, 4 + 14); if (!skb) return; p = skb_put(skb, 4 + 14); p += put_u8 (p, CISCO_ADDR_UNICAST); p += put_u8 (p, CISCO_CTRL); p += put_u16(p, CISCO_TYPE_SLARP); p += put_u32(p, CISCO_SLARP_KEEPALIVE); p += put_u32(p, lp->cisco_myseq); p += put_u32(p, lp->cisco_yourseq); p += put_u16(p, 0xffff); isdn_net_write_super(lp, skb); lp->cisco_timer.expires = jiffies + lp->cisco_keepalive_period * HZ; add_timer(&lp->cisco_timer); }",linux-2.6,,,121491138189489888182002224902417561872,0 6039,['CWE-200'],"static void rsvp_put(struct tcf_proto *tp, unsigned long f) { }",linux-2.6,,,103213678589073504934796138851789513687,0 4605,CWE-787,"static s32 gf_media_vvc_read_sps_bs_internal(GF_BitStream *bs, VVCState *vvc, u8 layer_id, u32 *vui_flag_pos) { s32 vps_id, sps_id; u32 i, CtbSizeY; VVC_SPS *sps; u8 sps_ptl_dpb_hrd_params_present_flag; if (vui_flag_pos) *vui_flag_pos = 0; sps_id = gf_bs_read_int_log(bs, 4, ""sps_id""); if (sps_id >= 16) { return -1; } vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) { return -1; } if (!vps_id && !vvc->vps[0].state) { vvc->vps[0].state = 1; vvc->vps[0].num_ptl = 1; vvc->vps[0].max_layers = 1; vvc->vps[0].all_layers_independent = 1; } sps = &vvc->sps[sps_id]; if (!sps->state) { sps->state = 1; sps->id = sps_id; sps->vps_id = vps_id; } sps->max_sublayers = 1 + gf_bs_read_int_log(bs, 3, ""max_sublayers_minus1""); sps->chroma_format_idc = gf_bs_read_int_log(bs, 2, ""chroma_format_idc""); sps->log2_ctu_size = 5 + gf_bs_read_int_log(bs, 2, ""log2_ctu_size_minus5""); CtbSizeY = 1<log2_ctu_size; sps_ptl_dpb_hrd_params_present_flag = gf_bs_read_int_log(bs, 1, ""sps_ptl_dpb_hrd_params_present_flag""); if (sps_ptl_dpb_hrd_params_present_flag) { VVC_ProfileTierLevel ptl, *p_ptl; if (sps->vps_id) { p_ptl = &ptl; } else { p_ptl = &vvc->vps[0].ptl[0]; } memset(p_ptl, 0, sizeof(VVC_ProfileTierLevel)); p_ptl->pt_present = 1; p_ptl->ptl_max_tid = sps->max_sublayers; vvc_profile_tier_level(bs, p_ptl, 0); } sps->gdr_enabled = gf_bs_read_int_log(bs, 1, ""gdr_enabled""); sps->ref_pic_resampling = gf_bs_read_int_log(bs, 1, ""ref_pic_resampling""); if (sps->ref_pic_resampling) sps->res_change_in_clvs = gf_bs_read_int_log(bs, 1, ""res_change_in_clvs""); sps->width = gf_bs_read_ue_log(bs, ""width""); sps->height = gf_bs_read_ue_log(bs, ""height""); sps->conf_window = gf_bs_read_int_log(bs, 1, ""conformance_window_present_flag""); if (sps->conf_window) { sps->cw_left = gf_bs_read_ue_log(bs, ""conformance_window_left""); sps->cw_right = gf_bs_read_ue_log(bs, ""conformance_window_right""); sps->cw_top = gf_bs_read_ue_log(bs, ""conformance_window_top""); sps->cw_bottom = gf_bs_read_ue_log(bs, ""conformance_window_bottom""); } sps->subpic_info_present = gf_bs_read_int_log(bs, 1, ""subpic_info_present""); if (sps->subpic_info_present) { sps->nb_subpics = 1 + gf_bs_read_ue_log(bs, ""nb_subpics_minus1""); if (sps->nb_subpics>1) { u32 tmpWidthVal, tmpHeightVal; sps->independent_subpic_flags = gf_bs_read_int_log(bs, 1, ""independent_subpic_flags""); sps->subpic_same_size = gf_bs_read_int_log(bs, 1, ""subpic_same_size""); tmpWidthVal = (sps->width + CtbSizeY-1) / CtbSizeY; tmpWidthVal = gf_get_bit_size(tmpWidthVal); tmpHeightVal = (sps->height + CtbSizeY-1) / CtbSizeY; tmpHeightVal = gf_get_bit_size(tmpHeightVal); for (i=0; inb_subpics; i++) { if( !sps->subpic_same_size || !i) { if (i && (sps->width > CtbSizeY)) gf_bs_read_int_log(bs, tmpWidthVal, ""subpic_ctu_top_left_x""); if (i && (sps->height > CtbSizeY)) gf_bs_read_int_log(bs, tmpHeightVal, ""subpic_ctu_top_left_y""); if ((i+1 < sps->nb_subpics) && (sps->width > CtbSizeY)) gf_bs_read_int_log(bs, tmpWidthVal, ""subpic_width_minus1""); if ((i+1 < sps->nb_subpics) && (sps->height > CtbSizeY)) gf_bs_read_int_log(bs, tmpHeightVal, ""subpic_height_minus1""); } if (!sps->independent_subpic_flags) { gf_bs_read_int_log(bs, 1, ""subpic_treated_as_pic_flag""); gf_bs_read_int_log(bs, 1, ""loop_filter_across_subpic_enabled_flag""); } } sps->subpicid_len = gf_bs_read_ue_log(bs, ""subpic_id_len_minus1"") + 1; sps->subpicid_mapping_explicit = gf_bs_read_int_log(bs, 1, ""subpic_id_mapping_explicitly_signalled_flag""); if (sps->subpicid_mapping_explicit) { sps->subpicid_mapping_present = gf_bs_read_int_log(bs, 1, ""subpic_id_mapping_present_flag""); if (sps->subpicid_mapping_present) { for (i=0; inb_subpics; i++) { gf_bs_read_ue_log(bs, ""subpic_id""); } } } } } sps->bitdepth = gf_bs_read_ue_log(bs, ""bitdepth_minus8"") + 8; gf_bs_read_int_log(bs, 1, ""entropy_coding_sync_enabled_flag""); gf_bs_read_int_log(bs, 1, ""entry_point_offsets_present_flag""); sps->log2_max_poc_lsb = 4 + gf_bs_read_int_log(bs, 4, ""log2_max_poc_lsb_minus4""); if ((sps->poc_msb_cycle_flag = gf_bs_read_int_log(bs, 1, ""poc_msb_cycle_flag""))) sps->poc_msb_cycle_len = 1 + gf_bs_read_ue_log(bs, ""poc_msb_cycle_len_minus1""); u8 sps_num_extra_ph_bits = 8 * gf_bs_read_int_log(bs, 2, ""sps_num_extra_ph_bytes""); for (i=0; iph_num_extra_bits++; } u8 sps_num_extra_sh_bits = 8 * gf_bs_read_int_log(bs, 2, ""num_extra_sh_bytes""); for (i=0; ish_num_extra_bits++; } if (sps_ptl_dpb_hrd_params_present_flag) { u8 sps_sublayer_dpb_params_flag = 0; if (sps->max_sublayers>1) { sps_sublayer_dpb_params_flag = gf_bs_read_int_log(bs, 1, ""sps_sublayer_dpb_params_flag""); } for (i=(sps_sublayer_dpb_params_flag ? 0 : sps->max_sublayers-1); i < sps->max_sublayers; i++ ) { gf_bs_read_ue_log_idx(bs, ""dpb_max_dec_pic_buffering_minus1"", i); gf_bs_read_ue_log_idx(bs, ""dpb_max_num_reorder_pics"", i); gf_bs_read_ue_log_idx(bs, ""dpb_max_latency_increase_plus1"", i); } } gf_bs_read_ue_log(bs, ""sps_log2_min_luma_coding_block_size_minus2""); gf_bs_read_int_log(bs, 1, ""sps_partition_constraints_override_enabled_flag""); gf_bs_read_ue_log(bs, ""sps_log2_min_luma_coding_block_size_minus2""); u8 sps_max_mtt_hierarchy_depth_intra_slice_luma = gf_bs_read_ue_log(bs, ""sps_max_mtt_hierarchy_depth_intra_slice_luma""); if (sps_max_mtt_hierarchy_depth_intra_slice_luma != 0) { gf_bs_read_ue_log(bs, ""sps_log2_diff_max_bt_min_qt_intra_slice_luma""); gf_bs_read_ue_log(bs, ""sps_log2_diff_max_tt_min_qt_intra_slice_luma""); } u8 sps_qtbtt_dual_tree_intra_flag = 0; if (sps->chroma_format_idc) { sps_qtbtt_dual_tree_intra_flag = gf_bs_read_int_log(bs, 1, ""sps_qtbtt_dual_tree_intra_flag""); } if (sps_qtbtt_dual_tree_intra_flag) { gf_bs_read_ue_log(bs, ""sps_log2_diff_min_qt_min_cb_intra_slice_chroma""); u8 sps_max_mtt_hierarchy_depth_intra_slice_chroma = gf_bs_read_ue_log(bs, ""sps_max_mtt_hierarchy_depth_intra_slice_chroma""); if( sps_max_mtt_hierarchy_depth_intra_slice_chroma != 0) { gf_bs_read_ue_log(bs, ""sps_log2_diff_max_bt_min_qt_intra_slice_chroma""); gf_bs_read_ue_log(bs, ""sps_log2_diff_max_tt_min_qt_intra_slice_chroma""); } } gf_bs_read_ue_log(bs, ""sps_log2_diff_min_qt_min_cb_inter_slice""); u8 sps_max_mtt_hierarchy_depth_inter_slice = gf_bs_read_ue_log(bs, ""sps_max_mtt_hierarchy_depth_inter_slice""); if (sps_max_mtt_hierarchy_depth_inter_slice != 0) { gf_bs_read_ue_log(bs, ""sps_log2_diff_max_bt_min_qt_inter_slice""); gf_bs_read_ue_log(bs, ""sps_log2_diff_max_tt_min_qt_inter_slice""); } if (CtbSizeY > 32) { gf_bs_read_int_log(bs, 1, ""sps_max_luma_transform_size_64_flag""); } u8 sps_transform_skip_enabled_flag = gf_bs_read_int_log(bs, 1, ""sps_transform_skip_enabled_flag""); if (sps_transform_skip_enabled_flag) { gf_bs_read_ue_log(bs, ""sps_log2_transform_skip_max_size_minus2""); gf_bs_read_int_log(bs, 1, ""sps_bdpcm_enabled_flag""); } if (gf_bs_read_int_log(bs, 1, ""sps_mts_enabled_flag"")) { gf_bs_read_int_log(bs, 1, ""sps_explicit_mts_intra_enabled_flag""); gf_bs_read_int_log(bs, 1, ""sps_explicit_mts_inter_enabled_flag""); } gf_bs_read_int_log(bs, 1, ""sps_lfnst_enabled_flag""); if (sps->chroma_format_idc) { u8 sps_joint_cbcr_enabled_flag = gf_bs_read_int_log(bs, 1, ""sps_joint_cbcr_enabled_flag""); u8 sps_same_qp_table_for_chroma_flag = gf_bs_read_int_log(bs, 1, ""sps_same_qp_table_for_chroma_flag""); u32 numQpTables = sps_same_qp_table_for_chroma_flag ? 1 : (sps_joint_cbcr_enabled_flag ? 3 : 2); for (i=0; ialf_enabled_flag = gf_bs_read_int_log(bs, 1, ""sps_alf_enabled_flag""); if (sps->alf_enabled_flag && sps->chroma_format_idc) { gf_bs_read_int_log(bs, 1, ""sps_ccalf_enabled_flag""); } return sps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,77414370045047,1 4498,['CWE-264'],"static void __exit skfd_exit(void) { pci_unregister_driver(&skfddi_pci_driver); }",linux-2.6,,,261138164111077521942655064397689030272,0 4467,CWE-476,"start_pass_merged_upsample(j_decompress_ptr cinfo) { my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; upsample->spare_full = FALSE; upsample->rows_to_go = cinfo->output_height; }",visit repo url,jdmerge.c,https://github.com/libjpeg-turbo/libjpeg-turbo,209054426917007,1 5252,CWE-119,"SQLRETURN SQLSetDescField( SQLHDESC descriptor_handle, SQLSMALLINT rec_number, SQLSMALLINT field_identifier, SQLPOINTER value, SQLINTEGER buffer_length ) { DMHDESC descriptor = (DMHDESC) descriptor_handle; SQLRETURN ret; SQLCHAR s1[ 100 + LOG_MESSAGE_LEN ]; int isStrField = 0; if ( !__validate_desc( descriptor )) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Error: SQL_INVALID_HANDLE"" ); return SQL_INVALID_HANDLE; } function_entry( descriptor ); if ( log_info.log_flag ) { sprintf( descriptor -> msg, ""\n\t\tEntry:\ \n\t\t\tDescriptor = %p\ \n\t\t\tRec Number = %d\ \n\t\t\tField Ident = %s\ \n\t\t\tValue = %p\ \n\t\t\tBuffer Length = %d"", descriptor, rec_number, __desc_attr_as_string( s1, field_identifier ), value, (int)buffer_length ); dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, descriptor -> msg ); } thread_protect( SQL_HANDLE_DESC, descriptor ); if ( descriptor -> connection -> state < STATE_C4 ) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Error: HY010"" ); __post_internal_error( &descriptor -> error, ERROR_HY010, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if( __check_stmt_from_desc( descriptor, STATE_S8 ) || __check_stmt_from_desc( descriptor, STATE_S9 ) || __check_stmt_from_desc( descriptor, STATE_S10 ) || __check_stmt_from_desc( descriptor, STATE_S11 ) || __check_stmt_from_desc( descriptor, STATE_S12 ) || __check_stmt_from_desc( descriptor, STATE_S13 ) || __check_stmt_from_desc( descriptor, STATE_S14 ) || __check_stmt_from_desc( descriptor, STATE_S15 )) { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Error: HY010"" ); __post_internal_error( &descriptor -> error, ERROR_HY010, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if ( rec_number < 0 ) { __post_internal_error( &descriptor -> error, ERROR_07009, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } switch ( field_identifier ) { case SQL_DESC_ALLOC_TYPE: case SQL_DESC_ARRAY_SIZE: case SQL_DESC_ARRAY_STATUS_PTR: case SQL_DESC_BIND_OFFSET_PTR: case SQL_DESC_BIND_TYPE: case SQL_DESC_COUNT: case SQL_DESC_ROWS_PROCESSED_PTR: case SQL_DESC_AUTO_UNIQUE_VALUE: case SQL_DESC_CASE_SENSITIVE: case SQL_DESC_CONCISE_TYPE: case SQL_DESC_DATA_PTR: case SQL_DESC_DATETIME_INTERVAL_CODE: case SQL_DESC_DATETIME_INTERVAL_PRECISION: case SQL_DESC_DISPLAY_SIZE: case SQL_DESC_FIXED_PREC_SCALE: case SQL_DESC_INDICATOR_PTR: case SQL_DESC_LENGTH: case SQL_DESC_NULLABLE: case SQL_DESC_NUM_PREC_RADIX: case SQL_DESC_OCTET_LENGTH: case SQL_DESC_OCTET_LENGTH_PTR: case SQL_DESC_PARAMETER_TYPE: case SQL_DESC_PRECISION: case SQL_DESC_ROWVER: case SQL_DESC_SCALE: case SQL_DESC_SEARCHABLE: case SQL_DESC_TYPE: case SQL_DESC_UNNAMED: case SQL_DESC_UNSIGNED: case SQL_DESC_UPDATABLE: isStrField = 0; break; case SQL_DESC_BASE_COLUMN_NAME: case SQL_DESC_BASE_TABLE_NAME: case SQL_DESC_CATALOG_NAME: case SQL_DESC_LABEL: case SQL_DESC_LITERAL_PREFIX: case SQL_DESC_LITERAL_SUFFIX: case SQL_DESC_LOCAL_TYPE_NAME: case SQL_DESC_NAME: case SQL_DESC_SCHEMA_NAME: case SQL_DESC_TABLE_NAME: case SQL_DESC_TYPE_NAME: isStrField = 1; break; default: isStrField = buffer_length != SQL_IS_POINTER && buffer_length != SQL_IS_INTEGER && buffer_length != SQL_IS_UINTEGER && buffer_length != SQL_IS_SMALLINT && buffer_length != SQL_IS_USMALLINT; } if ( isStrField && buffer_length < 0 && buffer_length != SQL_NTS) { __post_internal_error( &descriptor -> error, ERROR_HY090, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if ( field_identifier == SQL_DESC_COUNT && (SQLINTEGER)value < 0 ) { __post_internal_error( &descriptor -> error, ERROR_07009, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if ( field_identifier == SQL_DESC_PARAMETER_TYPE && value != SQL_PARAM_INPUT && value != SQL_PARAM_OUTPUT && value != SQL_PARAM_INPUT_OUTPUT && value != SQL_PARAM_INPUT_OUTPUT_STREAM && value != SQL_PARAM_OUTPUT_STREAM ) { __post_internal_error( &descriptor -> error, ERROR_HY105, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if ( CHECK_SQLSETDESCFIELD( descriptor -> connection )) { ret = SQLSETDESCFIELD( descriptor -> connection, descriptor -> driver_desc, rec_number, field_identifier, value, buffer_length ); } else if ( CHECK_SQLSETDESCFIELDW( descriptor -> connection )) { SQLWCHAR *s1 = NULL; if (isStrField) { s1 = ansi_to_unicode_alloc( value, buffer_length, descriptor -> connection, NULL ); if (SQL_NTS != buffer_length) { buffer_length *= sizeof(SQLWCHAR); } } else { s1 = value; } ret = SQLSETDESCFIELDW( descriptor -> connection, descriptor -> driver_desc, rec_number, field_identifier, s1, buffer_length ); if (isStrField) { if (s1) free(s1); } } else { dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, ""Error: IM001"" ); __post_internal_error( &descriptor -> error, ERROR_IM001, NULL, descriptor -> connection -> environment -> requested_version ); return function_return_nodrv( SQL_HANDLE_DESC, descriptor, SQL_ERROR ); } if ( log_info.log_flag ) { sprintf( descriptor -> msg, ""\n\t\tExit:[%s]"", __get_return_status( ret, s1 )); dm_log_write( __FILE__, __LINE__, LOG_INFO, LOG_INFO, descriptor -> msg ); } return function_return( SQL_HANDLE_DESC, descriptor, ret ); }",visit repo url,DriverManager/SQLSetDescField.c,https://github.com/lurcher/unixODBC,266345651961490,1 6301,['CWE-200'],"static inline int ipmr_forward_finish(struct sk_buff *skb) { struct ip_options * opt = &(IPCB(skb)->opt); IP_INC_STATS_BH(IPSTATS_MIB_OUTFORWDATAGRAMS); if (unlikely(opt->optlen)) ip_forward_options(skb); return dst_output(skb); }",linux-2.6,,,161965252761347034992592893342638534865,0 1720,[],"void hrtick_resched(void) { struct rq *rq; unsigned long flags; if (!test_thread_flag(TIF_HRTICK_RESCHED)) return; local_irq_save(flags); rq = cpu_rq(smp_processor_id()); hrtick_set(rq); local_irq_restore(flags); }",linux-2.6,,,88718778281752958711859013341962970618,0 2334,CWE-399,"void mono_reflection_create_dynamic_method (MonoReflectionDynamicMethod *mb) { ReflectionMethodBuilder rmb; MonoMethodSignature *sig; MonoClass *klass; GSList *l; int i; sig = dynamic_method_to_signature (mb); reflection_methodbuilder_from_dynamic_method (&rmb, mb); rmb.nrefs = mb->nrefs; rmb.refs = g_new0 (gpointer, mb->nrefs + 1); for (i = 0; i < mb->nrefs; i += 2) { MonoClass *handle_class; gpointer ref; MonoObject *obj = mono_array_get (mb->refs, MonoObject*, i); if (strcmp (obj->vtable->klass->name, ""DynamicMethod"") == 0) { MonoReflectionDynamicMethod *method = (MonoReflectionDynamicMethod*)obj; if (method->mhandle) { ref = method->mhandle; } else { ref = method; method->referenced_by = g_slist_append (method->referenced_by, mb); } handle_class = mono_defaults.methodhandle_class; } else { MonoException *ex = NULL; ref = resolve_object (mb->module->image, obj, &handle_class, NULL); if (!ref) ex = mono_get_exception_type_load (NULL, NULL); else if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR) ex = mono_security_core_clr_ensure_dynamic_method_resolved_object (ref, handle_class); if (ex) { g_free (rmb.refs); mono_raise_exception (ex); return; } } rmb.refs [i] = ref; rmb.refs [i + 1] = handle_class; } klass = mb->owner ? mono_class_from_mono_type (mono_reflection_type_get_handle ((MonoReflectionType*)mb->owner)) : mono_defaults.object_class; mb->mhandle = reflection_methodbuilder_to_mono_method (klass, &rmb, sig); for (l = mb->referenced_by; l; l = l->next) { MonoReflectionDynamicMethod *method = (MonoReflectionDynamicMethod*)l->data; MonoMethodWrapper *wrapper = (MonoMethodWrapper*)method->mhandle; gpointer *data; g_assert (method->mhandle); data = (gpointer*)wrapper->method_data; for (i = 0; i < GPOINTER_TO_UINT (data [0]); i += 2) { if ((data [i + 1] == mb) && (data [i + 1 + 1] == mono_defaults.methodhandle_class)) data [i + 1] = mb->mhandle; } } g_slist_free (mb->referenced_by); g_free (rmb.refs); mb->ilgen = NULL;",visit repo url,mono/metadata/reflection.c,https://github.com/mono/mono,179306463838479,1 6345,['CWE-200'],"tcf_action_add(struct rtattr *rta, struct nlmsghdr *n, u32 pid, int ovr) { int ret = 0; struct tc_action *act; struct tc_action *a; u32 seq = n->nlmsg_seq; act = tcf_action_init(rta, NULL, NULL, ovr, 0, &ret); if (act == NULL) goto done; ret = tcf_add_notify(act, pid, seq, RTM_NEWACTION, n->nlmsg_flags); for (a = act; a; a = act) { act = a->next; kfree(a); } done: return ret; }",linux-2.6,,,116071484326774920942340913278736897168,0 3233,CWE-125,"pgm_print(netdissect_options *ndo, register const u_char *bp, register u_int length, register const u_char *bp2) { register const struct pgm_header *pgm; register const struct ip *ip; register char ch; uint16_t sport, dport; u_int nla_afnum; char nla_buf[INET6_ADDRSTRLEN]; register const struct ip6_hdr *ip6; uint8_t opt_type, opt_len; uint32_t seq, opts_len, len, offset; pgm = (const struct pgm_header *)bp; ip = (const struct ip *)bp2; if (IP_V(ip) == 6) ip6 = (const struct ip6_hdr *)bp2; else ip6 = NULL; ch = '\0'; if (!ND_TTEST(pgm->pgm_dport)) { if (ip6) { ND_PRINT((ndo, ""%s > %s: [|pgm]"", ip6addr_string(ndo, &ip6->ip6_src), ip6addr_string(ndo, &ip6->ip6_dst))); return; } else { ND_PRINT((ndo, ""%s > %s: [|pgm]"", ipaddr_string(ndo, &ip->ip_src), ipaddr_string(ndo, &ip->ip_dst))); return; } } sport = EXTRACT_16BITS(&pgm->pgm_sport); dport = EXTRACT_16BITS(&pgm->pgm_dport); if (ip6) { if (ip6->ip6_nxt == IPPROTO_PGM) { ND_PRINT((ndo, ""%s.%s > %s.%s: "", ip6addr_string(ndo, &ip6->ip6_src), tcpport_string(ndo, sport), ip6addr_string(ndo, &ip6->ip6_dst), tcpport_string(ndo, dport))); } else { ND_PRINT((ndo, ""%s > %s: "", tcpport_string(ndo, sport), tcpport_string(ndo, dport))); } } else { if (ip->ip_p == IPPROTO_PGM) { ND_PRINT((ndo, ""%s.%s > %s.%s: "", ipaddr_string(ndo, &ip->ip_src), tcpport_string(ndo, sport), ipaddr_string(ndo, &ip->ip_dst), tcpport_string(ndo, dport))); } else { ND_PRINT((ndo, ""%s > %s: "", tcpport_string(ndo, sport), tcpport_string(ndo, dport))); } } ND_TCHECK(*pgm); ND_PRINT((ndo, ""PGM, length %u"", EXTRACT_16BITS(&pgm->pgm_length))); if (!ndo->ndo_vflag) return; ND_PRINT((ndo, "" 0x%02x%02x%02x%02x%02x%02x "", pgm->pgm_gsid[0], pgm->pgm_gsid[1], pgm->pgm_gsid[2], pgm->pgm_gsid[3], pgm->pgm_gsid[4], pgm->pgm_gsid[5])); switch (pgm->pgm_type) { case PGM_SPM: { const struct pgm_spm *spm; spm = (const struct pgm_spm *)(pgm + 1); ND_TCHECK(*spm); bp = (const u_char *) (spm + 1); switch (EXTRACT_16BITS(&spm->pgms_nla_afi)) { case AFNUM_INET: ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); break; case AFNUM_INET6: ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); break; default: goto trunc; break; } ND_PRINT((ndo, ""SPM seq %u trail %u lead %u nla %s"", EXTRACT_32BITS(&spm->pgms_seq), EXTRACT_32BITS(&spm->pgms_trailseq), EXTRACT_32BITS(&spm->pgms_leadseq), nla_buf)); break; } case PGM_POLL: { const struct pgm_poll *poll_msg; poll_msg = (const struct pgm_poll *)(pgm + 1); ND_TCHECK(*poll_msg); ND_PRINT((ndo, ""POLL seq %u round %u"", EXTRACT_32BITS(&poll_msg->pgmp_seq), EXTRACT_16BITS(&poll_msg->pgmp_round))); bp = (const u_char *) (poll_msg + 1); break; } case PGM_POLR: { const struct pgm_polr *polr; uint32_t ivl, rnd, mask; polr = (const struct pgm_polr *)(pgm + 1); ND_TCHECK(*polr); bp = (const u_char *) (polr + 1); switch (EXTRACT_16BITS(&polr->pgmp_nla_afi)) { case AFNUM_INET: ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); break; case AFNUM_INET6: ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); break; default: goto trunc; break; } ND_TCHECK2(*bp, sizeof(uint32_t)); ivl = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_TCHECK2(*bp, sizeof(uint32_t)); rnd = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_TCHECK2(*bp, sizeof(uint32_t)); mask = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_PRINT((ndo, ""POLR seq %u round %u nla %s ivl %u rnd 0x%08x "" ""mask 0x%08x"", EXTRACT_32BITS(&polr->pgmp_seq), EXTRACT_16BITS(&polr->pgmp_round), nla_buf, ivl, rnd, mask)); break; } case PGM_ODATA: { const struct pgm_data *odata; odata = (const struct pgm_data *)(pgm + 1); ND_TCHECK(*odata); ND_PRINT((ndo, ""ODATA trail %u seq %u"", EXTRACT_32BITS(&odata->pgmd_trailseq), EXTRACT_32BITS(&odata->pgmd_seq))); bp = (const u_char *) (odata + 1); break; } case PGM_RDATA: { const struct pgm_data *rdata; rdata = (const struct pgm_data *)(pgm + 1); ND_TCHECK(*rdata); ND_PRINT((ndo, ""RDATA trail %u seq %u"", EXTRACT_32BITS(&rdata->pgmd_trailseq), EXTRACT_32BITS(&rdata->pgmd_seq))); bp = (const u_char *) (rdata + 1); break; } case PGM_NAK: case PGM_NULLNAK: case PGM_NCF: { const struct pgm_nak *nak; char source_buf[INET6_ADDRSTRLEN], group_buf[INET6_ADDRSTRLEN]; nak = (const struct pgm_nak *)(pgm + 1); ND_TCHECK(*nak); bp = (const u_char *) (nak + 1); switch (EXTRACT_16BITS(&nak->pgmn_source_afi)) { case AFNUM_INET: ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, source_buf, sizeof(source_buf)); bp += sizeof(struct in_addr); break; case AFNUM_INET6: ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, source_buf, sizeof(source_buf)); bp += sizeof(struct in6_addr); break; default: goto trunc; break; } bp += (2 * sizeof(uint16_t)); switch (EXTRACT_16BITS(bp)) { case AFNUM_INET: ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, group_buf, sizeof(group_buf)); bp += sizeof(struct in_addr); break; case AFNUM_INET6: ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, group_buf, sizeof(group_buf)); bp += sizeof(struct in6_addr); break; default: goto trunc; break; } switch (pgm->pgm_type) { case PGM_NAK: ND_PRINT((ndo, ""NAK "")); break; case PGM_NULLNAK: ND_PRINT((ndo, ""NNAK "")); break; case PGM_NCF: ND_PRINT((ndo, ""NCF "")); break; default: break; } ND_PRINT((ndo, ""(%s -> %s), seq %u"", source_buf, group_buf, EXTRACT_32BITS(&nak->pgmn_seq))); break; } case PGM_ACK: { const struct pgm_ack *ack; ack = (const struct pgm_ack *)(pgm + 1); ND_TCHECK(*ack); ND_PRINT((ndo, ""ACK seq %u"", EXTRACT_32BITS(&ack->pgma_rx_max_seq))); bp = (const u_char *) (ack + 1); break; } case PGM_SPMR: ND_PRINT((ndo, ""SPMR"")); break; default: ND_PRINT((ndo, ""UNKNOWN type 0x%02x"", pgm->pgm_type)); break; } if (pgm->pgm_options & PGM_OPT_BIT_PRESENT) { if (!ND_TTEST2(*bp, PGM_MIN_OPT_LEN)) { ND_PRINT((ndo, ""[|OPT]"")); return; } opt_type = *bp++; if ((opt_type & PGM_OPT_MASK) != PGM_OPT_LENGTH) { ND_PRINT((ndo, ""[First option bad, should be PGM_OPT_LENGTH, is %u]"", opt_type & PGM_OPT_MASK)); return; } opt_len = *bp++; if (opt_len != 4) { ND_PRINT((ndo, ""[Bad OPT_LENGTH option, length %u != 4]"", opt_len)); return; } opts_len = EXTRACT_16BITS(bp); if (opts_len < 4) { ND_PRINT((ndo, ""[Bad total option length %u < 4]"", opts_len)); return; } bp += sizeof(uint16_t); ND_PRINT((ndo, "" OPTS LEN %d"", opts_len)); opts_len -= 4; while (opts_len) { if (opts_len < PGM_MIN_OPT_LEN) { ND_PRINT((ndo, ""[Total option length leaves no room for final option]"")); return; } if (!ND_TTEST2(*bp, 2)) { ND_PRINT((ndo, "" [|OPT]"")); return; } opt_type = *bp++; opt_len = *bp++; if (opt_len < PGM_MIN_OPT_LEN) { ND_PRINT((ndo, ""[Bad option, length %u < %u]"", opt_len, PGM_MIN_OPT_LEN)); break; } if (opts_len < opt_len) { ND_PRINT((ndo, ""[Total option length leaves no room for final option]"")); return; } if (!ND_TTEST2(*bp, opt_len - 2)) { ND_PRINT((ndo, "" [|OPT]"")); return; } switch (opt_type & PGM_OPT_MASK) { case PGM_OPT_LENGTH: if (opt_len != 4) { ND_PRINT((ndo, ""[Bad OPT_LENGTH option, length %u != 4]"", opt_len)); return; } ND_PRINT((ndo, "" OPTS LEN (extra?) %d"", EXTRACT_16BITS(bp))); bp += sizeof(uint16_t); opts_len -= 4; break; case PGM_OPT_FRAGMENT: if (opt_len != 16) { ND_PRINT((ndo, ""[Bad OPT_FRAGMENT option, length %u != 16]"", opt_len)); return; } bp += 2; seq = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); offset = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); len = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_PRINT((ndo, "" FRAG seq %u off %u len %u"", seq, offset, len)); opts_len -= 16; break; case PGM_OPT_NAK_LIST: bp += 2; opt_len -= sizeof(uint32_t); ND_PRINT((ndo, "" NAK LIST"")); while (opt_len) { if (opt_len < sizeof(uint32_t)) { ND_PRINT((ndo, ""[Option length not a multiple of 4]"")); return; } ND_TCHECK2(*bp, sizeof(uint32_t)); ND_PRINT((ndo, "" %u"", EXTRACT_32BITS(bp))); bp += sizeof(uint32_t); opt_len -= sizeof(uint32_t); opts_len -= sizeof(uint32_t); } break; case PGM_OPT_JOIN: if (opt_len != 8) { ND_PRINT((ndo, ""[Bad OPT_JOIN option, length %u != 8]"", opt_len)); return; } bp += 2; seq = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_PRINT((ndo, "" JOIN %u"", seq)); opts_len -= 8; break; case PGM_OPT_NAK_BO_IVL: if (opt_len != 12) { ND_PRINT((ndo, ""[Bad OPT_NAK_BO_IVL option, length %u != 12]"", opt_len)); return; } bp += 2; offset = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); seq = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_PRINT((ndo, "" BACKOFF ivl %u ivlseq %u"", offset, seq)); opts_len -= 12; break; case PGM_OPT_NAK_BO_RNG: if (opt_len != 12) { ND_PRINT((ndo, ""[Bad OPT_NAK_BO_RNG option, length %u != 12]"", opt_len)); return; } bp += 2; offset = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); seq = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_PRINT((ndo, "" BACKOFF max %u min %u"", offset, seq)); opts_len -= 12; break; case PGM_OPT_REDIRECT: bp += 2; nla_afnum = EXTRACT_16BITS(bp); bp += (2 * sizeof(uint16_t)); switch (nla_afnum) { case AFNUM_INET: if (opt_len != 4 + sizeof(struct in_addr)) { ND_PRINT((ndo, ""[Bad OPT_REDIRECT option, length %u != 4 + address size]"", opt_len)); return; } ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); opts_len -= 4 + sizeof(struct in_addr); break; case AFNUM_INET6: if (opt_len != 4 + sizeof(struct in6_addr)) { ND_PRINT((ndo, ""[Bad OPT_REDIRECT option, length %u != 4 + address size]"", opt_len)); return; } ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); opts_len -= 4 + sizeof(struct in6_addr); break; default: goto trunc; break; } ND_PRINT((ndo, "" REDIRECT %s"", nla_buf)); break; case PGM_OPT_PARITY_PRM: if (opt_len != 8) { ND_PRINT((ndo, ""[Bad OPT_PARITY_PRM option, length %u != 8]"", opt_len)); return; } bp += 2; len = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_PRINT((ndo, "" PARITY MAXTGS %u"", len)); opts_len -= 8; break; case PGM_OPT_PARITY_GRP: if (opt_len != 8) { ND_PRINT((ndo, ""[Bad OPT_PARITY_GRP option, length %u != 8]"", opt_len)); return; } bp += 2; seq = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_PRINT((ndo, "" PARITY GROUP %u"", seq)); opts_len -= 8; break; case PGM_OPT_CURR_TGSIZE: if (opt_len != 8) { ND_PRINT((ndo, ""[Bad OPT_CURR_TGSIZE option, length %u != 8]"", opt_len)); return; } bp += 2; len = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_PRINT((ndo, "" PARITY ATGS %u"", len)); opts_len -= 8; break; case PGM_OPT_NBR_UNREACH: if (opt_len != 4) { ND_PRINT((ndo, ""[Bad OPT_NBR_UNREACH option, length %u != 4]"", opt_len)); return; } bp += 2; ND_PRINT((ndo, "" NBR_UNREACH"")); opts_len -= 4; break; case PGM_OPT_PATH_NLA: ND_PRINT((ndo, "" PATH_NLA [%d]"", opt_len)); bp += opt_len; opts_len -= opt_len; break; case PGM_OPT_SYN: if (opt_len != 4) { ND_PRINT((ndo, ""[Bad OPT_SYN option, length %u != 4]"", opt_len)); return; } bp += 2; ND_PRINT((ndo, "" SYN"")); opts_len -= 4; break; case PGM_OPT_FIN: if (opt_len != 4) { ND_PRINT((ndo, ""[Bad OPT_FIN option, length %u != 4]"", opt_len)); return; } bp += 2; ND_PRINT((ndo, "" FIN"")); opts_len -= 4; break; case PGM_OPT_RST: if (opt_len != 4) { ND_PRINT((ndo, ""[Bad OPT_RST option, length %u != 4]"", opt_len)); return; } bp += 2; ND_PRINT((ndo, "" RST"")); opts_len -= 4; break; case PGM_OPT_CR: ND_PRINT((ndo, "" CR"")); bp += opt_len; opts_len -= opt_len; break; case PGM_OPT_CRQST: if (opt_len != 4) { ND_PRINT((ndo, ""[Bad OPT_CRQST option, length %u != 4]"", opt_len)); return; } bp += 2; ND_PRINT((ndo, "" CRQST"")); opts_len -= 4; break; case PGM_OPT_PGMCC_DATA: bp += 2; offset = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); nla_afnum = EXTRACT_16BITS(bp); bp += (2 * sizeof(uint16_t)); switch (nla_afnum) { case AFNUM_INET: if (opt_len != 12 + sizeof(struct in_addr)) { ND_PRINT((ndo, ""[Bad OPT_PGMCC_DATA option, length %u != 12 + address size]"", opt_len)); return; } ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); opts_len -= 12 + sizeof(struct in_addr); break; case AFNUM_INET6: if (opt_len != 12 + sizeof(struct in6_addr)) { ND_PRINT((ndo, ""[Bad OPT_PGMCC_DATA option, length %u != 12 + address size]"", opt_len)); return; } ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); opts_len -= 12 + sizeof(struct in6_addr); break; default: goto trunc; break; } ND_PRINT((ndo, "" PGMCC DATA %u %s"", offset, nla_buf)); break; case PGM_OPT_PGMCC_FEEDBACK: bp += 2; offset = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); nla_afnum = EXTRACT_16BITS(bp); bp += (2 * sizeof(uint16_t)); switch (nla_afnum) { case AFNUM_INET: if (opt_len != 12 + sizeof(struct in_addr)) { ND_PRINT((ndo, ""[Bad OPT_PGMCC_DATA option, length %u != 12 + address size]"", opt_len)); return; } ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); opts_len -= 12 + sizeof(struct in_addr); break; case AFNUM_INET6: if (opt_len != 12 + sizeof(struct in6_addr)) { ND_PRINT((ndo, ""[Bad OPT_PGMCC_DATA option, length %u != 12 + address size]"", opt_len)); return; } ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); opts_len -= 12 + sizeof(struct in6_addr); break; default: goto trunc; break; } ND_PRINT((ndo, "" PGMCC FEEDBACK %u %s"", offset, nla_buf)); break; default: ND_PRINT((ndo, "" OPT_%02X [%d] "", opt_type, opt_len)); bp += opt_len; opts_len -= opt_len; break; } if (opt_type & PGM_OPT_END) break; } } ND_PRINT((ndo, "" [%u]"", length)); if (ndo->ndo_packettype == PT_PGM_ZMTP1 && (pgm->pgm_type == PGM_ODATA || pgm->pgm_type == PGM_RDATA)) zmtp1_print_datagram(ndo, bp, EXTRACT_16BITS(&pgm->pgm_length)); return; trunc: ND_PRINT((ndo, ""[|pgm]"")); if (ch != '\0') ND_PRINT((ndo, "">"")); }",visit repo url,print-pgm.c,https://github.com/the-tcpdump-group/tcpdump,235090894947087,1 228,CWE-285,"int jffs2_set_acl(struct inode *inode, struct posix_acl *acl, int type) { int rc, xprefix; switch (type) { case ACL_TYPE_ACCESS: xprefix = JFFS2_XPREFIX_ACL_ACCESS; if (acl) { umode_t mode = inode->i_mode; rc = posix_acl_equiv_mode(acl, &mode); if (rc < 0) return rc; if (inode->i_mode != mode) { struct iattr attr; attr.ia_valid = ATTR_MODE | ATTR_CTIME; attr.ia_mode = mode; attr.ia_ctime = CURRENT_TIME_SEC; rc = jffs2_do_setattr(inode, &attr); if (rc < 0) return rc; } if (rc == 0) acl = NULL; } break; case ACL_TYPE_DEFAULT: xprefix = JFFS2_XPREFIX_ACL_DEFAULT; if (!S_ISDIR(inode->i_mode)) return acl ? -EACCES : 0; break; default: return -EINVAL; } rc = __jffs2_set_acl(inode, xprefix, acl); if (!rc) set_cached_acl(inode, type, acl); return rc; }",visit repo url,fs/jffs2/acl.c,https://github.com/torvalds/linux,54794764136529,1 4710,CWE-22,"static int msg_cache_check(const char *id, struct BodyCache *bcache, void *data) { struct Context *ctx = (struct Context *) data; if (!ctx) return -1; struct PopData *pop_data = (struct PopData *) ctx->data; if (!pop_data) return -1; #ifdef USE_HCACHE if (strcmp(HC_FNAME ""."" HC_FEXT, id) == 0) return 0; #endif for (int i = 0; i < ctx->msgcount; i++) { if (ctx->hdrs[i]->data && (mutt_str_strcmp(ctx->hdrs[i]->data, id) == 0)) return 0; } return mutt_bcache_del(bcache, id); }",visit repo url,pop.c,https://github.com/neomutt/neomutt,183834456600690,1 6279,CWE-908,"uint32_t sftp_parse_handle(struct sftpjob *job, struct handleid *id) { uint32_t len, rc; if((rc = sftp_parse_uint32(job, &len)) != SSH_FX_OK || len != 8 || (rc = sftp_parse_uint32(job, &id->id)) != SSH_FX_OK || (rc = sftp_parse_uint32(job, &id->tag) != SSH_FX_OK)) return rc; return SSH_FX_OK; }",visit repo url,parse.c,https://github.com/ewxrjk/sftpserver,39529769291970,1 521,['CWE-399'],"static void pwc_rvfree(void * mem, unsigned long size) { unsigned long adr; if (!mem) return; adr=(unsigned long) mem; while ((long) size > 0) { ClearPageReserved(vmalloc_to_page((void *)adr)); adr += PAGE_SIZE; size -= PAGE_SIZE; } vfree(mem); }",linux-2.6,,,104241103938327342917005405590432435561,0 4199,['CWE-399'],"void avahi_server_prepare_response(AvahiServer *s, AvahiInterface *i, AvahiEntry *e, int unicast_response, int auxiliary) { assert(s); assert(i); assert(e); avahi_record_list_push(s->record_list, e->record, e->flags & AVAHI_PUBLISH_UNIQUE, unicast_response, auxiliary); }",avahi,,,40595081593476940276906178976601738050,0 3585,['CWE-20'],"sctp_disposition_t sctp_sf_do_5_2_2_dupinit(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { return sctp_sf_do_unexpected_init(ep, asoc, type, arg, commands); }",linux-2.6,,,273990682911513977509822547836072432008,0 3903,['CWE-399'],"static int tda9874a_checkit(struct CHIPSTATE *chip) { int dic,sic; if(-1 == (dic = chip_read2(chip,TDA9874A_DIC))) return 0; if(-1 == (sic = chip_read2(chip,TDA9874A_SIC))) return 0; v4l_dbg(1, debug, chip->c, ""tda9874a_checkit(): DIC=0x%X, SIC=0x%X.\n"", dic, sic); if((dic == 0x11)||(dic == 0x07)) { v4l_info(chip->c, ""found tda9874%s.\n"", (dic == 0x11) ? ""a"":""h""); tda9874a_dic = dic; return 1; } return 0; }",linux-2.6,,,298881535722365591377547140658416352078,0 1527,[],"static unsigned long source_load(int cpu, int type) { struct rq *rq = cpu_rq(cpu); unsigned long total = weighted_cpuload(cpu); if (type == 0) return total; return min(rq->cpu_load[type-1], total); }",linux-2.6,,,215110883398050953206095801204218825262,0 4433,CWE-415,"mrb_realloc(mrb_state *mrb, void *p, size_t len) { void *p2; p2 = mrb_realloc_simple(mrb, p, len); if (len == 0) return p2; if (p2 == NULL) { mrb_free(mrb, p); mrb->gc.out_of_memory = TRUE; mrb_raise_nomemory(mrb); } else { mrb->gc.out_of_memory = FALSE; } return p2; }",visit repo url,src/gc.c,https://github.com/mruby/mruby,109040080635461,1 992,['CWE-94'],"generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags) { struct address_space *mapping = out->f_mapping; struct inode *inode = mapping->host; int killsuid, killpriv; ssize_t ret; int err = 0; killpriv = security_inode_need_killpriv(out->f_path.dentry); killsuid = should_remove_suid(out->f_path.dentry); if (unlikely(killsuid || killpriv)) { mutex_lock(&inode->i_mutex); if (killpriv) err = security_inode_killpriv(out->f_path.dentry); if (!err && killsuid) err = __remove_suid(out->f_path.dentry, killsuid); mutex_unlock(&inode->i_mutex); if (err) return err; } ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file); if (ret > 0) { unsigned long nr_pages; *ppos += ret; nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) { mutex_lock(&inode->i_mutex); err = generic_osync_inode(inode, mapping, OSYNC_METADATA|OSYNC_DATA); mutex_unlock(&inode->i_mutex); if (err) ret = err; } balance_dirty_pages_ratelimited_nr(mapping, nr_pages); } return ret; }",linux-2.6,,,230458535104379912809388132004898073994,0 2270,NVD-CWE-Other,"static ssize_t ext4_ext_direct_IO(int rw, struct kiocb *iocb, const struct iovec *iov, loff_t offset, unsigned long nr_segs) { struct file *file = iocb->ki_filp; struct inode *inode = file->f_mapping->host; ssize_t ret; size_t count = iov_length(iov, nr_segs); loff_t final_size = offset + count; if (rw == WRITE && final_size <= inode->i_size) { iocb->private = NULL; EXT4_I(inode)->cur_aio_dio = NULL; if (!is_sync_kiocb(iocb)) { iocb->private = ext4_init_io_end(inode); if (!iocb->private) return -ENOMEM; EXT4_I(inode)->cur_aio_dio = iocb->private; } ret = blockdev_direct_IO(rw, iocb, inode, inode->i_sb->s_bdev, iov, offset, nr_segs, ext4_get_block_write, ext4_end_io_dio); if (iocb->private) EXT4_I(inode)->cur_aio_dio = NULL; if (ret != -EIOCBQUEUED && ret <= 0 && iocb->private) { ext4_free_io_end(iocb->private); iocb->private = NULL; } else if (ret > 0 && ext4_test_inode_state(inode, EXT4_STATE_DIO_UNWRITTEN)) { int err; err = ext4_convert_unwritten_extents(inode, offset, ret); if (err < 0) ret = err; ext4_clear_inode_state(inode, EXT4_STATE_DIO_UNWRITTEN); } return ret; } return ext4_ind_direct_IO(rw, iocb, iov, offset, nr_segs); }",visit repo url,fs/ext4/inode.c,https://github.com/torvalds/linux,18877084120367,1 4073,['CWE-399'],"static int svc_create(struct net *net, struct socket *sock,int protocol) { int error; if (net != &init_net) return -EAFNOSUPPORT; sock->ops = &svc_proto_ops; error = vcc_create(net, sock, protocol, AF_ATMSVC); if (error) return error; ATM_SD(sock)->local.sas_family = AF_ATMSVC; ATM_SD(sock)->remote.sas_family = AF_ATMSVC; return 0; }",linux-2.6,,,167185465610513284364435791579087645245,0 5853,CWE-125,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_build_nack( pjmedia_rtcp_session *session, void *buf, pj_size_t *length, unsigned nack_cnt, const pjmedia_rtcp_fb_nack nack[]) { pjmedia_rtcp_common *hdr; pj_uint8_t *p; unsigned len, i; PJ_ASSERT_RETURN(session && buf && length && nack_cnt && nack, PJ_EINVAL); len = (3 + nack_cnt) * 4; if (len > *length) return PJ_ETOOSMALL; hdr = (pjmedia_rtcp_common*)buf; pj_memcpy(hdr, &session->rtcp_rr_pkt.common, sizeof(*hdr)); hdr->pt = RTCP_RTPFB; hdr->count = 1; hdr->length = pj_htons((pj_uint16_t)(len/4 - 1)); p = (pj_uint8_t*)hdr + sizeof(*hdr); for (i = 0; i < nack_cnt; ++i) { pj_uint16_t val; val = pj_htons((pj_uint16_t)nack[i].pid); pj_memcpy(p, &val, 2); val = pj_htons(nack[i].blp); pj_memcpy(p+2, &val, 2); p += 4; } *length = len; return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,268311021085974,1 2709,CWE-190,"SPL_METHOD(SplFileObject, eof) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } RETURN_BOOL(php_stream_eof(intern->u.file.stream)); } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,70856177837948,1 6238,['CWE-200'],"int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb) { int rc; unsigned long now; write_lock_bh(&neigh->lock); rc = 0; if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE)) goto out_unlock_bh; now = jiffies; if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) { if (neigh->parms->mcast_probes + neigh->parms->app_probes) { atomic_set(&neigh->probes, neigh->parms->ucast_probes); neigh->nud_state = NUD_INCOMPLETE; neigh_hold(neigh); neigh->timer.expires = now + 1; add_timer(&neigh->timer); } else { neigh->nud_state = NUD_FAILED; write_unlock_bh(&neigh->lock); if (skb) kfree_skb(skb); return 1; } } else if (neigh->nud_state & NUD_STALE) { NEIGH_PRINTK2(""neigh %p is delayed.\n"", neigh); neigh_hold(neigh); neigh->nud_state = NUD_DELAY; neigh->timer.expires = jiffies + neigh->parms->delay_probe_time; add_timer(&neigh->timer); } if (neigh->nud_state == NUD_INCOMPLETE) { if (skb) { if (skb_queue_len(&neigh->arp_queue) >= neigh->parms->queue_len) { struct sk_buff *buff; buff = neigh->arp_queue.next; __skb_unlink(buff, &neigh->arp_queue); kfree_skb(buff); } __skb_queue_tail(&neigh->arp_queue, skb); } rc = 1; } out_unlock_bh: write_unlock_bh(&neigh->lock); return rc; }",linux-2.6,,,8758448603168428368431709280941461468,0 1844,NVD-CWE-Other,"static int xfrm_expand_policies(const struct flowi *fl, u16 family, struct xfrm_policy **pols, int *num_pols, int *num_xfrms) { int i; if (*num_pols == 0 || !pols[0]) { *num_pols = 0; *num_xfrms = 0; return 0; } if (IS_ERR(pols[0])) return PTR_ERR(pols[0]); *num_xfrms = pols[0]->xfrm_nr; #ifdef CONFIG_XFRM_SUB_POLICY if (pols[0]->action == XFRM_POLICY_ALLOW && pols[0]->type != XFRM_POLICY_TYPE_MAIN) { pols[1] = xfrm_policy_lookup_bytype(xp_net(pols[0]), XFRM_POLICY_TYPE_MAIN, fl, family, XFRM_POLICY_OUT, pols[0]->if_id); if (pols[1]) { if (IS_ERR(pols[1])) { xfrm_pols_put(pols, *num_pols); return PTR_ERR(pols[1]); } (*num_pols)++; (*num_xfrms) += pols[1]->xfrm_nr; } } #endif for (i = 0; i < *num_pols; i++) { if (pols[i]->action != XFRM_POLICY_ALLOW) { *num_xfrms = -1; break; } } return 0; }",visit repo url,net/xfrm/xfrm_policy.c,https://github.com/torvalds/linux,250328567566175,1 5953,CWE-190,"static Jsi_RC ObjListifyCallback(Jsi_Tree *tree, Jsi_TreeEntry *hPtr, void *data) { Jsi_Interp *interp = tree->opts.interp; Jsi_Obj *obj = (Jsi_Obj*)data; int n; if (!hPtr->f.bits.dontenum) { char *ep = NULL, *cp = (char*)Jsi_TreeKeyGet(hPtr); if (!cp || !isdigit(*cp)) return JSI_OK; n = (int)strtol(cp, &ep, 0); if (n<0 || n >= interp->maxArrayList) return JSI_OK; hPtr->f.bits.isarrlist = 1; if (Jsi_ObjArraySizer(interp, obj, n) <= 0) return Jsi_LogError(""too long""); obj->arr[n] = (Jsi_Value*)Jsi_TreeValueGet(hPtr); } return JSI_OK; }",visit repo url,src/jsiObj.c,https://github.com/pcmacdon/jsish,236740479020547,1 749,CWE-20,"int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *address, int mode) { int size, ct, err; if (m->msg_namelen) { if (mode == VERIFY_READ) { void __user *namep; namep = (void __user __force *) m->msg_name; err = move_addr_to_kernel(namep, m->msg_namelen, address); if (err < 0) return err; } m->msg_name = address; } else { m->msg_name = NULL; } size = m->msg_iovlen * sizeof(struct iovec); if (copy_from_user(iov, (void __user __force *) m->msg_iov, size)) return -EFAULT; m->msg_iov = iov; err = 0; for (ct = 0; ct < m->msg_iovlen; ct++) { size_t len = iov[ct].iov_len; if (len > INT_MAX - err) { len = INT_MAX - err; iov[ct].iov_len = len; } err += len; } return err; }",visit repo url,net/core/iovec.c,https://github.com/torvalds/linux,95000477302680,1 425,[],"pfm_buf_fmt_restart_active(pfm_buffer_fmt_t *fmt, struct task_struct *task, pfm_ovfl_ctrl_t *ctrl, void *buf, struct pt_regs *regs) { int ret = 0; if (fmt->fmt_restart_active) ret = (*fmt->fmt_restart_active)(task, ctrl, buf, regs); return ret; }",linux-2.6,,,8901447454980394607510129445866200732,0 5881,['CWE-200'],"static int nr_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags) { struct sock *sk = sock->sk; struct nr_sock *nr = nr_sk(sk); struct sockaddr_ax25 *addr = (struct sockaddr_ax25 *)uaddr; ax25_address *source = NULL; ax25_uid_assoc *user; struct net_device *dev; int err = 0; lock_sock(sk); if (sk->sk_state == TCP_ESTABLISHED && sock->state == SS_CONNECTING) { sock->state = SS_CONNECTED; goto out_release; } if (sk->sk_state == TCP_CLOSE && sock->state == SS_CONNECTING) { sock->state = SS_UNCONNECTED; err = -ECONNREFUSED; goto out_release; } if (sk->sk_state == TCP_ESTABLISHED) { err = -EISCONN; goto out_release; } sk->sk_state = TCP_CLOSE; sock->state = SS_UNCONNECTED; if (addr_len != sizeof(struct sockaddr_ax25) && addr_len != sizeof(struct full_sockaddr_ax25)) { err = -EINVAL; goto out_release; } if (addr->sax25_family != AF_NETROM) { err = -EINVAL; goto out_release; } if (sock_flag(sk, SOCK_ZAPPED)) { sock_reset_flag(sk, SOCK_ZAPPED); if ((dev = nr_dev_first()) == NULL) { err = -ENETUNREACH; goto out_release; } source = (ax25_address *)dev->dev_addr; user = ax25_findbyuid(current_euid()); if (user) { nr->user_addr = user->call; ax25_uid_put(user); } else { if (ax25_uid_policy && !capable(CAP_NET_ADMIN)) { dev_put(dev); err = -EPERM; goto out_release; } nr->user_addr = *source; } nr->source_addr = *source; nr->device = dev; dev_put(dev); nr_insert_socket(sk); } nr->dest_addr = addr->sax25_call; release_sock(sk); circuit = nr_find_next_circuit(); lock_sock(sk); nr->my_index = circuit / 256; nr->my_id = circuit % 256; circuit++; sock->state = SS_CONNECTING; sk->sk_state = TCP_SYN_SENT; nr_establish_data_link(sk); nr->state = NR_STATE_1; nr_start_heartbeat(sk); if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) { err = -EINPROGRESS; goto out_release; } if (sk->sk_state == TCP_SYN_SENT) { DEFINE_WAIT(wait); for (;;) { prepare_to_wait(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); if (sk->sk_state != TCP_SYN_SENT) break; if (!signal_pending(current)) { release_sock(sk); schedule(); lock_sock(sk); continue; } err = -ERESTARTSYS; break; } finish_wait(sk->sk_sleep, &wait); if (err) goto out_release; } if (sk->sk_state != TCP_ESTABLISHED) { sock->state = SS_UNCONNECTED; err = sock_error(sk); goto out_release; } sock->state = SS_CONNECTED; out_release: release_sock(sk); return err; }",linux-2.6,,,102213032438473319416406180734200492218,0 4705,['CWE-20'],"static struct dentry *ext4_fh_to_parent(struct super_block *sb, struct fid *fid, int fh_len, int fh_type) { return generic_fh_to_parent(sb, fid, fh_len, fh_type, ext4_nfs_get_inode); }",linux-2.6,,,240140270105435525733712128009600923314,0 2857,CWE-787,"horizontalDifferenceF(float *ip, int n, int stride, uint16 *wp, uint16 *FromLT2) { int32 r1, g1, b1, a1, r2, g2, b2, a2, mask; float fltsize = Fltsize; #define CLAMP(v) ( (v<(float)0.) ? 0 \ : (v<(float)2.) ? FromLT2[(int)(v*fltsize)] \ : (v>(float)24.2) ? 2047 \ : LogK1*log(v*LogK2) + 0.5 ) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); a2 = wp[3] = (uint16) CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = (int32) CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,249185675440749,1 415,[],"pfm_end_notify_user(pfm_context_t *ctx) { pfm_msg_t *msg; msg = pfm_get_new_msg(ctx); if (msg == NULL) { printk(KERN_ERR ""perfmon: pfm_end_notify_user no more notification msgs\n""); return -1; } memset(msg, 0, sizeof(*msg)); msg->pfm_end_msg.msg_type = PFM_MSG_END; msg->pfm_end_msg.msg_ctx_fd = ctx->ctx_fd; msg->pfm_ovfl_msg.msg_tstamp = 0UL; DPRINT((""end msg: msg=%p no_msg=%d ctx_fd=%d\n"", msg, ctx->ctx_fl_no_msg, ctx->ctx_fd)); return pfm_notify_user(ctx, msg); }",linux-2.6,,,6462051824934897590773472327381622295,0 3455,['CWE-20'],"void sctp_ootb_pkt_free(struct sctp_packet *packet) { sctp_transport_free(packet->transport); }",linux-2.6,,,46040856499317334168570485930026336467,0 2677,[],"static int sctp_getsockopt_default_send_param(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_sndrcvinfo info; struct sctp_association *asoc; struct sctp_sock *sp = sctp_sk(sk); if (len < sizeof(struct sctp_sndrcvinfo)) return -EINVAL; len = sizeof(struct sctp_sndrcvinfo); if (copy_from_user(&info, optval, len)) return -EFAULT; asoc = sctp_id2assoc(sk, info.sinfo_assoc_id); if (!asoc && info.sinfo_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (asoc) { info.sinfo_stream = asoc->default_stream; info.sinfo_flags = asoc->default_flags; info.sinfo_ppid = asoc->default_ppid; info.sinfo_context = asoc->default_context; info.sinfo_timetolive = asoc->default_timetolive; } else { info.sinfo_stream = sp->default_stream; info.sinfo_flags = sp->default_flags; info.sinfo_ppid = sp->default_ppid; info.sinfo_context = sp->default_context; info.sinfo_timetolive = sp->default_timetolive; } if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &info, len)) return -EFAULT; return 0; }",linux-2.6,,,311879571463007431372322866318163965219,0 2953,CWE-59,"int main(int argc, char *argv[]) { int ret; struct lxc_lock *lock; lock = lxc_newlock(NULL, NULL); if (!lock) { fprintf(stderr, ""%d: failed to get unnamed lock\n"", __LINE__); exit(1); } ret = lxclock(lock, 0); if (ret) { fprintf(stderr, ""%d: failed to take unnamed lock (%d)\n"", __LINE__, ret); exit(1); } ret = lxcunlock(lock); if (ret) { fprintf(stderr, ""%d: failed to put unnamed lock (%d)\n"", __LINE__, ret); exit(1); } lxc_putlock(lock); lock = lxc_newlock(""/var/lib/lxc"", mycontainername); if (!lock) { fprintf(stderr, ""%d: failed to get lock\n"", __LINE__); exit(1); } struct stat sb; char *pathname = RUNTIME_PATH ""/lock/lxc/var/lib/lxc/""; ret = stat(pathname, &sb); if (ret != 0) { fprintf(stderr, ""%d: filename %s not created\n"", __LINE__, pathname); exit(1); } lxc_putlock(lock); test_two_locks(); fprintf(stderr, ""all tests passed\n""); exit(ret); }",visit repo url,src/tests/locktests.c,https://github.com/lxc/lxc,227883179579103,1 2799,CWE-787,"static void nsc_encode_sse2(NSC_CONTEXT* context, const BYTE* data, UINT32 scanline) { nsc_encode_argb_to_aycocg_sse2(context, data, scanline); if (context->ChromaSubsamplingLevel > 0) { nsc_encode_subsampling_sse2(context); } }",visit repo url,libfreerdp/codec/nsc_sse2.c,https://github.com/FreeRDP/FreeRDP,185442837916338,1 6316,['CWE-200'],"int neigh_table_clear(struct neigh_table *tbl) { struct neigh_table **tp; del_timer_sync(&tbl->gc_timer); del_timer_sync(&tbl->proxy_timer); pneigh_queue_purge(&tbl->proxy_queue); neigh_ifdown(tbl, NULL); if (atomic_read(&tbl->entries)) printk(KERN_CRIT ""neighbour leakage\n""); write_lock(&neigh_tbl_lock); for (tp = &neigh_tables; *tp; tp = &(*tp)->next) { if (*tp == tbl) { *tp = tbl->next; break; } } write_unlock(&neigh_tbl_lock); neigh_hash_free(tbl->hash_buckets, tbl->hash_mask + 1); tbl->hash_buckets = NULL; kfree(tbl->phash_buckets); tbl->phash_buckets = NULL; return 0; }",linux-2.6,,,246638971949845151599796224530699411767,0 5451,['CWE-476'],"struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id) { return kvm_x86_ops->vcpu_create(kvm, id); }",linux-2.6,,,56112551185191658985099227111023172751,0 64,CWE-119,"iakerb_gss_export_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t interprocess_token) { OM_uint32 maj; iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle; if (!ctx->established) return GSS_S_UNAVAILABLE; maj = krb5_gss_export_sec_context(minor_status, &ctx->gssc, interprocess_token); if (ctx->gssc == GSS_C_NO_CONTEXT) { iakerb_release_context(ctx); *context_handle = GSS_C_NO_CONTEXT; } return maj; }",visit repo url,src/lib/gssapi/krb5/iakerb.c,https://github.com/krb5/krb5,204764881867036,1 583,CWE-310,"static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport) { struct sock *sk = skb->sk; struct ipv6_pinfo *np = inet6_sk(sk); struct flowi6 fl6; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_proto = sk->sk_protocol; fl6.daddr = transport->ipaddr.v6.sin6_addr; fl6.saddr = transport->saddr.v6.sin6_addr; fl6.flowlabel = np->flow_label; IP6_ECN_flow_xmit(sk, fl6.flowlabel); if (ipv6_addr_type(&fl6.saddr) & IPV6_ADDR_LINKLOCAL) fl6.flowi6_oif = transport->saddr.v6.sin6_scope_id; else fl6.flowi6_oif = sk->sk_bound_dev_if; if (np->opt && np->opt->srcrt) { struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt; fl6.daddr = *rt0->addr; } pr_debug(""%s: skb:%p, len:%d, src:%pI6 dst:%pI6\n"", __func__, skb, skb->len, &fl6.saddr, &fl6.daddr); SCTP_INC_STATS(sock_net(sk), SCTP_MIB_OUTSCTPPACKS); if (!(transport->param_flags & SPP_PMTUD_ENABLE)) skb->local_df = 1; return ip6_xmit(sk, skb, &fl6, np->opt, np->tclass); }",visit repo url,net/sctp/ipv6.c,https://github.com/torvalds/linux,61367465446238,1 2249,['CWE-193'],"do_readahead(struct address_space *mapping, struct file *filp, pgoff_t index, unsigned long nr) { if (!mapping || !mapping->a_ops || !mapping->a_ops->readpage) return -EINVAL; force_page_cache_readahead(mapping, filp, index, max_sane_readahead(nr)); return 0; }",linux-2.6,,,166502794812808604414308488134707794513,0 841,CWE-20,"int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct rxrpc_skb_priv *sp; struct rxrpc_call *call = NULL, *continue_call = NULL; struct rxrpc_sock *rx = rxrpc_sk(sock->sk); struct sk_buff *skb; long timeo; int copy, ret, ullen, offset, copied = 0; u32 abort_code; DEFINE_WAIT(wait); _enter("",,,%zu,%d"", len, flags); if (flags & (MSG_OOB | MSG_TRUNC)) return -EOPNOTSUPP; ullen = msg->msg_flags & MSG_CMSG_COMPAT ? 4 : sizeof(unsigned long); timeo = sock_rcvtimeo(&rx->sk, flags & MSG_DONTWAIT); msg->msg_flags |= MSG_MORE; lock_sock(&rx->sk); for (;;) { if (RB_EMPTY_ROOT(&rx->calls)) { if (copied) goto out; if (rx->sk.sk_state != RXRPC_SERVER_LISTENING) { release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); return -ENODATA; } } skb = skb_peek(&rx->sk.sk_receive_queue); if (!skb) { if (copied && (msg->msg_flags & MSG_PEEK || timeo == 0)) goto out; release_sock(&rx->sk); prepare_to_wait_exclusive(sk_sleep(&rx->sk), &wait, TASK_INTERRUPTIBLE); ret = sock_error(&rx->sk); if (ret) goto wait_error; if (skb_queue_empty(&rx->sk.sk_receive_queue)) { if (signal_pending(current)) goto wait_interrupted; timeo = schedule_timeout(timeo); } finish_wait(sk_sleep(&rx->sk), &wait); lock_sock(&rx->sk); continue; } peek_next_packet: sp = rxrpc_skb(skb); call = sp->call; ASSERT(call != NULL); _debug(""next pkt %s"", rxrpc_pkts[sp->hdr.type]); spin_lock_bh(&call->lock); spin_unlock_bh(&call->lock); if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { _debug(""packet from released call""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); continue; } if (continue_call) { _debug(""maybe cont""); if (call != continue_call || skb->mark != RXRPC_SKB_MARK_DATA) { release_sock(&rx->sk); rxrpc_put_call(continue_call); _leave("" = %d [noncont]"", copied); return copied; } } rxrpc_get_call(call); if (!continue_call) { if (msg->msg_name && msg->msg_namelen > 0) memcpy(msg->msg_name, &call->conn->trans->peer->srx, sizeof(call->conn->trans->peer->srx)); sock_recv_ts_and_drops(msg, &rx->sk, skb); } if (skb->mark != RXRPC_SKB_MARK_DATA) goto receive_non_data_message; _debug(""recvmsg DATA #%u { %d, %d }"", ntohl(sp->hdr.seq), skb->len, sp->offset); if (!continue_call) { ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); } ASSERTCMP(ntohl(sp->hdr.seq), >=, call->rx_data_recv); ASSERTCMP(ntohl(sp->hdr.seq), <=, call->rx_data_recv + 1); call->rx_data_recv = ntohl(sp->hdr.seq); ASSERTCMP(ntohl(sp->hdr.seq), >, call->rx_data_eaten); offset = sp->offset; copy = skb->len - offset; if (copy > len - copied) copy = len - copied; if (skb->ip_summed == CHECKSUM_UNNECESSARY) { ret = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copy); } else { ret = skb_copy_and_csum_datagram_iovec(skb, offset, msg->msg_iov); if (ret == -EINVAL) goto csum_copy_error; } if (ret < 0) goto copy_error; _debug(""copied %d+%d"", copy, copied); offset += copy; copied += copy; if (!(flags & MSG_PEEK)) sp->offset = offset; if (sp->offset < skb->len) { _debug(""buffer full""); ASSERTCMP(copied, ==, len); break; } if (sp->hdr.flags & RXRPC_LAST_PACKET) { _debug(""last""); if (call->conn->out_clientflag) { ret = copied; goto terminal_message; } if (!(flags & MSG_PEEK)) { _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } msg->msg_flags &= ~MSG_MORE; break; } _debug(""next""); if (!continue_call) continue_call = sp->call; else rxrpc_put_call(call); call = NULL; if (flags & MSG_PEEK) { _debug(""peek next""); skb = skb->next; if (skb == (struct sk_buff *) &rx->sk.sk_receive_queue) break; goto peek_next_packet; } _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } _debug(""end rcv data""); out: release_sock(&rx->sk); if (call) rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d [data]"", copied); return copied; receive_non_data_message: _debug(""non-data""); if (skb->mark == RXRPC_SKB_MARK_NEW_CALL) { _debug(""RECV NEW CALL""); ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &abort_code); if (ret < 0) goto copy_error; if (!(flags & MSG_PEEK)) { if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } goto out; } ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); switch (skb->mark) { case RXRPC_SKB_MARK_DATA: BUG(); case RXRPC_SKB_MARK_FINAL_ACK: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &abort_code); break; case RXRPC_SKB_MARK_BUSY: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_BUSY, 0, &abort_code); break; case RXRPC_SKB_MARK_REMOTE_ABORT: abort_code = call->abort_code; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &abort_code); break; case RXRPC_SKB_MARK_NET_ERROR: _debug(""RECV NET ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NET_ERROR, 4, &abort_code); break; case RXRPC_SKB_MARK_LOCAL_ERROR: _debug(""RECV LOCAL ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_LOCAL_ERROR, 4, &abort_code); break; default: BUG(); break; } if (ret < 0) goto copy_error; terminal_message: _debug(""terminal""); msg->msg_flags &= ~MSG_MORE; msg->msg_flags |= MSG_EOR; if (!(flags & MSG_PEEK)) { _net(""free terminal skb %p"", skb); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); rxrpc_remove_user_ID(rx, call); } release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; copy_error: _debug(""copy error""); release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; csum_copy_error: _debug(""csum error""); release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); rxrpc_kill_skb(skb); skb_kill_datagram(&rx->sk, skb, flags); rxrpc_put_call(call); return -EAGAIN; wait_interrupted: ret = sock_intr_errno(timeo); wait_error: finish_wait(sk_sleep(&rx->sk), &wait); if (continue_call) rxrpc_put_call(continue_call); if (copied) copied = ret; _leave("" = %d [waitfail %d]"", copied, ret); return copied; }",visit repo url,net/rxrpc/ar-recvmsg.c,https://github.com/torvalds/linux,131822081142701,1 4775,CWE-119,"static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) { muscle_private_t* priv = MUSCLE_DATA(card); mscfs_t *fs = priv->fs; int x; int count = 0; mscfs_check_cache(priv->fs); for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ""FILE: %02X%02X%02X%02X\n"", oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; if(buf[0] == 0x00 && buf[1] == 0x00) continue; buf += 2; count+=2; } } return count; }",visit repo url,src/libopensc/card-muscle.c,https://github.com/OpenSC/OpenSC,15195210024435,1 4251,['CWE-119'],"sctp_disposition_t sctp_sf_t4_timer_expire( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = asoc->addip_last_asconf; struct sctp_transport *transport = chunk->transport; SCTP_INC_STATS(SCTP_MIB_T4_RTO_EXPIREDS); sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport)); sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T4, SCTP_CHUNK(chunk)); if (asoc->overall_error_count >= asoc->max_retrans) { sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ETIMEDOUT)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_NO_ERROR)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); return SCTP_DISPOSITION_ABORT; } sctp_chunk_hold(asoc->addip_last_asconf); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(asoc->addip_last_asconf)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_T4_RTO)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,89331269158121456950398464294801749709,0 4305,CWE-122,"static RList *create_cache_bins(RBinFile *bf, RDyldCache *cache) { RList *bins = r_list_newf ((RListFree)free_bin); ut16 *depArray = NULL; cache_imgxtr_t *extras = NULL; if (!bins) { return NULL; } char *target_libs = NULL; RList *target_lib_names = NULL; int *deps = NULL; target_libs = r_sys_getenv (""R_DYLDCACHE_FILTER""); if (target_libs) { target_lib_names = r_str_split_list (target_libs, "":"", 0); if (!target_lib_names) { r_list_free (bins); return NULL; } deps = R_NEWS0 (int, cache->hdr->imagesCount); if (!deps) { r_list_free (bins); r_list_free (target_lib_names); return NULL; } } ut32 i; for (i = 0; i < cache->n_hdr; i++) { cache_hdr_t *hdr = &cache->hdr[i]; ut64 hdr_offset = cache->hdr_offset[i]; ut32 maps_index = cache->maps_index[i]; cache_img_t *img = read_cache_images (cache->buf, hdr, hdr_offset); if (!img) { goto next; } ut32 j; if (target_libs) { HtPU *path_to_idx = NULL; if (cache->accel) { depArray = R_NEWS0 (ut16, cache->accel->depListCount); if (!depArray) { goto next; } if (r_buf_fread_at (cache->buf, cache->accel->depListOffset, (ut8*) depArray, ""s"", cache->accel->depListCount) != cache->accel->depListCount * 2) { goto next; } extras = read_cache_imgextra (cache->buf, hdr, cache->accel); if (!extras) { goto next; } } else { path_to_idx = create_path_to_index (cache->buf, img, hdr); } for (j = 0; j < hdr->imagesCount; j++) { bool printing = !deps[j]; char *lib_name = get_lib_name (cache->buf, &img[j]); if (!lib_name) { break; } if (strstr (lib_name, ""libobjc.A.dylib"")) { deps[j]++; } if (!r_list_find (target_lib_names, lib_name, string_contains)) { R_FREE (lib_name); continue; } if (printing) { eprintf (""FILTER: %s\n"", lib_name); } R_FREE (lib_name); deps[j]++; if (extras && depArray) { ut32 k; for (k = extras[j].dependentsStartArrayIndex; depArray[k] != 0xffff; k++) { ut16 dep_index = depArray[k] & 0x7fff; deps[dep_index]++; char *dep_name = get_lib_name (cache->buf, &img[dep_index]); if (!dep_name) { break; } if (printing) { eprintf (""-> %s\n"", dep_name); } free (dep_name); } } else if (path_to_idx) { carve_deps_at_address (cache, img, path_to_idx, img[j].address, deps, printing); } } ht_pu_free (path_to_idx); R_FREE (depArray); R_FREE (extras); } for (j = 0; j < hdr->imagesCount; j++) { if (deps && !deps[j]) { continue; } ut64 pa = va2pa (img[j].address, hdr->mappingCount, &cache->maps[maps_index], cache->buf, 0, NULL, NULL); if (pa == UT64_MAX) { continue; } ut8 magicbytes[4]; r_buf_read_at (cache->buf, pa, magicbytes, 4); int magic = r_read_le32 (magicbytes); switch (magic) { case MH_MAGIC_64: { char file[256]; RDyldBinImage *bin = R_NEW0 (RDyldBinImage); if (!bin) { goto next; } bin->header_at = pa; bin->hdr_offset = hdr_offset; bin->symbols_off = resolve_symbols_off (cache, pa); bin->va = img[j].address; if (r_buf_read_at (cache->buf, img[j].pathFileOffset, (ut8*) &file, sizeof (file)) == sizeof (file)) { file[255] = 0; char *last_slash = strrchr (file, '/'); if (last_slash && *last_slash) { if (last_slash > file) { char *scan = last_slash - 1; while (scan > file && *scan != '/') { scan--; } if (*scan == '/') { bin->file = strdup (scan + 1); } else { bin->file = strdup (last_slash + 1); } } else { bin->file = strdup (last_slash + 1); } } else { bin->file = strdup (file); } } r_list_append (bins, bin); break; } default: eprintf (""Unknown sub-bin\n""); break; } } next: R_FREE (depArray); R_FREE (extras); R_FREE (img); } if (r_list_empty (bins)) { r_list_free (bins); bins = NULL; } R_FREE (deps); R_FREE (target_libs); r_list_free (target_lib_names); return bins; }",visit repo url,libr/bin/p/bin_dyldcache.c,https://github.com/radareorg/radare2,118884230432330,1 4509,['CWE-20'],"static int verify_group_input(struct super_block *sb, struct ext4_new_group_data *input) { struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_super_block *es = sbi->s_es; ext4_fsblk_t start = ext4_blocks_count(es); ext4_fsblk_t end = start + input->blocks_count; ext4_group_t group = input->group; ext4_fsblk_t itend = input->inode_table + sbi->s_itb_per_group; unsigned overhead = ext4_bg_has_super(sb, group) ? (1 + ext4_bg_num_gdb(sb, group) + le16_to_cpu(es->s_reserved_gdt_blocks)) : 0; ext4_fsblk_t metaend = start + overhead; struct buffer_head *bh = NULL; ext4_grpblk_t free_blocks_count, offset; int err = -EINVAL; input->free_blocks_count = free_blocks_count = input->blocks_count - 2 - overhead - sbi->s_itb_per_group; if (test_opt(sb, DEBUG)) printk(KERN_DEBUG ""EXT4-fs: adding %s group %u: %u blocks "" ""(%d free, %u reserved)\n"", ext4_bg_has_super(sb, input->group) ? ""normal"" : ""no-super"", input->group, input->blocks_count, free_blocks_count, input->reserved_blocks); ext4_get_group_no_and_offset(sb, start, NULL, &offset); if (group != sbi->s_groups_count) ext4_warning(sb, __func__, ""Cannot add at group %u (only %u groups)"", input->group, sbi->s_groups_count); else if (offset != 0) ext4_warning(sb, __func__, ""Last group not full""); else if (input->reserved_blocks > input->blocks_count / 5) ext4_warning(sb, __func__, ""Reserved blocks too high (%u)"", input->reserved_blocks); else if (free_blocks_count < 0) ext4_warning(sb, __func__, ""Bad blocks count %u"", input->blocks_count); else if (!(bh = sb_bread(sb, end - 1))) ext4_warning(sb, __func__, ""Cannot read last block (%llu)"", end - 1); else if (outside(input->block_bitmap, start, end)) ext4_warning(sb, __func__, ""Block bitmap not in group (block %llu)"", (unsigned long long)input->block_bitmap); else if (outside(input->inode_bitmap, start, end)) ext4_warning(sb, __func__, ""Inode bitmap not in group (block %llu)"", (unsigned long long)input->inode_bitmap); else if (outside(input->inode_table, start, end) || outside(itend - 1, start, end)) ext4_warning(sb, __func__, ""Inode table not in group (blocks %llu-%llu)"", (unsigned long long)input->inode_table, itend - 1); else if (input->inode_bitmap == input->block_bitmap) ext4_warning(sb, __func__, ""Block bitmap same as inode bitmap (%llu)"", (unsigned long long)input->block_bitmap); else if (inside(input->block_bitmap, input->inode_table, itend)) ext4_warning(sb, __func__, ""Block bitmap (%llu) in inode table (%llu-%llu)"", (unsigned long long)input->block_bitmap, (unsigned long long)input->inode_table, itend - 1); else if (inside(input->inode_bitmap, input->inode_table, itend)) ext4_warning(sb, __func__, ""Inode bitmap (%llu) in inode table (%llu-%llu)"", (unsigned long long)input->inode_bitmap, (unsigned long long)input->inode_table, itend - 1); else if (inside(input->block_bitmap, start, metaend)) ext4_warning(sb, __func__, ""Block bitmap (%llu) in GDT table"" "" (%llu-%llu)"", (unsigned long long)input->block_bitmap, start, metaend - 1); else if (inside(input->inode_bitmap, start, metaend)) ext4_warning(sb, __func__, ""Inode bitmap (%llu) in GDT table"" "" (%llu-%llu)"", (unsigned long long)input->inode_bitmap, start, metaend - 1); else if (inside(input->inode_table, start, metaend) || inside(itend - 1, start, metaend)) ext4_warning(sb, __func__, ""Inode table (%llu-%llu) overlaps"" ""GDT table (%llu-%llu)"", (unsigned long long)input->inode_table, itend - 1, start, metaend - 1); else err = 0; brelse(bh); return err; }",linux-2.6,,,228488893860518117939278009627835171771,0 690,[],"static jpc_mstabent_t *jpc_mstab_lookup(int id) { jpc_mstabent_t *mstabent; for (mstabent = jpc_mstab;; ++mstabent) { if (mstabent->id == id || mstabent->id < 0) { return mstabent; } } assert(0); return 0; }",jasper,,,249310928524146562811281324326256768341,0 1288,CWE-189,"static ssize_t __nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen) { struct page *pages[NFS4ACL_MAXPAGES]; struct nfs_getaclargs args = { .fh = NFS_FH(inode), .acl_pages = pages, .acl_len = buflen, }; struct nfs_getaclres res = { .acl_len = buflen, }; void *resp_buf; struct rpc_message msg = { .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_GETACL], .rpc_argp = &args, .rpc_resp = &res, }; struct page *localpage = NULL; int ret; if (buflen < PAGE_SIZE) { localpage = alloc_page(GFP_KERNEL); resp_buf = page_address(localpage); if (localpage == NULL) return -ENOMEM; args.acl_pages[0] = localpage; args.acl_pgbase = 0; args.acl_len = PAGE_SIZE; } else { resp_buf = buf; buf_to_pages(buf, buflen, args.acl_pages, &args.acl_pgbase); } ret = nfs4_call_sync(NFS_SERVER(inode)->client, NFS_SERVER(inode), &msg, &args.seq_args, &res.seq_res, 0); if (ret) goto out_free; if (res.acl_len > args.acl_len) nfs4_write_cached_acl(inode, NULL, res.acl_len); else nfs4_write_cached_acl(inode, resp_buf, res.acl_len); if (buf) { ret = -ERANGE; if (res.acl_len > buflen) goto out_free; if (localpage) memcpy(buf, resp_buf, res.acl_len); } ret = res.acl_len; out_free: if (localpage) __free_page(localpage); return ret; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,79857773758632,1 285,[],"static int do_wireless_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) { struct iwreq __user *iwr; struct iwreq __user *iwr_u; struct iw_point __user *iwp; struct compat_iw_point __user *iwp_u; compat_caddr_t pointer; __u16 length, flags; iwr_u = compat_ptr(arg); iwp_u = (struct compat_iw_point __user *) &iwr_u->u.data; iwr = compat_alloc_user_space(sizeof(*iwr)); if (iwr == NULL) return -ENOMEM; iwp = &iwr->u.data; if (!access_ok(VERIFY_WRITE, iwr, sizeof(*iwr))) return -EFAULT; if (__copy_in_user(&iwr->ifr_ifrn.ifrn_name[0], &iwr_u->ifr_ifrn.ifrn_name[0], sizeof(iwr->ifr_ifrn.ifrn_name))) return -EFAULT; if (__get_user(pointer, &iwp_u->pointer) || __get_user(length, &iwp_u->length) || __get_user(flags, &iwp_u->flags)) return -EFAULT; if (__put_user(compat_ptr(pointer), &iwp->pointer) || __put_user(length, &iwp->length) || __put_user(flags, &iwp->flags)) return -EFAULT; return sys_ioctl(fd, cmd, (unsigned long) iwr); }",linux-2.6,,,132382282542115475969819276778577739887,0 2470,CWE-119,"log2vis_utf8 (PyObject * string, int unicode_length, FriBidiParType base_direction, int clean, int reordernsm) { FriBidiChar *logical = NULL; FriBidiChar *visual = NULL; char *visual_utf8 = NULL; FriBidiStrIndex new_len = 0; PyObject *result = NULL; logical = PyMem_New (FriBidiChar, unicode_length + 1); if (logical == NULL) { PyErr_SetString (PyExc_MemoryError, ""failed to allocate unicode buffer""); goto cleanup; } visual = PyMem_New (FriBidiChar, unicode_length + 1); if (visual == NULL) { PyErr_SetString (PyExc_MemoryError, ""failed to allocate unicode buffer""); goto cleanup; } fribidi_set_reorder_nsm(reordernsm); fribidi_utf8_to_unicode (PyString_AS_STRING (string), PyString_GET_SIZE (string), logical); if (!fribidi_log2vis (logical, unicode_length, &base_direction, visual, NULL, NULL, NULL)) { PyErr_SetString (PyExc_RuntimeError, ""fribidi failed to order string""); goto cleanup; } if (clean) fribidi_remove_bidi_marks (visual, unicode_length, NULL, NULL, NULL); visual_utf8 = PyMem_New(char, (unicode_length * 4)+1); if (visual_utf8 == NULL) { PyErr_SetString (PyExc_MemoryError, ""failed to allocate UTF-8 buffer""); goto cleanup; } new_len = fribidi_unicode_to_utf8 (visual, unicode_length, visual_utf8); result = PyString_FromStringAndSize (visual_utf8, new_len); if (result == NULL) goto cleanup; cleanup: PyMem_Del (logical); PyMem_Del (visual); PyMem_Del (visual_utf8); return result; }",visit repo url,pyfribidi.c,https://github.com/pediapress/pyfribidi,180667648948377,1 1067,['CWE-20'],"asmlinkage long sys_times(struct tms __user * tbuf) { if (tbuf) { struct tms tmp; struct task_struct *tsk = current; struct task_struct *t; cputime_t utime, stime, cutime, cstime; spin_lock_irq(&tsk->sighand->siglock); utime = tsk->signal->utime; stime = tsk->signal->stime; t = tsk; do { utime = cputime_add(utime, t->utime); stime = cputime_add(stime, t->stime); t = next_thread(t); } while (t != tsk); cutime = tsk->signal->cutime; cstime = tsk->signal->cstime; spin_unlock_irq(&tsk->sighand->siglock); tmp.tms_utime = cputime_to_clock_t(utime); tmp.tms_stime = cputime_to_clock_t(stime); tmp.tms_cutime = cputime_to_clock_t(cutime); tmp.tms_cstime = cputime_to_clock_t(cstime); if (copy_to_user(tbuf, &tmp, sizeof(struct tms))) return -EFAULT; } return (long) jiffies_64_to_clock_t(get_jiffies_64()); }",linux-2.6,,,149222851615422091316330476046229796138,0 1229,CWE-400,"static void perf_swevent_overflow(struct perf_event *event, u64 overflow, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { struct hw_perf_event *hwc = &event->hw; int throttle = 0; data->period = event->hw.last_period; if (!overflow) overflow = perf_swevent_set_period(event); if (hwc->interrupts == MAX_INTERRUPTS) return; for (; overflow; overflow--) { if (__perf_event_overflow(event, nmi, throttle, data, regs)) { break; } throttle = 1; } }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,69207010503463,1 4817,CWE-119,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 2778,['CWE-264'],"interpret_ack( struct net_device *dev, unsigned ack ) { struct net_local *nl = (struct net_local *) dev->priv; if( ack == FRAME_SENT_OK ) { nl->state &= ~FL_NEED_RESEND; if( nl->state & FL_WAIT_ACK ) { nl->outpos += nl->framelen; if( --nl->tx_frameno ) nl->framelen = min_t(unsigned int, nl->maxframe, nl->tx_buf_p->len - nl->outpos); else send_complete( nl ), #ifdef CONFIG_SBNI_MULTILINE netif_wake_queue( nl->master ); #else netif_wake_queue( dev ); #endif } } nl->state &= ~FL_WAIT_ACK; }",linux-2.6,,,275149251091846812917900834130737575662,0 5681,['CWE-476'],"static int udpv6_rcv(struct sk_buff **pskb) { struct sk_buff *skb = *pskb; struct sock *sk; struct udphdr *uh; struct net_device *dev = skb->dev; struct in6_addr *saddr, *daddr; u32 ulen = 0; if (!pskb_may_pull(skb, sizeof(struct udphdr))) goto short_packet; saddr = &skb->nh.ipv6h->saddr; daddr = &skb->nh.ipv6h->daddr; uh = skb->h.uh; ulen = ntohs(uh->len); if (ulen == 0) ulen = skb->len; if (ulen > skb->len || ulen < sizeof(*uh)) goto short_packet; if (uh->check == 0) { LIMIT_NETDEBUG(KERN_INFO ""IPv6: udp checksum is 0\n""); goto discard; } if (ulen < skb->len) { if (pskb_trim_rcsum(skb, ulen)) goto discard; saddr = &skb->nh.ipv6h->saddr; daddr = &skb->nh.ipv6h->daddr; uh = skb->h.uh; } if (skb->ip_summed == CHECKSUM_COMPLETE && !csum_ipv6_magic(saddr, daddr, ulen, IPPROTO_UDP, skb->csum)) skb->ip_summed = CHECKSUM_UNNECESSARY; if (skb->ip_summed != CHECKSUM_UNNECESSARY) skb->csum = ~csum_ipv6_magic(saddr, daddr, ulen, IPPROTO_UDP, 0); if (ipv6_addr_is_multicast(daddr)) { udpv6_mcast_deliver(uh, saddr, daddr, skb); return 0; } sk = udp_v6_lookup(saddr, uh->source, daddr, uh->dest, dev->ifindex); if (sk == NULL) { if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) goto discard; if (skb_checksum_complete(skb)) goto discard; UDP6_INC_STATS_BH(UDP_MIB_NOPORTS); icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev); kfree_skb(skb); return(0); } udpv6_queue_rcv_skb(sk, skb); sock_put(sk); return(0); short_packet: if (net_ratelimit()) printk(KERN_DEBUG ""UDP: short packet: %d/%u\n"", ulen, skb->len); discard: UDP6_INC_STATS_BH(UDP_MIB_INERRORS); kfree_skb(skb); return(0); }",linux-2.6,,,282528451709263098144864218618363500571,0 3916,CWE-416,"can_unload_buffer(buf_T *buf) { int can_unload = !buf->b_locked; if (can_unload && updating_screen) { win_T *wp; FOR_ALL_WINDOWS(wp) if (wp->w_buffer == buf) { can_unload = FALSE; break; } } if (!can_unload) semsg(_(e_attempt_to_delete_buffer_that_is_in_use_str), buf->b_fname); return can_unload; }",visit repo url,src/buffer.c,https://github.com/vim/vim,126675997961495,1 4252,CWE-416,"static pyc_object *get_none_object(void) { pyc_object *ret; ret = R_NEW0 (pyc_object); if (!ret) { return NULL; } ret->type = TYPE_NONE; ret->data = strdup (""None""); if (!ret->data) { R_FREE (ret); } return ret; }",visit repo url,libr/bin/format/pyc/marshal.c,https://github.com/radareorg/radare2,236447091396850,1 1149,['CWE-362'],"static void redo_inode_mask(struct inode *inode) { unsigned long new_mask; struct dnotify_struct *dn; new_mask = 0; for (dn = inode->i_dnotify; dn != NULL; dn = dn->dn_next) new_mask |= dn->dn_mask & ~DN_MULTISHOT; inode->i_dnotify_mask = new_mask; }",linux-2.6,,,76194505737714731917585183424152751378,0 3432,CWE-119,"static void show_object(struct object *object, struct strbuf *path, const char *last, void *data) { struct bitmap *base = data; int bitmap_pos; bitmap_pos = bitmap_position(object->oid.hash); if (bitmap_pos < 0) { char *name = path_name(path, last); bitmap_pos = ext_index_add_object(object, name); free(name); } bitmap_set(base, bitmap_pos); }",visit repo url,pack-bitmap.c,https://github.com/git/git,49413044528141,1 6544,['CWE-200'],"applet_find_active_connection_for_device (NMDevice *device, NMApplet *applet, NMActiveConnection **out_active) { const GPtrArray *active_connections; NMConnection *connection = NULL; int i; g_return_val_if_fail (NM_IS_DEVICE (device), NULL); g_return_val_if_fail (NM_IS_APPLET (applet), NULL); if (out_active) g_return_val_if_fail (*out_active == NULL, NULL); active_connections = nm_client_get_active_connections (applet->nm_client); for (i = 0; active_connections && (i < active_connections->len); i++) { NMActiveConnection *active; const char *service_name; const char *connection_path; const GPtrArray *devices; active = NM_ACTIVE_CONNECTION (g_ptr_array_index (active_connections, i)); devices = nm_active_connection_get_devices (active); service_name = nm_active_connection_get_service_name (active); connection_path = nm_active_connection_get_connection (active); if (!devices || !service_name || !connection_path) continue; if (!nm_g_ptr_array_contains (devices, device)) continue; if (!strcmp (service_name, NM_DBUS_SERVICE_SYSTEM_SETTINGS)) { NMDBusConnection *tmp; tmp = nm_dbus_settings_get_connection_by_path (applet->dbus_settings, connection_path); if (tmp) { connection = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (tmp)); if (out_active) *out_active = active; break; } } else if (!strcmp (service_name, NM_DBUS_SERVICE_USER_SETTINGS)) { NMAGConfConnection *tmp; tmp = nma_gconf_settings_get_by_dbus_path (applet->gconf_settings, connection_path); if (tmp) { connection = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (tmp)); if (out_active) *out_active = active; break; } } } return connection; }",network-manager-applet,,,197526341573172879611011560920674020864,0 2838,['CWE-119'],"posix_state_to_acl(struct posix_acl_state *state, unsigned int flags) { struct posix_acl_entry *pace; struct posix_acl *pacl; int nace; int i, error = 0; if (state->empty && (flags & NFS4_ACL_TYPE_DEFAULT)) { pacl = posix_acl_alloc(0, GFP_KERNEL); return pacl ? pacl : ERR_PTR(-ENOMEM); } nace = 4 + state->users->n + state->groups->n; pacl = posix_acl_alloc(nace, GFP_KERNEL); if (!pacl) return ERR_PTR(-ENOMEM); pace = pacl->a_entries; pace->e_tag = ACL_USER_OBJ; error = check_deny(state->owner.deny, 1); if (error) goto out_err; low_mode_from_nfs4(state->owner.allow, &pace->e_perm, flags); pace->e_id = ACL_UNDEFINED_ID; for (i=0; i < state->users->n; i++) { pace++; pace->e_tag = ACL_USER; error = check_deny(state->users->aces[i].perms.deny, 0); if (error) goto out_err; low_mode_from_nfs4(state->users->aces[i].perms.allow, &pace->e_perm, flags); pace->e_id = state->users->aces[i].uid; add_to_mask(state, &state->users->aces[i].perms); } pace++; pace->e_tag = ACL_GROUP_OBJ; error = check_deny(state->group.deny, 0); if (error) goto out_err; low_mode_from_nfs4(state->group.allow, &pace->e_perm, flags); pace->e_id = ACL_UNDEFINED_ID; add_to_mask(state, &state->group); for (i=0; i < state->groups->n; i++) { pace++; pace->e_tag = ACL_GROUP; error = check_deny(state->groups->aces[i].perms.deny, 0); if (error) goto out_err; low_mode_from_nfs4(state->groups->aces[i].perms.allow, &pace->e_perm, flags); pace->e_id = state->groups->aces[i].uid; add_to_mask(state, &state->groups->aces[i].perms); } pace++; pace->e_tag = ACL_MASK; low_mode_from_nfs4(state->mask.allow, &pace->e_perm, flags); pace->e_id = ACL_UNDEFINED_ID; pace++; pace->e_tag = ACL_OTHER; error = check_deny(state->other.deny, 0); if (error) goto out_err; low_mode_from_nfs4(state->other.allow, &pace->e_perm, flags); pace->e_id = ACL_UNDEFINED_ID; return pacl; out_err: posix_acl_release(pacl); return ERR_PTR(error); }",linux-2.6,,,111217456378488341383099836152197132283,0 65,['CWE-787'],"static void cirrus_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val) { CirrusVGAState *s = (CirrusVGAState *) opaque; addr &= CIRRUS_PNPMMIO_SIZE - 1; if (addr >= 0x100) { cirrus_mmio_blt_write(s, addr - 0x100, val); } else { vga_ioport_write(s, addr + 0x3c0, val); } }",qemu,,,22632654191835490779579943430012453599,0 3804,[],"static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr=(struct sockaddr_un *)uaddr; struct dentry * dentry = NULL; struct nameidata nd; int err; unsigned hash; struct unix_address *addr; struct hlist_head *list; err = -EINVAL; if (sunaddr->sun_family != AF_UNIX) goto out; if (addr_len==sizeof(short)) { err = unix_autobind(sock); goto out; } err = unix_mkname(sunaddr, addr_len, &hash); if (err < 0) goto out; addr_len = err; mutex_lock(&u->readlock); err = -EINVAL; if (u->addr) goto out_up; err = -ENOMEM; addr = kmalloc(sizeof(*addr)+addr_len, GFP_KERNEL); if (!addr) goto out_up; memcpy(addr->name, sunaddr, addr_len); addr->len = addr_len; addr->hash = hash ^ sk->sk_type; atomic_set(&addr->refcnt, 1); if (sunaddr->sun_path[0]) { unsigned int mode; err = 0; err = path_lookup(sunaddr->sun_path, LOOKUP_PARENT, &nd); if (err) goto out_mknod_parent; dentry = lookup_create(&nd, 0); err = PTR_ERR(dentry); if (IS_ERR(dentry)) goto out_mknod_unlock; mode = S_IFSOCK | (SOCK_INODE(sock)->i_mode & ~current->fs->umask); err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); if (err) goto out_mknod_dput; mutex_unlock(&nd.dentry->d_inode->i_mutex); dput(nd.dentry); nd.dentry = dentry; addr->hash = UNIX_HASH_SIZE; } spin_lock(&unix_table_lock); if (!sunaddr->sun_path[0]) { err = -EADDRINUSE; if (__unix_find_socket_byname(sunaddr, addr_len, sk->sk_type, hash)) { unix_release_addr(addr); goto out_unlock; } list = &unix_socket_table[addr->hash]; } else { list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)]; u->dentry = nd.dentry; u->mnt = nd.mnt; } err = 0; __unix_remove_socket(sk); u->addr = addr; __unix_insert_socket(list, sk); out_unlock: spin_unlock(&unix_table_lock); out_up: mutex_unlock(&u->readlock); out: return err; out_mknod_dput: dput(dentry); out_mknod_unlock: mutex_unlock(&nd.dentry->d_inode->i_mutex); path_release(&nd); out_mknod_parent: if (err==-EEXIST) err=-EADDRINUSE; unix_release_addr(addr); goto out_up; }",linux-2.6,,,161923557985173700813861575923446417470,0 4020,['CWE-362'],"int audit_compare_dname_path(const char *dname, const char *path, int *dirlen) { int dlen, plen; const char *p; if (!dname || !path) return 1; dlen = strlen(dname); plen = strlen(path); if (plen < dlen) return 1; p = path + plen - 1; while ((*p == '/') && (p > path)) p--; p = p - dlen + 1; if (p < path) return 1; else if (p > path) { if (*--p != '/') return 1; else p++; } if (dirlen) *dirlen = p - path; return strncmp(p, dname, dlen); }",linux-2.6,,,335389654084182352799445713972795829162,0 3963,CWE-20,"netscreen_seek_read(wtap *wth, gint64 seek_off, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info) { int pkt_len; char line[NETSCREEN_LINE_LENGTH]; char cap_int[NETSCREEN_MAX_INT_NAME_LENGTH]; gboolean cap_dir; char cap_dst[13]; if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1) { return FALSE; } if (file_gets(line, NETSCREEN_LINE_LENGTH, wth->random_fh) == NULL) { *err = file_error(wth->random_fh, err_info); if (*err == 0) { *err = WTAP_ERR_SHORT_READ; } return FALSE; } pkt_len = parse_netscreen_rec_hdr(phdr, line, cap_int, &cap_dir, cap_dst, err, err_info); if (pkt_len == -1) return FALSE; if (!parse_netscreen_hex_dump(wth->random_fh, pkt_len, cap_int, cap_dst, phdr, buf, err, err_info)) return FALSE; return TRUE; }",visit repo url,wiretap/netscreen.c,https://github.com/wireshark/wireshark,190627484194574,1 5749,CWE-416,"static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet) { packet->parsed_lines = 0, packet->empty_line_position_set = 0, packet->host_line.ptr = NULL, packet->host_line.len = 0, packet->referer_line.ptr = NULL, packet->referer_line.len = 0, packet->content_line.ptr = NULL, packet->content_line.len = 0, packet->accept_line.ptr = NULL, packet->accept_line.len = 0, packet->user_agent_line.ptr = NULL, packet->user_agent_line.len = 0, packet->http_url_name.ptr = NULL, packet->http_url_name.len = 0, packet->http_encoding.ptr = NULL, packet->http_encoding.len = 0, packet->http_transfer_encoding.ptr = NULL, packet->http_transfer_encoding.len = 0, packet->http_contentlen.ptr = NULL, packet->http_contentlen.len = 0, packet->http_cookie.ptr = NULL, packet->http_cookie.len = 0, packet->http_origin.len = 0, packet->http_origin.ptr = NULL, packet->http_x_session_type.ptr = NULL, packet->http_x_session_type.len = 0, packet->server_line.ptr = NULL, packet->server_line.len = 0, packet->http_method.ptr = NULL, packet->http_method.len = 0, packet->http_response.ptr = NULL, packet->http_response.len = 0, packet->http_num_headers = 0; }",visit repo url,src/lib/ndpi_main.c,https://github.com/ntop/nDPI,160581763400730,1 3147,['CWE-189'],"jpc_mqdec_t *jpc_mqdec_create(int maxctxs, jas_stream_t *in) { jpc_mqdec_t *mqdec; assert(maxctxs > 0); if (!(mqdec = jas_malloc(sizeof(jpc_mqdec_t)))) { goto error; } mqdec->in = in; mqdec->maxctxs = maxctxs; if (!(mqdec->ctxs = jas_alloc2(mqdec->maxctxs, sizeof(jpc_mqstate_t *)))) { goto error; } mqdec->curctx = mqdec->ctxs; if (mqdec->in) { jpc_mqdec_init(mqdec); } jpc_mqdec_setctxs(mqdec, 0, 0); return mqdec; error: if (mqdec) { jpc_mqdec_destroy(mqdec); } return 0; }",jasper,,,133312059871250828536284494295805951586,0 221,[],"static int atalk_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) { struct sockaddr_at sat; struct sock *sk = sock->sk; struct atalk_sock *at = at_sk(sk); if (sk->sk_zapped) if (atalk_autobind(sk) < 0) return -ENOBUFS; *uaddr_len = sizeof(struct sockaddr_at); if (peer) { if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; sat.sat_addr.s_net = at->dest_net; sat.sat_addr.s_node = at->dest_node; sat.sat_port = at->dest_port; } else { sat.sat_addr.s_net = at->src_net; sat.sat_addr.s_node = at->src_node; sat.sat_port = at->src_port; } sat.sat_family = AF_APPLETALK; memcpy(uaddr, &sat, sizeof(sat)); return 0; }",history,,,309219724423775586815696543162629370532,0 3332,CWE-119,"flac_read_loop (SF_PRIVATE *psf, unsigned len) { FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ; pflac->pos = 0 ; pflac->len = len ; pflac->remain = len ; if (pflac->frame != NULL && pflac->bufferpos < pflac->frame->header.blocksize) flac_buffer_copy (psf) ; while (pflac->pos < pflac->len) { if (FLAC__stream_decoder_process_single (pflac->fsd) == 0) break ; if (FLAC__stream_decoder_get_state (pflac->fsd) >= FLAC__STREAM_DECODER_END_OF_STREAM) break ; } ; pflac->ptr = NULL ; return pflac->pos ; } ",visit repo url,src/flac.c,https://github.com/erikd/libsndfile,8222184598552,1 783,CWE-20,"static int pfkey_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct pfkey_sock *pfk = pfkey_sk(sk); struct sk_buff *skb; int copied, err; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) goto out; msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); err = (flags & MSG_TRUNC) ? skb->len : copied; if (pfk->dump.dump != NULL && 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) pfkey_do_dump(pfk); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/key/af_key.c,https://github.com/torvalds/linux,186000895945295,1 1370,CWE-310,"static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, struct btrfs_fs_info *fs_info, struct btrfs_pending_snapshot *pending) { struct btrfs_key key; struct btrfs_root_item *new_root_item; struct btrfs_root *tree_root = fs_info->tree_root; struct btrfs_root *root = pending->root; struct btrfs_root *parent_root; struct btrfs_block_rsv *rsv; struct inode *parent_inode; struct btrfs_path *path; struct btrfs_dir_item *dir_item; struct dentry *parent; struct dentry *dentry; struct extent_buffer *tmp; struct extent_buffer *old; struct timespec cur_time = CURRENT_TIME; int ret; u64 to_reserve = 0; u64 index = 0; u64 objectid; u64 root_flags; uuid_le new_uuid; path = btrfs_alloc_path(); if (!path) { ret = pending->error = -ENOMEM; goto path_alloc_fail; } new_root_item = kmalloc(sizeof(*new_root_item), GFP_NOFS); if (!new_root_item) { ret = pending->error = -ENOMEM; goto root_item_alloc_fail; } ret = btrfs_find_free_objectid(tree_root, &objectid); if (ret) { pending->error = ret; goto no_free_objectid; } btrfs_reloc_pre_snapshot(trans, pending, &to_reserve); if (to_reserve > 0) { ret = btrfs_block_rsv_add(root, &pending->block_rsv, to_reserve, BTRFS_RESERVE_NO_FLUSH); if (ret) { pending->error = ret; goto no_free_objectid; } } ret = btrfs_qgroup_inherit(trans, fs_info, root->root_key.objectid, objectid, pending->inherit); if (ret) { pending->error = ret; goto no_free_objectid; } key.objectid = objectid; key.offset = (u64)-1; key.type = BTRFS_ROOT_ITEM_KEY; rsv = trans->block_rsv; trans->block_rsv = &pending->block_rsv; dentry = pending->dentry; parent = dget_parent(dentry); parent_inode = parent->d_inode; parent_root = BTRFS_I(parent_inode)->root; record_root_in_trans(trans, parent_root); ret = btrfs_set_inode_index(parent_inode, &index); BUG_ON(ret); dir_item = btrfs_lookup_dir_item(NULL, parent_root, path, btrfs_ino(parent_inode), dentry->d_name.name, dentry->d_name.len, 0); if (dir_item != NULL && !IS_ERR(dir_item)) { pending->error = -EEXIST; goto fail; } else if (IS_ERR(dir_item)) { ret = PTR_ERR(dir_item); btrfs_abort_transaction(trans, root, ret); goto fail; } btrfs_release_path(path); ret = btrfs_run_delayed_items(trans, root); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } record_root_in_trans(trans, root); btrfs_set_root_last_snapshot(&root->root_item, trans->transid); memcpy(new_root_item, &root->root_item, sizeof(*new_root_item)); btrfs_check_and_init_root_item(new_root_item); root_flags = btrfs_root_flags(new_root_item); if (pending->readonly) root_flags |= BTRFS_ROOT_SUBVOL_RDONLY; else root_flags &= ~BTRFS_ROOT_SUBVOL_RDONLY; btrfs_set_root_flags(new_root_item, root_flags); btrfs_set_root_generation_v2(new_root_item, trans->transid); uuid_le_gen(&new_uuid); memcpy(new_root_item->uuid, new_uuid.b, BTRFS_UUID_SIZE); memcpy(new_root_item->parent_uuid, root->root_item.uuid, BTRFS_UUID_SIZE); new_root_item->otime.sec = cpu_to_le64(cur_time.tv_sec); new_root_item->otime.nsec = cpu_to_le32(cur_time.tv_nsec); btrfs_set_root_otransid(new_root_item, trans->transid); memset(&new_root_item->stime, 0, sizeof(new_root_item->stime)); memset(&new_root_item->rtime, 0, sizeof(new_root_item->rtime)); btrfs_set_root_stransid(new_root_item, 0); btrfs_set_root_rtransid(new_root_item, 0); old = btrfs_lock_root_node(root); ret = btrfs_cow_block(trans, root, old, NULL, 0, &old); if (ret) { btrfs_tree_unlock(old); free_extent_buffer(old); btrfs_abort_transaction(trans, root, ret); goto fail; } btrfs_set_lock_blocking(old); ret = btrfs_copy_root(trans, root, old, &tmp, objectid); btrfs_tree_unlock(old); free_extent_buffer(old); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } root->force_cow = 1; smp_wmb(); btrfs_set_root_node(new_root_item, tmp); key.offset = trans->transid; ret = btrfs_insert_root(trans, tree_root, &key, new_root_item); btrfs_tree_unlock(tmp); free_extent_buffer(tmp); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } ret = btrfs_add_root_ref(trans, tree_root, objectid, parent_root->root_key.objectid, btrfs_ino(parent_inode), index, dentry->d_name.name, dentry->d_name.len); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } key.offset = (u64)-1; pending->snap = btrfs_read_fs_root_no_name(root->fs_info, &key); if (IS_ERR(pending->snap)) { ret = PTR_ERR(pending->snap); btrfs_abort_transaction(trans, root, ret); goto fail; } ret = btrfs_reloc_post_snapshot(trans, pending); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } ret = btrfs_run_delayed_refs(trans, root, (unsigned long)-1); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } ret = btrfs_insert_dir_item(trans, parent_root, dentry->d_name.name, dentry->d_name.len, parent_inode, &key, BTRFS_FT_DIR, index); BUG_ON(ret == -EEXIST); if (ret) { btrfs_abort_transaction(trans, root, ret); goto fail; } btrfs_i_size_write(parent_inode, parent_inode->i_size + dentry->d_name.len * 2); parent_inode->i_mtime = parent_inode->i_ctime = CURRENT_TIME; ret = btrfs_update_inode_fallback(trans, parent_root, parent_inode); if (ret) btrfs_abort_transaction(trans, root, ret); fail: dput(parent); trans->block_rsv = rsv; no_free_objectid: kfree(new_root_item); root_item_alloc_fail: btrfs_free_path(path); path_alloc_fail: btrfs_block_rsv_release(root, &pending->block_rsv, (u64)-1); return ret; }",visit repo url,fs/btrfs/transaction.c,https://github.com/torvalds/linux,89099811017743,1 5348,CWE-668,"do_encrypt (const RIJNDAEL_context *ctx, unsigned char *bx, const unsigned char *ax) { #ifdef USE_AMD64_ASM return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT); #elif defined(USE_ARM_ASM) return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT); #else return do_encrypt_fn (ctx, bx, ax); #endif }",visit repo url,cipher/rijndael.c,https://github.com/gpg/libgcrypt,27603744884951,1 6127,['CWE-200'],"int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr) { struct inet6_dev *idev; int err = -EADDRNOTAVAIL; read_lock(&addrconf_lock); if ((idev = __in6_dev_get(dev)) != NULL) { struct inet6_ifaddr *ifp; read_lock_bh(&idev->lock); for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) { if (ifp->scope == IFA_LINK && !(ifp->flags&IFA_F_TENTATIVE)) { ipv6_addr_copy(addr, &ifp->addr); err = 0; break; } } read_unlock_bh(&idev->lock); } read_unlock(&addrconf_lock); return err; }",linux-2.6,,,16590486123514003331835837938406707356,0 458,[],"pfm_do_fasync(int fd, struct file *filp, pfm_context_t *ctx, int on) { int ret; ret = fasync_helper (fd, filp, on, &ctx->ctx_async_queue); DPRINT((""pfm_fasync called by [%d] on ctx_fd=%d on=%d async_queue=%p ret=%d\n"", current->pid, fd, on, ctx->ctx_async_queue, ret)); return ret; }",linux-2.6,,,143707153911606405842779313380528224908,0 5302,['CWE-119'],"static int tun_validate(struct nlattr *tb[], struct nlattr *data[]) { return -EINVAL; }",linux-2.6,,,69321590864681658366989178970438337306,0 1046,CWE-476,"static void ftrace_syscall_enter(void *data, struct pt_regs *regs, long id) { struct trace_array *tr = data; struct ftrace_event_file *ftrace_file; struct syscall_trace_enter *entry; struct syscall_metadata *sys_data; struct ring_buffer_event *event; struct ring_buffer *buffer; unsigned long irq_flags; int pc; int syscall_nr; int size; syscall_nr = trace_get_syscall_nr(current, regs); if (syscall_nr < 0) return; ftrace_file = rcu_dereference_sched(tr->enter_syscall_files[syscall_nr]); if (!ftrace_file) return; if (ftrace_trigger_soft_disabled(ftrace_file)) return; sys_data = syscall_nr_to_meta(syscall_nr); if (!sys_data) return; size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args; local_save_flags(irq_flags); pc = preempt_count(); buffer = tr->trace_buffer.buffer; event = trace_buffer_lock_reserve(buffer, sys_data->enter_event->event.type, size, irq_flags, pc); if (!event) return; entry = ring_buffer_event_data(event); entry->nr = syscall_nr; syscall_get_arguments(current, regs, 0, sys_data->nb_args, entry->args); event_trigger_unlock_commit(ftrace_file, buffer, event, entry, irq_flags, pc); }",visit repo url,kernel/trace/trace_syscalls.c,https://github.com/torvalds/linux,176360789674294,1 4514,CWE-401,"static void svg_parse_preserveaspectratio(SVG_PreserveAspectRatio *par, char *attribute_content, GF_Err *out_e) { char *content = attribute_content; while (*content == ' ') content++; if (strstr(content, ""defer"")) { par->defer = 1; content += 4; } else { content = attribute_content; } while (*content == ' ') content++; if (strstr(content, ""none"")) { par->align = SVG_PRESERVEASPECTRATIO_NONE; content+=4; } else if (strstr(content, ""xMinYMin"")) { par->align = SVG_PRESERVEASPECTRATIO_XMINYMIN; content+=8; } else if (strstr(content, ""xMidYMin"")) { par->align = SVG_PRESERVEASPECTRATIO_XMIDYMIN; content+=8; } else if (strstr(content, ""xMaxYMin"")) { par->align = SVG_PRESERVEASPECTRATIO_XMAXYMIN; content+=8; } else if (strstr(content, ""xMinYMid"")) { par->align = SVG_PRESERVEASPECTRATIO_XMINYMID; content+=8; } else if (strstr(content, ""xMidYMid"")) { par->align = SVG_PRESERVEASPECTRATIO_XMIDYMID; content+=8; } else if (strstr(content, ""xMaxYMid"")) { par->align = SVG_PRESERVEASPECTRATIO_XMAXYMID; content+=8; } else if (strstr(content, ""xMinYMax"")) { par->align = SVG_PRESERVEASPECTRATIO_XMINYMAX; content+=8; } else if (strstr(content, ""xMidYMax"")) { par->align = SVG_PRESERVEASPECTRATIO_XMIDYMAX; content+=8; } else if (strstr(content, ""xMaxYMax"")) { par->align = SVG_PRESERVEASPECTRATIO_XMAXYMAX; content+=8; } else { *out_e = GF_NON_COMPLIANT_BITSTREAM; } while (*content == ' ') content++; if (*content == 0) return; if (strstr(content, ""meet"")) { par->meetOrSlice = SVG_MEETORSLICE_MEET; } else if (strstr(content, ""slice"")) { par->meetOrSlice = SVG_MEETORSLICE_SLICE; } else { *out_e = GF_NON_COMPLIANT_BITSTREAM; } }",visit repo url,src/scenegraph/svg_attributes.c,https://github.com/gpac/gpac,68727043661889,1 594,CWE-264,"void *arm_dma_alloc(struct device *dev, size_t size, dma_addr_t *handle, gfp_t gfp, struct dma_attrs *attrs) { pgprot_t prot = __get_dma_pgprot(attrs, pgprot_kernel); void *memory; if (dma_alloc_from_coherent(dev, size, handle, &memory)) return memory; return __dma_alloc(dev, size, handle, gfp, prot, false, __builtin_return_address(0)); }",visit repo url,arch/arm/mm/dma-mapping.c,https://github.com/torvalds/linux,163217910290003,1 3630,['CWE-287'],"void sctp_assoc_migrate(struct sctp_association *assoc, struct sock *newsk) { struct sctp_sock *newsp = sctp_sk(newsk); struct sock *oldsk = assoc->base.sk; list_del_init(&assoc->asocs); if (sctp_style(oldsk, TCP)) oldsk->sk_ack_backlog--; sctp_endpoint_put(assoc->ep); sock_put(assoc->base.sk); assoc->ep = newsp->ep; sctp_endpoint_hold(assoc->ep); assoc->base.sk = newsk; sock_hold(assoc->base.sk); sctp_endpoint_add_asoc(newsp->ep, assoc); }",linux-2.6,,,266165716865783178007327613076342982301,0 3549,['CWE-20'],"static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, union sctp_params param, struct sctp_chunk *chunk, struct sctp_chunk **errp) { int retval = SCTP_IERROR_NO_ERROR; switch (param.p->type & SCTP_PARAM_ACTION_MASK) { case SCTP_PARAM_ACTION_DISCARD: retval = SCTP_IERROR_ERROR; break; case SCTP_PARAM_ACTION_SKIP: break; case SCTP_PARAM_ACTION_DISCARD_ERR: retval = SCTP_IERROR_ERROR; case SCTP_PARAM_ACTION_SKIP_ERR: if (NULL == *errp) *errp = sctp_make_op_error_space(asoc, chunk, ntohs(chunk->chunk_hdr->length)); if (*errp) { sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, WORD_ROUND(ntohs(param.p->length))); sctp_addto_chunk(*errp, WORD_ROUND(ntohs(param.p->length)), param.v); } else { retval = SCTP_IERROR_NOMEM; } break; default: break; } return retval; }",linux-2.6,,,206722250971917514421314894850346534621,0 1822,[],"void aggregate_get_down(struct task_group *tg, struct sched_domain *sd) { aggregate_group_weight(tg, sd); aggregate_group_shares(tg, sd); aggregate_group_load(tg, sd); }",linux-2.6,,,245504210721897816987233825122101434391,0 6441,CWE-20,"error_t httpClientSetQueryString(HttpClientContext *context, const char_t *queryString) { size_t m; size_t n; char_t *p; char_t *q; if(context == NULL || queryString == NULL) return ERROR_INVALID_PARAMETER; if(context->requestState != HTTP_REQ_STATE_FORMAT_HEADER) return ERROR_WRONG_STATE; if(context->bufferLen > HTTP_CLIENT_BUFFER_SIZE) return ERROR_INVALID_SYNTAX; context->buffer[context->bufferLen] = '\0'; p = strchr(context->buffer, ' '); if(p == NULL) return ERROR_INVALID_SYNTAX; p = strpbrk(p + 1, "" ?""); if(p == NULL) return ERROR_INVALID_SYNTAX; if(*p == '?') { q = strchr(p + 1, ' '); if(q == NULL) return ERROR_INVALID_SYNTAX; m = q - p; } else { q = p; m = 0; } n = osStrlen(queryString); if(n == 0) { osMemmove(p, p + m, context->buffer + context->bufferLen + 1 - q); } else { n++; if((context->bufferLen + n - m) > HTTP_CLIENT_BUFFER_SIZE) return ERROR_BUFFER_OVERFLOW; osMemmove(p + n, q, context->buffer + context->bufferLen + 1 - q); p[0] = '?'; osStrncpy(p + 1, queryString, n - 1); } context->bufferLen = context->bufferLen + n - m; return NO_ERROR; }",visit repo url,http/http_client.c,https://github.com/Oryx-Embedded/CycloneTCP,275486189833395,1 581,CWE-264,"int fib6_add(struct fib6_node *root, struct rt6_info *rt, struct nl_info *info) { struct fib6_node *fn, *pn = NULL; int err = -ENOMEM; int allow_create = 1; int replace_required = 0; if (info->nlh) { if (!(info->nlh->nlmsg_flags & NLM_F_CREATE)) allow_create = 0; if (info->nlh->nlmsg_flags & NLM_F_REPLACE) replace_required = 1; } if (!allow_create && !replace_required) pr_warn(""RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE\n""); fn = fib6_add_1(root, &rt->rt6i_dst.addr, rt->rt6i_dst.plen, offsetof(struct rt6_info, rt6i_dst), allow_create, replace_required); if (IS_ERR(fn)) { err = PTR_ERR(fn); goto out; } pn = fn; #ifdef CONFIG_IPV6_SUBTREES if (rt->rt6i_src.plen) { struct fib6_node *sn; if (!fn->subtree) { struct fib6_node *sfn; sfn = node_alloc(); if (!sfn) goto st_failure; sfn->leaf = info->nl_net->ipv6.ip6_null_entry; atomic_inc(&info->nl_net->ipv6.ip6_null_entry->rt6i_ref); sfn->fn_flags = RTN_ROOT; sfn->fn_sernum = fib6_new_sernum(); sn = fib6_add_1(sfn, &rt->rt6i_src.addr, rt->rt6i_src.plen, offsetof(struct rt6_info, rt6i_src), allow_create, replace_required); if (IS_ERR(sn)) { node_free(sfn); err = PTR_ERR(sn); goto st_failure; } sfn->parent = fn; fn->subtree = sfn; } else { sn = fib6_add_1(fn->subtree, &rt->rt6i_src.addr, rt->rt6i_src.plen, offsetof(struct rt6_info, rt6i_src), allow_create, replace_required); if (IS_ERR(sn)) { err = PTR_ERR(sn); goto st_failure; } } if (!fn->leaf) { fn->leaf = rt; atomic_inc(&rt->rt6i_ref); } fn = sn; } #endif err = fib6_add_rt2node(fn, rt, info); if (!err) { fib6_start_gc(info->nl_net, rt); if (!(rt->rt6i_flags & RTF_CACHE)) fib6_prune_clones(info->nl_net, pn, rt); } out: if (err) { #ifdef CONFIG_IPV6_SUBTREES if (pn != fn && pn->leaf == rt) { pn->leaf = NULL; atomic_dec(&rt->rt6i_ref); } if (pn != fn && !pn->leaf && !(pn->fn_flags & RTN_RTINFO)) { pn->leaf = fib6_find_prefix(info->nl_net, pn); #if RT6_DEBUG >= 2 if (!pn->leaf) { WARN_ON(pn->leaf == NULL); pn->leaf = info->nl_net->ipv6.ip6_null_entry; } #endif atomic_inc(&pn->leaf->rt6i_ref); } #endif dst_free(&rt->dst); } return err; #ifdef CONFIG_IPV6_SUBTREES st_failure: if (fn && !(fn->fn_flags & (RTN_RTINFO|RTN_ROOT))) fib6_repair_tree(info->nl_net, fn); dst_free(&rt->dst); return err; #endif }",visit repo url,net/ipv6/ip6_fib.c,https://github.com/torvalds/linux,70720950528870,1 3595,CWE-476,"static int jp2_pclr_putdata(jp2_box_t *box, jas_stream_t *out) { #if 0 jp2_pclr_t *pclr = &box->data.pclr; #endif box = 0; out = 0; return -1; }",visit repo url,src/libjasper/jp2/jp2_cod.c,https://github.com/mdadams/jasper,79354166029333,1 1863,CWE-787,"int smb2_open(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; struct ksmbd_session *sess = work->sess; struct ksmbd_tree_connect *tcon = work->tcon; struct smb2_create_req *req; struct smb2_create_rsp *rsp; struct path path; struct ksmbd_share_config *share = tcon->share_conf; struct ksmbd_file *fp = NULL; struct file *filp = NULL; struct user_namespace *user_ns = NULL; struct kstat stat; struct create_context *context; struct lease_ctx_info *lc = NULL; struct create_ea_buf_req *ea_buf = NULL; struct oplock_info *opinfo; __le32 *next_ptr = NULL; int req_op_level = 0, open_flags = 0, may_flags = 0, file_info = 0; int rc = 0; int contxt_cnt = 0, query_disk_id = 0; int maximal_access_ctxt = 0, posix_ctxt = 0; int s_type = 0; int next_off = 0; char *name = NULL; char *stream_name = NULL; bool file_present = false, created = false, already_permitted = false; int share_ret, need_truncate = 0; u64 time; umode_t posix_mode = 0; __le32 daccess, maximal_access = 0; WORK_BUFFERS(work, req, rsp); if (req->hdr.NextCommand && !work->next_smb2_rcv_hdr_off && (req->hdr.Flags & SMB2_FLAGS_RELATED_OPERATIONS)) { ksmbd_debug(SMB, ""invalid flag in chained command\n""); rsp->hdr.Status = STATUS_INVALID_PARAMETER; smb2_set_err_rsp(work); return -EINVAL; } if (test_share_config_flag(share, KSMBD_SHARE_FLAG_PIPE)) { ksmbd_debug(SMB, ""IPC pipe create request\n""); return create_smb2_pipe(work); } if (req->NameLength) { if ((req->CreateOptions & FILE_DIRECTORY_FILE_LE) && *(char *)req->Buffer == '\\') { pr_err(""not allow directory name included leading slash\n""); rc = -EINVAL; goto err_out1; } name = smb2_get_name(req->Buffer, le16_to_cpu(req->NameLength), work->conn->local_nls); if (IS_ERR(name)) { rc = PTR_ERR(name); if (rc != -ENOMEM) rc = -ENOENT; name = NULL; goto err_out1; } ksmbd_debug(SMB, ""converted name = %s\n"", name); if (strchr(name, ':')) { if (!test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_STREAMS)) { rc = -EBADF; goto err_out1; } rc = parse_stream_name(name, &stream_name, &s_type); if (rc < 0) goto err_out1; } rc = ksmbd_validate_filename(name); if (rc < 0) goto err_out1; if (ksmbd_share_veto_filename(share, name)) { rc = -ENOENT; ksmbd_debug(SMB, ""Reject open(), vetoed file: %s\n"", name); goto err_out1; } } else { name = kstrdup("""", GFP_KERNEL); if (!name) { rc = -ENOMEM; goto err_out1; } } req_op_level = req->RequestedOplockLevel; if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) lc = parse_lease_state(req); if (le32_to_cpu(req->ImpersonationLevel) > le32_to_cpu(IL_DELEGATE)) { pr_err(""Invalid impersonationlevel : 0x%x\n"", le32_to_cpu(req->ImpersonationLevel)); rc = -EIO; rsp->hdr.Status = STATUS_BAD_IMPERSONATION_LEVEL; goto err_out1; } if (req->CreateOptions && !(req->CreateOptions & CREATE_OPTIONS_MASK_LE)) { pr_err(""Invalid create options : 0x%x\n"", le32_to_cpu(req->CreateOptions)); rc = -EINVAL; goto err_out1; } else { if (req->CreateOptions & FILE_SEQUENTIAL_ONLY_LE && req->CreateOptions & FILE_RANDOM_ACCESS_LE) req->CreateOptions = ~(FILE_SEQUENTIAL_ONLY_LE); if (req->CreateOptions & (FILE_OPEN_BY_FILE_ID_LE | CREATE_TREE_CONNECTION | FILE_RESERVE_OPFILTER_LE)) { rc = -EOPNOTSUPP; goto err_out1; } if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) { if (req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE) { rc = -EINVAL; goto err_out1; } else if (req->CreateOptions & FILE_NO_COMPRESSION_LE) { req->CreateOptions = ~(FILE_NO_COMPRESSION_LE); } } } if (le32_to_cpu(req->CreateDisposition) > le32_to_cpu(FILE_OVERWRITE_IF_LE)) { pr_err(""Invalid create disposition : 0x%x\n"", le32_to_cpu(req->CreateDisposition)); rc = -EINVAL; goto err_out1; } if (!(req->DesiredAccess & DESIRED_ACCESS_MASK)) { pr_err(""Invalid desired access : 0x%x\n"", le32_to_cpu(req->DesiredAccess)); rc = -EACCES; goto err_out1; } if (req->FileAttributes && !(req->FileAttributes & FILE_ATTRIBUTE_MASK_LE)) { pr_err(""Invalid file attribute : 0x%x\n"", le32_to_cpu(req->FileAttributes)); rc = -EINVAL; goto err_out1; } if (req->CreateContextsOffset) { context = smb2_find_context_vals(req, SMB2_CREATE_EA_BUFFER); if (IS_ERR(context)) { rc = PTR_ERR(context); goto err_out1; } else if (context) { ea_buf = (struct create_ea_buf_req *)context; if (le16_to_cpu(context->DataOffset) + le32_to_cpu(context->DataLength) < sizeof(struct create_ea_buf_req)) { rc = -EINVAL; goto err_out1; } if (req->CreateOptions & FILE_NO_EA_KNOWLEDGE_LE) { rsp->hdr.Status = STATUS_ACCESS_DENIED; rc = -EACCES; goto err_out1; } } context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST); if (IS_ERR(context)) { rc = PTR_ERR(context); goto err_out1; } else if (context) { ksmbd_debug(SMB, ""get query maximal access context\n""); maximal_access_ctxt = 1; } context = smb2_find_context_vals(req, SMB2_CREATE_TIMEWARP_REQUEST); if (IS_ERR(context)) { rc = PTR_ERR(context); goto err_out1; } else if (context) { ksmbd_debug(SMB, ""get timewarp context\n""); rc = -EBADF; goto err_out1; } if (tcon->posix_extensions) { context = smb2_find_context_vals(req, SMB2_CREATE_TAG_POSIX); if (IS_ERR(context)) { rc = PTR_ERR(context); goto err_out1; } else if (context) { struct create_posix *posix = (struct create_posix *)context; if (le16_to_cpu(context->DataOffset) + le32_to_cpu(context->DataLength) < sizeof(struct create_posix) - 4) { rc = -EINVAL; goto err_out1; } ksmbd_debug(SMB, ""get posix context\n""); posix_mode = le32_to_cpu(posix->Mode); posix_ctxt = 1; } } } if (ksmbd_override_fsids(work)) { rc = -ENOMEM; goto err_out1; } rc = ksmbd_vfs_kern_path(work, name, LOOKUP_NO_SYMLINKS, &path, 1); if (!rc) { if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE) { if (req->CreateDisposition == FILE_OVERWRITE_IF_LE || req->CreateDisposition == FILE_OPEN_IF_LE) { rc = -EACCES; path_put(&path); goto err_out; } if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, ""User does not have write permission\n""); rc = -EACCES; path_put(&path); goto err_out; } } else if (d_is_symlink(path.dentry)) { rc = -EACCES; path_put(&path); goto err_out; } } if (rc) { if (rc != -ENOENT) goto err_out; ksmbd_debug(SMB, ""can not get linux path for %s, rc = %d\n"", name, rc); rc = 0; } else { file_present = true; user_ns = mnt_user_ns(path.mnt); generic_fillattr(user_ns, d_inode(path.dentry), &stat); } if (stream_name) { if (req->CreateOptions & FILE_DIRECTORY_FILE_LE) { if (s_type == DATA_STREAM) { rc = -EIO; rsp->hdr.Status = STATUS_NOT_A_DIRECTORY; } } else { if (S_ISDIR(stat.mode) && s_type == DATA_STREAM) { rc = -EIO; rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY; } } if (req->CreateOptions & FILE_DIRECTORY_FILE_LE && req->FileAttributes & FILE_ATTRIBUTE_NORMAL_LE) { rsp->hdr.Status = STATUS_NOT_A_DIRECTORY; rc = -EIO; } if (rc < 0) goto err_out; } if (file_present && req->CreateOptions & FILE_NON_DIRECTORY_FILE_LE && S_ISDIR(stat.mode) && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { ksmbd_debug(SMB, ""open() argument is a directory: %s, %x\n"", name, req->CreateOptions); rsp->hdr.Status = STATUS_FILE_IS_A_DIRECTORY; rc = -EIO; goto err_out; } if (file_present && (req->CreateOptions & FILE_DIRECTORY_FILE_LE) && !(req->CreateDisposition == FILE_CREATE_LE) && !S_ISDIR(stat.mode)) { rsp->hdr.Status = STATUS_NOT_A_DIRECTORY; rc = -EIO; goto err_out; } if (!stream_name && file_present && req->CreateDisposition == FILE_CREATE_LE) { rc = -EEXIST; goto err_out; } daccess = smb_map_generic_desired_access(req->DesiredAccess); if (file_present && !(req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { rc = smb_check_perm_dacl(conn, &path, &daccess, sess->user->uid); if (rc) goto err_out; } if (daccess & FILE_MAXIMAL_ACCESS_LE) { if (!file_present) { daccess = cpu_to_le32(GENERIC_ALL_FLAGS); } else { rc = ksmbd_vfs_query_maximal_access(user_ns, path.dentry, &daccess); if (rc) goto err_out; already_permitted = true; } maximal_access = daccess; } open_flags = smb2_create_open_flags(file_present, daccess, req->CreateDisposition, &may_flags); if (!test_tree_conn_flag(tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { if (open_flags & O_CREAT) { ksmbd_debug(SMB, ""User does not have write permission\n""); rc = -EACCES; goto err_out; } } if (!file_present) { rc = smb2_creat(work, &path, name, open_flags, posix_mode, req->CreateOptions & FILE_DIRECTORY_FILE_LE); if (rc) { if (rc == -ENOENT) { rc = -EIO; rsp->hdr.Status = STATUS_OBJECT_PATH_NOT_FOUND; } goto err_out; } created = true; user_ns = mnt_user_ns(path.mnt); if (ea_buf) { if (le32_to_cpu(ea_buf->ccontext.DataLength) < sizeof(struct smb2_ea_info)) { rc = -EINVAL; goto err_out; } rc = smb2_set_ea(&ea_buf->ea, le32_to_cpu(ea_buf->ccontext.DataLength), &path); if (rc == -EOPNOTSUPP) rc = 0; else if (rc) goto err_out; } } else if (!already_permitted) { if (daccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_READ_CONTROL_LE)) { rc = inode_permission(user_ns, d_inode(path.dentry), may_flags); if (rc) goto err_out; if ((daccess & FILE_DELETE_LE) || (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE)) { rc = ksmbd_vfs_may_delete(user_ns, path.dentry); if (rc) goto err_out; } } } rc = ksmbd_query_inode_status(d_inode(path.dentry->d_parent)); if (rc == KSMBD_INODE_STATUS_PENDING_DELETE) { rc = -EBUSY; goto err_out; } rc = 0; filp = dentry_open(&path, open_flags, current_cred()); if (IS_ERR(filp)) { rc = PTR_ERR(filp); pr_err(""dentry open for dir failed, rc %d\n"", rc); goto err_out; } if (file_present) { if (!(open_flags & O_TRUNC)) file_info = FILE_OPENED; else file_info = FILE_OVERWRITTEN; if ((req->CreateDisposition & FILE_CREATE_MASK_LE) == FILE_SUPERSEDE_LE) file_info = FILE_SUPERSEDED; } else if (open_flags & O_CREAT) { file_info = FILE_CREATED; } ksmbd_vfs_set_fadvise(filp, req->CreateOptions); fp = ksmbd_open_fd(work, filp); if (IS_ERR(fp)) { fput(filp); rc = PTR_ERR(fp); fp = NULL; goto err_out; } ksmbd_open_durable_fd(fp); if (!has_file_id(fp->persistent_id)) { rc = -ENOMEM; goto err_out; } fp->cdoption = req->CreateDisposition; fp->daccess = daccess; fp->saccess = req->ShareAccess; fp->coption = req->CreateOptions; if (created) { int posix_acl_rc; struct inode *inode = d_inode(path.dentry); posix_acl_rc = ksmbd_vfs_inherit_posix_acl(user_ns, inode, d_inode(path.dentry->d_parent)); if (posix_acl_rc) ksmbd_debug(SMB, ""inherit posix acl failed : %d\n"", posix_acl_rc); if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) { rc = smb_inherit_dacl(conn, &path, sess->user->uid, sess->user->gid); } if (rc) { rc = smb2_create_sd_buffer(work, req, &path); if (rc) { if (posix_acl_rc) ksmbd_vfs_set_init_posix_acl(user_ns, inode); if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) { struct smb_fattr fattr; struct smb_ntsd *pntsd; int pntsd_size, ace_num = 0; ksmbd_acls_fattr(&fattr, user_ns, inode); if (fattr.cf_acls) ace_num = fattr.cf_acls->a_count; if (fattr.cf_dacls) ace_num += fattr.cf_dacls->a_count; pntsd = kmalloc(sizeof(struct smb_ntsd) + sizeof(struct smb_sid) * 3 + sizeof(struct smb_acl) + sizeof(struct smb_ace) * ace_num * 2, GFP_KERNEL); if (!pntsd) goto err_out; rc = build_sec_desc(user_ns, pntsd, NULL, OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO, &pntsd_size, &fattr); posix_acl_release(fattr.cf_acls); posix_acl_release(fattr.cf_dacls); if (rc) { kfree(pntsd); goto err_out; } rc = ksmbd_vfs_set_sd_xattr(conn, user_ns, path.dentry, pntsd, pntsd_size); kfree(pntsd); if (rc) pr_err(""failed to store ntacl in xattr : %d\n"", rc); } } } rc = 0; } if (stream_name) { rc = smb2_set_stream_name_xattr(&path, fp, stream_name, s_type); if (rc) goto err_out; file_info = FILE_CREATED; } fp->attrib_only = !(req->DesiredAccess & ~(FILE_READ_ATTRIBUTES_LE | FILE_WRITE_ATTRIBUTES_LE | FILE_SYNCHRONIZE_LE)); if (!S_ISDIR(file_inode(filp)->i_mode) && open_flags & O_TRUNC && !fp->attrib_only && !stream_name) { smb_break_all_oplock(work, fp); need_truncate = 1; } write_lock(&fp->f_ci->m_lock); list_add(&fp->node, &fp->f_ci->m_fp_list); write_unlock(&fp->f_ci->m_lock); rc = ksmbd_vfs_getattr(&path, &stat); if (rc) { generic_fillattr(user_ns, d_inode(path.dentry), &stat); rc = 0; } if (ksmbd_inode_pending_delete(fp)) { rc = -EBUSY; goto err_out; } share_ret = ksmbd_smb_check_shared_mode(fp->filp, fp); if (!test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_OPLOCKS) || (req_op_level == SMB2_OPLOCK_LEVEL_LEASE && !(conn->vals->capabilities & SMB2_GLOBAL_CAP_LEASING))) { if (share_ret < 0 && !S_ISDIR(file_inode(fp->filp)->i_mode)) { rc = share_ret; goto err_out; } } else { if (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) { req_op_level = smb2_map_lease_to_oplock(lc->req_state); ksmbd_debug(SMB, ""lease req for(%s) req oplock state 0x%x, lease state 0x%x\n"", name, req_op_level, lc->req_state); rc = find_same_lease_key(sess, fp->f_ci, lc); if (rc) goto err_out; } else if (open_flags == O_RDONLY && (req_op_level == SMB2_OPLOCK_LEVEL_BATCH || req_op_level == SMB2_OPLOCK_LEVEL_EXCLUSIVE)) req_op_level = SMB2_OPLOCK_LEVEL_II; rc = smb_grant_oplock(work, req_op_level, fp->persistent_id, fp, le32_to_cpu(req->hdr.Id.SyncId.TreeId), lc, share_ret); if (rc < 0) goto err_out; } if (req->CreateOptions & FILE_DELETE_ON_CLOSE_LE) ksmbd_fd_set_delete_on_close(fp, file_info); if (need_truncate) { rc = smb2_create_truncate(&path); if (rc) goto err_out; } if (req->CreateContextsOffset) { struct create_alloc_size_req *az_req; az_req = (struct create_alloc_size_req *)smb2_find_context_vals(req, SMB2_CREATE_ALLOCATION_SIZE); if (IS_ERR(az_req)) { rc = PTR_ERR(az_req); goto err_out; } else if (az_req) { loff_t alloc_size; int err; if (le16_to_cpu(az_req->ccontext.DataOffset) + le32_to_cpu(az_req->ccontext.DataLength) < sizeof(struct create_alloc_size_req)) { rc = -EINVAL; goto err_out; } alloc_size = le64_to_cpu(az_req->AllocationSize); ksmbd_debug(SMB, ""request smb2 create allocate size : %llu\n"", alloc_size); smb_break_all_levII_oplock(work, fp, 1); err = vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0, alloc_size); if (err < 0) ksmbd_debug(SMB, ""vfs_fallocate is failed : %d\n"", err); } context = smb2_find_context_vals(req, SMB2_CREATE_QUERY_ON_DISK_ID); if (IS_ERR(context)) { rc = PTR_ERR(context); goto err_out; } else if (context) { ksmbd_debug(SMB, ""get query on disk id context\n""); query_disk_id = 1; } } if (stat.result_mask & STATX_BTIME) fp->create_time = ksmbd_UnixTimeToNT(stat.btime); else fp->create_time = ksmbd_UnixTimeToNT(stat.ctime); if (req->FileAttributes || fp->f_ci->m_fattr == 0) fp->f_ci->m_fattr = cpu_to_le32(smb2_get_dos_mode(&stat, le32_to_cpu(req->FileAttributes))); if (!created) smb2_update_xattrs(tcon, &path, fp); else smb2_new_xattrs(tcon, &path, fp); memcpy(fp->client_guid, conn->ClientGUID, SMB2_CLIENT_GUID_SIZE); generic_fillattr(user_ns, file_inode(fp->filp), &stat); rsp->StructureSize = cpu_to_le16(89); rcu_read_lock(); opinfo = rcu_dereference(fp->f_opinfo); rsp->OplockLevel = opinfo != NULL ? opinfo->level : 0; rcu_read_unlock(); rsp->Flags = 0; rsp->CreateAction = cpu_to_le32(file_info); rsp->CreationTime = cpu_to_le64(fp->create_time); time = ksmbd_UnixTimeToNT(stat.atime); rsp->LastAccessTime = cpu_to_le64(time); time = ksmbd_UnixTimeToNT(stat.mtime); rsp->LastWriteTime = cpu_to_le64(time); time = ksmbd_UnixTimeToNT(stat.ctime); rsp->ChangeTime = cpu_to_le64(time); rsp->AllocationSize = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.blocks << 9); rsp->EndofFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size); rsp->FileAttributes = fp->f_ci->m_fattr; rsp->Reserved2 = 0; rsp->PersistentFileId = fp->persistent_id; rsp->VolatileFileId = fp->volatile_id; rsp->CreateContextsOffset = 0; rsp->CreateContextsLength = 0; inc_rfc1001_len(work->response_buf, 88); if (opinfo && opinfo->is_lease) { struct create_context *lease_ccontext; ksmbd_debug(SMB, ""lease granted on(%s) lease state 0x%x\n"", name, opinfo->o_lease->state); rsp->OplockLevel = SMB2_OPLOCK_LEVEL_LEASE; lease_ccontext = (struct create_context *)rsp->Buffer; contxt_cnt++; create_lease_buf(rsp->Buffer, opinfo->o_lease); le32_add_cpu(&rsp->CreateContextsLength, conn->vals->create_lease_size); inc_rfc1001_len(work->response_buf, conn->vals->create_lease_size); next_ptr = &lease_ccontext->Next; next_off = conn->vals->create_lease_size; } if (maximal_access_ctxt) { struct create_context *mxac_ccontext; if (maximal_access == 0) ksmbd_vfs_query_maximal_access(user_ns, path.dentry, &maximal_access); mxac_ccontext = (struct create_context *)(rsp->Buffer + le32_to_cpu(rsp->CreateContextsLength)); contxt_cnt++; create_mxac_rsp_buf(rsp->Buffer + le32_to_cpu(rsp->CreateContextsLength), le32_to_cpu(maximal_access)); le32_add_cpu(&rsp->CreateContextsLength, conn->vals->create_mxac_size); inc_rfc1001_len(work->response_buf, conn->vals->create_mxac_size); if (next_ptr) *next_ptr = cpu_to_le32(next_off); next_ptr = &mxac_ccontext->Next; next_off = conn->vals->create_mxac_size; } if (query_disk_id) { struct create_context *disk_id_ccontext; disk_id_ccontext = (struct create_context *)(rsp->Buffer + le32_to_cpu(rsp->CreateContextsLength)); contxt_cnt++; create_disk_id_rsp_buf(rsp->Buffer + le32_to_cpu(rsp->CreateContextsLength), stat.ino, tcon->id); le32_add_cpu(&rsp->CreateContextsLength, conn->vals->create_disk_id_size); inc_rfc1001_len(work->response_buf, conn->vals->create_disk_id_size); if (next_ptr) *next_ptr = cpu_to_le32(next_off); next_ptr = &disk_id_ccontext->Next; next_off = conn->vals->create_disk_id_size; } if (posix_ctxt) { contxt_cnt++; create_posix_rsp_buf(rsp->Buffer + le32_to_cpu(rsp->CreateContextsLength), fp); le32_add_cpu(&rsp->CreateContextsLength, conn->vals->create_posix_size); inc_rfc1001_len(work->response_buf, conn->vals->create_posix_size); if (next_ptr) *next_ptr = cpu_to_le32(next_off); } if (contxt_cnt > 0) { rsp->CreateContextsOffset = cpu_to_le32(offsetof(struct smb2_create_rsp, Buffer)); } err_out: if (file_present || created) path_put(&path); ksmbd_revert_fsids(work); err_out1: if (rc) { if (rc == -EINVAL) rsp->hdr.Status = STATUS_INVALID_PARAMETER; else if (rc == -EOPNOTSUPP) rsp->hdr.Status = STATUS_NOT_SUPPORTED; else if (rc == -EACCES || rc == -ESTALE || rc == -EXDEV) rsp->hdr.Status = STATUS_ACCESS_DENIED; else if (rc == -ENOENT) rsp->hdr.Status = STATUS_OBJECT_NAME_INVALID; else if (rc == -EPERM) rsp->hdr.Status = STATUS_SHARING_VIOLATION; else if (rc == -EBUSY) rsp->hdr.Status = STATUS_DELETE_PENDING; else if (rc == -EBADF) rsp->hdr.Status = STATUS_OBJECT_NAME_NOT_FOUND; else if (rc == -ENOEXEC) rsp->hdr.Status = STATUS_DUPLICATE_OBJECTID; else if (rc == -ENXIO) rsp->hdr.Status = STATUS_NO_SUCH_DEVICE; else if (rc == -EEXIST) rsp->hdr.Status = STATUS_OBJECT_NAME_COLLISION; else if (rc == -EMFILE) rsp->hdr.Status = STATUS_INSUFFICIENT_RESOURCES; if (!rsp->hdr.Status) rsp->hdr.Status = STATUS_UNEXPECTED_IO_ERROR; if (fp) ksmbd_fd_put(work, fp); smb2_set_err_rsp(work); ksmbd_debug(SMB, ""Error response: %x\n"", rsp->hdr.Status); } kfree(name); kfree(lc); return 0; }",visit repo url,fs/ksmbd/smb2pdu.c,https://github.com/torvalds/linux,113692436973541,1 4330,['CWE-119'],"static status ParseFormat (AFfilehandle filehandle, AFvirtualfile *fp, uint32_t id, size_t size) { _Track *track; uint16_t formatTag, channelCount; uint32_t sampleRate, averageBytesPerSecond; uint16_t blockAlign; _WAVEInfo *wave; assert(filehandle != NULL); assert(fp != NULL); assert(!memcmp(&id, ""fmt "", 4)); track = _af_filehandle_get_track(filehandle, AF_DEFAULT_TRACK); assert(filehandle->formatSpecific != NULL); wave = (_WAVEInfo *) filehandle->formatSpecific; af_read_uint16_le(&formatTag, fp); af_read_uint16_le(&channelCount, fp); af_read_uint32_le(&sampleRate, fp); af_read_uint32_le(&averageBytesPerSecond, fp); af_read_uint16_le(&blockAlign, fp); track->f.channelCount = channelCount; track->f.sampleRate = sampleRate; track->f.byteOrder = AF_BYTEORDER_LITTLEENDIAN; track->f.compressionType = AF_COMPRESSION_NONE; switch (formatTag) { case WAVE_FORMAT_PCM: { uint16_t bitsPerSample; af_read_uint16_le(&bitsPerSample, fp); track->f.sampleWidth = bitsPerSample; if (bitsPerSample == 0 || bitsPerSample > 32) { _af_error(AF_BAD_WIDTH, ""bad sample width of %d bits"", bitsPerSample); return AF_FAIL; } if (bitsPerSample <= 8) track->f.sampleFormat = AF_SAMPFMT_UNSIGNED; else track->f.sampleFormat = AF_SAMPFMT_TWOSCOMP; } break; case WAVE_FORMAT_MULAW: case IBM_FORMAT_MULAW: track->f.sampleWidth = 16; track->f.sampleFormat = AF_SAMPFMT_TWOSCOMP; track->f.compressionType = AF_COMPRESSION_G711_ULAW; break; case WAVE_FORMAT_ALAW: case IBM_FORMAT_ALAW: track->f.sampleWidth = 16; track->f.sampleFormat = AF_SAMPFMT_TWOSCOMP; track->f.compressionType = AF_COMPRESSION_G711_ALAW; break; case WAVE_FORMAT_IEEE_FLOAT: { uint16_t bitsPerSample; af_read_uint16_le(&bitsPerSample, fp); if (bitsPerSample == 64) { track->f.sampleWidth = 64; track->f.sampleFormat = AF_SAMPFMT_DOUBLE; } else { track->f.sampleWidth = 32; track->f.sampleFormat = AF_SAMPFMT_FLOAT; } } break; case WAVE_FORMAT_ADPCM: { uint16_t bitsPerSample, extraByteCount, samplesPerBlock, numCoefficients; int i; AUpvlist pv; long l; void *v; if (track->f.channelCount != 1 && track->f.channelCount != 2) { _af_error(AF_BAD_CHANNELS, ""WAVE file with MS ADPCM compression "" ""must have 1 or 2 channels""); } af_read_uint16_le(&bitsPerSample, fp); af_read_uint16_le(&extraByteCount, fp); af_read_uint16_le(&samplesPerBlock, fp); af_read_uint16_le(&numCoefficients, fp); assert(numCoefficients >= 7 && numCoefficients <= 255); for (i=0; imsadpcmCoefficients[i][0] = a0; wave->msadpcmCoefficients[i][1] = a1; } track->f.sampleWidth = 16; track->f.sampleFormat = AF_SAMPFMT_TWOSCOMP; track->f.compressionType = AF_COMPRESSION_MS_ADPCM; track->f.byteOrder = _AF_BYTEORDER_NATIVE; pv = AUpvnew(4); AUpvsetparam(pv, 0, _AF_MS_ADPCM_NUM_COEFFICIENTS); AUpvsetvaltype(pv, 0, AU_PVTYPE_LONG); l = numCoefficients; AUpvsetval(pv, 0, &l); AUpvsetparam(pv, 1, _AF_MS_ADPCM_COEFFICIENTS); AUpvsetvaltype(pv, 1, AU_PVTYPE_PTR); v = wave->msadpcmCoefficients; AUpvsetval(pv, 1, &v); AUpvsetparam(pv, 2, _AF_FRAMES_PER_BLOCK); AUpvsetvaltype(pv, 2, AU_PVTYPE_LONG); l = samplesPerBlock; AUpvsetval(pv, 2, &l); AUpvsetparam(pv, 3, _AF_BLOCK_SIZE); AUpvsetvaltype(pv, 3, AU_PVTYPE_LONG); l = blockAlign; AUpvsetval(pv, 3, &l); track->f.compressionParams = pv; } break; case WAVE_FORMAT_DVI_ADPCM: { AUpvlist pv; long l; uint16_t bitsPerSample, extraByteCount, samplesPerBlock; af_read_uint16_le(&bitsPerSample, fp); af_read_uint16_le(&extraByteCount, fp); af_read_uint16_le(&samplesPerBlock, fp); if (bitsPerSample != 4) { _af_error(AF_BAD_NOT_IMPLEMENTED, ""IMA ADPCM compression supports only 4 bits per sample""); } int bytesPerBlock = (samplesPerBlock + 14) / 8 * 4 * channelCount; if (bytesPerBlock > blockAlign || (samplesPerBlock % 8) != 1) { _af_error(AF_BAD_CODEC_CONFIG, ""Invalid samples per block for IMA ADPCM compression""); } track->f.sampleWidth = 16; track->f.sampleFormat = AF_SAMPFMT_TWOSCOMP; track->f.compressionType = AF_COMPRESSION_IMA; track->f.byteOrder = _AF_BYTEORDER_NATIVE; pv = AUpvnew(2); AUpvsetparam(pv, 0, _AF_FRAMES_PER_BLOCK); AUpvsetvaltype(pv, 0, AU_PVTYPE_LONG); l = samplesPerBlock; AUpvsetval(pv, 0, &l); AUpvsetparam(pv, 1, _AF_BLOCK_SIZE); AUpvsetvaltype(pv, 1, AU_PVTYPE_LONG); l = blockAlign; AUpvsetval(pv, 1, &l); track->f.compressionParams = pv; } break; case WAVE_FORMAT_YAMAHA_ADPCM: case WAVE_FORMAT_OKI_ADPCM: case WAVE_FORMAT_CREATIVE_ADPCM: case IBM_FORMAT_ADPCM: _af_error(AF_BAD_NOT_IMPLEMENTED, ""WAVE ADPCM data format 0x%x is not currently supported"", formatTag); return AF_FAIL; break; case WAVE_FORMAT_MPEG: _af_error(AF_BAD_NOT_IMPLEMENTED, ""WAVE MPEG data format is not supported""); return AF_FAIL; break; case WAVE_FORMAT_MPEGLAYER3: _af_error(AF_BAD_NOT_IMPLEMENTED, ""WAVE MPEG layer 3 data format is not supported""); return AF_FAIL; break; default: _af_error(AF_BAD_NOT_IMPLEMENTED, ""WAVE file data format 0x%x not currently supported"", formatTag); return AF_FAIL; break; } _af_set_sample_format(&track->f, track->f.sampleFormat, track->f.sampleWidth); return AF_SUCCEED; }",audiofile,,,210925951446414887953541477209012229727,0 5759,CWE-190,"MONGO_EXPORT gridfs_offset gridfile_read( gridfile *gfile, gridfs_offset size, char *buf ) { mongo_cursor *chunks; bson chunk; int first_chunk; int last_chunk; int total_chunks; gridfs_offset chunksize; gridfs_offset contentlength; gridfs_offset bytes_left; int i; bson_iterator it; gridfs_offset chunk_len; const char *chunk_data; contentlength = gridfile_get_contentlength( gfile ); chunksize = gridfile_get_chunksize( gfile ); size = ( contentlength - gfile->pos < size ) ? contentlength - gfile->pos : size; bytes_left = size; first_chunk = ( gfile->pos )/chunksize; last_chunk = ( gfile->pos+size-1 )/chunksize; total_chunks = last_chunk - first_chunk + 1; chunks = gridfile_get_chunks( gfile, first_chunk, total_chunks ); for ( i = 0; i < total_chunks; i++ ) { mongo_cursor_next( chunks ); chunk = chunks->current; bson_find( &it, &chunk, ""data"" ); chunk_len = bson_iterator_bin_len( &it ); chunk_data = bson_iterator_bin_data( &it ); if ( i == 0 ) { chunk_data += ( gfile->pos )%chunksize; chunk_len -= ( gfile->pos )%chunksize; } if ( bytes_left > chunk_len ) { memcpy( buf, chunk_data, chunk_len ); bytes_left -= chunk_len; buf += chunk_len; } else { memcpy( buf, chunk_data, bytes_left ); } } mongo_cursor_destroy( chunks ); gfile->pos = gfile->pos + size; return size; }",visit repo url,src/gridfs.c,https://github.com/10gen-archive/mongo-c-driver-legacy,223752436255276,1 6680,CWE-330,"int read_config (char *config_file) { char buf[512]; char *cp; FILE *config_fp; char *args[MAXARGS]; int argcnt, errcnt, linenum; if (T.debug > 0) syslog (LOG_DEBUG, ""config file: %s"", config_file); config_fp = fopen (config_file, ""r""); if (!config_fp) { syslog (LOG_ERR, ""can't open config file: %s"", config_file); return -1; } linenum = errcnt = 0; while (fgets (buf, sizeof (buf), config_fp)) { linenum++; cp = strchr (buf, '\n'); if (cp) *cp = '\0'; cp = strchr (buf, '\n'); if (cp) *cp = '\0'; cp = strchr (buf, '#'); if (cp) *cp = '\0'; cp = strchr (buf, ';'); if (cp) *cp = '\0'; args[argcnt = 0] = strtok (buf, "" \t""); while (args[argcnt] && ++argcnt < MAXARGS) args[argcnt] = strtok (NULL, "" \t""); if (!args[0]) continue; if (!strcasecmp (args[0], ""forwarder"")) { if (argcnt < 2 || argcnt > 4 ) { syslog (LOG_ERR, ""line %d: invalid format: forwarder [port ]"", linenum); errcnt++; } else { int port = PORT_TO, i; i = 2; if (argcnt > i) { if (!strcasecmp (args[i], ""port"")) { if (argcnt >= ++i) { port = atoi (args[i++]); } else { syslog (LOG_ERR, ""line %d: invalid format, missing after port attribute"", linenum); errcnt++; continue; } } else { syslog (LOG_ERR, ""line %d: invalid format, cannot parse unknown attribute: %s"", linenum, args[i]); errcnt++; continue; } } if (fwd_add (args[1], port) == -1) return -1; } } else if (!strcasecmp (args[0], ""prefix"")) { if (argcnt != 2) { syslog (LOG_ERR, ""line %d: invalid format: prefix "", linenum); errcnt++; } else { if (conv_trick_conf ((u_char *)args[1])) { syslog (LOG_INFO, ""can not add prefix %d: %s"", T.prefixnum, args[1]); errcnt++; } else syslog (LOG_INFO, ""prefix %d added: %s"", T.prefixnum, args[1]); } } else if (!strcasecmp (args[0], ""allow"")) { if (argcnt != 2) { syslog (LOG_ERR, ""line %d: invalid format: allow "", linenum); errcnt++; } else { #ifdef SWILL if (T.http_port) { swill_allow(args[1]); syslog (LOG_INFO, ""allow http connects from %s"", args[1]); } else #endif syslog (LOG_INFO, ""NOTE: http support not enabled!!!""); } } else if (!strcasecmp (args[0], ""retry"")) { if (argcnt != 2) { syslog (LOG_ERR, ""line %d: invalid format: retry "", linenum); errcnt++; } else { T.retry_interval = atoi(args[1]); } } else if (!strcasecmp (args[0], ""pidfile"")) { if (argcnt != 2) { syslog (LOG_ERR, ""line %d: invalid format: pidfile "", linenum); errcnt++; } else { T.pidfile = strdup(args[1]); } } else if (!strcasecmp (args[0], ""interfaces"")) { int i; if (argcnt < 2) { syslog (LOG_ERR, ""line %d: invalid format: interfaces ..."", linenum); errcnt++; } for (i = 0; T.iflist[i] && i < MAXINTERFACES; i++); if (i + argcnt-1 > MAXINTERFACES) { syslog (LOG_ERR, ""line %d: to many interfaces, more than %d"", linenum, MAXINTERFACES); errcnt++; } else { syslog (LOG_DEBUG, ""line %d: %d interfaces listed, no wildcard socket"", linenum, argcnt-1); T.iflist[i + argcnt--] = NULL; while (argcnt) { if (!strcmp(args[argcnt], ""*"")) { T.iflist[0] = NULL; T.wildcard = 1; break; } T.iflist[i+argcnt-1] = strdup(args[argcnt]); argcnt--; } if (T.iflist[0]) T.wildcard = 0; } } else if (!strcasecmp (args[0], ""port"")) { if (argcnt != 2) { syslog (LOG_ERR, ""line %d: invalid format: port "", linenum); errcnt++; } else { T.port = atoi(args[1]); } } #ifdef SCOPED_REWRITE else if (!strcasecmp(args[0], ""scoped"")) { if (argcnt != 4) { syslog (LOG_ERR, ""line %d: invalid format: scoped "", linenum); errcnt++; } else { if (conv_scoped_conf(args[1], args[2], atoi(args[3]))) { syslog (LOG_INFO, ""can not add scoped %d: %s %s %s"", T.scoped_prefixes, args[1], args[2], args[3]); errcnt++; } else { syslog(LOG_INFO, ""scoped %d added: %s %s %d"", T.scoped_prefixes, args[1], args[2], atoi(args[3])); } } } #endif #ifdef STF else if (!strcasecmp(args[0], ""stf"")) { if (argcnt != 1) { syslog (LOG_ERR, ""line %d: invalid format: stf"", linenum); errcnt++; } else { T.stf = 1; } } #endif else { syslog (LOG_WARNING, ""line %d: unknown keyword in config file: %s"", linenum, args[0]); errcnt++; } } fclose (config_fp); if (errcnt) { syslog (LOG_ERR, ""errors found in config file. errcnt = %d"", errcnt); return -1; } else syslog (LOG_INFO, ""configuration file loaded.""); return 0; }",visit repo url,read_config.c,https://github.com/fwdillema/totd,7191961942287,1 2732,CWE-190,"int gdAlphaBlend (int dst, int src) { int src_alpha = gdTrueColorGetAlpha(src); int dst_alpha, alpha, red, green, blue; int src_weight, dst_weight, tot_weight; if( src_alpha == gdAlphaOpaque ) return src; dst_alpha = gdTrueColorGetAlpha(dst); if( src_alpha == gdAlphaTransparent ) return dst; if( dst_alpha == gdAlphaTransparent ) return src; src_weight = gdAlphaTransparent - src_alpha; dst_weight = (gdAlphaTransparent - dst_alpha) * src_alpha / gdAlphaMax; tot_weight = src_weight + dst_weight; alpha = src_alpha * dst_alpha / gdAlphaMax; red = (gdTrueColorGetRed(src) * src_weight + gdTrueColorGetRed(dst) * dst_weight) / tot_weight; green = (gdTrueColorGetGreen(src) * src_weight + gdTrueColorGetGreen(dst) * dst_weight) / tot_weight; blue = (gdTrueColorGetBlue(src) * src_weight + gdTrueColorGetBlue(dst) * dst_weight) / tot_weight; return ((alpha << 24) + (red << 16) + (green << 8) + blue); }",visit repo url,ext/gd/libgd/gd.c,https://github.com/php/php-src,153884390521242,1 5598,CWE-125,"ast_for_with_stmt(struct compiling *c, const node *n, int is_async) { int i, n_items, nch_minus_type, has_type_comment; asdl_seq *items, *body; string type_comment; if (is_async && c->c_feature_version < 5) { ast_error(c, n, ""Async with statements are only supported in Python 3.5 and greater""); return NULL; } REQ(n, with_stmt); has_type_comment = TYPE(CHILD(n, NCH(n) - 2)) == TYPE_COMMENT; nch_minus_type = NCH(n) - has_type_comment; n_items = (nch_minus_type - 2) / 2; items = _Ta3_asdl_seq_new(n_items, c->c_arena); if (!items) return NULL; for (i = 1; i < nch_minus_type - 2; i += 2) { withitem_ty item = ast_for_with_item(c, CHILD(n, i)); if (!item) return NULL; asdl_seq_SET(items, (i - 1) / 2, item); } body = ast_for_suite(c, CHILD(n, NCH(n) - 1)); if (!body) return NULL; if (has_type_comment) type_comment = NEW_TYPE_COMMENT(CHILD(n, NCH(n) - 2)); else type_comment = NULL; if (is_async) return AsyncWith(items, body, type_comment, LINENO(n), n->n_col_offset, c->c_arena); else return With(items, body, type_comment, LINENO(n), n->n_col_offset, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,253981254456179,1 1906,CWE-416,"int nfc_llcp_set_remote_gb(struct nfc_dev *dev, const u8 *gb, u8 gb_len) { struct nfc_llcp_local *local; if (gb_len < 3 || gb_len > NFC_MAX_GT_LEN) return -EINVAL; local = nfc_llcp_find_local(dev); if (local == NULL) { pr_err(""No LLCP device\n""); return -ENODEV; } memset(local->remote_gb, 0, NFC_MAX_GT_LEN); memcpy(local->remote_gb, gb, gb_len); local->remote_gb_len = gb_len; if (memcmp(local->remote_gb, llcp_magic, 3)) { pr_err(""MAC does not support LLCP\n""); return -EINVAL; } return nfc_llcp_parse_gb_tlv(local, &local->remote_gb[3], local->remote_gb_len - 3); }",visit repo url,net/nfc/llcp_core.c,https://github.com/torvalds/linux,241457779819475,1 3421,CWE-119,"static void show_object(struct object *obj, struct strbuf *path, const char *component, void *cb_data) { struct rev_list_info *info = cb_data; finish_object(obj, path, component, cb_data); if (info->flags & REV_LIST_QUIET) return; show_object_with_name(stdout, obj, path, component); }",visit repo url,builtin/rev-list.c,https://github.com/git/git,99015867276515,1 6098,['CWE-200'],"int __init addrconf_init(void) { int err = 0; rtnl_lock(); if (!ipv6_add_dev(&loopback_dev)) err = -ENOMEM; rtnl_unlock(); if (err) return err; register_netdevice_notifier(&ipv6_dev_notf); #ifdef CONFIG_IPV6_PRIVACY md5_tfm = crypto_alloc_tfm(""md5"", 0); if (unlikely(md5_tfm == NULL)) printk(KERN_WARNING ""failed to load transform for md5\n""); #endif addrconf_verify(0); rtnetlink_links[PF_INET6] = inet6_rtnetlink_table; #ifdef CONFIG_SYSCTL addrconf_sysctl.sysctl_header = register_sysctl_table(addrconf_sysctl.addrconf_root_dir, 0); addrconf_sysctl_register(NULL, &ipv6_devconf_dflt); #endif return 0; }",linux-2.6,,,165186161219269728241373184890653052972,0 1797,NVD-CWE-Other,"void bpf_map_inc(struct bpf_map *map, bool uref) { atomic_inc(&map->refcnt); if (uref) atomic_inc(&map->usercnt); }",visit repo url,kernel/bpf/syscall.c,https://github.com/torvalds/linux,138792799009266,1 5463,CWE-617,"init_pci(struct vmctx *ctx) { struct mem_range mr; struct pci_vdev_ops *ops; struct businfo *bi; struct slotinfo *si; struct funcinfo *fi; size_t lowmem; int bus, slot, func; int success_cnt = 0; int error; pci_emul_iobase = PCI_EMUL_IOBASE; pci_emul_membase32 = vm_get_lowmem_limit(ctx); pci_emul_membase64 = PCI_EMUL_MEMBASE64; create_gsi_sharing_groups(); for (bus = 0; bus < MAXBUSES; bus++) { bi = pci_businfo[bus]; if (bi == NULL) continue; bi->iobase = pci_emul_iobase; bi->membase32 = pci_emul_membase32; bi->membase64 = pci_emul_membase64; for (slot = 0; slot < MAXSLOTS; slot++) { si = &bi->slotinfo[slot]; for (func = 0; func < MAXFUNCS; func++) { fi = &si->si_funcs[func]; if (fi->fi_name == NULL) continue; ops = pci_emul_finddev(fi->fi_name); assert(ops != NULL); pr_notice(""pci init %s\r\n"", fi->fi_name); error = pci_emul_init(ctx, ops, bus, slot, func, fi); if (error) { pr_err(""pci %s init failed\n"", fi->fi_name); goto pci_emul_init_fail; } success_cnt++; } } pci_emul_iobase += BUSIO_ROUNDUP; pci_emul_iobase = roundup2(pci_emul_iobase, BUSIO_ROUNDUP); bi->iolimit = pci_emul_iobase; pci_emul_membase32 += BUSMEM_ROUNDUP; pci_emul_membase32 = roundup2(pci_emul_membase32, BUSMEM_ROUNDUP); bi->memlimit32 = pci_emul_membase32; pci_emul_membase64 += BUSMEM_ROUNDUP; pci_emul_membase64 = roundup2(pci_emul_membase64, BUSMEM_ROUNDUP); bi->memlimit64 = pci_emul_membase64; } error = check_gsi_sharing_violation(); if (error < 0) goto pci_emul_init_fail; for (bus = 0; bus < MAXBUSES; bus++) { bi = pci_businfo[bus]; if (bi == NULL) continue; for (slot = 0; slot < MAXSLOTS; slot++) { si = &bi->slotinfo[slot]; for (func = 0; func < MAXFUNCS; func++) { fi = &si->si_funcs[func]; if (fi->fi_devi == NULL) continue; pci_lintr_route(fi->fi_devi); ops = fi->fi_devi->dev_ops; if (ops && ops->vdev_phys_access) ops->vdev_phys_access(ctx, fi->fi_devi); } } } lpc_pirq_routed(); lowmem = vm_get_lowmem_size(ctx); bzero(&mr, sizeof(struct mem_range)); mr.name = ""PCI hole (32-bit)""; mr.flags = MEM_F_RW; mr.base = lowmem; mr.size = (4ULL * 1024 * 1024 * 1024) - lowmem; mr.handler = pci_emul_fallback_handler; error = register_mem_fallback(&mr); assert(error == 0); bzero(&mr, sizeof(struct mem_range)); mr.name = ""PCI hole (64-bit)""; mr.flags = MEM_F_RW; mr.base = PCI_EMUL_MEMBASE64; mr.size = PCI_EMUL_MEMLIMIT64 - PCI_EMUL_MEMBASE64; mr.handler = pci_emul_fallback_handler; error = register_mem_fallback(&mr); assert(error == 0); bzero(&mr, sizeof(struct mem_range)); mr.name = ""PCI ECFG""; mr.flags = MEM_F_RW; mr.base = PCI_EMUL_ECFG_BASE; mr.size = PCI_EMUL_ECFG_SIZE; mr.handler = pci_emul_ecfg_handler; error = register_mem(&mr); assert(error == 0); return 0; pci_emul_init_fail: for (bus = 0; bus < MAXBUSES && success_cnt > 0; bus++) { bi = pci_businfo[bus]; if (bi == NULL) continue; for (slot = 0; slot < MAXSLOTS && success_cnt > 0; slot++) { si = &bi->slotinfo[slot]; for (func = 0; func < MAXFUNCS; func++) { fi = &si->si_funcs[func]; if (fi->fi_name == NULL) continue; if (success_cnt-- <= 0) break; ops = pci_emul_finddev(fi->fi_name); assert(ops != NULL); pci_emul_deinit(ctx, ops, bus, slot, func, fi); } } } return error; }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,231905264244928,1 1870,['CWE-189'],"_gnutls_handshake_common (gnutls_session_t session) { int ret = 0; if ((session->internals.resumed == RESUME_TRUE && session->security_parameters.entity == GNUTLS_CLIENT) || (session->internals.resumed == RESUME_FALSE && session->security_parameters.entity == GNUTLS_SERVER)) { ret = _gnutls_recv_handshake_final (session, TRUE); IMED_RET (""recv handshake final"", ret); ret = _gnutls_send_handshake_final (session, FALSE); IMED_RET (""send handshake final"", ret); } else { ret = _gnutls_send_handshake_final (session, TRUE); IMED_RET (""send handshake final 2"", ret); ret = _gnutls_recv_handshake_final (session, FALSE); IMED_RET (""recv handshake final 2"", ret); } if (session->security_parameters.entity == GNUTLS_SERVER) { _gnutls_server_register_current_session (session); } _gnutls_handshake_hash_buffers_clear (session); return ret; }",gnutls,,,148991324840524213666918763875561508040,0 2447,CWE-20,"static int mxf_read_primer_pack(void *arg, AVIOContext *pb, int tag, int size, UID uid, int64_t klv_offset) { MXFContext *mxf = arg; int item_num = avio_rb32(pb); int item_len = avio_rb32(pb); if (item_len != 18) { avpriv_request_sample(pb, ""Primer pack item length %d"", item_len); return AVERROR_PATCHWELCOME; } if (item_num > 65536) { av_log(mxf->fc, AV_LOG_ERROR, ""item_num %d is too large\n"", item_num); return AVERROR_INVALIDDATA; } if (mxf->local_tags) av_log(mxf->fc, AV_LOG_VERBOSE, ""Multiple primer packs\n""); av_free(mxf->local_tags); mxf->local_tags_count = 0; mxf->local_tags = av_calloc(item_num, item_len); if (!mxf->local_tags) return AVERROR(ENOMEM); mxf->local_tags_count = item_num; avio_read(pb, mxf->local_tags, item_num*item_len); return 0; }",visit repo url,libavformat/mxfdec.c,https://github.com/FFmpeg/FFmpeg,48596960581252,1 3482,CWE-295,"int main(int argc, char **argv) { MYSQL mysql; option_string *eptr; MY_INIT(argv[0]); my_getopt_use_args_separator= TRUE; if (load_defaults(""my"",load_default_groups,&argc,&argv)) { my_end(0); exit(1); } my_getopt_use_args_separator= FALSE; defaults_argv=argv; if (get_options(&argc,&argv)) { free_defaults(defaults_argv); my_end(0); exit(1); } if (auto_generate_sql) srandom((uint)time(NULL)); delimiter_length= strlen(delimiter); if (argc > 2) { fprintf(stderr,""%s: Too many arguments\n"",my_progname); free_defaults(defaults_argv); my_end(0); exit(1); } mysql_init(&mysql); if (opt_compress) mysql_options(&mysql,MYSQL_OPT_COMPRESS,NullS); #ifdef HAVE_OPENSSL if (opt_use_ssl) { mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); mysql_options(&mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(&mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } #endif if (opt_protocol) mysql_options(&mysql,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) if (shared_memory_base_name) mysql_options(&mysql,MYSQL_SHARED_MEMORY_BASE_NAME,shared_memory_base_name); #endif mysql_options(&mysql, MYSQL_SET_CHARSET_NAME, default_charset); if (opt_plugin_dir && *opt_plugin_dir) mysql_options(&mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir); if (opt_default_auth && *opt_default_auth) mysql_options(&mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(&mysql, MYSQL_OPT_CONNECT_ATTR_RESET, 0); mysql_options4(&mysql, MYSQL_OPT_CONNECT_ATTR_ADD, ""program_name"", ""mysqlslap""); if (using_opt_enable_cleartext_plugin) mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, (char*) &opt_enable_cleartext_plugin); if (!opt_only_print) { if (!(mysql_real_connect(&mysql, host, user, opt_password, NULL, opt_mysql_port, opt_mysql_unix_port, connect_flags))) { fprintf(stderr,""%s: Error when connecting to server: %s\n"", my_progname,mysql_error(&mysql)); free_defaults(defaults_argv); my_end(0); exit(1); } } pthread_mutex_init(&counter_mutex, NULL); pthread_cond_init(&count_threshhold, NULL); pthread_mutex_init(&sleeper_mutex, NULL); pthread_cond_init(&sleep_threshhold, NULL); eptr= engine_options; do { uint *current; if (verbose >= 2) printf(""Starting Concurrency Test\n""); if (*concurrency) { for (current= concurrency; current && *current; current++) concurrency_loop(&mysql, *current, eptr); } else { uint infinite= 1; do { concurrency_loop(&mysql, infinite, eptr); } while (infinite++); } if (!opt_preserve) drop_schema(&mysql, create_schema_string); } while (eptr ? (eptr= eptr->next) : 0); pthread_mutex_destroy(&counter_mutex); pthread_cond_destroy(&count_threshhold); pthread_mutex_destroy(&sleeper_mutex); pthread_cond_destroy(&sleep_threshhold); if (!opt_only_print) mysql_close(&mysql); my_free(opt_password); my_free(concurrency); statement_cleanup(create_statements); statement_cleanup(query_statements); statement_cleanup(pre_statements); statement_cleanup(post_statements); option_cleanup(engine_options); #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) my_free(shared_memory_base_name); #endif free_defaults(defaults_argv); my_end(my_end_arg); return 0; }",visit repo url,client/mysqlslap.c,https://github.com/mysql/mysql-server,269296809270511,1 5627,[],"SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) { struct siginfo info; info.si_signo = sig; info.si_errno = 0; info.si_code = SI_USER; info.si_pid = task_tgid_vnr(current); info.si_uid = current_uid(); return kill_something_info(sig, &info, pid); }",linux-2.6,,,42567083425032952169192434593093799361,0 252,[],"static int fat_get_short_entry(struct inode *dir, loff_t *pos, struct buffer_head **bh, struct msdos_dir_entry **de) { while (fat_get_entry(dir, pos, bh, de) >= 0) { if (!IS_FREE((*de)->name) && !((*de)->attr & ATTR_VOLUME)) return 0; } return -ENOENT; }",linux-2.6,,,134664019328113888535117838571664393923,0 2639,[],"static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) { if (sctp_style(sk, TCP)) return -EOPNOTSUPP; if (len < sizeof(int)) return -EINVAL; len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &sctp_sk(sk)->autoclose, sizeof(int))) return -EFAULT; return 0; }",linux-2.6,,,92623262082443040330523421329834614942,0 4517,CWE-121,"Bool gf_sg_proto_field_is_sftime_offset(GF_Node *node, GF_FieldInfo *field) { u32 i; GF_Route *r; GF_ProtoInstance *inst; GF_FieldInfo inf; if (node->sgprivate->tag != TAG_ProtoNode) return 0; if (field->fieldType != GF_SG_VRML_SFTIME) return 0; inst = (GF_ProtoInstance *) node; i=0; while ((r = (GF_Route*)gf_list_enum(inst->proto_interface->sub_graph->Routes, &i))) { if (!r->IS_route) continue; if (r->FromNode || (r->FromField.fieldIndex != field->fieldIndex)) continue; gf_node_get_field(r->ToNode, r->ToField.fieldIndex, &inf); if (r->ToNode->sgprivate->tag == TAG_ProtoNode) return gf_sg_proto_field_is_sftime_offset(r->ToNode, &inf); if (!stricmp(inf.name, ""startTime"") || !stricmp(inf.name, ""stopTime"")) return 1; } return 0; }",visit repo url,src/scenegraph/vrml_proto.c,https://github.com/gpac/gpac,137536863749317,1 2945,['CWE-189'],"static void jas_iccattrtab_delete(jas_iccattrtab_t *attrtab, int i) { int n; jas_iccattrval_destroy(attrtab->attrs[i].val); if ((n = attrtab->numattrs - i - 1) > 0) memmove(&attrtab->attrs[i], &attrtab->attrs[i + 1], n * sizeof(jas_iccattr_t)); --attrtab->numattrs; }",jasper,,,305137011239501631065327111678204094553,0 2192,['CWE-193'],"struct page *find_lock_page(struct address_space *mapping, pgoff_t offset) { struct page *page; repeat: page = find_get_page(mapping, offset); if (page) { lock_page(page); if (unlikely(page->mapping != mapping)) { unlock_page(page); page_cache_release(page); goto repeat; } VM_BUG_ON(page->index != offset); } return page; }",linux-2.6,,,115529972463245860632291744526383963483,0 3842,CWE-122,"win_goto(win_T *wp) { #ifdef FEAT_CONCEAL win_T *owp = curwin; #endif #ifdef FEAT_PROP_POPUP if (ERROR_IF_ANY_POPUP_WINDOW) return; if (popup_is_popup(wp)) { emsg(_(e_not_allowed_to_enter_popup_window)); return; } #endif if (text_locked()) { beep_flush(); text_locked_msg(); return; } if (curbuf_locked()) return; if (wp->w_buffer != curbuf) reset_VIsual_and_resel(); else if (VIsual_active) wp->w_cursor = curwin->w_cursor; #ifdef FEAT_GUI need_mouse_correct = TRUE; #endif win_enter(wp, TRUE); #ifdef FEAT_CONCEAL if (win_valid(owp) && owp->w_p_cole > 0 && !msg_scrolled) redrawWinline(owp, owp->w_cursor.lnum); if (curwin->w_p_cole > 0 && !msg_scrolled) need_cursor_line_redraw = TRUE; #endif }",visit repo url,src/window.c,https://github.com/vim/vim,174055059598375,1 4756,['CWE-20'],"static int bdev_try_to_free_page(struct super_block *sb, struct page *page, gfp_t wait) { journal_t *journal = EXT4_SB(sb)->s_journal; WARN_ON(PageChecked(page)); if (!page_has_buffers(page)) return 0; if (journal) return jbd2_journal_try_to_free_buffers(journal, page, wait & ~__GFP_WAIT); return try_to_free_buffers(page); }",linux-2.6,,,279568951835244510473746360081062345551,0 4327,['CWE-119'],"status _af_wave_read_init (AFfilesetup setup, AFfilehandle filehandle) { _Track *track; uint32_t type, size, formtype; uint32_t index = 0; bool hasFormat, hasData, hasCue, hasList, hasPlayList, hasFrameCount, hasINST, hasINFO; _WAVEInfo *wave = _af_malloc(sizeof (_WAVEInfo)); assert(filehandle != NULL); assert(filehandle->fh != NULL); hasFormat = AF_FALSE; hasData = AF_FALSE; hasCue = AF_FALSE; hasList = AF_FALSE; hasPlayList = AF_FALSE; hasFrameCount = AF_FALSE; hasINST = AF_FALSE; hasINFO = AF_FALSE; filehandle->formatSpecific = wave; filehandle->instruments = NULL; filehandle->instrumentCount = 0; filehandle->miscellaneous = NULL; filehandle->miscellaneousCount = 0; track = _af_track_new(); filehandle->tracks = track; filehandle->trackCount = 1; af_fseek(filehandle->fh, 0, SEEK_SET); af_fread(&type, 4, 1, filehandle->fh); af_read_uint32_le(&size, filehandle->fh); af_fread(&formtype, 4, 1, filehandle->fh); assert(!memcmp(&type, ""RIFF"", 4)); assert(!memcmp(&formtype, ""WAVE"", 4)); #ifdef DEBUG printf(""size: %d\n"", size); #endif index += 4; while (index < size) { uint32_t chunkid = 0, chunksize = 0; status result; #ifdef DEBUG printf(""index: %d\n"", index); #endif af_fread(&chunkid, 4, 1, filehandle->fh); af_read_uint32_le(&chunksize, filehandle->fh); #ifdef DEBUG _af_printid(BENDIAN_TO_HOST_INT32(chunkid)); printf("" size: %d\n"", chunksize); #endif if (memcmp(&chunkid, ""fmt "", 4) == 0) { result = ParseFormat(filehandle, filehandle->fh, chunkid, chunksize); if (result == AF_FAIL) return AF_FAIL; hasFormat = AF_TRUE; } else if (memcmp(&chunkid, ""data"", 4) == 0) { if (!hasFormat) { _af_error(AF_BAD_HEADER, ""missing format chunk in WAVE file""); return AF_FAIL; } result = ParseData(filehandle, filehandle->fh, chunkid, chunksize); if (result == AF_FAIL) return AF_FAIL; hasData = AF_TRUE; } else if (memcmp(&chunkid, ""inst"", 4) == 0) { result = ParseInstrument(filehandle, filehandle->fh, chunkid, chunksize); if (result == AF_FAIL) return AF_FAIL; } else if (memcmp(&chunkid, ""fact"", 4) == 0) { hasFrameCount = AF_TRUE; result = ParseFrameCount(filehandle, filehandle->fh, chunkid, chunksize); if (result == AF_FAIL) return AF_FAIL; } else if (memcmp(&chunkid, ""cue "", 4) == 0) { hasCue = AF_TRUE; result = ParseCues(filehandle, filehandle->fh, chunkid, chunksize); if (result == AF_FAIL) return AF_FAIL; } else if (memcmp(&chunkid, ""LIST"", 4) == 0 || memcmp(&chunkid, ""list"", 4) == 0) { hasList = AF_TRUE; result = ParseList(filehandle, filehandle->fh, chunkid, chunksize); if (result == AF_FAIL) return AF_FAIL; } else if (memcmp(&chunkid, ""INST"", 4) == 0) { hasINST = AF_TRUE; result = ParseInstrument(filehandle, filehandle->fh, chunkid, chunksize); if (result == AF_FAIL) return AF_FAIL; } else if (memcmp(&chunkid, ""plst"", 4) == 0) { hasPlayList = AF_TRUE; result = ParsePlayList(filehandle, filehandle->fh, chunkid, chunksize); if (result == AF_FAIL) return AF_FAIL; } index += chunksize + 8; if ((index % 2) != 0) index++; af_fseek(filehandle->fh, index + 8, SEEK_SET); } if (!hasFormat || !hasData) { return AF_FAIL; } if (hasFrameCount == AF_FALSE) { track->totalfframes = ceil((double) track->data_size / _af_format_frame_size(&track->f, AF_FALSE)); } if (track->f.compressionType != AF_COMPRESSION_NONE && (track->f.compressionType == AF_COMPRESSION_G711_ULAW || track->f.compressionType == AF_COMPRESSION_G711_ALAW)) { track->totalfframes = track->data_size / track->f.channelCount; } return AF_SUCCEED; }",audiofile,,,203008562743499072276405147058187209255,0 2568,CWE-269,"static void setup_namespaces(struct lo_data *lo, struct fuse_session *se) { pid_t child; char template[] = ""virtiofsd-XXXXXX""; char *tmpdir; if (unshare(CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWNET) != 0) { fuse_log(FUSE_LOG_ERR, ""unshare(CLONE_NEWPID | CLONE_NEWNS): %m\n""); exit(1); } child = fork(); if (child < 0) { fuse_log(FUSE_LOG_ERR, ""fork() failed: %m\n""); exit(1); } if (child > 0) { pid_t waited; int wstatus; setup_wait_parent_capabilities(); do { waited = waitpid(child, &wstatus, 0); } while (waited < 0 && errno == EINTR && !se->exited); if (se->exited) { exit(0); } if (WIFEXITED(wstatus)) { exit(WEXITSTATUS(wstatus)); } exit(1); } prctl(PR_SET_PDEATHSIG, SIGTERM); if (mount(NULL, ""/"", NULL, MS_REC | MS_SLAVE, NULL) < 0) { fuse_log(FUSE_LOG_ERR, ""mount(/, MS_REC|MS_SLAVE): %m\n""); exit(1); } if (mount(""proc"", ""/proc"", ""proc"", MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME, NULL) < 0) { fuse_log(FUSE_LOG_ERR, ""mount(/proc): %m\n""); exit(1); } tmpdir = mkdtemp(template); if (!tmpdir) { fuse_log(FUSE_LOG_ERR, ""tmpdir(%s): %m\n"", template); exit(1); } if (mount(""/proc/self/fd"", tmpdir, NULL, MS_BIND, NULL) < 0) { fuse_log(FUSE_LOG_ERR, ""mount(/proc/self/fd, %s, MS_BIND): %m\n"", tmpdir); exit(1); } lo->proc_self_fd = open(tmpdir, O_PATH); if (lo->proc_self_fd == -1) { fuse_log(FUSE_LOG_ERR, ""open(%s, O_PATH): %m\n"", tmpdir); exit(1); } if (umount2(tmpdir, MNT_DETACH) < 0) { fuse_log(FUSE_LOG_ERR, ""umount2(%s, MNT_DETACH): %m\n"", tmpdir); exit(1); } if (rmdir(tmpdir) < 0) { fuse_log(FUSE_LOG_ERR, ""rmdir(%s): %m\n"", tmpdir); } }",visit repo url,tools/virtiofsd/passthrough_ll.c,https://github.com/qemu/qemu,153302069662648,1 3495,CWE-119,"process_pfa(FILE *ifp, const char *ifp_filename, struct font_reader *fr) { char buffer[LINESIZE]; int c = 0; int blocktyp = PFA_ASCII; char saved_orphan = 0; (void)ifp_filename; while (c != EOF) { char *line = buffer, *last = buffer; int crlf = 0; c = getc(ifp); while (c != EOF && c != '\r' && c != '\n' && last < buffer + LINESIZE - 1) { *last++ = c; c = getc(ifp); } if (last == buffer + LINESIZE - 1) ungetc(c, ifp); else if (c == '\r' && blocktyp != PFA_BINARY) { c = getc(ifp); if (c != '\n') ungetc(c, ifp), crlf = 1; else crlf = 2; *last++ = '\n'; } else if (c != EOF) *last++ = c; *last = 0; if (blocktyp == PFA_ASCII) { if (strncmp(line, ""currentfile eexec"", 17) == 0 && isspace(line[17])) { char saved_p; for (line += 18; isspace(*line); line++) ; saved_p = *line; *line = 0; fr->output_ascii(buffer, line - buffer); *line = saved_p; blocktyp = PFA_EEXEC_TEST; if (!*line) continue; } else { fr->output_ascii(line, last - line); continue; } } if (blocktyp == PFA_EEXEC_TEST) { for (; line < last && isspace(*line); line++) ; if (line == last) continue; else if (last >= line + 4 && isxdigit(line[0]) && isxdigit(line[1]) && isxdigit(line[2]) && isxdigit(line[3])) blocktyp = PFA_HEX; else blocktyp = PFA_BINARY; memmove(buffer, line, last - line + 1); last = buffer + (last - line); line = buffer; if (blocktyp == PFA_BINARY && crlf) { last[-1] = '\r'; if (crlf == 2) *last++ = '\n'; } } if (all_zeroes(line)) { fr->output_ascii(line, last - line); blocktyp = PFA_ASCII; } else if (blocktyp == PFA_HEX) { int len = translate_hex_string(line, &saved_orphan); if (len) fr->output_binary((unsigned char *)line, len); } else fr->output_binary((unsigned char *)line, last - line); } fr->output_end(); }",visit repo url,t1lib.c,https://github.com/kohler/t1utils,195784390801838,1 489,CWE-476,"static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) { struct tun_struct *tun; struct tun_file *tfile = file->private_data; struct net_device *dev; int err; if (tfile->detached) return -EINVAL; dev = __dev_get_by_name(net, ifr->ifr_name); if (dev) { if (ifr->ifr_flags & IFF_TUN_EXCL) return -EBUSY; if ((ifr->ifr_flags & IFF_TUN) && dev->netdev_ops == &tun_netdev_ops) tun = netdev_priv(dev); else if ((ifr->ifr_flags & IFF_TAP) && dev->netdev_ops == &tap_netdev_ops) tun = netdev_priv(dev); else return -EINVAL; if (!!(ifr->ifr_flags & IFF_MULTI_QUEUE) != !!(tun->flags & IFF_MULTI_QUEUE)) return -EINVAL; if (tun_not_capable(tun)) return -EPERM; err = security_tun_dev_open(tun->security); if (err < 0) return err; err = tun_attach(tun, file, ifr->ifr_flags & IFF_NOFILTER); if (err < 0) return err; if (tun->flags & IFF_MULTI_QUEUE && (tun->numqueues + tun->numdisabled > 1)) { return 0; } } else { char *name; unsigned long flags = 0; int queues = ifr->ifr_flags & IFF_MULTI_QUEUE ? MAX_TAP_QUEUES : 1; if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; err = security_tun_dev_create(); if (err < 0) return err; if (ifr->ifr_flags & IFF_TUN) { flags |= IFF_TUN; name = ""tun%d""; } else if (ifr->ifr_flags & IFF_TAP) { flags |= IFF_TAP; name = ""tap%d""; } else return -EINVAL; if (*ifr->ifr_name) name = ifr->ifr_name; dev = alloc_netdev_mqs(sizeof(struct tun_struct), name, NET_NAME_UNKNOWN, tun_setup, queues, queues); if (!dev) return -ENOMEM; err = dev_get_valid_name(net, dev, name); if (err) goto err_free_dev; dev_net_set(dev, net); dev->rtnl_link_ops = &tun_link_ops; dev->ifindex = tfile->ifindex; dev->sysfs_groups[0] = &tun_attr_group; tun = netdev_priv(dev); tun->dev = dev; tun->flags = flags; tun->txflt.count = 0; tun->vnet_hdr_sz = sizeof(struct virtio_net_hdr); tun->align = NET_SKB_PAD; tun->filter_attached = false; tun->sndbuf = tfile->socket.sk->sk_sndbuf; tun->rx_batched = 0; tun->pcpu_stats = netdev_alloc_pcpu_stats(struct tun_pcpu_stats); if (!tun->pcpu_stats) { err = -ENOMEM; goto err_free_dev; } spin_lock_init(&tun->lock); err = security_tun_dev_alloc_security(&tun->security); if (err < 0) goto err_free_stat; tun_net_init(dev); tun_flow_init(tun); dev->hw_features = NETIF_F_SG | NETIF_F_FRAGLIST | TUN_USER_FEATURES | NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX; dev->features = dev->hw_features | NETIF_F_LLTX; dev->vlan_features = dev->features & ~(NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX); INIT_LIST_HEAD(&tun->disabled); err = tun_attach(tun, file, false); if (err < 0) goto err_free_flow; err = register_netdevice(tun->dev); if (err < 0) goto err_detach; } netif_carrier_on(tun->dev); tun_debug(KERN_INFO, tun, ""tun_set_iff\n""); tun->flags = (tun->flags & ~TUN_FEATURES) | (ifr->ifr_flags & TUN_FEATURES); if (netif_running(tun->dev)) netif_tx_wake_all_queues(tun->dev); strcpy(ifr->ifr_name, tun->dev->name); return 0; err_detach: tun_detach_all(dev); goto err_free_dev; err_free_flow: tun_flow_uninit(tun); security_tun_dev_free_security(tun->security); err_free_stat: free_percpu(tun->pcpu_stats); err_free_dev: free_netdev(dev); return err; }",visit repo url,drivers/net/tun.c,https://github.com/torvalds/linux,203235303748068,1 3831,CWE-476,"buflist_findpat( char_u *pattern, char_u *pattern_end, int unlisted, int diffmode UNUSED, int curtab_only) { buf_T *buf; int match = -1; int find_listed; char_u *pat; char_u *patend; int attempt; char_u *p; int toggledollar; if ((pattern_end == pattern + 1 && (*pattern == '%' || *pattern == '#')) || (in_vim9script() && pattern_end == pattern + 2 && pattern[0] == '%' && pattern[1] == '%')) { if (*pattern == '#' || pattern_end == pattern + 2) match = curwin->w_alt_fnum; else match = curbuf->b_fnum; #ifdef FEAT_DIFF if (diffmode && !diff_mode_buf(buflist_findnr(match))) match = -1; #endif } else { pat = file_pat_to_reg_pat(pattern, pattern_end, NULL, FALSE); if (pat == NULL) return -1; patend = pat + STRLEN(pat) - 1; toggledollar = (patend > pat && *patend == '$'); find_listed = TRUE; for (;;) { for (attempt = 0; attempt <= 3; ++attempt) { regmatch_T regmatch; if (toggledollar) *patend = (attempt < 2) ? NUL : '$'; p = pat; if (*p == '^' && !(attempt & 1)) ++p; regmatch.regprog = vim_regcomp(p, magic_isset() ? RE_MAGIC : 0); if (regmatch.regprog == NULL) { vim_free(pat); return -1; } FOR_ALL_BUFS_FROM_LAST(buf) if (buf->b_p_bl == find_listed #ifdef FEAT_DIFF && (!diffmode || diff_mode_buf(buf)) #endif && buflist_match(®match, buf, FALSE) != NULL) { if (curtab_only) { win_T *wp; FOR_ALL_WINDOWS(wp) if (wp->w_buffer == buf) break; if (wp == NULL) continue; } if (match >= 0) { match = -2; break; } match = buf->b_fnum; } vim_regfree(regmatch.regprog); if (match >= 0) break; } if (!unlisted || !find_listed || match != -1) break; find_listed = FALSE; } vim_free(pat); } if (match == -2) semsg(_(e_more_than_one_match_for_str), pattern); else if (match < 0) semsg(_(e_no_matching_buffer_for_str), pattern); return match; }",visit repo url,src/buffer.c,https://github.com/vim/vim,178382332994234,1 4146,['CWE-399'],"static void incoming_probe(AvahiServer *s, AvahiRecord *record, AvahiInterface *i) { AvahiEntry *e, *n; int ours = 0, won = 0, lost = 0; assert(s); assert(record); assert(i); for (e = avahi_hashmap_lookup(s->entries_by_key, record->key); e; e = n) { int cmp; n = e->by_key_next; if (e->dead) continue; if ((cmp = avahi_record_lexicographical_compare(e->record, record)) == 0) { ours = 1; break; } else { if (avahi_entry_is_probing(s, e, i)) { if (cmp > 0) won = 1; else lost = 1; } } } if (!ours) { char *t = avahi_record_to_string(record); if (won) avahi_log_debug(""Received conflicting probe [%s]. Local host won."", t); else if (lost) { avahi_log_debug(""Received conflicting probe [%s]. Local host lost. Withdrawing."", t); withdraw_rrset(s, record->key); } avahi_free(t); } }",avahi,,,274563230254037699959090149036897554386,0 6345,CWE-617,"int processCommand(client *c) { if (!server.lua_timedout) { serverAssert(!server.propagate_in_transaction); serverAssert(!server.in_exec); serverAssert(!server.in_eval); } moduleCallCommandFilters(c); if (!strcasecmp(c->argv[0]->ptr,""quit"")) { addReply(c,shared.ok); c->flags |= CLIENT_CLOSE_AFTER_REPLY; return C_ERR; } c->cmd = c->lastcmd = lookupCommand(c->argv[0]->ptr); if (!c->cmd) { sds args = sdsempty(); int i; for (i=1; i < c->argc && sdslen(args) < 128; i++) args = sdscatprintf(args, ""`%.*s`, "", 128-(int)sdslen(args), (char*)c->argv[i]->ptr); rejectCommandFormat(c,""unknown command `%s`, with args beginning with: %s"", (char*)c->argv[0]->ptr, args); sdsfree(args); return C_OK; } else if ((c->cmd->arity > 0 && c->cmd->arity != c->argc) || (c->argc < -c->cmd->arity)) { rejectCommandFormat(c,""wrong number of arguments for '%s' command"", c->cmd->name); return C_OK; } int is_write_command = (c->cmd->flags & CMD_WRITE) || (c->cmd->proc == execCommand && (c->mstate.cmd_flags & CMD_WRITE)); int is_denyoom_command = (c->cmd->flags & CMD_DENYOOM) || (c->cmd->proc == execCommand && (c->mstate.cmd_flags & CMD_DENYOOM)); int is_denystale_command = !(c->cmd->flags & CMD_STALE) || (c->cmd->proc == execCommand && (c->mstate.cmd_inv_flags & CMD_STALE)); int is_denyloading_command = !(c->cmd->flags & CMD_LOADING) || (c->cmd->proc == execCommand && (c->mstate.cmd_inv_flags & CMD_LOADING)); int is_may_replicate_command = (c->cmd->flags & (CMD_WRITE | CMD_MAY_REPLICATE)) || (c->cmd->proc == execCommand && (c->mstate.cmd_flags & (CMD_WRITE | CMD_MAY_REPLICATE))); int auth_required = (!(DefaultUser->flags & USER_FLAG_NOPASS) || (DefaultUser->flags & USER_FLAG_DISABLED)) && !c->authenticated; if (auth_required) { if (!(c->cmd->flags & CMD_NO_AUTH)) { rejectCommand(c,shared.noautherr); return C_OK; } } int acl_errpos; int acl_retval = ACLCheckAllPerm(c,&acl_errpos); if (acl_retval != ACL_OK) { addACLLogEntry(c,acl_retval,acl_errpos,NULL); switch (acl_retval) { case ACL_DENIED_CMD: rejectCommandFormat(c, ""-NOPERM this user has no permissions to run "" ""the '%s' command or its subcommand"", c->cmd->name); break; case ACL_DENIED_KEY: rejectCommandFormat(c, ""-NOPERM this user has no permissions to access "" ""one of the keys used as arguments""); break; case ACL_DENIED_CHANNEL: rejectCommandFormat(c, ""-NOPERM this user has no permissions to access "" ""one of the channels used as arguments""); break; default: rejectCommandFormat(c, ""no permission""); break; } return C_OK; } if (server.cluster_enabled && !(c->flags & CLIENT_MASTER) && !(c->flags & CLIENT_LUA && server.lua_caller->flags & CLIENT_MASTER) && !(!cmdHasMovableKeys(c->cmd) && c->cmd->firstkey == 0 && c->cmd->proc != execCommand)) { int hashslot; int error_code; clusterNode *n = getNodeByQuery(c,c->cmd,c->argv,c->argc, &hashslot,&error_code); if (n == NULL || n != server.cluster->myself) { if (c->cmd->proc == execCommand) { discardTransaction(c); } else { flagTransaction(c); } clusterRedirectClient(c,n,hashslot,error_code); c->cmd->rejected_calls++; return C_OK; } } if (server.maxmemory && !server.lua_timedout) { int out_of_memory = (performEvictions() == EVICT_FAIL); if (server.current_client == NULL) return C_ERR; int reject_cmd_on_oom = is_denyoom_command; if (c->flags & CLIENT_MULTI && c->cmd->proc != execCommand && c->cmd->proc != discardCommand && c->cmd->proc != resetCommand) { reject_cmd_on_oom = 1; } if (out_of_memory && reject_cmd_on_oom) { rejectCommand(c, shared.oomerr); return C_OK; } if (c->cmd->proc == evalCommand || c->cmd->proc == evalShaCommand) { server.lua_oom = out_of_memory; } } if (server.tracking_clients) trackingLimitUsedSlots(); int deny_write_type = writeCommandsDeniedByDiskError(); if (deny_write_type != DISK_ERROR_TYPE_NONE && server.masterhost == NULL && (is_write_command ||c->cmd->proc == pingCommand)) { if (deny_write_type == DISK_ERROR_TYPE_RDB) rejectCommand(c, shared.bgsaveerr); else rejectCommandFormat(c, ""-MISCONF Errors writing to the AOF file: %s"", strerror(server.aof_last_write_errno)); return C_OK; } if (server.masterhost == NULL && server.repl_min_slaves_to_write && server.repl_min_slaves_max_lag && is_write_command && server.repl_good_slaves_count < server.repl_min_slaves_to_write) { rejectCommand(c, shared.noreplicaserr); return C_OK; } if (server.masterhost && server.repl_slave_ro && !(c->flags & CLIENT_MASTER) && is_write_command) { rejectCommand(c, shared.roslaveerr); return C_OK; } if ((c->flags & CLIENT_PUBSUB && c->resp == 2) && c->cmd->proc != pingCommand && c->cmd->proc != subscribeCommand && c->cmd->proc != unsubscribeCommand && c->cmd->proc != psubscribeCommand && c->cmd->proc != punsubscribeCommand && c->cmd->proc != resetCommand) { rejectCommandFormat(c, ""Can't execute '%s': only (P)SUBSCRIBE / "" ""(P)UNSUBSCRIBE / PING / QUIT / RESET are allowed in this context"", c->cmd->name); return C_OK; } if (server.masterhost && server.repl_state != REPL_STATE_CONNECTED && server.repl_serve_stale_data == 0 && is_denystale_command) { rejectCommand(c, shared.masterdownerr); return C_OK; } if (server.loading && is_denyloading_command) { rejectCommand(c, shared.loadingerr); return C_OK; } if (server.lua_timedout && c->cmd->proc != authCommand && c->cmd->proc != helloCommand && c->cmd->proc != replconfCommand && c->cmd->proc != multiCommand && c->cmd->proc != discardCommand && c->cmd->proc != watchCommand && c->cmd->proc != unwatchCommand && c->cmd->proc != resetCommand && !(c->cmd->proc == shutdownCommand && c->argc == 2 && tolower(((char*)c->argv[1]->ptr)[0]) == 'n') && !(c->cmd->proc == scriptCommand && c->argc == 2 && tolower(((char*)c->argv[1]->ptr)[0]) == 'k')) { rejectCommand(c, shared.slowscripterr); return C_OK; } if (!(c->flags & CLIENT_SLAVE) && ((server.client_pause_type == CLIENT_PAUSE_ALL) || (server.client_pause_type == CLIENT_PAUSE_WRITE && is_may_replicate_command))) { c->bpop.timeout = 0; blockClient(c,BLOCKED_PAUSE); return C_OK; } if (c->flags & CLIENT_MULTI && c->cmd->proc != execCommand && c->cmd->proc != discardCommand && c->cmd->proc != multiCommand && c->cmd->proc != watchCommand && c->cmd->proc != resetCommand) { queueMultiCommand(c); addReply(c,shared.queued); } else { call(c,CMD_CALL_FULL); c->woff = server.master_repl_offset; if (listLength(server.ready_keys)) handleClientsBlockedOnKeys(); } return C_OK; }",visit repo url,src/server.c,https://github.com/redis/redis,228421403677051,1 312,CWE-119,"static int set_registers(rtl8150_t * dev, u16 indx, u16 size, void *data) { return usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0), RTL8150_REQ_SET_REGS, RTL8150_REQT_WRITE, indx, 0, data, size, 500); }",visit repo url,drivers/net/usb/rtl8150.c,https://github.com/torvalds/linux,224812389597061,1 4624,['CWE-399'],"static inline ext4_group_t ext4_flex_group(struct ext4_sb_info *sbi, ext4_group_t block_group) { return block_group >> sbi->s_log_groups_per_flex;",linux-2.6,,,145093296693554863540675451614492937643,0 821,CWE-20,"static int packet_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied, err; struct sockaddr_ll *sll; int vnet_hdr_len = 0; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT|MSG_ERRQUEUE)) goto out; #if 0 if (pkt_sk(sk)->ifindex < 0) return -ENODEV; #endif if (flags & MSG_ERRQUEUE) { err = sock_recv_errqueue(sk, msg, len, SOL_PACKET, PACKET_TX_TIMESTAMP); goto out; } skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (pkt_sk(sk)->has_vnet_hdr) { struct virtio_net_hdr vnet_hdr = { 0 }; err = -EINVAL; vnet_hdr_len = sizeof(vnet_hdr); if (len < vnet_hdr_len) goto out_free; len -= vnet_hdr_len; if (skb_is_gso(skb)) { struct skb_shared_info *sinfo = skb_shinfo(skb); vnet_hdr.hdr_len = skb_headlen(skb); vnet_hdr.gso_size = sinfo->gso_size; if (sinfo->gso_type & SKB_GSO_TCPV4) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV4; else if (sinfo->gso_type & SKB_GSO_TCPV6) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV6; else if (sinfo->gso_type & SKB_GSO_UDP) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_UDP; else if (sinfo->gso_type & SKB_GSO_FCOE) goto out_free; else BUG(); if (sinfo->gso_type & SKB_GSO_TCP_ECN) vnet_hdr.gso_type |= VIRTIO_NET_HDR_GSO_ECN; } else vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE; if (skb->ip_summed == CHECKSUM_PARTIAL) { vnet_hdr.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; vnet_hdr.csum_start = skb_checksum_start_offset(skb); vnet_hdr.csum_offset = skb->csum_offset; } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) { vnet_hdr.flags = VIRTIO_NET_HDR_F_DATA_VALID; } err = memcpy_toiovec(msg->msg_iov, (void *)&vnet_hdr, vnet_hdr_len); if (err < 0) goto out_free; } sll = &PACKET_SKB_CB(skb)->sa.ll; if (sock->type == SOCK_PACKET) msg->msg_namelen = sizeof(struct sockaddr_pkt); else msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr); copied = skb->len; if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, msg->msg_namelen); if (pkt_sk(sk)->auxdata) { struct tpacket_auxdata aux; aux.tp_status = TP_STATUS_USER; if (skb->ip_summed == CHECKSUM_PARTIAL) aux.tp_status |= TP_STATUS_CSUMNOTREADY; aux.tp_len = PACKET_SKB_CB(skb)->origlen; aux.tp_snaplen = skb->len; aux.tp_mac = 0; aux.tp_net = skb_network_offset(skb); if (vlan_tx_tag_present(skb)) { aux.tp_vlan_tci = vlan_tx_tag_get(skb); aux.tp_status |= TP_STATUS_VLAN_VALID; } else { aux.tp_vlan_tci = 0; } aux.tp_padding = 0; put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux); } err = vnet_hdr_len + ((flags&MSG_TRUNC) ? skb->len : copied); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,197620869737506,1 1220,CWE-400,"static void perf_event_mmap_output(struct perf_event *event, struct perf_mmap_event *mmap_event) { struct perf_output_handle handle; struct perf_sample_data sample; int size = mmap_event->event_id.header.size; int ret; perf_event_header__init_id(&mmap_event->event_id.header, &sample, event); ret = perf_output_begin(&handle, event, mmap_event->event_id.header.size, 0, 0); if (ret) goto out; mmap_event->event_id.pid = perf_event_pid(event, current); mmap_event->event_id.tid = perf_event_tid(event, current); perf_output_put(&handle, mmap_event->event_id); __output_copy(&handle, mmap_event->file_name, mmap_event->file_size); perf_event__output_id_sample(event, &handle, &sample); perf_output_end(&handle); out: mmap_event->event_id.header.size = size; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,169431624260091,1 5394,CWE-787,"uint32_t *GetPayload(size_t handle, uint32_t *lastpayload, uint32_t index) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return NULL; uint32_t *MP4buffer = NULL; if (index < mp4->indexcount && mp4->mediafp) { MP4buffer = (uint32_t *)realloc((void *)lastpayload, mp4->metasizes[index]); if (MP4buffer) { LONGSEEK(mp4->mediafp, mp4->metaoffsets[index], SEEK_SET); fread(MP4buffer, 1, mp4->metasizes[index], mp4->mediafp); return MP4buffer; } } return NULL; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,120996069001588,1 3211,['CWE-189'],"static int jpc_dec_process_cod(jpc_dec_t *dec, jpc_ms_t *ms) { jpc_cod_t *cod = &ms->parms.cod; jpc_dec_tile_t *tile; switch (dec->state) { case JPC_MH: jpc_dec_cp_setfromcod(dec->cp, cod); break; case JPC_TPH: if (!(tile = dec->curtile)) { return -1; } if (tile->partno != 0) { return -1; } jpc_dec_cp_setfromcod(tile->cp, cod); break; } return 0; }",jasper,,,267074427951547952727336599958546158551,0 2435,['CWE-119'],"static int diff_populate_gitlink(struct diff_filespec *s, int size_only) { int len; char *data = xmalloc(100); len = snprintf(data, 100, ""Subproject commit %s\n"", sha1_to_hex(s->sha1)); s->data = data; s->size = len; s->should_free = 1; if (size_only) { s->data = NULL; free(data); } return 0; }",git,,,91781196018560014241276806200300284066,0 4004,['CWE-362'],"static inline void get_inotify_watch(struct inotify_watch *watch) { }",linux-2.6,,,233408952144418190248671442341548110738,0 5936,['CWE-909'],"static int tc_dump_tclass_root(struct Qdisc *root, struct sk_buff *skb, struct tcmsg *tcm, struct netlink_callback *cb, int *t_p, int s_t) { struct Qdisc *q; if (!root) return 0; if (tc_dump_tclass_qdisc(root, skb, tcm, cb, t_p, s_t) < 0) return -1; list_for_each_entry(q, &root->list, list) { if (tc_dump_tclass_qdisc(q, skb, tcm, cb, t_p, s_t) < 0) return -1; } return 0; }",linux-2.6,,,80477098945654687655997563837606984103,0 3407,['CWE-264'],"asmlinkage long sys_access(const char __user *filename, int mode) { return sys_faccessat(AT_FDCWD, filename, mode); }",linux-2.6,,,213546384950582069313930572769112516182,0 1403,CWE-310,"static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_hash rhash; snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""ahash""); rhash.blocksize = alg->cra_blocksize; rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize; if (nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(struct crypto_report_hash), &rhash)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/ahash.c,https://github.com/torvalds/linux,20391327011751,1 5449,CWE-617,"pci_lintr_route(struct pci_vdev *dev) { struct businfo *bi; struct intxinfo *ii; if (dev->lintr.pin == 0) return; bi = pci_businfo[dev->bus]; assert(bi != NULL); ii = &bi->slotinfo[dev->slot].si_intpins[dev->lintr.pin - 1]; if (ii->ii_ioapic_irq == 0) ii->ii_ioapic_irq = ioapic_pci_alloc_irq(dev); assert(ii->ii_ioapic_irq > 0); if (ii->ii_pirq_pin == 0) ii->ii_pirq_pin = pirq_alloc_pin(dev); assert(ii->ii_pirq_pin > 0); dev->lintr.ioapic_irq = ii->ii_ioapic_irq; dev->lintr.pirq_pin = ii->ii_pirq_pin; pci_set_cfgdata8(dev, PCIR_INTLINE, pirq_irq(ii->ii_pirq_pin)); }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,109123682789908,1 2818,[],"static void dio_zero_block(struct dio *dio, int end) { unsigned dio_blocks_per_fs_block; unsigned this_chunk_blocks; unsigned this_chunk_bytes; struct page *page; dio->start_zero_done = 1; if (!dio->blkfactor || !buffer_new(&dio->map_bh)) return; dio_blocks_per_fs_block = 1 << dio->blkfactor; this_chunk_blocks = dio->block_in_file & (dio_blocks_per_fs_block - 1); if (!this_chunk_blocks) return; if (end) this_chunk_blocks = dio_blocks_per_fs_block - this_chunk_blocks; this_chunk_bytes = this_chunk_blocks << dio->blkbits; page = ZERO_PAGE(dio->curr_user_address); if (submit_page_section(dio, page, 0, this_chunk_bytes, dio->next_block_for_io)) return; dio->next_block_for_io += this_chunk_blocks; }",linux-2.6,,,118943878235894348735531623948122980241,0 923,['CWE-200'],"static int shmem_link(struct dentry *old_dentry, struct inode *dir, struct dentry *dentry) { struct inode *inode = old_dentry->d_inode; struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb); if (sbinfo->max_inodes) { spin_lock(&sbinfo->stat_lock); if (!sbinfo->free_inodes) { spin_unlock(&sbinfo->stat_lock); return -ENOSPC; } sbinfo->free_inodes--; spin_unlock(&sbinfo->stat_lock); } dir->i_size += BOGO_DIRENT_SIZE; inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME; inc_nlink(inode); atomic_inc(&inode->i_count); dget(dentry); d_instantiate(dentry, inode); return 0; }",linux-2.6,,,76673902136822698947585326724463085823,0 6590,['CWE-200'],"sort_vpn_connections (gconstpointer a, gconstpointer b) { return strcmp (get_connection_id (NM_CONNECTION (a)), get_connection_id (NM_CONNECTION (b))); }",network-manager-applet,,,69586464623814602855215946889058333712,0 3668,CWE-189,"void set_fat(DOS_FS * fs, uint32_t cluster, int32_t new) { unsigned char *data = NULL; int size; loff_t offs; if (new == -1) new = FAT_EOF(fs); else if ((long)new == -2) new = FAT_BAD(fs); switch (fs->fat_bits) { case 12: data = fs->fat + cluster * 3 / 2; offs = fs->fat_start + cluster * 3 / 2; if (cluster & 1) { FAT_ENTRY prevEntry; get_fat(&prevEntry, fs->fat, cluster - 1, fs); data[0] = ((new & 0xf) << 4) | (prevEntry.value >> 8); data[1] = new >> 4; } else { FAT_ENTRY subseqEntry; if (cluster != fs->clusters - 1) get_fat(&subseqEntry, fs->fat, cluster + 1, fs); else subseqEntry.value = 0; data[0] = new & 0xff; data[1] = (new >> 8) | ((0xff & subseqEntry.value) << 4); } size = 2; break; case 16: data = fs->fat + cluster * 2; offs = fs->fat_start + cluster * 2; *(unsigned short *)data = htole16(new); size = 2; break; case 32: { FAT_ENTRY curEntry; get_fat(&curEntry, fs->fat, cluster, fs); data = fs->fat + cluster * 4; offs = fs->fat_start + cluster * 4; *(uint32_t *)data = htole32((new & 0xfffffff) | (curEntry.reserved << 28)); size = 4; } break; default: die(""Bad FAT entry size: %d bits."", fs->fat_bits); } fs_write(offs, size, data); if (fs->nfats > 1) { fs_write(offs + fs->fat_size, size, data); } }",visit repo url,src/fat.c,https://github.com/dosfstools/dosfstools,147882846591574,1 6706,['CWE-200'],"dispose (GObject *object) { NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (object); if (priv->disposed) return; priv->disposed = TRUE; if (priv->bus) dbus_g_connection_unref (priv->bus); g_hash_table_destroy (priv->pending_changes); if (priv->read_connections_id) { g_source_remove (priv->read_connections_id); priv->read_connections_id = 0; } gconf_client_notify_remove (priv->client, priv->conf_notify_id); gconf_client_remove_dir (priv->client, GCONF_PATH_CONNECTIONS, NULL); g_slist_foreach (priv->connections, (GFunc) g_object_unref, NULL); g_slist_free (priv->connections); g_object_unref (priv->client); G_OBJECT_CLASS (nma_gconf_settings_parent_class)->dispose (object); }",network-manager-applet,,,186883123726084881552018702006464001520,0 2581,CWE-269,"uint32_t virtio_config_readw(VirtIODevice *vdev, uint32_t addr) { VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); uint16_t val; k->get_config(vdev, vdev->config); if (addr > (vdev->config_len - sizeof(val))) return (uint32_t)-1; val = lduw_p(vdev->config + addr); return val; }",visit repo url,hw/virtio/virtio.c,https://github.com/qemu/qemu,807816979362,1 1241,NVD-CWE-Other,"int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) { struct sk_buff *frag; struct rt6_info *rt = (struct rt6_info*)skb_dst(skb); struct ipv6_pinfo *np = skb->sk ? inet6_sk(skb->sk) : NULL; struct ipv6hdr *tmp_hdr; struct frag_hdr *fh; unsigned int mtu, hlen, left, len; __be32 frag_id = 0; int ptr, offset = 0, err=0; u8 *prevhdr, nexthdr = 0; struct net *net = dev_net(skb_dst(skb)->dev); hlen = ip6_find_1stfragopt(skb, &prevhdr); nexthdr = *prevhdr; mtu = ip6_skb_dst_mtu(skb); if (!skb->local_df && skb->len > mtu) { skb->dev = skb_dst(skb)->dev; icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); kfree_skb(skb); return -EMSGSIZE; } if (np && np->frag_size < mtu) { if (np->frag_size) mtu = np->frag_size; } mtu -= hlen + sizeof(struct frag_hdr); if (skb_has_frag_list(skb)) { int first_len = skb_pagelen(skb); struct sk_buff *frag2; if (first_len - hlen > mtu || ((first_len - hlen) & 7) || skb_cloned(skb)) goto slow_path; skb_walk_frags(skb, frag) { if (frag->len > mtu || ((frag->len & 7) && frag->next) || skb_headroom(frag) < hlen) goto slow_path_clean; if (skb_shared(frag)) goto slow_path_clean; BUG_ON(frag->sk); if (skb->sk) { frag->sk = skb->sk; frag->destructor = sock_wfree; } skb->truesize -= frag->truesize; } err = 0; offset = 0; frag = skb_shinfo(skb)->frag_list; skb_frag_list_init(skb); *prevhdr = NEXTHDR_FRAGMENT; tmp_hdr = kmemdup(skb_network_header(skb), hlen, GFP_ATOMIC); if (!tmp_hdr) { IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); return -ENOMEM; } __skb_pull(skb, hlen); fh = (struct frag_hdr*)__skb_push(skb, sizeof(struct frag_hdr)); __skb_push(skb, hlen); skb_reset_network_header(skb); memcpy(skb_network_header(skb), tmp_hdr, hlen); ipv6_select_ident(fh); fh->nexthdr = nexthdr; fh->reserved = 0; fh->frag_off = htons(IP6_MF); frag_id = fh->identification; first_len = skb_pagelen(skb); skb->data_len = first_len - skb_headlen(skb); skb->len = first_len; ipv6_hdr(skb)->payload_len = htons(first_len - sizeof(struct ipv6hdr)); dst_hold(&rt->dst); for (;;) { if (frag) { frag->ip_summed = CHECKSUM_NONE; skb_reset_transport_header(frag); fh = (struct frag_hdr*)__skb_push(frag, sizeof(struct frag_hdr)); __skb_push(frag, hlen); skb_reset_network_header(frag); memcpy(skb_network_header(frag), tmp_hdr, hlen); offset += skb->len - hlen - sizeof(struct frag_hdr); fh->nexthdr = nexthdr; fh->reserved = 0; fh->frag_off = htons(offset); if (frag->next != NULL) fh->frag_off |= htons(IP6_MF); fh->identification = frag_id; ipv6_hdr(frag)->payload_len = htons(frag->len - sizeof(struct ipv6hdr)); ip6_copy_metadata(frag, skb); } err = output(skb); if(!err) IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), IPSTATS_MIB_FRAGCREATES); if (err || !frag) break; skb = frag; frag = skb->next; skb->next = NULL; } kfree(tmp_hdr); if (err == 0) { IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), IPSTATS_MIB_FRAGOKS); dst_release(&rt->dst); return 0; } while (frag) { skb = frag->next; kfree_skb(frag); frag = skb; } IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), IPSTATS_MIB_FRAGFAILS); dst_release(&rt->dst); return err; slow_path_clean: skb_walk_frags(skb, frag2) { if (frag2 == frag) break; frag2->sk = NULL; frag2->destructor = NULL; skb->truesize += frag2->truesize; } } slow_path: left = skb->len - hlen; ptr = hlen; *prevhdr = NEXTHDR_FRAGMENT; while(left > 0) { len = left; if (len > mtu) len = mtu; if (len < left) { len &= ~7; } if ((frag = alloc_skb(len+hlen+sizeof(struct frag_hdr)+LL_ALLOCATED_SPACE(rt->dst.dev), GFP_ATOMIC)) == NULL) { NETDEBUG(KERN_INFO ""IPv6: frag: no memory for new fragment!\n""); IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); err = -ENOMEM; goto fail; } ip6_copy_metadata(frag, skb); skb_reserve(frag, LL_RESERVED_SPACE(rt->dst.dev)); skb_put(frag, len + hlen + sizeof(struct frag_hdr)); skb_reset_network_header(frag); fh = (struct frag_hdr *)(skb_network_header(frag) + hlen); frag->transport_header = (frag->network_header + hlen + sizeof(struct frag_hdr)); if (skb->sk) skb_set_owner_w(frag, skb->sk); skb_copy_from_linear_data(skb, skb_network_header(frag), hlen); fh->nexthdr = nexthdr; fh->reserved = 0; if (!frag_id) { ipv6_select_ident(fh); frag_id = fh->identification; } else fh->identification = frag_id; if (skb_copy_bits(skb, ptr, skb_transport_header(frag), len)) BUG(); left -= len; fh->frag_off = htons(offset); if (left > 0) fh->frag_off |= htons(IP6_MF); ipv6_hdr(frag)->payload_len = htons(frag->len - sizeof(struct ipv6hdr)); ptr += len; offset += len; err = output(frag); if (err) goto fail; IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGCREATES); } IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGOKS); kfree_skb(skb); return err; fail: IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); kfree_skb(skb); return err; }",visit repo url,net/ipv6/ip6_output.c,https://github.com/torvalds/linux,244345689487832,1 1534,[],"fire_sched_out_preempt_notifiers(struct task_struct *curr, struct task_struct *next) { }",linux-2.6,,,247448938883043817424758728468437102652,0 2200,CWE-362,"static unsigned long get_seg_limit(struct pt_regs *regs, int seg_reg_idx) { struct desc_struct *desc; unsigned long limit; short sel; sel = get_segment_selector(regs, seg_reg_idx); if (sel < 0) return 0; if (user_64bit_mode(regs) || v8086_mode(regs)) return -1L; if (!sel) return 0; desc = get_desc(sel); if (!desc) return 0; limit = get_desc_limit(desc); if (desc->g) limit = (limit << 12) + 0xfff; return limit; }",visit repo url,arch/x86/lib/insn-eval.c,https://github.com/torvalds/linux,278499047470525,1 571,CWE-399,"static int udp_push_pending_frames(struct sock *sk) { struct udp_sock *up = udp_sk(sk); struct inet_sock *inet = inet_sk(sk); struct flowi4 *fl4 = &inet->cork.fl.u.ip4; struct sk_buff *skb; int err = 0; skb = ip_finish_skb(sk, fl4); if (!skb) goto out; err = udp_send_skb(skb, fl4); out: up->len = 0; up->pending = 0; return err; }",visit repo url,net/ipv4/udp.c,https://github.com/torvalds/linux,215908163551497,1 4152,['CWE-399'],"void avahi_server_enumerate_aux_records(AvahiServer *s, AvahiInterface *i, AvahiRecord *r, void (*callback)(AvahiServer *s, AvahiRecord *r, int flush_cache, void* userdata), void* userdata) { assert(s); assert(i); assert(r); assert(callback); if (r->key->clazz == AVAHI_DNS_CLASS_IN) { if (r->key->type == AVAHI_DNS_TYPE_PTR) { enum_aux_records(s, i, r->data.ptr.name, AVAHI_DNS_TYPE_SRV, callback, userdata); enum_aux_records(s, i, r->data.ptr.name, AVAHI_DNS_TYPE_TXT, callback, userdata); } else if (r->key->type == AVAHI_DNS_TYPE_SRV) { enum_aux_records(s, i, r->data.srv.name, AVAHI_DNS_TYPE_A, callback, userdata); enum_aux_records(s, i, r->data.srv.name, AVAHI_DNS_TYPE_AAAA, callback, userdata); } else if (r->key->type == AVAHI_DNS_TYPE_CNAME) enum_aux_records(s, i, r->data.cname.name, AVAHI_DNS_TYPE_ANY, callback, userdata); } }",avahi,,,294964401481877299883689326220988497836,0 5009,CWE-787,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 3736,CWE-125,"int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { int64_t infilesize, total_samples; DFFFileHeader dff_file_header; DFFChunkHeader dff_chunk_header; uint32_t bcount; infilesize = DoGetFileSize (infile); memcpy (&dff_file_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &dff_file_header) + 4, sizeof (DFFFileHeader) - 4, &bcount) || bcount != sizeof (DFFFileHeader) - 4) || strncmp (dff_file_header.formType, ""DSD "", 4)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &dff_file_header, sizeof (DFFFileHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } #if 1 WavpackBigEndianToNative (&dff_file_header, DFFFileHeaderFormat); if (infilesize && !(config->qmode & QMODE_IGNORE_LENGTH) && dff_file_header.ckDataSize && dff_file_header.ckDataSize + 1 && dff_file_header.ckDataSize + 12 != infilesize) { error_line (""%s is not a valid .DFF file (by total size)!"", infilename); return WAVPACK_SOFT_ERROR; } if (debug_logging_mode) error_line (""file header indicated length = %lld"", dff_file_header.ckDataSize); #endif while (1) { if (!DoReadFile (infile, &dff_chunk_header, sizeof (DFFChunkHeader), &bcount) || bcount != sizeof (DFFChunkHeader)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &dff_chunk_header, sizeof (DFFChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&dff_chunk_header, DFFChunkHeaderFormat); if (debug_logging_mode) error_line (""chunk header indicated length = %lld"", dff_chunk_header.ckDataSize); if (!strncmp (dff_chunk_header.ckID, ""FVER"", 4)) { uint32_t version; if (dff_chunk_header.ckDataSize != sizeof (version) || !DoReadFile (infile, &version, sizeof (version), &bcount) || bcount != sizeof (version)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &version, sizeof (version))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&version, ""L""); if (debug_logging_mode) error_line (""dsdiff file version = 0x%08x"", version); } else if (!strncmp (dff_chunk_header.ckID, ""PROP"", 4)) { char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) || bcount != dff_chunk_header.ckDataSize) { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (prop_chunk); return WAVPACK_SOFT_ERROR; } if (!strncmp (prop_chunk, ""SND "", 4)) { char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize; uint16_t numChannels, chansSpecified, chanMask = 0; uint32_t sampleRate; while (eptr - cptr >= sizeof (dff_chunk_header)) { memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header)); cptr += sizeof (dff_chunk_header); WavpackBigEndianToNative (&dff_chunk_header, DFFChunkHeaderFormat); if (eptr - cptr >= dff_chunk_header.ckDataSize) { if (!strncmp (dff_chunk_header.ckID, ""FS "", 4) && dff_chunk_header.ckDataSize == 4) { memcpy (&sampleRate, cptr, sizeof (sampleRate)); WavpackBigEndianToNative (&sampleRate, ""L""); cptr += dff_chunk_header.ckDataSize; if (debug_logging_mode) error_line (""got sample rate of %u Hz"", sampleRate); } else if (!strncmp (dff_chunk_header.ckID, ""CHNL"", 4) && dff_chunk_header.ckDataSize >= 2) { memcpy (&numChannels, cptr, sizeof (numChannels)); WavpackBigEndianToNative (&numChannels, ""S""); cptr += sizeof (numChannels); chansSpecified = (int)(dff_chunk_header.ckDataSize - sizeof (numChannels)) / 4; while (chansSpecified--) { if (!strncmp (cptr, ""SLFT"", 4) || !strncmp (cptr, ""MLFT"", 4)) chanMask |= 0x1; else if (!strncmp (cptr, ""SRGT"", 4) || !strncmp (cptr, ""MRGT"", 4)) chanMask |= 0x2; else if (!strncmp (cptr, ""LS "", 4)) chanMask |= 0x10; else if (!strncmp (cptr, ""RS "", 4)) chanMask |= 0x20; else if (!strncmp (cptr, ""C "", 4)) chanMask |= 0x4; else if (!strncmp (cptr, ""LFE "", 4)) chanMask |= 0x8; else if (debug_logging_mode) error_line (""undefined channel ID %c%c%c%c"", cptr [0], cptr [1], cptr [2], cptr [3]); cptr += 4; } if (debug_logging_mode) error_line (""%d channels, mask = 0x%08x"", numChannels, chanMask); } else if (!strncmp (dff_chunk_header.ckID, ""CMPR"", 4) && dff_chunk_header.ckDataSize >= 4) { if (strncmp (cptr, ""DSD "", 4)) { error_line (""DSDIFF files must be uncompressed, not \""%c%c%c%c\""!"", cptr [0], cptr [1], cptr [2], cptr [3]); free (prop_chunk); return WAVPACK_SOFT_ERROR; } cptr += dff_chunk_header.ckDataSize; } else { if (debug_logging_mode) error_line (""got PROP/SND chunk type \""%c%c%c%c\"" of %d bytes"", dff_chunk_header.ckID [0], dff_chunk_header.ckID [1], dff_chunk_header.ckID [2], dff_chunk_header.ckID [3], dff_chunk_header.ckDataSize); cptr += dff_chunk_header.ckDataSize; } } else { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } } if (chanMask && (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED))) { error_line (""this DSDIFF file already has channel order information!""); free (prop_chunk); return WAVPACK_SOFT_ERROR; } else if (chanMask) config->channel_mask = chanMask; config->bits_per_sample = 8; config->bytes_per_sample = 1; config->num_channels = numChannels; config->sample_rate = sampleRate / 8; config->qmode |= QMODE_DSD_MSB_FIRST; } else if (debug_logging_mode) error_line (""got unknown PROP chunk type \""%c%c%c%c\"" of %d bytes"", prop_chunk [0], prop_chunk [1], prop_chunk [2], prop_chunk [3], dff_chunk_header.ckDataSize); free (prop_chunk); } else if (!strncmp (dff_chunk_header.ckID, ""DSD "", 4)) { total_samples = dff_chunk_header.ckDataSize / config->num_channels; break; } else { int bytes_to_copy = (int)(((dff_chunk_header.ckDataSize) + 1) & ~(int64_t)1); char *buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", dff_chunk_header.ckID [0], dff_chunk_header.ckID [1], dff_chunk_header.ckID [2], dff_chunk_header.ckID [3], dff_chunk_header.ckDataSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (debug_logging_mode) error_line (""setting configuration with %lld samples"", total_samples); if (!WavpackSetConfiguration64 (wpc, config, total_samples, NULL)) { error_line (""%s: %s"", infilename, WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } return WAVPACK_NO_ERROR; }",visit repo url,cli/dsdiff.c,https://github.com/dbry/WavPack,185000149701123,1 5310,NVD-CWE-noinfo,"int fit_config_verify_required_sigs(const void *fit, int conf_noffset, const void *sig_blob) { int noffset; int sig_node; int verified = 0; int reqd_sigs = 0; bool reqd_policy_all = true; const char *reqd_mode; sig_node = fdt_subnode_offset(sig_blob, 0, FIT_SIG_NODENAME); if (sig_node < 0) { debug(""%s: No signature node found: %s\n"", __func__, fdt_strerror(sig_node)); return 0; } reqd_mode = fdt_getprop(sig_blob, sig_node, ""required-mode"", NULL); if (reqd_mode && !strcmp(reqd_mode, ""any"")) reqd_policy_all = false; debug(""%s: required-mode policy set to '%s'\n"", __func__, reqd_policy_all ? ""all"" : ""any""); fdt_for_each_subnode(noffset, sig_blob, sig_node) { const char *required; int ret; required = fdt_getprop(sig_blob, noffset, FIT_KEY_REQUIRED, NULL); if (!required || strcmp(required, ""conf"")) continue; reqd_sigs++; ret = fit_config_verify_sig(fit, conf_noffset, sig_blob, noffset); if (ret) { if (reqd_policy_all) { printf(""Failed to verify required signature '%s'\n"", fit_get_name(sig_blob, noffset, NULL)); return ret; } } else { verified++; if (!reqd_policy_all) break; } } if (reqd_sigs && !verified) { printf(""Failed to verify 'any' of the required signature(s)\n""); return -EPERM; } return 0; }",visit repo url,common/image-fit-sig.c,https://github.com/u-boot/u-boot,19956652025514,1 731,[],"static void jpc_com_destroyparms(jpc_ms_t *ms) { jpc_com_t *com = &ms->parms.com; if (com->data) { jas_free(com->data); } }",jasper,,,130886535161269121641345621204645875470,0 3288,['CWE-189'],"int jas_stream_ungetc(jas_stream_t *stream, int c) { if (!stream->ptr_ || stream->ptr_ == stream->bufbase_) { return -1; } stream->flags_ &= ~JAS_STREAM_EOF; --stream->rwcnt_; --stream->ptr_; ++stream->cnt_; *stream->ptr_ = c; return 0; }",jasper,,,326309280050802979244110015201767024830,0 6706,CWE-116,"new_logline(int event_type, int flags, struct eventlog_args *args, const struct eventlog *evlog) { const struct eventlog_config *evl_conf = eventlog_getconf(); char *line = NULL, *evstr = NULL; const char *iolog_file; const char *tty, *tsid = NULL; char exit_str[(((sizeof(int) * 8) + 2) / 3) + 2]; char sessid[7], offsetstr[64] = """"; size_t len = 0; int i; debug_decl(new_logline, SUDO_DEBUG_UTIL); if (ISSET(flags, EVLOG_RAW) || evlog == NULL) { if (args->reason != NULL) { if (args->errstr != NULL) { if (asprintf(&line, ""%s: %s"", args->reason, args->errstr) == -1) goto oom; } else { if ((line = strdup(args->reason)) == NULL) goto oom; } } debug_return_str(line); } iolog_file = evlog->iolog_file; if (iolog_file != NULL) { if (IS_SESSID(iolog_file)) { sessid[0] = iolog_file[0]; sessid[1] = iolog_file[1]; sessid[2] = iolog_file[3]; sessid[3] = iolog_file[4]; sessid[4] = iolog_file[6]; sessid[5] = iolog_file[7]; sessid[6] = '\0'; tsid = sessid; } else { tsid = iolog_file; } if (sudo_timespecisset(&evlog->iolog_offset)) { if (evlog->iolog_offset.tv_nsec > 10000000) { (void)snprintf(offsetstr, sizeof(offsetstr), ""@%lld.%02ld"", (long long)evlog->iolog_offset.tv_sec, evlog->iolog_offset.tv_nsec / 10000000); } else if (evlog->iolog_offset.tv_sec != 0) { (void)snprintf(offsetstr, sizeof(offsetstr), ""@%lld"", (long long)evlog->iolog_offset.tv_sec); } } } if ((tty = evlog->ttyname) != NULL) { if (strncmp(tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) tty += sizeof(_PATH_DEV) - 1; } if (args->reason != NULL) len += strlen(args->reason) + 3; if (args->errstr != NULL) len += strlen(args->errstr) + 3; if (evlog->submithost != NULL && !evl_conf->omit_hostname) len += sizeof(LL_HOST_STR) + 2 + strlen(evlog->submithost); if (tty != NULL) len += sizeof(LL_TTY_STR) + 2 + strlen(tty); if (evlog->runchroot != NULL) len += sizeof(LL_CHROOT_STR) + 2 + strlen(evlog->runchroot); if (evlog->runcwd != NULL) len += sizeof(LL_CWD_STR) + 2 + strlen(evlog->runcwd); if (evlog->runuser != NULL) len += sizeof(LL_USER_STR) + 2 + strlen(evlog->runuser); if (evlog->rungroup != NULL) len += sizeof(LL_GROUP_STR) + 2 + strlen(evlog->rungroup); if (tsid != NULL) { len += sizeof(LL_TSID_STR) + 2 + strlen(tsid) + strlen(offsetstr); } if (evlog->env_add != NULL) { size_t evlen = 0; char * const *ep; for (ep = evlog->env_add; *ep != NULL; ep++) evlen += strlen(*ep) + 1; if (evlen != 0) { if ((evstr = malloc(evlen)) == NULL) goto oom; ep = evlog->env_add; if (strlcpy(evstr, *ep, evlen) >= evlen) goto toobig; while (*++ep != NULL) { if (strlcat(evstr, "" "", evlen) >= evlen || strlcat(evstr, *ep, evlen) >= evlen) goto toobig; } len += sizeof(LL_ENV_STR) + 2 + evlen; } } if (evlog->command != NULL) { len += sizeof(LL_CMND_STR) - 1 + strlen(evlog->command); if (evlog->argv != NULL && evlog->argv[0] != NULL) { for (i = 1; evlog->argv[i] != NULL; i++) len += strlen(evlog->argv[i]) + 1; } if (event_type == EVLOG_EXIT) { if (evlog->signal_name != NULL) len += sizeof(LL_SIGNAL_STR) + 2 + strlen(evlog->signal_name); if (evlog->exit_value != -1) { (void)snprintf(exit_str, sizeof(exit_str), ""%d"", evlog->exit_value); len += sizeof(LL_EXIT_STR) + 2 + strlen(exit_str); } } } if ((line = malloc(++len)) == NULL) goto oom; line[0] = '\0'; if (args->reason != NULL) { if (strlcat(line, args->reason, len) >= len || strlcat(line, args->errstr ? "" : "" : "" ; "", len) >= len) goto toobig; } if (args->errstr != NULL) { if (strlcat(line, args->errstr, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->submithost != NULL && !evl_conf->omit_hostname) { if (strlcat(line, LL_HOST_STR, len) >= len || strlcat(line, evlog->submithost, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (tty != NULL) { if (strlcat(line, LL_TTY_STR, len) >= len || strlcat(line, tty, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->runchroot != NULL) { if (strlcat(line, LL_CHROOT_STR, len) >= len || strlcat(line, evlog->runchroot, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->runcwd != NULL) { if (strlcat(line, LL_CWD_STR, len) >= len || strlcat(line, evlog->runcwd, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->runuser != NULL) { if (strlcat(line, LL_USER_STR, len) >= len || strlcat(line, evlog->runuser, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->rungroup != NULL) { if (strlcat(line, LL_GROUP_STR, len) >= len || strlcat(line, evlog->rungroup, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (tsid != NULL) { if (strlcat(line, LL_TSID_STR, len) >= len || strlcat(line, tsid, len) >= len || strlcat(line, offsetstr, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evstr != NULL) { if (strlcat(line, LL_ENV_STR, len) >= len || strlcat(line, evstr, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; free(evstr); evstr = NULL; } if (evlog->command != NULL) { if (strlcat(line, LL_CMND_STR, len) >= len) goto toobig; if (strlcat(line, evlog->command, len) >= len) goto toobig; if (evlog->argv != NULL && evlog->argv[0] != NULL) { for (i = 1; evlog->argv[i] != NULL; i++) { if (strlcat(line, "" "", len) >= len || strlcat(line, evlog->argv[i], len) >= len) goto toobig; } } if (event_type == EVLOG_EXIT) { if (evlog->signal_name != NULL) { if (strlcat(line, "" ; "", len) >= len || strlcat(line, LL_SIGNAL_STR, len) >= len || strlcat(line, evlog->signal_name, len) >= len) goto toobig; } if (evlog->exit_value != -1) { if (strlcat(line, "" ; "", len) >= len || strlcat(line, LL_EXIT_STR, len) >= len || strlcat(line, exit_str, len) >= len) goto toobig; } } } debug_return_str(line); oom: free(evstr); sudo_warnx(U_(""%s: %s""), __func__, U_(""unable to allocate memory"")); debug_return_str(NULL); toobig: free(evstr); free(line); sudo_warnx(U_(""internal error, %s overflow""), __func__); debug_return_str(NULL); }",visit repo url,lib/eventlog/eventlog.c,https://github.com/sudo-project/sudo,68029610147374,1 3372,CWE-119,"static MagickBooleanType WriteGROUP4Image(const ImageInfo *image_info, Image *image,ExceptionInfo *exception) { char filename[MagickPathExtent]; FILE *file; Image *huffman_image; ImageInfo *write_info; int unique_file; MagickBooleanType status; register ssize_t i; ssize_t count; TIFF *tiff; toff_t *byte_count, strip_size; unsigned char *buffer; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(image != (Image *) NULL); assert(image->signature == MagickCoreSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception); if (status == MagickFalse) return(status); huffman_image=CloneImage(image,0,0,MagickTrue,exception); if (huffman_image == (Image *) NULL) { (void) CloseBlob(image); return(MagickFalse); } huffman_image->endian=MSBEndian; file=(FILE *) NULL; unique_file=AcquireUniqueFileResource(filename); if (unique_file != -1) file=fdopen(unique_file,""wb""); if ((unique_file == -1) || (file == (FILE *) NULL)) { ThrowFileException(exception,FileOpenError,""UnableToCreateTemporaryFile"", filename); return(MagickFalse); } (void) FormatLocaleString(huffman_image->filename,MagickPathExtent,""tiff:%s"", filename); (void) SetImageType(huffman_image,BilevelType,exception); write_info=CloneImageInfo((ImageInfo *) NULL); SetImageInfoFile(write_info,file); (void) SetImageType(image,BilevelType,exception); (void) SetImageDepth(image,1,exception); write_info->compression=Group4Compression; write_info->type=BilevelType; (void) SetImageOption(write_info,""quantum:polarity"",""min-is-white""); status=WriteTIFFImage(write_info,huffman_image,exception); (void) fflush(file); write_info=DestroyImageInfo(write_info); if (status == MagickFalse) { huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); return(MagickFalse); } tiff=TIFFOpen(filename,""rb""); if (tiff == (TIFF *) NULL) { huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); ThrowFileException(exception,FileOpenError,""UnableToOpenFile"", image_info->filename); return(MagickFalse); } if (TIFFGetField(tiff,TIFFTAG_STRIPBYTECOUNTS,&byte_count) != 1) { TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); return(MagickFalse); } strip_size=byte_count[0]; for (i=1; i < (ssize_t) TIFFNumberOfStrips(tiff); i++) if (byte_count[i] > strip_size) strip_size=byte_count[i]; buffer=(unsigned char *) AcquireQuantumMemory((size_t) strip_size, sizeof(*buffer)); if (buffer == (unsigned char *) NULL) { TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); ThrowBinaryException(ResourceLimitError,""MemoryAllocationFailed"", image_info->filename); } for (i=0; i < (ssize_t) TIFFNumberOfStrips(tiff); i++) { count=(ssize_t) TIFFReadRawStrip(tiff,(uint32) i,buffer,strip_size); if (WriteBlob(image,(size_t) count,buffer) != count) status=MagickFalse; } buffer=(unsigned char *) RelinquishMagickMemory(buffer); TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); (void) CloseBlob(image); return(status); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,127830029859842,1 6047,['CWE-200'],"static void sit_route_add(struct net_device *dev) { struct in6_rtmsg rtmsg; memset(&rtmsg, 0, sizeof(rtmsg)); rtmsg.rtmsg_type = RTMSG_NEWROUTE; rtmsg.rtmsg_metric = IP6_RT_PRIO_ADDRCONF; rtmsg.rtmsg_dst_len = 96; rtmsg.rtmsg_flags = RTF_UP|RTF_NONEXTHOP; rtmsg.rtmsg_ifindex = dev->ifindex; ip6_route_add(&rtmsg, NULL, NULL, NULL); }",linux-2.6,,,256270647839703115924537857208662470150,0 716,CWE-20,"static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied, err; BT_DBG(""sock %p, sk %p"", sock, sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == BT_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) return err; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); switch (hci_pi(sk)->channel) { case HCI_CHANNEL_RAW: hci_sock_cmsg(sk, msg, skb); break; case HCI_CHANNEL_USER: case HCI_CHANNEL_CONTROL: case HCI_CHANNEL_MONITOR: sock_recv_timestamp(msg, sk, skb); break; } skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/hci_sock.c,https://github.com/torvalds/linux,129040150037285,1 2443,CWE-834,"static int cine_read_header(AVFormatContext *avctx) { AVIOContext *pb = avctx->pb; AVStream *st; unsigned int version, compression, offImageHeader, offSetup, offImageOffsets, biBitCount, length, CFA; int vflip; char *description; uint64_t i; st = avformat_new_stream(avctx, NULL); if (!st) return AVERROR(ENOMEM); st->codecpar->codec_type = AVMEDIA_TYPE_VIDEO; st->codecpar->codec_id = AV_CODEC_ID_RAWVIDEO; st->codecpar->codec_tag = 0; avio_skip(pb, 4); compression = avio_rl16(pb); version = avio_rl16(pb); if (version != 1) { avpriv_request_sample(avctx, ""unknown version %i"", version); return AVERROR_INVALIDDATA; } avio_skip(pb, 12); st->duration = avio_rl32(pb); offImageHeader = avio_rl32(pb); offSetup = avio_rl32(pb); offImageOffsets = avio_rl32(pb); avio_skip(pb, 8); avio_seek(pb, offImageHeader, SEEK_SET); avio_skip(pb, 4); st->codecpar->width = avio_rl32(pb); st->codecpar->height = avio_rl32(pb); if (avio_rl16(pb) != 1) return AVERROR_INVALIDDATA; biBitCount = avio_rl16(pb); if (biBitCount != 8 && biBitCount != 16 && biBitCount != 24 && biBitCount != 48) { avpriv_request_sample(avctx, ""unsupported biBitCount %i"", biBitCount); return AVERROR_INVALIDDATA; } switch (avio_rl32(pb)) { case BMP_RGB: vflip = 0; break; case 0x100: st->codecpar->codec_tag = MKTAG('B', 'I', 'T', 0); vflip = 1; break; default: avpriv_request_sample(avctx, ""unknown bitmap compression""); return AVERROR_INVALIDDATA; } avio_skip(pb, 4); avio_seek(pb, offSetup, SEEK_SET); avio_skip(pb, 140); if (avio_rl16(pb) != 0x5453) return AVERROR_INVALIDDATA; length = avio_rl16(pb); if (length < 0x163C) { avpriv_request_sample(avctx, ""short SETUP header""); return AVERROR_INVALIDDATA; } avio_skip(pb, 616); if (!avio_rl32(pb) ^ vflip) { st->codecpar->extradata = av_strdup(""BottomUp""); st->codecpar->extradata_size = 9; } avio_skip(pb, 4); avpriv_set_pts_info(st, 64, 1, avio_rl32(pb)); avio_skip(pb, 20); set_metadata_int(&st->metadata, ""camera_version"", avio_rl32(pb), 0); set_metadata_int(&st->metadata, ""firmware_version"", avio_rl32(pb), 0); set_metadata_int(&st->metadata, ""software_version"", avio_rl32(pb), 0); set_metadata_int(&st->metadata, ""recording_timezone"", avio_rl32(pb), 0); CFA = avio_rl32(pb); set_metadata_int(&st->metadata, ""brightness"", avio_rl32(pb), 1); set_metadata_int(&st->metadata, ""contrast"", avio_rl32(pb), 1); set_metadata_int(&st->metadata, ""gamma"", avio_rl32(pb), 1); avio_skip(pb, 12 + 16); set_metadata_float(&st->metadata, ""wbgain[0].r"", av_int2float(avio_rl32(pb)), 1); set_metadata_float(&st->metadata, ""wbgain[0].b"", av_int2float(avio_rl32(pb)), 1); avio_skip(pb, 36); st->codecpar->bits_per_coded_sample = avio_rl32(pb); if (compression == CC_RGB) { if (biBitCount == 8) { st->codecpar->format = AV_PIX_FMT_GRAY8; } else if (biBitCount == 16) { st->codecpar->format = AV_PIX_FMT_GRAY16LE; } else if (biBitCount == 24) { st->codecpar->format = AV_PIX_FMT_BGR24; } else if (biBitCount == 48) { st->codecpar->format = AV_PIX_FMT_BGR48LE; } else { avpriv_request_sample(avctx, ""unsupported biBitCount %i"", biBitCount); return AVERROR_INVALIDDATA; } } else if (compression == CC_UNINT) { switch (CFA & 0xFFFFFF) { case CFA_BAYER: if (biBitCount == 8) { st->codecpar->format = AV_PIX_FMT_BAYER_GBRG8; } else if (biBitCount == 16) { st->codecpar->format = AV_PIX_FMT_BAYER_GBRG16LE; } else { avpriv_request_sample(avctx, ""unsupported biBitCount %i"", biBitCount); return AVERROR_INVALIDDATA; } break; case CFA_BAYERFLIP: if (biBitCount == 8) { st->codecpar->format = AV_PIX_FMT_BAYER_RGGB8; } else if (biBitCount == 16) { st->codecpar->format = AV_PIX_FMT_BAYER_RGGB16LE; } else { avpriv_request_sample(avctx, ""unsupported biBitCount %i"", biBitCount); return AVERROR_INVALIDDATA; } break; default: avpriv_request_sample(avctx, ""unsupported Color Field Array (CFA) %i"", CFA & 0xFFFFFF); return AVERROR_INVALIDDATA; } } else { avpriv_request_sample(avctx, ""unsupported compression %i"", compression); return AVERROR_INVALIDDATA; } avio_skip(pb, 668); set_metadata_int(&st->metadata, ""shutter_ns"", avio_rl32(pb), 0); avio_skip(pb, 24); #define DESCRIPTION_SIZE 4096 description = av_malloc(DESCRIPTION_SIZE + 1); if (!description) return AVERROR(ENOMEM); i = avio_get_str(pb, DESCRIPTION_SIZE, description, DESCRIPTION_SIZE + 1); if (i < DESCRIPTION_SIZE) avio_skip(pb, DESCRIPTION_SIZE - i); if (description[0]) av_dict_set(&st->metadata, ""description"", description, AV_DICT_DONT_STRDUP_VAL); else av_free(description); avio_skip(pb, 1176); set_metadata_int(&st->metadata, ""enable_crop"", avio_rl32(pb), 1); set_metadata_int(&st->metadata, ""crop_left"", avio_rl32(pb), 1); set_metadata_int(&st->metadata, ""crop_top"", avio_rl32(pb), 1); set_metadata_int(&st->metadata, ""crop_right"", avio_rl32(pb), 1); set_metadata_int(&st->metadata, ""crop_bottom"", avio_rl32(pb), 1); avio_seek(pb, offImageOffsets, SEEK_SET); for (i = 0; i < st->duration; i++) av_add_index_entry(st, avio_rl64(pb), i, 0, 0, AVINDEX_KEYFRAME); return 0; }",visit repo url,libavformat/cinedec.c,https://github.com/FFmpeg/FFmpeg,224591720854938,1 5825,CWE-295,"PJ_DEF(pj_status_t) pjsip_endpt_send_request_stateless(pjsip_endpoint *endpt, pjsip_tx_data *tdata, void *token, pjsip_send_callback cb) { pjsip_host_info dest_info; pjsip_send_state *stateless_data; pj_status_t status; PJ_ASSERT_RETURN(endpt && tdata, PJ_EINVAL); status = pjsip_process_route_set(tdata, &dest_info); if (status != PJ_SUCCESS) return status; stateless_data = PJ_POOL_ZALLOC_T(tdata->pool, pjsip_send_state); stateless_data->token = token; stateless_data->endpt = endpt; stateless_data->tdata = tdata; stateless_data->app_cb = cb; if (tdata->dest_info.addr.count == 0) { pj_strdup(tdata->pool, &tdata->dest_info.name, &dest_info.addr.host); pjsip_endpt_resolve( endpt, tdata->pool, &dest_info, stateless_data, &stateless_send_resolver_callback); } else { PJ_LOG(5,(THIS_FILE, ""%s: skipping target resolution because "" ""address is already set"", pjsip_tx_data_get_info(tdata))); stateless_send_resolver_callback(PJ_SUCCESS, stateless_data, &tdata->dest_info.addr); } return PJ_SUCCESS; }",visit repo url,pjsip/src/pjsip/sip_util.c,https://github.com/pjsip/pjproject,276411749050689,1 3956,['CWE-362'],"static inline void put_tree(struct audit_tree *tree) { if (atomic_dec_and_test(&tree->count)) call_rcu(&tree->head, __put_tree); }",linux-2.6,,,112938286332563812166997730501127100836,0 6036,['CWE-200'],"addrconf_prefix_route(struct in6_addr *pfx, int plen, struct net_device *dev, unsigned long expires, u32 flags) { struct in6_rtmsg rtmsg; memset(&rtmsg, 0, sizeof(rtmsg)); ipv6_addr_copy(&rtmsg.rtmsg_dst, pfx); rtmsg.rtmsg_dst_len = plen; rtmsg.rtmsg_metric = IP6_RT_PRIO_ADDRCONF; rtmsg.rtmsg_ifindex = dev->ifindex; rtmsg.rtmsg_info = expires; rtmsg.rtmsg_flags = RTF_UP|flags; rtmsg.rtmsg_type = RTMSG_NEWROUTE; if (dev->type == ARPHRD_SIT && (dev->flags&IFF_POINTOPOINT)) rtmsg.rtmsg_flags |= RTF_NONEXTHOP; ip6_route_add(&rtmsg, NULL, NULL, NULL); }",linux-2.6,,,114098275934774119935567828514384859280,0 4507,['CWE-20'],"static struct buffer_head *bclean(handle_t *handle, struct super_block *sb, ext4_fsblk_t blk) { struct buffer_head *bh; int err; bh = sb_getblk(sb, blk); if (!bh) return ERR_PTR(-EIO); if ((err = ext4_journal_get_write_access(handle, bh))) { brelse(bh); bh = ERR_PTR(err); } else { lock_buffer(bh); memset(bh->b_data, 0, sb->s_blocksize); set_buffer_uptodate(bh); unlock_buffer(bh); } return bh; }",linux-2.6,,,203880727479701826394477737196961461466,0 3489,['CWE-20'],"sctp_disposition_t sctp_sf_eat_data_6_2(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; int error; if (!sctp_vtag_verify(chunk, asoc)) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, SCTP_NULL()); return sctp_sf_pdiscard(ep, asoc, type, arg, commands); } if (!sctp_chunk_length_valid(chunk, sizeof(sctp_data_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); error = sctp_eat_data(asoc, chunk, commands ); switch (error) { case SCTP_IERROR_NO_ERROR: break; case SCTP_IERROR_HIGH_TSN: case SCTP_IERROR_BAD_STREAM: SCTP_INC_STATS(SCTP_MIB_IN_DATA_CHUNK_DISCARDS); goto discard_noforce; case SCTP_IERROR_DUP_TSN: case SCTP_IERROR_IGNORE_TSN: SCTP_INC_STATS(SCTP_MIB_IN_DATA_CHUNK_DISCARDS); goto discard_force; case SCTP_IERROR_NO_DATA: goto consume; default: BUG(); } if (asoc->autoclose) { sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE)); } if (chunk->end_of_packet) sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE()); return SCTP_DISPOSITION_CONSUME; discard_force: if (chunk->end_of_packet) sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE()); return SCTP_DISPOSITION_DISCARD; discard_noforce: if (chunk->end_of_packet) sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE()); return SCTP_DISPOSITION_DISCARD; consume: return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,128045993663574019938993776945665492485,0 4520,['CWE-20'],"static struct buffer_head * ext4_find_entry (struct inode *dir, const struct qstr *d_name, struct ext4_dir_entry_2 ** res_dir) { struct super_block *sb; struct buffer_head *bh_use[NAMEI_RA_SIZE]; struct buffer_head *bh, *ret = NULL; ext4_lblk_t start, block, b; int ra_max = 0; int ra_ptr = 0; int num = 0; ext4_lblk_t nblocks; int i, err; int namelen; *res_dir = NULL; sb = dir->i_sb; namelen = d_name->len; if (namelen > EXT4_NAME_LEN) return NULL; if (is_dx(dir)) { bh = ext4_dx_find_entry(dir, d_name, res_dir, &err); if (bh || (err != ERR_BAD_DX_DIR)) return bh; dxtrace(printk(KERN_DEBUG ""ext4_find_entry: dx failed, "" ""falling back\n"")); } nblocks = dir->i_size >> EXT4_BLOCK_SIZE_BITS(sb); start = EXT4_I(dir)->i_dir_start_lookup; if (start >= nblocks) start = 0; block = start; restart: do { if (ra_ptr >= ra_max) { ra_ptr = 0; b = block; for (ra_max = 0; ra_max < NAMEI_RA_SIZE; ra_max++) { if (b >= nblocks || (num && block == start)) { bh_use[ra_max] = NULL; break; } num++; bh = ext4_getblk(NULL, dir, b++, 0, &err); bh_use[ra_max] = bh; if (bh) ll_rw_block(READ_META, 1, &bh); } } if ((bh = bh_use[ra_ptr++]) == NULL) goto next; wait_on_buffer(bh); if (!buffer_uptodate(bh)) { ext4_error(sb, __func__, ""reading directory #%lu "" ""offset %lu"", dir->i_ino, (unsigned long)block); brelse(bh); goto next; } i = search_dirblock(bh, dir, d_name, block << EXT4_BLOCK_SIZE_BITS(sb), res_dir); if (i == 1) { EXT4_I(dir)->i_dir_start_lookup = block; ret = bh; goto cleanup_and_exit; } else { brelse(bh); if (i < 0) goto cleanup_and_exit; } next: if (++block >= nblocks) block = 0; } while (block != start); block = nblocks; nblocks = dir->i_size >> EXT4_BLOCK_SIZE_BITS(sb); if (block < nblocks) { start = 0; goto restart; } cleanup_and_exit: for (; ra_ptr < ra_max; ra_ptr++) brelse(bh_use[ra_ptr]); return ret; }",linux-2.6,,,45586637932652415108520667236471114827,0 6040,NVD-CWE-Other,"handle_add_command(GraphicsManager *self, const GraphicsCommand *g, const uint8_t *payload, bool *is_dirty, uint32_t iid) { #define ABRT(code, ...) { set_add_response(#code, __VA_ARGS__); self->loading_image = 0; if (img) img->data_loaded = false; return NULL; } #define MAX_DATA_SZ (4u * 100000000u) has_add_respose = false; bool existing, init_img = true; Image *img = NULL; unsigned char tt = g->transmission_type ? g->transmission_type : 'd'; enum FORMATS { RGB=24, RGBA=32, PNG=100 }; uint32_t fmt = g->format ? g->format : RGBA; if (tt == 'd' && self->loading_image) init_img = false; if (init_img) { self->last_init_graphics_command = *g; self->last_init_graphics_command.id = iid; self->loading_image = 0; if (g->data_width > 10000 || g->data_height > 10000) ABRT(EINVAL, ""Image too large""); remove_images(self, add_trim_predicate, 0); img = find_or_create_image(self, iid, &existing); if (existing) { free_load_data(&img->load_data); img->data_loaded = false; free_refs_data(img); *is_dirty = true; self->layers_dirty = true; } else { img->internal_id = internal_id_counter++; img->client_id = iid; } img->atime = monotonic(); img->used_storage = 0; img->width = g->data_width; img->height = g->data_height; switch(fmt) { case PNG: if (g->data_sz > MAX_DATA_SZ) ABRT(EINVAL, ""PNG data size too large""); img->load_data.is_4byte_aligned = true; img->load_data.is_opaque = false; img->load_data.data_sz = g->data_sz ? g->data_sz : 1024 * 100; break; case RGB: case RGBA: img->load_data.data_sz = (size_t)g->data_width * g->data_height * (fmt / 8); if (!img->load_data.data_sz) ABRT(EINVAL, ""Zero width/height not allowed""); img->load_data.is_4byte_aligned = fmt == RGBA || (img->width % 4 == 0); img->load_data.is_opaque = fmt == RGB; break; default: ABRT(EINVAL, ""Unknown image format: %u"", fmt); } if (tt == 'd') { if (g->more) self->loading_image = img->internal_id; img->load_data.buf_capacity = img->load_data.data_sz + (g->compressed ? 1024 : 10); img->load_data.buf = malloc(img->load_data.buf_capacity); img->load_data.buf_used = 0; if (img->load_data.buf == NULL) { ABRT(ENOMEM, ""Out of memory""); img->load_data.buf_capacity = 0; img->load_data.buf_used = 0; } } } else { self->last_init_graphics_command.more = g->more; self->last_init_graphics_command.payload_sz = g->payload_sz; g = &self->last_init_graphics_command; tt = g->transmission_type ? g->transmission_type : 'd'; fmt = g->format ? g->format : RGBA; img = img_by_internal_id(self, self->loading_image); if (img == NULL) { self->loading_image = 0; ABRT(EILSEQ, ""More payload loading refers to non-existent image""); } } int fd; static char fname[2056] = {0}; switch(tt) { case 'd': if (img->load_data.buf_capacity - img->load_data.buf_used < g->payload_sz) { if (img->load_data.buf_used + g->payload_sz > MAX_DATA_SZ || fmt != PNG) ABRT(EFBIG, ""Too much data""); img->load_data.buf_capacity = MIN(2 * img->load_data.buf_capacity, MAX_DATA_SZ); img->load_data.buf = realloc(img->load_data.buf, img->load_data.buf_capacity); if (img->load_data.buf == NULL) { ABRT(ENOMEM, ""Out of memory""); img->load_data.buf_capacity = 0; img->load_data.buf_used = 0; } } memcpy(img->load_data.buf + img->load_data.buf_used, payload, g->payload_sz); img->load_data.buf_used += g->payload_sz; if (!g->more) { img->data_loaded = true; self->loading_image = 0; } break; case 'f': case 't': case 's': if (g->payload_sz > 2048) ABRT(EINVAL, ""Filename too long""); snprintf(fname, sizeof(fname)/sizeof(fname[0]), ""%.*s"", (int)g->payload_sz, payload); if (tt == 's') fd = shm_open(fname, O_RDONLY, 0); else fd = open(fname, O_CLOEXEC | O_RDONLY); if (fd == -1) ABRT(EBADF, ""Failed to open file %s for graphics transmission with error: [%d] %s"", fname, errno, strerror(errno)); img->data_loaded = mmap_img_file(self, img, fd, g->data_sz, g->data_offset); safe_close(fd, __FILE__, __LINE__); if (tt == 't') { if (global_state.boss) { call_boss(safe_delete_temp_file, ""s"", fname); } else unlink(fname); } else if (tt == 's') shm_unlink(fname); break; default: ABRT(EINVAL, ""Unknown transmission type: %c"", g->transmission_type); } if (!img->data_loaded) return NULL; self->loading_image = 0; bool needs_processing = g->compressed || fmt == PNG; if (needs_processing) { uint8_t *buf; size_t bufsz; #define IB { if (img->load_data.buf) { buf = img->load_data.buf; bufsz = img->load_data.buf_used; } else { buf = img->load_data.mapped_file; bufsz = img->load_data.mapped_file_sz; } } switch(g->compressed) { case 'z': IB; if (!inflate_zlib(self, img, buf, bufsz)) { img->data_loaded = false; return NULL; } break; case 0: break; default: ABRT(EINVAL, ""Unknown image compression: %c"", g->compressed); } switch(fmt) { case PNG: IB; if (!inflate_png(self, img, buf, bufsz)) { img->data_loaded = false; return NULL; } break; default: break; } #undef IB img->load_data.data = img->load_data.buf; if (img->load_data.buf_used < img->load_data.data_sz) { ABRT(ENODATA, ""Insufficient image data: %zu < %zu"", img->load_data.buf_used, img->load_data.data_sz); } if (img->load_data.mapped_file) { munmap(img->load_data.mapped_file, img->load_data.mapped_file_sz); img->load_data.mapped_file = NULL; img->load_data.mapped_file_sz = 0; } } else { if (tt == 'd') { if (img->load_data.buf_used < img->load_data.data_sz) { ABRT(ENODATA, ""Insufficient image data: %zu < %zu"", img->load_data.buf_used, img->load_data.data_sz); } else img->load_data.data = img->load_data.buf; } else { if (img->load_data.mapped_file_sz < img->load_data.data_sz) { ABRT(ENODATA, ""Insufficient image data: %zu < %zu"", img->load_data.mapped_file_sz, img->load_data.data_sz); } else img->load_data.data = img->load_data.mapped_file; } } size_t required_sz = (size_t)(img->load_data.is_opaque ? 3 : 4) * img->width * img->height; if (img->load_data.data_sz != required_sz) ABRT(EINVAL, ""Image dimensions: %ux%u do not match data size: %zu, expected size: %zu"", img->width, img->height, img->load_data.data_sz, required_sz); if (LIKELY(img->data_loaded && send_to_gpu)) { send_image_to_gpu(&img->texture_id, img->load_data.data, img->width, img->height, img->load_data.is_opaque, img->load_data.is_4byte_aligned, false, REPEAT_CLAMP); free_load_data(&img->load_data); self->used_storage += required_sz; img->used_storage = required_sz; } return img; #undef MAX_DATA_SZ #undef ABRT }",visit repo url,kitty/graphics.c,https://github.com/kovidgoyal/kitty,179041627989720,1 6276,['CWE-200'],"tcf_exts_change(struct tcf_proto *tp, struct tcf_exts *dst, struct tcf_exts *src) { #ifdef CONFIG_NET_CLS_ACT if (src->action) { struct tc_action *act; tcf_tree_lock(tp); act = xchg(&dst->action, src->action); tcf_tree_unlock(tp); if (act) tcf_action_destroy(act, TCA_ACT_UNBIND); } #elif defined CONFIG_NET_CLS_POLICE if (src->police) { struct tcf_police *p; tcf_tree_lock(tp); p = xchg(&dst->police, src->police); tcf_tree_unlock(tp); if (p) tcf_police_release(p, TCA_ACT_UNBIND); } #endif }",linux-2.6,,,218997134112953681530486444341183580323,0 3706,CWE-732,"process_open(u_int32_t id) { u_int32_t pflags; Attrib a; char *name; int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE; if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || (r = decode_attrib(iqueue, &a)) != 0) fatal(""%s: buffer error: %s"", __func__, ssh_err(r)); debug3(""request %u: open flags %d"", id, pflags); flags = flags_from_portable(pflags); mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666; logit(""open \""%s\"" flags %s mode 0%o"", name, string_from_portable(pflags), mode); if (readonly && ((flags & O_ACCMODE) == O_WRONLY || (flags & O_ACCMODE) == O_RDWR)) { verbose(""Refusing open request in read-only mode""); status = SSH2_FX_PERMISSION_DENIED; } else { fd = open(name, flags, mode); if (fd < 0) { status = errno_to_portable(errno); } else { handle = handle_new(HANDLE_FILE, name, fd, flags, NULL); if (handle < 0) { close(fd); } else { send_handle(id, handle); status = SSH2_FX_OK; } } } if (status != SSH2_FX_OK) send_status(id, status); free(name); }",visit repo url,usr.bin/ssh/sftp-server.c,https://github.com/openbsd/src,98171201926103,1 3286,['CWE-189'],"static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt) { int n; jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj; n = m->len_ - m->pos_; cnt = JAS_MIN(n, cnt); memcpy(buf, &m->buf_[m->pos_], cnt); m->pos_ += cnt; return cnt; }",jasper,,,5431178178433490789199742522523480083,0 6498,['CWE-20'],"static inline void jmp_rel(struct decode_cache *c, int rel) { register_address_increment(c, &c->eip, rel); }",kvm,,,164988650694080232552880066900338383567,0 2075,[],"static struct sock *udp_get_idx(struct seq_file *seq, loff_t pos) { struct sock *sk = udp_get_first(seq); if (sk) while (pos && (sk = udp_get_next(seq, sk)) != NULL) --pos; return pos ? NULL : sk; }",linux-2.6,,,229982021387065733569168867608383447693,0 4370,CWE-682,"static int find_low_bit(unsigned int x) { int i; for(i=0;i<=31;i++) { if(x&(1<mail_charset; head_enc = lang->mail_header_encoding; body_enc = lang->mail_body_encoding; } Array ht_headers; if (!headers.empty()) { _php_mbstr_parse_mail_headers(ht_headers, headers.data(), headers.size()); } struct { unsigned int cnt_type:1; unsigned int cnt_trans_enc:1; } suppressed_hdrs = { 0, 0 }; static const StaticString s_CONTENT_TYPE(""CONTENT-TYPE""); String s = ht_headers[s_CONTENT_TYPE].toString(); if (!s.isNull()) { char *tmp; char *param_name; char *charset = nullptr; char *p = const_cast(strchr(s.data(), ';')); if (p != nullptr) { do { ++p; } while (*p == ' ' || *p == '\t'); if (*p != '\0') { if ((param_name = strtok_r(p, ""= "", &tmp)) != nullptr) { if (strcasecmp(param_name, ""charset"") == 0) { mbfl_no_encoding _tran_cs = tran_cs; charset = strtok_r(nullptr, ""= "", &tmp); if (charset != nullptr) { _tran_cs = mbfl_name2no_encoding(charset); } if (_tran_cs == mbfl_no_encoding_invalid) { raise_warning(""Unsupported charset \""%s\"" - "" ""will be regarded as ascii"", charset); _tran_cs = mbfl_no_encoding_ascii; } tran_cs = _tran_cs; } } } } suppressed_hdrs.cnt_type = 1; } static const StaticString s_CONTENT_TRANSFER_ENCODING(""CONTENT-TRANSFER-ENCODING""); s = ht_headers[s_CONTENT_TRANSFER_ENCODING].toString(); if (!s.isNull()) { mbfl_no_encoding _body_enc = mbfl_name2no_encoding(s.data()); switch (_body_enc) { case mbfl_no_encoding_base64: case mbfl_no_encoding_7bit: case mbfl_no_encoding_8bit: body_enc = _body_enc; break; default: raise_warning(""Unsupported transfer encoding \""%s\"" - "" ""will be regarded as 8bit"", s.data()); body_enc = mbfl_no_encoding_8bit; break; } suppressed_hdrs.cnt_trans_enc = 1; } char *to_r = nullptr; int err = 0; if (!to.empty()) { int to_len = to.size(); if (to_len > 0) { to_r = strndup(to.data(), to_len); for (; to_len; to_len--) { if (!isspace((unsigned char)to_r[to_len - 1])) { break; } to_r[to_len - 1] = '\0'; } for (int i = 0; to_r[i]; i++) { if (iscntrl((unsigned char)to_r[i])) { SKIP_LONG_HEADER_SEP_MBSTRING(to_r, i); to_r[i] = ' '; } } } else { to_r = (char*)to.data(); } } else { raise_warning(""Missing To: field""); err = 1; } String encoded_subject; if (!subject.isNull()) { orig_str.no_language = MBSTRG(current_language); orig_str.val = (unsigned char *)subject.data(); orig_str.len = subject.size(); orig_str.no_encoding = MBSTRG(current_internal_encoding)->no_encoding; if (orig_str.no_encoding == mbfl_no_encoding_invalid || orig_str.no_encoding == mbfl_no_encoding_pass) { mbfl_encoding *encoding = (mbfl_encoding*) mbfl_identify_encoding2(&orig_str, (const mbfl_encoding**) MBSTRG(current_detect_order_list), MBSTRG(current_detect_order_list_size), MBSTRG(strict_detection)); orig_str.no_encoding = encoding != nullptr ? encoding->no_encoding : mbfl_no_encoding_invalid; } mbfl_string *pstr = mbfl_mime_header_encode (&orig_str, &conv_str, tran_cs, head_enc, ""\n"", sizeof(""Subject: [PHP-jp nnnnnnnn]"")); if (pstr != nullptr) { encoded_subject = String(reinterpret_cast(pstr->val), pstr->len, AttachString); } } else { raise_warning(""Missing Subject: field""); err = 1; } String encoded_message; if (!message.empty()) { orig_str.no_language = MBSTRG(current_language); orig_str.val = (unsigned char*)message.data(); orig_str.len = message.size(); orig_str.no_encoding = MBSTRG(current_internal_encoding)->no_encoding; if (orig_str.no_encoding == mbfl_no_encoding_invalid || orig_str.no_encoding == mbfl_no_encoding_pass) { mbfl_encoding *encoding = (mbfl_encoding*) mbfl_identify_encoding2(&orig_str, (const mbfl_encoding**) MBSTRG(current_detect_order_list), MBSTRG(current_detect_order_list_size), MBSTRG(strict_detection)); orig_str.no_encoding = encoding != nullptr ? encoding->no_encoding : mbfl_no_encoding_invalid; } mbfl_string *pstr = nullptr; { mbfl_string tmpstr; if (mbfl_convert_encoding(&orig_str, &tmpstr, tran_cs) != nullptr) { tmpstr.no_encoding = mbfl_no_encoding_8bit; pstr = mbfl_convert_encoding(&tmpstr, &conv_str, body_enc); free(tmpstr.val); } } if (pstr != nullptr) { encoded_message = String(reinterpret_cast(pstr->val), pstr->len, AttachString); } } else { raise_warning(""Empty message body""); } #define PHP_MBSTR_MAIL_MIME_HEADER1 ""Mime-Version: 1.0"" #define PHP_MBSTR_MAIL_MIME_HEADER2 ""Content-Type: text/plain"" #define PHP_MBSTR_MAIL_MIME_HEADER3 ""; charset="" #define PHP_MBSTR_MAIL_MIME_HEADER4 ""Content-Transfer-Encoding: "" if (!headers.empty()) { const char *p = headers.data(); int n = headers.size(); mbfl_memory_device_strncat(&device, p, n); if (n > 0 && p[n - 1] != '\n') { mbfl_memory_device_strncat(&device, ""\n"", 1); } } mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER1, sizeof(PHP_MBSTR_MAIL_MIME_HEADER1) - 1); mbfl_memory_device_strncat(&device, ""\n"", 1); if (!suppressed_hdrs.cnt_type) { mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER2, sizeof(PHP_MBSTR_MAIL_MIME_HEADER2) - 1); char *p = (char *)mbfl_no2preferred_mime_name(tran_cs); if (p != nullptr) { mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER3, sizeof(PHP_MBSTR_MAIL_MIME_HEADER3) - 1); mbfl_memory_device_strcat(&device, p); } mbfl_memory_device_strncat(&device, ""\n"", 1); } if (!suppressed_hdrs.cnt_trans_enc) { mbfl_memory_device_strncat(&device, PHP_MBSTR_MAIL_MIME_HEADER4, sizeof(PHP_MBSTR_MAIL_MIME_HEADER4) - 1); const char *p = (char *)mbfl_no2preferred_mime_name(body_enc); if (p == nullptr) { p = ""7bit""; } mbfl_memory_device_strcat(&device, p); mbfl_memory_device_strncat(&device, ""\n"", 1); } mbfl_memory_device_unput(&device); mbfl_memory_device_output('\0', &device); char *all_headers = (char *)device.buffer; String cmd = string_escape_shell_cmd(extra_cmd.c_str()); bool ret = (!err && php_mail(to_r, encoded_subject.data(), encoded_message.data(), all_headers, cmd.data())); mbfl_memory_device_clear(&device); return ret; }",visit repo url,hphp/runtime/ext/mbstring/ext_mbstring.cpp,https://github.com/facebook/hhvm,245927329306485,1 6007,['CWE-200'],"int ipv6_get_saddr(struct dst_entry *dst, struct in6_addr *daddr, struct in6_addr *saddr) { return ipv6_dev_get_saddr(dst ? ((struct rt6_info *)dst)->rt6i_idev->dev : NULL, daddr, saddr); }",linux-2.6,,,22586661366086949777725152490772303807,0 853,CWE-20,"static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, struct msghdr *msg_sys, unsigned int flags, int nosec) { struct compat_msghdr __user *msg_compat = (struct compat_msghdr __user *)msg; struct iovec iovstack[UIO_FASTIOV]; struct iovec *iov = iovstack; unsigned long cmsg_ptr; int err, total_len, len; struct sockaddr_storage addr; struct sockaddr __user *uaddr; int __user *uaddr_len; if (MSG_CMSG_COMPAT & flags) { if (get_compat_msghdr(msg_sys, msg_compat)) return -EFAULT; } else { err = copy_msghdr_from_user(msg_sys, msg); if (err) return err; } if (msg_sys->msg_iovlen > UIO_FASTIOV) { err = -EMSGSIZE; if (msg_sys->msg_iovlen > UIO_MAXIOV) goto out; err = -ENOMEM; iov = kmalloc(msg_sys->msg_iovlen * sizeof(struct iovec), GFP_KERNEL); if (!iov) goto out; } uaddr = (__force void __user *)msg_sys->msg_name; uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); } else err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE); if (err < 0) goto out_freeiov; total_len = err; cmsg_ptr = (unsigned long)msg_sys->msg_control; msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys, total_len, flags); if (err < 0) goto out_freeiov; len = err; if (uaddr != NULL) { err = move_addr_to_user(&addr, msg_sys->msg_namelen, uaddr, uaddr_len); if (err < 0) goto out_freeiov; } err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT), COMPAT_FLAGS(msg)); if (err) goto out_freeiov; if (MSG_CMSG_COMPAT & flags) err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr, &msg_compat->msg_controllen); else err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr, &msg->msg_controllen); if (err) goto out_freeiov; err = len; out_freeiov: if (iov != iovstack) kfree(iov); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,76305007079054,1 542,CWE-189,"static struct sem_undo *find_alloc_undo(struct ipc_namespace *ns, int semid) { struct sem_array *sma; struct sem_undo_list *ulp; struct sem_undo *un, *new; int nsems; int error; error = get_undo_list(&ulp); if (error) return ERR_PTR(error); rcu_read_lock(); spin_lock(&ulp->lock); un = lookup_undo(ulp, semid); spin_unlock(&ulp->lock); if (likely(un!=NULL)) goto out; sma = sem_obtain_object_check(ns, semid); if (IS_ERR(sma)) { rcu_read_unlock(); return ERR_CAST(sma); } nsems = sma->sem_nsems; ipc_rcu_getref(sma); rcu_read_unlock(); new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL); if (!new) { sem_putref(sma); return ERR_PTR(-ENOMEM); } sem_lock_and_putref(sma); if (sma->sem_perm.deleted) { sem_unlock(sma); kfree(new); un = ERR_PTR(-EIDRM); goto out; } spin_lock(&ulp->lock); un = lookup_undo(ulp, semid); if (un) { kfree(new); goto success; } new->semadj = (short *) &new[1]; new->ulp = ulp; new->semid = semid; assert_spin_locked(&ulp->lock); list_add_rcu(&new->list_proc, &ulp->list_proc); assert_spin_locked(&sma->sem_perm.lock); list_add(&new->list_id, &sma->list_id); un = new; success: spin_unlock(&ulp->lock); rcu_read_lock(); sem_unlock(sma); out: return un; }",visit repo url,ipc/sem.c,https://github.com/torvalds/linux,147973602932554,1 4532,['CWE-20'],"static inline unsigned dx_root_limit(struct inode *dir, unsigned infosize) { unsigned entry_space = dir->i_sb->s_blocksize - EXT4_DIR_REC_LEN(1) - EXT4_DIR_REC_LEN(2) - infosize; return entry_space / sizeof(struct dx_entry); }",linux-2.6,,,141256149240116642009825175972204750318,0 2127,['CWE-119'],"static inline unsigned long native_store_tr(void) { unsigned long tr; asm volatile(""str %0"":""=r"" (tr)); return tr; }",linux-2.6,,,259691302806274171954316105334904200714,0 3419,CWE-119,"static void show_object(struct object *obj, struct strbuf *path, const char *component, void *cb_data) { struct rev_list_info *info = cb_data; finish_object(obj, path, component, cb_data); if (info->flags & REV_LIST_QUIET) return; show_object_with_name(stdout, obj, path, component); }",visit repo url,builtin/rev-list.c,https://github.com/git/git,99015867276515,1 6077,['CWE-200'],"ipv6_inherit_linklocal(struct inet6_dev *idev, struct net_device *link_dev) { struct in6_addr lladdr; if (!ipv6_get_lladdr(link_dev, &lladdr)) { addrconf_add_linklocal(idev, &lladdr); return 0; } return -1; }",linux-2.6,,,188964749249330942621613311935249016238,0 2242,['CWE-193'],"unsigned find_get_pages(struct address_space *mapping, pgoff_t start, unsigned int nr_pages, struct page **pages) { unsigned int i; unsigned int ret; unsigned int nr_found; rcu_read_lock(); restart: nr_found = radix_tree_gang_lookup_slot(&mapping->page_tree, (void ***)pages, start, nr_pages); ret = 0; for (i = 0; i < nr_found; i++) { struct page *page; repeat: page = radix_tree_deref_slot((void **)pages[i]); if (unlikely(!page)) continue; if (unlikely(page == RADIX_TREE_RETRY)) goto restart; if (!page_cache_get_speculative(page)) goto repeat; if (unlikely(page != *((void **)pages[i]))) { page_cache_release(page); goto repeat; } pages[ret] = page; ret++; } rcu_read_unlock(); return ret; }",linux-2.6,,,325889854624231127010612998882135440084,0 4163,CWE-400,"main(int argc, char* argv[]) { #if !HAVE_DECL_OPTARG extern int optind; #endif uint16 defconfig = (uint16) -1; uint16 deffillorder = 0; uint32 deftilewidth = (uint32) 0; uint32 deftilelength = (uint32) 0; uint32 defrowsperstrip = (uint32) 0; uint32 dirnum = 0; TIFF *in = NULL; TIFF *out = NULL; char mode[10]; char *mp = mode; struct image_data image; struct crop_mask crop; struct pagedef page; struct pageseg sections[MAX_SECTIONS]; struct buffinfo seg_buffs[MAX_SECTIONS]; struct dump_opts dump; unsigned char *read_buff = NULL; unsigned char *crop_buff = NULL; unsigned char *sect_buff = NULL; unsigned char *sect_src = NULL; unsigned int imagelist[MAX_IMAGES + 1]; unsigned int image_count = 0; unsigned int dump_images = 0; unsigned int next_image = 0; unsigned int next_page = 0; unsigned int total_pages = 0; unsigned int total_images = 0; unsigned int end_of_input = FALSE; int seg; size_t length; char temp_filename[PATH_MAX + 16]; little_endian = *((unsigned char *)&little_endian) & '1'; initImageData(&image); initCropMasks(&crop); initPageSetup(&page, sections, seg_buffs); initDumpOptions(&dump); process_command_opts (argc, argv, mp, mode, &dirnum, &defconfig, &deffillorder, &deftilewidth, &deftilelength, &defrowsperstrip, &crop, &page, &dump, imagelist, &image_count); if (argc - optind < 2) usage(); if ((argc - optind) == 2) pageNum = -1; else total_images = 0; while (optind < argc - 1) { in = TIFFOpen (argv[optind], ""r""); if (in == NULL) return (-3); total_images = TIFFNumberOfDirectories(in); if (image_count == 0) { dirnum = 0; total_pages = total_images; } else { dirnum = (tdir_t)(imagelist[next_image] - 1); next_image++; if (image_count > total_images) image_count = total_images; total_pages = image_count; } if (dirnum == (MAX_IMAGES - 1)) dirnum = total_images - 1; if (dirnum > (total_images)) { TIFFError (TIFFFileName(in), ""Invalid image number %d, File contains only %d images"", (int)dirnum + 1, total_images); if (out != NULL) (void) TIFFClose(out); return (1); } if (dirnum != 0 && !TIFFSetDirectory(in, (tdir_t)dirnum)) { TIFFError(TIFFFileName(in),""Error, setting subdirectory at %d"", dirnum); if (out != NULL) (void) TIFFClose(out); return (1); } end_of_input = FALSE; while (end_of_input == FALSE) { config = defconfig; compression = defcompression; predictor = defpredictor; fillorder = deffillorder; rowsperstrip = defrowsperstrip; tilewidth = deftilewidth; tilelength = deftilelength; g3opts = defg3opts; if (dump.format != DUMP_NONE) { dump_images++; length = strlen(dump.infilename); if (length > 0) { if (dump.infile != NULL) fclose (dump.infile); snprintf(temp_filename, sizeof(temp_filename), ""%s-read-%03d.%s"", dump.infilename, dump_images, (dump.format == DUMP_TEXT) ? ""txt"" : ""raw""); if ((dump.infile = fopen(temp_filename, dump.mode)) == NULL) { TIFFError (""Unable to open dump file for writing"", ""%s"", temp_filename); exit (-1); } dump_info(dump.infile, dump.format, ""Reading image"",""%d from %s"", dump_images, TIFFFileName(in)); } length = strlen(dump.outfilename); if (length > 0) { if (dump.outfile != NULL) fclose (dump.outfile); snprintf(temp_filename, sizeof(temp_filename), ""%s-write-%03d.%s"", dump.outfilename, dump_images, (dump.format == DUMP_TEXT) ? ""txt"" : ""raw""); if ((dump.outfile = fopen(temp_filename, dump.mode)) == NULL) { TIFFError (""Unable to open dump file for writing"", ""%s"", temp_filename); exit (-1); } dump_info(dump.outfile, dump.format, ""Writing image"",""%d from %s"", dump_images, TIFFFileName(in)); } } if (dump.debug) TIFFError(""main"", ""Reading image %4d of %4d total pages."", dirnum + 1, total_pages); if (loadImage(in, &image, &dump, &read_buff)) { TIFFError(""main"", ""Unable to load source image""); exit (-1); } if (image.adjustments != 0) { if (correct_orientation(&image, &read_buff)) TIFFError(""main"", ""Unable to correct image orientation""); } if (getCropOffsets(&image, &crop, &dump)) { TIFFError(""main"", ""Unable to define crop regions""); exit (-1); } if (crop.selections > 0) { if (processCropSelections(&image, &crop, &read_buff, seg_buffs)) { TIFFError(""main"", ""Unable to process image selections""); exit (-1); } } else { if (createCroppedImage(&image, &crop, &read_buff, &crop_buff)) { TIFFError(""main"", ""Unable to create output image""); exit (-1); } } if (page.mode == PAGE_MODE_NONE) { if (crop.selections > 0) { writeSelections(in, &out, &crop, &image, &dump, seg_buffs, mp, argv[argc - 1], &next_page, total_pages); } else { if (update_output_file (&out, mp, crop.exp_mode, argv[argc - 1], &next_page)) exit (1); if (writeCroppedImage(in, out, &image, &dump,crop.combined_width, crop.combined_length, crop_buff, next_page, total_pages)) { TIFFError(""main"", ""Unable to write new image""); exit (-1); } } } else { if (crop_buff != NULL) sect_src = crop_buff; else sect_src = read_buff; if (computeOutputPixelOffsets(&crop, &image, &page, sections, &dump)) { TIFFError(""main"", ""Unable to compute output section data""); exit (-1); } if (update_output_file (&out, mp, crop.exp_mode, argv[argc - 1], &next_page)) exit (1); if (writeImageSections(in, out, &image, &page, sections, &dump, sect_src, §_buff)) { TIFFError(""main"", ""Unable to write image sections""); exit (-1); } } if (image_count == 0) dirnum++; else { dirnum = (tdir_t)(imagelist[next_image] - 1); next_image++; } if (dirnum == MAX_IMAGES - 1) dirnum = TIFFNumberOfDirectories(in) - 1; if (!TIFFSetDirectory(in, (tdir_t)dirnum)) end_of_input = TRUE; } TIFFClose(in); optind++; } if (read_buff) _TIFFfree(read_buff); if (crop_buff) _TIFFfree(crop_buff); if (sect_buff) _TIFFfree(sect_buff); for (seg = 0; seg < crop.selections; seg++) _TIFFfree (seg_buffs[seg].buffer); if (dump.format != DUMP_NONE) { if (dump.infile != NULL) fclose (dump.infile); if (dump.outfile != NULL) { dump_info (dump.outfile, dump.format, """", ""Completed run for %s"", TIFFFileName(out)); fclose (dump.outfile); } } TIFFClose(out); return (0); } ",visit repo url,tools/tiffcrop.c,https://gitlab.com/libtiff/libtiff,271433301664488,1 1699,[],"int can_migrate_task(struct task_struct *p, struct rq *rq, int this_cpu, struct sched_domain *sd, enum cpu_idle_type idle, int *all_pinned) { if (!cpu_isset(this_cpu, p->cpus_allowed)) { schedstat_inc(p, se.nr_failed_migrations_affine); return 0; } *all_pinned = 0; if (task_running(rq, p)) { schedstat_inc(p, se.nr_failed_migrations_running); return 0; } if (!task_hot(p, rq->clock, sd) || sd->nr_balance_failed > sd->cache_nice_tries) { #ifdef CONFIG_SCHEDSTATS if (task_hot(p, rq->clock, sd)) { schedstat_inc(sd, lb_hot_gained[idle]); schedstat_inc(p, se.nr_forced_migrations); } #endif return 1; } if (task_hot(p, rq->clock, sd)) { schedstat_inc(p, se.nr_failed_migrations_hot); return 0; } return 1; }",linux-2.6,,,69362492428087328207774070180831569223,0 446,CWE-362,"static int packet_do_bind(struct sock *sk, const char *name, int ifindex, __be16 proto) { struct packet_sock *po = pkt_sk(sk); struct net_device *dev_curr; __be16 proto_curr; bool need_rehook; struct net_device *dev = NULL; int ret = 0; bool unlisted = false; if (po->fanout) return -EINVAL; lock_sock(sk); spin_lock(&po->bind_lock); rcu_read_lock(); if (name) { dev = dev_get_by_name_rcu(sock_net(sk), name); if (!dev) { ret = -ENODEV; goto out_unlock; } } else if (ifindex) { dev = dev_get_by_index_rcu(sock_net(sk), ifindex); if (!dev) { ret = -ENODEV; goto out_unlock; } } if (dev) dev_hold(dev); proto_curr = po->prot_hook.type; dev_curr = po->prot_hook.dev; need_rehook = proto_curr != proto || dev_curr != dev; if (need_rehook) { if (po->running) { rcu_read_unlock(); __unregister_prot_hook(sk, true); rcu_read_lock(); dev_curr = po->prot_hook.dev; if (dev) unlisted = !dev_get_by_index_rcu(sock_net(sk), dev->ifindex); } po->num = proto; po->prot_hook.type = proto; if (unlikely(unlisted)) { dev_put(dev); po->prot_hook.dev = NULL; po->ifindex = -1; packet_cached_dev_reset(po); } else { po->prot_hook.dev = dev; po->ifindex = dev ? dev->ifindex : 0; packet_cached_dev_assign(po, dev); } } if (dev_curr) dev_put(dev_curr); if (proto == 0 || !need_rehook) goto out_unlock; if (!unlisted && (!dev || (dev->flags & IFF_UP))) { register_prot_hook(sk); } else { sk->sk_err = ENETDOWN; if (!sock_flag(sk, SOCK_DEAD)) sk->sk_error_report(sk); } out_unlock: rcu_read_unlock(); spin_unlock(&po->bind_lock); release_sock(sk); return ret; }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,156231353936823,1 3361,[],"static inline void nlmsg_trim(struct sk_buff *skb, const void *mark) { if (mark) skb_trim(skb, (unsigned char *) mark - skb->data); }",linux-2.6,,,77739055332151679869915449929268941087,0 5192,['CWE-20'],"static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { struct vcpu_vmx *vmx = to_vmx(vcpu); u32 intr_info; if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) vmx->entry_time = ktime_get(); if (vmx->emulation_required && emulate_invalid_guest_state) { handle_invalid_guest_state(vcpu, kvm_run); return; } if (test_bit(VCPU_REGS_RSP, (unsigned long *)&vcpu->arch.regs_dirty)) vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]); if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); vmcs_writel(HOST_CR0, read_cr0()); set_debugreg(vcpu->arch.dr6, 6); asm( ""push %%""R""dx; push %%""R""bp;"" ""push %%""R""cx \n\t"" ""cmp %%""R""sp, %c[host_rsp](%0) \n\t"" ""je 1f \n\t"" ""mov %%""R""sp, %c[host_rsp](%0) \n\t"" __ex(ASM_VMX_VMWRITE_RSP_RDX) ""\n\t"" ""1: \n\t"" ""cmpl $0, %c[launched](%0) \n\t"" ""mov %c[cr2](%0), %%""R""ax \n\t"" ""mov %%""R""ax, %%cr2 \n\t"" ""mov %c[rax](%0), %%""R""ax \n\t"" ""mov %c[rbx](%0), %%""R""bx \n\t"" ""mov %c[rdx](%0), %%""R""dx \n\t"" ""mov %c[rsi](%0), %%""R""si \n\t"" ""mov %c[rdi](%0), %%""R""di \n\t"" ""mov %c[rbp](%0), %%""R""bp \n\t"" #ifdef CONFIG_X86_64 ""mov %c[r8](%0), %%r8 \n\t"" ""mov %c[r9](%0), %%r9 \n\t"" ""mov %c[r10](%0), %%r10 \n\t"" ""mov %c[r11](%0), %%r11 \n\t"" ""mov %c[r12](%0), %%r12 \n\t"" ""mov %c[r13](%0), %%r13 \n\t"" ""mov %c[r14](%0), %%r14 \n\t"" ""mov %c[r15](%0), %%r15 \n\t"" #endif ""mov %c[rcx](%0), %%""R""cx \n\t"" ""jne .Llaunched \n\t"" __ex(ASM_VMX_VMLAUNCH) ""\n\t"" ""jmp .Lkvm_vmx_return \n\t"" "".Llaunched: "" __ex(ASM_VMX_VMRESUME) ""\n\t"" "".Lkvm_vmx_return: "" ""xchg %0, (%%""R""sp) \n\t"" ""mov %%""R""ax, %c[rax](%0) \n\t"" ""mov %%""R""bx, %c[rbx](%0) \n\t"" ""push""Q"" (%%""R""sp); pop""Q"" %c[rcx](%0) \n\t"" ""mov %%""R""dx, %c[rdx](%0) \n\t"" ""mov %%""R""si, %c[rsi](%0) \n\t"" ""mov %%""R""di, %c[rdi](%0) \n\t"" ""mov %%""R""bp, %c[rbp](%0) \n\t"" #ifdef CONFIG_X86_64 ""mov %%r8, %c[r8](%0) \n\t"" ""mov %%r9, %c[r9](%0) \n\t"" ""mov %%r10, %c[r10](%0) \n\t"" ""mov %%r11, %c[r11](%0) \n\t"" ""mov %%r12, %c[r12](%0) \n\t"" ""mov %%r13, %c[r13](%0) \n\t"" ""mov %%r14, %c[r14](%0) \n\t"" ""mov %%r15, %c[r15](%0) \n\t"" #endif ""mov %%cr2, %%""R""ax \n\t"" ""mov %%""R""ax, %c[cr2](%0) \n\t"" ""pop %%""R""bp; pop %%""R""bp; pop %%""R""dx \n\t"" ""setbe %c[fail](%0) \n\t"" : : ""c""(vmx), ""d""((unsigned long)HOST_RSP), [launched]""i""(offsetof(struct vcpu_vmx, launched)), [fail]""i""(offsetof(struct vcpu_vmx, fail)), [host_rsp]""i""(offsetof(struct vcpu_vmx, host_rsp)), [rax]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RAX])), [rbx]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RBX])), [rcx]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RCX])), [rdx]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RDX])), [rsi]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RSI])), [rdi]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RDI])), [rbp]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RBP])), #ifdef CONFIG_X86_64 [r8]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R8])), [r9]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R9])), [r10]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R10])), [r11]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R11])), [r12]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R12])), [r13]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R13])), [r14]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R14])), [r15]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R15])), #endif [cr2]""i""(offsetof(struct vcpu_vmx, vcpu.arch.cr2)) : ""cc"", ""memory"" , R""bx"", R""di"", R""si"" #ifdef CONFIG_X86_64 , ""r8"", ""r9"", ""r10"", ""r11"", ""r12"", ""r13"", ""r14"", ""r15"" #endif ); vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)); vcpu->arch.regs_dirty = 0; get_debugreg(vcpu->arch.dr6, 6); vmx->idt_vectoring_info = vmcs_read32(IDT_VECTORING_INFO_FIELD); if (vmx->rmode.irq.pending) fixup_rmode_irq(vmx); vmx_update_window_states(vcpu); asm(""mov %0, %%ds; mov %0, %%es"" : : ""r""(__USER_DS)); vmx->launched = 1; intr_info = vmcs_read32(VM_EXIT_INTR_INFO); if ((intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR && (intr_info & INTR_INFO_VALID_MASK)) { KVMTRACE_0D(NMI, vcpu, handler); asm(""int $2""); } vmx_complete_interrupts(vmx); }",linux-2.6,,,38604396314334704752161949011799374428,0 530,CWE-200,"static int vmci_transport_dgram_dequeue(struct kiocb *kiocb, struct vsock_sock *vsk, struct msghdr *msg, size_t len, int flags) { int err; int noblock; struct vmci_datagram *dg; size_t payload_len; struct sk_buff *skb; noblock = flags & MSG_DONTWAIT; if (flags & MSG_OOB || flags & MSG_ERRQUEUE) return -EOPNOTSUPP; err = 0; skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); if (err) return err; if (!skb) return -EAGAIN; dg = (struct vmci_datagram *)skb->data; if (!dg) goto out; payload_len = dg->payload_size; if (payload_len != skb->len - sizeof(*dg)) { err = -EINVAL; goto out; } if (payload_len > len) { payload_len = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, sizeof(*dg), msg->msg_iov, payload_len); if (err) goto out; msg->msg_namelen = 0; if (msg->msg_name) { struct sockaddr_vm *vm_addr; vm_addr = (struct sockaddr_vm *)msg->msg_name; vsock_addr_init(vm_addr, dg->src.context, dg->src.resource); msg->msg_namelen = sizeof(*vm_addr); } err = payload_len; out: skb_free_datagram(&vsk->sk, skb); return err; }",visit repo url,net/vmw_vsock/vmci_transport.c,https://github.com/torvalds/linux,88915991848621,1 2648,CWE-125,"static char* get_icu_value_internal( const char* loc_name , char* tag_name, int* result , int fromParseLocale) { char* tag_value = NULL; int32_t tag_value_len = 512; int singletonPos = 0; char* mod_loc_name = NULL; int grOffset = 0; int32_t buflen = 512; UErrorCode status = U_ZERO_ERROR; if( strcmp(tag_name, LOC_CANONICALIZE_TAG) != 0 ){ grOffset = findOffset( LOC_GRANDFATHERED , loc_name ); if( grOffset >= 0 ){ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ return estrdup(loc_name); } else { return NULL; } } if( fromParseLocale==1 ){ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ if( strlen(loc_name)>1 && (isIDPrefix(loc_name) == 1) ){ return estrdup(loc_name); } } singletonPos = getSingletonPos( loc_name ); if( singletonPos == 0){ return NULL; } else if( singletonPos > 0 ){ mod_loc_name = estrndup ( loc_name , singletonPos-1); } } } if( mod_loc_name == NULL){ mod_loc_name = estrdup(loc_name ); } do{ tag_value = erealloc( tag_value , buflen ); tag_value_len = buflen; if( strcmp(tag_name , LOC_SCRIPT_TAG)==0 ){ buflen = uloc_getScript ( mod_loc_name ,tag_value , tag_value_len , &status); } if( strcmp(tag_name , LOC_LANG_TAG )==0 ){ buflen = uloc_getLanguage ( mod_loc_name ,tag_value , tag_value_len , &status); } if( strcmp(tag_name , LOC_REGION_TAG)==0 ){ buflen = uloc_getCountry ( mod_loc_name ,tag_value , tag_value_len , &status); } if( strcmp(tag_name , LOC_VARIANT_TAG)==0 ){ buflen = uloc_getVariant ( mod_loc_name ,tag_value , tag_value_len , &status); } if( strcmp(tag_name , LOC_CANONICALIZE_TAG)==0 ){ buflen = uloc_canonicalize ( mod_loc_name ,tag_value , tag_value_len , &status); } if( U_FAILURE( status ) ) { if( status == U_BUFFER_OVERFLOW_ERROR ) { status = U_ZERO_ERROR; continue; } *result = 0; if( tag_value ){ efree( tag_value ); } if( mod_loc_name ){ efree( mod_loc_name); } return NULL; } } while( buflen > tag_value_len ); if( buflen ==0 ){ *result = -1; if( tag_value ){ efree( tag_value ); } if( mod_loc_name ){ efree( mod_loc_name); } return NULL; } else { *result = 1; } if( mod_loc_name ){ efree( mod_loc_name); } return tag_value; }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,273295905858294,1 3239,CWE-125,"print_lcp_config_options(netdissect_options *ndo, const u_char *p, int length) { int len, opt; if (length < 2) return 0; ND_TCHECK2(*p, 2); len = p[1]; opt = p[0]; if (length < len) return 0; if (len < 2) { if ((opt >= LCPOPT_MIN) && (opt <= LCPOPT_MAX)) ND_PRINT((ndo, ""\n\t %s Option (0x%02x), length %u (length bogus, should be >= 2)"", lcpconfopts[opt], opt, len)); else ND_PRINT((ndo, ""\n\tunknown LCP option 0x%02x"", opt)); return 0; } if ((opt >= LCPOPT_MIN) && (opt <= LCPOPT_MAX)) ND_PRINT((ndo, ""\n\t %s Option (0x%02x), length %u"", lcpconfopts[opt], opt, len)); else { ND_PRINT((ndo, ""\n\tunknown LCP option 0x%02x"", opt)); return len; } switch (opt) { case LCPOPT_VEXT: if (len < 6) { ND_PRINT((ndo, "" (length bogus, should be >= 6)"")); return len; } ND_TCHECK2(*(p + 2), 3); ND_PRINT((ndo, "": Vendor: %s (%u)"", tok2str(oui_values,""Unknown"",EXTRACT_24BITS(p+2)), EXTRACT_24BITS(p + 2))); #if 0 ND_TCHECK(p[5]); ND_PRINT((ndo, "", kind: 0x%02x"", p[5])); ND_PRINT((ndo, "", Value: 0x"")); for (i = 0; i < len - 6; i++) { ND_TCHECK(p[6 + i]); ND_PRINT((ndo, ""%02x"", p[6 + i])); } #endif break; case LCPOPT_MRU: if (len != 4) { ND_PRINT((ndo, "" (length bogus, should be = 4)"")); return len; } ND_TCHECK2(*(p + 2), 2); ND_PRINT((ndo, "": %u"", EXTRACT_16BITS(p + 2))); break; case LCPOPT_ACCM: if (len != 6) { ND_PRINT((ndo, "" (length bogus, should be = 6)"")); return len; } ND_TCHECK2(*(p + 2), 4); ND_PRINT((ndo, "": 0x%08x"", EXTRACT_32BITS(p + 2))); break; case LCPOPT_AP: if (len < 4) { ND_PRINT((ndo, "" (length bogus, should be >= 4)"")); return len; } ND_TCHECK2(*(p + 2), 2); ND_PRINT((ndo, "": %s"", tok2str(ppptype2str, ""Unknown Auth Proto (0x04x)"", EXTRACT_16BITS(p + 2)))); switch (EXTRACT_16BITS(p+2)) { case PPP_CHAP: ND_TCHECK(p[4]); ND_PRINT((ndo, "", %s"", tok2str(authalg_values, ""Unknown Auth Alg %u"", p[4]))); break; case PPP_PAP: case PPP_EAP: case PPP_SPAP: case PPP_SPAP_OLD: break; default: print_unknown_data(ndo, p, ""\n\t"", len); } break; case LCPOPT_QP: if (len < 4) { ND_PRINT((ndo, "" (length bogus, should be >= 4)"")); return 0; } ND_TCHECK2(*(p + 2), 2); if (EXTRACT_16BITS(p+2) == PPP_LQM) ND_PRINT((ndo, "": LQR"")); else ND_PRINT((ndo, "": unknown"")); break; case LCPOPT_MN: if (len != 6) { ND_PRINT((ndo, "" (length bogus, should be = 6)"")); return 0; } ND_TCHECK2(*(p + 2), 4); ND_PRINT((ndo, "": 0x%08x"", EXTRACT_32BITS(p + 2))); break; case LCPOPT_PFC: break; case LCPOPT_ACFC: break; case LCPOPT_LD: if (len != 4) { ND_PRINT((ndo, "" (length bogus, should be = 4)"")); return 0; } ND_TCHECK2(*(p + 2), 2); ND_PRINT((ndo, "": 0x%04x"", EXTRACT_16BITS(p + 2))); break; case LCPOPT_CBACK: if (len < 3) { ND_PRINT((ndo, "" (length bogus, should be >= 3)"")); return 0; } ND_PRINT((ndo, "": "")); ND_TCHECK(p[2]); ND_PRINT((ndo, "": Callback Operation %s (%u)"", tok2str(ppp_callback_values, ""Unknown"", p[2]), p[2])); break; case LCPOPT_MLMRRU: if (len != 4) { ND_PRINT((ndo, "" (length bogus, should be = 4)"")); return 0; } ND_TCHECK2(*(p + 2), 2); ND_PRINT((ndo, "": %u"", EXTRACT_16BITS(p + 2))); break; case LCPOPT_MLED: if (len < 3) { ND_PRINT((ndo, "" (length bogus, should be >= 3)"")); return 0; } ND_TCHECK(p[2]); switch (p[2]) { case MEDCLASS_NULL: ND_PRINT((ndo, "": Null"")); break; case MEDCLASS_LOCAL: ND_PRINT((ndo, "": Local"")); break; case MEDCLASS_IPV4: if (len != 7) { ND_PRINT((ndo, "" (length bogus, should be = 7)"")); return 0; } ND_TCHECK2(*(p + 3), 4); ND_PRINT((ndo, "": IPv4 %s"", ipaddr_string(ndo, p + 3))); break; case MEDCLASS_MAC: if (len != 9) { ND_PRINT((ndo, "" (length bogus, should be = 9)"")); return 0; } ND_TCHECK2(*(p + 3), 6); ND_PRINT((ndo, "": MAC %s"", etheraddr_string(ndo, p + 3))); break; case MEDCLASS_MNB: ND_PRINT((ndo, "": Magic-Num-Block"")); break; case MEDCLASS_PSNDN: ND_PRINT((ndo, "": PSNDN"")); break; default: ND_PRINT((ndo, "": Unknown class %u"", p[2])); break; } break; #if 0 case LCPOPT_DEP6: case LCPOPT_FCSALT: case LCPOPT_SDP: case LCPOPT_NUMMODE: case LCPOPT_DEP12: case LCPOPT_DEP14: case LCPOPT_DEP15: case LCPOPT_DEP16: case LCPOPT_MLSSNHF: case LCPOPT_PROP: case LCPOPT_DCEID: case LCPOPT_MPP: case LCPOPT_LCPAOPT: case LCPOPT_COBS: case LCPOPT_PE: case LCPOPT_MLHF: case LCPOPT_I18N: case LCPOPT_SDLOS: case LCPOPT_PPPMUX: break; #endif default: if (ndo->ndo_vflag < 2) print_unknown_data(ndo, &p[2], ""\n\t "", len - 2); break; } if (ndo->ndo_vflag > 1) print_unknown_data(ndo, &p[2], ""\n\t "", len - 2); return len; trunc: ND_PRINT((ndo, ""[|lcp]"")); return 0; }",visit repo url,print-ppp.c,https://github.com/the-tcpdump-group/tcpdump,226043988286427,1 6550,CWE-22,"int callback_static_compressed_inmemory_website (const struct _u_request * request, struct _u_response * response, void * user_data) { struct _u_compressed_inmemory_website_config * config = (struct _u_compressed_inmemory_website_config *)user_data; char ** accept_list = NULL; int ret = U_CALLBACK_CONTINUE, compress_mode = U_COMPRESS_NONE, res; z_stream defstream; unsigned char * file_content, * file_content_orig = NULL; size_t length, read_length, offset, data_zip_len = 0; FILE * f; char * file_requested, * file_path, * url_dup_save, * data_zip = NULL; const char * content_type; if (request->callback_position > 0) { return U_CALLBACK_IGNORE; } else { file_requested = o_strdup(request->http_url); url_dup_save = file_requested; file_requested += o_strlen((config->url_prefix)); while (file_requested[0] == '/') { file_requested++; } if (strchr(file_requested, '#') != NULL) { *strchr(file_requested, '#') = '\0'; } if (strchr(file_requested, '?') != NULL) { *strchr(file_requested, '?') = '\0'; } if (file_requested == NULL || o_strnullempty(file_requested) || 0 == o_strcmp(""/"", file_requested)) { o_free(url_dup_save); url_dup_save = file_requested = o_strdup(""index.html""); } if (!u_map_has_key_case(response->map_header, U_CONTENT_HEADER)) { if (split_string(u_map_get_case(request->map_header, U_ACCEPT_HEADER), "","", &accept_list)) { if (config->allow_gzip && string_array_has_trimmed_value((const char **)accept_list, U_ACCEPT_GZIP)) { compress_mode = U_COMPRESS_GZIP; } else if (config->allow_deflate && string_array_has_trimmed_value((const char **)accept_list, U_ACCEPT_DEFLATE)) { compress_mode = U_COMPRESS_DEFL; } if (compress_mode != U_COMPRESS_NONE) { if (compress_mode == U_COMPRESS_GZIP && config->allow_cache_compressed && u_map_has_key(&config->gzip_files, file_requested)) { ulfius_set_binary_body_response(response, 200, u_map_get(&config->gzip_files, file_requested), u_map_get_length(&config->gzip_files, file_requested)); u_map_put(response->map_header, U_CONTENT_HEADER, U_ACCEPT_GZIP); content_type = u_map_get_case(&config->mime_types, get_filename_ext(file_requested)); if (content_type == NULL) { content_type = u_map_get(&config->mime_types, ""*""); } u_map_put(response->map_header, ""Content-Type"", content_type); u_map_copy_into(response->map_header, &config->map_header); } else if (compress_mode == U_COMPRESS_DEFL && config->allow_cache_compressed && u_map_has_key(&config->deflate_files, file_requested)) { ulfius_set_binary_body_response(response, 200, u_map_get(&config->deflate_files, file_requested), u_map_get_length(&config->deflate_files, file_requested)); u_map_put(response->map_header, U_CONTENT_HEADER, U_ACCEPT_DEFLATE); content_type = u_map_get_case(&config->mime_types, get_filename_ext(file_requested)); if (content_type == NULL) { content_type = u_map_get(&config->mime_types, ""*""); } u_map_put(response->map_header, ""Content-Type"", content_type); u_map_copy_into(response->map_header, &config->map_header); } else { file_path = msprintf(""%s/%s"", ((struct _u_compressed_inmemory_website_config *)user_data)->files_path, file_requested); if (!pthread_mutex_lock(&config->lock)) { f = fopen (file_path, ""rb""); if (f) { content_type = u_map_get_case(&config->mime_types, get_filename_ext(file_requested)); if (content_type == NULL) { content_type = u_map_get(&config->mime_types, ""*""); y_log_message(Y_LOG_LEVEL_WARNING, ""Static File Server - Unknown mime type for extension %s"", get_filename_ext(file_requested)); } if (!string_array_has_value((const char **)config->mime_types_compressed, content_type)) { compress_mode = U_COMPRESS_NONE; } u_map_put(response->map_header, ""Content-Type"", content_type); u_map_copy_into(response->map_header, &config->map_header); fseek (f, 0, SEEK_END); offset = length = ftell (f); fseek (f, 0, SEEK_SET); if (length) { if ((file_content_orig = file_content = o_malloc(length)) != NULL && (data_zip = o_malloc((2*length)+20)) != NULL) { defstream.zalloc = u_zalloc; defstream.zfree = u_zfree; defstream.opaque = Z_NULL; defstream.avail_in = (uInt)length; defstream.next_in = (Bytef *)file_content; while ((read_length = fread(file_content, sizeof(char), offset, f))) { file_content += read_length; offset -= read_length; } if (compress_mode == U_COMPRESS_GZIP) { if (deflateInit2(&defstream, Z_DEFAULT_COMPRESSION, Z_DEFLATED, U_GZIP_WINDOW_BITS | U_GZIP_ENCODING, 8, Z_DEFAULT_STRATEGY) != Z_OK) { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_static_compressed_inmemory_website - Error deflateInit (gzip)""); ret = U_CALLBACK_ERROR; } } else { if (deflateInit(&defstream, Z_BEST_COMPRESSION) != Z_OK) { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_static_compressed_inmemory_website - Error deflateInit (deflate)""); ret = U_CALLBACK_ERROR; } } if (ret == U_CALLBACK_CONTINUE) { do { if ((data_zip = o_realloc(data_zip, data_zip_len+_U_W_BLOCK_SIZE)) != NULL) { defstream.avail_out = _U_W_BLOCK_SIZE; defstream.next_out = ((Bytef *)data_zip)+data_zip_len; switch ((res = deflate(&defstream, Z_FINISH))) { case Z_OK: case Z_STREAM_END: case Z_BUF_ERROR: break; default: y_log_message(Y_LOG_LEVEL_ERROR, ""callback_static_compressed_inmemory_website - Error deflate %d"", res); ret = U_CALLBACK_ERROR; break; } data_zip_len += _U_W_BLOCK_SIZE - defstream.avail_out; } else { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_static_compressed_inmemory_website - Error allocating resources for data_zip""); ret = U_CALLBACK_ERROR; } } while (U_CALLBACK_CONTINUE == ret && defstream.avail_out == 0); if (ret == U_CALLBACK_CONTINUE) { if (compress_mode == U_COMPRESS_GZIP) { if (config->allow_cache_compressed) { u_map_put_binary(&config->gzip_files, file_requested, data_zip, 0, defstream.total_out); } ulfius_set_binary_body_response(response, 200, u_map_get(&config->gzip_files, file_requested), u_map_get_length(&config->gzip_files, file_requested)); } else { if (config->allow_cache_compressed) { u_map_put_binary(&config->deflate_files, file_requested, data_zip, 0, defstream.total_out); } ulfius_set_binary_body_response(response, 200, u_map_get(&config->deflate_files, file_requested), u_map_get_length(&config->deflate_files, file_requested)); } u_map_put(response->map_header, U_CONTENT_HEADER, compress_mode==U_COMPRESS_GZIP?U_ACCEPT_GZIP:U_ACCEPT_DEFLATE); } } deflateEnd(&defstream); o_free(data_zip); } else { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_static_compressed_inmemory_website - Error allocating resource for file_content or data_zip""); ret = U_CALLBACK_ERROR; } o_free(file_content_orig); } fclose(f); } else { if (((struct _u_compressed_inmemory_website_config *)user_data)->redirect_on_404 == NULL) { ret = U_CALLBACK_IGNORE; } else { ulfius_add_header_to_response(response, ""Location"", ((struct _u_compressed_inmemory_website_config *)user_data)->redirect_on_404); response->status = 302; } } pthread_mutex_unlock(&config->lock); } else { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_static_compressed_inmemory_website - Error pthread_lock_mutex""); ret = U_CALLBACK_ERROR; } o_free(file_path); } } else { ret = callback_static_file_uncompressed(request, response, user_data); } free_string_array(accept_list); } } o_free(url_dup_save); } return ret; }",visit repo url,src/static_compressed_inmemory_website_callback.c,https://github.com/babelouest/glewlwyd,63864457556430,1 1411,[],"static struct sched_entity *pick_next_entity(struct cfs_rq *cfs_rq) { struct sched_entity *se = NULL; if (first_fair(cfs_rq)) { se = __pick_next_entity(cfs_rq); se = pick_next(cfs_rq, se); set_next_entity(cfs_rq, se); } return se; }",linux-2.6,,,229436487813500219675173734256465344378,0 4316,['CWE-119'],"static void ms_adpcm_reset2 (_AFmoduleinst *i) { ms_adpcm_data *d = (ms_adpcm_data *) i->modspec; int framesPerBlock; framesPerBlock = d->framesPerBlock; d->track->fpos_next_frame = d->track->fpos_first_frame + d->blockAlign * (d->track->nextfframe / framesPerBlock); d->track->frames2ignore += d->framesToIgnore; assert(d->track->nextfframe % framesPerBlock == 0); }",audiofile,,,316830198250720200755486701792516554813,0 3690,CWE-119,"ssh_packet_set_compress_state(struct ssh *ssh, struct sshbuf *m) { struct session_state *state = ssh->state; struct sshbuf *b = NULL; int r; const u_char *inblob, *outblob; size_t inl, outl; if ((r = sshbuf_froms(m, &b)) != 0) goto out; if ((r = sshbuf_get_string_direct(b, &inblob, &inl)) != 0 || (r = sshbuf_get_string_direct(b, &outblob, &outl)) != 0) goto out; if (inl == 0) state->compression_in_started = 0; else if (inl != sizeof(state->compression_in_stream)) { r = SSH_ERR_INTERNAL_ERROR; goto out; } else { state->compression_in_started = 1; memcpy(&state->compression_in_stream, inblob, inl); } if (outl == 0) state->compression_out_started = 0; else if (outl != sizeof(state->compression_out_stream)) { r = SSH_ERR_INTERNAL_ERROR; goto out; } else { state->compression_out_started = 1; memcpy(&state->compression_out_stream, outblob, outl); } r = 0; out: sshbuf_free(b); return r; }",visit repo url,usr.bin/ssh/packet.c,https://github.com/openbsd/src,237250052052026,1 3200,CWE-835,"lldp_private_8021_print(netdissect_options *ndo, const u_char *tptr, u_int tlv_len) { int subtype, hexdump = FALSE; u_int sublen; u_int tval; uint8_t i; if (tlv_len < 4) { return hexdump; } subtype = *(tptr+3); ND_PRINT((ndo, ""\n\t %s Subtype (%u)"", tok2str(lldp_8021_subtype_values, ""unknown"", subtype), subtype)); switch (subtype) { case LLDP_PRIVATE_8021_SUBTYPE_PORT_VLAN_ID: if (tlv_len < 6) { return hexdump; } ND_PRINT((ndo, ""\n\t port vlan id (PVID): %u"", EXTRACT_16BITS(tptr + 4))); break; case LLDP_PRIVATE_8021_SUBTYPE_PROTOCOL_VLAN_ID: if (tlv_len < 7) { return hexdump; } ND_PRINT((ndo, ""\n\t port and protocol vlan id (PPVID): %u, flags [%s] (0x%02x)"", EXTRACT_16BITS(tptr+5), bittok2str(lldp_8021_port_protocol_id_values, ""none"", *(tptr+4)), *(tptr + 4))); break; case LLDP_PRIVATE_8021_SUBTYPE_VLAN_NAME: if (tlv_len < 6) { return hexdump; } ND_PRINT((ndo, ""\n\t vlan id (VID): %u"", EXTRACT_16BITS(tptr + 4))); if (tlv_len < 7) { return hexdump; } sublen = *(tptr+6); if (tlv_len < 7+sublen) { return hexdump; } ND_PRINT((ndo, ""\n\t vlan name: "")); safeputs(ndo, tptr + 7, sublen); break; case LLDP_PRIVATE_8021_SUBTYPE_PROTOCOL_IDENTITY: if (tlv_len < 5) { return hexdump; } sublen = *(tptr+4); if (tlv_len < 5+sublen) { return hexdump; } ND_PRINT((ndo, ""\n\t protocol identity: "")); safeputs(ndo, tptr + 5, sublen); break; case LLDP_PRIVATE_8021_SUBTYPE_CONGESTION_NOTIFICATION: if(tlv_len> i) & 0x01)); tval=*(tptr+5); ND_PRINT((ndo, ""\n\t Pre-Priority Ready Indicator"")); ND_PRINT((ndo, ""\n\t Priority : 0 1 2 3 4 5 6 7"")); ND_PRINT((ndo, ""\n\t Value : "")); for(i=0;i> i) & 0x01)); break; case LLDP_PRIVATE_8021_SUBTYPE_ETS_CONFIGURATION: if(tlv_len> 7, (tval >> 6) & 0x02, (tval >> 3) & 0x07, tval & 0x07)); print_ets_priority_assignment_table(ndo, tptr + 5); print_tc_bandwidth_table(ndo, tptr + 9); print_tsa_assignment_table(ndo, tptr + 17); break; case LLDP_PRIVATE_8021_SUBTYPE_ETS_RECOMMENDATION: if(tlv_len> 7, (tval >> 6) & 0x01, (tval >> 4) & 0x03, (tval & 0x0f))); ND_PRINT((ndo, ""\n\t PFC Enable"")); tval=*(tptr+5); ND_PRINT((ndo, ""\n\t Priority : 0 1 2 3 4 5 6 7"")); ND_PRINT((ndo, ""\n\t Value : "")); for(i=0;i> i) & 0x01)); break; case LLDP_PRIVATE_8021_SUBTYPE_APPLICATION_PRIORITY: if(tlv_len> 5, (tval >> 3) & 0x03, (tval & 0x07))); ND_PRINT((ndo, ""Protocol ID: %d"", EXTRACT_16BITS(tptr + i + 5))); i=i+3; } break; case LLDP_PRIVATE_8021_SUBTYPE_EVB: if(tlv_len> 3, (tval >> 2) & 0x01, (tval >> 1) & 0x01, tval & 0x01)); ND_PRINT((ndo, ""\n\t EVB Station Status"")); tval=*(tptr+5); ND_PRINT((ndo, ""\n\t RES: %d, SGID: %d, RRREQ: %d,RRSTAT: %d"", tval >> 4, (tval >> 3) & 0x01, (tval >> 2) & 0x01, tval & 0x03)); tval=*(tptr+6); ND_PRINT((ndo, ""\n\t R: %d, RTE: %d, "",tval >> 5, tval & 0x1f)); tval=*(tptr+7); ND_PRINT((ndo, ""EVB Mode: %s [%d]"", tok2str(lldp_evb_mode_values, ""unknown"", tval >> 6), tval >> 6)); ND_PRINT((ndo, ""\n\t ROL: %d, RWD: %d, "", (tval >> 5) & 0x01, tval & 0x1f)); tval=*(tptr+8); ND_PRINT((ndo, ""RES: %d, ROL: %d, RKA: %d"", tval >> 6, (tval >> 5) & 0x01, tval & 0x1f)); break; case LLDP_PRIVATE_8021_SUBTYPE_CDCP: if(tlv_len> 7, (tval >> 4) & 0x07, (tval >> 3) & 0x01)); ND_PRINT((ndo, ""ChnCap: %d"", EXTRACT_16BITS(tptr + 6) & 0x0fff)); sublen=tlv_len-8; if(sublen%3!=0) { return hexdump; } i=0; while(i> 12, tval & 0x000fff)); i=i+3; } break; default: hexdump = TRUE; break; } return hexdump; }",visit repo url,print-lldp.c,https://github.com/the-tcpdump-group/tcpdump,16955530765379,1 4697,CWE-20,"static int cmd_handle_untagged (IMAP_DATA* idata) { char* s; char* pn; unsigned int count; s = imap_next_word (idata->buf); pn = imap_next_word (s); if ((idata->state >= IMAP_SELECTED) && isdigit ((unsigned char) *s)) { pn = s; s = imap_next_word (s); if (ascii_strncasecmp (""EXISTS"", s, 6) == 0) { dprint (2, (debugfile, ""Handling EXISTS\n"")); mutt_atoui (pn, &count); if ( !(idata->reopen & IMAP_EXPUNGE_PENDING) && count < idata->max_msn) { dprint (1, (debugfile, ""Message count is out of sync"")); return 0; } else if (count == idata->max_msn) dprint (3, (debugfile, ""cmd_handle_untagged: superfluous EXISTS message.\n"")); else { if (!(idata->reopen & IMAP_EXPUNGE_PENDING)) { dprint (2, (debugfile, ""cmd_handle_untagged: New mail in %s - %d messages total.\n"", idata->mailbox, count)); idata->reopen |= IMAP_NEWMAIL_PENDING; } idata->newMailCount = count; } } else if (ascii_strncasecmp (""EXPUNGE"", s, 7) == 0) cmd_parse_expunge (idata, pn); else if (ascii_strncasecmp (""FETCH"", s, 5) == 0) cmd_parse_fetch (idata, pn); } else if (ascii_strncasecmp (""CAPABILITY"", s, 10) == 0) cmd_parse_capability (idata, s); else if (!ascii_strncasecmp (""OK [CAPABILITY"", s, 14)) cmd_parse_capability (idata, pn); else if (!ascii_strncasecmp (""OK [CAPABILITY"", pn, 14)) cmd_parse_capability (idata, imap_next_word (pn)); else if (ascii_strncasecmp (""LIST"", s, 4) == 0) cmd_parse_list (idata, s); else if (ascii_strncasecmp (""LSUB"", s, 4) == 0) cmd_parse_lsub (idata, s); else if (ascii_strncasecmp (""MYRIGHTS"", s, 8) == 0) cmd_parse_myrights (idata, s); else if (ascii_strncasecmp (""SEARCH"", s, 6) == 0) cmd_parse_search (idata, s); else if (ascii_strncasecmp (""STATUS"", s, 6) == 0) cmd_parse_status (idata, s); else if (ascii_strncasecmp (""ENABLED"", s, 7) == 0) cmd_parse_enabled (idata, s); else if (ascii_strncasecmp (""BYE"", s, 3) == 0) { dprint (2, (debugfile, ""Handling BYE\n"")); if (idata->status == IMAP_BYE) return 0; s += 3; SKIPWS (s); mutt_error (""%s"", s); mutt_sleep (2); cmd_handle_fatal (idata); return -1; } else if (option (OPTIMAPSERVERNOISE) && (ascii_strncasecmp (""NO"", s, 2) == 0)) { dprint (2, (debugfile, ""Handling untagged NO\n"")); mutt_error (""%s"", s+3); mutt_sleep (2); } return 0; }",visit repo url,imap/command.c,https://gitlab.com/muttmua/mutt,59966603512282,1 6460,CWE-476,"jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr) { jp2_box_t *box; int found; jas_image_t *image; jp2_dec_t *dec; bool samedtype; int dtype; unsigned int i; jp2_cmap_t *cmapd; jp2_pclr_t *pclrd; jp2_cdef_t *cdefd; unsigned int channo; int newcmptno; int_fast32_t *lutents; #if 0 jp2_cdefchan_t *cdefent; int cmptno; #endif jp2_cmapent_t *cmapent; jas_icchdr_t icchdr; jas_iccprof_t *iccprof; dec = 0; box = 0; image = 0; JAS_DBGLOG(100, (""jp2_decode(%p, \""%s\"")\n"", in, optstr)); if (!(dec = jp2_dec_create())) { goto error; } if (!(box = jp2_box_get(in))) { jas_eprintf(""error: cannot get box\n""); goto error; } if (box->type != JP2_BOX_JP) { jas_eprintf(""error: expecting signature box\n""); goto error; } if (box->data.jp.magic != JP2_JP_MAGIC) { jas_eprintf(""incorrect magic number\n""); goto error; } jp2_box_destroy(box); box = 0; if (!(box = jp2_box_get(in))) { goto error; } if (box->type != JP2_BOX_FTYP) { jas_eprintf(""expecting file type box\n""); goto error; } jp2_box_destroy(box); box = 0; found = 0; while ((box = jp2_box_get(in))) { if (jas_getdbglevel() >= 1) { jas_eprintf(""got box type %s\n"", box->info->name); } switch (box->type) { case JP2_BOX_JP2C: found = 1; break; case JP2_BOX_IHDR: if (!dec->ihdr) { dec->ihdr = box; box = 0; } break; case JP2_BOX_BPCC: if (!dec->bpcc) { dec->bpcc = box; box = 0; } break; case JP2_BOX_CDEF: if (!dec->cdef) { dec->cdef = box; box = 0; } break; case JP2_BOX_PCLR: if (!dec->pclr) { dec->pclr = box; box = 0; } break; case JP2_BOX_CMAP: if (!dec->cmap) { dec->cmap = box; box = 0; } break; case JP2_BOX_COLR: if (!dec->colr) { dec->colr = box; box = 0; } break; } if (box) { jp2_box_destroy(box); box = 0; } if (found) { break; } } if (!found) { jas_eprintf(""error: no code stream found\n""); goto error; } if (!(dec->image = jpc_decode(in, optstr))) { jas_eprintf(""error: cannot decode code stream\n""); goto error; } if (!dec->ihdr) { jas_eprintf(""error: missing IHDR box\n""); goto error; } if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } samedtype = true; dtype = jas_image_cmptdtype(dec->image, 0); for (i = 1; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != dtype) { samedtype = false; break; } } if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) || (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) { jas_eprintf(""warning: component data type mismatch (IHDR)\n""); } if (dec->ihdr->data.ihdr.comptype != JP2_IHDR_COMPTYPE) { jas_eprintf(""error: unsupported compression type\n""); goto error; } if (dec->bpcc) { if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts( dec->image))) { jas_eprintf(""warning: number of components mismatch\n""); } if (!samedtype) { for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) { if (jas_image_cmptdtype(dec->image, i) != JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) { jas_eprintf(""warning: component data type mismatch (BPCC)\n""); } } } else { jas_eprintf(""warning: superfluous BPCC box\n""); } } if (!dec->colr) { jas_eprintf(""error: no COLR box\n""); goto error; } switch (dec->colr->data.colr.method) { case JP2_COLR_ENUM: jas_image_setclrspc(dec->image, jp2_getcs(&dec->colr->data.colr)); break; case JP2_COLR_ICC: iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, dec->colr->data.colr.iccplen); if (!iccprof) { jas_eprintf(""error: failed to parse ICC profile\n""); goto error; } jas_iccprof_gethdr(iccprof, &icchdr); jas_eprintf(""ICC Profile CS %08x\n"", icchdr.colorspc); jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof); if (!dec->image->cmprof_) { jas_iccprof_destroy(iccprof); goto error; } jas_iccprof_destroy(iccprof); break; } if (dec->cmap && !dec->pclr) { jas_eprintf(""warning: missing PCLR box or superfluous CMAP box\n""); jp2_box_destroy(dec->cmap); dec->cmap = 0; } if (!dec->cmap && dec->pclr) { jas_eprintf(""warning: missing CMAP box or superfluous PCLR box\n""); jp2_box_destroy(dec->pclr); dec->pclr = 0; } dec->numchans = dec->cmap ? dec->cmap->data.cmap.numchans : JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); if (dec->cmap) { for (i = 0; i < dec->numchans; ++i) { if (dec->cmap->data.cmap.ents[i].cmptno >= JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) { jas_eprintf(""error: invalid component number in CMAP box\n""); goto error; } if (dec->cmap->data.cmap.ents[i].pcol >= dec->pclr->data.pclr.numchans) { jas_eprintf(""error: invalid CMAP LUT index\n""); goto error; } } } if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) { jas_eprintf(""error: no memory\n""); goto error; } if (!dec->cmap) { for (i = 0; i < dec->numchans; ++i) { dec->chantocmptlut[i] = i; } } else { cmapd = &dec->cmap->data.cmap; pclrd = &dec->pclr->data.pclr; cdefd = &dec->cdef->data.cdef; for (channo = 0; channo < cmapd->numchans; ++channo) { cmapent = &cmapd->ents[channo]; if (cmapent->map == JP2_CMAP_DIRECT) { dec->chantocmptlut[channo] = channo; } else if (cmapent->map == JP2_CMAP_PALETTE) { if (!pclrd->numlutents) { goto error; } lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); if (!lutents) { goto error; } for (i = 0; i < pclrd->numlutents; ++i) { lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; } newcmptno = jas_image_numcmpts(dec->image); jas_image_depalettize(dec->image, cmapent->cmptno, pclrd->numlutents, lutents, JP2_BPCTODTYPE(pclrd->bpc[cmapent->pcol]), newcmptno); dec->chantocmptlut[channo] = newcmptno; jas_free(lutents); #if 0 if (dec->cdef) { cdefent = jp2_cdef_lookup(cdefd, channo); if (!cdefent) { abort(); } jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), cdefent->type, cdefent->assoc)); } else { jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1)); } #else (void)cdefd; #endif } else { jas_eprintf(""error: invalid MTYP in CMAP box\n""); goto error; } } } if (dec->numchans != jas_image_numcmpts(dec->image)) { jas_eprintf(""error: mismatch in number of components (%d != %d)\n"", dec->numchans, jas_image_numcmpts(dec->image)); goto error; } for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) { jas_image_setcmpttype(dec->image, i, JAS_IMAGE_CT_UNKNOWN); } if (dec->cdef) { for (i = 0; i < dec->cdef->data.cdef.numchans; ++i) { if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { jas_eprintf(""error: invalid channel number in CDEF box\n""); goto error; } jas_image_setcmpttype(dec->image, dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], jp2_getct(jas_image_clrspc(dec->image), dec->cdef->data.cdef.ents[i].type, dec->cdef->data.cdef.ents[i].assoc)); } } else { for (i = 0; i < dec->numchans; ++i) { jas_image_setcmpttype(dec->image, dec->chantocmptlut[i], jp2_getct(jas_image_clrspc(dec->image), 0, i + 1)); } } for (i = jas_image_numcmpts(dec->image); i > 0; --i) { if (jas_image_cmpttype(dec->image, i - 1) == JAS_IMAGE_CT_UNKNOWN) { jas_image_delcmpt(dec->image, i - 1); } } if (!jas_image_numcmpts(dec->image)) { jas_eprintf(""error: no components\n""); goto error; } #if 0 jas_eprintf(""no of components is %d\n"", jas_image_numcmpts(dec->image)); #endif image = dec->image; dec->image = 0; jp2_dec_destroy(dec); return image; error: if (box) { jp2_box_destroy(box); } if (dec) { jp2_dec_destroy(dec); } return 0; }",visit repo url,src/libjasper/jp2/jp2_dec.c,https://github.com/jasper-software/jasper,249263487627066,1 6615,['CWE-200'],"applet_get_best_activating_connection (NMApplet *applet, NMDevice **device) { NMActiveConnection *best = NULL; NMDevice *best_dev = NULL; const GPtrArray *connections; int i; g_return_val_if_fail (NM_IS_APPLET (applet), NULL); g_return_val_if_fail (device != NULL, NULL); g_return_val_if_fail (*device == NULL, NULL); connections = nm_client_get_active_connections (applet->nm_client); for (i = 0; connections && (i < connections->len); i++) { NMActiveConnection *candidate = g_ptr_array_index (connections, i); const GPtrArray *devices; NMDevice *candidate_dev; if (nm_active_connection_get_state (candidate) != NM_ACTIVE_CONNECTION_STATE_ACTIVATING) continue; devices = nm_active_connection_get_devices (candidate); if (!devices || !devices->len) continue; candidate_dev = g_ptr_array_index (devices, 0); if (!best_dev) { best_dev = candidate_dev; best = candidate; continue; } if (NM_IS_DEVICE_WIFI (best_dev)) { if (NM_IS_DEVICE_ETHERNET (candidate_dev)) { best_dev = candidate_dev; best = candidate; } } else if (NM_IS_CDMA_DEVICE (best_dev)) { if ( NM_IS_DEVICE_ETHERNET (candidate_dev) || NM_IS_DEVICE_WIFI (candidate_dev)) { best_dev = candidate_dev; best = candidate; } } else if (NM_IS_GSM_DEVICE (best_dev)) { if ( NM_IS_DEVICE_ETHERNET (candidate_dev) || NM_IS_DEVICE_WIFI (candidate_dev) || NM_IS_CDMA_DEVICE (candidate_dev)) { best_dev = candidate_dev; best = candidate; } } } *device = best_dev; return best; }",network-manager-applet,,,243596856770406706923708825487430310786,0 4666,['CWE-399'],"static void mpage_add_bh_to_extent(struct mpage_da_data *mpd, sector_t logical, struct buffer_head *bh) { sector_t next; size_t b_size = bh->b_size; struct buffer_head *lbh = &mpd->lbh; int nrblocks = lbh->b_size >> mpd->inode->i_blkbits; if (!(EXT4_I(mpd->inode)->i_flags & EXT4_EXTENTS_FL)) { if (nrblocks >= EXT4_MAX_TRANS_DATA) { goto flush_it; } else if ((nrblocks + (b_size >> mpd->inode->i_blkbits)) > EXT4_MAX_TRANS_DATA) { b_size = (EXT4_MAX_TRANS_DATA - nrblocks) << mpd->inode->i_blkbits; } } if (lbh->b_size == 0) { lbh->b_blocknr = logical; lbh->b_size = b_size; lbh->b_state = bh->b_state & BH_FLAGS; return; } next = lbh->b_blocknr + nrblocks; if (logical == next && (bh->b_state & BH_FLAGS) == lbh->b_state) { lbh->b_size += b_size; return; } flush_it: if (mpage_da_map_blocks(mpd) == 0) mpage_da_submit_io(mpd); mpd->io_done = 1; return; }",linux-2.6,,,104795156100150187163322570600909758447,0 3404,['CWE-264'],"static void __put_unused_fd(struct files_struct *files, unsigned int fd) { struct fdtable *fdt = files_fdtable(files); __FD_CLR(fd, fdt->open_fds); if (fd < files->next_fd) files->next_fd = fd; }",linux-2.6,,,204597471347666993534022793997310578745,0 4315,CWE-125,"static bool read_phdr(ELFOBJ *bin, bool linux_kernel_hack) { bool phdr_found = false; int i; #if R_BIN_ELF64 const bool is_elf64 = true; #else const bool is_elf64 = false; #endif ut64 phnum = Elf_(r_bin_elf_get_phnum) (bin); for (i = 0; i < phnum; i++) { ut8 phdr[sizeof (Elf_(Phdr))] = {0}; int j = 0; const size_t rsize = bin->ehdr.e_phoff + i * sizeof (Elf_(Phdr)); int len = r_buf_read_at (bin->b, rsize, phdr, sizeof (Elf_(Phdr))); if (len < 1) { R_LOG_ERROR (""read (phdr)""); R_FREE (bin->phdr); return false; } bin->phdr[i].p_type = READ32 (phdr, j); if (bin->phdr[i].p_type == PT_PHDR) { phdr_found = true; } if (is_elf64) { bin->phdr[i].p_flags = READ32 (phdr, j); } bin->phdr[i].p_offset = R_BIN_ELF_READWORD (phdr, j); bin->phdr[i].p_vaddr = R_BIN_ELF_READWORD (phdr, j); bin->phdr[i].p_paddr = R_BIN_ELF_READWORD (phdr, j); bin->phdr[i].p_filesz = R_BIN_ELF_READWORD (phdr, j); bin->phdr[i].p_memsz = R_BIN_ELF_READWORD (phdr, j); if (!is_elf64) { bin->phdr[i].p_flags = READ32 (phdr, j); } bin->phdr[i].p_align = R_BIN_ELF_READWORD (phdr, j); } if (linux_kernel_hack && phdr_found) { ut64 load_addr = Elf_(r_bin_elf_get_baddr) (bin); bin->ehdr.e_phoff = Elf_(r_bin_elf_v2p) (bin, load_addr + bin->ehdr.e_phoff); return read_phdr (bin, false); } return true; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radareorg/radare2,262636512799854,1 5881,CWE-120,"static void parse_time(pj_scanner *scanner, pjmedia_sdp_session *ses, volatile parse_context *ctx) { pj_str_t str; ctx->last_error = PJMEDIA_SDP_EINTIME; if (*(scanner->curptr+1) != '=') { on_scanner_error(scanner); return; } pj_scan_advance_n(scanner, 2, SKIP_WS); pj_scan_get_until_ch(scanner, ' ', &str); ses->time.start = pj_strtoul(&str); pj_scan_get_char(scanner); pj_scan_get_until_chr(scanner, "" \t\r\n"", &str); ses->time.stop = pj_strtoul(&str); pj_scan_skip_line(scanner); }",visit repo url,pjmedia/src/pjmedia/sdp.c,https://github.com/pjsip/pjproject,102654332875226,1 2824,[],"static void dio_cleanup(struct dio *dio) { while (dio_pages_present(dio)) page_cache_release(dio_get_page(dio)); }",linux-2.6,,,267325051444754516314490833367777419495,0 6179,CWE-190,"void fb_rand(fb_t a) { int bits, digits; rand_bytes((uint8_t *)a, RLC_FB_DIGS * sizeof(dig_t)); RLC_RIP(bits, digits, RLC_FB_BITS); if (bits > 0) { dig_t mask = RLC_MASK(bits); a[RLC_FB_DIGS - 1] &= mask; } }",visit repo url,src/fb/relic_fb_util.c,https://github.com/relic-toolkit/relic,114138783524563,1 6186,['CWE-200'],"static int ipmr_find_vif(struct net_device *dev) { int ct; for (ct=maxvif-1; ct>=0; ct--) { if (vif_table[ct].dev == dev) break; } return ct; }",linux-2.6,,,286817466881874629015372723060401955576,0 3955,CWE-284,"static int ndp_sock_recv(struct ndp *ndp) { struct ndp_msg *msg; enum ndp_msg_type msg_type; size_t len; int err; msg = ndp_msg_alloc(); if (!msg) return -ENOMEM; len = ndp_msg_payload_maxlen(msg); err = myrecvfrom6(ndp->sock, msg->buf, &len, 0, &msg->addrto, &msg->ifindex); if (err) { err(ndp, ""Failed to receive message""); goto free_msg; } dbg(ndp, ""rcvd from: %s, ifindex: %u"", str_in6_addr(&msg->addrto), msg->ifindex); if (len < sizeof(*msg->icmp6_hdr)) { warn(ndp, ""rcvd icmp6 packet too short (%luB)"", len); err = 0; goto free_msg; } err = ndp_msg_type_by_raw_type(&msg_type, msg->icmp6_hdr->icmp6_type); if (err) { err = 0; goto free_msg; } ndp_msg_init(msg, msg_type); ndp_msg_payload_len_set(msg, len); if (!ndp_msg_check_valid(msg)) { warn(ndp, ""rcvd invalid ND message""); err = 0; goto free_msg; } dbg(ndp, ""rcvd %s, len: %zuB"", ndp_msg_type_info(msg_type)->strabbr, len); if (!ndp_msg_check_opts(msg)) { err = 0; goto free_msg; } err = ndp_call_handlers(ndp, msg);; free_msg: ndp_msg_destroy(msg); return err; }",visit repo url,libndp/libndp.c,https://github.com/jpirko/libndp,53567619610946,1 1940,['CWE-20'],"int in_gate_area(struct task_struct *task, unsigned long addr) { return 0; }",linux-2.6,,,317087321789608897992761746859159279149,0 4762,CWE-119,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 3405,CWE-252,"static Image *ReadPICTImage(const ImageInfo *image_info, ExceptionInfo *exception) { #define ThrowPICTException(exception,message) \ { \ if (tile_image != (Image *) NULL) \ tile_image=DestroyImage(tile_image); \ if (read_info != (ImageInfo *) NULL) \ read_info=DestroyImageInfo(read_info); \ ThrowReaderException((exception),(message)); \ } char geometry[MagickPathExtent], header_ole[4]; Image *image, *tile_image; ImageInfo *read_info; int c, code; MagickBooleanType jpeg, status; PICTRectangle frame; PICTPixmap pixmap; Quantum index; register Quantum *q; register ssize_t i, x; size_t extent, length; ssize_t count, flags, j, version, y; StringInfo *profile; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info,exception); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } read_info=(ImageInfo *) NULL; tile_image=(Image *) NULL; pixmap.bits_per_pixel=0; pixmap.component_count=0; header_ole[0]=ReadBlobByte(image); header_ole[1]=ReadBlobByte(image); header_ole[2]=ReadBlobByte(image); header_ole[3]=ReadBlobByte(image); if (!((header_ole[0] == 0x50) && (header_ole[1] == 0x49) && (header_ole[2] == 0x43) && (header_ole[3] == 0x54 ))) for (i=0; i < 508; i++) if (ReadBlobByte(image) == EOF) break; (void) ReadBlobMSBShort(image); if (ReadRectangle(image,&frame) == MagickFalse) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); while ((c=ReadBlobByte(image)) == 0) ; if (c != 0x11) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); version=(ssize_t) ReadBlobByte(image); if (version == 2) { c=ReadBlobByte(image); if (c != 0xff) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); } else if (version != 1) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); if ((frame.left < 0) || (frame.right < 0) || (frame.top < 0) || (frame.bottom < 0) || (frame.left >= frame.right) || (frame.top >= frame.bottom)) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); flags=0; image->depth=8; image->columns=(size_t) (frame.right-frame.left); image->rows=(size_t) (frame.bottom-frame.top); image->resolution.x=DefaultResolution; image->resolution.y=DefaultResolution; image->units=UndefinedResolution; if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0)) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) { (void) CloseBlob(image); return(GetFirstImageInList(image)); } status=SetImageExtent(image,image->columns,image->rows,exception); if (status != MagickFalse) status=ResetImagePixels(image,exception); if (status == MagickFalse) return(DestroyImageList(image)); jpeg=MagickFalse; for (code=0; EOFBlob(image) == MagickFalse; ) { if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0)) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; if ((version == 1) || ((TellBlob(image) % 2) != 0)) code=ReadBlobByte(image); if (version == 2) code=ReadBlobMSBSignedShort(image); if (code < 0) break; if (code == 0) continue; if (code > 0xa1) { if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""%04X:"",code); } else { if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" %04X %s: %s"",code,codes[code].name,codes[code].description); switch (code) { case 0x01: { length=ReadBlobMSBShort(image); if (length != 0x000a) { for (i=0; i < (ssize_t) (length-2); i++) if (ReadBlobByte(image) == EOF) break; break; } if (ReadRectangle(image,&frame) == MagickFalse) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); if (((frame.left & 0x8000) != 0) || ((frame.top & 0x8000) != 0)) break; image->columns=(size_t) (frame.right-frame.left); image->rows=(size_t) (frame.bottom-frame.top); status=SetImageExtent(image,image->columns,image->rows,exception); if (status != MagickFalse) status=ResetImagePixels(image,exception); if (status == MagickFalse) return(DestroyImageList(image)); break; } case 0x12: case 0x13: case 0x14: { ssize_t pattern; size_t height, width; pattern=(ssize_t) ReadBlobMSBShort(image); for (i=0; i < 8; i++) if (ReadBlobByte(image) == EOF) break; if (pattern == 2) { for (i=0; i < 5; i++) if (ReadBlobByte(image) == EOF) break; break; } if (pattern != 1) ThrowPICTException(CorruptImageError,""UnknownPatternType""); length=ReadBlobMSBShort(image); if (ReadRectangle(image,&frame) == MagickFalse) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); if (ReadPixmap(image,&pixmap) == MagickFalse) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); image->depth=(size_t) pixmap.component_size; image->resolution.x=1.0*pixmap.horizontal_resolution; image->resolution.y=1.0*pixmap.vertical_resolution; image->units=PixelsPerInchResolution; (void) ReadBlobMSBLong(image); flags=(ssize_t) ReadBlobMSBShort(image); length=ReadBlobMSBShort(image); for (i=0; i <= (ssize_t) length; i++) (void) ReadBlobMSBLong(image); width=(size_t) (frame.bottom-frame.top); height=(size_t) (frame.right-frame.left); if (pixmap.bits_per_pixel <= 8) length&=0x7fff; if (pixmap.bits_per_pixel == 16) width<<=1; if (length == 0) length=width; if (length < 8) { for (i=0; i < (ssize_t) (length*height); i++) if (ReadBlobByte(image) == EOF) break; } else for (i=0; i < (ssize_t) height; i++) { if (EOFBlob(image) != MagickFalse) break; if (length > 200) { for (j=0; j < (ssize_t) ReadBlobMSBShort(image); j++) if (ReadBlobByte(image) == EOF) break; } else for (j=0; j < (ssize_t) ReadBlobByte(image); j++) if (ReadBlobByte(image) == EOF) break; } break; } case 0x1b: { image->background_color.red=(Quantum) ScaleShortToQuantum(ReadBlobMSBShort(image)); image->background_color.green=(Quantum) ScaleShortToQuantum(ReadBlobMSBShort(image)); image->background_color.blue=(Quantum) ScaleShortToQuantum(ReadBlobMSBShort(image)); break; } case 0x70: case 0x71: case 0x72: case 0x73: case 0x74: case 0x75: case 0x76: case 0x77: { length=ReadBlobMSBShort(image); for (i=0; i < (ssize_t) (length-2); i++) if (ReadBlobByte(image) == EOF) break; break; } case 0x90: case 0x91: case 0x98: case 0x99: case 0x9a: case 0x9b: { PICTRectangle source, destination; register unsigned char *p; size_t j; ssize_t bytes_per_line; unsigned char *pixels; bytes_per_line=0; if ((code != 0x9a) && (code != 0x9b)) bytes_per_line=(ssize_t) ReadBlobMSBShort(image); else { (void) ReadBlobMSBShort(image); (void) ReadBlobMSBShort(image); (void) ReadBlobMSBShort(image); } if (ReadRectangle(image,&frame) == MagickFalse) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); tile_image=CloneImage(image,(size_t) (frame.right-frame.left), (size_t) (frame.bottom-frame.top),MagickTrue,exception); if (tile_image == (Image *) NULL) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); if ((code == 0x9a) || (code == 0x9b) || ((bytes_per_line & 0x8000) != 0)) { if (ReadPixmap(image,&pixmap) == MagickFalse) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); tile_image->depth=(size_t) pixmap.component_size; tile_image->alpha_trait=pixmap.component_count == 4 ? BlendPixelTrait : UndefinedPixelTrait; tile_image->resolution.x=(double) pixmap.horizontal_resolution; tile_image->resolution.y=(double) pixmap.vertical_resolution; tile_image->units=PixelsPerInchResolution; if (tile_image->alpha_trait != UndefinedPixelTrait) (void) SetImageAlpha(tile_image,OpaqueAlpha,exception); } if ((code != 0x9a) && (code != 0x9b)) { tile_image->colors=2; if ((bytes_per_line & 0x8000) != 0) { (void) ReadBlobMSBLong(image); flags=(ssize_t) ReadBlobMSBShort(image); tile_image->colors=1UL*ReadBlobMSBShort(image)+1; } status=AcquireImageColormap(tile_image,tile_image->colors, exception); if (status == MagickFalse) ThrowPICTException(ResourceLimitError, ""MemoryAllocationFailed""); if ((bytes_per_line & 0x8000) != 0) { for (i=0; i < (ssize_t) tile_image->colors; i++) { j=ReadBlobMSBShort(image) % tile_image->colors; if ((flags & 0x8000) != 0) j=(size_t) i; tile_image->colormap[j].red=(Quantum) ScaleShortToQuantum(ReadBlobMSBShort(image)); tile_image->colormap[j].green=(Quantum) ScaleShortToQuantum(ReadBlobMSBShort(image)); tile_image->colormap[j].blue=(Quantum) ScaleShortToQuantum(ReadBlobMSBShort(image)); } } else { for (i=0; i < (ssize_t) tile_image->colors; i++) { tile_image->colormap[i].red=(Quantum) (QuantumRange- tile_image->colormap[i].red); tile_image->colormap[i].green=(Quantum) (QuantumRange- tile_image->colormap[i].green); tile_image->colormap[i].blue=(Quantum) (QuantumRange- tile_image->colormap[i].blue); } } } if (EOFBlob(image) != MagickFalse) ThrowPICTException(CorruptImageError, ""InsufficientImageDataInFile""); if (ReadRectangle(image,&source) == MagickFalse) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); if (ReadRectangle(image,&destination) == MagickFalse) ThrowPICTException(CorruptImageError,""ImproperImageHeader""); (void) ReadBlobMSBShort(image); if ((code == 0x91) || (code == 0x99) || (code == 0x9b)) { length=ReadBlobMSBShort(image); for (i=0; i < (ssize_t) (length-2); i++) if (ReadBlobByte(image) == EOF) break; } if ((code != 0x9a) && (code != 0x9b) && (bytes_per_line & 0x8000) == 0) pixels=DecodeImage(image,tile_image,(size_t) bytes_per_line,1, &extent); else pixels=DecodeImage(image,tile_image,(size_t) bytes_per_line, (unsigned int) pixmap.bits_per_pixel,&extent); if (pixels == (unsigned char *) NULL) ThrowPICTException(CorruptImageError,""UnableToUncompressImage""); p=pixels; for (y=0; y < (ssize_t) tile_image->rows; y++) { if (p > (pixels+extent+image->columns)) { pixels=(unsigned char *) RelinquishMagickMemory(pixels); ThrowPICTException(CorruptImageError,""NotEnoughPixelData""); } q=QueueAuthenticPixels(tile_image,0,y,tile_image->columns,1, exception); if (q == (Quantum *) NULL) break; for (x=0; x < (ssize_t) tile_image->columns; x++) { if (tile_image->storage_class == PseudoClass) { index=(Quantum) ConstrainColormapIndex(tile_image,(ssize_t) *p,exception); SetPixelIndex(tile_image,index,q); SetPixelRed(tile_image, tile_image->colormap[(ssize_t) index].red,q); SetPixelGreen(tile_image, tile_image->colormap[(ssize_t) index].green,q); SetPixelBlue(tile_image, tile_image->colormap[(ssize_t) index].blue,q); } else { if (pixmap.bits_per_pixel == 16) { i=(ssize_t) (*p++); j=(size_t) (*p); SetPixelRed(tile_image,ScaleCharToQuantum( (unsigned char) ((i & 0x7c) << 1)),q); SetPixelGreen(tile_image,ScaleCharToQuantum( (unsigned char) (((i & 0x03) << 6) | ((j & 0xe0) >> 2))),q); SetPixelBlue(tile_image,ScaleCharToQuantum( (unsigned char) ((j & 0x1f) << 3)),q); } else if (tile_image->alpha_trait == UndefinedPixelTrait) { if (p > (pixels+extent+2*image->columns)) ThrowPICTException(CorruptImageError, ""NotEnoughPixelData""); SetPixelRed(tile_image,ScaleCharToQuantum(*p),q); SetPixelGreen(tile_image,ScaleCharToQuantum( *(p+tile_image->columns)),q); SetPixelBlue(tile_image,ScaleCharToQuantum( *(p+2*tile_image->columns)),q); } else { if (p > (pixels+extent+3*image->columns)) ThrowPICTException(CorruptImageError, ""NotEnoughPixelData""); SetPixelAlpha(tile_image,ScaleCharToQuantum(*p),q); SetPixelRed(tile_image,ScaleCharToQuantum( *(p+tile_image->columns)),q); SetPixelGreen(tile_image,ScaleCharToQuantum( *(p+2*tile_image->columns)),q); SetPixelBlue(tile_image,ScaleCharToQuantum( *(p+3*tile_image->columns)),q); } } p++; q+=GetPixelChannels(tile_image); } if (SyncAuthenticPixels(tile_image,exception) == MagickFalse) break; if ((tile_image->storage_class == DirectClass) && (pixmap.bits_per_pixel != 16)) { p+=(pixmap.component_count-1)*tile_image->columns; if (p < pixels) break; } status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, tile_image->rows); if (status == MagickFalse) break; } pixels=(unsigned char *) RelinquishMagickMemory(pixels); if ((jpeg == MagickFalse) && (EOFBlob(image) == MagickFalse)) if ((code == 0x9a) || (code == 0x9b) || ((bytes_per_line & 0x8000) != 0)) (void) CompositeImage(image,tile_image,CopyCompositeOp, MagickTrue,(ssize_t) destination.left,(ssize_t) destination.top,exception); tile_image=DestroyImage(tile_image); break; } case 0xa1: { unsigned char *info; size_t type; type=ReadBlobMSBShort(image); length=ReadBlobMSBShort(image); if (length == 0) break; (void) ReadBlobMSBLong(image); length-=MagickMin(length,4); if (length == 0) break; info=(unsigned char *) AcquireQuantumMemory(length,sizeof(*info)); if (info == (unsigned char *) NULL) break; count=ReadBlob(image,length,info); if (count != (ssize_t) length) { info=(unsigned char *) RelinquishMagickMemory(info); ThrowPICTException(ResourceLimitError,""UnableToReadImageData""); } switch (type) { case 0xe0: { profile=BlobToStringInfo((const void *) NULL,length); SetStringInfoDatum(profile,info); status=SetImageProfile(image,""icc"",profile,exception); profile=DestroyStringInfo(profile); if (status == MagickFalse) { info=(unsigned char *) RelinquishMagickMemory(info); ThrowPICTException(ResourceLimitError, ""MemoryAllocationFailed""); } break; } case 0x1f2: { profile=BlobToStringInfo((const void *) NULL,length); SetStringInfoDatum(profile,info); status=SetImageProfile(image,""iptc"",profile,exception); if (status == MagickFalse) { info=(unsigned char *) RelinquishMagickMemory(info); ThrowPICTException(ResourceLimitError, ""MemoryAllocationFailed""); } profile=DestroyStringInfo(profile); break; } default: break; } info=(unsigned char *) RelinquishMagickMemory(info); break; } default: { if (codes[code].length == -1) (void) ReadBlobMSBShort(image); else for (i=0; i < (ssize_t) codes[code].length; i++) if (ReadBlobByte(image) == EOF) break; } } } if (code == 0xc00) { for (i=0; i < 24; i++) if (ReadBlobByte(image) == EOF) break; continue; } if (((code >= 0xb0) && (code <= 0xcf)) || ((code >= 0x8000) && (code <= 0x80ff))) continue; if (code == 0x8200) { char filename[MaxTextExtent]; FILE *file; int unique_file; jpeg=MagickTrue; read_info=CloneImageInfo(image_info); SetImageInfoBlob(read_info,(void *) NULL,0); file=(FILE *) NULL; unique_file=AcquireUniqueFileResource(filename); (void) FormatLocaleString(read_info->filename,MaxTextExtent,""jpeg:%s"", filename); if (unique_file != -1) file=fdopen(unique_file,""wb""); if ((unique_file == -1) || (file == (FILE *) NULL)) { (void) RelinquishUniqueFileResource(read_info->filename); (void) CopyMagickString(image->filename,read_info->filename, MagickPathExtent); ThrowPICTException(FileOpenError,""UnableToCreateTemporaryFile""); } length=ReadBlobMSBLong(image); if (length > 154) { for (i=0; i < 6; i++) (void) ReadBlobMSBLong(image); if (ReadRectangle(image,&frame) == MagickFalse) { (void) fclose(file); (void) RelinquishUniqueFileResource(read_info->filename); ThrowPICTException(CorruptImageError,""ImproperImageHeader""); } for (i=0; i < 122; i++) if (ReadBlobByte(image) == EOF) break; for (i=0; i < (ssize_t) (length-154); i++) { c=ReadBlobByte(image); if (c == EOF) break; (void) fputc(c,file); } } (void) fclose(file); (void) close(unique_file); tile_image=ReadImage(read_info,exception); (void) RelinquishUniqueFileResource(filename); read_info=DestroyImageInfo(read_info); if (tile_image == (Image *) NULL) continue; (void) FormatLocaleString(geometry,MagickPathExtent,""%.20gx%.20g"", (double) MagickMax(image->columns,tile_image->columns), (double) MagickMax(image->rows,tile_image->rows)); (void) SetImageExtent(image, MagickMax(image->columns,tile_image->columns), MagickMax(image->rows,tile_image->rows),exception); (void) TransformImageColorspace(image,tile_image->colorspace,exception); (void) CompositeImage(image,tile_image,CopyCompositeOp,MagickTrue, (ssize_t) frame.left,(ssize_t) frame.right,exception); image->compression=tile_image->compression; tile_image=DestroyImage(tile_image); continue; } if ((code == 0xff) || (code == 0xffff)) break; if (((code >= 0xd0) && (code <= 0xfe)) || ((code >= 0x8100) && (code <= 0xffff))) { length=ReadBlobMSBShort(image); for (i=0; i < (ssize_t) length; i++) if (ReadBlobByte(image) == EOF) break; continue; } if ((code >= 0x100) && (code <= 0x7fff)) { length=(size_t) ((code >> 7) & 0xff); for (i=0; i < (ssize_t) length; i++) if (ReadBlobByte(image) == EOF) break; continue; } } (void) CloseBlob(image); return(GetFirstImageInList(image)); }",visit repo url,coders/pict.c,https://github.com/ImageMagick/ImageMagick,108036653200385,1 2053,NVD-CWE-noinfo,"static void sas_eh_defer_cmd(struct scsi_cmnd *cmd) { struct domain_device *dev = cmd_to_domain_dev(cmd); struct sas_ha_struct *ha = dev->port->ha; struct sas_task *task = TO_SAS_TASK(cmd); if (!dev_is_sata(dev)) { sas_eh_finish_cmd(cmd); return; } sas_end_task(cmd, task); list_move_tail(&cmd->eh_entry, &ha->eh_ata_q); }",visit repo url,drivers/scsi/libsas/sas_scsi_host.c,https://github.com/torvalds/linux,130116662671805,1 6511,CWE-697,"static bool split_region(struct uc_struct *uc, MemoryRegion *mr, uint64_t address, size_t size, bool do_delete) { uint8_t *backup; uint32_t perms; uint64_t begin, end, chunk_end; size_t l_size, m_size, r_size; RAMBlock *block = NULL; bool prealloc = false; chunk_end = address + size; if (address <= mr->addr && chunk_end >= mr->end) { return true; } if (size == 0) { return true; } if (address >= mr->end || chunk_end <= mr->addr) { return false; } QLIST_FOREACH(block, &uc->ram_list.blocks, next) { if (block->offset <= mr->addr && block->used_length >= (mr->end - mr->addr)) { break; } } if (block == NULL) { return false; } prealloc = !!(block->flags & 1); if (block->flags & 1) { backup = block->host; } else { backup = copy_region(uc, mr); if (backup == NULL) { return false; } } perms = mr->perms; begin = mr->addr; end = mr->end; if (uc_mem_unmap(uc, mr->addr, (size_t)int128_get64(mr->size)) != UC_ERR_OK) { goto error; } if (address < begin) { address = begin; } if (chunk_end > end) { chunk_end = end; } l_size = (size_t)(address - begin); r_size = (size_t)(end - chunk_end); m_size = (size_t)(chunk_end - address); if (l_size > 0) { if (!prealloc) { if (uc_mem_map(uc, begin, l_size, perms) != UC_ERR_OK) { goto error; } if (uc_mem_write(uc, begin, backup, l_size) != UC_ERR_OK) { goto error; } } else { if (uc_mem_map_ptr(uc, begin, l_size, perms, backup) != UC_ERR_OK) { goto error; } } } if (m_size > 0 && !do_delete) { if (!prealloc) { if (uc_mem_map(uc, address, m_size, perms) != UC_ERR_OK) { goto error; } if (uc_mem_write(uc, address, backup + l_size, m_size) != UC_ERR_OK) { goto error; } } else { if (uc_mem_map_ptr(uc, address, m_size, perms, backup + l_size) != UC_ERR_OK) { goto error; } } } if (r_size > 0) { if (!prealloc) { if (uc_mem_map(uc, chunk_end, r_size, perms) != UC_ERR_OK) { goto error; } if (uc_mem_write(uc, chunk_end, backup + l_size + m_size, r_size) != UC_ERR_OK) { goto error; } } else { if (uc_mem_map_ptr(uc, chunk_end, r_size, perms, backup + l_size + m_size) != UC_ERR_OK) { goto error; } } } if (!prealloc) { free(backup); } return true; error: if (!prealloc) { free(backup); } return false; }",visit repo url,uc.c,https://github.com/unicorn-engine/unicorn,175193075187171,1 4115,CWE-770,"_zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offset, unsigned int flags, zip_error_t *error) { zip_cdir_t *cd; zip_uint64_t offset; zip_uint8_t eocd[EOCD64LEN]; zip_uint64_t eocd_offset; zip_uint64_t size, nentry, i, eocdloc_offset; bool free_buffer; zip_uint32_t num_disks, num_disks64, eocd_disk, eocd_disk64; eocdloc_offset = _zip_buffer_offset(buffer); _zip_buffer_get(buffer, 4); num_disks = _zip_buffer_get_16(buffer); eocd_disk = _zip_buffer_get_16(buffer); eocd_offset = _zip_buffer_get_64(buffer); if (eocd_offset > ZIP_INT64_MAX || eocd_offset + EOCD64LEN < eocd_offset) { zip_error_set(error, ZIP_ER_SEEK, EFBIG); return NULL; } if (eocd_offset + EOCD64LEN > eocdloc_offset + buf_offset) { zip_error_set(error, ZIP_ER_INCONS, 0); return NULL; } if (eocd_offset >= buf_offset && eocd_offset + EOCD64LEN <= buf_offset + _zip_buffer_size(buffer)) { _zip_buffer_set_offset(buffer, eocd_offset - buf_offset); free_buffer = false; } else { if (zip_source_seek(src, (zip_int64_t)eocd_offset, SEEK_SET) < 0) { _zip_error_set_from_source(error, src); return NULL; } if ((buffer = _zip_buffer_new_from_source(src, EOCD64LEN, eocd, error)) == NULL) { return NULL; } free_buffer = true; } if (memcmp(_zip_buffer_get(buffer, 4), EOCD64_MAGIC, 4) != 0) { zip_error_set(error, ZIP_ER_INCONS, 0); if (free_buffer) { _zip_buffer_free(buffer); } return NULL; } size = _zip_buffer_get_64(buffer); if ((flags & ZIP_CHECKCONS) && size + eocd_offset + 12 != buf_offset + eocdloc_offset) { zip_error_set(error, ZIP_ER_INCONS, 0); if (free_buffer) { _zip_buffer_free(buffer); } return NULL; } _zip_buffer_get(buffer, 4); num_disks64 = _zip_buffer_get_32(buffer); eocd_disk64 = _zip_buffer_get_32(buffer); if (num_disks == 0xffff) { num_disks = num_disks64; } if (eocd_disk == 0xffff) { eocd_disk = eocd_disk64; } if ((flags & ZIP_CHECKCONS) && (eocd_disk != eocd_disk64 || num_disks != num_disks64)) { zip_error_set(error, ZIP_ER_INCONS, 0); if (free_buffer) { _zip_buffer_free(buffer); } return NULL; } if (num_disks != 0 || eocd_disk != 0) { zip_error_set(error, ZIP_ER_MULTIDISK, 0); if (free_buffer) { _zip_buffer_free(buffer); } return NULL; } nentry = _zip_buffer_get_64(buffer); i = _zip_buffer_get_64(buffer); if (nentry != i) { zip_error_set(error, ZIP_ER_MULTIDISK, 0); if (free_buffer) { _zip_buffer_free(buffer); } return NULL; } size = _zip_buffer_get_64(buffer); offset = _zip_buffer_get_64(buffer); if (!_zip_buffer_ok(buffer)) { zip_error_set(error, ZIP_ER_INTERNAL, 0); if (free_buffer) { _zip_buffer_free(buffer); } return NULL; } if (free_buffer) { _zip_buffer_free(buffer); } if (offset > ZIP_INT64_MAX || offset+size < offset) { zip_error_set(error, ZIP_ER_SEEK, EFBIG); return NULL; } if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) { zip_error_set(error, ZIP_ER_INCONS, 0); return NULL; } if ((cd=_zip_cdir_new(nentry, error)) == NULL) return NULL; cd->is_zip64 = true; cd->size = size; cd->offset = offset; return cd; }",visit repo url,lib/zip_open.c,https://github.com/nih-at/libzip,279827218717215,1 4823,CWE-415,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 4765,['CWE-20'],"static void __exit exit_ext4_fs(void) { unregister_filesystem(&ext4_fs_type); #ifdef CONFIG_EXT4DEV_COMPAT unregister_filesystem(&ext4dev_fs_type); #endif destroy_inodecache(); exit_ext4_xattr(); exit_ext4_mballoc(); remove_proc_entry(""fs/ext4"", NULL); }",linux-2.6,,,29867860299716987956601074131811949871,0 2759,['CWE-189'],"static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp) { struct sctp_auth_bytes *key; if ((INT_MAX - key_len) < sizeof(struct sctp_auth_bytes)) return NULL; key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp); if (!key) return NULL; key->len = key_len; atomic_set(&key->refcnt, 1); SCTP_DBG_OBJCNT_INC(keys); return key; }",linux-2.6,,,322462238085328416318851025214184838795,0 3477,CWE-295,"static Exit_status safe_connect() { mysql= mysql_init(NULL); if (!mysql) { error(""Failed on mysql_init.""); return ERROR_STOP; } #ifdef HAVE_OPENSSL if (opt_use_ssl) { mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (char*) &opt_ssl_verify_server_cert); #endif if (opt_plugin_dir && *opt_plugin_dir) mysql_options(mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir); if (opt_default_auth && *opt_default_auth) mysql_options(mysql, MYSQL_DEFAULT_AUTH, opt_default_auth); if (opt_protocol) mysql_options(mysql, MYSQL_OPT_PROTOCOL, (char*) &opt_protocol); if (opt_bind_addr) mysql_options(mysql, MYSQL_OPT_BIND, opt_bind_addr); #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) if (shared_memory_base_name) mysql_options(mysql, MYSQL_SHARED_MEMORY_BASE_NAME, shared_memory_base_name); #endif mysql_options(mysql, MYSQL_OPT_CONNECT_ATTR_RESET, 0); mysql_options4(mysql, MYSQL_OPT_CONNECT_ATTR_ADD, ""program_name"", ""mysqlbinlog""); if (!mysql_real_connect(mysql, host, user, pass, 0, port, sock, 0)) { error(""Failed on connect: %s"", mysql_error(mysql)); return ERROR_STOP; } mysql->reconnect= 1; return OK_CONTINUE; }",visit repo url,client/mysqlbinlog.cc,https://github.com/mysql/mysql-server,243728511621017,1 3102,CWE-119,"ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) { int x; int chunk; UINT8* out; UINT8* ptr; ptr = buf; chunk = 3 * state->xsize; for (;;) { if (bytes < chunk) return ptr - buf; out = state->buffer; for (x = 0; x < state->xsize; x++) { out[0] = ptr[x]; out[1] = ptr[(x+4*state->xsize)/2]; out[2] = ptr[(x+5*state->xsize)/2]; out += 4; } state->shuffle((UINT8*) im->image[state->y], state->buffer, state->xsize); if (++state->y >= state->ysize) return -1; out = state->buffer; for (x = 0; x < state->xsize; x++) { out[0] = ptr[x+state->xsize]; out[1] = ptr[(x+4*state->xsize)/2]; out[2] = ptr[(x+5*state->xsize)/2]; out += 4; } state->shuffle((UINT8*) im->image[state->y], state->buffer, state->xsize); if (++state->y >= state->ysize) return -1; ptr += chunk; bytes -= chunk; } }",visit repo url,libImaging/PcdDecode.c,https://github.com/python-pillow/Pillow,166515333260028,1 973,['CWE-189'],"SProcShmPutImage(client) ClientPtr client; { register int n; REQUEST(xShmPutImageReq); swaps(&stuff->length, n); REQUEST_SIZE_MATCH(xShmPutImageReq); swapl(&stuff->drawable, n); swapl(&stuff->gc, n); swaps(&stuff->totalWidth, n); swaps(&stuff->totalHeight, n); swaps(&stuff->srcX, n); swaps(&stuff->srcY, n); swaps(&stuff->srcWidth, n); swaps(&stuff->srcHeight, n); swaps(&stuff->dstX, n); swaps(&stuff->dstY, n); swapl(&stuff->shmseg, n); swapl(&stuff->offset, n); return ProcShmPutImage(client); }",xserver,,,171881793594617520597976626082156221467,0 2042,['CWE-269'],"long do_mount(char *dev_name, char *dir_name, char *type_page, unsigned long flags, void *data_page) { struct nameidata nd; int retval = 0; int mnt_flags = 0; if ((flags & MS_MGC_MSK) == MS_MGC_VAL) flags &= ~MS_MGC_MSK; if (!dir_name || !*dir_name || !memchr(dir_name, 0, PAGE_SIZE)) return -EINVAL; if (dev_name && !memchr(dev_name, 0, PAGE_SIZE)) return -EINVAL; if (data_page) ((char *)data_page)[PAGE_SIZE - 1] = 0; if (flags & MS_NOSUID) mnt_flags |= MNT_NOSUID; if (flags & MS_NODEV) mnt_flags |= MNT_NODEV; if (flags & MS_NOEXEC) mnt_flags |= MNT_NOEXEC; if (flags & MS_NOATIME) mnt_flags |= MNT_NOATIME; if (flags & MS_NODIRATIME) mnt_flags |= MNT_NODIRATIME; if (flags & MS_RELATIME) mnt_flags |= MNT_RELATIME; flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE | MS_NOATIME | MS_NODIRATIME | MS_RELATIME); retval = path_lookup(dir_name, LOOKUP_FOLLOW, &nd); if (retval) return retval; retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page); if (retval) goto dput_out; if (flags & MS_REMOUNT) retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags, data_page); else if (flags & MS_BIND) retval = do_loopback(&nd, dev_name, flags & MS_REC); else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE)) retval = do_change_type(&nd, flags); else if (flags & MS_MOVE) retval = do_move_mount(&nd, dev_name); else retval = do_new_mount(&nd, type_page, flags, mnt_flags, dev_name, data_page); dput_out: path_release(&nd); return retval; }",linux-2.6,,,174737263451788104815696511522887800407,0 5909,CWE-190,"static Jsi_RC jsi_ArrayPushCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { Jsi_Obj *obj; if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) { Jsi_ValueMakeNumber(interp, ret, 0); return JSI_OK; } obj = _this->d.obj; int argc = Jsi_ValueGetLength(interp, args); int curlen = Jsi_ObjGetLength(interp, obj); if (curlen < 0) { Jsi_ObjSetLength(interp, obj, 0); } int i; for (i = 0; i < argc; ++i) { Jsi_Value *ov = Jsi_ValueArrayIndex(interp, args, i); if (!ov) { Jsi_LogBug(""Arguments Error""); ov = Jsi_ValueNew(interp); } Jsi_ValueInsertArray(interp, _this, curlen + i, ov, 0); } Jsi_ValueMakeNumber(interp, ret, Jsi_ObjGetLength(interp, obj)); return JSI_OK; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,246575654791621,1 6759,CWE-908,"struct pico_socket *pico_tcp_open(struct pico_stack *S, uint16_t family) { struct pico_socket_tcp *t = PICO_ZALLOC(sizeof(struct pico_socket_tcp)); if (!t) return NULL; t->sock.stack = S; t->sock.timestamp = TCP_TIME; pico_socket_set_family(&t->sock, family); t->mss = (uint16_t)(pico_socket_get_mss(&t->sock) - PICO_SIZE_TCPHDR); t->tcpq_in.pool.root = t->tcpq_hold.pool.root = t->tcpq_out.pool.root = &LEAF; t->tcpq_hold.pool.compare = t->tcpq_out.pool.compare = segment_compare; t->tcpq_in.pool.compare = input_segment_compare; t->tcpq_in.max_size = PICO_DEFAULT_SOCKETQ; t->tcpq_out.max_size = PICO_DEFAULT_SOCKETQ; t->tcpq_hold.max_size = 2u * t->mss; rto_set(t, PICO_TCP_RTO_MIN); t->sock.opt_flags |= (1 << PICO_SOCKET_OPT_TCPNODELAY); t->linger_timeout = PICO_SOCKET_LINGER_TIMEOUT; #ifdef PICO_TCP_SUPPORT_SOCKET_STATS if (!pico_timer_add(t->sock.stack, 2000, sock_stats, t)) { tcp_dbg(""TCP: Failed to start socket statistics timer\n""); PICO_FREE(t); return NULL; } #endif t->keepalive_tmr = pico_timer_add(t->sock.stack, 1000, pico_tcp_keepalive, t); if (!t->keepalive_tmr) { tcp_dbg(""TCP: Failed to start keepalive timer\n""); PICO_FREE(t); return NULL; } tcp_set_space(t); return &t->sock; }",visit repo url,modules/pico_tcp.c,https://github.com/virtualsquare/picotcp,149812448075394,1 3913,['CWE-399'],"static void tda9873_setmode(struct CHIPSTATE *chip, int mode) { int sw_data = chip->shadow.bytes[TDA9873_SW+1] & ~ TDA9873_TR_MASK; if ((sw_data & TDA9873_INP_MASK) != TDA9873_INTERNAL) { v4l_dbg(1, debug, chip->c, ""tda9873_setmode(): external input\n""); return; } v4l_dbg(1, debug, chip->c, ""tda9873_setmode(): chip->shadow.bytes[%d] = %d\n"", TDA9873_SW+1, chip->shadow.bytes[TDA9873_SW+1]); v4l_dbg(1, debug, chip->c, ""tda9873_setmode(): sw_data = %d\n"", sw_data); switch (mode) { case V4L2_TUNER_MODE_MONO: sw_data |= TDA9873_TR_MONO; break; case V4L2_TUNER_MODE_STEREO: sw_data |= TDA9873_TR_STEREO; break; case V4L2_TUNER_MODE_LANG1: sw_data |= TDA9873_TR_DUALA; break; case V4L2_TUNER_MODE_LANG2: sw_data |= TDA9873_TR_DUALB; break; default: chip->mode = 0; return; } chip_write(chip, TDA9873_SW, sw_data); v4l_dbg(1, debug, chip->c, ""tda9873_setmode(): req. mode %d; chip_write: %d\n"", mode, sw_data); }",linux-2.6,,,5125157116489864950944650670531420044,0 5557,[],"static int __send_signal(int sig, struct siginfo *info, struct task_struct *t, int group, int from_ancestor_ns) { struct sigpending *pending; struct sigqueue *q; int override_rlimit; trace_sched_signal_send(sig, t); assert_spin_locked(&t->sighand->siglock); if (!prepare_signal(sig, t, from_ancestor_ns)) return 0; pending = group ? &t->signal->shared_pending : &t->pending; if (legacy_queue(pending, sig)) return 0; if (info == SEND_SIG_FORCED) goto out_set; if (sig < SIGRTMIN) override_rlimit = (is_si_special(info) || info->si_code >= 0); else override_rlimit = 0; q = __sigqueue_alloc(t, GFP_ATOMIC | __GFP_NOTRACK_FALSE_POSITIVE, override_rlimit); if (q) { list_add_tail(&q->list, &pending->list); switch ((unsigned long) info) { case (unsigned long) SEND_SIG_NOINFO: q->info.si_signo = sig; q->info.si_errno = 0; q->info.si_code = SI_USER; q->info.si_pid = task_tgid_nr_ns(current, task_active_pid_ns(t)); q->info.si_uid = current_uid(); break; case (unsigned long) SEND_SIG_PRIV: q->info.si_signo = sig; q->info.si_errno = 0; q->info.si_code = SI_KERNEL; q->info.si_pid = 0; q->info.si_uid = 0; break; default: copy_siginfo(&q->info, info); if (from_ancestor_ns) q->info.si_pid = 0; break; } } else if (!is_si_special(info)) { if (sig >= SIGRTMIN && info->si_code != SI_USER) return -EAGAIN; } out_set: signalfd_notify(t, sig); sigaddset(&pending->signal, sig); complete_signal(sig, t, group); return 0; }",linux-2.6,,,206199541646997601188617550382561406325,0 3345,CWE-119,"test_compare_files (const char* tgt, const char *rec) { FILE *orig, *recons; static uint8_t obuf[TESTBUFSIZE], rbuf[TESTBUFSIZE]; xoff_t offset = 0; size_t i; size_t oc, rc; xoff_t diffs = 0; if ((orig = fopen (tgt, ""r"")) == NULL) { XPR(NT ""open %s failed\n"", tgt); return get_errno (); } if ((recons = fopen (rec, ""r"")) == NULL) { XPR(NT ""open %s failed\n"", rec); return get_errno (); } for (;;) { oc = fread (obuf, 1, TESTBUFSIZE, orig); rc = fread (rbuf, 1, TESTBUFSIZE, recons); if (oc != rc) { return XD3_INTERNAL; } if (oc == 0) { break; } for (i = 0; i < oc; i += 1) { if (obuf[i] != rbuf[i]) { XPR(NT ""byte %u (read %u @ %""Q""u) %d != %d\n"", (int)i, (int)oc, offset, obuf[i], rbuf[i]); diffs++; return XD3_INTERNAL; } } offset += oc; } fclose (orig); fclose (recons); if (diffs != 0) { return XD3_INTERNAL; } return 0; }",visit repo url,xdelta3/xdelta3-test.h,https://github.com/jmacd/xdelta-devel,147013939478543,1 4153,CWE-295,"tgs_make_reply(krb5_context context, krb5_kdc_configuration *config, KDC_REQ_BODY *b, krb5_const_principal tgt_name, const EncTicketPart *tgt, const krb5_keyblock *replykey, int rk_is_subkey, const EncryptionKey *serverkey, const krb5_keyblock *sessionkey, krb5_kvno kvno, AuthorizationData *auth_data, hdb_entry_ex *server, krb5_principal server_principal, const char *server_name, hdb_entry_ex *client, krb5_principal client_principal, hdb_entry_ex *krbtgt, krb5_enctype krbtgt_etype, krb5_principals spp, const krb5_data *rspac, const METHOD_DATA *enc_pa_data, const char **e_text, krb5_data *reply) { KDC_REP rep; EncKDCRepPart ek; EncTicketPart et; KDCOptions f = b->kdc_options; krb5_error_code ret; int is_weak = 0; memset(&rep, 0, sizeof(rep)); memset(&et, 0, sizeof(et)); memset(&ek, 0, sizeof(ek)); rep.pvno = 5; rep.msg_type = krb_tgs_rep; et.authtime = tgt->authtime; _kdc_fix_time(&b->till); et.endtime = min(tgt->endtime, *b->till); ALLOC(et.starttime); *et.starttime = kdc_time; ret = check_tgs_flags(context, config, b, tgt, &et); if(ret) goto out; #define GLOBAL_FORCE_TRANSITED_CHECK \ (config->trpolicy == TRPOLICY_ALWAYS_CHECK) #define GLOBAL_ALLOW_PER_PRINCIPAL \ (config->trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL) #define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK \ (config->trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST) #define PRINCIPAL_FORCE_TRANSITED_CHECK(P) 0 #define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P) 0 ret = fix_transited_encoding(context, config, !f.disable_transited_check || GLOBAL_FORCE_TRANSITED_CHECK || PRINCIPAL_FORCE_TRANSITED_CHECK(server) || !((GLOBAL_ALLOW_PER_PRINCIPAL && PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) || GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK), &tgt->transited, &et, krb5_principal_get_realm(context, client_principal), krb5_principal_get_realm(context, server->entry.principal), krb5_principal_get_realm(context, krbtgt->entry.principal)); if(ret) goto out; copy_Realm(&server_principal->realm, &rep.ticket.realm); _krb5_principal2principalname(&rep.ticket.sname, server_principal); copy_Realm(&tgt_name->realm, &rep.crealm); copy_PrincipalName(&tgt_name->name, &rep.cname); rep.ticket.tkt_vno = 5; ek.caddr = et.caddr; { time_t life; life = et.endtime - *et.starttime; if(client && client->entry.max_life) life = min(life, *client->entry.max_life); if(server->entry.max_life) life = min(life, *server->entry.max_life); et.endtime = *et.starttime + life; } if(f.renewable_ok && tgt->flags.renewable && et.renew_till == NULL && et.endtime < *b->till && tgt->renew_till != NULL) { et.flags.renewable = 1; ALLOC(et.renew_till); *et.renew_till = *b->till; } if(et.renew_till){ time_t renew; renew = *et.renew_till - *et.starttime; if(client && client->entry.max_renew) renew = min(renew, *client->entry.max_renew); if(server->entry.max_renew) renew = min(renew, *server->entry.max_renew); *et.renew_till = *et.starttime + renew; } if(et.renew_till){ *et.renew_till = min(*et.renew_till, *tgt->renew_till); *et.starttime = min(*et.starttime, *et.renew_till); et.endtime = min(et.endtime, *et.renew_till); } *et.starttime = min(*et.starttime, et.endtime); if(*et.starttime == et.endtime){ ret = KRB5KDC_ERR_NEVER_VALID; goto out; } if(et.renew_till && et.endtime == *et.renew_till){ free(et.renew_till); et.renew_till = NULL; et.flags.renewable = 0; } et.flags.pre_authent = tgt->flags.pre_authent; et.flags.hw_authent = tgt->flags.hw_authent; et.flags.anonymous = tgt->flags.anonymous; et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; if(rspac->length) { ret = _kdc_tkt_add_if_relevant_ad(context, &et, KRB5_AUTHDATA_WIN2K_PAC, rspac); if (ret) goto out; } if (auth_data) { unsigned int i = 0; if (et.authorization_data == NULL) { et.authorization_data = calloc(1, sizeof(*et.authorization_data)); if (et.authorization_data == NULL) { ret = ENOMEM; krb5_set_error_message(context, ret, ""malloc: out of memory""); goto out; } } for(i = 0; i < auth_data->len ; i++) { ret = add_AuthorizationData(et.authorization_data, &auth_data->val[i]); if (ret) { krb5_set_error_message(context, ret, ""malloc: out of memory""); goto out; } } ret = find_KRB5SignedPath(context, et.authorization_data, NULL); if (ret == 0) { if (et.authorization_data->len == 1) { free_AuthorizationData(et.authorization_data); free(et.authorization_data); et.authorization_data = NULL; } else { AuthorizationData *ad = et.authorization_data; free_AuthorizationDataElement(&ad->val[ad->len - 1]); ad->len--; } } } ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key); if (ret) goto out; et.crealm = tgt_name->realm; et.cname = tgt_name->name; ek.key = et.key; ek.last_req.val = calloc(1, sizeof(*ek.last_req.val)); if (ek.last_req.val == NULL) { ret = ENOMEM; goto out; } ek.last_req.len = 1; ek.nonce = b->nonce; ek.flags = et.flags; ek.authtime = et.authtime; ek.starttime = et.starttime; ek.endtime = et.endtime; ek.renew_till = et.renew_till; ek.srealm = rep.ticket.realm; ek.sname = rep.ticket.sname; _kdc_log_timestamp(context, config, ""TGS-REQ"", et.authtime, et.starttime, et.endtime, et.renew_till); { char *r = get_krbtgt_realm(&ek.sname); if (r == NULL || strcmp(r, ek.srealm) == 0) { ret = _kdc_add_KRB5SignedPath(context, config, krbtgt, krbtgt_etype, client_principal, NULL, spp, &et); if (ret) goto out; } } if (enc_pa_data->len) { rep.padata = calloc(1, sizeof(*rep.padata)); if (rep.padata == NULL) { ret = ENOMEM; goto out; } ret = copy_METHOD_DATA(enc_pa_data, rep.padata); if (ret) goto out; } if (krb5_enctype_valid(context, serverkey->keytype) != 0 && _kdc_is_weak_exception(server->entry.principal, serverkey->keytype)) { krb5_enctype_enable(context, serverkey->keytype); is_weak = 1; } ret = _kdc_encode_reply(context, config, NULL, 0, &rep, &et, &ek, serverkey->keytype, kvno, serverkey, 0, replykey, rk_is_subkey, e_text, reply); if (is_weak) krb5_enctype_disable(context, serverkey->keytype); out: free_TGS_REP(&rep); free_TransitedEncoding(&et.transited); if(et.starttime) free(et.starttime); if(et.renew_till) free(et.renew_till); if(et.authorization_data) { free_AuthorizationData(et.authorization_data); free(et.authorization_data); } free_LastReq(&ek.last_req); memset(et.key.keyvalue.data, 0, et.key.keyvalue.length); free_EncryptionKey(&et.key); return ret; }",visit repo url,kdc/krb5tgs.c,https://github.com/heimdal/heimdal,71345286944798,1 3154,CWE-190,"static void get_sem_elements(struct sem_data *p) { size_t i; if (!p || !p->sem_nsems || p->sem_perm.id < 0) return; p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem)); for (i = 0; i < p->sem_nsems; i++) { struct sem_elem *e = &p->elements[i]; union semun arg = { .val = 0 }; e->semval = semctl(p->sem_perm.id, i, GETVAL, arg); if (e->semval < 0) err(EXIT_FAILURE, _(""%s failed""), ""semctl(GETVAL)""); e->ncount = semctl(p->sem_perm.id, i, GETNCNT, arg); if (e->ncount < 0) err(EXIT_FAILURE, _(""%s failed""), ""semctl(GETNCNT)""); e->zcount = semctl(p->sem_perm.id, i, GETZCNT, arg); if (e->zcount < 0) err(EXIT_FAILURE, _(""%s failed""), ""semctl(GETZCNT)""); e->pid = semctl(p->sem_perm.id, i, GETPID, arg); if (e->pid < 0) err(EXIT_FAILURE, _(""%s failed""), ""semctl(GETPID)""); } }",visit repo url,sys-utils/ipcutils.c,https://github.com/karelzak/util-linux,9426556436183,1 3810,['CWE-120'],"void uvc_simplify_fraction(uint32_t *numerator, uint32_t *denominator, unsigned int n_terms, unsigned int threshold) { uint32_t *an; uint32_t x, y, r; unsigned int i, n; an = kmalloc(n_terms * sizeof *an, GFP_KERNEL); if (an == NULL) return; x = *numerator; y = *denominator; for (n = 0; n < n_terms && y != 0; ++n) { an[n] = x / y; if (an[n] >= threshold) { if (n < 2) n++; break; } r = x - an[n] * y; x = y; y = r; } x = 0; y = 1; for (i = n; i > 0; --i) { r = y; y = an[i-1] * y + x; x = r; } *numerator = y; *denominator = x; kfree(an); }",linux-2.6,,,181652087310782130658348208762251336240,0 6429,CWE-20,"error_t lpc546xxEthUpdateMacConfig(NetInterface *interface) { uint32_t config; config = ENET->MAC_CONFIG; if(interface->linkSpeed == NIC_LINK_SPEED_100MBPS) { config |= ENET_MAC_CONFIG_FES_MASK; } else { config &= ~ENET_MAC_CONFIG_FES_MASK; } if(interface->duplexMode == NIC_FULL_DUPLEX_MODE) { config |= ENET_MAC_CONFIG_DM_MASK; } else { config &= ~ENET_MAC_CONFIG_DM_MASK; } ENET->MAC_CONFIG = config; return NO_ERROR; }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,61581565699544,1 6074,CWE-190,"void bn_srt(bn_t c, bn_t a) { bn_t h, l, m, t; int bits, cmp; if (bn_sign(a) == RLC_NEG) { RLC_THROW(ERR_NO_VALID); } bits = bn_bits(a); bits += (bits % 2); bn_null(h); bn_null(l); bn_null(m); bn_null(t); RLC_TRY { bn_new(h); bn_new(l); bn_new(m); bn_new(t); bn_set_2b(h, bits >> 1); bn_set_2b(l, (bits >> 1) - 1); do { bn_add(m, h, l); bn_hlv(m, m); bn_sqr(t, m); cmp = bn_cmp(t, a); bn_sub(t, h, l); if (cmp == RLC_GT) { bn_copy(h, m); } else if (cmp == RLC_LT) { bn_copy(l, m); } } while (bn_cmp_dig(t, 1) == RLC_GT && cmp != RLC_EQ); bn_copy(c, m); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(h); bn_free(l); bn_free(m); bn_free(t); } }",visit repo url,src/bn/relic_bn_srt.c,https://github.com/relic-toolkit/relic,166399167045947,1 4180,['CWE-399'],"static void append_aux_callback(AvahiServer *s, AvahiRecord *r, int flush_cache, void* userdata) { int *unicast_response = userdata; assert(s); assert(r); assert(unicast_response); avahi_record_list_push(s->record_list, r, flush_cache, *unicast_response, 1); }",avahi,,,336796212686586613526559733885901415212,0 1742,CWE-416,"void ion_free(struct ion_client *client, struct ion_handle *handle) { bool valid_handle; BUG_ON(client != handle->client); mutex_lock(&client->lock); valid_handle = ion_handle_validate(client, handle); if (!valid_handle) { WARN(1, ""%s: invalid handle passed to free.\n"", __func__); mutex_unlock(&client->lock); return; } mutex_unlock(&client->lock); ion_handle_put(handle); }",visit repo url,drivers/staging/android/ion/ion.c,https://github.com/torvalds/linux,136014806154574,1 2007,CWE-125,"static void vgacon_scrollback_reset(int vc_num, size_t reset_size) { struct vgacon_scrollback_info *scrollback = &vgacon_scrollbacks[vc_num]; if (scrollback->data && reset_size > 0) memset(scrollback->data, 0, reset_size); scrollback->cnt = 0; scrollback->tail = 0; scrollback->cur = 0; }",visit repo url,drivers/video/console/vgacon.c,https://github.com/torvalds/linux,43097368667901,1 6514,['CWE-20'],"static void emulate_pusha(struct x86_emulate_ctxt *ctxt) { struct decode_cache *c = &ctxt->decode; unsigned long old_esp = c->regs[VCPU_REGS_RSP]; int reg = VCPU_REGS_RAX; while (reg <= VCPU_REGS_RDI) { (reg == VCPU_REGS_RSP) ? (c->src.val = old_esp) : (c->src.val = c->regs[reg]); emulate_push(ctxt); ++reg; } }",kvm,,,241896836248941750652455260351427837385,0 554,CWE-189,"static inline void sem_lock_and_putref(struct sem_array *sma) { ipc_lock_by_ptr(&sma->sem_perm); ipc_rcu_putref(sma); }",visit repo url,ipc/sem.c,https://github.com/torvalds/linux,69639764185793,1 965,['CWE-189'],"SigSysHandler(signo) int signo; { badSysCall = TRUE; }",xserver,,,221581861864018846362434835546531089659,0 5183,['CWE-20'],"static inline void __invvpid(int ext, u16 vpid, gva_t gva) { struct { u64 vpid : 16; u64 rsvd : 48; u64 gva; } operand = { vpid, 0, gva }; asm volatile (__ex(ASM_VMX_INVVPID) ""; ja 1f ; ud2 ; 1:"" : : ""a""(&operand), ""c""(ext) : ""cc"", ""memory""); }",linux-2.6,,,266293638707215917996206353829661602473,0 2098,[],"static struct sock *udp_get_next(struct seq_file *seq, struct sock *sk) { struct udp_iter_state *state = seq->private; do { sk = sk_next(sk); try_again: ; } while (sk && sk->sk_family != state->family); if (!sk && ++state->bucket < UDP_HTABLE_SIZE) { sk = sk_head(state->hashtable + state->bucket); goto try_again; } return sk; }",linux-2.6,,,281582021678374962307423309772620374680,0 5650,CWE-79,"void send_file_direct(char *file_name) { int fh, i, length, delta; char str[MAX_PATH_LENGTH], dir[MAX_PATH_LENGTH], charset[80]; getcwd(dir, sizeof(dir)); fh = open(file_name, O_RDONLY | O_BINARY); if (fh > 0) { lseek(fh, 0, SEEK_END); length = TELL(fh); lseek(fh, 0, SEEK_SET); rsprintf(""HTTP/1.1 200 Document follows\r\n""); rsprintf(""Server: ELOG HTTP %s-%s\r\n"", VERSION, git_revision()); rsprintf(""Accept-Ranges: bytes\r\n""); if (isparam(""thumb"")) { rsprintf(""Pragma: no-cache\r\n""); rsprintf(""Cache-control: private, max-age=0, no-cache, no-store\r\n""); } else { rsprintf(""Cache-control: public, max-age=86400\r\n""); } if (keep_alive) { rsprintf(""Connection: Keep-Alive\r\n""); rsprintf(""Keep-Alive: timeout=60, max=10\r\n""); } for (i = 0; i < (int) strlen(file_name); i++) str[i] = toupper(file_name[i]); str[i] = 0; for (i = 0; filetype[i].ext[0]; i++) if (chkext(str, filetype[i].ext)) break; if (!getcfg(""global"", ""charset"", charset, sizeof(charset))) strcpy(charset, DEFAULT_HTTP_CHARSET); if (filetype[i].ext[0]) { if (strncmp(filetype[i].type, ""text"", 4) == 0) rsprintf(""Content-Type: %s;charset=%s\r\n"", filetype[i].type, charset); else rsprintf(""Content-Type: %s\r\n"", filetype[i].type); } else if (is_ascii(file_name)) rsprintf(""Content-Type: text/plain;charset=%s\r\n"", charset); else rsprintf(""Content-Type: application/octet-stream;charset=%s\r\n"", charset); rsprintf(""Content-Length: %d\r\n\r\n"", length); if (length > return_buffer_size - (int) strlen(return_buffer)) { delta = length - (return_buffer_size - strlen(return_buffer)) + 1000; return_buffer = xrealloc(return_buffer, return_buffer_size + delta); memset(return_buffer + return_buffer_size, 0, delta); return_buffer_size += delta; } return_length = strlen(return_buffer) + length; read(fh, return_buffer + strlen(return_buffer), length); close(fh); } else { char encodedname[256]; show_html_header(NULL, FALSE, ""404 Not Found"", TRUE, FALSE, NULL, FALSE, 0); rsprintf(""

Not Found

\r\n""); rsprintf(""The requested file ""); strencode2(encodedname, file_name, sizeof(encodedname)); if (strchr(file_name, DIR_SEPARATOR)) rsprintf(""%s"", encodedname); else rsprintf(""%s%c%s"", dir, DIR_SEPARATOR, encodedname); rsprintf("" was not found on this server

\r\n""); rsprintf(""

ELOG version %s
\r\n\r\n"", VERSION); return_length = strlen_retbuf; keep_alive = FALSE; } }",visit repo url,src/elogd.c,https://bitbucket.org/ritt/elog,170415377342366,1 1055,CWE-119,"videobuf_vm_open(struct vm_area_struct *vma) { struct videobuf_mapping *map = vma->vm_private_data; dprintk(2,""vm_open %p [count=%d,vma=%08lx-%08lx]\n"",map, map->count,vma->vm_start,vma->vm_end); map->count++; }",visit repo url,drivers/media/video/videobuf-vmalloc.c,https://github.com/torvalds/linux,43234310284292,1 4614,CWE-190,"static s32 gf_avc_read_pps_bs_internal(GF_BitStream *bs, AVCState *avc, u32 nal_hdr) { s32 pps_id; AVC_PPS *pps; gf_bs_enable_emulation_byte_removal(bs, GF_TRUE); if (!nal_hdr) { gf_bs_read_int_log(bs, 1, ""forbidden_zero_bit""); gf_bs_read_int_log(bs, 2, ""nal_ref_idc""); gf_bs_read_int_log(bs, 5, ""nal_unit_type""); } pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if (pps_id >= 255) { return -1; } pps = &avc->pps[pps_id]; pps->id = pps_id; if (!pps->status) pps->status = 1; pps->sps_id = gf_bs_read_ue_log(bs, ""sps_id""); if (pps->sps_id >= 32) { pps->sps_id = 0; return -1; } if (!avc->sps[pps->sps_id].state && !avc->sps[pps->sps_id + GF_SVC_SSPS_ID_SHIFT].state) { return -1; } avc->pps_active_idx = pps->id; avc->sps_active_idx = pps->sps_id; pps->entropy_coding_mode_flag = gf_bs_read_int_log(bs, 1, ""entropy_coding_mode_flag""); pps->pic_order_present = gf_bs_read_int_log(bs, 1, ""pic_order_present""); pps->slice_group_count = gf_bs_read_ue_log(bs, ""slice_group_count_minus1"") + 1; if (pps->slice_group_count > 1) { u32 iGroup; pps->mb_slice_group_map_type = gf_bs_read_ue_log(bs, ""mb_slice_group_map_type""); if (pps->mb_slice_group_map_type == 0) { for (iGroup = 0; iGroup <= pps->slice_group_count - 1; iGroup++) gf_bs_read_ue_log_idx(bs, ""run_length_minus1"", iGroup); } else if (pps->mb_slice_group_map_type == 2) { for (iGroup = 0; iGroup < pps->slice_group_count - 1; iGroup++) { gf_bs_read_ue_log_idx(bs, ""top_left"", iGroup); gf_bs_read_ue_log_idx(bs, ""bottom_right"", iGroup); } } else if (pps->mb_slice_group_map_type == 3 || pps->mb_slice_group_map_type == 4 || pps->mb_slice_group_map_type == 5) { gf_bs_read_int_log(bs, 1, ""slice_group_change_direction_flag""); gf_bs_read_ue_log(bs, ""slice_group_change_rate_minus1""); } else if (pps->mb_slice_group_map_type == 6) { u32 i; pps->pic_size_in_map_units_minus1 = gf_bs_read_ue_log(bs, ""pic_size_in_map_units_minus1""); for (i = 0; i <= pps->pic_size_in_map_units_minus1; i++) { gf_bs_read_int_log_idx(bs, (u32)ceil(log(pps->slice_group_count) / log(2)), ""slice_group_id"", i); } } } pps->num_ref_idx_l0_default_active_minus1 = gf_bs_read_ue_log(bs, ""num_ref_idx_l0_default_active_minus1""); pps->num_ref_idx_l1_default_active_minus1 = gf_bs_read_ue_log(bs, ""num_ref_idx_l1_default_active_minus1""); pps->weighted_pred_flag = gf_bs_read_int_log(bs, 1, ""weighted_pred_flag""); gf_bs_read_int_log(bs, 2, ""weighted_bipred_idc""); gf_bs_read_se_log(bs, ""init_qp_minus26""); gf_bs_read_se_log(bs, ""init_qs_minus26""); gf_bs_read_se_log(bs, ""chroma_qp_index_offset""); pps->deblocking_filter_control_present_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_control_present_flag""); gf_bs_read_int_log(bs, 1, ""constrained_intra_pred""); pps->redundant_pic_cnt_present = gf_bs_read_int_log(bs, 1, ""redundant_pic_cnt_present""); return pps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,48579927790107,1 1154,['CWE-189'],"static enum hrtimer_restart hrtimer_wakeup(struct hrtimer *timer) { struct hrtimer_sleeper *t = container_of(timer, struct hrtimer_sleeper, timer); struct task_struct *task = t->task; t->task = NULL; if (task) wake_up_process(task); return HRTIMER_NORESTART; }",linux-2.6,,,329074388801588186045591557677213379040,0 6168,CWE-190,"static void ep4_mul_fix_ordin(ep4_t r, const ep4_t *table, const bn_t k) { int len, i, n; int8_t naf[2 * RLC_FP_BITS + 1], *t; if (bn_is_zero(k)) { ep4_set_infty(r); return; } len = 2 * RLC_FP_BITS + 1; bn_rec_naf(naf, &len, k, EP_DEPTH); t = naf + len - 1; ep4_set_infty(r); for (i = len - 1; i >= 0; i--, t--) { ep4_dbl(r, r); n = *t; if (n > 0) { ep4_add(r, r, table[n / 2]); } if (n < 0) { ep4_sub(r, r, table[-n / 2]); } } ep4_norm(r, r); if (bn_sign(k) == RLC_NEG) { ep4_neg(r, r); } }",visit repo url,src/epx/relic_ep4_mul_fix.c,https://github.com/relic-toolkit/relic,115422327600581,1 1555,[],"static inline void unregister_fair_sched_group(struct task_group *tg, int cpu) { list_del_rcu(&tg->cfs_rq[cpu]->leaf_cfs_rq_list); }",linux-2.6,,,339356794343934186768387437805255182003,0 1417,[],"update_stats_wait_end(struct cfs_rq *cfs_rq, struct sched_entity *se) { schedstat_set(se->wait_max, max(se->wait_max, rq_of(cfs_rq)->clock - se->wait_start)); schedstat_set(se->wait_count, se->wait_count + 1); schedstat_set(se->wait_sum, se->wait_sum + rq_of(cfs_rq)->clock - se->wait_start); schedstat_set(se->wait_start, 0); }",linux-2.6,,,18845777036793591172421849312149146442,0 2981,['CWE-189'],"static int jas_cmpxformseq_appendcnvt(jas_cmpxformseq_t *pxformseq, int dstclrspc, int srcclrspc) { if (dstclrspc == srcclrspc) return 0; abort(); pxformseq = 0; return -1; }",jasper,,,211054679489127346436638859262343183405,0 2801,['CWE-264'],"set_multicast_list( struct net_device *dev ) { return; }",linux-2.6,,,106056588428940654334030069769362253886,0 2495,['CWE-119'],"static enum rewrite_result rewrite_one(struct rev_info *revs, struct commit **pp) { for (;;) { struct commit *p = *pp; if (!revs->limited) if (add_parents_to_list(revs, p, &revs->commits) < 0) return rewrite_one_error; if (p->parents && p->parents->next) return rewrite_one_ok; if (p->object.flags & UNINTERESTING) return rewrite_one_ok; if (!(p->object.flags & TREESAME)) return rewrite_one_ok; if (!p->parents) return rewrite_one_noparents; *pp = p->parents->item; } }",git,,,228453919386632355558590022393332088253,0 2095,[],"static void udplite_err(struct sk_buff *skb, u32 info) { return __udp4_lib_err(skb, info, udplite_hash); }",linux-2.6,,,168931551624483114761675901736195231882,0 6377,['CWE-200'],"int tcf_exts_validate(struct tcf_proto *tp, struct nlattr **tb, struct nlattr *rate_tlv, struct tcf_exts *exts, const struct tcf_ext_map *map) { memset(exts, 0, sizeof(*exts)); #ifdef CONFIG_NET_CLS_ACT { struct tc_action *act; if (map->police && tb[map->police]) { act = tcf_action_init_1(tb[map->police], rate_tlv, ""police"", TCA_ACT_NOREPLACE, TCA_ACT_BIND); if (IS_ERR(act)) return PTR_ERR(act); act->type = TCA_OLD_COMPAT; exts->action = act; } else if (map->action && tb[map->action]) { act = tcf_action_init(tb[map->action], rate_tlv, NULL, TCA_ACT_NOREPLACE, TCA_ACT_BIND); if (IS_ERR(act)) return PTR_ERR(act); exts->action = act; } } #else if ((map->action && tb[map->action]) || (map->police && tb[map->police])) return -EOPNOTSUPP; #endif return 0; }",linux-2.6,,,21474807431606525094042147554880040192,0 2043,NVD-CWE-noinfo,"int sas_discover_end_dev(struct domain_device *dev) { int res; res = sas_notify_lldd_dev_found(dev); if (res) return res; sas_discover_event(dev->port, DISCE_PROBE); return 0; }",visit repo url,drivers/scsi/libsas/sas_discover.c,https://github.com/torvalds/linux,174112428973186,1 3955,['CWE-362'],"void audit_free_parent(struct inotify_watch *i_watch) { struct audit_parent *parent; parent = container_of(i_watch, struct audit_parent, wdata); WARN_ON(!list_empty(&parent->watches)); kfree(parent); }",linux-2.6,,,285422063707962120013515744260863463922,0 3622,[],"static long rtc_dev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { int err = 0; struct rtc_device *rtc = file->private_data; const struct rtc_class_ops *ops = rtc->ops; struct rtc_time tm; struct rtc_wkalrm alarm; void __user *uarg = (void __user *) arg; err = mutex_lock_interruptible(&rtc->ops_lock); if (err) return err; switch (cmd) { case RTC_EPOCH_SET: case RTC_SET_TIME: if (!capable(CAP_SYS_TIME)) err = -EACCES; break; case RTC_IRQP_SET: if (arg > rtc->max_user_freq && !capable(CAP_SYS_RESOURCE)) err = -EACCES; break; case RTC_PIE_ON: if (rtc->irq_freq > rtc->max_user_freq && !capable(CAP_SYS_RESOURCE)) err = -EACCES; break; } if (err) goto done; if (ops->ioctl) { err = ops->ioctl(rtc->dev.parent, cmd, arg); if (err != -ENOIOCTLCMD) { mutex_unlock(&rtc->ops_lock); return err; } } switch (cmd) { case RTC_ALM_READ: mutex_unlock(&rtc->ops_lock); err = rtc_read_alarm(rtc, &alarm); if (err < 0) return err; if (copy_to_user(uarg, &alarm.time, sizeof(tm))) err = -EFAULT; return err; case RTC_ALM_SET: mutex_unlock(&rtc->ops_lock); if (copy_from_user(&alarm.time, uarg, sizeof(tm))) return -EFAULT; alarm.enabled = 0; alarm.pending = 0; alarm.time.tm_wday = -1; alarm.time.tm_yday = -1; alarm.time.tm_isdst = -1; { unsigned long now, then; err = rtc_read_time(rtc, &tm); if (err < 0) return err; rtc_tm_to_time(&tm, &now); alarm.time.tm_mday = tm.tm_mday; alarm.time.tm_mon = tm.tm_mon; alarm.time.tm_year = tm.tm_year; err = rtc_valid_tm(&alarm.time); if (err < 0) return err; rtc_tm_to_time(&alarm.time, &then); if (then < now) { rtc_time_to_tm(now + 24 * 60 * 60, &tm); alarm.time.tm_mday = tm.tm_mday; alarm.time.tm_mon = tm.tm_mon; alarm.time.tm_year = tm.tm_year; } } return rtc_set_alarm(rtc, &alarm); case RTC_RD_TIME: mutex_unlock(&rtc->ops_lock); err = rtc_read_time(rtc, &tm); if (err < 0) return err; if (copy_to_user(uarg, &tm, sizeof(tm))) err = -EFAULT; return err; case RTC_SET_TIME: mutex_unlock(&rtc->ops_lock); if (copy_from_user(&tm, uarg, sizeof(tm))) return -EFAULT; return rtc_set_time(rtc, &tm); case RTC_PIE_ON: err = rtc_irq_set_state(rtc, NULL, 1); break; case RTC_PIE_OFF: err = rtc_irq_set_state(rtc, NULL, 0); break; case RTC_IRQP_SET: err = rtc_irq_set_freq(rtc, NULL, arg); break; case RTC_IRQP_READ: err = put_user(rtc->irq_freq, (unsigned long __user *)uarg); break; #if 0 case RTC_EPOCH_SET: #ifndef rtc_epoch if (arg < 1900) { err = -EINVAL; break; } rtc_epoch = arg; err = 0; #endif break; case RTC_EPOCH_READ: err = put_user(rtc_epoch, (unsigned long __user *)uarg); break; #endif case RTC_WKALM_SET: mutex_unlock(&rtc->ops_lock); if (copy_from_user(&alarm, uarg, sizeof(alarm))) return -EFAULT; return rtc_set_alarm(rtc, &alarm); case RTC_WKALM_RD: mutex_unlock(&rtc->ops_lock); err = rtc_read_alarm(rtc, &alarm); if (err < 0) return err; if (copy_to_user(uarg, &alarm, sizeof(alarm))) err = -EFAULT; return err; #ifdef CONFIG_RTC_INTF_DEV_UIE_EMUL case RTC_UIE_OFF: mutex_unlock(&rtc->ops_lock); clear_uie(rtc); return 0; case RTC_UIE_ON: mutex_unlock(&rtc->ops_lock); err = set_uie(rtc); return err; #endif default: err = -ENOTTY; break; } done: mutex_unlock(&rtc->ops_lock); return err; }",linux-2.6,,,74123260780960806539405733317767593130,0 5650,['CWE-476'],"static int compat_udp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { if (level != SOL_UDP) return compat_ip_getsockopt(sk, level, optname, optval, optlen); return do_udp_getsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,33348736241676326015468564634871298250,0 3199,CWE-125,"isis_print_extd_ip_reach(netdissect_options *ndo, const uint8_t *tptr, const char *ident, uint16_t afi) { char ident_buffer[20]; uint8_t prefix[sizeof(struct in6_addr)]; u_int metric, status_byte, bit_length, byte_length, sublen, processed, subtlvtype, subtlvlen; if (!ND_TTEST2(*tptr, 4)) return (0); metric = EXTRACT_32BITS(tptr); processed=4; tptr+=4; if (afi == AF_INET) { if (!ND_TTEST2(*tptr, 1)) return (0); status_byte=*(tptr++); bit_length = status_byte&0x3f; if (bit_length > 32) { ND_PRINT((ndo, ""%sIPv4 prefix: bad bit length %u"", ident, bit_length)); return (0); } processed++; } else if (afi == AF_INET6) { if (!ND_TTEST2(*tptr, 1)) return (0); status_byte=*(tptr++); bit_length=*(tptr++); if (bit_length > 128) { ND_PRINT((ndo, ""%sIPv6 prefix: bad bit length %u"", ident, bit_length)); return (0); } processed+=2; } else return (0); byte_length = (bit_length + 7) / 8; if (!ND_TTEST2(*tptr, byte_length)) return (0); memset(prefix, 0, sizeof prefix); memcpy(prefix,tptr,byte_length); tptr+=byte_length; processed+=byte_length; if (afi == AF_INET) ND_PRINT((ndo, ""%sIPv4 prefix: %15s/%u"", ident, ipaddr_string(ndo, prefix), bit_length)); else if (afi == AF_INET6) ND_PRINT((ndo, ""%sIPv6 prefix: %s/%u"", ident, ip6addr_string(ndo, prefix), bit_length)); ND_PRINT((ndo, "", Distribution: %s, Metric: %u"", ISIS_MASK_TLV_EXTD_IP_UPDOWN(status_byte) ? ""down"" : ""up"", metric)); if (afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) ND_PRINT((ndo, "", sub-TLVs present"")); else if (afi == AF_INET6) ND_PRINT((ndo, "", %s%s"", ISIS_MASK_TLV_EXTD_IP6_IE(status_byte) ? ""External"" : ""Internal"", ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte) ? "", sub-TLVs present"" : """")); if ((afi == AF_INET && ISIS_MASK_TLV_EXTD_IP_SUBTLV(status_byte)) || (afi == AF_INET6 && ISIS_MASK_TLV_EXTD_IP6_SUBTLV(status_byte)) ) { if (!ND_TTEST2(*tptr, 1)) return (0); sublen=*(tptr++); processed+=sublen+1; ND_PRINT((ndo, "" (%u)"", sublen)); while (sublen>0) { if (!ND_TTEST2(*tptr,2)) return (0); subtlvtype=*(tptr++); subtlvlen=*(tptr++); snprintf(ident_buffer, sizeof(ident_buffer), ""%s "",ident); if (!isis_print_ip_reach_subtlv(ndo, tptr, subtlvtype, subtlvlen, ident_buffer)) return(0); tptr+=subtlvlen; sublen-=(subtlvlen+2); } } return (processed); }",visit repo url,print-isoclns.c,https://github.com/the-tcpdump-group/tcpdump,126809218254127,1 3440,CWE-119,"char *path_name(struct strbuf *path, const char *name) { struct strbuf ret = STRBUF_INIT; if (path) strbuf_addbuf(&ret, path); strbuf_addstr(&ret, name); return strbuf_detach(&ret, NULL); }",visit repo url,revision.c,https://github.com/git/git,179718620906383,1 4165,CWE-787,"LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) { static const char module[] = ""LZWDecodeCompat""; LZWCodecState *sp = DecoderState(tif); char *op = (char*) op0; long occ = (long) occ0; char *tp; unsigned char *bp; int code, nbits; long nextbits, nextdata, nbitsmask; code_t *codep, *free_entp, *maxcodep, *oldcodep; (void) s; assert(sp != NULL); if ((tmsize_t) occ != occ0) return (0); if (sp->dec_restart) { long residue; codep = sp->dec_codep; residue = codep->length - sp->dec_restart; if (residue > occ) { sp->dec_restart += occ; do { codep = codep->next; } while (--residue > occ); tp = op + occ; do { *--tp = codep->value; codep = codep->next; } while (--occ); return (1); } op += residue; occ -= residue; tp = op; do { *--tp = codep->value; codep = codep->next; } while (--residue); sp->dec_restart = 0; } bp = (unsigned char *)tif->tif_rawcp; #ifdef LZW_CHECKEOS sp->dec_bitsleft = (((uint64)tif->tif_rawcc) << 3); #endif nbits = sp->lzw_nbits; nextdata = sp->lzw_nextdata; nextbits = sp->lzw_nextbits; nbitsmask = sp->dec_nbitsmask; oldcodep = sp->dec_oldcodep; free_entp = sp->dec_free_entp; maxcodep = sp->dec_maxcodep; while (occ > 0) { NextCode(tif, sp, bp, code, GetNextCodeCompat); if (code == CODE_EOI) break; if (code == CODE_CLEAR) { do { free_entp = sp->dec_codetab + CODE_FIRST; _TIFFmemset(free_entp, 0, (CSIZE - CODE_FIRST) * sizeof (code_t)); nbits = BITS_MIN; nbitsmask = MAXCODE(BITS_MIN); maxcodep = sp->dec_codetab + nbitsmask; NextCode(tif, sp, bp, code, GetNextCodeCompat); } while (code == CODE_CLEAR); if (code == CODE_EOI) break; if (code > CODE_CLEAR) { TIFFErrorExt(tif->tif_clientdata, tif->tif_name, ""LZWDecode: Corrupted LZW table at scanline %d"", tif->tif_row); return (0); } *op++ = (char)code; occ--; oldcodep = sp->dec_codetab + code; continue; } codep = sp->dec_codetab + code; if (free_entp < &sp->dec_codetab[0] || free_entp >= &sp->dec_codetab[CSIZE]) { TIFFErrorExt(tif->tif_clientdata, module, ""Corrupted LZW table at scanline %d"", tif->tif_row); return (0); } free_entp->next = oldcodep; if (free_entp->next < &sp->dec_codetab[0] || free_entp->next >= &sp->dec_codetab[CSIZE]) { TIFFErrorExt(tif->tif_clientdata, module, ""Corrupted LZW table at scanline %d"", tif->tif_row); return (0); } free_entp->firstchar = free_entp->next->firstchar; free_entp->length = free_entp->next->length+1; free_entp->value = (codep < free_entp) ? codep->firstchar : free_entp->firstchar; if (++free_entp > maxcodep) { if (++nbits > BITS_MAX) nbits = BITS_MAX; nbitsmask = MAXCODE(nbits); maxcodep = sp->dec_codetab + nbitsmask; } oldcodep = codep; if (code >= 256) { if(codep->length == 0) { TIFFErrorExt(tif->tif_clientdata, module, ""Wrong length of decoded "" ""string: data probably corrupted at scanline %d"", tif->tif_row); return (0); } if (codep->length > occ) { sp->dec_codep = codep; do { codep = codep->next; } while (codep->length > occ); sp->dec_restart = occ; tp = op + occ; do { *--tp = codep->value; codep = codep->next; } while (--occ); break; } assert(occ >= codep->length); op += codep->length; occ -= codep->length; tp = op; do { *--tp = codep->value; } while( (codep = codep->next) != NULL ); } else { *op++ = (char)code; occ--; } } tif->tif_rawcc -= (tmsize_t)( (uint8*) bp - tif->tif_rawcp ); tif->tif_rawcp = (uint8*) bp; sp->lzw_nbits = (unsigned short)nbits; sp->lzw_nextdata = nextdata; sp->lzw_nextbits = nextbits; sp->dec_nbitsmask = nbitsmask; sp->dec_oldcodep = oldcodep; sp->dec_free_entp = free_entp; sp->dec_maxcodep = maxcodep; if (occ > 0) { #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) TIFFErrorExt(tif->tif_clientdata, module, ""Not enough data at scanline %d (short %I64d bytes)"", tif->tif_row, (unsigned __int64) occ); #else TIFFErrorExt(tif->tif_clientdata, module, ""Not enough data at scanline %d (short %llu bytes)"", tif->tif_row, (unsigned long long) occ); #endif return (0); } return (1); }",visit repo url,libtiff/tif_lzw.c,https://gitlab.com/libtiff/libtiff,202187960723628,1 1614,[],"cpu_cgroup_attach(struct cgroup_subsys *ss, struct cgroup *cgrp, struct cgroup *old_cont, struct task_struct *tsk) { sched_move_task(tsk); }",linux-2.6,,,230051700945096599863066391053908692476,0 5559,CWE-125,"ast2obj_type_ignore(void* _o) { type_ignore_ty o = (type_ignore_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case TypeIgnore_kind: result = PyType_GenericNew(TypeIgnore_type, NULL, NULL); if (!result) goto failed; value = ast2obj_int(o->v.TypeIgnore.lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) == -1) goto failed; Py_DECREF(value); break; } return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,197629676551697,1 2141,CWE-476,"static noinline int btrfs_ioctl_resize(struct file *file, void __user *arg) { struct inode *inode = file_inode(file); struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb); u64 new_size; u64 old_size; u64 devid = 1; struct btrfs_root *root = BTRFS_I(inode)->root; struct btrfs_ioctl_vol_args *vol_args; struct btrfs_trans_handle *trans; struct btrfs_device *device = NULL; char *sizestr; char *retptr; char *devstr = NULL; int ret = 0; int mod = 0; if (!capable(CAP_SYS_ADMIN)) return -EPERM; ret = mnt_want_write_file(file); if (ret) return ret; if (test_and_set_bit(BTRFS_FS_EXCL_OP, &fs_info->flags)) { mnt_drop_write_file(file); return BTRFS_ERROR_DEV_EXCL_RUN_IN_PROGRESS; } vol_args = memdup_user(arg, sizeof(*vol_args)); if (IS_ERR(vol_args)) { ret = PTR_ERR(vol_args); goto out; } vol_args->name[BTRFS_PATH_NAME_MAX] = '\0'; sizestr = vol_args->name; devstr = strchr(sizestr, ':'); if (devstr) { sizestr = devstr + 1; *devstr = '\0'; devstr = vol_args->name; ret = kstrtoull(devstr, 10, &devid); if (ret) goto out_free; if (!devid) { ret = -EINVAL; goto out_free; } btrfs_info(fs_info, ""resizing devid %llu"", devid); } device = btrfs_find_device(fs_info->fs_devices, devid, NULL, NULL); if (!device) { btrfs_info(fs_info, ""resizer unable to find device %llu"", devid); ret = -ENODEV; goto out_free; } if (!test_bit(BTRFS_DEV_STATE_WRITEABLE, &device->dev_state)) { btrfs_info(fs_info, ""resizer unable to apply on readonly device %llu"", devid); ret = -EPERM; goto out_free; } if (!strcmp(sizestr, ""max"")) new_size = device->bdev->bd_inode->i_size; else { if (sizestr[0] == '-') { mod = -1; sizestr++; } else if (sizestr[0] == '+') { mod = 1; sizestr++; } new_size = memparse(sizestr, &retptr); if (*retptr != '\0' || new_size == 0) { ret = -EINVAL; goto out_free; } } if (test_bit(BTRFS_DEV_STATE_REPLACE_TGT, &device->dev_state)) { ret = -EPERM; goto out_free; } old_size = btrfs_device_get_total_bytes(device); if (mod < 0) { if (new_size > old_size) { ret = -EINVAL; goto out_free; } new_size = old_size - new_size; } else if (mod > 0) { if (new_size > ULLONG_MAX - old_size) { ret = -ERANGE; goto out_free; } new_size = old_size + new_size; } if (new_size < SZ_256M) { ret = -EINVAL; goto out_free; } if (new_size > device->bdev->bd_inode->i_size) { ret = -EFBIG; goto out_free; } new_size = round_down(new_size, fs_info->sectorsize); btrfs_info_in_rcu(fs_info, ""new size for %s is %llu"", rcu_str_deref(device->name), new_size); if (new_size > old_size) { trans = btrfs_start_transaction(root, 0); if (IS_ERR(trans)) { ret = PTR_ERR(trans); goto out_free; } ret = btrfs_grow_device(trans, device, new_size); btrfs_commit_transaction(trans); } else if (new_size < old_size) { ret = btrfs_shrink_device(device, new_size); } out_free: kfree(vol_args); out: clear_bit(BTRFS_FS_EXCL_OP, &fs_info->flags); mnt_drop_write_file(file); return ret; }",visit repo url,fs/btrfs/ioctl.c,https://github.com/torvalds/linux,127631426630742,1 4919,CWE-59,"smtp_log_to_file(smtp_t *smtp) { FILE *fp = fopen(""/tmp/smtp-alert.log"", ""a""); time_t now; struct tm tm; char time_buf[25]; int time_buf_len; time(&now); localtime_r(&now, &tm); time_buf_len = strftime(time_buf, sizeof time_buf, ""%a %b %e %X %Y"", &tm); fprintf(fp, ""%s: %s -> %s\n"" ""%*sSubject: %s\n"" ""%*sBody: %s\n\n"", time_buf, global_data->email_from, smtp->email_to, time_buf_len - 7, """", smtp->subject, time_buf_len - 7, """", smtp->body); fclose(fp); free_smtp_all(smtp); }",visit repo url,keepalived/core/smtp.c,https://github.com/acassen/keepalived,170681400583809,1 1570,CWE-119,"static __init int sctp_init(void) { int i; int status = -EINVAL; unsigned long goal; unsigned long limit; int max_share; int order; sock_skb_cb_check_size(sizeof(struct sctp_ulpevent)); status = -ENOBUFS; sctp_bucket_cachep = kmem_cache_create(""sctp_bind_bucket"", sizeof(struct sctp_bind_bucket), 0, SLAB_HWCACHE_ALIGN, NULL); if (!sctp_bucket_cachep) goto out; sctp_chunk_cachep = kmem_cache_create(""sctp_chunk"", sizeof(struct sctp_chunk), 0, SLAB_HWCACHE_ALIGN, NULL); if (!sctp_chunk_cachep) goto err_chunk_cachep; status = percpu_counter_init(&sctp_sockets_allocated, 0, GFP_KERNEL); if (status) goto err_percpu_counter_init; sctp_max_instreams = SCTP_DEFAULT_INSTREAMS; sctp_max_outstreams = SCTP_DEFAULT_OUTSTREAMS; idr_init(&sctp_assocs_id); limit = nr_free_buffer_pages() / 8; limit = max(limit, 128UL); sysctl_sctp_mem[0] = limit / 4 * 3; sysctl_sctp_mem[1] = limit; sysctl_sctp_mem[2] = sysctl_sctp_mem[0] * 2; limit = (sysctl_sctp_mem[1]) << (PAGE_SHIFT - 7); max_share = min(4UL*1024*1024, limit); sysctl_sctp_rmem[0] = SK_MEM_QUANTUM; sysctl_sctp_rmem[1] = 1500 * SKB_TRUESIZE(1); sysctl_sctp_rmem[2] = max(sysctl_sctp_rmem[1], max_share); sysctl_sctp_wmem[0] = SK_MEM_QUANTUM; sysctl_sctp_wmem[1] = 16*1024; sysctl_sctp_wmem[2] = max(64*1024, max_share); if (totalram_pages >= (128 * 1024)) goal = totalram_pages >> (22 - PAGE_SHIFT); else goal = totalram_pages >> (24 - PAGE_SHIFT); for (order = 0; (1UL << order) < goal; order++) ; do { sctp_assoc_hashsize = (1UL << order) * PAGE_SIZE / sizeof(struct sctp_hashbucket); if ((sctp_assoc_hashsize > (64 * 1024)) && order > 0) continue; sctp_assoc_hashtable = (struct sctp_hashbucket *) __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, order); } while (!sctp_assoc_hashtable && --order > 0); if (!sctp_assoc_hashtable) { pr_err(""Failed association hash alloc\n""); status = -ENOMEM; goto err_ahash_alloc; } for (i = 0; i < sctp_assoc_hashsize; i++) { rwlock_init(&sctp_assoc_hashtable[i].lock); INIT_HLIST_HEAD(&sctp_assoc_hashtable[i].chain); } sctp_ep_hashsize = 64; sctp_ep_hashtable = kmalloc(64 * sizeof(struct sctp_hashbucket), GFP_KERNEL); if (!sctp_ep_hashtable) { pr_err(""Failed endpoint_hash alloc\n""); status = -ENOMEM; goto err_ehash_alloc; } for (i = 0; i < sctp_ep_hashsize; i++) { rwlock_init(&sctp_ep_hashtable[i].lock); INIT_HLIST_HEAD(&sctp_ep_hashtable[i].chain); } do { sctp_port_hashsize = (1UL << order) * PAGE_SIZE / sizeof(struct sctp_bind_hashbucket); if ((sctp_port_hashsize > (64 * 1024)) && order > 0) continue; sctp_port_hashtable = (struct sctp_bind_hashbucket *) __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, order); } while (!sctp_port_hashtable && --order > 0); if (!sctp_port_hashtable) { pr_err(""Failed bind hash alloc\n""); status = -ENOMEM; goto err_bhash_alloc; } for (i = 0; i < sctp_port_hashsize; i++) { spin_lock_init(&sctp_port_hashtable[i].lock); INIT_HLIST_HEAD(&sctp_port_hashtable[i].chain); } pr_info(""Hash tables configured (established %d bind %d)\n"", sctp_assoc_hashsize, sctp_port_hashsize); sctp_sysctl_register(); INIT_LIST_HEAD(&sctp_address_families); sctp_v4_pf_init(); sctp_v6_pf_init(); status = sctp_v4_protosw_init(); if (status) goto err_protosw_init; status = sctp_v6_protosw_init(); if (status) goto err_v6_protosw_init; status = register_pernet_subsys(&sctp_net_ops); if (status) goto err_register_pernet_subsys; status = sctp_v4_add_protocol(); if (status) goto err_add_protocol; status = sctp_v6_add_protocol(); if (status) goto err_v6_add_protocol; out: return status; err_v6_add_protocol: sctp_v4_del_protocol(); err_add_protocol: unregister_pernet_subsys(&sctp_net_ops); err_register_pernet_subsys: sctp_v6_protosw_exit(); err_v6_protosw_init: sctp_v4_protosw_exit(); err_protosw_init: sctp_v4_pf_exit(); sctp_v6_pf_exit(); sctp_sysctl_unregister(); free_pages((unsigned long)sctp_port_hashtable, get_order(sctp_port_hashsize * sizeof(struct sctp_bind_hashbucket))); err_bhash_alloc: kfree(sctp_ep_hashtable); err_ehash_alloc: free_pages((unsigned long)sctp_assoc_hashtable, get_order(sctp_assoc_hashsize * sizeof(struct sctp_hashbucket))); err_ahash_alloc: percpu_counter_destroy(&sctp_sockets_allocated); err_percpu_counter_init: kmem_cache_destroy(sctp_chunk_cachep); err_chunk_cachep: kmem_cache_destroy(sctp_bucket_cachep); goto out; }",visit repo url,net/sctp/protocol.c,https://github.com/torvalds/linux,221811451471159,1 2093,[],"int udp_destroy_sock(struct sock *sk) { lock_sock(sk); udp_flush_pending_frames(sk); release_sock(sk); return 0; }",linux-2.6,,,184235135614322881039512161713934054845,0 2213,NVD-CWE-noinfo,"nfs4_open_revalidate(struct inode *dir, struct dentry *dentry, int openflags, struct nameidata *nd) { struct path path = { .mnt = nd->path.mnt, .dentry = dentry, }; struct rpc_cred *cred; struct nfs4_state *state; cred = rpc_lookup_cred(); if (IS_ERR(cred)) return PTR_ERR(cred); state = nfs4_do_open(dir, &path, openflags, NULL, cred); put_rpccred(cred); if (IS_ERR(state)) { switch (PTR_ERR(state)) { case -EPERM: case -EACCES: case -EDQUOT: case -ENOSPC: case -EROFS: lookup_instantiate_filp(nd, (struct dentry *)state, NULL); return 1; default: goto out_drop; } } if (state->inode == dentry->d_inode) { nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); nfs4_intent_set_file(nd, &path, state); return 1; } nfs4_close_sync(&path, state, openflags); out_drop: d_drop(dentry); return 0; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,143606558981390,1 2472,['CWE-119'],"static int fill_mmfile(mmfile_t *mf, struct diff_filespec *one) { if (!DIFF_FILE_VALID(one)) { mf->ptr = (char *)""""; mf->size = 0; return 0; } else if (diff_populate_filespec(one, 0)) return -1; mf->ptr = one->data; mf->size = one->size; return 0; }",git,,,276644162538449650351825555551238911838,0 3601,['CWE-20'],"static sctp_disposition_t sctp_sf_abort_violation( const struct sctp_endpoint *ep, const struct sctp_association *asoc, void *arg, sctp_cmd_seq_t *commands, const __u8 *payload, const size_t paylen) { struct sctp_packet *packet = NULL; struct sctp_chunk *chunk = arg; struct sctp_chunk *abort = NULL; if (sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)) goto discard; abort = sctp_make_abort_violation(asoc, chunk, payload, paylen); if (!abort) goto nomem; if (asoc) { if (chunk->chunk_hdr->type == SCTP_CID_INIT_ACK && !asoc->peer.i.init_tag) { sctp_initack_chunk_t *initack; initack = (sctp_initack_chunk_t *)chunk->chunk_hdr; if (!sctp_chunk_length_valid(chunk, sizeof(sctp_initack_chunk_t))) abort->chunk_hdr->flags |= SCTP_CHUNK_FLAG_T; else { unsigned int inittag; inittag = ntohl(initack->init_hdr.init_tag); sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_INITTAG, SCTP_U32(inittag)); } } sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); if (asoc->state <= SCTP_STATE_COOKIE_ECHOED) { sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT)); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNREFUSED)); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, SCTP_PERR(SCTP_ERROR_PROTO_VIOLATION)); } else { sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_PROTO_VIOLATION)); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); } } else { packet = sctp_ootb_pkt_new(asoc, chunk); if (!packet) goto nomem_pkt; if (sctp_test_T_bit(abort)) packet->vtag = ntohl(chunk->sctp_hdr->vtag); abort->skb->sk = ep->base.sk; sctp_packet_append_chunk(packet, abort); sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(packet)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); } discard: sctp_sf_pdiscard(ep, asoc, SCTP_ST_CHUNK(0), arg, commands); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); return SCTP_DISPOSITION_ABORT; nomem_pkt: sctp_chunk_free(abort); nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,274176237006657591898906148757090646610,0 2424,CWE-787,"static int decode_zbuf(AVBPrint *bp, const uint8_t *data, const uint8_t *data_end) { z_stream zstream; unsigned char *buf; unsigned buf_size; int ret; zstream.zalloc = ff_png_zalloc; zstream.zfree = ff_png_zfree; zstream.opaque = NULL; if (inflateInit(&zstream) != Z_OK) return AVERROR_EXTERNAL; zstream.next_in = (unsigned char *)data; zstream.avail_in = data_end - data; av_bprint_init(bp, 0, -1); while (zstream.avail_in > 0) { av_bprint_get_buffer(bp, 1, &buf, &buf_size); if (!buf_size) { ret = AVERROR(ENOMEM); goto fail; } zstream.next_out = buf; zstream.avail_out = buf_size; ret = inflate(&zstream, Z_PARTIAL_FLUSH); if (ret != Z_OK && ret != Z_STREAM_END) { ret = AVERROR_EXTERNAL; goto fail; } bp->len += zstream.next_out - buf; if (ret == Z_STREAM_END) break; } inflateEnd(&zstream); bp->str[bp->len] = 0; return 0; fail: inflateEnd(&zstream); av_bprint_finalize(bp, NULL); return ret; }",visit repo url,libavcodec/pngdec.c,https://github.com/FFmpeg/FFmpeg,107455258617810,1 5805,CWE-20,"ChunkedDecode(Request *reqPtr, bool update) { const Tcl_DString *bufPtr; const char *end, *chunkStart; bool success = NS_TRUE; NS_NONNULL_ASSERT(reqPtr != NULL); bufPtr = &reqPtr->buffer; end = bufPtr->string + bufPtr->length; chunkStart = bufPtr->string + reqPtr->chunkStartOff; while (reqPtr->chunkStartOff < (size_t)bufPtr->length) { char *p = strstr(chunkStart, ""\r\n""); size_t chunk_length; if (p == NULL) { Ns_Log(DriverDebug, ""ChunkedDecode: chunk did not find end-of-line""); success = NS_FALSE; break; } *p = '\0'; chunk_length = (size_t)strtol(chunkStart, NULL, 16); *p = '\r'; if (p + 2 + chunk_length > end) { Ns_Log(DriverDebug, ""ChunkedDecode: chunk length past end of buffer""); success = NS_FALSE; break; } if (update) { char *writeBuffer = bufPtr->string + reqPtr->chunkWriteOff; memmove(writeBuffer, p + 2, chunk_length); reqPtr->chunkWriteOff += chunk_length; *(writeBuffer + chunk_length) = '\0'; } reqPtr->chunkStartOff += (size_t)(p - chunkStart) + 4u + chunk_length; chunkStart = bufPtr->string + reqPtr->chunkStartOff; } return success; }",visit repo url,nsd/driver.c,https://bitbucket.org/naviserver/naviserver,229835165102118,1 6027,CWE-125,"find_sig8_target_as_global_offset(Dwarf_Attribute attr, Dwarf_Sig8 *sig8, Dwarf_Bool *is_info, Dwarf_Off *targoffset, Dwarf_Error *error) { Dwarf_Die targdie = 0; Dwarf_Bool targ_is_info = 0; Dwarf_Off localoff = 0; int res = 0; targ_is_info = attr->ar_cu_context->cc_is_info; memcpy(sig8,attr->ar_debug_ptr,sizeof(*sig8)); res = dwarf_find_die_given_sig8(attr->ar_dbg, sig8,&targdie,&targ_is_info,error); if (res != DW_DLV_OK) { return res; } res = dwarf_die_offsets(targdie,targoffset,&localoff,error); if (res != DW_DLV_OK) { dwarf_dealloc_die(targdie); return res; } *is_info = targdie->di_cu_context->cc_is_info; dwarf_dealloc_die(targdie); return DW_DLV_OK; }",visit repo url,src/lib/libdwarf/dwarf_form.c,https://github.com/davea42/libdwarf-code,168653920984073,1 146,CWE-416,"max3421_select_and_start_urb(struct usb_hcd *hcd) { struct spi_device *spi = to_spi_device(hcd->self.controller); struct max3421_hcd *max3421_hcd = hcd_to_max3421(hcd); struct urb *urb, *curr_urb = NULL; struct max3421_ep *max3421_ep; int epnum, force_toggles = 0; struct usb_host_endpoint *ep; struct list_head *pos; unsigned long flags; spin_lock_irqsave(&max3421_hcd->lock, flags); for (; max3421_hcd->sched_pass < SCHED_PASS_DONE; ++max3421_hcd->sched_pass) list_for_each(pos, &max3421_hcd->ep_list) { urb = NULL; max3421_ep = container_of(pos, struct max3421_ep, ep_list); ep = max3421_ep->ep; switch (usb_endpoint_type(&ep->desc)) { case USB_ENDPOINT_XFER_ISOC: case USB_ENDPOINT_XFER_INT: if (max3421_hcd->sched_pass != SCHED_PASS_PERIODIC) continue; break; case USB_ENDPOINT_XFER_CONTROL: case USB_ENDPOINT_XFER_BULK: if (max3421_hcd->sched_pass != SCHED_PASS_NON_PERIODIC) continue; break; } if (list_empty(&ep->urb_list)) continue; urb = list_first_entry(&ep->urb_list, struct urb, urb_list); if (urb->unlinked) { dev_dbg(&spi->dev, ""%s: URB %p unlinked=%d"", __func__, urb, urb->unlinked); max3421_hcd->curr_urb = urb; max3421_hcd->urb_done = 1; spin_unlock_irqrestore(&max3421_hcd->lock, flags); return 1; } switch (usb_endpoint_type(&ep->desc)) { case USB_ENDPOINT_XFER_CONTROL: if (frame_diff(max3421_ep->last_active, max3421_hcd->frame_number) == 0) continue; break; case USB_ENDPOINT_XFER_BULK: if (max3421_ep->retransmit && (frame_diff(max3421_ep->last_active, max3421_hcd->frame_number) == 0)) continue; break; case USB_ENDPOINT_XFER_ISOC: case USB_ENDPOINT_XFER_INT: if (frame_diff(max3421_hcd->frame_number, max3421_ep->last_active) < urb->interval) continue; break; } list_move_tail(pos, &max3421_hcd->ep_list); curr_urb = urb; goto done; } done: if (!curr_urb) { spin_unlock_irqrestore(&max3421_hcd->lock, flags); return 0; } urb = max3421_hcd->curr_urb = curr_urb; epnum = usb_endpoint_num(&urb->ep->desc); if (max3421_ep->retransmit) max3421_ep->retransmit = 0; else { if (usb_endpoint_xfer_control(&ep->desc)) { usb_settoggle(urb->dev, epnum, 0, 1); usb_settoggle(urb->dev, epnum, 1, 1); max3421_ep->pkt_state = PKT_STATE_SETUP; force_toggles = 1; } else max3421_ep->pkt_state = PKT_STATE_TRANSFER; } spin_unlock_irqrestore(&max3421_hcd->lock, flags); max3421_ep->last_active = max3421_hcd->frame_number; max3421_set_address(hcd, urb->dev, epnum, force_toggles); max3421_set_speed(hcd, urb->dev); max3421_next_transfer(hcd, 0); return 1; }",visit repo url,drivers/usb/host/max3421-hcd.c,https://github.com/torvalds/linux,269982487554522,1 1852,['CWE-189'],"_gnutls_send_handshake (gnutls_session_t session, void *i_data, uint32_t i_datasize, gnutls_handshake_description_t type) { int ret; uint8_t *data; uint32_t datasize; int pos = 0; if (i_data == NULL && i_datasize == 0) { ret = _gnutls_handshake_io_write_flush (session); return ret; } if (i_data == NULL && i_datasize > 0) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } datasize = i_datasize + HANDSHAKE_HEADER_SIZE; data = gnutls_malloc (datasize); if (data == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } data[pos++] = (uint8_t) type; _gnutls_write_uint24 (i_datasize, &data[pos]); pos += 3; if (i_datasize > 0) memcpy (&data[pos], i_data, i_datasize); _gnutls_handshake_log (""HSK[%x]: %s was send [%ld bytes]\n"", session, _gnutls_handshake2str (type), datasize); if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) if ((ret = _gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0) { gnutls_assert (); gnutls_free (data); return ret; } session->internals.last_handshake_out = type; ret = _gnutls_handshake_io_send_int (session, GNUTLS_HANDSHAKE, type, data, datasize); gnutls_free (data); return ret; }",gnutls,,,46316780351433063375371159560239447595,0 5644,['CWE-476'],"int udp_get_port(struct sock *sk, unsigned short snum, int (*saddr_cmp)(const struct sock *sk1, const struct sock *sk2)) { struct hlist_node *node; struct hlist_head *head; struct sock *sk2; int error = 1; write_lock_bh(&udp_hash_lock); if (snum == 0) { int best_size_so_far, best, result, i; if (udp_port_rover > sysctl_local_port_range[1] || udp_port_rover < sysctl_local_port_range[0]) udp_port_rover = sysctl_local_port_range[0]; best_size_so_far = 32767; best = result = udp_port_rover; for (i = 0; i < UDP_HTABLE_SIZE; i++, result++) { int size; head = &udp_hash[result & (UDP_HTABLE_SIZE - 1)]; if (hlist_empty(head)) { if (result > sysctl_local_port_range[1]) result = sysctl_local_port_range[0] + ((result - sysctl_local_port_range[0]) & (UDP_HTABLE_SIZE - 1)); goto gotit; } size = 0; sk_for_each(sk2, node, head) if (++size < best_size_so_far) { best_size_so_far = size; best = result; } } result = best; for(i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++, result += UDP_HTABLE_SIZE) { if (result > sysctl_local_port_range[1]) result = sysctl_local_port_range[0] + ((result - sysctl_local_port_range[0]) & (UDP_HTABLE_SIZE - 1)); if (!udp_lport_inuse(result)) break; } if (i >= (1 << 16) / UDP_HTABLE_SIZE) goto fail; gotit: udp_port_rover = snum = result; } else { head = &udp_hash[snum & (UDP_HTABLE_SIZE - 1)]; sk_for_each(sk2, node, head) if (inet_sk(sk2)->num == snum && sk2 != sk && (!sk2->sk_reuse || !sk->sk_reuse) && (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && (*saddr_cmp)(sk, sk2) ) goto fail; } inet_sk(sk)->num = snum; if (sk_unhashed(sk)) { head = &udp_hash[snum & (UDP_HTABLE_SIZE - 1)]; sk_add_node(sk, head); sock_prot_inc_use(sk->sk_prot); } error = 0; fail: write_unlock_bh(&udp_hash_lock); return error; }",linux-2.6,,,335331958588780952983084905922630726111,0 3081,['CWE-189'],"void jpc_ns_invlift_colres(jpc_fix_t *a, int numrows, int numcols, int stride, int parity) { jpc_fix_t *lptr; jpc_fix_t *hptr; register jpc_fix_t *lptr2; register jpc_fix_t *hptr2; register int n; register int i; int llen; llen = (numrows + 1 - parity) >> 1; if (numrows > 1) { #if defined(WT_DOSCALE) lptr = &a[0]; n = llen; while (n-- > 0) { lptr2 = lptr; for (i = 0; i < numcols; ++i) { lptr2[0] = jpc_fix_mul(lptr2[0], jpc_dbltofix(1.0 / LGAIN)); ++lptr2; } lptr += stride; } hptr = &a[llen * stride]; n = numrows - llen; while (n-- > 0) { hptr2 = hptr; for (i = 0; i < numcols; ++i) { hptr2[0] = jpc_fix_mul(hptr2[0], jpc_dbltofix(1.0 / HGAIN)); ++hptr2; } hptr += stride; } #endif lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(DELTA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(GAMMA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(BETA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(ALPHA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++lptr2; ++hptr2; } } } else { #if defined(WT_LENONE) if (parity) { lptr2 = &a[0]; for (i = 0; i < numcols; ++i) { lptr2[0] >>= 1; ++lptr2; } } #endif } }",jasper,,,257103738264596565499187825263152089219,0 6380,CWE-20,"error_t dm9000SendPacket(NetInterface *interface, const NetBuffer *buffer, size_t offset, NetTxAncillary *ancillary) { size_t i; size_t length; uint16_t *p; Dm9000Context *context; context = (Dm9000Context *) interface->nicContext; length = netBufferGetLength(buffer) - offset; if(length > ETH_MAX_FRAME_SIZE) { osSetEvent(&interface->nicTxEvent); return ERROR_INVALID_LENGTH; } netBufferRead(context->txBuffer, buffer, offset, length); dm9000WriteReg(DM9000_REG_MWCMDX, 0); DM9000_INDEX_REG = DM9000_REG_MWCMD; p = (uint16_t *) context->txBuffer; for(i = length; i > 1; i -= 2) { DM9000_DATA_REG = *(p++); } if(i > 0) { DM9000_DATA_REG = *((uint8_t *) p); } dm9000WriteReg(DM9000_REG_TXPLL, LSB(length)); dm9000WriteReg(DM9000_REG_TXPLH, MSB(length)); dm9000WriteReg(DM9000_REG_ISR, ISR_PT); dm9000WriteReg(DM9000_REG_TCR, TCR_TXREQ); context->queuedPackets++; return NO_ERROR; }",visit repo url,drivers/eth/dm9000_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,105243194651694,1 3873,['CWE-119'],"int lbs_set_scan(struct net_device *dev, struct iw_request_info *info, union iwreq_data *wrqu, char *extra) { struct lbs_private *priv = dev->priv; int ret = 0; lbs_deb_enter(LBS_DEB_WEXT); if (!priv->radio_on) { ret = -EINVAL; goto out; } if (!netif_running(dev)) { ret = -ENETDOWN; goto out; } if (wrqu->data.length == sizeof(struct iw_scan_req) && wrqu->data.flags & IW_SCAN_THIS_ESSID) { struct iw_scan_req *req = (struct iw_scan_req *)extra; priv->scan_ssid_len = req->essid_len; memcpy(priv->scan_ssid, req->essid, priv->scan_ssid_len); lbs_deb_wext(""set_scan, essid '%s'\n"", escape_essid(priv->scan_ssid, priv->scan_ssid_len)); } else { priv->scan_ssid_len = 0; } if (!delayed_work_pending(&priv->scan_work)) queue_delayed_work(priv->work_thread, &priv->scan_work, msecs_to_jiffies(50)); priv->scan_channel = -1; if (priv->surpriseremoved) ret = -EIO; out: lbs_deb_leave_args(LBS_DEB_WEXT, ""ret %d"", ret); return ret; }",linux-2.6,,,11124716440864440862018492729029890198,0 6003,CWE-120,"static PyObject *__pyx_f_17clickhouse_driver_14bufferedwriter___pyx_unpickle_BufferedWriter__set_state(struct __pyx_obj_17clickhouse_driver_14bufferedwriter_BufferedWriter *__pyx_v___pyx_result, PyObject *__pyx_v___pyx_state) { PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; char *__pyx_t_2; Py_ssize_t __pyx_t_3; int __pyx_t_4; int __pyx_t_5; int __pyx_t_6; PyObject *__pyx_t_7 = NULL; PyObject *__pyx_t_8 = NULL; PyObject *__pyx_t_9 = NULL; __Pyx_RefNannySetupContext(""__pyx_unpickle_BufferedWriter__set_state"", 0); if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 0, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = __Pyx_PyObject_AsWritableString(__pyx_t_1); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error) __pyx_v___pyx_result->buffer = __pyx_t_2; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 1, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_3 = __Pyx_PyIndex_AsSsize_t(__pyx_t_1); if (unlikely((__pyx_t_3 == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_v___pyx_result->buffer_size = __pyx_t_3; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 12, __pyx_L1_error) } __pyx_t_1 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 2, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_3 = __Pyx_PyIndex_AsSsize_t(__pyx_t_1); if (unlikely((__pyx_t_3 == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_v___pyx_result->position = __pyx_t_3; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""object of type 'NoneType' has no len()""); __PYX_ERR(1, 13, __pyx_L1_error) } __pyx_t_3 = PyTuple_GET_SIZE(__pyx_v___pyx_state); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(1, 13, __pyx_L1_error) __pyx_t_5 = ((__pyx_t_3 > 3) != 0); if (__pyx_t_5) { } else { __pyx_t_4 = __pyx_t_5; goto __pyx_L4_bool_binop_done; } __pyx_t_5 = __Pyx_HasAttr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(__pyx_t_5 == ((int)-1))) __PYX_ERR(1, 13, __pyx_L1_error) __pyx_t_6 = (__pyx_t_5 != 0); __pyx_t_4 = __pyx_t_6; __pyx_L4_bool_binop_done:; if (__pyx_t_4) { __pyx_t_7 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(!__pyx_t_7)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_7); __pyx_t_8 = __Pyx_PyObject_GetAttrStr(__pyx_t_7, __pyx_n_s_update); if (unlikely(!__pyx_t_8)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_8); __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0; if (unlikely(__pyx_v___pyx_state == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(1, 14, __pyx_L1_error) } __pyx_t_7 = __Pyx_GetItemInt_Tuple(__pyx_v___pyx_state, 3, long, 1, __Pyx_PyInt_From_long, 0, 0, 1); if (unlikely(!__pyx_t_7)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_7); __pyx_t_9 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_8))) { __pyx_t_9 = PyMethod_GET_SELF(__pyx_t_8); if (likely(__pyx_t_9)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_8); __Pyx_INCREF(__pyx_t_9); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_8, function); } } __pyx_t_1 = (__pyx_t_9) ? __Pyx_PyObject_Call2Args(__pyx_t_8, __pyx_t_9, __pyx_t_7) : __Pyx_PyObject_CallOneArg(__pyx_t_8, __pyx_t_7); __Pyx_XDECREF(__pyx_t_9); __pyx_t_9 = 0; __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0; if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 14, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_DECREF(__pyx_t_8); __pyx_t_8 = 0; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; } __pyx_r = Py_None; __Pyx_INCREF(Py_None); goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_7); __Pyx_XDECREF(__pyx_t_8); __Pyx_XDECREF(__pyx_t_9); __Pyx_AddTraceback(""clickhouse_driver.bufferedwriter.__pyx_unpickle_BufferedWriter__set_state"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = 0; __pyx_L0:; __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedwriter.c,https://github.com/mymarilyn/clickhouse-driver,188546974735815,1 349,CWE-416,"static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags) { struct dentry *dir; struct fscrypt_info *ci; int dir_has_key, cached_with_key; if (flags & LOOKUP_RCU) return -ECHILD; dir = dget_parent(dentry); if (!d_inode(dir)->i_sb->s_cop->is_encrypted(d_inode(dir))) { dput(dir); return 0; } ci = d_inode(dir)->i_crypt_info; if (ci && ci->ci_keyring_key && (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) | (1 << KEY_FLAG_REVOKED) | (1 << KEY_FLAG_DEAD)))) ci = NULL; spin_lock(&dentry->d_lock); cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY; spin_unlock(&dentry->d_lock); dir_has_key = (ci != NULL); dput(dir); if ((!cached_with_key && d_is_negative(dentry)) || (!cached_with_key && dir_has_key) || (cached_with_key && !dir_has_key)) return 0; return 1; }",visit repo url,fs/crypto/crypto.c,https://github.com/torvalds/linux,81154886430531,1 3094,CWE-119,"int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) { int al,i,j,ret; unsigned int n; SSL3_RECORD *rr; void (*cb)(const SSL *ssl,int type2,int val)=NULL; if (s->s3->rbuf.buf == NULL) if (!ssl3_setup_buffers(s)) return(-1); if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); return -1; } if ( (ret = have_handshake_fragment(s, type, buf, len, peek))) return ret; #ifndef OPENSSL_NO_SCTP if ((!s->in_handshake && SSL_in_init(s)) || (BIO_dgram_is_sctp(SSL_get_rbio(s)) && (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) && s->s3->in_read_app_data != 2)) #else if (!s->in_handshake && SSL_in_init(s)) #endif { i=s->handshake_func(s); if (i < 0) return(i); if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); return(-1); } } start: s->rwstate=SSL_NOTHING; rr = &(s->s3->rrec); if (s->state == SSL_ST_OK && rr->length == 0) { pitem *item; item = pqueue_pop(s->d1->buffered_app_data.q); if (item) { #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_rbio(s))) { DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); } #endif dtls1_copy_record(s, item); OPENSSL_free(item->data); pitem_free(item); } } if (dtls1_handle_timeout(s) > 0) goto start; if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { ret=dtls1_get_record(s); if (ret <= 0) { ret = dtls1_read_failed(s, ret); if (ret <= 0) return(ret); else goto start; } } if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) { rr->length = 0; goto start; } if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE)) { dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); rr->length = 0; goto start; } if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { rr->length=0; s->rwstate=SSL_NOTHING; return(0); } if (type == rr->type) { if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && (s->enc_read_ctx == NULL)) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); goto f_err; } if (len <= 0) return(len); if ((unsigned int)len > rr->length) n = rr->length; else n = (unsigned int)len; memcpy(buf,&(rr->data[rr->off]),n); if (!peek) { rr->length-=n; rr->off+=n; if (rr->length == 0) { s->rstate=SSL_ST_READ_HEADER; rr->off=0; } } #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && rr->type == SSL3_RT_APPLICATION_DATA && (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) { s->rwstate=SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); } if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; return(0); } #endif return(n); } { unsigned int k, dest_maxlen = 0; unsigned char *dest = NULL; unsigned int *dest_len = NULL; if (rr->type == SSL3_RT_HANDSHAKE) { dest_maxlen = sizeof s->d1->handshake_fragment; dest = s->d1->handshake_fragment; dest_len = &s->d1->handshake_fragment_len; } else if (rr->type == SSL3_RT_ALERT) { dest_maxlen = sizeof(s->d1->alert_fragment); dest = s->d1->alert_fragment; dest_len = &s->d1->alert_fragment_len; } #ifndef OPENSSL_NO_HEARTBEATS else if (rr->type == TLS1_RT_HEARTBEAT) { dtls1_process_heartbeat(s); rr->length = 0; s->rwstate=SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); return(-1); } #endif else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) { if (rr->type == SSL3_RT_APPLICATION_DATA) { BIO *bio; s->s3->in_read_app_data=2; bio=SSL_get_rbio(s); s->rwstate=SSL_READING; BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); return(-1); } al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); goto f_err; } if (dest_maxlen > 0) { if ( rr->length < dest_maxlen) { #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE FIX ME #endif s->rstate=SSL_ST_READ_HEADER; rr->length = 0; goto start; } for ( k = 0; k < dest_maxlen; k++) { dest[k] = rr->data[rr->off++]; rr->length--; } *dest_len = dest_maxlen; } } if ((!s->server) && (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && (s->session != NULL) && (s->session->cipher != NULL)) { s->d1->handshake_fragment_len = 0; if ((s->d1->handshake_fragment[1] != 0) || (s->d1->handshake_fragment[2] != 0) || (s->d1->handshake_fragment[3] != 0)) { al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); goto err; } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->d1->handshake_fragment, 4, s, s->msg_callback_arg); if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !s->s3->renegotiate) { s->d1->handshake_read_seq++; s->new_session = 1; ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) { i=s->handshake_func(s); if (i < 0) return(i); if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); return(-1); } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (s->s3->rbuf.left == 0) { BIO *bio; s->rwstate=SSL_READING; bio=SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); return(-1); } } } } goto start; } if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { int alert_level = s->d1->alert_fragment[0]; int alert_descr = s->d1->alert_fragment[1]; s->d1->alert_fragment_len = 0; if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_ALERT, s->d1->alert_fragment, 2, s, s->msg_callback_arg); if (s->info_callback != NULL) cb=s->info_callback; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; if (cb != NULL) { j = (alert_level << 8) | alert_descr; cb(s, SSL_CB_READ_ALERT, j); } if (alert_level == 1) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { s->d1->shutdown_received = 1; s->rwstate=SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); return -1; } #endif s->shutdown |= SSL_RECEIVED_SHUTDOWN; return(0); } #if 0 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { unsigned short seq; unsigned int frag_off; unsigned char *p = &(s->d1->alert_fragment[2]); n2s(p, seq); n2l3(p, frag_off); dtls1_retransmit_message(s, dtls1_get_queue_priority(frag->msg_header.seq, 0), frag_off, &found); if ( ! found && SSL_in_init(s)) { ssl3_send_alert(s,SSL3_AL_WARNING, DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); } } #endif } else if (alert_level == 2) { char tmp[16]; s->rwstate=SSL_NOTHING; s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); BIO_snprintf(tmp,sizeof tmp,""%d"",alert_descr); ERR_add_error_data(2,""SSL alert number "",tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx,s->session); return(0); } else { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); goto f_err; } goto start; } if (s->shutdown & SSL_SENT_SHUTDOWN) { s->rwstate=SSL_NOTHING; rr->length=0; return(0); } if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { struct ccs_header_st ccs_hdr; unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; dtls1_get_ccs_header(rr->data, &ccs_hdr); if (s->version == DTLS1_BAD_VER) ccs_hdr_len = 3; if ( (rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { i=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); goto err; } rr->length=0; if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); if (!s->d1->change_cipher_spec_ok) { goto start; } s->d1->change_cipher_spec_ok = 0; s->s3->change_cipher_spec=1; if (!ssl3_do_change_cipher_spec(s)) goto err; dtls1_reset_seq_numbers(s, SSL3_CC_READ); if (s->version == DTLS1_BAD_VER) s->d1->handshake_read_seq++; #ifndef OPENSSL_NO_SCTP BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL); #endif goto start; } if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && !s->in_handshake) { struct hm_header_st msg_hdr; dtls1_get_message_header(rr->data, &msg_hdr); if( rr->epoch != s->d1->r_epoch) { rr->length = 0; goto start; } if (msg_hdr.type == SSL3_MT_FINISHED) { if (dtls1_check_timeout_num(s) < 0) return -1; dtls1_retransmit_buffered_messages(s); rr->length = 0; goto start; } if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { #if 0 s->state=SSL_ST_BEFORE|(s->server) ?SSL_ST_ACCEPT :SSL_ST_CONNECT; #else s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; #endif s->renegotiate=1; s->new_session=1; } i=s->handshake_func(s); if (i < 0) return(i); if (i == 0) { SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); return(-1); } if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (s->s3->rbuf.left == 0) { BIO *bio; s->rwstate=SSL_READING; bio=SSL_get_rbio(s); BIO_clear_retry_flags(bio); BIO_set_retry_read(bio); return(-1); } } goto start; } switch (rr->type) { default: #ifndef OPENSSL_NO_TLS if (s->version == TLS1_VERSION) { rr->length = 0; goto start; } #endif al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); goto f_err; case SSL3_RT_CHANGE_CIPHER_SPEC: case SSL3_RT_ALERT: case SSL3_RT_HANDSHAKE: al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR); goto f_err; case SSL3_RT_APPLICATION_DATA: if (s->s3->in_read_app_data && (s->s3->total_renegotiations != 0) && (( (s->state & SSL_ST_CONNECT) && (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && (s->state <= SSL3_ST_CR_SRVR_HELLO_A) ) || ( (s->state & SSL_ST_ACCEPT) && (s->state <= SSL3_ST_SW_HELLO_REQ_A) && (s->state >= SSL3_ST_SR_CLNT_HELLO_A) ) )) { s->s3->in_read_app_data=2; return(-1); } else { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); goto f_err; } } f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: return(-1); }",visit repo url,ssl/d1_pkt.c,https://github.com/openssl/openssl,155068614582305,1 1473,[],"static void resched_cpu(int cpu) { struct rq *rq = cpu_rq(cpu); unsigned long flags; if (!spin_trylock_irqsave(&rq->lock, flags)) return; resched_task(cpu_curr(cpu)); spin_unlock_irqrestore(&rq->lock, flags); }",linux-2.6,,,131078798660110241422288427297321826710,0 4829,CWE-119,"int sc_file_set_sec_attr(sc_file_t *file, const u8 *sec_attr, size_t sec_attr_len) { u8 *tmp; if (!sc_file_valid(file)) { return SC_ERROR_INVALID_ARGUMENTS; } if (sec_attr == NULL) { if (file->sec_attr != NULL) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return 0; } tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); if (!tmp) { if (file->sec_attr) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; return 0; }",visit repo url,src/libopensc/sc.c,https://github.com/OpenSC/OpenSC,171861329616562,1 1898,['CWE-20'],"static int __init vdso_do_func_patch64(struct lib32_elfinfo *v32, struct lib64_elfinfo *v64, const char *orig, const char *fix) { Elf64_Sym *sym64_gen, *sym64_fix; sym64_gen = find_symbol64(v64, orig); if (sym64_gen == NULL) { printk(KERN_ERR ""vDSO64: Can't find symbol %s !\n"", orig); return -1; } if (fix == NULL) { sym64_gen->st_name = 0; return 0; } sym64_fix = find_symbol64(v64, fix); if (sym64_fix == NULL) { printk(KERN_ERR ""vDSO64: Can't find symbol %s !\n"", fix); return -1; } sym64_gen->st_value = sym64_fix->st_value; sym64_gen->st_size = sym64_fix->st_size; sym64_gen->st_info = sym64_fix->st_info; sym64_gen->st_other = sym64_fix->st_other; sym64_gen->st_shndx = sym64_fix->st_shndx; return 0; }",linux-2.6,,,128069537262042780815004511691023530117,0 6542,CWE-552,"static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) { struct libmnt_ns *ns_old; const char *type = mnt_fs_get_fstype(cxt->fs); const char *optstr; char *user_id = NULL; size_t sz; uid_t uid; char uidstr[sizeof(stringify_value(ULONG_MAX))]; *errsv = 0; if (!type) return 0; if (strcmp(type, ""fuse"") != 0 && strcmp(type, ""fuseblk"") != 0 && strncmp(type, ""fuse."", 5) != 0 && strncmp(type, ""fuseblk."", 8) != 0) return 0; optstr = mnt_fs_get_fs_options(cxt->fs); if (!optstr) return 0; if (mnt_optstr_get_option(optstr, ""user_id"", &user_id, &sz) != 0) return 0; if (sz == 0 || user_id == NULL) return 0; ns_old = mnt_context_switch_origin_ns(cxt); if (!ns_old) { *errsv = -MNT_ERR_NAMESPACE; return 0; } uid = getuid(); if (!mnt_context_switch_ns(cxt, ns_old)) { *errsv = -MNT_ERR_NAMESPACE; return 0; } snprintf(uidstr, sizeof(uidstr), ""%lu"", (unsigned long) uid); return strncmp(user_id, uidstr, sz) == 0; }",visit repo url,libmount/src/context_umount.c,https://github.com/util-linux/util-linux,272039628150113,1 6505,['CWE-20'],"static int emulate_pop(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops, void *dest, int len) { struct decode_cache *c = &ctxt->decode; int rc; rc = ops->read_emulated(register_address(c, ss_base(ctxt), c->regs[VCPU_REGS_RSP]), dest, len, ctxt->vcpu); if (rc != 0) return rc; register_address_increment(c, &c->regs[VCPU_REGS_RSP], len); return rc; }",kvm,,,112062927329072445215779929263035235708,0 2060,['CWE-269'],"static void expire_mount_list(struct list_head *graveyard, struct list_head *mounts) { struct mnt_namespace *ns; struct vfsmount *mnt; while (!list_empty(graveyard)) { LIST_HEAD(umounts); mnt = list_first_entry(graveyard, struct vfsmount, mnt_expire); list_del_init(&mnt->mnt_expire); ns = mnt->mnt_ns; if (!ns || !ns->root) continue; get_mnt_ns(ns); spin_unlock(&vfsmount_lock); down_write(&namespace_sem); expire_mount(mnt, mounts, &umounts); up_write(&namespace_sem); release_mounts(&umounts); mntput(mnt); put_mnt_ns(ns); spin_lock(&vfsmount_lock); } }",linux-2.6,,,299130282394314997915376336599908015756,0 1705,CWE-19,"ext4_xattr_create_cache(char *name) { return mb_cache_create(name, HASH_BUCKET_BITS); }",visit repo url,fs/ext4/xattr.c,https://github.com/torvalds/linux,142155341229779,1 4910,['CWE-20'],"static void nfs_server_list_stop(struct seq_file *p, void *v) { spin_unlock(&nfs_client_lock); }",linux-2.6,,,29062941147641399080685964787179734197,0 26,NVD-CWE-Other,"recvauth_common(krb5_context context, krb5_auth_context * auth_context, krb5_pointer fd, char *appl_version, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket ** ticket, krb5_data *version) { krb5_auth_context new_auth_context; krb5_flags ap_option = 0; krb5_error_code retval, problem; krb5_data inbuf; krb5_data outbuf; krb5_rcache rcache = 0; krb5_octet response; krb5_data null_server; int need_error_free = 0; int local_rcache = 0, local_authcon = 0; problem = 0; response = 0; if (!(flags & KRB5_RECVAUTH_SKIP_VERSION)) { if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); if (strcmp(inbuf.data, sendauth_version)) { problem = KRB5_SENDAUTH_BADAUTHVERS; response = 1; } free(inbuf.data); } if (flags & KRB5_RECVAUTH_BADAUTHVERS) { problem = KRB5_SENDAUTH_BADAUTHVERS; response = 1; } if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); if (appl_version && strcmp(inbuf.data, appl_version)) { if (!problem) { problem = KRB5_SENDAUTH_BADAPPLVERS; response = 2; } } if (version && !problem) *version = inbuf; else free(inbuf.data); if ((krb5_net_write(context, *((int *)fd), (char *)&response, 1)) < 0) { return(problem); } if (problem) return(problem); if ((retval = krb5_read_message(context, fd, &inbuf))) return retval; if (*auth_context == NULL) { problem = krb5_auth_con_init(context, &new_auth_context); *auth_context = new_auth_context; local_authcon = 1; } krb5_auth_con_getrcache(context, *auth_context, &rcache); if ((!problem) && rcache == NULL) { if (server != NULL && server->length > 0) { problem = krb5_get_server_rcache(context, &server->data[0], &rcache); } else { null_server.length = 7; null_server.data = ""default""; problem = krb5_get_server_rcache(context, &null_server, &rcache); } if (!problem) problem = krb5_auth_con_setrcache(context, *auth_context, rcache); local_rcache = 1; } if (!problem) { problem = krb5_rd_req(context, auth_context, &inbuf, server, keytab, &ap_option, ticket); free(inbuf.data); } if (problem) { krb5_error error; const char *message; memset(&error, 0, sizeof(error)); krb5_us_timeofday(context, &error.stime, &error.susec); if(server) error.server = server; else { (void) krb5_parse_name(context, ""????"", &error.server); need_error_free = 1; } error.error = problem - ERROR_TABLE_BASE_krb5; if (error.error > 127) error.error = KRB_ERR_GENERIC; message = error_message(problem); error.text.length = strlen(message) + 1; error.text.data = strdup(message); if (!error.text.data) { retval = ENOMEM; goto cleanup; } if ((retval = krb5_mk_error(context, &error, &outbuf))) { free(error.text.data); goto cleanup; } free(error.text.data); if(need_error_free) krb5_free_principal(context, error.server); } else { outbuf.length = 0; outbuf.data = 0; } retval = krb5_write_message(context, fd, &outbuf); if (outbuf.data) { free(outbuf.data); retval = problem; goto cleanup; } if (retval) goto cleanup; if ((ap_option & AP_OPTS_MUTUAL_REQUIRED)) { if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) { return(retval); } retval = krb5_write_message(context, fd, &outbuf); free(outbuf.data); } cleanup:; if (retval) { if (local_authcon) { krb5_auth_con_free(context, *auth_context); } else if (local_rcache && rcache != NULL) { krb5_rc_close(context, rcache); krb5_auth_con_setrcache(context, *auth_context, NULL); } } return retval; }",visit repo url,src/lib/krb5/krb/recvauth.c,https://github.com/krb5/krb5,105807583259676,1 2760,CWE-119,"void gdImageFillToBorder (gdImagePtr im, int x, int y, int border, int color) { int lastBorder; int leftLimit = -1, rightLimit; int i, restoreAlphaBlending = 0; if (border < 0) { return; } if (!im->trueColor) { if ((color > (im->colorsTotal - 1)) || (border > (im->colorsTotal - 1)) || (color < 0)) { return; } } restoreAlphaBlending = im->alphaBlendingFlag; im->alphaBlendingFlag = 0; if (x >= im->sx) { x = im->sx - 1; } else if (x < 0) { x = 0; } if (y >= im->sy) { y = im->sy - 1; } else if (y < 0) { y = 0; } for (i = x; i >= 0; i--) { if (gdImageGetPixel(im, i, y) == border) { break; } gdImageSetPixel(im, i, y, color); leftLimit = i; } if (leftLimit == -1) { im->alphaBlendingFlag = restoreAlphaBlending; return; } rightLimit = x; for (i = (x + 1); i < im->sx; i++) { if (gdImageGetPixel(im, i, y) == border) { break; } gdImageSetPixel(im, i, y, color); rightLimit = i; } if (y > 0) { lastBorder = 1; for (i = leftLimit; i <= rightLimit; i++) { int c = gdImageGetPixel(im, i, y - 1); if (lastBorder) { if ((c != border) && (c != color)) { gdImageFillToBorder(im, i, y - 1, border, color); lastBorder = 0; } } else if ((c == border) || (c == color)) { lastBorder = 1; } } } if (y < ((im->sy) - 1)) { lastBorder = 1; for (i = leftLimit; i <= rightLimit; i++) { int c = gdImageGetPixel(im, i, y + 1); if (lastBorder) { if ((c != border) && (c != color)) { gdImageFillToBorder(im, i, y + 1, border, color); lastBorder = 0; } } else if ((c == border) || (c == color)) { lastBorder = 1; } } } im->alphaBlendingFlag = restoreAlphaBlending; }",visit repo url,ext/gd/libgd/gd.c,https://github.com/php/php-src,5051356648606,1 2876,['CWE-189'],"jas_iccattrval_t *jas_iccattrval_clone(jas_iccattrval_t *attrval) { ++attrval->refcnt; return attrval; }",jasper,,,222784841533616909257282737941020724288,0 3819,['CWE-120'],"static int uvc_parse_control(struct uvc_device *dev) { struct usb_host_interface *alts = dev->intf->cur_altsetting; unsigned char *buffer = alts->extra; int buflen = alts->extralen; int ret; while (buflen > 2) { if (uvc_parse_vendor_control(dev, buffer, buflen) || buffer[1] != USB_DT_CS_INTERFACE) goto next_descriptor; if ((ret = uvc_parse_standard_control(dev, buffer, buflen)) < 0) return ret; next_descriptor: buflen -= buffer[0]; buffer += buffer[0]; } if (alts->desc.bNumEndpoints == 1) { struct usb_host_endpoint *ep = &alts->endpoint[0]; struct usb_endpoint_descriptor *desc = &ep->desc; if (usb_endpoint_is_int_in(desc) && le16_to_cpu(desc->wMaxPacketSize) >= 8 && desc->bInterval != 0) { uvc_trace(UVC_TRACE_DESCR, ""Found a Status endpoint "" ""(addr %02x).\n"", desc->bEndpointAddress); dev->int_ep = ep; } } return 0; }",linux-2.6,,,106822129163011382295976854877200602666,0 5737,['CWE-200'],"static void irda_discovery_timeout(u_long priv) { struct irda_sock *self; IRDA_DEBUG(2, ""%s()\n"", __func__); self = (struct irda_sock *) priv; BUG_ON(self == NULL); self->cachelog = NULL; self->cachedaddr = 0; self->errno = -ETIME; wake_up_interruptible(&self->query_wait); }",linux-2.6,,,65886599166963844923902312585622081696,0 424,CWE-416,"static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file, struct snd_ctl_elem_value *control) { struct snd_kcontrol *kctl; struct snd_kcontrol_volatile *vd; unsigned int index_offset; int result; down_read(&card->controls_rwsem); kctl = snd_ctl_find_id(card, &control->id); if (kctl == NULL) { result = -ENOENT; } else { index_offset = snd_ctl_get_ioff(kctl, &control->id); vd = &kctl->vd[index_offset]; if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_WRITE) || kctl->put == NULL || (file && vd->owner && vd->owner != file)) { result = -EPERM; } else { snd_ctl_build_ioff(&control->id, kctl, index_offset); result = kctl->put(kctl, control); } if (result > 0) { struct snd_ctl_elem_id id = control->id; snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE, &id); result = 0; } } up_read(&card->controls_rwsem); return result; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,138027503838501,1 157,[],"static int put_compat_statfs64(struct compat_statfs64 __user *ubuf, struct kstatfs *kbuf) { if (sizeof ubuf->f_blocks == 4) { if ((kbuf->f_blocks | kbuf->f_bfree | kbuf->f_bavail) & 0xffffffff00000000ULL) return -EOVERFLOW; if (kbuf->f_files != 0xffffffffffffffffULL && (kbuf->f_files & 0xffffffff00000000ULL)) return -EOVERFLOW; if (kbuf->f_ffree != 0xffffffffffffffffULL && (kbuf->f_ffree & 0xffffffff00000000ULL)) return -EOVERFLOW; } if (!access_ok(VERIFY_WRITE, ubuf, sizeof(*ubuf)) || __put_user(kbuf->f_type, &ubuf->f_type) || __put_user(kbuf->f_bsize, &ubuf->f_bsize) || __put_user(kbuf->f_blocks, &ubuf->f_blocks) || __put_user(kbuf->f_bfree, &ubuf->f_bfree) || __put_user(kbuf->f_bavail, &ubuf->f_bavail) || __put_user(kbuf->f_files, &ubuf->f_files) || __put_user(kbuf->f_ffree, &ubuf->f_ffree) || __put_user(kbuf->f_namelen, &ubuf->f_namelen) || __put_user(kbuf->f_fsid.val[0], &ubuf->f_fsid.val[0]) || __put_user(kbuf->f_fsid.val[1], &ubuf->f_fsid.val[1]) || __put_user(kbuf->f_frsize, &ubuf->f_frsize)) return -EFAULT; return 0; }",linux-2.6,,,257366456339370990983630540708251504024,0 1333,CWE-200,"static long __tun_chr_ioctl(struct file *file, unsigned int cmd, unsigned long arg, int ifreq_len) { struct tun_file *tfile = file->private_data; struct tun_struct *tun; void __user* argp = (void __user*)arg; struct sock_fprog fprog; struct ifreq ifr; int sndbuf; int vnet_hdr_sz; int ret; if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; if (cmd == TUNGETFEATURES) { return put_user(IFF_TUN | IFF_TAP | IFF_NO_PI | IFF_ONE_QUEUE | IFF_VNET_HDR, (unsigned int __user*)argp); } rtnl_lock(); tun = __tun_get(tfile); if (cmd == TUNSETIFF && !tun) { ifr.ifr_name[IFNAMSIZ-1] = '\0'; ret = tun_set_iff(tfile->net, file, &ifr); if (ret) goto unlock; if (copy_to_user(argp, &ifr, ifreq_len)) ret = -EFAULT; goto unlock; } ret = -EBADFD; if (!tun) goto unlock; tun_debug(KERN_INFO, tun, ""tun_chr_ioctl cmd %d\n"", cmd); ret = 0; switch (cmd) { case TUNGETIFF: ret = tun_get_iff(current->nsproxy->net_ns, tun, &ifr); if (ret) break; if (copy_to_user(argp, &ifr, ifreq_len)) ret = -EFAULT; break; case TUNSETNOCSUM: tun_debug(KERN_INFO, tun, ""ignored: set checksum %s\n"", arg ? ""disabled"" : ""enabled""); break; case TUNSETPERSIST: if (arg) tun->flags |= TUN_PERSIST; else tun->flags &= ~TUN_PERSIST; tun_debug(KERN_INFO, tun, ""persist %s\n"", arg ? ""enabled"" : ""disabled""); break; case TUNSETOWNER: tun->owner = (uid_t) arg; tun_debug(KERN_INFO, tun, ""owner set to %d\n"", tun->owner); break; case TUNSETGROUP: tun->group= (gid_t) arg; tun_debug(KERN_INFO, tun, ""group set to %d\n"", tun->group); break; case TUNSETLINK: if (tun->dev->flags & IFF_UP) { tun_debug(KERN_INFO, tun, ""Linktype set failed because interface is up\n""); ret = -EBUSY; } else { tun->dev->type = (int) arg; tun_debug(KERN_INFO, tun, ""linktype set to %d\n"", tun->dev->type); ret = 0; } break; #ifdef TUN_DEBUG case TUNSETDEBUG: tun->debug = arg; break; #endif case TUNSETOFFLOAD: ret = set_offload(tun, arg); break; case TUNSETTXFILTER: ret = -EINVAL; if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV) break; ret = update_filter(&tun->txflt, (void __user *)arg); break; case SIOCGIFHWADDR: memcpy(ifr.ifr_hwaddr.sa_data, tun->dev->dev_addr, ETH_ALEN); ifr.ifr_hwaddr.sa_family = tun->dev->type; if (copy_to_user(argp, &ifr, ifreq_len)) ret = -EFAULT; break; case SIOCSIFHWADDR: tun_debug(KERN_DEBUG, tun, ""set hw address: %pM\n"", ifr.ifr_hwaddr.sa_data); ret = dev_set_mac_address(tun->dev, &ifr.ifr_hwaddr); break; case TUNGETSNDBUF: sndbuf = tun->socket.sk->sk_sndbuf; if (copy_to_user(argp, &sndbuf, sizeof(sndbuf))) ret = -EFAULT; break; case TUNSETSNDBUF: if (copy_from_user(&sndbuf, argp, sizeof(sndbuf))) { ret = -EFAULT; break; } tun->socket.sk->sk_sndbuf = sndbuf; break; case TUNGETVNETHDRSZ: vnet_hdr_sz = tun->vnet_hdr_sz; if (copy_to_user(argp, &vnet_hdr_sz, sizeof(vnet_hdr_sz))) ret = -EFAULT; break; case TUNSETVNETHDRSZ: if (copy_from_user(&vnet_hdr_sz, argp, sizeof(vnet_hdr_sz))) { ret = -EFAULT; break; } if (vnet_hdr_sz < (int)sizeof(struct virtio_net_hdr)) { ret = -EINVAL; break; } tun->vnet_hdr_sz = vnet_hdr_sz; break; case TUNATTACHFILTER: ret = -EINVAL; if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV) break; ret = -EFAULT; if (copy_from_user(&fprog, argp, sizeof(fprog))) break; ret = sk_attach_filter(&fprog, tun->socket.sk); break; case TUNDETACHFILTER: ret = -EINVAL; if ((tun->flags & TUN_TYPE_MASK) != TUN_TAP_DEV) break; ret = sk_detach_filter(tun->socket.sk); break; default: ret = -EINVAL; break; } unlock: rtnl_unlock(); if (tun) tun_put(tun); return ret; }",visit repo url,drivers/net/tun.c,https://github.com/torvalds/linux,137441249803205,1 4946,['CWE-20'],"static inline unsigned int dt_type(struct inode *inode) { return (inode->i_mode >> 12) & 15; }",linux-2.6,,,87518939013101197179725433420876911539,0 3112,['CWE-189'],"static int clrspctojp2(jas_clrspc_t clrspc) { switch (clrspc) { case JAS_CLRSPC_SRGB: return JP2_COLR_SRGB; case JAS_CLRSPC_SYCBCR: return JP2_COLR_SYCC; case JAS_CLRSPC_SGRAY: return JP2_COLR_SGRAY; default: abort(); break; } }",jasper,,,69311266095501638209645454402715850974,0 1266,NVD-CWE-Other,"static inline __u32 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr, __be16 sport, __be16 dport ) { return secure_tcpv6_sequence_number(saddr, daddr, sport, dport); }",visit repo url,net/dccp/ipv6.c,https://github.com/torvalds/linux,234337718156233,1 4762,['CWE-20'],"static inline struct inode *orphan_list_entry(struct list_head *l) { return &list_entry(l, struct ext4_inode_info, i_orphan)->vfs_inode; }",linux-2.6,,,30821512179795045260178123108480351670,0 4633,CWE-476,"GF_Err gf_isom_box_parse_ex(GF_Box **outBox, GF_BitStream *bs, u32 parent_type, Bool is_root_box) { u32 type, uuid_type, hdr_size, restore_type; u64 size, start, comp_start, payload_start, end; char uuid[16]; GF_Err e; GF_BitStream *uncomp_bs = NULL; u8 *uncomp_data = NULL; u32 compressed_size=0; GF_Box *newBox; Bool skip_logs = (gf_bs_get_cookie(bs) & GF_ISOM_BS_COOKIE_NO_LOGS ) ? GF_TRUE : GF_FALSE; Bool is_special = GF_TRUE; if ((bs == NULL) || (outBox == NULL) ) return GF_BAD_PARAM; *outBox = NULL; if (gf_bs_available(bs) < 8) { return GF_ISOM_INCOMPLETE_FILE; } comp_start = start = gf_bs_get_position(bs); uuid_type = 0; size = (u64) gf_bs_read_u32(bs); hdr_size = 4; if ((size >= 2) && (size <= 4)) { size = 4; type = GF_ISOM_BOX_TYPE_VOID; } else { type = gf_bs_read_u32(bs); hdr_size += 4; if (type == GF_ISOM_BOX_TYPE_TOTL) size = 12; if (!size) { if (is_root_box) { if (!skip_logs) { GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Warning Read Box type %s (0x%08X) size 0 reading till the end of file\n"", gf_4cc_to_str(type), type)); } size = gf_bs_available(bs) + 8; } else { if (!skip_logs) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Read Box type %s (0x%08X) at position ""LLU"" has size 0 but is not at root/file level, skipping\n"", gf_4cc_to_str(type), type, start)); } return GF_OK; } } if (is_root_box && (size>=8)) { Bool do_uncompress = GF_FALSE; u8 *compb = NULL; u32 osize = 0; u32 otype = type; if (type==GF_4CC('!', 'm', 'o', 'f')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_MOOF; } else if (type==GF_4CC('!', 'm', 'o', 'v')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_MOOV; } else if (type==GF_4CC('!', 's', 'i', 'x')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_SIDX; } else if (type==GF_4CC('!', 's', 's', 'x')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_SSIX; } if (do_uncompress) { compb = gf_malloc((u32) (size-8)); compressed_size = (u32) (size - 8); gf_bs_read_data(bs, compb, compressed_size); e = gf_gz_decompress_payload(compb, compressed_size, &uncomp_data, &osize); if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Failed to uncompress payload for box type %s (0x%08X)\n"", gf_4cc_to_str(otype), otype)); return e; } size = osize + 8; uncomp_bs = gf_bs_new(uncomp_data, osize, GF_BITSTREAM_READ); bs = uncomp_bs; start = 0; gf_free(compb); } } } memset(uuid, 0, 16); if (type == GF_ISOM_BOX_TYPE_UUID ) { if (gf_bs_available(bs) < 16) { return GF_ISOM_INCOMPLETE_FILE; } gf_bs_read_data(bs, uuid, 16); hdr_size += 16; uuid_type = gf_isom_solve_uuid_box(uuid); } if (size == 1) { if (gf_bs_available(bs) < 8) { return GF_ISOM_INCOMPLETE_FILE; } size = gf_bs_read_u64(bs); hdr_size += 8; } if (!skip_logs) GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Read Box type %s size ""LLD"" start ""LLD""\n"", gf_4cc_to_str(type), size, start)); if ( size < hdr_size ) { GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Box size ""LLD"" less than box header size %d\n"", size, hdr_size)); return GF_ISOM_INVALID_FILE; } restore_type = 0; if ((parent_type==GF_ISOM_BOX_TYPE_STSD) && (type==GF_QT_SUBTYPE_RAW) ) { u64 cookie = gf_bs_get_cookie(bs); restore_type = type; if (cookie & GF_ISOM_BS_COOKIE_VISUAL_TRACK) type = GF_QT_SUBTYPE_RAW_VID; else type = GF_QT_SUBTYPE_RAW_AUD; } if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_TREF)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_REFT); if (!newBox) return GF_OUT_OF_MEM; ((GF_TrackReferenceTypeBox*)newBox)->reference_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_IREF)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_REFI); if (!newBox) return GF_OUT_OF_MEM; ((GF_ItemReferenceTypeBox*)newBox)->reference_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_TRGR)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_TRGT); if (!newBox) return GF_OUT_OF_MEM; ((GF_TrackGroupTypeBox*)newBox)->group_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_GRPL)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_GRPT); if (!newBox) return GF_OUT_OF_MEM; ((GF_EntityToGroupTypeBox*)newBox)->grouping_type = type; } else { is_special = GF_FALSE; newBox = gf_isom_box_new_ex(uuid_type ? uuid_type : type, parent_type, skip_logs, is_root_box); if (!newBox) return GF_OUT_OF_MEM; } if (type==GF_ISOM_BOX_TYPE_UUID && !is_special) { memcpy(((GF_UUIDBox *)newBox)->uuid, uuid, 16); ((GF_UUIDBox *)newBox)->internal_4cc = uuid_type; } if (!newBox->type) newBox->type = type; if (restore_type) newBox->type = restore_type; payload_start = gf_bs_get_position(bs); retry_unknown_box: end = gf_bs_available(bs); if (size - hdr_size > end ) { newBox->size = size - hdr_size - end; *outBox = newBox; return GF_ISOM_INCOMPLETE_FILE; } newBox->size = size - hdr_size; e = gf_isom_full_box_read(newBox, bs); if (!e) e = gf_isom_box_read(newBox, bs); if (e) { if (gf_opts_get_bool(""core"", ""no-check"")) e = GF_OK; } newBox->size = size; end = gf_bs_get_position(bs); if (uncomp_bs) { gf_free(uncomp_data); gf_bs_del(uncomp_bs); if (e) { gf_isom_box_del(newBox); *outBox = NULL; return e; } size -= 8; if (type==GF_ISOM_BOX_TYPE_MOOF) { ((GF_MovieFragmentBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; } else if (type==GF_ISOM_BOX_TYPE_MOOV) { ((GF_MovieBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; ((GF_MovieBox *)newBox)->file_offset = comp_start; } else if (type==GF_ISOM_BOX_TYPE_SIDX) { ((GF_SegmentIndexBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; } else if (type==GF_ISOM_BOX_TYPE_SSIX) { ((GF_SubsegmentIndexBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; } newBox->internal_flags = GF_ISOM_BOX_COMPRESSED; } if (e && (e != GF_ISOM_INCOMPLETE_FILE)) { gf_isom_box_del(newBox); *outBox = NULL; if (parent_type==GF_ISOM_BOX_TYPE_STSD) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_UNKNOWN); if (!newBox) return GF_OUT_OF_MEM; ((GF_UnknownBox *)newBox)->original_4cc = type; newBox->size = size; gf_bs_seek(bs, payload_start); goto retry_unknown_box; } if (!skip_logs) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Read Box \""%s\"" (start ""LLU"") failed (%s) - skipping\n"", gf_4cc_to_str(type), start, gf_error_to_string(e))); } return e; } if (end-start > size) { if (!skip_logs) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Box \""%s\"" size ""LLU"" (start ""LLU"") invalid (read ""LLU"")\n"", gf_4cc_to_str(type), size, start, (end-start) )); } gf_bs_seek(bs, start+size); } else if (end-start < size) { u32 to_skip = (u32) (size-(end-start)); if (!skip_logs) { if ((to_skip!=4) || gf_bs_peek_bits(bs, 32, 0)) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Box \""%s\"" (start ""LLU"") has %u extra bytes\n"", gf_4cc_to_str(type), start, to_skip)); } } gf_bs_skip_bytes(bs, to_skip); } *outBox = newBox; return e; }",visit repo url,src/isomedia/box_funcs.c,https://github.com/gpac/gpac,31169993236025,1 4767,CWE-415,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 5653,['CWE-476'],"void udp_err(struct sk_buff *skb, u32 info) { struct inet_sock *inet; struct iphdr *iph = (struct iphdr*)skb->data; struct udphdr *uh = (struct udphdr*)(skb->data+(iph->ihl<<2)); int type = skb->h.icmph->type; int code = skb->h.icmph->code; struct sock *sk; int harderr; int err; sk = udp_v4_lookup(iph->daddr, uh->dest, iph->saddr, uh->source, skb->dev->ifindex); if (sk == NULL) { ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); return; } err = 0; harderr = 0; inet = inet_sk(sk); switch (type) { default: case ICMP_TIME_EXCEEDED: err = EHOSTUNREACH; break; case ICMP_SOURCE_QUENCH: goto out; case ICMP_PARAMETERPROB: err = EPROTO; harderr = 1; break; case ICMP_DEST_UNREACH: if (code == ICMP_FRAG_NEEDED) { if (inet->pmtudisc != IP_PMTUDISC_DONT) { err = EMSGSIZE; harderr = 1; break; } goto out; } err = EHOSTUNREACH; if (code <= NR_ICMP_UNREACH) { harderr = icmp_err_convert[code].fatal; err = icmp_err_convert[code].errno; } break; } if (!inet->recverr) { if (!harderr || sk->sk_state != TCP_ESTABLISHED) goto out; } else { ip_icmp_error(sk, skb, err, uh->dest, info, (u8*)(uh+1)); } sk->sk_err = err; sk->sk_error_report(sk); out: sock_put(sk); }",linux-2.6,,,43180316365342758422036522476569965956,0 5862,CWE-787,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_sli( const void *buf, pj_size_t length, unsigned *sli_cnt, pjmedia_rtcp_fb_sli sli[]) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; pj_uint8_t *p; unsigned cnt, i; PJ_ASSERT_RETURN(buf && sli_cnt && sli, PJ_EINVAL); PJ_ASSERT_RETURN(length >= sizeof(pjmedia_rtcp_common), PJ_ETOOSMALL); if (hdr->pt != RTCP_PSFB || hdr->count != 2) return PJ_ENOTFOUND; cnt = pj_ntohs((pj_uint16_t)hdr->length) - 2; if (length < (cnt+3)*4) return PJ_ETOOSMALL; *sli_cnt = PJ_MIN(*sli_cnt, cnt); p = (pj_uint8_t*)hdr + sizeof(*hdr); for (i = 0; i < *sli_cnt; ++i) { sli[i].first = (p[0] << 5) + ((p[1] & 0xF8) >> 3); sli[i].number = ((p[1] & 0x07) << 10) + (p[2] << 2) + ((p[3] & 0xC0) >> 6); sli[i].pict_id = (p[3] & 0x3F); p += 4; } return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,275308183902844,1 3405,['CWE-264'],"asmlinkage long sys_chmod(const char __user *filename, mode_t mode) { return sys_fchmodat(AT_FDCWD, filename, mode); }",linux-2.6,,,57022981960984662589113166855610129111,0 6227,['CWE-200'],"static void ipmr_update_threshoulds(struct mfc_cache *cache, unsigned char *ttls) { int vifi; cache->mfc_un.res.minvif = MAXVIFS; cache->mfc_un.res.maxvif = 0; memset(cache->mfc_un.res.ttls, 255, MAXVIFS); for (vifi=0; vifimfc_un.res.ttls[vifi] = ttls[vifi]; if (cache->mfc_un.res.minvif > vifi) cache->mfc_un.res.minvif = vifi; if (cache->mfc_un.res.maxvif <= vifi) cache->mfc_un.res.maxvif = vifi + 1; } } }",linux-2.6,,,288163295081956851975962069182630861666,0 5486,CWE-754,"void sqlite3Pragma( Parse *pParse, Token *pId1, Token *pId2, Token *pValue, int minusFlag ){ char *zLeft = 0; char *zRight = 0; const char *zDb = 0; Token *pId; char *aFcntl[4]; int iDb; int rc; sqlite3 *db = pParse->db; Db *pDb; Vdbe *v = sqlite3GetVdbe(pParse); const PragmaName *pPragma; if( v==0 ) return; sqlite3VdbeRunOnlyOnce(v); pParse->nMem = 2; iDb = sqlite3TwoPartName(pParse, pId1, pId2, &pId); if( iDb<0 ) return; pDb = &db->aDb[iDb]; if( iDb==1 && sqlite3OpenTempDatabase(pParse) ){ return; } zLeft = sqlite3NameFromToken(db, pId); if( !zLeft ) return; if( minusFlag ){ zRight = sqlite3MPrintf(db, ""-%T"", pValue); }else{ zRight = sqlite3NameFromToken(db, pValue); } assert( pId2 ); zDb = pId2->n>0 ? pDb->zDbSName : 0; if( sqlite3AuthCheck(pParse, SQLITE_PRAGMA, zLeft, zRight, zDb) ){ goto pragma_out; } aFcntl[0] = 0; aFcntl[1] = zLeft; aFcntl[2] = zRight; aFcntl[3] = 0; db->busyHandler.nBusy = 0; rc = sqlite3_file_control(db, zDb, SQLITE_FCNTL_PRAGMA, (void*)aFcntl); if( rc==SQLITE_OK ){ sqlite3VdbeSetNumCols(v, 1); sqlite3VdbeSetColName(v, 0, COLNAME_NAME, aFcntl[0], SQLITE_TRANSIENT); returnSingleText(v, aFcntl[0]); sqlite3_free(aFcntl[0]); goto pragma_out; } if( rc!=SQLITE_NOTFOUND ){ if( aFcntl[0] ){ sqlite3ErrorMsg(pParse, ""%s"", aFcntl[0]); sqlite3_free(aFcntl[0]); } pParse->nErr++; pParse->rc = rc; goto pragma_out; } pPragma = pragmaLocate(zLeft); if( pPragma==0 ) goto pragma_out; if( (pPragma->mPragFlg & PragFlg_NeedSchema)!=0 ){ if( sqlite3ReadSchema(pParse) ) goto pragma_out; } if( (pPragma->mPragFlg & PragFlg_NoColumns)==0 && ((pPragma->mPragFlg & PragFlg_NoColumns1)==0 || zRight==0) ){ setPragmaResultColumnNames(v, pPragma); } switch( pPragma->ePragTyp ){ #if !defined(SQLITE_OMIT_PAGER_PRAGMAS) && !defined(SQLITE_OMIT_DEPRECATED) case PragTyp_DEFAULT_CACHE_SIZE: { static const int iLn = VDBE_OFFSET_LINENO(2); static const VdbeOpList getCacheSize[] = { { OP_Transaction, 0, 0, 0}, { OP_ReadCookie, 0, 1, BTREE_DEFAULT_CACHE_SIZE}, { OP_IfPos, 1, 8, 0}, { OP_Integer, 0, 2, 0}, { OP_Subtract, 1, 2, 1}, { OP_IfPos, 1, 8, 0}, { OP_Integer, 0, 1, 0}, { OP_Noop, 0, 0, 0}, { OP_ResultRow, 1, 1, 0}, }; VdbeOp *aOp; sqlite3VdbeUsesBtree(v, iDb); if( !zRight ){ pParse->nMem += 2; sqlite3VdbeVerifyNoMallocRequired(v, ArraySize(getCacheSize)); aOp = sqlite3VdbeAddOpList(v, ArraySize(getCacheSize), getCacheSize, iLn); if( ONLY_IF_REALLOC_STRESS(aOp==0) ) break; aOp[0].p1 = iDb; aOp[1].p1 = iDb; aOp[6].p1 = SQLITE_DEFAULT_CACHE_SIZE; }else{ int size = sqlite3AbsInt32(sqlite3Atoi(zRight)); sqlite3BeginWriteOperation(pParse, 0, iDb); sqlite3VdbeAddOp3(v, OP_SetCookie, iDb, BTREE_DEFAULT_CACHE_SIZE, size); assert( sqlite3SchemaMutexHeld(db, iDb, 0) ); pDb->pSchema->cache_size = size; sqlite3BtreeSetCacheSize(pDb->pBt, pDb->pSchema->cache_size); } break; } #endif #if !defined(SQLITE_OMIT_PAGER_PRAGMAS) case PragTyp_PAGE_SIZE: { Btree *pBt = pDb->pBt; assert( pBt!=0 ); if( !zRight ){ int size = ALWAYS(pBt) ? sqlite3BtreeGetPageSize(pBt) : 0; returnSingleInt(v, size); }else{ db->nextPagesize = sqlite3Atoi(zRight); if( SQLITE_NOMEM==sqlite3BtreeSetPageSize(pBt, db->nextPagesize,-1,0) ){ sqlite3OomFault(db); } } break; } case PragTyp_SECURE_DELETE: { Btree *pBt = pDb->pBt; int b = -1; assert( pBt!=0 ); if( zRight ){ if( sqlite3_stricmp(zRight, ""fast"")==0 ){ b = 2; }else{ b = sqlite3GetBoolean(zRight, 0); } } if( pId2->n==0 && b>=0 ){ int ii; for(ii=0; iinDb; ii++){ sqlite3BtreeSecureDelete(db->aDb[ii].pBt, b); } } b = sqlite3BtreeSecureDelete(pBt, b); returnSingleInt(v, b); break; } case PragTyp_PAGE_COUNT: { int iReg; sqlite3CodeVerifySchema(pParse, iDb); iReg = ++pParse->nMem; if( sqlite3Tolower(zLeft[0])=='p' ){ sqlite3VdbeAddOp2(v, OP_Pagecount, iDb, iReg); }else{ sqlite3VdbeAddOp3(v, OP_MaxPgcnt, iDb, iReg, sqlite3AbsInt32(sqlite3Atoi(zRight))); } sqlite3VdbeAddOp2(v, OP_ResultRow, iReg, 1); break; } case PragTyp_LOCKING_MODE: { const char *zRet = ""normal""; int eMode = getLockingMode(zRight); if( pId2->n==0 && eMode==PAGER_LOCKINGMODE_QUERY ){ eMode = db->dfltLockMode; }else{ Pager *pPager; if( pId2->n==0 ){ int ii; assert(pDb==&db->aDb[0]); for(ii=2; iinDb; ii++){ pPager = sqlite3BtreePager(db->aDb[ii].pBt); sqlite3PagerLockingMode(pPager, eMode); } db->dfltLockMode = (u8)eMode; } pPager = sqlite3BtreePager(pDb->pBt); eMode = sqlite3PagerLockingMode(pPager, eMode); } assert( eMode==PAGER_LOCKINGMODE_NORMAL || eMode==PAGER_LOCKINGMODE_EXCLUSIVE ); if( eMode==PAGER_LOCKINGMODE_EXCLUSIVE ){ zRet = ""exclusive""; } returnSingleText(v, zRet); break; } case PragTyp_JOURNAL_MODE: { int eMode; int ii; if( zRight==0 ){ eMode = PAGER_JOURNALMODE_QUERY; }else{ const char *zMode; int n = sqlite3Strlen30(zRight); for(eMode=0; (zMode = sqlite3JournalModename(eMode))!=0; eMode++){ if( sqlite3StrNICmp(zRight, zMode, n)==0 ) break; } if( !zMode ){ eMode = PAGER_JOURNALMODE_QUERY; } if( eMode==PAGER_JOURNALMODE_OFF && (db->flags & SQLITE_Defensive)!=0 ){ eMode = PAGER_JOURNALMODE_QUERY; } } if( eMode==PAGER_JOURNALMODE_QUERY && pId2->n==0 ){ iDb = 0; pId2->n = 1; } for(ii=db->nDb-1; ii>=0; ii--){ if( db->aDb[ii].pBt && (ii==iDb || pId2->n==0) ){ sqlite3VdbeUsesBtree(v, ii); sqlite3VdbeAddOp3(v, OP_JournalMode, ii, 1, eMode); } } sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1); break; } case PragTyp_JOURNAL_SIZE_LIMIT: { Pager *pPager = sqlite3BtreePager(pDb->pBt); i64 iLimit = -2; if( zRight ){ sqlite3DecOrHexToI64(zRight, &iLimit); if( iLimit<-1 ) iLimit = -1; } iLimit = sqlite3PagerJournalSizeLimit(pPager, iLimit); returnSingleInt(v, iLimit); break; } #endif #ifndef SQLITE_OMIT_AUTOVACUUM case PragTyp_AUTO_VACUUM: { Btree *pBt = pDb->pBt; assert( pBt!=0 ); if( !zRight ){ returnSingleInt(v, sqlite3BtreeGetAutoVacuum(pBt)); }else{ int eAuto = getAutoVacuum(zRight); assert( eAuto>=0 && eAuto<=2 ); db->nextAutovac = (u8)eAuto; rc = sqlite3BtreeSetAutoVacuum(pBt, eAuto); if( rc==SQLITE_OK && (eAuto==1 || eAuto==2) ){ static const int iLn = VDBE_OFFSET_LINENO(2); static const VdbeOpList setMeta6[] = { { OP_Transaction, 0, 1, 0}, { OP_ReadCookie, 0, 1, BTREE_LARGEST_ROOT_PAGE}, { OP_If, 1, 0, 0}, { OP_Halt, SQLITE_OK, OE_Abort, 0}, { OP_SetCookie, 0, BTREE_INCR_VACUUM, 0}, }; VdbeOp *aOp; int iAddr = sqlite3VdbeCurrentAddr(v); sqlite3VdbeVerifyNoMallocRequired(v, ArraySize(setMeta6)); aOp = sqlite3VdbeAddOpList(v, ArraySize(setMeta6), setMeta6, iLn); if( ONLY_IF_REALLOC_STRESS(aOp==0) ) break; aOp[0].p1 = iDb; aOp[1].p1 = iDb; aOp[2].p2 = iAddr+4; aOp[4].p1 = iDb; aOp[4].p3 = eAuto - 1; sqlite3VdbeUsesBtree(v, iDb); } } break; } #endif #ifndef SQLITE_OMIT_AUTOVACUUM case PragTyp_INCREMENTAL_VACUUM: { int iLimit, addr; if( zRight==0 || !sqlite3GetInt32(zRight, &iLimit) || iLimit<=0 ){ iLimit = 0x7fffffff; } sqlite3BeginWriteOperation(pParse, 0, iDb); sqlite3VdbeAddOp2(v, OP_Integer, iLimit, 1); addr = sqlite3VdbeAddOp1(v, OP_IncrVacuum, iDb); VdbeCoverage(v); sqlite3VdbeAddOp1(v, OP_ResultRow, 1); sqlite3VdbeAddOp2(v, OP_AddImm, 1, -1); sqlite3VdbeAddOp2(v, OP_IfPos, 1, addr); VdbeCoverage(v); sqlite3VdbeJumpHere(v, addr); break; } #endif #ifndef SQLITE_OMIT_PAGER_PRAGMAS case PragTyp_CACHE_SIZE: { assert( sqlite3SchemaMutexHeld(db, iDb, 0) ); if( !zRight ){ returnSingleInt(v, pDb->pSchema->cache_size); }else{ int size = sqlite3Atoi(zRight); pDb->pSchema->cache_size = size; sqlite3BtreeSetCacheSize(pDb->pBt, pDb->pSchema->cache_size); } break; } case PragTyp_CACHE_SPILL: { assert( sqlite3SchemaMutexHeld(db, iDb, 0) ); if( !zRight ){ returnSingleInt(v, (db->flags & SQLITE_CacheSpill)==0 ? 0 : sqlite3BtreeSetSpillSize(pDb->pBt,0)); }else{ int size = 1; if( sqlite3GetInt32(zRight, &size) ){ sqlite3BtreeSetSpillSize(pDb->pBt, size); } if( sqlite3GetBoolean(zRight, size!=0) ){ db->flags |= SQLITE_CacheSpill; }else{ db->flags &= ~(u64)SQLITE_CacheSpill; } setAllPagerFlags(db); } break; } case PragTyp_MMAP_SIZE: { sqlite3_int64 sz; #if SQLITE_MAX_MMAP_SIZE>0 assert( sqlite3SchemaMutexHeld(db, iDb, 0) ); if( zRight ){ int ii; sqlite3DecOrHexToI64(zRight, &sz); if( sz<0 ) sz = sqlite3GlobalConfig.szMmap; if( pId2->n==0 ) db->szMmap = sz; for(ii=db->nDb-1; ii>=0; ii--){ if( db->aDb[ii].pBt && (ii==iDb || pId2->n==0) ){ sqlite3BtreeSetMmapLimit(db->aDb[ii].pBt, sz); } } } sz = -1; rc = sqlite3_file_control(db, zDb, SQLITE_FCNTL_MMAP_SIZE, &sz); #else sz = 0; rc = SQLITE_OK; #endif if( rc==SQLITE_OK ){ returnSingleInt(v, sz); }else if( rc!=SQLITE_NOTFOUND ){ pParse->nErr++; pParse->rc = rc; } break; } case PragTyp_TEMP_STORE: { if( !zRight ){ returnSingleInt(v, db->temp_store); }else{ changeTempStorage(pParse, zRight); } break; } case PragTyp_TEMP_STORE_DIRECTORY: { if( !zRight ){ returnSingleText(v, sqlite3_temp_directory); }else{ #ifndef SQLITE_OMIT_WSD if( zRight[0] ){ int res; rc = sqlite3OsAccess(db->pVfs, zRight, SQLITE_ACCESS_READWRITE, &res); if( rc!=SQLITE_OK || res==0 ){ sqlite3ErrorMsg(pParse, ""not a writable directory""); goto pragma_out; } } if( SQLITE_TEMP_STORE==0 || (SQLITE_TEMP_STORE==1 && db->temp_store<=1) || (SQLITE_TEMP_STORE==2 && db->temp_store==1) ){ invalidateTempStorage(pParse); } sqlite3_free(sqlite3_temp_directory); if( zRight[0] ){ sqlite3_temp_directory = sqlite3_mprintf(""%s"", zRight); }else{ sqlite3_temp_directory = 0; } #endif } break; } #if SQLITE_OS_WIN case PragTyp_DATA_STORE_DIRECTORY: { if( !zRight ){ returnSingleText(v, sqlite3_data_directory); }else{ #ifndef SQLITE_OMIT_WSD if( zRight[0] ){ int res; rc = sqlite3OsAccess(db->pVfs, zRight, SQLITE_ACCESS_READWRITE, &res); if( rc!=SQLITE_OK || res==0 ){ sqlite3ErrorMsg(pParse, ""not a writable directory""); goto pragma_out; } } sqlite3_free(sqlite3_data_directory); if( zRight[0] ){ sqlite3_data_directory = sqlite3_mprintf(""%s"", zRight); }else{ sqlite3_data_directory = 0; } #endif } break; } #endif #if SQLITE_ENABLE_LOCKING_STYLE case PragTyp_LOCK_PROXY_FILE: { if( !zRight ){ Pager *pPager = sqlite3BtreePager(pDb->pBt); char *proxy_file_path = NULL; sqlite3_file *pFile = sqlite3PagerFile(pPager); sqlite3OsFileControlHint(pFile, SQLITE_GET_LOCKPROXYFILE, &proxy_file_path); returnSingleText(v, proxy_file_path); }else{ Pager *pPager = sqlite3BtreePager(pDb->pBt); sqlite3_file *pFile = sqlite3PagerFile(pPager); int res; if( zRight[0] ){ res=sqlite3OsFileControl(pFile, SQLITE_SET_LOCKPROXYFILE, zRight); } else { res=sqlite3OsFileControl(pFile, SQLITE_SET_LOCKPROXYFILE, NULL); } if( res!=SQLITE_OK ){ sqlite3ErrorMsg(pParse, ""failed to set lock proxy file""); goto pragma_out; } } break; } #endif case PragTyp_SYNCHRONOUS: { if( !zRight ){ returnSingleInt(v, pDb->safety_level-1); }else{ if( !db->autoCommit ){ sqlite3ErrorMsg(pParse, ""Safety level may not be changed inside a transaction""); }else if( iDb!=1 ){ int iLevel = (getSafetyLevel(zRight,0,1)+1) & PAGER_SYNCHRONOUS_MASK; if( iLevel==0 ) iLevel = 1; pDb->safety_level = iLevel; pDb->bSyncSet = 1; setAllPagerFlags(db); } } break; } #endif #ifndef SQLITE_OMIT_FLAG_PRAGMAS case PragTyp_FLAG: { if( zRight==0 ){ setPragmaResultColumnNames(v, pPragma); returnSingleInt(v, (db->flags & pPragma->iArg)!=0 ); }else{ u64 mask = pPragma->iArg; if( db->autoCommit==0 ){ mask &= ~(SQLITE_ForeignKeys); } #if SQLITE_USER_AUTHENTICATION if( db->auth.authLevel==UAUTH_User ){ mask &= ~(SQLITE_WriteSchema); } #endif if( sqlite3GetBoolean(zRight, 0) ){ db->flags |= mask; }else{ db->flags &= ~mask; if( mask==SQLITE_DeferFKs ) db->nDeferredImmCons = 0; } sqlite3VdbeAddOp0(v, OP_Expire); setAllPagerFlags(db); } break; } #endif #ifndef SQLITE_OMIT_SCHEMA_PRAGMAS case PragTyp_TABLE_INFO: if( zRight ){ Table *pTab; pTab = sqlite3LocateTable(pParse, LOCATE_NOERR, zRight, zDb); if( pTab ){ int iTabDb = sqlite3SchemaToIndex(db, pTab->pSchema); int i, k; int nHidden = 0; Column *pCol; Index *pPk = sqlite3PrimaryKeyIndex(pTab); pParse->nMem = 7; sqlite3CodeVerifySchema(pParse, iTabDb); sqlite3ViewGetColumnNames(pParse, pTab); for(i=0, pCol=pTab->aCol; inCol; i++, pCol++){ int isHidden = 0; if( pCol->colFlags & COLFLAG_NOINSERT ){ if( pPragma->iArg==0 ){ nHidden++; continue; } if( pCol->colFlags & COLFLAG_VIRTUAL ){ isHidden = 2; }else if( pCol->colFlags & COLFLAG_STORED ){ isHidden = 3; }else{ assert( pCol->colFlags & COLFLAG_HIDDEN ); isHidden = 1; } } if( (pCol->colFlags & COLFLAG_PRIMKEY)==0 ){ k = 0; }else if( pPk==0 ){ k = 1; }else{ for(k=1; k<=pTab->nCol && pPk->aiColumn[k-1]!=i; k++){} } assert( pCol->pDflt==0 || pCol->pDflt->op==TK_SPAN || isHidden>=2 ); sqlite3VdbeMultiLoad(v, 1, pPragma->iArg ? ""issisii"" : ""issisi"", i-nHidden, pCol->zName, sqlite3ColumnType(pCol,""""), pCol->notNull ? 1 : 0, pCol->pDflt && isHidden<2 ? pCol->pDflt->u.zToken : 0, k, isHidden); } } } break; #ifdef SQLITE_DEBUG case PragTyp_STATS: { Index *pIdx; HashElem *i; pParse->nMem = 5; sqlite3CodeVerifySchema(pParse, iDb); for(i=sqliteHashFirst(&pDb->pSchema->tblHash); i; i=sqliteHashNext(i)){ Table *pTab = sqliteHashData(i); sqlite3VdbeMultiLoad(v, 1, ""ssiii"", pTab->zName, 0, pTab->szTabRow, pTab->nRowLogEst, pTab->tabFlags); for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){ sqlite3VdbeMultiLoad(v, 2, ""siiiX"", pIdx->zName, pIdx->szIdxRow, pIdx->aiRowLogEst[0], pIdx->hasStat1); sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 5); } } } break; #endif case PragTyp_INDEX_INFO: if( zRight ){ Index *pIdx; Table *pTab; pIdx = sqlite3FindIndex(db, zRight, zDb); if( pIdx==0 ){ pTab = sqlite3LocateTable(pParse, LOCATE_NOERR, zRight, zDb); if( pTab && !HasRowid(pTab) ){ pIdx = sqlite3PrimaryKeyIndex(pTab); } } if( pIdx ){ int iIdxDb = sqlite3SchemaToIndex(db, pIdx->pSchema); int i; int mx; if( pPragma->iArg ){ mx = pIdx->nColumn; pParse->nMem = 6; }else{ mx = pIdx->nKeyCol; pParse->nMem = 3; } pTab = pIdx->pTable; sqlite3CodeVerifySchema(pParse, iIdxDb); assert( pParse->nMem<=pPragma->nPragCName ); for(i=0; iaiColumn[i]; sqlite3VdbeMultiLoad(v, 1, ""iisX"", i, cnum, cnum<0 ? 0 : pTab->aCol[cnum].zName); if( pPragma->iArg ){ sqlite3VdbeMultiLoad(v, 4, ""isiX"", pIdx->aSortOrder[i], pIdx->azColl[i], inKeyCol); } sqlite3VdbeAddOp2(v, OP_ResultRow, 1, pParse->nMem); } } } break; case PragTyp_INDEX_LIST: if( zRight ){ Index *pIdx; Table *pTab; int i; pTab = sqlite3FindTable(db, zRight, zDb); if( pTab ){ int iTabDb = sqlite3SchemaToIndex(db, pTab->pSchema); pParse->nMem = 5; sqlite3CodeVerifySchema(pParse, iTabDb); for(pIdx=pTab->pIndex, i=0; pIdx; pIdx=pIdx->pNext, i++){ const char *azOrigin[] = { ""c"", ""u"", ""pk"" }; sqlite3VdbeMultiLoad(v, 1, ""isisi"", i, pIdx->zName, IsUniqueIndex(pIdx), azOrigin[pIdx->idxType], pIdx->pPartIdxWhere!=0); } } } break; case PragTyp_DATABASE_LIST: { int i; pParse->nMem = 3; for(i=0; inDb; i++){ if( db->aDb[i].pBt==0 ) continue; assert( db->aDb[i].zDbSName!=0 ); sqlite3VdbeMultiLoad(v, 1, ""iss"", i, db->aDb[i].zDbSName, sqlite3BtreeGetFilename(db->aDb[i].pBt)); } } break; case PragTyp_COLLATION_LIST: { int i = 0; HashElem *p; pParse->nMem = 2; for(p=sqliteHashFirst(&db->aCollSeq); p; p=sqliteHashNext(p)){ CollSeq *pColl = (CollSeq *)sqliteHashData(p); sqlite3VdbeMultiLoad(v, 1, ""is"", i++, pColl->zName); } } break; #ifndef SQLITE_OMIT_INTROSPECTION_PRAGMAS case PragTyp_FUNCTION_LIST: { int i; HashElem *j; FuncDef *p; pParse->nMem = 2; for(i=0; iu.pHash ){ if( p->funcFlags & SQLITE_FUNC_INTERNAL ) continue; sqlite3VdbeMultiLoad(v, 1, ""si"", p->zName, 1); } } for(j=sqliteHashFirst(&db->aFunc); j; j=sqliteHashNext(j)){ p = (FuncDef*)sqliteHashData(j); sqlite3VdbeMultiLoad(v, 1, ""si"", p->zName, 0); } } break; #ifndef SQLITE_OMIT_VIRTUALTABLE case PragTyp_MODULE_LIST: { HashElem *j; pParse->nMem = 1; for(j=sqliteHashFirst(&db->aModule); j; j=sqliteHashNext(j)){ Module *pMod = (Module*)sqliteHashData(j); sqlite3VdbeMultiLoad(v, 1, ""s"", pMod->zName); } } break; #endif case PragTyp_PRAGMA_LIST: { int i; for(i=0; ipFKey; if( pFK ){ int iTabDb = sqlite3SchemaToIndex(db, pTab->pSchema); int i = 0; pParse->nMem = 8; sqlite3CodeVerifySchema(pParse, iTabDb); while(pFK){ int j; for(j=0; jnCol; j++){ sqlite3VdbeMultiLoad(v, 1, ""iissssss"", i, j, pFK->zTo, pTab->aCol[pFK->aCol[j].iFrom].zName, pFK->aCol[j].zCol, actionName(pFK->aAction[1]), actionName(pFK->aAction[0]), ""NONE""); } ++i; pFK = pFK->pNextFrom; } } } } break; #endif #ifndef SQLITE_OMIT_FOREIGN_KEY #ifndef SQLITE_OMIT_TRIGGER case PragTyp_FOREIGN_KEY_CHECK: { FKey *pFK; Table *pTab; Table *pParent; Index *pIdx; int i; int j; HashElem *k; int x; int regResult; int regKey; int regRow; int addrTop; int addrOk; int *aiCols; regResult = pParse->nMem+1; pParse->nMem += 4; regKey = ++pParse->nMem; regRow = ++pParse->nMem; k = sqliteHashFirst(&db->aDb[iDb].pSchema->tblHash); while( k ){ int iTabDb; if( zRight ){ pTab = sqlite3LocateTable(pParse, 0, zRight, zDb); k = 0; }else{ pTab = (Table*)sqliteHashData(k); k = sqliteHashNext(k); } if( pTab==0 || pTab->pFKey==0 ) continue; iTabDb = sqlite3SchemaToIndex(db, pTab->pSchema); sqlite3CodeVerifySchema(pParse, iTabDb); sqlite3TableLock(pParse, iTabDb, pTab->tnum, 0, pTab->zName); if( pTab->nCol+regRow>pParse->nMem ) pParse->nMem = pTab->nCol + regRow; sqlite3OpenTable(pParse, 0, iTabDb, pTab, OP_OpenRead); sqlite3VdbeLoadString(v, regResult, pTab->zName); for(i=1, pFK=pTab->pFKey; pFK; i++, pFK=pFK->pNextFrom){ pParent = sqlite3FindTable(db, pFK->zTo, zDb); if( pParent==0 ) continue; pIdx = 0; sqlite3TableLock(pParse, iTabDb, pParent->tnum, 0, pParent->zName); x = sqlite3FkLocateIndex(pParse, pParent, pFK, &pIdx, 0); if( x==0 ){ if( pIdx==0 ){ sqlite3OpenTable(pParse, i, iTabDb, pParent, OP_OpenRead); }else{ sqlite3VdbeAddOp3(v, OP_OpenRead, i, pIdx->tnum, iTabDb); sqlite3VdbeSetP4KeyInfo(pParse, pIdx); } }else{ k = 0; break; } } assert( pParse->nErr>0 || pFK==0 ); if( pFK ) break; if( pParse->nTabnTab = i; addrTop = sqlite3VdbeAddOp1(v, OP_Rewind, 0); VdbeCoverage(v); for(i=1, pFK=pTab->pFKey; pFK; i++, pFK=pFK->pNextFrom){ pParent = sqlite3FindTable(db, pFK->zTo, zDb); pIdx = 0; aiCols = 0; if( pParent ){ x = sqlite3FkLocateIndex(pParse, pParent, pFK, &pIdx, &aiCols); assert( x==0 ); } addrOk = sqlite3VdbeMakeLabel(pParse); for(j=0; jnCol; j++){ int iCol = aiCols ? aiCols[j] : pFK->aCol[j].iFrom; sqlite3ExprCodeGetColumnOfTable(v, pTab, 0, iCol, regRow+j); sqlite3VdbeAddOp2(v, OP_IsNull, regRow+j, addrOk); VdbeCoverage(v); } if( pIdx ){ sqlite3VdbeAddOp4(v, OP_MakeRecord, regRow, pFK->nCol, regKey, sqlite3IndexAffinityStr(db,pIdx), pFK->nCol); sqlite3VdbeAddOp4Int(v, OP_Found, i, addrOk, regKey, 0); VdbeCoverage(v); }else if( pParent ){ int jmp = sqlite3VdbeCurrentAddr(v)+2; sqlite3VdbeAddOp3(v, OP_SeekRowid, i, jmp, regRow); VdbeCoverage(v); sqlite3VdbeGoto(v, addrOk); assert( pFK->nCol==1 ); } if( HasRowid(pTab) ){ sqlite3VdbeAddOp2(v, OP_Rowid, 0, regResult+1); }else{ sqlite3VdbeAddOp2(v, OP_Null, 0, regResult+1); } sqlite3VdbeMultiLoad(v, regResult+2, ""siX"", pFK->zTo, i-1); sqlite3VdbeAddOp2(v, OP_ResultRow, regResult, 4); sqlite3VdbeResolveLabel(v, addrOk); sqlite3DbFree(db, aiCols); } sqlite3VdbeAddOp2(v, OP_Next, 0, addrTop+1); VdbeCoverage(v); sqlite3VdbeJumpHere(v, addrTop); } } break; #endif #endif #ifndef SQLITE_OMIT_CASE_SENSITIVE_LIKE_PRAGMA case PragTyp_CASE_SENSITIVE_LIKE: { if( zRight ){ sqlite3RegisterLikeFunctions(db, sqlite3GetBoolean(zRight, 0)); } } break; #endif #ifndef SQLITE_INTEGRITY_CHECK_ERROR_MAX # define SQLITE_INTEGRITY_CHECK_ERROR_MAX 100 #endif #ifndef SQLITE_OMIT_INTEGRITY_CHECK case PragTyp_INTEGRITY_CHECK: { int i, j, addr, mxErr; int isQuick = (sqlite3Tolower(zLeft[0])=='q'); assert( iDb>=0 ); assert( iDb==0 || pId2->z ); if( pId2->z==0 ) iDb = -1; pParse->nMem = 6; mxErr = SQLITE_INTEGRITY_CHECK_ERROR_MAX; if( zRight ){ sqlite3GetInt32(zRight, &mxErr); if( mxErr<=0 ){ mxErr = SQLITE_INTEGRITY_CHECK_ERROR_MAX; } } sqlite3VdbeAddOp2(v, OP_Integer, mxErr-1, 1); for(i=0; inDb; i++){ HashElem *x; Hash *pTbls; int *aRoot; int cnt = 0; int mxIdx = 0; if( OMIT_TEMPDB && i==1 ) continue; if( iDb>=0 && i!=iDb ) continue; sqlite3CodeVerifySchema(pParse, i); assert( sqlite3SchemaMutexHeld(db, i, 0) ); pTbls = &db->aDb[i].pSchema->tblHash; for(cnt=0, x=sqliteHashFirst(pTbls); x; x=sqliteHashNext(x)){ Table *pTab = sqliteHashData(x); Index *pIdx; int nIdx; if( HasRowid(pTab) ) cnt++; for(nIdx=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, nIdx++){ cnt++; } if( nIdx>mxIdx ) mxIdx = nIdx; } aRoot = sqlite3DbMallocRawNN(db, sizeof(int)*(cnt+1)); if( aRoot==0 ) break; for(cnt=0, x=sqliteHashFirst(pTbls); x; x=sqliteHashNext(x)){ Table *pTab = sqliteHashData(x); Index *pIdx; if( HasRowid(pTab) ) aRoot[++cnt] = pTab->tnum; for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){ aRoot[++cnt] = pIdx->tnum; } } aRoot[0] = cnt; pParse->nMem = MAX( pParse->nMem, 8+mxIdx ); sqlite3ClearTempRegCache(pParse); sqlite3VdbeAddOp4(v, OP_IntegrityCk, 2, cnt, 1, (char*)aRoot,P4_INTARRAY); sqlite3VdbeChangeP5(v, (u8)i); addr = sqlite3VdbeAddOp1(v, OP_IsNull, 2); VdbeCoverage(v); sqlite3VdbeAddOp4(v, OP_String8, 0, 3, 0, sqlite3MPrintf(db, ""*** in database %s ***\n"", db->aDb[i].zDbSName), P4_DYNAMIC); sqlite3VdbeAddOp3(v, OP_Concat, 2, 3, 3); integrityCheckResultRow(v); sqlite3VdbeJumpHere(v, addr); for(x=sqliteHashFirst(pTbls); x; x=sqliteHashNext(x)){ Table *pTab = sqliteHashData(x); Index *pIdx, *pPk; Index *pPrior = 0; int loopTop; int iDataCur, iIdxCur; int r1 = -1; if( pTab->tnum<1 ) continue; pPk = HasRowid(pTab) ? 0 : sqlite3PrimaryKeyIndex(pTab); sqlite3OpenTableAndIndices(pParse, pTab, OP_OpenRead, 0, 1, 0, &iDataCur, &iIdxCur); sqlite3VdbeAddOp2(v, OP_Integer, 0, 7); for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){ sqlite3VdbeAddOp2(v, OP_Integer, 0, 8+j); } assert( pParse->nMem>=8+j ); assert( sqlite3NoTempsInRange(pParse,1,7+j) ); sqlite3VdbeAddOp2(v, OP_Rewind, iDataCur, 0); VdbeCoverage(v); loopTop = sqlite3VdbeAddOp2(v, OP_AddImm, 7, 1); if( !isQuick ){ sqlite3VdbeAddOp3(v, OP_Column, iDataCur, pTab->nNVCol-1,3); sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG); } for(j=0; jnCol; j++){ char *zErr; int jmp2; if( j==pTab->iPKey ) continue; if( pTab->aCol[j].notNull==0 ) continue; sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3); sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG); jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v); zErr = sqlite3MPrintf(db, ""NULL value in %s.%s"", pTab->zName, pTab->aCol[j].zName); sqlite3VdbeAddOp4(v, OP_String8, 0, 3, 0, zErr, P4_DYNAMIC); integrityCheckResultRow(v); sqlite3VdbeJumpHere(v, jmp2); } if( pTab->pCheck && (db->flags & SQLITE_IgnoreChecks)==0 ){ ExprList *pCheck = sqlite3ExprListDup(db, pTab->pCheck, 0); if( db->mallocFailed==0 ){ int addrCkFault = sqlite3VdbeMakeLabel(pParse); int addrCkOk = sqlite3VdbeMakeLabel(pParse); char *zErr; int k; pParse->iSelfTab = iDataCur + 1; for(k=pCheck->nExpr-1; k>0; k--){ sqlite3ExprIfFalse(pParse, pCheck->a[k].pExpr, addrCkFault, 0); } sqlite3ExprIfTrue(pParse, pCheck->a[0].pExpr, addrCkOk, SQLITE_JUMPIFNULL); sqlite3VdbeResolveLabel(v, addrCkFault); pParse->iSelfTab = 0; zErr = sqlite3MPrintf(db, ""CHECK constraint failed in %s"", pTab->zName); sqlite3VdbeAddOp4(v, OP_String8, 0, 3, 0, zErr, P4_DYNAMIC); integrityCheckResultRow(v); sqlite3VdbeResolveLabel(v, addrCkOk); } sqlite3ExprListDelete(db, pCheck); } if( !isQuick ){ for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){ int jmp2, jmp3, jmp4, jmp5; int ckUniq = sqlite3VdbeMakeLabel(pParse); if( pPk==pIdx ) continue; r1 = sqlite3GenerateIndexKey(pParse, pIdx, iDataCur, 0, 0, &jmp3, pPrior, r1); pPrior = pIdx; sqlite3VdbeAddOp2(v, OP_AddImm, 8+j, 1); jmp2 = sqlite3VdbeAddOp4Int(v, OP_Found, iIdxCur+j, ckUniq, r1, pIdx->nColumn); VdbeCoverage(v); sqlite3VdbeLoadString(v, 3, ""row ""); sqlite3VdbeAddOp3(v, OP_Concat, 7, 3, 3); sqlite3VdbeLoadString(v, 4, "" missing from index ""); sqlite3VdbeAddOp3(v, OP_Concat, 4, 3, 3); jmp5 = sqlite3VdbeLoadString(v, 4, pIdx->zName); sqlite3VdbeAddOp3(v, OP_Concat, 4, 3, 3); jmp4 = integrityCheckResultRow(v); sqlite3VdbeJumpHere(v, jmp2); if( IsUniqueIndex(pIdx) ){ int uniqOk = sqlite3VdbeMakeLabel(pParse); int jmp6; int kk; for(kk=0; kknKeyCol; kk++){ int iCol = pIdx->aiColumn[kk]; assert( iCol!=XN_ROWID && iColnCol ); if( iCol>=0 && pTab->aCol[iCol].notNull ) continue; sqlite3VdbeAddOp2(v, OP_IsNull, r1+kk, uniqOk); VdbeCoverage(v); } jmp6 = sqlite3VdbeAddOp1(v, OP_Next, iIdxCur+j); VdbeCoverage(v); sqlite3VdbeGoto(v, uniqOk); sqlite3VdbeJumpHere(v, jmp6); sqlite3VdbeAddOp4Int(v, OP_IdxGT, iIdxCur+j, uniqOk, r1, pIdx->nKeyCol); VdbeCoverage(v); sqlite3VdbeLoadString(v, 3, ""non-unique entry in index ""); sqlite3VdbeGoto(v, jmp5); sqlite3VdbeResolveLabel(v, uniqOk); } sqlite3VdbeJumpHere(v, jmp4); sqlite3ResolvePartIdxLabel(pParse, jmp3); } } sqlite3VdbeAddOp2(v, OP_Next, iDataCur, loopTop); VdbeCoverage(v); sqlite3VdbeJumpHere(v, loopTop-1); #ifndef SQLITE_OMIT_BTREECOUNT if( !isQuick ){ sqlite3VdbeLoadString(v, 2, ""wrong # of entries in index ""); for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){ if( pPk==pIdx ) continue; sqlite3VdbeAddOp2(v, OP_Count, iIdxCur+j, 3); addr = sqlite3VdbeAddOp3(v, OP_Eq, 8+j, 0, 3); VdbeCoverage(v); sqlite3VdbeChangeP5(v, SQLITE_NOTNULL); sqlite3VdbeLoadString(v, 4, pIdx->zName); sqlite3VdbeAddOp3(v, OP_Concat, 4, 2, 3); integrityCheckResultRow(v); sqlite3VdbeJumpHere(v, addr); } } #endif } } { static const int iLn = VDBE_OFFSET_LINENO(2); static const VdbeOpList endCode[] = { { OP_AddImm, 1, 0, 0}, { OP_IfNotZero, 1, 4, 0}, { OP_String8, 0, 3, 0}, { OP_ResultRow, 3, 1, 0}, { OP_Halt, 0, 0, 0}, { OP_String8, 0, 3, 0}, { OP_Goto, 0, 3, 0}, }; VdbeOp *aOp; aOp = sqlite3VdbeAddOpList(v, ArraySize(endCode), endCode, iLn); if( aOp ){ aOp[0].p2 = 1-mxErr; aOp[2].p4type = P4_STATIC; aOp[2].p4.z = ""ok""; aOp[5].p4type = P4_STATIC; aOp[5].p4.z = (char*)sqlite3ErrStr(SQLITE_CORRUPT); } sqlite3VdbeChangeP3(v, 0, sqlite3VdbeCurrentAddr(v)-2); } } break; #endif #ifndef SQLITE_OMIT_UTF16 case PragTyp_ENCODING: { static const struct EncName { char *zName; u8 enc; } encnames[] = { { ""UTF8"", SQLITE_UTF8 }, { ""UTF-8"", SQLITE_UTF8 }, { ""UTF-16le"", SQLITE_UTF16LE }, { ""UTF-16be"", SQLITE_UTF16BE }, { ""UTF16le"", SQLITE_UTF16LE }, { ""UTF16be"", SQLITE_UTF16BE }, { ""UTF-16"", 0 }, { ""UTF16"", 0 }, { 0, 0 } }; const struct EncName *pEnc; if( !zRight ){ if( sqlite3ReadSchema(pParse) ) goto pragma_out; assert( encnames[SQLITE_UTF8].enc==SQLITE_UTF8 ); assert( encnames[SQLITE_UTF16LE].enc==SQLITE_UTF16LE ); assert( encnames[SQLITE_UTF16BE].enc==SQLITE_UTF16BE ); returnSingleText(v, encnames[ENC(pParse->db)].zName); }else{ if( !(DbHasProperty(db, 0, DB_SchemaLoaded)) || DbHasProperty(db, 0, DB_Empty) ){ for(pEnc=&encnames[0]; pEnc->zName; pEnc++){ if( 0==sqlite3StrICmp(zRight, pEnc->zName) ){ SCHEMA_ENC(db) = ENC(db) = pEnc->enc ? pEnc->enc : SQLITE_UTF16NATIVE; break; } } if( !pEnc->zName ){ sqlite3ErrorMsg(pParse, ""unsupported encoding: %s"", zRight); } } } } break; #endif #ifndef SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS case PragTyp_HEADER_VALUE: { int iCookie = pPragma->iArg; sqlite3VdbeUsesBtree(v, iDb); if( zRight && (pPragma->mPragFlg & PragFlg_ReadOnly)==0 ){ static const VdbeOpList setCookie[] = { { OP_Transaction, 0, 1, 0}, { OP_SetCookie, 0, 0, 0}, }; VdbeOp *aOp; sqlite3VdbeVerifyNoMallocRequired(v, ArraySize(setCookie)); aOp = sqlite3VdbeAddOpList(v, ArraySize(setCookie), setCookie, 0); if( ONLY_IF_REALLOC_STRESS(aOp==0) ) break; aOp[0].p1 = iDb; aOp[1].p1 = iDb; aOp[1].p2 = iCookie; aOp[1].p3 = sqlite3Atoi(zRight); }else{ static const VdbeOpList readCookie[] = { { OP_Transaction, 0, 0, 0}, { OP_ReadCookie, 0, 1, 0}, { OP_ResultRow, 1, 1, 0} }; VdbeOp *aOp; sqlite3VdbeVerifyNoMallocRequired(v, ArraySize(readCookie)); aOp = sqlite3VdbeAddOpList(v, ArraySize(readCookie),readCookie,0); if( ONLY_IF_REALLOC_STRESS(aOp==0) ) break; aOp[0].p1 = iDb; aOp[1].p1 = iDb; aOp[1].p3 = iCookie; sqlite3VdbeReusable(v); } } break; #endif #ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS case PragTyp_COMPILE_OPTIONS: { int i = 0; const char *zOpt; pParse->nMem = 1; while( (zOpt = sqlite3_compileoption_get(i++))!=0 ){ sqlite3VdbeLoadString(v, 1, zOpt); sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1); } sqlite3VdbeReusable(v); } break; #endif #ifndef SQLITE_OMIT_WAL case PragTyp_WAL_CHECKPOINT: { int iBt = (pId2->z?iDb:SQLITE_MAX_ATTACHED); int eMode = SQLITE_CHECKPOINT_PASSIVE; if( zRight ){ if( sqlite3StrICmp(zRight, ""full"")==0 ){ eMode = SQLITE_CHECKPOINT_FULL; }else if( sqlite3StrICmp(zRight, ""restart"")==0 ){ eMode = SQLITE_CHECKPOINT_RESTART; }else if( sqlite3StrICmp(zRight, ""truncate"")==0 ){ eMode = SQLITE_CHECKPOINT_TRUNCATE; } } pParse->nMem = 3; sqlite3VdbeAddOp3(v, OP_Checkpoint, iBt, eMode, 1); sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 3); } break; case PragTyp_WAL_AUTOCHECKPOINT: { if( zRight ){ sqlite3_wal_autocheckpoint(db, sqlite3Atoi(zRight)); } returnSingleInt(v, db->xWalCallback==sqlite3WalDefaultHook ? SQLITE_PTR_TO_INT(db->pWalArg) : 0); } break; #endif case PragTyp_SHRINK_MEMORY: { sqlite3_db_release_memory(db); break; } case PragTyp_OPTIMIZE: { int iDbLast; int iTabCur; HashElem *k; Schema *pSchema; Table *pTab; Index *pIdx; LogEst szThreshold; char *zSubSql; u32 opMask; if( zRight ){ opMask = (u32)sqlite3Atoi(zRight); if( (opMask & 0x02)==0 ) break; }else{ opMask = 0xfffe; } iTabCur = pParse->nTab++; for(iDbLast = zDb?iDb:db->nDb-1; iDb<=iDbLast; iDb++){ if( iDb==1 ) continue; sqlite3CodeVerifySchema(pParse, iDb); pSchema = db->aDb[iDb].pSchema; for(k=sqliteHashFirst(&pSchema->tblHash); k; k=sqliteHashNext(k)){ pTab = (Table*)sqliteHashData(k); if( (pTab->tabFlags & TF_StatsUsed)==0 ) continue; szThreshold = pTab->nRowLogEst + 46; assert( sqlite3LogEst(25)==46 ); for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){ if( !pIdx->hasStat1 ){ szThreshold = 0; break; } } if( szThreshold ){ sqlite3OpenTable(pParse, iTabCur, iDb, pTab, OP_OpenRead); sqlite3VdbeAddOp3(v, OP_IfSmaller, iTabCur, sqlite3VdbeCurrentAddr(v)+2+(opMask&1), szThreshold); VdbeCoverage(v); } zSubSql = sqlite3MPrintf(db, ""ANALYZE \""%w\"".\""%w\"""", db->aDb[iDb].zDbSName, pTab->zName); if( opMask & 0x01 ){ int r1 = sqlite3GetTempReg(pParse); sqlite3VdbeAddOp4(v, OP_String8, 0, r1, 0, zSubSql, P4_DYNAMIC); sqlite3VdbeAddOp2(v, OP_ResultRow, r1, 1); }else{ sqlite3VdbeAddOp4(v, OP_SqlExec, 0, 0, 0, zSubSql, P4_DYNAMIC); } } } sqlite3VdbeAddOp0(v, OP_Expire); break; } default: { assert( pPragma->ePragTyp==PragTyp_BUSY_TIMEOUT ); if( zRight ){ sqlite3_busy_timeout(db, sqlite3Atoi(zRight)); } returnSingleInt(v, db->busyTimeout); break; } case PragTyp_SOFT_HEAP_LIMIT: { sqlite3_int64 N; if( zRight && sqlite3DecOrHexToI64(zRight, &N)==SQLITE_OK ){ sqlite3_soft_heap_limit64(N); } returnSingleInt(v, sqlite3_soft_heap_limit64(-1)); break; } case PragTyp_HARD_HEAP_LIMIT: { sqlite3_int64 N; if( zRight && sqlite3DecOrHexToI64(zRight, &N)==SQLITE_OK ){ sqlite3_int64 iPrior = sqlite3_hard_heap_limit64(-1); if( N>0 && (iPrior==0 || iPrior>N) ) sqlite3_hard_heap_limit64(N); } returnSingleInt(v, sqlite3_hard_heap_limit64(-1)); break; } case PragTyp_THREADS: { sqlite3_int64 N; if( zRight && sqlite3DecOrHexToI64(zRight, &N)==SQLITE_OK && N>=0 ){ sqlite3_limit(db, SQLITE_LIMIT_WORKER_THREADS, (int)(N&0x7fffffff)); } returnSingleInt(v, sqlite3_limit(db, SQLITE_LIMIT_WORKER_THREADS, -1)); break; } #if defined(SQLITE_DEBUG) || defined(SQLITE_TEST) case PragTyp_LOCK_STATUS: { static const char *const azLockName[] = { ""unlocked"", ""shared"", ""reserved"", ""pending"", ""exclusive"" }; int i; pParse->nMem = 2; for(i=0; inDb; i++){ Btree *pBt; const char *zState = ""unknown""; int j; if( db->aDb[i].zDbSName==0 ) continue; pBt = db->aDb[i].pBt; if( pBt==0 || sqlite3BtreePager(pBt)==0 ){ zState = ""closed""; }else if( sqlite3_file_control(db, i ? db->aDb[i].zDbSName : 0, SQLITE_FCNTL_LOCKSTATE, &j)==SQLITE_OK ){ zState = azLockName[j]; } sqlite3VdbeMultiLoad(v, 1, ""ss"", db->aDb[i].zDbSName, zState); } break; } #endif #ifdef SQLITE_HAS_CODEC case PragTyp_KEY: { if( zRight ){ char zBuf[40]; const char *zKey = zRight; int n; if( pPragma->iArg==2 || pPragma->iArg==3 ){ u8 iByte; int i; for(i=0, iByte=0; iiArg<4 ? sqlite3Strlen30(zRight) : -1; } if( (pPragma->iArg & 1)==0 ){ rc = sqlite3_key_v2(db, zDb, zKey, n); }else{ rc = sqlite3_rekey_v2(db, zDb, zKey, n); } if( rc==SQLITE_OK && n!=0 ){ sqlite3VdbeSetNumCols(v, 1); sqlite3VdbeSetColName(v, 0, COLNAME_NAME, ""ok"", SQLITE_STATIC); returnSingleText(v, ""ok""); } } break; } #endif #if defined(SQLITE_HAS_CODEC) || defined(SQLITE_ENABLE_CEROD) case PragTyp_ACTIVATE_EXTENSIONS: if( zRight ){ #ifdef SQLITE_HAS_CODEC if( sqlite3StrNICmp(zRight, ""see-"", 4)==0 ){ sqlite3_activate_see(&zRight[4]); } #endif #ifdef SQLITE_ENABLE_CEROD if( sqlite3StrNICmp(zRight, ""cerod-"", 6)==0 ){ sqlite3_activate_cerod(&zRight[6]); } #endif } break; #endif } if( (pPragma->mPragFlg & PragFlg_NoColumns1) && zRight ){ sqlite3VdbeVerifyNoResultRow(v); } pragma_out: sqlite3DbFree(db, zLeft); sqlite3DbFree(db, zRight); }",visit repo url,src/pragma.c,https://github.com/sqlite/sqlite,272728999640478,1 325,[],"static int get_raw32_request(struct raw_config_request *req, struct raw32_config_request __user *user_req) { int ret; if (!access_ok(VERIFY_READ, user_req, sizeof(struct raw32_config_request))) return -EFAULT; ret = __get_user(req->raw_minor, &user_req->raw_minor); ret |= __get_user(req->block_major, &user_req->block_major); ret |= __get_user(req->block_minor, &user_req->block_minor); return ret ? -EFAULT : 0; }",linux-2.6,,,157658252760582710596068855075002258020,0 6166,CWE-190,"static void ep4_mul_glv_imp(ep4_t r, const ep4_t p, const bn_t k) { int sign, i, j, l, _l[8]; bn_t n, _k[8], u, v; int8_t naf[8][RLC_FP_BITS + 1]; ep4_t q[8]; bn_null(n); bn_null(u); bn_null(v); RLC_TRY { bn_new(n); bn_new(u); bn_new(v); for (i = 0; i < 8; i++) { bn_null(_k[i]); ep4_null(q[i]); bn_new(_k[i]); ep4_new(q[i]); } bn_abs(v, k); ep4_curve_get_ord(n); if (bn_cmp_abs(v, n) == RLC_GT) { bn_mod(v, v, n); } fp_prime_get_par(u); sign = bn_sign(u); bn_abs(u, u); ep4_norm(q[0], p); for (i = 0; i < 8; i++) { bn_mod(_k[i], v, u); bn_div(v, v, u); if ((sign == RLC_NEG) && (i % 2 != 0)) { bn_neg(_k[i], _k[i]); } if (bn_sign(k) == RLC_NEG) { bn_neg(_k[i], _k[i]); } if (i > 0) { ep4_frb(q[i], q[i - 1], 1); } } l = 0; for (i = 0; i < 8; i++) { if (bn_sign(_k[i]) == RLC_NEG) { ep4_neg(q[i], q[i]); } _l[i] = RLC_FP_BITS + 1; bn_rec_naf(naf[i], &_l[i], _k[i], 2); l = RLC_MAX(l, _l[i]); } ep4_set_infty(r); for (j = l - 1; j >= 0; j--) { ep4_dbl(r, r); for (i = 0; i < 8; i++) { if (naf[i][j] > 0) { ep4_add(r, r, q[i]); } if (naf[i][j] < 0) { ep4_sub(r, r, q[i]); } } } ep4_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(u); bn_free(v); for (i = 0; i < 8; i++) { bn_free(_k[i]); ep4_free(q[i]); } } }",visit repo url,src/epx/relic_ep4_mul.c,https://github.com/relic-toolkit/relic,247591708895285,1 1491,[],"static void init_tg_rt_entry(struct task_group *tg, struct rt_rq *rt_rq, struct sched_rt_entity *rt_se, int cpu, int add, struct sched_rt_entity *parent) { struct rq *rq = cpu_rq(cpu); tg->rt_rq[cpu] = rt_rq; init_rt_rq(rt_rq, rq); rt_rq->tg = tg; rt_rq->rt_se = rt_se; rt_rq->rt_runtime = tg->rt_bandwidth.rt_runtime; if (add) list_add(&rt_rq->leaf_rt_rq_list, &rq->leaf_rt_rq_list); tg->rt_se[cpu] = rt_se; if (!rt_se) return; if (!parent) rt_se->rt_rq = &rq->rt; else rt_se->rt_rq = parent->my_q; rt_se->rt_rq = &rq->rt; rt_se->my_q = rt_rq; rt_se->parent = parent; INIT_LIST_HEAD(&rt_se->run_list); }",linux-2.6,,,296202562026775767429779652218600951543,0 609,CWE-17,"static inline void __file_sb_list_add(struct file *file, struct super_block *sb) { struct list_head *list; #ifdef CONFIG_SMP int cpu; cpu = smp_processor_id(); file->f_sb_list_cpu = cpu; list = per_cpu_ptr(sb->s_files, cpu); #else list = &sb->s_files; #endif list_add(&file->f_u.fu_list, list); }",visit repo url,fs/file_table.c,https://github.com/torvalds/linux,12953029398129,1 2676,CWE-190,"static void spl_filesystem_object_free_storage(void *object TSRMLS_DC) { spl_filesystem_object *intern = (spl_filesystem_object*)object; if (intern->oth_handler && intern->oth_handler->dtor) { intern->oth_handler->dtor(intern TSRMLS_CC); } zend_object_std_dtor(&intern->std TSRMLS_CC); if (intern->_path) { efree(intern->_path); } if (intern->file_name) { efree(intern->file_name); } switch(intern->type) { case SPL_FS_INFO: break; case SPL_FS_DIR: if (intern->u.dir.dirp) { php_stream_close(intern->u.dir.dirp); intern->u.dir.dirp = NULL; } if (intern->u.dir.sub_path) { efree(intern->u.dir.sub_path); } break; case SPL_FS_FILE: if (intern->u.file.stream) { if (intern->u.file.zcontext) { } if (!intern->u.file.stream->is_persistent) { php_stream_free(intern->u.file.stream, PHP_STREAM_FREE_CLOSE); } else { php_stream_free(intern->u.file.stream, PHP_STREAM_FREE_CLOSE_PERSISTENT); } if (intern->u.file.open_mode) { efree(intern->u.file.open_mode); } if (intern->orig_path) { efree(intern->orig_path); } } spl_filesystem_file_free_line(intern TSRMLS_CC); break; } { zend_object_iterator *iterator; iterator = (zend_object_iterator*) spl_filesystem_object_to_iterator(intern); if (iterator->data != NULL) { iterator->data = NULL; iterator->funcs->dtor(iterator TSRMLS_CC); } } efree(object); } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,162333958931064,1 1456,[],"static int migration_thread(void *data) { int cpu = (long)data; struct rq *rq; rq = cpu_rq(cpu); BUG_ON(rq->migration_thread != current); set_current_state(TASK_INTERRUPTIBLE); while (!kthread_should_stop()) { struct migration_req *req; struct list_head *head; spin_lock_irq(&rq->lock); if (cpu_is_offline(cpu)) { spin_unlock_irq(&rq->lock); goto wait_to_die; } if (rq->active_balance) { active_load_balance(rq, cpu); rq->active_balance = 0; } head = &rq->migration_queue; if (list_empty(head)) { spin_unlock_irq(&rq->lock); schedule(); set_current_state(TASK_INTERRUPTIBLE); continue; } req = list_entry(head->next, struct migration_req, list); list_del_init(head->next); spin_unlock(&rq->lock); __migrate_task(req->task, cpu, req->dest_cpu); local_irq_enable(); complete(&req->done); } __set_current_state(TASK_RUNNING); return 0; wait_to_die: set_current_state(TASK_INTERRUPTIBLE); while (!kthread_should_stop()) { schedule(); set_current_state(TASK_INTERRUPTIBLE); } __set_current_state(TASK_RUNNING); return 0; }",linux-2.6,,,51325134725837511387868249936635229576,0 5847,CWE-121,"static int print_media_desc(const pjmedia_sdp_media *m, char *buf, pj_size_t len) { char *p = buf; char *end = buf+len; unsigned i; int printed; if (len < (pj_size_t)m->desc.media.slen+m->desc.transport.slen+12+24) { return -1; } *p++ = 'm'; *p++ = '='; pj_memcpy(p, m->desc.media.ptr, m->desc.media.slen); p += m->desc.media.slen; *p++ = ' '; printed = pj_utoa(m->desc.port, p); p += printed; if (m->desc.port_count > 1) { *p++ = '/'; printed = pj_utoa(m->desc.port_count, p); p += printed; } *p++ = ' '; pj_memcpy(p, m->desc.transport.ptr, m->desc.transport.slen); p += m->desc.transport.slen; for (i=0; idesc.fmt_count; ++i) { *p++ = ' '; pj_memcpy(p, m->desc.fmt[i].ptr, m->desc.fmt[i].slen); p += m->desc.fmt[i].slen; } *p++ = '\r'; *p++ = '\n'; if (m->conn) { printed = print_connection_info(m->conn, p, (int)(end-p)); if (printed < 0) { return -1; } p += printed; } for (i=0; ibandw_count; ++i) { printed = (int)print_bandw(m->bandw[i], p, end-p); if (printed < 0) { return -1; } p += printed; } for (i=0; iattr_count; ++i) { printed = (int)print_attr(m->attr[i], p, end-p); if (printed < 0) { return -1; } p += printed; } return (int)(p-buf); }",visit repo url,pjmedia/src/pjmedia/sdp.c,https://github.com/pjsip/pjproject,17743645346048,1 2026,['CWE-269'],"static void *m_next(struct seq_file *m, void *v, loff_t *pos) { struct mnt_namespace *n = m->private; struct list_head *p = ((struct vfsmount *)v)->mnt_list.next; (*pos)++; return p == &n->list ? NULL : list_entry(p, struct vfsmount, mnt_list); }",linux-2.6,,,328054785857078462347768352376981808416,0 6750,['CWE-310'],"get_settings (NMExportedConnection *exported) { NMAGConfConnection *self = NMA_GCONF_CONNECTION (exported); NMAGConfConnectionPrivate *priv = NMA_GCONF_CONNECTION_GET_PRIVATE (self); NMConnection *connection; GHashTable *settings; GError *error = NULL; connection = nm_exported_connection_get_connection (exported); if (!utils_fill_connection_certs (connection, &error)) { g_warning (""%s: Invalid connection %s: failed to load connection certificates: (%d) %s"", __func__, priv->dir, error ? error->code : -1, error && error->message ? error->message : ""(unknown)""); g_clear_error (&error); return NULL; } settings = nm_connection_to_hash (connection); utils_clear_filled_connection_certs (connection); return settings; }",network-manager-applet,,,201150686680321985651598472089212111491,0 6553,CWE-407,"hash_link_ref(const uint8_t *link_ref, size_t length) { size_t i; unsigned int hash = 0; for (i = 0; i < length; ++i) hash = tolower(link_ref[i]) + (hash << 6) + (hash << 16) - hash; return hash; }",visit repo url,src/markdown.c,https://github.com/reddit/snudown,241355260747204,1 262,CWE-399,"int mpi_powm(MPI res, MPI base, MPI exp, MPI mod) { mpi_ptr_t mp_marker = NULL, bp_marker = NULL, ep_marker = NULL; mpi_ptr_t xp_marker = NULL; mpi_ptr_t tspace = NULL; mpi_ptr_t rp, ep, mp, bp; mpi_size_t esize, msize, bsize, rsize; int esign, msign, bsign, rsign; mpi_size_t size; int mod_shift_cnt; int negative_result; int assign_rp = 0; mpi_size_t tsize = 0; int rc = -ENOMEM; esize = exp->nlimbs; msize = mod->nlimbs; size = 2 * msize; esign = exp->sign; msign = mod->sign; rp = res->d; ep = exp->d; if (!msize) return -EINVAL; if (!esize) { rp[0] = 1; res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1; res->sign = 0; goto leave; } mp = mp_marker = mpi_alloc_limb_space(msize); if (!mp) goto enomem; mod_shift_cnt = count_leading_zeros(mod->d[msize - 1]); if (mod_shift_cnt) mpihelp_lshift(mp, mod->d, msize, mod_shift_cnt); else MPN_COPY(mp, mod->d, msize); bsize = base->nlimbs; bsign = base->sign; if (bsize > msize) { bp = bp_marker = mpi_alloc_limb_space(bsize + 1); if (!bp) goto enomem; MPN_COPY(bp, base->d, bsize); mpihelp_divrem(bp + msize, 0, bp, bsize, mp, msize); bsize = msize; MPN_NORMALIZE(bp, bsize); } else bp = base->d; if (!bsize) { res->nlimbs = 0; res->sign = 0; goto leave; } if (res->alloced < size) { if (rp == ep || rp == mp || rp == bp) { rp = mpi_alloc_limb_space(size); if (!rp) goto enomem; assign_rp = 1; } else { if (mpi_resize(res, size) < 0) goto enomem; rp = res->d; } } else { if (rp == bp) { BUG_ON(bp_marker); bp = bp_marker = mpi_alloc_limb_space(bsize); if (!bp) goto enomem; MPN_COPY(bp, rp, bsize); } if (rp == ep) { ep = ep_marker = mpi_alloc_limb_space(esize); if (!ep) goto enomem; MPN_COPY(ep, rp, esize); } if (rp == mp) { BUG_ON(mp_marker); mp = mp_marker = mpi_alloc_limb_space(msize); if (!mp) goto enomem; MPN_COPY(mp, rp, msize); } } MPN_COPY(rp, bp, bsize); rsize = bsize; rsign = bsign; { mpi_size_t i; mpi_ptr_t xp; int c; mpi_limb_t e; mpi_limb_t carry_limb; struct karatsuba_ctx karactx; xp = xp_marker = mpi_alloc_limb_space(2 * (msize + 1)); if (!xp) goto enomem; memset(&karactx, 0, sizeof karactx); negative_result = (ep[0] & 1) && base->sign; i = esize - 1; e = ep[i]; c = count_leading_zeros(e); e = (e << c) << 1; c = BITS_PER_MPI_LIMB - 1 - c; for (;;) { while (c) { mpi_ptr_t tp; mpi_size_t xsize; if (rsize < KARATSUBA_THRESHOLD) mpih_sqr_n_basecase(xp, rp, rsize); else { if (!tspace) { tsize = 2 * rsize; tspace = mpi_alloc_limb_space(tsize); if (!tspace) goto enomem; } else if (tsize < (2 * rsize)) { mpi_free_limb_space(tspace); tsize = 2 * rsize; tspace = mpi_alloc_limb_space(tsize); if (!tspace) goto enomem; } mpih_sqr_n(xp, rp, rsize, tspace); } xsize = 2 * rsize; if (xsize > msize) { mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); xsize = msize; } tp = rp; rp = xp; xp = tp; rsize = xsize; if ((mpi_limb_signed_t) e < 0) { if (bsize < KARATSUBA_THRESHOLD) { mpi_limb_t tmp; if (mpihelp_mul (xp, rp, rsize, bp, bsize, &tmp) < 0) goto enomem; } else { if (mpihelp_mul_karatsuba_case (xp, rp, rsize, bp, bsize, &karactx) < 0) goto enomem; } xsize = rsize + bsize; if (xsize > msize) { mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); xsize = msize; } tp = rp; rp = xp; xp = tp; rsize = xsize; } e <<= 1; c--; } i--; if (i < 0) break; e = ep[i]; c = BITS_PER_MPI_LIMB; } if (mod_shift_cnt) { carry_limb = mpihelp_lshift(res->d, rp, rsize, mod_shift_cnt); rp = res->d; if (carry_limb) { rp[rsize] = carry_limb; rsize++; } } else { MPN_COPY(res->d, rp, rsize); rp = res->d; } if (rsize >= msize) { mpihelp_divrem(rp + msize, 0, rp, rsize, mp, msize); rsize = msize; } if (mod_shift_cnt) mpihelp_rshift(rp, rp, rsize, mod_shift_cnt); MPN_NORMALIZE(rp, rsize); mpihelp_release_karatsuba_ctx(&karactx); } if (negative_result && rsize) { if (mod_shift_cnt) mpihelp_rshift(mp, mp, msize, mod_shift_cnt); mpihelp_sub(rp, mp, msize, rp, rsize); rsize = msize; rsign = msign; MPN_NORMALIZE(rp, rsize); } res->nlimbs = rsize; res->sign = rsign; leave: rc = 0; enomem: if (assign_rp) mpi_assign_limb_space(res, rp, size); if (mp_marker) mpi_free_limb_space(mp_marker); if (bp_marker) mpi_free_limb_space(bp_marker); if (ep_marker) mpi_free_limb_space(ep_marker); if (xp_marker) mpi_free_limb_space(xp_marker); if (tspace) mpi_free_limb_space(tspace); return rc; }",visit repo url,lib/mpi/mpi-pow.c,https://github.com/torvalds/linux,262592523939076,1 1117,CWE-362,"int ip_queue_xmit(struct sk_buff *skb) { struct sock *sk = skb->sk; struct inet_sock *inet = inet_sk(sk); struct ip_options *opt = inet->opt; struct rtable *rt; struct iphdr *iph; int res; rcu_read_lock(); rt = skb_rtable(skb); if (rt != NULL) goto packet_routed; rt = (struct rtable *)__sk_dst_check(sk, 0); if (rt == NULL) { __be32 daddr; daddr = inet->inet_daddr; if(opt && opt->srr) daddr = opt->faddr; rt = ip_route_output_ports(sock_net(sk), sk, daddr, inet->inet_saddr, inet->inet_dport, inet->inet_sport, sk->sk_protocol, RT_CONN_FLAGS(sk), sk->sk_bound_dev_if); if (IS_ERR(rt)) goto no_route; sk_setup_caps(sk, &rt->dst); } skb_dst_set_noref(skb, &rt->dst); packet_routed: if (opt && opt->is_strictroute && rt->rt_dst != rt->rt_gateway) goto no_route; skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0)); skb_reset_network_header(skb); iph = ip_hdr(skb); *((__be16 *)iph) = htons((4 << 12) | (5 << 8) | (inet->tos & 0xff)); if (ip_dont_fragment(sk, &rt->dst) && !skb->local_df) iph->frag_off = htons(IP_DF); else iph->frag_off = 0; iph->ttl = ip_select_ttl(inet, &rt->dst); iph->protocol = sk->sk_protocol; iph->saddr = rt->rt_src; iph->daddr = rt->rt_dst; if (opt && opt->optlen) { iph->ihl += opt->optlen >> 2; ip_options_build(skb, opt, inet->inet_daddr, rt, 0); } ip_select_ident_more(iph, &rt->dst, sk, (skb_shinfo(skb)->gso_segs ?: 1) - 1); skb->priority = sk->sk_priority; skb->mark = sk->sk_mark; res = ip_local_out(skb); rcu_read_unlock(); return res; no_route: rcu_read_unlock(); IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES); kfree_skb(skb); return -EHOSTUNREACH; }",visit repo url,net/ipv4/ip_output.c,https://github.com/torvalds/linux,16778773629184,1 2741,['CWE-189'],"static void sctp_auth_shkey_free(struct sctp_shared_key *sh_key) { BUG_ON(!list_empty(&sh_key->key_list)); sctp_auth_key_put(sh_key->key); sh_key->key = NULL; kfree(sh_key); }",linux-2.6,,,37269076066410486217564154000401539259,0 124,[],"asmlinkage long compat_sys_futimesat(unsigned int dfd, char __user *filename, struct compat_timeval __user *t) { struct timeval tv[2]; if (t) { if (get_user(tv[0].tv_sec, &t[0].tv_sec) || get_user(tv[0].tv_usec, &t[0].tv_usec) || get_user(tv[1].tv_sec, &t[1].tv_sec) || get_user(tv[1].tv_usec, &t[1].tv_usec)) return -EFAULT; } return do_utimes(dfd, filename, t ? tv : NULL); }",linux-2.6,,,275238068309329684155509604627067285324,0 1050,['CWE-20'],"asmlinkage long sys_setpriority(int which, int who, int niceval) { struct task_struct *g, *p; struct user_struct *user; int error = -EINVAL; struct pid *pgrp; if (which > 2 || which < 0) goto out; error = -ESRCH; if (niceval < -20) niceval = -20; if (niceval > 19) niceval = 19; read_lock(&tasklist_lock); switch (which) { case PRIO_PROCESS: if (who) p = find_task_by_pid(who); else p = current; if (p) error = set_one_prio(p, niceval, error); break; case PRIO_PGRP: if (who) pgrp = find_pid(who); else pgrp = task_pgrp(current); do_each_pid_task(pgrp, PIDTYPE_PGID, p) { error = set_one_prio(p, niceval, error); } while_each_pid_task(pgrp, PIDTYPE_PGID, p); break; case PRIO_USER: user = current->user; if (!who) who = current->uid; else if ((who != current->uid) && !(user = find_user(who))) goto out_unlock; do_each_thread(g, p) if (p->uid == who) error = set_one_prio(p, niceval, error); while_each_thread(g, p); if (who != current->uid) free_uid(user); break; } out_unlock: read_unlock(&tasklist_lock); out: return error; }",linux-2.6,,,305994685349572620338629439422742530248,0 2767,['CWE-189'],"static int sctp_setsockopt_auth_key(struct sock *sk, char __user *optval, int optlen) { struct sctp_authkey *authkey; struct sctp_association *asoc; int ret; if (!sctp_auth_enable) return -EACCES; if (optlen <= sizeof(struct sctp_authkey)) return -EINVAL; authkey = kmalloc(optlen, GFP_KERNEL); if (!authkey) return -ENOMEM; if (copy_from_user(authkey, optval, optlen)) { ret = -EFAULT; goto out; } if (authkey->sca_keylength > optlen - sizeof(struct sctp_authkey)) { ret = -EINVAL; goto out; } asoc = sctp_id2assoc(sk, authkey->sca_assoc_id); if (!asoc && authkey->sca_assoc_id && sctp_style(sk, UDP)) { ret = -EINVAL; goto out; } ret = sctp_auth_set_key(sctp_sk(sk)->ep, asoc, authkey); out: kfree(authkey); return ret; }",linux-2.6,,,306075977754268319043600401389832171534,0 2897,['CWE-189'],"static int jpc_putnumnewpasses(jpc_bitstream_t *out, int n) { int ret; if (n <= 0) { return -1; } else if (n == 1) { ret = jpc_bitstream_putbit(out, 0); } else if (n == 2) { ret = jpc_bitstream_putbits(out, 2, 2); } else if (n <= 5) { ret = jpc_bitstream_putbits(out, 4, 0xc | (n - 3)); } else if (n <= 36) { ret = jpc_bitstream_putbits(out, 9, 0x1e0 | (n - 6)); } else if (n <= 164) { ret = jpc_bitstream_putbits(out, 16, 0xff80 | (n - 37)); } else { return -1; } return (ret != EOF) ? 0 : (-1); }",jasper,,,182658449843694595261037233185764397352,0 3561,['CWE-20'],"sctp_disposition_t sctp_sf_eat_sack_6_2(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; sctp_sackhdr_t *sackh; __u32 ctsn; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_sack_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); sackh = sctp_sm_pull_sack(chunk); if (!sackh) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); chunk->subh.sack_hdr = sackh; ctsn = ntohl(sackh->cum_tsn_ack); if (TSN_lt(ctsn, asoc->ctsn_ack_point)) { SCTP_DEBUG_PRINTK(""ctsn %x\n"", ctsn); SCTP_DEBUG_PRINTK(""ctsn_ack_point %x\n"", asoc->ctsn_ack_point); return SCTP_DISPOSITION_DISCARD; } if (!TSN_lt(ctsn, asoc->next_tsn)) return sctp_sf_violation_ctsn(ep, asoc, type, arg, commands); sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK, SCTP_SACKH(sackh)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,142278958783688759068739042610368932147,0 3815,['CWE-120'],"static int uvc_scan_chain_backward(struct uvc_video_device *video, struct uvc_entity *entity) { struct uvc_entity *term; int id = -1, i; switch (UVC_ENTITY_TYPE(entity)) { case VC_EXTENSION_UNIT: id = entity->extension.baSourceID[0]; break; case VC_PROCESSING_UNIT: id = entity->processing.bSourceID; break; case VC_SELECTOR_UNIT: if (entity->selector.bNrInPins == 1) { id = entity->selector.baSourceID[0]; break; } if (uvc_trace_param & UVC_TRACE_PROBE) printk("" <- IT""); video->selector = entity; for (i = 0; i < entity->selector.bNrInPins; ++i) { id = entity->selector.baSourceID[i]; term = uvc_entity_by_id(video->dev, id); if (term == NULL || !UVC_ENTITY_IS_ITERM(term)) { uvc_trace(UVC_TRACE_DESCR, ""Selector unit %d "" ""input %d isn't connected to an "" ""input terminal\n"", entity->id, i); return -1; } if (uvc_trace_param & UVC_TRACE_PROBE) printk("" %d"", term->id); list_add_tail(&term->chain, &video->iterms); uvc_scan_chain_forward(video, term, entity); } if (uvc_trace_param & UVC_TRACE_PROBE) printk(""\n""); id = 0; break; } return id; }",linux-2.6,,,230778084433622442106898864367369767880,0 4461,['CWE-264'],"static int skfp_driver_init(struct net_device *dev) { struct s_smc *smc = netdev_priv(dev); skfddi_priv *bp = &smc->os; int err = -EIO; PRINTK(KERN_INFO ""entering skfp_driver_init\n""); bp->base_addr = dev->base_addr; smc->hw.irq = dev->irq; spin_lock_init(&bp->DriverLock); bp->LocalRxBuffer = pci_alloc_consistent(&bp->pdev, MAX_FRAME_SIZE, &bp->LocalRxBufferDMA); if (!bp->LocalRxBuffer) { printk(""could not allocate mem for ""); printk(""LocalRxBuffer: %d byte\n"", MAX_FRAME_SIZE); goto fail; } bp->SharedMemSize = mac_drv_check_space(); PRINTK(KERN_INFO ""Memory for HWM: %ld\n"", bp->SharedMemSize); if (bp->SharedMemSize > 0) { bp->SharedMemSize += 16; bp->SharedMemAddr = pci_alloc_consistent(&bp->pdev, bp->SharedMemSize, &bp->SharedMemDMA); if (!bp->SharedMemSize) { printk(""could not allocate mem for ""); printk(""hardware module: %ld byte\n"", bp->SharedMemSize); goto fail; } bp->SharedMemHeap = 0; } else { bp->SharedMemAddr = NULL; bp->SharedMemHeap = 0; } memset(bp->SharedMemAddr, 0, bp->SharedMemSize); card_stop(smc); PRINTK(KERN_INFO ""mac_drv_init()..\n""); if (mac_drv_init(smc) != 0) { PRINTK(KERN_INFO ""mac_drv_init() failed.\n""); goto fail; } read_address(smc, NULL); PRINTK(KERN_INFO ""HW-Addr: %02x %02x %02x %02x %02x %02x\n"", smc->hw.fddi_canon_addr.a[0], smc->hw.fddi_canon_addr.a[1], smc->hw.fddi_canon_addr.a[2], smc->hw.fddi_canon_addr.a[3], smc->hw.fddi_canon_addr.a[4], smc->hw.fddi_canon_addr.a[5]); memcpy(dev->dev_addr, smc->hw.fddi_canon_addr.a, 6); smt_reset_defaults(smc, 0); return (0); fail: if (bp->SharedMemAddr) { pci_free_consistent(&bp->pdev, bp->SharedMemSize, bp->SharedMemAddr, bp->SharedMemDMA); bp->SharedMemAddr = NULL; } if (bp->LocalRxBuffer) { pci_free_consistent(&bp->pdev, MAX_FRAME_SIZE, bp->LocalRxBuffer, bp->LocalRxBufferDMA); bp->LocalRxBuffer = NULL; } return err; } ",linux-2.6,,,98043142045744682933251370723830735487,0 4286,['CWE-264'],"static void sighand_ctor(void *data) { struct sighand_struct *sighand = data; spin_lock_init(&sighand->siglock); init_waitqueue_head(&sighand->signalfd_wqh); }",linux-2.6,,,43402633745668341157857917647902065470,0 1791,[],"static ssize_t sched_mc_power_savings_show(struct sys_device *dev, char *page) { return sprintf(page, ""%u\n"", sched_mc_power_savings); }",linux-2.6,,,211627913346517035048754934477224919340,0 365,CWE-125,"void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk, struct sk_buff *skb) { int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP); struct scm_timestamping tss; int empty = 1; struct skb_shared_hwtstamps *shhwtstamps = skb_hwtstamps(skb); if (need_software_tstamp && skb->tstamp == 0) __net_timestamp(skb); if (need_software_tstamp) { if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) { struct timeval tv; skb_get_timestamp(skb, &tv); put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMP, sizeof(tv), &tv); } else { struct timespec ts; skb_get_timestampns(skb, &ts); put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPNS, sizeof(ts), &ts); } } memset(&tss, 0, sizeof(tss)); if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) && ktime_to_timespec_cond(skb->tstamp, tss.ts + 0)) empty = 0; if (shhwtstamps && (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) && ktime_to_timespec_cond(shhwtstamps->hwtstamp, tss.ts + 2)) empty = 0; if (!empty) { put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING, sizeof(tss), &tss); if (skb_is_err_queue(skb) && skb->len && (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_STATS)) put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS, skb->len, skb->data); } }",visit repo url,net/socket.c,https://github.com/torvalds/linux,218109413209822,1 3299,['CWE-189'],"static jas_iccprof_t *jas_iccprof_create() { jas_iccprof_t *prof; prof = 0; if (!(prof = jas_malloc(sizeof(jas_iccprof_t)))) { goto error; } if (!(prof->attrtab = jas_iccattrtab_create())) goto error; memset(&prof->hdr, 0, sizeof(jas_icchdr_t)); prof->tagtab.numents = 0; prof->tagtab.ents = 0; return prof; error: if (prof) jas_iccprof_destroy(prof); return 0; }",jasper,,,176723753537711255717608046537013870518,0 3768,CWE-125,"int yyparse (void *yyscanner, YR_COMPILER* compiler) { int yychar; YY_INITIAL_VALUE (static YYSTYPE yyval_default;) YYSTYPE yylval YY_INITIAL_VALUE (= yyval_default); int yynerrs; int yystate; int yyerrstatus; yytype_int16 yyssa[YYINITDEPTH]; yytype_int16 *yyss; yytype_int16 *yyssp; YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs; YYSTYPE *yyvsp; YYSIZE_T yystacksize; int yyn; int yyresult; int yytoken = 0; YYSTYPE yyval; #if YYERROR_VERBOSE char yymsgbuf[128]; char *yymsg = yymsgbuf; YYSIZE_T yymsg_alloc = sizeof yymsgbuf; #endif #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) int yylen = 0; yyssp = yyss = yyssa; yyvsp = yyvs = yyvsa; yystacksize = YYINITDEPTH; YYDPRINTF ((stderr, ""Starting parse\n"")); yystate = 0; yyerrstatus = 0; yynerrs = 0; yychar = YYEMPTY; goto yysetstate; yynewstate: yyssp++; yysetstate: *yyssp = yystate; if (yyss + yystacksize - 1 <= yyssp) { YYSIZE_T yysize = yyssp - yyss + 1; #ifdef yyoverflow { YYSTYPE *yyvs1 = yyvs; yytype_int16 *yyss1 = yyss; yyoverflow (YY_(""memory exhausted""), &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), &yystacksize); yyss = yyss1; yyvs = yyvs1; } #else # ifndef YYSTACK_RELOCATE goto yyexhaustedlab; # else if (YYMAXDEPTH <= yystacksize) goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; { yytype_int16 *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } # endif #endif yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; YYDPRINTF ((stderr, ""Stack size increased to %lu\n"", (unsigned long int) yystacksize)); if (yyss + yystacksize - 1 <= yyssp) YYABORT; } YYDPRINTF ((stderr, ""Entering state %d\n"", yystate)); if (yystate == YYFINAL) YYACCEPT; goto yybackup; yybackup: yyn = yypact[yystate]; if (yypact_value_is_default (yyn)) goto yydefault; if (yychar == YYEMPTY) { YYDPRINTF ((stderr, ""Reading a token: "")); yychar = yylex (&yylval, yyscanner, compiler); } if (yychar <= YYEOF) { yychar = yytoken = YYEOF; YYDPRINTF ((stderr, ""Now at end of input.\n"")); } else { yytoken = YYTRANSLATE (yychar); YY_SYMBOL_PRINT (""Next token is"", yytoken, &yylval, &yylloc); } yyn += yytoken; if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) goto yydefault; yyn = yytable[yyn]; if (yyn <= 0) { if (yytable_value_is_error (yyn)) goto yyerrlab; yyn = -yyn; goto yyreduce; } if (yyerrstatus) yyerrstatus--; YY_SYMBOL_PRINT (""Shifting"", yytoken, &yylval, &yylloc); yychar = YYEMPTY; yystate = yyn; YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END goto yynewstate; yydefault: yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; goto yyreduce; yyreduce: yylen = yyr2[yyn]; yyval = yyvsp[1-yylen]; YY_REDUCE_PRINT (yyn); switch (yyn) { case 8: #line 230 ""grammar.y"" { int result = yr_parser_reduce_import(yyscanner, (yyvsp[0].sized_string)); yr_free((yyvsp[0].sized_string)); ERROR_IF(result != ERROR_SUCCESS); } #line 1661 ""grammar.c"" break; case 9: #line 242 ""grammar.y"" { YR_RULE* rule = yr_parser_reduce_rule_declaration_phase_1( yyscanner, (int32_t) (yyvsp[-2].integer), (yyvsp[0].c_string)); ERROR_IF(rule == NULL); (yyval.rule) = rule; } #line 1674 ""grammar.c"" break; case 10: #line 251 ""grammar.y"" { YR_RULE* rule = (yyvsp[-4].rule); rule->tags = (yyvsp[-3].c_string); rule->metas = (yyvsp[-1].meta); rule->strings = (yyvsp[0].string); } #line 1686 ""grammar.c"" break; case 11: #line 259 ""grammar.y"" { YR_RULE* rule = (yyvsp[-7].rule); compiler->last_result = yr_parser_reduce_rule_declaration_phase_2( yyscanner, rule); yr_free((yyvsp[-8].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 1701 ""grammar.c"" break; case 12: #line 274 ""grammar.y"" { (yyval.meta) = NULL; } #line 1709 ""grammar.c"" break; case 13: #line 278 ""grammar.y"" { YR_META null_meta; memset(&null_meta, 0xFF, sizeof(YR_META)); null_meta.type = META_TYPE_NULL; compiler->last_result = yr_arena_write_data( compiler->metas_arena, &null_meta, sizeof(YR_META), NULL); (yyval.meta) = (yyvsp[0].meta); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 1736 ""grammar.c"" break; case 14: #line 305 ""grammar.y"" { (yyval.string) = NULL; } #line 1744 ""grammar.c"" break; case 15: #line 309 ""grammar.y"" { YR_STRING null_string; memset(&null_string, 0xFF, sizeof(YR_STRING)); null_string.g_flags = STRING_GFLAGS_NULL; compiler->last_result = yr_arena_write_data( compiler->strings_arena, &null_string, sizeof(YR_STRING), NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.string) = (yyvsp[0].string); } #line 1771 ""grammar.c"" break; case 17: #line 340 ""grammar.y"" { (yyval.integer) = 0; } #line 1777 ""grammar.c"" break; case 18: #line 341 ""grammar.y"" { (yyval.integer) = (yyvsp[-1].integer) | (yyvsp[0].integer); } #line 1783 ""grammar.c"" break; case 19: #line 346 ""grammar.y"" { (yyval.integer) = RULE_GFLAGS_PRIVATE; } #line 1789 ""grammar.c"" break; case 20: #line 347 ""grammar.y"" { (yyval.integer) = RULE_GFLAGS_GLOBAL; } #line 1795 ""grammar.c"" break; case 21: #line 353 ""grammar.y"" { (yyval.c_string) = NULL; } #line 1803 ""grammar.c"" break; case 22: #line 357 ""grammar.y"" { compiler->last_result = yr_arena_write_string( yyget_extra(yyscanner)->sz_arena, """", NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.c_string) = (yyvsp[0].c_string); } #line 1821 ""grammar.c"" break; case 23: #line 375 ""grammar.y"" { char* identifier; compiler->last_result = yr_arena_write_string( yyget_extra(yyscanner)->sz_arena, (yyvsp[0].c_string), &identifier); yr_free((yyvsp[0].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.c_string) = identifier; } #line 1838 ""grammar.c"" break; case 24: #line 388 ""grammar.y"" { char* tag_name = (yyvsp[-1].c_string); size_t tag_length = tag_name != NULL ? strlen(tag_name) : 0; while (tag_length > 0) { if (strcmp(tag_name, (yyvsp[0].c_string)) == 0) { yr_compiler_set_error_extra_info(compiler, tag_name); compiler->last_result = ERROR_DUPLICATED_TAG_IDENTIFIER; break; } tag_name = (char*) yr_arena_next_address( yyget_extra(yyscanner)->sz_arena, tag_name, tag_length + 1); tag_length = tag_name != NULL ? strlen(tag_name) : 0; } if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_arena_write_string( yyget_extra(yyscanner)->sz_arena, (yyvsp[0].c_string), NULL); yr_free((yyvsp[0].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.c_string) = (yyvsp[-1].c_string); } #line 1874 ""grammar.c"" break; case 25: #line 424 ""grammar.y"" { (yyval.meta) = (yyvsp[0].meta); } #line 1880 ""grammar.c"" break; case 26: #line 425 ""grammar.y"" { (yyval.meta) = (yyvsp[-1].meta); } #line 1886 ""grammar.c"" break; case 27: #line 431 ""grammar.y"" { SIZED_STRING* sized_string = (yyvsp[0].sized_string); (yyval.meta) = yr_parser_reduce_meta_declaration( yyscanner, META_TYPE_STRING, (yyvsp[-2].c_string), sized_string->c_string, 0); yr_free((yyvsp[-2].c_string)); yr_free((yyvsp[0].sized_string)); ERROR_IF((yyval.meta) == NULL); } #line 1906 ""grammar.c"" break; case 28: #line 447 ""grammar.y"" { (yyval.meta) = yr_parser_reduce_meta_declaration( yyscanner, META_TYPE_INTEGER, (yyvsp[-2].c_string), NULL, (yyvsp[0].integer)); yr_free((yyvsp[-2].c_string)); ERROR_IF((yyval.meta) == NULL); } #line 1923 ""grammar.c"" break; case 29: #line 460 ""grammar.y"" { (yyval.meta) = yr_parser_reduce_meta_declaration( yyscanner, META_TYPE_INTEGER, (yyvsp[-3].c_string), NULL, -(yyvsp[0].integer)); yr_free((yyvsp[-3].c_string)); ERROR_IF((yyval.meta) == NULL); } #line 1940 ""grammar.c"" break; case 30: #line 473 ""grammar.y"" { (yyval.meta) = yr_parser_reduce_meta_declaration( yyscanner, META_TYPE_BOOLEAN, (yyvsp[-2].c_string), NULL, TRUE); yr_free((yyvsp[-2].c_string)); ERROR_IF((yyval.meta) == NULL); } #line 1957 ""grammar.c"" break; case 31: #line 486 ""grammar.y"" { (yyval.meta) = yr_parser_reduce_meta_declaration( yyscanner, META_TYPE_BOOLEAN, (yyvsp[-2].c_string), NULL, FALSE); yr_free((yyvsp[-2].c_string)); ERROR_IF((yyval.meta) == NULL); } #line 1974 ""grammar.c"" break; case 32: #line 502 ""grammar.y"" { (yyval.string) = (yyvsp[0].string); } #line 1980 ""grammar.c"" break; case 33: #line 503 ""grammar.y"" { (yyval.string) = (yyvsp[-1].string); } #line 1986 ""grammar.c"" break; case 34: #line 509 ""grammar.y"" { compiler->error_line = yyget_lineno(yyscanner); } #line 1994 ""grammar.c"" break; case 35: #line 513 ""grammar.y"" { (yyval.string) = yr_parser_reduce_string_declaration( yyscanner, (int32_t) (yyvsp[0].integer), (yyvsp[-4].c_string), (yyvsp[-1].sized_string)); yr_free((yyvsp[-4].c_string)); yr_free((yyvsp[-1].sized_string)); ERROR_IF((yyval.string) == NULL); compiler->error_line = 0; } #line 2009 ""grammar.c"" break; case 36: #line 524 ""grammar.y"" { compiler->error_line = yyget_lineno(yyscanner); } #line 2017 ""grammar.c"" break; case 37: #line 528 ""grammar.y"" { (yyval.string) = yr_parser_reduce_string_declaration( yyscanner, (int32_t) (yyvsp[0].integer) | STRING_GFLAGS_REGEXP, (yyvsp[-4].c_string), (yyvsp[-1].sized_string)); yr_free((yyvsp[-4].c_string)); yr_free((yyvsp[-1].sized_string)); ERROR_IF((yyval.string) == NULL); compiler->error_line = 0; } #line 2033 ""grammar.c"" break; case 38: #line 540 ""grammar.y"" { (yyval.string) = yr_parser_reduce_string_declaration( yyscanner, STRING_GFLAGS_HEXADECIMAL, (yyvsp[-2].c_string), (yyvsp[0].sized_string)); yr_free((yyvsp[-2].c_string)); yr_free((yyvsp[0].sized_string)); ERROR_IF((yyval.string) == NULL); } #line 2047 ""grammar.c"" break; case 39: #line 553 ""grammar.y"" { (yyval.integer) = 0; } #line 2053 ""grammar.c"" break; case 40: #line 554 ""grammar.y"" { (yyval.integer) = (yyvsp[-1].integer) | (yyvsp[0].integer); } #line 2059 ""grammar.c"" break; case 41: #line 559 ""grammar.y"" { (yyval.integer) = STRING_GFLAGS_WIDE; } #line 2065 ""grammar.c"" break; case 42: #line 560 ""grammar.y"" { (yyval.integer) = STRING_GFLAGS_ASCII; } #line 2071 ""grammar.c"" break; case 43: #line 561 ""grammar.y"" { (yyval.integer) = STRING_GFLAGS_NO_CASE; } #line 2077 ""grammar.c"" break; case 44: #line 562 ""grammar.y"" { (yyval.integer) = STRING_GFLAGS_FULL_WORD; } #line 2083 ""grammar.c"" break; case 45: #line 568 ""grammar.y"" { int var_index = yr_parser_lookup_loop_variable(yyscanner, (yyvsp[0].c_string)); if (var_index >= 0) { compiler->last_result = yr_parser_emit_with_arg( yyscanner, OP_PUSH_M, LOOP_LOCAL_VARS * var_index, NULL, NULL); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; (yyval.expression).identifier = compiler->loop_identifier[var_index]; } else { YR_OBJECT* object = (YR_OBJECT*) yr_hash_table_lookup( compiler->objects_table, (yyvsp[0].c_string), NULL); if (object == NULL) { char* ns = compiler->current_namespace->name; object = (YR_OBJECT*) yr_hash_table_lookup( compiler->objects_table, (yyvsp[0].c_string), ns); } if (object != NULL) { char* id; compiler->last_result = yr_arena_write_string( compiler->sz_arena, (yyvsp[0].c_string), &id); if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_parser_emit_with_arg_reloc( yyscanner, OP_OBJ_LOAD, id, NULL, NULL); (yyval.expression).type = EXPRESSION_TYPE_OBJECT; (yyval.expression).value.object = object; (yyval.expression).identifier = object->identifier; } else { YR_RULE* rule = (YR_RULE*) yr_hash_table_lookup( compiler->rules_table, (yyvsp[0].c_string), compiler->current_namespace->name); if (rule != NULL) { compiler->last_result = yr_parser_emit_with_arg_reloc( yyscanner, OP_PUSH_RULE, rule, NULL, NULL); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; (yyval.expression).value.integer = UNDEFINED; (yyval.expression).identifier = rule->identifier; } else { yr_compiler_set_error_extra_info(compiler, (yyvsp[0].c_string)); compiler->last_result = ERROR_UNDEFINED_IDENTIFIER; } } } yr_free((yyvsp[0].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 2172 ""grammar.c"" break; case 46: #line 653 ""grammar.y"" { YR_OBJECT* field = NULL; if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_OBJECT && (yyvsp[-2].expression).value.object->type == OBJECT_TYPE_STRUCTURE) { field = yr_object_lookup_field((yyvsp[-2].expression).value.object, (yyvsp[0].c_string)); if (field != NULL) { char* ident; compiler->last_result = yr_arena_write_string( compiler->sz_arena, (yyvsp[0].c_string), &ident); if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_parser_emit_with_arg_reloc( yyscanner, OP_OBJ_FIELD, ident, NULL, NULL); (yyval.expression).type = EXPRESSION_TYPE_OBJECT; (yyval.expression).value.object = field; (yyval.expression).identifier = field->identifier; } else { yr_compiler_set_error_extra_info(compiler, (yyvsp[0].c_string)); compiler->last_result = ERROR_INVALID_FIELD_NAME; } } else { yr_compiler_set_error_extra_info( compiler, (yyvsp[-2].expression).identifier); compiler->last_result = ERROR_NOT_A_STRUCTURE; } yr_free((yyvsp[0].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 2222 ""grammar.c"" break; case 47: #line 699 ""grammar.y"" { YR_OBJECT_ARRAY* array; YR_OBJECT_DICTIONARY* dict; if ((yyvsp[-3].expression).type == EXPRESSION_TYPE_OBJECT && (yyvsp[-3].expression).value.object->type == OBJECT_TYPE_ARRAY) { if ((yyvsp[-1].expression).type != EXPRESSION_TYPE_INTEGER) { yr_compiler_set_error_extra_info( compiler, ""array indexes must be of integer type""); compiler->last_result = ERROR_WRONG_TYPE; } ERROR_IF(compiler->last_result != ERROR_SUCCESS); compiler->last_result = yr_parser_emit( yyscanner, OP_INDEX_ARRAY, NULL); array = (YR_OBJECT_ARRAY*) (yyvsp[-3].expression).value.object; (yyval.expression).type = EXPRESSION_TYPE_OBJECT; (yyval.expression).value.object = array->prototype_item; (yyval.expression).identifier = array->identifier; } else if ((yyvsp[-3].expression).type == EXPRESSION_TYPE_OBJECT && (yyvsp[-3].expression).value.object->type == OBJECT_TYPE_DICTIONARY) { if ((yyvsp[-1].expression).type != EXPRESSION_TYPE_STRING) { yr_compiler_set_error_extra_info( compiler, ""dictionary keys must be of string type""); compiler->last_result = ERROR_WRONG_TYPE; } ERROR_IF(compiler->last_result != ERROR_SUCCESS); compiler->last_result = yr_parser_emit( yyscanner, OP_LOOKUP_DICT, NULL); dict = (YR_OBJECT_DICTIONARY*) (yyvsp[-3].expression).value.object; (yyval.expression).type = EXPRESSION_TYPE_OBJECT; (yyval.expression).value.object = dict->prototype_item; (yyval.expression).identifier = dict->identifier; } else { yr_compiler_set_error_extra_info( compiler, (yyvsp[-3].expression).identifier); compiler->last_result = ERROR_NOT_INDEXABLE; } ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 2283 ""grammar.c"" break; case 48: #line 757 ""grammar.y"" { YR_OBJECT_FUNCTION* function; char* args_fmt; if ((yyvsp[-3].expression).type == EXPRESSION_TYPE_OBJECT && (yyvsp[-3].expression).value.object->type == OBJECT_TYPE_FUNCTION) { compiler->last_result = yr_parser_check_types( compiler, (YR_OBJECT_FUNCTION*) (yyvsp[-3].expression).value.object, (yyvsp[-1].c_string)); if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_arena_write_string( compiler->sz_arena, (yyvsp[-1].c_string), &args_fmt); if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_parser_emit_with_arg_reloc( yyscanner, OP_CALL, args_fmt, NULL, NULL); function = (YR_OBJECT_FUNCTION*) (yyvsp[-3].expression).value.object; (yyval.expression).type = EXPRESSION_TYPE_OBJECT; (yyval.expression).value.object = function->return_obj; (yyval.expression).identifier = function->identifier; } else { yr_compiler_set_error_extra_info( compiler, (yyvsp[-3].expression).identifier); compiler->last_result = ERROR_NOT_A_FUNCTION; } yr_free((yyvsp[-1].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 2328 ""grammar.c"" break; case 49: #line 801 ""grammar.y"" { (yyval.c_string) = yr_strdup(""""); } #line 2334 ""grammar.c"" break; case 50: #line 802 ""grammar.y"" { (yyval.c_string) = (yyvsp[0].c_string); } #line 2340 ""grammar.c"" break; case 51: #line 807 ""grammar.y"" { (yyval.c_string) = (char*) yr_malloc(MAX_FUNCTION_ARGS + 1); switch((yyvsp[0].expression).type) { case EXPRESSION_TYPE_INTEGER: strlcpy((yyval.c_string), ""i"", MAX_FUNCTION_ARGS); break; case EXPRESSION_TYPE_FLOAT: strlcpy((yyval.c_string), ""f"", MAX_FUNCTION_ARGS); break; case EXPRESSION_TYPE_BOOLEAN: strlcpy((yyval.c_string), ""b"", MAX_FUNCTION_ARGS); break; case EXPRESSION_TYPE_STRING: strlcpy((yyval.c_string), ""s"", MAX_FUNCTION_ARGS); break; case EXPRESSION_TYPE_REGEXP: strlcpy((yyval.c_string), ""r"", MAX_FUNCTION_ARGS); break; } ERROR_IF((yyval.c_string) == NULL); } #line 2369 ""grammar.c"" break; case 52: #line 832 ""grammar.y"" { if (strlen((yyvsp[-2].c_string)) == MAX_FUNCTION_ARGS) { compiler->last_result = ERROR_TOO_MANY_ARGUMENTS; } else { switch((yyvsp[0].expression).type) { case EXPRESSION_TYPE_INTEGER: strlcat((yyvsp[-2].c_string), ""i"", MAX_FUNCTION_ARGS); break; case EXPRESSION_TYPE_FLOAT: strlcat((yyvsp[-2].c_string), ""f"", MAX_FUNCTION_ARGS); break; case EXPRESSION_TYPE_BOOLEAN: strlcat((yyvsp[-2].c_string), ""b"", MAX_FUNCTION_ARGS); break; case EXPRESSION_TYPE_STRING: strlcat((yyvsp[-2].c_string), ""s"", MAX_FUNCTION_ARGS); break; case EXPRESSION_TYPE_REGEXP: strlcat((yyvsp[-2].c_string), ""r"", MAX_FUNCTION_ARGS); break; } } ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.c_string) = (yyvsp[-2].c_string); } #line 2405 ""grammar.c"" break; case 53: #line 868 ""grammar.y"" { SIZED_STRING* sized_string = (yyvsp[0].sized_string); RE* re; RE_ERROR error; int re_flags = 0; if (sized_string->flags & SIZED_STRING_FLAGS_NO_CASE) re_flags |= RE_FLAGS_NO_CASE; if (sized_string->flags & SIZED_STRING_FLAGS_DOT_ALL) re_flags |= RE_FLAGS_DOT_ALL; compiler->last_result = yr_re_compile( sized_string->c_string, re_flags, compiler->re_code_arena, &re, &error); yr_free((yyvsp[0].sized_string)); if (compiler->last_result == ERROR_INVALID_REGULAR_EXPRESSION) yr_compiler_set_error_extra_info(compiler, error.message); ERROR_IF(compiler->last_result != ERROR_SUCCESS); if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_parser_emit_with_arg_reloc( yyscanner, OP_PUSH, re->root_node->forward_code, NULL, NULL); yr_re_destroy(re); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_REGEXP; } #line 2451 ""grammar.c"" break; case 54: #line 914 ""grammar.y"" { if ((yyvsp[0].expression).type == EXPRESSION_TYPE_STRING) { if ((yyvsp[0].expression).value.sized_string != NULL) { yywarning(yyscanner, ""Using literal string \""%s\"" in a boolean operation."", (yyvsp[0].expression).value.sized_string->c_string); } compiler->last_result = yr_parser_emit( yyscanner, OP_STR_TO_BOOL, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2474 ""grammar.c"" break; case 55: #line 936 ""grammar.y"" { compiler->last_result = yr_parser_emit_with_arg( yyscanner, OP_PUSH, 1, NULL, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2487 ""grammar.c"" break; case 56: #line 945 ""grammar.y"" { compiler->last_result = yr_parser_emit_with_arg( yyscanner, OP_PUSH, 0, NULL, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2500 ""grammar.c"" break; case 57: #line 954 ""grammar.y"" { CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_STRING, ""matches""); CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_REGEXP, ""matches""); if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_parser_emit( yyscanner, OP_MATCHES, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2519 ""grammar.c"" break; case 58: #line 969 ""grammar.y"" { CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_STRING, ""contains""); CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_STRING, ""contains""); compiler->last_result = yr_parser_emit( yyscanner, OP_CONTAINS, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2535 ""grammar.c"" break; case 59: #line 981 ""grammar.y"" { int result = yr_parser_reduce_string_identifier( yyscanner, (yyvsp[0].c_string), OP_FOUND, UNDEFINED); yr_free((yyvsp[0].c_string)); ERROR_IF(result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2553 ""grammar.c"" break; case 60: #line 995 ""grammar.y"" { CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, ""at""); compiler->last_result = yr_parser_reduce_string_identifier( yyscanner, (yyvsp[-2].c_string), OP_FOUND_AT, (yyvsp[0].expression).value.integer); yr_free((yyvsp[-2].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2570 ""grammar.c"" break; case 61: #line 1008 ""grammar.y"" { compiler->last_result = yr_parser_reduce_string_identifier( yyscanner, (yyvsp[-2].c_string), OP_FOUND_IN, UNDEFINED); yr_free((yyvsp[-2].c_string)); ERROR_IF(compiler->last_result!= ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2585 ""grammar.c"" break; case 62: #line 1019 ""grammar.y"" { if (compiler->loop_depth > 0) { compiler->loop_depth--; compiler->loop_identifier[compiler->loop_depth] = NULL; } } #line 2597 ""grammar.c"" break; case 63: #line 1027 ""grammar.y"" { int var_index; if (compiler->loop_depth == MAX_LOOP_NESTING) compiler->last_result = \ ERROR_LOOP_NESTING_LIMIT_EXCEEDED; ERROR_IF(compiler->last_result != ERROR_SUCCESS); var_index = yr_parser_lookup_loop_variable( yyscanner, (yyvsp[-1].c_string)); if (var_index >= 0) { yr_compiler_set_error_extra_info( compiler, (yyvsp[-1].c_string)); compiler->last_result = \ ERROR_DUPLICATED_LOOP_IDENTIFIER; } ERROR_IF(compiler->last_result != ERROR_SUCCESS); compiler->last_result = yr_parser_emit_with_arg( yyscanner, OP_PUSH, UNDEFINED, NULL, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 2631 ""grammar.c"" break; case 64: #line 1057 ""grammar.y"" { int mem_offset = LOOP_LOCAL_VARS * compiler->loop_depth; uint8_t* addr; yr_parser_emit_with_arg( yyscanner, OP_CLEAR_M, mem_offset + 1, NULL, NULL); yr_parser_emit_with_arg( yyscanner, OP_CLEAR_M, mem_offset + 2, NULL, NULL); if ((yyvsp[-1].integer) == INTEGER_SET_ENUMERATION) { yr_parser_emit_with_arg( yyscanner, OP_POP_M, mem_offset, &addr, NULL); } else { yr_parser_emit_with_arg( yyscanner, OP_POP_M, mem_offset + 3, &addr, NULL); yr_parser_emit_with_arg( yyscanner, OP_POP_M, mem_offset, NULL, NULL); } compiler->loop_address[compiler->loop_depth] = addr; compiler->loop_identifier[compiler->loop_depth] = (yyvsp[-4].c_string); compiler->loop_depth++; } #line 2670 ""grammar.c"" break; case 65: #line 1092 ""grammar.y"" { int mem_offset; compiler->loop_depth--; mem_offset = LOOP_LOCAL_VARS * compiler->loop_depth; yr_parser_emit_with_arg( yyscanner, OP_ADD_M, mem_offset + 1, NULL, NULL); yr_parser_emit_with_arg( yyscanner, OP_INCR_M, mem_offset + 2, NULL, NULL); if ((yyvsp[-5].integer) == INTEGER_SET_ENUMERATION) { yr_parser_emit_with_arg_reloc( yyscanner, OP_JNUNDEF, compiler->loop_address[compiler->loop_depth], NULL, NULL); } else { yr_parser_emit_with_arg( yyscanner, OP_INCR_M, mem_offset, NULL, NULL); yr_parser_emit_with_arg( yyscanner, OP_PUSH_M, mem_offset, NULL, NULL); yr_parser_emit_with_arg( yyscanner, OP_PUSH_M, mem_offset + 3, NULL, NULL); yr_parser_emit_with_arg_reloc( yyscanner, OP_JLE, compiler->loop_address[compiler->loop_depth], NULL, NULL); yr_parser_emit(yyscanner, OP_POP, NULL); yr_parser_emit(yyscanner, OP_POP, NULL); } yr_parser_emit(yyscanner, OP_POP, NULL); yr_parser_emit_with_arg( yyscanner, OP_SWAPUNDEF, mem_offset + 2, NULL, NULL); yr_parser_emit_with_arg( yyscanner, OP_PUSH_M, mem_offset + 1, NULL, NULL); yr_parser_emit(yyscanner, OP_INT_LE, NULL); compiler->loop_identifier[compiler->loop_depth] = NULL; yr_free((yyvsp[-8].c_string)); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2753 ""grammar.c"" break; case 66: #line 1171 ""grammar.y"" { int mem_offset = LOOP_LOCAL_VARS * compiler->loop_depth; uint8_t* addr; if (compiler->loop_depth == MAX_LOOP_NESTING) compiler->last_result = \ ERROR_LOOP_NESTING_LIMIT_EXCEEDED; if (compiler->loop_for_of_mem_offset != -1) compiler->last_result = \ ERROR_NESTED_FOR_OF_LOOP; ERROR_IF(compiler->last_result != ERROR_SUCCESS); yr_parser_emit_with_arg( yyscanner, OP_CLEAR_M, mem_offset + 1, NULL, NULL); yr_parser_emit_with_arg( yyscanner, OP_CLEAR_M, mem_offset + 2, NULL, NULL); yr_parser_emit_with_arg( yyscanner, OP_POP_M, mem_offset, &addr, NULL); compiler->loop_for_of_mem_offset = mem_offset; compiler->loop_address[compiler->loop_depth] = addr; compiler->loop_identifier[compiler->loop_depth] = NULL; compiler->loop_depth++; } #line 2787 ""grammar.c"" break; case 67: #line 1201 ""grammar.y"" { int mem_offset; compiler->loop_depth--; compiler->loop_for_of_mem_offset = -1; mem_offset = LOOP_LOCAL_VARS * compiler->loop_depth; yr_parser_emit_with_arg( yyscanner, OP_ADD_M, mem_offset + 1, NULL, NULL); yr_parser_emit_with_arg( yyscanner, OP_INCR_M, mem_offset + 2, NULL, NULL); yr_parser_emit_with_arg_reloc( yyscanner, OP_JNUNDEF, compiler->loop_address[compiler->loop_depth], NULL, NULL); yr_parser_emit(yyscanner, OP_POP, NULL); yr_parser_emit_with_arg( yyscanner, OP_SWAPUNDEF, mem_offset + 2, NULL, NULL); yr_parser_emit_with_arg( yyscanner, OP_PUSH_M, mem_offset + 1, NULL, NULL); yr_parser_emit(yyscanner, OP_INT_LE, NULL); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2840 ""grammar.c"" break; case 68: #line 1250 ""grammar.y"" { yr_parser_emit(yyscanner, OP_OF, NULL); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2850 ""grammar.c"" break; case 69: #line 1256 ""grammar.y"" { yr_parser_emit(yyscanner, OP_NOT, NULL); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2860 ""grammar.c"" break; case 70: #line 1262 ""grammar.y"" { YR_FIXUP* fixup; void* jmp_destination_addr; compiler->last_result = yr_parser_emit_with_arg_reloc( yyscanner, OP_JFALSE, 0, NULL, &jmp_destination_addr); ERROR_IF(compiler->last_result != ERROR_SUCCESS); fixup = (YR_FIXUP*) yr_malloc(sizeof(YR_FIXUP)); if (fixup == NULL) compiler->last_error = ERROR_INSUFFICIENT_MEMORY; ERROR_IF(compiler->last_result != ERROR_SUCCESS); fixup->address = jmp_destination_addr; fixup->next = compiler->fixup_stack_head; compiler->fixup_stack_head = fixup; } #line 2890 ""grammar.c"" break; case 71: #line 1288 ""grammar.y"" { YR_FIXUP* fixup; uint8_t* and_addr; compiler->last_result = yr_arena_reserve_memory( compiler->code_arena, 2); ERROR_IF(compiler->last_result != ERROR_SUCCESS); compiler->last_result = yr_parser_emit(yyscanner, OP_AND, &and_addr); ERROR_IF(compiler->last_result != ERROR_SUCCESS); fixup = compiler->fixup_stack_head; *(void**)(fixup->address) = (void*)(and_addr + 1); compiler->fixup_stack_head = fixup->next; yr_free(fixup); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2930 ""grammar.c"" break; case 72: #line 1324 ""grammar.y"" { YR_FIXUP* fixup; void* jmp_destination_addr; compiler->last_result = yr_parser_emit_with_arg_reloc( yyscanner, OP_JTRUE, 0, NULL, &jmp_destination_addr); ERROR_IF(compiler->last_result != ERROR_SUCCESS); fixup = (YR_FIXUP*) yr_malloc(sizeof(YR_FIXUP)); if (fixup == NULL) compiler->last_error = ERROR_INSUFFICIENT_MEMORY; ERROR_IF(compiler->last_result != ERROR_SUCCESS); fixup->address = jmp_destination_addr; fixup->next = compiler->fixup_stack_head; compiler->fixup_stack_head = fixup; } #line 2959 ""grammar.c"" break; case 73: #line 1349 ""grammar.y"" { YR_FIXUP* fixup; uint8_t* or_addr; compiler->last_result = yr_arena_reserve_memory( compiler->code_arena, 2); ERROR_IF(compiler->last_result != ERROR_SUCCESS); compiler->last_result = yr_parser_emit(yyscanner, OP_OR, &or_addr); ERROR_IF(compiler->last_result != ERROR_SUCCESS); fixup = compiler->fixup_stack_head; *(void**)(fixup->address) = (void*)(or_addr + 1); compiler->fixup_stack_head = fixup->next; yr_free(fixup); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 2999 ""grammar.c"" break; case 74: #line 1385 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, ""<"", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 3012 ""grammar.c"" break; case 75: #line 1394 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, "">"", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 3025 ""grammar.c"" break; case 76: #line 1403 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, ""<="", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 3038 ""grammar.c"" break; case 77: #line 1412 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, "">="", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 3051 ""grammar.c"" break; case 78: #line 1421 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, ""=="", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 3064 ""grammar.c"" break; case 79: #line 1430 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, ""!="", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; } #line 3077 ""grammar.c"" break; case 80: #line 1439 ""grammar.y"" { (yyval.expression) = (yyvsp[0].expression); } #line 3085 ""grammar.c"" break; case 81: #line 1443 ""grammar.y"" { (yyval.expression) = (yyvsp[-1].expression); } #line 3093 ""grammar.c"" break; case 82: #line 1450 ""grammar.y"" { (yyval.integer) = INTEGER_SET_ENUMERATION; } #line 3099 ""grammar.c"" break; case 83: #line 1451 ""grammar.y"" { (yyval.integer) = INTEGER_SET_RANGE; } #line 3105 ""grammar.c"" break; case 84: #line 1457 ""grammar.y"" { if ((yyvsp[-3].expression).type != EXPRESSION_TYPE_INTEGER) { yr_compiler_set_error_extra_info( compiler, ""wrong type for range's lower bound""); compiler->last_result = ERROR_WRONG_TYPE; } if ((yyvsp[-1].expression).type != EXPRESSION_TYPE_INTEGER) { yr_compiler_set_error_extra_info( compiler, ""wrong type for range's upper bound""); compiler->last_result = ERROR_WRONG_TYPE; } ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 3127 ""grammar.c"" break; case 85: #line 1479 ""grammar.y"" { if ((yyvsp[0].expression).type != EXPRESSION_TYPE_INTEGER) { yr_compiler_set_error_extra_info( compiler, ""wrong type for enumeration item""); compiler->last_result = ERROR_WRONG_TYPE; } ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 3143 ""grammar.c"" break; case 86: #line 1491 ""grammar.y"" { if ((yyvsp[0].expression).type != EXPRESSION_TYPE_INTEGER) { yr_compiler_set_error_extra_info( compiler, ""wrong type for enumeration item""); compiler->last_result = ERROR_WRONG_TYPE; } ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 3158 ""grammar.c"" break; case 87: #line 1506 ""grammar.y"" { yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL, NULL); } #line 3167 ""grammar.c"" break; case 89: #line 1512 ""grammar.y"" { yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL, NULL); yr_parser_emit_pushes_for_strings(yyscanner, ""$*""); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 3178 ""grammar.c"" break; case 92: #line 1529 ""grammar.y"" { yr_parser_emit_pushes_for_strings(yyscanner, (yyvsp[0].c_string)); yr_free((yyvsp[0].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 3189 ""grammar.c"" break; case 93: #line 1536 ""grammar.y"" { yr_parser_emit_pushes_for_strings(yyscanner, (yyvsp[0].c_string)); yr_free((yyvsp[0].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 3200 ""grammar.c"" break; case 95: #line 1548 ""grammar.y"" { yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL, NULL); } #line 3208 ""grammar.c"" break; case 96: #line 1552 ""grammar.y"" { yr_parser_emit_with_arg(yyscanner, OP_PUSH, 1, NULL, NULL); } #line 3216 ""grammar.c"" break; case 97: #line 1560 ""grammar.y"" { (yyval.expression) = (yyvsp[-1].expression); } #line 3224 ""grammar.c"" break; case 98: #line 1564 ""grammar.y"" { compiler->last_result = yr_parser_emit( yyscanner, OP_FILESIZE, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; } #line 3238 ""grammar.c"" break; case 99: #line 1574 ""grammar.y"" { yywarning(yyscanner, ""Using deprecated \""entrypoint\"" keyword. Use the \""entry_point\"" "" ""function from PE module instead.""); compiler->last_result = yr_parser_emit( yyscanner, OP_ENTRYPOINT, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; } #line 3256 ""grammar.c"" break; case 100: #line 1588 ""grammar.y"" { CHECK_TYPE((yyvsp[-1].expression), EXPRESSION_TYPE_INTEGER, ""intXXXX or uintXXXX""); compiler->last_result = yr_parser_emit( yyscanner, (uint8_t) (OP_READ_INT + (yyvsp[-3].integer)), NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; } #line 3276 ""grammar.c"" break; case 101: #line 1604 ""grammar.y"" { compiler->last_result = yr_parser_emit_with_arg( yyscanner, OP_PUSH, (yyvsp[0].integer), NULL, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = (yyvsp[0].integer); } #line 3290 ""grammar.c"" break; case 102: #line 1614 ""grammar.y"" { compiler->last_result = yr_parser_emit_with_arg_double( yyscanner, OP_PUSH, (yyvsp[0].double_), NULL, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_FLOAT; } #line 3303 ""grammar.c"" break; case 103: #line 1623 ""grammar.y"" { SIZED_STRING* sized_string; compiler->last_result = yr_arena_write_data( compiler->sz_arena, (yyvsp[0].sized_string), (yyvsp[0].sized_string)->length + sizeof(SIZED_STRING), (void**) &sized_string); yr_free((yyvsp[0].sized_string)); if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_parser_emit_with_arg_reloc( yyscanner, OP_PUSH, sized_string, NULL, NULL); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_STRING; (yyval.expression).value.sized_string = sized_string; } #line 3332 ""grammar.c"" break; case 104: #line 1648 ""grammar.y"" { compiler->last_result = yr_parser_reduce_string_identifier( yyscanner, (yyvsp[0].c_string), OP_COUNT, UNDEFINED); yr_free((yyvsp[0].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; } #line 3348 ""grammar.c"" break; case 105: #line 1660 ""grammar.y"" { compiler->last_result = yr_parser_reduce_string_identifier( yyscanner, (yyvsp[-3].c_string), OP_OFFSET, UNDEFINED); yr_free((yyvsp[-3].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; } #line 3364 ""grammar.c"" break; case 106: #line 1672 ""grammar.y"" { compiler->last_result = yr_parser_emit_with_arg( yyscanner, OP_PUSH, 1, NULL, NULL); if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_parser_reduce_string_identifier( yyscanner, (yyvsp[0].c_string), OP_OFFSET, UNDEFINED); yr_free((yyvsp[0].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; } #line 3384 ""grammar.c"" break; case 107: #line 1688 ""grammar.y"" { compiler->last_result = yr_parser_reduce_string_identifier( yyscanner, (yyvsp[-3].c_string), OP_LENGTH, UNDEFINED); yr_free((yyvsp[-3].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; } #line 3400 ""grammar.c"" break; case 108: #line 1700 ""grammar.y"" { compiler->last_result = yr_parser_emit_with_arg( yyscanner, OP_PUSH, 1, NULL, NULL); if (compiler->last_result == ERROR_SUCCESS) compiler->last_result = yr_parser_reduce_string_identifier( yyscanner, (yyvsp[0].c_string), OP_LENGTH, UNDEFINED); yr_free((yyvsp[0].c_string)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; } #line 3420 ""grammar.c"" break; case 109: #line 1716 ""grammar.y"" { if ((yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER) { (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; } else if ((yyvsp[0].expression).type == EXPRESSION_TYPE_BOOLEAN) { (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN; (yyval.expression).value.integer = UNDEFINED; } else if ((yyvsp[0].expression).type == EXPRESSION_TYPE_OBJECT) { compiler->last_result = yr_parser_emit( yyscanner, OP_OBJ_VALUE, NULL); switch((yyvsp[0].expression).value.object->type) { case OBJECT_TYPE_INTEGER: (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = UNDEFINED; break; case OBJECT_TYPE_FLOAT: (yyval.expression).type = EXPRESSION_TYPE_FLOAT; break; case OBJECT_TYPE_STRING: (yyval.expression).type = EXPRESSION_TYPE_STRING; (yyval.expression).value.sized_string = NULL; break; default: yr_compiler_set_error_extra_info_fmt( compiler, ""wrong usage of identifier \""%s\"""", (yyvsp[0].expression).identifier); compiler->last_result = ERROR_WRONG_TYPE; } } else { assert(FALSE); } ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 3469 ""grammar.c"" break; case 110: #line 1761 ""grammar.y"" { CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER | EXPRESSION_TYPE_FLOAT, ""-""); if ((yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER) { (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = ((yyvsp[0].expression).value.integer == UNDEFINED) ? UNDEFINED : -((yyvsp[0].expression).value.integer); compiler->last_result = yr_parser_emit(yyscanner, OP_INT_MINUS, NULL); } else if ((yyvsp[0].expression).type == EXPRESSION_TYPE_FLOAT) { (yyval.expression).type = EXPRESSION_TYPE_FLOAT; compiler->last_result = yr_parser_emit(yyscanner, OP_DBL_MINUS, NULL); } ERROR_IF(compiler->last_result != ERROR_SUCCESS); } #line 3492 ""grammar.c"" break; case 111: #line 1780 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, ""+"", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER && (yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER) { (yyval.expression).value.integer = OPERATION(+, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; } else { (yyval.expression).type = EXPRESSION_TYPE_FLOAT; } } #line 3514 ""grammar.c"" break; case 112: #line 1798 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, ""-"", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER && (yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER) { (yyval.expression).value.integer = OPERATION(-, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; } else { (yyval.expression).type = EXPRESSION_TYPE_FLOAT; } } #line 3536 ""grammar.c"" break; case 113: #line 1816 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, ""*"", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER && (yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER) { (yyval.expression).value.integer = OPERATION(*, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; } else { (yyval.expression).type = EXPRESSION_TYPE_FLOAT; } } #line 3558 ""grammar.c"" break; case 114: #line 1834 ""grammar.y"" { compiler->last_result = yr_parser_reduce_operation( yyscanner, ""\\"", (yyvsp[-2].expression), (yyvsp[0].expression)); ERROR_IF(compiler->last_result != ERROR_SUCCESS); if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER && (yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER) { if ((yyvsp[0].expression).value.integer != 0) { (yyval.expression).value.integer = OPERATION(/, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; } else { compiler->last_result = ERROR_DIVISION_BY_ZERO; ERROR_IF(compiler->last_result != ERROR_SUCCESS); } } else { (yyval.expression).type = EXPRESSION_TYPE_FLOAT; } } #line 3588 ""grammar.c"" break; case 115: #line 1860 ""grammar.y"" { CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, ""%""); CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, ""%""); yr_parser_emit(yyscanner, OP_MOD, NULL); if ((yyvsp[0].expression).value.integer != 0) { (yyval.expression).value.integer = OPERATION(%, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; } else { compiler->last_result = ERROR_DIVISION_BY_ZERO; ERROR_IF(compiler->last_result != ERROR_SUCCESS); } } #line 3610 ""grammar.c"" break; case 116: #line 1878 ""grammar.y"" { CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, ""^""); CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, ""^""); yr_parser_emit(yyscanner, OP_BITWISE_XOR, NULL); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = OPERATION(^, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); } #line 3624 ""grammar.c"" break; case 117: #line 1888 ""grammar.y"" { CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, ""^""); CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, ""^""); yr_parser_emit(yyscanner, OP_BITWISE_AND, NULL); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = OPERATION(&, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); } #line 3638 ""grammar.c"" break; case 118: #line 1898 ""grammar.y"" { CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, ""|""); CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, ""|""); yr_parser_emit(yyscanner, OP_BITWISE_OR, NULL); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = OPERATION(|, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); } #line 3652 ""grammar.c"" break; case 119: #line 1908 ""grammar.y"" { CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, ""~""); yr_parser_emit(yyscanner, OP_BITWISE_NOT, NULL); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = ((yyvsp[0].expression).value.integer == UNDEFINED) ? UNDEFINED : ~((yyvsp[0].expression).value.integer); } #line 3666 ""grammar.c"" break; case 120: #line 1918 ""grammar.y"" { CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, ""<<""); CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, ""<<""); yr_parser_emit(yyscanner, OP_SHL, NULL); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = OPERATION(<<, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); } #line 3680 ""grammar.c"" break; case 121: #line 1928 ""grammar.y"" { CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, "">>""); CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, "">>""); yr_parser_emit(yyscanner, OP_SHR, NULL); (yyval.expression).type = EXPRESSION_TYPE_INTEGER; (yyval.expression).value.integer = OPERATION(>>, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer); } #line 3694 ""grammar.c"" break; case 122: #line 1938 ""grammar.y"" { (yyval.expression) = (yyvsp[0].expression); } #line 3702 ""grammar.c"" break; #line 3706 ""grammar.c"" default: break; } YY_SYMBOL_PRINT (""-> $$ ="", yyr1[yyn], &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; yyn = yyr1[yyn]; yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) yystate = yytable[yystate]; else yystate = yydefgoto[yyn - YYNTOKENS]; goto yynewstate; yyerrlab: yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); if (!yyerrstatus) { ++yynerrs; #if ! YYERROR_VERBOSE yyerror (yyscanner, compiler, YY_(""syntax error"")); #else # define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ yyssp, yytoken) { char const *yymsgp = YY_(""syntax error""); int yysyntax_error_status; yysyntax_error_status = YYSYNTAX_ERROR; if (yysyntax_error_status == 0) yymsgp = yymsg; else if (yysyntax_error_status == 1) { if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); if (!yymsg) { yymsg = yymsgbuf; yymsg_alloc = sizeof yymsgbuf; yysyntax_error_status = 2; } else { yysyntax_error_status = YYSYNTAX_ERROR; yymsgp = yymsg; } } yyerror (yyscanner, compiler, yymsgp); if (yysyntax_error_status == 2) goto yyexhaustedlab; } # undef YYSYNTAX_ERROR #endif } if (yyerrstatus == 3) { if (yychar <= YYEOF) { if (yychar == YYEOF) YYABORT; } else { yydestruct (""Error: discarding"", yytoken, &yylval, yyscanner, compiler); yychar = YYEMPTY; } } goto yyerrlab1; yyerrorlab: if ( 0) goto yyerrorlab; YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; yyerrlab1: yyerrstatus = 3; for (;;) { yyn = yypact[yystate]; if (!yypact_value_is_default (yyn)) { yyn += YYTERROR; if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) { yyn = yytable[yyn]; if (0 < yyn) break; } } if (yyssp == yyss) YYABORT; yydestruct (""Error: popping"", yystos[yystate], yyvsp, yyscanner, compiler); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END YY_SYMBOL_PRINT (""Shifting"", yystos[yyn], yyvsp, yylsp); yystate = yyn; goto yynewstate; yyacceptlab: yyresult = 0; goto yyreturn; yyabortlab: yyresult = 1; goto yyreturn; #if !defined yyoverflow || YYERROR_VERBOSE yyexhaustedlab: yyerror (yyscanner, compiler, YY_(""memory exhausted"")); yyresult = 2; #endif yyreturn: if (yychar != YYEMPTY) { yytoken = YYTRANSLATE (yychar); yydestruct (""Cleanup: discarding lookahead"", yytoken, &yylval, yyscanner, compiler); } YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct (""Cleanup: popping"", yystos[*yyssp], yyvsp, yyscanner, compiler); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif #if YYERROR_VERBOSE if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); #endif return yyresult;",visit repo url,libyara/grammar.c,https://github.com/VirusTotal/yara,141857528597639,1 5170,['CWE-20'],"static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata) { u64 data; struct kvm_msr_entry *msr; if (!pdata) { printk(KERN_ERR ""BUG: get_msr called with NULL pdata\n""); return -EINVAL; } switch (msr_index) { #ifdef CONFIG_X86_64 case MSR_FS_BASE: data = vmcs_readl(GUEST_FS_BASE); break; case MSR_GS_BASE: data = vmcs_readl(GUEST_GS_BASE); break; case MSR_EFER: return kvm_get_msr_common(vcpu, msr_index, pdata); #endif case MSR_IA32_TIME_STAMP_COUNTER: data = guest_read_tsc(); break; case MSR_IA32_SYSENTER_CS: data = vmcs_read32(GUEST_SYSENTER_CS); break; case MSR_IA32_SYSENTER_EIP: data = vmcs_readl(GUEST_SYSENTER_EIP); break; case MSR_IA32_SYSENTER_ESP: data = vmcs_readl(GUEST_SYSENTER_ESP); break; default: vmx_load_host_state(to_vmx(vcpu)); msr = find_msr_entry(to_vmx(vcpu), msr_index); if (msr) { data = msr->data; break; } return kvm_get_msr_common(vcpu, msr_index, pdata); } *pdata = data; return 0; }",linux-2.6,,,280832167754947339240110628911334535928,0 4390,CWE-125,"static void iwjpeg_scan_exif(struct iwjpegrcontext *rctx, const iw_byte *d, size_t d_len) { struct iw_exif_state e; iw_uint32 ifd; if(d_len<8) return; iw_zeromem(&e,sizeof(struct iw_exif_state)); e.d = d; e.d_len = d_len; e.endian = d[0]=='I' ? IW_ENDIAN_LITTLE : IW_ENDIAN_BIG; ifd = iw_get_ui32_e(&d[4],e.endian); iwjpeg_scan_exif_ifd(rctx,&e,ifd); }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,120861542998554,1 5801,['CWE-200'],"static unsigned long atalk_sum_skb(const struct sk_buff *skb, int offset, int len, unsigned long sum) { int start = skb_headlen(skb); struct sk_buff *frag_iter; int i, copy; if ( (copy = start - offset) > 0) { if (copy > len) copy = len; sum = atalk_sum_partial(skb->data + offset, copy, sum); if ( (len -= copy) == 0) return sum; offset += copy; } for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { int end; WARN_ON(start > offset + len); end = start + skb_shinfo(skb)->frags[i].size; if ((copy = end - offset) > 0) { u8 *vaddr; skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; if (copy > len) copy = len; vaddr = kmap_skb_frag(frag); sum = atalk_sum_partial(vaddr + frag->page_offset + offset - start, copy, sum); kunmap_skb_frag(vaddr); if (!(len -= copy)) return sum; offset += copy; } start = end; } skb_walk_frags(skb, frag_iter) { int end; WARN_ON(start > offset + len); end = start + frag_iter->len; if ((copy = end - offset) > 0) { if (copy > len) copy = len; sum = atalk_sum_skb(frag_iter, offset - start, copy, sum); if ((len -= copy) == 0) return sum; offset += copy; } start = end; } BUG_ON(len > 0); return sum; }",linux-2.6,,,41713884433809127410953376742390005244,0 6487,[],"lt_dladvise_local (lt_dladvise *padvise) { assert (padvise && *padvise); (*padvise)->is_symlocal = 1; return 0; }",libtool,,,288447091106671006581340313810098601878,0 4796,CWE-119,"sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; unsigned char buff[128]; int r, i; size_t field_length = 0, modulus_length = 0; sc_path_t tmppath; set_string (&p15card->tokeninfo->label, ""ID-kaart""); set_string (&p15card->tokeninfo->manufacturer_id, ""AS Sertifitseerimiskeskus""); sc_format_path (""3f00eeee5044"", &tmppath); r = sc_select_file (card, &tmppath, NULL); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""select esteid PD failed""); r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""read document number failed""); buff[r] = '\0'; set_string (&p15card->tokeninfo->serial_number, (const char *) buff); p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT | SC_PKCS15_TOKEN_READONLY; for (i = 0; i < 2; i++) { static const char *esteid_cert_names[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; static char const *esteid_cert_paths[2] = { ""3f00eeeeaace"", ""3f00eeeeddce""}; static int esteid_cert_ids[2] = {1, 2}; struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); cert_info.id.value[0] = esteid_cert_ids[i]; cert_info.id.len = 1; sc_format_path(esteid_cert_paths[i], &cert_info.path); strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label)); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; if (i == 0) { sc_pkcs15_cert_t *cert = NULL; r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); if (r < 0) return SC_ERROR_INTERNAL; if (cert->key->algorithm == SC_ALGORITHM_EC) field_length = cert->key->u.ec.params.field_length; else modulus_length = cert->key->u.rsa.modulus.len * 8; if (r == SC_SUCCESS) { static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }}; u8 *cn_name = NULL; size_t cn_len = 0; sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len); if (cn_len > 0) { char *token_name = malloc(cn_len+1); if (token_name) { memcpy(token_name, cn_name, cn_len); token_name[cn_len] = '\0'; set_string(&p15card->tokeninfo->label, (const char*)token_name); free(token_name); } } free(cn_name); sc_pkcs15_free_certificate(cert); } } } sc_format_path (""3f000016"", &tmppath); r = sc_select_file (card, &tmppath, NULL); if (r < 0) return SC_ERROR_INTERNAL; for (i = 0; i < 3; i++) { unsigned char tries_left; static const char *esteid_pin_names[3] = { ""PIN1"", ""PIN2"", ""PUK"" }; static const int esteid_pin_min[3] = {4, 5, 8}; static const int esteid_pin_ref[3] = {1, 2, 0}; static const int esteid_pin_authid[3] = {1, 2, 3}; static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN}; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = esteid_pin_authid[i]; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = esteid_pin_ref[i]; pin_info.attrs.pin.flags = esteid_pin_flags[i]; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = esteid_pin_min[i]; pin_info.attrs.pin.stored_length = 12; pin_info.attrs.pin.max_length = 12; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = (int)tries_left; pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; if (i < 2) { pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 3; } r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) return SC_ERROR_INTERNAL; } for (i = 0; i < 2; i++) { static int prkey_pin[2] = {1, 2}; static const char *prkey_name[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); prkey_info.id.len = 1; prkey_info.id.value[0] = prkey_pin[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; prkey_info.field_length = field_length; prkey_info.modulus_length = modulus_length; if (i == 1) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; else if(field_length > 0) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE; else prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; prkey_obj.auth_id.value[0] = prkey_pin[i]; prkey_obj.user_consent = 0; prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; if(field_length > 0) r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); else r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if (r < 0) return SC_ERROR_INTERNAL; } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-esteid.c,https://github.com/OpenSC/OpenSC,125994446105878,1 5414,CWE-125,"externalParEntProcessor(XML_Parser parser, const char *s, const char *end, const char **nextPtr) { const char *next = s; int tok; tok = XmlPrologTok(parser->m_encoding, s, end, &next); if (tok <= 0) { if (! parser->m_parsingStatus.finalBuffer && tok != XML_TOK_INVALID) { *nextPtr = s; return XML_ERROR_NONE; } switch (tok) { case XML_TOK_INVALID: return XML_ERROR_INVALID_TOKEN; case XML_TOK_PARTIAL: return XML_ERROR_UNCLOSED_TOKEN; case XML_TOK_PARTIAL_CHAR: return XML_ERROR_PARTIAL_CHAR; case XML_TOK_NONE: default: break; } } else if (tok == XML_TOK_BOM) { s = next; tok = XmlPrologTok(parser->m_encoding, s, end, &next); } parser->m_processor = prologProcessor; return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, (XML_Bool)! parser->m_parsingStatus.finalBuffer); }",visit repo url,expat/lib/xmlparse.c,https://github.com/libexpat/libexpat,16095191820153,1 3064,['CWE-189'],"void jas_cmxform_destroy(jas_cmxform_t *xform) { if (xform->pxformseq) jas_cmpxformseq_destroy(xform->pxformseq); jas_free(xform); }",jasper,,,339112841064559340201380161477345239093,0 6662,['CWE-200'],"constructor (GType type, guint n_construct_params, GObjectConstructParam *construct_params) { GObject *object; NMAGConfSettingsPrivate *priv; object = G_OBJECT_CLASS (nma_gconf_settings_parent_class)->constructor (type, n_construct_params, construct_params); if (!object) return NULL; priv = NMA_GCONF_SETTINGS_GET_PRIVATE (object); priv->read_connections_id = g_idle_add (read_connections_cb, object); return object; }",network-manager-applet,,,127825348871084549650533315180474001376,0 2152,CWE-476,"static int verify_one_dev_extent(struct btrfs_fs_info *fs_info, u64 chunk_offset, u64 devid, u64 physical_offset, u64 physical_len) { struct extent_map_tree *em_tree = &fs_info->mapping_tree.map_tree; struct extent_map *em; struct map_lookup *map; struct btrfs_device *dev; u64 stripe_len; bool found = false; int ret = 0; int i; read_lock(&em_tree->lock); em = lookup_extent_mapping(em_tree, chunk_offset, 1); read_unlock(&em_tree->lock); if (!em) { btrfs_err(fs_info, ""dev extent physical offset %llu on devid %llu doesn't have corresponding chunk"", physical_offset, devid); ret = -EUCLEAN; goto out; } map = em->map_lookup; stripe_len = calc_stripe_length(map->type, em->len, map->num_stripes); if (physical_len != stripe_len) { btrfs_err(fs_info, ""dev extent physical offset %llu on devid %llu length doesn't match chunk %llu, have %llu expect %llu"", physical_offset, devid, em->start, physical_len, stripe_len); ret = -EUCLEAN; goto out; } for (i = 0; i < map->num_stripes; i++) { if (map->stripes[i].dev->devid == devid && map->stripes[i].physical == physical_offset) { found = true; if (map->verified_stripes >= map->num_stripes) { btrfs_err(fs_info, ""too many dev extents for chunk %llu found"", em->start); ret = -EUCLEAN; goto out; } map->verified_stripes++; break; } } if (!found) { btrfs_err(fs_info, ""dev extent physical offset %llu devid %llu has no corresponding chunk"", physical_offset, devid); ret = -EUCLEAN; } dev = btrfs_find_device(fs_info->fs_devices, devid, NULL, NULL); if (!dev) { btrfs_err(fs_info, ""failed to find devid %llu"", devid); ret = -EUCLEAN; goto out; } if (dev->disk_total_bytes == 0) { dev = find_device(fs_info->fs_devices->seed, devid, NULL); if (!dev) { btrfs_err(fs_info, ""failed to find seed devid %llu"", devid); ret = -EUCLEAN; goto out; } } if (physical_offset + physical_len > dev->disk_total_bytes) { btrfs_err(fs_info, ""dev extent devid %llu physical offset %llu len %llu is beyond device boundary %llu"", devid, physical_offset, physical_len, dev->disk_total_bytes); ret = -EUCLEAN; goto out; } out: free_extent_map(em); return ret; }",visit repo url,fs/btrfs/volumes.c,https://github.com/torvalds/linux,64915593998866,1 5349,CWE-668,"do_prefetch_tables (const void *gcmM, size_t gcmM_size) { prefetch_table(gcmM, gcmM_size); prefetch_table(gcmR, sizeof(gcmR)); }",visit repo url,cipher/cipher-gcm.c,https://github.com/gpg/libgcrypt,278166337369081,1 4735,['CWE-20'],"static struct inode *ext4_nfs_get_inode(struct super_block *sb, u64 ino, u32 generation) { struct inode *inode; if (ino < EXT4_FIRST_INO(sb) && ino != EXT4_ROOT_INO) return ERR_PTR(-ESTALE); if (ino > le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count)) return ERR_PTR(-ESTALE); inode = ext4_iget(sb, ino); if (IS_ERR(inode)) return ERR_CAST(inode); if (generation && inode->i_generation != generation) { iput(inode); return ERR_PTR(-ESTALE); } return inode; }",linux-2.6,,,204843019768128511093716427889152511906,0 4941,['CWE-20'],"static int nfs_lookup_revalidate(struct dentry * dentry, struct nameidata *nd) { struct inode *dir; struct inode *inode; struct dentry *parent; int error; struct nfs_fh fhandle; struct nfs_fattr fattr; unsigned long verifier; parent = dget_parent(dentry); lock_kernel(); dir = parent->d_inode; nfs_inc_stats(dir, NFSIOS_DENTRYREVALIDATE); inode = dentry->d_inode; if (nfs_revalidate_inode(NFS_SERVER(dir), dir) < 0) goto out_zap_parent; if (!inode) { if (nfs_neg_need_reval(dir, dentry, nd)) goto out_bad; goto out_valid; } if (is_bad_inode(inode)) { dfprintk(LOOKUPCACHE, ""%s: %s/%s has dud inode\n"", __FUNCTION__, dentry->d_parent->d_name.name, dentry->d_name.name); goto out_bad; } if (nfs_check_verifier(dir, dentry)) { if (nfs_lookup_verify_inode(inode, nd)) goto out_zap_parent; goto out_valid; } if (NFS_STALE(inode)) goto out_bad; verifier = nfs_save_change_attribute(dir); error = NFS_PROTO(dir)->lookup(dir, &dentry->d_name, &fhandle, &fattr); if (error) goto out_bad; if (nfs_compare_fh(NFS_FH(inode), &fhandle)) goto out_bad; if ((error = nfs_refresh_inode(inode, &fattr)) != 0) goto out_bad; nfs_renew_times(dentry); nfs_refresh_verifier(dentry, verifier); out_valid: unlock_kernel(); dput(parent); dfprintk(LOOKUPCACHE, ""NFS: %s(%s/%s) is valid\n"", __FUNCTION__, dentry->d_parent->d_name.name, dentry->d_name.name); return 1; out_zap_parent: nfs_zap_caches(dir); out_bad: NFS_CACHEINV(dir); if (inode && S_ISDIR(inode->i_mode)) { nfs_zap_caches(inode); if (have_submounts(dentry)) goto out_valid; shrink_dcache_parent(dentry); } d_drop(dentry); unlock_kernel(); dput(parent); dfprintk(LOOKUPCACHE, ""NFS: %s(%s/%s) is invalid\n"", __FUNCTION__, dentry->d_parent->d_name.name, dentry->d_name.name); return 0; }",linux-2.6,,,192954414406683483600734278171877798395,0 2261,['CWE-120'],"asmlinkage long sys_rmdir(const char __user *pathname) { return do_rmdir(AT_FDCWD, pathname); }",linux-2.6,,,132516255617180076650870178889738648421,0 615,['CWE-189'],"ieee80211_rx_frame_decrypt_msdu(struct ieee80211_device *ieee, struct sk_buff *skb, int keyidx, struct ieee80211_crypt_data *crypt) { struct ieee80211_hdr_3addr *hdr; int res, hdrlen; if (crypt == NULL || crypt->ops->decrypt_msdu == NULL) return 0; hdr = (struct ieee80211_hdr_3addr *)skb->data; hdrlen = ieee80211_get_hdrlen(le16_to_cpu(hdr->frame_ctl)); atomic_inc(&crypt->refcnt); res = crypt->ops->decrypt_msdu(skb, keyidx, hdrlen, crypt->priv); atomic_dec(&crypt->refcnt); if (res < 0) { printk(KERN_DEBUG ""%s: MSDU decryption/MIC verification failed"" "" (SA="" MAC_FMT "" keyidx=%d)\n"", ieee->dev->name, MAC_ARG(hdr->addr2), keyidx); return -1; } return 0; }",linux-2.6,,,173086422977249833298478622888426030037,0 5491,['CWE-476'],"static int kvm_request_guest_time_update(struct kvm_vcpu *v) { struct kvm_vcpu_arch *vcpu = &v->arch; if (!vcpu->time_page) return 0; set_bit(KVM_REQ_KVMCLOCK_UPDATE, &v->requests); return 1; }",linux-2.6,,,14916939629626747241446946935449997026,0 2968,CWE-119,"cdf_file_summary_info(struct magic_set *ms, const cdf_header_t *h, const cdf_stream_t *sst, const uint64_t clsid[2]) { cdf_summary_info_header_t si; cdf_property_info_t *info; size_t count; int m; if (cdf_unpack_summary_info(sst, h, &si, &info, &count) == -1) return -1; if (NOTMIME(ms)) { const char *str; if (file_printf(ms, ""Composite Document File V2 Document"") == -1) return -1; if (file_printf(ms, "", %s Endian"", si.si_byte_order == 0xfffe ? ""Little"" : ""Big"") == -1) return -2; switch (si.si_os) { case 2: if (file_printf(ms, "", Os: Windows, Version %d.%d"", si.si_os_version & 0xff, (uint32_t)si.si_os_version >> 8) == -1) return -2; break; case 1: if (file_printf(ms, "", Os: MacOS, Version %d.%d"", (uint32_t)si.si_os_version >> 8, si.si_os_version & 0xff) == -1) return -2; break; default: if (file_printf(ms, "", Os %d, Version: %d.%d"", si.si_os, si.si_os_version & 0xff, (uint32_t)si.si_os_version >> 8) == -1) return -2; break; } str = cdf_clsid_to_mime(clsid, clsid2desc); if (str) if (file_printf(ms, "", %s"", str) == -1) return -2; } m = cdf_file_property_info(ms, info, count, clsid); free(info); return m == -1 ? -2 : m; }",visit repo url,src/readcdf.c,https://github.com/file/file,216100496630317,1 4326,['CWE-119'],"bool _af_ms_adpcm_format_ok (_AudioFormat *f) { if (f->channelCount != 1 && f->channelCount != 2) { _af_error(AF_BAD_COMPRESSION, ""MS ADPCM compression requires 1 or 2 channels""); return AF_FALSE; } if (f->sampleFormat != AF_SAMPFMT_TWOSCOMP || f->sampleWidth != 16) { _af_error(AF_BAD_COMPRESSION, ""MS ADPCM compression requires 16-bit signed integer format""); f->sampleFormat = AF_SAMPFMT_TWOSCOMP; f->sampleWidth = 16; } if (f->byteOrder != AF_BYTEORDER_BIGENDIAN) { _af_error(AF_BAD_COMPRESSION, ""MS ADPCM compression requires big endian format""); f->byteOrder = AF_BYTEORDER_BIGENDIAN; } return AF_TRUE; }",audiofile,,,147610925842366677290325939532418006964,0 4657,['CWE-399'],"static inline struct ext4_group_info *ext4_get_group_info(struct super_block *sb, ext4_group_t group) { struct ext4_group_info ***grp_info; long indexv, indexh; grp_info = EXT4_SB(sb)->s_group_info; indexv = group >> (EXT4_DESC_PER_BLOCK_BITS(sb)); indexh = group & ((EXT4_DESC_PER_BLOCK(sb)) - 1); return grp_info[indexv][indexh];",linux-2.6,,,236286099970565911738959401243884599699,0 144,CWE-667,"static noinline int join_transaction(struct btrfs_fs_info *fs_info, unsigned int type) { struct btrfs_transaction *cur_trans; spin_lock(&fs_info->trans_lock); loop: if (test_bit(BTRFS_FS_STATE_ERROR, &fs_info->fs_state)) { spin_unlock(&fs_info->trans_lock); return -EROFS; } cur_trans = fs_info->running_transaction; if (cur_trans) { if (TRANS_ABORTED(cur_trans)) { spin_unlock(&fs_info->trans_lock); return cur_trans->aborted; } if (btrfs_blocked_trans_types[cur_trans->state] & type) { spin_unlock(&fs_info->trans_lock); return -EBUSY; } refcount_inc(&cur_trans->use_count); atomic_inc(&cur_trans->num_writers); extwriter_counter_inc(cur_trans, type); spin_unlock(&fs_info->trans_lock); return 0; } spin_unlock(&fs_info->trans_lock); if (type == TRANS_ATTACH) return -ENOENT; BUG_ON(type == TRANS_JOIN_NOLOCK); cur_trans = kmalloc(sizeof(*cur_trans), GFP_NOFS); if (!cur_trans) return -ENOMEM; spin_lock(&fs_info->trans_lock); if (fs_info->running_transaction) { kfree(cur_trans); goto loop; } else if (test_bit(BTRFS_FS_STATE_ERROR, &fs_info->fs_state)) { spin_unlock(&fs_info->trans_lock); kfree(cur_trans); return -EROFS; } cur_trans->fs_info = fs_info; atomic_set(&cur_trans->pending_ordered, 0); init_waitqueue_head(&cur_trans->pending_wait); atomic_set(&cur_trans->num_writers, 1); extwriter_counter_init(cur_trans, type); init_waitqueue_head(&cur_trans->writer_wait); init_waitqueue_head(&cur_trans->commit_wait); cur_trans->state = TRANS_STATE_RUNNING; refcount_set(&cur_trans->use_count, 2); cur_trans->flags = 0; cur_trans->start_time = ktime_get_seconds(); memset(&cur_trans->delayed_refs, 0, sizeof(cur_trans->delayed_refs)); cur_trans->delayed_refs.href_root = RB_ROOT_CACHED; cur_trans->delayed_refs.dirty_extent_root = RB_ROOT; atomic_set(&cur_trans->delayed_refs.num_entries, 0); smp_mb(); if (!list_empty(&fs_info->tree_mod_seq_list)) WARN(1, KERN_ERR ""BTRFS: tree_mod_seq_list not empty when creating a fresh transaction\n""); if (!RB_EMPTY_ROOT(&fs_info->tree_mod_log)) WARN(1, KERN_ERR ""BTRFS: tree_mod_log rb tree not empty when creating a fresh transaction\n""); atomic64_set(&fs_info->tree_mod_seq, 0); spin_lock_init(&cur_trans->delayed_refs.lock); INIT_LIST_HEAD(&cur_trans->pending_snapshots); INIT_LIST_HEAD(&cur_trans->dev_update_list); INIT_LIST_HEAD(&cur_trans->switch_commits); INIT_LIST_HEAD(&cur_trans->dirty_bgs); INIT_LIST_HEAD(&cur_trans->io_bgs); INIT_LIST_HEAD(&cur_trans->dropped_roots); mutex_init(&cur_trans->cache_write_mutex); spin_lock_init(&cur_trans->dirty_bgs_lock); INIT_LIST_HEAD(&cur_trans->deleted_bgs); spin_lock_init(&cur_trans->dropped_roots_lock); INIT_LIST_HEAD(&cur_trans->releasing_ebs); spin_lock_init(&cur_trans->releasing_ebs_lock); atomic64_set(&cur_trans->chunk_bytes_reserved, 0); init_waitqueue_head(&cur_trans->chunk_reserve_wait); list_add_tail(&cur_trans->list, &fs_info->trans_list); extent_io_tree_init(fs_info, &cur_trans->dirty_pages, IO_TREE_TRANS_DIRTY_PAGES, fs_info->btree_inode); extent_io_tree_init(fs_info, &cur_trans->pinned_extents, IO_TREE_FS_PINNED_EXTENTS, NULL); fs_info->generation++; cur_trans->transid = fs_info->generation; fs_info->running_transaction = cur_trans; cur_trans->aborted = 0; spin_unlock(&fs_info->trans_lock); return 0; }",visit repo url,fs/btrfs/transaction.c,https://github.com/torvalds/linux,61172041518532,1 5341,NVD-CWE-noinfo,"int get_devices_from_authfile(const char *authfile, const char *username, unsigned max_devs, int verbose, FILE *debug_file, device_t *devices, unsigned *n_devs) { char *buf = NULL; char *s_user, *s_token; int retval = 0; int fd = -1; struct stat st; struct passwd *pw = NULL, pw_s; char buffer[BUFSIZE]; int gpu_ret; FILE *opwfile = NULL; unsigned i, j; *n_devs = 0; fd = open(authfile, O_RDONLY, 0); if (fd < 0) { if (verbose) D(debug_file, ""Cannot open file: %s (%s)"", authfile, strerror(errno)); goto err; } if (fstat(fd, &st) < 0) { if (verbose) D(debug_file, ""Cannot stat file: %s (%s)"", authfile, strerror(errno)); goto err; } if (!S_ISREG(st.st_mode)) { if (verbose) D(debug_file, ""%s is not a regular file"", authfile); goto err; } if (st.st_size == 0) { if (verbose) D(debug_file, ""File %s is empty"", authfile); goto err; } gpu_ret = getpwuid_r(st.st_uid, &pw_s, buffer, sizeof(buffer), &pw); if (gpu_ret != 0 || pw == NULL) { D(debug_file, ""Unable to retrieve credentials for uid %u, (%s)"", st.st_uid, strerror(errno)); goto err; } if (strcmp(pw->pw_name, username) != 0 && strcmp(pw->pw_name, ""root"") != 0) { if (strcmp(username, ""root"") != 0) { D(debug_file, ""The owner of the authentication file is neither %s nor root"", username); } else { D(debug_file, ""The owner of the authentication file is not root""); } goto err; } opwfile = fdopen(fd, ""r""); if (opwfile == NULL) { if (verbose) D(debug_file, ""fdopen: %s"", strerror(errno)); goto err; } buf = malloc(sizeof(char) * (DEVSIZE * max_devs)); if (!buf) { if (verbose) D(debug_file, ""Unable to allocate memory""); goto err; } retval = -2; while (fgets(buf, (int)(DEVSIZE * (max_devs - 1)), opwfile)) { char *saveptr = NULL; if (buf[strlen(buf) - 1] == '\n') buf[strlen(buf) - 1] = '\0'; if (verbose) D(debug_file, ""Authorization line: %s"", buf); s_user = strtok_r(buf, "":"", &saveptr); if (s_user && strcmp(username, s_user) == 0) { if (verbose) D(debug_file, ""Matched user: %s"", s_user); retval = -1; for (i = 0; i < *n_devs; i++) { free(devices[i].keyHandle); free(devices[i].publicKey); devices[i].keyHandle = NULL; devices[i].publicKey = NULL; } *n_devs = 0; i = 0; while ((s_token = strtok_r(NULL, "","", &saveptr))) { devices[i].keyHandle = NULL; devices[i].publicKey = NULL; if ((*n_devs)++ > MAX_DEVS - 1) { *n_devs = MAX_DEVS; if (verbose) D(debug_file, ""Found more than %d devices, ignoring the remaining ones"", MAX_DEVS); break; } if (verbose) D(debug_file, ""KeyHandle for device number %d: %s"", i + 1, s_token); devices[i].keyHandle = strdup(s_token); if (!devices[i].keyHandle) { if (verbose) D(debug_file, ""Unable to allocate memory for keyHandle number %d"", i); goto err; } s_token = strtok_r(NULL, "":"", &saveptr); if (!s_token) { if (verbose) D(debug_file, ""Unable to retrieve publicKey number %d"", i + 1); goto err; } if (verbose) D(debug_file, ""publicKey for device number %d: %s"", i + 1, s_token); if (strlen(s_token) % 2 != 0) { if (verbose) D(debug_file, ""Length of key number %d not even"", i + 1); goto err; } devices[i].key_len = strlen(s_token) / 2; if (verbose) D(debug_file, ""Length of key number %d is %zu"", i + 1, devices[i].key_len); devices[i].publicKey = malloc((sizeof(unsigned char) * devices[i].key_len)); if (!devices[i].publicKey) { if (verbose) D(debug_file, ""Unable to allocate memory for publicKey number %d"", i); goto err; } for (j = 0; j < devices[i].key_len; j++) { unsigned int x; if (sscanf(&s_token[2 * j], ""%2x"", &x) != 1) { if (verbose) D(debug_file, ""Invalid hex number in key""); goto err; } devices[i].publicKey[j] = (unsigned char)x; } i++; } } } if (verbose) D(debug_file, ""Found %d device(s) for user %s"", *n_devs, username); retval = 1; goto out; err: for (i = 0; i < *n_devs; i++) { free(devices[i].keyHandle); free(devices[i].publicKey); devices[i].keyHandle = NULL; devices[i].publicKey = NULL; } *n_devs = 0; out: if (buf) { free(buf); buf = NULL; } if (opwfile) fclose(opwfile); else if (fd >= 0) close(fd); return retval; }",visit repo url,util.c,https://github.com/Yubico/pam-u2f,83825894533151,1 588,CWE-200,"static int persistent_prepare_exception(struct dm_exception_store *store, struct dm_exception *e) { struct pstore *ps = get_info(store); uint32_t stride; chunk_t next_free; sector_t size = get_dev_size(dm_snap_cow(store->snap)->bdev); if (size < ((ps->next_free + 1) * store->chunk_size)) return -ENOSPC; e->new_chunk = ps->next_free; stride = (ps->exceptions_per_area + 1); next_free = ++ps->next_free; if (sector_div(next_free, stride) == 1) ps->next_free++; atomic_inc(&ps->pending_count); return 0; }",visit repo url,drivers/md/dm-snap-persistent.c,https://github.com/torvalds/linux,232383738609457,1 2643,[],"void sctp_endpoint_add_asoc(struct sctp_endpoint *ep, struct sctp_association *asoc) { struct sock *sk = ep->base.sk; if (asoc->temp) return; list_add_tail(&asoc->asocs, &ep->asocs); if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) sk->sk_ack_backlog++; }",linux-2.6,,,42281242887864109893836009061999736809,0 6508,['CWE-20'],"static inline unsigned long ad_mask(struct decode_cache *c) { return (1UL << (c->ad_bytes << 3)) - 1; }",kvm,,,300094722515363585278928089420802669330,0 2802,CWE-401,"LPSTR tr_esc_str(LPCSTR arg, bool format) { LPSTR tmp = NULL; size_t cs = 0, x, ds, len; size_t s; if (NULL == arg) return NULL; s = strlen(arg); while ((s > 0) && isspace(arg[s - 1])) s--; ds = s + 1; if (s) tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not allocate string buffer.\n""); exit(-2); } memset(tmp, 0, ds * sizeof(CHAR)); for (x = 0; x < s; x++) { switch (arg[x]) { case '<': len = format ? 13 : 4; ds += len - 1; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-3); } if (format) strncpy(&tmp[cs], """", len); else strncpy(&tmp[cs], ""<"", len); cs += len; break; case '>': len = format ? 14 : 4; ds += len - 1; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-4); } if (format) strncpy(&tmp[cs], """", len); else strncpy(&tmp[cs], ""<"", len); cs += len; break; case '\'': ds += 5; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-5); } tmp[cs++] = '&'; tmp[cs++] = 'a'; tmp[cs++] = 'p'; tmp[cs++] = 'o'; tmp[cs++] = 's'; tmp[cs++] = ';'; break; case '""': ds += 5; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-6); } tmp[cs++] = '&'; tmp[cs++] = 'q'; tmp[cs++] = 'u'; tmp[cs++] = 'o'; tmp[cs++] = 't'; tmp[cs++] = ';'; break; case '&': ds += 4; tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); if (NULL == tmp) { fprintf(stderr, ""Could not reallocate string buffer.\n""); exit(-7); } tmp[cs++] = '&'; tmp[cs++] = 'a'; tmp[cs++] = 'm'; tmp[cs++] = 'p'; tmp[cs++] = ';'; break; default: tmp[cs++] = arg[x]; break; } tmp[ds - 1] = '\0'; } return tmp; }",visit repo url,client/X11/generate_argument_docbook.c,https://github.com/FreeRDP/FreeRDP,15709147883795,1 6061,CWE-190,"void bn_rec_reg(int8_t *naf, int *len, const bn_t k, int n, int w) { int i, l; bn_t t; dig_t t0, mask; int8_t u_i; bn_null(t); mask = RLC_MASK(w); l = RLC_CEIL(n, w - 1); if (*len <= l) { *len = 0; RLC_THROW(ERR_NO_BUFFER); return; } RLC_TRY { bn_new(t); bn_abs(t, k); memset(naf, 0, *len); i = 0; if (w == 2) { for (i = 0; i < l; i++) { u_i = (t->dp[0] & mask) - 2; t->dp[0] -= u_i; naf[i] = u_i; bn_hlv(t, t); } bn_get_dig(&t0, t); naf[i] = t0; } else { for (i = 0; i < l; i++) { u_i = (t->dp[0] & mask) - (1 << (w - 1)); t->dp[0] -= u_i; naf[i] = u_i; bn_rsh(t, t, w - 1); } bn_get_dig(&t0, t); naf[i] = t0; } *len = l + 1; } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/bn/relic_bn_rec.c,https://github.com/relic-toolkit/relic,19159910008767,1 4717,['CWE-20'],"static int __init init_ext4_fs(void) { int err; ext4_proc_root = proc_mkdir(""fs/ext4"", NULL); err = init_ext4_mballoc(); if (err) return err; err = init_ext4_xattr(); if (err) goto out2; err = init_inodecache(); if (err) goto out1; err = register_filesystem(&ext4_fs_type); if (err) goto out; #ifdef CONFIG_EXT4DEV_COMPAT err = register_filesystem(&ext4dev_fs_type); if (err) { unregister_filesystem(&ext4_fs_type); goto out; } #endif return 0; out: destroy_inodecache(); out1: exit_ext4_xattr(); out2: exit_ext4_mballoc(); return err; }",linux-2.6,,,296504652177134947398460586935499443476,0 6472,CWE-476,"static size_t _iphc_ipv6_encode(gnrc_pktsnip_t *pkt, const gnrc_netif_hdr_t *netif_hdr, gnrc_netif_t *iface, uint8_t *iphc_hdr) { gnrc_sixlowpan_ctx_t *src_ctx = NULL, *dst_ctx = NULL; ipv6_hdr_t *ipv6_hdr = pkt->next->data; bool addr_comp = false; uint16_t inline_pos = SIXLOWPAN_IPHC_HDR_LEN; assert(iface != NULL); iphc_hdr[IPHC1_IDX] = SIXLOWPAN_IPHC1_DISP; iphc_hdr[IPHC2_IDX] = 0; if (!ipv6_addr_is_unspecified(&(ipv6_hdr->src))) { src_ctx = gnrc_sixlowpan_ctx_lookup_addr(&(ipv6_hdr->src)); if (src_ctx && !(src_ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_COMP)) { src_ctx = NULL; } if (src_ctx && ipv6_addr_match_prefix(&src_ctx->prefix, &ipv6_hdr->src) < SIXLOWPAN_IPHC_PREFIX_LEN) { src_ctx = NULL; } } if (!ipv6_addr_is_multicast(&ipv6_hdr->dst)) { dst_ctx = gnrc_sixlowpan_ctx_lookup_addr(&(ipv6_hdr->dst)); if (dst_ctx && !(dst_ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_COMP)) { dst_ctx = NULL; } if (dst_ctx && ipv6_addr_match_prefix(&dst_ctx->prefix, &ipv6_hdr->dst) < SIXLOWPAN_IPHC_PREFIX_LEN) { dst_ctx = NULL; } } if (((src_ctx != NULL) && ((src_ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_CID_MASK) != 0)) || ((dst_ctx != NULL) && ((dst_ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_CID_MASK) != 0))) { iphc_hdr[IPHC2_IDX] |= SIXLOWPAN_IPHC2_CID_EXT; iphc_hdr[CID_EXT_IDX] = 0; inline_pos += SIXLOWPAN_IPHC_CID_EXT_LEN; } if (ipv6_hdr_get_fl(ipv6_hdr) == 0) { if (ipv6_hdr_get_tc(ipv6_hdr) == 0) { iphc_hdr[IPHC1_IDX] |= IPHC_TF_ECN_ELIDE; } else { iphc_hdr[IPHC1_IDX] |= IPHC_TF_ECN_DSCP; iphc_hdr[inline_pos++] = ipv6_hdr_get_tc(ipv6_hdr); } } else { if (ipv6_hdr_get_tc_dscp(ipv6_hdr) == 0) { iphc_hdr[IPHC1_IDX] |= IPHC_TF_ECN_FL; iphc_hdr[inline_pos++] = (uint8_t)((ipv6_hdr_get_tc_ecn(ipv6_hdr) << 6) | ((ipv6_hdr_get_fl(ipv6_hdr) & 0x000f0000) >> 16)); } else { iphc_hdr[IPHC1_IDX] |= IPHC_TF_ECN_DSCP_FL; iphc_hdr[inline_pos++] = ipv6_hdr_get_tc(ipv6_hdr); iphc_hdr[inline_pos++] = (uint8_t)((ipv6_hdr_get_fl(ipv6_hdr) & 0x000f0000) >> 16); } iphc_hdr[inline_pos++] = (uint8_t)((ipv6_hdr_get_fl(ipv6_hdr) & 0x0000ff00) >> 8); iphc_hdr[inline_pos++] = (uint8_t)(ipv6_hdr_get_fl(ipv6_hdr) & 0x000000ff); } if (_compressible_nh(ipv6_hdr->nh)) { iphc_hdr[IPHC1_IDX] |= SIXLOWPAN_IPHC1_NH; } else { iphc_hdr[inline_pos++] = ipv6_hdr->nh; } switch (ipv6_hdr->hl) { case 1: iphc_hdr[IPHC1_IDX] |= IPHC_HL_1; break; case 64: iphc_hdr[IPHC1_IDX] |= IPHC_HL_64; break; case 255: iphc_hdr[IPHC1_IDX] |= IPHC_HL_255; break; default: iphc_hdr[IPHC1_IDX] |= IPHC_HL_INLINE; iphc_hdr[inline_pos++] = ipv6_hdr->hl; break; } if (ipv6_addr_is_unspecified(&(ipv6_hdr->src))) { iphc_hdr[IPHC2_IDX] |= IPHC_SAC_SAM_UNSPEC; } else { if (src_ctx != NULL) { iphc_hdr[IPHC2_IDX] |= SIXLOWPAN_IPHC2_SAC; if (((src_ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_CID_MASK) != 0)) { iphc_hdr[CID_EXT_IDX] |= ((src_ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_CID_MASK) << 4); } } if ((src_ctx != NULL) || ipv6_addr_is_link_local(&(ipv6_hdr->src))) { eui64_t iid; iid.uint64.u64 = 0; gnrc_netif_acquire(iface); if (gnrc_netif_ipv6_get_iid(iface, &iid) < 0) { DEBUG(""6lo iphc: could not get interface's IID\n""); gnrc_netif_release(iface); return 0; } gnrc_netif_release(iface); if ((ipv6_hdr->src.u64[1].u64 == iid.uint64.u64) || _context_overlaps_iid(src_ctx, &ipv6_hdr->src, &iid)) { iphc_hdr[IPHC2_IDX] |= IPHC_SAC_SAM_L2; addr_comp = true; } else if ((byteorder_ntohl(ipv6_hdr->src.u32[2]) == 0x000000ff) && (byteorder_ntohs(ipv6_hdr->src.u16[6]) == 0xfe00)) { iphc_hdr[IPHC2_IDX] |= IPHC_SAC_SAM_16; memcpy(iphc_hdr + inline_pos, ipv6_hdr->src.u16 + 7, 2); inline_pos += 2; addr_comp = true; } else { iphc_hdr[IPHC2_IDX] |= IPHC_SAC_SAM_64; memcpy(iphc_hdr + inline_pos, ipv6_hdr->src.u64 + 1, 8); inline_pos += 8; addr_comp = true; } } if (!addr_comp) { iphc_hdr[IPHC2_IDX] |= IPHC_SAC_SAM_FULL; memcpy(iphc_hdr + inline_pos, &ipv6_hdr->src, 16); inline_pos += 16; } } addr_comp = false; if (ipv6_addr_is_multicast(&(ipv6_hdr->dst))) { iphc_hdr[IPHC2_IDX] |= SIXLOWPAN_IPHC2_M; if ((ipv6_hdr->dst.u16[1].u16 == 0) && (ipv6_hdr->dst.u32[1].u32 == 0) && (ipv6_hdr->dst.u16[4].u16 == 0)) { if ((ipv6_hdr->dst.u8[1] == 0x02) && (ipv6_hdr->dst.u32[2].u32 == 0) && (ipv6_hdr->dst.u16[6].u16 == 0) && (ipv6_hdr->dst.u8[14] == 0)) { iphc_hdr[IPHC2_IDX] |= IPHC_M_DAC_DAM_M_8; iphc_hdr[inline_pos++] = ipv6_hdr->dst.u8[15]; addr_comp = true; } else if ((ipv6_hdr->dst.u16[5].u16 == 0) && (ipv6_hdr->dst.u8[12] == 0)) { iphc_hdr[IPHC2_IDX] |= IPHC_M_DAC_DAM_M_32; iphc_hdr[inline_pos++] = ipv6_hdr->dst.u8[1]; memcpy(iphc_hdr + inline_pos, ipv6_hdr->dst.u8 + 13, 3); inline_pos += 3; addr_comp = true; } else if (ipv6_hdr->dst.u8[10] == 0) { iphc_hdr[IPHC2_IDX] |= IPHC_M_DAC_DAM_M_48; iphc_hdr[inline_pos++] = ipv6_hdr->dst.u8[1]; memcpy(iphc_hdr + inline_pos, ipv6_hdr->dst.u8 + 11, 5); inline_pos += 5; addr_comp = true; } } else { gnrc_sixlowpan_ctx_t *ctx; ipv6_addr_t unicast_prefix; unicast_prefix.u16[0] = ipv6_hdr->dst.u16[2]; unicast_prefix.u16[1] = ipv6_hdr->dst.u16[3]; unicast_prefix.u16[2] = ipv6_hdr->dst.u16[4]; unicast_prefix.u16[3] = ipv6_hdr->dst.u16[5]; ctx = gnrc_sixlowpan_ctx_lookup_addr(&unicast_prefix); if ((ctx != NULL) && (ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_COMP) && (ctx->prefix_len == ipv6_hdr->dst.u8[3])) { iphc_hdr[IPHC2_IDX] |= SIXLOWPAN_IPHC2_DAC; if ((ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_CID_MASK) != 0) { iphc_hdr[CID_EXT_IDX] |= (ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_CID_MASK); } iphc_hdr[inline_pos++] = ipv6_hdr->dst.u8[1]; iphc_hdr[inline_pos++] = ipv6_hdr->dst.u8[2]; memcpy(iphc_hdr + inline_pos, ipv6_hdr->dst.u16 + 6, 4); inline_pos += 4; addr_comp = true; } } } else if (((dst_ctx != NULL) || ipv6_addr_is_link_local(&ipv6_hdr->dst)) && (netif_hdr->dst_l2addr_len > 0)) { eui64_t iid; if (dst_ctx != NULL) { iphc_hdr[IPHC2_IDX] |= SIXLOWPAN_IPHC2_DAC; if (((dst_ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_CID_MASK) != 0)) { iphc_hdr[CID_EXT_IDX] |= (dst_ctx->flags_id & GNRC_SIXLOWPAN_CTX_FLAGS_CID_MASK); } } if (gnrc_netif_hdr_ipv6_iid_from_dst(iface, netif_hdr, &iid) < 0) { DEBUG(""6lo iphc: could not get destination's IID\n""); return 0; } if ((ipv6_hdr->dst.u64[1].u64 == iid.uint64.u64) || _context_overlaps_iid(dst_ctx, &(ipv6_hdr->dst), &iid)) { iphc_hdr[IPHC2_IDX] |= IPHC_M_DAC_DAM_U_L2; addr_comp = true; } else if ((byteorder_ntohl(ipv6_hdr->dst.u32[2]) == 0x000000ff) && (byteorder_ntohs(ipv6_hdr->dst.u16[6]) == 0xfe00)) { iphc_hdr[IPHC2_IDX] |= IPHC_M_DAC_DAM_U_16; memcpy(&(iphc_hdr[inline_pos]), &(ipv6_hdr->dst.u16[7]), 2); inline_pos += 2; addr_comp = true; } else { iphc_hdr[IPHC2_IDX] |= IPHC_M_DAC_DAM_U_64; memcpy(&(iphc_hdr[inline_pos]), &(ipv6_hdr->dst.u8[8]), 8); inline_pos += 8; addr_comp = true; } } if (!addr_comp) { iphc_hdr[IPHC2_IDX] |= IPHC_SAC_SAM_FULL; memcpy(iphc_hdr + inline_pos, &ipv6_hdr->dst, 16); inline_pos += 16; } return inline_pos; }",visit repo url,sys/net/gnrc/network_layer/sixlowpan/iphc/gnrc_sixlowpan_iphc.c,https://github.com/RIOT-OS/RIOT,38412868931710,1 5399,CWE-787,"size_t OpenMP4Source(char *filename, uint32_t traktype, uint32_t traksubtype) { mp4object *mp4 = (mp4object *)malloc(sizeof(mp4object)); if (mp4 == NULL) return 0; memset(mp4, 0, sizeof(mp4object)); #ifdef _WINDOWS fopen_s(&mp4->mediafp, filename, ""rb""); #else mp4->mediafp = fopen(filename, ""rb""); #endif if (mp4->mediafp) { uint32_t qttag, qtsize32, skip, type = 0, subtype = 0, num; size_t len; int32_t nest = 0; uint64_t nestsize[MAX_NEST_LEVEL] = { 0 }; uint64_t lastsize = 0, qtsize; do { len = fread(&qtsize32, 1, 4, mp4->mediafp); len += fread(&qttag, 1, 4, mp4->mediafp); if (len == 8) { if (!VALID_FOURCC(qttag)) { LONGSEEK(mp4->mediafp, lastsize - 8 - 8, SEEK_CUR); NESTSIZE(lastsize - 8); continue; } qtsize32 = BYTESWAP32(qtsize32); if (qtsize32 == 1) { fread(&qtsize, 1, 8, mp4->mediafp); qtsize = BYTESWAP64(qtsize) - 8; } else qtsize = qtsize32; nest++; if (qtsize < 8) break; if (nest >= MAX_NEST_LEVEL) break; nestsize[nest] = qtsize; lastsize = qtsize; #if PRINT_MP4_STRUCTURE for (int i = 1; i < nest; i++) printf("" ""); printf(""%c%c%c%c (%lld)\n"", (qttag & 0xff), ((qttag >> 8) & 0xff), ((qttag >> 16) & 0xff), ((qttag >> 24) & 0xff), qtsize); if (qttag == MAKEID('m', 'd', 'a', 't') || qttag == MAKEID('f', 't', 'y', 'p') || qttag == MAKEID('u', 'd', 't', 'a')) { LONGSEEK(mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); continue; } #else if (qttag != MAKEID('m', 'o', 'o', 'v') && qttag != MAKEID('m', 'v', 'h', 'd') && qttag != MAKEID('t', 'r', 'a', 'k') && qttag != MAKEID('m', 'd', 'i', 'a') && qttag != MAKEID('m', 'd', 'h', 'd') && qttag != MAKEID('m', 'i', 'n', 'f') && qttag != MAKEID('g', 'm', 'i', 'n') && qttag != MAKEID('d', 'i', 'n', 'f') && qttag != MAKEID('a', 'l', 'i', 's') && qttag != MAKEID('s', 't', 's', 'd') && qttag != MAKEID('a', 'l', 'i', 's') && qttag != MAKEID('a', 'l', 'i', 's') && qttag != MAKEID('s', 't', 'b', 'l') && qttag != MAKEID('s', 't', 't', 's') && qttag != MAKEID('s', 't', 's', 'c') && qttag != MAKEID('s', 't', 's', 'z') && qttag != MAKEID('s', 't', 'c', 'o') && qttag != MAKEID('c', 'o', '6', '4') && qttag != MAKEID('h', 'd', 'l', 'r')) { LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else #endif if (qttag == MAKEID('m', 'v', 'h', 'd')) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&mp4->clockdemon, 1, 4, mp4->mediafp); mp4->clockdemon = BYTESWAP32(mp4->clockdemon); len += fread(&mp4->clockcount, 1, 4, mp4->mediafp); mp4->clockcount = BYTESWAP32(mp4->clockcount); LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('m', 'd', 'h', 'd')) { media_header md; len = fread(&md, 1, sizeof(md), mp4->mediafp); if (len == sizeof(md)) { md.creation_time = BYTESWAP32(md.creation_time); md.modification_time = BYTESWAP32(md.modification_time); md.time_scale = BYTESWAP32(md.time_scale); md.duration = BYTESWAP32(md.duration); mp4->trak_clockdemon = md.time_scale; mp4->trak_clockcount = md.duration; if (mp4->videolength == 0.0) { mp4->videolength = (float)((double)mp4->trak_clockcount / (double)mp4->trak_clockdemon); } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('h', 'd', 'l', 'r')) { uint32_t temp; len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&temp, 1, 4, mp4->mediafp); if (temp != MAKEID('a', 'l', 'i', 's')) type = temp; LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 's', 'd')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&subtype, 1, 4, mp4->mediafp); if (len == 16) { if (subtype != traksubtype) { type = 0; } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 's', 'c')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 12 <= qtsize - 8 - len) { mp4->metastsc_count = num; if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = (SampleToChunk *)malloc(num * 12); if (mp4->metastsc) { uint32_t total_stsc = num; len += fread(mp4->metastsc, 1, num * sizeof(SampleToChunk), mp4->mediafp); do { num--; mp4->metastsc[num].chunk_num = BYTESWAP32(mp4->metastsc[num].chunk_num); mp4->metastsc[num].samples = BYTESWAP32(mp4->metastsc[num].samples); mp4->metastsc[num].id = BYTESWAP32(mp4->metastsc[num].id); } while (num > 0); } if (mp4->metastsc_count == 1 && mp4->metastsc[0].samples == 1) { if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = NULL; mp4->metastsc_count = 0; } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 's', 'z')) { if (type == traktype) { uint32_t equalsamplesize; len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&equalsamplesize, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 4 <= qtsize - 8 - len) { mp4->metasize_count = num; if (mp4->metasizes) free(mp4->metasizes); mp4->metasizes = (uint32_t *)malloc(num * 4); if (mp4->metasizes) { if (equalsamplesize == 0) { len += fread(mp4->metasizes, 1, num * 4, mp4->mediafp); do { num--; mp4->metasizes[num] = BYTESWAP32(mp4->metasizes[num]); } while (num > 0); } else { equalsamplesize = BYTESWAP32(equalsamplesize); do { num--; mp4->metasizes[num] = equalsamplesize; } while (num > 0); } } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 'c', 'o')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 4 <= qtsize - 8 - len) { if (mp4->metastsc_count > 0 && num != mp4->metasize_count) { mp4->indexcount = mp4->metasize_count; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(mp4->metasize_count * 8); if (mp4->metaoffsets) { uint32_t *metaoffsets32 = NULL; metaoffsets32 = (uint32_t *)malloc(num * 4); if (metaoffsets32) { uint64_t fileoffset = 0; int stsc_pos = 0; int stco_pos = 0; int repeat = 1; len += fread(metaoffsets32, 1, num * 4, mp4->mediafp); do { num--; metaoffsets32[num] = BYTESWAP32(metaoffsets32[num]); } while (num > 0); mp4->metaoffsets[0] = fileoffset = metaoffsets32[stco_pos]; num = 1; while (num < mp4->metasize_count) { if (stsc_pos + 1 < (int)mp4->metastsc_count && num == stsc_pos) { stco_pos++; stsc_pos++; fileoffset = (uint64_t)metaoffsets32[stco_pos]; repeat = 1; } else if (repeat == mp4->metastsc[stsc_pos].samples) { stco_pos++; fileoffset = (uint64_t)metaoffsets32[stco_pos]; repeat = 1; } else { fileoffset += (uint64_t)mp4->metasizes[num - 1]; repeat++; } mp4->metaoffsets[num] = fileoffset; num++; } if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = NULL; mp4->metastsc_count = 0; free(metaoffsets32); } } } else { mp4->indexcount = num; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(num * 8); if (mp4->metaoffsets) { uint32_t *metaoffsets32 = NULL; metaoffsets32 = (uint32_t *)malloc(num * 4); if (metaoffsets32) { size_t readlen = fread(metaoffsets32, 1, num * 4, mp4->mediafp); len += readlen; do { num--; mp4->metaoffsets[num] = BYTESWAP32(metaoffsets32[num]); } while (num > 0); free(metaoffsets32); } } } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('c', 'o', '6', '4')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 8 <= qtsize - 8 - len) { if (mp4->metastsc_count > 0 && num != mp4->metasize_count) { mp4->indexcount = mp4->metasize_count; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(mp4->metasize_count * 8); if (mp4->metaoffsets) { uint64_t *metaoffsets64 = NULL; metaoffsets64 = (uint64_t *)malloc(num * 8); if (metaoffsets64) { uint64_t fileoffset = 0; int stsc_pos = 0; int stco_pos = 0; len += fread(metaoffsets64, 1, num * 8, mp4->mediafp); do { num--; metaoffsets64[num] = BYTESWAP64(metaoffsets64[num]); } while (num > 0); fileoffset = metaoffsets64[0]; mp4->metaoffsets[0] = fileoffset; num = 1; while (num < mp4->metasize_count) { if (num != mp4->metastsc[stsc_pos].chunk_num - 1 && 0 == (num - (mp4->metastsc[stsc_pos].chunk_num - 1)) % mp4->metastsc[stsc_pos].samples) { stco_pos++; fileoffset = (uint64_t)metaoffsets64[stco_pos]; } else { fileoffset += (uint64_t)mp4->metasizes[num - 1]; } mp4->metaoffsets[num] = fileoffset; num++; } if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = NULL; mp4->metastsc_count = 0; free(metaoffsets64); } } } else { mp4->indexcount = num; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(num * 8); if (mp4->metaoffsets) { len += fread(mp4->metaoffsets, 1, num * 8, mp4->mediafp); do { num--; mp4->metaoffsets[num] = BYTESWAP64(mp4->metaoffsets[num]); } while (num > 0); } } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 't', 's')) { if (type == traktype) { uint32_t totaldur = 0, samples = 0; int32_t entries = 0; len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 8 <= qtsize - 8 - len) { entries = num; mp4->meta_clockdemon = mp4->trak_clockdemon; mp4->meta_clockcount = mp4->trak_clockcount; while (entries > 0) { int32_t samplecount; int32_t duration; len += fread(&samplecount, 1, 4, mp4->mediafp); samplecount = BYTESWAP32(samplecount); len += fread(&duration, 1, 4, mp4->mediafp); duration = BYTESWAP32(duration); samples += samplecount; entries--; totaldur += duration; mp4->metadatalength += (double)((double)samplecount * (double)duration / (double)mp4->meta_clockdemon); } mp4->basemetadataduration = mp4->metadatalength * (double)mp4->meta_clockdemon / (double)samples; } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else { NESTSIZE(8); } } else { break; } } while (len > 0); } else { free(mp4); mp4 = NULL; } return (size_t)mp4; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,247196757099773,1 5946,CWE-120,"jsi_wscallback_websock(struct lws *wsi, enum lws_callback_reasons reason, void *user, void *in, size_t len) { struct lws_context *context = lws_get_context(wsi); jsi_wsPss *pss = NULL; jsi_wsCmdObj *cmdPtr = (jsi_wsCmdObj *)lws_context_user(context); if (!cmdPtr) { fprintf(stderr, ""null ws context\n""); return -1; } Jsi_Interp *interp = cmdPtr->interp; char *inPtr = (char*)in; int sLen, n, rc =0; WSSIGASSERT(cmdPtr, OBJ); if (Jsi_InterpGone(interp)) cmdPtr->deleted = 1; if (cmdPtr->debug>=32) { switch (reason) { case LWS_CALLBACK_SERVER_WRITEABLE: case LWS_CALLBACK_CLIENT_WRITEABLE: break; default: fprintf(stderr, ""WS CALLBACK: len=%d, %p %d:%s\n"", (int)len, user, reason, jsw_getReasonStr(reason)); } } switch (reason) { case LWS_CALLBACK_PROTOCOL_INIT: if (cmdPtr->noWebsock) return 1; break; case LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION: pss = jsi_wsgetPss(cmdPtr, wsi, user, 1, 1); Jsi_DSSet(&pss->url, inPtr); if (cmdPtr->instCtx == context && (cmdPtr->clientName[0] || cmdPtr->clientIP[0])) { pss->clientName = cmdPtr->clientName; pss->clientIP = cmdPtr->clientIP; } if (cmdPtr->onFilter && !cmdPtr->deleted) { if (!pss) pss = jsi_wsgetPss(cmdPtr, wsi, user, 1, 0); int killcon = 0, n = 0; Jsi_Obj *oarg1; Jsi_Value *vpargs, *vargs[10], *ret = Jsi_ValueNew1(interp); vargs[n++] = Jsi_ValueNewObj(interp, cmdPtr->fobj); vargs[n++] = Jsi_ValueNewNumber(interp, (Jsi_Number)(pss->wid)); vargs[n++] = Jsi_ValueNewBlob(interp, (uchar*)in, len); vargs[n++] = Jsi_ValueNewBoolean(interp, 0); vpargs = Jsi_ValueMakeObject(interp, NULL, oarg1 = Jsi_ObjNewArray(interp, vargs, n, 0)); Jsi_IncrRefCount(interp, vpargs); Jsi_ValueMakeUndef(interp, &ret); rc = Jsi_FunctionInvoke(interp, cmdPtr->onFilter, vpargs, &ret, NULL); if (rc == JSI_OK && Jsi_ValueIsFalse(interp, ret)) { if (cmdPtr->debug>1) fprintf(stderr, ""WS:KILLING CONNECTION: %p\n"", user); killcon = 1; } Jsi_DecrRefCount(interp, vpargs); Jsi_DecrRefCount(interp, ret); if (rc != JSI_OK) { Jsi_LogError(""websock bad rcv eval""); return 1; } if (killcon) return 1; } break; case LWS_CALLBACK_CLIENT_ESTABLISHED: case LWS_CALLBACK_ESTABLISHED: if (cmdPtr->bufferPwr2>0) { char nbuf[100]; snprintf(nbuf, sizeof(nbuf), ""%d"", cmdPtr->bufferPwr2); lws_set_extension_option(wsi, ""permessage-deflate"", ""rx_buf_size"", nbuf); lws_set_extension_option(wsi, ""permessage-deflate"", ""tx_buf_size"", nbuf); } if (!pss) pss = jsi_wsgetPss(cmdPtr, wsi, user, 1, 0); if (cmdPtr->onOpen && !cmdPtr->deleted) { Jsi_Obj *oarg1; Jsi_Value *vpargs, *vargs[10]; int n = 0; vargs[n++] = Jsi_ValueNewObj(interp, cmdPtr->fobj); vargs[n++] = Jsi_ValueNewNumber(interp, (Jsi_Number)(pss->wid)); vpargs = Jsi_ValueMakeObject(interp, NULL, oarg1 = Jsi_ObjNewArray(interp, vargs, n, 0)); Jsi_IncrRefCount(interp, vpargs); Jsi_Value *ret = Jsi_ValueNew1(interp); Jsi_ValueMakeUndef(interp, &ret); rc = Jsi_FunctionInvoke(interp, cmdPtr->onOpen, vpargs, &ret, NULL); Jsi_DecrRefCount(interp, vpargs); Jsi_DecrRefCount(interp, ret); if (rc != JSI_OK) return Jsi_LogError(""websock bad rcv eval""); } break; case LWS_CALLBACK_WSI_DESTROY: break; case LWS_CALLBACK_CLOSED: case LWS_CALLBACK_PROTOCOL_DESTROY: pss = jsi_wsgetPss(cmdPtr, wsi, user, 0, 0); if (!pss) break; if (cmdPtr->onClose || pss->onClose) { rc = jsi_wsrecv_callback(interp, cmdPtr, pss, inPtr, len, 1); if (rc != JSI_OK) return Jsi_LogError(""websock bad rcv eval""); } jsi_wsdeletePss(pss); if (cmdPtr->stats.connectCnt<=0 && cmdPtr->onCloseLast && !Jsi_InterpGone(interp)) { Jsi_RC jrc; Jsi_Value *retStr = Jsi_ValueNew1(interp); Jsi_Value *vpargs, *vargs[10]; int n = 0; vargs[n++] = (cmdPtr->deleted?Jsi_ValueNewNull(interp):Jsi_ValueNewObj(interp, cmdPtr->fobj)); vpargs = Jsi_ValueMakeObject(interp, NULL, Jsi_ObjNewArray(interp, vargs, n, 0)); Jsi_IncrRefCount(interp, vpargs); jrc = Jsi_FunctionInvoke(interp, cmdPtr->onCloseLast, vpargs, &retStr, NULL); Jsi_DecrRefCount(interp, vpargs); Jsi_DecrRefCount(interp, retStr); if (Jsi_InterpGone(interp)) return JSI_ERROR; return jrc; } break; case LWS_CALLBACK_CLIENT_WRITEABLE: case LWS_CALLBACK_SERVER_WRITEABLE: { pss = jsi_wsgetPss(cmdPtr, wsi, user, 0, 0); if (!pss || !pss->stack) break; if (pss->lastData) Jsi_Free(pss->lastData); n=0; char *data = pss->lastData = (char*)Jsi_StackUnshift(pss->stack); unsigned char *p; if (data == NULL) break; pss->stats.msgQLen--; pss->state = PWS_SENT; p = (unsigned char *)data+LWS_PRE; sLen = Jsi_Strlen((char*)p); n = jsi_wswrite(pss, wsi, p, sLen, (pss->stats.isBinary?LWS_WRITE_BINARY:LWS_WRITE_TEXT)); if (cmdPtr->debug>=10) fprintf(stderr, ""WS:CLIENT WRITE(%p): %d=>%d\n"", pss, sLen, n); if (n >= 0) { cmdPtr->stats.sentCnt++; cmdPtr->stats.sentLast = time(NULL); pss->stats.sentCnt++; pss->stats.sentLast = time(NULL); } else { lwsl_err(""ERROR %d writing to socket\n"", n); pss->state = PWS_SENDERR; pss->stats.sentErrCnt++; pss->stats.sentErrLast = time(NULL); cmdPtr->stats.sentErrCnt++; cmdPtr->stats.sentErrLast = time(NULL); rc = 1; } break; } case LWS_CALLBACK_CLIENT_RECEIVE: case LWS_CALLBACK_RECEIVE: { pss = jsi_wsgetPss(cmdPtr, wsi, user, 0, 0); if (!pss) break; pss->stats.recvCnt++; pss->stats.recvLast = time(NULL); cmdPtr->stats.recvCnt++; cmdPtr->stats.recvLast = time(NULL); if (cmdPtr->onRecv || pss->onRecv) { int nlen = len; if (nlen<=0) return 0; int rblen = Jsi_DSLength(&pss->recvBuf), bmax = cmdPtr->recvBufMax, isfin = pss->stats.isFinal = lws_is_final_fragment(wsi); pss->stats.isBinary = lws_frame_is_binary(wsi); if (rblen) { if (bmax && rblen>bmax) { fprintf(stderr, ""WS: Recv exceeds recvBufMax: %d>%d\n"", rblen, bmax); rc = 1; break; } Jsi_DSAppendLen(&pss->recvBuf, inPtr, len); if (!isfin) break; cmdPtr->recvBufCnt--; nlen = Jsi_DSLength(&pss->recvBuf); inPtr = Jsi_DSFreeDup(&pss->recvBuf); } else { if (!isfin) { cmdPtr->recvBufCnt++; Jsi_DSAppendLen(&pss->recvBuf, inPtr, len); break; } } rc = jsi_wsrecv_callback(interp, cmdPtr, pss, inPtr, nlen, 0); if (inPtr != in) Jsi_Free(inPtr); if (rc != JSI_OK) { Jsi_LogError(""websock bad rcv eval""); return 1; } } lws_callback_on_writable_all_protocol(cmdPtr->context, lws_get_protocol(wsi)); break; } default: break; } return rc; }",visit repo url,src/jsiWebSocket.c,https://github.com/pcmacdon/jsish,147021402610615,1 6222,['CWE-200'],"struct neighbour *neigh_event_ns(struct neigh_table *tbl, u8 *lladdr, void *saddr, struct net_device *dev) { struct neighbour *neigh = __neigh_lookup(tbl, saddr, dev, lladdr || !dev->addr_len); if (neigh) neigh_update(neigh, lladdr, NUD_STALE, NEIGH_UPDATE_F_OVERRIDE); return neigh; }",linux-2.6,,,48760482354356075696076562824059823543,0 3548,CWE-20,"static int jas_iccgetuint(jas_stream_t *in, int n, ulonglong *val) { int i; int c; ulonglong v; v = 0; for (i = n; i > 0; --i) { if ((c = jas_stream_getc(in)) == EOF) return -1; v = (v << 8) | c; } *val = v; return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,156399840398164,1 5953,['CWE-909'],"void qdisc_list_del(struct Qdisc *q) { if ((q->parent != TC_H_ROOT) && !(q->flags & TCQ_F_INGRESS)) list_del(&q->list); }",linux-2.6,,,231287461700472384855438232854611314221,0 4877,['CWE-189'],"static int contains_ecryptfs_marker(char *data) { u32 m_1, m_2; m_1 = get_unaligned_be32(data); m_2 = get_unaligned_be32(data + 4); if ((m_1 ^ MAGIC_ECRYPTFS_MARKER) == m_2) return 1; ecryptfs_printk(KERN_DEBUG, ""m_1 = [0x%.8x]; m_2 = [0x%.8x]; "" ""MAGIC_ECRYPTFS_MARKER = [0x%.8x]\n"", m_1, m_2, MAGIC_ECRYPTFS_MARKER); ecryptfs_printk(KERN_DEBUG, ""(m_1 ^ MAGIC_ECRYPTFS_MARKER) = "" ""[0x%.8x]\n"", (m_1 ^ MAGIC_ECRYPTFS_MARKER)); return 0; }",linux-2.6,,,80626994802813428025929770879204272777,0 1749,[],"static inline int cpu_of(struct rq *rq) { #ifdef CONFIG_SMP return rq->cpu; #else return 0; #endif }",linux-2.6,,,81974548604570267808563407430393002194,0 5858,['CWE-200'],"static int raw_bind(struct socket *sock, struct sockaddr *uaddr, int len) { struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; struct sock *sk = sock->sk; struct raw_sock *ro = raw_sk(sk); int ifindex; int err = 0; int notify_enetdown = 0; if (len < sizeof(*addr)) return -EINVAL; lock_sock(sk); if (ro->bound && addr->can_ifindex == ro->ifindex) goto out; if (addr->can_ifindex) { struct net_device *dev; dev = dev_get_by_index(&init_net, addr->can_ifindex); if (!dev) { err = -ENODEV; goto out; } if (dev->type != ARPHRD_CAN) { dev_put(dev); err = -ENODEV; goto out; } if (!(dev->flags & IFF_UP)) notify_enetdown = 1; ifindex = dev->ifindex; err = raw_enable_allfilters(dev, sk); dev_put(dev); } else { ifindex = 0; err = raw_enable_allfilters(NULL, sk); } if (!err) { if (ro->bound) { if (ro->ifindex) { struct net_device *dev; dev = dev_get_by_index(&init_net, ro->ifindex); if (dev) { raw_disable_allfilters(dev, sk); dev_put(dev); } } else raw_disable_allfilters(NULL, sk); } ro->ifindex = ifindex; ro->bound = 1; } out: release_sock(sk); if (notify_enetdown) { sk->sk_err = ENETDOWN; if (!sock_flag(sk, SOCK_DEAD)) sk->sk_error_report(sk); } return err; }",linux-2.6,,,303183214987180447546753983128011842490,0 4052,CWE-125,"INST_HANDLER (sbrx) { int b = buf[0] & 0x7; int r = ((buf[0] >> 4) & 0xf) | ((buf[1] & 0x01) << 4); RAnalOp next_op; avr_op_analyze (anal, &next_op, op->addr + op->size, buf + op->size, len - op->size, cpu); r_strbuf_fini (&next_op.esil); op->jump = op->addr + next_op.size + 2; op->cycles = 1; ESIL_A (""%d,1,<<,r%d,&,"", b, r); ESIL_A ((buf[1] & 0xe) == 0xc ? ""!,"" : ""!,!,""); ESIL_A (""?{,%""PFMT64d"",pc,=,},"", op->jump); }",visit repo url,libr/anal/p/anal_avr.c,https://github.com/radare/radare2,145813675791201,1 2478,CWE-119,"cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, uint32_t offs, cdf_property_info_t **info, size_t *count, size_t *maxcount) { const cdf_section_header_t *shp; cdf_section_header_t sh; const uint8_t *p, *q, *e; int16_t s16; int32_t s32; uint32_t u32; int64_t s64; uint64_t u64; cdf_timestamp_t tp; size_t i, o, o4, nelements, j; cdf_property_info_t *inp; if (offs > UINT32_MAX / 4) { errno = EFTYPE; goto out; } shp = CAST(const cdf_section_header_t *, (const void *) ((const char *)sst->sst_tab + offs)); if (cdf_check_stream_offset(sst, h, shp, sizeof(*shp), __LINE__) == -1) goto out; sh.sh_len = CDF_TOLE4(shp->sh_len); #define CDF_SHLEN_LIMIT (UINT32_MAX / 8) if (sh.sh_len > CDF_SHLEN_LIMIT) { errno = EFTYPE; goto out; } sh.sh_properties = CDF_TOLE4(shp->sh_properties); #define CDF_PROP_LIMIT (UINT32_MAX / (4 * sizeof(*inp))) if (sh.sh_properties > CDF_PROP_LIMIT) goto out; DPRINTF((""section len: %u properties %u\n"", sh.sh_len, sh.sh_properties)); if (*maxcount) { if (*maxcount > CDF_PROP_LIMIT) goto out; *maxcount += sh.sh_properties; inp = CAST(cdf_property_info_t *, realloc(*info, *maxcount * sizeof(*inp))); } else { *maxcount = sh.sh_properties; inp = CAST(cdf_property_info_t *, malloc(*maxcount * sizeof(*inp))); } if (inp == NULL) goto out; *info = inp; inp += *count; *count += sh.sh_properties; p = CAST(const uint8_t *, (const void *) ((const char *)(const void *)sst->sst_tab + offs + sizeof(sh))); e = CAST(const uint8_t *, (const void *) (((const char *)(const void *)shp) + sh.sh_len)); if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) goto out; for (i = 0; i < sh.sh_properties; i++) { q = (const uint8_t *)(const void *) ((const char *)(const void *)p + CDF_GETUINT32(p, (i << 1) + 1)) - 2 * sizeof(uint32_t); if (q > e) { DPRINTF((""Ran of the end %p > %p\n"", q, e)); goto out; } inp[i].pi_id = CDF_GETUINT32(p, i << 1); inp[i].pi_type = CDF_GETUINT32(q, 0); DPRINTF((""%"" SIZE_T_FORMAT ""u) id=%x type=%x offs=0x%tx,0x%x\n"", i, inp[i].pi_id, inp[i].pi_type, q - p, CDF_GETUINT32(p, (i << 1) + 1))); if (inp[i].pi_type & CDF_VECTOR) { nelements = CDF_GETUINT32(q, 1); o = 2; } else { nelements = 1; o = 1; } o4 = o * sizeof(uint32_t); if (inp[i].pi_type & (CDF_ARRAY|CDF_BYREF|CDF_RESERVED)) goto unknown; switch (inp[i].pi_type & CDF_TYPEMASK) { case CDF_NULL: case CDF_EMPTY: break; case CDF_SIGNED16: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&s16, &q[o4], sizeof(s16)); inp[i].pi_s16 = CDF_TOLE2(s16); break; case CDF_SIGNED32: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&s32, &q[o4], sizeof(s32)); inp[i].pi_s32 = CDF_TOLE4((uint32_t)s32); break; case CDF_BOOL: case CDF_UNSIGNED32: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u32, &q[o4], sizeof(u32)); inp[i].pi_u32 = CDF_TOLE4(u32); break; case CDF_SIGNED64: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&s64, &q[o4], sizeof(s64)); inp[i].pi_s64 = CDF_TOLE8((uint64_t)s64); break; case CDF_UNSIGNED64: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u64, &q[o4], sizeof(u64)); inp[i].pi_u64 = CDF_TOLE8((uint64_t)u64); break; case CDF_FLOAT: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u32, &q[o4], sizeof(u32)); u32 = CDF_TOLE4(u32); memcpy(&inp[i].pi_f, &u32, sizeof(inp[i].pi_f)); break; case CDF_DOUBLE: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u64, &q[o4], sizeof(u64)); u64 = CDF_TOLE8((uint64_t)u64); memcpy(&inp[i].pi_d, &u64, sizeof(inp[i].pi_d)); break; case CDF_LENGTH32_STRING: case CDF_LENGTH32_WSTRING: if (nelements > 1) { size_t nelem = inp - *info; if (*maxcount > CDF_PROP_LIMIT || nelements > CDF_PROP_LIMIT) goto out; *maxcount += nelements; inp = CAST(cdf_property_info_t *, realloc(*info, *maxcount * sizeof(*inp))); if (inp == NULL) goto out; *info = inp; inp = *info + nelem; } DPRINTF((""nelements = %"" SIZE_T_FORMAT ""u\n"", nelements)); for (j = 0; j < nelements; j++, i++) { uint32_t l = CDF_GETUINT32(q, o); inp[i].pi_str.s_len = l; inp[i].pi_str.s_buf = (const char *) (const void *)(&q[o4 + sizeof(l)]); DPRINTF((""l = %d, r = %"" SIZE_T_FORMAT ""u, s = %s\n"", l, CDF_ROUND(l, sizeof(l)), inp[i].pi_str.s_buf)); if (l & 1) l++; o += l >> 1; if (q + o >= e) goto out; o4 = o * sizeof(uint32_t); } i--; break; case CDF_FILETIME: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&tp, &q[o4], sizeof(tp)); inp[i].pi_tp = CDF_TOLE8((uint64_t)tp); break; case CDF_CLIPBOARD: if (inp[i].pi_type & CDF_VECTOR) goto unknown; break; default: unknown: DPRINTF((""Don't know how to deal with %x\n"", inp[i].pi_type)); break; } } return 0; out: free(*info); return -1; }",visit repo url,src/cdf.c,https://github.com/glensc/file,187577462661131,1 129,[],"int compat_get_fd_set(unsigned long nr, compat_ulong_t __user *ufdset, unsigned long *fdset) { nr = ROUND_UP(nr, __COMPAT_NFDBITS); if (ufdset) { unsigned long odd; if (!access_ok(VERIFY_WRITE, ufdset, nr*sizeof(compat_ulong_t))) return -EFAULT; odd = nr & 1UL; nr &= ~1UL; while (nr) { unsigned long h, l; __get_user(l, ufdset); __get_user(h, ufdset+1); ufdset += 2; *fdset++ = h << 32 | l; nr -= 2; } if (odd) __get_user(*fdset, ufdset); } else { memset(fdset, 0, ((nr + 1) & ~1)*sizeof(compat_ulong_t)); } return 0; }",linux-2.6,,,283094256797293113970546154122475596197,0 5551,[],"int do_sigaction(int sig, struct k_sigaction *act, struct k_sigaction *oact) { struct task_struct *t = current; struct k_sigaction *k; sigset_t mask; if (!valid_signal(sig) || sig < 1 || (act && sig_kernel_only(sig))) return -EINVAL; k = &t->sighand->action[sig-1]; spin_lock_irq(¤t->sighand->siglock); if (oact) *oact = *k; if (act) { sigdelsetmask(&act->sa.sa_mask, sigmask(SIGKILL) | sigmask(SIGSTOP)); *k = *act; if (sig_handler_ignored(sig_handler(t, sig), sig)) { sigemptyset(&mask); sigaddset(&mask, sig); rm_from_queue_full(&mask, &t->signal->shared_pending); do { rm_from_queue_full(&mask, &t->pending); t = next_thread(t); } while (t != current); } } spin_unlock_irq(¤t->sighand->siglock); return 0; }",linux-2.6,,,170961292335551440928310211194150696402,0 52,['CWE-787'],"static void cirrus_read_hidden_dac(CirrusVGAState * s, int *reg_value) { *reg_value = 0xff; if (++s->cirrus_hidden_dac_lockindex == 5) { *reg_value = s->cirrus_hidden_dac_data; s->cirrus_hidden_dac_lockindex = 0; } }",qemu,,,126250363499282960242779510559333560202,0 854,['CWE-119'],"isdn_add_channels(isdn_driver_t *d, int drvidx, int n, int adding) { int j, k, m; init_waitqueue_head(&d->st_waitq); if (d->flags & DRV_FLAG_RUNNING) return -1; if (n < 1) return 0; m = (adding) ? d->channels + n : n; if (dev->channels + n > ISDN_MAX_CHANNELS) { printk(KERN_WARNING ""register_isdn: Max. %d channels supported\n"", ISDN_MAX_CHANNELS); return -1; } if ((adding) && (d->rcverr)) kfree(d->rcverr); if (!(d->rcverr = kzalloc(sizeof(int) * m, GFP_ATOMIC))) { printk(KERN_WARNING ""register_isdn: Could not alloc rcverr\n""); return -1; } if ((adding) && (d->rcvcount)) kfree(d->rcvcount); if (!(d->rcvcount = kzalloc(sizeof(int) * m, GFP_ATOMIC))) { printk(KERN_WARNING ""register_isdn: Could not alloc rcvcount\n""); if (!adding) kfree(d->rcverr); return -1; } if ((adding) && (d->rpqueue)) { for (j = 0; j < d->channels; j++) skb_queue_purge(&d->rpqueue[j]); kfree(d->rpqueue); } if (!(d->rpqueue = kmalloc(sizeof(struct sk_buff_head) * m, GFP_ATOMIC))) { printk(KERN_WARNING ""register_isdn: Could not alloc rpqueue\n""); if (!adding) { kfree(d->rcvcount); kfree(d->rcverr); } return -1; } for (j = 0; j < m; j++) { skb_queue_head_init(&d->rpqueue[j]); } if ((adding) && (d->rcv_waitq)) kfree(d->rcv_waitq); d->rcv_waitq = kmalloc(sizeof(wait_queue_head_t) * 2 * m, GFP_ATOMIC); if (!d->rcv_waitq) { printk(KERN_WARNING ""register_isdn: Could not alloc rcv_waitq\n""); if (!adding) { kfree(d->rpqueue); kfree(d->rcvcount); kfree(d->rcverr); } return -1; } d->snd_waitq = d->rcv_waitq + m; for (j = 0; j < m; j++) { init_waitqueue_head(&d->rcv_waitq[j]); init_waitqueue_head(&d->snd_waitq[j]); } dev->channels += n; for (j = d->channels; j < m; j++) for (k = 0; k < ISDN_MAX_CHANNELS; k++) if (dev->chanmap[k] < 0) { dev->chanmap[k] = j; dev->drvmap[k] = drvidx; break; } d->channels = m; return 0; }",linux-2.6,,,277481823446389996208748380959047859060,0 3232,['CWE-189'],"static void jas_iccprof_sorttagtab(jas_icctagtab_t *tagtab) { qsort(tagtab->ents, tagtab->numents, sizeof(jas_icctagtabent_t), jas_icctagtabent_cmp); }",jasper,,,46092500857355221915342375257604889662,0 3314,CWE-119,"header_put_le_3byte (SF_PRIVATE *psf, int x) { if (psf->headindex < SIGNED_SIZEOF (psf->header) - 3) { psf->header [psf->headindex++] = x ; psf->header [psf->headindex++] = (x >> 8) ; psf->header [psf->headindex++] = (x >> 16) ; } ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,138431859908920,1 5919,['CWE-909'],"void qdisc_watchdog_cancel(struct qdisc_watchdog *wd) { hrtimer_cancel(&wd->timer); wd->qdisc->flags &= ~TCQ_F_THROTTLED; }",linux-2.6,,,309041630283545372597187506804140101946,0 1639,CWE-416,"static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) { struct ipv6_txoptions opt_space; DECLARE_SOCKADDR(struct sockaddr_l2tpip6 *, lsa, msg->msg_name); struct in6_addr *daddr, *final_p, final; struct ipv6_pinfo *np = inet6_sk(sk); struct ipv6_txoptions *opt = NULL; struct ip6_flowlabel *flowlabel = NULL; struct dst_entry *dst = NULL; struct flowi6 fl6; int addr_len = msg->msg_namelen; int hlimit = -1; int tclass = -1; int dontfrag = -1; int transhdrlen = 4; int ulen = len + transhdrlen; int err; if (len > INT_MAX) return -EMSGSIZE; if (msg->msg_flags & MSG_OOB) return -EOPNOTSUPP; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_mark = sk->sk_mark; if (lsa) { if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; if (lsa->l2tp_family && lsa->l2tp_family != AF_INET6) return -EAFNOSUPPORT; daddr = &lsa->l2tp_addr; if (np->sndflow) { fl6.flowlabel = lsa->l2tp_flowinfo & IPV6_FLOWINFO_MASK; if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (flowlabel == NULL) return -EINVAL; } } if (sk->sk_state == TCP_ESTABLISHED && ipv6_addr_equal(daddr, &sk->sk_v6_daddr)) daddr = &sk->sk_v6_daddr; if (addr_len >= sizeof(struct sockaddr_in6) && lsa->l2tp_scope_id && ipv6_addr_type(daddr) & IPV6_ADDR_LINKLOCAL) fl6.flowi6_oif = lsa->l2tp_scope_id; } else { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; daddr = &sk->sk_v6_daddr; fl6.flowlabel = np->flow_label; } if (fl6.flowi6_oif == 0) fl6.flowi6_oif = sk->sk_bound_dev_if; if (msg->msg_controllen) { opt = &opt_space; memset(opt, 0, sizeof(struct ipv6_txoptions)); opt->tot_len = sizeof(struct ipv6_txoptions); err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt, &hlimit, &tclass, &dontfrag); if (err < 0) { fl6_sock_release(flowlabel); return err; } if ((fl6.flowlabel & IPV6_FLOWLABEL_MASK) && !flowlabel) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (flowlabel == NULL) return -EINVAL; } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; } if (opt == NULL) opt = np->opt; if (flowlabel) opt = fl6_merge_options(&opt_space, flowlabel, opt); opt = ipv6_fixup_options(&opt_space, opt); fl6.flowi6_proto = sk->sk_protocol; if (!ipv6_addr_any(daddr)) fl6.daddr = *daddr; else fl6.daddr.s6_addr[15] = 0x1; if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr)) fl6.saddr = np->saddr; final_p = fl6_update_dst(&fl6, opt, &final); if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) fl6.flowi6_oif = np->mcast_oif; else if (!fl6.flowi6_oif) fl6.flowi6_oif = np->ucast_oif; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { err = PTR_ERR(dst); goto out; } if (hlimit < 0) hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); if (tclass < 0) tclass = np->tclass; if (dontfrag < 0) dontfrag = np->dontfrag; if (msg->msg_flags & MSG_CONFIRM) goto do_confirm; back_from_confirm: lock_sock(sk); err = ip6_append_data(sk, ip_generic_getfrag, msg, ulen, transhdrlen, hlimit, tclass, opt, &fl6, (struct rt6_info *)dst, msg->msg_flags, dontfrag); if (err) ip6_flush_pending_frames(sk); else if (!(msg->msg_flags & MSG_MORE)) err = l2tp_ip6_push_pending_frames(sk); release_sock(sk); done: dst_release(dst); out: fl6_sock_release(flowlabel); return err < 0 ? err : len; do_confirm: dst_confirm(dst); if (!(msg->msg_flags & MSG_PROBE) || len) goto back_from_confirm; err = 0; goto done; }",visit repo url,net/l2tp/l2tp_ip6.c,https://github.com/torvalds/linux,71410023591138,1 3042,['CWE-189'],"int jpc_mqdec_getbit_func(register jpc_mqdec_t *mqdec) { int bit; JAS_DBGLOG(100, (""jpc_mqdec_getbit_func(%p)\n"", mqdec)); MQDEC_CALL(100, jpc_mqdec_dump(mqdec, stderr)); bit = jpc_mqdec_getbit_macro(mqdec); MQDEC_CALL(100, jpc_mqdec_dump(mqdec, stderr)); JAS_DBGLOG(100, (""ctx = %d, decoded %d\n"", mqdec->curctx - mqdec->ctxs, bit)); return bit; }",jasper,,,88138351778792533227860054346350922655,0 4077,['CWE-399'],"static int svc_listen(struct socket *sock,int backlog) { DEFINE_WAIT(wait); struct sock *sk = sock->sk; struct atm_vcc *vcc = ATM_SD(sock); int error; pr_debug(""svc_listen %p\n"",vcc); lock_sock(sk); if (test_bit(ATM_VF_SESSION,&vcc->flags)) { error = -EINVAL; goto out; } if (test_bit(ATM_VF_LISTEN, &vcc->flags)) { error = -EADDRINUSE; goto out; } set_bit(ATM_VF_WAITING, &vcc->flags); prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE); sigd_enq(vcc,as_listen,NULL,NULL,&vcc->local); while (test_bit(ATM_VF_WAITING, &vcc->flags) && sigd) { schedule(); prepare_to_wait(sk->sk_sleep, &wait, TASK_UNINTERRUPTIBLE); } finish_wait(sk->sk_sleep, &wait); if (!sigd) { error = -EUNATCH; goto out; } set_bit(ATM_VF_LISTEN,&vcc->flags); vcc_insert_socket(sk); sk->sk_max_ack_backlog = backlog > 0 ? backlog : ATM_BACKLOG_DEFAULT; error = -sk->sk_err; out: release_sock(sk); return error; }",linux-2.6,,,124880737917680262812022112240721930476,0 4778,['CWE-20'],"void ext4_update_dynamic_rev(struct super_block *sb) { struct ext4_super_block *es = EXT4_SB(sb)->s_es; if (le32_to_cpu(es->s_rev_level) > EXT4_GOOD_OLD_REV) return; ext4_warning(sb, __func__, ""updating to rev %d because of new feature flag, "" ""running e2fsck is recommended"", EXT4_DYNAMIC_REV); es->s_first_ino = cpu_to_le32(EXT4_GOOD_OLD_FIRST_INO); es->s_inode_size = cpu_to_le16(EXT4_GOOD_OLD_INODE_SIZE); es->s_rev_level = cpu_to_le32(EXT4_DYNAMIC_REV); }",linux-2.6,,,331657114710527290989844635690335580502,0 893,['CWE-200'],"static void shmem_recalc_inode(struct inode *inode) { struct shmem_inode_info *info = SHMEM_I(inode); long freed; freed = info->alloced - info->swapped - inode->i_mapping->nrpages; if (freed > 0) { info->alloced -= freed; shmem_unacct_blocks(info->flags, freed); shmem_free_blocks(inode, freed); } }",linux-2.6,,,208021451225578922650595279362907054226,0 5385,CWE-125,"size_t OpenMP4Source(char *filename, uint32_t traktype, uint32_t traksubtype) { mp4object *mp4 = (mp4object *)malloc(sizeof(mp4object)); if (mp4 == NULL) return 0; memset(mp4, 0, sizeof(mp4object)); #ifdef _WINDOWS fopen_s(&mp4->mediafp, filename, ""rb""); #else mp4->mediafp = fopen(filename, ""rb""); #endif if (mp4->mediafp) { uint32_t qttag, qtsize32, skip, type = 0, subtype = 0, num; size_t len; int32_t nest = 0; uint64_t nestsize[MAX_NEST_LEVEL] = { 0 }; uint64_t lastsize = 0, qtsize; do { len = fread(&qtsize32, 1, 4, mp4->mediafp); len += fread(&qttag, 1, 4, mp4->mediafp); if (len == 8) { if (!VALID_FOURCC(qttag)) { LONGSEEK(mp4->mediafp, lastsize - 8 - 8, SEEK_CUR); NESTSIZE(lastsize - 8); continue; } qtsize32 = BYTESWAP32(qtsize32); if (qtsize32 == 1) { fread(&qtsize, 1, 8, mp4->mediafp); qtsize = BYTESWAP64(qtsize) - 8; } else qtsize = qtsize32; nest++; if (qtsize < 8) break; if (nest >= MAX_NEST_LEVEL) break; nestsize[nest] = qtsize; lastsize = qtsize; #if PRINT_MP4_STRUCTURE for (int i = 1; i < nest; i++) printf("" ""); printf(""%c%c%c%c (%lld)\n"", (qttag & 0xff), ((qttag >> 8) & 0xff), ((qttag >> 16) & 0xff), ((qttag >> 24) & 0xff), qtsize); if (qttag == MAKEID('m', 'd', 'a', 't') || qttag == MAKEID('f', 't', 'y', 'p') || qttag == MAKEID('u', 'd', 't', 'a')) { LONGSEEK(mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); continue; } #else if (qttag != MAKEID('m', 'o', 'o', 'v') && qttag != MAKEID('m', 'v', 'h', 'd') && qttag != MAKEID('t', 'r', 'a', 'k') && qttag != MAKEID('m', 'd', 'i', 'a') && qttag != MAKEID('m', 'd', 'h', 'd') && qttag != MAKEID('m', 'i', 'n', 'f') && qttag != MAKEID('g', 'm', 'i', 'n') && qttag != MAKEID('d', 'i', 'n', 'f') && qttag != MAKEID('a', 'l', 'i', 's') && qttag != MAKEID('s', 't', 's', 'd') && qttag != MAKEID('a', 'l', 'i', 's') && qttag != MAKEID('a', 'l', 'i', 's') && qttag != MAKEID('s', 't', 'b', 'l') && qttag != MAKEID('s', 't', 't', 's') && qttag != MAKEID('s', 't', 's', 'c') && qttag != MAKEID('s', 't', 's', 'z') && qttag != MAKEID('s', 't', 'c', 'o') && qttag != MAKEID('c', 'o', '6', '4') && qttag != MAKEID('h', 'd', 'l', 'r')) { LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else #endif if (qttag == MAKEID('m', 'v', 'h', 'd')) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&mp4->clockdemon, 1, 4, mp4->mediafp); mp4->clockdemon = BYTESWAP32(mp4->clockdemon); len += fread(&mp4->clockcount, 1, 4, mp4->mediafp); mp4->clockcount = BYTESWAP32(mp4->clockcount); LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('m', 'd', 'h', 'd')) { media_header md; len = fread(&md, 1, sizeof(md), mp4->mediafp); if (len == sizeof(md)) { md.creation_time = BYTESWAP32(md.creation_time); md.modification_time = BYTESWAP32(md.modification_time); md.time_scale = BYTESWAP32(md.time_scale); md.duration = BYTESWAP32(md.duration); mp4->trak_clockdemon = md.time_scale; mp4->trak_clockcount = md.duration; if (mp4->videolength == 0.0) { mp4->videolength = (float)((double)mp4->trak_clockcount / (double)mp4->trak_clockdemon); } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('h', 'd', 'l', 'r')) { uint32_t temp; len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&temp, 1, 4, mp4->mediafp); if (temp != MAKEID('a', 'l', 'i', 's')) type = temp; LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 's', 'd')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&skip, 1, 4, mp4->mediafp); len += fread(&subtype, 1, 4, mp4->mediafp); if (len == 16) { if (subtype != traksubtype) { type = 0; } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 's', 'c')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 12 <= qtsize - 8 - len) { mp4->metastsc_count = num; if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = (SampleToChunk *)malloc(num * 12); if (mp4->metastsc) { uint32_t total_stsc = num; len += fread(mp4->metastsc, 1, num * sizeof(SampleToChunk), mp4->mediafp); do { num--; mp4->metastsc[num].chunk_num = BYTESWAP32(mp4->metastsc[num].chunk_num); mp4->metastsc[num].samples = BYTESWAP32(mp4->metastsc[num].samples); mp4->metastsc[num].id = BYTESWAP32(mp4->metastsc[num].id); } while (num > 0); } if (mp4->metastsc_count == 1 && mp4->metastsc[0].samples == 1) { if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = NULL; mp4->metastsc_count = 0; } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 's', 'z')) { if (type == traktype) { uint32_t equalsamplesize; len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&equalsamplesize, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 4 <= qtsize - 8 - len) { mp4->metasize_count = num; if (mp4->metasizes) free(mp4->metasizes); mp4->metasizes = (uint32_t *)malloc(num * 4); if (mp4->metasizes) { if (equalsamplesize == 0) { len += fread(mp4->metasizes, 1, num * 4, mp4->mediafp); do { num--; mp4->metasizes[num] = BYTESWAP32(mp4->metasizes[num]); } while (num > 0); } else { equalsamplesize = BYTESWAP32(equalsamplesize); do { num--; mp4->metasizes[num] = equalsamplesize; } while (num > 0); } } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 'c', 'o')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 4 <= qtsize - 8 - len) { if (mp4->metastsc_count > 0 && num != mp4->metasize_count) { mp4->indexcount = mp4->metasize_count; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(mp4->metasize_count * 8); if (mp4->metaoffsets) { uint32_t *metaoffsets32 = NULL; metaoffsets32 = (uint32_t *)malloc(num * 4); if (metaoffsets32) { uint64_t fileoffset = 0; int stsc_pos = 0; int stco_pos = 0; int repeat = 1; len += fread(metaoffsets32, 1, num * 4, mp4->mediafp); do { num--; metaoffsets32[num] = BYTESWAP32(metaoffsets32[num]); } while (num > 0); mp4->metaoffsets[0] = fileoffset = metaoffsets32[stco_pos]; num = 1; while (num < mp4->metasize_count) { if (stsc_pos + 1 < (int)mp4->metastsc_count && num == stsc_pos) { stco_pos++; stsc_pos++; fileoffset = (uint64_t)metaoffsets32[stco_pos]; repeat = 1; } else if (repeat == mp4->metastsc[stsc_pos].samples) { stco_pos++; fileoffset = (uint64_t)metaoffsets32[stco_pos]; repeat = 1; } else { fileoffset += (uint64_t)mp4->metasizes[num - 1]; repeat++; } mp4->metaoffsets[num] = fileoffset; num++; } if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = NULL; mp4->metastsc_count = 0; free(metaoffsets32); } } } else { mp4->indexcount = num; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(num * 8); if (mp4->metaoffsets) { uint32_t *metaoffsets32 = NULL; metaoffsets32 = (uint32_t *)malloc(num * 4); if (metaoffsets32) { size_t readlen = fread(metaoffsets32, 1, num * 4, mp4->mediafp); len += readlen; do { num--; mp4->metaoffsets[num] = BYTESWAP32(metaoffsets32[num]); } while (num > 0); free(metaoffsets32); } } } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('c', 'o', '6', '4')) { if (type == traktype) { len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 8 <= qtsize - 8 - len) { if (mp4->metastsc_count > 0 && num != mp4->metasize_count) { mp4->indexcount = mp4->metasize_count; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(mp4->metasize_count * 8); if (mp4->metaoffsets) { uint64_t *metaoffsets64 = NULL; metaoffsets64 = (uint64_t *)malloc(num * 8); if (metaoffsets64) { uint64_t fileoffset = 0; int stsc_pos = 0; int stco_pos = 0; len += fread(metaoffsets64, 1, num * 8, mp4->mediafp); do { num--; metaoffsets64[num] = BYTESWAP64(metaoffsets64[num]); } while (num > 0); fileoffset = metaoffsets64[0]; mp4->metaoffsets[0] = fileoffset; num = 1; while (num < mp4->metasize_count) { if (num != mp4->metastsc[stsc_pos].chunk_num - 1 && 0 == (num - (mp4->metastsc[stsc_pos].chunk_num - 1)) % mp4->metastsc[stsc_pos].samples) { stco_pos++; fileoffset = (uint64_t)metaoffsets64[stco_pos]; } else { fileoffset += (uint64_t)mp4->metasizes[num - 1]; } mp4->metaoffsets[num] = fileoffset; num++; } if (mp4->metastsc) free(mp4->metastsc); mp4->metastsc = NULL; mp4->metastsc_count = 0; free(metaoffsets64); } } } else { mp4->indexcount = num; if (mp4->metaoffsets) free(mp4->metaoffsets); mp4->metaoffsets = (uint64_t *)malloc(num * 8); if (mp4->metaoffsets) { len += fread(mp4->metaoffsets, 1, num * 8, mp4->mediafp); do { num--; mp4->metaoffsets[num] = BYTESWAP64(mp4->metaoffsets[num]); } while (num > 0); } } } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else if (qttag == MAKEID('s', 't', 't', 's')) { if (type == traktype) { uint32_t totaldur = 0, samples = 0; int32_t entries = 0; len = fread(&skip, 1, 4, mp4->mediafp); len += fread(&num, 1, 4, mp4->mediafp); num = BYTESWAP32(num); if (num * 8 <= qtsize - 8 - len) { entries = num; mp4->meta_clockdemon = mp4->trak_clockdemon; mp4->meta_clockcount = mp4->trak_clockcount; while (entries > 0) { int32_t samplecount; int32_t duration; len += fread(&samplecount, 1, 4, mp4->mediafp); samplecount = BYTESWAP32(samplecount); len += fread(&duration, 1, 4, mp4->mediafp); duration = BYTESWAP32(duration); samples += samplecount; entries--; totaldur += duration; mp4->metadatalength += (double)((double)samplecount * (double)duration / (double)mp4->meta_clockdemon); } mp4->basemetadataduration = mp4->metadatalength * (double)mp4->meta_clockdemon / (double)samples; } LONGSEEK(mp4->mediafp, qtsize - 8 - len, SEEK_CUR); } else LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); } else { NESTSIZE(8); } } else { break; } } while (len > 0); } else { free(mp4); mp4 = NULL; } return (size_t)mp4; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,247196757099773,1 3679,CWE-787,"hb_set_subtract (hb_set_t *set, const hb_set_t *other) { if (unlikely (hb_object_is_immutable (set))) return; set->subtract (*other); }",visit repo url,src/hb-set.cc,https://github.com/harfbuzz/harfbuzz,30450385067655,1 3960,['CWE-362'],"static void audit_put_watch(struct audit_watch *watch) { if (atomic_dec_and_test(&watch->count)) { WARN_ON(watch->parent); WARN_ON(!list_empty(&watch->rules)); kfree(watch->path); kfree(watch); } }",linux-2.6,,,165080250587147835767680344477634481415,0 1542,CWE-399,"int udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name); struct sk_buff *skb; unsigned int ulen, copied; int peeked, off = 0; int err; int is_udplite = IS_UDPLITE(sk); bool slow; if (flags & MSG_ERRQUEUE) return ip_recv_error(sk, msg, len, addr_len); try_again: skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), &peeked, &off, &err); if (!skb) goto out; ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) copied = ulen; else if (copied < ulen) msg->msg_flags |= MSG_TRUNC; if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { if (udp_lib_checksum_complete(skb)) goto csum_copy_err; } if (skb_csum_unnecessary(skb)) err = skb_copy_datagram_msg(skb, sizeof(struct udphdr), msg, copied); else { err = skb_copy_and_csum_datagram_msg(skb, sizeof(struct udphdr), msg); if (err == -EINVAL) goto csum_copy_err; } if (unlikely(err)) { trace_kfree_skb(skb, udp_recvmsg); if (!peeked) { atomic_inc(&sk->sk_drops); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } goto out_free; } if (!peeked) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); sock_recv_ts_and_drops(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_port = udp_hdr(skb)->source; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); *addr_len = sizeof(*sin); } if (inet->cmsg_flags) ip_cmsg_recv_offset(msg, skb, sizeof(struct udphdr)); err = copied; if (flags & MSG_TRUNC) err = ulen; out_free: skb_free_datagram_locked(sk, skb); out: return err; csum_copy_err: slow = lock_sock_fast(sk); if (!skb_kill_datagram(sk, skb, flags)) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } unlock_sock_fast(sk, slow); if (noblock) return -EAGAIN; msg->msg_flags &= ~MSG_TRUNC; goto try_again; }",visit repo url,net/ipv4/udp.c,https://github.com/torvalds/linux,153036494842303,1 2355,['CWE-120'],"int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) { int error = may_create(dir, dentry, NULL); if (error) return error; if (!dir->i_op || !dir->i_op->mkdir) return -EPERM; mode &= (S_IRWXUGO|S_ISVTX); error = security_inode_mkdir(dir, dentry, mode); if (error) return error; DQUOT_INIT(dir); error = dir->i_op->mkdir(dir, dentry, mode); if (!error) fsnotify_mkdir(dir, dentry); return error; }",linux-2.6,,,265957916983774506618204157507087939386,0 3166,CWE-125,"chdlc_print(netdissect_options *ndo, register const u_char *p, u_int length) { u_int proto; const u_char *bp = p; if (length < CHDLC_HDRLEN) goto trunc; ND_TCHECK2(*p, CHDLC_HDRLEN); proto = EXTRACT_16BITS(&p[2]); if (ndo->ndo_eflag) { ND_PRINT((ndo, ""%s, ethertype %s (0x%04x), length %u: "", tok2str(chdlc_cast_values, ""0x%02x"", p[0]), tok2str(ethertype_values, ""Unknown"", proto), proto, length)); } length -= CHDLC_HDRLEN; p += CHDLC_HDRLEN; switch (proto) { case ETHERTYPE_IP: ip_print(ndo, p, length); break; case ETHERTYPE_IPV6: ip6_print(ndo, p, length); break; case CHDLC_TYPE_SLARP: chdlc_slarp_print(ndo, p, length); break; #if 0 case CHDLC_TYPE_CDP: chdlc_cdp_print(p, length); break; #endif case ETHERTYPE_MPLS: case ETHERTYPE_MPLS_MULTI: mpls_print(ndo, p, length); break; case ETHERTYPE_ISO: if (length < 2) goto trunc; ND_TCHECK_16BITS(p); if (*(p+1) == 0x81 || *(p+1) == 0x82 || *(p+1) == 0x83) isoclns_print(ndo, p + 1, length - 1, ndo->ndo_snapend - p - 1); else isoclns_print(ndo, p, length, ndo->ndo_snapend - p); break; default: if (!ndo->ndo_eflag) ND_PRINT((ndo, ""unknown CHDLC protocol (0x%04x)"", proto)); break; } return (CHDLC_HDRLEN); trunc: ND_PRINT((ndo, ""[|chdlc]"")); return ndo->ndo_snapend - bp; }",visit repo url,print-chdlc.c,https://github.com/the-tcpdump-group/tcpdump,233412763815253,1 1308,CWE-399,"int hugetlb_reserve_pages(struct inode *inode, long from, long to, struct vm_area_struct *vma, vm_flags_t vm_flags) { long ret, chg; struct hstate *h = hstate_inode(inode); if (vm_flags & VM_NORESERVE) return 0; if (!vma || vma->vm_flags & VM_MAYSHARE) chg = region_chg(&inode->i_mapping->private_list, from, to); else { struct resv_map *resv_map = resv_map_alloc(); if (!resv_map) return -ENOMEM; chg = to - from; set_vma_resv_map(vma, resv_map); set_vma_resv_flags(vma, HPAGE_RESV_OWNER); } if (chg < 0) return chg; if (hugetlb_get_quota(inode->i_mapping, chg)) return -ENOSPC; ret = hugetlb_acct_memory(h, chg); if (ret < 0) { hugetlb_put_quota(inode->i_mapping, chg); return ret; } if (!vma || vma->vm_flags & VM_MAYSHARE) region_add(&inode->i_mapping->private_list, from, to); return 0; }",visit repo url,mm/hugetlb.c,https://github.com/torvalds/linux,62569140695762,1 4861,['CWE-189'],"int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat) { int rc = 0; char dst[MD5_DIGEST_SIZE]; BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE); BUG_ON(crypt_stat->iv_bytes <= 0); if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { rc = -EINVAL; ecryptfs_printk(KERN_WARNING, ""Session key not valid; "" ""cannot generate root IV\n""); goto out; } rc = ecryptfs_calculate_md5(dst, crypt_stat, crypt_stat->key, crypt_stat->key_size); if (rc) { ecryptfs_printk(KERN_WARNING, ""Error attempting to compute "" ""MD5 while generating root IV\n""); goto out; } memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes); out: if (rc) { memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes); crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING; } return rc; }",linux-2.6,,,274578348851116562009328478790108260018,0 5416,CWE-125,"prologProcessor(XML_Parser parser, const char *s, const char *end, const char **nextPtr) { const char *next = s; int tok = XmlPrologTok(parser->m_encoding, s, end, &next); return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr, (XML_Bool)! parser->m_parsingStatus.finalBuffer); }",visit repo url,expat/lib/xmlparse.c,https://github.com/libexpat/libexpat,246307924374930,1 4857,CWE-415,"static int read_public_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I1012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_public_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,241413677709066,1 1357,CWE-362,"static int ext4_convert_unwritten_extents_endio(handle_t *handle, struct inode *inode, struct ext4_ext_path *path) { struct ext4_extent *ex; int depth; int err = 0; depth = ext_depth(inode); ex = path[depth].p_ext; ext_debug(""ext4_convert_unwritten_extents_endio: inode %lu, logical"" ""block %llu, max_blocks %u\n"", inode->i_ino, (unsigned long long)le32_to_cpu(ex->ee_block), ext4_ext_get_actual_len(ex)); err = ext4_ext_get_access(handle, inode, path + depth); if (err) goto out; ext4_ext_mark_initialized(ex); ext4_ext_try_to_merge(handle, inode, path, ex); err = ext4_ext_dirty(handle, inode, path + path->p_depth); out: ext4_ext_show_leaf(inode, path); return err; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,227297771479524,1 5215,CWE-276,"flatpak_pull_from_bundle (OstreeRepo *repo, GFile *file, const char *remote, const char *ref, gboolean require_gpg_signature, GCancellable *cancellable, GError **error) { g_autofree char *metadata_contents = NULL; g_autofree char *to_checksum = NULL; g_autoptr(GFile) root = NULL; g_autoptr(GFile) metadata_file = NULL; g_autoptr(GInputStream) in = NULL; g_autoptr(OstreeGpgVerifyResult) gpg_result = NULL; g_autoptr(GError) my_error = NULL; g_autoptr(GVariant) metadata = NULL; gboolean metadata_valid; g_autofree char *remote_collection_id = NULL; g_autofree char *collection_id = NULL; metadata = flatpak_bundle_load (file, &to_checksum, NULL, NULL, NULL, &metadata_contents, NULL, NULL, &collection_id, error); if (metadata == NULL) return FALSE; if (!ostree_repo_get_remote_option (repo, remote, ""collection-id"", NULL, &remote_collection_id, NULL)) remote_collection_id = NULL; if (remote_collection_id != NULL && collection_id != NULL && strcmp (remote_collection_id, collection_id) != 0) return flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA, _(""Collection ‘%s’ of bundle doesn’t match collection ‘%s’ of remote""), collection_id, remote_collection_id); if (!ostree_repo_prepare_transaction (repo, NULL, cancellable, error)) return FALSE; ostree_repo_transaction_set_ref (repo, remote, ref, to_checksum); if (!ostree_repo_static_delta_execute_offline (repo, file, FALSE, cancellable, error)) return FALSE; gpg_result = ostree_repo_verify_commit_ext (repo, to_checksum, NULL, NULL, cancellable, &my_error); if (gpg_result == NULL) { if (g_error_matches (my_error, OSTREE_GPG_ERROR, OSTREE_GPG_ERROR_NO_SIGNATURE) && !require_gpg_signature) { g_clear_error (&my_error); } else { g_propagate_error (error, g_steal_pointer (&my_error)); return FALSE; } } else { if (ostree_gpg_verify_result_count_valid (gpg_result) == 0 && require_gpg_signature) return flatpak_fail_error (error, FLATPAK_ERROR_UNTRUSTED, _(""GPG signatures found, but none are in trusted keyring"")); } if (!ostree_repo_read_commit (repo, to_checksum, &root, NULL, NULL, error)) return FALSE; if (!ostree_repo_commit_transaction (repo, NULL, cancellable, error)) return FALSE; metadata_file = g_file_resolve_relative_path (root, ""metadata""); in = (GInputStream *) g_file_read (metadata_file, cancellable, NULL); if (in != NULL) { g_autoptr(GMemoryOutputStream) data_stream = (GMemoryOutputStream *) g_memory_output_stream_new_resizable (); if (g_output_stream_splice (G_OUTPUT_STREAM (data_stream), in, G_OUTPUT_STREAM_SPLICE_CLOSE_SOURCE, cancellable, error) < 0) return FALSE; g_output_stream_write (G_OUTPUT_STREAM (data_stream), ""\0"", 1, NULL, NULL); metadata_valid = metadata_contents != NULL && strcmp (metadata_contents, g_memory_output_stream_get_data (data_stream)) == 0; } else { metadata_valid = (metadata_contents == NULL); } if (!metadata_valid) { ostree_repo_set_ref_immediate (repo, remote, ref, NULL, cancellable, error); return flatpak_fail_error (error, FLATPAK_ERROR_INVALID_DATA, _(""Metadata in header and app are inconsistent"")); } return TRUE; }",visit repo url,common/flatpak-utils.c,https://github.com/flatpak/flatpak,199839387584754,1 4429,CWE-416,"mrb_io_initialize_copy(mrb_state *mrb, mrb_value copy) { mrb_value orig; mrb_value buf; struct mrb_io *fptr_copy; struct mrb_io *fptr_orig; mrb_bool failed = TRUE; mrb_get_args(mrb, ""o"", &orig); fptr_copy = (struct mrb_io *)DATA_PTR(copy); if (fptr_copy != NULL) { fptr_finalize(mrb, fptr_copy, FALSE); mrb_free(mrb, fptr_copy); } fptr_copy = (struct mrb_io *)mrb_io_alloc(mrb); fptr_orig = io_get_open_fptr(mrb, orig); DATA_TYPE(copy) = &mrb_io_type; DATA_PTR(copy) = fptr_copy; buf = mrb_iv_get(mrb, orig, mrb_intern_cstr(mrb, ""@buf"")); mrb_iv_set(mrb, copy, mrb_intern_cstr(mrb, ""@buf""), buf); fptr_copy->fd = mrb_dup(mrb, fptr_orig->fd, &failed); if (failed) { mrb_sys_fail(mrb, 0); } mrb_fd_cloexec(mrb, fptr_copy->fd); if (fptr_orig->fd2 != -1) { fptr_copy->fd2 = mrb_dup(mrb, fptr_orig->fd2, &failed); if (failed) { close(fptr_copy->fd); mrb_sys_fail(mrb, 0); } mrb_fd_cloexec(mrb, fptr_copy->fd2); } fptr_copy->pid = fptr_orig->pid; fptr_copy->readable = fptr_orig->readable; fptr_copy->writable = fptr_orig->writable; fptr_copy->sync = fptr_orig->sync; fptr_copy->is_socket = fptr_orig->is_socket; return copy; }",visit repo url,mrbgems/mruby-io/src/io.c,https://github.com/mruby/mruby,5031270864623,1 2166,CWE-326,"static inline u32 net_hash_mix(const struct net *net) { #ifdef CONFIG_NET_NS return (u32)(((unsigned long)net) >> ilog2(sizeof(*net))); #else return 0; #endif }",visit repo url,include/net/netns/hash.h,https://github.com/torvalds/linux,228240872492288,1 6330,CWE-295,"NOEXPORT void tray_update(const int num) { NOTIFYICONDATA nid; static ICON_TYPE previous_icon=ICON_NONE; ICON_TYPE current_icon; LPTSTR tip; if(!global_options.option.taskbar) { tray_delete(); return; } if(!tray_menu_handle) tray_menu_handle=LoadMenu(ghInst, MAKEINTRESOURCE(IDM_TRAYMENU)); if(!tray_menu_handle) { ioerror(""LoadMenu""); return; } if(cmdline.service) EnableMenuItem(tray_menu_handle, IDM_EDIT_CONFIG, MF_GRAYED); ZeroMemory(&nid, sizeof nid); nid.cbSize=sizeof nid; nid.uID=1; nid.uFlags=NIF_MESSAGE|NIF_TIP; nid.uCallbackMessage=WM_SYSTRAY; nid.hWnd=hwnd; if(num<0) { tip=str_tprintf(TEXT(""Server is down"")); current_icon=ICON_ERROR; } else if(num>0) { tip=str_tprintf(TEXT(""%d active session(s)""), num); current_icon=ICON_ACTIVE; } else { tip=str_tprintf(TEXT(""Server is idle"")); current_icon=ICON_IDLE; } _tcsncpy(nid.szTip, tip, 63); nid.szTip[63]=TEXT('\0'); str_free(tip); nid.hIcon=global_options.icon[current_icon]; if(current_icon!=previous_icon) { nid.uFlags|=NIF_ICON; previous_icon=current_icon; } if(Shell_NotifyIcon(NIM_MODIFY, &nid)) return; nid.uFlags|=NIF_ICON; Shell_NotifyIcon(NIM_ADD, &nid); }",visit repo url,src/ui_win_gui.c,https://github.com/mtrojnar/stunnel,43870727667196,1 4298,['CWE-264'],"void free_task(struct task_struct *tsk) { prop_local_destroy_single(&tsk->dirties); free_thread_info(tsk->stack); rt_mutex_debug_task_free(tsk); ftrace_graph_exit_task(tsk); free_task_struct(tsk); }",linux-2.6,,,39402278048285999154115739337488814391,0 3736,[],"static void scan_inflight(struct sock *x, void (*func)(struct unix_sock *), struct sk_buff_head *hitlist) { struct sk_buff *skb; struct sk_buff *next; spin_lock(&x->sk_receive_queue.lock); receive_queue_for_each_skb(x, next, skb) { if (UNIXCB(skb).fp) { bool hit = false; int nfd = UNIXCB(skb).fp->count; struct file **fp = UNIXCB(skb).fp->fp; while (nfd--) { struct sock *sk = unix_get_socket(*fp++); if (sk) { struct unix_sock *u = unix_sk(sk); if (u->gc_candidate) { hit = true; func(u); } } } if (hit && hitlist != NULL) { __skb_unlink(skb, &x->sk_receive_queue); __skb_queue_tail(hitlist, skb); } } } spin_unlock(&x->sk_receive_queue.lock); }",linux-2.6,,,87716068523827423395122688438397153205,0 2983,CWE-399,"private int mget(struct magic_set *ms, const unsigned char *s, struct magic *m, size_t nbytes, size_t o, unsigned int cont_level, int mode, int text, int flip, int recursion_level, int *printed_something, int *need_separator, int *returnval) { uint32_t soffset, offset = ms->offset; uint32_t count = m->str_range; uint32_t lhs; int rv, oneed_separator, in_type; char *sbuf, *rbuf; union VALUETYPE *p = &ms->ms_value; struct mlist ml; if (recursion_level >= 20) { file_error(ms, 0, ""recursion nesting exceeded""); return -1; } if (mcopy(ms, p, m->type, m->flag & INDIR, s, (uint32_t)(offset + o), (uint32_t)nbytes, count) == -1) return -1; if ((ms->flags & MAGIC_DEBUG) != 0) { fprintf(stderr, ""mget(type=%d, flag=%x, offset=%u, o=%zu, "" ""nbytes=%zu, count=%u)\n"", m->type, m->flag, offset, o, nbytes, count); mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); #ifndef COMPILE_ONLY file_mdump(m); #endif } if (m->flag & INDIR) { int off = m->in_offset; if (m->in_op & FILE_OPINDIRECT) { const union VALUETYPE *q = CAST(const union VALUETYPE *, ((const void *)(s + offset + off))); switch (cvt_flip(m->in_type, flip)) { case FILE_BYTE: off = q->b; break; case FILE_SHORT: off = q->h; break; case FILE_BESHORT: off = (short)((q->hs[0]<<8)|(q->hs[1])); break; case FILE_LESHORT: off = (short)((q->hs[1]<<8)|(q->hs[0])); break; case FILE_LONG: off = q->l; break; case FILE_BELONG: case FILE_BEID3: off = (int32_t)((q->hl[0]<<24)|(q->hl[1]<<16)| (q->hl[2]<<8)|(q->hl[3])); break; case FILE_LEID3: case FILE_LELONG: off = (int32_t)((q->hl[3]<<24)|(q->hl[2]<<16)| (q->hl[1]<<8)|(q->hl[0])); break; case FILE_MELONG: off = (int32_t)((q->hl[1]<<24)|(q->hl[0]<<16)| (q->hl[3]<<8)|(q->hl[2])); break; } if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, ""indirect offs=%u\n"", off); } switch (in_type = cvt_flip(m->in_type, flip)) { case FILE_BYTE: if (OFFSET_OOB(nbytes, offset, 1)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = p->b & off; break; case FILE_OPOR: offset = p->b | off; break; case FILE_OPXOR: offset = p->b ^ off; break; case FILE_OPADD: offset = p->b + off; break; case FILE_OPMINUS: offset = p->b - off; break; case FILE_OPMULTIPLY: offset = p->b * off; break; case FILE_OPDIVIDE: offset = p->b / off; break; case FILE_OPMODULO: offset = p->b % off; break; } } else offset = p->b; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_BESHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; lhs = (p->hs[0] << 8) | p->hs[1]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_LESHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; lhs = (p->hs[1] << 8) | p->hs[0]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_SHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = p->h & off; break; case FILE_OPOR: offset = p->h | off; break; case FILE_OPXOR: offset = p->h ^ off; break; case FILE_OPADD: offset = p->h + off; break; case FILE_OPMINUS: offset = p->h - off; break; case FILE_OPMULTIPLY: offset = p->h * off; break; case FILE_OPDIVIDE: offset = p->h / off; break; case FILE_OPMODULO: offset = p->h % off; break; } } else offset = p->h; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_BELONG: case FILE_BEID3: if (OFFSET_OOB(nbytes, offset, 4)) return 0; lhs = (p->hl[0] << 24) | (p->hl[1] << 16) | (p->hl[2] << 8) | p->hl[3]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_LELONG: case FILE_LEID3: if (OFFSET_OOB(nbytes, offset, 4)) return 0; lhs = (p->hl[3] << 24) | (p->hl[2] << 16) | (p->hl[1] << 8) | p->hl[0]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_MELONG: if (OFFSET_OOB(nbytes, offset, 4)) return 0; lhs = (p->hl[1] << 24) | (p->hl[0] << 16) | (p->hl[3] << 8) | p->hl[2]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_LONG: if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = p->l & off; break; case FILE_OPOR: offset = p->l | off; break; case FILE_OPXOR: offset = p->l ^ off; break; case FILE_OPADD: offset = p->l + off; break; case FILE_OPMINUS: offset = p->l - off; break; case FILE_OPMULTIPLY: offset = p->l * off; break; case FILE_OPDIVIDE: offset = p->l / off; break; case FILE_OPMODULO: offset = p->l % off; break; } } else offset = p->l; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; default: break; } switch (in_type) { case FILE_LEID3: case FILE_BEID3: offset = ((((offset >> 0) & 0x7f) << 0) | (((offset >> 8) & 0x7f) << 7) | (((offset >> 16) & 0x7f) << 14) | (((offset >> 24) & 0x7f) << 21)) + 10; break; default: break; } if (m->flag & INDIROFFADD) { offset += ms->c.li[cont_level-1].off; if (offset == 0) { if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, ""indirect *zero* offset\n""); return 0; } if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, ""indirect +offs=%u\n"", offset); } if (mcopy(ms, p, m->type, 0, s, offset, nbytes, count) == -1) return -1; ms->offset = offset; if ((ms->flags & MAGIC_DEBUG) != 0) { mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); #ifndef COMPILE_ONLY file_mdump(m); #endif } } switch (m->type) { case FILE_BYTE: if (OFFSET_OOB(nbytes, offset, 1)) return 0; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; break; case FILE_LONG: case FILE_BELONG: case FILE_LELONG: case FILE_MELONG: case FILE_DATE: case FILE_BEDATE: case FILE_LEDATE: case FILE_MEDATE: case FILE_LDATE: case FILE_BELDATE: case FILE_LELDATE: case FILE_MELDATE: case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: if (OFFSET_OOB(nbytes, offset, 4)) return 0; break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: if (OFFSET_OOB(nbytes, offset, 8)) return 0; break; case FILE_STRING: case FILE_PSTRING: case FILE_SEARCH: if (OFFSET_OOB(nbytes, offset, m->vallen)) return 0; break; case FILE_REGEX: if (nbytes < offset) return 0; break; case FILE_INDIRECT: if (offset == 0) return 0; if (nbytes < offset) return 0; sbuf = ms->o.buf; soffset = ms->offset; ms->o.buf = NULL; ms->offset = 0; rv = file_softmagic(ms, s + offset, nbytes - offset, recursion_level, BINTEST, text); if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, ""indirect @offs=%u[%d]\n"", offset, rv); rbuf = ms->o.buf; ms->o.buf = sbuf; ms->offset = soffset; if (rv == 1) { if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && file_printf(ms, F(ms, m, ""%u""), offset) == -1) { free(rbuf); return -1; } if (file_printf(ms, ""%s"", rbuf) == -1) { free(rbuf); return -1; } } free(rbuf); return rv; case FILE_USE: if (nbytes < offset) return 0; sbuf = m->value.s; if (*sbuf == '^') { sbuf++; flip = !flip; } if (file_magicfind(ms, sbuf, &ml) == -1) { file_error(ms, 0, ""cannot find entry `%s'"", sbuf); return -1; } oneed_separator = *need_separator; if (m->flag & NOSPACE) *need_separator = 0; rv = match(ms, ml.magic, ml.nmagic, s, nbytes, offset + o, mode, text, flip, recursion_level, printed_something, need_separator, returnval); if (rv != 1) *need_separator = oneed_separator; return rv; case FILE_NAME: if (file_printf(ms, ""%s"", m->desc) == -1) return -1; return 1; case FILE_DEFAULT: case FILE_CLEAR: default: break; } if (!mconvert(ms, m, flip)) return 0;",visit repo url,src/softmagic.c,https://github.com/file/file,272640632061960,1 5108,['CWE-20'],"static void vmx_load_host_state(struct vcpu_vmx *vmx) { preempt_disable(); __vmx_load_host_state(vmx); preempt_enable(); }",linux-2.6,,,169375425283950735791836573423889056686,0 5962,CWE-276,"zfs_fuid_create(zfsvfs_t *zfsvfs, uint64_t id, cred_t *cr, zfs_fuid_type_t type, zfs_fuid_info_t **fuidpp) { #ifdef HAVE_KSID const char *domain; char *kdomain; uint32_t fuid_idx = FUID_INDEX(id); uint32_t rid; idmap_stat status; uint64_t idx = 0; zfs_fuid_t *zfuid = NULL; zfs_fuid_info_t *fuidp = NULL; if (!zfsvfs->z_use_fuids || !IS_EPHEMERAL(id) || fuid_idx != 0) return (id); if (zfsvfs->z_replay) { fuidp = zfsvfs->z_fuid_replay; if (fuidp == NULL) return (UID_NOBODY); VERIFY3U(type, >=, ZFS_OWNER); VERIFY3U(type, <=, ZFS_ACE_GROUP); switch (type) { case ZFS_ACE_USER: case ZFS_ACE_GROUP: zfuid = list_head(&fuidp->z_fuids); rid = FUID_RID(zfuid->z_logfuid); idx = FUID_INDEX(zfuid->z_logfuid); break; case ZFS_OWNER: rid = FUID_RID(fuidp->z_fuid_owner); idx = FUID_INDEX(fuidp->z_fuid_owner); break; case ZFS_GROUP: rid = FUID_RID(fuidp->z_fuid_group); idx = FUID_INDEX(fuidp->z_fuid_group); break; }; domain = fuidp->z_domain_table[idx - 1]; } else { if (type == ZFS_OWNER || type == ZFS_ACE_USER) status = kidmap_getsidbyuid(crgetzone(cr), id, &domain, &rid); else status = kidmap_getsidbygid(crgetzone(cr), id, &domain, &rid); if (status != 0) { rid = UID_NOBODY; domain = nulldomain; } } idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, B_TRUE); if (!zfsvfs->z_replay) zfs_fuid_node_add(fuidpp, kdomain, rid, idx, id, type); else if (zfuid != NULL) { list_remove(&fuidp->z_fuids, zfuid); kmem_free(zfuid, sizeof (zfs_fuid_t)); } return (FUID_ENCODE(idx, rid)); #else return (id); #endif }",visit repo url,module/zfs/zfs_fuid.c,https://github.com/openzfs/zfs,93385926592882,1 1793,[],"static void update_cpu_load(struct rq *this_rq) { unsigned long this_load = this_rq->load.weight; int i, scale; this_rq->nr_load_updates++; for (i = 0, scale = 1; i < CPU_LOAD_IDX_MAX; i++, scale += scale) { unsigned long old_load, new_load; old_load = this_rq->cpu_load[i]; new_load = this_load; if (new_load > old_load) new_load += scale-1; this_rq->cpu_load[i] = (old_load*(scale-1) + new_load) >> i; } }",linux-2.6,,,276031176431120644304486903485358396771,0 4042,['CWE-362'],"static inline void inotify_inode_queue_event(struct inode *inode, __u32 mask, __u32 cookie, const char *filename, struct inode *n_inode) { }",linux-2.6,,,300254227572187225079080991007078627873,0 3914,['CWE-399'],"static int tvaudio_get_ctrl(struct CHIPSTATE *chip, struct v4l2_control *ctrl) { struct CHIPDESC *desc = chip->desc; switch (ctrl->id) { case V4L2_CID_AUDIO_MUTE: ctrl->value=chip->muted; return 0; case V4L2_CID_AUDIO_VOLUME: if (!(desc->flags & CHIP_HAS_VOLUME)) break; ctrl->value = max(chip->left,chip->right); return 0; case V4L2_CID_AUDIO_BALANCE: { int volume; if (!(desc->flags & CHIP_HAS_VOLUME)) break; volume = max(chip->left,chip->right); if (volume) ctrl->value=(32768*min(chip->left,chip->right))/volume; else ctrl->value=32768; return 0; } case V4L2_CID_AUDIO_BASS: if (!(desc->flags & CHIP_HAS_BASSTREBLE)) break; ctrl->value = chip->bass; return 0; case V4L2_CID_AUDIO_TREBLE: if (!(desc->flags & CHIP_HAS_BASSTREBLE)) break; ctrl->value = chip->treble; return 0; } return -EINVAL; }",linux-2.6,,,22218510978704099360275722901292108617,0 5178,['CWE-20'],"static inline void vpid_sync_vcpu_all(struct vcpu_vmx *vmx) { if (vmx->vpid == 0) return; __invvpid(VMX_VPID_EXTENT_SINGLE_CONTEXT, vmx->vpid, 0); }",linux-2.6,,,92640437720846788427644412336708889117,0 5807,['CWE-200'],"static int atif_proxy_probe_device(struct atalk_iface *atif, struct atalk_addr* proxy_addr) { int netrange = ntohs(atif->nets.nr_lastnet) - ntohs(atif->nets.nr_firstnet) + 1; int probe_net = ntohs(atif->address.s_net); int probe_node = ATADDR_ANYNODE; int netct, nodect; if (probe_net == ATADDR_ANYNET) { probe_net = ntohs(atif->nets.nr_firstnet); if (netrange) probe_net += jiffies % netrange; } if (probe_node == ATADDR_ANYNODE) probe_node = jiffies & 0xFF; for (netct = 0; netct <= netrange; netct++) { proxy_addr->s_net = htons(probe_net); for (nodect = 0; nodect < 256; nodect++) { proxy_addr->s_node = (nodect + probe_node) & 0xFF; if (proxy_addr->s_node > 0 && proxy_addr->s_node < 254) { int ret = aarp_proxy_probe_network(atif, proxy_addr); if (ret != -EADDRINUSE) return ret; } } probe_net++; if (probe_net > ntohs(atif->nets.nr_lastnet)) probe_net = ntohs(atif->nets.nr_firstnet); } return -EADDRINUSE; }",linux-2.6,,,178751451916804948933577753466549463504,0 2856,CWE-119,"horizontalDifference8(unsigned char *ip, int n, int stride, unsigned short *wp, uint16 *From8) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) (From8[(v)]) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; r1 = CLAMP(ip[3]); wp[3] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[4]); wp[4] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[5]); wp[5] = (uint16)((b1-b2) & mask); b2 = b1; wp += 3; ip += 3; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; r1 = CLAMP(ip[4]); wp[4] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[5]); wp[5] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[6]); wp[6] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[7]); wp[7] = (uint16)((a1-a2) & mask); a2 = a1; wp += 4; ip += 4; } } else { wp += n + stride - 1; ip += n + stride - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,90993586991407,1 6718,['CWE-310'],"constructor (GType type, guint n_construct_params, GObjectConstructParam *construct_params) { GObject *object; NMAGConfConnectionPrivate *priv; NMConnection *connection; GError *error = NULL; object = G_OBJECT_CLASS (nma_gconf_connection_parent_class)->constructor (type, n_construct_params, construct_params); if (!object) return NULL; priv = NMA_GCONF_CONNECTION_GET_PRIVATE (object); if (!priv->client) { nm_warning (""GConfClient not provided.""); goto err; } if (!priv->dir) { nm_warning (""GConf directory not provided.""); goto err; } connection = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (object)); if (!utils_fill_connection_certs (connection, &error)) { g_warning (""%s: Invalid connection %s: failed to load connection certificates: (%d) %s"", __func__, priv->dir, error ? error->code : -1, error && error->message ? error->message : ""(unknown)""); g_clear_error (&error); goto err; } if (!nm_connection_verify (connection, &error)) { utils_clear_filled_connection_certs (connection); g_warning (""Invalid connection: '%s' / '%s' invalid: %d"", g_type_name (nm_connection_lookup_setting_type_by_quark (error->domain)), error->message, error->code); g_error_free (error); goto err; } utils_clear_filled_connection_certs (connection); fill_vpn_user_name (connection); return object; err: g_object_unref (object); return NULL; }",network-manager-applet,,,168851007067641230551347445064593706992,0 2941,['CWE-189'],"void jpc_mqdec_setctxs(jpc_mqdec_t *mqdec, int numctxs, jpc_mqctx_t *ctxs) { jpc_mqstate_t **ctx; int n; ctx = mqdec->ctxs; n = JAS_MIN(mqdec->maxctxs, numctxs); while (--n >= 0) { *ctx = &jpc_mqstates[2 * ctxs->ind + ctxs->mps]; ++ctx; ++ctxs; } n = mqdec->maxctxs - numctxs; while (--n >= 0) { *ctx = &jpc_mqstates[0]; ++ctx; } }",jasper,,,207029659693860849925753577240434569453,0 305,CWE-476,"SMB2_sess_establish_session(struct SMB2_sess_data *sess_data) { int rc = 0; struct cifs_ses *ses = sess_data->ses; mutex_lock(&ses->server->srv_mutex); if (ses->server->sign && ses->server->ops->generate_signingkey) { rc = ses->server->ops->generate_signingkey(ses); kfree(ses->auth_key.response); ses->auth_key.response = NULL; if (rc) { cifs_dbg(FYI, ""SMB3 session key generation failed\n""); mutex_unlock(&ses->server->srv_mutex); goto keygen_exit; } } if (!ses->server->session_estab) { ses->server->sequence_number = 0x2; ses->server->session_estab = true; } mutex_unlock(&ses->server->srv_mutex); cifs_dbg(FYI, ""SMB2/3 session established successfully\n""); spin_lock(&GlobalMid_Lock); ses->status = CifsGood; ses->need_reconnect = false; spin_unlock(&GlobalMid_Lock); keygen_exit: if (!ses->server->sign) { kfree(ses->auth_key.response); ses->auth_key.response = NULL; } return rc; }",visit repo url,fs/cifs/smb2pdu.c,https://github.com/torvalds/linux,16219106105702,1 4906,['CWE-20'],"int uncached_readdir(nfs_readdir_descriptor_t *desc, void *dirent, filldir_t filldir) { struct file *file = desc->file; struct inode *inode = file->f_path.dentry->d_inode; struct rpc_cred *cred = nfs_file_cred(file); struct page *page = NULL; int status; unsigned long timestamp; dfprintk(DIRCACHE, ""NFS: uncached_readdir() searching for cookie %Lu\n"", (unsigned long long)*desc->dir_cookie); page = alloc_page(GFP_HIGHUSER); if (!page) { status = -ENOMEM; goto out; } timestamp = jiffies; desc->error = NFS_PROTO(inode)->readdir(file->f_path.dentry, cred, *desc->dir_cookie, page, NFS_SERVER(inode)->dtsize, desc->plus); spin_lock(&inode->i_lock); NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ATIME; spin_unlock(&inode->i_lock); desc->page = page; desc->ptr = kmap(page); if (desc->error >= 0) { desc->timestamp = timestamp; desc->timestamp_valid = 1; if ((status = dir_decode(desc)) == 0) desc->entry->prev_cookie = *desc->dir_cookie; } else status = -EIO; if (status < 0) goto out_release; status = nfs_do_filldir(desc, dirent, filldir); desc->page_index = 0; desc->entry->cookie = desc->entry->prev_cookie = 0; desc->entry->eof = 0; out: dfprintk(DIRCACHE, ""NFS: %s: returns %d\n"", __FUNCTION__, status); return status; out_release: dir_page_release(desc); goto out; }",linux-2.6,,,133909692775688535210738045921193186111,0 337,['CWE-20'],"ptrace_get_thread_area(struct task_struct *child, int idx, struct user_desc __user *user_desc) { struct user_desc info; struct desc_struct *desc; #define GET_BASE(desc) ( \ (((desc)->a >> 16) & 0x0000ffff) | \ (((desc)->b << 16) & 0x00ff0000) | \ ( (desc)->b & 0xff000000) ) #define GET_LIMIT(desc) ( \ ((desc)->a & 0x0ffff) | \ ((desc)->b & 0xf0000) ) #define GET_32BIT(desc) (((desc)->b >> 22) & 1) #define GET_CONTENTS(desc) (((desc)->b >> 10) & 3) #define GET_WRITABLE(desc) (((desc)->b >> 9) & 1) #define GET_LIMIT_PAGES(desc) (((desc)->b >> 23) & 1) #define GET_PRESENT(desc) (((desc)->b >> 15) & 1) #define GET_USEABLE(desc) (((desc)->b >> 20) & 1) if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) return -EINVAL; desc = child->thread.tls_array + idx - GDT_ENTRY_TLS_MIN; info.entry_number = idx; info.base_addr = GET_BASE(desc); info.limit = GET_LIMIT(desc); info.seg_32bit = GET_32BIT(desc); info.contents = GET_CONTENTS(desc); info.read_exec_only = !GET_WRITABLE(desc); info.limit_in_pages = GET_LIMIT_PAGES(desc); info.seg_not_present = !GET_PRESENT(desc); info.useable = GET_USEABLE(desc); if (copy_to_user(user_desc, &info, sizeof(info))) return -EFAULT; return 0; }",linux-2.6,,,152613792723935830215496003627488707785,0 6739,['CWE-310'],"wired_get_icon (NMDevice *device, NMDeviceState state, NMConnection *connection, char **tip, NMApplet *applet) { NMSettingConnection *s_con; GdkPixbuf *pixbuf = NULL; const char *id; id = nm_device_get_iface (NM_DEVICE (device)); if (connection) { s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); id = nm_setting_connection_get_id (s_con); } switch (state) { case NM_DEVICE_STATE_PREPARE: *tip = g_strdup_printf (_(""Preparing wired network connection '%s'...""), id); break; case NM_DEVICE_STATE_CONFIG: *tip = g_strdup_printf (_(""Configuring wired network connection '%s'...""), id); break; case NM_DEVICE_STATE_NEED_AUTH: *tip = g_strdup_printf (_(""User authentication required for wired network connection '%s'...""), id); break; case NM_DEVICE_STATE_IP_CONFIG: *tip = g_strdup_printf (_(""Requesting a wired network address for '%s'...""), id); break; case NM_DEVICE_STATE_ACTIVATED: pixbuf = applet->wired_icon; *tip = g_strdup_printf (_(""Wired network connection '%s' active""), id); break; default: break; } return pixbuf; }",network-manager-applet,,,63860496525080256608081149345708581727,0 6365,CWE-787,"htmlGetText(tree_t *t) { uchar *s, *s2, *tdata = NULL, *talloc = NULL; size_t slen, tlen; slen = 0; s = NULL; while (t != NULL) { if (t->child) tdata = talloc = htmlGetText(t->child); else tdata = t->data; if (tdata != NULL) { tlen = strlen((char *)tdata); if (s) s2 = (uchar *)realloc(s, 1 + slen + tlen); else s2 = (uchar *)malloc(1 + tlen); if (!s2) break; s = s2; memcpy((char *)s + slen, (char *)tdata, tlen); slen += tlen; if (talloc) { free(talloc); talloc = NULL; } } t = t->next; } if (slen) s[slen] = '\0'; if (talloc) free(talloc); return (s); }",visit repo url,htmldoc/htmllib.cxx,https://github.com/michaelrsweet/htmldoc,261307844308449,1 922,['CWE-200'],"shmem_write_begin(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned flags, struct page **pagep, void **fsdata) { struct inode *inode = mapping->host; pgoff_t index = pos >> PAGE_CACHE_SHIFT; *pagep = NULL; return shmem_getpage(inode, index, pagep, SGP_WRITE, NULL); }",linux-2.6,,,206833405353930748429446951532973360753,0 2267,['CWE-120'],"int follow_down(struct vfsmount **mnt, struct dentry **dentry) { struct vfsmount *mounted; mounted = lookup_mnt(*mnt, *dentry); if (mounted) { dput(*dentry); mntput(*mnt); *mnt = mounted; *dentry = dget(mounted->mnt_root); return 1; } return 0; }",linux-2.6,,,146454819050851954281336556302293317416,0 3469,['CWE-20'],"struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, __u32 new_cum_tsn, size_t nstreams, struct sctp_fwdtsn_skip *skiplist) { struct sctp_chunk *retval = NULL; struct sctp_fwdtsn_chunk *ftsn_chunk; struct sctp_fwdtsn_hdr ftsn_hdr; struct sctp_fwdtsn_skip skip; size_t hint; int i; hint = (nstreams + 1) * sizeof(__u32); retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); if (!retval) return NULL; ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); retval->subh.fwdtsn_hdr = sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); for (i = 0; i < nstreams; i++) { skip.stream = skiplist[i].stream; skip.ssn = skiplist[i].ssn; sctp_addto_chunk(retval, sizeof(skip), &skip); } return retval; }",linux-2.6,,,73059583738796950004424494791582050500,0 983,CWE-59,"mountpoint_last(struct nameidata *nd, struct path *path) { int error = 0; struct dentry *dentry; struct dentry *dir = nd->path.dentry; if (nd->flags & LOOKUP_RCU) { if (unlazy_walk(nd, NULL)) { error = -ECHILD; goto out; } } nd->flags &= ~LOOKUP_PARENT; if (unlikely(nd->last_type != LAST_NORM)) { error = handle_dots(nd, nd->last_type); if (error) goto out; dentry = dget(nd->path.dentry); goto done; } mutex_lock(&dir->d_inode->i_mutex); dentry = d_lookup(dir, &nd->last); if (!dentry) { dentry = d_alloc(dir, &nd->last); if (!dentry) { error = -ENOMEM; mutex_unlock(&dir->d_inode->i_mutex); goto out; } dentry = lookup_real(dir->d_inode, dentry, nd->flags); error = PTR_ERR(dentry); if (IS_ERR(dentry)) { mutex_unlock(&dir->d_inode->i_mutex); goto out; } } mutex_unlock(&dir->d_inode->i_mutex); done: if (!dentry->d_inode || d_is_negative(dentry)) { error = -ENOENT; dput(dentry); goto out; } path->dentry = dentry; path->mnt = mntget(nd->path.mnt); if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW)) return 1; follow_mount(path); error = 0; out: terminate_walk(nd); return error; }",visit repo url,fs/namei.c,https://github.com/torvalds/linux,89404458616586,1 4114,['CWE-399'],"static struct bsg_command *bsg_alloc_command(struct bsg_device *bd) { struct bsg_command *bc = ERR_PTR(-EINVAL); spin_lock_irq(&bd->lock); if (bd->queued_cmds >= bd->max_queue) goto out; bd->queued_cmds++; spin_unlock_irq(&bd->lock); bc = kmem_cache_zalloc(bsg_cmd_cachep, GFP_KERNEL); if (unlikely(!bc)) { spin_lock_irq(&bd->lock); bd->queued_cmds--; bc = ERR_PTR(-ENOMEM); goto out; } bc->bd = bd; INIT_LIST_HEAD(&bc->list); dprintk(""%s: returning free cmd %p\n"", bd->name, bc); return bc; out: spin_unlock_irq(&bd->lock); return bc; }",linux-2.6,,,83903343827894917110614435697202268071,0 1307,['CWE-119'],"asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len) { unsigned char ch, cnt; if (!asn1_octet_decode(ctx, &ch)) return 0; if (ch == 0x80) *def = 0; else { *def = 1; if (ch < 0x80) *len = ch; else { cnt = (unsigned char) (ch & 0x7F); *len = 0; while (cnt > 0) { if (!asn1_octet_decode(ctx, &ch)) return 0; *len <<= 8; *len |= ch; cnt--; } } } if (*len > ctx->end - ctx->pointer) return 0; return 1; }",linux-2.6,,,98264022570201691470561190356041044889,0 847,['CWE-119'],"int isdn_msncmp( const char * msn1, const char * msn2 ) { char TmpMsn1[ ISDN_MSNLEN ]; char TmpMsn2[ ISDN_MSNLEN ]; char *p; for ( p = TmpMsn1; *msn1 && *msn1 != ':'; ) *p++ = *msn1++; *p = '\0'; for ( p = TmpMsn2; *msn2 && *msn2 != ':'; ) *p++ = *msn2++; *p = '\0'; return isdn_wildmat( TmpMsn1, TmpMsn2 ); }",linux-2.6,,,182656726716963502760636825147135035529,0 5943,CWE-120,"static Jsi_Value *jsi_treeFmtKey(Jsi_MapEntry* h, struct Jsi_MapOpts *opts, int flags) { Jsi_TreeEntry* hPtr = (Jsi_TreeEntry*)h; void *key = Jsi_TreeKeyGet(hPtr); if (opts->keyType == JSI_KEYS_ONEWORD) return Jsi_ValueNewNumber(opts->interp, (Jsi_Number)(intptr_t)key); char nbuf[100]; snprintf(nbuf, sizeof(nbuf), ""%p"", key); return Jsi_ValueNewStringDup(opts->interp, nbuf); }",visit repo url,src/jsiTree.c,https://github.com/pcmacdon/jsish,129771825968562,1 949,['CWE-200'],"static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) { struct inode *inode = vma->vm_file->f_path.dentry->d_inode; int error; int ret; if (((loff_t)vmf->pgoff << PAGE_CACHE_SHIFT) >= i_size_read(inode)) return VM_FAULT_SIGBUS; error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_FAULT, &ret); if (error) return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS); mark_page_accessed(vmf->page); return ret | VM_FAULT_LOCKED; }",linux-2.6,,,175714883028004483082888815242684013812,0 3663,['CWE-264'],"generic_file_splice_write_nolock(struct pipe_inode_info *pipe, struct file *out, loff_t *ppos, size_t len, unsigned int flags) { struct address_space *mapping = out->f_mapping; struct inode *inode = mapping->host; struct splice_desc sd = { .total_len = len, .flags = flags, .pos = *ppos, .u.file = out, }; ssize_t ret; int err; err = file_remove_suid(out); if (unlikely(err)) return err; ret = __splice_from_pipe(pipe, &sd, pipe_to_file); if (ret > 0) { unsigned long nr_pages; *ppos += ret; nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) { err = generic_osync_inode(inode, mapping, OSYNC_METADATA|OSYNC_DATA); if (err) ret = err; } balance_dirty_pages_ratelimited_nr(mapping, nr_pages); } return ret; }",linux-2.6,,,42075954627303488797875242967350792607,0 5351,['CWE-476'],"int emulator_set_dr(struct x86_emulate_ctxt *ctxt, int dr, unsigned long value) { unsigned long mask = (ctxt->mode == X86EMUL_MODE_PROT64) ? ~0ULL : ~0U; int exception; kvm_x86_ops->set_dr(ctxt->vcpu, dr, value & mask, &exception); if (exception) { return X86EMUL_UNHANDLEABLE; } return X86EMUL_CONTINUE; }",linux-2.6,,,196339919624282173771059261269190000372,0 6052,CWE-190,"void bn_grow(bn_t a, int digits) { #if ALLOC == DYNAMIC dig_t *t; if (a->alloc < digits) { digits += (RLC_BN_SIZE * 2) - (digits % RLC_BN_SIZE); t = (dig_t *)realloc(a->dp, (RLC_DIG / 8) * digits); if (t == NULL) { RLC_THROW(ERR_NO_MEMORY); return; } a->dp = t; a->alloc = digits; } #elif ALLOC == AUTO if (digits > RLC_BN_SIZE) { RLC_THROW(ERR_NO_PRECI); return; } (void)a; #endif }",visit repo url,src/bn/relic_bn_mem.c,https://github.com/relic-toolkit/relic,20520975557007,1 4118,CWE-287,"int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { size_t cn_len; int ret; int pathlen = 0, selfsigned = 0; mbedtls_x509_crt *parent; mbedtls_x509_name *name; mbedtls_x509_sequence *cur = NULL; mbedtls_pk_type_t pk_type; if( profile == NULL ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); *flags = 0; if( cn != NULL ) { name = &crt->subject; cn_len = strlen( cn ); if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) { cur = &crt->subject_alt_names; while( cur != NULL ) { if( cur->buf.len == cn_len && x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 ) break; if( cur->buf.len > 2 && memcmp( cur->buf.p, ""*."", 2 ) == 0 && x509_check_wildcard( cn, &cur->buf ) == 0 ) { break; } cur = cur->next; } if( cur == NULL ) *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; } else { while( name != NULL ) { if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 ) { if( name->val.len == cn_len && x509_memcasecmp( name->val.p, cn, cn_len ) == 0 ) break; if( name->val.len > 2 && memcmp( name->val.p, ""*."", 2 ) == 0 && x509_check_wildcard( cn, &name->val ) == 0 ) break; } name = name->next; } if( name == NULL ) *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; } } pk_type = mbedtls_pk_get_type( &crt->pk ); if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_PK; if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; for( parent = trust_ca; parent != NULL; parent = parent->next ) { if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) break; } if( parent != NULL ) { ret = x509_crt_verify_top( crt, parent, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } else { for( parent = crt->next; parent != NULL; parent = parent->next ) if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 ) break; if( parent != NULL ) { ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } else { ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) return( ret ); } } if( *flags != 0 ) return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); return( 0 ); }",visit repo url,library/x509_crt.c,https://github.com/ARMmbed/mbedtls,281143031978639,1 5973,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_6varint_write_varint(CYTHON_UNUSED PyObject *__pyx_self, Py_ssize_t __pyx_v_number, PyObject *__pyx_v_buf) { Py_ssize_t __pyx_v_i; unsigned char __pyx_v_towrite; unsigned char __pyx_v_num_buf[32]; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations int __pyx_t_1; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; PyObject *__pyx_t_5 = NULL; __Pyx_RefNannySetupContext(""write_varint"", 0); __pyx_v_i = 0; while (1) { __pyx_v_towrite = (__pyx_v_number & 0x7f); __pyx_v_number = (__pyx_v_number >> 7); __pyx_t_1 = (__pyx_v_number != 0); if (__pyx_t_1) { (__pyx_v_num_buf[__pyx_v_i]) = (__pyx_v_towrite | 0x80); __pyx_v_i = (__pyx_v_i + 1); goto __pyx_L5; } { (__pyx_v_num_buf[__pyx_v_i]) = __pyx_v_towrite; __pyx_v_i = (__pyx_v_i + 1); goto __pyx_L4_break; } __pyx_L5:; } __pyx_L4_break:; __pyx_t_3 = __Pyx_PyObject_GetAttrStr(__pyx_v_buf, __pyx_n_s_write); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = PyBytes_FromStringAndSize(((char *)__pyx_v_num_buf), __pyx_v_i); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 26, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __pyx_t_5 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_3))) { __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3); if (likely(__pyx_t_5)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3); __Pyx_INCREF(__pyx_t_5); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_3, function); } } __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4); __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0; __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_r = Py_None; __Pyx_INCREF(Py_None); goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_XDECREF(__pyx_t_5); __Pyx_AddTraceback(""clickhouse_driver.varint.write_varint"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/varint.c,https://github.com/mymarilyn/clickhouse-driver,194558998648685,1 1155,CWE-264,"SYSCALL_DEFINE3(osf_sysinfo, int, command, char __user *, buf, long, count) { const char *sysinfo_table[] = { utsname()->sysname, utsname()->nodename, utsname()->release, utsname()->version, utsname()->machine, ""alpha"", ""dummy"", ""dummy"", ""dummy"", }; unsigned long offset; const char *res; long len, err = -EINVAL; offset = command-1; if (offset >= ARRAY_SIZE(sysinfo_table)) { printk(""sysinfo(%d)"", command); goto out; } down_read(&uts_sem); res = sysinfo_table[offset]; len = strlen(res)+1; if (len > count) len = count; if (copy_to_user(buf, res, len)) err = -EFAULT; else err = 0; up_read(&uts_sem); out: return err; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,17547188397697,1 1400,CWE-310,"static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_aead raead; struct aead_alg *aead = &alg->cra_aead; snprintf(raead.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""nivaead""); snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", aead->geniv); raead.blocksize = alg->cra_blocksize; raead.maxauthsize = aead->maxauthsize; raead.ivsize = aead->ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(struct crypto_report_aead), &raead)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/aead.c,https://github.com/torvalds/linux,196202653783542,1 6446,CWE-20,"error_t httpParseParam(const char_t **pos, HttpParam *param) { error_t error; size_t i; uint8_t c; bool_t escapeFlag; bool_t separatorFound; const char_t *p; if(pos == NULL || param == NULL) return ERROR_INVALID_PARAMETER; param->name = NULL; param->nameLen = 0; param->value = NULL; param->valueLen = 0; escapeFlag = FALSE; separatorFound = FALSE; error = ERROR_IN_PROGRESS; i = 0; p = *pos; while(error == ERROR_IN_PROGRESS) { c = (uint8_t) p[i]; if(param->name == NULL) { if(c == '\0') { error = ERROR_NOT_FOUND; } else if(c == ' ' || c == '\t' || c == ',' || c == ';') { } else if(isalnum(c) || strchr(""!#$%&'*+-.^_`|~"", c) || c >= 128) { param->name = p + i; } else { error = ERROR_INVALID_SYNTAX; } } else if(param->nameLen == 0) { if(c == '\0' || c == ',' || c == ';') { param->nameLen = p + i - param->name; error = NO_ERROR; } else if(c == ' ' || c == '\t') { param->nameLen = p + i - param->name; } else if(c == '=') { separatorFound = TRUE; param->nameLen = p + i - param->name; } else if(isalnum(c) || strchr(""!#$%&'*+-.^_`|~"", c) || c >= 128) { } else { error = ERROR_INVALID_SYNTAX; } } else if(!separatorFound) { if(c == '\0' || c == ',' || c == ';') { error = NO_ERROR; } else if(c == ' ' || c == '\t') { } else if(c == '=') { separatorFound = TRUE; } else if(c == '\""') { i = param->name + param->nameLen - p; error = NO_ERROR; } else if(isalnum(c) || strchr(""!#$%&'*+-.^_`|~"", c) || c >= 128) { i = param->name + param->nameLen - p; error = NO_ERROR; } else { error = ERROR_INVALID_SYNTAX; } } else if(param->value == NULL) { if(c == '\0' || c == ',' || c == ';') { error = NO_ERROR; } else if(c == ' ' || c == '\t') { } else if(c == '\""') { param->value = p + i; } else if(isalnum(c) || strchr(""!#$%&'*+-.^_`|~"", c) || c >= 128) { param->value = p + i; } else { error = ERROR_INVALID_SYNTAX; } } else { if(param->value[0] == '\""') { if(c == '\0') { error = ERROR_INVALID_SYNTAX; } else if(escapeFlag) { escapeFlag = FALSE; } else if(c == '\\') { escapeFlag = TRUE; } else if(c == '\""') { i++; param->valueLen = p + i - param->value; error = NO_ERROR; } else if(isprint(c) || c == '\t' || c >= 128) { } else { error = ERROR_INVALID_SYNTAX; } } else { if(c == '\0' || c == ' ' || c == '\t' || c == ',' || c == ';') { param->valueLen = p + i - param->value; error = NO_ERROR; } else if(isalnum(c) || strchr(""!#$%&'*+-.^_`|~"", c) || c >= 128) { } else { error = ERROR_INVALID_SYNTAX; } } } if(error == ERROR_IN_PROGRESS) i++; } if(param->valueLen >= 2 && param->value[0] == '\""') { param->value++; param->valueLen -= 2; } *pos = p + i; return error; }",visit repo url,http/http_common.c,https://github.com/Oryx-Embedded/CycloneTCP,114511070311640,1 3895,['CWE-399'],"static int chip_probe(struct i2c_client *client, const struct i2c_device_id *id) { struct CHIPSTATE *chip; struct CHIPDESC *desc; if (debug) { printk(KERN_INFO ""tvaudio: TV audio decoder + audio/video mux driver\n""); printk(KERN_INFO ""tvaudio: known chips: ""); for (desc = chiplist; desc->name != NULL; desc++) printk(""%s%s"", (desc == chiplist) ? """" : "", "", desc->name); printk(""\n""); } chip = kzalloc(sizeof(*chip),GFP_KERNEL); if (!chip) return -ENOMEM; chip->c = client; i2c_set_clientdata(client, chip); v4l_dbg(1, debug, client, ""chip found @ 0x%x\n"", client->addr<<1); for (desc = chiplist; desc->name != NULL; desc++) { if (0 == *(desc->insmodopt)) continue; if (client->addr < desc->addr_lo || client->addr > desc->addr_hi) continue; if (desc->checkit && !desc->checkit(chip)) continue; break; } if (desc->name == NULL) { v4l_dbg(1, debug, client, ""no matching chip description found\n""); kfree(chip); return -EIO; } v4l_info(client, ""%s found @ 0x%x (%s)\n"", desc->name, client->addr<<1, client->adapter->name); if (desc->flags) { v4l_dbg(1, debug, client, ""matches:%s%s%s.\n"", (desc->flags & CHIP_HAS_VOLUME) ? "" volume"" : """", (desc->flags & CHIP_HAS_BASSTREBLE) ? "" bass/treble"" : """", (desc->flags & CHIP_HAS_INPUTSEL) ? "" audiomux"" : """"); } if (!id) strlcpy(client->name, desc->name, I2C_NAME_SIZE); chip->desc = desc; chip->shadow.count = desc->registers+1; chip->prevmode = -1; chip->audmode = V4L2_TUNER_MODE_LANG1; if (desc->initialize != NULL) desc->initialize(chip); else chip_cmd(chip,""init"",&desc->init); if (desc->flags & CHIP_HAS_VOLUME) { if (!desc->volfunc) { v4l_info(chip->c, ""volume callback undefined!\n""); desc->flags &= ~CHIP_HAS_VOLUME; } else { chip->left = desc->leftinit ? desc->leftinit : 65535; chip->right = desc->rightinit ? desc->rightinit : 65535; chip_write(chip, desc->leftreg, desc->volfunc(chip->left)); chip_write(chip, desc->rightreg, desc->volfunc(chip->right)); } } if (desc->flags & CHIP_HAS_BASSTREBLE) { if (!desc->bassfunc || !desc->treblefunc) { v4l_info(chip->c, ""bass/treble callbacks undefined!\n""); desc->flags &= ~CHIP_HAS_BASSTREBLE; } else { chip->treble = desc->trebleinit ? desc->trebleinit : 32768; chip->bass = desc->bassinit ? desc->bassinit : 32768; chip_write(chip, desc->bassreg, desc->bassfunc(chip->bass)); chip_write(chip, desc->treblereg, desc->treblefunc(chip->treble)); } } chip->thread = NULL; if (desc->flags & CHIP_NEED_CHECKMODE) { if (!desc->getmode || !desc->setmode) { v4l_info(chip->c, ""set/get mode callbacks undefined!\n""); return 0; } init_timer(&chip->wt); chip->wt.function = chip_thread_wake; chip->wt.data = (unsigned long)chip; chip->thread = kthread_run(chip_thread, chip, chip->c->name); if (IS_ERR(chip->thread)) { v4l_warn(chip->c, ""%s: failed to create kthread\n"", chip->c->name); chip->thread = NULL; } } return 0; }",linux-2.6,,,122468557566930549182864768224845107840,0 3336,[],"static inline struct nlattr *nla_nest_compat_start(struct sk_buff *skb, int attrtype, int attrlen, const void *data) { struct nlattr *start = (struct nlattr *)skb_tail_pointer(skb); if (nla_put(skb, attrtype, attrlen, data) < 0) return NULL; if (nla_nest_start(skb, attrtype) == NULL) { nlmsg_trim(skb, start); return NULL; } return start; }",linux-2.6,,,234288185771463018672706069481049471328,0 3162,['CWE-189'],"jpc_enc_t *jpc_enc_create(jpc_enc_cp_t *cp, jas_stream_t *out, jas_image_t *image) { jpc_enc_t *enc; enc = 0; if (!(enc = jas_malloc(sizeof(jpc_enc_t)))) { goto error; } enc->image = image; enc->out = out; enc->cp = cp; enc->cstate = 0; enc->tmpstream = 0; enc->mrk = 0; enc->curtile = 0; if (!(enc->cstate = jpc_cstate_create())) { goto error; } enc->len = 0; enc->mainbodysize = 0; return enc; error: if (enc) { jpc_enc_destroy(enc); } return 0; }",jasper,,,205628816442217580886383607652323058121,0 4819,CWE-119,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 590,CWE-400,"static inline int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option) { unsigned char *opt = *option; unsigned char err_offset = 0; u8 opt_len = opt[1]; u8 opt_iter; if (opt_len < 8) { err_offset = 1; goto out; } if (get_unaligned_be32(&opt[2]) == 0) { err_offset = 2; goto out; } for (opt_iter = 6; opt_iter < opt_len;) { if (opt[opt_iter + 1] > (opt_len - opt_iter)) { err_offset = opt_iter + 1; goto out; } opt_iter += opt[opt_iter + 1]; } out: *option = opt + err_offset; return err_offset; }",visit repo url,include/net/cipso_ipv4.h,https://github.com/torvalds/linux,181037630405900,1 1588,[],"static void set_load_weight(struct task_struct *p) { if (task_has_rt_policy(p)) { p->se.load.weight = prio_to_weight[0] * 2; p->se.load.inv_weight = prio_to_wmult[0] >> 1; return; } if (p->policy == SCHED_IDLE) { p->se.load.weight = WEIGHT_IDLEPRIO; p->se.load.inv_weight = WMULT_IDLEPRIO; return; } p->se.load.weight = prio_to_weight[p->static_prio - MAX_RT_PRIO]; p->se.load.inv_weight = prio_to_wmult[p->static_prio - MAX_RT_PRIO]; }",linux-2.6,,,202079064819392705265216587261992109948,0 277,CWE-388,"static int handle_exception(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); struct kvm_run *kvm_run = vcpu->run; u32 intr_info, ex_no, error_code; unsigned long cr2, rip, dr6; u32 vect_info; enum emulation_result er; vect_info = vmx->idt_vectoring_info; intr_info = vmx->exit_intr_info; if (is_machine_check(intr_info)) return handle_machine_check(vcpu); if ((intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR) return 1; if (is_no_device(intr_info)) { vmx_fpu_activate(vcpu); return 1; } if (is_invalid_opcode(intr_info)) { if (is_guest_mode(vcpu)) { kvm_queue_exception(vcpu, UD_VECTOR); return 1; } er = emulate_instruction(vcpu, EMULTYPE_TRAP_UD); if (er != EMULATE_DONE) kvm_queue_exception(vcpu, UD_VECTOR); return 1; } error_code = 0; if (intr_info & INTR_INFO_DELIVER_CODE_MASK) error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE); if ((vect_info & VECTORING_INFO_VALID_MASK) && !(is_page_fault(intr_info) && !(error_code & PFERR_RSVD_MASK))) { vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_SIMUL_EX; vcpu->run->internal.ndata = 3; vcpu->run->internal.data[0] = vect_info; vcpu->run->internal.data[1] = intr_info; vcpu->run->internal.data[2] = error_code; return 0; } if (is_page_fault(intr_info)) { BUG_ON(enable_ept); cr2 = vmcs_readl(EXIT_QUALIFICATION); trace_kvm_page_fault(cr2, error_code); if (kvm_event_needs_reinjection(vcpu)) kvm_mmu_unprotect_page_virt(vcpu, cr2); return kvm_mmu_page_fault(vcpu, cr2, error_code, NULL, 0); } ex_no = intr_info & INTR_INFO_VECTOR_MASK; if (vmx->rmode.vm86_active && rmode_exception(vcpu, ex_no)) return handle_rmode_exception(vcpu, ex_no, error_code); switch (ex_no) { case AC_VECTOR: kvm_queue_exception_e(vcpu, AC_VECTOR, error_code); return 1; case DB_VECTOR: dr6 = vmcs_readl(EXIT_QUALIFICATION); if (!(vcpu->guest_debug & (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) { vcpu->arch.dr6 &= ~15; vcpu->arch.dr6 |= dr6 | DR6_RTM; if (!(dr6 & ~DR6_RESERVED)) skip_emulated_instruction(vcpu); kvm_queue_exception(vcpu, DB_VECTOR); return 1; } kvm_run->debug.arch.dr6 = dr6 | DR6_FIXED_1; kvm_run->debug.arch.dr7 = vmcs_readl(GUEST_DR7); case BP_VECTOR: vmx->vcpu.arch.event_exit_inst_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN); kvm_run->exit_reason = KVM_EXIT_DEBUG; rip = kvm_rip_read(vcpu); kvm_run->debug.arch.pc = vmcs_readl(GUEST_CS_BASE) + rip; kvm_run->debug.arch.exception = ex_no; break; default: kvm_run->exit_reason = KVM_EXIT_EXCEPTION; kvm_run->ex.exception = ex_no; kvm_run->ex.error_code = error_code; break; } return 0; }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,184426193914699,1 2049,CWE-772,"static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info) { struct hwsim_new_radio_params param = { 0 }; const char *hwname = NULL; int ret; param.reg_strict = info->attrs[HWSIM_ATTR_REG_STRICT_REG]; param.p2p_device = info->attrs[HWSIM_ATTR_SUPPORT_P2P_DEVICE]; param.channels = channels; param.destroy_on_close = info->attrs[HWSIM_ATTR_DESTROY_RADIO_ON_CLOSE]; if (info->attrs[HWSIM_ATTR_CHANNELS]) param.channels = nla_get_u32(info->attrs[HWSIM_ATTR_CHANNELS]); if (info->attrs[HWSIM_ATTR_NO_VIF]) param.no_vif = true; if (info->attrs[HWSIM_ATTR_RADIO_NAME]) { hwname = kasprintf(GFP_KERNEL, ""%.*s"", nla_len(info->attrs[HWSIM_ATTR_RADIO_NAME]), (char *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME])); if (!hwname) return -ENOMEM; param.hwname = hwname; } if (info->attrs[HWSIM_ATTR_USE_CHANCTX]) param.use_chanctx = true; else param.use_chanctx = (param.channels > 1); if (info->attrs[HWSIM_ATTR_REG_HINT_ALPHA2]) param.reg_alpha2 = nla_data(info->attrs[HWSIM_ATTR_REG_HINT_ALPHA2]); if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) { u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]); if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom)) return -EINVAL; param.regd = hwsim_world_regdom_custom[idx]; } ret = mac80211_hwsim_new_radio(info, ¶m); kfree(hwname); return ret; }",visit repo url,drivers/net/wireless/mac80211_hwsim.c,https://github.com/torvalds/linux,73336191265720,1 3478,CWE-295,"static int dbConnect(char *host, char *user, char *passwd) { DBUG_ENTER(""dbConnect""); if (verbose) { fprintf(stderr, ""# Connecting to %s...\n"", host ? host : ""localhost""); } mysql_init(&mysql_connection); if (opt_compress) mysql_options(&mysql_connection, MYSQL_OPT_COMPRESS, NullS); #ifdef HAVE_OPENSSL if (opt_use_ssl) { mysql_ssl_set(&mysql_connection, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(&mysql_connection, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } #endif if (opt_protocol) mysql_options(&mysql_connection,MYSQL_OPT_PROTOCOL,(char*)&opt_protocol); if (opt_bind_addr) mysql_options(&mysql_connection, MYSQL_OPT_BIND, opt_bind_addr); #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) if (shared_memory_base_name) mysql_options(&mysql_connection,MYSQL_SHARED_MEMORY_BASE_NAME,shared_memory_base_name); #endif if (opt_plugin_dir && *opt_plugin_dir) mysql_options(&mysql_connection, MYSQL_PLUGIN_DIR, opt_plugin_dir); if (opt_default_auth && *opt_default_auth) mysql_options(&mysql_connection, MYSQL_DEFAULT_AUTH, opt_default_auth); mysql_options(&mysql_connection, MYSQL_SET_CHARSET_NAME, default_charset); mysql_options(&mysql_connection, MYSQL_OPT_CONNECT_ATTR_RESET, 0); mysql_options4(&mysql_connection, MYSQL_OPT_CONNECT_ATTR_ADD, ""program_name"", ""mysqlcheck""); if (!(sock = mysql_real_connect(&mysql_connection, host, user, passwd, NULL, opt_mysql_port, opt_mysql_unix_port, 0))) { DBerror(&mysql_connection, ""when trying to connect""); DBUG_RETURN(1); } mysql_connection.reconnect= 1; DBUG_RETURN(0); } ",visit repo url,client/mysqlcheck.c,https://github.com/mysql/mysql-server,93275647031335,1 443,CWE-200,"static int __fpu__restore_sig(void __user *buf, void __user *buf_fx, int size) { int ia32_fxstate = (buf != buf_fx); struct task_struct *tsk = current; struct fpu *fpu = &tsk->thread.fpu; int state_size = fpu_kernel_xstate_size; u64 xfeatures = 0; int fx_only = 0; ia32_fxstate &= (IS_ENABLED(CONFIG_X86_32) || IS_ENABLED(CONFIG_IA32_EMULATION)); if (!buf) { fpu__clear(fpu); return 0; } if (!access_ok(VERIFY_READ, buf, size)) return -EACCES; fpu__activate_curr(fpu); if (!static_cpu_has(X86_FEATURE_FPU)) return fpregs_soft_set(current, NULL, 0, sizeof(struct user_i387_ia32_struct), NULL, buf) != 0; if (use_xsave()) { struct _fpx_sw_bytes fx_sw_user; if (unlikely(check_for_xstate(buf_fx, buf_fx, &fx_sw_user))) { state_size = sizeof(struct fxregs_state); fx_only = 1; trace_x86_fpu_xstate_check_failed(fpu); } else { state_size = fx_sw_user.xstate_size; xfeatures = fx_sw_user.xfeatures; } } if (ia32_fxstate) { struct fpu *fpu = &tsk->thread.fpu; struct user_i387_ia32_struct env; int err = 0; fpu__drop(fpu); if (using_compacted_format()) err = copy_user_to_xstate(&fpu->state.xsave, buf_fx); else err = __copy_from_user(&fpu->state.xsave, buf_fx, state_size); if (err || __copy_from_user(&env, buf, sizeof(env))) { fpstate_init(&fpu->state); trace_x86_fpu_init_state(fpu); err = -1; } else { sanitize_restored_xstate(tsk, &env, xfeatures, fx_only); } fpu->fpstate_active = 1; preempt_disable(); fpu__restore(fpu); preempt_enable(); return err; } else { user_fpu_begin(); if (copy_user_to_fpregs_zeroing(buf_fx, xfeatures, fx_only)) { fpu__clear(fpu); return -1; } } return 0; }",visit repo url,arch/x86/kernel/fpu/signal.c,https://github.com/torvalds/linux,236820772678225,1 2605,CWE-415,"void gdImageGifCtx(gdImagePtr im, gdIOCtxPtr out) { gdImagePtr pim = 0, tim = im; int interlace, BitsPerPixel; interlace = im->interlace; if (im->trueColor) { pim = gdImageCreatePaletteFromTrueColor(im, 1, 256); if (!pim) { return; } tim = pim; } BitsPerPixel = colorstobpp(tim->colorsTotal); GIFEncode( out, tim->sx, tim->sy, tim->interlace, 0, tim->transparent, BitsPerPixel, tim->red, tim->green, tim->blue, tim); if (pim) { gdImageDestroy( pim); } }",visit repo url,ext/gd/libgd/gd_gif_out.c,https://github.com/php/php-src,58936219425175,1 5036,CWE-191,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 2711,CWE-190,"SPL_METHOD(FilesystemIterator, current) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } if (SPL_FILE_DIR_CURRENT(intern, SPL_FILE_DIR_CURRENT_AS_PATHNAME)) { spl_filesystem_object_get_file_name(intern TSRMLS_CC); RETURN_STRINGL(intern->file_name, intern->file_name_len, 1); } else if (SPL_FILE_DIR_CURRENT(intern, SPL_FILE_DIR_CURRENT_AS_FILEINFO)) { spl_filesystem_object_get_file_name(intern TSRMLS_CC); spl_filesystem_object_create_type(0, intern, SPL_FS_INFO, NULL, return_value TSRMLS_CC); } else { RETURN_ZVAL(getThis(), 1, 0); } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,72047766440079,1 6212,['CWE-200'],"static int tc_dump_qdisc(struct sk_buff *skb, struct netlink_callback *cb) { int idx, q_idx; int s_idx, s_q_idx; struct net_device *dev; struct Qdisc *q; s_idx = cb->args[0]; s_q_idx = q_idx = cb->args[1]; read_lock(&dev_base_lock); for (dev=dev_base, idx=0; dev; dev = dev->next, idx++) { if (idx < s_idx) continue; if (idx > s_idx) s_q_idx = 0; read_lock_bh(&qdisc_tree_lock); q_idx = 0; list_for_each_entry(q, &dev->qdisc_list, list) { if (q_idx < s_q_idx) { q_idx++; continue; } if (tc_fill_qdisc(skb, q, q->parent, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWQDISC) <= 0) { read_unlock_bh(&qdisc_tree_lock); goto done; } q_idx++; } read_unlock_bh(&qdisc_tree_lock); } done: read_unlock(&dev_base_lock); cb->args[0] = idx; cb->args[1] = q_idx; return skb->len; }",linux-2.6,,,73214799837761405834393678953316511396,0 339,['CWE-20'],"ptrace_set_thread_area(struct task_struct *child, int idx, struct user_desc __user *user_desc) { struct user_desc info; struct desc_struct *desc; if (copy_from_user(&info, user_desc, sizeof(info))) return -EFAULT; if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) return -EINVAL; desc = child->thread.tls_array + idx - GDT_ENTRY_TLS_MIN; if (LDT_empty(&info)) { desc->a = 0; desc->b = 0; } else { desc->a = LDT_entry_a(&info); desc->b = LDT_entry_b(&info); } return 0; }",linux-2.6,,,315817586814742649221782467968836860392,0 4168,CWE-787,"rfbHandleAuthResult(rfbClient* client) { uint32_t authResult=0, reasonLen=0; char *reason=NULL; if (!ReadFromRFBServer(client, (char *)&authResult, 4)) return FALSE; authResult = rfbClientSwap32IfLE(authResult); switch (authResult) { case rfbVncAuthOK: rfbClientLog(""VNC authentication succeeded\n""); return TRUE; break; case rfbVncAuthFailed: if (client->major==3 && client->minor>7) { if (!ReadFromRFBServer(client, (char *)&reasonLen, 4)) return FALSE; reasonLen = rfbClientSwap32IfLE(reasonLen); reason = malloc((uint64_t)reasonLen+1); if (!ReadFromRFBServer(client, reason, reasonLen)) { free(reason); return FALSE; } reason[reasonLen]=0; rfbClientLog(""VNC connection failed: %s\n"",reason); free(reason); return FALSE; } rfbClientLog(""VNC authentication failed\n""); return FALSE; case rfbVncAuthTooMany: rfbClientLog(""VNC authentication failed - too many tries\n""); return FALSE; } rfbClientLog(""Unknown VNC authentication result: %d\n"", (int)authResult); return FALSE; }",visit repo url,libvncclient/rfbproto.c,https://github.com/LibVNC/libvncserver,214730658977315,1 148,NVD-CWE-noinfo,"struct vfsmount *clone_private_mount(const struct path *path) { struct mount *old_mnt = real_mount(path->mnt); struct mount *new_mnt; if (IS_MNT_UNBINDABLE(old_mnt)) return ERR_PTR(-EINVAL); new_mnt = clone_mnt(old_mnt, path->dentry, CL_PRIVATE); if (IS_ERR(new_mnt)) return ERR_CAST(new_mnt); new_mnt->mnt_ns = MNT_NS_INTERNAL; return &new_mnt->mnt; }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,200345046608801,1 1695,CWE-399,"static void unix_detach_fds(struct scm_cookie *scm, struct sk_buff *skb) { int i; scm->fp = UNIXCB(skb).fp; UNIXCB(skb).fp = NULL; for (i = scm->fp->count-1; i >= 0; i--) unix_notinflight(scm->fp->fp[i]); }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,211872096736497,1 5347,CWE-668,"static void prefetch_table(const volatile byte *tab, size_t len) { size_t i; for (i = 0; i < len; i += 8 * 32) { (void)tab[i + 0 * 32]; (void)tab[i + 1 * 32]; (void)tab[i + 2 * 32]; (void)tab[i + 3 * 32]; (void)tab[i + 4 * 32]; (void)tab[i + 5 * 32]; (void)tab[i + 6 * 32]; (void)tab[i + 7 * 32]; } (void)tab[len - 1]; }",visit repo url,cipher/rijndael.c,https://github.com/gpg/libgcrypt,251595266162661,1 6155,CWE-190,"static void ep2_mul_fix_plain(ep2_t r, const ep2_t *table, const bn_t k) { int len, i, n; int8_t naf[2 * RLC_FP_BITS + 1], *t; if (bn_is_zero(k)) { ep2_set_infty(r); return; } len = 2 * RLC_FP_BITS + 1; bn_rec_naf(naf, &len, k, EP_DEPTH); t = naf + len - 1; ep2_set_infty(r); for (i = len - 1; i >= 0; i--, t--) { ep2_dbl(r, r); n = *t; if (n > 0) { ep2_add(r, r, table[n / 2]); } if (n < 0) { ep2_sub(r, r, table[-n / 2]); } } ep2_norm(r, r); if (bn_sign(k) == RLC_NEG) { ep2_neg(r, r); } }",visit repo url,src/epx/relic_ep2_mul_fix.c,https://github.com/relic-toolkit/relic,221323225624665,1 1163,CWE-400,"static irqreturn_t armv7pmu_handle_irq(int irq_num, void *dev) { unsigned long pmnc; struct perf_sample_data data; struct cpu_hw_events *cpuc; struct pt_regs *regs; int idx; pmnc = armv7_pmnc_getreset_flags(); if (!armv7_pmnc_has_overflowed(pmnc)) return IRQ_NONE; regs = get_irq_regs(); perf_sample_data_init(&data, 0); cpuc = &__get_cpu_var(cpu_hw_events); for (idx = 0; idx <= armpmu->num_events; ++idx) { struct perf_event *event = cpuc->events[idx]; struct hw_perf_event *hwc; if (!test_bit(idx, cpuc->active_mask)) continue; if (!armv7_pmnc_counter_has_overflowed(pmnc, idx)) continue; hwc = &event->hw; armpmu_event_update(event, hwc, idx, 1); data.period = event->hw.last_period; if (!armpmu_event_set_period(event, hwc, idx)) continue; if (perf_event_overflow(event, 0, &data, regs)) armpmu->disable(hwc, idx); } irq_work_run(); return IRQ_HANDLED; }",visit repo url,arch/arm/kernel/perf_event_v7.c,https://github.com/torvalds/linux,142212285834582,1 1484,[],"static u64 sched_vslice_add(struct cfs_rq *cfs_rq, struct sched_entity *se) { unsigned long nr_running = cfs_rq->nr_running; if (!se->on_rq) nr_running++; return __sched_period(nr_running); }",linux-2.6,,,121143124604536479535312093930774179575,0 499,[],"int snd_dma_alloc_pages(int type, struct device *device, size_t size, struct snd_dma_buffer *dmab) { snd_assert(size > 0, return -ENXIO); snd_assert(dmab != NULL, return -ENXIO); dmab->dev.type = type; dmab->dev.dev = device; dmab->bytes = 0; switch (type) { case SNDRV_DMA_TYPE_CONTINUOUS: dmab->area = snd_malloc_pages(size, (unsigned long)device); dmab->addr = 0; break; #ifdef CONFIG_SBUS case SNDRV_DMA_TYPE_SBUS: dmab->area = snd_malloc_sbus_pages(device, size, &dmab->addr); break; #endif case SNDRV_DMA_TYPE_DEV: dmab->area = snd_malloc_dev_pages(device, size, &dmab->addr); break; case SNDRV_DMA_TYPE_DEV_SG: snd_malloc_sgbuf_pages(device, size, dmab, NULL); break; default: printk(KERN_ERR ""snd-malloc: invalid device type %d\n"", type); dmab->area = NULL; dmab->addr = 0; return -ENXIO; } if (! dmab->area) return -ENOMEM; dmab->bytes = size; return 0; }",linux-2.6,,,194537710161809115285795466800317548892,0 997,CWE-20,"parse_rock_ridge_inode_internal(struct iso_directory_record *de, struct inode *inode, int regard_xa) { int symlink_len = 0; int cnt, sig; struct inode *reloc; struct rock_ridge *rr; int rootflag; struct rock_state rs; int ret = 0; if (!ISOFS_SB(inode->i_sb)->s_rock) return 0; init_rock_state(&rs, inode); setup_rock_ridge(de, inode, &rs); if (regard_xa) { rs.chr += 14; rs.len -= 14; if (rs.len < 0) rs.len = 0; } repeat: while (rs.len > 2) { rr = (struct rock_ridge *)rs.chr; if (rr->len < 3) goto out; sig = isonum_721(rs.chr); if (rock_check_overflow(&rs, sig)) goto eio; rs.chr += rr->len; rs.len -= rr->len; if (rs.len < 0) goto out; switch (sig) { #ifndef CONFIG_ZISOFS case SIG('R', 'R'): if ((rr->u.RR.flags[0] & (RR_PX | RR_TF | RR_SL | RR_CL)) == 0) goto out; break; #endif case SIG('S', 'P'): if (check_sp(rr, inode)) goto out; break; case SIG('C', 'E'): rs.cont_extent = isonum_733(rr->u.CE.extent); rs.cont_offset = isonum_733(rr->u.CE.offset); rs.cont_size = isonum_733(rr->u.CE.size); break; case SIG('E', 'R'): ISOFS_SB(inode->i_sb)->s_rock = 1; printk(KERN_DEBUG ""ISO 9660 Extensions: ""); { int p; for (p = 0; p < rr->u.ER.len_id; p++) printk(""%c"", rr->u.ER.data[p]); } printk(""\n""); break; case SIG('P', 'X'): inode->i_mode = isonum_733(rr->u.PX.mode); set_nlink(inode, isonum_733(rr->u.PX.n_links)); i_uid_write(inode, isonum_733(rr->u.PX.uid)); i_gid_write(inode, isonum_733(rr->u.PX.gid)); break; case SIG('P', 'N'): { int high, low; high = isonum_733(rr->u.PN.dev_high); low = isonum_733(rr->u.PN.dev_low); if ((low & ~0xff) && high == 0) { inode->i_rdev = MKDEV(low >> 8, low & 0xff); } else { inode->i_rdev = MKDEV(high, low); } } break; case SIG('T', 'F'): cnt = 0; if (rr->u.TF.flags & TF_CREATE) { inode->i_ctime.tv_sec = iso_date(rr->u.TF.times[cnt++].time, 0); inode->i_ctime.tv_nsec = 0; } if (rr->u.TF.flags & TF_MODIFY) { inode->i_mtime.tv_sec = iso_date(rr->u.TF.times[cnt++].time, 0); inode->i_mtime.tv_nsec = 0; } if (rr->u.TF.flags & TF_ACCESS) { inode->i_atime.tv_sec = iso_date(rr->u.TF.times[cnt++].time, 0); inode->i_atime.tv_nsec = 0; } if (rr->u.TF.flags & TF_ATTRIBUTES) { inode->i_ctime.tv_sec = iso_date(rr->u.TF.times[cnt++].time, 0); inode->i_ctime.tv_nsec = 0; } break; case SIG('S', 'L'): { int slen; struct SL_component *slp; struct SL_component *oldslp; slen = rr->len - 5; slp = &rr->u.SL.link; inode->i_size = symlink_len; while (slen > 1) { rootflag = 0; switch (slp->flags & ~1) { case 0: inode->i_size += slp->len; break; case 2: inode->i_size += 1; break; case 4: inode->i_size += 2; break; case 8: rootflag = 1; inode->i_size += 1; break; default: printk(""Symlink component flag "" ""not implemented\n""); } slen -= slp->len + 2; oldslp = slp; slp = (struct SL_component *) (((char *)slp) + slp->len + 2); if (slen < 2) { if (((rr->u.SL. flags & 1) != 0) && ((oldslp-> flags & 1) == 0)) inode->i_size += 1; break; } if (!rootflag && (oldslp->flags & 1) == 0) inode->i_size += 1; } } symlink_len = inode->i_size; break; case SIG('R', 'E'): printk(KERN_WARNING ""Attempt to read inode for "" ""relocated directory\n""); goto out; case SIG('C', 'L'): ISOFS_I(inode)->i_first_extent = isonum_733(rr->u.CL.location); reloc = isofs_iget(inode->i_sb, ISOFS_I(inode)->i_first_extent, 0); if (IS_ERR(reloc)) { ret = PTR_ERR(reloc); goto out; } inode->i_mode = reloc->i_mode; set_nlink(inode, reloc->i_nlink); inode->i_uid = reloc->i_uid; inode->i_gid = reloc->i_gid; inode->i_rdev = reloc->i_rdev; inode->i_size = reloc->i_size; inode->i_blocks = reloc->i_blocks; inode->i_atime = reloc->i_atime; inode->i_ctime = reloc->i_ctime; inode->i_mtime = reloc->i_mtime; iput(reloc); break; #ifdef CONFIG_ZISOFS case SIG('Z', 'F'): { int algo; if (ISOFS_SB(inode->i_sb)->s_nocompress) break; algo = isonum_721(rr->u.ZF.algorithm); if (algo == SIG('p', 'z')) { int block_shift = isonum_711(&rr->u.ZF.parms[1]); if (block_shift > 17) { printk(KERN_WARNING ""isofs: "" ""Can't handle ZF block "" ""size of 2^%d\n"", block_shift); } else { ISOFS_I(inode)->i_file_format = isofs_file_compressed; ISOFS_I(inode)->i_format_parm[0] = isonum_711(&rr->u.ZF.parms[0]); ISOFS_I(inode)->i_format_parm[1] = isonum_711(&rr->u.ZF.parms[1]); inode->i_size = isonum_733(rr->u.ZF. real_size); } } else { printk(KERN_WARNING ""isofs: Unknown ZF compression "" ""algorithm: %c%c\n"", rr->u.ZF.algorithm[0], rr->u.ZF.algorithm[1]); } break; } #endif default: break; } } ret = rock_continue(&rs); if (ret == 0) goto repeat; if (ret == 1) ret = 0; out: kfree(rs.buffer); return ret; eio: ret = -EIO; goto out; }",visit repo url,fs/isofs/rock.c,https://github.com/torvalds/linux,169730773672138,1 2679,[],"static struct sctp_endpoint *sctp_endpoint_init(struct sctp_endpoint *ep, struct sock *sk, gfp_t gfp) { struct sctp_hmac_algo_param *auth_hmacs = NULL; struct sctp_chunks_param *auth_chunks = NULL; struct sctp_shared_key *null_key; int err; memset(ep, 0, sizeof(struct sctp_endpoint)); ep->digest = kzalloc(SCTP_SIGNATURE_SIZE, gfp); if (!ep->digest) return NULL; if (sctp_auth_enable) { auth_hmacs = kzalloc(sizeof(sctp_hmac_algo_param_t) + sizeof(__u16) * SCTP_AUTH_NUM_HMACS, gfp); if (!auth_hmacs) goto nomem; auth_chunks = kzalloc(sizeof(sctp_chunks_param_t) + SCTP_NUM_CHUNK_TYPES, gfp); if (!auth_chunks) goto nomem; auth_hmacs->param_hdr.type = SCTP_PARAM_HMAC_ALGO; auth_hmacs->param_hdr.length = htons(sizeof(sctp_paramhdr_t) + 2); auth_hmacs->hmac_ids[0] = htons(SCTP_AUTH_HMAC_ID_SHA1); auth_chunks->param_hdr.type = SCTP_PARAM_CHUNKS; auth_chunks->param_hdr.length = htons(sizeof(sctp_paramhdr_t)); if (sctp_addip_enable) { auth_chunks->chunks[0] = SCTP_CID_ASCONF; auth_chunks->chunks[1] = SCTP_CID_ASCONF_ACK; auth_chunks->param_hdr.length += htons(2); } } ep->base.type = SCTP_EP_TYPE_SOCKET; atomic_set(&ep->base.refcnt, 1); ep->base.dead = 0; ep->base.malloced = 1; sctp_inq_init(&ep->base.inqueue); sctp_inq_set_th_handler(&ep->base.inqueue, sctp_endpoint_bh_rcv); sctp_bind_addr_init(&ep->base.bind_addr, 0); ep->base.sk = sk; sock_hold(ep->base.sk); INIT_LIST_HEAD(&ep->asocs); ep->sndbuf_policy = sctp_sndbuf_policy; sk->sk_write_space = sctp_write_space; sock_set_flag(sk, SOCK_USE_WRITE_QUEUE); ep->rcvbuf_policy = sctp_rcvbuf_policy; get_random_bytes(&ep->secret_key[0], SCTP_SECRET_SIZE); ep->last_key = ep->current_key = 0; ep->key_changed_at = jiffies; INIT_LIST_HEAD(&ep->endpoint_shared_keys); null_key = sctp_auth_shkey_create(0, GFP_KERNEL); if (!null_key) goto nomem; list_add(&null_key->key_list, &ep->endpoint_shared_keys); err = sctp_auth_init_hmacs(ep, gfp); if (err) goto nomem_hmacs; ep->auth_hmacs_list = auth_hmacs; ep->auth_chunk_list = auth_chunks; return ep; nomem_hmacs: sctp_auth_destroy_keys(&ep->endpoint_shared_keys); nomem: kfree(auth_hmacs); kfree(auth_chunks); kfree(ep->digest); return NULL; }",linux-2.6,,,162097427297325829798395848103185981302,0 169,[],"asmlinkage long compat_sys_newfstatat(unsigned int dfd, char __user *filename, struct compat_stat __user *statbuf, int flag) { struct kstat stat; int error = -EINVAL; if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0) goto out; if (flag & AT_SYMLINK_NOFOLLOW) error = vfs_lstat_fd(dfd, filename, &stat); else error = vfs_stat_fd(dfd, filename, &stat); if (!error) error = cp_compat_stat(&stat, statbuf); out: return error; }",linux-2.6,,,334213617320220673573097156903603746183,0 3351,CWE-119,"test_read_integer_error (xd3_stream *stream, usize_t trunto, const char *msg) { uint64_t eval = 1ULL << 34; uint32_t rval; xd3_output *buf = NULL; const uint8_t *max; const uint8_t *inp; int ret; buf = xd3_alloc_output (stream, buf); if ((ret = xd3_emit_uint64_t (stream, & buf, eval))) { goto fail; } again: inp = buf->base; max = buf->base + buf->next - trunto; if ((ret = xd3_read_uint32_t (stream, & inp, max, & rval)) != XD3_INVALID_INPUT || !MSG_IS (msg)) { ret = XD3_INTERNAL; } else if (trunto && trunto < buf->next) { trunto += 1; goto again; } else { ret = 0; } fail: xd3_free_output (stream, buf); return ret; }",visit repo url,xdelta3/xdelta3-test.h,https://github.com/jmacd/xdelta-devel,252954776541299,1 2455,CWE-119,"static int scsi_disk_emulate_command(SCSIDiskReq *r, uint8_t *outbuf) { SCSIRequest *req = &r->req; SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); uint64_t nb_sectors; int buflen = 0; switch (req->cmd.buf[0]) { case TEST_UNIT_READY: if (s->tray_open || !bdrv_is_inserted(s->bs)) goto not_ready; break; case INQUIRY: buflen = scsi_disk_emulate_inquiry(req, outbuf); if (buflen < 0) goto illegal_request; break; case MODE_SENSE: case MODE_SENSE_10: buflen = scsi_disk_emulate_mode_sense(r, outbuf); if (buflen < 0) goto illegal_request; break; case READ_TOC: buflen = scsi_disk_emulate_read_toc(req, outbuf); if (buflen < 0) goto illegal_request; break; case RESERVE: if (req->cmd.buf[1] & 1) goto illegal_request; break; case RESERVE_10: if (req->cmd.buf[1] & 3) goto illegal_request; break; case RELEASE: if (req->cmd.buf[1] & 1) goto illegal_request; break; case RELEASE_10: if (req->cmd.buf[1] & 3) goto illegal_request; break; case START_STOP: if (scsi_disk_emulate_start_stop(r) < 0) { return -1; } break; case ALLOW_MEDIUM_REMOVAL: s->tray_locked = req->cmd.buf[4] & 1; bdrv_lock_medium(s->bs, req->cmd.buf[4] & 1); break; case READ_CAPACITY_10: memset(outbuf, 0, 8); bdrv_get_geometry(s->bs, &nb_sectors); if (!nb_sectors) goto not_ready; nb_sectors /= s->cluster_size; nb_sectors--; s->max_lba = nb_sectors; if (nb_sectors > UINT32_MAX) nb_sectors = UINT32_MAX; outbuf[0] = (nb_sectors >> 24) & 0xff; outbuf[1] = (nb_sectors >> 16) & 0xff; outbuf[2] = (nb_sectors >> 8) & 0xff; outbuf[3] = nb_sectors & 0xff; outbuf[4] = 0; outbuf[5] = 0; outbuf[6] = s->cluster_size * 2; outbuf[7] = 0; buflen = 8; break; case GET_CONFIGURATION: memset(outbuf, 0, 8); outbuf[7] = 8; buflen = 8; break; case SERVICE_ACTION_IN_16: if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) { DPRINTF(""SAI READ CAPACITY(16)\n""); memset(outbuf, 0, req->cmd.xfer); bdrv_get_geometry(s->bs, &nb_sectors); if (!nb_sectors) goto not_ready; nb_sectors /= s->cluster_size; nb_sectors--; s->max_lba = nb_sectors; outbuf[0] = (nb_sectors >> 56) & 0xff; outbuf[1] = (nb_sectors >> 48) & 0xff; outbuf[2] = (nb_sectors >> 40) & 0xff; outbuf[3] = (nb_sectors >> 32) & 0xff; outbuf[4] = (nb_sectors >> 24) & 0xff; outbuf[5] = (nb_sectors >> 16) & 0xff; outbuf[6] = (nb_sectors >> 8) & 0xff; outbuf[7] = nb_sectors & 0xff; outbuf[8] = 0; outbuf[9] = 0; outbuf[10] = s->cluster_size * 2; outbuf[11] = 0; outbuf[12] = 0; outbuf[13] = get_physical_block_exp(&s->qdev.conf); if (s->qdev.conf.discard_granularity) { outbuf[14] = 0x80; } buflen = req->cmd.xfer; break; } DPRINTF(""Unsupported Service Action In\n""); goto illegal_request; case VERIFY_10: break; default: scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); return -1; } return buflen; not_ready: if (s->tray_open || !bdrv_is_inserted(s->bs)) { scsi_check_condition(r, SENSE_CODE(NO_MEDIUM)); } else { scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY)); } return -1; illegal_request: if (r->req.status == -1) { scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); } return -1; }",visit repo url,hw/scsi-disk.c,https://github.com/bonzini/qemu,21224691108156,1 526,CWE-763,"static void pcrypt_free(struct crypto_instance *inst) { struct pcrypt_instance_ctx *ctx = crypto_instance_ctx(inst); crypto_drop_aead(&ctx->spawn); kfree(inst); }",visit repo url,crypto/pcrypt.c,https://github.com/torvalds/linux,153536760824152,1 1234,CWE-400,"static void watchdog_overflow_callback(struct perf_event *event, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { event->hw.interrupts = 0; if (__this_cpu_read(watchdog_nmi_touch) == true) { __this_cpu_write(watchdog_nmi_touch, false); return; } if (is_hardlockup()) { int this_cpu = smp_processor_id(); if (__this_cpu_read(hard_watchdog_warn) == true) return; if (hardlockup_panic) panic(""Watchdog detected hard LOCKUP on cpu %d"", this_cpu); else WARN(1, ""Watchdog detected hard LOCKUP on cpu %d"", this_cpu); __this_cpu_write(hard_watchdog_warn, true); return; } __this_cpu_write(hard_watchdog_warn, false); return; }",visit repo url,kernel/watchdog.c,https://github.com/torvalds/linux,193686879550622,1 680,[],"jpc_ms_t *jpc_ms_create(int type) { jpc_ms_t *ms; jpc_mstabent_t *mstabent; if (!(ms = jas_malloc(sizeof(jpc_ms_t)))) { return 0; } ms->id = type; ms->len = 0; mstabent = jpc_mstab_lookup(ms->id); ms->ops = &mstabent->ops; memset(&ms->parms, 0, sizeof(jpc_msparms_t)); return ms; }",jasper,,,283294162198449252466718213281743044787,0 972,CWE-190,"static int snd_ctl_elem_add(struct snd_ctl_file *file, struct snd_ctl_elem_info *info, int replace) { struct snd_card *card = file->card; struct snd_kcontrol kctl, *_kctl; unsigned int access; long private_size; struct user_element *ue; int idx, err; if (!replace && card->user_ctl_count >= MAX_USER_CONTROLS) return -ENOMEM; if (info->count < 1) return -EINVAL; access = info->access == 0 ? SNDRV_CTL_ELEM_ACCESS_READWRITE : (info->access & (SNDRV_CTL_ELEM_ACCESS_READWRITE| SNDRV_CTL_ELEM_ACCESS_INACTIVE| SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE)); info->id.numid = 0; memset(&kctl, 0, sizeof(kctl)); down_write(&card->controls_rwsem); _kctl = snd_ctl_find_id(card, &info->id); err = 0; if (_kctl) { if (replace) err = snd_ctl_remove(card, _kctl); else err = -EBUSY; } else { if (replace) err = -ENOENT; } up_write(&card->controls_rwsem); if (err < 0) return err; memcpy(&kctl.id, &info->id, sizeof(info->id)); kctl.count = info->owner ? info->owner : 1; access |= SNDRV_CTL_ELEM_ACCESS_USER; if (info->type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) kctl.info = snd_ctl_elem_user_enum_info; else kctl.info = snd_ctl_elem_user_info; if (access & SNDRV_CTL_ELEM_ACCESS_READ) kctl.get = snd_ctl_elem_user_get; if (access & SNDRV_CTL_ELEM_ACCESS_WRITE) kctl.put = snd_ctl_elem_user_put; if (access & SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE) { kctl.tlv.c = snd_ctl_elem_user_tlv; access |= SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; } switch (info->type) { case SNDRV_CTL_ELEM_TYPE_BOOLEAN: case SNDRV_CTL_ELEM_TYPE_INTEGER: private_size = sizeof(long); if (info->count > 128) return -EINVAL; break; case SNDRV_CTL_ELEM_TYPE_INTEGER64: private_size = sizeof(long long); if (info->count > 64) return -EINVAL; break; case SNDRV_CTL_ELEM_TYPE_ENUMERATED: private_size = sizeof(unsigned int); if (info->count > 128 || info->value.enumerated.items == 0) return -EINVAL; break; case SNDRV_CTL_ELEM_TYPE_BYTES: private_size = sizeof(unsigned char); if (info->count > 512) return -EINVAL; break; case SNDRV_CTL_ELEM_TYPE_IEC958: private_size = sizeof(struct snd_aes_iec958); if (info->count != 1) return -EINVAL; break; default: return -EINVAL; } private_size *= info->count; ue = kzalloc(sizeof(struct user_element) + private_size, GFP_KERNEL); if (ue == NULL) return -ENOMEM; ue->card = card; ue->info = *info; ue->info.access = 0; ue->elem_data = (char *)ue + sizeof(*ue); ue->elem_data_size = private_size; if (ue->info.type == SNDRV_CTL_ELEM_TYPE_ENUMERATED) { err = snd_ctl_elem_init_enum_names(ue); if (err < 0) { kfree(ue); return err; } } kctl.private_free = snd_ctl_elem_user_free; _kctl = snd_ctl_new(&kctl, access); if (_kctl == NULL) { kfree(ue->priv_data); kfree(ue); return -ENOMEM; } _kctl->private_data = ue; for (idx = 0; idx < _kctl->count; idx++) _kctl->vd[idx].owner = file; err = snd_ctl_add(card, _kctl); if (err < 0) return err; down_write(&card->controls_rwsem); card->user_ctl_count++; up_write(&card->controls_rwsem); return 0; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,94360227213978,1 5615,CWE-125,"handle_keywordonly_args(struct compiling *c, const node *n, int start, asdl_seq *kwonlyargs, asdl_seq *kwdefaults) { PyObject *argname; node *ch; expr_ty expression, annotation; arg_ty arg; int i = start; int j = 0; if (kwonlyargs == NULL) { ast_error(c, CHILD(n, start), ""named arguments must follow bare *""); return -1; } assert(kwdefaults != NULL); while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case vfpdef: case tfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) goto error; asdl_seq_SET(kwdefaults, j, expression); i += 2; } else { asdl_seq_SET(kwdefaults, j, NULL); } if (NCH(ch) == 3) { annotation = ast_for_expr(c, CHILD(ch, 2)); if (!annotation) goto error; } else { annotation = NULL; } ch = CHILD(ch, 0); argname = NEW_IDENTIFIER(ch); if (!argname) goto error; if (forbidden_name(c, argname, ch, 0)) goto error; arg = arg(argname, annotation, NULL, LINENO(ch), ch->n_col_offset, c->c_arena); if (!arg) goto error; asdl_seq_SET(kwonlyargs, j++, arg); i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; break; case TYPE_COMMENT: arg->type_comment = NEW_TYPE_COMMENT(ch); i += 1; break; case DOUBLESTAR: return i; default: ast_error(c, ch, ""unexpected node""); goto error; } } return i; error: return -1; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,128017593026688,1 640,[],"void dccp_hash(struct sock *sk) { inet_hash(&dccp_hashinfo, sk); }",linux-2.6,,,205689728517582790975232825167068006494,0 2960,['CWE-189'],"static jpc_enc_tcmpt_t *tcmpt_create(jpc_enc_tcmpt_t *tcmpt, jpc_enc_cp_t *cp, jas_image_t *image, jpc_enc_tile_t *tile) { uint_fast16_t cmptno; uint_fast16_t rlvlno; jpc_enc_rlvl_t *rlvl; uint_fast32_t tlx; uint_fast32_t tly; uint_fast32_t brx; uint_fast32_t bry; uint_fast32_t cmpttlx; uint_fast32_t cmpttly; jpc_enc_ccp_t *ccp; jpc_tsfb_band_t bandinfos[JPC_MAXBANDS]; tcmpt->tile = tile; tcmpt->tsfb = 0; tcmpt->data = 0; tcmpt->rlvls = 0; cmptno = tcmpt - tile->tcmpts; ccp = &cp->ccps[cmptno]; tlx = JPC_CEILDIV(tile->tlx, ccp->sampgrdstepx); tly = JPC_CEILDIV(tile->tly, ccp->sampgrdstepy); brx = JPC_CEILDIV(tile->brx, ccp->sampgrdstepx); bry = JPC_CEILDIV(tile->bry, ccp->sampgrdstepy); if (!(tcmpt->data = jas_seq2d_create(tlx, tly, brx, bry))) { goto error; } cmpttlx = JPC_CEILDIV(cp->imgareatlx, ccp->sampgrdstepx); cmpttly = JPC_CEILDIV(cp->imgareatly, ccp->sampgrdstepy); if (jas_image_readcmpt(image, cmptno, tlx - cmpttlx, tly - cmpttly, brx - tlx, bry - tly, tcmpt->data)) { goto error; } tcmpt->synweight = 0; tcmpt->qmfbid = cp->tccp.qmfbid; tcmpt->numrlvls = cp->tccp.maxrlvls; tcmpt->numbands = 3 * tcmpt->numrlvls - 2; if (!(tcmpt->tsfb = jpc_cod_gettsfb(tcmpt->qmfbid, tcmpt->numrlvls - 1))) { goto error; } for (rlvlno = 0; rlvlno < tcmpt->numrlvls; ++rlvlno) { tcmpt->prcwidthexpns[rlvlno] = cp->tccp.prcwidthexpns[rlvlno]; tcmpt->prcheightexpns[rlvlno] = cp->tccp.prcheightexpns[rlvlno]; } tcmpt->cblkwidthexpn = cp->tccp.cblkwidthexpn; tcmpt->cblkheightexpn = cp->tccp.cblkheightexpn; tcmpt->cblksty = cp->tccp.cblksty; tcmpt->csty = cp->tccp.csty; tcmpt->numstepsizes = tcmpt->numbands; assert(tcmpt->numstepsizes <= JPC_MAXBANDS); memset(tcmpt->stepsizes, 0, tcmpt->numstepsizes * sizeof(uint_fast16_t)); jpc_tsfb_getbands(tcmpt->tsfb, jas_seq2d_xstart(tcmpt->data), jas_seq2d_ystart(tcmpt->data), jas_seq2d_xend(tcmpt->data), jas_seq2d_yend(tcmpt->data), bandinfos); if (!(tcmpt->rlvls = jas_alloc2(tcmpt->numrlvls, sizeof(jpc_enc_rlvl_t)))) { goto error; } for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls; ++rlvlno, ++rlvl) { rlvl->bands = 0; rlvl->tcmpt = tcmpt; } for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls; ++rlvlno, ++rlvl) { if (!rlvl_create(rlvl, cp, tcmpt, bandinfos)) { goto error; } } return tcmpt; error: tcmpt_destroy(tcmpt); return 0; }",jasper,,,170768207224432767153543824069771734904,0 2463,CWE-89,"static CURLcode imap_parse_url_path(struct connectdata *conn) { struct imap_conn *imapc = &conn->proto.imapc; struct SessionHandle *data = conn->data; const char *path = data->state.path; int len; if(!*path) path = ""INBOX""; imapc->mailbox = curl_easy_unescape(data, path, 0, &len); if(!imapc->mailbox) return CURLE_OUT_OF_MEMORY; return CURLE_OK; }",visit repo url,lib/imap.c,https://github.com/bagder/curl,198443001947490,1 1064,['CWE-20'],"asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) { int old_ruid = current->uid; int old_euid = current->euid; int old_suid = current->suid; int retval; retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); if (retval) return retval; if (!capable(CAP_SETUID)) { if ((ruid != (uid_t) -1) && (ruid != current->uid) && (ruid != current->euid) && (ruid != current->suid)) return -EPERM; if ((euid != (uid_t) -1) && (euid != current->uid) && (euid != current->euid) && (euid != current->suid)) return -EPERM; if ((suid != (uid_t) -1) && (suid != current->uid) && (suid != current->euid) && (suid != current->suid)) return -EPERM; } if (ruid != (uid_t) -1) { if (ruid != current->uid && set_user(ruid, euid != current->euid) < 0) return -EAGAIN; } if (euid != (uid_t) -1) { if (euid != current->euid) { current->mm->dumpable = suid_dumpable; smp_wmb(); } current->euid = euid; } current->fsuid = current->euid; if (suid != (uid_t) -1) current->suid = suid; key_fsuid_changed(current); proc_id_connector(current, PROC_EVENT_UID); return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); }",linux-2.6,,,126284200323488951567185767604524636306,0 1554,CWE-119,"static int virtnet_probe(struct virtio_device *vdev) { int i, err; struct net_device *dev; struct virtnet_info *vi; u16 max_queue_pairs; if (!vdev->config->get) { dev_err(&vdev->dev, ""%s failure: config access disabled\n"", __func__); return -EINVAL; } if (!virtnet_validate_features(vdev)) return -EINVAL; err = virtio_cread_feature(vdev, VIRTIO_NET_F_MQ, struct virtio_net_config, max_virtqueue_pairs, &max_queue_pairs); if (err || max_queue_pairs < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN || max_queue_pairs > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX || !virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) max_queue_pairs = 1; dev = alloc_etherdev_mq(sizeof(struct virtnet_info), max_queue_pairs); if (!dev) return -ENOMEM; dev->priv_flags |= IFF_UNICAST_FLT | IFF_LIVE_ADDR_CHANGE; dev->netdev_ops = &virtnet_netdev; dev->features = NETIF_F_HIGHDMA; dev->ethtool_ops = &virtnet_ethtool_ops; SET_NETDEV_DEV(dev, &vdev->dev); if (virtio_has_feature(vdev, VIRTIO_NET_F_CSUM)) { dev->hw_features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; if (csum) dev->features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; if (virtio_has_feature(vdev, VIRTIO_NET_F_GSO)) { dev->hw_features |= NETIF_F_TSO | NETIF_F_UFO | NETIF_F_TSO_ECN | NETIF_F_TSO6; } if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_TSO4)) dev->hw_features |= NETIF_F_TSO; if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_TSO6)) dev->hw_features |= NETIF_F_TSO6; if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_ECN)) dev->hw_features |= NETIF_F_TSO_ECN; if (virtio_has_feature(vdev, VIRTIO_NET_F_HOST_UFO)) dev->hw_features |= NETIF_F_UFO; dev->features |= NETIF_F_GSO_ROBUST; if (gso) dev->features |= dev->hw_features & (NETIF_F_ALL_TSO|NETIF_F_UFO); } if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_CSUM)) dev->features |= NETIF_F_RXCSUM; dev->vlan_features = dev->features; if (virtio_has_feature(vdev, VIRTIO_NET_F_MAC)) virtio_cread_bytes(vdev, offsetof(struct virtio_net_config, mac), dev->dev_addr, dev->addr_len); else eth_hw_addr_random(dev); vi = netdev_priv(dev); vi->dev = dev; vi->vdev = vdev; vdev->priv = vi; vi->stats = alloc_percpu(struct virtnet_stats); err = -ENOMEM; if (vi->stats == NULL) goto free; for_each_possible_cpu(i) { struct virtnet_stats *virtnet_stats; virtnet_stats = per_cpu_ptr(vi->stats, i); u64_stats_init(&virtnet_stats->tx_syncp); u64_stats_init(&virtnet_stats->rx_syncp); } INIT_WORK(&vi->config_work, virtnet_config_changed_work); if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO4) || virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO6) || virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_ECN) || virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UFO)) vi->big_packets = true; if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF)) vi->mergeable_rx_bufs = true; if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF) || virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) vi->hdr_len = sizeof(struct virtio_net_hdr_mrg_rxbuf); else vi->hdr_len = sizeof(struct virtio_net_hdr); if (virtio_has_feature(vdev, VIRTIO_F_ANY_LAYOUT) || virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) vi->any_header_sg = true; if (virtio_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) vi->has_cvq = true; if (vi->any_header_sg) dev->needed_headroom = vi->hdr_len; vi->curr_queue_pairs = 1; vi->max_queue_pairs = max_queue_pairs; err = init_vqs(vi); if (err) goto free_stats; #ifdef CONFIG_SYSFS if (vi->mergeable_rx_bufs) dev->sysfs_rx_queue_group = &virtio_net_mrg_rx_group; #endif netif_set_real_num_tx_queues(dev, vi->curr_queue_pairs); netif_set_real_num_rx_queues(dev, vi->curr_queue_pairs); err = register_netdev(dev); if (err) { pr_debug(""virtio_net: registering device failed\n""); goto free_vqs; } virtio_device_ready(vdev); for (i = 0; i < vi->curr_queue_pairs; i++) { try_fill_recv(vi, &vi->rq[i], GFP_KERNEL); if (vi->rq[i].vq->num_free == virtqueue_get_vring_size(vi->rq[i].vq)) { free_unused_bufs(vi); err = -ENOMEM; goto free_recv_bufs; } } vi->nb.notifier_call = &virtnet_cpu_callback; err = register_hotcpu_notifier(&vi->nb); if (err) { pr_debug(""virtio_net: registering cpu notifier failed\n""); goto free_recv_bufs; } if (virtio_has_feature(vi->vdev, VIRTIO_NET_F_STATUS)) { netif_carrier_off(dev); schedule_work(&vi->config_work); } else { vi->status = VIRTIO_NET_S_LINK_UP; netif_carrier_on(dev); } pr_debug(""virtnet: registered device %s with %d RX and TX vq's\n"", dev->name, max_queue_pairs); return 0; free_recv_bufs: vi->vdev->config->reset(vdev); free_receive_bufs(vi); unregister_netdev(dev); free_vqs: cancel_delayed_work_sync(&vi->refill); free_receive_page_frags(vi); virtnet_del_vqs(vi); free_stats: free_percpu(vi->stats); free: free_netdev(dev); return err; }",visit repo url,drivers/net/virtio_net.c,https://github.com/torvalds/linux,35937629289208,1 1299,CWE-476,"static int fill_thread_core_info(struct elf_thread_core_info *t, const struct user_regset_view *view, long signr, size_t *total) { unsigned int i; fill_prstatus(&t->prstatus, t->task, signr); (void) view->regsets[0].get(t->task, &view->regsets[0], 0, sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg, NULL); fill_note(&t->notes[0], ""CORE"", NT_PRSTATUS, sizeof(t->prstatus), &t->prstatus); *total += notesize(&t->notes[0]); do_thread_regset_writeback(t->task, &view->regsets[0]); for (i = 1; i < view->n; ++i) { const struct user_regset *regset = &view->regsets[i]; do_thread_regset_writeback(t->task, regset); if (regset->core_note_type && (!regset->active || regset->active(t->task, regset))) { int ret; size_t size = regset->n * regset->size; void *data = kmalloc(size, GFP_KERNEL); if (unlikely(!data)) return 0; ret = regset->get(t->task, regset, 0, size, data, NULL); if (unlikely(ret)) kfree(data); else { if (regset->core_note_type != NT_PRFPREG) fill_note(&t->notes[i], ""LINUX"", regset->core_note_type, size, data); else { t->prstatus.pr_fpvalid = 1; fill_note(&t->notes[i], ""CORE"", NT_PRFPREG, size, data); } *total += notesize(&t->notes[i]); } } } return 1; }",visit repo url,fs/binfmt_elf.c,https://github.com/torvalds/linux,76835671337530,1 1118,['CWE-399'],"sys_sigaltstack(unsigned long bx) { struct pt_regs *regs = (struct pt_regs *)&bx; const stack_t __user *uss = (const stack_t __user *)bx; stack_t __user *uoss = (stack_t __user *)regs->cx; return do_sigaltstack(uss, uoss, regs->sp); }",linux-2.6,,,123062491831317042166344173065832421954,0 3728,[],"static inline struct sock *unix_find_socket_byname(struct net *net, struct sockaddr_un *sunname, int len, int type, unsigned hash) { struct sock *s; spin_lock(&unix_table_lock); s = __unix_find_socket_byname(net, sunname, len, type, hash); if (s) sock_hold(s); spin_unlock(&unix_table_lock); return s; }",linux-2.6,,,297619673169961466803050228587421123967,0 2601,CWE-190,"char* parse_content_length( char* buffer, char* end, int* length) { int number; char *p; int size; p = buffer; while ( p='0' && *p<='9') { number = number*10 + (*p)-'0'; if (number<0) { LM_ERR(""number overflow at pos %d in len number [%.*s]\n"", (int)(p-buffer),(int)(end-buffer), buffer); return 0; } size ++; p++; } if (p==end || size==0) goto error; while ( pHistoryEndOffset != 65535) return -1001; HistoryBuffer = ncrush->HistoryBuffer; HistoryBufferEnd = &HistoryBuffer[ncrush->HistoryEndOffset]; if (flags & PACKET_AT_FRONT) { if ((ncrush->HistoryPtr - 32768) <= HistoryBuffer) return -1002; MoveMemory(HistoryBuffer, (ncrush->HistoryPtr - 32768), 32768); ncrush->HistoryPtr = &(HistoryBuffer[32768]); ZeroMemory(&HistoryBuffer[32768], 32768); } if (flags & PACKET_FLUSHED) { ncrush->HistoryPtr = HistoryBuffer; ZeroMemory(HistoryBuffer, sizeof(ncrush->HistoryBuffer)); ZeroMemory(&(ncrush->OffsetCache), sizeof(ncrush->OffsetCache)); } HistoryPtr = ncrush->HistoryPtr; if (!(flags & PACKET_COMPRESSED)) { *ppDstData = pSrcData; *pDstSize = SrcSize; return 1; } SrcEnd = &pSrcData[SrcSize]; nbits = 32; bits = get_dword(pSrcData); SrcPtr = pSrcData + 4; while (1) { while (1) { Mask = get_word(&HuffTableMask[29]); MaskedBits = bits & Mask; IndexLEC = HuffTableLEC[MaskedBits] & 0xFFF; BitLength = HuffTableLEC[MaskedBits] >> 12; bits >>= BitLength; nbits -= BitLength; if (!NCrushFetchBits(&SrcPtr, &SrcEnd, &nbits, &bits)) return -1; if (IndexLEC >= 256) break; if (HistoryPtr >= HistoryBufferEnd) { WLog_ERR(TAG, ""ncrush_decompress error: HistoryPtr (%p) >= HistoryBufferEnd (%p)"", (void*)HistoryPtr, (void*)HistoryBufferEnd); return -1003; } Literal = (HuffTableLEC[MaskedBits] & 0xFF); *HistoryPtr++ = Literal; } if (IndexLEC == 256) break; CopyOffsetIndex = IndexLEC - 257; if (CopyOffsetIndex >= 32) { OffsetCacheIndex = IndexLEC - 289; if (OffsetCacheIndex >= 4) return -1004; CopyOffset = ncrush->OffsetCache[OffsetCacheIndex]; Mask = get_word(&HuffTableMask[21]); MaskedBits = bits & Mask; LengthOfMatch = HuffTableLOM[MaskedBits] & 0xFFF; BitLength = HuffTableLOM[MaskedBits] >> 12; bits >>= BitLength; nbits -= BitLength; if (!NCrushFetchBits(&SrcPtr, &SrcEnd, &nbits, &bits)) return -1; LengthOfMatchBits = LOMBitsLUT[LengthOfMatch]; LengthOfMatchBase = LOMBaseLUT[LengthOfMatch]; if (LengthOfMatchBits) { Mask = get_word(&HuffTableMask[(2 * LengthOfMatchBits) + 3]); MaskedBits = bits & Mask; bits >>= LengthOfMatchBits; nbits -= LengthOfMatchBits; LengthOfMatchBase += MaskedBits; if (!NCrushFetchBits(&SrcPtr, &SrcEnd, &nbits, &bits)) return -1; } OldCopyOffset = ncrush->OffsetCache[OffsetCacheIndex]; ncrush->OffsetCache[OffsetCacheIndex] = ncrush->OffsetCache[0]; ncrush->OffsetCache[0] = OldCopyOffset; } else { CopyOffsetBits = CopyOffsetBitsLUT[CopyOffsetIndex]; CopyOffsetBase = CopyOffsetBaseLUT[CopyOffsetIndex]; CopyOffset = CopyOffsetBase - 1; if (CopyOffsetBits) { Mask = get_word(&HuffTableMask[(2 * CopyOffsetBits) + 3]); MaskedBits = bits & Mask; CopyOffset = CopyOffsetBase + MaskedBits - 1; bits >>= CopyOffsetBits; nbits -= CopyOffsetBits; if (!NCrushFetchBits(&SrcPtr, &SrcEnd, &nbits, &bits)) return -1; } Mask = get_word(&HuffTableMask[21]); MaskedBits = bits & Mask; LengthOfMatch = HuffTableLOM[MaskedBits] & 0xFFF; BitLength = HuffTableLOM[MaskedBits] >> 12; bits >>= BitLength; nbits -= BitLength; if (!NCrushFetchBits(&SrcPtr, &SrcEnd, &nbits, &bits)) return -1; LengthOfMatchBits = LOMBitsLUT[LengthOfMatch]; LengthOfMatchBase = LOMBaseLUT[LengthOfMatch]; if (LengthOfMatchBits) { Mask = get_word(&HuffTableMask[(2 * LengthOfMatchBits) + 3]); MaskedBits = bits & Mask; bits >>= LengthOfMatchBits; nbits -= LengthOfMatchBits; LengthOfMatchBase += MaskedBits; if (!NCrushFetchBits(&SrcPtr, &SrcEnd, &nbits, &bits)) return -1; } ncrush->OffsetCache[3] = ncrush->OffsetCache[2]; ncrush->OffsetCache[2] = ncrush->OffsetCache[1]; ncrush->OffsetCache[1] = ncrush->OffsetCache[0]; ncrush->OffsetCache[0] = CopyOffset; } CopyOffsetPtr = &HistoryBuffer[(HistoryPtr - HistoryBuffer - CopyOffset) & 0xFFFF]; LengthOfMatch = LengthOfMatchBase; if (LengthOfMatch < 2) return -1005; if ((CopyOffsetPtr >= (HistoryBufferEnd - LengthOfMatch)) || (HistoryPtr >= (HistoryBufferEnd - LengthOfMatch))) return -1006; CopyOffsetPtr = HistoryPtr - CopyOffset; index = 0; CopyLength = (LengthOfMatch > CopyOffset) ? CopyOffset : LengthOfMatch; if (CopyOffsetPtr >= HistoryBuffer) { while (CopyLength > 0) { *HistoryPtr++ = *CopyOffsetPtr++; CopyLength--; } while (LengthOfMatch > CopyOffset) { index = ((index >= CopyOffset)) ? 0 : index; *HistoryPtr++ = *(CopyOffsetPtr + index++); LengthOfMatch--; } } else { CopyOffsetPtr = HistoryBufferEnd - (CopyOffset - (HistoryPtr - HistoryBuffer)); CopyOffsetPtr++; while (CopyLength && (CopyOffsetPtr <= HistoryBufferEnd)) { *HistoryPtr++ = *CopyOffsetPtr++; CopyLength--; } CopyOffsetPtr = HistoryBuffer; while (LengthOfMatch > CopyOffset) { index = ((index >= CopyOffset)) ? 0 : index; *HistoryPtr++ = *(CopyOffsetPtr + index++); LengthOfMatch--; } } LengthOfMatch = LengthOfMatchBase; if (LengthOfMatch == 2) continue; } if (IndexLEC != 256) return -1; if (ncrush->HistoryBufferFence != 0xABABABAB) { WLog_ERR(TAG, ""NCrushDecompress: history buffer fence was overwritten, potential buffer "" ""overflow detected!""); return -1007; } const intptr_t hsize = HistoryPtr - ncrush->HistoryPtr; WINPR_ASSERT(hsize >= 0); WINPR_ASSERT(hsize <= UINT32_MAX); *pDstSize = (UINT32)hsize; *ppDstData = ncrush->HistoryPtr; ncrush->HistoryPtr = HistoryPtr; return 1; }",visit repo url,libfreerdp/codec/ncrush.c,https://github.com/FreeRDP/FreeRDP,45125929177409,1 4397,CWE-476,"compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env) { int r, len; switch (node->type) { case BAG_MEMORY: r = compile_bag_memory_node(node, reg, env); break; case BAG_OPTION: r = compile_option_node(node, reg, env); break; case BAG_STOP_BACKTRACK: if (NODE_IS_STOP_BT_SIMPLE_REPEAT(node)) { QuantNode* qn = QUANT_(NODE_BAG_BODY(node)); r = compile_tree_n_times(NODE_QUANT_BODY(qn), qn->lower, reg, env); if (r != 0) return r; len = compile_length_tree(NODE_QUANT_BODY(qn), reg); if (len < 0) return len; r = add_op(reg, OP_PUSH); if (r != 0) return r; COP(reg)->push.addr = SIZE_INC_OP + len + SIZE_OP_POP_OUT + SIZE_OP_JUMP; r = compile_tree(NODE_QUANT_BODY(qn), reg, env); if (r != 0) return r; r = add_op(reg, OP_POP_OUT); if (r != 0) return r; r = add_op(reg, OP_JUMP); if (r != 0) return r; COP(reg)->jump.addr = -((int )SIZE_OP_PUSH + len + (int )SIZE_OP_POP_OUT); } else { r = add_op(reg, OP_ATOMIC_START); if (r != 0) return r; r = compile_tree(NODE_BAG_BODY(node), reg, env); if (r != 0) return r; r = add_op(reg, OP_ATOMIC_END); } break; case BAG_IF_ELSE: { int cond_len, then_len, jump_len; Node* cond = NODE_BAG_BODY(node); Node* Then = node->te.Then; Node* Else = node->te.Else; r = add_op(reg, OP_ATOMIC_START); if (r != 0) return r; cond_len = compile_length_tree(cond, reg); if (cond_len < 0) return cond_len; if (IS_NOT_NULL(Then)) { then_len = compile_length_tree(Then, reg); if (then_len < 0) return then_len; } else then_len = 0; jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END; if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP; r = add_op(reg, OP_PUSH); if (r != 0) return r; COP(reg)->push.addr = SIZE_INC_OP + jump_len; r = compile_tree(cond, reg, env); if (r != 0) return r; r = add_op(reg, OP_ATOMIC_END); if (r != 0) return r; if (IS_NOT_NULL(Then)) { r = compile_tree(Then, reg, env); if (r != 0) return r; } if (IS_NOT_NULL(Else)) { int else_len = compile_length_tree(Else, reg); r = add_op(reg, OP_JUMP); if (r != 0) return r; COP(reg)->jump.addr = else_len + SIZE_INC_OP; r = compile_tree(Else, reg, env); } } break; } return r; }",visit repo url,src/regcomp.c,https://github.com/kkos/oniguruma,199691961910567,1 1360,[],"static void enqueue_sleeper(struct cfs_rq *cfs_rq, struct sched_entity *se) { #ifdef CONFIG_SCHEDSTATS if (se->sleep_start) { u64 delta = rq_of(cfs_rq)->clock - se->sleep_start; struct task_struct *tsk = task_of(se); if ((s64)delta < 0) delta = 0; if (unlikely(delta > se->sleep_max)) se->sleep_max = delta; se->sleep_start = 0; se->sum_sleep_runtime += delta; account_scheduler_latency(tsk, delta >> 10, 1); } if (se->block_start) { u64 delta = rq_of(cfs_rq)->clock - se->block_start; struct task_struct *tsk = task_of(se); if ((s64)delta < 0) delta = 0; if (unlikely(delta > se->block_max)) se->block_max = delta; se->block_start = 0; se->sum_sleep_runtime += delta; if (unlikely(prof_on == SLEEP_PROFILING)) { profile_hits(SLEEP_PROFILING, (void *)get_wchan(tsk), delta >> 20); } account_scheduler_latency(tsk, delta >> 10, 0); } #endif }",linux-2.6,,,94553808248833847088546446889529944671,0 5868,['CWE-200'],"static int nr_release(struct socket *sock) { struct sock *sk = sock->sk; struct nr_sock *nr; if (sk == NULL) return 0; sock_hold(sk); sock_orphan(sk); lock_sock(sk); nr = nr_sk(sk); switch (nr->state) { case NR_STATE_0: case NR_STATE_1: case NR_STATE_2: nr_disconnect(sk, 0); nr_destroy_socket(sk); break; case NR_STATE_3: nr_clear_queues(sk); nr->n2count = 0; nr_write_internal(sk, NR_DISCREQ); nr_start_t1timer(sk); nr_stop_t2timer(sk); nr_stop_t4timer(sk); nr_stop_idletimer(sk); nr->state = NR_STATE_2; sk->sk_state = TCP_CLOSE; sk->sk_shutdown |= SEND_SHUTDOWN; sk->sk_state_change(sk); sock_set_flag(sk, SOCK_DESTROY); break; default: break; } sock->sk = NULL; release_sock(sk); sock_put(sk); return 0; }",linux-2.6,,,309265681303207872366568831851904769820,0 3031,CWE-119,"BGD_DECLARE(void) gdImageXbmCtx(gdImagePtr image, char* file_name, int fg, gdIOCtx * out) { int x, y, c, b, sx, sy, p; char *name, *f; size_t i, l; name = file_name; if ((f = strrchr(name, '/')) != NULL) name = f+1; if ((f = strrchr(name, '\\')) != NULL) name = f+1; name = strdup(name); if ((f = strrchr(name, '.')) != NULL && !strcasecmp(f, "".XBM"")) *f = '\0'; if ((l = strlen(name)) == 0) { free(name); name = strdup(""image""); } else { for (i=0; iowner = p; }",linux-2.6,,,113571555895688839725235664937538760442,0 2933,['CWE-189'],"static int jp2_getint(jas_stream_t *in, int s, int n, int_fast32_t *val) { int c; int i; uint_fast32_t v; int m; m = (n + 7) / 8; v = 0; for (i = 0; i < m; ++i) { if ((c = jas_stream_getc(in)) == EOF) { return -1; } v = (v << 8) | c; } v &= ONES(n); if (s) { int sb; sb = v & (1 << (8 * m - 1)); *val = ((~v) + 1) & ONES(8 * m); if (sb) { *val = -*val; } } else { *val = v; } return 0; }",jasper,,,307376485160523919332397519837665752649,0 5741,CWE-190,"static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, char *buf, u_int8_t client_hash) { u_int16_t offset = 22, buf_out_len = 0; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; u_int32_t len = ntohl(*(u_int32_t*)&packet->payload[offset]); offset += 4; if((offset >= packet->payload_packet_len) || (len >= packet->payload_packet_len-offset-1)) goto invalid_payload; strncpy(buf, (const char *)&packet->payload[offset], buf_out_len = len); buf[buf_out_len++] = ';'; offset += len; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; len = ntohl(*(u_int32_t*)&packet->payload[offset]); offset += 4 + len; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; len = ntohl(*(u_int32_t*)&packet->payload[offset]); if(client_hash) { offset += 4; if((offset >= packet->payload_packet_len) || (len >= packet->payload_packet_len-offset-1)) goto invalid_payload; strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); buf_out_len += len; buf[buf_out_len++] = ';'; offset += len; } else offset += 4 + len; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; len = ntohl(*(u_int32_t*)&packet->payload[offset]); if(!client_hash) { offset += 4; if((offset >= packet->payload_packet_len) || (len >= packet->payload_packet_len-offset-1)) goto invalid_payload; strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); buf_out_len += len; buf[buf_out_len++] = ';'; offset += len; } else offset += 4 + len; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; len = ntohl(*(u_int32_t*)&packet->payload[offset]); if(client_hash) { offset += 4; if((offset >= packet->payload_packet_len) || (len >= packet->payload_packet_len-offset-1)) goto invalid_payload; strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); buf_out_len += len; buf[buf_out_len++] = ';'; offset += len; } else offset += 4 + len; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; len = ntohl(*(u_int32_t*)&packet->payload[offset]); if(!client_hash) { offset += 4; if((offset >= packet->payload_packet_len) || (len >= packet->payload_packet_len-offset-1)) goto invalid_payload; strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); buf_out_len += len; buf[buf_out_len++] = ';'; offset += len; } else offset += 4 + len; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; len = ntohl(*(u_int32_t*)&packet->payload[offset]); if(client_hash) { offset += 4; if((offset >= packet->payload_packet_len) || (len >= packet->payload_packet_len-offset-1)) goto invalid_payload; strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); buf_out_len += len; offset += len; } else offset += 4 + len; if(offset+sizeof(u_int32_t) >= packet->payload_packet_len) goto invalid_payload; len = ntohl(*(u_int32_t*)&packet->payload[offset]); if(!client_hash) { offset += 4; if((offset >= packet->payload_packet_len) || (len >= packet->payload_packet_len-offset-1)) goto invalid_payload; strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); buf_out_len += len; offset += len; } else offset += 4 + len; #ifdef SSH_DEBUG printf(""[SSH] %s\n"", buf); #endif return(buf_out_len); invalid_payload: #ifdef SSH_DEBUG printf(""[SSH] Invalid packet payload\n""); #endif return(0); }",visit repo url,src/lib/protocols/ssh.c,https://github.com/ntop/nDPI,242354830129089,1 2122,CWE-835,"static inline bool cfs_rq_is_decayed(struct cfs_rq *cfs_rq) { if (cfs_rq->load.weight) return false; if (cfs_rq->avg.load_sum) return false; if (cfs_rq->avg.util_sum) return false; if (cfs_rq->avg.runnable_load_sum) return false; return true; }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,157619946413637,1 5316,['CWE-119'],"static __inline__ ssize_t tun_put_user(struct tun_struct *tun, struct sk_buff *skb, const struct iovec *iv, int len) { struct tun_pi pi = { 0, skb->protocol }; ssize_t total = 0; if (!(tun->flags & TUN_NO_PI)) { if ((len -= sizeof(pi)) < 0) return -EINVAL; if (len < skb->len) { pi.flags |= TUN_PKT_STRIP; } if (memcpy_toiovecend(iv, (void *) &pi, 0, sizeof(pi))) return -EFAULT; total += sizeof(pi); } if (tun->flags & TUN_VNET_HDR) { struct virtio_net_hdr gso = { 0 }; if ((len -= sizeof(gso)) < 0) return -EINVAL; if (skb_is_gso(skb)) { struct skb_shared_info *sinfo = skb_shinfo(skb); gso.hdr_len = skb_headlen(skb); gso.gso_size = sinfo->gso_size; if (sinfo->gso_type & SKB_GSO_TCPV4) gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV4; else if (sinfo->gso_type & SKB_GSO_TCPV6) gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV6; else BUG(); if (sinfo->gso_type & SKB_GSO_TCP_ECN) gso.gso_type |= VIRTIO_NET_HDR_GSO_ECN; } else gso.gso_type = VIRTIO_NET_HDR_GSO_NONE; if (skb->ip_summed == CHECKSUM_PARTIAL) { gso.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; gso.csum_start = skb->csum_start - skb_headroom(skb); gso.csum_offset = skb->csum_offset; } if (unlikely(memcpy_toiovecend(iv, (void *)&gso, total, sizeof(gso)))) return -EFAULT; total += sizeof(gso); } len = min_t(int, skb->len, len); skb_copy_datagram_const_iovec(skb, 0, iv, total, len); total += len; tun->dev->stats.tx_packets++; tun->dev->stats.tx_bytes += len; return total; }",linux-2.6,,,303011081801974323577460653404306159103,0 4702,CWE-119,"static int nntp_hcache_namer(const char *path, char *dest, size_t destlen) { return snprintf(dest, destlen, ""%s.hcache"", path); }",visit repo url,newsrc.c,https://github.com/neomutt/neomutt,133029591818879,1 4965,['CWE-20'],"static int nfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) { struct iattr attr; int error; dfprintk(VFS, ""NFS: mkdir(%s/%ld), %s\n"", dir->i_sb->s_id, dir->i_ino, dentry->d_name.name); attr.ia_valid = ATTR_MODE; attr.ia_mode = mode | S_IFDIR; lock_kernel(); nfs_begin_data_update(dir); error = NFS_PROTO(dir)->mkdir(dir, dentry, &attr); nfs_end_data_update(dir); if (error != 0) goto out_err; nfs_renew_times(dentry); nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); unlock_kernel(); return 0; out_err: d_drop(dentry); unlock_kernel(); return error; }",linux-2.6,,,93506308821780299537596565546021621134,0 1071,CWE-189,"static int list_locations(struct kmem_cache *s, char *buf, enum track_item alloc) { int len = 0; unsigned long i; struct loc_track t = { 0, 0, NULL }; int node; if (!alloc_loc_track(&t, PAGE_SIZE / sizeof(struct location), GFP_TEMPORARY)) return sprintf(buf, ""Out of memory\n""); flush_all(s); for_each_node_state(node, N_NORMAL_MEMORY) { struct kmem_cache_node *n = get_node(s, node); unsigned long flags; struct page *page; if (!atomic_long_read(&n->nr_slabs)) continue; spin_lock_irqsave(&n->list_lock, flags); list_for_each_entry(page, &n->partial, lru) process_slab(&t, s, page, alloc); list_for_each_entry(page, &n->full, lru) process_slab(&t, s, page, alloc); spin_unlock_irqrestore(&n->list_lock, flags); } for (i = 0; i < t.count; i++) { struct location *l = &t.loc[i]; if (len > PAGE_SIZE - 100) break; len += sprintf(buf + len, ""%7ld "", l->count); if (l->addr) len += sprint_symbol(buf + len, (unsigned long)l->addr); else len += sprintf(buf + len, """"); if (l->sum_time != l->min_time) { unsigned long remainder; len += sprintf(buf + len, "" age=%ld/%ld/%ld"", l->min_time, div_long_long_rem(l->sum_time, l->count, &remainder), l->max_time); } else len += sprintf(buf + len, "" age=%ld"", l->min_time); if (l->min_pid != l->max_pid) len += sprintf(buf + len, "" pid=%ld-%ld"", l->min_pid, l->max_pid); else len += sprintf(buf + len, "" pid=%ld"", l->min_pid); if (num_online_cpus() > 1 && !cpus_empty(l->cpus) && len < PAGE_SIZE - 60) { len += sprintf(buf + len, "" cpus=""); len += cpulist_scnprintf(buf + len, PAGE_SIZE - len - 50, l->cpus); } if (num_online_nodes() > 1 && !nodes_empty(l->nodes) && len < PAGE_SIZE - 60) { len += sprintf(buf + len, "" nodes=""); len += nodelist_scnprintf(buf + len, PAGE_SIZE - len - 50, l->nodes); } len += sprintf(buf + len, ""\n""); } free_loc_track(&t); if (!t.count) len += sprintf(buf, ""No data\n""); return len; }",visit repo url,mm/slub.c,https://github.com/torvalds/linux,76312849977375,1 5862,['CWE-200'],"static int raw_notifier(struct notifier_block *nb, unsigned long msg, void *data) { struct net_device *dev = (struct net_device *)data; struct raw_sock *ro = container_of(nb, struct raw_sock, notifier); struct sock *sk = &ro->sk; if (!net_eq(dev_net(dev), &init_net)) return NOTIFY_DONE; if (dev->type != ARPHRD_CAN) return NOTIFY_DONE; if (ro->ifindex != dev->ifindex) return NOTIFY_DONE; switch (msg) { case NETDEV_UNREGISTER: lock_sock(sk); if (ro->bound) raw_disable_allfilters(dev, sk); if (ro->count > 1) kfree(ro->filter); ro->ifindex = 0; ro->bound = 0; ro->count = 0; release_sock(sk); sk->sk_err = ENODEV; if (!sock_flag(sk, SOCK_DEAD)) sk->sk_error_report(sk); break; case NETDEV_DOWN: sk->sk_err = ENETDOWN; if (!sock_flag(sk, SOCK_DEAD)) sk->sk_error_report(sk); break; } return NOTIFY_DONE; }",linux-2.6,,,320918307634400719315471566875402891127,0 6577,['CWE-200'],"foo_device_added_cb (NMClient *client, NMDevice *device, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); NMADeviceClass *dclass; dclass = get_device_class (device, applet); g_return_if_fail (dclass != NULL); if (dclass->device_added) dclass->device_added (device, applet); g_signal_connect (device, ""state-changed"", G_CALLBACK (foo_device_state_changed_cb), user_data); foo_device_state_changed_cb (device, nm_device_get_state (device), NM_DEVICE_STATE_UNKNOWN, NM_DEVICE_STATE_REASON_NONE, applet); }",network-manager-applet,,,2586150976907024464323012747127709912,0 6673,CWE-787,"TIFFReadCustomDirectory(TIFF* tif, toff_t diroff, const TIFFFieldInfo info[], size_t n) { static const char module[] = ""TIFFReadCustomDirectory""; TIFFDirectory* td = &tif->tif_dir; TIFFDirEntry *dp, *dir = NULL; const TIFFFieldInfo* fip; size_t fix; uint16 i, dircount; _TIFFSetupFieldInfo(tif, info, n); dircount = TIFFFetchDirectory(tif, diroff, &dir, NULL); if (!dircount) { TIFFErrorExt(tif->tif_clientdata, module, ""%s: Failed to read custom directory at offset %u"", tif->tif_name, diroff); return 0; } TIFFFreeDirectory(tif); _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory)); fix = 0; for (dp = dir, i = dircount; i > 0; i--, dp++) { if (tif->tif_flags & TIFF_SWAB) { TIFFSwabArrayOfShort(&dp->tdir_tag, 2); TIFFSwabArrayOfLong(&dp->tdir_count, 2); } if (fix >= tif->tif_nfields || dp->tdir_tag == IGNORE) continue; while (fix < tif->tif_nfields && tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag) fix++; if (fix >= tif->tif_nfields || tif->tif_fieldinfo[fix]->field_tag != dp->tdir_tag) { TIFFWarningExt(tif->tif_clientdata, module, ""%s: unknown field with tag %d (0x%x) encountered"", tif->tif_name, dp->tdir_tag, dp->tdir_tag); if (!_TIFFMergeFieldInfo(tif, _TIFFCreateAnonFieldInfo(tif, dp->tdir_tag, (TIFFDataType) dp->tdir_type), 1)) { TIFFWarningExt(tif->tif_clientdata, module, ""Registering anonymous field with tag %d (0x%x) failed"", dp->tdir_tag, dp->tdir_tag); goto ignore; } fix = 0; while (fix < tif->tif_nfields && tif->tif_fieldinfo[fix]->field_tag < dp->tdir_tag) fix++; } if (tif->tif_fieldinfo[fix]->field_bit == FIELD_IGNORE) { ignore: dp->tdir_tag = IGNORE; continue; } fip = tif->tif_fieldinfo[fix]; while (dp->tdir_type != (unsigned short) fip->field_type && fix < tif->tif_nfields) { if (fip->field_type == TIFF_ANY) break; fip = tif->tif_fieldinfo[++fix]; if (fix >= tif->tif_nfields || fip->field_tag != dp->tdir_tag) { TIFFWarningExt(tif->tif_clientdata, module, ""%s: wrong data type %d for \""%s\""; tag ignored"", tif->tif_name, dp->tdir_type, tif->tif_fieldinfo[fix-1]->field_name); goto ignore; } } if (fip->field_readcount != TIFF_VARIABLE && fip->field_readcount != TIFF_VARIABLE2) { uint32 expected = (fip->field_readcount == TIFF_SPP) ? (uint32) td->td_samplesperpixel : (uint32) fip->field_readcount; if (!CheckDirCount(tif, dp, expected)) goto ignore; } switch (dp->tdir_tag) { case EXIFTAG_SUBJECTDISTANCE: (void) TIFFFetchSubjectDistance(tif, dp); break; default: (void) TIFFFetchNormalTag(tif, dp); break; } } if (dir) _TIFFfree(dir); return 1; }",visit repo url,DesktopEditor/cximage/tiff/tif_dirread.c,https://github.com/ONLYOFFICE/core,179009291963607,1 4926,CWE-59,"open_log_file(const char *name, const char *prog, const char *namespace, const char *instance) { char *file_name; if (log_file) { fclose(log_file); log_file = NULL; } if (!name) return; file_name = make_file_name(name, prog, namespace, instance); log_file = fopen(file_name, ""a""); if (log_file) { int n = fileno(log_file); fcntl(n, F_SETFD, FD_CLOEXEC | fcntl(n, F_GETFD)); fcntl(n, F_SETFL, O_NONBLOCK | fcntl(n, F_GETFL)); } FREE(file_name); }",visit repo url,lib/logger.c,https://github.com/acassen/keepalived,243764590230942,1 5533,CWE-125,"ast_type_init(PyObject *self, PyObject *args, PyObject *kw) { _Py_IDENTIFIER(_fields); Py_ssize_t i, numfields = 0; int res = -1; PyObject *key, *value, *fields; fields = _PyObject_GetAttrId((PyObject*)Py_TYPE(self), &PyId__fields); if (!fields) PyErr_Clear(); if (fields) { numfields = PySequence_Size(fields); if (numfields == -1) goto cleanup; } res = 0; if (PyTuple_GET_SIZE(args) > 0) { if (numfields != PyTuple_GET_SIZE(args)) { PyErr_Format(PyExc_TypeError, ""%.400s constructor takes %s"" ""%zd positional argument%s"", Py_TYPE(self)->tp_name, numfields == 0 ? """" : ""either 0 or "", numfields, numfields == 1 ? """" : ""s""); res = -1; goto cleanup; } for (i = 0; i < PyTuple_GET_SIZE(args); i++) { PyObject *name = PySequence_GetItem(fields, i); if (!name) { res = -1; goto cleanup; } res = PyObject_SetAttr(self, name, PyTuple_GET_ITEM(args, i)); Py_DECREF(name); if (res < 0) goto cleanup; } } if (kw) { i = 0; while (PyDict_Next(kw, &i, &key, &value)) { res = PyObject_SetAttr(self, key, value); if (res < 0) goto cleanup; } } cleanup: Py_XDECREF(fields); return res; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,22458263738205,1 6038,['CWE-200'],"static int tunnel_bts(struct rsvp_head *data) { int n = data->tgenerator>>5; u32 b = 1<<(data->tgenerator&0x1F); if (data->tmap[n]&b) return 0; data->tmap[n] |= b; return 1; }",linux-2.6,,,55495861679644628209395442103768652575,0 841,['CWE-119'],"isdn_dc2minor(int di, int ch) { int i; for (i = 0; i < ISDN_MAX_CHANNELS; i++) if (dev->chanmap[i] == ch && dev->drvmap[i] == di) return i; return -1; }",linux-2.6,,,204633404752955418699509906593974677852,0 3245,CWE-125,"pimv1_print(netdissect_options *ndo, register const u_char *bp, register u_int len) { register const u_char *ep; register u_char type; ep = (const u_char *)ndo->ndo_snapend; if (bp >= ep) return; ND_TCHECK(bp[1]); type = bp[1]; ND_PRINT((ndo, "" %s"", tok2str(pimv1_type_str, ""[type %u]"", type))); switch (type) { case PIMV1_TYPE_QUERY: if (ND_TTEST(bp[8])) { switch (bp[8] >> 4) { case 0: ND_PRINT((ndo, "" Dense-mode"")); break; case 1: ND_PRINT((ndo, "" Sparse-mode"")); break; case 2: ND_PRINT((ndo, "" Sparse-Dense-mode"")); break; default: ND_PRINT((ndo, "" mode-%d"", bp[8] >> 4)); break; } } if (ndo->ndo_vflag) { ND_TCHECK2(bp[10],2); ND_PRINT((ndo, "" (Hold-time "")); unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[10])); ND_PRINT((ndo, "")"")); } break; case PIMV1_TYPE_REGISTER: ND_TCHECK2(bp[8], 20); ND_PRINT((ndo, "" for %s > %s"", ipaddr_string(ndo, &bp[20]), ipaddr_string(ndo, &bp[24]))); break; case PIMV1_TYPE_REGISTER_STOP: ND_TCHECK2(bp[12], sizeof(struct in_addr)); ND_PRINT((ndo, "" for %s > %s"", ipaddr_string(ndo, &bp[8]), ipaddr_string(ndo, &bp[12]))); break; case PIMV1_TYPE_RP_REACHABILITY: if (ndo->ndo_vflag) { ND_TCHECK2(bp[22], 2); ND_PRINT((ndo, "" group %s"", ipaddr_string(ndo, &bp[8]))); if (EXTRACT_32BITS(&bp[12]) != 0xffffffff) ND_PRINT((ndo, ""/%s"", ipaddr_string(ndo, &bp[12]))); ND_PRINT((ndo, "" RP %s hold "", ipaddr_string(ndo, &bp[16]))); unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[22])); } break; case PIMV1_TYPE_ASSERT: ND_TCHECK2(bp[16], sizeof(struct in_addr)); ND_PRINT((ndo, "" for %s > %s"", ipaddr_string(ndo, &bp[16]), ipaddr_string(ndo, &bp[8]))); if (EXTRACT_32BITS(&bp[12]) != 0xffffffff) ND_PRINT((ndo, ""/%s"", ipaddr_string(ndo, &bp[12]))); ND_TCHECK2(bp[24], 4); ND_PRINT((ndo, "" %s pref %d metric %d"", (bp[20] & 0x80) ? ""RP-tree"" : ""SPT"", EXTRACT_32BITS(&bp[20]) & 0x7fffffff, EXTRACT_32BITS(&bp[24]))); break; case PIMV1_TYPE_JOIN_PRUNE: case PIMV1_TYPE_GRAFT: case PIMV1_TYPE_GRAFT_ACK: if (ndo->ndo_vflag) pimv1_join_prune_print(ndo, &bp[8], len - 8); break; } ND_TCHECK(bp[4]); if ((bp[4] >> 4) != 1) ND_PRINT((ndo, "" [v%d]"", bp[4] >> 4)); return; trunc: ND_PRINT((ndo, ""[|pim]"")); return; }",visit repo url,print-pim.c,https://github.com/the-tcpdump-group/tcpdump,214181402145646,1 206,CWE-284,"nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp, struct nfs4_acl *acl) { __be32 error; int host_error; struct dentry *dentry; struct inode *inode; struct posix_acl *pacl = NULL, *dpacl = NULL; unsigned int flags = 0; error = fh_verify(rqstp, fhp, 0, NFSD_MAY_SATTR); if (error) return error; dentry = fhp->fh_dentry; inode = d_inode(dentry); if (!inode->i_op->set_acl || !IS_POSIXACL(inode)) return nfserr_attrnotsupp; if (S_ISDIR(inode->i_mode)) flags = NFS4_ACL_DIR; host_error = nfs4_acl_nfsv4_to_posix(acl, &pacl, &dpacl, flags); if (host_error == -EINVAL) return nfserr_attrnotsupp; if (host_error < 0) goto out_nfserr; host_error = inode->i_op->set_acl(inode, pacl, ACL_TYPE_ACCESS); if (host_error < 0) goto out_release; if (S_ISDIR(inode->i_mode)) { host_error = inode->i_op->set_acl(inode, dpacl, ACL_TYPE_DEFAULT); } out_release: posix_acl_release(pacl); posix_acl_release(dpacl); out_nfserr: if (host_error == -EOPNOTSUPP) return nfserr_attrnotsupp; else return nfserrno(host_error); }",visit repo url,fs/nfsd/nfs4acl.c,https://github.com/torvalds/linux,119772105773469,1 5852,['CWE-200'],"static int raw_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) { struct sock *sk = sock->sk; struct raw_sock *ro = raw_sk(sk); struct can_filter *filter = NULL; struct can_filter sfilter; struct net_device *dev = NULL; can_err_mask_t err_mask = 0; int count = 0; int err = 0; if (level != SOL_CAN_RAW) return -EINVAL; if (optlen < 0) return -EINVAL; switch (optname) { case CAN_RAW_FILTER: if (optlen % sizeof(struct can_filter) != 0) return -EINVAL; count = optlen / sizeof(struct can_filter); if (count > 1) { filter = kmalloc(optlen, GFP_KERNEL); if (!filter) return -ENOMEM; if (copy_from_user(filter, optval, optlen)) { kfree(filter); return -EFAULT; } } else if (count == 1) { if (copy_from_user(&sfilter, optval, optlen)) return -EFAULT; } lock_sock(sk); if (ro->bound && ro->ifindex) dev = dev_get_by_index(&init_net, ro->ifindex); if (ro->bound) { if (count == 1) err = raw_enable_filters(dev, sk, &sfilter, 1); else err = raw_enable_filters(dev, sk, filter, count); if (err) { if (count > 1) kfree(filter); goto out_fil; } raw_disable_filters(dev, sk, ro->filter, ro->count); } if (ro->count > 1) kfree(ro->filter); if (count == 1) { ro->dfilter = sfilter; filter = &ro->dfilter; } ro->filter = filter; ro->count = count; out_fil: if (dev) dev_put(dev); release_sock(sk); break; case CAN_RAW_ERR_FILTER: if (optlen != sizeof(err_mask)) return -EINVAL; if (copy_from_user(&err_mask, optval, optlen)) return -EFAULT; err_mask &= CAN_ERR_MASK; lock_sock(sk); if (ro->bound && ro->ifindex) dev = dev_get_by_index(&init_net, ro->ifindex); if (ro->bound) { err = raw_enable_errfilter(dev, sk, err_mask); if (err) goto out_err; raw_disable_errfilter(dev, sk, ro->err_mask); } ro->err_mask = err_mask; out_err: if (dev) dev_put(dev); release_sock(sk); break; case CAN_RAW_LOOPBACK: if (optlen != sizeof(ro->loopback)) return -EINVAL; if (copy_from_user(&ro->loopback, optval, optlen)) return -EFAULT; break; case CAN_RAW_RECV_OWN_MSGS: if (optlen != sizeof(ro->recv_own_msgs)) return -EINVAL; if (copy_from_user(&ro->recv_own_msgs, optval, optlen)) return -EFAULT; break; default: return -ENOPROTOOPT; } return err; }",linux-2.6,,,151661969498324425815047953672038525361,0 4719,['CWE-20'],"void ext4_journal_abort_handle(const char *caller, const char *err_fn, struct buffer_head *bh, handle_t *handle, int err) { char nbuf[16]; const char *errstr = ext4_decode_error(NULL, err, nbuf); BUG_ON(!ext4_handle_valid(handle)); if (bh) BUFFER_TRACE(bh, ""abort""); if (!handle->h_err) handle->h_err = err; if (is_handle_aborted(handle)) return; printk(KERN_ERR ""%s: aborting transaction: %s in %s\n"", caller, errstr, err_fn); jbd2_journal_abort_handle(handle); }",linux-2.6,,,148157434488259676617852104926930727114,0 6670,['CWE-200'],"remove_connection (NMExportedConnection *exported, GtkWindow *parent, ConnectionRemovedFn callback, gpointer user_data) { GError *error = NULL; gboolean success; success = nm_exported_connection_delete (exported, &error); if (!success) { gboolean auth_pending = FALSE; if (pk_helper_is_permission_denied_error (error)) { ConnectionRemoveInfo *info; GError *auth_error = NULL; info = g_slice_new (ConnectionRemoveInfo); info->exported = g_object_ref (exported); info->parent = parent; info->callback = callback; info->user_data = user_data; auth_pending = pk_helper_obtain_auth (error, parent, remove_connection_cb, info, &auth_error); if (auth_error) { error_dialog (parent, _(""Could not move connection""), ""%s"", auth_error->message); g_error_free (auth_error); } if (!auth_pending) { g_object_unref (info->exported); g_slice_free (ConnectionRemoveInfo, info); } } else { error_dialog (parent, _(""Could not move connection""), ""%s"", error->message); } g_error_free (error); if (auth_pending) return; } else { NMConnection *connection; NMSettingConnection *s_con; NMSettingVPN *s_vpn; NMVpnPluginUiInterface *plugin; connection = nm_exported_connection_get_connection (exported); s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); g_assert (s_con); if (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_USER) { nm_gconf_clear_keyring_items (connection); } if (!strcmp (nm_setting_connection_get_connection_type (s_con), NM_SETTING_VPN_SETTING_NAME)) { s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); if (s_vpn) { plugin = vpn_get_plugin_by_service (nm_setting_vpn_get_service_type (s_vpn)); if (plugin) if (!nm_vpn_plugin_ui_interface_delete_connection (plugin, connection, &error)) { g_warning (""%s: couldn't clean up VPN connection on delete: (%d) %s"", __func__, error ? error->code : -1, error ? error->message : ""unknown""); if (error) g_error_free (error); } } } } if (callback) callback (exported, success, user_data); }",network-manager-applet,,,258344939915691988780917439696297216817,0 6144,['CWE-200'],"static struct mfc_cache *ipmr_cache_alloc_unres(void) { struct mfc_cache *c=kmem_cache_alloc(mrt_cachep, GFP_ATOMIC); if(c==NULL) return NULL; memset(c, 0, sizeof(*c)); skb_queue_head_init(&c->mfc_un.unres.unresolved); c->mfc_un.unres.expires = jiffies + 10*HZ; return c; }",linux-2.6,,,2584154528919851897873011791151601815,0 3406,['CWE-264'],"static long do_sys_ftruncate(unsigned int fd, loff_t length, int small) { struct inode * inode; struct dentry *dentry; struct file * file; int error; error = -EINVAL; if (length < 0) goto out; error = -EBADF; file = fget(fd); if (!file) goto out; if (file->f_flags & O_LARGEFILE) small = 0; dentry = file->f_path.dentry; inode = dentry->d_inode; error = -EINVAL; if (!S_ISREG(inode->i_mode) || !(file->f_mode & FMODE_WRITE)) goto out_putf; error = -EINVAL; if (small && length > MAX_NON_LFS) goto out_putf; error = -EPERM; if (IS_APPEND(inode)) goto out_putf; error = locks_verify_truncate(inode, file, length); if (!error) error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); out_putf: fput(file); out: return error; }",linux-2.6,,,242644383142401923953493769821927866082,0 2479,CWE-119,"cdf_read_short_sector_chain(const cdf_header_t *h, const cdf_sat_t *ssat, const cdf_stream_t *sst, cdf_secid_t sid, size_t len, cdf_stream_t *scn) { size_t ss = CDF_SEC_SIZE(h), i, j; scn->sst_len = cdf_count_chain(ssat, sid, CDF_SEC_SIZE(h)); scn->sst_dirlen = len; if (sst->sst_tab == NULL || scn->sst_len == (size_t)-1) return -1; scn->sst_tab = calloc(scn->sst_len, ss); if (scn->sst_tab == NULL) return -1; for (j = i = 0; sid >= 0; i++, j++) { if (j >= CDF_LOOP_LIMIT) { DPRINTF((""Read short sector chain loop limit"")); errno = EFTYPE; goto out; } if (i >= scn->sst_len) { DPRINTF((""Out of bounds reading short sector chain "" ""%"" SIZE_T_FORMAT ""u > %"" SIZE_T_FORMAT ""u\n"", i, scn->sst_len)); errno = EFTYPE; goto out; } if (cdf_read_short_sector(sst, scn->sst_tab, i * ss, ss, h, sid) != (ssize_t)ss) { DPRINTF((""Reading short sector chain %d"", sid)); goto out; } sid = CDF_TOLE4((uint32_t)ssat->sat_tab[sid]); } return 0; out: free(scn->sst_tab); return -1; }",visit repo url,src/cdf.c,https://github.com/glensc/file,214408084336296,1 511,[],"static inline void inc_snd_pages(int order) { snd_allocated_pages += 1 << order; }",linux-2.6,,,189588973528031536664824560553007808478,0 2149,['CWE-400'],"static inline struct mempolicy *shmem_get_sbmpol(struct shmem_sb_info *sbinfo) { return NULL; }",linux-2.6,,,48271871100453045453176482972570222566,0 834,['CWE-119'],"isdn_lock_driver(isdn_driver_t *drv) { try_module_get(drv->interface->owner); drv->locks++; }",linux-2.6,,,233352356354115676125121208679888970780,0 435,[],"pfm_rvfree(void *mem, unsigned long size) { unsigned long addr; if (mem) { DPRINT((""freeing physical buffer @%p size=%lu\n"", mem, size)); addr = (unsigned long) mem; while ((long) size > 0) { pfm_unreserve_page(addr); addr+=PAGE_SIZE; size-=PAGE_SIZE; } vfree(mem); } return; }",linux-2.6,,,241236574337662791075571799134202415123,0 2516,['CWE-119'],"static int oneway_diff(struct cache_entry **src, struct unpack_trees_options *o) { struct cache_entry *idx = src[0]; struct cache_entry *tree = src[1]; struct oneway_unpack_data *cbdata = o->unpack_data; struct rev_info *revs = cbdata->revs; if (idx && ce_stage(idx)) skip_same_name(idx, o); if (tree == o->df_conflict_entry) tree = NULL; if (ce_path_match(idx ? idx : tree, revs->prune_data)) do_oneway_diff(o, idx, tree); return 0; }",git,,,69328989966065261391560692473250600651,0 1160,CWE-264,"SYSCALL_DEFINE2(osf_getdomainname, char __user *, name, int, namelen) { unsigned len; int i; if (!access_ok(VERIFY_WRITE, name, namelen)) return -EFAULT; len = namelen; if (namelen > 32) len = 32; down_read(&uts_sem); for (i = 0; i < len; ++i) { __put_user(utsname()->domainname[i], name + i); if (utsname()->domainname[i] == '\0') break; } up_read(&uts_sem); return 0; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,211716187258866,1 2469,['CWE-119'],"static void diffcore_apply_filter(const char *filter) { int i; struct diff_queue_struct *q = &diff_queued_diff; struct diff_queue_struct outq; outq.queue = NULL; outq.nr = outq.alloc = 0; if (!filter) return; if (strchr(filter, DIFF_STATUS_FILTER_AON)) { int found; for (i = found = 0; !found && i < q->nr; i++) { struct diff_filepair *p = q->queue[i]; if (((p->status == DIFF_STATUS_MODIFIED) && ((p->score && strchr(filter, DIFF_STATUS_FILTER_BROKEN)) || (!p->score && strchr(filter, DIFF_STATUS_MODIFIED)))) || ((p->status != DIFF_STATUS_MODIFIED) && strchr(filter, p->status))) found++; } if (found) return; for (i = 0; i < q->nr; i++) diff_free_filepair(q->queue[i]); } else { for (i = 0; i < q->nr; i++) { struct diff_filepair *p = q->queue[i]; if (((p->status == DIFF_STATUS_MODIFIED) && ((p->score && strchr(filter, DIFF_STATUS_FILTER_BROKEN)) || (!p->score && strchr(filter, DIFF_STATUS_MODIFIED)))) || ((p->status != DIFF_STATUS_MODIFIED) && strchr(filter, p->status))) diff_q(&outq, p); else diff_free_filepair(p); } } free(q->queue); *q = outq; }",git,,,215181579421023127004540908059830257751,0 6230,CWE-190,"void fp6_read_bin(fp6_t a, const uint8_t *bin, int len) { if (len != 6 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp2_read_bin(a[0], bin, 2 * RLC_FP_BYTES); fp2_read_bin(a[1], bin + 2 * RLC_FP_BYTES, 2 * RLC_FP_BYTES); fp2_read_bin(a[2], bin + 4 * RLC_FP_BYTES, 2 * RLC_FP_BYTES); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,33792232623724,1 1237,NVD-CWE-Other,"static inline __u16 inet_getid(struct inet_peer *p, int more) { more++; inet_peer_refcheck(p); return atomic_add_return(more, &p->ip_id_count) - more; }",visit repo url,include/net/inetpeer.h,https://github.com/torvalds/linux,52569604460335,1 3077,CWE-399,"static void do_free_upto(BIO *f, BIO *upto) { if (upto) { BIO *tbio; do { tbio = BIO_pop(f); BIO_free(f); f = tbio; } while (f != upto); } else BIO_free_all(f); }",visit repo url,crypto/cms/cms_smime.c,https://github.com/openssl/openssl,89474069822402,1 5344,CWE-787,"Int32 BZ2_decompress ( DState* s ) { UChar uc; Int32 retVal; Int32 minLen, maxLen; bz_stream* strm = s->strm; Int32 i; Int32 j; Int32 t; Int32 alphaSize; Int32 nGroups; Int32 nSelectors; Int32 EOB; Int32 groupNo; Int32 groupPos; Int32 nextSym; Int32 nblockMAX; Int32 nblock; Int32 es; Int32 N; Int32 curr; Int32 zt; Int32 zn; Int32 zvec; Int32 zj; Int32 gSel; Int32 gMinlen; Int32* gLimit; Int32* gBase; Int32* gPerm; if (s->state == BZ_X_MAGIC_1) { s->save_i = 0; s->save_j = 0; s->save_t = 0; s->save_alphaSize = 0; s->save_nGroups = 0; s->save_nSelectors = 0; s->save_EOB = 0; s->save_groupNo = 0; s->save_groupPos = 0; s->save_nextSym = 0; s->save_nblockMAX = 0; s->save_nblock = 0; s->save_es = 0; s->save_N = 0; s->save_curr = 0; s->save_zt = 0; s->save_zn = 0; s->save_zvec = 0; s->save_zj = 0; s->save_gSel = 0; s->save_gMinlen = 0; s->save_gLimit = NULL; s->save_gBase = NULL; s->save_gPerm = NULL; } i = s->save_i; j = s->save_j; t = s->save_t; alphaSize = s->save_alphaSize; nGroups = s->save_nGroups; nSelectors = s->save_nSelectors; EOB = s->save_EOB; groupNo = s->save_groupNo; groupPos = s->save_groupPos; nextSym = s->save_nextSym; nblockMAX = s->save_nblockMAX; nblock = s->save_nblock; es = s->save_es; N = s->save_N; curr = s->save_curr; zt = s->save_zt; zn = s->save_zn; zvec = s->save_zvec; zj = s->save_zj; gSel = s->save_gSel; gMinlen = s->save_gMinlen; gLimit = s->save_gLimit; gBase = s->save_gBase; gPerm = s->save_gPerm; retVal = BZ_OK; switch (s->state) { GET_UCHAR(BZ_X_MAGIC_1, uc); if (uc != BZ_HDR_B) RETURN(BZ_DATA_ERROR_MAGIC); GET_UCHAR(BZ_X_MAGIC_2, uc); if (uc != BZ_HDR_Z) RETURN(BZ_DATA_ERROR_MAGIC); GET_UCHAR(BZ_X_MAGIC_3, uc) if (uc != BZ_HDR_h) RETURN(BZ_DATA_ERROR_MAGIC); GET_BITS(BZ_X_MAGIC_4, s->blockSize100k, 8) if (s->blockSize100k < (BZ_HDR_0 + 1) || s->blockSize100k > (BZ_HDR_0 + 9)) RETURN(BZ_DATA_ERROR_MAGIC); s->blockSize100k -= BZ_HDR_0; if (s->smallDecompress) { s->ll16 = BZALLOC( s->blockSize100k * 100000 * sizeof(UInt16) ); s->ll4 = BZALLOC( ((1 + s->blockSize100k * 100000) >> 1) * sizeof(UChar) ); if (s->ll16 == NULL || s->ll4 == NULL) RETURN(BZ_MEM_ERROR); } else { s->tt = BZALLOC( s->blockSize100k * 100000 * sizeof(Int32) ); if (s->tt == NULL) RETURN(BZ_MEM_ERROR); } GET_UCHAR(BZ_X_BLKHDR_1, uc); if (uc == 0x17) goto endhdr_2; if (uc != 0x31) RETURN(BZ_DATA_ERROR); GET_UCHAR(BZ_X_BLKHDR_2, uc); if (uc != 0x41) RETURN(BZ_DATA_ERROR); GET_UCHAR(BZ_X_BLKHDR_3, uc); if (uc != 0x59) RETURN(BZ_DATA_ERROR); GET_UCHAR(BZ_X_BLKHDR_4, uc); if (uc != 0x26) RETURN(BZ_DATA_ERROR); GET_UCHAR(BZ_X_BLKHDR_5, uc); if (uc != 0x53) RETURN(BZ_DATA_ERROR); GET_UCHAR(BZ_X_BLKHDR_6, uc); if (uc != 0x59) RETURN(BZ_DATA_ERROR); s->currBlockNo++; if (s->verbosity >= 2) VPrintf1 ( ""\n [%d: huff+mtf "", s->currBlockNo ); s->storedBlockCRC = 0; GET_UCHAR(BZ_X_BCRC_1, uc); s->storedBlockCRC = (s->storedBlockCRC << 8) | ((UInt32)uc); GET_UCHAR(BZ_X_BCRC_2, uc); s->storedBlockCRC = (s->storedBlockCRC << 8) | ((UInt32)uc); GET_UCHAR(BZ_X_BCRC_3, uc); s->storedBlockCRC = (s->storedBlockCRC << 8) | ((UInt32)uc); GET_UCHAR(BZ_X_BCRC_4, uc); s->storedBlockCRC = (s->storedBlockCRC << 8) | ((UInt32)uc); GET_BITS(BZ_X_RANDBIT, s->blockRandomised, 1); s->origPtr = 0; GET_UCHAR(BZ_X_ORIGPTR_1, uc); s->origPtr = (s->origPtr << 8) | ((Int32)uc); GET_UCHAR(BZ_X_ORIGPTR_2, uc); s->origPtr = (s->origPtr << 8) | ((Int32)uc); GET_UCHAR(BZ_X_ORIGPTR_3, uc); s->origPtr = (s->origPtr << 8) | ((Int32)uc); if (s->origPtr < 0) RETURN(BZ_DATA_ERROR); if (s->origPtr > 10 + 100000*s->blockSize100k) RETURN(BZ_DATA_ERROR); for (i = 0; i < 16; i++) { GET_BIT(BZ_X_MAPPING_1, uc); if (uc == 1) s->inUse16[i] = True; else s->inUse16[i] = False; } for (i = 0; i < 256; i++) s->inUse[i] = False; for (i = 0; i < 16; i++) if (s->inUse16[i]) for (j = 0; j < 16; j++) { GET_BIT(BZ_X_MAPPING_2, uc); if (uc == 1) s->inUse[i * 16 + j] = True; } makeMaps_d ( s ); if (s->nInUse == 0) RETURN(BZ_DATA_ERROR); alphaSize = s->nInUse+2; GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); if (nSelectors < 1) RETURN(BZ_DATA_ERROR); for (i = 0; i < nSelectors; i++) { j = 0; while (True) { GET_BIT(BZ_X_SELECTOR_3, uc); if (uc == 0) break; j++; if (j >= nGroups) RETURN(BZ_DATA_ERROR); } s->selectorMtf[i] = j; } { UChar pos[BZ_N_GROUPS], tmp, v; for (v = 0; v < nGroups; v++) pos[v] = v; for (i = 0; i < nSelectors; i++) { v = s->selectorMtf[i]; tmp = pos[v]; while (v > 0) { pos[v] = pos[v-1]; v--; } pos[0] = tmp; s->selector[i] = tmp; } } for (t = 0; t < nGroups; t++) { GET_BITS(BZ_X_CODING_1, curr, 5); for (i = 0; i < alphaSize; i++) { while (True) { if (curr < 1 || curr > 20) RETURN(BZ_DATA_ERROR); GET_BIT(BZ_X_CODING_2, uc); if (uc == 0) break; GET_BIT(BZ_X_CODING_3, uc); if (uc == 0) curr++; else curr--; } s->len[t][i] = curr; } } for (t = 0; t < nGroups; t++) { minLen = 32; maxLen = 0; for (i = 0; i < alphaSize; i++) { if (s->len[t][i] > maxLen) maxLen = s->len[t][i]; if (s->len[t][i] < minLen) minLen = s->len[t][i]; } BZ2_hbCreateDecodeTables ( &(s->limit[t][0]), &(s->base[t][0]), &(s->perm[t][0]), &(s->len[t][0]), minLen, maxLen, alphaSize ); s->minLens[t] = minLen; } EOB = s->nInUse+1; nblockMAX = 100000 * s->blockSize100k; groupNo = -1; groupPos = 0; for (i = 0; i <= 255; i++) s->unzftab[i] = 0; { Int32 ii, jj, kk; kk = MTFA_SIZE-1; for (ii = 256 / MTFL_SIZE - 1; ii >= 0; ii--) { for (jj = MTFL_SIZE-1; jj >= 0; jj--) { s->mtfa[kk] = (UChar)(ii * MTFL_SIZE + jj); kk--; } s->mtfbase[ii] = kk + 1; } } nblock = 0; GET_MTF_VAL(BZ_X_MTF_1, BZ_X_MTF_2, nextSym); while (True) { if (nextSym == EOB) break; if (nextSym == BZ_RUNA || nextSym == BZ_RUNB) { es = -1; N = 1; do { if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR); if (nextSym == BZ_RUNA) es = es + (0+1) * N; else if (nextSym == BZ_RUNB) es = es + (1+1) * N; N = N * 2; GET_MTF_VAL(BZ_X_MTF_3, BZ_X_MTF_4, nextSym); } while (nextSym == BZ_RUNA || nextSym == BZ_RUNB); es++; uc = s->seqToUnseq[ s->mtfa[s->mtfbase[0]] ]; s->unzftab[uc] += es; if (s->smallDecompress) while (es > 0) { if (nblock >= nblockMAX) RETURN(BZ_DATA_ERROR); s->ll16[nblock] = (UInt16)uc; nblock++; es--; } else while (es > 0) { if (nblock >= nblockMAX) RETURN(BZ_DATA_ERROR); s->tt[nblock] = (UInt32)uc; nblock++; es--; }; continue; } else { if (nblock >= nblockMAX) RETURN(BZ_DATA_ERROR); { Int32 ii, jj, kk, pp, lno, off; UInt32 nn; nn = (UInt32)(nextSym - 1); if (nn < MTFL_SIZE) { pp = s->mtfbase[0]; uc = s->mtfa[pp+nn]; while (nn > 3) { Int32 z = pp+nn; s->mtfa[(z) ] = s->mtfa[(z)-1]; s->mtfa[(z)-1] = s->mtfa[(z)-2]; s->mtfa[(z)-2] = s->mtfa[(z)-3]; s->mtfa[(z)-3] = s->mtfa[(z)-4]; nn -= 4; } while (nn > 0) { s->mtfa[(pp+nn)] = s->mtfa[(pp+nn)-1]; nn--; }; s->mtfa[pp] = uc; } else { lno = nn / MTFL_SIZE; off = nn % MTFL_SIZE; pp = s->mtfbase[lno] + off; uc = s->mtfa[pp]; while (pp > s->mtfbase[lno]) { s->mtfa[pp] = s->mtfa[pp-1]; pp--; }; s->mtfbase[lno]++; while (lno > 0) { s->mtfbase[lno]--; s->mtfa[s->mtfbase[lno]] = s->mtfa[s->mtfbase[lno-1] + MTFL_SIZE - 1]; lno--; } s->mtfbase[0]--; s->mtfa[s->mtfbase[0]] = uc; if (s->mtfbase[0] == 0) { kk = MTFA_SIZE-1; for (ii = 256 / MTFL_SIZE-1; ii >= 0; ii--) { for (jj = MTFL_SIZE-1; jj >= 0; jj--) { s->mtfa[kk] = s->mtfa[s->mtfbase[ii] + jj]; kk--; } s->mtfbase[ii] = kk + 1; } } } } s->unzftab[s->seqToUnseq[uc]]++; if (s->smallDecompress) s->ll16[nblock] = (UInt16)(s->seqToUnseq[uc]); else s->tt[nblock] = (UInt32)(s->seqToUnseq[uc]); nblock++; GET_MTF_VAL(BZ_X_MTF_5, BZ_X_MTF_6, nextSym); continue; } } if (s->origPtr < 0 || s->origPtr >= nblock) RETURN(BZ_DATA_ERROR); for (i = 0; i <= 255; i++) { if (s->unzftab[i] < 0 || s->unzftab[i] > nblock) RETURN(BZ_DATA_ERROR); } s->cftab[0] = 0; for (i = 1; i <= 256; i++) s->cftab[i] = s->unzftab[i-1]; for (i = 1; i <= 256; i++) s->cftab[i] += s->cftab[i-1]; for (i = 0; i <= 256; i++) { if (s->cftab[i] < 0 || s->cftab[i] > nblock) { RETURN(BZ_DATA_ERROR); } } for (i = 1; i <= 256; i++) { if (s->cftab[i-1] > s->cftab[i]) { RETURN(BZ_DATA_ERROR); } } s->state_out_len = 0; s->state_out_ch = 0; BZ_INITIALISE_CRC ( s->calculatedBlockCRC ); s->state = BZ_X_OUTPUT; if (s->verbosity >= 2) VPrintf0 ( ""rt+rld"" ); if (s->smallDecompress) { for (i = 0; i <= 256; i++) s->cftabCopy[i] = s->cftab[i]; for (i = 0; i < nblock; i++) { uc = (UChar)(s->ll16[i]); SET_LL(i, s->cftabCopy[uc]); s->cftabCopy[uc]++; } i = s->origPtr; j = GET_LL(i); do { Int32 tmp = GET_LL(j); SET_LL(j, i); i = j; j = tmp; } while (i != s->origPtr); s->tPos = s->origPtr; s->nblock_used = 0; if (s->blockRandomised) { BZ_RAND_INIT_MASK; BZ_GET_SMALL(s->k0); s->nblock_used++; BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK; } else { BZ_GET_SMALL(s->k0); s->nblock_used++; } } else { for (i = 0; i < nblock; i++) { uc = (UChar)(s->tt[i] & 0xff); s->tt[s->cftab[uc]] |= (i << 8); s->cftab[uc]++; } s->tPos = s->tt[s->origPtr] >> 8; s->nblock_used = 0; if (s->blockRandomised) { BZ_RAND_INIT_MASK; BZ_GET_FAST(s->k0); s->nblock_used++; BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK; } else { BZ_GET_FAST(s->k0); s->nblock_used++; } } RETURN(BZ_OK); endhdr_2: GET_UCHAR(BZ_X_ENDHDR_2, uc); if (uc != 0x72) RETURN(BZ_DATA_ERROR); GET_UCHAR(BZ_X_ENDHDR_3, uc); if (uc != 0x45) RETURN(BZ_DATA_ERROR); GET_UCHAR(BZ_X_ENDHDR_4, uc); if (uc != 0x38) RETURN(BZ_DATA_ERROR); GET_UCHAR(BZ_X_ENDHDR_5, uc); if (uc != 0x50) RETURN(BZ_DATA_ERROR); GET_UCHAR(BZ_X_ENDHDR_6, uc); if (uc != 0x90) RETURN(BZ_DATA_ERROR); s->storedCombinedCRC = 0; GET_UCHAR(BZ_X_CCRC_1, uc); s->storedCombinedCRC = (s->storedCombinedCRC << 8) | ((UInt32)uc); GET_UCHAR(BZ_X_CCRC_2, uc); s->storedCombinedCRC = (s->storedCombinedCRC << 8) | ((UInt32)uc); GET_UCHAR(BZ_X_CCRC_3, uc); s->storedCombinedCRC = (s->storedCombinedCRC << 8) | ((UInt32)uc); GET_UCHAR(BZ_X_CCRC_4, uc); s->storedCombinedCRC = (s->storedCombinedCRC << 8) | ((UInt32)uc); s->state = BZ_X_IDLE; RETURN(BZ_STREAM_END); default: AssertH ( False, 4001 ); } AssertH ( False, 4002 ); save_state_and_return: s->save_i = i; s->save_j = j; s->save_t = t; s->save_alphaSize = alphaSize; s->save_nGroups = nGroups; s->save_nSelectors = nSelectors; s->save_EOB = EOB; s->save_groupNo = groupNo; s->save_groupPos = groupPos; s->save_nextSym = nextSym; s->save_nblockMAX = nblockMAX; s->save_nblock = nblock; s->save_es = es; s->save_N = N; s->save_curr = curr; s->save_zt = zt; s->save_zn = zn; s->save_zvec = zvec; s->save_zj = zj; s->save_gSel = gSel; s->save_gMinlen = gMinlen; s->save_gLimit = gLimit; s->save_gBase = gBase; s->save_gPerm = gPerm; return retVal; }",visit repo url,decompress.c,https://gitlab.com/federicomenaquintero/bzip2,201564785188578,1 4595,['CWE-399'],"int ext4_page_mkwrite(struct vm_area_struct *vma, struct page *page) { loff_t size; unsigned long len; int ret = -EINVAL; void *fsdata; struct file *file = vma->vm_file; struct inode *inode = file->f_path.dentry->d_inode; struct address_space *mapping = inode->i_mapping; down_read(&inode->i_alloc_sem); size = i_size_read(inode); if (page->mapping != mapping || size <= page_offset(page) || !PageUptodate(page)) { goto out_unlock; } ret = 0; if (PageMappedToDisk(page)) goto out_unlock; if (page->index == size >> PAGE_CACHE_SHIFT) len = size & ~PAGE_CACHE_MASK; else len = PAGE_CACHE_SIZE; if (page_has_buffers(page)) { if (!walk_page_buffers(NULL, page_buffers(page), 0, len, NULL, ext4_bh_unmapped)) goto out_unlock; } ret = mapping->a_ops->write_begin(file, mapping, page_offset(page), len, AOP_FLAG_UNINTERRUPTIBLE, &page, &fsdata); if (ret < 0) goto out_unlock; ret = mapping->a_ops->write_end(file, mapping, page_offset(page), len, len, page, fsdata); if (ret < 0) goto out_unlock; ret = 0; out_unlock: up_read(&inode->i_alloc_sem); return ret; }",linux-2.6,,,178615379599150226693868000363521264984,0 2034,['CWE-269'],"static void *m_start(struct seq_file *m, loff_t *pos) { struct mnt_namespace *n = m->private; struct list_head *p; loff_t l = *pos; down_read(&namespace_sem); list_for_each(p, &n->list) if (!l--) return list_entry(p, struct vfsmount, mnt_list); return NULL; }",linux-2.6,,,209915526507135969564235592409880324232,0 5793,['CWE-200'],"static struct atalk_iface *atif_add_device(struct net_device *dev, struct atalk_addr *sa) { struct atalk_iface *iface = kzalloc(sizeof(*iface), GFP_KERNEL); if (!iface) goto out; dev_hold(dev); iface->dev = dev; dev->atalk_ptr = iface; iface->address = *sa; iface->status = 0; write_lock_bh(&atalk_interfaces_lock); iface->next = atalk_interfaces; atalk_interfaces = iface; write_unlock_bh(&atalk_interfaces_lock); out: return iface; }",linux-2.6,,,284778872100321710180321354050048452399,0 4998,['CWE-346'],"int udev_monitor_set_receive_buffer_size(struct udev_monitor *udev_monitor, int size) { if (udev_monitor == NULL) return -1; return setsockopt(udev_monitor->sock, SOL_SOCKET, SO_RCVBUFFORCE, &size, sizeof(size)); }",udev,,,224204153745008853785442604366948223490,0 5614,CWE-125,"ast_for_comprehension(struct compiling *c, const node *n) { int i, n_fors; asdl_seq *comps; n_fors = count_comp_fors(c, n); if (n_fors == -1) return NULL; comps = _Ta3_asdl_seq_new(n_fors, c->c_arena); if (!comps) return NULL; for (i = 0; i < n_fors; i++) { comprehension_ty comp; asdl_seq *t; expr_ty expression, first; node *for_ch; int is_async = 0; REQ(n, comp_for); if (TYPE(CHILD(n, 0)) == ASYNC) { is_async = 1; } if (is_async && c->c_feature_version < 6) { ast_error(c, n, ""Async comprehensions are only supported in Python 3.6 and greater""); return NULL; } for_ch = CHILD(n, 1 + is_async); t = ast_for_exprlist(c, for_ch, Store); if (!t) return NULL; expression = ast_for_expr(c, CHILD(n, 3 + is_async)); if (!expression) return NULL; first = (expr_ty)asdl_seq_GET(t, 0); if (NCH(for_ch) == 1) comp = comprehension(first, expression, NULL, is_async, c->c_arena); else comp = comprehension(Tuple(t, Store, first->lineno, first->col_offset, c->c_arena), expression, NULL, is_async, c->c_arena); if (!comp) return NULL; if (NCH(n) == (5 + is_async)) { int j, n_ifs; asdl_seq *ifs; n = CHILD(n, 4 + is_async); n_ifs = count_comp_ifs(c, n); if (n_ifs == -1) return NULL; ifs = _Ta3_asdl_seq_new(n_ifs, c->c_arena); if (!ifs) return NULL; for (j = 0; j < n_ifs; j++) { REQ(n, comp_iter); n = CHILD(n, 0); REQ(n, comp_if); expression = ast_for_expr(c, CHILD(n, 1)); if (!expression) return NULL; asdl_seq_SET(ifs, j, expression); if (NCH(n) == 3) n = CHILD(n, 2); } if (TYPE(n) == comp_iter) n = CHILD(n, 0); comp->ifs = ifs; } asdl_seq_SET(comps, i, comp); } return comps; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,123542613167036,1 2267,NVD-CWE-Other,"static int ext4_get_block_write(struct inode *inode, sector_t iblock, struct buffer_head *bh_result, int create) { handle_t *handle = NULL; int ret = 0; unsigned max_blocks = bh_result->b_size >> inode->i_blkbits; int dio_credits; ext4_debug(""ext4_get_block_write: inode %lu, create flag %d\n"", inode->i_ino, create); create = EXT4_GET_BLOCKS_IO_CREATE_EXT; if (max_blocks > DIO_MAX_BLOCKS) max_blocks = DIO_MAX_BLOCKS; dio_credits = ext4_chunk_trans_blocks(inode, max_blocks); handle = ext4_journal_start(inode, dio_credits); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out; } ret = ext4_get_blocks(handle, inode, iblock, max_blocks, bh_result, create); if (ret > 0) { bh_result->b_size = (ret << inode->i_blkbits); ret = 0; } ext4_journal_stop(handle); out: return ret; }",visit repo url,fs/ext4/inode.c,https://github.com/torvalds/linux,111919237718567,1 5026,[],"static void async_reply_recv(void *private_data, BOOL success) { struct winbindd_async_request *state = talloc_get_type_abort(private_data, struct winbindd_async_request); struct winbindd_child *child = state->child; TALLOC_FREE(state->reply_timeout_event); state->response->length = sizeof(struct winbindd_response); if (!success) { DEBUG(5, (""Could not receive async reply from child pid %u\n"", (unsigned int)state->child_pid )); cache_cleanup_response(state->child_pid); async_request_fail(state); return; } SMB_ASSERT(cache_retrieve_response(state->child_pid, state->response)); cache_cleanup_response(state->child_pid); DLIST_REMOVE(child->requests, state); schedule_async_request(child); state->continuation(state->private_data, True); }",samba,,,235837973356896805040642302241812012936,0 5506,['CWE-119'],"ecryptfs_generate_key_packet_set(char *dest_base, struct ecryptfs_crypt_stat *crypt_stat, struct dentry *ecryptfs_dentry, size_t *len, size_t max) { struct ecryptfs_auth_tok *auth_tok; struct ecryptfs_global_auth_tok *global_auth_tok; struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private( ecryptfs_dentry->d_sb)->mount_crypt_stat; size_t written; struct ecryptfs_key_record *key_rec; struct ecryptfs_key_sig *key_sig; int rc = 0; (*len) = 0; mutex_lock(&crypt_stat->keysig_list_mutex); key_rec = kmem_cache_alloc(ecryptfs_key_record_cache, GFP_KERNEL); if (!key_rec) { rc = -ENOMEM; goto out; } list_for_each_entry(key_sig, &crypt_stat->keysig_list, crypt_stat_list) { memset(key_rec, 0, sizeof(*key_rec)); rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok, mount_crypt_stat, key_sig->keysig); if (rc) { printk(KERN_ERR ""Error attempting to get the global "" ""auth_tok; rc = [%d]\n"", rc); goto out_free; } if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) { printk(KERN_WARNING ""Skipping invalid auth tok with sig = [%s]\n"", global_auth_tok->sig); continue; } auth_tok = global_auth_tok->global_auth_tok; if (auth_tok->token_type == ECRYPTFS_PASSWORD) { rc = write_tag_3_packet((dest_base + (*len)), &max, auth_tok, crypt_stat, key_rec, &written); if (rc) { ecryptfs_printk(KERN_WARNING, ""Error "" ""writing tag 3 packet\n""); goto out_free; } (*len) += written; rc = write_tag_11_packet((dest_base + (*len)), &max, key_rec->sig, ECRYPTFS_SIG_SIZE, &written); if (rc) { ecryptfs_printk(KERN_ERR, ""Error writing "" ""auth tok signature packet\n""); goto out_free; } (*len) += written; } else if (auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) { rc = write_tag_1_packet(dest_base + (*len), &max, auth_tok, crypt_stat, key_rec, &written); if (rc) { ecryptfs_printk(KERN_WARNING, ""Error "" ""writing tag 1 packet\n""); goto out_free; } (*len) += written; } else { ecryptfs_printk(KERN_WARNING, ""Unsupported "" ""authentication token type\n""); rc = -EINVAL; goto out_free; } } if (likely(max > 0)) { dest_base[(*len)] = 0x00; } else { ecryptfs_printk(KERN_ERR, ""Error writing boundary byte\n""); rc = -EIO; } out_free: kmem_cache_free(ecryptfs_key_record_cache, key_rec); out: if (rc) (*len) = 0; mutex_unlock(&crypt_stat->keysig_list_mutex); return rc; }",linux-2.6,,,110497531608703362794092681787169909814,0 3923,['CWE-399'],"static void tda9840_setmode(struct CHIPSTATE *chip, int mode) { int update = 1; int t = chip->shadow.bytes[TDA9840_SW + 1] & ~0x7e; switch (mode) { case V4L2_TUNER_MODE_MONO: t |= TDA9840_MONO; break; case V4L2_TUNER_MODE_STEREO: t |= TDA9840_STEREO; break; case V4L2_TUNER_MODE_LANG1: t |= TDA9840_DUALA; break; case V4L2_TUNER_MODE_LANG2: t |= TDA9840_DUALB; break; default: update = 0; } if (update) chip_write(chip, TDA9840_SW, t); }",linux-2.6,,,160980457387209290661409658696340233159,0 3196,['CWE-189'],"jas_matrix_t *jas_seq2d_input(FILE *in) { jas_matrix_t *matrix; int i; int j; long x; int numrows; int numcols; int xoff; int yoff; if (fscanf(in, ""%d %d"", &xoff, &yoff) != 2) return 0; if (fscanf(in, ""%d %d"", &numcols, &numrows) != 2) return 0; if (!(matrix = jas_seq2d_create(xoff, yoff, xoff + numcols, yoff + numrows))) return 0; if (jas_matrix_numrows(matrix) != numrows || jas_matrix_numcols(matrix) != numcols) { abort(); } for (i = 0; i < jas_matrix_numrows(matrix); i++) { for (j = 0; j < jas_matrix_numcols(matrix); j++) { if (fscanf(in, ""%ld"", &x) != 1) { jas_matrix_destroy(matrix); return 0; } jas_matrix_set(matrix, i, j, JAS_CAST(jas_seqent_t, x)); } } return matrix; }",jasper,,,177970066284403850837654068923230107297,0 4003,CWE-125,"int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args) { int rc = SEPOL_OK; struct cil_args_resolve *args = extra_args; enum cil_pass pass = args->pass; struct cil_tree_node *block = args->block; struct cil_tree_node *macro = args->macro; struct cil_tree_node *optional = args->optional; struct cil_tree_node *boolif = args->boolif; if (node == NULL) { goto exit; } if (block != NULL) { if (node->flavor == CIL_CAT || node->flavor == CIL_SENS) { cil_tree_log(node, CIL_ERR, ""%s statement is not allowed in blocks"", cil_node_to_string(node)); rc = SEPOL_ERR; goto exit; } } if (macro != NULL) { if (node->flavor == CIL_BLOCK || node->flavor == CIL_BLOCKINHERIT || node->flavor == CIL_BLOCKABSTRACT || node->flavor == CIL_MACRO) { cil_tree_log(node, CIL_ERR, ""%s statement is not allowed in macros"", cil_node_to_string(node)); rc = SEPOL_ERR; goto exit; } } if (optional != NULL) { if (node->flavor == CIL_TUNABLE || node->flavor == CIL_MACRO) { cil_tree_log(node, CIL_ERR, ""%s statement is not allowed in optionals"", cil_node_to_string(node)); rc = SEPOL_ERR; goto exit; } } if (boolif != NULL) { if (node->flavor != CIL_TUNABLEIF && node->flavor != CIL_CALL && node->flavor != CIL_CONDBLOCK && node->flavor != CIL_AVRULE && node->flavor != CIL_TYPE_RULE && node->flavor != CIL_NAMETYPETRANSITION) { rc = SEPOL_ERR; } else if (node->flavor == CIL_AVRULE) { struct cil_avrule *rule = node->data; if (rule->rule_kind == CIL_AVRULE_NEVERALLOW) { rc = SEPOL_ERR; } } if (rc == SEPOL_ERR) { if (((struct cil_booleanif*)boolif->data)->preserved_tunable) { cil_tree_log(node, CIL_ERR, ""%s statement is not allowed in booleanifs (tunableif treated as a booleanif)"", cil_node_to_string(node)); } else { cil_tree_log(node, CIL_ERR, ""%s statement is not allowed in booleanifs"", cil_node_to_string(node)); } goto exit; } } if (node->flavor == CIL_MACRO) { if (pass != CIL_PASS_TIF && pass != CIL_PASS_MACRO) { *finished = CIL_TREE_SKIP_HEAD; rc = SEPOL_OK; goto exit; } } if (node->flavor == CIL_BLOCK && ((((struct cil_block*)node->data)->is_abstract == CIL_TRUE) && (pass > CIL_PASS_BLKABS))) { *finished = CIL_TREE_SKIP_HEAD; rc = SEPOL_OK; goto exit; } rc = __cil_resolve_ast_node(node, extra_args); if (rc == SEPOL_ENOENT) { enum cil_log_level lvl = CIL_ERR; if (optional != NULL) { lvl = CIL_INFO; struct cil_optional *opt = (struct cil_optional *)optional->data; struct cil_tree_node *opt_node = NODE(opt);; opt->enabled = CIL_FALSE; cil_tree_log(node, lvl, ""Failed to resolve %s statement"", cil_node_to_string(node)); cil_tree_log(opt_node, lvl, ""Disabling optional '%s'"", opt->datum.name); rc = SEPOL_OK; goto exit; } cil_tree_log(node, lvl, ""Failed to resolve %s statement"", cil_node_to_string(node)); goto exit; } return rc; exit: return rc; }",visit repo url,libsepol/cil/src/cil_resolve_ast.c,https://github.com/SELinuxProject/selinux,137866176608774,1 3002,['CWE-189'],"static int jpc_enc_encodemainhdr(jpc_enc_t *enc) { jpc_siz_t *siz; jpc_cod_t *cod; jpc_qcd_t *qcd; int i; long startoff; long mainhdrlen; jpc_enc_cp_t *cp; jpc_qcc_t *qcc; jpc_enc_tccp_t *tccp; uint_fast16_t cmptno; jpc_tsfb_band_t bandinfos[JPC_MAXBANDS]; jpc_fix_t mctsynweight; jpc_enc_tcp_t *tcp; jpc_tsfb_t *tsfb; jpc_tsfb_band_t *bandinfo; uint_fast16_t numbands; uint_fast16_t bandno; uint_fast16_t rlvlno; uint_fast16_t analgain; jpc_fix_t absstepsize; char buf[1024]; jpc_com_t *com; cp = enc->cp; startoff = jas_stream_getrwcount(enc->out); if (!(enc->mrk = jpc_ms_create(JPC_MS_SOC))) { return -1; } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write SOC marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (!(enc->mrk = jpc_ms_create(JPC_MS_SIZ))) { return -1; } siz = &enc->mrk->parms.siz; siz->caps = 0; siz->xoff = cp->imgareatlx; siz->yoff = cp->imgareatly; siz->width = cp->refgrdwidth; siz->height = cp->refgrdheight; siz->tilexoff = cp->tilegrdoffx; siz->tileyoff = cp->tilegrdoffy; siz->tilewidth = cp->tilewidth; siz->tileheight = cp->tileheight; siz->numcomps = cp->numcmpts; siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)); assert(siz->comps); for (i = 0; i < JAS_CAST(int, cp->numcmpts); ++i) { siz->comps[i].prec = cp->ccps[i].prec; siz->comps[i].sgnd = cp->ccps[i].sgnd; siz->comps[i].hsamp = cp->ccps[i].sampgrdstepx; siz->comps[i].vsamp = cp->ccps[i].sampgrdstepy; } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write SIZ marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (!(enc->mrk = jpc_ms_create(JPC_MS_COM))) { return -1; } sprintf(buf, ""Creator: JasPer Version %s"", jas_getversion()); com = &enc->mrk->parms.com; com->len = strlen(buf); com->regid = JPC_COM_LATIN; if (!(com->data = JAS_CAST(uchar *, jas_strdup(buf)))) { abort(); } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write COM marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; #if 0 if (!(enc->mrk = jpc_ms_create(JPC_MS_CRG))) { return -1; } crg = &enc->mrk->parms.crg; crg->comps = jas_alloc2(crg->numcomps, sizeof(jpc_crgcomp_t)); if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write CRG marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; #endif tcp = &cp->tcp; tccp = &cp->tccp; for (cmptno = 0; cmptno < cp->numcmpts; ++cmptno) { tsfb = jpc_cod_gettsfb(tccp->qmfbid, tccp->maxrlvls - 1); jpc_tsfb_getbands(tsfb, 0, 0, 1 << tccp->maxrlvls, 1 << tccp->maxrlvls, bandinfos); jpc_tsfb_destroy(tsfb); mctsynweight = jpc_mct_getsynweight(tcp->mctid, cmptno); numbands = 3 * tccp->maxrlvls - 2; for (bandno = 0, bandinfo = bandinfos; bandno < numbands; ++bandno, ++bandinfo) { rlvlno = (bandno) ? ((bandno - 1) / 3 + 1) : 0; analgain = JPC_NOMINALGAIN(tccp->qmfbid, tccp->maxrlvls, rlvlno, bandinfo->orient); if (!tcp->intmode) { absstepsize = jpc_fix_div(jpc_inttofix(1 << (analgain + 1)), bandinfo->synenergywt); } else { absstepsize = jpc_inttofix(1); } cp->ccps[cmptno].stepsizes[bandno] = jpc_abstorelstepsize(absstepsize, cp->ccps[cmptno].prec + analgain); } cp->ccps[cmptno].numstepsizes = numbands; } if (!(enc->mrk = jpc_ms_create(JPC_MS_COD))) { return -1; } cod = &enc->mrk->parms.cod; cod->csty = cp->tccp.csty | cp->tcp.csty; cod->compparms.csty = cp->tccp.csty | cp->tcp.csty; cod->compparms.numdlvls = cp->tccp.maxrlvls - 1; cod->compparms.numrlvls = cp->tccp.maxrlvls; cod->prg = cp->tcp.prg; cod->numlyrs = cp->tcp.numlyrs; cod->compparms.cblkwidthval = JPC_COX_CBLKSIZEEXPN(cp->tccp.cblkwidthexpn); cod->compparms.cblkheightval = JPC_COX_CBLKSIZEEXPN(cp->tccp.cblkheightexpn); cod->compparms.cblksty = cp->tccp.cblksty; cod->compparms.qmfbid = cp->tccp.qmfbid; cod->mctrans = (cp->tcp.mctid != JPC_MCT_NONE); if (tccp->csty & JPC_COX_PRT) { for (rlvlno = 0; rlvlno < tccp->maxrlvls; ++rlvlno) { cod->compparms.rlvls[rlvlno].parwidthval = tccp->prcwidthexpns[rlvlno]; cod->compparms.rlvls[rlvlno].parheightval = tccp->prcheightexpns[rlvlno]; } } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write COD marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (!(enc->mrk = jpc_ms_create(JPC_MS_QCD))) { return -1; } qcd = &enc->mrk->parms.qcd; qcd->compparms.qntsty = (tccp->qmfbid == JPC_COX_INS) ? JPC_QCX_SEQNT : JPC_QCX_NOQNT; qcd->compparms.numstepsizes = cp->ccps[0].numstepsizes; qcd->compparms.numguard = cp->tccp.numgbits; qcd->compparms.stepsizes = cp->ccps[0].stepsizes; if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { return -1; } qcd->compparms.stepsizes = 0; jpc_ms_destroy(enc->mrk); enc->mrk = 0; tccp = &cp->tccp; for (cmptno = 1; cmptno < cp->numcmpts; ++cmptno) { if (!(enc->mrk = jpc_ms_create(JPC_MS_QCC))) { return -1; } qcc = &enc->mrk->parms.qcc; qcc->compno = cmptno; qcc->compparms.qntsty = (tccp->qmfbid == JPC_COX_INS) ? JPC_QCX_SEQNT : JPC_QCX_NOQNT; qcc->compparms.numstepsizes = cp->ccps[cmptno].numstepsizes; qcc->compparms.numguard = cp->tccp.numgbits; qcc->compparms.stepsizes = cp->ccps[cmptno].stepsizes; if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { return -1; } qcc->compparms.stepsizes = 0; jpc_ms_destroy(enc->mrk); enc->mrk = 0; } #define MAINTLRLEN 2 mainhdrlen = jas_stream_getrwcount(enc->out) - startoff; enc->len += mainhdrlen; if (enc->cp->totalsize != UINT_FAST32_MAX) { uint_fast32_t overhead; overhead = mainhdrlen + MAINTLRLEN; enc->mainbodysize = (enc->cp->totalsize >= overhead) ? (enc->cp->totalsize - overhead) : 0; } else { enc->mainbodysize = UINT_FAST32_MAX; } return 0; }",jasper,,,328306849711018750771864257952441036450,0 909,CWE-20,"void kvm_lapic_sync_from_vapic(struct kvm_vcpu *vcpu) { u32 data; void *vapic; if (test_bit(KVM_APIC_PV_EOI_PENDING, &vcpu->arch.apic_attention)) apic_sync_pv_eoi_from_guest(vcpu, vcpu->arch.apic); if (!test_bit(KVM_APIC_CHECK_VAPIC, &vcpu->arch.apic_attention)) return; vapic = kmap_atomic(vcpu->arch.apic->vapic_page); data = *(u32 *)(vapic + offset_in_page(vcpu->arch.apic->vapic_addr)); kunmap_atomic(vapic); apic_set_tpr(vcpu->arch.apic, data & 0xff); }",visit repo url,arch/x86/kvm/lapic.c,https://github.com/torvalds/linux,90628616831164,1 4938,CWE-787,"exif_data_load_data_entry (ExifData *data, ExifEntry *entry, const unsigned char *d, unsigned int size, unsigned int offset) { unsigned int s, doff; entry->tag = exif_get_short (d + offset + 0, data->priv->order); entry->format = exif_get_short (d + offset + 2, data->priv->order); entry->components = exif_get_long (d + offset + 4, data->priv->order); exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Loading entry 0x%x ('%s')..."", entry->tag, exif_tag_get_name (entry->tag)); s = exif_format_get_size(entry->format) * entry->components; if ((s < entry->components) || (s == 0)){ return 0; } if (s > 4) doff = exif_get_long (d + offset + 8, data->priv->order); else doff = offset + 8; if ((doff + s < doff) || (doff + s < s) || (doff + s > size)) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Tag data past end of buffer (%u > %u)"", doff+s, size); return 0; } entry->data = exif_data_alloc (data, s); if (entry->data) { entry->size = s; memcpy (entry->data, d + doff, s); } else { EXIF_LOG_NO_MEMORY(data->priv->log, ""ExifData"", s); return 0; } if (entry->tag == EXIF_TAG_MAKER_NOTE) { if (!entry->data) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""MakerNote found with empty data""); } else if (entry->size > 6) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""MakerNote found (%02x %02x %02x %02x "" ""%02x %02x %02x...)."", entry->data[0], entry->data[1], entry->data[2], entry->data[3], entry->data[4], entry->data[5], entry->data[6]); } data->priv->offset_mnote = doff; } return 1; }",visit repo url,libexif/exif-data.c,https://github.com/libexif/libexif,123536622804356,1 1015,CWE-399,"static int process_one_ticket(struct ceph_auth_client *ac, struct ceph_crypto_key *secret, void **p, void *end, void *dbuf, void *ticket_buf) { struct ceph_x_info *xi = ac->private; int type; u8 tkt_struct_v, blob_struct_v; struct ceph_x_ticket_handler *th; void *dp, *dend; int dlen; char is_enc; struct timespec validity; struct ceph_crypto_key old_key; void *tp, *tpend; struct ceph_timespec new_validity; struct ceph_crypto_key new_session_key; struct ceph_buffer *new_ticket_blob; unsigned long new_expires, new_renew_after; u64 new_secret_id; int ret; ceph_decode_need(p, end, sizeof(u32) + 1, bad); type = ceph_decode_32(p); dout("" ticket type %d %s\n"", type, ceph_entity_type_name(type)); tkt_struct_v = ceph_decode_8(p); if (tkt_struct_v != 1) goto bad; th = get_ticket_handler(ac, type); if (IS_ERR(th)) { ret = PTR_ERR(th); goto out; } dlen = ceph_x_decrypt(secret, p, end, dbuf, TEMP_TICKET_BUF_LEN); if (dlen <= 0) { ret = dlen; goto out; } dout("" decrypted %d bytes\n"", dlen); dp = dbuf; dend = dp + dlen; tkt_struct_v = ceph_decode_8(&dp); if (tkt_struct_v != 1) goto bad; memcpy(&old_key, &th->session_key, sizeof(old_key)); ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); if (ret) goto out; ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); ceph_decode_timespec(&validity, &new_validity); new_expires = get_seconds() + validity.tv_sec; new_renew_after = new_expires - (validity.tv_sec / 4); dout("" expires=%lu renew_after=%lu\n"", new_expires, new_renew_after); ceph_decode_8_safe(p, end, is_enc, bad); tp = ticket_buf; if (is_enc) { dout("" encrypted ticket\n""); dlen = ceph_x_decrypt(&old_key, p, end, ticket_buf, TEMP_TICKET_BUF_LEN); if (dlen < 0) { ret = dlen; goto out; } dlen = ceph_decode_32(&tp); } else { ceph_decode_32_safe(p, end, dlen, bad); ceph_decode_need(p, end, dlen, bad); ceph_decode_copy(p, ticket_buf, dlen); } tpend = tp + dlen; dout("" ticket blob is %d bytes\n"", dlen); ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); blob_struct_v = ceph_decode_8(&tp); new_secret_id = ceph_decode_64(&tp); ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); if (ret) goto out; ceph_crypto_key_destroy(&th->session_key); if (th->ticket_blob) ceph_buffer_put(th->ticket_blob); th->session_key = new_session_key; th->ticket_blob = new_ticket_blob; th->validity = new_validity; th->secret_id = new_secret_id; th->expires = new_expires; th->renew_after = new_renew_after; dout("" got ticket service %d (%s) secret_id %lld len %d\n"", type, ceph_entity_type_name(type), th->secret_id, (int)th->ticket_blob->vec.iov_len); xi->have_keys |= th->service; out: return ret; bad: ret = -EINVAL; goto out; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,103239916982661,1 2899,CWE-119,"swabHorAcc32(TIFF* tif, uint8* cp0, tmsize_t cc) { uint32* wp = (uint32*) cp0; tmsize_t wc = cc / 4; TIFFSwabArrayOfLong(wp, wc); horAcc32(tif, cp0, cc); }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,259783261775413,1 3916,['CWE-399'],"static int chip_write_masked(struct CHIPSTATE *chip, int subaddr, int val, int mask) { if (mask != 0) { if (subaddr < 0) { val = (chip->shadow.bytes[1] & ~mask) | (val & mask); } else { if (subaddr + 1 >= ARRAY_SIZE(chip->shadow.bytes)) { v4l_info(chip->c, ""Tried to access a non-existent register: %d\n"", subaddr); return -EINVAL; } val = (chip->shadow.bytes[subaddr+1] & ~mask) | (val & mask); } } return chip_write(chip, subaddr, val); }",linux-2.6,,,39414448257475618191569661971681987301,0 6552,CWE-287,"int callback_glewlwyd_user_auth (const struct _u_request * request, struct _u_response * response, void * user_data) { struct config_elements * config = (struct config_elements *)user_data; json_t * j_param = ulfius_get_json_body_request(request, NULL), * j_result = NULL; const char * ip_source = get_ip_source(request); char * issued_for = get_client_hostname(request); char * session_uid, expires[129]; time_t now; struct tm ts; time(&now); now += GLEWLWYD_DEFAULT_SESSION_EXPIRATION_COOKIE; gmtime_r(&now, &ts); strftime(expires, 128, ""%a, %d %b %Y %T %Z"", &ts); if (j_param != NULL) { if (json_string_length(json_object_get(j_param, ""username""))) { if (json_object_get(j_param, ""scheme_type"") == NULL || 0 == o_strcmp(json_string_value(json_object_get(j_param, ""scheme_type"")), ""password"")) { if (json_string_length(json_object_get(j_param, ""password""))) { j_result = auth_check_user_credentials(config, json_string_value(json_object_get(j_param, ""username"")), json_string_value(json_object_get(j_param, ""password""))); if (check_result_value(j_result, G_OK)) { if ((session_uid = get_session_id(config, request)) == NULL) { session_uid = generate_session_id(); } if (user_session_update(config, session_uid, u_map_get_case(request->map_header, ""user-agent""), issued_for, json_string_value(json_object_get(j_param, ""username"")), NULL, 1) != G_OK) { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_glewlwyd_user_auth - Error user_session_update (1)""); response->status = 500; } else { ulfius_add_cookie_to_response(response, config->session_key, session_uid, expires, 0, config->cookie_domain, ""/"", config->cookie_secure, 0); y_log_message(Y_LOG_LEVEL_INFO, ""Event - User '%s' authenticated with password"", json_string_value(json_object_get(j_param, ""username""))); } o_free(session_uid); glewlwyd_metrics_increment_counter_va(config, GLWD_METRICS_AUTH_USER_VALID, 1, NULL); glewlwyd_metrics_increment_counter_va(config, GLWD_METRICS_AUTH_USER_VALID_SCHEME, 1, ""scheme_type"", ""password"", NULL); } else { if (check_result_value(j_result, G_ERROR_UNAUTHORIZED)) { y_log_message(Y_LOG_LEVEL_WARNING, ""Security - Authorization invalid for username %s at IP Address %s"", json_string_value(json_object_get(j_param, ""username"")), ip_source); } if ((session_uid = get_session_id(config, request)) != NULL && user_session_update(config, session_uid, u_map_get_case(request->map_header, ""user-agent""), issued_for, json_string_value(json_object_get(j_param, ""username"")), NULL, 1) != G_OK) { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_glewlwyd_user_auth - Error user_session_update (2)""); } o_free(session_uid); response->status = 401; glewlwyd_metrics_increment_counter_va(config, GLWD_METRICS_AUTH_USER_INVALID, 1, NULL); glewlwyd_metrics_increment_counter_va(config, GLWD_METRICS_AUTH_USER_INVALID_SCHEME, 1, ""scheme_type"", ""password"", NULL); } json_decref(j_result); } else if (json_object_get(j_param, ""password"") != NULL && !json_is_string(json_object_get(j_param, ""password""))) { ulfius_set_string_body_response(response, 400, ""password must be a string""); } else { session_uid = get_session_id(config, request); j_result = get_users_for_session(config, session_uid); if (check_result_value(j_result, G_OK)) { if (user_session_update(config, u_map_get(request->map_cookie, config->session_key), u_map_get_case(request->map_header, ""user-agent""), issued_for, json_string_value(json_object_get(j_param, ""username"")), NULL, 0) != G_OK) { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_glewlwyd_user_auth - Error user_session_update (3)""); response->status = 500; } else { ulfius_add_cookie_to_response(response, config->session_key, session_uid, expires, 0, config->cookie_domain, ""/"", config->cookie_secure, 0); } } else if (check_result_value(j_result, G_ERROR_NOT_FOUND)) { response->status = 401; } else { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_glewlwyd_user_auth - Error get_users_for_session""); response->status = 500; } o_free(session_uid); json_decref(j_result); } } else { if (json_string_length(json_object_get(j_param, ""scheme_type"")) && json_string_length(json_object_get(j_param, ""scheme_name"")) && json_is_object(json_object_get(j_param, ""value""))) { j_result = auth_check_user_scheme(config, json_string_value(json_object_get(j_param, ""scheme_type"")), json_string_value(json_object_get(j_param, ""scheme_name"")), json_string_value(json_object_get(j_param, ""username"")), json_object_get(j_param, ""value""), request); if (check_result_value(j_result, G_ERROR_PARAM)) { ulfius_set_string_body_response(response, 400, ""bad scheme response""); } else if (check_result_value(j_result, G_ERROR_UNAUTHORIZED)) { y_log_message(Y_LOG_LEVEL_WARNING, ""Security - Authorization invalid for username %s at IP Address %s"", json_string_value(json_object_get(j_param, ""username"")), ip_source); response->status = 401; glewlwyd_metrics_increment_counter_va(config, GLWD_METRICS_AUTH_USER_INVALID, 1, NULL); glewlwyd_metrics_increment_counter_va(config, GLWD_METRICS_AUTH_USER_INVALID_SCHEME, 1, ""scheme_type"", json_string_value(json_object_get(j_param, ""scheme_type"")), ""scheme_name"", json_string_value(json_object_get(j_param, ""scheme_name"")), NULL); } else if (check_result_value(j_result, G_ERROR_NOT_FOUND)) { response->status = 404; } else if (check_result_value(j_result, G_OK)) { if ((session_uid = get_session_id(config, request)) == NULL) { session_uid = generate_session_id(); } if (user_session_update(config, session_uid, u_map_get_case(request->map_header, ""user-agent""), issued_for, json_string_value(json_object_get(j_param, ""username"")), json_string_value(json_object_get(j_param, ""scheme_name"")), 1) != G_OK) { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_glewlwyd_user_auth - Error user_session_update (4)""); response->status = 500; } else { ulfius_add_cookie_to_response(response, config->session_key, session_uid, expires, 0, config->cookie_domain, ""/"", config->cookie_secure, 0); y_log_message(Y_LOG_LEVEL_INFO, ""Event - User '%s' authenticated with scheme '%s/%s'"", json_string_value(json_object_get(j_param, ""username"")), json_string_value(json_object_get(j_param, ""scheme_type"")), json_string_value(json_object_get(j_param, ""scheme_name""))); } o_free(session_uid); glewlwyd_metrics_increment_counter_va(config, GLWD_METRICS_AUTH_USER_VALID, 1, NULL); glewlwyd_metrics_increment_counter_va(config, GLWD_METRICS_AUTH_USER_VALID_SCHEME, 1, ""scheme_type"", json_string_value(json_object_get(j_param, ""scheme_type"")), ""scheme_name"", json_string_value(json_object_get(j_param, ""scheme_name"")), NULL); } else { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_glewlwyd_user_auth - Error auth_check_user_scheme""); response->status = 500; } json_decref(j_result); } else { ulfius_set_string_body_response(response, 400, ""scheme_type, scheme_name and value are mandatory""); } } } else { if (json_string_length(json_object_get(j_param, ""scheme_type"")) && json_string_length(json_object_get(j_param, ""scheme_name"")) && json_is_object(json_object_get(j_param, ""value""))) { j_result = auth_check_identify_scheme(config, json_string_value(json_object_get(j_param, ""scheme_type"")), json_string_value(json_object_get(j_param, ""scheme_name"")), json_object_get(j_param, ""value""), request); if (check_result_value(j_result, G_ERROR_PARAM)) { ulfius_set_string_body_response(response, 400, ""bad scheme response""); } else if (check_result_value(j_result, G_ERROR_UNAUTHORIZED)) { y_log_message(Y_LOG_LEVEL_WARNING, ""Security - Authorization invalid for username at IP Address %s"", ip_source); response->status = 401; } else if (check_result_value(j_result, G_ERROR_NOT_FOUND)) { response->status = 404; } else if (check_result_value(j_result, G_OK)) { if ((session_uid = get_session_id(config, request)) == NULL) { session_uid = generate_session_id(); } if (user_session_update(config, session_uid, u_map_get_case(request->map_header, ""user-agent""), issued_for, json_string_value(json_object_get(j_result, ""username"")), json_string_value(json_object_get(j_param, ""scheme_name"")), 1) != G_OK) { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_glewlwyd_user_auth - Error user_session_update (4)""); response->status = 500; } else { ulfius_add_cookie_to_response(response, config->session_key, session_uid, expires, 0, config->cookie_domain, ""/"", config->cookie_secure, 0); y_log_message(Y_LOG_LEVEL_INFO, ""Event - User '%s' authenticated with scheme '%s/%s'"", json_string_value(json_object_get(j_result, ""username"")), json_string_value(json_object_get(j_param, ""scheme_type"")), json_string_value(json_object_get(j_param, ""scheme_name""))); } o_free(session_uid); } else { y_log_message(Y_LOG_LEVEL_ERROR, ""callback_glewlwyd_user_auth - Error auth_check_user_scheme""); response->status = 500; } json_decref(j_result); } else { ulfius_set_string_body_response(response, 400, ""username is mandatory""); } } } else { ulfius_set_string_body_response(response, 400, ""Input parameters must be in JSON format""); } json_decref(j_param); o_free(issued_for); return U_CALLBACK_CONTINUE; }",visit repo url,src/webservice.c,https://github.com/babelouest/glewlwyd,94354784427129,1 4737,CWE-476,"ExprResolveLhs(struct xkb_context *ctx, const ExprDef *expr, const char **elem_rtrn, const char **field_rtrn, ExprDef **index_rtrn) { switch (expr->expr.op) { case EXPR_IDENT: *elem_rtrn = NULL; *field_rtrn = xkb_atom_text(ctx, expr->ident.ident); *index_rtrn = NULL; return true; case EXPR_FIELD_REF: *elem_rtrn = xkb_atom_text(ctx, expr->field_ref.element); *field_rtrn = xkb_atom_text(ctx, expr->field_ref.field); *index_rtrn = NULL; return true; case EXPR_ARRAY_REF: *elem_rtrn = xkb_atom_text(ctx, expr->array_ref.element); *field_rtrn = xkb_atom_text(ctx, expr->array_ref.field); *index_rtrn = expr->array_ref.entry; return true; default: break; } log_wsgo(ctx, ""Unexpected operator %d in ResolveLhs\n"", expr->expr.op); return false; }",visit repo url,src/xkbcomp/expr.c,https://github.com/xkbcommon/libxkbcommon,234575978745203,1 4246,['CWE-119'],"sctp_disposition_t sctp_sf_eat_fwd_tsn(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_fwdtsn_hdr *fwdtsn_hdr; struct sctp_fwdtsn_skip *skip; __u16 len; __u32 tsn; if (!sctp_vtag_verify(chunk, asoc)) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, SCTP_NULL()); return sctp_sf_pdiscard(ep, asoc, type, arg, commands); } if (!sctp_chunk_length_valid(chunk, sizeof(struct sctp_fwdtsn_chunk))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data; chunk->subh.fwdtsn_hdr = fwdtsn_hdr; len = ntohs(chunk->chunk_hdr->length); len -= sizeof(struct sctp_chunkhdr); skb_pull(chunk->skb, len); tsn = ntohl(fwdtsn_hdr->new_cum_tsn); SCTP_DEBUG_PRINTK(""%s: TSN 0x%x.\n"", __func__, tsn); if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0) goto discard_noforce; sctp_walk_fwdtsn(skip, chunk) { if (ntohs(skip->stream) >= asoc->c.sinit_max_instreams) goto discard_noforce; } sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn)); if (len > sizeof(struct sctp_fwdtsn_hdr)) sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN, SCTP_CHUNK(chunk)); if (asoc->autoclose) { sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE)); } sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_NOFORCE()); return SCTP_DISPOSITION_CONSUME; discard_noforce: return SCTP_DISPOSITION_DISCARD; }",linux-2.6,,,150774253065721534374568338514347493314,0 4790,[],"int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, struct sk_buff *skb, u16 family, struct avc_audit_data *ad) { int rc; u32 nlbl_sid; u32 perm; struct netlbl_lsm_secattr secattr; if (!netlbl_enabled()) return 0; netlbl_secattr_init(&secattr); rc = netlbl_skbuff_getattr(skb, family, &secattr); if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) rc = selinux_netlbl_sidlookup_cached(skb, &secattr, &nlbl_sid); else nlbl_sid = SECINITSID_UNLABELED; netlbl_secattr_destroy(&secattr); if (rc != 0) return rc; switch (sksec->sclass) { case SECCLASS_UDP_SOCKET: perm = UDP_SOCKET__RECVFROM; break; case SECCLASS_TCP_SOCKET: perm = TCP_SOCKET__RECVFROM; break; default: perm = RAWIP_SOCKET__RECVFROM; } rc = avc_has_perm(sksec->sid, nlbl_sid, sksec->sclass, perm, ad); if (rc == 0) return 0; if (nlbl_sid != SECINITSID_UNLABELED) netlbl_skbuff_err(skb, rc, 0); return rc; }",linux-2.6,,,254820797957975953290421718719209556582,0 3021,CWE-20,"BGD_DECLARE(gdImagePtr) gdImageCreateFromGd2Ctx (gdIOCtxPtr in) { int sx, sy; int i; int ncx, ncy, nc, cs, cx, cy; int x, y, ylo, yhi, xlo, xhi; int vers, fmt; t_chunk_info *chunkIdx = NULL; unsigned char *chunkBuf = NULL; int chunkNum = 0; int chunkMax = 0; uLongf chunkLen; int chunkPos = 0; int compMax = 0; int bytesPerPixel; char *compBuf = NULL; gdImagePtr im; im = _gd2CreateFromFile (in, &sx, &sy, &cs, &vers, &fmt, &ncx, &ncy, &chunkIdx); if (im == NULL) { return 0; } bytesPerPixel = im->trueColor ? 4 : 1; nc = ncx * ncy; if (gd2_compressed (fmt)) { compMax = 0; for (i = 0; (i < nc); i++) { if (chunkIdx[i].size > compMax) { compMax = chunkIdx[i].size; }; }; compMax++; chunkMax = cs * bytesPerPixel * cs; chunkBuf = gdCalloc (chunkMax, 1); if (!chunkBuf) { goto fail; } compBuf = gdCalloc (compMax, 1); if (!compBuf) { goto fail; } GD2_DBG (printf (""Largest compressed chunk is %d bytes\n"", compMax)); }; for (cy = 0; (cy < ncy); cy++) { for (cx = 0; (cx < ncx); cx++) { ylo = cy * cs; yhi = ylo + cs; if (yhi > im->sy) { yhi = im->sy; }; GD2_DBG (printf (""Processing Chunk %d (%d, %d), y from %d to %d\n"", chunkNum, cx, cy, ylo, yhi)); if (gd2_compressed (fmt)) { chunkLen = chunkMax; if (!_gd2ReadChunk (chunkIdx[chunkNum].offset, compBuf, chunkIdx[chunkNum].size, (char *) chunkBuf, &chunkLen, in)) { GD2_DBG (printf (""Error reading comproessed chunk\n"")); goto fail; }; chunkPos = 0; }; for (y = ylo; (y < yhi); y++) { xlo = cx * cs; xhi = xlo + cs; if (xhi > im->sx) { xhi = im->sx; }; if (!gd2_compressed (fmt)) { for (x = xlo; x < xhi; x++) { if (im->trueColor) { if (!gdGetInt (&im->tpixels[y][x], in)) { im->tpixels[y][x] = 0; } } else { int ch; if (!gdGetByte (&ch, in)) { ch = 0; } im->pixels[y][x] = ch; } } } else { for (x = xlo; x < xhi; x++) { if (im->trueColor) { int a = chunkBuf[chunkPos++] << 24; int r = chunkBuf[chunkPos++] << 16; int g = chunkBuf[chunkPos++] << 8; int b = chunkBuf[chunkPos++]; im->tpixels[y][x] = a + r + g + b; } else { im->pixels[y][x] = chunkBuf[chunkPos++]; } }; }; }; chunkNum++; }; }; GD2_DBG (printf (""Freeing memory\n"")); gdFree (chunkBuf); gdFree (compBuf); gdFree (chunkIdx); GD2_DBG (printf (""Done\n"")); return im; fail: gdImageDestroy (im); if (chunkBuf) { gdFree (chunkBuf); } if (compBuf) { gdFree (compBuf); } if (chunkIdx) { gdFree (chunkIdx); } return 0; }",visit repo url,src/gd_gd2.c,https://github.com/libgd/libgd,172018352445692,1 6195,CWE-190,"void fp_read_str(fp_t a, const char *str, int len, int radix) { bn_t t; bn_null(t); RLC_TRY { bn_new(t); bn_read_str(t, str, len, radix); if (bn_is_zero(t)) { fp_zero(a); } else { if (t->used == 1) { fp_prime_conv_dig(a, t->dp[0]); if (bn_sign(t) == RLC_NEG) { fp_neg(a, a); } } else { fp_prime_conv(a, t); } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/fp/relic_fp_util.c,https://github.com/relic-toolkit/relic,112438689714180,1 1524,CWE-476,"static unsigned int seedsize(struct crypto_alg *alg) { struct rng_alg *ralg = container_of(alg, struct rng_alg, base); return alg->cra_rng.rng_make_random ? alg->cra_rng.seedsize : ralg->seedsize; }",visit repo url,crypto/rng.c,https://github.com/torvalds/linux,100535534068239,1 3612,[],"static int rtc_dev_open(struct inode *inode, struct file *file) { int err; struct rtc_device *rtc = container_of(inode->i_cdev, struct rtc_device, char_dev); const struct rtc_class_ops *ops = rtc->ops; if (test_and_set_bit_lock(RTC_DEV_BUSY, &rtc->flags)) return -EBUSY; file->private_data = rtc; err = ops->open ? ops->open(rtc->dev.parent) : 0; if (err == 0) { spin_lock_irq(&rtc->irq_lock); rtc->irq_data = 0; spin_unlock_irq(&rtc->irq_lock); return 0; } clear_bit_unlock(RTC_DEV_BUSY, &rtc->flags); return err; }",linux-2.6,,,249321727564346467345868719273521241649,0 2178,['CWE-400'],"static int shmem_reserve_inode(struct super_block *sb) { struct shmem_sb_info *sbinfo = SHMEM_SB(sb); if (sbinfo->max_inodes) { spin_lock(&sbinfo->stat_lock); if (!sbinfo->free_inodes) { spin_unlock(&sbinfo->stat_lock); return -ENOSPC; } sbinfo->free_inodes--; spin_unlock(&sbinfo->stat_lock); } return 0; }",linux-2.6,,,114130782469327574549268038236552535220,0 5787,['CWE-200'],"static int rose_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) { struct sock *sk = sock->sk; struct rose_sock *rose = rose_sk(sk); int opt; if (level != SOL_ROSE) return -ENOPROTOOPT; if (optlen < sizeof(int)) return -EINVAL; if (get_user(opt, (int __user *)optval)) return -EFAULT; switch (optname) { case ROSE_DEFER: rose->defer = opt ? 1 : 0; return 0; case ROSE_T1: if (opt < 1) return -EINVAL; rose->t1 = opt * HZ; return 0; case ROSE_T2: if (opt < 1) return -EINVAL; rose->t2 = opt * HZ; return 0; case ROSE_T3: if (opt < 1) return -EINVAL; rose->t3 = opt * HZ; return 0; case ROSE_HOLDBACK: if (opt < 1) return -EINVAL; rose->hb = opt * HZ; return 0; case ROSE_IDLE: if (opt < 0) return -EINVAL; rose->idle = opt * 60 * HZ; return 0; case ROSE_QBITINCL: rose->qbitincl = opt ? 1 : 0; return 0; default: return -ENOPROTOOPT; } }",linux-2.6,,,151152486509661419586489867357268420498,0 3343,[],"static inline unsigned long nla_get_msecs(struct nlattr *nla) { u64 msecs = nla_get_u64(nla); return msecs_to_jiffies((unsigned long) msecs); }",linux-2.6,,,196272041748226207368152673014121626496,0 6544,CWE-190,"static inline struct htx_blk *htx_add_trailer(struct htx *htx, const struct ist name, const struct ist value) { struct htx_blk *blk; blk = htx_add_blk(htx, HTX_BLK_TLR, name.len + value.len); if (!blk) return NULL; blk->info += (value.len << 8) + name.len; ist2bin_lc(htx_get_blk_ptr(htx, blk), name); memcpy(htx_get_blk_ptr(htx, blk) + name.len, value.ptr, value.len); return blk; }",visit repo url,include/haproxy/htx.h,https://github.com/haproxy/haproxy,210570957511108,1 6142,CWE-190,"static void ep_mul_sim_endom(ep_t r, const ep_t p, const bn_t k, const ep_t q, const bn_t m, const ep_t *t) { int i, l, l0, l1, l2, l3, sk0, sk1, sl0, sl1, w, g = 0; int8_t naf0[RLC_FP_BITS + 1], naf1[RLC_FP_BITS + 1], *t0, *t1, u; int8_t naf2[RLC_FP_BITS + 1], naf3[RLC_FP_BITS + 1], *t2, *t3; bn_t n, k0, k1, m0, m1; bn_t v1[3], v2[3]; ep_t v; ep_t tab0[1 << (EP_WIDTH - 2)]; ep_t tab1[1 << (EP_WIDTH - 2)]; bn_null(n); bn_null(k0); bn_null(k1); bn_null(m0); bn_null(m1); ep_null(v); for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep_null(tab0[i]); ep_null(tab1[i]); } RLC_TRY { bn_new(n); bn_new(k0); bn_new(k1); bn_new(m0); bn_new(m1); ep_new(v); for (i = 0; i < 3; i++) { bn_null(v1[i]); bn_null(v2[i]); bn_new(v1[i]); bn_new(v2[i]); } ep_curve_get_ord(n); ep_curve_get_v1(v1); ep_curve_get_v2(v2); bn_rec_glv(k0, k1, k, n, (const bn_t *)v1, (const bn_t *)v2); sk0 = bn_sign(k0); sk1 = bn_sign(k1); bn_abs(k0, k0); bn_abs(k1, k1); bn_rec_glv(m0, m1, m, n, (const bn_t *)v1, (const bn_t *)v2); sl0 = bn_sign(m0); sl1 = bn_sign(m1); bn_abs(m0, m0); bn_abs(m1, m1); g = (t == NULL ? 0 : 1); if (!g) { for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep_new(tab0[i]); } ep_tab(tab0, p, EP_WIDTH); t = (const ep_t *)tab0; } for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep_new(tab1[i]); } ep_tab(tab1, q, EP_WIDTH); if (g) { w = EP_DEPTH; } else { w = EP_WIDTH; } l0 = l1 = l2 = l3 = RLC_FP_BITS + 1; bn_rec_naf(naf0, &l0, k0, w); bn_rec_naf(naf1, &l1, k1, w); bn_rec_naf(naf2, &l2, m0, EP_WIDTH); bn_rec_naf(naf3, &l3, m1, EP_WIDTH); l = RLC_MAX(RLC_MAX(l0, l1), RLC_MAX(l2, l3)); t0 = naf0 + l - 1; t1 = naf1 + l - 1; t2 = naf2 + l - 1; t3 = naf3 + l - 1; if (bn_sign(k) == RLC_NEG) { for (i = 0; i < l0; i++) { naf0[i] = -naf0[i]; } for (i = 0; i < l1; i++) { naf1[i] = -naf1[i]; } } if (bn_sign(m) == RLC_NEG) { for (i = 0; i < l2; i++) { naf2[i] = -naf2[i]; } for (i = 0; i < l3; i++) { naf3[i] = -naf3[i]; } } ep_set_infty(r); for (i = l - 1; i >= 0; i--, t0--, t1--, t2--, t3--) { ep_dbl(r, r); u = *t0; if (u > 0) { if (sk0 == RLC_POS) { ep_add(r, r, t[u / 2]); } else { ep_sub(r, r, t[u / 2]); } } if (u < 0) { if (sk0 == RLC_POS) { ep_sub(r, r, t[-u / 2]); } else { ep_add(r, r, t[-u / 2]); } } u = *t1; if (u > 0) { ep_psi(v, t[u / 2]); if (sk1 == RLC_NEG) { ep_neg(v, v); } ep_add(r, r, v); } if (u < 0) { ep_psi(v, t[-u / 2]); if (sk1 == RLC_NEG) { ep_neg(v, v); } ep_sub(r, r, v); } u = *t2; if (u > 0) { if (sl0 == RLC_POS) { ep_add(r, r, tab1[u / 2]); } else { ep_sub(r, r, tab1[u / 2]); } } if (u < 0) { if (sl0 == RLC_POS) { ep_sub(r, r, tab1[-u / 2]); } else { ep_add(r, r, tab1[-u / 2]); } } u = *t3; if (u > 0) { ep_psi(v, tab1[u / 2]); if (sl1 == RLC_NEG) { ep_neg(v, v); } ep_add(r, r, v); } if (u < 0) { ep_psi(v, tab1[-u / 2]); if (sl1 == RLC_NEG) { ep_neg(v, v); } ep_sub(r, r, v); } } ep_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(k0); bn_free(k1); bn_free(m0); bn_free(m1); ep_free(v); if (!g) { for (i = 0; i < 1 << (EP_WIDTH - 2); i++) { ep_free(tab0[i]); } } for (i = 0; i < 1 << (EP_WIDTH - 2); i++) { ep_free(tab1[i]); } for (i = 0; i < 3; i++) { bn_free(v1[i]); bn_free(v2[i]); } } }",visit repo url,src/ep/relic_ep_mul_sim.c,https://github.com/relic-toolkit/relic,235689094012600,1 3688,CWE-119,"newkeys_from_blob(struct sshbuf *m, struct ssh *ssh, int mode) { struct sshbuf *b = NULL; struct sshcomp *comp; struct sshenc *enc; struct sshmac *mac; struct newkeys *newkey = NULL; size_t keylen, ivlen, maclen; int r; if ((newkey = calloc(1, sizeof(*newkey))) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } if ((r = sshbuf_froms(m, &b)) != 0) goto out; #ifdef DEBUG_PK sshbuf_dump(b, stderr); #endif enc = &newkey->enc; mac = &newkey->mac; comp = &newkey->comp; if ((r = sshbuf_get_cstring(b, &enc->name, NULL)) != 0 || (r = sshbuf_get(b, &enc->cipher, sizeof(enc->cipher))) != 0 || (r = sshbuf_get_u32(b, (u_int *)&enc->enabled)) != 0 || (r = sshbuf_get_u32(b, &enc->block_size)) != 0 || (r = sshbuf_get_string(b, &enc->key, &keylen)) != 0 || (r = sshbuf_get_string(b, &enc->iv, &ivlen)) != 0) goto out; if (cipher_authlen(enc->cipher) == 0) { if ((r = sshbuf_get_cstring(b, &mac->name, NULL)) != 0) goto out; if ((r = mac_setup(mac, mac->name)) != 0) goto out; if ((r = sshbuf_get_u32(b, (u_int *)&mac->enabled)) != 0 || (r = sshbuf_get_string(b, &mac->key, &maclen)) != 0) goto out; if (maclen > mac->key_len) { r = SSH_ERR_INVALID_FORMAT; goto out; } mac->key_len = maclen; } if ((r = sshbuf_get_u32(b, &comp->type)) != 0 || (r = sshbuf_get_u32(b, (u_int *)&comp->enabled)) != 0 || (r = sshbuf_get_cstring(b, &comp->name, NULL)) != 0) goto out; if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) { r = SSH_ERR_INVALID_FORMAT; goto out; } if (sshbuf_len(b) != 0) { r = SSH_ERR_INVALID_FORMAT; goto out; } enc->key_len = keylen; enc->iv_len = ivlen; ssh->kex->newkeys[mode] = newkey; newkey = NULL; r = 0; out: free(newkey); sshbuf_free(b); return r; }",visit repo url,usr.bin/ssh/packet.c,https://github.com/openbsd/src,156336103313099,1 2610,CWE-20,"ZEND_API zend_op_array *compile_file(zend_file_handle *file_handle, int type TSRMLS_DC) { zend_lex_state original_lex_state; zend_op_array *op_array = (zend_op_array *) emalloc(sizeof(zend_op_array)); zend_op_array *original_active_op_array = CG(active_op_array); zend_op_array *retval=NULL; int compiler_result; zend_bool compilation_successful=0; znode retval_znode; zend_bool original_in_compilation = CG(in_compilation); retval_znode.op_type = IS_CONST; retval_znode.u.constant.type = IS_LONG; retval_znode.u.constant.value.lval = 1; Z_UNSET_ISREF(retval_znode.u.constant); Z_SET_REFCOUNT(retval_znode.u.constant, 1); zend_save_lexical_state(&original_lex_state TSRMLS_CC); retval = op_array; if (open_file_for_scanning(file_handle TSRMLS_CC)==FAILURE) { if (type==ZEND_REQUIRE) { zend_message_dispatcher(ZMSG_FAILED_REQUIRE_FOPEN, file_handle->filename TSRMLS_CC); zend_bailout(); } else { zend_message_dispatcher(ZMSG_FAILED_INCLUDE_FOPEN, file_handle->filename TSRMLS_CC); } compilation_successful=0; } else { init_op_array(op_array, ZEND_USER_FUNCTION, INITIAL_OP_ARRAY_SIZE TSRMLS_CC); CG(in_compilation) = 1; CG(active_op_array) = op_array; zend_stack_push(&CG(context_stack), (void *) &CG(context), sizeof(CG(context))); zend_init_compiler_context(TSRMLS_C); compiler_result = zendparse(TSRMLS_C); zend_do_return(&retval_znode, 0 TSRMLS_CC); CG(in_compilation) = original_in_compilation; if (compiler_result==1) { zend_bailout(); } compilation_successful=1; } if (retval) { CG(active_op_array) = original_active_op_array; if (compilation_successful) { pass_two(op_array TSRMLS_CC); zend_release_labels(0 TSRMLS_CC); } else { efree(op_array); retval = NULL; } } zend_restore_lexical_state(&original_lex_state TSRMLS_CC); return retval; }",visit repo url,Zend/zend_language_scanner.c,https://github.com/php/php-src,107954196477089,1 5187,CWE-787,"TfLiteStatus Eval(TfLiteContext* context, TfLiteNode* node) { const auto* params = reinterpret_cast( node->builtin_data); const TfLiteTensor* input = GetInput(context, node, kInputTensor); const TfLiteTensor* fw_input_weights = GetInput(context, node, kFwWeightsTensor); const TfLiteTensor* fw_recurrent_weights = GetInput(context, node, kFwRecurrentWeightsTensor); const TfLiteTensor* fw_bias = GetInput(context, node, kFwBiasTensor); const TfLiteTensor* bw_input_weights = GetInput(context, node, kBwWeightsTensor); const TfLiteTensor* bw_recurrent_weights = GetInput(context, node, kBwRecurrentWeightsTensor); const TfLiteTensor* bw_bias = GetInput(context, node, kBwBiasTensor); const TfLiteTensor* aux_input = GetOptionalInputTensor(context, node, kAuxInputTensor); const TfLiteTensor* fw_aux_input_weights = GetOptionalInputTensor(context, node, kFwAuxWeightsTensor); const TfLiteTensor* bw_aux_input_weights = GetOptionalInputTensor(context, node, kBwAuxWeightsTensor); TfLiteTensor* fw_hidden_state = GetVariableInput(context, node, kFwHiddenStateTensor); TF_LITE_ENSURE(context, fw_hidden_state != nullptr); TfLiteTensor* bw_hidden_state = GetVariableInput(context, node, kBwHiddenStateTensor); TF_LITE_ENSURE(context, bw_hidden_state != nullptr); TfLiteTensor* fw_output = GetOutput(context, node, kFwOutputTensor); TfLiteTensor* bw_output = params->merge_outputs ? nullptr : GetOutput(context, node, kBwOutputTensor); const bool has_previous_bw_output = (aux_input != nullptr); const bool use_aux_input = (fw_aux_input_weights != nullptr); const bool non_stacking_mode = !use_aux_input && has_previous_bw_output; const TfLiteTensor* bw_input = non_stacking_mode ? aux_input : input; const TfLiteTensor* real_aux_input = non_stacking_mode ? nullptr : aux_input; switch (fw_input_weights->type) { case kTfLiteFloat32: return EvalFloat(input, bw_input, fw_input_weights, fw_recurrent_weights, fw_bias, bw_input_weights, bw_recurrent_weights, bw_bias, real_aux_input, fw_aux_input_weights, bw_aux_input_weights, params, fw_hidden_state, fw_output, bw_hidden_state, bw_output); case kTfLiteUInt8: case kTfLiteInt8: { TfLiteTensor* input_quantized = GetTemporary(context, node, kInputQuantized); TfLiteTensor* fw_hidden_state_quantized = GetTemporary(context, node, kFwHiddenStateQuantized); TfLiteTensor* bw_hidden_state_quantized = GetTemporary(context, node, kBwHiddenStateQuantized); TfLiteTensor* scaling_factors = GetTemporary(context, node, kScalingFactors); TfLiteTensor* zero_points = GetTemporary(context, node, kZeroPoints); TfLiteTensor* accum_scratch = GetTemporary(context, node, kAccumScratch); TfLiteTensor* fw_row_sums = GetTemporary(context, node, kFwRowSums); TfLiteTensor* bw_row_sums = GetTemporary(context, node, kBwRowSums); TfLiteTensor* aux_input_quantized = use_aux_input ? GetTemporary(context, node, kAuxInputQuantized) : nullptr; auto* op_data = reinterpret_cast(node->user_data); return EvalHybrid( input, bw_input, fw_input_weights, fw_recurrent_weights, fw_bias, bw_input_weights, bw_recurrent_weights, bw_bias, real_aux_input, fw_aux_input_weights, bw_aux_input_weights, params, scaling_factors, input_quantized, aux_input_quantized, fw_hidden_state_quantized, fw_hidden_state, fw_output, bw_hidden_state_quantized, bw_hidden_state, bw_output, zero_points, accum_scratch, fw_row_sums, bw_row_sums, &op_data->fw_compute_row_sums, &op_data->bw_compute_row_sums); } default: context->ReportError(context, ""Type not currently supported.""); return kTfLiteError; } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/bidirectional_sequence_rnn.cc,https://github.com/tensorflow/tensorflow,260752509641126,1 492,CWE-119,"int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm, pte_t *dst_pte, struct vm_area_struct *dst_vma, unsigned long dst_addr, unsigned long src_addr, struct page **pagep) { int vm_shared = dst_vma->vm_flags & VM_SHARED; struct hstate *h = hstate_vma(dst_vma); pte_t _dst_pte; spinlock_t *ptl; int ret; struct page *page; if (!*pagep) { ret = -ENOMEM; page = alloc_huge_page(dst_vma, dst_addr, 0); if (IS_ERR(page)) goto out; ret = copy_huge_page_from_user(page, (const void __user *) src_addr, pages_per_huge_page(h), false); if (unlikely(ret)) { ret = -EFAULT; *pagep = page; goto out; } } else { page = *pagep; *pagep = NULL; } __SetPageUptodate(page); set_page_huge_active(page); if (vm_shared) { struct address_space *mapping = dst_vma->vm_file->f_mapping; pgoff_t idx = vma_hugecache_offset(h, dst_vma, dst_addr); ret = huge_add_to_page_cache(page, mapping, idx); if (ret) goto out_release_nounlock; } ptl = huge_pte_lockptr(h, dst_mm, dst_pte); spin_lock(ptl); ret = -EEXIST; if (!huge_pte_none(huge_ptep_get(dst_pte))) goto out_release_unlock; if (vm_shared) { page_dup_rmap(page, true); } else { ClearPagePrivate(page); hugepage_add_new_anon_rmap(page, dst_vma, dst_addr); } _dst_pte = make_huge_pte(dst_vma, page, dst_vma->vm_flags & VM_WRITE); if (dst_vma->vm_flags & VM_WRITE) _dst_pte = huge_pte_mkdirty(_dst_pte); _dst_pte = pte_mkyoung(_dst_pte); set_huge_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte); (void)huge_ptep_set_access_flags(dst_vma, dst_addr, dst_pte, _dst_pte, dst_vma->vm_flags & VM_WRITE); hugetlb_count_add(pages_per_huge_page(h), dst_mm); update_mmu_cache(dst_vma, dst_addr, dst_pte); spin_unlock(ptl); if (vm_shared) unlock_page(page); ret = 0; out: return ret; out_release_unlock: spin_unlock(ptl); if (vm_shared) unlock_page(page); out_release_nounlock: put_page(page); goto out; }",visit repo url,mm/hugetlb.c,https://github.com/torvalds/linux,40917141988076,1 2333,['CWE-120'],"void set_fs_altroot(void) { char *emul = __emul_prefix(); struct nameidata nd; struct path path = {}, old_path; int err; struct fs_struct *fs = current->fs; if (!emul) goto set_it; err = path_lookup(emul, LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_NOALT, &nd); if (!err) path = nd.path; set_it: write_lock(&fs->lock); old_path = fs->altroot; fs->altroot = path; write_unlock(&fs->lock); if (old_path.dentry) path_put(&old_path); }",linux-2.6,,,217431023811501981276468219518817569526,0 5759,['CWE-200'],"static int __init rose_proto_init(void) { int i; int rc; if (rose_ndevs > 0x7FFFFFFF/sizeof(struct net_device *)) { printk(KERN_ERR ""ROSE: rose_proto_init - rose_ndevs parameter to large\n""); rc = -EINVAL; goto out; } rc = proto_register(&rose_proto, 0); if (rc != 0) goto out; rose_callsign = null_ax25_address; dev_rose = kzalloc(rose_ndevs * sizeof(struct net_device *), GFP_KERNEL); if (dev_rose == NULL) { printk(KERN_ERR ""ROSE: rose_proto_init - unable to allocate device structure\n""); rc = -ENOMEM; goto out_proto_unregister; } for (i = 0; i < rose_ndevs; i++) { struct net_device *dev; char name[IFNAMSIZ]; sprintf(name, ""rose%d"", i); dev = alloc_netdev(0, name, rose_setup); if (!dev) { printk(KERN_ERR ""ROSE: rose_proto_init - unable to allocate memory\n""); rc = -ENOMEM; goto fail; } rc = register_netdev(dev); if (rc) { printk(KERN_ERR ""ROSE: netdevice registration failed\n""); free_netdev(dev); goto fail; } rose_set_lockdep_key(dev); dev_rose[i] = dev; } sock_register(&rose_family_ops); register_netdevice_notifier(&rose_dev_notifier); ax25_register_pid(&rose_pid); ax25_linkfail_register(&rose_linkfail_notifier); #ifdef CONFIG_SYSCTL rose_register_sysctl(); #endif rose_loopback_init(); rose_add_loopback_neigh(); proc_net_fops_create(&init_net, ""rose"", S_IRUGO, &rose_info_fops); proc_net_fops_create(&init_net, ""rose_neigh"", S_IRUGO, &rose_neigh_fops); proc_net_fops_create(&init_net, ""rose_nodes"", S_IRUGO, &rose_nodes_fops); proc_net_fops_create(&init_net, ""rose_routes"", S_IRUGO, &rose_routes_fops); out: return rc; fail: while (--i >= 0) { unregister_netdev(dev_rose[i]); free_netdev(dev_rose[i]); } kfree(dev_rose); out_proto_unregister: proto_unregister(&rose_proto); goto out; }",linux-2.6,,,330434431076596818838221233013336189008,0 2248,['CWE-193'],"int add_to_page_cache_locked(struct page *page, struct address_space *mapping, pgoff_t offset, gfp_t gfp_mask) { int error; VM_BUG_ON(!PageLocked(page)); error = mem_cgroup_cache_charge(page, current->mm, gfp_mask & ~__GFP_HIGHMEM); if (error) goto out; error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM); if (error == 0) { page_cache_get(page); page->mapping = mapping; page->index = offset; spin_lock_irq(&mapping->tree_lock); error = radix_tree_insert(&mapping->page_tree, offset, page); if (likely(!error)) { mapping->nrpages++; __inc_zone_page_state(page, NR_FILE_PAGES); } else { page->mapping = NULL; mem_cgroup_uncharge_cache_page(page); page_cache_release(page); } spin_unlock_irq(&mapping->tree_lock); radix_tree_preload_end(); } else mem_cgroup_uncharge_cache_page(page); out: return error; }",linux-2.6,,,257404673653281960626067835732461012368,0 4787,[],"void selinux_netlbl_sk_security_free(struct sk_security_struct *ssec) { if (ssec->nlbl_secattr != NULL) netlbl_secattr_free(ssec->nlbl_secattr); }",linux-2.6,,,37073072995494907836838409063071894487,0 5104,CWE-125,"Assign(asdl_seq * targets, expr_ty value, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; if (!value) { PyErr_SetString(PyExc_ValueError, ""field value is required for Assign""); return NULL; } p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = Assign_kind; p->v.Assign.targets = targets; p->v.Assign.value = value; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,155859342361474,1 43,['CWE-787'],"static uint32_t cirrus_get_bpp16_depth(CirrusVGAState * s) { uint32_t ret = 16; switch (s->cirrus_hidden_dac_data & 0xf) { case 0: ret = 15; break; case 1: ret = 16; break; default: #ifdef DEBUG_CIRRUS printf(""cirrus: invalid DAC value %x in 16bpp\n"", (s->cirrus_hidden_dac_data & 0xf)); #endif ret = 15; break; } return ret; }",qemu,,,256065668890845458166476274192307072881,0 5492,['CWE-476'],"static int kvm_vm_ioctl_get_pit(struct kvm *kvm, struct kvm_pit_state *ps) { int r = 0; memcpy(ps, &kvm->arch.vpit->pit_state, sizeof(struct kvm_pit_state)); return r; }",linux-2.6,,,81269471559339288307158581293006745138,0 3891,CWE-122,"did_set_string_option( int opt_idx, char_u **varp, int new_value_alloced, char_u *oldval, char *errbuf, int opt_flags, int *value_checked) { char *errmsg = NULL; char_u *s, *p; int did_chartab = FALSE; char_u **gvarp; long_u free_oldval = (get_option_flags(opt_idx) & P_ALLOCED); #ifdef FEAT_GUI int redraw_gui_only = FALSE; #endif int value_changed = FALSE; #if defined(FEAT_VTP) && defined(FEAT_TERMGUICOLORS) int did_swaptcap = FALSE; #endif gvarp = (char_u **)get_option_varp_scope(opt_idx, OPT_GLOBAL); if ((secure #ifdef HAVE_SANDBOX || sandbox != 0 #endif ) && (get_option_flags(opt_idx) & P_SECURE)) errmsg = e_secure; else if (((get_option_flags(opt_idx) & P_NFNAME) && vim_strpbrk(*varp, (char_u *)(secure ? ""/\\*?[|;&<>\r\n"" : ""/\\*?[<>\r\n"")) != NULL) || ((get_option_flags(opt_idx) & P_NDNAME) && vim_strpbrk(*varp, (char_u *)""*?[|;&<>\r\n"") != NULL)) errmsg = e_invarg; else if (varp == &T_NAME) { if (T_NAME[0] == NUL) errmsg = N_(""E529: Cannot set 'term' to empty string""); #ifdef FEAT_GUI else if (gui.in_use) errmsg = N_(""E530: Cannot change term in GUI""); else if (term_is_gui(T_NAME)) errmsg = N_(""E531: Use \"":gui\"" to start the GUI""); #endif else if (set_termname(T_NAME) == FAIL) errmsg = N_(""E522: Not found in termcap""); else { redraw_later_clear(); opt_idx = findoption((char_u *)""term""); free_oldval = (get_option_flags(opt_idx) & P_ALLOCED); } } else if (gvarp == &p_bkc) { char_u *bkc = p_bkc; unsigned int *flags = &bkc_flags; if (opt_flags & OPT_LOCAL) { bkc = curbuf->b_p_bkc; flags = &curbuf->b_bkc_flags; } if ((opt_flags & OPT_LOCAL) && *bkc == NUL) *flags = 0; else { if (opt_strings_flags(bkc, p_bkc_values, flags, TRUE) != OK) errmsg = e_invarg; if ((((int)*flags & BKC_AUTO) != 0) + (((int)*flags & BKC_YES) != 0) + (((int)*flags & BKC_NO) != 0) != 1) { (void)opt_strings_flags(oldval, p_bkc_values, flags, TRUE); errmsg = e_invarg; } } } else if (varp == &p_bex || varp == &p_pm) { if (STRCMP(*p_bex == '.' ? p_bex + 1 : p_bex, *p_pm == '.' ? p_pm + 1 : p_pm) == 0) errmsg = N_(""E589: 'backupext' and 'patchmode' are equal""); } #ifdef FEAT_LINEBREAK else if (varp == &curwin->w_p_briopt) { if (briopt_check(curwin) == FAIL) errmsg = e_invarg; } #endif else if ( varp == &p_isi || varp == &(curbuf->b_p_isk) || varp == &p_isp || varp == &p_isf) { if (init_chartab() == FAIL) { did_chartab = TRUE; errmsg = e_invarg; } } else if (varp == &p_hf) { if (didset_vim) { vim_setenv((char_u *)""VIM"", (char_u *)""""); didset_vim = FALSE; } if (didset_vimruntime) { vim_setenv((char_u *)""VIMRUNTIME"", (char_u *)""""); didset_vimruntime = FALSE; } } #ifdef FEAT_SYN_HL else if (varp == &curwin->w_p_culopt || gvarp == &curwin->w_allbuf_opt.wo_culopt) { if (**varp == NUL || fill_culopt_flags(*varp, curwin) != OK) errmsg = e_invarg; } else if (varp == &curwin->w_p_cc) errmsg = check_colorcolumn(curwin); #endif #ifdef FEAT_MULTI_LANG else if (varp == &p_hlg) { for (s = p_hlg; *s != NUL; s += 3) { if (s[1] == NUL || ((s[2] != ',' || s[3] == NUL) && s[2] != NUL)) { errmsg = e_invarg; break; } if (s[2] == NUL) break; } } #endif else if (varp == &p_hl) { if (highlight_changed() == FAIL) errmsg = e_invarg; } else if (gvarp == &p_nf) { if (check_opt_strings(*varp, p_nf_values, TRUE) != OK) errmsg = e_invarg; } #ifdef FEAT_SESSION else if (varp == &p_ssop) { if (opt_strings_flags(p_ssop, p_ssop_values, &ssop_flags, TRUE) != OK) errmsg = e_invarg; if ((ssop_flags & SSOP_CURDIR) && (ssop_flags & SSOP_SESDIR)) { (void)opt_strings_flags(oldval, p_ssop_values, &ssop_flags, TRUE); errmsg = e_invarg; } } else if (varp == &p_vop) { if (opt_strings_flags(p_vop, p_ssop_values, &vop_flags, TRUE) != OK) errmsg = e_invarg; } #endif else if (varp == &p_sbo) { if (check_opt_strings(p_sbo, p_scbopt_values, TRUE) != OK) errmsg = e_invarg; } else if (varp == &p_ambw || varp == &p_emoji) { if (check_opt_strings(p_ambw, p_ambw_values, FALSE) != OK) errmsg = e_invarg; else if (set_chars_option(curwin, &p_fcs) != NULL) errmsg = _(""E835: Conflicts with value of 'fillchars'""); else { tabpage_T *tp; win_T *wp; FOR_ALL_TAB_WINDOWS(tp, wp) { if (set_chars_option(wp, &wp->w_p_lcs) != NULL) { errmsg = _(""E834: Conflicts with value of 'listchars'""); goto ambw_end; } } } ambw_end: {} } else if (varp == &p_bg) { if (check_opt_strings(p_bg, p_bg_values, FALSE) == OK) { #ifdef FEAT_EVAL int dark = (*p_bg == 'd'); #endif init_highlight(FALSE, FALSE); #ifdef FEAT_EVAL if (dark != (*p_bg == 'd') && get_var_value((char_u *)""g:colors_name"") != NULL) { do_unlet((char_u *)""g:colors_name"", TRUE); free_string_option(p_bg); p_bg = vim_strsave((char_u *)(dark ? ""dark"" : ""light"")); check_string_option(&p_bg); init_highlight(FALSE, FALSE); } #endif #ifdef FEAT_TERMINAL term_update_colors_all(); #endif } else errmsg = e_invarg; } else if (varp == &p_wim) { if (check_opt_wim() == FAIL) errmsg = e_invarg; } else if (varp == &p_wop) { if (check_opt_strings(p_wop, p_wop_values, TRUE) != OK) errmsg = e_invarg; } #ifdef FEAT_WAK else if (varp == &p_wak) { if (*p_wak == NUL || check_opt_strings(p_wak, p_wak_values, FALSE) != OK) errmsg = e_invarg; # ifdef FEAT_MENU # ifdef FEAT_GUI_MOTIF else if (gui.in_use) gui_motif_set_mnemonics(p_wak[0] == 'y' || p_wak[0] == 'm'); # else # ifdef FEAT_GUI_GTK else if (gui.in_use) gui_gtk_set_mnemonics(p_wak[0] == 'y' || p_wak[0] == 'm'); # endif # endif # endif } #endif else if (varp == &p_ei) { if (check_ei() == FAIL) errmsg = e_invarg; } else if (varp == &p_enc || gvarp == &p_fenc || varp == &p_tenc || gvarp == &p_menc) { if (gvarp == &p_fenc) { if (!curbuf->b_p_ma && opt_flags != OPT_GLOBAL) errmsg = e_cannot_make_changes_modifiable_is_off; else if (vim_strchr(*varp, ',') != NULL) errmsg = e_invarg; else { #ifdef FEAT_TITLE redraw_titles(); #endif ml_setflags(curbuf); } } if (errmsg == NULL) { p = enc_canonize(*varp); if (p != NULL) { vim_free(*varp); *varp = p; } if (varp == &p_enc) { errmsg = mb_init(); #ifdef FEAT_TITLE redraw_titles(); #endif } } #if defined(FEAT_GUI_GTK) if (errmsg == NULL && varp == &p_tenc && gui.in_use) { if (STRCMP(p_tenc, ""utf-8"") != 0) errmsg = N_(""E617: Cannot be changed in the GTK+ 2 GUI""); } #endif if (errmsg == NULL) { #ifdef FEAT_KEYMAP if (varp == &p_enc && *curbuf->b_p_keymap != NUL) (void)keymap_init(); #endif if (((varp == &p_enc && *p_tenc != NUL) || varp == &p_tenc)) { if (convert_setup(&input_conv, p_tenc, p_enc) == FAIL || convert_setup(&output_conv, p_enc, p_tenc) == FAIL) { semsg(_(""E950: Cannot convert between %s and %s""), p_tenc, p_enc); errmsg = e_invarg; } } #if defined(MSWIN) if (varp == &p_enc) init_homedir(); #endif } } #if defined(FEAT_POSTSCRIPT) else if (varp == &p_penc) { p = enc_canonize(p_penc); if (p != NULL) { vim_free(p_penc); p_penc = p; } else { for (s = p_penc; *s != NUL; s++) { if (*s == '_') *s = '-'; else *s = TOLOWER_ASC(*s); } } } #endif #if defined(FEAT_XIM) && defined(FEAT_GUI_GTK) else if (varp == &p_imak) { if (!im_xim_isvalid_imactivate()) errmsg = e_invarg; } #endif #ifdef FEAT_KEYMAP else if (varp == &curbuf->b_p_keymap) { if (!valid_filetype(*varp)) errmsg = e_invarg; else { int secure_save = secure; secure = 0; errmsg = keymap_init(); secure = secure_save; *value_checked = TRUE; } if (errmsg == NULL) { if (*curbuf->b_p_keymap != NUL) { curbuf->b_p_iminsert = B_IMODE_LMAP; if (curbuf->b_p_imsearch != B_IMODE_USE_INSERT) curbuf->b_p_imsearch = B_IMODE_LMAP; } else { if (curbuf->b_p_iminsert == B_IMODE_LMAP) curbuf->b_p_iminsert = B_IMODE_NONE; if (curbuf->b_p_imsearch == B_IMODE_LMAP) curbuf->b_p_imsearch = B_IMODE_USE_INSERT; } if ((opt_flags & OPT_LOCAL) == 0) { set_iminsert_global(); set_imsearch_global(); } status_redraw_curbuf(); } } #endif else if (gvarp == &p_ff) { if (!curbuf->b_p_ma && !(opt_flags & OPT_GLOBAL)) errmsg = e_cannot_make_changes_modifiable_is_off; else if (check_opt_strings(*varp, p_ff_values, FALSE) != OK) errmsg = e_invarg; else { if (get_fileformat(curbuf) == EOL_DOS) curbuf->b_p_tx = TRUE; else curbuf->b_p_tx = FALSE; #ifdef FEAT_TITLE redraw_titles(); #endif ml_setflags(curbuf); if (get_fileformat(curbuf) == EOL_MAC || *oldval == 'm') redraw_curbuf_later(NOT_VALID); } } else if (varp == &p_ffs) { if (check_opt_strings(p_ffs, p_ff_values, TRUE) != OK) errmsg = e_invarg; else { if (*p_ffs == NUL) p_ta = FALSE; else p_ta = TRUE; } } #if defined(FEAT_CRYPT) else if (gvarp == &p_key) { remove_key_from_history(); if (STRCMP(curbuf->b_p_key, oldval) != 0) { ml_set_crypt_key(curbuf, oldval, *curbuf->b_p_cm == NUL ? p_cm : curbuf->b_p_cm); changed_internal(); } } else if (gvarp == &p_cm) { if (opt_flags & OPT_LOCAL) p = curbuf->b_p_cm; else p = p_cm; if (check_opt_strings(p, p_cm_values, TRUE) != OK) errmsg = e_invarg; else if (crypt_self_test() == FAIL) errmsg = e_invarg; else { if (*p_cm == NUL) { if (new_value_alloced) free_string_option(p_cm); p_cm = vim_strsave((char_u *)""zip""); new_value_alloced = TRUE; } if ((opt_flags & (OPT_LOCAL | OPT_GLOBAL)) == 0) { free_string_option(curbuf->b_p_cm); curbuf->b_p_cm = empty_option; } if ((opt_flags & OPT_LOCAL) && *oldval == NUL) s = p_cm; else s = oldval; if (*curbuf->b_p_cm == NUL) p = p_cm; else p = curbuf->b_p_cm; if (STRCMP(s, p) != 0) ml_set_crypt_key(curbuf, curbuf->b_p_key, s); if ((opt_flags & OPT_GLOBAL) && STRCMP(p_cm, oldval) != 0) { buf_T *buf; FOR_ALL_BUFFERS(buf) if (buf != curbuf && *buf->b_p_cm == NUL) ml_set_crypt_key(buf, buf->b_p_key, oldval); } } } #endif else if (gvarp == &p_mps) { if (has_mbyte) { for (p = *varp; *p != NUL; ++p) { int x2 = -1; int x3 = -1; if (*p != NUL) p += mb_ptr2len(p); if (*p != NUL) x2 = *p++; if (*p != NUL) { x3 = mb_ptr2char(p); p += mb_ptr2len(p); } if (x2 != ':' || x3 == -1 || (*p != NUL && *p != ',')) { errmsg = e_invarg; break; } if (*p == NUL) break; } } else { for (p = *varp; *p != NUL; p += 4) { if (p[1] != ':' || p[2] == NUL || (p[3] != NUL && p[3] != ',')) { errmsg = e_invarg; break; } if (p[3] == NUL) break; } } } else if (gvarp == &p_com) { for (s = *varp; *s; ) { while (*s && *s != ':') { if (vim_strchr((char_u *)COM_ALL, *s) == NULL && !VIM_ISDIGIT(*s) && *s != '-') { errmsg = illegal_char(errbuf, *s); break; } ++s; } if (*s++ == NUL) errmsg = N_(""E524: Missing colon""); else if (*s == ',' || *s == NUL) errmsg = N_(""E525: Zero length string""); if (errmsg != NULL) break; while (*s && *s != ',') { if (*s == '\\' && s[1] != NUL) ++s; ++s; } s = skip_to_option_part(s); } } else if (varp == &p_lcs) { errmsg = set_chars_option(curwin, varp); if (errmsg == NULL) { tabpage_T *tp; win_T *wp; if (!(opt_flags & OPT_GLOBAL)) clear_string_option(&curwin->w_p_lcs); FOR_ALL_TAB_WINDOWS(tp, wp) { errmsg = set_chars_option(wp, &wp->w_p_lcs); if (errmsg) break; } redraw_all_later(NOT_VALID); } } else if (varp == &curwin->w_p_lcs) errmsg = set_chars_option(curwin, varp); else if (varp == &p_fcs) { errmsg = set_chars_option(curwin, varp); } #ifdef FEAT_CMDWIN else if (varp == &p_cedit) { errmsg = check_cedit(); } #endif else if (varp == &p_vfile) { verbose_stop(); if (*p_vfile != NUL && verbose_open() == FAIL) errmsg = e_invarg; } #ifdef FEAT_VIMINFO else if (varp == &p_viminfo) { for (s = p_viminfo; *s;) { if (vim_strchr((char_u *)""!\""%'/:<@cfhnrs"", *s) == NULL) { errmsg = illegal_char(errbuf, *s); break; } if (*s == 'n') break; else if (*s == 'r') { while (*++s && *s != ',') ; } else if (*s == '%') { while (vim_isdigit(*++s)) ; } else if (*s == '!' || *s == 'h' || *s == 'c') ++s; else { while (vim_isdigit(*++s)) ; if (!VIM_ISDIGIT(*(s - 1))) { if (errbuf != NULL) { sprintf(errbuf, _(""E526: Missing number after <%s>""), transchar_byte(*(s - 1))); errmsg = errbuf; } else errmsg = """"; break; } } if (*s == ',') ++s; else if (*s) { if (errbuf != NULL) errmsg = N_(""E527: Missing comma""); else errmsg = """"; break; } } if (*p_viminfo && errmsg == NULL && get_viminfo_parameter('\'') < 0) errmsg = N_(""E528: Must specify a ' value""); } #endif else if (istermoption_idx(opt_idx) && full_screen) { if (varp == &T_CCO) { int colors = atoi((char *)T_CCO); if (colors != t_colors) { t_colors = colors; if (t_colors <= 1) { if (new_value_alloced) vim_free(T_CCO); T_CCO = empty_option; } #if defined(FEAT_VTP) && defined(FEAT_TERMGUICOLORS) if (is_term_win32()) { swap_tcap(); did_swaptcap = TRUE; } #endif init_highlight(TRUE, FALSE); } } ttest(FALSE); if (varp == &T_ME) { out_str(T_ME); redraw_later(CLEAR); #if defined(MSWIN) && (!defined(FEAT_GUI_MSWIN) || defined(VIMDLL)) # ifdef VIMDLL if (!gui.in_use && !gui.starting) # endif mch_set_normal_colors(); #endif } if (varp == &T_BE && termcap_active) { #ifdef FEAT_JOB_CHANNEL ch_log_output = TRUE; #endif if (*T_BE == NUL) out_str(T_BD); else out_str(T_BE); } } #ifdef FEAT_LINEBREAK else if (gvarp == &p_sbr) { for (s = *varp; *s; ) { if (ptr2cells(s) != 1) errmsg = N_(""E595: 'showbreak' contains unprintable or wide character""); MB_PTR_ADV(s); } } #endif #ifdef FEAT_GUI else if (varp == &p_guifont) { if (gui.in_use) { p = p_guifont; # if defined(FEAT_GUI_GTK) if (STRCMP(p, ""*"") == 0) { p = gui_mch_font_dialog(oldval); if (new_value_alloced) free_string_option(p_guifont); p_guifont = (p != NULL) ? p : vim_strsave(oldval); new_value_alloced = TRUE; } # endif if (p != NULL && gui_init_font(p_guifont, FALSE) != OK) { # if defined(FEAT_GUI_MSWIN) || defined(FEAT_GUI_PHOTON) if (STRCMP(p_guifont, ""*"") == 0) { if (new_value_alloced) free_string_option(p_guifont); p_guifont = vim_strsave(oldval); new_value_alloced = TRUE; } else # endif errmsg = N_(""E596: Invalid font(s)""); } } redraw_gui_only = TRUE; } # ifdef FEAT_XFONTSET else if (varp == &p_guifontset) { if (STRCMP(p_guifontset, ""*"") == 0) errmsg = N_(""E597: can't select fontset""); else if (gui.in_use && gui_init_font(p_guifontset, TRUE) != OK) errmsg = N_(""E598: Invalid fontset""); redraw_gui_only = TRUE; } # endif else if (varp == &p_guifontwide) { if (STRCMP(p_guifontwide, ""*"") == 0) errmsg = N_(""E533: can't select wide font""); else if (gui_get_wide_font() == FAIL) errmsg = N_(""E534: Invalid wide font""); redraw_gui_only = TRUE; } #endif #ifdef CURSOR_SHAPE else if (varp == &p_guicursor) errmsg = parse_shape_opt(SHAPE_CURSOR); #endif #ifdef FEAT_MOUSESHAPE else if (varp == &p_mouseshape) { errmsg = parse_shape_opt(SHAPE_MOUSE); update_mouseshape(-1); } #endif #ifdef FEAT_PRINTER else if (varp == &p_popt) errmsg = parse_printoptions(); # if defined(FEAT_POSTSCRIPT) else if (varp == &p_pmfn) errmsg = parse_printmbfont(); # endif #endif #ifdef FEAT_LANGMAP else if (varp == &p_langmap) langmap_set(); #endif #ifdef FEAT_LINEBREAK else if (varp == &p_breakat) fill_breakat_flags(); #endif #ifdef FEAT_TITLE else if (varp == &p_titlestring || varp == &p_iconstring) { # ifdef FEAT_STL_OPT int flagval = (varp == &p_titlestring) ? STL_IN_TITLE : STL_IN_ICON; if (vim_strchr(*varp, '%') && check_stl_option(*varp) == NULL) stl_syntax |= flagval; else stl_syntax &= ~flagval; # endif did_set_title(); } #endif #ifdef FEAT_GUI else if (varp == &p_go) { gui_init_which_components(oldval); redraw_gui_only = TRUE; } #endif #if defined(FEAT_GUI_TABLINE) else if (varp == &p_gtl) { redraw_tabline = TRUE; redraw_gui_only = TRUE; } else if (varp == &p_gtt) { redraw_gui_only = TRUE; } #endif #if defined(UNIX) || defined(VMS) else if (varp == &p_ttym) { mch_setmouse(FALSE); if (opt_strings_flags(p_ttym, p_ttym_values, &ttym_flags, FALSE) != OK) errmsg = e_invarg; else check_mouse_termcode(); if (termcap_active) setmouse(); } #endif else if (varp == &p_sel) { if (*p_sel == NUL || check_opt_strings(p_sel, p_sel_values, FALSE) != OK) errmsg = e_invarg; } else if (varp == &p_slm) { if (check_opt_strings(p_slm, p_slm_values, TRUE) != OK) errmsg = e_invarg; } #ifdef FEAT_BROWSE else if (varp == &p_bsdir) { if (check_opt_strings(p_bsdir, p_bsdir_values, FALSE) != OK && !mch_isdir(p_bsdir)) errmsg = e_invarg; } #endif else if (varp == &p_km) { if (check_opt_strings(p_km, p_km_values, TRUE) != OK) errmsg = e_invarg; else { km_stopsel = (vim_strchr(p_km, 'o') != NULL); km_startsel = (vim_strchr(p_km, 'a') != NULL); } } else if (varp == &p_mousem) { if (check_opt_strings(p_mousem, p_mousem_values, FALSE) != OK) errmsg = e_invarg; #if defined(FEAT_GUI_MOTIF) && defined(FEAT_MENU) && (XmVersion <= 1002) else if (*p_mousem != *oldval) gui_motif_update_mousemodel(root_menu); #endif } else if (varp == &p_swb) { if (opt_strings_flags(p_swb, p_swb_values, &swb_flags, TRUE) != OK) errmsg = e_invarg; } else if (varp == &p_debug) { if (check_opt_strings(p_debug, p_debug_values, TRUE) != OK) errmsg = e_invarg; } else if (varp == &p_dy) { if (opt_strings_flags(p_dy, p_dy_values, &dy_flags, TRUE) != OK) errmsg = e_invarg; else (void)init_chartab(); } else if (varp == &p_ead) { if (check_opt_strings(p_ead, p_ead_values, FALSE) != OK) errmsg = e_invarg; } #ifdef FEAT_CLIPBOARD else if (varp == &p_cb) errmsg = check_clipboard_option(); #endif #ifdef FEAT_SPELL else if (varp == &(curwin->w_s->b_p_spl) || varp == &(curwin->w_s->b_p_spf)) { int is_spellfile = varp == &(curwin->w_s->b_p_spf); if ((is_spellfile && !valid_spellfile(*varp)) || (!is_spellfile && !valid_spelllang(*varp))) errmsg = e_invarg; else errmsg = did_set_spell_option(is_spellfile); } else if (varp == &(curwin->w_s->b_p_spc)) { errmsg = compile_cap_prog(curwin->w_s); } else if (varp == &(curwin->w_s->b_p_spo)) { if (**varp != NUL && STRCMP(""camel"", *varp) != 0) errmsg = e_invarg; } else if (varp == &p_sps) { if (spell_check_sps() != OK) errmsg = e_invarg; } else if (varp == &p_msm) { if (spell_check_msm() != OK) errmsg = e_invarg; } #endif else if (gvarp == &p_bh) { if (check_opt_strings(curbuf->b_p_bh, p_bufhidden_values, FALSE) != OK) errmsg = e_invarg; } else if (gvarp == &p_bt) { if (check_opt_strings(curbuf->b_p_bt, p_buftype_values, FALSE) != OK) errmsg = e_invarg; else { if (curwin->w_status_height) { curwin->w_redr_status = TRUE; redraw_later(VALID); } curbuf->b_help = (curbuf->b_p_bt[0] == 'h'); #ifdef FEAT_TITLE redraw_titles(); #endif } } #ifdef FEAT_STL_OPT else if (gvarp == &p_stl || varp == &p_ruf) { int wid; if (varp == &p_ruf) ru_wid = 0; s = *varp; if (varp == &p_ruf && *s == '%') { if (*++s == '-') s++; wid = getdigits(&s); if (wid && *s == '(' && (errmsg = check_stl_option(p_ruf)) == NULL) ru_wid = wid; else errmsg = check_stl_option(p_ruf); } else if (varp == &p_ruf || s[0] != '%' || s[1] != '!') errmsg = check_stl_option(s); if (varp == &p_ruf && errmsg == NULL) comp_col(); } #endif else if (gvarp == &p_cpt) { for (s = *varp; *s;) { while (*s == ',' || *s == ' ') s++; if (!*s) break; if (vim_strchr((char_u *)"".wbuksid]tU"", *s) == NULL) { errmsg = illegal_char(errbuf, *s); break; } if (*++s != NUL && *s != ',' && *s != ' ') { if (s[-1] == 'k' || s[-1] == 's') { while (*s && *s != ',' && *s != ' ') { if (*s == '\\' && s[1] != NUL) ++s; ++s; } } else { if (errbuf != NULL) { sprintf((char *)errbuf, _(""E535: Illegal character after <%c>""), *--s); errmsg = errbuf; } else errmsg = """"; break; } } } } else if (varp == &p_cot) { if (check_opt_strings(p_cot, p_cot_values, TRUE) != OK) errmsg = e_invarg; else completeopt_was_set(); } #ifdef BACKSLASH_IN_FILENAME else if (gvarp == &p_csl) { if (check_opt_strings(p_csl, p_csl_values, FALSE) != OK || check_opt_strings(curbuf->b_p_csl, p_csl_values, FALSE) != OK) errmsg = e_invarg; } #endif #ifdef FEAT_SIGNS else if (varp == &curwin->w_p_scl) { if (check_opt_strings(*varp, p_scl_values, FALSE) != OK) errmsg = e_invarg; if (((*oldval == 'n' && *(oldval + 1) == 'u') || (*curwin->w_p_scl == 'n' && *(curwin->w_p_scl + 1) =='u')) && (curwin->w_p_nu || curwin->w_p_rnu)) curwin->w_nrwidth_line_count = 0; } #endif #if defined(FEAT_TOOLBAR) && !defined(FEAT_GUI_MSWIN) else if (varp == &p_toolbar) { if (opt_strings_flags(p_toolbar, p_toolbar_values, &toolbar_flags, TRUE) != OK) errmsg = e_invarg; else { out_flush(); gui_mch_show_toolbar((toolbar_flags & (TOOLBAR_TEXT | TOOLBAR_ICONS)) != 0); } } #endif #if defined(FEAT_TOOLBAR) && defined(FEAT_GUI_GTK) else if (varp == &p_tbis) { if (opt_strings_flags(p_tbis, p_tbis_values, &tbis_flags, FALSE) != OK) errmsg = e_invarg; else { out_flush(); gui_mch_show_toolbar((toolbar_flags & (TOOLBAR_TEXT | TOOLBAR_ICONS)) != 0); } } #endif else if (varp == &p_pt) { if (*p_pt) { (void)replace_termcodes(p_pt, &p, REPTERM_FROM_PART | REPTERM_DO_LT, NULL); if (p != NULL) { if (new_value_alloced) free_string_option(p_pt); p_pt = p; new_value_alloced = TRUE; } } } else if (varp == &p_bs) { if (VIM_ISDIGIT(*p_bs)) { if (*p_bs > '3' || p_bs[1] != NUL) errmsg = e_invarg; } else if (check_opt_strings(p_bs, p_bs_values, TRUE) != OK) errmsg = e_invarg; } else if (varp == &p_bo) { if (opt_strings_flags(p_bo, p_bo_values, &bo_flags, TRUE) != OK) errmsg = e_invarg; } else if (gvarp == &p_tc) { unsigned int *flags; if (opt_flags & OPT_LOCAL) { p = curbuf->b_p_tc; flags = &curbuf->b_tc_flags; } else { p = p_tc; flags = &tc_flags; } if ((opt_flags & OPT_LOCAL) && *p == NUL) *flags = 0; else if (*p == NUL || opt_strings_flags(p, p_tc_values, flags, FALSE) != OK) errmsg = e_invarg; } else if (varp == &p_cmp) { if (opt_strings_flags(p_cmp, p_cmp_values, &cmp_flags, TRUE) != OK) errmsg = e_invarg; } #ifdef FEAT_DIFF else if (varp == &p_dip) { if (diffopt_changed() == FAIL) errmsg = e_invarg; } #endif #ifdef FEAT_FOLDING else if (gvarp == &curwin->w_allbuf_opt.wo_fdm) { if (check_opt_strings(*varp, p_fdm_values, FALSE) != OK || *curwin->w_p_fdm == NUL) errmsg = e_invarg; else { foldUpdateAll(curwin); if (foldmethodIsDiff(curwin)) newFoldLevel(); } } # ifdef FEAT_EVAL else if (varp == &curwin->w_p_fde) { if (foldmethodIsExpr(curwin)) foldUpdateAll(curwin); } # endif else if (gvarp == &curwin->w_allbuf_opt.wo_fmr) { p = vim_strchr(*varp, ','); if (p == NULL) errmsg = N_(""E536: comma required""); else if (p == *varp || p[1] == NUL) errmsg = e_invarg; else if (foldmethodIsMarker(curwin)) foldUpdateAll(curwin); } else if (gvarp == &p_cms) { if (**varp != NUL && strstr((char *)*varp, ""%s"") == NULL) errmsg = N_(""E537: 'commentstring' must be empty or contain %s""); } else if (varp == &p_fdo) { if (opt_strings_flags(p_fdo, p_fdo_values, &fdo_flags, TRUE) != OK) errmsg = e_invarg; } else if (varp == &p_fcl) { if (check_opt_strings(p_fcl, p_fcl_values, TRUE) != OK) errmsg = e_invarg; } else if (gvarp == &curwin->w_allbuf_opt.wo_fdi) { if (foldmethodIsIndent(curwin)) foldUpdateAll(curwin); } #endif else if (gvarp == &p_ve) { char_u *ve = p_ve; unsigned int *flags = &ve_flags; if (opt_flags & OPT_LOCAL) { ve = curwin->w_p_ve; flags = &curwin->w_ve_flags; } if ((opt_flags & OPT_LOCAL) && *ve == NUL) *flags = 0; else { if (opt_strings_flags(ve, p_ve_values, flags, TRUE) != OK) errmsg = e_invarg; else if (STRCMP(p_ve, oldval) != 0) { validate_virtcol(); coladvance(curwin->w_virtcol); } } } #if defined(FEAT_CSCOPE) && defined(FEAT_QUICKFIX) else if (varp == &p_csqf) { if (p_csqf != NULL) { p = p_csqf; while (*p != NUL) { if (vim_strchr((char_u *)CSQF_CMDS, *p) == NULL || p[1] == NUL || vim_strchr((char_u *)CSQF_FLAGS, p[1]) == NULL || (p[2] != NUL && p[2] != ',')) { errmsg = e_invarg; break; } else if (p[2] == NUL) break; else p += 3; } } } #endif #ifdef FEAT_CINDENT else if (gvarp == &p_cino) { parse_cino(curbuf); } #endif #if defined(FEAT_RENDER_OPTIONS) else if (varp == &p_rop) { if (!gui_mch_set_rendering_options(p_rop)) errmsg = e_invarg; } #endif else if (gvarp == &p_ft) { if (!valid_filetype(*varp)) errmsg = e_invarg; else { value_changed = STRCMP(oldval, *varp) != 0; *value_checked = TRUE; } } #ifdef FEAT_SYN_HL else if (gvarp == &p_syn) { if (!valid_filetype(*varp)) errmsg = e_invarg; else { value_changed = STRCMP(oldval, *varp) != 0; *value_checked = TRUE; } } #endif #ifdef FEAT_TERMINAL else if (varp == &curwin->w_p_twk) { if (*curwin->w_p_twk != NUL && string_to_key(curwin->w_p_twk, TRUE) == 0) errmsg = e_invarg; } else if (varp == &curwin->w_p_tws) { if (*curwin->w_p_tws != NUL) { p = skipdigits(curwin->w_p_tws); if (p == curwin->w_p_tws || (*p != 'x' && *p != '*') || *skipdigits(p + 1) != NUL) errmsg = e_invarg; } } else if (varp == &curwin->w_p_wcr) { if (curwin->w_buffer->b_term != NULL) term_update_colors(curwin->w_buffer->b_term); } # if defined(MSWIN) else if (varp == &p_twt) { if (check_opt_strings(*varp, p_twt_values, FALSE) != OK) errmsg = e_invarg; } # endif #endif #ifdef FEAT_VARTABS else if (varp == &(curbuf->b_p_vsts)) { char_u *cp; if (!(*varp)[0] || ((*varp)[0] == '0' && !(*varp)[1])) { if (curbuf->b_p_vsts_array) { vim_free(curbuf->b_p_vsts_array); curbuf->b_p_vsts_array = 0; } } else { for (cp = *varp; *cp; ++cp) { if (vim_isdigit(*cp)) continue; if (*cp == ',' && cp > *varp && *(cp-1) != ',') continue; errmsg = e_invarg; break; } if (errmsg == NULL) { int *oldarray = curbuf->b_p_vsts_array; if (tabstop_set(*varp, &(curbuf->b_p_vsts_array))) { if (oldarray) vim_free(oldarray); } else errmsg = e_invarg; } } } else if (varp == &(curbuf->b_p_vts)) { char_u *cp; if (!(*varp)[0] || ((*varp)[0] == '0' && !(*varp)[1])) { if (curbuf->b_p_vts_array) { vim_free(curbuf->b_p_vts_array); curbuf->b_p_vts_array = NULL; } } else { for (cp = *varp; *cp; ++cp) { if (vim_isdigit(*cp)) continue; if (*cp == ',' && cp > *varp && *(cp-1) != ',') continue; errmsg = e_invarg; break; } if (errmsg == NULL) { int *oldarray = curbuf->b_p_vts_array; if (tabstop_set(*varp, &(curbuf->b_p_vts_array))) { vim_free(oldarray); #ifdef FEAT_FOLDING if (foldmethodIsIndent(curwin)) foldUpdateAll(curwin); #endif } else errmsg = e_invarg; } } } #endif #ifdef FEAT_PROP_POPUP else if (varp == &p_pvp) { if (parse_previewpopup(NULL) == FAIL) errmsg = e_invarg; } # ifdef FEAT_QUICKFIX else if (varp == &p_cpp) { if (parse_completepopup(NULL) == FAIL) errmsg = e_invarg; else popup_close_info(); } # endif #endif #ifdef FEAT_QUICKFIX else if (varp == &p_qftf) { if (qf_process_qftf_option() == FALSE) errmsg = e_invarg; } #endif else { p = NULL; if (varp == &p_ww) p = (char_u *)WW_ALL; if (varp == &p_shm) p = (char_u *)SHM_ALL; else if (varp == &(p_cpo)) p = (char_u *)CPO_ALL; else if (varp == &(curbuf->b_p_fo)) p = (char_u *)FO_ALL; #ifdef FEAT_CONCEAL else if (varp == &curwin->w_p_cocu) p = (char_u *)COCU_ALL; #endif else if (varp == &p_mouse) { p = (char_u *)MOUSE_ALL; } #if defined(FEAT_GUI) else if (varp == &p_go) p = (char_u *)GO_ALL; #endif if (p != NULL) { for (s = *varp; *s; ++s) if (vim_strchr(p, *s) == NULL) { errmsg = illegal_char(errbuf, *s); break; } } } if (errmsg != NULL) { if (new_value_alloced) free_string_option(*varp); *varp = oldval; if (did_chartab) (void)init_chartab(); if (varp == &p_hl) (void)highlight_changed(); } else { #ifdef FEAT_EVAL set_option_sctx_idx(opt_idx, opt_flags, current_sctx); #endif if (free_oldval) free_string_option(oldval); if (new_value_alloced) set_option_flag(opt_idx, P_ALLOCED); else clear_option_flag(opt_idx, P_ALLOCED); if ((opt_flags & (OPT_LOCAL | OPT_GLOBAL)) == 0 && is_global_local_option(opt_idx)) { p = get_option_varp_scope(opt_idx, OPT_LOCAL); free_string_option(*(char_u **)p); *(char_u **)p = empty_option; } else if (!(opt_flags & OPT_LOCAL) && opt_flags != OPT_GLOBAL) set_string_option_global(opt_idx, varp); #ifdef FEAT_SYN_HL if (varp == &(curbuf->b_p_syn)) { static int syn_recursive = 0; ++syn_recursive; apply_autocmds(EVENT_SYNTAX, curbuf->b_p_syn, curbuf->b_fname, value_changed || syn_recursive == 1, curbuf); curbuf->b_flags |= BF_SYN_SET; --syn_recursive; } #endif else if (varp == &(curbuf->b_p_ft)) { if (!(opt_flags & OPT_MODELINE) || value_changed) { static int ft_recursive = 0; int secure_save = secure; secure = 0; ++ft_recursive; did_filetype = TRUE; apply_autocmds(EVENT_FILETYPE, curbuf->b_p_ft, curbuf->b_fname, value_changed || ft_recursive == 1, curbuf); --ft_recursive; if (varp != &(curbuf->b_p_ft)) varp = NULL; secure = secure_save; } } #ifdef FEAT_SPELL if (varp == &(curwin->w_s->b_p_spl)) { char_u fname[200]; char_u *q = curwin->w_s->b_p_spl; if (STRNCMP(q, ""cjk,"", 4) == 0) q += 4; for (p = q; *p != NUL; ++p) if (!ASCII_ISALNUM(*p) && *p != '-') break; if (p > q) { vim_snprintf((char *)fname, 200, ""spell/%.*s.vim"", (int)(p - q), q); source_runtime(fname, DIP_ALL); } } #endif } if (varp == &p_mouse) { if (*p_mouse == NUL) mch_setmouse(FALSE); else setmouse(); } #if defined(FEAT_LUA) || defined(PROTO) if (varp == &p_rtp) update_package_paths_in_lua(); #endif if (curwin->w_curswant != MAXCOL && (get_option_flags(opt_idx) & (P_CURSWANT | P_RALL)) != 0) curwin->w_set_curswant = TRUE; if ((opt_flags & OPT_NO_REDRAW) == 0) { #ifdef FEAT_GUI if (!redraw_gui_only || gui.in_use) #endif check_redraw(get_option_flags(opt_idx)); } #if defined(FEAT_VTP) && defined(FEAT_TERMGUICOLORS) if (did_swaptcap) { set_termname((char_u *)""win32""); init_highlight(TRUE, FALSE); } #endif return errmsg; }",visit repo url,src/optionstr.c,https://github.com/vim/vim,14213832980380,1 1421,[],"static void print_cfs_stats(struct seq_file *m, int cpu) { struct cfs_rq *cfs_rq; #ifdef CONFIG_FAIR_GROUP_SCHED print_cfs_rq(m, cpu, &cpu_rq(cpu)->cfs); #endif rcu_read_lock(); for_each_leaf_cfs_rq(cpu_rq(cpu), cfs_rq) print_cfs_rq(m, cpu, cfs_rq); rcu_read_unlock(); }",linux-2.6,,,207893763474476954140274244676066682740,0 786,CWE-20,"static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int err; struct sk_buff *skb; struct sock *sk = sock->sk; err = -EIO; if (sk->sk_state & PPPOX_BOUND) goto end; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) goto end; if (len > skb->len) len = skb->len; else if (len < skb->len) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len); if (likely(err == 0)) err = len; kfree_skb(skb); end: return err; }",visit repo url,net/l2tp/l2tp_ppp.c,https://github.com/torvalds/linux,83283590519134,1 2173,['CWE-400'],"static inline struct page *shmem_alloc_page(gfp_t gfp, struct shmem_inode_info *info, unsigned long idx) { return alloc_page(gfp); }",linux-2.6,,,218737273662935913135410287526539850808,0 2030,NVD-CWE-noinfo,"static void __evtchn_fifo_handle_events(unsigned cpu, bool drop) { struct evtchn_fifo_control_block *control_block; unsigned long ready; unsigned q; control_block = per_cpu(cpu_control_block, cpu); ready = xchg(&control_block->ready, 0); while (ready) { q = find_first_bit(&ready, EVTCHN_FIFO_MAX_QUEUES); consume_one_event(cpu, control_block, q, &ready, drop); ready |= xchg(&control_block->ready, 0); } }",visit repo url,drivers/xen/events/events_fifo.c,https://github.com/torvalds/linux,166401483829863,1 3708,[],"static void unix_sock_destructor(struct sock *sk) { struct unix_sock *u = unix_sk(sk); skb_queue_purge(&sk->sk_receive_queue); WARN_ON(atomic_read(&sk->sk_wmem_alloc)); WARN_ON(!sk_unhashed(sk)); WARN_ON(sk->sk_socket); if (!sock_flag(sk, SOCK_DEAD)) { printk(""Attempt to release alive unix socket: %p\n"", sk); return; } if (u->addr) unix_release_addr(u->addr); atomic_dec(&unix_nr_socks); #ifdef UNIX_REFCNT_DEBUG printk(KERN_DEBUG ""UNIX %p is destroyed, %d are still alive.\n"", sk, atomic_read(&unix_nr_socks)); #endif }",linux-2.6,,,271529635270562808113342578631406511554,0 3389,CWE-416,"static Image *ReadMATImage(const ImageInfo *image_info,ExceptionInfo *exception) { Image *image, *image2=NULL, *rotated_image; register Quantum *q; unsigned int status; MATHeader MATLAB_HDR; size_t size; size_t CellType; QuantumInfo *quantum_info; ImageInfo *clone_info; int i; ssize_t ldblk; unsigned char *BImgBuff = NULL; double MinVal, MaxVal; unsigned z, z2; unsigned Frames; int logging; int sample_size; MagickOffsetType filepos=0x80; unsigned int (*ReadBlobXXXLong)(Image *image); unsigned short (*ReadBlobXXXShort)(Image *image); void (*ReadBlobDoublesXXX)(Image * image, size_t len, double *data); void (*ReadBlobFloatsXXX)(Image * image, size_t len, float *data); assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); logging = LogMagickEvent(CoderEvent,GetMagickModule(),""enter""); image = AcquireImage(image_info,exception); image2 = (Image *) NULL; status = OpenBlob(image_info, image, ReadBinaryBlobMode, exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } quantum_info=(QuantumInfo *) NULL; clone_info=(ImageInfo *) NULL; if (ReadBlob(image,124,(unsigned char *) &MATLAB_HDR.identific) != 124) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (strncmp(MATLAB_HDR.identific,""MATLAB"",6) != 0) { image=ReadMATImageV4(image_info,image,exception); if (image == NULL) { if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); return((Image *) NULL); } goto END_OF_READING; } MATLAB_HDR.Version = ReadBlobLSBShort(image); if(ReadBlob(image,2,(unsigned char *) &MATLAB_HDR.EndianIndicator) != 2) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (logging) (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" Endian %c%c"", MATLAB_HDR.EndianIndicator[0],MATLAB_HDR.EndianIndicator[1]); if (!strncmp(MATLAB_HDR.EndianIndicator, ""IM"", 2)) { ReadBlobXXXLong = ReadBlobLSBLong; ReadBlobXXXShort = ReadBlobLSBShort; ReadBlobDoublesXXX = ReadBlobDoublesLSB; ReadBlobFloatsXXX = ReadBlobFloatsLSB; image->endian = LSBEndian; } else if (!strncmp(MATLAB_HDR.EndianIndicator, ""MI"", 2)) { ReadBlobXXXLong = ReadBlobMSBLong; ReadBlobXXXShort = ReadBlobMSBShort; ReadBlobDoublesXXX = ReadBlobDoublesMSB; ReadBlobFloatsXXX = ReadBlobFloatsMSB; image->endian = MSBEndian; } else { MATLAB_KO: if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } filepos = TellBlob(image); while(!EOFBlob(image)) { Frames = 1; if (filepos != (unsigned int) filepos) break; if(SeekBlob(image,filepos,SEEK_SET) != filepos) break; MATLAB_HDR.DataType = ReadBlobXXXLong(image); if(EOFBlob(image)) break; MATLAB_HDR.ObjectSize = ReadBlobXXXLong(image); if(EOFBlob(image)) break; if((MagickSizeType) (MATLAB_HDR.ObjectSize+filepos) > GetBlobSize(image)) goto MATLAB_KO; filepos += (MagickOffsetType) MATLAB_HDR.ObjectSize + 4 + 4; if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); clone_info=CloneImageInfo(image_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); image2 = image; #if defined(MAGICKCORE_ZLIB_DELEGATE) if(MATLAB_HDR.DataType == miCOMPRESSED) { image2 = decompress_block(image,&MATLAB_HDR.ObjectSize,clone_info,exception); if(image2==NULL) continue; MATLAB_HDR.DataType = ReadBlobXXXLong(image2); } #endif if (MATLAB_HDR.DataType != miMATRIX) { clone_info=DestroyImageInfo(clone_info); #if defined(MAGICKCORE_ZLIB_DELEGATE) if (image2 != image) DeleteImageFromList(&image2); #endif continue; } MATLAB_HDR.unknown1 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown2 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown5 = ReadBlobXXXLong(image2); MATLAB_HDR.StructureClass = MATLAB_HDR.unknown5 & 0xFF; MATLAB_HDR.StructureFlag = (MATLAB_HDR.unknown5>>8) & 0xFF; MATLAB_HDR.unknown3 = ReadBlobXXXLong(image2); if(image!=image2) MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.DimFlag = ReadBlobXXXLong(image2); MATLAB_HDR.SizeX = ReadBlobXXXLong(image2); MATLAB_HDR.SizeY = ReadBlobXXXLong(image2); switch(MATLAB_HDR.DimFlag) { case 8: z2=z=1; break; case 12: z2=z = ReadBlobXXXLong(image2); (void) ReadBlobXXXLong(image2); if(z!=3) { if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); } break; case 16: z2=z = ReadBlobXXXLong(image2); if(z!=3 && z!=1) { if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); } Frames = ReadBlobXXXLong(image2); if (Frames == 0) { if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (AcquireMagickResource(ListLengthResource,Frames) == MagickFalse) { if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); ThrowReaderException(ResourceLimitError,""ListLengthExceedsLimit""); } break; default: if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); } MATLAB_HDR.Flag1 = ReadBlobXXXShort(image2); MATLAB_HDR.NameFlag = ReadBlobXXXShort(image2); if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.StructureClass %d"",MATLAB_HDR.StructureClass); if (MATLAB_HDR.StructureClass != mxCHAR_CLASS && MATLAB_HDR.StructureClass != mxSINGLE_CLASS && MATLAB_HDR.StructureClass != mxDOUBLE_CLASS && MATLAB_HDR.StructureClass != mxINT8_CLASS && MATLAB_HDR.StructureClass != mxUINT8_CLASS && MATLAB_HDR.StructureClass != mxINT16_CLASS && MATLAB_HDR.StructureClass != mxUINT16_CLASS && MATLAB_HDR.StructureClass != mxINT32_CLASS && MATLAB_HDR.StructureClass != mxUINT32_CLASS && MATLAB_HDR.StructureClass != mxINT64_CLASS && MATLAB_HDR.StructureClass != mxUINT64_CLASS) { if ((image2 != (Image*) NULL) && (image2 != image)) { CloseBlob(image2); DeleteImageFromList(&image2); } if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); ThrowReaderException(CoderError,""UnsupportedCellTypeInTheMatrix""); } switch (MATLAB_HDR.NameFlag) { case 0: size = ReadBlobXXXLong(image2); size = 4 * (((size_t) size + 3 + 1) / 4); (void) SeekBlob(image2, size, SEEK_CUR); break; case 1: case 2: case 3: case 4: (void) ReadBlob(image2, 4, (unsigned char *) &size); break; default: goto MATLAB_KO; } CellType = ReadBlobXXXLong(image2); if (logging) (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.CellType: %.20g"",(double) CellType); if (ReadBlob(image2, 4, (unsigned char *) &size) != 4) goto MATLAB_KO; NEXT_FRAME: switch (CellType) { case miINT8: case miUINT8: sample_size = 8; if(MATLAB_HDR.StructureFlag & FLAG_LOGICAL) image->depth = 1; else image->depth = 8; ldblk = (ssize_t) MATLAB_HDR.SizeX; break; case miINT16: case miUINT16: sample_size = 16; image->depth = 16; ldblk = (ssize_t) (2 * MATLAB_HDR.SizeX); break; case miINT32: case miUINT32: sample_size = 32; image->depth = 32; ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miINT64: case miUINT64: sample_size = 64; image->depth = 64; ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; case miSINGLE: sample_size = 32; image->depth = 32; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miDOUBLE: sample_size = 64; image->depth = 64; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); DisableMSCWarning(4127) if (sizeof(double) != 8) RestoreMSCWarning { if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); ThrowReaderException(CoderError, ""IncompatibleSizeOfDouble""); } if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; default: if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); if (clone_info) clone_info=DestroyImageInfo(clone_info); ThrowReaderException(CoderError, ""UnsupportedCellTypeInTheMatrix""); } (void) sample_size; image->columns = MATLAB_HDR.SizeX; image->rows = MATLAB_HDR.SizeY; image->colors = GetQuantumRange(image->depth); if (image->columns == 0 || image->rows == 0) goto MATLAB_KO; if((unsigned int)ldblk*MATLAB_HDR.SizeY > MATLAB_HDR.ObjectSize) goto MATLAB_KO; if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) { image->type=GrayscaleType; SetImageColorspace(image,GRAYColorspace,exception); } if (image_info->ping) { size_t temp = image->columns; image->columns = image->rows; image->rows = temp; goto done_reading; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) { if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); return(DestroyImageList(image)); } (void) SetImageBackgroundColor(image,exception); quantum_info=AcquireQuantumInfo(clone_info,image); if (quantum_info == (QuantumInfo *) NULL) { if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } BImgBuff = (unsigned char *) AcquireQuantumMemory((size_t) (ldblk),sizeof(double)); if (BImgBuff == NULL) { if (clone_info != (ImageInfo *) NULL) clone_info=DestroyImageInfo(clone_info); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } (void) memset(BImgBuff,0,ldblk*sizeof(double)); MinVal = 0; MaxVal = 0; if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2,image_info->endian,MATLAB_HDR.SizeX,MATLAB_HDR.SizeY, CellType,ldblk,BImgBuff,&quantum_info->minimum, &quantum_info->maximum); } if(z==1) z=0; do { for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { q=GetAuthenticPixels(image,0,MATLAB_HDR.SizeY-i-1,image->columns,1,exception); if (q == (Quantum *) NULL) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT set image pixels returns unexpected NULL on a row %u."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto done_reading; } if(ReadBlob(image2,ldblk,(unsigned char *)BImgBuff) != (ssize_t) ldblk) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT cannot read scanrow %u from a file."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } if((CellType==miINT8 || CellType==miUINT8) && (MATLAB_HDR.StructureFlag & FLAG_LOGICAL)) { FixLogical((unsigned char *)BImgBuff,ldblk); if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) { ImportQuantumPixelsFailed: if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to ImportQuantumPixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); break; } } else { if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) goto ImportQuantumPixelsFailed; if (z<=1 && (CellType==miINT8 || CellType==miINT16 || CellType==miINT32 || CellType==miINT64)) FixSignedValues(image,q,MATLAB_HDR.SizeX); } if (!SyncAuthenticPixels(image,exception)) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to sync image pixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } } } while(z-- >= 2); ExitLoop: if (i != (long) MATLAB_HDR.SizeY) goto END_OF_READING; if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { CellType = ReadBlobXXXLong(image2); i = ReadBlobXXXLong(image2); if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2, image_info->endian, MATLAB_HDR.SizeX, MATLAB_HDR.SizeY, CellType, ldblk, BImgBuff, &MinVal, &MaxVal); } if (CellType==miDOUBLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobDoublesXXX(image2, ldblk, (double *)BImgBuff); if (EOFBlob(image) != MagickFalse) break; InsertComplexDoubleRow(image, (double *)BImgBuff, i, MinVal, MaxVal, exception); } if (CellType==miSINGLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobFloatsXXX(image2, ldblk, (float *)BImgBuff); if (EOFBlob(image) != MagickFalse) break; InsertComplexFloatRow(image,(float *)BImgBuff,i,MinVal,MaxVal, exception); } } if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) image->type=GrayscaleType; if (image->depth == 1) image->type=BilevelType; if(image2==image) image2 = NULL; rotated_image = RotateImage(image, 90.0, exception); if (rotated_image != (Image *) NULL) { rotated_image->page.x=0; rotated_image->page.y=0; rotated_image->colors = image->colors; DestroyBlob(rotated_image); rotated_image->blob=ReferenceBlob(image->blob); AppendImageToList(&image,rotated_image); DeleteImageFromList(&image); } done_reading: if(image2!=NULL) if(image2!=image) { DeleteImageFromList(&image2); if(clone_info) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } if (EOFBlob(image) != MagickFalse) break; AcquireNextImage(image_info,image,exception); if (image->next == (Image *) NULL) break; image=SyncNextImageInList(image); image->columns=image->rows=0; image->colors=0; RelinquishMagickMemory(BImgBuff); BImgBuff = NULL; if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if(--Frames>0) { z = z2; if(image2==NULL) image2 = image; if(!EOFBlob(image) && TellBlob(image)file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } if (clone_info) clone_info=DestroyImageInfo(clone_info); } END_OF_READING: RelinquishMagickMemory(BImgBuff); if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); CloseBlob(image); { Image *p; ssize_t scene=0; p=image; image=NULL; while (p != (Image *) NULL) { Image *tmp=p; if ((p->rows == 0) || (p->columns == 0)) { p=p->previous; if (tmp == image2) image2=(Image *) NULL; DeleteImageFromList(&tmp); } else { image=p; p=p->previous; } } for (p=image; p != (Image *) NULL; p=p->next) p->scene=scene++; } if(clone_info != NULL) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } DestroyImageInfo(clone_info); clone_info = NULL; } if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(),""return""); if ((image != image2) && (image2 != (Image *) NULL)) image2=DestroyImage(image2); if (image == (Image *) NULL) ThrowReaderException(CorruptImageError,""ImproperImageHeader"") return(image); }",visit repo url,coders/mat.c,https://github.com/ImageMagick/ImageMagick,226654423618140,1 5434,CWE-273,"glob_vector (pat, dir, flags) char *pat; char *dir; int flags; { DIR *d; register struct dirent *dp; struct globval *lastlink, *e, *dirlist; register struct globval *nextlink; register char *nextname, *npat, *subdir; unsigned int count; int lose, skip, ndirs, isdir, sdlen, add_current, patlen; register char **name_vector; register unsigned int i; int mflags; int pflags; int nalloca; struct globval *firstmalloc, *tmplink; char *convfn; lastlink = 0; count = lose = skip = add_current = 0; firstmalloc = 0; nalloca = 0; name_vector = NULL; if (pat == 0 || *pat == '\0') { if (glob_testdir (dir, 0) < 0) return ((char **) &glob_error_return); nextlink = (struct globval *)alloca (sizeof (struct globval)); if (nextlink == NULL) return ((char **) NULL); nextlink->next = (struct globval *)0; nextname = (char *) malloc (1); if (nextname == 0) lose = 1; else { lastlink = nextlink; nextlink->name = nextname; nextname[0] = '\0'; count = 1; } skip = 1; } patlen = (pat && *pat) ? strlen (pat) : 0; if (skip == 0 && glob_pattern_p (pat) == 0) { int dirlen; struct stat finfo; if (glob_testdir (dir, 0) < 0) return ((char **) &glob_error_return); dirlen = strlen (dir); nextname = (char *)malloc (dirlen + patlen + 2); npat = (char *)malloc (patlen + 1); if (nextname == 0 || npat == 0) { FREE (nextname); FREE (npat); lose = 1; } else { strcpy (npat, pat); dequote_pathname (npat); strcpy (nextname, dir); nextname[dirlen++] = '/'; strcpy (nextname + dirlen, npat); if (GLOB_TESTNAME (nextname) >= 0) { free (nextname); nextlink = (struct globval *)alloca (sizeof (struct globval)); if (nextlink) { nextlink->next = (struct globval *)0; lastlink = nextlink; nextlink->name = npat; count = 1; } else { free (npat); lose = 1; } } else { free (nextname); free (npat); } } skip = 1; } if (skip == 0) { #if defined (OPENDIR_NOT_ROBUST) if (glob_testdir (dir, 0) < 0) return ((char **) &glob_error_return); #endif d = opendir (dir); if (d == NULL) return ((char **) &glob_error_return); mflags = (noglob_dot_filenames ? FNM_PERIOD : 0) | FNM_PATHNAME; #ifdef FNM_CASEFOLD if (glob_ignore_case) mflags |= FNM_CASEFOLD; #endif if (extended_glob) mflags |= FNM_EXTMATCH; add_current = ((flags & (GX_ALLDIRS|GX_ADDCURDIR)) == (GX_ALLDIRS|GX_ADDCURDIR)); while (1) { if (interrupt_state || terminating_signal) { lose = 1; break; } else if (signal_is_pending (SIGINT)) { lose = 1; break; } dp = readdir (d); if (dp == NULL) break; if (REAL_DIR_ENTRY (dp) == 0) continue; #if 0 if (dp->d_name == 0 || *dp->d_name == 0) continue; #endif #if HANDLE_MULTIBYTE if (MB_CUR_MAX > 1 && mbskipname (pat, dp->d_name, flags)) continue; else #endif if (skipname (pat, dp->d_name, flags)) continue; if (flags & (GX_MATCHDIRS|GX_ALLDIRS)) { pflags = (flags & GX_ALLDIRS) ? MP_RMDOT : 0; if (flags & GX_NULLDIR) pflags |= MP_IGNDOT; subdir = sh_makepath (dir, dp->d_name, pflags); isdir = glob_testdir (subdir, flags); if (isdir < 0 && (flags & GX_MATCHDIRS)) { free (subdir); continue; } } if (flags & GX_ALLDIRS) { if (isdir == 0) { dirlist = finddirs (pat, subdir, (flags & ~GX_ADDCURDIR), &e, &ndirs); if (dirlist == &finddirs_error_return) { free (subdir); lose = 1; break; } if (ndirs) { if (firstmalloc == 0) firstmalloc = e; e->next = lastlink; lastlink = dirlist; count += ndirs; } } nextlink = (struct globval *) malloc (sizeof (struct globval)); if (firstmalloc == 0) firstmalloc = nextlink; sdlen = strlen (subdir); nextname = (char *) malloc (sdlen + 1); if (nextlink == 0 || nextname == 0) { FREE (nextlink); FREE (nextname); free (subdir); lose = 1; break; } nextlink->next = lastlink; lastlink = nextlink; nextlink->name = nextname; bcopy (subdir, nextname, sdlen + 1); free (subdir); ++count; continue; } else if (flags & GX_MATCHDIRS) free (subdir); convfn = fnx_fromfs (dp->d_name, D_NAMLEN (dp)); if (strmatch (pat, convfn, mflags) != FNM_NOMATCH) { if (nalloca < ALLOCA_MAX) { nextlink = (struct globval *) alloca (sizeof (struct globval)); nalloca += sizeof (struct globval); } else { nextlink = (struct globval *) malloc (sizeof (struct globval)); if (firstmalloc == 0) firstmalloc = nextlink; } nextname = (char *) malloc (D_NAMLEN (dp) + 1); if (nextlink == 0 || nextname == 0) { FREE (nextlink); FREE (nextname); lose = 1; break; } nextlink->next = lastlink; lastlink = nextlink; nextlink->name = nextname; bcopy (dp->d_name, nextname, D_NAMLEN (dp) + 1); ++count; } } (void) closedir (d); } if (add_current) { sdlen = strlen (dir); nextname = (char *)malloc (sdlen + 1); nextlink = (struct globval *) malloc (sizeof (struct globval)); if (nextlink == 0 || nextname == 0) { FREE (nextlink); FREE (nextname); lose = 1; } else { nextlink->name = nextname; nextlink->next = lastlink; lastlink = nextlink; if (flags & GX_NULLDIR) nextname[0] = '\0'; else bcopy (dir, nextname, sdlen + 1); ++count; } } if (lose == 0) { name_vector = (char **) malloc ((count + 1) * sizeof (char *)); lose |= name_vector == NULL; } if (lose) { tmplink = 0; while (lastlink) { if (firstmalloc) { if (lastlink == firstmalloc) firstmalloc = 0; tmplink = lastlink; } else tmplink = 0; free (lastlink->name); lastlink = lastlink->next; FREE (tmplink); } return ((char **)NULL); } for (tmplink = lastlink, i = 0; i < count; ++i) { name_vector[i] = tmplink->name; tmplink = tmplink->next; } name_vector[count] = NULL; if (firstmalloc) { tmplink = 0; while (lastlink) { tmplink = lastlink; if (lastlink == firstmalloc) lastlink = firstmalloc = 0; else lastlink = lastlink->next; free (tmplink); } } return (name_vector); }",visit repo url,lib/glob/glob.c,https://github.com/bminor/bash,59344998295065,1 861,CWE-20,"static int recv_stream(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t buf_len, int flags) { struct sock *sk = sock->sk; struct tipc_port *tport = tipc_sk_port(sk); struct sk_buff *buf; struct tipc_msg *msg; long timeout; unsigned int sz; int sz_to_copy, target, needed; int sz_copied = 0; u32 err; int res = 0; if (unlikely(!buf_len)) return -EINVAL; lock_sock(sk); if (unlikely((sock->state == SS_UNCONNECTED))) { res = -ENOTCONN; goto exit; } m->msg_namelen = 0; target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); restart: while (skb_queue_empty(&sk->sk_receive_queue)) { if (sock->state == SS_DISCONNECTING) { res = -ENOTCONN; goto exit; } if (timeout <= 0L) { res = timeout ? timeout : -EWOULDBLOCK; goto exit; } release_sock(sk); timeout = wait_event_interruptible_timeout(*sk_sleep(sk), tipc_rx_ready(sock), timeout); lock_sock(sk); } buf = skb_peek(&sk->sk_receive_queue); msg = buf_msg(buf); sz = msg_data_sz(msg); err = msg_errcode(msg); if ((!sz) && (!err)) { advance_rx_queue(sk); goto restart; } if (sz_copied == 0) { set_orig_addr(m, msg); res = anc_data_recv(m, msg, tport); if (res) goto exit; } if (!err) { u32 offset = (u32)(unsigned long)(TIPC_SKB_CB(buf)->handle); sz -= offset; needed = (buf_len - sz_copied); sz_to_copy = (sz <= needed) ? sz : needed; res = skb_copy_datagram_iovec(buf, msg_hdr_sz(msg) + offset, m->msg_iov, sz_to_copy); if (res) goto exit; sz_copied += sz_to_copy; if (sz_to_copy < sz) { if (!(flags & MSG_PEEK)) TIPC_SKB_CB(buf)->handle = (void *)(unsigned long)(offset + sz_to_copy); goto exit; } } else { if (sz_copied != 0) goto exit; if ((err == TIPC_CONN_SHUTDOWN) || m->msg_control) res = 0; else res = -ECONNRESET; } if (likely(!(flags & MSG_PEEK))) { if (unlikely(++tport->conn_unacked >= TIPC_FLOW_CONTROL_WIN)) tipc_acknowledge(tport->ref, tport->conn_unacked); advance_rx_queue(sk); } if ((sz_copied < buf_len) && (!skb_queue_empty(&sk->sk_receive_queue) || (sz_copied < target)) && (!(flags & MSG_PEEK)) && (!err)) goto restart; exit: release_sock(sk); return sz_copied ? sz_copied : res; }",visit repo url,net/tipc/socket.c,https://github.com/torvalds/linux,263298236416144,1 6196,['CWE-200'],"static void ip_encap(struct sk_buff *skb, u32 saddr, u32 daddr) { struct iphdr *iph = (struct iphdr *)skb_push(skb,sizeof(struct iphdr)); iph->version = 4; iph->tos = skb->nh.iph->tos; iph->ttl = skb->nh.iph->ttl; iph->frag_off = 0; iph->daddr = daddr; iph->saddr = saddr; iph->protocol = IPPROTO_IPIP; iph->ihl = 5; iph->tot_len = htons(skb->len); ip_select_ident(iph, skb->dst, NULL); ip_send_check(iph); skb->h.ipiph = skb->nh.iph; skb->nh.iph = iph; memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); nf_reset(skb); }",linux-2.6,,,339703131818255396989067984740536564930,0 5179,CWE-125,"TfLiteStatus EvalQuantized(TfLiteContext* context, TfLiteNode* node, OpData* data, const RuntimeShape& lhs_shape, const TfLiteTensor* lhs, const RuntimeShape& rhs_shape, const TfLiteTensor* rhs, TfLiteTensor* output) { if (lhs->type == kTfLiteFloat32) { TfLiteTensor* input_quantized = GetTemporary(context, node, 2); TfLiteTensor* scaling_factors = GetTemporary(context, node, 3); TfLiteTensor* accum_scratch = GetTemporary(context, node, 4); TfLiteTensor* input_offsets = GetTemporary(context, node, 5); TfLiteTensor* row_sums = GetTemporary(context, node, 6); return EvalHybrid( context, node, data, lhs_shape, lhs, rhs_shape, rhs, input_quantized, scaling_factors, accum_scratch, row_sums, input_offsets, output); } else if (lhs->type == kTfLiteInt8) { return EvalInt8(context, data, lhs_shape, lhs, rhs_shape, rhs, GetTensorShape(output), output); } else { TF_LITE_KERNEL_LOG( context, ""Currently only hybrid and int8 quantization is supported.\n""); return kTfLiteError; } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/batch_matmul.cc,https://github.com/tensorflow/tensorflow,256592427905275,1 969,['CWE-189'],"SProcShmDispatch (client) register ClientPtr client; { REQUEST(xReq); switch (stuff->data) { case X_ShmQueryVersion: return SProcShmQueryVersion(client); case X_ShmAttach: return SProcShmAttach(client); case X_ShmDetach: return SProcShmDetach(client); case X_ShmPutImage: return SProcShmPutImage(client); case X_ShmGetImage: return SProcShmGetImage(client); case X_ShmCreatePixmap: return SProcShmCreatePixmap(client); default: return BadRequest; } }",xserver,,,271862592844282072341922850410373434543,0 2646,CWE-125,"PHP_FUNCTION(locale_get_primary_language ) { get_icu_value_src_php( LOC_LANG_TAG , INTERNAL_FUNCTION_PARAM_PASSTHRU ); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,256006615963274,1 2877,['CWE-189'],"static jas_cmprof_t *jas_cmprof_createsycc() { jas_cmprof_t *prof; jas_cmpxform_t *fwdpxform; jas_cmpxform_t *revpxform; jas_cmshapmat_t *fwdshapmat; jas_cmshapmat_t *revshapmat; int i; int j; if (!(prof = jas_cmprof_createfromclrspc(JAS_CLRSPC_SRGB))) goto error; prof->clrspc = JAS_CLRSPC_SYCBCR; assert(prof->numchans == 3 && prof->numrefchans == 3); assert(prof->refclrspc == JAS_CLRSPC_CIEXYZ); if (!(fwdpxform = jas_cmpxform_createshapmat())) goto error; fwdpxform->numinchans = 3; fwdpxform->numoutchans = 3; fwdshapmat = &fwdpxform->data.shapmat; fwdshapmat->mono = 0; fwdshapmat->order = 0; fwdshapmat->useluts = 0; fwdshapmat->usemat = 1; fwdshapmat->mat[0][0] = 1.0; fwdshapmat->mat[0][1] = 0.0; fwdshapmat->mat[0][2] = 1.402; fwdshapmat->mat[1][0] = 1.0; fwdshapmat->mat[1][1] = -0.34413; fwdshapmat->mat[1][2] = -0.71414; fwdshapmat->mat[2][0] = 1.0; fwdshapmat->mat[2][1] = 1.772; fwdshapmat->mat[2][2] = 0.0; fwdshapmat->mat[0][3] = -0.5 * (1.402); fwdshapmat->mat[1][3] = -0.5 * (-0.34413 - 0.71414); fwdshapmat->mat[2][3] = -0.5 * (1.772); if (!(revpxform = jas_cmpxform_createshapmat())) goto error; revpxform->numinchans = 3; revpxform->numoutchans = 3; revshapmat = &revpxform->data.shapmat; revshapmat->mono = 0; revshapmat->order = 1; revshapmat->useluts = 0; revshapmat->usemat = 1; jas_cmshapmat_invmat(revshapmat->mat, fwdshapmat->mat); for (i = 0; i < JAS_CMXFORM_NUMINTENTS; ++i) { j = SEQFWD(i); if (prof->pxformseqs[j]) { if (jas_cmpxformseq_insertpxform(prof->pxformseqs[j], 0, fwdpxform)) goto error; } j = SEQREV(i); if (prof->pxformseqs[j]) { if (jas_cmpxformseq_insertpxform(prof->pxformseqs[j], -1, revpxform)) goto error; } } jas_cmpxform_destroy(fwdpxform); jas_cmpxform_destroy(revpxform); return prof; error: return 0; }",jasper,,,190288724610662728239579452827025904235,0 6055,['CWE-200'],"static void cbq_put(struct Qdisc *sch, unsigned long arg) { struct cbq_class *cl = (struct cbq_class*)arg; if (--cl->refcnt == 0) { #ifdef CONFIG_NET_CLS_POLICE struct cbq_sched_data *q = qdisc_priv(sch); spin_lock_bh(&sch->dev->queue_lock); if (q->rx_class == cl) q->rx_class = NULL; spin_unlock_bh(&sch->dev->queue_lock); #endif cbq_destroy_class(sch, cl); } }",linux-2.6,,,166294694903911700797328547765856564148,0 1379,[],"static void put_prev_task_fair(struct rq *rq, struct task_struct *prev) { struct sched_entity *se = &prev->se; struct cfs_rq *cfs_rq; for_each_sched_entity(se) { cfs_rq = cfs_rq_of(se); put_prev_entity(cfs_rq, se); } }",linux-2.6,,,249935554953814973295638674616409721183,0 6646,['CWE-200'],"periodic_update_active_connection_timestamps (gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); const GPtrArray *connections; int i; if (!applet->nm_client || !nm_client_get_manager_running (applet->nm_client)) return TRUE; connections = nm_client_get_active_connections (applet->nm_client); for (i = 0; connections && (i < connections->len); i++) { NMActiveConnection *active = NM_ACTIVE_CONNECTION (g_ptr_array_index (connections, i)); const char *path; NMAGConfConnection *gconf_connection; NMConnection *connection; const GPtrArray *devices; int k; if (nm_active_connection_get_scope (active) == NM_CONNECTION_SCOPE_SYSTEM) continue; path = nm_active_connection_get_connection (active); gconf_connection = nma_gconf_settings_get_by_dbus_path (applet->gconf_settings, path); if (!gconf_connection) continue; devices = nm_active_connection_get_devices (active); if (!devices || !devices->len) continue; for (k = 0; devices && (k < devices->len); k++) { NMDevice *device = NM_DEVICE (g_ptr_array_index (devices, k)); if (nm_device_get_state (device) == NM_DEVICE_STATE_ACTIVATED) { NMSettingConnection *s_con; connection = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (gconf_connection)); s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_assert (s_con); g_object_set (s_con, NM_SETTING_CONNECTION_TIMESTAMP, (guint64) time (NULL), NULL); nma_gconf_connection_save (gconf_connection); break; } } } return TRUE; }",network-manager-applet,,,248723454791300001432515555404377980105,0 1908,CWE-416,"static void local_release(struct kref *ref) { struct nfc_llcp_local *local; local = container_of(ref, struct nfc_llcp_local, ref); list_del(&local->list); local_cleanup(local); kfree(local); }",visit repo url,net/nfc/llcp_core.c,https://github.com/torvalds/linux,260170738252212,1 1682,CWE-476,"static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen) { return crypto_skcipher_setkey(private, key, keylen); }",visit repo url,crypto/algif_skcipher.c,https://github.com/torvalds/linux,207147172835237,1 634,CWE-20,"static int raw_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); size_t copied = 0; int err = -EOPNOTSUPP; struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; struct sk_buff *skb; if (flags & MSG_OOB) goto out; if (addr_len) *addr_len = sizeof(*sin); if (flags & MSG_ERRQUEUE) { err = ip_recv_error(sk, msg, len); goto out; } skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_ts_and_drops(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; sin->sin_port = 0; memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); } if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); if (flags & MSG_TRUNC) copied = skb->len; done: skb_free_datagram(sk, skb); out: if (err) return err; return copied; }",visit repo url,net/ipv4/raw.c,https://github.com/torvalds/linux,209414896095457,1 3086,['CWE-189'],"static int jpc_dec_dump(jpc_dec_t *dec, FILE *out) { jpc_dec_tile_t *tile; int tileno; jpc_dec_tcomp_t *tcomp; int compno; jpc_dec_rlvl_t *rlvl; int rlvlno; jpc_dec_band_t *band; int bandno; jpc_dec_prc_t *prc; int prcno; jpc_dec_cblk_t *cblk; int cblkno; for (tileno = 0, tile = dec->tiles; tileno < dec->numtiles; ++tileno, ++tile) { for (compno = 0, tcomp = tile->tcomps; compno < dec->numcomps; ++compno, ++tcomp) { for (rlvlno = 0, rlvl = tcomp->rlvls; rlvlno < tcomp->numrlvls; ++rlvlno, ++rlvl) { fprintf(out, ""RESOLUTION LEVEL %d\n"", rlvlno); fprintf(out, ""xs =%d, ys = %d, xe = %d, ye = %d, w = %d, h = %d\n"", rlvl->xstart, rlvl->ystart, rlvl->xend, rlvl->yend, rlvl->xend - rlvl->xstart, rlvl->yend - rlvl->ystart); for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; ++bandno, ++band) { fprintf(out, ""BAND %d\n"", bandno); fprintf(out, ""xs =%d, ys = %d, xe = %d, ye = %d, w = %d, h = %d\n"", jas_seq2d_xstart(band->data), jas_seq2d_ystart(band->data), jas_seq2d_xend(band->data), jas_seq2d_yend(band->data), jas_seq2d_xend(band->data) - jas_seq2d_xstart(band->data), jas_seq2d_yend(band->data) - jas_seq2d_ystart(band->data)); for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno, ++prc) { fprintf(out, ""CODE BLOCK GROUP %d\n"", prcno); fprintf(out, ""xs =%d, ys = %d, xe = %d, ye = %d, w = %d, h = %d\n"", prc->xstart, prc->ystart, prc->xend, prc->yend, prc->xend - prc->xstart, prc->yend - prc->ystart); for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks; ++cblkno, ++cblk) { fprintf(out, ""CODE BLOCK %d\n"", cblkno); fprintf(out, ""xs =%d, ys = %d, xe = %d, ye = %d, w = %d, h = %d\n"", jas_seq2d_xstart(cblk->data), jas_seq2d_ystart(cblk->data), jas_seq2d_xend(cblk->data), jas_seq2d_yend(cblk->data), jas_seq2d_xend(cblk->data) - jas_seq2d_xstart(cblk->data), jas_seq2d_yend(cblk->data) - jas_seq2d_ystart(cblk->data)); } } } } } } return 0; }",jasper,,,290276313488878207078103060309698710952,0 390,CWE-129,"nfsd4_encode_layoutget(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4_layoutget *lgp) { struct xdr_stream *xdr = &resp->xdr; const struct nfsd4_layout_ops *ops = nfsd4_layout_ops[lgp->lg_layout_type]; __be32 *p; dprintk(""%s: err %d\n"", __func__, nfserr); if (nfserr) goto out; nfserr = nfserr_resource; p = xdr_reserve_space(xdr, 36 + sizeof(stateid_opaque_t)); if (!p) goto out; *p++ = cpu_to_be32(1); *p++ = cpu_to_be32(lgp->lg_sid.si_generation); p = xdr_encode_opaque_fixed(p, &lgp->lg_sid.si_opaque, sizeof(stateid_opaque_t)); *p++ = cpu_to_be32(1); p = xdr_encode_hyper(p, lgp->lg_seg.offset); p = xdr_encode_hyper(p, lgp->lg_seg.length); *p++ = cpu_to_be32(lgp->lg_seg.iomode); *p++ = cpu_to_be32(lgp->lg_layout_type); nfserr = ops->encode_layoutget(xdr, lgp); out: kfree(lgp->lg_content); return nfserr; }",visit repo url,fs/nfsd/nfs4xdr.c,https://github.com/torvalds/linux,94930851870189,1 2973,['CWE-189'],"static jas_cmpxformseq_t *jas_cmpxformseq_create() { jas_cmpxformseq_t *pxformseq; pxformseq = 0; if (!(pxformseq = jas_malloc(sizeof(jas_cmpxformseq_t)))) goto error; pxformseq->pxforms = 0; pxformseq->numpxforms = 0; pxformseq->maxpxforms = 0; if (jas_cmpxformseq_resize(pxformseq, 16)) goto error; return pxformseq; error: if (pxformseq) jas_cmpxformseq_destroy(pxformseq); return 0; }",jasper,,,62536722719159865527090157550652233931,0 5063,['CWE-20'],"static inline int is_no_device(u32 intr_info) { return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VECTOR_MASK | INTR_INFO_VALID_MASK)) == (INTR_TYPE_HARD_EXCEPTION | NM_VECTOR | INTR_INFO_VALID_MASK); }",linux-2.6,,,290726622609316062474344233584975024698,0 666,CWE-20,"static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, struct msghdr *msg, size_t ignored, int flags) { struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct skcipher_ctx *ctx = ask->private; unsigned bs = crypto_ablkcipher_blocksize(crypto_ablkcipher_reqtfm( &ctx->req)); struct skcipher_sg_list *sgl; struct scatterlist *sg; unsigned long iovlen; struct iovec *iov; int err = -EAGAIN; int used; long copied = 0; lock_sock(sk); msg->msg_namelen = 0; for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; iovlen--, iov++) { unsigned long seglen = iov->iov_len; char __user *from = iov->iov_base; while (seglen) { sgl = list_first_entry(&ctx->tsgl, struct skcipher_sg_list, list); sg = sgl->sg; while (!sg->length) sg++; used = ctx->used; if (!used) { err = skcipher_wait_for_data(sk, flags); if (err) goto unlock; } used = min_t(unsigned long, used, seglen); used = af_alg_make_sg(&ctx->rsgl, from, used, 1); err = used; if (err < 0) goto unlock; if (ctx->more || used < ctx->used) used -= used % bs; err = -EINVAL; if (!used) goto free; ablkcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used, ctx->iv); err = af_alg_wait_for_completion( ctx->enc ? crypto_ablkcipher_encrypt(&ctx->req) : crypto_ablkcipher_decrypt(&ctx->req), &ctx->completion); free: af_alg_free_sg(&ctx->rsgl); if (err) goto unlock; copied += used; from += used; seglen -= used; skcipher_pull_sgl(sk, used); } } err = 0; unlock: skcipher_wmem_wakeup(sk); release_sock(sk); return copied ?: err; }",visit repo url,crypto/algif_skcipher.c,https://github.com/torvalds/linux,208261331521689,1 5140,CWE-125,"ast_for_funcdef_impl(struct compiling *c, const node *n0, asdl_seq *decorator_seq, bool is_async) { const node * const n = is_async ? CHILD(n0, 1) : n0; identifier name; arguments_ty args; asdl_seq *body; expr_ty returns = NULL; int name_i = 1; int end_lineno, end_col_offset; REQ(n, funcdef); name = NEW_IDENTIFIER(CHILD(n, name_i)); if (!name) return NULL; if (forbidden_name(c, name, CHILD(n, name_i), 0)) return NULL; args = ast_for_arguments(c, CHILD(n, name_i + 1)); if (!args) return NULL; if (TYPE(CHILD(n, name_i+2)) == RARROW) { returns = ast_for_expr(c, CHILD(n, name_i + 3)); if (!returns) return NULL; name_i += 2; } body = ast_for_suite(c, CHILD(n, name_i + 3)); if (!body) return NULL; get_last_end_pos(body, &end_lineno, &end_col_offset); if (is_async) return AsyncFunctionDef(name, args, body, decorator_seq, returns, LINENO(n0), n0->n_col_offset, end_lineno, end_col_offset, c->c_arena); else return FunctionDef(name, args, body, decorator_seq, returns, LINENO(n), n->n_col_offset, end_lineno, end_col_offset, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,43219734206571,1 2389,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *in) { AVFilterContext *ctx = inlink->dst; BoxBlurContext *s = ctx->priv; AVFilterLink *outlink = inlink->dst->outputs[0]; AVFrame *out; int plane; int cw = FF_CEIL_RSHIFT(inlink->w, s->hsub), ch = FF_CEIL_RSHIFT(in->height, s->vsub); int w[4] = { inlink->w, cw, cw, inlink->w }; int h[4] = { in->height, ch, ch, in->height }; out = ff_get_video_buffer(outlink, outlink->w, outlink->h); if (!out) { av_frame_free(&in); return AVERROR(ENOMEM); } av_frame_copy_props(out, in); for (plane = 0; in->data[plane] && plane < 4; plane++) hblur(out->data[plane], out->linesize[plane], in ->data[plane], in ->linesize[plane], w[plane], h[plane], s->radius[plane], s->power[plane], s->temp); for (plane = 0; in->data[plane] && plane < 4; plane++) vblur(out->data[plane], out->linesize[plane], out->data[plane], out->linesize[plane], w[plane], h[plane], s->radius[plane], s->power[plane], s->temp); av_frame_free(&in); return ff_filter_frame(outlink, out); }",visit repo url,libavfilter/vf_boxblur.c,https://github.com/FFmpeg/FFmpeg,121386249437526,1 1571,[],"static unsigned long long __cpu_clock(int cpu) { unsigned long long now; unsigned long flags; struct rq *rq; if (unlikely(!scheduler_running)) return 0; local_irq_save(flags); rq = cpu_rq(cpu); update_rq_clock(rq); now = rq->clock; local_irq_restore(flags); return now; }",linux-2.6,,,218803688785794098001157667459820081144,0 4883,['CWE-189'],"int ecryptfs_encrypt_page(struct page *page) { struct inode *ecryptfs_inode; struct ecryptfs_crypt_stat *crypt_stat; char *enc_extent_virt; struct page *enc_extent_page = NULL; loff_t extent_offset; int rc = 0; ecryptfs_inode = page->mapping->host; crypt_stat = &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page, 0, PAGE_CACHE_SIZE); if (rc) printk(KERN_ERR ""%s: Error attempting to copy "" ""page at index [%ld]\n"", __func__, page->index); goto out; } enc_extent_page = alloc_page(GFP_USER); if (!enc_extent_page) { rc = -ENOMEM; ecryptfs_printk(KERN_ERR, ""Error allocating memory for "" ""encrypted extent\n""); goto out; } enc_extent_virt = kmap(enc_extent_page); for (extent_offset = 0; extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size); extent_offset++) { loff_t offset; rc = ecryptfs_encrypt_extent(enc_extent_page, crypt_stat, page, extent_offset); if (rc) { printk(KERN_ERR ""%s: Error encrypting extent; "" ""rc = [%d]\n"", __func__, rc); goto out; } ecryptfs_lower_offset_for_extent( &offset, ((((loff_t)page->index) * (PAGE_CACHE_SIZE / crypt_stat->extent_size)) + extent_offset), crypt_stat); rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt, offset, crypt_stat->extent_size); if (rc) { ecryptfs_printk(KERN_ERR, ""Error attempting "" ""to write lower page; rc = [%d]"" ""\n"", rc); goto out; } } out: if (enc_extent_page) { kunmap(enc_extent_page); __free_page(enc_extent_page); } return rc; }",linux-2.6,,,130360366827493636825596341250589579669,0 4986,['CWE-20'],"static int nfs_fsync_dir(struct file *filp, struct dentry *dentry, int datasync) { dfprintk(VFS, ""NFS: fsync_dir(%s/%s) datasync %d\n"", dentry->d_parent->d_name.name, dentry->d_name.name, datasync); return 0; }",linux-2.6,,,167034665977022400728728670359776231793,0 733,[],"static void jpc_ppt_destroyparms(jpc_ms_t *ms) { jpc_ppt_t *ppt = &ms->parms.ppt; if (ppt->data) { jas_free(ppt->data); } }",jasper,,,14359560411525227340751624395261945926,0 4875,['CWE-189'],"static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat, char *virt, int *bytes_read, int validate_header_size) { int rc = 0; u32 header_extent_size; u16 num_header_extents_at_front; header_extent_size = get_unaligned_be32(virt); virt += sizeof(__be32); num_header_extents_at_front = get_unaligned_be16(virt); crypt_stat->num_header_bytes_at_front = (((size_t)num_header_extents_at_front * (size_t)header_extent_size)); (*bytes_read) = (sizeof(__be32) + sizeof(__be16)); if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE) && (crypt_stat->num_header_bytes_at_front < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) { rc = -EINVAL; printk(KERN_WARNING ""Invalid header size: [%zd]\n"", crypt_stat->num_header_bytes_at_front); } return rc; }",linux-2.6,,,196994619083552533712698247733369072927,0 5157,CWE-125,"ast_for_arguments(struct compiling *c, const node *n) { int i, j, k, nposargs = 0, nkwonlyargs = 0; int nposdefaults = 0, found_default = 0; asdl_seq *posargs, *posdefaults, *kwonlyargs, *kwdefaults; arg_ty vararg = NULL, kwarg = NULL; arg_ty arg; node *ch; if (TYPE(n) == parameters) { if (NCH(n) == 2) return arguments(NULL, NULL, NULL, NULL, NULL, NULL, c->c_arena); n = CHILD(n, 1); } assert(TYPE(n) == typedargslist || TYPE(n) == varargslist); for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == STAR) { i++; if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { i++; } break; } if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == vfpdef || TYPE(ch) == tfpdef) nposargs++; if (TYPE(ch) == EQUAL) nposdefaults++; } for ( ; i < NCH(n); ++i) { ch = CHILD(n, i); if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == tfpdef || TYPE(ch) == vfpdef) nkwonlyargs++; } posargs = (nposargs ? _Py_asdl_seq_new(nposargs, c->c_arena) : NULL); if (!posargs && nposargs) return NULL; kwonlyargs = (nkwonlyargs ? _Py_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwonlyargs && nkwonlyargs) return NULL; posdefaults = (nposdefaults ? _Py_asdl_seq_new(nposdefaults, c->c_arena) : NULL); if (!posdefaults && nposdefaults) return NULL; kwdefaults = (nkwonlyargs ? _Py_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwdefaults && nkwonlyargs) return NULL; i = 0; j = 0; k = 0; while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case tfpdef: case vfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expr_ty expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) return NULL; assert(posdefaults != NULL); asdl_seq_SET(posdefaults, j++, expression); i += 2; found_default = 1; } else if (found_default) { ast_error(c, n, ""non-default argument follows default argument""); return NULL; } arg = ast_for_arg(c, ch); if (!arg) return NULL; asdl_seq_SET(posargs, k++, arg); i += 2; break; case STAR: if (i+1 >= NCH(n) || (i+2 == NCH(n) && TYPE(CHILD(n, i+1)) == COMMA)) { ast_error(c, CHILD(n, i), ""named arguments must follow bare *""); return NULL; } ch = CHILD(n, i+1); if (TYPE(ch) == COMMA) { int res = 0; i += 2; res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } else { vararg = ast_for_arg(c, ch); if (!vararg) return NULL; i += 3; if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { int res = 0; res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } } break; case DOUBLESTAR: ch = CHILD(n, i+1); assert(TYPE(ch) == tfpdef || TYPE(ch) == vfpdef); kwarg = ast_for_arg(c, ch); if (!kwarg) return NULL; i += 3; break; default: PyErr_Format(PyExc_SystemError, ""unexpected node in varargslist: %d @ %d"", TYPE(ch), i); return NULL; } } return arguments(posargs, vararg, kwonlyargs, kwdefaults, kwarg, posdefaults, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,55728997370176,1 966,CWE-416,"void ip4_datagram_release_cb(struct sock *sk) { const struct inet_sock *inet = inet_sk(sk); const struct ip_options_rcu *inet_opt; __be32 daddr = inet->inet_daddr; struct flowi4 fl4; struct rtable *rt; if (! __sk_dst_get(sk) || __sk_dst_check(sk, 0)) return; rcu_read_lock(); inet_opt = rcu_dereference(inet->inet_opt); if (inet_opt && inet_opt->opt.srr) daddr = inet_opt->opt.faddr; rt = ip_route_output_ports(sock_net(sk), &fl4, sk, daddr, inet->inet_saddr, inet->inet_dport, inet->inet_sport, sk->sk_protocol, RT_CONN_FLAGS(sk), sk->sk_bound_dev_if); if (!IS_ERR(rt)) __sk_dst_set(sk, &rt->dst); rcu_read_unlock(); }",visit repo url,net/ipv4/datagram.c,https://github.com/torvalds/linux,103541254763103,1 6480,[],"lt_dlisresident (lt_dlhandle handle) { if (!handle) { LT__SETERROR (INVALID_HANDLE); return -1; } return LT_DLIS_RESIDENT (handle); }",libtool,,,108658564177797913714856784234268756337,0 5590,CWE-125,"FstringParser_ConcatFstring(FstringParser *state, const char **str, const char *end, int raw, int recurse_lvl, struct compiling *c, const node *n) { FstringParser_check_invariants(state); while (1) { PyObject *literal = NULL; expr_ty expression = NULL; int result = fstring_find_literal_and_expr(str, end, raw, recurse_lvl, &literal, &expression, c, n); if (result < 0) return -1; if (!literal) { } else if (!state->last_str) { state->last_str = literal; literal = NULL; } else { assert(PyUnicode_GET_LENGTH(literal) != 0); if (FstringParser_ConcatAndDel(state, literal) < 0) return -1; literal = NULL; } assert(!state->last_str || PyUnicode_GET_LENGTH(state->last_str) != 0); assert(literal == NULL); if (result == 1) continue; if (!expression) break; if (!state->last_str) { } else { expr_ty str = make_str_node_and_del(&state->last_str, c, n); if (!str || ExprList_Append(&state->expr_list, str) < 0) return -1; } if (ExprList_Append(&state->expr_list, expression) < 0) return -1; } if (recurse_lvl == 0 && *str < end-1) { ast_error(c, n, ""f-string: unexpected end of string""); return -1; } if (recurse_lvl != 0 && **str != '}') { ast_error(c, n, ""f-string: expecting '}'""); return -1; } FstringParser_check_invariants(state); return 0; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,143971830930985,1 1320,CWE-399,"int hugetlb_reserve_pages(struct inode *inode, long from, long to, struct vm_area_struct *vma, vm_flags_t vm_flags) { long ret, chg; struct hstate *h = hstate_inode(inode); struct hugepage_subpool *spool = subpool_inode(inode); if (vm_flags & VM_NORESERVE) return 0; if (!vma || vma->vm_flags & VM_MAYSHARE) chg = region_chg(&inode->i_mapping->private_list, from, to); else { struct resv_map *resv_map = resv_map_alloc(); if (!resv_map) return -ENOMEM; chg = to - from; set_vma_resv_map(vma, resv_map); set_vma_resv_flags(vma, HPAGE_RESV_OWNER); } if (chg < 0) return chg; if (hugepage_subpool_get_pages(spool, chg)) return -ENOSPC; ret = hugetlb_acct_memory(h, chg); if (ret < 0) { hugepage_subpool_put_pages(spool, chg); return ret; } if (!vma || vma->vm_flags & VM_MAYSHARE) region_add(&inode->i_mapping->private_list, from, to); return 0; }",visit repo url,mm/hugetlb.c,https://github.com/torvalds/linux,22080600886169,1 3547,CWE-20,"jas_iccprof_t *jas_iccprof_createfrombuf(uchar *buf, int len) { jas_stream_t *in; jas_iccprof_t *prof; if (!(in = jas_stream_memopen(JAS_CAST(char *, buf), len))) goto error; if (!(prof = jas_iccprof_load(in))) goto error; jas_stream_close(in); return prof; error: if (in) jas_stream_close(in); return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,147516198637322,1 2489,CWE-787,"void loadServerConfigFromString(char *config) { char *err = NULL; int linenum = 0, totlines, i; int slaveof_linenum = 0; sds *lines; lines = sdssplitlen(config,strlen(config),""\n"",1,&totlines); for (i = 0; i < totlines; i++) { sds *argv; int argc; linenum = i+1; lines[i] = sdstrim(lines[i],"" \t\r\n""); if (lines[i][0] == '#' || lines[i][0] == '\0') continue; argv = sdssplitargs(lines[i],&argc); if (argv == NULL) { err = ""Unbalanced quotes in configuration line""; goto loaderr; } if (argc == 0) { sdsfreesplitres(argv,argc); continue; } sdstolower(argv[0]); if (!strcasecmp(argv[0],""timeout"") && argc == 2) { server.maxidletime = atoi(argv[1]); if (server.maxidletime < 0) { err = ""Invalid timeout value""; goto loaderr; } } else if (!strcasecmp(argv[0],""tcp-keepalive"") && argc == 2) { server.tcpkeepalive = atoi(argv[1]); if (server.tcpkeepalive < 0) { err = ""Invalid tcp-keepalive value""; goto loaderr; } } else if (!strcasecmp(argv[0],""protected-mode"") && argc == 2) { if ((server.protected_mode = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""port"") && argc == 2) { server.port = atoi(argv[1]); if (server.port < 0 || server.port > 65535) { err = ""Invalid port""; goto loaderr; } } else if (!strcasecmp(argv[0],""tcp-backlog"") && argc == 2) { server.tcp_backlog = atoi(argv[1]); if (server.tcp_backlog < 0) { err = ""Invalid backlog value""; goto loaderr; } } else if (!strcasecmp(argv[0],""bind"") && argc >= 2) { int j, addresses = argc-1; if (addresses > CONFIG_BINDADDR_MAX) { err = ""Too many bind addresses specified""; goto loaderr; } for (j = 0; j < addresses; j++) server.bindaddr[j] = zstrdup(argv[j+1]); server.bindaddr_count = addresses; } else if (!strcasecmp(argv[0],""unixsocket"") && argc == 2) { server.unixsocket = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""unixsocketperm"") && argc == 2) { errno = 0; server.unixsocketperm = (mode_t)strtol(argv[1], NULL, 8); if (errno || server.unixsocketperm > 0777) { err = ""Invalid socket file permissions""; goto loaderr; } } else if (!strcasecmp(argv[0],""save"")) { if (argc == 3) { int seconds = atoi(argv[1]); int changes = atoi(argv[2]); if (seconds < 1 || changes < 0) { err = ""Invalid save parameters""; goto loaderr; } appendServerSaveParams(seconds,changes); } else if (argc == 2 && !strcasecmp(argv[1],"""")) { resetServerSaveParams(); } } else if (!strcasecmp(argv[0],""dir"") && argc == 2) { if (chdir(argv[1]) == -1) { serverLog(LL_WARNING,""Can't chdir to '%s': %s"", argv[1], strerror(errno)); exit(1); } } else if (!strcasecmp(argv[0],""loglevel"") && argc == 2) { server.verbosity = configEnumGetValue(loglevel_enum,argv[1]); if (server.verbosity == INT_MIN) { err = ""Invalid log level. "" ""Must be one of debug, verbose, notice, warning""; goto loaderr; } } else if (!strcasecmp(argv[0],""logfile"") && argc == 2) { FILE *logfp; zfree(server.logfile); server.logfile = zstrdup(argv[1]); if (server.logfile[0] != '\0') { logfp = fopen(server.logfile,""a""); if (logfp == NULL) { err = sdscatprintf(sdsempty(), ""Can't open the log file: %s"", strerror(errno)); goto loaderr; } fclose(logfp); } } else if (!strcasecmp(argv[0],""syslog-enabled"") && argc == 2) { if ((server.syslog_enabled = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""syslog-ident"") && argc == 2) { if (server.syslog_ident) zfree(server.syslog_ident); server.syslog_ident = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""syslog-facility"") && argc == 2) { server.syslog_facility = configEnumGetValue(syslog_facility_enum,argv[1]); if (server.syslog_facility == INT_MIN) { err = ""Invalid log facility. Must be one of USER or between LOCAL0-LOCAL7""; goto loaderr; } } else if (!strcasecmp(argv[0],""databases"") && argc == 2) { server.dbnum = atoi(argv[1]); if (server.dbnum < 1) { err = ""Invalid number of databases""; goto loaderr; } } else if (!strcasecmp(argv[0],""include"") && argc == 2) { loadServerConfig(argv[1],NULL); } else if (!strcasecmp(argv[0],""maxclients"") && argc == 2) { server.maxclients = atoi(argv[1]); if (server.maxclients < 1) { err = ""Invalid max clients limit""; goto loaderr; } } else if (!strcasecmp(argv[0],""maxmemory"") && argc == 2) { server.maxmemory = memtoll(argv[1],NULL); } else if (!strcasecmp(argv[0],""maxmemory-policy"") && argc == 2) { server.maxmemory_policy = configEnumGetValue(maxmemory_policy_enum,argv[1]); if (server.maxmemory_policy == INT_MIN) { err = ""Invalid maxmemory policy""; goto loaderr; } } else if (!strcasecmp(argv[0],""maxmemory-samples"") && argc == 2) { server.maxmemory_samples = atoi(argv[1]); if (server.maxmemory_samples <= 0) { err = ""maxmemory-samples must be 1 or greater""; goto loaderr; } } else if (!strcasecmp(argv[0],""lfu-log-factor"") && argc == 2) { server.lfu_log_factor = atoi(argv[1]); if (server.maxmemory_samples < 0) { err = ""lfu-log-factor must be 0 or greater""; goto loaderr; } } else if (!strcasecmp(argv[0],""lfu-decay-time"") && argc == 2) { server.lfu_decay_time = atoi(argv[1]); if (server.maxmemory_samples < 1) { err = ""lfu-decay-time must be 0 or greater""; goto loaderr; } } else if (!strcasecmp(argv[0],""slaveof"") && argc == 3) { slaveof_linenum = linenum; server.masterhost = sdsnew(argv[1]); server.masterport = atoi(argv[2]); server.repl_state = REPL_STATE_CONNECT; } else if (!strcasecmp(argv[0],""repl-ping-slave-period"") && argc == 2) { server.repl_ping_slave_period = atoi(argv[1]); if (server.repl_ping_slave_period <= 0) { err = ""repl-ping-slave-period must be 1 or greater""; goto loaderr; } } else if (!strcasecmp(argv[0],""repl-timeout"") && argc == 2) { server.repl_timeout = atoi(argv[1]); if (server.repl_timeout <= 0) { err = ""repl-timeout must be 1 or greater""; goto loaderr; } } else if (!strcasecmp(argv[0],""repl-disable-tcp-nodelay"") && argc==2) { if ((server.repl_disable_tcp_nodelay = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""repl-diskless-sync"") && argc==2) { if ((server.repl_diskless_sync = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""repl-diskless-sync-delay"") && argc==2) { server.repl_diskless_sync_delay = atoi(argv[1]); if (server.repl_diskless_sync_delay < 0) { err = ""repl-diskless-sync-delay can't be negative""; goto loaderr; } } else if (!strcasecmp(argv[0],""repl-backlog-size"") && argc == 2) { long long size = memtoll(argv[1],NULL); if (size <= 0) { err = ""repl-backlog-size must be 1 or greater.""; goto loaderr; } resizeReplicationBacklog(size); } else if (!strcasecmp(argv[0],""repl-backlog-ttl"") && argc == 2) { server.repl_backlog_time_limit = atoi(argv[1]); if (server.repl_backlog_time_limit < 0) { err = ""repl-backlog-ttl can't be negative ""; goto loaderr; } } else if (!strcasecmp(argv[0],""masterauth"") && argc == 2) { zfree(server.masterauth); server.masterauth = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""slave-serve-stale-data"") && argc == 2) { if ((server.repl_serve_stale_data = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""slave-read-only"") && argc == 2) { if ((server.repl_slave_ro = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""rdbcompression"") && argc == 2) { if ((server.rdb_compression = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""rdbchecksum"") && argc == 2) { if ((server.rdb_checksum = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""activerehashing"") && argc == 2) { if ((server.activerehashing = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""lazyfree-lazy-eviction"") && argc == 2) { if ((server.lazyfree_lazy_eviction = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""lazyfree-lazy-expire"") && argc == 2) { if ((server.lazyfree_lazy_expire = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""lazyfree-lazy-server-del"") && argc == 2){ if ((server.lazyfree_lazy_server_del = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""slave-lazy-flush"") && argc == 2) { if ((server.repl_slave_lazy_flush = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""daemonize"") && argc == 2) { if ((server.daemonize = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""hz"") && argc == 2) { server.hz = atoi(argv[1]); if (server.hz < CONFIG_MIN_HZ) server.hz = CONFIG_MIN_HZ; if (server.hz > CONFIG_MAX_HZ) server.hz = CONFIG_MAX_HZ; } else if (!strcasecmp(argv[0],""appendonly"") && argc == 2) { int yes; if ((yes = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } server.aof_state = yes ? AOF_ON : AOF_OFF; } else if (!strcasecmp(argv[0],""appendfilename"") && argc == 2) { if (!pathIsBaseName(argv[1])) { err = ""appendfilename can't be a path, just a filename""; goto loaderr; } zfree(server.aof_filename); server.aof_filename = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""no-appendfsync-on-rewrite"") && argc == 2) { if ((server.aof_no_fsync_on_rewrite= yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""appendfsync"") && argc == 2) { server.aof_fsync = configEnumGetValue(aof_fsync_enum,argv[1]); if (server.aof_fsync == INT_MIN) { err = ""argument must be 'no', 'always' or 'everysec'""; goto loaderr; } } else if (!strcasecmp(argv[0],""auto-aof-rewrite-percentage"") && argc == 2) { server.aof_rewrite_perc = atoi(argv[1]); if (server.aof_rewrite_perc < 0) { err = ""Invalid negative percentage for AOF auto rewrite""; goto loaderr; } } else if (!strcasecmp(argv[0],""auto-aof-rewrite-min-size"") && argc == 2) { server.aof_rewrite_min_size = memtoll(argv[1],NULL); } else if (!strcasecmp(argv[0],""aof-rewrite-incremental-fsync"") && argc == 2) { if ((server.aof_rewrite_incremental_fsync = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""aof-load-truncated"") && argc == 2) { if ((server.aof_load_truncated = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""aof-use-rdb-preamble"") && argc == 2) { if ((server.aof_use_rdb_preamble = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""requirepass"") && argc == 2) { if (strlen(argv[1]) > CONFIG_AUTHPASS_MAX_LEN) { err = ""Password is longer than CONFIG_AUTHPASS_MAX_LEN""; goto loaderr; } server.requirepass = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""pidfile"") && argc == 2) { zfree(server.pidfile); server.pidfile = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""dbfilename"") && argc == 2) { if (!pathIsBaseName(argv[1])) { err = ""dbfilename can't be a path, just a filename""; goto loaderr; } zfree(server.rdb_filename); server.rdb_filename = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""hash-max-ziplist-entries"") && argc == 2) { server.hash_max_ziplist_entries = memtoll(argv[1], NULL); } else if (!strcasecmp(argv[0],""hash-max-ziplist-value"") && argc == 2) { server.hash_max_ziplist_value = memtoll(argv[1], NULL); } else if (!strcasecmp(argv[0],""list-max-ziplist-entries"") && argc == 2){ } else if (!strcasecmp(argv[0],""list-max-ziplist-value"") && argc == 2) { } else if (!strcasecmp(argv[0],""list-max-ziplist-size"") && argc == 2) { server.list_max_ziplist_size = atoi(argv[1]); } else if (!strcasecmp(argv[0],""list-compress-depth"") && argc == 2) { server.list_compress_depth = atoi(argv[1]); } else if (!strcasecmp(argv[0],""set-max-intset-entries"") && argc == 2) { server.set_max_intset_entries = memtoll(argv[1], NULL); } else if (!strcasecmp(argv[0],""zset-max-ziplist-entries"") && argc == 2) { server.zset_max_ziplist_entries = memtoll(argv[1], NULL); } else if (!strcasecmp(argv[0],""zset-max-ziplist-value"") && argc == 2) { server.zset_max_ziplist_value = memtoll(argv[1], NULL); } else if (!strcasecmp(argv[0],""hll-sparse-max-bytes"") && argc == 2) { server.hll_sparse_max_bytes = memtoll(argv[1], NULL); } else if (!strcasecmp(argv[0],""rename-command"") && argc == 3) { struct redisCommand *cmd = lookupCommand(argv[1]); int retval; if (!cmd) { err = ""No such command in rename-command""; goto loaderr; } retval = dictDelete(server.commands, argv[1]); serverAssert(retval == DICT_OK); if (sdslen(argv[2]) != 0) { sds copy = sdsdup(argv[2]); retval = dictAdd(server.commands, copy, cmd); if (retval != DICT_OK) { sdsfree(copy); err = ""Target command name already exists""; goto loaderr; } } } else if (!strcasecmp(argv[0],""cluster-enabled"") && argc == 2) { if ((server.cluster_enabled = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""cluster-config-file"") && argc == 2) { zfree(server.cluster_configfile); server.cluster_configfile = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""cluster-announce-ip"") && argc == 2) { zfree(server.cluster_announce_ip); server.cluster_announce_ip = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""cluster-announce-port"") && argc == 2) { server.cluster_announce_port = atoi(argv[1]); if (server.cluster_announce_port < 0 || server.cluster_announce_port > 65535) { err = ""Invalid port""; goto loaderr; } } else if (!strcasecmp(argv[0],""cluster-announce-bus-port"") && argc == 2) { server.cluster_announce_bus_port = atoi(argv[1]); if (server.cluster_announce_bus_port < 0 || server.cluster_announce_bus_port > 65535) { err = ""Invalid port""; goto loaderr; } } else if (!strcasecmp(argv[0],""cluster-require-full-coverage"") && argc == 2) { if ((server.cluster_require_full_coverage = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""cluster-node-timeout"") && argc == 2) { server.cluster_node_timeout = strtoll(argv[1],NULL,10); if (server.cluster_node_timeout <= 0) { err = ""cluster node timeout must be 1 or greater""; goto loaderr; } } else if (!strcasecmp(argv[0],""cluster-migration-barrier"") && argc == 2) { server.cluster_migration_barrier = atoi(argv[1]); if (server.cluster_migration_barrier < 0) { err = ""cluster migration barrier must zero or positive""; goto loaderr; } } else if (!strcasecmp(argv[0],""cluster-slave-validity-factor"") && argc == 2) { server.cluster_slave_validity_factor = atoi(argv[1]); if (server.cluster_slave_validity_factor < 0) { err = ""cluster slave validity factor must be zero or positive""; goto loaderr; } } else if (!strcasecmp(argv[0],""lua-time-limit"") && argc == 2) { server.lua_time_limit = strtoll(argv[1],NULL,10); } else if (!strcasecmp(argv[0],""slowlog-log-slower-than"") && argc == 2) { server.slowlog_log_slower_than = strtoll(argv[1],NULL,10); } else if (!strcasecmp(argv[0],""latency-monitor-threshold"") && argc == 2) { server.latency_monitor_threshold = strtoll(argv[1],NULL,10); if (server.latency_monitor_threshold < 0) { err = ""The latency threshold can't be negative""; goto loaderr; } } else if (!strcasecmp(argv[0],""slowlog-max-len"") && argc == 2) { server.slowlog_max_len = strtoll(argv[1],NULL,10); } else if (!strcasecmp(argv[0],""client-output-buffer-limit"") && argc == 5) { int class = getClientTypeByName(argv[1]); unsigned long long hard, soft; int soft_seconds; if (class == -1) { err = ""Unrecognized client limit class""; goto loaderr; } hard = memtoll(argv[2],NULL); soft = memtoll(argv[3],NULL); soft_seconds = atoi(argv[4]); if (soft_seconds < 0) { err = ""Negative number of seconds in soft limit is invalid""; goto loaderr; } server.client_obuf_limits[class].hard_limit_bytes = hard; server.client_obuf_limits[class].soft_limit_bytes = soft; server.client_obuf_limits[class].soft_limit_seconds = soft_seconds; } else if (!strcasecmp(argv[0],""stop-writes-on-bgsave-error"") && argc == 2) { if ((server.stop_writes_on_bgsave_err = yesnotoi(argv[1])) == -1) { err = ""argument must be 'yes' or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""slave-priority"") && argc == 2) { server.slave_priority = atoi(argv[1]); } else if (!strcasecmp(argv[0],""slave-announce-ip"") && argc == 2) { zfree(server.slave_announce_ip); server.slave_announce_ip = zstrdup(argv[1]); } else if (!strcasecmp(argv[0],""slave-announce-port"") && argc == 2) { server.slave_announce_port = atoi(argv[1]); if (server.slave_announce_port < 0 || server.slave_announce_port > 65535) { err = ""Invalid port""; goto loaderr; } } else if (!strcasecmp(argv[0],""min-slaves-to-write"") && argc == 2) { server.repl_min_slaves_to_write = atoi(argv[1]); if (server.repl_min_slaves_to_write < 0) { err = ""Invalid value for min-slaves-to-write.""; goto loaderr; } } else if (!strcasecmp(argv[0],""min-slaves-max-lag"") && argc == 2) { server.repl_min_slaves_max_lag = atoi(argv[1]); if (server.repl_min_slaves_max_lag < 0) { err = ""Invalid value for min-slaves-max-lag.""; goto loaderr; } } else if (!strcasecmp(argv[0],""notify-keyspace-events"") && argc == 2) { int flags = keyspaceEventsStringToFlags(argv[1]); if (flags == -1) { err = ""Invalid event class character. Use 'g$lshzxeA'.""; goto loaderr; } server.notify_keyspace_events = flags; } else if (!strcasecmp(argv[0],""supervised"") && argc == 2) { server.supervised_mode = configEnumGetValue(supervised_mode_enum,argv[1]); if (server.supervised_mode == INT_MIN) { err = ""Invalid option for 'supervised'. "" ""Allowed values: 'upstart', 'systemd', 'auto', or 'no'""; goto loaderr; } } else if (!strcasecmp(argv[0],""loadmodule"") && argc >= 2) { queueLoadModule(argv[1],&argv[2],argc-2); } else if (!strcasecmp(argv[0],""sentinel"")) { if (argc != 1) { if (!server.sentinel_mode) { err = ""sentinel directive while not in sentinel mode""; goto loaderr; } err = sentinelHandleConfiguration(argv+1,argc-1); if (err) goto loaderr; } } else { err = ""Bad directive or wrong number of arguments""; goto loaderr; } sdsfreesplitres(argv,argc); } if (server.cluster_enabled && server.masterhost) { linenum = slaveof_linenum; i = linenum-1; err = ""slaveof directive not allowed in cluster mode""; goto loaderr; } sdsfreesplitres(lines,totlines); return; loaderr: fprintf(stderr, ""\n*** FATAL CONFIG FILE ERROR ***\n""); fprintf(stderr, ""Reading the configuration file, at line %d\n"", linenum); fprintf(stderr, "">>> '%s'\n"", lines[i]); fprintf(stderr, ""%s\n"", err); exit(1); }",visit repo url,src/config.c,https://github.com/antirez/redis,4257870369038,1 5128,['CWE-20'],"static inline int cpu_has_vmx_msr_bitmap(void) { return (vmcs_config.cpu_based_exec_ctrl & CPU_BASED_USE_MSR_BITMAPS); }",linux-2.6,,,186926310104417217095760016360513806099,0 220,CWE-285,"static int v9fs_xattr_set_acl(const struct xattr_handler *handler, struct dentry *dentry, struct inode *inode, const char *name, const void *value, size_t size, int flags) { int retval; struct posix_acl *acl; struct v9fs_session_info *v9ses; v9ses = v9fs_dentry2v9ses(dentry); if ((v9ses->flags & V9FS_ACCESS_MASK) != V9FS_ACCESS_CLIENT) return v9fs_xattr_set(dentry, handler->name, value, size, flags); if (S_ISLNK(inode->i_mode)) return -EOPNOTSUPP; if (!inode_owner_or_capable(inode)) return -EPERM; if (value) { acl = posix_acl_from_xattr(&init_user_ns, value, size); if (IS_ERR(acl)) return PTR_ERR(acl); else if (acl) { retval = posix_acl_valid(inode->i_sb->s_user_ns, acl); if (retval) goto err_out; } } else acl = NULL; switch (handler->flags) { case ACL_TYPE_ACCESS: if (acl) { umode_t mode = inode->i_mode; retval = posix_acl_equiv_mode(acl, &mode); if (retval < 0) goto err_out; else { struct iattr iattr; if (retval == 0) { acl = NULL; value = NULL; size = 0; } iattr.ia_mode = ((mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO)); iattr.ia_valid = ATTR_MODE; v9fs_vfs_setattr_dotl(dentry, &iattr); } } break; case ACL_TYPE_DEFAULT: if (!S_ISDIR(inode->i_mode)) { retval = acl ? -EINVAL : 0; goto err_out; } break; default: BUG(); } retval = v9fs_xattr_set(dentry, handler->name, value, size, flags); if (!retval) set_cached_acl(inode, handler->flags, acl); err_out: posix_acl_release(acl); return retval; }",visit repo url,fs/9p/acl.c,https://github.com/torvalds/linux,176699450945370,1 480,CWE-20,"int wait_for_key_construction(struct key *key, bool intr) { int ret; ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT, intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); if (ret) return -ERESTARTSYS; if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { smp_rmb(); return key->reject_error; } return key_validate(key); }",visit repo url,security/keys/request_key.c,https://github.com/torvalds/linux,144829113548844,1 4068,['CWE-399'],"static int svc_shutdown(struct socket *sock,int how) { return 0; }",linux-2.6,,,233195759329021300369536258591558730023,0 3540,CWE-190,"static int mem_resize(jas_stream_memobj_t *m, int bufsize) { unsigned char *buf; assert(bufsize >= 0); JAS_DBGLOG(100, (""mem_resize(%p, %d)\n"", m, bufsize)); if (!(buf = jas_realloc2(m->buf_, bufsize, sizeof(unsigned char))) && bufsize) { JAS_DBGLOG(100, (""mem_resize realloc failed\n"")); return -1; } JAS_DBGLOG(100, (""mem_resize realloc succeeded\n"")); m->buf_ = buf; m->bufsize_ = bufsize; return 0; }",visit repo url,src/libjasper/base/jas_stream.c,https://github.com/mdadams/jasper,120429032652548,1 3127,CWE-287,"cherokee_validator_ldap_check (cherokee_validator_ldap_t *ldap, cherokee_connection_t *conn) { int re; ret_t ret; size_t size; char *dn; LDAPMessage *message; LDAPMessage *first; char *attrs[] = { LDAP_NO_ATTRS, NULL }; cherokee_validator_ldap_props_t *props = VAL_LDAP_PROP(ldap); if ((conn->validator == NULL) || cherokee_buffer_is_empty (&conn->validator->user)) return ret_error; size = cherokee_buffer_cnt_cspn (&conn->validator->user, 0, ""*()""); if (size != conn->validator->user.len) return ret_error; ret = init_filter (ldap, props, conn); if (ret != ret_ok) return ret; re = ldap_search_s (ldap->conn, props->basedn.buf, LDAP_SCOPE_SUBTREE, ldap->filter.buf, attrs, 0, &message); if (re != LDAP_SUCCESS) { LOG_ERROR (CHEROKEE_ERROR_VALIDATOR_LDAP_SEARCH, props->filter.buf ? props->filter.buf : """"); return ret_error; } TRACE (ENTRIES, ""subtree search (%s): done\n"", ldap->filter.buf ? ldap->filter.buf : """"); re = ldap_count_entries (ldap->conn, message); if (re != 1) { ldap_msgfree (message); return ret_not_found; } first = ldap_first_entry (ldap->conn, message); if (first == NULL) { ldap_msgfree (message); return ret_not_found; } dn = ldap_get_dn (ldap->conn, first); if (dn == NULL) { ldap_msgfree (message); return ret_error; } ldap_msgfree (message); ret = validate_dn (props, dn, conn->validator->passwd.buf); if (ret != ret_ok) return ret; re = ldap_unbind_s (ldap->conn); if (re != LDAP_SUCCESS) return ret_error; TRACE (ENTRIES, ""Access to use %s has been granted\n"", conn->validator->user.buf); return ret_ok; }",visit repo url,cherokee/validator_ldap.c,https://github.com/cherokee/webserver,146807893290044,1 527,['CWE-399'],"static int pwc_next_fill_frame(struct pwc_device *pdev) { int ret; unsigned long flags; ret = 0; spin_lock_irqsave(&pdev->ptrlock, flags); if (pdev->fill_frame != NULL) { if (pdev->full_frames == NULL) { pdev->full_frames = pdev->fill_frame; pdev->full_frames_tail = pdev->full_frames; } else { pdev->full_frames_tail->next = pdev->fill_frame; pdev->full_frames_tail = pdev->fill_frame; } } if (pdev->empty_frames != NULL) { pdev->fill_frame = pdev->empty_frames; pdev->empty_frames = pdev->empty_frames->next; } else { if (pdev->full_frames == NULL) { PWC_ERROR(""Neither empty or full frames available!\n""); spin_unlock_irqrestore(&pdev->ptrlock, flags); return -EINVAL; } pdev->fill_frame = pdev->full_frames; pdev->full_frames = pdev->full_frames->next; ret = 1; } pdev->fill_frame->next = NULL; spin_unlock_irqrestore(&pdev->ptrlock, flags); return ret; }",linux-2.6,,,150621032329619528761771112711610562106,0 1358,['CWE-399'],"static void ipip6_tunnel_unlink(struct sit_net *sitn, struct ip_tunnel *t) { struct ip_tunnel **tp; for (tp = ipip6_bucket(sitn, t); *tp; tp = &(*tp)->next) { if (t == *tp) { write_lock_bh(&ipip6_lock); *tp = t->next; write_unlock_bh(&ipip6_lock); break; } } }",linux-2.6,,,122567433323221436730156298747776803865,0 6628,['CWE-200'],"get_tip_for_device_state (NMDevice *device, NMDeviceState state, NMConnection *connection) { NMSettingConnection *s_con; char *tip = NULL; const char *id = NULL; id = nm_device_get_iface (device); if (connection) { s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); id = nm_setting_connection_get_id (s_con); } switch (state) { case NM_DEVICE_STATE_PREPARE: case NM_DEVICE_STATE_CONFIG: tip = g_strdup_printf (_(""Preparing network connection '%s'...""), id); break; case NM_DEVICE_STATE_NEED_AUTH: tip = g_strdup_printf (_(""User authentication required for network connection '%s'...""), id); break; case NM_DEVICE_STATE_IP_CONFIG: tip = g_strdup_printf (_(""Requesting a network address for '%s'...""), id); break; case NM_DEVICE_STATE_ACTIVATED: tip = g_strdup_printf (_(""Network connection '%s' active""), id); break; default: break; } return tip; }",network-manager-applet,,,268426048126623624248418242158191865238,0 2816,[],"__blockdev_direct_IO(int rw, struct kiocb *iocb, struct inode *inode, struct block_device *bdev, const struct iovec *iov, loff_t offset, unsigned long nr_segs, get_block_t get_block, dio_iodone_t end_io, int dio_lock_type) { int seg; size_t size; unsigned long addr; unsigned blkbits = inode->i_blkbits; unsigned bdev_blkbits = 0; unsigned blocksize_mask = (1 << blkbits) - 1; ssize_t retval = -EINVAL; loff_t end = offset; struct dio *dio; int release_i_mutex = 0; int acquire_i_mutex = 0; if (rw & WRITE) rw = WRITE_SYNC; if (bdev) bdev_blkbits = blksize_bits(bdev_hardsect_size(bdev)); if (offset & blocksize_mask) { if (bdev) blkbits = bdev_blkbits; blocksize_mask = (1 << blkbits) - 1; if (offset & blocksize_mask) goto out; } for (seg = 0; seg < nr_segs; seg++) { addr = (unsigned long)iov[seg].iov_base; size = iov[seg].iov_len; end += size; if ((addr & blocksize_mask) || (size & blocksize_mask)) { if (bdev) blkbits = bdev_blkbits; blocksize_mask = (1 << blkbits) - 1; if ((addr & blocksize_mask) || (size & blocksize_mask)) goto out; } } dio = kzalloc(sizeof(*dio), GFP_KERNEL); retval = -ENOMEM; if (!dio) goto out; dio->lock_type = dio_lock_type; if (dio_lock_type != DIO_NO_LOCKING) { if (rw == READ && end > offset) { struct address_space *mapping; mapping = iocb->ki_filp->f_mapping; if (dio_lock_type != DIO_OWN_LOCKING) { mutex_lock(&inode->i_mutex); release_i_mutex = 1; } retval = filemap_write_and_wait_range(mapping, offset, end - 1); if (retval) { kfree(dio); goto out; } if (dio_lock_type == DIO_OWN_LOCKING) { mutex_unlock(&inode->i_mutex); acquire_i_mutex = 1; } } if (dio_lock_type == DIO_LOCKING) down_read_non_owner(&inode->i_alloc_sem); } dio->is_async = !is_sync_kiocb(iocb) && !((rw & WRITE) && (end > i_size_read(inode))); retval = direct_io_worker(rw, iocb, inode, iov, offset, nr_segs, blkbits, get_block, end_io, dio); if (rw == READ && dio_lock_type == DIO_LOCKING) release_i_mutex = 0; out: if (release_i_mutex) mutex_unlock(&inode->i_mutex); else if (acquire_i_mutex) mutex_lock(&inode->i_mutex); return retval; }",linux-2.6,,,180345725177347259521084324588399265885,0 1935,CWE-122,"mwifiex_set_uap_rates(struct mwifiex_uap_bss_param *bss_cfg, struct cfg80211_ap_settings *params) { struct ieee_types_header *rate_ie; int var_offset = offsetof(struct ieee80211_mgmt, u.beacon.variable); const u8 *var_pos = params->beacon.head + var_offset; int len = params->beacon.head_len - var_offset; u8 rate_len = 0; rate_ie = (void *)cfg80211_find_ie(WLAN_EID_SUPP_RATES, var_pos, len); if (rate_ie) { memcpy(bss_cfg->rates, rate_ie + 1, rate_ie->len); rate_len = rate_ie->len; } rate_ie = (void *)cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, params->beacon.tail, params->beacon.tail_len); if (rate_ie) memcpy(bss_cfg->rates + rate_len, rate_ie + 1, rate_ie->len); return; }",visit repo url,drivers/net/wireless/marvell/mwifiex/uap_cmd.c,https://github.com/torvalds/linux,4616635926361,1 164,CWE-1284,"static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr) { struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; struct tipc_aead_key *skey = NULL; u16 key_gen = msg_key_gen(hdr); u16 size = msg_data_sz(hdr); u8 *data = msg_data(hdr); spin_lock(&rx->lock); if (unlikely(rx->skey || (key_gen == rx->key_gen && rx->key.keys))) { pr_err(""%s: key existed <%p>, gen %d vs %d\n"", rx->name, rx->skey, key_gen, rx->key_gen); goto exit; } skey = kmalloc(size, GFP_ATOMIC); if (unlikely(!skey)) { pr_err(""%s: unable to allocate memory for skey\n"", rx->name); goto exit; } skey->keylen = ntohl(*((__be32 *)(data + TIPC_AEAD_ALG_NAME))); memcpy(skey->alg_name, data, TIPC_AEAD_ALG_NAME); memcpy(skey->key, data + TIPC_AEAD_ALG_NAME + sizeof(__be32), skey->keylen); if (unlikely(size != tipc_aead_key_size(skey))) { kfree(skey); skey = NULL; goto exit; } rx->key_gen = key_gen; rx->skey_mode = msg_key_mode(hdr); rx->skey = skey; rx->nokey = 0; mb(); exit: spin_unlock(&rx->lock); if (likely(skey && queue_delayed_work(tx->wq, &rx->work, 0))) return true; return false; }",visit repo url,net/tipc/crypto.c,https://github.com/torvalds/linux,22916400596149,1 5175,['CWE-20'],"static u64 vmcs_read64(unsigned long field) { #ifdef CONFIG_X86_64 return vmcs_readl(field); #else return vmcs_readl(field) | ((u64)vmcs_readl(field+1) << 32); #endif }",linux-2.6,,,38000024908025019606229785478148646257,0 3460,['CWE-20'],"static int sctp_asconf_param_success(struct sctp_association *asoc, sctp_addip_param_t *asconf_param) { struct sctp_af *af; union sctp_addr addr; struct sctp_bind_addr *bp = &asoc->base.bind_addr; union sctp_addr_param *addr_param; struct sctp_transport *transport; struct sctp_sockaddr_entry *saddr; int retval = 0; addr_param = (union sctp_addr_param *) ((void *)asconf_param + sizeof(sctp_addip_param_t)); af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); af->from_addr_param(&addr, addr_param, htons(bp->port), 0); switch (asconf_param->param_hdr.type) { case SCTP_PARAM_ADD_IP: local_bh_disable(); list_for_each_entry(saddr, &bp->address_list, list) { if (sctp_cmp_addr_exact(&saddr->a, &addr)) saddr->state = SCTP_ADDR_SRC; } local_bh_enable(); break; case SCTP_PARAM_DEL_IP: local_bh_disable(); retval = sctp_del_bind_addr(bp, &addr); local_bh_enable(); list_for_each_entry(transport, &asoc->peer.transport_addr_list, transports) { dst_release(transport->dst); sctp_transport_route(transport, NULL, sctp_sk(asoc->base.sk)); } break; default: break; } return retval; }",linux-2.6,,,134597016929154751100251742792570157730,0 2903,CWE-119,"fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc) { tmsize_t stride = PredictorState(tif)->stride; uint32 bps = tif->tif_dir.td_bitspersample / 8; tmsize_t wc = cc / bps; tmsize_t count = cc; uint8 *cp = (uint8 *) cp0; uint8 *tmp = (uint8 *)_TIFFmalloc(cc); assert((cc%(bps*stride))==0); if (!tmp) return; while (count > stride) { REPEAT4(stride, cp[stride] = (unsigned char) ((cp[stride] + cp[0]) & 0xff); cp++) count -= stride; } _TIFFmemcpy(tmp, cp0, cc); cp = (uint8 *) cp0; for (count = 0; count < wc; count++) { uint32 byte; for (byte = 0; byte < bps; byte++) { #if WORDS_BIGENDIAN cp[bps * count + byte] = tmp[byte * wc + count]; #else cp[bps * count + byte] = tmp[(bps - byte - 1) * wc + count]; #endif } } _TIFFfree(tmp); }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,62112174527762,1 730,[],"int jpc_putuint16(jas_stream_t *out, uint_fast16_t val) { if (jas_stream_putc(out, (val >> 8) & 0xff) == EOF || jas_stream_putc(out, val & 0xff) == EOF) { return -1; } return 0; }",jasper,,,121816237711943092562715856983425911872,0 2498,CWE-190,"static void controloptions (lua_State *L, int opt, const char **fmt, Header *h) { switch (opt) { case ' ': return; case '>': h->endian = BIG; return; case '<': h->endian = LITTLE; return; case '!': { int a = getnum(fmt, MAXALIGN); if (!isp2(a)) luaL_error(L, ""alignment %d is not a power of 2"", a); h->align = a; return; } default: { const char *msg = lua_pushfstring(L, ""invalid format option '%c'"", opt); luaL_argerror(L, 1, msg); } } }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,277790078657069,1 10,['CWE-264'],"static int sqlite_handle_rollback(pdo_dbh_t *dbh TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; char *errmsg = NULL; if (sqlite3_exec(H->db, ""ROLLBACK"", NULL, NULL, &errmsg) != SQLITE_OK) { pdo_sqlite_error(dbh); if (errmsg) sqlite3_free(errmsg); return 0; } return 1; }",php-src,,,247985794809032756652515224317965814185,0 6132,CWE-190,"static void ep_mul_reg_glv(ep_t r, const ep_t p, const bn_t k) { int i, j, l, n0, n1, s0, s1, b0, b1; int8_t _s0, _s1, reg0[RLC_FP_BITS + 1], reg1[RLC_FP_BITS + 1]; bn_t n, _k, k0, k1, v1[3], v2[3]; ep_t q, t[1 << (EP_WIDTH - 2)], u, v, w; bn_null(n); bn_null(_k); bn_null(k0); bn_null(k1); ep_null(q); ep_null(u); ep_null(v); ep_null(w); RLC_TRY { bn_new(n); bn_new(_k); bn_new(k0); bn_new(k1); ep_new(q); ep_new(u); ep_new(v); ep_new(w); for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep_null(t[i]); ep_new(t[i]); } for (i = 0; i < 3; i++) { bn_null(v1[i]); bn_null(v2[i]); bn_new(v1[i]); bn_new(v2[i]); } ep_curve_get_ord(n); ep_curve_get_v1(v1); ep_curve_get_v2(v2); bn_abs(_k, k); bn_mod(_k, _k, n); bn_rec_glv(k0, k1, _k, n, (const bn_t *)v1, (const bn_t *)v2); s0 = bn_sign(k0); s1 = bn_sign(k1); bn_abs(k0, k0); bn_abs(k1, k1); b0 = bn_is_even(k0); b1 = bn_is_even(k1); k0->dp[0] |= b0; k1->dp[0] |= b1; ep_copy(q, p); ep_neg(t[0], p); dv_copy_cond(q->y, t[0]->y, RLC_FP_DIGS, s0 != RLC_POS); ep_tab(t, q, EP_WIDTH); l = RLC_FP_BITS + 1; bn_rec_reg(reg0, &l, k0, bn_bits(n)/2, EP_WIDTH); l = RLC_FP_BITS + 1; bn_rec_reg(reg1, &l, k1, bn_bits(n)/2, EP_WIDTH); #if defined(EP_MIXED) fp_set_dig(u->z, 1); fp_set_dig(w->z, 1); u->coord = w->coord = BASIC; #else u->coord = w->coord = EP_ADD; #endif ep_set_infty(r); for (i = l - 1; i >= 0; i--) { for (j = 0; j < EP_WIDTH - 1; j++) { ep_dbl(r, r); } n0 = reg0[i]; _s0 = (n0 >> 7); n0 = ((n0 ^ _s0) - _s0) >> 1; n1 = reg1[i]; _s1 = (n1 >> 7); n1 = ((n1 ^ _s1) - _s1) >> 1; for (j = 0; j < (1 << (EP_WIDTH - 2)); j++) { dv_copy_cond(u->x, t[j]->x, RLC_FP_DIGS, j == n0); dv_copy_cond(w->x, t[j]->x, RLC_FP_DIGS, j == n1); dv_copy_cond(u->y, t[j]->y, RLC_FP_DIGS, j == n0); dv_copy_cond(w->y, t[j]->y, RLC_FP_DIGS, j == n1); #if !defined(EP_MIXED) dv_copy_cond(u->z, t[j]->z, RLC_FP_DIGS, j == n0); dv_copy_cond(w->z, t[j]->z, RLC_FP_DIGS, j == n1); #endif } ep_neg(v, u); dv_copy_cond(u->y, v->y, RLC_FP_DIGS, _s0 != 0); ep_add(r, r, u); ep_psi(w, w); ep_neg(q, w); dv_copy_cond(w->y, q->y, RLC_FP_DIGS, s0 != s1); ep_neg(q, w); dv_copy_cond(w->y, q->y, RLC_FP_DIGS, _s1 != 0); ep_add(r, r, w); } ep_sub(u, r, t[0]); dv_copy_cond(r->x, u->x, RLC_FP_DIGS, b0); dv_copy_cond(r->y, u->y, RLC_FP_DIGS, b0); dv_copy_cond(r->z, u->z, RLC_FP_DIGS, b0); ep_psi(w, t[0]); ep_neg(q, w); dv_copy_cond(w->y, q->y, RLC_FP_DIGS, s0 != s1); ep_sub(u, r, w); dv_copy_cond(r->x, u->x, RLC_FP_DIGS, b1); dv_copy_cond(r->y, u->y, RLC_FP_DIGS, b1); dv_copy_cond(r->z, u->z, RLC_FP_DIGS, b1); ep_norm(r, r); ep_neg(u, r); dv_copy_cond(r->y, u->y, RLC_FP_DIGS, bn_sign(k) == RLC_NEG); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(_k); bn_free(k0); bn_free(k1); bn_free(n); ep_free(q); ep_free(u); ep_free(v); ep_free(w); for (i = 0; i < 1 << (EP_WIDTH - 2); i++) { ep_free(t[i]); } for (i = 0; i < 3; i++) { bn_free(v1[i]); bn_free(v2[i]); } } }",visit repo url,src/ep/relic_ep_mul.c,https://github.com/relic-toolkit/relic,163416577509744,1 242,[],"int fat_search_long(struct inode *inode, const unsigned char *name, int name_len, struct fat_slot_info *sinfo) { struct super_block *sb = inode->i_sb; struct msdos_sb_info *sbi = MSDOS_SB(sb); struct buffer_head *bh = NULL; struct msdos_dir_entry *de; struct nls_table *nls_io = sbi->nls_io; struct nls_table *nls_disk = sbi->nls_disk; wchar_t bufuname[14]; unsigned char xlate_len, nr_slots; wchar_t *unicode = NULL; unsigned char work[8], bufname[260]; int uni_xlate = sbi->options.unicode_xlate; int utf8 = sbi->options.utf8; int anycase = (sbi->options.name_check != 's'); unsigned short opt_shortname = sbi->options.shortname; loff_t cpos = 0; int chl, i, j, last_u, err; err = -ENOENT; while(1) { if (fat_get_entry(inode, &cpos, &bh, &de) == -1) goto EODir; parse_record: nr_slots = 0; if (de->name[0] == DELETED_FLAG) continue; if (de->attr != ATTR_EXT && (de->attr & ATTR_VOLUME)) continue; if (de->attr != ATTR_EXT && IS_FREE(de->name)) continue; if (de->attr == ATTR_EXT) { int status = fat_parse_long(inode, &cpos, &bh, &de, &unicode, &nr_slots); if (status < 0) return status; else if (status == PARSE_INVALID) continue; else if (status == PARSE_NOT_LONGNAME) goto parse_record; else if (status == PARSE_EOF) goto EODir; } memcpy(work, de->name, sizeof(de->name)); if (work[0] == 0x05) work[0] = 0xE5; for (i = 0, j = 0, last_u = 0; i < 8;) { if (!work[i]) break; chl = fat_shortname2uni(nls_disk, &work[i], 8 - i, &bufuname[j++], opt_shortname, de->lcase & CASE_LOWER_BASE); if (chl <= 1) { if (work[i] != ' ') last_u = j; } else { last_u = j; } i += chl; } j = last_u; fat_short2uni(nls_disk, ""."", 1, &bufuname[j++]); for (i = 0; i < 3;) { if (!de->ext[i]) break; chl = fat_shortname2uni(nls_disk, &de->ext[i], 3 - i, &bufuname[j++], opt_shortname, de->lcase & CASE_LOWER_EXT); if (chl <= 1) { if (de->ext[i] != ' ') last_u = j; } else { last_u = j; } i += chl; } if (!last_u) continue; bufuname[last_u] = 0x0000; xlate_len = utf8 ?utf8_wcstombs(bufname, bufuname, sizeof(bufname)) :uni16_to_x8(bufname, bufuname, uni_xlate, nls_io); if (xlate_len == name_len) if ((!anycase && !memcmp(name, bufname, xlate_len)) || (anycase && !nls_strnicmp(nls_io, name, bufname, xlate_len))) goto Found; if (nr_slots) { xlate_len = utf8 ?utf8_wcstombs(bufname, unicode, sizeof(bufname)) :uni16_to_x8(bufname, unicode, uni_xlate, nls_io); if (xlate_len != name_len) continue; if ((!anycase && !memcmp(name, bufname, xlate_len)) || (anycase && !nls_strnicmp(nls_io, name, bufname, xlate_len))) goto Found; } } Found: nr_slots++; sinfo->slot_off = cpos - nr_slots * sizeof(*de); sinfo->nr_slots = nr_slots; sinfo->de = de; sinfo->bh = bh; sinfo->i_pos = fat_make_i_pos(sb, sinfo->bh, sinfo->de); err = 0; EODir: if (unicode) free_page((unsigned long)unicode); return err; }",linux-2.6,,,119080658552659164454738233211260664974,0 5120,CWE-125,"AsyncFor(expr_ty target, expr_ty iter, asdl_seq * body, asdl_seq * orelse, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; if (!target) { PyErr_SetString(PyExc_ValueError, ""field target is required for AsyncFor""); return NULL; } if (!iter) { PyErr_SetString(PyExc_ValueError, ""field iter is required for AsyncFor""); return NULL; } p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = AsyncFor_kind; p->v.AsyncFor.target = target; p->v.AsyncFor.iter = iter; p->v.AsyncFor.body = body; p->v.AsyncFor.orelse = orelse; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,209617818820265,1 4804,['CWE-399'],"static ssize_t inotify_read(struct file *file, char __user *buf, size_t count, loff_t *pos) { struct inotify_device *dev; char __user *start; int ret; DEFINE_WAIT(wait); start = buf; dev = file->private_data; while (1) { struct inotify_kernel_event *kevent; prepare_to_wait(&dev->wq, &wait, TASK_INTERRUPTIBLE); mutex_lock(&dev->ev_mutex); kevent = get_one_event(dev, count); mutex_unlock(&dev->ev_mutex); if (kevent) { ret = PTR_ERR(kevent); if (IS_ERR(kevent)) break; ret = copy_event_to_user(kevent, buf); free_kevent(kevent); if (ret < 0) break; buf += ret; count -= ret; continue; } ret = -EAGAIN; if (file->f_flags & O_NONBLOCK) break; ret = -EINTR; if (signal_pending(current)) break; if (start != buf) break; schedule(); } finish_wait(&dev->wq, &wait); if (start != buf && ret != -EFAULT) ret = buf - start; return ret; }",linux-2.6,,,88644027043017088678480773406477389725,0 963,['CWE-189'],"ProcShmCreatePixmap(client) register ClientPtr client; { PixmapPtr pMap; DrawablePtr pDraw; DepthPtr pDepth; register int i, rc; ShmDescPtr shmdesc; REQUEST(xShmCreatePixmapReq); unsigned int width, height, depth; unsigned long size; REQUEST_SIZE_MATCH(xShmCreatePixmapReq); client->errorValue = stuff->pid; if (!sharedPixmaps) return BadImplementation; LEGAL_NEW_RESOURCE(stuff->pid, client); rc = dixLookupDrawable(&pDraw, stuff->drawable, client, M_ANY, DixGetAttrAccess); if (rc != Success) return rc; VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client); width = stuff->width; height = stuff->height; depth = stuff->depth; if (!width || !height || !depth) { client->errorValue = 0; return BadValue; } if (width > 32767 || height > 32767) return BadAlloc; if (stuff->depth != 1) { pDepth = pDraw->pScreen->allowedDepths; for (i=0; ipScreen->numDepths; i++, pDepth++) if (pDepth->depth == stuff->depth) goto CreatePmap; client->errorValue = stuff->depth; return BadValue; } CreatePmap: size = PixmapBytePad(width, depth) * height; if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { if (size < width * height) return BadAlloc; } if (stuff->offset + size < size) return BadAlloc; VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)( pDraw->pScreen, stuff->width, stuff->height, stuff->depth, shmdesc->addr + stuff->offset); if (pMap) { rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, RT_PIXMAP, pMap, RT_NONE, NULL, DixCreateAccess); if (rc != Success) { pDraw->pScreen->DestroyPixmap(pMap); return rc; } dixSetPrivate(&pMap->devPrivates, shmPixmapPrivate, shmdesc); shmdesc->refcnt++; pMap->drawable.serialNumber = NEXT_SERIAL_NUMBER; pMap->drawable.id = stuff->pid; if (AddResource(stuff->pid, RT_PIXMAP, (pointer)pMap)) { return(client->noClientException); } pDraw->pScreen->DestroyPixmap(pMap); } return (BadAlloc); }",xserver,,,12622420217853146562147601073257596289,0 4907,CWE-125,"S_grok_bslash_N(pTHX_ RExC_state_t *pRExC_state, regnode ** node_p, UV * code_point_p, int * cp_count, I32 * flagp, const bool strict, const U32 depth ) { char * endbrace; char *endchar; char* p = RExC_parse; GET_RE_DEBUG_FLAGS_DECL; PERL_ARGS_ASSERT_GROK_BSLASH_N; GET_RE_DEBUG_FLAGS; assert(cBOOL(node_p) ^ cBOOL(code_point_p)); assert(! (node_p && cp_count)); if (cp_count) { *cp_count = 1; } skip_to_be_ignored_text(pRExC_state, &p, FALSE ); if (*p != '{' || regcurly(p)) { RExC_parse = p; if (cp_count) { *cp_count = -1; } if (! node_p) { return FALSE; } *node_p = reg_node(pRExC_state, REG_ANY); *flagp |= HASWIDTH|SIMPLE; MARK_NAUGHTY(1); Set_Node_Length(*node_p, 1); return TRUE; } if (*RExC_parse != '{') { vFAIL(""Missing braces on \\N{}""); } RExC_parse++; endbrace = strchr(RExC_parse, '}'); if (! endbrace) { vFAIL2(""Missing right brace on \\%c{}"", 'N'); } else if (!( endbrace == RExC_parse || memBEGINs(RExC_parse, (STRLEN) (RExC_end - RExC_parse), ""U+""))) { RExC_parse = endbrace; vFAIL(""\\N{NAME} must be resolved by the lexer""); } REQUIRE_UNI_RULES(flagp, FALSE); if (endbrace == RExC_parse) { if (strict) { RExC_parse++; vFAIL(""Zero length \\N{}""); } if (cp_count) { *cp_count = 0; } nextchar(pRExC_state); if (! node_p) { return FALSE; } *node_p = reg_node(pRExC_state,NOTHING); return TRUE; } RExC_parse += 2; endchar = RExC_parse + strcspn(RExC_parse, "".}""); if (endchar >= endbrace) { STRLEN length_of_hex; I32 grok_hex_flags; if (! code_point_p) { RExC_parse = p; return FALSE; } length_of_hex = (STRLEN)(endchar - RExC_parse); grok_hex_flags = PERL_SCAN_ALLOW_UNDERSCORES | PERL_SCAN_DISALLOW_PREFIX | ((SIZE_ONLY) ? PERL_SCAN_SILENT_ILLDIGIT : 0); *code_point_p = UNI_TO_NATIVE(grok_hex(RExC_parse, &length_of_hex, &grok_hex_flags, NULL)); if (length_of_hex == 0 || length_of_hex != (STRLEN)(endchar - RExC_parse) ) { RExC_parse += length_of_hex; RExC_parse += (RExC_orig_utf8) ? UTF8SKIP(RExC_parse) : 1; if (RExC_parse >= endchar) { RExC_parse = endchar; } vFAIL(""Invalid hexadecimal number in \\N{U+...}""); } RExC_parse = endbrace + 1; return TRUE; } else { SV * substitute_parse; STRLEN len; char *orig_end = RExC_end; char *save_start = RExC_start; I32 flags; if (cp_count) { *cp_count = 0; while (RExC_parse < endbrace) { RExC_parse = endchar + 1; endchar = RExC_parse + strcspn(RExC_parse, "".}""); (*cp_count)++; } } if (! node_p) { if (! cp_count) { RExC_parse = p; } return FALSE; } substitute_parse = newSVpvs(""?:""); while (RExC_parse < endbrace) { sv_catpv(substitute_parse, ""\\x{""); sv_catpvn(substitute_parse, RExC_parse, endchar - RExC_parse); sv_catpv(substitute_parse, ""}""); RExC_parse = endchar + 1; endchar = RExC_parse + strcspn(RExC_parse, "".}""); } sv_catpv(substitute_parse, "")""); len = SvCUR(substitute_parse); if (len < (STRLEN) 8) { RExC_parse = endbrace; vFAIL(""Invalid hexadecimal number in \\N{U+...}""); } RExC_parse = RExC_start = RExC_adjusted_start = SvPV_nolen(substitute_parse); RExC_end = RExC_parse + len; #ifdef EBCDIC RExC_recode_x_to_native = 1; #endif *node_p = reg(pRExC_state, 1, &flags, depth+1); RExC_start = RExC_adjusted_start = save_start; RExC_parse = endbrace; RExC_end = orig_end; #ifdef EBCDIC RExC_recode_x_to_native = 0; #endif SvREFCNT_dec_NN(substitute_parse); if (! *node_p) { if (flags & (RESTART_PASS1|NEED_UTF8)) { *flagp = flags & (RESTART_PASS1|NEED_UTF8); return FALSE; } FAIL2(""panic: reg returned NULL to grok_bslash_N, flags=%#"" UVxf, (UV) flags); } *flagp |= flags&(HASWIDTH|SPSTART|SIMPLE|POSTPONED); nextchar(pRExC_state); return TRUE; } }",visit repo url,regcomp.c,https://github.com/Perl/perl5,87845283773398,1 4764,['CWE-20'],"static ext4_fsblk_t get_sb_block(void **data) { ext4_fsblk_t sb_block; char *options = (char *) *data; if (!options || strncmp(options, ""sb="", 3) != 0) return 1; options += 3; sb_block = simple_strtoul(options, &options, 0); if (*options && *options != ',') { printk(KERN_ERR ""EXT4-fs: Invalid sb specification: %s\n"", (char *) *data); return 1; } if (*options == ',') options++; *data = (void *) options; return sb_block; }",linux-2.6,,,127563351095793805898505671910757574222,0 4703,CWE-22,"static int nntp_hcache_namer(const char *path, char *dest, size_t destlen) { return snprintf(dest, destlen, ""%s.hcache"", path); }",visit repo url,newsrc.c,https://github.com/neomutt/neomutt,133029591818879,1 3729,[],"static long unix_wait_for_peer(struct sock *other, long timeo) { struct unix_sock *u = unix_sk(other); int sched; DEFINE_WAIT(wait); prepare_to_wait_exclusive(&u->peer_wait, &wait, TASK_INTERRUPTIBLE); sched = !sock_flag(other, SOCK_DEAD) && !(other->sk_shutdown & RCV_SHUTDOWN) && unix_recvq_full(other); unix_state_unlock(other); if (sched) timeo = schedule_timeout(timeo); finish_wait(&u->peer_wait, &wait); return timeo; }",linux-2.6,,,310333130339511275493982984566787709266,0 4818,['CWE-399'],"static void inotify_dev_queue_event(struct inotify_watch *w, u32 wd, u32 mask, u32 cookie, const char *name, struct inode *ignored) { struct inotify_user_watch *watch; struct inotify_device *dev; struct inotify_kernel_event *kevent, *last; watch = container_of(w, struct inotify_user_watch, wdata); dev = watch->dev; mutex_lock(&dev->ev_mutex); if (mask & IN_IGNORED || w->mask & IN_ONESHOT) put_inotify_watch(w); last = inotify_dev_get_last_event(dev); if (last && last->event.mask == mask && last->event.wd == wd && last->event.cookie == cookie) { const char *lastname = last->name; if (!name && !lastname) goto out; if (name && lastname && !strcmp(lastname, name)) goto out; } if (unlikely(dev->event_count > dev->max_events)) goto out; if (unlikely(dev->event_count == dev->max_events)) kevent = kernel_event(-1, IN_Q_OVERFLOW, cookie, NULL); else kevent = kernel_event(wd, mask, cookie, name); if (unlikely(!kevent)) goto out; dev->event_count++; dev->queue_size += sizeof(struct inotify_event) + kevent->event.len; list_add_tail(&kevent->list, &dev->events); wake_up_interruptible(&dev->wq); kill_fasync(&dev->fa, SIGIO, POLL_IN); out: mutex_unlock(&dev->ev_mutex); }",linux-2.6,,,132001189433390502251351923715657652585,0 4597,CWE-190,"static s32 gf_media_vvc_read_vps_bs_internal(GF_BitStream *bs, VVCState *vvc, Bool stop_at_vps_ext) { u32 i, j; s32 vps_id; VVC_VPS *vps; Bool vps_default_ptl_dpb_hrd_max_tid_flag=0; vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) return -1; if (!vps_id) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] VPS ID 0 is forbidden\n"")); return -1; } vps = &vvc->vps[vps_id]; if (!vps->state) { vps->id = vps_id; vps->state = 1; } vps->max_layers = 1 + gf_bs_read_int_log(bs, 6, ""max_layers""); if (vps->max_layers > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] sorry, %d layers in VPS but only %d supported\n"", vps->max_layers, MAX_LHVC_LAYERS)); return -1; } vps->max_sub_layers = gf_bs_read_int_log(bs, 3, ""max_sub_layers_minus1"") + 1; if ((vps->max_layers>1) && (vps->max_sub_layers>1)) vps_default_ptl_dpb_hrd_max_tid_flag = gf_bs_read_int_log(bs, 1, ""vps_default_ptl_dpb_hrd_max_tid_flag""); if (vps->max_layers>1) vps->all_layers_independent = gf_bs_read_int_log(bs, 1, ""all_layers_independent""); for (i=0; imax_layers; i++) { u32 layer_id = gf_bs_read_int_log_idx(bs, 6, ""layer_id"", i); if (layer_id>vps->max_layer_id) vps->max_layer_id = layer_id; if (i && !vps->all_layers_independent) { Bool layer_indep = gf_bs_read_int_log_idx(bs, 1, ""layer_independent"", i); if (!layer_indep) { Bool vps_max_tid_ref_present_flag = gf_bs_read_int_log_idx(bs, 1, ""vps_max_tid_ref_present_flag"", i); for (j=0; jnum_ptl = 1; if (vps->max_layers > 1) { if (vps->all_layers_independent) { vps->each_layer_is_ols = gf_bs_read_int_log(bs, 1, ""each_layer_is_ols""); } if (!vps->each_layer_is_ols) { u32 vps_ols_mode_idc = 2; if (!vps->all_layers_independent) { vps_ols_mode_idc = gf_bs_read_int_log(bs, 2, ""vps_ols_mode_idc""); } if (vps_ols_mode_idc==2) { u8 vps_num_output_layer_sets = 2 + gf_bs_read_int_log(bs, 8, ""vps_num_output_layer_sets_minus2""); for (i=0; imax_layers; j++) { gf_bs_read_int_log_idx2(bs, 1, ""vps_ols_output_layer_flag"", i, j); } } } } vps->num_ptl = 1 + gf_bs_read_int_log(bs, 8, ""num_ptl_minus1""); } vps->ptl[0].pt_present = 1; for (i=0; inum_ptl; i++) { if (i) vps->ptl[i].pt_present = gf_bs_read_int_log_idx(bs, 1, ""pt_present"", i); if (!vps_default_ptl_dpb_hrd_max_tid_flag) vps->ptl[i].ptl_max_tid = gf_bs_read_int_log_idx(bs, 3, ""ptl_max_tid"", i); else vps->ptl[i].ptl_max_tid = vps->max_sub_layers - 1;; } gf_bs_align(bs); for (i=0; inum_ptl; i++) { vvc_profile_tier_level(bs, &vps->ptl[i], i); } return vps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,95258776262761,1 368,NVD-CWE-noinfo,"static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn, struct nlattr *rp) { struct xfrm_replay_state_esn *up; int ulen; if (!replay_esn || !rp) return 0; up = nla_data(rp); ulen = xfrm_replay_state_esn_len(up); if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen) return -EINVAL; if (up->replay_window > up->bmp_len * sizeof(__u32) * 8) return -EINVAL; return 0; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/torvalds/linux,33391010597320,1 3828,CWE-476,"fname_match( regmatch_T *rmp, char_u *name, int ignore_case) { char_u *match = NULL; char_u *p; if (name != NULL) { rmp->rm_ic = p_fic || ignore_case; if (vim_regexec(rmp, name, (colnr_T)0)) match = name; else { p = home_replace_save(NULL, name); if (p != NULL && vim_regexec(rmp, p, (colnr_T)0)) match = name; vim_free(p); } } return match; }",visit repo url,src/buffer.c,https://github.com/vim/vim,152148475315586,1 3268,['CWE-189'],"static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in, int cnt) { jas_icctxt_t *txt = &attrval->data.txt; txt->string = 0; if (!(txt->string = jas_malloc(cnt))) goto error; if (jas_stream_read(in, txt->string, cnt) != cnt) goto error; txt->string[cnt - 1] = '\0'; if (JAS_CAST(int, strlen(txt->string)) + 1 != cnt) goto error; return 0; error: jas_icctxt_destroy(attrval); return -1; }",jasper,,,149164612337228072973873998323345030724,0 6675,['CWE-200'],"find_active_device (NMAGConfConnection *exported, NMApplet *applet, NMActiveConnection **out_active_connection) { const GPtrArray *active_connections; int i; g_return_val_if_fail (exported != NULL, NULL); g_return_val_if_fail (applet != NULL, NULL); g_return_val_if_fail (out_active_connection != NULL, NULL); g_return_val_if_fail (*out_active_connection == NULL, NULL); active_connections = nm_client_get_active_connections (applet->nm_client); for (i = 0; active_connections && (i < active_connections->len); i++) { NMActiveConnection *active; NMConnection *connection; const char *service_name; const char *connection_path; const GPtrArray *devices; active = NM_ACTIVE_CONNECTION (g_ptr_array_index (active_connections, i)); service_name = nm_active_connection_get_service_name (active); if (strcmp (service_name, NM_DBUS_SERVICE_USER_SETTINGS)) continue; connection_path = nm_active_connection_get_connection (active); connection = nm_exported_connection_get_connection (NM_EXPORTED_CONNECTION (exported)); if (!strcmp (connection_path, nm_connection_get_path (connection))) { devices = nm_active_connection_get_devices (active); if (devices) *out_active_connection = active; return devices ? NM_DEVICE (g_ptr_array_index (devices, 0)) : NULL; } } return NULL; }",network-manager-applet,,,182528304523485180864091804123317125595,0 1905,['CWE-20'],"int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; if (!HAVE_PTE_SPECIAL && pfn_valid(pfn)) { struct page *page; page = pfn_to_page(pfn); return insert_page(vma, addr, page, vma->vm_page_prot); } return insert_pfn(vma, addr, pfn, vma->vm_page_prot); }",linux-2.6,,,259831448603174383899146996922902585238,0 5992,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedreader___pyx_unpickle_BufferedReader(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_v___pyx_type, long __pyx_v___pyx_checksum, PyObject *__pyx_v___pyx_state) { PyObject *__pyx_v___pyx_PickleError = 0; PyObject *__pyx_v___pyx_result = 0; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations int __pyx_t_1; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; PyObject *__pyx_t_5 = NULL; int __pyx_t_6; __Pyx_RefNannySetupContext(""__pyx_unpickle_BufferedReader"", 0); __pyx_t_1 = ((__pyx_v___pyx_checksum != 0x2a8a945) != 0); if (__pyx_t_1) { __pyx_t_2 = PyList_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_INCREF(__pyx_n_s_PickleError); __Pyx_GIVEREF(__pyx_n_s_PickleError); PyList_SET_ITEM(__pyx_t_2, 0, __pyx_n_s_PickleError); __pyx_t_3 = __Pyx_Import(__pyx_n_s_pickle, __pyx_t_2, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_n_s_PickleError); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_INCREF(__pyx_t_2); __pyx_v___pyx_PickleError = __pyx_t_2; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __pyx_t_2 = __Pyx_PyInt_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_4 = __Pyx_PyString_Format(__pyx_kp_s_Incompatible_checksums_s_vs_0x2a, __pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_INCREF(__pyx_v___pyx_PickleError); __pyx_t_2 = __pyx_v___pyx_PickleError; __pyx_t_5 = NULL; if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_2))) { __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_2); if (likely(__pyx_t_5)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2); __Pyx_INCREF(__pyx_t_5); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_2, function); } } __pyx_t_3 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_4); __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0; __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_Raise(__pyx_t_3, 0, 0, 0); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __PYX_ERR(1, 6, __pyx_L1_error) } __pyx_t_2 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_ptype_17clickhouse_driver_14bufferedreader_BufferedReader), __pyx_n_s_new); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 7, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_4 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) { __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_2); if (likely(__pyx_t_4)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2); __Pyx_INCREF(__pyx_t_4); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_2, function); } } __pyx_t_3 = (__pyx_t_4) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_4, __pyx_v___pyx_type) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_v___pyx_type); __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0; if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 7, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_v___pyx_result = __pyx_t_3; __pyx_t_3 = 0; __pyx_t_1 = (__pyx_v___pyx_state != Py_None); __pyx_t_6 = (__pyx_t_1 != 0); if (__pyx_t_6) { if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None)||(PyErr_Format(PyExc_TypeError, ""Expected %.16s, got %.200s"", ""tuple"", Py_TYPE(__pyx_v___pyx_state)->tp_name), 0))) __PYX_ERR(1, 9, __pyx_L1_error) __pyx_t_3 = __pyx_f_17clickhouse_driver_14bufferedreader___pyx_unpickle_BufferedReader__set_state(((struct __pyx_obj_17clickhouse_driver_14bufferedreader_BufferedReader *)__pyx_v___pyx_result), ((PyObject*)__pyx_v___pyx_state)); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 9, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; } __Pyx_XDECREF(__pyx_r); __Pyx_INCREF(__pyx_v___pyx_result); __pyx_r = __pyx_v___pyx_result; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_XDECREF(__pyx_t_5); __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.__pyx_unpickle_BufferedReader"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XDECREF(__pyx_v___pyx_PickleError); __Pyx_XDECREF(__pyx_v___pyx_result); __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,257027875659414,1 4846,['CWE-189'],"ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) { memset((void *)crypt_stat, 0, sizeof(struct ecryptfs_crypt_stat)); INIT_LIST_HEAD(&crypt_stat->keysig_list); mutex_init(&crypt_stat->keysig_list_mutex); mutex_init(&crypt_stat->cs_mutex); mutex_init(&crypt_stat->cs_tfm_mutex); mutex_init(&crypt_stat->cs_hash_tfm_mutex); crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED; }",linux-2.6,,,223798685209978645935808881351023801261,0 3783,[],"static int unix_shutdown(struct socket *sock, int mode) { struct sock *sk = sock->sk; struct sock *other; mode = (mode+1)&(RCV_SHUTDOWN|SEND_SHUTDOWN); if (mode) { unix_state_lock(sk); sk->sk_shutdown |= mode; other=unix_peer(sk); if (other) sock_hold(other); unix_state_unlock(sk); sk->sk_state_change(sk); if (other && (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET)) { int peer_mode = 0; if (mode&RCV_SHUTDOWN) peer_mode |= SEND_SHUTDOWN; if (mode&SEND_SHUTDOWN) peer_mode |= RCV_SHUTDOWN; unix_state_lock(other); other->sk_shutdown |= peer_mode; unix_state_unlock(other); other->sk_state_change(other); read_lock(&other->sk_callback_lock); if (peer_mode == SHUTDOWN_MASK) sk_wake_async(other,1,POLL_HUP); else if (peer_mode & RCV_SHUTDOWN) sk_wake_async(other,1,POLL_IN); read_unlock(&other->sk_callback_lock); } if (other) sock_put(other); } return 0; }",linux-2.6,,,102568798379820225528140145219654202914,0 4802,['CWE-399'],"static inline void put_inotify_dev(struct inotify_device *dev) { if (atomic_dec_and_test(&dev->count)) { atomic_dec(&dev->user->inotify_devs); free_uid(dev->user); kfree(dev); } }",linux-2.6,,,37044735816214722155679229223271740001,0 6263,CWE-190,"static int util(void) { int bits, code = RLC_ERR; char str[RLC_BN_BITS + 2]; dig_t digit, raw[RLC_BN_DIGS]; uint8_t bin[RLC_CEIL(RLC_BN_BITS, 8)]; bn_t a, b, c; bn_null(a); bn_null(b); bn_null(c); RLC_TRY { bn_new(a); bn_new(b); bn_new(c); TEST_CASE(""comparison is consistent"") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); if (bn_cmp(a, b) != RLC_EQ) { if (bn_cmp(a, b) == RLC_GT) { TEST_ASSERT(bn_cmp(b, a) == RLC_LT, end); } else { TEST_ASSERT(bn_cmp(b, a) == RLC_GT, end); } } } TEST_END; TEST_CASE(""copy and comparison are consistent"") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_POS, RLC_BN_BITS); bn_rand(c, RLC_POS, RLC_BN_BITS); if (bn_cmp(a, c) != RLC_EQ) { bn_copy(c, a); TEST_ASSERT(bn_cmp(c, a) == RLC_EQ, end); } if (bn_cmp(b, c) != RLC_EQ) { bn_copy(c, b); TEST_ASSERT(bn_cmp(b, c) == RLC_EQ, end); } } TEST_END; TEST_CASE(""absolute, negation and comparison are consistent"") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_neg(b, a); bn_abs(a, b); TEST_ASSERT(bn_cmp(a, b) == RLC_GT, end); TEST_ASSERT(bn_cmp(b, a) == RLC_LT, end); TEST_ASSERT(bn_cmp_abs(a, b) == RLC_EQ, end); TEST_ASSERT(bn_cmp_dig(a, (dig_t)0) == RLC_GT, end); TEST_ASSERT(bn_cmp_dig(b, (dig_t)0) == RLC_LT, end); } TEST_END; TEST_CASE(""signal test is correct"") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_NEG, RLC_BN_BITS); TEST_ASSERT(bn_sign(a) == RLC_POS, end); TEST_ASSERT(bn_sign(b) == RLC_NEG, end); } TEST_END; TEST_CASE(""assignment to zero and comparison are consistent"") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_NEG, RLC_BN_BITS); bn_zero(c); TEST_ASSERT(bn_cmp(a, c) == RLC_GT, end); TEST_ASSERT(bn_cmp(c, a) == RLC_LT, end); TEST_ASSERT(bn_cmp(b, c) == RLC_LT, end); TEST_ASSERT(bn_cmp(c, b) == RLC_GT, end); TEST_ASSERT(bn_cmp_dig(a, (dig_t)0) == RLC_GT, end); TEST_ASSERT(bn_cmp_dig(b, (dig_t)0) == RLC_LT, end); TEST_ASSERT(bn_cmp_dig(c, (dig_t)0) == RLC_EQ, end); } TEST_END; TEST_CASE(""assignment to zero and zero test are consistent"") { bn_zero(c); TEST_ASSERT(bn_is_zero(c), end); TEST_ASSERT(bn_cmp_dig(c, (dig_t)0) == RLC_EQ, end); } TEST_END; TEST_CASE(""oddness test is correct"") { bn_set_dig(a, 2); bn_set_dig(b, 1); TEST_ASSERT(bn_is_even(a) == 1, end); TEST_ASSERT(bn_is_even(b) == 0, end); } TEST_END; bits = 0; TEST_CASE(""assignment and bit counting are consistent"") { bn_set_2b(a, bits); TEST_ASSERT(bits + 1 == bn_bits(a), end); bits = (bits + 1) % RLC_BN_BITS; } TEST_END; bits = 0; TEST_CASE(""bit setting and getting are consistent"") { bn_zero(a); bn_set_bit(a, bits, 1); TEST_ASSERT(bn_get_bit(a, bits) == 1, end); bn_set_bit(a, bits, 0); TEST_ASSERT(bn_get_bit(a, bits) == 0, end); bits = (bits + 1) % RLC_BN_BITS; } TEST_END; bits = 0; TEST_CASE(""hamming weight is correct"") { bn_zero(a); for (int j = 0; j < bits; j++) { bn_set_bit(a, j, 1); } TEST_ASSERT(bn_ham(a) == bits, end); bits = (bits + 1) % RLC_BN_BITS; } TEST_END; TEST_CASE(""generating a random integer is consistent"") { do { bn_rand(b, RLC_POS, RLC_BN_BITS); } while (bn_is_zero(b)); bn_rand_mod(a, b); TEST_ASSERT(bn_sign(a) == bn_sign(b), end); TEST_ASSERT(bn_is_zero(a) == 0, end); TEST_ASSERT(bn_cmp(a, b) == RLC_LT, end); do { bn_rand(b, RLC_NEG, RLC_DIG); } while (bn_bits(b) <= 1); bn_rand_mod(a, b); TEST_ASSERT(bn_sign(a) == bn_sign(b), end); TEST_ASSERT(bn_is_zero(a) == 0, end); TEST_ASSERT(bn_cmp(a, b) == RLC_GT, end); } TEST_END; TEST_CASE(""reading and writing the first digit are consistent"") { bn_rand(a, RLC_POS, RLC_DIG); bn_rand(b, RLC_POS, RLC_DIG); bn_get_dig(&digit, a); bn_set_dig(b, digit); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } TEST_END; TEST_CASE(""assignment to a constant and comparison are consistent"") { bn_set_dig(a, 2); bn_set_dig(b, 1); TEST_ASSERT(bn_cmp(a, b) == RLC_GT, end); TEST_ASSERT(bn_cmp(b, a) == RLC_LT, end); TEST_ASSERT(bn_cmp_dig(a, (dig_t)0) == RLC_GT, end); TEST_ASSERT(bn_cmp_dig(b, (dig_t)0) == RLC_GT, end); } TEST_END; TEST_CASE(""assignment to random and comparison are consistent"") { bn_rand(a, RLC_POS, RLC_BN_BITS); bn_rand(b, RLC_NEG, RLC_BN_BITS); bn_zero(c); TEST_ASSERT(bn_cmp(a, c) == RLC_GT, end); TEST_ASSERT(bn_cmp(b, c) == RLC_LT, end); TEST_ASSERT(bn_cmp_dig(a, (dig_t)0) == RLC_GT, end); TEST_ASSERT(bn_cmp_dig(b, (dig_t)0) == RLC_LT, end); } TEST_END; bits = 0; TEST_CASE(""different forms of assignment are consistent"") { bn_set_dig(a, (dig_t)(1) << (dig_t)bits); bn_set_2b(b, bits); bits++; bits %= (RLC_DIG); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } TEST_END; TEST_CASE(""reading and writing a positive number are consistent"") { int len = RLC_CEIL(RLC_BN_BITS, 8); bn_rand(a, RLC_POS, RLC_BN_BITS); for (int j = 2; j <= 64; j++) { bits = bn_size_str(a, j); bn_write_str(str, bits, a, j); bn_read_str(b, str, bits, j); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } bn_write_bin(bin, len, a); bn_read_bin(b, bin, len); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); len = RLC_BN_DIGS; bn_write_raw(raw, len, a); bn_read_raw(b, raw, len); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } TEST_END; TEST_CASE(""getting the size of a positive number is correct"") { bn_rand(a, RLC_POS, RLC_BN_BITS); TEST_ASSERT((bn_size_str(a, 2) - 1) == bn_bits(a), end); bits = (bn_bits(a) % 8 == 0 ? bn_bits(a) / 8 : bn_bits(a) / 8 + 1); TEST_ASSERT(bn_size_bin(a) == bits, end); TEST_ASSERT(bn_size_raw(a) == a->used, end); } TEST_END; TEST_CASE(""reading and writing a negative number are consistent"") { int len = RLC_CEIL(RLC_BN_BITS, 8); bn_rand(a, RLC_NEG, RLC_BN_BITS); for (int j = 2; j <= 64; j++) { bits = bn_size_str(a, j); bn_write_str(str, bits, a, j); bn_read_str(b, str, bits, j); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } bn_write_bin(bin, len, a); bn_read_bin(b, bin, len); bn_neg(b, b); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); len = RLC_BN_DIGS; bn_write_raw(raw, len, a); bn_read_raw(b, raw, len); bn_neg(b, b); TEST_ASSERT(bn_cmp(a, b) == RLC_EQ, end); } TEST_END; TEST_CASE(""getting the size of a negative number is correct"") { bn_rand(a, RLC_NEG, RLC_BN_BITS); TEST_ASSERT((bn_size_str(a, 2) - 2) == bn_bits(a), end); bits = (bn_bits(a) % 8 == 0 ? bn_bits(a) / 8 : bn_bits(a) / 8 + 1); TEST_ASSERT(bn_size_bin(a) == bits, end); TEST_ASSERT(bn_size_raw(a) == a->used, end); } TEST_END; } RLC_CATCH_ANY { RLC_ERROR(end); } code = RLC_OK; end: bn_free(a); bn_free(b); bn_free(c); return code; }",visit repo url,test/test_bn.c,https://github.com/relic-toolkit/relic,43729352719533,1 4208,[]," if(udpLstnSocks != NULL) { net.closeUDPListenSockets(udpLstnSocks); udpLstnSocks = NULL; }",rsyslog,,,278023671851203558883583296979448009326,0 5841,['CWE-200'],"static struct sock *ec_listening_socket(unsigned char port, unsigned char station, unsigned char net) { struct sock *sk; struct hlist_node *node; sk_for_each(sk, node, &econet_sklist) { struct econet_sock *opt = ec_sk(sk); if ((opt->port == port || opt->port == 0) && (opt->station == station || opt->station == 0) && (opt->net == net || opt->net == 0)) goto found; } sk = NULL; found: return sk; }",linux-2.6,,,214075007919349110335816988228574432420,0 1948,['CWE-20'],"static inline int handle_pte_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *pte, pmd_t *pmd, int write_access) { pte_t entry; spinlock_t *ptl; entry = *pte; if (!pte_present(entry)) { if (pte_none(entry)) { if (vma->vm_ops) { if (likely(vma->vm_ops->fault)) return do_linear_fault(mm, vma, address, pte, pmd, write_access, entry); if (unlikely(vma->vm_ops->nopfn)) return do_no_pfn(mm, vma, address, pte, pmd, write_access); } return do_anonymous_page(mm, vma, address, pte, pmd, write_access); } if (pte_file(entry)) return do_nonlinear_fault(mm, vma, address, pte, pmd, write_access, entry); return do_swap_page(mm, vma, address, pte, pmd, write_access, entry); } ptl = pte_lockptr(mm, pmd); spin_lock(ptl); if (unlikely(!pte_same(*pte, entry))) goto unlock; if (write_access) { if (!pte_write(entry)) return do_wp_page(mm, vma, address, pte, pmd, ptl, entry); entry = pte_mkdirty(entry); } entry = pte_mkyoung(entry); if (ptep_set_access_flags(vma, address, pte, entry, write_access)) { update_mmu_cache(vma, address, entry); } else { if (write_access) flush_tlb_page(vma, address); } unlock: pte_unmap_unlock(pte, ptl); return 0; }",linux-2.6,,,70979741475681979696064632369437751196,0 5738,['CWE-200'],"static void irda_disconnect_indication(void *instance, void *sap, LM_REASON reason, struct sk_buff *skb) { struct irda_sock *self; struct sock *sk; self = instance; IRDA_DEBUG(2, ""%s(%p)\n"", __func__, self); if(skb) dev_kfree_skb(skb); sk = instance; if (sk == NULL) { IRDA_DEBUG(0, ""%s(%p) : BUG : sk is NULL\n"", __func__, self); return; } bh_lock_sock(sk); if (!sock_flag(sk, SOCK_DEAD) && sk->sk_state != TCP_CLOSE) { sk->sk_state = TCP_CLOSE; sk->sk_shutdown |= SEND_SHUTDOWN; sk->sk_state_change(sk); if (self->tsap) { irttp_close_tsap(self->tsap); self->tsap = NULL; } } bh_unlock_sock(sk); }",linux-2.6,,,9773307300019573973313438697671954660,0 2599,['CWE-189'],"int dccp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len) { const struct dccp_sock *dp = dccp_sk(sk); const int flags = msg->msg_flags; const int noblock = flags & MSG_DONTWAIT; struct sk_buff *skb; int rc, size; long timeo; if (len > dp->dccps_mss_cache) return -EMSGSIZE; lock_sock(sk); if (sysctl_dccp_tx_qlen && (sk->sk_write_queue.qlen >= sysctl_dccp_tx_qlen)) { rc = -EAGAIN; goto out_release; } timeo = sock_sndtimeo(sk, noblock); if ((1 << sk->sk_state) & ~(DCCPF_OPEN | DCCPF_PARTOPEN)) if ((rc = sk_stream_wait_connect(sk, &timeo)) != 0) goto out_release; size = sk->sk_prot->max_header + len; release_sock(sk); skb = sock_alloc_send_skb(sk, size, noblock, &rc); lock_sock(sk); if (skb == NULL) goto out_release; skb_reserve(skb, sk->sk_prot->max_header); rc = memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len); if (rc != 0) goto out_discard; skb_queue_tail(&sk->sk_write_queue, skb); dccp_write_xmit(sk,0); out_release: release_sock(sk); return rc ? : len; out_discard: kfree_skb(skb); goto out_release; }",linux-2.6,,,46835554393615334542366614312835775372,0 5351,CWE-119,"decompileAction(int n, SWF_ACTION *actions, int maxn) { if( n > maxn ) SWF_error(""Action overflow!!""); #ifdef DEBUG fprintf(stderr,""%d:\tACTION[%3.3d]: %s\n"", actions[n].SWF_ACTIONRECORD.Offset, n, actionName(actions[n].SWF_ACTIONRECORD.ActionCode)); #endif switch(actions[n].SWF_ACTIONRECORD.ActionCode) { case SWFACTION_END: return 0; case SWFACTION_CONSTANTPOOL: decompileCONSTANTPOOL(&actions[n]); return 0; case SWFACTION_GOTOLABEL: return decompileGOTOFRAME(n, actions, maxn,1); case SWFACTION_GOTOFRAME: return decompileGOTOFRAME(n, actions, maxn,0); case SWFACTION_GOTOFRAME2: return decompileGOTOFRAME2(n, actions, maxn); case SWFACTION_WAITFORFRAME: decompileWAITFORFRAME(&actions[n]); return 0; case SWFACTION_GETURL2: decompileGETURL2(&actions[n]); return 0; case SWFACTION_GETURL: decompileGETURL(&actions[n]); return 0; case SWFACTION_PUSH: decompilePUSH(&actions[n]); return 0; case SWFACTION_PUSHDUP: decompilePUSHDUP(&actions[n]); return 0; case SWFACTION_STACKSWAP: decompileSTACKSWAP(&actions[n]); return 0; case SWFACTION_SETPROPERTY: decompileSETPROPERTY(n, actions, maxn); return 0; case SWFACTION_GETPROPERTY: decompileGETPROPERTY(n, actions, maxn); return 0; case SWFACTION_GETTIME: return decompileGETTIME(n, actions, maxn); case SWFACTION_TRACE: decompileTRACE(n, actions, maxn); return 0; case SWFACTION_CALLFRAME: decompileCALLFRAME(n, actions, maxn); return 0; case SWFACTION_EXTENDS: decompileEXTENDS(n, actions, maxn); return 0; case SWFACTION_INITOBJECT: decompileINITOBJECT(n, actions, maxn); return 0; case SWFACTION_NEWOBJECT: decompileNEWOBJECT(n, actions, maxn); return 0; case SWFACTION_NEWMETHOD: decompileNEWMETHOD(n, actions, maxn); return 0; case SWFACTION_GETMEMBER: decompileGETMEMBER(n, actions, maxn); return 0; case SWFACTION_SETMEMBER: decompileSETMEMBER(n, actions, maxn); return 0; case SWFACTION_GETVARIABLE: decompileGETVARIABLE(n, actions, maxn); return 0; case SWFACTION_SETVARIABLE: decompileSETVARIABLE(n, actions, maxn, 0); return 0; case SWFACTION_DEFINELOCAL: decompileSETVARIABLE(n, actions, maxn, 1); return 0; case SWFACTION_DEFINELOCAL2: decompileDEFINELOCAL2(n, actions, maxn); return 0; case SWFACTION_DECREMENT: return decompileINCR_DECR(n, actions, maxn, 0); case SWFACTION_INCREMENT: return decompileINCR_DECR(n, actions, maxn,1); case SWFACTION_STOREREGISTER: decompileSTOREREGISTER(n, actions, maxn); return 0; case SWFACTION_JUMP: return decompileJUMP(n, actions, maxn); case SWFACTION_RETURN: decompileRETURN(n, actions, maxn); return 0; case SWFACTION_LOGICALNOT: return decompileLogicalNot(n, actions, maxn); case SWFACTION_IF: return decompileIF(n, actions, maxn); case SWFACTION_WITH: decompileWITH(n, actions, maxn); return 0; case SWFACTION_ENUMERATE: return decompileENUMERATE(n, actions, maxn, 0); case SWFACTION_ENUMERATE2 : return decompileENUMERATE(n, actions, maxn,1); case SWFACTION_INITARRAY: return decompileINITARRAY(n, actions, maxn); case SWFACTION_DEFINEFUNCTION: return decompileDEFINEFUNCTION(n, actions, maxn,0); case SWFACTION_DEFINEFUNCTION2: return decompileDEFINEFUNCTION(n, actions, maxn,1); case SWFACTION_CALLFUNCTION: return decompileCALLFUNCTION(n, actions, maxn); case SWFACTION_CALLMETHOD: return decompileCALLMETHOD(n, actions, maxn); case SWFACTION_INSTANCEOF: case SWFACTION_SHIFTLEFT: case SWFACTION_SHIFTRIGHT: case SWFACTION_SHIFTRIGHT2: case SWFACTION_ADD: case SWFACTION_ADD2: case SWFACTION_SUBTRACT: case SWFACTION_MULTIPLY: case SWFACTION_DIVIDE: case SWFACTION_MODULO: case SWFACTION_BITWISEAND: case SWFACTION_BITWISEOR: case SWFACTION_BITWISEXOR: case SWFACTION_EQUAL: case SWFACTION_EQUALS2: case SWFACTION_LESS2: case SWFACTION_LOGICALAND: case SWFACTION_LOGICALOR: case SWFACTION_GREATER: case SWFACTION_LESSTHAN: case SWFACTION_STRINGEQ: case SWFACTION_STRINGCOMPARE: case SWFACTION_STRICTEQUALS: return decompileArithmeticOp(n, actions, maxn); case SWFACTION_POP: pop(); return 0; case SWFACTION_STARTDRAG: return decompileSTARTDRAG(n, actions, maxn); case SWFACTION_DELETE: return decompileDELETE(n, actions, maxn,0); case SWFACTION_DELETE2: return decompileDELETE(n, actions, maxn,1); case SWFACTION_TARGETPATH: return decompileSingleArgBuiltInFunctionCall(n, actions, maxn,""targetPath""); case SWFACTION_TYPEOF: return decompileSingleArgBuiltInFunctionCall(n, actions, maxn,""typeof""); case SWFACTION_ORD: return decompileSingleArgBuiltInFunctionCall(n, actions, maxn,""ord""); case SWFACTION_CHR: return decompileSingleArgBuiltInFunctionCall(n, actions, maxn,""chr""); case SWFACTION_INT: return decompileSingleArgBuiltInFunctionCall(n, actions, maxn,""int""); case SWFACTION_TOSTRING: return decompileSingleArgBuiltInFunctionCall(n, actions, maxn,""String""); case SWFACTION_TONUMBER: return decompileSingleArgBuiltInFunctionCall(n, actions, maxn,""Number""); case SWFACTION_RANDOMNUMBER: return decompileSingleArgBuiltInFunctionCall(n, actions, maxn,""random""); case SWFACTION_STRINGLENGTH: return decompileSingleArgBuiltInFunctionCall(n, actions, maxn,""length""); case SWFACTION_PLAY: return decompile_Null_ArgBuiltInFunctionCall(n, actions, maxn,""play""); case SWFACTION_STOP: return decompile_Null_ArgBuiltInFunctionCall(n, actions, maxn,""stop""); case SWFACTION_NEXTFRAME: return decompile_Null_ArgBuiltInFunctionCall(n, actions, maxn,""nextFrame""); case SWFACTION_PREVFRAME: return decompile_Null_ArgBuiltInFunctionCall(n, actions, maxn,""prevFrame""); case SWFACTION_ENDDRAG: return decompile_Null_ArgBuiltInFunctionCall(n, actions, maxn,""stopDrag""); case SWFACTION_STOPSOUNDS: return decompile_Null_ArgBuiltInFunctionCall(n, actions, maxn,""stopAllSounds""); case SWFACTION_TOGGLEQUALITY: return decompile_Null_ArgBuiltInFunctionCall(n, actions, maxn,""toggleHighQuality""); case SWFACTION_MBSUBSTRING: case SWFACTION_SUBSTRING: return decompileSUBSTRING(n, actions, maxn); case SWFACTION_STRINGCONCAT: return decompileSTRINGCONCAT(n, actions, maxn); case SWFACTION_REMOVECLIP: return decompileREMOVECLIP(n, actions, maxn); case SWFACTION_DUPLICATECLIP: return decompileDUPLICATECLIP(n, actions, maxn); case SWFACTION_SETTARGET: return decompileSETTARGET(n, actions, maxn,0); case SWFACTION_SETTARGET2: return decompileSETTARGET(n, actions, maxn,1); case SWFACTION_IMPLEMENTSOP: return decompileIMPLEMENTS(n, actions, maxn); case SWFACTION_CASTOP: return decompileCAST(n, actions, maxn); case SWFACTION_THROW: return decompileTHROW(n, actions, maxn); case SWFACTION_TRY: return decompileTRY(n, actions, maxn); default: outputSWF_ACTION(n,&actions[n]); return 0; } }",visit repo url,util/decompile.c,https://github.com/libming/libming,262509248473102,1 2837,CWE-125,"static CACHE_BRUSH_ORDER* update_read_cache_brush_order(rdpUpdate* update, wStream* s, UINT16 flags) { int i; BYTE iBitmapFormat; BOOL compressed = FALSE; CACHE_BRUSH_ORDER* cache_brush = calloc(1, sizeof(CACHE_BRUSH_ORDER)); if (!cache_brush) goto fail; if (Stream_GetRemainingLength(s) < 6) goto fail; Stream_Read_UINT8(s, cache_brush->index); Stream_Read_UINT8(s, iBitmapFormat); if (iBitmapFormat >= ARRAYSIZE(BMF_BPP)) goto fail; cache_brush->bpp = BMF_BPP[iBitmapFormat]; Stream_Read_UINT8(s, cache_brush->cx); Stream_Read_UINT8(s, cache_brush->cy); Stream_Read_UINT8(s, cache_brush->style); Stream_Read_UINT8(s, cache_brush->length); if ((cache_brush->cx == 8) && (cache_brush->cy == 8)) { if (cache_brush->bpp == 1) { if (cache_brush->length != 8) { WLog_Print(update->log, WLOG_ERROR, ""incompatible 1bpp brush of length:%"" PRIu32 """", cache_brush->length); goto fail; } if (Stream_GetRemainingLength(s) < 8) goto fail; for (i = 7; i >= 0; i--) { Stream_Read_UINT8(s, cache_brush->data[i]); } } else { if ((iBitmapFormat == BMF_8BPP) && (cache_brush->length == 20)) compressed = TRUE; else if ((iBitmapFormat == BMF_16BPP) && (cache_brush->length == 24)) compressed = TRUE; else if ((iBitmapFormat == BMF_32BPP) && (cache_brush->length == 32)) compressed = TRUE; if (compressed != FALSE) { if (!update_decompress_brush(s, cache_brush->data, sizeof(cache_brush->data), cache_brush->bpp)) goto fail; } else { UINT32 scanline = (cache_brush->bpp / 8) * 8; if (Stream_GetRemainingLength(s) < scanline * 8) goto fail; for (i = 7; i >= 0; i--) { Stream_Read(s, &cache_brush->data[i * scanline], scanline); } } } } return cache_brush; fail: free_cache_brush_order(update->context, cache_brush); return NULL; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,40478349744422,1 981,CWE-269,"static int __poke_user_compat(struct task_struct *child, addr_t addr, addr_t data) { struct compat_user *dummy32 = NULL; __u32 tmp = (__u32) data; addr_t offset; if (addr < (addr_t) &dummy32->regs.acrs) { struct pt_regs *regs = task_pt_regs(child); if (addr == (addr_t) &dummy32->regs.psw.mask) { __u32 mask = PSW32_MASK_USER; mask |= is_ri_task(child) ? PSW32_MASK_RI : 0; if ((tmp & ~mask) != PSW32_USER_BITS) return -EINVAL; regs->psw.mask = (regs->psw.mask & ~PSW_MASK_USER) | (regs->psw.mask & PSW_MASK_BA) | (__u64)(tmp & mask) << 32; } else if (addr == (addr_t) &dummy32->regs.psw.addr) { regs->psw.addr = (__u64) tmp & PSW32_ADDR_INSN; regs->psw.mask = (regs->psw.mask & ~PSW_MASK_BA) | (__u64)(tmp & PSW32_ADDR_AMODE); } else { *(__u32*)((addr_t) ®s->psw + addr*2 + 4) = tmp; } } else if (addr < (addr_t) (&dummy32->regs.orig_gpr2)) { offset = addr - (addr_t) &dummy32->regs.acrs; *(__u32*)((addr_t) &child->thread.acrs + offset) = tmp; } else if (addr == (addr_t) (&dummy32->regs.orig_gpr2)) { *(__u32*)((addr_t) &task_pt_regs(child)->orig_gpr2 + 4) = tmp; } else if (addr < (addr_t) &dummy32->regs.fp_regs) { return 0; } else if (addr < (addr_t) (&dummy32->regs.fp_regs + 1)) { if (addr == (addr_t) &dummy32->regs.fp_regs.fpc && test_fp_ctl(tmp)) return -EINVAL; offset = addr - (addr_t) &dummy32->regs.fp_regs; *(__u32 *)((addr_t) &child->thread.fp_regs + offset) = tmp; } else if (addr < (addr_t) (&dummy32->regs.per_info + 1)) { addr -= (addr_t) &dummy32->regs.per_info; __poke_user_per_compat(child, addr, data); } return 0; }",visit repo url,arch/s390/kernel/ptrace.c,https://github.com/torvalds/linux,170179596877334,1 6310,CWE-295,"NOEXPORT int ssl_tlsext_ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) { CLI *c; const EVP_CIPHER *cipher; int iv_len; (void)key_name; s_log(LOG_DEBUG, ""Session ticket processing callback""); c=SSL_get_ex_data(ssl, index_ssl_cli); if(!HMAC_Init_ex(hctx, (const unsigned char *)(c->opt->ticket_mac->key_val), c->opt->ticket_mac->key_len, EVP_sha256(), NULL)) { s_log(LOG_ERR, ""HMAC_Init_ex failed""); return -1; } if(c->opt->ticket_key->key_len == 16) cipher = EVP_aes_128_cbc(); else cipher = EVP_aes_256_cbc(); if(enc) { iv_len = EVP_CIPHER_iv_length(cipher); if(RAND_bytes(iv, iv_len) <= 0) { s_log(LOG_ERR, ""RAND_bytes failed""); return -1; } if(!EVP_EncryptInit_ex(ctx, cipher, NULL, (const unsigned char *)(c->opt->ticket_key->key_val), iv)) { s_log(LOG_ERR, ""EVP_EncryptInit_ex failed""); return -1; } } else if(!EVP_DecryptInit_ex(ctx, cipher, NULL, (const unsigned char *)(c->opt->ticket_key->key_val), iv)) { s_log(LOG_ERR, ""EVP_DecryptInit_ex failed""); return -1; } if(strcmp(SSL_get_version(c->ssl), ""TLSv1.3"")) return 1; else return 2; }",visit repo url,src/ctx.c,https://github.com/mtrojnar/stunnel,42898206921874,1 1851,CWE-416,"void rose_start_t1timer(struct sock *sk) { struct rose_sock *rose = rose_sk(sk); del_timer(&rose->timer); rose->timer.function = rose_timer_expiry; rose->timer.expires = jiffies + rose->t1; add_timer(&rose->timer); }",visit repo url,net/rose/rose_timer.c,https://github.com/torvalds/linux,141626909585622,1 4708,CWE-22,"static int pop_fetch_message(struct Context *ctx, struct Message *msg, int msgno) { void *uidl = NULL; char buf[LONG_STRING]; char path[PATH_MAX]; struct Progress progressbar; struct PopData *pop_data = (struct PopData *) ctx->data; struct PopCache *cache = NULL; struct Header *h = ctx->hdrs[msgno]; unsigned short bcache = 1; msg->fp = mutt_bcache_get(pop_data->bcache, h->data); if (msg->fp) return 0; cache = &pop_data->cache[h->index % POP_CACHE_LEN]; if (cache->path) { if (cache->index == h->index) { msg->fp = fopen(cache->path, ""r""); if (msg->fp) return 0; mutt_perror(cache->path); return -1; } else { unlink(cache->path); FREE(&cache->path); } } while (true) { if (pop_reconnect(ctx) < 0) return -1; if (h->refno < 0) { mutt_error( _(""The message index is incorrect. Try reopening the mailbox."")); return -1; } mutt_progress_init(&progressbar, _(""Fetching message...""), MUTT_PROGRESS_SIZE, NetInc, h->content->length + h->content->offset - 1); msg->fp = mutt_bcache_put(pop_data->bcache, h->data); if (!msg->fp) { bcache = 0; mutt_mktemp(path, sizeof(path)); msg->fp = mutt_file_fopen(path, ""w+""); if (!msg->fp) { mutt_perror(path); return -1; } } snprintf(buf, sizeof(buf), ""RETR %d\r\n"", h->refno); const int ret = pop_fetch_data(pop_data, buf, &progressbar, fetch_message, msg->fp); if (ret == 0) break; mutt_file_fclose(&msg->fp); if (!bcache) unlink(path); if (ret == -2) { mutt_error(""%s"", pop_data->err_msg); return -1; } if (ret == -3) { mutt_error(_(""Can't write message to temporary file!"")); return -1; } } if (bcache) mutt_bcache_commit(pop_data->bcache, h->data); else { cache->index = h->index; cache->path = mutt_str_strdup(path); } rewind(msg->fp); uidl = h->data; if (ctx->subj_hash && h->env->real_subj) mutt_hash_delete(ctx->subj_hash, h->env->real_subj, h); mutt_label_hash_remove(ctx, h); mutt_env_free(&h->env); h->env = mutt_rfc822_read_header(msg->fp, h, 0, 0); if (ctx->subj_hash && h->env->real_subj) mutt_hash_insert(ctx->subj_hash, h->env->real_subj, h); mutt_label_hash_add(ctx, h); h->data = uidl; h->lines = 0; fgets(buf, sizeof(buf), msg->fp); while (!feof(msg->fp)) { ctx->hdrs[msgno]->lines++; fgets(buf, sizeof(buf), msg->fp); } h->content->length = ftello(msg->fp) - h->content->offset; if (!WithCrypto) h->security = crypt_query(h->content); mutt_clear_error(); rewind(msg->fp); return 0; }",visit repo url,pop.c,https://github.com/neomutt/neomutt,123289171942740,1 370,CWE-388,"COMPAT_SYSCALL_DEFINE3(set_mempolicy, int, mode, compat_ulong_t __user *, nmask, compat_ulong_t, maxnode) { long err = 0; unsigned long __user *nm = NULL; unsigned long nr_bits, alloc_size; DECLARE_BITMAP(bm, MAX_NUMNODES); nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES); alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; if (nmask) { err = compat_get_bitmap(bm, nmask, nr_bits); nm = compat_alloc_user_space(alloc_size); err |= copy_to_user(nm, bm, alloc_size); } if (err) return -EFAULT; return sys_set_mempolicy(mode, nm, nr_bits+1); }",visit repo url,mm/mempolicy.c,https://github.com/torvalds/linux,136946940001822,1 3901,CWE-416,"qf_jump_edit_buffer( qf_info_T *qi, qfline_T *qf_ptr, int forceit, int prev_winid, int *opened_window) { qf_list_T *qfl = qf_get_curlist(qi); int old_changedtick = qfl->qf_changedtick; qfltype_T qfl_type = qfl->qfl_type; int retval = OK; int old_qf_curlist = qi->qf_curlist; int save_qfid = qfl->qf_id; if (qf_ptr->qf_type == 1) { if (!can_abandon(curbuf, forceit)) { no_write_message(); return FAIL; } retval = do_ecmd(qf_ptr->qf_fnum, NULL, NULL, NULL, (linenr_T)1, ECMD_HIDE + ECMD_SET_HELP, prev_winid == curwin->w_id ? curwin : NULL); } else retval = buflist_getfile(qf_ptr->qf_fnum, (linenr_T)1, GETF_SETMARK | GETF_SWITCH, forceit); if (qfl_type == QFLT_LOCATION) { win_T *wp = win_id2wp(prev_winid); if (wp == NULL && curwin->w_llist != qi) { emsg(_(e_current_window_was_closed)); *opened_window = FALSE; return NOTDONE; } } if (qfl_type == QFLT_QUICKFIX && !qflist_valid(NULL, save_qfid)) { emsg(_(e_current_quickfix_list_was_changed)); return NOTDONE; } if (old_qf_curlist != qi->qf_curlist || old_changedtick != qfl->qf_changedtick || !is_qf_entry_present(qfl, qf_ptr)) { if (qfl_type == QFLT_QUICKFIX) emsg(_(e_current_quickfix_list_was_changed)); else emsg(_(e_current_location_list_was_changed)); return NOTDONE; } return retval; }",visit repo url,src/quickfix.c,https://github.com/vim/vim,13884242245591,1 3054,['CWE-189'],"static int jas_icclut16_copy(jas_iccattrval_t *attrval, jas_iccattrval_t *othattrval) { attrval = 0; othattrval = 0; abort(); return -1; }",jasper,,,236679739421403963014701222112113522445,0 5214,CWE-276,"load_deployed_metadata (FlatpakTransaction *self, FlatpakDecomposed *ref, char **out_commit, char **out_remote) { FlatpakTransactionPrivate *priv = flatpak_transaction_get_instance_private (self); g_autoptr(GFile) deploy_dir = NULL; g_autoptr(GFile) metadata_file = NULL; g_autofree char *metadata_contents = NULL; gsize metadata_contents_length; deploy_dir = flatpak_dir_get_if_deployed (priv->dir, ref, NULL, NULL); if (deploy_dir == NULL) return NULL; if (out_commit || out_remote) { g_autoptr(GBytes) deploy_data = NULL; deploy_data = flatpak_load_deploy_data (deploy_dir, ref, flatpak_dir_get_repo (priv->dir), FLATPAK_DEPLOY_VERSION_ANY, NULL, NULL); if (deploy_data == NULL) return NULL; if (out_commit) *out_commit = g_strdup (flatpak_deploy_data_get_commit (deploy_data)); if (out_remote) *out_remote = g_strdup (flatpak_deploy_data_get_origin (deploy_data)); } metadata_file = g_file_get_child (deploy_dir, ""metadata""); if (!g_file_load_contents (metadata_file, NULL, &metadata_contents, &metadata_contents_length, NULL, NULL)) { g_debug (""No metadata in local deploy of %s"", flatpak_decomposed_get_ref (ref)); return NULL; } return g_bytes_new_take (g_steal_pointer (&metadata_contents), metadata_contents_length + 1); }",visit repo url,common/flatpak-transaction.c,https://github.com/flatpak/flatpak,99402966006245,1 5062,CWE-125,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 5116,CWE-125,"AsyncFunctionDef(identifier name, arguments_ty args, asdl_seq * body, asdl_seq * decorator_list, expr_ty returns, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; if (!name) { PyErr_SetString(PyExc_ValueError, ""field name is required for AsyncFunctionDef""); return NULL; } if (!args) { PyErr_SetString(PyExc_ValueError, ""field args is required for AsyncFunctionDef""); return NULL; } p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = AsyncFunctionDef_kind; p->v.AsyncFunctionDef.name = name; p->v.AsyncFunctionDef.args = args; p->v.AsyncFunctionDef.body = body; p->v.AsyncFunctionDef.decorator_list = decorator_list; p->v.AsyncFunctionDef.returns = returns; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,102394807316765,1 4472,['CWE-264'],"void drv_reset_indication(struct s_smc *smc) { PRINTK(KERN_INFO ""entering drv_reset_indication\n""); smc->os.ResetRequested = TRUE; } ",linux-2.6,,,318677918487313101053401208769790273563,0 1512,[],"int wake_up_state(struct task_struct *p, unsigned int state) { return try_to_wake_up(p, state, 0); }",linux-2.6,,,19151082011988772725487474332501686991,0 1570,[],"static void __wake_up_common(wait_queue_head_t *q, unsigned int mode, int nr_exclusive, int sync, void *key) { wait_queue_t *curr, *next; list_for_each_entry_safe(curr, next, &q->task_list, task_list) { unsigned flags = curr->flags; if (curr->func(curr, mode, sync, key) && (flags & WQ_FLAG_EXCLUSIVE) && !--nr_exclusive) break; } }",linux-2.6,,,282399432131412180094566568521795149397,0 1762,CWE-119,"static bool check_underflow(const struct arpt_entry *e) { const struct xt_entry_target *t; unsigned int verdict; if (!unconditional(&e->arp)) return false; t = arpt_get_target_c(e); if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) return false; verdict = ((struct xt_standard_target *)t)->verdict; verdict = -verdict - 1; return verdict == NF_DROP || verdict == NF_ACCEPT; }",visit repo url,net/ipv4/netfilter/arp_tables.c,https://github.com/torvalds/linux,36979508811281,1 6650,['CWE-200'],"connection_removed (NMExportedConnection *exported, gpointer user_data) { GtkListStore *store = GTK_LIST_STORE (user_data); GtkTreeIter iter; if (get_iter_for_connection (GTK_TREE_MODEL (store), exported, &iter)) gtk_list_store_remove (store, &iter); }",network-manager-applet,,,38842390184744436834488161529064400778,0 3563,['CWE-20'],"sctp_disposition_t sctp_sf_do_6_3_3_rtx(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_transport *transport = arg; SCTP_INC_STATS(SCTP_MIB_T3_RTX_EXPIREDS); if (asoc->overall_error_count >= asoc->max_retrans) { sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ETIMEDOUT)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_NO_ERROR)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); return SCTP_DISPOSITION_DELETE_TCB; } sctp_add_cmd_sf(commands, SCTP_CMD_STRIKE, SCTP_TRANSPORT(transport)); sctp_add_cmd_sf(commands, SCTP_CMD_RETRAN, SCTP_TRANSPORT(transport)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,198034041761662622717338200874015424609,0 4215,['CWE-399'],"static inline struct sk_buff_head *prio2list(struct sk_buff *skb, struct Qdisc *qdisc) { struct sk_buff_head *list = qdisc_priv(qdisc); return list + prio2band[skb->priority & TC_PRIO_MAX]; }",linux-2.6,,,198722028464575658800171493655214572712,0 6396,CWE-20,"void enc28j60WritePhyReg(NetInterface *interface, uint16_t address, uint16_t data) { enc28j60WriteReg(interface, ENC28J60_REG_MIREGADR, address & REG_ADDR_MASK); enc28j60WriteReg(interface, ENC28J60_REG_MIWRL, LSB(data)); enc28j60WriteReg(interface, ENC28J60_REG_MIWRH, MSB(data)); while((enc28j60ReadReg(interface, ENC28J60_REG_MISTAT) & MISTAT_BUSY) != 0) { } }",visit repo url,drivers/eth/enc28j60_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,32496103443283,1 3894,['CWE-399'],static int tea6300_shift10(int val) { return val >> 10; },linux-2.6,,,43906171409311038182330220866192726369,0 86,CWE-772,"delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } prime_arg = arg->name; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE, NULL, NULL)) { log_unauth(""kadm5_delete_policy"", prime_arg, &client_name, &service_name, rqstp); ret.code = KADM5_AUTH_DELETE; } else { ret.code = kadm5_delete_policy((void *)handle, arg->name); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_delete_policy"", ((prime_arg == NULL) ? ""(null)"" : prime_arg), errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,30420225162113,1 2377,CWE-119,"static int g2m_init_buffers(G2MContext *c) { int aligned_height; if (!c->framebuf || c->old_width < c->width || c->old_height < c->height) { c->framebuf_stride = FFALIGN(c->width * 3, 16); aligned_height = FFALIGN(c->height, 16); av_free(c->framebuf); c->framebuf = av_mallocz(c->framebuf_stride * aligned_height); if (!c->framebuf) return AVERROR(ENOMEM); } if (!c->synth_tile || !c->jpeg_tile || c->old_tile_w < c->tile_width || c->old_tile_h < c->tile_height) { c->tile_stride = FFALIGN(c->tile_width, 16) * 3; aligned_height = FFALIGN(c->tile_height, 16); av_free(c->synth_tile); av_free(c->jpeg_tile); av_free(c->kempf_buf); av_free(c->kempf_flags); c->synth_tile = av_mallocz(c->tile_stride * aligned_height); c->jpeg_tile = av_mallocz(c->tile_stride * aligned_height); c->kempf_buf = av_mallocz((c->tile_width + 1) * aligned_height + FF_INPUT_BUFFER_PADDING_SIZE); c->kempf_flags = av_mallocz( c->tile_width * aligned_height); if (!c->synth_tile || !c->jpeg_tile || !c->kempf_buf || !c->kempf_flags) return AVERROR(ENOMEM); } return 0; }",visit repo url,libavcodec/g2meet.c,https://github.com/FFmpeg/FFmpeg,156656697560904,1 4505,['CWE-20'],"static int verify_reserved_gdb(struct super_block *sb, struct buffer_head *primary) { const ext4_fsblk_t blk = primary->b_blocknr; const ext4_group_t end = EXT4_SB(sb)->s_groups_count; unsigned three = 1; unsigned five = 5; unsigned seven = 7; unsigned grp; __le32 *p = (__le32 *)primary->b_data; int gdbackups = 0; while ((grp = ext4_list_backups(sb, &three, &five, &seven)) < end) { if (le32_to_cpu(*p++) != grp * EXT4_BLOCKS_PER_GROUP(sb) + blk){ ext4_warning(sb, __func__, ""reserved GDT %llu"" "" missing grp %d (%llu)"", blk, grp, grp * (ext4_fsblk_t)EXT4_BLOCKS_PER_GROUP(sb) + blk); return -EINVAL; } if (++gdbackups > EXT4_ADDR_PER_BLOCK(sb)) return -EFBIG; } return gdbackups; }",linux-2.6,,,128954304814523851738698372455195263504,0 1934,CWE-122,"mwifiex_set_uap_rates(struct mwifiex_uap_bss_param *bss_cfg, struct cfg80211_ap_settings *params) { struct ieee_types_header *rate_ie; int var_offset = offsetof(struct ieee80211_mgmt, u.beacon.variable); const u8 *var_pos = params->beacon.head + var_offset; int len = params->beacon.head_len - var_offset; u8 rate_len = 0; rate_ie = (void *)cfg80211_find_ie(WLAN_EID_SUPP_RATES, var_pos, len); if (rate_ie) { memcpy(bss_cfg->rates, rate_ie + 1, rate_ie->len); rate_len = rate_ie->len; } rate_ie = (void *)cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, params->beacon.tail, params->beacon.tail_len); if (rate_ie) memcpy(bss_cfg->rates + rate_len, rate_ie + 1, rate_ie->len); return; }",visit repo url,drivers/net/wireless/marvell/mwifiex/uap_cmd.c,https://github.com/torvalds/linux,4616635926361,1 64,['CWE-787'],"static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin, int off_pitch, int bytesperline, int lines) { int y; int off_cur; int off_cur_end; for (y = 0; y < lines; y++) { off_cur = off_begin; off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask; off_cur &= TARGET_PAGE_MASK; while (off_cur < off_cur_end) { cpu_physical_memory_set_dirty(s->vram_offset + off_cur); off_cur += TARGET_PAGE_SIZE; } off_begin += off_pitch; } }",qemu,,,88420131893733971323306349455124494827,0 3606,CWE-362,"int main(int argc, char *argv[]) { p_fm_config_conx_hdlt hdl; int instance = 0; fm_mgr_config_errno_t res; char *rem_addr = NULL; char *community = ""public""; char Opts[256]; int arg; char *command; int i; strcpy(Opts, ""i:d:h-""); while ((arg = getopt(argc, argv, Opts)) != EOF) { switch (arg) { case 'h': case '-': usage(argv[0]); return(0); case 'i': instance = atol(optarg); break; case 'd': rem_addr = optarg; break; default: usage(argv[0]); return(-1); } } if(optind >= argc){ fprintf(stderr, ""Command required\n""); usage(argv[0]); return -1; } command = argv[optind++]; printf(""Connecting to %s FM instance %d\n"", (rem_addr==NULL) ? ""LOCAL"":rem_addr, instance); if((res = fm_mgr_config_init(&hdl,instance, rem_addr, community)) != FM_CONF_OK) { fprintf(stderr, ""Failed to initialize the client handle: %d\n"", res); goto die_clean; } if((res = fm_mgr_config_connect(hdl)) != FM_CONF_OK) { fprintf(stderr, ""Failed to connect: (%d) %s\n"",res,fm_mgr_get_error_str(res)); goto die_clean; } for(i=0;isk_type) { case SOCK_SEQPACKET: sp->type = SCTP_SOCKET_UDP; break; case SOCK_STREAM: sp->type = SCTP_SOCKET_TCP; break; default: return -ESOCKTNOSUPPORT; } sp->default_stream = 0; sp->default_ppid = 0; sp->default_flags = 0; sp->default_context = 0; sp->default_timetolive = 0; sp->default_rcv_context = 0; sp->max_burst = sctp_max_burst; sp->initmsg.sinit_num_ostreams = sctp_max_outstreams; sp->initmsg.sinit_max_instreams = sctp_max_instreams; sp->initmsg.sinit_max_attempts = sctp_max_retrans_init; sp->initmsg.sinit_max_init_timeo = sctp_rto_max; sp->rtoinfo.srto_initial = sctp_rto_initial; sp->rtoinfo.srto_max = sctp_rto_max; sp->rtoinfo.srto_min = sctp_rto_min; sp->assocparams.sasoc_asocmaxrxt = sctp_max_retrans_association; sp->assocparams.sasoc_number_peer_destinations = 0; sp->assocparams.sasoc_peer_rwnd = 0; sp->assocparams.sasoc_local_rwnd = 0; sp->assocparams.sasoc_cookie_life = sctp_valid_cookie_life; memset(&sp->subscribe, 0, sizeof(struct sctp_event_subscribe)); sp->hbinterval = sctp_hb_interval; sp->pathmaxrxt = sctp_max_retrans_path; sp->pathmtu = 0; sp->sackdelay = sctp_sack_timeout; sp->sackfreq = 2; sp->param_flags = SPP_HB_ENABLE | SPP_PMTUD_ENABLE | SPP_SACKDELAY_ENABLE; sp->disable_fragments = 0; sp->nodelay = 0; sp->v4mapped = 1; sp->autoclose = 0; sp->user_frag = 0; sp->adaptation_ind = 0; sp->pf = sctp_get_pf_specific(sk->sk_family); atomic_set(&sp->pd_mode, 0); skb_queue_head_init(&sp->pd_lobby); sp->frag_interleave = 0; ep = sctp_endpoint_new(sk, GFP_KERNEL); if (!ep) return -ENOMEM; sp->ep = ep; sp->hmac = NULL; SCTP_DBG_OBJCNT_INC(sock); atomic_inc(&sctp_sockets_allocated); return 0; }",linux-2.6,,,157792114101665653474765724490399154843,0 6153,CWE-190,"static void ep2_mul_glv_imp(ep2_t r, const ep2_t p, const bn_t k) { int i, j, l, _l[4]; bn_t n, _k[4], u; int8_t naf[4][RLC_FP_BITS + 1]; ep2_t q[4]; bn_null(n); bn_null(u); RLC_TRY { bn_new(n); bn_new(u); for (i = 0; i < 4; i++) { bn_null(_k[i]); ep2_null(q[i]); bn_new(_k[i]); ep2_new(q[i]); } ep2_curve_get_ord(n); fp_prime_get_par(u); bn_mod(_k[0], k, n); bn_rec_frb(_k, 4, _k[0], u, n, ep_curve_is_pairf() == EP_BN); ep2_norm(q[0], p); ep2_frb(q[1], q[0], 1); ep2_frb(q[2], q[1], 1); ep2_frb(q[3], q[2], 1); l = 0; for (i = 0; i < 4; i++) { if (bn_sign(_k[i]) == RLC_NEG) { ep2_neg(q[i], q[i]); } _l[i] = RLC_FP_BITS + 1; bn_rec_naf(naf[i], &_l[i], _k[i], 2); l = RLC_MAX(l, _l[i]); } ep2_set_infty(r); for (j = l - 1; j >= 0; j--) { ep2_dbl(r, r); for (i = 0; i < 4; i++) { if (naf[i][j] > 0) { ep2_add(r, r, q[i]); } if (naf[i][j] < 0) { ep2_sub(r, r, q[i]); } } } ep2_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(u); for (i = 0; i < 4; i++) { bn_free(_k[i]); ep2_free(q[i]); } } }",visit repo url,src/epx/relic_ep2_mul.c,https://github.com/relic-toolkit/relic,259846155090203,1 1108,['CWE-399'],"asmlinkage long sys32_rt_sigreturn(struct pt_regs *regs) { struct rt_sigframe __user *frame; sigset_t set; unsigned int ax; struct pt_regs tregs; frame = (struct rt_sigframe __user *)(regs->sp - 4); if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) goto badframe; if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) goto badframe; sigdelsetmask(&set, ~_BLOCKABLE); spin_lock_irq(¤t->sighand->siglock); current->blocked = set; recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); if (ia32_restore_sigcontext(regs, &frame->uc.uc_mcontext, &ax)) goto badframe; tregs = *regs; if (sys32_sigaltstack(&frame->uc.uc_stack, NULL, &tregs) == -EFAULT) goto badframe; return ax; badframe: signal_fault(regs, frame, ""32bit rt sigreturn""); return 0; }",linux-2.6,,,192824174151476682404728928024767944384,0 4953,['CWE-20'],"static void nfs_destroy_server(struct nfs_server *server) { if (!IS_ERR(server->client_acl)) rpc_shutdown_client(server->client_acl); if (!(server->flags & NFS_MOUNT_NONLM)) lockd_down(); }",linux-2.6,,,43247472933715589726687905354066080637,0 4161,['CWE-399'],"static int originates_from_local_iface(AvahiServer *s, AvahiIfIndex iface, const AvahiAddress *a, uint16_t port) { assert(s); assert(iface != AVAHI_IF_UNSPEC); assert(a); if (port != AVAHI_MDNS_PORT) return 0; return avahi_interface_has_address(s->monitor, iface, a); }",avahi,,,9176148039214321579746019169452377526,0 2322,['CWE-120'],"static void path_put_conditional(struct path *path, struct nameidata *nd) { dput(path->dentry); if (path->mnt != nd->path.mnt) mntput(path->mnt); }",linux-2.6,,,127242201292608657809530766909445776943,0 4769,CWE-415,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 1918,['CWE-20'],"static inline int pte_unmap_same(struct mm_struct *mm, pmd_t *pmd, pte_t *page_table, pte_t orig_pte) { int same = 1; #if defined(CONFIG_SMP) || defined(CONFIG_PREEMPT) if (sizeof(pte_t) > sizeof(unsigned long)) { spinlock_t *ptl = pte_lockptr(mm, pmd); spin_lock(ptl); same = pte_same(*page_table, orig_pte); spin_unlock(ptl); } #endif pte_unmap(page_table); return same; }",linux-2.6,,,139402356837316365873880641061786234851,0 3363,CWE-119,"static Image *ReadWPGImage(const ImageInfo *image_info, ExceptionInfo *exception) { typedef struct { size_t FileId; MagickOffsetType DataOffset; unsigned int ProductType; unsigned int FileType; unsigned char MajorVersion; unsigned char MinorVersion; unsigned int EncryptKey; unsigned int Reserved; } WPGHeader; typedef struct { unsigned char RecType; size_t RecordLength; } WPGRecord; typedef struct { unsigned char Class; unsigned char RecType; size_t Extension; size_t RecordLength; } WPG2Record; typedef struct { unsigned HorizontalUnits; unsigned VerticalUnits; unsigned char PosSizePrecision; } WPG2Start; typedef struct { unsigned int Width; unsigned int Height; unsigned int Depth; unsigned int HorzRes; unsigned int VertRes; } WPGBitmapType1; typedef struct { unsigned int Width; unsigned int Height; unsigned char Depth; unsigned char Compression; } WPG2BitmapType1; typedef struct { unsigned int RotAngle; unsigned int LowLeftX; unsigned int LowLeftY; unsigned int UpRightX; unsigned int UpRightY; unsigned int Width; unsigned int Height; unsigned int Depth; unsigned int HorzRes; unsigned int VertRes; } WPGBitmapType2; typedef struct { unsigned int StartIndex; unsigned int NumOfEntries; } WPGColorMapRec; Image *image; unsigned int status; WPGHeader Header; WPGRecord Rec; WPG2Record Rec2; WPG2Start StartWPG; WPGBitmapType1 BitmapHeader1; WPG2BitmapType1 Bitmap2Header1; WPGBitmapType2 BitmapHeader2; WPGColorMapRec WPG_Palette; int i, bpp, WPG2Flags; ssize_t ldblk; size_t one; unsigned char *BImgBuff; tCTM CTM; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); one=1; image=AcquireImage(image_info,exception); image->depth=8; status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } Header.FileId=ReadBlobLSBLong(image); Header.DataOffset=(MagickOffsetType) ReadBlobLSBLong(image); Header.ProductType=ReadBlobLSBShort(image); Header.FileType=ReadBlobLSBShort(image); Header.MajorVersion=ReadBlobByte(image); Header.MinorVersion=ReadBlobByte(image); Header.EncryptKey=ReadBlobLSBShort(image); Header.Reserved=ReadBlobLSBShort(image); if (Header.FileId!=0x435057FF || (Header.ProductType>>8)!=0x16) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (Header.EncryptKey!=0) ThrowReaderException(CoderError,""EncryptedWPGImageFileNotSupported""); image->columns = 1; image->rows = 1; image->colors = 0; bpp=0; BitmapHeader2.RotAngle=0; switch(Header.FileType) { case 1: while(!EOFBlob(image)) { (void) SeekBlob(image,Header.DataOffset,SEEK_SET); if(EOFBlob(image)) break; Rec.RecType=(i=ReadBlobByte(image)); if(i==EOF) break; Rd_WP_DWORD(image,&Rec.RecordLength); if(EOFBlob(image)) break; Header.DataOffset=TellBlob(image)+Rec.RecordLength; switch(Rec.RecType) { case 0x0B: BitmapHeader1.Width=ReadBlobLSBShort(image); BitmapHeader1.Height=ReadBlobLSBShort(image); if ((BitmapHeader1.Width == 0) || (BitmapHeader1.Height == 0)) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); BitmapHeader1.Depth=ReadBlobLSBShort(image); BitmapHeader1.HorzRes=ReadBlobLSBShort(image); BitmapHeader1.VertRes=ReadBlobLSBShort(image); if(BitmapHeader1.HorzRes && BitmapHeader1.VertRes) { image->units=PixelsPerCentimeterResolution; image->resolution.x=BitmapHeader1.HorzRes/470.0; image->resolution.y=BitmapHeader1.VertRes/470.0; } image->columns=BitmapHeader1.Width; image->rows=BitmapHeader1.Height; bpp=BitmapHeader1.Depth; goto UnpackRaster; case 0x0E: WPG_Palette.StartIndex=ReadBlobLSBShort(image); WPG_Palette.NumOfEntries=ReadBlobLSBShort(image); image->colors=WPG_Palette.NumOfEntries; if (!AcquireImageColormap(image,image->colors,exception)) goto NoMemory; for (i=WPG_Palette.StartIndex; i < (int)WPG_Palette.NumOfEntries; i++) { image->colormap[i].red=ScaleCharToQuantum((unsigned char) ReadBlobByte(image)); image->colormap[i].green=ScaleCharToQuantum((unsigned char) ReadBlobByte(image)); image->colormap[i].blue=ScaleCharToQuantum((unsigned char) ReadBlobByte(image)); } break; case 0x11: if(Rec.RecordLength > 8) image=ExtractPostscript(image,image_info, TellBlob(image)+8, (ssize_t) Rec.RecordLength-8,exception); break; case 0x14: BitmapHeader2.RotAngle=ReadBlobLSBShort(image); BitmapHeader2.LowLeftX=ReadBlobLSBShort(image); BitmapHeader2.LowLeftY=ReadBlobLSBShort(image); BitmapHeader2.UpRightX=ReadBlobLSBShort(image); BitmapHeader2.UpRightY=ReadBlobLSBShort(image); BitmapHeader2.Width=ReadBlobLSBShort(image); BitmapHeader2.Height=ReadBlobLSBShort(image); if ((BitmapHeader2.Width == 0) || (BitmapHeader2.Height == 0)) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); BitmapHeader2.Depth=ReadBlobLSBShort(image); BitmapHeader2.HorzRes=ReadBlobLSBShort(image); BitmapHeader2.VertRes=ReadBlobLSBShort(image); image->units=PixelsPerCentimeterResolution; image->page.width=(unsigned int) ((BitmapHeader2.LowLeftX-BitmapHeader2.UpRightX)/470.0); image->page.height=(unsigned int) ((BitmapHeader2.LowLeftX-BitmapHeader2.UpRightY)/470.0); image->page.x=(int) (BitmapHeader2.LowLeftX/470.0); image->page.y=(int) (BitmapHeader2.LowLeftX/470.0); if(BitmapHeader2.HorzRes && BitmapHeader2.VertRes) { image->resolution.x=BitmapHeader2.HorzRes/470.0; image->resolution.y=BitmapHeader2.VertRes/470.0; } image->columns=BitmapHeader2.Width; image->rows=BitmapHeader2.Height; bpp=BitmapHeader2.Depth; UnpackRaster: status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) break; if ((image->colors == 0) && (bpp != 24)) { image->colors=one << bpp; if (!AcquireImageColormap(image,image->colors,exception)) { NoMemory: ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); } for (i=0; (i < (int) image->colors) && (i < 256); i++) { image->colormap[i].red=ScaleCharToQuantum(WPG1_Palette[i].Red); image->colormap[i].green=ScaleCharToQuantum(WPG1_Palette[i].Green); image->colormap[i].blue=ScaleCharToQuantum(WPG1_Palette[i].Blue); } } else { if (bpp < 24) if ( (image->colors < (one << bpp)) && (bpp != 24) ) image->colormap=(PixelInfo *) ResizeQuantumMemory( image->colormap,(size_t) (one << bpp), sizeof(*image->colormap)); } if (bpp == 1) { if(image->colormap[0].red==0 && image->colormap[0].green==0 && image->colormap[0].blue==0 && image->colormap[1].red==0 && image->colormap[1].green==0 && image->colormap[1].blue==0) { image->colormap[1].red = image->colormap[1].green = image->colormap[1].blue = QuantumRange; } } if(UnpackWPGRaster(image,bpp,exception) < 0) { DecompressionFailed: ThrowReaderException(CoderError,""UnableToDecompressImage""); } if(Rec.RecType==0x14 && BitmapHeader2.RotAngle!=0 && !image_info->ping) { if(BitmapHeader2.RotAngle & 0x8000) { Image *flop_image; flop_image = FlopImage(image, exception); if (flop_image != (Image *) NULL) { DuplicateBlob(flop_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flop_image); } } if(BitmapHeader2.RotAngle & 0x2000) { Image *flip_image; flip_image = FlipImage(image, exception); if (flip_image != (Image *) NULL) { DuplicateBlob(flip_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flip_image); } } if(BitmapHeader2.RotAngle & 0x0FFF) { Image *rotate_image; rotate_image=RotateImage(image,(BitmapHeader2.RotAngle & 0x0FFF), exception); if (rotate_image != (Image *) NULL) { DuplicateBlob(rotate_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,rotate_image); } } } AcquireNextImage(image_info,image,exception); image->depth=8; if (image->next == (Image *) NULL) goto Finish; image=SyncNextImageInList(image); image->columns=image->rows=1; image->colors=0; break; case 0x1B: if(Rec.RecordLength>0x3C) image=ExtractPostscript(image,image_info, TellBlob(image)+0x3C, (ssize_t) Rec.RecordLength-0x3C,exception); break; } } break; case 2: (void) memset(CTM,0,sizeof(CTM)); StartWPG.PosSizePrecision = 0; while(!EOFBlob(image)) { (void) SeekBlob(image,Header.DataOffset,SEEK_SET); if(EOFBlob(image)) break; Rec2.Class=(i=ReadBlobByte(image)); if(i==EOF) break; Rec2.RecType=(i=ReadBlobByte(image)); if(i==EOF) break; Rd_WP_DWORD(image,&Rec2.Extension); Rd_WP_DWORD(image,&Rec2.RecordLength); if(EOFBlob(image)) break; Header.DataOffset=TellBlob(image)+Rec2.RecordLength; switch(Rec2.RecType) { case 1: StartWPG.HorizontalUnits=ReadBlobLSBShort(image); StartWPG.VerticalUnits=ReadBlobLSBShort(image); StartWPG.PosSizePrecision=ReadBlobByte(image); break; case 0x0C: WPG_Palette.StartIndex=ReadBlobLSBShort(image); WPG_Palette.NumOfEntries=ReadBlobLSBShort(image); image->colors=WPG_Palette.NumOfEntries; if (AcquireImageColormap(image,image->colors,exception) == MagickFalse) ThrowReaderException(ResourceLimitError, ""MemoryAllocationFailed""); for (i=WPG_Palette.StartIndex; i < (int)WPG_Palette.NumOfEntries; i++) { image->colormap[i].red=ScaleCharToQuantum((char) ReadBlobByte(image)); image->colormap[i].green=ScaleCharToQuantum((char) ReadBlobByte(image)); image->colormap[i].blue=ScaleCharToQuantum((char) ReadBlobByte(image)); (void) ReadBlobByte(image); } break; case 0x0E: Bitmap2Header1.Width=ReadBlobLSBShort(image); Bitmap2Header1.Height=ReadBlobLSBShort(image); if ((Bitmap2Header1.Width == 0) || (Bitmap2Header1.Height == 0)) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); Bitmap2Header1.Depth=ReadBlobByte(image); Bitmap2Header1.Compression=ReadBlobByte(image); if(Bitmap2Header1.Compression > 1) continue; switch(Bitmap2Header1.Depth) { case 1: bpp=1; break; case 2: bpp=2; break; case 3: bpp=4; break; case 4: bpp=8; break; case 8: bpp=24; break; default: continue; } image->columns=Bitmap2Header1.Width; image->rows=Bitmap2Header1.Height; status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) break; if ((image->colors == 0) && (bpp != 24)) { size_t one; one=1; image->colors=one << bpp; if (!AcquireImageColormap(image,image->colors,exception)) goto NoMemory; } else { if(bpp < 24) if( image->colors<(one << bpp) && bpp!=24 ) image->colormap=(PixelInfo *) ResizeQuantumMemory( image->colormap,(size_t) (one << bpp), sizeof(*image->colormap)); } switch(Bitmap2Header1.Compression) { case 0: { ldblk=(ssize_t) ((bpp*image->columns+7)/8); BImgBuff=(unsigned char *) AcquireQuantumMemory((size_t) ldblk+1,sizeof(*BImgBuff)); if (BImgBuff == (unsigned char *) NULL) goto NoMemory; for(i=0; i< (ssize_t) image->rows; i++) { (void) ReadBlob(image,ldblk,BImgBuff); InsertRow(image,BImgBuff,i,bpp,exception); } if(BImgBuff) BImgBuff=(unsigned char *) RelinquishMagickMemory(BImgBuff); break; } case 1: { if( UnpackWPG2Raster(image,bpp,exception) < 0) goto DecompressionFailed; break; } } if(CTM[0][0]<0 && !image_info->ping) { Image *flop_image; flop_image = FlopImage(image, exception); if (flop_image != (Image *) NULL) { DuplicateBlob(flop_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flop_image); } } if(CTM[1][1]<0 && !image_info->ping) { Image *flip_image; flip_image = FlipImage(image, exception); if (flip_image != (Image *) NULL) { DuplicateBlob(flip_image,image); (void) RemoveLastImageFromList(&image); AppendImageToList(&image,flip_image); } } AcquireNextImage(image_info,image,exception); image->depth=8; if (image->next == (Image *) NULL) goto Finish; image=SyncNextImageInList(image); image->columns=image->rows=1; image->colors=0; break; case 0x12: i=ReadBlobLSBShort(image); if(Rec2.RecordLength > (unsigned int) i) image=ExtractPostscript(image,image_info, TellBlob(image)+i, (ssize_t) (Rec2.RecordLength-i-2),exception); break; case 0x1B: WPG2Flags = LoadWPG2Flags(image,StartWPG.PosSizePrecision,NULL,&CTM); (void) WPG2Flags; break; } } break; default: { ThrowReaderException(CoderError,""DataEncodingSchemeIsNotSupported""); } } Finish: (void) CloseBlob(image); { Image *p; ssize_t scene=0; p=image; image=NULL; while (p != (Image *) NULL) { Image *tmp=p; if ((p->rows == 0) || (p->columns == 0)) { p=p->previous; DeleteImageFromList(&tmp); } else { image=p; p=p->previous; } } for (p=image; p != (Image *) NULL; p=p->next) p->scene=(size_t) scene++; } if (image == (Image *) NULL) ThrowReaderException(CorruptImageError, ""ImageFileDoesNotContainAnyImageData""); return(image); }",visit repo url,coders/wpg.c,https://github.com/ImageMagick/ImageMagick,258878792053496,1 1227,[],"free_pattern_buffer (struct re_pattern_buffer *buf, struct re_registers *regs) { regfree (buf); free (regs->start); free (regs->end); }",m4,,,304970258968278478654142483216978927256,0 4348,CWE-358,"DefragIPv4TooLargeTest(void) { DefragContext *dc = NULL; Packet *p = NULL; int ret = 0; DefragInit(); dc = DefragContextNew(); if (dc == NULL) goto end; p = BuildTestPacket(1, 8183, 0, 'A', 71); if (p == NULL) goto end; if (Defrag(NULL, NULL, p, NULL) != NULL) goto end; if (!ENGINE_ISSET_EVENT(p, IPV4_FRAG_PKT_TOO_LARGE)) goto end; if (dc->frag_pool->outstanding != 0) return 0; ret = 1; end: if (dc != NULL) DefragContextDestroy(dc); if (p != NULL) SCFree(p); DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,9597830261725,1 260,[],"ret_einval(unsigned int fd, unsigned int cmd, unsigned long arg) { return -EINVAL; }",linux-2.6,,,13123033153607873008213000319791302615,0 2285,['CWE-120'],"int page_symlink(struct inode *inode, const char *symname, int len) { return __page_symlink(inode, symname, len, mapping_gfp_mask(inode->i_mapping)); }",linux-2.6,,,3759261678936718338142901432621248464,0 3451,CWE-193,"int tmx_check_pretran(sip_msg_t *msg) { unsigned int chid; unsigned int slotid; int dsize; struct via_param *vbr; str scallid; str scseqmet; str scseqnum; str sftag; str svbranch = {NULL, 0}; pretran_t *it; if(_tmx_ptran_table==NULL) { LM_ERR(""pretran hash table not initialized yet\n""); return -1; } if(get_route_type()!=REQUEST_ROUTE) { LM_ERR(""invalid usage - not in request route\n""); return -1; } if(msg->first_line.type!=SIP_REQUEST) { LM_ERR(""invalid usage - not a sip request\n""); return -1; } if(parse_headers(msg, HDR_FROM_F|HDR_VIA1_F|HDR_CALLID_F|HDR_CSEQ_F, 0)<0) { LM_ERR(""failed to parse required headers\n""); return -1; } if(msg->cseq==NULL || msg->cseq->parsed==NULL) { LM_ERR(""failed to parse cseq headers\n""); return -1; } if(get_cseq(msg)->method_id==METHOD_ACK || get_cseq(msg)->method_id==METHOD_CANCEL) { LM_DBG(""no pre-transaction management for ACK or CANCEL\n""); return -1; } if (msg->via1==0) { LM_ERR(""failed to get Via header\n""); return -1; } if (parse_from_header(msg)<0 || get_from(msg)->tag_value.len==0) { LM_ERR(""failed to get From header\n""); return -1; } if (msg->callid==NULL || msg->callid->body.s==NULL) { LM_ERR(""failed to parse callid headers\n""); return -1; } vbr = msg->via1->branch; scallid = msg->callid->body; trim(&scallid); scseqmet = get_cseq(msg)->method; trim(&scseqmet); scseqnum = get_cseq(msg)->number; trim(&scseqnum); sftag = get_from(msg)->tag_value; trim(&sftag); chid = get_hash1_raw(msg->callid->body.s, msg->callid->body.len); slotid = chid & (_tmx_ptran_size-1); if(unlikely(_tmx_proc_ptran == NULL)) { _tmx_proc_ptran = (pretran_t*)shm_malloc(sizeof(pretran_t)); if(_tmx_proc_ptran == NULL) { LM_ERR(""not enough memory for pretran structure\n""); return -1; } memset(_tmx_proc_ptran, 0, sizeof(pretran_t)); _tmx_proc_ptran->pid = my_pid(); } dsize = scallid.len + scseqnum.len + scseqmet.len + sftag.len + 4; if(likely(vbr!=NULL)) { svbranch = vbr->value; trim(&svbranch); dsize += svbranch.len; } if(dsize<256) dsize = 256; tmx_pretran_unlink(); if(dsize > _tmx_proc_ptran->dbuf.len) { if(_tmx_proc_ptran->dbuf.s) shm_free(_tmx_proc_ptran->dbuf.s); _tmx_proc_ptran->dbuf.s = (char*)shm_malloc(dsize); if(_tmx_proc_ptran->dbuf.s==NULL) { LM_ERR(""not enough memory for pretran data\n""); return -1; } _tmx_proc_ptran->dbuf.len = dsize; } _tmx_proc_ptran->hid = chid; _tmx_proc_ptran->cseqmetid = (get_cseq(msg))->method_id; _tmx_proc_ptran->callid.s = _tmx_proc_ptran->dbuf.s; memcpy(_tmx_proc_ptran->callid.s, scallid.s, scallid.len); _tmx_proc_ptran->callid.len = scallid.len; _tmx_proc_ptran->callid.s[_tmx_proc_ptran->callid.len] = '\0'; _tmx_proc_ptran->ftag.s = _tmx_proc_ptran->callid.s + _tmx_proc_ptran->callid.len + 1; memcpy(_tmx_proc_ptran->ftag.s, sftag.s, sftag.len); _tmx_proc_ptran->ftag.len = sftag.len; _tmx_proc_ptran->ftag.s[_tmx_proc_ptran->ftag.len] = '\0'; _tmx_proc_ptran->cseqnum.s = _tmx_proc_ptran->ftag.s + _tmx_proc_ptran->ftag.len + 1; memcpy(_tmx_proc_ptran->cseqnum.s, scseqnum.s, scseqnum.len); _tmx_proc_ptran->cseqnum.len = scseqnum.len; _tmx_proc_ptran->cseqnum.s[_tmx_proc_ptran->cseqnum.len] = '\0'; _tmx_proc_ptran->cseqmet.s = _tmx_proc_ptran->cseqnum.s + _tmx_proc_ptran->cseqnum.len + 1; memcpy(_tmx_proc_ptran->cseqmet.s, scseqmet.s, scseqmet.len); _tmx_proc_ptran->cseqmet.len = scseqmet.len; _tmx_proc_ptran->cseqmet.s[_tmx_proc_ptran->cseqmet.len] = '\0'; if(likely(vbr!=NULL)) { _tmx_proc_ptran->vbranch.s = _tmx_proc_ptran->cseqmet.s + _tmx_proc_ptran->cseqmet.len + 1; memcpy(_tmx_proc_ptran->vbranch.s, svbranch.s, svbranch.len); _tmx_proc_ptran->vbranch.len = svbranch.len; _tmx_proc_ptran->vbranch.s[_tmx_proc_ptran->vbranch.len] = '\0'; } else { _tmx_proc_ptran->vbranch.s = NULL; _tmx_proc_ptran->vbranch.len = 0; } lock_get(&_tmx_ptran_table[slotid].lock); it = _tmx_ptran_table[slotid].plist; tmx_pretran_link_safe(slotid); for(; it!=NULL; it=it->next) { if(_tmx_proc_ptran->hid != it->hid || _tmx_proc_ptran->cseqmetid != it->cseqmetid || _tmx_proc_ptran->callid.len != it->callid.len || _tmx_proc_ptran->ftag.len != it->ftag.len || _tmx_proc_ptran->cseqmet.len != it->cseqmet.len || _tmx_proc_ptran->cseqnum.len != it->cseqnum.len) continue; if(_tmx_proc_ptran->vbranch.s != NULL && it->vbranch.s != NULL) { if(_tmx_proc_ptran->vbranch.len != it->vbranch.len) continue; if(_tmx_proc_ptran->vbranch.s[it->vbranch.len-1] != it->vbranch.s[it->vbranch.len-1]) continue; if(memcmp(_tmx_proc_ptran->vbranch.s, it->vbranch.s, it->vbranch.len)!=0) continue; } if(memcmp(_tmx_proc_ptran->callid.s, it->callid.s, it->callid.len)!=0 || memcmp(_tmx_proc_ptran->ftag.s, it->ftag.s, it->ftag.len)!=0 || memcmp(_tmx_proc_ptran->cseqnum.s, it->cseqnum.s, it->cseqnum.len)!=0) continue; if((it->cseqmetid==METHOD_OTHER || it->cseqmetid==METHOD_UNDEF) && memcmp(_tmx_proc_ptran->cseqmet.s, it->cseqmet.s, it->cseqmet.len)!=0) continue; LM_DBG(""matched another pre-transaction by pid %d for [%.*s]\n"", it->pid, it->callid.len, it->callid.s); lock_release(&_tmx_ptran_table[slotid].lock); return 1; } lock_release(&_tmx_ptran_table[slotid].lock); return 0; }",visit repo url,src/modules/tmx/tmx_pretran.c,https://github.com/kamailio/kamailio,246797150588674,1 2643,CWE-125,"PHP_FUNCTION(locale_lookup) { char* fallback_loc = NULL; int fallback_loc_len = 0; const char* loc_range = NULL; int loc_range_len = 0; zval* arr = NULL; HashTable* hash_arr = NULL; zend_bool boolCanonical = 0; char* result =NULL; intl_error_reset( NULL TSRMLS_CC ); if(zend_parse_parameters( ZEND_NUM_ARGS() TSRMLS_CC, ""as|bs"", &arr, &loc_range, &loc_range_len, &boolCanonical, &fallback_loc, &fallback_loc_len) == FAILURE) { intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ""locale_lookup: unable to parse input params"", 0 TSRMLS_CC ); RETURN_FALSE; } if(loc_range_len == 0) { loc_range = intl_locale_get_default(TSRMLS_C); } hash_arr = HASH_OF(arr); if( !hash_arr || zend_hash_num_elements( hash_arr ) == 0 ) { RETURN_EMPTY_STRING(); } result = lookup_loc_range(loc_range, hash_arr, boolCanonical TSRMLS_CC); if(result == NULL || result[0] == '\0') { if( fallback_loc ) { result = estrndup(fallback_loc, fallback_loc_len); } else { RETURN_EMPTY_STRING(); } } RETVAL_STRINGL(result, strlen(result), 0); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,20635317323828,1 3200,['CWE-189'],"static int jas_iccattrtab_add(jas_iccattrtab_t *attrtab, int i, jas_iccuint32_t name, jas_iccattrval_t *val) { int n; jas_iccattr_t *attr; jas_iccattrval_t *tmpattrval; tmpattrval = 0; if (i < 0) { i = attrtab->numattrs; } assert(i >= 0 && i <= attrtab->numattrs); if (attrtab->numattrs >= attrtab->maxattrs) { if (jas_iccattrtab_resize(attrtab, attrtab->numattrs + 32)) { goto error; } } if (!(tmpattrval = jas_iccattrval_clone(val))) goto error; n = attrtab->numattrs - i; if (n > 0) memmove(&attrtab->attrs[i + 1], &attrtab->attrs[i], n * sizeof(jas_iccattr_t)); attr = &attrtab->attrs[i]; attr->name = name; attr->val = tmpattrval; ++attrtab->numattrs; return 0; error: if (tmpattrval) jas_iccattrval_destroy(tmpattrval); return -1; }",jasper,,,285511527370768700038858162716895292534,0 5125,['CWE-20'],"static int __init vmx_init(void) { void *va; int r; vmx_io_bitmap_a = alloc_page(GFP_KERNEL | __GFP_HIGHMEM); if (!vmx_io_bitmap_a) return -ENOMEM; vmx_io_bitmap_b = alloc_page(GFP_KERNEL | __GFP_HIGHMEM); if (!vmx_io_bitmap_b) { r = -ENOMEM; goto out; } vmx_msr_bitmap = alloc_page(GFP_KERNEL | __GFP_HIGHMEM); if (!vmx_msr_bitmap) { r = -ENOMEM; goto out1; } va = kmap(vmx_io_bitmap_a); memset(va, 0xff, PAGE_SIZE); clear_bit(0x80, va); kunmap(vmx_io_bitmap_a); va = kmap(vmx_io_bitmap_b); memset(va, 0xff, PAGE_SIZE); kunmap(vmx_io_bitmap_b); va = kmap(vmx_msr_bitmap); memset(va, 0xff, PAGE_SIZE); kunmap(vmx_msr_bitmap); set_bit(0, vmx_vpid_bitmap); r = kvm_init(&vmx_x86_ops, sizeof(struct vcpu_vmx), THIS_MODULE); if (r) goto out2; vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_FS_BASE); vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_GS_BASE); vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_IA32_SYSENTER_CS); vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_IA32_SYSENTER_ESP); vmx_disable_intercept_for_msr(vmx_msr_bitmap, MSR_IA32_SYSENTER_EIP); if (vm_need_ept()) { bypass_guest_pf = 0; kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK | VMX_EPT_WRITABLE_MASK); kvm_mmu_set_mask_ptes(0ull, 0ull, 0ull, 0ull, VMX_EPT_EXECUTABLE_MASK, VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT); kvm_enable_tdp(); } else kvm_disable_tdp(); if (bypass_guest_pf) kvm_mmu_set_nonpresent_ptes(~0xffeull, 0ull); ept_sync_global(); return 0; out2: __free_page(vmx_msr_bitmap); out1: __free_page(vmx_io_bitmap_b); out: __free_page(vmx_io_bitmap_a); return r; }",linux-2.6,,,336182528555265211818857407346812567467,0 824,CWE-20,"static int packet_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied, err; struct sockaddr_ll *sll; int vnet_hdr_len = 0; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT|MSG_ERRQUEUE)) goto out; #if 0 if (pkt_sk(sk)->ifindex < 0) return -ENODEV; #endif if (flags & MSG_ERRQUEUE) { err = sock_recv_errqueue(sk, msg, len, SOL_PACKET, PACKET_TX_TIMESTAMP); goto out; } skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (pkt_sk(sk)->has_vnet_hdr) { struct virtio_net_hdr vnet_hdr = { 0 }; err = -EINVAL; vnet_hdr_len = sizeof(vnet_hdr); if (len < vnet_hdr_len) goto out_free; len -= vnet_hdr_len; if (skb_is_gso(skb)) { struct skb_shared_info *sinfo = skb_shinfo(skb); vnet_hdr.hdr_len = skb_headlen(skb); vnet_hdr.gso_size = sinfo->gso_size; if (sinfo->gso_type & SKB_GSO_TCPV4) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV4; else if (sinfo->gso_type & SKB_GSO_TCPV6) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV6; else if (sinfo->gso_type & SKB_GSO_UDP) vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_UDP; else if (sinfo->gso_type & SKB_GSO_FCOE) goto out_free; else BUG(); if (sinfo->gso_type & SKB_GSO_TCP_ECN) vnet_hdr.gso_type |= VIRTIO_NET_HDR_GSO_ECN; } else vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE; if (skb->ip_summed == CHECKSUM_PARTIAL) { vnet_hdr.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; vnet_hdr.csum_start = skb_checksum_start_offset(skb); vnet_hdr.csum_offset = skb->csum_offset; } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) { vnet_hdr.flags = VIRTIO_NET_HDR_F_DATA_VALID; } err = memcpy_toiovec(msg->msg_iov, (void *)&vnet_hdr, vnet_hdr_len); if (err < 0) goto out_free; } sll = &PACKET_SKB_CB(skb)->sa.ll; if (sock->type == SOCK_PACKET) msg->msg_namelen = sizeof(struct sockaddr_pkt); else msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr); copied = skb->len; if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, msg->msg_namelen); if (pkt_sk(sk)->auxdata) { struct tpacket_auxdata aux; aux.tp_status = TP_STATUS_USER; if (skb->ip_summed == CHECKSUM_PARTIAL) aux.tp_status |= TP_STATUS_CSUMNOTREADY; aux.tp_len = PACKET_SKB_CB(skb)->origlen; aux.tp_snaplen = skb->len; aux.tp_mac = 0; aux.tp_net = skb_network_offset(skb); if (vlan_tx_tag_present(skb)) { aux.tp_vlan_tci = vlan_tx_tag_get(skb); aux.tp_status |= TP_STATUS_VLAN_VALID; } else { aux.tp_vlan_tci = 0; } aux.tp_padding = 0; put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux); } err = vnet_hdr_len + ((flags&MSG_TRUNC) ? skb->len : copied); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,197620869737506,1 3274,CWE-125,"ikev1_id_print(netdissect_options *ndo, u_char tpay _U_, const struct isakmp_gen *ext, u_int item_len, const u_char *ep _U_, uint32_t phase, uint32_t doi _U_, uint32_t proto _U_, int depth _U_) { #define USE_IPSECDOI_IN_PHASE1 1 const struct ikev1_pl_id *p; struct ikev1_pl_id id; static const char *idtypestr[] = { ""IPv4"", ""IPv4net"", ""IPv6"", ""IPv6net"", }; static const char *ipsecidtypestr[] = { NULL, ""IPv4"", ""FQDN"", ""user FQDN"", ""IPv4net"", ""IPv6"", ""IPv6net"", ""IPv4range"", ""IPv6range"", ""ASN1 DN"", ""ASN1 GN"", ""keyid"", }; int len; const u_char *data; ND_PRINT((ndo,""%s:"", NPSTR(ISAKMP_NPTYPE_ID))); p = (const struct ikev1_pl_id *)ext; ND_TCHECK(*p); UNALIGNED_MEMCPY(&id, ext, sizeof(id)); if (sizeof(*p) < item_len) { data = (const u_char *)(p + 1); len = item_len - sizeof(*p); } else { data = NULL; len = 0; } #if 0 ND_PRINT((ndo,"" [phase=%d doi=%d proto=%d]"", phase, doi, proto)); #endif switch (phase) { #ifndef USE_IPSECDOI_IN_PHASE1 case 1: #endif default: ND_PRINT((ndo,"" idtype=%s"", STR_OR_ID(id.d.id_type, idtypestr))); ND_PRINT((ndo,"" doi_data=%u"", (uint32_t)(ntohl(id.d.doi_data) & 0xffffff))); break; #ifdef USE_IPSECDOI_IN_PHASE1 case 1: #endif case 2: { const struct ipsecdoi_id *doi_p; struct ipsecdoi_id doi_id; const char *p_name; doi_p = (const struct ipsecdoi_id *)ext; ND_TCHECK(*doi_p); UNALIGNED_MEMCPY(&doi_id, ext, sizeof(doi_id)); ND_PRINT((ndo,"" idtype=%s"", STR_OR_ID(doi_id.type, ipsecidtypestr))); if (!ndo->ndo_nflag && doi_id.proto_id && (p_name = netdb_protoname(doi_id.proto_id)) != NULL) ND_PRINT((ndo,"" protoid=%s"", p_name)); else ND_PRINT((ndo,"" protoid=%u"", doi_id.proto_id)); ND_PRINT((ndo,"" port=%d"", ntohs(doi_id.port))); if (!len) break; if (data == NULL) goto trunc; ND_TCHECK2(*data, len); switch (doi_id.type) { case IPSECDOI_ID_IPV4_ADDR: if (len < 4) ND_PRINT((ndo,"" len=%d [bad: < 4]"", len)); else ND_PRINT((ndo,"" len=%d %s"", len, ipaddr_string(ndo, data))); len = 0; break; case IPSECDOI_ID_FQDN: case IPSECDOI_ID_USER_FQDN: { int i; ND_PRINT((ndo,"" len=%d "", len)); for (i = 0; i < len; i++) safeputchar(ndo, data[i]); len = 0; break; } case IPSECDOI_ID_IPV4_ADDR_SUBNET: { const u_char *mask; if (len < 8) ND_PRINT((ndo,"" len=%d [bad: < 8]"", len)); else { mask = data + sizeof(struct in_addr); ND_PRINT((ndo,"" len=%d %s/%u.%u.%u.%u"", len, ipaddr_string(ndo, data), mask[0], mask[1], mask[2], mask[3])); } len = 0; break; } case IPSECDOI_ID_IPV6_ADDR: if (len < 16) ND_PRINT((ndo,"" len=%d [bad: < 16]"", len)); else ND_PRINT((ndo,"" len=%d %s"", len, ip6addr_string(ndo, data))); len = 0; break; case IPSECDOI_ID_IPV6_ADDR_SUBNET: { const u_char *mask; if (len < 20) ND_PRINT((ndo,"" len=%d [bad: < 20]"", len)); else { mask = (const u_char *)(data + sizeof(struct in6_addr)); ND_PRINT((ndo,"" len=%d %s/0x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"", len, ip6addr_string(ndo, data), mask[0], mask[1], mask[2], mask[3], mask[4], mask[5], mask[6], mask[7], mask[8], mask[9], mask[10], mask[11], mask[12], mask[13], mask[14], mask[15])); } len = 0; break; } case IPSECDOI_ID_IPV4_ADDR_RANGE: if (len < 8) ND_PRINT((ndo,"" len=%d [bad: < 8]"", len)); else { ND_PRINT((ndo,"" len=%d %s-%s"", len, ipaddr_string(ndo, data), ipaddr_string(ndo, data + sizeof(struct in_addr)))); } len = 0; break; case IPSECDOI_ID_IPV6_ADDR_RANGE: if (len < 32) ND_PRINT((ndo,"" len=%d [bad: < 32]"", len)); else { ND_PRINT((ndo,"" len=%d %s-%s"", len, ip6addr_string(ndo, data), ip6addr_string(ndo, data + sizeof(struct in6_addr)))); } len = 0; break; case IPSECDOI_ID_DER_ASN1_DN: case IPSECDOI_ID_DER_ASN1_GN: case IPSECDOI_ID_KEY_ID: break; } break; } } if (data && len) { ND_PRINT((ndo,"" len=%d"", len)); if (2 < ndo->ndo_vflag) { ND_PRINT((ndo,"" "")); if (!rawprint(ndo, (const uint8_t *)data, len)) goto trunc; } } return (const u_char *)ext + item_len; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(ISAKMP_NPTYPE_ID))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,24917883442192,1 6445,[],"try_dlopen (lt_dlhandle *phandle, const char *filename, const char *ext, lt_dladvise advise) { const char * saved_error = 0; char * archive_name = 0; char * canonical = 0; char * base_name = 0; char * dir = 0; char * name = 0; char * attempt = 0; int errors = 0; lt_dlhandle newhandle; assert (phandle); assert (*phandle == 0); #ifdef LT_DEBUG_LOADERS fprintf (stderr, ""try_dlopen (%s, %s)\n"", filename ? filename : ""(null)"", ext ? ext : ""(null)""); #endif LT__GETERROR (saved_error); if (!filename) { *phandle = (lt_dlhandle) lt__zalloc (sizeof (struct lt__handle)); if (*phandle == 0) return 1; newhandle = *phandle; newhandle->info.is_resident = 1; if (tryall_dlopen (&newhandle, 0, advise, 0) != 0) { FREE (*phandle); return 1; } goto register_handle; } assert (filename && *filename); if (ext) { attempt = MALLOC (char, LT_STRLEN (filename) + LT_STRLEN (ext) + 1); if (!attempt) return 1; sprintf(attempt, ""%s%s"", filename, ext); } else { attempt = lt__strdup (filename); if (!attempt) return 1; } if (canonicalize_path (attempt, &canonical) != 0) { ++errors; goto cleanup; } base_name = strrchr (canonical, '/'); if (base_name) { size_t dirlen = (1+ base_name) - canonical; dir = MALLOC (char, 1+ dirlen); if (!dir) { ++errors; goto cleanup; } strncpy (dir, canonical, dirlen); dir[dirlen] = LT_EOS_CHAR; ++base_name; } else MEMREASSIGN (base_name, canonical); assert (base_name && *base_name); ext = strrchr (base_name, '.'); if (!ext) { ext = base_name + LT_STRLEN (base_name); } name = MALLOC (char, ext - base_name + 1); if (!name) { ++errors; goto cleanup; } { int i; for (i = 0; i < ext - base_name; ++i) { if (isalnum ((unsigned char)(base_name[i]))) { name[i] = base_name[i]; } else { name[i] = '_'; } } name[ext - base_name] = LT_EOS_CHAR; } if (!dir) { const lt_dlvtable *vtable = lt_dlloader_find (""lt_preopen""); if (vtable) { archive_name = MALLOC (char, LT_STRLEN (name) + strlen (libext) + 2); *phandle = (lt_dlhandle) lt__zalloc (sizeof (struct lt__handle)); if ((*phandle == NULL) || (archive_name == NULL)) { ++errors; goto cleanup; } newhandle = *phandle; sprintf (archive_name, ""%s.%s"", name, libext); if (tryall_dlopen (&newhandle, archive_name, advise, vtable) == 0) { goto register_handle; } FREE (*phandle); newhandle = NULL; } } if (advise && advise->try_preload_only) { goto cleanup; } if (ext && streq (ext, archive_ext)) { FILE * file = 0; char * dlname = 0; char * old_name = 0; char * libdir = 0; char * deplibs = 0; int installed = 1; if (!dir) { const char *search_path = user_search_path; if (search_path) file = find_file (user_search_path, base_name, &dir); if (!file) { search_path = getenv (LTDL_SEARCHPATH_VAR); if (search_path) file = find_file (search_path, base_name, &dir); } #if defined(LT_MODULE_PATH_VAR) if (!file) { search_path = getenv (LT_MODULE_PATH_VAR); if (search_path) file = find_file (search_path, base_name, &dir); } #endif #if defined(LT_DLSEARCH_PATH) if (!file && *sys_dlsearch_path) { file = find_file (sys_dlsearch_path, base_name, &dir); } #endif } else { file = fopen (attempt, LT_READTEXT_MODE); } if (!file) { LT__SETERROR (FILE_NOT_FOUND); ++errors; goto cleanup; } if (parse_dotla_file(file, &dlname, &libdir, &deplibs, &old_name, &installed) != 0) ++errors; fclose (file); *phandle = (lt_dlhandle) lt__zalloc (sizeof (struct lt__handle)); if (*phandle == 0) ++errors; if (errors) { FREE (dlname); FREE (old_name); FREE (libdir); FREE (deplibs); FREE (*phandle); goto cleanup; } assert (*phandle); if (load_deplibs (*phandle, deplibs) == 0) { newhandle = *phandle; if (find_module (&newhandle, dir, libdir, dlname, old_name, installed, advise)) { unload_deplibs (*phandle); ++errors; } } else { ++errors; } FREE (dlname); FREE (old_name); FREE (libdir); FREE (deplibs); if (errors) { FREE (*phandle); goto cleanup; } if (*phandle != newhandle) { unload_deplibs (*phandle); } } else { *phandle = (lt_dlhandle) lt__zalloc (sizeof (struct lt__handle)); if (*phandle == 0) { ++errors; goto cleanup; } newhandle = *phandle; if ((dir || (!find_handle (user_search_path, base_name, &newhandle, advise) && !find_handle (getenv (LTDL_SEARCHPATH_VAR), base_name, &newhandle, advise) #if defined(LT_MODULE_PATH_VAR) && !find_handle (getenv (LT_MODULE_PATH_VAR), base_name, &newhandle, advise) #endif #if defined(LT_DLSEARCH_PATH) && !find_handle (sys_dlsearch_path, base_name, &newhandle, advise) #endif ))) { if (tryall_dlopen (&newhandle, attempt, advise, 0) != 0) { newhandle = NULL; } } if (!newhandle) { FREE (*phandle); ++errors; goto cleanup; } } register_handle: MEMREASSIGN (*phandle, newhandle); if ((*phandle)->info.ref_count == 0) { (*phandle)->info.ref_count = 1; MEMREASSIGN ((*phandle)->info.name, name); (*phandle)->next = handles; handles = *phandle; } LT__SETERRORSTR (saved_error); cleanup: FREE (dir); FREE (attempt); FREE (name); if (!canonical) FREE (base_name); FREE (canonical); FREE (archive_name); return errors; }",libtool,,,231937319562821927860508006678342501009,0 4282,['CWE-264'],"void __cleanup_sighand(struct sighand_struct *sighand) { if (atomic_dec_and_test(&sighand->count)) kmem_cache_free(sighand_cachep, sighand); }",linux-2.6,,,223634987702383674647397763522323704366,0 1132,['CWE-399'],"static int s390_compat_regs_get(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, void *kbuf, void __user *ubuf) { if (target == current) save_access_regs(target->thread.acrs); if (kbuf) { compat_ulong_t *k = kbuf; while (count > 0) { *k++ = __peek_user_compat(target, pos); count -= sizeof(*k); pos += sizeof(*k); } } else { compat_ulong_t __user *u = ubuf; while (count > 0) { if (__put_user(__peek_user_compat(target, pos), u++)) return -EFAULT; count -= sizeof(*u); pos += sizeof(*u); } } return 0; }",linux-2.6,,,294828555483919973347935713118528935514,0 1816,[],"static inline int hrtick_enabled(struct rq *rq) { if (!sched_feat(HRTICK)) return 0; return hrtimer_is_hres_active(&rq->hrtick_timer); }",linux-2.6,,,61634073672712026373155963129349638956,0 6217,['CWE-200'],"static struct tcf_proto_ops * tcf_proto_lookup_ops(struct rtattr *kind) { struct tcf_proto_ops *t = NULL; if (kind) { read_lock(&cls_mod_lock); for (t = tcf_proto_base; t; t = t->next) { if (rtattr_strcmp(kind, t->kind) == 0) { if (!try_module_get(t->owner)) t = NULL; break; } } read_unlock(&cls_mod_lock); } return t; }",linux-2.6,,,120453115995152887058145541232719996731,0 8,CWE-255,"kadm5_randkey_principal_3(void *server_handle, krb5_principal principal, krb5_boolean keepold, int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, krb5_keyblock **keyblocks, int *n_keys) { krb5_db_entry *kdb; osa_princ_ent_rec adb; krb5_int32 now; kadm5_policy_ent_rec pol; int ret, last_pwd; krb5_boolean have_pol = FALSE; kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; krb5_kvno act_kvno; int new_n_ks_tuple = 0; krb5_key_salt_tuple *new_ks_tuple = NULL; if (keyblocks) *keyblocks = NULL; CHECK_HANDLE(server_handle); krb5_clear_error_message(handle->context); if (principal == NULL) return EINVAL; if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) return(ret); ret = apply_keysalt_policy(handle, adb.policy, n_ks_tuple, ks_tuple, &new_n_ks_tuple, &new_ks_tuple); if (ret) goto done; if (krb5_principal_compare(handle->context, principal, hist_princ)) { if (keepold) return KADM5_PROTECT_PRINCIPAL; new_n_ks_tuple = 1; } ret = kdb_get_active_mkey(handle, &act_kvno, &act_mkey); if (ret) goto done; ret = krb5_dbe_crk(handle->context, act_mkey, new_ks_tuple, new_n_ks_tuple, keepold, kdb); if (ret) goto done; ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno); if (ret) goto done; kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(handle->context, &now); if (ret) goto done; if ((adb.aux_attributes & KADM5_POLICY)) { ret = get_policy(handle, adb.policy, &pol, &have_pol); if (ret) goto done; } if (have_pol) { ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb, &last_pwd); if (ret) goto done; #if 0 if((now - last_pwd) < pol.pw_min_life && !(kdb->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { ret = KADM5_PASS_TOOSOON; goto done; } #endif if (pol.pw_max_life) kdb->pw_expiration = now + pol.pw_max_life; else kdb->pw_expiration = 0; } else { kdb->pw_expiration = 0; } ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now); if (ret) goto done; kdb->fail_auth_count = 0; if (keyblocks) { ret = decrypt_key_data(handle->context, kdb->n_key_data, kdb->key_data, keyblocks, n_keys); if (ret) goto done; } kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT; ; ret = k5_kadm5_hook_chpass(handle->context, handle->hook_handles, KADM5_HOOK_STAGE_PRECOMMIT, principal, keepold, new_n_ks_tuple, new_ks_tuple, NULL); if (ret) goto done; if ((ret = kdb_put_entry(handle, kdb, &adb))) goto done; (void) k5_kadm5_hook_chpass(handle->context, handle->hook_handles, KADM5_HOOK_STAGE_POSTCOMMIT, principal, keepold, new_n_ks_tuple, new_ks_tuple, NULL); ret = KADM5_OK; done: free(new_ks_tuple); kdb_free_entry(handle, kdb, &adb); if (have_pol) kadm5_free_policy_ent(handle->lhandle, &pol); return ret; }",visit repo url,src/lib/kadm5/srv/svr_principal.c,https://github.com/krb5/krb5,40485860135139,1 2038,CWE-763,"static int spk_ttyio_ldisc_open(struct tty_struct *tty) { struct spk_ldisc_data *ldisc_data; if (!tty->ops->write) return -EOPNOTSUPP; speakup_tty = tty; ldisc_data = kmalloc(sizeof(*ldisc_data), GFP_KERNEL); if (!ldisc_data) return -ENOMEM; init_completion(&ldisc_data->completion); ldisc_data->buf_free = true; speakup_tty->disc_data = ldisc_data; return 0; }",visit repo url,drivers/accessibility/speakup/spk_ttyio.c,https://github.com/torvalds/linux,30802296735485,1 6249,['CWE-200'],"dev_graft_qdisc(struct net_device *dev, struct Qdisc *qdisc) { struct Qdisc *oqdisc; if (dev->flags & IFF_UP) dev_deactivate(dev); qdisc_lock_tree(dev); if (qdisc && qdisc->flags&TCQ_F_INGRESS) { oqdisc = dev->qdisc_ingress; if (oqdisc && atomic_read(&oqdisc->refcnt) <= 1) { qdisc_reset(oqdisc); dev->qdisc_ingress = NULL; } else { dev->qdisc_ingress = qdisc; } } else { oqdisc = dev->qdisc_sleeping; if (oqdisc && atomic_read(&oqdisc->refcnt) <= 1) qdisc_reset(oqdisc); if (qdisc == NULL) qdisc = &noop_qdisc; dev->qdisc_sleeping = qdisc; dev->qdisc = &noop_qdisc; } qdisc_unlock_tree(dev); if (dev->flags & IFF_UP) dev_activate(dev); return oqdisc; }",linux-2.6,,,273992370146581182284180410535124433148,0 2309,['CWE-120'],"int follow_up(struct vfsmount **mnt, struct dentry **dentry) { struct vfsmount *parent; struct dentry *mountpoint; spin_lock(&vfsmount_lock); parent=(*mnt)->mnt_parent; if (parent == *mnt) { spin_unlock(&vfsmount_lock); return 0; } mntget(parent); mountpoint=dget((*mnt)->mnt_mountpoint); spin_unlock(&vfsmount_lock); dput(*dentry); *dentry = mountpoint; mntput(*mnt); *mnt = parent; return 1; }",linux-2.6,,,137600382455911463728684063242418737622,0 6597,['CWE-200'],"nma_menu_configure_vpn_item_activate (GtkMenuItem *item, gpointer user_data) { const char *argv[] = { BINDIR ""/nm-connection-editor"", ""--type"", NM_SETTING_VPN_SETTING_NAME, NULL}; g_spawn_async (NULL, (gchar **) argv, NULL, 0, NULL, NULL, NULL, NULL); }",network-manager-applet,,,149792416419895452175091051647055814129,0 3027,CWE-415,"BGD_DECLARE(void) gdImageJpegCtx(gdImagePtr im, gdIOCtx *outfile, int quality) { struct jpeg_compress_struct cinfo; struct jpeg_error_mgr jerr; int i, j, jidx; volatile JSAMPROW row = 0; JSAMPROW rowptr[1]; jmpbuf_wrapper jmpbufw; JDIMENSION nlines; char comment[255]; #ifdef JPEG_DEBUG gd_error_ex(GD_DEBUG, ""gd-jpeg: gd JPEG version %s\n"", GD_JPEG_VERSION); gd_error_ex(GD_DEBUG, ""gd-jpeg: JPEG library version %d, %d-bit sample values\n"", JPEG_LIB_VERSION, BITS_IN_JSAMPLE); if (!im->trueColor) { for(i = 0; i < im->colorsTotal; i++) { if(!im->open[i]) { gd_error_ex(GD_DEBUG, ""gd-jpeg: gd colormap index %d: (%d, %d, %d)\n"", i, im->red[i], im->green[i], im->blue[i]); } } } #endif memset(&cinfo, 0, sizeof(cinfo)); memset(&jerr, 0, sizeof(jerr)); cinfo.err = jpeg_std_error(&jerr); cinfo.client_data = &jmpbufw; if(setjmp(jmpbufw.jmpbuf) != 0) { if(row) { gdFree(row); } return; } cinfo.err->emit_message = jpeg_emit_message; cinfo.err->error_exit = fatal_jpeg_error; jpeg_create_compress(&cinfo); cinfo.image_width = im->sx; cinfo.image_height = im->sy; cinfo.input_components = 3; cinfo.in_color_space = JCS_RGB; jpeg_set_defaults(&cinfo); cinfo.density_unit = 1; cinfo.X_density = im->res_x; cinfo.Y_density = im->res_y; if(quality >= 0) { jpeg_set_quality(&cinfo, quality, TRUE); if (quality >= 90) { cinfo.comp_info[0].h_samp_factor = 1; cinfo.comp_info[0].v_samp_factor = 1; } } if(gdImageGetInterlaced(im)) { #ifdef JPEG_DEBUG gd_error_ex(GD_DEBUG, ""gd-jpeg: interlace set, outputting progressive JPEG image\n""); #endif jpeg_simple_progression(&cinfo); } jpeg_gdIOCtx_dest(&cinfo, outfile); row = (JSAMPROW)gdCalloc(1, cinfo.image_width * cinfo.input_components * sizeof(JSAMPLE)); if(row == 0) { gd_error(""gd-jpeg: error: unable to allocate JPEG row structure: gdCalloc returns NULL\n""); jpeg_destroy_compress(&cinfo); return; } rowptr[0] = row; jpeg_start_compress(&cinfo, TRUE); sprintf(comment, ""CREATOR: gd-jpeg v%s (using IJG JPEG v%d),"", GD_JPEG_VERSION, JPEG_LIB_VERSION); if(quality >= 0) { sprintf (comment + strlen(comment), "" quality = %d\n"", quality); } else { strcat(comment + strlen(comment), "" default quality\n""); } jpeg_write_marker(&cinfo, JPEG_COM, (unsigned char *) comment, (unsigned int)strlen(comment)); if(im->trueColor) { #if BITS_IN_JSAMPLE == 12 gd_error( ""gd-jpeg: error: jpeg library was compiled for 12-bit\n"" ""precision. This is mostly useless, because JPEGs on the web are\n"" ""8-bit and such versions of the jpeg library won't read or write\n"" ""them. GD doesn't support these unusual images. Edit your\n"" ""jmorecfg.h file to specify the correct precision and completely\n"" ""'make clean' and 'make install' libjpeg again. Sorry.\n"" ); goto error; #endif for(i = 0; i < im->sy; i++) { for(jidx = 0, j = 0; j < im->sx; j++) { int val = im->tpixels[i][j]; row[jidx++] = gdTrueColorGetRed(val); row[jidx++] = gdTrueColorGetGreen(val); row[jidx++] = gdTrueColorGetBlue(val); } nlines = jpeg_write_scanlines(&cinfo, rowptr, 1); if(nlines != 1) { gd_error(""gd_jpeg: warning: jpeg_write_scanlines returns %u -- expected 1\n"", nlines); } } } else { for(i = 0; i < im->sy; i++) { for(jidx = 0, j = 0; j < im->sx; j++) { int idx = im->pixels[i][j]; #if BITS_IN_JSAMPLE == 8 row[jidx++] = im->red[idx]; row[jidx++] = im->green[idx]; row[jidx++] = im->blue[idx]; #elif BITS_IN_JSAMPLE == 12 row[jidx++] = im->red[idx] << 4; row[jidx++] = im->green[idx] << 4; row[jidx++] = im->blue[idx] << 4; #else #error IJG JPEG library BITS_IN_JSAMPLE value must be 8 or 12 #endif } nlines = jpeg_write_scanlines(&cinfo, rowptr, 1); if(nlines != 1) { gd_error(""gd_jpeg: warning: jpeg_write_scanlines"" "" returns %u -- expected 1\n"", nlines); } } } jpeg_finish_compress(&cinfo); jpeg_destroy_compress(&cinfo); gdFree(row); }",visit repo url,src/gd_jpeg.c,https://github.com/libgd/libgd,218845214061901,1 3497,['CWE-20'],"static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const struct sctp_chunk *init_chunk, int *cookie_len, const __u8 *raw_addrs, int addrs_len) { sctp_cookie_param_t *retval; struct sctp_signed_cookie *cookie; struct scatterlist sg; int headersize, bodysize; unsigned int keylen; char *key; headersize = sizeof(sctp_paramhdr_t) + (sizeof(struct sctp_signed_cookie) - sizeof(struct sctp_cookie)); bodysize = sizeof(struct sctp_cookie) + ntohs(init_chunk->chunk_hdr->length) + addrs_len; if (bodysize % SCTP_COOKIE_MULTIPLE) bodysize += SCTP_COOKIE_MULTIPLE - (bodysize % SCTP_COOKIE_MULTIPLE); *cookie_len = headersize + bodysize; retval = kzalloc(*cookie_len, GFP_ATOMIC); if (!retval) goto nodata; cookie = (struct sctp_signed_cookie *) retval->body; retval->p.type = SCTP_PARAM_STATE_COOKIE; retval->p.length = htons(*cookie_len); cookie->c = asoc->c; cookie->c.raw_addr_list_len = addrs_len; cookie->c.prsctp_capable = asoc->peer.prsctp_capable; cookie->c.adaptation_ind = asoc->peer.adaptation_ind; do_gettimeofday(&cookie->c.expiration); TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, ntohs(init_chunk->chunk_hdr->length)); memcpy((__u8 *)&cookie->c.peer_init[0] + ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); if (sctp_sk(ep->base.sk)->hmac) { struct hash_desc desc; sg_init_one(&sg, &cookie->c, bodysize); keylen = SCTP_SECRET_SIZE; key = (char *)ep->secret_key[ep->current_key]; desc.tfm = sctp_sk(ep->base.sk)->hmac; desc.flags = 0; if (crypto_hash_setkey(desc.tfm, key, keylen) || crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) goto free_cookie; } return retval; free_cookie: kfree(retval); nodata: *cookie_len = 0; return NULL; }",linux-2.6,,,39864181285347322861972865635765751109,0 4997,CWE-125,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 6714,['CWE-310'],"nm_gconf_get_string_helper (GConfClient *client, const char *path, const char *key, const char *setting, char **value) { char * gc_key; GConfValue * gc_value; gboolean success = FALSE; g_return_val_if_fail (key != NULL, FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (value != NULL, FALSE); g_return_val_if_fail (*value == NULL, FALSE); gc_key = g_strdup_printf (""%s/%s/%s"", path, setting, key); if ((gc_value = gconf_client_get (client, gc_key, NULL))) { if (gc_value->type == GCONF_VALUE_STRING) { *value = g_strdup (gconf_value_get_string (gc_value)); success = TRUE; } gconf_value_free (gc_value); } g_free (gc_key); return success; }",network-manager-applet,,,290108658309618309914024956066363966500,0 457,[],"pfm_mod_write_pmcs(struct task_struct *task, void *req, unsigned int nreq, struct pt_regs *regs) { pfm_context_t *ctx; if (req == NULL) return -EINVAL; ctx = GET_PMU_CTX(); if (ctx == NULL) return -EINVAL; if (task != current && ctx->ctx_fl_system == 0) return -EBUSY; return pfm_write_pmcs(ctx, req, nreq, regs); }",linux-2.6,,,142935583441678938527310985771775031419,0 1448,[],"wakeup_preempt_entity(struct sched_entity *curr, struct sched_entity *se) { s64 gran, vdiff = curr->vruntime - se->vruntime; if (vdiff < 0) return -1; gran = wakeup_gran(curr); if (vdiff > gran) return 1; return 0; }",linux-2.6,,,328875983505915059322530081891108815144,0 568,[],"static int bad_file_aio_fsync(struct kiocb *iocb, int datasync) { return -EIO; }",linux-2.6,,,225968207041972469953909451933967403941,0 266,[],"static int blkpg_ioctl_trans(unsigned int fd, unsigned int cmd, unsigned long arg) { struct blkpg_ioctl_arg32 __user *ua32 = compat_ptr(arg); struct blkpg_ioctl_arg __user *a = compat_alloc_user_space(sizeof(*a)); compat_caddr_t udata; compat_int_t n; int err; err = get_user(n, &ua32->op); err |= put_user(n, &a->op); err |= get_user(n, &ua32->flags); err |= put_user(n, &a->flags); err |= get_user(n, &ua32->datalen); err |= put_user(n, &a->datalen); err |= get_user(udata, &ua32->data); err |= put_user(compat_ptr(udata), &a->data); if (err) return err; return sys_ioctl(fd, cmd, (unsigned long)a); }",linux-2.6,,,84147249551588797952215334148460317228,0 5827,['CWE-200'],"static void ec_tx_done(struct sk_buff *skb, int result) { struct ec_cb *eb = (struct ec_cb *)&skb->cb; tx_result(skb->sk, eb->cookie, result); }",linux-2.6,,,160164197710086308926032022319976636186,0 1157,['CWE-189'],"static inline int hrtimer_is_hres_enabled(void) { return hrtimer_hres_enabled; }",linux-2.6,,,166745655467815247151320299992108869648,0 5493,CWE-755,"static int selectExpander(Walker *pWalker, Select *p){ Parse *pParse = pWalker->pParse; int i, j, k; SrcList *pTabList; ExprList *pEList; struct SrcList_item *pFrom; sqlite3 *db = pParse->db; Expr *pE, *pRight, *pExpr; u16 selFlags = p->selFlags; u32 elistFlags = 0; p->selFlags |= SF_Expanded; if( db->mallocFailed ){ return WRC_Abort; } assert( p->pSrc!=0 ); if( (selFlags & SF_Expanded)!=0 ){ return WRC_Prune; } if( pWalker->eCode ){ p->selId = ++pParse->nSelect; } pTabList = p->pSrc; pEList = p->pEList; sqlite3WithPush(pParse, p->pWith, 0); sqlite3SrcListAssignCursors(pParse, pTabList); for(i=0, pFrom=pTabList->a; inSrc; i++, pFrom++){ Table *pTab; assert( pFrom->fg.isRecursive==0 || pFrom->pTab!=0 ); if( pFrom->fg.isRecursive ) continue; assert( pFrom->pTab==0 ); #ifndef SQLITE_OMIT_CTE if( withExpand(pWalker, pFrom) ) return WRC_Abort; if( pFrom->pTab ) {} else #endif if( pFrom->zName==0 ){ #ifndef SQLITE_OMIT_SUBQUERY Select *pSel = pFrom->pSelect; assert( pSel!=0 ); assert( pFrom->pTab==0 ); if( sqlite3WalkSelect(pWalker, pSel) ) return WRC_Abort; if( sqlite3ExpandSubquery(pParse, pFrom) ) return WRC_Abort; #endif }else{ assert( pFrom->pTab==0 ); pFrom->pTab = pTab = sqlite3LocateTableItem(pParse, 0, pFrom); if( pTab==0 ) return WRC_Abort; if( pTab->nTabRef>=0xffff ){ sqlite3ErrorMsg(pParse, ""too many references to \""%s\"": max 65535"", pTab->zName); pFrom->pTab = 0; return WRC_Abort; } pTab->nTabRef++; if( !IsVirtual(pTab) && cannotBeFunction(pParse, pFrom) ){ return WRC_Abort; } #if !defined(SQLITE_OMIT_VIEW) || !defined (SQLITE_OMIT_VIRTUALTABLE) if( IsVirtual(pTab) || pTab->pSelect ){ i16 nCol; u8 eCodeOrig = pWalker->eCode; if( sqlite3ViewGetColumnNames(pParse, pTab) ) return WRC_Abort; assert( pFrom->pSelect==0 ); if( pTab->pSelect && (db->flags & SQLITE_EnableView)==0 ){ sqlite3ErrorMsg(pParse, ""access to view \""%s\"" prohibited"", pTab->zName); } pFrom->pSelect = sqlite3SelectDup(db, pTab->pSelect, 0); nCol = pTab->nCol; pTab->nCol = -1; pWalker->eCode = 1; sqlite3WalkSelect(pWalker, pFrom->pSelect); pWalker->eCode = eCodeOrig; pTab->nCol = nCol; } #endif } if( sqlite3IndexedByLookup(pParse, pFrom) ){ return WRC_Abort; } } if( db->mallocFailed || sqliteProcessJoin(pParse, p) ){ return WRC_Abort; } for(k=0; knExpr; k++){ pE = pEList->a[k].pExpr; if( pE->op==TK_ASTERISK ) break; assert( pE->op!=TK_DOT || pE->pRight!=0 ); assert( pE->op!=TK_DOT || (pE->pLeft!=0 && pE->pLeft->op==TK_ID) ); if( pE->op==TK_DOT && pE->pRight->op==TK_ASTERISK ) break; elistFlags |= pE->flags; } if( knExpr ){ struct ExprList_item *a = pEList->a; ExprList *pNew = 0; int flags = pParse->db->flags; int longNames = (flags & SQLITE_FullColNames)!=0 && (flags & SQLITE_ShortColNames)==0; for(k=0; knExpr; k++){ pE = a[k].pExpr; elistFlags |= pE->flags; pRight = pE->pRight; assert( pE->op!=TK_DOT || pRight!=0 ); if( pE->op!=TK_ASTERISK && (pE->op!=TK_DOT || pRight->op!=TK_ASTERISK) ){ pNew = sqlite3ExprListAppend(pParse, pNew, a[k].pExpr); if( pNew ){ pNew->a[pNew->nExpr-1].zName = a[k].zName; pNew->a[pNew->nExpr-1].zSpan = a[k].zSpan; a[k].zName = 0; a[k].zSpan = 0; } a[k].pExpr = 0; }else{ int tableSeen = 0; char *zTName = 0; if( pE->op==TK_DOT ){ assert( pE->pLeft!=0 ); assert( !ExprHasProperty(pE->pLeft, EP_IntValue) ); zTName = pE->pLeft->u.zToken; } for(i=0, pFrom=pTabList->a; inSrc; i++, pFrom++){ Table *pTab = pFrom->pTab; Select *pSub = pFrom->pSelect; char *zTabName = pFrom->zAlias; const char *zSchemaName = 0; int iDb; if( zTabName==0 ){ zTabName = pTab->zName; } if( db->mallocFailed ) break; if( pSub==0 || (pSub->selFlags & SF_NestedFrom)==0 ){ pSub = 0; if( zTName && sqlite3StrICmp(zTName, zTabName)!=0 ){ continue; } iDb = sqlite3SchemaToIndex(db, pTab->pSchema); zSchemaName = iDb>=0 ? db->aDb[iDb].zDbSName : ""*""; } for(j=0; jnCol; j++){ char *zName = pTab->aCol[j].zName; char *zColname; char *zToFree; Token sColname; assert( zName ); if( zTName && pSub && sqlite3MatchSpanName(pSub->pEList->a[j].zSpan, 0, zTName, 0)==0 ){ continue; } if( (p->selFlags & SF_IncludeHidden)==0 && IsHiddenColumn(&pTab->aCol[j]) ){ continue; } tableSeen = 1; if( i>0 && zTName==0 ){ if( (pFrom->fg.jointype & JT_NATURAL)!=0 && tableAndColumnIndex(pTabList, i, zName, 0, 0) ){ continue; } if( sqlite3IdListIndex(pFrom->pUsing, zName)>=0 ){ continue; } } pRight = sqlite3Expr(db, TK_ID, zName); zColname = zName; zToFree = 0; if( longNames || pTabList->nSrc>1 ){ Expr *pLeft; pLeft = sqlite3Expr(db, TK_ID, zTabName); pExpr = sqlite3PExpr(pParse, TK_DOT, pLeft, pRight); if( zSchemaName ){ pLeft = sqlite3Expr(db, TK_ID, zSchemaName); pExpr = sqlite3PExpr(pParse, TK_DOT, pLeft, pExpr); } if( longNames ){ zColname = sqlite3MPrintf(db, ""%s.%s"", zTabName, zName); zToFree = zColname; } }else{ pExpr = pRight; } pNew = sqlite3ExprListAppend(pParse, pNew, pExpr); sqlite3TokenInit(&sColname, zColname); sqlite3ExprListSetName(pParse, pNew, &sColname, 0); if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){ struct ExprList_item *pX = &pNew->a[pNew->nExpr-1]; if( pSub ){ pX->zSpan = sqlite3DbStrDup(db, pSub->pEList->a[j].zSpan); testcase( pX->zSpan==0 ); }else{ pX->zSpan = sqlite3MPrintf(db, ""%s.%s.%s"", zSchemaName, zTabName, zColname); testcase( pX->zSpan==0 ); } pX->bSpanIsTab = 1; } sqlite3DbFree(db, zToFree); } } if( !tableSeen ){ if( zTName ){ sqlite3ErrorMsg(pParse, ""no such table: %s"", zTName); }else{ sqlite3ErrorMsg(pParse, ""no tables specified""); } } } } sqlite3ExprListDelete(db, pEList); p->pEList = pNew; } if( p->pEList ){ if( p->pEList->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){ sqlite3ErrorMsg(pParse, ""too many columns in result set""); return WRC_Abort; } if( (elistFlags & (EP_HasFunc|EP_Subquery))!=0 ){ p->selFlags |= SF_ComplexResult; } } return WRC_Continue; }",visit repo url,src/select.c,https://github.com/sqlite/sqlite,59972872545498,1 4495,CWE-416,"static void gf_m2ts_process_pat(GF_M2TS_Demuxer *ts, GF_M2TS_SECTION_ES *ses, GF_List *sections, u8 table_id, u16 ex_table_id, u8 version_number, u8 last_section_number, u32 status) { GF_M2TS_Program *prog; GF_M2TS_SECTION_ES *pmt; u32 i, nb_progs, evt_type; u32 nb_sections; u32 data_size; unsigned char *data; GF_M2TS_Section *section; if (!(status&GF_M2TS_TABLE_END)) return; if (status&GF_M2TS_TABLE_REPEAT) { if (ts->on_event) ts->on_event(ts, GF_M2TS_EVT_PAT_REPEAT, NULL); return; } nb_sections = gf_list_count(sections); if (nb_sections > 1) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""PAT on multiple sections not supported\n"")); } section = (GF_M2TS_Section *)gf_list_get(sections, 0); data = section->data; data_size = section->data_size; if (!(status&GF_M2TS_TABLE_UPDATE) && gf_list_count(ts->programs)) { if (ts->pat->demux_restarted) { ts->pat->demux_restarted = 0; } else { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""Multiple different PAT on single TS found, ignoring new PAT declaration (table id %d - extended table id %d)\n"", table_id, ex_table_id)); } return; } nb_progs = data_size / 4; for (i=0; init) { ts->nit = gf_m2ts_section_filter_new(gf_m2ts_process_nit, 0); } } else { GF_SAFEALLOC(prog, GF_M2TS_Program); if (!prog) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""Fail to allocate program for pid %d\n"", pid)); return; } prog->streams = gf_list_new(); prog->pmt_pid = pid; prog->number = number; prog->ts = ts; gf_list_add(ts->programs, prog); GF_SAFEALLOC(pmt, GF_M2TS_SECTION_ES); if (!pmt) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""Fail to allocate pmt filter for pid %d\n"", pid)); return; } pmt->flags = GF_M2TS_ES_IS_SECTION; gf_list_add(prog->streams, pmt); pmt->pid = prog->pmt_pid; pmt->program = prog; ts->ess[pmt->pid] = (GF_M2TS_ES *)pmt; pmt->sec = gf_m2ts_section_filter_new(gf_m2ts_process_pmt, 0); } } evt_type = (status&GF_M2TS_TABLE_UPDATE) ? GF_M2TS_EVT_PAT_UPDATE : GF_M2TS_EVT_PAT_FOUND; if (ts->on_event) ts->on_event(ts, evt_type, NULL); }",visit repo url,src/media_tools/mpegts.c,https://github.com/gpac/gpac,109660848810873,1 1363,CWE-189,"static void tcp_illinois_info(struct sock *sk, u32 ext, struct sk_buff *skb) { const struct illinois *ca = inet_csk_ca(sk); if (ext & (1 << (INET_DIAG_VEGASINFO - 1))) { struct tcpvegas_info info = { .tcpv_enabled = 1, .tcpv_rttcnt = ca->cnt_rtt, .tcpv_minrtt = ca->base_rtt, }; u64 t = ca->sum_rtt; do_div(t, ca->cnt_rtt); info.tcpv_rtt = t; nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info); } }",visit repo url,net/ipv4/tcp_illinois.c,https://github.com/torvalds/linux,53337838961578,1 1166,CWE-400,"static void ptrace_hbptriggered(struct perf_event *bp, int unused, struct perf_sample_data *data, struct pt_regs *regs) { struct arch_hw_breakpoint *bkpt = counter_arch_bp(bp); long num; int i; siginfo_t info; for (i = 0; i < ARM_MAX_HBP_SLOTS; ++i) if (current->thread.debug.hbp[i] == bp) break; num = (i == ARM_MAX_HBP_SLOTS) ? 0 : ptrace_hbp_idx_to_num(i); info.si_signo = SIGTRAP; info.si_errno = (int)num; info.si_code = TRAP_HWBKPT; info.si_addr = (void __user *)(bkpt->trigger); force_sig_info(SIGTRAP, &info, current); }",visit repo url,arch/arm/kernel/ptrace.c,https://github.com/torvalds/linux,52547588902967,1 572,[],"static int bad_inode_removexattr(struct dentry *dentry, const char *name) { return -EIO; }",linux-2.6,,,161844822371282975222787221702471905781,0 1067,CWE-189,"void jiffies_to_timeval(const unsigned long jiffies, struct timeval *value) { u64 nsec = (u64)jiffies * TICK_NSEC; long tv_usec; value->tv_sec = div_long_long_rem(nsec, NSEC_PER_SEC, &tv_usec); tv_usec /= NSEC_PER_USEC; value->tv_usec = tv_usec; }",visit repo url,kernel/time.c,https://github.com/torvalds/linux,169686036866875,1 4185,['CWE-399'],"static void reflect_query(AvahiServer *s, AvahiInterface *i, AvahiKey *k) { AvahiInterface *j; assert(s); assert(i); assert(k); if (!s->config.enable_reflector) return; for (j = s->monitor->interfaces; j; j = j->interface_next) if (j != i && (s->config.reflect_ipv || j->protocol == i->protocol)) { avahi_interface_post_query(j, k, 1, NULL); avahi_cache_walk(j->cache, k, reflect_cache_walk_callback, s); } }",avahi,,,49985548975546051013795907859397403605,0 759,CWE-20,"static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct ipx_sock *ipxs = ipx_sk(sk); struct sockaddr_ipx *sipx = (struct sockaddr_ipx *)msg->msg_name; struct ipxhdr *ipx = NULL; struct sk_buff *skb; int copied, rc; lock_sock(sk); if (!ipxs->port) { struct sockaddr_ipx uaddr; uaddr.sipx_port = 0; uaddr.sipx_network = 0; #ifdef CONFIG_IPX_INTERN rc = -ENETDOWN; if (!ipxs->intrfc) goto out; memcpy(uaddr.sipx_node, ipxs->intrfc->if_node, IPX_NODE_LEN); #endif rc = __ipx_bind(sock, (struct sockaddr *)&uaddr, sizeof(struct sockaddr_ipx)); if (rc) goto out; } rc = -ENOTCONN; if (sock_flag(sk, SOCK_ZAPPED)) goto out; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); if (!skb) goto out; ipx = ipx_hdr(skb); copied = ntohs(ipx->ipx_pktsize) - sizeof(struct ipxhdr); if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } rc = skb_copy_datagram_iovec(skb, sizeof(struct ipxhdr), msg->msg_iov, copied); if (rc) goto out_free; if (skb->tstamp.tv64) sk->sk_stamp = skb->tstamp; msg->msg_namelen = sizeof(*sipx); if (sipx) { sipx->sipx_family = AF_IPX; sipx->sipx_port = ipx->ipx_source.sock; memcpy(sipx->sipx_node, ipx->ipx_source.node, IPX_NODE_LEN); sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net; sipx->sipx_type = ipx->ipx_type; sipx->sipx_zero = 0; } rc = copied; out_free: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/ipx/af_ipx.c,https://github.com/torvalds/linux,233280970032934,1 2022,CWE-476,"static int set_evtchn_to_irq(evtchn_port_t evtchn, unsigned int irq) { unsigned row; unsigned col; if (evtchn >= xen_evtchn_max_channels()) return -EINVAL; row = EVTCHN_ROW(evtchn); col = EVTCHN_COL(evtchn); if (evtchn_to_irq[row] == NULL) { if (irq == -1) return 0; evtchn_to_irq[row] = (int *)get_zeroed_page(GFP_KERNEL); if (evtchn_to_irq[row] == NULL) return -ENOMEM; clear_evtchn_to_irq_row(row); } evtchn_to_irq[row][col] = irq; return 0; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,106482848074728,1 3174,['CWE-189'],"static int jas_cmputint(long **bufptr, int sgnd, int prec, long val) { int m; if (sgnd) { m = (1 << (prec - 1)); if (val < -m || val >= m) return -1; } else { if (val < 0 || val >= (1 << prec)) return -1; } **bufptr = val; ++(*bufptr); return 0; }",jasper,,,175097441858662910686308927371888979542,0 148,[],"asmlinkage long compat_sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg) { mm_segment_t old_fs; struct flock f; long ret; switch (cmd) { case F_GETLK: case F_SETLK: case F_SETLKW: ret = get_compat_flock(&f, compat_ptr(arg)); if (ret != 0) break; old_fs = get_fs(); set_fs(KERNEL_DS); ret = sys_fcntl(fd, cmd, (unsigned long)&f); set_fs(old_fs); if (cmd == F_GETLK && ret == 0) { if (f.l_start > COMPAT_OFF_T_MAX) ret = -EOVERFLOW; if (f.l_len > COMPAT_OFF_T_MAX) f.l_len = COMPAT_OFF_T_MAX; if (ret == 0) ret = put_compat_flock(&f, compat_ptr(arg)); } break; case F_GETLK64: case F_SETLK64: case F_SETLKW64: ret = get_compat_flock64(&f, compat_ptr(arg)); if (ret != 0) break; old_fs = get_fs(); set_fs(KERNEL_DS); ret = sys_fcntl(fd, (cmd == F_GETLK64) ? F_GETLK : ((cmd == F_SETLK64) ? F_SETLK : F_SETLKW), (unsigned long)&f); set_fs(old_fs); if (cmd == F_GETLK64 && ret == 0) { if (f.l_start > COMPAT_LOFF_T_MAX) ret = -EOVERFLOW; if (f.l_len > COMPAT_LOFF_T_MAX) f.l_len = COMPAT_LOFF_T_MAX; if (ret == 0) ret = put_compat_flock64(&f, compat_ptr(arg)); } break; default: ret = sys_fcntl(fd, cmd, arg); break; } return ret; }",linux-2.6,,,121189765396114332994282385207317313517,0 2962,CWE-20,"static void ikev2_parent_inR1outI2_continue(struct pluto_crypto_req_cont *pcrc, struct pluto_crypto_req *r, err_t ugh) { struct dh_continuation *dh = (struct dh_continuation *)pcrc; struct msg_digest *md = dh->md; struct state *const st = md->st; stf_status e; DBG(DBG_CONTROLMORE, DBG_log(""ikev2 parent inR1outI2: calculating g^{xy}, sending I2"")); if (st == NULL) { loglog(RC_LOG_SERIOUS, ""%s: Request was disconnected from state"", __FUNCTION__); if (dh->md) release_md(dh->md); return; } passert(ugh == NULL); passert(cur_state == NULL); passert(st != NULL); passert(st->st_suspended_md == dh->md); set_suspended(st, NULL); set_cur_state(st); st->st_calculating = FALSE; e = ikev2_parent_inR1outI2_tail(pcrc, r); if (dh->md != NULL) { complete_v2_state_transition(&dh->md, e); if (dh->md) release_md(dh->md); } reset_globals(); passert(GLOBALS_ARE_RESET()); }",visit repo url,programs/pluto/ikev2_parent.c,https://github.com/libreswan/libreswan,188084448772683,1 5615,[],"static void do_notify_parent_cldstop(struct task_struct *tsk, int why) { struct siginfo info; unsigned long flags; struct task_struct *parent; struct sighand_struct *sighand; if (task_ptrace(tsk)) parent = tsk->parent; else { tsk = tsk->group_leader; parent = tsk->real_parent; } info.si_signo = SIGCHLD; info.si_errno = 0; rcu_read_lock(); info.si_pid = task_pid_nr_ns(tsk, parent->nsproxy->pid_ns); info.si_uid = __task_cred(tsk)->uid; rcu_read_unlock(); info.si_utime = cputime_to_clock_t(tsk->utime); info.si_stime = cputime_to_clock_t(tsk->stime); info.si_code = why; switch (why) { case CLD_CONTINUED: info.si_status = SIGCONT; break; case CLD_STOPPED: info.si_status = tsk->signal->group_exit_code & 0x7f; break; case CLD_TRAPPED: info.si_status = tsk->exit_code & 0x7f; break; default: BUG(); } sighand = parent->sighand; spin_lock_irqsave(&sighand->siglock, flags); if (sighand->action[SIGCHLD-1].sa.sa_handler != SIG_IGN && !(sighand->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDSTOP)) __group_send_sig_info(SIGCHLD, &info, parent); __wake_up_parent(tsk, parent); spin_unlock_irqrestore(&sighand->siglock, flags); }",linux-2.6,,,129020897915613125590757574648662380547,0 4974,CWE-125,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 1939,CWE-772,"static bool fib6_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg) { struct fib6_result *res = arg->result; struct rt6_info *rt = res->rt6; struct net_device *dev = NULL; if (!rt) return false; if (rt->rt6i_idev) dev = rt->rt6i_idev->dev; if (rt->rt6i_dst.plen <= rule->suppress_prefixlen) goto suppress_route; if (rule->suppress_ifgroup != -1 && dev && dev->group == rule->suppress_ifgroup) goto suppress_route; return false; suppress_route: ip6_rt_put(rt); return true; }",visit repo url,net/ipv6/fib6_rules.c,https://github.com/torvalds/linux,60417944678311,1 3723,CWE-362,"userauth_pubkey(struct ssh *ssh) { Authctxt *authctxt = ssh->authctxt; struct passwd *pw = authctxt->pw; struct sshbuf *b; struct sshkey *key = NULL; char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; u_char *pkblob, *sig, have_sig; size_t blen, slen; int r, pktype; int authenticated = 0; struct sshauthopt *authopts = NULL; if (!authctxt->valid) { debug2(""%s: disabled because of invalid user"", __func__); return 0; } if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) fatal(""%s: parse request failed: %s"", __func__, ssh_err(r)); pktype = sshkey_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { verbose(""%s: unsupported public key algorithm: %s"", __func__, pkalg); goto done; } if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { error(""%s: could not parse key: %s"", __func__, ssh_err(r)); goto done; } if (key == NULL) { error(""%s: cannot decode key: %s"", __func__, pkalg); goto done; } if (key->type != pktype) { error(""%s: type mismatch for decoded key "" ""(received %d, expected %d)"", __func__, key->type, pktype); goto done; } if (sshkey_type_plain(key->type) == KEY_RSA && (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { logit(""Refusing RSA key because client uses unsafe "" ""signature scheme""); goto done; } if (auth2_key_already_used(authctxt, key)) { logit(""refusing previously-used %s key"", sshkey_type(key)); goto done; } if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) { logit(""%s: key type %s not in PubkeyAcceptedKeyTypes"", __func__, sshkey_ssh_name(key)); goto done; } key_s = format_key(key); if (sshkey_is_cert(key)) ca_s = format_key(key->cert->signature_key); if (have_sig) { debug3(""%s: have %s signature for %s%s%s"", __func__, pkalg, key_s, ca_s == NULL ? """" : "" CA "", ca_s == NULL ? """" : ca_s); if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 || (r = sshpkt_get_end(ssh)) != 0) fatal(""%s: %s"", __func__, ssh_err(r)); if ((b = sshbuf_new()) == NULL) fatal(""%s: sshbuf_new failed"", __func__); if (ssh->compat & SSH_OLD_SESSIONID) { if ((r = sshbuf_put(b, session_id2, session_id2_len)) != 0) fatal(""%s: sshbuf_put session id: %s"", __func__, ssh_err(r)); } else { if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0) fatal(""%s: sshbuf_put_string session id: %s"", __func__, ssh_err(r)); } xasprintf(&userstyle, ""%s%s%s"", authctxt->user, authctxt->style ? "":"" : """", authctxt->style ? authctxt->style : """"); if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 || (r = sshbuf_put_cstring(b, userstyle)) != 0 || (r = sshbuf_put_cstring(b, authctxt->service)) != 0 || (r = sshbuf_put_cstring(b, ""publickey"")) != 0 || (r = sshbuf_put_u8(b, have_sig)) != 0 || (r = sshbuf_put_cstring(b, pkalg) != 0) || (r = sshbuf_put_string(b, pkblob, blen)) != 0) fatal(""%s: build packet failed: %s"", __func__, ssh_err(r)); #ifdef DEBUG_PK sshbuf_dump(b, stderr); #endif authenticated = 0; if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, ssh->compat)) == 0) { authenticated = 1; } sshbuf_free(b); free(sig); auth2_record_key(authctxt, authenticated, key); } else { debug(""%s: test pkalg %s pkblob %s%s%s"", __func__, pkalg, key_s, ca_s == NULL ? """" : "" CA "", ca_s == NULL ? """" : ca_s); if ((r = sshpkt_get_end(ssh)) != 0) fatal(""%s: %s"", __func__, ssh_err(r)); if (PRIVSEP(user_key_allowed(ssh, pw, key, 0, NULL))) { if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_PK_OK)) != 0 || (r = sshpkt_put_cstring(ssh, pkalg)) != 0 || (r = sshpkt_put_string(ssh, pkblob, blen)) != 0 || (r = sshpkt_send(ssh)) != 0 || (r = ssh_packet_write_wait(ssh)) != 0) fatal(""%s: %s"", __func__, ssh_err(r)); authctxt->postponed = 1; } } done: if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) { debug(""%s: key options inconsistent with existing"", __func__); authenticated = 0; } debug2(""%s: authenticated %d pkalg %s"", __func__, authenticated, pkalg); sshauthopt_free(authopts); sshkey_free(key); free(userstyle); free(pkalg); free(pkblob); free(key_s); free(ca_s); return authenticated; }",visit repo url,usr.bin/ssh/auth2-pubkey.c,https://github.com/openbsd/src,26463719947460,1 4392,CWE-125,"static int get_exif_tag_dbl_value(struct iw_exif_state *e, unsigned int tag_pos, double *pv) { unsigned int field_type; unsigned int value_count; unsigned int value_pos; unsigned int numer, denom; field_type = iw_get_ui16_e(&e->d[tag_pos+2],e->endian); value_count = iw_get_ui32_e(&e->d[tag_pos+4],e->endian); if(value_count!=1) return 0; if(field_type!=5) return 0; value_pos = iw_get_ui32_e(&e->d[tag_pos+8],e->endian); if(value_pos > e->d_len-8) return 0; numer = iw_get_ui32_e(&e->d[value_pos ],e->endian); denom = iw_get_ui32_e(&e->d[value_pos+4],e->endian); if(denom==0) return 0; *pv = ((double)numer)/denom; return 1; }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,72609735171069,1 1807,CWE-284,"int vfs_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry, struct inode **delegated_inode, unsigned int flags) { int error; bool is_dir = d_is_dir(old_dentry); const unsigned char *old_name; struct inode *source = old_dentry->d_inode; struct inode *target = new_dentry->d_inode; bool new_is_dir = false; unsigned max_links = new_dir->i_sb->s_max_links; if (source == target) return 0; error = may_delete(old_dir, old_dentry, is_dir); if (error) return error; if (!target) { error = may_create(new_dir, new_dentry); } else { new_is_dir = d_is_dir(new_dentry); if (!(flags & RENAME_EXCHANGE)) error = may_delete(new_dir, new_dentry, is_dir); else error = may_delete(new_dir, new_dentry, new_is_dir); } if (error) return error; if (!old_dir->i_op->rename && !old_dir->i_op->rename2) return -EPERM; if (flags && !old_dir->i_op->rename2) return -EINVAL; if (new_dir != old_dir) { if (is_dir) { error = inode_permission(source, MAY_WRITE); if (error) return error; } if ((flags & RENAME_EXCHANGE) && new_is_dir) { error = inode_permission(target, MAY_WRITE); if (error) return error; } } error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry, flags); if (error) return error; old_name = fsnotify_oldname_init(old_dentry->d_name.name); dget(new_dentry); if (!is_dir || (flags & RENAME_EXCHANGE)) lock_two_nondirectories(source, target); else if (target) inode_lock(target); error = -EBUSY; if (is_local_mountpoint(old_dentry) || is_local_mountpoint(new_dentry)) goto out; if (max_links && new_dir != old_dir) { error = -EMLINK; if (is_dir && !new_is_dir && new_dir->i_nlink >= max_links) goto out; if ((flags & RENAME_EXCHANGE) && !is_dir && new_is_dir && old_dir->i_nlink >= max_links) goto out; } if (is_dir && !(flags & RENAME_EXCHANGE) && target) shrink_dcache_parent(new_dentry); if (!is_dir) { error = try_break_deleg(source, delegated_inode); if (error) goto out; } if (target && !new_is_dir) { error = try_break_deleg(target, delegated_inode); if (error) goto out; } if (!old_dir->i_op->rename2) { error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); } else { WARN_ON(old_dir->i_op->rename != NULL); error = old_dir->i_op->rename2(old_dir, old_dentry, new_dir, new_dentry, flags); } if (error) goto out; if (!(flags & RENAME_EXCHANGE) && target) { if (is_dir) target->i_flags |= S_DEAD; dont_mount(new_dentry); detach_mounts(new_dentry); } if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) { if (!(flags & RENAME_EXCHANGE)) d_move(old_dentry, new_dentry); else d_exchange(old_dentry, new_dentry); } out: if (!is_dir || (flags & RENAME_EXCHANGE)) unlock_two_nondirectories(source, target); else if (target) inode_unlock(target); dput(new_dentry); if (!error) { fsnotify_move(old_dir, new_dir, old_name, is_dir, !(flags & RENAME_EXCHANGE) ? target : NULL, old_dentry); if (flags & RENAME_EXCHANGE) { fsnotify_move(new_dir, old_dir, old_dentry->d_name.name, new_is_dir, NULL, new_dentry); } } fsnotify_oldname_free(old_name); return error; }",visit repo url,fs/namei.c,https://github.com/torvalds/linux,247975991109638,1 2134,CWE-362,"static int kvm_ioctl_create_device(struct kvm *kvm, struct kvm_create_device *cd) { struct kvm_device_ops *ops = NULL; struct kvm_device *dev; bool test = cd->flags & KVM_CREATE_DEVICE_TEST; int ret; if (cd->type >= ARRAY_SIZE(kvm_device_ops_table)) return -ENODEV; ops = kvm_device_ops_table[cd->type]; if (ops == NULL) return -ENODEV; if (test) return 0; dev = kzalloc(sizeof(*dev), GFP_KERNEL); if (!dev) return -ENOMEM; dev->ops = ops; dev->kvm = kvm; mutex_lock(&kvm->lock); ret = ops->create(dev, cd->type); if (ret < 0) { mutex_unlock(&kvm->lock); kfree(dev); return ret; } list_add(&dev->vm_node, &kvm->devices); mutex_unlock(&kvm->lock); if (ops->init) ops->init(dev); ret = anon_inode_getfd(ops->name, &kvm_device_fops, dev, O_RDWR | O_CLOEXEC); if (ret < 0) { mutex_lock(&kvm->lock); list_del(&dev->vm_node); mutex_unlock(&kvm->lock); ops->destroy(dev); return ret; } kvm_get_kvm(kvm); cd->fd = ret; return 0; }",visit repo url,virt/kvm/kvm_main.c,https://github.com/torvalds/linux,154360554423413,1 3363,[],"static inline int nlmsg_multicast(struct sock *sk, struct sk_buff *skb, u32 pid, unsigned int group, gfp_t flags) { int err; NETLINK_CB(skb).dst_group = group; err = netlink_broadcast(sk, skb, pid, group, flags); if (err > 0) err = 0; return err; }",linux-2.6,,,142018430437086538409255308347084562735,0 5609,CWE-125,"forbidden_name(struct compiling *c, identifier name, const node *n, int full_checks) { assert(PyUnicode_Check(name)); if (PyUnicode_CompareWithASCIIString(name, ""__debug__"") == 0) { ast_error(c, n, ""assignment to keyword""); return 1; } if (full_checks) { const char * const *p; for (p = FORBIDDEN; *p; p++) { if (PyUnicode_CompareWithASCIIString(name, *p) == 0) { ast_error(c, n, ""assignment to keyword""); return 1; } } } return 0; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,79550353677879,1 35,[],"unpack_Z_stream(int fd_in, int fd_out) { IF_DESKTOP(long long total_written = 0;) IF_DESKTOP(long long) int retval = -1; unsigned char *stackp; long code; int finchar; long oldcode; long incode; int inbits; int posbits; int outpos; int insize; int bitmask; long free_ent; long maxcode; long maxmaxcode; int n_bits; int rsize = 0; unsigned char *inbuf; unsigned char *outbuf; unsigned char *htab; unsigned short *codetab; int maxbits; int block_mode; inbuf = xzalloc(IBUFSIZ + 64); outbuf = xzalloc(OBUFSIZ + 2048); htab = xzalloc(HSIZE); codetab = xzalloc(HSIZE * sizeof(codetab[0])); insize = 0; if (full_read(fd_in, inbuf, 1) != 1) { bb_error_msg(""short read""); goto err; } maxbits = inbuf[0] & BIT_MASK; block_mode = inbuf[0] & BLOCK_MODE; maxmaxcode = MAXCODE(maxbits); if (maxbits > BITS) { bb_error_msg(""compressed with %d bits, can only handle "" BITS_STR"" bits"", maxbits); goto err; } n_bits = INIT_BITS; maxcode = MAXCODE(INIT_BITS) - 1; bitmask = (1 << INIT_BITS) - 1; oldcode = -1; finchar = 0; outpos = 0; posbits = 0 << 3; free_ent = ((block_mode) ? FIRST : 256); for (code = 255; code >= 0; --code) { tab_suffixof(code) = (unsigned char) code; } do { resetbuf: { int i; int e; int o; o = posbits >> 3; e = insize - o; for (i = 0; i < e; ++i) inbuf[i] = inbuf[i + o]; insize = e; posbits = 0; } if (insize < (int) (IBUFSIZ + 64) - IBUFSIZ) { rsize = safe_read(fd_in, inbuf + insize, IBUFSIZ); if (rsize < 0) bb_error_msg(bb_msg_read_error); insize += rsize; } inbits = ((rsize > 0) ? (insize - insize % n_bits) << 3 : (insize << 3) - (n_bits - 1)); while (inbits > posbits) { if (free_ent > maxcode) { posbits = ((posbits - 1) + ((n_bits << 3) - (posbits - 1 + (n_bits << 3)) % (n_bits << 3))); ++n_bits; if (n_bits == maxbits) { maxcode = maxmaxcode; } else { maxcode = MAXCODE(n_bits) - 1; } bitmask = (1 << n_bits) - 1; goto resetbuf; } { unsigned char *p = &inbuf[posbits >> 3]; code = ((((long) (p[0])) | ((long) (p[1]) << 8) | ((long) (p[2]) << 16)) >> (posbits & 0x7)) & bitmask; } posbits += n_bits; if (oldcode == -1) { if (code >= 256) bb_error_msg_and_die(""corrupted data""); oldcode = code; finchar = (int) oldcode; outbuf[outpos++] = (unsigned char) finchar; continue; } if (code == CLEAR && block_mode) { clear_tab_prefixof(); free_ent = FIRST - 1; posbits = ((posbits - 1) + ((n_bits << 3) - (posbits - 1 + (n_bits << 3)) % (n_bits << 3))); n_bits = INIT_BITS; maxcode = MAXCODE(INIT_BITS) - 1; bitmask = (1 << INIT_BITS) - 1; goto resetbuf; } incode = code; stackp = de_stack; if (code >= free_ent) { if (code > free_ent) { unsigned char *p; posbits -= n_bits; p = &inbuf[posbits >> 3]; bb_error_msg (""insize:%d posbits:%d inbuf:%02X %02X %02X %02X %02X (%d)"", insize, posbits, p[-1], p[0], p[1], p[2], p[3], (posbits & 07)); bb_error_msg(""corrupted data""); goto err; } *--stackp = (unsigned char) finchar; code = oldcode; } while ((long) code >= (long) 256) { if (stackp <= &htabof(0)) bb_error_msg_and_die(""corrupted data""); *--stackp = tab_suffixof(code); code = tab_prefixof(code); } finchar = tab_suffixof(code); *--stackp = (unsigned char) finchar; { int i; i = de_stack - stackp; if (outpos + i >= OBUFSIZ) { do { if (i > OBUFSIZ - outpos) { i = OBUFSIZ - outpos; } if (i > 0) { memcpy(outbuf + outpos, stackp, i); outpos += i; } if (outpos >= OBUFSIZ) { xwrite(fd_out, outbuf, outpos); IF_DESKTOP(total_written += outpos;) outpos = 0; } stackp += i; i = de_stack - stackp; } while (i > 0); } else { memcpy(outbuf + outpos, stackp, i); outpos += i; } } code = free_ent; if (code < maxmaxcode) { tab_prefixof(code) = (unsigned short) oldcode; tab_suffixof(code) = (unsigned char) finchar; free_ent = code + 1; } oldcode = incode; } } while (rsize > 0); if (outpos > 0) { xwrite(fd_out, outbuf, outpos); IF_DESKTOP(total_written += outpos;) } retval = IF_DESKTOP(total_written) + 0; err: free(inbuf); free(outbuf); free(htab); free(codetab); return retval; }",busybox,,,15654791308084388206201802153946726327,0 5396,CWE-787,"void SavePayload(size_t handle, uint32_t *payload, uint32_t index) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return; uint32_t *MP4buffer = NULL; if (index < mp4->indexcount && mp4->mediafp && payload) { LONGSEEK(mp4->mediafp, mp4->metaoffsets[index], SEEK_SET); fwrite(payload, 1, mp4->metasizes[index], mp4->mediafp); } return; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,168190559431340,1 6112,CWE-190,"static void eb_mul_sim_plain(eb_t r, const eb_t p, const bn_t k, const eb_t q, const bn_t m, const eb_t *t) { int i, l, l0, l1, n0, n1, w, g; int8_t naf0[RLC_FB_BITS + 1], naf1[RLC_FB_BITS + 1], *_k, *_m; eb_t t0[1 << (EB_WIDTH - 2)]; eb_t t1[1 << (EB_WIDTH - 2)]; for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_null(t0[i]); eb_null(t1[i]); } RLC_TRY { g = (t == NULL ? 0 : 1); if (!g) { for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_new(t0[i]); } eb_tab(t0, p, EB_WIDTH); t = (const eb_t *)t0; } for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_new(t1[i]); } eb_tab(t1, q, EB_WIDTH); if (g) { w = EB_DEPTH; } else { w = EB_WIDTH; } l0 = l1 = RLC_FB_BITS + 1; bn_rec_naf(naf0, &l0, k, w); bn_rec_naf(naf1, &l1, m, EB_WIDTH); l = RLC_MAX(l0, l1); if (bn_sign(k) == RLC_NEG) { for (i = 0; i < l0; i++) { naf0[i] = -naf0[i]; } } if (bn_sign(m) == RLC_NEG) { for (i = 0; i < l1; i++) { naf1[i] = -naf1[i]; } } _k = naf0 + l - 1; _m = naf1 + l - 1; eb_set_infty(r); for (i = l - 1; i >= 0; i--, _k--, _m--) { eb_dbl(r, r); n0 = *_k; n1 = *_m; if (n0 > 0) { eb_add(r, r, t[n0 / 2]); } if (n0 < 0) { eb_sub(r, r, t[-n0 / 2]); } if (n1 > 0) { eb_add(r, r, t1[n1 / 2]); } if (n1 < 0) { eb_sub(r, r, t1[-n1 / 2]); } } eb_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { if (!g) { for (i = 0; i < 1 << (EB_WIDTH - 2); i++) { eb_free(t0[i]); } } for (i = 0; i < 1 << (EB_WIDTH - 2); i++) { eb_free(t1[i]); } } }",visit repo url,src/eb/relic_eb_mul_sim.c,https://github.com/relic-toolkit/relic,99015083038141,1 5553,CWE-125,"obj2ast_type_ignore(PyObject* obj, type_ignore_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; if (obj == Py_None) { *out = NULL; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)TypeIgnore_type); if (isinstance == -1) { return 1; } if (isinstance) { int lineno; if (_PyObject_HasAttrId(obj, &PyId_lineno)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_lineno); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from TypeIgnore""); return 1; } *out = TypeIgnore(lineno, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of type_ignore, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,14368932084483,1 225,[],"struct atalk_addr *atalk_find_dev_addr(struct net_device *dev) { struct atalk_iface *iface = dev->atalk_ptr; return iface ? &iface->address : NULL; }",history,,,272281529156148126375345436850061693444,0 5724,CWE-763,"void luaC_barrier_ (lua_State *L, GCObject *o, GCObject *v) { global_State *g = G(L); lua_assert(isblack(o) && iswhite(v) && !isdead(g, v) && !isdead(g, o)); if (keepinvariant(g)) { reallymarkobject(g, v); if (isold(o)) { lua_assert(!isold(v)); setage(v, G_OLD0); } } else { lua_assert(issweepphase(g)); makewhite(g, o); } }",visit repo url,lgc.c,https://github.com/lua/lua,34208479874987,1 1000,['CWE-94'],"static int page_cache_pipe_buf_steal(struct pipe_inode_info *pipe, struct pipe_buffer *buf) { struct page *page = buf->page; struct address_space *mapping; lock_page(page); mapping = page_mapping(page); if (mapping) { WARN_ON(!PageUptodate(page)); wait_on_page_writeback(page); if (PagePrivate(page)) try_to_release_page(page, GFP_KERNEL); if (remove_mapping(mapping, page)) { buf->flags |= PIPE_BUF_FLAG_LRU; return 0; } } unlock_page(page); return 1; }",linux-2.6,,,205143821314378018179977543579953165281,0 4680,CWE-732,"char *M_fs_path_join_parts(const M_list_str_t *path, M_fs_system_t sys_type) { M_list_str_t *parts; const char *part; char *out; size_t len; size_t i; size_t count; if (path == NULL) { return NULL; } len = M_list_str_len(path); if (len == 0) { return NULL; } sys_type = M_fs_path_get_system_type(sys_type); parts = M_list_str_duplicate(path); for (i=len-1; i>0; i--) { part = M_list_str_at(parts, i); if (part == NULL || *part == '\0') { M_list_str_remove_at(parts, i); } } len = M_list_str_len(parts); part = M_list_str_at(parts, 0); if (len == 1 && (part == NULL || *part == '\0')) { M_list_str_destroy(parts); if (sys_type == M_FS_SYSTEM_WINDOWS) { return M_strdup(""\\\\""); } return M_strdup(""/""); } if (sys_type == M_FS_SYSTEM_WINDOWS && len > 0) { part = M_list_str_at(parts, 0); count = (len == 1) ? 2 : 1; if (part != NULL && *part == '\0') { for (i=0; iinode->i_sb; spin_lock(&sb_lock); if (sb->s_count >= S_BIAS) { atomic_inc(&sb->s_active); spin_unlock(&sb_lock); atomic_inc(&watch->count); return 1; } spin_unlock(&sb_lock); return 0; }",linux-2.6,,,304105842668552586236430661871912290405,0 2406,['CWE-119'],"void diff_q(struct diff_queue_struct *queue, struct diff_filepair *dp) { if (queue->alloc <= queue->nr) { queue->alloc = alloc_nr(queue->alloc); queue->queue = xrealloc(queue->queue, sizeof(dp) * queue->alloc); } queue->queue[queue->nr++] = dp; }",git,,,164551442203052721273243430891440007740,0 5271,['CWE-264'],"static canon_ace *canonicalise_acl(struct connection_struct *conn, const char *fname, SMB_ACL_T posix_acl, const SMB_STRUCT_STAT *psbuf, const DOM_SID *powner, const DOM_SID *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type) { mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR); canon_ace *list_head = NULL; canon_ace *ace = NULL; canon_ace *next_ace = NULL; int entry_id = SMB_ACL_FIRST_ENTRY; SMB_ACL_ENTRY_T entry; size_t ace_count; while ( posix_acl && (SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1)) { SMB_ACL_TAG_T tagtype; SMB_ACL_PERMSET_T permset; DOM_SID sid; posix_id unix_ug; enum ace_owner owner_type; if (entry_id == SMB_ACL_FIRST_ENTRY) entry_id = SMB_ACL_NEXT_ENTRY; if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1) continue; if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) continue; switch(tagtype) { case SMB_ACL_USER_OBJ: sid_copy(&sid, powner); unix_ug.uid = psbuf->st_uid; owner_type = UID_ACE; break; case SMB_ACL_USER: { uid_t *puid = (uid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry); if (puid == NULL) { DEBUG(0,(""canonicalise_acl: Failed to get uid.\n"")); continue; } if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid) { SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype); continue; } uid_to_sid( &sid, *puid); unix_ug.uid = *puid; owner_type = UID_ACE; SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype); break; } case SMB_ACL_GROUP_OBJ: sid_copy(&sid, pgroup); unix_ug.gid = psbuf->st_gid; owner_type = GID_ACE; break; case SMB_ACL_GROUP: { gid_t *pgid = (gid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry); if (pgid == NULL) { DEBUG(0,(""canonicalise_acl: Failed to get gid.\n"")); continue; } gid_to_sid( &sid, *pgid); unix_ug.gid = *pgid; owner_type = GID_ACE; SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)pgid,tagtype); break; } case SMB_ACL_MASK: acl_mask = convert_permset_to_mode_t(conn, permset); continue; case SMB_ACL_OTHER: sid = global_sid_World; unix_ug.world = -1; owner_type = WORLD_ACE; break; default: DEBUG(0,(""canonicalise_acl: Unknown tagtype %u\n"", (unsigned int)tagtype)); continue; } if ((ace = SMB_MALLOC_P(canon_ace)) == NULL) goto fail; ZERO_STRUCTP(ace); ace->type = tagtype; ace->perms = convert_permset_to_mode_t(conn, permset); ace->attr = ALLOW_ACE; ace->trustee = sid; ace->unix_ug = unix_ug; ace->owner_type = owner_type; ace->inherited = get_inherited_flag(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT)); DLIST_ADD(list_head, ace); } if (!ensure_canon_entry_valid(&list_head, conn->params, S_ISDIR(psbuf->st_mode), powner, pgroup, psbuf, False)) goto fail; DEBUG(10,(""canonicalise_acl: %s ace entries before arrange :\n"", the_acl_type == SMB_ACL_TYPE_ACCESS ? ""Access"" : ""Default"" )); for ( ace_count = 0, ace = list_head; ace; ace = next_ace, ace_count++) { next_ace = ace->next; if (ace->type != SMB_ACL_OTHER && ace->type != SMB_ACL_USER_OBJ) ace->perms &= acl_mask; if (ace->perms == 0) { DLIST_PROMOTE(list_head, ace); } if( DEBUGLVL( 10 ) ) { print_canon_ace(ace, ace_count); } } arrange_posix_perms(fname,&list_head ); print_canon_ace_list( ""canonicalise_acl: ace entries after arrange"", list_head ); return list_head; fail: free_canon_ace_list(list_head); return NULL; }",samba,,,9791504276827116669197492942593322639,0 4740,['CWE-20'],"void ext4_block_bitmap_set(struct super_block *sb, struct ext4_group_desc *bg, ext4_fsblk_t blk) { bg->bg_block_bitmap_lo = cpu_to_le32((u32)blk); if (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT) bg->bg_block_bitmap_hi = cpu_to_le32(blk >> 32); }",linux-2.6,,,178633176690275337175070898137763110483,0 736,CWE-20,"static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int copied = 0; int target; int err = 0; long timeo; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; err = -EAGAIN; if (sk->sk_state == CAIF_CONNECTING) goto out; caif_read_lock(sk); target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); do { int chunk; struct sk_buff *skb; lock_sock(sk); skb = skb_dequeue(&sk->sk_receive_queue); caif_check_flow_release(sk); if (skb == NULL) { if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; err = -ECONNRESET; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; err = -EPIPE; if (sk->sk_state != CAIF_CONNECTED) goto unlock; if (sock_flag(sk, SOCK_DEAD)) goto unlock; release_sock(sk); err = -EAGAIN; if (!timeo) break; caif_read_unlock(sk); timeo = caif_stream_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } caif_read_lock(sk); continue; unlock: release_sock(sk); break; } release_sock(sk); chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); caif_read_unlock(sk); out: return copied ? : err; }",visit repo url,net/caif/caif_socket.c,https://github.com/torvalds/linux,221882276043621,1 5101,CWE-125,"tok_get(struct tok_state *tok, char **p_start, char **p_end) { int c; int blankline, nonascii; *p_start = *p_end = NULL; nextline: tok->start = NULL; blankline = 0; if (tok->atbol) { int col = 0; int altcol = 0; tok->atbol = 0; for (;;) { c = tok_nextc(tok); if (c == ' ') { col++, altcol++; } else if (c == '\t') { col = (col / tok->tabsize + 1) * tok->tabsize; altcol = (altcol / ALTTABSIZE + 1) * ALTTABSIZE; } else if (c == '\014') { col = altcol = 0; } else { break; } } tok_backup(tok, c); if (c == '#' || c == '\n') { if (col == 0 && c == '\n' && tok->prompt != NULL) { blankline = 0; } else { blankline = 1; } } if (!blankline && tok->level == 0) { if (col == tok->indstack[tok->indent]) { if (altcol != tok->altindstack[tok->indent]) { return indenterror(tok); } } else if (col > tok->indstack[tok->indent]) { if (tok->indent+1 >= MAXINDENT) { tok->done = E_TOODEEP; tok->cur = tok->inp; return ERRORTOKEN; } if (altcol <= tok->altindstack[tok->indent]) { return indenterror(tok); } tok->pendin++; tok->indstack[++tok->indent] = col; tok->altindstack[tok->indent] = altcol; } else { while (tok->indent > 0 && col < tok->indstack[tok->indent]) { tok->pendin--; tok->indent--; } if (col != tok->indstack[tok->indent]) { tok->done = E_DEDENT; tok->cur = tok->inp; return ERRORTOKEN; } if (altcol != tok->altindstack[tok->indent]) { return indenterror(tok); } } } } tok->start = tok->cur; if (tok->pendin != 0) { if (tok->pendin < 0) { tok->pendin++; return DEDENT; } else { tok->pendin--; return INDENT; } } again: tok->start = NULL; do { c = tok_nextc(tok); } while (c == ' ' || c == '\t' || c == '\014'); tok->start = tok->cur - 1; if (c == '#') { while (c != EOF && c != '\n') { c = tok_nextc(tok); } } if (c == EOF) { return tok->done == E_EOF ? ENDMARKER : ERRORTOKEN; } nonascii = 0; if (is_potential_identifier_start(c)) { int saw_b = 0, saw_r = 0, saw_u = 0, saw_f = 0; while (1) { if (!(saw_b || saw_u || saw_f) && (c == 'b' || c == 'B')) saw_b = 1; else if (!(saw_b || saw_u || saw_r || saw_f) && (c == 'u'|| c == 'U')) { saw_u = 1; } else if (!(saw_r || saw_u) && (c == 'r' || c == 'R')) { saw_r = 1; } else if (!(saw_f || saw_b || saw_u) && (c == 'f' || c == 'F')) { saw_f = 1; } else { break; } c = tok_nextc(tok); if (c == '""' || c == '\'') { goto letter_quote; } } while (is_potential_identifier_char(c)) { if (c >= 128) { nonascii = 1; } c = tok_nextc(tok); } tok_backup(tok, c); if (nonascii && !verify_identifier(tok)) { return ERRORTOKEN; } *p_start = tok->start; *p_end = tok->cur; return NAME; } if (c == '\n') { tok->atbol = 1; if (blankline || tok->level > 0) { goto nextline; } *p_start = tok->start; *p_end = tok->cur - 1; tok->cont_line = 0; return NEWLINE; } if (c == '.') { c = tok_nextc(tok); if (isdigit(c)) { goto fraction; } else if (c == '.') { c = tok_nextc(tok); if (c == '.') { *p_start = tok->start; *p_end = tok->cur; return ELLIPSIS; } else { tok_backup(tok, c); } tok_backup(tok, '.'); } else { tok_backup(tok, c); } *p_start = tok->start; *p_end = tok->cur; return DOT; } if (isdigit(c)) { if (c == '0') { c = tok_nextc(tok); if (c == 'x' || c == 'X') { c = tok_nextc(tok); do { if (c == '_') { c = tok_nextc(tok); } if (!isxdigit(c)) { tok_backup(tok, c); return syntaxerror(tok, ""invalid hexadecimal literal""); } do { c = tok_nextc(tok); } while (isxdigit(c)); } while (c == '_'); } else if (c == 'o' || c == 'O') { c = tok_nextc(tok); do { if (c == '_') { c = tok_nextc(tok); } if (c < '0' || c >= '8') { tok_backup(tok, c); if (isdigit(c)) { return syntaxerror(tok, ""invalid digit '%c' in octal literal"", c); } else { return syntaxerror(tok, ""invalid octal literal""); } } do { c = tok_nextc(tok); } while ('0' <= c && c < '8'); } while (c == '_'); if (isdigit(c)) { return syntaxerror(tok, ""invalid digit '%c' in octal literal"", c); } } else if (c == 'b' || c == 'B') { c = tok_nextc(tok); do { if (c == '_') { c = tok_nextc(tok); } if (c != '0' && c != '1') { tok_backup(tok, c); if (isdigit(c)) { return syntaxerror(tok, ""invalid digit '%c' in binary literal"", c); } else { return syntaxerror(tok, ""invalid binary literal""); } } do { c = tok_nextc(tok); } while (c == '0' || c == '1'); } while (c == '_'); if (isdigit(c)) { return syntaxerror(tok, ""invalid digit '%c' in binary literal"", c); } } else { int nonzero = 0; while (1) { if (c == '_') { c = tok_nextc(tok); if (!isdigit(c)) { tok_backup(tok, c); return syntaxerror(tok, ""invalid decimal literal""); } } if (c != '0') { break; } c = tok_nextc(tok); } if (isdigit(c)) { nonzero = 1; c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } } if (c == '.') { c = tok_nextc(tok); goto fraction; } else if (c == 'e' || c == 'E') { goto exponent; } else if (c == 'j' || c == 'J') { goto imaginary; } else if (nonzero) { tok_backup(tok, c); return syntaxerror(tok, ""leading zeros in decimal integer "" ""literals are not permitted; "" ""use an 0o prefix for octal integers""); } } } else { c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } { if (c == '.') { c = tok_nextc(tok); fraction: if (isdigit(c)) { c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } } } if (c == 'e' || c == 'E') { int e; exponent: e = c; c = tok_nextc(tok); if (c == '+' || c == '-') { c = tok_nextc(tok); if (!isdigit(c)) { tok_backup(tok, c); return syntaxerror(tok, ""invalid decimal literal""); } } else if (!isdigit(c)) { tok_backup(tok, c); tok_backup(tok, e); *p_start = tok->start; *p_end = tok->cur; return NUMBER; } c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } } if (c == 'j' || c == 'J') { imaginary: c = tok_nextc(tok); } } } tok_backup(tok, c); *p_start = tok->start; *p_end = tok->cur; return NUMBER; } letter_quote: if (c == '\'' || c == '""') { int quote = c; int quote_size = 1; int end_quote_size = 0; tok->first_lineno = tok->lineno; tok->multi_line_start = tok->line_start; c = tok_nextc(tok); if (c == quote) { c = tok_nextc(tok); if (c == quote) { quote_size = 3; } else { end_quote_size = 1; } } if (c != quote) { tok_backup(tok, c); } while (end_quote_size != quote_size) { c = tok_nextc(tok); if (c == EOF) { if (quote_size == 3) { tok->done = E_EOFS; } else { tok->done = E_EOLS; } tok->cur = tok->inp; return ERRORTOKEN; } if (quote_size == 1 && c == '\n') { tok->done = E_EOLS; tok->cur = tok->inp; return ERRORTOKEN; } if (c == quote) { end_quote_size += 1; } else { end_quote_size = 0; if (c == '\\') { tok_nextc(tok); } } } *p_start = tok->start; *p_end = tok->cur; return STRING; } if (c == '\\') { c = tok_nextc(tok); if (c != '\n') { tok->done = E_LINECONT; tok->cur = tok->inp; return ERRORTOKEN; } tok->cont_line = 1; goto again; } { int c2 = tok_nextc(tok); int token = PyToken_TwoChars(c, c2); if (token != OP) { int c3 = tok_nextc(tok); int token3 = PyToken_ThreeChars(c, c2, c3); if (token3 != OP) { token = token3; } else { tok_backup(tok, c3); } *p_start = tok->start; *p_end = tok->cur; return token; } tok_backup(tok, c2); } switch (c) { case '(': case '[': case '{': #ifndef PGEN if (tok->level >= MAXLEVEL) { return syntaxerror(tok, ""too many nested parentheses""); } tok->parenstack[tok->level] = c; tok->parenlinenostack[tok->level] = tok->lineno; #endif tok->level++; break; case ')': case ']': case '}': #ifndef PGEN if (!tok->level) { return syntaxerror(tok, ""unmatched '%c'"", c); } #endif tok->level--; #ifndef PGEN int opening = tok->parenstack[tok->level]; if (!((opening == '(' && c == ')') || (opening == '[' && c == ']') || (opening == '{' && c == '}'))) { if (tok->parenlinenostack[tok->level] != tok->lineno) { return syntaxerror(tok, ""closing parenthesis '%c' does not match "" ""opening parenthesis '%c' on line %d"", c, opening, tok->parenlinenostack[tok->level]); } else { return syntaxerror(tok, ""closing parenthesis '%c' does not match "" ""opening parenthesis '%c'"", c, opening); } } #endif break; } *p_start = tok->start; *p_end = tok->cur; return PyToken_OneChar(c); }",visit repo url,Parser/tokenizer.c,https://github.com/python/cpython,20576532172072,1 4170,CWE-787,"InitialiseRFBConnection(rfbClient* client) { rfbProtocolVersionMsg pv; int major,minor; uint32_t authScheme; uint32_t subAuthScheme; rfbClientInitMsg ci; if (client->listenSpecified) errorMessageOnReadFailure = FALSE; if (!ReadFromRFBServer(client, pv, sz_rfbProtocolVersionMsg)) return FALSE; pv[sz_rfbProtocolVersionMsg]=0; errorMessageOnReadFailure = TRUE; pv[sz_rfbProtocolVersionMsg] = 0; if (sscanf(pv,rfbProtocolVersionFormat,&major,&minor) != 2) { rfbClientLog(""Not a valid VNC server (%s)\n"",pv); return FALSE; } DefaultSupportedMessages(client); client->major = major; client->minor = minor; if ((major==rfbProtocolMajorVersion) && (minor>rfbProtocolMinorVersion)) client->minor = rfbProtocolMinorVersion; if (major==3 && (minor==4 || minor==6)) { rfbClientLog(""UltraVNC server detected, enabling UltraVNC specific messages\n"",pv); DefaultSupportedMessagesUltraVNC(client); } if (major==3 && (minor==14 || minor==16)) { minor = minor - 10; client->minor = minor; rfbClientLog(""UltraVNC Single Click server detected, enabling UltraVNC specific messages\n"",pv); DefaultSupportedMessagesUltraVNC(client); } if (major==3 && minor==5) { rfbClientLog(""TightVNC server detected, enabling TightVNC specific messages\n"",pv); DefaultSupportedMessagesTightVNC(client); } if ((major==3 && minor>8) || major>3) { client->major=3; client->minor=8; } rfbClientLog(""VNC server supports protocol version %d.%d (viewer %d.%d)\n"", major, minor, rfbProtocolMajorVersion, rfbProtocolMinorVersion); sprintf(pv,rfbProtocolVersionFormat,client->major,client->minor); if (!WriteToRFBServer(client, pv, sz_rfbProtocolVersionMsg)) return FALSE; if (client->major==3 && client->minor > 6) { if (!ReadSupportedSecurityType(client, &authScheme, FALSE)) return FALSE; } else { if (!ReadFromRFBServer(client, (char *)&authScheme, 4)) return FALSE; authScheme = rfbClientSwap32IfLE(authScheme); } rfbClientLog(""Selected Security Scheme %d\n"", authScheme); client->authScheme = authScheme; switch (authScheme) { case rfbConnFailed: ReadReason(client); return FALSE; case rfbNoAuth: rfbClientLog(""No authentication needed\n""); if ((client->major==3 && client->minor > 7) || client->major>3) if (!rfbHandleAuthResult(client)) return FALSE; break; case rfbVncAuth: if (!HandleVncAuth(client)) return FALSE; break; #ifdef LIBVNCSERVER_HAVE_SASL case rfbSASL: if (!HandleSASLAuth(client)) return FALSE; break; #endif case rfbMSLogon: if (!HandleMSLogonAuth(client)) return FALSE; break; case rfbARD: #ifndef LIBVNCSERVER_WITH_CLIENT_GCRYPT rfbClientLog(""GCrypt support was not compiled in\n""); return FALSE; #else if (!HandleARDAuth(client)) return FALSE; #endif break; case rfbTLS: if (!HandleAnonTLSAuth(client)) return FALSE; if (!ReadSupportedSecurityType(client, &subAuthScheme, TRUE)) return FALSE; client->subAuthScheme = subAuthScheme; switch (subAuthScheme) { case rfbConnFailed: ReadReason(client); return FALSE; case rfbNoAuth: rfbClientLog(""No sub authentication needed\n""); if ((client->major==3 && client->minor > 7) || client->major>3) if (!rfbHandleAuthResult(client)) return FALSE; break; case rfbVncAuth: if (!HandleVncAuth(client)) return FALSE; break; #ifdef LIBVNCSERVER_HAVE_SASL case rfbSASL: if (!HandleSASLAuth(client)) return FALSE; break; #endif default: rfbClientLog(""Unknown sub authentication scheme from VNC server: %d\n"", (int)subAuthScheme); return FALSE; } break; case rfbVeNCrypt: if (!HandleVeNCryptAuth(client)) return FALSE; switch (client->subAuthScheme) { case rfbVeNCryptTLSNone: case rfbVeNCryptX509None: rfbClientLog(""No sub authentication needed\n""); if (!rfbHandleAuthResult(client)) return FALSE; break; case rfbVeNCryptTLSVNC: case rfbVeNCryptX509VNC: if (!HandleVncAuth(client)) return FALSE; break; case rfbVeNCryptTLSPlain: case rfbVeNCryptX509Plain: if (!HandlePlainAuth(client)) return FALSE; break; #ifdef LIBVNCSERVER_HAVE_SASL case rfbVeNCryptX509SASL: case rfbVeNCryptTLSSASL: if (!HandleSASLAuth(client)) return FALSE; break; #endif default: rfbClientLog(""Unknown sub authentication scheme from VNC server: %d\n"", client->subAuthScheme); return FALSE; } break; default: { rfbBool authHandled=FALSE; rfbClientProtocolExtension* e; for (e = rfbClientExtensions; e; e = e->next) { uint32_t const* secType; if (!e->handleAuthentication) continue; for (secType = e->securityTypes; secType && *secType; secType++) { if (authScheme==*secType) { if (!e->handleAuthentication(client, authScheme)) return FALSE; if (!rfbHandleAuthResult(client)) return FALSE; authHandled=TRUE; } } } if (authHandled) break; } rfbClientLog(""Unknown authentication scheme from VNC server: %d\n"", (int)authScheme); return FALSE; } ci.shared = (client->appData.shareDesktop ? 1 : 0); if (!WriteToRFBServer(client, (char *)&ci, sz_rfbClientInitMsg)) return FALSE; if (!ReadFromRFBServer(client, (char *)&client->si, sz_rfbServerInitMsg)) return FALSE; client->si.framebufferWidth = rfbClientSwap16IfLE(client->si.framebufferWidth); client->si.framebufferHeight = rfbClientSwap16IfLE(client->si.framebufferHeight); client->si.format.redMax = rfbClientSwap16IfLE(client->si.format.redMax); client->si.format.greenMax = rfbClientSwap16IfLE(client->si.format.greenMax); client->si.format.blueMax = rfbClientSwap16IfLE(client->si.format.blueMax); client->si.nameLength = rfbClientSwap32IfLE(client->si.nameLength); client->desktopName = malloc((uint64_t)client->si.nameLength + 1); if (!client->desktopName) { rfbClientLog(""Error allocating memory for desktop name, %lu bytes\n"", (unsigned long)client->si.nameLength); return FALSE; } if (!ReadFromRFBServer(client, client->desktopName, client->si.nameLength)) return FALSE; client->desktopName[client->si.nameLength] = 0; rfbClientLog(""Desktop name \""%s\""\n"",client->desktopName); rfbClientLog(""Connected to VNC server, using protocol version %d.%d\n"", client->major, client->minor); rfbClientLog(""VNC server default format:\n""); PrintPixelFormat(&client->si.format); return TRUE; }",visit repo url,libvncclient/rfbproto.c,https://github.com/LibVNC/libvncserver,54746275765720,1 5954,['CWE-200'],"static void inline ipv6_store_devconf(struct ipv6_devconf *cnf, __s32 *array, int bytes) { memset(array, 0, bytes); array[DEVCONF_FORWARDING] = cnf->forwarding; array[DEVCONF_HOPLIMIT] = cnf->hop_limit; array[DEVCONF_MTU6] = cnf->mtu6; array[DEVCONF_ACCEPT_RA] = cnf->accept_ra; array[DEVCONF_ACCEPT_REDIRECTS] = cnf->accept_redirects; array[DEVCONF_AUTOCONF] = cnf->autoconf; array[DEVCONF_DAD_TRANSMITS] = cnf->dad_transmits; array[DEVCONF_RTR_SOLICITS] = cnf->rtr_solicits; array[DEVCONF_RTR_SOLICIT_INTERVAL] = cnf->rtr_solicit_interval; array[DEVCONF_RTR_SOLICIT_DELAY] = cnf->rtr_solicit_delay; array[DEVCONF_FORCE_MLD_VERSION] = cnf->force_mld_version; #ifdef CONFIG_IPV6_PRIVACY array[DEVCONF_USE_TEMPADDR] = cnf->use_tempaddr; array[DEVCONF_TEMP_VALID_LFT] = cnf->temp_valid_lft; array[DEVCONF_TEMP_PREFERED_LFT] = cnf->temp_prefered_lft; array[DEVCONF_REGEN_MAX_RETRY] = cnf->regen_max_retry; array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor; #endif array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses; }",linux-2.6,,,315608834993406565176091414284656711323,0 2776,['CWE-264'],"append_frame_to_pkt( struct net_device *dev, unsigned framelen, u32 crc ) { struct net_local *nl = (struct net_local *) dev->priv; u8 *p; if( nl->inppos + framelen > ETHER_MAX_LEN ) return 0; if( !nl->rx_buf_p && !(nl->rx_buf_p = get_rx_buf( dev )) ) return 0; p = nl->rx_buf_p->data + nl->inppos; insb( dev->base_addr + DAT, p, framelen ); if( calc_crc32( crc, p, framelen ) != CRC32_REMAINDER ) return 0; nl->inppos += framelen - 4; if( --nl->wait_frameno == 0 ) indicate_pkt( dev ); return 1; }",linux-2.6,,,312391306146110266636677811605557792968,0 5489,['CWE-476'],"static int kvm_vm_ioctl_set_irqchip(struct kvm *kvm, struct kvm_irqchip *chip) { int r; r = 0; switch (chip->chip_id) { case KVM_IRQCHIP_PIC_MASTER: memcpy(&pic_irqchip(kvm)->pics[0], &chip->chip.pic, sizeof(struct kvm_pic_state)); break; case KVM_IRQCHIP_PIC_SLAVE: memcpy(&pic_irqchip(kvm)->pics[1], &chip->chip.pic, sizeof(struct kvm_pic_state)); break; case KVM_IRQCHIP_IOAPIC: memcpy(ioapic_irqchip(kvm), &chip->chip.ioapic, sizeof(struct kvm_ioapic_state)); break; default: r = -EINVAL; break; } kvm_pic_update_irq(pic_irqchip(kvm)); return r; }",linux-2.6,,,239644307678259711994388076655194166433,0 38,CWE-763,"spnego_gss_process_context_token( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t token_buffer) { OM_uint32 ret; ret = gss_process_context_token(minor_status, context_handle, token_buffer); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,211426807804061,1 3652,['CWE-287'],"void sctp_assoc_control_transport(struct sctp_association *asoc, struct sctp_transport *transport, sctp_transport_cmd_t command, sctp_sn_error_t error) { struct sctp_transport *t = NULL; struct sctp_transport *first; struct sctp_transport *second; struct sctp_ulpevent *event; struct sockaddr_storage addr; int spc_state = 0; switch (command) { case SCTP_TRANSPORT_UP: if (SCTP_UNCONFIRMED == transport->state && SCTP_HEARTBEAT_SUCCESS == error) spc_state = SCTP_ADDR_CONFIRMED; else spc_state = SCTP_ADDR_AVAILABLE; transport->state = SCTP_ACTIVE; break; case SCTP_TRANSPORT_DOWN: if (transport->state != SCTP_UNCONFIRMED) transport->state = SCTP_INACTIVE; spc_state = SCTP_ADDR_UNREACHABLE; break; default: return; } memset(&addr, 0, sizeof(struct sockaddr_storage)); memcpy(&addr, &transport->ipaddr, transport->af_specific->sockaddr_len); event = sctp_ulpevent_make_peer_addr_change(asoc, &addr, 0, spc_state, error, GFP_ATOMIC); if (event) sctp_ulpq_tail_event(&asoc->ulpq, event); first = NULL; second = NULL; list_for_each_entry(t, &asoc->peer.transport_addr_list, transports) { if ((t->state == SCTP_INACTIVE) || (t->state == SCTP_UNCONFIRMED)) continue; if (!first || t->last_time_heard > first->last_time_heard) { second = first; first = t; } if (!second || t->last_time_heard > second->last_time_heard) second = t; } if (((asoc->peer.primary_path->state == SCTP_ACTIVE) || (asoc->peer.primary_path->state == SCTP_UNKNOWN)) && first != asoc->peer.primary_path) { second = first; first = asoc->peer.primary_path; } if (!first) { first = asoc->peer.primary_path; second = asoc->peer.primary_path; } asoc->peer.active_path = first; asoc->peer.retran_path = second; }",linux-2.6,,,64730547844505257479821076710610586636,0 188,CWE-476,"void jfs_evict_inode(struct inode *inode) { struct jfs_inode_info *ji = JFS_IP(inode); jfs_info(""In jfs_evict_inode, inode = 0x%p"", inode); if (!inode->i_nlink && !is_bad_inode(inode)) { dquot_initialize(inode); if (JFS_IP(inode)->fileset == FILESYSTEM_I) { truncate_inode_pages_final(&inode->i_data); if (test_cflag(COMMIT_Freewmap, inode)) jfs_free_zero_link(inode); if (JFS_SBI(inode->i_sb)->ipimap) diFree(inode); dquot_free_inode(inode); } } else { truncate_inode_pages_final(&inode->i_data); } clear_inode(inode); dquot_drop(inode); BUG_ON(!list_empty(&ji->anon_inode_list)); spin_lock_irq(&ji->ag_lock); if (ji->active_ag != -1) { struct bmap *bmap = JFS_SBI(inode->i_sb)->bmap; atomic_dec(&bmap->db_active[ji->active_ag]); ji->active_ag = -1; } spin_unlock_irq(&ji->ag_lock); }",visit repo url,fs/jfs/inode.c,https://github.com/torvalds/linux,204115704852331,1 5582,[],"static void ptrace_stop(int exit_code, int clear_code, siginfo_t *info) { if (arch_ptrace_stop_needed(exit_code, info)) { spin_unlock_irq(¤t->sighand->siglock); arch_ptrace_stop(exit_code, info); spin_lock_irq(¤t->sighand->siglock); if (sigkill_pending(current)) return; } if (current->signal->group_stop_count > 0) --current->signal->group_stop_count; current->last_siginfo = info; current->exit_code = exit_code; __set_current_state(TASK_TRACED); spin_unlock_irq(¤t->sighand->siglock); read_lock(&tasklist_lock); if (may_ptrace_stop()) { do_notify_parent_cldstop(current, CLD_TRAPPED); preempt_disable(); read_unlock(&tasklist_lock); preempt_enable_no_resched(); schedule(); } else { __set_current_state(TASK_RUNNING); if (clear_code) current->exit_code = 0; read_unlock(&tasklist_lock); } try_to_freeze(); spin_lock_irq(¤t->sighand->siglock); current->last_siginfo = NULL; recalc_sigpending_tsk(current); }",linux-2.6,,,296026524703743547741937761092521579874,0 5132,['CWE-20'],"static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg) { __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail); switch (reg) { case VCPU_REGS_RSP: vcpu->arch.regs[VCPU_REGS_RSP] = vmcs_readl(GUEST_RSP); break; case VCPU_REGS_RIP: vcpu->arch.regs[VCPU_REGS_RIP] = vmcs_readl(GUEST_RIP); break; default: break; } }",linux-2.6,,,86279566863448618976338357425848509622,0 2199,['CWE-193'],"size_t iov_iter_copy_from_user(struct page *page, struct iov_iter *i, unsigned long offset, size_t bytes) { char *kaddr; size_t copied; kaddr = kmap(page); if (likely(i->nr_segs == 1)) { int left; char __user *buf = i->iov->iov_base + i->iov_offset; left = __copy_from_user_nocache(kaddr + offset, buf, bytes); copied = bytes - left; } else { copied = __iovec_copy_from_user_inatomic(kaddr + offset, i->iov, i->iov_offset, bytes); } kunmap(page); return copied; }",linux-2.6,,,35361213265738225754631448407174632458,0 3024,['CWE-189'],"int jpc_enc_encodetiledata(jpc_enc_t *enc) { assert(enc->tmpstream); if (jpc_enc_encpkts(enc, enc->tmpstream)) { return -1; } return 0; }",jasper,,,123738674381446912781307461787610312869,0 6561,CWE-134,"static void prekey_handler(const char *userid, const uint8_t *key, size_t key_len, uint16_t id, const char *clientid, bool last, void *arg) { struct session *sess; char lclientid[64]; int err; output(""prekey_handler: %zu bytes, user:%s[%u] -> %s\n"", key_len, userid, id, clientid); err = client_id_load(lclientid, sizeof(lclientid)); if (err) { debug(""my clientid not set -- cannot store prekeys\n""); return; } sess = cryptobox_session_find(g_cryptobox, userid, clientid, lclientid); if (sess) { output(""prekey: session found\n""); } else { info(""conv: adding key to cryptobox for clientid=%s\n"", clientid); err = cryptobox_session_add_send(g_cryptobox, userid, clientid, lclientid, key, key_len); if (err) { warning(""cryptobox_session_add_send failed (%m)\n"", err); } } }",visit repo url,tools/zcall/conv.c,https://github.com/wireapp/wire-avs,140925588307433,1 3368,[],"static inline int nla_get_flag(struct nlattr *nla) { return !!nla; }",linux-2.6,,,202873191219805615235012497265750259957,0 3439,CWE-119,"void show_object_with_name(FILE *out, struct object *obj, struct strbuf *path, const char *component) { char *name = path_name(path, component); char *p; fprintf(out, ""%s "", oid_to_hex(&obj->oid)); for (p = name; *p && *p != '\n'; p++) fputc(*p, out); fputc('\n', out); free(name); }",visit repo url,revision.c,https://github.com/git/git,239064812361754,1 6303,CWE-295,"static LUA_FUNCTION(openssl_x509_check_ip_asc) { X509 * cert = CHECK_OBJECT(1, X509, ""openssl.x509""); if (lua_isstring(L, 2)) { const char *ip_asc = lua_tostring(L, 2); lua_pushboolean(L, X509_check_ip_asc(cert, ip_asc, 0)); } else { lua_pushboolean(L, 0); } return 1; }",visit repo url,src/x509.c,https://github.com/zhaozg/lua-openssl,111071188855268,1 4624,CWE-476,"void AV1_RewriteESDescriptorEx(GF_MPEGVisualSampleEntryBox *av1, GF_MediaBox *mdia) { GF_BitRateBox *btrt = gf_isom_sample_entry_get_bitrate((GF_SampleEntryBox *)av1, GF_FALSE); if (av1->emul_esd) gf_odf_desc_del((GF_Descriptor *)av1->emul_esd); av1->emul_esd = gf_odf_desc_esd_new(2); av1->emul_esd->decoderConfig->streamType = GF_STREAM_VISUAL; av1->emul_esd->decoderConfig->objectTypeIndication = GF_CODECID_AV1; if (btrt) { av1->emul_esd->decoderConfig->bufferSizeDB = btrt->bufferSizeDB; av1->emul_esd->decoderConfig->avgBitrate = btrt->avgBitrate; av1->emul_esd->decoderConfig->maxBitrate = btrt->maxBitrate; } if (av1->av1_config) { GF_AV1Config *av1_cfg = AV1_DuplicateConfig(av1->av1_config->config); if (av1_cfg) { gf_odf_av1_cfg_write(av1_cfg, &av1->emul_esd->decoderConfig->decoderSpecificInfo->data, &av1->emul_esd->decoderConfig->decoderSpecificInfo->dataLength); gf_odf_av1_cfg_del(av1_cfg); } } }",visit repo url,src/isomedia/avc_ext.c,https://github.com/gpac/gpac,172324761703489,1 4993,CWE-125,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 4502,CWE-617,"static u8 BS_ReadByte(GF_BitStream *bs) { Bool is_eos; if (bs->bsmode == GF_BITSTREAM_READ) { u8 res; if (bs->position >= bs->size) { if (bs->EndOfStream) bs->EndOfStream(bs->par); if (!bs->overflow_state) bs->overflow_state = 1; return 0; } res = bs->original[bs->position++]; if (bs->remove_emul_prevention_byte) { if ((bs->nb_zeros==2) && (res==0x03) && (bs->positionsize) && (bs->original[bs->position]<0x04)) { bs->nb_zeros = 0; res = bs->original[bs->position++]; } if (!res) bs->nb_zeros++; else bs->nb_zeros = 0; } return res; } if (bs->cache_write) bs_flush_write_cache(bs); is_eos = gf_feof(bs->stream); if (!is_eos || bs->cache_read) { u8 res; Bool loc_eos=GF_FALSE; assert(bs->position<=bs->size); bs->position++; res = gf_bs_load_byte(bs, &loc_eos); if (loc_eos) goto bs_eof; if (bs->remove_emul_prevention_byte) { if ((bs->nb_zeros==2) && (res==0x03) && (bs->positionsize)) { u8 next = gf_bs_load_byte(bs, &loc_eos); if (next < 0x04) { bs->nb_zeros = 0; res = next; bs->position++; } else { gf_bs_seek(bs, bs->position); } } if (!res) bs->nb_zeros++; else bs->nb_zeros = 0; } return res; } bs_eof: if (bs->EndOfStream) { bs->EndOfStream(bs->par); if (!bs->overflow_state) bs->overflow_state = 1; } else { GF_LOG(GF_LOG_ERROR, GF_LOG_CORE, (""[BS] Attempt to overread bitstream\n"")); } assert(bs->position <= 1+bs->size); return 0; }",visit repo url,src/utils/bitstream.c,https://github.com/gpac/gpac,87962254464736,1 6547,NVD-CWE-noinfo,"find_jws(struct tang_keys_info* tki, const char* thp) { if (!tki) { return NULL; } if (thp == NULL) { json_auto_t* jws = jwk_sign(tki->m_payload, tki->m_sign); if (!jws) { return NULL; } return json_incref(jws); } return find_by_thp(tki, thp); }",visit repo url,src/keys.c,https://github.com/latchset/tang,278843159600371,1 5482,['CWE-476'],"void kvm_arch_check_processor_compat(void *rtn) { kvm_x86_ops->check_processor_compatibility(rtn); }",linux-2.6,,,134330510959132043809160832415521689291,0 5640,CWE-125,"decode_bytes_with_escapes(struct compiling *c, const node *n, const char *s, size_t len) { return PyBytes_DecodeEscape(s, len, NULL, 0, NULL); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,79956670048172,1 2034,NVD-CWE-noinfo,"static inline void xen_evtchn_handle_events(unsigned cpu) { return evtchn_ops->handle_events(cpu); }",visit repo url,drivers/xen/events/events_internal.h,https://github.com/torvalds/linux,171555500065023,1 2736,CWE-190,"void gdImageCopyMerge (gdImagePtr dst, gdImagePtr src, int dstX, int dstY, int srcX, int srcY, int w, int h, int pct) { int c, dc; int x, y; int tox, toy; int ncR, ncG, ncB; toy = dstY; for (y = srcY; y < (srcY + h); y++) { tox = dstX; for (x = srcX; x < (srcX + w); x++) { int nc; c = gdImageGetPixel(src, x, y); if (gdImageGetTransparent(src) == c) { tox++; continue; } if (dst == src) { nc = c; } else { dc = gdImageGetPixel(dst, tox, toy); ncR = (int)(gdImageRed (src, c) * (pct / 100.0) + gdImageRed (dst, dc) * ((100 - pct) / 100.0)); ncG = (int)(gdImageGreen (src, c) * (pct / 100.0) + gdImageGreen (dst, dc) * ((100 - pct) / 100.0)); ncB = (int)(gdImageBlue (src, c) * (pct / 100.0) + gdImageBlue (dst, dc) * ((100 - pct) / 100.0)); nc = gdImageColorResolve (dst, ncR, ncG, ncB); } gdImageSetPixel (dst, tox, toy, nc); tox++; } toy++; } }",visit repo url,ext/gd/libgd/gd.c,https://github.com/php/php-src,209459907722526,1 3285,CWE-787,"p_ntp_time(netdissect_options *ndo, const struct l_fixedpt *lfp) { uint32_t i; uint32_t uf; uint32_t f; double ff; i = GET_BE_U_4(lfp->int_part); uf = GET_BE_U_4(lfp->fraction); ff = uf; if (ff < 0.0) ff += FMAXINT; ff = ff / FMAXINT; f = (uint32_t)(ff * 1000000000.0); ND_PRINT(""%u.%09u"", i, f); if (i) { int64_t seconds_64bit = (int64_t)i - JAN_1970; time_t seconds; struct tm *tm; char time_buf[128]; seconds = (time_t)seconds_64bit; if (seconds != seconds_64bit) { ND_PRINT("" (unrepresentable)""); } else { tm = gmtime(&seconds); if (tm == NULL) { ND_PRINT("" (unrepresentable)""); } else { strftime(time_buf, sizeof (time_buf), ""%Y-%m-%dT%H:%M:%SZ"", tm); ND_PRINT("" (%s)"", time_buf); } } } }",visit repo url,ntp.c,https://github.com/the-tcpdump-group/tcpdump,50791706101840,1 2323,CWE-125,"static inline void get_conn_text(const conn *c, const int af, char* addr, struct sockaddr *sock_addr) { char addr_text[MAXPATHLEN]; addr_text[0] = '\0'; const char *protoname = ""?""; unsigned short port = 0; switch (af) { case AF_INET: (void) inet_ntop(af, &((struct sockaddr_in *)sock_addr)->sin_addr, addr_text, sizeof(addr_text) - 1); port = ntohs(((struct sockaddr_in *)sock_addr)->sin_port); protoname = IS_UDP(c->transport) ? ""udp"" : ""tcp""; break; case AF_INET6: addr_text[0] = '['; addr_text[1] = '\0'; if (inet_ntop(af, &((struct sockaddr_in6 *)sock_addr)->sin6_addr, addr_text + 1, sizeof(addr_text) - 2)) { strcat(addr_text, ""]""); } port = ntohs(((struct sockaddr_in6 *)sock_addr)->sin6_port); protoname = IS_UDP(c->transport) ? ""udp6"" : ""tcp6""; break; case AF_UNIX: strncpy(addr_text, ((struct sockaddr_un *)sock_addr)->sun_path, sizeof(addr_text) - 1); addr_text[sizeof(addr_text)-1] = '\0'; protoname = ""unix""; break; } if (strlen(addr_text) < 2) { sprintf(addr_text, """", af); } if (port) { sprintf(addr, ""%s:%s:%u"", protoname, addr_text, port); } else { sprintf(addr, ""%s:%s"", protoname, addr_text); } }",visit repo url,memcached.c,https://github.com/memcached/memcached,247903013593437,1 4708,['CWE-20']," __acquires(kernel_lock) { struct buffer_head *bh; struct ext4_super_block *es = NULL; struct ext4_sb_info *sbi; ext4_fsblk_t block; ext4_fsblk_t sb_block = get_sb_block(&data); ext4_fsblk_t logical_sb_block; unsigned long offset = 0; unsigned long journal_devnum = 0; unsigned long def_mount_opts; struct inode *root; char *cp; const char *descr; int ret = -EINVAL; int blocksize; unsigned int db_count; unsigned int i; int needs_recovery, has_huge_files; int features; __u64 blocks_count; int err; unsigned int journal_ioprio = DEFAULT_JOURNAL_IOPRIO; sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); if (!sbi) return -ENOMEM; sb->s_fs_info = sbi; sbi->s_mount_opt = 0; sbi->s_resuid = EXT4_DEF_RESUID; sbi->s_resgid = EXT4_DEF_RESGID; sbi->s_inode_readahead_blks = EXT4_DEF_INODE_READAHEAD_BLKS; sbi->s_sb_block = sb_block; unlock_kernel(); for (cp = sb->s_id; (cp = strchr(cp, '/'));) *cp = '!'; blocksize = sb_min_blocksize(sb, EXT4_MIN_BLOCK_SIZE); if (!blocksize) { printk(KERN_ERR ""EXT4-fs: unable to set blocksize\n""); goto out_fail; } if (blocksize != EXT4_MIN_BLOCK_SIZE) { logical_sb_block = sb_block * EXT4_MIN_BLOCK_SIZE; offset = do_div(logical_sb_block, blocksize); } else { logical_sb_block = sb_block; } if (!(bh = sb_bread(sb, logical_sb_block))) { printk(KERN_ERR ""EXT4-fs: unable to read superblock\n""); goto out_fail; } es = (struct ext4_super_block *) (((char *)bh->b_data) + offset); sbi->s_es = es; sb->s_magic = le16_to_cpu(es->s_magic); if (sb->s_magic != EXT4_SUPER_MAGIC) goto cantfind_ext4; def_mount_opts = le32_to_cpu(es->s_default_mount_opts); if (def_mount_opts & EXT4_DEFM_DEBUG) set_opt(sbi->s_mount_opt, DEBUG); if (def_mount_opts & EXT4_DEFM_BSDGROUPS) set_opt(sbi->s_mount_opt, GRPID); if (def_mount_opts & EXT4_DEFM_UID16) set_opt(sbi->s_mount_opt, NO_UID32); #ifdef CONFIG_EXT4_FS_XATTR if (def_mount_opts & EXT4_DEFM_XATTR_USER) set_opt(sbi->s_mount_opt, XATTR_USER); #endif #ifdef CONFIG_EXT4_FS_POSIX_ACL if (def_mount_opts & EXT4_DEFM_ACL) set_opt(sbi->s_mount_opt, POSIX_ACL); #endif if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_DATA) sbi->s_mount_opt |= EXT4_MOUNT_JOURNAL_DATA; else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_ORDERED) sbi->s_mount_opt |= EXT4_MOUNT_ORDERED_DATA; else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_WBACK) sbi->s_mount_opt |= EXT4_MOUNT_WRITEBACK_DATA; if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC) set_opt(sbi->s_mount_opt, ERRORS_PANIC); else if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_CONTINUE) set_opt(sbi->s_mount_opt, ERRORS_CONT); else set_opt(sbi->s_mount_opt, ERRORS_RO); sbi->s_resuid = le16_to_cpu(es->s_def_resuid); sbi->s_resgid = le16_to_cpu(es->s_def_resgid); sbi->s_commit_interval = JBD2_DEFAULT_MAX_COMMIT_AGE * HZ; sbi->s_min_batch_time = EXT4_DEF_MIN_BATCH_TIME; sbi->s_max_batch_time = EXT4_DEF_MAX_BATCH_TIME; set_opt(sbi->s_mount_opt, RESERVATION); set_opt(sbi->s_mount_opt, BARRIER); if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_EXTENTS)) set_opt(sbi->s_mount_opt, EXTENTS); else ext4_warning(sb, __func__, ""extents feature not enabled on this filesystem, "" ""use tune2fs.""); set_opt(sbi->s_mount_opt, DELALLOC); if (!parse_options((char *) data, sb, &journal_devnum, &journal_ioprio, NULL, 0)) goto failed_mount; sb->s_flags = (sb->s_flags & ~MS_POSIXACL) | ((sbi->s_mount_opt & EXT4_MOUNT_POSIX_ACL) ? MS_POSIXACL : 0); if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV && (EXT4_HAS_COMPAT_FEATURE(sb, ~0U) || EXT4_HAS_RO_COMPAT_FEATURE(sb, ~0U) || EXT4_HAS_INCOMPAT_FEATURE(sb, ~0U))) printk(KERN_WARNING ""EXT4-fs warning: feature flags set on rev 0 fs, "" ""running e2fsck is recommended\n""); features = EXT4_HAS_INCOMPAT_FEATURE(sb, ~EXT4_FEATURE_INCOMPAT_SUPP); if (features) { printk(KERN_ERR ""EXT4-fs: %s: couldn't mount because of "" ""unsupported optional features (%x).\n"", sb->s_id, (le32_to_cpu(EXT4_SB(sb)->s_es->s_feature_incompat) & ~EXT4_FEATURE_INCOMPAT_SUPP)); goto failed_mount; } features = EXT4_HAS_RO_COMPAT_FEATURE(sb, ~EXT4_FEATURE_RO_COMPAT_SUPP); if (!(sb->s_flags & MS_RDONLY) && features) { printk(KERN_ERR ""EXT4-fs: %s: couldn't mount RDWR because of "" ""unsupported optional features (%x).\n"", sb->s_id, (le32_to_cpu(EXT4_SB(sb)->s_es->s_feature_ro_compat) & ~EXT4_FEATURE_RO_COMPAT_SUPP)); goto failed_mount; } has_huge_files = EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_HUGE_FILE); if (has_huge_files) { if (sizeof(root->i_blocks) < sizeof(u64) && !(sb->s_flags & MS_RDONLY)) { printk(KERN_ERR ""EXT4-fs: %s: Filesystem with huge "" ""files cannot be mounted read-write "" ""without CONFIG_LBD.\n"", sb->s_id); goto failed_mount; } } blocksize = BLOCK_SIZE << le32_to_cpu(es->s_log_block_size); if (blocksize < EXT4_MIN_BLOCK_SIZE || blocksize > EXT4_MAX_BLOCK_SIZE) { printk(KERN_ERR ""EXT4-fs: Unsupported filesystem blocksize %d on %s.\n"", blocksize, sb->s_id); goto failed_mount; } if (sb->s_blocksize != blocksize) { if (!sb_set_blocksize(sb, blocksize)) { printk(KERN_ERR ""EXT4-fs: bad block size %d.\n"", blocksize); goto failed_mount; } brelse(bh); logical_sb_block = sb_block * EXT4_MIN_BLOCK_SIZE; offset = do_div(logical_sb_block, blocksize); bh = sb_bread(sb, logical_sb_block); if (!bh) { printk(KERN_ERR ""EXT4-fs: Can't read superblock on 2nd try.\n""); goto failed_mount; } es = (struct ext4_super_block *)(((char *)bh->b_data) + offset); sbi->s_es = es; if (es->s_magic != cpu_to_le16(EXT4_SUPER_MAGIC)) { printk(KERN_ERR ""EXT4-fs: Magic mismatch, very weird !\n""); goto failed_mount; } } sbi->s_bitmap_maxbytes = ext4_max_bitmap_size(sb->s_blocksize_bits, has_huge_files); sb->s_maxbytes = ext4_max_size(sb->s_blocksize_bits, has_huge_files); if (le32_to_cpu(es->s_rev_level) == EXT4_GOOD_OLD_REV) { sbi->s_inode_size = EXT4_GOOD_OLD_INODE_SIZE; sbi->s_first_ino = EXT4_GOOD_OLD_FIRST_INO; } else { sbi->s_inode_size = le16_to_cpu(es->s_inode_size); sbi->s_first_ino = le32_to_cpu(es->s_first_ino); if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) || (!is_power_of_2(sbi->s_inode_size)) || (sbi->s_inode_size > blocksize)) { printk(KERN_ERR ""EXT4-fs: unsupported inode size: %d\n"", sbi->s_inode_size); goto failed_mount; } if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) sb->s_time_gran = 1 << (EXT4_EPOCH_BITS - 2); } sbi->s_desc_size = le16_to_cpu(es->s_desc_size); if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_64BIT)) { if (sbi->s_desc_size < EXT4_MIN_DESC_SIZE_64BIT || sbi->s_desc_size > EXT4_MAX_DESC_SIZE || !is_power_of_2(sbi->s_desc_size)) { printk(KERN_ERR ""EXT4-fs: unsupported descriptor size %lu\n"", sbi->s_desc_size); goto failed_mount; } } else sbi->s_desc_size = EXT4_MIN_DESC_SIZE; sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group); sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group); if (EXT4_INODE_SIZE(sb) == 0 || EXT4_INODES_PER_GROUP(sb) == 0) goto cantfind_ext4; sbi->s_inodes_per_block = blocksize / EXT4_INODE_SIZE(sb); if (sbi->s_inodes_per_block == 0) goto cantfind_ext4; sbi->s_itb_per_group = sbi->s_inodes_per_group / sbi->s_inodes_per_block; sbi->s_desc_per_block = blocksize / EXT4_DESC_SIZE(sb); sbi->s_sbh = bh; sbi->s_mount_state = le16_to_cpu(es->s_state); sbi->s_addr_per_block_bits = ilog2(EXT4_ADDR_PER_BLOCK(sb)); sbi->s_desc_per_block_bits = ilog2(EXT4_DESC_PER_BLOCK(sb)); for (i = 0; i < 4; i++) sbi->s_hash_seed[i] = le32_to_cpu(es->s_hash_seed[i]); sbi->s_def_hash_version = es->s_def_hash_version; i = le32_to_cpu(es->s_flags); if (i & EXT2_FLAGS_UNSIGNED_HASH) sbi->s_hash_unsigned = 3; else if ((i & EXT2_FLAGS_SIGNED_HASH) == 0) { #ifdef __CHAR_UNSIGNED__ es->s_flags |= cpu_to_le32(EXT2_FLAGS_UNSIGNED_HASH); sbi->s_hash_unsigned = 3; #else es->s_flags |= cpu_to_le32(EXT2_FLAGS_SIGNED_HASH); #endif sb->s_dirt = 1; } if (sbi->s_blocks_per_group > blocksize * 8) { printk(KERN_ERR ""EXT4-fs: #blocks per group too big: %lu\n"", sbi->s_blocks_per_group); goto failed_mount; } if (sbi->s_inodes_per_group > blocksize * 8) { printk(KERN_ERR ""EXT4-fs: #inodes per group too big: %lu\n"", sbi->s_inodes_per_group); goto failed_mount; } if (ext4_blocks_count(es) > (sector_t)(~0ULL) >> (sb->s_blocksize_bits - 9)) { printk(KERN_ERR ""EXT4-fs: filesystem on %s:"" "" too large to mount safely\n"", sb->s_id); if (sizeof(sector_t) < 8) printk(KERN_WARNING ""EXT4-fs: CONFIG_LBD not "" ""enabled\n""); goto failed_mount; } if (EXT4_BLOCKS_PER_GROUP(sb) == 0) goto cantfind_ext4; if (le32_to_cpu(es->s_first_data_block) >= ext4_blocks_count(es)) { printk(KERN_WARNING ""EXT4-fs: bad geometry: first data"" ""block %u is beyond end of filesystem (%llu)\n"", le32_to_cpu(es->s_first_data_block), ext4_blocks_count(es)); goto failed_mount; } blocks_count = (ext4_blocks_count(es) - le32_to_cpu(es->s_first_data_block) + EXT4_BLOCKS_PER_GROUP(sb) - 1); do_div(blocks_count, EXT4_BLOCKS_PER_GROUP(sb)); if (blocks_count > ((uint64_t)1<<32) - EXT4_DESC_PER_BLOCK(sb)) { printk(KERN_WARNING ""EXT4-fs: groups count too large: %u "" ""(block count %llu, first data block %u, "" ""blocks per group %lu)\n"", sbi->s_groups_count, ext4_blocks_count(es), le32_to_cpu(es->s_first_data_block), EXT4_BLOCKS_PER_GROUP(sb)); goto failed_mount; } sbi->s_groups_count = blocks_count; db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) / EXT4_DESC_PER_BLOCK(sb); sbi->s_group_desc = kmalloc(db_count * sizeof(struct buffer_head *), GFP_KERNEL); if (sbi->s_group_desc == NULL) { printk(KERN_ERR ""EXT4-fs: not enough memory\n""); goto failed_mount; } #ifdef CONFIG_PROC_FS if (ext4_proc_root) sbi->s_proc = proc_mkdir(sb->s_id, ext4_proc_root); if (sbi->s_proc) proc_create_data(""inode_readahead_blks"", 0644, sbi->s_proc, &ext4_ui_proc_fops, &sbi->s_inode_readahead_blks); #endif bgl_lock_init(&sbi->s_blockgroup_lock); for (i = 0; i < db_count; i++) { block = descriptor_loc(sb, logical_sb_block, i); sbi->s_group_desc[i] = sb_bread(sb, block); if (!sbi->s_group_desc[i]) { printk(KERN_ERR ""EXT4-fs: "" ""can't read group descriptor %d\n"", i); db_count = i; goto failed_mount2; } } if (!ext4_check_descriptors(sb)) { printk(KERN_ERR ""EXT4-fs: group descriptors corrupted!\n""); goto failed_mount2; } if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) if (!ext4_fill_flex_info(sb)) { printk(KERN_ERR ""EXT4-fs: unable to initialize "" ""flex_bg meta info!\n""); goto failed_mount2; } sbi->s_gdb_count = db_count; get_random_bytes(&sbi->s_next_generation, sizeof(u32)); spin_lock_init(&sbi->s_next_gen_lock); err = percpu_counter_init(&sbi->s_freeblocks_counter, ext4_count_free_blocks(sb)); if (!err) { err = percpu_counter_init(&sbi->s_freeinodes_counter, ext4_count_free_inodes(sb)); } if (!err) { err = percpu_counter_init(&sbi->s_dirs_counter, ext4_count_dirs(sb)); } if (!err) { err = percpu_counter_init(&sbi->s_dirtyblocks_counter, 0); } if (err) { printk(KERN_ERR ""EXT4-fs: insufficient memory\n""); goto failed_mount3; } sbi->s_stripe = ext4_get_stripe_size(sbi); sb->s_op = &ext4_sops; sb->s_export_op = &ext4_export_ops; sb->s_xattr = ext4_xattr_handlers; #ifdef CONFIG_QUOTA sb->s_qcop = &ext4_qctl_operations; sb->dq_op = &ext4_quota_operations; #endif INIT_LIST_HEAD(&sbi->s_orphan); sb->s_root = NULL; needs_recovery = (es->s_last_orphan != 0 || EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER)); if (!test_opt(sb, NOLOAD) && EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)) { if (ext4_load_journal(sb, es, journal_devnum)) goto failed_mount3; if (!(sb->s_flags & MS_RDONLY) && EXT4_SB(sb)->s_journal->j_failed_commit) { printk(KERN_CRIT ""EXT4-fs error (device %s): "" ""ext4_fill_super: Journal transaction "" ""%u is corrupt\n"", sb->s_id, EXT4_SB(sb)->s_journal->j_failed_commit); if (test_opt(sb, ERRORS_RO)) { printk(KERN_CRIT ""Mounting filesystem read-only\n""); sb->s_flags |= MS_RDONLY; EXT4_SB(sb)->s_mount_state |= EXT4_ERROR_FS; es->s_state |= cpu_to_le16(EXT4_ERROR_FS); } if (test_opt(sb, ERRORS_PANIC)) { EXT4_SB(sb)->s_mount_state |= EXT4_ERROR_FS; es->s_state |= cpu_to_le16(EXT4_ERROR_FS); ext4_commit_super(sb, es, 1); goto failed_mount4; } } } else if (test_opt(sb, NOLOAD) && !(sb->s_flags & MS_RDONLY) && EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER)) { printk(KERN_ERR ""EXT4-fs: required journal recovery "" ""suppressed and not mounted read-only\n""); goto failed_mount4; } else { clear_opt(sbi->s_mount_opt, DATA_FLAGS); set_opt(sbi->s_mount_opt, WRITEBACK_DATA); sbi->s_journal = NULL; needs_recovery = 0; goto no_journal; } if (ext4_blocks_count(es) > 0xffffffffULL && !jbd2_journal_set_features(EXT4_SB(sb)->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_64BIT)) { printk(KERN_ERR ""ext4: Failed to set 64-bit journal feature\n""); goto failed_mount4; } if (test_opt(sb, JOURNAL_ASYNC_COMMIT)) { jbd2_journal_set_features(sbi->s_journal, JBD2_FEATURE_COMPAT_CHECKSUM, 0, JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT); } else if (test_opt(sb, JOURNAL_CHECKSUM)) { jbd2_journal_set_features(sbi->s_journal, JBD2_FEATURE_COMPAT_CHECKSUM, 0, 0); jbd2_journal_clear_features(sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT); } else { jbd2_journal_clear_features(sbi->s_journal, JBD2_FEATURE_COMPAT_CHECKSUM, 0, JBD2_FEATURE_INCOMPAT_ASYNC_COMMIT); } switch (test_opt(sb, DATA_FLAGS)) { case 0: if (jbd2_journal_check_available_features (sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_REVOKE)) set_opt(sbi->s_mount_opt, ORDERED_DATA); else set_opt(sbi->s_mount_opt, JOURNAL_DATA); break; case EXT4_MOUNT_ORDERED_DATA: case EXT4_MOUNT_WRITEBACK_DATA: if (!jbd2_journal_check_available_features (sbi->s_journal, 0, 0, JBD2_FEATURE_INCOMPAT_REVOKE)) { printk(KERN_ERR ""EXT4-fs: Journal does not support "" ""requested data journaling mode\n""); goto failed_mount4; } default: break; } set_task_ioprio(sbi->s_journal->j_task, journal_ioprio); no_journal: if (test_opt(sb, NOBH)) { if (!(test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_WRITEBACK_DATA)) { printk(KERN_WARNING ""EXT4-fs: Ignoring nobh option - "" ""its supported only with writeback mode\n""); clear_opt(sbi->s_mount_opt, NOBH); } } root = ext4_iget(sb, EXT4_ROOT_INO); if (IS_ERR(root)) { printk(KERN_ERR ""EXT4-fs: get root inode failed\n""); ret = PTR_ERR(root); goto failed_mount4; } if (!S_ISDIR(root->i_mode) || !root->i_blocks || !root->i_size) { iput(root); printk(KERN_ERR ""EXT4-fs: corrupt root inode, run e2fsck\n""); goto failed_mount4; } sb->s_root = d_alloc_root(root); if (!sb->s_root) { printk(KERN_ERR ""EXT4-fs: get root dentry failed\n""); iput(root); ret = -ENOMEM; goto failed_mount4; } ext4_setup_super(sb, es, sb->s_flags & MS_RDONLY); if (sbi->s_inode_size > EXT4_GOOD_OLD_INODE_SIZE) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; if (EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_EXTRA_ISIZE)) { if (sbi->s_want_extra_isize < le16_to_cpu(es->s_want_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_want_extra_isize); if (sbi->s_want_extra_isize < le16_to_cpu(es->s_min_extra_isize)) sbi->s_want_extra_isize = le16_to_cpu(es->s_min_extra_isize); } } if (EXT4_GOOD_OLD_INODE_SIZE + sbi->s_want_extra_isize > sbi->s_inode_size) { sbi->s_want_extra_isize = sizeof(struct ext4_inode) - EXT4_GOOD_OLD_INODE_SIZE; printk(KERN_INFO ""EXT4-fs: required extra inode space not"" ""available.\n""); } if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) { printk(KERN_WARNING ""EXT4-fs: Ignoring delalloc option - "" ""requested data journaling mode\n""); clear_opt(sbi->s_mount_opt, DELALLOC); } else if (test_opt(sb, DELALLOC)) printk(KERN_INFO ""EXT4-fs: delayed allocation enabled\n""); ext4_ext_init(sb); err = ext4_mb_init(sb, needs_recovery); if (err) { printk(KERN_ERR ""EXT4-fs: failed to initalize mballoc (%d)\n"", err); goto failed_mount4; } EXT4_SB(sb)->s_mount_state |= EXT4_ORPHAN_FS; ext4_orphan_cleanup(sb, es); EXT4_SB(sb)->s_mount_state &= ~EXT4_ORPHAN_FS; if (needs_recovery) { printk(KERN_INFO ""EXT4-fs: recovery complete.\n""); ext4_mark_recovery_complete(sb, es); } if (EXT4_SB(sb)->s_journal) { if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_JOURNAL_DATA) descr = "" journalled data mode""; else if (test_opt(sb, DATA_FLAGS) == EXT4_MOUNT_ORDERED_DATA) descr = "" ordered data mode""; else descr = "" writeback data mode""; } else descr = ""out journal""; printk(KERN_INFO ""EXT4-fs: mounted filesystem %s with%s\n"", sb->s_id, descr); lock_kernel(); return 0; cantfind_ext4: if (!silent) printk(KERN_ERR ""VFS: Can't find ext4 filesystem on dev %s.\n"", sb->s_id); goto failed_mount; failed_mount4: printk(KERN_ERR ""EXT4-fs (device %s): mount failed\n"", sb->s_id); if (sbi->s_journal) { jbd2_journal_destroy(sbi->s_journal); sbi->s_journal = NULL; } failed_mount3: percpu_counter_destroy(&sbi->s_freeblocks_counter); percpu_counter_destroy(&sbi->s_freeinodes_counter); percpu_counter_destroy(&sbi->s_dirs_counter); percpu_counter_destroy(&sbi->s_dirtyblocks_counter); failed_mount2: for (i = 0; i < db_count; i++) brelse(sbi->s_group_desc[i]); kfree(sbi->s_group_desc); failed_mount: if (sbi->s_proc) { remove_proc_entry(""inode_readahead_blks"", sbi->s_proc); remove_proc_entry(sb->s_id, ext4_proc_root); } #ifdef CONFIG_QUOTA for (i = 0; i < MAXQUOTAS; i++) kfree(sbi->s_qf_names[i]); #endif ext4_blkdev_remove(sbi); brelse(bh); out_fail: sb->s_fs_info = NULL; kfree(sbi); lock_kernel(); return ret; }",linux-2.6,,,141996013472954424048658632843603602072,0 159,[],"static int do_nfs4_super_data_conv(void *raw_data) { int version = *(compat_uint_t *) raw_data; if (version == 1) { struct compat_nfs4_mount_data_v1 *raw = raw_data; struct nfs4_mount_data *real = raw_data; real->auth_flavours = compat_ptr(raw->auth_flavours); real->auth_flavourlen = raw->auth_flavourlen; real->proto = raw->proto; real->host_addr = compat_ptr(raw->host_addr); real->host_addrlen = raw->host_addrlen; compat_nfs_string(&real->hostname, &raw->hostname); compat_nfs_string(&real->mnt_path, &raw->mnt_path); compat_nfs_string(&real->client_addr, &raw->client_addr); real->acdirmax = raw->acdirmax; real->acdirmin = raw->acdirmin; real->acregmax = raw->acregmax; real->acregmin = raw->acregmin; real->retrans = raw->retrans; real->timeo = raw->timeo; real->wsize = raw->wsize; real->rsize = raw->rsize; real->flags = raw->flags; real->version = raw->version; } else { return -EINVAL; } return 0; }",linux-2.6,,,66918594393643449702685950679353020696,0 4623,CWE-119,"GF_RTPHinter *gf_hinter_track_new(GF_ISOFile *file, u32 TrackNum, u32 Path_MTU, u32 max_ptime, u32 default_rtp_rate, u32 flags, u8 PayloadID, Bool copy_media, u32 InterleaveGroupID, u8 InterleaveGroupPriority, GF_Err *e) { GF_SLConfig my_sl; u32 descIndex, MinSize, MaxSize, avgTS, streamType, codecid, const_dur, nb_ch, maxDTSDelta; u8 OfficialPayloadID; u32 TrackMediaSubType, TrackMediaType, hintType, nbEdts, required_rate, force_dts_delta, avc_nalu_size, PL_ID, bandwidth, IV_length, KI_length; const char *url, *urn; char *mpeg4mode; Bool is_crypted, has_mpeg4_mapping; GF_RTPHinter *tmp; GF_ESD *esd; *e = GF_BAD_PARAM; if (!file || !TrackNum || !gf_isom_get_track_id(file, TrackNum)) return NULL; if (!gf_isom_get_sample_count(file, TrackNum)) { *e = GF_OK; return NULL; } *e = GF_NOT_SUPPORTED; nbEdts = gf_isom_get_edits_count(file, TrackNum); if (nbEdts>1) { u64 et, sd, mt; GF_ISOEditType em; gf_isom_get_edit(file, TrackNum, 1, &et, &sd, &mt, &em); if ((nbEdts>2) || (em!=GF_ISOM_EDIT_EMPTY)) { GF_LOG(GF_LOG_ERROR, GF_LOG_RTP, (""[rtp hinter] Cannot hint track whith EditList\n"")); return NULL; } } if (nbEdts) gf_isom_remove_edits(file, TrackNum); if (!gf_isom_is_track_enabled(file, TrackNum)) return NULL; PL_ID = 0; OfficialPayloadID = 0; force_dts_delta = 0; streamType = 0; mpeg4mode = NULL; required_rate = 0; is_crypted = 0; IV_length = KI_length = 0; codecid = 0; nb_ch = 0; avc_nalu_size = 0; has_mpeg4_mapping = 1; const_dur = 0; bandwidth=0; TrackMediaType = gf_isom_get_media_type(file, TrackNum); if (!default_rtp_rate) default_rtp_rate = 90000; if ( (TrackMediaType==GF_ISOM_MEDIA_TEXT) || (TrackMediaType==GF_ISOM_MEDIA_SUBT)) { hintType = GF_RTP_PAYT_3GPP_TEXT; codecid = GF_CODECID_TEXT_MPEG4; streamType = GF_STREAM_TEXT; PL_ID = 0x10; } else { if (gf_isom_get_sample_description_count(file, TrackNum) > 1) return NULL; TrackMediaSubType = gf_isom_get_media_subtype(file, TrackNum, 1); switch (TrackMediaSubType) { case GF_ISOM_SUBTYPE_MPEG4_CRYP: is_crypted = 1; case GF_ISOM_SUBTYPE_MPEG4: esd = gf_isom_get_esd(file, TrackNum, 1); hintType = GF_RTP_PAYT_MPEG4; if (esd && esd->decoderConfig) { streamType = esd->decoderConfig->streamType; codecid = esd->decoderConfig->objectTypeIndication; if (esd->URLString) hintType = 0; if ((streamType==GF_STREAM_AUDIO) && esd->decoderConfig->decoderSpecificInfo && esd->decoderConfig->decoderSpecificInfo->data && ((codecid==GF_CODECID_AAC_MPEG4) || (codecid==GF_CODECID_AAC_MPEG2_MP) || (codecid==GF_CODECID_AAC_MPEG2_LCP) || (codecid==GF_CODECID_AAC_MPEG2_SSRP)) ) { u32 sample_rate; GF_M4ADecSpecInfo a_cfg; gf_m4a_get_config(esd->decoderConfig->decoderSpecificInfo->data, esd->decoderConfig->decoderSpecificInfo->dataLength, &a_cfg); nb_ch = a_cfg.nb_chan; sample_rate = a_cfg.base_sr; PL_ID = a_cfg.audioPL; switch (a_cfg.base_object_type) { case GF_M4A_AAC_MAIN: case GF_M4A_AAC_LC: if (flags & GP_RTP_PCK_USE_LATM_AAC) { hintType = GF_RTP_PAYT_LATM; break; } case GF_M4A_AAC_SBR: case GF_M4A_AAC_PS: case GF_M4A_AAC_LTP: case GF_M4A_AAC_SCALABLE: case GF_M4A_ER_AAC_LC: case GF_M4A_ER_AAC_LTP: case GF_M4A_ER_AAC_SCALABLE: mpeg4mode = ""AAC""; break; case GF_M4A_CELP: case GF_M4A_ER_CELP: mpeg4mode = ""CELP""; break; } required_rate = sample_rate; } else if ((streamType==GF_STREAM_AUDIO) && ((codecid==GF_CODECID_MPEG2_PART3) || (codecid==GF_CODECID_MPEG_AUDIO))) { GF_ISOSample *samp = NULL; if (!is_crypted) samp = gf_isom_get_sample(file, TrackNum, 1, NULL); if (samp && (samp->dataLength>3)) { u32 hdr = GF_4CC((u32)samp->data[0], (u8)samp->data[1], (u8)samp->data[2], (u8)samp->data[3]); nb_ch = gf_mp3_num_channels(hdr); hintType = GF_RTP_PAYT_MPEG12_AUDIO; OfficialPayloadID = 14; required_rate = 90000; } else { u32 sample_rate; gf_isom_get_audio_info(file, TrackNum, 1, &sample_rate, &nb_ch, NULL); required_rate = sample_rate; } if (samp) gf_isom_sample_del(&samp); } else if ((streamType==GF_STREAM_AUDIO) && (codecid==GF_CODECID_QCELP)) { hintType = GF_RTP_PAYT_QCELP; OfficialPayloadID = 12; required_rate = 8000; streamType = GF_STREAM_AUDIO; nb_ch = 1; } else if ((streamType==GF_STREAM_AUDIO) && ((codecid==GF_CODECID_EVRC) || (codecid==GF_CODECID_SMV)) ) { hintType = GF_RTP_PAYT_EVRC_SMV; required_rate = 8000; streamType = GF_STREAM_AUDIO; nb_ch = 1; } else if (streamType==GF_STREAM_VISUAL) { if ((codecid==GF_CODECID_MPEG4_PART2) && esd->decoderConfig->decoderSpecificInfo) { GF_M4VDecSpecInfo dsi; gf_m4v_get_config(esd->decoderConfig->decoderSpecificInfo->data, esd->decoderConfig->decoderSpecificInfo->dataLength, &dsi); PL_ID = dsi.VideoPL; } if ( ((codecid>=GF_CODECID_MPEG2_SIMPLE) && (codecid<=GF_CODECID_MPEG2_422)) || (codecid==GF_CODECID_MPEG1)) { if (!is_crypted) { hintType = GF_RTP_PAYT_MPEG12_VIDEO; OfficialPayloadID = 32; } } if (is_crypted) { if (codecid==GF_CODECID_MPEG4_PART2) force_dts_delta = 22; else if ((codecid==GF_CODECID_AVC) || (codecid==GF_CODECID_SVC)) { flags &= ~GP_RTP_PCK_USE_MULTI; force_dts_delta = 22; } flags |= GP_RTP_PCK_SIGNAL_RAP | GP_RTP_PCK_SIGNAL_TS; } required_rate = default_rtp_rate; } else if (gf_isom_has_sync_shadows(file, TrackNum) || gf_isom_has_sample_dependency(file, TrackNum)) { flags |= GP_RTP_PCK_SYSTEMS_CAROUSEL; } gf_odf_desc_del((GF_Descriptor*)esd); } break; case GF_ISOM_SUBTYPE_3GP_H263: hintType = GF_RTP_PAYT_H263; required_rate = 90000; streamType = GF_STREAM_VISUAL; OfficialPayloadID = 34; codecid = GF_CODECID_MPEG4_PART2; PL_ID = 0x01; break; case GF_ISOM_SUBTYPE_3GP_AMR: required_rate = 8000; hintType = GF_RTP_PAYT_AMR; streamType = GF_STREAM_AUDIO; has_mpeg4_mapping = 0; nb_ch = 1; break; case GF_ISOM_SUBTYPE_3GP_AMR_WB: required_rate = 16000; hintType = GF_RTP_PAYT_AMR_WB; streamType = GF_STREAM_AUDIO; has_mpeg4_mapping = 0; nb_ch = 1; break; case GF_ISOM_SUBTYPE_AVC_H264: case GF_ISOM_SUBTYPE_AVC2_H264: case GF_ISOM_SUBTYPE_AVC3_H264: case GF_ISOM_SUBTYPE_AVC4_H264: case GF_ISOM_SUBTYPE_SVC_H264: case GF_ISOM_SUBTYPE_MVC_H264: { GF_AVCConfig *avcc = gf_isom_avc_config_get(file, TrackNum, 1); GF_AVCConfig *svcc = gf_isom_svc_config_get(file, TrackNum, 1); GF_AVCConfig *mvcc = gf_isom_mvc_config_get(file, TrackNum, 1); if (!avcc && !svcc && !mvcc) { *e = GF_NON_COMPLIANT_BITSTREAM; return NULL; } required_rate = 90000; hintType = GF_RTP_PAYT_H264_AVC; if (TrackMediaSubType==GF_ISOM_SUBTYPE_SVC_H264) hintType = GF_RTP_PAYT_H264_SVC; else if (TrackMediaSubType==GF_ISOM_SUBTYPE_MVC_H264) hintType = GF_RTP_PAYT_H264_SVC; streamType = GF_STREAM_VISUAL; avc_nalu_size = avcc ? avcc->nal_unit_size : svcc ? svcc->nal_unit_size : mvcc->nal_unit_size; codecid = GF_CODECID_AVC; PL_ID = 0x0F; gf_odf_avc_cfg_del(avcc); gf_odf_avc_cfg_del(svcc); } break; case GF_ISOM_SUBTYPE_HVC1: case GF_ISOM_SUBTYPE_HEV1: case GF_ISOM_SUBTYPE_HVC2: case GF_ISOM_SUBTYPE_HEV2: { GF_HEVCConfig *hevcc = gf_isom_hevc_config_get(file, TrackNum, 1); if (!hevcc) { *e = GF_NON_COMPLIANT_BITSTREAM; return NULL; } required_rate = 90000; hintType = GF_RTP_PAYT_HEVC; streamType = GF_STREAM_VISUAL; avc_nalu_size = hevcc->nal_unit_size; codecid = GF_CODECID_HEVC; PL_ID = 0x0F; flags |= GP_RTP_PCK_USE_MULTI; gf_odf_hevc_cfg_del(hevcc); break; } break; case GF_ISOM_SUBTYPE_3GP_QCELP: required_rate = 8000; hintType = GF_RTP_PAYT_QCELP; streamType = GF_STREAM_AUDIO; codecid = GF_CODECID_QCELP; OfficialPayloadID = 12; nb_ch = 1; break; case GF_ISOM_SUBTYPE_3GP_EVRC: case GF_ISOM_SUBTYPE_3GP_SMV: required_rate = 8000; hintType = GF_RTP_PAYT_EVRC_SMV; streamType = GF_STREAM_AUDIO; codecid = (TrackMediaSubType==GF_ISOM_SUBTYPE_3GP_EVRC) ? GF_CODECID_EVRC : GF_CODECID_SMV; nb_ch = 1; break; case GF_ISOM_SUBTYPE_3GP_DIMS: #if GPAC_ENABLE_3GPP_DIMS_RTP hintType = GF_RTP_PAYT_3GPP_DIMS; streamType = GF_STREAM_SCENE; #else hintType = 0; GF_LOG(GF_LOG_ERROR, GF_LOG_RTP, (""[RTP Packetizer] 3GPP DIMS over RTP disabled in build\n"", streamType)); #endif break; case GF_ISOM_SUBTYPE_AC3: hintType = GF_RTP_PAYT_AC3; streamType = GF_STREAM_AUDIO; gf_isom_get_audio_info(file, TrackNum, 1, NULL, &nb_ch, NULL); break; case GF_ISOM_SUBTYPE_MP3: { GF_ISOSample *samp = gf_isom_get_sample(file, TrackNum, 1, NULL); if (samp && (samp->dataLength>3)) { u32 hdr = GF_4CC((u32)samp->data[0], (u8)samp->data[1], (u8)samp->data[2], (u8)samp->data[3]); nb_ch = gf_mp3_num_channels(hdr); } else { u32 bps; gf_isom_get_audio_info(file, TrackNum, 1, &required_rate, &nb_ch, &bps); } hintType = GF_RTP_PAYT_MPEG12_AUDIO; OfficialPayloadID = 14; required_rate = 90000; if (samp) gf_isom_sample_del(&samp); } break; default: hintType = 0; break; } } if (!hintType) return NULL; gf_isom_get_data_reference(file, TrackNum, 1, &url, &urn); if (url || urn) return NULL; *e = GF_OUT_OF_MEM; GF_SAFEALLOC(tmp, GF_RTPHinter); if (!tmp) return NULL; if (has_mpeg4_mapping && (flags & GP_RTP_PCK_FORCE_MPEG4)) { hintType = GF_RTP_PAYT_MPEG4; avc_nalu_size = 0; } else if (OfficialPayloadID && (flags & GP_RTP_PCK_USE_STATIC_ID) ) { PayloadID = OfficialPayloadID; } tmp->file = file; tmp->TrackNum = TrackNum; tmp->avc_nalu_size = avc_nalu_size; tmp->nb_chan = nb_ch; tmp->has_ctts = gf_isom_has_time_offset(file, TrackNum); gf_media_get_sample_average_infos(file, TrackNum, &MinSize, &MaxSize, &avgTS, &maxDTSDelta, &const_dur, &bandwidth); if (flags & GP_RTP_PCK_SYSTEMS_CAROUSEL) { flags |= GP_RTP_PCK_SIGNAL_RAP; } if (flags & GP_RTP_PCK_USE_MULTI) { if (MinSize != MaxSize) flags |= GP_RTP_PCK_SIGNAL_SIZE; if (!const_dur) flags |= GP_RTP_PCK_SIGNAL_TS; } if (tmp->has_ctts) flags |= GP_RTP_PCK_SIGNAL_TS; InitSL_RTP(&my_sl); my_sl.timestampResolution = gf_isom_get_media_timescale(file, TrackNum); if (required_rate) { Double sc = required_rate; sc /= my_sl.timestampResolution; maxDTSDelta = (u32) (maxDTSDelta*sc); my_sl.timestampResolution = required_rate; } max_ptime = (u32) (max_ptime * my_sl.timestampResolution / 1000); my_sl.AUSeqNumLength = gf_get_bit_size(gf_isom_get_sample_count(file, TrackNum)); if (my_sl.AUSeqNumLength>16) my_sl.AUSeqNumLength=16; my_sl.CUDuration = const_dur; if (gf_isom_has_sync_points(file, TrackNum)) { my_sl.useRandomAccessPointFlag = 1; } else { my_sl.useRandomAccessPointFlag = 0; my_sl.hasRandomAccessUnitsOnlyFlag = 1; } if (is_crypted) { Bool use_sel_enc; gf_isom_get_ismacryp_info(file, TrackNum, 1, NULL, NULL, NULL, NULL, NULL, &use_sel_enc, &IV_length, &KI_length); if (use_sel_enc) flags |= GP_RTP_PCK_SELECTIVE_ENCRYPTION; } tmp->OrigTimeScale = gf_isom_get_media_timescale(file, TrackNum); tmp->rtp_p = gf_rtp_builder_new(hintType, &my_sl, flags, tmp, MP4T_OnNewPacket, MP4T_OnPacketDone, copy_media ? NULL : MP4T_OnDataRef, MP4T_OnData); gf_rtp_builder_init(tmp->rtp_p, PayloadID, Path_MTU, max_ptime, streamType, codecid, PL_ID, MinSize, MaxSize, avgTS, maxDTSDelta, IV_length, KI_length, mpeg4mode); if (force_dts_delta) tmp->rtp_p->slMap.DTSDeltaLength = force_dts_delta; tmp->TrackID = gf_isom_get_track_id(file, TrackNum); tmp->HintID = tmp->TrackID + 65535; while (gf_isom_get_track_by_id(file, tmp->HintID)) tmp->HintID++; tmp->HintTrack = gf_isom_new_track(file, tmp->HintID, GF_ISOM_MEDIA_HINT, my_sl.timestampResolution); gf_isom_setup_hint_track(file, tmp->HintTrack, GF_ISOM_HINT_RTP); gf_isom_new_hint_description(file, tmp->HintTrack, -1, -1, 0, &descIndex); gf_isom_rtp_set_timescale(file, tmp->HintTrack, descIndex, my_sl.timestampResolution); if (hintType==GF_RTP_PAYT_MPEG4) { tmp->rtp_p->slMap.CodecID = codecid; *e = gf_isom_set_extraction_slc(file, TrackNum, 1, &my_sl); if (*e) { gf_hinter_track_del(tmp); return NULL; } } tmp->bandwidth = bandwidth; gf_isom_set_track_interleaving_group(file, TrackNum, InterleaveGroupID); if (!copy_media) { gf_isom_set_track_interleaving_group(file, tmp->HintTrack, InterleaveGroupID); } else { gf_isom_set_track_interleaving_group(file, tmp->HintTrack, InterleaveGroupID + OFFSET_HINT_GROUP_ID); } InterleaveGroupPriority*=2; gf_isom_set_track_priority_in_group(file, TrackNum, InterleaveGroupPriority+1); gf_isom_set_track_priority_in_group(file, tmp->HintTrack, InterleaveGroupPriority); *e = GF_OK; return tmp; }",visit repo url,src/media_tools/isom_hinter.c,https://github.com/gpac/gpac,191908045972904,1 3795,[],"static void dec_inflight(struct sock *sk) { atomic_dec(&unix_sk(sk)->inflight); }",linux-2.6,,,112942325311348347971114049134395620374,0 6463,CWE-369,"void fmtutil_macbitmap_read_pixmap_only_fields(deark *c, dbuf *f, struct fmtutil_macbitmap_info *bi, i64 pos) { i64 pixmap_version; i64 pack_size; i64 plane_bytes; i64 n; de_dbg(c, ""additional PixMap header fields, at %d"", (int)pos); de_dbg_indent(c, 1); pixmap_version = dbuf_getu16be(f, pos+0); de_dbg(c, ""pixmap version: %d"", (int)pixmap_version); bi->packing_type = dbuf_getu16be(f, pos+2); de_dbg(c, ""packing type: %d"", (int)bi->packing_type); pack_size = dbuf_getu32be(f, pos+4); de_dbg(c, ""pixel data length: %d"", (int)pack_size); bi->hdpi = pict_read_fixed(f, pos+8); bi->vdpi = pict_read_fixed(f, pos+12); de_dbg(c, ""dpi: %.2f""DE_CHAR_TIMES""%.2f"", bi->hdpi, bi->vdpi); bi->pixeltype = dbuf_getu16be(f, pos+16); bi->pixelsize = dbuf_getu16be(f, pos+18); bi->cmpcount = dbuf_getu16be(f, pos+20); bi->cmpsize = dbuf_getu16be(f, pos+22); de_dbg(c, ""pixel type=%d, bits/pixel=%d, components/pixel=%d, bits/comp=%d"", (int)bi->pixeltype, (int)bi->pixelsize, (int)bi->cmpcount, (int)bi->cmpsize); bi->pdwidth = (bi->rowbytes*8)/bi->pixelsize; if(bi->pdwidth < bi->npwidth) { bi->pdwidth = bi->npwidth; } plane_bytes = dbuf_getu32be(f, pos+24); de_dbg(c, ""plane bytes: %d"", (int)plane_bytes); bi->pmTable = (u32)dbuf_getu32be(f, pos+28); de_dbg(c, ""pmTable: 0x%08x"", (unsigned int)bi->pmTable); n = dbuf_getu32be(f, pos+32); de_dbg(c, ""pmReserved: 0x%08x"", (unsigned int)n); de_dbg_indent(c, -1); }",visit repo url,src/fmtutil.c,https://github.com/jsummers/deark,206116846417310,1 1505,[],"static void start_rt_bandwidth(struct rt_bandwidth *rt_b) { ktime_t now; if (rt_b->rt_runtime == RUNTIME_INF) return; if (hrtimer_active(&rt_b->rt_period_timer)) return; spin_lock(&rt_b->rt_runtime_lock); for (;;) { if (hrtimer_active(&rt_b->rt_period_timer)) break; now = hrtimer_cb_get_time(&rt_b->rt_period_timer); hrtimer_forward(&rt_b->rt_period_timer, now, rt_b->rt_period); hrtimer_start(&rt_b->rt_period_timer, rt_b->rt_period_timer.expires, HRTIMER_MODE_ABS); } spin_unlock(&rt_b->rt_runtime_lock); }",linux-2.6,,,68781875298801181918940025972636062704,0 1997,CWE-674,"int __nla_validate(const struct nlattr *head, int len, int maxtype, const struct nla_policy *policy, unsigned int validate, struct netlink_ext_ack *extack) { return __nla_validate_parse(head, len, maxtype, policy, validate, extack, NULL); }",visit repo url,lib/nlattr.c,https://github.com/torvalds/linux,91340203320018,1 245,[],"static int fat_dir_ioctl(struct inode *inode, struct file *filp, unsigned int cmd, unsigned long arg) { struct dirent __user *d1 = (struct dirent __user *)arg; int short_only, both; switch (cmd) { case VFAT_IOCTL_READDIR_SHORT: short_only = 1; both = 0; break; case VFAT_IOCTL_READDIR_BOTH: short_only = 0; both = 1; break; default: return fat_generic_ioctl(inode, filp, cmd, arg); } if (!access_ok(VERIFY_WRITE, d1, sizeof(struct dirent[2]))) return -EFAULT; if (put_user(0, &d1->d_reclen)) return -EFAULT; return fat_ioctl_readdir(inode, filp, d1, fat_ioctl_filldir, short_only, both); }",linux-2.6,,,52528557628395596177127214943526218961,0 5890,['CWE-200'],"static int __init nr_proto_init(void) { int i; int rc = proto_register(&nr_proto, 0); if (rc != 0) goto out; if (nr_ndevs > 0x7fffffff/sizeof(struct net_device *)) { printk(KERN_ERR ""NET/ROM: nr_proto_init - nr_ndevs parameter to large\n""); return -1; } dev_nr = kzalloc(nr_ndevs * sizeof(struct net_device *), GFP_KERNEL); if (dev_nr == NULL) { printk(KERN_ERR ""NET/ROM: nr_proto_init - unable to allocate device array\n""); return -1; } for (i = 0; i < nr_ndevs; i++) { char name[IFNAMSIZ]; struct net_device *dev; sprintf(name, ""nr%d"", i); dev = alloc_netdev(0, name, nr_setup); if (!dev) { printk(KERN_ERR ""NET/ROM: nr_proto_init - unable to allocate device structure\n""); goto fail; } dev->base_addr = i; if (register_netdev(dev)) { printk(KERN_ERR ""NET/ROM: nr_proto_init - unable to register network device\n""); free_netdev(dev); goto fail; } nr_set_lockdep_key(dev); dev_nr[i] = dev; } if (sock_register(&nr_family_ops)) { printk(KERN_ERR ""NET/ROM: nr_proto_init - unable to register socket family\n""); goto fail; } register_netdevice_notifier(&nr_dev_notifier); ax25_register_pid(&nr_pid); ax25_linkfail_register(&nr_linkfail_notifier); #ifdef CONFIG_SYSCTL nr_register_sysctl(); #endif nr_loopback_init(); proc_net_fops_create(&init_net, ""nr"", S_IRUGO, &nr_info_fops); proc_net_fops_create(&init_net, ""nr_neigh"", S_IRUGO, &nr_neigh_fops); proc_net_fops_create(&init_net, ""nr_nodes"", S_IRUGO, &nr_nodes_fops); out: return rc; fail: while (--i >= 0) { unregister_netdev(dev_nr[i]); free_netdev(dev_nr[i]); } kfree(dev_nr); proto_unregister(&nr_proto); rc = -1; goto out; }",linux-2.6,,,271555341853478292401363491363979290283,0 6121,CWE-190,"static void ed_mul_fix_plain(ed_t r, const ed_t * t, const bn_t k) { int l, i, n; int8_t naf[RLC_FP_BITS + 1], *_k; l = RLC_FP_BITS + 1; bn_rec_naf(naf, &l, k, ED_DEPTH); _k = naf + l - 1; ed_set_infty(r); for (i = l - 1; i >= 0; i--, _k--) { n = *_k; if (n == 0) { if (i > 0) { r->coord = EXTND; ed_dbl(r, r); } else { ed_dbl(r, r); } } else { ed_dbl(r, r); if (n > 0) { ed_add(r, r, t[n / 2]); } else if (n < 0) { ed_sub(r, r, t[-n / 2]); } } } ed_norm(r, r); if (bn_sign(k) == RLC_NEG) { ed_neg(r, r); } }",visit repo url,src/ed/relic_ed_mul_fix.c,https://github.com/relic-toolkit/relic,252677678695372,1 5167,['CWE-20'],"static void load_transition_efer(struct vcpu_vmx *vmx) { int efer_offset = vmx->msr_offset_efer; u64 host_efer = vmx->host_msrs[efer_offset].data; u64 guest_efer = vmx->guest_msrs[efer_offset].data; u64 ignore_bits; if (efer_offset < 0) return; ignore_bits = EFER_NX | EFER_SCE; #ifdef CONFIG_X86_64 ignore_bits |= EFER_LMA | EFER_LME; if (guest_efer & EFER_LMA) ignore_bits &= ~(u64)EFER_SCE; #endif if ((guest_efer & ~ignore_bits) == (host_efer & ~ignore_bits)) return; vmx->host_state.guest_efer_loaded = 1; guest_efer &= ~ignore_bits; guest_efer |= host_efer & ignore_bits; wrmsrl(MSR_EFER, guest_efer); vmx->vcpu.stat.efer_reload++; }",linux-2.6,,,249745547646945927445608539277792227793,0 6660,CWE-787,"static SDL_Surface *Create_Surface_Blended(int width, int height, SDL_Color fg, Uint32 *color) { const int alignment = Get_Alignement() - 1; SDL_Surface *textbuf = NULL; Uint32 bgcolor; bgcolor = (fg.r << 16) | (fg.g << 8) | fg.b; *color = bgcolor | (fg.a << 24); if (width != 0) { Sint64 size; void *pixels, *ptr; Sint64 pitch = (width + alignment) * 4; pitch += alignment; pitch &= ~alignment; size = height * pitch + sizeof (void *) + alignment; if (size < 0 || size > SDL_MAX_SINT32) { return NULL; } ptr = SDL_malloc((size_t)size); if (ptr == NULL) { return NULL; } pixels = (void *)(((uintptr_t)ptr + sizeof(void *) + alignment) & ~alignment); ((void **)pixels)[-1] = ptr; textbuf = SDL_CreateRGBSurfaceWithFormatFrom(pixels, width, height, 0, pitch, SDL_PIXELFORMAT_ARGB8888); if (textbuf == NULL) { SDL_free(ptr); return NULL; } textbuf->flags &= ~SDL_PREALLOC; textbuf->flags |= SDL_SIMD_ALIGNED; SDL_memset4(pixels, bgcolor, (height * pitch) / 4); if (fg.a != SDL_ALPHA_OPAQUE) { SDL_SetSurfaceBlendMode(textbuf, SDL_BLENDMODE_BLEND); } } return textbuf;",visit repo url,SDL_ttf.c,https://github.com/libsdl-org/SDL_ttf,80693326157505,1 5657,CWE-59,"netsnmp_init_mib(void) { const char *prefix; char *env_var, *entry; PrefixListPtr pp = &mib_prefixes[0]; char *st = NULL; if (Mib) return; netsnmp_init_mib_internals(); netsnmp_fixup_mib_directory(); env_var = strdup(netsnmp_get_mib_directory()); if (!env_var) return; netsnmp_mibindex_load(); DEBUGMSGTL((""init_mib"", ""Seen MIBDIRS: Looking in '%s' for mib dirs ...\n"", env_var)); entry = strtok_r(env_var, ENV_SEPARATOR, &st); while (entry) { add_mibdir(entry); entry = strtok_r(NULL, ENV_SEPARATOR, &st); } SNMP_FREE(env_var); env_var = netsnmp_getenv(""MIBFILES""); if (env_var != NULL) { if (*env_var == '+') entry = strtok_r(env_var+1, ENV_SEPARATOR, &st); else entry = strtok_r(env_var, ENV_SEPARATOR, &st); while (entry) { add_mibfile(entry, NULL, NULL); entry = strtok_r(NULL, ENV_SEPARATOR, &st); } } netsnmp_init_mib_internals(); env_var = netsnmp_getenv(""MIBS""); if (env_var == NULL) { if (confmibs != NULL) env_var = strdup(confmibs); else env_var = strdup(NETSNMP_DEFAULT_MIBS); } else { env_var = strdup(env_var); } if (env_var && ((*env_var == '+') || (*env_var == '-'))) { entry = (char *) malloc(strlen(NETSNMP_DEFAULT_MIBS) + strlen(env_var) + 2); if (!entry) { DEBUGMSGTL((""init_mib"", ""env mibs malloc failed"")); SNMP_FREE(env_var); return; } else { if (*env_var == '+') sprintf(entry, ""%s%c%s"", NETSNMP_DEFAULT_MIBS, ENV_SEPARATOR_CHAR, env_var+1); else sprintf(entry, ""%s%c%s"", env_var+1, ENV_SEPARATOR_CHAR, NETSNMP_DEFAULT_MIBS ); } SNMP_FREE(env_var); env_var = entry; } DEBUGMSGTL((""init_mib"", ""Seen MIBS: Looking in '%s' for mib files ...\n"", env_var)); entry = strtok_r(env_var, ENV_SEPARATOR, &st); while (entry) { if (strcasecmp(entry, DEBUG_ALWAYS_TOKEN) == 0) { read_all_mibs(); } else if (strstr(entry, ""/"") != NULL) { read_mib(entry); } else { netsnmp_read_module(entry); } entry = strtok_r(NULL, ENV_SEPARATOR, &st); } adopt_orphans(); SNMP_FREE(env_var); env_var = netsnmp_getenv(""MIBFILES""); if (env_var != NULL) { if ((*env_var == '+') || (*env_var == '-')) { #ifdef NETSNMP_DEFAULT_MIBFILES entry = (char *) malloc(strlen(NETSNMP_DEFAULT_MIBFILES) + strlen(env_var) + 2); if (!entry) { DEBUGMSGTL((""init_mib"", ""env mibfiles malloc failed"")); } else { if (*env_var++ == '+') sprintf(entry, ""%s%c%s"", NETSNMP_DEFAULT_MIBFILES, ENV_SEPARATOR_CHAR, env_var ); else sprintf(entry, ""%s%c%s"", env_var, ENV_SEPARATOR_CHAR, NETSNMP_DEFAULT_MIBFILES ); } SNMP_FREE(env_var); env_var = entry; #else env_var = strdup(env_var + 1); #endif } else { env_var = strdup(env_var); } } else { #ifdef NETSNMP_DEFAULT_MIBFILES env_var = strdup(NETSNMP_DEFAULT_MIBFILES); #endif } if (env_var != NULL) { DEBUGMSGTL((""init_mib"", ""Seen MIBFILES: Looking in '%s' for mib files ...\n"", env_var)); entry = strtok_r(env_var, ENV_SEPARATOR, &st); while (entry) { read_mib(entry); entry = strtok_r(NULL, ENV_SEPARATOR, &st); } SNMP_FREE(env_var); } prefix = netsnmp_getenv(""PREFIX""); if (!prefix) prefix = Standard_Prefix; Prefix = (char *) malloc(strlen(prefix) + 2); if (!Prefix) DEBUGMSGTL((""init_mib"", ""Prefix malloc failed"")); else strcpy(Prefix, prefix); DEBUGMSGTL((""init_mib"", ""Seen PREFIX: Looking in '%s' for prefix ...\n"", Prefix)); if (Prefix) { env_var = &Prefix[strlen(Prefix) - 1]; if (*env_var == '.') *env_var = '\0'; } pp->str = Prefix; while (pp->str) { pp->len = strlen(pp->str); pp++; } Mib = tree_head; tree_top = (struct tree *) calloc(1, sizeof(struct tree)); if (tree_top) { tree_top->label = strdup(""(top)""); tree_top->child_list = tree_head; } }",visit repo url,snmplib/mib.c,https://github.com/net-snmp/net-snmp,265956671291264,1 5126,CWE-125,"obj2ast_stmt(PyObject* obj, stmt_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; int lineno; int col_offset; int end_lineno; int end_col_offset; if (obj == Py_None) { *out = NULL; return 0; } if (_PyObject_LookupAttrId(obj, &PyId_lineno, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from stmt""); return 1; } else { int res; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_col_offset, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from stmt""); return 1; } else { int res; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_end_lineno, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); end_lineno = 0; } else { int res; res = obj2ast_int(tmp, &end_lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_end_col_offset, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); end_col_offset = 0; } else { int res; res = obj2ast_int(tmp, &end_col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } isinstance = PyObject_IsInstance(obj, (PyObject*)FunctionDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; arguments_ty args; asdl_seq* body; asdl_seq* decorator_list; expr_ty returns; if (_PyObject_LookupAttrId(obj, &PyId_name, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from FunctionDef""); return 1; } else { int res; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_args, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from FunctionDef""); return 1; } else { int res; res = obj2ast_arguments(tmp, &args, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from FunctionDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_decorator_list, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from FunctionDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Py_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_returns, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); returns = NULL; } else { int res; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = FunctionDef(name, args, body, decorator_list, returns, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncFunctionDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; arguments_ty args; asdl_seq* body; asdl_seq* decorator_list; expr_ty returns; if (_PyObject_LookupAttrId(obj, &PyId_name, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from AsyncFunctionDef""); return 1; } else { int res; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_args, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from AsyncFunctionDef""); return 1; } else { int res; res = obj2ast_arguments(tmp, &args, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncFunctionDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFunctionDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFunctionDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_decorator_list, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from AsyncFunctionDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFunctionDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Py_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFunctionDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_returns, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); returns = NULL; } else { int res; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = AsyncFunctionDef(name, args, body, decorator_list, returns, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ClassDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; asdl_seq* bases; asdl_seq* keywords; asdl_seq* body; asdl_seq* decorator_list; if (_PyObject_LookupAttrId(obj, &PyId_name, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from ClassDef""); return 1; } else { int res; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_bases, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""bases\"" missing from ClassDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""bases\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); bases = _Py_asdl_seq_new(len, arena); if (bases == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""bases\"" changed size during iteration""); goto failed; } asdl_seq_SET(bases, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_keywords, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""keywords\"" missing from ClassDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""keywords\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); keywords = _Py_asdl_seq_new(len, arena); if (keywords == NULL) goto failed; for (i = 0; i < len; i++) { keyword_ty val; res = obj2ast_keyword(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""keywords\"" changed size during iteration""); goto failed; } asdl_seq_SET(keywords, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from ClassDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_decorator_list, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from ClassDef""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Py_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, val); } Py_CLEAR(tmp); } *out = ClassDef(name, bases, keywords, body, decorator_list, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Return_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); value = NULL; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Return(value, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Delete_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* targets; if (_PyObject_LookupAttrId(obj, &PyId_targets, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""targets\"" missing from Delete""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Delete field \""targets\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); targets = _Py_asdl_seq_new(len, arena); if (targets == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Delete field \""targets\"" changed size during iteration""); goto failed; } asdl_seq_SET(targets, i, val); } Py_CLEAR(tmp); } *out = Delete(targets, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Assign_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* targets; expr_ty value; if (_PyObject_LookupAttrId(obj, &PyId_targets, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""targets\"" missing from Assign""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Assign field \""targets\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); targets = _Py_asdl_seq_new(len, arena); if (targets == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty val; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Assign field \""targets\"" changed size during iteration""); goto failed; } asdl_seq_SET(targets, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Assign""); return 1; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Assign(targets, value, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AugAssign_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; operator_ty op; expr_ty value; if (_PyObject_LookupAttrId(obj, &PyId_target, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AugAssign""); return 1; } else { int res; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_op, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""op\"" missing from AugAssign""); return 1; } else { int res; res = obj2ast_operator(tmp, &op, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from AugAssign""); return 1; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = AugAssign(target, op, value, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AnnAssign_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty annotation; expr_ty value; int simple; if (_PyObject_LookupAttrId(obj, &PyId_target, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AnnAssign""); return 1; } else { int res; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_annotation, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""annotation\"" missing from AnnAssign""); return 1; } else { int res; res = obj2ast_expr(tmp, &annotation, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); value = NULL; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_simple, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""simple\"" missing from AnnAssign""); return 1; } else { int res; res = obj2ast_int(tmp, &simple, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = AnnAssign(target, annotation, value, simple, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)For_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty iter; asdl_seq* body; asdl_seq* orelse; if (_PyObject_LookupAttrId(obj, &PyId_target, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from For""); return 1; } else { int res; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_iter, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from For""); return 1; } else { int res; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from For""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""For field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""For field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from For""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""For field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""For field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } *out = For(target, iter, body, orelse, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncFor_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty iter; asdl_seq* body; asdl_seq* orelse; if (_PyObject_LookupAttrId(obj, &PyId_target, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AsyncFor""); return 1; } else { int res; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_iter, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from AsyncFor""); return 1; } else { int res; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncFor""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFor field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFor field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from AsyncFor""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFor field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFor field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } *out = AsyncFor(target, iter, body, orelse, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)While_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; asdl_seq* body; asdl_seq* orelse; if (_PyObject_LookupAttrId(obj, &PyId_test, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from While""); return 1; } else { int res; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from While""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""While field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""While field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from While""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""While field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""While field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } *out = While(test, body, orelse, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)If_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; asdl_seq* body; asdl_seq* orelse; if (_PyObject_LookupAttrId(obj, &PyId_test, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from If""); return 1; } else { int res; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from If""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""If field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""If field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from If""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""If field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""If field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } *out = If(test, body, orelse, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)With_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* items; asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_items, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""items\"" missing from With""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""With field \""items\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); items = _Py_asdl_seq_new(len, arena); if (items == NULL) goto failed; for (i = 0; i < len; i++) { withitem_ty val; res = obj2ast_withitem(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""With field \""items\"" changed size during iteration""); goto failed; } asdl_seq_SET(items, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from With""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""With field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""With field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = With(items, body, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncWith_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* items; asdl_seq* body; if (_PyObject_LookupAttrId(obj, &PyId_items, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""items\"" missing from AsyncWith""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncWith field \""items\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); items = _Py_asdl_seq_new(len, arena); if (items == NULL) goto failed; for (i = 0; i < len; i++) { withitem_ty val; res = obj2ast_withitem(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncWith field \""items\"" changed size during iteration""); goto failed; } asdl_seq_SET(items, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncWith""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncWith field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncWith field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } *out = AsyncWith(items, body, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Raise_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty exc; expr_ty cause; if (_PyObject_LookupAttrId(obj, &PyId_exc, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); exc = NULL; } else { int res; res = obj2ast_expr(tmp, &exc, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_cause, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); cause = NULL; } else { int res; res = obj2ast_expr(tmp, &cause, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Raise(exc, cause, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Try_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; asdl_seq* handlers; asdl_seq* orelse; asdl_seq* finalbody; if (_PyObject_LookupAttrId(obj, &PyId_body, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Try""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Py_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_handlers, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""handlers\"" missing from Try""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""handlers\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); handlers = _Py_asdl_seq_new(len, arena); if (handlers == NULL) goto failed; for (i = 0; i < len; i++) { excepthandler_ty val; res = obj2ast_excepthandler(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""handlers\"" changed size during iteration""); goto failed; } asdl_seq_SET(handlers, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_orelse, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from Try""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Py_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_finalbody, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""finalbody\"" missing from Try""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""finalbody\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); finalbody = _Py_asdl_seq_new(len, arena); if (finalbody == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty val; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""finalbody\"" changed size during iteration""); goto failed; } asdl_seq_SET(finalbody, i, val); } Py_CLEAR(tmp); } *out = Try(body, handlers, orelse, finalbody, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Assert_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; expr_ty msg; if (_PyObject_LookupAttrId(obj, &PyId_test, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from Assert""); return 1; } else { int res; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_msg, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); msg = NULL; } else { int res; res = obj2ast_expr(tmp, &msg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Assert(test, msg, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Import_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_LookupAttrId(obj, &PyId_names, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Import""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Import field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Py_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { alias_ty val; res = obj2ast_alias(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Import field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, val); } Py_CLEAR(tmp); } *out = Import(names, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ImportFrom_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier module; asdl_seq* names; int level; if (_PyObject_LookupAttrId(obj, &PyId_module, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); module = NULL; } else { int res; res = obj2ast_identifier(tmp, &module, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_names, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from ImportFrom""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ImportFrom field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Py_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { alias_ty val; res = obj2ast_alias(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ImportFrom field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, val); } Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_level, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); level = 0; } else { int res; res = obj2ast_int(tmp, &level, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = ImportFrom(module, names, level, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Global_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_LookupAttrId(obj, &PyId_names, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Global""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Global field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Py_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { identifier val; res = obj2ast_identifier(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Global field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, val); } Py_CLEAR(tmp); } *out = Global(names, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Nonlocal_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_LookupAttrId(obj, &PyId_names, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Nonlocal""); return 1; } else { int res; Py_ssize_t len; Py_ssize_t i; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Nonlocal field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Py_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { identifier val; res = obj2ast_identifier(PyList_GET_ITEM(tmp, i), &val, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Nonlocal field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, val); } Py_CLEAR(tmp); } *out = Nonlocal(names, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Expr_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (_PyObject_LookupAttrId(obj, &PyId_value, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Expr""); return 1; } else { int res; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = Expr(value, lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Pass_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Pass(lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Break_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Break(lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Continue_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Continue(lineno, col_offset, end_lineno, end_col_offset, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of stmt, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,270734675778851,1 6149,CWE-190,"void ep2_map_from_field(ep2_t p, const uint8_t *uniform_bytes, int len) { bn_t k; fp2_t t; ep2_t q; int neg; const int len_per_elm = (FP_PRIME + ep_param_level() + 7) / 8; bn_null(k); fp2_null(t); ep2_null(q); RLC_TRY { if (len != 2* len_per_elm) { RLC_THROW(ERR_NO_VALID); } bn_new(k); fp2_new(t); ep2_new(q); const int abNeq0 = (ep2_curve_opt_a() != RLC_ZERO) && (ep2_curve_opt_b() != RLC_ZERO); void (*const map_fn)(ep2_t, fp2_t) = (ep2_curve_is_ctmap() || abNeq0) ? ep2_map_sswu : ep2_map_svdw; #define EP2_MAP_CONVERT_BYTES(IDX) \ do { \ bn_read_bin(k, uniform_bytes + 2 * IDX * len_per_elm, len_per_elm); \ fp_prime_conv(t[0], k); \ bn_read_bin(k, uniform_bytes + (2 * IDX + 1) * len_per_elm, len_per_elm); \ fp_prime_conv(t[1], k); \ } while (0) #define EP2_MAP_APPLY_MAP(PT) \ do { \ \ neg = fp2_sgn0(t, k); \ \ map_fn(PT, t); \ \ neg = neg != fp2_sgn0(PT->y, k); \ fp2_neg(t, PT->y); \ dv_copy_cond(PT->y[0], t[0], RLC_FP_DIGS, neg); \ dv_copy_cond(PT->y[1], t[1], RLC_FP_DIGS, neg); \ } while (0) EP2_MAP_CONVERT_BYTES(0); EP2_MAP_APPLY_MAP(p); TMPL_MAP_CALL_ISOMAP(ep2, p); EP2_MAP_CONVERT_BYTES(1); EP2_MAP_APPLY_MAP(q); TMPL_MAP_CALL_ISOMAP(ep2, q); #undef EP2_MAP_CONVERT_BYTES #undef EP2_MAP_APPLY_MAP ep2_add(p, p, q); ep2_norm(p, p); ep2_mul_cof(p, p); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(k); fp2_free(t); ep2_free(q); } }",visit repo url,src/epx/relic_ep2_map.c,https://github.com/relic-toolkit/relic,56304876331655,1 3142,CWE-119,"read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, int name_size) { const byte *p; byte *buf; size_t len, nread; cdk_error_t rc; if (!inp || !attr || !pktlen) return CDK_Inv_Value; if (DEBUG_PKT) _gnutls_write_log(""read_attribute: %d octets\n"", (int) pktlen); _gnutls_str_cpy(attr->name, name_size, ATTRIBUTE); attr->len = MIN(name_size, sizeof(ATTRIBUTE) - 1); buf = cdk_calloc(1, pktlen); if (!buf) return CDK_Out_Of_Core; rc = stream_read(inp, buf, pktlen, &nread); if (rc) { cdk_free(buf); return CDK_Inv_Packet; } p = buf; len = *p++; pktlen--; if (len == 255) { len = _cdk_buftou32(p); p += 4; pktlen -= 4; } else if (len >= 192) { if (pktlen < 2) { cdk_free(buf); return CDK_Inv_Packet; } len = ((len - 192) << 8) + *p + 192; p++; pktlen--; } if (*p != 1) { cdk_free(buf); return CDK_Inv_Packet; } p++; len--; if (len >= pktlen) { cdk_free(buf); return CDK_Inv_Packet; } attr->attrib_img = cdk_calloc(1, len); if (!attr->attrib_img) { cdk_free(buf); return CDK_Out_Of_Core; } attr->attrib_len = len; memcpy(attr->attrib_img, p, len); cdk_free(buf); return rc; }",visit repo url,lib/opencdk/read-packet.c,https://gitlab.com/gnutls/gnutls,54655600707598,1 28,CWE-264,"pkinit_server_verify_padata(krb5_context context, krb5_data *req_pkt, krb5_kdc_req * request, krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data * data, krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_verify_respond_fn respond, void *arg) { krb5_error_code retval = 0; krb5_data authp_data = {0, 0, NULL}, krb5_authz = {0, 0, NULL}; krb5_pa_pk_as_req *reqp = NULL; krb5_pa_pk_as_req_draft9 *reqp9 = NULL; krb5_auth_pack *auth_pack = NULL; krb5_auth_pack_draft9 *auth_pack9 = NULL; pkinit_kdc_context plgctx = NULL; pkinit_kdc_req_context reqctx = NULL; krb5_checksum cksum = {0, 0, 0, NULL}; krb5_data *der_req = NULL; int valid_eku = 0, valid_san = 0; krb5_data k5data; int is_signed = 1; krb5_pa_data **e_data = NULL; krb5_kdcpreauth_modreq modreq = NULL; pkiDebug(""pkinit_verify_padata: entered!\n""); if (data == NULL || data->length <= 0 || data->contents == NULL) { (*respond)(arg, 0, NULL, NULL, NULL); return; } if (moddata == NULL) { (*respond)(arg, EINVAL, NULL, NULL, NULL); return; } plgctx = pkinit_find_realm_context(context, moddata, request->server); if (plgctx == NULL) { (*respond)(arg, 0, NULL, NULL, NULL); return; } #ifdef DEBUG_ASN1 print_buffer_bin(data->contents, data->length, ""/tmp/kdc_as_req""); #endif retval = pkinit_init_kdc_req_context(context, &reqctx); if (retval) goto cleanup; reqctx->pa_type = data->pa_type; PADATA_TO_KRB5DATA(data, &k5data); switch ((int)data->pa_type) { case KRB5_PADATA_PK_AS_REQ: pkiDebug(""processing KRB5_PADATA_PK_AS_REQ\n""); retval = k5int_decode_krb5_pa_pk_as_req(&k5data, &reqp); if (retval) { pkiDebug(""decode_krb5_pa_pk_as_req failed\n""); goto cleanup; } #ifdef DEBUG_ASN1 print_buffer_bin(reqp->signedAuthPack.data, reqp->signedAuthPack.length, ""/tmp/kdc_signed_data""); #endif retval = cms_signeddata_verify(context, plgctx->cryptoctx, reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_CLIENT, plgctx->opts->require_crl_checking, (unsigned char *) reqp->signedAuthPack.data, reqp->signedAuthPack.length, (unsigned char **)&authp_data.data, &authp_data.length, (unsigned char **)&krb5_authz.data, &krb5_authz.length, &is_signed); break; case KRB5_PADATA_PK_AS_REP_OLD: case KRB5_PADATA_PK_AS_REQ_OLD: pkiDebug(""processing KRB5_PADATA_PK_AS_REQ_OLD\n""); retval = k5int_decode_krb5_pa_pk_as_req_draft9(&k5data, &reqp9); if (retval) { pkiDebug(""decode_krb5_pa_pk_as_req_draft9 failed\n""); goto cleanup; } #ifdef DEBUG_ASN1 print_buffer_bin(reqp9->signedAuthPack.data, reqp9->signedAuthPack.length, ""/tmp/kdc_signed_data_draft9""); #endif retval = cms_signeddata_verify(context, plgctx->cryptoctx, reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_DRAFT9, plgctx->opts->require_crl_checking, (unsigned char *) reqp9->signedAuthPack.data, reqp9->signedAuthPack.length, (unsigned char **)&authp_data.data, &authp_data.length, (unsigned char **)&krb5_authz.data, &krb5_authz.length, NULL); break; default: pkiDebug(""unrecognized pa_type = %d\n"", data->pa_type); retval = EINVAL; goto cleanup; } if (retval) { pkiDebug(""pkcs7_signeddata_verify failed\n""); goto cleanup; } if (is_signed) { retval = verify_client_san(context, plgctx, reqctx, request->client, &valid_san); if (retval) goto cleanup; if (!valid_san) { pkiDebug(""%s: did not find an acceptable SAN in user "" ""certificate\n"", __FUNCTION__); retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH; goto cleanup; } retval = verify_client_eku(context, plgctx, reqctx, &valid_eku); if (retval) goto cleanup; if (!valid_eku) { pkiDebug(""%s: did not find an acceptable EKU in user "" ""certificate\n"", __FUNCTION__); retval = KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE; goto cleanup; } } else { if (!krb5_principal_compare(context, request->client, krb5_anonymous_principal())) { retval = KRB5KDC_ERR_PREAUTH_FAILED; krb5_set_error_message(context, retval, _(""Pkinit request not signed, but client "" ""not anonymous."")); goto cleanup; } } #ifdef DEBUG_ASN1 print_buffer_bin(authp_data.data, authp_data.length, ""/tmp/kdc_auth_pack""); #endif OCTETDATA_TO_KRB5DATA(&authp_data, &k5data); switch ((int)data->pa_type) { case KRB5_PADATA_PK_AS_REQ: retval = k5int_decode_krb5_auth_pack(&k5data, &auth_pack); if (retval) { pkiDebug(""failed to decode krb5_auth_pack\n""); goto cleanup; } retval = krb5_check_clockskew(context, auth_pack->pkAuthenticator.ctime); if (retval) goto cleanup; if (auth_pack->clientPublicValue != NULL) { retval = server_check_dh(context, plgctx->cryptoctx, reqctx->cryptoctx, plgctx->idctx, &auth_pack->clientPublicValue->algorithm.parameters, plgctx->opts->dh_min_bits); if (retval) { pkiDebug(""bad dh parameters\n""); goto cleanup; } } else if (!is_signed) { retval = KRB5KDC_ERR_PREAUTH_FAILED; krb5_set_error_message(context, retval, _(""Anonymous pkinit without DH public "" ""value not supported."")); goto cleanup; } der_req = cb->request_body(context, rock); retval = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL, 0, der_req, &cksum); if (retval) { pkiDebug(""unable to calculate AS REQ checksum\n""); goto cleanup; } if (cksum.length != auth_pack->pkAuthenticator.paChecksum.length || k5_bcmp(cksum.contents, auth_pack->pkAuthenticator.paChecksum.contents, cksum.length) != 0) { pkiDebug(""failed to match the checksum\n""); #ifdef DEBUG_CKSUM pkiDebug(""calculating checksum on buf size (%d)\n"", req_pkt->length); print_buffer(req_pkt->data, req_pkt->length); pkiDebug(""received checksum type=%d size=%d "", auth_pack->pkAuthenticator.paChecksum.checksum_type, auth_pack->pkAuthenticator.paChecksum.length); print_buffer(auth_pack->pkAuthenticator.paChecksum.contents, auth_pack->pkAuthenticator.paChecksum.length); pkiDebug(""expected checksum type=%d size=%d "", cksum.checksum_type, cksum.length); print_buffer(cksum.contents, cksum.length); #endif retval = KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED; goto cleanup; } if (reqp->kdcPkId.data != NULL) { int valid_kdcPkId = 0; retval = pkinit_check_kdc_pkid(context, plgctx->cryptoctx, reqctx->cryptoctx, plgctx->idctx, (unsigned char *)reqp->kdcPkId.data, reqp->kdcPkId.length, &valid_kdcPkId); if (retval) goto cleanup; if (!valid_kdcPkId) pkiDebug(""kdcPkId in AS_REQ does not match KDC's cert"" ""RFC says to ignore and proceed\n""); } reqctx->rcv_auth_pack = auth_pack; auth_pack = NULL; break; case KRB5_PADATA_PK_AS_REP_OLD: case KRB5_PADATA_PK_AS_REQ_OLD: retval = k5int_decode_krb5_auth_pack_draft9(&k5data, &auth_pack9); if (retval) { pkiDebug(""failed to decode krb5_auth_pack_draft9\n""); goto cleanup; } if (auth_pack9->clientPublicValue != NULL) { retval = server_check_dh(context, plgctx->cryptoctx, reqctx->cryptoctx, plgctx->idctx, &auth_pack9->clientPublicValue->algorithm.parameters, plgctx->opts->dh_min_bits); if (retval) { pkiDebug(""bad dh parameters\n""); goto cleanup; } } reqctx->rcv_auth_pack9 = auth_pack9; auth_pack9 = NULL; break; } enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; modreq = (krb5_kdcpreauth_modreq)reqctx; reqctx = NULL; cleanup: if (retval && data->pa_type == KRB5_PADATA_PK_AS_REQ) { pkiDebug(""pkinit_verify_padata failed: creating e-data\n""); if (pkinit_create_edata(context, plgctx->cryptoctx, reqctx->cryptoctx, plgctx->idctx, plgctx->opts, retval, &e_data)) pkiDebug(""pkinit_create_edata failed\n""); } switch ((int)data->pa_type) { case KRB5_PADATA_PK_AS_REQ: free_krb5_pa_pk_as_req(&reqp); free(cksum.contents); break; case KRB5_PADATA_PK_AS_REP_OLD: case KRB5_PADATA_PK_AS_REQ_OLD: free_krb5_pa_pk_as_req_draft9(&reqp9); } free(authp_data.data); free(krb5_authz.data); if (reqctx != NULL) pkinit_fini_kdc_req_context(context, reqctx); free_krb5_auth_pack(&auth_pack); free_krb5_auth_pack_draft9(context, &auth_pack9); (*respond)(arg, retval, modreq, e_data, NULL); }",visit repo url,src/plugins/preauth/pkinit/pkinit_srv.c,https://github.com/krb5/krb5,5893031719146,1 5677,CWE-125,"pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *attr) { InitializeCriticalSection(mutex); return 0; }",visit repo url,include/compat/pthread.h,https://github.com/libressl-portable/portable,272301685777500,1 5784,['CWE-200'],"static void rose_remove_socket(struct sock *sk) { spin_lock_bh(&rose_list_lock); sk_del_node_init(sk); spin_unlock_bh(&rose_list_lock); }",linux-2.6,,,57050289777337009488395588337369723537,0 3300,['CWE-189'],"jas_iccprof_t *jas_iccprof_load(jas_stream_t *in) { jas_iccprof_t *prof; int numtags; long curoff; long reloff; long prevoff; jas_iccsig_t type; jas_iccattrval_t *attrval; jas_iccattrval_t *prevattrval; jas_icctagtabent_t *tagtabent; int i; int len; prof = 0; attrval = 0; if (!(prof = jas_iccprof_create())) { goto error; } if (jas_iccprof_readhdr(in, &prof->hdr)) { jas_eprintf(""cannot get header\n""); goto error; } if (jas_iccprof_gettagtab(in, &prof->tagtab)) { jas_eprintf(""cannot get tab table\n""); goto error; } jas_iccprof_sorttagtab(&prof->tagtab); numtags = prof->tagtab.numents; curoff = JAS_ICC_HDRLEN + 4 + 12 * numtags; prevoff = 0; prevattrval = 0; for (i = 0; i < numtags; ++i) { tagtabent = &prof->tagtab.ents[i]; if (tagtabent->off == JAS_CAST(jas_iccuint32_t, prevoff)) { if (prevattrval) { if (!(attrval = jas_iccattrval_clone(prevattrval))) goto error; if (jas_iccprof_setattr(prof, tagtabent->tag, attrval)) goto error; jas_iccattrval_destroy(attrval); attrval = 0; } else { #if 0 jas_eprintf(""warning: skipping unknown tag type\n""); #endif } continue; } reloff = tagtabent->off - curoff; if (reloff > 0) { if (jas_stream_gobble(in, reloff) != reloff) goto error; curoff += reloff; } else if (reloff < 0) { abort(); } prevoff = curoff; if (jas_iccgetuint32(in, &type)) { goto error; } if (jas_stream_gobble(in, 4) != 4) { goto error; } curoff += 8; if (!jas_iccattrvalinfo_lookup(type)) { #if 0 jas_eprintf(""warning: skipping unknown tag type\n""); #endif prevattrval = 0; continue; } if (!(attrval = jas_iccattrval_create(type))) { goto error; } len = tagtabent->len - 8; if ((*attrval->ops->input)(attrval, in, len)) { goto error; } curoff += len; if (jas_iccprof_setattr(prof, tagtabent->tag, attrval)) { goto error; } prevattrval = attrval; jas_iccattrval_destroy(attrval); attrval = 0; } return prof; error: if (prof) jas_iccprof_destroy(prof); if (attrval) jas_iccattrval_destroy(attrval); return 0; }",jasper,,,90680570879911601785352410517233257801,0 3089,['CWE-189'],"void jpc_tagtree_copy(jpc_tagtree_t *dsttree, jpc_tagtree_t *srctree) { int n; jpc_tagtreenode_t *srcnode; jpc_tagtreenode_t *dstnode; assert(srctree->numleafsh_ == dsttree->numleafsh_ && srctree->numleafsv_ == dsttree->numleafsv_); n = srctree->numnodes_; srcnode = srctree->nodes_; dstnode = dsttree->nodes_; while (--n >= 0) { dstnode->value_ = srcnode->value_; dstnode->low_ = srcnode->low_; dstnode->known_ = srcnode->known_; ++dstnode; ++srcnode; } }",jasper,,,43005984489194443936798400550285136416,0 954,['CWE-189'],"ProcPanoramiXShmPutImage(register ClientPtr client) { int j, result = 0, orig_x, orig_y; PanoramiXRes *draw, *gc; Bool sendEvent, isRoot; REQUEST(xShmPutImageReq); REQUEST_SIZE_MATCH(xShmPutImageReq); if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass( client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess))) return BadDrawable; if(!(gc = (PanoramiXRes *)SecurityLookupIDByType( client, stuff->gc, XRT_GC, DixReadAccess))) return BadGC; isRoot = (draw->type == XRT_WINDOW) && draw->u.win.root; orig_x = stuff->dstX; orig_y = stuff->dstY; sendEvent = stuff->sendEvent; stuff->sendEvent = 0; FOR_NSCREENS(j) { if(!j) stuff->sendEvent = sendEvent; stuff->drawable = draw->info[j].id; stuff->gc = gc->info[j].id; if (isRoot) { stuff->dstX = orig_x - panoramiXdataPtr[j].x; stuff->dstY = orig_y - panoramiXdataPtr[j].y; } result = ProcShmPutImage(client); if(result != client->noClientException) break; } return(result); }",xserver,,,44231323677553963080277888988686009713,0 4481,['CWE-264'],"static void CheckSourceAddress(unsigned char *frame, unsigned char *hw_addr) { unsigned char SRBit; if ((((unsigned long) frame[1 + 6]) & ~0x01) != 0) return; if ((unsigned short) frame[1 + 10] != 0) return; SRBit = frame[1 + 6] & 0x01; memcpy(&frame[1 + 6], hw_addr, 6); frame[8] |= SRBit; } ",linux-2.6,,,42440582531979056824518651983083239342,0 1252,NVD-CWE-Other,"static void md5_transform(u32 *hash, u32 const *in) { u32 a, b, c, d; a = hash[0]; b = hash[1]; c = hash[2]; d = hash[3]; MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); hash[0] += a; hash[1] += b; hash[2] += c; hash[3] += d; }",visit repo url,crypto/md5.c,https://github.com/torvalds/linux,185754066790459,1 1468,[],"static int __rt_schedulable(struct task_group *tg, u64 period, u64 runtime) { struct task_group *tgi; unsigned long total = 0; unsigned long global_ratio = to_ratio(global_rt_period(), global_rt_runtime()); rcu_read_lock(); list_for_each_entry_rcu(tgi, &task_groups, list) { if (tgi == tg) continue; total += to_ratio(ktime_to_ns(tgi->rt_bandwidth.rt_period), tgi->rt_bandwidth.rt_runtime); } rcu_read_unlock(); return total + to_ratio(period, runtime) < global_ratio; }",linux-2.6,,,289794051503812191567756861988031735779,0 5446,CWE-354,"void recovery_character(const char *character) { if (!awaiting_character) { recovery_abort(); fsm_sendFailure(FailureType_Failure_UnexpectedMessage, ""Not in Recovery mode""); layoutHome(); return; } if (strlen(mnemonic) + 1 > MNEMONIC_BUF - 1) { recovery_abort(); fsm_sendFailure(FailureType_Failure_UnexpectedMessage, ""Too many characters attempted during recovery""); layoutHome(); return; } char *pos = strchr(cipher, character[0]); if (character[0] != ' ' && pos == NULL) { recovery_abort(); fsm_sendFailure(FailureType_Failure_SyntaxError, ""Character must be from a to z""); layoutHome(); return; } static int uncyphered_word_count = 0; static bool definitely_using_cipher = false; static CONFIDENTIAL char coded_word[12]; static CONFIDENTIAL char decoded_word[12]; if (!mnemonic[0]) { uncyphered_word_count = 0; definitely_using_cipher = false; memzero(coded_word, sizeof(coded_word)); memzero(decoded_word, sizeof(decoded_word)); } char decoded_character[2] = "" ""; if (character[0] != ' ') { decoded_character[0] = english_alphabet[(int)(pos - cipher)]; strlcat(coded_word, character, sizeof(coded_word)); strlcat(decoded_word, decoded_character, sizeof(decoded_word)); if (enforce_wordlist && 4 <= strlen(coded_word)) { bool maybe_not_using_cipher = attempt_auto_complete(coded_word); bool maybe_using_cipher = attempt_auto_complete(decoded_word); if (!maybe_not_using_cipher && maybe_using_cipher) { definitely_using_cipher = true; } else if (maybe_not_using_cipher && !definitely_using_cipher && MAX_UNCYPHERED_WORDS < uncyphered_word_count++) { recovery_abort(); fsm_sendFailure(FailureType_Failure_SyntaxError, ""Words were not entered correctly. Make sure you are using the substition cipher.""); layoutHome(); return; } } } else { memzero(coded_word, sizeof(coded_word)); memzero(decoded_word, sizeof(decoded_word)); } strlcat(mnemonic, decoded_character, MNEMONIC_BUF); next_character(); }",visit repo url,lib/firmware/recovery_cipher.c,https://github.com/keepkey/keepkey-firmware,203568523899277,1 741,['CWE-119'],"static __inline__ void isdn_net_device_stop_queue(isdn_net_local *lp) { if (lp->master) netif_stop_queue(lp->master); else netif_stop_queue(lp->netdev->dev); }",linux-2.6,,,218508541854052751526281269584130977294,0 842,CWE-20,"int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct rxrpc_skb_priv *sp; struct rxrpc_call *call = NULL, *continue_call = NULL; struct rxrpc_sock *rx = rxrpc_sk(sock->sk); struct sk_buff *skb; long timeo; int copy, ret, ullen, offset, copied = 0; u32 abort_code; DEFINE_WAIT(wait); _enter("",,,%zu,%d"", len, flags); if (flags & (MSG_OOB | MSG_TRUNC)) return -EOPNOTSUPP; ullen = msg->msg_flags & MSG_CMSG_COMPAT ? 4 : sizeof(unsigned long); timeo = sock_rcvtimeo(&rx->sk, flags & MSG_DONTWAIT); msg->msg_flags |= MSG_MORE; lock_sock(&rx->sk); for (;;) { if (RB_EMPTY_ROOT(&rx->calls)) { if (copied) goto out; if (rx->sk.sk_state != RXRPC_SERVER_LISTENING) { release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); return -ENODATA; } } skb = skb_peek(&rx->sk.sk_receive_queue); if (!skb) { if (copied && (msg->msg_flags & MSG_PEEK || timeo == 0)) goto out; release_sock(&rx->sk); prepare_to_wait_exclusive(sk_sleep(&rx->sk), &wait, TASK_INTERRUPTIBLE); ret = sock_error(&rx->sk); if (ret) goto wait_error; if (skb_queue_empty(&rx->sk.sk_receive_queue)) { if (signal_pending(current)) goto wait_interrupted; timeo = schedule_timeout(timeo); } finish_wait(sk_sleep(&rx->sk), &wait); lock_sock(&rx->sk); continue; } peek_next_packet: sp = rxrpc_skb(skb); call = sp->call; ASSERT(call != NULL); _debug(""next pkt %s"", rxrpc_pkts[sp->hdr.type]); spin_lock_bh(&call->lock); spin_unlock_bh(&call->lock); if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { _debug(""packet from released call""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); continue; } if (continue_call) { _debug(""maybe cont""); if (call != continue_call || skb->mark != RXRPC_SKB_MARK_DATA) { release_sock(&rx->sk); rxrpc_put_call(continue_call); _leave("" = %d [noncont]"", copied); return copied; } } rxrpc_get_call(call); if (!continue_call) { if (msg->msg_name && msg->msg_namelen > 0) memcpy(msg->msg_name, &call->conn->trans->peer->srx, sizeof(call->conn->trans->peer->srx)); sock_recv_ts_and_drops(msg, &rx->sk, skb); } if (skb->mark != RXRPC_SKB_MARK_DATA) goto receive_non_data_message; _debug(""recvmsg DATA #%u { %d, %d }"", ntohl(sp->hdr.seq), skb->len, sp->offset); if (!continue_call) { ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); } ASSERTCMP(ntohl(sp->hdr.seq), >=, call->rx_data_recv); ASSERTCMP(ntohl(sp->hdr.seq), <=, call->rx_data_recv + 1); call->rx_data_recv = ntohl(sp->hdr.seq); ASSERTCMP(ntohl(sp->hdr.seq), >, call->rx_data_eaten); offset = sp->offset; copy = skb->len - offset; if (copy > len - copied) copy = len - copied; if (skb->ip_summed == CHECKSUM_UNNECESSARY) { ret = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copy); } else { ret = skb_copy_and_csum_datagram_iovec(skb, offset, msg->msg_iov); if (ret == -EINVAL) goto csum_copy_error; } if (ret < 0) goto copy_error; _debug(""copied %d+%d"", copy, copied); offset += copy; copied += copy; if (!(flags & MSG_PEEK)) sp->offset = offset; if (sp->offset < skb->len) { _debug(""buffer full""); ASSERTCMP(copied, ==, len); break; } if (sp->hdr.flags & RXRPC_LAST_PACKET) { _debug(""last""); if (call->conn->out_clientflag) { ret = copied; goto terminal_message; } if (!(flags & MSG_PEEK)) { _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } msg->msg_flags &= ~MSG_MORE; break; } _debug(""next""); if (!continue_call) continue_call = sp->call; else rxrpc_put_call(call); call = NULL; if (flags & MSG_PEEK) { _debug(""peek next""); skb = skb->next; if (skb == (struct sk_buff *) &rx->sk.sk_receive_queue) break; goto peek_next_packet; } _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } _debug(""end rcv data""); out: release_sock(&rx->sk); if (call) rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d [data]"", copied); return copied; receive_non_data_message: _debug(""non-data""); if (skb->mark == RXRPC_SKB_MARK_NEW_CALL) { _debug(""RECV NEW CALL""); ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &abort_code); if (ret < 0) goto copy_error; if (!(flags & MSG_PEEK)) { if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } goto out; } ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); switch (skb->mark) { case RXRPC_SKB_MARK_DATA: BUG(); case RXRPC_SKB_MARK_FINAL_ACK: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &abort_code); break; case RXRPC_SKB_MARK_BUSY: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_BUSY, 0, &abort_code); break; case RXRPC_SKB_MARK_REMOTE_ABORT: abort_code = call->abort_code; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &abort_code); break; case RXRPC_SKB_MARK_NET_ERROR: _debug(""RECV NET ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NET_ERROR, 4, &abort_code); break; case RXRPC_SKB_MARK_LOCAL_ERROR: _debug(""RECV LOCAL ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_LOCAL_ERROR, 4, &abort_code); break; default: BUG(); break; } if (ret < 0) goto copy_error; terminal_message: _debug(""terminal""); msg->msg_flags &= ~MSG_MORE; msg->msg_flags |= MSG_EOR; if (!(flags & MSG_PEEK)) { _net(""free terminal skb %p"", skb); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); rxrpc_remove_user_ID(rx, call); } release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; copy_error: _debug(""copy error""); release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; csum_copy_error: _debug(""csum error""); release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); rxrpc_kill_skb(skb); skb_kill_datagram(&rx->sk, skb, flags); rxrpc_put_call(call); return -EAGAIN; wait_interrupted: ret = sock_intr_errno(timeo); wait_error: finish_wait(sk_sleep(&rx->sk), &wait); if (continue_call) rxrpc_put_call(continue_call); if (copied) copied = ret; _leave("" = %d [waitfail %d]"", copied, ret); return copied; }",visit repo url,net/rxrpc/ar-recvmsg.c,https://github.com/torvalds/linux,131822081142701,1 4492,['CWE-264'],"static void skfp_ctl_set_multicast_list(struct net_device *dev) { struct s_smc *smc = netdev_priv(dev); skfddi_priv *bp = &smc->os; unsigned long Flags; spin_lock_irqsave(&bp->DriverLock, Flags); skfp_ctl_set_multicast_list_wo_lock(dev); spin_unlock_irqrestore(&bp->DriverLock, Flags); return; } ",linux-2.6,,,94407343372598523695324705509668358664,0 5135,CWE-125,"ast_for_arg(struct compiling *c, const node *n) { identifier name; expr_ty annotation = NULL; node *ch; arg_ty ret; assert(TYPE(n) == tfpdef || TYPE(n) == vfpdef); ch = CHILD(n, 0); name = NEW_IDENTIFIER(ch); if (!name) return NULL; if (forbidden_name(c, name, ch, 0)) return NULL; if (NCH(n) == 3 && TYPE(CHILD(n, 1)) == COLON) { annotation = ast_for_expr(c, CHILD(n, 2)); if (!annotation) return NULL; } ret = arg(name, annotation, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); if (!ret) return NULL; return ret; }",visit repo url,Python/ast.c,https://github.com/python/cpython,18802146494823,1 45,CWE-763,"spnego_gss_delete_sec_context( OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t output_token) { OM_uint32 ret = GSS_S_COMPLETE; spnego_gss_ctx_id_t *ctx = (spnego_gss_ctx_id_t *)context_handle; *minor_status = 0; if (context_handle == NULL) return (GSS_S_FAILURE); if (*ctx == NULL) return (GSS_S_COMPLETE); if ((*ctx)->magic_num == SPNEGO_MAGIC_ID) { (void) gss_delete_sec_context(minor_status, &(*ctx)->ctx_handle, output_token); (void) release_spnego_ctx(ctx); } else { ret = gss_delete_sec_context(minor_status, context_handle, output_token); } return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,28959157770663,1 6456,CWE-20,"error_t mqttSnClientSendUnsubscribe(MqttSnClientContext *context, const char_t *topicName) { error_t error; systime_t time; uint16_t topicId; MqttSnFlags flags; error = NO_ERROR; flags.all = 0; topicId = mqttSnClientFindPredefTopicName(context, topicName); if(topicId != MQTT_SN_INVALID_TOPIC_ID) { flags.topicIdType = MQTT_SN_PREDEFINED_TOPIC_ID; } else { if(osStrlen(topicName) == 2 && strchr(topicName, '#') == NULL && strchr(topicName, '+') == NULL) { flags.topicIdType = MQTT_SN_SHORT_TOPIC_NAME; } else { flags.topicIdType = MQTT_SN_NORMAL_TOPIC_NAME; } error = mqttSnFormatUnsubscribe(&context->message, flags, context->msgId, topicId, topicName); } if(!error) { TRACE_INFO(""Sending UNSUBSCRIBE message (%"" PRIuSIZE "" bytes)...\r\n"", context->message.length); mqttSnDumpMessage(context->message.buffer, context->message.length); error = mqttSnClientSendDatagram(context, context->message.buffer, context->message.length); time = osGetSystemTime(); context->retransmitStartTime = time; context->keepAliveTimestamp = time; context->state = MQTT_SN_CLIENT_STATE_SENDING_REQ; context->msgType = MQTT_SN_MSG_TYPE_UNSUBSCRIBE; } return error; }",visit repo url,mqtt_sn/mqtt_sn_client_message.c,https://github.com/Oryx-Embedded/CycloneTCP,109414163203054,1 1593,[],"static inline int __normal_prio(struct task_struct *p) { return p->static_prio; }",linux-2.6,,,280559254703685055364956057379463158326,0 5612,[],"void flush_sigqueue(struct sigpending *queue) { struct sigqueue *q; sigemptyset(&queue->signal); while (!list_empty(&queue->list)) { q = list_entry(queue->list.next, struct sigqueue , list); list_del_init(&q->list); __sigqueue_free(q); } }",linux-2.6,,,309686707737256268529774755058779662902,0 3968,['CWE-362'],"static inline void audit_free_rule(struct audit_entry *e) { int i; if (e->rule.watch) audit_put_watch(e->rule.watch); if (e->rule.fields) for (i = 0; i < e->rule.field_count; i++) { struct audit_field *f = &e->rule.fields[i]; kfree(f->lsm_str); security_audit_rule_free(f->lsm_rule); } kfree(e->rule.fields); kfree(e->rule.filterkey); kfree(e); }",linux-2.6,,,38378573385406788718107960117762418327,0 2705,CWE-190,"SPL_METHOD(SplFileObject, valid) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } if (SPL_HAS_FLAG(intern->flags, SPL_FILE_OBJECT_READ_AHEAD)) { RETURN_BOOL(intern->u.file.current_line || intern->u.file.current_zval); } else { RETVAL_BOOL(!php_stream_eof(intern->u.file.stream)); } } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,40917374541463,1 3901,['CWE-399'],"static int tda9873_getmode(struct CHIPSTATE *chip) { int val,mode; val = chip_read(chip); mode = V4L2_TUNER_MODE_MONO; if (val & TDA9873_STEREO) mode |= V4L2_TUNER_MODE_STEREO; if (val & TDA9873_DUAL) mode |= V4L2_TUNER_MODE_LANG1 | V4L2_TUNER_MODE_LANG2; v4l_dbg(1, debug, chip->c, ""tda9873_getmode(): raw chip read: %d, return: %d\n"", val, mode); return mode; }",linux-2.6,,,103217928271877107287741215154739111650,0 90,['CWE-787'],"static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h) { int sx, sy; int dx, dy; int width, height; int depth; int notify = 0; depth = s->get_bpp((VGAState *)s) / 8; s->get_resolution((VGAState *)s, &width, &height); sx = (src % (width * depth)) / depth; sy = (src / (width * depth)); dx = (dst % (width *depth)) / depth; dy = (dst / (width * depth)); w /= depth; if (s->cirrus_blt_dstpitch < 0) { sx -= (s->cirrus_blt_width / depth) - 1; dx -= (s->cirrus_blt_width / depth) - 1; sy -= s->cirrus_blt_height - 1; dy -= s->cirrus_blt_height - 1; } if (sx >= 0 && sy >= 0 && dx >= 0 && dy >= 0 && (sx + w) <= width && (sy + h) <= height && (dx + w) <= width && (dy + h) <= height) { notify = 1; } if (*s->cirrus_rop != cirrus_bitblt_rop_fwd_src && *s->cirrus_rop != cirrus_bitblt_rop_bkwd_src) notify = 0; if (notify) vga_hw_update(); (*s->cirrus_rop) (s, s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), s->vram_ptr + (s->cirrus_blt_srcaddr & s->cirrus_addr_mask), s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch, s->cirrus_blt_width, s->cirrus_blt_height); if (notify) s->ds->dpy_copy(s->ds, sx, sy, dx, dy, s->cirrus_blt_width / depth, s->cirrus_blt_height); if (!notify) cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, s->cirrus_blt_dstpitch, s->cirrus_blt_width, s->cirrus_blt_height); }",qemu,,,136027807783301598046603041783042921475,0 1560,[]," __acquires(rq->lock) { struct rq *rq; for (;;) { local_irq_save(*flags); rq = task_rq(p); spin_lock(&rq->lock); if (likely(rq == task_rq(p))) return rq; spin_unlock_irqrestore(&rq->lock, *flags); } }",linux-2.6,,,181934607915097731443235402158685376803,0 5567,CWE-125,"obj2ast_keyword(PyObject* obj, keyword_ty* out, PyArena* arena) { PyObject* tmp = NULL; identifier arg; expr_ty value; if (exists_not_none(obj, &PyId_arg)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_arg); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &arg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { arg = NULL; } if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from keyword""); return 1; } *out = keyword(arg, value, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,248224216078475,1 2058,['CWE-269'],"static long exact_copy_from_user(void *to, const void __user * from, unsigned long n) { char *t = to; const char __user *f = from; char c; if (!access_ok(VERIFY_READ, from, n)) return n; while (n) { if (__get_user(c, f)) { memset(t, 0, n); break; } *t++ = c; f++; n--; } return n; }",linux-2.6,,,321190969020322644984958578456935876280,0 6649,CWE-416,"int __close_fd_get_file(unsigned int fd, struct file **res) { struct files_struct *files = current->files; struct file *file; struct fdtable *fdt; spin_lock(&files->file_lock); fdt = files_fdtable(files); if (fd >= fdt->max_fds) goto out_unlock; file = fdt->fd[fd]; if (!file) goto out_unlock; rcu_assign_pointer(fdt->fd[fd], NULL); __put_unused_fd(files, fd); spin_unlock(&files->file_lock); get_file(file); *res = file; return filp_close(file, files); out_unlock: spin_unlock(&files->file_lock); *res = NULL; return -ENOENT; }",visit repo url,fs/file.c,https://github.com/oracle/linux-uek,160083373232561,1 5425,['CWE-476'],"struct kvm_cpuid_entry2 *kvm_find_cpuid_entry(struct kvm_vcpu *vcpu, u32 function, u32 index) { int i; struct kvm_cpuid_entry2 *best = NULL; for (i = 0; i < vcpu->arch.cpuid_nent; ++i) { struct kvm_cpuid_entry2 *e; e = &vcpu->arch.cpuid_entries[i]; if (is_matching_cpuid_entry(e, function, index)) { if (e->flags & KVM_CPUID_FLAG_STATEFUL_FUNC) move_to_next_stateful_cpuid_entry(vcpu, i); best = e; break; } if (((e->function ^ function) & 0x80000000) == 0) if (!best || e->function > best->function) best = e; } return best; }",linux-2.6,,,243787622666816376497490859554859126834,0 5779,CWE-125,"snmp_api_set_time_ticks(snmp_varbind_t *varbind, uint32_t *oid, uint32_t integer) { snmp_api_replace_oid(varbind, oid); varbind->value_type = SNMP_DATA_TYPE_TIME_TICKS; varbind->value.integer = integer; }",visit repo url,os/net/app-layer/snmp/snmp-api.c,https://github.com/contiki-ng/contiki-ng,8070255957672,1 3509,['CWE-20'],"static int sctp_eat_data(const struct sctp_association *asoc, struct sctp_chunk *chunk, sctp_cmd_seq_t *commands) { sctp_datahdr_t *data_hdr; struct sctp_chunk *err; size_t datalen; sctp_verb_t deliver; int tmp; __u32 tsn; struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; struct sock *sk = asoc->base.sk; data_hdr = chunk->subh.data_hdr = (sctp_datahdr_t *)chunk->skb->data; skb_pull(chunk->skb, sizeof(sctp_datahdr_t)); tsn = ntohl(data_hdr->tsn); SCTP_DEBUG_PRINTK(""eat_data: TSN 0x%x.\n"", tsn); if (!chunk->ecn_ce_done) { struct sctp_af *af; chunk->ecn_ce_done = 1; af = sctp_get_af_specific( ipver2af(ip_hdr(chunk->skb)->version)); if (af && af->is_ce(chunk->skb) && asoc->peer.ecn_capable) { sctp_add_cmd_sf(commands, SCTP_CMD_ECN_CE, SCTP_U32(tsn)); } } tmp = sctp_tsnmap_check(&asoc->peer.tsn_map, tsn); if (tmp < 0) { return SCTP_IERROR_HIGH_TSN; } else if (tmp > 0) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_DUP, SCTP_U32(tsn)); return SCTP_IERROR_DUP_TSN; } datalen = ntohs(chunk->chunk_hdr->length); datalen -= sizeof(sctp_data_chunk_t); deliver = SCTP_CMD_CHUNK_ULP; if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) { sctp_add_cmd_sf(commands, SCTP_CMD_PART_DELIVER, SCTP_NULL()); } if ((!chunk->data_accepted) && (!asoc->rwnd || asoc->rwnd_over || (datalen > asoc->rwnd + asoc->frag_point))) { if (sctp_tsnmap_has_gap(map) && (sctp_tsnmap_get_ctsn(map) + 1) == tsn) { SCTP_DEBUG_PRINTK(""Reneging for tsn:%u\n"", tsn); deliver = SCTP_CMD_RENEGE; } else { SCTP_DEBUG_PRINTK(""Discard tsn: %u len: %Zd, "" ""rwnd: %d\n"", tsn, datalen, asoc->rwnd); return SCTP_IERROR_IGNORE_TSN; } } if (*sk->sk_prot_creator->memory_pressure) { if (sctp_tsnmap_has_gap(map) && (sctp_tsnmap_get_ctsn(map) + 1) == tsn) { SCTP_DEBUG_PRINTK(""Under Pressure! Reneging for tsn:%u\n"", tsn); deliver = SCTP_CMD_RENEGE; } } if (unlikely(0 == datalen)) { err = sctp_make_abort_no_data(asoc, chunk, tsn); if (err) { sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(err)); } sctp_add_cmd_sf(commands, SCTP_CMD_DISCARD_PACKET,SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNABORTED)); sctp_add_cmd_sf(commands, SCTP_CMD_ASSOC_FAILED, SCTP_PERR(SCTP_ERROR_NO_DATA)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); SCTP_DEC_STATS(SCTP_MIB_CURRESTAB); return SCTP_IERROR_NO_DATA; } chunk->data_accepted = 1; if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) SCTP_INC_STATS(SCTP_MIB_INUNORDERCHUNKS); else SCTP_INC_STATS(SCTP_MIB_INORDERCHUNKS); if (ntohs(data_hdr->stream) >= asoc->c.sinit_max_instreams) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn)); err = sctp_make_op_error(asoc, chunk, SCTP_ERROR_INV_STRM, &data_hdr->stream, sizeof(data_hdr->stream)); if (err) sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(err)); return SCTP_IERROR_BAD_STREAM; } sctp_add_cmd_sf(commands, deliver, SCTP_CHUNK(chunk)); return SCTP_IERROR_NO_ERROR; }",linux-2.6,,,80203377071320280866666159004498452456,0 5362,CWE-787,"static char *decode_text_string(const char *str, size_t str_len) { int idx, is_hex, is_utf16be, ascii_idx; char *ascii, hex_buf[5] = {0}; is_hex = is_utf16be = idx = ascii_idx = 0; if (str[0] == '(') { ascii = malloc(strlen(str) + 1); strncpy(ascii, str, strlen(str) + 1); return ascii; } else if (str[0] == '<') { is_hex = 1; ++idx; } if (is_hex && (str_len > 5) && (str[idx] == 'F') && (str[idx+1] == 'E') && (str[idx+2] == 'F') && (str[idx+3] == 'F')) { is_utf16be = 1; idx += 4; } else return NULL; ascii = malloc(str_len); for ( ; idxn_wide_area_servers > AVAHI_WIDE_AREA_SERVERS_MAX) return AVAHI_ERR_INVALID_CONFIG; if (sc->host_name && !avahi_is_valid_host_name(sc->host_name)) return AVAHI_ERR_INVALID_HOST_NAME; if (sc->domain_name && !avahi_is_valid_domain_name(sc->domain_name)) return AVAHI_ERR_INVALID_DOMAIN_NAME; for (l = sc->browse_domains; l; l = l->next) if (!avahi_is_valid_domain_name((char*) l->text)) return AVAHI_ERR_INVALID_DOMAIN_NAME; return AVAHI_OK; }",avahi,,,71577021725966848983894279292955881290,0 3772,[],"static int __init af_unix_init(void) { int rc = -1; struct sk_buff *dummy_skb; BUILD_BUG_ON(sizeof(struct unix_skb_parms) > sizeof(dummy_skb->cb)); rc = proto_register(&unix_proto, 1); if (rc != 0) { printk(KERN_CRIT ""%s: Cannot create unix_sock SLAB cache!\n"", __FUNCTION__); goto out; } sock_register(&unix_family_ops); #ifdef CONFIG_PROC_FS proc_net_fops_create(""unix"", 0, &unix_seq_fops); #endif unix_sysctl_register(); out: return rc; }",linux-2.6,,,89123168743406539851268442659563024607,0 1208,['CWE-189'],"hrtimer_forward(struct hrtimer *timer, ktime_t now, ktime_t interval) { unsigned long orun = 1; ktime_t delta; delta = ktime_sub(now, timer->expires); if (delta.tv64 < 0) return 0; if (interval.tv64 < timer->base->resolution.tv64) interval.tv64 = timer->base->resolution.tv64; if (unlikely(delta.tv64 >= interval.tv64)) { s64 incr = ktime_to_ns(interval); orun = ktime_divns(delta, incr); timer->expires = ktime_add_ns(timer->expires, incr * orun); if (timer->expires.tv64 > now.tv64) return orun; orun++; } timer->expires = ktime_add(timer->expires, interval); if (timer->expires.tv64 < 0) timer->expires = ktime_set(KTIME_SEC_MAX, 0); return orun; }",linux-2.6,,,37660902210498123737793817482713089299,0 6412,['CWE-190'],"ReadImage (FILE *fd, gint width, gint height, guchar cmap[256][3], gint ncols, gint bpp, gint compression, gint rowbytes, gboolean grey, const Bitmap_Channel *masks, GError **error) { guchar v, n; GimpPixelRgn pixel_rgn; gint xpos = 0; gint ypos = 0; gint32 image; gint32 layer; GimpDrawable *drawable; guchar *dest, *temp, *buffer; guchar gimp_cmap[768]; gushort rgb; glong rowstride, channels; gint i, i_max, j, cur_progress, max_progress; gint total_bytes_read; GimpImageBaseType base_type; GimpImageType image_type; guint32 px32; if (! (compression == BI_RGB || (bpp == 8 && compression == BI_RLE8) || (bpp == 4 && compression == BI_RLE4) || (bpp == 16 && compression == BI_BITFIELDS) || (bpp == 32 && compression == BI_BITFIELDS))) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, ""%s"", _(""Unrecognized or invalid BMP compression format."")); return -1; } switch (bpp) { case 32: case 24: case 16: base_type = GIMP_RGB; if (masks[3].mask != 0) { image_type = GIMP_RGBA_IMAGE; channels = 4; } else { image_type = GIMP_RGB_IMAGE; channels = 3; } break; case 8: case 4: case 1: if (grey) { base_type = GIMP_GRAY; image_type = GIMP_GRAY_IMAGE; } else { base_type = GIMP_INDEXED; image_type = GIMP_INDEXED_IMAGE; } channels = 1; break; default: g_message (_(""Unsupported or invalid bitdepth."")); return -1; } if ((width < 0) || (width > GIMP_MAX_IMAGE_SIZE)) { g_message (_(""Unsupported or invalid image width: %d""), width); return -1; } if ((height < 0) || (height > GIMP_MAX_IMAGE_SIZE)) { g_message (_(""Unsupported or invalid image height: %d""), height); return -1; } image = gimp_image_new (width, height, base_type); layer = gimp_layer_new (image, _(""Background""), width, height, image_type, 100, GIMP_NORMAL_MODE); gimp_image_set_filename (image, filename); gimp_image_add_layer (image, layer, 0); drawable = gimp_drawable_get (layer); dest = g_malloc0 (drawable->width * drawable->height * channels); buffer = g_malloc (rowbytes); rowstride = drawable->width * channels; ypos = height - 1; cur_progress = 0; max_progress = height; switch (bpp) { case 32: { while (ReadOK (fd, buffer, rowbytes)) { temp = dest + (ypos * rowstride); for (xpos= 0; xpos < width; ++xpos) { px32 = ToL(&buffer[xpos*4]); *(temp++)= (guchar)((px32 & masks[0].mask) >> masks[0].shiftin); *(temp++)= (guchar)((px32 & masks[1].mask) >> masks[1].shiftin); *(temp++)= (guchar)((px32 & masks[2].mask) >> masks[2].shiftin); if (channels > 3) *(temp++)= (guchar)((px32 & masks[3].mask) >> masks[3].shiftin); } if (ypos == 0) break; --ypos; cur_progress++; if ((cur_progress % 5) == 0) gimp_progress_update ((gdouble) cur_progress / (gdouble) max_progress); } if (channels == 4) { gboolean has_alpha = FALSE; for (ypos = 0; ypos < height; ypos++) { temp = dest + (ypos * rowstride); for (xpos = 0; xpos < width; xpos++) { if (temp[3]) { has_alpha = TRUE; break; } temp += 4; } if (has_alpha) break; } if (!has_alpha) { for (ypos = 0; ypos < height; ypos++) { temp = dest + (ypos * rowstride); for (xpos = 0; xpos < width; xpos++) { temp[3] = 255; temp += 4; } } } } } break; case 24: { while (ReadOK (fd, buffer, rowbytes)) { temp = dest + (ypos * rowstride); for (xpos= 0; xpos < width; ++xpos) { *(temp++)= buffer[xpos * 3 + 2]; *(temp++)= buffer[xpos * 3 + 1]; *(temp++)= buffer[xpos * 3]; } if (ypos == 0) break; --ypos; cur_progress++; if ((cur_progress % 5) == 0) gimp_progress_update ((gdouble) cur_progress / (gdouble) max_progress); } } break; case 16: { while (ReadOK (fd, buffer, rowbytes)) { temp = dest + (ypos * rowstride); for (xpos= 0; xpos < width; ++xpos) { rgb= ToS(&buffer[xpos * 2]); *(temp++) = (guchar)(((rgb & masks[0].mask) >> masks[0].shiftin) * 255.0 / masks[0].max_value + 0.5); *(temp++) = (guchar)(((rgb & masks[1].mask) >> masks[1].shiftin) * 255.0 / masks[1].max_value + 0.5); *(temp++) = (guchar)(((rgb & masks[2].mask) >> masks[2].shiftin) * 255.0 / masks[2].max_value + 0.5); if (channels > 3) *(temp++) = (guchar)(((rgb & masks[3].mask) >> masks[3].shiftin) * 255.0 / masks[3].max_value + 0.5); } if (ypos == 0) break; --ypos; cur_progress++; if ((cur_progress % 5) == 0) gimp_progress_update ((gdouble) cur_progress / (gdouble) max_progress); } } break; case 8: case 4: case 1: { if (compression == 0) { while (ReadOK (fd, &v, 1)) { for (i = 1; (i <= (8 / bpp)) && (xpos < width); i++, xpos++) { temp = dest + (ypos * rowstride) + (xpos * channels); *temp=( v & ( ((1<> (8-(i*bpp)); if (grey) *temp = cmap[*temp][0]; } if (xpos == width) { fread(buffer, rowbytes - 1 - (width * bpp - 1) / 8, 1, fd); if (ypos == 0) break; ypos--; xpos = 0; cur_progress++; if ((cur_progress % 5) == 0) gimp_progress_update ((gdouble) cur_progress / (gdouble) max_progress); } if (ypos < 0) break; } break; } else { while (ypos >= 0 && xpos <= width) { if (!ReadOK (fd, buffer, 2)) { g_message (_(""The bitmap ends unexpectedly."")); break; } if ((guchar) buffer[0] != 0) { for (j = 0; ((guchar) j < (guchar) buffer[0]) && (xpos < width);) { #ifdef DEBUG2 printf(""%u %u | "",xpos,width); #endif for (i = 1; ((i <= (8 / bpp)) && (xpos < width) && ((guchar) j < (unsigned char) buffer[0])); i++, xpos++, j++) { temp = dest + (ypos * rowstride) + (xpos * channels); *temp = (buffer[1] & (((1<> (8 - (i * bpp)); if (grey) *temp = cmap[*temp][0]; } } } if (((guchar) buffer[0] == 0) && ((guchar) buffer[1] > 2)) { n = buffer[1]; total_bytes_read = 0; for (j = 0; j < n; j += (8 / bpp)) { if (!ReadOK (fd, &v, 1)) { g_message (_(""The bitmap ends unexpectedly."")); break; } total_bytes_read++; i_max = 8 / bpp; if (n - j < i_max) { i_max = n - j; } i = 1; while ((i <= i_max) && (xpos < width)) { temp = dest + (ypos * rowstride) + (xpos * channels); *temp = (v >> (8-(i*bpp))) & ((1<width, drawable->height, TRUE, FALSE); gimp_pixel_rgn_set_rect (&pixel_rgn, dest, 0, 0, drawable->width, drawable->height); if ((!grey) && (bpp<= 8)) gimp_image_set_colormap (image, gimp_cmap, ncols); gimp_drawable_flush (drawable); gimp_drawable_detach (drawable); g_free (dest); return image; }",gimp,,,294821644610624407651675628425933883542,0 4418,CWE-476,"gen_hash(codegen_scope *s, node *tree, int val, int limit) { int slimit = GEN_VAL_STACK_MAX; if (cursp() >= GEN_LIT_ARY_MAX) slimit = INT16_MAX; int len = 0; mrb_bool update = FALSE; while (tree) { if (nint(tree->car->car->car) == NODE_KW_REST_ARGS) { if (len > 0) { pop_n(len*2); if (!update) { genop_2(s, OP_HASH, cursp(), len); } else { pop(); genop_2(s, OP_HASHADD, cursp(), len); } push(); } codegen(s, tree->car->cdr, val); if (len > 0 || update) { pop(); pop(); genop_1(s, OP_HASHCAT, cursp()); push(); } update = TRUE; len = 0; } else { codegen(s, tree->car->car, val); codegen(s, tree->car->cdr, val); len++; } tree = tree->cdr; if (val && cursp() >= slimit) { pop_n(len*2); if (!update) { genop_2(s, OP_HASH, cursp(), len); } else { pop(); genop_2(s, OP_HASHADD, cursp(), len); } push(); update = TRUE; len = 0; } } if (update) { if (val && len > 0) { pop_n(len*2+1); genop_2(s, OP_HASHADD, cursp(), len); push(); } return -1; } return len; }",visit repo url,mrbgems/mruby-compiler/core/codegen.c,https://github.com/mruby/mruby,159508262833803,1 2692,CWE-190,"static void spl_filesystem_dir_it_rewind(zend_object_iterator *iter TSRMLS_DC) { spl_filesystem_object *object = spl_filesystem_iterator_to_object((spl_filesystem_iterator *)iter); object->u.dir.index = 0; if (object->u.dir.dirp) { php_stream_rewinddir(object->u.dir.dirp); } spl_filesystem_dir_read(object TSRMLS_CC); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,226728719359419,1 3770,[],"static void inc_inflight_move_tail(struct sock *sk) { struct unix_sock *u = unix_sk(sk); atomic_inc(&u->inflight); if (u->gc_candidate) list_move_tail(&u->link, &gc_candidates); }",linux-2.6,,,332424414906989490983460910052885201472,0 1161,CWE-264,"SYSCALL_DEFINE4(osf_wait4, pid_t, pid, int __user *, ustatus, int, options, struct rusage32 __user *, ur) { struct rusage r; long ret, err; mm_segment_t old_fs; if (!ur) return sys_wait4(pid, ustatus, options, NULL); old_fs = get_fs(); set_fs (KERNEL_DS); ret = sys_wait4(pid, ustatus, options, (struct rusage __user *) &r); set_fs (old_fs); if (!access_ok(VERIFY_WRITE, ur, sizeof(*ur))) return -EFAULT; err = 0; err |= __put_user(r.ru_utime.tv_sec, &ur->ru_utime.tv_sec); err |= __put_user(r.ru_utime.tv_usec, &ur->ru_utime.tv_usec); err |= __put_user(r.ru_stime.tv_sec, &ur->ru_stime.tv_sec); err |= __put_user(r.ru_stime.tv_usec, &ur->ru_stime.tv_usec); err |= __put_user(r.ru_maxrss, &ur->ru_maxrss); err |= __put_user(r.ru_ixrss, &ur->ru_ixrss); err |= __put_user(r.ru_idrss, &ur->ru_idrss); err |= __put_user(r.ru_isrss, &ur->ru_isrss); err |= __put_user(r.ru_minflt, &ur->ru_minflt); err |= __put_user(r.ru_majflt, &ur->ru_majflt); err |= __put_user(r.ru_nswap, &ur->ru_nswap); err |= __put_user(r.ru_inblock, &ur->ru_inblock); err |= __put_user(r.ru_oublock, &ur->ru_oublock); err |= __put_user(r.ru_msgsnd, &ur->ru_msgsnd); err |= __put_user(r.ru_msgrcv, &ur->ru_msgrcv); err |= __put_user(r.ru_nsignals, &ur->ru_nsignals); err |= __put_user(r.ru_nvcsw, &ur->ru_nvcsw); err |= __put_user(r.ru_nivcsw, &ur->ru_nivcsw); return err ? err : ret; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,83783111808735,1 1977,['CWE-20'],"static void free_pte_range(struct mmu_gather *tlb, pmd_t *pmd) { pgtable_t token = pmd_pgtable(*pmd); pmd_clear(pmd); pte_free_tlb(tlb, token); tlb->mm->nr_ptes--; }",linux-2.6,,,207691797022642696796296121926144933334,0 809,['CWE-16'],"static void esp_input_done(struct crypto_async_request *base, int err) { struct sk_buff *skb = base->data; xfrm_input_resume(skb, esp_input_done2(skb, err)); }",linux-2.6,,,67952140586038773274678996902968556298,0 5166,['CWE-20'],"static void update_exception_bitmap(struct kvm_vcpu *vcpu) { u32 eb; eb = (1u << PF_VECTOR) | (1u << UD_VECTOR); if (!vcpu->fpu_active) eb |= 1u << NM_VECTOR; if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) { if (vcpu->guest_debug & (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) eb |= 1u << DB_VECTOR; if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP) eb |= 1u << BP_VECTOR; } if (vcpu->arch.rmode.active) eb = ~0; if (vm_need_ept()) eb &= ~(1u << PF_VECTOR); vmcs_write32(EXCEPTION_BITMAP, eb); }",linux-2.6,,,267288812091129788371923335190526739621,0 1996,CWE-674,"static int __nla_validate_parse(const struct nlattr *head, int len, int maxtype, const struct nla_policy *policy, unsigned int validate, struct netlink_ext_ack *extack, struct nlattr **tb) { const struct nlattr *nla; int rem; if (tb) memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1)); nla_for_each_attr(nla, head, len, rem) { u16 type = nla_type(nla); if (type == 0 || type > maxtype) { if (validate & NL_VALIDATE_MAXTYPE) { NL_SET_ERR_MSG_ATTR(extack, nla, ""Unknown attribute type""); return -EINVAL; } continue; } if (policy) { int err = validate_nla(nla, maxtype, policy, validate, extack); if (err < 0) return err; } if (tb) tb[type] = (struct nlattr *)nla; } if (unlikely(rem > 0)) { pr_warn_ratelimited(""netlink: %d bytes leftover after parsing attributes in process `%s'.\n"", rem, current->comm); NL_SET_ERR_MSG(extack, ""bytes leftover after parsing attributes""); if (validate & NL_VALIDATE_TRAILING) return -EINVAL; } return 0; }",visit repo url,lib/nlattr.c,https://github.com/torvalds/linux,4966909415105,1 3687,[],"int hfs_cat_delete(u32 cnid, struct inode *dir, struct qstr *str) { struct super_block *sb; struct hfs_find_data fd; struct list_head *pos; int res, type; dprint(DBG_CAT_MOD, ""delete_cat: %s,%u\n"", str ? str->name : NULL, cnid); sb = dir->i_sb; hfs_find_init(HFS_SB(sb)->cat_tree, &fd); hfs_cat_build_key(sb, fd.search_key, dir->i_ino, str); res = hfs_brec_find(&fd); if (res) goto out; type = hfs_bnode_read_u8(fd.bnode, fd.entryoffset); if (type == HFS_CDR_FIL) { struct hfs_cat_file file; hfs_bnode_read(fd.bnode, &file, fd.entryoffset, sizeof(file)); if (be32_to_cpu(file.FlNum) == cnid) { #if 0 hfs_free_fork(sb, &file, HFS_FK_DATA); #endif hfs_free_fork(sb, &file, HFS_FK_RSRC); } } list_for_each(pos, &HFS_I(dir)->open_dir_list) { struct hfs_readdir_data *rd = list_entry(pos, struct hfs_readdir_data, list); if (fd.tree->keycmp(fd.search_key, (void *)&rd->key) < 0) rd->file->f_pos--; } res = hfs_brec_remove(&fd); if (res) goto out; hfs_cat_build_key(sb, fd.search_key, cnid, NULL); res = hfs_brec_find(&fd); if (!res) { res = hfs_brec_remove(&fd); if (res) goto out; } dir->i_size--; dir->i_mtime = dir->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(dir); res = 0; out: hfs_find_exit(&fd); return res; }",linux-2.6,,,5304451674215712814317887755062298535,0 3146,CWE-125,"static u32 read_32(cdk_stream_t s) { byte buf[4]; size_t nread; assert(s != NULL); stream_read(s, buf, 4, &nread); if (nread != 4) return (u32) - 1; return buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3]; }",visit repo url,lib/opencdk/read-packet.c,https://gitlab.com/gnutls/gnutls,243973825223657,1 2717,[],"SCTP_STATIC int sctp_connect(struct sock *sk, struct sockaddr *addr, int addr_len) { int err = 0; struct sctp_af *af; sctp_lock_sock(sk); SCTP_DEBUG_PRINTK(""%s - sk: %p, sockaddr: %p, addr_len: %d\n"", __func__, sk, addr, addr_len); af = sctp_get_af_specific(addr->sa_family); if (!af || addr_len < af->sockaddr_len) { err = -EINVAL; } else { err = __sctp_connect(sk, addr, af->sockaddr_len, NULL); } sctp_release_sock(sk); return err; }",linux-2.6,,,66089361383993189064648136094197329331,0 5537,CWE-125,"ast2obj_arg(void* _o) { arg_ty o = (arg_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(arg_type, NULL, NULL); if (!result) return NULL; value = ast2obj_identifier(o->arg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_arg, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->annotation); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_annotation, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->type_comment); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_comment, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_int(o->lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) < 0) goto failed; Py_DECREF(value); value = ast2obj_int(o->col_offset); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_col_offset, value) < 0) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,254764894801723,1 4704,['CWE-20'],"ext4_fsblk_t ext4_inode_table(struct super_block *sb, struct ext4_group_desc *bg) { return le32_to_cpu(bg->bg_inode_table_lo) | (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT ? (ext4_fsblk_t)le32_to_cpu(bg->bg_inode_table_hi) << 32 : 0); }",linux-2.6,,,253668501491319222983167587051628817116,0 4788,CWE-119,"static int tcos_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { sc_context_t *ctx; sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; unsigned int i; int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x04); switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) return SC_ERROR_INVALID_ARGUMENTS; case SC_PATH_TYPE_FROM_CURRENT: apdu.p1 = 9; break; case SC_PATH_TYPE_DF_NAME: apdu.p1 = 4; break; case SC_PATH_TYPE_PATH: apdu.p1 = 8; if (pathlen >= 2 && memcmp(path, ""\x3F\x00"", 2) == 0) path += 2, pathlen -= 2; if (pathlen == 0) apdu.p1 = 0; break; case SC_PATH_TYPE_PARENT: apdu.p1 = 3; pathlen = 0; break; default: SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; apdu.lc = pathlen; apdu.data = path; apdu.datalen = pathlen; if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); apdu.le = 256; } else { apdu.resplen = 0; apdu.le = 0; apdu.p2 = 0x0C; apdu.cse = (pathlen == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; } r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, ""APDU transmit failed""); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""received invalid template %02X\n"", apdu.resp[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); *file_out = file; file->path = *in_path; for(i=2; i+1size=0; for(j=0; jsize = (file->size<<8) | d[j]; break; case 0x82: file->shareable = (d[0] & 0x40) ? 1 : 0; file->ef_structure = d[0] & 7; switch ((d[0]>>3) & 7) { case 0: file->type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""invalid file type %02X in file descriptor\n"", d[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: file->id = (d[0]<<8) | d[1]; break; case 0x84: memcpy(file->name, d, len); file->namelen = len; break; case 0x86: sc_file_set_sec_attr(file, d, len); break; default: if (len>0) sc_file_set_prop_attr(file, d, len); } } file->magic = SC_FILE_MAGIC; parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len); return 0; }",visit repo url,src/libopensc/card-tcos.c,https://github.com/OpenSC/OpenSC,13139987058975,1 5618,[],"void ignore_signals(struct task_struct *t) { int i; for (i = 0; i < _NSIG; ++i) t->sighand->action[i].sa.sa_handler = SIG_IGN; flush_signals(t); }",linux-2.6,,,159585011124396718794549999342879827435,0 4893,CWE-787,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { #define ThrowTIFFException(severity,message) \ { \ if (pixel_info != (MemoryInfo *) NULL) \ pixel_info=RelinquishVirtualMemory(pixel_info); \ if (quantum_info != (QuantumInfo *) NULL) \ quantum_info=DestroyQuantumInfo(quantum_info); \ TIFFClose(tiff); \ ThrowReaderException(severity,message); \ } const char *option; float *chromaticity, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status; MagickBooleanType more_frames, status; MemoryInfo *pixel_info = (MemoryInfo *) NULL; QuantumInfo *quantum_info; QuantumType quantum_type; register ssize_t i; size_t number_pixels, pad; ssize_t y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag, bits_per_sample, endian, extra_samples, interlace, max_sample_value, min_sample_value, orientation, pages, photometric, *sample_info, sample_format, samples_per_pixel, units, value; uint32 height, rows_per_strip, width; unsigned char *pixels; void *sans[2] = { NULL, NULL }; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } if (exception->severity > ErrorException) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t)TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } more_frames=MagickTrue; do { DisableMSCWarning(4127) if (0 && (image_info->verbose != MagickFalse)) TIFFPrintDirectory(tiff,stdout,MagickFalse); RestoreMSCWarning photometric=PHOTOMETRIC_RGB; if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value,sans) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value,sans) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (((sample_format != SAMPLEFORMAT_IEEEFP) || (bits_per_sample != 64)) && ((bits_per_sample <= 0) || (bits_per_sample > 32))) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""UnsupportedBitsPerPixel""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point""); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black""); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white""); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette""); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB""); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB""); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)""); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV""); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK""); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated""); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR""); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown""); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"")); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb""); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb""); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) SetImageColorspace(image,GRAYColorspace); if (photometric == PHOTOMETRIC_SEPARATED) SetImageColorspace(image,CMYKColorspace); if (photometric == PHOTOMETRIC_CIELAB) SetImageColorspace(image,LabColorspace); status=TIFFGetProfiles(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=TIFFGetProperties(tiff,image); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } option=GetImageOption(image_info,""tiff:exif-properties""); if ((option == (const char *) NULL) || (IsMagickTrue(option) != MagickFalse)) TIFFGetEXIFProperties(tiff,image); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution,sans) == 1)) { image->x_resolution=x_resolution; image->y_resolution=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units,sans) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position,sans) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position,sans) == 1)) { image->page.x=(ssize_t) ceil(x_position*image->x_resolution-0.5); image->page.y=(ssize_t) ceil(y_position*image->y_resolution-0.5); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation,sans) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MaxTextExtent]; int tiff_status; uint16 horizontal, vertical; tiff_status=TIFFGetField(tiff,TIFFTAG_YCBCRSUBSAMPLING,&horizontal, &vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MaxTextExtent,""%dx%d"", horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; #if defined(COMPRESSION_WEBP) case COMPRESSION_WEBP: image->compression=WebPCompression; break; #endif #if defined(COMPRESSION_ZSTD) case COMPRESSION_ZSTD: image->compression=ZstdCompression; break; #endif default: image->compression=RLECompression; break; } quantum_info=(QuantumInfo *) NULL; if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages,sans) == 1) image->scene=value; if (image->storage_class == PseudoClass) { int tiff_status; size_t range; uint16 *blue_colormap, *green_colormap, *red_colormap; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } status=ResetImagePixels(image,exception); if (status == MagickFalse) { TIFFClose(tiff); InheritException(exception,&image->exception); return(DestroyImageList(image)); } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info,sans); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified""); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->matte=MagickTrue; } else for (i=0; i < extra_samples; i++) { image->matte=MagickTrue; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,AssociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated""); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""unassociated""); } } } if (image->matte != MagickFalse) (void) SetImageAlphaChannel(image,OpaqueAlphaChannel); method=ReadGenericMethod; rows_per_strip=(uint32) image->rows; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char value[MaxTextExtent]; (void) FormatLocaleString(value,MaxTextExtent,""%u"",(unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",value); method=ReadStripMethod; if (rows_per_strip > (uint32) image->rows) rows_per_strip=(uint32) image->rows; } if (TIFFIsTiled(tiff) != MagickFalse) method=ReadTileMethod; if (photometric == PHOTOMETRIC_LOGLUV) method=ReadGenericMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); quantum_info->endian=LSBEndian; quantum_type=RGBQuantum; if (TIFFScanlineSize(tiff) <= 0) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); if (((MagickSizeType) TIFFScanlineSize(tiff)) > (2*GetBlobSize(image))) ThrowTIFFException(CorruptImageError,""InsufficientImageDataInFile""); number_pixels=MagickMax(TIFFScanlineSize(tiff),MagickMax((ssize_t) image->columns*samples_per_pixel*pow(2.0,ceil(log(bits_per_sample)/ log(2.0))),image->columns*rows_per_strip)); pixel_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); (void) ResetMagickMemory(pixels,0,number_pixels*sizeof(uint32)); quantum_type=IndexQuantum; pad=(size_t) MagickMax((ssize_t) samples_per_pixel-1,0); if (image->matte != MagickFalse) { if (image->storage_class == PseudoClass) quantum_type=IndexAlphaQuantum; else quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; } else if (image->storage_class != PseudoClass) quantum_type=GrayQuantum; if ((samples_per_pixel > 2) && (interlace != PLANARCONFIG_SEPARATE)) { pad=(size_t) MagickMax((size_t) samples_per_pixel-3,0); quantum_type=RGBQuantum; if (image->matte != MagickFalse) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); } if (image->colorspace == CMYKColorspace) { pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); quantum_type=CMYKQuantum; if (image->matte != MagickFalse) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); } switch (method) { case ReadYCCKMethod: { for (y=0; y < (ssize_t) image->rows; y++) { int status; register IndexPacket *indexes; register PixelPacket *magick_restrict q; register ssize_t x; unsigned char *p; status=TIFFReadPixels(tiff,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; indexes=GetAuthenticIndexQueue(image); p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456))); SetPixelMagenta(q,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984))); SetPixelYellow(q,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816))); SetPixelBlack(indexes+x,ScaleCharToQuantum((unsigned char)*(p+3))); q++; p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { register unsigned char *p; size_t extent; ssize_t stride, strip_id; tsize_t strip_size; unsigned char *strip_pixels; extent=TIFFStripSize(tiff)+sizeof(uint32); if (photometric == PHOTOMETRIC_YCBCR) extent<<=1; strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*strip_pixels)); if (strip_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); stride=TIFFVStripSize(tiff,1); strip_id=0; p=strip_pixels; for (i=0; i < (ssize_t) samples_per_pixel; i++) { size_t rows_remaining; switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; } rows_remaining=0; for (y=0; y < (ssize_t) image->rows; y++) { register PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; if (rows_remaining == 0) { strip_size=TIFFReadEncodedStrip(tiff,strip_id,strip_pixels, TIFFStripSize(tiff)); if (strip_size == -1) break; rows_remaining=rows_per_strip; if ((y+rows_per_strip) > image->rows) rows_remaining=(rows_per_strip-(y+rows_per_strip- image->rows)); p=strip_pixels; strip_id++; } (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=stride; rows_remaining--; if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } strip_pixels=(unsigned char *) RelinquishMagickMemory(strip_pixels); break; } case ReadTileMethod: { register unsigned char *p; size_t extent; uint32 columns, rows; unsigned char *tile_pixels; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) ThrowTIFFException(CoderError,""ImageIsNotTiled""); if ((AcquireMagickResource(WidthResource,columns) == MagickFalse) || (AcquireMagickResource(HeightResource,rows) == MagickFalse)) ThrowTIFFException(ImageError,""WidthOrHeightExceedsLimit""); number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); extent=TIFFTileSize(tiff)+sizeof(uint32); tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*tile_pixels)); if (tile_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); (void) memset(tile_pixels,0,TIFFTileSize(tiff)*sizeof(*tile_pixels)); for (i=0; i < (ssize_t) samples_per_pixel; i++) { switch (i) { case 0: break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: { if (image->colorspace == CMYKColorspace) quantum_type=BlackQuantum; break; } case 4: quantum_type=AlphaQuantum; break; } for (y=0; y < (ssize_t) image->rows; y+=rows) { register ssize_t x; size_t rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t columns_remaining, row; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; if (TIFFReadTile(tiff,tile_pixels,(uint32) x,(uint32) y,0,i) == 0) break; p=tile_pixels; for (row=0; row < rows_remaining; row++) { register PixelPacket *magick_restrict q; q=GetAuthenticPixels(image,x,y+row,columns_remaining,1, exception); if (q == (PixelPacket *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL, quantum_info,quantum_type,p,exception); p+=TIFFTileRowSize(tiff); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if ((samples_per_pixel > 1) && (interlace != PLANARCONFIG_SEPARATE)) break; } tile_pixels=(unsigned char *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *generic_info = (MemoryInfo *) NULL; register uint32 *p; uint32 *pixels; if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); number_pixels=(MagickSizeType) image->columns*image->rows; generic_info=AcquireVirtualMemory(number_pixels,sizeof(*pixels)); if (generic_info == (MemoryInfo *) NULL) ThrowTIFFException(ResourceLimitError,""MemoryAllocationFailed""); pixels=(uint32 *) GetVirtualMemoryBlob(generic_info); (void) TIFFReadRGBAImage(tiff,(uint32) image->columns,(uint32) image->rows,(uint32 *) pixels,0); p=pixels+number_pixels-1; for (y=0; y < (ssize_t) image->rows; y++) { register ssize_t x; register PixelPacket *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (PixelPacket *) NULL) break; q+=image->columns-1; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(q,ScaleCharToQuantum((unsigned char) TIFFGetR(*p))); SetPixelGreen(q,ScaleCharToQuantum((unsigned char) TIFFGetG(*p))); SetPixelBlue(q,ScaleCharToQuantum((unsigned char) TIFFGetB(*p))); if (image->matte == MagickFalse) SetPixelOpacity(q,OpaqueOpacity); else SetPixelAlpha(q,ScaleCharToQuantum((unsigned char) TIFFGetA(*p))); p--; q--; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } generic_info=RelinquishVirtualMemory(generic_info); break; } } pixel_info=RelinquishVirtualMemory(pixel_info); SetQuantumImageType(image,quantum_type); next_tiff_frame: if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; more_frames=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (more_frames != MagickFalse) { AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) { status=MagickFalse; break; } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while ((status != MagickFalse) && (more_frames != MagickFalse)); TIFFClose(tiff); TIFFReadPhotoshopLayers(image_info,image,exception); if ((image_info->number_scenes != 0) && (image_info->scene >= GetImageListLength(image))) status=MagickFalse; if (status == MagickFalse) return(DestroyImageList(image)); return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick6,115756566007850,1 1643,[],"load_balance_newidle(int this_cpu, struct rq *this_rq, struct sched_domain *sd, cpumask_t *cpus) { struct sched_group *group; struct rq *busiest = NULL; unsigned long imbalance; int ld_moved = 0; int sd_idle = 0; int all_pinned = 0; cpus_setall(*cpus); if (sd->flags & SD_SHARE_CPUPOWER && !test_sd_parent(sd, SD_POWERSAVINGS_BALANCE)) sd_idle = 1; schedstat_inc(sd, lb_count[CPU_NEWLY_IDLE]); redo: group = find_busiest_group(sd, this_cpu, &imbalance, CPU_NEWLY_IDLE, &sd_idle, cpus, NULL); if (!group) { schedstat_inc(sd, lb_nobusyg[CPU_NEWLY_IDLE]); goto out_balanced; } busiest = find_busiest_queue(group, CPU_NEWLY_IDLE, imbalance, cpus); if (!busiest) { schedstat_inc(sd, lb_nobusyq[CPU_NEWLY_IDLE]); goto out_balanced; } BUG_ON(busiest == this_rq); schedstat_add(sd, lb_imbalance[CPU_NEWLY_IDLE], imbalance); ld_moved = 0; if (busiest->nr_running > 1) { double_lock_balance(this_rq, busiest); update_rq_clock(busiest); ld_moved = move_tasks(this_rq, this_cpu, busiest, imbalance, sd, CPU_NEWLY_IDLE, &all_pinned); spin_unlock(&busiest->lock); if (unlikely(all_pinned)) { cpu_clear(cpu_of(busiest), *cpus); if (!cpus_empty(*cpus)) goto redo; } } if (!ld_moved) { schedstat_inc(sd, lb_failed[CPU_NEWLY_IDLE]); if (!sd_idle && sd->flags & SD_SHARE_CPUPOWER && !test_sd_parent(sd, SD_POWERSAVINGS_BALANCE)) return -1; } else sd->nr_balance_failed = 0; return ld_moved; out_balanced: schedstat_inc(sd, lb_balanced[CPU_NEWLY_IDLE]); if (!sd_idle && sd->flags & SD_SHARE_CPUPOWER && !test_sd_parent(sd, SD_POWERSAVINGS_BALANCE)) return -1; sd->nr_balance_failed = 0; return 0; }",linux-2.6,,,277615993944268863599316977900298383187,0 4110,['CWE-399'],"static int bsg_complete_all_commands(struct bsg_device *bd) { struct bsg_command *bc; int ret, tret; dprintk(""%s: entered\n"", bd->name); ret = 0; do { ret = bsg_io_schedule(bd); } while (ret != -ENODATA); ret = 0; do { spin_lock_irq(&bd->lock); if (!bd->queued_cmds) { spin_unlock_irq(&bd->lock); break; } spin_unlock_irq(&bd->lock); bc = bsg_get_done_cmd(bd); if (IS_ERR(bc)) break; tret = blk_complete_sgv4_hdr_rq(bc->rq, &bc->hdr, bc->bio, bc->bidi_bio); if (!ret) ret = tret; bsg_free_command(bc); } while (1); return ret; }",linux-2.6,,,188481518897088733775747564743500751021,0 6184,['CWE-200'],"void __neigh_for_each_release(struct neigh_table *tbl, int (*cb)(struct neighbour *)) { int chain; for (chain = 0; chain <= tbl->hash_mask; chain++) { struct neighbour *n, **np; np = &tbl->hash_buckets[chain]; while ((n = *np) != NULL) { int release; write_lock(&n->lock); release = cb(n); if (release) { *np = n->next; n->dead = 1; } else np = &n->next; write_unlock(&n->lock); if (release) neigh_release(n); } } }",linux-2.6,,,55499719060433407055819865586991919155,0 4039,['CWE-362'],"static int audit_get_nd(char *path, struct nameidata **ndp, struct nameidata **ndw) { struct nameidata *ndparent, *ndwatch; int err; ndparent = kmalloc(sizeof(*ndparent), GFP_KERNEL); if (unlikely(!ndparent)) return -ENOMEM; ndwatch = kmalloc(sizeof(*ndwatch), GFP_KERNEL); if (unlikely(!ndwatch)) { kfree(ndparent); return -ENOMEM; } err = path_lookup(path, LOOKUP_PARENT, ndparent); if (err) { kfree(ndparent); kfree(ndwatch); return err; } err = path_lookup(path, 0, ndwatch); if (err) { kfree(ndwatch); ndwatch = NULL; } *ndp = ndparent; *ndw = ndwatch; return 0; }",linux-2.6,,,242049366859978614984880106768841638602,0 3716,CWE-428,"main(int ac, char **av) { int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0; int sock, ch, result, saved_errno; char *shell, *format, *pidstr, *agentsocket = NULL; struct rlimit rlim; extern int optind; extern char *optarg; pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; size_t len; mode_t prev_mask; int timeout = -1; struct pollfd *pfd = NULL; size_t npfd = 0; u_int maxfds; sanitise_stdfd(); (void)setegid(getgid()); (void)setgid(getgid()); if (getrlimit(RLIMIT_NOFILE, &rlim) == -1) fatal(""%s: getrlimit: %s"", __progname, strerror(errno)); #ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); #endif while ((ch = getopt(ac, av, ""cDdksE:a:O:P:t:"")) != -1) { switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); if (fingerprint_hash == -1) fatal(""Invalid hash algorithm \""%s\"""", optarg); break; case 'c': if (s_flag) usage(); c_flag++; break; case 'k': k_flag++; break; case 'O': if (strcmp(optarg, ""no-restrict-websafe"") == 0) restrict_websafe = 0; else fatal(""Unknown -O option""); break; case 'P': if (allowed_providers != NULL) fatal(""-P option already specified""); allowed_providers = xstrdup(optarg); break; case 's': if (c_flag) usage(); s_flag++; break; case 'd': if (d_flag || D_flag) usage(); d_flag++; break; case 'D': if (d_flag || D_flag) usage(); D_flag++; break; case 'a': agentsocket = optarg; break; case 't': if ((lifetime = convtime(optarg)) == -1) { fprintf(stderr, ""Invalid lifetime\n""); usage(); } break; default: usage(); } } ac -= optind; av += optind; if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag)) usage(); if (allowed_providers == NULL) allowed_providers = xstrdup(DEFAULT_ALLOWED_PROVIDERS); if (ac == 0 && !c_flag && !s_flag) { shell = getenv(""SHELL""); if (shell != NULL && (len = strlen(shell)) > 2 && strncmp(shell + len - 3, ""csh"", 3) == 0) c_flag = 1; } if (k_flag) { const char *errstr = NULL; pidstr = getenv(SSH_AGENTPID_ENV_NAME); if (pidstr == NULL) { fprintf(stderr, ""%s not set, cannot kill agent\n"", SSH_AGENTPID_ENV_NAME); exit(1); } pid = (int)strtonum(pidstr, 2, INT_MAX, &errstr); if (errstr) { fprintf(stderr, ""%s=\""%s\"", which is not a good PID: %s\n"", SSH_AGENTPID_ENV_NAME, pidstr, errstr); exit(1); } if (kill(pid, SIGTERM) == -1) { perror(""kill""); exit(1); } format = c_flag ? ""unsetenv %s;\n"" : ""unset %s;\n""; printf(format, SSH_AUTHSOCKET_ENV_NAME); printf(format, SSH_AGENTPID_ENV_NAME); printf(""echo Agent pid %ld killed;\n"", (long)pid); exit(0); } #define SSH_AGENT_MIN_FDS (3+1+1+1+4) if (rlim.rlim_cur < SSH_AGENT_MIN_FDS) fatal(""%s: file descriptor rlimit %lld too low (minimum %u)"", __progname, (long long)rlim.rlim_cur, SSH_AGENT_MIN_FDS); maxfds = rlim.rlim_cur - SSH_AGENT_MIN_FDS; parent_pid = getpid(); if (agentsocket == NULL) { mktemp_proto(socket_dir, sizeof(socket_dir)); if (mkdtemp(socket_dir) == NULL) { perror(""mkdtemp: private socket dir""); exit(1); } snprintf(socket_name, sizeof socket_name, ""%s/agent.%ld"", socket_dir, (long)parent_pid); } else { socket_dir[0] = '\0'; strlcpy(socket_name, agentsocket, sizeof socket_name); } prev_mask = umask(0177); sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0); if (sock < 0) { *socket_name = '\0'; cleanup_exit(1); } umask(prev_mask); if (D_flag || d_flag) { log_init(__progname, d_flag ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 1); format = c_flag ? ""setenv %s %s;\n"" : ""%s=%s; export %s;\n""; printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, SSH_AUTHSOCKET_ENV_NAME); printf(""echo Agent pid %ld;\n"", (long)parent_pid); fflush(stdout); goto skip; } pid = fork(); if (pid == -1) { perror(""fork""); cleanup_exit(1); } if (pid != 0) { close(sock); snprintf(pidstrbuf, sizeof pidstrbuf, ""%ld"", (long)pid); if (ac == 0) { format = c_flag ? ""setenv %s %s;\n"" : ""%s=%s; export %s;\n""; printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, SSH_AUTHSOCKET_ENV_NAME); printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, SSH_AGENTPID_ENV_NAME); printf(""echo Agent pid %ld;\n"", (long)pid); exit(0); } if (setenv(SSH_AUTHSOCKET_ENV_NAME, socket_name, 1) == -1 || setenv(SSH_AGENTPID_ENV_NAME, pidstrbuf, 1) == -1) { perror(""setenv""); exit(1); } execvp(av[0], av); perror(av[0]); exit(1); } log_init(__progname, SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 0); if (setsid() == -1) { error(""setsid: %s"", strerror(errno)); cleanup_exit(1); } (void)chdir(""/""); if (stdfd_devnull(1, 1, 1) == -1) error_f(""stdfd_devnull failed""); rlim.rlim_cur = rlim.rlim_max = 0; if (setrlimit(RLIMIT_CORE, &rlim) == -1) { error(""setrlimit RLIMIT_CORE: %s"", strerror(errno)); cleanup_exit(1); } skip: cleanup_pid = getpid(); #ifdef ENABLE_PKCS11 pkcs11_init(0); #endif new_socket(AUTH_SOCKET, sock); if (ac > 0) parent_alive_interval = 10; idtab_init(); ssh_signal(SIGPIPE, SIG_IGN); ssh_signal(SIGINT, (d_flag | D_flag) ? cleanup_handler : SIG_IGN); ssh_signal(SIGHUP, cleanup_handler); ssh_signal(SIGTERM, cleanup_handler); if (pledge(""stdio rpath cpath unix id proc exec"", NULL) == -1) fatal(""%s: pledge: %s"", __progname, strerror(errno)); while (1) { prepare_poll(&pfd, &npfd, &timeout, maxfds); result = poll(pfd, npfd, timeout); saved_errno = errno; if (parent_alive_interval != 0) check_parent_exists(); (void) reaper(); if (result == -1) { if (saved_errno == EINTR) continue; fatal(""poll: %s"", strerror(saved_errno)); } else if (result > 0) after_poll(pfd, npfd, maxfds); } }",visit repo url,usr.bin/ssh/ssh-agent.c,https://github.com/openbsd/src,77287186960414,1 6086,['CWE-200'],"cbq_under_limit(struct cbq_class *cl) { struct cbq_sched_data *q = qdisc_priv(cl->qdisc); struct cbq_class *this_cl = cl; if (cl->tparent == NULL) return cl; if (PSCHED_IS_PASTPERFECT(cl->undertime) || !PSCHED_TLESS(q->now, cl->undertime)) { cl->delayed = 0; return cl; } do { if ((cl = cl->borrow) == NULL) { this_cl->qstats.overlimits++; this_cl->overlimit(this_cl); return NULL; } if (cl->level > q->toplevel) return NULL; } while (!PSCHED_IS_PASTPERFECT(cl->undertime) && PSCHED_TLESS(q->now, cl->undertime)); cl->delayed = 0; return cl; }",linux-2.6,,,117860871440432655651169212898206542353,0 1376,[],"static inline struct cfs_rq *group_cfs_rq(struct sched_entity *grp) { return NULL; }",linux-2.6,,,59381100822851091475588571453488456755,0 1316,CWE-119,"static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from, int offset, size_t count) { int len = iov_length(from, count) - offset; int copy = skb_headlen(skb); int size, offset1 = 0; int i = 0; while (count && (offset >= from->iov_len)) { offset -= from->iov_len; ++from; --count; } while (count && (copy > 0)) { size = min_t(unsigned int, copy, from->iov_len - offset); if (copy_from_user(skb->data + offset1, from->iov_base + offset, size)) return -EFAULT; if (copy > size) { ++from; --count; offset = 0; } else offset += size; copy -= size; offset1 += size; } if (len == offset1) return 0; while (count--) { struct page *page[MAX_SKB_FRAGS]; int num_pages; unsigned long base; unsigned long truesize; len = from->iov_len - offset; if (!len) { offset = 0; ++from; continue; } base = (unsigned long)from->iov_base + offset; size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT; num_pages = get_user_pages_fast(base, size, 0, &page[i]); if ((num_pages != size) || (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags)) { for (i = 0; i < num_pages; i++) put_page(page[i]); return -EFAULT; } truesize = size * PAGE_SIZE; skb->data_len += len; skb->len += len; skb->truesize += truesize; atomic_add(truesize, &skb->sk->sk_wmem_alloc); while (len) { int off = base & ~PAGE_MASK; int size = min_t(int, len, PAGE_SIZE - off); __skb_fill_page_desc(skb, i, page[i], off, size); skb_shinfo(skb)->nr_frags++; base += size; len -= size; i++; } offset = 0; ++from; } return 0; }",visit repo url,drivers/net/macvtap.c,https://github.com/torvalds/linux,101644762705496,1 1745,CWE-416,"static int ion_handle_put(struct ion_handle *handle) { struct ion_client *client = handle->client; int ret; mutex_lock(&client->lock); ret = kref_put(&handle->ref, ion_handle_destroy); mutex_unlock(&client->lock); return ret; }",visit repo url,drivers/staging/android/ion/ion.c,https://github.com/torvalds/linux,86441793159461,1 4398,CWE-416,"onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, OnigCompileInfo* ci, OnigErrorInfo* einfo) { int r; UChar *cpat, *cpat_end; if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL; if (ci->pattern_enc != ci->target_enc) { r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end, &cpat, &cpat_end); if (r != 0) return r; } else { cpat = (UChar* )pattern; cpat_end = (UChar* )pattern_end; } *reg = (regex_t* )xmalloc(sizeof(regex_t)); if (IS_NULL(*reg)) { r = ONIGERR_MEMORY; goto err2; } r = onig_reg_init(*reg, ci->option, ci->case_fold_flag, ci->target_enc, ci->syntax); if (r != 0) goto err; r = onig_compile(*reg, cpat, cpat_end, einfo); if (r != 0) { err: onig_free(*reg); *reg = NULL; } err2: if (cpat != pattern) xfree(cpat); return r; }",visit repo url,src/regext.c,https://github.com/kkos/oniguruma,197523676133494,1 648,CWE-20,"static int l2tp_ip_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); size_t copied = 0; int err = -EOPNOTSUPP; struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; struct sk_buff *skb; if (flags & MSG_OOB) goto out; if (addr_len) *addr_len = sizeof(*sin); skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_timestamp(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; sin->sin_port = 0; memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); } if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); if (flags & MSG_TRUNC) copied = skb->len; done: skb_free_datagram(sk, skb); out: return err ? err : copied; }",visit repo url,net/l2tp/l2tp_ip.c,https://github.com/torvalds/linux,25169350195135,1 1593,CWE-20,"static long restore_tm_user_regs(struct pt_regs *regs, struct mcontext __user *sr, struct mcontext __user *tm_sr) { long err; unsigned long msr, msr_hi; #ifdef CONFIG_VSX int i; #endif err = restore_general_regs(regs, tm_sr); err |= restore_general_regs(¤t->thread.ckpt_regs, sr); err |= __get_user(current->thread.tm_tfhar, &sr->mc_gregs[PT_NIP]); err |= __get_user(msr, &sr->mc_gregs[PT_MSR]); if (err) return 1; regs->msr = (regs->msr & ~MSR_LE) | (msr & MSR_LE); discard_lazy_cpu_state(); #ifdef CONFIG_ALTIVEC regs->msr &= ~MSR_VEC; if (msr & MSR_VEC) { if (__copy_from_user(¤t->thread.vr_state, &sr->mc_vregs, sizeof(sr->mc_vregs)) || __copy_from_user(¤t->thread.transact_vr, &tm_sr->mc_vregs, sizeof(sr->mc_vregs))) return 1; } else if (current->thread.used_vr) { memset(¤t->thread.vr_state, 0, ELF_NVRREG * sizeof(vector128)); memset(¤t->thread.transact_vr, 0, ELF_NVRREG * sizeof(vector128)); } if (__get_user(current->thread.vrsave, (u32 __user *)&sr->mc_vregs[32]) || __get_user(current->thread.transact_vrsave, (u32 __user *)&tm_sr->mc_vregs[32])) return 1; if (cpu_has_feature(CPU_FTR_ALTIVEC)) mtspr(SPRN_VRSAVE, current->thread.vrsave); #endif regs->msr &= ~(MSR_FP | MSR_FE0 | MSR_FE1); if (copy_fpr_from_user(current, &sr->mc_fregs) || copy_transact_fpr_from_user(current, &tm_sr->mc_fregs)) return 1; #ifdef CONFIG_VSX regs->msr &= ~MSR_VSX; if (msr & MSR_VSX) { if (copy_vsx_from_user(current, &sr->mc_vsregs) || copy_transact_vsx_from_user(current, &tm_sr->mc_vsregs)) return 1; } else if (current->thread.used_vsr) for (i = 0; i < 32 ; i++) { current->thread.fp_state.fpr[i][TS_VSRLOWOFFSET] = 0; current->thread.transact_fp.fpr[i][TS_VSRLOWOFFSET] = 0; } #endif #ifdef CONFIG_SPE regs->msr &= ~MSR_SPE; if (msr & MSR_SPE) { if (__copy_from_user(current->thread.evr, &sr->mc_vregs, ELF_NEVRREG * sizeof(u32))) return 1; } else if (current->thread.used_spe) memset(current->thread.evr, 0, ELF_NEVRREG * sizeof(u32)); if (__get_user(current->thread.spefscr, (u32 __user *)&sr->mc_vregs + ELF_NEVRREG)) return 1; #endif tm_enable(); current->thread.tm_texasr |= TEXASR_FS; tm_recheckpoint(¤t->thread, msr); if (__get_user(msr_hi, &tm_sr->mc_gregs[PT_MSR])) return 1; regs->msr = (regs->msr & ~MSR_TS_MASK) | ((msr_hi<<32) & MSR_TS_MASK); if (msr & MSR_FP) { do_load_up_transact_fpu(¤t->thread); regs->msr |= (MSR_FP | current->thread.fpexc_mode); } #ifdef CONFIG_ALTIVEC if (msr & MSR_VEC) { do_load_up_transact_altivec(¤t->thread); regs->msr |= MSR_VEC; } #endif return 0; }",visit repo url,arch/powerpc/kernel/signal_32.c,https://github.com/torvalds/linux,56797139915697,1 1408,CWE-310,"static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_blkcipher rblkcipher; snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""blkcipher""); snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", alg->cra_blkcipher.geniv ?: """"); rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; rblkcipher.max_keysize = alg->cra_blkcipher.max_keysize; rblkcipher.ivsize = alg->cra_blkcipher.ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, sizeof(struct crypto_report_blkcipher), &rblkcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/blkcipher.c,https://github.com/torvalds/linux,113758900849201,1 2531,CWE-125,"read_header(struct archive_read *a, struct archive_entry *entry, char head_type) { const void *h; const char *p, *endp; struct rar *rar; struct rar_header rar_header; struct rar_file_header file_header; int64_t header_size; unsigned filename_size, end; char *filename; char *strp; char packed_size[8]; char unp_size[8]; int ttime; struct archive_string_conv *sconv, *fn_sconv; unsigned long crc32_val; int ret = (ARCHIVE_OK), ret2; rar = (struct rar *)(a->format->data); sconv = rar->opt_sconv; if (sconv == NULL) { if (!rar->init_default_conversion) { rar->sconv_default = archive_string_default_conversion_for_read( &(a->archive)); rar->init_default_conversion = 1; } sconv = rar->sconv_default; } if ((h = __archive_read_ahead(a, 7, NULL)) == NULL) return (ARCHIVE_FATAL); p = h; memcpy(&rar_header, p, sizeof(rar_header)); rar->file_flags = archive_le16dec(rar_header.flags); header_size = archive_le16dec(rar_header.size); if (header_size < (int64_t)sizeof(file_header) + 7) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid header size""); return (ARCHIVE_FATAL); } crc32_val = crc32(0, (const unsigned char *)p + 2, 7 - 2); __archive_read_consume(a, 7); if (!(rar->file_flags & FHD_SOLID)) { rar->compression_method = 0; rar->packed_size = 0; rar->unp_size = 0; rar->mtime = 0; rar->ctime = 0; rar->atime = 0; rar->arctime = 0; rar->mode = 0; memset(&rar->salt, 0, sizeof(rar->salt)); rar->atime = 0; rar->ansec = 0; rar->ctime = 0; rar->cnsec = 0; rar->mtime = 0; rar->mnsec = 0; rar->arctime = 0; rar->arcnsec = 0; } else { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""RAR solid archive support unavailable.""); return (ARCHIVE_FATAL); } if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL) return (ARCHIVE_FATAL); crc32_val = crc32(crc32_val, h, (unsigned)(header_size - 7)); if ((crc32_val & 0xffff) != archive_le16dec(rar_header.crc)) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Header CRC error""); return (ARCHIVE_FATAL); } p = h; endp = p + header_size - 7; memcpy(&file_header, p, sizeof(file_header)); p += sizeof(file_header); rar->compression_method = file_header.method; ttime = archive_le32dec(file_header.file_time); rar->mtime = get_time(ttime); rar->file_crc = archive_le32dec(file_header.file_crc); if (rar->file_flags & FHD_PASSWORD) { archive_entry_set_is_data_encrypted(entry, 1); rar->has_encrypted_entries = 1; archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""RAR encryption support unavailable.""); } if (rar->file_flags & FHD_LARGE) { memcpy(packed_size, file_header.pack_size, 4); memcpy(packed_size + 4, p, 4); p += 4; memcpy(unp_size, file_header.unp_size, 4); memcpy(unp_size + 4, p, 4); p += 4; rar->packed_size = archive_le64dec(&packed_size); rar->unp_size = archive_le64dec(&unp_size); } else { rar->packed_size = archive_le32dec(file_header.pack_size); rar->unp_size = archive_le32dec(file_header.unp_size); } if (rar->packed_size < 0 || rar->unp_size < 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid sizes specified.""); return (ARCHIVE_FATAL); } rar->bytes_remaining = rar->packed_size; if (head_type == NEWSUB_HEAD) { size_t distance = p - (const char *)h; header_size += rar->packed_size; if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL) return (ARCHIVE_FATAL); p = h; endp = p + header_size - 7; p += distance; } filename_size = archive_le16dec(file_header.name_size); if (p + filename_size > endp) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid filename size""); return (ARCHIVE_FATAL); } if (rar->filename_allocated < filename_size * 2 + 2) { char *newptr; size_t newsize = filename_size * 2 + 2; newptr = realloc(rar->filename, newsize); if (newptr == NULL) { archive_set_error(&a->archive, ENOMEM, ""Couldn't allocate memory.""); return (ARCHIVE_FATAL); } rar->filename = newptr; rar->filename_allocated = newsize; } filename = rar->filename; memcpy(filename, p, filename_size); filename[filename_size] = '\0'; if (rar->file_flags & FHD_UNICODE) { if (filename_size != strlen(filename)) { unsigned char highbyte, flagbits, flagbyte; unsigned fn_end, offset; end = filename_size; fn_end = filename_size * 2; filename_size = 0; offset = (unsigned)strlen(filename) + 1; highbyte = *(p + offset++); flagbits = 0; flagbyte = 0; while (offset < end && filename_size < fn_end) { if (!flagbits) { flagbyte = *(p + offset++); flagbits = 8; } flagbits -= 2; switch((flagbyte >> flagbits) & 3) { case 0: filename[filename_size++] = '\0'; filename[filename_size++] = *(p + offset++); break; case 1: filename[filename_size++] = highbyte; filename[filename_size++] = *(p + offset++); break; case 2: filename[filename_size++] = *(p + offset + 1); filename[filename_size++] = *(p + offset); offset += 2; break; case 3: { char extra, high; uint8_t length = *(p + offset++); if (length & 0x80) { extra = *(p + offset++); high = (char)highbyte; } else extra = high = 0; length = (length & 0x7f) + 2; while (length && filename_size < fn_end) { unsigned cp = filename_size >> 1; filename[filename_size++] = high; filename[filename_size++] = p[cp] + extra; length--; } } break; } } if (filename_size > fn_end) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid filename""); return (ARCHIVE_FATAL); } filename[filename_size++] = '\0'; filename[filename_size++] = '\0'; if (rar->sconv_utf16be == NULL) { rar->sconv_utf16be = archive_string_conversion_from_charset( &a->archive, ""UTF-16BE"", 1); if (rar->sconv_utf16be == NULL) return (ARCHIVE_FATAL); } fn_sconv = rar->sconv_utf16be; strp = filename; while (memcmp(strp, ""\x00\x00"", 2)) { if (!memcmp(strp, ""\x00\\"", 2)) *(strp + 1) = '/'; strp += 2; } p += offset; } else { if (rar->sconv_utf8 == NULL) { rar->sconv_utf8 = archive_string_conversion_from_charset( &a->archive, ""UTF-8"", 1); if (rar->sconv_utf8 == NULL) return (ARCHIVE_FATAL); } fn_sconv = rar->sconv_utf8; while ((strp = strchr(filename, '\\')) != NULL) *strp = '/'; p += filename_size; } } else { fn_sconv = sconv; while ((strp = strchr(filename, '\\')) != NULL) *strp = '/'; p += filename_size; } if (rar->filename_save && filename_size == rar->filename_save_size && !memcmp(rar->filename, rar->filename_save, filename_size + 1)) { __archive_read_consume(a, header_size - 7); rar->cursor++; if (rar->cursor >= rar->nodes) { rar->nodes++; if ((rar->dbo = realloc(rar->dbo, sizeof(*rar->dbo) * rar->nodes)) == NULL) { archive_set_error(&a->archive, ENOMEM, ""Couldn't allocate memory.""); return (ARCHIVE_FATAL); } rar->dbo[rar->cursor].header_size = header_size; rar->dbo[rar->cursor].start_offset = -1; rar->dbo[rar->cursor].end_offset = -1; } if (rar->dbo[rar->cursor].start_offset < 0) { rar->dbo[rar->cursor].start_offset = a->filter->position; rar->dbo[rar->cursor].end_offset = rar->dbo[rar->cursor].start_offset + rar->packed_size; } return ret; } rar->filename_save = (char*)realloc(rar->filename_save, filename_size + 1); memcpy(rar->filename_save, rar->filename, filename_size + 1); rar->filename_save_size = filename_size; free(rar->dbo); if ((rar->dbo = calloc(1, sizeof(*rar->dbo))) == NULL) { archive_set_error(&a->archive, ENOMEM, ""Couldn't allocate memory.""); return (ARCHIVE_FATAL); } rar->dbo[0].header_size = header_size; rar->dbo[0].start_offset = -1; rar->dbo[0].end_offset = -1; rar->cursor = 0; rar->nodes = 1; if (rar->file_flags & FHD_SALT) { if (p + 8 > endp) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid header size""); return (ARCHIVE_FATAL); } memcpy(rar->salt, p, 8); p += 8; } if (rar->file_flags & FHD_EXTTIME) { if (read_exttime(p, rar, endp) < 0) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Invalid header size""); return (ARCHIVE_FATAL); } } __archive_read_consume(a, header_size - 7); rar->dbo[0].start_offset = a->filter->position; rar->dbo[0].end_offset = rar->dbo[0].start_offset + rar->packed_size; switch(file_header.host_os) { case OS_MSDOS: case OS_OS2: case OS_WIN32: rar->mode = archive_le32dec(file_header.file_attr); if (rar->mode & FILE_ATTRIBUTE_DIRECTORY) rar->mode = AE_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH; else rar->mode = AE_IFREG; rar->mode |= S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH; break; case OS_UNIX: case OS_MAC_OS: case OS_BEOS: rar->mode = archive_le32dec(file_header.file_attr); break; default: archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Unknown file attributes from RAR file's host OS""); return (ARCHIVE_FATAL); } rar->bytes_uncopied = rar->bytes_unconsumed = 0; rar->lzss.position = rar->offset = 0; rar->offset_seek = 0; rar->dictionary_size = 0; rar->offset_outgoing = 0; rar->br.cache_avail = 0; rar->br.avail_in = 0; rar->crc_calculated = 0; rar->entry_eof = 0; rar->valid = 1; rar->is_ppmd_block = 0; rar->start_new_table = 1; free(rar->unp_buffer); rar->unp_buffer = NULL; rar->unp_offset = 0; rar->unp_buffer_size = UNP_BUFFER_SIZE; memset(rar->lengthtable, 0, sizeof(rar->lengthtable)); __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context, &g_szalloc); rar->ppmd_valid = rar->ppmd_eod = 0; if (head_type == NEWSUB_HEAD) return ret; archive_entry_set_mtime(entry, rar->mtime, rar->mnsec); archive_entry_set_ctime(entry, rar->ctime, rar->cnsec); archive_entry_set_atime(entry, rar->atime, rar->ansec); archive_entry_set_size(entry, rar->unp_size); archive_entry_set_mode(entry, rar->mode); if (archive_entry_copy_pathname_l(entry, filename, filename_size, fn_sconv)) { if (errno == ENOMEM) { archive_set_error(&a->archive, ENOMEM, ""Can't allocate memory for Pathname""); return (ARCHIVE_FATAL); } archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ""Pathname cannot be converted from %s to current locale."", archive_string_conversion_charset_name(fn_sconv)); ret = (ARCHIVE_WARN); } if (((rar->mode) & AE_IFMT) == AE_IFLNK) { rar->bytes_remaining = 0; archive_entry_set_size(entry, 0); if ((ret2 = read_symlink_stored(a, entry, sconv)) < (ARCHIVE_WARN)) return ret2; if (ret > ret2) ret = ret2; } if (rar->bytes_remaining == 0) rar->entry_eof = 1; return ret; }",visit repo url,libarchive/archive_read_support_format_rar.c,https://github.com/libarchive/libarchive,142731830190025,1 4615,['CWE-399'],"static int ext4_ordered_write_end(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned copied, struct page *page, void *fsdata) { handle_t *handle = ext4_journal_current_handle(); struct inode *inode = mapping->host; int ret = 0, ret2; trace_mark(ext4_ordered_write_end, ""dev %s ino %lu pos %llu len %u copied %u"", inode->i_sb->s_id, inode->i_ino, (unsigned long long) pos, len, copied); ret = ext4_jbd2_file_inode(handle, inode); if (ret == 0) { loff_t new_i_size; new_i_size = pos + copied; if (new_i_size > EXT4_I(inode)->i_disksize) { ext4_update_i_disksize(inode, new_i_size); ext4_mark_inode_dirty(handle, inode); } ret2 = generic_write_end(file, mapping, pos, len, copied, page, fsdata); copied = ret2; if (ret2 < 0) ret = ret2; } ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; return ret ? ret : copied; }",linux-2.6,,,176408698254869778932735664563284621022,0 4787,CWE-119,"static int tcos_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { sc_context_t *ctx; sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; unsigned int i; int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x04); switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) return SC_ERROR_INVALID_ARGUMENTS; case SC_PATH_TYPE_FROM_CURRENT: apdu.p1 = 9; break; case SC_PATH_TYPE_DF_NAME: apdu.p1 = 4; break; case SC_PATH_TYPE_PATH: apdu.p1 = 8; if (pathlen >= 2 && memcmp(path, ""\x3F\x00"", 2) == 0) path += 2, pathlen -= 2; if (pathlen == 0) apdu.p1 = 0; break; case SC_PATH_TYPE_PARENT: apdu.p1 = 3; pathlen = 0; break; default: SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; apdu.lc = pathlen; apdu.data = path; apdu.datalen = pathlen; if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); apdu.le = 256; } else { apdu.resplen = 0; apdu.le = 0; apdu.p2 = 0x0C; apdu.cse = (pathlen == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; } r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, ""APDU transmit failed""); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""received invalid template %02X\n"", apdu.resp[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); *file_out = file; file->path = *in_path; for(i=2; i+1size=0; for(j=0; jsize = (file->size<<8) | d[j]; break; case 0x82: file->shareable = (d[0] & 0x40) ? 1 : 0; file->ef_structure = d[0] & 7; switch ((d[0]>>3) & 7) { case 0: file->type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""invalid file type %02X in file descriptor\n"", d[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: file->id = (d[0]<<8) | d[1]; break; case 0x84: memcpy(file->name, d, len); file->namelen = len; break; case 0x86: sc_file_set_sec_attr(file, d, len); break; default: if (len>0) sc_file_set_prop_attr(file, d, len); } } file->magic = SC_FILE_MAGIC; parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len); return 0; }",visit repo url,src/libopensc/card-tcos.c,https://github.com/OpenSC/OpenSC,13139987058975,1 4191,CWE-20,"static plist_t parse_bin_node(struct bplist_data *bplist, const char** object) { uint16_t type = 0; uint64_t size = 0; if (!object) return NULL; type = (**object) & BPLIST_MASK; size = (**object) & BPLIST_FILL; (*object)++; if (size == BPLIST_FILL) { switch (type) { case BPLIST_DATA: case BPLIST_STRING: case BPLIST_UNICODE: case BPLIST_ARRAY: case BPLIST_SET: case BPLIST_DICT: { uint16_t next_size = **object & BPLIST_FILL; if ((**object & BPLIST_MASK) != BPLIST_UINT) { PLIST_BIN_ERR(""%s: invalid size node type for node type 0x%02x: found 0x%02x, expected 0x%02x\n"", __func__, type, **object & BPLIST_MASK, BPLIST_UINT); return NULL; } (*object)++; next_size = 1 << next_size; if (*object + next_size > bplist->offset_table) { PLIST_BIN_ERR(""%s: size node data bytes for node type 0x%02x point outside of valid range\n"", __func__, type); return NULL; } size = UINT_TO_HOST(*object, next_size); (*object) += next_size; break; } default: break; } } switch (type) { case BPLIST_NULL: switch (size) { case BPLIST_TRUE: { plist_data_t data = plist_new_plist_data(); data->type = PLIST_BOOLEAN; data->boolval = TRUE; data->length = 1; return node_create(NULL, data); } case BPLIST_FALSE: { plist_data_t data = plist_new_plist_data(); data->type = PLIST_BOOLEAN; data->boolval = FALSE; data->length = 1; return node_create(NULL, data); } case BPLIST_NULL: default: return NULL; } case BPLIST_UINT: if (*object + (uint64_t)(1 << size) > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_UINT data bytes point outside of valid range\n"", __func__); return NULL; } return parse_uint_node(object, size); case BPLIST_REAL: if (*object + (uint64_t)(1 << size) > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_REAL data bytes point outside of valid range\n"", __func__); return NULL; } return parse_real_node(object, size); case BPLIST_DATE: if (3 != size) { PLIST_BIN_ERR(""%s: invalid data size for BPLIST_DATE node\n"", __func__); return NULL; } if (*object + (uint64_t)(1 << size) > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_DATE data bytes point outside of valid range\n"", __func__); return NULL; } return parse_date_node(object, size); case BPLIST_DATA: if (*object + size > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_DATA data bytes point outside of valid range\n"", __func__); return NULL; } return parse_data_node(object, size); case BPLIST_STRING: if (*object + size > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_STRING data bytes point outside of valid range\n"", __func__); return NULL; } return parse_string_node(object, size); case BPLIST_UNICODE: if (size*2 < size) { PLIST_BIN_ERR(""%s: Integer overflow when calculating BPLIST_UNICODE data size.\n"", __func__); return NULL; } if (*object + size*2 > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_UNICODE data bytes point outside of valid range\n"", __func__); return NULL; } return parse_unicode_node(object, size); case BPLIST_SET: case BPLIST_ARRAY: if (*object + size > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_ARRAY data bytes point outside of valid range\n"", __func__); return NULL; } return parse_array_node(bplist, object, size); case BPLIST_UID: if (*object + size+1 > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_UID data bytes point outside of valid range\n"", __func__); return NULL; } return parse_uid_node(object, size); case BPLIST_DICT: if (*object + size > bplist->offset_table) { PLIST_BIN_ERR(""%s: BPLIST_REAL data bytes point outside of valid range\n"", __func__); return NULL; } return parse_dict_node(bplist, object, size); default: PLIST_BIN_ERR(""%s: unexpected node type 0x%02x\n"", __func__, type); return NULL; } return NULL; }",visit repo url,src/bplist.c,https://github.com/libimobiledevice/libplist,230957414097460,1 4408,CWE-754,"scanner_scan_all (parser_context_t *context_p, const uint8_t *arg_list_p, const uint8_t *arg_list_end_p, const uint8_t *source_p, const uint8_t *source_end_p) { scanner_context_t scanner_context; #if ENABLED (JERRY_PARSER_DUMP_BYTE_CODE) if (context_p->is_show_opcodes) { JERRY_DEBUG_MSG (""\n--- Scanning start ---\n\n""); } #endif scanner_context.context_status_flags = context_p->status_flags; scanner_context.status_flags = SCANNER_CONTEXT_NO_FLAGS; #if ENABLED (JERRY_DEBUGGER) if (JERRY_CONTEXT (debugger_flags) & JERRY_DEBUGGER_CONNECTED) { scanner_context.status_flags |= SCANNER_CONTEXT_DEBUGGER_ENABLED; } #endif #if ENABLED (JERRY_ES2015) scanner_context.binding_type = SCANNER_BINDING_NONE; scanner_context.active_binding_list_p = NULL; #endif scanner_context.active_literal_pool_p = NULL; scanner_context.active_switch_statement.last_case_p = NULL; scanner_context.end_arguments_p = NULL; #if ENABLED (JERRY_ES2015) scanner_context.async_source_p = NULL; #endif context_p->u.scanner_context_p = &scanner_context; parser_stack_init (context_p); PARSER_TRY (context_p->try_buffer) { context_p->line = 1; context_p->column = 1; if (arg_list_p == NULL) { context_p->source_p = source_p; context_p->source_end_p = source_end_p; uint16_t status_flags = SCANNER_LITERAL_POOL_FUNCTION_WITHOUT_ARGUMENTS | SCANNER_LITERAL_POOL_CAN_EVAL; if (context_p->status_flags & PARSER_IS_STRICT) { status_flags |= SCANNER_LITERAL_POOL_IS_STRICT; } scanner_literal_pool_t *literal_pool_p = scanner_push_literal_pool (context_p, &scanner_context, status_flags); literal_pool_p->source_p = source_p; parser_stack_push_uint8 (context_p, SCAN_STACK_SCRIPT); lexer_next_token (context_p); scanner_check_directives (context_p, &scanner_context); } else { context_p->source_p = arg_list_p; context_p->source_end_p = arg_list_end_p; uint16_t status_flags = SCANNER_LITERAL_POOL_FUNCTION; if (context_p->status_flags & PARSER_IS_STRICT) { status_flags |= SCANNER_LITERAL_POOL_IS_STRICT; } #if ENABLED (JERRY_ES2015) if (context_p->status_flags & PARSER_IS_GENERATOR_FUNCTION) { status_flags |= SCANNER_LITERAL_POOL_GENERATOR; } #endif scanner_push_literal_pool (context_p, &scanner_context, status_flags); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; parser_stack_push_uint8 (context_p, SCAN_STACK_SCRIPT_FUNCTION); context_p->token.type = LEXER_LEFT_PAREN; } while (true) { lexer_token_type_t type = (lexer_token_type_t) context_p->token.type; scan_stack_modes_t stack_top = (scan_stack_modes_t) context_p->stack_top_uint8; switch (scanner_context.mode) { case SCAN_MODE_PRIMARY_EXPRESSION: { if (type == LEXER_ADD || type == LEXER_SUBTRACT || LEXER_IS_UNARY_OP_TOKEN (type)) { break; } } case SCAN_MODE_PRIMARY_EXPRESSION_AFTER_NEW: { if (scanner_scan_primary_expression (context_p, &scanner_context, type, stack_top) != SCAN_NEXT_TOKEN) { continue; } break; } #if ENABLED (JERRY_ES2015) case SCAN_MODE_CLASS_DECLARATION: { if (context_p->token.type == LEXER_KEYW_EXTENDS) { parser_stack_push_uint8 (context_p, SCAN_STACK_CLASS_EXTENDS); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } else if (context_p->token.type != LEXER_LEFT_BRACE) { scanner_raise_error (context_p); } scanner_context.mode = SCAN_MODE_CLASS_METHOD; } case SCAN_MODE_CLASS_METHOD: { JERRY_ASSERT (stack_top == SCAN_STACK_IMPLICIT_CLASS_CONSTRUCTOR || stack_top == SCAN_STACK_EXPLICIT_CLASS_CONSTRUCTOR); lexer_skip_empty_statements (context_p); lexer_scan_identifier (context_p); if (context_p->token.type == LEXER_RIGHT_BRACE) { scanner_source_start_t source_start; parser_stack_pop_uint8 (context_p); if (stack_top == SCAN_STACK_IMPLICIT_CLASS_CONSTRUCTOR) { parser_stack_pop (context_p, &source_start, sizeof (scanner_source_start_t)); } stack_top = context_p->stack_top_uint8; JERRY_ASSERT (stack_top == SCAN_STACK_CLASS_STATEMENT || stack_top == SCAN_STACK_CLASS_EXPRESSION); if (stack_top == SCAN_STACK_CLASS_STATEMENT) { scanner_context.mode = SCAN_MODE_STATEMENT_END; continue; } scanner_context.mode = SCAN_MODE_POST_PRIMARY_EXPRESSION; parser_stack_pop_uint8 (context_p); break; } if (context_p->token.type == LEXER_LITERAL && LEXER_IS_IDENT_OR_STRING (context_p->token.lit_location.type) && lexer_compare_literal_to_string (context_p, ""constructor"", 11)) { if (stack_top == SCAN_STACK_IMPLICIT_CLASS_CONSTRUCTOR) { scanner_source_start_t source_start; parser_stack_pop_uint8 (context_p); parser_stack_pop (context_p, &source_start, sizeof (scanner_source_start_t)); scanner_info_t *info_p = scanner_insert_info (context_p, source_start.source_p, sizeof (scanner_info_t)); info_p->type = SCANNER_TYPE_CLASS_CONSTRUCTOR; parser_stack_push_uint8 (context_p, SCAN_STACK_EXPLICIT_CLASS_CONSTRUCTOR); } } if (lexer_token_is_identifier (context_p, ""static"", 6)) { lexer_scan_identifier (context_p); } parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PROPERTY); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; uint16_t literal_pool_flags = SCANNER_LITERAL_POOL_FUNCTION; if (lexer_token_is_identifier (context_p, ""get"", 3) || lexer_token_is_identifier (context_p, ""set"", 3)) { lexer_scan_identifier (context_p); if (context_p->token.type == LEXER_LEFT_PAREN) { scanner_push_literal_pool (context_p, &scanner_context, SCANNER_LITERAL_POOL_FUNCTION); continue; } } else if (lexer_token_is_identifier (context_p, ""async"", 5)) { lexer_scan_identifier (context_p); if (context_p->token.type == LEXER_LEFT_PAREN) { scanner_push_literal_pool (context_p, &scanner_context, SCANNER_LITERAL_POOL_FUNCTION); continue; } literal_pool_flags |= SCANNER_LITERAL_POOL_ASYNC; if (context_p->token.type == LEXER_MULTIPLY) { lexer_scan_identifier (context_p); literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } } else if (context_p->token.type == LEXER_MULTIPLY) { lexer_scan_identifier (context_p); literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCANNER_FROM_LITERAL_POOL_TO_COMPUTED (literal_pool_flags)); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } if (literal_pool_flags & SCANNER_LITERAL_POOL_GENERATOR) { context_p->status_flags |= PARSER_IS_GENERATOR_FUNCTION; } scanner_push_literal_pool (context_p, &scanner_context, literal_pool_flags); lexer_next_token (context_p); continue; } #endif case SCAN_MODE_POST_PRIMARY_EXPRESSION: { if (scanner_scan_post_primary_expression (context_p, &scanner_context, type, stack_top)) { break; } type = (lexer_token_type_t) context_p->token.type; } case SCAN_MODE_PRIMARY_EXPRESSION_END: { if (scanner_scan_primary_expression_end (context_p, &scanner_context, type, stack_top) != SCAN_NEXT_TOKEN) { continue; } break; } case SCAN_MODE_STATEMENT_OR_TERMINATOR: { if (type == LEXER_RIGHT_BRACE || type == LEXER_EOS) { scanner_context.mode = SCAN_MODE_STATEMENT_END; continue; } } case SCAN_MODE_STATEMENT: { if (scanner_scan_statement (context_p, &scanner_context, type, stack_top) != SCAN_NEXT_TOKEN) { continue; } break; } case SCAN_MODE_STATEMENT_END: { if (scanner_scan_statement_end (context_p, &scanner_context, type) != SCAN_NEXT_TOKEN) { continue; } if (context_p->token.type == LEXER_EOS) { goto scan_completed; } break; } case SCAN_MODE_VAR_STATEMENT: { #if ENABLED (JERRY_ES2015) if (type == LEXER_LEFT_SQUARE || type == LEXER_LEFT_BRACE) { uint8_t binding_type = SCANNER_BINDING_VAR; if (stack_top == SCAN_STACK_LET || stack_top == SCAN_STACK_FOR_LET_START) { binding_type = SCANNER_BINDING_LET; } else if (stack_top == SCAN_STACK_CONST || stack_top == SCAN_STACK_FOR_CONST_START) { binding_type = SCANNER_BINDING_CONST; } scanner_push_destructuring_pattern (context_p, &scanner_context, binding_type, false); if (type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_ARRAY_LITERAL); scanner_context.mode = SCAN_MODE_BINDING; break; } parser_stack_push_uint8 (context_p, SCAN_STACK_OBJECT_LITERAL); scanner_context.mode = SCAN_MODE_PROPERTY_NAME; continue; } #endif if (type != LEXER_LITERAL || context_p->token.lit_location.type != LEXER_IDENT_LITERAL) { scanner_raise_error (context_p); } lexer_lit_location_t *literal_p = scanner_add_literal (context_p, &scanner_context); #if ENABLED (JERRY_ES2015) if (stack_top != SCAN_STACK_VAR && stack_top != SCAN_STACK_FOR_VAR_START) { scanner_detect_invalid_let (context_p, literal_p); if (stack_top == SCAN_STACK_LET || stack_top == SCAN_STACK_FOR_LET_START) { literal_p->type |= SCANNER_LITERAL_IS_LET; } else { JERRY_ASSERT (stack_top == SCAN_STACK_CONST || stack_top == SCAN_STACK_FOR_CONST_START); literal_p->type |= SCANNER_LITERAL_IS_CONST; } lexer_next_token (context_p); if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; } else if (context_p->token.type == LEXER_ASSIGN) { scanner_binding_literal_t binding_literal; binding_literal.literal_p = literal_p; parser_stack_push (context_p, &binding_literal, sizeof (scanner_binding_literal_t)); parser_stack_push_uint8 (context_p, SCAN_STACK_BINDING_INIT); } } else { if (!(literal_p->type & SCANNER_LITERAL_IS_VAR)) { scanner_detect_invalid_var (context_p, &scanner_context, literal_p); literal_p->type |= SCANNER_LITERAL_IS_VAR; if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_WITH) { literal_p->type |= SCANNER_LITERAL_NO_REG; } } lexer_next_token (context_p); } #else literal_p->type |= SCANNER_LITERAL_IS_VAR; if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_WITH) { literal_p->type |= SCANNER_LITERAL_NO_REG; } lexer_next_token (context_p); #endif #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_EXPORT) { literal_p->type |= SCANNER_LITERAL_NO_REG; } #endif switch (context_p->token.type) { case LEXER_ASSIGN: { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; } case LEXER_COMMA: { lexer_next_token (context_p); continue; } } if (SCANNER_IS_FOR_START (stack_top)) { #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) JERRY_ASSERT (!(scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_EXPORT)); #endif if (context_p->token.type != LEXER_SEMICOLON && context_p->token.type != LEXER_KEYW_IN && !SCANNER_IDENTIFIER_IS_OF ()) { scanner_raise_error (context_p); } scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION_END; continue; } #if ENABLED (JERRY_ES2015) JERRY_ASSERT (stack_top == SCAN_STACK_VAR || stack_top == SCAN_STACK_LET || stack_top == SCAN_STACK_CONST); #else JERRY_ASSERT (stack_top == SCAN_STACK_VAR); #endif #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) scanner_context.active_literal_pool_p->status_flags &= (uint16_t) ~SCANNER_LITERAL_POOL_IN_EXPORT; #endif scanner_context.mode = SCAN_MODE_STATEMENT_END; parser_stack_pop_uint8 (context_p); continue; } case SCAN_MODE_FUNCTION_ARGUMENTS: { JERRY_ASSERT (stack_top == SCAN_STACK_SCRIPT_FUNCTION || stack_top == SCAN_STACK_FUNCTION_STATEMENT || stack_top == SCAN_STACK_FUNCTION_EXPRESSION || stack_top == SCAN_STACK_FUNCTION_PROPERTY); scanner_literal_pool_t *literal_pool_p = scanner_context.active_literal_pool_p; JERRY_ASSERT (literal_pool_p != NULL && (literal_pool_p->status_flags & SCANNER_LITERAL_POOL_FUNCTION)); literal_pool_p->source_p = context_p->source_p; #if ENABLED (JERRY_ES2015) if (JERRY_UNLIKELY (scanner_context.async_source_p != NULL)) { literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ASYNC; literal_pool_p->source_p = scanner_context.async_source_p; scanner_context.async_source_p = NULL; } #endif if (type != LEXER_LEFT_PAREN) { scanner_raise_error (context_p); } lexer_next_token (context_p); #if ENABLED (JERRY_ES2015) } case SCAN_MODE_CONTINUE_FUNCTION_ARGUMENTS: { #endif if (context_p->token.type != LEXER_RIGHT_PAREN && context_p->token.type != LEXER_EOS) { #if ENABLED (JERRY_ES2015) lexer_lit_location_t *argument_literal_p; #endif while (true) { #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_THREE_DOTS) { scanner_context.active_literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ARGUMENTS_UNMAPPED; lexer_next_token (context_p); } if (context_p->token.type == LEXER_LEFT_SQUARE || context_p->token.type == LEXER_LEFT_BRACE) { argument_literal_p = NULL; break; } #endif if (context_p->token.type != LEXER_LITERAL || context_p->token.lit_location.type != LEXER_IDENT_LITERAL) { scanner_raise_error (context_p); } #if ENABLED (JERRY_ES2015) argument_literal_p = scanner_append_argument (context_p, &scanner_context); #else scanner_append_argument (context_p, &scanner_context); #endif lexer_next_token (context_p); if (context_p->token.type != LEXER_COMMA) { break; } lexer_next_token (context_p); } #if ENABLED (JERRY_ES2015) if (argument_literal_p == NULL) { scanner_context.active_literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ARGUMENTS_UNMAPPED; parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PARAMETERS); scanner_append_hole (context_p, &scanner_context); scanner_push_destructuring_pattern (context_p, &scanner_context, SCANNER_BINDING_ARG, false); if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_ARRAY_LITERAL); scanner_context.mode = SCAN_MODE_BINDING; break; } parser_stack_push_uint8 (context_p, SCAN_STACK_OBJECT_LITERAL); scanner_context.mode = SCAN_MODE_PROPERTY_NAME; continue; } if (context_p->token.type == LEXER_ASSIGN) { scanner_context.active_literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ARGUMENTS_UNMAPPED; parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PARAMETERS); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; if (argument_literal_p->type & SCANNER_LITERAL_IS_USED) { JERRY_ASSERT (argument_literal_p->type & SCANNER_LITERAL_EARLY_CREATE); break; } scanner_binding_literal_t binding_literal; binding_literal.literal_p = argument_literal_p; parser_stack_push (context_p, &binding_literal, sizeof (scanner_binding_literal_t)); parser_stack_push_uint8 (context_p, SCAN_STACK_BINDING_INIT); break; } #endif } if (context_p->token.type == LEXER_EOS && stack_top == SCAN_STACK_SCRIPT_FUNCTION) { scanner_info_t *scanner_info_p = (scanner_info_t *) scanner_malloc (context_p, sizeof (scanner_info_t)); scanner_info_p->next_p = context_p->next_scanner_info_p; scanner_info_p->source_p = NULL; scanner_info_p->type = SCANNER_TYPE_END_ARGUMENTS; scanner_context.end_arguments_p = scanner_info_p; context_p->next_scanner_info_p = scanner_info_p; context_p->source_p = source_p; context_p->source_end_p = source_end_p; context_p->line = 1; context_p->column = 1; scanner_filter_arguments (context_p, &scanner_context); lexer_next_token (context_p); scanner_check_directives (context_p, &scanner_context); continue; } if (context_p->token.type != LEXER_RIGHT_PAREN) { scanner_raise_error (context_p); } lexer_next_token (context_p); if (context_p->token.type != LEXER_LEFT_BRACE) { scanner_raise_error (context_p); } scanner_filter_arguments (context_p, &scanner_context); lexer_next_token (context_p); scanner_check_directives (context_p, &scanner_context); continue; } case SCAN_MODE_PROPERTY_NAME: { JERRY_ASSERT (stack_top == SCAN_STACK_OBJECT_LITERAL); if (lexer_scan_identifier (context_p)) { lexer_check_property_modifier (context_p); } #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_COMPUTED_PROPERTY); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } #endif if (context_p->token.type == LEXER_RIGHT_BRACE) { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION_END; continue; } if (context_p->token.type == LEXER_PROPERTY_GETTER #if ENABLED (JERRY_ES2015) || context_p->token.type == LEXER_KEYW_ASYNC || context_p->token.type == LEXER_MULTIPLY #endif || context_p->token.type == LEXER_PROPERTY_SETTER) { uint16_t literal_pool_flags = SCANNER_LITERAL_POOL_FUNCTION; #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_MULTIPLY) { literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } else if (context_p->token.type == LEXER_KEYW_ASYNC) { literal_pool_flags |= SCANNER_LITERAL_POOL_ASYNC; if (lexer_consume_generator (context_p)) { literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } } #endif parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PROPERTY); lexer_scan_identifier (context_p); #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCANNER_FROM_LITERAL_POOL_TO_COMPUTED (literal_pool_flags)); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } #endif if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } scanner_push_literal_pool (context_p, &scanner_context, literal_pool_flags); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; break; } if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } #if ENABLED (JERRY_ES2015) parser_line_counter_t start_line = context_p->token.line; parser_line_counter_t start_column = context_p->token.column; bool is_ident = (context_p->token.lit_location.type == LEXER_IDENT_LITERAL); #endif lexer_next_token (context_p); #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_LEFT_PAREN) { scanner_push_literal_pool (context_p, &scanner_context, SCANNER_LITERAL_POOL_FUNCTION); parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PROPERTY); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; continue; } if (is_ident && (context_p->token.type == LEXER_COMMA || context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN)) { context_p->source_p = context_p->token.lit_location.char_p; context_p->line = start_line; context_p->column = start_column; lexer_next_token (context_p); JERRY_ASSERT (context_p->token.type != LEXER_LITERAL || context_p->token.lit_location.type == LEXER_IDENT_LITERAL); if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } if (scanner_context.binding_type != SCANNER_BINDING_NONE) { scanner_context.mode = SCAN_MODE_BINDING; continue; } scanner_add_reference (context_p, &scanner_context); lexer_next_token (context_p); if (context_p->token.type == LEXER_ASSIGN) { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION_END; continue; } #endif if (context_p->token.type != LEXER_COLON) { scanner_raise_error (context_p); } scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; #if ENABLED (JERRY_ES2015) if (scanner_context.binding_type != SCANNER_BINDING_NONE) { scanner_context.mode = SCAN_MODE_BINDING; } #endif break; } #if ENABLED (JERRY_ES2015) case SCAN_MODE_BINDING: { JERRY_ASSERT (scanner_context.binding_type == SCANNER_BINDING_VAR || scanner_context.binding_type == SCANNER_BINDING_LET || scanner_context.binding_type == SCANNER_BINDING_CATCH || scanner_context.binding_type == SCANNER_BINDING_CONST || scanner_context.binding_type == SCANNER_BINDING_ARG || scanner_context.binding_type == SCANNER_BINDING_ARROW_ARG); if (type == LEXER_THREE_DOTS) { lexer_next_token (context_p); type = (lexer_token_type_t) context_p->token.type; } if (type == LEXER_LEFT_SQUARE || type == LEXER_LEFT_BRACE) { scanner_push_destructuring_pattern (context_p, &scanner_context, scanner_context.binding_type, true); if (type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_ARRAY_LITERAL); break; } parser_stack_push_uint8 (context_p, SCAN_STACK_OBJECT_LITERAL); scanner_context.mode = SCAN_MODE_PROPERTY_NAME; continue; } if (type != LEXER_LITERAL || context_p->token.lit_location.type != LEXER_IDENT_LITERAL) { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; continue; } lexer_lit_location_t *literal_p = scanner_add_literal (context_p, &scanner_context); scanner_context.mode = SCAN_MODE_POST_PRIMARY_EXPRESSION; if (scanner_context.binding_type == SCANNER_BINDING_VAR) { if (!(literal_p->type & SCANNER_LITERAL_IS_VAR)) { scanner_detect_invalid_var (context_p, &scanner_context, literal_p); literal_p->type |= SCANNER_LITERAL_IS_VAR; if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_WITH) { literal_p->type |= SCANNER_LITERAL_NO_REG; } } break; } if (scanner_context.binding_type == SCANNER_BINDING_ARROW_ARG) { literal_p->type |= SCANNER_LITERAL_IS_ARG | SCANNER_LITERAL_IS_ARROW_DESTRUCTURED_ARG; if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; break; } } else { scanner_detect_invalid_let (context_p, literal_p); if (scanner_context.binding_type <= SCANNER_BINDING_CATCH) { JERRY_ASSERT ((scanner_context.binding_type == SCANNER_BINDING_LET) || (scanner_context.binding_type == SCANNER_BINDING_CATCH)); literal_p->type |= SCANNER_LITERAL_IS_LET; } else { literal_p->type |= SCANNER_LITERAL_IS_CONST; if (scanner_context.binding_type == SCANNER_BINDING_ARG) { literal_p->type |= SCANNER_LITERAL_IS_ARG; if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; break; } } } if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; break; } } scanner_binding_item_t *binding_item_p; binding_item_p = (scanner_binding_item_t *) scanner_malloc (context_p, sizeof (scanner_binding_item_t)); binding_item_p->next_p = scanner_context.active_binding_list_p->items_p; binding_item_p->literal_p = literal_p; scanner_context.active_binding_list_p->items_p = binding_item_p; lexer_next_token (context_p); if (context_p->token.type != LEXER_ASSIGN) { continue; } scanner_binding_literal_t binding_literal; binding_literal.literal_p = literal_p; parser_stack_push (context_p, &binding_literal, sizeof (scanner_binding_literal_t)); parser_stack_push_uint8 (context_p, SCAN_STACK_BINDING_INIT); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } #endif } lexer_next_token (context_p); } scan_completed: if (context_p->stack_top_uint8 != SCAN_STACK_SCRIPT && context_p->stack_top_uint8 != SCAN_STACK_SCRIPT_FUNCTION) { scanner_raise_error (context_p); } scanner_pop_literal_pool (context_p, &scanner_context); #if ENABLED (JERRY_ES2015) JERRY_ASSERT (scanner_context.active_binding_list_p == NULL); #endif JERRY_ASSERT (scanner_context.active_literal_pool_p == NULL); #ifndef JERRY_NDEBUG scanner_context.context_status_flags |= PARSER_SCANNING_SUCCESSFUL; #endif } PARSER_CATCH { if (context_p->error != PARSER_ERR_OUT_OF_MEMORY) { context_p->error = PARSER_ERR_NO_ERROR; } #if ENABLED (JERRY_ES2015) while (scanner_context.active_binding_list_p != NULL) { scanner_pop_binding_list (&scanner_context); } #endif PARSER_TRY (context_p->try_buffer) { #if ENABLED (JERRY_ES2015) if (scanner_context.status_flags & SCANNER_CONTEXT_THROW_ERR_ASYNC_FUNCTION) { JERRY_ASSERT (scanner_context.async_source_p != NULL); scanner_info_t *info_p; info_p = scanner_insert_info (context_p, scanner_context.async_source_p, sizeof (scanner_info_t)); info_p->type = SCANNER_TYPE_ERR_ASYNC_FUNCTION; } #endif while (scanner_context.active_literal_pool_p != NULL) { scanner_pop_literal_pool (context_p, &scanner_context); } } PARSER_CATCH { JERRY_ASSERT (context_p->error == PARSER_ERR_NO_ERROR); while (scanner_context.active_literal_pool_p != NULL) { scanner_literal_pool_t *literal_pool_p = scanner_context.active_literal_pool_p; scanner_context.active_literal_pool_p = literal_pool_p->prev_p; parser_list_free (&literal_pool_p->literal_pool); scanner_free (literal_pool_p, sizeof (scanner_literal_pool_t)); } } PARSER_TRY_END #if ENABLED (JERRY_ES2015) context_p->status_flags &= (uint32_t) ~PARSER_IS_GENERATOR_FUNCTION; #endif } PARSER_TRY_END context_p->status_flags = scanner_context.context_status_flags; scanner_reverse_info_list (context_p); #if ENABLED (JERRY_PARSER_DUMP_BYTE_CODE) if (context_p->is_show_opcodes) { scanner_info_t *info_p = context_p->next_scanner_info_p; const uint8_t *source_start_p = (arg_list_p == NULL) ? source_p : arg_list_p; while (info_p->type != SCANNER_TYPE_END) { const char *name_p = NULL; bool print_location = false; switch (info_p->type) { case SCANNER_TYPE_END_ARGUMENTS: { JERRY_DEBUG_MSG ("" END_ARGUMENTS\n""); source_start_p = source_p; break; } case SCANNER_TYPE_FUNCTION: case SCANNER_TYPE_BLOCK: { const uint8_t *prev_source_p = info_p->source_p - 1; const uint8_t *data_p; if (info_p->type == SCANNER_TYPE_FUNCTION) { data_p = (const uint8_t *) (info_p + 1); JERRY_DEBUG_MSG ("" FUNCTION: flags: 0x%x declarations: %d"", (int) info_p->u8_arg, (int) info_p->u16_arg); } else { data_p = (const uint8_t *) (info_p + 1); JERRY_DEBUG_MSG ("" BLOCK:""); } JERRY_DEBUG_MSG ("" source:%d\n"", (int) (info_p->source_p - source_start_p)); while (data_p[0] != SCANNER_STREAM_TYPE_END) { switch (data_p[0] & SCANNER_STREAM_TYPE_MASK) { case SCANNER_STREAM_TYPE_VAR: { JERRY_DEBUG_MSG ("" VAR ""); break; } #if ENABLED (JERRY_ES2015) case SCANNER_STREAM_TYPE_LET: { JERRY_DEBUG_MSG ("" LET ""); break; } case SCANNER_STREAM_TYPE_CONST: { JERRY_DEBUG_MSG ("" CONST ""); break; } case SCANNER_STREAM_TYPE_LOCAL: { JERRY_DEBUG_MSG ("" LOCAL ""); break; } #endif #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) case SCANNER_STREAM_TYPE_IMPORT: { JERRY_DEBUG_MSG ("" IMPORT ""); break; } #endif case SCANNER_STREAM_TYPE_ARG: { JERRY_DEBUG_MSG ("" ARG ""); break; } #if ENABLED (JERRY_ES2015) case SCANNER_STREAM_TYPE_DESTRUCTURED_ARG: { JERRY_DEBUG_MSG ("" DESTRUCTURED_ARG ""); break; } #endif case SCANNER_STREAM_TYPE_ARG_FUNC: { JERRY_DEBUG_MSG ("" ARG_FUNC ""); break; } #if ENABLED (JERRY_ES2015) case SCANNER_STREAM_TYPE_DESTRUCTURED_ARG_FUNC: { JERRY_DEBUG_MSG ("" DESTRUCTURED_ARG_FUNC ""); break; } #endif case SCANNER_STREAM_TYPE_FUNC: { JERRY_DEBUG_MSG ("" FUNC ""); break; } default: { JERRY_ASSERT ((data_p[0] & SCANNER_STREAM_TYPE_MASK) == SCANNER_STREAM_TYPE_HOLE); JERRY_DEBUG_MSG ("" HOLE\n""); data_p++; continue; } } size_t length; if (!(data_p[0] & SCANNER_STREAM_UINT16_DIFF)) { if (data_p[2] != 0) { prev_source_p += data_p[2]; length = 2 + 1; } else { memcpy (&prev_source_p, data_p + 2 + 1, sizeof (const uint8_t *)); length = 2 + 1 + sizeof (const uint8_t *); } } else { int32_t diff = ((int32_t) data_p[2]) | ((int32_t) data_p[3]) << 8; if (diff <= UINT8_MAX) { diff = -diff; } prev_source_p += diff; length = 2 + 2; } #if ENABLED (JERRY_ES2015) if (data_p[0] & SCANNER_STREAM_EARLY_CREATE) { JERRY_ASSERT (data_p[0] & SCANNER_STREAM_NO_REG); JERRY_DEBUG_MSG (""*""); } #endif if (data_p[0] & SCANNER_STREAM_NO_REG) { JERRY_DEBUG_MSG (""* ""); } JERRY_DEBUG_MSG (""'%.*s'\n"", data_p[1], (char *) prev_source_p); prev_source_p += data_p[1]; data_p += length; } break; } case SCANNER_TYPE_WHILE: { name_p = ""WHILE""; print_location = true; break; } case SCANNER_TYPE_FOR: { scanner_for_info_t *for_info_p = (scanner_for_info_t *) info_p; JERRY_DEBUG_MSG ("" FOR: source:%d expression:%d[%d:%d] end:%d[%d:%d]\n"", (int) (for_info_p->info.source_p - source_start_p), (int) (for_info_p->expression_location.source_p - source_start_p), (int) for_info_p->expression_location.line, (int) for_info_p->expression_location.column, (int) (for_info_p->end_location.source_p - source_start_p), (int) for_info_p->end_location.line, (int) for_info_p->end_location.column); break; } case SCANNER_TYPE_FOR_IN: { name_p = ""FOR-IN""; print_location = true; break; } #if ENABLED (JERRY_ES2015) case SCANNER_TYPE_FOR_OF: { name_p = ""FOR-OF""; print_location = true; break; } #endif case SCANNER_TYPE_SWITCH: { JERRY_DEBUG_MSG ("" SWITCH: source:%d\n"", (int) (info_p->source_p - source_start_p)); scanner_case_info_t *current_case_p = ((scanner_switch_info_t *) info_p)->case_p; while (current_case_p != NULL) { JERRY_DEBUG_MSG ("" CASE: location:%d[%d:%d]\n"", (int) (current_case_p->location.source_p - source_start_p), (int) current_case_p->location.line, (int) current_case_p->location.column); current_case_p = current_case_p->next_p; } break; } case SCANNER_TYPE_CASE: { name_p = ""CASE""; print_location = true; break; } #if ENABLED (JERRY_ES2015) case SCANNER_TYPE_INITIALIZER: { name_p = ""INITIALIZER""; print_location = true; break; } case SCANNER_TYPE_CLASS_CONSTRUCTOR: { JERRY_DEBUG_MSG ("" CLASS-CONSTRUCTOR: source:%d\n"", (int) (info_p->source_p - source_start_p)); print_location = false; break; } case SCANNER_TYPE_LET_EXPRESSION: { JERRY_DEBUG_MSG ("" LET_EXPRESSION: source:%d\n"", (int) (info_p->source_p - source_start_p)); break; } case SCANNER_TYPE_ERR_REDECLARED: { JERRY_DEBUG_MSG ("" ERR_REDECLARED: source:%d\n"", (int) (info_p->source_p - source_start_p)); break; } case SCANNER_TYPE_ERR_ASYNC_FUNCTION: { JERRY_DEBUG_MSG ("" ERR_ASYNC_FUNCTION: source:%d\n"", (int) (info_p->source_p - source_start_p)); break; } #endif } if (print_location) { scanner_location_info_t *location_info_p = (scanner_location_info_t *) info_p; JERRY_DEBUG_MSG ("" %s: source:%d location:%d[%d:%d]\n"", name_p, (int) (location_info_p->info.source_p - source_start_p), (int) (location_info_p->location.source_p - source_start_p), (int) location_info_p->location.line, (int) location_info_p->location.column); } info_p = info_p->next_p; } JERRY_DEBUG_MSG (""\n--- Scanning end ---\n\n""); } #endif parser_stack_free (context_p); } ",visit repo url,jerry-core/parser/js/js-scanner.c,https://github.com/jerryscript-project/jerryscript,199109117186543,1 278,CWE-388,"static inline bool is_exception(u32 intr_info) { return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK)) == (INTR_TYPE_HARD_EXCEPTION | INTR_INFO_VALID_MASK); }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,76928947504436,1 4579,['CWE-399'],"static int __mpage_da_writepage(struct page *page, struct writeback_control *wbc, void *data) { struct mpage_da_data *mpd = data; struct inode *inode = mpd->inode; struct buffer_head *bh, *head, fake; sector_t logical; if (mpd->io_done) { redirty_page_for_writepage(wbc, page); unlock_page(page); return MPAGE_DA_EXTENT_TAIL; } if (mpd->next_page != page->index) { if (mpd->next_page != mpd->first_page) { if (mpage_da_map_blocks(mpd) == 0) mpage_da_submit_io(mpd); mpd->io_done = 1; redirty_page_for_writepage(wbc, page); unlock_page(page); return MPAGE_DA_EXTENT_TAIL; } mpd->first_page = page->index; mpd->lbh.b_size = 0; mpd->lbh.b_state = 0; mpd->lbh.b_blocknr = 0; } mpd->next_page = page->index + 1; logical = (sector_t) page->index << (PAGE_CACHE_SHIFT - inode->i_blkbits); if (!page_has_buffers(page)) { bh = &fake; bh->b_size = PAGE_CACHE_SIZE; bh->b_state = 0; set_buffer_dirty(bh); set_buffer_uptodate(bh); mpage_add_bh_to_extent(mpd, logical, bh); if (mpd->io_done) return MPAGE_DA_EXTENT_TAIL; } else { head = page_buffers(page); bh = head; do { BUG_ON(buffer_locked(bh)); if (buffer_dirty(bh) && (!buffer_mapped(bh) || buffer_delay(bh))) { mpage_add_bh_to_extent(mpd, logical, bh); if (mpd->io_done) return MPAGE_DA_EXTENT_TAIL; } else if (buffer_dirty(bh) && (buffer_mapped(bh))) { if (mpd->lbh.b_size == 0) mpd->lbh.b_state = bh->b_state & BH_FLAGS; } logical++; } while ((bh = bh->b_this_page) != head); } return 0; }",linux-2.6,,,76269333522665959421309291663552485266,0 1324,CWE-20,"int main(void) { int fd, len, sock_opt; int error; struct cn_msg *message; struct pollfd pfd; struct nlmsghdr *incoming_msg; struct cn_msg *incoming_cn_msg; struct hv_kvp_msg *hv_msg; char *p; char *key_value; char *key_name; daemon(1, 0); openlog(""KVP"", 0, LOG_USER); syslog(LOG_INFO, ""KVP starting; pid is:%d"", getpid()); kvp_get_os_info(); if (kvp_file_init()) { syslog(LOG_ERR, ""Failed to initialize the pools""); exit(-1); } fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR); if (fd < 0) { syslog(LOG_ERR, ""netlink socket creation failed; error:%d"", fd); exit(-1); } addr.nl_family = AF_NETLINK; addr.nl_pad = 0; addr.nl_pid = 0; addr.nl_groups = CN_KVP_IDX; error = bind(fd, (struct sockaddr *)&addr, sizeof(addr)); if (error < 0) { syslog(LOG_ERR, ""bind failed; error:%d"", error); close(fd); exit(-1); } sock_opt = addr.nl_groups; setsockopt(fd, 270, 1, &sock_opt, sizeof(sock_opt)); message = (struct cn_msg *)kvp_send_buffer; message->id.idx = CN_KVP_IDX; message->id.val = CN_KVP_VAL; hv_msg = (struct hv_kvp_msg *)message->data; hv_msg->kvp_hdr.operation = KVP_OP_REGISTER; message->ack = 0; message->len = sizeof(struct hv_kvp_msg); len = netlink_send(fd, message); if (len < 0) { syslog(LOG_ERR, ""netlink_send failed; error:%d"", len); close(fd); exit(-1); } pfd.fd = fd; while (1) { pfd.events = POLLIN; pfd.revents = 0; poll(&pfd, 1, -1); len = recv(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0); if (len < 0) { syslog(LOG_ERR, ""recv failed; error:%d"", len); close(fd); return -1; } incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data; switch (hv_msg->kvp_hdr.operation) { case KVP_OP_REGISTER: p = (char *)hv_msg->body.kvp_register.version; lic_version = malloc(strlen(p) + 1); if (lic_version) { strcpy(lic_version, p); syslog(LOG_INFO, ""KVP LIC Version: %s"", lic_version); } else { syslog(LOG_ERR, ""malloc failed""); } continue; case KVP_OP_SET: if (kvp_key_add_or_modify(hv_msg->kvp_hdr.pool, hv_msg->body.kvp_set.data.key, hv_msg->body.kvp_set.data.key_size, hv_msg->body.kvp_set.data.value, hv_msg->body.kvp_set.data.value_size)) strcpy(hv_msg->body.kvp_set.data.key, """"); break; case KVP_OP_GET: if (kvp_get_value(hv_msg->kvp_hdr.pool, hv_msg->body.kvp_set.data.key, hv_msg->body.kvp_set.data.key_size, hv_msg->body.kvp_set.data.value, hv_msg->body.kvp_set.data.value_size)) strcpy(hv_msg->body.kvp_set.data.key, """"); break; case KVP_OP_DELETE: if (kvp_key_delete(hv_msg->kvp_hdr.pool, hv_msg->body.kvp_delete.key, hv_msg->body.kvp_delete.key_size)) strcpy(hv_msg->body.kvp_delete.key, """"); break; default: break; } if (hv_msg->kvp_hdr.operation != KVP_OP_ENUMERATE) goto kvp_done; if (hv_msg->kvp_hdr.pool != KVP_POOL_AUTO) { kvp_pool_enumerate(hv_msg->kvp_hdr.pool, hv_msg->body.kvp_enum_data.index, hv_msg->body.kvp_enum_data.data.key, HV_KVP_EXCHANGE_MAX_KEY_SIZE, hv_msg->body.kvp_enum_data.data.value, HV_KVP_EXCHANGE_MAX_VALUE_SIZE); goto kvp_done; } hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data; key_name = (char *)hv_msg->body.kvp_enum_data.data.key; key_value = (char *)hv_msg->body.kvp_enum_data.data.value; switch (hv_msg->body.kvp_enum_data.index) { case FullyQualifiedDomainName: kvp_get_domain_name(key_value, HV_KVP_EXCHANGE_MAX_VALUE_SIZE); strcpy(key_name, ""FullyQualifiedDomainName""); break; case IntegrationServicesVersion: strcpy(key_name, ""IntegrationServicesVersion""); strcpy(key_value, lic_version); break; case NetworkAddressIPv4: kvp_get_ip_address(AF_INET, key_value, HV_KVP_EXCHANGE_MAX_VALUE_SIZE); strcpy(key_name, ""NetworkAddressIPv4""); break; case NetworkAddressIPv6: kvp_get_ip_address(AF_INET6, key_value, HV_KVP_EXCHANGE_MAX_VALUE_SIZE); strcpy(key_name, ""NetworkAddressIPv6""); break; case OSBuildNumber: strcpy(key_value, os_build); strcpy(key_name, ""OSBuildNumber""); break; case OSName: strcpy(key_value, os_name); strcpy(key_name, ""OSName""); break; case OSMajorVersion: strcpy(key_value, os_major); strcpy(key_name, ""OSMajorVersion""); break; case OSMinorVersion: strcpy(key_value, os_minor); strcpy(key_name, ""OSMinorVersion""); break; case OSVersion: strcpy(key_value, os_build); strcpy(key_name, ""OSVersion""); break; case ProcessorArchitecture: strcpy(key_value, processor_arch); strcpy(key_name, ""ProcessorArchitecture""); break; default: strcpy(key_value, ""Unknown Key""); strcpy(key_name, """"); break; } kvp_done: incoming_cn_msg->id.idx = CN_KVP_IDX; incoming_cn_msg->id.val = CN_KVP_VAL; incoming_cn_msg->ack = 0; incoming_cn_msg->len = sizeof(struct hv_kvp_msg); len = netlink_send(fd, incoming_cn_msg); if (len < 0) { syslog(LOG_ERR, ""net_link send failed; error:%d"", len); exit(-1); } } }",visit repo url,tools/hv/hv_kvp_daemon.c,https://github.com/torvalds/linux,258045599539562,1 4516,['CWE-20'],"static int add_dirent_to_buf(handle_t *handle, struct dentry *dentry, struct inode *inode, struct ext4_dir_entry_2 *de, struct buffer_head *bh) { struct inode *dir = dentry->d_parent->d_inode; const char *name = dentry->d_name.name; int namelen = dentry->d_name.len; unsigned int offset = 0; unsigned short reclen; int nlen, rlen, err; char *top; reclen = EXT4_DIR_REC_LEN(namelen); if (!de) { de = (struct ext4_dir_entry_2 *)bh->b_data; top = bh->b_data + dir->i_sb->s_blocksize - reclen; while ((char *) de <= top) { if (!ext4_check_dir_entry(""ext4_add_entry"", dir, de, bh, offset)) { brelse(bh); return -EIO; } if (ext4_match(namelen, name, de)) { brelse(bh); return -EEXIST; } nlen = EXT4_DIR_REC_LEN(de->name_len); rlen = ext4_rec_len_from_disk(de->rec_len); if ((de->inode? rlen - nlen: rlen) >= reclen) break; de = (struct ext4_dir_entry_2 *)((char *)de + rlen); offset += rlen; } if ((char *) de > top) return -ENOSPC; } BUFFER_TRACE(bh, ""get_write_access""); err = ext4_journal_get_write_access(handle, bh); if (err) { ext4_std_error(dir->i_sb, err); brelse(bh); return err; } nlen = EXT4_DIR_REC_LEN(de->name_len); rlen = ext4_rec_len_from_disk(de->rec_len); if (de->inode) { struct ext4_dir_entry_2 *de1 = (struct ext4_dir_entry_2 *)((char *)de + nlen); de1->rec_len = ext4_rec_len_to_disk(rlen - nlen); de->rec_len = ext4_rec_len_to_disk(nlen); de = de1; } de->file_type = EXT4_FT_UNKNOWN; if (inode) { de->inode = cpu_to_le32(inode->i_ino); ext4_set_de_type(dir->i_sb, de, inode->i_mode); } else de->inode = 0; de->name_len = namelen; memcpy(de->name, name, namelen); dir->i_mtime = dir->i_ctime = ext4_current_time(dir); ext4_update_dx_flag(dir); dir->i_version++; ext4_mark_inode_dirty(handle, dir); BUFFER_TRACE(bh, ""call ext4_handle_dirty_metadata""); err = ext4_handle_dirty_metadata(handle, dir, bh); if (err) ext4_std_error(dir->i_sb, err); brelse(bh); return 0; }",linux-2.6,,,188918806862490764395361456728632971960,0 2935,CWE-310,"static void *my_malloc(size_t size) { malloc_called += 1; return malloc(size); }",visit repo url,test/suites/api/test_memory_funcs.c,https://github.com/akheron/jansson,69135081037128,1 4225,['CWE-399'],"void __netdev_watchdog_up(struct net_device *dev) { if (dev->tx_timeout) { if (dev->watchdog_timeo <= 0) dev->watchdog_timeo = 5*HZ; if (!mod_timer(&dev->watchdog_timer, round_jiffies(jiffies + dev->watchdog_timeo))) dev_hold(dev); } }",linux-2.6,,,22326752562411043873141429465918950192,0 6026,CWE-125,"_dwarf_internal_get_pubnames_like_data(Dwarf_Debug dbg, const char *secname, Dwarf_Small * section_data_ptr, Dwarf_Unsigned section_length, Dwarf_Global ** globals, Dwarf_Signed * return_count, Dwarf_Error * error, int context_DLA_code, int global_DLA_code, int length_err_num, int version_err_num) { Dwarf_Small *pubnames_like_ptr = 0; Dwarf_Off pubnames_section_offset = 0; Dwarf_Small *section_end_ptr = section_data_ptr +section_length; Dwarf_Global_Context pubnames_context = 0; Dwarf_Bool pubnames_context_on_list = FALSE; Dwarf_Unsigned version = 0; Dwarf_Off die_offset_in_cu = 0; Dwarf_Unsigned global_count = 0; Dwarf_Chain head_chain = 0; Dwarf_Chain *plast_chain = &head_chain; Dwarf_Global *ret_globals = 0; int mres = 0; Dwarf_Unsigned i = 0; if (!dbg || dbg->de_magic != DBG_IS_VALID) { _dwarf_error_string(NULL, error, DW_DLE_DBG_NULL, ""DW_DLE_DBG_NULL: "" ""calling for pubnames-like data Dwarf_Debug "" ""either null or it contains"" ""a stale Dwarf_Debug pointer""); return DW_DLV_ERROR; } if (!dbg->de_debug_info.dss_data) { int res = _dwarf_load_debug_info(dbg, error); if (res != DW_DLV_OK) { return res; } } if (section_data_ptr == NULL) { return DW_DLV_NO_ENTRY; } pubnames_like_ptr = section_data_ptr; do { Dwarf_Unsigned length = 0; int local_extension_size = 0; int local_length_size = 0; Dwarf_Small *pubnames_ptr_past_end_cu = 0; pubnames_context_on_list = FALSE; pubnames_context = (Dwarf_Global_Context) _dwarf_get_alloc(dbg, context_DLA_code, 1); if (pubnames_context == NULL) { dealloc_globals_chain(dbg,head_chain); _dwarf_error(dbg, error, DW_DLE_ALLOC_FAIL); return DW_DLV_ERROR; } if ((pubnames_like_ptr + DWARF_32BIT_SIZE + DWARF_HALF_SIZE + DWARF_32BIT_SIZE) > section_end_ptr) { pubnames_error_length(dbg,error, DWARF_32BIT_SIZE + DWARF_HALF_SIZE + DWARF_32BIT_SIZE, secname, ""header-record""); dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } return DW_DLV_ERROR; } mres = _dwarf_read_area_length_ck_wrapper(dbg, &length,&pubnames_like_ptr,&local_length_size, &local_extension_size,section_length,section_end_ptr, error); if (mres != DW_DLV_OK) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } return mres; } pubnames_context->pu_alloc_type = context_DLA_code; pubnames_context->pu_length_size = local_length_size; pubnames_context->pu_length = length; pubnames_context->pu_extension_size = local_extension_size; pubnames_context->pu_dbg = dbg; pubnames_context->pu_pub_offset = pubnames_section_offset; pubnames_ptr_past_end_cu = pubnames_like_ptr + length; pubnames_context->pu_pub_entries_end_ptr = pubnames_ptr_past_end_cu; if ((pubnames_like_ptr + (DWARF_HALF_SIZE) ) > section_end_ptr) { pubnames_error_length(dbg,error, DWARF_HALF_SIZE, secname,""version-number""); dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } return DW_DLV_ERROR; } mres = _dwarf_read_unaligned_ck_wrapper(dbg, &version,pubnames_like_ptr,DWARF_HALF_SIZE, section_end_ptr,error); if (mres != DW_DLV_OK) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } return mres; } pubnames_context->pu_version = version; pubnames_like_ptr += DWARF_HALF_SIZE; if (version != DW_PUBNAMES_VERSION2) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } _dwarf_error(dbg, error, version_err_num); return DW_DLV_ERROR; } if ((pubnames_like_ptr + 3*pubnames_context->pu_length_size)> section_end_ptr) { pubnames_error_length(dbg,error, 3*pubnames_context->pu_length_size, secname, ""header/DIE offsets""); dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } return DW_DLV_ERROR; } mres = _dwarf_read_unaligned_ck_wrapper(dbg, &pubnames_context->pu_offset_of_cu_header, pubnames_like_ptr, pubnames_context->pu_length_size, section_end_ptr,error); if (mres != DW_DLV_OK) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } return mres; } pubnames_like_ptr += pubnames_context->pu_length_size; FIX_UP_OFFSET_IRIX_BUG(dbg, pubnames_context->pu_offset_of_cu_header, ""pubnames cu header offset""); mres = _dwarf_read_unaligned_ck_wrapper(dbg, &pubnames_context->pu_info_length, pubnames_like_ptr, pubnames_context->pu_length_size, section_end_ptr,error); if (mres != DW_DLV_OK) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } return mres; } pubnames_like_ptr += pubnames_context->pu_length_size; if (pubnames_like_ptr > (section_data_ptr + section_length)) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } _dwarf_error(dbg, error, length_err_num); return DW_DLV_ERROR; } mres = _dwarf_read_unaligned_ck_wrapper(dbg, &die_offset_in_cu, pubnames_like_ptr, pubnames_context->pu_length_size, pubnames_context->pu_pub_entries_end_ptr,error); if (mres != DW_DLV_OK) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } return mres; } pubnames_like_ptr += pubnames_context->pu_length_size; FIX_UP_OFFSET_IRIX_BUG(dbg, die_offset_in_cu, ""offset of die in cu""); if (pubnames_like_ptr > (section_data_ptr + section_length)) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } _dwarf_error(dbg, error, length_err_num); return DW_DLV_ERROR; } if (!die_offset_in_cu) { if (dbg->de_return_empty_pubnames) { int res = 0; res = _dwarf_make_global_add_to_chain(dbg, global_DLA_code, pubnames_context, die_offset_in_cu, (unsigned char *)"""", &global_count, &pubnames_context_on_list, &plast_chain, error); if (res != DW_DLV_OK) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context, context_DLA_code); } return res; } } else { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); pubnames_context = 0; continue; } } while (die_offset_in_cu) { int res = 0; unsigned char *glname = 0; res = _dwarf_check_string_valid(dbg,section_data_ptr, pubnames_like_ptr, pubnames_context->pu_pub_entries_end_ptr, DW_DLE_STRING_OFF_END_PUBNAMES_LIKE,error); if (res != DW_DLV_OK) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context, context_DLA_code); } return res; } glname = (unsigned char *)pubnames_like_ptr; pubnames_like_ptr = pubnames_like_ptr + strlen((char *) pubnames_like_ptr) + 1; res = _dwarf_make_global_add_to_chain(dbg, global_DLA_code, pubnames_context, die_offset_in_cu, glname, &global_count, &pubnames_context_on_list, &plast_chain, error); if (res != DW_DLV_OK) { dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context, context_DLA_code); } return res; } if ((pubnames_like_ptr + pubnames_context->pu_length_size ) > section_end_ptr) { pubnames_error_length(dbg,error, 2*pubnames_context->pu_length_size, secname, ""global record offset""); dealloc_globals_chain(dbg,head_chain); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context, context_DLA_code); } return DW_DLV_ERROR; } mres = _dwarf_read_unaligned_ck_wrapper(dbg, &die_offset_in_cu, pubnames_like_ptr, pubnames_context->pu_length_size, pubnames_context->pu_pub_entries_end_ptr, error); if (mres != DW_DLV_OK) { if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context, context_DLA_code); } dealloc_globals_chain(dbg,head_chain); return mres; } pubnames_like_ptr += pubnames_context->pu_length_size; FIX_UP_OFFSET_IRIX_BUG(dbg, die_offset_in_cu, ""offset of next die in cu""); if (pubnames_like_ptr > (section_data_ptr + section_length)) { if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context, context_DLA_code); } dealloc_globals_chain(dbg,head_chain); _dwarf_error(dbg, error, length_err_num); return DW_DLV_ERROR; } } if (pubnames_like_ptr > pubnames_ptr_past_end_cu) { _dwarf_error(dbg, error, length_err_num); if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } dealloc_globals_chain(dbg,head_chain); return DW_DLV_ERROR; } { Dwarf_Unsigned increment = pubnames_context->pu_length_size + pubnames_context->pu_length + pubnames_context->pu_extension_size; pubnames_section_offset += increment; } pubnames_like_ptr = pubnames_ptr_past_end_cu; } while (pubnames_like_ptr < section_end_ptr); ret_globals = (Dwarf_Global *) _dwarf_get_alloc(dbg, DW_DLA_LIST, global_count); if (ret_globals == NULL) { if (!pubnames_context_on_list) { dwarf_dealloc(dbg,pubnames_context,context_DLA_code); } dealloc_globals_chain(dbg,head_chain); _dwarf_error(dbg, error, DW_DLE_ALLOC_FAIL); return DW_DLV_ERROR; } { Dwarf_Chain curr_chain = 0; curr_chain = head_chain; for (i = 0; i < global_count; i++) { Dwarf_Chain prev = 0; *(ret_globals + i) = curr_chain->ch_item; prev = curr_chain; curr_chain = curr_chain->ch_next; prev->ch_item = 0; dwarf_dealloc(dbg, prev, DW_DLA_CHAIN); } } *globals = ret_globals; *return_count = (Dwarf_Signed) global_count; return DW_DLV_OK; }",visit repo url,src/lib/libdwarf/dwarf_global.c,https://github.com/davea42/libdwarf-code,175147502497734,1 715,CWE-20,"static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied, err; BT_DBG(""sock %p, sk %p"", sock, sk); if (flags & (MSG_OOB)) return -EOPNOTSUPP; if (sk->sk_state == BT_CLOSED) return 0; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) return err; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); switch (hci_pi(sk)->channel) { case HCI_CHANNEL_RAW: hci_sock_cmsg(sk, msg, skb); break; case HCI_CHANNEL_USER: case HCI_CHANNEL_CONTROL: case HCI_CHANNEL_MONITOR: sock_recv_timestamp(msg, sk, skb); break; } skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/hci_sock.c,https://github.com/torvalds/linux,129040150037285,1 4231,CWE-78,"static char *__filterShell(const char *arg) { r_return_val_if_fail (arg, NULL); char *a = malloc (strlen (arg) + 1); if (!a) { return NULL; } char *b = a; while (*arg) { switch (*arg) { case '@': case '`': case '|': case ';': case '\n': break; default: *b++ = *arg; break; } arg++; } *b = 0; return a; }",visit repo url,libr/core/cbin.c,https://github.com/radareorg/radare2,278181524636613,1 16,NVD-CWE-Other,"kg_seal_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, int *conf_state, gss_iov_buffer_desc *iov, int iov_count, int toktype) { krb5_gss_ctx_id_rec *ctx; krb5_error_code code; krb5_context context; if (qop_req != 0) { *minor_status = (OM_uint32)G_UNKNOWN_QOP; return GSS_S_FAILURE; } ctx = (krb5_gss_ctx_id_rec *)context_handle; if (!ctx->established) { *minor_status = KG_CTX_INCOMPLETE; return GSS_S_NO_CONTEXT; } if (conf_req_flag && kg_integ_only_iov(iov, iov_count)) { conf_req_flag = FALSE; } context = ctx->k5_context; switch (ctx->proto) { case 0: code = make_seal_token_v1_iov(context, ctx, conf_req_flag, conf_state, iov, iov_count, toktype); break; case 1: code = gss_krb5int_make_seal_token_v3_iov(context, ctx, conf_req_flag, conf_state, iov, iov_count, toktype); break; default: code = G_UNKNOWN_QOP; break; } if (code != 0) { *minor_status = code; save_error_info(*minor_status, context); return GSS_S_FAILURE; } *minor_status = 0; return GSS_S_COMPLETE; }",visit repo url,src/lib/gssapi/krb5/k5sealiov.c,https://github.com/krb5/krb5,197616270292129,1 2080,CWE-190,"static enum hrtimer_restart posix_timer_fn(struct hrtimer *timer) { struct k_itimer *timr; unsigned long flags; int si_private = 0; enum hrtimer_restart ret = HRTIMER_NORESTART; timr = container_of(timer, struct k_itimer, it.real.timer); spin_lock_irqsave(&timr->it_lock, flags); timr->it_active = 0; if (timr->it_interval != 0) si_private = ++timr->it_requeue_pending; if (posix_timer_event(timr, si_private)) { if (timr->it_interval != 0) { ktime_t now = hrtimer_cb_get_time(timer); #ifdef CONFIG_HIGH_RES_TIMERS { ktime_t kj = NSEC_PER_SEC / HZ; if (timr->it_interval < kj) now = ktime_add(now, kj); } #endif timr->it_overrun += (unsigned int) hrtimer_forward(timer, now, timr->it_interval); ret = HRTIMER_RESTART; ++timr->it_requeue_pending; timr->it_active = 1; } } unlock_timer(timr, flags); return ret; }",visit repo url,kernel/time/posix-timers.c,https://github.com/torvalds/linux,102639196143747,1 6229,['CWE-200'],"struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, const void *pkey, struct net_device *dev, int creat) { struct pneigh_entry *n; int key_len = tbl->key_len; u32 hash_val = *(u32 *)(pkey + key_len - 4); hash_val ^= (hash_val >> 16); hash_val ^= hash_val >> 8; hash_val ^= hash_val >> 4; hash_val &= PNEIGH_HASHMASK; read_lock_bh(&tbl->lock); for (n = tbl->phash_buckets[hash_val]; n; n = n->next) { if (!memcmp(n->key, pkey, key_len) && (n->dev == dev || !n->dev)) { read_unlock_bh(&tbl->lock); goto out; } } read_unlock_bh(&tbl->lock); n = NULL; if (!creat) goto out; n = kmalloc(sizeof(*n) + key_len, GFP_KERNEL); if (!n) goto out; memcpy(n->key, pkey, key_len); n->dev = dev; if (dev) dev_hold(dev); if (tbl->pconstructor && tbl->pconstructor(n)) { if (dev) dev_put(dev); kfree(n); n = NULL; goto out; } write_lock_bh(&tbl->lock); n->next = tbl->phash_buckets[hash_val]; tbl->phash_buckets[hash_val] = n; write_unlock_bh(&tbl->lock); out: return n; }",linux-2.6,,,163006784044137424639327325914076489008,0 1000,CWE-119,"static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc, unsigned int *rsize) { if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { hid_info(hdev, ""fixing up Cherry Cymotion report descriptor\n""); rdesc[11] = rdesc[16] = 0xff; rdesc[12] = rdesc[17] = 0x03; } return rdesc; }",visit repo url,drivers/hid/hid-cherry.c,https://github.com/torvalds/linux,265871106209821,1 4971,['CWE-20'],"static int nfs_unlink(struct inode *dir, struct dentry *dentry) { int error; int need_rehash = 0; dfprintk(VFS, ""NFS: unlink(%s/%ld, %s)\n"", dir->i_sb->s_id, dir->i_ino, dentry->d_name.name); lock_kernel(); spin_lock(&dcache_lock); spin_lock(&dentry->d_lock); if (atomic_read(&dentry->d_count) > 1) { spin_unlock(&dentry->d_lock); spin_unlock(&dcache_lock); write_inode_now(dentry->d_inode, 0); error = nfs_sillyrename(dir, dentry); unlock_kernel(); return error; } if (!d_unhashed(dentry)) { __d_drop(dentry); need_rehash = 1; } spin_unlock(&dentry->d_lock); spin_unlock(&dcache_lock); error = nfs_safe_remove(dentry); if (!error) { nfs_renew_times(dentry); nfs_set_verifier(dentry, nfs_save_change_attribute(dir)); } else if (need_rehash) d_rehash(dentry); unlock_kernel(); return error; }",linux-2.6,,,57186065463011953987958564571105528161,0 4723,['CWE-20'],"int __ext4_journal_stop(const char *where, handle_t *handle) { struct super_block *sb; int err; int rc; if (!ext4_handle_valid(handle)) { current->journal_info = NULL; return 0; } sb = handle->h_transaction->t_journal->j_private; err = handle->h_err; rc = jbd2_journal_stop(handle); if (!err) err = rc; if (err) __ext4_std_error(sb, where, err); return err; }",linux-2.6,,,202424152668157664705789309457422914030,0 334,CWE-787,"static int put_chars(u32 vtermno, const char *buf, int count) { struct port *port; struct scatterlist sg[1]; if (unlikely(early_put_chars)) return early_put_chars(vtermno, buf, count); port = find_port_by_vtermno(vtermno); if (!port) return -EPIPE; sg_init_one(sg, buf, count); return __send_to_port(port, sg, 1, count, (void *)buf, false); }",visit repo url,drivers/char/virtio_console.c,https://github.com/torvalds/linux,67230676682786,1 6483,CWE-252,"pci_vtrnd_notify(void *vsc, struct vqueue_info *vq) { struct iovec iov; struct pci_vtrnd_softc *sc; int len; uint16_t idx; sc = vsc; if (sc->vrsc_fd < 0) { vq_endchains(vq, 0); return; } while (vq_has_descs(vq)) { vq_getchain(vq, &idx, &iov, 1, NULL); len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len); DPRINTF((""vtrnd: vtrnd_notify(): %d\r\n"", len)); assert(len > 0); vq_relchain(vq, idx, (uint32_t)len); } vq_endchains(vq, 1); }",visit repo url,src/lib/pci_virtio_rnd.c,https://github.com/moby/hyperkit,70653729404925,1 2842,['CWE-119'],"nfs4_acl_posix_to_nfsv4(struct posix_acl *pacl, struct posix_acl *dpacl, unsigned int flags) { struct nfs4_acl *acl; int size = 0; if (pacl) { if (posix_acl_valid(pacl) < 0) return ERR_PTR(-EINVAL); size += 2*pacl->a_count; } if (dpacl) { if (posix_acl_valid(dpacl) < 0) return ERR_PTR(-EINVAL); size += 2*dpacl->a_count; } acl = nfs4_acl_new(size); if (acl == NULL) return ERR_PTR(-ENOMEM); if (pacl) _posix_to_nfsv4_one(pacl, acl, flags & ~NFS4_ACL_TYPE_DEFAULT); if (dpacl) _posix_to_nfsv4_one(dpacl, acl, flags | NFS4_ACL_TYPE_DEFAULT); return acl; }",linux-2.6,,,294083402586784881630666034759032683664,0 3339,CWE-119,"id3_skip (SF_PRIVATE * psf) { unsigned char buf [10] ; memset (buf, 0, sizeof (buf)) ; psf_binheader_readf (psf, ""pb"", 0, buf, 10) ; if (buf [0] == 'I' && buf [1] == 'D' && buf [2] == '3') { int offset = buf [6] & 0x7f ; offset = (offset << 7) | (buf [7] & 0x7f) ; offset = (offset << 7) | (buf [8] & 0x7f) ; offset = (offset << 7) | (buf [9] & 0x7f) ; psf_log_printf (psf, ""ID3 length : %d\n--------------------\n"", offset) ; if (offset < 0) return 0 ; psf->fileoffset += offset + 10 ; psf_binheader_readf (psf, ""p"", psf->fileoffset) ; return 1 ; } ; return 0 ; } ",visit repo url,src/id3.c,https://github.com/erikd/libsndfile,233548060044533,1 4628,['CWE-399'],"struct buffer_head *ext4_getblk(handle_t *handle, struct inode *inode, ext4_lblk_t block, int create, int *errp) { struct buffer_head dummy; int fatal = 0, err; J_ASSERT(handle != NULL || create == 0); dummy.b_state = 0; dummy.b_blocknr = -1000; buffer_trace_init(&dummy.b_history); err = ext4_get_blocks_wrap(handle, inode, block, 1, &dummy, create, 1, 0); if (err > 0) { if (err > 1) WARN_ON(1); err = 0; } *errp = err; if (!err && buffer_mapped(&dummy)) { struct buffer_head *bh; bh = sb_getblk(inode->i_sb, dummy.b_blocknr); if (!bh) { *errp = -EIO; goto err; } if (buffer_new(&dummy)) { J_ASSERT(create != 0); J_ASSERT(handle != NULL); lock_buffer(bh); BUFFER_TRACE(bh, ""call get_create_access""); fatal = ext4_journal_get_create_access(handle, bh); if (!fatal && !buffer_uptodate(bh)) { memset(bh->b_data, 0, inode->i_sb->s_blocksize); set_buffer_uptodate(bh); } unlock_buffer(bh); BUFFER_TRACE(bh, ""call ext4_handle_dirty_metadata""); err = ext4_handle_dirty_metadata(handle, inode, bh); if (!fatal) fatal = err; } else { BUFFER_TRACE(bh, ""not a new buffer""); } if (fatal) { *errp = fatal; brelse(bh); bh = NULL; } return bh; } err: return NULL; }",linux-2.6,,,183225446634499198993505789256008341278,0 4462,CWE-787,"static void WritePixel(struct ngiflib_img * i, struct ngiflib_decode_context * context, u8 v) { struct ngiflib_gif * p = i->parent; if(v!=i->gce.transparent_color || !i->gce.transparent_flag) { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif *context->frbuff_p.p8 = v; #ifndef NGIFLIB_INDEXED_ONLY } else *context->frbuff_p.p32 = GifIndexToTrueColor(i->palette, v); #endif } if(--(context->Xtogo) <= 0) { #ifdef NGIFLIB_ENABLE_CALLBACKS if(p->line_cb) p->line_cb(p, context->line_p, context->curY); #endif context->Xtogo = i->width; switch(context->pass) { case 0: context->curY++; break; case 1: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 4; } break; case 2: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 2; } break; case 3: context->curY += 4; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 1; } break; case 4: context->curY += 2; break; } #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width; context->frbuff_p.p8 = context->line_p.p8 + i->posX; #else context->frbuff_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width + i->posX; #endif #ifndef NGIFLIB_INDEXED_ONLY } else { #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width; context->frbuff_p.p32 = context->line_p.p32 + i->posX; #else context->frbuff_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width + i->posX; #endif } #endif } else { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif context->frbuff_p.p8++; #ifndef NGIFLIB_INDEXED_ONLY } else { context->frbuff_p.p32++; } #endif } }",visit repo url,ngiflib.c,https://github.com/miniupnp/ngiflib,7890393301892,1 858,CWE-20,"static int recv_msg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t buf_len, int flags) { struct sock *sk = sock->sk; struct tipc_port *tport = tipc_sk_port(sk); struct sk_buff *buf; struct tipc_msg *msg; long timeout; unsigned int sz; u32 err; int res; if (unlikely(!buf_len)) return -EINVAL; lock_sock(sk); if (unlikely(sock->state == SS_UNCONNECTED)) { res = -ENOTCONN; goto exit; } m->msg_namelen = 0; timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); restart: while (skb_queue_empty(&sk->sk_receive_queue)) { if (sock->state == SS_DISCONNECTING) { res = -ENOTCONN; goto exit; } if (timeout <= 0L) { res = timeout ? timeout : -EWOULDBLOCK; goto exit; } release_sock(sk); timeout = wait_event_interruptible_timeout(*sk_sleep(sk), tipc_rx_ready(sock), timeout); lock_sock(sk); } buf = skb_peek(&sk->sk_receive_queue); msg = buf_msg(buf); sz = msg_data_sz(msg); err = msg_errcode(msg); if ((!sz) && (!err)) { advance_rx_queue(sk); goto restart; } set_orig_addr(m, msg); res = anc_data_recv(m, msg, tport); if (res) goto exit; if (!err) { if (unlikely(buf_len < sz)) { sz = buf_len; m->msg_flags |= MSG_TRUNC; } res = skb_copy_datagram_iovec(buf, msg_hdr_sz(msg), m->msg_iov, sz); if (res) goto exit; res = sz; } else { if ((sock->state == SS_READY) || ((err == TIPC_CONN_SHUTDOWN) || m->msg_control)) res = 0; else res = -ECONNRESET; } if (likely(!(flags & MSG_PEEK))) { if ((sock->state != SS_READY) && (++tport->conn_unacked >= TIPC_FLOW_CONTROL_WIN)) tipc_acknowledge(tport->ref, tport->conn_unacked); advance_rx_queue(sk); } exit: release_sock(sk); return res; }",visit repo url,net/tipc/socket.c,https://github.com/torvalds/linux,44234552273427,1 4131,[],"static int ibwdt_close(struct inode *inode, struct file *file) { if (expect_close == 42) { ibwdt_disable(); } else { printk(KERN_CRIT PFX ""WDT device closed unexpectedly. WDT will not stop!\n""); ibwdt_ping(); } clear_bit(0, &ibwdt_is_open); expect_close = 0; return 0; }",linux-2.6,,,184511594388575671727184902313786568062,0 1591,CWE-399,"static void update_db_bp_intercept(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); clr_exception_intercept(svm, DB_VECTOR); clr_exception_intercept(svm, BP_VECTOR); if (svm->nmi_singlestep) set_exception_intercept(svm, DB_VECTOR); if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) { if (vcpu->guest_debug & (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) set_exception_intercept(svm, DB_VECTOR); if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP) set_exception_intercept(svm, BP_VECTOR); } else vcpu->guest_debug = 0; }",visit repo url,arch/x86/kvm/svm.c,https://github.com/torvalds/linux,616323524992,1 2539,CWE-254,"lrmd_remote_listen(gpointer data) { int csock = 0; int flag = 0; unsigned laddr = 0; struct sockaddr addr; gnutls_session_t *session = NULL; crm_client_t *new_client = NULL; static struct mainloop_fd_callbacks lrmd_remote_fd_cb = { .dispatch = lrmd_remote_client_msg, .destroy = lrmd_remote_client_destroy, }; laddr = sizeof(addr); memset(&addr, 0, sizeof(addr)); getsockname(ssock, &addr, &laddr); if (addr.sa_family == AF_INET6) { struct sockaddr_in6 sa; char addr_str[INET6_ADDRSTRLEN]; laddr = sizeof(sa); memset(&sa, 0, sizeof(sa)); csock = accept(ssock, &sa, &laddr); get_ip_str((struct sockaddr *)&sa, addr_str, INET6_ADDRSTRLEN); crm_info(""New remote connection from %s"", addr_str); } else { struct sockaddr_in sa; char addr_str[INET_ADDRSTRLEN]; laddr = sizeof(sa); memset(&sa, 0, sizeof(sa)); csock = accept(ssock, &sa, &laddr); get_ip_str((struct sockaddr *)&sa, addr_str, INET_ADDRSTRLEN); crm_info(""New remote connection from %s"", addr_str); } if (csock == -1) { crm_err(""accept socket failed""); return TRUE; } if ((flag = fcntl(csock, F_GETFL)) >= 0) { if (fcntl(csock, F_SETFL, flag | O_NONBLOCK) < 0) { crm_err(""fcntl() write failed""); close(csock); return TRUE; } } else { crm_err(""fcntl() read failed""); close(csock); return TRUE; } session = create_psk_tls_session(csock, GNUTLS_SERVER, psk_cred_s); if (session == NULL) { crm_err(""TLS session creation failed""); close(csock); return TRUE; } new_client = calloc(1, sizeof(crm_client_t)); new_client->remote = calloc(1, sizeof(crm_remote_t)); new_client->kind = CRM_CLIENT_TLS; new_client->remote->tls_session = session; new_client->id = crm_generate_uuid(); new_client->remote->auth_timeout = g_timeout_add(LRMD_REMOTE_AUTH_TIMEOUT, lrmd_auth_timeout_cb, new_client); crm_notice(""LRMD client connection established. %p id: %s"", new_client, new_client->id); new_client->remote->source = mainloop_add_fd(""lrmd-remote-client"", G_PRIORITY_DEFAULT, csock, new_client, &lrmd_remote_fd_cb); g_hash_table_insert(client_connections, new_client->id, new_client); notify_of_new_client(new_client); return TRUE; }",visit repo url,lrmd/tls_backend.c,https://github.com/ClusterLabs/pacemaker,133799081614612,1 4950,CWE-125,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 5727,CWE-476,"static int changedline (const Proto *p, int oldpc, int newpc) { while (oldpc++ < newpc) { if (p->lineinfo[oldpc] != 0) return (luaG_getfuncline(p, oldpc - 1) != luaG_getfuncline(p, newpc)); } return 0; }",visit repo url,ldebug.c,https://github.com/lua/lua,183500490713907,1 130,NVD-CWE-noinfo,"static int FNAME(fetch)(struct kvm_vcpu *vcpu, gpa_t addr, struct guest_walker *gw, u32 error_code, int max_level, kvm_pfn_t pfn, bool map_writable, bool prefault) { bool nx_huge_page_workaround_enabled = is_nx_huge_page_enabled(); bool write_fault = error_code & PFERR_WRITE_MASK; bool exec = error_code & PFERR_FETCH_MASK; bool huge_page_disallowed = exec && nx_huge_page_workaround_enabled; struct kvm_mmu_page *sp = NULL; struct kvm_shadow_walk_iterator it; unsigned direct_access, access = gw->pt_access; int top_level, level, req_level, ret; gfn_t base_gfn = gw->gfn; direct_access = gw->pte_access; top_level = vcpu->arch.mmu->root_level; if (top_level == PT32E_ROOT_LEVEL) top_level = PT32_ROOT_LEVEL; if (FNAME(gpte_changed)(vcpu, gw, top_level)) goto out_gpte_changed; if (WARN_ON(!VALID_PAGE(vcpu->arch.mmu->root_hpa))) goto out_gpte_changed; for (shadow_walk_init(&it, vcpu, addr); shadow_walk_okay(&it) && it.level > gw->level; shadow_walk_next(&it)) { gfn_t table_gfn; clear_sp_write_flooding_count(it.sptep); drop_large_spte(vcpu, it.sptep); sp = NULL; if (!is_shadow_present_pte(*it.sptep)) { table_gfn = gw->table_gfn[it.level - 2]; sp = kvm_mmu_get_page(vcpu, table_gfn, addr, it.level-1, false, access); } if (FNAME(gpte_changed)(vcpu, gw, it.level - 1)) goto out_gpte_changed; if (sp) link_shadow_page(vcpu, it.sptep, sp); } level = kvm_mmu_hugepage_adjust(vcpu, gw->gfn, max_level, &pfn, huge_page_disallowed, &req_level); trace_kvm_mmu_spte_requested(addr, gw->level, pfn); for (; shadow_walk_okay(&it); shadow_walk_next(&it)) { clear_sp_write_flooding_count(it.sptep); if (nx_huge_page_workaround_enabled) disallowed_hugepage_adjust(*it.sptep, gw->gfn, it.level, &pfn, &level); base_gfn = gw->gfn & ~(KVM_PAGES_PER_HPAGE(it.level) - 1); if (it.level == level) break; validate_direct_spte(vcpu, it.sptep, direct_access); drop_large_spte(vcpu, it.sptep); if (!is_shadow_present_pte(*it.sptep)) { sp = kvm_mmu_get_page(vcpu, base_gfn, addr, it.level - 1, true, direct_access); link_shadow_page(vcpu, it.sptep, sp); if (huge_page_disallowed && req_level >= it.level) account_huge_nx_page(vcpu->kvm, sp); } } ret = mmu_set_spte(vcpu, it.sptep, gw->pte_access, write_fault, it.level, base_gfn, pfn, prefault, map_writable); if (ret == RET_PF_SPURIOUS) return ret; FNAME(pte_prefetch)(vcpu, gw, it.sptep); ++vcpu->stat.pf_fixed; return ret; out_gpte_changed: return RET_PF_RETRY; }",visit repo url,arch/x86/kvm/mmu/paging_tmpl.h,https://github.com/torvalds/linux,2338457883310,1 6095,CWE-190,"static int pad_pkcs1(bn_t m, int *p_len, int m_len, int k_len, int operation) { uint8_t *id, pad = 0; int len, result = RLC_ERR; bn_t t; bn_null(t); RLC_TRY { bn_new(t); switch (operation) { case RSA_ENC: bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PUB); *p_len = k_len - 3 - m_len; for (int i = 0; i < *p_len; i++) { bn_lsh(m, m, 8); do { rand_bytes(&pad, 1); } while (pad == 0); bn_add_dig(m, m, pad); } bn_lsh(m, m, (m_len + 1) * 8); result = RLC_OK; break; case RSA_DEC: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (bn_is_zero(t)) { *p_len = m_len; m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; if (pad == RSA_PUB) { do { m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad != 0 && m_len > 0); *p_len -= (m_len - 1); bn_mod_2b(m, m, (k_len - *p_len) * 8); result = (m_len > 0 ? RLC_OK : RLC_ERR); } } break; case RSA_SIG: id = hash_id(MD_MAP, &len); bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PRV); *p_len = k_len - 3 - m_len - len; for (int i = 0; i < *p_len; i++) { bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PAD); } bn_lsh(m, m, 8 * (len + 1)); bn_read_bin(t, id, len); bn_add(m, m, t); bn_lsh(m, m, m_len * 8); result = RLC_OK; break; case RSA_SIG_HASH: bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PRV); *p_len = k_len - 3 - m_len; for (int i = 0; i < *p_len; i++) { bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PAD); } bn_lsh(m, m, 8 * (m_len + 1)); result = RLC_OK; break; case RSA_VER: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (bn_is_zero(t)) { m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; if (pad == RSA_PRV) { int counter = 0; do { counter++; m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad == RSA_PAD && m_len > 0); id = hash_id(MD_MAP, &len); bn_rsh(t, m, 8 * m_len); bn_mod_2b(t, t, 8); if (bn_is_zero(t)) { m_len -= len; bn_rsh(t, m, 8 * m_len); int r = 0; for (int i = 0; i < len; i++) { pad = (uint8_t)t->dp[0]; r |= pad ^ id[len - i - 1]; bn_rsh(t, t, 8); } *p_len = k_len - m_len; bn_mod_2b(m, m, m_len * 8); if (r == 0 && m_len == RLC_MD_LEN && counter >= 8) { result = RLC_OK; } } } } break; case RSA_VER_HASH: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (bn_is_zero(t)) { m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; if (pad == RSA_PRV) { int counter = 0; do { counter++; m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad == RSA_PAD && m_len > 0); *p_len = k_len - m_len; bn_rsh(t, m, 8 * m_len); bn_mod_2b(t, t, 8); if (bn_is_zero(t)) { bn_mod_2b(m, m, m_len * 8); if (m_len == RLC_MD_LEN && counter >= 8) { result = RLC_OK; } } } } break; } } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(t); } return result; }",visit repo url,src/cp/relic_cp_rsa.c,https://github.com/relic-toolkit/relic,170661288591803,1 6655,NVD-CWE-noinfo,"static void handle_global(void *data, struct wl_registry *registry, uint32_t name, const char *interface, uint32_t version) { struct swaylock_state *state = data; if (strcmp(interface, wl_compositor_interface.name) == 0) { state->compositor = wl_registry_bind(registry, name, &wl_compositor_interface, 4); } else if (strcmp(interface, wl_subcompositor_interface.name) == 0) { state->subcompositor = wl_registry_bind(registry, name, &wl_subcompositor_interface, 1); } else if (strcmp(interface, wl_shm_interface.name) == 0) { state->shm = wl_registry_bind(registry, name, &wl_shm_interface, 1); } else if (strcmp(interface, wl_seat_interface.name) == 0) { struct wl_seat *seat = wl_registry_bind( registry, name, &wl_seat_interface, 4); struct swaylock_seat *swaylock_seat = calloc(1, sizeof(struct swaylock_seat)); swaylock_seat->state = state; wl_seat_add_listener(seat, &seat_listener, swaylock_seat); } else if (strcmp(interface, zwlr_layer_shell_v1_interface.name) == 0) { state->layer_shell = wl_registry_bind( registry, name, &zwlr_layer_shell_v1_interface, 1); } else if (strcmp(interface, zwlr_input_inhibit_manager_v1_interface.name) == 0) { state->input_inhibit_manager = wl_registry_bind( registry, name, &zwlr_input_inhibit_manager_v1_interface, 1); } else if (strcmp(interface, zxdg_output_manager_v1_interface.name) == 0) { state->zxdg_output_manager = wl_registry_bind( registry, name, &zxdg_output_manager_v1_interface, 2); } else if (strcmp(interface, wl_output_interface.name) == 0) { struct swaylock_surface *surface = calloc(1, sizeof(struct swaylock_surface)); surface->state = state; surface->output = wl_registry_bind(registry, name, &wl_output_interface, 3); surface->output_global_name = name; wl_output_add_listener(surface->output, &_wl_output_listener, surface); wl_list_insert(&state->surfaces, &surface->link); if (state->run_display) { create_layer_surface(surface); wl_display_roundtrip(state->display); } } }",visit repo url,main.c,https://github.com/swaywm/swaylock,124800573190988,1 2454,['CWE-119'],"void mark_parents_uninteresting(struct commit *commit) { struct commit_list *parents = commit->parents; while (parents) { struct commit *commit = parents->item; if (!(commit->object.flags & UNINTERESTING)) { commit->object.flags |= UNINTERESTING; if (commit->parents) mark_parents_uninteresting(commit); } if (!has_sha1_file(commit->object.sha1)) commit->object.parsed = 1; parents = parents->next; } }",git,,,66133368592018250942458732970614113205,0 329,['CWE-20'],"static unsigned long getreg(struct task_struct *child, unsigned long regno) { unsigned long retval = ~0UL; switch (regno >> 2) { case GS: retval = child->thread.gs; break; case DS: case ES: case FS: case SS: case CS: retval = 0xffff; default: if (regno > FS*4) regno -= 1*4; retval &= get_stack_long(child, regno); } return retval; }",linux-2.6,,,246602627489406932706937522120097405402,0 3037,['CWE-189'],"jas_seq_t *jpc_seq_conv(jas_seq_t *x, jas_seq_t *y) { int i; int j; int k; jas_seq_t *z; jpc_fix_t s; jpc_fix_t v; z = jas_seq_create(jas_seq_start(x) + jas_seq_start(y), jas_seq_end(x) + jas_seq_end(y) - 1); assert(z); for (i = jas_seq_start(z); i < jas_seq_end(z); i++) { s = jpc_inttofix(0); for (j = jas_seq_start(y); j < jas_seq_end(y); j++) { k = i - j; if (k < jas_seq_start(x) || k >= jas_seq_end(x)) { v = JPC_FIX_ZERO; } else { v = jas_seq_get(x, k); } s = jpc_fix_add(s, jpc_fix_mul(jas_seq_get(y, j), v)); } *jas_seq_getref(z, i) = s; } return z; }",jasper,,,237298613039115074903108764156505829504,0 4582,CWE-125,"GF_Err abst_box_read(GF_Box *s, GF_BitStream *bs) { GF_AdobeBootstrapInfoBox *ptr = (GF_AdobeBootstrapInfoBox *)s; int i; u32 tmp_strsize; char *tmp_str; GF_Err e; ISOM_DECREASE_SIZE(ptr, 25) ptr->bootstrapinfo_version = gf_bs_read_u32(bs); ptr->profile = gf_bs_read_int(bs, 2); ptr->live = gf_bs_read_int(bs, 1); ptr->update = gf_bs_read_int(bs, 1); ptr->reserved = gf_bs_read_int(bs, 4); ptr->time_scale = gf_bs_read_u32(bs); ptr->current_media_time = gf_bs_read_u64(bs); ptr->smpte_time_code_offset = gf_bs_read_u64(bs); i=0; if (ptr->size<8) return GF_ISOM_INVALID_FILE; tmp_strsize =(u32)ptr->size-8; tmp_str = gf_malloc(sizeof(char)*tmp_strsize); if (!tmp_str) return GF_OUT_OF_MEM; memset(tmp_str, 0, sizeof(char)*tmp_strsize); while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) break; i++; } if (i) { ptr->movie_identifier = gf_strdup(tmp_str); } ISOM_DECREASE_SIZE(ptr, 1) ptr->server_entry_count = gf_bs_read_u8(bs); for (i=0; iserver_entry_count; i++) { int j=0; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[j] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[j]) break; j++; } if (j) { gf_list_insert(ptr->server_entry_table, gf_strdup(tmp_str), i); } } ISOM_DECREASE_SIZE(ptr, 1) ptr->quality_entry_count = gf_bs_read_u8(bs); for (i=0; iquality_entry_count; i++) { int j=0; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[j] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[j]) break; j++; } if (j) { gf_list_insert(ptr->quality_entry_table, gf_strdup(tmp_str), i); } } i=0; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) break; i++; } if (i) { ptr->drm_data = gf_strdup(tmp_str); } i=0; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) break; i++; } if (i) { ptr->meta_data = gf_strdup(tmp_str); } ISOM_DECREASE_SIZE(ptr, 1) ptr->segment_run_table_count = gf_bs_read_u8(bs); for (i=0; isegment_run_table_count; i++) { GF_AdobeSegmentRunTableBox *asrt = NULL; e = gf_isom_box_parse((GF_Box **)&asrt, bs); if (e) { if (asrt) gf_isom_box_del((GF_Box*)asrt); gf_free(tmp_str); return e; } gf_list_add(ptr->segment_run_table_entries, asrt); } ISOM_DECREASE_SIZE(ptr, 1) ptr->fragment_run_table_count = gf_bs_read_u8(bs); for (i=0; ifragment_run_table_count; i++) { GF_AdobeFragmentRunTableBox *afrt = NULL; e = gf_isom_box_parse((GF_Box **)&afrt, bs); if (e) { if (afrt) gf_isom_box_del((GF_Box*)afrt); gf_free(tmp_str); return e; } gf_list_add(ptr->fragment_run_table_entries, afrt); } gf_free(tmp_str); return GF_OK; }",visit repo url,src/isomedia/box_code_adobe.c,https://github.com/gpac/gpac,112823133607319,1 3148,['CWE-189'],"static int jp2_ihdr_putdata(jp2_box_t *box, jas_stream_t *out) { jp2_ihdr_t *ihdr = &box->data.ihdr; if (jp2_putuint32(out, ihdr->height) || jp2_putuint32(out, ihdr->width) || jp2_putuint16(out, ihdr->numcmpts) || jp2_putuint8(out, ihdr->bpc) || jp2_putuint8(out, ihdr->comptype) || jp2_putuint8(out, ihdr->csunk) || jp2_putuint8(out, ihdr->ipr)) { return -1; } return 0; }",jasper,,,105526578077324417113453274267555450446,0 4707,CWE-119,"static int pop_fetch_headers(struct Context *ctx) { struct PopData *pop_data = (struct PopData *) ctx->data; struct Progress progress; #ifdef USE_HCACHE header_cache_t *hc = pop_hcache_open(pop_data, ctx->path); #endif time(&pop_data->check_time); pop_data->clear_cache = false; for (int i = 0; i < ctx->msgcount; i++) ctx->hdrs[i]->refno = -1; const int old_count = ctx->msgcount; int ret = pop_fetch_data(pop_data, ""UIDL\r\n"", NULL, fetch_uidl, ctx); const int new_count = ctx->msgcount; ctx->msgcount = old_count; if (pop_data->cmd_uidl == 2) { if (ret == 0) { pop_data->cmd_uidl = 1; mutt_debug(1, ""set UIDL capability\n""); } if (ret == -2 && pop_data->cmd_uidl == 2) { pop_data->cmd_uidl = 0; mutt_debug(1, ""unset UIDL capability\n""); snprintf(pop_data->err_msg, sizeof(pop_data->err_msg), ""%s"", _(""Command UIDL is not supported by server."")); } } if (!ctx->quiet) { mutt_progress_init(&progress, _(""Fetching message headers...""), MUTT_PROGRESS_MSG, ReadInc, new_count - old_count); } if (ret == 0) { int i, deleted; for (i = 0, deleted = 0; i < old_count; i++) { if (ctx->hdrs[i]->refno == -1) { ctx->hdrs[i]->deleted = true; deleted++; } } if (deleted > 0) { mutt_error( ngettext(""%d message has been lost. Try reopening the mailbox."", ""%d messages have been lost. Try reopening the mailbox."", deleted), deleted); } bool hcached = false; for (i = old_count; i < new_count; i++) { if (!ctx->quiet) mutt_progress_update(&progress, i + 1 - old_count, -1); #ifdef USE_HCACHE void *data = mutt_hcache_fetch(hc, ctx->hdrs[i]->data, strlen(ctx->hdrs[i]->data)); if (data) { char *uidl = mutt_str_strdup(ctx->hdrs[i]->data); int refno = ctx->hdrs[i]->refno; int index = ctx->hdrs[i]->index; struct Header *h = mutt_hcache_restore((unsigned char *) data); mutt_hcache_free(hc, &data); mutt_header_free(&ctx->hdrs[i]); ctx->hdrs[i] = h; ctx->hdrs[i]->refno = refno; ctx->hdrs[i]->index = index; ctx->hdrs[i]->data = uidl; ret = 0; hcached = true; } else #endif if ((ret = pop_read_header(pop_data, ctx->hdrs[i])) < 0) break; #ifdef USE_HCACHE else { mutt_hcache_store(hc, ctx->hdrs[i]->data, strlen(ctx->hdrs[i]->data), ctx->hdrs[i], 0); } #endif const bool bcached = (mutt_bcache_exists(pop_data->bcache, ctx->hdrs[i]->data) == 0); ctx->hdrs[i]->old = false; ctx->hdrs[i]->read = false; if (hcached) { if (bcached) ctx->hdrs[i]->read = true; else if (MarkOld) ctx->hdrs[i]->old = true; } else { if (bcached) ctx->hdrs[i]->read = true; } ctx->msgcount++; } if (i > old_count) mx_update_context(ctx, i - old_count); } #ifdef USE_HCACHE mutt_hcache_close(hc); #endif if (ret < 0) { for (int i = ctx->msgcount; i < new_count; i++) mutt_header_free(&ctx->hdrs[i]); return ret; } if (MessageCacheClean) mutt_bcache_list(pop_data->bcache, msg_cache_check, (void *) ctx); mutt_clear_error(); return (new_count - old_count); }",visit repo url,pop.c,https://github.com/neomutt/neomutt,277771220888940,1 5996,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedreader_20BufferedSocketReader_2read_into_buffer(struct __pyx_obj_17clickhouse_driver_14bufferedreader_BufferedSocketReader *__pyx_v_self) { PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; Py_ssize_t __pyx_t_4; int __pyx_t_5; __Pyx_RefNannySetupContext(""read_into_buffer"", 0); __pyx_t_2 = __Pyx_PyObject_GetAttrStr(__pyx_v_self->sock, __pyx_n_s_recv_into); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 188, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) { __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2); if (likely(__pyx_t_3)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2); __Pyx_INCREF(__pyx_t_3); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_2, function); } } __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_3, __pyx_v_self->__pyx_base.buffer) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_v_self->__pyx_base.buffer); __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0; if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 188, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_4 = __Pyx_PyIndex_AsSsize_t(__pyx_t_1); if (unlikely((__pyx_t_4 == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 188, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_v_self->__pyx_base.current_buffer_size = __pyx_t_4; __pyx_t_5 = ((__pyx_v_self->__pyx_base.current_buffer_size == 0) != 0); if (unlikely(__pyx_t_5)) { __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_EOFError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 191, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_Raise(__pyx_t_1, 0, 0, 0); __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __PYX_ERR(0, 191, __pyx_L1_error) } __pyx_r = Py_None; __Pyx_INCREF(Py_None); goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.BufferedSocketReader.read_into_buffer"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,50391585130075,1 5365,['CWE-476'],"static void vapic_exit(struct kvm_vcpu *vcpu) { struct kvm_lapic *apic = vcpu->arch.apic; if (!apic || !apic->vapic_addr) return; down_read(&vcpu->kvm->slots_lock); kvm_release_page_dirty(apic->vapic_page); mark_page_dirty(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT); up_read(&vcpu->kvm->slots_lock); }",linux-2.6,,,256911879609148134490426272379473121732,0 1451,[],"static void fire_sched_in_preempt_notifiers(struct task_struct *curr) { struct preempt_notifier *notifier; struct hlist_node *node; hlist_for_each_entry(notifier, node, &curr->preempt_notifiers, link) notifier->ops->sched_in(notifier, raw_smp_processor_id()); }",linux-2.6,,,294041289552553336729666218246771099819,0 6521,['CWE-20'],"static void toggle_interruptibility(struct x86_emulate_ctxt *ctxt, u32 mask) { u32 int_shadow = kvm_x86_ops->get_interrupt_shadow(ctxt->vcpu, mask); if (!(int_shadow & mask)) ctxt->interruptibility = mask; }",kvm,,,314358750216671385578560221128805841690,0 2431,['CWE-119'],"static void file_change(struct diff_options *options, unsigned old_mode, unsigned new_mode, const unsigned char *old_sha1, const unsigned char *new_sha1, const char *fullpath) { tree_difference = REV_TREE_DIFFERENT; DIFF_OPT_SET(options, HAS_CHANGES); }",git,,,64351267031930795164406687870069491828,0 1563,[],"static inline void init_rq_hrtick(struct rq *rq) { }",linux-2.6,,,289702861081600777561934073946465469608,0 178,[],"asmlinkage long compat_sys_mount(char __user * dev_name, char __user * dir_name, char __user * type, unsigned long flags, void __user * data) { unsigned long type_page; unsigned long data_page; unsigned long dev_page; char *dir_page; int retval; retval = copy_mount_options (type, &type_page); if (retval < 0) goto out; dir_page = getname(dir_name); retval = PTR_ERR(dir_page); if (IS_ERR(dir_page)) goto out1; retval = copy_mount_options (dev_name, &dev_page); if (retval < 0) goto out2; retval = copy_mount_options (data, &data_page); if (retval < 0) goto out3; retval = -EINVAL; if (type_page && data_page) { if (!strcmp((char *)type_page, SMBFS_NAME)) { do_smb_super_data_conv((void *)data_page); } else if (!strcmp((char *)type_page, NCPFS_NAME)) { do_ncp_super_data_conv((void *)data_page); } else if (!strcmp((char *)type_page, NFS4_NAME)) { if (do_nfs4_super_data_conv((void *) data_page)) goto out4; } } lock_kernel(); retval = do_mount((char*)dev_page, dir_page, (char*)type_page, flags, (void*)data_page); unlock_kernel(); out4: free_page(data_page); out3: free_page(dev_page); out2: putname(dir_page); out1: free_page(type_page); out: return retval; }",linux-2.6,,,233103606685792073902933759502569096528,0 100,CWE-119,"get_matching_data(krb5_context context, pkinit_plg_crypto_context plg_cryptoctx, pkinit_req_crypto_context req_cryptoctx, X509 *cert, pkinit_cert_matching_data **md_out) { krb5_error_code ret = ENOMEM; pkinit_cert_matching_data *md = NULL; krb5_principal *pkinit_sans = NULL, *upn_sans = NULL; size_t i, j; char buf[DN_BUF_LEN]; unsigned int bufsize = sizeof(buf); *md_out = NULL; md = calloc(1, sizeof(*md)); if (md == NULL) goto cleanup; X509_NAME_oneline_ex(X509_get_subject_name(cert), buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS); md->subject_dn = strdup(buf); if (md->subject_dn == NULL) { ret = ENOMEM; goto cleanup; } X509_NAME_oneline_ex(X509_get_issuer_name(cert), buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS); md->issuer_dn = strdup(buf); if (md->issuer_dn == NULL) { ret = ENOMEM; goto cleanup; } ret = crypto_retrieve_X509_sans(context, plg_cryptoctx, req_cryptoctx, cert, &pkinit_sans, &upn_sans, NULL); if (ret) goto cleanup; j = 0; if (pkinit_sans != NULL) { for (i = 0; pkinit_sans[i] != NULL; i++) j++; } if (upn_sans != NULL) { for (i = 0; upn_sans[i] != NULL; i++) j++; } if (j != 0) { md->sans = calloc((size_t)j+1, sizeof(*md->sans)); if (md->sans == NULL) { ret = ENOMEM; goto cleanup; } j = 0; if (pkinit_sans != NULL) { for (i = 0; pkinit_sans[i] != NULL; i++) md->sans[j++] = pkinit_sans[i]; free(pkinit_sans); } if (upn_sans != NULL) { for (i = 0; upn_sans[i] != NULL; i++) md->sans[j++] = upn_sans[i]; free(upn_sans); } md->sans[j] = NULL; } else md->sans = NULL; ret = crypto_retrieve_X509_key_usage(context, plg_cryptoctx, req_cryptoctx, cert, &md->ku_bits, &md->eku_bits); if (ret) goto cleanup; *md_out = md; md = NULL; cleanup: crypto_cert_free_matching_data(context, md); return ret; }",visit repo url,src/plugins/preauth/pkinit/pkinit_crypto_openssl.c,https://github.com/krb5/krb5,84318860869738,1 2593,CWE-20,"void mk_request_free(struct session_request *sr) { if (sr->fd_file > 0) { mk_vhost_close(sr); } if (sr->headers.location) { mk_mem_free(sr->headers.location); } if (sr->uri_processed.data != sr->uri.data) { mk_ptr_free(&sr->uri_processed); } if (sr->real_path.data != sr->real_path_static) { mk_ptr_free(&sr->real_path); } }",visit repo url,src/mk_request.c,https://github.com/monkey/monkey,37259658013161,1 4248,CWE-78,"static inline int r_sys_mkdirp(char *dir) { int ret = 1; const char slash = DIRSEP; char *path = dir; char *ptr = path; if (*ptr == slash) { ptr++; } #if __SDB_WINDOWS__ char *p = strstr (ptr, "":\\""); if (p) { ptr = p + 2; } #endif while ((ptr = strchr (ptr, slash))) { *ptr = 0; if (!r_sys_mkdir (path) && r_sys_mkdir_failed ()) { eprintf (""r_sys_mkdirp: fail '%s' of '%s'\n"", path, dir); *ptr = slash; return 0; } *ptr = slash; ptr++; } return ret; }",visit repo url,shlr/sdb/src/disk.c,https://github.com/radareorg/radare2,17876004249020,1 2016,['CWE-269'],"static int graft_tree(struct vfsmount *mnt, struct nameidata *nd) { int err; if (mnt->mnt_sb->s_flags & MS_NOUSER) return -EINVAL; if (S_ISDIR(nd->dentry->d_inode->i_mode) != S_ISDIR(mnt->mnt_root->d_inode->i_mode)) return -ENOTDIR; err = -ENOENT; mutex_lock(&nd->dentry->d_inode->i_mutex); if (IS_DEADDIR(nd->dentry->d_inode)) goto out_unlock; err = security_sb_check_sb(mnt, nd); if (err) goto out_unlock; err = -ENOENT; if (IS_ROOT(nd->dentry) || !d_unhashed(nd->dentry)) err = attach_recursive_mnt(mnt, nd, NULL); out_unlock: mutex_unlock(&nd->dentry->d_inode->i_mutex); if (!err) security_sb_post_addmount(mnt, nd); return err; }",linux-2.6,,,30392253315224403539656280932673660412,0 2188,['CWE-193'],"static inline int __filemap_fdatawrite(struct address_space *mapping, int sync_mode) { return __filemap_fdatawrite_range(mapping, 0, LLONG_MAX, sync_mode); }",linux-2.6,,,298325479583371646735217629360212258413,0 2228,NVD-CWE-noinfo,"static void nfs4_open_release(void *calldata) { struct nfs4_opendata *data = calldata; struct nfs4_state *state = NULL; if (data->cancelled == 0) goto out_free; if (data->rpc_status != 0 || !data->rpc_done) goto out_free; if (data->o_res.rflags & NFS4_OPEN_RESULT_CONFIRM) goto out_free; state = nfs4_opendata_to_nfs4_state(data); if (!IS_ERR(state)) nfs4_close_state(&data->path, state, data->o_arg.open_flags); out_free: nfs4_opendata_put(data); }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,46321266474086,1 1956,CWE-401,"int adis_update_scan_mode(struct iio_dev *indio_dev, const unsigned long *scan_mask) { struct adis *adis = iio_device_get_drvdata(indio_dev); const struct iio_chan_spec *chan; unsigned int scan_count; unsigned int i, j; __be16 *tx, *rx; kfree(adis->xfer); kfree(adis->buffer); if (adis->burst && adis->burst->en) return adis_update_scan_mode_burst(indio_dev, scan_mask); scan_count = indio_dev->scan_bytes / 2; adis->xfer = kcalloc(scan_count + 1, sizeof(*adis->xfer), GFP_KERNEL); if (!adis->xfer) return -ENOMEM; adis->buffer = kcalloc(indio_dev->scan_bytes, 2, GFP_KERNEL); if (!adis->buffer) return -ENOMEM; rx = adis->buffer; tx = rx + scan_count; spi_message_init(&adis->msg); for (j = 0; j <= scan_count; j++) { adis->xfer[j].bits_per_word = 8; if (j != scan_count) adis->xfer[j].cs_change = 1; adis->xfer[j].len = 2; adis->xfer[j].delay_usecs = adis->data->read_delay; if (j < scan_count) adis->xfer[j].tx_buf = &tx[j]; if (j >= 1) adis->xfer[j].rx_buf = &rx[j - 1]; spi_message_add_tail(&adis->xfer[j], &adis->msg); } chan = indio_dev->channels; for (i = 0; i < indio_dev->num_channels; i++, chan++) { if (!test_bit(chan->scan_index, scan_mask)) continue; if (chan->scan_type.storagebits == 32) *tx++ = cpu_to_be16((chan->address + 2) << 8); *tx++ = cpu_to_be16(chan->address << 8); } return 0; }",visit repo url,drivers/iio/imu/adis_buffer.c,https://github.com/torvalds/linux,13170868445272,1 1610,[],"static ssize_t sched_mc_power_savings_store(struct sys_device *dev, const char *buf, size_t count) { return sched_power_savings_store(buf, count, 0); }",linux-2.6,,,50782383441238962367688359963342076923,0 2509,['CWE-119'],"static inline void skip_same_name(struct cache_entry *ce, struct unpack_trees_options *o) { int len = ce_namelen(ce); const struct index_state *index = o->src_index; while (o->pos < index->cache_nr) { struct cache_entry *next = index->cache[o->pos]; if (len != ce_namelen(next)) break; if (memcmp(ce->name, next->name, len)) break; o->pos++; } }",git,,,74444564226678100931481654869675297365,0 2484,CWE-189,"NEDMALLOCNOALIASATTR NEDMALLOCPTRATTR void * nedpcalloc(nedpool *p, size_t no, size_t size) THROWSPEC { unsigned flags=NEDMALLOC_FORCERESERVE(p, 0, no*size); return nedpmalloc2(p, size*no, 0, M2_ZERO_MEMORY|flags); } ",visit repo url,nedmalloc.c,https://github.com/ned14/nedmalloc,69184392467177,1 740,CWE-20,"static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int copied = 0; int target; int err = 0; long timeo; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; err = -EAGAIN; if (sk->sk_state == CAIF_CONNECTING) goto out; caif_read_lock(sk); target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); do { int chunk; struct sk_buff *skb; lock_sock(sk); skb = skb_dequeue(&sk->sk_receive_queue); caif_check_flow_release(sk); if (skb == NULL) { if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; err = -ECONNRESET; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; err = -EPIPE; if (sk->sk_state != CAIF_CONNECTED) goto unlock; if (sock_flag(sk, SOCK_DEAD)) goto unlock; release_sock(sk); err = -EAGAIN; if (!timeo) break; caif_read_unlock(sk); timeo = caif_stream_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } caif_read_lock(sk); continue; unlock: release_sock(sk); break; } release_sock(sk); chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); caif_read_unlock(sk); out: return copied ? : err; }",visit repo url,net/caif/caif_socket.c,https://github.com/torvalds/linux,221882276043621,1 1401,CWE-310,"static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_aead raead; struct aead_alg *aead = &alg->cra_aead; snprintf(raead.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""aead""); snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", aead->geniv ?: """"); raead.blocksize = alg->cra_blocksize; raead.maxauthsize = aead->maxauthsize; raead.ivsize = aead->ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(struct crypto_report_aead), &raead)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/aead.c,https://github.com/torvalds/linux,15737403031920,1 2121,CWE-416,"nvkm_vmm_get_locked(struct nvkm_vmm *vmm, bool getref, bool mapref, bool sparse, u8 shift, u8 align, u64 size, struct nvkm_vma **pvma) { const struct nvkm_vmm_page *page = &vmm->func->page[NVKM_VMA_PAGE_NONE]; struct rb_node *node = NULL, *temp; struct nvkm_vma *vma = NULL, *tmp; u64 addr, tail; int ret; VMM_TRACE(vmm, ""getref %d mapref %d sparse %d "" ""shift: %d align: %d size: %016llx"", getref, mapref, sparse, shift, align, size); if (unlikely(!size || (!getref && !mapref && sparse))) { VMM_DEBUG(vmm, ""args %016llx %d %d %d"", size, getref, mapref, sparse); return -EINVAL; } if (unlikely((getref || vmm->func->page_block) && !shift)) { VMM_DEBUG(vmm, ""page size required: %d %016llx"", getref, vmm->func->page_block); return -EINVAL; } if (shift) { for (page = vmm->func->page; page->shift; page++) { if (shift == page->shift) break; } if (!page->shift || !IS_ALIGNED(size, 1ULL << page->shift)) { VMM_DEBUG(vmm, ""page %d %016llx"", shift, size); return -EINVAL; } align = max_t(u8, align, shift); } else { align = max_t(u8, align, 12); } temp = vmm->free.rb_node; while (temp) { struct nvkm_vma *this = rb_entry(temp, typeof(*this), tree); if (this->size < size) { temp = temp->rb_right; } else { node = temp; temp = temp->rb_left; } } if (unlikely(!node)) return -ENOSPC; do { struct nvkm_vma *this = rb_entry(node, typeof(*this), tree); struct nvkm_vma *prev = node(this, prev); struct nvkm_vma *next = node(this, next); const int p = page - vmm->func->page; addr = this->addr; if (vmm->func->page_block && prev && prev->page != p) addr = ALIGN(addr, vmm->func->page_block); addr = ALIGN(addr, 1ULL << align); tail = this->addr + this->size; if (vmm->func->page_block && next && next->page != p) tail = ALIGN_DOWN(tail, vmm->func->page_block); if (addr <= tail && tail - addr >= size) { rb_erase(&this->tree, &vmm->free); vma = this; break; } } while ((node = rb_next(node))); if (unlikely(!vma)) return -ENOSPC; if (addr != vma->addr) { if (!(tmp = nvkm_vma_tail(vma, vma->size + vma->addr - addr))) { nvkm_vmm_put_region(vmm, vma); return -ENOMEM; } nvkm_vmm_free_insert(vmm, vma); vma = tmp; } if (size != vma->size) { if (!(tmp = nvkm_vma_tail(vma, vma->size - size))) { nvkm_vmm_put_region(vmm, vma); return -ENOMEM; } nvkm_vmm_free_insert(vmm, tmp); } if (sparse && getref) ret = nvkm_vmm_ptes_sparse_get(vmm, page, vma->addr, vma->size); else if (sparse) ret = nvkm_vmm_ptes_sparse(vmm, vma->addr, vma->size, true); else if (getref) ret = nvkm_vmm_ptes_get(vmm, page, vma->addr, vma->size); else ret = 0; if (ret) { nvkm_vmm_put_region(vmm, vma); return ret; } vma->mapref = mapref && !getref; vma->sparse = sparse; vma->page = page - vmm->func->page; vma->refd = getref ? vma->page : NVKM_VMA_PAGE_NONE; vma->used = true; nvkm_vmm_node_insert(vmm, vma); *pvma = vma; return 0; }",visit repo url,drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c,https://github.com/torvalds/linux,83059637785806,1 45,['CWE-787'],"static void cirrus_bitblt_start(CirrusVGAState * s) { uint8_t blt_rop; s->gr[0x31] |= CIRRUS_BLT_BUSY; s->cirrus_blt_width = (s->gr[0x20] | (s->gr[0x21] << 8)) + 1; s->cirrus_blt_height = (s->gr[0x22] | (s->gr[0x23] << 8)) + 1; s->cirrus_blt_dstpitch = (s->gr[0x24] | (s->gr[0x25] << 8)); s->cirrus_blt_srcpitch = (s->gr[0x26] | (s->gr[0x27] << 8)); s->cirrus_blt_dstaddr = (s->gr[0x28] | (s->gr[0x29] << 8) | (s->gr[0x2a] << 16)); s->cirrus_blt_srcaddr = (s->gr[0x2c] | (s->gr[0x2d] << 8) | (s->gr[0x2e] << 16)); s->cirrus_blt_mode = s->gr[0x30]; s->cirrus_blt_modeext = s->gr[0x33]; blt_rop = s->gr[0x32]; #ifdef DEBUG_BITBLT printf(""rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08x saddr=0x%08x writemask=0x%02x\n"", blt_rop, s->cirrus_blt_mode, s->cirrus_blt_modeext, s->cirrus_blt_width, s->cirrus_blt_height, s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch, s->cirrus_blt_dstaddr, s->cirrus_blt_srcaddr, s->gr[0x2f]); #endif switch (s->cirrus_blt_mode & CIRRUS_BLTMODE_PIXELWIDTHMASK) { case CIRRUS_BLTMODE_PIXELWIDTH8: s->cirrus_blt_pixelwidth = 1; break; case CIRRUS_BLTMODE_PIXELWIDTH16: s->cirrus_blt_pixelwidth = 2; break; case CIRRUS_BLTMODE_PIXELWIDTH24: s->cirrus_blt_pixelwidth = 3; break; case CIRRUS_BLTMODE_PIXELWIDTH32: s->cirrus_blt_pixelwidth = 4; break; default: #ifdef DEBUG_BITBLT printf(""cirrus: bitblt - pixel width is unknown\n""); #endif goto bitblt_ignore; } s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_PIXELWIDTHMASK; if ((s-> cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSSRC | CIRRUS_BLTMODE_MEMSYSDEST)) == (CIRRUS_BLTMODE_MEMSYSSRC | CIRRUS_BLTMODE_MEMSYSDEST)) { #ifdef DEBUG_BITBLT printf(""cirrus: bitblt - memory-to-memory copy is requested\n""); #endif goto bitblt_ignore; } if ((s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_SOLIDFILL) && (s->cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSDEST | CIRRUS_BLTMODE_TRANSPARENTCOMP | CIRRUS_BLTMODE_PATTERNCOPY | CIRRUS_BLTMODE_COLOREXPAND)) == (CIRRUS_BLTMODE_PATTERNCOPY | CIRRUS_BLTMODE_COLOREXPAND)) { cirrus_bitblt_fgcol(s); cirrus_bitblt_solidfill(s, blt_rop); } else { if ((s->cirrus_blt_mode & (CIRRUS_BLTMODE_COLOREXPAND | CIRRUS_BLTMODE_PATTERNCOPY)) == CIRRUS_BLTMODE_COLOREXPAND) { if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) { if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV) cirrus_bitblt_bgcol(s); else cirrus_bitblt_fgcol(s); s->cirrus_rop = cirrus_colorexpand_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; } else { cirrus_bitblt_fgcol(s); cirrus_bitblt_bgcol(s); s->cirrus_rop = cirrus_colorexpand[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; } } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) { if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) { if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) { if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV) cirrus_bitblt_bgcol(s); else cirrus_bitblt_fgcol(s); s->cirrus_rop = cirrus_colorexpand_pattern_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; } else { cirrus_bitblt_fgcol(s); cirrus_bitblt_bgcol(s); s->cirrus_rop = cirrus_colorexpand_pattern[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; } } else { s->cirrus_rop = cirrus_patternfill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; } } else { if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) { if (s->cirrus_blt_pixelwidth > 2) { printf(""src transparent without colorexpand must be 8bpp or 16bpp\n""); goto bitblt_ignore; } if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) { s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch; s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch; s->cirrus_rop = cirrus_bkwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; } else { s->cirrus_rop = cirrus_fwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; } } else { if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) { s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch; s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch; s->cirrus_rop = cirrus_bkwd_rop[rop_to_index[blt_rop]]; } else { s->cirrus_rop = cirrus_fwd_rop[rop_to_index[blt_rop]]; } } } if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSSRC) { if (!cirrus_bitblt_cputovideo(s)) goto bitblt_ignore; } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSDEST) { if (!cirrus_bitblt_videotocpu(s)) goto bitblt_ignore; } else { if (!cirrus_bitblt_videotovideo(s)) goto bitblt_ignore; } } return; bitblt_ignore:; cirrus_bitblt_reset(s); }",qemu,,,297221541426409817796343005986796669151,0 151,CWE-401,"static void mbochs_remove(struct mdev_device *mdev) { struct mdev_state *mdev_state = dev_get_drvdata(&mdev->dev); mbochs_used_mbytes -= mdev_state->type->mbytes; vfio_unregister_group_dev(&mdev_state->vdev); kfree(mdev_state->pages); kfree(mdev_state->vconfig); kfree(mdev_state); }",visit repo url,samples/vfio-mdev/mbochs.c,https://github.com/torvalds/linux,243421538875701,1 871,CWE-20,"static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr = msg->msg_name; int copied = 0; int check_creds = 0; int target; int err = 0; long timeo; int skip; err = -EINVAL; if (sk->sk_state != TCP_ESTABLISHED) goto out; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); msg->msg_namelen = 0; if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(timeo); goto out; } do { int chunk; struct sk_buff *skb, *last; unix_state_lock(sk); last = skb = skb_peek(&sk->sk_receive_queue); again: if (skb == NULL) { unix_sk(sk)->recursion_level = 0; if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; unix_state_unlock(sk); err = -EAGAIN; if (!timeo) break; mutex_unlock(&u->readlock); timeo = unix_stream_data_wait(sk, timeo, last); if (signal_pending(current) || mutex_lock_interruptible(&u->readlock)) { err = sock_intr_errno(timeo); goto out; } continue; unlock: unix_state_unlock(sk); break; } skip = sk_peek_offset(sk, flags); while (skip >= unix_skb_len(skb)) { skip -= unix_skb_len(skb); last = skb; skb = skb_peek_next(skb, &sk->sk_receive_queue); if (!skb) goto again; } unix_state_unlock(sk); if (check_creds) { if ((UNIXCB(skb).pid != siocb->scm->pid) || !uid_eq(UNIXCB(skb).uid, siocb->scm->creds.uid) || !gid_eq(UNIXCB(skb).gid, siocb->scm->creds.gid)) break; } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); check_creds = 1; } if (sunaddr) { unix_copy_addr(msg, skb->sk); sunaddr = NULL; } chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); if (skb_copy_datagram_iovec(skb, UNIXCB(skb).consumed + skip, msg->msg_iov, chunk)) { if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { UNIXCB(skb).consumed += chunk; sk_peek_offset_bwd(sk, chunk); if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); if (unix_skb_len(skb)) break; skb_unlink(skb, &sk->sk_receive_queue); consume_skb(skb); if (siocb->scm->fp) break; } else { if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); sk_peek_offset_fwd(sk, chunk); break; } } while (size); mutex_unlock(&u->readlock); scm_recv(sock, msg, siocb->scm, flags); out: return copied ? : err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,252330469564730,1 1454,CWE-17,"static struct fileIdentDesc *udf_find_entry(struct inode *dir, const struct qstr *child, struct udf_fileident_bh *fibh, struct fileIdentDesc *cfi) { struct fileIdentDesc *fi = NULL; loff_t f_pos; int block, flen; unsigned char *fname = NULL; unsigned char *nameptr; uint8_t lfi; uint16_t liu; loff_t size; struct kernel_lb_addr eloc; uint32_t elen; sector_t offset; struct extent_position epos = {}; struct udf_inode_info *dinfo = UDF_I(dir); int isdotdot = child->len == 2 && child->name[0] == '.' && child->name[1] == '.'; size = udf_ext0_offset(dir) + dir->i_size; f_pos = udf_ext0_offset(dir); fibh->sbh = fibh->ebh = NULL; fibh->soffset = fibh->eoffset = f_pos & (dir->i_sb->s_blocksize - 1); if (dinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB) { if (inode_bmap(dir, f_pos >> dir->i_sb->s_blocksize_bits, &epos, &eloc, &elen, &offset) != (EXT_RECORDED_ALLOCATED >> 30)) goto out_err; block = udf_get_lb_pblock(dir->i_sb, &eloc, offset); if ((++offset << dir->i_sb->s_blocksize_bits) < elen) { if (dinfo->i_alloc_type == ICBTAG_FLAG_AD_SHORT) epos.offset -= sizeof(struct short_ad); else if (dinfo->i_alloc_type == ICBTAG_FLAG_AD_LONG) epos.offset -= sizeof(struct long_ad); } else offset = 0; fibh->sbh = fibh->ebh = udf_tread(dir->i_sb, block); if (!fibh->sbh) goto out_err; } fname = kmalloc(UDF_NAME_LEN, GFP_NOFS); if (!fname) goto out_err; while (f_pos < size) { fi = udf_fileident_read(dir, &f_pos, fibh, cfi, &epos, &eloc, &elen, &offset); if (!fi) goto out_err; liu = le16_to_cpu(cfi->lengthOfImpUse); lfi = cfi->lengthFileIdent; if (fibh->sbh == fibh->ebh) { nameptr = fi->fileIdent + liu; } else { int poffset; poffset = fibh->soffset + sizeof(struct fileIdentDesc) + liu + lfi; if (poffset >= lfi) nameptr = (uint8_t *)(fibh->ebh->b_data + poffset - lfi); else { nameptr = fname; memcpy(nameptr, fi->fileIdent + liu, lfi - poffset); memcpy(nameptr + lfi - poffset, fibh->ebh->b_data, poffset); } } if ((cfi->fileCharacteristics & FID_FILE_CHAR_DELETED) != 0) { if (!UDF_QUERY_FLAG(dir->i_sb, UDF_FLAG_UNDELETE)) continue; } if ((cfi->fileCharacteristics & FID_FILE_CHAR_HIDDEN) != 0) { if (!UDF_QUERY_FLAG(dir->i_sb, UDF_FLAG_UNHIDE)) continue; } if ((cfi->fileCharacteristics & FID_FILE_CHAR_PARENT) && isdotdot) goto out_ok; if (!lfi) continue; flen = udf_get_filename(dir->i_sb, nameptr, fname, lfi); if (flen && udf_match(flen, fname, child->len, child->name)) goto out_ok; } out_err: fi = NULL; if (fibh->sbh != fibh->ebh) brelse(fibh->ebh); brelse(fibh->sbh); out_ok: brelse(epos.bh); kfree(fname); return fi; }",visit repo url,fs/udf/namei.c,https://github.com/torvalds/linux,177312477977130,1 5235,['CWE-264'],"int fchmod_acl(files_struct *fsp, mode_t mode) { connection_struct *conn = fsp->conn; SMB_ACL_T posix_acl = NULL; int ret = -1; if ((posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp)) == NULL) return -1; if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1) goto done; ret = SMB_VFS_SYS_ACL_SET_FD(fsp, posix_acl); done: SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl); return ret; }",samba,,,271999208395655336718247512686930673984,0 4581,['CWE-399'],"static int bget_one(handle_t *handle, struct buffer_head *bh) { get_bh(bh); return 0; }",linux-2.6,,,222967796824146463206432796128212291943,0 5073,CWE-191,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 4972,CWE-787,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 6488,[],"lt_dladvise_ext (lt_dladvise *padvise) { assert (padvise && *padvise); (*padvise)->try_ext = 1; return 0; }",libtool,,,172367586037240185715264869817566922132,0 2852,['CWE-119'],"_posix_to_nfsv4_one(struct posix_acl *pacl, struct nfs4_acl *acl, unsigned int flags) { struct posix_acl_entry *pa, *group_owner_entry; struct nfs4_ace *ace; struct posix_acl_summary pas; unsigned short deny; int eflag = ((flags & NFS4_ACL_TYPE_DEFAULT) ? NFS4_INHERITANCE_FLAGS | NFS4_ACE_INHERIT_ONLY_ACE : 0); BUG_ON(pacl->a_count < 3); summarize_posix_acl(pacl, &pas); pa = pacl->a_entries; ace = acl->aces + acl->naces; deny = ~pas.owner; deny &= pas.users | pas.group | pas.groups | pas.other; if (deny) { ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; ace->flag = eflag; ace->access_mask = deny_mask_from_posix(deny, flags); ace->whotype = NFS4_ACL_WHO_OWNER; ace++; acl->naces++; } ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag; ace->access_mask = mask_from_posix(pa->e_perm, flags | NFS4_ACL_OWNER); ace->whotype = NFS4_ACL_WHO_OWNER; ace++; acl->naces++; pa++; while (pa->e_tag == ACL_USER) { deny = ~(pa->e_perm & pas.mask); deny &= pas.groups | pas.group | pas.other; if (deny) { ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; ace->flag = eflag; ace->access_mask = deny_mask_from_posix(deny, flags); ace->whotype = NFS4_ACL_WHO_NAMED; ace->who = pa->e_id; ace++; acl->naces++; } ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag; ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, flags); ace->whotype = NFS4_ACL_WHO_NAMED; ace->who = pa->e_id; ace++; acl->naces++; pa++; } group_owner_entry = pa; ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag; ace->access_mask = mask_from_posix(pas.group, flags); ace->whotype = NFS4_ACL_WHO_GROUP; ace++; acl->naces++; pa++; while (pa->e_tag == ACL_GROUP) { ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; ace->access_mask = mask_from_posix(pa->e_perm & pas.mask, flags); ace->whotype = NFS4_ACL_WHO_NAMED; ace->who = pa->e_id; ace++; acl->naces++; pa++; } pa = group_owner_entry; deny = ~pas.group & pas.other; if (deny) { ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; ace->access_mask = deny_mask_from_posix(deny, flags); ace->whotype = NFS4_ACL_WHO_GROUP; ace++; acl->naces++; } pa++; while (pa->e_tag == ACL_GROUP) { deny = ~(pa->e_perm & pas.mask); deny &= pas.other; if (deny) { ace->type = NFS4_ACE_ACCESS_DENIED_ACE_TYPE; ace->flag = eflag | NFS4_ACE_IDENTIFIER_GROUP; ace->access_mask = mask_from_posix(deny, flags); ace->whotype = NFS4_ACL_WHO_NAMED; ace->who = pa->e_id; ace++; acl->naces++; } pa++; } if (pa->e_tag == ACL_MASK) pa++; ace->type = NFS4_ACE_ACCESS_ALLOWED_ACE_TYPE; ace->flag = eflag; ace->access_mask = mask_from_posix(pa->e_perm, flags); ace->whotype = NFS4_ACL_WHO_EVERYONE; acl->naces++; }",linux-2.6,,,214050744760638120661368284151601491518,0 2293,CWE-835,"asmlinkage void __sched schedule(void) { struct task_struct *prev, *next; unsigned long *switch_count; struct rq *rq; int cpu; need_resched: preempt_disable(); cpu = smp_processor_id(); rq = cpu_rq(cpu); rcu_note_context_switch(cpu); prev = rq->curr; release_kernel_lock(prev); need_resched_nonpreemptible: schedule_debug(prev); if (sched_feat(HRTICK)) hrtick_clear(rq); raw_spin_lock_irq(&rq->lock); clear_tsk_need_resched(prev); switch_count = &prev->nivcsw; if (prev->state && !(preempt_count() & PREEMPT_ACTIVE)) { if (unlikely(signal_pending_state(prev->state, prev))) { prev->state = TASK_RUNNING; } else { if (prev->flags & PF_WQ_WORKER) { struct task_struct *to_wakeup; to_wakeup = wq_worker_sleeping(prev, cpu); if (to_wakeup) try_to_wake_up_local(to_wakeup); } deactivate_task(rq, prev, DEQUEUE_SLEEP); } switch_count = &prev->nvcsw; } pre_schedule(rq, prev); if (unlikely(!rq->nr_running)) idle_balance(cpu, rq); put_prev_task(rq, prev); next = pick_next_task(rq); if (likely(prev != next)) { sched_info_switch(prev, next); perf_event_task_sched_out(prev, next); rq->nr_switches++; rq->curr = next; ++*switch_count; context_switch(rq, prev, next); cpu = smp_processor_id(); rq = cpu_rq(cpu); } else raw_spin_unlock_irq(&rq->lock); post_schedule(rq); if (unlikely(reacquire_kernel_lock(prev))) goto need_resched_nonpreemptible; preempt_enable_no_resched(); if (need_resched()) goto need_resched; }",visit repo url,kernel/sched.c,https://github.com/torvalds/linux,62226025315773,1 4153,['CWE-399'],"void avahi_host_rr_entry_group_callback(AvahiServer *s, AvahiSEntryGroup *g, AvahiEntryGroupState state, AVAHI_GCC_UNUSED void *userdata) { assert(s); assert(g); if (state == AVAHI_ENTRY_GROUP_REGISTERING && s->state == AVAHI_SERVER_REGISTERING) s->n_host_rr_pending ++; else if (state == AVAHI_ENTRY_GROUP_COLLISION && (s->state == AVAHI_SERVER_REGISTERING || s->state == AVAHI_SERVER_RUNNING)) { withdraw_host_rrs(s); server_set_state(s, AVAHI_SERVER_COLLISION); } else if (state == AVAHI_ENTRY_GROUP_ESTABLISHED && s->state == AVAHI_SERVER_REGISTERING) avahi_server_decrease_host_rr_pending(s); }",avahi,,,235526277453919211913914481254985522727,0 3701,[],"static void unix_dgram_disconnected(struct sock *sk, struct sock *other) { if (!skb_queue_empty(&sk->sk_receive_queue)) { skb_queue_purge(&sk->sk_receive_queue); wake_up_interruptible_all(&unix_sk(sk)->peer_wait); if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) == sk) { other->sk_err = ECONNRESET; other->sk_error_report(other); } } }",linux-2.6,,,129899099709945696998833309588346230525,0 2080,[],"static int __udp4_lib_mcast_deliver(struct sk_buff *skb, struct udphdr *uh, __be32 saddr, __be32 daddr, struct hlist_head udptable[]) { struct sock *sk; int dif; read_lock(&udp_hash_lock); sk = sk_head(&udptable[ntohs(uh->dest) & (UDP_HTABLE_SIZE - 1)]); dif = skb->dev->ifindex; sk = udp_v4_mcast_next(sk, uh->dest, daddr, uh->source, saddr, dif); if (sk) { struct sock *sknext = NULL; do { struct sk_buff *skb1 = skb; sknext = udp_v4_mcast_next(sk_next(sk), uh->dest, daddr, uh->source, saddr, dif); if (sknext) skb1 = skb_clone(skb, GFP_ATOMIC); if (skb1) { int ret = udp_queue_rcv_skb(sk, skb1); if (ret > 0) kfree_skb(skb1); } sk = sknext; } while (sknext); } else kfree_skb(skb); read_unlock(&udp_hash_lock); return 0; }",linux-2.6,,,103705116621243987761355938785102532458,0 2750,CWE-20,"SPL_METHOD(Array, unserialize) { spl_array_object *intern = (spl_array_object*)zend_object_store_get_object(getThis() TSRMLS_CC); char *buf; int buf_len; const unsigned char *p, *s; php_unserialize_data_t var_hash; zval *pmembers, *pflags = NULL; HashTable *aht; long flags; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""s"", &buf, &buf_len) == FAILURE) { return; } if (buf_len == 0) { return; } aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); if (aht->nApplyCount > 0) { zend_error(E_WARNING, ""Modification of ArrayObject during sorting is prohibited""); return; } s = p = (const unsigned char*)buf; PHP_VAR_UNSERIALIZE_INIT(var_hash); if (*p!= 'x' || *++p != ':') { goto outexcept; } ++p; ALLOC_INIT_ZVAL(pflags); if (!php_var_unserialize(&pflags, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pflags) != IS_LONG) { goto outexcept; } var_push_dtor(&var_hash, &pflags); --p; flags = Z_LVAL_P(pflags); if (*p != ';') { goto outexcept; } ++p; if (*p!='m') { if (*p!='a' && *p!='O' && *p!='C' && *p!='r') { goto outexcept; } intern->ar_flags &= ~SPL_ARRAY_CLONE_MASK; intern->ar_flags |= flags & SPL_ARRAY_CLONE_MASK; zval_ptr_dtor(&intern->array); ALLOC_INIT_ZVAL(intern->array); if (!php_var_unserialize(&intern->array, &p, s + buf_len, &var_hash TSRMLS_CC)) { goto outexcept; } var_push_dtor(&var_hash, &intern->array); } if (*p != ';') { goto outexcept; } ++p; if (*p!= 'm' || *++p != ':') { goto outexcept; } ++p; ALLOC_INIT_ZVAL(pmembers); if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } var_push_dtor(&var_hash, &pmembers); if (!intern->std.properties) { rebuild_object_properties(&intern->std); } zend_hash_copy(intern->std.properties, Z_ARRVAL_P(pmembers), (copy_ctor_func_t) zval_add_ref, (void *) NULL, sizeof(zval *)); zval_ptr_dtor(&pmembers); PHP_VAR_UNSERIALIZE_DESTROY(var_hash); if (pflags) { zval_ptr_dtor(&pflags); } return; outexcept: PHP_VAR_UNSERIALIZE_DESTROY(var_hash); if (pflags) { zval_ptr_dtor(&pflags); } zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, ""Error at offset %ld of %d bytes"", (long)((char*)p - buf), buf_len); return; } ",visit repo url,ext/spl/spl_array.c,https://github.com/php/php-src,279357181952036,1 1755,CWE-119,"static inline int check_entry_size_and_hooks(struct arpt_entry *e, struct xt_table_info *newinfo, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks) { unsigned int h; int err; if ((unsigned long)e % __alignof__(struct arpt_entry) != 0 || (unsigned char *)e + sizeof(struct arpt_entry) >= limit) { duprintf(""Bad offset %p\n"", e); return -EINVAL; } if (e->next_offset < sizeof(struct arpt_entry) + sizeof(struct xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } err = check_entry(e); if (err) return err; for (h = 0; h < NF_ARP_NUMHOOKS; h++) { if (!(valid_hooks & (1 << h))) continue; if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) { if (!check_underflow(e)) { pr_err(""Underflows must be unconditional and "" ""use the STANDARD target with "" ""ACCEPT/DROP\n""); return -EINVAL; } newinfo->underflow[h] = underflows[h]; } } e->counters = ((struct xt_counters) { 0, 0 }); e->comefrom = 0; return 0; }",visit repo url,net/ipv4/netfilter/arp_tables.c,https://github.com/torvalds/linux,66554827771108,1 2627,CWE-190,"static inline int process_numeric_entity(const char **buf, unsigned *code_point) { long code_l; int hexadecimal = (**buf == 'x' || **buf == 'X'); char *endptr; if (hexadecimal && (**buf != '\0')) (*buf)++; if ((hexadecimal && !isxdigit(**buf)) || (!hexadecimal && !isdigit(**buf))) { return FAILURE; } code_l = strtol(*buf, &endptr, hexadecimal ? 16 : 10); *buf = endptr; if (**buf != ';') return FAILURE; if (code_l > 0x10FFFFL) return FAILURE; if (code_point != NULL) *code_point = (unsigned)code_l; return SUCCESS; }",visit repo url,ext/standard/html.c,https://github.com/php/php-src,60215793080760,1 5420,['CWE-476'],"unsigned long kvm_get_cr8(struct kvm_vcpu *vcpu) { if (irqchip_in_kernel(vcpu->kvm)) return kvm_lapic_get_cr8(vcpu); else return vcpu->arch.cr8; }",linux-2.6,,,182173196830397196425113127310554174770,0 5326,CWE-674,"static void Sp_match(js_State *J) { js_Regexp *re; const char *text; int len; const char *a, *b, *c, *e; Resub m; text = checkstring(J, 0); if (js_isregexp(J, 1)) js_copy(J, 1); else if (js_isundefined(J, 1)) js_newregexp(J, """", 0); else js_newregexp(J, js_tostring(J, 1), 0); re = js_toregexp(J, -1); if (!(re->flags & JS_REGEXP_G)) { js_RegExp_prototype_exec(J, re, text); return; } re->last = 0; js_newarray(J); len = 0; a = text; e = text + strlen(text); while (a <= e) { if (js_regexec(re->prog, a, &m, a > text ? REG_NOTBOL : 0)) break; b = m.sub[0].sp; c = m.sub[0].ep; js_pushlstring(J, b, c - b); js_setindex(J, -2, len++); a = c; if (c - b == 0) ++a; } if (len == 0) { js_pop(J, 1); js_pushnull(J); } }",visit repo url,jsstring.c,https://github.com/ccxvii/mujs,142912073279504,1 4893,['CWE-399'],"static int store_utf8(u16 c, char *p) { if (c < 0x80) { p[0] = c; return 1; } else if (c < 0x800) { p[0] = 0xc0 | (c >> 6); p[1] = 0x80 | (c & 0x3f); return 2; } else { p[0] = 0xe0 | (c >> 12); p[1] = 0x80 | ((c >> 6) & 0x3f); p[2] = 0x80 | (c & 0x3f); return 3; } }",linux-2.6,,,310933969492121279424056636293867913628,0 3259,['CWE-189'],"static jas_iccattrtab_t *jas_iccattrtab_copy(jas_iccattrtab_t *attrtab) { jas_iccattrtab_t *newattrtab; int i; if (!(newattrtab = jas_iccattrtab_create())) goto error; for (i = 0; i < attrtab->numattrs; ++i) { if (jas_iccattrtab_add(newattrtab, i, attrtab->attrs[i].name, attrtab->attrs[i].val)) goto error; } return newattrtab; error: return 0; }",jasper,,,238157176139001101036475655555027043184,0 2515,CWE-59,"set_acl(struct archive *a, int fd, const char *name, struct archive_acl *abstract_acl, int ae_requested_type, const char *tname) { int acl_type = 0; int ae_type, ae_permset, ae_tag, ae_id; uid_t ae_uid; gid_t ae_gid; const char *ae_name; int entries; int i; int ret; acl_t acl = NULL; acl_entry_t acl_entry; acl_permset_t acl_permset; ret = ARCHIVE_OK; entries = archive_acl_reset(abstract_acl, ae_requested_type); if (entries == 0) return (ARCHIVE_OK); switch (ae_requested_type) { case ARCHIVE_ENTRY_ACL_TYPE_ACCESS: acl_type = ACL_TYPE_ACCESS; break; case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT: acl_type = ACL_TYPE_DEFAULT; break; default: errno = ENOENT; archive_set_error(a, errno, ""Unsupported ACL type""); return (ARCHIVE_FAILED); } acl = acl_init(entries); if (acl == (acl_t)NULL) { archive_set_error(a, errno, ""Failed to initialize ACL working storage""); return (ARCHIVE_FAILED); } while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type, &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) { if (acl_create_entry(&acl, &acl_entry) != 0) { archive_set_error(a, errno, ""Failed to create a new ACL entry""); ret = ARCHIVE_FAILED; goto exit_free; } switch (ae_tag) { case ARCHIVE_ENTRY_ACL_USER: ae_uid = archive_write_disk_uid(a, ae_name, ae_id); acl_set_tag_type(acl_entry, ACL_USER); acl_set_qualifier(acl_entry, &ae_uid); break; case ARCHIVE_ENTRY_ACL_GROUP: ae_gid = archive_write_disk_gid(a, ae_name, ae_id); acl_set_tag_type(acl_entry, ACL_GROUP); acl_set_qualifier(acl_entry, &ae_gid); break; case ARCHIVE_ENTRY_ACL_USER_OBJ: acl_set_tag_type(acl_entry, ACL_USER_OBJ); break; case ARCHIVE_ENTRY_ACL_GROUP_OBJ: acl_set_tag_type(acl_entry, ACL_GROUP_OBJ); break; case ARCHIVE_ENTRY_ACL_MASK: acl_set_tag_type(acl_entry, ACL_MASK); break; case ARCHIVE_ENTRY_ACL_OTHER: acl_set_tag_type(acl_entry, ACL_OTHER); break; default: archive_set_error(a, ARCHIVE_ERRNO_MISC, ""Unsupported ACL tag""); ret = ARCHIVE_FAILED; goto exit_free; } if (acl_get_permset(acl_entry, &acl_permset) != 0) { archive_set_error(a, errno, ""Failed to get ACL permission set""); ret = ARCHIVE_FAILED; goto exit_free; } if (acl_clear_perms(acl_permset) != 0) { archive_set_error(a, errno, ""Failed to clear ACL permissions""); ret = ARCHIVE_FAILED; goto exit_free; } for (i = 0; i < acl_posix_perm_map_size; ++i) { if (ae_permset & acl_posix_perm_map[i].a_perm) { if (acl_add_perm(acl_permset, acl_posix_perm_map[i].p_perm) != 0) { archive_set_error(a, errno, ""Failed to add ACL permission""); ret = ARCHIVE_FAILED; goto exit_free; } } } } if (fd >= 0 && ae_requested_type == ARCHIVE_ENTRY_ACL_TYPE_ACCESS) { if (acl_set_fd(fd, acl) == 0) ret = ARCHIVE_OK; else { if (errno == EOPNOTSUPP) { ret = ARCHIVE_OK; } else { archive_set_error(a, errno, ""Failed to set acl on fd: %s"", tname); ret = ARCHIVE_WARN; } } } else if (acl_set_file(name, acl_type, acl) != 0) { if (errno == EOPNOTSUPP) { ret = ARCHIVE_OK; } else { archive_set_error(a, errno, ""Failed to set acl: %s"", tname); ret = ARCHIVE_WARN; } } exit_free: acl_free(acl); return (ret); }",visit repo url,libarchive/archive_disk_acl_linux.c,https://github.com/libarchive/libarchive,78828134139322,1 338,CWE-119,"static int su3000_frontend_attach(struct dvb_usb_adapter *d) { u8 obuf[3] = { 0xe, 0x80, 0 }; u8 ibuf[] = { 0 }; if (dvb_usb_generic_rw(d->dev, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); obuf[0] = 0xe; obuf[1] = 0x02; obuf[2] = 1; if (dvb_usb_generic_rw(d->dev, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); msleep(300); obuf[0] = 0xe; obuf[1] = 0x83; obuf[2] = 0; if (dvb_usb_generic_rw(d->dev, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); obuf[0] = 0xe; obuf[1] = 0x83; obuf[2] = 1; if (dvb_usb_generic_rw(d->dev, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); obuf[0] = 0x51; if (dvb_usb_generic_rw(d->dev, obuf, 1, ibuf, 1, 0) < 0) err(""command 0x51 transfer failed.""); d->fe_adap[0].fe = dvb_attach(ds3000_attach, &su3000_ds3000_config, &d->dev->i2c_adap); if (d->fe_adap[0].fe == NULL) return -EIO; if (dvb_attach(ts2020_attach, d->fe_adap[0].fe, &dw2104_ts2020_config, &d->dev->i2c_adap)) { info(""Attached DS3000/TS2020!""); return 0; } info(""Failed to attach DS3000/TS2020!""); return -EIO; }",visit repo url,drivers/media/usb/dvb-usb/dw2102.c,https://github.com/torvalds/linux,193548495308677,1 2014,['CWE-269'],"static int do_umount(struct vfsmount *mnt, int flags) { struct super_block *sb = mnt->mnt_sb; int retval; LIST_HEAD(umount_list); retval = security_sb_umount(mnt, flags); if (retval) return retval; if (flags & MNT_EXPIRE) { if (mnt == current->fs->rootmnt || flags & (MNT_FORCE | MNT_DETACH)) return -EINVAL; if (atomic_read(&mnt->mnt_count) != 2) return -EBUSY; if (!xchg(&mnt->mnt_expiry_mark, 1)) return -EAGAIN; } lock_kernel(); if (sb->s_op->umount_begin) sb->s_op->umount_begin(mnt, flags); unlock_kernel(); if (mnt == current->fs->rootmnt && !(flags & MNT_DETACH)) { down_write(&sb->s_umount); if (!(sb->s_flags & MS_RDONLY)) { lock_kernel(); DQUOT_OFF(sb); retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); unlock_kernel(); } up_write(&sb->s_umount); return retval; } down_write(&namespace_sem); spin_lock(&vfsmount_lock); event++; retval = -EBUSY; if (flags & MNT_DETACH || !propagate_mount_busy(mnt, 2)) { if (!list_empty(&mnt->mnt_list)) umount_tree(mnt, 1, &umount_list); retval = 0; } spin_unlock(&vfsmount_lock); if (retval) security_sb_umount_busy(mnt); up_write(&namespace_sem); release_mounts(&umount_list); return retval; }",linux-2.6,,,153384741026357692998944859503105347452,0 5814,CWE-22,"mmsClient_handleFileOpenRequest( MmsConnection connection, uint8_t* buffer, int bufPos, int maxBufPos, uint32_t invokeId, ByteBuffer* response) { char filename[256]; bool hasFileName = false; uint32_t filePosition = 0; while (bufPos < maxBufPos) { uint8_t tag = buffer[bufPos++]; int length; bufPos = BerDecoder_decodeLength(buffer, &length, bufPos, maxBufPos); if (bufPos < 0) goto exit_reject_invalid_pdu; switch(tag) { case 0xa0: if (!mmsMsg_parseFileName(filename, buffer, &bufPos, bufPos + length, invokeId, response)) return; hasFileName = true; break; case 0x81: filePosition = BerDecoder_decodeUint32(buffer, length, bufPos); bufPos += length; break; case 0x00: break; default: bufPos += length; goto exit_reject_invalid_pdu; } } if (hasFileName) { MmsFileReadStateMachine* frsm = getFreeFrsm(connection); if (frsm != NULL) { MmsOutstandingCall obtainFileCall = mmsClient_getMatchingObtainFileRequest(connection, filename); if (obtainFileCall) { if (DEBUG_MMS_CLIENT) printf(""MMS_CLIENT: file open is matching obtain file request for file %s\n"", filename); obtainFileCall->timeout = Hal_getTimeInMs() + connection->requestTimeout; } FileHandle fileHandle = mmsMsg_openFile(MmsConnection_getFilestoreBasepath(connection), filename, false); if (fileHandle != NULL) { frsm->fileHandle = fileHandle; frsm->readPosition = filePosition; frsm->frsmId = getNextFrsmId(connection); frsm->obtainRequest = obtainFileCall; mmsMsg_createFileOpenResponse(MmsConnection_getFilestoreBasepath(connection), invokeId, response, filename, frsm); } else mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_FILE_FILE_NON_EXISTENT); } else mmsMsg_createServiceErrorPdu(invokeId, response, MMS_ERROR_RESOURCE_OTHER); } else goto exit_invalid_parameter; return; exit_invalid_parameter: mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_REQUEST_INVALID_ARGUMENT, response); return; exit_reject_invalid_pdu: mmsMsg_createMmsRejectPdu(&invokeId, MMS_ERROR_REJECT_INVALID_PDU, response); }",visit repo url,src/mms/iso_mms/client/mms_client_files.c,https://github.com/mz-automation/libiec61850,27153826354252,1 1113,CWE-362,"int ip_options_get(struct net *net, struct ip_options **optp, unsigned char *data, int optlen) { struct ip_options *opt = ip_options_get_alloc(optlen); if (!opt) return -ENOMEM; if (optlen) memcpy(opt->__data, data, optlen); return ip_options_get_finish(net, optp, opt, optlen); }",visit repo url,net/ipv4/ip_options.c,https://github.com/torvalds/linux,51315628605075,1 5176,['CWE-20'],"static inline int cpu_has_vmx_invept_global(void) { return (!!(vmx_capability.ept & VMX_EPT_EXTENT_GLOBAL_BIT)); }",linux-2.6,,,166553586178623725692061485479180123381,0 6068,CWE-190,"void bn_rec_naf(int8_t *naf, int *len, const bn_t k, int w) { int i, l; bn_t t; dig_t t0, mask; int8_t u_i; if (*len < (bn_bits(k) + 1)) { *len = 0; RLC_THROW(ERR_NO_BUFFER); return; } bn_null(t); RLC_TRY { bn_new(t); bn_abs(t, k); mask = RLC_MASK(w); l = (1 << w); memset(naf, 0, *len); i = 0; if (w == 2) { while (!bn_is_zero(t)) { if (!bn_is_even(t)) { bn_get_dig(&t0, t); u_i = 2 - (t0 & mask); if (u_i < 0) { bn_add_dig(t, t, -u_i); } else { bn_sub_dig(t, t, u_i); } *naf = u_i; } else { *naf = 0; } bn_hlv(t, t); i++; naf++; } } else { while (!bn_is_zero(t)) { if (!bn_is_even(t)) { bn_get_dig(&t0, t); u_i = t0 & mask; if (u_i > l / 2) { u_i = (int8_t)(u_i - l); } if (u_i < 0) { bn_add_dig(t, t, -u_i); } else { bn_sub_dig(t, t, u_i); } *naf = u_i; } else { *naf = 0; } bn_hlv(t, t); i++; naf++; } } *len = i; } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/bn/relic_bn_rec.c,https://github.com/relic-toolkit/relic,60885790546151,1 900,['CWE-200'],"static int __init init_tmpfs(void) { int error; error = bdi_init(&shmem_backing_dev_info); if (error) goto out4; error = init_inodecache(); if (error) goto out3; error = register_filesystem(&tmpfs_fs_type); if (error) { printk(KERN_ERR ""Could not register tmpfs\n""); goto out2; } shm_mnt = vfs_kern_mount(&tmpfs_fs_type, MS_NOUSER, tmpfs_fs_type.name, NULL); if (IS_ERR(shm_mnt)) { error = PTR_ERR(shm_mnt); printk(KERN_ERR ""Could not kern_mount tmpfs\n""); goto out1; } return 0; out1: unregister_filesystem(&tmpfs_fs_type); out2: destroy_inodecache(); out3: bdi_destroy(&shmem_backing_dev_info); out4: shm_mnt = ERR_PTR(error); return error; }",linux-2.6,,,1280990913501977465377001869313748960,0 6602,CWE-404,"static void check_multi_info(ogs_sbi_client_t *client) { CURLM *multi = NULL; CURLMsg *resource; int pending; CURL *easy = NULL; CURLcode res; connection_t *conn = NULL; ogs_sbi_response_t *response = NULL; ogs_assert(client); multi = client->multi; ogs_assert(multi); while ((resource = curl_multi_info_read(multi, &pending))) { char *url; char *content_type = NULL; long res_status; ogs_assert(resource); switch (resource->msg) { case CURLMSG_DONE: easy = resource->easy_handle; ogs_assert(easy); curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn); ogs_assert(conn); curl_easy_getinfo(easy, CURLINFO_EFFECTIVE_URL, &url); curl_easy_getinfo(easy, CURLINFO_RESPONSE_CODE, &res_status); curl_easy_getinfo(easy, CURLINFO_CONTENT_TYPE, &content_type); res = resource->data.result; if (res == CURLE_OK) { response = ogs_sbi_response_new(); ogs_assert(response); response->status = res_status; ogs_assert(conn->method); response->h.method = ogs_strdup(conn->method); ogs_assert(response->h.method); response->h.uri = ogs_strdup(url); ogs_assert(response->h.uri); ogs_debug(""[%d:%s] %s"", response->status, response->h.method, response->h.uri); if (conn->memory) { response->http.content = ogs_memdup(conn->memory, conn->size + 1); ogs_assert(response->http.content); response->http.content_length = conn->size; ogs_assert(response->http.content_length); } ogs_debug(""RECEIVED[%d]"", (int)response->http.content_length); if (response->http.content_length && response->http.content) ogs_debug(""%s"", response->http.content); if (content_type) ogs_sbi_header_set(response->http.headers, OGS_SBI_CONTENT_TYPE, content_type); if (conn->location) ogs_sbi_header_set(response->http.headers, OGS_SBI_LOCATION, conn->location); } else ogs_warn(""[%d] %s"", res, conn->error); ogs_assert(conn->client_cb); conn->client_cb(res == CURLE_OK ? OGS_OK : OGS_ERROR, response, conn->data); connection_remove(conn); break; default: ogs_error(""Unknown CURL resource[%d]"", resource->msg); break; } } }",visit repo url,lib/sbi/client.c,https://github.com/open5gs/open5gs,31931505824452,1 1710,CWE-19,"ext4_xattr_block_get(struct inode *inode, int name_index, const char *name, void *buffer, size_t buffer_size) { struct buffer_head *bh = NULL; struct ext4_xattr_entry *entry; size_t size; int error; struct mb_cache *ext4_mb_cache = EXT4_GET_MB_CACHE(inode); ea_idebug(inode, ""name=%d.%s, buffer=%p, buffer_size=%ld"", name_index, name, buffer, (long)buffer_size); error = -ENODATA; if (!EXT4_I(inode)->i_file_acl) goto cleanup; ea_idebug(inode, ""reading block %llu"", (unsigned long long)EXT4_I(inode)->i_file_acl); bh = sb_bread(inode->i_sb, EXT4_I(inode)->i_file_acl); if (!bh) goto cleanup; ea_bdebug(bh, ""b_count=%d, refcount=%d"", atomic_read(&(bh->b_count)), le32_to_cpu(BHDR(bh)->h_refcount)); if (ext4_xattr_check_block(inode, bh)) { bad_block: EXT4_ERROR_INODE(inode, ""bad block %llu"", EXT4_I(inode)->i_file_acl); error = -EFSCORRUPTED; goto cleanup; } ext4_xattr_cache_insert(ext4_mb_cache, bh); entry = BFIRST(bh); error = ext4_xattr_find_entry(&entry, name_index, name, bh->b_size, 1); if (error == -EFSCORRUPTED) goto bad_block; if (error) goto cleanup; size = le32_to_cpu(entry->e_value_size); if (buffer) { error = -ERANGE; if (size > buffer_size) goto cleanup; memcpy(buffer, bh->b_data + le16_to_cpu(entry->e_value_offs), size); } error = size; cleanup: brelse(bh); return error; }",visit repo url,fs/ext4/xattr.c,https://github.com/torvalds/linux,49711698920472,1 4273,CWE-787,"static RList *create_cache_bins(RBinFile *bf, RDyldCache *cache) { RList *bins = r_list_newf ((RListFree)free_bin); if (!bins) { return NULL; } char *target_libs = NULL; RList *target_lib_names = NULL; int *deps = NULL; target_libs = r_sys_getenv (""R_DYLDCACHE_FILTER""); if (target_libs) { target_lib_names = r_str_split_list (target_libs, "":"", 0); if (!target_lib_names) { r_list_free (bins); return NULL; } deps = R_NEWS0 (int, cache->hdr->imagesCount); if (!deps) { r_list_free (bins); r_list_free (target_lib_names); return NULL; } } ut32 i; for (i = 0; i < cache->n_hdr; i++) { cache_hdr_t *hdr = &cache->hdr[i]; ut64 hdr_offset = cache->hdr_offset[i]; ut32 maps_index = cache->maps_index[i]; cache_img_t *img = read_cache_images (cache->buf, hdr, hdr_offset); if (!img) { goto next; } ut32 j; ut16 *depArray = NULL; cache_imgxtr_t *extras = NULL; if (target_libs) { HtPU *path_to_idx = NULL; if (cache->accel) { depArray = R_NEWS0 (ut16, cache->accel->depListCount); if (!depArray) { goto next; } if (r_buf_fread_at (cache->buf, cache->accel->depListOffset, (ut8*) depArray, ""s"", cache->accel->depListCount) != cache->accel->depListCount * 2) { goto next; } extras = read_cache_imgextra (cache->buf, hdr, cache->accel); if (!extras) { goto next; } } else { path_to_idx = create_path_to_index (cache->buf, img, hdr); } for (j = 0; j < hdr->imagesCount; j++) { bool printing = !deps[j]; char *lib_name = get_lib_name (cache->buf, &img[j]); if (!lib_name) { break; } if (strstr (lib_name, ""libobjc.A.dylib"")) { deps[j]++; } if (!r_list_find (target_lib_names, lib_name, string_contains)) { R_FREE (lib_name); continue; } if (printing) { eprintf (""FILTER: %s\n"", lib_name); } R_FREE (lib_name); deps[j]++; if (extras && depArray) { ut32 k; for (k = extras[j].dependentsStartArrayIndex; depArray[k] != 0xffff; k++) { ut16 dep_index = depArray[k] & 0x7fff; deps[dep_index]++; char *dep_name = get_lib_name (cache->buf, &img[dep_index]); if (!dep_name) { break; } if (printing) { eprintf (""-> %s\n"", dep_name); } free (dep_name); } } else if (path_to_idx) { carve_deps_at_address (cache, img, path_to_idx, img[j].address, deps, printing); } } ht_pu_free (path_to_idx); R_FREE (depArray); R_FREE (extras); } for (j = 0; j < hdr->imagesCount; j++) { if (deps && !deps[j]) { continue; } ut64 pa = va2pa (img[j].address, hdr->mappingCount, &cache->maps[maps_index], cache->buf, 0, NULL, NULL); if (pa == UT64_MAX) { continue; } ut8 magicbytes[4]; r_buf_read_at (cache->buf, pa, magicbytes, 4); int magic = r_read_le32 (magicbytes); switch (magic) { case MH_MAGIC_64: { char file[256]; RDyldBinImage *bin = R_NEW0 (RDyldBinImage); if (!bin) { goto next; } bin->header_at = pa; bin->hdr_offset = hdr_offset; bin->symbols_off = resolve_symbols_off (cache, pa); bin->va = img[j].address; if (r_buf_read_at (cache->buf, img[j].pathFileOffset, (ut8*) &file, sizeof (file)) == sizeof (file)) { file[255] = 0; char *last_slash = strrchr (file, '/'); if (last_slash && *last_slash) { if (last_slash > file) { char *scan = last_slash - 1; while (scan > file && *scan != '/') { scan--; } if (*scan == '/') { bin->file = strdup (scan + 1); } else { bin->file = strdup (last_slash + 1); } } else { bin->file = strdup (last_slash + 1); } } else { bin->file = strdup (file); } } r_list_append (bins, bin); break; } default: eprintf (""Unknown sub-bin\n""); break; } } next: R_FREE (depArray); R_FREE (extras); R_FREE (img); } if (r_list_empty (bins)) { r_list_free (bins); bins = NULL; } R_FREE (deps); R_FREE (target_libs); r_list_free (target_lib_names); return bins; }",visit repo url,libr/bin/p/bin_dyldcache.c,https://github.com/radareorg/radare2,155991622776013,1 4699,CWE-120,"imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata, const char* method) { char ibuf[LONG_STRING*2], obuf[LONG_STRING]; unsigned char hmac_response[MD5_DIGEST_LEN]; int len; int rc; if (!mutt_bit_isset (idata->capabilities, ACRAM_MD5)) return IMAP_AUTH_UNAVAIL; mutt_message _(""Authenticating (CRAM-MD5)...""); if (mutt_account_getlogin (&idata->conn->account)) return IMAP_AUTH_FAILURE; if (mutt_account_getpass (&idata->conn->account)) return IMAP_AUTH_FAILURE; imap_cmd_start (idata, ""AUTHENTICATE CRAM-MD5""); do rc = imap_cmd_step (idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { dprint (1, (debugfile, ""Invalid response from server: %s\n"", ibuf)); goto bail; } if ((len = mutt_from_base64 (obuf, idata->buf + 2)) == -1) { dprint (1, (debugfile, ""Error decoding base64 response.\n"")); goto bail; } obuf[len] = '\0'; dprint (2, (debugfile, ""CRAM challenge: %s\n"", obuf)); hmac_md5 (idata->conn->account.pass, obuf, hmac_response); snprintf (obuf, sizeof (obuf), ""%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"", idata->conn->account.user, hmac_response[0], hmac_response[1], hmac_response[2], hmac_response[3], hmac_response[4], hmac_response[5], hmac_response[6], hmac_response[7], hmac_response[8], hmac_response[9], hmac_response[10], hmac_response[11], hmac_response[12], hmac_response[13], hmac_response[14], hmac_response[15]); dprint(2, (debugfile, ""CRAM response: %s\n"", obuf)); mutt_to_base64 ((unsigned char*) ibuf, (unsigned char*) obuf, strlen (obuf), sizeof (ibuf) - 2); safe_strcat (ibuf, sizeof (ibuf), ""\r\n""); mutt_socket_write (idata->conn, ibuf); do rc = imap_cmd_step (idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_OK) { dprint (1, (debugfile, ""Error receiving server response.\n"")); goto bail; } if (imap_code (idata->buf)) return IMAP_AUTH_SUCCESS; bail: mutt_error _(""CRAM-MD5 authentication failed.""); mutt_sleep (2); return IMAP_AUTH_FAILURE; }",visit repo url,imap/auth_cram.c,https://gitlab.com/muttmua/mutt,254514374099619,1 1285,CWE-190,"xfs_acl_from_disk(struct xfs_acl *aclp) { struct posix_acl_entry *acl_e; struct posix_acl *acl; struct xfs_acl_entry *ace; int count, i; count = be32_to_cpu(aclp->acl_cnt); if (count > XFS_ACL_MAX_ENTRIES) return ERR_PTR(-EFSCORRUPTED); acl = posix_acl_alloc(count, GFP_KERNEL); if (!acl) return ERR_PTR(-ENOMEM); for (i = 0; i < count; i++) { acl_e = &acl->a_entries[i]; ace = &aclp->acl_entry[i]; acl_e->e_tag = be32_to_cpu(ace->ae_tag); acl_e->e_perm = be16_to_cpu(ace->ae_perm); switch (acl_e->e_tag) { case ACL_USER: case ACL_GROUP: acl_e->e_id = be32_to_cpu(ace->ae_id); break; case ACL_USER_OBJ: case ACL_GROUP_OBJ: case ACL_MASK: case ACL_OTHER: acl_e->e_id = ACL_UNDEFINED_ID; break; default: goto fail; } } return acl; fail: posix_acl_release(acl); return ERR_PTR(-EINVAL); }",visit repo url,fs/xfs/xfs_acl.c,https://github.com/torvalds/linux,199201657105592,1 3729,CWE-824,"int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { int64_t infilesize, total_samples; DFFFileHeader dff_file_header; DFFChunkHeader dff_chunk_header; uint32_t bcount; infilesize = DoGetFileSize (infile); memcpy (&dff_file_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &dff_file_header) + 4, sizeof (DFFFileHeader) - 4, &bcount) || bcount != sizeof (DFFFileHeader) - 4) || strncmp (dff_file_header.formType, ""DSD "", 4)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &dff_file_header, sizeof (DFFFileHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } #if 1 WavpackBigEndianToNative (&dff_file_header, DFFFileHeaderFormat); if (infilesize && !(config->qmode & QMODE_IGNORE_LENGTH) && dff_file_header.ckDataSize && dff_file_header.ckDataSize + 1 && dff_file_header.ckDataSize + 12 != infilesize) { error_line (""%s is not a valid .DFF file (by total size)!"", infilename); return WAVPACK_SOFT_ERROR; } if (debug_logging_mode) error_line (""file header indicated length = %lld"", dff_file_header.ckDataSize); #endif while (1) { if (!DoReadFile (infile, &dff_chunk_header, sizeof (DFFChunkHeader), &bcount) || bcount != sizeof (DFFChunkHeader)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &dff_chunk_header, sizeof (DFFChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&dff_chunk_header, DFFChunkHeaderFormat); if (debug_logging_mode) error_line (""chunk header indicated length = %lld"", dff_chunk_header.ckDataSize); if (!strncmp (dff_chunk_header.ckID, ""FVER"", 4)) { uint32_t version; if (dff_chunk_header.ckDataSize != sizeof (version) || !DoReadFile (infile, &version, sizeof (version), &bcount) || bcount != sizeof (version)) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &version, sizeof (version))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&version, ""L""); if (debug_logging_mode) error_line (""dsdiff file version = 0x%08x"", version); } else if (!strncmp (dff_chunk_header.ckID, ""PROP"", 4)) { char *prop_chunk; if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } if (debug_logging_mode) error_line (""got PROP chunk of %d bytes total"", (int) dff_chunk_header.ckDataSize); prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) || bcount != dff_chunk_header.ckDataSize) { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (prop_chunk); return WAVPACK_SOFT_ERROR; } if (!strncmp (prop_chunk, ""SND "", 4)) { char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize; uint16_t numChannels = 0, chansSpecified, chanMask = 0; uint32_t sampleRate; while (eptr - cptr >= sizeof (dff_chunk_header)) { memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header)); cptr += sizeof (dff_chunk_header); WavpackBigEndianToNative (&dff_chunk_header, DFFChunkHeaderFormat); if (dff_chunk_header.ckDataSize > 0 && dff_chunk_header.ckDataSize <= eptr - cptr) { if (!strncmp (dff_chunk_header.ckID, ""FS "", 4) && dff_chunk_header.ckDataSize == 4) { memcpy (&sampleRate, cptr, sizeof (sampleRate)); WavpackBigEndianToNative (&sampleRate, ""L""); cptr += dff_chunk_header.ckDataSize; if (debug_logging_mode) error_line (""got sample rate of %u Hz"", sampleRate); } else if (!strncmp (dff_chunk_header.ckID, ""CHNL"", 4) && dff_chunk_header.ckDataSize >= 2) { memcpy (&numChannels, cptr, sizeof (numChannels)); WavpackBigEndianToNative (&numChannels, ""S""); cptr += sizeof (numChannels); chansSpecified = (int)(dff_chunk_header.ckDataSize - sizeof (numChannels)) / 4; if (numChannels < chansSpecified || numChannels < 1 || numChannels > 256) { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } while (chansSpecified--) { if (!strncmp (cptr, ""SLFT"", 4) || !strncmp (cptr, ""MLFT"", 4)) chanMask |= 0x1; else if (!strncmp (cptr, ""SRGT"", 4) || !strncmp (cptr, ""MRGT"", 4)) chanMask |= 0x2; else if (!strncmp (cptr, ""LS "", 4)) chanMask |= 0x10; else if (!strncmp (cptr, ""RS "", 4)) chanMask |= 0x20; else if (!strncmp (cptr, ""C "", 4)) chanMask |= 0x4; else if (!strncmp (cptr, ""LFE "", 4)) chanMask |= 0x8; else if (debug_logging_mode) error_line (""undefined channel ID %c%c%c%c"", cptr [0], cptr [1], cptr [2], cptr [3]); cptr += 4; } if (debug_logging_mode) error_line (""%d channels, mask = 0x%08x"", numChannels, chanMask); } else if (!strncmp (dff_chunk_header.ckID, ""CMPR"", 4) && dff_chunk_header.ckDataSize >= 4) { if (strncmp (cptr, ""DSD "", 4)) { error_line (""DSDIFF files must be uncompressed, not \""%c%c%c%c\""!"", cptr [0], cptr [1], cptr [2], cptr [3]); free (prop_chunk); return WAVPACK_SOFT_ERROR; } cptr += dff_chunk_header.ckDataSize; } else { if (debug_logging_mode) error_line (""got PROP/SND chunk type \""%c%c%c%c\"" of %d bytes"", dff_chunk_header.ckID [0], dff_chunk_header.ckID [1], dff_chunk_header.ckID [2], dff_chunk_header.ckID [3], dff_chunk_header.ckDataSize); cptr += dff_chunk_header.ckDataSize; } } else { error_line (""%s is not a valid .DFF file!"", infilename); free (prop_chunk); return WAVPACK_SOFT_ERROR; } } if (chanMask && (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED))) { error_line (""this DSDIFF file already has channel order information!""); free (prop_chunk); return WAVPACK_SOFT_ERROR; } else if (chanMask) config->channel_mask = chanMask; config->bits_per_sample = 8; config->bytes_per_sample = 1; config->num_channels = numChannels; config->sample_rate = sampleRate / 8; config->qmode |= QMODE_DSD_MSB_FIRST; } else if (debug_logging_mode) error_line (""got unknown PROP chunk type \""%c%c%c%c\"" of %d bytes"", prop_chunk [0], prop_chunk [1], prop_chunk [2], prop_chunk [3], dff_chunk_header.ckDataSize); free (prop_chunk); } else if (!strncmp (dff_chunk_header.ckID, ""DSD "", 4)) { if (!config->num_channels) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } total_samples = dff_chunk_header.ckDataSize / config->num_channels; break; } else { int bytes_to_copy = (int)(((dff_chunk_header.ckDataSize) + 1) & ~(int64_t)1); char *buff; if (bytes_to_copy < 0 || bytes_to_copy > 4194304) { error_line (""%s is not a valid .DFF file!"", infilename); return WAVPACK_SOFT_ERROR; } buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", dff_chunk_header.ckID [0], dff_chunk_header.ckID [1], dff_chunk_header.ckID [2], dff_chunk_header.ckID [3], dff_chunk_header.ckDataSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (debug_logging_mode) error_line (""setting configuration with %lld samples"", total_samples); if (!WavpackSetConfiguration64 (wpc, config, total_samples, NULL)) { error_line (""%s: %s"", infilename, WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } return WAVPACK_NO_ERROR; }",visit repo url,cli/dsdiff.c,https://github.com/dbry/WavPack,44666556556114,1 753,CWE-20,"int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *address, int mode) { int size, ct, err; if (m->msg_namelen) { if (mode == VERIFY_READ) { void __user *namep; namep = (void __user __force *) m->msg_name; err = move_addr_to_kernel(namep, m->msg_namelen, address); if (err < 0) return err; } m->msg_name = address; } else { m->msg_name = NULL; } size = m->msg_iovlen * sizeof(struct iovec); if (copy_from_user(iov, (void __user __force *) m->msg_iov, size)) return -EFAULT; m->msg_iov = iov; err = 0; for (ct = 0; ct < m->msg_iovlen; ct++) { size_t len = iov[ct].iov_len; if (len > INT_MAX - err) { len = INT_MAX - err; iov[ct].iov_len = len; } err += len; } return err; }",visit repo url,net/core/iovec.c,https://github.com/torvalds/linux,95000477302680,1 268,CWE-416,"static int kvm_ioctl_create_device(struct kvm *kvm, struct kvm_create_device *cd) { struct kvm_device_ops *ops = NULL; struct kvm_device *dev; bool test = cd->flags & KVM_CREATE_DEVICE_TEST; int ret; if (cd->type >= ARRAY_SIZE(kvm_device_ops_table)) return -ENODEV; ops = kvm_device_ops_table[cd->type]; if (ops == NULL) return -ENODEV; if (test) return 0; dev = kzalloc(sizeof(*dev), GFP_KERNEL); if (!dev) return -ENOMEM; dev->ops = ops; dev->kvm = kvm; mutex_lock(&kvm->lock); ret = ops->create(dev, cd->type); if (ret < 0) { mutex_unlock(&kvm->lock); kfree(dev); return ret; } list_add(&dev->vm_node, &kvm->devices); mutex_unlock(&kvm->lock); if (ops->init) ops->init(dev); ret = anon_inode_getfd(ops->name, &kvm_device_fops, dev, O_RDWR | O_CLOEXEC); if (ret < 0) { ops->destroy(dev); mutex_lock(&kvm->lock); list_del(&dev->vm_node); mutex_unlock(&kvm->lock); return ret; } kvm_get_kvm(kvm); cd->fd = ret; return 0; }",visit repo url,virt/kvm/kvm_main.c,https://github.com/torvalds/linux,198685750352073,1 2673,CWE-190,"SPL_METHOD(DirectoryIterator, key) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } if (intern->u.dir.dirp) { RETURN_LONG(intern->u.dir.index); } else { RETURN_FALSE; } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,156593585074399,1 4768,['CWE-20'],"__le16 ext4_group_desc_csum(struct ext4_sb_info *sbi, __u32 block_group, struct ext4_group_desc *gdp) { __u16 crc = 0; if (sbi->s_es->s_feature_ro_compat & cpu_to_le32(EXT4_FEATURE_RO_COMPAT_GDT_CSUM)) { int offset = offsetof(struct ext4_group_desc, bg_checksum); __le32 le_group = cpu_to_le32(block_group); crc = crc16(~0, sbi->s_es->s_uuid, sizeof(sbi->s_es->s_uuid)); crc = crc16(crc, (__u8 *)&le_group, sizeof(le_group)); crc = crc16(crc, (__u8 *)gdp, offset); offset += sizeof(gdp->bg_checksum); if ((sbi->s_es->s_feature_incompat & cpu_to_le32(EXT4_FEATURE_INCOMPAT_64BIT)) && offset < le16_to_cpu(sbi->s_es->s_desc_size)) crc = crc16(crc, (__u8 *)gdp + offset, le16_to_cpu(sbi->s_es->s_desc_size) - offset); } return cpu_to_le16(crc); }",linux-2.6,,,108864377295964357668211012133769203980,0 5210,CWE-276,"flatpak_dir_pull (FlatpakDir *self, FlatpakRemoteState *state, const char *ref, const char *opt_rev, const char **subpaths, GFile *sideload_repo, GBytes *require_metadata, const char *token, OstreeRepo *repo, FlatpakPullFlags flatpak_flags, OstreeRepoPullFlags flags, FlatpakProgress *progress, GCancellable *cancellable, GError **error) { gboolean ret = FALSE; g_autofree char *rev = NULL; g_autofree char *url = NULL; g_autoptr(GPtrArray) subdirs_arg = NULL; g_auto(GLnxLockFile) lock = { 0, }; g_autofree char *name = NULL; g_autofree char *current_checksum = NULL; if (!flatpak_dir_ensure_repo (self, cancellable, error)) return FALSE; if (repo == NULL && !flatpak_dir_repo_lock (self, &lock, LOCK_SH, cancellable, error)) return FALSE; if (flatpak_dir_get_remote_oci (self, state->remote_name)) return flatpak_dir_pull_oci (self, state, ref, opt_rev, repo, flatpak_flags, flags, token, progress, cancellable, error); if (!ostree_repo_remote_get_url (self->repo, state->remote_name, &url, error)) return FALSE; if (*url == 0) return TRUE; if (opt_rev != NULL) { rev = g_strdup (opt_rev); } else { flatpak_remote_state_lookup_ref (state, ref, &rev, NULL, NULL, NULL, error); if (rev == NULL && error != NULL && *error == NULL) flatpak_fail_error (error, FLATPAK_ERROR_REF_NOT_FOUND, _(""Couldn't find latest checksum for ref %s in remote %s""), ref, state->remote_name); if (rev == NULL) { g_assert (error == NULL || *error != NULL); return FALSE; } } g_debug (""%s: Using commit %s for pull of ref %s from remote %s%s%s"", G_STRFUNC, rev, ref, state->remote_name, sideload_repo ? ""sideloaded from "" : """", sideload_repo ? flatpak_file_get_path_cached (sideload_repo) : """" ); if (repo == NULL) repo = self->repo; if (subpaths != NULL && subpaths[0] != NULL) { subdirs_arg = g_ptr_array_new_with_free_func (g_free); int i; g_ptr_array_add (subdirs_arg, g_strdup (""/metadata"")); for (i = 0; subpaths[i] != NULL; i++) g_ptr_array_add (subdirs_arg, g_build_filename (""/files"", subpaths[i], NULL)); g_ptr_array_add (subdirs_arg, NULL); } if (!flatpak_dir_setup_extra_data (self, state, repo, ref, rev, sideload_repo, token, flatpak_flags, progress, cancellable, error)) goto out; if (!ostree_repo_prepare_transaction (repo, NULL, cancellable, error)) goto out; flatpak_repo_resolve_rev (repo, NULL, state->remote_name, ref, TRUE, ¤t_checksum, NULL, NULL); if (!repo_pull (repo, state, subdirs_arg ? (const char **) subdirs_arg->pdata : NULL, ref, rev, sideload_repo, token, flatpak_flags, flags, progress, cancellable, error)) { g_prefix_error (error, _(""While pulling %s from remote %s: ""), ref, state->remote_name); goto out; } if (require_metadata) { g_autoptr(GVariant) commit_data = NULL; if (!ostree_repo_load_commit (repo, rev, &commit_data, NULL, error) || !validate_commit_metadata (commit_data, ref, (const char *)g_bytes_get_data (require_metadata, NULL), TRUE, error)) return FALSE; } if (!flatpak_dir_pull_extra_data (self, repo, state->remote_name, ref, rev, flatpak_flags, progress, cancellable, error)) goto out; if (!ostree_repo_commit_transaction (repo, NULL, cancellable, error)) goto out; ret = TRUE; if (repo == self->repo) name = flatpak_dir_get_name (self); else { GFile *file = ostree_repo_get_path (repo); name = g_file_get_path (file); } (flatpak_dir_log) (self, __FILE__, __LINE__, __FUNCTION__, name, ""pull"", state->remote_name, ref, rev, current_checksum, NULL, ""Pulled %s from %s"", ref, state->remote_name); out: if (!ret) { ostree_repo_abort_transaction (repo, cancellable, NULL); g_assert (error == NULL || *error != NULL); } return ret; }",visit repo url,common/flatpak-dir.c,https://github.com/flatpak/flatpak,94009635075101,1 182,[],"static inline unsigned long ioctl32_hash(unsigned long cmd) { return (((cmd >> 6) ^ (cmd >> 4) ^ cmd)) % IOCTL_HASHSIZE; }",linux-2.6,,,256550534236846776271265491445405823788,0 2055,NVD-CWE-noinfo,"static void sas_eh_handle_sas_errors(struct Scsi_Host *shost, struct list_head *work_q) { struct scsi_cmnd *cmd, *n; enum task_disposition res = TASK_IS_DONE; int tmf_resp, need_reset; struct sas_internal *i = to_sas_internal(shost->transportt); unsigned long flags; struct sas_ha_struct *ha = SHOST_TO_SAS_HA(shost); LIST_HEAD(done); list_for_each_entry_safe(cmd, n, work_q, eh_entry) { struct domain_device *dev = cmd_to_domain_dev(cmd); struct sas_task *task; spin_lock_irqsave(&dev->done_lock, flags); task = TO_SAS_TASK(cmd); spin_unlock_irqrestore(&dev->done_lock, flags); if (!task) list_move_tail(&cmd->eh_entry, &done); } Again: list_for_each_entry_safe(cmd, n, work_q, eh_entry) { struct sas_task *task = TO_SAS_TASK(cmd); list_del_init(&cmd->eh_entry); spin_lock_irqsave(&task->task_state_lock, flags); need_reset = task->task_state_flags & SAS_TASK_NEED_DEV_RESET; spin_unlock_irqrestore(&task->task_state_lock, flags); if (need_reset) { SAS_DPRINTK(""%s: task 0x%p requests reset\n"", __func__, task); goto reset; } SAS_DPRINTK(""trying to find task 0x%p\n"", task); res = sas_scsi_find_task(task); switch (res) { case TASK_IS_DONE: SAS_DPRINTK(""%s: task 0x%p is done\n"", __func__, task); sas_eh_defer_cmd(cmd); continue; case TASK_IS_ABORTED: SAS_DPRINTK(""%s: task 0x%p is aborted\n"", __func__, task); sas_eh_defer_cmd(cmd); continue; case TASK_IS_AT_LU: SAS_DPRINTK(""task 0x%p is at LU: lu recover\n"", task); reset: tmf_resp = sas_recover_lu(task->dev, cmd); if (tmf_resp == TMF_RESP_FUNC_COMPLETE) { SAS_DPRINTK(""dev %016llx LU %llx is "" ""recovered\n"", SAS_ADDR(task->dev), cmd->device->lun); sas_eh_defer_cmd(cmd); sas_scsi_clear_queue_lu(work_q, cmd); goto Again; } case TASK_IS_NOT_AT_LU: case TASK_ABORT_FAILED: SAS_DPRINTK(""task 0x%p is not at LU: I_T recover\n"", task); tmf_resp = sas_recover_I_T(task->dev); if (tmf_resp == TMF_RESP_FUNC_COMPLETE || tmf_resp == -ENODEV) { struct domain_device *dev = task->dev; SAS_DPRINTK(""I_T %016llx recovered\n"", SAS_ADDR(task->dev->sas_addr)); sas_eh_finish_cmd(cmd); sas_scsi_clear_queue_I_T(work_q, dev); goto Again; } try_to_reset_cmd_device(cmd); if (i->dft->lldd_clear_nexus_port) { struct asd_sas_port *port = task->dev->port; SAS_DPRINTK(""clearing nexus for port:%d\n"", port->id); res = i->dft->lldd_clear_nexus_port(port); if (res == TMF_RESP_FUNC_COMPLETE) { SAS_DPRINTK(""clear nexus port:%d "" ""succeeded\n"", port->id); sas_eh_finish_cmd(cmd); sas_scsi_clear_queue_port(work_q, port); goto Again; } } if (i->dft->lldd_clear_nexus_ha) { SAS_DPRINTK(""clear nexus ha\n""); res = i->dft->lldd_clear_nexus_ha(ha); if (res == TMF_RESP_FUNC_COMPLETE) { SAS_DPRINTK(""clear nexus ha "" ""succeeded\n""); sas_eh_finish_cmd(cmd); goto clear_q; } } SAS_DPRINTK(""error from device %llx, LUN %llx "" ""couldn't be recovered in any way\n"", SAS_ADDR(task->dev->sas_addr), cmd->device->lun); sas_eh_finish_cmd(cmd); goto clear_q; } } out: list_splice_tail(&done, work_q); list_splice_tail_init(&ha->eh_ata_q, work_q); return; clear_q: SAS_DPRINTK(""--- Exit %s -- clear_q\n"", __func__); list_for_each_entry_safe(cmd, n, work_q, eh_entry) sas_eh_finish_cmd(cmd); goto out; }",visit repo url,drivers/scsi/libsas/sas_scsi_host.c,https://github.com/torvalds/linux,227490590645260,1 3146,['CWE-189'],"static int jpc_dec_process_soc(jpc_dec_t *dec, jpc_ms_t *ms) { ms = 0; dec->state = JPC_MHSIZ; return 0; }",jasper,,,230362851922206028217611317724202709217,0 83,['CWE-787'],"static void cirrus_get_offsets(VGAState *s1, uint32_t *pline_offset, uint32_t *pstart_addr, uint32_t *pline_compare) { CirrusVGAState * s = (CirrusVGAState *)s1; uint32_t start_addr, line_offset, line_compare; line_offset = s->cr[0x13] | ((s->cr[0x1b] & 0x10) << 4); line_offset <<= 3; *pline_offset = line_offset; start_addr = (s->cr[0x0c] << 8) | s->cr[0x0d] | ((s->cr[0x1b] & 0x01) << 16) | ((s->cr[0x1b] & 0x0c) << 15) | ((s->cr[0x1d] & 0x80) << 12); *pstart_addr = start_addr; line_compare = s->cr[0x18] | ((s->cr[0x07] & 0x10) << 4) | ((s->cr[0x09] & 0x40) << 3); *pline_compare = line_compare; }",qemu,,,298069559385950362989631820711295231581,0 48,CWE-763,"spnego_gss_wrap( OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer) { OM_uint32 ret; ret = gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,5466717753219,1 4885,['CWE-399'],"int paste_selection(struct tty_struct *tty) { struct vc_data *vc = tty->driver_data; int pasted = 0; unsigned int count; struct tty_ldisc *ld; DECLARE_WAITQUEUE(wait, current); acquire_console_sem(); poke_blanked_console(); release_console_sem(); ld = tty_ldisc_ref_wait(tty); add_wait_queue(&vc->paste_wait, &wait); while (sel_buffer && sel_buffer_lth > pasted) { set_current_state(TASK_INTERRUPTIBLE); if (test_bit(TTY_THROTTLED, &tty->flags)) { schedule(); continue; } count = sel_buffer_lth - pasted; count = min(count, tty->receive_room); tty->ldisc.ops->receive_buf(tty, sel_buffer + pasted, NULL, count); pasted += count; } remove_wait_queue(&vc->paste_wait, &wait); __set_current_state(TASK_RUNNING); tty_ldisc_deref(ld); return 0; }",linux-2.6,,,237216369764271674341688789152062121942,0 1018,CWE-399,"static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, struct ceph_crypto_key *secret, void *buf, void *end) { void *p = buf; char *dbuf; char *ticket_buf; u8 reply_struct_v; u32 num; int ret; dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); if (!dbuf) return -ENOMEM; ret = -ENOMEM; ticket_buf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); if (!ticket_buf) goto out_dbuf; ceph_decode_8_safe(&p, end, reply_struct_v, bad); if (reply_struct_v != 1) return -EINVAL; ceph_decode_32_safe(&p, end, num, bad); dout(""%d tickets\n"", num); while (num--) { ret = process_one_ticket(ac, secret, &p, end, dbuf, ticket_buf); if (ret) goto out; } ret = 0; out: kfree(ticket_buf); out_dbuf: kfree(dbuf); return ret; bad: ret = -EINVAL; goto out; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,240857070215404,1 3006,CWE-22,"wiki_handle_rest_call(HttpRequest *req, HttpResponse *res, char *func) { if (func != NULL && *func != '\0') { if (!strcmp(func, ""page/get"")) { char *page = http_request_param_get(req, ""page""); if (page == NULL) page = http_request_get_query_string(req); if (page && (access(page, R_OK) == 0)) { http_response_printf(res, ""%s"", file_read(page)); http_response_send(res); return; } } else if (!strcmp(func, ""page/set"")) { char *wikitext = NULL, *page = NULL; if( ( (wikitext = http_request_param_get(req, ""text"")) != NULL) && ( (page = http_request_param_get(req, ""page"")) != NULL)) { file_write(page, wikitext); http_response_printf(res, ""success""); http_response_send(res); return; } } else if (!strcmp(func, ""page/delete"")) { char *page = http_request_param_get(req, ""page""); if (page == NULL) page = http_request_get_query_string(req); if (page && (unlink(page) > 0)) { http_response_printf(res, ""success""); http_response_send(res); return; } } else if (!strcmp(func, ""page/exists"")) { char *page = http_request_param_get(req, ""page""); if (page == NULL) page = http_request_get_query_string(req); if (page && (access(page, R_OK) == 0)) { http_response_printf(res, ""success""); http_response_send(res); return; } } else if (!strcmp(func, ""pages"") || !strcmp(func, ""search"")) { WikiPageList **pages = NULL; int n_pages, i; char *expr = http_request_param_get(req, ""expr""); if (expr == NULL) expr = http_request_get_query_string(req); pages = wiki_get_pages(&n_pages, expr); if (pages) { for (i=0; imtime); strftime(datebuf, sizeof(datebuf), ""%Y-%m-%d %H:%M"", pTm); http_response_printf(res, ""%s\t%s\n"", pages[i]->name, datebuf); } http_response_send(res); return; } } } http_response_set_status(res, 500, ""Error""); http_response_printf(res, ""Failed\n""); http_response_send(res); return; }",visit repo url,src/wiki.c,https://github.com/yarolig/didiwiki,16950958915758,1 3973,CWE-704,"static void merge_param(HashTable *params, zval *zdata, zval ***current_param, zval ***current_args TSRMLS_DC) { zval **ptr, **zdata_ptr; php_http_array_hashkey_t hkey = php_http_array_hashkey_init(0); #if 0 { zval tmp; INIT_PZVAL_ARRAY(&tmp, params); fprintf(stderr, ""params = ""); zend_print_zval_r(&tmp, 1 TSRMLS_CC); fprintf(stderr, ""\n""); } #endif hkey.type = zend_hash_get_current_key_ex(Z_ARRVAL_P(zdata), &hkey.str, &hkey.len, &hkey.num, hkey.dup, NULL); if ((hkey.type == HASH_KEY_IS_STRING && !zend_hash_exists(params, hkey.str, hkey.len)) || (hkey.type == HASH_KEY_IS_LONG && !zend_hash_index_exists(params, hkey.num)) ) { zval *tmp, *arg, **args; zend_hash_get_current_data(Z_ARRVAL_P(zdata), (void *) &ptr); Z_ADDREF_PP(ptr); MAKE_STD_ZVAL(tmp); array_init(tmp); add_assoc_zval_ex(tmp, ZEND_STRS(""value""), *ptr); MAKE_STD_ZVAL(arg); array_init(arg); zend_hash_update(Z_ARRVAL_P(tmp), ""arguments"", sizeof(""arguments""), (void *) &arg, sizeof(zval *), (void *) &args); *current_args = args; if (hkey.type == HASH_KEY_IS_STRING) { zend_hash_update(params, hkey.str, hkey.len, (void *) &tmp, sizeof(zval *), (void *) &ptr); } else { zend_hash_index_update(params, hkey.num, (void *) &tmp, sizeof(zval *), (void *) &ptr); } } else { if (hkey.type == HASH_KEY_IS_STRING) { zend_hash_find(params, hkey.str, hkey.len, (void *) &ptr); } else { zend_hash_index_find(params, hkey.num, (void *) &ptr); } zdata_ptr = &zdata; if (Z_TYPE_PP(ptr) == IS_ARRAY && SUCCESS == zend_hash_find(Z_ARRVAL_PP(ptr), ""value"", sizeof(""value""), (void *) &ptr) && SUCCESS == zend_hash_get_current_data(Z_ARRVAL_PP(zdata_ptr), (void *) &zdata_ptr) ) { zval **test_ptr; while (Z_TYPE_PP(zdata_ptr) == IS_ARRAY && SUCCESS == zend_hash_get_current_data(Z_ARRVAL_PP(zdata_ptr), (void *) &test_ptr) ) { if (Z_TYPE_PP(test_ptr) == IS_ARRAY) { if (HASH_KEY_IS_STRING == zend_hash_get_current_key_ex(Z_ARRVAL_PP(zdata_ptr), &hkey.str, &hkey.len, &hkey.num, hkey.dup, NULL)) { if (SUCCESS == zend_hash_find(Z_ARRVAL_PP(ptr), hkey.str, hkey.len, (void *) &ptr)) { zdata_ptr = test_ptr; } else { Z_ADDREF_PP(test_ptr); zend_hash_update(Z_ARRVAL_PP(ptr), hkey.str, hkey.len, (void *) test_ptr, sizeof(zval *), (void *) &ptr); break; } } else { if (SUCCESS == zend_hash_index_find(Z_ARRVAL_PP(ptr), hkey.num, (void *) &ptr)) { zdata_ptr = test_ptr; } else if (hkey.num) { Z_ADDREF_PP(test_ptr); zend_hash_index_update(Z_ARRVAL_PP(ptr), hkey.num, (void *) test_ptr, sizeof(zval *), (void *) &ptr); break; } else { Z_ADDREF_PP(test_ptr); zend_hash_next_index_insert(Z_ARRVAL_PP(ptr), (void *) test_ptr, sizeof(zval *), (void *) &ptr); break; } } } else { Z_ADDREF_PP(test_ptr); if (Z_TYPE_PP(ptr) != IS_ARRAY) { zval_dtor(*ptr); array_init(*ptr); } if (HASH_KEY_IS_STRING == zend_hash_get_current_key_ex(Z_ARRVAL_PP(zdata_ptr), &hkey.str, &hkey.len, &hkey.num, hkey.dup, NULL)) { zend_hash_update(Z_ARRVAL_PP(ptr), hkey.str, hkey.len, (void *) test_ptr, sizeof(zval *), (void *) &ptr); } else if (hkey.num) { zend_hash_index_update(Z_ARRVAL_PP(ptr), hkey.num, (void *) test_ptr, sizeof(zval *), (void *) &ptr); } else { zend_hash_next_index_insert(Z_ARRVAL_PP(ptr), (void *) test_ptr, sizeof(zval *), (void *) &ptr); } break; } } } } while (Z_TYPE_PP(ptr) == IS_ARRAY && SUCCESS == zend_hash_get_current_data(Z_ARRVAL_PP(ptr), (void *) &ptr)); *current_param = ptr; }",visit repo url,src/php_http_params.c,https://github.com/m6w6/ext-http,215546177741275,1 4820,CWE-119,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 4425,['CWE-264'],"struct sk_buff *sock_wmalloc(struct sock *sk, unsigned long size, int force, gfp_t priority) { if (force || atomic_read(&sk->sk_wmem_alloc) < sk->sk_sndbuf) { struct sk_buff * skb = alloc_skb(size, priority); if (skb) { skb_set_owner_w(skb, sk); return skb; } } return NULL; }",linux-2.6,,,47447890153307402671636974232948769688,0 1832,['CWE-189'],"_gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd) { memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); }",gnutls,,,263788800237984421954673983129575358229,0 6085,CWE-190,"int bn_size_raw(const bn_t a) { return a->used; }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,258515898231733,1 1615,[],"static inline void sg_inc_cpu_power(struct sched_group *sg, u32 val) { sg->__cpu_power += val; sg->reciprocal_cpu_power = reciprocal_value(sg->__cpu_power); }",linux-2.6,,,35457611146421910277117710813511008556,0 1925,CWE-400,"static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b) { u64 runtime = 0, slice = sched_cfs_bandwidth_slice(); unsigned long flags; u64 expires; raw_spin_lock_irqsave(&cfs_b->lock, flags); cfs_b->slack_started = false; if (cfs_b->distribute_running) { raw_spin_unlock_irqrestore(&cfs_b->lock, flags); return; } if (runtime_refresh_within(cfs_b, min_bandwidth_expiration)) { raw_spin_unlock_irqrestore(&cfs_b->lock, flags); return; } if (cfs_b->quota != RUNTIME_INF && cfs_b->runtime > slice) runtime = cfs_b->runtime; expires = cfs_b->runtime_expires; if (runtime) cfs_b->distribute_running = 1; raw_spin_unlock_irqrestore(&cfs_b->lock, flags); if (!runtime) return; runtime = distribute_cfs_runtime(cfs_b, runtime, expires); raw_spin_lock_irqsave(&cfs_b->lock, flags); if (expires == cfs_b->runtime_expires) lsub_positive(&cfs_b->runtime, runtime); cfs_b->distribute_running = 0; raw_spin_unlock_irqrestore(&cfs_b->lock, flags); }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,11460553321863,1 2054,NVD-CWE-noinfo,"static void sas_scsi_clear_queue_lu(struct list_head *error_q, struct scsi_cmnd *my_cmd) { struct scsi_cmnd *cmd, *n; list_for_each_entry_safe(cmd, n, error_q, eh_entry) { if (cmd->device->sdev_target == my_cmd->device->sdev_target && cmd->device->lun == my_cmd->device->lun) sas_eh_defer_cmd(cmd); } }",visit repo url,drivers/scsi/libsas/sas_scsi_host.c,https://github.com/torvalds/linux,210166509425978,1 6696,CWE-90,"int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx, const uint8_t *der_cert, size_t der_size, char **_filter, char ***_domains) { int ret; struct match_map_rule *r; struct priority_list *p; struct sss_cert_content *cert_content = NULL; char *filter = NULL; char **domains = NULL; size_t c; if (_filter == NULL || _domains == NULL) { return EINVAL; } ret = sss_cert_get_content(ctx, der_cert, der_size, &cert_content); if (ret != 0) { CM_DEBUG(ctx, ""Failed to get certificate content [%d]."", ret); return ret; } if (ctx->prio_list == NULL) { if (ctx->default_mapping_rule == NULL) { CM_DEBUG(ctx, ""No matching or mapping rules available.""); return EINVAL; } ret = get_filter(ctx, ctx->default_mapping_rule, cert_content, &filter); goto done; } for (p = ctx->prio_list; p != NULL; p = p->next) { for (r = p->rule_list; r != NULL; r = r->next) { ret = do_match(ctx, r->parsed_match_rule, cert_content); if (ret == 0) { ret = get_filter(ctx, r->parsed_mapping_rule, cert_content, &filter); if (ret != 0) { CM_DEBUG(ctx, ""Failed to get filter""); goto done; } if (r->domains != NULL) { for (c = 0; r->domains[c] != NULL; c++); domains = talloc_zero_array(ctx, char *, c + 1); if (domains == NULL) { ret = ENOMEM; goto done; } for (c = 0; r->domains[c] != NULL; c++) { domains[c] = talloc_strdup(domains, r->domains[c]); if (domains[c] == NULL) { ret = ENOMEM; goto done; } } } ret = 0; goto done; } } } ret = ENOENT; done: talloc_free(cert_content); if (ret == 0) { *_filter = filter; *_domains = domains; } else { talloc_free(filter); talloc_free(domains); } return ret; }",visit repo url,src/lib/certmap/sss_certmap.c,https://github.com/SSSD/sssd,176547092665559,1 3488,['CWE-20'],"sctp_disposition_t sctp_sf_bug(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { return SCTP_DISPOSITION_BUG; }",linux-2.6,,,24211730452827536310705421510314067119,0 6362,[],"gchar * getRruleDayname (guchar a) { static gchar daystring[25]; *daystring = 0; if (a & 0x01) { strcat(daystring, ""SU,""); } if (a & 0x02) { strcat(daystring, ""MO,""); } if (a & 0x04) { strcat(daystring, ""TU,""); } if (a & 0x08) { strcat(daystring, ""WE,""); } if (a & 0x10) { strcat(daystring, ""TH,""); } if (a & 0x20) { strcat(daystring, ""FR,""); } if (a & 0x40) { strcat(daystring, ""SA,""); } if (strlen (daystring)) { daystring[strlen (daystring) - 1] = 0; } return (daystring); }",evolution,,,189544988158237320104136474785611723886,0 4115,['CWE-399'],"static int bsg_io_schedule(struct bsg_device *bd) { DEFINE_WAIT(wait); int ret = 0; spin_lock_irq(&bd->lock); BUG_ON(bd->done_cmds > bd->queued_cmds); if (bd->done_cmds == bd->queued_cmds) { ret = -ENODATA; goto unlock; } if (!test_bit(BSG_F_BLOCK, &bd->flags)) { ret = -EAGAIN; goto unlock; } prepare_to_wait(&bd->wq_done, &wait, TASK_UNINTERRUPTIBLE); spin_unlock_irq(&bd->lock); io_schedule(); finish_wait(&bd->wq_done, &wait); return ret; unlock: spin_unlock_irq(&bd->lock); return ret; }",linux-2.6,,,25808836443237620643598741585123081187,0 1751,CWE-20,"static int ovl_remove_upper(struct dentry *dentry, bool is_dir) { struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); struct inode *dir = upperdir->d_inode; struct dentry *upper = ovl_dentry_upper(dentry); int err; inode_lock_nested(dir, I_MUTEX_PARENT); err = -ESTALE; if (upper->d_parent == upperdir) { dget(upper); if (is_dir) err = vfs_rmdir(dir, upper); else err = vfs_unlink(dir, upper, NULL); dput(upper); ovl_dentry_version_inc(dentry->d_parent); } if (!err) d_drop(dentry); inode_unlock(dir); return err; }",visit repo url,fs/overlayfs/dir.c,https://github.com/torvalds/linux,147518988883683,1 902,CWE-20,"static int x25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct x25_sock *x25 = x25_sk(sk); struct sockaddr_x25 *sx25 = (struct sockaddr_x25 *)msg->msg_name; size_t copied; int qbit, header_len; struct sk_buff *skb; unsigned char *asmptr; int rc = -ENOTCONN; lock_sock(sk); if (x25->neighbour == NULL) goto out; header_len = x25->neighbour->extended ? X25_EXT_MIN_LEN : X25_STD_MIN_LEN; if (sk->sk_state != TCP_ESTABLISHED) goto out; if (flags & MSG_OOB) { rc = -EINVAL; if (sock_flag(sk, SOCK_URGINLINE) || !skb_peek(&x25->interrupt_in_queue)) goto out; skb = skb_dequeue(&x25->interrupt_in_queue); if (!pskb_may_pull(skb, X25_STD_MIN_LEN)) goto out_free_dgram; skb_pull(skb, X25_STD_MIN_LEN); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = 0x00; } msg->msg_flags |= MSG_OOB; } else { release_sock(sk); skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); lock_sock(sk); if (!skb) goto out; if (!pskb_may_pull(skb, header_len)) goto out_free_dgram; qbit = (skb->data[0] & X25_Q_BIT) == X25_Q_BIT; skb_pull(skb, header_len); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = qbit; } } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } msg->msg_flags |= MSG_EOR; rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (rc) goto out_free_dgram; if (sx25) { sx25->sx25_family = AF_X25; sx25->sx25_addr = x25->dest_addr; } msg->msg_namelen = sizeof(struct sockaddr_x25); x25_check_rbuf(sk); rc = copied; out_free_dgram: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/x25/af_x25.c,https://github.com/torvalds/linux,15718660389662,1 631,CWE-200,"int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *isk = inet_sk(sk); int family = sk->sk_family; struct sockaddr_in *sin; struct sockaddr_in6 *sin6; struct sk_buff *skb; int copied, err; pr_debug(""ping_recvmsg(sk=%p,sk->num=%u)\n"", isk, isk->inet_num); err = -EOPNOTSUPP; if (flags & MSG_OOB) goto out; if (addr_len) { if (family == AF_INET) *addr_len = sizeof(*sin); else if (family == AF_INET6 && addr_len) *addr_len = sizeof(*sin6); } if (flags & MSG_ERRQUEUE) { if (family == AF_INET) { return ip_recv_error(sk, msg, len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { return pingv6_ops.ipv6_recv_error(sk, msg, len); #endif } } skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_timestamp(msg, sk, skb); if (family == AF_INET) { sin = (struct sockaddr_in *) msg->msg_name; sin->sin_family = AF_INET; sin->sin_port = 0 ; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); if (isk->cmsg_flags) ip_cmsg_recv(msg, skb); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { struct ipv6_pinfo *np = inet6_sk(sk); struct ipv6hdr *ip6 = ipv6_hdr(skb); sin6 = (struct sockaddr_in6 *) msg->msg_name; sin6->sin6_family = AF_INET6; sin6->sin6_port = 0; sin6->sin6_addr = ip6->saddr; sin6->sin6_flowinfo = 0; if (np->sndflow) sin6->sin6_flowinfo = ip6_flowinfo(ip6); sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); if (inet6_sk(sk)->rxopt.all) pingv6_ops.ip6_datagram_recv_ctl(sk, msg, skb); #endif } else { BUG(); } err = copied; done: skb_free_datagram(sk, skb); out: pr_debug(""ping_recvmsg -> %d\n"", err); return err; }",visit repo url,net/ipv4/ping.c,https://github.com/torvalds/linux,75563104669123,1 6115,CWE-190,"void ed_map_dst(ed_t p, const uint8_t *msg, int len, const uint8_t *dst, int dst_len) { bn_t k; fp_t t; ed_t q; const int len_per_elm = (FP_PRIME + ed_param_level() + 7) / 8; uint8_t *pseudo_random_bytes = RLC_ALLOCA(uint8_t, 2 * len_per_elm); bn_null(k); fp_null(t); ed_null(q); RLC_TRY { bn_new(k); fp_new(t); ed_new(q); md_xmd(pseudo_random_bytes, 2 * len_per_elm, msg, len, dst, dst_len); #define ED_MAP_CONVERT_BYTES(IDX) \ do { \ bn_read_bin(k, pseudo_random_bytes + IDX * len_per_elm, len_per_elm); \ fp_prime_conv(t, k); \ } while (0) ED_MAP_CONVERT_BYTES(0); ed_map_ell2_5mod8(p, t); ED_MAP_CONVERT_BYTES(1); ed_map_ell2_5mod8(q, t); #undef ED_MAP_CONVERT_BYTES ed_add(p, p, q); switch (ed_param_get()) { case CURVE_ED25519: ed_dbl(p, p); ed_dbl(p, p); ed_dbl(p, p); break; default: RLC_THROW(ERR_NO_VALID); break; } ed_norm(p, p); #if ED_ADD == EXTND fp_mul(p->t, p->x, p->y); #endif p->coord = BASIC; } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(k); fp_free(t); ed_free(q); RLC_FREE(pseudo_random_bytes); } }",visit repo url,src/ed/relic_ed_map.c,https://github.com/relic-toolkit/relic,118393684430971,1 2474,['CWE-119'],"static struct commit *get_revision_1(struct rev_info *revs) { if (!revs->commits) return NULL; do { struct commit_list *entry = revs->commits; struct commit *commit = entry->item; revs->commits = entry->next; free(entry); if (revs->reflog_info) fake_reflog_parent(revs->reflog_info, commit); if (!revs->limited) { if (revs->max_age != -1 && (commit->date < revs->max_age)) continue; if (add_parents_to_list(revs, commit, &revs->commits) < 0) return NULL; } switch (simplify_commit(revs, commit)) { case commit_ignore: continue; case commit_error: return NULL; default: return commit; } } while (revs->commits); return NULL; }",git,,,259006931282617823337148277893456647397,0 1924,CWE-190,"static int set_geometry(unsigned int cmd, struct floppy_struct *g, int drive, int type, struct block_device *bdev) { int cnt; if (g->sect <= 0 || g->head <= 0 || (unsigned char)((g->sect << 2) >> FD_SIZECODE(g)) == 0 || g->track <= 0 || g->track > UDP->tracks >> STRETCH(g) || (g->stretch & ~(FD_STRETCH | FD_SWAPSIDES | FD_SECTBASEMASK)) != 0) return -EINVAL; if (type) { if (!capable(CAP_SYS_ADMIN)) return -EPERM; mutex_lock(&open_lock); if (lock_fdc(drive)) { mutex_unlock(&open_lock); return -EINTR; } floppy_type[type] = *g; floppy_type[type].name = ""user format""; for (cnt = type << 2; cnt < (type << 2) + 4; cnt++) floppy_sizes[cnt] = floppy_sizes[cnt + 0x80] = floppy_type[type].size + 1; process_fd_request(); for (cnt = 0; cnt < N_DRIVE; cnt++) { struct block_device *bdev = opened_bdev[cnt]; if (!bdev || ITYPE(drive_state[cnt].fd_device) != type) continue; __invalidate_device(bdev, true); } mutex_unlock(&open_lock); } else { int oldStretch; if (lock_fdc(drive)) return -EINTR; if (cmd != FDDEFPRM) { if (poll_drive(true, FD_RAW_NEED_DISK) == -EINTR) return -EINTR; } oldStretch = g->stretch; user_params[drive] = *g; if (buffer_drive == drive) SUPBOUND(buffer_max, user_params[drive].sect); current_type[drive] = &user_params[drive]; floppy_sizes[drive] = user_params[drive].size; if (cmd == FDDEFPRM) DRS->keep_data = -1; else DRS->keep_data = 1; if (DRS->maxblock > user_params[drive].sect || DRS->maxtrack || ((user_params[drive].sect ^ oldStretch) & (FD_SWAPSIDES | FD_SECTBASEMASK))) invalidate_drive(bdev); else process_fd_request(); } return 0; }",visit repo url,drivers/block/floppy.c,https://github.com/torvalds/linux,23783784052469,1 4265,['CWE-264'],"static int copy_signal(unsigned long clone_flags, struct task_struct *tsk) { struct signal_struct *sig; if (clone_flags & CLONE_THREAD) { atomic_inc(¤t->signal->count); atomic_inc(¤t->signal->live); return 0; } sig = kmem_cache_alloc(signal_cachep, GFP_KERNEL); if (sig) posix_cpu_timers_init_group(sig); tsk->signal = sig; if (!sig) return -ENOMEM; atomic_set(&sig->count, 1); atomic_set(&sig->live, 1); init_waitqueue_head(&sig->wait_chldexit); sig->flags = 0; sig->group_exit_code = 0; sig->group_exit_task = NULL; sig->group_stop_count = 0; sig->curr_target = tsk; init_sigpending(&sig->shared_pending); INIT_LIST_HEAD(&sig->posix_timers); hrtimer_init(&sig->real_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); sig->it_real_incr.tv64 = 0; sig->real_timer.function = it_real_fn; sig->leader = 0; sig->tty_old_pgrp = NULL; sig->tty = NULL; sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero; sig->gtime = cputime_zero; sig->cgtime = cputime_zero; sig->nvcsw = sig->nivcsw = sig->cnvcsw = sig->cnivcsw = 0; sig->min_flt = sig->maj_flt = sig->cmin_flt = sig->cmaj_flt = 0; sig->inblock = sig->oublock = sig->cinblock = sig->coublock = 0; task_io_accounting_init(&sig->ioac); sig->sum_sched_runtime = 0; taskstats_tgid_init(sig); task_lock(current->group_leader); memcpy(sig->rlim, current->signal->rlim, sizeof sig->rlim); task_unlock(current->group_leader); acct_init_pacct(&sig->pacct); tty_audit_fork(sig); return 0; }",linux-2.6,,,189994787000272291644682253070714683380,0 4543,['CWE-20'],"static int ext4_unlink(struct inode *dir, struct dentry *dentry) { int retval; struct inode *inode; struct buffer_head *bh; struct ext4_dir_entry_2 *de; handle_t *handle; DQUOT_INIT(dentry->d_inode); handle = ext4_journal_start(dir, EXT4_DELETE_TRANS_BLOCKS(dir->i_sb)); if (IS_ERR(handle)) return PTR_ERR(handle); if (IS_DIRSYNC(dir)) ext4_handle_sync(handle); retval = -ENOENT; bh = ext4_find_entry(dir, &dentry->d_name, &de); if (!bh) goto end_unlink; inode = dentry->d_inode; retval = -EIO; if (le32_to_cpu(de->inode) != inode->i_ino) goto end_unlink; if (!inode->i_nlink) { ext4_warning(inode->i_sb, ""ext4_unlink"", ""Deleting nonexistent file (%lu), %d"", inode->i_ino, inode->i_nlink); inode->i_nlink = 1; } retval = ext4_delete_entry(handle, dir, de, bh); if (retval) goto end_unlink; dir->i_ctime = dir->i_mtime = ext4_current_time(dir); ext4_update_dx_flag(dir); ext4_mark_inode_dirty(handle, dir); drop_nlink(inode); if (!inode->i_nlink) ext4_orphan_add(handle, inode); inode->i_ctime = ext4_current_time(inode); ext4_mark_inode_dirty(handle, inode); retval = 0; end_unlink: ext4_journal_stop(handle); brelse(bh); return retval; }",linux-2.6,,,301106513661503441317307525401094679174,0 925,CWE-200,"static void rd_release_device_space(struct rd_dev *rd_dev) { u32 i, j, page_count = 0, sg_per_table; struct rd_dev_sg_table *sg_table; struct page *pg; struct scatterlist *sg; if (!rd_dev->sg_table_array || !rd_dev->sg_table_count) return; sg_table = rd_dev->sg_table_array; for (i = 0; i < rd_dev->sg_table_count; i++) { sg = sg_table[i].sg_table; sg_per_table = sg_table[i].rd_sg_count; for (j = 0; j < sg_per_table; j++) { pg = sg_page(&sg[j]); if (pg) { __free_page(pg); page_count++; } } kfree(sg); } pr_debug(""CORE_RD[%u] - Released device space for Ramdisk"" "" Device ID: %u, pages %u in %u tables total bytes %lu\n"", rd_dev->rd_host->rd_host_id, rd_dev->rd_dev_id, page_count, rd_dev->sg_table_count, (unsigned long)page_count * PAGE_SIZE); kfree(sg_table); rd_dev->sg_table_array = NULL; rd_dev->sg_table_count = 0; }",visit repo url,drivers/target/target_core_rd.c,https://github.com/torvalds/linux,222931031168622,1 1137,['CWE-399'],"void user_disable_single_step(struct task_struct *task) { task->thread.per_info.single_step = 0; FixPerRegisters(task); }",linux-2.6,,,129231139405104454768156239125659628321,0 5581,[],"SYSCALL_DEFINE0(sgetmask) { return current->blocked.sig[0]; }",linux-2.6,,,307144086526444573552807573965865403268,0 4513,CWE-401,"GF_Err gf_svg_parse_attribute(GF_Node *n, GF_FieldInfo *info, char *attribute_content, u8 anim_value_type) { GF_Err e = GF_OK; if (info->fieldType != DOM_String_datatype && strlen(attribute_content)) { u32 i, len; while (attribute_content[0] && (strchr(""\r\n\t "", attribute_content[0]))) attribute_content++; i=0; len = (u32) strlen(attribute_content); while (ifieldType) { case SVG_Boolean_datatype: svg_parse_boolean((SVG_Boolean *)info->far_ptr, attribute_content, &e); break; case SVG_Color_datatype: svg_parse_color((SVG_Color *)info->far_ptr, attribute_content, &e); break; case SVG_Paint_datatype: svg_parse_paint(n, (SVG_Paint *)info->far_ptr, attribute_content, &e); break; case SVG_FillRule_datatype: svg_parse_clipfillrule((SVG_FillRule *)info->far_ptr, attribute_content, &e); break; case SVG_StrokeLineJoin_datatype: svg_parse_strokelinejoin((SVG_StrokeLineJoin *)info->far_ptr, attribute_content, &e); break; case SVG_StrokeLineCap_datatype: svg_parse_strokelinecap((SVG_StrokeLineCap *)info->far_ptr, attribute_content, &e); break; case SVG_FontStyle_datatype: svg_parse_fontstyle((SVG_FontStyle *)info->far_ptr, attribute_content, &e); break; case SVG_FontWeight_datatype: svg_parse_fontweight((SVG_FontWeight *)info->far_ptr, attribute_content, &e); break; case SVG_FontVariant_datatype: svg_parse_fontvariant((SVG_FontVariant *)info->far_ptr, attribute_content, &e); break; case SVG_TextAnchor_datatype: svg_parse_textanchor((SVG_TextAnchor *)info->far_ptr, attribute_content, &e); break; case SVG_Display_datatype: svg_parse_display((SVG_Display *)info->far_ptr, attribute_content, &e); break; case SVG_Visibility_datatype: svg_parse_visibility((SVG_Visibility *)info->far_ptr, attribute_content, &e); break; case SVG_Overflow_datatype: svg_parse_overflow((SVG_Overflow *)info->far_ptr, attribute_content, &e); break; case SVG_ZoomAndPan_datatype: svg_parse_zoomandpan((SVG_ZoomAndPan *)info->far_ptr, attribute_content, &e); break; case SVG_DisplayAlign_datatype: svg_parse_displayalign((SVG_DisplayAlign *)info->far_ptr, attribute_content, &e); break; case SVG_TextAlign_datatype: svg_parse_textalign((SVG_TextAlign *)info->far_ptr, attribute_content, &e); break; case SVG_PointerEvents_datatype: svg_parse_pointerevents((SVG_PointerEvents *)info->far_ptr, attribute_content, &e); break; case SVG_RenderingHint_datatype: svg_parse_renderinghint((SVG_RenderingHint *)info->far_ptr, attribute_content, &e); break; case SVG_VectorEffect_datatype: svg_parse_vectoreffect((SVG_VectorEffect *)info->far_ptr, attribute_content, &e); break; case SVG_PlaybackOrder_datatype: svg_parse_playbackorder((SVG_PlaybackOrder *)info->far_ptr, attribute_content, &e); break; case SVG_TimelineBegin_datatype: svg_parse_timelinebegin((SVG_TimelineBegin *)info->far_ptr, attribute_content, &e); break; case XML_Space_datatype: svg_parse_xmlspace((XML_Space *)info->far_ptr, attribute_content, &e); break; case XMLEV_Propagate_datatype: svg_parse_xmlev_propagate((XMLEV_Propagate *)info->far_ptr, attribute_content, &e); break; case XMLEV_DefaultAction_datatype: svg_parse_xmlev_defaultAction((XMLEV_DefaultAction *)info->far_ptr, attribute_content, &e); break; case XMLEV_Phase_datatype: svg_parse_xmlev_phase((XMLEV_Phase *)info->far_ptr, attribute_content, &e); break; case SMIL_SyncBehavior_datatype: smil_parse_syncBehaviorOrDefault((SMIL_SyncBehavior *)info->far_ptr, attribute_content, &e); break; case SMIL_SyncTolerance_datatype: smil_parse_syncToleranceOrDefault((SMIL_SyncTolerance *)info->far_ptr, attribute_content, &e); break; case SMIL_AttributeType_datatype: smil_parse_attributeType((SMIL_AttributeType *)info->far_ptr, attribute_content, &e); break; case SMIL_CalcMode_datatype: smil_parse_calcmode((SMIL_CalcMode *)info->far_ptr, attribute_content, &e); break; case SMIL_Additive_datatype: smil_parse_additive((SMIL_CalcMode *)info->far_ptr, attribute_content, &e); break; case SMIL_Accumulate_datatype: smil_parse_accumulate((SMIL_Accumulate *)info->far_ptr, attribute_content, &e); break; case SMIL_Restart_datatype: smil_parse_restart((SMIL_Restart *)info->far_ptr, attribute_content, &e); break; case SMIL_Fill_datatype: smil_parse_fill((SMIL_Fill *)info->far_ptr, attribute_content, &e); break; case SVG_GradientUnit_datatype: if (!strcmp(attribute_content, ""userSpaceOnUse"")) *((SVG_GradientUnit *)info->far_ptr) = SVG_GRADIENTUNITS_USER; else if (!strcmp(attribute_content, ""objectBoundingBox"")) *((SVG_GradientUnit *)info->far_ptr) = SVG_GRADIENTUNITS_OBJECT; else e = GF_NON_COMPLIANT_BITSTREAM; break; case SVG_FocusHighlight_datatype: svg_parse_focushighlight((SVG_FocusHighlight*)info->far_ptr, attribute_content, &e); break; case SVG_Focusable_datatype: svg_parse_focusable((SVG_Focusable*)info->far_ptr, attribute_content, &e); break; case SVG_InitialVisibility_datatype: svg_parse_initialvisibility((SVG_InitialVisibility*)info->far_ptr, attribute_content, &e); break; case SVG_Overlay_datatype: svg_parse_overlay((SVG_Overlay*)info->far_ptr, attribute_content, &e); break; case SVG_TransformBehavior_datatype: svg_parse_transformbehavior((SVG_TransformBehavior*)info->far_ptr, attribute_content, &e); break; case SVG_SpreadMethod_datatype: if (!strcmp(attribute_content, ""reflect"")) *(u8*)info->far_ptr = SVG_SPREAD_REFLECT; else if (!strcmp(attribute_content, ""repeat"")) *(u8*)info->far_ptr = SVG_SPREAD_REPEAT; else if (!strcmp(attribute_content, ""pad"")) *(u8*)info->far_ptr = SVG_SPREAD_PAD; else e = GF_NON_COMPLIANT_BITSTREAM; break; case SVG_Filter_TransferType_datatype: if (!strcmp(attribute_content, ""table"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_TABLE; else if (!strcmp(attribute_content, ""discrete"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_DISCRETE; else if (!strcmp(attribute_content, ""linear"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_LINEAR; else if (!strcmp(attribute_content, ""gamma"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_GAMMA; else if (!strcmp(attribute_content, ""identity"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_IDENTITY; else if (!strcmp(attribute_content, ""fractalNoise"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_FRACTAL_NOISE; else if (!strcmp(attribute_content, ""turbulence"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_TURBULENCE; else if (!strcmp(attribute_content, ""matrix"")) *(u8*)info->far_ptr = SVG_FILTER_MX_MATRIX; else if (!strcmp(attribute_content, ""saturate"")) *(u8*)info->far_ptr = SVG_FILTER_MX_SATURATE; else if (!strcmp(attribute_content, ""hueRotate"")) *(u8*)info->far_ptr = SVG_FILTER_HUE_ROTATE; else if (!strcmp(attribute_content, ""luminanceToAlpha"")) *(u8*)info->far_ptr = SVG_FILTER_LUM_TO_ALPHA; else e = GF_NON_COMPLIANT_BITSTREAM; break; case SVG_Length_datatype: case SVG_Coordinate_datatype: case SVG_FontSize_datatype: case SVG_Rotate_datatype: case SVG_Number_datatype: svg_parse_length((SVG_Number*)info->far_ptr, attribute_content, 0, &e); break; case SMIL_AnimateValue_datatype: svg_parse_one_anim_value(n, (SMIL_AnimateValue*)info->far_ptr, attribute_content, anim_value_type, &e); break; case SMIL_AnimateValues_datatype: svg_parse_anim_values(n, (SMIL_AnimateValues*)info->far_ptr, attribute_content, anim_value_type, &e); break; case XMLRI_datatype: svg_parse_iri(n, (XMLRI*)info->far_ptr, attribute_content); break; case XML_IDREF_datatype: svg_parse_idref(n, (XMLRI*)info->far_ptr, attribute_content); break; case SMIL_AttributeName_datatype: ((SMIL_AttributeName *)info->far_ptr)->name = gf_strdup(attribute_content); break; case SMIL_Times_datatype: smil_parse_time_list(n, *(GF_List **)info->far_ptr, attribute_content); break; case SMIL_Duration_datatype: smil_parse_min_max_dur_repeatdur((SMIL_Duration*)info->far_ptr, attribute_content, &e); break; case SMIL_RepeatCount_datatype: smil_parse_repeatcount((SMIL_RepeatCount*)info->far_ptr, attribute_content, &e); break; case SVG_PathData_datatype: svg_parse_path((SVG_PathData*)info->far_ptr, attribute_content, &e); break; case SVG_Points_datatype: svg_parse_points(*(GF_List **)(info->far_ptr), attribute_content, &e); break; case SMIL_KeyTimes_datatype: case SMIL_KeyPoints_datatype: case SMIL_KeySplines_datatype: case SVG_Numbers_datatype: svg_parse_numbers(*(GF_List **)(info->far_ptr), attribute_content, 0, &e); break; case SVG_Coordinates_datatype: svg_parse_coordinates(*(GF_List **)(info->far_ptr), attribute_content, &e); break; case SVG_ViewBox_datatype: svg_parse_viewbox((SVG_ViewBox*)info->far_ptr, attribute_content, &e); break; case SVG_StrokeDashArray_datatype: svg_parse_strokedasharray((SVG_StrokeDashArray*)info->far_ptr, attribute_content, &e); break; case SVG_FontFamily_datatype: svg_parse_fontfamily((SVG_FontFamily*)info->far_ptr, attribute_content, &e); break; case SVG_Motion_datatype: svg_parse_point_into_matrix((GF_Matrix2D*)info->far_ptr, attribute_content, &e); break; case SVG_Transform_datatype: e = svg_parse_transform((SVG_Transform*)info->far_ptr, attribute_content); break; case SVG_Transform_Translate_datatype: { u32 i = 0; SVG_Point *p = (SVG_Point *)info->far_ptr; i+=svg_parse_number(&(attribute_content[i]), &(p->x), 0, &e); if (attribute_content[i] == 0) { p->y = 0; } else { svg_parse_number(&(attribute_content[i]), &(p->y), 0, &e); } } break; case SVG_Transform_Scale_datatype: { u32 i = 0; SVG_Point *p = (SVG_Point *)info->far_ptr; i+=svg_parse_number(&(attribute_content[i]), &(p->x), 0, &e); if (attribute_content[i] == 0) { p->y = p->x; } else { svg_parse_number(&(attribute_content[i]), &(p->y), 0, &e); } } break; case SVG_Transform_SkewX_datatype: case SVG_Transform_SkewY_datatype: { Fixed *p = (Fixed *)info->far_ptr; svg_parse_number(attribute_content, p, 1, &e); } break; case SVG_Transform_Rotate_datatype: { u32 i = 0; SVG_Point_Angle *p = (SVG_Point_Angle *)info->far_ptr; i+=svg_parse_number(&(attribute_content[i]), &(p->angle), 1, &e); if (attribute_content[i] == 0) { p->y = p->x = 0; } else { i+=svg_parse_number(&(attribute_content[i]), &(p->x), 0, &e); svg_parse_number(&(attribute_content[i]), &(p->y), 0, &e); } } break; case SVG_PreserveAspectRatio_datatype: svg_parse_preserveaspectratio((SVG_PreserveAspectRatio*)info->far_ptr, attribute_content, &e); break; case SVG_TransformType_datatype: svg_parse_animatetransform_type((SVG_TransformType*)info->far_ptr, attribute_content, &e); break; case SVG_ID_datatype: case DOM_String_datatype: case SVG_ContentType_datatype: case SVG_LanguageID_datatype: if (*(SVG_String *)info->far_ptr) gf_free(*(SVG_String *)info->far_ptr); *(SVG_String *)info->far_ptr = gf_strdup(attribute_content); break; case DOM_StringList_datatype: svg_parse_strings(*(GF_List **)info->far_ptr, attribute_content, 0); break; case XMLRI_List_datatype: svg_parse_strings(*(GF_List **)info->far_ptr, attribute_content, 1); break; case XMLEV_Event_datatype: { XMLEV_Event *xml_ev = (XMLEV_Event *)info->far_ptr; char *sep = strchr(attribute_content, '('); if (sep) { sep[0] = 0; xml_ev->type = gf_dom_event_type_by_name(attribute_content); sep[0] = '('; if ((xml_ev->type == GF_EVENT_REPEAT) || (xml_ev->type == GF_EVENT_REPEAT_EVENT)) { char _v; sscanf(sep, ""(%c)"", &_v); xml_ev->parameter = _v; } else { char *sep2 = strchr(attribute_content, ')'); sep2[0] = 0; xml_ev->parameter = gf_dom_get_key_type(sep+1); sep2[0] = ')'; } } else { xml_ev->parameter = 0; xml_ev->type = gf_dom_event_type_by_name(attribute_content); } } break; case SVG_Focus_datatype: svg_parse_focus(n, (SVG_Focus*)info->far_ptr, attribute_content, &e); break; case SVG_ClipPath_datatype: svg_parse_clippath(n, (SVG_ClipPath*)info->far_ptr, attribute_content, &e); break; case LASeR_Choice_datatype: e = laser_parse_choice((LASeR_Choice*)info->far_ptr, attribute_content); break; case LASeR_Size_datatype: e = laser_parse_size((LASeR_Size*)info->far_ptr, attribute_content, &e); break; case SVG_Clock_datatype: svg_parse_clock_value(attribute_content, (SVG_Clock*)info->far_ptr); break; case SVG_Unknown_datatype: if (*(SVG_String *)info->far_ptr) gf_free(*(SVG_String *)info->far_ptr); *(SVG_String *)info->far_ptr = gf_strdup(attribute_content); break; default: GF_LOG(GF_LOG_WARNING, GF_LOG_PARSER, (""[SVG Parsing] Cannot parse attribute %s\n"", info->name ? info->name : """")); break; } if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_PARSER, (""[SVG Parsing] Cannot parse attribute %s value %s: %s\n"", info->name ? info->name : """", attribute_content, gf_error_to_string(e))); } return e; }",visit repo url,src/scenegraph/svg_attributes.c,https://github.com/gpac/gpac,164702797142636,1 2634,[],"struct sctp_association *sctp_id2assoc(struct sock *sk, sctp_assoc_t id) { struct sctp_association *asoc = NULL; if (!sctp_style(sk, UDP)) { if (!sctp_sstate(sk, ESTABLISHED)) return NULL; if (!list_empty(&sctp_sk(sk)->ep->asocs)) asoc = list_entry(sctp_sk(sk)->ep->asocs.next, struct sctp_association, asocs); return asoc; } if (!id || (id == (sctp_assoc_t)-1)) return NULL; spin_lock_bh(&sctp_assocs_id_lock); asoc = (struct sctp_association *)idr_find(&sctp_assocs_id, (int)id); spin_unlock_bh(&sctp_assocs_id_lock); if (!asoc || (asoc->base.sk != sk) || asoc->base.dead) return NULL; return asoc; }",linux-2.6,,,62459491905443167949112270338583972688,0 5729,['CWE-200'],"static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); struct sk_buff *skb; size_t copied; int err; IRDA_DEBUG(4, ""%s()\n"", __func__); if ((err = sock_error(sk)) < 0) return err; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) return err; skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { IRDA_DEBUG(2, ""%s(), Received truncated frame (%zd < %zd)!\n"", __func__, copied, size); copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",linux-2.6,,,297132341696381028252487150274040673410,0 5666,['CWE-476'],"static void udp_v6_hash(struct sock *sk) { BUG(); }",linux-2.6,,,127432625032628610874201821057958783573,0 3524,['CWE-20'],"struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, const __u32 lowest_tsn, const struct sctp_chunk *chunk) { struct sctp_chunk *retval; sctp_cwrhdr_t cwr; cwr.lowest_tsn = htonl(lowest_tsn); retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, sizeof(sctp_cwrhdr_t)); if (!retval) goto nodata; retval->subh.ecn_cwr_hdr = sctp_addto_chunk(retval, sizeof(cwr), &cwr); if (chunk) retval->transport = chunk->transport; nodata: return retval; }",linux-2.6,,,12146725829360232930047551502772786491,0 5739,CWE-444,"ngx_http_lua_adjust_subrequest(ngx_http_request_t *sr, ngx_uint_t method, int always_forward_body, ngx_http_request_body_t *body, unsigned vars_action, ngx_array_t *extra_vars) { ngx_http_request_t *r; ngx_int_t rc; ngx_http_core_main_conf_t *cmcf; size_t size; r = sr->parent; sr->header_in = r->header_in; if (body) { sr->request_body = body; rc = ngx_http_lua_set_content_length_header(sr, body->buf ? ngx_buf_size(body->buf) : 0); if (rc != NGX_OK) { return NGX_ERROR; } } else if (!always_forward_body && method != NGX_HTTP_PUT && method != NGX_HTTP_POST && r->headers_in.content_length_n > 0) { rc = ngx_http_lua_set_content_length_header(sr, 0); if (rc != NGX_OK) { return NGX_ERROR; } #if 1 sr->request_body = NULL; #endif } else { if (ngx_http_lua_copy_request_headers(sr, r) != NGX_OK) { return NGX_ERROR; } if (sr->request_body) { if (sr->request_body->temp_file) { if (ngx_http_lua_copy_in_file_request_body(sr) != NGX_OK) { return NGX_ERROR; } } } } sr->method = method; switch (method) { case NGX_HTTP_GET: sr->method_name = ngx_http_lua_get_method; break; case NGX_HTTP_POST: sr->method_name = ngx_http_lua_post_method; break; case NGX_HTTP_PUT: sr->method_name = ngx_http_lua_put_method; break; case NGX_HTTP_HEAD: sr->method_name = ngx_http_lua_head_method; break; case NGX_HTTP_DELETE: sr->method_name = ngx_http_lua_delete_method; break; case NGX_HTTP_OPTIONS: sr->method_name = ngx_http_lua_options_method; break; case NGX_HTTP_MKCOL: sr->method_name = ngx_http_lua_mkcol_method; break; case NGX_HTTP_COPY: sr->method_name = ngx_http_lua_copy_method; break; case NGX_HTTP_MOVE: sr->method_name = ngx_http_lua_move_method; break; case NGX_HTTP_PROPFIND: sr->method_name = ngx_http_lua_propfind_method; break; case NGX_HTTP_PROPPATCH: sr->method_name = ngx_http_lua_proppatch_method; break; case NGX_HTTP_LOCK: sr->method_name = ngx_http_lua_lock_method; break; case NGX_HTTP_UNLOCK: sr->method_name = ngx_http_lua_unlock_method; break; case NGX_HTTP_PATCH: sr->method_name = ngx_http_lua_patch_method; break; case NGX_HTTP_TRACE: sr->method_name = ngx_http_lua_trace_method; break; default: ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, ""unsupported HTTP method: %u"", (unsigned) method); return NGX_ERROR; } if (!(vars_action & NGX_HTTP_LUA_SHARE_ALL_VARS)) { cmcf = ngx_http_get_module_main_conf(sr, ngx_http_core_module); size = cmcf->variables.nelts * sizeof(ngx_http_variable_value_t); if (vars_action & NGX_HTTP_LUA_COPY_ALL_VARS) { sr->variables = ngx_palloc(sr->pool, size); if (sr->variables == NULL) { return NGX_ERROR; } ngx_memcpy(sr->variables, r->variables, size); } else { sr->variables = ngx_pcalloc(sr->pool, size); if (sr->variables == NULL) { return NGX_ERROR; } } } return ngx_http_lua_subrequest_add_extra_vars(sr, extra_vars); }",visit repo url,src/ngx_http_lua_subrequest.c,https://github.com/openresty/lua-nginx-module,75381478923765,1 2605,['CWE-189'],"static void dccp_terminate_connection(struct sock *sk) { u8 next_state = DCCP_CLOSED; switch (sk->sk_state) { case DCCP_PASSIVE_CLOSE: case DCCP_PASSIVE_CLOSEREQ: dccp_finish_passive_close(sk); break; case DCCP_PARTOPEN: dccp_pr_debug(""Stop PARTOPEN timer (%p)\n"", sk); inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK); case DCCP_OPEN: dccp_send_close(sk, 1); if (dccp_sk(sk)->dccps_role == DCCP_ROLE_SERVER && !dccp_sk(sk)->dccps_server_timewait) next_state = DCCP_ACTIVE_CLOSEREQ; else next_state = DCCP_CLOSING; default: dccp_set_state(sk, next_state); } }",linux-2.6,,,314103786641232858572185500803733407097,0 2661,CWE-190,"static int spl_filesystem_file_read(spl_filesystem_object *intern, int silent TSRMLS_DC) { char *buf; size_t line_len = 0; long line_add = (intern->u.file.current_line || intern->u.file.current_zval) ? 1 : 0; spl_filesystem_file_free_line(intern TSRMLS_CC); if (php_stream_eof(intern->u.file.stream)) { if (!silent) { zend_throw_exception_ex(spl_ce_RuntimeException, 0 TSRMLS_CC, ""Cannot read from file %s"", intern->file_name); } return FAILURE; } if (intern->u.file.max_line_len > 0) { buf = safe_emalloc((intern->u.file.max_line_len + 1), sizeof(char), 0); if (php_stream_get_line(intern->u.file.stream, buf, intern->u.file.max_line_len + 1, &line_len) == NULL) { efree(buf); buf = NULL; } else { buf[line_len] = '\0'; } } else { buf = php_stream_get_line(intern->u.file.stream, NULL, 0, &line_len); } if (!buf) { intern->u.file.current_line = estrdup(""""); intern->u.file.current_line_len = 0; } else { if (SPL_HAS_FLAG(intern->flags, SPL_FILE_OBJECT_DROP_NEW_LINE)) { line_len = strcspn(buf, ""\r\n""); buf[line_len] = '\0'; } intern->u.file.current_line = buf; intern->u.file.current_line_len = line_len; } intern->u.file.current_line_num += line_add; return SUCCESS; } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,110248304885777,1 4426,CWE-476,"fiber_switch(mrb_state *mrb, mrb_value self, mrb_int len, const mrb_value *a, mrb_bool resume, mrb_bool vmexec) { struct mrb_context *c = fiber_check(mrb, self); struct mrb_context *old_c = mrb->c; enum mrb_fiber_state status; mrb_value value; fiber_check_cfunc(mrb, c); status = c->status; switch (status) { case MRB_FIBER_TRANSFERRED: if (resume) { mrb_raise(mrb, E_FIBER_ERROR, ""resuming transferred fiber""); } break; case MRB_FIBER_RUNNING: case MRB_FIBER_RESUMED: mrb_raise(mrb, E_FIBER_ERROR, ""double resume""); break; case MRB_FIBER_TERMINATED: mrb_raise(mrb, E_FIBER_ERROR, ""resuming dead fiber""); break; default: break; } old_c->status = resume ? MRB_FIBER_RESUMED : MRB_FIBER_TRANSFERRED; c->prev = resume ? mrb->c : (c->prev ? c->prev : mrb->root_c); fiber_switch_context(mrb, c); if (status == MRB_FIBER_CREATED) { mrb_value *b, *e; if (!c->ci->proc) { mrb_raise(mrb, E_FIBER_ERROR, ""double resume (current)""); } mrb_stack_extend(mrb, len+2); b = c->stbase+1; e = b + len; while (bci--; } c->cibase->n = len; value = c->stbase[0] = MRB_PROC_ENV(c->cibase->proc)->stack[0]; } else { value = fiber_result(mrb, a, len); if (vmexec) { c->ci[1].stack[0] = value; } } if (vmexec) { c->vmexec = TRUE; value = mrb_vm_exec(mrb, c->ci->proc, c->ci->pc); mrb->c = old_c; } else { MARK_CONTEXT_MODIFY(c); } return value; }",visit repo url,mrbgems/mruby-fiber/src/fiber.c,https://github.com/mruby/mruby,173408825810043,1 1649,CWE-362,"long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) { struct key *key; key_ref_t key_ref; long ret; key_ref = lookup_user_key(keyid, 0, 0); if (IS_ERR(key_ref)) { ret = -ENOKEY; goto error; } key = key_ref_to_ptr(key_ref); ret = key_permission(key_ref, KEY_NEED_READ); if (ret == 0) goto can_read_key; if (ret != -EACCES) goto error; if (!is_key_possessed(key_ref)) { ret = -EACCES; goto error2; } can_read_key: ret = key_validate(key); if (ret == 0) { ret = -EOPNOTSUPP; if (key->type->read) { down_read(&key->sem); ret = key->type->read(key, buffer, buflen); up_read(&key->sem); } } error2: key_put(key); error: return ret; }",visit repo url,security/keys/keyctl.c,https://github.com/torvalds/linux,137155041900119,1 3425,CWE-119,"static void process_tree(struct rev_info *revs, struct tree *tree, show_object_fn show, struct strbuf *base, const char *name, void *cb_data) { struct object *obj = &tree->object; struct tree_desc desc; struct name_entry entry; enum interesting match = revs->diffopt.pathspec.nr == 0 ? all_entries_interesting: entry_not_interesting; int baselen = base->len; if (!revs->tree_objects) return; if (!obj) die(""bad tree object""); if (obj->flags & (UNINTERESTING | SEEN)) return; if (parse_tree_gently(tree, revs->ignore_missing_links) < 0) { if (revs->ignore_missing_links) return; die(""bad tree object %s"", oid_to_hex(&obj->oid)); } obj->flags |= SEEN; show(obj, base, name, cb_data); strbuf_addstr(base, name); if (base->len) strbuf_addch(base, '/'); init_tree_desc(&desc, tree->buffer, tree->size); while (tree_entry(&desc, &entry)) { if (match != all_entries_interesting) { match = tree_entry_interesting(&entry, base, 0, &revs->diffopt.pathspec); if (match == all_entries_not_interesting) break; if (match == entry_not_interesting) continue; } if (S_ISDIR(entry.mode)) process_tree(revs, lookup_tree(entry.sha1), show, base, entry.path, cb_data); else if (S_ISGITLINK(entry.mode)) process_gitlink(revs, entry.sha1, show, base, entry.path, cb_data); else process_blob(revs, lookup_blob(entry.sha1), show, base, entry.path, cb_data); } strbuf_setlen(base, baselen); free_tree_buffer(tree); }",visit repo url,list-objects.c,https://github.com/git/git,162197440333858,1 3044,['CWE-189'],"static int jas_iccattrtab_get(jas_iccattrtab_t *attrtab, int i, jas_iccattrname_t *name, jas_iccattrval_t **val) { jas_iccattr_t *attr; if (i < 0 || i >= attrtab->numattrs) goto error; attr = &attrtab->attrs[i]; *name = attr->name; if (!(*val = jas_iccattrval_clone(attr->val))) goto error; return 0; error: return -1; }",jasper,,,53259016858505129629748497612725468300,0 6073,CWE-190,"int bn_smb_jac(const bn_t a, const bn_t b) { bn_t t0, t1, r; int t, h, res; bn_null(t0); bn_null(t1); bn_null(r); if (bn_is_even(b) || bn_sign(b) == RLC_NEG) { RLC_THROW(ERR_NO_VALID); return 0; } RLC_TRY { bn_new(t0); bn_new(t1); bn_new(r); t = 1; if (bn_sign(a) == RLC_NEG) { bn_add(t0, a, b); } else { bn_copy(t0, a); } bn_copy(t1, b); while (1) { bn_mod(t0, t0, t1); if (bn_is_zero(t0)) { if (bn_cmp_dig(t1, 1) == RLC_EQ) { res = 1; if (t == -1) { res = -1; } break; } else { res = 0; break; } } h = 0; while (bn_is_even(t0)) { h++; bn_rsh(t0, t0, 1); } bn_mod_2b(r, t1, 3); if ((h % 2 != 0) && (bn_cmp_dig(r, 1) != RLC_EQ) && (bn_cmp_dig(r, 7) != RLC_EQ)) { t = -t; } bn_mod_2b(r, t0, 2); if (bn_cmp_dig(r, 1) != RLC_EQ) { bn_mod_2b(r, t1, 2); if (bn_cmp_dig(r, 1) != RLC_EQ) { t = -t; } } bn_copy(r, t0); bn_copy(t0, t1); bn_copy(t1, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t0); bn_free(t1); bn_free(r); } return res; }",visit repo url,src/bn/relic_bn_smb.c,https://github.com/relic-toolkit/relic,259808632702390,1 4488,CWE-345,"static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify) { int length; word32 idx = *ioIndex; word32 end_index; int ret; int sigLength; WOLFSSL_ENTER(""DecodeBasicOcspResponse""); (void)heap; if (GetSequence(source, &idx, &length, size) < 0) return ASN_PARSE_E; if (idx + length > size) return ASN_INPUT_E; end_index = idx + length; if ((ret = DecodeResponseData(source, &idx, resp, size)) < 0) return ret; if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0) return ASN_PARSE_E; ret = CheckBitString(source, &idx, &sigLength, size, 1, NULL); if (ret != 0) return ret; resp->sigSz = sigLength; resp->sig = source + idx; idx += sigLength; #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS if (idx < end_index) { DecodedCert cert; if (DecodeCerts(source, &idx, resp, size) < 0) return ASN_PARSE_E; InitDecodedCert(&cert, resp->cert, resp->certSz, heap); ret = ParseCertRelative(&cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY_OCSP, cm); if (ret < 0) { WOLFSSL_MSG(""\tOCSP Responder certificate parsing failed""); FreeDecodedCert(&cert); return ret; } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK if ((cert.extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) { if (XMEMCMP(cert.subjectHash, resp->single->issuerHash, OCSP_DIGEST_SIZE) == 0) { WOLFSSL_MSG(""\tOCSP Response signed by issuer""); } else { WOLFSSL_MSG(""\tOCSP Responder key usage check failed""); #ifdef OPENSSL_EXTRA resp->verifyError = OCSP_BAD_ISSUER; #else FreeDecodedCert(&cert); return BAD_OCSP_RESPONDER; #endif } } #endif ret = ConfirmSignature(&cert.sigCtx, resp->response, resp->responseSz, cert.publicKey, cert.pubKeySize, cert.keyOID, resp->sig, resp->sigSz, resp->sigOID, NULL); FreeDecodedCert(&cert); if (ret != 0) { WOLFSSL_MSG(""\tOCSP Confirm signature failed""); return ASN_OCSP_CONFIRM_E; } } else #endif { Signer* ca; int sigValid = -1; #ifndef NO_SKID ca = GetCA(cm, resp->single->issuerKeyHash); #else ca = GetCA(cm, resp->single->issuerHash); #endif if (ca) { SignatureCtx sigCtx; InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); sigValid = ConfirmSignature(&sigCtx, resp->response, resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, resp->sig, resp->sigSz, resp->sigOID, NULL); } if (ca == NULL || sigValid != 0) { WOLFSSL_MSG(""\tOCSP Confirm signature failed""); return ASN_OCSP_CONFIRM_E; } (void)noVerify; } *ioIndex = idx; return 0; }",visit repo url,wolfcrypt/src/asn.c,https://github.com/wolfSSL/wolfssl,266344864015267,1 4399,['CWE-264'],"int sock_i_uid(struct sock *sk) { int uid; read_lock(&sk->sk_callback_lock); uid = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : 0; read_unlock(&sk->sk_callback_lock); return uid; }",linux-2.6,,,67557633993931842363925867817257822962,0 949,CWE-19,"xfs_attr_rmtval_set( struct xfs_da_args *args) { struct xfs_inode *dp = args->dp; struct xfs_mount *mp = dp->i_mount; struct xfs_bmbt_irec map; xfs_dablk_t lblkno; xfs_fileoff_t lfileoff = 0; __uint8_t *src = args->value; int blkcnt; int valuelen; int nmap; int error; int offset = 0; trace_xfs_attr_rmtval_set(args); blkcnt = xfs_attr3_rmt_blocks(mp, args->valuelen); error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff, XFS_ATTR_FORK); if (error) return error; args->rmtblkno = lblkno = (xfs_dablk_t)lfileoff; args->rmtblkcnt = blkcnt; while (blkcnt > 0) { int committed; xfs_bmap_init(args->flist, args->firstblock); nmap = 1; error = xfs_bmapi_write(args->trans, dp, (xfs_fileoff_t)lblkno, blkcnt, XFS_BMAPI_ATTRFORK | XFS_BMAPI_METADATA, args->firstblock, args->total, &map, &nmap, args->flist); if (!error) { error = xfs_bmap_finish(&args->trans, args->flist, &committed); } if (error) { ASSERT(committed); args->trans = NULL; xfs_bmap_cancel(args->flist); return(error); } if (committed) xfs_trans_ijoin(args->trans, dp, 0); ASSERT(nmap == 1); ASSERT((map.br_startblock != DELAYSTARTBLOCK) && (map.br_startblock != HOLESTARTBLOCK)); lblkno += map.br_blockcount; blkcnt -= map.br_blockcount; error = xfs_trans_roll(&args->trans, dp); if (error) return (error); } lblkno = args->rmtblkno; blkcnt = args->rmtblkcnt; valuelen = args->valuelen; while (valuelen > 0) { struct xfs_buf *bp; xfs_daddr_t dblkno; int dblkcnt; ASSERT(blkcnt > 0); xfs_bmap_init(args->flist, args->firstblock); nmap = 1; error = xfs_bmapi_read(dp, (xfs_fileoff_t)lblkno, blkcnt, &map, &nmap, XFS_BMAPI_ATTRFORK); if (error) return(error); ASSERT(nmap == 1); ASSERT((map.br_startblock != DELAYSTARTBLOCK) && (map.br_startblock != HOLESTARTBLOCK)); dblkno = XFS_FSB_TO_DADDR(mp, map.br_startblock), dblkcnt = XFS_FSB_TO_BB(mp, map.br_blockcount); bp = xfs_buf_get(mp->m_ddev_targp, dblkno, dblkcnt, 0); if (!bp) return ENOMEM; bp->b_ops = &xfs_attr3_rmt_buf_ops; xfs_attr_rmtval_copyin(mp, bp, args->dp->i_ino, &offset, &valuelen, &src); error = xfs_bwrite(bp); xfs_buf_relse(bp); if (error) return error; lblkno += map.br_blockcount; blkcnt -= map.br_blockcount; } ASSERT(valuelen == 0); return 0; }",visit repo url,fs/xfs/xfs_attr_remote.c,https://github.com/torvalds/linux,221408939274485,1 4643,['CWE-399'],"static int ext4_da_writepages_trans_blocks(struct inode *inode) { int max_blocks = EXT4_I(inode)->i_reserved_data_blocks; if (!(inode->i_flags & EXT4_EXTENTS_FL) && (max_blocks > EXT4_MAX_TRANS_DATA)) max_blocks = EXT4_MAX_TRANS_DATA; return ext4_chunk_trans_blocks(inode, max_blocks); }",linux-2.6,,,132711778454765675470926781178082879252,0 4576,CWE-401,"GF_Err dinf_Read(GF_Box *s, GF_BitStream *bs) { GF_Err e = gf_isom_box_array_read(s, bs, dinf_AddBox); if (e) { return e; } if (!((GF_DataInformationBox *)s)->dref) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Missing dref box in dinf\n"")); ((GF_DataInformationBox *)s)->dref = (GF_DataReferenceBox *)gf_isom_box_new(GF_ISOM_BOX_TYPE_DREF); } return GF_OK; }",visit repo url,src/isomedia/box_code_base.c,https://github.com/gpac/gpac,203727669669723,1 5835,['CWE-200'],"static void econet_hw_initialise(void) { dev_add_pack(&econet_packet_type); }",linux-2.6,,,111219171434214500943131300152537946397,0 3396,CWE-190,"static MagickBooleanType WritePICTImage(const ImageInfo *image_info, Image *image,ExceptionInfo *exception) { #define MaxCount 128 #define PictCropRegionOp 0x01 #define PictEndOfPictureOp 0xff #define PictJPEGOp 0x8200 #define PictInfoOp 0x0C00 #define PictInfoSize 512 #define PictPixmapOp 0x9A #define PictPICTOp 0x98 #define PictVersion 0x11 const StringInfo *profile; double x_resolution, y_resolution; MagickBooleanType status; MagickOffsetType offset; PICTPixmap pixmap; PICTRectangle bounds, crop_rectangle, destination_rectangle, frame_rectangle, size_rectangle, source_rectangle; register const Quantum *p; register ssize_t i, x; size_t bytes_per_line, count, storage_class; ssize_t y; unsigned char *buffer, *packed_scanline, *scanline; unsigned short base_address, row_bytes, transfer_mode; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickSignature); assert(image != (Image *) NULL); assert(image->signature == MagickSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); if ((image->columns > 65535L) || (image->rows > 65535L)) ThrowWriterException(ImageError,""WidthOrHeightExceedsLimit""); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickSignature); status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception); if (status == MagickFalse) return(status); (void) TransformImageColorspace(image,sRGBColorspace,exception); size_rectangle.top=0; size_rectangle.left=0; size_rectangle.bottom=(short) image->rows; size_rectangle.right=(short) image->columns; frame_rectangle=size_rectangle; crop_rectangle=size_rectangle; source_rectangle=size_rectangle; destination_rectangle=size_rectangle; base_address=0xff; row_bytes=(unsigned short) (image->columns | 0x8000); bounds.top=0; bounds.left=0; bounds.bottom=(short) image->rows; bounds.right=(short) image->columns; pixmap.version=0; pixmap.pack_type=0; pixmap.pack_size=0; pixmap.pixel_type=0; pixmap.bits_per_pixel=8; pixmap.component_count=1; pixmap.component_size=8; pixmap.plane_bytes=0; pixmap.table=0; pixmap.reserved=0; transfer_mode=0; x_resolution=image->resolution.x != 0.0 ? image->resolution.x : DefaultResolution; y_resolution=image->resolution.y != 0.0 ? image->resolution.y : DefaultResolution; storage_class=image->storage_class; if (image_info->compression == JPEGCompression) storage_class=DirectClass; if (storage_class == DirectClass) { pixmap.component_count=image->alpha_trait != UndefinedPixelTrait ? 4 : 3; pixmap.pixel_type=16; pixmap.bits_per_pixel=32; pixmap.pack_type=0x04; transfer_mode=0x40; row_bytes=(unsigned short) ((4*image->columns) | 0x8000); } bytes_per_line=image->columns; if (storage_class == DirectClass) bytes_per_line*=image->alpha_trait != UndefinedPixelTrait ? 4 : 3; buffer=(unsigned char *) AcquireQuantumMemory(PictInfoSize,sizeof(*buffer)); packed_scanline=(unsigned char *) AcquireQuantumMemory((size_t) (row_bytes+MaxCount),sizeof(*packed_scanline)); scanline=(unsigned char *) AcquireQuantumMemory(row_bytes,sizeof(*scanline)); if ((buffer == (unsigned char *) NULL) || (packed_scanline == (unsigned char *) NULL) || (scanline == (unsigned char *) NULL)) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); (void) ResetMagickMemory(scanline,0,row_bytes); (void) ResetMagickMemory(packed_scanline,0,(size_t) (row_bytes+MaxCount)); (void) ResetMagickMemory(buffer,0,PictInfoSize); (void) WriteBlob(image,PictInfoSize,buffer); (void) WriteBlobMSBShort(image,0); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) size_rectangle.right); (void) WriteBlobMSBShort(image,PictVersion); (void) WriteBlobMSBShort(image,0x02ff); (void) WriteBlobMSBShort(image,PictInfoOp); (void) WriteBlobMSBLong(image,0xFFFE0000UL); (void) WriteBlobMSBShort(image,(unsigned short) x_resolution); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) y_resolution); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) frame_rectangle.right); (void) WriteBlobMSBLong(image,0x00000000L); profile=GetImageProfile(image,""iptc""); if (profile != (StringInfo *) NULL) { (void) WriteBlobMSBShort(image,0xa1); (void) WriteBlobMSBShort(image,0x1f2); (void) WriteBlobMSBShort(image,(unsigned short) (GetStringInfoLength(profile)+4)); (void) WriteBlobString(image,""8BIM""); (void) WriteBlob(image,GetStringInfoLength(profile), GetStringInfoDatum(profile)); } profile=GetImageProfile(image,""icc""); if (profile != (StringInfo *) NULL) { (void) WriteBlobMSBShort(image,0xa1); (void) WriteBlobMSBShort(image,0xe0); (void) WriteBlobMSBShort(image,(unsigned short) (GetStringInfoLength(profile)+4)); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlob(image,GetStringInfoLength(profile), GetStringInfoDatum(profile)); (void) WriteBlobMSBShort(image,0xa1); (void) WriteBlobMSBShort(image,0xe0); (void) WriteBlobMSBShort(image,4); (void) WriteBlobMSBLong(image,0x00000002UL); } (void) WriteBlobMSBShort(image,PictCropRegionOp); (void) WriteBlobMSBShort(image,0xa); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) crop_rectangle.right); if (image_info->compression == JPEGCompression) { Image *jpeg_image; ImageInfo *jpeg_info; size_t length; unsigned char *blob; jpeg_image=CloneImage(image,0,0,MagickTrue,exception); if (jpeg_image == (Image *) NULL) { (void) CloseBlob(image); return(MagickFalse); } jpeg_info=CloneImageInfo(image_info); (void) CopyMagickString(jpeg_info->magick,""JPEG"",MagickPathExtent); length=0; blob=(unsigned char *) ImageToBlob(jpeg_info,jpeg_image,&length, exception); jpeg_info=DestroyImageInfo(jpeg_info); if (blob == (unsigned char *) NULL) return(MagickFalse); jpeg_image=DestroyImage(jpeg_image); (void) WriteBlobMSBShort(image,PictJPEGOp); (void) WriteBlobMSBLong(image,(unsigned int) length+154); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBLong(image,0x00010000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00010000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x40000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00400000UL); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) image->rows); (void) WriteBlobMSBShort(image,(unsigned short) image->columns); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,768); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00566A70UL); (void) WriteBlobMSBLong(image,0x65670000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000001UL); (void) WriteBlobMSBLong(image,0x00016170UL); (void) WriteBlobMSBLong(image,0x706C0000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBShort(image,768); (void) WriteBlobMSBShort(image,(unsigned short) image->columns); (void) WriteBlobMSBShort(image,(unsigned short) image->rows); (void) WriteBlobMSBShort(image,(unsigned short) x_resolution); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) y_resolution); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x87AC0001UL); (void) WriteBlobMSBLong(image,0x0B466F74UL); (void) WriteBlobMSBLong(image,0x6F202D20UL); (void) WriteBlobMSBLong(image,0x4A504547UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x00000000UL); (void) WriteBlobMSBLong(image,0x0018FFFFUL); (void) WriteBlob(image,length,blob); if ((length & 0x01) != 0) (void) WriteBlobByte(image,'\0'); blob=(unsigned char *) RelinquishMagickMemory(blob); } if (storage_class == PseudoClass) (void) WriteBlobMSBShort(image,PictPICTOp); else { (void) WriteBlobMSBShort(image,PictPixmapOp); (void) WriteBlobMSBLong(image,(size_t) base_address); } (void) WriteBlobMSBShort(image,(unsigned short) (row_bytes | 0x8000)); (void) WriteBlobMSBShort(image,(unsigned short) bounds.top); (void) WriteBlobMSBShort(image,(unsigned short) bounds.left); (void) WriteBlobMSBShort(image,(unsigned short) bounds.bottom); (void) WriteBlobMSBShort(image,(unsigned short) bounds.right); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.version); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.pack_type); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.pack_size); (void) WriteBlobMSBShort(image,(unsigned short) (x_resolution+0.5)); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) (y_resolution+0.5)); (void) WriteBlobMSBShort(image,0x0000); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.pixel_type); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.bits_per_pixel); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.component_count); (void) WriteBlobMSBShort(image,(unsigned short) pixmap.component_size); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.plane_bytes); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.table); (void) WriteBlobMSBLong(image,(unsigned int) pixmap.reserved); if (storage_class == PseudoClass) { (void) WriteBlobMSBLong(image,0x00000000L); (void) WriteBlobMSBShort(image,0L); (void) WriteBlobMSBShort(image,(unsigned short) (image->colors-1)); for (i=0; i < (ssize_t) image->colors; i++) { (void) WriteBlobMSBShort(image,(unsigned short) i); (void) WriteBlobMSBShort(image,ScaleQuantumToShort( image->colormap[i].red)); (void) WriteBlobMSBShort(image,ScaleQuantumToShort( image->colormap[i].green)); (void) WriteBlobMSBShort(image,ScaleQuantumToShort( image->colormap[i].blue)); } } (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) source_rectangle.right); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.top); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.left); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.bottom); (void) WriteBlobMSBShort(image,(unsigned short) destination_rectangle.right); (void) WriteBlobMSBShort(image,(unsigned short) transfer_mode); count=0; if (storage_class == PseudoClass) for (y=0; y < (ssize_t) image->rows; y++) { p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { scanline[x]=(unsigned char) GetPixelIndex(image,p); p+=GetPixelChannels(image); } count+=EncodeImage(image,scanline,(size_t) (row_bytes & 0x7FFF), packed_scanline); if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } else if (image_info->compression == JPEGCompression) { (void) ResetMagickMemory(scanline,0,row_bytes); for (y=0; y < (ssize_t) image->rows; y++) count+=EncodeImage(image,scanline,(size_t) (row_bytes & 0x7FFF), packed_scanline); } else { register unsigned char *blue, *green, *opacity, *red; red=scanline; green=scanline+image->columns; blue=scanline+2*image->columns; opacity=scanline+3*image->columns; for (y=0; y < (ssize_t) image->rows; y++) { p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; red=scanline; green=scanline+image->columns; blue=scanline+2*image->columns; if (image->alpha_trait != UndefinedPixelTrait) { opacity=scanline; red=scanline+image->columns; green=scanline+2*image->columns; blue=scanline+3*image->columns; } for (x=0; x < (ssize_t) image->columns; x++) { *red++=ScaleQuantumToChar(GetPixelRed(image,p)); *green++=ScaleQuantumToChar(GetPixelGreen(image,p)); *blue++=ScaleQuantumToChar(GetPixelBlue(image,p)); if (image->alpha_trait != UndefinedPixelTrait) *opacity++=ScaleQuantumToChar((Quantum) (GetPixelAlpha(image,p))); p+=GetPixelChannels(image); } count+=EncodeImage(image,scanline,bytes_per_line & 0x7FFF, packed_scanline); if (image->previous == (Image *) NULL) { status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } } if ((count & 0x01) != 0) (void) WriteBlobByte(image,'\0'); (void) WriteBlobMSBShort(image,PictEndOfPictureOp); offset=TellBlob(image); offset=SeekBlob(image,512,SEEK_SET); (void) WriteBlobMSBShort(image,(unsigned short) offset); scanline=(unsigned char *) RelinquishMagickMemory(scanline); packed_scanline=(unsigned char *) RelinquishMagickMemory(packed_scanline); buffer=(unsigned char *) RelinquishMagickMemory(buffer); (void) CloseBlob(image); return(MagickTrue); }",visit repo url,coders/pict.c,https://github.com/ImageMagick/ImageMagick,186493089683415,1 3665,CWE-787,"void color_apply_icc_profile(opj_image_t *image) { cmsHPROFILE in_prof, out_prof; cmsHTRANSFORM transform; cmsColorSpaceSignature in_space, out_space; cmsUInt32Number intent, in_type, out_type; int *r, *g, *b; size_t nr_samples, i, max, max_w, max_h; int prec, ok = 0; OPJ_COLOR_SPACE new_space; in_prof = cmsOpenProfileFromMem(image->icc_profile_buf, image->icc_profile_len); #ifdef DEBUG_PROFILE FILE *icm = fopen(""debug.icm"", ""wb""); fwrite(image->icc_profile_buf, 1, image->icc_profile_len, icm); fclose(icm); #endif if (in_prof == NULL) { return; } in_space = cmsGetPCS(in_prof); out_space = cmsGetColorSpace(in_prof); intent = cmsGetHeaderRenderingIntent(in_prof); max_w = image->comps[0].w; max_h = image->comps[0].h; prec = (int)image->comps[0].prec; if (out_space == cmsSigRgbData) { unsigned int i, nr_comp = image->numcomps; if (nr_comp > 4) { nr_comp = 4; } for (i = 1; i < nr_comp; ++i) { if (image->comps[0].dx != image->comps[i].dx) { break; } if (image->comps[0].dy != image->comps[i].dy) { break; } if (image->comps[0].prec != image->comps[i].prec) { break; } if (image->comps[0].sgnd != image->comps[i].sgnd) { break; } } if (i != nr_comp) { cmsCloseProfile(in_prof); return; } if (prec <= 8) { in_type = TYPE_RGB_8; out_type = TYPE_RGB_8; } else { in_type = TYPE_RGB_16; out_type = TYPE_RGB_16; } out_prof = cmsCreate_sRGBProfile(); new_space = OPJ_CLRSPC_SRGB; } else if (out_space == cmsSigGrayData) { in_type = TYPE_GRAY_8; out_type = TYPE_RGB_8; out_prof = cmsCreate_sRGBProfile(); new_space = OPJ_CLRSPC_SRGB; } else if (out_space == cmsSigYCbCrData) { in_type = TYPE_YCbCr_16; out_type = TYPE_RGB_16; out_prof = cmsCreate_sRGBProfile(); new_space = OPJ_CLRSPC_SRGB; } else { #ifdef DEBUG_PROFILE fprintf(stderr, ""%s:%d: color_apply_icc_profile\n\tICC Profile has unknown "" ""output colorspace(%#x)(%c%c%c%c)\n\tICC Profile ignored.\n"", __FILE__, __LINE__, out_space, (out_space >> 24) & 0xff, (out_space >> 16) & 0xff, (out_space >> 8) & 0xff, out_space & 0xff); #endif cmsCloseProfile(in_prof); return; } if (out_prof == NULL) { cmsCloseProfile(in_prof); return; } #ifdef DEBUG_PROFILE fprintf(stderr, ""%s:%d:color_apply_icc_profile\n\tchannels(%d) prec(%d) w(%d) h(%d)"" ""\n\tprofile: in(%p) out(%p)\n"", __FILE__, __LINE__, image->numcomps, prec, max_w, max_h, (void*)in_prof, (void*)out_prof); fprintf(stderr, ""\trender_intent (%u)\n\t"" ""color_space: in(%#x)(%c%c%c%c) out:(%#x)(%c%c%c%c)\n\t"" "" type: in(%u) out:(%u)\n"", intent, in_space, (in_space >> 24) & 0xff, (in_space >> 16) & 0xff, (in_space >> 8) & 0xff, in_space & 0xff, out_space, (out_space >> 24) & 0xff, (out_space >> 16) & 0xff, (out_space >> 8) & 0xff, out_space & 0xff, in_type, out_type ); #else (void)prec; (void)in_space; #endif transform = cmsCreateTransform(in_prof, in_type, out_prof, out_type, intent, 0); #ifdef OPJ_HAVE_LIBLCMS2 cmsCloseProfile(in_prof); cmsCloseProfile(out_prof); #endif if (transform == NULL) { #ifdef DEBUG_PROFILE fprintf(stderr, ""%s:%d:color_apply_icc_profile\n\tcmsCreateTransform failed. "" ""ICC Profile ignored.\n"", __FILE__, __LINE__); #endif #ifdef OPJ_HAVE_LIBLCMS1 cmsCloseProfile(in_prof); cmsCloseProfile(out_prof); #endif return; } if (image->numcomps > 2) { if (prec <= 8) { unsigned char *inbuf, *outbuf, *in, *out; max = max_w * max_h; nr_samples = (size_t)(max * 3U * sizeof(unsigned char)); in = inbuf = (unsigned char*)opj_image_data_alloc(nr_samples); out = outbuf = (unsigned char*)opj_image_data_alloc(nr_samples); if (inbuf == NULL || outbuf == NULL) { goto fails0; } r = image->comps[0].data; g = image->comps[1].data; b = image->comps[2].data; for (i = 0U; i < max; ++i) { *in++ = (unsigned char) * r++; *in++ = (unsigned char) * g++; *in++ = (unsigned char) * b++; } cmsDoTransform(transform, inbuf, outbuf, (cmsUInt32Number)max); r = image->comps[0].data; g = image->comps[1].data; b = image->comps[2].data; for (i = 0U; i < max; ++i) { *r++ = (int) * out++; *g++ = (int) * out++; *b++ = (int) * out++; } ok = 1; fails0: opj_image_data_free(inbuf); opj_image_data_free(outbuf); } else { unsigned short *inbuf, *outbuf, *in, *out; max = max_w * max_h; nr_samples = (size_t)(max * 3U * sizeof(unsigned short)); in = inbuf = (unsigned short*)opj_image_data_alloc(nr_samples); out = outbuf = (unsigned short*)opj_image_data_alloc(nr_samples); if (inbuf == NULL || outbuf == NULL) { goto fails1; } r = image->comps[0].data; g = image->comps[1].data; b = image->comps[2].data; for (i = 0U ; i < max; ++i) { *in++ = (unsigned short) * r++; *in++ = (unsigned short) * g++; *in++ = (unsigned short) * b++; } cmsDoTransform(transform, inbuf, outbuf, (cmsUInt32Number)max); r = image->comps[0].data; g = image->comps[1].data; b = image->comps[2].data; for (i = 0; i < max; ++i) { *r++ = (int) * out++; *g++ = (int) * out++; *b++ = (int) * out++; } ok = 1; fails1: opj_image_data_free(inbuf); opj_image_data_free(outbuf); } } else { if (prec <= 8) { unsigned char *in, *inbuf, *out, *outbuf; opj_image_comp_t *new_comps; max = max_w * max_h; nr_samples = (size_t)(max * 3 * sizeof(unsigned char)); in = inbuf = (unsigned char*)opj_image_data_alloc(nr_samples); out = outbuf = (unsigned char*)opj_image_data_alloc(nr_samples); g = (int*)opj_image_data_alloc((size_t)max * sizeof(int)); b = (int*)opj_image_data_alloc((size_t)max * sizeof(int)); if (inbuf == NULL || outbuf == NULL || g == NULL || b == NULL) { goto fails2; } new_comps = (opj_image_comp_t*)realloc(image->comps, (image->numcomps + 2) * sizeof(opj_image_comp_t)); if (new_comps == NULL) { goto fails2; } image->comps = new_comps; if (image->numcomps == 2) { image->comps[3] = image->comps[1]; } image->comps[1] = image->comps[0]; image->comps[2] = image->comps[0]; image->comps[1].data = g; image->comps[2].data = b; image->numcomps += 2; r = image->comps[0].data; for (i = 0U; i < max; ++i) { *in++ = (unsigned char) * r++; } cmsDoTransform(transform, inbuf, outbuf, (cmsUInt32Number)max); r = image->comps[0].data; g = image->comps[1].data; b = image->comps[2].data; for (i = 0U; i < max; ++i) { *r++ = (int) * out++; *g++ = (int) * out++; *b++ = (int) * out++; } r = g = b = NULL; ok = 1; fails2: opj_image_data_free(inbuf); opj_image_data_free(outbuf); opj_image_data_free(g); opj_image_data_free(b); } else { unsigned short *in, *inbuf, *out, *outbuf; opj_image_comp_t *new_comps; max = max_w * max_h; nr_samples = (size_t)(max * 3U * sizeof(unsigned short)); in = inbuf = (unsigned short*)opj_image_data_alloc(nr_samples); out = outbuf = (unsigned short*)opj_image_data_alloc(nr_samples); g = (int*)opj_image_data_alloc((size_t)max * sizeof(int)); b = (int*)opj_image_data_alloc((size_t)max * sizeof(int)); if (inbuf == NULL || outbuf == NULL || g == NULL || b == NULL) { goto fails3; } new_comps = (opj_image_comp_t*)realloc(image->comps, (image->numcomps + 2) * sizeof(opj_image_comp_t)); if (new_comps == NULL) { goto fails3; } image->comps = new_comps; if (image->numcomps == 2) { image->comps[3] = image->comps[1]; } image->comps[1] = image->comps[0]; image->comps[2] = image->comps[0]; image->comps[1].data = g; image->comps[2].data = b; image->numcomps += 2; r = image->comps[0].data; for (i = 0U; i < max; ++i) { *in++ = (unsigned short) * r++; } cmsDoTransform(transform, inbuf, outbuf, (cmsUInt32Number)max); r = image->comps[0].data; g = image->comps[1].data; b = image->comps[2].data; for (i = 0; i < max; ++i) { *r++ = (int) * out++; *g++ = (int) * out++; *b++ = (int) * out++; } r = g = b = NULL; ok = 1; fails3: opj_image_data_free(inbuf); opj_image_data_free(outbuf); opj_image_data_free(g); opj_image_data_free(b); } } cmsDeleteTransform(transform); #ifdef OPJ_HAVE_LIBLCMS1 cmsCloseProfile(in_prof); cmsCloseProfile(out_prof); #endif if (ok) { image->color_space = new_space; } } ",visit repo url,src/bin/common/color.c,https://github.com/uclouvain/openjpeg,244539978881038,1 2342,['CWE-120'],"void release_open_intent(struct nameidata *nd) { if (nd->intent.open.file->f_path.dentry == NULL) put_filp(nd->intent.open.file); else fput(nd->intent.open.file); }",linux-2.6,,,270501716875689924047065368742692107854,0 1809,[],"void account_steal_time(struct task_struct *p, cputime_t steal) { struct cpu_usage_stat *cpustat = &kstat_this_cpu.cpustat; cputime64_t tmp = cputime_to_cputime64(steal); struct rq *rq = this_rq(); if (p == rq->idle) { p->stime = cputime_add(p->stime, steal); if (atomic_read(&rq->nr_iowait) > 0) cpustat->iowait = cputime64_add(cpustat->iowait, tmp); else cpustat->idle = cputime64_add(cpustat->idle, tmp); } else cpustat->steal = cputime64_add(cpustat->steal, tmp); }",linux-2.6,,,127478672665318453599109073608288061071,0 2921,['CWE-189'],"jas_stream_t *jas_stream_tmpfile() { jas_stream_t *stream; jas_stream_fileobj_t *obj; if (!(stream = jas_stream_create())) { return 0; } stream->openmode_ = JAS_STREAM_READ | JAS_STREAM_WRITE | JAS_STREAM_BINARY; if (!(obj = jas_malloc(sizeof(jas_stream_fileobj_t)))) { jas_stream_destroy(stream); return 0; } obj->fd = -1; obj->flags = 0; obj->pathname[0] = '\0'; stream->obj_ = obj; tmpnam(obj->pathname); if ((obj->fd = open(obj->pathname, O_CREAT | O_EXCL | O_RDWR | O_TRUNC | O_BINARY, JAS_STREAM_PERMS)) < 0) { jas_stream_destroy(stream); return 0; } if (unlink(obj->pathname)) { obj->flags |= JAS_STREAM_FILEOBJ_DELONCLOSE; } jas_stream_initbuf(stream, JAS_STREAM_FULLBUF, 0, 0); stream->ops_ = &jas_stream_fileops; return stream; }",jasper,,,182450725575295390141479287366439798349,0 147,NVD-CWE-noinfo,"static bool has_locked_children(struct mount *mnt, struct dentry *dentry) { struct mount *child; list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) { if (!is_subdir(child->mnt_mountpoint, dentry)) continue; if (child->mnt.mnt_flags & MNT_LOCKED) return true; } return false; }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,105995565539363,1 2369,['CWE-200'],"snd_seq_oss_synth_setup_midi(struct seq_oss_devinfo *dp) { int i; if (dp->max_synthdev >= SNDRV_SEQ_OSS_MAX_SYNTH_DEVS) return; for (i = 0; i < dp->max_mididev; i++) { struct seq_oss_synthinfo *info; info = &dp->synths[dp->max_synthdev]; if (snd_seq_oss_midi_open(dp, i, dp->file_mode) < 0) continue; info->arg.app_index = dp->port; info->arg.file_mode = dp->file_mode; info->arg.seq_mode = dp->seq_mode; info->arg.private_data = info; info->is_midi = 1; info->midi_mapped = i; info->arg.event_passing = SNDRV_SEQ_OSS_PASS_EVENTS; snd_seq_oss_midi_get_addr(dp, i, &info->arg.addr); info->opened = 1; midi_synth_dev.opened++; dp->max_synthdev++; if (dp->max_synthdev >= SNDRV_SEQ_OSS_MAX_SYNTH_DEVS) break; } }",linux-2.6,,,70738948970126305141561918036478383,0 4632,['CWE-399'],"static inline void ext4_free_blocks_count_set(struct ext4_super_block *es, ext4_fsblk_t blk) { es->s_free_blocks_count_lo = cpu_to_le32((u32)blk); es->s_free_blocks_count_hi = cpu_to_le32(blk >> 32);",linux-2.6,,,60142792108091629294904253898251628216,0 6043,CWE-190,"static int benaloh(void) { int code = RLC_ERR; bdpe_t pub, prv; bn_t a, b; dig_t in, out; uint8_t buf[RLC_BN_BITS / 8 + 1]; size_t len; int result; bn_null(a); bn_null(b); bdpe_null(pub); bdpe_null(prv); RLC_TRY { bn_new(a); bn_new(b); bdpe_new(pub); bdpe_new(prv); result = cp_bdpe_gen(pub, prv, bn_get_prime(47), RLC_BN_BITS); TEST_CASE(""benaloh encryption/decryption is correct"") { TEST_ASSERT(result == RLC_OK, end); len = RLC_BN_BITS / 8 + 1; rand_bytes(buf, 1); in = buf[0] % bn_get_prime(47); TEST_ASSERT(cp_bdpe_enc(buf, &len, in, pub) == RLC_OK, end); TEST_ASSERT(cp_bdpe_dec(&out, buf, len, prv) == RLC_OK, end); TEST_ASSERT(in == out, end); } TEST_END; TEST_CASE(""benaloh encryption/decryption is homomorphic"") { TEST_ASSERT(result == RLC_OK, end); len = RLC_BN_BITS / 8 + 1; rand_bytes(buf, 1); in = buf[0] % bn_get_prime(47); TEST_ASSERT(cp_bdpe_enc(buf, &len, in, pub) == RLC_OK, end); bn_read_bin(a, buf, len); rand_bytes(buf, 1); out = (buf[0] % bn_get_prime(47)); in = (in + out) % bn_get_prime(47); TEST_ASSERT(cp_bdpe_enc(buf, &len, out, pub) == RLC_OK, end); bn_read_bin(b, buf, len); bn_mul(a, a, b); bn_mod(a, a, pub->n); len = bn_size_bin(pub->n); bn_write_bin(buf, len, a); TEST_ASSERT(cp_bdpe_dec(&out, buf, len, prv) == RLC_OK, end); TEST_ASSERT(in == out, end); } TEST_END; } RLC_CATCH_ANY { RLC_ERROR(end); } code = RLC_OK; end: bn_free(a); bn_free(b); bdpe_free(pub); bdpe_free(prv); return code; }",visit repo url,test/test_cp.c,https://github.com/relic-toolkit/relic,114272403832894,1 573,[],"static int bad_file_fasync(int fd, struct file *filp, int on) { return -EIO; }",linux-2.6,,,53122623547760733711209477160029417471,0 1786,[],"void __wake_up_locked(wait_queue_head_t *q, unsigned int mode) { __wake_up_common(q, mode, 1, 0, NULL); }",linux-2.6,,,182733998536354899206001185739243792861,0 3269,CWE-125,"rpki_rtr_pdu_print (netdissect_options *ndo, const u_char *tptr, u_int indent) { const rpki_rtr_pdu *pdu_header; u_int pdu_type, pdu_len, hexdump; const u_char *msg; pdu_header = (const rpki_rtr_pdu *)tptr; pdu_type = pdu_header->pdu_type; pdu_len = EXTRACT_32BITS(pdu_header->length); ND_TCHECK2(*tptr, pdu_len); hexdump = FALSE; ND_PRINT((ndo, ""%sRPKI-RTRv%u, %s PDU (%u), length: %u"", indent_string(8), pdu_header->version, tok2str(rpki_rtr_pdu_values, ""Unknown"", pdu_type), pdu_type, pdu_len)); switch (pdu_type) { case RPKI_RTR_SERIAL_NOTIFY_PDU: case RPKI_RTR_SERIAL_QUERY_PDU: case RPKI_RTR_END_OF_DATA_PDU: msg = (const u_char *)(pdu_header + 1); ND_PRINT((ndo, ""%sSession ID: 0x%04x, Serial: %u"", indent_string(indent+2), EXTRACT_16BITS(pdu_header->u.session_id), EXTRACT_32BITS(msg))); break; case RPKI_RTR_RESET_QUERY_PDU: case RPKI_RTR_CACHE_RESET_PDU: break; case RPKI_RTR_CACHE_RESPONSE_PDU: ND_PRINT((ndo, ""%sSession ID: 0x%04x"", indent_string(indent+2), EXTRACT_16BITS(pdu_header->u.session_id))); break; case RPKI_RTR_IPV4_PREFIX_PDU: { const rpki_rtr_pdu_ipv4_prefix *pdu; pdu = (const rpki_rtr_pdu_ipv4_prefix *)tptr; ND_PRINT((ndo, ""%sIPv4 Prefix %s/%u-%u, origin-as %u, flags 0x%02x"", indent_string(indent+2), ipaddr_string(ndo, pdu->prefix), pdu->prefix_length, pdu->max_length, EXTRACT_32BITS(pdu->as), pdu->flags)); } break; case RPKI_RTR_IPV6_PREFIX_PDU: { const rpki_rtr_pdu_ipv6_prefix *pdu; pdu = (const rpki_rtr_pdu_ipv6_prefix *)tptr; ND_PRINT((ndo, ""%sIPv6 Prefix %s/%u-%u, origin-as %u, flags 0x%02x"", indent_string(indent+2), ip6addr_string(ndo, pdu->prefix), pdu->prefix_length, pdu->max_length, EXTRACT_32BITS(pdu->as), pdu->flags)); } break; case RPKI_RTR_ERROR_REPORT_PDU: { const rpki_rtr_pdu_error_report *pdu; u_int encapsulated_pdu_length, text_length, tlen, error_code; pdu = (const rpki_rtr_pdu_error_report *)tptr; encapsulated_pdu_length = EXTRACT_32BITS(pdu->encapsulated_pdu_length); ND_TCHECK2(*tptr, encapsulated_pdu_length); tlen = pdu_len; error_code = EXTRACT_16BITS(pdu->pdu_header.u.error_code); ND_PRINT((ndo, ""%sError code: %s (%u), Encapsulated PDU length: %u"", indent_string(indent+2), tok2str(rpki_rtr_error_codes, ""Unknown"", error_code), error_code, encapsulated_pdu_length)); tptr += sizeof(*pdu); tlen -= sizeof(*pdu); if (encapsulated_pdu_length && (encapsulated_pdu_length <= tlen)) { ND_PRINT((ndo, ""%s-----encapsulated PDU-----"", indent_string(indent+4))); if (rpki_rtr_pdu_print(ndo, tptr, indent+2)) goto trunc; } tptr += encapsulated_pdu_length; tlen -= encapsulated_pdu_length; text_length = 0; if (tlen > 4) { text_length = EXTRACT_32BITS(tptr); tptr += 4; tlen -= 4; } ND_TCHECK2(*tptr, text_length); if (text_length && (text_length <= tlen )) { ND_PRINT((ndo, ""%sError text: "", indent_string(indent+2))); if (fn_printn(ndo, tptr, text_length, ndo->ndo_snapend)) goto trunc; } } break; default: hexdump = TRUE; } if (ndo->ndo_vflag > 1 || (ndo->ndo_vflag && hexdump)) { print_unknown_data(ndo,tptr,""\n\t "", pdu_len); } return 0; trunc: return 1; }",visit repo url,print-rpki-rtr.c,https://github.com/the-tcpdump-group/tcpdump,36555925835544,1 2792,['CWE-264'],"change_level( struct net_device *dev ) { struct net_local *nl = (struct net_local *) dev->priv; if( nl->delta_rxl == 0 ) return; if( nl->cur_rxl_index == 0 ) nl->delta_rxl = 1; else if( nl->cur_rxl_index == 15 ) nl->delta_rxl = -1; else if( nl->cur_rxl_rcvd < nl->prev_rxl_rcvd ) nl->delta_rxl = -nl->delta_rxl; nl->csr1.rxl = rxl_tab[ nl->cur_rxl_index += nl->delta_rxl ]; inb( dev->base_addr + CSR0 ); outb( *(u8 *)&nl->csr1, dev->base_addr + CSR1 ); nl->prev_rxl_rcvd = nl->cur_rxl_rcvd; nl->cur_rxl_rcvd = 0; }",linux-2.6,,,31717482014617373546657962796047943882,0 983,['CWE-94'],"ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, splice_direct_actor *actor) { struct pipe_inode_info *pipe; long ret, bytes; umode_t i_mode; size_t len; int i, flags; i_mode = in->f_path.dentry->d_inode->i_mode; if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode))) return -EINVAL; pipe = current->splice_pipe; if (unlikely(!pipe)) { pipe = alloc_pipe_info(NULL); if (!pipe) return -ENOMEM; pipe->readers = 1; current->splice_pipe = pipe; } ret = 0; bytes = 0; len = sd->total_len; flags = sd->flags; sd->flags &= ~SPLICE_F_NONBLOCK; while (len) { size_t read_len; loff_t pos = sd->pos; ret = do_splice_to(in, &pos, pipe, len, flags); if (unlikely(ret <= 0)) goto out_release; read_len = ret; sd->total_len = read_len; ret = actor(pipe, sd); if (unlikely(ret <= 0)) goto out_release; bytes += ret; len -= ret; sd->pos = pos; if (ret < read_len) goto out_release; } done: pipe->nrbufs = pipe->curbuf = 0; file_accessed(in); return bytes; out_release: for (i = 0; i < PIPE_BUFFERS; i++) { struct pipe_buffer *buf = pipe->bufs + i; if (buf->ops) { buf->ops->release(pipe, buf); buf->ops = NULL; } } if (!bytes) bytes = ret; goto done; }",linux-2.6,,,201305709361325152919593738069633895497,0 5875,CWE-120,"PJ_DEF(void) pj_scan_skip_line( pj_scanner *scanner ) { char *s = pj_memchr(scanner->curptr, '\n', scanner->end - scanner->curptr); if (!s) { scanner->curptr = scanner->end; } else { scanner->curptr = scanner->start_line = s+1; scanner->line++; } }",visit repo url,pjlib-util/src/pjlib-util/scanner.c,https://github.com/pjsip/pjproject,120079773377832,1 1040,['CWE-20'],"static void deferred_cad(struct work_struct *dummy) { kernel_restart(NULL); }",linux-2.6,,,163407259651314093033775189645045946640,0 2911,CWE-125,"TIFFNumberOfStrips(TIFF* tif) { TIFFDirectory *td = &tif->tif_dir; uint32 nstrips; if( td->td_nstrips ) return td->td_nstrips; nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 : TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip)); if (td->td_planarconfig == PLANARCONFIG_SEPARATE) nstrips = _TIFFMultiply32(tif, nstrips, (uint32)td->td_samplesperpixel, ""TIFFNumberOfStrips""); return (nstrips); }",visit repo url,libtiff/tif_strip.c,https://github.com/vadz/libtiff,30477877820617,1 2252,NVD-CWE-Other,"static void __exit ipgre_fini(void) { rtnl_link_unregister(&ipgre_tap_ops); rtnl_link_unregister(&ipgre_link_ops); unregister_pernet_device(&ipgre_net_ops); if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) printk(KERN_INFO ""ipgre close: can't remove protocol\n""); }",visit repo url,net/ipv4/ip_gre.c,https://github.com/torvalds/linux,206172417011992,1 2949,['CWE-189'],"static int jp2_bpcc_putdata(jp2_box_t *box, jas_stream_t *out) { jp2_bpcc_t *bpcc = &box->data.bpcc; unsigned int i; for (i = 0; i < bpcc->numcmpts; ++i) { if (jp2_putuint8(out, bpcc->bpcs[i])) { return -1; } } return 0; }",jasper,,,175450604495357703586968665950983622912,0 5532,['CWE-20'],"int inflate_block(e) int *e; { unsigned t; unsigned w; register ulg b; register unsigned k; b = bb; k = bk; w = wp; NEEDBITS(1) *e = (int)b & 1; DUMPBITS(1) NEEDBITS(2) t = (unsigned)b & 3; DUMPBITS(2) bb = b; bk = k; if (t == 2) return inflate_dynamic(); if (t == 0) return inflate_stored(); if (t == 1) return inflate_fixed(); return 2; }",gzip,,,69768274565004443129662603348206433506,0 4353,NVD-CWE-Other,"int mg_http_parse(const char *s, size_t len, struct mg_http_message *hm) { int is_response, req_len = mg_http_get_request_len((unsigned char *) s, len); const char *end = s == NULL ? NULL : s + req_len, *qs; struct mg_str *cl; memset(hm, 0, sizeof(*hm)); if (req_len <= 0) return req_len; hm->message.ptr = hm->head.ptr = s; hm->body.ptr = end; hm->head.len = (size_t) req_len; hm->chunk.ptr = end; hm->message.len = hm->body.len = (size_t) ~0; s = skip(s, end, "" "", &hm->method); s = skip(s, end, "" "", &hm->uri); s = skip(s, end, ""\r\n"", &hm->proto); if (hm->method.len == 0 || hm->uri.len == 0) return -1; if ((qs = (const char *) memchr(hm->uri.ptr, '?', hm->uri.len)) != NULL) { hm->query.ptr = qs + 1; hm->query.len = (size_t) (&hm->uri.ptr[hm->uri.len] - (qs + 1)); hm->uri.len = (size_t) (qs - hm->uri.ptr); } mg_http_parse_headers(s, end, hm->headers, sizeof(hm->headers) / sizeof(hm->headers[0])); if ((cl = mg_http_get_header(hm, ""Content-Length"")) != NULL) { hm->body.len = (size_t) mg_to64(*cl); hm->message.len = (size_t) req_len + hm->body.len; } is_response = mg_ncasecmp(hm->method.ptr, ""HTTP/"", 5) == 0; if (hm->body.len == (size_t) ~0 && !is_response && mg_vcasecmp(&hm->method, ""PUT"") != 0 && mg_vcasecmp(&hm->method, ""POST"") != 0) { hm->body.len = 0; hm->message.len = (size_t) req_len; } if (hm->body.len == (size_t) ~0 && is_response && mg_vcasecmp(&hm->uri, ""204"") == 0) { hm->body.len = 0; hm->message.len = (size_t) req_len; } return req_len; }",visit repo url,mongoose.c,https://github.com/cesanta/mongoose,92738262427768,1 1884,CWE-416,"int gru_set_context_option(unsigned long arg) { struct gru_thread_state *gts; struct gru_set_context_option_req req; int ret = 0; STAT(set_context_option); if (copy_from_user(&req, (void __user *)arg, sizeof(req))) return -EFAULT; gru_dbg(grudev, ""op %d, gseg 0x%lx, value1 0x%lx\n"", req.op, req.gseg, req.val1); gts = gru_find_lock_gts(req.gseg); if (!gts) { gts = gru_alloc_locked_gts(req.gseg); if (IS_ERR(gts)) return PTR_ERR(gts); } switch (req.op) { case sco_blade_chiplet: if (req.val0 < -1 || req.val0 >= GRU_CHIPLETS_PER_HUB || req.val1 < -1 || req.val1 >= GRU_MAX_BLADES || (req.val1 >= 0 && !gru_base[req.val1])) { ret = -EINVAL; } else { gts->ts_user_blade_id = req.val1; gts->ts_user_chiplet_id = req.val0; gru_check_context_placement(gts); } break; case sco_gseg_owner: gts->ts_tgid_owner = current->tgid; break; case sco_cch_req_slice: gts->ts_cch_req_slice = req.val1 & 3; break; default: ret = -EINVAL; } gru_unlock_gts(gts); return ret; }",visit repo url,drivers/misc/sgi-gru/grufault.c,https://github.com/torvalds/linux,18519969163594,1 2798,['CWE-264'],"static void __init sbni_devsetup(struct net_device *dev) { ether_setup( dev ); dev->open = &sbni_open; dev->stop = &sbni_close; dev->hard_start_xmit = &sbni_start_xmit; dev->get_stats = &sbni_get_stats; dev->set_multicast_list = &set_multicast_list; dev->do_ioctl = &sbni_ioctl; }",linux-2.6,,,28612915013692315989225993520413853256,0 3898,CWE-416,"do_tag( char_u *tag, int type, int count, int forceit, int verbose) { taggy_T *tagstack = curwin->w_tagstack; int tagstackidx = curwin->w_tagstackidx; int tagstacklen = curwin->w_tagstacklen; int cur_match = 0; int cur_fnum = curbuf->b_fnum; int oldtagstackidx = tagstackidx; int prevtagstackidx = tagstackidx; int prev_num_matches; int new_tag = FALSE; int i; int ic; int no_regexp = FALSE; int error_cur_match = 0; int save_pos = FALSE; fmark_T saved_fmark; #ifdef FEAT_CSCOPE int jumped_to_tag = FALSE; #endif int new_num_matches; char_u **new_matches; int use_tagstack; int skip_msg = FALSE; char_u *buf_ffname = curbuf->b_ffname; int use_tfu = 1; static int num_matches = 0; static int max_num_matches = 0; static char_u **matches = NULL; static int flags; #ifdef FEAT_EVAL if (tfu_in_use) { emsg(_(e_cannot_modify_tag_stack_within_tagfunc)); return FALSE; } #endif #ifdef EXITFREE if (type == DT_FREE) { FreeWild(num_matches, matches); # ifdef FEAT_CSCOPE cs_free_tags(); # endif num_matches = 0; return FALSE; } #endif if (type == DT_HELP) { type = DT_TAG; no_regexp = TRUE; use_tfu = 0; } prev_num_matches = num_matches; free_string_option(nofile_fname); nofile_fname = NULL; CLEAR_POS(&saved_fmark.mark); saved_fmark.fnum = 0; if ((!p_tgst && *tag != NUL)) { use_tagstack = FALSE; new_tag = TRUE; #if defined(FEAT_QUICKFIX) if (g_do_tagpreview != 0) { tagstack_clear_entry(&ptag_entry); if ((ptag_entry.tagname = vim_strsave(tag)) == NULL) goto end_do_tag; } #endif } else { #if defined(FEAT_QUICKFIX) if (g_do_tagpreview != 0) use_tagstack = FALSE; else #endif use_tagstack = TRUE; if (*tag != NUL && (type == DT_TAG || type == DT_SELECT || type == DT_JUMP #ifdef FEAT_QUICKFIX || type == DT_LTAG #endif #ifdef FEAT_CSCOPE || type == DT_CSCOPE #endif )) { #if defined(FEAT_QUICKFIX) if (g_do_tagpreview != 0) { if (ptag_entry.tagname != NULL && STRCMP(ptag_entry.tagname, tag) == 0) { cur_match = ptag_entry.cur_match; cur_fnum = ptag_entry.cur_fnum; } else { tagstack_clear_entry(&ptag_entry); if ((ptag_entry.tagname = vim_strsave(tag)) == NULL) goto end_do_tag; } } else #endif { while (tagstackidx < tagstacklen) tagstack_clear_entry(&tagstack[--tagstacklen]); if (++tagstacklen > TAGSTACKSIZE) { tagstacklen = TAGSTACKSIZE; tagstack_clear_entry(&tagstack[0]); for (i = 1; i < tagstacklen; ++i) tagstack[i - 1] = tagstack[i]; --tagstackidx; } if ((tagstack[tagstackidx].tagname = vim_strsave(tag)) == NULL) { curwin->w_tagstacklen = tagstacklen - 1; goto end_do_tag; } curwin->w_tagstacklen = tagstacklen; save_pos = TRUE; } new_tag = TRUE; } else { if ( #if defined(FEAT_QUICKFIX) g_do_tagpreview != 0 ? ptag_entry.tagname == NULL : #endif tagstacklen == 0) { emsg(_(e_tag_stack_empty)); goto end_do_tag; } if (type == DT_POP) { #ifdef FEAT_FOLDING int old_KeyTyped = KeyTyped; #endif if ((tagstackidx -= count) < 0) { emsg(_(e_at_bottom_of_tag_stack)); if (tagstackidx + count == 0) { tagstackidx = 0; goto end_do_tag; } tagstackidx = 0; } else if (tagstackidx >= tagstacklen) { emsg(_(e_at_top_of_tag_stack)); goto end_do_tag; } saved_fmark = tagstack[tagstackidx].fmark; if (saved_fmark.fnum != curbuf->b_fnum) { if (buflist_getfile(saved_fmark.fnum, saved_fmark.mark.lnum, GETF_SETMARK, forceit) == FAIL) { tagstackidx = oldtagstackidx; goto end_do_tag; } curwin->w_cursor.lnum = saved_fmark.mark.lnum; } else { setpcmark(); curwin->w_cursor.lnum = saved_fmark.mark.lnum; } curwin->w_cursor.col = saved_fmark.mark.col; curwin->w_set_curswant = TRUE; check_cursor(); #ifdef FEAT_FOLDING if ((fdo_flags & FDO_TAG) && old_KeyTyped) foldOpenCursor(); #endif FreeWild(num_matches, matches); #ifdef FEAT_CSCOPE cs_free_tags(); #endif num_matches = 0; tag_freematch(); goto end_do_tag; } if (type == DT_TAG #if defined(FEAT_QUICKFIX) || type == DT_LTAG #endif ) { #if defined(FEAT_QUICKFIX) if (g_do_tagpreview != 0) { cur_match = ptag_entry.cur_match; cur_fnum = ptag_entry.cur_fnum; } else #endif { save_pos = TRUE; if ((tagstackidx += count - 1) >= tagstacklen) { tagstackidx = tagstacklen - 1; emsg(_(e_at_top_of_tag_stack)); save_pos = FALSE; } else if (tagstackidx < 0) { emsg(_(e_at_bottom_of_tag_stack)); tagstackidx = 0; goto end_do_tag; } cur_match = tagstack[tagstackidx].cur_match; cur_fnum = tagstack[tagstackidx].cur_fnum; } new_tag = TRUE; } else { prevtagstackidx = tagstackidx; #if defined(FEAT_QUICKFIX) if (g_do_tagpreview != 0) { cur_match = ptag_entry.cur_match; cur_fnum = ptag_entry.cur_fnum; } else #endif { if (--tagstackidx < 0) tagstackidx = 0; cur_match = tagstack[tagstackidx].cur_match; cur_fnum = tagstack[tagstackidx].cur_fnum; } switch (type) { case DT_FIRST: cur_match = count - 1; break; case DT_SELECT: case DT_JUMP: #ifdef FEAT_CSCOPE case DT_CSCOPE: #endif case DT_LAST: cur_match = MAXCOL - 1; break; case DT_NEXT: cur_match += count; break; case DT_PREV: cur_match -= count; break; } if (cur_match >= MAXCOL) cur_match = MAXCOL - 1; else if (cur_match < 0) { emsg(_(e_cannot_go_before_first_matching_tag)); skip_msg = TRUE; cur_match = 0; cur_fnum = curbuf->b_fnum; } } } #if defined(FEAT_QUICKFIX) if (g_do_tagpreview != 0) { if (type != DT_SELECT && type != DT_JUMP) { ptag_entry.cur_match = cur_match; ptag_entry.cur_fnum = cur_fnum; } } else #endif { saved_fmark = tagstack[tagstackidx].fmark; if (save_pos) { tagstack[tagstackidx].fmark.mark = curwin->w_cursor; tagstack[tagstackidx].fmark.fnum = curbuf->b_fnum; } curwin->w_tagstackidx = tagstackidx; if (type != DT_SELECT && type != DT_JUMP) { curwin->w_tagstack[tagstackidx].cur_match = cur_match; curwin->w_tagstack[tagstackidx].cur_fnum = cur_fnum; } } } if (cur_fnum != curbuf->b_fnum) { buf_T *buf = buflist_findnr(cur_fnum); if (buf != NULL) buf_ffname = buf->b_ffname; } for (;;) { int other_name; char_u *name; if (use_tagstack) name = tagstack[tagstackidx].tagname; #if defined(FEAT_QUICKFIX) else if (g_do_tagpreview != 0) name = ptag_entry.tagname; #endif else name = tag; other_name = (tagmatchname == NULL || STRCMP(tagmatchname, name) != 0); if (new_tag || (cur_match >= num_matches && max_num_matches != MAXCOL) || other_name) { if (other_name) { vim_free(tagmatchname); tagmatchname = vim_strsave(name); } if (type == DT_SELECT || type == DT_JUMP #if defined(FEAT_QUICKFIX) || type == DT_LTAG #endif ) cur_match = MAXCOL - 1; if (type == DT_TAG) max_num_matches = MAXCOL; else max_num_matches = cur_match + 1; if (!no_regexp && *name == '/') { flags = TAG_REGEXP; ++name; } else flags = TAG_NOIC; #ifdef FEAT_CSCOPE if (type == DT_CSCOPE) flags = TAG_CSCOPE; #endif if (verbose) flags |= TAG_VERBOSE; if (!use_tfu) flags |= TAG_NO_TAGFUNC; if (find_tags(name, &new_num_matches, &new_matches, flags, max_num_matches, buf_ffname) == OK && new_num_matches < max_num_matches) max_num_matches = MAXCOL; if (!new_tag && !other_name) { int j, k; int idx = 0; tagptrs_T tagp, tagp2; for (j = 0; j < num_matches; ++j) { parse_match(matches[j], &tagp); for (i = idx; i < new_num_matches; ++i) { parse_match(new_matches[i], &tagp2); if (STRCMP(tagp.tagname, tagp2.tagname) == 0) { char_u *p = new_matches[i]; for (k = i; k > idx; --k) new_matches[k] = new_matches[k - 1]; new_matches[idx++] = p; break; } } } } FreeWild(num_matches, matches); num_matches = new_num_matches; matches = new_matches; } if (num_matches <= 0) { if (verbose) semsg(_(e_tag_not_found_str), name); #if defined(FEAT_QUICKFIX) g_do_tagpreview = 0; #endif } else { int ask_for_selection = FALSE; #ifdef FEAT_CSCOPE if (type == DT_CSCOPE && num_matches > 1) { cs_print_tags(); ask_for_selection = TRUE; } else #endif if (type == DT_TAG && *tag != NUL) cur_match = count > 0 ? count - 1 : 0; else if (type == DT_SELECT || (type == DT_JUMP && num_matches > 1)) { print_tag_list(new_tag, use_tagstack, num_matches, matches); ask_for_selection = TRUE; } #if defined(FEAT_QUICKFIX) && defined(FEAT_EVAL) else if (type == DT_LTAG) { if (add_llist_tags(tag, num_matches, matches) == FAIL) goto end_do_tag; cur_match = 0; } #endif if (ask_for_selection == TRUE) { i = prompt_for_number(NULL); if (i <= 0 || i > num_matches || got_int) { if (use_tagstack) { tagstack[tagstackidx].fmark = saved_fmark; tagstackidx = prevtagstackidx; } #ifdef FEAT_CSCOPE cs_free_tags(); jumped_to_tag = TRUE; #endif break; } cur_match = i - 1; } if (cur_match >= num_matches) { if ((type == DT_NEXT || type == DT_FIRST) && nofile_fname == NULL) { if (num_matches == 1) emsg(_(e_there_is_only_one_matching_tag)); else emsg(_(e_cannot_go_beyond_last_matching_tag)); skip_msg = TRUE; } cur_match = num_matches - 1; } if (use_tagstack) { tagptrs_T tagp; tagstack[tagstackidx].cur_match = cur_match; tagstack[tagstackidx].cur_fnum = cur_fnum; if (use_tfu && parse_match(matches[cur_match], &tagp) == OK && tagp.user_data) { VIM_CLEAR(tagstack[tagstackidx].user_data); tagstack[tagstackidx].user_data = vim_strnsave( tagp.user_data, tagp.user_data_end - tagp.user_data); } ++tagstackidx; } #if defined(FEAT_QUICKFIX) else if (g_do_tagpreview != 0) { ptag_entry.cur_match = cur_match; ptag_entry.cur_fnum = cur_fnum; } #endif if (nofile_fname != NULL && error_cur_match != cur_match) smsg(_(""File \""%s\"" does not exist""), nofile_fname); ic = (matches[cur_match][0] & MT_IC_OFF); if (type != DT_TAG && type != DT_SELECT && type != DT_JUMP #ifdef FEAT_CSCOPE && type != DT_CSCOPE #endif && (num_matches > 1 || ic) && !skip_msg) { sprintf((char *)IObuff, _(""tag %d of %d%s""), cur_match + 1, num_matches, max_num_matches != MAXCOL ? _("" or more"") : """"); if (ic) STRCAT(IObuff, _("" Using tag with different case!"")); if ((num_matches > prev_num_matches || new_tag) && num_matches > 1) { if (ic) msg_attr((char *)IObuff, HL_ATTR(HLF_W)); else msg((char *)IObuff); msg_scroll = TRUE; } else give_warning(IObuff, ic); if (ic && !msg_scrolled && msg_silent == 0) { out_flush(); ui_delay(1007L, TRUE); } } #if defined(FEAT_EVAL) vim_snprintf((char *)IObuff, IOSIZE, "":ta %s\r"", name); set_vim_var_string(VV_SWAPCOMMAND, IObuff, -1); #endif i = jumpto_tag(matches[cur_match], forceit, type != DT_CSCOPE); #if defined(FEAT_EVAL) set_vim_var_string(VV_SWAPCOMMAND, NULL, -1); #endif if (i == NOTAGFILE) { if ((type == DT_PREV && cur_match > 0) || ((type == DT_TAG || type == DT_NEXT || type == DT_FIRST) && (max_num_matches != MAXCOL || cur_match < num_matches - 1))) { error_cur_match = cur_match; if (use_tagstack) --tagstackidx; if (type == DT_PREV) --cur_match; else { type = DT_NEXT; ++cur_match; } continue; } semsg(_(e_file_str_does_not_exist), nofile_fname); } else { if (use_tagstack && tagstackidx > curwin->w_tagstacklen) tagstackidx = curwin->w_tagstackidx; #ifdef FEAT_CSCOPE jumped_to_tag = TRUE; #endif } } break; } end_do_tag: if (use_tagstack && tagstackidx <= curwin->w_tagstacklen) curwin->w_tagstackidx = tagstackidx; postponed_split = 0; # ifdef FEAT_QUICKFIX g_do_tagpreview = 0; # endif #ifdef FEAT_CSCOPE return jumped_to_tag; #else return FALSE; #endif }",visit repo url,src/tag.c,https://github.com/vim/vim,69163847514349,1 1893,['CWE-20'],"static int copy_pte_range(struct mm_struct *dst_mm, struct mm_struct *src_mm, pmd_t *dst_pmd, pmd_t *src_pmd, struct vm_area_struct *vma, unsigned long addr, unsigned long end) { pte_t *src_pte, *dst_pte; spinlock_t *src_ptl, *dst_ptl; int progress = 0; int rss[2]; again: rss[1] = rss[0] = 0; dst_pte = pte_alloc_map_lock(dst_mm, dst_pmd, addr, &dst_ptl); if (!dst_pte) return -ENOMEM; src_pte = pte_offset_map_nested(src_pmd, addr); src_ptl = pte_lockptr(src_mm, src_pmd); spin_lock_nested(src_ptl, SINGLE_DEPTH_NESTING); arch_enter_lazy_mmu_mode(); do { if (progress >= 32) { progress = 0; if (need_resched() || spin_needbreak(src_ptl) || spin_needbreak(dst_ptl)) break; } if (pte_none(*src_pte)) { progress++; continue; } copy_one_pte(dst_mm, src_mm, dst_pte, src_pte, vma, addr, rss); progress += 8; } while (dst_pte++, src_pte++, addr += PAGE_SIZE, addr != end); arch_leave_lazy_mmu_mode(); spin_unlock(src_ptl); pte_unmap_nested(src_pte - 1); add_mm_rss(dst_mm, rss[0], rss[1]); pte_unmap_unlock(dst_pte - 1, dst_ptl); cond_resched(); if (addr != end) goto again; return 0; }",linux-2.6,,,184140815048122652908343682503854773622,0 1387,[],"static int cfs_rq_best_prio(struct cfs_rq *cfs_rq) { struct sched_entity *curr; struct task_struct *p; if (!cfs_rq->nr_running || !first_fair(cfs_rq)) return MAX_PRIO; curr = cfs_rq->curr; if (!curr) curr = __pick_next_entity(cfs_rq); p = task_of(curr); return p->prio; }",linux-2.6,,,61070635823282146220899945380651107779,0 3074,CWE-120,"eap_request(esp, inp, id, len) eap_state *esp; u_char *inp; int id; int len; { u_char typenum; u_char vallen; int secret_len; char secret[MAXWORDLEN]; char rhostname[256]; MD5_CTX mdContext; u_char hash[MD5_SIGNATURE_SIZE]; #ifdef USE_SRP struct t_client *tc; struct t_num sval, gval, Nval, *Ap, Bval; u_char vals[2]; SHA1_CTX ctxt; u_char dig[SHA_DIGESTSIZE]; int fd; #endif esp->es_client.ea_requests++; if (esp->es_client.ea_maxrequests != 0 && esp->es_client.ea_requests > esp->es_client.ea_maxrequests) { info(""EAP: received too many Request messages""); if (esp->es_client.ea_timeout > 0) { UNTIMEOUT(eap_client_timeout, (void *)esp); } auth_withpeer_fail(esp->es_unit, PPP_EAP); return; } if (len <= 0) { error(""EAP: empty Request message discarded""); return; } GETCHAR(typenum, inp); len--; switch (typenum) { case EAPT_IDENTITY: if (len > 0) info(""EAP: Identity prompt \""%.*q\"""", len, inp); #ifdef USE_SRP if (esp->es_usepseudo && (esp->es_usedpseudo == 0 || (esp->es_usedpseudo == 1 && id == esp->es_client.ea_id))) { esp->es_usedpseudo = 1; if ((fd = open_pn_file(O_RDONLY)) >= 0) { strcpy(rhostname, SRP_PSEUDO_ID); len = read(fd, rhostname + SRP_PSEUDO_LEN, sizeof (rhostname) - SRP_PSEUDO_LEN); if (len > 0) { eap_send_response(esp, id, typenum, rhostname, len + SRP_PSEUDO_LEN); } (void) close(fd); if (len > 0) break; } } if (esp->es_usepseudo && esp->es_usedpseudo != 2) { remove_pn_file(); esp->es_usedpseudo = 2; } #endif eap_send_response(esp, id, typenum, esp->es_client.ea_name, esp->es_client.ea_namelen); break; case EAPT_NOTIFICATION: if (len > 0) info(""EAP: Notification \""%.*q\"""", len, inp); eap_send_response(esp, id, typenum, NULL, 0); break; case EAPT_NAK: warn(""EAP: unexpected Nak in Request; ignored""); return; case EAPT_MD5CHAP: if (len < 1) { error(""EAP: received MD5-Challenge with no data""); return; } GETCHAR(vallen, inp); len--; if (vallen < 8 || vallen > len) { error(""EAP: MD5-Challenge with bad length %d (8..%d)"", vallen, len); eap_send_nak(esp, id, EAPT_SRP); break; } if (vallen >= len + sizeof (rhostname)) { dbglog(""EAP: trimming really long peer name down""); BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1); rhostname[sizeof (rhostname) - 1] = '\0'; } else { BCOPY(inp + vallen, rhostname, len - vallen); rhostname[len - vallen] = '\0'; } if (explicit_remote || (remote_name[0] != '\0' && vallen == len)) strlcpy(rhostname, remote_name, sizeof (rhostname)); if (!get_secret(esp->es_unit, esp->es_client.ea_name, rhostname, secret, &secret_len, 0)) { dbglog(""EAP: no MD5 secret for auth to %q"", rhostname); eap_send_nak(esp, id, EAPT_SRP); break; } MD5_Init(&mdContext); typenum = id; MD5_Update(&mdContext, &typenum, 1); MD5_Update(&mdContext, (u_char *)secret, secret_len); BZERO(secret, sizeof (secret)); MD5_Update(&mdContext, inp, vallen); MD5_Final(hash, &mdContext); eap_chap_response(esp, id, hash, esp->es_client.ea_name, esp->es_client.ea_namelen); break; #ifdef USE_SRP case EAPT_SRP: if (len < 1) { error(""EAP: received empty SRP Request""); return; } GETCHAR(vallen, inp); len--; switch (vallen) { case EAPSRP_CHALLENGE: tc = NULL; if (esp->es_client.ea_session != NULL) { tc = (struct t_client *)esp->es_client. ea_session; if (id != esp->es_client.ea_id) { t_clientclose(tc); esp->es_client.ea_session = NULL; tc = NULL; } } esp->es_client.ea_skey = NULL; if (tc == NULL) { GETCHAR(vallen, inp); len--; if (vallen >= len) { error(""EAP: badly-formed SRP Challenge"" "" (name)""); return; } BCOPY(inp, rhostname, vallen); rhostname[vallen] = '\0'; INCPTR(vallen, inp); len -= vallen; if (explicit_remote || (remote_name[0] != '\0' && vallen == 0)) { strlcpy(rhostname, remote_name, sizeof (rhostname)); } if (esp->es_client.ea_peer != NULL) free(esp->es_client.ea_peer); esp->es_client.ea_peer = strdup(rhostname); esp->es_client.ea_peerlen = strlen(rhostname); GETCHAR(vallen, inp); len--; if (vallen >= len) { error(""EAP: badly-formed SRP Challenge"" "" (s)""); return; } sval.data = inp; sval.len = vallen; INCPTR(vallen, inp); len -= vallen; GETCHAR(vallen, inp); len--; if (vallen > len) { error(""EAP: badly-formed SRP Challenge"" "" (g)""); return; } if (vallen == 0) { gval.data = (u_char *)""\002""; gval.len = 1; } else { gval.data = inp; gval.len = vallen; } INCPTR(vallen, inp); len -= vallen; if (len == 0) { Nval.data = (u_char *)wkmodulus; Nval.len = sizeof (wkmodulus); } else { Nval.data = inp; Nval.len = len; } tc = t_clientopen(esp->es_client.ea_name, &Nval, &gval, &sval); if (tc == NULL) { eap_send_nak(esp, id, EAPT_MD5CHAP); break; } esp->es_client.ea_session = (void *)tc; vals[0] = id; vals[1] = EAPT_SRP; t_clientaddexdata(tc, vals, 2); } Ap = t_clientgenexp(tc); eap_srp_response(esp, id, EAPSRP_CKEY, Ap->data, Ap->len); break; case EAPSRP_SKEY: tc = (struct t_client *)esp->es_client.ea_session; if (tc == NULL) { warn(""EAP: peer sent Subtype 2 without 1""); eap_send_nak(esp, id, EAPT_MD5CHAP); break; } if (esp->es_client.ea_skey != NULL) { if (id != esp->es_client.ea_id) { warn(""EAP: ID changed from %d to %d "" ""in SRP Subtype 2 rexmit"", esp->es_client.ea_id, id); } } else { if (get_srp_secret(esp->es_unit, esp->es_client.ea_name, esp->es_client.ea_peer, secret, 0) == 0) { eap_send_nak(esp, id, EAPT_MD5CHAP); break; } Bval.data = inp; Bval.len = len; t_clientpasswd(tc, secret); BZERO(secret, sizeof (secret)); esp->es_client.ea_skey = t_clientgetkey(tc, &Bval); if (esp->es_client.ea_skey == NULL) { error(""EAP: SRP server is rogue""); goto client_failure; } } eap_srpval_response(esp, id, SRPVAL_EBIT, t_clientresponse(tc)); break; case EAPSRP_SVALIDATOR: tc = (struct t_client *)esp->es_client.ea_session; if (tc == NULL || esp->es_client.ea_skey == NULL) { warn(""EAP: peer sent Subtype 3 without 1/2""); eap_send_nak(esp, id, EAPT_MD5CHAP); break; } if (esp->es_client.ea_state == eapOpen) { if (id != esp->es_client.ea_id) { warn(""EAP: ID changed from %d to %d "" ""in SRP Subtype 3 rexmit"", esp->es_client.ea_id, id); } } else { len -= sizeof (u_int32_t) + SHA_DIGESTSIZE; if (len < 0 || t_clientverify(tc, inp + sizeof (u_int32_t)) != 0) { error(""EAP: SRP server verification "" ""failed""); goto client_failure; } GETLONG(esp->es_client.ea_keyflags, inp); if (len > 0 && esp->es_usepseudo) { INCPTR(SHA_DIGESTSIZE, inp); write_pseudonym(esp, inp, len, id); } } eap_srp_response(esp, id, EAPSRP_ACK, NULL, 0); break; case EAPSRP_LWRECHALLENGE: if (len < 4) { warn(""EAP: malformed Lightweight rechallenge""); return; } SHA1Init(&ctxt); vals[0] = id; SHA1Update(&ctxt, vals, 1); SHA1Update(&ctxt, esp->es_client.ea_skey, SESSION_KEY_LEN); SHA1Update(&ctxt, inp, len); SHA1Update(&ctxt, esp->es_client.ea_name, esp->es_client.ea_namelen); SHA1Final(dig, &ctxt); eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig, SHA_DIGESTSIZE); break; default: error(""EAP: unknown SRP Subtype %d"", vallen); eap_send_nak(esp, id, EAPT_MD5CHAP); break; } break; #endif default: info(""EAP: unknown authentication type %d; Naking"", typenum); eap_send_nak(esp, id, EAPT_SRP); break; } if (esp->es_client.ea_timeout > 0) { UNTIMEOUT(eap_client_timeout, (void *)esp); TIMEOUT(eap_client_timeout, (void *)esp, esp->es_client.ea_timeout); } return; #ifdef USE_SRP client_failure: esp->es_client.ea_state = eapBadAuth; if (esp->es_client.ea_timeout > 0) { UNTIMEOUT(eap_client_timeout, (void *)esp); } esp->es_client.ea_session = NULL; t_clientclose(tc); auth_withpeer_fail(esp->es_unit, PPP_EAP); #endif }",visit repo url,pppd/eap.c,https://github.com/paulusmack/ppp,269910288040929,1 6540,['CWE-200'],"foo_set_initial_state (gpointer data) { NMApplet *applet = NM_APPLET (data); const GPtrArray *devices; int i; devices = nm_client_get_devices (applet->nm_client); for (i = 0; devices && (i < devices->len); i++) foo_device_added_cb (applet->nm_client, NM_DEVICE (g_ptr_array_index (devices, i)), applet); foo_active_connections_changed_cb (applet->nm_client, NULL, applet); applet_schedule_update_icon (applet); return FALSE; }",network-manager-applet,,,109553300409285837699453938092273838203,0 5257,['CWE-264'],"static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool default_ace, SMB_STRUCT_STAT *psbuf, bool *pacl_set_support) { connection_struct *conn = fsp->conn; bool ret = False; SMB_ACL_T the_acl = SMB_VFS_SYS_ACL_INIT(conn, (int)count_canon_ace_list(the_ace) + 1); canon_ace *p_ace; int i; SMB_ACL_ENTRY_T mask_entry; bool got_mask_entry = False; SMB_ACL_PERMSET_T mask_permset; SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS); bool needs_mask = False; mode_t mask_perms = 0; #if defined(POSIX_ACL_NEEDS_MASK) needs_mask = True; #endif if (the_acl == NULL) { if (!no_acl_syscall_error(errno)) { DEBUG(0,(""set_canon_ace_list: Unable to init %s ACL. (%s)\n"", default_ace ? ""default"" : ""file"", strerror(errno) )); } *pacl_set_support = False; return False; } if( DEBUGLVL( 10 )) { dbgtext(""set_canon_ace_list: setting ACL:\n""); for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) { print_canon_ace( p_ace, i); } } for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) { SMB_ACL_ENTRY_T the_entry; SMB_ACL_PERMSET_T the_permset; if (p_ace->type == SMB_ACL_USER || p_ace->type == SMB_ACL_GROUP) { needs_mask = True; mask_perms |= p_ace->perms; } else if (p_ace->type == SMB_ACL_GROUP_OBJ) { mask_perms |= p_ace->perms; } if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &the_entry) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to create entry %d. (%s)\n"", i, strerror(errno) )); goto fail; } if (p_ace->type == SMB_ACL_MASK) { mask_entry = the_entry; got_mask_entry = True; } *pacl_set_support = True; if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, the_entry, p_ace->type) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to set tag type on entry %d. (%s)\n"", i, strerror(errno) )); goto fail; } if ((p_ace->type == SMB_ACL_USER) || (p_ace->type == SMB_ACL_GROUP)) { if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&p_ace->unix_ug.uid) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to set qualifier on entry %d. (%s)\n"", i, strerror(errno) )); goto fail; } } if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, the_entry, &the_permset) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to get permset on entry %d. (%s)\n"", i, strerror(errno) )); goto fail; } if (map_acl_perms_to_permset(conn, p_ace->perms, &the_permset) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to create permset for mode (%u) on entry %d. (%s)\n"", (unsigned int)p_ace->perms, i, strerror(errno) )); goto fail; } if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, the_entry, the_permset) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to add permset on entry %d. (%s)\n"", i, strerror(errno) )); goto fail; } if( DEBUGLVL( 10 )) print_canon_ace( p_ace, i); } if (needs_mask && !got_mask_entry) { if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &mask_entry) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to create mask entry. (%s)\n"", strerror(errno) )); goto fail; } if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, mask_entry, SMB_ACL_MASK) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to set tag type on mask entry. (%s)\n"",strerror(errno) )); goto fail; } if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, mask_entry, &mask_permset) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to get mask permset. (%s)\n"", strerror(errno) )); goto fail; } if (map_acl_perms_to_permset(conn, S_IRUSR|S_IWUSR|S_IXUSR, &mask_permset) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to create mask permset. (%s)\n"", strerror(errno) )); goto fail; } if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, mask_entry, mask_permset) == -1) { DEBUG(0,(""set_canon_ace_list: Failed to add mask permset. (%s)\n"", strerror(errno) )); goto fail; } } if(default_ace || fsp->is_directory || fsp->fh->fd == -1) { if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, the_acl_type, the_acl) == -1) { if (no_acl_syscall_error(errno)) { *pacl_set_support = False; } if (acl_group_override(conn, psbuf, fsp->fsp_name)) { int sret; DEBUG(5,(""set_canon_ace_list: acl group control on and current user in file %s primary group.\n"", fsp->fsp_name )); become_root(); sret = SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, the_acl_type, the_acl); unbecome_root(); if (sret == 0) { ret = True; } } if (ret == False) { DEBUG(2,(""set_canon_ace_list: sys_acl_set_file type %s failed for file %s (%s).\n"", the_acl_type == SMB_ACL_TYPE_DEFAULT ? ""directory default"" : ""file"", fsp->fsp_name, strerror(errno) )); goto fail; } } } else { if (SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl) == -1) { if (no_acl_syscall_error(errno)) { *pacl_set_support = False; } if (acl_group_override(conn, psbuf, fsp->fsp_name)) { int sret; DEBUG(5,(""set_canon_ace_list: acl group control on and current user in file %s primary group.\n"", fsp->fsp_name )); become_root(); sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl); unbecome_root(); if (sret == 0) { ret = True; } } if (ret == False) { DEBUG(2,(""set_canon_ace_list: sys_acl_set_file failed for file %s (%s).\n"", fsp->fsp_name, strerror(errno) )); goto fail; } } } ret = True; fail: if (the_acl != NULL) { SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl); } return ret; }",samba,,,169674267443890665077683157891115904645,0 613,CWE-17,"static inline int file_list_cpu(struct file *file) { #ifdef CONFIG_SMP return file->f_sb_list_cpu; #else return smp_processor_id(); #endif }",visit repo url,fs/file_table.c,https://github.com/torvalds/linux,2456889588302,1 1955,['CWE-20'],"void pmd_clear_bad(pmd_t *pmd) { pmd_ERROR(*pmd); pmd_clear(pmd); }",linux-2.6,,,45000911309788684210687173279907785109,0 5094,['CWE-20'],"static __exit void hardware_unsetup(void) { free_kvm_area(); }",linux-2.6,,,165060749802121318392271062058770742067,0 5562,CWE-125,"obj2ast_comprehension(PyObject* obj, comprehension_ty* out, PyArena* arena) { PyObject* tmp = NULL; expr_ty target; expr_ty iter; asdl_seq* ifs; int is_async; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from comprehension""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_iter)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_iter); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from comprehension""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_ifs)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_ifs); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""comprehension field \""ifs\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); ifs = _Ta3_asdl_seq_new(len, arena); if (ifs == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""comprehension field \""ifs\"" changed size during iteration""); goto failed; } asdl_seq_SET(ifs, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""ifs\"" missing from comprehension""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_is_async)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_is_async); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &is_async, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""is_async\"" missing from comprehension""); return 1; } *out = comprehension(target, iter, ifs, is_async, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,216646173510751,1 4092,CWE-119,"static int cmd_info(void *data, const char *input) { RCore *core = (RCore *) data; bool newline = r_config_get_i (core->config, ""scr.interactive""); RBinObject *o = r_bin_cur_object (core->bin); RCoreFile *cf = core->file; int i, va = core->io->va || core->io->debug; int mode = 0; int is_array = 0; Sdb *db; for (i = 0; input[i] && input[i] != ' '; i++) ; if (i > 0) { switch (input[i - 1]) { case '*': mode = R_CORE_BIN_RADARE; break; case 'j': mode = R_CORE_BIN_JSON; break; case 'q': mode = R_CORE_BIN_SIMPLE; break; } } if (mode == R_CORE_BIN_JSON) { if (strlen (input + 1) > 1) { is_array = 1; } } if (is_array) { r_cons_printf (""{""); } if (!*input) { cmd_info_bin (core, va, mode); } if (!strcmp (input, ""*"")) { input = ""I*""; } RBinObject *obj = r_bin_cur_object (core->bin); while (*input) { switch (*input) { case 'b': { ut64 baddr = r_config_get_i (core->config, ""bin.baddr""); if (input[1] == ' ') { baddr = r_num_math (core->num, input + 1); } r_core_bin_reload (core, NULL, baddr); r_core_block_read (core); newline = false; } break; case 'k': db = o? o->kv: NULL; switch (input[1]) { case 'v': if (db) { char *o = sdb_querys (db, NULL, 0, input + 3); if (o && *o) { r_cons_print (o); } free (o); } break; case '*': r_core_bin_export_info_rad (core); break; case '.': case ' ': if (db) { char *o = sdb_querys (db, NULL, 0, input + 2); if (o && *o) { r_cons_print (o); } free (o); } break; case '\0': if (db) { char *o = sdb_querys (db, NULL, 0, ""*""); if (o && *o) { r_cons_print (o); } free (o); } break; case '?': default: eprintf (""Usage: ik [sdb-query]\n""); eprintf (""Usage: ik* # load all header information\n""); } goto done; break; case 'o': { if (!cf) { eprintf (""Core file not open\n""); return 0; } const char *fn = input[1] == ' '? input + 2: cf->desc->name; ut64 baddr = r_config_get_i (core->config, ""bin.baddr""); r_core_bin_load (core, fn, baddr); } break; #define RBININFO(n,x,y,z)\ if (is_array) {\ if (is_array == 1) { is_array++;\ } else { r_cons_printf ("","");}\ r_cons_printf (""\""%s\"":"",n);\ }\ if (z) { playMsg (core, n, z);}\ r_core_bin_info (core, x, mode, va, NULL, y); case 'A': newline = false; if (input[1] == 'j') { r_cons_printf (""{""); r_bin_list_archs (core->bin, 'j'); r_cons_printf (""}\n""); } else { r_bin_list_archs (core->bin, 1); } break; case 'E': RBININFO (""exports"", R_CORE_BIN_ACC_EXPORTS, NULL, 0); break; case 'Z': RBININFO (""size"", R_CORE_BIN_ACC_SIZE, NULL, 0); break; case 'S': if ((input[1] == 'm' && input[2] == 'z') || !input[1]) { RBININFO (""sections"", R_CORE_BIN_ACC_SECTIONS, NULL, 0); } else { RBinObject *obj = r_bin_cur_object (core->bin); if (mode == R_CORE_BIN_RADARE || mode == R_CORE_BIN_JSON || mode == R_CORE_BIN_SIMPLE) { RBININFO (""sections"", R_CORE_BIN_ACC_SECTIONS, input + 2, obj? r_list_length (obj->sections): 0); } else { RBININFO (""sections"", R_CORE_BIN_ACC_SECTIONS, input + 1, obj? r_list_length (obj->sections): 0); } while (*(++input)) ; input--; } break; case 'H': if (input[1] == 'H') { RBININFO (""header"", R_CORE_BIN_ACC_HEADER, NULL, -1); break; } case 'h': RBININFO (""fields"", R_CORE_BIN_ACC_FIELDS, NULL, 0); break; case 'l': RBININFO (""libs"", R_CORE_BIN_ACC_LIBS, NULL, obj? r_list_length (obj->libs): 0); break; case 'L': { char *ptr = strchr (input, ' '); int json = input[1] == 'j'? 'j': 0; if (ptr && ptr[1]) { const char *plugin_name = ptr + 1; if (is_array) { r_cons_printf (""\""plugin\"": ""); } r_bin_list_plugin (core->bin, plugin_name, json); } else { r_bin_list (core->bin, json); } newline = false; goto done; } break; case 's': if (input[1] == '.') { ut64 addr = core->offset + (core->print->cur_enabled? core->print->cur: 0); RFlagItem *f = r_flag_get_at (core->flags, addr, false); if (f) { if (f->offset == addr || !f->offset) { r_cons_printf (""%s"", f->name); } else { r_cons_printf (""%s+%d"", f->name, (int) (addr - f->offset)); } } input++; break; } else { RBinObject *obj = r_bin_cur_object (core->bin); RBININFO (""symbols"", R_CORE_BIN_ACC_SYMBOLS, NULL, obj? r_list_length (obj->symbols): 0); break; } case 'R': if (input[1] == '*') { mode = R_CORE_BIN_RADARE; } else if (input[1] == 'j') { mode = R_CORE_BIN_JSON; } RBININFO (""resources"", R_CORE_BIN_ACC_RESOURCES, NULL, 0); break; case 'r': RBININFO (""relocs"", R_CORE_BIN_ACC_RELOCS, NULL, 0); break; case 'd': RBININFO (""dwarf"", R_CORE_BIN_ACC_DWARF, NULL, -1); break; case 'i': RBININFO (""imports"",R_CORE_BIN_ACC_IMPORTS, NULL, obj? r_list_length (obj->imports): 0); break; case 'I': RBININFO (""info"", R_CORE_BIN_ACC_INFO, NULL, 0); break; case 'e': RBININFO (""entries"", R_CORE_BIN_ACC_ENTRIES, NULL, 0); break; case 'M': RBININFO (""main"", R_CORE_BIN_ACC_MAIN, NULL, 0); break; case 'm': RBININFO (""memory"", R_CORE_BIN_ACC_MEM, NULL, 0); break; case 'V': RBININFO (""versioninfo"", R_CORE_BIN_ACC_VERSIONINFO, NULL, 0); break; case 'C': RBININFO (""signature"", R_CORE_BIN_ACC_SIGNATURE, NULL, 0); break; case 'z': if (input[1] == 'z') { switch (input[2]) { case '*': mode = R_CORE_BIN_RADARE; break; case 'j': mode = R_CORE_BIN_JSON; break; case 'q': if (input[3] == 'q') { mode = R_CORE_BIN_SIMPLEST; input++; } else { mode = R_CORE_BIN_SIMPLE; } break; default: mode = R_CORE_BIN_PRINT; break; } input++; RBININFO (""strings"", R_CORE_BIN_ACC_RAW_STRINGS, NULL, 0); } else { RBinObject *obj = r_bin_cur_object (core->bin); if (input[1] == 'q') { mode = (input[2] == 'q') ? R_CORE_BIN_SIMPLEST : R_CORE_BIN_SIMPLE; input++; } if (obj) { RBININFO (""strings"", R_CORE_BIN_ACC_STRINGS, NULL, obj? r_list_length (obj->strings): 0); } } break; case 'c': if (input[1] == '?') { eprintf (""Usage: ic[ljq*] [class-index or name]\n""); } else if (input[1] == ' ' || input[1] == 'q' || input[1] == 'j' || input[1] == 'l') { RBinClass *cls; RBinSymbol *sym; RListIter *iter, *iter2; RBinObject *obj = r_bin_cur_object (core->bin); if (obj) { if (input[2]) { int idx = -1; const char * cls_name = NULL; if (r_num_is_valid_input (core->num, input + 2)) { idx = r_num_math (core->num, input + 2); } else { const char * first_char = input + ((input[1] == ' ') ? 1 : 2); int not_space = strspn (first_char, "" ""); if (first_char[not_space]) { cls_name = first_char + not_space; } } int count = 0; r_list_foreach (obj->classes, iter, cls) { if ((idx >= 0 && idx != count++) || (cls_name && strcmp (cls_name, cls->name) != 0)){ continue; } switch (input[1]) { case '*': r_list_foreach (cls->methods, iter2, sym) { r_cons_printf (""f sym.%s @ 0x%""PFMT64x ""\n"", sym->name, sym->vaddr); } input++; break; case 'l': r_list_foreach (cls->methods, iter2, sym) { const char *comma = iter2->p? "" "": """"; r_cons_printf (""%s0x%""PFMT64d, comma, sym->vaddr); } r_cons_newline (); input++; break; case 'j': input++; r_cons_printf (""\""class\"":\""%s\"""", cls->name); r_cons_printf ("",\""methods\"":[""); r_list_foreach (cls->methods, iter2, sym) { const char *comma = iter2->p? "","": """"; if (sym->method_flags) { char *flags = r_core_bin_method_flags_str (sym, R_CORE_BIN_JSON); r_cons_printf (""%s{\""name\"":\""%s\"",\""flags\"":%s,\""vaddr\"":%""PFMT64d ""}"", comma, sym->name, flags, sym->vaddr); R_FREE (flags); } else { r_cons_printf (""%s{\""name\"":\""%s\"",\""vaddr\"":%""PFMT64d ""}"", comma, sym->name, sym->vaddr); } } r_cons_printf (""]""); break; default: r_cons_printf (""class %s\n"", cls->name); r_list_foreach (cls->methods, iter2, sym) { char *flags = r_core_bin_method_flags_str (sym, 0); r_cons_printf (""0x%08""PFMT64x "" method %s %s %s\n"", sym->vaddr, cls->name, flags, sym->name); R_FREE (flags); } break; } goto done; } goto done; } else { playMsg (core, ""classes"", r_list_length (obj->classes)); if (input[1] == 'l' && obj) { r_list_foreach (obj->classes, iter, cls) { r_list_foreach (cls->methods, iter2, sym) { const char *comma = iter2->p? "" "": """"; r_cons_printf (""%s0x%""PFMT64d, comma, sym->vaddr); } if (!r_list_empty (cls->methods)) { r_cons_newline (); } } } else { RBININFO (""classes"", R_CORE_BIN_ACC_CLASSES, NULL, r_list_length (obj->classes)); } } } } else { RBinObject *obj = r_bin_cur_object (core->bin); int len = obj? r_list_length (obj->classes): 0; RBININFO (""classes"", R_CORE_BIN_ACC_CLASSES, NULL, len); } break; case 'D': if (input[1] != ' ' || !demangle (core, input + 2)) { eprintf (""|Usage: iD lang symbolname\n""); } return 0; case 'a': switch (mode) { case R_CORE_BIN_RADARE: cmd_info (core, ""iIiecsSmz*""); break; case R_CORE_BIN_JSON: cmd_info (core, ""iIiecsSmzj""); break; case R_CORE_BIN_SIMPLE: cmd_info (core, ""iIiecsSmzq""); break; default: cmd_info (core, ""IiEecsSmz""); break; } break; case '?': { const char *help_message[] = { ""Usage: i"", """", ""Get info from opened file (see rabin2's manpage)"", ""Output mode:"", """", """", ""'*'"", """", ""Output in radare commands"", ""'j'"", """", ""Output in json"", ""'q'"", """", ""Simple quiet output"", ""Actions:"", """", """", ""i|ij"", """", ""Show info of current file (in JSON)"", ""iA"", """", ""List archs"", ""ia"", """", ""Show all info (imports, exports, sections..)"", ""ib"", """", ""Reload the current buffer for setting of the bin (use once only)"", ""ic"", """", ""List classes, methods and fields"", ""iC"", """", ""Show signature info (entitlements, ...)"", ""id"", """", ""Debug information (source lines)"", ""iD"", "" lang sym"", ""demangle symbolname for given language"", ""ie"", """", ""Entrypoint"", ""iE"", """", ""Exports (global symbols)"", ""ih"", """", ""Headers (alias for iH)"", ""iHH"", """", ""Verbose Headers in raw text"", ""ii"", """", ""Imports"", ""iI"", """", ""Binary info"", ""ik"", "" [query]"", ""Key-value database from RBinObject"", ""il"", """", ""Libraries"", ""iL "", ""[plugin]"", ""List all RBin plugins loaded or plugin details"", ""im"", """", ""Show info about predefined memory allocation"", ""iM"", """", ""Show main address"", ""io"", "" [file]"", ""Load info from file (or last opened) use bin.baddr"", ""ir"", """", ""Relocs"", ""iR"", """", ""Resources"", ""is"", """", ""Symbols"", ""iS "", ""[entropy,sha1]"", ""Sections (choose which hash algorithm to use)"", ""iV"", """", ""Display file version info"", ""iz|izj"", """", ""Strings in data sections (in JSON/Base64)"", ""izz"", """", ""Search for Strings in the whole binary"", ""iZ"", """", ""Guess size of binary program"", NULL }; r_core_cmd_help (core, help_message); } goto done; case '*': mode = R_CORE_BIN_RADARE; goto done; case 'q': mode = R_CORE_BIN_SIMPLE; cmd_info_bin (core, va, mode); goto done; case 'j': mode = R_CORE_BIN_JSON; if (is_array > 1) { mode |= R_CORE_BIN_ARRAY; } cmd_info_bin (core, va, mode); goto done; default: cmd_info_bin (core, va, mode); break; } input++; if ((*input == 'j' || *input == 'q') && !input[1]) { break; } } done: if (is_array) { r_cons_printf (""}\n""); } if (newline) { r_cons_newline (); } return 0; }",visit repo url,libr/core/cmd_info.c,https://github.com/radare/radare2,22271764015827,1 5042,[],"void sendto_child(struct winbindd_cli_state *state, struct winbindd_child *child) { async_request(state->mem_ctx, child, &state->request, &state->response, recvfrom_child, state); }",samba,,,275597910987284494096979906908611006160,0 936,['CWE-200'],"static void *shmem_follow_link_inline(struct dentry *dentry, struct nameidata *nd) { nd_set_link(nd, (char *)SHMEM_I(dentry->d_inode)); return NULL; }",linux-2.6,,,75602116954378454875498955019770363147,0 2766,['CWE-189'],"void sctp_auth_destroy_keys(struct list_head *keys) { struct sctp_shared_key *ep_key; struct sctp_shared_key *tmp; if (list_empty(keys)) return; key_for_each_safe(ep_key, tmp, keys) { list_del_init(&ep_key->key_list); sctp_auth_shkey_free(ep_key); } }",linux-2.6,,,289981355123646442192253102573942875348,0 3016,['CWE-189'],"int jpc_enc_encpkt(jpc_enc_t *enc, jas_stream_t *out, int compno, int lvlno, int prcno, int lyrno) { jpc_enc_tcmpt_t *comp; jpc_enc_rlvl_t *lvl; jpc_enc_band_t *band; jpc_enc_band_t *endbands; jpc_enc_cblk_t *cblk; jpc_enc_cblk_t *endcblks; jpc_bitstream_t *outb; jpc_enc_pass_t *pass; jpc_enc_pass_t *startpass; jpc_enc_pass_t *lastpass; jpc_enc_pass_t *endpass; jpc_enc_pass_t *endpasses; int i; int included; int ret; jpc_tagtreenode_t *leaf; int n; int t1; int t2; int adjust; int maxadjust; int datalen; int numnewpasses; int passcount; jpc_enc_tile_t *tile; jpc_enc_prc_t *prc; jpc_enc_cp_t *cp; jpc_ms_t *ms; tile = enc->curtile; cp = enc->cp; if (cp->tcp.csty & JPC_COD_SOP) { if (!(ms = jpc_ms_create(JPC_MS_SOP))) { return -1; } ms->parms.sop.seqno = jpc_pi_getind(tile->pi); if (jpc_putms(out, enc->cstate, ms)) { return -1; } jpc_ms_destroy(ms); } outb = jpc_bitstream_sopen(out, ""w+""); assert(outb); if (jpc_bitstream_putbit(outb, 1) == EOF) { return -1; } JAS_DBGLOG(10, (""\n"")); JAS_DBGLOG(10, (""present. "")); comp = &tile->tcmpts[compno]; lvl = &comp->rlvls[lvlno]; endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { continue; } prc = &band->prcs[prcno]; if (!prc->cblks) { continue; } endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { if (!lyrno) { leaf = jpc_tagtree_getleaf(prc->nlibtree, cblk - prc->cblks); jpc_tagtree_setvalue(prc->nlibtree, leaf, cblk->numimsbs); } pass = cblk->curpass; included = (pass && pass->lyrno == lyrno); if (included && (!cblk->numencpasses)) { assert(pass->lyrno == lyrno); leaf = jpc_tagtree_getleaf(prc->incltree, cblk - prc->cblks); jpc_tagtree_setvalue(prc->incltree, leaf, pass->lyrno); } } endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { pass = cblk->curpass; included = (pass && pass->lyrno == lyrno); if (!cblk->numencpasses) { leaf = jpc_tagtree_getleaf(prc->incltree, cblk - prc->cblks); if (jpc_tagtree_encode(prc->incltree, leaf, lyrno + 1, outb) < 0) { return -1; } } else { if (jpc_bitstream_putbit(outb, included) == EOF) { return -1; } } JAS_DBGLOG(10, (""included=%d "", included)); if (!included) { continue; } if (!cblk->numencpasses) { i = 1; leaf = jpc_tagtree_getleaf(prc->nlibtree, cblk - prc->cblks); for (;;) { if ((ret = jpc_tagtree_encode(prc->nlibtree, leaf, i, outb)) < 0) { return -1; } if (ret) { break; } ++i; } assert(leaf->known_ && i == leaf->value_ + 1); } endpasses = &cblk->passes[cblk->numpasses]; startpass = pass; endpass = startpass; while (endpass != endpasses && endpass->lyrno == lyrno){ ++endpass; } numnewpasses = endpass - startpass; if (jpc_putnumnewpasses(outb, numnewpasses)) { return -1; } JAS_DBGLOG(10, (""numnewpasses=%d "", numnewpasses)); lastpass = endpass - 1; n = startpass->start; passcount = 1; maxadjust = 0; for (pass = startpass; pass != endpass; ++pass) { if (pass->term || pass == lastpass) { datalen = pass->end - n; t1 = jpc_firstone(datalen) + 1; t2 = cblk->numlenbits + jpc_floorlog2(passcount); adjust = JAS_MAX(t1 - t2, 0); maxadjust = JAS_MAX(adjust, maxadjust); n += datalen; passcount = 1; } else { ++passcount; } } if (jpc_putcommacode(outb, maxadjust)) { return -1; } cblk->numlenbits += maxadjust; lastpass = endpass - 1; n = startpass->start; passcount = 1; for (pass = startpass; pass != endpass; ++pass) { if (pass->term || pass == lastpass) { datalen = pass->end - n; assert(jpc_firstone(datalen) < cblk->numlenbits + jpc_floorlog2(passcount)); if (jpc_bitstream_putbits(outb, cblk->numlenbits + jpc_floorlog2(passcount), datalen) == EOF) { return -1; } n += datalen; passcount = 1; } else { ++passcount; } } } } jpc_bitstream_outalign(outb, 0); jpc_bitstream_close(outb); if (cp->tcp.csty & JPC_COD_EPH) { if (!(ms = jpc_ms_create(JPC_MS_EPH))) { return -1; } if (jpc_putms(out, enc->cstate, ms)) { return -1; } jpc_ms_destroy(ms); } comp = &tile->tcmpts[compno]; lvl = &comp->rlvls[lvlno]; endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { continue; } prc = &band->prcs[prcno]; if (!prc->cblks) { continue; } endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { pass = cblk->curpass; if (!pass) { continue; } if (pass->lyrno != lyrno) { assert(pass->lyrno < 0 || pass->lyrno > lyrno); continue; } endpasses = &cblk->passes[cblk->numpasses]; startpass = pass; endpass = startpass; while (endpass != endpasses && endpass->lyrno == lyrno){ ++endpass; } lastpass = endpass - 1; numnewpasses = endpass - startpass; jas_stream_seek(cblk->stream, startpass->start, SEEK_SET); assert(jas_stream_tell(cblk->stream) == startpass->start); if (jas_stream_copy(out, cblk->stream, lastpass->end - startpass->start)) { return -1; } cblk->curpass = (endpass != endpasses) ? endpass : 0; cblk->numencpasses += numnewpasses; } } return 0; }",jasper,,,268194936925170111122572725436491050258,0 3119,['CWE-189'],"int jpc_mqenc_flush(jpc_mqenc_t *mqenc, int termmode) { int_fast16_t k; switch (termmode) { case JPC_MQENC_PTERM: k = 11 - mqenc->ctreg + 1; while (k > 0) { mqenc->creg <<= mqenc->ctreg; mqenc->ctreg = 0; jpc_mqenc_byteout(mqenc->areg, mqenc->creg, mqenc->ctreg, mqenc); k -= mqenc->ctreg; } if (mqenc->outbuf != 0xff) { jpc_mqenc_byteout(mqenc->areg, mqenc->creg, mqenc->ctreg, mqenc); } break; case JPC_MQENC_DEFTERM: jpc_mqenc_setbits(mqenc); mqenc->creg <<= mqenc->ctreg; jpc_mqenc_byteout(mqenc->areg, mqenc->creg, mqenc->ctreg, mqenc); mqenc->creg <<= mqenc->ctreg; jpc_mqenc_byteout(mqenc->areg, mqenc->creg, mqenc->ctreg, mqenc); if (mqenc->outbuf != 0xff) { jpc_mqenc_byteout(mqenc->areg, mqenc->creg, mqenc->ctreg, mqenc); } break; default: abort(); break; } return 0; }",jasper,,,193894584560686545210031341628034429021,0 2585,[],"static int pathspec_matches(const char **paths, const char *name) { int namelen, i; if (!paths || !*paths) return 1; namelen = strlen(name); for (i = 0; paths[i]; i++) { const char *match = paths[i]; int matchlen = strlen(match); const char *cp, *meta; if (!matchlen || ((matchlen <= namelen) && !strncmp(name, match, matchlen) && (match[matchlen-1] == '/' || name[matchlen] == '\0' || name[matchlen] == '/'))) return 1; if (!fnmatch(match, name, 0)) return 1; if (name[namelen-1] != '/') continue; for (cp = match, meta = NULL; cp - match < matchlen; cp++) { char ch = *cp; if (ch == '*' || ch == '[' || ch == '?') { meta = cp; break; } } if (!meta) meta = cp; if (namelen <= meta - match) { if (!memcmp(match, name, namelen)) return 1; continue; } if (meta - match < namelen) { if (!memcmp(match, name, meta - match)) return 1; continue; } } return 0; }",git,,,314469880913230660882298170977288386672,0 3376,['CWE-399'],"static int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf, struct splice_desc *sd) { struct file *file = sd->u.file; struct address_space *mapping = file->f_mapping; unsigned int offset, this_len; struct page *page; pgoff_t index; int ret; ret = buf->ops->confirm(pipe, buf); if (unlikely(ret)) return ret; index = sd->pos >> PAGE_CACHE_SHIFT; offset = sd->pos & ~PAGE_CACHE_MASK; this_len = sd->len; if (this_len + offset > PAGE_CACHE_SIZE) this_len = PAGE_CACHE_SIZE - offset; find_page: page = find_lock_page(mapping, index); if (!page) { ret = -ENOMEM; page = page_cache_alloc_cold(mapping); if (unlikely(!page)) goto out_ret; ret = add_to_page_cache_lru(page, mapping, index, GFP_KERNEL); if (unlikely(ret)) goto out_release; } ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len); if (unlikely(ret)) { loff_t isize = i_size_read(mapping->host); if (ret != AOP_TRUNCATED_PAGE) unlock_page(page); page_cache_release(page); if (ret == AOP_TRUNCATED_PAGE) goto find_page; if (sd->pos + this_len > isize) vmtruncate(mapping->host, isize); goto out_ret; } if (buf->page != page) { char *src = buf->ops->map(pipe, buf, 1); char *dst = kmap_atomic(page, KM_USER1); memcpy(dst + offset, src + buf->offset, this_len); flush_dcache_page(page); kunmap_atomic(dst, KM_USER1); buf->ops->unmap(pipe, buf, src); } ret = mapping->a_ops->commit_write(file, page, offset, offset+this_len); if (ret) { if (ret == AOP_TRUNCATED_PAGE) { page_cache_release(page); goto find_page; } if (ret < 0) goto out; } else ret = this_len; mark_page_accessed(page); out: unlock_page(page); out_release: page_cache_release(page); out_ret: return ret; }",linux-2.6,,,172816417753924323821828408518732719030,0 4011,['CWE-362'],"static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, size_t datasz) { int err = 0; struct audit_entry *entry; struct audit_field *ino_f; void *bufp; size_t remain = datasz - sizeof(struct audit_rule_data); int i; char *str; entry = audit_to_entry_common((struct audit_rule *)data); if (IS_ERR(entry)) goto exit_nofree; bufp = data->buf; entry->rule.vers_ops = 2; for (i = 0; i < data->field_count; i++) { struct audit_field *f = &entry->rule.fields[i]; err = -EINVAL; if (!(data->fieldflags[i] & AUDIT_OPERATORS) || data->fieldflags[i] & ~AUDIT_OPERATORS) goto exit_free; f->op = data->fieldflags[i] & AUDIT_OPERATORS; f->type = data->fields[i]; f->val = data->values[i]; f->lsm_str = NULL; f->lsm_rule = NULL; switch(f->type) { case AUDIT_PID: case AUDIT_UID: case AUDIT_EUID: case AUDIT_SUID: case AUDIT_FSUID: case AUDIT_GID: case AUDIT_EGID: case AUDIT_SGID: case AUDIT_FSGID: case AUDIT_LOGINUID: case AUDIT_PERS: case AUDIT_MSGTYPE: case AUDIT_PPID: case AUDIT_DEVMAJOR: case AUDIT_DEVMINOR: case AUDIT_EXIT: case AUDIT_SUCCESS: case AUDIT_ARG0: case AUDIT_ARG1: case AUDIT_ARG2: case AUDIT_ARG3: break; case AUDIT_ARCH: entry->rule.arch_f = f; break; case AUDIT_SUBJ_USER: case AUDIT_SUBJ_ROLE: case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: case AUDIT_OBJ_USER: case AUDIT_OBJ_ROLE: case AUDIT_OBJ_TYPE: case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: str = audit_unpack_string(&bufp, &remain, f->val); if (IS_ERR(str)) goto exit_free; entry->rule.buflen += f->val; err = security_audit_rule_init(f->type, f->op, str, (void **)&f->lsm_rule); if (err == -EINVAL) { printk(KERN_WARNING ""audit rule for LSM "" ""\'%s\' is invalid\n"", str); err = 0; } if (err) { kfree(str); goto exit_free; } else f->lsm_str = str; break; case AUDIT_WATCH: str = audit_unpack_string(&bufp, &remain, f->val); if (IS_ERR(str)) goto exit_free; entry->rule.buflen += f->val; err = audit_to_watch(&entry->rule, str, f->val, f->op); if (err) { kfree(str); goto exit_free; } break; case AUDIT_DIR: str = audit_unpack_string(&bufp, &remain, f->val); if (IS_ERR(str)) goto exit_free; entry->rule.buflen += f->val; err = audit_make_tree(&entry->rule, str, f->op); kfree(str); if (err) goto exit_free; break; case AUDIT_INODE: err = audit_to_inode(&entry->rule, f); if (err) goto exit_free; break; case AUDIT_FILTERKEY: err = -EINVAL; if (entry->rule.filterkey || f->val > AUDIT_MAX_KEY_LEN) goto exit_free; str = audit_unpack_string(&bufp, &remain, f->val); if (IS_ERR(str)) goto exit_free; entry->rule.buflen += f->val; entry->rule.filterkey = str; break; case AUDIT_PERM: if (f->val & ~15) goto exit_free; break; case AUDIT_FILETYPE: if ((f->val & ~S_IFMT) > S_IFMT) goto exit_free; break; default: goto exit_free; } } ino_f = entry->rule.inode_f; if (ino_f) { switch(ino_f->op) { case AUDIT_NOT_EQUAL: entry->rule.inode_f = NULL; case AUDIT_EQUAL: break; default: err = -EINVAL; goto exit_free; } } exit_nofree: return entry; exit_free: audit_free_rule(entry); return ERR_PTR(err); }",linux-2.6,,,76214767768403592791002819239957459567,0 2112,[],"static struct sock *udp_get_first(struct seq_file *seq) { struct sock *sk; struct udp_iter_state *state = seq->private; for (state->bucket = 0; state->bucket < UDP_HTABLE_SIZE; ++state->bucket) { struct hlist_node *node; sk_for_each(sk, node, state->hashtable + state->bucket) { if (sk->sk_family == state->family) goto found; } } sk = NULL; found: return sk; }",linux-2.6,,,86897226884977778334427815815833936938,0 2501,['CWE-119'],"static char *quote_two(const char *one, const char *two) { int need_one = quote_c_style(one, NULL, NULL, 1); int need_two = quote_c_style(two, NULL, NULL, 1); struct strbuf res; strbuf_init(&res, 0); if (need_one + need_two) { strbuf_addch(&res, '""'); quote_c_style(one, &res, NULL, 1); quote_c_style(two, &res, NULL, 1); strbuf_addch(&res, '""'); } else { strbuf_addstr(&res, one); strbuf_addstr(&res, two); } return strbuf_detach(&res, NULL); }",git,,,129638422561755418362421473289564249070,0 4341,CWE-358,"DefragDoSturgesNovakTest(int policy, u_char *expected, size_t expected_len) { int i; int ret = 0; DefragInit(); int id = 1; Packet *packets[17]; memset(packets, 0x00, sizeof(packets)); packets[0] = BuildTestPacket(id, 0, 1, 'A', 24); packets[1] = BuildTestPacket(id, 32 >> 3, 1, 'B', 16); packets[2] = BuildTestPacket(id, 48 >> 3, 1, 'C', 24); packets[3] = BuildTestPacket(id, 80 >> 3, 1, 'D', 8); packets[4] = BuildTestPacket(id, 104 >> 3, 1, 'E', 16); packets[5] = BuildTestPacket(id, 120 >> 3, 1, 'F', 24); packets[6] = BuildTestPacket(id, 144 >> 3, 1, 'G', 16); packets[7] = BuildTestPacket(id, 160 >> 3, 1, 'H', 16); packets[8] = BuildTestPacket(id, 176 >> 3, 1, 'I', 8); packets[9] = BuildTestPacket(id, 8 >> 3, 1, 'J', 32); packets[10] = BuildTestPacket(id, 48 >> 3, 1, 'K', 24); packets[11] = BuildTestPacket(id, 72 >> 3, 1, 'L', 24); packets[12] = BuildTestPacket(id, 96 >> 3, 1, 'M', 24); packets[13] = BuildTestPacket(id, 128 >> 3, 1, 'N', 8); packets[14] = BuildTestPacket(id, 152 >> 3, 1, 'O', 8); packets[15] = BuildTestPacket(id, 160 >> 3, 1, 'P', 8); packets[16] = BuildTestPacket(id, 176 >> 3, 0, 'Q', 16); default_policy = policy; for (i = 0; i < 9; i++) { Packet *tp = Defrag(NULL, NULL, packets[i], NULL); if (tp != NULL) { SCFree(tp); goto end; } if (ENGINE_ISSET_EVENT(packets[i], IPV4_FRAG_OVERLAP)) { goto end; } } int overlap = 0; for (; i < 16; i++) { Packet *tp = Defrag(NULL, NULL, packets[i], NULL); if (tp != NULL) { SCFree(tp); goto end; } if (ENGINE_ISSET_EVENT(packets[i], IPV4_FRAG_OVERLAP)) { overlap++; } } if (!overlap) { goto end; } Packet *reassembled = Defrag(NULL, NULL, packets[16], NULL); if (reassembled == NULL) { goto end; } if (IPV4_GET_HLEN(reassembled) != 20) { goto end; } if (IPV4_GET_IPLEN(reassembled) != 20 + 192) { goto end; } if (memcmp(GET_PKT_DATA(reassembled) + 20, expected, expected_len) != 0) { goto end; } SCFree(reassembled); if (defrag_context->frag_pool->outstanding != 0) { goto end; } ret = 1; end: for (i = 0; i < 17; i++) { SCFree(packets[i]); } DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,252021999390739,1 5731,['CWE-200'],"static int irda_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock *sk = sock->sk; struct irda_sock *self; struct sk_buff *skb; int err = -EPIPE; IRDA_DEBUG(4, ""%s(), len=%zd\n"", __func__, len); if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_EOR | MSG_CMSG_COMPAT | MSG_NOSIGNAL)) return -EINVAL; if (sk->sk_shutdown & SEND_SHUTDOWN) goto out_err; if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; self = irda_sk(sk); if (wait_event_interruptible(*(sk->sk_sleep), (self->tx_flow != FLOW_STOP || sk->sk_state != TCP_ESTABLISHED))) return -ERESTARTSYS; if (sk->sk_state != TCP_ESTABLISHED) return -ENOTCONN; if (len > self->max_data_size) { IRDA_DEBUG(2, ""%s(), Chopping frame from %zd to %d bytes!\n"", __func__, len, self->max_data_size); len = self->max_data_size; } skb = sock_alloc_send_skb(sk, len + self->max_header_size + 16, msg->msg_flags & MSG_DONTWAIT, &err); if (!skb) goto out_err; skb_reserve(skb, self->max_header_size + 16); skb_reset_transport_header(skb); skb_put(skb, len); err = memcpy_fromiovec(skb_transport_header(skb), msg->msg_iov, len); if (err) { kfree_skb(skb); goto out_err; } err = irttp_data_request(self->tsap, skb); if (err) { IRDA_DEBUG(0, ""%s(), err=%d\n"", __func__, err); goto out_err; } return len; out_err: return sk_stream_error(sk, msg->msg_flags, err); }",linux-2.6,,,95702337301095265031752413096299461968,0 1460,NVD-CWE-noinfo,"static int udf_pc_to_char(struct super_block *sb, unsigned char *from, int fromlen, unsigned char *to, int tolen) { struct pathComponent *pc; int elen = 0; int comp_len; unsigned char *p = to; tolen--; while (elen < fromlen) { pc = (struct pathComponent *)(from + elen); switch (pc->componentType) { case 1: if (pc->lengthComponentIdent > 0) break; case 2: if (tolen == 0) return -ENAMETOOLONG; p = to; *p++ = '/'; tolen--; break; case 3: if (tolen < 3) return -ENAMETOOLONG; memcpy(p, ""../"", 3); p += 3; tolen -= 3; break; case 4: if (tolen < 2) return -ENAMETOOLONG; memcpy(p, ""./"", 2); p += 2; tolen -= 2; break; case 5: comp_len = udf_get_filename(sb, pc->componentIdent, pc->lengthComponentIdent, p, tolen); p += comp_len; tolen -= comp_len; if (tolen == 0) return -ENAMETOOLONG; *p++ = '/'; tolen--; break; } elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; } if (p > to + 1) p[-1] = '\0'; else p[0] = '\0'; return 0; }",visit repo url,fs/udf/symlink.c,https://github.com/torvalds/linux,88750739293088,1 2609,CWE-415,"void * gdImageWBMPPtr (gdImagePtr im, int *size, int fg) { void *rv; gdIOCtx *out = gdNewDynamicCtx(2048, NULL); gdImageWBMPCtx(im, fg, out); rv = gdDPExtractData(out, size); out->gd_free(out); return rv; }",visit repo url,ext/gd/libgd/gd_wbmp.c,https://github.com/php/php-src,5621674637858,1 3481,['CWE-20'],"sctp_disposition_t sctp_sf_eat_data_fast_4_4(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; int error; if (!sctp_vtag_verify(chunk, asoc)) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, SCTP_NULL()); return sctp_sf_pdiscard(ep, asoc, type, arg, commands); } if (!sctp_chunk_length_valid(chunk, sizeof(sctp_data_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); error = sctp_eat_data(asoc, chunk, commands ); switch (error) { case SCTP_IERROR_NO_ERROR: case SCTP_IERROR_HIGH_TSN: case SCTP_IERROR_DUP_TSN: case SCTP_IERROR_IGNORE_TSN: case SCTP_IERROR_BAD_STREAM: break; case SCTP_IERROR_NO_DATA: goto consume; default: BUG(); } if (chunk->end_of_packet) { sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SHUTDOWN, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_GEN_SACK, SCTP_FORCE()); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN)); } consume: return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,173741903749252216771546472622314540937,0 2872,['CWE-189'],"static void jas_icccurv_dump(jas_iccattrval_t *attrval, FILE *out) { int i; jas_icccurv_t *curv = &attrval->data.curv; fprintf(out, ""number of entires = %d\n"", curv->numents); if (curv->numents == 1) { fprintf(out, ""gamma = %f\n"", curv->ents[0] / 256.0); } else { for (i = 0; i < JAS_CAST(int, curv->numents); ++i) { if (i < 3 || i >= JAS_CAST(int, curv->numents) - 3) { fprintf(out, ""entry[%d] = %f\n"", i, curv->ents[i] / 65535.0); } } } }",jasper,,,1555844259855943477644805429104786819,0 5857,['CWE-200'],"static void raw_disable_filters(struct net_device *dev, struct sock *sk, struct can_filter *filter, int count) { int i; for (i = 0; i < count; i++) can_rx_unregister(dev, filter[i].can_id, filter[i].can_mask, raw_rcv, sk); }",linux-2.6,,,7824830125636118715337209002743776312,0 737,['CWE-119'],"isdn_net_rmallphone(isdn_net_dev * p) { isdn_net_phone *n; isdn_net_phone *m; int i; for (i = 0; i < 2; i++) { n = p->local->phone[i]; while (n) { m = n->next; kfree(n); n = m; } p->local->phone[i] = NULL; } p->local->dial = NULL; return 0; }",linux-2.6,,,3351828570214871685034015155834997675,0 4227,CWE-400,"static RList *patch_relocs(RBin *b) { r_return_val_if_fail (b && b->iob.io && b->iob.io->desc, NULL); RBinObject *bo = r_bin_cur_object (b); RIO *io = b->iob.io; if (!bo || !bo->bin_obj) { return NULL; } struct r_bin_coff_obj *bin = (struct r_bin_coff_obj*)bo->bin_obj; if (bin->hdr.f_flags & COFF_FLAGS_TI_F_EXEC) { return NULL; } if (!(io->cached & R_PERM_W)) { eprintf ( ""Warning: please run r2 with -e io.cache=true to patch "" ""relocations\n""); return NULL; } size_t nimports = 0; int i; for (i = 0; i < bin->hdr.f_nsyms; i++) { if (is_imported_symbol (&bin->symbols[i])) { nimports++; } i += bin->symbols[i].n_numaux; } ut64 m_vaddr = UT64_MAX; if (nimports) { ut64 offset = 0; RIOBank *bank = b->iob.bank_get (io, io->bank); RListIter *iter; RIOMapRef *mapref; r_list_foreach (bank->maprefs, iter, mapref) { RIOMap *map = b->iob.map_get (io, mapref->id); if (r_io_map_end (map) > offset) { offset = r_io_map_end (map); } } m_vaddr = R_ROUND (offset, 16); ut64 size = nimports * BYTES_PER_IMP_RELOC; char *muri = r_str_newf (""malloc://%"" PFMT64u, size); RIODesc *desc = b->iob.open_at (io, muri, R_PERM_R, 0664, m_vaddr); free (muri); if (!desc) { return NULL; } RIOMap *map = b->iob.map_get_at (io, m_vaddr); if (!map) { return NULL; } map->name = strdup ("".imports.r2""); } return _relocs_list (b, bin, true, m_vaddr); }",visit repo url,libr/bin/p/bin_coff.c,https://github.com/radareorg/radare2,165833592581228,1 1196,['CWE-189'],"static inline void hrtimer_init_hres(struct hrtimer_cpu_base *base) { base->expires_next.tv64 = KTIME_MAX; base->hres_active = 0; INIT_LIST_HEAD(&base->cb_pending); }",linux-2.6,,,186084229293331188789485600074244533025,0 239,CWE-190,"static long vfio_pci_ioctl(void *device_data, unsigned int cmd, unsigned long arg) { struct vfio_pci_device *vdev = device_data; unsigned long minsz; if (cmd == VFIO_DEVICE_GET_INFO) { struct vfio_device_info info; minsz = offsetofend(struct vfio_device_info, num_irqs); if (copy_from_user(&info, (void __user *)arg, minsz)) return -EFAULT; if (info.argsz < minsz) return -EINVAL; info.flags = VFIO_DEVICE_FLAGS_PCI; if (vdev->reset_works) info.flags |= VFIO_DEVICE_FLAGS_RESET; info.num_regions = VFIO_PCI_NUM_REGIONS + vdev->num_regions; info.num_irqs = VFIO_PCI_NUM_IRQS; return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } else if (cmd == VFIO_DEVICE_GET_REGION_INFO) { struct pci_dev *pdev = vdev->pdev; struct vfio_region_info info; struct vfio_info_cap caps = { .buf = NULL, .size = 0 }; int i, ret; minsz = offsetofend(struct vfio_region_info, offset); if (copy_from_user(&info, (void __user *)arg, minsz)) return -EFAULT; if (info.argsz < minsz) return -EINVAL; switch (info.index) { case VFIO_PCI_CONFIG_REGION_INDEX: info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = pdev->cfg_size; info.flags = VFIO_REGION_INFO_FLAG_READ | VFIO_REGION_INFO_FLAG_WRITE; break; case VFIO_PCI_BAR0_REGION_INDEX ... VFIO_PCI_BAR5_REGION_INDEX: info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = pci_resource_len(pdev, info.index); if (!info.size) { info.flags = 0; break; } info.flags = VFIO_REGION_INFO_FLAG_READ | VFIO_REGION_INFO_FLAG_WRITE; if (vdev->bar_mmap_supported[info.index]) { info.flags |= VFIO_REGION_INFO_FLAG_MMAP; if (info.index == vdev->msix_bar) { ret = msix_sparse_mmap_cap(vdev, &caps); if (ret) return ret; } } break; case VFIO_PCI_ROM_REGION_INDEX: { void __iomem *io; size_t size; info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.flags = 0; info.size = pci_resource_len(pdev, info.index); if (!info.size) { if (pdev->resource[PCI_ROM_RESOURCE].flags & IORESOURCE_ROM_SHADOW) info.size = 0x20000; else break; } io = pci_map_rom(pdev, &size); if (!io || !size) { info.size = 0; break; } pci_unmap_rom(pdev, io); info.flags = VFIO_REGION_INFO_FLAG_READ; break; } case VFIO_PCI_VGA_REGION_INDEX: if (!vdev->has_vga) return -EINVAL; info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = 0xc0000; info.flags = VFIO_REGION_INFO_FLAG_READ | VFIO_REGION_INFO_FLAG_WRITE; break; default: if (info.index >= VFIO_PCI_NUM_REGIONS + vdev->num_regions) return -EINVAL; i = info.index - VFIO_PCI_NUM_REGIONS; info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); info.size = vdev->region[i].size; info.flags = vdev->region[i].flags; ret = region_type_cap(vdev, &caps, vdev->region[i].type, vdev->region[i].subtype); if (ret) return ret; } if (caps.size) { info.flags |= VFIO_REGION_INFO_FLAG_CAPS; if (info.argsz < sizeof(info) + caps.size) { info.argsz = sizeof(info) + caps.size; info.cap_offset = 0; } else { vfio_info_cap_shift(&caps, sizeof(info)); if (copy_to_user((void __user *)arg + sizeof(info), caps.buf, caps.size)) { kfree(caps.buf); return -EFAULT; } info.cap_offset = sizeof(info); } kfree(caps.buf); } return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } else if (cmd == VFIO_DEVICE_GET_IRQ_INFO) { struct vfio_irq_info info; minsz = offsetofend(struct vfio_irq_info, count); if (copy_from_user(&info, (void __user *)arg, minsz)) return -EFAULT; if (info.argsz < minsz || info.index >= VFIO_PCI_NUM_IRQS) return -EINVAL; switch (info.index) { case VFIO_PCI_INTX_IRQ_INDEX ... VFIO_PCI_MSIX_IRQ_INDEX: case VFIO_PCI_REQ_IRQ_INDEX: break; case VFIO_PCI_ERR_IRQ_INDEX: if (pci_is_pcie(vdev->pdev)) break; default: return -EINVAL; } info.flags = VFIO_IRQ_INFO_EVENTFD; info.count = vfio_pci_get_irq_count(vdev, info.index); if (info.index == VFIO_PCI_INTX_IRQ_INDEX) info.flags |= (VFIO_IRQ_INFO_MASKABLE | VFIO_IRQ_INFO_AUTOMASKED); else info.flags |= VFIO_IRQ_INFO_NORESIZE; return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0; } else if (cmd == VFIO_DEVICE_SET_IRQS) { struct vfio_irq_set hdr; u8 *data = NULL; int ret = 0; minsz = offsetofend(struct vfio_irq_set, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; if (hdr.argsz < minsz || hdr.index >= VFIO_PCI_NUM_IRQS || hdr.flags & ~(VFIO_IRQ_SET_DATA_TYPE_MASK | VFIO_IRQ_SET_ACTION_TYPE_MASK)) return -EINVAL; if (!(hdr.flags & VFIO_IRQ_SET_DATA_NONE)) { size_t size; int max = vfio_pci_get_irq_count(vdev, hdr.index); if (hdr.flags & VFIO_IRQ_SET_DATA_BOOL) size = sizeof(uint8_t); else if (hdr.flags & VFIO_IRQ_SET_DATA_EVENTFD) size = sizeof(int32_t); else return -EINVAL; if (hdr.argsz - minsz < hdr.count * size || hdr.start >= max || hdr.start + hdr.count > max) return -EINVAL; data = memdup_user((void __user *)(arg + minsz), hdr.count * size); if (IS_ERR(data)) return PTR_ERR(data); } mutex_lock(&vdev->igate); ret = vfio_pci_set_irqs_ioctl(vdev, hdr.flags, hdr.index, hdr.start, hdr.count, data); mutex_unlock(&vdev->igate); kfree(data); return ret; } else if (cmd == VFIO_DEVICE_RESET) { return vdev->reset_works ? pci_try_reset_function(vdev->pdev) : -EINVAL; } else if (cmd == VFIO_DEVICE_GET_PCI_HOT_RESET_INFO) { struct vfio_pci_hot_reset_info hdr; struct vfio_pci_fill_info fill = { 0 }; struct vfio_pci_dependent_device *devices = NULL; bool slot = false; int ret = 0; minsz = offsetofend(struct vfio_pci_hot_reset_info, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; if (hdr.argsz < minsz) return -EINVAL; hdr.flags = 0; if (!pci_probe_reset_slot(vdev->pdev->slot)) slot = true; else if (pci_probe_reset_bus(vdev->pdev->bus)) return -ENODEV; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_count_devs, &fill.max, slot); if (ret) return ret; WARN_ON(!fill.max); if (hdr.argsz < sizeof(hdr) + (fill.max * sizeof(*devices))) { ret = -ENOSPC; hdr.count = fill.max; goto reset_info_exit; } devices = kcalloc(fill.max, sizeof(*devices), GFP_KERNEL); if (!devices) return -ENOMEM; fill.devices = devices; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_fill_devs, &fill, slot); if (!ret) hdr.count = fill.cur; reset_info_exit: if (copy_to_user((void __user *)arg, &hdr, minsz)) ret = -EFAULT; if (!ret) { if (copy_to_user((void __user *)(arg + minsz), devices, hdr.count * sizeof(*devices))) ret = -EFAULT; } kfree(devices); return ret; } else if (cmd == VFIO_DEVICE_PCI_HOT_RESET) { struct vfio_pci_hot_reset hdr; int32_t *group_fds; struct vfio_pci_group_entry *groups; struct vfio_pci_group_info info; bool slot = false; int i, count = 0, ret = 0; minsz = offsetofend(struct vfio_pci_hot_reset, count); if (copy_from_user(&hdr, (void __user *)arg, minsz)) return -EFAULT; if (hdr.argsz < minsz || hdr.flags) return -EINVAL; if (!pci_probe_reset_slot(vdev->pdev->slot)) slot = true; else if (pci_probe_reset_bus(vdev->pdev->bus)) return -ENODEV; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_count_devs, &count, slot); if (ret) return ret; if (!hdr.count || hdr.count > count) return -EINVAL; group_fds = kcalloc(hdr.count, sizeof(*group_fds), GFP_KERNEL); groups = kcalloc(hdr.count, sizeof(*groups), GFP_KERNEL); if (!group_fds || !groups) { kfree(group_fds); kfree(groups); return -ENOMEM; } if (copy_from_user(group_fds, (void __user *)(arg + minsz), hdr.count * sizeof(*group_fds))) { kfree(group_fds); kfree(groups); return -EFAULT; } for (i = 0; i < hdr.count; i++) { struct vfio_group *group; struct fd f = fdget(group_fds[i]); if (!f.file) { ret = -EBADF; break; } group = vfio_group_get_external_user(f.file); fdput(f); if (IS_ERR(group)) { ret = PTR_ERR(group); break; } groups[i].group = group; groups[i].id = vfio_external_user_iommu_id(group); } kfree(group_fds); if (ret) goto hot_reset_release; info.count = hdr.count; info.groups = groups; ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, vfio_pci_validate_devs, &info, slot); if (!ret) ret = slot ? pci_try_reset_slot(vdev->pdev->slot) : pci_try_reset_bus(vdev->pdev->bus); hot_reset_release: for (i--; i >= 0; i--) vfio_group_put_external_user(groups[i].group); kfree(groups); return ret; } return -ENOTTY; }",visit repo url,drivers/vfio/pci/vfio_pci.c,https://github.com/torvalds/linux,69856396326648,1 4588,['CWE-399'],"static int ext4_expand_extra_isize(struct inode *inode, unsigned int new_extra_isize, struct ext4_iloc iloc, handle_t *handle) { struct ext4_inode *raw_inode; struct ext4_xattr_ibody_header *header; struct ext4_xattr_entry *entry; if (EXT4_I(inode)->i_extra_isize >= new_extra_isize) return 0; raw_inode = ext4_raw_inode(&iloc); header = IHDR(inode, raw_inode); entry = IFIRST(header); if (!(EXT4_I(inode)->i_state & EXT4_STATE_XATTR) || header->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC)) { memset((void *)raw_inode + EXT4_GOOD_OLD_INODE_SIZE, 0, new_extra_isize); EXT4_I(inode)->i_extra_isize = new_extra_isize; return 0; } return ext4_expand_extra_isize_ea(inode, new_extra_isize, raw_inode, handle); }",linux-2.6,,,237191673128311210255142355808804698520,0 474,CWE-20,"long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) { struct key_user *newowner, *zapowner = NULL; struct key *key; key_ref_t key_ref; long ret; kuid_t uid; kgid_t gid; uid = make_kuid(current_user_ns(), user); gid = make_kgid(current_user_ns(), group); ret = -EINVAL; if ((user != (uid_t) -1) && !uid_valid(uid)) goto error; if ((group != (gid_t) -1) && !gid_valid(gid)) goto error; ret = 0; if (user == (uid_t) -1 && group == (gid_t) -1) goto error; key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, KEY_NEED_SETATTR); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); goto error; } key = key_ref_to_ptr(key_ref); ret = -EACCES; down_write(&key->sem); if (!capable(CAP_SYS_ADMIN)) { if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) goto error_put; if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid)) goto error_put; } if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { ret = -ENOMEM; newowner = key_user_lookup(uid); if (!newowner) goto error_put; if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ? key_quota_root_maxkeys : key_quota_maxkeys; unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ? key_quota_root_maxbytes : key_quota_maxbytes; spin_lock(&newowner->lock); if (newowner->qnkeys + 1 >= maxkeys || newowner->qnbytes + key->quotalen >= maxbytes || newowner->qnbytes + key->quotalen < newowner->qnbytes) goto quota_overrun; newowner->qnkeys++; newowner->qnbytes += key->quotalen; spin_unlock(&newowner->lock); spin_lock(&key->user->lock); key->user->qnkeys--; key->user->qnbytes -= key->quotalen; spin_unlock(&key->user->lock); } atomic_dec(&key->user->nkeys); atomic_inc(&newowner->nkeys); if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { atomic_dec(&key->user->nikeys); atomic_inc(&newowner->nikeys); } zapowner = key->user; key->user = newowner; key->uid = uid; } if (group != (gid_t) -1) key->gid = gid; ret = 0; error_put: up_write(&key->sem); key_put(key); if (zapowner) key_user_put(zapowner); error: return ret; quota_overrun: spin_unlock(&newowner->lock); zapowner = newowner; ret = -EDQUOT; goto error_put; }",visit repo url,security/keys/keyctl.c,https://github.com/torvalds/linux,165176118680074,1 789,['CWE-119'],"static void isdn_net_tx_timeout(struct net_device * ndev) { isdn_net_local *lp = (isdn_net_local *) ndev->priv; printk(KERN_WARNING ""isdn_tx_timeout dev %s dialstate %d\n"", ndev->name, lp->dialstate); if (!lp->dialstate){ lp->stats.tx_errors++; } ndev->trans_start = jiffies; netif_wake_queue(ndev); }",linux-2.6,,,204156239903891398132982037847076237433,0 4790,CWE-415,"static int tcos_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { sc_context_t *ctx; sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; unsigned int i; int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x04); switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) return SC_ERROR_INVALID_ARGUMENTS; case SC_PATH_TYPE_FROM_CURRENT: apdu.p1 = 9; break; case SC_PATH_TYPE_DF_NAME: apdu.p1 = 4; break; case SC_PATH_TYPE_PATH: apdu.p1 = 8; if (pathlen >= 2 && memcmp(path, ""\x3F\x00"", 2) == 0) path += 2, pathlen -= 2; if (pathlen == 0) apdu.p1 = 0; break; case SC_PATH_TYPE_PARENT: apdu.p1 = 3; pathlen = 0; break; default: SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; apdu.lc = pathlen; apdu.data = path; apdu.datalen = pathlen; if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); apdu.le = 256; } else { apdu.resplen = 0; apdu.le = 0; apdu.p2 = 0x0C; apdu.cse = (pathlen == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; } r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, ""APDU transmit failed""); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""received invalid template %02X\n"", apdu.resp[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); *file_out = file; file->path = *in_path; for(i=2; i+1size=0; for(j=0; jsize = (file->size<<8) | d[j]; break; case 0x82: file->shareable = (d[0] & 0x40) ? 1 : 0; file->ef_structure = d[0] & 7; switch ((d[0]>>3) & 7) { case 0: file->type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""invalid file type %02X in file descriptor\n"", d[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: file->id = (d[0]<<8) | d[1]; break; case 0x84: memcpy(file->name, d, len); file->namelen = len; break; case 0x86: sc_file_set_sec_attr(file, d, len); break; default: if (len>0) sc_file_set_prop_attr(file, d, len); } } file->magic = SC_FILE_MAGIC; parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len); return 0; }",visit repo url,src/libopensc/card-tcos.c,https://github.com/OpenSC/OpenSC,13139987058975,1 4477,CWE-787,"get_word_rgb_row(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) { ppm_source_ptr source = (ppm_source_ptr)sinfo; register JSAMPROW ptr; register U_CHAR *bufferptr; register JSAMPLE *rescale = source->rescale; JDIMENSION col; unsigned int maxval = source->maxval; if (!ReadOK(source->pub.input_file, source->iobuffer, source->buffer_width)) ERREXIT(cinfo, JERR_INPUT_EOF); ptr = source->pub.buffer[0]; bufferptr = source->iobuffer; for (col = cinfo->image_width; col > 0; col--) { register unsigned int temp; temp = UCH(*bufferptr++) << 8; temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_OUTOFRANGE); *ptr++ = rescale[temp]; temp = UCH(*bufferptr++) << 8; temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_OUTOFRANGE); *ptr++ = rescale[temp]; temp = UCH(*bufferptr++) << 8; temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_OUTOFRANGE); *ptr++ = rescale[temp]; } return 1; }",visit repo url,rdppm.c,https://github.com/libjpeg-turbo/libjpeg-turbo,89960862520823,1 3512,CWE-190,"int read_filesystem_tables_4() { long long directory_table_end, table_start; if(read_xattrs_from_disk(fd, &sBlk.s, no_xattrs, &table_start) == 0) return FALSE; if(read_uids_guids(&table_start) == FALSE) return FALSE; if(parse_exports_table(&table_start) == FALSE) return FALSE; if(read_fragment_table(&directory_table_end) == FALSE) return FALSE; if(read_inode_table(sBlk.s.inode_table_start, sBlk.s.directory_table_start) == FALSE) return FALSE; if(read_directory_table(sBlk.s.directory_table_start, directory_table_end) == FALSE) return FALSE; if(no_xattrs) sBlk.s.xattr_id_table_start = SQUASHFS_INVALID_BLK; return TRUE; }",visit repo url,squashfs-tools/unsquash-4.c,https://github.com/plougher/squashfs-tools,131643065733459,1 1051,['CWE-20'],"asmlinkage long sys_setgid(gid_t gid) { int old_egid = current->egid; int retval; retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); if (retval) return retval; if (capable(CAP_SETGID)) { if (old_egid != gid) { current->mm->dumpable = suid_dumpable; smp_wmb(); } current->gid = current->egid = current->sgid = current->fsgid = gid; } else if ((gid == current->gid) || (gid == current->sgid)) { if (old_egid != gid) { current->mm->dumpable = suid_dumpable; smp_wmb(); } current->egid = current->fsgid = gid; } else return -EPERM; key_fsgid_changed(current); proc_id_connector(current, PROC_EVENT_GID); return 0; }",linux-2.6,,,257504895530640581211588360074474017648,0 237,[],"static inline loff_t fat_make_i_pos(struct super_block *sb, struct buffer_head *bh, struct msdos_dir_entry *de) { return ((loff_t)bh->b_blocknr << MSDOS_SB(sb)->dir_per_block_bits) | (de - (struct msdos_dir_entry *)bh->b_data); }",linux-2.6,,,44482588362049025498712746565146347740,0 6471,[],"find_handle (const char *search_path, const char *base_name, lt_dlhandle *phandle, lt_dladvise advise) { if (!search_path) return 0; if (!foreach_dirinpath (search_path, base_name, find_handle_callback, phandle, advise)) return 0; return phandle; }",libtool,,,8772770170949192172694818558028207208,0 1303,CWE-399,"void hugetlb_put_quota(struct address_space *mapping, long delta) { struct hugetlbfs_sb_info *sbinfo = HUGETLBFS_SB(mapping->host->i_sb); if (sbinfo->free_blocks > -1) { spin_lock(&sbinfo->stat_lock); sbinfo->free_blocks += delta; spin_unlock(&sbinfo->stat_lock); } }",visit repo url,fs/hugetlbfs/inode.c,https://github.com/torvalds/linux,276189898721721,1 5592,CWE-125,"ast_for_decorator(struct compiling *c, const node *n) { expr_ty d = NULL; expr_ty name_expr; REQ(n, decorator); REQ(CHILD(n, 0), AT); REQ(RCHILD(n, -1), NEWLINE); name_expr = ast_for_dotted_name(c, CHILD(n, 1)); if (!name_expr) return NULL; if (NCH(n) == 3) { d = name_expr; name_expr = NULL; } else if (NCH(n) == 5) { d = Call(name_expr, NULL, NULL, LINENO(n), n->n_col_offset, c->c_arena); if (!d) return NULL; name_expr = NULL; } else { d = ast_for_call(c, CHILD(n, 3), name_expr); if (!d) return NULL; name_expr = NULL; } return d; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,16535609268624,1 5505,['CWE-119'],"int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig) { struct ecryptfs_key_sig *new_key_sig; int rc = 0; new_key_sig = kmem_cache_alloc(ecryptfs_key_sig_cache, GFP_KERNEL); if (!new_key_sig) { rc = -ENOMEM; printk(KERN_ERR ""Error allocating from ecryptfs_key_sig_cache\n""); goto out; } memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX); mutex_lock(&crypt_stat->keysig_list_mutex); list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list); mutex_unlock(&crypt_stat->keysig_list_mutex); out: return rc; }",linux-2.6,,,315668951409106410254752028517444934490,0 2185,['CWE-193'],"ssize_t generic_file_aio_write(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos) { struct file *file = iocb->ki_filp; struct address_space *mapping = file->f_mapping; struct inode *inode = mapping->host; ssize_t ret; BUG_ON(iocb->ki_pos != pos); mutex_lock(&inode->i_mutex); ret = __generic_file_aio_write_nolock(iocb, iov, nr_segs, &iocb->ki_pos); mutex_unlock(&inode->i_mutex); if (ret > 0 && ((file->f_flags & O_SYNC) || IS_SYNC(inode))) { ssize_t err; err = sync_page_range(inode, mapping, pos, ret); if (err < 0) ret = err; } return ret; }",linux-2.6,,,244231557007121462080595476858291395888,0 6744,['CWE-310'],"get_8021x_secrets_cb (GtkDialog *dialog, gint response, gpointer user_data) { NM8021xInfo *info = user_data; NMAGConfConnection *gconf_connection; NMConnection *connection = NULL; NMSetting *setting; GHashTable *settings_hash; GHashTable *secrets; GError *err = NULL; g_object_weak_unref (G_OBJECT (info->active_connection), destroy_8021x_dialog, info); if (response != GTK_RESPONSE_OK) { g_set_error (&err, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_SECRETS_REQUEST_CANCELED, ""%s.%d (%s): canceled"", __FILE__, __LINE__, __func__); goto done; } connection = nma_wired_dialog_get_connection (info->dialog); if (!connection) { g_set_error (&err, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INTERNAL_ERROR, ""%s.%d (%s): couldn't get connection from wired dialog."", __FILE__, __LINE__, __func__); goto done; } setting = nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X); if (!setting) { g_set_error (&err, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, ""%s.%d (%s): requested setting '802-1x' didn't"" "" exist in the connection."", __FILE__, __LINE__, __func__); goto done; } if (!utils_fill_connection_certs (NM_CONNECTION (connection), &err)) { g_set_error (&err, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INTERNAL_ERROR, ""%s.%d (%s): failed to read connection certificates: (%d) %s."", __FILE__, __LINE__, __func__, err ? err->code : -1, err && err->message ? err->message : ""(unknown)""); goto done; } secrets = nm_setting_to_hash (setting); utils_clear_filled_connection_certs (NM_CONNECTION (connection)); if (!secrets) { g_set_error (&err, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INTERNAL_ERROR, ""%s.%d (%s): failed to hash setting '%s'."", __FILE__, __LINE__, __func__, nm_setting_get_name (setting)); goto done; } settings_hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_hash_table_destroy); g_hash_table_insert (settings_hash, g_strdup (nm_setting_get_name (setting)), secrets); dbus_g_method_return (info->context, settings_hash); g_hash_table_destroy (settings_hash); gconf_connection = nma_gconf_settings_get_by_connection (info->applet->gconf_settings, connection); if (gconf_connection) nma_gconf_connection_save (gconf_connection); done: if (err) { g_warning (""%s"", err->message); dbus_g_method_return_error (info->context, err); g_error_free (err); } if (connection) nm_connection_clear_secrets (connection); destroy_8021x_dialog (info, NULL); }",network-manager-applet,,,151057295273392552279223631792426981856,0 6307,CWE-295,"NOEXPORT int parse_socket_error(CLI *c, const char *text) { switch(get_last_socket_error()) { case 0: #ifndef USE_WIN32 case EPIPE: #endif case S_ECONNABORTED: s_log(LOG_INFO, ""%s: Socket is closed"", text); return 0; case S_EINTR: s_log(LOG_DEBUG, ""%s: Interrupted by a signal: retrying"", text); return 1; case S_EWOULDBLOCK: s_log(LOG_NOTICE, ""%s: Would block: retrying"", text); s_poll_sleep(1, 0); return 1; #if S_EAGAIN!=S_EWOULDBLOCK case S_EAGAIN: s_log(LOG_DEBUG, ""%s: Temporary lack of resources: retrying"", text); return 1; #endif #ifdef USE_WIN32 case S_ECONNRESET: if(c->opt->exec_name) { s_log(LOG_INFO, ""%s: Socket is closed (exec)"", text); return 0; } #endif default: sockerror(text); throw_exception(c, 1); return -1; } }",visit repo url,src/client.c,https://github.com/mtrojnar/stunnel,77649821304227,1 478,CWE-20,"static int proc_keys_show(struct seq_file *m, void *v) { struct rb_node *_p = v; struct key *key = rb_entry(_p, struct key, serial_node); struct timespec now; unsigned long timo; key_ref_t key_ref, skey_ref; char xbuf[16]; int rc; struct keyring_search_context ctx = { .index_key.type = key->type, .index_key.description = key->description, .cred = m->file->f_cred, .match_data.cmp = lookup_user_key_possessed, .match_data.raw_data = key, .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, .flags = KEYRING_SEARCH_NO_STATE_CHECK, }; key_ref = make_key_ref(key, 0); if (key->perm & KEY_POS_VIEW) { skey_ref = search_my_process_keyrings(&ctx); if (!IS_ERR(skey_ref)) { key_ref_put(skey_ref); key_ref = make_key_ref(key, 1); } } rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW); if (rc < 0) return 0; now = current_kernel_time(); rcu_read_lock(); if (key->expiry == 0) { memcpy(xbuf, ""perm"", 5); } else if (now.tv_sec >= key->expiry) { memcpy(xbuf, ""expd"", 5); } else { timo = key->expiry - now.tv_sec; if (timo < 60) sprintf(xbuf, ""%lus"", timo); else if (timo < 60*60) sprintf(xbuf, ""%lum"", timo / 60); else if (timo < 60*60*24) sprintf(xbuf, ""%luh"", timo / (60*60)); else if (timo < 60*60*24*7) sprintf(xbuf, ""%lud"", timo / (60*60*24)); else sprintf(xbuf, ""%luw"", timo / (60*60*24*7)); } #define showflag(KEY, LETTER, FLAG) \ (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-') seq_printf(m, ""%08x %c%c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s "", key->serial, showflag(key, 'I', KEY_FLAG_INSTANTIATED), showflag(key, 'R', KEY_FLAG_REVOKED), showflag(key, 'D', KEY_FLAG_DEAD), showflag(key, 'Q', KEY_FLAG_IN_QUOTA), showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT), showflag(key, 'N', KEY_FLAG_NEGATIVE), showflag(key, 'i', KEY_FLAG_INVALIDATED), refcount_read(&key->usage), xbuf, key->perm, from_kuid_munged(seq_user_ns(m), key->uid), from_kgid_munged(seq_user_ns(m), key->gid), key->type->name); #undef showflag if (key->type->describe) key->type->describe(key, m); seq_putc(m, '\n'); rcu_read_unlock(); return 0; }",visit repo url,security/keys/proc.c,https://github.com/torvalds/linux,28961996730425,1 819,['CWE-16'],"static inline struct aead_givcrypt_request *esp_tmp_givreq( struct crypto_aead *aead, u8 *iv) { struct aead_givcrypt_request *req; req = (void *)PTR_ALIGN(iv + crypto_aead_ivsize(aead), crypto_tfm_ctx_alignment()); aead_givcrypt_set_tfm(req, aead); return req; }",linux-2.6,,,191896915710161677198067578331170466784,0 4045,['CWE-362'],"s32 inotify_add_watch(struct inotify_handle *ih, struct inotify_watch *watch, struct inode *inode, u32 mask) { int ret = 0; int newly_watched; mask &= IN_ALL_EVENTS | IN_ONESHOT; if (unlikely(!mask)) return -EINVAL; watch->mask = mask; mutex_lock(&inode->inotify_mutex); mutex_lock(&ih->mutex); ret = inotify_handle_get_wd(ih, watch); if (unlikely(ret)) goto out; ret = watch->wd; get_inotify_handle(ih); watch->ih = ih; watch->inode = igrab(inode); newly_watched = !inotify_inode_watched(inode); list_add(&watch->h_list, &ih->watches); list_add(&watch->i_list, &inode->inotify_watches); if (newly_watched) set_dentry_child_flags(inode, 1); out: mutex_unlock(&ih->mutex); mutex_unlock(&inode->inotify_mutex); return ret; }",linux-2.6,,,136472251429427290977297819936248443569,0 1197,['CWE-189'],"int hrtimer_try_to_cancel(struct hrtimer *timer) { struct hrtimer_clock_base *base; unsigned long flags; int ret = -1; base = lock_hrtimer_base(timer, &flags); if (!hrtimer_callback_running(timer)) ret = remove_hrtimer(timer, base); unlock_hrtimer_base(timer, &flags); return ret; }",linux-2.6,,,276120505082159694117338922045474336622,0 3356,[],"static inline int nlmsg_attrlen(const struct nlmsghdr *nlh, int hdrlen) { return nlmsg_len(nlh) - NLMSG_ALIGN(hdrlen); }",linux-2.6,,,32283700418324216484850289244711643716,0 6656,['CWE-200'],"foo_active_connections_changed_cb (NMClient *client, GParamSpec *pspec, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); const GPtrArray *active_list; int i; active_list = nm_client_get_active_connections (client); for (i = 0; active_list && (i < active_list->len); i++) { NMActiveConnection *candidate = NM_ACTIVE_CONNECTION (g_ptr_array_index (active_list, i)); guint id; if ( !NM_IS_VPN_CONNECTION (candidate) || g_object_get_data (G_OBJECT (candidate), VPN_STATE_ID_TAG)) continue; id = g_signal_connect (G_OBJECT (candidate), ""vpn-state-changed"", G_CALLBACK (vpn_connection_state_changed), applet); g_object_set_data (G_OBJECT (candidate), VPN_STATE_ID_TAG, GUINT_TO_POINTER (id)); } applet_schedule_update_icon (applet); }",network-manager-applet,,,69983473524499525678079850017329551278,0 4613,['CWE-399'],"static blkcnt_t ext4_inode_blocks(struct ext4_inode *raw_inode, struct ext4_inode_info *ei) { blkcnt_t i_blocks ; struct inode *inode = &(ei->vfs_inode); struct super_block *sb = inode->i_sb; if (EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_HUGE_FILE)) { i_blocks = ((u64)le16_to_cpu(raw_inode->i_blocks_high)) << 32 | le32_to_cpu(raw_inode->i_blocks_lo); if (ei->i_flags & EXT4_HUGE_FILE_FL) { return i_blocks << (inode->i_blkbits - 9); } else { return i_blocks; } } else { return le32_to_cpu(raw_inode->i_blocks_lo); } }",linux-2.6,,,129182700326839471550158521101559420620,0 6532,['CWE-200'],"remove_pending_change (gpointer data) { g_source_remove (GPOINTER_TO_UINT (data)); }",network-manager-applet,,,139441254924941736420620033289380526349,0 3192,['CWE-189'],"int jas_image_encode(jas_image_t *image, jas_stream_t *out, int fmt, char *optstr) { jas_image_fmtinfo_t *fmtinfo; if (!(fmtinfo = jas_image_lookupfmtbyid(fmt))) { return -1; } return (fmtinfo->ops.encode) ? (*fmtinfo->ops.encode)(image, out, optstr) : (-1); }",jasper,,,157800410669839001131753057138170356067,0 1839,CWE-125,"int smb2_write(struct ksmbd_work *work) { struct smb2_write_req *req; struct smb2_write_rsp *rsp; struct ksmbd_file *fp = NULL; loff_t offset; size_t length; ssize_t nbytes; char *data_buf; bool writethrough = false; int err = 0; WORK_BUFFERS(work, req, rsp); if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_PIPE)) { ksmbd_debug(SMB, ""IPC pipe write request\n""); return smb2_write_pipe(work); } if (req->Channel == SMB2_CHANNEL_RDMA_V1 || req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE) { unsigned int ch_offset = le16_to_cpu(req->WriteChannelInfoOffset); if (req->Length != 0 || req->DataOffset != 0 || ch_offset < offsetof(struct smb2_write_req, Buffer)) { err = -EINVAL; goto out; } err = smb2_set_remote_key_for_rdma(work, (struct smb2_buffer_desc_v1 *) ((char *)req + ch_offset), req->Channel, req->WriteChannelInfoOffset, req->WriteChannelInfoLength); if (err) goto out; } if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, ""User does not have write permission\n""); err = -EACCES; goto out; } fp = ksmbd_lookup_fd_slow(work, req->VolatileFileId, req->PersistentFileId); if (!fp) { err = -ENOENT; goto out; } if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_READ_ATTRIBUTES_LE))) { pr_err(""Not permitted to write : 0x%x\n"", fp->daccess); err = -EACCES; goto out; } offset = le64_to_cpu(req->Offset); length = le32_to_cpu(req->Length); if (length > work->conn->vals->max_write_size) { ksmbd_debug(SMB, ""limiting write size to max size(%u)\n"", work->conn->vals->max_write_size); err = -EINVAL; goto out; } if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH) writethrough = true; if (req->Channel != SMB2_CHANNEL_RDMA_V1 && req->Channel != SMB2_CHANNEL_RDMA_V1_INVALIDATE) { if (le16_to_cpu(req->DataOffset) == offsetof(struct smb2_write_req, Buffer)) { data_buf = (char *)&req->Buffer[0]; } else { if ((u64)le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(work->request_buf)) { pr_err(""invalid write data offset %u, smb_len %u\n"", le16_to_cpu(req->DataOffset), get_rfc1002_len(work->request_buf)); err = -EINVAL; goto out; } data_buf = (char *)(((char *)&req->hdr.ProtocolId) + le16_to_cpu(req->DataOffset)); } ksmbd_debug(SMB, ""flags %u\n"", le32_to_cpu(req->Flags)); if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH) writethrough = true; ksmbd_debug(SMB, ""filename %pd, offset %lld, len %zu\n"", fp->filp->f_path.dentry, offset, length); err = ksmbd_vfs_write(work, fp, data_buf, length, &offset, writethrough, &nbytes); if (err < 0) goto out; } else { nbytes = smb2_write_rdma_channel(work, req, fp, offset, le32_to_cpu(req->RemainingBytes), writethrough); if (nbytes < 0) { err = (int)nbytes; goto out; } } rsp->StructureSize = cpu_to_le16(17); rsp->DataOffset = 0; rsp->Reserved = 0; rsp->DataLength = cpu_to_le32(nbytes); rsp->DataRemaining = 0; rsp->Reserved2 = 0; inc_rfc1001_len(work->response_buf, 16); ksmbd_fd_put(work, fp); return 0; out: if (err == -EAGAIN) rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT; else if (err == -ENOSPC || err == -EFBIG) rsp->hdr.Status = STATUS_DISK_FULL; else if (err == -ENOENT) rsp->hdr.Status = STATUS_FILE_CLOSED; else if (err == -EACCES) rsp->hdr.Status = STATUS_ACCESS_DENIED; else if (err == -ESHARE) rsp->hdr.Status = STATUS_SHARING_VIOLATION; else if (err == -EINVAL) rsp->hdr.Status = STATUS_INVALID_PARAMETER; else rsp->hdr.Status = STATUS_INVALID_HANDLE; smb2_set_err_rsp(work); ksmbd_fd_put(work, fp); return err; }",visit repo url,fs/ksmbd/smb2pdu.c,https://github.com/torvalds/linux,85473583484645,1 3205,['CWE-189'],"static jpc_tagtree_t *jpc_tagtree_alloc() { jpc_tagtree_t *tree; if (!(tree = jas_malloc(sizeof(jpc_tagtree_t)))) { return 0; } tree->numleafsh_ = 0; tree->numleafsv_ = 0; tree->numnodes_ = 0; tree->nodes_ = 0; return tree; }",jasper,,,175107965435169349248182690076302451770,0 1167,['CWE-189'],static inline int hrtimer_cb_pending(struct hrtimer *timer) { return 0; },linux-2.6,,,309430768573528351180648564341001552258,0 795,CWE-20,"static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sockaddr_llc *uaddr = (struct sockaddr_llc *)msg->msg_name; const int nonblock = flags & MSG_DONTWAIT; struct sk_buff *skb = NULL; struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); unsigned long cpu_flags; size_t copied = 0; u32 peek_seq = 0; u32 *seq; unsigned long used; int target; long timeo; msg->msg_namelen = 0; lock_sock(sk); copied = -ENOTCONN; if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) goto out; timeo = sock_rcvtimeo(sk, nonblock); seq = &llc->copied_seq; if (flags & MSG_PEEK) { peek_seq = llc->copied_seq; seq = &peek_seq; } target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); copied = 0; do { u32 offset; if (signal_pending(current)) { if (copied) break; copied = timeo ? sock_intr_errno(timeo) : -EAGAIN; break; } skb = skb_peek(&sk->sk_receive_queue); if (skb) { offset = *seq; goto found_ok_skb; } if (copied >= target && !sk->sk_backlog.tail) break; if (copied) { if (sk->sk_err || sk->sk_state == TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN) || !timeo || (flags & MSG_PEEK)) break; } else { if (sock_flag(sk, SOCK_DONE)) break; if (sk->sk_err) { copied = sock_error(sk); break; } if (sk->sk_shutdown & RCV_SHUTDOWN) break; if (sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_CLOSE) { if (!sock_flag(sk, SOCK_DONE)) { copied = -ENOTCONN; break; } break; } if (!timeo) { copied = -EAGAIN; break; } } if (copied >= target) { release_sock(sk); lock_sock(sk); } else sk_wait_data(sk, &timeo); if ((flags & MSG_PEEK) && peek_seq != llc->copied_seq) { net_dbg_ratelimited(""LLC(%s:%d): Application bug, race in MSG_PEEK\n"", current->comm, task_pid_nr(current)); peek_seq = llc->copied_seq; } continue; found_ok_skb: used = skb->len - offset; if (len < used) used = len; if (!(flags & MSG_TRUNC)) { int rc = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, used); if (rc) { if (!copied) copied = -EFAULT; break; } } *seq += used; copied += used; len -= used; if (sk->sk_type != SOCK_STREAM) goto copy_uaddr; if (!(flags & MSG_PEEK)) { spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags); sk_eat_skb(sk, skb, false); spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags); *seq = 0; } if (used + offset < skb->len) continue; } while (len > 0); out: release_sock(sk); return copied; copy_uaddr: if (uaddr != NULL && skb != NULL) { memcpy(uaddr, llc_ui_skb_cb(skb), sizeof(*uaddr)); msg->msg_namelen = sizeof(*uaddr); } if (llc_sk(sk)->cmsg_flags) llc_cmsg_rcv(msg, skb); if (!(flags & MSG_PEEK)) { spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags); sk_eat_skb(sk, skb, false); spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags); *seq = 0; } goto out; }",visit repo url,net/llc/af_llc.c,https://github.com/torvalds/linux,150059117372885,1 6597,CWE-120,"static RzList *__io_maps(RzDebug *dbg) { RzList *list = rz_list_new(); char *str = dbg->iob.system(dbg->iob.io, ""dm""); if (!str) { rz_list_free(list); return NULL; } char *ostr = str; ut64 map_start, map_end; char perm[32]; char name[512]; for (;;) { char *nl = strchr(str, '\n'); if (nl) { *nl = 0; *name = 0; *perm = 0; map_start = map_end = 0LL; if (!strncmp(str, ""sys "", 4)) { char *sp = strchr(str + 4, ' '); if (sp) { str = sp + 1; } else { str += 4; } } char *_s_ = strstr(str, "" s ""); if (_s_) { memmove(_s_, _s_ + 2, strlen(_s_)); } _s_ = strstr(str, "" ? ""); if (_s_) { memmove(_s_, _s_ + 2, strlen(_s_)); } sscanf(str, ""0x%"" PFMT64x "" - 0x%"" PFMT64x "" %s %s"", &map_start, &map_end, perm, name); if (map_end != 0LL) { RzDebugMap *map = rz_debug_map_new(name, map_start, map_end, rz_str_rwx(perm), 0); rz_list_append(list, map); } str = nl + 1; } else { break; } } free(ostr); rz_cons_reset(); return list; }",visit repo url,librz/debug/p/debug_io.c,https://github.com/rizinorg/rizin,98222585145932,1 3776,[],"void unix_notinflight(struct file *fp) { struct sock *s = unix_get_socket(fp); if(s) { struct unix_sock *u = unix_sk(s); spin_lock(&unix_gc_lock); BUG_ON(list_empty(&u->link)); if (atomic_dec_and_test(&u->inflight)) list_del_init(&u->link); atomic_dec(&unix_tot_inflight); spin_unlock(&unix_gc_lock); } }",linux-2.6,,,173782542842173137592349853733560830794,0 5681,CWE-125,"pthread_mutex_unlock(pthread_mutex_t *mutex) { LeaveCriticalSection(mutex); return 0; }",visit repo url,include/compat/pthread.h,https://github.com/libressl-portable/portable,82411199462954,1 122,['CWE-787'],"static uint32_t vga_ioport_read(void *opaque, uint32_t addr) { CirrusVGAState *s = opaque; int val, index; if ((addr >= 0x3b0 && addr <= 0x3bf && (s->msr & MSR_COLOR_EMULATION)) || (addr >= 0x3d0 && addr <= 0x3df && !(s->msr & MSR_COLOR_EMULATION))) { val = 0xff; } else { switch (addr) { case 0x3c0: if (s->ar_flip_flop == 0) { val = s->ar_index; } else { val = 0; } break; case 0x3c1: index = s->ar_index & 0x1f; if (index < 21) val = s->ar[index]; else val = 0; break; case 0x3c2: val = s->st00; break; case 0x3c4: val = s->sr_index; break; case 0x3c5: if (cirrus_hook_read_sr(s, s->sr_index, &val)) break; val = s->sr[s->sr_index]; #ifdef DEBUG_VGA_REG printf(""vga: read SR%x = 0x%02x\n"", s->sr_index, val); #endif break; case 0x3c6: cirrus_read_hidden_dac(s, &val); break; case 0x3c7: val = s->dac_state; break; case 0x3c8: val = s->dac_write_index; s->cirrus_hidden_dac_lockindex = 0; break; case 0x3c9: if (cirrus_hook_read_palette(s, &val)) break; val = s->palette[s->dac_read_index * 3 + s->dac_sub_index]; if (++s->dac_sub_index == 3) { s->dac_sub_index = 0; s->dac_read_index++; } break; case 0x3ca: val = s->fcr; break; case 0x3cc: val = s->msr; break; case 0x3ce: val = s->gr_index; break; case 0x3cf: if (cirrus_hook_read_gr(s, s->gr_index, &val)) break; val = s->gr[s->gr_index]; #ifdef DEBUG_VGA_REG printf(""vga: read GR%x = 0x%02x\n"", s->gr_index, val); #endif break; case 0x3b4: case 0x3d4: val = s->cr_index; break; case 0x3b5: case 0x3d5: if (cirrus_hook_read_cr(s, s->cr_index, &val)) break; val = s->cr[s->cr_index]; #ifdef DEBUG_VGA_REG printf(""vga: read CR%x = 0x%02x\n"", s->cr_index, val); #endif break; case 0x3ba: case 0x3da: val = s->st01 = s->retrace((VGAState *) s); s->ar_flip_flop = 0; break; default: val = 0x00; break; } } #if defined(DEBUG_VGA) printf(""VGA: read addr=0x%04x data=0x%02x\n"", addr, val); #endif return val; }",qemu,,,186182670765655633856002984558226572526,0 2598,NVD-CWE-noinfo,"int delete_sdp_line( struct sip_msg * msg, char * s) { char * start,*end; if( !s ) return 1; start = s; end = s; while(*start != '\n') start--; start++; while(*end != '\n') end++; end++; if( del_lump(msg, start - msg->buf, end - start,0) == NULL ) { return -1; } return 0; }",visit repo url,modules/sipmsgops/codecs.c,https://github.com/OpenSIPS/opensips,69882384625843,1 165,[],"asmlinkage long compat_sys_statfs64(const char __user *path, compat_size_t sz, struct compat_statfs64 __user *buf) { struct nameidata nd; int error; if (sz != sizeof(*buf)) return -EINVAL; error = user_path_walk(path, &nd); if (!error) { struct kstatfs tmp; error = vfs_statfs(nd.dentry, &tmp); if (!error) error = put_compat_statfs64(buf, &tmp); path_release(&nd); } return error; }",linux-2.6,,,256104685076993450844702015160940572256,0 6247,['CWE-200'],"static int tfilter_notify(struct sk_buff *oskb, struct nlmsghdr *n, struct tcf_proto *tp, unsigned long fh, int event) { struct sk_buff *skb; u32 pid = oskb ? NETLINK_CB(oskb).pid : 0; skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) return -ENOBUFS; if (tcf_fill_node(skb, tp, fh, pid, n->nlmsg_seq, 0, event) <= 0) { kfree_skb(skb); return -EINVAL; } return rtnetlink_send(skb, pid, RTMGRP_TC, n->nlmsg_flags&NLM_F_ECHO); }",linux-2.6,,,244907893301681584479465517297529908106,0 6595,CWE-120,"static RzList *rz_debug_gdb_map_get(RzDebug *dbg) { RzDebugGdbCtx *ctx = dbg->plugin_data; check_connection(dbg); if (!ctx->desc || ctx->desc->pid <= 0) { return NULL; } RzList *retlist = NULL; if (ctx->desc->get_baddr) { ctx->desc->get_baddr = false; ut64 baddr; if ((baddr = gdbr_get_baddr(ctx->desc)) != UINT64_MAX) { if (!(retlist = rz_list_new())) { return NULL; } RzDebugMap *map; if (!(map = rz_debug_map_new("""", baddr, baddr, RZ_PERM_RX, 0))) { rz_list_free(retlist); return NULL; } rz_list_append(retlist, map); return retlist; } } char path[128]; ut8 *buf; int ret; ut64 buflen = 16384; snprintf(path, sizeof(path) - 1, ""/proc/%d/maps"", ctx->desc->pid); #ifdef _MSC_VER #define GDB_FILE_OPEN_MODE (_S_IREAD | _S_IWRITE) #else #define GDB_FILE_OPEN_MODE (S_IRUSR | S_IWUSR | S_IXUSR) #endif if (gdbr_open_file(ctx->desc, path, O_RDONLY, GDB_FILE_OPEN_MODE) < 0) { return NULL; } if (!(buf = malloc(buflen))) { gdbr_close_file(ctx->desc); return NULL; } if ((ret = gdbr_read_file(ctx->desc, buf, buflen - 1)) <= 0) { gdbr_close_file(ctx->desc); free(buf); return NULL; } buf[ret] = '\0'; int unk = 0, perm, i; char *ptr, *pos_1; size_t line_len; char name[1024], region1[100], region2[100], perms[5]; RzDebugMap *map = NULL; region1[0] = region2[0] = '0'; region1[1] = region2[1] = 'x'; if (!(ptr = strtok((char *)buf, ""\n""))) { gdbr_close_file(ctx->desc); free(buf); return NULL; } if (!(retlist = rz_list_new())) { gdbr_close_file(ctx->desc); free(buf); return NULL; } while (ptr) { ut64 map_start, map_end, offset; bool map_is_shared = false; line_len = strlen(ptr); if (line_len == 0) { break; } ret = sscanf(ptr, ""%s %s %"" PFMT64x "" %*s %*s %[^\n]"", ®ion1[2], perms, &offset, name); if (ret == 3) { name[0] = '\0'; } else if (ret != 4) { eprintf(""%s: Unable to parse \""%s\""\nContent:\n%s\n"", __func__, path, buf); gdbr_close_file(ctx->desc); free(buf); rz_list_free(retlist); return NULL; } if (!(pos_1 = strchr(®ion1[2], '-'))) { ptr = strtok(NULL, ""\n""); continue; } strncpy(®ion2[2], pos_1 + 1, sizeof(region2) - 2 - 1); if (!*name) { snprintf(name, sizeof(name), ""unk%d"", unk++); } perm = 0; for (i = 0; i < 5 && perms[i]; i++) { switch (perms[i]) { case 'r': perm |= RZ_PERM_R; break; case 'w': perm |= RZ_PERM_W; break; case 'x': perm |= RZ_PERM_X; break; case 'p': map_is_shared = false; break; case 's': map_is_shared = true; break; } } map_start = rz_num_get(NULL, region1); map_end = rz_num_get(NULL, region2); if (map_start == map_end || map_end == 0) { eprintf(""%s: ignoring invalid map size: %s - %s\n"", __func__, region1, region2); ptr = strtok(NULL, ""\n""); continue; } if (!(map = rz_debug_map_new(name, map_start, map_end, perm, 0))) { break; } map->offset = offset; map->shared = map_is_shared; map->file = strdup(name); rz_list_append(retlist, map); ptr = strtok(NULL, ""\n""); } gdbr_close_file(ctx->desc); free(buf); return retlist; }",visit repo url,librz/debug/p/debug_gdb.c,https://github.com/rizinorg/rizin,124299195715903,1 1998,CWE-276,"static inline void switch_to_bitmap(unsigned long tifp) { if (tifp & _TIF_IO_BITMAP) tss_invalidate_io_bitmap(this_cpu_ptr(&cpu_tss_rw)); }",visit repo url,arch/x86/kernel/process.c,https://github.com/torvalds/linux,174744225403056,1 300,[],"static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd, unsigned long arg) { struct compat_video_spu_palette __user *up; struct video_spu_palette __user *up_native; compat_uptr_t palp; int length, err; up = (struct compat_video_spu_palette __user *) arg; err = get_user(palp, &up->palette); err |= get_user(length, &up->length); up_native = compat_alloc_user_space(sizeof(struct video_spu_palette)); put_user(compat_ptr(palp), &up_native->palette); put_user(length, &up_native->length); err = sys_ioctl(fd, cmd, (unsigned long) up_native); return err; }",linux-2.6,,,279526296624779921961662028087928323766,0 1865,CWE-787,"static int smb2_get_info_sec(struct ksmbd_work *work, struct smb2_query_info_req *req, struct smb2_query_info_rsp *rsp) { struct ksmbd_file *fp; struct user_namespace *user_ns; struct smb_ntsd *pntsd = (struct smb_ntsd *)rsp->Buffer, *ppntsd = NULL; struct smb_fattr fattr = {{0}}; struct inode *inode; __u32 secdesclen; unsigned int id = KSMBD_NO_FID, pid = KSMBD_NO_FID; int addition_info = le32_to_cpu(req->AdditionalInformation); int rc; if (addition_info & ~(OWNER_SECINFO | GROUP_SECINFO | DACL_SECINFO | PROTECTED_DACL_SECINFO | UNPROTECTED_DACL_SECINFO)) { ksmbd_debug(SMB, ""Unsupported addition info: 0x%x)\n"", addition_info); pntsd->revision = cpu_to_le16(1); pntsd->type = cpu_to_le16(SELF_RELATIVE | DACL_PROTECTED); pntsd->osidoffset = 0; pntsd->gsidoffset = 0; pntsd->sacloffset = 0; pntsd->dacloffset = 0; secdesclen = sizeof(struct smb_ntsd); rsp->OutputBufferLength = cpu_to_le32(secdesclen); inc_rfc1001_len(work->response_buf, secdesclen); return 0; } if (work->next_smb2_rcv_hdr_off) { if (!has_file_id(req->VolatileFileId)) { ksmbd_debug(SMB, ""Compound request set FID = %llu\n"", work->compound_fid); id = work->compound_fid; pid = work->compound_pfid; } } if (!has_file_id(id)) { id = req->VolatileFileId; pid = req->PersistentFileId; } fp = ksmbd_lookup_fd_slow(work, id, pid); if (!fp) return -ENOENT; user_ns = file_mnt_user_ns(fp->filp); inode = file_inode(fp->filp); ksmbd_acls_fattr(&fattr, user_ns, inode); if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_ACL_XATTR)) ksmbd_vfs_get_sd_xattr(work->conn, user_ns, fp->filp->f_path.dentry, &ppntsd); rc = build_sec_desc(user_ns, pntsd, ppntsd, addition_info, &secdesclen, &fattr); posix_acl_release(fattr.cf_acls); posix_acl_release(fattr.cf_dacls); kfree(ppntsd); ksmbd_fd_put(work, fp); if (rc) return rc; rsp->OutputBufferLength = cpu_to_le32(secdesclen); inc_rfc1001_len(work->response_buf, secdesclen); return 0; }",visit repo url,fs/ksmbd/smb2pdu.c,https://github.com/torvalds/linux,18780352946094,1 6583,CWE-1333," i = function( s ) { return ( '' + s ).toLowerCase().replace( sre , '' ) ; } ,",visit repo url,lib/naturalSort.js,https://github.com/cronvel/string-kit,214290013146841,1 3391,['CWE-264'],"asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group) { struct file * file; int error = -EBADF; struct dentry * dentry; file = fget(fd); if (!file) goto out; dentry = file->f_path.dentry; audit_inode(NULL, dentry->d_inode); error = chown_common(dentry, user, group); fput(file); out: return error; }",linux-2.6,,,131539470573596206400325628241469279461,0 5518,['CWE-119'],"parse_tag_65_packet(struct ecryptfs_session_key *session_key, u8 *cipher_code, struct ecryptfs_message *msg) { size_t i = 0; char *data; size_t data_len; size_t m_size; size_t message_len; u16 checksum = 0; u16 expected_checksum = 0; int rc; message_len = msg->data_len; data = msg->data; if (message_len < 4) { rc = -EIO; goto out; } if (data[i++] != ECRYPTFS_TAG_65_PACKET_TYPE) { ecryptfs_printk(KERN_ERR, ""Type should be ECRYPTFS_TAG_65\n""); rc = -EIO; goto out; } if (data[i++]) { ecryptfs_printk(KERN_ERR, ""Status indicator has non-zero value "" ""[%d]\n"", data[i-1]); rc = -EIO; goto out; } rc = ecryptfs_parse_packet_length(&data[i], &m_size, &data_len); if (rc) { ecryptfs_printk(KERN_WARNING, ""Error parsing packet length; "" ""rc = [%d]\n"", rc); goto out; } i += data_len; if (message_len < (i + m_size)) { ecryptfs_printk(KERN_ERR, ""The message received from ecryptfsd "" ""is shorter than expected\n""); rc = -EIO; goto out; } if (m_size < 3) { ecryptfs_printk(KERN_ERR, ""The decrypted key is not long enough to "" ""include a cipher code and checksum\n""); rc = -EIO; goto out; } *cipher_code = data[i++]; session_key->decrypted_key_size = m_size - 3; if (session_key->decrypted_key_size > ECRYPTFS_MAX_KEY_BYTES) { ecryptfs_printk(KERN_ERR, ""key_size [%d] larger than "" ""the maximum key size [%d]\n"", session_key->decrypted_key_size, ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES); rc = -EIO; goto out; } memcpy(session_key->decrypted_key, &data[i], session_key->decrypted_key_size); i += session_key->decrypted_key_size; expected_checksum += (unsigned char)(data[i++]) << 8; expected_checksum += (unsigned char)(data[i++]); for (i = 0; i < session_key->decrypted_key_size; i++) checksum += session_key->decrypted_key[i]; if (expected_checksum != checksum) { ecryptfs_printk(KERN_ERR, ""Invalid checksum for file "" ""encryption key; expected [%x]; calculated "" ""[%x]\n"", expected_checksum, checksum); rc = -EIO; } out: return rc; }",linux-2.6,,,26982765552581516439757763048798372685,0 1988,CWE-908,"static void slc_bump(struct slcan *sl) { struct sk_buff *skb; struct can_frame cf; int i, tmp; u32 tmpid; char *cmd = sl->rbuff; cf.can_id = 0; switch (*cmd) { case 'r': cf.can_id = CAN_RTR_FLAG; case 't': cf.can_dlc = sl->rbuff[SLC_CMD_LEN + SLC_SFF_ID_LEN]; sl->rbuff[SLC_CMD_LEN + SLC_SFF_ID_LEN] = 0; cmd += SLC_CMD_LEN + SLC_SFF_ID_LEN + 1; break; case 'R': cf.can_id = CAN_RTR_FLAG; case 'T': cf.can_id |= CAN_EFF_FLAG; cf.can_dlc = sl->rbuff[SLC_CMD_LEN + SLC_EFF_ID_LEN]; sl->rbuff[SLC_CMD_LEN + SLC_EFF_ID_LEN] = 0; cmd += SLC_CMD_LEN + SLC_EFF_ID_LEN + 1; break; default: return; } if (kstrtou32(sl->rbuff + SLC_CMD_LEN, 16, &tmpid)) return; cf.can_id |= tmpid; if (cf.can_dlc >= '0' && cf.can_dlc < '9') cf.can_dlc -= '0'; else return; *(u64 *) (&cf.data) = 0; if (!(cf.can_id & CAN_RTR_FLAG)) { for (i = 0; i < cf.can_dlc; i++) { tmp = hex_to_bin(*cmd++); if (tmp < 0) return; cf.data[i] = (tmp << 4); tmp = hex_to_bin(*cmd++); if (tmp < 0) return; cf.data[i] |= tmp; } } skb = dev_alloc_skb(sizeof(struct can_frame) + sizeof(struct can_skb_priv)); if (!skb) return; skb->dev = sl->dev; skb->protocol = htons(ETH_P_CAN); skb->pkt_type = PACKET_BROADCAST; skb->ip_summed = CHECKSUM_UNNECESSARY; can_skb_reserve(skb); can_skb_prv(skb)->ifindex = sl->dev->ifindex; can_skb_prv(skb)->skbcnt = 0; skb_put_data(skb, &cf, sizeof(struct can_frame)); sl->dev->stats.rx_packets++; sl->dev->stats.rx_bytes += cf.can_dlc; netif_rx_ni(skb); }",visit repo url,drivers/net/can/slcan.c,https://github.com/torvalds/linux,100453987938936,1 2984,CWE-399,"private int magiccheck(struct magic_set *ms, struct magic *m) { uint64_t l = m->value.q; uint64_t v; float fl, fv; double dl, dv; int matched; union VALUETYPE *p = &ms->ms_value; switch (m->type) { case FILE_BYTE: v = p->b; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: v = p->h; break; case FILE_LONG: case FILE_BELONG: case FILE_LELONG: case FILE_MELONG: case FILE_DATE: case FILE_BEDATE: case FILE_LEDATE: case FILE_MEDATE: case FILE_LDATE: case FILE_BELDATE: case FILE_LELDATE: case FILE_MELDATE: v = p->l; break; case FILE_QUAD: case FILE_LEQUAD: case FILE_BEQUAD: case FILE_QDATE: case FILE_BEQDATE: case FILE_LEQDATE: case FILE_QLDATE: case FILE_BEQLDATE: case FILE_LEQLDATE: case FILE_QWDATE: case FILE_BEQWDATE: case FILE_LEQWDATE: v = p->q; break; case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: fl = m->value.f; fv = p->f; switch (m->reln) { case 'x': matched = 1; break; case '!': matched = fv != fl; break; case '=': matched = fv == fl; break; case '>': matched = fv > fl; break; case '<': matched = fv < fl; break; default: file_magerror(ms, ""cannot happen with float: invalid relation `%c'"", m->reln); return -1; } return matched; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: dl = m->value.d; dv = p->d; switch (m->reln) { case 'x': matched = 1; break; case '!': matched = dv != dl; break; case '=': matched = dv == dl; break; case '>': matched = dv > dl; break; case '<': matched = dv < dl; break; default: file_magerror(ms, ""cannot happen with double: invalid relation `%c'"", m->reln); return -1; } return matched; case FILE_DEFAULT: case FILE_CLEAR: l = 0; v = 0; break; case FILE_STRING: case FILE_PSTRING: l = 0; v = file_strncmp(m->value.s, p->s, (size_t)m->vallen, m->str_flags); break; case FILE_BESTRING16: case FILE_LESTRING16: l = 0; v = file_strncmp16(m->value.s, p->s, (size_t)m->vallen, m->str_flags); break; case FILE_SEARCH: { size_t slen; size_t idx; if (ms->search.s == NULL) return 0; slen = MIN(m->vallen, sizeof(m->value.s)); l = 0; v = 0; for (idx = 0; m->str_range == 0 || idx < m->str_range; idx++) { if (slen + idx > ms->search.s_len) break; v = file_strncmp(m->value.s, ms->search.s + idx, slen, m->str_flags); if (v == 0) { ms->search.offset += idx; break; } } break; } case FILE_REGEX: { int rc; file_regex_t rx; if (ms->search.s == NULL) return 0; l = 0; rc = file_regcomp(&rx, m->value.s, REG_EXTENDED|REG_NEWLINE| ((m->str_flags & STRING_IGNORE_CASE) ? REG_ICASE : 0)); if (rc) { file_regerror(&rx, rc, ms); v = (uint64_t)-1; } else { #ifndef REG_STARTEND char c; #endif regmatch_t pmatch[1]; size_t slen = ms->search.s_len; if (m->str_range > 0) slen = MIN(slen, m->str_range); #ifndef REG_STARTEND #define REG_STARTEND 0 if (slen != 0) slen--; c = ms->search.s[slen]; ((char *)(intptr_t)ms->search.s)[slen] = '\0'; #else pmatch[0].rm_so = 0; pmatch[0].rm_eo = slen; #endif rc = file_regexec(&rx, (const char *)ms->search.s, 1, pmatch, REG_STARTEND); #if REG_STARTEND == 0 ((char *)(intptr_t)ms->search.s)[l] = c; #endif switch (rc) { case 0: ms->search.s += (int)pmatch[0].rm_so; ms->search.offset += (size_t)pmatch[0].rm_so; ms->search.rm_len = (size_t)(pmatch[0].rm_eo - pmatch[0].rm_so); v = 0; break; case REG_NOMATCH: v = 1; break; default: file_regerror(&rx, rc, ms); v = (uint64_t)-1; break; } } file_regfree(&rx); if (v == (uint64_t)-1) return -1; break; } case FILE_INDIRECT: case FILE_USE: case FILE_NAME: return 1; default: file_magerror(ms, ""invalid type %d in magiccheck()"", m->type); return -1; } v = file_signextend(ms, m, v); switch (m->reln) { case 'x': if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u == *any* = 1\n"", (unsigned long long)v); matched = 1; break; case '!': matched = v != l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u != %"" INT64_T_FORMAT ""u = %d\n"", (unsigned long long)v, (unsigned long long)l, matched); break; case '=': matched = v == l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u == %"" INT64_T_FORMAT ""u = %d\n"", (unsigned long long)v, (unsigned long long)l, matched); break; case '>': if (m->flag & UNSIGNED) { matched = v > l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u > %"" INT64_T_FORMAT ""u = %d\n"", (unsigned long long)v, (unsigned long long)l, matched); } else { matched = (int64_t) v > (int64_t) l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""d > %"" INT64_T_FORMAT ""d = %d\n"", (long long)v, (long long)l, matched); } break; case '<': if (m->flag & UNSIGNED) { matched = v < l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""u < %"" INT64_T_FORMAT ""u = %d\n"", (unsigned long long)v, (unsigned long long)l, matched); } else { matched = (int64_t) v < (int64_t) l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""%"" INT64_T_FORMAT ""d < %"" INT64_T_FORMAT ""d = %d\n"", (long long)v, (long long)l, matched); } break; case '&': matched = (v & l) == l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""((%"" INT64_T_FORMAT ""x & %"" INT64_T_FORMAT ""x) == %"" INT64_T_FORMAT ""x) = %d\n"", (unsigned long long)v, (unsigned long long)l, (unsigned long long)l, matched); break; case '^': matched = (v & l) != l; if ((ms->flags & MAGIC_DEBUG) != 0) (void) fprintf(stderr, ""((%"" INT64_T_FORMAT ""x & %"" INT64_T_FORMAT ""x) != %"" INT64_T_FORMAT ""x) = %d\n"", (unsigned long long)v, (unsigned long long)l, (unsigned long long)l, matched); break; default: file_magerror(ms, ""cannot happen: invalid relation `%c'"", m->reln); return -1; }",visit repo url,src/softmagic.c,https://github.com/file/file,38397193237209,1 5077,CWE-125,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 6560,CWE-134,"int wcall_i_answer(struct wcall *wcall, int call_type, int audio_cbr) { int err = 0; bool cbr = audio_cbr != 0; if (!wcall) { warning(""wcall; answer: no wcall\n""); return EINVAL; } call_type = (call_type == WCALL_CALL_TYPE_FORCED_AUDIO) ? WCALL_CALL_TYPE_NORMAL : call_type; info(APITAG ""wcall(%p): answer calltype=%s\n"", wcall, wcall_call_type_name(call_type)); if (wcall->disable_audio) wcall->disable_audio = false; if (!wcall->icall) { warning(""wcall(%p): answer: no call object found\n"", wcall); return ENOTSUP; } set_state(wcall, WCALL_STATE_ANSWERED); if (call_type == WCALL_CALL_TYPE_VIDEO) { ICALL_CALL(wcall->icall, set_video_send_state, ICALL_VIDEO_STATE_STARTED); } else { ICALL_CALL(wcall->icall, set_video_send_state, ICALL_VIDEO_STATE_STOPPED); } err = ICALL_CALLE(wcall->icall, answer, call_type, cbr); return err; }",visit repo url,src/wcall/wcall.c,https://github.com/wireapp/wire-avs,154645747328837,1 3273,CWE-125,"olsr_print(netdissect_options *ndo, const u_char *pptr, u_int length, int is_ipv6) { union { const struct olsr_common *common; const struct olsr_msg4 *msg4; const struct olsr_msg6 *msg6; const struct olsr_hello *hello; const struct olsr_hello_link *hello_link; const struct olsr_tc *tc; const struct olsr_hna4 *hna; } ptr; u_int msg_type, msg_len, msg_tlen, hello_len; uint16_t name_entry_type, name_entry_len; u_int name_entry_padding; uint8_t link_type, neighbor_type; const u_char *tptr, *msg_data; tptr = pptr; if (length < sizeof(struct olsr_common)) { goto trunc; } ND_TCHECK2(*tptr, sizeof(struct olsr_common)); ptr.common = (const struct olsr_common *)tptr; length = min(length, EXTRACT_16BITS(ptr.common->packet_len)); ND_PRINT((ndo, ""OLSRv%i, seq 0x%04x, length %u"", (is_ipv6 == 0) ? 4 : 6, EXTRACT_16BITS(ptr.common->packet_seq), length)); tptr += sizeof(struct olsr_common); if (ndo->ndo_vflag < 1) { return; } while (tptr < (pptr+length)) { union { const struct olsr_msg4 *v4; const struct olsr_msg6 *v6; } msgptr; int msg_len_valid = 0; ND_TCHECK2(*tptr, sizeof(struct olsr_msg4)); if (is_ipv6) { msgptr.v6 = (const struct olsr_msg6 *) tptr; msg_type = msgptr.v6->msg_type; msg_len = EXTRACT_16BITS(msgptr.v6->msg_len); if ((msg_len >= sizeof (struct olsr_msg6)) && (msg_len <= length)) msg_len_valid = 1; if (msg_type == 0 || msg_len == 0) { return; } ND_PRINT((ndo, ""\n\t%s Message (%#04x), originator %s, ttl %u, hop %u"" ""\n\t vtime %.3fs, msg-seq 0x%04x, length %u%s"", tok2str(olsr_msg_values, ""Unknown"", msg_type), msg_type, ip6addr_string(ndo, msgptr.v6->originator), msgptr.v6->ttl, msgptr.v6->hopcount, ME_TO_DOUBLE(msgptr.v6->vtime), EXTRACT_16BITS(msgptr.v6->msg_seq), msg_len, (msg_len_valid == 0) ? "" (invalid)"" : """")); if (!msg_len_valid) { return; } msg_tlen = msg_len - sizeof(struct olsr_msg6); msg_data = tptr + sizeof(struct olsr_msg6); } else { msgptr.v4 = (const struct olsr_msg4 *) tptr; msg_type = msgptr.v4->msg_type; msg_len = EXTRACT_16BITS(msgptr.v4->msg_len); if ((msg_len >= sizeof (struct olsr_msg4)) && (msg_len <= length)) msg_len_valid = 1; if (msg_type == 0 || msg_len == 0) { return; } ND_PRINT((ndo, ""\n\t%s Message (%#04x), originator %s, ttl %u, hop %u"" ""\n\t vtime %.3fs, msg-seq 0x%04x, length %u%s"", tok2str(olsr_msg_values, ""Unknown"", msg_type), msg_type, ipaddr_string(ndo, msgptr.v4->originator), msgptr.v4->ttl, msgptr.v4->hopcount, ME_TO_DOUBLE(msgptr.v4->vtime), EXTRACT_16BITS(msgptr.v4->msg_seq), msg_len, (msg_len_valid == 0) ? "" (invalid)"" : """")); if (!msg_len_valid) { return; } msg_tlen = msg_len - sizeof(struct olsr_msg4); msg_data = tptr + sizeof(struct olsr_msg4); } switch (msg_type) { case OLSR_HELLO_MSG: case OLSR_HELLO_LQ_MSG: if (msg_tlen < sizeof(struct olsr_hello)) goto trunc; ND_TCHECK2(*msg_data, sizeof(struct olsr_hello)); ptr.hello = (const struct olsr_hello *)msg_data; ND_PRINT((ndo, ""\n\t hello-time %.3fs, MPR willingness %u"", ME_TO_DOUBLE(ptr.hello->htime), ptr.hello->will)); msg_data += sizeof(struct olsr_hello); msg_tlen -= sizeof(struct olsr_hello); while (msg_tlen >= sizeof(struct olsr_hello_link)) { int hello_len_valid = 0; ND_TCHECK2(*msg_data, sizeof(struct olsr_hello_link)); ptr.hello_link = (const struct olsr_hello_link *)msg_data; hello_len = EXTRACT_16BITS(ptr.hello_link->len); link_type = OLSR_EXTRACT_LINK_TYPE(ptr.hello_link->link_code); neighbor_type = OLSR_EXTRACT_NEIGHBOR_TYPE(ptr.hello_link->link_code); if ((hello_len <= msg_tlen) && (hello_len >= sizeof(struct olsr_hello_link))) hello_len_valid = 1; ND_PRINT((ndo, ""\n\t link-type %s, neighbor-type %s, len %u%s"", tok2str(olsr_link_type_values, ""Unknown"", link_type), tok2str(olsr_neighbor_type_values, ""Unknown"", neighbor_type), hello_len, (hello_len_valid == 0) ? "" (invalid)"" : """")); if (hello_len_valid == 0) break; msg_data += sizeof(struct olsr_hello_link); msg_tlen -= sizeof(struct olsr_hello_link); hello_len -= sizeof(struct olsr_hello_link); ND_TCHECK2(*msg_data, hello_len); if (msg_type == OLSR_HELLO_MSG) { if (olsr_print_neighbor(ndo, msg_data, hello_len) == -1) goto trunc; } else { if (is_ipv6) { if (olsr_print_lq_neighbor6(ndo, msg_data, hello_len) == -1) goto trunc; } else { if (olsr_print_lq_neighbor4(ndo, msg_data, hello_len) == -1) goto trunc; } } msg_data += hello_len; msg_tlen -= hello_len; } break; case OLSR_TC_MSG: case OLSR_TC_LQ_MSG: if (msg_tlen < sizeof(struct olsr_tc)) goto trunc; ND_TCHECK2(*msg_data, sizeof(struct olsr_tc)); ptr.tc = (const struct olsr_tc *)msg_data; ND_PRINT((ndo, ""\n\t advertised neighbor seq 0x%04x"", EXTRACT_16BITS(ptr.tc->ans_seq))); msg_data += sizeof(struct olsr_tc); msg_tlen -= sizeof(struct olsr_tc); if (msg_type == OLSR_TC_MSG) { if (olsr_print_neighbor(ndo, msg_data, msg_tlen) == -1) goto trunc; } else { if (is_ipv6) { if (olsr_print_lq_neighbor6(ndo, msg_data, msg_tlen) == -1) goto trunc; } else { if (olsr_print_lq_neighbor4(ndo, msg_data, msg_tlen) == -1) goto trunc; } } break; case OLSR_MID_MSG: { size_t addr_size = sizeof(struct in_addr); if (is_ipv6) addr_size = sizeof(struct in6_addr); while (msg_tlen >= addr_size) { ND_TCHECK2(*msg_data, addr_size); ND_PRINT((ndo, ""\n\t interface address %s"", is_ipv6 ? ip6addr_string(ndo, msg_data) : ipaddr_string(ndo, msg_data))); msg_data += addr_size; msg_tlen -= addr_size; } break; } case OLSR_HNA_MSG: if (is_ipv6) { int i = 0; ND_PRINT((ndo, ""\n\t Advertised networks (total %u)"", (unsigned int) (msg_tlen / sizeof(struct olsr_hna6)))); while (msg_tlen >= sizeof(struct olsr_hna6)) { const struct olsr_hna6 *hna6; ND_TCHECK2(*msg_data, sizeof(struct olsr_hna6)); hna6 = (const struct olsr_hna6 *)msg_data; ND_PRINT((ndo, ""\n\t #%i: %s/%u"", i, ip6addr_string(ndo, hna6->network), mask62plen (hna6->mask))); msg_data += sizeof(struct olsr_hna6); msg_tlen -= sizeof(struct olsr_hna6); } } else { int col = 0; ND_PRINT((ndo, ""\n\t Advertised networks (total %u)"", (unsigned int) (msg_tlen / sizeof(struct olsr_hna4)))); while (msg_tlen >= sizeof(struct olsr_hna4)) { ND_TCHECK2(*msg_data, sizeof(struct olsr_hna4)); ptr.hna = (const struct olsr_hna4 *)msg_data; if (!ptr.hna->network[0] && !ptr.hna->network[1] && !ptr.hna->network[2] && !ptr.hna->network[3] && !ptr.hna->mask[GW_HNA_PAD] && ptr.hna->mask[GW_HNA_FLAGS]) { ND_PRINT((ndo, ""%sSmart-Gateway:%s%s%s%s%s %u/%u"", col == 0 ? ""\n\t "" : "", "", (ptr.hna->mask[GW_HNA_FLAGS] & GW_HNA_FLAG_LINKSPEED) ? "" LINKSPEED"" : """", (ptr.hna->mask[GW_HNA_FLAGS] & GW_HNA_FLAG_IPV4) ? "" IPV4"" : """", (ptr.hna->mask[GW_HNA_FLAGS] & GW_HNA_FLAG_IPV4_NAT) ? "" IPV4-NAT"" : """", (ptr.hna->mask[GW_HNA_FLAGS] & GW_HNA_FLAG_IPV6) ? "" IPV6"" : """", (ptr.hna->mask[GW_HNA_FLAGS] & GW_HNA_FLAG_IPV6PREFIX) ? "" IPv6-PREFIX"" : """", (ptr.hna->mask[GW_HNA_FLAGS] & GW_HNA_FLAG_LINKSPEED) ? deserialize_gw_speed(ptr.hna->mask[GW_HNA_UPLINK]) : 0, (ptr.hna->mask[GW_HNA_FLAGS] & GW_HNA_FLAG_LINKSPEED) ? deserialize_gw_speed(ptr.hna->mask[GW_HNA_DOWNLINK]) : 0 )); } else { ND_PRINT((ndo, ""%s%s/%u"", col == 0 ? ""\n\t "" : "", "", ipaddr_string(ndo, ptr.hna->network), mask2plen(EXTRACT_32BITS(ptr.hna->mask)))); } msg_data += sizeof(struct olsr_hna4); msg_tlen -= sizeof(struct olsr_hna4); col = (col + 1) % 4; } } break; case OLSR_NAMESERVICE_MSG: { u_int name_entries = EXTRACT_16BITS(msg_data+2); u_int addr_size = 4; int name_entries_valid = 0; u_int i; if (is_ipv6) addr_size = 16; if ((name_entries > 0) && ((name_entries * (4 + addr_size)) <= msg_tlen)) name_entries_valid = 1; if (msg_tlen < 4) goto trunc; ND_TCHECK2(*msg_data, 4); ND_PRINT((ndo, ""\n\t Version %u, Entries %u%s"", EXTRACT_16BITS(msg_data), name_entries, (name_entries_valid == 0) ? "" (invalid)"" : """")); if (name_entries_valid == 0) break; msg_data += 4; msg_tlen -= 4; for (i = 0; i < name_entries; i++) { int name_entry_len_valid = 0; if (msg_tlen < 4) break; ND_TCHECK2(*msg_data, 4); name_entry_type = EXTRACT_16BITS(msg_data); name_entry_len = EXTRACT_16BITS(msg_data+2); msg_data += 4; msg_tlen -= 4; if ((name_entry_len > 0) && ((addr_size + name_entry_len) <= msg_tlen)) name_entry_len_valid = 1; ND_PRINT((ndo, ""\n\t #%u: type %#06x, length %u%s"", (unsigned int) i, name_entry_type, name_entry_len, (name_entry_len_valid == 0) ? "" (invalid)"" : """")); if (name_entry_len_valid == 0) break; name_entry_padding = 0; if (name_entry_len%4 != 0) name_entry_padding = 4-(name_entry_len%4); if (msg_tlen < addr_size + name_entry_len + name_entry_padding) goto trunc; ND_TCHECK2(*msg_data, addr_size + name_entry_len + name_entry_padding); if (is_ipv6) ND_PRINT((ndo, "", address %s, name \"""", ip6addr_string(ndo, msg_data))); else ND_PRINT((ndo, "", address %s, name \"""", ipaddr_string(ndo, msg_data))); (void)fn_printn(ndo, msg_data + addr_size, name_entry_len, NULL); ND_PRINT((ndo, ""\"""")); msg_data += addr_size + name_entry_len + name_entry_padding; msg_tlen -= addr_size + name_entry_len + name_entry_padding; } break; } case OLSR_POWERINFO_MSG: default: print_unknown_data(ndo, msg_data, ""\n\t "", msg_tlen); break; } tptr += msg_len; } return; trunc: ND_PRINT((ndo, ""[|olsr]"")); }",visit repo url,print-olsr.c,https://github.com/the-tcpdump-group/tcpdump,198568161303848,1 4056,CWE-125,"static int get_debug_info(struct PE_(r_bin_pe_obj_t)* bin, PE_(image_debug_directory_entry)* dbg_dir_entry, ut8* dbg_data, int dbg_data_len, SDebugInfo* res) { #define SIZEOF_FILE_NAME 255 int i = 0; const char* basename; if (!dbg_data) { return 0; } switch (dbg_dir_entry->Type) { case IMAGE_DEBUG_TYPE_CODEVIEW: if (!strncmp ((char*) dbg_data, ""RSDS"", 4)) { SCV_RSDS_HEADER rsds_hdr; init_rsdr_hdr (&rsds_hdr); if (!get_rsds (dbg_data, dbg_data_len, &rsds_hdr)) { bprintf (""Warning: Cannot read PE debug info\n""); return 0; } snprintf (res->guidstr, GUIDSTR_LEN, ""%08x%04x%04x%02x%02x%02x%02x%02x%02x%02x%02x%x"", rsds_hdr.guid.data1, rsds_hdr.guid.data2, rsds_hdr.guid.data3, rsds_hdr.guid.data4[0], rsds_hdr.guid.data4[1], rsds_hdr.guid.data4[2], rsds_hdr.guid.data4[3], rsds_hdr.guid.data4[4], rsds_hdr.guid.data4[5], rsds_hdr.guid.data4[6], rsds_hdr.guid.data4[7], rsds_hdr.age); basename = r_file_basename ((char*) rsds_hdr.file_name); strncpy (res->file_name, (const char*) basename, sizeof (res->file_name)); res->file_name[sizeof (res->file_name) - 1] = 0; rsds_hdr.free ((struct SCV_RSDS_HEADER*) &rsds_hdr); } else if (strncmp ((const char*) dbg_data, ""NB10"", 4) == 0) { SCV_NB10_HEADER nb10_hdr; init_cv_nb10_header (&nb10_hdr); get_nb10 (dbg_data, &nb10_hdr); snprintf (res->guidstr, sizeof (res->guidstr), ""%x%x"", nb10_hdr.timestamp, nb10_hdr.age); strncpy (res->file_name, (const char*) nb10_hdr.file_name, sizeof(res->file_name) - 1); res->file_name[sizeof (res->file_name) - 1] = 0; nb10_hdr.free ((struct SCV_NB10_HEADER*) &nb10_hdr); } else { bprintf (""CodeView section not NB10 or RSDS\n""); return 0; } break; default: return 0; } while (i < 33) { res->guidstr[i] = toupper ((int) res->guidstr[i]); i++; } return 1; }",visit repo url,libr/bin/format/pe/pe.c,https://github.com/radare/radare2,141801951683330,1 6255,['CWE-200'],"static inline struct iw_spy_data * get_spydata(struct net_device *dev) { if(dev->wireless_data) return(dev->wireless_data->spy_data); return (dev->priv + dev->wireless_handlers->spy_offset); }",linux-2.6,,,219158208139795269978576358957245379077,0 4011,CWE-617,"connection_exit_begin_conn(cell_t *cell, circuit_t *circ) { edge_connection_t *n_stream; relay_header_t rh; char *address = NULL; uint16_t port = 0; or_circuit_t *or_circ = NULL; const or_options_t *options = get_options(); begin_cell_t bcell; int rv; uint8_t end_reason=0; assert_circuit_ok(circ); if (!CIRCUIT_IS_ORIGIN(circ)) or_circ = TO_OR_CIRCUIT(circ); relay_header_unpack(&rh, cell->payload); if (rh.length > RELAY_PAYLOAD_SIZE) return -END_CIRC_REASON_TORPROTOCOL; if (!server_mode(options) && circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""Relay begin cell at non-server. Closing.""); relay_send_end_cell_from_edge(rh.stream_id, circ, END_STREAM_REASON_EXITPOLICY, NULL); return 0; } rv = begin_cell_parse(cell, &bcell, &end_reason); if (rv < -1) { return -END_CIRC_REASON_TORPROTOCOL; } else if (rv == -1) { tor_free(bcell.address); relay_send_end_cell_from_edge(rh.stream_id, circ, end_reason, NULL); return 0; } if (! bcell.is_begindir) { address = bcell.address; port = bcell.port; if (or_circ && or_circ->p_chan) { if (!options->AllowSingleHopExits && (or_circ->is_first_hop || (!connection_or_digest_is_known_relay( or_circ->p_chan->identity_digest) && should_refuse_unknown_exits(options)))) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""Attempt by %s to open a stream %s. Closing."", safe_str(channel_get_canonical_remote_descr(or_circ->p_chan)), or_circ->is_first_hop ? ""on first hop of circuit"" : ""from unknown relay""); relay_send_end_cell_from_edge(rh.stream_id, circ, or_circ->is_first_hop ? END_STREAM_REASON_TORPROTOCOL : END_STREAM_REASON_MISC, NULL); tor_free(address); return 0; } } } else if (rh.command == RELAY_COMMAND_BEGIN_DIR) { if (!directory_permits_begindir_requests(options) || circ->purpose != CIRCUIT_PURPOSE_OR) { relay_send_end_cell_from_edge(rh.stream_id, circ, END_STREAM_REASON_NOTDIRECTORY, NULL); return 0; } if (or_circ && or_circ->p_chan) address = tor_strdup(channel_get_actual_remote_address(or_circ->p_chan)); else address = tor_strdup(""127.0.0.1""); port = 1; } else { log_warn(LD_BUG, ""Got an unexpected command %d"", (int)rh.command); relay_send_end_cell_from_edge(rh.stream_id, circ, END_STREAM_REASON_INTERNAL, NULL); return 0; } if (! options->IPv6Exit) { bcell.flags &= ~BEGIN_FLAG_IPV6_PREFERRED; if (bcell.flags & BEGIN_FLAG_IPV4_NOT_OK) { tor_free(address); relay_send_end_cell_from_edge(rh.stream_id, circ, END_STREAM_REASON_EXITPOLICY, NULL); return 0; } } log_debug(LD_EXIT,""Creating new exit connection.""); n_stream = edge_connection_new(CONN_TYPE_EXIT, AF_INET); n_stream->dirreq_id = circ->dirreq_id; n_stream->base_.purpose = EXIT_PURPOSE_CONNECT; n_stream->begincell_flags = bcell.flags; n_stream->stream_id = rh.stream_id; n_stream->base_.port = port; n_stream->package_window = STREAMWINDOW_START; n_stream->deliver_window = STREAMWINDOW_START; if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) { origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ); log_info(LD_REND,""begin is for rendezvous. configuring stream.""); n_stream->base_.address = tor_strdup(""(rendezvous)""); n_stream->base_.state = EXIT_CONN_STATE_CONNECTING; n_stream->rend_data = rend_data_dup(origin_circ->rend_data); tor_assert(connection_edge_is_rendezvous_stream(n_stream)); assert_circuit_ok(circ); const int r = rend_service_set_connection_addr_port(n_stream, origin_circ); if (r < 0) { log_info(LD_REND,""Didn't find rendezvous service (port %d)"", n_stream->base_.port); relay_send_end_cell_from_edge(rh.stream_id, circ, END_STREAM_REASON_DONE, origin_circ->cpath->prev); connection_free(TO_CONN(n_stream)); tor_free(address); if (r < -1) return END_CIRC_AT_ORIGIN; else return 0; } assert_circuit_ok(circ); log_debug(LD_REND,""Finished assigning addr/port""); n_stream->cpath_layer = origin_circ->cpath->prev; n_stream->next_stream = origin_circ->p_streams; n_stream->on_circuit = circ; origin_circ->p_streams = n_stream; assert_circuit_ok(circ); origin_circ->rend_data->nr_streams++; connection_exit_connect(n_stream); pathbias_mark_use_success(origin_circ); tor_free(address); return 0; } tor_strlower(address); n_stream->base_.address = address; n_stream->base_.state = EXIT_CONN_STATE_RESOLVEFAILED; if (we_are_hibernating()) { relay_send_end_cell_from_edge(rh.stream_id, circ, END_STREAM_REASON_HIBERNATING, NULL); connection_free(TO_CONN(n_stream)); return 0; } n_stream->on_circuit = circ; if (rh.command == RELAY_COMMAND_BEGIN_DIR) { tor_addr_t tmp_addr; tor_assert(or_circ); if (or_circ->p_chan && channel_get_addr_if_possible(or_circ->p_chan, &tmp_addr)) { tor_addr_copy(&n_stream->base_.addr, &tmp_addr); } return connection_exit_connect_dir(n_stream); } log_debug(LD_EXIT,""about to start the dns_resolve().""); switch (dns_resolve(n_stream)) { case 1: assert_circuit_ok(circ); log_debug(LD_EXIT,""about to call connection_exit_connect().""); connection_exit_connect(n_stream); return 0; case -1: relay_send_end_cell_from_edge(rh.stream_id, circ, END_STREAM_REASON_RESOLVEFAILED, NULL); break; case 0: assert_circuit_ok(circ); break; } return 0; }",visit repo url,src/or/connection_edge.c,https://github.com/torproject/tor,247808379824154,1 5899,['CWE-909'],"static bool tc_qdisc_dump_ignore(struct Qdisc *q) { return (q->flags & TCQ_F_BUILTIN) ? true : false; }",linux-2.6,,,112829297122376768897404025249532133720,0 5122,['CWE-20'],"static int vmx_vcpu_setup(struct vcpu_vmx *vmx) { u32 host_sysenter_cs, msr_low, msr_high; u32 junk; u64 host_pat, tsc_this, tsc_base; unsigned long a; struct descriptor_table dt; int i; unsigned long kvm_vmx_return; u32 exec_control; vmcs_write64(IO_BITMAP_A, page_to_phys(vmx_io_bitmap_a)); vmcs_write64(IO_BITMAP_B, page_to_phys(vmx_io_bitmap_b)); if (cpu_has_vmx_msr_bitmap()) vmcs_write64(MSR_BITMAP, page_to_phys(vmx_msr_bitmap)); vmcs_write64(VMCS_LINK_POINTER, -1ull); vmcs_write32(PIN_BASED_VM_EXEC_CONTROL, vmcs_config.pin_based_exec_ctrl); exec_control = vmcs_config.cpu_based_exec_ctrl; if (!vm_need_tpr_shadow(vmx->vcpu.kvm)) { exec_control &= ~CPU_BASED_TPR_SHADOW; #ifdef CONFIG_X86_64 exec_control |= CPU_BASED_CR8_STORE_EXITING | CPU_BASED_CR8_LOAD_EXITING; #endif } if (!vm_need_ept()) exec_control |= CPU_BASED_CR3_STORE_EXITING | CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_INVLPG_EXITING; vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, exec_control); if (cpu_has_secondary_exec_ctrls()) { exec_control = vmcs_config.cpu_based_2nd_exec_ctrl; if (!vm_need_virtualize_apic_accesses(vmx->vcpu.kvm)) exec_control &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; if (vmx->vpid == 0) exec_control &= ~SECONDARY_EXEC_ENABLE_VPID; if (!vm_need_ept()) exec_control &= ~SECONDARY_EXEC_ENABLE_EPT; vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control); } vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, !!bypass_guest_pf); vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, !!bypass_guest_pf); vmcs_write32(CR3_TARGET_COUNT, 0); vmcs_writel(HOST_CR0, read_cr0()); vmcs_writel(HOST_CR4, read_cr4()); vmcs_writel(HOST_CR3, read_cr3()); vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); vmcs_write16(HOST_ES_SELECTOR, __KERNEL_DS); vmcs_write16(HOST_FS_SELECTOR, kvm_read_fs()); vmcs_write16(HOST_GS_SELECTOR, kvm_read_gs()); vmcs_write16(HOST_SS_SELECTOR, __KERNEL_DS); #ifdef CONFIG_X86_64 rdmsrl(MSR_FS_BASE, a); vmcs_writel(HOST_FS_BASE, a); rdmsrl(MSR_GS_BASE, a); vmcs_writel(HOST_GS_BASE, a); #else vmcs_writel(HOST_FS_BASE, 0); vmcs_writel(HOST_GS_BASE, 0); #endif vmcs_write16(HOST_TR_SELECTOR, GDT_ENTRY_TSS*8); kvm_get_idt(&dt); vmcs_writel(HOST_IDTR_BASE, dt.base); asm(""mov $.Lkvm_vmx_return, %0"" : ""=r""(kvm_vmx_return)); vmcs_writel(HOST_RIP, kvm_vmx_return); vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0); vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0); vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0); rdmsr(MSR_IA32_SYSENTER_CS, host_sysenter_cs, junk); vmcs_write32(HOST_IA32_SYSENTER_CS, host_sysenter_cs); rdmsrl(MSR_IA32_SYSENTER_ESP, a); vmcs_writel(HOST_IA32_SYSENTER_ESP, a); rdmsrl(MSR_IA32_SYSENTER_EIP, a); vmcs_writel(HOST_IA32_SYSENTER_EIP, a); if (vmcs_config.vmexit_ctrl & VM_EXIT_LOAD_IA32_PAT) { rdmsr(MSR_IA32_CR_PAT, msr_low, msr_high); host_pat = msr_low | ((u64) msr_high << 32); vmcs_write64(HOST_IA32_PAT, host_pat); } if (vmcs_config.vmentry_ctrl & VM_ENTRY_LOAD_IA32_PAT) { rdmsr(MSR_IA32_CR_PAT, msr_low, msr_high); host_pat = msr_low | ((u64) msr_high << 32); vmcs_write64(GUEST_IA32_PAT, host_pat); vmx->vcpu.arch.pat = host_pat; } for (i = 0; i < NR_VMX_MSR; ++i) { u32 index = vmx_msr_index[i]; u32 data_low, data_high; u64 data; int j = vmx->nmsrs; if (rdmsr_safe(index, &data_low, &data_high) < 0) continue; if (wrmsr_safe(index, data_low, data_high) < 0) continue; data = data_low | ((u64)data_high << 32); vmx->host_msrs[j].index = index; vmx->host_msrs[j].reserved = 0; vmx->host_msrs[j].data = data; vmx->guest_msrs[j] = vmx->host_msrs[j]; ++vmx->nmsrs; } vmcs_write32(VM_EXIT_CONTROLS, vmcs_config.vmexit_ctrl); vmcs_write32(VM_ENTRY_CONTROLS, vmcs_config.vmentry_ctrl); vmcs_writel(CR0_GUEST_HOST_MASK, ~0UL); vmcs_writel(CR4_GUEST_HOST_MASK, KVM_GUEST_CR4_MASK); tsc_base = vmx->vcpu.kvm->arch.vm_init_tsc; rdtscll(tsc_this); if (tsc_this < vmx->vcpu.kvm->arch.vm_init_tsc) tsc_base = tsc_this; guest_write_tsc(0, tsc_base); return 0; }",linux-2.6,,,25263907268144427656555120604409443074,0 4402,CWE-787,"unicode_unfold_key(OnigCodePoint code) { static const struct ByUnfoldKey wordlist[] = { {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0x1040a, 3267, 1}, {0x1e0a, 1727, 1}, {0x040a, 1016, 1}, {0x010a, 186, 1}, {0x1f0a, 2088, 1}, {0x2c0a, 2451, 1}, {0x0189, 619, 1}, {0x1f89, 134, 2}, {0x1f85, 154, 2}, {0x0389, 733, 1}, {0x03ff, 724, 1}, {0xab89, 1523, 1}, {0xab85, 1511, 1}, {0x10c89, 3384, 1}, {0x10c85, 3372, 1}, {0x1e84, 1911, 1}, {0x03f5, 752, 1}, {0x0184, 360, 1}, {0x1f84, 149, 2}, {0x2c84, 2592, 1}, {0x017d, 351, 1}, {0x1ff3, 96, 2}, {0xab84, 1508, 1}, {0xa784, 3105, 1}, {0x10c84, 3369, 1}, {0xab7d, 1487, 1}, {0xa77d, 1706, 1}, {0x1e98, 38, 2}, {0x0498, 1106, 1}, {0x0198, 375, 1}, {0x1f98, 169, 2}, {0x2c98, 2622, 1}, {0x0398, 762, 1}, {0xa684, 2940, 1}, {0xab98, 1568, 1}, {0xa798, 3123, 1}, {0x10c98, 3429, 1}, {0x050a, 1277, 1}, {0x1ffb, 2265, 1}, {0x1e96, 16, 2}, {0x0496, 1103, 1}, {0x0196, 652, 1}, {0x1f96, 199, 2}, {0x2c96, 2619, 1}, {0x0396, 756, 1}, {0xa698, 2970, 1}, {0xab96, 1562, 1}, {0xa796, 3120, 1}, {0x10c96, 3423, 1}, {0x1feb, 2259, 1}, {0x2ceb, 2736, 1}, {0x1e90, 1929, 1}, {0x0490, 1094, 1}, {0x0190, 628, 1}, {0x1f90, 169, 2}, {0x2c90, 2610, 1}, {0x0390, 25, 3}, {0xa696, 2967, 1}, {0xab90, 1544, 1}, {0xa790, 3114, 1}, {0x10c90, 3405, 1}, {0x01d7, 444, 1}, {0x1fd7, 31, 3}, {0x1ea6, 1947, 1}, {0x04a6, 1127, 1}, {0x01a6, 676, 1}, {0x1fa6, 239, 2}, {0x2ca6, 2643, 1}, {0x03a6, 810, 1}, {0xa690, 2958, 1}, {0xaba6, 1610, 1}, {0xa7a6, 3144, 1}, {0x10ca6, 3471, 1}, {0x1ea4, 1944, 1}, {0x04a4, 1124, 1}, {0x01a4, 390, 1}, {0x1fa4, 229, 2}, {0x2ca4, 2640, 1}, {0x03a4, 804, 1}, {0x10a6, 2763, 1}, {0xaba4, 1604, 1}, {0xa7a4, 3141, 1}, {0x10ca4, 3465, 1}, {0x1ea0, 1938, 1}, {0x04a0, 1118, 1}, {0x01a0, 384, 1}, {0x1fa0, 209, 2}, {0x2ca0, 2634, 1}, {0x03a0, 792, 1}, {0x10a4, 2757, 1}, {0xaba0, 1592, 1}, {0xa7a0, 3135, 1}, {0x10ca0, 3453, 1}, {0x1eb2, 1965, 1}, {0x04b2, 1145, 1}, {0x01b2, 694, 1}, {0x1fb2, 249, 2}, {0x2cb2, 2661, 1}, {0x03fd, 718, 1}, {0x10a0, 2745, 1}, {0xabb2, 1646, 1}, {0xa7b2, 703, 1}, {0x10cb2, 3507, 1}, {0x1eac, 1956, 1}, {0x04ac, 1136, 1}, {0x01ac, 396, 1}, {0x1fac, 229, 2}, {0x2cac, 2652, 1}, {0x0537, 1352, 1}, {0x10b2, 2799, 1}, {0xabac, 1628, 1}, {0xa7ac, 637, 1}, {0x10cac, 3489, 1}, {0x1eaa, 1953, 1}, {0x04aa, 1133, 1}, {0x00dd, 162, 1}, {0x1faa, 219, 2}, {0x2caa, 2649, 1}, {0x03aa, 824, 1}, {0x10ac, 2781, 1}, {0xabaa, 1622, 1}, {0xa7aa, 646, 1}, {0x10caa, 3483, 1}, {0x1ea8, 1950, 1}, {0x04a8, 1130, 1}, {0x020a, 517, 1}, {0x1fa8, 209, 2}, {0x2ca8, 2646, 1}, {0x03a8, 817, 1}, {0x10aa, 2775, 1}, {0xaba8, 1616, 1}, {0xa7a8, 3147, 1}, {0x10ca8, 3477, 1}, {0x1ea2, 1941, 1}, {0x04a2, 1121, 1}, {0x01a2, 387, 1}, {0x1fa2, 219, 2}, {0x2ca2, 2637, 1}, {0x118a6, 3528, 1}, {0x10a8, 2769, 1}, {0xaba2, 1598, 1}, {0xa7a2, 3138, 1}, {0x10ca2, 3459, 1}, {0x2ced, 2739, 1}, {0x1fe9, 2283, 1}, {0x1fe7, 47, 3}, {0x1eb0, 1962, 1}, {0x04b0, 1142, 1}, {0x118a4, 3522, 1}, {0x10a2, 2751, 1}, {0x2cb0, 2658, 1}, {0x03b0, 41, 3}, {0x1fe3, 41, 3}, {0xabb0, 1640, 1}, {0xa7b0, 706, 1}, {0x10cb0, 3501, 1}, {0x01d9, 447, 1}, {0x1fd9, 2277, 1}, {0x118a0, 3510, 1}, {0x00df, 24, 2}, {0x00d9, 150, 1}, {0xab77, 1469, 1}, {0x10b0, 2793, 1}, {0x1eae, 1959, 1}, {0x04ae, 1139, 1}, {0x01ae, 685, 1}, {0x1fae, 239, 2}, {0x2cae, 2655, 1}, {0x118b2, 3564, 1}, {0xab73, 1457, 1}, {0xabae, 1634, 1}, {0xab71, 1451, 1}, {0x10cae, 3495, 1}, {0x1e2a, 1775, 1}, {0x042a, 968, 1}, {0x012a, 234, 1}, {0x1f2a, 2130, 1}, {0x2c2a, 2547, 1}, {0x118ac, 3546, 1}, {0x10ae, 2787, 1}, {0x0535, 1346, 1}, {0xa72a, 2988, 1}, {0x1e9a, 0, 2}, {0x049a, 1109, 1}, {0xff37, 3225, 1}, {0x1f9a, 179, 2}, {0x2c9a, 2625, 1}, {0x039a, 772, 1}, {0x118aa, 3540, 1}, {0xab9a, 1574, 1}, {0xa79a, 3126, 1}, {0x10c9a, 3435, 1}, {0x1e94, 1935, 1}, {0x0494, 1100, 1}, {0x0194, 640, 1}, {0x1f94, 189, 2}, {0x2c94, 2616, 1}, {0x0394, 749, 1}, {0x118a8, 3534, 1}, {0xab94, 1556, 1}, {0xa69a, 2973, 1}, {0x10c94, 3417, 1}, {0x10402, 3243, 1}, {0x1e02, 1715, 1}, {0x0402, 992, 1}, {0x0102, 174, 1}, {0x0533, 1340, 1}, {0x2c02, 2427, 1}, {0x118a2, 3516, 1}, {0x052a, 1325, 1}, {0xa694, 2964, 1}, {0x1e92, 1932, 1}, {0x0492, 1097, 1}, {0x2165, 2307, 1}, {0x1f92, 179, 2}, {0x2c92, 2613, 1}, {0x0392, 742, 1}, {0x2161, 2295, 1}, {0xab92, 1550, 1}, {0xa792, 3117, 1}, {0x10c92, 3411, 1}, {0x118b0, 3558, 1}, {0x1f5f, 2199, 1}, {0x1e8e, 1926, 1}, {0x048e, 1091, 1}, {0x018e, 453, 1}, {0x1f8e, 159, 2}, {0x2c8e, 2607, 1}, {0x038e, 833, 1}, {0xa692, 2961, 1}, {0xab8e, 1538, 1}, {0x0055, 59, 1}, {0x10c8e, 3399, 1}, {0x1f5d, 2196, 1}, {0x212a, 27, 1}, {0x04cb, 1181, 1}, {0x01cb, 425, 1}, {0x1fcb, 2241, 1}, {0x118ae, 3552, 1}, {0x0502, 1265, 1}, {0x00cb, 111, 1}, {0xa68e, 2955, 1}, {0x1e8a, 1920, 1}, {0x048a, 1085, 1}, {0x018a, 622, 1}, {0x1f8a, 139, 2}, {0x2c8a, 2601, 1}, {0x038a, 736, 1}, {0x2c67, 2571, 1}, {0xab8a, 1526, 1}, {0x1e86, 1914, 1}, {0x10c8a, 3387, 1}, {0x0186, 616, 1}, {0x1f86, 159, 2}, {0x2c86, 2595, 1}, {0x0386, 727, 1}, {0xff35, 3219, 1}, {0xab86, 1514, 1}, {0xa786, 3108, 1}, {0x10c86, 3375, 1}, {0xa68a, 2949, 1}, {0x0555, 1442, 1}, {0x1ebc, 1980, 1}, {0x04bc, 1160, 1}, {0x01bc, 411, 1}, {0x1fbc, 62, 2}, {0x2cbc, 2676, 1}, {0x1f5b, 2193, 1}, {0xa686, 2943, 1}, {0xabbc, 1676, 1}, {0x1eb8, 1974, 1}, {0x04b8, 1154, 1}, {0x01b8, 408, 1}, {0x1fb8, 2268, 1}, {0x2cb8, 2670, 1}, {0x01db, 450, 1}, {0x1fdb, 2247, 1}, {0xabb8, 1664, 1}, {0x10bc, 2829, 1}, {0x00db, 156, 1}, {0x1eb6, 1971, 1}, {0x04b6, 1151, 1}, {0xff33, 3213, 1}, {0x1fb6, 58, 2}, {0x2cb6, 2667, 1}, {0xff2a, 3186, 1}, {0x10b8, 2817, 1}, {0xabb6, 1658, 1}, {0xa7b6, 3153, 1}, {0x10426, 3351, 1}, {0x1e26, 1769, 1}, {0x0426, 956, 1}, {0x0126, 228, 1}, {0x0053, 52, 1}, {0x2c26, 2535, 1}, {0x0057, 65, 1}, {0x10b6, 2811, 1}, {0x022a, 562, 1}, {0xa726, 2982, 1}, {0x1e2e, 1781, 1}, {0x042e, 980, 1}, {0x012e, 240, 1}, {0x1f2e, 2142, 1}, {0x2c2e, 2559, 1}, {0xffffffff, -1, 0}, {0x2167, 2313, 1}, {0xffffffff, -1, 0}, {0xa72e, 2994, 1}, {0x1e2c, 1778, 1}, {0x042c, 974, 1}, {0x012c, 237, 1}, {0x1f2c, 2136, 1}, {0x2c2c, 2553, 1}, {0x1f6f, 2223, 1}, {0x2c6f, 604, 1}, {0xabbf, 1685, 1}, {0xa72c, 2991, 1}, {0x1e28, 1772, 1}, {0x0428, 962, 1}, {0x0128, 231, 1}, {0x1f28, 2124, 1}, {0x2c28, 2541, 1}, {0xffffffff, -1, 0}, {0x0553, 1436, 1}, {0x10bf, 2838, 1}, {0xa728, 2985, 1}, {0x0526, 1319, 1}, {0x0202, 505, 1}, {0x1e40, 1808, 1}, {0x10424, 3345, 1}, {0x1e24, 1766, 1}, {0x0424, 950, 1}, {0x0124, 225, 1}, {0xffffffff, -1, 0}, {0x2c24, 2529, 1}, {0x052e, 1331, 1}, {0xa740, 3018, 1}, {0x118bc, 3594, 1}, {0xa724, 2979, 1}, {0x1ef2, 2061, 1}, {0x04f2, 1241, 1}, {0x01f2, 483, 1}, {0x1ff2, 257, 2}, {0x2cf2, 2742, 1}, {0x052c, 1328, 1}, {0x118b8, 3582, 1}, {0xa640, 2865, 1}, {0x10422, 3339, 1}, {0x1e22, 1763, 1}, {0x0422, 944, 1}, {0x0122, 222, 1}, {0x2126, 820, 1}, {0x2c22, 2523, 1}, {0x0528, 1322, 1}, {0x01f1, 483, 1}, {0x118b6, 3576, 1}, {0xa722, 2976, 1}, {0x03f1, 796, 1}, {0x1ebe, 1983, 1}, {0x04be, 1163, 1}, {0xfb02, 12, 2}, {0x1fbe, 767, 1}, {0x2cbe, 2679, 1}, {0x01b5, 405, 1}, {0x0540, 1379, 1}, {0xabbe, 1682, 1}, {0x0524, 1316, 1}, {0x00b5, 779, 1}, {0xabb5, 1655, 1}, {0x1eba, 1977, 1}, {0x04ba, 1157, 1}, {0x216f, 2337, 1}, {0x1fba, 2226, 1}, {0x2cba, 2673, 1}, {0x10be, 2835, 1}, {0x0051, 46, 1}, {0xabba, 1670, 1}, {0x10b5, 2808, 1}, {0x1e6e, 1878, 1}, {0x046e, 1055, 1}, {0x016e, 330, 1}, {0x1f6e, 2220, 1}, {0x2c6e, 664, 1}, {0x118bf, 3603, 1}, {0x0522, 1313, 1}, {0x10ba, 2823, 1}, {0xa76e, 3087, 1}, {0x1eb4, 1968, 1}, {0x04b4, 1148, 1}, {0x2c75, 2583, 1}, {0x1fb4, 50, 2}, {0x2cb4, 2664, 1}, {0xab75, 1463, 1}, {0x1ec2, 1989, 1}, {0xabb4, 1652, 1}, {0xa7b4, 3150, 1}, {0x1fc2, 253, 2}, {0x2cc2, 2685, 1}, {0x03c2, 800, 1}, {0x00c2, 83, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xff26, 3174, 1}, {0x10b4, 2805, 1}, {0x1eca, 2001, 1}, {0x0551, 1430, 1}, {0x01ca, 425, 1}, {0x1fca, 2238, 1}, {0x2cca, 2697, 1}, {0x10c2, 2847, 1}, {0x00ca, 108, 1}, {0xff2e, 3198, 1}, {0x1e8c, 1923, 1}, {0x048c, 1088, 1}, {0x0226, 556, 1}, {0x1f8c, 149, 2}, {0x2c8c, 2604, 1}, {0x038c, 830, 1}, {0xffffffff, -1, 0}, {0xab8c, 1532, 1}, {0xff2c, 3192, 1}, {0x10c8c, 3393, 1}, {0x1ec4, 1992, 1}, {0x022e, 568, 1}, {0x01c4, 417, 1}, {0x1fc4, 54, 2}, {0x2cc4, 2688, 1}, {0xffffffff, -1, 0}, {0x00c4, 89, 1}, {0xff28, 3180, 1}, {0xa68c, 2952, 1}, {0x01cf, 432, 1}, {0x022c, 565, 1}, {0x118be, 3600, 1}, {0x03cf, 839, 1}, {0x00cf, 123, 1}, {0x118b5, 3573, 1}, {0xffffffff, -1, 0}, {0x10c4, 2853, 1}, {0x216e, 2334, 1}, {0x24cb, 2406, 1}, {0x0228, 559, 1}, {0xff24, 3168, 1}, {0xffffffff, -1, 0}, {0x118ba, 3588, 1}, {0x1efe, 2079, 1}, {0x04fe, 1259, 1}, {0x01fe, 499, 1}, {0x1e9e, 24, 2}, {0x049e, 1115, 1}, {0x03fe, 721, 1}, {0x1f9e, 199, 2}, {0x2c9e, 2631, 1}, {0x039e, 786, 1}, {0x0224, 553, 1}, {0xab9e, 1586, 1}, {0xa79e, 3132, 1}, {0x10c9e, 3447, 1}, {0x01f7, 414, 1}, {0x1ff7, 67, 3}, {0xff22, 3162, 1}, {0x03f7, 884, 1}, {0x118b4, 3570, 1}, {0x049c, 1112, 1}, {0x019c, 661, 1}, {0x1f9c, 189, 2}, {0x2c9c, 2628, 1}, {0x039c, 779, 1}, {0x24bc, 2361, 1}, {0xab9c, 1580, 1}, {0xa79c, 3129, 1}, {0x10c9c, 3441, 1}, {0x0222, 550, 1}, {0x1e7c, 1899, 1}, {0x047c, 1076, 1}, {0x1e82, 1908, 1}, {0x24b8, 2349, 1}, {0x0182, 357, 1}, {0x1f82, 139, 2}, {0x2c82, 2589, 1}, {0xab7c, 1484, 1}, {0xffffffff, -1, 0}, {0xab82, 1502, 1}, {0xa782, 3102, 1}, {0x10c82, 3363, 1}, {0x2c63, 1709, 1}, {0x24b6, 2343, 1}, {0x1e80, 1905, 1}, {0x0480, 1082, 1}, {0x1f59, 2190, 1}, {0x1f80, 129, 2}, {0x2c80, 2586, 1}, {0x0059, 71, 1}, {0xa682, 2937, 1}, {0xab80, 1496, 1}, {0xa780, 3099, 1}, {0x10c80, 3357, 1}, {0xffffffff, -1, 0}, {0x1e4c, 1826, 1}, {0x0145, 270, 1}, {0x014c, 279, 1}, {0x1f4c, 2184, 1}, {0x0345, 767, 1}, {0x0045, 12, 1}, {0x004c, 31, 1}, {0xa680, 2934, 1}, {0xa74c, 3036, 1}, {0x1e4a, 1823, 1}, {0x01d5, 441, 1}, {0x014a, 276, 1}, {0x1f4a, 2178, 1}, {0x03d5, 810, 1}, {0x00d5, 141, 1}, {0x004a, 24, 1}, {0x24bf, 2370, 1}, {0xa74a, 3033, 1}, {0xa64c, 2883, 1}, {0x1041c, 3321, 1}, {0x1e1c, 1754, 1}, {0x041c, 926, 1}, {0x011c, 213, 1}, {0x1f1c, 2118, 1}, {0x2c1c, 2505, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xa64a, 2880, 1}, {0x1041a, 3315, 1}, {0x1e1a, 1751, 1}, {0x041a, 920, 1}, {0x011a, 210, 1}, {0x1f1a, 2112, 1}, {0x2c1a, 2499, 1}, {0xabbd, 1679, 1}, {0x0545, 1394, 1}, {0x054c, 1415, 1}, {0x10418, 3309, 1}, {0x1e18, 1748, 1}, {0x0418, 914, 1}, {0x0118, 207, 1}, {0x1f18, 2106, 1}, {0x2c18, 2493, 1}, {0x10bd, 2832, 1}, {0x2163, 2301, 1}, {0x054a, 1409, 1}, {0x1040e, 3279, 1}, {0x1e0e, 1733, 1}, {0x040e, 1028, 1}, {0x010e, 192, 1}, {0x1f0e, 2100, 1}, {0x2c0e, 2463, 1}, {0x1efc, 2076, 1}, {0x04fc, 1256, 1}, {0x01fc, 496, 1}, {0x1ffc, 96, 2}, {0x051c, 1304, 1}, {0x1040c, 3273, 1}, {0x1e0c, 1730, 1}, {0x040c, 1022, 1}, {0x010c, 189, 1}, {0x1f0c, 2094, 1}, {0x2c0c, 2457, 1}, {0x1f6d, 2217, 1}, {0x2c6d, 607, 1}, {0x051a, 1301, 1}, {0x24be, 2367, 1}, {0x10408, 3261, 1}, {0x1e08, 1724, 1}, {0x0408, 1010, 1}, {0x0108, 183, 1}, {0x1f08, 2082, 1}, {0x2c08, 2445, 1}, {0x04c9, 1178, 1}, {0x0518, 1298, 1}, {0x1fc9, 2235, 1}, {0xffffffff, -1, 0}, {0x24ba, 2355, 1}, {0x00c9, 105, 1}, {0x10416, 3303, 1}, {0x1e16, 1745, 1}, {0x0416, 908, 1}, {0x0116, 204, 1}, {0x050e, 1283, 1}, {0x2c16, 2487, 1}, {0x10414, 3297, 1}, {0x1e14, 1742, 1}, {0x0414, 902, 1}, {0x0114, 201, 1}, {0x042b, 971, 1}, {0x2c14, 2481, 1}, {0x1f2b, 2133, 1}, {0x2c2b, 2550, 1}, {0xffffffff, -1, 0}, {0x050c, 1280, 1}, {0x10406, 3255, 1}, {0x1e06, 1721, 1}, {0x0406, 1004, 1}, {0x0106, 180, 1}, {0x13fb, 1697, 1}, {0x2c06, 2439, 1}, {0x24c2, 2379, 1}, {0x118bd, 3597, 1}, {0xffffffff, -1, 0}, {0x0508, 1274, 1}, {0x10404, 3249, 1}, {0x1e04, 1718, 1}, {0x0404, 998, 1}, {0x0104, 177, 1}, {0x1f95, 194, 2}, {0x2c04, 2433, 1}, {0x0395, 752, 1}, {0x24ca, 2403, 1}, {0xab95, 1559, 1}, {0x0531, 1334, 1}, {0x10c95, 3420, 1}, {0x0516, 1295, 1}, {0x1e6c, 1875, 1}, {0x046c, 1052, 1}, {0x016c, 327, 1}, {0x1f6c, 2214, 1}, {0x216d, 2331, 1}, {0x0514, 1292, 1}, {0x0245, 697, 1}, {0x024c, 598, 1}, {0xa76c, 3084, 1}, {0x10400, 3237, 1}, {0x1e00, 1712, 1}, {0x0400, 986, 1}, {0x0100, 171, 1}, {0x24c4, 2385, 1}, {0x2c00, 2421, 1}, {0x0506, 1271, 1}, {0x024a, 595, 1}, {0x1fab, 224, 2}, {0xa66c, 2931, 1}, {0x03ab, 827, 1}, {0x24cf, 2418, 1}, {0xabab, 1625, 1}, {0xa7ab, 631, 1}, {0x10cab, 3486, 1}, {0xffffffff, -1, 0}, {0x0504, 1268, 1}, {0xffffffff, -1, 0}, {0x021c, 544, 1}, {0x01a9, 679, 1}, {0x1fa9, 214, 2}, {0x10ab, 2778, 1}, {0x03a9, 820, 1}, {0x212b, 92, 1}, {0xaba9, 1619, 1}, {0x1e88, 1917, 1}, {0x10ca9, 3480, 1}, {0x021a, 541, 1}, {0x1f88, 129, 2}, {0x2c88, 2598, 1}, {0x0388, 730, 1}, {0x13fd, 1703, 1}, {0xab88, 1520, 1}, {0x10a9, 2772, 1}, {0x10c88, 3381, 1}, {0xffffffff, -1, 0}, {0x0218, 538, 1}, {0x0500, 1262, 1}, {0x1f4d, 2187, 1}, {0x01a7, 393, 1}, {0x1fa7, 244, 2}, {0x004d, 34, 1}, {0x03a7, 814, 1}, {0xa688, 2946, 1}, {0xaba7, 1613, 1}, {0x020e, 523, 1}, {0x10ca7, 3474, 1}, {0x1e6a, 1872, 1}, {0x046a, 1049, 1}, {0x016a, 324, 1}, {0x1f6a, 2208, 1}, {0xffffffff, -1, 0}, {0x216c, 2328, 1}, {0x10a7, 2766, 1}, {0x01d1, 435, 1}, {0xa76a, 3081, 1}, {0x020c, 520, 1}, {0x03d1, 762, 1}, {0x00d1, 129, 1}, {0x1e68, 1869, 1}, {0x0468, 1046, 1}, {0x0168, 321, 1}, {0x1f68, 2202, 1}, {0xffffffff, -1, 0}, {0xff31, 3207, 1}, {0xa66a, 2928, 1}, {0x0208, 514, 1}, {0xa768, 3078, 1}, {0x1e64, 1863, 1}, {0x0464, 1040, 1}, {0x0164, 315, 1}, {0x054d, 1418, 1}, {0x2c64, 673, 1}, {0xffffffff, -1, 0}, {0xff2b, 3189, 1}, {0xffffffff, -1, 0}, {0xa764, 3072, 1}, {0xa668, 2925, 1}, {0x0216, 535, 1}, {0xffffffff, -1, 0}, {0x118ab, 3543, 1}, {0x1e62, 1860, 1}, {0x0462, 1037, 1}, {0x0162, 312, 1}, {0x0214, 532, 1}, {0x2c62, 655, 1}, {0xa664, 2919, 1}, {0x1ed2, 2013, 1}, {0x04d2, 1193, 1}, {0xa762, 3069, 1}, {0x1fd2, 20, 3}, {0x2cd2, 2709, 1}, {0x118a9, 3537, 1}, {0x00d2, 132, 1}, {0x0206, 511, 1}, {0x10420, 3333, 1}, {0x1e20, 1760, 1}, {0x0420, 938, 1}, {0x0120, 219, 1}, {0xa662, 2916, 1}, {0x2c20, 2517, 1}, {0x1e60, 1856, 1}, {0x0460, 1034, 1}, {0x0160, 309, 1}, {0x0204, 508, 1}, {0x2c60, 2562, 1}, {0xffffffff, -1, 0}, {0x24bd, 2364, 1}, {0x216a, 2322, 1}, {0xa760, 3066, 1}, {0xffffffff, -1, 0}, {0xfb16, 125, 2}, {0x118a7, 3531, 1}, {0x1efa, 2073, 1}, {0x04fa, 1253, 1}, {0x01fa, 493, 1}, {0x1ffa, 2262, 1}, {0xfb14, 109, 2}, {0x03fa, 887, 1}, {0xa660, 2913, 1}, {0x2168, 2316, 1}, {0x01b7, 700, 1}, {0x1fb7, 10, 3}, {0x1f6b, 2211, 1}, {0x2c6b, 2577, 1}, {0x0200, 502, 1}, {0xabb7, 1661, 1}, {0xfb06, 29, 2}, {0x1e56, 1841, 1}, {0x2164, 2304, 1}, {0x0156, 294, 1}, {0x1f56, 62, 3}, {0x0520, 1310, 1}, {0x004f, 40, 1}, {0x0056, 62, 1}, {0x10b7, 2814, 1}, {0xa756, 3051, 1}, {0xfb04, 5, 3}, {0x1e78, 1893, 1}, {0x0478, 1070, 1}, {0x0178, 168, 1}, {0x1e54, 1838, 1}, {0x2162, 2298, 1}, {0x0154, 291, 1}, {0x1f54, 57, 3}, {0xab78, 1472, 1}, {0xa656, 2898, 1}, {0x0054, 56, 1}, {0x1e52, 1835, 1}, {0xa754, 3048, 1}, {0x0152, 288, 1}, {0x1f52, 52, 3}, {0x24c9, 2400, 1}, {0x1e32, 1787, 1}, {0x0052, 49, 1}, {0x0132, 243, 1}, {0xa752, 3045, 1}, {0xffffffff, -1, 0}, {0xfb00, 4, 2}, {0xa654, 2895, 1}, {0xffffffff, -1, 0}, {0xa732, 2997, 1}, {0x2160, 2292, 1}, {0x054f, 1424, 1}, {0x0556, 1445, 1}, {0x1e50, 1832, 1}, {0xa652, 2892, 1}, {0x0150, 285, 1}, {0x1f50, 84, 2}, {0x017b, 348, 1}, {0x1e4e, 1829, 1}, {0x0050, 43, 1}, {0x014e, 282, 1}, {0xa750, 3042, 1}, {0xab7b, 1481, 1}, {0xa77b, 3093, 1}, {0x004e, 37, 1}, {0x0554, 1439, 1}, {0xa74e, 3039, 1}, {0x1e48, 1820, 1}, {0xffffffff, -1, 0}, {0x216b, 2325, 1}, {0x1f48, 2172, 1}, {0xa650, 2889, 1}, {0x0552, 1433, 1}, {0x0048, 21, 1}, {0xffffffff, -1, 0}, {0xa748, 3030, 1}, {0xa64e, 2886, 1}, {0x0532, 1337, 1}, {0x1041e, 3327, 1}, {0x1e1e, 1757, 1}, {0x041e, 932, 1}, {0x011e, 216, 1}, {0x118b7, 3579, 1}, {0x2c1e, 2511, 1}, {0xffffffff, -1, 0}, {0xa648, 2877, 1}, {0x1ff9, 2253, 1}, {0xffffffff, -1, 0}, {0x03f9, 878, 1}, {0x0550, 1427, 1}, {0x10412, 3291, 1}, {0x1e12, 1739, 1}, {0x0412, 896, 1}, {0x0112, 198, 1}, {0x054e, 1421, 1}, {0x2c12, 2475, 1}, {0x10410, 3285, 1}, {0x1e10, 1736, 1}, {0x0410, 890, 1}, {0x0110, 195, 1}, {0xffffffff, -1, 0}, {0x2c10, 2469, 1}, {0x2132, 2289, 1}, {0x0548, 1403, 1}, {0x1ef8, 2070, 1}, {0x04f8, 1250, 1}, {0x01f8, 490, 1}, {0x1ff8, 2250, 1}, {0x0220, 381, 1}, {0x1ee2, 2037, 1}, {0x04e2, 1217, 1}, {0x01e2, 462, 1}, {0x1fe2, 36, 3}, {0x2ce2, 2733, 1}, {0x03e2, 857, 1}, {0x051e, 1307, 1}, {0x1ede, 2031, 1}, {0x04de, 1211, 1}, {0x01de, 456, 1}, {0xffffffff, -1, 0}, {0x2cde, 2727, 1}, {0x03de, 851, 1}, {0x00de, 165, 1}, {0x1f69, 2205, 1}, {0x2c69, 2574, 1}, {0x1eda, 2025, 1}, {0x04da, 1205, 1}, {0x0512, 1289, 1}, {0x1fda, 2244, 1}, {0x2cda, 2721, 1}, {0x03da, 845, 1}, {0x00da, 153, 1}, {0xffffffff, -1, 0}, {0x0510, 1286, 1}, {0x1ed8, 2022, 1}, {0x04d8, 1202, 1}, {0xffffffff, -1, 0}, {0x1fd8, 2274, 1}, {0x2cd8, 2718, 1}, {0x03d8, 842, 1}, {0x00d8, 147, 1}, {0x1ed6, 2019, 1}, {0x04d6, 1199, 1}, {0xffffffff, -1, 0}, {0x1fd6, 76, 2}, {0x2cd6, 2715, 1}, {0x03d6, 792, 1}, {0x00d6, 144, 1}, {0x1ec8, 1998, 1}, {0xffffffff, -1, 0}, {0x01c8, 421, 1}, {0x1fc8, 2232, 1}, {0x2cc8, 2694, 1}, {0xff32, 3210, 1}, {0x00c8, 102, 1}, {0x04c7, 1175, 1}, {0x01c7, 421, 1}, {0x1fc7, 15, 3}, {0x1ec0, 1986, 1}, {0x04c0, 1187, 1}, {0x00c7, 99, 1}, {0xffffffff, -1, 0}, {0x2cc0, 2682, 1}, {0x0179, 345, 1}, {0x00c0, 77, 1}, {0x0232, 574, 1}, {0x01b3, 402, 1}, {0x1fb3, 62, 2}, {0xab79, 1475, 1}, {0xa779, 3090, 1}, {0x10c7, 2859, 1}, {0xabb3, 1649, 1}, {0xa7b3, 3156, 1}, {0x1fa5, 234, 2}, {0x10c0, 2841, 1}, {0x03a5, 807, 1}, {0xffffffff, -1, 0}, {0xaba5, 1607, 1}, {0x01b1, 691, 1}, {0x10ca5, 3468, 1}, {0x10b3, 2802, 1}, {0x2169, 2319, 1}, {0x024e, 601, 1}, {0xabb1, 1643, 1}, {0xa7b1, 682, 1}, {0x10cb1, 3504, 1}, {0x10a5, 2760, 1}, {0xffffffff, -1, 0}, {0x01af, 399, 1}, {0x1faf, 244, 2}, {0xffffffff, -1, 0}, {0x0248, 592, 1}, {0x10b1, 2796, 1}, {0xabaf, 1637, 1}, {0x1fad, 234, 2}, {0x10caf, 3498, 1}, {0x04cd, 1184, 1}, {0x01cd, 429, 1}, {0xabad, 1631, 1}, {0xa7ad, 658, 1}, {0x10cad, 3492, 1}, {0x00cd, 117, 1}, {0x10af, 2790, 1}, {0x021e, 547, 1}, {0x1fa3, 224, 2}, {0xffffffff, -1, 0}, {0x03a3, 800, 1}, {0x10ad, 2784, 1}, {0xaba3, 1601, 1}, {0xffffffff, -1, 0}, {0x10ca3, 3462, 1}, {0x10cd, 2862, 1}, {0x1fa1, 214, 2}, {0x24b7, 2346, 1}, {0x03a1, 796, 1}, {0x0212, 529, 1}, {0xaba1, 1595, 1}, {0x10a3, 2754, 1}, {0x10ca1, 3456, 1}, {0x01d3, 438, 1}, {0x1fd3, 25, 3}, {0x0210, 526, 1}, {0xffffffff, -1, 0}, {0x00d3, 135, 1}, {0x1e97, 34, 2}, {0x10a1, 2748, 1}, {0x0197, 649, 1}, {0x1f97, 204, 2}, {0xffffffff, -1, 0}, {0x0397, 759, 1}, {0x1041d, 3324, 1}, {0xab97, 1565, 1}, {0x041d, 929, 1}, {0x10c97, 3426, 1}, {0x1f1d, 2121, 1}, {0x2c1d, 2508, 1}, {0x1e72, 1884, 1}, {0x0472, 1061, 1}, {0x0172, 336, 1}, {0x118b3, 3567, 1}, {0x2c72, 2580, 1}, {0x0372, 712, 1}, {0x1041b, 3318, 1}, {0xab72, 1454, 1}, {0x041b, 923, 1}, {0x118a5, 3525, 1}, {0x1f1b, 2115, 1}, {0x2c1b, 2502, 1}, {0x1e70, 1881, 1}, {0x0470, 1058, 1}, {0x0170, 333, 1}, {0x118b1, 3561, 1}, {0x2c70, 610, 1}, {0x0370, 709, 1}, {0x1e46, 1817, 1}, {0xab70, 1448, 1}, {0x1e66, 1866, 1}, {0x0466, 1043, 1}, {0x0166, 318, 1}, {0x1e44, 1814, 1}, {0x0046, 15, 1}, {0x118af, 3555, 1}, {0xa746, 3027, 1}, {0xffffffff, -1, 0}, {0xa766, 3075, 1}, {0x0044, 9, 1}, {0x118ad, 3549, 1}, {0xa744, 3024, 1}, {0x1e7a, 1896, 1}, {0x047a, 1073, 1}, {0x1e3a, 1799, 1}, {0xffffffff, -1, 0}, {0xa646, 2874, 1}, {0x1f3a, 2154, 1}, {0xa666, 2922, 1}, {0xab7a, 1478, 1}, {0x118a3, 3519, 1}, {0xa644, 2871, 1}, {0xa73a, 3009, 1}, {0xffffffff, -1, 0}, {0x1ef4, 2064, 1}, {0x04f4, 1244, 1}, {0x01f4, 487, 1}, {0x1ff4, 101, 2}, {0x118a1, 3513, 1}, {0x03f4, 762, 1}, {0x1eec, 2052, 1}, {0x04ec, 1232, 1}, {0x01ec, 477, 1}, {0x1fec, 2286, 1}, {0x0546, 1397, 1}, {0x03ec, 872, 1}, {0xffffffff, -1, 0}, {0x013f, 261, 1}, {0x1f3f, 2169, 1}, {0x0544, 1391, 1}, {0x1eea, 2049, 1}, {0x04ea, 1229, 1}, {0x01ea, 474, 1}, {0x1fea, 2256, 1}, {0xffffffff, -1, 0}, {0x03ea, 869, 1}, {0x1ee8, 2046, 1}, {0x04e8, 1226, 1}, {0x01e8, 471, 1}, {0x1fe8, 2280, 1}, {0x053a, 1361, 1}, {0x03e8, 866, 1}, {0x1ee6, 2043, 1}, {0x04e6, 1223, 1}, {0x01e6, 468, 1}, {0x1fe6, 88, 2}, {0x1f4b, 2181, 1}, {0x03e6, 863, 1}, {0x1e5e, 1853, 1}, {0x004b, 27, 1}, {0x015e, 306, 1}, {0x2166, 2310, 1}, {0x1ee4, 2040, 1}, {0x04e4, 1220, 1}, {0x01e4, 465, 1}, {0x1fe4, 80, 2}, {0xa75e, 3063, 1}, {0x03e4, 860, 1}, {0x1ee0, 2034, 1}, {0x04e0, 1214, 1}, {0x01e0, 459, 1}, {0x053f, 1376, 1}, {0x2ce0, 2730, 1}, {0x03e0, 854, 1}, {0x1edc, 2028, 1}, {0x04dc, 1208, 1}, {0xa65e, 2910, 1}, {0xffffffff, -1, 0}, {0x2cdc, 2724, 1}, {0x03dc, 848, 1}, {0x00dc, 159, 1}, {0x1ed0, 2010, 1}, {0x04d0, 1190, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0x2cd0, 2706, 1}, {0x03d0, 742, 1}, {0x00d0, 126, 1}, {0x1ecc, 2004, 1}, {0x054b, 1412, 1}, {0xffffffff, -1, 0}, {0x1fcc, 71, 2}, {0x2ccc, 2700, 1}, {0x1ec6, 1995, 1}, {0x00cc, 114, 1}, {0xffffffff, -1, 0}, {0x1fc6, 67, 2}, {0x2cc6, 2691, 1}, {0x24c8, 2397, 1}, {0x00c6, 96, 1}, {0x04c5, 1172, 1}, {0x01c5, 417, 1}, {0xffffffff, -1, 0}, {0x1fbb, 2229, 1}, {0x24c7, 2394, 1}, {0x00c5, 92, 1}, {0x1fb9, 2271, 1}, {0xabbb, 1673, 1}, {0x24c0, 2373, 1}, {0x04c3, 1169, 1}, {0xabb9, 1667, 1}, {0x1fc3, 71, 2}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0x00c3, 86, 1}, {0x10c5, 2856, 1}, {0x10bb, 2826, 1}, {0x1ed4, 2016, 1}, {0x04d4, 1196, 1}, {0x10b9, 2820, 1}, {0x13fc, 1700, 1}, {0x2cd4, 2712, 1}, {0x0246, 589, 1}, {0x00d4, 138, 1}, {0x10c3, 2850, 1}, {0xffffffff, -1, 0}, {0xff3a, 3234, 1}, {0x0244, 688, 1}, {0x019f, 670, 1}, {0x1f9f, 204, 2}, {0xffffffff, -1, 0}, {0x039f, 789, 1}, {0xffffffff, -1, 0}, {0xab9f, 1589, 1}, {0xffffffff, -1, 0}, {0x10c9f, 3450, 1}, {0x019d, 667, 1}, {0x1f9d, 194, 2}, {0x023a, 2565, 1}, {0x039d, 783, 1}, {0x1e5a, 1847, 1}, {0xab9d, 1583, 1}, {0x015a, 300, 1}, {0x10c9d, 3444, 1}, {0x1e9b, 1856, 1}, {0x24cd, 2412, 1}, {0x005a, 74, 1}, {0x1f9b, 184, 2}, {0xa75a, 3057, 1}, {0x039b, 776, 1}, {0x1ece, 2007, 1}, {0xab9b, 1577, 1}, {0x1e99, 42, 2}, {0x10c9b, 3438, 1}, {0x2cce, 2703, 1}, {0x1f99, 174, 2}, {0x00ce, 120, 1}, {0x0399, 767, 1}, {0xa65a, 2904, 1}, {0xab99, 1571, 1}, {0xffffffff, -1, 0}, {0x10c99, 3432, 1}, {0x0193, 634, 1}, {0x1f93, 184, 2}, {0x1e58, 1844, 1}, {0x0393, 746, 1}, {0x0158, 297, 1}, {0xab93, 1553, 1}, {0xffffffff, -1, 0}, {0x10c93, 3414, 1}, {0x0058, 68, 1}, {0x042d, 977, 1}, {0xa758, 3054, 1}, {0x1f2d, 2139, 1}, {0x2c2d, 2556, 1}, {0x118bb, 3591, 1}, {0x0191, 369, 1}, {0x1f91, 174, 2}, {0x118b9, 3585, 1}, {0x0391, 739, 1}, {0xffffffff, -1, 0}, {0xab91, 1547, 1}, {0xa658, 2901, 1}, {0x10c91, 3408, 1}, {0x018f, 625, 1}, {0x1f8f, 164, 2}, {0xffffffff, -1, 0}, {0x038f, 836, 1}, {0xffffffff, -1, 0}, {0xab8f, 1541, 1}, {0xffffffff, -1, 0}, {0x10c8f, 3402, 1}, {0x018b, 366, 1}, {0x1f8b, 144, 2}, {0xffffffff, -1, 0}, {0x0187, 363, 1}, {0x1f87, 164, 2}, {0xab8b, 1529, 1}, {0xa78b, 3111, 1}, {0x10c8b, 3390, 1}, {0xab87, 1517, 1}, {0x04c1, 1166, 1}, {0x10c87, 3378, 1}, {0x1e7e, 1902, 1}, {0x047e, 1079, 1}, {0xffffffff, -1, 0}, {0x00c1, 80, 1}, {0x2c7e, 580, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xab7e, 1490, 1}, {0xa77e, 3096, 1}, {0x1e76, 1890, 1}, {0x0476, 1067, 1}, {0x0176, 342, 1}, {0x1e42, 1811, 1}, {0x10c1, 2844, 1}, {0x0376, 715, 1}, {0x1e36, 1793, 1}, {0xab76, 1466, 1}, {0x0136, 249, 1}, {0x0042, 3, 1}, {0x1e3e, 1805, 1}, {0xa742, 3021, 1}, {0x1e38, 1796, 1}, {0x1f3e, 2166, 1}, {0xa736, 3003, 1}, {0x1f38, 2148, 1}, {0xffffffff, -1, 0}, {0x0587, 105, 2}, {0xa73e, 3015, 1}, {0xffffffff, -1, 0}, {0xa738, 3006, 1}, {0xa642, 2868, 1}, {0x1e5c, 1850, 1}, {0x1e34, 1790, 1}, {0x015c, 303, 1}, {0x0134, 246, 1}, {0x1ef6, 2067, 1}, {0x04f6, 1247, 1}, {0x01f6, 372, 1}, {0x1ff6, 92, 2}, {0xa75c, 3060, 1}, {0xa734, 3000, 1}, {0x1ef0, 2058, 1}, {0x04f0, 1238, 1}, {0x01f0, 20, 2}, {0xffffffff, -1, 0}, {0x1e30, 1784, 1}, {0x03f0, 772, 1}, {0x0130, 261, 2}, {0x0542, 1385, 1}, {0xa65c, 2907, 1}, {0x1f83, 144, 2}, {0x0536, 1349, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xab83, 1505, 1}, {0x053e, 1373, 1}, {0x10c83, 3366, 1}, {0x0538, 1355, 1}, {0x1eee, 2055, 1}, {0x04ee, 1235, 1}, {0x01ee, 480, 1}, {0x1f8d, 154, 2}, {0xffffffff, -1, 0}, {0x03ee, 875, 1}, {0xffffffff, -1, 0}, {0xab8d, 1535, 1}, {0xa78d, 643, 1}, {0x10c8d, 3396, 1}, {0x0534, 1343, 1}, {0x0181, 613, 1}, {0x1f81, 134, 2}, {0x013d, 258, 1}, {0x1f3d, 2163, 1}, {0xffffffff, -1, 0}, {0xab81, 1499, 1}, {0x017f, 52, 1}, {0x10c81, 3360, 1}, {0x2c7f, 583, 1}, {0x037f, 881, 1}, {0xff2d, 3195, 1}, {0xab7f, 1493, 1}, {0x1e74, 1887, 1}, {0x0474, 1064, 1}, {0x0174, 339, 1}, {0x1e3c, 1802, 1}, {0x0149, 46, 2}, {0x1f49, 2175, 1}, {0x1f3c, 2160, 1}, {0xab74, 1460, 1}, {0x0049, 3606, 1}, {0x0143, 267, 1}, {0x24cc, 2409, 1}, {0xa73c, 3012, 1}, {0xffffffff, -1, 0}, {0x0043, 6, 1}, {0x0141, 264, 1}, {0x24c6, 2391, 1}, {0x013b, 255, 1}, {0x1f3b, 2157, 1}, {0x0041, 0, 1}, {0x0139, 252, 1}, {0x1f39, 2151, 1}, {0x24c5, 2388, 1}, {0x24bb, 2358, 1}, {0x13fa, 1694, 1}, {0x053d, 1370, 1}, {0x24b9, 2352, 1}, {0x0429, 965, 1}, {0x2183, 2340, 1}, {0x1f29, 2127, 1}, {0x2c29, 2544, 1}, {0x24c3, 2382, 1}, {0x10427, 3354, 1}, {0x10425, 3348, 1}, {0x0427, 959, 1}, {0x0425, 953, 1}, {0xffffffff, -1, 0}, {0x2c27, 2538, 1}, {0x2c25, 2532, 1}, {0x0549, 1406, 1}, {0x053c, 1367, 1}, {0x10423, 3342, 1}, {0xffffffff, -1, 0}, {0x0423, 947, 1}, {0x0543, 1388, 1}, {0xffffffff, -1, 0}, {0x2c23, 2526, 1}, {0xff36, 3222, 1}, {0xffffffff, -1, 0}, {0x0541, 1382, 1}, {0x10421, 3336, 1}, {0x053b, 1364, 1}, {0x0421, 941, 1}, {0xff38, 3228, 1}, {0x0539, 1358, 1}, {0x2c21, 2520, 1}, {0x10419, 3312, 1}, {0x10417, 3306, 1}, {0x0419, 917, 1}, {0x0417, 911, 1}, {0x1f19, 2109, 1}, {0x2c19, 2496, 1}, {0x2c17, 2490, 1}, {0x023e, 2568, 1}, {0xff34, 3216, 1}, {0x10415, 3300, 1}, {0x10413, 3294, 1}, {0x0415, 905, 1}, {0x0413, 899, 1}, {0xffffffff, -1, 0}, {0x2c15, 2484, 1}, {0x2c13, 2478, 1}, {0xffffffff, -1, 0}, {0x24ce, 2415, 1}, {0x1040f, 3282, 1}, {0xffffffff, -1, 0}, {0x040f, 1031, 1}, {0xff30, 3204, 1}, {0x1f0f, 2103, 1}, {0x2c0f, 2466, 1}, {0x1040d, 3276, 1}, {0xffffffff, -1, 0}, {0x040d, 1025, 1}, {0x0147, 273, 1}, {0x1f0d, 2097, 1}, {0x2c0d, 2460, 1}, {0x1040b, 3270, 1}, {0x0047, 18, 1}, {0x040b, 1019, 1}, {0x0230, 571, 1}, {0x1f0b, 2091, 1}, {0x2c0b, 2454, 1}, {0x10409, 3264, 1}, {0x10405, 3252, 1}, {0x0409, 1013, 1}, {0x0405, 1001, 1}, {0x1f09, 2085, 1}, {0x2c09, 2448, 1}, {0x2c05, 2436, 1}, {0x10403, 3246, 1}, {0x10401, 3240, 1}, {0x0403, 995, 1}, {0x0401, 989, 1}, {0xffffffff, -1, 0}, {0x2c03, 2430, 1}, {0x2c01, 2424, 1}, {0x13f9, 1691, 1}, {0x042f, 983, 1}, {0xffffffff, -1, 0}, {0x1f2f, 2145, 1}, {0x1041f, 3330, 1}, {0xffffffff, -1, 0}, {0x041f, 935, 1}, {0x023d, 378, 1}, {0x10411, 3288, 1}, {0x2c1f, 2514, 1}, {0x0411, 893, 1}, {0x0547, 1400, 1}, {0xffffffff, -1, 0}, {0x2c11, 2472, 1}, {0x10407, 3258, 1}, {0xffffffff, -1, 0}, {0x0407, 1007, 1}, {0x24c1, 2376, 1}, {0xffffffff, -1, 0}, {0x2c07, 2442, 1}, {0xffffffff, -1, 0}, {0x13f8, 1688, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xff39, 3231, 1}, {0xffffffff, -1, 0}, {0x0243, 354, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0x0241, 586, 1}, {0xff29, 3183, 1}, {0x023b, 577, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xff27, 3177, 1}, {0xff25, 3171, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xff23, 3165, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xff21, 3159, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xfb17, 117, 2}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xff2f, 3201, 1}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xfb15, 113, 2}, {0xfb13, 121, 2}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xfb05, 29, 2}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xffffffff, -1, 0}, {0xfb03, 0, 3}, {0xfb01, 8, 2} }; if (0 == 0) { int key = hash(&code); if (key <= MAX_HASH_VALUE && key >= 0) { OnigCodePoint gcode = wordlist[key].code; if (code == gcode) return &wordlist[key]; } } return 0; }",visit repo url,src/unicode_unfold_key.c,https://github.com/kkos/oniguruma,149452506111377,1 2541,CWE-399,"cib_notify_client(gpointer key, gpointer value, gpointer user_data) { const char *type = NULL; gboolean do_send = FALSE; cib_client_t *client = value; xmlNode *update_msg = user_data; CRM_CHECK(client != NULL, return TRUE); CRM_CHECK(update_msg != NULL, return TRUE); if (client->ipc == NULL) { crm_warn(""Skipping client with NULL channel""); return FALSE; } type = crm_element_value(update_msg, F_SUBTYPE); CRM_LOG_ASSERT(type != NULL); if (client->diffs && safe_str_eq(type, T_CIB_DIFF_NOTIFY)) { do_send = TRUE; } else if (client->replace && safe_str_eq(type, T_CIB_REPLACE_NOTIFY)) { do_send = TRUE; } else if (client->confirmations && safe_str_eq(type, T_CIB_UPDATE_CONFIRM)) { do_send = TRUE; } else if (client->pre_notify && safe_str_eq(type, T_CIB_PRE_NOTIFY)) { do_send = TRUE; } else if (client->post_notify && safe_str_eq(type, T_CIB_POST_NOTIFY)) { do_send = TRUE; } if (do_send) { if (client->ipc) { if(crm_ipcs_send(client->ipc, 0, update_msg, TRUE) == FALSE) { crm_warn(""Notification of client %s/%s failed"", client->name, client->id); } #ifdef HAVE_GNUTLS_GNUTLS_H } else if (client->session) { crm_debug(""Sent %s notification to client %s/%s"", type, client->name, client->id); crm_send_remote_msg(client->session, update_msg, client->encrypted); #endif } else { crm_err(""Unknown transport for %s"", client->name); } } return FALSE; }",visit repo url,cib/notify.c,https://github.com/ClusterLabs/pacemaker,214605181558013,1 6050,['CWE-200'],"void in6_dev_finish_destroy(struct inet6_dev *idev) { struct net_device *dev = idev->dev; BUG_TRAP(idev->addr_list==NULL); BUG_TRAP(idev->mc_list==NULL); #ifdef NET_REFCNT_DEBUG printk(KERN_DEBUG ""in6_dev_finish_destroy: %s\n"", dev ? dev->name : ""NIL""); #endif dev_put(dev); if (!idev->dead) { printk(""Freeing alive inet6 device %p\n"", idev); return; } snmp6_free_dev(idev); kfree(idev); }",linux-2.6,,,171861591205120736083376261703233183340,0 2828,[],"static int do_direct_IO(struct dio *dio) { const unsigned blkbits = dio->blkbits; const unsigned blocks_per_page = PAGE_SIZE >> blkbits; struct page *page; unsigned block_in_page; struct buffer_head *map_bh = &dio->map_bh; int ret = 0; block_in_page = dio->first_block_in_page; while (dio->block_in_file < dio->final_block_in_request) { page = dio_get_page(dio); if (IS_ERR(page)) { ret = PTR_ERR(page); goto out; } while (block_in_page < blocks_per_page) { unsigned offset_in_page = block_in_page << blkbits; unsigned this_chunk_bytes; unsigned this_chunk_blocks; unsigned u; if (dio->blocks_available == 0) { unsigned long blkmask; unsigned long dio_remainder; ret = get_more_blocks(dio); if (ret) { page_cache_release(page); goto out; } if (!buffer_mapped(map_bh)) goto do_holes; dio->blocks_available = map_bh->b_size >> dio->blkbits; dio->next_block_for_io = map_bh->b_blocknr << dio->blkfactor; if (buffer_new(map_bh)) clean_blockdev_aliases(dio); if (!dio->blkfactor) goto do_holes; blkmask = (1 << dio->blkfactor) - 1; dio_remainder = (dio->block_in_file & blkmask); if (!buffer_new(map_bh)) dio->next_block_for_io += dio_remainder; dio->blocks_available -= dio_remainder; } do_holes: if (!buffer_mapped(map_bh)) { loff_t i_size_aligned; if (dio->rw & WRITE) { page_cache_release(page); return -ENOTBLK; } i_size_aligned = ALIGN(i_size_read(dio->inode), 1 << blkbits); if (dio->block_in_file >= i_size_aligned >> blkbits) { page_cache_release(page); goto out; } zero_user_page(page, block_in_page << blkbits, 1 << blkbits, KM_USER0); dio->block_in_file++; block_in_page++; goto next_block; } if (unlikely(dio->blkfactor && !dio->start_zero_done)) dio_zero_block(dio, 0); this_chunk_blocks = dio->blocks_available; u = (PAGE_SIZE - offset_in_page) >> blkbits; if (this_chunk_blocks > u) this_chunk_blocks = u; u = dio->final_block_in_request - dio->block_in_file; if (this_chunk_blocks > u) this_chunk_blocks = u; this_chunk_bytes = this_chunk_blocks << blkbits; BUG_ON(this_chunk_bytes == 0); dio->boundary = buffer_boundary(map_bh); ret = submit_page_section(dio, page, offset_in_page, this_chunk_bytes, dio->next_block_for_io); if (ret) { page_cache_release(page); goto out; } dio->next_block_for_io += this_chunk_blocks; dio->block_in_file += this_chunk_blocks; block_in_page += this_chunk_blocks; dio->blocks_available -= this_chunk_blocks; next_block: BUG_ON(dio->block_in_file > dio->final_block_in_request); if (dio->block_in_file == dio->final_block_in_request) break; } page_cache_release(page); block_in_page = 0; } out: return ret; }",linux-2.6,,,192031742260772530560502041850973393050,0 5360,CWE-787,"void pdf_load_pages_kids(FILE *fp, pdf_t *pdf) { int i, id, dummy; char *buf, *c; long start, sz; start = ftell(fp); for (i=0; in_xrefs; i++) { if (pdf->xrefs[i].version && (pdf->xrefs[i].end != 0)) { fseek(fp, pdf->xrefs[i].start, SEEK_SET); while (SAFE_F(fp, (fgetc(fp) != 't'))) ; sz = pdf->xrefs[i].end - ftell(fp); buf = malloc(sz + 1); SAFE_E(fread(buf, 1, sz, fp), sz, ""Failed to load /Root.\n""); buf[sz] = '\0'; if (!(c = strstr(buf, ""/Root""))) { free(buf); continue; } id = atoi(c + strlen(""/Root"") + 1); free(buf); buf = get_object(fp, id, &pdf->xrefs[i], NULL, &dummy); if (!buf || !(c = strstr(buf, ""/Pages""))) { free(buf); continue; } id = atoi(c + strlen(""/Pages"") + 1); load_kids(fp, id, &pdf->xrefs[i]); free(buf); } } fseek(fp, start, SEEK_SET); }",visit repo url,pdf.c,https://github.com/enferex/pdfresurrect,223249375188479,1 5687,['CWE-476'],"static void udpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, int type, int code, int offset, __u32 info) { struct ipv6_pinfo *np; struct ipv6hdr *hdr = (struct ipv6hdr*)skb->data; struct net_device *dev = skb->dev; struct in6_addr *saddr = &hdr->saddr; struct in6_addr *daddr = &hdr->daddr; struct udphdr *uh = (struct udphdr*)(skb->data+offset); struct sock *sk; int err; sk = udp_v6_lookup(daddr, uh->dest, saddr, uh->source, dev->ifindex); if (sk == NULL) return; np = inet6_sk(sk); if (!icmpv6_err_convert(type, code, &err) && !np->recverr) goto out; if (sk->sk_state != TCP_ESTABLISHED && !np->recverr) goto out; if (np->recverr) ipv6_icmp_error(sk, skb, err, uh->dest, ntohl(info), (u8 *)(uh+1)); sk->sk_err = err; sk->sk_error_report(sk); out: sock_put(sk); }",linux-2.6,,,196460510184546520775581864683138673495,0 3487,CWE-295,"static int connect_to_master(THD* thd, MYSQL* mysql, Master_info* mi, bool reconnect, bool suppress_warnings) { int slave_was_killed= 0; int last_errno= -2; ulong err_count=0; char llbuff[22]; char password[MAX_PASSWORD_LENGTH + 1]; int password_size= sizeof(password); DBUG_ENTER(""connect_to_master""); set_slave_max_allowed_packet(thd, mysql); #ifndef DBUG_OFF mi->events_until_exit = disconnect_slave_event_count; #endif ulong client_flag= CLIENT_REMEMBER_OPTIONS; if (opt_slave_compressed_protocol) client_flag=CLIENT_COMPRESS; mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (char *) &slave_net_timeout); mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, (char *) &slave_net_timeout); if (mi->bind_addr[0]) { DBUG_PRINT(""info"",(""bind_addr: %s"", mi->bind_addr)); mysql_options(mysql, MYSQL_OPT_BIND, mi->bind_addr); } #ifdef HAVE_OPENSSL if (mi->ssl) { mysql_ssl_set(mysql, mi->ssl_key[0]?mi->ssl_key:0, mi->ssl_cert[0]?mi->ssl_cert:0, mi->ssl_ca[0]?mi->ssl_ca:0, mi->ssl_capath[0]?mi->ssl_capath:0, mi->ssl_cipher[0]?mi->ssl_cipher:0); mysql_options(mysql, MYSQL_OPT_SSL_CRL, mi->ssl_crl[0] ? mi->ssl_crl : 0); mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, mi->ssl_crlpath[0] ? mi->ssl_crlpath : 0); mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &mi->ssl_verify_server_cert); } #endif mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset_info->csname); mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir); if (mi->is_start_plugin_auth_configured()) { DBUG_PRINT(""info"", (""Slaving is using MYSQL_DEFAULT_AUTH %s"", mi->get_start_plugin_auth())); mysql_options(mysql, MYSQL_DEFAULT_AUTH, mi->get_start_plugin_auth()); } if (mi->is_start_plugin_dir_configured()) { DBUG_PRINT(""info"", (""Slaving is using MYSQL_PLUGIN_DIR %s"", mi->get_start_plugin_dir())); mysql_options(mysql, MYSQL_PLUGIN_DIR, mi->get_start_plugin_dir()); } else if (opt_plugin_dir_ptr && *opt_plugin_dir_ptr) mysql_options(mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir_ptr); if (!mi->is_start_user_configured()) sql_print_warning(""%s"", ER(ER_INSECURE_CHANGE_MASTER)); if (mi->get_password(password, &password_size)) { mi->report(ERROR_LEVEL, ER_SLAVE_FATAL_ERROR, ER(ER_SLAVE_FATAL_ERROR), ""Unable to configure password when attempting to "" ""connect to the master server. Connection attempt "" ""terminated.""); DBUG_RETURN(1); } const char* user= mi->get_user(); if (user == NULL || user[0] == 0) { mi->report(ERROR_LEVEL, ER_SLAVE_FATAL_ERROR, ER(ER_SLAVE_FATAL_ERROR), ""Invalid (empty) username when attempting to "" ""connect to the master server. Connection attempt "" ""terminated.""); DBUG_RETURN(1); } while (!(slave_was_killed = io_slave_killed(thd,mi)) && (reconnect ? mysql_reconnect(mysql) != 0 : mysql_real_connect(mysql, mi->host, user, password, 0, mi->port, 0, client_flag) == 0)) { last_errno=mysql_errno(mysql); suppress_warnings= 0; mi->report(ERROR_LEVEL, last_errno, ""error %s to master '%s@%s:%d'"" "" - retry-time: %d retries: %lu"", (reconnect ? ""reconnecting"" : ""connecting""), mi->get_user(), mi->host, mi->port, mi->connect_retry, err_count + 1); if (++err_count == mi->retry_count) { slave_was_killed=1; break; } slave_sleep(thd, mi->connect_retry, io_slave_killed, mi); } if (!slave_was_killed) { mi->clear_error(); if (reconnect) { if (!suppress_warnings) sql_print_information(""Slave: connected to master '%s@%s:%d',\ replication resumed in log '%s' at position %s"", mi->get_user(), mi->host, mi->port, mi->get_io_rpl_log_name(), llstr(mi->get_master_log_pos(),llbuff)); } else { query_logger.general_log_print(thd, COM_CONNECT_OUT, ""%s@%s:%d"", mi->get_user(), mi->host, mi->port); } thd->set_active_vio(mysql->net.vio); } mysql->reconnect= 1; DBUG_PRINT(""exit"",(""slave_was_killed: %d"", slave_was_killed)); DBUG_RETURN(slave_was_killed); }",visit repo url,sql/rpl_slave.cc,https://github.com/mysql/mysql-server,81896750436576,1 1889,CWE-416,"static int snd_ctl_elem_read(struct snd_card *card, struct snd_ctl_elem_value *control) { struct snd_kcontrol *kctl; struct snd_kcontrol_volatile *vd; unsigned int index_offset; struct snd_ctl_elem_info info; const u32 pattern = 0xdeadbeef; int ret; kctl = snd_ctl_find_id(card, &control->id); if (kctl == NULL) return -ENOENT; index_offset = snd_ctl_get_ioff(kctl, &control->id); vd = &kctl->vd[index_offset]; if (!(vd->access & SNDRV_CTL_ELEM_ACCESS_READ) || kctl->get == NULL) return -EPERM; snd_ctl_build_ioff(&control->id, kctl, index_offset); #ifdef CONFIG_SND_CTL_DEBUG memset(&info, 0, sizeof(info)); info.id = control->id; ret = __snd_ctl_elem_info(card, kctl, &info, NULL); if (ret < 0) return ret; #endif if (!snd_ctl_skip_validation(&info)) fill_remaining_elem_value(control, &info, pattern); ret = snd_power_ref_and_wait(card); if (!ret) ret = kctl->get(kctl, control); snd_power_unref(card); if (ret < 0) return ret; if (!snd_ctl_skip_validation(&info) && sanity_check_elem_value(card, control, &info, pattern) < 0) { dev_err(card->dev, ""control %i:%i:%i:%s:%i: access overflow\n"", control->id.iface, control->id.device, control->id.subdevice, control->id.name, control->id.index); return -EINVAL; } return ret; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,104548236458457,1 729,CWE-20,"static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct sco_pinfo *pi = sco_pi(sk); lock_sock(sk); if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { sco_conn_defer_accept(pi->conn->hcon, pi->setting); sk->sk_state = BT_CONFIG; msg->msg_namelen = 0; release_sock(sk); return 0; } release_sock(sk); return bt_sock_recvmsg(iocb, sock, msg, len, flags); }",visit repo url,net/bluetooth/sco.c,https://github.com/torvalds/linux,169024666607659,1 3179,['CWE-189'],"void jas_iccprof_dump(jas_iccprof_t *prof, FILE *out) { jas_iccattrtab_dump(prof->attrtab, out); }",jasper,,,142214495757420362346992446095776385025,0 2667,CWE-190,"static void spl_filesystem_dir_it_move_forward(zend_object_iterator *iter TSRMLS_DC) { spl_filesystem_object *object = spl_filesystem_iterator_to_object((spl_filesystem_iterator *)iter); object->u.dir.index++; spl_filesystem_dir_read(object TSRMLS_CC); if (object->file_name) { efree(object->file_name); object->file_name = NULL; } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,132678323408139,1 3295,CWE-476,"int git_pkt_parse_line( git_pkt **head, const char *line, const char **out, size_t bufflen) { int ret; int32_t len; if (bufflen > 0 && bufflen < PKT_LEN_SIZE) return GIT_EBUFS; len = parse_len(line); if (len < 0) { if (bufflen >= 4 && !git__prefixcmp(line, ""PACK"")) { giterr_clear(); *out = line; return pack_pkt(head); } return (int)len; } if (bufflen > 0 && bufflen < (size_t)len) return GIT_EBUFS; if (len != 0 && len < PKT_LEN_SIZE) return GIT_ERROR; line += PKT_LEN_SIZE; if (len == PKT_LEN_SIZE) { *head = NULL; *out = line; return 0; } if (len == 0) { *out = line; return flush_pkt(head); } len -= PKT_LEN_SIZE; if (*line == GIT_SIDE_BAND_DATA) ret = data_pkt(head, line, len); else if (*line == GIT_SIDE_BAND_PROGRESS) ret = sideband_progress_pkt(head, line, len); else if (*line == GIT_SIDE_BAND_ERROR) ret = sideband_error_pkt(head, line, len); else if (!git__prefixcmp(line, ""ACK"")) ret = ack_pkt(head, line, len); else if (!git__prefixcmp(line, ""NAK"")) ret = nak_pkt(head); else if (!git__prefixcmp(line, ""ERR "")) ret = err_pkt(head, line, len); else if (*line == '#') ret = comment_pkt(head, line, len); else if (!git__prefixcmp(line, ""ok"")) ret = ok_pkt(head, line, len); else if (!git__prefixcmp(line, ""ng"")) ret = ng_pkt(head, line, len); else if (!git__prefixcmp(line, ""unpack"")) ret = unpack_pkt(head, line, len); else ret = ref_pkt(head, line, len); *out = line + len; return ret; }",visit repo url,src/transports/smart_pkt.c,https://github.com/libgit2/libgit2,104910175251803,1 1569,CWE-119,"static void __net_exit sctp_net_exit(struct net *net) { sctp_free_addr_wq(net); sctp_free_local_addr_list(net); inet_ctl_sock_destroy(net->sctp.ctl_sock); sctp_dbg_objcnt_exit(net); sctp_proc_exit(net); cleanup_sctp_mibs(net); sctp_sysctl_net_unregister(net); }",visit repo url,net/sctp/protocol.c,https://github.com/torvalds/linux,213335918735822,1 3127,['CWE-189'],"static void jp2_cdef_dumpdata(jp2_box_t *box, FILE *out) { jp2_cdef_t *cdef = &box->data.cdef; unsigned int i; for (i = 0; i < cdef->numchans; ++i) { fprintf(out, ""channo=%d; type=%d; assoc=%d\n"", cdef->ents[i].channo, cdef->ents[i].type, cdef->ents[i].assoc); } }",jasper,,,334065122464420386005527069728715161653,0 5950,CWE-190,"static Jsi_RC jsi_ArrayFlatSub(Jsi_Interp *interp, Jsi_Obj* nobj, Jsi_Value *arr, int depth) { int i, n = 0, len = jsi_SizeOfArray(interp, arr->d.obj); if (len <= 0) return JSI_OK; Jsi_RC rc = JSI_OK; int clen = jsi_SizeOfArray(interp, nobj); for (i = 0; i < len && rc == JSI_OK; i++) { Jsi_Value *t = Jsi_ValueArrayIndex(interp, arr, i); if (t && depth>0 && Jsi_ValueIsArray(interp, t)) rc = jsi_ArrayFlatSub(interp, nobj, t , depth-1); else if (!Jsi_ValueIsUndef(interp, t)) Jsi_ObjArrayAdd(interp, nobj, t); if ((++n + clen)>interp->maxArrayList) return Jsi_LogError(""array size exceeded""); } return rc; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,78678223811903,1 5151,CWE-125,"ast_for_import_stmt(struct compiling *c, const node *n) { int lineno; int col_offset; int i; asdl_seq *aliases; REQ(n, import_stmt); lineno = LINENO(n); col_offset = n->n_col_offset; n = CHILD(n, 0); if (TYPE(n) == import_name) { n = CHILD(n, 1); REQ(n, dotted_as_names); aliases = _Py_asdl_seq_new((NCH(n) + 1) / 2, c->c_arena); if (!aliases) return NULL; for (i = 0; i < NCH(n); i += 2) { alias_ty import_alias = alias_for_import_name(c, CHILD(n, i), 1); if (!import_alias) return NULL; asdl_seq_SET(aliases, i / 2, import_alias); } return Import(aliases, lineno, col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else if (TYPE(n) == import_from) { int n_children; int idx, ndots = 0; const node *n_copy = n; alias_ty mod = NULL; identifier modname = NULL; for (idx = 1; idx < NCH(n); idx++) { if (TYPE(CHILD(n, idx)) == dotted_name) { mod = alias_for_import_name(c, CHILD(n, idx), 0); if (!mod) return NULL; idx++; break; } else if (TYPE(CHILD(n, idx)) == ELLIPSIS) { ndots += 3; continue; } else if (TYPE(CHILD(n, idx)) != DOT) { break; } ndots++; } idx++; switch (TYPE(CHILD(n, idx))) { case STAR: n = CHILD(n, idx); n_children = 1; break; case LPAR: n = CHILD(n, idx + 1); n_children = NCH(n); break; case import_as_names: n = CHILD(n, idx); n_children = NCH(n); if (n_children % 2 == 0) { ast_error(c, n, ""trailing comma not allowed without"" "" surrounding parentheses""); return NULL; } break; default: ast_error(c, n, ""Unexpected node-type in from-import""); return NULL; } aliases = _Py_asdl_seq_new((n_children + 1) / 2, c->c_arena); if (!aliases) return NULL; if (TYPE(n) == STAR) { alias_ty import_alias = alias_for_import_name(c, n, 1); if (!import_alias) return NULL; asdl_seq_SET(aliases, 0, import_alias); } else { for (i = 0; i < NCH(n); i += 2) { alias_ty import_alias = alias_for_import_name(c, CHILD(n, i), 1); if (!import_alias) return NULL; asdl_seq_SET(aliases, i / 2, import_alias); } } if (mod != NULL) modname = mod->name; return ImportFrom(modname, aliases, ndots, lineno, col_offset, n_copy->n_end_lineno, n_copy->n_end_col_offset, c->c_arena); } PyErr_Format(PyExc_SystemError, ""unknown import statement: starts with command '%s'"", STR(CHILD(n, 0))); return NULL; }",visit repo url,Python/ast.c,https://github.com/python/cpython,19741342458719,1 5730,CWE-787,"void luaV_concat (lua_State *L, int total) { if (total == 1) return; do { StkId top = L->top; int n = 2; if (!(ttisstring(s2v(top - 2)) || cvt2str(s2v(top - 2))) || !tostring(L, s2v(top - 1))) luaT_tryconcatTM(L); else if (isemptystr(s2v(top - 1))) cast_void(tostring(L, s2v(top - 2))); else if (isemptystr(s2v(top - 2))) { setobjs2s(L, top - 2, top - 1); } else { size_t tl = vslen(s2v(top - 1)); TString *ts; for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) { size_t l = vslen(s2v(top - n - 1)); if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) luaG_runerror(L, ""string length overflow""); tl += l; } if (tl <= LUAI_MAXSHORTLEN) { char buff[LUAI_MAXSHORTLEN]; copy2buff(top, n, buff); ts = luaS_newlstr(L, buff, tl); } else { ts = luaS_createlngstrobj(L, tl); copy2buff(top, n, getstr(ts)); } setsvalue2s(L, top - n, ts); } total -= n-1; L->top -= n-1; } while (total > 1); }",visit repo url,lvm.c,https://github.com/lua/lua,93804565496150,1 686,CWE-20,"static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name; struct ddpehdr *ddp; int copied = 0; int offset = 0; int err = 0; struct sk_buff *skb; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); lock_sock(sk); if (!skb) goto out; ddp = ddp_hdr(skb); copied = ntohs(ddp->deh_len_hops) & 1023; if (sk->sk_type != SOCK_RAW) { offset = sizeof(*ddp); copied -= offset; } if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied); if (!err) { if (sat) { sat->sat_family = AF_APPLETALK; sat->sat_port = ddp->deh_sport; sat->sat_addr.s_node = ddp->deh_snode; sat->sat_addr.s_net = ddp->deh_snet; } msg->msg_namelen = sizeof(*sat); } skb_free_datagram(sk, skb); out: release_sock(sk); return err ? : copied; }",visit repo url,net/appletalk/ddp.c,https://github.com/torvalds/linux,30002071291188,1 4696,CWE-787,"static int msg_parse_fetch (IMAP_HEADER *h, char *s) { char tmp[SHORT_STRING]; char *ptmp; if (!s) return -1; while (*s) { SKIPWS (s); if (ascii_strncasecmp (""FLAGS"", s, 5) == 0) { if ((s = msg_parse_flags (h, s)) == NULL) return -1; } else if (ascii_strncasecmp (""UID"", s, 3) == 0) { s += 3; SKIPWS (s); if (mutt_atoui (s, &h->data->uid) < 0) return -1; s = imap_next_word (s); } else if (ascii_strncasecmp (""INTERNALDATE"", s, 12) == 0) { s += 12; SKIPWS (s); if (*s != '\""') { dprint (1, (debugfile, ""msg_parse_fetch(): bogus INTERNALDATE entry: %s\n"", s)); return -1; } s++; ptmp = tmp; while (*s && *s != '\""') *ptmp++ = *s++; if (*s != '\""') return -1; s++; *ptmp = 0; h->received = imap_parse_date (tmp); } else if (ascii_strncasecmp (""RFC822.SIZE"", s, 11) == 0) { s += 11; SKIPWS (s); ptmp = tmp; while (isdigit ((unsigned char) *s)) *ptmp++ = *s++; *ptmp = 0; if (mutt_atol (tmp, &h->content_length) < 0) return -1; } else if (!ascii_strncasecmp (""BODY"", s, 4) || !ascii_strncasecmp (""RFC822.HEADER"", s, 13)) { return -2; } else if (*s == ')') s++; else if (*s) { imap_error (""msg_parse_fetch"", s); return -1; } } return 0; }",visit repo url,imap/message.c,https://gitlab.com/muttmua/mutt,272129077457976,1 646,[],"static inline int dccp_listen_start(struct sock *sk, int backlog) { struct dccp_sock *dp = dccp_sk(sk); dp->dccps_role = DCCP_ROLE_LISTEN; return inet_csk_listen_start(sk, backlog); }",linux-2.6,,,158714139928834836073497707306484506349,0 6164,CWE-190,"void ep4_map(ep4_t p, const uint8_t *msg, int len) { bn_t x; fp4_t t0; uint8_t digest[RLC_MD_LEN]; bn_null(x); fp4_null(t0); RLC_TRY { bn_new(x); fp4_new(t0); md_map(digest, msg, len); bn_read_bin(x, digest, RLC_MIN(RLC_FP_BYTES, RLC_MD_LEN)); fp4_zero(p->x); fp_prime_conv(p->x[0][0], x); fp4_set_dig(p->z, 1); while (1) { ep4_rhs(t0, p); if (fp4_srt(p->y, t0)) { p->coord = BASIC; break; } fp_add_dig(p->x[0][0], p->x[0][0], 1); } ep4_mul_cof(p, p); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(x); fp4_free(t0); } }",visit repo url,src/epx/relic_ep4_map.c,https://github.com/relic-toolkit/relic,165567164419807,1 2696,CWE-190,"SPL_METHOD(GlobIterator, count) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } if (php_stream_is(intern->u.dir.dirp ,&php_glob_stream_ops)) { RETURN_LONG(php_glob_stream_get_count(intern->u.dir.dirp, NULL)); } else { php_error_docref(NULL TSRMLS_CC, E_ERROR, ""GlobIterator lost glob state""); } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,253587830291132,1 4587,['CWE-399'],"static int try_to_extend_transaction(handle_t *handle, struct inode *inode) { if (!ext4_handle_valid(handle)) return 0; if (ext4_handle_has_enough_credits(handle, EXT4_RESERVE_TRANS_BLOCKS+1)) return 0; if (!ext4_journal_extend(handle, blocks_for_truncate(inode))) return 0; return 1; }",linux-2.6,,,257085889731898538277587057947266227548,0 2082,[],"static struct sock *__udp4_lib_lookup(__be32 saddr, __be16 sport, __be32 daddr, __be16 dport, int dif, struct hlist_head udptable[]) { struct sock *sk, *result = NULL; struct hlist_node *node; unsigned short hnum = ntohs(dport); int badness = -1; read_lock(&udp_hash_lock); sk_for_each(sk, node, &udptable[hnum & (UDP_HTABLE_SIZE - 1)]) { struct inet_sock *inet = inet_sk(sk); if (sk->sk_hash == hnum && !ipv6_only_sock(sk)) { int score = (sk->sk_family == PF_INET ? 1 : 0); if (inet->rcv_saddr) { if (inet->rcv_saddr != daddr) continue; score+=2; } if (inet->daddr) { if (inet->daddr != saddr) continue; score+=2; } if (inet->dport) { if (inet->dport != sport) continue; score+=2; } if (sk->sk_bound_dev_if) { if (sk->sk_bound_dev_if != dif) continue; score+=2; } if (score == 9) { result = sk; break; } else if (score > badness) { result = sk; badness = score; } } } if (result) sock_hold(result); read_unlock(&udp_hash_lock); return result; }",linux-2.6,,,156649958298150969613555607148733046600,0 1556,[],"static inline void register_rt_sched_group(struct task_group *tg, int cpu) { }",linux-2.6,,,94537112529383188204738284416957241653,0 3325,CWE-119,"header_gets (SF_PRIVATE *psf, char *ptr, int bufsize) { int k ; for (k = 0 ; k < bufsize - 1 ; k++) { if (psf->headindex < psf->headend) { ptr [k] = psf->header [psf->headindex] ; psf->headindex ++ ; } else { psf->headend += psf_fread (psf->header + psf->headend, 1, 1, psf) ; ptr [k] = psf->header [psf->headindex] ; psf->headindex = psf->headend ; } ; if (ptr [k] == '\n') break ; } ; ptr [k] = 0 ; return k ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,62308200195772,1 3364,[],"static inline int nla_put_flag(struct sk_buff *skb, int attrtype) { return nla_put(skb, attrtype, 0, NULL); }",linux-2.6,,,134633627532446033733448517531796857132,0 932,['CWE-200'],"static void destroy_inodecache(void) { kmem_cache_destroy(shmem_inode_cachep); }",linux-2.6,,,153526333657056330674081086008544308612,0 4415,CWE-476,"mrb_ary_shift_m(mrb_state *mrb, mrb_value self) { struct RArray *a = mrb_ary_ptr(self); mrb_int len = ARY_LEN(a); mrb_int n; mrb_value val; if (mrb_get_args(mrb, ""|i"", &n) == 0) { return mrb_ary_shift(mrb, self); }; ary_modify_check(mrb, a); if (len == 0 || n == 0) return mrb_ary_new(mrb); if (n < 0) mrb_raise(mrb, E_ARGUMENT_ERROR, ""negative array shift""); if (n > len) n = len; val = mrb_ary_new_from_values(mrb, n, ARY_PTR(a)); if (ARY_SHARED_P(a)) { L_SHIFT: a->as.heap.ptr+=n; a->as.heap.len-=n; return val; } if (len > ARY_SHIFT_SHARED_MIN) { ary_make_shared(mrb, a); goto L_SHIFT; } else if (len == n) { ARY_SET_LEN(a, 0); } else { mrb_value *ptr = ARY_PTR(a); mrb_int size = len-n; while (size--) { *ptr = *(ptr+n); ++ptr; } ARY_SET_LEN(a, len-n); } return val; }",visit repo url,src/array.c,https://github.com/mruby/mruby,31493914177327,1 1365,NVD-CWE-Other,"static int translate_desc(struct vhost_dev *dev, u64 addr, u32 len, struct iovec iov[], int iov_size) { const struct vhost_memory_region *reg; struct vhost_memory *mem; struct iovec *_iov; u64 s = 0; int ret = 0; rcu_read_lock(); mem = rcu_dereference(dev->memory); while ((u64)len > s) { u64 size; if (unlikely(ret >= iov_size)) { ret = -ENOBUFS; break; } reg = find_region(mem, addr, len); if (unlikely(!reg)) { ret = -EFAULT; break; } _iov = iov + ret; size = reg->memory_size - addr + reg->guest_phys_addr; _iov->iov_len = min((u64)len, size); _iov->iov_base = (void __user *)(unsigned long) (reg->userspace_addr + addr - reg->guest_phys_addr); s += size; addr += size; ++ret; } rcu_read_unlock(); return ret; }",visit repo url,drivers/vhost/vhost.c,https://github.com/torvalds/linux,235936378191308,1 3510,['CWE-20'],"sctp_disposition_t sctp_sf_cookie_wait_abort(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; unsigned len; __be16 error = SCTP_ERROR_NO_ERROR; if (!sctp_vtag_verify_either(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_abort_chunk_t))) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); len = ntohs(chunk->chunk_hdr->length); if (len >= sizeof(struct sctp_chunkhdr) + sizeof(struct sctp_errhdr)) error = ((sctp_errhdr_t *)chunk->skb->data)->cause; return sctp_stop_t1_and_abort(commands, error, ECONNREFUSED, asoc, chunk->transport); }",linux-2.6,,,61984727381071593137666417155089413965,0 1558,[],"static inline struct cpuacct *task_ca(struct task_struct *tsk) { return container_of(task_subsys_state(tsk, cpuacct_subsys_id), struct cpuacct, css); }",linux-2.6,,,236471901285493351967134025389797924749,0 3599,CWE-125,"static int jpc_pi_nextcprl(register jpc_pi_t *pi) { int rlvlno; jpc_pirlvl_t *pirlvl; jpc_pchg_t *pchg; int prchind; int prcvind; int *prclyrno; uint_fast32_t trx0; uint_fast32_t try0; uint_fast32_t r; uint_fast32_t rpx; uint_fast32_t rpy; pchg = pi->pchg; if (!pi->prgvolfirst) { goto skip; } else { pi->prgvolfirst = 0; } for (pi->compno = pchg->compnostart, pi->picomp = &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, ++pi->picomp) { pirlvl = pi->picomp->pirlvls; pi->xstep = pi->picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcwidthexpn + pi->picomp->numrlvls - 1)); pi->ystep = pi->picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcheightexpn + pi->picomp->numrlvls - 1)); for (rlvlno = 1, pirlvl = &pi->picomp->pirlvls[1]; rlvlno < pi->picomp->numrlvls; ++rlvlno, ++pirlvl) { pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcwidthexpn + pi->picomp->numrlvls - rlvlno - 1))); pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcheightexpn + pi->picomp->numrlvls - rlvlno - 1))); } for (pi->y = pi->ystart; pi->y < pi->yend; pi->y += pi->ystep - (pi->y % pi->ystep)) { for (pi->x = pi->xstart; pi->x < pi->xend; pi->x += pi->xstep - (pi->x % pi->xstep)) { for (pi->rlvlno = pchg->rlvlnostart, pi->pirlvl = &pi->picomp->pirlvls[pi->rlvlno]; pi->rlvlno < pi->picomp->numrlvls && pi->rlvlno < pchg->rlvlnoend; ++pi->rlvlno, ++pi->pirlvl) { if (pi->pirlvl->numprcs == 0) { continue; } r = pi->picomp->numrlvls - 1 - pi->rlvlno; trx0 = JPC_CEILDIV(pi->xstart, pi->picomp->hsamp << r); try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r); rpx = r + pi->pirlvl->prcwidthexpn; rpy = r + pi->pirlvl->prcheightexpn; if (((pi->x == pi->xstart && ((trx0 << r) % (1 << rpx))) || !(pi->x % (pi->picomp->hsamp << rpx))) && ((pi->y == pi->ystart && ((try0 << r) % (1 << rpy))) || !(pi->y % (pi->picomp->vsamp << rpy)))) { prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn); prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn); pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind; assert(pi->prcno < pi->pirlvl->numprcs); for (pi->lyrno = 0; pi->lyrno < pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { prclyrno = &pi->pirlvl->prclyrnos[pi->prcno]; if (pi->lyrno >= *prclyrno) { ++(*prclyrno); return 0; } skip: ; } } } } } } return 1; }",visit repo url,src/libjasper/jpc/jpc_t2cod.c,https://github.com/mdadams/jasper,81395239201804,1 1102,['CWE-399'],"get_sigframe(struct k_sigaction *ka, struct pt_regs * regs, size_t frame_size) { unsigned long sp; sp = regs->sp; if (on_sig_stack(sp) && !likely(on_sig_stack(sp - frame_size))) return (void __user *) -1L; if (ka->sa.sa_flags & SA_ONSTACK) { if (sas_ss_flags(sp) == 0) sp = current->sas_ss_sp + current->sas_ss_size; } else if ((regs->ss & 0xffff) != __USER_DS && !(ka->sa.sa_flags & SA_RESTORER) && ka->sa.sa_restorer) { sp = (unsigned long) ka->sa.sa_restorer; } sp -= frame_size; sp = ((sp + 4) & -16ul) - 4; return (void __user *) sp; }",linux-2.6,,,336779809447230752743239300973393325101,0 1859,CWE-362,"tlb_update_vma_flags(struct mmu_gather *tlb, struct vm_area_struct *vma) { }",visit repo url,include/asm-generic/tlb.h,https://github.com/torvalds/linux,227988458725257,1 4875,CWE-119,"const char * util_acl_to_str(const sc_acl_entry_t *e) { static char line[80], buf[20]; unsigned int acl; if (e == NULL) return ""N/A""; line[0] = 0; while (e != NULL) { acl = e->method; switch (acl) { case SC_AC_UNKNOWN: return ""N/A""; case SC_AC_NEVER: return ""NEVR""; case SC_AC_NONE: return ""NONE""; case SC_AC_CHV: strcpy(buf, ""CHV""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""%d"", e->key_ref); break; case SC_AC_TERM: strcpy(buf, ""TERM""); break; case SC_AC_PRO: strcpy(buf, ""PROT""); break; case SC_AC_AUT: strcpy(buf, ""AUTH""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 4, ""%d"", e->key_ref); break; case SC_AC_SEN: strcpy(buf, ""Sec.Env. ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; case SC_AC_SCB: strcpy(buf, ""Sec.ControlByte ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""Ox%X"", e->key_ref); break; case SC_AC_IDA: strcpy(buf, ""PKCS#15 AuthID ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; default: strcpy(buf, ""????""); break; } strcat(line, buf); strcat(line, "" ""); e = e->next; } line[strlen(line)-1] = 0; return line; }",visit repo url,src/tools/util.c,https://github.com/OpenSC/OpenSC,34728816745796,1 2788,CWE-787,"BITMAP_UPDATE* update_read_bitmap_update(rdpUpdate* update, wStream* s) { UINT32 i; BITMAP_UPDATE* bitmapUpdate = calloc(1, sizeof(BITMAP_UPDATE)); if (!bitmapUpdate) goto fail; if (Stream_GetRemainingLength(s) < 2) goto fail; Stream_Read_UINT16(s, bitmapUpdate->number); WLog_Print(update->log, WLOG_TRACE, ""BitmapUpdate: %""PRIu32"""", bitmapUpdate->number); if (bitmapUpdate->number > bitmapUpdate->count) { UINT16 count; BITMAP_DATA* newdata; count = bitmapUpdate->number * 2; newdata = (BITMAP_DATA*) realloc(bitmapUpdate->rectangles, sizeof(BITMAP_DATA) * count); if (!newdata) goto fail; bitmapUpdate->rectangles = newdata; ZeroMemory(&bitmapUpdate->rectangles[bitmapUpdate->count], sizeof(BITMAP_DATA) * (count - bitmapUpdate->count)); bitmapUpdate->count = count; } for (i = 0; i < bitmapUpdate->number; i++) { if (!update_read_bitmap_data(update, s, &bitmapUpdate->rectangles[i])) goto fail; } return bitmapUpdate; fail: free_bitmap_update(update->context, bitmapUpdate); return NULL; }",visit repo url,libfreerdp/core/update.c,https://github.com/FreeRDP/FreeRDP,41491631901326,1 2995,['CWE-189'],"int jpc_tagtree_decode(jpc_tagtree_t *tree, jpc_tagtreenode_t *leaf, int threshold, jpc_bitstream_t *in) { jpc_tagtreenode_t *stk[JPC_TAGTREE_MAXDEPTH - 1]; jpc_tagtreenode_t **stkptr; jpc_tagtreenode_t *node; int low; int ret; tree = 0; assert(threshold >= 0); stkptr = stk; node = leaf; while (node->parent_) { *stkptr++ = node; node = node->parent_; } low = 0; for (;;) { if (low > node->low_) { node->low_ = low; } else { low = node->low_; } while (low < threshold && low < node->value_) { if ((ret = jpc_bitstream_getbit(in)) < 0) { return -1; } if (ret) { node->value_ = low; } else { ++low; } } node->low_ = low; if (stkptr == stk) { break; } node = *--stkptr; } return (node->value_ < threshold) ? 1 : 0; }",jasper,,,233191178549445792952750054422613424245,0 2484,['CWE-119'],"int diff_populate_filespec(struct diff_filespec *s, int size_only) { int err = 0; if (!DIFF_FILE_VALID(s)) die(""internal error: asking to populate invalid file.""); if (S_ISDIR(s->mode)) return -1; if (s->data) return 0; if (size_only && 0 < s->size) return 0; if (S_ISGITLINK(s->mode)) return diff_populate_gitlink(s, size_only); if (!s->sha1_valid || reuse_worktree_file(s->path, s->sha1, 0)) { struct strbuf buf; struct stat st; int fd; if (!strcmp(s->path, ""-"")) return populate_from_stdin(s); if (lstat(s->path, &st) < 0) { if (errno == ENOENT) { err_empty: err = -1; empty: s->data = (char *)""""; s->size = 0; return err; } } s->size = xsize_t(st.st_size); if (!s->size) goto empty; if (size_only) return 0; if (S_ISLNK(st.st_mode)) { int ret; s->data = xmalloc(s->size); s->should_free = 1; ret = readlink(s->path, s->data, s->size); if (ret < 0) { free(s->data); goto err_empty; } return 0; } fd = open(s->path, O_RDONLY); if (fd < 0) goto err_empty; s->data = xmmap(NULL, s->size, PROT_READ, MAP_PRIVATE, fd, 0); close(fd); s->should_munmap = 1; strbuf_init(&buf, 0); if (convert_to_git(s->path, s->data, s->size, &buf, safe_crlf)) { size_t size = 0; munmap(s->data, s->size); s->should_munmap = 0; s->data = strbuf_detach(&buf, &size); s->size = size; s->should_free = 1; } } else { enum object_type type; if (size_only) type = sha1_object_info(s->sha1, &s->size); else { s->data = read_sha1_file(s->sha1, &type, &s->size); s->should_free = 1; } } return 0; }",git,,,49149814679559267435535259409936413967,0 750,['CWE-119'],"isdn_net_get_stats(struct net_device *dev) { isdn_net_local *lp = (isdn_net_local *) dev->priv; return &lp->stats; }",linux-2.6,,,193682756496044709035690730602540021595,0 2508,['CWE-119'],"void diff_addremove(struct diff_options *options, int addremove, unsigned mode, const unsigned char *sha1, const char *concatpath) { struct diff_filespec *one, *two; if (DIFF_OPT_TST(options, IGNORE_SUBMODULES) && S_ISGITLINK(mode)) return; if (DIFF_OPT_TST(options, REVERSE_DIFF)) addremove = (addremove == '+' ? '-' : addremove == '-' ? '+' : addremove); if (options->prefix && strncmp(concatpath, options->prefix, options->prefix_length)) return; one = alloc_filespec(concatpath); two = alloc_filespec(concatpath); if (addremove != '+') fill_filespec(one, sha1, mode); if (addremove != '-') fill_filespec(two, sha1, mode); diff_queue(&diff_queued_diff, one, two); DIFF_OPT_SET(options, HAS_CHANGES); }",git,,,239011952209649139424411613539589052573,0 3428,['CWE-264'],"__generic_file_splice_read(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { struct address_space *mapping = in->f_mapping; unsigned int loff, nr_pages; struct page *pages[PIPE_BUFFERS]; struct partial_page partial[PIPE_BUFFERS]; struct page *page; pgoff_t index, end_index; loff_t isize; size_t total_len; int error, page_nr; struct splice_pipe_desc spd = { .pages = pages, .partial = partial, .flags = flags, .ops = &page_cache_pipe_buf_ops, }; index = *ppos >> PAGE_CACHE_SHIFT; loff = *ppos & ~PAGE_CACHE_MASK; nr_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; if (nr_pages > PIPE_BUFFERS) nr_pages = PIPE_BUFFERS; if (!loff || nr_pages > 1) page_cache_readahead(mapping, &in->f_ra, in, index, nr_pages); error = 0; total_len = 0; spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages); index += spd.nr_pages; while (spd.nr_pages < nr_pages) { page = find_get_page(mapping, index); if (!page) { handle_ra_miss(mapping, &in->f_ra, index); page = page_cache_alloc_cold(mapping); if (!page) break; error = add_to_page_cache_lru(page, mapping, index, mapping_gfp_mask(mapping)); if (unlikely(error)) { page_cache_release(page); if (error == -EEXIST) continue; break; } unlock_page(page); } pages[spd.nr_pages++] = page; index++; } index = *ppos >> PAGE_CACHE_SHIFT; nr_pages = spd.nr_pages; spd.nr_pages = 0; for (page_nr = 0; page_nr < nr_pages; page_nr++) { unsigned int this_len; if (!len) break; this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff); page = pages[page_nr]; if (!PageUptodate(page)) { if (flags & SPLICE_F_NONBLOCK) break; lock_page(page); if (!page->mapping) { unlock_page(page); break; } if (PageUptodate(page)) { unlock_page(page); goto fill_it; } error = mapping->a_ops->readpage(in, page); if (unlikely(error)) { if (error == AOP_TRUNCATED_PAGE) error = 0; break; } isize = i_size_read(mapping->host); end_index = (isize - 1) >> PAGE_CACHE_SHIFT; if (unlikely(!isize || index > end_index)) break; if (end_index == index) { loff = PAGE_CACHE_SIZE - (isize & ~PAGE_CACHE_MASK); if (total_len + loff > isize) break; len = this_len; this_len = min(this_len, loff); loff = 0; } } fill_it: partial[page_nr].offset = loff; partial[page_nr].len = this_len; len -= this_len; total_len += this_len; loff = 0; spd.nr_pages++; index++; } while (page_nr < nr_pages) page_cache_release(pages[page_nr++]); if (spd.nr_pages) return splice_to_pipe(pipe, &spd); return error; }",linux-2.6,,,249047832330348630008326358356574281246,0 3910,CWE-121,"ex_endtry(exarg_T *eap) { int idx; int skip; int rethrow = FALSE; int pending = CSTP_NONE; void *rettv = NULL; cstack_T *cstack = eap->cstack; if (cmdmod_error(FALSE)) return; if (cstack->cs_trylevel <= 0 || cstack->cs_idx < 0) eap->errmsg = _(e_endtry_without_try); else { skip = did_emsg || got_int || did_throw || !(cstack->cs_flags[cstack->cs_idx] & CSF_TRUE); if (!(cstack->cs_flags[cstack->cs_idx] & CSF_TRY)) { eap->errmsg = get_end_emsg(cstack); idx = cstack->cs_idx; do --idx; while (idx > 0 && !(cstack->cs_flags[idx] & CSF_TRY)); rewind_conditionals(cstack, idx, CSF_WHILE | CSF_FOR, &cstack->cs_looplevel); skip = TRUE; if (did_throw) discard_current_exception(); did_emsg = FALSE; } else { idx = cstack->cs_idx; if (!skip && in_vim9script() && (cstack->cs_flags[idx] & (CSF_CATCH|CSF_FINALLY)) == 0) { eap->errmsg = _(e_missing_catch_or_finally); } if (did_throw && (cstack->cs_flags[idx] & CSF_TRUE) && !(cstack->cs_flags[idx] & CSF_FINALLY)) rethrow = TRUE; } if ((rethrow || (!skip && !(cstack->cs_flags[idx] & CSF_FINALLY) && !cstack->cs_pending[idx])) && dbg_check_skipped(eap)) { if (got_int) { skip = TRUE; (void)do_intthrow(cstack); rethrow = FALSE; if (did_throw && !(cstack->cs_flags[idx] & CSF_FINALLY)) rethrow = TRUE; } } if (!skip) { pending = cstack->cs_pending[idx]; cstack->cs_pending[idx] = CSTP_NONE; if (pending == CSTP_RETURN) rettv = cstack->cs_rettv[idx]; else if (pending & CSTP_THROW) current_exception = cstack->cs_exception[idx]; } (void)cleanup_conditionals(cstack, CSF_TRY | CSF_SILENT, TRUE); if (cstack->cs_idx >= 0 && (cstack->cs_flags[cstack->cs_idx] & CSF_TRY)) leave_block(cstack); --cstack->cs_trylevel; if (!skip) { report_resume_pending(pending, (pending == CSTP_RETURN) ? rettv : (pending & CSTP_THROW) ? (void *)current_exception : NULL); switch (pending) { case CSTP_NONE: break; case CSTP_CONTINUE: ex_continue(eap); break; case CSTP_BREAK: ex_break(eap); break; case CSTP_RETURN: do_return(eap, FALSE, FALSE, rettv); break; case CSTP_FINISH: do_finish(eap, FALSE); break; default: if (pending & CSTP_ERROR) did_emsg = TRUE; if (pending & CSTP_INTERRUPT) got_int = TRUE; if (pending & CSTP_THROW) rethrow = TRUE; break; } } if (rethrow) do_throw(cstack); } }",visit repo url,src/ex_eval.c,https://github.com/vim/vim,10412026965750,1 4868,CWE-415,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 1210,CWE-400,"static int p4_pmu_handle_irq(struct pt_regs *regs) { struct perf_sample_data data; struct cpu_hw_events *cpuc; struct perf_event *event; struct hw_perf_event *hwc; int idx, handled = 0; u64 val; perf_sample_data_init(&data, 0); cpuc = &__get_cpu_var(cpu_hw_events); for (idx = 0; idx < x86_pmu.num_counters; idx++) { int overflow; if (!test_bit(idx, cpuc->active_mask)) { if (__test_and_clear_bit(idx, cpuc->running)) handled++; continue; } event = cpuc->events[idx]; hwc = &event->hw; WARN_ON_ONCE(hwc->idx != idx); overflow = p4_pmu_clear_cccr_ovf(hwc); val = x86_perf_event_update(event); if (!overflow && (val & (1ULL << (x86_pmu.cntval_bits - 1)))) continue; handled += overflow; data.period = event->hw.last_period; if (!x86_perf_event_set_period(event)) continue; if (perf_event_overflow(event, 1, &data, regs)) x86_pmu_stop(event, 0); } if (handled) inc_irq_stat(apic_perf_irqs); apic_write(APIC_LVTPC, APIC_DM_NMI); return handled; }",visit repo url,arch/x86/kernel/cpu/perf_event_p4.c,https://github.com/torvalds/linux,6944704394279,1 6172,CWE-190,"void ep4_mul_sim_dig(ep4_t r, const ep4_t p[], const dig_t k[], int len) { ep4_t t; int max; ep4_null(t); max = util_bits_dig(k[0]); for (int i = 1; i < len; i++) { max = RLC_MAX(max, util_bits_dig(k[i])); } RLC_TRY { ep4_new(t); ep4_set_infty(t); for (int i = max - 1; i >= 0; i--) { ep4_dbl(t, t); for (int j = 0; j < len; j++) { if (k[j] & ((dig_t)1 << i)) { ep4_add(t, t, p[j]); } } } ep4_norm(r, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { ep4_free(t); } }",visit repo url,src/epx/relic_ep4_mul_sim.c,https://github.com/relic-toolkit/relic,211131284630522,1 4977,CWE-787,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 2023,['CWE-269'],"asmlinkage long sys_mount(char __user * dev_name, char __user * dir_name, char __user * type, unsigned long flags, void __user * data) { int retval; unsigned long data_page; unsigned long type_page; unsigned long dev_page; char *dir_page; retval = copy_mount_options(type, &type_page); if (retval < 0) return retval; dir_page = getname(dir_name); retval = PTR_ERR(dir_page); if (IS_ERR(dir_page)) goto out1; retval = copy_mount_options(dev_name, &dev_page); if (retval < 0) goto out2; retval = copy_mount_options(data, &data_page); if (retval < 0) goto out3; lock_kernel(); retval = do_mount((char *)dev_page, dir_page, (char *)type_page, flags, (void *)data_page); unlock_kernel(); free_page(data_page); out3: free_page(dev_page); out2: putname(dir_page); out1: free_page(type_page); return retval; }",linux-2.6,,,85010807117247999822143994454714607217,0 1180,['CWE-189'],"void hrtimer_interrupt(struct clock_event_device *dev) { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); struct hrtimer_clock_base *base; ktime_t expires_next, now; int i, raise = 0; BUG_ON(!cpu_base->hres_active); cpu_base->nr_events++; dev->next_event.tv64 = KTIME_MAX; retry: now = ktime_get(); expires_next.tv64 = KTIME_MAX; base = cpu_base->clock_base; for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++) { ktime_t basenow; struct rb_node *node; spin_lock(&cpu_base->lock); basenow = ktime_add(now, base->offset); while ((node = base->first)) { struct hrtimer *timer; timer = rb_entry(node, struct hrtimer, node); if (basenow.tv64 < timer->expires.tv64) { ktime_t expires; expires = ktime_sub(timer->expires, base->offset); if (expires.tv64 < expires_next.tv64) expires_next = expires; break; } if (timer->cb_mode == HRTIMER_CB_SOFTIRQ) { __remove_hrtimer(timer, base, HRTIMER_STATE_PENDING, 0); list_add_tail(&timer->cb_entry, &base->cpu_base->cb_pending); raise = 1; continue; } __remove_hrtimer(timer, base, HRTIMER_STATE_CALLBACK, 0); timer_stats_account_hrtimer(timer); if (timer->function(timer) != HRTIMER_NORESTART) { BUG_ON(timer->state != HRTIMER_STATE_CALLBACK); enqueue_hrtimer(timer, base, 0); } timer->state &= ~HRTIMER_STATE_CALLBACK; } spin_unlock(&cpu_base->lock); base++; } cpu_base->expires_next = expires_next; if (expires_next.tv64 != KTIME_MAX) { if (tick_program_event(expires_next, 0)) goto retry; } if (raise) raise_softirq(HRTIMER_SOFTIRQ); }",linux-2.6,,,86424170423475946860362608163818407383,0 5237,['CWE-264'],"static bool remove_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname) { SMB_ACL_T file_acl = NULL; int entry_id = SMB_ACL_FIRST_ENTRY; SMB_ACL_ENTRY_T entry; bool ret = False; SMB_ACL_T new_file_acl = SMB_VFS_SYS_ACL_INIT(conn, 3); SMB_ACL_ENTRY_T user_ent = NULL; SMB_ACL_ENTRY_T group_ent = NULL; SMB_ACL_ENTRY_T other_ent = NULL; if (new_file_acl == NULL) { DEBUG(5,(""remove_posix_acl: failed to init new ACL with 3 entries for file %s.\n"", fname)); return False; } if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &user_ent) == -1) { DEBUG(5,(""remove_posix_acl: Failed to create user entry for file %s. (%s)\n"", fname, strerror(errno) )); goto done; } if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, user_ent, SMB_ACL_USER_OBJ) == -1) { DEBUG(5,(""remove_posix_acl: Failed to set user entry for file %s. (%s)\n"", fname, strerror(errno) )); goto done; } if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &group_ent) == -1) { DEBUG(5,(""remove_posix_acl: Failed to create group entry for file %s. (%s)\n"", fname, strerror(errno) )); goto done; } if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, group_ent, SMB_ACL_GROUP_OBJ) == -1) { DEBUG(5,(""remove_posix_acl: Failed to set group entry for file %s. (%s)\n"", fname, strerror(errno) )); goto done; } if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &other_ent) == -1) { DEBUG(5,(""remove_posix_acl: Failed to create other entry for file %s. (%s)\n"", fname, strerror(errno) )); goto done; } if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, other_ent, SMB_ACL_OTHER) == -1) { DEBUG(5,(""remove_posix_acl: Failed to set other entry for file %s. (%s)\n"", fname, strerror(errno) )); goto done; } if (fsp && fsp->fh->fd != -1) { file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp); } else { file_acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, SMB_ACL_TYPE_ACCESS); } if (file_acl == NULL) { DEBUG(5,(""remove_posix_acl: failed to get ACL from file %s (%s).\n"", fname, strerror(errno) )); goto done; } while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, file_acl, entry_id, &entry) == 1) { SMB_ACL_TAG_T tagtype; SMB_ACL_PERMSET_T permset; if (entry_id == SMB_ACL_FIRST_ENTRY) entry_id = SMB_ACL_NEXT_ENTRY; if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1) { DEBUG(5,(""remove_posix_acl: failed to get tagtype from ACL on file %s (%s).\n"", fname, strerror(errno) )); goto done; } if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) { DEBUG(5,(""remove_posix_acl: failed to get permset from ACL on file %s (%s).\n"", fname, strerror(errno) )); goto done; } if (tagtype == SMB_ACL_USER_OBJ) { if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, user_ent, permset) == -1) { DEBUG(5,(""remove_posix_acl: failed to set permset from ACL on file %s (%s).\n"", fname, strerror(errno) )); } } else if (tagtype == SMB_ACL_GROUP_OBJ) { if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, group_ent, permset) == -1) { DEBUG(5,(""remove_posix_acl: failed to set permset from ACL on file %s (%s).\n"", fname, strerror(errno) )); } } else if (tagtype == SMB_ACL_OTHER) { if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, other_ent, permset) == -1) { DEBUG(5,(""remove_posix_acl: failed to set permset from ACL on file %s (%s).\n"", fname, strerror(errno) )); } } } if (fsp && fsp->fh->fd != -1) { if (SMB_VFS_SYS_ACL_SET_FD(fsp, new_file_acl) == -1) { DEBUG(5,(""remove_posix_acl: acl_set_file failed on %s (%s)\n"", fname, strerror(errno) )); goto done; } } else { if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, new_file_acl) == -1) { DEBUG(5,(""remove_posix_acl: acl_set_file failed on %s (%s)\n"", fname, strerror(errno) )); goto done; } } ret = True; done: if (file_acl) { SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl); } if (new_file_acl) { SMB_VFS_SYS_ACL_FREE_ACL(conn, new_file_acl); } return ret; }",samba,,,82777656146962351892442603869594264682,0 3092,CWE-310,"int ssl3_get_cert_verify(SSL *s) { EVP_PKEY *pkey=NULL; unsigned char *p; int al,ok,ret=0; long n; int type=0,i,j; X509 *peer; const EVP_MD *md = NULL; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); n=s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return((int)n); if (s->session->peer != NULL) { peer=s->session->peer; pkey=X509_get_pubkey(peer); type=X509_certificate_type(peer,pkey); } else { peer=NULL; pkey=NULL; } if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { s->s3->tmp.reuse_message=1; if ((peer != NULL) && (type & EVP_PKT_SIGN)) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); goto f_err; } ret=1; goto end; } if (peer == NULL) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED); al=SSL_AD_UNEXPECTED_MESSAGE; goto f_err; } if (!(type & EVP_PKT_SIGN)) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); al=SSL_AD_ILLEGAL_PARAMETER; goto f_err; } if (s->s3->change_cipher_spec) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); al=SSL_AD_UNEXPECTED_MESSAGE; goto f_err; } p=(unsigned char *)s->init_msg; if (n==64 && (pkey->type==NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) ) { i=64; } else { if (SSL_USE_SIGALGS(s)) { int rv = tls12_check_peer_sigalg(&md, s, p, pkey); if (rv == -1) { al = SSL_AD_INTERNAL_ERROR; goto f_err; } else if (rv == 0) { al = SSL_AD_DECODE_ERROR; goto f_err; } #ifdef SSL_DEBUG fprintf(stderr, ""USING TLSv1.2 HASH %s\n"", EVP_MD_name(md)); #endif p += 2; n -= 2; } n2s(p,i); n-=2; if (i > n) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH); al=SSL_AD_DECODE_ERROR; goto f_err; } } j=EVP_PKEY_size(pkey); if ((i > j) || (n > j) || (n <= 0)) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE); al=SSL_AD_DECODE_ERROR; goto f_err; } if (SSL_USE_SIGALGS(s)) { long hdatalen = 0; void *hdata; hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); if (hdatalen <= 0) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR); al=SSL_AD_INTERNAL_ERROR; goto f_err; } #ifdef SSL_DEBUG fprintf(stderr, ""Using TLS 1.2 with client verify alg %s\n"", EVP_MD_name(md)); #endif if (!EVP_VerifyInit_ex(&mctx, md, NULL) || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB); al=SSL_AD_INTERNAL_ERROR; goto f_err; } if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_SIGNATURE); goto f_err; } } else #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, pkey->pkey.rsa); if (i < 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT); goto f_err; } if (i == 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE); goto f_err; } } else #endif #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { j=DSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); if (j <= 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE); goto f_err; } } else #endif #ifndef OPENSSL_NO_ECDSA if (pkey->type == EVP_PKEY_EC) { j=ECDSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec); if (j <= 0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE); goto f_err; } } else #endif if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) { unsigned char signature[64]; int idx; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL); EVP_PKEY_verify_init(pctx); if (i!=64) { fprintf(stderr,""GOST signature length is %d"",i); } for (idx=0;idx<64;idx++) { signature[63-idx]=p[idx]; } j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32); EVP_PKEY_CTX_free(pctx); if (j<=0) { al=SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE); goto f_err; } } else { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); al=SSL_AD_UNSUPPORTED_CERTIFICATE; goto f_err; } ret=1; if (0) { f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); } end: if (s->s3->handshake_buffer) { BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; } EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_free(pkey); return(ret); }",visit repo url,ssl/s3_srvr.c,https://github.com/openssl/openssl,279046101304488,1 2787,['CWE-264'],"sbni_interrupt( int irq, void *dev_id ) { struct net_device *dev = dev_id; struct net_local *nl = dev->priv; int repeat; spin_lock( &nl->lock ); if( nl->second ) spin_lock( &((struct net_local *) nl->second->priv)->lock ); do { repeat = 0; if( inb( dev->base_addr + CSR0 ) & (RC_RDY | TR_RDY) ) handle_channel( dev ), repeat = 1; if( nl->second && (inb( nl->second->base_addr+CSR0 ) & (RC_RDY | TR_RDY)) ) handle_channel( nl->second ), repeat = 1; } while( repeat ); if( nl->second ) spin_unlock( &((struct net_local *)nl->second->priv)->lock ); spin_unlock( &nl->lock ); return IRQ_HANDLED; }",linux-2.6,,,141069618364515615776131060311113746110,0 5983,CWE-120,"static int __pyx_pf_17clickhouse_driver_14bufferedreader_14BufferedReader_8position_2__set__(struct __pyx_obj_17clickhouse_driver_14bufferedreader_BufferedReader *__pyx_v_self, PyObject *__pyx_v_value) { int __pyx_r; __Pyx_RefNannyDeclarations Py_ssize_t __pyx_t_1; __Pyx_RefNannySetupContext(""__set__"", 0); __pyx_t_1 = __Pyx_PyIndex_AsSsize_t(__pyx_v_value); if (unlikely((__pyx_t_1 == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 11, __pyx_L1_error) __pyx_v_self->position = __pyx_t_1; __pyx_r = 0; goto __pyx_L0; __pyx_L1_error:; __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.BufferedReader.position.__set__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = -1; __pyx_L0:; __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,165385276951397,1 6031,CWE-476,"_dwarf_internal_printlines(Dwarf_Die die, int * err_count_out, int only_line_header, Dwarf_Error * error) { Dwarf_Small *line_ptr = 0; Dwarf_Small *orig_line_ptr = 0; Dwarf_Attribute stmt_list_attr = 0; Dwarf_Attribute comp_dir_attr = 0; Dwarf_Small *comp_dir = NULL; Dwarf_Unsigned line_offset = 0; Dwarf_Half attrform = 0; Dwarf_Small* bogus_bytes_ptr = 0; Dwarf_Unsigned bogus_bytes_count = 0; Dwarf_Half address_size = 0; Dwarf_Unsigned fission_offset = 0; unsigned line_version = 0; Dwarf_Debug dbg = 0; Dwarf_CU_Context cu_context = 0; Dwarf_Line_Context line_context = 0; int resattr = DW_DLV_ERROR; int lres = DW_DLV_ERROR; int res = DW_DLV_ERROR; Dwarf_Small *line_ptr_actuals = 0; Dwarf_Small *line_ptr_end = 0; Dwarf_Small *section_start = 0; if (error != NULL) { *error = NULL; } CHECK_DIE(die, DW_DLV_ERROR); cu_context = die->di_cu_context; dbg = cu_context->cc_dbg; res = _dwarf_load_section(dbg, &dbg->de_debug_line,error); if (res != DW_DLV_OK) { return res; } if (!dbg->de_debug_line.dss_size) { return (DW_DLV_NO_ENTRY); } address_size = _dwarf_get_address_size(dbg, die); resattr = dwarf_attr(die, DW_AT_stmt_list, &stmt_list_attr, error); if (resattr != DW_DLV_OK) { return resattr; } lres = dwarf_whatform(stmt_list_attr,&attrform,error); if (lres != DW_DLV_OK) { dwarf_dealloc(dbg,stmt_list_attr, DW_DLA_ATTR); return lres; } if (attrform != DW_FORM_data4 && attrform != DW_FORM_data8 && attrform != DW_FORM_sec_offset ) { dwarf_dealloc(dbg,stmt_list_attr, DW_DLA_ATTR); _dwarf_error(dbg, error, DW_DLE_LINE_OFFSET_BAD); return (DW_DLV_ERROR); } lres = dwarf_global_formref(stmt_list_attr, &line_offset, error); if (lres != DW_DLV_OK) { dwarf_dealloc(dbg,stmt_list_attr, DW_DLA_ATTR); return lres; } if (line_offset >= dbg->de_debug_line.dss_size) { dwarf_dealloc(dbg,stmt_list_attr, DW_DLA_ATTR); _dwarf_error(dbg, error, DW_DLE_LINE_OFFSET_BAD); return (DW_DLV_ERROR); } section_start = dbg->de_debug_line.dss_data; { Dwarf_Unsigned fission_size = 0; int resfis = _dwarf_get_fission_addition_die(die, DW_SECT_LINE, &fission_offset,&fission_size,error); if(resfis != DW_DLV_OK) { dwarf_dealloc(dbg,stmt_list_attr, DW_DLA_ATTR); return resfis; } } orig_line_ptr = section_start + line_offset + fission_offset; line_ptr = orig_line_ptr; dwarf_dealloc(dbg, stmt_list_attr, DW_DLA_ATTR); resattr = dwarf_attr(die, DW_AT_comp_dir, &comp_dir_attr, error); if (resattr == DW_DLV_ERROR) { return resattr; } if (resattr == DW_DLV_OK) { int cres = DW_DLV_ERROR; char *cdir = 0; cres = dwarf_formstring(comp_dir_attr, &cdir, error); if (cres == DW_DLV_ERROR) { return cres; } else if (cres == DW_DLV_OK) { comp_dir = (Dwarf_Small *) cdir; } } if (resattr == DW_DLV_OK) { dwarf_dealloc(dbg, comp_dir_attr, DW_DLA_ATTR); } line_context = (Dwarf_Line_Context) _dwarf_get_alloc(dbg, DW_DLA_LINE_CONTEXT, 1); if (line_context == NULL) { _dwarf_error(dbg, error, DW_DLE_ALLOC_FAIL); return (DW_DLV_ERROR); } { Dwarf_Small *newlinep = 0; int dres = _dwarf_read_line_table_header(dbg, cu_context, section_start, line_ptr, dbg->de_debug_line.dss_size, &newlinep, line_context, &bogus_bytes_ptr, &bogus_bytes_count, error, err_count_out); if (dres == DW_DLV_ERROR) { dwarf_srclines_dealloc_b(line_context); return dres; } if (dres == DW_DLV_NO_ENTRY) { dwarf_srclines_dealloc_b(line_context); return dres; } line_ptr_end = line_context->lc_line_ptr_end; line_ptr = newlinep; if (line_context->lc_actuals_table_offset > 0) { line_ptr_actuals = line_context->lc_line_prologue_start + line_context->lc_actuals_table_offset; } } line_version = line_context->lc_version_number; line_context->lc_compilation_directory = comp_dir; if (only_line_header) { dwarf_srclines_dealloc_b(line_context); return DW_DLV_OK; } do_line_print_now(dbg,line_version,comp_dir,line_context); print_include_directory_details(dbg,line_version,line_context); print_file_entry_details(dbg,line_version,line_context); print_experimental_counts(dbg, line_version,line_context); res = print_actuals_and_locals(dbg, line_context, bogus_bytes_count,bogus_bytes_ptr, orig_line_ptr, line_ptr, section_start, line_ptr_actuals, line_ptr_end, address_size, err_count_out, error); if (res != DW_DLV_OK) { return res; } return DW_DLV_OK; }",visit repo url,libdwarf/dwarf_print_lines.c,https://github.com/davea42/libdwarf-code,61343108182646,1 4693,CWE-119,"static int pop_sync_mailbox (CONTEXT *ctx, int *index_hint) { int i, j, ret = 0; char buf[LONG_STRING]; POP_DATA *pop_data = (POP_DATA *)ctx->data; progress_t progress; #ifdef USE_HCACHE header_cache_t *hc = NULL; #endif pop_data->check_time = 0; FOREVER { if (pop_reconnect (ctx) < 0) return -1; mutt_progress_init (&progress, _(""Marking messages deleted...""), MUTT_PROGRESS_MSG, WriteInc, ctx->deleted); #if USE_HCACHE hc = pop_hcache_open (pop_data, ctx->path); #endif for (i = 0, j = 0, ret = 0; ret == 0 && i < ctx->msgcount; i++) { if (ctx->hdrs[i]->deleted && ctx->hdrs[i]->refno != -1) { j++; if (!ctx->quiet) mutt_progress_update (&progress, j, -1); snprintf (buf, sizeof (buf), ""DELE %d\r\n"", ctx->hdrs[i]->refno); if ((ret = pop_query (pop_data, buf, sizeof (buf))) == 0) { mutt_bcache_del (pop_data->bcache, ctx->hdrs[i]->data); #if USE_HCACHE mutt_hcache_delete (hc, ctx->hdrs[i]->data, strlen); #endif } } #if USE_HCACHE if (ctx->hdrs[i]->changed) { mutt_hcache_store (hc, ctx->hdrs[i]->data, ctx->hdrs[i], 0, strlen, MUTT_GENERATE_UIDVALIDITY); } #endif } #if USE_HCACHE mutt_hcache_close (hc); #endif if (ret == 0) { strfcpy (buf, ""QUIT\r\n"", sizeof (buf)); ret = pop_query (pop_data, buf, sizeof (buf)); } if (ret == 0) { pop_data->clear_cache = 1; pop_clear_cache (pop_data); pop_data->status = POP_DISCONNECTED; return 0; } if (ret == -2) { mutt_error (""%s"", pop_data->err_msg); mutt_sleep (2); return -1; } } }",visit repo url,pop.c,https://gitlab.com/muttmua/mutt,280391463689608,1 5645,['CWE-476'],"static void udp_close(struct sock *sk, long timeout) { sk_common_release(sk); }",linux-2.6,,,179903672692158544610117704891679089679,0 6543,CWE-444,"int h1_parse_cont_len_header(struct h1m *h1m, struct ist *value) { char *e, *n; long long cl; int not_first = !!(h1m->flags & H1_MF_CLEN); struct ist word; word.ptr = value->ptr - 1; e = value->ptr + value->len; while (++word.ptr < e) { if (unlikely(HTTP_IS_LWS(*word.ptr))) continue; for (cl = 0, n = word.ptr; n < e; n++) { unsigned int c = *n - '0'; if (unlikely(c > 9)) { if (unlikely(n == word.ptr)) goto fail; break; } if (unlikely(cl > ULLONG_MAX / 10ULL)) goto fail; cl = cl * 10ULL; if (unlikely(cl + c < cl)) goto fail; cl = cl + c; } word.len = n - word.ptr; for (; n < e; n++) { if (!HTTP_IS_LWS(*n)) { if (unlikely(*n != ',')) goto fail; break; } } if (h1m->flags & H1_MF_CLEN && cl != h1m->body_len) goto fail; h1m->flags |= H1_MF_CLEN; h1m->curr_len = h1m->body_len = cl; *value = word; word.ptr = n; } return !not_first; fail: return -1; }",visit repo url,src/h1.c,https://github.com/haproxy/haproxy,116261632292433,1 5451,CWE-617,"pci_emul_capwrite(struct pci_vdev *dev, int offset, int bytes, uint32_t val) { int capid; uint8_t capoff, nextoff; if ((offset & (bytes - 1)) != 0) return; capoff = CAP_START_OFFSET; while (1) { nextoff = pci_get_cfgdata8(dev, capoff + 1); if (nextoff == 0) break; if (offset >= capoff && offset < nextoff) break; capoff = nextoff; } assert(offset >= capoff); if (offset == capoff || offset == capoff + 1) { if (offset == capoff && bytes == 4) { bytes = 2; offset += 2; val >>= 16; } else return; } capid = pci_get_cfgdata8(dev, capoff); switch (capid) { case PCIY_MSI: msicap_cfgwrite(dev, capoff, offset, bytes, val); break; case PCIY_MSIX: msixcap_cfgwrite(dev, capoff, offset, bytes, val); break; case PCIY_EXPRESS: pciecap_cfgwrite(dev, capoff, offset, bytes, val); break; default: CFGWRITE(dev, offset, val, bytes); break; } }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,136202146531308,1 6668,['CWE-200'],"exit_cb (GObject *ignored, gpointer user_data) { NMApplet *applet = user_data; g_main_loop_quit (applet->loop); }",network-manager-applet,,,226721477260432095643977128614217607425,0 282,CWE-399,"static int proc_sys_readdir(struct file *file, struct dir_context *ctx) { struct ctl_table_header *head = grab_header(file_inode(file)); struct ctl_table_header *h = NULL; struct ctl_table *entry; struct ctl_dir *ctl_dir; unsigned long pos; if (IS_ERR(head)) return PTR_ERR(head); ctl_dir = container_of(head, struct ctl_dir, header); if (!dir_emit_dots(file, ctx)) return 0; pos = 2; for (first_entry(ctl_dir, &h, &entry); h; next_entry(&h, &entry)) { if (!scan(h, entry, &pos, file, ctx)) { sysctl_head_finish(h); break; } } sysctl_head_finish(head); return 0; }",visit repo url,fs/proc/proc_sysctl.c,https://github.com/torvalds/linux,102965869166172,1 5139,CWE-125,"ast_for_with_stmt(struct compiling *c, const node *n0, bool is_async) { const node * const n = is_async ? CHILD(n0, 1) : n0; int i, n_items, end_lineno, end_col_offset; asdl_seq *items, *body; REQ(n, with_stmt); n_items = (NCH(n) - 2) / 2; items = _Py_asdl_seq_new(n_items, c->c_arena); if (!items) return NULL; for (i = 1; i < NCH(n) - 2; i += 2) { withitem_ty item = ast_for_with_item(c, CHILD(n, i)); if (!item) return NULL; asdl_seq_SET(items, (i - 1) / 2, item); } body = ast_for_suite(c, CHILD(n, NCH(n) - 1)); if (!body) return NULL; get_last_end_pos(body, &end_lineno, &end_col_offset); if (is_async) return AsyncWith(items, body, LINENO(n0), n0->n_col_offset, end_lineno, end_col_offset, c->c_arena); else return With(items, body, LINENO(n), n->n_col_offset, end_lineno, end_col_offset, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,30112699427629,1 6327,CWE-295,"void main_init() { #ifdef USE_SYSTEMD int i; systemd_fds=sd_listen_fds(1); if(systemd_fds<0) fatal(""systemd initialization failed""); listen_fds_start=SD_LISTEN_FDS_START; for(i=0; i0) s_log(LOG_INFO, ""Systemd socket activation: %d descriptors received"", systemd_fds); }",visit repo url,src/stunnel.c,https://github.com/mtrojnar/stunnel,38201830256254,1 2577,CWE-269,"void virtio_config_writeb(VirtIODevice *vdev, uint32_t addr, uint32_t data) { VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); uint8_t val = data; if (addr > (vdev->config_len - sizeof(val))) return; stb_p(vdev->config + addr, val); if (k->set_config) { k->set_config(vdev, vdev->config); } }",visit repo url,hw/virtio/virtio.c,https://github.com/qemu/qemu,12453392629872,1 5675,CWE-909,"createenv(const struct rule *rule) { struct env *env; u_int i; env = malloc(sizeof(*env)); if (!env) err(1, NULL); RB_INIT(&env->root); env->count = 0; if (rule->options & KEEPENV) { extern char **environ; for (i = 0; environ[i] != NULL; i++) { struct envnode *node; const char *e, *eq; size_t len; char keybuf[1024]; e = environ[i]; if ((eq = strchr(e, '=')) == NULL || eq == e) continue; len = eq - e; if (len > sizeof(keybuf) - 1) continue; memcpy(keybuf, e, len); keybuf[len] = '\0'; node = createnode(keybuf, eq + 1); if (RB_INSERT(envtree, &env->root, node)) { freenode(node); } else { env->count++; } } } return env; }",visit repo url,env.c,https://github.com/Duncaen/OpenDoas,53706675595887,1 2035,['CWE-269'],"static inline void mangle(struct seq_file *m, const char *s) { seq_escape(m, s, "" \t\n\\""); }",linux-2.6,,,41032762125345631812593482932222196103,0 2934,['CWE-189'],"int jpc_ns_synthesize(jpc_fix_t *a, int xstart, int ystart, int width, int height, int stride) { int numrows = height; int numcols = width; int rowparity = ystart & 1; int colparity = xstart & 1; int maxcols; jpc_fix_t *startptr; int i; startptr = &a[0]; for (i = 0; i < numrows; ++i) { jpc_ns_invlift_row(startptr, numcols, colparity); jpc_qmfb_join_row(startptr, numcols, colparity); startptr += stride; } maxcols = (numcols / JPC_QMFB_COLGRPSIZE) * JPC_QMFB_COLGRPSIZE; startptr = &a[0]; for (i = 0; i < maxcols; i += JPC_QMFB_COLGRPSIZE) { jpc_ns_invlift_colgrp(startptr, numrows, stride, rowparity); jpc_qmfb_join_colgrp(startptr, numrows, stride, rowparity); startptr += JPC_QMFB_COLGRPSIZE; } if (maxcols < numcols) { jpc_ns_invlift_colres(startptr, numrows, numcols - maxcols, stride, rowparity); jpc_qmfb_join_colres(startptr, numrows, numcols - maxcols, stride, rowparity); } return 0; }",jasper,,,65955116524222790879111535421590351548,0 824,['CWE-16'],"static void esp_destroy(struct xfrm_state *x) { struct esp_data *esp = x->data; if (!esp) return; crypto_free_aead(esp->aead); kfree(esp); }",linux-2.6,,,98186834775634139779097774947414519921,0 719,[],"static int jpc_poc_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_poc_t *poc = &ms->parms.poc; jpc_pocpchg_t *pchg; int pchgno; for (pchgno = 0, pchg = poc->pchgs; pchgno < poc->numpchgs; ++pchgno, ++pchg) { fprintf(out, ""po[%d] = %d; "", pchgno, pchg->prgord); fprintf(out, ""cs[%d] = %d; ce[%d] = %d; "", pchgno, pchg->compnostart, pchgno, pchg->compnoend); fprintf(out, ""rs[%d] = %d; re[%d] = %d; "", pchgno, pchg->rlvlnostart, pchgno, pchg->rlvlnoend); fprintf(out, ""le[%d] = %d\n"", pchgno, pchg->lyrnoend); } return 0; }",jasper,,,269184904905517483502759472040631465432,0 1061,['CWE-20'],"void emergency_restart(void) { machine_emergency_restart(); }",linux-2.6,,,174857733085074207040865896885391224067,0 2072,CWE-362,"static int sock_close(struct inode *inode, struct file *filp) { sock_release(SOCKET_I(inode)); return 0; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,124880434278408,1 450,CWE-20,"void f2fs_wait_discard_bios(struct f2fs_sb_info *sbi) { __issue_discard_cmd(sbi, false); __drop_discard_cmd(sbi); __wait_discard_cmd(sbi, false); }",visit repo url,fs/f2fs/segment.c,https://github.com/torvalds/linux,256664679289181,1 4650,CWE-401,"GF_Err infe_box_read(GF_Box *s, GF_BitStream *bs) { char *buf; u32 buf_len, i, string_len, string_start; GF_ItemInfoEntryBox *ptr = (GF_ItemInfoEntryBox *)s; ISOM_DECREASE_SIZE(ptr, 4); ptr->item_ID = gf_bs_read_u16(bs); ptr->item_protection_index = gf_bs_read_u16(bs); if (ptr->version == 2) { ISOM_DECREASE_SIZE(ptr, 4); ptr->item_type = gf_bs_read_u32(bs); } buf_len = (u32) (ptr->size); buf = (char*)gf_malloc(buf_len); if (!buf) return GF_OUT_OF_MEM; if (buf_len != gf_bs_read_data(bs, buf, buf_len)) { gf_free(buf); return GF_ISOM_INVALID_FILE; } string_len = 1; string_start = 0; for (i = 0; i < buf_len; i++) { if (buf[i] == 0) { if (!ptr->item_name) { ptr->item_name = (char*)gf_malloc(sizeof(char)*string_len); if (!ptr->item_name) return GF_OUT_OF_MEM; memcpy(ptr->item_name, buf+string_start, string_len); } else if (!ptr->content_type) { ptr->content_type = (char*)gf_malloc(sizeof(char)*string_len); if (!ptr->content_type) return GF_OUT_OF_MEM; memcpy(ptr->content_type, buf+string_start, string_len); } else { ptr->content_encoding = (char*)gf_malloc(sizeof(char)*string_len); if (!ptr->content_encoding) return GF_OUT_OF_MEM; memcpy(ptr->content_encoding, buf+string_start, string_len); } string_start += string_len; string_len = 0; if (ptr->content_encoding && ptr->version == 1) { break; } } string_len++; } gf_free(buf); if (!ptr->item_name || (!ptr->content_type && ptr->version < 2)) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[isoff] Infe without name or content type !\n"")); } return GF_OK; }",visit repo url,src/isomedia/box_code_meta.c,https://github.com/gpac/gpac,114599090840082,1 2297,NVD-CWE-Other,"int rds_ib_xmit(struct rds_connection *conn, struct rds_message *rm, unsigned int hdr_off, unsigned int sg, unsigned int off) { struct rds_ib_connection *ic = conn->c_transport_data; struct ib_device *dev = ic->i_cm_id->device; struct rds_ib_send_work *send = NULL; struct rds_ib_send_work *first; struct rds_ib_send_work *prev; struct ib_send_wr *failed_wr; struct scatterlist *scat; u32 pos; u32 i; u32 work_alloc; u32 credit_alloc = 0; u32 posted; u32 adv_credits = 0; int send_flags = 0; int bytes_sent = 0; int ret; int flow_controlled = 0; int nr_sig = 0; BUG_ON(off % RDS_FRAG_SIZE); BUG_ON(hdr_off != 0 && hdr_off != sizeof(struct rds_header)); if (conn->c_loopback && rm->m_inc.i_hdr.h_flags & RDS_FLAG_CONG_BITMAP) { rds_cong_map_updated(conn->c_fcong, ~(u64) 0); return sizeof(struct rds_header) + RDS_CONG_MAP_BYTES; } if (be32_to_cpu(rm->m_inc.i_hdr.h_len) == 0) i = 1; else i = ceil(be32_to_cpu(rm->m_inc.i_hdr.h_len), RDS_FRAG_SIZE); work_alloc = rds_ib_ring_alloc(&ic->i_send_ring, i, &pos); if (work_alloc == 0) { set_bit(RDS_LL_SEND_FULL, &conn->c_flags); rds_ib_stats_inc(s_ib_tx_ring_full); ret = -ENOMEM; goto out; } if (ic->i_flowctl) { credit_alloc = rds_ib_send_grab_credits(ic, work_alloc, &posted, 0, RDS_MAX_ADV_CREDIT); adv_credits += posted; if (credit_alloc < work_alloc) { rds_ib_ring_unalloc(&ic->i_send_ring, work_alloc - credit_alloc); work_alloc = credit_alloc; flow_controlled = 1; } if (work_alloc == 0) { set_bit(RDS_LL_SEND_FULL, &conn->c_flags); rds_ib_stats_inc(s_ib_tx_throttle); ret = -ENOMEM; goto out; } } if (!ic->i_data_op) { if (rm->data.op_nents) { rm->data.op_count = ib_dma_map_sg(dev, rm->data.op_sg, rm->data.op_nents, DMA_TO_DEVICE); rdsdebug(""ic %p mapping rm %p: %d\n"", ic, rm, rm->data.op_count); if (rm->data.op_count == 0) { rds_ib_stats_inc(s_ib_tx_sg_mapping_failure); rds_ib_ring_unalloc(&ic->i_send_ring, work_alloc); ret = -ENOMEM; goto out; } } else { rm->data.op_count = 0; } rds_message_addref(rm); ic->i_data_op = &rm->data; if (test_bit(RDS_MSG_ACK_REQUIRED, &rm->m_flags)) rm->m_inc.i_hdr.h_flags |= RDS_FLAG_ACK_REQUIRED; if (test_bit(RDS_MSG_RETRANSMITTED, &rm->m_flags)) rm->m_inc.i_hdr.h_flags |= RDS_FLAG_RETRANSMITTED; if (rm->rdma.op_active) { struct rds_ext_header_rdma ext_hdr; ext_hdr.h_rdma_rkey = cpu_to_be32(rm->rdma.op_rkey); rds_message_add_extension(&rm->m_inc.i_hdr, RDS_EXTHDR_RDMA, &ext_hdr, sizeof(ext_hdr)); } if (rm->m_rdma_cookie) { rds_message_add_rdma_dest_extension(&rm->m_inc.i_hdr, rds_rdma_cookie_key(rm->m_rdma_cookie), rds_rdma_cookie_offset(rm->m_rdma_cookie)); } rm->m_inc.i_hdr.h_ack = cpu_to_be64(rds_ib_piggyb_ack(ic)); rds_message_make_checksum(&rm->m_inc.i_hdr); if (ic->i_flowctl) { rds_ib_send_grab_credits(ic, 0, &posted, 1, RDS_MAX_ADV_CREDIT - adv_credits); adv_credits += posted; BUG_ON(adv_credits > 255); } } if (rm->rdma.op_active && rm->rdma.op_fence) send_flags = IB_SEND_FENCE; send = &ic->i_sends[pos]; first = send; prev = NULL; scat = &ic->i_data_op->op_sg[sg]; i = 0; do { unsigned int len = 0; send->s_wr.send_flags = send_flags; send->s_wr.opcode = IB_WR_SEND; send->s_wr.num_sge = 1; send->s_wr.next = NULL; send->s_queued = jiffies; send->s_op = NULL; send->s_sge[0].addr = ic->i_send_hdrs_dma + (pos * sizeof(struct rds_header)); send->s_sge[0].length = sizeof(struct rds_header); memcpy(&ic->i_send_hdrs[pos], &rm->m_inc.i_hdr, sizeof(struct rds_header)); if (i < work_alloc && scat != &rm->data.op_sg[rm->data.op_count]) { len = min(RDS_FRAG_SIZE, ib_sg_dma_len(dev, scat) - off); send->s_wr.num_sge = 2; send->s_sge[1].addr = ib_sg_dma_address(dev, scat) + off; send->s_sge[1].length = len; bytes_sent += len; off += len; if (off == ib_sg_dma_len(dev, scat)) { scat++; off = 0; } } rds_ib_set_wr_signal_state(ic, send, 0); if (ic->i_flowctl && flow_controlled && i == (work_alloc-1)) send->s_wr.send_flags |= IB_SEND_SIGNALED | IB_SEND_SOLICITED; if (send->s_wr.send_flags & IB_SEND_SIGNALED) nr_sig++; rdsdebug(""send %p wr %p num_sge %u next %p\n"", send, &send->s_wr, send->s_wr.num_sge, send->s_wr.next); if (ic->i_flowctl && adv_credits) { struct rds_header *hdr = &ic->i_send_hdrs[pos]; hdr->h_credit = adv_credits; rds_message_make_checksum(hdr); adv_credits = 0; rds_ib_stats_inc(s_ib_tx_credit_updates); } if (prev) prev->s_wr.next = &send->s_wr; prev = send; pos = (pos + 1) % ic->i_send_ring.w_nr; send = &ic->i_sends[pos]; i++; } while (i < work_alloc && scat != &rm->data.op_sg[rm->data.op_count]); if (hdr_off == 0) bytes_sent += sizeof(struct rds_header); if (scat == &rm->data.op_sg[rm->data.op_count]) { prev->s_op = ic->i_data_op; prev->s_wr.send_flags |= IB_SEND_SOLICITED; ic->i_data_op = NULL; } if (i < work_alloc) { rds_ib_ring_unalloc(&ic->i_send_ring, work_alloc - i); work_alloc = i; } if (ic->i_flowctl && i < credit_alloc) rds_ib_send_add_credits(conn, credit_alloc - i); if (nr_sig) atomic_add(nr_sig, &ic->i_signaled_sends); failed_wr = &first->s_wr; ret = ib_post_send(ic->i_cm_id->qp, &first->s_wr, &failed_wr); rdsdebug(""ic %p first %p (wr %p) ret %d wr %p\n"", ic, first, &first->s_wr, ret, failed_wr); BUG_ON(failed_wr != &first->s_wr); if (ret) { printk(KERN_WARNING ""RDS/IB: ib_post_send to %pI4 "" ""returned %d\n"", &conn->c_faddr, ret); rds_ib_ring_unalloc(&ic->i_send_ring, work_alloc); rds_ib_sub_signaled(ic, nr_sig); if (prev->s_op) { ic->i_data_op = prev->s_op; prev->s_op = NULL; } rds_ib_conn_error(ic->conn, ""ib_post_send failed\n""); goto out; } ret = bytes_sent; out: BUG_ON(adv_credits); return ret; }",visit repo url,net/rds/ib_send.c,https://github.com/torvalds/linux,55483572152962,1 318,[],"static int ppp_scompress(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ppp_option_data __user *odata; struct ppp_option_data32 __user *odata32; __u32 data; void __user *datap; odata = compat_alloc_user_space(sizeof(*odata)); odata32 = compat_ptr(arg); if (get_user(data, &odata32->ptr)) return -EFAULT; datap = compat_ptr(data); if (put_user(datap, &odata->ptr)) return -EFAULT; if (copy_in_user(&odata->length, &odata32->length, sizeof(__u32) + sizeof(int))) return -EFAULT; return sys_ioctl(fd, PPPIOCSCOMPRESS, (unsigned long) odata); }",linux-2.6,,,171569610520959378968288326914281766821,0 4184,CWE-476,"sraSpanRemove(sraSpan *span) { span->_prev->_next = span->_next; span->_next->_prev = span->_prev; }",visit repo url,libvncserver/rfbregion.c,https://github.com/LibVNC/libvncserver,38587551806955,1 2403,CWE-119,"static void rpza_decode_stream(RpzaContext *s) { int width = s->avctx->width; int stride = s->frame.linesize[0] / 2; int row_inc = stride - 4; int stream_ptr = 0; int chunk_size; unsigned char opcode; int n_blocks; unsigned short colorA = 0, colorB; unsigned short color4[4]; unsigned char index, idx; unsigned short ta, tb; unsigned short *pixels = (unsigned short *)s->frame.data[0]; int row_ptr = 0; int pixel_ptr = 0; int block_ptr; int pixel_x, pixel_y; int total_blocks; if (s->buf[stream_ptr] != 0xe1) av_log(s->avctx, AV_LOG_ERROR, ""First chunk byte is 0x%02x instead of 0xe1\n"", s->buf[stream_ptr]); chunk_size = AV_RB32(&s->buf[stream_ptr]) & 0x00FFFFFF; stream_ptr += 4; if (chunk_size != s->size) av_log(s->avctx, AV_LOG_ERROR, ""MOV chunk size != encoded chunk size; using MOV chunk size\n""); chunk_size = s->size; total_blocks = ((s->avctx->width + 3) / 4) * ((s->avctx->height + 3) / 4); while (stream_ptr < chunk_size) { opcode = s->buf[stream_ptr++]; n_blocks = (opcode & 0x1f) + 1; if ((opcode & 0x80) == 0) { colorA = (opcode << 8) | (s->buf[stream_ptr++]); opcode = 0; if ((s->buf[stream_ptr] & 0x80) != 0) { opcode = 0x20; n_blocks = 1; } } switch (opcode & 0xe0) { case 0x80: while (n_blocks--) { ADVANCE_BLOCK(); } break; case 0xa0: colorA = AV_RB16 (&s->buf[stream_ptr]); stream_ptr += 2; while (n_blocks--) { block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { for (pixel_x = 0; pixel_x < 4; pixel_x++){ pixels[block_ptr] = colorA; block_ptr++; } block_ptr += row_inc; } ADVANCE_BLOCK(); } break; case 0xc0: colorA = AV_RB16 (&s->buf[stream_ptr]); stream_ptr += 2; case 0x20: colorB = AV_RB16 (&s->buf[stream_ptr]); stream_ptr += 2; color4[0] = colorB; color4[1] = 0; color4[2] = 0; color4[3] = colorA; ta = (colorA >> 10) & 0x1F; tb = (colorB >> 10) & 0x1F; color4[1] |= ((11 * ta + 21 * tb) >> 5) << 10; color4[2] |= ((21 * ta + 11 * tb) >> 5) << 10; ta = (colorA >> 5) & 0x1F; tb = (colorB >> 5) & 0x1F; color4[1] |= ((11 * ta + 21 * tb) >> 5) << 5; color4[2] |= ((21 * ta + 11 * tb) >> 5) << 5; ta = colorA & 0x1F; tb = colorB & 0x1F; color4[1] |= ((11 * ta + 21 * tb) >> 5); color4[2] |= ((21 * ta + 11 * tb) >> 5); if (s->size - stream_ptr < n_blocks * 4) return; while (n_blocks--) { block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { index = s->buf[stream_ptr++]; for (pixel_x = 0; pixel_x < 4; pixel_x++){ idx = (index >> (2 * (3 - pixel_x))) & 0x03; pixels[block_ptr] = color4[idx]; block_ptr++; } block_ptr += row_inc; } ADVANCE_BLOCK(); } break; case 0x00: if (s->size - stream_ptr < 16) return; block_ptr = row_ptr + pixel_ptr; for (pixel_y = 0; pixel_y < 4; pixel_y++) { for (pixel_x = 0; pixel_x < 4; pixel_x++){ if ((pixel_y != 0) || (pixel_x !=0)) { colorA = AV_RB16 (&s->buf[stream_ptr]); stream_ptr += 2; } pixels[block_ptr] = colorA; block_ptr++; } block_ptr += row_inc; } ADVANCE_BLOCK(); break; default: av_log(s->avctx, AV_LOG_ERROR, ""Unknown opcode %d in rpza chunk."" "" Skip remaining %d bytes of chunk data.\n"", opcode, chunk_size - stream_ptr); return; } } }",visit repo url,libavcodec/rpza.c,https://github.com/FFmpeg/FFmpeg,71049286897085,1 3789,CWE-416,"ga_init2(garray_T *gap, int itemsize, int growsize) { ga_init(gap); gap->ga_itemsize = itemsize; gap->ga_growsize = growsize; }",visit repo url,src/alloc.c,https://github.com/vim/vim,207830021117331,1 4839,['CWE-189'],"static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat, char *page_virt, int *bytes_read) { int rc = 0; int i; u32 flags; flags = get_unaligned_be32(page_virt); for (i = 0; i < ((sizeof(ecryptfs_flag_map) / sizeof(struct ecryptfs_flag_map_elem))); i++) if (flags & ecryptfs_flag_map[i].file_flag) { crypt_stat->flags |= ecryptfs_flag_map[i].local_flag; } else crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag); crypt_stat->file_version = ((flags >> 24) & 0xFF); (*bytes_read) = 4; return rc; }",linux-2.6,,,151897965923840859178688217131868144432,0 1730,[],"static void detach_destroy_domains(const cpumask_t *cpu_map) { cpumask_t tmpmask; int i; unregister_sched_domain_sysctl(); for_each_cpu_mask(i, *cpu_map) cpu_attach_domain(NULL, &def_root_domain, i); synchronize_sched(); arch_destroy_sched_domains(cpu_map, &tmpmask); }",linux-2.6,,,147035702274994995429164315578611495422,0 464,CWE-20,"static inline bool key_is_instantiated(const struct key *key) { return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) && !test_bit(KEY_FLAG_NEGATIVE, &key->flags); }",visit repo url,include/linux/key.h,https://github.com/torvalds/linux,116135332014230,1 1255,[],"m4_builtin (struct obstack *obs, int argc, token_data **argv) { const builtin *bp; const char *name; if (bad_argc (argv[0], argc, 2, -1)) return; if (TOKEN_DATA_TYPE (argv[1]) != TOKEN_TEXT) { M4ERROR ((warning_status, 0, ""Warning: %s: invalid macro name ignored"", ARG (0))); return; } name = ARG (1); bp = find_builtin_by_name (name); if (bp->func == m4_placeholder) M4ERROR ((warning_status, 0, ""undefined builtin `%s'"", name)); else { int i; if (! bp->groks_macro_args) for (i = 2; i < argc; i++) if (TOKEN_DATA_TYPE (argv[i]) != TOKEN_TEXT) { TOKEN_DATA_TYPE (argv[i]) = TOKEN_TEXT; TOKEN_DATA_TEXT (argv[i]) = (char *) """"; } bp->func (obs, argc - 1, argv + 1); } }",m4,,,12738359551941454365143512098493041548,0 5931,CWE-120,"static void mdbEvalSetColumnJSON(MyDbEvalContext *p, int iCol, Jsi_DString *dStr) { Jsi_Interp *interp = p->jdb->interp; char nbuf[200]; MysqlPrep *prep = p->prep; SqlFieldResults *field = prep->fieldResult+iCol; if (field->isnull) { Jsi_DSAppend(dStr, ""null"", NULL); return; } const char *zBlob = """"; int bytes = 0; switch(field->jsiTypeMap) { case JSI_OPTION_BOOL: { snprintf(nbuf, sizeof(nbuf), ""%s"", field->buffer.vchar?""true"":""false""); Jsi_DSAppend(dStr, nbuf, NULL); return; } case JSI_OPTION_INT64: { snprintf(nbuf, sizeof(nbuf), ""%lld"", field->buffer.vlonglong); Jsi_DSAppend(dStr, nbuf, NULL); return; } case JSI_OPTION_DOUBLE: { Jsi_NumberToString(interp, field->buffer.vdouble, nbuf, sizeof(nbuf)); Jsi_DSAppend(dStr, nbuf, NULL); return; } case JSI_OPTION_TIME_D: case JSI_OPTION_TIME_W: { Jsi_Number jtime = mdbMyTimeToJS(&field->buffer.timestamp); Jsi_NumberToString(interp, jtime, nbuf, sizeof(nbuf)); Jsi_DSAppend(dStr, nbuf, NULL); return; } case JSI_OPTION_STRING: zBlob = field->buffer.vstring; default: { if( !zBlob ) { Jsi_DSAppend(dStr, ""null"", NULL); return; } Jsi_JSONQuote(interp, zBlob, bytes, dStr); return; } } }",visit repo url,src/jsiMySql.c,https://github.com/pcmacdon/jsish,15768967145963,1 3466,['CWE-20'],"struct sctp_chunk *sctp_make_violation_paramlen( const struct sctp_association *asoc, const struct sctp_chunk *chunk, struct sctp_paramhdr *param) { struct sctp_chunk *retval; static const char error[] = ""The following parameter had invalid length:""; size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + sizeof(sctp_paramhdr_t); retval = sctp_make_abort(asoc, chunk, payload_len); if (!retval) goto nodata; sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error) + sizeof(sctp_paramhdr_t)); sctp_addto_chunk(retval, sizeof(error), error); sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); nodata: return retval; }",linux-2.6,,,186032966136641405403487731113670128912,0 1524,[],"cpu_to_cpu_group(int cpu, const cpumask_t *cpu_map, struct sched_group **sg, cpumask_t *unused) { if (sg) *sg = &per_cpu(sched_group_cpus, cpu); return cpu; }",linux-2.6,,,128337464417439402235838977220725745463,0 5695,['CWE-200'],"static int llc_ui_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { return -ENOIOCTLCMD; }",linux-2.6,,,279024909523112001046167174902029746612,0 5030,[],"void sendto_domain(struct winbindd_cli_state *state, struct winbindd_domain *domain) { async_domain_request(state->mem_ctx, domain, &state->request, &state->response, recvfrom_child, state); }",samba,,,327523662787600060951962544078202583251,0 4619,CWE-120,"GF_Err abst_box_read(GF_Box *s, GF_BitStream *bs) { GF_AdobeBootstrapInfoBox *ptr = (GF_AdobeBootstrapInfoBox *)s; int i; u32 tmp_strsize; char *tmp_str; GF_Err e; ISOM_DECREASE_SIZE(ptr, 25) ptr->bootstrapinfo_version = gf_bs_read_u32(bs); ptr->profile = gf_bs_read_int(bs, 2); ptr->live = gf_bs_read_int(bs, 1); ptr->update = gf_bs_read_int(bs, 1); ptr->reserved = gf_bs_read_int(bs, 4); ptr->time_scale = gf_bs_read_u32(bs); ptr->current_media_time = gf_bs_read_u64(bs); ptr->smpte_time_code_offset = gf_bs_read_u64(bs); i=0; if (ptr->size<8) return GF_ISOM_INVALID_FILE; tmp_strsize =(u32)ptr->size; tmp_str = gf_malloc(sizeof(char)*tmp_strsize); if (!tmp_str) return GF_OUT_OF_MEM; memset(tmp_str, 0, sizeof(char)*tmp_strsize); while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) break; i++; } if (i) { ptr->movie_identifier = gf_strdup(tmp_str); } ISOM_DECREASE_SIZE(ptr, 1) ptr->server_entry_count = gf_bs_read_u8(bs); for (i=0; iserver_entry_count; i++) { int j=0; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[j] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[j]) break; j++; } if (j) { gf_list_insert(ptr->server_entry_table, gf_strdup(tmp_str), i); } } ISOM_DECREASE_SIZE(ptr, 1) ptr->quality_entry_count = gf_bs_read_u8(bs); for (i=0; iquality_entry_count; i++) { int j=0; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[j] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[j]) break; j++; } if (j) { gf_list_insert(ptr->quality_entry_table, gf_strdup(tmp_str), i); } } i=0; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) break; i++; } if (i) { ptr->drm_data = gf_strdup(tmp_str); } i=0; tmp_strsize=(u32)ptr->size; while (tmp_strsize) { ISOM_DECREASE_SIZE(ptr, 1) tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) break; i++; } if (i) { ptr->meta_data = gf_strdup(tmp_str); } ISOM_DECREASE_SIZE(ptr, 1) ptr->segment_run_table_count = gf_bs_read_u8(bs); for (i=0; isegment_run_table_count; i++) { GF_AdobeSegmentRunTableBox *asrt = NULL; e = gf_isom_box_parse((GF_Box **)&asrt, bs); if (e) { if (asrt) gf_isom_box_del((GF_Box*)asrt); gf_free(tmp_str); return e; } gf_list_add(ptr->segment_run_table_entries, asrt); } ISOM_DECREASE_SIZE(ptr, 1) ptr->fragment_run_table_count = gf_bs_read_u8(bs); for (i=0; ifragment_run_table_count; i++) { GF_AdobeFragmentRunTableBox *afrt = NULL; e = gf_isom_box_parse((GF_Box **)&afrt, bs); if (e) { if (afrt) gf_isom_box_del((GF_Box*)afrt); gf_free(tmp_str); return e; } gf_list_add(ptr->fragment_run_table_entries, afrt); } gf_free(tmp_str); return GF_OK; }",visit repo url,src/isomedia/box_code_adobe.c,https://github.com/gpac/gpac,179670213555264,1 1616,CWE-264,"struct dst_entry *inet6_csk_route_req(const struct sock *sk, struct flowi6 *fl6, const struct request_sock *req, u8 proto) { struct inet_request_sock *ireq = inet_rsk(req); const struct ipv6_pinfo *np = inet6_sk(sk); struct in6_addr *final_p, final; struct dst_entry *dst; memset(fl6, 0, sizeof(*fl6)); fl6->flowi6_proto = proto; fl6->daddr = ireq->ir_v6_rmt_addr; final_p = fl6_update_dst(fl6, np->opt, &final); fl6->saddr = ireq->ir_v6_loc_addr; fl6->flowi6_oif = ireq->ir_iif; fl6->flowi6_mark = ireq->ir_mark; fl6->fl6_dport = ireq->ir_rmt_port; fl6->fl6_sport = htons(ireq->ir_num); security_req_classify_flow(req, flowi6_to_flowi(fl6)); dst = ip6_dst_lookup_flow(sk, fl6, final_p); if (IS_ERR(dst)) return NULL; return dst; }",visit repo url,net/ipv6/inet6_connection_sock.c,https://github.com/torvalds/linux,92608987030028,1 5447,['CWE-476'],"static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 __user *entries) { int r; r = -E2BIG; if (cpuid->nent > KVM_MAX_CPUID_ENTRIES) goto out; r = -EFAULT; if (copy_from_user(&vcpu->arch.cpuid_entries, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2))) goto out; vcpu->arch.cpuid_nent = cpuid->nent; return 0; out: return r; }",linux-2.6,,,286957711383919444168408861163890280153,0 6268,['CWE-200'],"int neigh_compat_output(struct sk_buff *skb) { struct net_device *dev = skb->dev; __skb_pull(skb, skb->nh.raw - skb->data); if (dev->hard_header && dev->hard_header(skb, dev, ntohs(skb->protocol), NULL, NULL, skb->len) < 0 && dev->rebuild_header(skb)) return 0; return dev_queue_xmit(skb); }",linux-2.6,,,177761790710060260424603127107940296695,0 5171,CWE-119,"int my_csr_reader( const char* i_csr_file_in, unsigned int** o_row_idx, unsigned int** o_column_idx, REALTYPE** o_values, unsigned int* o_row_count, unsigned int* o_column_count, unsigned int* o_element_count ) { FILE *l_csr_file_handle; const unsigned int l_line_length = 512; char l_line[512 +1]; unsigned int l_header_read = 0; unsigned int* l_row_idx_id = NULL; unsigned int l_i = 0; l_csr_file_handle = fopen( i_csr_file_in, ""r"" ); if ( l_csr_file_handle == NULL ) { fprintf( stderr, ""cannot open CSR file!\n"" ); return -1; } while (fgets(l_line, l_line_length, l_csr_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { fprintf( stderr, ""could not read file length!\n"" ); return -1; } if ( l_line[0] == '%' ) { continue; } else { if ( l_header_read == 0 ) { if ( sscanf(l_line, ""%u %u %u"", o_row_count, o_column_count, o_element_count) == 3 ) { *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count + 1)); *o_values = (REALTYPE*) malloc(sizeof(double) * (*o_element_count)); l_row_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_row_count)); if ( ( *o_row_idx == NULL ) || ( *o_column_idx == NULL ) || ( *o_values == NULL ) || ( l_row_idx_id == NULL ) ) { fprintf( stderr, ""could not allocate sp data!\n"" ); return -1; } memset(*o_row_idx, 0, sizeof(unsigned int)*(*o_row_count + 1)); memset(*o_column_idx, 0, sizeof(unsigned int)*(*o_element_count)); memset(*o_values, 0, sizeof(double)*(*o_element_count)); memset(l_row_idx_id, 0, sizeof(unsigned int)*(*o_row_count)); for ( l_i = 0; l_i < (*o_row_count + 1); l_i++) (*o_row_idx)[l_i] = (*o_element_count); (*o_row_idx)[0] = 0; l_i = 0; l_header_read = 1; } else { fprintf( stderr, ""could not csr description!\n"" ); return -1; } } else { unsigned int l_row, l_column; REALTYPE l_value; if ( sscanf(l_line, ""%u %u %lf"", &l_row, &l_column, &l_value) != 3 ) { fprintf( stderr, ""could not read element!\n"" ); return -1; } l_row--; l_column--; (*o_column_idx)[l_i] = l_column; (*o_values)[l_i] = l_value; l_i++; l_row_idx_id[l_row] = 1; (*o_row_idx)[l_row+1] = l_i; } } } fclose( l_csr_file_handle ); if ( l_i != (*o_element_count) ) { fprintf( stderr, ""we were not able to read all elements!\n"" ); return -1; } for ( l_i = 0; l_i < (*o_row_count); l_i++) { if ( l_row_idx_id[l_i] == 0 ) { (*o_row_idx)[l_i+1] = (*o_row_idx)[l_i]; } } if ( l_row_idx_id != NULL ) { free( l_row_idx_id ); } return 0; }",visit repo url,samples/pyfr/pyfr_driver_asp_reg.c,https://github.com/hfp/libxsmm,975514415115,1 508,[],"static inline void dec_snd_pages(int order) { snd_allocated_pages -= 1 << order; }",linux-2.6,,,216983618708041469134213508320968028396,0 1434,CWE-264,"SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) { struct fs_struct *fs, *new_fs = NULL; struct files_struct *fd, *new_fd = NULL; struct cred *new_cred = NULL; struct nsproxy *new_nsproxy = NULL; int do_sysvsem = 0; int err; if (unshare_flags & CLONE_NEWUSER) unshare_flags |= CLONE_THREAD; if (unshare_flags & CLONE_NEWPID) unshare_flags |= CLONE_THREAD; if (unshare_flags & CLONE_THREAD) unshare_flags |= CLONE_VM; if (unshare_flags & CLONE_VM) unshare_flags |= CLONE_SIGHAND; if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; err = check_unshare_flags(unshare_flags); if (err) goto bad_unshare_out; if (unshare_flags & (CLONE_NEWIPC|CLONE_SYSVSEM)) do_sysvsem = 1; err = unshare_fs(unshare_flags, &new_fs); if (err) goto bad_unshare_out; err = unshare_fd(unshare_flags, &new_fd); if (err) goto bad_unshare_cleanup_fs; err = unshare_userns(unshare_flags, &new_cred); if (err) goto bad_unshare_cleanup_fd; err = unshare_nsproxy_namespaces(unshare_flags, &new_nsproxy, new_cred, new_fs); if (err) goto bad_unshare_cleanup_cred; if (new_fs || new_fd || do_sysvsem || new_cred || new_nsproxy) { if (do_sysvsem) { exit_sem(current); } if (new_nsproxy) switch_task_namespaces(current, new_nsproxy); task_lock(current); if (new_fs) { fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; if (--fs->users) new_fs = NULL; else new_fs = fs; spin_unlock(&fs->lock); } if (new_fd) { fd = current->files; current->files = new_fd; new_fd = fd; } task_unlock(current); if (new_cred) { commit_creds(new_cred); new_cred = NULL; } } bad_unshare_cleanup_cred: if (new_cred) put_cred(new_cred); bad_unshare_cleanup_fd: if (new_fd) put_files_struct(new_fd); bad_unshare_cleanup_fs: if (new_fs) free_fs_struct(new_fs); bad_unshare_out: return err; }",visit repo url,kernel/fork.c,https://github.com/torvalds/linux,49368388639909,1 599,['CWE-200'],"int htab_bolt_mapping(unsigned long vstart, unsigned long vend, unsigned long pstart, unsigned long mode, int psize) { unsigned long vaddr, paddr; unsigned int step, shift; unsigned long tmp_mode; int ret = 0; shift = mmu_psize_defs[psize].shift; step = 1 << shift; for (vaddr = vstart, paddr = pstart; vaddr < vend; vaddr += step, paddr += step) { unsigned long vpn, hash, hpteg; unsigned long vsid = get_kernel_vsid(vaddr); unsigned long va = (vsid << 28) | (vaddr & 0x0fffffff); vpn = va >> shift; tmp_mode = mode; if (!in_kernel_text(vaddr)) tmp_mode = mode | HPTE_R_N; hash = hpt_hash(va, shift); hpteg = ((hash & htab_hash_mask) * HPTES_PER_GROUP); DBG(""htab_bolt_mapping: calling %p\n"", ppc_md.hpte_insert); BUG_ON(!ppc_md.hpte_insert); ret = ppc_md.hpte_insert(hpteg, va, paddr, tmp_mode, HPTE_V_BOLTED, psize); if (ret < 0) break; } return ret < 0 ? ret : 0; }",linux-2.6,,,76205594085070487358509849037279995042,0 3517,CWE-20,"static int read_uids_guids(long long *table_start) { int res, i; int bytes = SQUASHFS_ID_BYTES(sBlk.s.no_ids); int indexes = SQUASHFS_ID_BLOCKS(sBlk.s.no_ids); long long id_index_table[indexes]; TRACE(""read_uids_guids: no_ids %d\n"", sBlk.s.no_ids); id_table = malloc(bytes); if(id_table == NULL) { ERROR(""read_uids_guids: failed to allocate id table\n""); return FALSE; } res = read_fs_bytes(fd, sBlk.s.id_table_start, SQUASHFS_ID_BLOCK_BYTES(sBlk.s.no_ids), id_index_table); if(res == FALSE) { ERROR(""read_uids_guids: failed to read id index table\n""); return FALSE; } SQUASHFS_INSWAP_ID_BLOCKS(id_index_table, indexes); *table_start = id_index_table[0]; for(i = 0; i < indexes; i++) { int expected = (i + 1) != indexes ? SQUASHFS_METADATA_SIZE : bytes & (SQUASHFS_METADATA_SIZE - 1); res = read_block(fd, id_index_table[i], NULL, expected, ((char *) id_table) + i * SQUASHFS_METADATA_SIZE); if(res == FALSE) { ERROR(""read_uids_guids: failed to read id table block"" ""\n""); return FALSE; } } SQUASHFS_INSWAP_INTS(id_table, sBlk.s.no_ids); return TRUE; }",visit repo url,squashfs-tools/unsquash-4.c,https://github.com/plougher/squashfs-tools,223382102013829,1 5145,CWE-125,"fstring_find_expr(const char **str, const char *end, int raw, int recurse_lvl, expr_ty *expression, struct compiling *c, const node *n) { const char *expr_start; const char *expr_end; expr_ty simple_expression; expr_ty format_spec = NULL; int conversion = -1; char quote_char = 0; int string_type = 0; Py_ssize_t nested_depth = 0; char parenstack[MAXLEVEL]; if (recurse_lvl >= 2) { ast_error(c, n, ""f-string: expressions nested too deeply""); return -1; } assert(**str == '{'); *str += 1; expr_start = *str; for (; *str < end; (*str)++) { char ch; assert(nested_depth >= 0); assert(*str >= expr_start && *str < end); if (quote_char) assert(string_type == 1 || string_type == 3); else assert(string_type == 0); ch = **str; if (ch == '\\') { ast_error(c, n, ""f-string expression part "" ""cannot include a backslash""); return -1; } if (quote_char) { if (ch == quote_char) { if (string_type == 3) { if (*str+2 < end && *(*str+1) == ch && *(*str+2) == ch) { *str += 2; string_type = 0; quote_char = 0; continue; } } else { quote_char = 0; string_type = 0; continue; } } } else if (ch == '\'' || ch == '""') { if (*str+2 < end && *(*str+1) == ch && *(*str+2) == ch) { string_type = 3; *str += 2; } else { string_type = 1; } quote_char = ch; } else if (ch == '[' || ch == '{' || ch == '(') { if (nested_depth >= MAXLEVEL) { ast_error(c, n, ""f-string: too many nested parenthesis""); return -1; } parenstack[nested_depth] = ch; nested_depth++; } else if (ch == '#') { ast_error(c, n, ""f-string expression part cannot include '#'""); return -1; } else if (nested_depth == 0 && (ch == '!' || ch == ':' || ch == '}')) { if (ch == '!' && *str+1 < end && *(*str+1) == '=') { continue; } break; } else if (ch == ']' || ch == '}' || ch == ')') { if (!nested_depth) { ast_error(c, n, ""f-string: unmatched '%c'"", ch); return -1; } nested_depth--; int opening = parenstack[nested_depth]; if (!((opening == '(' && ch == ')') || (opening == '[' && ch == ']') || (opening == '{' && ch == '}'))) { ast_error(c, n, ""f-string: closing parenthesis '%c' "" ""does not match opening parenthesis '%c'"", ch, opening); return -1; } } else { } } expr_end = *str; if (quote_char) { ast_error(c, n, ""f-string: unterminated string""); return -1; } if (nested_depth) { int opening = parenstack[nested_depth - 1]; ast_error(c, n, ""f-string: unmatched '%c'"", opening); return -1; } if (*str >= end) goto unexpected_end_of_string; simple_expression = fstring_compile_expr(expr_start, expr_end, c, n); if (!simple_expression) return -1; if (**str == '!') { *str += 1; if (*str >= end) goto unexpected_end_of_string; conversion = **str; *str += 1; if (!(conversion == 's' || conversion == 'r' || conversion == 'a')) { ast_error(c, n, ""f-string: invalid conversion character: "" ""expected 's', 'r', or 'a'""); return -1; } } if (*str >= end) goto unexpected_end_of_string; if (**str == ':') { *str += 1; if (*str >= end) goto unexpected_end_of_string; format_spec = fstring_parse(str, end, raw, recurse_lvl+1, c, n); if (!format_spec) return -1; } if (*str >= end || **str != '}') goto unexpected_end_of_string; assert(*str < end); assert(**str == '}'); *str += 1; *expression = FormattedValue(simple_expression, conversion, format_spec, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); if (!*expression) return -1; return 0; unexpected_end_of_string: ast_error(c, n, ""f-string: expecting '}'""); return -1; }",visit repo url,Python/ast.c,https://github.com/python/cpython,109593996063036,1 6380,['CWE-200'],"int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts, const struct tcf_ext_map *map) { #ifdef CONFIG_NET_CLS_ACT if (map->action && exts->action) { struct nlattr *nest; if (exts->action->type != TCA_OLD_COMPAT) { nest = nla_nest_start(skb, map->action); if (nest == NULL) goto nla_put_failure; if (tcf_action_dump(skb, exts->action, 0, 0) < 0) goto nla_put_failure; nla_nest_end(skb, nest); } else if (map->police) { nest = nla_nest_start(skb, map->police); if (nest == NULL) goto nla_put_failure; if (tcf_action_dump_old(skb, exts->action, 0, 0) < 0) goto nla_put_failure; nla_nest_end(skb, nest); } } #endif return 0; nla_put_failure: __attribute__ ((unused)) return -1; }",linux-2.6,,,211090418110346386729193497281733395160,0 1954,CWE-401,"static int mwifiex_pcie_init_evt_ring(struct mwifiex_adapter *adapter) { struct pcie_service_card *card = adapter->card; struct mwifiex_evt_buf_desc *desc; struct sk_buff *skb; dma_addr_t buf_pa; int i; for (i = 0; i < MWIFIEX_MAX_EVT_BD; i++) { skb = dev_alloc_skb(MAX_EVENT_SIZE); if (!skb) { mwifiex_dbg(adapter, ERROR, ""Unable to allocate skb for EVENT buf.\n""); kfree(card->evtbd_ring_vbase); return -ENOMEM; } skb_put(skb, MAX_EVENT_SIZE); if (mwifiex_map_pci_memory(adapter, skb, MAX_EVENT_SIZE, PCI_DMA_FROMDEVICE)) return -1; buf_pa = MWIFIEX_SKB_DMA_ADDR(skb); mwifiex_dbg(adapter, EVENT, ""info: EVT ring: skb=%p len=%d data=%p buf_pa=%#x:%x\n"", skb, skb->len, skb->data, (u32)buf_pa, (u32)((u64)buf_pa >> 32)); card->evt_buf_list[i] = skb; card->evtbd_ring[i] = (void *)(card->evtbd_ring_vbase + (sizeof(*desc) * i)); desc = card->evtbd_ring[i]; desc->paddr = buf_pa; desc->len = (u16)skb->len; desc->flags = 0; } return 0; }",visit repo url,drivers/net/wireless/marvell/mwifiex/pcie.c,https://github.com/torvalds/linux,78384107023892,1 3278,CWE-125,"ikev2_p_print(netdissect_options *ndo, u_char tpay _U_, int pcount _U_, const struct isakmp_gen *ext, u_int oprop_length, const u_char *ep, int depth) { const struct ikev2_p *p; struct ikev2_p prop; u_int prop_length; const u_char *cp; int i; int tcount; u_char np; struct isakmp_gen e; u_int item_len; p = (const struct ikev2_p *)ext; ND_TCHECK(*p); UNALIGNED_MEMCPY(&prop, ext, sizeof(prop)); ikev2_pay_print(ndo, NPSTR(ISAKMP_NPTYPE_P), prop.h.critical); prop_length = oprop_length - 4; ND_PRINT((ndo,"" #%u protoid=%s transform=%d len=%u"", prop.p_no, PROTOIDSTR(prop.prot_id), prop.num_t, oprop_length)); cp = (const u_char *)(p + 1); if (prop.spi_size) { if (prop_length < prop.spi_size) goto toolong; ND_PRINT((ndo,"" spi="")); if (!rawprint(ndo, (const uint8_t *)cp, prop.spi_size)) goto trunc; cp += prop.spi_size; prop_length -= prop.spi_size; } tcount = 0; for (np = ISAKMP_NPTYPE_T; np != 0; np = e.np) { tcount++; ext = (const struct isakmp_gen *)cp; if (prop_length < sizeof(*ext)) goto toolong; ND_TCHECK(*ext); UNALIGNED_MEMCPY(&e, ext, sizeof(e)); item_len = ntohs(e.len); if (item_len <= 4) goto trunc; if (prop_length < item_len) goto toolong; ND_TCHECK2(*cp, item_len); depth++; ND_PRINT((ndo,""\n"")); for (i = 0; i < depth; i++) ND_PRINT((ndo,"" "")); ND_PRINT((ndo,""("")); if (np == ISAKMP_NPTYPE_T) { cp = ikev2_t_print(ndo, tcount, ext, item_len, ep); if (cp == NULL) { return NULL; } } else { ND_PRINT((ndo, ""%s"", NPSTR(np))); cp += item_len; } ND_PRINT((ndo,"")"")); depth--; prop_length -= item_len; } return cp; toolong: cp += prop_length; ND_PRINT((ndo,"" [|%s]"", NPSTR(ISAKMP_NPTYPE_P))); return cp; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(ISAKMP_NPTYPE_P))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,49690403727599,1 2246,['CWE-193'],"unsigned find_get_pages_tag(struct address_space *mapping, pgoff_t *index, int tag, unsigned int nr_pages, struct page **pages) { unsigned int i; unsigned int ret; unsigned int nr_found; rcu_read_lock(); restart: nr_found = radix_tree_gang_lookup_tag_slot(&mapping->page_tree, (void ***)pages, *index, nr_pages, tag); ret = 0; for (i = 0; i < nr_found; i++) { struct page *page; repeat: page = radix_tree_deref_slot((void **)pages[i]); if (unlikely(!page)) continue; if (unlikely(page == RADIX_TREE_RETRY)) goto restart; if (!page_cache_get_speculative(page)) goto repeat; if (unlikely(page != *((void **)pages[i]))) { page_cache_release(page); goto repeat; } pages[ret] = page; ret++; } rcu_read_unlock(); if (ret) *index = pages[ret - 1]->index + 1; return ret; }",linux-2.6,,,124443687331279382418580878996608561018,0 4352,CWE-552,"static void test_http_server(void) { struct mg_mgr mgr; const char *url = ""http://127.0.0.1:12346""; char buf[FETCH_BUF_SIZE]; mg_mgr_init(&mgr); mg_http_listen(&mgr, url, eh1, NULL); ASSERT(fetch(&mgr, buf, url, ""GET /a.txt HTTP/1.0\n\n"") == 200); ASSERT(cmpbody(buf, ""hello\n"") == 0); ASSERT(fetch(&mgr, buf, url, ""GET /%%61.txt HTTP/1.0\n\n"") == 200); ASSERT(cmpbody(buf, ""hello\n"") == 0); ASSERT(fetch(&mgr, buf, url, ""GET /no_reason HTTP/1.0\n\n"") == 200); ASSERT(cmpbody(buf, ""ok"") == 0); ASSERT(fetch(&mgr, buf, url, ""GET /київ.txt HTTP/1.0\n\n"") == 200); ASSERT(cmpbody(buf, ""Ñ”\n"") == 0); ASSERT(fetch(&mgr, buf, url, ""GET /../fuzz.c HTTP/1.0\n\n"") == 404); ASSERT(fetch(&mgr, buf, url, ""GET /.%%2e/fuzz.c HTTP/1.0\n\n"") == 404); ASSERT(fetch(&mgr, buf, url, ""GET /.%%2e%%2ffuzz.c HTTP/1.0\n\n"") == 404); ASSERT(fetch(&mgr, buf, url, ""GET /..%%2f%%20fuzz.c HTTP/1.0\n\n"") == 404); ASSERT(fetch(&mgr, buf, url, ""GET /..%%2ffuzz.c%%20 HTTP/1.0\n\n"") == 404); ASSERT(fetch(&mgr, buf, url, ""GET /dredir HTTP/1.0\n\n"") == 301); ASSERT(cmpheader(buf, ""Location"", ""/dredir/"")); ASSERT(fetch(&mgr, buf, url, ""GET /dredir/ HTTP/1.0\n\n"") == 200); ASSERT(cmpbody(buf, ""hi\n"") == 0); ASSERT(fetch(&mgr, buf, url, ""GET /..ddot HTTP/1.0\n\n"") == 301); ASSERT(fetch(&mgr, buf, url, ""GET /..ddot/ HTTP/1.0\n\n"") == 200); ASSERT(cmpbody(buf, ""hi\n"") == 0); { extern char *mg_http_etag(char *, size_t, size_t, time_t); char etag[100]; size_t size = 0; time_t mtime = 0; ASSERT(mg_fs_posix.stat(""./test/data/a.txt"", &size, &mtime) != 0); ASSERT(mg_http_etag(etag, sizeof(etag), size, mtime) == etag); ASSERT(fetch(&mgr, buf, url, ""GET /a.txt HTTP/1.0\nIf-None-Match: %s\n\n"", etag) == 304); } ASSERT(fetch(&mgr, buf, url, ""GET /servefile HTTP/1.0\n\n"") == 200); ASSERT(cmpbody(buf, ""hello\n"") == 0); { struct mg_http_message hm; mg_http_parse(buf, strlen(buf), &hm); ASSERT(mg_http_get_header(&hm, ""Content-Type"") != NULL); ASSERT(mg_strcmp(*mg_http_get_header(&hm, ""Content-Type""), mg_str(""c/d"")) == 0); } ASSERT(fetch(&mgr, buf, url, ""GET /foo/1 HTTP/1.0\r\n\n"") == 200); ASSERT(cmpbody(buf, ""uri: 1"") == 0); ASSERT(fetch(&mgr, buf, url, ""%s"", ""POST /body HTTP/1.1\r\n"" ""Content-Length: 4\r\n\r\nkuku"") == 200); ASSERT(cmpbody(buf, ""kuku"") == 0); ASSERT(fetch(&mgr, buf, url, ""GET /ssi HTTP/1.1\r\n\r\n"") == 301); ASSERT(fetch(&mgr, buf, url, ""GET /ssi/ HTTP/1.1\r\n\r\n"") == 200); ASSERT(cmpbody(buf, ""this is index\n"" ""this is nested\n\n"" ""this is f1\n\n\n\n"" ""recurse\n\n"" ""recurse\n\n"" ""recurse\n\n"" ""recurse\n\n"" ""recurse\n\n"") == 0); { struct mg_http_message hm; mg_http_parse(buf, strlen(buf), &hm); ASSERT(mg_http_get_header(&hm, ""Content-Length"") != NULL); ASSERT(mg_http_get_header(&hm, ""Content-Type"") != NULL); ASSERT(mg_strcmp(*mg_http_get_header(&hm, ""Content-Type""), mg_str(""text/html; charset=utf-8"")) == 0); } ASSERT(fetch(&mgr, buf, url, ""GET /badroot HTTP/1.0\r\n\n"") == 400); ASSERT(cmpbody(buf, ""Invalid web root [/BAAADDD!]\n"") == 0); { char *data = mg_file_read(""./test/data/ca.pem"", NULL); ASSERT(fetch(&mgr, buf, url, ""GET /ca.pem HTTP/1.0\r\n\n"") == 200); ASSERT(cmpbody(buf, data) == 0); free(data); } { struct mg_http_message hm; ASSERT(fetch(&mgr, buf, url, ""GET /empty.js HTTP/1.0\r\n\n"") == 200); mg_http_parse(buf, strlen(buf), &hm); ASSERT(mg_http_get_header(&hm, ""Content-Type"") != NULL); ASSERT(mg_strcmp(*mg_http_get_header(&hm, ""Content-Type""), mg_str(""text/javascript; charset=utf-8"")) == 0); } { int i, errored = 0; mg_connect(&mgr, ""tcp://127.0.0.1:55117"", eh9, &errored); for (i = 0; i < 10 && errored == 0; i++) mg_mgr_poll(&mgr, 1); ASSERT(errored == 7); } fetch(&mgr, buf, url, ""GET /test/ HTTP/1.0\n\n""); ASSERT(fetch(&mgr, buf, url, ""GET /test/ HTTP/1.0\n\n"") == 200); ASSERT(mg_strstr(mg_str(buf), mg_str("">Index of /test/<"")) != NULL); ASSERT(mg_strstr(mg_str(buf), mg_str("">fuzz.c<"")) != NULL); { struct mg_http_message hm; ASSERT(fetch(&mgr, buf, url, ""%s"", ""GET /creds?access_token=x HTTP/1.0\r\n\r\n"") == 200); mg_http_parse(buf, strlen(buf), &hm); ASSERT(mg_strcmp(hm.body, mg_str(""[]:[x]"")) == 0); ASSERT(fetch(&mgr, buf, url, ""%s"", ""GET /creds HTTP/1.0\r\n"" ""Authorization: Bearer x\r\n\r\n"") == 200); mg_http_parse(buf, strlen(buf), &hm); ASSERT(mg_strcmp(hm.body, mg_str(""[]:[x]"")) == 0); ASSERT(fetch(&mgr, buf, url, ""%s"", ""GET /creds HTTP/1.0\r\n"" ""Authorization: Basic Zm9vOmJhcg==\r\n\r\n"") == 200); mg_http_parse(buf, strlen(buf), &hm); ASSERT(mg_strcmp(hm.body, mg_str(""[foo]:[bar]"")) == 0); ASSERT(fetch(&mgr, buf, url, ""%s"", ""GET /creds HTTP/1.0\r\n"" ""Cookie: blah; access_token=hello\r\n\r\n"") == 200); mg_http_parse(buf, strlen(buf), &hm); ASSERT(mg_strcmp(hm.body, mg_str(""[]:[hello]"")) == 0); } { char *p; remove(""uploaded.txt""); ASSERT((p = mg_file_read(""uploaded.txt"", NULL)) == NULL); ASSERT(fetch(&mgr, buf, url, ""POST /upload HTTP/1.0\n"" ""Content-Length: 1\n\nx"") == 400); ASSERT(fetch(&mgr, buf, url, ""POST /upload?name=uploaded.txt HTTP/1.0\r\n"" ""Content-Length: 5\r\n"" ""\r\nhello"") == 200); ASSERT(fetch(&mgr, buf, url, ""POST /upload?name=uploaded.txt&offset=5 HTTP/1.0\r\n"" ""Content-Length: 6\r\n"" ""\r\n\nworld"") == 200); ASSERT((p = mg_file_read(""uploaded.txt"", NULL)) != NULL); ASSERT(strcmp(p, ""hello\nworld"") == 0); free(p); remove(""uploaded.txt""); } ASSERT(fetch(&mgr, buf, url, ""GET /a.txt HTTP/1.0\n\n"") == 200); ASSERT(fetch(&mgr, buf, url, ""HEAD /a.txt HTTP/1.0\n\n"") == 200); #if MG_ENABLE_IPV6 { const char *url6 = ""http://[::1]:12346""; ASSERT(mg_http_listen(&mgr, url6, eh1, NULL) != NULL); ASSERT(fetch(&mgr, buf, url6, ""GET /a.txt HTTP/1.0\n\n"") == 200); ASSERT(cmpbody(buf, ""hello\n"") == 0); } #endif mg_mgr_free(&mgr); ASSERT(mgr.conns == NULL); }",visit repo url,test/unit_test.c,https://github.com/cesanta/mongoose,99874254327358,1 1575,[],"int task_nice(const struct task_struct *p) { return TASK_NICE(p); }",linux-2.6,,,107262323194974624907444795087098405649,0 3063,CWE-125,"static int xbuf_format_converter(char **outbuf, const char *fmt, va_list ap) { register char *s = nullptr; char *q; int s_len; register int min_width = 0; int precision = 0; enum { LEFT, RIGHT } adjust; char pad_char; char prefix_char; double fp_num; wide_int i_num = (wide_int) 0; u_wide_int ui_num; char num_buf[NUM_BUF_SIZE]; char char_buf[2]; #ifdef HAVE_LOCALE_H struct lconv *lconv = nullptr; #endif length_modifier_e modifier; boolean_e alternate_form; boolean_e print_sign; boolean_e print_blank; boolean_e adjust_precision; boolean_e adjust_width; int is_negative; int size = 240; char *result = (char *)malloc(size); int outpos = 0; while (*fmt) { if (*fmt != '%') { appendchar(&result, &outpos, &size, *fmt); } else { adjust = RIGHT; alternate_form = print_sign = print_blank = NO; pad_char = ' '; prefix_char = NUL; fmt++; if (isascii((int)*fmt) && !islower((int)*fmt)) { for (;; fmt++) { if (*fmt == '-') adjust = LEFT; else if (*fmt == '+') print_sign = YES; else if (*fmt == '#') alternate_form = YES; else if (*fmt == ' ') print_blank = YES; else if (*fmt == '0') pad_char = '0'; else break; } if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, min_width); adjust_width = YES; } else if (*fmt == '*') { min_width = va_arg(ap, int); fmt++; adjust_width = YES; if (min_width < 0) { adjust = LEFT; min_width = -min_width; } } else adjust_width = NO; if (*fmt == '.') { adjust_precision = YES; fmt++; if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, precision); } else if (*fmt == '*') { precision = va_arg(ap, int); fmt++; if (precision < 0) precision = 0; } else precision = 0; } else adjust_precision = NO; } else adjust_precision = adjust_width = NO; switch (*fmt) { case 'L': fmt++; modifier = LM_LONG_DOUBLE; break; case 'I': fmt++; #if SIZEOF_LONG_LONG if (*fmt == '6' && *(fmt+1) == '4') { fmt += 2; modifier = LM_LONG_LONG; } else #endif if (*fmt == '3' && *(fmt+1) == '2') { fmt += 2; modifier = LM_LONG; } else { #ifdef _WIN64 modifier = LM_LONG_LONG; #else modifier = LM_LONG; #endif } break; case 'l': fmt++; #if SIZEOF_LONG_LONG if (*fmt == 'l') { fmt++; modifier = LM_LONG_LONG; } else #endif modifier = LM_LONG; break; case 'z': fmt++; modifier = LM_SIZE_T; break; case 'j': fmt++; #if SIZEOF_INTMAX_T modifier = LM_INTMAX_T; #else modifier = LM_SIZE_T; #endif break; case 't': fmt++; #if SIZEOF_PTRDIFF_T modifier = LM_PTRDIFF_T; #else modifier = LM_SIZE_T; #endif break; case 'h': fmt++; if (*fmt == 'h') { fmt++; } default: modifier = LM_STD; break; } switch (*fmt) { case 'u': switch(modifier) { default: i_num = (wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: i_num = (wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } case 'd': case 'i': if ((*fmt) != 'u') { switch(modifier) { default: i_num = (wide_int) va_arg(ap, int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, long int); break; case LM_SIZE_T: #if SIZEOF_SSIZE_T i_num = (wide_int) va_arg(ap, ssize_t); #else i_num = (wide_int) va_arg(ap, size_t); #endif break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, intmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } } s = ap_php_conv_10(i_num, (*fmt) == 'u', &is_negative, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (*fmt != 'u') { if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'o': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 3, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && *s != '0') { *--s = '0'; s_len++; } break; case 'x': case 'X': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 4, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && i_num != 0) { *--s = *fmt; *--s = '0'; s_len += 2; } break; case 's': case 'v': s = va_arg(ap, char *); if (s != nullptr) { s_len = strlen(s); if (adjust_precision && precision < s_len) s_len = precision; } else { s = const_cast(s_null); s_len = S_NULL_LEN; } pad_char = ' '; break; case 'f': case 'F': case 'e': case 'E': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""nan""); s_len = 3; } else if (std::isinf(fp_num)) { s = const_cast(""inf""); s_len = 3; } else { #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_conv_fp((*fmt == 'f')?'F':*fmt, fp_num, alternate_form, (adjust_precision == NO) ? FLOAT_DIGITS : precision, (*fmt == 'f')?LCONV_DECIMAL_POINT:'.', &is_negative, &num_buf[1], &s_len); if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'g': case 'k': case 'G': case 'H': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""NAN""); s_len = 3; break; } else if (std::isinf(fp_num)) { if (fp_num > 0) { s = const_cast(""INF""); s_len = 3; } else { s = const_cast(""-INF""); s_len = 4; } break; } if (adjust_precision == NO) precision = FLOAT_DIGITS; else if (precision == 0) precision = 1; #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_gcvt(fp_num, precision, (*fmt=='H' || *fmt == 'k') ? '.' : LCONV_DECIMAL_POINT, (*fmt == 'G' || *fmt == 'H')?'E':'e', &num_buf[1]); if (*s == '-') prefix_char = *s++; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; s_len = strlen(s); if (alternate_form && (q = strchr(s, '.')) == nullptr) s[s_len++] = '.'; break; case 'c': char_buf[0] = (char) (va_arg(ap, int)); s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case '%': char_buf[0] = '%'; s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case 'n': *(va_arg(ap, int *)) = outpos; goto skip_output; case 'p': if (sizeof(char *) <= sizeof(u_wide_int)) { ui_num = (u_wide_int)((size_t) va_arg(ap, char *)); s = ap_php_conv_p2(ui_num, 4, 'x', &num_buf[NUM_BUF_SIZE], &s_len); if (ui_num != 0) { *--s = 'x'; *--s = '0'; s_len += 2; } } else { s = const_cast(""%p""); s_len = 2; } pad_char = ' '; break; case NUL: continue; fmt_error: throw Exception(""Illegal length modifier specified '%c'"", *fmt); default: char_buf[0] = '%'; char_buf[1] = *fmt; s = char_buf; s_len = 2; pad_char = ' '; break; } if (prefix_char != NUL) { *--s = prefix_char; s_len++; } if (adjust_width && adjust == RIGHT && min_width > s_len) { if (pad_char == '0' && prefix_char != NUL) { appendchar(&result, &outpos, &size, *s); s++; s_len--; min_width--; } for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } appendsimplestring(&result, &outpos, &size, s, s_len); if (adjust_width && adjust == LEFT && min_width > s_len) { for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } } skip_output: fmt++; } result[outpos] = NUL; *outbuf = result; return outpos; }",visit repo url,hphp/zend/zend-printf.cpp,https://github.com/facebook/hhvm,58531151562577,1 1726,CWE-19,"ext2_xattr_put_super(struct super_block *sb) { }",visit repo url,fs/ext2/xattr.h,https://github.com/torvalds/linux,180753475444098,1 1804,[],"static inline void put_aggregate(struct sched_domain *sd) { }",linux-2.6,,,109861323878395429829397519956555142476,0 6086,CWE-190,"int bn_ham(const bn_t a) { int c = 0; for (int i = 0; i < bn_bits(a); i++) { c += bn_get_bit(a, i); } return c; }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,267009197781855,1 5587,CWE-125,"fstring_compile_expr(const char *expr_start, const char *expr_end, struct compiling *c, const node *n) { int all_whitespace = 1; int kind; void *data; PyCompilerFlags cf; mod_ty mod; char *str; PyObject *o, *fstring_name; Py_ssize_t len; Py_ssize_t i; assert(expr_end >= expr_start); assert(*(expr_start-1) == '{'); assert(*expr_end == '}' || *expr_end == '!' || *expr_end == ':'); o = PyUnicode_DecodeUTF8(expr_start, expr_end-expr_start, NULL); if (o == NULL) return NULL; len = PyUnicode_GET_LENGTH(o); kind = PyUnicode_KIND(o); data = PyUnicode_DATA(o); for (i = 0; i < len; i++) { if (!Py_UNICODE_ISSPACE(PyUnicode_READ(kind, data, i))) { all_whitespace = 0; break; } } Py_DECREF(o); if (all_whitespace) { ast_error(c, n, ""f-string: empty expression not allowed""); return NULL; } len = expr_end - expr_start; str = PyMem_RawMalloc(len + 3); if (str == NULL) return NULL; str[0] = '('; memcpy(str+1, expr_start, len); str[len+1] = ')'; str[len+2] = 0; cf.cf_flags = PyCF_ONLY_AST; fstring_name = PyUnicode_FromString(""""); mod = string_object_to_c_ast(str, fstring_name, Py_eval_input, &cf, c->c_feature_version, c->c_arena); Py_DECREF(fstring_name); PyMem_RawFree(str); if (!mod) return NULL; return mod->v.Expression.body; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,131866643174152,1 3335,CWE-119,"flac_read_loop (SF_PRIVATE *psf, unsigned len) { FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ; pflac->pos = 0 ; pflac->len = len ; pflac->remain = len ; if (pflac->frame != NULL && pflac->bufferpos < pflac->frame->header.blocksize) flac_buffer_copy (psf) ; while (pflac->pos < pflac->len) { if (FLAC__stream_decoder_process_single (pflac->fsd) == 0) break ; if (FLAC__stream_decoder_get_state (pflac->fsd) >= FLAC__STREAM_DECODER_END_OF_STREAM) break ; } ; pflac->ptr = NULL ; return pflac->pos ; } ",visit repo url,src/flac.c,https://github.com/erikd/libsndfile,8222184598552,1 5837,['CWE-200'],"static void aun_incoming(struct sk_buff *skb, struct aunhdr *ah, size_t len) { struct iphdr *ip = ip_hdr(skb); unsigned char stn = ntohl(ip->saddr) & 0xff; struct sock *sk; struct sk_buff *newskb; struct ec_device *edev = skb->dev->ec_ptr; if (! edev) goto bad; if ((sk = ec_listening_socket(ah->port, stn, edev->net)) == NULL) goto bad; newskb = alloc_skb((len - sizeof(struct aunhdr) + 15) & ~15, GFP_ATOMIC); if (newskb == NULL) { printk(KERN_DEBUG ""AUN: memory squeeze, dropping packet.\n""); goto bad; } memcpy(skb_put(newskb, len - sizeof(struct aunhdr)), (void *)(ah+1), len - sizeof(struct aunhdr)); if (ec_queue_packet(sk, newskb, stn, edev->net, ah->cb, ah->port)) { kfree_skb(newskb); goto bad; } aun_send_response(ip->saddr, ah->handle, 3, 0); return; bad: aun_send_response(ip->saddr, ah->handle, 4, 0); }",linux-2.6,,,290896149241449017279085269140612916747,0 708,[],"static int jpc_sot_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_sot_t *sot = &ms->parms.sot; cstate = 0; if (jpc_getuint16(in, &sot->tileno) || jpc_getuint32(in, &sot->len) || jpc_getuint8(in, &sot->partno) || jpc_getuint8(in, &sot->numparts)) { return -1; } if (jas_stream_eof(in)) { return -1; } return 0; }",jasper,,,163404658024545257447175154706835956259,0 2961,CWE-20,"static void ikev2_parent_inI1outR1_continue(struct pluto_crypto_req_cont *pcrc, struct pluto_crypto_req *r, err_t ugh) { struct ke_continuation *ke = (struct ke_continuation *)pcrc; struct msg_digest *md = ke->md; struct state *const st = md->st; stf_status e; DBG(DBG_CONTROLMORE, DBG_log(""ikev2 parent inI1outR1: calculated ke+nonce, sending R1"")); if (st == NULL) { loglog(RC_LOG_SERIOUS, ""%s: Request was disconnected from state"", __FUNCTION__); if (ke->md) release_md(ke->md); return; } passert(ugh == NULL); passert(cur_state == NULL); passert(st != NULL); passert(st->st_suspended_md == ke->md); set_suspended(st, NULL); set_cur_state(st); st->st_calculating = FALSE; e = ikev2_parent_inI1outR1_tail(pcrc, r); if (ke->md != NULL) { complete_v2_state_transition(&ke->md, e); if (ke->md) release_md(ke->md); } reset_globals(); passert(GLOBALS_ARE_RESET()); }",visit repo url,programs/pluto/ikev2_parent.c,https://github.com/libreswan/libreswan,17570866990161,1 3068,CWE-125,"char *string_crypt(const char *key, const char *salt) { assertx(key); assertx(salt); char random_salt[12]; if (!*salt) { memcpy(random_salt,""$1$"",3); ito64(random_salt+3,rand(),8); random_salt[11] = '\0'; return string_crypt(key, random_salt); } auto const saltLen = strlen(salt); if ((saltLen > sizeof(""$2X$00$"")) && (salt[0] == '$') && (salt[1] == '2') && (salt[2] >= 'a') && (salt[2] <= 'z') && (salt[3] == '$') && (salt[4] >= '0') && (salt[4] <= '3') && (salt[5] >= '0') && (salt[5] <= '9') && (salt[6] == '$')) { char output[61]; static constexpr size_t maxSaltLength = 123; char paddedSalt[maxSaltLength + 1]; paddedSalt[0] = paddedSalt[maxSaltLength] = '\0'; memset(&paddedSalt[1], '$', maxSaltLength - 1); memcpy(paddedSalt, salt, std::min(maxSaltLength, saltLen)); paddedSalt[saltLen] = '\0'; if (php_crypt_blowfish_rn(key, paddedSalt, output, sizeof(output))) { return strdup(output); } } else { #ifdef USE_PHP_CRYPT_R return php_crypt_r(key, salt); #else static Mutex mutex; Lock lock(mutex); char *crypt_res = crypt(key,salt); if (crypt_res) { return strdup(crypt_res); } #endif } return ((salt[0] == '*') && (salt[1] == '0')) ? strdup(""*1"") : strdup(""*0""); }",visit repo url,hphp/zend/zend-string.cpp,https://github.com/facebook/hhvm,171278930242578,1 1661,CWE-362,"static int perf_swevent_add(struct perf_event *event, int flags) { struct swevent_htable *swhash = this_cpu_ptr(&swevent_htable); struct hw_perf_event *hwc = &event->hw; struct hlist_head *head; if (is_sampling_event(event)) { hwc->last_period = hwc->sample_period; perf_swevent_set_period(event); } hwc->state = !(flags & PERF_EF_START); head = find_swevent_head(swhash, event); if (!head) { WARN_ON_ONCE(swhash->online); return -EINVAL; } hlist_add_head_rcu(&event->hlist_entry, head); perf_event_update_userpage(event); return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,55809942209332,1 3598,['CWE-20'],"sctp_disposition_t sctp_sf_t1_init_timer_expire(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *repl = NULL; struct sctp_bind_addr *bp; int attempts = asoc->init_err_counter + 1; SCTP_DEBUG_PRINTK(""Timer T1 expired (INIT).\n""); SCTP_INC_STATS(SCTP_MIB_T1_INIT_EXPIREDS); if (attempts <= asoc->max_init_attempts) { bp = (struct sctp_bind_addr *) &asoc->base.bind_addr; repl = sctp_make_init(asoc, bp, GFP_ATOMIC, 0); if (!repl) return SCTP_DISPOSITION_NOMEM; sctp_add_cmd_sf(commands, SCTP_CMD_INIT_CHOOSE_TRANSPORT, SCTP_CHUNK(repl)); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_RESTART, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); } else { SCTP_DEBUG_PRINTK(""Giving up on INIT, attempts: %d"" "" max_init_attempts: %d\n"", attempts, asoc->max_init_attempts); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ETIMEDOUT)); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, SCTP_PERR(SCTP_ERROR_NO_ERROR)); return SCTP_DISPOSITION_DELETE_TCB; } return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,326290411239296166847638454362430529805,0 2402,NVD-CWE-Other,"int av_reallocp_array(void *ptr, size_t nmemb, size_t size) { void **ptrptr = ptr; *ptrptr = av_realloc_f(*ptrptr, nmemb, size); if (!*ptrptr && !(nmemb && size)) return AVERROR(ENOMEM); return 0; }",visit repo url,libavutil/mem.c,https://github.com/FFmpeg/FFmpeg,30994382225989,1 55,['CWE-787'],"static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop) { cirrus_fill_t rop_func; if (BLTUNSAFE(s)) return 0; rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1]; rop_func(s, s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), s->cirrus_blt_dstpitch, s->cirrus_blt_width, s->cirrus_blt_height); cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, s->cirrus_blt_dstpitch, s->cirrus_blt_width, s->cirrus_blt_height); cirrus_bitblt_reset(s); return 1; }",qemu,,,100462643454757220206761816910980630335,0 1850,CWE-416,"void rose_start_heartbeat(struct sock *sk) { del_timer(&sk->sk_timer); sk->sk_timer.function = rose_heartbeat_expiry; sk->sk_timer.expires = jiffies + 5 * HZ; add_timer(&sk->sk_timer); }",visit repo url,net/rose/rose_timer.c,https://github.com/torvalds/linux,136633241523953,1 4808,['CWE-399'],"static void free_kevent(struct inotify_kernel_event *kevent) { kfree(kevent->name); kmem_cache_free(event_cachep, kevent); }",linux-2.6,,,305383586361652651484390525182080132377,0 6150,['CWE-200'],"static void ipmr_mfc_seq_stop(struct seq_file *seq, void *v) { struct ipmr_mfc_iter *it = seq->private; if (it->cache == &mfc_unres_queue) spin_unlock_bh(&mfc_unres_lock); else if (it->cache == mfc_cache_array) read_unlock(&mrt_lock); }",linux-2.6,,,234919370336083061774006416422045712111,0 5750,['CWE-200'],"static void irda_connect_indication(void *instance, void *sap, struct qos_info *qos, __u32 max_sdu_size, __u8 max_header_size, struct sk_buff *skb) { struct irda_sock *self; struct sock *sk; self = instance; IRDA_DEBUG(2, ""%s(%p)\n"", __func__, self); sk = instance; if (sk == NULL) { dev_kfree_skb(skb); return; } self->max_header_size = max_header_size; self->max_sdu_size_tx = max_sdu_size; switch (sk->sk_type) { case SOCK_STREAM: if (max_sdu_size != 0) { IRDA_ERROR(""%s: max_sdu_size must be 0\n"", __func__); kfree_skb(skb); return; } self->max_data_size = irttp_get_max_seg_size(self->tsap); break; case SOCK_SEQPACKET: if (max_sdu_size == 0) { IRDA_ERROR(""%s: max_sdu_size cannot be 0\n"", __func__); kfree_skb(skb); return; } self->max_data_size = max_sdu_size; break; default: self->max_data_size = irttp_get_max_seg_size(self->tsap); } IRDA_DEBUG(2, ""%s(), max_data_size=%d\n"", __func__, self->max_data_size); memcpy(&self->qos_tx, qos, sizeof(struct qos_info)); skb_queue_tail(&sk->sk_receive_queue, skb); sk->sk_state_change(sk); }",linux-2.6,,,268721425395645536864698759257745835267,0 6574,['CWE-200'],"action_info_new (NMConnectionList *list, GtkTreeView *treeview, GtkWindow *list_window, GtkWidget *button, PolKitAction *action) { ActionInfo *info; info = g_malloc0 (sizeof (ActionInfo)); g_object_weak_ref (G_OBJECT (list), (GWeakNotify) action_info_free, info); info->list = list; info->treeview = treeview; info->list_window = list_window; info->button = button; info->action = polkit_action_ref (action); return info; }",network-manager-applet,,,321882188860999513238468655940377882830,0 4542,['CWE-20'],"static inline void dx_set_hash(struct dx_entry *entry, unsigned value) { entry->hash = cpu_to_le32(value); }",linux-2.6,,,186532434900016065678580014559911414767,0 1750,CWE-20,"static int ovl_rename2(struct inode *olddir, struct dentry *old, struct inode *newdir, struct dentry *new, unsigned int flags) { int err; enum ovl_path_type old_type; enum ovl_path_type new_type; struct dentry *old_upperdir; struct dentry *new_upperdir; struct dentry *olddentry; struct dentry *newdentry; struct dentry *trap; bool old_opaque; bool new_opaque; bool new_create = false; bool cleanup_whiteout = false; bool overwrite = !(flags & RENAME_EXCHANGE); bool is_dir = d_is_dir(old); bool new_is_dir = false; struct dentry *opaquedir = NULL; const struct cred *old_cred = NULL; struct cred *override_cred = NULL; err = -EINVAL; if (flags & ~(RENAME_EXCHANGE | RENAME_NOREPLACE)) goto out; flags &= ~RENAME_NOREPLACE; err = ovl_check_sticky(old); if (err) goto out; old_type = ovl_path_type(old); err = -EXDEV; if (OVL_TYPE_MERGE_OR_LOWER(old_type) && is_dir) goto out; if (new->d_inode) { err = ovl_check_sticky(new); if (err) goto out; if (d_is_dir(new)) new_is_dir = true; new_type = ovl_path_type(new); err = -EXDEV; if (!overwrite && OVL_TYPE_MERGE_OR_LOWER(new_type) && new_is_dir) goto out; err = 0; if (!OVL_TYPE_UPPER(new_type) && !OVL_TYPE_UPPER(old_type)) { if (ovl_dentry_lower(old)->d_inode == ovl_dentry_lower(new)->d_inode) goto out; } if (OVL_TYPE_UPPER(new_type) && OVL_TYPE_UPPER(old_type)) { if (ovl_dentry_upper(old)->d_inode == ovl_dentry_upper(new)->d_inode) goto out; } } else { if (ovl_dentry_is_opaque(new)) new_type = __OVL_PATH_UPPER; else new_type = __OVL_PATH_UPPER | __OVL_PATH_PURE; } err = ovl_want_write(old); if (err) goto out; err = ovl_copy_up(old); if (err) goto out_drop_write; err = ovl_copy_up(new->d_parent); if (err) goto out_drop_write; if (!overwrite) { err = ovl_copy_up(new); if (err) goto out_drop_write; } old_opaque = !OVL_TYPE_PURE_UPPER(old_type); new_opaque = !OVL_TYPE_PURE_UPPER(new_type); if (old_opaque || new_opaque) { err = -ENOMEM; override_cred = prepare_creds(); if (!override_cred) goto out_drop_write; cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN); cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE); cap_raise(override_cred->cap_effective, CAP_FOWNER); cap_raise(override_cred->cap_effective, CAP_FSETID); cap_raise(override_cred->cap_effective, CAP_CHOWN); old_cred = override_creds(override_cred); } if (overwrite && OVL_TYPE_MERGE_OR_LOWER(new_type) && new_is_dir) { opaquedir = ovl_check_empty_and_clear(new); err = PTR_ERR(opaquedir); if (IS_ERR(opaquedir)) { opaquedir = NULL; goto out_revert_creds; } } if (overwrite) { if (old_opaque) { if (new->d_inode || !new_opaque) { flags |= RENAME_WHITEOUT; } else { flags |= RENAME_EXCHANGE; } } else if (is_dir && !new->d_inode && new_opaque) { flags |= RENAME_EXCHANGE; cleanup_whiteout = true; } } old_upperdir = ovl_dentry_upper(old->d_parent); new_upperdir = ovl_dentry_upper(new->d_parent); trap = lock_rename(new_upperdir, old_upperdir); olddentry = ovl_dentry_upper(old); newdentry = ovl_dentry_upper(new); if (newdentry) { if (opaquedir) { newdentry = opaquedir; opaquedir = NULL; } else { dget(newdentry); } } else { new_create = true; newdentry = lookup_one_len(new->d_name.name, new_upperdir, new->d_name.len); err = PTR_ERR(newdentry); if (IS_ERR(newdentry)) goto out_unlock; } err = -ESTALE; if (olddentry->d_parent != old_upperdir) goto out_dput; if (newdentry->d_parent != new_upperdir) goto out_dput; if (olddentry == trap) goto out_dput; if (newdentry == trap) goto out_dput; if (is_dir && !old_opaque && new_opaque) { err = ovl_set_opaque(olddentry); if (err) goto out_dput; } if (!overwrite && new_is_dir && old_opaque && !new_opaque) { err = ovl_set_opaque(newdentry); if (err) goto out_dput; } if (old_opaque || new_opaque) { err = ovl_do_rename(old_upperdir->d_inode, olddentry, new_upperdir->d_inode, newdentry, flags); } else { BUG_ON(flags & ~RENAME_EXCHANGE); err = vfs_rename(old_upperdir->d_inode, olddentry, new_upperdir->d_inode, newdentry, NULL, flags); } if (err) { if (is_dir && !old_opaque && new_opaque) ovl_remove_opaque(olddentry); if (!overwrite && new_is_dir && old_opaque && !new_opaque) ovl_remove_opaque(newdentry); goto out_dput; } if (is_dir && old_opaque && !new_opaque) ovl_remove_opaque(olddentry); if (!overwrite && new_is_dir && !old_opaque && new_opaque) ovl_remove_opaque(newdentry); if (old_opaque != new_opaque) { ovl_dentry_set_opaque(old, new_opaque); if (!overwrite) ovl_dentry_set_opaque(new, old_opaque); } if (cleanup_whiteout) ovl_cleanup(old_upperdir->d_inode, newdentry); ovl_dentry_version_inc(old->d_parent); ovl_dentry_version_inc(new->d_parent); out_dput: dput(newdentry); out_unlock: unlock_rename(new_upperdir, old_upperdir); out_revert_creds: if (old_opaque || new_opaque) { revert_creds(old_cred); put_cred(override_cred); } out_drop_write: ovl_drop_write(old); out: dput(opaquedir); return err; }",visit repo url,fs/overlayfs/dir.c,https://github.com/torvalds/linux,13959367820448,1 3198,CWE-835,"ns_nprint(netdissect_options *ndo, register const u_char *cp, register const u_char *bp) { register u_int i, l; register const u_char *rp = NULL; register int compress = 0; int chars_processed; int elt; int data_size = ndo->ndo_snapend - bp; if ((l = labellen(ndo, cp)) == (u_int)-1) return(NULL); if (!ND_TTEST2(*cp, 1)) return(NULL); chars_processed = 1; if (((i = *cp++) & INDIR_MASK) != INDIR_MASK) { compress = 0; rp = cp + l; } if (i != 0) while (i && cp < ndo->ndo_snapend) { if ((i & INDIR_MASK) == INDIR_MASK) { if (!compress) { rp = cp + 1; compress = 1; } if (!ND_TTEST2(*cp, 1)) return(NULL); cp = bp + (((i << 8) | *cp) & 0x3fff); if ((l = labellen(ndo, cp)) == (u_int)-1) return(NULL); if (!ND_TTEST2(*cp, 1)) return(NULL); i = *cp++; chars_processed++; if (chars_processed >= data_size) { ND_PRINT((ndo, """")); return (NULL); } continue; } if ((i & INDIR_MASK) == EDNS0_MASK) { elt = (i & ~INDIR_MASK); switch(elt) { case EDNS0_ELT_BITLABEL: if (blabel_print(ndo, cp) == NULL) return (NULL); break; default: ND_PRINT((ndo, """", elt)); return(NULL); } } else { if (fn_printn(ndo, cp, l, ndo->ndo_snapend)) return(NULL); } cp += l; chars_processed += l; ND_PRINT((ndo, ""."")); if ((l = labellen(ndo, cp)) == (u_int)-1) return(NULL); if (!ND_TTEST2(*cp, 1)) return(NULL); i = *cp++; chars_processed++; if (!compress) rp += l + 1; } else ND_PRINT((ndo, ""."")); return (rp); }",visit repo url,print-domain.c,https://github.com/the-tcpdump-group/tcpdump,273890874795442,1 4996,CWE-125,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 6591,['CWE-200'],"export_vpn_cb (GtkButton *button, gpointer user_data) { ActionInfo *info = (ActionInfo *) user_data; NMExportedConnection *exported; NMConnection *connection = NULL; exported = get_active_connection (info->treeview); if (exported) connection = nm_exported_connection_get_connection (exported); if (!connection) return; vpn_export (connection); }",network-manager-applet,,,327117937980301406531646524429074260763,0 4371,['CWE-264'],"static int sock_inuse_init_net(struct net *net) { net->core.inuse = alloc_percpu(struct prot_inuse); return net->core.inuse ? 0 : -ENOMEM; }",linux-2.6,,,302418009923640997756903684257747280489,0 5648,CWE-120,"process_options(argc, argv) int argc; char *argv[]; { int i, l; while (argc > 1 && argv[1][0] == '-') { argv++; argc--; l = (int) strlen(*argv); if (l < 4) l = 4; switch (argv[0][1]) { case 'D': case 'd': if ((argv[0][1] == 'D' && !argv[0][2]) || !strcmpi(*argv, ""-debug"")) { wizard = TRUE, discover = FALSE; } else if (!strncmpi(*argv, ""-DECgraphics"", l)) { load_symset(""DECGraphics"", PRIMARY); switch_symbols(TRUE); } else { raw_printf(""Unknown option: %s"", *argv); } break; case 'X': discover = TRUE, wizard = FALSE; break; #ifdef NEWS case 'n': iflags.news = FALSE; break; #endif case 'u': if (argv[0][2]) { (void) strncpy(plname, argv[0] + 2, sizeof plname - 1); } else if (argc > 1) { argc--; argv++; (void) strncpy(plname, argv[0], sizeof plname - 1); } else { raw_print(""Player name expected after -u""); } break; case 'I': case 'i': if (!strncmpi(*argv, ""-IBMgraphics"", l)) { load_symset(""IBMGraphics"", PRIMARY); load_symset(""RogueIBM"", ROGUESET); switch_symbols(TRUE); } else { raw_printf(""Unknown option: %s"", *argv); } break; case 'p': if (argv[0][2]) { if ((i = str2role(&argv[0][2])) >= 0) flags.initrole = i; } else if (argc > 1) { argc--; argv++; if ((i = str2role(argv[0])) >= 0) flags.initrole = i; } break; case 'r': if (argv[0][2]) { if ((i = str2race(&argv[0][2])) >= 0) flags.initrace = i; } else if (argc > 1) { argc--; argv++; if ((i = str2race(argv[0])) >= 0) flags.initrace = i; } break; case 'w': config_error_init(FALSE, ""command line"", FALSE); choose_windows(&argv[0][2]); config_error_done(); break; case '@': flags.randomall = 1; break; default: if ((i = str2role(&argv[0][1])) >= 0) { flags.initrole = i; break; } } } #ifdef SYSCF if (argc > 1) raw_printf(""MAXPLAYERS are set in sysconf file.\n""); #else if (argc > 1) locknum = atoi(argv[1]); #endif #ifdef MAX_NR_OF_PLAYERS if (!locknum || locknum > MAX_NR_OF_PLAYERS) locknum = MAX_NR_OF_PLAYERS; #endif #ifdef SYSCF if (!locknum || (sysopt.maxplayers && locknum > sysopt.maxplayers)) locknum = sysopt.maxplayers; #endif }",visit repo url,sys/unix/unixmain.c,https://github.com/NetHack/NetHack,193356282385237,1 4264,CWE-476,"static bool load_buffer(RBinFile *bf, void **bin_obj, RBuffer *buf, ut64 loadaddr, Sdb *sdb) { RBuffer *fbuf = r_buf_ref (buf); struct MACH0_(opts_t) opts; MACH0_(opts_set_default) (&opts, bf); struct MACH0_(obj_t) *main_mach0 = MACH0_(new_buf) (fbuf, &opts); if (!main_mach0) { return false; } RRebaseInfo *rebase_info = r_rebase_info_new_from_mach0 (fbuf, main_mach0); RKernelCacheObj *obj = NULL; RPrelinkRange *prelink_range = get_prelink_info_range_from_mach0 (main_mach0); if (!prelink_range) { goto beach; } obj = R_NEW0 (RKernelCacheObj); if (!obj) { R_FREE (prelink_range); goto beach; } RCFValueDict *prelink_info = NULL; if (main_mach0->hdr.filetype != MH_FILESET && prelink_range->range.size) { prelink_info = r_cf_value_dict_parse (fbuf, prelink_range->range.offset, prelink_range->range.size, R_CF_OPTION_SKIP_NSDATA); if (!prelink_info) { R_FREE (prelink_range); R_FREE (obj); goto beach; } } if (!pending_bin_files) { pending_bin_files = r_list_new (); if (!pending_bin_files) { R_FREE (prelink_range); R_FREE (obj); R_FREE (prelink_info); goto beach; } } obj->mach0 = main_mach0; obj->rebase_info = rebase_info; obj->prelink_info = prelink_info; obj->cache_buf = fbuf; obj->pa2va_exec = prelink_range->pa2va_exec; obj->pa2va_data = prelink_range->pa2va_data; R_FREE (prelink_range); *bin_obj = obj; r_list_push (pending_bin_files, bf); if (rebase_info || main_mach0->chained_starts) { RIO *io = bf->rbin->iob.io; swizzle_io_read (obj, io); } return true; beach: r_buf_free (fbuf); obj->cache_buf = NULL; MACH0_(mach0_free) (main_mach0); return false; }",visit repo url,libr/bin/p/bin_xnu_kernelcache.c,https://github.com/radareorg/radare2,235913578793491,1 5804,['CWE-200'],"static void atrtr_device_down(struct net_device *dev) { struct atalk_route **r = &atalk_routes; struct atalk_route *tmp; write_lock_bh(&atalk_routes_lock); while ((tmp = *r) != NULL) { if (tmp->dev == dev) { *r = tmp->next; dev_put(dev); kfree(tmp); } else r = &tmp->next; } write_unlock_bh(&atalk_routes_lock); if (atrtr_default.dev == dev) atrtr_set_default(NULL); }",linux-2.6,,,179616784848502759523133456670414600745,0 1804,CWE-362,"static ssize_t environ_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { char *page; unsigned long src = *ppos; int ret = 0; struct mm_struct *mm = file->private_data; unsigned long env_start, env_end; if (!mm) return 0; page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; ret = 0; if (!atomic_inc_not_zero(&mm->mm_users)) goto free; down_read(&mm->mmap_sem); env_start = mm->env_start; env_end = mm->env_end; up_read(&mm->mmap_sem); while (count > 0) { size_t this_len, max_len; int retval; if (src >= (env_end - env_start)) break; this_len = env_end - (env_start + src); max_len = min_t(size_t, PAGE_SIZE, count); this_len = min(max_len, this_len); retval = access_remote_vm(mm, (env_start + src), page, this_len, 0); if (retval <= 0) { ret = retval; break; } if (copy_to_user(buf, page, retval)) { ret = -EFAULT; break; } ret += retval; src += retval; buf += retval; count -= retval; } *ppos = src; mmput(mm); free: free_page((unsigned long) page); return ret; }",visit repo url,fs/proc/base.c,https://github.com/torvalds/linux,73861124547926,1 953,CWE-200,"static void __net_random_once_deferred(struct work_struct *w) { struct __net_random_once_work *work = container_of(w, struct __net_random_once_work, work); if (!static_key_enabled(work->key)) static_key_slow_inc(work->key); kfree(work); }",visit repo url,net/core/utils.c,https://github.com/torvalds/linux,159217033924742,1 4845,['CWE-189'],"static void ecryptfs_set_default_crypt_stat_vals( struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_mount_crypt_stat *mount_crypt_stat) { ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, mount_crypt_stat); ecryptfs_set_default_sizes(crypt_stat); strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID); crypt_stat->file_version = ECRYPTFS_FILE_VERSION; crypt_stat->mount_crypt_stat = mount_crypt_stat; }",linux-2.6,,,56545942953424984816424621161359876961,0 6399,['CWE-59'],"check_mountpoint(const char *progname, char *mountpoint) { int err; struct stat statbuf; err = stat(""."", &statbuf); if (err) { fprintf(stderr, ""%s: failed to stat %s: %s\n"", progname, mountpoint, strerror(errno)); return EX_USAGE; } if (!S_ISDIR(statbuf.st_mode)) { fprintf(stderr, ""%s: %s is not a directory!"", progname, mountpoint); return EX_USAGE; } #if CIFS_LEGACY_SETUID_CHECK if (!getuid() || geteuid()) return 0; if (statbuf.st_uid != getuid()) { fprintf(stderr, ""%s: %s is not owned by user\n"", progname, mountpoint); return EX_USAGE; } if ((statbuf.st_mode & S_IRWXU) != S_IRWXU) { fprintf(stderr, ""%s: invalid permissions on %s\n"", progname, mountpoint); return EX_USAGE; } #endif return 0; }",samba,,,76942710194804694222025614411846751705,0 4192,['CWE-399'],"int avahi_server_set_domain_name(AvahiServer *s, const char *domain_name) { char *dn = NULL; assert(s); AVAHI_CHECK_VALIDITY(s, !domain_name || avahi_is_valid_domain_name(domain_name), AVAHI_ERR_INVALID_DOMAIN_NAME); if (!domain_name) { dn = avahi_strdup(""local""); domain_name = dn; } if (avahi_domain_equal(s->domain_name, domain_name)) { avahi_free(dn); return avahi_server_set_errno(s, AVAHI_ERR_NO_CHANGE); } withdraw_host_rrs(s); avahi_free(s->domain_name); s->domain_name = avahi_normalize_name_strdup(domain_name); update_fqdn(s); register_stuff(s); avahi_free(dn); return AVAHI_OK; }",avahi,,,105733018904047803440932439561018576312,0 5865,['CWE-200'],"static void *nr_info_start(struct seq_file *seq, loff_t *pos) { struct sock *s; struct hlist_node *node; int i = 1; spin_lock_bh(&nr_list_lock); if (*pos == 0) return SEQ_START_TOKEN; sk_for_each(s, node, &nr_list) { if (i == *pos) return s; ++i; } return NULL; }",linux-2.6,,,272569074435481018638707748980838464591,0 922,CWE-264,"static inline int restore_fpu_checking(struct task_struct *tsk) { alternative_input( ASM_NOP8 ASM_NOP2, ""emms\n\t"" ""fildl %P[addr]"", X86_FEATURE_FXSAVE_LEAK, [addr] ""m"" (tsk->thread.fpu.has_fpu)); return fpu_restore_checking(&tsk->thread.fpu); }",visit repo url,arch/x86/include/asm/fpu-internal.h,https://github.com/torvalds/linux,166081508249377,1 2861,['CWE-189'],"void jpc_pchg_destroy(jpc_pchg_t *pchg) { jas_free(pchg); }",jasper,,,124605274677251392738385611931083315840,0 846,CWE-20,"SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, unsigned int, flags, struct sockaddr __user *, addr, int __user *, addr_len) { struct socket *sock; struct iovec iov; struct msghdr msg; struct sockaddr_storage address; int err, err2; int fput_needed; if (size > INT_MAX) size = INT_MAX; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_iovlen = 1; msg.msg_iov = &iov; iov.iov_len = size; iov.iov_base = ubuf; msg.msg_name = (struct sockaddr *)&address; msg.msg_namelen = sizeof(address); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = sock_recvmsg(sock, &msg, size, flags); if (err >= 0 && addr != NULL) { err2 = move_addr_to_user(&address, msg.msg_namelen, addr, addr_len); if (err2 < 0) err = err2; } fput_light(sock->file, fput_needed); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,89843130858034,1 302,[],"static int w_long(unsigned int fd, unsigned int cmd, unsigned long arg) { mm_segment_t old_fs = get_fs(); int err; unsigned long val; set_fs (KERNEL_DS); err = sys_ioctl(fd, cmd, (unsigned long)&val); set_fs (old_fs); if (!err && put_user(val, (u32 __user *)compat_ptr(arg))) return -EFAULT; return err; }",linux-2.6,,,220627159008124081667356969596043117932,0 1820,[],"static void free_sched_group_rcu(struct rcu_head *rhp) { free_sched_group(container_of(rhp, struct task_group, rcu)); }",linux-2.6,,,32471959853173585124301825920185396345,0 2341,['CWE-120'],"int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) { int error = may_create(dir, dentry, NULL); if (error) return error; if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD)) return -EPERM; if (!dir->i_op || !dir->i_op->mknod) return -EPERM; error = devcgroup_inode_mknod(mode, dev); if (error) return error; error = security_inode_mknod(dir, dentry, mode, dev); if (error) return error; DQUOT_INIT(dir); error = dir->i_op->mknod(dir, dentry, mode, dev); if (!error) fsnotify_create(dir, dentry); return error; }",linux-2.6,,,4537324146957767480348288029491494471,0 3386,CWE-476,"static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info, const ImageInfo *IMimage_info,Image *IMimage,ExceptionInfo *exception) { char im_vers[32], libpng_runv[32], libpng_vers[32], zlib_runv[32], zlib_vers[32]; Image *image; ImageInfo *image_info; char s[2]; const char *name, *property, *value; const StringInfo *profile; int num_passes, pass, ping_wrote_caNv; png_byte ping_trans_alpha[256]; png_color palette[257]; png_color_16 ping_background, ping_trans_color; png_info *ping_info; png_struct *ping; png_uint_32 ping_height, ping_width; ssize_t y; MagickBooleanType image_matte, logging, matte, ping_have_blob, ping_have_cheap_transparency, ping_have_color, ping_have_non_bw, ping_have_PLTE, ping_have_bKGD, ping_have_eXIf, ping_have_iCCP, ping_have_pHYs, ping_have_sRGB, ping_have_tRNS, ping_exclude_bKGD, ping_exclude_cHRM, ping_exclude_date, ping_exclude_eXIf, ping_exclude_gAMA, ping_exclude_iCCP, ping_exclude_oFFs, ping_exclude_pHYs, ping_exclude_sRGB, ping_exclude_tEXt, ping_exclude_tIME, ping_exclude_vpAg, ping_exclude_caNv, ping_exclude_zCCP, ping_exclude_zTXt, ping_preserve_colormap, ping_preserve_iCCP, ping_need_colortype_warning, status, tried_332, tried_333, tried_444; MemoryInfo *volatile pixel_info; QuantumInfo *quantum_info; PNGErrorInfo error_info; register ssize_t i, x; unsigned char *ping_pixels; volatile int image_colors, ping_bit_depth, ping_color_type, ping_interlace_method, ping_compression_method, ping_filter_method, ping_num_trans; volatile size_t image_depth, old_bit_depth; size_t quality, rowbytes, save_image_depth; int j, number_colors, number_opaque, number_semitransparent, number_transparent, ping_pHYs_unit_type; png_uint_32 ping_pHYs_x_resolution, ping_pHYs_y_resolution; logging=LogMagickEvent(CoderEvent,GetMagickModule(), "" Enter WriteOnePNGImage()""); image = CloneImage(IMimage,0,0,MagickFalse,exception); image_info=(ImageInfo *) CloneImageInfo(IMimage_info); if (image_info == (ImageInfo *) NULL) ThrowWriterException(ResourceLimitError, ""MemoryAllocationFailed""); *im_vers='\0'; (void) ConcatenateMagickString(im_vers, MagickLibVersionText,MagickPathExtent); (void) ConcatenateMagickString(im_vers, MagickLibAddendum,MagickPathExtent); *libpng_vers='\0'; (void) ConcatenateMagickString(libpng_vers, PNG_LIBPNG_VER_STRING,32); *libpng_runv='\0'; (void) ConcatenateMagickString(libpng_runv, png_get_libpng_ver(NULL),32); *zlib_vers='\0'; (void) ConcatenateMagickString(zlib_vers, ZLIB_VERSION,32); *zlib_runv='\0'; (void) ConcatenateMagickString(zlib_runv, zlib_version,32); if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" IM version = %s"", im_vers); (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" Libpng version = %s"", libpng_vers); if (LocaleCompare(libpng_vers,libpng_runv) != 0) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" running with %s"", libpng_runv); } (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" Zlib version = %s"", zlib_vers); if (LocaleCompare(zlib_vers,zlib_runv) != 0) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),"" running with %s"", zlib_runv); } } ping_bit_depth=0, ping_color_type=0, ping_interlace_method=0, ping_compression_method=0, ping_filter_method=0, ping_num_trans = 0; ping_background.red = 0; ping_background.green = 0; ping_background.blue = 0; ping_background.gray = 0; ping_background.index = 0; ping_trans_color.red=0; ping_trans_color.green=0; ping_trans_color.blue=0; ping_trans_color.gray=0; ping_pHYs_unit_type = 0; ping_pHYs_x_resolution = 0; ping_pHYs_y_resolution = 0; ping_have_blob=MagickFalse; ping_have_cheap_transparency=MagickFalse; ping_have_color=MagickTrue; ping_have_non_bw=MagickTrue; ping_have_PLTE=MagickFalse; ping_have_bKGD=MagickFalse; ping_have_eXIf=MagickTrue; ping_have_iCCP=MagickFalse; ping_have_pHYs=MagickFalse; ping_have_sRGB=MagickFalse; ping_have_tRNS=MagickFalse; ping_exclude_bKGD=mng_info->ping_exclude_bKGD; ping_exclude_caNv=mng_info->ping_exclude_caNv; ping_exclude_cHRM=mng_info->ping_exclude_cHRM; ping_exclude_date=mng_info->ping_exclude_date; ping_exclude_eXIf=mng_info->ping_exclude_eXIf; ping_exclude_gAMA=mng_info->ping_exclude_gAMA; ping_exclude_iCCP=mng_info->ping_exclude_iCCP; ping_exclude_oFFs=mng_info->ping_exclude_oFFs; ping_exclude_pHYs=mng_info->ping_exclude_pHYs; ping_exclude_sRGB=mng_info->ping_exclude_sRGB; ping_exclude_tEXt=mng_info->ping_exclude_tEXt; ping_exclude_tIME=mng_info->ping_exclude_tIME; ping_exclude_vpAg=mng_info->ping_exclude_vpAg; ping_exclude_zCCP=mng_info->ping_exclude_zCCP; ping_exclude_zTXt=mng_info->ping_exclude_zTXt; ping_preserve_colormap = mng_info->ping_preserve_colormap; ping_preserve_iCCP = mng_info->ping_preserve_iCCP; ping_need_colortype_warning = MagickFalse; if (ping_exclude_sRGB == MagickFalse && ping_preserve_iCCP == MagickFalse) { char *name; const StringInfo *profile; ResetImageProfileIterator(image); for (name=GetNextImageProfile(image); name != (const char *) NULL; ) { profile=GetImageProfile(image,name); if (profile != (StringInfo *) NULL) { if ((LocaleCompare(name,""ICC"") == 0) || (LocaleCompare(name,""ICM"") == 0)) { int icheck, got_crc=0; png_uint_32 length, profile_crc=0; unsigned char *data; length=(png_uint_32) GetStringInfoLength(profile); for (icheck=0; sRGB_info[icheck].len > 0; icheck++) { if (length == sRGB_info[icheck].len) { if (got_crc == 0) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Got a %lu-byte ICC profile (potentially sRGB)"", (unsigned long) length); data=GetStringInfoDatum(profile); profile_crc=crc32(0,data,length); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" with crc=%8x"",(unsigned int) profile_crc); got_crc++; } if (profile_crc == sRGB_info[icheck].crc) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" It is sRGB with rendering intent = %s"", Magick_RenderingIntentString_from_PNG_RenderingIntent( sRGB_info[icheck].intent)); if (image->rendering_intent==UndefinedIntent) { image->rendering_intent= Magick_RenderingIntent_from_PNG_RenderingIntent( sRGB_info[icheck].intent); } ping_exclude_iCCP = MagickTrue; ping_exclude_zCCP = MagickTrue; ping_have_sRGB = MagickTrue; break; } } } if (sRGB_info[icheck].len == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Got %lu-byte ICC profile not recognized as sRGB"", (unsigned long) length); } } name=GetNextImageProfile(image); } } number_opaque = 0; number_semitransparent = 0; number_transparent = 0; if (logging != MagickFalse) { if (image->storage_class == UndefinedClass) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->storage_class=UndefinedClass""); if (image->storage_class == DirectClass) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->storage_class=DirectClass""); if (image->storage_class == PseudoClass) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->storage_class=PseudoClass""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), image->taint ? "" image->taint=MagickTrue"": "" image->taint=MagickFalse""); } if (image->storage_class == PseudoClass && (mng_info->write_png8 || mng_info->write_png24 || mng_info->write_png32 || mng_info->write_png48 || mng_info->write_png64 || (mng_info->write_png_colortype != 1 && mng_info->write_png_colortype != 5))) { (void) SyncImage(image,exception); image->storage_class = DirectClass; } if (ping_preserve_colormap == MagickFalse) { if (image->storage_class != PseudoClass && image->colormap != NULL) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Freeing bogus colormap""); (void) RelinquishMagickMemory(image->colormap); image->colormap=NULL; } } if (IssRGBCompatibleColorspace(image->colorspace) == MagickFalse) (void) TransformImageColorspace(image,sRGBColorspace,exception); if (image->depth <= 8 && image->taint && image->storage_class == PseudoClass) (void) SyncImage(image,exception); #if (MAGICKCORE_QUANTUM_DEPTH == 8) if (image->depth > 8) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reducing PNG bit depth to 8 since this is a Q8 build.""); image->depth=8; } #endif if (image->depth < 4) { register Quantum *r; if (image->depth > 2) { LBR04PacketRGBO(image->background_color); for (y=0; y < (ssize_t) image->rows; y++) { r=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (r == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { LBR04PixelRGBA(r); r+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } if (image->storage_class == PseudoClass && image->colormap != NULL) { for (i=0; i < (ssize_t) image->colors; i++) { LBR04PacketRGBO(image->colormap[i]); } } } else if (image->depth > 1) { LBR02PacketRGBO(image->background_color); for (y=0; y < (ssize_t) image->rows; y++) { r=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (r == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { LBR02PixelRGBA(r); r+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } if (image->storage_class == PseudoClass && image->colormap != NULL) { for (i=0; i < (ssize_t) image->colors; i++) { LBR02PacketRGBO(image->colormap[i]); } } } else { LBR01PacketRGBO(image->background_color); for (y=0; y < (ssize_t) image->rows; y++) { r=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (r == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { LBR01PixelRGBA(r); r+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } if (image->storage_class == PseudoClass && image->colormap != NULL) { for (i=0; i < (ssize_t) image->colors; i++) { LBR01PacketRGBO(image->colormap[i]); } } } } if (image->depth < 8) image->depth=8; #if (MAGICKCORE_QUANTUM_DEPTH > 16) if (image->depth > 8) image->depth=16; #endif #if (MAGICKCORE_QUANTUM_DEPTH > 8) if (image->depth > 8) { image->depth=16; } if (image->depth == 16 && mng_info->write_png_depth != 16) if (mng_info->write_png8 || LosslessReduceDepthOK(image,exception) != MagickFalse) image->depth = 8; #endif image_colors = (int) image->colors; number_opaque = (int) image->colors; number_transparent = 0; number_semitransparent = 0; if (mng_info->write_png_colortype && (mng_info->write_png_colortype > 4 || (mng_info->write_png_depth >= 8 && mng_info->write_png_colortype < 4 && image->alpha_trait == UndefinedPixelTrait))) { if (mng_info->write_png_colortype == 1 || mng_info->write_png_colortype == 5) ping_have_color=MagickFalse; if (image->alpha_trait != UndefinedPixelTrait) { number_transparent = 2; number_semitransparent = 1; } } if (mng_info->write_png_colortype < 7) { tried_332 = MagickFalse; tried_333 = MagickFalse; tried_444 = MagickFalse; for (j=0; j<6; j++) { int n; PixelInfo opaque[260], semitransparent[260], transparent[260]; register const Quantum *s; register Quantum *q, *r; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Enter BUILD_PALETTE:""); if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->columns=%.20g"",(double) image->columns); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->rows=%.20g"",(double) image->rows); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->alpha_trait=%.20g"",(double) image->alpha_trait); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->depth=%.20g"",(double) image->depth); if (image->storage_class == PseudoClass && image->colormap != NULL) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Original colormap:""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" i (red,green,blue,alpha)""); for (i=0; i < 256; i++) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" %d (%d,%d,%d,%d)"", (int) i, (int) image->colormap[i].red, (int) image->colormap[i].green, (int) image->colormap[i].blue, (int) image->colormap[i].alpha); } for (i=image->colors - 10; i < (ssize_t) image->colors; i++) { if (i > 255) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" %d (%d,%d,%d,%d)"", (int) i, (int) image->colormap[i].red, (int) image->colormap[i].green, (int) image->colormap[i].blue, (int) image->colormap[i].alpha); } } } (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->colors=%d"",(int) image->colors); if (image->colors == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" (zero means unknown)""); if (ping_preserve_colormap == MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Regenerate the colormap""); } image_colors=0; number_opaque = 0; number_semitransparent = 0; number_transparent = 0; for (y=0; y < (ssize_t) image->rows; y++) { q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { if (image->alpha_trait == UndefinedPixelTrait || GetPixelAlpha(image,q) == OpaqueAlpha) { if (number_opaque < 259) { if (number_opaque == 0) { GetPixelInfoPixel(image, q, opaque); opaque[0].alpha=OpaqueAlpha; number_opaque=1; } for (i=0; i< (ssize_t) number_opaque; i++) { if (Magick_png_color_equal(image,q,opaque+i)) break; } if (i == (ssize_t) number_opaque && number_opaque < 259) { number_opaque++; GetPixelInfoPixel(image, q, opaque+i); opaque[i].alpha=OpaqueAlpha; } } } else if (GetPixelAlpha(image,q) == TransparentAlpha) { if (number_transparent < 259) { if (number_transparent == 0) { GetPixelInfoPixel(image, q, transparent); ping_trans_color.red=(unsigned short) GetPixelRed(image,q); ping_trans_color.green=(unsigned short) GetPixelGreen(image,q); ping_trans_color.blue=(unsigned short) GetPixelBlue(image,q); ping_trans_color.gray=(unsigned short) GetPixelGray(image,q); number_transparent = 1; } for (i=0; i< (ssize_t) number_transparent; i++) { if (Magick_png_color_equal(image,q,transparent+i)) break; } if (i == (ssize_t) number_transparent && number_transparent < 259) { number_transparent++; GetPixelInfoPixel(image,q,transparent+i); } } } else { if (number_semitransparent < 259) { if (number_semitransparent == 0) { GetPixelInfoPixel(image,q,semitransparent); number_semitransparent = 1; } for (i=0; i< (ssize_t) number_semitransparent; i++) { if (Magick_png_color_equal(image,q,semitransparent+i) && GetPixelAlpha(image,q) == semitransparent[i].alpha) break; } if (i == (ssize_t) number_semitransparent && number_semitransparent < 259) { number_semitransparent++; GetPixelInfoPixel(image, q, semitransparent+i); } } } q+=GetPixelChannels(image); } } if (mng_info->write_png8 == MagickFalse && ping_exclude_bKGD == MagickFalse) { if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Check colormap for background (%d,%d,%d)"", (int) image->background_color.red, (int) image->background_color.green, (int) image->background_color.blue); } for (i=0; ibackground_color.red && opaque[i].green == image->background_color.green && opaque[i].blue == image->background_color.blue) break; } if (number_opaque < 259 && i == number_opaque) { opaque[i] = image->background_color; ping_background.index = i; number_opaque++; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" background_color index is %d"",(int) i); } } else if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" No room in the colormap to add background color""); } image_colors=number_opaque+number_transparent+number_semitransparent; if (logging != MagickFalse) { if (image_colors > 256) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image has more than 256 colors""); else (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image has %d colors"",image_colors); } if (ping_preserve_colormap != MagickFalse) break; if (mng_info->write_png_colortype != 7) { ping_have_color=MagickFalse; ping_have_non_bw=MagickFalse; if (IssRGBCompatibleColorspace(image->colorspace) == MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""incompatible colorspace""); ping_have_color=MagickTrue; ping_have_non_bw=MagickTrue; } if(image_colors > 256) { for (y=0; y < (ssize_t) image->rows; y++) { q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; s=q; for (x=0; x < (ssize_t) image->columns; x++) { if (GetPixelRed(image,s) != GetPixelGreen(image,s) || GetPixelRed(image,s) != GetPixelBlue(image,s)) { ping_have_color=MagickTrue; ping_have_non_bw=MagickTrue; break; } s+=GetPixelChannels(image); } if (ping_have_color != MagickFalse) break; if (ping_have_non_bw == MagickFalse) { s=q; for (x=0; x < (ssize_t) image->columns; x++) { if (GetPixelRed(image,s) != 0 && GetPixelRed(image,s) != QuantumRange) { ping_have_non_bw=MagickTrue; break; } s+=GetPixelChannels(image); } } } } } if (image_colors < 257) { PixelInfo colormap[260]; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Sort the new colormap""); ; n = 0; for (i=0; iping_exclude_tRNS == MagickFalse || (number_transparent == 0 && number_semitransparent == 0)) && (((mng_info->write_png_colortype-1) == PNG_COLOR_TYPE_PALETTE) || (mng_info->write_png_colortype == 0))) { if (logging != MagickFalse) { if (n != (ssize_t) image_colors) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image_colors (%d) and n (%d) don't match"", image_colors, n); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" AcquireImageColormap""); } image->colors = image_colors; if (AcquireImageColormap(image,image_colors,exception) == MagickFalse) ThrowWriterException(ResourceLimitError, ""MemoryAllocationFailed""); for (i=0; i< (ssize_t) image_colors; i++) image->colormap[i] = colormap[i]; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->colors=%d (%d)"", (int) image->colors, image_colors); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Update the pixel indexes""); } for (y=0; y < (ssize_t) image->rows; y++) { q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { for (i=0; i< (ssize_t) image_colors; i++) { if ((image->alpha_trait == UndefinedPixelTrait || image->colormap[i].alpha == GetPixelAlpha(image,q)) && image->colormap[i].red == GetPixelRed(image,q) && image->colormap[i].green == GetPixelGreen(image,q) && image->colormap[i].blue == GetPixelBlue(image,q)) { SetPixelIndex(image,i,q); break; } } q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } } if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->colors=%d"", (int) image->colors); if (image->colormap != NULL) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" i (red,green,blue,alpha)""); for (i=0; i < (ssize_t) image->colors; i++) { if (i < 300 || i >= (ssize_t) image->colors - 10) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" %d (%d,%d,%d,%d)"", (int) i, (int) image->colormap[i].red, (int) image->colormap[i].green, (int) image->colormap[i].blue, (int) image->colormap[i].alpha); } } } if (number_transparent < 257) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" number_transparent = %d"", number_transparent); else (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" number_transparent > 256""); if (number_opaque < 257) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" number_opaque = %d"", number_opaque); else (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" number_opaque > 256""); if (number_semitransparent < 257) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" number_semitransparent = %d"", number_semitransparent); else (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" number_semitransparent > 256""); if (ping_have_non_bw == MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" All pixels and the background are black or white""); else if (ping_have_color == MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" All pixels and the background are gray""); else (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" At least one pixel or the background is non-gray""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Exit BUILD_PALETTE:""); } if (mng_info->write_png8 == MagickFalse) break; if (image_colors <= 256 && image_colors != 0 && image->colormap != NULL && number_semitransparent == 0 && number_transparent <= 1) break; if (number_semitransparent != 0 || number_transparent > 1) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Thresholding the alpha channel to binary""); for (y=0; y < (ssize_t) image->rows; y++) { r=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (r == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { if (GetPixelAlpha(image,r) < OpaqueAlpha/2) { SetPixelViaPixelInfo(image,&image->background_color,r); SetPixelAlpha(image,TransparentAlpha,r); } else SetPixelAlpha(image,OpaqueAlpha,r); r+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image_colors != 0 && image_colors <= 256 && image->colormap != NULL) for (i=0; icolormap[i].alpha = (image->colormap[i].alpha > TransparentAlpha/2 ? TransparentAlpha : OpaqueAlpha); } continue; } if (tried_444 == MagickFalse && (image_colors == 0 || image_colors > 256)) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Quantizing the background color to 4-4-4""); tried_444 = MagickTrue; LBR04PacketRGB(image->background_color); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Quantizing the pixel colors to 4-4-4""); if (image->colormap == NULL) { for (y=0; y < (ssize_t) image->rows; y++) { r=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (r == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { if (GetPixelAlpha(image,r) == OpaqueAlpha) LBR04PixelRGB(r); r+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } else { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Quantizing the colormap to 4-4-4""); for (i=0; icolormap[i]); } } continue; } if (tried_333 == MagickFalse && (image_colors == 0 || image_colors > 256)) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Quantizing the background color to 3-3-3""); tried_333 = MagickTrue; LBR03PacketRGB(image->background_color); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Quantizing the pixel colors to 3-3-3-1""); if (image->colormap == NULL) { for (y=0; y < (ssize_t) image->rows; y++) { r=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (r == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { if (GetPixelAlpha(image,r) == OpaqueAlpha) LBR03RGB(r); r+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } else { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Quantizing the colormap to 3-3-3-1""); for (i=0; icolormap[i]); } } continue; } if (tried_332 == MagickFalse && (image_colors == 0 || image_colors > 256)) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Quantizing the background color to 3-3-2""); tried_332 = MagickTrue; LBR02PacketBlue(image->background_color); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Quantizing the pixel colors to 3-3-2-1""); if (image->colormap == NULL) { for (y=0; y < (ssize_t) image->rows; y++) { r=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (r == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { if (GetPixelAlpha(image,r) == OpaqueAlpha) LBR02PixelBlue(r); r+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } else { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Quantizing the colormap to 3-3-2-1""); for (i=0; icolormap[i]); } } continue; } if (image_colors == 0 || image_colors > 256) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Merging two dark red background colors to 3-3-2-1""); if (ScaleQuantumToChar(image->background_color.red) == 0x49 && ScaleQuantumToChar(image->background_color.green) == 0x00 && ScaleQuantumToChar(image->background_color.blue) == 0x00) { image->background_color.red=ScaleCharToQuantum(0x24); } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Merging two dark red pixel colors to 3-3-2-1""); if (image->colormap == NULL) { for (y=0; y < (ssize_t) image->rows; y++) { r=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (r == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { if (ScaleQuantumToChar(GetPixelRed(image,r)) == 0x49 && ScaleQuantumToChar(GetPixelGreen(image,r)) == 0x00 && ScaleQuantumToChar(GetPixelBlue(image,r)) == 0x00 && GetPixelAlpha(image,r) == OpaqueAlpha) { SetPixelRed(image,ScaleCharToQuantum(0x24),r); } r+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } } else { for (i=0; icolormap[i].red) == 0x49 && ScaleQuantumToChar(image->colormap[i].green) == 0x00 && ScaleQuantumToChar(image->colormap[i].blue) == 0x00) { image->colormap[i].red=ScaleCharToQuantum(0x24); } } } } } } if (mng_info->ping_exclude_tRNS != MagickFalse && (number_transparent != 0 || number_semitransparent != 0)) { unsigned int colortype=mng_info->write_png_colortype; if (ping_have_color == MagickFalse) mng_info->write_png_colortype = 5; else mng_info->write_png_colortype = 7; if (colortype != 0 && mng_info->write_png_colortype != colortype) ping_need_colortype_warning=MagickTrue; } if (number_transparent == 1 && mng_info->write_png_colortype < 4) { ping_have_cheap_transparency = MagickTrue; if (number_semitransparent != 0) ping_have_cheap_transparency = MagickFalse; else if (image_colors == 0 || image_colors > 256 || image->colormap == NULL) { register const Quantum *q; for (y=0; y < (ssize_t) image->rows; y++) { q=GetVirtualPixels(image,0,y,image->columns,1, exception); if (q == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { if (GetPixelAlpha(image,q) != TransparentAlpha && (unsigned short) GetPixelRed(image,q) == ping_trans_color.red && (unsigned short) GetPixelGreen(image,q) == ping_trans_color.green && (unsigned short) GetPixelBlue(image,q) == ping_trans_color.blue) { ping_have_cheap_transparency = MagickFalse; break; } q+=GetPixelChannels(image); } if (ping_have_cheap_transparency == MagickFalse) break; } } else { if (image_colors > 1) for (i=1; icolormap[i].red == image->colormap[0].red && image->colormap[i].green == image->colormap[0].green && image->colormap[i].blue == image->colormap[0].blue) { ping_have_cheap_transparency = MagickFalse; break; } } if (logging != MagickFalse) { if (ping_have_cheap_transparency == MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Cheap transparency is not possible.""); else (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Cheap transparency is possible.""); } } else ping_have_cheap_transparency = MagickFalse; image_depth=image->depth; quantum_info = (QuantumInfo *) NULL; number_colors=0; image_colors=(int) image->colors; image_matte=image->alpha_trait != UndefinedPixelTrait ? MagickTrue : MagickFalse; if (mng_info->write_png_colortype < 5) mng_info->IsPalette=image->storage_class == PseudoClass && image_colors <= 256 && image->colormap != NULL; else mng_info->IsPalette = MagickFalse; if ((mng_info->write_png_colortype == 4 || mng_info->write_png8) && (image->colors == 0 || image->colormap == NULL)) { image_info=DestroyImageInfo(image_info); image=DestroyImage(image); (void) ThrowMagickException(exception,GetMagickModule(),CoderError, ""Cannot write PNG8 or color-type 3; colormap is NULL"", ""`%s'"",IMimage->filename); return(MagickFalse); } #ifdef PNG_USER_MEM_SUPPORTED error_info.image=image; error_info.exception=exception; ping=png_create_write_struct_2(PNG_LIBPNG_VER_STRING,&error_info, MagickPNGErrorHandler,MagickPNGWarningHandler,(void *) NULL, (png_malloc_ptr) Magick_png_malloc,(png_free_ptr) Magick_png_free); #else ping=png_create_write_struct(PNG_LIBPNG_VER_STRING,&error_info, MagickPNGErrorHandler,MagickPNGWarningHandler); #endif if (ping == (png_struct *) NULL) ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); ping_info=png_create_info_struct(ping); if (ping_info == (png_info *) NULL) { png_destroy_write_struct(&ping,(png_info **) NULL); ThrowWriterException(ResourceLimitError,""MemoryAllocationFailed""); } png_set_write_fn(ping,image,png_put_data,png_flush_data); pixel_info=(MemoryInfo *) NULL; if (setjmp(png_jmpbuf(ping))) { #ifdef PNG_DEBUG if (image_info->verbose) (void) printf(""PNG write has failed.\n""); #endif png_destroy_write_struct(&ping,&ping_info); #ifdef IMPNG_SETJMP_NOT_THREAD_SAFE UnlockSemaphoreInfo(ping_semaphore); #endif if (pixel_info != (MemoryInfo *) NULL) pixel_info=RelinquishVirtualMemory(pixel_info); if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (ping_have_blob != MagickFalse) (void) CloseBlob(image); image_info=DestroyImageInfo(image_info); image=DestroyImage(image); return(MagickFalse); } #ifdef IMPNG_SETJMP_NOT_THREAD_SAFE LockSemaphoreInfo(ping_semaphore); #endif #ifdef PNG_BENIGN_ERRORS_SUPPORTED png_set_benign_errors(ping, 1); #endif #ifdef PNG_SET_USER_LIMITS_SUPPORTED png_set_user_limits(ping, (png_uint_32) MagickMin(0x7fffffffL, GetMagickResourceLimit(WidthResource)), (png_uint_32) MagickMin(0x7fffffffL, GetMagickResourceLimit(HeightResource))); #endif #if defined(PNG_MNG_FEATURES_SUPPORTED) if (mng_info->write_mng) { (void) png_permit_mng_features(ping,PNG_ALL_MNG_FEATURES); # ifdef PNG_WRITE_CHECK_FOR_INVALID_INDEX_SUPPORTED png_set_check_for_invalid_index (ping, 0); # endif } #else # ifdef PNG_WRITE_EMPTY_PLTE_SUPPORTED if (mng_info->write_mng) png_permit_empty_plte(ping,MagickTrue); # endif #endif x=0; ping_width=(png_uint_32) image->columns; ping_height=(png_uint_32) image->rows; if (mng_info->write_png8 || mng_info->write_png24 || mng_info->write_png32) image_depth=8; if (mng_info->write_png48 || mng_info->write_png64) image_depth=16; if (mng_info->write_png_depth != 0) image_depth=mng_info->write_png_depth; if (image_depth > 8) image_depth=16; if ((image_depth > 4) && (image_depth < 8)) image_depth=8; if (image_depth == 3) image_depth=4; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" width=%.20g"",(double) ping_width); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" height=%.20g"",(double) ping_height); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image_matte=%.20g"",(double) image->alpha_trait); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->depth=%.20g"",(double) image->depth); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Tentative ping_bit_depth=%.20g"",(double) image_depth); } save_image_depth=image_depth; ping_bit_depth=(png_byte) save_image_depth; #if defined(PNG_pHYs_SUPPORTED) if (ping_exclude_pHYs == MagickFalse) { if ((image->resolution.x != 0) && (image->resolution.y != 0) && (!mng_info->write_mng || !mng_info->equal_physs)) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up pHYs chunk""); if (image->units == PixelsPerInchResolution) { ping_pHYs_unit_type=PNG_RESOLUTION_METER; ping_pHYs_x_resolution= (png_uint_32) ((100.0*image->resolution.x+0.5)/2.54); ping_pHYs_y_resolution= (png_uint_32) ((100.0*image->resolution.y+0.5)/2.54); } else if (image->units == PixelsPerCentimeterResolution) { ping_pHYs_unit_type=PNG_RESOLUTION_METER; ping_pHYs_x_resolution=(png_uint_32) (100.0*image->resolution.x+0.5); ping_pHYs_y_resolution=(png_uint_32) (100.0*image->resolution.y+0.5); } else { ping_pHYs_unit_type=PNG_RESOLUTION_UNKNOWN; ping_pHYs_x_resolution=(png_uint_32) image->resolution.x; ping_pHYs_y_resolution=(png_uint_32) image->resolution.y; } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Set up PNG pHYs chunk: xres: %.20g, yres: %.20g, units: %d."", (double) ping_pHYs_x_resolution,(double) ping_pHYs_y_resolution, (int) ping_pHYs_unit_type); ping_have_pHYs = MagickTrue; } } #endif if (ping_exclude_bKGD == MagickFalse) { if ((!mng_info->adjoin || !mng_info->equal_backgrounds)) { unsigned int mask; mask=0xffff; if (ping_bit_depth == 8) mask=0x00ff; if (ping_bit_depth == 4) mask=0x000f; if (ping_bit_depth == 2) mask=0x0003; if (ping_bit_depth == 1) mask=0x0001; ping_background.red=(png_uint_16) (ScaleQuantumToShort(image->background_color.red) & mask); ping_background.green=(png_uint_16) (ScaleQuantumToShort(image->background_color.green) & mask); ping_background.blue=(png_uint_16) (ScaleQuantumToShort(image->background_color.blue) & mask); ping_background.gray=(png_uint_16) ping_background.green; } if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up bKGD chunk (1)""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" background_color index is %d"", (int) ping_background.index); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" ping_bit_depth=%d"",ping_bit_depth); } ping_have_bKGD = MagickTrue; } matte=image_matte; old_bit_depth=0; if (mng_info->IsPalette && mng_info->write_png8) { number_colors=image_colors; ping_have_tRNS=MagickFalse; ping_color_type=(png_byte) PNG_COLOR_TYPE_PALETTE; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up PLTE chunk with %d colors (%d)"", number_colors, image_colors); for (i=0; i < (ssize_t) number_colors; i++) { palette[i].red=ScaleQuantumToChar(image->colormap[i].red); palette[i].green=ScaleQuantumToChar(image->colormap[i].green); palette[i].blue=ScaleQuantumToChar(image->colormap[i].blue); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), #if MAGICKCORE_QUANTUM_DEPTH == 8 "" %3ld (%3d,%3d,%3d)"", #else "" %5ld (%5d,%5d,%5d)"", #endif (long) i,palette[i].red,palette[i].green,palette[i].blue); } ping_have_PLTE=MagickTrue; image_depth=ping_bit_depth; ping_num_trans=0; if (matte != MagickFalse) { assert(number_colors <= 256); assert(image->colormap != NULL); for (i=0; i < (ssize_t) number_transparent; i++) ping_trans_alpha[i]=0; ping_num_trans=(unsigned short) (number_transparent + number_semitransparent); if (ping_num_trans == 0) ping_have_tRNS=MagickFalse; else ping_have_tRNS=MagickTrue; } if (ping_exclude_bKGD == MagickFalse) { for (i=0; i < (ssize_t) MagickMax(1L*number_colors-1L,1L); i++) if (IsPNGColorEqual(ping_background,image->colormap[i])) break; ping_background.index=(png_byte) i; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" background_color index is %d"", (int) ping_background.index); } } } else if (mng_info->write_png_colortype == 1) { image_matte=MagickFalse; ping_color_type=(png_byte) PNG_COLOR_TYPE_GRAY; } else if (mng_info->write_png24 || mng_info->write_png48 || mng_info->write_png_colortype == 3) { image_matte=MagickFalse; ping_color_type=(png_byte) PNG_COLOR_TYPE_RGB; } else if (mng_info->write_png32 || mng_info->write_png64 || mng_info->write_png_colortype == 7) { image_matte=MagickTrue; ping_color_type=(png_byte) PNG_COLOR_TYPE_RGB_ALPHA; } else { image_depth=ping_bit_depth; if (mng_info->write_png_colortype != 0) { ping_color_type=(png_byte) mng_info->write_png_colortype-1; if (ping_color_type == PNG_COLOR_TYPE_GRAY_ALPHA || ping_color_type == PNG_COLOR_TYPE_RGB_ALPHA) image_matte=MagickTrue; else image_matte=MagickFalse; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" PNG colortype %d was specified:"",(int) ping_color_type); } else { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Selecting PNG colortype:""); ping_color_type=(png_byte) ((matte != MagickFalse)? PNG_COLOR_TYPE_RGB_ALPHA:PNG_COLOR_TYPE_RGB); if (image_info->type == TrueColorType) { ping_color_type=(png_byte) PNG_COLOR_TYPE_RGB; image_matte=MagickFalse; } if (image_info->type == TrueColorAlphaType) { ping_color_type=(png_byte) PNG_COLOR_TYPE_RGB_ALPHA; image_matte=MagickTrue; } if (image_info->type == PaletteType || image_info->type == PaletteAlphaType) ping_color_type=(png_byte) PNG_COLOR_TYPE_PALETTE; if (mng_info->write_png_colortype == 0 && image_info->type == UndefinedType) { if (ping_have_color == MagickFalse) { if (image_matte == MagickFalse) { ping_color_type=(png_byte) PNG_COLOR_TYPE_GRAY; image_matte=MagickFalse; } else { ping_color_type=(png_byte) PNG_COLOR_TYPE_GRAY_ALPHA; image_matte=MagickTrue; } } else { if (image_matte == MagickFalse) { ping_color_type=(png_byte) PNG_COLOR_TYPE_RGB; image_matte=MagickFalse; } else { ping_color_type=(png_byte) PNG_COLOR_TYPE_RGBA; image_matte=MagickTrue; } } } } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Selected PNG colortype=%d"",ping_color_type); if (ping_bit_depth < 8) { if (ping_color_type == PNG_COLOR_TYPE_GRAY_ALPHA || ping_color_type == PNG_COLOR_TYPE_RGB || ping_color_type == PNG_COLOR_TYPE_RGB_ALPHA) ping_bit_depth=8; } old_bit_depth=ping_bit_depth; if (ping_color_type == PNG_COLOR_TYPE_GRAY) { if (image->alpha_trait == UndefinedPixelTrait && ping_have_non_bw == MagickFalse) ping_bit_depth=1; } if (ping_color_type == PNG_COLOR_TYPE_PALETTE) { size_t one = 1; ping_bit_depth=1; if (image->colors == 0) { png_error(ping,""image has 0 colors""); } while ((int) (one << ping_bit_depth) < (ssize_t) image_colors) ping_bit_depth <<= 1; } if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Number of colors: %.20g"",(double) image_colors); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Tentative PNG bit depth: %d"",ping_bit_depth); } if (ping_bit_depth < (int) mng_info->write_png_depth) ping_bit_depth = mng_info->write_png_depth; } image_depth=ping_bit_depth; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Tentative PNG color type: %s (%.20g)"", PngColorTypeToString(ping_color_type), (double) ping_color_type); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image_info->type: %.20g"",(double) image_info->type); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image_depth: %.20g"",(double) image_depth); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" image->depth: %.20g"",(double) image->depth); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" ping_bit_depth: %.20g"",(double) ping_bit_depth); } if (matte != MagickFalse) { if (mng_info->IsPalette) { if (mng_info->write_png_colortype == 0) { ping_color_type=PNG_COLOR_TYPE_GRAY_ALPHA; if (ping_have_color != MagickFalse) ping_color_type=PNG_COLOR_TYPE_RGBA; } if (number_transparent + number_semitransparent == 0) { image_matte=MagickFalse; if (mng_info->write_png_colortype == 0) ping_color_type&=0x03; } else { unsigned int mask; mask=0xffff; if (ping_bit_depth == 8) mask=0x00ff; if (ping_bit_depth == 4) mask=0x000f; if (ping_bit_depth == 2) mask=0x0003; if (ping_bit_depth == 1) mask=0x0001; ping_trans_color.red=(png_uint_16) (ScaleQuantumToShort(image->colormap[0].red) & mask); ping_trans_color.green=(png_uint_16) (ScaleQuantumToShort(image->colormap[0].green) & mask); ping_trans_color.blue=(png_uint_16) (ScaleQuantumToShort(image->colormap[0].blue) & mask); ping_trans_color.gray=(png_uint_16) (ScaleQuantumToShort(GetPixelInfoIntensity(image, image->colormap)) & mask); ping_trans_color.index=(png_byte) 0; ping_have_tRNS=MagickTrue; } if (ping_have_tRNS != MagickFalse) { if (ping_have_cheap_transparency == MagickFalse) ping_have_tRNS=MagickFalse; } if (ping_have_tRNS != MagickFalse) { if (mng_info->write_png_colortype == 0) ping_color_type &= 0x03; if (image_depth == 8) { ping_trans_color.red&=0xff; ping_trans_color.green&=0xff; ping_trans_color.blue&=0xff; ping_trans_color.gray&=0xff; } } } else { if (image_depth == 8) { ping_trans_color.red&=0xff; ping_trans_color.green&=0xff; ping_trans_color.blue&=0xff; ping_trans_color.gray&=0xff; } } } matte=image_matte; if (ping_have_tRNS != MagickFalse) image_matte=MagickFalse; if ((mng_info->IsPalette) && mng_info->write_png_colortype-1 != PNG_COLOR_TYPE_PALETTE && ping_have_color == MagickFalse && (image_matte == MagickFalse || image_depth >= 8)) { size_t one=1; if (image_matte != MagickFalse) ping_color_type=PNG_COLOR_TYPE_GRAY_ALPHA; else if (mng_info->write_png_colortype-1 != PNG_COLOR_TYPE_GRAY_ALPHA) { ping_color_type=PNG_COLOR_TYPE_GRAY; if (save_image_depth == 16 && image_depth == 8) { if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Scaling ping_trans_color (0)""); } ping_trans_color.gray*=0x0101; } } if (image_depth > MAGICKCORE_QUANTUM_DEPTH) image_depth=MAGICKCORE_QUANTUM_DEPTH; if ((image_colors == 0) || ((ssize_t) (image_colors-1) > (ssize_t) MaxColormapSize)) image_colors=(int) (one << image_depth); if (image_depth > 8) ping_bit_depth=16; else { ping_bit_depth=8; if ((int) ping_color_type == PNG_COLOR_TYPE_PALETTE) { if(!mng_info->write_png_depth) { ping_bit_depth=1; while ((int) (one << ping_bit_depth) < (ssize_t) image_colors) ping_bit_depth <<= 1; } } else if (ping_color_type == PNG_COLOR_TYPE_GRAY && image_colors < 17 && mng_info->IsPalette) { int depth_4_ok=MagickTrue, depth_2_ok=MagickTrue, depth_1_ok=MagickTrue; for (i=0; i < (ssize_t) image_colors; i++) { unsigned char intensity; intensity=ScaleQuantumToChar(image->colormap[i].red); if ((intensity & 0x0f) != ((intensity & 0xf0) >> 4)) depth_4_ok=depth_2_ok=depth_1_ok=MagickFalse; else if ((intensity & 0x03) != ((intensity & 0x0c) >> 2)) depth_2_ok=depth_1_ok=MagickFalse; else if ((intensity & 0x01) != ((intensity & 0x02) >> 1)) depth_1_ok=MagickFalse; } if (depth_1_ok && mng_info->write_png_depth <= 1) ping_bit_depth=1; else if (depth_2_ok && mng_info->write_png_depth <= 2) ping_bit_depth=2; else if (depth_4_ok && mng_info->write_png_depth <= 4) ping_bit_depth=4; } } image_depth=ping_bit_depth; } else if (mng_info->IsPalette) { number_colors=image_colors; if (image_depth <= 8) { ping_color_type=(png_byte) PNG_COLOR_TYPE_PALETTE; if (!(mng_info->have_write_global_plte && matte == MagickFalse)) { for (i=0; i < (ssize_t) number_colors; i++) { palette[i].red=ScaleQuantumToChar(image->colormap[i].red); palette[i].green= ScaleQuantumToChar(image->colormap[i].green); palette[i].blue=ScaleQuantumToChar(image->colormap[i].blue); } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up PLTE chunk with %d colors"", number_colors); ping_have_PLTE=MagickTrue; } if (mng_info->write_png_depth == 0) { size_t one; ping_bit_depth=1; one=1; while ((one << ping_bit_depth) < (size_t) number_colors) ping_bit_depth <<= 1; } ping_num_trans=0; if (matte != MagickFalse) { assert(number_colors <= 256); ping_num_trans=(unsigned short) (number_transparent + number_semitransparent); if (ping_num_trans == 0) ping_have_tRNS=MagickFalse; else { if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Scaling ping_trans_color (1)""); } ping_have_tRNS=MagickTrue; for (i=0; i < ping_num_trans; i++) { ping_trans_alpha[i]= (png_byte) ScaleQuantumToChar(image->colormap[i].alpha); } } } } } else { if (image_depth < 8) image_depth=8; if ((save_image_depth == 16) && (image_depth == 8)) { if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Scaling ping_trans_color from (%d,%d,%d)"", (int) ping_trans_color.red, (int) ping_trans_color.green, (int) ping_trans_color.blue); } ping_trans_color.red*=0x0101; ping_trans_color.green*=0x0101; ping_trans_color.blue*=0x0101; ping_trans_color.gray*=0x0101; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" to (%d,%d,%d)"", (int) ping_trans_color.red, (int) ping_trans_color.green, (int) ping_trans_color.blue); } } } if (ping_bit_depth < (ssize_t) mng_info->write_png_depth) ping_bit_depth = (ssize_t) mng_info->write_png_depth; if (ping_bit_depth < 8 && ping_color_type == PNG_COLOR_TYPE_GRAY) { png_uint_16 maxval; size_t one=1; maxval=(png_uint_16) ((one << ping_bit_depth)-1); if (ping_exclude_bKGD == MagickFalse) { ping_background.gray=(png_uint_16) ((maxval/65535.)* (ScaleQuantumToShort(((GetPixelInfoIntensity(image, &image->background_color))) +.5))); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up bKGD chunk (2)""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" background_color index is %d"", (int) ping_background.index); ping_have_bKGD = MagickTrue; } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Scaling ping_trans_color.gray from %d"", (int)ping_trans_color.gray); ping_trans_color.gray=(png_uint_16) ((maxval/255.)*( ping_trans_color.gray)+.5); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" to %d"", (int)ping_trans_color.gray); } if (ping_exclude_bKGD == MagickFalse) { if (mng_info->IsPalette && (int) ping_color_type == PNG_COLOR_TYPE_PALETTE) { number_colors=image_colors; for (i=0; i < (ssize_t) MagickMax(1L*number_colors,1L); i++) if (IsPNGColorEqual(image->background_color,image->colormap[i])) break; ping_background.index=(png_byte) i; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up bKGD chunk with index=%d"",(int) i); } if (i < (ssize_t) number_colors) { ping_have_bKGD = MagickTrue; if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" background =(%d,%d,%d)"", (int) ping_background.red, (int) ping_background.green, (int) ping_background.blue); } } else { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" No room in PLTE to add bKGD color""); ping_have_bKGD = MagickFalse; } } } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" PNG color type: %s (%d)"", PngColorTypeToString(ping_color_type), ping_color_type); if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up deflate compression""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Compression buffer size: 32768""); } png_set_compression_buffer_size(ping,32768L); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Compression mem level: 9""); png_set_compression_mem_level(ping, 9); quality=image_info->quality == UndefinedCompressionQuality ? 75UL : image_info->quality; if (quality <= 9) { if (mng_info->write_png_compression_strategy == 0) mng_info->write_png_compression_strategy = Z_HUFFMAN_ONLY+1; } else if (mng_info->write_png_compression_level == 0) { int level; level=(int) MagickMin((ssize_t) quality/10,9); mng_info->write_png_compression_level = level+1; } if (mng_info->write_png_compression_strategy == 0) { if ((quality %10) == 8 || (quality %10) == 9) #ifdef Z_RLE mng_info->write_png_compression_strategy=Z_RLE+1; #else mng_info->write_png_compression_strategy = Z_DEFAULT_STRATEGY+1; #endif } if (mng_info->write_png_compression_filter == 0) mng_info->write_png_compression_filter=((int) quality % 10) + 1; if (logging != MagickFalse) { if (mng_info->write_png_compression_level) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Compression level: %d"", (int) mng_info->write_png_compression_level-1); if (mng_info->write_png_compression_strategy) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Compression strategy: %d"", (int) mng_info->write_png_compression_strategy-1); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up filtering""); if (mng_info->write_png_compression_filter == 6) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Base filter method: ADAPTIVE""); else if (mng_info->write_png_compression_filter == 0 || mng_info->write_png_compression_filter == 1) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Base filter method: NONE""); else (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Base filter method: %d"", (int) mng_info->write_png_compression_filter-1); } if (mng_info->write_png_compression_level != 0) png_set_compression_level(ping,mng_info->write_png_compression_level-1); if (mng_info->write_png_compression_filter == 6) { if (((int) ping_color_type == PNG_COLOR_TYPE_GRAY) || ((int) ping_color_type == PNG_COLOR_TYPE_PALETTE) || (quality < 50)) png_set_filter(ping,PNG_FILTER_TYPE_BASE,PNG_NO_FILTERS); else png_set_filter(ping,PNG_FILTER_TYPE_BASE,PNG_ALL_FILTERS); } else if (mng_info->write_png_compression_filter == 7 || mng_info->write_png_compression_filter == 10) png_set_filter(ping,PNG_FILTER_TYPE_BASE,PNG_ALL_FILTERS); else if (mng_info->write_png_compression_filter == 8) { #if defined(PNG_MNG_FEATURES_SUPPORTED) && defined(PNG_INTRAPIXEL_DIFFERENCING) if (mng_info->write_mng) { if (((int) ping_color_type == PNG_COLOR_TYPE_RGB) || ((int) ping_color_type == PNG_COLOR_TYPE_RGBA)) ping_filter_method=PNG_INTRAPIXEL_DIFFERENCING; } #endif png_set_filter(ping,PNG_FILTER_TYPE_BASE,PNG_NO_FILTERS); } else if (mng_info->write_png_compression_filter == 9) png_set_filter(ping,PNG_FILTER_TYPE_BASE,PNG_NO_FILTERS); else if (mng_info->write_png_compression_filter != 0) png_set_filter(ping,PNG_FILTER_TYPE_BASE, mng_info->write_png_compression_filter-1); if (mng_info->write_png_compression_strategy != 0) png_set_compression_strategy(ping, mng_info->write_png_compression_strategy-1); ping_interlace_method=image_info->interlace != NoInterlace; if (mng_info->write_mng) png_set_sig_bytes(ping,8); if (mng_info->write_png_colortype != 0) { if (mng_info->write_png_colortype-1 == PNG_COLOR_TYPE_GRAY) if (ping_have_color != MagickFalse) { ping_color_type = PNG_COLOR_TYPE_RGB; if (ping_bit_depth < 8) ping_bit_depth=8; } if (mng_info->write_png_colortype-1 == PNG_COLOR_TYPE_GRAY_ALPHA) if (ping_have_color != MagickFalse) ping_color_type = PNG_COLOR_TYPE_RGB_ALPHA; } if (ping_need_colortype_warning != MagickFalse || ((mng_info->write_png_depth && (int) mng_info->write_png_depth != ping_bit_depth) || (mng_info->write_png_colortype && ((int) mng_info->write_png_colortype-1 != ping_color_type && mng_info->write_png_colortype != 7 && !(mng_info->write_png_colortype == 5 && ping_color_type == 0))))) { if (logging != MagickFalse) { if (ping_need_colortype_warning != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Image has transparency but tRNS chunk was excluded""); } if (mng_info->write_png_depth) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Defined png:bit-depth=%u, Computed depth=%u"", mng_info->write_png_depth, ping_bit_depth); } if (mng_info->write_png_colortype) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Defined png:color-type=%u, Computed color type=%u"", mng_info->write_png_colortype-1, ping_color_type); } } png_warning(ping, ""Cannot write image with defined png:bit-depth or png:color-type.""); } if (image_matte != MagickFalse && image->alpha_trait == UndefinedPixelTrait) { image->alpha_trait = BlendPixelTrait; (void) SetImageAlpha(image,OpaqueAlpha,exception); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Added an opaque matte channel""); } if (number_transparent != 0 || number_semitransparent != 0) { if (ping_color_type < 4) { ping_have_tRNS=MagickTrue; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting ping_have_tRNS=MagickTrue.""); } } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing PNG header chunks""); png_set_IHDR(ping,ping_info,ping_width,ping_height, ping_bit_depth,ping_color_type, ping_interlace_method,ping_compression_method, ping_filter_method); if (ping_color_type == 3 && ping_have_PLTE != MagickFalse) { png_set_PLTE(ping,ping_info,palette,number_colors); if (logging != MagickFalse) { for (i=0; i< (ssize_t) number_colors; i++) { if (i < ping_num_trans) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" PLTE[%d] = (%d,%d,%d), tRNS[%d] = (%d)"", (int) i, (int) palette[i].red, (int) palette[i].green, (int) palette[i].blue, (int) i, (int) ping_trans_alpha[i]); else (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" PLTE[%d] = (%d,%d,%d)"", (int) i, (int) palette[i].red, (int) palette[i].green, (int) palette[i].blue); } } } if (ping_exclude_sRGB != MagickFalse || (!png_get_valid(ping,ping_info,PNG_INFO_sRGB))) { if ((ping_exclude_tEXt == MagickFalse || ping_exclude_zTXt == MagickFalse) && (ping_exclude_iCCP == MagickFalse || ping_exclude_zCCP == MagickFalse)) { ResetImageProfileIterator(image); for (name=GetNextImageProfile(image); name != (const char *) NULL; ) { profile=GetImageProfile(image,name); if (profile != (StringInfo *) NULL) { #ifdef PNG_WRITE_iCCP_SUPPORTED if ((LocaleCompare(name,""ICC"") == 0) || (LocaleCompare(name,""ICM"") == 0)) { ping_have_iCCP = MagickTrue; if (ping_exclude_iCCP == MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up iCCP chunk""); png_set_iCCP(ping,ping_info,(png_charp) name,0, #if (PNG_LIBPNG_VER < 10500) (png_charp) GetStringInfoDatum(profile), #else (const png_byte *) GetStringInfoDatum(profile), #endif (png_uint_32) GetStringInfoLength(profile)); } else { name=GetNextImageProfile(image); continue; } } #endif if (LocaleCompare(name,""exif"") == 0) { name=GetNextImageProfile(image); continue; } (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up zTXt chunk with uuencoded %s profile"", name); Magick_png_write_raw_profile(image_info,ping,ping_info, (unsigned char *) name,(unsigned char *) name, GetStringInfoDatum(profile), (png_uint_32) GetStringInfoLength(profile)); } name=GetNextImageProfile(image); } } } #if defined(PNG_WRITE_sRGB_SUPPORTED) if ((mng_info->have_write_global_srgb == 0) && ping_have_iCCP != MagickTrue && (ping_have_sRGB != MagickFalse || png_get_valid(ping,ping_info,PNG_INFO_sRGB))) { if (ping_exclude_sRGB == MagickFalse) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up sRGB chunk""); (void) png_set_sRGB(ping,ping_info,( Magick_RenderingIntent_to_PNG_RenderingIntent( image->rendering_intent))); ping_have_sRGB = MagickTrue; } } if ((!mng_info->write_mng) || (!png_get_valid(ping,ping_info,PNG_INFO_sRGB))) #endif { if (ping_exclude_gAMA == MagickFalse && ping_have_iCCP == MagickFalse && ping_have_sRGB == MagickFalse && (ping_exclude_sRGB == MagickFalse || (image->gamma < .45 || image->gamma > .46))) { if ((mng_info->have_write_global_gama == 0) && (image->gamma != 0.0)) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up gAMA chunk""); png_set_gAMA(ping,ping_info,image->gamma); } } if (ping_exclude_cHRM == MagickFalse && ping_have_sRGB == MagickFalse) { if ((mng_info->have_write_global_chrm == 0) && (image->chromaticity.red_primary.x != 0.0)) { PrimaryInfo bp, gp, rp, wp; wp=image->chromaticity.white_point; rp=image->chromaticity.red_primary; gp=image->chromaticity.green_primary; bp=image->chromaticity.blue_primary; if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up cHRM chunk""); png_set_cHRM(ping,ping_info,wp.x,wp.y,rp.x,rp.y,gp.x,gp.y, bp.x,bp.y); } } } if (ping_exclude_bKGD == MagickFalse) { if (ping_have_bKGD != MagickFalse) { png_set_bKGD(ping,ping_info,&ping_background); if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up bKGD chunk""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" background color = (%d,%d,%d)"", (int) ping_background.red, (int) ping_background.green, (int) ping_background.blue); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" index = %d, gray=%d"", (int) ping_background.index, (int) ping_background.gray); } } } if (ping_exclude_pHYs == MagickFalse) { if (ping_have_pHYs != MagickFalse) { png_set_pHYs(ping,ping_info, ping_pHYs_x_resolution, ping_pHYs_y_resolution, ping_pHYs_unit_type); if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up pHYs chunk""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" x_resolution=%lu"", (unsigned long) ping_pHYs_x_resolution); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" y_resolution=%lu"", (unsigned long) ping_pHYs_y_resolution); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" unit_type=%lu"", (unsigned long) ping_pHYs_unit_type); } } } #if defined(PNG_tIME_SUPPORTED) if (ping_exclude_tIME == MagickFalse) { const char *timestamp; if (image->taint == MagickFalse) { timestamp=GetImageOption(image_info,""png:tIME""); if (timestamp == (const char *) NULL) timestamp=GetImageProperty(image,""png:tIME"",exception); } else { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Reset tIME in tainted image""); timestamp=GetImageProperty(image,""date:modify"",exception); } if (timestamp != (const char *) NULL) write_tIME_chunk(image,ping,ping_info,timestamp,exception); } #endif if (mng_info->need_blob != MagickFalse) { if (OpenBlob(image_info,image,WriteBinaryBlobMode,exception) == MagickFalse) png_error(ping,""WriteBlob Failed""); ping_have_blob=MagickTrue; } png_write_info_before_PLTE(ping, ping_info); if (ping_have_tRNS != MagickFalse && ping_color_type < 4) { if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Calling png_set_tRNS with num_trans=%d"",ping_num_trans); } if (ping_color_type == 3) (void) png_set_tRNS(ping, ping_info, ping_trans_alpha, ping_num_trans, NULL); else { (void) png_set_tRNS(ping, ping_info, NULL, 0, &ping_trans_color); if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" tRNS color =(%d,%d,%d)"", (int) ping_trans_color.red, (int) ping_trans_color.green, (int) ping_trans_color.blue); } } } (void) Magick_png_write_chunk_from_profile(image,""PNG-chunk-b"",logging); png_write_info(ping,ping_info); (void) Magick_png_write_chunk_from_profile(image,""PNG-chunk-m"",logging); ping_wrote_caNv = MagickFalse; if (ping_exclude_caNv == MagickFalse) { if ((image->page.width != 0 && image->page.width != image->columns) || (image->page.height != 0 && image->page.height != image->rows) || image->page.x != 0 || image->page.y != 0) { unsigned char chunk[20]; (void) WriteBlobMSBULong(image,16L); PNGType(chunk,mng_caNv); LogPNGChunk(logging,mng_caNv,16L); PNGLong(chunk+4,(png_uint_32) image->page.width); PNGLong(chunk+8,(png_uint_32) image->page.height); PNGsLong(chunk+12,(png_int_32) image->page.x); PNGsLong(chunk+16,(png_int_32) image->page.y); (void) WriteBlob(image,20,chunk); (void) WriteBlobMSBULong(image,crc32(0,chunk,20)); ping_wrote_caNv = MagickTrue; } } #if defined(PNG_oFFs_SUPPORTED) if (ping_exclude_oFFs == MagickFalse && ping_wrote_caNv == MagickFalse) { if (image->page.x || image->page.y) { png_set_oFFs(ping,ping_info,(png_int_32) image->page.x, (png_int_32) image->page.y, 0); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up oFFs chunk with x=%d, y=%d, units=0"", (int) image->page.x, (int) image->page.y); } } #endif if (ping_exclude_vpAg == MagickFalse && ping_wrote_caNv == MagickFalse) { if ((image->page.width != 0 && image->page.width != image->columns) || (image->page.height != 0 && image->page.height != image->rows)) { unsigned char chunk[14]; (void) WriteBlobMSBULong(image,9L); PNGType(chunk,mng_vpAg); LogPNGChunk(logging,mng_vpAg,9L); PNGLong(chunk+4,(png_uint_32) image->page.width); PNGLong(chunk+8,(png_uint_32) image->page.height); chunk[12]=0; (void) WriteBlob(image,13,chunk); (void) WriteBlobMSBULong(image,crc32(0,chunk,13)); } } #if (PNG_LIBPNG_VER == 10206) #define PNG_HAVE_IDAT 0x04 ping->mode |= PNG_HAVE_IDAT; #undef PNG_HAVE_IDAT #endif png_set_packing(ping); rowbytes=image->columns; if (image_depth > 8) rowbytes*=2; switch (ping_color_type) { case PNG_COLOR_TYPE_RGB: rowbytes*=3; break; case PNG_COLOR_TYPE_GRAY_ALPHA: rowbytes*=2; break; case PNG_COLOR_TYPE_RGBA: rowbytes*=4; break; default: break; } if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing PNG image data""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Allocating %.20g bytes of memory for pixels"",(double) rowbytes); } pixel_info=AcquireVirtualMemory(rowbytes,sizeof(*ping_pixels)); if (pixel_info == (MemoryInfo *) NULL) png_error(ping,""Allocation of memory for pixels failed""); ping_pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) png_error(ping,""Memory allocation for quantum_info failed""); quantum_info->format=UndefinedQuantumFormat; SetQuantumDepth(image,quantum_info,image_depth); (void) SetQuantumEndian(image,quantum_info,MSBEndian); num_passes=png_set_interlace_handling(ping); if ((!mng_info->write_png8 && !mng_info->write_png24 && !mng_info->write_png48 && !mng_info->write_png64 && !mng_info->write_png32) && (mng_info->IsPalette || (image_info->type == BilevelType)) && image_matte == MagickFalse && ping_have_non_bw == MagickFalse) { register const Quantum *p; SetQuantumDepth(image,quantum_info,8); for (pass=0; pass < num_passes; pass++) { for (y=0; y < (ssize_t) image->rows; y++) { if (logging != MagickFalse && y == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing row of pixels (0)""); p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; if (mng_info->IsPalette) { (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,GrayQuantum,ping_pixels,exception); if (mng_info->write_png_colortype-1 == PNG_COLOR_TYPE_PALETTE && mng_info->write_png_depth && mng_info->write_png_depth != old_bit_depth) { for (i=0; i < (ssize_t) image->columns; i++) *(ping_pixels+i)=(unsigned char) (*(ping_pixels+i) >> (8-old_bit_depth)); } } else { (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,RedQuantum,ping_pixels,exception); } if (mng_info->write_png_colortype-1 != PNG_COLOR_TYPE_PALETTE) for (i=0; i < (ssize_t) image->columns; i++) *(ping_pixels+i)=(unsigned char) ((*(ping_pixels+i) > 127) ? 255 : 0); if (logging != MagickFalse && y == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing row of pixels (1)""); png_write_row(ping,ping_pixels); status=SetImageProgress(image,SaveImageTag, (MagickOffsetType) (pass * image->rows + y), num_passes * image->rows); if (status == MagickFalse) break; } } } else { if ((!mng_info->write_png8 && !mng_info->write_png24 && !mng_info->write_png48 && !mng_info->write_png64 && !mng_info->write_png32) && (image_matte != MagickFalse || (ping_bit_depth >= MAGICKCORE_QUANTUM_DEPTH)) && (mng_info->IsPalette) && ping_have_color == MagickFalse) { register const Quantum *p; for (pass=0; pass < num_passes; pass++) { for (y=0; y < (ssize_t) image->rows; y++) { p=GetVirtualPixels(image,0,y,image->columns,1,exception); if (p == (const Quantum *) NULL) break; if (ping_color_type == PNG_COLOR_TYPE_GRAY) { if (mng_info->IsPalette) (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,GrayQuantum,ping_pixels,exception); else (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,RedQuantum,ping_pixels,exception); if (logging != MagickFalse && y == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing GRAY PNG pixels (2)""); } else { if (logging != MagickFalse && y == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing GRAY_ALPHA PNG pixels (2)""); (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,GrayAlphaQuantum,ping_pixels,exception); } if (logging != MagickFalse && y == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing row of pixels (2)""); png_write_row(ping,ping_pixels); status=SetImageProgress(image,SaveImageTag, (MagickOffsetType) (pass * image->rows + y), num_passes * image->rows); if (status == MagickFalse) break; } } } else { register const Quantum *p; for (pass=0; pass < num_passes; pass++) { if ((image_depth > 8) || mng_info->write_png24 || mng_info->write_png32 || mng_info->write_png48 || mng_info->write_png64 || (!mng_info->write_png8 && !mng_info->IsPalette)) { for (y=0; y < (ssize_t) image->rows; y++) { p=GetVirtualPixels(image,0,y,image->columns,1, exception); if (p == (const Quantum *) NULL) break; if (ping_color_type == PNG_COLOR_TYPE_GRAY) { if (image->storage_class == DirectClass) (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,RedQuantum,ping_pixels,exception); else (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,GrayQuantum,ping_pixels,exception); } else if (ping_color_type == PNG_COLOR_TYPE_GRAY_ALPHA) { (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,GrayAlphaQuantum,ping_pixels, exception); if (logging != MagickFalse && y == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing GRAY_ALPHA PNG pixels (3)""); } else if (image_matte != MagickFalse) (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,RGBAQuantum,ping_pixels,exception); else (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,RGBQuantum,ping_pixels,exception); if (logging != MagickFalse && y == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing row of pixels (3)""); png_write_row(ping,ping_pixels); status=SetImageProgress(image,SaveImageTag, (MagickOffsetType) (pass * image->rows + y), num_passes * image->rows); if (status == MagickFalse) break; } } else { if ((ping_color_type != PNG_COLOR_TYPE_GRAY) && (ping_color_type != PNG_COLOR_TYPE_GRAY_ALPHA)) { if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" pass %d, Image Is not GRAY or GRAY_ALPHA"",pass); SetQuantumDepth(image,quantum_info,8); image_depth=8; } for (y=0; y < (ssize_t) image->rows; y++) { if (logging != MagickFalse && y == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" pass %d, Image Is RGB, 16-bit GRAY, or GRAY_ALPHA"", pass); p=GetVirtualPixels(image,0,y,image->columns,1, exception); if (p == (const Quantum *) NULL) break; if (ping_color_type == PNG_COLOR_TYPE_GRAY) { SetQuantumDepth(image,quantum_info,image->depth); (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,GrayQuantum,ping_pixels,exception); } else if (ping_color_type == PNG_COLOR_TYPE_GRAY_ALPHA) { if (logging != MagickFalse && y == 0) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing GRAY_ALPHA PNG pixels (4)""); (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,GrayAlphaQuantum,ping_pixels, exception); } else { (void) ExportQuantumPixels(image,(CacheView *) NULL, quantum_info,IndexQuantum,ping_pixels,exception); if (logging != MagickFalse && y <= 2) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing row of non-gray pixels (4)""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" ping_pixels[0]=%d,ping_pixels[1]=%d"", (int)ping_pixels[0],(int)ping_pixels[1]); } } png_write_row(ping,ping_pixels); status=SetImageProgress(image,SaveImageTag, (MagickOffsetType) (pass * image->rows + y), num_passes * image->rows); if (status == MagickFalse) break; } } } } } if (quantum_info != (QuantumInfo *) NULL) quantum_info=DestroyQuantumInfo(quantum_info); if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Wrote PNG image data""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Width: %.20g"",(double) ping_width); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Height: %.20g"",(double) ping_height); if (mng_info->write_png_depth) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Defined png:bit-depth: %d"",mng_info->write_png_depth); } (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" PNG bit-depth written: %d"",ping_bit_depth); if (mng_info->write_png_colortype) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Defined png:color-type: %d"",mng_info->write_png_colortype-1); } (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" PNG color-type written: %d"",ping_color_type); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" PNG Interlace method: %d"",ping_interlace_method); } if (ping_exclude_tEXt == MagickFalse || ping_exclude_zTXt == MagickFalse) { ResetImagePropertyIterator(image); property=GetNextImageProperty(image); while (property != (const char *) NULL) { png_textp text; value=GetImageProperty(image,property,exception); if ((LocaleNCompare(property,""png:"",4) != 0 && LocaleNCompare(property,""jpeg:"",5) != 0) && (ping_exclude_pHYs != MagickFalse || LocaleCompare(property,""density"") != 0 || LocaleCompare(property,""units"") != 0) && (ping_exclude_date == MagickFalse || LocaleNCompare(property, ""Date:"",5) != 0)) { if (value != (const char *) NULL) { #if PNG_LIBPNG_VER >= 10400 text=(png_textp) png_malloc(ping, (png_alloc_size_t) sizeof(png_text)); #else text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text)); #endif text[0].key=(char *) property; text[0].text=(char *) value; text[0].text_length=strlen(value); if (ping_exclude_tEXt != MagickFalse) text[0].compression=PNG_TEXT_COMPRESSION_zTXt; else if (ping_exclude_zTXt != MagickFalse) text[0].compression=PNG_TEXT_COMPRESSION_NONE; else { text[0].compression=image_info->compression == NoCompression || (image_info->compression == UndefinedCompression && text[0].text_length < 128) ? PNG_TEXT_COMPRESSION_NONE : PNG_TEXT_COMPRESSION_zTXt ; } if (logging != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Setting up text chunk""); (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" keyword: '%s'"",text[0].key); } png_set_text(ping,ping_info,text,1); png_free(ping,text); } } property=GetNextImageProperty(image); } } (void) Magick_png_write_chunk_from_profile(image,""PNG-chunk-e"",logging); if (ping_have_eXIf != MagickFalse && ping_exclude_eXIf == MagickFalse) { char *name; ResetImageProfileIterator(image); for (name=GetNextImageProfile(image); name != (const char *) NULL; ) { if (LocaleCompare(name,""exif"") == 0) { const StringInfo *profile; profile=GetImageProfile(image,name); if (profile != (StringInfo *) NULL) { png_uint_32 length; unsigned char chunk[4], *data; StringInfo *ping_profile; (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Have eXIf profile""); ping_profile=CloneStringInfo(profile); data=GetStringInfoDatum(ping_profile), length=(png_uint_32) GetStringInfoLength(ping_profile); PNGType(chunk,mng_eXIf); if (length < 7) { ping_profile=DestroyStringInfo(ping_profile); break; } length -= 6; LogPNGChunk(logging,chunk,length); (void) WriteBlobMSBULong(image,length); (void) WriteBlob(image,4,chunk); (void) WriteBlob(image,length,data+6); (void) WriteBlobMSBULong(image,crc32(crc32(0,chunk,4), data+6, (uInt) length)); ping_profile=DestroyStringInfo(ping_profile); break; } } name=GetNextImageProfile(image); } } if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" Writing PNG end info""); png_write_end(ping,ping_info); if (mng_info->need_fram && (int) image->dispose == BackgroundDispose) { if (mng_info->page.x || mng_info->page.y || (ping_width != mng_info->page.width) || (ping_height != mng_info->page.height)) { unsigned char chunk[32]; (void) WriteBlobMSBULong(image,27L); PNGType(chunk,mng_FRAM); LogPNGChunk(logging,mng_FRAM,27L); chunk[4]=4; chunk[5]=0; chunk[6]=1; chunk[7]=0; chunk[8]=1; chunk[9]=0; PNGLong(chunk+10,(png_uint_32) (0L)); chunk[14]=0; PNGLong(chunk+15,(png_uint_32) (mng_info->page.x)); PNGLong(chunk+19, (png_uint_32) (mng_info->page.x + ping_width)); PNGLong(chunk+23,(png_uint_32) (mng_info->page.y)); PNGLong(chunk+27, (png_uint_32) (mng_info->page.y + ping_height)); (void) WriteBlob(image,31,chunk); (void) WriteBlobMSBULong(image,crc32(0,chunk,31)); mng_info->old_framing_mode=4; mng_info->framing_mode=1; } else mng_info->framing_mode=3; } if (mng_info->write_mng && !mng_info->need_fram && ((int) image->dispose == 3)) png_error(ping, ""Cannot convert GIF with disposal method 3 to MNG-LC""); png_destroy_write_struct(&ping,&ping_info); pixel_info=RelinquishVirtualMemory(pixel_info); if (ping_have_blob != MagickFalse) (void) CloseBlob(image); image_info=DestroyImageInfo(image_info); image=DestroyImage(image); s[0]=(char) ping_bit_depth; s[1]='\0'; (void) SetImageProperty(IMimage,""png:bit-depth-written"",s,exception); if (logging != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "" exit WriteOnePNGImage()""); #ifdef IMPNG_SETJMP_NOT_THREAD_SAFE UnlockSemaphoreInfo(ping_semaphore); #endif return(MagickTrue); }",visit repo url,coders/png.c,https://github.com/ImageMagick/ImageMagick,218916499547323,1 1626,[],"static void free_sched_groups(const cpumask_t *cpu_map, cpumask_t *nodemask) { int cpu, i; for_each_cpu_mask(cpu, *cpu_map) { struct sched_group **sched_group_nodes = sched_group_nodes_bycpu[cpu]; if (!sched_group_nodes) continue; for (i = 0; i < MAX_NUMNODES; i++) { struct sched_group *oldsg, *sg = sched_group_nodes[i]; *nodemask = node_to_cpumask(i); cpus_and(*nodemask, *nodemask, *cpu_map); if (cpus_empty(*nodemask)) continue; if (sg == NULL) continue; sg = sg->next; next_sg: oldsg = sg; sg = sg->next; kfree(oldsg); if (oldsg != sched_group_nodes[i]) goto next_sg; } kfree(sched_group_nodes); sched_group_nodes_bycpu[cpu] = NULL; } }",linux-2.6,,,51616858478602144242707734763164178675,0 5063,CWE-787,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 5047,CWE-190,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 6254,CWE-190,"static int rand_inc(uint8_t *data, int size, int digit) { int carry = digit; for (int i = size - 1; i >= 0; i--) { int16_t s; s = (data[i] + carry); data[i] = s & 0xFF; carry = s >> 8; } return carry; }",visit repo url,src/rand/relic_rand_hashd.c,https://github.com/relic-toolkit/relic,123388402872018,1 378,[],"pfm_syswide_cleanup_other_cpu(pfm_context_t *ctx) { int ret; DPRINT((""calling CPU%d for cleanup\n"", ctx->ctx_cpu)); ret = smp_call_function_single(ctx->ctx_cpu, pfm_syswide_force_stop, ctx, 0, 1); DPRINT((""called CPU%d for cleanup ret=%d\n"", ctx->ctx_cpu, ret)); }",linux-2.6,,,35515863958868942615080342717517368202,0 1041,['CWE-20'],"asmlinkage long sys_getrusage(int who, struct rusage __user *ru) { if (who != RUSAGE_SELF && who != RUSAGE_CHILDREN) return -EINVAL; return getrusage(current, who, ru); }",linux-2.6,,,239212674145028416771401401128098549719,0 4246,CWE-78,"R_API int r_sys_cmd_str_full(const char *cmd, const char *input, char **output, int *len, char **sterr) { char *mysterr = NULL; if (!sterr) { sterr = &mysterr; } char buffer[1024], *outputptr = NULL; char *inputptr = (char *)input; int pid, bytes = 0, status; int sh_in[2], sh_out[2], sh_err[2]; if (len) { *len = 0; } if (pipe (sh_in)) { return false; } if (output) { if (pipe (sh_out)) { close (sh_in[0]); close (sh_in[1]); close (sh_out[0]); close (sh_out[1]); return false; } } if (pipe (sh_err)) { close (sh_in[0]); close (sh_in[1]); return false; } switch ((pid = r_sys_fork ())) { case -1: return false; case 0: dup2 (sh_in[0], 0); close (sh_in[0]); close (sh_in[1]); if (output) { dup2 (sh_out[1], 1); close (sh_out[0]); close (sh_out[1]); } if (sterr) { dup2 (sh_err[1], 2); } else { close (2); } close (sh_err[0]); close (sh_err[1]); exit (r_sandbox_system (cmd, 0)); default: outputptr = strdup (""""); if (!outputptr) { return false; } if (sterr) { *sterr = strdup (""""); if (!*sterr) { free (outputptr); return false; } } if (output) { close (sh_out[1]); } close (sh_err[1]); close (sh_in[0]); if (!inputptr || !*inputptr) { close (sh_in[1]); } r_sys_signal (SIGPIPE, SIG_IGN); for (;;) { fd_set rfds, wfds; int nfd; FD_ZERO (&rfds); FD_ZERO (&wfds); if (output) { FD_SET (sh_out[0], &rfds); } if (sterr) { FD_SET (sh_err[0], &rfds); } if (inputptr && *inputptr) { FD_SET (sh_in[1], &wfds); } memset (buffer, 0, sizeof (buffer)); nfd = select (sh_err[0] + 1, &rfds, &wfds, NULL, NULL); if (nfd < 0) { break; } if (output && FD_ISSET (sh_out[0], &rfds)) { if (!(bytes = read (sh_out[0], buffer, sizeof (buffer)-1))) { break; } buffer[sizeof (buffer) - 1] = '\0'; if (len) { *len += bytes; } outputptr = r_str_append (outputptr, buffer); } else if (FD_ISSET (sh_err[0], &rfds) && sterr) { if (!read (sh_err[0], buffer, sizeof (buffer)-1)) { break; } buffer[sizeof (buffer) - 1] = '\0'; *sterr = r_str_append (*sterr, buffer); } else if (FD_ISSET (sh_in[1], &wfds) && inputptr && *inputptr) { int inputptr_len = strlen (inputptr); bytes = write (sh_in[1], inputptr, inputptr_len); if (bytes != inputptr_len) { break; } inputptr += bytes; if (!*inputptr) { close (sh_in[1]); if (!output && !sterr) { break; } } } } if (output) { close (sh_out[0]); } close (sh_err[0]); close (sh_in[1]); waitpid (pid, &status, 0); bool ret = true; if (status) { ret = false; } if (output) { *output = outputptr; } else { free (outputptr); } return ret; } return false; }",visit repo url,libr/util/sys.c,https://github.com/radareorg/radare2,178940183796434,1 5398,['CWE-476'],"void kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) { if (cr0 & CR0_RESERVED_BITS) { printk(KERN_DEBUG ""set_cr0: 0x%lx #GP, reserved bits 0x%lx\n"", cr0, vcpu->arch.cr0); kvm_inject_gp(vcpu, 0); return; } if ((cr0 & X86_CR0_NW) && !(cr0 & X86_CR0_CD)) { printk(KERN_DEBUG ""set_cr0: #GP, CD == 0 && NW == 1\n""); kvm_inject_gp(vcpu, 0); return; } if ((cr0 & X86_CR0_PG) && !(cr0 & X86_CR0_PE)) { printk(KERN_DEBUG ""set_cr0: #GP, set PG flag "" ""and a clear PE flag\n""); kvm_inject_gp(vcpu, 0); return; } if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) { #ifdef CONFIG_X86_64 if ((vcpu->arch.shadow_efer & EFER_LME)) { int cs_db, cs_l; if (!is_pae(vcpu)) { printk(KERN_DEBUG ""set_cr0: #GP, start paging "" ""in long mode while PAE is disabled\n""); kvm_inject_gp(vcpu, 0); return; } kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l); if (cs_l) { printk(KERN_DEBUG ""set_cr0: #GP, start paging "" ""in long mode while CS.L == 1\n""); kvm_inject_gp(vcpu, 0); return; } } else #endif if (is_pae(vcpu) && !load_pdptrs(vcpu, vcpu->arch.cr3)) { printk(KERN_DEBUG ""set_cr0: #GP, pdptrs "" ""reserved bits\n""); kvm_inject_gp(vcpu, 0); return; } } kvm_x86_ops->set_cr0(vcpu, cr0); vcpu->arch.cr0 = cr0; kvm_mmu_reset_context(vcpu); return; }",linux-2.6,,,103029134584328467265541122301598926080,0 5531,['CWE-20'],"int inflate_codes(tl, td, bl, bd) struct huft *tl, *td; int bl, bd; { register unsigned e; unsigned n, d; unsigned w; struct huft *t; unsigned ml, md; register ulg b; register unsigned k; b = bb; k = bk; w = wp; ml = mask_bits[bl]; md = mask_bits[bd]; for (;;) { NEEDBITS((unsigned)bl) if ((e = (t = tl + ((unsigned)b & ml))->e) > 16) do { if (e == 99) return 1; DUMPBITS(t->b) e -= 16; NEEDBITS(e) } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); DUMPBITS(t->b) if (e == 16) { slide[w++] = (uch)t->v.n; Tracevv((stderr, ""%c"", slide[w-1])); if (w == WSIZE) { flush_output(w); w = 0; } } else { if (e == 15) break; NEEDBITS(e) n = t->v.n + ((unsigned)b & mask_bits[e]); DUMPBITS(e); NEEDBITS((unsigned)bd) if ((e = (t = td + ((unsigned)b & md))->e) > 16) do { if (e == 99) return 1; DUMPBITS(t->b) e -= 16; NEEDBITS(e) } while ((e = (t = t->v.t + ((unsigned)b & mask_bits[e]))->e) > 16); DUMPBITS(t->b) NEEDBITS(e) d = w - t->v.n - ((unsigned)b & mask_bits[e]); DUMPBITS(e) Tracevv((stderr,""\\[%d,%d]"", w-d, n)); do { n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e); #if !defined(NOMEMCPY) && !defined(DEBUG) if (w - d >= e) { memcpy(slide + w, slide + d, e); w += e; d += e; } else #endif do { slide[w++] = slide[d++]; Tracevv((stderr, ""%c"", slide[w-1])); } while (--e); if (w == WSIZE) { flush_output(w); w = 0; } } while (n); } } wp = w; bb = b; bk = k; return 0; }",gzip,,,218800874059462420901435694214246755683,0 6695,CWE-476,"mailimap_mailbox_data_status_free(struct mailimap_mailbox_data_status * info) { mailimap_mailbox_free(info->st_mailbox); clist_foreach(info->st_info_list, (clist_func) mailimap_status_info_free, NULL); clist_free(info->st_info_list); free(info); }",visit repo url,src/low-level/imap/mailimap_types.c,https://github.com/dinhvh/libetpan,246857137147946,1 2387,CWE-476,"static int nut_read_header(AVFormatContext *s) { NUTContext *nut = s->priv_data; AVIOContext *bc = s->pb; int64_t pos; int initialized_stream_count; nut->avf = s; pos = 0; do { pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1; if (pos < 0 + 1) { av_log(s, AV_LOG_ERROR, ""No main startcode found.\n""); return AVERROR_INVALIDDATA; } } while (decode_main_header(nut) < 0); pos = 0; for (initialized_stream_count = 0; initialized_stream_count < s->nb_streams;) { pos = find_startcode(bc, STREAM_STARTCODE, pos) + 1; if (pos < 0 + 1) { av_log(s, AV_LOG_ERROR, ""Not all stream headers found.\n""); return AVERROR_INVALIDDATA; } if (decode_stream_header(nut) >= 0) initialized_stream_count++; } pos = 0; for (;;) { uint64_t startcode = find_any_startcode(bc, pos); pos = avio_tell(bc); if (startcode == 0) { av_log(s, AV_LOG_ERROR, ""EOF before video frames\n""); return AVERROR_INVALIDDATA; } else if (startcode == SYNCPOINT_STARTCODE) { nut->next_startcode = startcode; break; } else if (startcode != INFO_STARTCODE) { continue; } decode_info_header(nut); } ffformatcontext(s)->data_offset = pos - 8; if (bc->seekable & AVIO_SEEKABLE_NORMAL) { int64_t orig_pos = avio_tell(bc); find_and_decode_index(nut); avio_seek(bc, orig_pos, SEEK_SET); } av_assert0(nut->next_startcode == SYNCPOINT_STARTCODE); ff_metadata_conv_ctx(s, NULL, ff_nut_metadata_conv); return 0; }",visit repo url,libavformat/nutdec.c,https://github.com/FFmpeg/FFmpeg,79906309016008,1 1466,[],"void __sched interruptible_sleep_on(wait_queue_head_t *q) { sleep_on_common(q, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT); }",linux-2.6,,,301870621259867279725975331737520639088,0 2691,CWE-190,"SPL_METHOD(DirectoryIterator, valid) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); if (zend_parse_parameters_none() == FAILURE) { return; } RETURN_BOOL(intern->u.dir.entry.d_name[0] != '\0'); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,225646338317397,1 5578,[],"SYSCALL_DEFINE0(pause) { current->state = TASK_INTERRUPTIBLE; schedule(); return -ERESTARTNOHAND; }",linux-2.6,,,70835265038425219723409479677323376367,0 3437,CWE-119,"static void mark_object(struct object *obj, struct strbuf *path, const char *name, void *data) { update_progress(data); }",visit repo url,reachable.c,https://github.com/git/git,253233456055821,1 188,[],"static struct sock *atalk_find_or_insert_socket(struct sock *sk, struct sockaddr_at *sat) { struct sock *s; struct hlist_node *node; struct atalk_sock *at; write_lock_bh(&atalk_sockets_lock); sk_for_each(s, node, &atalk_sockets) { at = at_sk(s); if (at->src_net == sat->sat_addr.s_net && at->src_node == sat->sat_addr.s_node && at->src_port == sat->sat_port) goto found; } s = NULL; __atalk_insert_socket(sk); found: write_unlock_bh(&atalk_sockets_lock); return s; }",history,,,220094695743477078651752513204360585926,0 5348,['CWE-476'],"void realmode_set_cr(struct kvm_vcpu *vcpu, int cr, unsigned long val, unsigned long *rflags) { KVMTRACE_3D(CR_WRITE, vcpu, (u32)cr, (u32)val, (u32)((u64)val >> 32), handler); switch (cr) { case 0: kvm_set_cr0(vcpu, mk_cr_64(vcpu->arch.cr0, val)); *rflags = kvm_x86_ops->get_rflags(vcpu); break; case 2: vcpu->arch.cr2 = val; break; case 3: kvm_set_cr3(vcpu, val); break; case 4: kvm_set_cr4(vcpu, mk_cr_64(vcpu->arch.cr4, val)); break; case 8: kvm_set_cr8(vcpu, val & 0xfUL); break; default: vcpu_printf(vcpu, ""%s: unexpected cr %u\n"", __func__, cr); } }",linux-2.6,,,290072871406502813860234813436513034015,0 6226,['CWE-200'],"void neigh_app_ns(struct neighbour *n) { struct nlmsghdr *nlh; int size = NLMSG_SPACE(sizeof(struct ndmsg) + 256); struct sk_buff *skb = alloc_skb(size, GFP_ATOMIC); if (!skb) return; if (neigh_fill_info(skb, n, 0, 0, RTM_GETNEIGH, 0) < 0) { kfree_skb(skb); return; } nlh = (struct nlmsghdr *)skb->data; nlh->nlmsg_flags = NLM_F_REQUEST; NETLINK_CB(skb).dst_groups = RTMGRP_NEIGH; netlink_broadcast(rtnl, skb, 0, RTMGRP_NEIGH, GFP_ATOMIC); }",linux-2.6,,,107012160213542713853346521565221975432,0 1043,CWE-125,"static void perf_syscall_exit(void *ignore, struct pt_regs *regs, long ret) { struct syscall_metadata *sys_data; struct syscall_trace_exit *rec; struct hlist_head *head; int syscall_nr; int rctx; int size; syscall_nr = trace_get_syscall_nr(current, regs); if (syscall_nr < 0) return; if (!test_bit(syscall_nr, enabled_perf_exit_syscalls)) return; sys_data = syscall_nr_to_meta(syscall_nr); if (!sys_data) return; head = this_cpu_ptr(sys_data->exit_event->perf_events); if (hlist_empty(head)) return; size = ALIGN(sizeof(*rec) + sizeof(u32), sizeof(u64)); size -= sizeof(u32); rec = (struct syscall_trace_exit *)perf_trace_buf_prepare(size, sys_data->exit_event->event.type, regs, &rctx); if (!rec) return; rec->nr = syscall_nr; rec->ret = syscall_get_return_value(current, regs); perf_trace_buf_submit(rec, size, rctx, 0, 1, regs, head, NULL); }",visit repo url,kernel/trace/trace_syscalls.c,https://github.com/torvalds/linux,226013100514247,1 1077,CWE-20,"int rose_route_frame(struct sk_buff *skb, ax25_cb *ax25) { struct rose_neigh *rose_neigh, *new_neigh; struct rose_route *rose_route; struct rose_facilities_struct facilities; rose_address *src_addr, *dest_addr; struct sock *sk; unsigned short frametype; unsigned int lci, new_lci; unsigned char cause, diagnostic; struct net_device *dev; int len, res = 0; char buf[11]; #if 0 if (call_in_firewall(PF_ROSE, skb->dev, skb->data, NULL, &skb) != FW_ACCEPT) return res; #endif frametype = skb->data[2]; lci = ((skb->data[0] << 8) & 0xF00) + ((skb->data[1] << 0) & 0x0FF); src_addr = (rose_address *)(skb->data + 9); dest_addr = (rose_address *)(skb->data + 4); spin_lock_bh(&rose_neigh_list_lock); spin_lock_bh(&rose_route_list_lock); rose_neigh = rose_neigh_list; while (rose_neigh != NULL) { if (ax25cmp(&ax25->dest_addr, &rose_neigh->callsign) == 0 && ax25->ax25_dev->dev == rose_neigh->dev) break; rose_neigh = rose_neigh->next; } if (rose_neigh == NULL) { printk(""rose_route : unknown neighbour or device %s\n"", ax2asc(buf, &ax25->dest_addr)); goto out; } rose_stop_ftimer(rose_neigh); if (lci == 0) { rose_link_rx_restart(skb, rose_neigh, frametype); goto out; } if ((sk = rose_find_socket(lci, rose_neigh)) != NULL) { if (frametype == ROSE_CALL_REQUEST) { struct rose_sock *rose = rose_sk(sk); rose_clear_queues(sk); rose->cause = ROSE_NETWORK_CONGESTION; rose->diagnostic = 0; rose->neighbour->use--; rose->neighbour = NULL; rose->lci = 0; rose->state = ROSE_STATE_0; sk->sk_state = TCP_CLOSE; sk->sk_err = 0; sk->sk_shutdown |= SEND_SHUTDOWN; if (!sock_flag(sk, SOCK_DEAD)) { sk->sk_state_change(sk); sock_set_flag(sk, SOCK_DEAD); } } else { skb_reset_transport_header(skb); res = rose_process_rx_frame(sk, skb); goto out; } } if (frametype == ROSE_CALL_REQUEST) if ((dev = rose_dev_get(dest_addr)) != NULL) { res = rose_rx_call_request(skb, dev, rose_neigh, lci); dev_put(dev); goto out; } if (!sysctl_rose_routing_control) { rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 0); goto out; } rose_route = rose_route_list; while (rose_route != NULL) { if (rose_route->lci1 == lci && rose_route->neigh1 == rose_neigh) { if (frametype == ROSE_CALL_REQUEST) { rose_remove_route(rose_route); break; } else if (rose_route->neigh2 != NULL) { skb->data[0] &= 0xF0; skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F; skb->data[1] = (rose_route->lci2 >> 0) & 0xFF; rose_transmit_link(skb, rose_route->neigh2); if (frametype == ROSE_CLEAR_CONFIRMATION) rose_remove_route(rose_route); res = 1; goto out; } else { if (frametype == ROSE_CLEAR_CONFIRMATION) rose_remove_route(rose_route); goto out; } } if (rose_route->lci2 == lci && rose_route->neigh2 == rose_neigh) { if (frametype == ROSE_CALL_REQUEST) { rose_remove_route(rose_route); break; } else if (rose_route->neigh1 != NULL) { skb->data[0] &= 0xF0; skb->data[0] |= (rose_route->lci1 >> 8) & 0x0F; skb->data[1] = (rose_route->lci1 >> 0) & 0xFF; rose_transmit_link(skb, rose_route->neigh1); if (frametype == ROSE_CLEAR_CONFIRMATION) rose_remove_route(rose_route); res = 1; goto out; } else { if (frametype == ROSE_CLEAR_CONFIRMATION) rose_remove_route(rose_route); goto out; } } rose_route = rose_route->next; } if (frametype != ROSE_CALL_REQUEST) { res = 0; goto out; } len = (((skb->data[3] >> 4) & 0x0F) + 1) >> 1; len += (((skb->data[3] >> 0) & 0x0F) + 1) >> 1; memset(&facilities, 0x00, sizeof(struct rose_facilities_struct)); if (!rose_parse_facilities(skb->data + len + 4, &facilities)) { rose_transmit_clear_request(rose_neigh, lci, ROSE_INVALID_FACILITY, 76); goto out; } rose_route = rose_route_list; while (rose_route != NULL) { if (rose_route->rand == facilities.rand && rosecmp(src_addr, &rose_route->src_addr) == 0 && ax25cmp(&facilities.dest_call, &rose_route->src_call) == 0 && ax25cmp(&facilities.source_call, &rose_route->dest_call) == 0) { rose_transmit_clear_request(rose_neigh, lci, ROSE_NOT_OBTAINABLE, 120); goto out; } rose_route = rose_route->next; } if ((new_neigh = rose_get_neigh(dest_addr, &cause, &diagnostic, 1)) == NULL) { rose_transmit_clear_request(rose_neigh, lci, cause, diagnostic); goto out; } if ((new_lci = rose_new_lci(new_neigh)) == 0) { rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 71); goto out; } if ((rose_route = kmalloc(sizeof(*rose_route), GFP_ATOMIC)) == NULL) { rose_transmit_clear_request(rose_neigh, lci, ROSE_NETWORK_CONGESTION, 120); goto out; } rose_route->lci1 = lci; rose_route->src_addr = *src_addr; rose_route->dest_addr = *dest_addr; rose_route->src_call = facilities.dest_call; rose_route->dest_call = facilities.source_call; rose_route->rand = facilities.rand; rose_route->neigh1 = rose_neigh; rose_route->lci2 = new_lci; rose_route->neigh2 = new_neigh; rose_route->neigh1->use++; rose_route->neigh2->use++; rose_route->next = rose_route_list; rose_route_list = rose_route; skb->data[0] &= 0xF0; skb->data[0] |= (rose_route->lci2 >> 8) & 0x0F; skb->data[1] = (rose_route->lci2 >> 0) & 0xFF; rose_transmit_link(skb, rose_route->neigh2); res = 1; out: spin_unlock_bh(&rose_route_list_lock); spin_unlock_bh(&rose_neigh_list_lock); return res; }",visit repo url,net/rose/rose_route.c,https://github.com/torvalds/linux,119162708187332,1 4179,['CWE-399'],"static void legacy_unicast_socket_event(AvahiWatch *w, int fd, AvahiWatchEvent events, void *userdata) { AvahiServer *s = userdata; AvahiDnsPacket *p = NULL; assert(w); assert(fd >= 0); assert(events & AVAHI_WATCH_IN); if (fd == s->fd_legacy_unicast_ipv4) p = avahi_recv_dns_packet_ipv4(s->fd_legacy_unicast_ipv4, NULL, NULL, NULL, NULL, NULL); else { assert(fd == s->fd_legacy_unicast_ipv6); p = avahi_recv_dns_packet_ipv6(s->fd_legacy_unicast_ipv6, NULL, NULL, NULL, NULL, NULL); } if (p) { dispatch_legacy_unicast_packet(s, p); avahi_dns_packet_free(p); cleanup_dead(s); } }",avahi,,,301733544559592932264562435277253556275,0 2214,NVD-CWE-noinfo,"static struct nfs4_opendata *nfs4_open_recoverdata_alloc(struct nfs_open_context *ctx, struct nfs4_state *state) { struct nfs4_opendata *opendata; opendata = nfs4_opendata_alloc(&ctx->path, state->owner, 0, NULL); if (opendata == NULL) return ERR_PTR(-ENOMEM); opendata->state = state; atomic_inc(&state->count); return opendata; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,144703681349362,1 3103,CWE-119,"ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) { UINT8* ptr; int framesize; int c, chunks; int l, lines; int i, j, x = 0, y, ymax; if (bytes < 4) return 0; ptr = buf; framesize = I32(ptr); if (framesize < I32(ptr)) return 0; if (I16(ptr+4) != 0xF1FA) { state->errcode = IMAGING_CODEC_UNKNOWN; return -1; } chunks = I16(ptr+6); ptr += 16; for (c = 0; c < chunks; c++) { UINT8 *data = ptr + 6; switch (I16(ptr+4)) { case 4: case 11: break; case 7: lines = I16(data); data += 2; for (l = y = 0; l < lines && y < state->ysize; l++, y++) { UINT8* buf = (UINT8*) im->image[y]; int p, packets; packets = I16(data); data += 2; while (packets & 0x8000) { if (packets & 0x4000) { y += 65536 - packets; if (y >= state->ysize) { state->errcode = IMAGING_CODEC_OVERRUN; return -1; } buf = (UINT8*) im->image[y]; } else { buf[state->xsize-1] = (UINT8) packets; } packets = I16(data); data += 2; } for (p = x = 0; p < packets; p++) { x += data[0]; if (data[1] >= 128) { i = 256-data[1]; if (x + i + i > state->xsize) break; for (j = 0; j < i; j++) { buf[x++] = data[2]; buf[x++] = data[3]; } data += 2 + 2; } else { i = 2 * (int) data[1]; if (x + i > state->xsize) break; memcpy(buf + x, data + 2, i); data += 2 + i; x += i; } } if (p < packets) break; } if (l < lines) { state->errcode = IMAGING_CODEC_OVERRUN; return -1; } break; case 12: y = I16(data); ymax = y + I16(data+2); data += 4; for (; y < ymax && y < state->ysize; y++) { UINT8* out = (UINT8*) im->image[y]; int p, packets = *data++; for (p = x = 0; p < packets; p++, x += i) { x += data[0]; if (data[1] & 0x80) { i = 256-data[1]; if (x + i > state->xsize) break; memset(out + x, data[2], i); data += 3; } else { i = data[1]; if (x + i > state->xsize) break; memcpy(out + x, data + 2, i); data += i + 2; } } if (p < packets) break; } if (y < ymax) { state->errcode = IMAGING_CODEC_OVERRUN; return -1; } break; case 13: for (y = 0; y < state->ysize; y++) memset(im->image[y], 0, state->xsize); break; case 15: for (y = 0; y < state->ysize; y++) { UINT8* out = (UINT8*) im->image[y]; data += 1; for (x = 0; x < state->xsize; x += i) { if (data[0] & 0x80) { i = 256 - data[0]; if (x + i > state->xsize) break; memcpy(out + x, data + 1, i); data += i + 1; } else { i = data[0]; if (x + i > state->xsize) break; memset(out + x, data[1], i); data += 2; } } if (x != state->xsize) { state->errcode = IMAGING_CODEC_OVERRUN; return -1; } } break; case 16: for (y = 0; y < state->ysize; y++) { UINT8* buf = (UINT8*) im->image[y]; memcpy(buf+x, data, state->xsize); data += state->xsize; } break; case 18: break; default: state->errcode = IMAGING_CODEC_UNKNOWN; return -1; } ptr += I32(ptr); } return -1; }",visit repo url,libImaging/FliDecode.c,https://github.com/python-pillow/Pillow,149861492199023,1 3380,['CWE-200'],"int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep, struct sctp_hmacalgo *hmacs) { int has_sha1 = 0; __u16 id; int i; for (i = 0; i < hmacs->shmac_num_idents; i++) { id = hmacs->shmac_idents[i]; if (id > SCTP_AUTH_HMAC_ID_MAX) return -EOPNOTSUPP; if (SCTP_AUTH_HMAC_ID_SHA1 == id) has_sha1 = 1; if (!sctp_hmac_list[id].hmac_name) return -EOPNOTSUPP; } if (!has_sha1) return -EINVAL; memcpy(ep->auth_hmacs_list->hmac_ids, &hmacs->shmac_idents[0], hmacs->shmac_num_idents * sizeof(__u16)); ep->auth_hmacs_list->param_hdr.length = htons(sizeof(sctp_paramhdr_t) + hmacs->shmac_num_idents * sizeof(__u16)); return 0; }",linux-2.6,,,90724648686501322269072763519910752866,0 4211,[]," while(1) { maxfds = 0; FD_ZERO (&readfds); if(udpLstnSocks != NULL) { for (i = 0; i < *udpLstnSocks; i++) { if (udpLstnSocks[i+1] != -1) { if(Debug) net.debugListenInfo(udpLstnSocks[i+1], ""UDP""); FD_SET(udpLstnSocks[i+1], &readfds); if(udpLstnSocks[i+1]>maxfds) maxfds=udpLstnSocks[i+1]; } } } if(Debug) { dbgprintf(""--------imUDP calling select, active file descriptors (max %d): "", maxfds); for (nfds = 0; nfds <= maxfds; ++nfds) if ( FD_ISSET(nfds, &readfds) ) dbgprintf(""%d "", nfds); dbgprintf(""\n""); } nfds = select(maxfds+1, (fd_set *) &readfds, NULL, NULL, NULL); if(udpLstnSocks != NULL) { for (i = 0; nfds && i < *udpLstnSocks; i++) { if (FD_ISSET(udpLstnSocks[i+1], &readfds)) { socklen = sizeof(frominet); l = recvfrom(udpLstnSocks[i+1], (char*) pRcvBuf, MAXLINE - 1, 0, (struct sockaddr *)&frominet, &socklen); if (l > 0) { if(net.cvthname(&frominet, fromHost, fromHostFQDN, fromHostIP) == RS_RET_OK) { dbgprintf(""Message from inetd socket: #%d, host: %s\n"", udpLstnSocks[i+1], fromHost); if(net.isAllowedSender((uchar*) ""UDP"", (struct sockaddr *)&frominet, (char*)fromHostFQDN)) { parseAndSubmitMessage(fromHost, fromHostIP, pRcvBuf, l, MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_NO_DELAY); } else { dbgprintf(""%s is not an allowed sender\n"", (char*)fromHostFQDN); if(glbl.GetOption_DisallowWarning) { time_t tt; time(&tt); if(tt > ttLastDiscard + 60) { ttLastDiscard = tt; errmsg.LogError(0, NO_ERRCODE, ""UDP message from disallowed sender %s discarded"", (char*)fromHost); } } } } } else if (l < 0 && errno != EINTR && errno != EAGAIN) { char errStr[1024]; rs_strerror_r(errno, errStr, sizeof(errStr)); dbgprintf(""INET socket error: %d = %s.\n"", errno, errStr); errmsg.LogError(errno, NO_ERRCODE, ""recvfrom inet""); sleep(1); } --nfds; } } } }",rsyslog,,,202236119880667871666309936473280134984,0 2336,['CWE-120'],"void path_get(struct path *path) { mntget(path->mnt); dget(path->dentry); }",linux-2.6,,,309650988657268987809071731438120025065,0 572,CWE-399,"static int udp_v6_push_pending_frames(struct sock *sk) { struct sk_buff *skb; struct udphdr *uh; struct udp_sock *up = udp_sk(sk); struct inet_sock *inet = inet_sk(sk); struct flowi6 *fl6 = &inet->cork.fl.u.ip6; int err = 0; int is_udplite = IS_UDPLITE(sk); __wsum csum = 0; if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) goto out; uh = udp_hdr(skb); uh->source = fl6->fl6_sport; uh->dest = fl6->fl6_dport; uh->len = htons(up->len); uh->check = 0; if (is_udplite) csum = udplite_csum_outgoing(sk, skb); else if (skb->ip_summed == CHECKSUM_PARTIAL) { udp6_hwcsum_outgoing(sk, skb, &fl6->saddr, &fl6->daddr, up->len); goto send; } else csum = udp_csum_outgoing(sk, skb); uh->check = csum_ipv6_magic(&fl6->saddr, &fl6->daddr, up->len, fl6->flowi6_proto, csum); if (uh->check == 0) uh->check = CSUM_MANGLED_0; send: err = ip6_push_pending_frames(sk); if (err) { if (err == -ENOBUFS && !inet6_sk(sk)->recverr) { UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_SNDBUFERRORS, is_udplite); err = 0; } } else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_OUTDATAGRAMS, is_udplite); out: up->len = 0; up->pending = 0; return err; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,129755577446971,1 5540,CWE-125,"obj2ast_excepthandler(PyObject* obj, excepthandler_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; int lineno; int col_offset; if (obj == Py_None) { *out = NULL; return 0; } if (_PyObject_HasAttrId(obj, &PyId_lineno)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_lineno); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from excepthandler""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_col_offset)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_col_offset); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from excepthandler""); return 1; } isinstance = PyObject_IsInstance(obj, (PyObject*)ExceptHandler_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty type; identifier name; asdl_seq* body; if (exists_not_none(obj, &PyId_type)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &type, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type = NULL; } if (exists_not_none(obj, &PyId_name)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_name); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { name = NULL; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ExceptHandler field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ExceptHandler field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from ExceptHandler""); return 1; } *out = ExceptHandler(type, name, body, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of excepthandler, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,49578912888812,1 5051,['CWE-20'],"static int get_ept_level(void) { return VMX_EPT_DEFAULT_GAW + 1; }",linux-2.6,,,109538442341228384252976215681541756392,0 2721,CWE-190,"SPL_METHOD(SplFileObject, fputcsv) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); char delimiter = intern->u.file.delimiter, enclosure = intern->u.file.enclosure, escape = intern->u.file.escape; char *delim = NULL, *enclo = NULL, *esc = NULL; int d_len = 0, e_len = 0, esc_len = 0, ret; zval *fields = NULL; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""a|sss"", &fields, &delim, &d_len, &enclo, &e_len, &esc, &esc_len) == SUCCESS) { switch(ZEND_NUM_ARGS()) { case 4: if (esc_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""escape must be a character""); RETURN_FALSE; } escape = esc[0]; case 3: if (e_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""enclosure must be a character""); RETURN_FALSE; } enclosure = enclo[0]; case 2: if (d_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""delimiter must be a character""); RETURN_FALSE; } delimiter = delim[0]; case 1: case 0: break; } ret = php_fputcsv(intern->u.file.stream, fields, delimiter, enclosure, escape TSRMLS_CC); RETURN_LONG(ret); } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,98475134148502,1 2372,['CWE-200'],"snd_seq_oss_synth_raw_event(struct seq_oss_devinfo *dp, int dev, unsigned char *data, struct snd_seq_event *ev) { if (! snd_seq_oss_synth_is_valid(dp, dev) || is_midi_dev(dp, dev)) return -ENXIO; ev->type = SNDRV_SEQ_EVENT_OSS; memcpy(ev->data.raw8.d, data, 8); return snd_seq_oss_synth_addr(dp, dev, ev); }",linux-2.6,,,77988572353469840219852066493078527981,0 2536,['CWE-119'],"void diff_free_filespec_blob(struct diff_filespec *s) { if (s->should_free) free(s->data); else if (s->should_munmap) munmap(s->data, s->size); if (s->should_free || s->should_munmap) { s->should_free = s->should_munmap = 0; s->data = NULL; } }",git,,,222136297752324141580125645668316856544,0 2657,[],"void sctp_put_port(struct sock *sk) { sctp_local_bh_disable(); __sctp_put_port(sk); sctp_local_bh_enable(); }",linux-2.6,,,308001724456453341468482553882973102396,0 1717,[],"int default_wake_function(wait_queue_t *curr, unsigned mode, int sync, void *key) { return try_to_wake_up(curr->private, mode, sync); }",linux-2.6,,,262576062519467864510044235039300407485,0 6030,['CWE-200'],"static void cbq_addprio(struct cbq_sched_data *q, struct cbq_class *cl) { q->nclasses[cl->priority]++; q->quanta[cl->priority] += cl->weight; cbq_normalize_quanta(q, cl->priority); }",linux-2.6,,,111730718009624343861754265961817195925,0 2190,CWE-416,"SMB2_read(const unsigned int xid, struct cifs_io_parms *io_parms, unsigned int *nbytes, char **buf, int *buf_type) { struct smb_rqst rqst; int resp_buftype, rc = -EACCES; struct smb2_read_plain_req *req = NULL; struct smb2_read_rsp *rsp = NULL; struct kvec iov[1]; struct kvec rsp_iov; unsigned int total_len; int flags = CIFS_LOG_ERROR; struct cifs_ses *ses = io_parms->tcon->ses; *nbytes = 0; rc = smb2_new_read_req((void **)&req, &total_len, io_parms, NULL, 0, 0); if (rc) return rc; if (smb3_encryption_required(io_parms->tcon)) flags |= CIFS_TRANSFORM_REQ; iov[0].iov_base = (char *)req; iov[0].iov_len = total_len; memset(&rqst, 0, sizeof(struct smb_rqst)); rqst.rq_iov = iov; rqst.rq_nvec = 1; rc = cifs_send_recv(xid, ses, &rqst, &resp_buftype, flags, &rsp_iov); cifs_small_buf_release(req); rsp = (struct smb2_read_rsp *)rsp_iov.iov_base; if (rc) { if (rc != -ENODATA) { cifs_stats_fail_inc(io_parms->tcon, SMB2_READ_HE); cifs_dbg(VFS, ""Send error in read = %d\n"", rc); trace_smb3_read_err(xid, req->PersistentFileId, io_parms->tcon->tid, ses->Suid, io_parms->offset, io_parms->length, rc); } else trace_smb3_read_done(xid, req->PersistentFileId, io_parms->tcon->tid, ses->Suid, io_parms->offset, 0); free_rsp_buf(resp_buftype, rsp_iov.iov_base); return rc == -ENODATA ? 0 : rc; } else trace_smb3_read_done(xid, req->PersistentFileId, io_parms->tcon->tid, ses->Suid, io_parms->offset, io_parms->length); *nbytes = le32_to_cpu(rsp->DataLength); if ((*nbytes > CIFS_MAX_MSGSIZE) || (*nbytes > io_parms->length)) { cifs_dbg(FYI, ""bad length %d for count %d\n"", *nbytes, io_parms->length); rc = -EIO; *nbytes = 0; } if (*buf) { memcpy(*buf, (char *)rsp + rsp->DataOffset, *nbytes); free_rsp_buf(resp_buftype, rsp_iov.iov_base); } else if (resp_buftype != CIFS_NO_BUFFER) { *buf = rsp_iov.iov_base; if (resp_buftype == CIFS_SMALL_BUFFER) *buf_type = CIFS_SMALL_BUFFER; else if (resp_buftype == CIFS_LARGE_BUFFER) *buf_type = CIFS_LARGE_BUFFER; } return rc; }",visit repo url,fs/cifs/smb2pdu.c,https://github.com/torvalds/linux,63703362320780,1 1141,['CWE-399'],"static int __poke_user_compat(struct task_struct *child, addr_t addr, addr_t data) { struct user32 *dummy32 = NULL; per_struct32 *dummy_per32 = NULL; __u32 tmp = (__u32) data; addr_t offset; if (addr < (addr_t) &dummy32->regs.acrs) { if (addr == (addr_t) &dummy32->regs.psw.mask) { if (tmp != PSW32_MASK_MERGE(psw32_user_bits, tmp)) return -EINVAL; task_pt_regs(child)->psw.mask = PSW_MASK_MERGE(psw_user32_bits, (__u64) tmp << 32); } else if (addr == (addr_t) &dummy32->regs.psw.addr) { task_pt_regs(child)->psw.addr = (__u64) tmp & PSW32_ADDR_INSN; } else { *(__u32*)((addr_t) &task_pt_regs(child)->psw + addr*2 + 4) = tmp; } } else if (addr < (addr_t) (&dummy32->regs.orig_gpr2)) { offset = addr - (addr_t) &dummy32->regs.acrs; *(__u32*)((addr_t) &child->thread.acrs + offset) = tmp; } else if (addr == (addr_t) (&dummy32->regs.orig_gpr2)) { *(__u32*)((addr_t) &task_pt_regs(child)->orig_gpr2 + 4) = tmp; } else if (addr < (addr_t) &dummy32->regs.fp_regs) { return 0; } else if (addr < (addr_t) (&dummy32->regs.fp_regs + 1)) { if (addr == (addr_t) &dummy32->regs.fp_regs.fpc && (tmp & ~FPC_VALID_MASK) != 0) return -EINVAL; offset = addr - (addr_t) &dummy32->regs.fp_regs; *(__u32 *)((addr_t) &child->thread.fp_regs + offset) = tmp; } else if (addr < (addr_t) (&dummy32->regs.per_info + 1)) { offset = addr - (addr_t) &dummy32->regs.per_info; if ((offset >= (addr_t) &dummy_per32->control_regs && offset < (addr_t) (&dummy_per32->control_regs + 1)) || (offset >= (addr_t) &dummy_per32->starting_addr && offset <= (addr_t) &dummy_per32->ending_addr) || offset == (addr_t) &dummy_per32->lowcore.words.address) offset = offset*2 + 4; else offset = offset*2; *(__u32 *)((addr_t) &child->thread.per_info + offset) = tmp; } FixPerRegisters(child); return 0; }",linux-2.6,,,50155296107349902612786000612560309453,0 3671,['CWE-119'],"int hfsplus_cat_bin_cmp_key(const hfsplus_btree_key *k1, const hfsplus_btree_key *k2) { __be32 k1p, k2p; k1p = k1->cat.parent; k2p = k2->cat.parent; if (k1p != k2p) return be32_to_cpu(k1p) < be32_to_cpu(k2p) ? -1 : 1; return hfsplus_strcmp(&k1->cat.name, &k2->cat.name); }",linux-2.6,,,252605979787235546245537293348808544893,0 3422,CWE-119,"static void process_tree(struct rev_info *revs, struct tree *tree, show_object_fn show, struct strbuf *base, const char *name, void *cb_data) { struct object *obj = &tree->object; struct tree_desc desc; struct name_entry entry; enum interesting match = revs->diffopt.pathspec.nr == 0 ? all_entries_interesting: entry_not_interesting; int baselen = base->len; if (!revs->tree_objects) return; if (!obj) die(""bad tree object""); if (obj->flags & (UNINTERESTING | SEEN)) return; if (parse_tree_gently(tree, revs->ignore_missing_links) < 0) { if (revs->ignore_missing_links) return; die(""bad tree object %s"", oid_to_hex(&obj->oid)); } obj->flags |= SEEN; show(obj, base, name, cb_data); strbuf_addstr(base, name); if (base->len) strbuf_addch(base, '/'); init_tree_desc(&desc, tree->buffer, tree->size); while (tree_entry(&desc, &entry)) { if (match != all_entries_interesting) { match = tree_entry_interesting(&entry, base, 0, &revs->diffopt.pathspec); if (match == all_entries_not_interesting) break; if (match == entry_not_interesting) continue; } if (S_ISDIR(entry.mode)) process_tree(revs, lookup_tree(entry.sha1), show, base, entry.path, cb_data); else if (S_ISGITLINK(entry.mode)) process_gitlink(revs, entry.sha1, show, base, entry.path, cb_data); else process_blob(revs, lookup_blob(entry.sha1), show, base, entry.path, cb_data); } strbuf_setlen(base, baselen); free_tree_buffer(tree); }",visit repo url,list-objects.c,https://github.com/git/git,162197440333858,1 3817,CWE-416,"free_buf_options( buf_T *buf, int free_p_ff) { if (free_p_ff) { clear_string_option(&buf->b_p_fenc); clear_string_option(&buf->b_p_ff); clear_string_option(&buf->b_p_bh); clear_string_option(&buf->b_p_bt); } #ifdef FEAT_FIND_ID clear_string_option(&buf->b_p_def); clear_string_option(&buf->b_p_inc); # ifdef FEAT_EVAL clear_string_option(&buf->b_p_inex); # endif #endif #if defined(FEAT_CINDENT) && defined(FEAT_EVAL) clear_string_option(&buf->b_p_inde); clear_string_option(&buf->b_p_indk); #endif #if defined(FEAT_BEVAL) && defined(FEAT_EVAL) clear_string_option(&buf->b_p_bexpr); #endif #if defined(FEAT_CRYPT) clear_string_option(&buf->b_p_cm); #endif clear_string_option(&buf->b_p_fp); #if defined(FEAT_EVAL) clear_string_option(&buf->b_p_fex); #endif #ifdef FEAT_CRYPT # ifdef FEAT_SODIUM if ((buf->b_p_key != NULL) && (*buf->b_p_key != NUL) && (crypt_get_method_nr(buf) == CRYPT_M_SOD)) crypt_sodium_munlock(buf->b_p_key, STRLEN(buf->b_p_key)); # endif clear_string_option(&buf->b_p_key); #endif clear_string_option(&buf->b_p_kp); clear_string_option(&buf->b_p_mps); clear_string_option(&buf->b_p_fo); clear_string_option(&buf->b_p_flp); clear_string_option(&buf->b_p_isk); #ifdef FEAT_VARTABS clear_string_option(&buf->b_p_vsts); vim_free(buf->b_p_vsts_nopaste); buf->b_p_vsts_nopaste = NULL; vim_free(buf->b_p_vsts_array); buf->b_p_vsts_array = NULL; clear_string_option(&buf->b_p_vts); VIM_CLEAR(buf->b_p_vts_array); #endif #ifdef FEAT_KEYMAP clear_string_option(&buf->b_p_keymap); keymap_clear(&buf->b_kmap_ga); ga_clear(&buf->b_kmap_ga); #endif clear_string_option(&buf->b_p_com); #ifdef FEAT_FOLDING clear_string_option(&buf->b_p_cms); #endif clear_string_option(&buf->b_p_nf); #ifdef FEAT_SYN_HL clear_string_option(&buf->b_p_syn); clear_string_option(&buf->b_s.b_syn_isk); #endif #ifdef FEAT_SPELL clear_string_option(&buf->b_s.b_p_spc); clear_string_option(&buf->b_s.b_p_spf); vim_regfree(buf->b_s.b_cap_prog); buf->b_s.b_cap_prog = NULL; clear_string_option(&buf->b_s.b_p_spl); clear_string_option(&buf->b_s.b_p_spo); #endif #ifdef FEAT_SEARCHPATH clear_string_option(&buf->b_p_sua); #endif clear_string_option(&buf->b_p_ft); #ifdef FEAT_CINDENT clear_string_option(&buf->b_p_cink); clear_string_option(&buf->b_p_cino); #endif #if defined(FEAT_CINDENT) || defined(FEAT_SMARTINDENT) clear_string_option(&buf->b_p_cinw); #endif clear_string_option(&buf->b_p_cpt); #ifdef FEAT_COMPL_FUNC clear_string_option(&buf->b_p_cfu); free_callback(&buf->b_cfu_cb); clear_string_option(&buf->b_p_ofu); free_callback(&buf->b_ofu_cb); clear_string_option(&buf->b_p_tsrfu); free_callback(&buf->b_tsrfu_cb); #endif #ifdef FEAT_QUICKFIX clear_string_option(&buf->b_p_gp); clear_string_option(&buf->b_p_mp); clear_string_option(&buf->b_p_efm); #endif clear_string_option(&buf->b_p_ep); clear_string_option(&buf->b_p_path); clear_string_option(&buf->b_p_tags); clear_string_option(&buf->b_p_tc); #ifdef FEAT_EVAL clear_string_option(&buf->b_p_tfu); free_callback(&buf->b_tfu_cb); #endif clear_string_option(&buf->b_p_dict); clear_string_option(&buf->b_p_tsr); #ifdef FEAT_TEXTOBJ clear_string_option(&buf->b_p_qe); #endif buf->b_p_ar = -1; buf->b_p_ul = NO_LOCAL_UNDOLEVEL; #ifdef FEAT_LISP clear_string_option(&buf->b_p_lw); #endif clear_string_option(&buf->b_p_bkc); clear_string_option(&buf->b_p_menc); }",visit repo url,src/buffer.c,https://github.com/vim/vim,11527453208745,1 3866,[],"int cap_inode_removexattr(struct dentry *dentry, const char *name) { if (!strcmp(name, XATTR_NAME_CAPS)) { if (!capable(CAP_SETFCAP)) return -EPERM; return 0; } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; return 0; }",linux-2.6,,,134738798181558903212092372256943184002,0 476,[],"pfm_alloc_fd(struct file **cfile) { int fd, ret = 0; struct file *file = NULL; struct inode * inode; char name[32]; struct qstr this; fd = get_unused_fd(); if (fd < 0) return -ENFILE; ret = -ENFILE; file = get_empty_filp(); if (!file) goto out; inode = new_inode(pfmfs_mnt->mnt_sb); if (!inode) goto out; DPRINT((""new inode ino=%ld @%p\n"", inode->i_ino, inode)); inode->i_mode = S_IFCHR|S_IRUGO; inode->i_uid = current->fsuid; inode->i_gid = current->fsgid; sprintf(name, ""[%lu]"", inode->i_ino); this.name = name; this.len = strlen(name); this.hash = inode->i_ino; ret = -ENOMEM; file->f_path.dentry = d_alloc(pfmfs_mnt->mnt_sb->s_root, &this); if (!file->f_path.dentry) goto out; file->f_path.dentry->d_op = &pfmfs_dentry_operations; d_add(file->f_path.dentry, inode); file->f_path.mnt = mntget(pfmfs_mnt); file->f_mapping = inode->i_mapping; file->f_op = &pfm_file_ops; file->f_mode = FMODE_READ; file->f_flags = O_RDONLY; file->f_pos = 0; fd_install(fd, file); *cfile = file; return fd; out: if (file) put_filp(file); put_unused_fd(fd); return ret; }",linux-2.6,,,132803636297751769462034193257742863084,0 1916,['CWE-20'],"static void dump_vdso_pages(struct vm_area_struct * vma) { int i; if (!vma || test_thread_flag(TIF_32BIT)) { printk(""vDSO32 @ %016lx:\n"", (unsigned long)vdso32_kbase); for (i=0; ivm_mm) ? follow_page(vma, vma->vm_start + i*PAGE_SIZE, 0) : NULL; dump_one_vdso_page(pg, upg); } } if (!vma || !test_thread_flag(TIF_32BIT)) { printk(""vDSO64 @ %016lx:\n"", (unsigned long)vdso64_kbase); for (i=0; ivm_mm) ? follow_page(vma, vma->vm_start + i*PAGE_SIZE, 0) : NULL; dump_one_vdso_page(pg, upg); } } }",linux-2.6,,,165419325294743629410043007768810258378,0 6203,CWE-190,"void fp2_exp_cyc(fp2_t c, const fp2_t a, const bn_t b) { fp2_t r, s, t[1 << (FP_WIDTH - 2)]; int i, l; int8_t naf[RLC_FP_BITS + 1], *k; if (bn_is_zero(b)) { return fp2_set_dig(c, 1); } fp2_null(r); fp2_null(s); RLC_TRY { fp2_new(r); fp2_new(s); for (i = 0; i < (1 << (FP_WIDTH - 2)); i ++) { fp2_null(t[i]); fp2_new(t[i]); } #if FP_WIDTH > 2 fp2_sqr(t[0], a); fp2_mul(t[1], t[0], a); for (int i = 2; i < (1 << (FP_WIDTH - 2)); i++) { fp2_mul(t[i], t[i - 1], t[0]); } #endif fp2_copy(t[0], a); l = RLC_FP_BITS + 1; fp2_set_dig(r, 1); bn_rec_naf(naf, &l, b, FP_WIDTH); k = naf + l - 1; for (i = l - 1; i >= 0; i--, k--) { fp2_sqr(r, r); if (*k > 0) { fp2_mul(r, r, t[*k / 2]); } if (*k < 0) { fp2_inv_cyc(s, t[-*k / 2]); fp2_mul(r, r, s); } } if (bn_sign(b) == RLC_NEG) { fp2_inv_cyc(c, r); } else { fp2_copy(c, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp2_free(r); fp2_free(s); for (i = 0; i < (1 << (FP_WIDTH - 2)); i++) { fp2_free(t[i]); } } }",visit repo url,src/fpx/relic_fpx_cyc.c,https://github.com/relic-toolkit/relic,124416565350415,1 2601,['CWE-189'],"void dccp_set_state(struct sock *sk, const int state) { const int oldstate = sk->sk_state; dccp_pr_debug(""%s(%p) %s --> %s\n"", dccp_role(sk), sk, dccp_state_name(oldstate), dccp_state_name(state)); WARN_ON(state == oldstate); switch (state) { case DCCP_OPEN: if (oldstate != DCCP_OPEN) DCCP_INC_STATS(DCCP_MIB_CURRESTAB); break; case DCCP_CLOSED: if (oldstate == DCCP_OPEN || oldstate == DCCP_ACTIVE_CLOSEREQ || oldstate == DCCP_CLOSING) DCCP_INC_STATS(DCCP_MIB_ESTABRESETS); sk->sk_prot->unhash(sk); if (inet_csk(sk)->icsk_bind_hash != NULL && !(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) inet_put_port(sk); default: if (oldstate == DCCP_OPEN) DCCP_DEC_STATS(DCCP_MIB_CURRESTAB); } sk->sk_state = state; }",linux-2.6,,,27348304455705892337439648753317479001,0 2984,['CWE-189'],"void jpc_qmfb_split_colgrp(jpc_fix_t *a, int numrows, int stride, int parity) { int bufsize = JPC_CEILDIVPOW2(numrows, 1); jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; jpc_fix_t *buf = splitbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; register jpc_fix_t *srcptr2; register jpc_fix_t *dstptr2; register int n; register int i; int m; int hstartcol; if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { abort(); } } if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; m = (parity) ? hstartcol : (numrows - hstartcol); n = m; dstptr = buf; srcptr = &a[(1 - parity) * stride]; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += JPC_QMFB_COLGRPSIZE; srcptr += stride << 1; } dstptr = &a[(1 - parity) * stride]; srcptr = &a[(2 - parity) * stride]; n = numrows - m - (!parity); while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += stride; srcptr += stride << 1; } dstptr = &a[hstartcol * stride]; srcptr = buf; n = m; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += stride; srcptr += JPC_QMFB_COLGRPSIZE; } } if (buf != splitbuf) { jas_free(buf); } }",jasper,,,271511331206530496232685112613145925305,0 1810,CWE-362,"static int netlink_dump(struct sock *sk) { struct netlink_sock *nlk = nlk_sk(sk); struct netlink_callback *cb; struct sk_buff *skb = NULL; struct nlmsghdr *nlh; int len, err = -ENOBUFS; int alloc_min_size; int alloc_size; mutex_lock(nlk->cb_mutex); if (!nlk->cb_running) { err = -EINVAL; goto errout_skb; } if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) goto errout_skb; cb = &nlk->cb; alloc_min_size = max_t(int, cb->min_dump_alloc, NLMSG_GOODSIZE); if (alloc_min_size < nlk->max_recvmsg_len) { alloc_size = nlk->max_recvmsg_len; skb = alloc_skb(alloc_size, GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY); } if (!skb) { alloc_size = alloc_min_size; skb = alloc_skb(alloc_size, GFP_KERNEL); } if (!skb) goto errout_skb; skb_reserve(skb, skb_tailroom(skb) - alloc_size); netlink_skb_set_owner_r(skb, sk); len = cb->dump(skb, cb); if (len > 0) { mutex_unlock(nlk->cb_mutex); if (sk_filter(sk, skb)) kfree_skb(skb); else __netlink_sendskb(sk, skb); return 0; } nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI); if (!nlh) goto errout_skb; nl_dump_check_consistent(cb, nlh); memcpy(nlmsg_data(nlh), &len, sizeof(len)); if (sk_filter(sk, skb)) kfree_skb(skb); else __netlink_sendskb(sk, skb); if (cb->done) cb->done(cb); nlk->cb_running = false; mutex_unlock(nlk->cb_mutex); module_put(cb->module); consume_skb(cb->skb); return 0; errout_skb: mutex_unlock(nlk->cb_mutex); kfree_skb(skb); return err; }",visit repo url,net/netlink/af_netlink.c,https://github.com/torvalds/linux,250395124583955,1 3011,['CWE-189'],"void jpc_ns_invlift_col(jpc_fix_t *a, int numrows, int stride, int parity) { jpc_fix_t *lptr; jpc_fix_t *hptr; register jpc_fix_t *lptr2; register jpc_fix_t *hptr2; register int n; int llen; llen = (numrows + 1 - parity) >> 1; if (numrows > 1) { #if defined(WT_DOSCALE) lptr = &a[0]; n = llen; while (n-- > 0) { lptr2 = lptr; lptr2[0] = jpc_fix_mul(lptr2[0], jpc_dbltofix(1.0 / LGAIN)); ++lptr2; lptr += stride; } hptr = &a[llen * stride]; n = numrows - llen; while (n-- > 0) { hptr2 = hptr; hptr2[0] = jpc_fix_mul(hptr2[0], jpc_dbltofix(1.0 / HGAIN)); ++hptr2; hptr += stride; } #endif lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(DELTA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++hptr2; ++lptr2; hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(GAMMA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++lptr2; ++hptr2; } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(BETA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++hptr2; ++lptr2; hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(ALPHA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; jpc_fix_minuseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++lptr2; ++hptr2; } } else { #if defined(WT_LENONE) if (parity) { lptr2 = &a[0]; lptr2[0] >>= 1; ++lptr2; } #endif } }",jasper,,,250476478638439601804794688459822885399,0 3807,['CWE-120'],"static struct uvc_entity *uvc_entity_by_id(struct uvc_device *dev, int id) { struct uvc_entity *entity; list_for_each_entry(entity, &dev->entities, list) { if (entity->id == id) return entity; } return NULL; }",linux-2.6,,,213367870682855262359815012001314351263,0 3897,['CWE-399'],"static int tda9874a_setup(struct CHIPSTATE *chip) { chip_write(chip, TDA9874A_AGCGR, 0x00); chip_write(chip, TDA9874A_GCONR, tda9874a_GCONR); chip_write(chip, TDA9874A_MSR, (tda9874a_mode) ? 0x03:0x02); if(tda9874a_dic == 0x11) { chip_write(chip, TDA9874A_FMMR, 0x80); } else { chip_cmd(chip,""tda9874_modelist"",&tda9874a_modelist[tda9874a_STD].cmd); chip_write(chip, TDA9874A_FMMR, 0x00); } chip_write(chip, TDA9874A_C1OLAR, 0x00); chip_write(chip, TDA9874A_C2OLAR, 0x00); chip_write(chip, TDA9874A_NCONR, tda9874a_NCONR); chip_write(chip, TDA9874A_NOLAR, 0x00); chip_write(chip, TDA9874A_NLELR, 0x14); chip_write(chip, TDA9874A_NUELR, 0x50); if(tda9874a_dic == 0x11) { chip_write(chip, TDA9874A_AMCONR, 0xf9); chip_write(chip, TDA9874A_SDACOSR, (tda9874a_mode) ? 0x81:0x80); chip_write(chip, TDA9874A_AOSR, 0x80); chip_write(chip, TDA9874A_MDACOSR, (tda9874a_mode) ? 0x82:0x80); chip_write(chip, TDA9874A_ESP, tda9874a_ESP); } else { chip_write(chip, TDA9874A_AMCONR, 0xfb); chip_write(chip, TDA9874A_SDACOSR, (tda9874a_mode) ? 0x81:0x80); chip_write(chip, TDA9874A_AOSR, 0x00); } v4l_dbg(1, debug, chip->c, ""tda9874a_setup(): %s [0x%02X].\n"", tda9874a_modelist[tda9874a_STD].name,tda9874a_STD); return 1; }",linux-2.6,,,275061365766159987302925473397908604744,0 4466,['CWE-264'],"void mac_drv_tx_complete(struct s_smc *smc, volatile struct s_smt_fp_txd *txd) { struct sk_buff *skb; PRINTK(KERN_INFO ""entering mac_drv_tx_complete\n""); if (!(skb = txd->txd_os.skb)) { PRINTK(""TXD with no skb assigned.\n""); return; } txd->txd_os.skb = NULL; pci_unmap_single(&smc->os.pdev, txd->txd_os.dma_addr, skb->len, PCI_DMA_TODEVICE); txd->txd_os.dma_addr = 0; smc->os.MacStat.gen.tx_packets++; smc->os.MacStat.gen.tx_bytes+=skb->len; dev_kfree_skb_irq(skb); PRINTK(KERN_INFO ""leaving mac_drv_tx_complete\n""); } ",linux-2.6,,,116059934088675256811096839537659678353,0 4836,['CWE-189'],"static int ecryptfs_read_headers_virt(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat, struct dentry *ecryptfs_dentry, int validate_header_size) { int rc = 0; int offset; int bytes_read; ecryptfs_set_default_sizes(crypt_stat); crypt_stat->mount_crypt_stat = &ecryptfs_superblock_to_private( ecryptfs_dentry->d_sb)->mount_crypt_stat; offset = ECRYPTFS_FILE_SIZE_BYTES; rc = contains_ecryptfs_marker(page_virt + offset); if (rc == 0) { rc = -EINVAL; goto out; } offset += MAGIC_ECRYPTFS_MARKER_SIZE_BYTES; rc = ecryptfs_process_flags(crypt_stat, (page_virt + offset), &bytes_read); if (rc) { ecryptfs_printk(KERN_WARNING, ""Error processing flags\n""); goto out; } if (crypt_stat->file_version > ECRYPTFS_SUPPORTED_FILE_VERSION) { ecryptfs_printk(KERN_WARNING, ""File version is [%d]; only "" ""file version [%d] is supported by this "" ""version of eCryptfs\n"", crypt_stat->file_version, ECRYPTFS_SUPPORTED_FILE_VERSION); rc = -EINVAL; goto out; } offset += bytes_read; if (crypt_stat->file_version >= 1) { rc = parse_header_metadata(crypt_stat, (page_virt + offset), &bytes_read, validate_header_size); if (rc) { ecryptfs_printk(KERN_WARNING, ""Error reading header "" ""metadata; rc = [%d]\n"", rc); } offset += bytes_read; } else set_default_header_data(crypt_stat); rc = ecryptfs_parse_packet_set(crypt_stat, (page_virt + offset), ecryptfs_dentry); out: return rc; }",linux-2.6,,,94352889297738886537565816820315029505,0 5317,['CWE-119'],"static void __tun_detach(struct tun_struct *tun) { netif_tx_lock_bh(tun->dev); tun->tfile = NULL; netif_tx_unlock_bh(tun->dev); skb_queue_purge(&tun->readq); dev_put(tun->dev); }",linux-2.6,,,15272909383417731525238425028748454181,0 5888,CWE-122,"PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool, const pj_uint8_t *pdu, pj_size_t pdu_len, unsigned options, pj_stun_msg **p_msg, pj_size_t *p_parsed_len, pj_stun_msg **p_response) { pj_stun_msg *msg; const pj_uint8_t *start_pdu = pdu; pj_bool_t has_msg_int = PJ_FALSE; pj_bool_t has_fingerprint = PJ_FALSE; pj_status_t status; PJ_UNUSED_ARG(options); PJ_ASSERT_RETURN(pool && pdu && pdu_len && p_msg, PJ_EINVAL); PJ_ASSERT_RETURN(sizeof(pj_stun_msg_hdr) == 20, PJ_EBUG); if (p_parsed_len) *p_parsed_len = 0; if (p_response) *p_response = NULL; if (options & PJ_STUN_CHECK_PACKET) { status = pj_stun_msg_check(pdu, pdu_len, options); if (status != PJ_SUCCESS) return status; } msg = PJ_POOL_ZALLOC_T(pool, pj_stun_msg); pj_memcpy(&msg->hdr, pdu, sizeof(pj_stun_msg_hdr)); msg->hdr.type = pj_ntohs(msg->hdr.type); msg->hdr.length = pj_ntohs(msg->hdr.length); msg->hdr.magic = pj_ntohl(msg->hdr.magic); pdu += sizeof(pj_stun_msg_hdr); pdu_len = msg->hdr.length; if (!PJ_STUN_IS_REQUEST(msg->hdr.type)) p_response = NULL; while (pdu_len >= 4) { unsigned attr_type, attr_val_len; const struct attr_desc *adesc; attr_type = GETVAL16H(pdu, 0); attr_val_len = GETVAL16H(pdu, 2); attr_val_len = (attr_val_len + 3) & (~3); if (pdu_len < attr_val_len) { pj_str_t err_msg; char err_msg_buf[80]; err_msg.ptr = err_msg_buf; err_msg.slen = pj_ansi_snprintf(err_msg_buf, sizeof(err_msg_buf), ""Attribute %s has invalid length"", pj_stun_get_attr_name(attr_type)); PJ_LOG(4,(THIS_FILE, ""Error decoding message: %.*s"", (int)err_msg.slen, err_msg.ptr)); if (p_response) { pj_stun_msg_create_response(pool, msg, PJ_STUN_SC_BAD_REQUEST, &err_msg, p_response); } return PJNATH_ESTUNINATTRLEN; } adesc = find_attr_desc(attr_type); if (adesc == NULL) { pj_stun_binary_attr *attr = NULL; PJ_LOG(5,(THIS_FILE, ""Unrecognized attribute type 0x%x"", attr_type)); if (attr_type <= 0x7FFF) { if (p_response) { unsigned err_code = PJ_STUN_SC_UNKNOWN_ATTRIBUTE; status = pj_stun_msg_create_response(pool, msg, err_code, NULL, p_response); if (status==PJ_SUCCESS) { pj_uint16_t d = (pj_uint16_t)attr_type; pj_stun_msg_add_unknown_attr(pool, *p_response, 1, &d); } } return PJ_STATUS_FROM_STUN_CODE(PJ_STUN_SC_UNKNOWN_ATTRIBUTE); } if (msg->attr_count >= PJ_STUN_MAX_ATTR) { if (p_response) { pj_stun_msg_create_response(pool, msg, PJ_STUN_SC_SERVER_ERROR, NULL, p_response); } return PJNATH_ESTUNTOOMANYATTR; } status = pj_stun_binary_attr_create(pool, attr_type, pdu+4, GETVAL16H(pdu, 2), &attr); if (status != PJ_SUCCESS) { if (p_response) { pj_stun_msg_create_response(pool, msg, PJ_STUN_SC_SERVER_ERROR, NULL, p_response); } PJ_LOG(4,(THIS_FILE, ""Error parsing unknown STUN attribute type %d"", attr_type)); return status; } msg->attr[msg->attr_count++] = &attr->hdr; } else { void *attr; char err_msg1[PJ_ERR_MSG_SIZE], err_msg2[PJ_ERR_MSG_SIZE]; status = (adesc->decode_attr)(pool, pdu, &msg->hdr, &attr); if (status != PJ_SUCCESS) { pj_strerror(status, err_msg1, sizeof(err_msg1)); if (p_response) { pj_str_t e; e.ptr = err_msg2; e.slen= pj_ansi_snprintf(err_msg2, sizeof(err_msg2), ""%s in %s"", err_msg1, pj_stun_get_attr_name(attr_type)); if (e.slen < 1 || e.slen >= (int)sizeof(err_msg2)) e.slen = sizeof(err_msg2) - 1; pj_stun_msg_create_response(pool, msg, PJ_STUN_SC_BAD_REQUEST, &e, p_response); } PJ_LOG(4,(THIS_FILE, ""Error parsing STUN attribute %s: %s"", pj_stun_get_attr_name(attr_type), err_msg1)); return status; } if (attr_type == PJ_STUN_ATTR_MESSAGE_INTEGRITY && !has_fingerprint) { if (has_msg_int) { if (p_response) { pj_stun_msg_create_response(pool, msg, PJ_STUN_SC_BAD_REQUEST, NULL, p_response); } return PJNATH_ESTUNDUPATTR; } has_msg_int = PJ_TRUE; } else if (attr_type == PJ_STUN_ATTR_FINGERPRINT) { if (has_fingerprint) { if (p_response) { pj_stun_msg_create_response(pool, msg, PJ_STUN_SC_BAD_REQUEST, NULL, p_response); } return PJNATH_ESTUNDUPATTR; } has_fingerprint = PJ_TRUE; } else { if (has_fingerprint) { if (p_response) { pj_stun_msg_create_response(pool, msg, PJ_STUN_SC_BAD_REQUEST, NULL, p_response); } return PJNATH_ESTUNFINGERPOS; } } if (msg->attr_count >= PJ_STUN_MAX_ATTR) { if (p_response) { pj_stun_msg_create_response(pool, msg, PJ_STUN_SC_SERVER_ERROR, NULL, p_response); } return PJNATH_ESTUNTOOMANYATTR; } msg->attr[msg->attr_count++] = (pj_stun_attr_hdr*)attr; } if (attr_val_len + 4 >= pdu_len) { pdu += pdu_len; pdu_len = 0; } else { pdu += (attr_val_len + 4); pdu_len -= (attr_val_len + 4); } } if (pdu_len > 0) { PJ_LOG(4,(THIS_FILE, ""Error decoding STUN message: unparsed trailing %d bytes"", pdu_len)); return PJNATH_EINSTUNMSGLEN; } *p_msg = msg; if (p_parsed_len) *p_parsed_len = (pdu - start_pdu); return PJ_SUCCESS; }",visit repo url,pjnath/src/pjnath/stun_msg.c,https://github.com/pjsip/pjproject,63268285753442,1 5091,CWE-190,"PyMemoTable_Set(PyMemoTable *self, PyObject *key, Py_ssize_t value) { PyMemoEntry *entry; assert(key != NULL); entry = _PyMemoTable_Lookup(self, key); if (entry->me_key != NULL) { entry->me_value = value; return 0; } Py_INCREF(key); entry->me_key = key; entry->me_value = value; self->mt_used++; if (!(self->mt_used * 3 >= (self->mt_mask + 1) * 2)) return 0; return _PyMemoTable_ResizeTable(self, (self->mt_used > 50000 ? 2 : 4) * self->mt_used); }",visit repo url,Modules/_pickle.c,https://github.com/python/cpython,239816021268694,1 4773,CWE-119,"static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) { muscle_private_t* priv = MUSCLE_DATA(card); mscfs_t *fs = priv->fs; int x; int count = 0; mscfs_check_cache(priv->fs); for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ""FILE: %02X%02X%02X%02X\n"", oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; if(buf[0] == 0x00 && buf[1] == 0x00) continue; buf += 2; count+=2; } } return count; }",visit repo url,src/libopensc/card-muscle.c,https://github.com/OpenSC/OpenSC,15195210024435,1 6253,['CWE-200'],"static int do_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { struct ifinfomsg *ifm = NLMSG_DATA(nlh); struct rtattr **ida = arg; struct net_device *dev; int err, send_addr_notify = 0; if (ifm->ifi_index >= 0) dev = dev_get_by_index(ifm->ifi_index); else if (ida[IFLA_IFNAME - 1]) { char ifname[IFNAMSIZ]; if (rtattr_strlcpy(ifname, ida[IFLA_IFNAME - 1], IFNAMSIZ) >= IFNAMSIZ) return -EINVAL; dev = dev_get_by_name(ifname); } else return -EINVAL; if (!dev) return -ENODEV; err = -EINVAL; if (ifm->ifi_flags) dev_change_flags(dev, ifm->ifi_flags); if (ida[IFLA_MAP - 1]) { struct rtnl_link_ifmap *u_map; struct ifmap k_map; if (!dev->set_config) { err = -EOPNOTSUPP; goto out; } if (!netif_device_present(dev)) { err = -ENODEV; goto out; } if (ida[IFLA_MAP - 1]->rta_len != RTA_LENGTH(sizeof(*u_map))) goto out; u_map = RTA_DATA(ida[IFLA_MAP - 1]); k_map.mem_start = (unsigned long) u_map->mem_start; k_map.mem_end = (unsigned long) u_map->mem_end; k_map.base_addr = (unsigned short) u_map->base_addr; k_map.irq = (unsigned char) u_map->irq; k_map.dma = (unsigned char) u_map->dma; k_map.port = (unsigned char) u_map->port; err = dev->set_config(dev, &k_map); if (err) goto out; } if (ida[IFLA_ADDRESS - 1]) { if (!dev->set_mac_address) { err = -EOPNOTSUPP; goto out; } if (!netif_device_present(dev)) { err = -ENODEV; goto out; } if (ida[IFLA_ADDRESS - 1]->rta_len != RTA_LENGTH(dev->addr_len)) goto out; err = dev->set_mac_address(dev, RTA_DATA(ida[IFLA_ADDRESS - 1])); if (err) goto out; send_addr_notify = 1; } if (ida[IFLA_BROADCAST - 1]) { if (ida[IFLA_BROADCAST - 1]->rta_len != RTA_LENGTH(dev->addr_len)) goto out; memcpy(dev->broadcast, RTA_DATA(ida[IFLA_BROADCAST - 1]), dev->addr_len); send_addr_notify = 1; } if (ida[IFLA_MTU - 1]) { if (ida[IFLA_MTU - 1]->rta_len != RTA_LENGTH(sizeof(u32))) goto out; err = dev_set_mtu(dev, *((u32 *) RTA_DATA(ida[IFLA_MTU - 1]))); if (err) goto out; } if (ida[IFLA_TXQLEN - 1]) { if (ida[IFLA_TXQLEN - 1]->rta_len != RTA_LENGTH(sizeof(u32))) goto out; dev->tx_queue_len = *((u32 *) RTA_DATA(ida[IFLA_TXQLEN - 1])); } if (ida[IFLA_WEIGHT - 1]) { if (ida[IFLA_WEIGHT - 1]->rta_len != RTA_LENGTH(sizeof(u32))) goto out; dev->weight = *((u32 *) RTA_DATA(ida[IFLA_WEIGHT - 1])); } if (ifm->ifi_index >= 0 && ida[IFLA_IFNAME - 1]) { char ifname[IFNAMSIZ]; if (rtattr_strlcpy(ifname, ida[IFLA_IFNAME - 1], IFNAMSIZ) >= IFNAMSIZ) goto out; err = dev_change_name(dev, ifname); if (err) goto out; } err = 0; out: if (send_addr_notify) call_netdevice_notifiers(NETDEV_CHANGEADDR, dev); dev_put(dev); return err; }",linux-2.6,,,101526516298844723238106130220696774711,0 1467,[],"cpu_to_phys_group(int cpu, const cpumask_t *cpu_map, struct sched_group **sg, cpumask_t *mask) { int group; #ifdef CONFIG_SCHED_MC *mask = cpu_coregroup_map(cpu); cpus_and(*mask, *mask, *cpu_map); group = first_cpu(*mask); #elif defined(CONFIG_SCHED_SMT) *mask = per_cpu(cpu_sibling_map, cpu); cpus_and(*mask, *mask, *cpu_map); group = first_cpu(*mask); #else group = cpu; #endif if (sg) *sg = &per_cpu(sched_group_phys, group); return group; }",linux-2.6,,,194350799458620940100262586286927858500,0 6714,CWE-116,"match_expr(struct search_node_list *head, struct eventlog *evlog, bool last_match) { struct search_node *sn; bool res = false, matched = last_match; int rc; debug_decl(match_expr, SUDO_DEBUG_UTIL); STAILQ_FOREACH(sn, head, entries) { switch (sn->type) { case ST_EXPR: res = match_expr(&sn->u.expr, evlog, matched); break; case ST_CWD: if (evlog->cwd != NULL) res = strcmp(sn->u.cwd, evlog->cwd) == 0; break; case ST_HOST: if (evlog->submithost != NULL) res = strcmp(sn->u.host, evlog->submithost) == 0; break; case ST_TTY: if (evlog->ttyname != NULL) res = strcmp(sn->u.tty, evlog->ttyname) == 0; break; case ST_RUNASGROUP: if (evlog->rungroup != NULL) res = strcmp(sn->u.runas_group, evlog->rungroup) == 0; break; case ST_RUNASUSER: if (evlog->runuser != NULL) res = strcmp(sn->u.runas_user, evlog->runuser) == 0; break; case ST_USER: if (evlog->submituser != NULL) res = strcmp(sn->u.user, evlog->submituser) == 0; break; case ST_PATTERN: rc = regexec(&sn->u.cmdre, evlog->command, 0, NULL, 0); if (rc && rc != REG_NOMATCH) { char buf[BUFSIZ]; regerror(rc, &sn->u.cmdre, buf, sizeof(buf)); sudo_fatalx(""%s"", buf); } res = rc == REG_NOMATCH ? 0 : 1; break; case ST_FROMDATE: res = sudo_timespeccmp(&evlog->submit_time, &sn->u.tstamp, >=); break; case ST_TODATE: res = sudo_timespeccmp(&evlog->submit_time, &sn->u.tstamp, <=); break; default: sudo_fatalx(U_(""unknown search type %d""), sn->type); } if (sn->negated) res = !res; matched = sn->or ? (res || last_match) : (res && last_match); last_match = matched; } debug_return_bool(matched); }",visit repo url,plugins/sudoers/sudoreplay.c,https://github.com/sudo-project/sudo,54556504973646,1 3126,CWE-20,"static bool parse_notify(struct pool *pool, json_t *val) { char *job_id, *prev_hash, *coinbase1, *coinbase2, *bbversion, *nbit, *ntime, *header; size_t cb1_len, cb2_len, alloc_len; unsigned char *cb1, *cb2; bool clean, ret = false; int merkles, i; json_t *arr; arr = json_array_get(val, 4); if (!arr || !json_is_array(arr)) goto out; merkles = json_array_size(arr); job_id = json_array_string(val, 0); prev_hash = json_array_string(val, 1); coinbase1 = json_array_string(val, 2); coinbase2 = json_array_string(val, 3); bbversion = json_array_string(val, 5); nbit = json_array_string(val, 6); ntime = json_array_string(val, 7); clean = json_is_true(json_array_get(val, 8)); if (!job_id || !prev_hash || !coinbase1 || !coinbase2 || !bbversion || !nbit || !ntime) { if (job_id) free(job_id); if (prev_hash) free(prev_hash); if (coinbase1) free(coinbase1); if (coinbase2) free(coinbase2); if (bbversion) free(bbversion); if (nbit) free(nbit); if (ntime) free(ntime); goto out; } cg_wlock(&pool->data_lock); free(pool->swork.job_id); free(pool->swork.prev_hash); free(pool->swork.bbversion); free(pool->swork.nbit); free(pool->swork.ntime); pool->swork.job_id = job_id; pool->swork.prev_hash = prev_hash; cb1_len = strlen(coinbase1) / 2; cb2_len = strlen(coinbase2) / 2; pool->swork.bbversion = bbversion; pool->swork.nbit = nbit; pool->swork.ntime = ntime; pool->swork.clean = clean; alloc_len = pool->swork.cb_len = cb1_len + pool->n1_len + pool->n2size + cb2_len; pool->nonce2_offset = cb1_len + pool->n1_len; for (i = 0; i < pool->swork.merkles; i++) free(pool->swork.merkle_bin[i]); if (merkles) { pool->swork.merkle_bin = (unsigned char **)realloc(pool->swork.merkle_bin, sizeof(char *) * merkles + 1); for (i = 0; i < merkles; i++) { char *merkle = json_array_string(arr, i); pool->swork.merkle_bin[i] = (unsigned char *)malloc(32); if (unlikely(!pool->swork.merkle_bin[i])) quit(1, ""Failed to malloc pool swork merkle_bin""); hex2bin(pool->swork.merkle_bin[i], merkle, 32); free(merkle); } } pool->swork.merkles = merkles; if (clean) pool->nonce2 = 0; pool->merkle_offset = strlen(pool->swork.bbversion) + strlen(pool->swork.prev_hash); pool->swork.header_len = pool->merkle_offset + 32 + strlen(pool->swork.ntime) + strlen(pool->swork.nbit) + 8 + 96; pool->merkle_offset /= 2; pool->swork.header_len = pool->swork.header_len * 2 + 1; align_len(&pool->swork.header_len); header = (char *)alloca(pool->swork.header_len); snprintf(header, pool->swork.header_len, ""%s%s%s%s%s%s%s"", pool->swork.bbversion, pool->swork.prev_hash, blank_merkel, pool->swork.ntime, pool->swork.nbit, ""00000000"", workpadding); if (unlikely(!hex2bin(pool->header_bin, header, 128))) quit(1, ""Failed to convert header to header_bin in parse_notify""); cb1 = (unsigned char *)calloc(cb1_len, 1); if (unlikely(!cb1)) quithere(1, ""Failed to calloc cb1 in parse_notify""); hex2bin(cb1, coinbase1, cb1_len); cb2 = (unsigned char *)calloc(cb2_len, 1); if (unlikely(!cb2)) quithere(1, ""Failed to calloc cb2 in parse_notify""); hex2bin(cb2, coinbase2, cb2_len); free(pool->coinbase); align_len(&alloc_len); pool->coinbase = (unsigned char *)calloc(alloc_len, 1); if (unlikely(!pool->coinbase)) quit(1, ""Failed to calloc pool coinbase in parse_notify""); memcpy(pool->coinbase, cb1, cb1_len); memcpy(pool->coinbase + cb1_len, pool->nonce1bin, pool->n1_len); memcpy(pool->coinbase + cb1_len + pool->n1_len + pool->n2size, cb2, cb2_len); cg_wunlock(&pool->data_lock); if (opt_protocol) { applog(LOG_DEBUG, ""job_id: %s"", job_id); applog(LOG_DEBUG, ""prev_hash: %s"", prev_hash); applog(LOG_DEBUG, ""coinbase1: %s"", coinbase1); applog(LOG_DEBUG, ""coinbase2: %s"", coinbase2); applog(LOG_DEBUG, ""bbversion: %s"", bbversion); applog(LOG_DEBUG, ""nbit: %s"", nbit); applog(LOG_DEBUG, ""ntime: %s"", ntime); applog(LOG_DEBUG, ""clean: %s"", clean ? ""yes"" : ""no""); } free(coinbase1); free(coinbase2); free(cb1); free(cb2); pool->getwork_requested++; total_getworks++; ret = true; if (pool == current_pool()) opt_work_update = true; out: return ret; }",visit repo url,util.c,https://github.com/sgminer-dev/sgminer,69419516936113,1 6065,CWE-190,"void bn_rec_tnaf(int8_t *tnaf, int *len, const bn_t k, int8_t u, int m, int w) { int i, l; bn_t tmp, r0, r1; int8_t beta[64], gama[64]; uint8_t t_w; dig_t t0, t1, mask; int s, t, u_i; bn_null(r0); bn_null(r1); bn_null(tmp); if (*len < (bn_bits(k) + 1)) { *len = 0; RLC_THROW(ERR_NO_BUFFER); return; } RLC_TRY { bn_new(r0); bn_new(r1); bn_new(tmp); memset(tnaf, 0, *len); bn_rec_tnaf_get(&t_w, beta, gama, u, w); bn_abs(tmp, k); bn_rec_tnaf_mod(r0, r1, tmp, u, m); mask = RLC_MASK(w); l = 1 << w; i = 0; while (!bn_is_zero(r0) || !bn_is_zero(r1)) { while ((r0->dp[0] & 1) == 0) { tnaf[i++] = 0; bn_hlv(tmp, r0); if (u == -1) { bn_sub(r0, r1, tmp); } else { bn_add(r0, r1, tmp); } bn_copy(r1, tmp); r1->sign = tmp->sign ^ 1; } if (w == 2) { t0 = r0->dp[0]; if (bn_sign(r0) == RLC_NEG) { t0 = l - t0; } t1 = r1->dp[0]; if (bn_sign(r1) == RLC_NEG) { t1 = l - t1; } u_i = 2 - ((t0 - 2 * t1) & mask); tnaf[i++] = u_i; if (u_i < 0) { bn_add_dig(r0, r0, -u_i); } else { bn_sub_dig(r0, r0, u_i); } } else { t0 = r0->dp[0]; if (bn_sign(r0) == RLC_NEG) { t0 = l - t0; } t1 = r1->dp[0]; if (bn_sign(r1) == RLC_NEG) { t1 = l - t1; } u_i = (t0 + t_w * t1) & mask; if (u_i >= (l / 2)) { u_i = (int8_t)(u_i - l); tnaf[i++] = u_i; u_i = (int8_t)(-u_i >> 1); t = -beta[u_i]; s = -gama[u_i]; } else { tnaf[i++] = u_i; u_i = (int8_t)(u_i >> 1); t = beta[u_i]; s = gama[u_i]; } if (t > 0) { bn_sub_dig(r0, r0, t); } else { bn_add_dig(r0, r0, -t); } if (s > 0) { bn_sub_dig(r1, r1, s); } else { bn_add_dig(r1, r1, -s); } } bn_hlv(tmp, r0); if (u == -1) { bn_sub(r0, r1, tmp); } else { bn_add(r0, r1, tmp); } bn_copy(r1, tmp); r1->sign = tmp->sign ^ 1; } *len = i; } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(r0); bn_free(r1); bn_free(tmp); } }",visit repo url,src/bn/relic_bn_rec.c,https://github.com/relic-toolkit/relic,266417703337721,1 4820,['CWE-399'],"SYSCALL_DEFINE2(inotify_rm_watch, int, fd, __s32, wd) { struct file *filp; struct inotify_device *dev; int ret, fput_needed; filp = fget_light(fd, &fput_needed); if (unlikely(!filp)) return -EBADF; if (unlikely(filp->f_op != &inotify_fops)) { ret = -EINVAL; goto out; } dev = filp->private_data; ret = inotify_rm_wd(dev->ih, wd); out: fput_light(filp, fput_needed); return ret; }",linux-2.6,,,195646196696232241630897027461985000797,0 817,['CWE-16'],"static void esp4_err(struct sk_buff *skb, u32 info) { struct iphdr *iph = (struct iphdr*)skb->data; struct ip_esp_hdr *esph = (struct ip_esp_hdr*)(skb->data+(iph->ihl<<2)); struct xfrm_state *x; if (icmp_hdr(skb)->type != ICMP_DEST_UNREACH || icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) return; x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET); if (!x) return; NETDEBUG(KERN_DEBUG ""pmtu discovery on SA ESP/%08x/%08x\n"", ntohl(esph->spi), ntohl(iph->daddr)); xfrm_state_put(x); }",linux-2.6,,,328483835693979384125924906711955464255,0 6416,CWE-20,"void esp32EthEnableIrq(NetInterface *interface) { if(interface->phyDriver != NULL) { interface->phyDriver->enableIrq(interface); } else if(interface->switchDriver != NULL) { interface->switchDriver->enableIrq(interface); } else { } }",visit repo url,drivers/mac/esp32_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,18144451594944,1 910,['CWE-200'],"static int shmem_notify_change(struct dentry *dentry, struct iattr *attr) { struct inode *inode = dentry->d_inode; struct page *page = NULL; int error; if (S_ISREG(inode->i_mode) && (attr->ia_valid & ATTR_SIZE)) { if (attr->ia_size < inode->i_size) { if (attr->ia_size & (PAGE_CACHE_SIZE-1)) { (void) shmem_getpage(inode, attr->ia_size>>PAGE_CACHE_SHIFT, &page, SGP_READ, NULL); } if (attr->ia_size) { struct shmem_inode_info *info = SHMEM_I(inode); spin_lock(&info->lock); info->flags &= ~SHMEM_PAGEIN; spin_unlock(&info->lock); } } } error = inode_change_ok(inode, attr); if (!error) error = inode_setattr(inode, attr); #ifdef CONFIG_TMPFS_POSIX_ACL if (!error && (attr->ia_valid & ATTR_MODE)) error = generic_acl_chmod(inode, &shmem_acl_ops); #endif if (page) page_cache_release(page); return error; }",linux-2.6,,,252914241601796894646376892020309771062,0 3469,NVD-CWE-noinfo,"list_dbs(MYSQL *mysql,const char *wild) { const char *header; uint length, counter = 0; ulong rowcount = 0L; char tables[NAME_LEN+1], rows[NAME_LEN+1]; char query[255]; MYSQL_FIELD *field; MYSQL_RES *result; MYSQL_ROW row= NULL, rrow; if (!(result=mysql_list_dbs(mysql,wild))) { fprintf(stderr,""%s: Cannot list databases: %s\n"",my_progname, mysql_error(mysql)); return 1; } if (wild && mysql_num_rows(result) == 1) { row= mysql_fetch_row(result); if (!my_strcasecmp(&my_charset_latin1, row[0], wild)) { mysql_free_result(result); if (opt_status) return list_table_status(mysql, wild, NULL); else return list_tables(mysql, wild, NULL); } } if (wild) printf(""Wildcard: %s\n"",wild); header=""Databases""; length=(uint) strlen(header); field=mysql_fetch_field(result); if (length < field->max_length) length=field->max_length; if (!opt_verbose) print_header(header,length,NullS); else if (opt_verbose == 1) print_header(header,length,""Tables"",6,NullS); else print_header(header,length,""Tables"",6,""Total Rows"",12,NullS); while (row || (row= mysql_fetch_row(result))) { counter++; if (opt_verbose) { if (!(mysql_select_db(mysql,row[0]))) { MYSQL_RES *tresult = mysql_list_tables(mysql,(char*)NULL); if (mysql_affected_rows(mysql) > 0) { sprintf(tables,""%6lu"",(ulong) mysql_affected_rows(mysql)); rowcount = 0; if (opt_verbose > 1) { MYSQL_ROW trow; while ((trow = mysql_fetch_row(tresult))) { sprintf(query,""SELECT COUNT(*) FROM `%s`"",trow[0]); if (!(mysql_query(mysql,query))) { MYSQL_RES *rresult; if ((rresult = mysql_store_result(mysql))) { rrow = mysql_fetch_row(rresult); rowcount += (ulong) strtoull(rrow[0], (char**) 0, 10); mysql_free_result(rresult); } } } sprintf(rows,""%12lu"",rowcount); } } else { sprintf(tables,""%6d"",0); sprintf(rows,""%12d"",0); } mysql_free_result(tresult); } else { strmov(tables,""N/A""); strmov(rows,""N/A""); } } if (!opt_verbose) print_row(row[0],length,0); else if (opt_verbose == 1) print_row(row[0],length,tables,6,NullS); else print_row(row[0],length,tables,6,rows,12,NullS); row= NULL; } print_trailer(length, (opt_verbose > 0 ? 6 : 0), (opt_verbose > 1 ? 12 :0), 0); if (counter && opt_verbose) printf(""%u row%s in set.\n"",counter,(counter > 1) ? ""s"" : """"); mysql_free_result(result); return 0; }",visit repo url,client/mysqlshow.c,https://github.com/mysql/mysql-server,99202597497378,1 51,CWE-763,"spnego_gss_wrap_size_limit( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32 *max_input_size) { OM_uint32 ret; ret = gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, qop_req, req_output_size, max_input_size); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,72047453957271,1 2613,[],"static int sctp_wait_for_packet(struct sock * sk, int *err, long *timeo_p) { int error; DEFINE_WAIT(wait); prepare_to_wait_exclusive(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); error = sock_error(sk); if (error) goto out; if (!skb_queue_empty(&sk->sk_receive_queue)) goto ready; if (sk->sk_shutdown & RCV_SHUTDOWN) goto out; error = -ENOTCONN; if (list_empty(&sctp_sk(sk)->ep->asocs) && !sctp_sstate(sk, LISTENING)) goto out; if (signal_pending(current)) goto interrupted; sctp_release_sock(sk); *timeo_p = schedule_timeout(*timeo_p); sctp_lock_sock(sk); ready: finish_wait(sk->sk_sleep, &wait); return 0; interrupted: error = sock_intr_errno(*timeo_p); out: finish_wait(sk->sk_sleep, &wait); *err = error; return error; }",linux-2.6,,,306194252778352613046217968583436960747,0 3954,CWE-284,"static int myrecvfrom6(int sockfd, void *buf, size_t *buflen, int flags, struct in6_addr *addr, uint32_t *ifindex) { struct sockaddr_in6 sin6; unsigned char cbuf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; struct iovec iovec; struct msghdr msghdr; struct cmsghdr *cmsghdr; ssize_t len; iovec.iov_len = *buflen; iovec.iov_base = buf; memset(&msghdr, 0, sizeof(msghdr)); msghdr.msg_name = &sin6; msghdr.msg_namelen = sizeof(sin6); msghdr.msg_iov = &iovec; msghdr.msg_iovlen = 1; msghdr.msg_control = cbuf; msghdr.msg_controllen = sizeof(cbuf); len = recvmsg(sockfd, &msghdr, flags); if (len == -1) return -errno; *buflen = len; *ifindex = sin6.sin6_scope_id; for (cmsghdr = CMSG_FIRSTHDR(&msghdr); cmsghdr; cmsghdr = CMSG_NXTHDR(&msghdr, cmsghdr)) { if (cmsghdr->cmsg_level == IPPROTO_IPV6 && cmsghdr->cmsg_type == IPV6_PKTINFO && cmsghdr->cmsg_len == CMSG_LEN(sizeof(struct in6_pktinfo))) { struct in6_pktinfo *pktinfo; pktinfo = (struct in6_pktinfo *) CMSG_DATA(cmsghdr); *ifindex = pktinfo->ipi6_ifindex; } } *addr = sin6.sin6_addr; return 0; }",visit repo url,libndp/libndp.c,https://github.com/jpirko/libndp,223515585096701,1 3657,['CWE-287'],"static struct sctp_association *sctp_association_init(struct sctp_association *asoc, const struct sctp_endpoint *ep, const struct sock *sk, sctp_scope_t scope, gfp_t gfp) { struct sctp_sock *sp; int i; sctp_paramhdr_t *p; int err; sp = sctp_sk((struct sock *)sk); memset(asoc, 0, sizeof(struct sctp_association)); asoc->ep = (struct sctp_endpoint *)ep; sctp_endpoint_hold(asoc->ep); asoc->base.sk = (struct sock *)sk; sock_hold(asoc->base.sk); asoc->base.type = SCTP_EP_TYPE_ASSOCIATION; atomic_set(&asoc->base.refcnt, 1); asoc->base.dead = 0; asoc->base.malloced = 0; sctp_bind_addr_init(&asoc->base.bind_addr, ep->base.bind_addr.port); asoc->state = SCTP_STATE_CLOSED; asoc->cookie_life.tv_sec = sp->assocparams.sasoc_cookie_life / 1000; asoc->cookie_life.tv_usec = (sp->assocparams.sasoc_cookie_life % 1000) * 1000; asoc->frag_point = 0; asoc->max_retrans = sp->assocparams.sasoc_asocmaxrxt; asoc->rto_initial = msecs_to_jiffies(sp->rtoinfo.srto_initial); asoc->rto_max = msecs_to_jiffies(sp->rtoinfo.srto_max); asoc->rto_min = msecs_to_jiffies(sp->rtoinfo.srto_min); asoc->overall_error_count = 0; asoc->hbinterval = msecs_to_jiffies(sp->hbinterval); asoc->pathmaxrxt = sp->pathmaxrxt; asoc->pathmtu = sp->pathmtu; asoc->sackdelay = msecs_to_jiffies(sp->sackdelay); asoc->sackfreq = sp->sackfreq; asoc->param_flags = sp->param_flags; asoc->max_burst = sp->max_burst; asoc->timeouts[SCTP_EVENT_TIMEOUT_NONE] = 0; asoc->timeouts[SCTP_EVENT_TIMEOUT_T1_COOKIE] = asoc->rto_initial; asoc->timeouts[SCTP_EVENT_TIMEOUT_T1_INIT] = asoc->rto_initial; asoc->timeouts[SCTP_EVENT_TIMEOUT_T2_SHUTDOWN] = asoc->rto_initial; asoc->timeouts[SCTP_EVENT_TIMEOUT_T3_RTX] = 0; asoc->timeouts[SCTP_EVENT_TIMEOUT_T4_RTO] = 0; asoc->timeouts[SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD] = 5 * asoc->rto_max; asoc->timeouts[SCTP_EVENT_TIMEOUT_HEARTBEAT] = 0; asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] = asoc->sackdelay; asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE] = sp->autoclose * HZ; for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i) setup_timer(&asoc->timers[i], sctp_timer_events[i], (unsigned long)asoc); asoc->c.sinit_max_instreams = sp->initmsg.sinit_max_instreams; asoc->c.sinit_num_ostreams = sp->initmsg.sinit_num_ostreams; asoc->max_init_attempts = sp->initmsg.sinit_max_attempts; asoc->max_init_timeo = msecs_to_jiffies(sp->initmsg.sinit_max_init_timeo); asoc->ssnmap = NULL; if ((sk->sk_rcvbuf/2) < SCTP_DEFAULT_MINWINDOW) asoc->rwnd = SCTP_DEFAULT_MINWINDOW; else asoc->rwnd = sk->sk_rcvbuf/2; asoc->a_rwnd = asoc->rwnd; asoc->rwnd_over = 0; asoc->peer.rwnd = SCTP_DEFAULT_MAXWINDOW; asoc->sndbuf_used = 0; atomic_set(&asoc->rmem_alloc, 0); init_waitqueue_head(&asoc->wait); asoc->c.my_vtag = sctp_generate_tag(ep); asoc->peer.i.init_tag = 0; asoc->c.peer_vtag = 0; asoc->c.my_ttag = 0; asoc->c.peer_ttag = 0; asoc->c.my_port = ep->base.bind_addr.port; asoc->c.initial_tsn = sctp_generate_tsn(ep); asoc->next_tsn = asoc->c.initial_tsn; asoc->ctsn_ack_point = asoc->next_tsn - 1; asoc->adv_peer_ack_point = asoc->ctsn_ack_point; asoc->highest_sacked = asoc->ctsn_ack_point; asoc->last_cwr_tsn = asoc->ctsn_ack_point; asoc->unack_data = 0; asoc->addip_serial = asoc->c.initial_tsn; INIT_LIST_HEAD(&asoc->addip_chunk_list); INIT_LIST_HEAD(&asoc->asconf_ack_list); INIT_LIST_HEAD(&asoc->peer.transport_addr_list); asoc->peer.transport_count = 0; asoc->peer.sack_needed = 1; asoc->peer.sack_cnt = 0; asoc->peer.asconf_capable = 0; if (sctp_addip_noauth) asoc->peer.asconf_capable = 1; sctp_inq_init(&asoc->base.inqueue); sctp_inq_set_th_handler(&asoc->base.inqueue, sctp_assoc_bh_rcv); sctp_outq_init(asoc, &asoc->outqueue); if (!sctp_ulpq_init(&asoc->ulpq, asoc)) goto fail_init; sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 0); asoc->need_ecne = 0; asoc->assoc_id = 0; asoc->peer.ipv4_address = 1; asoc->peer.ipv6_address = 1; INIT_LIST_HEAD(&asoc->asocs); asoc->autoclose = sp->autoclose; asoc->default_stream = sp->default_stream; asoc->default_ppid = sp->default_ppid; asoc->default_flags = sp->default_flags; asoc->default_context = sp->default_context; asoc->default_timetolive = sp->default_timetolive; asoc->default_rcv_context = sp->default_rcv_context; INIT_LIST_HEAD(&asoc->endpoint_shared_keys); err = sctp_auth_asoc_copy_shkeys(ep, asoc, gfp); if (err) goto fail_init; asoc->active_key_id = ep->active_key_id; asoc->asoc_shared_key = NULL; asoc->default_hmac_id = 0; if (ep->auth_hmacs_list) memcpy(asoc->c.auth_hmacs, ep->auth_hmacs_list, ntohs(ep->auth_hmacs_list->param_hdr.length)); if (ep->auth_chunk_list) memcpy(asoc->c.auth_chunks, ep->auth_chunk_list, ntohs(ep->auth_chunk_list->param_hdr.length)); p = (sctp_paramhdr_t *)asoc->c.auth_random; p->type = SCTP_PARAM_RANDOM; p->length = htons(sizeof(sctp_paramhdr_t) + SCTP_AUTH_RANDOM_LENGTH); get_random_bytes(p+1, SCTP_AUTH_RANDOM_LENGTH); return asoc; fail_init: sctp_endpoint_put(asoc->ep); sock_put(asoc->base.sk); return NULL; }",linux-2.6,,,11110041500498433946890718368245161025,0 5172,CWE-787,"void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code, const char* i_csc_file_in, unsigned int** o_row_idx, unsigned int** o_column_idx, double** o_values, unsigned int* o_row_count, unsigned int* o_column_count, unsigned int* o_element_count ) { FILE *l_csc_file_handle; const unsigned int l_line_length = 512; char l_line[512 +1]; unsigned int l_header_read = 0; unsigned int* l_column_idx_id = NULL; unsigned int l_i = 0; l_csc_file_handle = fopen( i_csc_file_in, ""r"" ); if ( l_csc_file_handle == NULL ) { LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_INPUT ); return; } while (fgets(l_line, l_line_length, l_csc_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; fclose( l_csc_file_handle ); LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_LEN ); return; } if ( l_line[0] == '%' ) { continue; } else { if ( l_header_read == 0 ) { if ( sscanf(l_line, ""%u %u %u"", o_row_count, o_column_count, o_element_count) == 3 ) { *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * ((size_t)(*o_column_count) + 1)); *o_values = (double*) malloc(sizeof(double) * (*o_element_count)); l_column_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_column_count)); if ( ( *o_row_idx == NULL ) || ( *o_column_idx == NULL ) || ( *o_values == NULL ) || ( l_column_idx_id == NULL ) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; fclose(l_csc_file_handle); LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_ALLOC_DATA ); return; } memset(*o_row_idx, 0, sizeof(unsigned int) * (*o_element_count)); memset(*o_column_idx, 0, sizeof(unsigned int) * ((size_t)(*o_column_count) + 1)); memset(*o_values, 0, sizeof(double) * (*o_element_count)); memset(l_column_idx_id, 0, sizeof(unsigned int) * (*o_column_count)); for (l_i = 0; l_i <= *o_column_count; ++l_i) { (*o_column_idx)[l_i] = *o_element_count; } (*o_column_idx)[0] = 0; l_i = 0; l_header_read = 1; } else { LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_DESC ); fclose( l_csc_file_handle ); return; } } else { unsigned int l_row = 0, l_column = 0; double l_value = 0; if ( sscanf(l_line, ""%u %u %lf"", &l_row, &l_column, &l_value) != 3 ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; fclose(l_csc_file_handle); LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_ELEMS ); return; } l_row--; l_column--; (*o_row_idx)[l_i] = l_row; (*o_values)[l_i] = l_value; l_i++; l_column_idx_id[l_column] = 1; (*o_column_idx)[l_column+1] = l_i; } } } fclose( l_csc_file_handle ); if ( l_i != (*o_element_count) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_LEN ); return; } if ( l_column_idx_id != NULL ) { for ( l_i = 0; l_i < (*o_column_count); l_i++) { if ( l_column_idx_id[l_i] == 0 ) { (*o_column_idx)[l_i+1] = (*o_column_idx)[l_i]; } } free( l_column_idx_id ); } }",visit repo url,src/generator_spgemm_csc_reader.c,https://github.com/hfp/libxsmm,44364376158328,1 896,CWE-20,"static int vmci_transport_dgram_dequeue(struct kiocb *kiocb, struct vsock_sock *vsk, struct msghdr *msg, size_t len, int flags) { int err; int noblock; struct vmci_datagram *dg; size_t payload_len; struct sk_buff *skb; noblock = flags & MSG_DONTWAIT; if (flags & MSG_OOB || flags & MSG_ERRQUEUE) return -EOPNOTSUPP; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); if (err) return err; if (!skb) return -EAGAIN; dg = (struct vmci_datagram *)skb->data; if (!dg) goto out; payload_len = dg->payload_size; if (payload_len != skb->len - sizeof(*dg)) { err = -EINVAL; goto out; } if (payload_len > len) { payload_len = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, sizeof(*dg), msg->msg_iov, payload_len); if (err) goto out; if (msg->msg_name) { struct sockaddr_vm *vm_addr; vm_addr = (struct sockaddr_vm *)msg->msg_name; vsock_addr_init(vm_addr, dg->src.context, dg->src.resource); msg->msg_namelen = sizeof(*vm_addr); } err = payload_len; out: skb_free_datagram(&vsk->sk, skb); return err; }",visit repo url,net/vmw_vsock/vmci_transport.c,https://github.com/torvalds/linux,147465821146213,1 6344,CWE-77,"void msetGenericCommand(client *c, int nx) { int j; int setkey_flags = 0; if ((c->argc % 2) == 0) { addReplyErrorArity(c); return; } if (nx) { for (j = 1; j < c->argc; j += 2) { if (lookupKeyWrite(c->db,c->argv[j]) != NULL) { addReply(c, shared.czero); return; } } setkey_flags |= SETKEY_DOESNT_EXIST; } for (j = 1; j < c->argc; j += 2) { c->argv[j+1] = tryObjectEncoding(c->argv[j+1]); setKey(c, c->db, c->argv[j], c->argv[j + 1], setkey_flags); notifyKeyspaceEvent(NOTIFY_STRING,""set"",c->argv[j],c->db->id); } server.dirty += (c->argc-1)/2; addReply(c, nx ? shared.cone : shared.ok); }",visit repo url,src/t_string.c,https://github.com/redis/redis,30945752321730,1 961,CWE-264,"static inline int check_sticky(struct inode *dir, struct inode *inode) { kuid_t fsuid = current_fsuid(); if (!(dir->i_mode & S_ISVTX)) return 0; if (uid_eq(inode->i_uid, fsuid)) return 0; if (uid_eq(dir->i_uid, fsuid)) return 0; return !inode_capable(inode, CAP_FOWNER); }",visit repo url,fs/namei.c,https://github.com/torvalds/linux,161866971971554,1 5703,['CWE-200'],"static inline u16 llc_ui_next_link_no(int sap) { return llc_ui_sap_link_no_max[sap]++; }",linux-2.6,,,90126988305318992700647005278542103273,0 3066,['CWE-189'],"static int jas_cmshapmatlut_set(jas_cmshapmatlut_t *lut, jas_icccurv_t *curv) { jas_cmreal_t gamma; int i; gamma = 0; jas_cmshapmatlut_cleanup(lut); if (curv->numents == 0) { lut->size = 2; if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) goto error; lut->data[0] = 0.0; lut->data[1] = 1.0; } else if (curv->numents == 1) { lut->size = 256; if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) goto error; gamma = curv->ents[0] / 256.0; for (i = 0; i < lut->size; ++i) { lut->data[i] = gammafn(i / (double) (lut->size - 1), gamma); } } else { lut->size = curv->numents; if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) goto error; for (i = 0; i < lut->size; ++i) { lut->data[i] = curv->ents[i] / 65535.0; } } return 0; error: return -1; }",jasper,,,32412921625677002156810217062981991206,0 4835,CWE-415,"int sc_file_set_sec_attr(sc_file_t *file, const u8 *sec_attr, size_t sec_attr_len) { u8 *tmp; if (!sc_file_valid(file)) { return SC_ERROR_INVALID_ARGUMENTS; } if (sec_attr == NULL) { if (file->sec_attr != NULL) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return 0; } tmp = (u8 *) realloc(file->sec_attr, sec_attr_len); if (!tmp) { if (file->sec_attr) free(file->sec_attr); file->sec_attr = NULL; file->sec_attr_len = 0; return SC_ERROR_OUT_OF_MEMORY; } file->sec_attr = tmp; memcpy(file->sec_attr, sec_attr, sec_attr_len); file->sec_attr_len = sec_attr_len; return 0; }",visit repo url,src/libopensc/sc.c,https://github.com/OpenSC/OpenSC,171861329616562,1 5310,['CWE-119'],"static int tun_net_xmit(struct sk_buff *skb, struct net_device *dev) { struct tun_struct *tun = netdev_priv(dev); DBG(KERN_INFO ""%s: tun_net_xmit %d\n"", tun->dev->name, skb->len); if (!tun->tfile) goto drop; if (!check_filter(&tun->txflt, skb)) goto drop; if (skb_queue_len(&tun->readq) >= dev->tx_queue_len) { if (!(tun->flags & TUN_ONE_QUEUE)) { netif_stop_queue(dev); dev->stats.tx_fifo_errors++; } else { goto drop; } } skb_queue_tail(&tun->readq, skb); dev->trans_start = jiffies; if (tun->flags & TUN_FASYNC) kill_fasync(&tun->fasync, SIGIO, POLL_IN); wake_up_interruptible(&tun->socket.wait); return 0; drop: dev->stats.tx_dropped++; kfree_skb(skb); return 0; }",linux-2.6,,,84083214357208855675595058047923956883,0 3157,['CWE-189'],"static void jp2_dec_destroy(jp2_dec_t *dec) { if (dec->ihdr) { jp2_box_destroy(dec->ihdr); } if (dec->bpcc) { jp2_box_destroy(dec->bpcc); } if (dec->cdef) { jp2_box_destroy(dec->cdef); } if (dec->pclr) { jp2_box_destroy(dec->pclr); } if (dec->image) { jas_image_destroy(dec->image); } if (dec->cmap) { jp2_box_destroy(dec->cmap); } if (dec->colr) { jp2_box_destroy(dec->colr); } if (dec->chantocmptlut) { jas_free(dec->chantocmptlut); } jas_free(dec); }",jasper,,,54199230798052159389026506810413943589,0 6664,CWE-120,"static int pkey_gost2018_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, const unsigned char *key, size_t key_len) { PSKeyTransport_gost *pst = NULL; EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx); struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); int pkey_nid = EVP_PKEY_base_id(pubk); unsigned char expkeys[64]; EVP_PKEY *sec_key = NULL; int ret = 0; int mac_nid = NID_undef; size_t mac_len = 0; int exp_len = 0, iv_len = 0; unsigned char *exp_buf = NULL; int key_is_ephemeral = 0; switch (data->cipher_nid) { case NID_magma_ctr: mac_nid = NID_magma_mac; mac_len = 8; iv_len = 4; break; case NID_grasshopper_ctr: mac_nid = NID_grasshopper_mac; mac_len = 16; iv_len = 8; break; default: GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_INVALID_CIPHER); return -1; break; } exp_len = key_len + mac_len; exp_buf = OPENSSL_malloc(exp_len); if (!exp_buf) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE); return -1; } sec_key = EVP_PKEY_CTX_get0_peerkey(pctx); if (!sec_key) { sec_key = EVP_PKEY_new(); if (sec_key == NULL) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE ); goto err; } if (!EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new()) || !EVP_PKEY_copy_parameters(sec_key, pubk) || !gost_ec_keygen(EVP_PKEY_get0(sec_key))) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_ERROR_COMPUTING_SHARED_KEY); goto err; } key_is_ephemeral = 1; } if (data->shared_ukm_size == 0) { if (RAND_bytes(data->shared_ukm, 32) <= 0) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_INTERNAL_ERROR); goto err; } data->shared_ukm_size = 32; } if (gost_keg(data->shared_ukm, pkey_nid, EC_KEY_get0_public_key(EVP_PKEY_get0(pubk)), EVP_PKEY_get0(sec_key), expkeys) <= 0) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_ERROR_COMPUTING_EXPORT_KEYS); goto err; } if (gost_kexp15(key, key_len, data->cipher_nid, expkeys + 32, mac_nid, expkeys + 0, data->shared_ukm + 24, iv_len, exp_buf, &exp_len) <= 0) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_CANNOT_PACK_EPHEMERAL_KEY); goto err; } pst = PSKeyTransport_gost_new(); if (!pst) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } pst->ukm = ASN1_OCTET_STRING_new(); if (pst->ukm == NULL) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } if (!ASN1_OCTET_STRING_set(pst->ukm, data->shared_ukm, data->shared_ukm_size)) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } if (!ASN1_OCTET_STRING_set(pst->psexp, exp_buf, exp_len)) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } if (!X509_PUBKEY_set(&pst->ephem_key, out ? sec_key : pubk)) { GOSTerr(GOST_F_PKEY_GOST2018_ENCRYPT, GOST_R_CANNOT_PACK_EPHEMERAL_KEY); goto err; } if ((*out_len = i2d_PSKeyTransport_gost(pst, out ? &out : NULL)) > 0) ret = 1; err: OPENSSL_cleanse(expkeys, sizeof(expkeys)); if (key_is_ephemeral) EVP_PKEY_free(sec_key); PSKeyTransport_gost_free(pst); OPENSSL_free(exp_buf); return ret; }",visit repo url,gost_ec_keyx.c,https://github.com/gost-engine/engine,54686309236368,1 2040,CWE-416,"static void lo_release(struct gendisk *disk, fmode_t mode) { struct loop_device *lo = disk->private_data; int err; if (atomic_dec_return(&lo->lo_refcnt)) return; mutex_lock(&lo->lo_ctl_mutex); if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) { err = loop_clr_fd(lo); if (!err) return; } else if (lo->lo_state == Lo_bound) { blk_mq_freeze_queue(lo->lo_queue); blk_mq_unfreeze_queue(lo->lo_queue); } mutex_unlock(&lo->lo_ctl_mutex); }",visit repo url,drivers/block/loop.c,https://github.com/torvalds/linux,258271830327474,1 4471,CWE-476,"h2v2_merged_upsample_565D_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf, JDIMENSION in_row_group_ctr, JSAMPARRAY output_buf) { my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; register int y, cred, cgreen, cblue; int cb, cr; register JSAMPROW outptr0, outptr1; JSAMPROW inptr00, inptr01, inptr1, inptr2; JDIMENSION col; register JSAMPLE *range_limit = cinfo->sample_range_limit; int *Crrtab = upsample->Cr_r_tab; int *Cbbtab = upsample->Cb_b_tab; JLONG *Crgtab = upsample->Cr_g_tab; JLONG *Cbgtab = upsample->Cb_g_tab; JLONG d0 = dither_matrix[cinfo->output_scanline & DITHER_MASK]; JLONG d1 = dither_matrix[(cinfo->output_scanline + 1) & DITHER_MASK]; unsigned int r, g, b; JLONG rgb; SHIFT_TEMPS inptr00 = input_buf[0][in_row_group_ctr * 2]; inptr01 = input_buf[0][in_row_group_ctr * 2 + 1]; inptr1 = input_buf[1][in_row_group_ctr]; inptr2 = input_buf[2][in_row_group_ctr]; outptr0 = output_buf[0]; outptr1 = output_buf[1]; for (col = cinfo->output_width >> 1; col > 0; col--) { cb = GETJSAMPLE(*inptr1++); cr = GETJSAMPLE(*inptr2++); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr00++); r = range_limit[DITHER_565_R(y + cred, d0)]; g = range_limit[DITHER_565_G(y + cgreen, d0)]; b = range_limit[DITHER_565_B(y + cblue, d0)]; d0 = DITHER_ROTATE(d0); rgb = PACK_SHORT_565(r, g, b); y = GETJSAMPLE(*inptr00++); r = range_limit[DITHER_565_R(y + cred, d0)]; g = range_limit[DITHER_565_G(y + cgreen, d0)]; b = range_limit[DITHER_565_B(y + cblue, d0)]; d0 = DITHER_ROTATE(d0); rgb = PACK_TWO_PIXELS(rgb, PACK_SHORT_565(r, g, b)); WRITE_TWO_PIXELS(outptr0, rgb); outptr0 += 4; y = GETJSAMPLE(*inptr01++); r = range_limit[DITHER_565_R(y + cred, d1)]; g = range_limit[DITHER_565_G(y + cgreen, d1)]; b = range_limit[DITHER_565_B(y + cblue, d1)]; d1 = DITHER_ROTATE(d1); rgb = PACK_SHORT_565(r, g, b); y = GETJSAMPLE(*inptr01++); r = range_limit[DITHER_565_R(y + cred, d1)]; g = range_limit[DITHER_565_G(y + cgreen, d1)]; b = range_limit[DITHER_565_B(y + cblue, d1)]; d1 = DITHER_ROTATE(d1); rgb = PACK_TWO_PIXELS(rgb, PACK_SHORT_565(r, g, b)); WRITE_TWO_PIXELS(outptr1, rgb); outptr1 += 4; } if (cinfo->output_width & 1) { cb = GETJSAMPLE(*inptr1); cr = GETJSAMPLE(*inptr2); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr00); r = range_limit[DITHER_565_R(y + cred, d0)]; g = range_limit[DITHER_565_G(y + cgreen, d0)]; b = range_limit[DITHER_565_B(y + cblue, d0)]; rgb = PACK_SHORT_565(r, g, b); *(INT16 *)outptr0 = (INT16)rgb; y = GETJSAMPLE(*inptr01); r = range_limit[DITHER_565_R(y + cred, d1)]; g = range_limit[DITHER_565_G(y + cgreen, d1)]; b = range_limit[DITHER_565_B(y + cblue, d1)]; rgb = PACK_SHORT_565(r, g, b); *(INT16 *)outptr1 = (INT16)rgb; } }",visit repo url,jdmrg565.c,https://github.com/libjpeg-turbo/libjpeg-turbo,137945270505373,1 898,CWE-20,"static int vmci_transport_dgram_dequeue(struct kiocb *kiocb, struct vsock_sock *vsk, struct msghdr *msg, size_t len, int flags) { int err; int noblock; struct vmci_datagram *dg; size_t payload_len; struct sk_buff *skb; noblock = flags & MSG_DONTWAIT; if (flags & MSG_OOB || flags & MSG_ERRQUEUE) return -EOPNOTSUPP; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); if (err) return err; if (!skb) return -EAGAIN; dg = (struct vmci_datagram *)skb->data; if (!dg) goto out; payload_len = dg->payload_size; if (payload_len != skb->len - sizeof(*dg)) { err = -EINVAL; goto out; } if (payload_len > len) { payload_len = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, sizeof(*dg), msg->msg_iov, payload_len); if (err) goto out; if (msg->msg_name) { struct sockaddr_vm *vm_addr; vm_addr = (struct sockaddr_vm *)msg->msg_name; vsock_addr_init(vm_addr, dg->src.context, dg->src.resource); msg->msg_namelen = sizeof(*vm_addr); } err = payload_len; out: skb_free_datagram(&vsk->sk, skb); return err; }",visit repo url,net/vmw_vsock/vmci_transport.c,https://github.com/torvalds/linux,147465821146213,1 6601,['CWE-200'],"static void finalize (GObject *object) { NMApplet *applet = NM_APPLET (object); nm_gconf_set_pre_keyring_callback (NULL, NULL); if (applet->update_timestamps_id) g_source_remove (applet->update_timestamps_id); g_slice_free (NMADeviceClass, applet->wired_class); g_slice_free (NMADeviceClass, applet->wifi_class); g_slice_free (NMADeviceClass, applet->gsm_class); if (applet->update_icon_id) g_source_remove (applet->update_icon_id); nma_menu_clear (applet); nma_icons_free (applet); g_free (applet->tip); if (applet->notification) { notify_notification_close (applet->notification, NULL); g_object_unref (applet->notification); } g_free (applet->glade_file); if (applet->info_dialog_xml) g_object_unref (applet->info_dialog_xml); if (applet->gconf_client) g_object_unref (applet->gconf_client); if (applet->encryption_size_group) g_object_unref (applet->encryption_size_group); if (applet->status_icon) g_object_unref (applet->status_icon); if (applet->nm_client) g_object_unref (applet->nm_client); if (applet->gconf_settings) { g_object_unref (applet->gconf_settings); applet->gconf_settings = NULL; } if (applet->dbus_settings) { g_object_unref (applet->dbus_settings); applet->dbus_settings = NULL; } G_OBJECT_CLASS (nma_parent_class)->finalize (object); }",network-manager-applet,,,118454566468426782871755684820309821815,0 3135,NVD-CWE-Other,"static int read_request_line(request_rec *r, apr_bucket_brigade *bb) { const char *ll; const char *uri; const char *pro; unsigned int major = 1, minor = 0; char http[5]; apr_size_t len; int num_blank_lines = 0; int max_blank_lines = r->server->limit_req_fields; core_server_config *conf = ap_get_core_module_config(r->server->module_config); int strict = conf->http_conformance & AP_HTTP_CONFORMANCE_STRICT; int enforce_strict = !(conf->http_conformance & AP_HTTP_CONFORMANCE_LOGONLY); if (max_blank_lines <= 0) { max_blank_lines = DEFAULT_LIMIT_REQUEST_FIELDS; } do { apr_status_t rv; r->the_request = NULL; rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2), &len, r, 0, bb); if (rv != APR_SUCCESS) { r->request_time = apr_time_now(); if (APR_STATUS_IS_ENOSPC(rv)) { r->status = HTTP_REQUEST_URI_TOO_LARGE; r->proto_num = HTTP_VERSION(1,0); r->protocol = apr_pstrdup(r->pool, ""HTTP/1.0""); } else if (APR_STATUS_IS_TIMEUP(rv)) { r->status = HTTP_REQUEST_TIME_OUT; } else if (APR_STATUS_IS_EINVAL(rv)) { r->status = HTTP_BAD_REQUEST; } return 0; } } while ((len <= 0) && (++num_blank_lines < max_blank_lines)); if (APLOGrtrace5(r)) { ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, ""Request received from client: %s"", ap_escape_logitem(r->pool, r->the_request)); } r->request_time = apr_time_now(); ll = r->the_request; r->method = ap_getword_white(r->pool, &ll); uri = ap_getword_white(r->pool, &ll); r->method_number = ap_method_number_of(r->method); if (r->method_number == M_GET && r->method[0] == 'H') { r->header_only = 1; } ap_parse_uri(r, uri); if (ll[0]) { r->assbackwards = 0; pro = ll; len = strlen(ll); } else { r->assbackwards = 1; pro = ""HTTP/0.9""; len = 8; if (conf->http09_enable == AP_HTTP09_DISABLE) { r->status = HTTP_VERSION_NOT_SUPPORTED; r->protocol = apr_pstrmemdup(r->pool, pro, len); r->assbackwards = 0; r->proto_num = HTTP_VERSION(0, 9); r->connection->keepalive = AP_CONN_CLOSE; ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02401) ""HTTP/0.9 denied by server configuration""); return 0; } } r->protocol = apr_pstrmemdup(r->pool, pro, len); if (len == 8 && pro[0] == 'H' && pro[1] == 'T' && pro[2] == 'T' && pro[3] == 'P' && pro[4] == '/' && apr_isdigit(pro[5]) && pro[6] == '.' && apr_isdigit(pro[7])) { r->proto_num = HTTP_VERSION(pro[5] - '0', pro[7] - '0'); } else { if (strict) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02418) ""Invalid protocol '%s'"", r->protocol); if (enforce_strict) { r->status = HTTP_BAD_REQUEST; return 0; } } if (3 == sscanf(r->protocol, ""%4s/%u.%u"", http, &major, &minor) && (strcasecmp(""http"", http) == 0) && (minor < HTTP_VERSION(1, 0)) ) { r->proto_num = HTTP_VERSION(major, minor); } else { r->proto_num = HTTP_VERSION(1, 0); } } if (strict) { int err = 0; if (ap_has_cntrl(r->the_request)) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02420) ""Request line must not contain control characters""); err = HTTP_BAD_REQUEST; } if (r->parsed_uri.fragment) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02421) ""URI must not contain a fragment""); err = HTTP_BAD_REQUEST; } else if (r->parsed_uri.user || r->parsed_uri.password) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02422) ""URI must not contain a username/password""); err = HTTP_BAD_REQUEST; } else if (r->method_number == M_INVALID) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02423) ""Invalid HTTP method string: %s"", r->method); err = HTTP_NOT_IMPLEMENTED; } else if (r->assbackwards == 0 && r->proto_num < HTTP_VERSION(1, 0)) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02424) ""HTTP/0.x does not take a protocol""); err = HTTP_BAD_REQUEST; } if (err && enforce_strict) { r->status = err; return 0; } } return 1; }",visit repo url,server/protocol.c,https://github.com/apache/httpd,189453230117772,1 6647,['CWE-200'],"status_icon_screen_changed_cb (GtkStatusIcon *icon, GParamSpec *pspec, NMApplet *applet) { nma_icons_init (applet); nma_icon_theme_changed (NULL, applet); }",network-manager-applet,,,304764416407377217573307663396067258167,0 233,[],"static long fat_compat_dir_ioctl(struct file *filp, unsigned cmd, unsigned long arg) { struct inode *inode = filp->f_path.dentry->d_inode; struct compat_dirent __user *d1 = compat_ptr(arg); int short_only, both; switch (cmd) { case VFAT_IOCTL_READDIR_SHORT32: short_only = 1; both = 0; break; case VFAT_IOCTL_READDIR_BOTH32: short_only = 0; both = 1; break; default: return -ENOIOCTLCMD; } if (!access_ok(VERIFY_WRITE, d1, sizeof(struct compat_dirent[2]))) return -EFAULT; if (put_user(0, &d1->d_reclen)) return -EFAULT; return fat_ioctl_readdir(inode, filp, d1, fat_compat_ioctl_filldir, short_only, both); }",linux-2.6,,,187178611900147566838205434133401267519,0 1257,[],"m4_defn (struct obstack *obs, int argc, token_data **argv) { symbol *s; builtin_func *b; int i; if (bad_argc (argv[0], argc, 2, -1)) return; for (i = 1; i < argc; i++) { s = lookup_symbol (ARG (i), SYMBOL_LOOKUP); if (s == NULL) continue; switch (SYMBOL_TYPE (s)) { case TOKEN_TEXT: obstack_grow (obs, lquote.string, lquote.length); obstack_grow (obs, SYMBOL_TEXT (s), strlen (SYMBOL_TEXT (s))); obstack_grow (obs, rquote.string, rquote.length); break; case TOKEN_FUNC: b = SYMBOL_FUNC (s); if (b == m4_placeholder) M4ERROR ((warning_status, 0, ""\ builtin `%s' requested by frozen file is not supported"", ARG (i))); else if (argc != 2) M4ERROR ((warning_status, 0, ""Warning: cannot concatenate builtin `%s'"", ARG (i))); else push_macro (b); break; default: M4ERROR ((warning_status, 0, ""INTERNAL ERROR: bad symbol type in m4_defn ()"")); abort (); } } }",m4,,,112590144727509555391778835649309013469,0 5656,['CWE-476'],"static inline int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2) { struct inet_sock *inet1 = inet_sk(sk1), *inet2 = inet_sk(sk2); return ( !ipv6_only_sock(sk2) && (!inet1->rcv_saddr || !inet2->rcv_saddr || inet1->rcv_saddr == inet2->rcv_saddr )); }",linux-2.6,,,334209784391560356295079299856579056153,0 3144,['CWE-189'],"static int jas_image_growcmpts(jas_image_t *image, int maxcmpts) { jas_image_cmpt_t **newcmpts; int cmptno; newcmpts = (!image->cmpts_) ? jas_alloc2(maxcmpts, sizeof(jas_image_cmpt_t *)) : jas_realloc2(image->cmpts_, maxcmpts, sizeof(jas_image_cmpt_t *)); if (!newcmpts) { return -1; } image->cmpts_ = newcmpts; image->maxcmpts_ = maxcmpts; for (cmptno = image->numcmpts_; cmptno < image->maxcmpts_; ++cmptno) { image->cmpts_[cmptno] = 0; } return 0; }",jasper,,,71719544067025004830220859047797562186,0 4128,['CWE-399'],"static inline int err_block_err(int ret) { if (ret && ret != -ENOSPC && ret != -ENODATA && ret != -EAGAIN) return 1; return 0; }",linux-2.6,,,42767275930064430012736463366143734003,0 531,['CWE-399'],"static int pwc_video_close(struct inode *inode, struct file *file) { struct video_device *vdev = file->private_data; struct pwc_device *pdev; int i, hint; PWC_DEBUG_OPEN("">> video_close called(vdev = 0x%p).\n"", vdev); pdev = (struct pwc_device *)vdev->priv; if (pdev->vopen == 0) PWC_DEBUG_MODULE(""video_close() called on closed device?\n""); if (pdev->vframe_count > 20) PWC_DEBUG_MODULE(""Closing video device: %d frames received, dumped %d frames, %d frames with errors.\n"", pdev->vframe_count, pdev->vframes_dumped, pdev->vframes_error); if (DEVICE_USE_CODEC1(pdev->type)) pwc_dec1_exit(); else pwc_dec23_exit(); pwc_isoc_cleanup(pdev); pwc_free_buffers(pdev); lock_kernel(); if (!pdev->unplugged) { if (pwc_set_leds(pdev, 0, 0) < 0) PWC_DEBUG_MODULE(""Failed to set LED on/off time.\n""); if (power_save) { i = pwc_camera_power(pdev, 0); if (i < 0) PWC_ERROR(""Failed to power down camera (%d)\n"", i); } pdev->vopen--; PWC_DEBUG_OPEN(""<< video_close() vopen=%d\n"", i); } else { pwc_cleanup(pdev); kfree(pdev); for (hint = 0; hint < MAX_DEV_HINTS; hint++) if (device_hint[hint].pdev == pdev) device_hint[hint].pdev = NULL; } unlock_kernel(); return 0; }",linux-2.6,,,249011076530844078825564273010501786975,0 6457,[],"lt_dlforeachfile (const char *search_path, int (*func) (const char *filename, void *data), void *data) { int is_done = 0; file_worker_func **fpptr = &func; if (search_path) { is_done = foreach_dirinpath (search_path, 0, foreachfile_callback, fpptr, data); } else { is_done = foreach_dirinpath (user_search_path, 0, foreachfile_callback, fpptr, data); if (!is_done) { is_done = foreach_dirinpath (getenv(LTDL_SEARCHPATH_VAR), 0, foreachfile_callback, fpptr, data); } #if defined(LT_MODULE_PATH_VAR) if (!is_done) { is_done = foreach_dirinpath (getenv(LT_MODULE_PATH_VAR), 0, foreachfile_callback, fpptr, data); } #endif #if defined(LT_DLSEARCH_PATH) if (!is_done && *sys_dlsearch_path) { is_done = foreach_dirinpath (sys_dlsearch_path, 0, foreachfile_callback, fpptr, data); } #endif } return is_done; }",libtool,,,167554004511857656350879776329716751542,0 715,[],"static void jpc_crg_destroyparms(jpc_ms_t *ms) { jpc_crg_t *crg = &ms->parms.crg; if (crg->comps) { jas_free(crg->comps); } }",jasper,,,266945884030243139074717905158585320153,0 1348,['CWE-399'],"static struct ip_tunnel * ipip6_tunnel_locate(struct net *net, struct ip_tunnel_parm *parms, int create) { __be32 remote = parms->iph.daddr; __be32 local = parms->iph.saddr; struct ip_tunnel *t, **tp, *nt; struct net_device *dev; char name[IFNAMSIZ]; struct sit_net *sitn = net_generic(net, sit_net_id); for (tp = __ipip6_bucket(sitn, parms); (t = *tp) != NULL; tp = &t->next) { if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) return t; } if (!create) goto failed; if (parms->name[0]) strlcpy(name, parms->name, IFNAMSIZ); else sprintf(name, ""sit%%d""); dev = alloc_netdev(sizeof(*t), name, ipip6_tunnel_setup); if (dev == NULL) return NULL; dev_net_set(dev, net); if (strchr(name, '%')) { if (dev_alloc_name(dev, name) < 0) goto failed_free; } nt = netdev_priv(dev); dev->init = ipip6_tunnel_init; nt->parms = *parms; if (parms->i_flags & SIT_ISATAP) dev->priv_flags |= IFF_ISATAP; if (register_netdevice(dev) < 0) goto failed_free; dev_hold(dev); ipip6_tunnel_link(sitn, nt); return nt; failed_free: free_netdev(dev); failed: return NULL; }",linux-2.6,,,174779837853005318682536005856333279858,0 5935,['CWE-909'],"void qdisc_class_hash_grow(struct Qdisc *sch, struct Qdisc_class_hash *clhash) { struct Qdisc_class_common *cl; struct hlist_node *n, *next; struct hlist_head *nhash, *ohash; unsigned int nsize, nmask, osize; unsigned int i, h; if (clhash->hashelems * 4 <= clhash->hashsize * 3) return; nsize = clhash->hashsize * 2; nmask = nsize - 1; nhash = qdisc_class_hash_alloc(nsize); if (nhash == NULL) return; ohash = clhash->hash; osize = clhash->hashsize; sch_tree_lock(sch); for (i = 0; i < osize; i++) { hlist_for_each_entry_safe(cl, n, next, &ohash[i], hnode) { h = qdisc_class_hash(cl->classid, nmask); hlist_add_head(&cl->hnode, &nhash[h]); } } clhash->hash = nhash; clhash->hashsize = nsize; clhash->hashmask = nmask; sch_tree_unlock(sch); qdisc_class_hash_free(ohash, osize); }",linux-2.6,,,220277970857730198863208100761479961789,0 3289,CWE-787,"smb_fdata1(netdissect_options *ndo, const u_char *buf, const char *fmt, const u_char *maxbuf, int unicodestr) { int reverse = 0; const char *attrib_fmt = ""READONLY|HIDDEN|SYSTEM|VOLUME|DIR|ARCHIVE|""; char strbuf[MAX_UNISTR_SIZE+1]; while (*fmt && buf sizeof(bitfmt) - 1) l = sizeof(bitfmt)-1; strncpy(bitfmt, fmt, l); bitfmt[l] = '\0'; fmt = p + 1; write_bits(ndo, GET_U_1(buf), bitfmt); buf++; break; } case 'P': { int l = atoi(fmt + 1); ND_TCHECK_LEN(buf, l); buf += l; fmt++; while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'r': reverse = !reverse; fmt++; break; case 'b': { unsigned int x; x = GET_U_1(buf); ND_PRINT(""%u (0x%x)"", x, x); buf += 1; fmt++; break; } case 'd': { int x; x = reverse ? GET_BE_S_2(buf) : GET_LE_S_2(buf); ND_PRINT(""%d (0x%x)"", x, x); buf += 2; fmt++; break; } case 'D': { int x; x = reverse ? GET_BE_S_4(buf) : GET_LE_S_4(buf); ND_PRINT(""%d (0x%x)"", x, x); buf += 4; fmt++; break; } case 'L': { uint64_t x; x = reverse ? GET_BE_U_8(buf) : GET_LE_U_8(buf); ND_PRINT(""%"" PRIu64 "" (0x%"" PRIx64 "")"", x, x); buf += 8; fmt++; break; } case 'u': { unsigned int x; x = reverse ? GET_BE_U_2(buf) : GET_LE_U_2(buf); ND_PRINT(""%u (0x%x)"", x, x); buf += 2; fmt++; break; } case 'U': { unsigned int x; x = reverse ? GET_BE_U_4(buf) : GET_LE_U_4(buf); ND_PRINT(""%u (0x%x)"", x, x); buf += 4; fmt++; break; } case 'M': { uint32_t x1, x2; uint64_t x; ND_TCHECK_8(buf); x1 = reverse ? GET_BE_U_4(buf) : GET_LE_U_4(buf); x2 = reverse ? GET_BE_U_4(buf + 4) : GET_LE_U_4(buf + 4); x = (((uint64_t)x1) << 32) | x2; ND_PRINT(""%"" PRIu64 "" (0x%"" PRIx64 "")"", x, x); buf += 8; fmt++; break; } case 'B': { unsigned int x; x = GET_U_1(buf); ND_PRINT(""0x%X"", x); buf += 1; fmt++; break; } case 'w': { unsigned int x; x = reverse ? GET_BE_U_2(buf) : GET_LE_U_2(buf); ND_PRINT(""0x%X"", x); buf += 2; fmt++; break; } case 'W': { unsigned int x; x = reverse ? GET_BE_U_4(buf) : GET_LE_U_4(buf); ND_PRINT(""0x%X"", x); buf += 4; fmt++; break; } case 'l': { fmt++; switch (*fmt) { case 'b': stringlen = GET_U_1(buf); stringlen_is_set = 1; ND_PRINT(""%u"", stringlen); buf += 1; break; case 'd': case 'u': stringlen = reverse ? GET_BE_U_2(buf) : GET_LE_U_2(buf); stringlen_is_set = 1; ND_PRINT(""%u"", stringlen); buf += 2; break; case 'D': case 'U': stringlen = reverse ? GET_BE_U_4(buf) : GET_LE_U_4(buf); stringlen_is_set = 1; ND_PRINT(""%u"", stringlen); buf += 4; break; } fmt++; break; } case 'S': case 'R': { buf = unistr(ndo, &strbuf, buf, 0, 1, (*fmt == 'R') ? 0 : unicodestr); ND_PRINT(""%s"", strbuf); if (buf == NULL) goto trunc; fmt++; break; } case 'Z': case 'Y': { if (GET_U_1(buf) != 4 && GET_U_1(buf) != 2) { ND_PRINT(""Error! ASCIIZ buffer of type %u"", GET_U_1(buf)); return maxbuf; } buf = unistr(ndo, &strbuf, buf + 1, 0, 1, (*fmt == 'Y') ? 0 : unicodestr); ND_PRINT(""%s"", strbuf); if (buf == NULL) goto trunc; fmt++; break; } case 's': { int l = atoi(fmt + 1); ND_TCHECK_LEN(buf, l); ND_PRINT(""%-*.*s"", l, l, buf); buf += l; fmt++; while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'c': { if (!stringlen_is_set) { ND_PRINT(""{stringlen not set}""); goto trunc; } ND_TCHECK_LEN(buf, stringlen); ND_PRINT(""%-*.*s"", (int)stringlen, (int)stringlen, buf); buf += stringlen; fmt++; while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'C': { if (!stringlen_is_set) { ND_PRINT(""{stringlen not set}""); goto trunc; } buf = unistr(ndo, &strbuf, buf, stringlen, 0, unicodestr); ND_PRINT(""%s"", strbuf); if (buf == NULL) goto trunc; fmt++; break; } case 'h': { int l = atoi(fmt + 1); ND_TCHECK_LEN(buf, l); while (l--) { ND_PRINT(""%02x"", GET_U_1(buf)); buf++; } fmt++; while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'n': { int t = atoi(fmt+1); char nbuf[255]; int name_type; int len; switch (t) { case 1: name_type = name_extract(ndo, startbuf, ND_BYTES_BETWEEN(buf, startbuf), maxbuf, nbuf); if (name_type < 0) goto trunc; len = name_len(ndo, buf, maxbuf); if (len < 0) goto trunc; buf += len; ND_PRINT(""%-15.15s NameType=0x%02X (%s)"", nbuf, name_type, name_type_str(name_type)); break; case 2: name_type = GET_U_1(buf + 15); ND_PRINT(""%-15.15s NameType=0x%02X (%s)"", buf, name_type, name_type_str(name_type)); buf += 16; break; } fmt++; while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'T': { time_t t; struct tm *lt; const char *tstring; char buffer[sizeof(""Www Mmm dd hh:mm:ss yyyyy\n"")]; uint32_t x; switch (atoi(fmt + 1)) { case 1: x = GET_LE_U_4(buf); if (x == 0 || x == 0xFFFFFFFF) t = 0; else t = make_unix_date(ndo, buf); buf += 4; break; case 2: x = GET_LE_U_4(buf); if (x == 0 || x == 0xFFFFFFFF) t = 0; else t = make_unix_date2(ndo, buf); buf += 4; break; case 3: ND_TCHECK_8(buf); t = interpret_long_date(ndo, buf); buf += 8; break; default: t = 0; break; } if (t != 0) { lt = localtime(&t); if (lt != NULL) { strftime(buffer, sizeof(buffer), ""%a %b %e %T %Y%n"", lt); tstring = buffer; } else tstring = ""(Can't convert time)\n""; } else tstring = ""NULL\n""; ND_PRINT(""%s"", tstring); fmt++; while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } default: ND_PRINT(""%c"", *fmt); fmt++; break; } } if (buf >= maxbuf && *fmt) ND_PRINT(""END OF BUFFER\n""); return(buf); trunc: nd_print_trunc(ndo); return(NULL); }",visit repo url,smbutil.c,https://github.com/the-tcpdump-group/tcpdump,232001228630741,1 4139,CWE-119,"irc_ctcp_dcc_filename_without_quotes (const char *filename) { int length; length = strlen (filename); if (length > 0) { if ((filename[0] == '\""') && (filename[length - 1] == '\""')) return weechat_strndup (filename + 1, length - 2); } return strdup (filename); }",visit repo url,src/plugins/irc/irc-ctcp.c,https://github.com/weechat/weechat,180721379931009,1 1576,CWE-362,"static int newque(struct ipc_namespace *ns, struct ipc_params *params) { struct msg_queue *msq; int id, retval; key_t key = params->key; int msgflg = params->flg; msq = ipc_rcu_alloc(sizeof(*msq)); if (!msq) return -ENOMEM; msq->q_perm.mode = msgflg & S_IRWXUGO; msq->q_perm.key = key; msq->q_perm.security = NULL; retval = security_msg_queue_alloc(msq); if (retval) { ipc_rcu_putref(msq, ipc_rcu_free); return retval; } id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni); if (id < 0) { ipc_rcu_putref(msq, msg_rcu_free); return id; } msq->q_stime = msq->q_rtime = 0; msq->q_ctime = get_seconds(); msq->q_cbytes = msq->q_qnum = 0; msq->q_qbytes = ns->msg_ctlmnb; msq->q_lspid = msq->q_lrpid = 0; INIT_LIST_HEAD(&msq->q_messages); INIT_LIST_HEAD(&msq->q_receivers); INIT_LIST_HEAD(&msq->q_senders); ipc_unlock_object(&msq->q_perm); rcu_read_unlock(); return msq->q_perm.id; }",visit repo url,ipc/msg.c,https://github.com/torvalds/linux,266057275104891,1 1407,CWE-310,"static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_blkcipher rblkcipher; snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""blkcipher""); snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", alg->cra_blkcipher.geniv ?: """"); rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; rblkcipher.max_keysize = alg->cra_blkcipher.max_keysize; rblkcipher.ivsize = alg->cra_blkcipher.ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER, sizeof(struct crypto_report_blkcipher), &rblkcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/blkcipher.c,https://github.com/torvalds/linux,113758900849201,1 3791,[],"static int unix_seq_show(struct seq_file *seq, void *v) { if (v == (void *)1) seq_puts(seq, ""Num RefCount Protocol Flags Type St "" ""Inode Path\n""); else { struct sock *s = v; struct unix_sock *u = unix_sk(s); unix_state_lock(s); seq_printf(seq, ""%p: %08X %08X %08X %04X %02X %5lu"", s, atomic_read(&s->sk_refcnt), 0, s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0, s->sk_type, s->sk_socket ? (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTED : SS_UNCONNECTED) : (s->sk_state == TCP_ESTABLISHED ? SS_CONNECTING : SS_DISCONNECTING), sock_i_ino(s)); if (u->addr) { int i, len; seq_putc(seq, ' '); i = 0; len = u->addr->len - sizeof(short); if (!UNIX_ABSTRACT(s)) len--; else { seq_putc(seq, '@'); i++; } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); } unix_state_unlock(s); seq_putc(seq, '\n'); } return 0; }",linux-2.6,,,2774047198202883991021487866337157064,0 3694,CWE-119,"ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; char *s; struct kex *kex; int r; xxx_host = host; xxx_hostaddr = hostaddr; if ((s = kex_names_cat(options.kex_algorithms, ""ext-info-c"")) == NULL) fatal(""%s: kex_names_cat"", __func__); myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? ""zlib@openssh.com,zlib,none"" : ""none,zlib@openssh.com,zlib""; myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; if (options.hostkeyalgorithms != NULL) { if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &options.hostkeyalgorithms) != 0) fatal(""%s: kex_assemble_namelist"", __func__); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(options.hostkeyalgorithms); } else { options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( order_hostkeyalgs(host, hostaddr, port)); } if (options.rekey_limit || options.rekey_interval) packet_set_rekey_limits((u_int32_t)options.rekey_limit, (time_t)options.rekey_interval); if ((r = kex_setup(active_state, myproposal)) != 0) fatal(""kex_setup: %s"", ssh_err(r)); kex = active_state->kex; #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; kex->kex[KEX_ECDH_SHA2] = kexecdh_client; #endif kex->kex[KEX_C25519_SHA256] = kexc25519_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; kex->verify_host_key=&verify_host_key_callback; dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(options.kex_algorithms); if ((r = kex_prop2buf(kex->my, myproposal)) != 0) fatal(""kex_prop2buf: %s"", ssh_err(r)); session_id2 = kex->session_id; session_id2_len = kex->session_id_len; #ifdef DEBUG_KEXDH packet_start(SSH2_MSG_IGNORE); packet_put_cstring(""markus""); packet_send(); packet_write_wait(); #endif }",visit repo url,usr.bin/ssh/sshconnect2.c,https://github.com/openbsd/src,98395253277131,1 5790,CWE-125,"snmp_ber_encode_unsigned_integer(unsigned char *out, uint32_t *out_len, uint8_t type, uint32_t number) { uint32_t original_out_len; original_out_len = *out_len; do { (*out_len)++; *out-- = (uint8_t)(number & 0xFF); number >>= 8; } while(number); out = snmp_ber_encode_length(out, out_len, ((*out_len - original_out_len) & 0xFF)); out = snmp_ber_encode_type(out, out_len, type); return out; }",visit repo url,os/net/app-layer/snmp/snmp-ber.c,https://github.com/contiki-ng/contiki-ng,83212583027698,1 3291,CWE-787,"ts_date_hmsfrac_print(netdissect_options *ndo, long sec, long usec, enum date_flag date_flag, enum time_flag time_flag) { time_t Time = sec; struct tm *tm; char timestr[32]; if ((unsigned)sec & 0x80000000) { ND_PRINT(""[Error converting time]""); return; } if (time_flag == LOCAL_TIME) tm = localtime(&Time); else tm = gmtime(&Time); if (!tm) { ND_PRINT(""[Error converting time]""); return; } if (date_flag == WITH_DATE) strftime(timestr, sizeof(timestr), ""%Y-%m-%d %H:%M:%S"", tm); else strftime(timestr, sizeof(timestr), ""%H:%M:%S"", tm); ND_PRINT(""%s"", timestr); ts_frac_print(ndo, usec); }",visit repo url,util-print.c,https://github.com/the-tcpdump-group/tcpdump,146290306473702,1 647,[],"static int __init dccp_init(void) { unsigned long goal; int ehash_order, bhash_order, i; int rc = -ENOBUFS; dccp_hashinfo.bind_bucket_cachep = kmem_cache_create(""dccp_bind_bucket"", sizeof(struct inet_bind_bucket), 0, SLAB_HWCACHE_ALIGN, NULL, NULL); if (!dccp_hashinfo.bind_bucket_cachep) goto out; if (num_physpages >= (128 * 1024)) goal = num_physpages >> (21 - PAGE_SHIFT); else goal = num_physpages >> (23 - PAGE_SHIFT); if (thash_entries) goal = (thash_entries * sizeof(struct inet_ehash_bucket)) >> PAGE_SHIFT; for (ehash_order = 0; (1UL << ehash_order) < goal; ehash_order++) ; do { dccp_hashinfo.ehash_size = (1UL << ehash_order) * PAGE_SIZE / sizeof(struct inet_ehash_bucket); while (dccp_hashinfo.ehash_size & (dccp_hashinfo.ehash_size - 1)) dccp_hashinfo.ehash_size--; dccp_hashinfo.ehash = (struct inet_ehash_bucket *) __get_free_pages(GFP_ATOMIC, ehash_order); } while (!dccp_hashinfo.ehash && --ehash_order > 0); if (!dccp_hashinfo.ehash) { DCCP_CRIT(""Failed to allocate DCCP established hash table""); goto out_free_bind_bucket_cachep; } for (i = 0; i < dccp_hashinfo.ehash_size; i++) { rwlock_init(&dccp_hashinfo.ehash[i].lock); INIT_HLIST_HEAD(&dccp_hashinfo.ehash[i].chain); INIT_HLIST_HEAD(&dccp_hashinfo.ehash[i].twchain); } bhash_order = ehash_order; do { dccp_hashinfo.bhash_size = (1UL << bhash_order) * PAGE_SIZE / sizeof(struct inet_bind_hashbucket); if ((dccp_hashinfo.bhash_size > (64 * 1024)) && bhash_order > 0) continue; dccp_hashinfo.bhash = (struct inet_bind_hashbucket *) __get_free_pages(GFP_ATOMIC, bhash_order); } while (!dccp_hashinfo.bhash && --bhash_order >= 0); if (!dccp_hashinfo.bhash) { DCCP_CRIT(""Failed to allocate DCCP bind hash table""); goto out_free_dccp_ehash; } for (i = 0; i < dccp_hashinfo.bhash_size; i++) { spin_lock_init(&dccp_hashinfo.bhash[i].lock); INIT_HLIST_HEAD(&dccp_hashinfo.bhash[i].chain); } rc = dccp_mib_init(); if (rc) goto out_free_dccp_bhash; rc = dccp_ackvec_init(); if (rc) goto out_free_dccp_mib; rc = dccp_sysctl_init(); if (rc) goto out_ackvec_exit; out: return rc; out_ackvec_exit: dccp_ackvec_exit(); out_free_dccp_mib: dccp_mib_exit(); out_free_dccp_bhash: free_pages((unsigned long)dccp_hashinfo.bhash, bhash_order); dccp_hashinfo.bhash = NULL; out_free_dccp_ehash: free_pages((unsigned long)dccp_hashinfo.ehash, ehash_order); dccp_hashinfo.ehash = NULL; out_free_bind_bucket_cachep: kmem_cache_destroy(dccp_hashinfo.bind_bucket_cachep); dccp_hashinfo.bind_bucket_cachep = NULL; goto out; }",linux-2.6,,,234168514832233553049750658683373326892,0 5624,[],"static void collect_signal(int sig, struct sigpending *list, siginfo_t *info) { struct sigqueue *q, *first = NULL; list_for_each_entry(q, &list->list, list) { if (q->info.si_signo == sig) { if (first) goto still_pending; first = q; } } sigdelset(&list->signal, sig); if (first) { still_pending: list_del_init(&first->list); copy_siginfo(info, &first->info); __sigqueue_free(first); } else { info->si_signo = sig; info->si_errno = 0; info->si_code = 0; info->si_pid = 0; info->si_uid = 0; } }",linux-2.6,,,225934946700595505859008374386125695255,0 428,CWE-200,"SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, const void __user * __user *, pages, const int __user *, nodes, int __user *, status, int, flags) { const struct cred *cred = current_cred(), *tcred; struct task_struct *task; struct mm_struct *mm; int err; nodemask_t task_nodes; if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL)) return -EINVAL; if ((flags & MPOL_MF_MOVE_ALL) && !capable(CAP_SYS_NICE)) return -EPERM; rcu_read_lock(); task = pid ? find_task_by_vpid(pid) : current; if (!task) { rcu_read_unlock(); return -ESRCH; } get_task_struct(task); tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && !uid_eq(cred->uid, tcred->suid) && !uid_eq(cred->uid, tcred->uid) && !capable(CAP_SYS_NICE)) { rcu_read_unlock(); err = -EPERM; goto out; } rcu_read_unlock(); err = security_task_movememory(task); if (err) goto out; task_nodes = cpuset_mems_allowed(task); mm = get_task_mm(task); put_task_struct(task); if (!mm) return -EINVAL; if (nodes) err = do_pages_move(mm, task_nodes, nr_pages, pages, nodes, status, flags); else err = do_pages_stat(mm, nr_pages, pages, status); mmput(mm); return err; out: put_task_struct(task); return err; }",visit repo url,mm/migrate.c,https://github.com/torvalds/linux,249417206988685,1 5829,CWE-362,"static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) { pj_ssl_sock_t *ssock; SSL *ossl_ssl; int err; ossl_ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); pj_assert(ossl_ssl); ssock = SSL_get_ex_data(ossl_ssl, sslsock_idx); pj_assert(ssock); err = X509_STORE_CTX_get_error(x509_ctx); switch (err) { case X509_V_OK: break; case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: ssock->verify_status |= PJ_SSL_CERT_EISSUER_NOT_FOUND; break; case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: ssock->verify_status |= PJ_SSL_CERT_EINVALID_FORMAT; break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_HAS_EXPIRED: ssock->verify_status |= PJ_SSL_CERT_EVALIDITY_PERIOD; break; case X509_V_ERR_UNABLE_TO_GET_CRL: case X509_V_ERR_CRL_NOT_YET_VALID: case X509_V_ERR_CRL_HAS_EXPIRED: case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: case X509_V_ERR_CRL_SIGNATURE_FAILURE: case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: ssock->verify_status |= PJ_SSL_CERT_ECRL_FAILURE; break; case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: case X509_V_ERR_CERT_UNTRUSTED: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: ssock->verify_status |= PJ_SSL_CERT_EUNTRUSTED; break; case X509_V_ERR_CERT_SIGNATURE_FAILURE: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: case X509_V_ERR_AKID_SKID_MISMATCH: case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: ssock->verify_status |= PJ_SSL_CERT_EISSUER_MISMATCH; break; case X509_V_ERR_CERT_REVOKED: ssock->verify_status |= PJ_SSL_CERT_EREVOKED; break; case X509_V_ERR_INVALID_PURPOSE: case X509_V_ERR_CERT_REJECTED: case X509_V_ERR_INVALID_CA: ssock->verify_status |= PJ_SSL_CERT_EINVALID_PURPOSE; break; case X509_V_ERR_CERT_CHAIN_TOO_LONG: case X509_V_ERR_PATH_LENGTH_EXCEEDED: ssock->verify_status |= PJ_SSL_CERT_ECHAIN_TOO_LONG; break; case X509_V_ERR_OUT_OF_MEM: default: ssock->verify_status |= PJ_SSL_CERT_EUNKNOWN; break; } if (PJ_FALSE == ssock->param.verify_peer) preverify_ok = 1; return preverify_ok; }",visit repo url,pjlib/src/pj/ssl_sock_ossl.c,https://github.com/pjsip/pjproject,149045289664599,1 3002,CWE-399,"dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, size_t size, off_t fsize, int *flags) { Elf32_Phdr ph32; Elf64_Phdr ph64; size_t offset, len; unsigned char nbuf[BUFSIZ]; ssize_t bufsize; if (size != xph_sizeof) { if (file_printf(ms, "", corrupted program header size"") == -1) return -1; return 0; } for ( ; num; num--) { if (pread(fd, xph_addr, xph_sizeof, off) < (ssize_t)xph_sizeof) { file_badread(ms); return -1; } off += size; if (fsize != SIZE_UNKNOWN && xph_offset > fsize) { continue; } if (xph_type != PT_NOTE) continue; len = xph_filesz < sizeof(nbuf) ? xph_filesz : sizeof(nbuf); if ((bufsize = pread(fd, nbuf, len, xph_offset)) == -1) { file_badread(ms); return -1; } offset = 0; for (;;) { if (offset >= (size_t)bufsize) break; offset = donote(ms, nbuf, offset, (size_t)bufsize, clazz, swap, 4, flags); if (offset == 0) break; } } return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,4369681824088,1 2580,[],"static int external_grep(struct grep_opt *opt, const char **paths, int cached) { int i, nr, argc, hit, len, status; const char *argv[MAXARGS+1]; char randarg[ARGBUF]; char *argptr = randarg; struct grep_pat *p; if (opt->extended || (opt->relative && opt->prefix_length)) return -1; len = nr = 0; push_arg(""grep""); if (opt->fixed) push_arg(""-F""); if (opt->linenum) push_arg(""-n""); if (!opt->pathname) push_arg(""-h""); if (opt->regflags & REG_EXTENDED) push_arg(""-E""); if (opt->regflags & REG_ICASE) push_arg(""-i""); if (opt->word_regexp) push_arg(""-w""); if (opt->name_only) push_arg(""-l""); if (opt->unmatch_name_only) push_arg(""-L""); if (opt->count) push_arg(""-c""); if (opt->post_context || opt->pre_context) { if (opt->post_context != opt->pre_context) { if (opt->pre_context) { push_arg(""-B""); len += snprintf(argptr, sizeof(randarg)-len, ""%u"", opt->pre_context) + 1; if (sizeof(randarg) <= len) die(""maximum length of args exceeded""); push_arg(argptr); argptr += len; } if (opt->post_context) { push_arg(""-A""); len += snprintf(argptr, sizeof(randarg)-len, ""%u"", opt->post_context) + 1; if (sizeof(randarg) <= len) die(""maximum length of args exceeded""); push_arg(argptr); argptr += len; } } else { push_arg(""-C""); len += snprintf(argptr, sizeof(randarg)-len, ""%u"", opt->post_context) + 1; if (sizeof(randarg) <= len) die(""maximum length of args exceeded""); push_arg(argptr); argptr += len; } } for (p = opt->pattern_list; p; p = p->next) { push_arg(""-e""); push_arg(p->pattern); } hit = 0; argc = nr; for (i = 0; i < active_nr; i++) { struct cache_entry *ce = active_cache[i]; char *name; int kept; if (!S_ISREG(ce->ce_mode)) continue; if (!pathspec_matches(paths, ce->name)) continue; name = ce->name; if (name[0] == '-') { int len = ce_namelen(ce); name = xmalloc(len + 3); memcpy(name, ""./"", 2); memcpy(name + 2, ce->name, len + 1); } argv[argc++] = name; if (MAXARGS <= argc) { status = flush_grep(opt, argc, nr, argv, &kept); if (0 < status) hit = 1; argc = nr + kept; } if (ce_stage(ce)) { do { i++; } while (i < active_nr && !strcmp(ce->name, active_cache[i]->name)); i--; } } if (argc > nr) { status = flush_grep(opt, argc, nr, argv, NULL); if (0 < status) hit = 1; } return hit; }",git,,,8244171449665246138663611675969186414,0 5911,CWE-190,"static Jsi_RC jsi_ArrayShiftCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this,Jsi_Value **ret, Jsi_Func *funcPtr) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array object""); Jsi_Value *v; Jsi_Obj *obj = _this->d.obj; Jsi_ObjListifyArray(interp, obj); uint n = Jsi_ObjGetLength(interp, obj); assert(n <= obj->arrCnt); if (n<=0) { Jsi_ValueMakeUndef(interp, ret); } else { n--; v = obj->arr[0]; memmove(obj->arr, obj->arr+1, n*sizeof(Jsi_Value*)); obj->arr[n] = NULL; Jsi_ValueDup2(interp, ret, v); Jsi_DecrRefCount(interp, v); Jsi_ObjSetLength(interp, obj, n); } return JSI_OK; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,275477982919067,1 2561,CWE-119,"int CLASS parse_jpeg(int offset) { int len, save, hlen, mark; fseek(ifp, offset, SEEK_SET); if (fgetc(ifp) != 0xff || fgetc(ifp) != 0xd8) return 0; while (fgetc(ifp) == 0xff && (mark = fgetc(ifp)) != 0xda) { order = 0x4d4d; len = get2() - 2; save = ftell(ifp); if (mark == 0xc0 || mark == 0xc3 || mark == 0xc9) { fgetc(ifp); raw_height = get2(); raw_width = get2(); } order = get2(); hlen = get4(); if (get4() == 0x48454150) { #ifdef LIBRAW_LIBRARY_BUILD imgdata.lens.makernotes.CameraMount = LIBRAW_MOUNT_FixedLens; imgdata.lens.makernotes.LensMount = LIBRAW_MOUNT_FixedLens; #endif parse_ciff(save + hlen, len - hlen, 0); } if (parse_tiff(save + 6)) apply_tiff(); fseek(ifp, save + len, SEEK_SET); } return 1; }",visit repo url,internal/dcraw_common.cpp,https://github.com/LibRaw/LibRaw,7360668486923,1 4655,CWE-415,"GF_Err iloc_box_read(GF_Box *s, GF_BitStream *bs) { u32 item_count, extent_count, i, j; GF_ItemLocationBox *ptr = (GF_ItemLocationBox *)s; ISOM_DECREASE_SIZE(ptr, 2) ptr->offset_size = gf_bs_read_int(bs, 4); ptr->length_size = gf_bs_read_int(bs, 4); ptr->base_offset_size = gf_bs_read_int(bs, 4); if (ptr->version == 1 || ptr->version == 2) { ptr->index_size = gf_bs_read_int(bs, 4); } else { gf_bs_read_int(bs, 4); } if (ptr->version < 2) { ISOM_DECREASE_SIZE(ptr, 2) item_count = gf_bs_read_u16(bs); } else { ISOM_DECREASE_SIZE(ptr, 4) item_count = gf_bs_read_u32(bs); } for (i = 0; i < item_count; i++) { GF_ItemLocationEntry *location_entry = (GF_ItemLocationEntry *)gf_malloc(sizeof(GF_ItemLocationEntry)); if (!location_entry) return GF_OUT_OF_MEM; gf_list_add(ptr->location_entries, location_entry); if (ptr->version < 2) { ISOM_DECREASE_SIZE(ptr, 2) location_entry->item_ID = gf_bs_read_u16(bs); } else { ISOM_DECREASE_SIZE(ptr, 4) location_entry->item_ID = gf_bs_read_u32(bs); } if (ptr->version == 1 || ptr->version == 2) { ISOM_DECREASE_SIZE(ptr, 2) location_entry->construction_method = gf_bs_read_u16(bs); } else { location_entry->construction_method = 0; } ISOM_DECREASE_SIZE(ptr, (2 + ptr->base_offset_size) ) location_entry->data_reference_index = gf_bs_read_u16(bs); location_entry->base_offset = gf_bs_read_int(bs, 8*ptr->base_offset_size); #ifndef GPAC_DISABLE_ISOM_WRITE location_entry->original_base_offset = location_entry->base_offset; #endif ISOM_DECREASE_SIZE(ptr, 2) extent_count = gf_bs_read_u16(bs); location_entry->extent_entries = gf_list_new(); for (j = 0; j < extent_count; j++) { GF_ItemExtentEntry *extent_entry = (GF_ItemExtentEntry *)gf_malloc(sizeof(GF_ItemExtentEntry)); if (!extent_entry) return GF_OUT_OF_MEM; gf_list_add(location_entry->extent_entries, extent_entry); if ((ptr->version == 1 || ptr->version == 2) && ptr->index_size > 0) { ISOM_DECREASE_SIZE(ptr, ptr->index_size) extent_entry->extent_index = gf_bs_read_int(bs, 8 * ptr->index_size); } else { extent_entry->extent_index = 0; } ISOM_DECREASE_SIZE(ptr, (ptr->offset_size+ptr->length_size) ) extent_entry->extent_offset = gf_bs_read_int(bs, 8*ptr->offset_size); extent_entry->extent_length = gf_bs_read_int(bs, 8*ptr->length_size); #ifndef GPAC_DISABLE_ISOM_WRITE extent_entry->original_extent_offset = extent_entry->extent_offset; #endif } } return GF_OK; }",visit repo url,src/isomedia/box_code_meta.c,https://github.com/gpac/gpac,240485290450447,1 2974,['CWE-189'],"int jpc_ppxstab_grow(jpc_ppxstab_t *tab, int maxents) { jpc_ppxstabent_t **newents; if (tab->maxents < maxents) { newents = (tab->ents) ? jas_realloc2(tab->ents, maxents, sizeof(jpc_ppxstabent_t *)) : jas_alloc2(maxents, sizeof(jpc_ppxstabent_t *)); if (!newents) { return -1; } tab->ents = newents; tab->maxents = maxents; } return 0; }",jasper,,,297878809290610395358128135359294640316,0 4700,CWE-120,"imap_auth_res_t imap_auth_gss (IMAP_DATA* idata, const char* method) { gss_buffer_desc request_buf, send_token; gss_buffer_t sec_token; gss_name_t target_name; gss_ctx_id_t context; #ifdef DEBUG gss_OID mech_name; char server_conf_flags; #endif gss_qop_t quality; int cflags; OM_uint32 maj_stat, min_stat; char buf1[GSS_BUFSIZE], buf2[GSS_BUFSIZE]; unsigned long buf_size; int rc; if (!mutt_bit_isset (idata->capabilities, AGSSAPI)) return IMAP_AUTH_UNAVAIL; if (mutt_account_getuser (&idata->conn->account)) return IMAP_AUTH_FAILURE; snprintf (buf1, sizeof (buf1), ""imap@%s"", idata->conn->account.host); request_buf.value = buf1; request_buf.length = strlen (buf1); maj_stat = gss_import_name (&min_stat, &request_buf, gss_nt_service_name, &target_name); if (maj_stat != GSS_S_COMPLETE) { dprint (2, (debugfile, ""Couldn't get service name for [%s]\n"", buf1)); return IMAP_AUTH_UNAVAIL; } #ifdef DEBUG else if (debuglevel >= 2) { maj_stat = gss_display_name (&min_stat, target_name, &request_buf, &mech_name); dprint (2, (debugfile, ""Using service name [%s]\n"", (char*) request_buf.value)); maj_stat = gss_release_buffer (&min_stat, &request_buf); } #endif sec_token = GSS_C_NO_BUFFER; context = GSS_C_NO_CONTEXT; maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &context, target_name, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS, sec_token, NULL, &send_token, (unsigned int*) &cflags, NULL); if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { print_gss_error(maj_stat, min_stat); dprint (1, (debugfile, ""Error acquiring credentials - no TGT?\n"")); gss_release_name (&min_stat, &target_name); return IMAP_AUTH_UNAVAIL; } mutt_message _(""Authenticating (GSSAPI)...""); imap_cmd_start (idata, ""AUTHENTICATE GSSAPI""); do rc = imap_cmd_step (idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { dprint (2, (debugfile, ""Invalid response from server: %s\n"", buf1)); gss_release_name (&min_stat, &target_name); goto bail; } dprint (2, (debugfile, ""Sending credentials\n"")); mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length, sizeof (buf1) - 2); gss_release_buffer (&min_stat, &send_token); safe_strcat (buf1, sizeof (buf1), ""\r\n""); mutt_socket_write (idata->conn, buf1); while (maj_stat == GSS_S_CONTINUE_NEEDED) { do rc = imap_cmd_step (idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { dprint (1, (debugfile, ""Error receiving server response.\n"")); gss_release_name (&min_stat, &target_name); goto bail; } request_buf.length = mutt_from_base64 (buf2, idata->buf + 2); request_buf.value = buf2; sec_token = &request_buf; maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &context, target_name, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS, sec_token, NULL, &send_token, (unsigned int*) &cflags, NULL); if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { print_gss_error(maj_stat, min_stat); dprint (1, (debugfile, ""Error exchanging credentials\n"")); gss_release_name (&min_stat, &target_name); goto err_abort_cmd; } mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length, sizeof (buf1) - 2); gss_release_buffer (&min_stat, &send_token); safe_strcat (buf1, sizeof (buf1), ""\r\n""); mutt_socket_write (idata->conn, buf1); } gss_release_name (&min_stat, &target_name); do rc = imap_cmd_step (idata); while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { dprint (1, (debugfile, ""Error receiving server response.\n"")); goto bail; } request_buf.length = mutt_from_base64 (buf2, idata->buf + 2); request_buf.value = buf2; maj_stat = gss_unwrap (&min_stat, context, &request_buf, &send_token, &cflags, &quality); if (maj_stat != GSS_S_COMPLETE) { print_gss_error(maj_stat, min_stat); dprint (2, (debugfile, ""Couldn't unwrap security level data\n"")); gss_release_buffer (&min_stat, &send_token); goto err_abort_cmd; } dprint (2, (debugfile, ""Credential exchange complete\n"")); #ifdef DEBUG server_conf_flags = ((char*) send_token.value)[0]; #endif if ( !(((char*) send_token.value)[0] & GSS_AUTH_P_NONE) ) { dprint (2, (debugfile, ""Server requires integrity or privacy\n"")); gss_release_buffer (&min_stat, &send_token); goto err_abort_cmd; } ((char*) send_token.value)[0] = 0; buf_size = ntohl (*((long *) send_token.value)); gss_release_buffer (&min_stat, &send_token); dprint (2, (debugfile, ""Unwrapped security level flags: %c%c%c\n"", server_conf_flags & GSS_AUTH_P_NONE ? 'N' : '-', server_conf_flags & GSS_AUTH_P_INTEGRITY ? 'I' : '-', server_conf_flags & GSS_AUTH_P_PRIVACY ? 'P' : '-')); dprint (2, (debugfile, ""Maximum GSS token size is %ld\n"", buf_size)); buf_size = htonl (buf_size); memcpy (buf1, &buf_size, 4); buf1[0] = GSS_AUTH_P_NONE; strncpy (buf1 + 4, idata->conn->account.user, sizeof (buf1) - 4); request_buf.value = buf1; request_buf.length = 4 + strlen (idata->conn->account.user); maj_stat = gss_wrap (&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf, &cflags, &send_token); if (maj_stat != GSS_S_COMPLETE) { dprint (2, (debugfile, ""Error creating login request\n"")); goto err_abort_cmd; } mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length, sizeof (buf1) - 2); dprint (2, (debugfile, ""Requesting authorisation as %s\n"", idata->conn->account.user)); safe_strcat (buf1, sizeof (buf1), ""\r\n""); mutt_socket_write (idata->conn, buf1); do rc = imap_cmd_step (idata); while (rc == IMAP_CMD_CONTINUE); if (rc == IMAP_CMD_RESPOND) { dprint (1, (debugfile, ""Unexpected server continuation request.\n"")); goto err_abort_cmd; } if (imap_code (idata->buf)) { dprint (2, (debugfile, ""Releasing GSS credentials\n"")); maj_stat = gss_delete_sec_context (&min_stat, &context, &send_token); if (maj_stat != GSS_S_COMPLETE) dprint (1, (debugfile, ""Error releasing credentials\n"")); gss_release_buffer (&min_stat, &send_token); return IMAP_AUTH_SUCCESS; } else goto bail; err_abort_cmd: mutt_socket_write (idata->conn, ""*\r\n""); do rc = imap_cmd_step (idata); while (rc == IMAP_CMD_CONTINUE); bail: mutt_error _(""GSSAPI authentication failed.""); mutt_sleep (2); return IMAP_AUTH_FAILURE; }",visit repo url,imap/auth_gss.c,https://gitlab.com/muttmua/mutt,151258868423307,1 3776,CWE-190,"unserialize_uep(bufinfo_T *bi, int *error, char_u *file_name) { int i; u_entry_T *uep; char_u **array; char_u *line; int line_len; uep = (u_entry_T *)U_ALLOC_LINE(sizeof(u_entry_T)); if (uep == NULL) return NULL; vim_memset(uep, 0, sizeof(u_entry_T)); #ifdef U_DEBUG uep->ue_magic = UE_MAGIC; #endif uep->ue_top = undo_read_4c(bi); uep->ue_bot = undo_read_4c(bi); uep->ue_lcount = undo_read_4c(bi); uep->ue_size = undo_read_4c(bi); if (uep->ue_size > 0) { array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size); if (array == NULL) { *error = TRUE; return uep; } vim_memset(array, 0, sizeof(char_u *) * uep->ue_size); } else array = NULL; uep->ue_array = array; for (i = 0; i < uep->ue_size; ++i) { line_len = undo_read_4c(bi); if (line_len >= 0) line = read_string_decrypt(bi, line_len); else { line = NULL; corruption_error(""line length"", file_name); } if (line == NULL) { *error = TRUE; return uep; } array[i] = line; } return uep; }",visit repo url,src/undo.c,https://github.com/vim/vim,98134242152977,1 854,CWE-20,"SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, unsigned int, flags, struct sockaddr __user *, addr, int __user *, addr_len) { struct socket *sock; struct iovec iov; struct msghdr msg; struct sockaddr_storage address; int err, err2; int fput_needed; if (size > INT_MAX) size = INT_MAX; sock = sockfd_lookup_light(fd, &err, &fput_needed); if (!sock) goto out; msg.msg_control = NULL; msg.msg_controllen = 0; msg.msg_iovlen = 1; msg.msg_iov = &iov; iov.iov_len = size; iov.iov_base = ubuf; msg.msg_name = (struct sockaddr *)&address; msg.msg_namelen = sizeof(address); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = sock_recvmsg(sock, &msg, size, flags); if (err >= 0 && addr != NULL) { err2 = move_addr_to_user(&address, msg.msg_namelen, addr, addr_len); if (err2 < 0) err = err2; } fput_light(sock->file, fput_needed); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,89843130858034,1 1649,[],"static struct task_struct *find_process_by_pid(pid_t pid) { return pid ? find_task_by_vpid(pid) : current; }",linux-2.6,,,14294389314103136393832856218791696827,0 779,['CWE-119'],"isdn_net_ciscohdlck_disconnected(isdn_net_local *lp) { del_timer(&lp->cisco_timer); }",linux-2.6,,,273537363086959111608335812832793599750,0 5393,['CWE-476'],"void kvm_arch_sync_events(struct kvm *kvm) { kvm_free_all_assigned_devices(kvm); }",linux-2.6,,,167343538271070095514417049284833479790,0 6749,CWE-787,"int dns_HTTPS_add_ipv6hint(struct dns_rr_nested *svcparam, unsigned char addr[][DNS_RR_AAAA_LEN], int addr_num) { if (_dns_left_len(&svcparam->context) < 4 + addr_num * DNS_RR_AAAA_LEN) { return -1; } unsigned short value = DNS_HTTPS_T_IPV6HINT; dns_add_rr_nested_memcpy(svcparam, &value, 2); value = addr_num * DNS_RR_AAAA_LEN; dns_add_rr_nested_memcpy(svcparam, &value, 2); for (int i = 0; i < addr_num; i++) { dns_add_rr_nested_memcpy(svcparam, addr[i], DNS_RR_AAAA_LEN); } return 0; }",visit repo url,src/dns.c,https://github.com/pymumu/smartdns,215461095291046,1 6304,CWE-295,"static LUA_FUNCTION(openssl_x509_check_email) { X509 * cert = CHECK_OBJECT(1, X509, ""openssl.x509""); if (lua_isstring(L, 2)) { const char *email = lua_tostring(L, 2); lua_pushboolean(L, X509_check_email(cert, email, strlen(email), 0)); } else { lua_pushboolean(L, 0); } return 1; }",visit repo url,src/x509.c,https://github.com/zhaozg/lua-openssl,220394121189620,1 6717,CWE-134,"void hexdump(msg_info msg_info, const char *mem, unsigned int len) { unsigned int i, j; char str[10 + HEXDUMP_COLS * 4 + 2]; int c = 0; for(i = 0; i < len + ((len % HEXDUMP_COLS) ? (HEXDUMP_COLS - len % HEXDUMP_COLS) : 0); i++) { if(i % HEXDUMP_COLS == 0) c += sprintf(&str[c], ""0x%06x: "", i); if(i < len) c += sprintf(&str[c], ""%02x "", 0xFF & mem[i]); else c+= sprintf(&str[c], "" ""); if(i % HEXDUMP_COLS == (HEXDUMP_COLS - 1)) { for(j = i - (HEXDUMP_COLS - 1); j <= i; j++) { if(j >= len) str[c++] = ' '; else if(isprint(mem[j])) str[c++] = 0xFF & mem[j]; else str[c++] = '.'; } str[c++] = '\n'; str[c++] = 0; print_message(msg_info, str); c = 0; } } }",visit repo url,probe.c,https://github.com/yrutschle/sslh,68079858919145,1 1769,CWE-119,"static inline bool unconditional(const struct ip6t_ip6 *ipv6) { static const struct ip6t_ip6 uncond; return memcmp(ipv6, &uncond, sizeof(uncond)) == 0; }",visit repo url,net/ipv6/netfilter/ip6_tables.c,https://github.com/torvalds/linux,118355003262697,1 4346,CWE-358,"DefragVlanTest(void) { Packet *p1 = NULL, *p2 = NULL, *r = NULL; int ret = 0; DefragInit(); p1 = BuildTestPacket(1, 0, 1, 'A', 8); if (p1 == NULL) goto end; p2 = BuildTestPacket(1, 1, 0, 'B', 8); if (p2 == NULL) goto end; if ((r = Defrag(NULL, NULL, p1, NULL)) != NULL) goto end; if ((r = Defrag(NULL, NULL, p2, NULL)) == NULL) goto end; SCFree(r); p1->vlan_id[0] = 1; p2->vlan_id[0] = 2; if ((r = Defrag(NULL, NULL, p1, NULL)) != NULL) goto end; if ((r = Defrag(NULL, NULL, p2, NULL)) != NULL) goto end; ret = 1; end: if (p1 != NULL) SCFree(p1); if (p2 != NULL) SCFree(p2); DefragDestroy(); return ret; }",visit repo url,src/defrag.c,https://github.com/inliniac/suricata,7604646947112,1 3673,['CWE-119'],"int hfsplus_cat_case_cmp_key(const hfsplus_btree_key *k1, const hfsplus_btree_key *k2) { __be32 k1p, k2p; k1p = k1->cat.parent; k2p = k2->cat.parent; if (k1p != k2p) return be32_to_cpu(k1p) < be32_to_cpu(k2p) ? -1 : 1; return hfsplus_strcasecmp(&k1->cat.name, &k2->cat.name); }",linux-2.6,,,277439996094613031430559627686059795771,0 1093,CWE-399,"int khugepaged_enter_vma_merge(struct vm_area_struct *vma) { unsigned long hstart, hend; if (!vma->anon_vma) return 0; if (vma->vm_file || vma->vm_ops) return 0; VM_BUG_ON(is_linear_pfn_mapping(vma) || is_pfn_mapping(vma)); hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK; hend = vma->vm_end & HPAGE_PMD_MASK; if (hstart < hend) return khugepaged_enter(vma); return 0; }",visit repo url,mm/huge_memory.c,https://github.com/torvalds/linux,56472733005106,1 1028,['CWE-20'],"void kernel_shutdown_prepare(enum system_states state) { blocking_notifier_call_chain(&reboot_notifier_list, (state == SYSTEM_HALT)?SYS_HALT:SYS_POWER_OFF, NULL); system_state = state; device_shutdown(); }",linux-2.6,,,208713833834523477090428746159217550294,0 2301,CWE-189,"static inline void x86_assign_hw_event(struct perf_event *event, struct cpu_hw_events *cpuc, int i) { struct hw_perf_event *hwc = &event->hw; hwc->idx = cpuc->assign[i]; hwc->last_cpu = smp_processor_id(); hwc->last_tag = ++cpuc->tags[i]; if (hwc->idx == X86_PMC_IDX_FIXED_BTS) { hwc->config_base = 0; hwc->event_base = 0; } else if (hwc->idx >= X86_PMC_IDX_FIXED) { hwc->config_base = MSR_ARCH_PERFMON_FIXED_CTR_CTRL; hwc->event_base = MSR_ARCH_PERFMON_FIXED_CTR0; } else { hwc->config_base = x86_pmu_config_addr(hwc->idx); hwc->event_base = x86_pmu_event_addr(hwc->idx); } }",visit repo url,arch/x86/kernel/cpu/perf_event.c,https://github.com/torvalds/linux,259786636273960,1 5665,CWE-125,"bit_write_MC (Bit_Chain *dat, BITCODE_MC val) { int i, j; int negative = 0; unsigned char byte[5]; BITCODE_UMC mask = 0x0000007f; BITCODE_UMC value = (BITCODE_UMC)val; if (val < 0) { negative = 1; value = (BITCODE_UMC)-val; } for (i = 4, j = 0; i >= 0; i--, j += 7) { byte[i] = (unsigned char)((value & mask) >> j); byte[i] |= 0x80; mask = mask << 7; } for (i = 0; i < 4; i++) if (byte[i] & 0x7f) break; if (byte[i] & 0x40) i--; byte[i] &= 0x7f; if (negative) byte[i] |= 0x40; for (j = 4; j >= i; j--) bit_write_RC (dat, byte[j]); }",visit repo url,src/bits.c,https://github.com/LibreDWG/libredwg,222299002766637,1 3519,['CWE-20'],"static sctp_ierror_t sctp_sf_authenticate(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, struct sctp_chunk *chunk) { struct sctp_authhdr *auth_hdr; struct sctp_hmac *hmac; unsigned int sig_len; __u16 key_id; __u8 *save_digest; __u8 *digest; auth_hdr = (struct sctp_authhdr *)chunk->skb->data; chunk->subh.auth_hdr = auth_hdr; skb_pull(chunk->skb, sizeof(struct sctp_authhdr)); if (!sctp_auth_asoc_verify_hmac_id(asoc, auth_hdr->hmac_id)) return SCTP_IERROR_AUTH_BAD_HMAC; key_id = ntohs(auth_hdr->shkey_id); if (key_id != asoc->active_key_id && !sctp_auth_get_shkey(asoc, key_id)) return SCTP_IERROR_AUTH_BAD_KEYID; sig_len = ntohs(chunk->chunk_hdr->length) - sizeof(sctp_auth_chunk_t); hmac = sctp_auth_get_hmac(ntohs(auth_hdr->hmac_id)); if (sig_len != hmac->hmac_len) return SCTP_IERROR_PROTO_VIOLATION; digest = auth_hdr->hmac; skb_pull(chunk->skb, sig_len); save_digest = kmemdup(digest, sig_len, GFP_ATOMIC); if (!save_digest) goto nomem; memset(digest, 0, sig_len); sctp_auth_calculate_hmac(asoc, chunk->skb, (struct sctp_auth_chunk *)chunk->chunk_hdr, GFP_ATOMIC); if (memcmp(save_digest, digest, sig_len)) { kfree(save_digest); return SCTP_IERROR_BAD_SIG; } kfree(save_digest); chunk->auth = 1; return SCTP_IERROR_NO_ERROR; nomem: return SCTP_IERROR_NOMEM; }",linux-2.6,,,232944066870181009053778676921304469763,0 6182,CWE-190,"int fb_get_bit(const fb_t a, int bit) { int d; RLC_RIP(bit, d, bit); return (a[d] >> bit) & 1; }",visit repo url,src/fb/relic_fb_util.c,https://github.com/relic-toolkit/relic,155481101728507,1 5340,['CWE-476'],"static int __msr_io(struct kvm_vcpu *vcpu, struct kvm_msrs *msrs, struct kvm_msr_entry *entries, int (*do_msr)(struct kvm_vcpu *vcpu, unsigned index, u64 *data)) { int i; vcpu_load(vcpu); down_read(&vcpu->kvm->slots_lock); for (i = 0; i < msrs->nmsrs; ++i) if (do_msr(vcpu, entries[i].index, &entries[i].data)) break; up_read(&vcpu->kvm->slots_lock); vcpu_put(vcpu); return i; }",linux-2.6,,,307081890956440845082528783540612406021,0 1749,CWE-400,"struct sk_buff **udp_gro_receive(struct sk_buff **head, struct sk_buff *skb, struct udphdr *uh) { struct udp_offload_priv *uo_priv; struct sk_buff *p, **pp = NULL; struct udphdr *uh2; unsigned int off = skb_gro_offset(skb); int flush = 1; if (NAPI_GRO_CB(skb)->udp_mark || (skb->ip_summed != CHECKSUM_PARTIAL && NAPI_GRO_CB(skb)->csum_cnt == 0 && !NAPI_GRO_CB(skb)->csum_valid)) goto out; NAPI_GRO_CB(skb)->udp_mark = 1; rcu_read_lock(); uo_priv = rcu_dereference(udp_offload_base); for (; uo_priv != NULL; uo_priv = rcu_dereference(uo_priv->next)) { if (net_eq(read_pnet(&uo_priv->net), dev_net(skb->dev)) && uo_priv->offload->port == uh->dest && uo_priv->offload->callbacks.gro_receive) goto unflush; } goto out_unlock; unflush: flush = 0; for (p = *head; p; p = p->next) { if (!NAPI_GRO_CB(p)->same_flow) continue; uh2 = (struct udphdr *)(p->data + off); if ((*(u32 *)&uh->source != *(u32 *)&uh2->source) || (!uh->check ^ !uh2->check)) { NAPI_GRO_CB(p)->same_flow = 0; continue; } } skb_gro_pull(skb, sizeof(struct udphdr)); skb_gro_postpull_rcsum(skb, uh, sizeof(struct udphdr)); NAPI_GRO_CB(skb)->proto = uo_priv->offload->ipproto; pp = uo_priv->offload->callbacks.gro_receive(head, skb, uo_priv->offload); out_unlock: rcu_read_unlock(); out: NAPI_GRO_CB(skb)->flush |= flush; return pp; }",visit repo url,net/ipv4/udp_offload.c,https://github.com/torvalds/linux,12612261035454,1 6614,['CWE-200'],"nm_connection_list_run (NMConnectionList *list) { g_return_if_fail (NM_IS_CONNECTION_LIST (list)); g_signal_connect (G_OBJECT (list->dialog), ""response"", G_CALLBACK (list_response_cb), list); g_signal_connect (G_OBJECT (list->dialog), ""close"", G_CALLBACK (list_close_cb), list); nm_connection_list_present (list); }",network-manager-applet,,,150980591558294284025836907596143424321,0 6761,CWE-908,"static int tcp_syn(struct pico_socket *s, struct pico_frame *f) { struct pico_socket_tcp *new = NULL; struct pico_tcp_hdr *hdr = NULL; uint16_t mtu; if(s->number_of_pending_conn >= s->max_backlog) return -1; new = (struct pico_socket_tcp *)pico_socket_clone(s); hdr = (struct pico_tcp_hdr *)f->transport_hdr; if (!new) return -1; #ifdef PICO_TCP_SUPPORT_SOCKET_STATS if (!pico_timer_add(t->sock.stack, 2000, sock_stats, s)) { tcp_dbg(""TCP: Failed to start socket statistics timer\n""); return -1; } #endif new->sock.remote_port = ((struct pico_trans *)f->transport_hdr)->sport; #ifdef PICO_SUPPORT_IPV4 if (IS_IPV4(f)) { new->sock.remote_addr.ip4.addr = ((struct pico_ipv4_hdr *)(f->net_hdr))->src.addr; new->sock.local_addr.ip4.addr = ((struct pico_ipv4_hdr *)(f->net_hdr))->dst.addr; } #endif #ifdef PICO_SUPPORT_IPV6 if (IS_IPV6(f)) { new->sock.remote_addr.ip6 = ((struct pico_ipv6_hdr *)(f->net_hdr))->src; new->sock.local_addr.ip6 = ((struct pico_ipv6_hdr *)(f->net_hdr))->dst; } #endif f->sock = &new->sock; mtu = (uint16_t)pico_socket_get_mss(&new->sock); new->mss = (uint16_t)(mtu - PICO_SIZE_TCPHDR); if (tcp_parse_options(f) < 0) return -1; new->sock.stack = s->stack; new->tcpq_in.max_size = PICO_DEFAULT_SOCKETQ; new->tcpq_out.max_size = PICO_DEFAULT_SOCKETQ; new->tcpq_hold.max_size = 2u * mtu; new->rcv_nxt = long_be(hdr->seq) + 1; new->snd_nxt = long_be(pico_paws()); new->snd_last = new->snd_nxt; new->cwnd = PICO_TCP_IW; new->ssthresh = (uint16_t)((uint16_t)(PICO_DEFAULT_SOCKETQ / new->mss) - (((uint16_t)(PICO_DEFAULT_SOCKETQ / new->mss)) >> 3u)); new->recv_wnd = short_be(hdr->rwnd); new->linger_timeout = PICO_SOCKET_LINGER_TIMEOUT; s->number_of_pending_conn++; new->sock.parent = s; new->sock.wakeup = s->wakeup; rto_set(new, PICO_TCP_RTO_MIN); new->sock.state = PICO_SOCKET_STATE_BOUND | PICO_SOCKET_STATE_CONNECTED | PICO_SOCKET_STATE_TCP_SYN_RECV; pico_socket_add(&new->sock); tcp_send_synack(&new->sock); tcp_dbg(""SYNACK sent, socket added. snd_nxt is %08x\n"", new->snd_nxt); return 0; }",visit repo url,modules/pico_tcp.c,https://github.com/virtualsquare/picotcp,68590277905198,1 3017,CWE-415,"BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality) { uint8_t *argb; int x, y; uint8_t *p; uint8_t *out; size_t out_size; if (im == NULL) { return; } if (!gdImageTrueColor(im)) { gd_error(""Paletter image not supported by webp""); return; } if (quality == -1) { quality = 80; } if (overflow2(gdImageSX(im), 4)) { return; } if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) { return; } argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im)); if (!argb) { return; } p = argb; for (y = 0; y < gdImageSY(im); y++) { for (x = 0; x < gdImageSX(im); x++) { register int c; register char a; c = im->tpixels[y][x]; a = gdTrueColorGetAlpha(c); if (a == 127) { a = 0; } else { a = 255 - ((a << 1) + (a >> 6)); } *(p++) = gdTrueColorGetRed(c); *(p++) = gdTrueColorGetGreen(c); *(p++) = gdTrueColorGetBlue(c); *(p++) = a; } } out_size = WebPEncodeRGBA(argb, gdImageSX(im), gdImageSY(im), gdImageSX(im) * 4, quality, &out); if (out_size == 0) { gd_error(""gd-webp encoding failed""); goto freeargb; } gdPutBuf(out, out_size, outfile); free(out); freeargb: gdFree(argb); }",visit repo url,src/gd_webp.c,https://github.com/libgd/libgd,21097648417294,1 2826,CWE-125,"BOOL glyph_cache_put(rdpGlyphCache* glyphCache, UINT32 id, UINT32 index, rdpGlyph* glyph) { rdpGlyph* prevGlyph; if (id > 9) { WLog_ERR(TAG, ""invalid glyph cache id: %"" PRIu32 """", id); return FALSE; } if (index > glyphCache->glyphCache[id].number) { WLog_ERR(TAG, ""invalid glyph cache index: %"" PRIu32 "" in cache id: %"" PRIu32 """", index, id); return FALSE; } WLog_Print(glyphCache->log, WLOG_DEBUG, ""GlyphCachePut: id: %"" PRIu32 "" index: %"" PRIu32 """", id, index); prevGlyph = glyphCache->glyphCache[id].entries[index]; if (prevGlyph) prevGlyph->Free(glyphCache->context, prevGlyph); glyphCache->glyphCache[id].entries[index] = glyph; return TRUE; }",visit repo url,libfreerdp/cache/glyph.c,https://github.com/FreeRDP/FreeRDP,196611557825979,1 2352,CWE-476,"av_cold void ff_idctdsp_init(IDCTDSPContext *c, AVCodecContext *avctx) { const unsigned high_bit_depth = avctx->bits_per_raw_sample > 8; if (avctx->lowres==1) { c->idct_put = ff_jref_idct4_put; c->idct_add = ff_jref_idct4_add; c->idct = ff_j_rev_dct4; c->perm_type = FF_IDCT_PERM_NONE; } else if (avctx->lowres==2) { c->idct_put = ff_jref_idct2_put; c->idct_add = ff_jref_idct2_add; c->idct = ff_j_rev_dct2; c->perm_type = FF_IDCT_PERM_NONE; } else if (avctx->lowres==3) { c->idct_put = ff_jref_idct1_put; c->idct_add = ff_jref_idct1_add; c->idct = ff_j_rev_dct1; c->perm_type = FF_IDCT_PERM_NONE; } else { if (avctx->bits_per_raw_sample == 10 || avctx->bits_per_raw_sample == 9) { if (avctx->codec_id == AV_CODEC_ID_MPEG4 && avctx->profile == FF_PROFILE_MPEG4_SIMPLE_STUDIO) c->idct_put = ff_simple_idct_put_int32_10bit; else { c->idct_put = ff_simple_idct_put_int16_10bit; c->idct_add = ff_simple_idct_add_int16_10bit; c->idct = ff_simple_idct_int16_10bit; } c->perm_type = FF_IDCT_PERM_NONE; } else if (avctx->bits_per_raw_sample == 12) { c->idct_put = ff_simple_idct_put_int16_12bit; c->idct_add = ff_simple_idct_add_int16_12bit; c->idct = ff_simple_idct_int16_12bit; c->perm_type = FF_IDCT_PERM_NONE; } else { if (avctx->idct_algo == FF_IDCT_INT) { c->idct_put = ff_jref_idct_put; c->idct_add = ff_jref_idct_add; c->idct = ff_j_rev_dct; c->perm_type = FF_IDCT_PERM_LIBMPEG2; #if CONFIG_FAANIDCT } else if (avctx->idct_algo == FF_IDCT_FAAN) { c->idct_put = ff_faanidct_put; c->idct_add = ff_faanidct_add; c->idct = ff_faanidct; c->perm_type = FF_IDCT_PERM_NONE; #endif } else { c->idct_put = ff_simple_idct_put_int16_8bit; c->idct_add = ff_simple_idct_add_int16_8bit; c->idct = ff_simple_idct_int16_8bit; c->perm_type = FF_IDCT_PERM_NONE; } } } c->put_pixels_clamped = ff_put_pixels_clamped_c; c->put_signed_pixels_clamped = put_signed_pixels_clamped_c; c->add_pixels_clamped = ff_add_pixels_clamped_c; if (CONFIG_MPEG4_DECODER && avctx->idct_algo == FF_IDCT_XVID) ff_xvid_idct_init(c, avctx); if (ARCH_AARCH64) ff_idctdsp_init_aarch64(c, avctx, high_bit_depth); if (ARCH_ALPHA) ff_idctdsp_init_alpha(c, avctx, high_bit_depth); if (ARCH_ARM) ff_idctdsp_init_arm(c, avctx, high_bit_depth); if (ARCH_PPC) ff_idctdsp_init_ppc(c, avctx, high_bit_depth); if (ARCH_X86) ff_idctdsp_init_x86(c, avctx, high_bit_depth); if (ARCH_MIPS) ff_idctdsp_init_mips(c, avctx, high_bit_depth); ff_init_scantable_permutation(c->idct_permutation, c->perm_type); }",visit repo url,libavcodec/idctdsp.c,https://github.com/FFmpeg/FFmpeg,195900592740056,1 1172,['CWE-189'],"sys_nanosleep(struct timespec __user *rqtp, struct timespec __user *rmtp) { struct timespec tu; if (copy_from_user(&tu, rqtp, sizeof(tu))) return -EFAULT; if (!timespec_valid(&tu)) return -EINVAL; return hrtimer_nanosleep(&tu, rmtp, HRTIMER_MODE_REL, CLOCK_MONOTONIC); }",linux-2.6,,,129092085342477898154121633949695943913,0 5239,['CWE-264'],"static void check_owning_objs(canon_ace *ace, DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid) { bool got_user_obj, got_group_obj; canon_ace *current_ace; int i, entries; entries = count_canon_ace_list(ace); got_user_obj = False; got_group_obj = False; for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) { if (current_ace->type == SMB_ACL_USER_OBJ) got_user_obj = True; else if (current_ace->type == SMB_ACL_GROUP_OBJ) got_group_obj = True; } if (got_user_obj && got_group_obj) { DEBUG(10,(""check_owning_objs: ACL had owning user/group entries.\n"")); return; } for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) { if (!got_user_obj && current_ace->owner_type == UID_ACE && sid_equal(¤t_ace->trustee, pfile_owner_sid)) { current_ace->type = SMB_ACL_USER_OBJ; got_user_obj = True; } if (!got_group_obj && current_ace->owner_type == GID_ACE && sid_equal(¤t_ace->trustee, pfile_grp_sid)) { current_ace->type = SMB_ACL_GROUP_OBJ; got_group_obj = True; } } if (!got_user_obj) DEBUG(10,(""check_owning_objs: ACL is missing an owner entry.\n"")); if (!got_group_obj) DEBUG(10,(""check_owning_objs: ACL is missing an owning group entry.\n"")); }",samba,,,313756040336350006249866053167320779998,0 5209,['CWE-20'],"static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) { unsigned long guest_cr3; u64 eptp; guest_cr3 = cr3; if (vm_need_ept()) { eptp = construct_eptp(cr3); vmcs_write64(EPT_POINTER, eptp); ept_sync_context(eptp); ept_load_pdptrs(vcpu); guest_cr3 = is_paging(vcpu) ? vcpu->arch.cr3 : VMX_EPT_IDENTITY_PAGETABLE_ADDR; } vmx_flush_tlb(vcpu); vmcs_writel(GUEST_CR3, guest_cr3); if (vcpu->arch.cr0 & X86_CR0_PE) vmx_fpu_deactivate(vcpu); }",linux-2.6,,,180263923621983012623204319937889743931,0 2492,['CWE-119'],"static void show_graph(FILE *file, char ch, int cnt, const char *set, const char *reset) { if (cnt <= 0) return; fprintf(file, ""%s"", set); while (cnt--) putc(ch, file); fprintf(file, ""%s"", reset); }",git,,,14983535986133065946070943055431911364,0 793,['CWE-119'],"isdn_net_force_dial_lp(isdn_net_local * lp) { if ((!(lp->flags & ISDN_NET_CONNECTED)) && !lp->dialstate) { int chi; if (lp->phone[1]) { ulong flags; spin_lock_irqsave(&dev->lock, flags); if ((chi = isdn_get_free_channel( ISDN_USAGE_NET, lp->l2_proto, lp->l3_proto, lp->pre_device, lp->pre_channel, lp->msn)) < 0) { printk(KERN_WARNING ""isdn_net_force_dial: No channel for %s\n"", lp->netdev->dev->name); spin_unlock_irqrestore(&dev->lock, flags); return -EAGAIN; } lp->dialstate = 1; isdn_net_bind_channel(lp, chi); #ifdef CONFIG_ISDN_PPP if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP) if (isdn_ppp_bind(lp) < 0) { isdn_net_unbind_channel(lp); spin_unlock_irqrestore(&dev->lock, flags); return -EAGAIN; } #endif spin_unlock_irqrestore(&dev->lock, flags); isdn_net_dial(); return 0; } else return -EINVAL; } else return -EBUSY; }",linux-2.6,,,217138410945673473002788140451145293594,0 3246,CWE-125,"pimv2_print(netdissect_options *ndo, register const u_char *bp, register u_int len, const u_char *bp2) { register const u_char *ep; register const struct pim *pim = (const struct pim *)bp; int advance; enum checksum_status cksum_status; ep = (const u_char *)ndo->ndo_snapend; if (bp >= ep) return; if (ep > bp + len) ep = bp + len; ND_TCHECK(pim->pim_rsv); pimv2_addr_len = pim->pim_rsv; if (pimv2_addr_len != 0) ND_PRINT((ndo, "", RFC2117-encoding"")); ND_PRINT((ndo, "", cksum 0x%04x "", EXTRACT_16BITS(&pim->pim_cksum))); if (EXTRACT_16BITS(&pim->pim_cksum) == 0) { ND_PRINT((ndo, ""(unverified)"")); } else { if (PIM_TYPE(pim->pim_typever) == PIMV2_TYPE_REGISTER) { cksum_status = pimv2_check_checksum(ndo, bp, bp2, 8); if (cksum_status == INCORRECT) { cksum_status = pimv2_check_checksum(ndo, bp, bp2, len); } } else { cksum_status = pimv2_check_checksum(ndo, bp, bp2, len); } switch (cksum_status) { case CORRECT: ND_PRINT((ndo, ""(correct)"")); break; case INCORRECT: ND_PRINT((ndo, ""(incorrect)"")); break; case UNVERIFIED: ND_PRINT((ndo, ""(unverified)"")); break; } } switch (PIM_TYPE(pim->pim_typever)) { case PIMV2_TYPE_HELLO: { uint16_t otype, olen; bp += 4; while (bp < ep) { ND_TCHECK2(bp[0], 4); otype = EXTRACT_16BITS(&bp[0]); olen = EXTRACT_16BITS(&bp[2]); ND_TCHECK2(bp[0], 4 + olen); ND_PRINT((ndo, ""\n\t %s Option (%u), length %u, Value: "", tok2str(pimv2_hello_option_values, ""Unknown"", otype), otype, olen)); bp += 4; switch (otype) { case PIMV2_HELLO_OPTION_HOLDTIME: if (olen != 2) { ND_PRINT((ndo, ""ERROR: Option Length != 2 Bytes (%u)"", olen)); } else { unsigned_relts_print(ndo, EXTRACT_16BITS(bp)); } break; case PIMV2_HELLO_OPTION_LANPRUNEDELAY: if (olen != 4) { ND_PRINT((ndo, ""ERROR: Option Length != 4 Bytes (%u)"", olen)); } else { char t_bit; uint16_t lan_delay, override_interval; lan_delay = EXTRACT_16BITS(bp); override_interval = EXTRACT_16BITS(bp+2); t_bit = (lan_delay & 0x8000)? 1 : 0; lan_delay &= ~0x8000; ND_PRINT((ndo, ""\n\t T-bit=%d, LAN delay %dms, Override interval %dms"", t_bit, lan_delay, override_interval)); } break; case PIMV2_HELLO_OPTION_DR_PRIORITY_OLD: case PIMV2_HELLO_OPTION_DR_PRIORITY: switch (olen) { case 0: ND_PRINT((ndo, ""Bi-Directional Capability (Old)"")); break; case 4: ND_PRINT((ndo, ""%u"", EXTRACT_32BITS(bp))); break; default: ND_PRINT((ndo, ""ERROR: Option Length != 4 Bytes (%u)"", olen)); break; } break; case PIMV2_HELLO_OPTION_GENID: if (olen != 4) { ND_PRINT((ndo, ""ERROR: Option Length != 4 Bytes (%u)"", olen)); } else { ND_PRINT((ndo, ""0x%08x"", EXTRACT_32BITS(bp))); } break; case PIMV2_HELLO_OPTION_REFRESH_CAP: if (olen != 4) { ND_PRINT((ndo, ""ERROR: Option Length != 4 Bytes (%u)"", olen)); } else { ND_PRINT((ndo, ""v%d"", *bp)); if (*(bp+1) != 0) { ND_PRINT((ndo, "", interval "")); unsigned_relts_print(ndo, *(bp+1)); } if (EXTRACT_16BITS(bp+2) != 0) { ND_PRINT((ndo, "" ?0x%04x?"", EXTRACT_16BITS(bp+2))); } } break; case PIMV2_HELLO_OPTION_BIDIR_CAP: break; case PIMV2_HELLO_OPTION_ADDRESS_LIST_OLD: case PIMV2_HELLO_OPTION_ADDRESS_LIST: if (ndo->ndo_vflag > 1) { const u_char *ptr = bp; while (ptr < (bp+olen)) { ND_PRINT((ndo, ""\n\t "")); advance = pimv2_addr_print(ndo, ptr, pimv2_unicast, 0); if (advance < 0) { ND_PRINT((ndo, ""..."")); break; } ptr += advance; } } break; default: if (ndo->ndo_vflag <= 1) print_unknown_data(ndo, bp, ""\n\t "", olen); break; } if (ndo->ndo_vflag> 1) print_unknown_data(ndo, bp, ""\n\t "", olen); bp += olen; } break; } case PIMV2_TYPE_REGISTER: { const struct ip *ip; ND_TCHECK2(*(bp + 4), PIMV2_REGISTER_FLAG_LEN); ND_PRINT((ndo, "", Flags [ %s ]\n\t"", tok2str(pimv2_register_flag_values, ""none"", EXTRACT_32BITS(bp+4)))); bp += 8; len -= 8; ip = (const struct ip *)bp; switch (IP_V(ip)) { case 0: ND_PRINT((ndo, ""IP-Null-header %s > %s"", ipaddr_string(ndo, &ip->ip_src), ipaddr_string(ndo, &ip->ip_dst))); break; case 4: ip_print(ndo, bp, len); break; case 6: ip6_print(ndo, bp, len); break; default: ND_PRINT((ndo, ""IP ver %d"", IP_V(ip))); break; } break; } case PIMV2_TYPE_REGISTER_STOP: bp += 4; len -= 4; if (bp >= ep) break; ND_PRINT((ndo, "" group="")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; len -= advance; if (bp >= ep) break; ND_PRINT((ndo, "" source="")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; len -= advance; break; case PIMV2_TYPE_JOIN_PRUNE: case PIMV2_TYPE_GRAFT: case PIMV2_TYPE_GRAFT_ACK: { uint8_t ngroup; uint16_t holdtime; uint16_t njoin; uint16_t nprune; int i, j; bp += 4; len -= 4; if (PIM_TYPE(pim->pim_typever) != 7) { if (bp >= ep) break; ND_PRINT((ndo, "", upstream-neighbor: "")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; len -= advance; } if (bp + 4 > ep) break; ngroup = bp[1]; holdtime = EXTRACT_16BITS(&bp[2]); ND_PRINT((ndo, ""\n\t %u group(s)"", ngroup)); if (PIM_TYPE(pim->pim_typever) != 7) { ND_PRINT((ndo, "", holdtime: "")); if (holdtime == 0xffff) ND_PRINT((ndo, ""infinite"")); else unsigned_relts_print(ndo, holdtime); } bp += 4; len -= 4; for (i = 0; i < ngroup; i++) { if (bp >= ep) goto jp_done; ND_PRINT((ndo, ""\n\t group #%u: "", i+1)); if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { ND_PRINT((ndo, ""...)"")); goto jp_done; } bp += advance; len -= advance; if (bp + 4 > ep) { ND_PRINT((ndo, ""...)"")); goto jp_done; } njoin = EXTRACT_16BITS(&bp[0]); nprune = EXTRACT_16BITS(&bp[2]); ND_PRINT((ndo, "", joined sources: %u, pruned sources: %u"", njoin, nprune)); bp += 4; len -= 4; for (j = 0; j < njoin; j++) { ND_PRINT((ndo, ""\n\t joined source #%u: "", j+1)); if ((advance = pimv2_addr_print(ndo, bp, pimv2_source, 0)) < 0) { ND_PRINT((ndo, ""...)"")); goto jp_done; } bp += advance; len -= advance; } for (j = 0; j < nprune; j++) { ND_PRINT((ndo, ""\n\t pruned source #%u: "", j+1)); if ((advance = pimv2_addr_print(ndo, bp, pimv2_source, 0)) < 0) { ND_PRINT((ndo, ""...)"")); goto jp_done; } bp += advance; len -= advance; } } jp_done: break; } case PIMV2_TYPE_BOOTSTRAP: { int i, j, frpcnt; bp += 4; if (bp + sizeof(uint16_t) >= ep) break; ND_PRINT((ndo, "" tag=%x"", EXTRACT_16BITS(bp))); bp += sizeof(uint16_t); if (bp >= ep) break; ND_PRINT((ndo, "" hashmlen=%d"", bp[0])); if (bp + 1 >= ep) break; ND_PRINT((ndo, "" BSRprio=%d"", bp[1])); bp += 2; if (bp >= ep) break; ND_PRINT((ndo, "" BSR="")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; for (i = 0; bp < ep; i++) { ND_PRINT((ndo, "" (group%d: "", i)); if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { ND_PRINT((ndo, ""...)"")); goto bs_done; } bp += advance; if (bp >= ep) { ND_PRINT((ndo, ""...)"")); goto bs_done; } ND_PRINT((ndo, "" RPcnt=%d"", bp[0])); if (bp + 1 >= ep) { ND_PRINT((ndo, ""...)"")); goto bs_done; } ND_PRINT((ndo, "" FRPcnt=%d"", frpcnt = bp[1])); bp += 4; for (j = 0; j < frpcnt && bp < ep; j++) { ND_PRINT((ndo, "" RP%d="", j)); if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { ND_PRINT((ndo, ""...)"")); goto bs_done; } bp += advance; if (bp + 1 >= ep) { ND_PRINT((ndo, ""...)"")); goto bs_done; } ND_PRINT((ndo, "",holdtime="")); unsigned_relts_print(ndo, EXTRACT_16BITS(bp)); if (bp + 2 >= ep) { ND_PRINT((ndo, ""...)"")); goto bs_done; } ND_PRINT((ndo, "",prio=%d"", bp[2])); bp += 4; } ND_PRINT((ndo, "")"")); } bs_done: break; } case PIMV2_TYPE_ASSERT: bp += 4; len -= 4; if (bp >= ep) break; ND_PRINT((ndo, "" group="")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; len -= advance; if (bp >= ep) break; ND_PRINT((ndo, "" src="")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; len -= advance; if (bp + 8 > ep) break; if (bp[0] & 0x80) ND_PRINT((ndo, "" RPT"")); ND_PRINT((ndo, "" pref=%u"", EXTRACT_32BITS(&bp[0]) & 0x7fffffff)); ND_PRINT((ndo, "" metric=%u"", EXTRACT_32BITS(&bp[4]))); break; case PIMV2_TYPE_CANDIDATE_RP: { int i, pfxcnt; bp += 4; if (bp >= ep) break; ND_PRINT((ndo, "" prefix-cnt=%d"", bp[0])); pfxcnt = bp[0]; if (bp + 1 >= ep) break; ND_PRINT((ndo, "" prio=%d"", bp[1])); if (bp + 3 >= ep) break; ND_PRINT((ndo, "" holdtime="")); unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[2])); bp += 4; if (bp >= ep) break; ND_PRINT((ndo, "" RP="")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; for (i = 0; i < pfxcnt && bp < ep; i++) { ND_PRINT((ndo, "" Group%d="", i)); if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; } break; } case PIMV2_TYPE_PRUNE_REFRESH: ND_PRINT((ndo, "" src="")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; ND_PRINT((ndo, "" grp="")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_group, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; ND_PRINT((ndo, "" forwarder="")); if ((advance = pimv2_addr_print(ndo, bp, pimv2_unicast, 0)) < 0) { ND_PRINT((ndo, ""..."")); break; } bp += advance; ND_TCHECK2(bp[0], 2); ND_PRINT((ndo, "" TUNR "")); unsigned_relts_print(ndo, EXTRACT_16BITS(bp)); break; default: ND_PRINT((ndo, "" [type %d]"", PIM_TYPE(pim->pim_typever))); break; } return; trunc: ND_PRINT((ndo, ""[|pim]"")); }",visit repo url,print-pim.c,https://github.com/the-tcpdump-group/tcpdump,232208487785281,1 941,CWE-754,"static int raw_cmd_copyin(int cmd, void __user *param, struct floppy_raw_cmd **rcmd) { struct floppy_raw_cmd *ptr; int ret; int i; *rcmd = NULL; loop: ptr = kmalloc(sizeof(struct floppy_raw_cmd), GFP_USER); if (!ptr) return -ENOMEM; *rcmd = ptr; ret = copy_from_user(ptr, param, sizeof(*ptr)); if (ret) return -EFAULT; ptr->next = NULL; ptr->buffer_length = 0; param += sizeof(struct floppy_raw_cmd); if (ptr->cmd_count > 33) return -EINVAL; for (i = 0; i < 16; i++) ptr->reply[i] = 0; ptr->resultcode = 0; ptr->kernel_data = NULL; if (ptr->flags & (FD_RAW_READ | FD_RAW_WRITE)) { if (ptr->length <= 0) return -EINVAL; ptr->kernel_data = (char *)fd_dma_mem_alloc(ptr->length); fallback_on_nodma_alloc(&ptr->kernel_data, ptr->length); if (!ptr->kernel_data) return -ENOMEM; ptr->buffer_length = ptr->length; } if (ptr->flags & FD_RAW_WRITE) { ret = fd_copyin(ptr->data, ptr->kernel_data, ptr->length); if (ret) return ret; } if (ptr->flags & FD_RAW_MORE) { rcmd = &(ptr->next); ptr->rate &= 0x43; goto loop; } return 0; }",visit repo url,drivers/block/floppy.c,https://github.com/torvalds/linux,192297197477758,1 3565,CWE-20,"static int jpc_ppm_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_ppm_t *ppm = &ms->parms.ppm; cstate = 0; if (JAS_CAST(uint, jas_stream_write(out, (char *) ppm->data, ppm->len)) != ppm->len) { return -1; } return 0; }",visit repo url,src/libjasper/jpc/jpc_cs.c,https://github.com/mdadams/jasper,118581758324632,1 2092,CWE-200,"static int ipddp_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) { struct ipddp_route __user *rt = ifr->ifr_data; struct ipddp_route rcp, rcp2, *rp; if(!capable(CAP_NET_ADMIN)) return -EPERM; if(copy_from_user(&rcp, rt, sizeof(rcp))) return -EFAULT; switch(cmd) { case SIOCADDIPDDPRT: return ipddp_create(&rcp); case SIOCFINDIPDDPRT: spin_lock_bh(&ipddp_route_lock); rp = __ipddp_find_route(&rcp); if (rp) memcpy(&rcp2, rp, sizeof(rcp2)); spin_unlock_bh(&ipddp_route_lock); if (rp) { if (copy_to_user(rt, &rcp2, sizeof(struct ipddp_route))) return -EFAULT; return 0; } else return -ENOENT; case SIOCDELIPDDPRT: return ipddp_delete(&rcp); default: return -EINVAL; } }",visit repo url,drivers/net/appletalk/ipddp.c,https://github.com/torvalds/linux,16186459604191,1 4558,['CWE-20'],"static int ext4_add_nondir(handle_t *handle, struct dentry *dentry, struct inode *inode) { int err = ext4_add_entry(handle, dentry, inode); if (!err) { ext4_mark_inode_dirty(handle, inode); d_instantiate(dentry, inode); unlock_new_inode(inode); return 0; } drop_nlink(inode); unlock_new_inode(inode); iput(inode); return err; }",linux-2.6,,,326317155632300629447429428341680811178,0 6351,['CWE-200'],"static int tc_fill_tclass(struct sk_buff *skb, struct Qdisc *q, unsigned long cl, u32 pid, u32 seq, u16 flags, int event) { struct tcmsg *tcm; struct nlmsghdr *nlh; unsigned char *b = skb->tail; struct gnet_dump d; struct Qdisc_class_ops *cl_ops = q->ops->cl_ops; nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags); tcm = NLMSG_DATA(nlh); tcm->tcm_family = AF_UNSPEC; tcm->tcm_ifindex = q->dev->ifindex; tcm->tcm_parent = q->handle; tcm->tcm_handle = q->handle; tcm->tcm_info = 0; RTA_PUT(skb, TCA_KIND, IFNAMSIZ, q->ops->id); if (cl_ops->dump && cl_ops->dump(q, cl, skb, tcm) < 0) goto rtattr_failure; if (gnet_stats_start_copy_compat(skb, TCA_STATS2, TCA_STATS, TCA_XSTATS, q->stats_lock, &d) < 0) goto rtattr_failure; if (cl_ops->dump_stats && cl_ops->dump_stats(q, cl, &d) < 0) goto rtattr_failure; if (gnet_stats_finish_copy(&d) < 0) goto rtattr_failure; nlh->nlmsg_len = skb->tail - b; return skb->len; nlmsg_failure: rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,288549277231237615024913385062579560542,0 579,[],"static long bad_file_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { return -EIO; }",linux-2.6,,,97930360278458648984232959528972356564,0 3551,CWE-20,"static int jas_iccgetuint32(jas_stream_t *in, jas_iccuint32_t *val) { ulonglong tmp; if (jas_iccgetuint(in, 4, &tmp)) return -1; *val = tmp; return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,44294517142333,1 1479,CWE-264,"static int perf_event_read_group(struct perf_event *event, u64 read_format, char __user *buf) { struct perf_event *leader = event->group_leader, *sub; int n = 0, size = 0, ret = -EFAULT; struct perf_event_context *ctx = leader->ctx; u64 values[5]; u64 count, enabled, running; mutex_lock(&ctx->mutex); count = perf_event_read_value(leader, &enabled, &running); values[n++] = 1 + leader->nr_siblings; if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) values[n++] = enabled; if (read_format & PERF_FORMAT_TOTAL_TIME_RUNNING) values[n++] = running; values[n++] = count; if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(leader); size = n * sizeof(u64); if (copy_to_user(buf, values, size)) goto unlock; ret = size; list_for_each_entry(sub, &leader->sibling_list, group_entry) { n = 0; values[n++] = perf_event_read_value(sub, &enabled, &running); if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(sub); size = n * sizeof(u64); if (copy_to_user(buf + ret, values, size)) { ret = -EFAULT; goto unlock; } ret += size; } unlock: mutex_unlock(&ctx->mutex); return ret; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,52377704495617,1 3997,['CWE-362'],"const char *audit_tree_path(struct audit_tree *tree) { return tree->pathname; }",linux-2.6,,,246327953831470135670743266985882151470,0 585,[],"static ssize_t bad_file_sendpage(struct file *file, struct page *page, int off, size_t len, loff_t *pos, int more) { return -EIO; }",linux-2.6,,,150363939086674295848467384228111524460,0 5562,[],"void exit_signals(struct task_struct *tsk) { int group_stop = 0; struct task_struct *t; if (thread_group_empty(tsk) || signal_group_exit(tsk->signal)) { tsk->flags |= PF_EXITING; return; } spin_lock_irq(&tsk->sighand->siglock); tsk->flags |= PF_EXITING; if (!signal_pending(tsk)) goto out; for (t = tsk; (t = next_thread(t)) != tsk; ) if (!signal_pending(t) && !(t->flags & PF_EXITING)) recalc_sigpending_and_wake(t); if (unlikely(tsk->signal->group_stop_count) && !--tsk->signal->group_stop_count) { tsk->signal->flags = SIGNAL_STOP_STOPPED; group_stop = 1; } out: spin_unlock_irq(&tsk->sighand->siglock); if (unlikely(group_stop) && tracehook_notify_jctl(1, CLD_STOPPED)) { read_lock(&tasklist_lock); do_notify_parent_cldstop(tsk, CLD_STOPPED); read_unlock(&tasklist_lock); } }",linux-2.6,,,54924716971725901510028674983177295164,0 6485,[],"void lt_dlinterface_free (lt_dlinterface_id key) { lt__interface_id *interface_id = (lt__interface_id *)key; FREE (interface_id->id_string); FREE (interface_id); }",libtool,,,299315876652517196265742015419887688631,0 4117,['CWE-399'],"static int sg_set_timeout(struct request_queue *q, int __user *p) { int timeout, err = get_user(timeout, p); if (!err) q->sg_timeout = timeout * (HZ / USER_HZ); return err; }",linux-2.6,,,76069962711312990832624523217168658585,0 4308,CWE-125,"RList *r_bin_ne_get_entrypoints(r_bin_ne_obj_t *bin) { if (!bin->entry_table) { return NULL; } RList *entries = r_list_newf (free); if (!entries) { return NULL; } RList *segments = r_bin_ne_get_segments (bin); if (!segments) { r_list_free (entries); return NULL; } if (bin->ne_header->csEntryPoint) { RBinAddr *entry = R_NEW0 (RBinAddr); if (!entry) { r_list_free (entries); return NULL; } entry->bits = 16; ut32 entry_cs = bin->ne_header->csEntryPoint; RBinSection *s = r_list_get_n (segments, entry_cs - 1); entry->paddr = bin->ne_header->ipEntryPoint + (s? s->paddr: 0); r_list_append (entries, entry); } int off = 0; size_t tableat = bin->header_offset + bin->ne_header->EntryTableOffset; while (off < bin->ne_header->EntryTableLength) { if (tableat + off >= r_buf_size (bin->buf)) { break; } ut8 bundle_length = *(ut8 *)(bin->entry_table + off); if (!bundle_length) { break; } off++; ut8 bundle_type = *(ut8 *)(bin->entry_table + off); off++; int i; for (i = 0; i < bundle_length; i++) { if (tableat + off + 4 >= r_buf_size (bin->buf)) { break; } RBinAddr *entry = R_NEW0 (RBinAddr); if (!entry) { r_list_free (entries); return NULL; } off++; if (!bundle_type) { off--; free (entry); break; } else if (bundle_type == 0xff) { off += 2; ut8 segnum = *(bin->entry_table + off); off++; ut16 segoff = *(ut16 *)(bin->entry_table + off); if (segnum > 0) { entry->paddr = (ut64)bin->segment_entries[segnum - 1].offset * bin->alignment + segoff; } } else { if (bundle_type < bin->ne_header->SegCount) { entry->paddr = (ut64)bin->segment_entries[bundle_type - 1].offset * bin->alignment + *(ut16 *)(bin->entry_table + off); } } off += 2; r_list_append (entries, entry); } } r_list_free (segments); bin->entries = entries; return entries; }",visit repo url,libr/bin/format/ne/ne.c,https://github.com/radareorg/radare2,226254493054404,1 1564,[],"static int move_tasks(struct rq *this_rq, int this_cpu, struct rq *busiest, unsigned long max_load_move, struct sched_domain *sd, enum cpu_idle_type idle, int *all_pinned) { const struct sched_class *class = sched_class_highest; unsigned long total_load_moved = 0; int this_best_prio = this_rq->curr->prio; do { total_load_moved += class->load_balance(this_rq, this_cpu, busiest, max_load_move - total_load_moved, sd, idle, all_pinned, &this_best_prio); class = class->next; } while (class && max_load_move > total_load_moved); return total_load_moved > 0; }",linux-2.6,,,242874579990668083176740976257258262935,0 6588,['CWE-200'],"nma_gconf_connection_new_from_connection (GConfClient *client, const char *conf_dir, NMConnection *connection) { g_return_val_if_fail (GCONF_IS_CLIENT (client), NULL); g_return_val_if_fail (conf_dir != NULL, NULL); g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL); return (NMAGConfConnection *) g_object_new (NMA_TYPE_GCONF_CONNECTION, NMA_GCONF_CONNECTION_CLIENT, client, NMA_GCONF_CONNECTION_DIR, conf_dir, NM_EXPORTED_CONNECTION_CONNECTION, connection, NULL); }",network-manager-applet,,,42614409342807735497712569746394577858,0 705,CWE-20,"int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int err = 0; size_t target, copied = 0; long timeo; if (flags & MSG_OOB) return -EOPNOTSUPP; msg->msg_namelen = 0; BT_DBG(""sk %p size %zu"", sk, size); lock_sock(sk); target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); do { struct sk_buff *skb; int chunk; skb = skb_dequeue(&sk->sk_receive_queue); if (!skb) { if (copied >= target) break; err = sock_error(sk); if (err) break; if (sk->sk_shutdown & RCV_SHUTDOWN) break; err = -EAGAIN; if (!timeo) break; timeo = bt_sock_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } continue; } chunk = min_t(unsigned int, skb->len, size); if (skb_copy_datagram_iovec(skb, 0, msg->msg_iov, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (!copied) copied = -EFAULT; break; } copied += chunk; size -= chunk; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { int skb_len = skb_headlen(skb); if (chunk <= skb_len) { __skb_pull(skb, chunk); } else { struct sk_buff *frag; __skb_pull(skb, skb_len); chunk -= skb_len; skb_walk_frags(skb, frag) { if (chunk <= frag->len) { skb->len -= chunk; skb->data_len -= chunk; __skb_pull(frag, chunk); break; } else if (frag->len) { chunk -= frag->len; skb->len -= frag->len; skb->data_len -= frag->len; __skb_pull(frag, frag->len); } } } if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); out: release_sock(sk); return copied ? : err; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,130876190644773,1 6637,['CWE-200'],"format_last_used (guint64 timestamp) { GTimeVal now_tv; GDate *now, *last; char *last_used = NULL; if (!timestamp) return g_strdup (_(""never"")); g_get_current_time (&now_tv); now = g_date_new (); g_date_set_time_val (now, &now_tv); last = g_date_new (); g_date_set_time_t (last, (time_t) timestamp); if (now_tv.tv_sec <= timestamp) { last_used = g_strdup (_(""now"")); goto out; } if (g_date_compare (now, last) <= 0) { guint minutes, hours; minutes = (now_tv.tv_sec - timestamp) / 60; if (minutes == 0) { last_used = g_strdup (_(""now"")); goto out; } hours = (now_tv.tv_sec - timestamp) / 3600; if (hours == 0) { last_used = g_strdup_printf (ngettext (""%d minute ago"", ""%d minutes ago"", minutes), minutes); goto out; } last_used = g_strdup_printf (ngettext (""%d hour ago"", ""%d hours ago"", hours), hours); } else { guint days, months, years; days = g_date_get_julian (now) - g_date_get_julian (last); if (days == 0) { last_used = g_strdup (""today""); goto out; } months = days / 30; if (months == 0) { last_used = g_strdup_printf (ngettext (""%d day ago"", ""%d days ago"", days), days); goto out; } years = days / 365; if (years == 0) { last_used = g_strdup_printf (ngettext (""%d month ago"", ""%d months ago"", months), months); goto out; } last_used = g_strdup_printf (ngettext (""%d year ago"", ""%d years ago"", years), years); } out: g_date_free (now); g_date_free (last); return last_used; }",network-manager-applet,,,295309485722959487994076564173071402483,0 6303,['CWE-200'],"static int neigh_del_timer(struct neighbour *n) { if ((n->nud_state & NUD_IN_TIMER) && del_timer(&n->timer)) { neigh_release(n); return 1; } return 0; }",linux-2.6,,,293761208012541811002289458277262988151,0 5158,CWE-125,"ast_for_atom(struct compiling *c, const node *n) { node *ch = CHILD(n, 0); switch (TYPE(ch)) { case NAME: { PyObject *name; const char *s = STR(ch); size_t len = strlen(s); if (len >= 4 && len <= 5) { if (!strcmp(s, ""None"")) return Constant(Py_None, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); if (!strcmp(s, ""True"")) return Constant(Py_True, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); if (!strcmp(s, ""False"")) return Constant(Py_False, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } name = new_identifier(s, c); if (!name) return NULL; return Name(name, Load, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } case STRING: { expr_ty str = parsestrplus(c, n); if (!str) { const char *errtype = NULL; if (PyErr_ExceptionMatches(PyExc_UnicodeError)) errtype = ""unicode error""; else if (PyErr_ExceptionMatches(PyExc_ValueError)) errtype = ""value error""; if (errtype) { PyObject *type, *value, *tback, *errstr; PyErr_Fetch(&type, &value, &tback); errstr = PyObject_Str(value); if (errstr) { ast_error(c, n, ""(%s) %U"", errtype, errstr); Py_DECREF(errstr); } else { PyErr_Clear(); ast_error(c, n, ""(%s) unknown error"", errtype); } Py_DECREF(type); Py_XDECREF(value); Py_XDECREF(tback); } return NULL; } return str; } case NUMBER: { PyObject *pynum = parsenumber(c, STR(ch)); if (!pynum) return NULL; if (PyArena_AddPyObject(c->c_arena, pynum) < 0) { Py_DECREF(pynum); return NULL; } return Constant(pynum, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } case ELLIPSIS: return Constant(Py_Ellipsis, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); case LPAR: ch = CHILD(n, 1); if (TYPE(ch) == RPAR) return Tuple(NULL, Load, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); if (TYPE(ch) == yield_expr) return ast_for_expr(c, ch); if (NCH(ch) == 1) { return ast_for_testlist(c, ch); } if (TYPE(CHILD(ch, 1)) == comp_for) { return copy_location(ast_for_genexp(c, ch), n); } else { return copy_location(ast_for_testlist(c, ch), n); } case LSQB: ch = CHILD(n, 1); if (TYPE(ch) == RSQB) return List(NULL, Load, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); REQ(ch, testlist_comp); if (NCH(ch) == 1 || TYPE(CHILD(ch, 1)) == COMMA) { asdl_seq *elts = seq_for_testlist(c, ch); if (!elts) return NULL; return List(elts, Load, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else { return copy_location(ast_for_listcomp(c, ch), n); } case LBRACE: { expr_ty res; ch = CHILD(n, 1); if (TYPE(ch) == RBRACE) { return Dict(NULL, NULL, LINENO(n), n->n_col_offset, n->n_end_lineno, n->n_end_col_offset, c->c_arena); } else { int is_dict = (TYPE(CHILD(ch, 0)) == DOUBLESTAR); if (NCH(ch) == 1 || (NCH(ch) > 1 && TYPE(CHILD(ch, 1)) == COMMA)) { res = ast_for_setdisplay(c, ch); } else if (NCH(ch) > 1 && TYPE(CHILD(ch, 1)) == comp_for) { res = ast_for_setcomp(c, ch); } else if (NCH(ch) > 3 - is_dict && TYPE(CHILD(ch, 3 - is_dict)) == comp_for) { if (is_dict) { ast_error(c, n, ""dict unpacking cannot be used in "" ""dict comprehension""); return NULL; } res = ast_for_dictcomp(c, ch); } else { res = ast_for_dictdisplay(c, ch); } return copy_location(res, n); } } default: PyErr_Format(PyExc_SystemError, ""unhandled atom %d"", TYPE(ch)); return NULL; } }",visit repo url,Python/ast.c,https://github.com/python/cpython,67607919392624,1 2398,['CWE-119'],"static void show_tree(struct diff_options *opt, const char *prefix, struct tree_desc *desc, const char *base, int baselen) { int all_interesting = 0; while (desc->size) { int show; if (all_interesting) show = 1; else { show = tree_entry_interesting(desc, base, baselen, opt); if (show == 2) all_interesting = 1; } if (show < 0) break; if (show) show_entry(opt, prefix, desc, base, baselen); update_tree_entry(desc); } }",git,,,105773985925293620989872800826598160977,0 4822,['CWE-399'],"static struct inotify_kernel_event *get_one_event(struct inotify_device *dev, size_t count) { size_t event_size = sizeof(struct inotify_event); struct inotify_kernel_event *kevent; if (list_empty(&dev->events)) return NULL; kevent = inotify_dev_get_event(dev); if (kevent->name) event_size += kevent->event.len; if (event_size > count) return ERR_PTR(-EINVAL); remove_kevent(dev, kevent); return kevent; }",linux-2.6,,,122017204466254047481201347949035875219,0 575,CWE-20,"static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry) { struct net_bridge_mdb_htable *mdb; struct net_bridge_mdb_entry *mp; struct net_bridge_port_group *p; struct net_bridge_port_group __rcu **pp; struct br_ip ip; int err = -EINVAL; if (!netif_running(br->dev) || br->multicast_disabled) return -EINVAL; if (timer_pending(&br->multicast_querier_timer)) return -EBUSY; ip.proto = entry->addr.proto; if (ip.proto == htons(ETH_P_IP)) ip.u.ip4 = entry->addr.u.ip4; #if IS_ENABLED(CONFIG_IPV6) else ip.u.ip6 = entry->addr.u.ip6; #endif spin_lock_bh(&br->multicast_lock); mdb = mlock_dereference(br->mdb, br); mp = br_mdb_ip_get(mdb, &ip); if (!mp) goto unlock; for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL; pp = &p->next) { if (!p->port || p->port->dev->ifindex != entry->ifindex) continue; if (p->port->state == BR_STATE_DISABLED) goto unlock; rcu_assign_pointer(*pp, p->next); hlist_del_init(&p->mglist); del_timer(&p->timer); call_rcu_bh(&p->rcu, br_multicast_free_pg); err = 0; if (!mp->ports && !mp->mglist && netif_running(br->dev)) mod_timer(&mp->timer, jiffies); break; } unlock: spin_unlock_bh(&br->multicast_lock); return err; }",visit repo url,net/bridge/br_mdb.c,https://github.com/torvalds/linux,272209835980010,1 67,['CWE-787'],"static int cirrus_hook_read_palette(CirrusVGAState * s, int *reg_value) { if (!(s->sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) return CIRRUS_HOOK_NOT_HANDLED; *reg_value = s->cirrus_hidden_palette[(s->dac_read_index & 0x0f) * 3 + s->dac_sub_index]; if (++s->dac_sub_index == 3) { s->dac_sub_index = 0; s->dac_read_index++; } return CIRRUS_HOOK_HANDLED; }",qemu,,,76880907381697519112657888760010365296,0 4477,['CWE-264'],"static void ResetAdapter(struct s_smc *smc) { PRINTK(KERN_INFO ""[fddi: ResetAdapter]\n""); card_stop(smc); mac_drv_clear_tx_queue(smc); mac_drv_clear_rx_queue(smc); smt_reset_defaults(smc, 1); init_smt(smc, (smc->os.dev)->dev_addr); smt_online(smc, 1); STI_FBI(); skfp_ctl_set_multicast_list_wo_lock(smc->os.dev); } ",linux-2.6,,,69833469663978842008116187447572154252,0 1114,['CWE-399'],"static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size) { unsigned long sp; sp = regs->sp; if (ka->sa.sa_flags & SA_ONSTACK) { if (sas_ss_flags(sp) == 0) sp = current->sas_ss_sp + current->sas_ss_size; } else if ((regs->ss & 0xffff) != __USER_DS && !(ka->sa.sa_flags & SA_RESTORER) && ka->sa.sa_restorer) sp = (unsigned long) ka->sa.sa_restorer; sp -= frame_size; sp = ((sp + 4) & -16ul) - 4; return (void __user *) sp; }",linux-2.6,,,183770217219950504540165477874928069645,0 365,[],"pfarg_is_sane(struct task_struct *task, pfarg_context_t *pfx) { int ctx_flags; ctx_flags = pfx->ctx_flags; if (ctx_flags & PFM_FL_SYSTEM_WIDE) { if (ctx_flags & PFM_FL_NOTIFY_BLOCK) { DPRINT((""cannot use blocking mode when in system wide monitoring\n"")); return -EINVAL; } } else { } return 0; }",linux-2.6,,,279366466758580465879116720582613953405,0 5,CWE-252,"getlogin_r (name, name_len) char *name; size_t name_len; { char tty_pathname[2 + 2 * NAME_MAX]; char *real_tty_path = tty_pathname; int result = 0; struct utmp *ut, line, buffer; { int d = __open (""/dev/tty"", 0); if (d < 0) return errno; result = __ttyname_r (d, real_tty_path, sizeof (tty_pathname)); (void) __close (d); if (result != 0) { __set_errno (result); return result; } } real_tty_path += 5; __setutent (); strncpy (line.ut_line, real_tty_path, sizeof line.ut_line); if (__getutline_r (&line, &buffer, &ut) < 0) { if (errno == ESRCH) result = ENOENT; else result = errno; } else { size_t needed = strlen (ut->ut_line) + 1; if (needed < name_len) { __set_errno (ERANGE); result = ERANGE; } else { memcpy (name, ut->ut_line, needed); result = 0; } } __endutent (); return result; }",visit repo url,sysdeps/unix/getlogin_r.c,https://github.com/bminor/glibc,190924991864966,1 1892,['CWE-20'],"static void __init vdso_setup_syscall_map(void) { unsigned int i; extern unsigned long *sys_call_table; extern unsigned long sys_ni_syscall; for (i = 0; i < __NR_syscalls; i++) { #ifdef CONFIG_PPC64 if (sys_call_table[i*2] != sys_ni_syscall) vdso_data->syscall_map_64[i >> 5] |= 0x80000000UL >> (i & 0x1f); if (sys_call_table[i*2+1] != sys_ni_syscall) vdso_data->syscall_map_32[i >> 5] |= 0x80000000UL >> (i & 0x1f); #else if (sys_call_table[i] != sys_ni_syscall) vdso_data->syscall_map_32[i >> 5] |= 0x80000000UL >> (i & 0x1f); #endif } }",linux-2.6,,,185118540754304666796330071179409177478,0 2651,CWE-125,"static int append_key_value(smart_str* loc_name, HashTable* hash_arr, char* key_name) { zval** ele_value = NULL; if(zend_hash_find(hash_arr , key_name , strlen(key_name) + 1 ,(void **)&ele_value ) == SUCCESS ) { if(Z_TYPE_PP(ele_value)!= IS_STRING ){ return FAILURE; } if(strcmp(key_name, LOC_LANG_TAG) != 0 && strcmp(key_name, LOC_GRANDFATHERED_LANG_TAG)!=0 ) { smart_str_appendl(loc_name, SEPARATOR , sizeof(SEPARATOR)-1); } smart_str_appendl(loc_name, Z_STRVAL_PP(ele_value) , Z_STRLEN_PP(ele_value)); return SUCCESS; } return LOC_NOT_FOUND; }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,54546473474230,1 911,['CWE-200'],"static int shmem_map_and_free_swp(struct page *subdir, int offset, int limit, struct page ***dir, spinlock_t *punch_lock) { swp_entry_t *ptr; int freed = 0; ptr = shmem_swp_map(subdir); for (; offset < limit; offset += LATENCY_LIMIT) { int size = limit - offset; if (size > LATENCY_LIMIT) size = LATENCY_LIMIT; freed += shmem_free_swp(ptr+offset, ptr+offset+size, punch_lock); if (need_resched()) { shmem_swp_unmap(ptr); if (*dir) { shmem_dir_unmap(*dir); *dir = NULL; } cond_resched(); ptr = shmem_swp_map(subdir); } } shmem_swp_unmap(ptr); return freed; }",linux-2.6,,,39490064293757868191281751904450214782,0 924,CWE-200,"static int rd_build_device_space(struct rd_dev *rd_dev) { u32 i = 0, j, page_offset = 0, sg_per_table, sg_tables, total_sg_needed; u32 max_sg_per_table = (RD_MAX_ALLOCATION_SIZE / sizeof(struct scatterlist)); struct rd_dev_sg_table *sg_table; struct page *pg; struct scatterlist *sg; if (rd_dev->rd_page_count <= 0) { pr_err(""Illegal page count: %u for Ramdisk device\n"", rd_dev->rd_page_count); return -EINVAL; } if (rd_dev->rd_flags & RDF_NULLIO) return 0; total_sg_needed = rd_dev->rd_page_count; sg_tables = (total_sg_needed / max_sg_per_table) + 1; sg_table = kzalloc(sg_tables * sizeof(struct rd_dev_sg_table), GFP_KERNEL); if (!sg_table) { pr_err(""Unable to allocate memory for Ramdisk"" "" scatterlist tables\n""); return -ENOMEM; } rd_dev->sg_table_array = sg_table; rd_dev->sg_table_count = sg_tables; while (total_sg_needed) { sg_per_table = (total_sg_needed > max_sg_per_table) ? max_sg_per_table : total_sg_needed; sg = kzalloc(sg_per_table * sizeof(struct scatterlist), GFP_KERNEL); if (!sg) { pr_err(""Unable to allocate scatterlist array"" "" for struct rd_dev\n""); return -ENOMEM; } sg_init_table(sg, sg_per_table); sg_table[i].sg_table = sg; sg_table[i].rd_sg_count = sg_per_table; sg_table[i].page_start_offset = page_offset; sg_table[i++].page_end_offset = (page_offset + sg_per_table) - 1; for (j = 0; j < sg_per_table; j++) { pg = alloc_pages(GFP_KERNEL, 0); if (!pg) { pr_err(""Unable to allocate scatterlist"" "" pages for struct rd_dev_sg_table\n""); return -ENOMEM; } sg_assign_page(&sg[j], pg); sg[j].length = PAGE_SIZE; } page_offset += sg_per_table; total_sg_needed -= sg_per_table; } pr_debug(""CORE_RD[%u] - Built Ramdisk Device ID: %u space of"" "" %u pages in %u tables\n"", rd_dev->rd_host->rd_host_id, rd_dev->rd_dev_id, rd_dev->rd_page_count, rd_dev->sg_table_count); return 0; }",visit repo url,drivers/target/target_core_rd.c,https://github.com/torvalds/linux,222501794000175,1 2373,['CWE-200'],"snd_seq_oss_synth_cleanup(struct seq_oss_devinfo *dp) { int i; struct seq_oss_synth *rec; struct seq_oss_synthinfo *info; snd_assert(dp->max_synthdev <= SNDRV_SEQ_OSS_MAX_SYNTH_DEVS, return); for (i = 0; i < dp->max_synthdev; i++) { info = &dp->synths[i]; if (! info->opened) continue; if (info->is_midi) { if (midi_synth_dev.opened > 0) { snd_seq_oss_midi_close(dp, info->midi_mapped); midi_synth_dev.opened--; } } else { rec = get_sdev(i); if (rec == NULL) continue; if (rec->opened > 0) { debug_printk((""synth %d closed\n"", i)); rec->oper.close(&info->arg); module_put(rec->oper.owner); rec->opened = 0; } snd_use_lock_free(&rec->use_lock); } kfree(info->sysex); info->sysex = NULL; kfree(info->ch); info->ch = NULL; } dp->synth_opened = 0; dp->max_synthdev = 0; }",linux-2.6,,,14260418466170772344627692569031720883,0 6455,[],"lt_dlerror (void) { const char *error; LT__GETERROR (error); LT__SETERRORSTR (0); return error ? error : NULL; }",libtool,,,101212387234883199726568053514277121946,0 1842,CWE-362,"int pipe_resize_ring(struct pipe_inode_info *pipe, unsigned int nr_slots) { struct pipe_buffer *bufs; unsigned int head, tail, mask, n; mask = pipe->ring_size - 1; head = pipe->head; tail = pipe->tail; n = pipe_occupancy(pipe->head, pipe->tail); if (nr_slots < n) return -EBUSY; bufs = kcalloc(nr_slots, sizeof(*bufs), GFP_KERNEL_ACCOUNT | __GFP_NOWARN); if (unlikely(!bufs)) return -ENOMEM; if (n > 0) { unsigned int h = head & mask; unsigned int t = tail & mask; if (h > t) { memcpy(bufs, pipe->bufs + t, n * sizeof(struct pipe_buffer)); } else { unsigned int tsize = pipe->ring_size - t; if (h > 0) memcpy(bufs + tsize, pipe->bufs, h * sizeof(struct pipe_buffer)); memcpy(bufs, pipe->bufs + t, tsize * sizeof(struct pipe_buffer)); } } head = n; tail = 0; kfree(pipe->bufs); pipe->bufs = bufs; pipe->ring_size = nr_slots; if (pipe->max_usage > nr_slots) pipe->max_usage = nr_slots; pipe->tail = tail; pipe->head = head; wake_up_interruptible(&pipe->wr_wait); return 0; }",visit repo url,fs/pipe.c,https://github.com/torvalds/linux,50552763430704,1 5868,CWE-835,"PJ_DEF(pj_status_t) pjmedia_wav_player_port_create( pj_pool_t *pool, const char *filename, unsigned ptime, unsigned options, pj_ssize_t buff_size, pjmedia_port **p_port ) { pjmedia_wave_hdr wave_hdr; pj_ssize_t size_to_read, size_read; struct file_reader_port *fport; pjmedia_audio_format_detail *ad; pj_off_t pos; pj_str_t name; unsigned samples_per_frame; pj_status_t status = PJ_SUCCESS; PJ_ASSERT_RETURN(pool && filename && p_port, PJ_EINVAL); if (!pj_file_exists(filename)) { return PJ_ENOTFOUND; } if (ptime == 0) ptime = 20; if (buff_size < 1) buff_size = PJMEDIA_FILE_PORT_BUFSIZE; fport = create_file_port(pool); if (!fport) { return PJ_ENOMEM; } fport->fsize = pj_file_size(filename); if (fport->fsize <= sizeof(pjmedia_wave_hdr)) { return PJMEDIA_ENOTVALIDWAVE; } status = pj_file_open( pool, filename, PJ_O_RDONLY, &fport->fd); if (status != PJ_SUCCESS) return status; size_read = size_to_read = sizeof(wave_hdr) - 8; status = pj_file_read( fport->fd, &wave_hdr, &size_read); if (status != PJ_SUCCESS) { pj_file_close(fport->fd); return status; } if (size_read != size_to_read) { pj_file_close(fport->fd); return PJMEDIA_ENOTVALIDWAVE; } pjmedia_wave_hdr_file_to_host(&wave_hdr); if (wave_hdr.riff_hdr.riff != PJMEDIA_RIFF_TAG || wave_hdr.riff_hdr.wave != PJMEDIA_WAVE_TAG || wave_hdr.fmt_hdr.fmt != PJMEDIA_FMT_TAG) { pj_file_close(fport->fd); TRACE_((THIS_FILE, ""actual value|expected riff=%x|%x, wave=%x|%x fmt=%x|%x"", wave_hdr.riff_hdr.riff, PJMEDIA_RIFF_TAG, wave_hdr.riff_hdr.wave, PJMEDIA_WAVE_TAG, wave_hdr.fmt_hdr.fmt, PJMEDIA_FMT_TAG)); return PJMEDIA_ENOTVALIDWAVE; } switch (wave_hdr.fmt_hdr.fmt_tag) { case PJMEDIA_WAVE_FMT_TAG_PCM: if (wave_hdr.fmt_hdr.bits_per_sample != 16 || wave_hdr.fmt_hdr.block_align != 2 * wave_hdr.fmt_hdr.nchan) status = PJMEDIA_EWAVEUNSUPP; break; case PJMEDIA_WAVE_FMT_TAG_ALAW: case PJMEDIA_WAVE_FMT_TAG_ULAW: if (wave_hdr.fmt_hdr.bits_per_sample != 8 || wave_hdr.fmt_hdr.block_align != wave_hdr.fmt_hdr.nchan) status = PJMEDIA_ENOTVALIDWAVE; break; default: status = PJMEDIA_EWAVEUNSUPP; break; } if (status != PJ_SUCCESS) { pj_file_close(fport->fd); return status; } fport->fmt_tag = (pjmedia_wave_fmt_tag)wave_hdr.fmt_hdr.fmt_tag; fport->bytes_per_sample = (pj_uint16_t) (wave_hdr.fmt_hdr.bits_per_sample / 8); if (wave_hdr.fmt_hdr.len > 16) { size_to_read = wave_hdr.fmt_hdr.len - 16; status = pj_file_setpos(fport->fd, size_to_read, PJ_SEEK_CUR); if (status != PJ_SUCCESS) { pj_file_close(fport->fd); return status; } } for (;;) { pjmedia_wave_subchunk subchunk; size_read = 8; status = pj_file_read(fport->fd, &subchunk, &size_read); if (status != PJ_SUCCESS || size_read != 8) { pj_file_close(fport->fd); return PJMEDIA_EWAVETOOSHORT; } PJMEDIA_WAVE_NORMALIZE_SUBCHUNK(&subchunk); if (subchunk.id == PJMEDIA_DATA_TAG) { wave_hdr.data_hdr.data = PJMEDIA_DATA_TAG; wave_hdr.data_hdr.len = subchunk.len; break; } size_to_read = subchunk.len; status = pj_file_setpos(fport->fd, size_to_read, PJ_SEEK_CUR); if (status != PJ_SUCCESS) { pj_file_close(fport->fd); return status; } } status = pj_file_getpos(fport->fd, &pos); fport->start_data = (unsigned)pos; fport->data_len = wave_hdr.data_hdr.len; fport->data_left = wave_hdr.data_hdr.len; if (wave_hdr.data_hdr.len > fport->fsize - fport->start_data) { wave_hdr.data_hdr.len = (pj_uint32_t)fport->fsize - fport->start_data; } if (wave_hdr.data_hdr.len < ptime * wave_hdr.fmt_hdr.sample_rate * wave_hdr.fmt_hdr.nchan / 1000) { pj_file_close(fport->fd); return PJMEDIA_EWAVETOOSHORT; } fport->options = options; ad = pjmedia_format_get_audio_format_detail(&fport->base.info.fmt, 1); pj_strdup2(pool, &name, filename); samples_per_frame = ptime * wave_hdr.fmt_hdr.sample_rate * wave_hdr.fmt_hdr.nchan / 1000; pjmedia_port_info_init(&fport->base.info, &name, SIGNATURE, wave_hdr.fmt_hdr.sample_rate, wave_hdr.fmt_hdr.nchan, BITS_PER_SAMPLE, samples_per_frame); if (wave_hdr.data_hdr.len < (unsigned)buff_size) buff_size = wave_hdr.data_hdr.len; fport->bufsize = (pj_uint32_t)buff_size; if (samples_per_frame * fport->bytes_per_sample >= fport->bufsize) { pj_file_close(fport->fd); return PJ_EINVAL; } fport->buf = (char*) pj_pool_alloc(pool, fport->bufsize); if (!fport->buf) { pj_file_close(fport->fd); return PJ_ENOMEM; } fport->readpos = fport->buf; fport->fpos = fport->start_data; status = fill_buffer(fport); if (status != PJ_SUCCESS) { pj_file_close(fport->fd); return status; } *p_port = &fport->base; PJ_LOG(4,(THIS_FILE, ""File player '%.*s' created: samp.rate=%d, ch=%d, bufsize=%uKB, "" ""filesize=%luKB"", (int)fport->base.info.name.slen, fport->base.info.name.ptr, ad->clock_rate, ad->channel_count, fport->bufsize / 1000, (unsigned long)(fport->fsize / 1000))); return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/wav_player.c,https://github.com/pjsip/pjproject,83329747351284,1 6182,['CWE-200'],"static int neigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, struct netlink_callback *cb) { struct neighbour *n; int rc, h, s_h = cb->args[1]; int idx, s_idx = idx = cb->args[2]; for (h = 0; h <= tbl->hash_mask; h++) { if (h < s_h) continue; if (h > s_h) s_idx = 0; read_lock_bh(&tbl->lock); for (n = tbl->hash_buckets[h], idx = 0; n; n = n->next, idx++) { if (idx < s_idx) continue; if (neigh_fill_info(skb, n, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, RTM_NEWNEIGH, NLM_F_MULTI) <= 0) { read_unlock_bh(&tbl->lock); rc = -1; goto out; } } read_unlock_bh(&tbl->lock); } rc = skb->len; out: cb->args[1] = h; cb->args[2] = idx; return rc; }",linux-2.6,,,190399947903505816491974560015659793354,0 4222,CWE-476,"R_API bool r_io_bank_read_at(RIO *io, const ut32 bankid, ut64 addr, ut8 *buf, int len) { r_return_val_if_fail (io, false); RIOBank *bank = r_io_bank_get (io, bankid); if (!bank) { return false; } RIOSubMap fake_sm = {{0}}; fake_sm.itv.addr = addr; fake_sm.itv.size = len; RRBNode *node; if (R_LIKELY (bank->last_used && r_io_submap_contain (((RIOSubMap *)bank->last_used->data), addr))) { node = bank->last_used; } else { node = _find_entry_submap_node (bank, &fake_sm); } memset (buf, io->Oxff, len); RIOSubMap *sm = node ? (RIOSubMap *)node->data : NULL; bool ret = true; while (sm && r_io_submap_overlap ((&fake_sm), sm)) { bank->last_used = node; RIOMap *map = r_io_map_get_by_ref (io, &sm->mapref); if (!map) { return false; } if (!(map->perm & R_PERM_R)) { node = r_rbnode_next (node); sm = node ? (RIOSubMap *)node->data : NULL; continue; } const ut64 buf_off = R_MAX (addr, r_io_submap_from (sm)) - addr; const int read_len = R_MIN (r_io_submap_to ((&fake_sm)), r_io_submap_to (sm)) - (addr + buf_off) + 1; if (map->perm & R_PERM_RELOC) { ret &= map->reloc_map->read (io, map, addr + buf_off, &buf[buf_off], read_len); } else { const ut64 paddr = addr + buf_off - r_io_map_from (map) + map->delta; ret &= (r_io_fd_read_at (io, map->fd, paddr, &buf[buf_off], read_len) == read_len); } node = r_rbnode_next (node); sm = node ? (RIOSubMap *)node->data : NULL; } return ret; }",visit repo url,libr/io/io_bank.c,https://github.com/radareorg/radare2,181502441536955,1 2422,CWE-119,"static int http_read_header(URLContext *h, int *new_location) { HTTPContext *s = h->priv_data; char line[MAX_URL_SIZE]; int err = 0; s->chunksize = -1; for (;;) { if ((err = http_get_line(s, line, sizeof(line))) < 0) return err; av_log(h, AV_LOG_TRACE, ""header='%s'\n"", line); err = process_line(h, line, s->line_count, new_location); if (err < 0) return err; if (err == 0) break; s->line_count++; } if (s->seekable == -1 && s->is_mediagateway && s->filesize == 2000000000) h->is_streamed = 1; cookie_string(s->cookie_dict, &s->cookies); av_dict_free(&s->cookie_dict); return err; }",visit repo url,libavformat/http.c,https://github.com/FFmpeg/FFmpeg,86197581900834,1 3346,CWE-119,"uint32_t mt_random (mtrand *mt) { uint32_t y; unsigned long mag01[2]; mag01[0] = 0; mag01[1] = MATRIX_A; if (mt->mt_index_ >= MT_LEN) { int kk; for (kk = 0; kk < MT_LEN - MT_IA; kk++) { y = (mt->mt_buffer_[kk] & UPPER_MASK) | (mt->mt_buffer_[kk + 1] & LOWER_MASK); mt->mt_buffer_[kk] = mt->mt_buffer_[kk + MT_IA] ^ (y >> 1) ^ mag01[y & 0x1UL]; } for (;kk < MT_LEN - 1; kk++) { y = (mt->mt_buffer_[kk] & UPPER_MASK) | (mt->mt_buffer_[kk + 1] & LOWER_MASK); mt->mt_buffer_[kk] = mt->mt_buffer_[kk + (MT_IA - MT_LEN)] ^ (y >> 1) ^ mag01[y & 0x1UL]; } y = (mt->mt_buffer_[MT_LEN - 1] & UPPER_MASK) | (mt->mt_buffer_[0] & LOWER_MASK); mt->mt_buffer_[MT_LEN - 1] = mt->mt_buffer_[MT_IA - 1] ^ (y >> 1) ^ mag01[y & 0x1UL]; mt->mt_index_ = 0; } y = mt->mt_buffer_[mt->mt_index_++]; y ^= (y >> 11); y ^= (y << 7) & 0x9d2c5680UL; y ^= (y << 15) & 0xefc60000UL; y ^= (y >> 18); return y; }",visit repo url,xdelta3/xdelta3-test.h,https://github.com/jmacd/xdelta-devel,162387035718753,1 3188,CWE-125,"rt6_print(netdissect_options *ndo, register const u_char *bp, const u_char *bp2 _U_) { register const struct ip6_rthdr *dp; register const struct ip6_rthdr0 *dp0; register const u_char *ep; int i, len; register const struct in6_addr *addr; dp = (const struct ip6_rthdr *)bp; len = dp->ip6r_len; ep = ndo->ndo_snapend; ND_TCHECK(dp->ip6r_segleft); ND_PRINT((ndo, ""srcrt (len=%d"", dp->ip6r_len)); ND_PRINT((ndo, "", type=%d"", dp->ip6r_type)); ND_PRINT((ndo, "", segleft=%d"", dp->ip6r_segleft)); switch (dp->ip6r_type) { case IPV6_RTHDR_TYPE_0: case IPV6_RTHDR_TYPE_2: dp0 = (const struct ip6_rthdr0 *)dp; ND_TCHECK(dp0->ip6r0_reserved); if (dp0->ip6r0_reserved || ndo->ndo_vflag) { ND_PRINT((ndo, "", rsv=0x%0x"", EXTRACT_32BITS(&dp0->ip6r0_reserved))); } if (len % 2 == 1) goto trunc; len >>= 1; addr = &dp0->ip6r0_addr[0]; for (i = 0; i < len; i++) { if ((const u_char *)(addr + 1) > ep) goto trunc; ND_PRINT((ndo, "", [%d]%s"", i, ip6addr_string(ndo, addr))); addr++; } ND_PRINT((ndo, "") "")); return((dp0->ip6r0_len + 1) << 3); break; default: goto trunc; break; } trunc: ND_PRINT((ndo, ""[|srcrt]"")); return -1; }",visit repo url,print-rt6.c,https://github.com/the-tcpdump-group/tcpdump,136265768975781,1 2422,['CWE-119'],"static struct commit *handle_commit(struct rev_info *revs, struct object *object, const char *name) { unsigned long flags = object->flags; while (object->type == OBJ_TAG) { struct tag *tag = (struct tag *) object; if (revs->tag_objects && !(flags & UNINTERESTING)) add_pending_object(revs, object, tag->tag); if (!tag->tagged) die(""bad tag""); object = parse_object(tag->tagged->sha1); if (!object) die(""bad object %s"", sha1_to_hex(tag->tagged->sha1)); } if (object->type == OBJ_COMMIT) { struct commit *commit = (struct commit *)object; if (parse_commit(commit) < 0) die(""unable to parse commit %s"", name); if (flags & UNINTERESTING) { commit->object.flags |= UNINTERESTING; mark_parents_uninteresting(commit); revs->limited = 1; } return commit; } if (object->type == OBJ_TREE) { struct tree *tree = (struct tree *)object; if (!revs->tree_objects) return NULL; if (flags & UNINTERESTING) { mark_tree_uninteresting(tree); return NULL; } add_pending_object(revs, object, """"); return NULL; } if (object->type == OBJ_BLOB) { struct blob *blob = (struct blob *)object; if (!revs->blob_objects) return NULL; if (flags & UNINTERESTING) { mark_blob_uninteresting(blob); return NULL; } add_pending_object(revs, object, """"); return NULL; } die(""%s is unknown object"", name); }",git,,,22058311096984852913739947030947911838,0 4618,['CWE-399'],"int ext4_mark_iloc_dirty(handle_t *handle, struct inode *inode, struct ext4_iloc *iloc) { int err = 0; if (test_opt(inode->i_sb, I_VERSION)) inode_inc_iversion(inode); get_bh(iloc->bh); err = ext4_do_update_inode(handle, inode, iloc); put_bh(iloc->bh); return err; }",linux-2.6,,,11302658637568991797438577444351554564,0 832,CWE-20,"int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { struct sock *sk = sock->sk; struct rds_sock *rs = rds_sk_to_rs(sk); long timeo; int ret = 0, nonblock = msg_flags & MSG_DONTWAIT; struct sockaddr_in *sin; struct rds_incoming *inc = NULL; timeo = sock_rcvtimeo(sk, nonblock); rdsdebug(""size %zu flags 0x%x timeo %ld\n"", size, msg_flags, timeo); msg->msg_namelen = 0; if (msg_flags & MSG_OOB) goto out; while (1) { if (!list_empty(&rs->rs_notify_queue)) { ret = rds_notify_queue_get(rs, msg); break; } if (rs->rs_cong_notify) { ret = rds_notify_cong(rs, msg); break; } if (!rds_next_incoming(rs, &inc)) { if (nonblock) { ret = -EAGAIN; break; } timeo = wait_event_interruptible_timeout(*sk_sleep(sk), (!list_empty(&rs->rs_notify_queue) || rs->rs_cong_notify || rds_next_incoming(rs, &inc)), timeo); rdsdebug(""recvmsg woke inc %p timeo %ld\n"", inc, timeo); if (timeo > 0 || timeo == MAX_SCHEDULE_TIMEOUT) continue; ret = timeo; if (ret == 0) ret = -ETIMEDOUT; break; } rdsdebug(""copying inc %p from %pI4:%u to user\n"", inc, &inc->i_conn->c_faddr, ntohs(inc->i_hdr.h_sport)); ret = inc->i_conn->c_trans->inc_copy_to_user(inc, msg->msg_iov, size); if (ret < 0) break; if (!rds_still_queued(rs, inc, !(msg_flags & MSG_PEEK))) { rds_inc_put(inc); inc = NULL; rds_stats_inc(s_recv_deliver_raced); continue; } if (ret < be32_to_cpu(inc->i_hdr.h_len)) { if (msg_flags & MSG_TRUNC) ret = be32_to_cpu(inc->i_hdr.h_len); msg->msg_flags |= MSG_TRUNC; } if (rds_cmsg_recv(inc, msg)) { ret = -EFAULT; goto out; } rds_stats_inc(s_recv_delivered); sin = (struct sockaddr_in *)msg->msg_name; if (sin) { sin->sin_family = AF_INET; sin->sin_port = inc->i_hdr.h_sport; sin->sin_addr.s_addr = inc->i_saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); msg->msg_namelen = sizeof(*sin); } break; } if (inc) rds_inc_put(inc); out: return ret; }",visit repo url,net/rds/recv.c,https://github.com/torvalds/linux,53010977236851,1 727,CWE-20,"static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct sco_pinfo *pi = sco_pi(sk); lock_sock(sk); if (sk->sk_state == BT_CONNECT2 && test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { sco_conn_defer_accept(pi->conn->hcon, pi->setting); sk->sk_state = BT_CONFIG; msg->msg_namelen = 0; release_sock(sk); return 0; } release_sock(sk); return bt_sock_recvmsg(iocb, sock, msg, len, flags); }",visit repo url,net/bluetooth/sco.c,https://github.com/torvalds/linux,169024666607659,1 1152,['CWE-189'],"static int __init setup_hrtimer_hres(char *str) { if (!strcmp(str, ""off"")) hrtimer_hres_enabled = 0; else if (!strcmp(str, ""on"")) hrtimer_hres_enabled = 1; else return 0; return 1; }",linux-2.6,,,279270836726453414761812574847771964988,0 6252,['CWE-200'],"static inline int ioctl_standard_call(struct net_device * dev, struct ifreq * ifr, unsigned int cmd, iw_handler handler) { struct iwreq * iwr = (struct iwreq *) ifr; const struct iw_ioctl_description * descr; struct iw_request_info info; int ret = -EINVAL; if((cmd - SIOCIWFIRST) >= standard_ioctl_num) return -EOPNOTSUPP; descr = &(standard_ioctl[cmd - SIOCIWFIRST]); #ifdef WE_IOCTL_DEBUG printk(KERN_DEBUG ""%s (WE) : Found standard handler for 0x%04X\n"", ifr->ifr_name, cmd); printk(KERN_DEBUG ""%s (WE) : Header type : %d, Token type : %d, size : %d, token : %d\n"", dev->name, descr->header_type, descr->token_type, descr->token_size, descr->max_tokens); #endif info.cmd = cmd; info.flags = 0; if(descr->header_type != IW_HEADER_TYPE_POINT) { ret = handler(dev, &info, &(iwr->u), NULL); #ifdef WE_SET_EVENT if((descr->flags & IW_DESCR_FLAG_EVENT) && ((ret == 0) || (ret == -EIWCOMMIT))) wireless_send_event(dev, cmd, &(iwr->u), NULL); #endif } else { char * extra; int extra_size; int user_length = 0; int err; extra_size = descr->max_tokens * descr->token_size; if(IW_IS_SET(cmd)) { if((iwr->u.data.pointer == NULL) && (iwr->u.data.length != 0)) return -EFAULT; if(iwr->u.data.length > descr->max_tokens) return -E2BIG; if(iwr->u.data.length < descr->min_tokens) return -EINVAL; } else { if(iwr->u.data.pointer == NULL) return -EFAULT; user_length = iwr->u.data.length; if((descr->flags & IW_DESCR_FLAG_NOMAX) && (user_length > descr->max_tokens)) { extra_size = user_length * descr->token_size; } } #ifdef WE_IOCTL_DEBUG printk(KERN_DEBUG ""%s (WE) : Malloc %d bytes\n"", dev->name, extra_size); #endif extra = kmalloc(extra_size, GFP_KERNEL); if (extra == NULL) { return -ENOMEM; } if(IW_IS_SET(cmd) && (iwr->u.data.length != 0)) { err = copy_from_user(extra, iwr->u.data.pointer, iwr->u.data.length * descr->token_size); if (err) { kfree(extra); return -EFAULT; } #ifdef WE_IOCTL_DEBUG printk(KERN_DEBUG ""%s (WE) : Got %d bytes\n"", dev->name, iwr->u.data.length * descr->token_size); #endif } ret = handler(dev, &info, &(iwr->u), extra); if (!ret && IW_IS_GET(cmd)) { if(user_length < iwr->u.data.length) { kfree(extra); return -E2BIG; } err = copy_to_user(iwr->u.data.pointer, extra, iwr->u.data.length * descr->token_size); if (err) ret = -EFAULT; #ifdef WE_IOCTL_DEBUG printk(KERN_DEBUG ""%s (WE) : Wrote %d bytes\n"", dev->name, iwr->u.data.length * descr->token_size); #endif } #ifdef WE_SET_EVENT if((descr->flags & IW_DESCR_FLAG_EVENT) && ((ret == 0) || (ret == -EIWCOMMIT))) { if(descr->flags & IW_DESCR_FLAG_RESTRICT) wireless_send_event(dev, cmd, &(iwr->u), NULL); else wireless_send_event(dev, cmd, &(iwr->u), extra); } #endif kfree(extra); } if(ret == -EIWCOMMIT) ret = call_commit_handler(dev); return ret; }",linux-2.6,,,298055714682812640871078590206788613922,0 1530,[],"static void unregister_sched_domain_sysctl(void) { if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; if (sd_ctl_dir[0].child) sd_free_ctl_entry(&sd_ctl_dir[0].child); }",linux-2.6,,,231818791789479612509479413407660081331,0 4946,CWE-401,"void context__cleanup(struct mosquitto *context, bool force_free) { struct mosquitto__packet *packet; if(!context) return; if(force_free){ context->clean_start = true; } #ifdef WITH_BRIDGE if(context->bridge){ bridge__cleanup(context); } #endif alias__free_all(context); mosquitto__free(context->auth_method); context->auth_method = NULL; mosquitto__free(context->username); context->username = NULL; mosquitto__free(context->password); context->password = NULL; net__socket_close(context); if(force_free){ sub__clean_session(context); } db__messages_delete(context, force_free); mosquitto__free(context->address); context->address = NULL; context__send_will(context); if(context->id){ context__remove_from_by_id(context); mosquitto__free(context->id); context->id = NULL; } packet__cleanup(&(context->in_packet)); if(context->current_out_packet){ packet__cleanup(context->current_out_packet); mosquitto__free(context->current_out_packet); context->current_out_packet = NULL; } while(context->out_packet){ packet__cleanup(context->out_packet); packet = context->out_packet; context->out_packet = context->out_packet->next; mosquitto__free(packet); } context->out_packet_count = 0; #if defined(WITH_BROKER) && defined(__GLIBC__) && defined(WITH_ADNS) if(context->adns){ gai_cancel(context->adns); mosquitto__free((struct addrinfo *)context->adns->ar_request); mosquitto__free(context->adns); } #endif if(force_free){ mosquitto__free(context); } }",visit repo url,src/context.c,https://github.com/eclipse/mosquitto,239454796890886,1 1673,CWE-362,"void snd_timer_interrupt(struct snd_timer * timer, unsigned long ticks_left) { struct snd_timer_instance *ti, *ts, *tmp; unsigned long resolution, ticks; struct list_head *p, *ack_list_head; unsigned long flags; int use_tasklet = 0; if (timer == NULL) return; spin_lock_irqsave(&timer->lock, flags); if (timer->hw.c_resolution) resolution = timer->hw.c_resolution(timer); else resolution = timer->hw.resolution; list_for_each_entry_safe(ti, tmp, &timer->active_list_head, active_list) { if (!(ti->flags & SNDRV_TIMER_IFLG_RUNNING)) continue; ti->pticks += ticks_left; ti->resolution = resolution; if (ti->cticks < ticks_left) ti->cticks = 0; else ti->cticks -= ticks_left; if (ti->cticks) continue; if (ti->flags & SNDRV_TIMER_IFLG_AUTO) { ti->cticks = ti->ticks; } else { ti->flags &= ~SNDRV_TIMER_IFLG_RUNNING; if (--timer->running) list_del(&ti->active_list); } if ((timer->hw.flags & SNDRV_TIMER_HW_TASKLET) || (ti->flags & SNDRV_TIMER_IFLG_FAST)) ack_list_head = &timer->ack_list_head; else ack_list_head = &timer->sack_list_head; if (list_empty(&ti->ack_list)) list_add_tail(&ti->ack_list, ack_list_head); list_for_each_entry(ts, &ti->slave_active_head, active_list) { ts->pticks = ti->pticks; ts->resolution = resolution; if (list_empty(&ts->ack_list)) list_add_tail(&ts->ack_list, ack_list_head); } } if (timer->flags & SNDRV_TIMER_FLG_RESCHED) snd_timer_reschedule(timer, timer->sticks); if (timer->running) { if (timer->hw.flags & SNDRV_TIMER_HW_STOP) { timer->hw.stop(timer); timer->flags |= SNDRV_TIMER_FLG_CHANGE; } if (!(timer->hw.flags & SNDRV_TIMER_HW_AUTO) || (timer->flags & SNDRV_TIMER_FLG_CHANGE)) { timer->flags &= ~SNDRV_TIMER_FLG_CHANGE; timer->hw.start(timer); } } else { timer->hw.stop(timer); } while (!list_empty(&timer->ack_list_head)) { p = timer->ack_list_head.next; ti = list_entry(p, struct snd_timer_instance, ack_list); list_del_init(p); ticks = ti->pticks; ti->pticks = 0; ti->flags |= SNDRV_TIMER_IFLG_CALLBACK; spin_unlock(&timer->lock); if (ti->callback) ti->callback(ti, resolution, ticks); spin_lock(&timer->lock); ti->flags &= ~SNDRV_TIMER_IFLG_CALLBACK; } use_tasklet = !list_empty(&timer->sack_list_head); spin_unlock_irqrestore(&timer->lock, flags); if (use_tasklet) tasklet_schedule(&timer->task_queue); }",visit repo url,sound/core/timer.c,https://github.com/torvalds/linux,187839166232173,1 5480,['CWE-476'],"int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu) { int r; BUG_ON((unsigned long)&vcpu->arch.host_fx_image & 0xF); vcpu->arch.mtrr_state.have_fixed = 1; vcpu_load(vcpu); r = kvm_arch_vcpu_reset(vcpu); if (r == 0) r = kvm_mmu_setup(vcpu); vcpu_put(vcpu); if (r < 0) goto free_vcpu; return 0; free_vcpu: kvm_x86_ops->vcpu_free(vcpu); return r; }",linux-2.6,,,22546313162550455983669638998511705402,0 197,[],"static int atalk_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { int rc = -EINVAL; struct sock *sk = sock->sk; switch (cmd) { case TIOCOUTQ: { long amount = sk->sk_sndbuf - atomic_read(&sk->sk_wmem_alloc); if (amount < 0) amount = 0; rc = put_user(amount, (int *)arg); break; } case TIOCINQ: { struct sk_buff *skb = skb_peek(&sk->sk_receive_queue); long amount = 0; if (skb) amount = skb->len - sizeof(struct ddpehdr); rc = put_user(amount, (int *)arg); break; } case SIOCGSTAMP: if (!sk) break; rc = -ENOENT; if (!sk->sk_stamp.tv_sec) break; rc = copy_to_user((void *)arg, &sk->sk_stamp, sizeof(struct timeval)) ? -EFAULT : 0; break; case SIOCADDRT: case SIOCDELRT: rc = -EPERM; if (capable(CAP_NET_ADMIN)) rc = atrtr_ioctl(cmd, (void *)arg); break; case SIOCGIFADDR: case SIOCSIFADDR: case SIOCGIFBRDADDR: case SIOCATALKDIFADDR: case SIOCDIFADDR: case SIOCSARP: case SIOCDARP: rtnl_lock(); rc = atif_ioctl(cmd, (void *)arg); rtnl_unlock(); break; case SIOCSIFLINK: case SIOCGIFHWADDR: case SIOCSIFHWADDR: case SIOCGIFFLAGS: case SIOCSIFFLAGS: case SIOCGIFMTU: case SIOCGIFCONF: case SIOCADDMULTI: case SIOCDELMULTI: case SIOCGIFCOUNT: case SIOCGIFINDEX: case SIOCGIFNAME: rc = dev_ioctl(cmd, (void *)arg); break; } return rc; }",history,,,258921474103182711566445380850372785943,0 4870,['CWE-189'],"void ecryptfs_from_hex(char *dst, char *src, int dst_size) { int x; char tmp[3] = { 0, }; for (x = 0; x < dst_size; x++) { tmp[0] = src[x * 2]; tmp[1] = src[x * 2 + 1]; dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16); } }",linux-2.6,,,162025477278514006624548565968419871699,0 2192,CWE-667,"find_extend_vma(struct mm_struct *mm, unsigned long addr) { struct vm_area_struct *vma, *prev; addr &= PAGE_MASK; vma = find_vma_prev(mm, addr, &prev); if (vma && (vma->vm_start <= addr)) return vma; if (!prev || expand_stack(prev, addr)) return NULL; if (prev->vm_flags & VM_LOCKED) populate_vma_page_range(prev, addr, prev->vm_end, NULL); return prev; }",visit repo url,mm/mmap.c,https://github.com/torvalds/linux,2533482897004,1 5017,CWE-125,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 5450,['CWE-476'],"int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason) { struct kvm_segment tr_seg; struct desc_struct cseg_desc; struct desc_struct nseg_desc; int ret = 0; u32 old_tss_base = get_segment_base(vcpu, VCPU_SREG_TR); u16 old_tss_sel = get_segment_selector(vcpu, VCPU_SREG_TR); old_tss_base = vcpu->arch.mmu.gva_to_gpa(vcpu, old_tss_base); if (load_guest_segment_descriptor(vcpu, tss_selector, &nseg_desc)) goto out; if (load_guest_segment_descriptor(vcpu, old_tss_sel, &cseg_desc)) goto out; if (reason != TASK_SWITCH_IRET) { int cpl; cpl = kvm_x86_ops->get_cpl(vcpu); if ((tss_selector & 3) > nseg_desc.dpl || cpl > nseg_desc.dpl) { kvm_queue_exception_e(vcpu, GP_VECTOR, 0); return 1; } } if (!nseg_desc.p || (nseg_desc.limit0 | nseg_desc.limit << 16) < 0x67) { kvm_queue_exception_e(vcpu, TS_VECTOR, tss_selector & 0xfffc); return 1; } if (reason == TASK_SWITCH_IRET || reason == TASK_SWITCH_JMP) { cseg_desc.type &= ~(1 << 1); save_guest_segment_descriptor(vcpu, old_tss_sel, &cseg_desc); } if (reason == TASK_SWITCH_IRET) { u32 eflags = kvm_x86_ops->get_rflags(vcpu); kvm_x86_ops->set_rflags(vcpu, eflags & ~X86_EFLAGS_NT); } if (reason != TASK_SWITCH_CALL && reason != TASK_SWITCH_GATE) old_tss_sel = 0xffff; if (reason != TASK_SWITCH_CALL && reason != TASK_SWITCH_GATE) old_tss_sel = 0xffff; if (nseg_desc.type & 8) ret = kvm_task_switch_32(vcpu, tss_selector, old_tss_sel, old_tss_base, &nseg_desc); else ret = kvm_task_switch_16(vcpu, tss_selector, old_tss_sel, old_tss_base, &nseg_desc); if (reason == TASK_SWITCH_CALL || reason == TASK_SWITCH_GATE) { u32 eflags = kvm_x86_ops->get_rflags(vcpu); kvm_x86_ops->set_rflags(vcpu, eflags | X86_EFLAGS_NT); } if (reason != TASK_SWITCH_IRET) { nseg_desc.type |= (1 << 1); save_guest_segment_descriptor(vcpu, tss_selector, &nseg_desc); } kvm_x86_ops->set_cr0(vcpu, vcpu->arch.cr0 | X86_CR0_TS); seg_desct_to_kvm_desct(&nseg_desc, tss_selector, &tr_seg); tr_seg.type = 11; kvm_set_segment(vcpu, &tr_seg, VCPU_SREG_TR); out: return ret; }",linux-2.6,,,314689356713679619808892795139034285613,0 3462,['CWE-20'],"struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, const struct sctp_chunk *chunk) { struct sctp_chunk *retval; sctp_shutdownhdr_t shut; __u32 ctsn; ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); shut.cum_tsn_ack = htonl(ctsn); retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, sizeof(sctp_shutdownhdr_t)); if (!retval) goto nodata; retval->subh.shutdown_hdr = sctp_addto_chunk(retval, sizeof(shut), &shut); if (chunk) retval->transport = chunk->transport; nodata: return retval; }",linux-2.6,,,275118776414997429845767083220371665057,0 5570,[],"void __init signals_init(void) { sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC); }",linux-2.6,,,41779246862536126572087705285294658869,0 3641,['CWE-287'],"void sctp_assoc_rm_peer(struct sctp_association *asoc, struct sctp_transport *peer) { struct list_head *pos; struct sctp_transport *transport; SCTP_DEBUG_PRINTK_IPADDR(""sctp_assoc_rm_peer:association %p addr: "", "" port: %d\n"", asoc, (&peer->ipaddr), ntohs(peer->ipaddr.v4.sin_port)); if (asoc->peer.retran_path == peer) sctp_assoc_update_retran_path(asoc); list_del(&peer->transports); pos = asoc->peer.transport_addr_list.next; transport = list_entry(pos, struct sctp_transport, transports); if (asoc->peer.primary_path == peer) sctp_assoc_set_primary(asoc, transport); if (asoc->peer.active_path == peer) asoc->peer.active_path = transport; if (asoc->peer.last_data_from == peer) asoc->peer.last_data_from = transport; if (asoc->init_last_sent_to == peer) asoc->init_last_sent_to = NULL; asoc->peer.transport_count--; sctp_transport_free(peer); }",linux-2.6,,,319749349708299544549041802603156854870,0 4995,['CWE-346'],"int udev_monitor_enable_receiving(struct udev_monitor *udev_monitor) { int err; const int on = 1; if (udev_monitor->sun.sun_family != 0) err = bind(udev_monitor->sock, (struct sockaddr *)&udev_monitor->sun, udev_monitor->addrlen); else if (udev_monitor->snl.nl_family != 0) err = bind(udev_monitor->sock, (struct sockaddr *)&udev_monitor->snl, sizeof(struct sockaddr_nl)); else return -EINVAL; if (err < 0) { err(udev_monitor->udev, ""bind failed: %m\n""); return err; } setsockopt(udev_monitor->sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)); return 0; }",udev,,,27535621344987399935381811372842300140,0 4671,['CWE-399'],"static int ext4_bh_unmapped(handle_t *handle, struct buffer_head *bh) { return !buffer_mapped(bh); }",linux-2.6,,,149545295678889578079198813195299164703,0 2529,['CWE-119'],"static void show_name(FILE *file, const char *prefix, const char *name, int len, const char *reset, const char *set) { fprintf(file, "" %s%s%-*s%s |"", set, prefix, len, name, reset); }",git,,,280655093794226073472917060933792819326,0 3806,CWE-125,"win_alloc_lines(win_T *wp) { wp->w_lines_valid = 0; wp->w_lines = ALLOC_CLEAR_MULT(wline_T, Rows ); if (wp->w_lines == NULL) return FAIL; return OK; }",visit repo url,src/window.c,https://github.com/vim/vim,167594412305738,1 2009,['CWE-269'],"static inline int tree_contains_unbindable(struct vfsmount *mnt) { struct vfsmount *p; for (p = mnt; p; p = next_mnt(p, mnt)) { if (IS_MNT_UNBINDABLE(p)) return 1; } return 0; }",linux-2.6,,,35149996482574858999114152893106067690,0 900,CWE-20,"static int x25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct x25_sock *x25 = x25_sk(sk); struct sockaddr_x25 *sx25 = (struct sockaddr_x25 *)msg->msg_name; size_t copied; int qbit, header_len; struct sk_buff *skb; unsigned char *asmptr; int rc = -ENOTCONN; lock_sock(sk); if (x25->neighbour == NULL) goto out; header_len = x25->neighbour->extended ? X25_EXT_MIN_LEN : X25_STD_MIN_LEN; if (sk->sk_state != TCP_ESTABLISHED) goto out; if (flags & MSG_OOB) { rc = -EINVAL; if (sock_flag(sk, SOCK_URGINLINE) || !skb_peek(&x25->interrupt_in_queue)) goto out; skb = skb_dequeue(&x25->interrupt_in_queue); if (!pskb_may_pull(skb, X25_STD_MIN_LEN)) goto out_free_dgram; skb_pull(skb, X25_STD_MIN_LEN); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = 0x00; } msg->msg_flags |= MSG_OOB; } else { release_sock(sk); skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); lock_sock(sk); if (!skb) goto out; if (!pskb_may_pull(skb, header_len)) goto out_free_dgram; qbit = (skb->data[0] & X25_Q_BIT) == X25_Q_BIT; skb_pull(skb, header_len); if (test_bit(X25_Q_BIT_FLAG, &x25->flags)) { asmptr = skb_push(skb, 1); *asmptr = qbit; } } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } msg->msg_flags |= MSG_EOR; rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (rc) goto out_free_dgram; if (sx25) { sx25->sx25_family = AF_X25; sx25->sx25_addr = x25->dest_addr; } msg->msg_namelen = sizeof(struct sockaddr_x25); x25_check_rbuf(sk); rc = copied; out_free_dgram: skb_free_datagram(sk, skb); out: release_sock(sk); return rc; }",visit repo url,net/x25/af_x25.c,https://github.com/torvalds/linux,15718660389662,1 3165,['CWE-189'],"static int jas_iccprof_readhdr(jas_stream_t *in, jas_icchdr_t *hdr) { if (jas_iccgetuint32(in, &hdr->size) || jas_iccgetuint32(in, &hdr->cmmtype) || jas_iccgetuint32(in, &hdr->version) || jas_iccgetuint32(in, &hdr->clas) || jas_iccgetuint32(in, &hdr->colorspc) || jas_iccgetuint32(in, &hdr->refcolorspc) || jas_iccgettime(in, &hdr->ctime) || jas_iccgetuint32(in, &hdr->magic) || jas_iccgetuint32(in, &hdr->platform) || jas_iccgetuint32(in, &hdr->flags) || jas_iccgetuint32(in, &hdr->maker) || jas_iccgetuint32(in, &hdr->model) || jas_iccgetuint64(in, &hdr->attr) || jas_iccgetuint32(in, &hdr->intent) || jas_iccgetxyz(in, &hdr->illum) || jas_iccgetuint32(in, &hdr->creator) || jas_stream_gobble(in, 44) != 44) return -1; return 0; }",jasper,,,70297096367525978166437702121808961897,0 6317,CWE-295,"int options_cmdline(char *arg1, char *arg2) { char *name; CONF_TYPE type; #ifdef USE_WIN32 (void)arg2; #endif if(!arg1) { name= #ifdef CONFDIR CONFDIR #ifdef USE_WIN32 ""\\"" #else ""/"" #endif #endif ""stunnel.conf""; type=CONF_FILE; } else if(!strcasecmp(arg1, ""-help"")) { parse_global_option(CMD_PRINT_HELP, NULL, NULL); parse_service_option(CMD_PRINT_HELP, NULL, NULL, NULL); log_flush(LOG_MODE_INFO); return 2; } else if(!strcasecmp(arg1, ""-version"")) { parse_global_option(CMD_PRINT_DEFAULTS, NULL, NULL); parse_service_option(CMD_PRINT_DEFAULTS, NULL, NULL, NULL); log_flush(LOG_MODE_INFO); return 2; } else if(!strcasecmp(arg1, ""-sockets"")) { socket_options_print(); log_flush(LOG_MODE_INFO); return 2; } else if(!strcasecmp(arg1, ""-options"")) { print_ssl_options(); log_flush(LOG_MODE_INFO); return 2; } else #ifndef USE_WIN32 if(!strcasecmp(arg1, ""-fd"")) { if(!arg2) { s_log(LOG_ERR, ""No file descriptor specified""); print_syntax(); return 1; } name=arg2; type=CONF_FD; } else #endif { name=arg1; type=CONF_FILE; } if(type==CONF_FILE) { #ifdef HAVE_REALPATH char *real_path=NULL; #ifdef MAXPATHLEN real_path=malloc(MAXPATHLEN); #endif real_path=realpath(name, real_path); if(!real_path) { s_log(LOG_ERR, ""Invalid configuration file name \""%s\"""", name); ioerror(""realpath""); return 1; } configuration_file=str_dup(real_path); free(real_path); #else configuration_file=str_dup(name); #endif #ifndef USE_WIN32 } else if(type==CONF_FD) { configuration_file=str_dup(name); #endif } return options_parse(type); }",visit repo url,src/options.c,https://github.com/mtrojnar/stunnel,245666835844088,1 6144,CWE-190,"void ep_mul_sim_trick(ep_t r, const ep_t p, const bn_t k, const ep_t q, const bn_t m) { ep_t t0[1 << (EP_WIDTH / 2)], t1[1 << (EP_WIDTH / 2)], t[1 << EP_WIDTH]; bn_t n, _k, _m; int l0, l1, w = EP_WIDTH / 2; uint8_t w0[RLC_FP_BITS + 1], w1[RLC_FP_BITS + 1]; if (bn_is_zero(k) || ep_is_infty(p)) { ep_mul(r, q, m); return; } if (bn_is_zero(m) || ep_is_infty(q)) { ep_mul(r, p, k); return; } bn_null(n); bn_null(_k); bn_null(_m); RLC_TRY { bn_new(n); bn_new(_k); bn_new(_m); for (int i = 0; i < (1 << w); i++) { ep_null(t0[i]); ep_null(t1[i]); ep_new(t0[i]); ep_new(t1[i]); } for (int i = 0; i < (1 << EP_WIDTH); i++) { ep_null(t[i]); ep_new(t[i]); } ep_curve_get_ord(n); bn_mod(_k, k, n); bn_mod(_m, m, n); ep_set_infty(t0[0]); ep_copy(t0[1], p); if (bn_sign(_k) == RLC_NEG) { ep_neg(t0[1], t0[1]); } for (int i = 2; i < (1 << w); i++) { ep_add(t0[i], t0[i - 1], t0[1]); } ep_set_infty(t1[0]); ep_copy(t1[1], q); if (bn_sign(_m) == RLC_NEG) { ep_neg(t1[1], t1[1]); } for (int i = 2; i < (1 << w); i++) { ep_add(t1[i], t1[i - 1], t1[1]); } for (int i = 0; i < (1 << w); i++) { for (int j = 0; j < (1 << w); j++) { ep_add(t[(i << w) + j], t0[i], t1[j]); } } #if EP_WIDTH > 2 && defined(EP_MIXED) ep_norm_sim(t + 1, (const ep_t *)(t + 1), (1 << EP_WIDTH) - 1); #endif l0 = l1 = RLC_CEIL(RLC_FP_BITS + 1, w); bn_rec_win(w0, &l0, _k, w); bn_rec_win(w1, &l1, _m, w); for (int i = l0; i < l1; i++) { w0[i] = 0; } for (int i = l1; i < l0; i++) { w1[i] = 0; } ep_set_infty(r); for (int i = RLC_MAX(l0, l1) - 1; i >= 0; i--) { for (int j = 0; j < w; j++) { ep_dbl(r, r); } ep_add(r, r, t[(w0[i] << w) + w1[i]]); } ep_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(_k); bn_free(_m); for (int i = 0; i < (1 << w); i++) { ep_free(t0[i]); ep_free(t1[i]); } for (int i = 0; i < (1 << EP_WIDTH); i++) { ep_free(t[i]); } } }",visit repo url,src/ep/relic_ep_mul_sim.c,https://github.com/relic-toolkit/relic,4568705231699,1 6175,['CWE-200'],"tca_get_fill(struct sk_buff *skb, struct tc_action *a, u32 pid, u32 seq, u16 flags, int event, int bind, int ref) { struct tcamsg *t; struct nlmsghdr *nlh; unsigned char *b = skb->tail; struct rtattr *x; nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*t), flags); t = NLMSG_DATA(nlh); t->tca_family = AF_UNSPEC; t->tca__pad1 = 0; t->tca__pad2 = 0; x = (struct rtattr*) skb->tail; RTA_PUT(skb, TCA_ACT_TAB, 0, NULL); if (tcf_action_dump(skb, a, bind, ref) < 0) goto rtattr_failure; x->rta_len = skb->tail - (u8*)x; nlh->nlmsg_len = skb->tail - b; return skb->len; rtattr_failure: nlmsg_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,245423360929335762212286061330476082889,0 3069,CWE-125,"char *string_crypt(const char *key, const char *salt) { assertx(key); assertx(salt); char random_salt[12]; if (!*salt) { memcpy(random_salt,""$1$"",3); ito64(random_salt+3,rand(),8); random_salt[11] = '\0'; return string_crypt(key, random_salt); } auto const saltLen = strlen(salt); if ((saltLen > sizeof(""$2X$00$"")) && (salt[0] == '$') && (salt[1] == '2') && (salt[2] >= 'a') && (salt[2] <= 'z') && (salt[3] == '$') && (salt[4] >= '0') && (salt[4] <= '3') && (salt[5] >= '0') && (salt[5] <= '9') && (salt[6] == '$')) { char output[61]; static constexpr size_t maxSaltLength = 123; char paddedSalt[maxSaltLength + 1]; paddedSalt[0] = paddedSalt[maxSaltLength] = '\0'; memset(&paddedSalt[1], '$', maxSaltLength - 1); memcpy(paddedSalt, salt, std::min(maxSaltLength, saltLen)); paddedSalt[saltLen] = '\0'; if (php_crypt_blowfish_rn(key, paddedSalt, output, sizeof(output))) { return strdup(output); } } else { #ifdef USE_PHP_CRYPT_R return php_crypt_r(key, salt); #else static Mutex mutex; Lock lock(mutex); char *crypt_res = crypt(key,salt); if (crypt_res) { return strdup(crypt_res); } #endif } return ((salt[0] == '*') && (salt[1] == '0')) ? strdup(""*1"") : strdup(""*0""); }",visit repo url,hphp/zend/zend-string.cpp,https://github.com/facebook/hhvm,171278930242578,1 211,CWE-119,"static int airspy_probe(struct usb_interface *intf, const struct usb_device_id *id) { struct airspy *s; int ret; u8 u8tmp, buf[BUF_SIZE]; s = kzalloc(sizeof(struct airspy), GFP_KERNEL); if (s == NULL) { dev_err(&intf->dev, ""Could not allocate memory for state\n""); return -ENOMEM; } mutex_init(&s->v4l2_lock); mutex_init(&s->vb_queue_lock); spin_lock_init(&s->queued_bufs_lock); INIT_LIST_HEAD(&s->queued_bufs); s->dev = &intf->dev; s->udev = interface_to_usbdev(intf); s->f_adc = bands[0].rangelow; s->f_rf = bands_rf[0].rangelow; s->pixelformat = formats[0].pixelformat; s->buffersize = formats[0].buffersize; ret = airspy_ctrl_msg(s, CMD_BOARD_ID_READ, 0, 0, &u8tmp, 1); if (ret == 0) ret = airspy_ctrl_msg(s, CMD_VERSION_STRING_READ, 0, 0, buf, BUF_SIZE); if (ret) { dev_err(s->dev, ""Could not detect board\n""); goto err_free_mem; } buf[BUF_SIZE - 1] = '\0'; dev_info(s->dev, ""Board ID: %02x\n"", u8tmp); dev_info(s->dev, ""Firmware version: %s\n"", buf); s->vb_queue.type = V4L2_BUF_TYPE_SDR_CAPTURE; s->vb_queue.io_modes = VB2_MMAP | VB2_USERPTR | VB2_READ; s->vb_queue.drv_priv = s; s->vb_queue.buf_struct_size = sizeof(struct airspy_frame_buf); s->vb_queue.ops = &airspy_vb2_ops; s->vb_queue.mem_ops = &vb2_vmalloc_memops; s->vb_queue.timestamp_flags = V4L2_BUF_FLAG_TIMESTAMP_MONOTONIC; ret = vb2_queue_init(&s->vb_queue); if (ret) { dev_err(s->dev, ""Could not initialize vb2 queue\n""); goto err_free_mem; } s->vdev = airspy_template; s->vdev.queue = &s->vb_queue; s->vdev.queue->lock = &s->vb_queue_lock; video_set_drvdata(&s->vdev, s); s->v4l2_dev.release = airspy_video_release; ret = v4l2_device_register(&intf->dev, &s->v4l2_dev); if (ret) { dev_err(s->dev, ""Failed to register v4l2-device (%d)\n"", ret); goto err_free_mem; } v4l2_ctrl_handler_init(&s->hdl, 5); s->lna_gain_auto = v4l2_ctrl_new_std(&s->hdl, &airspy_ctrl_ops, V4L2_CID_RF_TUNER_LNA_GAIN_AUTO, 0, 1, 1, 0); s->lna_gain = v4l2_ctrl_new_std(&s->hdl, &airspy_ctrl_ops, V4L2_CID_RF_TUNER_LNA_GAIN, 0, 14, 1, 8); v4l2_ctrl_auto_cluster(2, &s->lna_gain_auto, 0, false); s->mixer_gain_auto = v4l2_ctrl_new_std(&s->hdl, &airspy_ctrl_ops, V4L2_CID_RF_TUNER_MIXER_GAIN_AUTO, 0, 1, 1, 0); s->mixer_gain = v4l2_ctrl_new_std(&s->hdl, &airspy_ctrl_ops, V4L2_CID_RF_TUNER_MIXER_GAIN, 0, 15, 1, 8); v4l2_ctrl_auto_cluster(2, &s->mixer_gain_auto, 0, false); s->if_gain = v4l2_ctrl_new_std(&s->hdl, &airspy_ctrl_ops, V4L2_CID_RF_TUNER_IF_GAIN, 0, 15, 1, 0); if (s->hdl.error) { ret = s->hdl.error; dev_err(s->dev, ""Could not initialize controls\n""); goto err_free_controls; } v4l2_ctrl_handler_setup(&s->hdl); s->v4l2_dev.ctrl_handler = &s->hdl; s->vdev.v4l2_dev = &s->v4l2_dev; s->vdev.lock = &s->v4l2_lock; ret = video_register_device(&s->vdev, VFL_TYPE_SDR, -1); if (ret) { dev_err(s->dev, ""Failed to register as video device (%d)\n"", ret); goto err_unregister_v4l2_dev; } dev_info(s->dev, ""Registered as %s\n"", video_device_node_name(&s->vdev)); dev_notice(s->dev, ""SDR API is still slightly experimental and functionality changes may follow\n""); return 0; err_free_controls: v4l2_ctrl_handler_free(&s->hdl); err_unregister_v4l2_dev: v4l2_device_unregister(&s->v4l2_dev); err_free_mem: kfree(s); return ret; }",visit repo url,drivers/media/usb/airspy/airspy.c,https://github.com/torvalds/linux,279103300921754,1 73,['CWE-787'],"static void cirrus_update_bank_ptr(CirrusVGAState * s, unsigned bank_index) { unsigned offset; unsigned limit; if ((s->gr[0x0b] & 0x01) != 0) offset = s->gr[0x09 + bank_index]; else offset = s->gr[0x09]; if ((s->gr[0x0b] & 0x20) != 0) offset <<= 14; else offset <<= 12; if (s->real_vram_size <= offset) limit = 0; else limit = s->real_vram_size - offset; if (((s->gr[0x0b] & 0x01) == 0) && (bank_index != 0)) { if (limit > 0x8000) { offset += 0x8000; limit -= 0x8000; } else { limit = 0; } } if (limit > 0) { s->cirrus_bank_base[bank_index] = offset; s->cirrus_bank_limit[bank_index] = limit; } else { s->cirrus_bank_base[bank_index] = 0; s->cirrus_bank_limit[bank_index] = 0; } }",qemu,,,126718402008651782971929608161960755378,0 6485,CWE-787,"Map1to1(SDL_Palette * src, SDL_Palette * dst, int *identical) { Uint8 *map; int i; if (identical) { if (src->ncolors <= dst->ncolors) { if (src == dst || (SDL_memcmp (src->colors, dst->colors, src->ncolors * sizeof(SDL_Color)) == 0)) { *identical = 1; return (NULL); } } *identical = 0; } map = (Uint8 *) SDL_malloc(src->ncolors); if (map == NULL) { SDL_OutOfMemory(); return (NULL); } for (i = 0; i < src->ncolors; ++i) { map[i] = SDL_FindColor(dst, src->colors[i].r, src->colors[i].g, src->colors[i].b, src->colors[i].a); } return (map); }",visit repo url,src/video/SDL_pixels.c,https://github.com/libsdl-org/SDL,136677995924321,1 3748,CWE-787,"evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *outlen) { int port; char buf[128]; const char *cp, *addr_part, *port_part; int is_ipv6; cp = strchr(ip_as_string, ':'); if (*ip_as_string == '[') { int len; if (!(cp = strchr(ip_as_string, ']'))) { return -1; } len = (int) ( cp-(ip_as_string + 1) ); if (len > (int)sizeof(buf)-1) { return -1; } memcpy(buf, ip_as_string+1, len); buf[len] = '\0'; addr_part = buf; if (cp[1] == ':') port_part = cp+2; else port_part = NULL; is_ipv6 = 1; } else if (cp && strchr(cp+1, ':')) { is_ipv6 = 1; addr_part = ip_as_string; port_part = NULL; } else if (cp) { is_ipv6 = 0; if (cp - ip_as_string > (int)sizeof(buf)-1) { return -1; } memcpy(buf, ip_as_string, cp-ip_as_string); buf[cp-ip_as_string] = '\0'; addr_part = buf; port_part = cp+1; } else { addr_part = ip_as_string; port_part = NULL; is_ipv6 = 0; } if (port_part == NULL) { port = 0; } else { port = atoi(port_part); if (port <= 0 || port > 65535) { return -1; } } if (!addr_part) return -1; #ifdef AF_INET6 if (is_ipv6) { struct sockaddr_in6 sin6; memset(&sin6, 0, sizeof(sin6)); #ifdef EVENT__HAVE_STRUCT_SOCKADDR_IN6_SIN6_LEN sin6.sin6_len = sizeof(sin6); #endif sin6.sin6_family = AF_INET6; sin6.sin6_port = htons(port); if (1 != evutil_inet_pton(AF_INET6, addr_part, &sin6.sin6_addr)) return -1; if ((int)sizeof(sin6) > *outlen) return -1; memset(out, 0, *outlen); memcpy(out, &sin6, sizeof(sin6)); *outlen = sizeof(sin6); return 0; } else #endif { struct sockaddr_in sin; memset(&sin, 0, sizeof(sin)); #ifdef EVENT__HAVE_STRUCT_SOCKADDR_IN_SIN_LEN sin.sin_len = sizeof(sin); #endif sin.sin_family = AF_INET; sin.sin_port = htons(port); if (1 != evutil_inet_pton(AF_INET, addr_part, &sin.sin_addr)) return -1; if ((int)sizeof(sin) > *outlen) return -1; memset(out, 0, *outlen); memcpy(out, &sin, sizeof(sin)); *outlen = sizeof(sin); return 0; } }",visit repo url,evutil.c,https://github.com/libevent/libevent,6724956005214,1 4057,CWE-125,"static void get_nb10(ut8* dbg_data, SCV_NB10_HEADER* res) { const int nb10sz = 16; memcpy (res, dbg_data, nb10sz); res->file_name = (ut8*) strdup ((const char*) dbg_data + nb10sz); }",visit repo url,libr/bin/format/pe/pe.c,https://github.com/radare/radare2,143666021522749,1 2773,CWE-189,"cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, uint32_t offs, cdf_property_info_t **info, size_t *count, size_t *maxcount) { const cdf_section_header_t *shp; cdf_section_header_t sh; const uint8_t *p, *q, *e; int16_t s16; int32_t s32; uint32_t u32; int64_t s64; uint64_t u64; cdf_timestamp_t tp; size_t i, o, o4, nelements, j; cdf_property_info_t *inp; if (offs > UINT32_MAX / 4) { errno = EFTYPE; goto out; } shp = CAST(const cdf_section_header_t *, (const void *) ((const char *)sst->sst_tab + offs)); if (cdf_check_stream_offset(sst, h, shp, sizeof(*shp), __LINE__) == -1) goto out; sh.sh_len = CDF_TOLE4(shp->sh_len); #define CDF_SHLEN_LIMIT (UINT32_MAX / 8) if (sh.sh_len > CDF_SHLEN_LIMIT) { errno = EFTYPE; goto out; } sh.sh_properties = CDF_TOLE4(shp->sh_properties); #define CDF_PROP_LIMIT (UINT32_MAX / (4 * sizeof(*inp))) if (sh.sh_properties > CDF_PROP_LIMIT) goto out; DPRINTF((""section len: %u properties %u\n"", sh.sh_len, sh.sh_properties)); if (*maxcount) { if (*maxcount > CDF_PROP_LIMIT) goto out; *maxcount += sh.sh_properties; inp = CAST(cdf_property_info_t *, realloc(*info, *maxcount * sizeof(*inp))); } else { *maxcount = sh.sh_properties; inp = CAST(cdf_property_info_t *, malloc(*maxcount * sizeof(*inp))); } if (inp == NULL) goto out; *info = inp; inp += *count; *count += sh.sh_properties; p = CAST(const uint8_t *, (const void *) ((const char *)(const void *)sst->sst_tab + offs + sizeof(sh))); e = CAST(const uint8_t *, (const void *) (((const char *)(const void *)shp) + sh.sh_len)); if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) goto out; for (i = 0; i < sh.sh_properties; i++) { size_t ofs, tail = (i << 1) + 1; if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t), __LINE__) == -1) goto out; ofs = CDF_GETUINT32(p, tail); q = (const uint8_t *)(const void *) ((const char *)(const void *)p + ofs - 2 * sizeof(uint32_t)); if (q > e) { DPRINTF((""Ran of the end %p > %p\n"", q, e)); goto out; } inp[i].pi_id = CDF_GETUINT32(p, i << 1); inp[i].pi_type = CDF_GETUINT32(q, 0); DPRINTF((""%"" SIZE_T_FORMAT ""u) id=%x type=%x offs=0x%tx,0x%x\n"", i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); if (inp[i].pi_type & CDF_VECTOR) { nelements = CDF_GETUINT32(q, 1); if (nelements == 0) { DPRINTF((""CDF_VECTOR with nelements == 0\n"")); goto out; } o = 2; } else { nelements = 1; o = 1; } o4 = o * sizeof(uint32_t); if (inp[i].pi_type & (CDF_ARRAY|CDF_BYREF|CDF_RESERVED)) goto unknown; switch (inp[i].pi_type & CDF_TYPEMASK) { case CDF_NULL: case CDF_EMPTY: break; case CDF_SIGNED16: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&s16, &q[o4], sizeof(s16)); inp[i].pi_s16 = CDF_TOLE2(s16); break; case CDF_SIGNED32: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&s32, &q[o4], sizeof(s32)); inp[i].pi_s32 = CDF_TOLE4((uint32_t)s32); break; case CDF_BOOL: case CDF_UNSIGNED32: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u32, &q[o4], sizeof(u32)); inp[i].pi_u32 = CDF_TOLE4(u32); break; case CDF_SIGNED64: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&s64, &q[o4], sizeof(s64)); inp[i].pi_s64 = CDF_TOLE8((uint64_t)s64); break; case CDF_UNSIGNED64: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u64, &q[o4], sizeof(u64)); inp[i].pi_u64 = CDF_TOLE8((uint64_t)u64); break; case CDF_FLOAT: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u32, &q[o4], sizeof(u32)); u32 = CDF_TOLE4(u32); memcpy(&inp[i].pi_f, &u32, sizeof(inp[i].pi_f)); break; case CDF_DOUBLE: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u64, &q[o4], sizeof(u64)); u64 = CDF_TOLE8((uint64_t)u64); memcpy(&inp[i].pi_d, &u64, sizeof(inp[i].pi_d)); break; case CDF_LENGTH32_STRING: case CDF_LENGTH32_WSTRING: if (nelements > 1) { size_t nelem = inp - *info; if (*maxcount > CDF_PROP_LIMIT || nelements > CDF_PROP_LIMIT) goto out; *maxcount += nelements; inp = CAST(cdf_property_info_t *, realloc(*info, *maxcount * sizeof(*inp))); if (inp == NULL) goto out; *info = inp; inp = *info + nelem; } DPRINTF((""nelements = %"" SIZE_T_FORMAT ""u\n"", nelements)); for (j = 0; j < nelements && i < sh.sh_properties; j++, i++) { uint32_t l = CDF_GETUINT32(q, o); inp[i].pi_str.s_len = l; inp[i].pi_str.s_buf = (const char *) (const void *)(&q[o4 + sizeof(l)]); DPRINTF((""l = %d, r = %"" SIZE_T_FORMAT ""u, s = %s\n"", l, CDF_ROUND(l, sizeof(l)), inp[i].pi_str.s_buf)); if (l & 1) l++; o += l >> 1; if (q + o >= e) goto out; o4 = o * sizeof(uint32_t); } i--; break; case CDF_FILETIME: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&tp, &q[o4], sizeof(tp)); inp[i].pi_tp = CDF_TOLE8((uint64_t)tp); break; case CDF_CLIPBOARD: if (inp[i].pi_type & CDF_VECTOR) goto unknown; break; default: unknown: DPRINTF((""Don't know how to deal with %x\n"", inp[i].pi_type)); break; } } return 0; out: free(*info); return -1; }",visit repo url,ext/fileinfo/libmagic/cdf.c,https://github.com/php/php-src,269955018700295,1 4391,['CWE-264'],"void sock_init_data(struct socket *sock, struct sock *sk) { skb_queue_head_init(&sk->sk_receive_queue); skb_queue_head_init(&sk->sk_write_queue); skb_queue_head_init(&sk->sk_error_queue); #ifdef CONFIG_NET_DMA skb_queue_head_init(&sk->sk_async_wait_queue); #endif sk->sk_send_head = NULL; init_timer(&sk->sk_timer); sk->sk_allocation = GFP_KERNEL; sk->sk_rcvbuf = sysctl_rmem_default; sk->sk_sndbuf = sysctl_wmem_default; sk->sk_state = TCP_CLOSE; sk_set_socket(sk, sock); sock_set_flag(sk, SOCK_ZAPPED); if (sock) { sk->sk_type = sock->type; sk->sk_sleep = &sock->wait; sock->sk = sk; } else sk->sk_sleep = NULL; rwlock_init(&sk->sk_dst_lock); rwlock_init(&sk->sk_callback_lock); lockdep_set_class_and_name(&sk->sk_callback_lock, af_callback_keys + sk->sk_family, af_family_clock_key_strings[sk->sk_family]); sk->sk_state_change = sock_def_wakeup; sk->sk_data_ready = sock_def_readable; sk->sk_write_space = sock_def_write_space; sk->sk_error_report = sock_def_error_report; sk->sk_destruct = sock_def_destruct; sk->sk_sndmsg_page = NULL; sk->sk_sndmsg_off = 0; sk->sk_peercred.pid = 0; sk->sk_peercred.uid = -1; sk->sk_peercred.gid = -1; sk->sk_write_pending = 0; sk->sk_rcvlowat = 1; sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT; sk->sk_stamp = ktime_set(-1L, 0); atomic_set(&sk->sk_refcnt, 1); atomic_set(&sk->sk_drops, 0); }",linux-2.6,,,217988817298908863819542535376547227930,0 5516,['CWE-119'],"parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, unsigned char *data, struct list_head *auth_tok_list, struct ecryptfs_auth_tok **new_auth_tok, size_t *packet_size, size_t max_packet_size) { size_t body_size; struct ecryptfs_auth_tok_list_item *auth_tok_list_item; size_t length_size; int rc = 0; (*packet_size) = 0; (*new_auth_tok) = NULL; if (unlikely(max_packet_size < 12)) { printk(KERN_ERR ""Invalid max packet size; must be >=12\n""); rc = -EINVAL; goto out; } if (data[(*packet_size)++] != ECRYPTFS_TAG_1_PACKET_TYPE) { printk(KERN_ERR ""Enter w/ first byte != 0x%.2x\n"", ECRYPTFS_TAG_1_PACKET_TYPE); rc = -EINVAL; goto out; } auth_tok_list_item = kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL); if (!auth_tok_list_item) { printk(KERN_ERR ""Unable to allocate memory\n""); rc = -ENOMEM; goto out; } (*new_auth_tok) = &auth_tok_list_item->auth_tok; rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, &length_size); if (rc) { printk(KERN_WARNING ""Error parsing packet length; "" ""rc = [%d]\n"", rc); goto out_free; } if (unlikely(body_size < (ECRYPTFS_SIG_SIZE + 2))) { printk(KERN_WARNING ""Invalid body size ([%td])\n"", body_size); rc = -EINVAL; goto out_free; } (*packet_size) += length_size; if (unlikely((*packet_size) + body_size > max_packet_size)) { printk(KERN_WARNING ""Packet size exceeds max\n""); rc = -EINVAL; goto out_free; } if (unlikely(data[(*packet_size)++] != 0x03)) { printk(KERN_WARNING ""Unknown version number [%d]\n"", data[(*packet_size) - 1]); rc = -EINVAL; goto out_free; } ecryptfs_to_hex((*new_auth_tok)->token.private_key.signature, &data[(*packet_size)], ECRYPTFS_SIG_SIZE); *packet_size += ECRYPTFS_SIG_SIZE; (*packet_size)++; (*new_auth_tok)->session_key.encrypted_key_size = body_size - (ECRYPTFS_SIG_SIZE + 2); if ((*new_auth_tok)->session_key.encrypted_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { printk(KERN_WARNING ""Tag 1 packet contains key larger "" ""than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES""); rc = -EINVAL; goto out; } memcpy((*new_auth_tok)->session_key.encrypted_key, &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2))); (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size; (*new_auth_tok)->session_key.flags &= ~ECRYPTFS_CONTAINS_DECRYPTED_KEY; (*new_auth_tok)->session_key.flags |= ECRYPTFS_CONTAINS_ENCRYPTED_KEY; (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; (*new_auth_tok)->flags = 0; (*new_auth_tok)->session_key.flags &= ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); (*new_auth_tok)->session_key.flags &= ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); list_add(&auth_tok_list_item->list, auth_tok_list); goto out; out_free: (*new_auth_tok) = NULL; memset(auth_tok_list_item, 0, sizeof(struct ecryptfs_auth_tok_list_item)); kmem_cache_free(ecryptfs_auth_tok_list_item_cache, auth_tok_list_item); out: if (rc) (*packet_size) = 0; return rc; }",linux-2.6,,,265449427222778796467176338814558755389,0 4128,CWE-119,"static char *fstrndup(const char *ptr, unsigned long len) { char *result; if (len <= 0) return NULL; result = ALLOC_N(char, len); memccpy(result, ptr, 0, len); return result; }",visit repo url,ext/json/ext/generator/generator.c,https://github.com/flori/json,16078499292711,1 6353,['CWE-200'],"struct qdisc_rate_table *qdisc_get_rtab(struct tc_ratespec *r, struct rtattr *tab) { struct qdisc_rate_table *rtab; for (rtab = qdisc_rtab_list; rtab; rtab = rtab->next) { if (memcmp(&rtab->rate, r, sizeof(struct tc_ratespec)) == 0) { rtab->refcnt++; return rtab; } } if (tab == NULL || r->rate == 0 || r->cell_log == 0 || RTA_PAYLOAD(tab) != 1024) return NULL; rtab = kmalloc(sizeof(*rtab), GFP_KERNEL); if (rtab) { rtab->rate = *r; rtab->refcnt = 1; memcpy(rtab->data, RTA_DATA(tab), 1024); rtab->next = qdisc_rtab_list; qdisc_rtab_list = rtab; } return rtab; }",linux-2.6,,,164564841600042379555557207863132912280,0 711,CWE-20,"int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int err = 0; size_t target, copied = 0; long timeo; if (flags & MSG_OOB) return -EOPNOTSUPP; msg->msg_namelen = 0; BT_DBG(""sk %p size %zu"", sk, size); lock_sock(sk); target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); do { struct sk_buff *skb; int chunk; skb = skb_dequeue(&sk->sk_receive_queue); if (!skb) { if (copied >= target) break; err = sock_error(sk); if (err) break; if (sk->sk_shutdown & RCV_SHUTDOWN) break; err = -EAGAIN; if (!timeo) break; timeo = bt_sock_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } continue; } chunk = min_t(unsigned int, skb->len, size); if (skb_copy_datagram_iovec(skb, 0, msg->msg_iov, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (!copied) copied = -EFAULT; break; } copied += chunk; size -= chunk; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { int skb_len = skb_headlen(skb); if (chunk <= skb_len) { __skb_pull(skb, chunk); } else { struct sk_buff *frag; __skb_pull(skb, skb_len); chunk -= skb_len; skb_walk_frags(skb, frag) { if (chunk <= frag->len) { skb->len -= chunk; skb->data_len -= chunk; __skb_pull(frag, chunk); break; } else if (frag->len) { chunk -= frag->len; skb->len -= frag->len; skb->data_len -= frag->len; __skb_pull(frag, frag->len); } } } if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); out: release_sock(sk); return copied ? : err; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,130876190644773,1 6041,CWE-787,"int flb_gzip_compress(void *in_data, size_t in_len, void **out_data, size_t *out_len) { int flush; int status; int footer_start; uint8_t *pb; size_t out_size; void *out_buf; z_stream strm; mz_ulong crc; out_size = in_len + 32; out_buf = flb_malloc(out_size); if (!out_buf) { flb_errno(); flb_error(""[gzip] could not allocate outgoing buffer""); return -1; } memset(&strm, '\0', sizeof(strm)); strm.zalloc = Z_NULL; strm.zfree = Z_NULL; strm.opaque = Z_NULL; strm.next_in = in_data; strm.avail_in = in_len; strm.total_out = 0; deflateInit2(&strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED, -Z_DEFAULT_WINDOW_BITS, 9, Z_DEFAULT_STRATEGY); gzip_header(out_buf); pb = (uint8_t *) out_buf + FLB_GZIP_HEADER_OFFSET; flush = Z_NO_FLUSH; while (1) { strm.next_out = pb + strm.total_out; strm.avail_out = out_size - (pb - (uint8_t *) out_buf); if (strm.avail_in == 0) { flush = Z_FINISH; } status = deflate(&strm, flush); if (status == Z_STREAM_END) { break; } else if (status != Z_OK) { deflateEnd(&strm); return -1; } } if (deflateEnd(&strm) != Z_OK) { flb_free(out_buf); return -1; } *out_len = strm.total_out; footer_start = FLB_GZIP_HEADER_OFFSET + *out_len; pb = (uint8_t *) out_buf + footer_start; crc = mz_crc32(MZ_CRC32_INIT, in_data, in_len); *pb++ = crc & 0xFF; *pb++ = (crc >> 8) & 0xFF; *pb++ = (crc >> 16) & 0xFF; *pb++ = (crc >> 24) & 0xFF; *pb++ = in_len & 0xFF; *pb++ = (in_len >> 8) & 0xFF; *pb++ = (in_len >> 16) & 0xFF; *pb++ = (in_len >> 24) & 0xFF; *out_len += FLB_GZIP_HEADER_OFFSET + 8; *out_data = out_buf; return 0; }",visit repo url,src/flb_gzip.c,https://github.com/fluent/fluent-bit,188039638877284,1 1371,[],"static inline u64 max_vruntime(u64 min_vruntime, u64 vruntime) { s64 delta = (s64)(vruntime - min_vruntime); if (delta > 0) min_vruntime = vruntime; return min_vruntime; }",linux-2.6,,,140414417186229151815918441906668780996,0 6186,CWE-190,"void fb_write_bin(uint8_t *bin, int len, const fb_t a) { bn_t t; bn_null(t); if (len != RLC_FB_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } RLC_TRY { bn_new(t); bn_read_raw(t, a, RLC_FB_DIGS); bn_write_bin(bin, len, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/fb/relic_fb_util.c,https://github.com/relic-toolkit/relic,197137105315165,1 1943,['CWE-20'],"static inline unsigned long zap_pud_range(struct mmu_gather *tlb, struct vm_area_struct *vma, pgd_t *pgd, unsigned long addr, unsigned long end, long *zap_work, struct zap_details *details) { pud_t *pud; unsigned long next; pud = pud_offset(pgd, addr); do { next = pud_addr_end(addr, end); if (pud_none_or_clear_bad(pud)) { (*zap_work)--; continue; } next = zap_pmd_range(tlb, vma, pud, addr, next, zap_work, details); } while (pud++, addr = next, (addr != end && *zap_work > 0)); return addr; }",linux-2.6,,,27429309080986686358468585657520782581,0 5295,CWE-787,"TEE_Result syscall_obj_generate_key(unsigned long obj, unsigned long key_size, const struct utee_attribute *usr_params, unsigned long param_count) { TEE_Result res; struct tee_ta_session *sess; const struct tee_cryp_obj_type_props *type_props; struct tee_obj *o; struct tee_cryp_obj_secret *key; size_t byte_size; TEE_Attribute *params = NULL; res = tee_ta_get_current_session(&sess); if (res != TEE_SUCCESS) return res; res = tee_obj_get(to_user_ta_ctx(sess->ctx), tee_svc_uref_to_vaddr(obj), &o); if (res != TEE_SUCCESS) return res; if ((o->info.handleFlags & TEE_HANDLE_FLAG_PERSISTENT) != 0) return TEE_ERROR_BAD_STATE; if ((o->info.handleFlags & TEE_HANDLE_FLAG_INITIALIZED) != 0) return TEE_ERROR_BAD_STATE; type_props = tee_svc_find_type_props(o->info.objectType); if (!type_props) return TEE_ERROR_NOT_SUPPORTED; if (key_size % type_props->quanta != 0) return TEE_ERROR_NOT_SUPPORTED; if (key_size < type_props->min_size) return TEE_ERROR_NOT_SUPPORTED; if (key_size > type_props->max_size) return TEE_ERROR_NOT_SUPPORTED; params = malloc(sizeof(TEE_Attribute) * param_count); if (!params) return TEE_ERROR_OUT_OF_MEMORY; res = copy_in_attrs(to_user_ta_ctx(sess->ctx), usr_params, param_count, params); if (res != TEE_SUCCESS) goto out; res = tee_svc_cryp_check_attr(ATTR_USAGE_GENERATE_KEY, type_props, params, param_count); if (res != TEE_SUCCESS) goto out; switch (o->info.objectType) { case TEE_TYPE_AES: case TEE_TYPE_DES: case TEE_TYPE_DES3: case TEE_TYPE_HMAC_MD5: case TEE_TYPE_HMAC_SHA1: case TEE_TYPE_HMAC_SHA224: case TEE_TYPE_HMAC_SHA256: case TEE_TYPE_HMAC_SHA384: case TEE_TYPE_HMAC_SHA512: case TEE_TYPE_GENERIC_SECRET: byte_size = key_size / 8; if (o->info.objectType == TEE_TYPE_DES || o->info.objectType == TEE_TYPE_DES3) { byte_size = (key_size + key_size / 7) / 8; } key = (struct tee_cryp_obj_secret *)o->attr; if (byte_size > key->alloc_size) { res = TEE_ERROR_EXCESS_DATA; goto out; } res = crypto_rng_read((void *)(key + 1), byte_size); if (res != TEE_SUCCESS) goto out; key->key_size = byte_size; o->have_attrs = (1 << type_props->num_type_attrs) - 1; break; case TEE_TYPE_RSA_KEYPAIR: res = tee_svc_obj_generate_key_rsa(o, type_props, key_size, params, param_count); if (res != TEE_SUCCESS) goto out; break; case TEE_TYPE_DSA_KEYPAIR: res = tee_svc_obj_generate_key_dsa(o, type_props, key_size); if (res != TEE_SUCCESS) goto out; break; case TEE_TYPE_DH_KEYPAIR: res = tee_svc_obj_generate_key_dh(o, type_props, key_size, params, param_count); if (res != TEE_SUCCESS) goto out; break; case TEE_TYPE_ECDSA_KEYPAIR: case TEE_TYPE_ECDH_KEYPAIR: res = tee_svc_obj_generate_key_ecc(o, type_props, key_size, params, param_count); if (res != TEE_SUCCESS) goto out; break; default: res = TEE_ERROR_BAD_FORMAT; } out: free(params); if (res == TEE_SUCCESS) { o->info.keySize = key_size; o->info.handleFlags |= TEE_HANDLE_FLAG_INITIALIZED; } return res; }",visit repo url,core/tee/tee_svc_cryp.c,https://github.com/OP-TEE/optee_os,77710880029574,1 3902,['CWE-399'],"static int tda9873_checkit(struct CHIPSTATE *chip) { int rc; if (-1 == (rc = chip_read2(chip,254))) return 0; return (rc & ~0x1f) == 0x80; }",linux-2.6,,,58821798794400399066443684540217701197,0 3032,['CWE-189'],"void *jas_malloc(size_t size) { return malloc(size); }",jasper,,,326880856973432733245742351551140931927,0 660,[],"void dccp_close(struct sock *sk, long timeout) { struct dccp_sock *dp = dccp_sk(sk); struct sk_buff *skb; int state; lock_sock(sk); sk->sk_shutdown = SHUTDOWN_MASK; if (sk->sk_state == DCCP_LISTEN) { dccp_set_state(sk, DCCP_CLOSED); inet_csk_listen_stop(sk); goto adjudge_to_death; } sk_stop_timer(sk, &dp->dccps_xmit_timer); while ((skb = __skb_dequeue(&sk->sk_receive_queue)) != NULL) { __kfree_skb(skb); } if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) { sk->sk_prot->disconnect(sk, 0); } else if (dccp_close_state(sk)) { dccp_send_close(sk, 1); } sk_stream_wait_close(sk, timeout); adjudge_to_death: state = sk->sk_state; sock_hold(sk); sock_orphan(sk); atomic_inc(sk->sk_prot->orphan_count); release_sock(sk); local_bh_disable(); bh_lock_sock(sk); BUG_TRAP(!sock_owned_by_user(sk)); if (state != DCCP_CLOSED && sk->sk_state == DCCP_CLOSED) goto out; if (sk->sk_state == DCCP_CLOSING) { inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, inet_csk(sk)->icsk_rto, DCCP_RTO_MAX); #if 0 dccp_set_state(sk, DCCP_CLOSED); #endif } if (sk->sk_state == DCCP_CLOSED) inet_csk_destroy_sock(sk); out: bh_unlock_sock(sk); local_bh_enable(); sock_put(sk); }",linux-2.6,,,86478524205968313673878806220041624004,0 527,CWE-264,"static struct mnt_namespace *dup_mnt_ns(struct mnt_namespace *mnt_ns, struct user_namespace *user_ns, struct fs_struct *fs) { struct mnt_namespace *new_ns; struct vfsmount *rootmnt = NULL, *pwdmnt = NULL; struct mount *p, *q; struct mount *old = mnt_ns->root; struct mount *new; int copy_flags; new_ns = alloc_mnt_ns(user_ns); if (IS_ERR(new_ns)) return new_ns; down_write(&namespace_sem); copy_flags = CL_COPY_ALL | CL_EXPIRE; if (user_ns != mnt_ns->user_ns) copy_flags |= CL_SHARED_TO_SLAVE; new = copy_tree(old, old->mnt.mnt_root, copy_flags); if (IS_ERR(new)) { up_write(&namespace_sem); free_mnt_ns(new_ns); return ERR_CAST(new); } new_ns->root = new; br_write_lock(&vfsmount_lock); list_add_tail(&new_ns->list, &new->mnt_list); br_write_unlock(&vfsmount_lock); p = old; q = new; while (p) { q->mnt_ns = new_ns; if (fs) { if (&p->mnt == fs->root.mnt) { fs->root.mnt = mntget(&q->mnt); rootmnt = &p->mnt; } if (&p->mnt == fs->pwd.mnt) { fs->pwd.mnt = mntget(&q->mnt); pwdmnt = &p->mnt; } } p = next_mnt(p, old); q = next_mnt(q, new); } up_write(&namespace_sem); if (rootmnt) mntput(rootmnt); if (pwdmnt) mntput(pwdmnt); return new_ns; }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,1920908819293,1 3303,['CWE-189'],"void jpc_enc_cp_destroy(jpc_enc_cp_t *cp) { if (cp->ccps) { if (cp->tcp.ilyrrates) { jas_free(cp->tcp.ilyrrates); } jas_free(cp->ccps); } jas_free(cp); }",jasper,,,47683186448406709832933600703270119733,0 4336,['CWE-119'],"static inline int clamp (int x, int low, int high) { if (x < low) return low; if (x > high) return high; return x; }",audiofile,,,191852104170646605879663070921544168355,0 2231,NVD-CWE-noinfo,"static struct nfs4_opendata *nfs4_opendata_alloc(struct path *path, struct nfs4_state_owner *sp, int flags, const struct iattr *attrs) { struct dentry *parent = dget_parent(path->dentry); struct inode *dir = parent->d_inode; struct nfs_server *server = NFS_SERVER(dir); struct nfs4_opendata *p; p = kzalloc(sizeof(*p), GFP_KERNEL); if (p == NULL) goto err; p->o_arg.seqid = nfs_alloc_seqid(&sp->so_seqid); if (p->o_arg.seqid == NULL) goto err_free; p->path.mnt = mntget(path->mnt); p->path.dentry = dget(path->dentry); p->dir = parent; p->owner = sp; atomic_inc(&sp->so_count); p->o_arg.fh = NFS_FH(dir); p->o_arg.open_flags = flags, p->o_arg.clientid = server->nfs_client->cl_clientid; p->o_arg.id = sp->so_owner_id.id; p->o_arg.name = &p->path.dentry->d_name; p->o_arg.server = server; p->o_arg.bitmask = server->attr_bitmask; p->o_arg.claim = NFS4_OPEN_CLAIM_NULL; if (flags & O_EXCL) { u32 *s = (u32 *) p->o_arg.u.verifier.data; s[0] = jiffies; s[1] = current->pid; } else if (flags & O_CREAT) { p->o_arg.u.attrs = &p->attrs; memcpy(&p->attrs, attrs, sizeof(p->attrs)); } p->c_arg.fh = &p->o_res.fh; p->c_arg.stateid = &p->o_res.stateid; p->c_arg.seqid = p->o_arg.seqid; nfs4_init_opendata_res(p); kref_init(&p->kref); return p; err_free: kfree(p); err: dput(parent); return NULL; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,6604512588464,1 6568,['CWE-200'],"action_info_set_new_func (ActionInfo *info, PageNewConnectionFunc func) { g_return_if_fail (info != NULL); info->new_func = func; }",network-manager-applet,,,232172523220125457187131553157944004105,0 1090,['CWE-399'],"int copy_siginfo_from_user32(siginfo_t *to, compat_siginfo_t __user *from) { int err; u32 ptr32; if (!access_ok(VERIFY_READ, from, sizeof(compat_siginfo_t))) return -EFAULT; err = __get_user(to->si_signo, &from->si_signo); err |= __get_user(to->si_errno, &from->si_errno); err |= __get_user(to->si_code, &from->si_code); err |= __get_user(to->si_pid, &from->si_pid); err |= __get_user(to->si_uid, &from->si_uid); err |= __get_user(ptr32, &from->si_ptr); to->si_ptr = compat_ptr(ptr32); return err; }",linux-2.6,,,252412625442733594029865158512881040446,0 5641,['CWE-476'],"static void udpv6_mcast_deliver(struct udphdr *uh, struct in6_addr *saddr, struct in6_addr *daddr, struct sk_buff *skb) { struct sock *sk, *sk2; int dif; read_lock(&udp_hash_lock); sk = sk_head(&udp_hash[ntohs(uh->dest) & (UDP_HTABLE_SIZE - 1)]); dif = skb->dev->ifindex; sk = udp_v6_mcast_next(sk, uh->dest, daddr, uh->source, saddr, dif); if (!sk) { kfree_skb(skb); goto out; } sk2 = sk; while ((sk2 = udp_v6_mcast_next(sk_next(sk2), uh->dest, daddr, uh->source, saddr, dif))) { struct sk_buff *buff = skb_clone(skb, GFP_ATOMIC); if (buff) udpv6_queue_rcv_skb(sk2, buff); } udpv6_queue_rcv_skb(sk, skb); out: read_unlock(&udp_hash_lock); }",linux-2.6,,,90669241598680530037422786336796264041,0 4967,['CWE-20'],"static int nfs_volume_list_show(struct seq_file *m, void *v) { struct nfs_server *server; struct nfs_client *clp; char dev[8], fsid[17]; if (v == &nfs_volume_list) { seq_puts(m, ""NV SERVER PORT DEV FSID\n""); return 0; } server = list_entry(v, struct nfs_server, master_link); clp = server->nfs_client; snprintf(dev, 8, ""%u:%u"", MAJOR(server->s_dev), MINOR(server->s_dev)); snprintf(fsid, 17, ""%llx:%llx"", (unsigned long long) server->fsid.major, (unsigned long long) server->fsid.minor); seq_printf(m, ""v%d %02x%02x%02x%02x %4hx %-7s %-17s\n"", clp->cl_nfsversion, NIPQUAD(clp->cl_addr.sin_addr), ntohs(clp->cl_addr.sin_port), dev, fsid); return 0; }",linux-2.6,,,21580569662480161985575930242784333983,0 6148,['CWE-200'],"static int neigh_forced_gc(struct neigh_table *tbl) { int shrunk = 0; int i; NEIGH_CACHE_STAT_INC(tbl, forced_gc_runs); write_lock_bh(&tbl->lock); for (i = 0; i <= tbl->hash_mask; i++) { struct neighbour *n, **np; np = &tbl->hash_buckets[i]; while ((n = *np) != NULL) { write_lock(&n->lock); if (atomic_read(&n->refcnt) == 1 && !(n->nud_state & NUD_PERMANENT)) { *np = n->next; n->dead = 1; shrunk = 1; write_unlock(&n->lock); neigh_release(n); continue; } write_unlock(&n->lock); np = &n->next; } } tbl->last_flush = jiffies; write_unlock_bh(&tbl->lock); return shrunk; }",linux-2.6,,,257620861941199211017292445916949423528,0 955,['CWE-189'],"SProcShmQueryVersion(client) register ClientPtr client; { register int n; REQUEST(xShmQueryVersionReq); swaps(&stuff->length, n); return ProcShmQueryVersion(client); }",xserver,,,137925460731207654699332222607190340655,0 893,CWE-20,"static int vmci_transport_dgram_dequeue(struct kiocb *kiocb, struct vsock_sock *vsk, struct msghdr *msg, size_t len, int flags) { int err; int noblock; struct vmci_datagram *dg; size_t payload_len; struct sk_buff *skb; noblock = flags & MSG_DONTWAIT; if (flags & MSG_OOB || flags & MSG_ERRQUEUE) return -EOPNOTSUPP; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); if (err) return err; if (!skb) return -EAGAIN; dg = (struct vmci_datagram *)skb->data; if (!dg) goto out; payload_len = dg->payload_size; if (payload_len != skb->len - sizeof(*dg)) { err = -EINVAL; goto out; } if (payload_len > len) { payload_len = len; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, sizeof(*dg), msg->msg_iov, payload_len); if (err) goto out; if (msg->msg_name) { struct sockaddr_vm *vm_addr; vm_addr = (struct sockaddr_vm *)msg->msg_name; vsock_addr_init(vm_addr, dg->src.context, dg->src.resource); msg->msg_namelen = sizeof(*vm_addr); } err = payload_len; out: skb_free_datagram(&vsk->sk, skb); return err; }",visit repo url,net/vmw_vsock/vmci_transport.c,https://github.com/torvalds/linux,147465821146213,1 376,CWE-404,"long keyctl_set_reqkey_keyring(int reqkey_defl) { struct cred *new; int ret, old_setting; old_setting = current_cred_xxx(jit_keyring); if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) return old_setting; new = prepare_creds(); if (!new) return -ENOMEM; switch (reqkey_defl) { case KEY_REQKEY_DEFL_THREAD_KEYRING: ret = install_thread_keyring_to_cred(new); if (ret < 0) goto error; goto set; case KEY_REQKEY_DEFL_PROCESS_KEYRING: ret = install_process_keyring_to_cred(new); if (ret < 0) { if (ret != -EEXIST) goto error; ret = 0; } goto set; case KEY_REQKEY_DEFL_DEFAULT: case KEY_REQKEY_DEFL_SESSION_KEYRING: case KEY_REQKEY_DEFL_USER_KEYRING: case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: goto set; case KEY_REQKEY_DEFL_NO_CHANGE: case KEY_REQKEY_DEFL_GROUP_KEYRING: default: ret = -EINVAL; goto error; } set: new->jit_keyring = reqkey_defl; commit_creds(new); return old_setting; error: abort_creds(new); return ret; }",visit repo url,security/keys/keyctl.c,https://github.com/torvalds/linux,165828680101604,1 2551,['CWE-119'],"void diff_unmerge(struct diff_options *options, const char *path, unsigned mode, const unsigned char *sha1) { struct diff_filespec *one, *two; if (options->prefix && strncmp(path, options->prefix, options->prefix_length)) return; one = alloc_filespec(path); two = alloc_filespec(path); fill_filespec(one, sha1, mode); diff_queue(&diff_queued_diff, one, two)->is_unmerged = 1; }",git,,,38044015474840663177969461782168435773,0 876,['CWE-200'],"static struct page *shmem_swapin(struct shmem_inode_info *info, swp_entry_t entry, unsigned long idx) { struct shared_policy *p = &info->policy; int i, num; struct page *page; unsigned long offset; num = valid_swaphandles(entry, &offset); for (i = 0; i < num; offset++, i++) { page = shmem_swapin_async(p, swp_entry(swp_type(entry), offset), idx); if (!page) break; page_cache_release(page); } lru_add_drain(); return shmem_swapin_async(p, entry, idx); }",linux-2.6,,,309522798677989059580942505290485918863,0 806,CWE-20,"static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; size_t copied; struct sk_buff *skb; int er; lock_sock(sk); if (sk->sk_state != TCP_ESTABLISHED) { release_sock(sk); return -ENOTCONN; } if ((skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &er)) == NULL) { release_sock(sk); return er; } skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } er = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (er < 0) { skb_free_datagram(sk, skb); release_sock(sk); return er; } if (sax != NULL) { memset(sax, 0, sizeof(*sax)); sax->sax25_family = AF_NETROM; skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, AX25_ADDR_LEN); } msg->msg_namelen = sizeof(*sax); skb_free_datagram(sk, skb); release_sock(sk); return copied; }",visit repo url,net/netrom/af_netrom.c,https://github.com/torvalds/linux,173317170707187,1 6000,CWE-120,"static PyObject *__pyx_pw_17clickhouse_driver_14bufferedreader_14BufferedReader_5read(PyObject *__pyx_v_self, PyObject *__pyx_arg_unread) { Py_ssize_t __pyx_v_unread; PyObject *__pyx_r = 0; __Pyx_RefNannyDeclarations __Pyx_RefNannySetupContext(""read (wrapper)"", 0); assert(__pyx_arg_unread); { __pyx_v_unread = __Pyx_PyIndex_AsSsize_t(__pyx_arg_unread); if (unlikely((__pyx_v_unread == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 25, __pyx_L3_error) } goto __pyx_L4_argument_unpacking_done; __pyx_L3_error:; __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.BufferedReader.read"", __pyx_clineno, __pyx_lineno, __pyx_filename); __Pyx_RefNannyFinishContext(); return NULL; __pyx_L4_argument_unpacking_done:; __pyx_r = __pyx_pf_17clickhouse_driver_14bufferedreader_14BufferedReader_4read(((struct __pyx_obj_17clickhouse_driver_14bufferedreader_BufferedReader *)__pyx_v_self), ((Py_ssize_t)__pyx_v_unread)); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,9790764433757,1 2983,['CWE-189'],"void *jas_calloc(size_t num_elements, size_t element_size) { void *ptr; size_t size; if (!jas_safe_size_mul(num_elements, element_size, &size)) { return 0; } if (!(ptr = jas_malloc(size))) { return 0; } memset(ptr, 0, size); return ptr; }",jasper,,,88323698475325401949205883003420073947,0 6125,['CWE-200'],"static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) { inet6_ifa_notify(event ? : RTM_NEWADDR, ifp); switch (event) { case RTM_NEWADDR: dst_hold(&ifp->rt->u.dst); if (ip6_ins_rt(ifp->rt, NULL, NULL, NULL)) dst_release(&ifp->rt->u.dst); if (ifp->idev->cnf.forwarding) addrconf_join_anycast(ifp); break; case RTM_DELADDR: if (ifp->idev->cnf.forwarding) addrconf_leave_anycast(ifp); addrconf_leave_solict(ifp->idev, &ifp->addr); dst_hold(&ifp->rt->u.dst); if (ip6_del_rt(ifp->rt, NULL, NULL, NULL)) dst_free(&ifp->rt->u.dst); else dst_release(&ifp->rt->u.dst); break; } }",linux-2.6,,,211299775163987384935729911710325136349,0 6035,CWE-787,"static int blosc_c(struct thread_context* thread_context, int32_t bsize, int32_t leftoverblock, int32_t ntbytes, int32_t maxbytes, const uint8_t* src, const int32_t offset, uint8_t* dest, uint8_t* tmp, uint8_t* tmp2) { blosc2_context* context = thread_context->parent_context; int dont_split = (context->header_flags & 0x10) >> 4; int dict_training = context->use_dict && context->dict_cdict == NULL; int32_t j, neblock, nstreams; int32_t cbytes; int32_t ctbytes = 0; int64_t maxout; int32_t typesize = context->typesize; const char* compname; int accel; const uint8_t* _src; uint8_t *_tmp = tmp, *_tmp2 = tmp2; uint8_t *_tmp3 = thread_context->tmp4; int last_filter_index = last_filter(context->filters, 'c'); bool memcpyed = context->header_flags & (uint8_t)BLOSC_MEMCPYED; if (last_filter_index >= 0 || context->prefilter != NULL) { if (memcpyed && context->prefilter != NULL) { _src = pipeline_c(thread_context, bsize, src, offset, dest, _tmp2, _tmp3); if (_src == NULL) { return -9; } return bsize; } _src = pipeline_c(thread_context, bsize, src, offset, _tmp, _tmp2, _tmp3); if (_src == NULL) { return -9; } } else { _src = src + offset; } assert(context->clevel > 0); accel = get_accel(context); if (!dont_split && !leftoverblock && !dict_training) { nstreams = (int32_t)typesize; } else { nstreams = 1; } neblock = bsize / nstreams; for (j = 0; j < nstreams; j++) { if (!dict_training) { dest += sizeof(int32_t); ntbytes += sizeof(int32_t); ctbytes += sizeof(int32_t); } const uint8_t* ip = (uint8_t*)_src + j * neblock; const uint8_t* ipbound = (uint8_t*)_src + (j + 1) * neblock; if (get_run(ip, ipbound)) { int32_t value = _src[j * neblock]; _sw32(dest - 4, -value); continue; } maxout = neblock; #if defined(HAVE_SNAPPY) if (context->compcode == BLOSC_SNAPPY) { maxout = (int32_t)snappy_max_compressed_length((size_t)neblock); } #endif if (ntbytes + maxout > maxbytes) { maxout = (int64_t)maxbytes - (int64_t)ntbytes; if (maxout <= 0) { return 0; } } if (dict_training) { memcpy(dest, _src + j * neblock, (unsigned int)neblock); cbytes = (int32_t)neblock; } else if (context->compcode == BLOSC_BLOSCLZ) { cbytes = blosclz_compress(context->clevel, _src + j * neblock, (int)neblock, dest, (int)maxout); } #if defined(HAVE_LZ4) else if (context->compcode == BLOSC_LZ4) { void *hash_table = NULL; #ifdef HAVE_IPP hash_table = (void*)thread_context->lz4_hash_table; #endif cbytes = lz4_wrap_compress((char*)_src + j * neblock, (size_t)neblock, (char*)dest, (size_t)maxout, accel, hash_table); } else if (context->compcode == BLOSC_LZ4HC) { cbytes = lz4hc_wrap_compress((char*)_src + j * neblock, (size_t)neblock, (char*)dest, (size_t)maxout, context->clevel); } #endif #if defined(HAVE_LIZARD) else if (context->compcode == BLOSC_LIZARD) { cbytes = lizard_wrap_compress((char*)_src + j * neblock, (size_t)neblock, (char*)dest, (size_t)maxout, accel); } #endif #if defined(HAVE_SNAPPY) else if (context->compcode == BLOSC_SNAPPY) { cbytes = snappy_wrap_compress((char*)_src + j * neblock, (size_t)neblock, (char*)dest, (size_t)maxout); } #endif #if defined(HAVE_ZLIB) else if (context->compcode == BLOSC_ZLIB) { cbytes = zlib_wrap_compress((char*)_src + j * neblock, (size_t)neblock, (char*)dest, (size_t)maxout, context->clevel); } #endif #if defined(HAVE_ZSTD) else if (context->compcode == BLOSC_ZSTD) { cbytes = zstd_wrap_compress(thread_context, (char*)_src + j * neblock, (size_t)neblock, (char*)dest, (size_t)maxout, context->clevel); } #endif else { blosc_compcode_to_compname(context->compcode, &compname); fprintf(stderr, ""Blosc has not been compiled with '%s' "", compname); fprintf(stderr, ""compression support. Please use one having it.""); return -5; } if (cbytes > maxout) { return -1; } if (cbytes < 0) { return -2; } if (!dict_training) { if (cbytes == 0 || cbytes == neblock) { if ((ntbytes + neblock) > maxbytes) { return 0; } memcpy(dest, _src + j * neblock, (unsigned int)neblock); cbytes = neblock; } _sw32(dest - 4, cbytes); } dest += cbytes; ntbytes += cbytes; ctbytes += cbytes; } return ctbytes; }",visit repo url,blosc/blosc2.c,https://github.com/Blosc/c-blosc2,2945511541174,1 1411,CWE-310,"static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_cipher rcipher; snprintf(rcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""cipher""); rcipher.blocksize = alg->cra_blocksize; rcipher.min_keysize = alg->cra_cipher.cia_min_keysize; rcipher.max_keysize = alg->cra_cipher.cia_max_keysize; if (nla_put(skb, CRYPTOCFGA_REPORT_CIPHER, sizeof(struct crypto_report_cipher), &rcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user.c,https://github.com/torvalds/linux,281170485397244,1 3123,CWE-119,"bool initiate_stratum(struct pool *pool) { bool ret = false, recvd = false, noresume = false, sockd = false; char s[RBUFSIZE], *sret = NULL, *nonce1, *sessionid; json_t *val = NULL, *res_val, *err_val; json_error_t err; int n2size; resend: if (!setup_stratum_socket(pool)) { sockd = false; goto out; } sockd = true; if (recvd) { clear_sock(pool); sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": []}"", swork_id++); } else { if (pool->sessionid) sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": [\""""PACKAGE""/""VERSION""\"", \""%s\""]}"", swork_id++, pool->sessionid); else sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": [\""""PACKAGE""/""VERSION""\""]}"", swork_id++); } if (__stratum_send(pool, s, strlen(s)) != SEND_OK) { applog(LOG_DEBUG, ""Failed to send s in initiate_stratum""); goto out; } if (!socket_full(pool, DEFAULT_SOCKWAIT)) { applog(LOG_DEBUG, ""Timed out waiting for response in initiate_stratum""); goto out; } sret = recv_line(pool); if (!sret) goto out; recvd = true; val = JSON_LOADS(sret, &err); free(sret); if (!val) { applog(LOG_INFO, ""JSON decode failed(%d): %s"", err.line, err.text); goto out; } res_val = json_object_get(val, ""result""); err_val = json_object_get(val, ""error""); if (!res_val || json_is_null(res_val) || (err_val && !json_is_null(err_val))) { char *ss; if (err_val) ss = json_dumps(err_val, JSON_INDENT(3)); else ss = strdup(""(unknown reason)""); applog(LOG_INFO, ""JSON-RPC decode failed: %s"", ss); free(ss); goto out; } sessionid = get_sessionid(res_val); if (!sessionid) applog(LOG_DEBUG, ""Failed to get sessionid in initiate_stratum""); nonce1 = json_array_string(res_val, 1); if (!nonce1) { applog(LOG_INFO, ""Failed to get nonce1 in initiate_stratum""); free(sessionid); goto out; } n2size = json_integer_value(json_array_get(res_val, 2)); if (!n2size) { applog(LOG_INFO, ""Failed to get n2size in initiate_stratum""); free(sessionid); free(nonce1); goto out; } cg_wlock(&pool->data_lock); pool->sessionid = sessionid; pool->nonce1 = nonce1; pool->n1_len = strlen(nonce1) / 2; free(pool->nonce1bin); pool->nonce1bin = calloc(pool->n1_len, 1); if (unlikely(!pool->nonce1bin)) quithere(1, ""Failed to calloc pool->nonce1bin""); hex2bin(pool->nonce1bin, pool->nonce1, pool->n1_len); pool->n2size = n2size; cg_wunlock(&pool->data_lock); if (sessionid) applog(LOG_DEBUG, ""Pool %d stratum session id: %s"", pool->pool_no, pool->sessionid); ret = true; out: if (ret) { if (!pool->stratum_url) pool->stratum_url = pool->sockaddr_url; pool->stratum_active = true; pool->sdiff = 1; if (opt_protocol) { applog(LOG_DEBUG, ""Pool %d confirmed mining.subscribe with extranonce1 %s extran2size %d"", pool->pool_no, pool->nonce1, pool->n2size); } } else { if (recvd && !noresume) { cg_wlock(&pool->data_lock); free(pool->sessionid); free(pool->nonce1); pool->sessionid = pool->nonce1 = NULL; cg_wunlock(&pool->data_lock); applog(LOG_DEBUG, ""Failed to resume stratum, trying afresh""); noresume = true; json_decref(val); goto resend; } applog(LOG_DEBUG, ""Initiate stratum failed""); if (sockd) suspend_stratum(pool); } json_decref(val); return ret; }",visit repo url,util.c,https://github.com/ckolivas/cgminer,255282262861080,1 1471,[],"static void register_sched_domain_sysctl(void) { }",linux-2.6,,,144448388700426615149178810720547906155,0 3385,['CWE-264'],"asmlinkage long sys_statfs(const char __user * path, struct statfs __user * buf) { struct nameidata nd; int error; error = user_path_walk(path, &nd); if (!error) { struct statfs tmp; error = vfs_statfs_native(nd.dentry, &tmp); if (!error && copy_to_user(buf, &tmp, sizeof(tmp))) error = -EFAULT; path_release(&nd); } return error; }",linux-2.6,,,155243768620919858113802128061471921219,0 992,CWE-20,"static int isofs_read_inode(struct inode *inode) { struct super_block *sb = inode->i_sb; struct isofs_sb_info *sbi = ISOFS_SB(sb); unsigned long bufsize = ISOFS_BUFFER_SIZE(inode); unsigned long block; int high_sierra = sbi->s_high_sierra; struct buffer_head *bh = NULL; struct iso_directory_record *de; struct iso_directory_record *tmpde = NULL; unsigned int de_len; unsigned long offset; struct iso_inode_info *ei = ISOFS_I(inode); int ret = -EIO; block = ei->i_iget5_block; bh = sb_bread(inode->i_sb, block); if (!bh) goto out_badread; offset = ei->i_iget5_offset; de = (struct iso_directory_record *) (bh->b_data + offset); de_len = *(unsigned char *) de; if (offset + de_len > bufsize) { int frag1 = bufsize - offset; tmpde = kmalloc(de_len, GFP_KERNEL); if (tmpde == NULL) { printk(KERN_INFO ""%s: out of memory\n"", __func__); ret = -ENOMEM; goto fail; } memcpy(tmpde, bh->b_data + offset, frag1); brelse(bh); bh = sb_bread(inode->i_sb, ++block); if (!bh) goto out_badread; memcpy((char *)tmpde+frag1, bh->b_data, de_len - frag1); de = tmpde; } inode->i_ino = isofs_get_ino(ei->i_iget5_block, ei->i_iget5_offset, ISOFS_BUFFER_BITS(inode)); ei->i_file_format = isofs_file_normal; if (de->flags[-high_sierra] & 2) { if (sbi->s_dmode != ISOFS_INVALID_MODE) inode->i_mode = S_IFDIR | sbi->s_dmode; else inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO; set_nlink(inode, 1); } else { if (sbi->s_fmode != ISOFS_INVALID_MODE) { inode->i_mode = S_IFREG | sbi->s_fmode; } else { inode->i_mode = S_IFREG | S_IRUGO | S_IXUGO; } set_nlink(inode, 1); } inode->i_uid = sbi->s_uid; inode->i_gid = sbi->s_gid; inode->i_blocks = 0; ei->i_format_parm[0] = 0; ei->i_format_parm[1] = 0; ei->i_format_parm[2] = 0; ei->i_section_size = isonum_733(de->size); if (de->flags[-high_sierra] & 0x80) { ret = isofs_read_level3_size(inode); if (ret < 0) goto fail; ret = -EIO; } else { ei->i_next_section_block = 0; ei->i_next_section_offset = 0; inode->i_size = isonum_733(de->size); } if (sbi->s_cruft) inode->i_size &= 0x00ffffff; if (de->interleave[0]) { printk(KERN_DEBUG ""ISOFS: Interleaved files not (yet) supported.\n""); inode->i_size = 0; } if (de->file_unit_size[0] != 0) { printk(KERN_DEBUG ""ISOFS: File unit size != 0 for ISO file (%ld).\n"", inode->i_ino); } #ifdef DEBUG if((de->flags[-high_sierra] & ~2)!= 0){ printk(KERN_DEBUG ""ISOFS: Unusual flag settings for ISO file "" ""(%ld %x).\n"", inode->i_ino, de->flags[-high_sierra]); } #endif inode->i_mtime.tv_sec = inode->i_atime.tv_sec = inode->i_ctime.tv_sec = iso_date(de->date, high_sierra); inode->i_mtime.tv_nsec = inode->i_atime.tv_nsec = inode->i_ctime.tv_nsec = 0; ei->i_first_extent = (isonum_733(de->extent) + isonum_711(de->ext_attr_length)); inode->i_blocks = (inode->i_size + 511) >> 9; if (!high_sierra) { parse_rock_ridge_inode(de, inode); if (sbi->s_uid_set) inode->i_uid = sbi->s_uid; if (sbi->s_gid_set) inode->i_gid = sbi->s_gid; } if (S_ISDIR(inode->i_mode) && sbi->s_overriderockperm && sbi->s_dmode != ISOFS_INVALID_MODE) inode->i_mode = S_IFDIR | sbi->s_dmode; if (S_ISREG(inode->i_mode) && sbi->s_overriderockperm && sbi->s_fmode != ISOFS_INVALID_MODE) inode->i_mode = S_IFREG | sbi->s_fmode; if (S_ISREG(inode->i_mode)) { inode->i_fop = &generic_ro_fops; switch (ei->i_file_format) { #ifdef CONFIG_ZISOFS case isofs_file_compressed: inode->i_data.a_ops = &zisofs_aops; break; #endif default: inode->i_data.a_ops = &isofs_aops; break; } } else if (S_ISDIR(inode->i_mode)) { inode->i_op = &isofs_dir_inode_operations; inode->i_fop = &isofs_dir_operations; } else if (S_ISLNK(inode->i_mode)) { inode->i_op = &page_symlink_inode_operations; inode->i_data.a_ops = &isofs_symlink_aops; } else init_special_inode(inode, inode->i_mode, inode->i_rdev); ret = 0; out: kfree(tmpde); if (bh) brelse(bh); return ret; out_badread: printk(KERN_WARNING ""ISOFS: unable to read i-node block\n""); fail: goto out; }",visit repo url,fs/isofs/inode.c,https://github.com/torvalds/linux,238226164333472,1 5592,[],"static int do_signal_stop(int signr) { struct signal_struct *sig = current->signal; int stop_count; if (sig->group_stop_count > 0) { stop_count = --sig->group_stop_count; } else { struct task_struct *t; if (!likely(sig->flags & SIGNAL_STOP_DEQUEUED) || unlikely(signal_group_exit(sig))) return 0; sig->group_exit_code = signr; stop_count = 0; for (t = next_thread(current); t != current; t = next_thread(t)) if (!(t->flags & PF_EXITING) && !task_is_stopped_or_traced(t)) { stop_count++; signal_wake_up(t, 0); } sig->group_stop_count = stop_count; } if (stop_count == 0) sig->flags = SIGNAL_STOP_STOPPED; current->exit_code = sig->group_exit_code; __set_current_state(TASK_STOPPED); spin_unlock_irq(¤t->sighand->siglock); finish_stop(stop_count); return 1; }",linux-2.6,,,306897455629733242267743458773889434090,0 2476,CWE-119,"cdf_read_sector(const cdf_info_t *info, void *buf, size_t offs, size_t len, const cdf_header_t *h, cdf_secid_t id) { assert((size_t)CDF_SEC_SIZE(h) == len); return cdf_read(info, (off_t)CDF_SEC_POS(h, id), ((char *)buf) + offs, len); }",visit repo url,src/cdf.c,https://github.com/glensc/file,278211070928867,1 2858,CWE-787,"horizontalDifference16(unsigned short *ip, int n, int stride, unsigned short *wp, uint16 *From14) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) From14[(v) >> 2] mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,33444542816717,1 3798,CWE-416,"define_function(exarg_T *eap, char_u *name_arg, char_u **line_to_free) { int j; int c; int saved_did_emsg; char_u *name = name_arg; int is_global = FALSE; char_u *p; char_u *arg; char_u *whitep; char_u *line_arg = NULL; garray_T newargs; garray_T argtypes; garray_T default_args; garray_T newlines; int varargs = FALSE; int flags = 0; char_u *ret_type = NULL; ufunc_T *fp = NULL; int fp_allocated = FALSE; int free_fp = FALSE; int overwrite = FALSE; dictitem_T *v; funcdict_T fudi; static int func_nr = 0; int paren; hashitem_T *hi; linenr_T sourcing_lnum_top; int vim9script = in_vim9script(); imported_T *import = NULL; if (ends_excmd2(eap->cmd, eap->arg)) { if (!eap->skip) list_functions(NULL); set_nextcmd(eap, eap->arg); return NULL; } if (*eap->arg == '/') { p = skip_regexp(eap->arg + 1, '/', TRUE); if (!eap->skip) { regmatch_T regmatch; c = *p; *p = NUL; regmatch.regprog = vim_regcomp(eap->arg + 1, RE_MAGIC); *p = c; if (regmatch.regprog != NULL) { regmatch.rm_ic = p_ic; list_functions(®match); vim_regfree(regmatch.regprog); } } if (*p == '/') ++p; set_nextcmd(eap, p); return NULL; } ga_init(&newargs); ga_init(&argtypes); ga_init(&default_args); p = eap->arg; if (name_arg != NULL) { paren = TRUE; CLEAR_FIELD(fudi); } else { name = save_function_name(&p, &is_global, eap->skip, TFN_NO_AUTOLOAD, &fudi); paren = (vim_strchr(p, '(') != NULL); if (name == NULL && (fudi.fd_dict == NULL || !paren) && !eap->skip) { if (!aborting()) { if (!eap->skip && fudi.fd_newkey != NULL) semsg(_(e_key_not_present_in_dictionary), fudi.fd_newkey); vim_free(fudi.fd_newkey); return NULL; } else eap->skip = TRUE; } } saved_did_emsg = did_emsg; did_emsg = FALSE; if (!paren) { if (!ends_excmd(*skipwhite(p))) { semsg(_(e_trailing_characters_str), p); goto ret_free; } set_nextcmd(eap, p); if (eap->nextcmd != NULL) *p = NUL; if (!eap->skip && !got_int) { fp = find_func(name, is_global, NULL); if (fp == NULL && ASCII_ISUPPER(*eap->arg)) { char_u *up = untrans_function_name(name); if (up != NULL) fp = find_func(up, FALSE, NULL); } if (fp != NULL) { list_func_head(fp, TRUE); for (j = 0; j < fp->uf_lines.ga_len && !got_int; ++j) { if (FUNCLINE(fp, j) == NULL) continue; msg_putchar('\n'); msg_outnum((long)(j + 1)); if (j < 9) msg_putchar(' '); if (j < 99) msg_putchar(' '); msg_prt_line(FUNCLINE(fp, j), FALSE); out_flush(); ui_breakcheck(); } if (!got_int) { msg_putchar('\n'); if (fp->uf_def_status != UF_NOT_COMPILED) msg_puts("" enddef""); else msg_puts("" endfunction""); } } else emsg_funcname(e_undefined_function_str, eap->arg); } goto ret_free; } p = skipwhite(p); if (*p != '(') { if (!eap->skip) { semsg(_(e_missing_paren_str), eap->arg); goto ret_free; } if (vim_strchr(p, '(') != NULL) p = vim_strchr(p, '('); } if ((vim9script || eap->cmdidx == CMD_def) && VIM_ISWHITE(p[-1])) { semsg(_(e_no_white_space_allowed_before_str_str), ""("", p - 1); goto ret_free; } if (vim9script && eap->forceit && !is_global) { emsg(_(e_no_bang_allowed)); goto ret_free; } ga_init2(&newlines, (int)sizeof(char_u *), 10); if (!eap->skip && name_arg == NULL) { if (name != NULL) arg = name; else arg = fudi.fd_newkey; if (arg != NULL && (fudi.fd_di == NULL || (fudi.fd_di->di_tv.v_type != VAR_FUNC && fudi.fd_di->di_tv.v_type != VAR_PARTIAL))) { char_u *name_base = arg; int i; if (*arg == K_SPECIAL) { name_base = vim_strchr(arg, '_'); if (name_base == NULL) name_base = arg + 3; else ++name_base; } for (i = 0; name_base[i] != NUL && (i == 0 ? eval_isnamec1(name_base[i]) : eval_isnamec(name_base[i])); ++i) ; if (name_base[i] != NUL) emsg_funcname(e_invalid_argument_str, arg); if (vim9script && *arg == K_SPECIAL && eval_variable(name_base, (int)STRLEN(name_base), 0, NULL, NULL, EVAL_VAR_NOAUTOLOAD + EVAL_VAR_IMPORT + EVAL_VAR_NO_FUNC) == OK) { semsg(_(e_redefining_script_item_str), name_base); goto ret_free; } } if (fudi.fd_dict != NULL && fudi.fd_dict->dv_scope == VAR_DEF_SCOPE) { emsg(_(e_cannot_use_g_here)); goto ret_free; } } ++p; if (get_function_args(&p, ')', &newargs, eap->cmdidx == CMD_def ? &argtypes : NULL, FALSE, NULL, &varargs, &default_args, eap->skip, eap, line_to_free) == FAIL) goto errret_2; whitep = p; if (eap->cmdidx == CMD_def) { if (*skipwhite(p) == ':') { if (*p != ':') { semsg(_(e_no_white_space_allowed_before_colon_str), p); p = skipwhite(p); } else if (!IS_WHITE_OR_NUL(p[1])) semsg(_(e_white_space_required_after_str_str), "":"", p); ret_type = skipwhite(p + 1); p = skip_type(ret_type, FALSE); if (p > ret_type) { ret_type = vim_strnsave(ret_type, p - ret_type); whitep = p; p = skipwhite(p); } else { semsg(_(e_expected_type_str), ret_type); ret_type = NULL; } } p = skipwhite(p); } else for (;;) { whitep = p; p = skipwhite(p); if (STRNCMP(p, ""range"", 5) == 0) { flags |= FC_RANGE; p += 5; } else if (STRNCMP(p, ""dict"", 4) == 0) { flags |= FC_DICT; p += 4; } else if (STRNCMP(p, ""abort"", 5) == 0) { flags |= FC_ABORT; p += 5; } else if (STRNCMP(p, ""closure"", 7) == 0) { flags |= FC_CLOSURE; p += 7; if (current_funccal == NULL) { emsg_funcname(e_closure_function_should_not_be_at_top_level, name == NULL ? (char_u *)"""" : name); goto erret; } } else break; } if (*p == '\n') line_arg = p + 1; else if (*p != NUL && !(*p == '""' && (!vim9script || eap->cmdidx == CMD_function) && eap->cmdidx != CMD_def) && !(VIM_ISWHITE(*whitep) && *p == '#' && (vim9script || eap->cmdidx == CMD_def)) && !eap->skip && !did_emsg) semsg(_(e_trailing_characters_str), p); if (KeyTyped) { if (!eap->skip && !eap->forceit) { if (fudi.fd_dict != NULL && fudi.fd_newkey == NULL) emsg(_(e_dictionary_entry_already_exists)); else if (name != NULL && find_func(name, is_global, NULL) != NULL) emsg_funcname(e_function_str_already_exists_add_bang_to_replace, name); } if (!eap->skip && did_emsg) goto erret; msg_putchar('\n'); cmdline_row = msg_row; } sourcing_lnum_top = SOURCING_LNUM; if (get_function_body(eap, &newlines, line_arg, line_to_free) == FAIL || eap->skip) goto erret; if (fudi.fd_dict == NULL) { hashtab_T *ht; v = find_var(name, &ht, TRUE); if (v != NULL && v->di_tv.v_type == VAR_FUNC) { emsg_funcname(e_function_name_conflicts_with_variable_str, name); goto erret; } fp = find_func_even_dead(name, is_global, NULL); if (vim9script) { char_u *uname = untrans_function_name(name); import = find_imported(uname == NULL ? name : uname, 0, NULL); } if (fp != NULL || import != NULL) { int dead = fp != NULL && (fp->uf_flags & FC_DEAD); if (import != NULL || (!dead && !eap->forceit && (fp->uf_script_ctx.sc_sid != current_sctx.sc_sid || fp->uf_script_ctx.sc_seq == current_sctx.sc_seq))) { SOURCING_LNUM = sourcing_lnum_top; if (vim9script) emsg_funcname(e_name_already_defined_str, name); else emsg_funcname(e_function_str_already_exists_add_bang_to_replace, name); goto erret; } if (fp->uf_calls > 0) { emsg_funcname( e_cannot_redefine_function_str_it_is_in_use, name); goto erret; } if (fp->uf_refcount > 1) { --fp->uf_refcount; fp->uf_flags |= FC_REMOVED; fp = NULL; overwrite = TRUE; } else { char_u *exp_name = fp->uf_name_exp; VIM_CLEAR(name); fp->uf_name_exp = NULL; func_clear_items(fp); fp->uf_name_exp = exp_name; fp->uf_flags &= ~FC_DEAD; #ifdef FEAT_PROFILE fp->uf_profiling = FALSE; fp->uf_prof_initialized = FALSE; #endif fp->uf_def_status = UF_NOT_COMPILED; } } } else { char numbuf[20]; fp = NULL; if (fudi.fd_newkey == NULL && !eap->forceit) { emsg(_(e_dictionary_entry_already_exists)); goto erret; } if (fudi.fd_di == NULL) { if (value_check_lock(fudi.fd_dict->dv_lock, eap->arg, FALSE)) goto erret; } else if (value_check_lock(fudi.fd_di->di_tv.v_lock, eap->arg, FALSE)) goto erret; vim_free(name); sprintf(numbuf, ""%d"", ++func_nr); name = vim_strsave((char_u *)numbuf); if (name == NULL) goto erret; } if (fp == NULL) { if (fudi.fd_dict == NULL && vim_strchr(name, AUTOLOAD_CHAR) != NULL) { int slen, plen; char_u *scriptname; j = FAIL; if (SOURCING_NAME != NULL) { scriptname = autoload_name(name); if (scriptname != NULL) { p = vim_strchr(scriptname, '/'); plen = (int)STRLEN(p); slen = (int)STRLEN(SOURCING_NAME); if (slen > plen && fnamecmp(p, SOURCING_NAME + slen - plen) == 0) j = OK; vim_free(scriptname); } } if (j == FAIL) { linenr_T save_lnum = SOURCING_LNUM; SOURCING_LNUM = sourcing_lnum_top; semsg(_(e_function_name_does_not_match_script_file_name_str), name); SOURCING_LNUM = save_lnum; goto erret; } } fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); if (fp == NULL) goto erret; fp_allocated = TRUE; if (fudi.fd_dict != NULL) { if (fudi.fd_di == NULL) { fudi.fd_di = dictitem_alloc(fudi.fd_newkey); if (fudi.fd_di == NULL) { vim_free(fp); fp = NULL; goto erret; } if (dict_add(fudi.fd_dict, fudi.fd_di) == FAIL) { vim_free(fudi.fd_di); vim_free(fp); fp = NULL; goto erret; } } else clear_tv(&fudi.fd_di->di_tv); fudi.fd_di->di_tv.v_type = VAR_FUNC; fudi.fd_di->di_tv.vval.v_string = vim_strsave(name); flags |= FC_DICT; } } fp->uf_args = newargs; fp->uf_def_args = default_args; fp->uf_ret_type = &t_any; fp->uf_func_type = &t_func_any; if (eap->cmdidx == CMD_def) { int lnum_save = SOURCING_LNUM; cstack_T *cstack = eap->cstack; fp->uf_def_status = UF_TO_BE_COMPILED; SOURCING_LNUM = sourcing_lnum_top; function_using_block_scopes(fp, cstack); if (parse_argument_types(fp, &argtypes, varargs) == FAIL) { SOURCING_LNUM = lnum_save; free_fp = fp_allocated; goto erret; } varargs = FALSE; if (parse_return_type(fp, ret_type) == FAIL) { SOURCING_LNUM = lnum_save; free_fp = fp_allocated; goto erret; } SOURCING_LNUM = lnum_save; } else fp->uf_def_status = UF_NOT_COMPILED; if (fp_allocated) { set_ufunc_name(fp, name); if (overwrite) { hi = hash_find(&func_hashtab, name); hi->hi_key = UF2HIKEY(fp); } else if (hash_add(&func_hashtab, UF2HIKEY(fp)) == FAIL) { free_fp = TRUE; goto erret; } fp->uf_refcount = 1; } fp->uf_lines = newlines; newlines.ga_data = NULL; if ((flags & FC_CLOSURE) != 0) { if (register_closure(fp) == FAIL) goto erret; } else fp->uf_scoped = NULL; #ifdef FEAT_PROFILE if (prof_def_func()) func_do_profile(fp); #endif fp->uf_varargs = varargs; if (sandbox) flags |= FC_SANDBOX; if (vim9script && !ASCII_ISUPPER(*fp->uf_name)) flags |= FC_VIM9; fp->uf_flags = flags; fp->uf_calls = 0; fp->uf_cleared = FALSE; fp->uf_script_ctx = current_sctx; fp->uf_script_ctx_version = current_sctx.sc_version; fp->uf_script_ctx.sc_lnum += sourcing_lnum_top; if (is_export) { fp->uf_flags |= FC_EXPORT; is_export = FALSE; } if (eap->cmdidx == CMD_def) set_function_type(fp); else if (fp->uf_script_ctx.sc_version == SCRIPT_VERSION_VIM9) fp->uf_script_ctx.sc_version = SCRIPT_VERSION_MAX; goto ret_free; erret: ga_clear_strings(&newargs); ga_clear_strings(&default_args); if (fp != NULL) { ga_init(&fp->uf_args); ga_init(&fp->uf_def_args); } errret_2: ga_clear_strings(&newlines); if (fp != NULL) VIM_CLEAR(fp->uf_arg_types); if (free_fp) { vim_free(fp); fp = NULL; } ret_free: ga_clear_strings(&argtypes); vim_free(fudi.fd_newkey); if (name != name_arg) vim_free(name); vim_free(ret_type); did_emsg |= saved_did_emsg; return fp; }",visit repo url,src/userfunc.c,https://github.com/vim/vim,269201768089791,1 1710,[],"void __kprobes add_preempt_count(int val) { if (DEBUG_LOCKS_WARN_ON((preempt_count() < 0))) return; preempt_count() += val; DEBUG_LOCKS_WARN_ON((preempt_count() & PREEMPT_MASK) >= PREEMPT_MASK - 10); }",linux-2.6,,,266023183709087673432072721614982247917,0 4466,CWE-476,"merged_1v_upsample(j_decompress_ptr cinfo, JSAMPIMAGE input_buf, JDIMENSION *in_row_group_ctr, JDIMENSION in_row_groups_avail, JSAMPARRAY output_buf, JDIMENSION *out_row_ctr, JDIMENSION out_rows_avail) { my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; (*upsample->upmethod) (cinfo, input_buf, *in_row_group_ctr, output_buf + *out_row_ctr); (*out_row_ctr)++; (*in_row_group_ctr)++; }",visit repo url,jdmerge.c,https://github.com/libjpeg-turbo/libjpeg-turbo,159466246393994,1 2993,CWE-399,"private int mget(struct magic_set *ms, const unsigned char *s, struct magic *m, size_t nbytes, size_t o, unsigned int cont_level, int mode, int text, int flip, int recursion_level, int *printed_something, int *need_separator, int *returnval) { uint32_t soffset, offset = ms->offset; uint32_t lhs; int rv, oneed_separator, in_type; char *sbuf, *rbuf; union VALUETYPE *p = &ms->ms_value; struct mlist ml; if (recursion_level >= 20) { file_error(ms, 0, ""recursion nesting exceeded""); return -1; } if (mcopy(ms, p, m->type, m->flag & INDIR, s, (uint32_t)(offset + o), (uint32_t)nbytes, m) == -1) return -1; if ((ms->flags & MAGIC_DEBUG) != 0) { fprintf(stderr, ""mget(type=%d, flag=%x, offset=%u, o=%"" SIZE_T_FORMAT ""u, "" ""nbytes=%"" SIZE_T_FORMAT ""u)\n"", m->type, m->flag, offset, o, nbytes); mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); #ifndef COMPILE_ONLY file_mdump(m); #endif } if (m->flag & INDIR) { int off = m->in_offset; if (m->in_op & FILE_OPINDIRECT) { const union VALUETYPE *q = CAST(const union VALUETYPE *, ((const void *)(s + offset + off))); switch (cvt_flip(m->in_type, flip)) { case FILE_BYTE: off = q->b; break; case FILE_SHORT: off = q->h; break; case FILE_BESHORT: off = (short)((q->hs[0]<<8)|(q->hs[1])); break; case FILE_LESHORT: off = (short)((q->hs[1]<<8)|(q->hs[0])); break; case FILE_LONG: off = q->l; break; case FILE_BELONG: case FILE_BEID3: off = (int32_t)((q->hl[0]<<24)|(q->hl[1]<<16)| (q->hl[2]<<8)|(q->hl[3])); break; case FILE_LEID3: case FILE_LELONG: off = (int32_t)((q->hl[3]<<24)|(q->hl[2]<<16)| (q->hl[1]<<8)|(q->hl[0])); break; case FILE_MELONG: off = (int32_t)((q->hl[1]<<24)|(q->hl[0]<<16)| (q->hl[3]<<8)|(q->hl[2])); break; } if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, ""indirect offs=%u\n"", off); } switch (in_type = cvt_flip(m->in_type, flip)) { case FILE_BYTE: if (OFFSET_OOB(nbytes, offset, 1)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = p->b & off; break; case FILE_OPOR: offset = p->b | off; break; case FILE_OPXOR: offset = p->b ^ off; break; case FILE_OPADD: offset = p->b + off; break; case FILE_OPMINUS: offset = p->b - off; break; case FILE_OPMULTIPLY: offset = p->b * off; break; case FILE_OPDIVIDE: offset = p->b / off; break; case FILE_OPMODULO: offset = p->b % off; break; } } else offset = p->b; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_BESHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; lhs = (p->hs[0] << 8) | p->hs[1]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_LESHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; lhs = (p->hs[1] << 8) | p->hs[0]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_SHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = p->h & off; break; case FILE_OPOR: offset = p->h | off; break; case FILE_OPXOR: offset = p->h ^ off; break; case FILE_OPADD: offset = p->h + off; break; case FILE_OPMINUS: offset = p->h - off; break; case FILE_OPMULTIPLY: offset = p->h * off; break; case FILE_OPDIVIDE: offset = p->h / off; break; case FILE_OPMODULO: offset = p->h % off; break; } } else offset = p->h; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_BELONG: case FILE_BEID3: if (OFFSET_OOB(nbytes, offset, 4)) return 0; lhs = (p->hl[0] << 24) | (p->hl[1] << 16) | (p->hl[2] << 8) | p->hl[3]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_LELONG: case FILE_LEID3: if (OFFSET_OOB(nbytes, offset, 4)) return 0; lhs = (p->hl[3] << 24) | (p->hl[2] << 16) | (p->hl[1] << 8) | p->hl[0]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_MELONG: if (OFFSET_OOB(nbytes, offset, 4)) return 0; lhs = (p->hl[1] << 24) | (p->hl[0] << 16) | (p->hl[3] << 8) | p->hl[2]; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = lhs & off; break; case FILE_OPOR: offset = lhs | off; break; case FILE_OPXOR: offset = lhs ^ off; break; case FILE_OPADD: offset = lhs + off; break; case FILE_OPMINUS: offset = lhs - off; break; case FILE_OPMULTIPLY: offset = lhs * off; break; case FILE_OPDIVIDE: offset = lhs / off; break; case FILE_OPMODULO: offset = lhs % off; break; } } else offset = lhs; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; case FILE_LONG: if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { case FILE_OPAND: offset = p->l & off; break; case FILE_OPOR: offset = p->l | off; break; case FILE_OPXOR: offset = p->l ^ off; break; case FILE_OPADD: offset = p->l + off; break; case FILE_OPMINUS: offset = p->l - off; break; case FILE_OPMULTIPLY: offset = p->l * off; break; case FILE_OPDIVIDE: offset = p->l / off; break; case FILE_OPMODULO: offset = p->l % off; break; } } else offset = p->l; if (m->in_op & FILE_OPINVERSE) offset = ~offset; break; default: break; } switch (in_type) { case FILE_LEID3: case FILE_BEID3: offset = ((((offset >> 0) & 0x7f) << 0) | (((offset >> 8) & 0x7f) << 7) | (((offset >> 16) & 0x7f) << 14) | (((offset >> 24) & 0x7f) << 21)) + 10; break; default: break; } if (m->flag & INDIROFFADD) { offset += ms->c.li[cont_level-1].off; if (offset == 0) { if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, ""indirect *zero* offset\n""); return 0; } if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, ""indirect +offs=%u\n"", offset); } if (mcopy(ms, p, m->type, 0, s, offset, nbytes, m) == -1) return -1; ms->offset = offset; if ((ms->flags & MAGIC_DEBUG) != 0) { mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); #ifndef COMPILE_ONLY file_mdump(m); #endif } } switch (m->type) { case FILE_BYTE: if (OFFSET_OOB(nbytes, offset, 1)) return 0; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: if (OFFSET_OOB(nbytes, offset, 2)) return 0; break; case FILE_LONG: case FILE_BELONG: case FILE_LELONG: case FILE_MELONG: case FILE_DATE: case FILE_BEDATE: case FILE_LEDATE: case FILE_MEDATE: case FILE_LDATE: case FILE_BELDATE: case FILE_LELDATE: case FILE_MELDATE: case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: if (OFFSET_OOB(nbytes, offset, 4)) return 0; break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: if (OFFSET_OOB(nbytes, offset, 8)) return 0; break; case FILE_STRING: case FILE_PSTRING: case FILE_SEARCH: if (OFFSET_OOB(nbytes, offset, m->vallen)) return 0; break; case FILE_REGEX: if (nbytes < offset) return 0; break; case FILE_INDIRECT: if (offset == 0) return 0; if (nbytes < offset) return 0; sbuf = ms->o.buf; soffset = ms->offset; ms->o.buf = NULL; ms->offset = 0; rv = file_softmagic(ms, s + offset, nbytes - offset, recursion_level, BINTEST, text); if ((ms->flags & MAGIC_DEBUG) != 0) fprintf(stderr, ""indirect @offs=%u[%d]\n"", offset, rv); rbuf = ms->o.buf; ms->o.buf = sbuf; ms->offset = soffset; if (rv == 1) { if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && file_printf(ms, F(ms, m, ""%u""), offset) == -1) { free(rbuf); return -1; } if (file_printf(ms, ""%s"", rbuf) == -1) { free(rbuf); return -1; } } free(rbuf); return rv; case FILE_USE: if (nbytes < offset) return 0; sbuf = m->value.s; if (*sbuf == '^') { sbuf++; flip = !flip; } if (file_magicfind(ms, sbuf, &ml) == -1) { file_error(ms, 0, ""cannot find entry `%s'"", sbuf); return -1; } oneed_separator = *need_separator; if (m->flag & NOSPACE) *need_separator = 0; rv = match(ms, ml.magic, ml.nmagic, s, nbytes, offset + o, mode, text, flip, recursion_level, printed_something, need_separator, returnval); if (rv != 1) *need_separator = oneed_separator; return rv; case FILE_NAME: if (file_printf(ms, ""%s"", m->desc) == -1) return -1; return 1; case FILE_DEFAULT: case FILE_CLEAR: default: break; } if (!mconvert(ms, m, flip)) return 0;",visit repo url,src/softmagic.c,https://github.com/file/file,61661567359218,1 780,['CWE-119'],"isdn_net_rebuild_header(struct sk_buff *skb) { struct net_device *dev = skb->dev; isdn_net_local *lp = dev->priv; int ret = 0; if (lp->p_encap == ISDN_NET_ENCAP_ETHER) { struct ethhdr *eth = (struct ethhdr *) skb->data; if (eth->h_proto != htons(ETH_P_IP)) { printk(KERN_WARNING ""isdn_net: %s don't know how to resolve type %d addresses?\n"", dev->name, (int) eth->h_proto); memcpy(eth->h_source, dev->dev_addr, dev->addr_len); return 0; } #ifdef CONFIG_INET ret = arp_find(eth->h_dest, skb); #endif } return ret; }",linux-2.6,,,134122947778261923328047926966216528450,0 5678,['CWE-476'],"static void udp_checksum_init(struct sk_buff *skb, struct udphdr *uh, unsigned short ulen, __be32 saddr, __be32 daddr) { if (uh->check == 0) { skb->ip_summed = CHECKSUM_UNNECESSARY; } else if (skb->ip_summed == CHECKSUM_COMPLETE) { if (!udp_check(uh, ulen, saddr, daddr, skb->csum)) skb->ip_summed = CHECKSUM_UNNECESSARY; } if (skb->ip_summed != CHECKSUM_UNNECESSARY) skb->csum = csum_tcpudp_nofold(saddr, daddr, ulen, IPPROTO_UDP, 0); }",linux-2.6,,,144983179975468837212452290854063409993,0 5834,CWE-667,"PJ_DEF(pj_status_t) pjmedia_vid_conf_add_port( pjmedia_vid_conf *vid_conf, pj_pool_t *parent_pool, pjmedia_port *port, const pj_str_t *name, void *opt, unsigned *p_slot) { pj_pool_t *pool; vconf_port *cport; unsigned index; PJ_ASSERT_RETURN(vid_conf && parent_pool && port, PJ_EINVAL); PJ_ASSERT_RETURN(port->info.fmt.type==PJMEDIA_TYPE_VIDEO && port->info.fmt.detail_type==PJMEDIA_FORMAT_DETAIL_VIDEO, PJ_EINVAL); PJ_UNUSED_ARG(opt); if (!name) name = &port->info.name; pj_mutex_lock(vid_conf->mutex); if (vid_conf->port_cnt >= vid_conf->opt.max_slot_cnt) { pj_assert(!""Too many ports""); pj_mutex_unlock(vid_conf->mutex); return PJ_ETOOMANY; } for (index=0; index < vid_conf->opt.max_slot_cnt; ++index) { if (vid_conf->ports[index] == NULL) break; } pj_assert(index != vid_conf->opt.max_slot_cnt); pool = pj_pool_create(parent_pool->factory, name->ptr, 500, 500, NULL); PJ_ASSERT_RETURN(pool, PJ_ENOMEM); cport = PJ_POOL_ZALLOC_T(pool, vconf_port); PJ_ASSERT_RETURN(cport, PJ_ENOMEM); cport->pool = pool; cport->port = port; cport->format = port->info.fmt; cport->idx = index; pj_strdup_with_null(pool, &cport->name, name); { pjmedia_ratio *fps = &port->info.fmt.det.vid.fps; pj_uint32_t vconf_interval = (pj_uint32_t) (TS_CLOCK_RATE * 1.0 / vid_conf->opt.frame_rate); cport->ts_interval = (pj_uint32_t)(TS_CLOCK_RATE * 1.0 / fps->num * fps->denum); if (cport->ts_interval < vconf_interval) { cport->ts_interval = vconf_interval; PJ_LOG(3,(THIS_FILE, ""Warning: frame rate of port %s is higher "" ""than video conference bridge (%d > %d)"", name->ptr, (int)(fps->num/fps->denum), vid_conf->opt.frame_rate)); } } { const pjmedia_video_format_info *vfi; pjmedia_video_apply_fmt_param vafp; pj_status_t status; vfi = pjmedia_get_video_format_info(NULL, port->info.fmt.id); if (!vfi) { PJ_LOG(4,(THIS_FILE, ""pjmedia_vid_conf_add_port(): "" ""unrecognized format %04X"", port->info.fmt.id)); return PJMEDIA_EBADFMT; } pj_bzero(&vafp, sizeof(vafp)); vafp.size = port->info.fmt.det.vid.size; status = (*vfi->apply_fmt)(vfi, &vafp); if (status != PJ_SUCCESS) { PJ_LOG(4,(THIS_FILE, ""pjmedia_vid_conf_add_port(): "" ""Failed to apply format %04X"", port->info.fmt.id)); return status; } if (port->put_frame) { cport->put_buf_size = vafp.framebytes; cport->put_buf = pj_pool_zalloc(cport->pool, cport->put_buf_size); } if (port->get_frame) { cport->get_buf_size = vafp.framebytes; cport->get_buf = pj_pool_zalloc(cport->pool, cport->get_buf_size); } } cport->listener_slots = (unsigned*) pj_pool_zalloc(pool, vid_conf->opt.max_slot_cnt * sizeof(unsigned)); PJ_ASSERT_RETURN(cport->listener_slots, PJ_ENOMEM); cport->transmitter_slots = (unsigned*) pj_pool_zalloc(pool, vid_conf->opt.max_slot_cnt * sizeof(unsigned)); PJ_ASSERT_RETURN(cport->transmitter_slots, PJ_ENOMEM); cport->render_states = (render_state**) pj_pool_zalloc(pool, vid_conf->opt.max_slot_cnt * sizeof(render_state*)); PJ_ASSERT_RETURN(cport->render_states, PJ_ENOMEM); cport->render_pool = (pj_pool_t**) pj_pool_zalloc(pool, vid_conf->opt.max_slot_cnt * sizeof(pj_pool_t*)); PJ_ASSERT_RETURN(cport->render_pool, PJ_ENOMEM); vid_conf->ports[index] = cport; vid_conf->port_cnt++; PJ_LOG(4,(THIS_FILE,""Added port %d (%.*s)"", index, (int)cport->name.slen, cport->name.ptr)); pj_mutex_unlock(vid_conf->mutex); if (p_slot) { *p_slot = index; } return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/vid_conf.c,https://github.com/pjsip/pjproject,203158408188174,1 1881,CWE-476,"static ssize_t module_gzip_decompress(struct load_info *info, const void *buf, size_t size) { struct z_stream_s s = { 0 }; size_t new_size = 0; size_t gzip_hdr_len; ssize_t retval; int rc; gzip_hdr_len = module_gzip_header_len(buf, size); if (!gzip_hdr_len) { pr_err(""not a gzip compressed module\n""); return -EINVAL; } s.next_in = buf + gzip_hdr_len; s.avail_in = size - gzip_hdr_len; s.workspace = kmalloc(zlib_inflate_workspacesize(), GFP_KERNEL); if (!s.workspace) return -ENOMEM; rc = zlib_inflateInit2(&s, -MAX_WBITS); if (rc != Z_OK) { pr_err(""failed to initialize decompressor: %d\n"", rc); retval = -EINVAL; goto out; } do { struct page *page = module_get_next_page(info); if (!page) { retval = -ENOMEM; goto out_inflate_end; } s.next_out = kmap_local_page(page); s.avail_out = PAGE_SIZE; rc = zlib_inflate(&s, 0); kunmap_local(s.next_out); new_size += PAGE_SIZE - s.avail_out; } while (rc == Z_OK); if (rc != Z_STREAM_END) { pr_err(""decompression failed with status %d\n"", rc); retval = -EINVAL; goto out_inflate_end; } retval = new_size; out_inflate_end: zlib_inflateEnd(&s); out: kfree(s.workspace); return retval; }",visit repo url,kernel/module/decompress.c,https://github.com/torvalds/linux,131551498429535,1 6116,['CWE-200'],"static void init_loopback(struct net_device *dev) { struct inet6_dev *idev; struct inet6_ifaddr * ifp; ASSERT_RTNL(); if ((idev = ipv6_find_idev(dev)) == NULL) { printk(KERN_DEBUG ""init loopback: add_dev failed\n""); return; } ifp = ipv6_add_addr(idev, &in6addr_loopback, 128, IFA_HOST, IFA_F_PERMANENT); if (!IS_ERR(ifp)) { spin_lock_bh(&ifp->lock); ifp->flags &= ~IFA_F_TENTATIVE; spin_unlock_bh(&ifp->lock); ipv6_ifa_notify(RTM_NEWADDR, ifp); in6_ifa_put(ifp); } }",linux-2.6,,,22610528998617845631144311696219692880,0 386,CWE-200,"static void print_bpf_insn(struct bpf_insn *insn) { u8 class = BPF_CLASS(insn->code); if (class == BPF_ALU || class == BPF_ALU64) { if (BPF_SRC(insn->code) == BPF_X) verbose(""(%02x) %sr%d %s %sr%d\n"", insn->code, class == BPF_ALU ? ""(u32) "" : """", insn->dst_reg, bpf_alu_string[BPF_OP(insn->code) >> 4], class == BPF_ALU ? ""(u32) "" : """", insn->src_reg); else verbose(""(%02x) %sr%d %s %s%d\n"", insn->code, class == BPF_ALU ? ""(u32) "" : """", insn->dst_reg, bpf_alu_string[BPF_OP(insn->code) >> 4], class == BPF_ALU ? ""(u32) "" : """", insn->imm); } else if (class == BPF_STX) { if (BPF_MODE(insn->code) == BPF_MEM) verbose(""(%02x) *(%s *)(r%d %+d) = r%d\n"", insn->code, bpf_ldst_string[BPF_SIZE(insn->code) >> 3], insn->dst_reg, insn->off, insn->src_reg); else if (BPF_MODE(insn->code) == BPF_XADD) verbose(""(%02x) lock *(%s *)(r%d %+d) += r%d\n"", insn->code, bpf_ldst_string[BPF_SIZE(insn->code) >> 3], insn->dst_reg, insn->off, insn->src_reg); else verbose(""BUG_%02x\n"", insn->code); } else if (class == BPF_ST) { if (BPF_MODE(insn->code) != BPF_MEM) { verbose(""BUG_st_%02x\n"", insn->code); return; } verbose(""(%02x) *(%s *)(r%d %+d) = %d\n"", insn->code, bpf_ldst_string[BPF_SIZE(insn->code) >> 3], insn->dst_reg, insn->off, insn->imm); } else if (class == BPF_LDX) { if (BPF_MODE(insn->code) != BPF_MEM) { verbose(""BUG_ldx_%02x\n"", insn->code); return; } verbose(""(%02x) r%d = *(%s *)(r%d %+d)\n"", insn->code, insn->dst_reg, bpf_ldst_string[BPF_SIZE(insn->code) >> 3], insn->src_reg, insn->off); } else if (class == BPF_LD) { if (BPF_MODE(insn->code) == BPF_ABS) { verbose(""(%02x) r0 = *(%s *)skb[%d]\n"", insn->code, bpf_ldst_string[BPF_SIZE(insn->code) >> 3], insn->imm); } else if (BPF_MODE(insn->code) == BPF_IND) { verbose(""(%02x) r0 = *(%s *)skb[r%d + %d]\n"", insn->code, bpf_ldst_string[BPF_SIZE(insn->code) >> 3], insn->src_reg, insn->imm); } else if (BPF_MODE(insn->code) == BPF_IMM) { verbose(""(%02x) r%d = 0x%x\n"", insn->code, insn->dst_reg, insn->imm); } else { verbose(""BUG_ld_%02x\n"", insn->code); return; } } else if (class == BPF_JMP) { u8 opcode = BPF_OP(insn->code); if (opcode == BPF_CALL) { verbose(""(%02x) call %s#%d\n"", insn->code, func_id_name(insn->imm), insn->imm); } else if (insn->code == (BPF_JMP | BPF_JA)) { verbose(""(%02x) goto pc%+d\n"", insn->code, insn->off); } else if (insn->code == (BPF_JMP | BPF_EXIT)) { verbose(""(%02x) exit\n"", insn->code); } else if (BPF_SRC(insn->code) == BPF_X) { verbose(""(%02x) if r%d %s r%d goto pc%+d\n"", insn->code, insn->dst_reg, bpf_jmp_string[BPF_OP(insn->code) >> 4], insn->src_reg, insn->off); } else { verbose(""(%02x) if r%d %s 0x%x goto pc%+d\n"", insn->code, insn->dst_reg, bpf_jmp_string[BPF_OP(insn->code) >> 4], insn->imm, insn->off); } } else { verbose(""(%02x) %s\n"", insn->code, bpf_class_string[class]); } }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,253243172153789,1 5138,CWE-125,"ast_for_suite(struct compiling *c, const node *n) { asdl_seq *seq; stmt_ty s; int i, total, num, end, pos = 0; node *ch; REQ(n, suite); total = num_stmts(n); seq = _Py_asdl_seq_new(total, c->c_arena); if (!seq) return NULL; if (TYPE(CHILD(n, 0)) == simple_stmt) { n = CHILD(n, 0); end = NCH(n) - 1; if (TYPE(CHILD(n, end - 1)) == SEMI) end--; for (i = 0; i < end; i += 2) { ch = CHILD(n, i); s = ast_for_stmt(c, ch); if (!s) return NULL; asdl_seq_SET(seq, pos++, s); } } else { for (i = 2; i < (NCH(n) - 1); i++) { ch = CHILD(n, i); REQ(ch, stmt); num = num_stmts(ch); if (num == 1) { s = ast_for_stmt(c, ch); if (!s) return NULL; asdl_seq_SET(seq, pos++, s); } else { int j; ch = CHILD(ch, 0); REQ(ch, simple_stmt); for (j = 0; j < NCH(ch); j += 2) { if (NCH(CHILD(ch, j)) == 0) { assert((j + 1) == NCH(ch)); break; } s = ast_for_stmt(c, CHILD(ch, j)); if (!s) return NULL; asdl_seq_SET(seq, pos++, s); } } } } assert(pos == seq->size); return seq; }",visit repo url,Python/ast.c,https://github.com/python/cpython,216656466236229,1 5109,CWE-125,"obj2ast_arg(PyObject* obj, arg_ty* out, PyArena* arena) { PyObject* tmp = NULL; identifier arg; expr_ty annotation; int lineno; int col_offset; int end_lineno; int end_col_offset; if (_PyObject_LookupAttrId(obj, &PyId_arg, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""arg\"" missing from arg""); return 1; } else { int res; res = obj2ast_identifier(tmp, &arg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_annotation, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); annotation = NULL; } else { int res; res = obj2ast_expr(tmp, &annotation, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_lineno, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from arg""); return 1; } else { int res; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_col_offset, &tmp) < 0) { return 1; } if (tmp == NULL) { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from arg""); return 1; } else { int res; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_end_lineno, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); end_lineno = 0; } else { int res; res = obj2ast_int(tmp, &end_lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } if (_PyObject_LookupAttrId(obj, &PyId_end_col_offset, &tmp) < 0) { return 1; } if (tmp == NULL || tmp == Py_None) { Py_CLEAR(tmp); end_col_offset = 0; } else { int res; res = obj2ast_int(tmp, &end_col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } *out = arg(arg, annotation, lineno, col_offset, end_lineno, end_col_offset, arena); return 0; failed: Py_XDECREF(tmp); return 1; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,232807906730373,1 1518,NVD-CWE-Other,"static ssize_t aio_setup_vectored_rw(struct kiocb *kiocb, int rw, char __user *buf, unsigned long *nr_segs, size_t *len, struct iovec **iovec, bool compat) { ssize_t ret; *nr_segs = *len; #ifdef CONFIG_COMPAT if (compat) ret = compat_rw_copy_check_uvector(rw, (struct compat_iovec __user *)buf, *nr_segs, UIO_FASTIOV, *iovec, iovec); else #endif ret = rw_copy_check_uvector(rw, (struct iovec __user *)buf, *nr_segs, UIO_FASTIOV, *iovec, iovec); if (ret < 0) return ret; *len = ret; return 0; }",visit repo url,fs/aio.c,https://github.com/torvalds/linux,140397949367744,1 3113,['CWE-189'],"void jpc_mqdec_setctx(jpc_mqdec_t *mqdec, int ctxno, jpc_mqctx_t *ctx) { jpc_mqstate_t **ctxi; ctxi = &mqdec->ctxs[ctxno]; *ctxi = &jpc_mqstates[2 * ctx->ind + ctx->mps]; }",jasper,,,277061417689143845310819317197937419473,0 6462,CWE-476,"escape_xml(const char *text) { static char *escaped; static size_t escaped_size; char *out; size_t len; if (!strlen(text)) return ""empty string""; for (out=escaped, len=0; *text; ++len, ++out, ++text) { if ((len + 8) > escaped_size) { char *bigger_escaped; escaped_size += 128; bigger_escaped = realloc(escaped, escaped_size); if (!bigger_escaped) { free(escaped); escaped = NULL; escaped_size = 0; return "">>> out of memory <<<""; } out = bigger_escaped + len; escaped = bigger_escaped; } switch (*text) { case '&': strcpy(out, ""&""); len += strlen(out) - 1; out = escaped + len; break; case '<': strcpy(out, ""<""); len += strlen(out) - 1; out = escaped + len; break; case '>': strcpy(out, "">""); len += strlen(out) - 1; out = escaped + len; break; default: *out = *text; break; } } *out = '\x0'; return escaped; }",visit repo url,exif/actions.c,https://github.com/libexif/exif,70570917049072,1 1224,CWE-400,"int perf_event_overflow(struct perf_event *event, int nmi, struct perf_sample_data *data, struct pt_regs *regs) { return __perf_event_overflow(event, nmi, 1, data, regs); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,258542471594887,1 5321,['CWE-119'],"static ssize_t tun_show_owner(struct device *dev, struct device_attribute *attr, char *buf) { struct tun_struct *tun = netdev_priv(to_net_dev(dev)); return sprintf(buf, ""%d\n"", tun->owner); }",linux-2.6,,,288173293747621335293485026943205706960,0 3154,['CWE-189'],"static int jas_strtoopenmode(const char *s) { int openmode = 0; while (*s != '\0') { switch (*s) { case 'r': openmode |= JAS_STREAM_READ; break; case 'w': openmode |= JAS_STREAM_WRITE | JAS_STREAM_CREATE; break; case 'b': openmode |= JAS_STREAM_BINARY; break; case 'a': openmode |= JAS_STREAM_APPEND; break; case '+': openmode |= JAS_STREAM_READ | JAS_STREAM_WRITE; break; default: break; } ++s; } return openmode; }",jasper,,,68390022846829016691343543162800124117,0 140,[],"asmlinkage long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz, struct compat_statfs64 __user *buf) { struct file * file; struct kstatfs tmp; int error; if (sz != sizeof(*buf)) return -EINVAL; error = -EBADF; file = fget(fd); if (!file) goto out; error = vfs_statfs(file->f_dentry, &tmp); if (!error) error = put_compat_statfs64(buf, &tmp); fput(file); out: return error; }",linux-2.6,,,18460150219690912264282049462712694361,0 6399,CWE-20,"error_t enc624j600SoftReset(NetInterface *interface) { do { enc624j600WriteReg(interface, ENC624J600_REG_EUDAST, 0x1234); } while(enc624j600ReadReg(interface, ENC624J600_REG_EUDAST) != 0x1234); while((enc624j600ReadReg(interface, ENC624J600_REG_ESTAT) & ESTAT_CLKRDY) == 0) { } enc624j600SetBit(interface, ENC624J600_REG_ECON2, ECON2_ETHRST); sleep(1); if(enc624j600ReadReg(interface, ENC624J600_REG_EUDAST) != 0x0000) { return ERROR_FAILURE; } sleep(1); return NO_ERROR; }",visit repo url,drivers/eth/enc624j600_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,124958038083916,1 97,['CWE-787'],"static uint32_t cirrus_mmio_readb(void *opaque, target_phys_addr_t addr) { CirrusVGAState *s = (CirrusVGAState *) opaque; addr &= CIRRUS_PNPMMIO_SIZE - 1; if (addr >= 0x100) { return cirrus_mmio_blt_read(s, addr - 0x100); } else { return vga_ioport_read(s, addr + 0x3c0); } }",qemu,,,167962442078841924300780035759644287169,0 2374,['CWE-200'],"reset_channels(struct seq_oss_synthinfo *info) { int i; if (info->ch == NULL || ! info->nr_voices) return; for (i = 0; i < info->nr_voices; i++) { info->ch[i].note = -1; info->ch[i].vel = 0; } }",linux-2.6,,,183906447324019562664536559856983857276,0 3247,CWE-125,"pimv1_join_prune_print(netdissect_options *ndo, register const u_char *bp, register u_int len) { int ngroups, njoin, nprune; int njp; if (ND_TTEST2(bp[0], 30) && bp[11] == 1 && ((njoin = EXTRACT_16BITS(&bp[20])) + EXTRACT_16BITS(&bp[22])) == 1) { int hold; ND_PRINT((ndo, "" RPF %s "", ipaddr_string(ndo, bp))); hold = EXTRACT_16BITS(&bp[6]); if (hold != 180) { ND_PRINT((ndo, ""Hold "")); unsigned_relts_print(ndo, hold); } ND_PRINT((ndo, ""%s (%s/%d, %s"", njoin ? ""Join"" : ""Prune"", ipaddr_string(ndo, &bp[26]), bp[25] & 0x3f, ipaddr_string(ndo, &bp[12]))); if (EXTRACT_32BITS(&bp[16]) != 0xffffffff) ND_PRINT((ndo, ""/%s"", ipaddr_string(ndo, &bp[16]))); ND_PRINT((ndo, "") %s%s %s"", (bp[24] & 0x01) ? ""Sparse"" : ""Dense"", (bp[25] & 0x80) ? "" WC"" : """", (bp[25] & 0x40) ? ""RP"" : ""SPT"")); return; } ND_TCHECK2(bp[0], sizeof(struct in_addr)); if (ndo->ndo_vflag > 1) ND_PRINT((ndo, ""\n"")); ND_PRINT((ndo, "" Upstream Nbr: %s"", ipaddr_string(ndo, bp))); ND_TCHECK2(bp[6], 2); if (ndo->ndo_vflag > 1) ND_PRINT((ndo, ""\n"")); ND_PRINT((ndo, "" Hold time: "")); unsigned_relts_print(ndo, EXTRACT_16BITS(&bp[6])); if (ndo->ndo_vflag < 2) return; bp += 8; len -= 8; ND_TCHECK2(bp[0], 4); ngroups = bp[3]; bp += 4; len -= 4; while (ngroups--) { ND_TCHECK2(bp[0], sizeof(struct in_addr)); ND_PRINT((ndo, ""\n\tGroup: %s"", ipaddr_string(ndo, bp))); ND_TCHECK2(bp[4], sizeof(struct in_addr)); if (EXTRACT_32BITS(&bp[4]) != 0xffffffff) ND_PRINT((ndo, ""/%s"", ipaddr_string(ndo, &bp[4]))); ND_TCHECK2(bp[8], 4); njoin = EXTRACT_16BITS(&bp[8]); nprune = EXTRACT_16BITS(&bp[10]); ND_PRINT((ndo, "" joined: %d pruned: %d"", njoin, nprune)); bp += 12; len -= 12; for (njp = 0; njp < (njoin + nprune); njp++) { const char *type; if (njp < njoin) type = ""Join ""; else type = ""Prune""; ND_TCHECK2(bp[0], 6); ND_PRINT((ndo, ""\n\t%s %s%s%s%s/%d"", type, (bp[0] & 0x01) ? ""Sparse "" : ""Dense "", (bp[1] & 0x80) ? ""WC "" : """", (bp[1] & 0x40) ? ""RP "" : ""SPT "", ipaddr_string(ndo, &bp[2]), bp[1] & 0x3f)); bp += 6; len -= 6; } } return; trunc: ND_PRINT((ndo, ""[|pim]"")); return; }",visit repo url,print-pim.c,https://github.com/the-tcpdump-group/tcpdump,254753561911204,1 5832,CWE-362,"static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock, pj_ssl_sock_t *new_ssock, const pj_sockaddr_t *src_addr, int src_addr_len, pj_status_t accept_status) { struct tls_listener *listener; struct tls_transport *tls; pj_ssl_sock_info ssl_info; char addr[PJ_INET6_ADDRSTRLEN+10]; pjsip_tp_state_callback state_cb; pj_sockaddr tmp_src_addr; pj_bool_t is_shutdown; pj_status_t status; char addr_buf[PJ_INET6_ADDRSTRLEN+10]; PJ_UNUSED_ARG(src_addr_len); listener = (struct tls_listener*) pj_ssl_sock_get_user_data(ssock); if (accept_status != PJ_SUCCESS) { if (listener && listener->tls_setting.on_accept_fail_cb) { pjsip_tls_on_accept_fail_param param; pj_ssl_sock_info ssi; pj_bzero(¶m, sizeof(param)); param.status = accept_status; param.local_addr = &listener->factory.local_addr; param.remote_addr = src_addr; if (new_ssock && pj_ssl_sock_get_info(new_ssock, &ssi) == PJ_SUCCESS) { param.last_native_err = ssi.last_native_err; } (*listener->tls_setting.on_accept_fail_cb) (¶m); } return PJ_FALSE; } PJ_ASSERT_RETURN(new_ssock, PJ_TRUE); if (!listener->is_registered) { if (listener->tls_setting.on_accept_fail_cb) { pjsip_tls_on_accept_fail_param param; pj_bzero(¶m, sizeof(param)); param.status = PJSIP_TLS_EACCEPT; param.local_addr = &listener->factory.local_addr; param.remote_addr = src_addr; (*listener->tls_setting.on_accept_fail_cb) (¶m); } return PJ_FALSE; } PJ_LOG(4,(listener->factory.obj_name, ""TLS listener %s: got incoming TLS connection "" ""from %s, sock=%d"", pj_addr_str_print(&listener->factory.addr_name.host, listener->factory.addr_name.port, addr_buf, sizeof(addr_buf), 1), pj_sockaddr_print(src_addr, addr, sizeof(addr), 3), new_ssock)); status = pj_ssl_sock_get_info(new_ssock, &ssl_info); if (status != PJ_SUCCESS) { pj_ssl_sock_close(new_ssock); if (listener->tls_setting.on_accept_fail_cb) { pjsip_tls_on_accept_fail_param param; pj_bzero(¶m, sizeof(param)); param.status = status; param.local_addr = &listener->factory.local_addr; param.remote_addr = src_addr; (*listener->tls_setting.on_accept_fail_cb) (¶m); } return PJ_TRUE; } pj_bzero(&tmp_src_addr, sizeof(tmp_src_addr)); pj_sockaddr_cp(&tmp_src_addr, src_addr); status = tls_create( listener, NULL, new_ssock, PJ_TRUE, &ssl_info.local_addr, &tmp_src_addr, NULL, ssl_info.grp_lock, &tls); if (status != PJ_SUCCESS) { if (listener->tls_setting.on_accept_fail_cb) { pjsip_tls_on_accept_fail_param param; pj_bzero(¶m, sizeof(param)); param.status = status; param.local_addr = &listener->factory.local_addr; param.remote_addr = src_addr; (*listener->tls_setting.on_accept_fail_cb) (¶m); } return PJ_TRUE; } pj_ssl_sock_set_user_data(new_ssock, tls); pjsip_transport_add_ref(&tls->base); if (ssl_info.verify_status && listener->tls_setting.verify_client) { if (tls->close_reason == PJ_SUCCESS) tls->close_reason = PJSIP_TLS_ECERTVERIF; pjsip_transport_shutdown(&tls->base); } state_cb = pjsip_tpmgr_get_state_cb(tls->base.tpmgr); if (state_cb) { pjsip_transport_state_info state_info; pjsip_tls_state_info tls_info; pjsip_transport_state tp_state; pj_bzero(&tls_info, sizeof(tls_info)); pj_bzero(&state_info, sizeof(state_info)); tls_info.ssl_sock_info = &ssl_info; state_info.ext_info = &tls_info; if (ssl_info.verify_status && listener->tls_setting.verify_client) { tp_state = PJSIP_TP_STATE_DISCONNECTED; state_info.status = PJSIP_TLS_ECERTVERIF; } else { tp_state = PJSIP_TP_STATE_CONNECTED; state_info.status = PJ_SUCCESS; } (*state_cb)(&tls->base, tp_state, &state_info); } is_shutdown = tls->base.is_shutdown; pjsip_transport_dec_ref(&tls->base); if (is_shutdown) return PJ_TRUE; status = tls_start_read(tls); if (status != PJ_SUCCESS) { PJ_LOG(3,(tls->base.obj_name, ""New transport cancelled"")); tls_init_shutdown(tls, status); tls_destroy(&tls->base, status); } else { if (pjsip_cfg()->tls.keep_alive_interval) { pj_time_val delay = {0}; delay.sec = pjsip_cfg()->tls.keep_alive_interval; pjsip_endpt_schedule_timer(listener->endpt, &tls->ka_timer, &delay); tls->ka_timer.id = PJ_TRUE; pj_gettimeofday(&tls->last_activity); } } return PJ_TRUE; }",visit repo url,pjsip/src/pjsip/sip_transport_tls.c,https://github.com/pjsip/pjproject,160783780729516,1 3272,['CWE-189'],"static void jas_cmshapmatlut_cleanup(jas_cmshapmatlut_t *lut) { if (lut->data) { jas_free(lut->data); lut->data = 0; } lut->size = 0; }",jasper,,,284728348612752846581713217936133245807,0 3122,CWE-119,"static bool parse_notify(struct pool *pool, json_t *val) { char *job_id, *prev_hash, *coinbase1, *coinbase2, *bbversion, *nbit, *ntime, header[228]; unsigned char *cb1 = NULL, *cb2 = NULL; size_t cb1_len, cb2_len, alloc_len; bool clean, ret = false; int merkles, i; json_t *arr; arr = json_array_get(val, 4); if (!arr || !json_is_array(arr)) goto out; merkles = json_array_size(arr); job_id = json_array_string(val, 0); prev_hash = __json_array_string(val, 1); coinbase1 = json_array_string(val, 2); coinbase2 = json_array_string(val, 3); bbversion = __json_array_string(val, 5); nbit = __json_array_string(val, 6); ntime = __json_array_string(val, 7); clean = json_is_true(json_array_get(val, 8)); if (!job_id || !prev_hash || !coinbase1 || !coinbase2 || !bbversion || !nbit || !ntime) { if (job_id) free(job_id); if (coinbase1) free(coinbase1); if (coinbase2) free(coinbase2); goto out; } cg_wlock(&pool->data_lock); free(pool->swork.job_id); pool->swork.job_id = job_id; snprintf(pool->prev_hash, 65, ""%s"", prev_hash); cb1_len = strlen(coinbase1) / 2; cb2_len = strlen(coinbase2) / 2; snprintf(pool->bbversion, 9, ""%s"", bbversion); snprintf(pool->nbit, 9, ""%s"", nbit); snprintf(pool->ntime, 9, ""%s"", ntime); pool->swork.clean = clean; alloc_len = pool->coinbase_len = cb1_len + pool->n1_len + pool->n2size + cb2_len; pool->nonce2_offset = cb1_len + pool->n1_len; for (i = 0; i < pool->merkles; i++) free(pool->swork.merkle_bin[i]); if (merkles) { pool->swork.merkle_bin = realloc(pool->swork.merkle_bin, sizeof(char *) * merkles + 1); for (i = 0; i < merkles; i++) { char *merkle = json_array_string(arr, i); pool->swork.merkle_bin[i] = malloc(32); if (unlikely(!pool->swork.merkle_bin[i])) quit(1, ""Failed to malloc pool swork merkle_bin""); if (opt_protocol) applog(LOG_DEBUG, ""merkle %d: %s"", i, merkle); ret = hex2bin(pool->swork.merkle_bin[i], merkle, 32); free(merkle); if (unlikely(!ret)) { applog(LOG_ERR, ""Failed to convert merkle to merkle_bin in parse_notify""); goto out_unlock; } } } pool->merkles = merkles; if (clean) pool->nonce2 = 0; #if 0 header_len = strlen(pool->bbversion) + strlen(pool->prev_hash); 32 + strlen(pool->ntime) + strlen(pool->nbit) + 8 + 96; #endif snprintf(header, 225, ""%s%s%s%s%s%s%s"", pool->bbversion, pool->prev_hash, blank_merkle, pool->ntime, pool->nbit, ""00000000"", workpadding); ret = hex2bin(pool->header_bin, header, 112); if (unlikely(!ret)) { applog(LOG_ERR, ""Failed to convert header to header_bin in parse_notify""); goto out_unlock; } cb1 = alloca(cb1_len); ret = hex2bin(cb1, coinbase1, cb1_len); if (unlikely(!ret)) { applog(LOG_ERR, ""Failed to convert cb1 to cb1_bin in parse_notify""); goto out_unlock; } cb2 = alloca(cb2_len); ret = hex2bin(cb2, coinbase2, cb2_len); if (unlikely(!ret)) { applog(LOG_ERR, ""Failed to convert cb2 to cb2_bin in parse_notify""); goto out_unlock; } free(pool->coinbase); align_len(&alloc_len); pool->coinbase = calloc(alloc_len, 1); if (unlikely(!pool->coinbase)) quit(1, ""Failed to calloc pool coinbase in parse_notify""); memcpy(pool->coinbase, cb1, cb1_len); memcpy(pool->coinbase + cb1_len, pool->nonce1bin, pool->n1_len); memcpy(pool->coinbase + cb1_len + pool->n1_len + pool->n2size, cb2, cb2_len); if (opt_debug) { char *cb = bin2hex(pool->coinbase, pool->coinbase_len); applog(LOG_DEBUG, ""Pool %d coinbase %s"", pool->pool_no, cb); free(cb); } out_unlock: cg_wunlock(&pool->data_lock); if (opt_protocol) { applog(LOG_DEBUG, ""job_id: %s"", job_id); applog(LOG_DEBUG, ""prev_hash: %s"", prev_hash); applog(LOG_DEBUG, ""coinbase1: %s"", coinbase1); applog(LOG_DEBUG, ""coinbase2: %s"", coinbase2); applog(LOG_DEBUG, ""bbversion: %s"", bbversion); applog(LOG_DEBUG, ""nbit: %s"", nbit); applog(LOG_DEBUG, ""ntime: %s"", ntime); applog(LOG_DEBUG, ""clean: %s"", clean ? ""yes"" : ""no""); } free(coinbase1); free(coinbase2); pool->getwork_requested++; total_getworks++; if (pool == current_pool()) opt_work_update = true; out: return ret; }",visit repo url,util.c,https://github.com/ckolivas/cgminer,205236817534225,1 759,['CWE-119'],"isdn_net_dial_req(isdn_net_local * lp) { if (!(ISDN_NET_DIALMODE(*lp) == ISDN_NET_DM_AUTO)) return -EBUSY; return isdn_net_force_dial_lp(lp); }",linux-2.6,,,323226238163556126135131011378027378717,0 5243,['CWE-264'],"NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) { connection_struct *conn = fsp->conn; uid_t user = (uid_t)-1; gid_t grp = (gid_t)-1; SMB_STRUCT_STAT sbuf; DOM_SID file_owner_sid; DOM_SID file_grp_sid; canon_ace *file_ace_list = NULL; canon_ace *dir_ace_list = NULL; bool acl_perms = False; mode_t orig_mode = (mode_t)0; NTSTATUS status; bool set_acl_as_root = false; bool acl_set_support = false; bool ret = false; DEBUG(10,(""set_nt_acl: called for file %s\n"", fsp->fsp_name )); if (!CAN_WRITE(conn)) { DEBUG(10,(""set acl rejected on read-only share\n"")); return NT_STATUS_MEDIA_WRITE_PROTECTED; } if(fsp->is_directory || fsp->fh->fd == -1) { if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) return map_nt_error_from_unix(errno); } else { if(SMB_VFS_FSTAT(fsp, &sbuf) != 0) return map_nt_error_from_unix(errno); } orig_mode = sbuf.st_mode; status = unpack_nt_owners( SNUM(conn), &user, &grp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { return status; } if (((user != (uid_t)-1) && (sbuf.st_uid != user)) || (( grp != (gid_t)-1) && (sbuf.st_gid != grp))) { DEBUG(3,(""set_nt_acl: chown %s. uid = %u, gid = %u.\n"", fsp->fsp_name, (unsigned int)user, (unsigned int)grp )); if(try_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) { DEBUG(3,(""set_nt_acl: chown %s, %u, %u failed. Error = %s.\n"", fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) )); if (errno == EPERM) { return NT_STATUS_INVALID_OWNER; } return map_nt_error_from_unix(errno); } if(fsp->is_directory) { if(SMB_VFS_STAT(fsp->conn, fsp->fsp_name, &sbuf) != 0) { return map_nt_error_from_unix(errno); } } else { int sret; if(fsp->fh->fd == -1) sret = SMB_VFS_STAT(fsp->conn, fsp->fsp_name, &sbuf); else sret = SMB_VFS_FSTAT(fsp, &sbuf); if(sret != 0) return map_nt_error_from_unix(errno); } orig_mode = sbuf.st_mode; set_acl_as_root = true; } create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid); acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid, &file_ace_list, &dir_ace_list, security_info_sent, psd); if (!file_ace_list && !dir_ace_list) { return NT_STATUS_OK; } if (!acl_perms) { DEBUG(3,(""set_nt_acl: cannot set permissions\n"")); free_canon_ace_list(file_ace_list); free_canon_ace_list(dir_ace_list); return NT_STATUS_ACCESS_DENIED; } if(!(security_info_sent & DACL_SECURITY_INFORMATION) || (psd->dacl == NULL)) { free_canon_ace_list(file_ace_list); free_canon_ace_list(dir_ace_list); return NT_STATUS_OK; } if (acl_perms && file_ace_list) { if (set_acl_as_root) { become_root(); } ret = set_canon_ace_list(fsp, file_ace_list, False, &sbuf, &acl_set_support); if (set_acl_as_root) { unbecome_root(); } if (acl_set_support && ret == false) { DEBUG(3,(""set_nt_acl: failed to set file acl on file %s (%s).\n"", fsp->fsp_name, strerror(errno) )); free_canon_ace_list(file_ace_list); free_canon_ace_list(dir_ace_list); return map_nt_error_from_unix(errno); } } if (acl_perms && acl_set_support && fsp->is_directory) { if (dir_ace_list) { if (set_acl_as_root) { become_root(); } ret = set_canon_ace_list(fsp, dir_ace_list, True, &sbuf, &acl_set_support); if (set_acl_as_root) { unbecome_root(); } if (ret == false) { DEBUG(3,(""set_nt_acl: failed to set default acl on directory %s (%s).\n"", fsp->fsp_name, strerror(errno) )); free_canon_ace_list(file_ace_list); free_canon_ace_list(dir_ace_list); return map_nt_error_from_unix(errno); } } else { int sret = -1; if (set_acl_as_root) { become_root(); } sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name); if (set_acl_as_root) { unbecome_root(); } if (sret == -1) { if (acl_group_override(conn, &sbuf, fsp->fsp_name)) { DEBUG(5,(""set_nt_acl: acl group control on and "" ""current user in file %s primary group. Override delete_def_acl\n"", fsp->fsp_name )); become_root(); sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name); unbecome_root(); } if (sret == -1) { DEBUG(3,(""set_nt_acl: sys_acl_delete_def_file failed (%s)\n"", strerror(errno))); free_canon_ace_list(file_ace_list); free_canon_ace_list(dir_ace_list); return map_nt_error_from_unix(errno); } } } } if (acl_set_support) { if (set_acl_as_root) { become_root(); } store_inheritance_attributes(fsp, file_ace_list, dir_ace_list, (psd->type & SE_DESC_DACL_PROTECTED) ? True : False); if (set_acl_as_root) { unbecome_root(); } } if(!acl_set_support && acl_perms) { mode_t posix_perms; if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) { free_canon_ace_list(file_ace_list); free_canon_ace_list(dir_ace_list); DEBUG(3,(""set_nt_acl: failed to convert file acl to posix permissions for file %s.\n"", fsp->fsp_name )); return NT_STATUS_ACCESS_DENIED; } if (orig_mode != posix_perms) { int sret = -1; DEBUG(3,(""set_nt_acl: chmod %s. perms = 0%o.\n"", fsp->fsp_name, (unsigned int)posix_perms )); if (set_acl_as_root) { become_root(); } sret = SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms); if (set_acl_as_root) { unbecome_root(); } if(sret == -1) { if (acl_group_override(conn, &sbuf, fsp->fsp_name)) { DEBUG(5,(""set_nt_acl: acl group control on and "" ""current user in file %s primary group. Override chmod\n"", fsp->fsp_name )); become_root(); sret = SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms); unbecome_root(); } if (sret == -1) { DEBUG(3,(""set_nt_acl: chmod %s, 0%o failed. Error = %s.\n"", fsp->fsp_name, (unsigned int)posix_perms, strerror(errno) )); free_canon_ace_list(file_ace_list); free_canon_ace_list(dir_ace_list); return map_nt_error_from_unix(errno); } } } } free_canon_ace_list(file_ace_list); free_canon_ace_list(dir_ace_list); return NT_STATUS_OK; }",samba,,,138930500666499744942218229662106853323,0 4274,CWE-787,"static cache_accel_t *read_cache_accel(RBuffer *cache_buf, cache_hdr_t *hdr, cache_map_t *maps) { if (!cache_buf || !hdr || !hdr->accelerateInfoSize || !hdr->accelerateInfoAddr) { return NULL; } ut64 offset = va2pa (hdr->accelerateInfoAddr, hdr->mappingCount, maps, cache_buf, 0, NULL, NULL); if (!offset) { return NULL; } ut64 size = sizeof (cache_accel_t); cache_accel_t *accel = R_NEW0 (cache_accel_t); if (!accel) { return NULL; } if (r_buf_fread_at (cache_buf, offset, (ut8*) accel, ""16il"", 1) != size) { R_FREE (accel); return NULL; } accel->imagesExtrasOffset += offset; accel->bottomUpListOffset += offset; accel->dylibTrieOffset += offset; accel->initializersOffset += offset; accel->dofSectionsOffset += offset; accel->reExportListOffset += offset; accel->depListOffset += offset; accel->rangeTableOffset += offset; return accel; }",visit repo url,libr/bin/p/bin_dyldcache.c,https://github.com/radareorg/radare2,191039630927485,1 2886,CWE-787,"DECLAREwriteFunc(writeBufferToContigTiles) { uint32 imagew = TIFFScanlineSize(out); uint32 tilew = TIFFTileRowSize(out); int iskew = imagew - tilew; tsize_t tilesize = TIFFTileSize(out); tdata_t obuf; uint8* bufp = (uint8*) buf; uint32 tl, tw; uint32 row; (void) spp; obuf = _TIFFmalloc(TIFFTileSize(out)); if (obuf == NULL) return 0; _TIFFmemset(obuf, 0, tilesize); (void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl); (void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw); for (row = 0; row < imagelength; row += tilelength) { uint32 nrow = (row+tl > imagelength) ? imagelength-row : tl; uint32 colb = 0; uint32 col; for (col = 0; col < imagewidth; col += tw) { if (colb + tilew > imagew) { uint32 width = imagew - colb; int oskew = tilew - width; cpStripToTile(obuf, bufp + colb, nrow, width, oskew, oskew + iskew); } else cpStripToTile(obuf, bufp + colb, nrow, tilew, 0, iskew); if (TIFFWriteTile(out, obuf, col, row, 0, 0) < 0) { TIFFError(TIFFFileName(out), ""Error, can't write tile at %lu %lu"", (unsigned long) col, (unsigned long) row); _TIFFfree(obuf); return 0; } colb += tilew; } bufp += nrow * imagew; } _TIFFfree(obuf); return 1; }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,272288957196435,1 367,[],"pfm_do_interrupt_handler(int irq, void *arg, struct pt_regs *regs) { struct task_struct *task; pfm_context_t *ctx; unsigned long flags; u64 pmc0; int this_cpu = smp_processor_id(); int retval = 0; pfm_stats[this_cpu].pfm_ovfl_intr_count++; pmc0 = ia64_get_pmc(0); task = GET_PMU_OWNER(); ctx = GET_PMU_CTX(); if (PMC0_HAS_OVFL(pmc0) && task) { if (!ctx) goto report_spurious1; if (ctx->ctx_fl_system == 0 && (task->thread.flags & IA64_THREAD_PM_VALID) == 0) goto report_spurious2; PROTECT_CTX_NOPRINT(ctx, flags); pfm_overflow_handler(task, ctx, pmc0, regs); UNPROTECT_CTX_NOPRINT(ctx, flags); } else { pfm_stats[this_cpu].pfm_spurious_ovfl_intr_count++; retval = -1; } pfm_unfreeze_pmu(); return retval; report_spurious1: printk(KERN_INFO ""perfmon: spurious overflow interrupt on CPU%d: process %d has no PFM context\n"", this_cpu, task->pid); pfm_unfreeze_pmu(); return -1; report_spurious2: printk(KERN_INFO ""perfmon: spurious overflow interrupt on CPU%d: process %d, invalid flag\n"", this_cpu, task->pid); pfm_unfreeze_pmu(); return -1; }",linux-2.6,,,458559727158193154481830393309760137,0 6300,CWE-295,"static LUA_FUNCTION(openssl_x509_check_ip_asc) { X509 * cert = CHECK_OBJECT(1, X509, ""openssl.x509""); if (lua_isstring(L, 2)) { const char *ip_asc = lua_tostring(L, 2); lua_pushboolean(L, X509_check_ip_asc(cert, ip_asc, 0)); } else { lua_pushboolean(L, 0); } return 1; }",visit repo url,src/x509.c,https://github.com/zhaozg/lua-openssl,111071188855268,1 6520,['CWE-20'],"static void decode_register_operand(struct operand *op, struct decode_cache *c, int inhibit_bytereg) { unsigned reg = c->modrm_reg; int highbyte_regs = c->rex_prefix == 0; if (!(c->d & ModRM)) reg = (c->b & 7) | ((c->rex_prefix & 1) << 3); op->type = OP_REG; if ((c->d & ByteOp) && !inhibit_bytereg) { op->ptr = decode_register(reg, c->regs, highbyte_regs); op->val = *(u8 *)op->ptr; op->bytes = 1; } else { op->ptr = decode_register(reg, c->regs, 0); op->bytes = c->op_bytes; switch (op->bytes) { case 2: op->val = *(u16 *)op->ptr; break; case 4: op->val = *(u32 *)op->ptr; break; case 8: op->val = *(u64 *) op->ptr; break; } } op->orig_val = op->val; }",kvm,,,133076024340252053989059508701743431984,0 3889,['CWE-399'],"static int chip_read2(struct CHIPSTATE *chip, int subaddr) { unsigned char write[1]; unsigned char read[1]; struct i2c_msg msgs[2] = { { chip->c->addr, 0, 1, write }, { chip->c->addr, I2C_M_RD, 1, read } }; write[0] = subaddr; if (2 != i2c_transfer(chip->c->adapter,msgs,2)) { v4l_warn(chip->c, ""%s: I/O error (read2)\n"", chip->c->name); return -1; } v4l_dbg(1, debug, chip->c, ""%s: chip_read2: reg%d=0x%x\n"", chip->c->name, subaddr,read[0]); return read[0]; }",linux-2.6,,,236685902605201489969660406172241337166,0 1418,CWE-310,"static int crypto_pcomp_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_comp rpcomp; snprintf(rpcomp.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""pcomp""); if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, sizeof(struct crypto_report_comp), &rpcomp)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/pcompress.c,https://github.com/torvalds/linux,241462321392294,1 3672,CWE-77,"run_cmd(int fd, ...) { pid_t pid; sigset_t sigm, sigm_old; sigemptyset(&sigm); sigaddset(&sigm, SIGTERM); sigprocmask(SIG_BLOCK, &sigm, &sigm_old); pid = fork(); if ( pid < 0 ) { sigprocmask(SIG_SETMASK, &sigm_old, NULL); fd_printf(STO, ""*** cannot fork: %s ***\r\n"", strerror(errno)); return -1; } else if ( pid ) { int status, r; sigprocmask(SIG_SETMASK, &sigm_old, NULL); do { r = waitpid(pid, &status, 0); } while ( r < 0 && errno == EINTR ); term_apply(STI); if ( WIFEXITED(status) ) { fd_printf(STO, ""\r\n*** exit status: %d ***\r\n"", WEXITSTATUS(status)); return WEXITSTATUS(status); } else if ( WIFSIGNALED(status) ) { fd_printf(STO, ""\r\n*** killed by signal: %d ***\r\n"", WTERMSIG(status)); return -1; } else { fd_printf(STO, ""\r\n*** abnormal termination: 0x%x ***\r\n"", r); return -1; } } else { long fl; char cmd[512]; term_remove(STI); term_erase(fd); fl = fcntl(fd, F_GETFL); fl &= ~O_NONBLOCK; fcntl(fd, F_SETFL, fl); close(STI); close(STO); dup2(fd, STI); dup2(fd, STO); { char *c, *ce; const char *s; int n; va_list vls; strcpy(cmd, EXEC); c = &cmd[sizeof(EXEC)- 1]; ce = cmd + sizeof(cmd) - 1; va_start(vls, fd); while ( (s = va_arg(vls, const char *)) ) { n = strlen(s); if ( c + n + 1 >= ce ) break; memcpy(c, s, n); c += n; *c++ = ' '; } va_end(vls); *c = '\0'; } fd_printf(STDERR_FILENO, ""%s\n"", &cmd[sizeof(EXEC) - 1]); establish_child_signal_handlers(); sigprocmask(SIG_SETMASK, &sigm_old, NULL); execl(""/bin/sh"", ""sh"", ""-c"", cmd, NULL); exit(42); } }",visit repo url,picocom.c,https://github.com/npat-efault/picocom,245574519540691,1 3969,['CWE-362'],"static struct audit_chunk *alloc_chunk(int count) { struct audit_chunk *chunk; size_t size; int i; size = offsetof(struct audit_chunk, owners) + count * sizeof(struct node); chunk = kzalloc(size, GFP_KERNEL); if (!chunk) return NULL; INIT_LIST_HEAD(&chunk->hash); INIT_LIST_HEAD(&chunk->trees); chunk->count = count; atomic_long_set(&chunk->refs, 1); for (i = 0; i < count; i++) { INIT_LIST_HEAD(&chunk->owners[i].list); chunk->owners[i].index = i; } inotify_init_watch(&chunk->watch); return chunk; }",linux-2.6,,,326268617581838918490991804015386077471,0 4024,NVD-CWE-noinfo,"void ZLIB_INTERNAL inflate_fast(strm, start) z_streamp strm; unsigned start; { struct inflate_state FAR *state; z_const unsigned char FAR *in; z_const unsigned char FAR *last; unsigned char FAR *out; unsigned char FAR *beg; unsigned char FAR *end; #ifdef INFLATE_STRICT unsigned dmax; #endif unsigned wsize; unsigned whave; unsigned wnext; unsigned char FAR *window; unsigned long hold; unsigned bits; code const FAR *lcode; code const FAR *dcode; unsigned lmask; unsigned dmask; code here; unsigned op; unsigned len; unsigned dist; unsigned char FAR *from; state = (struct inflate_state FAR *)strm->state; in = strm->next_in - OFF; last = in + (strm->avail_in - 5); out = strm->next_out - OFF; beg = out - (start - strm->avail_out); end = out + (strm->avail_out - 257); #ifdef INFLATE_STRICT dmax = state->dmax; #endif wsize = state->wsize; whave = state->whave; wnext = state->wnext; window = state->window; hold = state->hold; bits = state->bits; lcode = state->lencode; dcode = state->distcode; lmask = (1U << state->lenbits) - 1; dmask = (1U << state->distbits) - 1; do { if (bits < 15) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; hold += (unsigned long)(PUP(in)) << bits; bits += 8; } here = lcode[hold & lmask]; dolen: op = (unsigned)(here.bits); hold >>= op; bits -= op; op = (unsigned)(here.op); if (op == 0) { Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? ""inflate: literal '%c'\n"" : ""inflate: literal 0x%02x\n"", here.val)); PUP(out) = (unsigned char)(here.val); } else if (op & 16) { len = (unsigned)(here.val); op &= 15; if (op) { if (bits < op) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; } len += (unsigned)hold & ((1U << op) - 1); hold >>= op; bits -= op; } Tracevv((stderr, ""inflate: length %u\n"", len)); if (bits < 15) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; hold += (unsigned long)(PUP(in)) << bits; bits += 8; } here = dcode[hold & dmask]; dodist: op = (unsigned)(here.bits); hold >>= op; bits -= op; op = (unsigned)(here.op); if (op & 16) { dist = (unsigned)(here.val); op &= 15; if (bits < op) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; if (bits < op) { hold += (unsigned long)(PUP(in)) << bits; bits += 8; } } dist += (unsigned)hold & ((1U << op) - 1); #ifdef INFLATE_STRICT if (dist > dmax) { strm->msg = (char *)""invalid distance too far back""; state->mode = BAD; break; } #endif hold >>= op; bits -= op; Tracevv((stderr, ""inflate: distance %u\n"", dist)); op = (unsigned)(out - beg); if (dist > op) { op = dist - op; if (op > whave) { if (state->sane) { strm->msg = (char *)""invalid distance too far back""; state->mode = BAD; break; } #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR if (len <= op - whave) { do { PUP(out) = 0; } while (--len); continue; } len -= op - whave; do { PUP(out) = 0; } while (--op > whave); if (op == 0) { from = out - dist; do { PUP(out) = PUP(from); } while (--len); continue; } #endif } from = window - OFF; if (wnext == 0) { from += wsize - op; if (op < len) { len -= op; do { PUP(out) = PUP(from); } while (--op); from = out - dist; } } else if (wnext < op) { from += wsize + wnext - op; op -= wnext; if (op < len) { len -= op; do { PUP(out) = PUP(from); } while (--op); from = window - OFF; if (wnext < len) { op = wnext; len -= op; do { PUP(out) = PUP(from); } while (--op); from = out - dist; } } } else { from += wnext - op; if (op < len) { len -= op; do { PUP(out) = PUP(from); } while (--op); from = out - dist; } } while (len > 2) { PUP(out) = PUP(from); PUP(out) = PUP(from); PUP(out) = PUP(from); len -= 3; } if (len) { PUP(out) = PUP(from); if (len > 1) PUP(out) = PUP(from); } } else { from = out - dist; do { PUP(out) = PUP(from); PUP(out) = PUP(from); PUP(out) = PUP(from); len -= 3; } while (len > 2); if (len) { PUP(out) = PUP(from); if (len > 1) PUP(out) = PUP(from); } } } else if ((op & 64) == 0) { here = dcode[here.val + (hold & ((1U << op) - 1))]; goto dodist; } else { strm->msg = (char *)""invalid distance code""; state->mode = BAD; break; } } else if ((op & 64) == 0) { here = lcode[here.val + (hold & ((1U << op) - 1))]; goto dolen; } else if (op & 32) { Tracevv((stderr, ""inflate: end of block\n"")); state->mode = TYPE; break; } else { strm->msg = (char *)""invalid literal/length code""; state->mode = BAD; break; } } while (in < last && out < end); len = bits >> 3; in -= len; bits -= len << 3; hold &= (1U << bits) - 1; strm->next_in = in + OFF; strm->next_out = out + OFF; strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last)); strm->avail_out = (unsigned)(out < end ? 257 + (end - out) : 257 - (out - end)); state->hold = hold; state->bits = bits; return; }",visit repo url,inffast.c,https://github.com/madler/zlib,204442658959081,1 6397,['CWE-59'],"static char * check_for_domain(char **ppuser) { char * original_string; char * usernm; char * domainnm; int original_len; int len; int i; if(ppuser == NULL) return NULL; original_string = *ppuser; if (original_string == NULL) return NULL; original_len = strlen(original_string); usernm = strchr(*ppuser,'/'); if (usernm == NULL) { usernm = strchr(*ppuser,'\\'); if (usernm == NULL) return NULL; } if(got_domain) { fprintf(stderr, ""Domain name specified twice. Username probably malformed\n""); return NULL; } usernm[0] = 0; domainnm = *ppuser; if (domainnm[0] != 0) { got_domain = 1; } else { fprintf(stderr, ""null domain\n""); } len = strlen(domainnm); domainnm = (char *)malloc(len+1); if(domainnm == NULL) return NULL; strlcpy(domainnm,*ppuser,len+1); len = strlen(usernm+1); if(len >= original_len) { return domainnm; } for(i=0;isignature == MagickCoreSignature); switch (quantum_info->depth) { case 10: { Quantum cbcr[4]; pixel=0; if (quantum_info->pack == MagickFalse) { register ssize_t i; size_t quantum; ssize_t n; n=0; quantum=0; for (x=0; x < (ssize_t) number_pixels; x+=2) { for (i=0; i < 4; i++) { switch (n % 3) { case 0: { p=PushLongPixel(quantum_info->endian,p,&pixel); quantum=(size_t) (ScaleShortToQuantum((unsigned short) (((pixel >> 22) & 0x3ff) << 6))); break; } case 1: { quantum=(size_t) (ScaleShortToQuantum((unsigned short) (((pixel >> 12) & 0x3ff) << 6))); break; } case 2: { quantum=(size_t) (ScaleShortToQuantum((unsigned short) (((pixel >> 2) & 0x3ff) << 6))); break; } } cbcr[i]=(Quantum) (quantum); n++; } p+=quantum_info->pad; SetPixelRed(image,cbcr[1],q); SetPixelGreen(image,cbcr[0],q); SetPixelBlue(image,cbcr[2],q); q+=GetPixelChannels(image); SetPixelRed(image,cbcr[3],q); SetPixelGreen(image,cbcr[0],q); SetPixelBlue(image,cbcr[2],q); q+=GetPixelChannels(image); } break; } } default: { range=GetQuantumRange(quantum_info->depth); for (x=0; x < (ssize_t) number_pixels; x++) { p=PushQuantumPixel(quantum_info,p,&pixel); SetPixelRed(image,ScaleAnyToQuantum(pixel,range),q); p=PushQuantumPixel(quantum_info,p,&pixel); SetPixelGreen(image,ScaleAnyToQuantum(pixel,range),q); q+=GetPixelChannels(image); } break; } } }",visit repo url,MagickCore/quantum-import.c,https://github.com/ImageMagick/ImageMagick,120831260274564,1 569,CWE-264,"static int get_tp_trap(struct pt_regs *regs, unsigned int instr) { int reg = (instr >> 12) & 15; if (reg == 15) return 1; regs->uregs[reg] = current_thread_info()->tp_value; regs->ARM_pc += 4; return 0; }",visit repo url,arch/arm/kernel/traps.c,https://github.com/torvalds/linux,249163315913029,1 3218,CWE-125,"l2tp_q931_cc_print(netdissect_options *ndo, const u_char *dat, u_int length) { print_16bits_val(ndo, (const uint16_t *)dat); ND_PRINT((ndo, "", %02x"", dat[2])); if (length > 3) { ND_PRINT((ndo, "" "")); print_string(ndo, dat+3, length-3); } }",visit repo url,print-l2tp.c,https://github.com/the-tcpdump-group/tcpdump,270420599472893,1 6563,['CWE-200'],"add_connection_tab (NMConnectionList *self, GType def_type, GType ctype, GdkPixbuf *pixbuf, const char *prefix, const char *label_text, PageNewConnectionFunc new_func) { char *name; GtkWidget *child, *hbox, *notebook; GtkTreeView *treeview; int pnum; name = g_strdup_printf (""%s_child"", prefix); child = glade_xml_get_widget (self->gui, name); g_free (name); hbox = gtk_hbox_new (FALSE, 6); if (pixbuf) { GtkWidget *image; image = gtk_image_new_from_pixbuf (pixbuf); gtk_box_pack_start (GTK_BOX (hbox), image, FALSE, FALSE, 0); } gtk_box_pack_start (GTK_BOX (hbox), gtk_label_new (label_text), FALSE, FALSE, 0); gtk_widget_show_all (hbox); notebook = glade_xml_get_widget (self->gui, ""list_notebook""); gtk_notebook_set_tab_label (GTK_NOTEBOOK (notebook), child, hbox); treeview = add_connection_treeview (self, prefix); add_connection_buttons (self, prefix, treeview, ctype, new_func); g_object_set_data (G_OBJECT (treeview), TV_TYPE_TAG, GUINT_TO_POINTER (ctype)); self->treeviews = g_slist_prepend (self->treeviews, treeview); if (def_type == ctype) { pnum = gtk_notebook_page_num (GTK_NOTEBOOK (notebook), child); gtk_notebook_set_current_page (GTK_NOTEBOOK (notebook), pnum); } }",network-manager-applet,,,239541861961182412436594262537687859590,0 4602,['CWE-399'],"static void ext4_da_invalidatepage(struct page *page, unsigned long offset) { BUG_ON(!PageLocked(page)); if (!page_has_buffers(page)) goto out; ext4_da_page_release_reservation(page, offset); out: ext4_invalidatepage(page, offset); return; }",linux-2.6,,,269867955622700699926881684987399281219,0 269,CWE-362,"packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) { struct sock *sk = sock->sk; struct packet_sock *po = pkt_sk(sk); int ret; if (level != SOL_PACKET) return -ENOPROTOOPT; switch (optname) { case PACKET_ADD_MEMBERSHIP: case PACKET_DROP_MEMBERSHIP: { struct packet_mreq_max mreq; int len = optlen; memset(&mreq, 0, sizeof(mreq)); if (len < sizeof(struct packet_mreq)) return -EINVAL; if (len > sizeof(mreq)) len = sizeof(mreq); if (copy_from_user(&mreq, optval, len)) return -EFAULT; if (len < (mreq.mr_alen + offsetof(struct packet_mreq, mr_address))) return -EINVAL; if (optname == PACKET_ADD_MEMBERSHIP) ret = packet_mc_add(sk, &mreq); else ret = packet_mc_drop(sk, &mreq); return ret; } case PACKET_RX_RING: case PACKET_TX_RING: { union tpacket_req_u req_u; int len; switch (po->tp_version) { case TPACKET_V1: case TPACKET_V2: len = sizeof(req_u.req); break; case TPACKET_V3: default: len = sizeof(req_u.req3); break; } if (optlen < len) return -EINVAL; if (copy_from_user(&req_u.req, optval, len)) return -EFAULT; return packet_set_ring(sk, &req_u, 0, optname == PACKET_TX_RING); } case PACKET_COPY_THRESH: { int val; if (optlen != sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; pkt_sk(sk)->copy_thresh = val; return 0; } case PACKET_VERSION: { int val; if (optlen != sizeof(val)) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; switch (val) { case TPACKET_V1: case TPACKET_V2: case TPACKET_V3: po->tp_version = val; return 0; default: return -EINVAL; } } case PACKET_RESERVE: { unsigned int val; if (optlen != sizeof(val)) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->tp_reserve = val; return 0; } case PACKET_LOSS: { unsigned int val; if (optlen != sizeof(val)) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->tp_loss = !!val; return 0; } case PACKET_AUXDATA: { int val; if (optlen < sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->auxdata = !!val; return 0; } case PACKET_ORIGDEV: { int val; if (optlen < sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->origdev = !!val; return 0; } case PACKET_VNET_HDR: { int val; if (sock->type != SOCK_RAW) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (optlen < sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->has_vnet_hdr = !!val; return 0; } case PACKET_TIMESTAMP: { int val; if (optlen != sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->tp_tstamp = val; return 0; } case PACKET_FANOUT: { int val; if (optlen != sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; return fanout_add(sk, val & 0xffff, val >> 16); } case PACKET_FANOUT_DATA: { if (!po->fanout) return -EINVAL; return fanout_set_data(po, optval, optlen); } case PACKET_TX_HAS_OFF: { unsigned int val; if (optlen != sizeof(val)) return -EINVAL; if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) return -EBUSY; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->tp_tx_has_off = !!val; return 0; } case PACKET_QDISC_BYPASS: { int val; if (optlen != sizeof(val)) return -EINVAL; if (copy_from_user(&val, optval, sizeof(val))) return -EFAULT; po->xmit = val ? packet_direct_xmit : dev_queue_xmit; return 0; } default: return -ENOPROTOOPT; } }",visit repo url,net/packet/af_packet.c,https://github.com/torvalds/linux,191528543043528,1 5416,['CWE-476'],"int cpuid_maxphyaddr(struct kvm_vcpu *vcpu) { struct kvm_cpuid_entry2 *best; best = kvm_find_cpuid_entry(vcpu, 0x80000008, 0); if (best) return best->eax & 0xff; return 36; }",linux-2.6,,,19062582846804564119225523278985075721,0 285,NVD-CWE-noinfo,"static bool freelist_state_initialize(union freelist_init_state *state, struct kmem_cache *cachep, unsigned int count) { bool ret; unsigned int rand; rand = get_random_int(); if (!cachep->random_seq) { prandom_seed_state(&state->rnd_state, rand); ret = false; } else { state->list = cachep->random_seq; state->count = count; state->pos = 0; state->rand = rand; ret = true; } return ret; }",visit repo url,mm/slab.c,https://github.com/torvalds/linux,156649609867697,1 5486,['CWE-476'],"static int kvm_load_realmode_segment(struct kvm_vcpu *vcpu, u16 selector, int seg) { struct kvm_segment segvar = { .base = selector << 4, .limit = 0xffff, .selector = selector, .type = 3, .present = 1, .dpl = 3, .db = 0, .s = 1, .l = 0, .g = 0, .avl = 0, .unusable = 0, }; kvm_x86_ops->set_segment(vcpu, &segvar, seg); return 0; }",linux-2.6,,,189887229363999032386000408611637632721,0 4085,['CWE-399'],"static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, struct sg_io_hdr *hdr, fmode_t mode) { if (copy_from_user(rq->cmd, hdr->cmdp, hdr->cmd_len)) return -EFAULT; if (blk_verify_command(&q->cmd_filter, rq->cmd, mode & FMODE_WRITE)) return -EPERM; rq->cmd_len = hdr->cmd_len; rq->cmd_type = REQ_TYPE_BLOCK_PC; rq->timeout = msecs_to_jiffies(hdr->timeout); if (!rq->timeout) rq->timeout = q->sg_timeout; if (!rq->timeout) rq->timeout = BLK_DEFAULT_SG_TIMEOUT; if (rq->timeout < BLK_MIN_SG_TIMEOUT) rq->timeout = BLK_MIN_SG_TIMEOUT; return 0; }",linux-2.6,,,147911123591086401441048882405356688910,0 1274,[],"m4_include (struct obstack *obs, int argc, token_data **argv) { include (argc, argv, false); }",m4,,,29086839116691183802586440681826886197,0 6012,CWE-120,"static CYTHON_SMALL_CODE int __pyx_pymod_exec_stringcolumn(PyObject *__pyx_pyinit_module) #endif #endif { PyObject *__pyx_t_1 = NULL; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; PyObject *__pyx_t_5 = NULL; __Pyx_RefNannyDeclarations #if CYTHON_PEP489_MULTI_PHASE_INIT if (__pyx_m) { if (__pyx_m == __pyx_pyinit_module) return 0; PyErr_SetString(PyExc_RuntimeError, ""Module 'stringcolumn' has already been imported. Re-initialisation is not supported.""); return -1; } #elif PY_MAJOR_VERSION >= 3 if (__pyx_m) return __Pyx_NewRef(__pyx_m); #endif #if CYTHON_REFNANNY __Pyx_RefNanny = __Pyx_RefNannyImportAPI(""refnanny""); if (!__Pyx_RefNanny) { PyErr_Clear(); __Pyx_RefNanny = __Pyx_RefNannyImportAPI(""Cython.Runtime.refnanny""); if (!__Pyx_RefNanny) Py_FatalError(""failed to import 'refnanny' module""); } #endif __Pyx_RefNannySetupContext(""__Pyx_PyMODINIT_FUNC PyInit_stringcolumn(void)"", 0); if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #ifdef __Pxy_PyFrame_Initialize_Offsets __Pxy_PyFrame_Initialize_Offsets(); #endif __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error) __pyx_empty_bytes = PyBytes_FromStringAndSize("""", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error) __pyx_empty_unicode = PyUnicode_FromStringAndSize("""", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error) #ifdef __Pyx_CyFunction_USED if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_FusedFunction_USED if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_Coroutine_USED if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_Generator_USED if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_AsyncGen_USED if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_StopAsyncIteration_USED if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #if defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS #ifdef WITH_THREAD PyEval_InitThreads(); #endif #endif #if CYTHON_PEP489_MULTI_PHASE_INIT __pyx_m = __pyx_pyinit_module; Py_INCREF(__pyx_m); #else #if PY_MAJOR_VERSION < 3 __pyx_m = Py_InitModule4(""stringcolumn"", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m); #else __pyx_m = PyModule_Create(&__pyx_moduledef); #endif if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error) #endif __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error) Py_INCREF(__pyx_d); __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error) Py_INCREF(__pyx_b); __pyx_cython_runtime = PyImport_AddModule((char *) ""cython_runtime""); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error) Py_INCREF(__pyx_cython_runtime); if (PyObject_SetAttrString(__pyx_m, ""__builtins__"", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error); if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT) if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif if (__pyx_module_is_main_clickhouse_driver__columns__stringcolumn) { if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error) } #if PY_MAJOR_VERSION >= 3 { PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error) if (!PyDict_GetItemString(modules, ""clickhouse_driver.columns.stringcolumn"")) { if (unlikely(PyDict_SetItemString(modules, ""clickhouse_driver.columns.stringcolumn"", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error) } } #endif if (__Pyx_InitCachedBuiltins() < 0) goto __pyx_L1_error; if (__Pyx_InitCachedConstants() < 0) goto __pyx_L1_error; (void)__Pyx_modinit_global_init_code(); (void)__Pyx_modinit_variable_export_code(); (void)__Pyx_modinit_function_export_code(); (void)__Pyx_modinit_type_init_code(); if (unlikely(__Pyx_modinit_type_import_code() != 0)) goto __pyx_L1_error; (void)__Pyx_modinit_variable_import_code(); (void)__Pyx_modinit_function_import_code(); #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED) if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif __pyx_t_1 = PyList_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 9, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_INCREF(__pyx_n_s_defines); __Pyx_GIVEREF(__pyx_n_s_defines); PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_defines); __pyx_t_2 = __Pyx_Import(__pyx_n_s__2, __pyx_t_1, 2); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 9, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_defines); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 9, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); if (PyDict_SetItem(__pyx_d, __pyx_n_s_defines, __pyx_t_1) < 0) __PYX_ERR(0, 9, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = PyList_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 10, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_INCREF(__pyx_n_s_errors); __Pyx_GIVEREF(__pyx_n_s_errors); PyList_SET_ITEM(__pyx_t_2, 0, __pyx_n_s_errors); __pyx_t_1 = __Pyx_Import(__pyx_n_s__2, __pyx_t_2, 2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 10, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_1, __pyx_n_s_errors); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 10, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); if (PyDict_SetItem(__pyx_d, __pyx_n_s_errors, __pyx_t_2) < 0) __PYX_ERR(0, 10, __pyx_L1_error) __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = PyList_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 11, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_INCREF(__pyx_n_s_compat); __Pyx_GIVEREF(__pyx_n_s_compat); PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_compat); __pyx_t_2 = __Pyx_Import(__pyx_n_s_util, __pyx_t_1, 2); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 11, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_compat); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 11, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); if (PyDict_SetItem(__pyx_d, __pyx_n_s_compat, __pyx_t_1) < 0) __PYX_ERR(0, 11, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = PyList_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_INCREF(__pyx_n_s_Column); __Pyx_GIVEREF(__pyx_n_s_Column); PyList_SET_ITEM(__pyx_t_2, 0, __pyx_n_s_Column); __pyx_t_1 = __Pyx_Import(__pyx_n_s_base, __pyx_t_2, 1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_1, __pyx_n_s_Column); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 12, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); if (PyDict_SetItem(__pyx_d, __pyx_n_s_Column, __pyx_t_2) < 0) __PYX_ERR(0, 12, __pyx_L1_error) __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_Column); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_GIVEREF(__pyx_t_1); PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_String, __pyx_n_s_String, (PyObject *) NULL, __pyx_n_s_clickhouse_driver_columns_string, (PyObject *) NULL); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_ch_type, __pyx_n_u_String) < 0) __PYX_ERR(0, 16, __pyx_L1_error) __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_compat); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 17, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __pyx_t_5 = __Pyx_PyObject_GetAttrStr(__pyx_t_4, __pyx_n_s_string_types); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 17, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_5); __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_py_types, __pyx_t_5) < 0) __PYX_ERR(0, 17, __pyx_L1_error) __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0; if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_null_value, __pyx_kp_u__2) < 0) __PYX_ERR(0, 18, __pyx_L1_error) __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_n_s_defines); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 20, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_5); __pyx_t_4 = __Pyx_PyObject_GetAttrStr(__pyx_t_5, __pyx_n_s_STRINGS_ENCODING); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 20, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0; if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_default_encoding, __pyx_t_4) < 0) __PYX_ERR(0, 20, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_6String_1__init__, 0, __pyx_n_s_String___init, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__4)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 22, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (!__Pyx_CyFunction_InitDefaults(__pyx_t_4, sizeof(__pyx_defaults), 1)) __PYX_ERR(0, 22, __pyx_L1_error) __pyx_t_5 = PyObject_GetItem(__pyx_t_3, __pyx_n_s_default_encoding); if (unlikely(!__pyx_t_5)) { PyErr_Clear(); __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_n_s_default_encoding); } if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 22, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_5); __Pyx_CyFunction_Defaults(__pyx_defaults, __pyx_t_4)->__pyx_arg_encoding = __pyx_t_5; __Pyx_GIVEREF(__pyx_t_5); __pyx_t_5 = 0; __Pyx_CyFunction_SetDefaultsGetter(__pyx_t_4, __pyx_pf_17clickhouse_driver_7columns_12stringcolumn_2__defaults__); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_init, __pyx_t_4) < 0) __PYX_ERR(0, 22, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_6String_3write_items, 0, __pyx_n_s_String_write_items, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__6)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 26, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_write_items, __pyx_t_4) < 0) __PYX_ERR(0, 26, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_6String_5read_items, 0, __pyx_n_s_String_read_items, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__8)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 29, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_read_items, __pyx_t_4) < 0) __PYX_ERR(0, 29, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_String, __pyx_t_2, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (PyDict_SetItem(__pyx_d, __pyx_n_s_String, __pyx_t_4) < 0) __PYX_ERR(0, 15, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_String); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 33, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 33, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 33, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_ByteString, __pyx_n_s_ByteString, (PyObject *) NULL, __pyx_n_s_clickhouse_driver_columns_string, (PyObject *) NULL); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 33, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = PyTuple_New(1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 34, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(((PyObject *)(&PyBytes_Type))); __Pyx_GIVEREF(((PyObject *)(&PyBytes_Type))); PyTuple_SET_ITEM(__pyx_t_4, 0, ((PyObject *)(&PyBytes_Type))); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_py_types, __pyx_t_4) < 0) __PYX_ERR(0, 34, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_null_value, __pyx_kp_b__2) < 0) __PYX_ERR(0, 35, __pyx_L1_error) __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_10ByteString_1write_items, 0, __pyx_n_s_ByteString_write_items, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__10)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 37, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_write_items, __pyx_t_4) < 0) __PYX_ERR(0, 37, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_10ByteString_3read_items, 0, __pyx_n_s_ByteString_read_items, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__12)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 40, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_read_items, __pyx_t_4) < 0) __PYX_ERR(0, 40, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_ByteString, __pyx_t_1, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 33, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (PyDict_SetItem(__pyx_d, __pyx_n_s_ByteString, __pyx_t_4) < 0) __PYX_ERR(0, 33, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_String); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 44, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 44, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_GIVEREF(__pyx_t_1); PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 44, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_FixedString, __pyx_n_s_FixedString, (PyObject *) NULL, __pyx_n_s_clickhouse_driver_columns_string, (PyObject *) NULL); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 44, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_ch_type, __pyx_n_u_FixedString) < 0) __PYX_ERR(0, 45, __pyx_L1_error) __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_11FixedString_1__init__, 0, __pyx_n_s_FixedString___init, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__14)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 47, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_init, __pyx_t_4) < 0) __PYX_ERR(0, 47, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_11FixedString_3read_items, 0, __pyx_n_s_FixedString_read_items, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__16)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 51, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_read_items, __pyx_t_4) < 0) __PYX_ERR(0, 51, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_11FixedString_5write_items, 0, __pyx_n_s_FixedString_write_items, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__18)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 83, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_write_items, __pyx_t_4) < 0) __PYX_ERR(0, 83, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_FixedString, __pyx_t_2, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 44, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (PyDict_SetItem(__pyx_d, __pyx_n_s_FixedString, __pyx_t_4) < 0) __PYX_ERR(0, 44, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_FixedString); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 114, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 114, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2); __pyx_t_2 = 0; __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 114, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_ByteFixedString, __pyx_n_s_ByteFixedString, (PyObject *) NULL, __pyx_n_s_clickhouse_driver_columns_string, (PyObject *) NULL); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 114, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = PyTuple_New(2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 115, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(((PyObject *)(&PyByteArray_Type))); __Pyx_GIVEREF(((PyObject *)(&PyByteArray_Type))); PyTuple_SET_ITEM(__pyx_t_4, 0, ((PyObject *)(&PyByteArray_Type))); __Pyx_INCREF(((PyObject *)(&PyBytes_Type))); __Pyx_GIVEREF(((PyObject *)(&PyBytes_Type))); PyTuple_SET_ITEM(__pyx_t_4, 1, ((PyObject *)(&PyBytes_Type))); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_py_types, __pyx_t_4) < 0) __PYX_ERR(0, 115, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_null_value, __pyx_kp_b__2) < 0) __PYX_ERR(0, 116, __pyx_L1_error) __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_15ByteFixedString_1read_items, 0, __pyx_n_s_ByteFixedString_read_items, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__20)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 118, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_read_items, __pyx_t_4) < 0) __PYX_ERR(0, 118, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_CyFunction_New(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_15ByteFixedString_3write_items, 0, __pyx_n_s_ByteFixedString_write_items, NULL, __pyx_n_s_clickhouse_driver_columns_string, __pyx_d, ((PyObject *)__pyx_codeobj__22)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 131, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (__Pyx_SetNameInClass(__pyx_t_3, __pyx_n_s_write_items, __pyx_t_4) < 0) __PYX_ERR(0, 131, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_ByteFixedString, __pyx_t_1, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 114, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); if (PyDict_SetItem(__pyx_d, __pyx_n_s_ByteFixedString, __pyx_t_4) < 0) __PYX_ERR(0, 114, __pyx_L1_error) __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0; __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = PyCFunction_NewEx(&__pyx_mdef_17clickhouse_driver_7columns_12stringcolumn_1create_string_column, NULL, __pyx_n_s_clickhouse_driver_columns_string); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 158, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); if (PyDict_SetItem(__pyx_d, __pyx_n_s_create_string_column, __pyx_t_1) < 0) __PYX_ERR(0, 158, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_XDECREF(__pyx_t_5); if (__pyx_m) { if (__pyx_d) { __Pyx_AddTraceback(""init clickhouse_driver.columns.stringcolumn"", __pyx_clineno, __pyx_lineno, __pyx_filename); } Py_CLEAR(__pyx_m); } else if (!PyErr_Occurred()) { PyErr_SetString(PyExc_ImportError, ""init clickhouse_driver.columns.stringcolumn""); } __pyx_L0:; __Pyx_RefNannyFinishContext(); #if CYTHON_PEP489_MULTI_PHASE_INIT return (__pyx_m != NULL) ? 0 : -1; #elif PY_MAJOR_VERSION >= 3 return __pyx_m; #else return; #endif }",visit repo url,clickhouse_driver/columns/stringcolumn.c,https://github.com/mymarilyn/clickhouse-driver,110184829935758,1 293,[],"static int do_ncp_ncprequest(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ncp_ioctl_request_32 n32; struct ncp_ioctl_request __user *p = compat_alloc_user_space(sizeof(*p)); if (copy_from_user(&n32, compat_ptr(arg), sizeof(n32)) || put_user(n32.function, &p->function) || put_user(n32.size, &p->size) || put_user(compat_ptr(n32.data), &p->data)) return -EFAULT; return sys_ioctl(fd, NCP_IOC_NCPREQUEST, (unsigned long)p); }",linux-2.6,,,216833890056128075140642578089189347249,0 1101,['CWE-399'],"handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka, sigset_t *oldset, struct pt_regs *regs) { int ret; #ifdef DEBUG_SIG printk(""handle_signal pid:%d sig:%lu ip:%lx sp:%lx regs=%p\n"", current->pid, sig, regs->ip, regs->sp, regs); #endif if ((long)regs->orig_ax >= 0) { switch (regs->ax) { case -ERESTART_RESTARTBLOCK: case -ERESTARTNOHAND: regs->ax = -EINTR; break; case -ERESTARTSYS: if (!(ka->sa.sa_flags & SA_RESTART)) { regs->ax = -EINTR; break; } case -ERESTARTNOINTR: regs->ax = regs->orig_ax; regs->ip -= 2; break; } } if (unlikely(regs->flags & X86_EFLAGS_TF) && likely(test_and_clear_thread_flag(TIF_FORCED_TF))) regs->flags &= ~X86_EFLAGS_TF; #ifdef CONFIG_IA32_EMULATION if (test_thread_flag(TIF_IA32)) { if (ka->sa.sa_flags & SA_SIGINFO) ret = ia32_setup_rt_frame(sig, ka, info, oldset, regs); else ret = ia32_setup_frame(sig, ka, oldset, regs); } else #endif ret = setup_rt_frame(sig, ka, info, oldset, regs); if (ret == 0) { spin_lock_irq(¤t->sighand->siglock); sigorsets(¤t->blocked,¤t->blocked,&ka->sa.sa_mask); if (!(ka->sa.sa_flags & SA_NODEFER)) sigaddset(¤t->blocked,sig); recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); } return ret; }",linux-2.6,,,37154283969497085819609209569156402212,0 6171,CWE-190,"static void ep4_mul_sim_plain(ep4_t r, const ep4_t p, const bn_t k, const ep4_t q, const bn_t m, ep4_t *t) { int i, l, l0, l1, n0, n1, w, gen; int8_t naf0[2 * RLC_FP_BITS + 1], naf1[2 * RLC_FP_BITS + 1], *_k, *_m; ep4_t t0[1 << (EP_WIDTH - 2)]; ep4_t t1[1 << (EP_WIDTH - 2)]; RLC_TRY { gen = (t == NULL ? 0 : 1); if (!gen) { for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep4_null(t0[i]); ep4_new(t0[i]); } ep4_tab(t0, p, EP_WIDTH); t = (ep4_t *)t0; } for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep4_null(t1[i]); ep4_new(t1[i]); } ep4_tab(t1, q, EP_WIDTH); if (gen) { w = EP_DEPTH; } else { w = EP_WIDTH; } l0 = l1 = 2 * RLC_FP_BITS + 1; bn_rec_naf(naf0, &l0, k, w); bn_rec_naf(naf1, &l1, m, EP_WIDTH); l = RLC_MAX(l0, l1); _k = naf0 + l - 1; _m = naf1 + l - 1; if (bn_sign(k) == RLC_NEG) { for (i = 0; i < l0; i++) { naf0[i] = -naf0[i]; } } if (bn_sign(m) == RLC_NEG) { for (i = 0; i < l1; i++) { naf1[i] = -naf1[i]; } } ep4_set_infty(r); for (i = l - 1; i >= 0; i--, _k--, _m--) { ep4_dbl(r, r); n0 = *_k; n1 = *_m; if (n0 > 0) { ep4_add(r, r, t[n0 / 2]); } if (n0 < 0) { ep4_sub(r, r, t[-n0 / 2]); } if (n1 > 0) { ep4_add(r, r, t1[n1 / 2]); } if (n1 < 0) { ep4_sub(r, r, t1[-n1 / 2]); } } ep4_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { if (!gen) { for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep4_free(t0[i]); } } for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep4_free(t1[i]); } } }",visit repo url,src/epx/relic_ep4_mul_sim.c,https://github.com/relic-toolkit/relic,159157286118427,1 4515,CWE-404,"GF_Err gf_svg_parse_attribute(GF_Node *n, GF_FieldInfo *info, char *attribute_content, u8 anim_value_type) { GF_Err e = GF_OK; if (info->fieldType != DOM_String_datatype && strlen(attribute_content)) { u32 i, len; while (attribute_content[0] && (strchr(""\r\n\t "", attribute_content[0]))) attribute_content++; i=0; len = (u32) strlen(attribute_content); while (ifieldType) { case SVG_Boolean_datatype: svg_parse_boolean((SVG_Boolean *)info->far_ptr, attribute_content, &e); break; case SVG_Color_datatype: svg_parse_color((SVG_Color *)info->far_ptr, attribute_content, &e); break; case SVG_Paint_datatype: svg_parse_paint(n, (SVG_Paint *)info->far_ptr, attribute_content, &e); break; case SVG_FillRule_datatype: svg_parse_clipfillrule((SVG_FillRule *)info->far_ptr, attribute_content, &e); break; case SVG_StrokeLineJoin_datatype: svg_parse_strokelinejoin((SVG_StrokeLineJoin *)info->far_ptr, attribute_content, &e); break; case SVG_StrokeLineCap_datatype: svg_parse_strokelinecap((SVG_StrokeLineCap *)info->far_ptr, attribute_content, &e); break; case SVG_FontStyle_datatype: svg_parse_fontstyle((SVG_FontStyle *)info->far_ptr, attribute_content, &e); break; case SVG_FontWeight_datatype: svg_parse_fontweight((SVG_FontWeight *)info->far_ptr, attribute_content, &e); break; case SVG_FontVariant_datatype: svg_parse_fontvariant((SVG_FontVariant *)info->far_ptr, attribute_content, &e); break; case SVG_TextAnchor_datatype: svg_parse_textanchor((SVG_TextAnchor *)info->far_ptr, attribute_content, &e); break; case SVG_Display_datatype: svg_parse_display((SVG_Display *)info->far_ptr, attribute_content, &e); break; case SVG_Visibility_datatype: svg_parse_visibility((SVG_Visibility *)info->far_ptr, attribute_content, &e); break; case SVG_Overflow_datatype: svg_parse_overflow((SVG_Overflow *)info->far_ptr, attribute_content, &e); break; case SVG_ZoomAndPan_datatype: svg_parse_zoomandpan((SVG_ZoomAndPan *)info->far_ptr, attribute_content, &e); break; case SVG_DisplayAlign_datatype: svg_parse_displayalign((SVG_DisplayAlign *)info->far_ptr, attribute_content, &e); break; case SVG_TextAlign_datatype: svg_parse_textalign((SVG_TextAlign *)info->far_ptr, attribute_content, &e); break; case SVG_PointerEvents_datatype: svg_parse_pointerevents((SVG_PointerEvents *)info->far_ptr, attribute_content, &e); break; case SVG_RenderingHint_datatype: svg_parse_renderinghint((SVG_RenderingHint *)info->far_ptr, attribute_content, &e); break; case SVG_VectorEffect_datatype: svg_parse_vectoreffect((SVG_VectorEffect *)info->far_ptr, attribute_content, &e); break; case SVG_PlaybackOrder_datatype: svg_parse_playbackorder((SVG_PlaybackOrder *)info->far_ptr, attribute_content, &e); break; case SVG_TimelineBegin_datatype: svg_parse_timelinebegin((SVG_TimelineBegin *)info->far_ptr, attribute_content, &e); break; case XML_Space_datatype: svg_parse_xmlspace((XML_Space *)info->far_ptr, attribute_content, &e); break; case XMLEV_Propagate_datatype: svg_parse_xmlev_propagate((XMLEV_Propagate *)info->far_ptr, attribute_content, &e); break; case XMLEV_DefaultAction_datatype: svg_parse_xmlev_defaultAction((XMLEV_DefaultAction *)info->far_ptr, attribute_content, &e); break; case XMLEV_Phase_datatype: svg_parse_xmlev_phase((XMLEV_Phase *)info->far_ptr, attribute_content, &e); break; case SMIL_SyncBehavior_datatype: smil_parse_syncBehaviorOrDefault((SMIL_SyncBehavior *)info->far_ptr, attribute_content, &e); break; case SMIL_SyncTolerance_datatype: smil_parse_syncToleranceOrDefault((SMIL_SyncTolerance *)info->far_ptr, attribute_content, &e); break; case SMIL_AttributeType_datatype: smil_parse_attributeType((SMIL_AttributeType *)info->far_ptr, attribute_content, &e); break; case SMIL_CalcMode_datatype: smil_parse_calcmode((SMIL_CalcMode *)info->far_ptr, attribute_content, &e); break; case SMIL_Additive_datatype: smil_parse_additive((SMIL_CalcMode *)info->far_ptr, attribute_content, &e); break; case SMIL_Accumulate_datatype: smil_parse_accumulate((SMIL_Accumulate *)info->far_ptr, attribute_content, &e); break; case SMIL_Restart_datatype: smil_parse_restart((SMIL_Restart *)info->far_ptr, attribute_content, &e); break; case SMIL_Fill_datatype: smil_parse_fill((SMIL_Fill *)info->far_ptr, attribute_content, &e); break; case SVG_GradientUnit_datatype: if (!strcmp(attribute_content, ""userSpaceOnUse"")) *((SVG_GradientUnit *)info->far_ptr) = SVG_GRADIENTUNITS_USER; else if (!strcmp(attribute_content, ""objectBoundingBox"")) *((SVG_GradientUnit *)info->far_ptr) = SVG_GRADIENTUNITS_OBJECT; else e = GF_NON_COMPLIANT_BITSTREAM; break; case SVG_FocusHighlight_datatype: svg_parse_focushighlight((SVG_FocusHighlight*)info->far_ptr, attribute_content, &e); break; case SVG_Focusable_datatype: svg_parse_focusable((SVG_Focusable*)info->far_ptr, attribute_content, &e); break; case SVG_InitialVisibility_datatype: svg_parse_initialvisibility((SVG_InitialVisibility*)info->far_ptr, attribute_content, &e); break; case SVG_Overlay_datatype: svg_parse_overlay((SVG_Overlay*)info->far_ptr, attribute_content, &e); break; case SVG_TransformBehavior_datatype: svg_parse_transformbehavior((SVG_TransformBehavior*)info->far_ptr, attribute_content, &e); break; case SVG_SpreadMethod_datatype: if (!strcmp(attribute_content, ""reflect"")) *(u8*)info->far_ptr = SVG_SPREAD_REFLECT; else if (!strcmp(attribute_content, ""repeat"")) *(u8*)info->far_ptr = SVG_SPREAD_REPEAT; else if (!strcmp(attribute_content, ""pad"")) *(u8*)info->far_ptr = SVG_SPREAD_PAD; else e = GF_NON_COMPLIANT_BITSTREAM; break; case SVG_Filter_TransferType_datatype: if (!strcmp(attribute_content, ""table"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_TABLE; else if (!strcmp(attribute_content, ""discrete"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_DISCRETE; else if (!strcmp(attribute_content, ""linear"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_LINEAR; else if (!strcmp(attribute_content, ""gamma"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_GAMMA; else if (!strcmp(attribute_content, ""identity"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_IDENTITY; else if (!strcmp(attribute_content, ""fractalNoise"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_FRACTAL_NOISE; else if (!strcmp(attribute_content, ""turbulence"")) *(u8*)info->far_ptr = SVG_FILTER_TRANSFER_TURBULENCE; else if (!strcmp(attribute_content, ""matrix"")) *(u8*)info->far_ptr = SVG_FILTER_MX_MATRIX; else if (!strcmp(attribute_content, ""saturate"")) *(u8*)info->far_ptr = SVG_FILTER_MX_SATURATE; else if (!strcmp(attribute_content, ""hueRotate"")) *(u8*)info->far_ptr = SVG_FILTER_HUE_ROTATE; else if (!strcmp(attribute_content, ""luminanceToAlpha"")) *(u8*)info->far_ptr = SVG_FILTER_LUM_TO_ALPHA; else e = GF_NON_COMPLIANT_BITSTREAM; break; case SVG_Length_datatype: case SVG_Coordinate_datatype: case SVG_FontSize_datatype: case SVG_Rotate_datatype: case SVG_Number_datatype: svg_parse_length((SVG_Number*)info->far_ptr, attribute_content, 0, &e); break; case SMIL_AnimateValue_datatype: svg_parse_one_anim_value(n, (SMIL_AnimateValue*)info->far_ptr, attribute_content, anim_value_type, &e); break; case SMIL_AnimateValues_datatype: svg_parse_anim_values(n, (SMIL_AnimateValues*)info->far_ptr, attribute_content, anim_value_type, &e); break; case XMLRI_datatype: svg_parse_iri(n, (XMLRI*)info->far_ptr, attribute_content); break; case XML_IDREF_datatype: svg_parse_idref(n, (XMLRI*)info->far_ptr, attribute_content); break; case SMIL_AttributeName_datatype: ((SMIL_AttributeName *)info->far_ptr)->name = gf_strdup(attribute_content); break; case SMIL_Times_datatype: smil_parse_time_list(n, *(GF_List **)info->far_ptr, attribute_content); break; case SMIL_Duration_datatype: smil_parse_min_max_dur_repeatdur((SMIL_Duration*)info->far_ptr, attribute_content, &e); break; case SMIL_RepeatCount_datatype: smil_parse_repeatcount((SMIL_RepeatCount*)info->far_ptr, attribute_content, &e); break; case SVG_PathData_datatype: svg_parse_path((SVG_PathData*)info->far_ptr, attribute_content, &e); break; case SVG_Points_datatype: svg_parse_points(*(GF_List **)(info->far_ptr), attribute_content, &e); break; case SMIL_KeyTimes_datatype: case SMIL_KeyPoints_datatype: case SMIL_KeySplines_datatype: case SVG_Numbers_datatype: svg_parse_numbers(*(GF_List **)(info->far_ptr), attribute_content, 0, &e); break; case SVG_Coordinates_datatype: svg_parse_coordinates(*(GF_List **)(info->far_ptr), attribute_content, &e); break; case SVG_ViewBox_datatype: svg_parse_viewbox((SVG_ViewBox*)info->far_ptr, attribute_content, &e); break; case SVG_StrokeDashArray_datatype: svg_parse_strokedasharray((SVG_StrokeDashArray*)info->far_ptr, attribute_content, &e); break; case SVG_FontFamily_datatype: svg_parse_fontfamily((SVG_FontFamily*)info->far_ptr, attribute_content, &e); break; case SVG_Motion_datatype: svg_parse_point_into_matrix((GF_Matrix2D*)info->far_ptr, attribute_content, &e); break; case SVG_Transform_datatype: e = svg_parse_transform((SVG_Transform*)info->far_ptr, attribute_content); break; case SVG_Transform_Translate_datatype: { u32 i = 0; SVG_Point *p = (SVG_Point *)info->far_ptr; i+=svg_parse_number(&(attribute_content[i]), &(p->x), 0, &e); if (attribute_content[i] == 0) { p->y = 0; } else { svg_parse_number(&(attribute_content[i]), &(p->y), 0, &e); } } break; case SVG_Transform_Scale_datatype: { u32 i = 0; SVG_Point *p = (SVG_Point *)info->far_ptr; i+=svg_parse_number(&(attribute_content[i]), &(p->x), 0, &e); if (attribute_content[i] == 0) { p->y = p->x; } else { svg_parse_number(&(attribute_content[i]), &(p->y), 0, &e); } } break; case SVG_Transform_SkewX_datatype: case SVG_Transform_SkewY_datatype: { Fixed *p = (Fixed *)info->far_ptr; svg_parse_number(attribute_content, p, 1, &e); } break; case SVG_Transform_Rotate_datatype: { u32 i = 0; SVG_Point_Angle *p = (SVG_Point_Angle *)info->far_ptr; i+=svg_parse_number(&(attribute_content[i]), &(p->angle), 1, &e); if (attribute_content[i] == 0) { p->y = p->x = 0; } else { i+=svg_parse_number(&(attribute_content[i]), &(p->x), 0, &e); svg_parse_number(&(attribute_content[i]), &(p->y), 0, &e); } } break; case SVG_PreserveAspectRatio_datatype: svg_parse_preserveaspectratio((SVG_PreserveAspectRatio*)info->far_ptr, attribute_content, &e); break; case SVG_TransformType_datatype: svg_parse_animatetransform_type((SVG_TransformType*)info->far_ptr, attribute_content, &e); break; case SVG_ID_datatype: case DOM_String_datatype: case SVG_ContentType_datatype: case SVG_LanguageID_datatype: if (*(SVG_String *)info->far_ptr) gf_free(*(SVG_String *)info->far_ptr); *(SVG_String *)info->far_ptr = gf_strdup(attribute_content); break; case DOM_StringList_datatype: svg_parse_strings(*(GF_List **)info->far_ptr, attribute_content, 0); break; case XMLRI_List_datatype: svg_parse_strings(*(GF_List **)info->far_ptr, attribute_content, 1); break; case XMLEV_Event_datatype: { XMLEV_Event *xml_ev = (XMLEV_Event *)info->far_ptr; char *sep = strchr(attribute_content, '('); if (sep) { sep[0] = 0; xml_ev->type = gf_dom_event_type_by_name(attribute_content); sep[0] = '('; if ((xml_ev->type == GF_EVENT_REPEAT) || (xml_ev->type == GF_EVENT_REPEAT_EVENT)) { char _v; sscanf(sep, ""(%c)"", &_v); xml_ev->parameter = _v; } else { char *sep2 = strchr(attribute_content, ')'); sep2[0] = 0; xml_ev->parameter = gf_dom_get_key_type(sep+1); sep2[0] = ')'; } } else { xml_ev->parameter = 0; xml_ev->type = gf_dom_event_type_by_name(attribute_content); } } break; case SVG_Focus_datatype: svg_parse_focus(n, (SVG_Focus*)info->far_ptr, attribute_content, &e); break; case SVG_ClipPath_datatype: svg_parse_clippath(n, (SVG_ClipPath*)info->far_ptr, attribute_content, &e); break; case LASeR_Choice_datatype: e = laser_parse_choice((LASeR_Choice*)info->far_ptr, attribute_content); break; case LASeR_Size_datatype: e = laser_parse_size((LASeR_Size*)info->far_ptr, attribute_content, &e); break; case SVG_Clock_datatype: svg_parse_clock_value(attribute_content, (SVG_Clock*)info->far_ptr); break; case SVG_Unknown_datatype: if (*(SVG_String *)info->far_ptr) gf_free(*(SVG_String *)info->far_ptr); *(SVG_String *)info->far_ptr = gf_strdup(attribute_content); break; default: GF_LOG(GF_LOG_WARNING, GF_LOG_PARSER, (""[SVG Parsing] Cannot parse attribute %s\n"", info->name ? info->name : """")); break; } if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_PARSER, (""[SVG Parsing] Cannot parse attribute %s value %s: %s\n"", info->name ? info->name : """", attribute_content, gf_error_to_string(e))); } return e; }",visit repo url,src/scenegraph/svg_attributes.c,https://github.com/gpac/gpac,164702797142636,1 5630,CWE-125,"num_stmts(const node *n) { int i, l; node *ch; switch (TYPE(n)) { case single_input: if (TYPE(CHILD(n, 0)) == NEWLINE) return 0; else return num_stmts(CHILD(n, 0)); case file_input: l = 0; for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == stmt) l += num_stmts(ch); } return l; case stmt: return num_stmts(CHILD(n, 0)); case compound_stmt: return 1; case simple_stmt: return NCH(n) / 2; case suite: if (NCH(n) == 1) return num_stmts(CHILD(n, 0)); else { i = 2; l = 0; if (TYPE(CHILD(n, 1)) == TYPE_COMMENT) i += 2; for (; i < (NCH(n) - 1); i++) l += num_stmts(CHILD(n, i)); return l; } default: { char buf[128]; sprintf(buf, ""Non-statement found: %d %d"", TYPE(n), NCH(n)); Py_FatalError(buf); } } assert(0); return 0; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,273989109925958,1 4833,['CWE-189'],"void ecryptfs_to_hex(char *dst, char *src, size_t src_size) { int x; for (x = 0; x < src_size; x++) sprintf(&dst[x * 2], ""%.2x"", (unsigned char)src[x]); }",linux-2.6,,,134769388817913126470059014113548411792,0 2589,['CWE-189'],"int dccp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int nonblock, int flags, int *addr_len) { const struct dccp_hdr *dh; long timeo; lock_sock(sk); if (sk->sk_state == DCCP_LISTEN) { len = -ENOTCONN; goto out; } timeo = sock_rcvtimeo(sk, nonblock); do { struct sk_buff *skb = skb_peek(&sk->sk_receive_queue); if (skb == NULL) goto verify_sock_status; dh = dccp_hdr(skb); switch (dh->dccph_type) { case DCCP_PKT_DATA: case DCCP_PKT_DATAACK: goto found_ok_skb; case DCCP_PKT_CLOSE: case DCCP_PKT_CLOSEREQ: if (!(flags & MSG_PEEK)) dccp_finish_passive_close(sk); case DCCP_PKT_RESET: dccp_pr_debug(""found fin (%s) ok!\n"", dccp_packet_name(dh->dccph_type)); len = 0; goto found_fin_ok; default: dccp_pr_debug(""packet_type=%s\n"", dccp_packet_name(dh->dccph_type)); sk_eat_skb(sk, skb, 0); } verify_sock_status: if (sock_flag(sk, SOCK_DONE)) { len = 0; break; } if (sk->sk_err) { len = sock_error(sk); break; } if (sk->sk_shutdown & RCV_SHUTDOWN) { len = 0; break; } if (sk->sk_state == DCCP_CLOSED) { if (!sock_flag(sk, SOCK_DONE)) { len = -ENOTCONN; break; } len = 0; break; } if (!timeo) { len = -EAGAIN; break; } if (signal_pending(current)) { len = sock_intr_errno(timeo); break; } sk_wait_data(sk, &timeo); continue; found_ok_skb: if (len > skb->len) len = skb->len; else if (len < skb->len) msg->msg_flags |= MSG_TRUNC; if (skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len)) { len = -EFAULT; break; } found_fin_ok: if (!(flags & MSG_PEEK)) sk_eat_skb(sk, skb, 0); break; } while (1); out: release_sock(sk); return len; }",linux-2.6,,,109790099210463507440477945086962396475,0 2084,CWE-190,"SYSCALL_DEFINE1(timer_getoverrun, timer_t, timer_id) { struct k_itimer *timr; int overrun; unsigned long flags; timr = lock_timer(timer_id, &flags); if (!timr) return -EINVAL; overrun = timr->it_overrun_last; unlock_timer(timr, flags); return overrun; }",visit repo url,kernel/time/posix-timers.c,https://github.com/torvalds/linux,209002722759897,1 2528,CWE-399,"choose_filters(struct archive_read *a) { int number_bidders, i, bid, best_bid; struct archive_read_filter_bidder *bidder, *best_bidder; struct archive_read_filter *filter; ssize_t avail; int r; for (;;) { number_bidders = sizeof(a->bidders) / sizeof(a->bidders[0]); best_bid = 0; best_bidder = NULL; bidder = a->bidders; for (i = 0; i < number_bidders; i++, bidder++) { if (bidder->bid != NULL) { bid = (bidder->bid)(bidder, a->filter); if (bid > best_bid) { best_bid = bid; best_bidder = bidder; } } } if (best_bidder == NULL) { __archive_read_filter_ahead(a->filter, 1, &avail); if (avail < 0) { __archive_read_close_filters(a); __archive_read_free_filters(a); return (ARCHIVE_FATAL); } a->archive.compression_name = a->filter->name; a->archive.compression_code = a->filter->code; return (ARCHIVE_OK); } filter = (struct archive_read_filter *)calloc(1, sizeof(*filter)); if (filter == NULL) return (ARCHIVE_FATAL); filter->bidder = best_bidder; filter->archive = a; filter->upstream = a->filter; a->filter = filter; r = (best_bidder->init)(a->filter); if (r != ARCHIVE_OK) { __archive_read_close_filters(a); __archive_read_free_filters(a); return (ARCHIVE_FATAL); } } }",visit repo url,libarchive/archive_read.c,https://github.com/libarchive/libarchive,204572255963151,1 2203,CWE-416,"unsigned long insn_get_seg_base(struct pt_regs *regs, int seg_reg_idx) { struct desc_struct *desc; short sel; sel = get_segment_selector(regs, seg_reg_idx); if (sel < 0) return -1L; if (v8086_mode(regs)) return (unsigned long)(sel << 4); if (user_64bit_mode(regs)) { unsigned long base; if (seg_reg_idx == INAT_SEG_REG_FS) rdmsrl(MSR_FS_BASE, base); else if (seg_reg_idx == INAT_SEG_REG_GS) rdmsrl(MSR_KERNEL_GS_BASE, base); else base = 0; return base; } if (!sel) return -1L; desc = get_desc(sel); if (!desc) return -1L; return get_desc_base(desc); }",visit repo url,arch/x86/lib/insn-eval.c,https://github.com/torvalds/linux,178480431139167,1 747,CWE-20,"int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, struct sockaddr_storage *kern_address, int mode) { int tot_len; if (kern_msg->msg_namelen) { if (mode == VERIFY_READ) { int err = move_addr_to_kernel(kern_msg->msg_name, kern_msg->msg_namelen, kern_address); if (err < 0) return err; } kern_msg->msg_name = kern_address; } else kern_msg->msg_name = NULL; tot_len = iov_from_user_compat_to_kern(kern_iov, (struct compat_iovec __user *)kern_msg->msg_iov, kern_msg->msg_iovlen); if (tot_len >= 0) kern_msg->msg_iov = kern_iov; return tot_len; }",visit repo url,net/compat.c,https://github.com/torvalds/linux,209053982154124,1 6192,['CWE-200'],"static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev) { struct pneigh_entry *n, **np; u32 h; for (h = 0; h <= PNEIGH_HASHMASK; h++) { np = &tbl->phash_buckets[h]; while ((n = *np) != NULL) { if (!dev || n->dev == dev) { *np = n->next; if (tbl->pdestructor) tbl->pdestructor(n); if (n->dev) dev_put(n->dev); kfree(n); continue; } np = &n->next; } } return -ENOENT; }",linux-2.6,,,11077029689939915728232663294052069920,0 3212,['CWE-189'],"int ratestrtosize(char *s, uint_fast32_t rawsize, uint_fast32_t *size) { jpc_flt_t f; if (strchr(s, 'B')) { *size = atoi(s); } else { f = atof(s); if (f < 0) { *size = 0; } else if (f > 1.0) { *size = rawsize + 1; } else { *size = f * rawsize; } } return 0; }",jasper,,,126153641480878447931696214732340521842,0 2663,CWE-190,"SPL_METHOD(SplFileObject, ftell) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); long ret = php_stream_tell(intern->u.file.stream); if (ret == -1) { RETURN_FALSE; } else { RETURN_LONG(ret); } } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,116389055608830,1 2820,[],"static struct bio *dio_await_one(struct dio *dio) { unsigned long flags; struct bio *bio = NULL; spin_lock_irqsave(&dio->bio_lock, flags); while (dio->refcount > 1 && dio->bio_list == NULL) { __set_current_state(TASK_UNINTERRUPTIBLE); dio->waiter = current; spin_unlock_irqrestore(&dio->bio_lock, flags); io_schedule(); spin_lock_irqsave(&dio->bio_lock, flags); dio->waiter = NULL; } if (dio->bio_list) { bio = dio->bio_list; dio->bio_list = bio->bi_private; } spin_unlock_irqrestore(&dio->bio_lock, flags); return bio; }",linux-2.6,,,2264563935819756892746680192945578555,0 5281,CWE-79,"apr_byte_t oidc_post_preserve_javascript(request_rec *r, const char *location, char **javascript, char **javascript_method) { if (oidc_cfg_dir_preserve_post(r) == 0) return FALSE; oidc_debug(r, ""enter""); oidc_cfg *cfg = ap_get_module_config(r->server->module_config, &auth_openidc_module); const char *method = oidc_original_request_method(r, cfg, FALSE); if (apr_strnatcmp(method, OIDC_METHOD_FORM_POST) != 0) return FALSE; apr_table_t *params = apr_table_make(r->pool, 8); if (oidc_util_read_post_params(r, params, FALSE, NULL) == FALSE) { oidc_error(r, ""something went wrong when reading the POST parameters""); return FALSE; } const apr_array_header_t *arr = apr_table_elts(params); const apr_table_entry_t *elts = (const apr_table_entry_t*) arr->elts; int i; char *json = """"; for (i = 0; i < arr->nelts; i++) { json = apr_psprintf(r->pool, ""%s'%s': '%s'%s"", json, oidc_util_escape_string(r, elts[i].key), oidc_util_escape_string(r, elts[i].val), i < arr->nelts - 1 ? "","" : """"); } json = apr_psprintf(r->pool, ""{ %s }"", json); const char *jmethod = ""preserveOnLoad""; const char *jscript = apr_psprintf(r->pool, "" \n"", jmethod, json, location ? apr_psprintf(r->pool, ""window.location='%s';\n"", location) : """"); if (location == NULL) { if (javascript_method) *javascript_method = apr_pstrdup(r->pool, jmethod); if (javascript) *javascript = apr_pstrdup(r->pool, jscript); } else { oidc_util_html_send(r, ""Preserving..."", jscript, jmethod, ""

Preserving...

"", OK); } return TRUE; }",visit repo url,src/mod_auth_openidc.c,https://github.com/zmartzone/mod_auth_openidc,135734282443111,1 3771,CWE-754,"static cJSON *get_object_item(const cJSON * const object, const char * const name, const cJSON_bool case_sensitive) { cJSON *current_element = NULL; if ((object == NULL) || (name == NULL)) { return NULL; } current_element = object->child; if (case_sensitive) { while ((current_element != NULL) && (strcmp(name, current_element->string) != 0)) { current_element = current_element->next; } } else { while ((current_element != NULL) && (case_insensitive_strcmp((const unsigned char*)name, (const unsigned char*)(current_element->string)) != 0)) { current_element = current_element->next; } } return current_element; }",visit repo url,cJSON.c,https://github.com/DaveGamble/cJSON,126049970087701,1 5530,CWE-125,"obj2ast_stmt(PyObject* obj, stmt_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; int lineno; int col_offset; if (obj == Py_None) { *out = NULL; return 0; } if (_PyObject_HasAttrId(obj, &PyId_lineno)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_lineno); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from stmt""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_col_offset)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_col_offset); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from stmt""); return 1; } isinstance = PyObject_IsInstance(obj, (PyObject*)FunctionDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; arguments_ty args; asdl_seq* body; asdl_seq* decorator_list; expr_ty returns; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_name)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_name); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from FunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_args)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_args); if (tmp == NULL) goto failed; res = obj2ast_arguments(tmp, &args, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from FunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from FunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_decorator_list)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_decorator_list); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Ta3_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from FunctionDef""); return 1; } if (exists_not_none(obj, &PyId_returns)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_returns); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { returns = NULL; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = FunctionDef(name, args, body, decorator_list, returns, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncFunctionDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; arguments_ty args; asdl_seq* body; asdl_seq* decorator_list; expr_ty returns; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_name)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_name); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from AsyncFunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_args)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_args); if (tmp == NULL) goto failed; res = obj2ast_arguments(tmp, &args, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from AsyncFunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFunctionDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFunctionDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncFunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_decorator_list)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_decorator_list); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFunctionDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Ta3_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFunctionDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from AsyncFunctionDef""); return 1; } if (exists_not_none(obj, &PyId_returns)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_returns); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { returns = NULL; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = AsyncFunctionDef(name, args, body, decorator_list, returns, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ClassDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; asdl_seq* bases; asdl_seq* keywords; asdl_seq* body; asdl_seq* decorator_list; if (_PyObject_HasAttrId(obj, &PyId_name)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_name); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from ClassDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_bases)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_bases); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""bases\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); bases = _Ta3_asdl_seq_new(len, arena); if (bases == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""bases\"" changed size during iteration""); goto failed; } asdl_seq_SET(bases, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""bases\"" missing from ClassDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_keywords)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_keywords); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""keywords\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); keywords = _Ta3_asdl_seq_new(len, arena); if (keywords == NULL) goto failed; for (i = 0; i < len; i++) { keyword_ty value; res = obj2ast_keyword(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""keywords\"" changed size during iteration""); goto failed; } asdl_seq_SET(keywords, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""keywords\"" missing from ClassDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from ClassDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_decorator_list)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_decorator_list); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Ta3_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from ClassDef""); return 1; } *out = ClassDef(name, bases, keywords, body, decorator_list, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Return_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (exists_not_none(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { value = NULL; } *out = Return(value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Delete_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* targets; if (_PyObject_HasAttrId(obj, &PyId_targets)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_targets); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Delete field \""targets\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); targets = _Ta3_asdl_seq_new(len, arena); if (targets == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Delete field \""targets\"" changed size during iteration""); goto failed; } asdl_seq_SET(targets, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""targets\"" missing from Delete""); return 1; } *out = Delete(targets, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Assign_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* targets; expr_ty value; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_targets)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_targets); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Assign field \""targets\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); targets = _Ta3_asdl_seq_new(len, arena); if (targets == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Assign field \""targets\"" changed size during iteration""); goto failed; } asdl_seq_SET(targets, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""targets\"" missing from Assign""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Assign""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = Assign(targets, value, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AugAssign_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; operator_ty op; expr_ty value; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AugAssign""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_op)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_op); if (tmp == NULL) goto failed; res = obj2ast_operator(tmp, &op, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""op\"" missing from AugAssign""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from AugAssign""); return 1; } *out = AugAssign(target, op, value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AnnAssign_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty annotation; expr_ty value; int simple; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AnnAssign""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_annotation)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_annotation); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &annotation, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""annotation\"" missing from AnnAssign""); return 1; } if (exists_not_none(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { value = NULL; } if (_PyObject_HasAttrId(obj, &PyId_simple)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_simple); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &simple, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""simple\"" missing from AnnAssign""); return 1; } *out = AnnAssign(target, annotation, value, simple, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)For_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty iter; asdl_seq* body; asdl_seq* orelse; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from For""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_iter)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_iter); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from For""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""For field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""For field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from For""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""For field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""For field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from For""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = For(target, iter, body, orelse, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncFor_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty iter; asdl_seq* body; asdl_seq* orelse; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AsyncFor""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_iter)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_iter); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from AsyncFor""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFor field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFor field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncFor""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFor field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFor field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from AsyncFor""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = AsyncFor(target, iter, body, orelse, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)While_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; asdl_seq* body; asdl_seq* orelse; if (_PyObject_HasAttrId(obj, &PyId_test)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_test); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from While""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""While field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""While field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from While""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""While field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""While field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from While""); return 1; } *out = While(test, body, orelse, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)If_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; asdl_seq* body; asdl_seq* orelse; if (_PyObject_HasAttrId(obj, &PyId_test)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_test); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from If""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""If field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""If field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from If""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""If field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""If field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from If""); return 1; } *out = If(test, body, orelse, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)With_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* items; asdl_seq* body; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_items)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_items); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""With field \""items\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); items = _Ta3_asdl_seq_new(len, arena); if (items == NULL) goto failed; for (i = 0; i < len; i++) { withitem_ty value; res = obj2ast_withitem(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""With field \""items\"" changed size during iteration""); goto failed; } asdl_seq_SET(items, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""items\"" missing from With""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""With field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""With field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from With""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = With(items, body, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncWith_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* items; asdl_seq* body; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_items)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_items); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncWith field \""items\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); items = _Ta3_asdl_seq_new(len, arena); if (items == NULL) goto failed; for (i = 0; i < len; i++) { withitem_ty value; res = obj2ast_withitem(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncWith field \""items\"" changed size during iteration""); goto failed; } asdl_seq_SET(items, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""items\"" missing from AsyncWith""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncWith field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncWith field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncWith""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = AsyncWith(items, body, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Raise_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty exc; expr_ty cause; if (exists_not_none(obj, &PyId_exc)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_exc); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &exc, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { exc = NULL; } if (exists_not_none(obj, &PyId_cause)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_cause); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &cause, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { cause = NULL; } *out = Raise(exc, cause, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Try_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; asdl_seq* handlers; asdl_seq* orelse; asdl_seq* finalbody; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Try""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_handlers)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_handlers); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""handlers\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); handlers = _Ta3_asdl_seq_new(len, arena); if (handlers == NULL) goto failed; for (i = 0; i < len; i++) { excepthandler_ty value; res = obj2ast_excepthandler(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""handlers\"" changed size during iteration""); goto failed; } asdl_seq_SET(handlers, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""handlers\"" missing from Try""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from Try""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_finalbody)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_finalbody); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""finalbody\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); finalbody = _Ta3_asdl_seq_new(len, arena); if (finalbody == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""finalbody\"" changed size during iteration""); goto failed; } asdl_seq_SET(finalbody, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""finalbody\"" missing from Try""); return 1; } *out = Try(body, handlers, orelse, finalbody, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Assert_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; expr_ty msg; if (_PyObject_HasAttrId(obj, &PyId_test)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_test); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from Assert""); return 1; } if (exists_not_none(obj, &PyId_msg)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_msg); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &msg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { msg = NULL; } *out = Assert(test, msg, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Import_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_HasAttrId(obj, &PyId_names)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_names); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Import field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Ta3_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { alias_ty value; res = obj2ast_alias(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Import field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Import""); return 1; } *out = Import(names, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ImportFrom_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier module; asdl_seq* names; int level; if (exists_not_none(obj, &PyId_module)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_module); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &module, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { module = NULL; } if (_PyObject_HasAttrId(obj, &PyId_names)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_names); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ImportFrom field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Ta3_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { alias_ty value; res = obj2ast_alias(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ImportFrom field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from ImportFrom""); return 1; } if (exists_not_none(obj, &PyId_level)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_level); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &level, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { level = 0; } *out = ImportFrom(module, names, level, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Global_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_HasAttrId(obj, &PyId_names)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_names); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Global field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Ta3_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { identifier value; res = obj2ast_identifier(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Global field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Global""); return 1; } *out = Global(names, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Nonlocal_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_HasAttrId(obj, &PyId_names)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_names); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Nonlocal field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Ta3_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { identifier value; res = obj2ast_identifier(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Nonlocal field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Nonlocal""); return 1; } *out = Nonlocal(names, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Expr_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Expr""); return 1; } *out = Expr(value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Pass_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Pass(lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Break_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Break(lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Continue_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Continue(lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of stmt, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,216257625036322,1 1,[],"int _gnutls_decrypt(gnutls_session_t session, opaque * ciphertext, size_t ciphertext_size, uint8 * data, size_t max_data_size, content_type_t type) { gnutls_datum_t gtxt; gnutls_datum_t gcipher; int ret; if (ciphertext_size == 0) return 0; gcipher.size = ciphertext_size; gcipher.data = ciphertext; ret = _gnutls_ciphertext2compressed(session, data, max_data_size, gcipher, type); if (ret < 0) { return ret; } if (ret == 0 || is_read_comp_null(session) == 0) { } else { gnutls_datum_t gcomp; gcomp.data = data; gcomp.size = ret; ret = _gnutls_m_compressed2plaintext(session, >xt, gcomp); if (ret < 0) { return ret; } if (gtxt.size > max_data_size) { gnutls_assert(); _gnutls_free_datum(>xt); return GNUTLS_E_INTERNAL_ERROR; } memcpy(data, gtxt.data, gtxt.size); ret = gtxt.size; _gnutls_free_datum(>xt); } return ret; }",gnutls,,,39646836574886987410506857697928534487,0 5620,[],"int copy_siginfo_to_user(siginfo_t __user *to, siginfo_t *from) { int err; if (!access_ok (VERIFY_WRITE, to, sizeof(siginfo_t))) return -EFAULT; if (from->si_code < 0) return __copy_to_user(to, from, sizeof(siginfo_t)) ? -EFAULT : 0; err = __put_user(from->si_signo, &to->si_signo); err |= __put_user(from->si_errno, &to->si_errno); err |= __put_user((short)from->si_code, &to->si_code); switch (from->si_code & __SI_MASK) { case __SI_KILL: err |= __put_user(from->si_pid, &to->si_pid); err |= __put_user(from->si_uid, &to->si_uid); break; case __SI_TIMER: err |= __put_user(from->si_tid, &to->si_tid); err |= __put_user(from->si_overrun, &to->si_overrun); err |= __put_user(from->si_ptr, &to->si_ptr); break; case __SI_POLL: err |= __put_user(from->si_band, &to->si_band); err |= __put_user(from->si_fd, &to->si_fd); break; case __SI_FAULT: err |= __put_user(from->si_addr, &to->si_addr); #ifdef __ARCH_SI_TRAPNO err |= __put_user(from->si_trapno, &to->si_trapno); #endif break; case __SI_CHLD: err |= __put_user(from->si_pid, &to->si_pid); err |= __put_user(from->si_uid, &to->si_uid); err |= __put_user(from->si_status, &to->si_status); err |= __put_user(from->si_utime, &to->si_utime); err |= __put_user(from->si_stime, &to->si_stime); break; case __SI_RT: case __SI_MESGQ: err |= __put_user(from->si_pid, &to->si_pid); err |= __put_user(from->si_uid, &to->si_uid); err |= __put_user(from->si_ptr, &to->si_ptr); break; default: err |= __put_user(from->si_pid, &to->si_pid); err |= __put_user(from->si_uid, &to->si_uid); break; } return err; }",linux-2.6,,,18298808074549170333948492729485735418,0 5638,CWE-125,"FstringParser_Finish(FstringParser *state, struct compiling *c, const node *n) { asdl_seq *seq; FstringParser_check_invariants(state); if(state->expr_list.size == 0) { if (!state->last_str) { state->last_str = PyUnicode_FromStringAndSize(NULL, 0); if (!state->last_str) goto error; } return make_str_node_and_del(&state->last_str, c, n); } if (state->last_str) { expr_ty str = make_str_node_and_del(&state->last_str, c, n); if (!str || ExprList_Append(&state->expr_list, str) < 0) goto error; } assert(state->last_str == NULL); seq = ExprList_Finish(&state->expr_list, c->c_arena); if (!seq) goto error; if (seq->size == 1) return seq->elements[0]; return JoinedStr(seq, LINENO(n), n->n_col_offset, c->c_arena); error: FstringParser_Dealloc(state); return NULL; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,78422044434391,1 1346,['CWE-399'],"static int ipip6_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) { struct ip_tunnel *tunnel = netdev_priv(dev); struct net_device_stats *stats = &tunnel->stat; struct iphdr *tiph = &tunnel->parms.iph; struct ipv6hdr *iph6 = ipv6_hdr(skb); u8 tos = tunnel->parms.iph.tos; struct rtable *rt; struct net_device *tdev; struct iphdr *iph; unsigned int max_headroom; __be32 dst = tiph->daddr; int mtu; struct in6_addr *addr6; int addr_type; if (tunnel->recursion++) { tunnel->stat.collisions++; goto tx_error; } if (skb->protocol != htons(ETH_P_IPV6)) goto tx_error; if (dev->priv_flags & IFF_ISATAP) { struct neighbour *neigh = NULL; if (skb->dst) neigh = skb->dst->neighbour; if (neigh == NULL) { if (net_ratelimit()) printk(KERN_DEBUG ""sit: nexthop == NULL\n""); goto tx_error; } addr6 = (struct in6_addr*)&neigh->primary_key; addr_type = ipv6_addr_type(addr6); if ((addr_type & IPV6_ADDR_UNICAST) && ipv6_addr_is_isatap(addr6)) dst = addr6->s6_addr32[3]; else goto tx_error; } if (!dst) dst = try_6to4(&iph6->daddr); if (!dst) { struct neighbour *neigh = NULL; if (skb->dst) neigh = skb->dst->neighbour; if (neigh == NULL) { if (net_ratelimit()) printk(KERN_DEBUG ""sit: nexthop == NULL\n""); goto tx_error; } addr6 = (struct in6_addr*)&neigh->primary_key; addr_type = ipv6_addr_type(addr6); if (addr_type == IPV6_ADDR_ANY) { addr6 = &ipv6_hdr(skb)->daddr; addr_type = ipv6_addr_type(addr6); } if ((addr_type & IPV6_ADDR_COMPATv4) == 0) goto tx_error_icmp; dst = addr6->s6_addr32[3]; } { struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dst, .saddr = tiph->saddr, .tos = RT_TOS(tos) } }, .oif = tunnel->parms.link, .proto = IPPROTO_IPV6 }; if (ip_route_output_key(dev_net(dev), &rt, &fl)) { tunnel->stat.tx_carrier_errors++; goto tx_error_icmp; } } if (rt->rt_type != RTN_UNICAST) { ip_rt_put(rt); tunnel->stat.tx_carrier_errors++; goto tx_error_icmp; } tdev = rt->u.dst.dev; if (tdev == dev) { ip_rt_put(rt); tunnel->stat.collisions++; goto tx_error; } if (tiph->frag_off) mtu = dst_mtu(&rt->u.dst) - sizeof(struct iphdr); else mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu; if (mtu < 68) { tunnel->stat.collisions++; ip_rt_put(rt); goto tx_error; } if (mtu < IPV6_MIN_MTU) mtu = IPV6_MIN_MTU; if (tunnel->parms.iph.daddr && skb->dst) skb->dst->ops->update_pmtu(skb->dst, mtu); if (skb->len > mtu) { icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev); ip_rt_put(rt); goto tx_error; } if (tunnel->err_count > 0) { if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) { tunnel->err_count--; dst_link_failure(skb); } else tunnel->err_count = 0; } max_headroom = LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr); if (skb_headroom(skb) < max_headroom || skb_shared(skb) || (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); if (!new_skb) { ip_rt_put(rt); stats->tx_dropped++; dev_kfree_skb(skb); tunnel->recursion--; return 0; } if (skb->sk) skb_set_owner_w(new_skb, skb->sk); dev_kfree_skb(skb); skb = new_skb; iph6 = ipv6_hdr(skb); } skb->transport_header = skb->network_header; skb_push(skb, sizeof(struct iphdr)); skb_reset_network_header(skb); memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); IPCB(skb)->flags = 0; dst_release(skb->dst); skb->dst = &rt->u.dst; iph = ip_hdr(skb); iph->version = 4; iph->ihl = sizeof(struct iphdr)>>2; if (mtu > IPV6_MIN_MTU) iph->frag_off = htons(IP_DF); else iph->frag_off = 0; iph->protocol = IPPROTO_IPV6; iph->tos = INET_ECN_encapsulate(tos, ipv6_get_dsfield(iph6)); iph->daddr = rt->rt_dst; iph->saddr = rt->rt_src; if ((iph->ttl = tiph->ttl) == 0) iph->ttl = iph6->hop_limit; nf_reset(skb); IPTUNNEL_XMIT(); tunnel->recursion--; return 0; tx_error_icmp: dst_link_failure(skb); tx_error: stats->tx_errors++; dev_kfree_skb(skb); tunnel->recursion--; return 0; }",linux-2.6,,,200019712049746324018378399210170360348,0 5328,CWE-674,"static void Sp_replace_regexp(js_State *J) { js_Regexp *re; const char *source, *s, *r; js_Buffer *sb = NULL; int n, x; Resub m; source = checkstring(J, 0); re = js_toregexp(J, 1); if (js_regexec(re->prog, source, &m, 0)) { js_copy(J, 0); return; } re->last = 0; loop: s = m.sub[0].sp; n = m.sub[0].ep - m.sub[0].sp; if (js_iscallable(J, 2)) { js_copy(J, 2); js_pushundefined(J); for (x = 0; m.sub[x].sp; ++x) js_pushlstring(J, m.sub[x].sp, m.sub[x].ep - m.sub[x].sp); js_pushnumber(J, s - source); js_copy(J, 0); js_call(J, 2 + x); r = js_tostring(J, -1); js_putm(J, &sb, source, s); js_puts(J, &sb, r); js_pop(J, 1); } else { r = js_tostring(J, 2); js_putm(J, &sb, source, s); while (*r) { if (*r == '$') { switch (*(++r)) { case 0: --r; case '$': js_putc(J, &sb, '$'); break; case '`': js_putm(J, &sb, source, s); break; case '\'': js_puts(J, &sb, s + n); break; case '&': js_putm(J, &sb, s, s + n); break; case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': x = *r - '0'; if (r[1] >= '0' && r[1] <= '9') x = x * 10 + *(++r) - '0'; if (x > 0 && x < m.nsub) { js_putm(J, &sb, m.sub[x].sp, m.sub[x].ep); } else { js_putc(J, &sb, '$'); if (x > 10) { js_putc(J, &sb, '0' + x / 10); js_putc(J, &sb, '0' + x % 10); } else { js_putc(J, &sb, '0' + x); } } break; default: js_putc(J, &sb, '$'); js_putc(J, &sb, *r); break; } ++r; } else { js_putc(J, &sb, *r++); } } } if (re->flags & JS_REGEXP_G) { source = m.sub[0].ep; if (n == 0) { if (*source) js_putc(J, &sb, *source++); else goto end; } if (!js_regexec(re->prog, source, &m, REG_NOTBOL)) goto loop; } end: js_puts(J, &sb, s + n); js_putc(J, &sb, 0); if (js_try(J)) { js_free(J, sb); js_throw(J); } js_pushstring(J, sb ? sb->s : """"); js_endtry(J); js_free(J, sb); }",visit repo url,jsstring.c,https://github.com/ccxvii/mujs,58117148999812,1 5757,CWE-190,"int mongo_env_read_socket( mongo *conn, void *buf, int len ) { char *cbuf = buf; while ( len ) { int sent = recv( conn->sock, cbuf, len, 0 ); if ( sent == 0 || sent == -1 ) { __mongo_set_error( conn, MONGO_IO_ERROR, NULL, WSAGetLastError() ); return MONGO_ERROR; } cbuf += sent; len -= sent; } return MONGO_OK; }",visit repo url,src/env.c,https://github.com/10gen-archive/mongo-c-driver-legacy,127969055269003,1 5114,['CWE-20'],"static void vmx_fpu_activate(struct kvm_vcpu *vcpu) { if (vcpu->fpu_active) return; vcpu->fpu_active = 1; vmcs_clear_bits(GUEST_CR0, X86_CR0_TS); if (vcpu->arch.cr0 & X86_CR0_TS) vmcs_set_bits(GUEST_CR0, X86_CR0_TS); update_exception_bitmap(vcpu); }",linux-2.6,,,267618328421573265349232044121114016169,0 4125,CWE-190,"_isBidi (const uint32_t *label, size_t llen) { while (llen-- > 0) { int bc = uc_bidi_category (*label++); if (bc == UC_BIDI_R || bc == UC_BIDI_AL || bc == UC_BIDI_AN) return 1; } return 0; }",visit repo url,lib/bidi.c,https://gitlab.com/libidn/libidn2,11299921965524,1 6276,CWE-787,"decodeJsonStructure(void *dst, const UA_DataType *type, CtxJson *ctx, ParseCtx *parseCtx, UA_Boolean moveToken) { (void) moveToken; if(ctx->depth > UA_JSON_ENCODING_MAX_RECURSION) return UA_STATUSCODE_BADENCODINGERROR; ctx->depth++; uintptr_t ptr = (uintptr_t)dst; status ret = UA_STATUSCODE_GOOD; u8 membersSize = type->membersSize; const UA_DataType *typelists[2] = { UA_TYPES, &type[-type->typeIndex] }; UA_STACKARRAY(DecodeEntry, entries, membersSize); for(size_t i = 0; i < membersSize && ret == UA_STATUSCODE_GOOD; ++i) { const UA_DataTypeMember *m = &type->members[i]; const UA_DataType *mt = &typelists[!m->namespaceZero][m->memberTypeIndex]; entries[i].type = mt; if(!m->isArray) { ptr += m->padding; entries[i].fieldName = m->memberName; entries[i].fieldPointer = (void*)ptr; entries[i].function = decodeJsonJumpTable[mt->typeKind]; entries[i].found = false; ptr += mt->memSize; } else { ptr += m->padding; ptr += sizeof(size_t); entries[i].fieldName = m->memberName; entries[i].fieldPointer = (void*)ptr; entries[i].function = (decodeJsonSignature)Array_decodeJson; entries[i].found = false; ptr += sizeof(void*); } } ret = decodeFields(ctx, parseCtx, entries, membersSize, type); ctx->depth--; return ret; }",visit repo url,src/ua_types_encoding_json.c,https://github.com/open62541/open62541,275923859071089,1 2299,NVD-CWE-noinfo,"void dev_load(struct net *net, const char *name) { struct net_device *dev; rcu_read_lock(); dev = dev_get_by_name_rcu(net, name); rcu_read_unlock(); if (!dev && capable(CAP_NET_ADMIN)) request_module(""%s"", name); }",visit repo url,net/core/dev.c,https://github.com/torvalds/linux,12500587335404,1 4969,CWE-787,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 6523,['CWE-20'],"register_address(struct decode_cache *c, unsigned long base, unsigned long reg) { return base + address_mask(c, reg); }",kvm,,,293940816256107365169745997848196613667,0 3224,['CWE-189'],"static int file_close(jas_stream_obj_t *obj) { jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj); int ret; ret = close(fileobj->fd); if (fileobj->flags & JAS_STREAM_FILEOBJ_DELONCLOSE) { unlink(fileobj->pathname); } jas_free(fileobj); return ret; }",jasper,,,248434265937089805386147747474034669990,0 3171,CWE-125,"juniper_atm2_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { int llc_hdrlen; struct juniper_l2info_t l2info; l2info.pictype = DLT_JUNIPER_ATM2; if (juniper_parse_header(ndo, p, h, &l2info) == 0) return l2info.header_len; p+=l2info.header_len; if (l2info.cookie[7] & ATM2_PKT_TYPE_MASK) { oam_print(ndo, p, l2info.length, ATM_OAM_NOHEC); return l2info.header_len; } if (EXTRACT_24BITS(p) == 0xfefe03 || EXTRACT_24BITS(p) == 0xaaaa03) { llc_hdrlen = llc_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL); if (llc_hdrlen > 0) return l2info.header_len; } if (l2info.direction != JUNIPER_BPF_PKT_IN && (EXTRACT_32BITS(l2info.cookie) & ATM2_GAP_COUNT_MASK)) { ether_print(ndo, p, l2info.length, l2info.caplen, NULL, NULL); return l2info.header_len; } if (p[0] == 0x03) { isoclns_print(ndo, p + 1, l2info.length - 1, l2info.caplen - 1); return l2info.header_len; } if(juniper_ppp_heuristic_guess(ndo, p, l2info.length) != 0) return l2info.header_len; if (ip_heuristic_guess(ndo, p, l2info.length) != 0) return l2info.header_len; return l2info.header_len; }",visit repo url,print-juniper.c,https://github.com/the-tcpdump-group/tcpdump,228961356199729,1 6083,CWE-190,"int bn_get_bit(const bn_t a, int bit) { int d; if (bit < 0) { RLC_THROW(ERR_NO_VALID); return 0; } if (bit > bn_bits(a)) { return 0; } RLC_RIP(bit, d, bit); if (d >= a->used) { return 0; } else { return (a->dp[d] >> bit) & (dig_t)1; } }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,251049430092762,1 2729,[],"SCTP_STATIC int sctp_do_peeloff(struct sctp_association *asoc, struct socket **sockp) { struct sock *sk = asoc->base.sk; struct socket *sock; struct inet_sock *inetsk; struct sctp_af *af; int err = 0; if (!sctp_style(sk, UDP)) return -EINVAL; err = sock_create(sk->sk_family, SOCK_SEQPACKET, IPPROTO_SCTP, &sock); if (err < 0) return err; sctp_sock_migrate(sk, sock->sk, asoc, SCTP_SOCKET_UDP_HIGH_BANDWIDTH); af = sctp_get_af_specific(asoc->peer.primary_addr.sa.sa_family); af->to_sk_daddr(&asoc->peer.primary_addr, sk); inetsk = inet_sk(sock->sk); inetsk->id = asoc->next_tsn ^ jiffies; *sockp = sock; return err; }",linux-2.6,,,74144269581438446756690275754866523032,0 5617,CWE-125,"fstring_compile_expr(const char *expr_start, const char *expr_end, struct compiling *c, const node *n) { int all_whitespace = 1; int kind; void *data; PyCompilerFlags cf; mod_ty mod; char *str; PyObject *o, *fstring_name; Py_ssize_t len; Py_ssize_t i; assert(expr_end >= expr_start); assert(*(expr_start-1) == '{'); assert(*expr_end == '}' || *expr_end == '!' || *expr_end == ':'); o = PyUnicode_DecodeUTF8(expr_start, expr_end-expr_start, NULL); if (o == NULL) return NULL; len = PyUnicode_GET_LENGTH(o); kind = PyUnicode_KIND(o); data = PyUnicode_DATA(o); for (i = 0; i < len; i++) { if (!Py_UNICODE_ISSPACE(PyUnicode_READ(kind, data, i))) { all_whitespace = 0; break; } } Py_DECREF(o); if (all_whitespace) { ast_error(c, n, ""f-string: empty expression not allowed""); return NULL; } len = expr_end - expr_start; str = PyMem_RawMalloc(len + 3); if (str == NULL) return NULL; str[0] = '('; memcpy(str+1, expr_start, len); str[len+1] = ')'; str[len+2] = 0; cf.cf_flags = PyCF_ONLY_AST; fstring_name = PyUnicode_FromString(""""); mod = string_object_to_c_ast(str, fstring_name, Py_eval_input, &cf, c->c_feature_version, c->c_arena); Py_DECREF(fstring_name); PyMem_RawFree(str); if (!mod) return NULL; return mod->v.Expression.body; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,131866643174152,1 1661,[],"static inline void update_load_sub(struct load_weight *lw, unsigned long dec) { lw->weight -= dec; lw->inv_weight = 0; }",linux-2.6,,,270001029683577883875350959520470478658,0 141,CWE-120,"static void control_work_handler(struct work_struct *work) { struct ports_device *portdev; struct virtqueue *vq; struct port_buffer *buf; unsigned int len; portdev = container_of(work, struct ports_device, control_work); vq = portdev->c_ivq; spin_lock(&portdev->c_ivq_lock); while ((buf = virtqueue_get_buf(vq, &len))) { spin_unlock(&portdev->c_ivq_lock); buf->len = len; buf->offset = 0; handle_control_message(vq->vdev, portdev, buf); spin_lock(&portdev->c_ivq_lock); if (add_inbuf(portdev->c_ivq, buf) < 0) { dev_warn(&portdev->vdev->dev, ""Error adding buffer to queue\n""); free_buf(buf, false); } } spin_unlock(&portdev->c_ivq_lock); }",visit repo url,drivers/char/virtio_console.c,https://github.com/torvalds/linux,514280883152,1 2178,CWE-416,"static int gup_huge_pmd(pmd_t orig, pmd_t *pmdp, unsigned long addr, unsigned long end, int write, struct page **pages, int *nr) { struct page *head, *page; int refs; if (!pmd_access_permitted(orig, write)) return 0; if (pmd_devmap(orig)) return __gup_device_huge_pmd(orig, pmdp, addr, end, pages, nr); refs = 0; page = pmd_page(orig) + ((addr & ~PMD_MASK) >> PAGE_SHIFT); do { pages[*nr] = page; (*nr)++; page++; refs++; } while (addr += PAGE_SIZE, addr != end); head = compound_head(pmd_page(orig)); if (!page_cache_add_speculative(head, refs)) { *nr -= refs; return 0; } if (unlikely(pmd_val(orig) != pmd_val(*pmdp))) { *nr -= refs; while (refs--) put_page(head); return 0; } SetPageReferenced(head); return 1; }",visit repo url,mm/gup.c,https://github.com/torvalds/linux,166785139937732,1 3011,CWE-119,"static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len) { int rlen, remain; dpIOCtxPtr dctx; dynamicPtr *dp; dctx = (dpIOCtxPtr) ctx; dp = dctx->dp; remain = dp->logicalSize - dp->pos; if(remain >= len) { rlen = len; } else { if(remain == 0) { return 0; } rlen = remain; } memcpy(buf, (void *) ((char *)dp->data + dp->pos), rlen); dp->pos += rlen; return rlen; }",visit repo url,src/gd_io_dp.c,https://github.com/libgd/libgd,277809418913033,1 5773,CWE-125,"sysUpTime_handler(snmp_varbind_t *varbind, uint32_t *oid) { snmp_api_set_time_ticks(varbind, oid, clock_seconds() * 100); }",visit repo url,examples/snmp-server/resources/snmp-SNMP-MIB-2-System.c,https://github.com/contiki-ng/contiki-ng,178358539067212,1 1457,[],"void preempt_notifier_register(struct preempt_notifier *notifier) { hlist_add_head(¬ifier->link, ¤t->preempt_notifiers); }",linux-2.6,,,115170493329699555527555578533802796409,0 2204,CWE-416,"static unsigned long get_seg_limit(struct pt_regs *regs, int seg_reg_idx) { struct desc_struct *desc; unsigned long limit; short sel; sel = get_segment_selector(regs, seg_reg_idx); if (sel < 0) return 0; if (user_64bit_mode(regs) || v8086_mode(regs)) return -1L; if (!sel) return 0; desc = get_desc(sel); if (!desc) return 0; limit = get_desc_limit(desc); if (desc->g) limit = (limit << 12) + 0xfff; return limit; }",visit repo url,arch/x86/lib/insn-eval.c,https://github.com/torvalds/linux,278499047470525,1 2443,['CWE-119'],"static void remove_duplicate_parents(struct commit *commit) { struct commit_list **pp, *p; pp = &commit->parents; while ((p = *pp) != NULL) { struct commit *parent = p->item; if (parent->object.flags & TMP_MARK) { *pp = p->next; continue; } parent->object.flags |= TMP_MARK; pp = &p->next; } for (p = commit->parents; p; p = p->next) p->item->object.flags &= ~TMP_MARK; }",git,,,55623744521449049269031517091623856143,0 2205,CWE-416,"int insn_get_code_seg_params(struct pt_regs *regs) { struct desc_struct *desc; short sel; if (v8086_mode(regs)) return INSN_CODE_SEG_PARAMS(2, 2); sel = get_segment_selector(regs, INAT_SEG_REG_CS); if (sel < 0) return sel; desc = get_desc(sel); if (!desc) return -EINVAL; if (!(desc->type & BIT(3))) return -EINVAL; switch ((desc->l << 1) | desc->d) { case 0: return INSN_CODE_SEG_PARAMS(2, 2); case 1: return INSN_CODE_SEG_PARAMS(4, 4); case 2: return INSN_CODE_SEG_PARAMS(4, 8); case 3: default: return -EINVAL; } }",visit repo url,arch/x86/lib/insn-eval.c,https://github.com/torvalds/linux,94182882763959,1 1564,CWE-362,"struct request *blk_mq_tag_to_rq(struct blk_mq_tags *tags, unsigned int tag) { struct request *rq = tags->rqs[tag]; struct blk_flush_queue *fq = blk_get_flush_queue(rq->q, rq->mq_ctx); if (!is_flush_request(rq, fq, tag)) return rq; return fq->flush_rq; }",visit repo url,block/blk-mq.c,https://github.com/torvalds/linux,251679991210755,1 1528,CWE-476,"static int rngapi_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen) { u8 *buf = NULL; u8 *src = (u8 *)seed; int err; if (slen) { buf = kmalloc(slen, GFP_KERNEL); if (!buf) return -ENOMEM; memcpy(buf, seed, slen); src = buf; } err = crypto_old_rng_alg(tfm)->rng_reset(tfm, src, slen); kzfree(buf); return err; }",visit repo url,crypto/rng.c,https://github.com/torvalds/linux,250836974782008,1 1737,CWE-254,"void arch_pick_mmap_layout(struct mm_struct *mm) { unsigned long random_factor = 0UL; if (current->flags & PF_RANDOMIZE) random_factor = arch_mmap_rnd(); mm->mmap_legacy_base = mmap_legacy_base(random_factor); if (mmap_is_legacy()) { mm->mmap_base = mm->mmap_legacy_base; mm->get_unmapped_area = arch_get_unmapped_area; } else { mm->mmap_base = mmap_base(random_factor); mm->get_unmapped_area = arch_get_unmapped_area_topdown; } }",visit repo url,arch/x86/mm/mmap.c,https://github.com/torvalds/linux,52360992615886,1 3025,['CWE-189'],"static int jpc_putcommacode(jpc_bitstream_t *out, int n) { assert(n >= 0); while (--n >= 0) { if (jpc_bitstream_putbit(out, 1) == EOF) { return -1; } } if (jpc_bitstream_putbit(out, 0) == EOF) { return -1; } return 0; }",jasper,,,98377801252552626089118638843563860795,0 3189,CWE-125,"parse_field(netdissect_options *ndo, const char **pptr, int *len) { const char *s; if (*len <= 0 || !pptr || !*pptr) return NULL; if (*pptr > (const char *) ndo->ndo_snapend) return NULL; s = *pptr; while (*pptr <= (const char *) ndo->ndo_snapend && *len >= 0 && **pptr) { (*pptr)++; (*len)--; } (*pptr)++; (*len)--; if (*len < 0 || *pptr > (const char *) ndo->ndo_snapend) return NULL; return s; }",visit repo url,print-zephyr.c,https://github.com/the-tcpdump-group/tcpdump,214558030213792,1 3021,['CWE-189'],"static int jpc_dec_process_rgn(jpc_dec_t *dec, jpc_ms_t *ms) { jpc_rgn_t *rgn = &ms->parms.rgn; jpc_dec_tile_t *tile; if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { jas_eprintf(""invalid component number in RGN marker segment\n""); return -1; } switch (dec->state) { case JPC_MH: jpc_dec_cp_setfromrgn(dec->cp, rgn); break; case JPC_TPH: if (!(tile = dec->curtile)) { return -1; } if (tile->partno > 0) { return -1; } jpc_dec_cp_setfromrgn(tile->cp, rgn); break; } return 0; }",jasper,,,268679708035392340922906314693361382934,0 2763,CWE-125,"PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER) { const unsigned char *cursor, *limit, *marker, *start; zval **rval_ref; limit = max; cursor = *p; if (YYCURSOR >= YYLIMIT) { return 0; } if (var_hash && cursor[0] != 'R') { var_push(var_hash, rval); } start = cursor; #line 496 ""ext/standard/var_unserializer.c"" { YYCTYPE yych; static const unsigned char yybm[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; if ((YYLIMIT - YYCURSOR) < 7) YYFILL(7); yych = *YYCURSOR; switch (yych) { case 'C': case 'O': goto yy13; case 'N': goto yy5; case 'R': goto yy2; case 'S': goto yy10; case 'a': goto yy11; case 'b': goto yy6; case 'd': goto yy8; case 'i': goto yy7; case 'o': goto yy12; case 'r': goto yy4; case 's': goto yy9; case '}': goto yy14; default: goto yy16; } yy2: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy95; yy3: #line 861 ""ext/standard/var_unserializer.re"" { return 0; } #line 558 ""ext/standard/var_unserializer.c"" yy4: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy89; goto yy3; yy5: yych = *++YYCURSOR; if (yych == ';') goto yy87; goto yy3; yy6: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy83; goto yy3; yy7: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy77; goto yy3; yy8: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy53; goto yy3; yy9: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy46; goto yy3; yy10: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy39; goto yy3; yy11: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy32; goto yy3; yy12: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy25; goto yy3; yy13: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy17; goto yy3; yy14: ++YYCURSOR; #line 855 ""ext/standard/var_unserializer.re"" { php_error_docref(NULL TSRMLS_CC, E_NOTICE, ""Unexpected end of serialized data""); return 0; } #line 607 ""ext/standard/var_unserializer.c"" yy16: yych = *++YYCURSOR; goto yy3; yy17: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { goto yy20; } if (yych == '+') goto yy19; yy18: YYCURSOR = YYMARKER; goto yy3; yy19: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { goto yy20; } goto yy18; yy20: ++YYCURSOR; if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); yych = *YYCURSOR; if (yybm[0+yych] & 128) { goto yy20; } if (yych <= '/') goto yy18; if (yych >= ';') goto yy18; yych = *++YYCURSOR; if (yych != '""') goto yy18; ++YYCURSOR; #line 708 ""ext/standard/var_unserializer.re"" { size_t len, len2, len3, maxlen; long elements; char *class_name; zend_class_entry *ce; zend_class_entry **pce; int incomplete_class = 0; int custom_object = 0; zval *user_func; zval *retval_ptr; zval **args[1]; zval *arg_func_name; if (!var_hash) return 0; if (*start == 'C') { custom_object = 1; } INIT_PZVAL(*rval); len2 = len = parse_uiv(start + 2); maxlen = max - YYCURSOR; if (maxlen < len || len == 0) { *p = start + 2; return 0; } class_name = (char*)YYCURSOR; YYCURSOR += len; if (*(YYCURSOR) != '""') { *p = YYCURSOR; return 0; } if (*(YYCURSOR+1) != ':') { *p = YYCURSOR+1; return 0; } len3 = strspn(class_name, ""0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377\\""); if (len3 != len) { *p = YYCURSOR + len3 - len; return 0; } class_name = estrndup(class_name, len); do { BG(serialize_lock)++; if (zend_lookup_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) { BG(serialize_lock)--; if (EG(exception)) { efree(class_name); return 0; } ce = *pce; break; } BG(serialize_lock)--; if (EG(exception)) { efree(class_name); return 0; } if ((PG(unserialize_callback_func) == NULL) || (PG(unserialize_callback_func)[0] == '\0')) { incomplete_class = 1; ce = PHP_IC_ENTRY; break; } MAKE_STD_ZVAL(user_func); ZVAL_STRING(user_func, PG(unserialize_callback_func), 1); args[0] = &arg_func_name; MAKE_STD_ZVAL(arg_func_name); ZVAL_STRING(arg_func_name, class_name, 1); BG(serialize_lock)++; if (call_user_function_ex(CG(function_table), NULL, user_func, &retval_ptr, 1, args, 0, NULL TSRMLS_CC) != SUCCESS) { BG(serialize_lock)--; if (EG(exception)) { efree(class_name); zval_ptr_dtor(&user_func); zval_ptr_dtor(&arg_func_name); return 0; } php_error_docref(NULL TSRMLS_CC, E_WARNING, ""defined (%s) but not found"", user_func->value.str.val); incomplete_class = 1; ce = PHP_IC_ENTRY; zval_ptr_dtor(&user_func); zval_ptr_dtor(&arg_func_name); break; } BG(serialize_lock)--; if (retval_ptr) { zval_ptr_dtor(&retval_ptr); } if (EG(exception)) { efree(class_name); zval_ptr_dtor(&user_func); zval_ptr_dtor(&arg_func_name); return 0; } if (zend_lookup_class(class_name, len2, &pce TSRMLS_CC) == SUCCESS) { ce = *pce; } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Function %s() hasn't defined the class it was called for"", user_func->value.str.val); incomplete_class = 1; ce = PHP_IC_ENTRY; } zval_ptr_dtor(&user_func); zval_ptr_dtor(&arg_func_name); break; } while (1); *p = YYCURSOR; if (custom_object) { int ret; ret = object_custom(UNSERIALIZE_PASSTHRU, ce); if (ret && incomplete_class) { php_store_class_name(*rval, class_name, len2); } efree(class_name); return ret; } elements = object_common1(UNSERIALIZE_PASSTHRU, ce); if (incomplete_class) { php_store_class_name(*rval, class_name, len2); } efree(class_name); return object_common2(UNSERIALIZE_PASSTHRU, elements); } #line 785 ""ext/standard/var_unserializer.c"" yy25: yych = *++YYCURSOR; if (yych <= ',') { if (yych != '+') goto yy18; } else { if (yych <= '-') goto yy26; if (yych <= '/') goto yy18; if (yych <= '9') goto yy27; goto yy18; } yy26: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; yy27: ++YYCURSOR; if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); yych = *YYCURSOR; if (yych <= '/') goto yy18; if (yych <= '9') goto yy27; if (yych >= ';') goto yy18; yych = *++YYCURSOR; if (yych != '""') goto yy18; ++YYCURSOR; #line 699 ""ext/standard/var_unserializer.re"" { if (!var_hash) return 0; INIT_PZVAL(*rval); return object_common2(UNSERIALIZE_PASSTHRU, object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); } #line 819 ""ext/standard/var_unserializer.c"" yy32: yych = *++YYCURSOR; if (yych == '+') goto yy33; if (yych <= '/') goto yy18; if (yych <= '9') goto yy34; goto yy18; yy33: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; yy34: ++YYCURSOR; if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); yych = *YYCURSOR; if (yych <= '/') goto yy18; if (yych <= '9') goto yy34; if (yych >= ';') goto yy18; yych = *++YYCURSOR; if (yych != '{') goto yy18; ++YYCURSOR; #line 678 ""ext/standard/var_unserializer.re"" { long elements = parse_iv(start + 2); *p = YYCURSOR; if (!var_hash) return 0; if (elements < 0) { return 0; } INIT_PZVAL(*rval); array_init_size(*rval, elements); if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_PP(rval), elements, 0)) { return 0; } return finish_nested_data(UNSERIALIZE_PASSTHRU); } #line 861 ""ext/standard/var_unserializer.c"" yy39: yych = *++YYCURSOR; if (yych == '+') goto yy40; if (yych <= '/') goto yy18; if (yych <= '9') goto yy41; goto yy18; yy40: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; yy41: ++YYCURSOR; if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); yych = *YYCURSOR; if (yych <= '/') goto yy18; if (yych <= '9') goto yy41; if (yych >= ';') goto yy18; yych = *++YYCURSOR; if (yych != '""') goto yy18; ++YYCURSOR; #line 643 ""ext/standard/var_unserializer.re"" { size_t len, maxlen; char *str; len = parse_uiv(start + 2); maxlen = max - YYCURSOR; if (maxlen < len) { *p = start + 2; return 0; } if ((str = unserialize_str(&YYCURSOR, &len, maxlen)) == NULL) { return 0; } if (*(YYCURSOR) != '""') { efree(str); *p = YYCURSOR; return 0; } if (*(YYCURSOR + 1) != ';') { efree(str); *p = YYCURSOR + 1; return 0; } YYCURSOR += 2; *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_STRINGL(*rval, str, len, 0); return 1; } #line 917 ""ext/standard/var_unserializer.c"" yy46: yych = *++YYCURSOR; if (yych == '+') goto yy47; if (yych <= '/') goto yy18; if (yych <= '9') goto yy48; goto yy18; yy47: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; yy48: ++YYCURSOR; if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); yych = *YYCURSOR; if (yych <= '/') goto yy18; if (yych <= '9') goto yy48; if (yych >= ';') goto yy18; yych = *++YYCURSOR; if (yych != '""') goto yy18; ++YYCURSOR; #line 610 ""ext/standard/var_unserializer.re"" { size_t len, maxlen; char *str; len = parse_uiv(start + 2); maxlen = max - YYCURSOR; if (maxlen < len) { *p = start + 2; return 0; } str = (char*)YYCURSOR; YYCURSOR += len; if (*(YYCURSOR) != '""') { *p = YYCURSOR; return 0; } if (*(YYCURSOR + 1) != ';') { *p = YYCURSOR + 1; return 0; } YYCURSOR += 2; *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_STRINGL(*rval, str, len, 1); return 1; } #line 971 ""ext/standard/var_unserializer.c"" yy53: yych = *++YYCURSOR; if (yych <= '/') { if (yych <= ',') { if (yych == '+') goto yy57; goto yy18; } else { if (yych <= '-') goto yy55; if (yych <= '.') goto yy60; goto yy18; } } else { if (yych <= 'I') { if (yych <= '9') goto yy58; if (yych <= 'H') goto yy18; goto yy56; } else { if (yych != 'N') goto yy18; } } yych = *++YYCURSOR; if (yych == 'A') goto yy76; goto yy18; yy55: yych = *++YYCURSOR; if (yych <= '/') { if (yych == '.') goto yy60; goto yy18; } else { if (yych <= '9') goto yy58; if (yych != 'I') goto yy18; } yy56: yych = *++YYCURSOR; if (yych == 'N') goto yy72; goto yy18; yy57: yych = *++YYCURSOR; if (yych == '.') goto yy60; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; yy58: ++YYCURSOR; if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4); yych = *YYCURSOR; if (yych <= ':') { if (yych <= '.') { if (yych <= '-') goto yy18; goto yy70; } else { if (yych <= '/') goto yy18; if (yych <= '9') goto yy58; goto yy18; } } else { if (yych <= 'E') { if (yych <= ';') goto yy63; if (yych <= 'D') goto yy18; goto yy65; } else { if (yych == 'e') goto yy65; goto yy18; } } yy60: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; yy61: ++YYCURSOR; if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4); yych = *YYCURSOR; if (yych <= ';') { if (yych <= '/') goto yy18; if (yych <= '9') goto yy61; if (yych <= ':') goto yy18; } else { if (yych <= 'E') { if (yych <= 'D') goto yy18; goto yy65; } else { if (yych == 'e') goto yy65; goto yy18; } } yy63: ++YYCURSOR; #line 600 ""ext/standard/var_unserializer.re"" { #if SIZEOF_LONG == 4 use_double: #endif *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL)); return 1; } #line 1069 ""ext/standard/var_unserializer.c"" yy65: yych = *++YYCURSOR; if (yych <= ',') { if (yych != '+') goto yy18; } else { if (yych <= '-') goto yy66; if (yych <= '/') goto yy18; if (yych <= '9') goto yy67; goto yy18; } yy66: yych = *++YYCURSOR; if (yych <= ',') { if (yych == '+') goto yy69; goto yy18; } else { if (yych <= '-') goto yy69; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; } yy67: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; if (yych <= '/') goto yy18; if (yych <= '9') goto yy67; if (yych == ';') goto yy63; goto yy18; yy69: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych <= '9') goto yy67; goto yy18; yy70: ++YYCURSOR; if ((YYLIMIT - YYCURSOR) < 4) YYFILL(4); yych = *YYCURSOR; if (yych <= ';') { if (yych <= '/') goto yy18; if (yych <= '9') goto yy70; if (yych <= ':') goto yy18; goto yy63; } else { if (yych <= 'E') { if (yych <= 'D') goto yy18; goto yy65; } else { if (yych == 'e') goto yy65; goto yy18; } } yy72: yych = *++YYCURSOR; if (yych != 'F') goto yy18; yy73: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; #line 585 ""ext/standard/var_unserializer.re"" { *p = YYCURSOR; INIT_PZVAL(*rval); if (!strncmp(start + 2, ""NAN"", 3)) { ZVAL_DOUBLE(*rval, php_get_nan()); } else if (!strncmp(start + 2, ""INF"", 3)) { ZVAL_DOUBLE(*rval, php_get_inf()); } else if (!strncmp(start + 2, ""-INF"", 4)) { ZVAL_DOUBLE(*rval, -php_get_inf()); } return 1; } #line 1143 ""ext/standard/var_unserializer.c"" yy76: yych = *++YYCURSOR; if (yych == 'N') goto yy73; goto yy18; yy77: yych = *++YYCURSOR; if (yych <= ',') { if (yych != '+') goto yy18; } else { if (yych <= '-') goto yy78; if (yych <= '/') goto yy18; if (yych <= '9') goto yy79; goto yy18; } yy78: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; yy79: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; if (yych <= '/') goto yy18; if (yych <= '9') goto yy79; if (yych != ';') goto yy18; ++YYCURSOR; #line 558 ""ext/standard/var_unserializer.re"" { #if SIZEOF_LONG == 4 int digits = YYCURSOR - start - 3; if (start[2] == '-' || start[2] == '+') { digits--; } if (digits >= MAX_LENGTH_OF_LONG - 1) { if (digits == MAX_LENGTH_OF_LONG - 1) { int cmp = strncmp(YYCURSOR - MAX_LENGTH_OF_LONG, long_min_digits, MAX_LENGTH_OF_LONG - 1); if (!(cmp < 0 || (cmp == 0 && start[2] == '-'))) { goto use_double; } } else { goto use_double; } } #endif *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_LONG(*rval, parse_iv(start + 2)); return 1; } #line 1197 ""ext/standard/var_unserializer.c"" yy83: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych >= '2') goto yy18; yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; #line 551 ""ext/standard/var_unserializer.re"" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_BOOL(*rval, parse_iv(start + 2)); return 1; } #line 1212 ""ext/standard/var_unserializer.c"" yy87: ++YYCURSOR; #line 544 ""ext/standard/var_unserializer.re"" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_NULL(*rval); return 1; } #line 1222 ""ext/standard/var_unserializer.c"" yy89: yych = *++YYCURSOR; if (yych <= ',') { if (yych != '+') goto yy18; } else { if (yych <= '-') goto yy90; if (yych <= '/') goto yy18; if (yych <= '9') goto yy91; goto yy18; } yy90: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; yy91: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; if (yych <= '/') goto yy18; if (yych <= '9') goto yy91; if (yych != ';') goto yy18; ++YYCURSOR; #line 521 ""ext/standard/var_unserializer.re"" { long id; *p = YYCURSOR; if (!var_hash) return 0; id = parse_iv(start + 2) - 1; if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) { return 0; } if (*rval == *rval_ref) return 0; if (*rval != NULL) { var_push_dtor_no_addref(var_hash, rval); } *rval = *rval_ref; Z_ADDREF_PP(rval); Z_UNSET_ISREF_PP(rval); return 1; } #line 1268 ""ext/standard/var_unserializer.c"" yy95: yych = *++YYCURSOR; if (yych <= ',') { if (yych != '+') goto yy18; } else { if (yych <= '-') goto yy96; if (yych <= '/') goto yy18; if (yych <= '9') goto yy97; goto yy18; } yy96: yych = *++YYCURSOR; if (yych <= '/') goto yy18; if (yych >= ':') goto yy18; yy97: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; if (yych <= '/') goto yy18; if (yych <= '9') goto yy97; if (yych != ';') goto yy18; ++YYCURSOR; #line 500 ""ext/standard/var_unserializer.re"" { long id; *p = YYCURSOR; if (!var_hash) return 0; id = parse_iv(start + 2) - 1; if (id == -1 || var_access(var_hash, id, &rval_ref) != SUCCESS) { return 0; } if (*rval != NULL) { var_push_dtor_no_addref(var_hash, rval); } *rval = *rval_ref; Z_ADDREF_PP(rval); Z_SET_ISREF_PP(rval); return 1; } #line 1312 ""ext/standard/var_unserializer.c"" } #line 863 ""ext/standard/var_unserializer.re"" return 0; }",visit repo url,ext/standard/var_unserializer.c,https://github.com/php/php-src,224284074909287,1 3276,CWE-125,"ikev2_sub_print(netdissect_options *ndo, struct isakmp *base, u_char np, const struct isakmp_gen *ext, const u_char *ep, uint32_t phase, uint32_t doi, uint32_t proto, int depth) { const u_char *cp; int i; struct isakmp_gen e; cp = (const u_char *)ext; while (np) { ND_TCHECK(*ext); UNALIGNED_MEMCPY(&e, ext, sizeof(e)); ND_TCHECK2(*ext, ntohs(e.len)); depth++; ND_PRINT((ndo,""\n"")); for (i = 0; i < depth; i++) ND_PRINT((ndo,"" "")); ND_PRINT((ndo,""("")); cp = ikev2_sub0_print(ndo, base, np, ext, ep, phase, doi, proto, depth); ND_PRINT((ndo,"")"")); depth--; if (cp == NULL) { return NULL; } np = e.np; ext = (const struct isakmp_gen *)cp; } return cp; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(np))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,244278092174604,1 2082,CWE-190,"static void common_hrtimer_rearm(struct k_itimer *timr) { struct hrtimer *timer = &timr->it.real.timer; if (!timr->it_interval) return; timr->it_overrun += (unsigned int) hrtimer_forward(timer, timer->base->get_time(), timr->it_interval); hrtimer_restart(timer); }",visit repo url,kernel/time/posix-timers.c,https://github.com/torvalds/linux,184678001383075,1 5568,[],"int send_sigqueue(struct sigqueue *q, struct task_struct *t, int group) { int sig = q->info.si_signo; struct sigpending *pending; unsigned long flags; int ret; BUG_ON(!(q->flags & SIGQUEUE_PREALLOC)); ret = -1; if (!likely(lock_task_sighand(t, &flags))) goto ret; ret = 1; if (!prepare_signal(sig, t, 0)) goto out; ret = 0; if (unlikely(!list_empty(&q->list))) { BUG_ON(q->info.si_code != SI_TIMER); q->info.si_overrun++; goto out; } q->info.si_overrun = 0; signalfd_notify(t, sig); pending = group ? &t->signal->shared_pending : &t->pending; list_add_tail(&q->list, &pending->list); sigaddset(&pending->signal, sig); complete_signal(sig, t, group); out: unlock_task_sighand(t, &flags); ret: return ret; }",linux-2.6,,,46414457907023635792450112126694192470,0 1581,CWE-200,"int btrfs_truncate_inode_items(struct btrfs_trans_handle *trans, struct btrfs_root *root, struct inode *inode, u64 new_size, u32 min_type) { struct btrfs_path *path; struct extent_buffer *leaf; struct btrfs_file_extent_item *fi; struct btrfs_key key; struct btrfs_key found_key; u64 extent_start = 0; u64 extent_num_bytes = 0; u64 extent_offset = 0; u64 item_end = 0; u64 last_size = new_size; u32 found_type = (u8)-1; int found_extent; int del_item; int pending_del_nr = 0; int pending_del_slot = 0; int extent_type = -1; int ret; int err = 0; u64 ino = btrfs_ino(inode); u64 bytes_deleted = 0; bool be_nice = 0; bool should_throttle = 0; bool should_end = 0; BUG_ON(new_size > 0 && min_type != BTRFS_EXTENT_DATA_KEY); if (!btrfs_is_free_space_inode(inode) && test_bit(BTRFS_ROOT_REF_COWS, &root->state)) be_nice = 1; path = btrfs_alloc_path(); if (!path) return -ENOMEM; path->reada = -1; if (test_bit(BTRFS_ROOT_REF_COWS, &root->state) || root == root->fs_info->tree_root) btrfs_drop_extent_cache(inode, ALIGN(new_size, root->sectorsize), (u64)-1, 0); if (min_type == 0 && root == BTRFS_I(inode)->root) btrfs_kill_delayed_inode_items(inode); key.objectid = ino; key.offset = (u64)-1; key.type = (u8)-1; search_again: if (be_nice && bytes_deleted > 32 * 1024 * 1024) { if (btrfs_should_end_transaction(trans, root)) { err = -EAGAIN; goto error; } } path->leave_spinning = 1; ret = btrfs_search_slot(trans, root, &key, path, -1, 1); if (ret < 0) { err = ret; goto out; } if (ret > 0) { if (path->slots[0] == 0) goto out; path->slots[0]--; } while (1) { fi = NULL; leaf = path->nodes[0]; btrfs_item_key_to_cpu(leaf, &found_key, path->slots[0]); found_type = found_key.type; if (found_key.objectid != ino) break; if (found_type < min_type) break; item_end = found_key.offset; if (found_type == BTRFS_EXTENT_DATA_KEY) { fi = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_file_extent_item); extent_type = btrfs_file_extent_type(leaf, fi); if (extent_type != BTRFS_FILE_EXTENT_INLINE) { item_end += btrfs_file_extent_num_bytes(leaf, fi); } else if (extent_type == BTRFS_FILE_EXTENT_INLINE) { item_end += btrfs_file_extent_inline_len(leaf, path->slots[0], fi); } item_end--; } if (found_type > min_type) { del_item = 1; } else { if (item_end < new_size) break; if (found_key.offset >= new_size) del_item = 1; else del_item = 0; } found_extent = 0; if (found_type != BTRFS_EXTENT_DATA_KEY) goto delete; if (del_item) last_size = found_key.offset; else last_size = new_size; if (extent_type != BTRFS_FILE_EXTENT_INLINE) { u64 num_dec; extent_start = btrfs_file_extent_disk_bytenr(leaf, fi); if (!del_item) { u64 orig_num_bytes = btrfs_file_extent_num_bytes(leaf, fi); extent_num_bytes = ALIGN(new_size - found_key.offset, root->sectorsize); btrfs_set_file_extent_num_bytes(leaf, fi, extent_num_bytes); num_dec = (orig_num_bytes - extent_num_bytes); if (test_bit(BTRFS_ROOT_REF_COWS, &root->state) && extent_start != 0) inode_sub_bytes(inode, num_dec); btrfs_mark_buffer_dirty(leaf); } else { extent_num_bytes = btrfs_file_extent_disk_num_bytes(leaf, fi); extent_offset = found_key.offset - btrfs_file_extent_offset(leaf, fi); num_dec = btrfs_file_extent_num_bytes(leaf, fi); if (extent_start != 0) { found_extent = 1; if (test_bit(BTRFS_ROOT_REF_COWS, &root->state)) inode_sub_bytes(inode, num_dec); } } } else if (extent_type == BTRFS_FILE_EXTENT_INLINE) { if (!del_item && btrfs_file_extent_compression(leaf, fi) == 0 && btrfs_file_extent_encryption(leaf, fi) == 0 && btrfs_file_extent_other_encoding(leaf, fi) == 0) { u32 size = new_size - found_key.offset; if (test_bit(BTRFS_ROOT_REF_COWS, &root->state)) inode_sub_bytes(inode, item_end + 1 - new_size); btrfs_set_file_extent_ram_bytes(leaf, fi, size); size = btrfs_file_extent_calc_inline_size(size); btrfs_truncate_item(root, path, size, 1); } else if (test_bit(BTRFS_ROOT_REF_COWS, &root->state)) { inode_sub_bytes(inode, item_end + 1 - found_key.offset); } } delete: if (del_item) { if (!pending_del_nr) { pending_del_slot = path->slots[0]; pending_del_nr = 1; } else if (pending_del_nr && path->slots[0] + 1 == pending_del_slot) { pending_del_nr++; pending_del_slot = path->slots[0]; } else { BUG(); } } else { break; } should_throttle = 0; if (found_extent && (test_bit(BTRFS_ROOT_REF_COWS, &root->state) || root == root->fs_info->tree_root)) { btrfs_set_path_blocking(path); bytes_deleted += extent_num_bytes; ret = btrfs_free_extent(trans, root, extent_start, extent_num_bytes, 0, btrfs_header_owner(leaf), ino, extent_offset, 0); BUG_ON(ret); if (btrfs_should_throttle_delayed_refs(trans, root)) btrfs_async_run_delayed_refs(root, trans->delayed_ref_updates * 2, 0); if (be_nice) { if (truncate_space_check(trans, root, extent_num_bytes)) { should_end = 1; } if (btrfs_should_throttle_delayed_refs(trans, root)) { should_throttle = 1; } } } if (found_type == BTRFS_INODE_ITEM_KEY) break; if (path->slots[0] == 0 || path->slots[0] != pending_del_slot || should_throttle || should_end) { if (pending_del_nr) { ret = btrfs_del_items(trans, root, path, pending_del_slot, pending_del_nr); if (ret) { btrfs_abort_transaction(trans, root, ret); goto error; } pending_del_nr = 0; } btrfs_release_path(path); if (should_throttle) { unsigned long updates = trans->delayed_ref_updates; if (updates) { trans->delayed_ref_updates = 0; ret = btrfs_run_delayed_refs(trans, root, updates * 2); if (ret && !err) err = ret; } } if (should_end) { err = -EAGAIN; goto error; } goto search_again; } else { path->slots[0]--; } } out: if (pending_del_nr) { ret = btrfs_del_items(trans, root, path, pending_del_slot, pending_del_nr); if (ret) btrfs_abort_transaction(trans, root, ret); } error: if (root->root_key.objectid != BTRFS_TREE_LOG_OBJECTID) btrfs_ordered_update_i_size(inode, last_size, NULL); btrfs_free_path(path); if (be_nice && bytes_deleted > 32 * 1024 * 1024) { unsigned long updates = trans->delayed_ref_updates; if (updates) { trans->delayed_ref_updates = 0; ret = btrfs_run_delayed_refs(trans, root, updates * 2); if (ret && !err) err = ret; } } return err; }",visit repo url,fs/btrfs/inode.c,https://github.com/torvalds/linux,15748141068833,1 3746,[],"static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) { struct sock *sk = sock->sk; struct unix_sock *u; struct sockaddr_un *sunaddr=(struct sockaddr_un *)uaddr; int err = 0; if (peer) { sk = unix_peer_get(sk); err = -ENOTCONN; if (!sk) goto out; err = 0; } else { sock_hold(sk); } u = unix_sk(sk); unix_state_lock(sk); if (!u->addr) { sunaddr->sun_family = AF_UNIX; sunaddr->sun_path[0] = 0; *uaddr_len = sizeof(short); } else { struct unix_address *addr = u->addr; *uaddr_len = addr->len; memcpy(sunaddr, addr->name, *uaddr_len); } unix_state_unlock(sk); sock_put(sk); out: return err; }",linux-2.6,,,258009259515405001154278234585458873458,0 2956,CWE-264,"int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_function, void* exec_payload, lxc_attach_options_t* options, pid_t* attached_process) { int ret, status; pid_t init_pid, pid, attached_pid, expected; struct lxc_proc_context_info *init_ctx; char* cwd; char* new_cwd; int ipc_sockets[2]; int procfd; signed long personality; if (!options) options = &attach_static_default_options; init_pid = lxc_cmd_get_init_pid(name, lxcpath); if (init_pid < 0) { ERROR(""failed to get the init pid""); return -1; } init_ctx = lxc_proc_get_context_info(init_pid); if (!init_ctx) { ERROR(""failed to get context of the init process, pid = %ld"", (long)init_pid); return -1; } personality = get_personality(name, lxcpath); if (init_ctx->personality < 0) { ERROR(""Failed to get personality of the container""); lxc_proc_put_context_info(init_ctx); return -1; } init_ctx->personality = personality; init_ctx->container = lxc_container_new(name, lxcpath); if (!init_ctx->container) return -1; if (!fetch_seccomp(init_ctx->container, options)) WARN(""Failed to get seccomp policy""); if (!no_new_privs(init_ctx->container, options)) WARN(""Could not determine whether PR_SET_NO_NEW_PRIVS is set.""); cwd = getcwd(NULL, 0); if (options->namespaces == -1) { options->namespaces = lxc_cmd_get_clone_flags(name, lxcpath); if (options->namespaces == -1) { ERROR(""failed to automatically determine the "" ""namespaces which the container unshared""); free(cwd); lxc_proc_put_context_info(init_ctx); return -1; } } ret = socketpair(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, ipc_sockets); if (ret < 0) { SYSERROR(""could not set up required IPC mechanism for attaching""); free(cwd); lxc_proc_put_context_info(init_ctx); return -1; } pid = fork(); if (pid < 0) { SYSERROR(""failed to create first subprocess""); free(cwd); lxc_proc_put_context_info(init_ctx); return -1; } if (pid) { pid_t to_cleanup_pid = pid; close(ipc_sockets[1]); free(cwd); if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP) { if (!cgroup_attach(name, lxcpath, pid)) goto cleanup_error; } status = 0; ret = lxc_write_nointr(ipc_sockets[0], &status, sizeof(status)); if (ret <= 0) { ERROR(""error using IPC to notify attached process for initialization (0)""); goto cleanup_error; } ret = lxc_read_nointr_expect(ipc_sockets[0], &attached_pid, sizeof(attached_pid), NULL); if (ret <= 0) { if (ret != 0) ERROR(""error using IPC to receive pid of attached process""); goto cleanup_error; } if (options->stdin_fd == 0) { signal(SIGINT, SIG_IGN); signal(SIGQUIT, SIG_IGN); } ret = wait_for_pid(pid); if (ret < 0) goto cleanup_error; to_cleanup_pid = attached_pid; status = 0; ret = lxc_write_nointr(ipc_sockets[0], &status, sizeof(status)); if (ret <= 0) { ERROR(""error using IPC to notify attached process for initialization (0)""); goto cleanup_error; } expected = 1; ret = lxc_read_nointr_expect(ipc_sockets[0], &status, sizeof(status), &expected); if (ret <= 0) { if (ret != 0) ERROR(""error using IPC to receive notification from attached process (1)""); goto cleanup_error; } status = 2; ret = lxc_write_nointr(ipc_sockets[0], &status, sizeof(status)); if (ret <= 0) { ERROR(""error using IPC to notify attached process for initialization (2)""); goto cleanup_error; } shutdown(ipc_sockets[0], SHUT_RDWR); close(ipc_sockets[0]); lxc_proc_put_context_info(init_ctx); *attached_process = attached_pid; return 0; cleanup_error: shutdown(ipc_sockets[0], SHUT_RDWR); close(ipc_sockets[0]); if (to_cleanup_pid) (void) wait_for_pid(to_cleanup_pid); lxc_proc_put_context_info(init_ctx); return -1; } close(ipc_sockets[0]); expected = 0; status = -1; ret = lxc_read_nointr_expect(ipc_sockets[1], &status, sizeof(status), &expected); if (ret <= 0) { ERROR(""error communicating with child process""); shutdown(ipc_sockets[1], SHUT_RDWR); rexit(-1); } if ((options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP) && cgns_supported()) options->namespaces |= CLONE_NEWCGROUP; procfd = open(""/proc"", O_DIRECTORY | O_RDONLY); if (procfd < 0) { SYSERROR(""Unable to open /proc""); shutdown(ipc_sockets[1], SHUT_RDWR); rexit(-1); } ret = lxc_attach_to_ns(init_pid, options->namespaces); if (ret < 0) { ERROR(""failed to enter the namespace""); shutdown(ipc_sockets[1], SHUT_RDWR); rexit(-1); } if (options->initial_cwd) new_cwd = options->initial_cwd; else new_cwd = cwd; ret = chdir(new_cwd); if (ret < 0) WARN(""could not change directory to '%s'"", new_cwd); free(cwd); { struct attach_clone_payload payload = { .ipc_socket = ipc_sockets[1], .options = options, .init_ctx = init_ctx, .exec_function = exec_function, .exec_payload = exec_payload, .procfd = procfd }; pid = lxc_clone(attach_child_main, &payload, CLONE_PARENT); } if (pid <= 0) { SYSERROR(""failed to create subprocess""); shutdown(ipc_sockets[1], SHUT_RDWR); rexit(-1); } ret = lxc_write_nointr(ipc_sockets[1], &pid, sizeof(pid)); if (ret != sizeof(pid)) { ERROR(""error using IPC to notify main process of pid of the attached process""); shutdown(ipc_sockets[1], SHUT_RDWR); rexit(-1); } rexit(0); }",visit repo url,src/lxc/attach.c,https://github.com/lxc/lxc,184761270378221,1 4099,CWE-835,"accept_xsmp_connection (SmsConn sms_conn, GsmXsmpServer *server, unsigned long *mask_ret, SmsCallbacks *callbacks_ret, char **failure_reason_ret) { IceConn ice_conn; GsmXSMPClient *client; if (server->priv->xsmp_sockets == NULL) { g_debug (""GsmXsmpServer: In shutdown, rejecting new client""); *failure_reason_ret = strdup (_(""Refusing new client connection because the session is currently being shut down\n"")); return FALSE; } ice_conn = SmsGetIceConnection (sms_conn); client = ice_conn->context; g_return_val_if_fail (client != NULL, TRUE); gsm_xsmp_client_connect (client, sms_conn, mask_ret, callbacks_ret); return TRUE; }",visit repo url,gnome-session/gsm-xsmp-server.c,https://github.com/GNOME/gnome-session,227770480568588,1 3102,['CWE-189'],"static int jas_iccprof_puttagtab(jas_stream_t *out, jas_icctagtab_t *tagtab) { int i; jas_icctagtabent_t *tagtabent; if (jas_iccputuint32(out, tagtab->numents)) goto error; for (i = 0; i < JAS_CAST(int, tagtab->numents); ++i) { tagtabent = &tagtab->ents[i]; if (jas_iccputuint32(out, tagtabent->tag) || jas_iccputuint32(out, tagtabent->off) || jas_iccputuint32(out, tagtabent->len)) goto error; } return 0; error: return -1; }",jasper,,,270792198768482625687010200086224775953,0 6564,['CWE-200'],"get_property (GObject *object, guint prop_id, GValue *value, GParamSpec *pspec) { NMAGConfConnectionPrivate *priv = NMA_GCONF_CONNECTION_GET_PRIVATE (object); switch (prop_id) { case PROP_CLIENT: g_value_set_object (value, priv->client); break; case PROP_DIR: g_value_set_string (value, priv->dir); break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; } }",network-manager-applet,,,185339526026578181292204113792777712513,0 6744,CWE-787,"BZIP3_API struct bz3_state * bz3_new(s32 block_size) { if (block_size < KiB(65) || block_size > MiB(511)) { return NULL; } struct bz3_state * bz3_state = malloc(sizeof(struct bz3_state)); if (!bz3_state) { return NULL; } bz3_state->cm_state = malloc(sizeof(state)); bz3_state->swap_buffer = malloc(bz3_bound(block_size)); bz3_state->sais_array = malloc((block_size + 128) * sizeof(s32)); memset(bz3_state->sais_array, 0, sizeof(s32) * (block_size + 128)); bz3_state->lzp_lut = calloc(1 << LZP_DICTIONARY, sizeof(s32)); if (!bz3_state->cm_state || !bz3_state->swap_buffer || !bz3_state->sais_array || !bz3_state->lzp_lut) { if (bz3_state->cm_state) free(bz3_state->cm_state); if (bz3_state->swap_buffer) free(bz3_state->swap_buffer); if (bz3_state->sais_array) free(bz3_state->sais_array); if (bz3_state->lzp_lut) free(bz3_state->lzp_lut); free(bz3_state); return NULL; } bz3_state->block_size = block_size; bz3_state->last_error = BZ3_OK; return bz3_state; }",visit repo url,src/libbz3.c,https://github.com/kspalaiologos/bzip3,202709297416511,1 5159,CWE-125,"handle_keywordonly_args(struct compiling *c, const node *n, int start, asdl_seq *kwonlyargs, asdl_seq *kwdefaults) { PyObject *argname; node *ch; expr_ty expression, annotation; arg_ty arg; int i = start; int j = 0; if (kwonlyargs == NULL) { ast_error(c, CHILD(n, start), ""named arguments must follow bare *""); return -1; } assert(kwdefaults != NULL); while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case vfpdef: case tfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) goto error; asdl_seq_SET(kwdefaults, j, expression); i += 2; } else { asdl_seq_SET(kwdefaults, j, NULL); } if (NCH(ch) == 3) { annotation = ast_for_expr(c, CHILD(ch, 2)); if (!annotation) goto error; } else { annotation = NULL; } ch = CHILD(ch, 0); argname = NEW_IDENTIFIER(ch); if (!argname) goto error; if (forbidden_name(c, argname, ch, 0)) goto error; arg = arg(argname, annotation, LINENO(ch), ch->n_col_offset, ch->n_end_lineno, ch->n_end_col_offset, c->c_arena); if (!arg) goto error; asdl_seq_SET(kwonlyargs, j++, arg); i += 2; break; case DOUBLESTAR: return i; default: ast_error(c, ch, ""unexpected node""); goto error; } } return i; error: return -1; }",visit repo url,Python/ast.c,https://github.com/python/cpython,83756074746116,1 3660,CWE-119,"int main(int argc, char **argv) { test_cmp_parameters inParam; FILE *fbase=NULL, *ftest=NULL; int same = 0; char lbase[256]; char strbase[256]; char ltest[256]; char strtest[256]; if( parse_cmdline_cmp(argc, argv, &inParam) == 1 ) { compare_dump_files_help_display(); goto cleanup; } printf(""******Parameters********* \n""); printf("" base_filename = %s\n"" "" test_filename = %s\n"", inParam.base_filename, inParam.test_filename); printf(""************************* \n""); printf(""Try to open: %s for reading ... "", inParam.base_filename); if((fbase = fopen(inParam.base_filename, ""rb""))==NULL) { goto cleanup; } printf(""Ok.\n""); printf(""Try to open: %s for reading ... "", inParam.test_filename); if((ftest = fopen(inParam.test_filename, ""rb""))==NULL) { goto cleanup; } printf(""Ok.\n""); while (fgets(lbase, sizeof(lbase), fbase) && fgets(ltest,sizeof(ltest),ftest)) { int nbase = sscanf(lbase, ""%255[^\r\n]"", strbase); int ntest = sscanf(ltest, ""%255[^\r\n]"", strtest); assert( nbase != 255 && ntest != 255 ); if( nbase != 1 || ntest != 1 ) { fprintf(stderr, ""could not parse line from files\n"" ); goto cleanup; } if( strcmp( strbase, strtest ) != 0 ) { fprintf(stderr,""<%s> vs. <%s>\n"", strbase, strtest); goto cleanup; } } same = 1; printf(""\n***** TEST SUCCEED: Files are the same. *****\n""); cleanup: if(fbase) fclose(fbase); if(ftest) fclose(ftest); free(inParam.base_filename); free(inParam.test_filename); return same ? EXIT_SUCCESS : EXIT_FAILURE; }",visit repo url,tests/compare_dump_files.c,https://github.com/uclouvain/openjpeg,115700504155646,1 3659,CWE-190,"opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, opj_cp_t *p_cp, OPJ_UINT32 p_tile_no) { OPJ_UINT32 pino; OPJ_UINT32 compno, resno; OPJ_UINT32 * l_tmp_data; OPJ_UINT32 ** l_tmp_ptr; OPJ_UINT32 l_max_res; OPJ_UINT32 l_max_prec; OPJ_INT32 l_tx0,l_tx1,l_ty0,l_ty1; OPJ_UINT32 l_dx_min,l_dy_min; OPJ_UINT32 l_bound; OPJ_UINT32 l_step_p , l_step_c , l_step_r , l_step_l ; OPJ_UINT32 l_data_stride; opj_pi_iterator_t *l_pi = 00; opj_tcp_t *l_tcp = 00; const opj_tccp_t *l_tccp = 00; opj_pi_comp_t *l_current_comp = 00; opj_image_comp_t * l_img_comp = 00; opj_pi_iterator_t * l_current_pi = 00; OPJ_UINT32 * l_encoding_value_ptr = 00; assert(p_cp != 00); assert(p_image != 00); assert(p_tile_no < p_cp->tw * p_cp->th); l_tcp = &p_cp->tcps[p_tile_no]; l_bound = l_tcp->numpocs+1; l_data_stride = 4 * OPJ_J2K_MAXRLVLS; l_tmp_data = (OPJ_UINT32*)opj_malloc( l_data_stride * p_image->numcomps * sizeof(OPJ_UINT32)); if (! l_tmp_data) { return 00; } l_tmp_ptr = (OPJ_UINT32**)opj_malloc( p_image->numcomps * sizeof(OPJ_UINT32 *)); if (! l_tmp_ptr) { opj_free(l_tmp_data); return 00; } l_pi = opj_pi_create(p_image, p_cp, p_tile_no); if (!l_pi) { opj_free(l_tmp_data); opj_free(l_tmp_ptr); return 00; } l_encoding_value_ptr = l_tmp_data; for (compno = 0; compno < p_image->numcomps; ++compno) { l_tmp_ptr[compno] = l_encoding_value_ptr; l_encoding_value_ptr += l_data_stride; } opj_get_all_encoding_parameters(p_image,p_cp,p_tile_no,&l_tx0,&l_tx1,&l_ty0,&l_ty1,&l_dx_min,&l_dy_min,&l_max_prec,&l_max_res,l_tmp_ptr); l_step_p = 1; l_step_c = l_max_prec * l_step_p; l_step_r = p_image->numcomps * l_step_c; l_step_l = l_max_res * l_step_r; l_current_pi = l_pi; l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); if (!l_current_pi->include) { opj_free(l_tmp_data); opj_free(l_tmp_ptr); opj_pi_destroy(l_pi, l_bound); return 00; } l_current_comp = l_current_pi->comps; l_img_comp = p_image->comps; l_tccp = l_tcp->tccps; l_current_pi->tx0 = l_tx0; l_current_pi->ty0 = l_ty0; l_current_pi->tx1 = l_tx1; l_current_pi->ty1 = l_ty1; l_current_pi->step_p = l_step_p; l_current_pi->step_c = l_step_c; l_current_pi->step_r = l_step_r; l_current_pi->step_l = l_step_l; for (compno = 0; compno < l_current_pi->numcomps; ++compno) { opj_pi_resolution_t *l_res = l_current_comp->resolutions; l_encoding_value_ptr = l_tmp_ptr[compno]; l_current_comp->dx = l_img_comp->dx; l_current_comp->dy = l_img_comp->dy; for (resno = 0; resno < l_current_comp->numresolutions; resno++) { l_res->pdx = *(l_encoding_value_ptr++); l_res->pdy = *(l_encoding_value_ptr++); l_res->pw = *(l_encoding_value_ptr++); l_res->ph = *(l_encoding_value_ptr++); ++l_res; } ++l_current_comp; ++l_img_comp; ++l_tccp; } ++l_current_pi; for (pino = 1 ; pinocomps; l_img_comp = p_image->comps; l_tccp = l_tcp->tccps; l_current_pi->tx0 = l_tx0; l_current_pi->ty0 = l_ty0; l_current_pi->tx1 = l_tx1; l_current_pi->ty1 = l_ty1; l_current_pi->step_p = l_step_p; l_current_pi->step_c = l_step_c; l_current_pi->step_r = l_step_r; l_current_pi->step_l = l_step_l; for (compno = 0; compno < l_current_pi->numcomps; ++compno) { opj_pi_resolution_t *l_res = l_current_comp->resolutions; l_encoding_value_ptr = l_tmp_ptr[compno]; l_current_comp->dx = l_img_comp->dx; l_current_comp->dy = l_img_comp->dy; for (resno = 0; resno < l_current_comp->numresolutions; resno++) { l_res->pdx = *(l_encoding_value_ptr++); l_res->pdy = *(l_encoding_value_ptr++); l_res->pw = *(l_encoding_value_ptr++); l_res->ph = *(l_encoding_value_ptr++); ++l_res; } ++l_current_comp; ++l_img_comp; ++l_tccp; } l_current_pi->include = (l_current_pi-1)->include; ++l_current_pi; } opj_free(l_tmp_data); l_tmp_data = 00; opj_free(l_tmp_ptr); l_tmp_ptr = 00; if (l_tcp->POC) { opj_pi_update_decode_poc (l_pi,l_tcp,l_max_prec,l_max_res); } else { opj_pi_update_decode_not_poc(l_pi,l_tcp,l_max_prec,l_max_res); } return l_pi; }",visit repo url,src/lib/openjp2/pi.c,https://github.com/uclouvain/openjpeg,181740955960082,1 2557,['CWE-119'],"static int parse_lldiff_command(const char *var, const char *ep, const char *value) { const char *name; int namelen; struct ll_diff_driver *drv; name = var + 5; namelen = ep - name; for (drv = user_diff; drv; drv = drv->next) if (!strncmp(drv->name, name, namelen) && !drv->name[namelen]) break; if (!drv) { drv = xcalloc(1, sizeof(struct ll_diff_driver)); drv->name = xmemdupz(name, namelen); if (!user_diff_tail) user_diff_tail = &user_diff; *user_diff_tail = drv; user_diff_tail = &(drv->next); } return git_config_string(&(drv->cmd), var, value); }",git,,,291875530789731975464478505031370720453,0 4630,['CWE-399'],"int ext4_meta_trans_blocks(struct inode *inode, int nrblocks, int chunk) { int groups, gdpblocks; int idxblocks; int ret = 0; idxblocks = ext4_index_trans_blocks(inode, nrblocks, chunk); ret = idxblocks; groups = idxblocks; if (chunk) groups += 1; else groups += nrblocks; gdpblocks = groups; if (groups > EXT4_SB(inode->i_sb)->s_groups_count) groups = EXT4_SB(inode->i_sb)->s_groups_count; if (groups > EXT4_SB(inode->i_sb)->s_gdb_count) gdpblocks = EXT4_SB(inode->i_sb)->s_gdb_count; ret += groups + gdpblocks; ret += EXT4_META_TRANS_BLOCKS(inode->i_sb); return ret; }",linux-2.6,,,334027938698796423112776983379831985558,0 670,[],"int jpc_putuint32(jas_stream_t *out, uint_fast32_t val) { if (jas_stream_putc(out, (val >> 24) & 0xff) == EOF || jas_stream_putc(out, (val >> 16) & 0xff) == EOF || jas_stream_putc(out, (val >> 8) & 0xff) == EOF || jas_stream_putc(out, val & 0xff) == EOF) { return -1; } return 0; }",jasper,,,109604521734182046043793061307800028776,0 1943,CWE-401,"bfad_im_get_stats(struct Scsi_Host *shost) { struct bfad_im_port_s *im_port = (struct bfad_im_port_s *) shost->hostdata[0]; struct bfad_s *bfad = im_port->bfad; struct bfad_hal_comp fcomp; union bfa_port_stats_u *fcstats; struct fc_host_statistics *hstats; bfa_status_t rc; unsigned long flags; fcstats = kzalloc(sizeof(union bfa_port_stats_u), GFP_KERNEL); if (fcstats == NULL) return NULL; hstats = &bfad->link_stats; init_completion(&fcomp.comp); spin_lock_irqsave(&bfad->bfad_lock, flags); memset(hstats, 0, sizeof(struct fc_host_statistics)); rc = bfa_port_get_stats(BFA_FCPORT(&bfad->bfa), fcstats, bfad_hcb_comp, &fcomp); spin_unlock_irqrestore(&bfad->bfad_lock, flags); if (rc != BFA_STATUS_OK) return NULL; wait_for_completion(&fcomp.comp); hstats->seconds_since_last_reset = fcstats->fc.secs_reset; hstats->tx_frames = fcstats->fc.tx_frames; hstats->tx_words = fcstats->fc.tx_words; hstats->rx_frames = fcstats->fc.rx_frames; hstats->rx_words = fcstats->fc.rx_words; hstats->lip_count = fcstats->fc.lip_count; hstats->nos_count = fcstats->fc.nos_count; hstats->error_frames = fcstats->fc.error_frames; hstats->dumped_frames = fcstats->fc.dropped_frames; hstats->link_failure_count = fcstats->fc.link_failures; hstats->loss_of_sync_count = fcstats->fc.loss_of_syncs; hstats->loss_of_signal_count = fcstats->fc.loss_of_signals; hstats->prim_seq_protocol_err_count = fcstats->fc.primseq_errs; hstats->invalid_crc_count = fcstats->fc.invalid_crcs; kfree(fcstats); return hstats; }",visit repo url,drivers/scsi/bfa/bfad_attr.c,https://github.com/torvalds/linux,123027930193750,1 3478,['CWE-20'],"int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, struct iovec *data) { __u8 *target; int err = 0; target = skb_put(chunk->skb, len); if ((err = memcpy_fromiovecend(target, data, off, len))) goto out; chunk->chunk_hdr->length = htons(ntohs(chunk->chunk_hdr->length) + len); chunk->chunk_end = skb_tail_pointer(chunk->skb); out: return err; }",linux-2.6,,,277488086932679976392628165382546700880,0 2656,[],"static struct sk_buff *sctp_skb_recv_datagram(struct sock *sk, int flags, int noblock, int *err) { int error; struct sk_buff *skb; long timeo; timeo = sock_rcvtimeo(sk, noblock); SCTP_DEBUG_PRINTK(""Timeout: timeo: %ld, MAX: %ld.\n"", timeo, MAX_SCHEDULE_TIMEOUT); do { if (flags & MSG_PEEK) { spin_lock_bh(&sk->sk_receive_queue.lock); skb = skb_peek(&sk->sk_receive_queue); if (skb) atomic_inc(&skb->users); spin_unlock_bh(&sk->sk_receive_queue.lock); } else { skb = skb_dequeue(&sk->sk_receive_queue); } if (skb) return skb; error = sock_error(sk); if (error) goto no_packet; if (sk->sk_shutdown & RCV_SHUTDOWN) break; error = -EAGAIN; if (!timeo) goto no_packet; } while (sctp_wait_for_packet(sk, err, &timeo) == 0); return NULL; no_packet: *err = error; return NULL; }",linux-2.6,,,41791840295693256054713297830376473672,0 4146,CWE-119,"xmlParseNameComplex(xmlParserCtxtPtr ctxt) { int len = 0, l; int c; int count = 0; #ifdef DEBUG nbParseNameComplex++; #endif GROW; if (ctxt->instate == XML_PARSER_EOF) return(NULL); c = CUR_CHAR(l); if ((ctxt->options & XML_PARSE_OLD10) == 0) { if ((c == ' ') || (c == '>') || (c == '/') || (!(((c >= 'a') && (c <= 'z')) || ((c >= 'A') && (c <= 'Z')) || (c == '_') || (c == ':') || ((c >= 0xC0) && (c <= 0xD6)) || ((c >= 0xD8) && (c <= 0xF6)) || ((c >= 0xF8) && (c <= 0x2FF)) || ((c >= 0x370) && (c <= 0x37D)) || ((c >= 0x37F) && (c <= 0x1FFF)) || ((c >= 0x200C) && (c <= 0x200D)) || ((c >= 0x2070) && (c <= 0x218F)) || ((c >= 0x2C00) && (c <= 0x2FEF)) || ((c >= 0x3001) && (c <= 0xD7FF)) || ((c >= 0xF900) && (c <= 0xFDCF)) || ((c >= 0xFDF0) && (c <= 0xFFFD)) || ((c >= 0x10000) && (c <= 0xEFFFF))))) { return(NULL); } len += l; NEXTL(l); c = CUR_CHAR(l); while ((c != ' ') && (c != '>') && (c != '/') && (((c >= 'a') && (c <= 'z')) || ((c >= 'A') && (c <= 'Z')) || ((c >= '0') && (c <= '9')) || (c == '_') || (c == ':') || (c == '-') || (c == '.') || (c == 0xB7) || ((c >= 0xC0) && (c <= 0xD6)) || ((c >= 0xD8) && (c <= 0xF6)) || ((c >= 0xF8) && (c <= 0x2FF)) || ((c >= 0x300) && (c <= 0x36F)) || ((c >= 0x370) && (c <= 0x37D)) || ((c >= 0x37F) && (c <= 0x1FFF)) || ((c >= 0x200C) && (c <= 0x200D)) || ((c >= 0x203F) && (c <= 0x2040)) || ((c >= 0x2070) && (c <= 0x218F)) || ((c >= 0x2C00) && (c <= 0x2FEF)) || ((c >= 0x3001) && (c <= 0xD7FF)) || ((c >= 0xF900) && (c <= 0xFDCF)) || ((c >= 0xFDF0) && (c <= 0xFFFD)) || ((c >= 0x10000) && (c <= 0xEFFFF)) )) { if (count++ > XML_PARSER_CHUNK_SIZE) { count = 0; GROW; if (ctxt->instate == XML_PARSER_EOF) return(NULL); } len += l; NEXTL(l); c = CUR_CHAR(l); } } else { if ((c == ' ') || (c == '>') || (c == '/') || (!IS_LETTER(c) && (c != '_') && (c != ':'))) { return(NULL); } len += l; NEXTL(l); c = CUR_CHAR(l); while ((c != ' ') && (c != '>') && (c != '/') && ((IS_LETTER(c)) || (IS_DIGIT(c)) || (c == '.') || (c == '-') || (c == '_') || (c == ':') || (IS_COMBINING(c)) || (IS_EXTENDER(c)))) { if (count++ > XML_PARSER_CHUNK_SIZE) { count = 0; GROW; if (ctxt->instate == XML_PARSER_EOF) return(NULL); } len += l; NEXTL(l); c = CUR_CHAR(l); if (c == 0) { count = 0; GROW; if (ctxt->instate == XML_PARSER_EOF) return(NULL); c = CUR_CHAR(l); } } } if ((len > XML_MAX_NAME_LENGTH) && ((ctxt->options & XML_PARSE_HUGE) == 0)) { xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, ""Name""); return(NULL); } if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); }",visit repo url,parser.c,https://github.com/GNOME/libxml2,187323776795680,1 2674,CWE-190,"SPL_METHOD(SplFileInfo, getPathInfo) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); zend_class_entry *ce = intern->info_class; zend_error_handling error_handling; zend_replace_error_handling(EH_THROW, spl_ce_UnexpectedValueException, &error_handling TSRMLS_CC); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""|C"", &ce) == SUCCESS) { int path_len; char *path = spl_filesystem_object_get_pathname(intern, &path_len TSRMLS_CC); if (path) { char *dpath = estrndup(path, path_len); path_len = php_dirname(dpath, path_len); spl_filesystem_object_create_info(intern, dpath, path_len, 1, ce, return_value TSRMLS_CC); efree(dpath); } } zend_restore_error_handling(&error_handling TSRMLS_CC); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,16103927966929,1 5475,CWE-617,"pci_set_cfgdata16(struct pci_vdev *dev, int offset, uint16_t val) { assert(offset <= (PCI_REGMAX - 1) && (offset & 1) == 0); *(uint16_t *)(dev->cfgdata + offset) = val; }",visit repo url,devicemodel/include/pci_core.h,https://github.com/projectacrn/acrn-hypervisor,142900930011947,1 3732,CWE-125,"static int read_new_config_info (WavpackContext *wpc, WavpackMetadata *wpmd) { int bytecnt = wpmd->byte_length; unsigned char *byteptr = wpmd->data; wpc->version_five = 1; wpc->file_format = wpc->config.qmode = wpc->channel_layout = 0; if (wpc->channel_reordering) { free (wpc->channel_reordering); wpc->channel_reordering = NULL; } if (bytecnt) { wpc->file_format = *byteptr++; wpc->config.qmode = (wpc->config.qmode & ~0xff) | *byteptr++; bytecnt -= 2; if (bytecnt) { int nchans, i; wpc->channel_layout = (int32_t) *byteptr++ << 16; bytecnt--; if (bytecnt) { wpc->channel_layout += nchans = *byteptr++; bytecnt--; if (bytecnt) { if (bytecnt > nchans) return FALSE; wpc->channel_reordering = malloc (nchans); if (wpc->channel_reordering) { for (i = 0; i < nchans; ++i) if (bytecnt) { wpc->channel_reordering [i] = *byteptr++; bytecnt--; } else wpc->channel_reordering [i] = i; } } } else wpc->channel_layout += wpc->config.num_channels; } } return TRUE; }",visit repo url,src/open_utils.c,https://github.com/dbry/WavPack,215536530621628,1 4774,CWE-119,"static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) { muscle_private_t* priv = MUSCLE_DATA(card); mscfs_t *fs = priv->fs; int x; int count = 0; mscfs_check_cache(priv->fs); for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ""FILE: %02X%02X%02X%02X\n"", oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; if(buf[0] == 0x00 && buf[1] == 0x00) continue; buf += 2; count+=2; } } return count; }",visit repo url,src/libopensc/card-muscle.c,https://github.com/OpenSC/OpenSC,15195210024435,1 637,[],"int dccp_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen) { if (level != SOL_DCCP) return inet_csk(sk)->icsk_af_ops->setsockopt(sk, level, optname, optval, optlen); return do_dccp_setsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,331131588516957361484397891921504622286,0 3129,CWE-134,"void rrd_graph_options( int argc, char *argv[], image_desc_t *im) { int stroff; char *parsetime_error = NULL; char scan_gtm[12], scan_mtm[12], scan_ltm[12], col_nam[12]; char double_str[20], double_str2[20]; time_t start_tmp = 0, end_tmp = 0; long long_tmp; rrd_time_value_t start_tv, end_tv; long unsigned int color; #define LONGOPT_UNITS_SI 255 struct option long_options[] = { { ""alt-autoscale"", no_argument, 0, 'A'}, { ""imgformat"", required_argument, 0, 'a'}, { ""font-smoothing-threshold"", required_argument, 0, 'B'}, { ""base"", required_argument, 0, 'b'}, { ""color"", required_argument, 0, 'c'}, { ""full-size-mode"", no_argument, 0, 'D'}, { ""daemon"", required_argument, 0, 'd'}, { ""slope-mode"", no_argument, 0, 'E'}, { ""end"", required_argument, 0, 'e'}, { ""force-rules-legend"", no_argument, 0, 'F'}, { ""imginfo"", required_argument, 0, 'f'}, { ""graph-render-mode"", required_argument, 0, 'G'}, { ""no-legend"", no_argument, 0, 'g'}, { ""height"", required_argument, 0, 'h'}, { ""no-minor"", no_argument, 0, 'I'}, { ""interlaced"", no_argument, 0, 'i'}, { ""alt-autoscale-min"", no_argument, 0, 'J'}, { ""only-graph"", no_argument, 0, 'j'}, { ""units-length"", required_argument, 0, 'L'}, { ""lower-limit"", required_argument, 0, 'l'}, { ""alt-autoscale-max"", no_argument, 0, 'M'}, { ""zoom"", required_argument, 0, 'm'}, { ""no-gridfit"", no_argument, 0, 'N'}, { ""font"", required_argument, 0, 'n'}, { ""logarithmic"", no_argument, 0, 'o'}, { ""pango-markup"", no_argument, 0, 'P'}, { ""font-render-mode"", required_argument, 0, 'R'}, { ""rigid"", no_argument, 0, 'r'}, { ""step"", required_argument, 0, 'S'}, { ""start"", required_argument, 0, 's'}, { ""tabwidth"", required_argument, 0, 'T'}, { ""title"", required_argument, 0, 't'}, { ""upper-limit"", required_argument, 0, 'u'}, { ""vertical-label"", required_argument, 0, 'v'}, { ""watermark"", required_argument, 0, 'W'}, { ""width"", required_argument, 0, 'w'}, { ""units-exponent"", required_argument, 0, 'X'}, { ""x-grid"", required_argument, 0, 'x'}, { ""alt-y-grid"", no_argument, 0, 'Y'}, { ""y-grid"", required_argument, 0, 'y'}, { ""lazy"", no_argument, 0, 'z'}, { ""use-nan-for-all-missing-data"", no_argument, 0, 'Z'}, { ""units"", required_argument, 0, LONGOPT_UNITS_SI}, { ""alt-y-mrtg"", no_argument, 0, 1000}, { ""disable-rrdtool-tag"",no_argument, 0, 1001}, { ""right-axis"", required_argument, 0, 1002}, { ""right-axis-label"", required_argument, 0, 1003}, { ""right-axis-format"", required_argument, 0, 1004}, { ""legend-position"", required_argument, 0, 1005}, { ""legend-direction"", required_argument, 0, 1006}, { ""border"", required_argument, 0, 1007}, { ""grid-dash"", required_argument, 0, 1008}, { ""dynamic-labels"", no_argument, 0, 1009}, { ""week-fmt"", required_argument, 0, 1010}, { ""graph-type"", required_argument, 0, 1011}, { ""left-axis-format"", required_argument, 0, 1012}, { 0, 0, 0, 0} }; optind = 0; opterr = 0; rrd_parsetime(""end-24h"", &start_tv); rrd_parsetime(""now"", &end_tv); while (1) { int option_index = 0; int opt; int col_start, col_end; opt = getopt_long(argc, argv, ""Aa:B:b:c:Dd:Ee:Ff:G:gh:IiJjL:l:Mm:Nn:oPR:rS:s:T:t:u:v:W:w:X:x:Yy:Zz"", long_options, &option_index); if (opt == EOF) break; switch (opt) { case 'I': im->extra_flags |= NOMINOR; break; case 'Y': im->extra_flags |= ALTYGRID; break; case 'A': im->extra_flags |= ALTAUTOSCALE; break; case 'J': im->extra_flags |= ALTAUTOSCALE_MIN; break; case 'M': im->extra_flags |= ALTAUTOSCALE_MAX; break; case 'j': im->extra_flags |= ONLY_GRAPH; break; case 'g': im->extra_flags |= NOLEGEND; break; case 'Z': im->extra_flags |= ALLOW_MISSING_DS; break; case 1005: if (strcmp(optarg, ""north"") == 0) { im->legendposition = NORTH; } else if (strcmp(optarg, ""west"") == 0) { im->legendposition = WEST; } else if (strcmp(optarg, ""south"") == 0) { im->legendposition = SOUTH; } else if (strcmp(optarg, ""east"") == 0) { im->legendposition = EAST; } else { rrd_set_error(""unknown legend-position '%s'"", optarg); return; } break; case 1006: if (strcmp(optarg, ""topdown"") == 0) { im->legenddirection = TOP_DOWN; } else if (strcmp(optarg, ""bottomup"") == 0) { im->legenddirection = BOTTOM_UP; } else if (strcmp(optarg, ""bottomup2"") == 0) { im->legenddirection = BOTTOM_UP2; } else { rrd_set_error(""unknown legend-position '%s'"", optarg); return; } break; case 'F': im->extra_flags |= FORCE_RULES_LEGEND; break; case 1001: im->extra_flags |= NO_RRDTOOL_TAG; break; case LONGOPT_UNITS_SI: if (im->extra_flags & FORCE_UNITS) { rrd_set_error(""--units can only be used once!""); return; } if (strcmp(optarg, ""si"") == 0) im->extra_flags |= FORCE_UNITS_SI; else { rrd_set_error(""invalid argument for --units: %s"", optarg); return; } break; case 'X': im->unitsexponent = atoi(optarg); break; case 'L': im->unitslength = atoi(optarg); im->forceleftspace = 1; break; case 'T': if (rrd_strtodbl(optarg, 0, &(im->tabwidth), ""option -T"") != 2) return; break; case 'S': im->step = atoi(optarg); break; case 'N': im->gridfit = 0; break; case 'P': im->with_markup = 1; break; case 's': if ((parsetime_error = rrd_parsetime(optarg, &start_tv))) { rrd_set_error(""start time: %s"", parsetime_error); return; } break; case 'e': if ((parsetime_error = rrd_parsetime(optarg, &end_tv))) { rrd_set_error(""end time: %s"", parsetime_error); return; } break; case 'x': if (strcmp(optarg, ""none"") == 0) { im->draw_x_grid = 0; break; }; if (sscanf(optarg, ""%10[A-Z]:%ld:%10[A-Z]:%ld:%10[A-Z]:%ld:%ld:%n"", scan_gtm, &im->xlab_user.gridst, scan_mtm, &im->xlab_user.mgridst, scan_ltm, &im->xlab_user.labst, &im->xlab_user.precis, &stroff) == 7 && stroff != 0) { im->xlab_form=strdup(optarg + stroff); if (!im->xlab_form) { rrd_set_error(""cannot allocate memory for xlab_form""); return; } if ((int) (im->xlab_user.gridtm = tmt_conv(scan_gtm)) == -1) { rrd_set_error(""unknown keyword %s"", scan_gtm); return; } else if ((int) (im->xlab_user.mgridtm = tmt_conv(scan_mtm)) == -1) { rrd_set_error(""unknown keyword %s"", scan_mtm); return; } else if ((int) (im->xlab_user.labtm = tmt_conv(scan_ltm)) == -1) { rrd_set_error(""unknown keyword %s"", scan_ltm); return; } im->xlab_user.minsec = 1; im->xlab_user.stst = im->xlab_form ? im->xlab_form : """"; } else { rrd_set_error(""invalid x-grid format""); return; } break; case 'y': if (strcmp(optarg, ""none"") == 0) { im->draw_y_grid = 0; break; }; if (sscanf(optarg, ""%[-0-9.e+]:%d"", double_str , &im->ylabfact) == 2) { if (rrd_strtodbl( double_str, 0, &(im->ygridstep), ""option -y"") != 2){ return; } if (im->ygridstep <= 0) { rrd_set_error(""grid step must be > 0""); return; } else if (im->ylabfact < 1) { rrd_set_error(""label factor must be > 0""); return; } } else { rrd_set_error(""invalid y-grid format""); return; } break; case 1007: im->draw_3d_border = atoi(optarg); break; case 1008: if(sscanf(optarg, ""%[-0-9.e+]:%[-0-9.e+]"", double_str, double_str2 ) != 2) { if ( rrd_strtodbl( double_str, 0, &(im->grid_dash_on),NULL) !=2 || rrd_strtodbl( double_str2, 0, &(im->grid_dash_off), NULL) != 2 ){ rrd_set_error(""expected grid-dash format float:float""); return; } } break; case 1009: im->dynamic_labels = 1; break; case 1010: strncpy(week_fmt,optarg,sizeof week_fmt); week_fmt[(sizeof week_fmt)-1]='\0'; break; case 1002: if(sscanf(optarg, ""%[-0-9.e+]:%[-0-9.e+]"", double_str, double_str2 ) == 2 && rrd_strtodbl( double_str, 0, &(im->second_axis_scale),NULL) == 2 && rrd_strtodbl( double_str2, 0, &(im->second_axis_shift),NULL) == 2){ if(im->second_axis_scale==0){ rrd_set_error(""the second_axis_scale must not be 0""); return; } } else { rrd_set_error(""invalid right-axis format expected scale:shift""); return; } break; case 1003: im->second_axis_legend=strdup(optarg); if (!im->second_axis_legend) { rrd_set_error(""cannot allocate memory for second_axis_legend""); return; } break; case 1004: if (bad_format(optarg)){ rrd_set_error(""use either %le or %lf formats""); return; } im->second_axis_format=strdup(optarg); if (!im->second_axis_format) { rrd_set_error(""cannot allocate memory for second_axis_format""); return; } break; case 1012: if (bad_format(optarg)){ rrd_set_error(""use either %le or %lf formats""); return; } im->primary_axis_format=strdup(optarg); if (!im->primary_axis_format) { rrd_set_error(""cannot allocate memory for primary_axis_format""); return; } break; case 'v': im->ylegend=strdup(optarg); if (!im->ylegend) { rrd_set_error(""cannot allocate memory for ylegend""); return; } break; case 'u': if (rrd_strtodbl(optarg, 0, &(im->maxval), ""option -u"") != 2){ return; } break; case 'l': if (rrd_strtodbl(optarg, 0, &(im->minval), ""option -l"") != 2){ return; } break; case 'b': im->base = atol(optarg); if (im->base != 1024 && im->base != 1000) { rrd_set_error (""the only sensible value for base apart from 1000 is 1024""); return; } break; case 'w': long_tmp = atol(optarg); if (long_tmp < 10) { rrd_set_error(""width below 10 pixels""); return; } im->xsize = long_tmp; break; case 'h': long_tmp = atol(optarg); if (long_tmp < 10) { rrd_set_error(""height below 10 pixels""); return; } im->ysize = long_tmp; break; case 'D': im->extra_flags |= FULL_SIZE_MODE; break; case 'i': break; case 'r': im->rigid = 1; break; case 'f': im->imginfo = optarg; break; case 'a': if ((int) (im->imgformat = if_conv(optarg)) == -1) { rrd_set_error(""unsupported graphics format '%s'"", optarg); return; } break; case 1011: if ((int) (im->graph_type = type_conv(optarg)) == -1) { rrd_set_error(""unsupported graphics type '%s'"", optarg); return; } break; case 'z': im->lazy = 1; break; case 'E': im->slopemode = 1; break; case 'o': im->logarithmic = 1; break; case 'c': if (sscanf(optarg, ""%10[A-Z]#%n%8lx%n"", col_nam, &col_start, &color, &col_end) == 2) { int ci; int col_len = col_end - col_start; switch (col_len) { case 3: color = (((color & 0xF00) * 0x110000) | ((color & 0x0F0) * 0x011000) | ((color & 0x00F) * 0x001100) | 0x000000FF); break; case 4: color = (((color & 0xF000) * 0x11000) | ((color & 0x0F00) * 0x01100) | ((color & 0x00F0) * 0x00110) | ((color & 0x000F) * 0x00011) ); break; case 6: color = (color << 8) + 0xff ; break; case 8: break; default: rrd_set_error(""the color format is #RRGGBB[AA]""); return; } if ((ci = grc_conv(col_nam)) != -1) { im->graph_col[ci] = gfx_hex_to_col(color); } else { rrd_set_error(""invalid color name '%s'"", col_nam); return; } } else { rrd_set_error(""invalid color def format""); return; } break; case 'n':{ char prop[15]; double size = 1; int end; if (sscanf(optarg, ""%10[A-Z]:%[-0-9.e+]%n"", prop, double_str, &end) >= 2 && rrd_strtodbl( double_str, 0, &size, NULL) == 2) { int sindex, propidx; if ((sindex = text_prop_conv(prop)) != -1) { for (propidx = sindex; propidx < TEXT_PROP_LAST; propidx++) { if (size > 0) { rrd_set_font_desc(im,propidx,NULL,size); } if ((int) strlen(optarg) > end+2) { if (optarg[end] == ':') { rrd_set_font_desc(im,propidx,optarg + end + 1,0); } else { rrd_set_error (""expected : after font size in '%s'"", optarg); return; } } if (propidx == sindex && sindex != 0) break; } } else { rrd_set_error(""invalid fonttag '%s'"", prop); return; } } else { rrd_set_error(""invalid text property format""); return; } break; } case 'm': if (rrd_strtodbl(optarg, 0, &(im->zoom), ""option -m"") != 2){ return; } if (im->zoom <= 0.0) { rrd_set_error(""zoom factor must be > 0""); return; } break; case 't': im->title=strdup(optarg); if (!im->title) { rrd_set_error(""cannot allocate memory for title""); return; } break; case 'R': if (strcmp(optarg, ""normal"") == 0) { cairo_font_options_set_antialias (im->font_options, CAIRO_ANTIALIAS_GRAY); cairo_font_options_set_hint_style (im->font_options, CAIRO_HINT_STYLE_FULL); } else if (strcmp(optarg, ""light"") == 0) { cairo_font_options_set_antialias (im->font_options, CAIRO_ANTIALIAS_GRAY); cairo_font_options_set_hint_style (im->font_options, CAIRO_HINT_STYLE_SLIGHT); } else if (strcmp(optarg, ""mono"") == 0) { cairo_font_options_set_antialias (im->font_options, CAIRO_ANTIALIAS_NONE); cairo_font_options_set_hint_style (im->font_options, CAIRO_HINT_STYLE_FULL); } else { rrd_set_error(""unknown font-render-mode '%s'"", optarg); return; } break; case 'G': if (strcmp(optarg, ""normal"") == 0) im->graph_antialias = CAIRO_ANTIALIAS_GRAY; else if (strcmp(optarg, ""mono"") == 0) im->graph_antialias = CAIRO_ANTIALIAS_NONE; else { rrd_set_error(""unknown graph-render-mode '%s'"", optarg); return; } break; case 'B': break; case 'W': im->watermark=strdup(optarg); if (!im->watermark) { rrd_set_error(""cannot allocate memory for watermark""); return; } break; case 'd': { if (im->daemon_addr != NULL) { rrd_set_error (""You cannot specify --daemon "" ""more than once.""); return; } im->daemon_addr = strdup(optarg); if (im->daemon_addr == NULL) { rrd_set_error(""strdup failed""); return; } break; } case '?': if (optopt != 0) rrd_set_error(""unknown option '%c'"", optopt); else rrd_set_error(""unknown option '%s'"", argv[optind - 1]); return; } } pango_cairo_context_set_font_options(pango_layout_get_context(im->layout), im->font_options); pango_layout_context_changed(im->layout); if (im->logarithmic && im->minval <= 0) { rrd_set_error (""for a logarithmic yaxis you must specify a lower-limit > 0""); return; } if (rrd_proc_start_end(&start_tv, &end_tv, &start_tmp, &end_tmp) == -1) { return; } if (start_tmp < 3600 * 24 * 365 * 10) { rrd_set_error (""the first entry to fetch should be after 1980 (%ld)"", start_tmp); return; } if (end_tmp < start_tmp) { rrd_set_error (""start (%ld) should be less than end (%ld)"", start_tmp, end_tmp); return; } im->start = start_tmp; im->end = end_tmp; im->step = max((long) im->step, (im->end - im->start) / im->xsize); }",visit repo url,src/rrd_graph.c,https://github.com/oetiker/rrdtool-1.x,108284283125636,1 4245,['CWE-119'],"sctp_disposition_t sctp_sf_autoclose_timer_expire( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { int disposition; SCTP_INC_STATS(SCTP_MIB_AUTOCLOSE_EXPIREDS); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING)); disposition = SCTP_DISPOSITION_CONSUME; if (sctp_outq_is_empty(&asoc->outqueue)) { disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type, arg, commands); } return disposition; }",linux-2.6,,,161859865766509773780821136154437931139,0 56,['CWE-787'],"static uint32_t cirrus_vga_mem_readl(void *opaque, target_phys_addr_t addr) { uint32_t v; #ifdef TARGET_WORDS_BIGENDIAN v = cirrus_vga_mem_readb(opaque, addr) << 24; v |= cirrus_vga_mem_readb(opaque, addr + 1) << 16; v |= cirrus_vga_mem_readb(opaque, addr + 2) << 8; v |= cirrus_vga_mem_readb(opaque, addr + 3); #else v = cirrus_vga_mem_readb(opaque, addr); v |= cirrus_vga_mem_readb(opaque, addr + 1) << 8; v |= cirrus_vga_mem_readb(opaque, addr + 2) << 16; v |= cirrus_vga_mem_readb(opaque, addr + 3) << 24; #endif return v; }",qemu,,,158068806188031166744757382731131128639,0 1855,['CWE-189'],"_gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, cipher_suite_st ** cipherSuites, int numCipherSuites, gnutls_pk_algorithm_t requested_pk_algo) { int ret = 0; cipher_suite_st *newSuite, cs; int newSuiteSize = 0, i; gnutls_certificate_credentials_t cert_cred; gnutls_kx_algorithm_t kx; int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; gnutls_kx_algorithm_t *alg = NULL; int alg_size = 0; cert_cred = (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); if (session->security_parameters.entity == GNUTLS_SERVER && cert_cred != NULL) { ret = _gnutls_server_select_cert (session, requested_pk_algo); if (ret < 0) { gnutls_assert (); _gnutls_x509_log(""Could not find an appropriate certificate: %s\n"", gnutls_strerror(ret)); cert_cred = NULL; } } if ((ret = _gnutls_selected_cert_supported_kx (session, &alg, &alg_size)) < 0) { gnutls_assert (); return ret; } newSuite = gnutls_malloc (numCipherSuites * sizeof (cipher_suite_st)); if (newSuite == NULL) { gnutls_assert (); gnutls_free (alg); return GNUTLS_E_MEMORY_ERROR; } for (i = 0; i < numCipherSuites; i++) { int delete = 0; kx = _gnutls_cipher_suite_get_kx_algo (&(*cipherSuites)[i]); if (_gnutls_get_kx_cred (session, kx, NULL) == NULL) { delete = 1; } else { delete = 0; if (server) delete = check_server_params (session, kx, alg, alg_size); } if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) { if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL)) delete = 1; } memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2); if (delete == 0) { _gnutls_handshake_log (""HSK[%x]: Keeping ciphersuite: %s\n"", session, _gnutls_cipher_suite_get_name (&cs)); memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2); newSuiteSize++; } else { _gnutls_handshake_log (""HSK[%x]: Removing ciphersuite: %s\n"", session, _gnutls_cipher_suite_get_name (&cs)); } } gnutls_free (alg); gnutls_free (*cipherSuites); *cipherSuites = newSuite; ret = newSuiteSize; return ret; }",gnutls,,,321204478264932348436253273804680550200,0 5886,['CWE-200'],"static int nr_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { struct sock *sk = sock->sk; struct nr_sock *nr = nr_sk(sk); struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr; struct net_device *dev; ax25_uid_assoc *user; ax25_address *source; lock_sock(sk); if (!sock_flag(sk, SOCK_ZAPPED)) { release_sock(sk); return -EINVAL; } if (addr_len < sizeof(struct sockaddr_ax25) || addr_len > sizeof(struct full_sockaddr_ax25)) { release_sock(sk); return -EINVAL; } if (addr_len < (addr->fsa_ax25.sax25_ndigis * sizeof(ax25_address) + sizeof(struct sockaddr_ax25))) { release_sock(sk); return -EINVAL; } if (addr->fsa_ax25.sax25_family != AF_NETROM) { release_sock(sk); return -EINVAL; } if ((dev = nr_dev_get(&addr->fsa_ax25.sax25_call)) == NULL) { SOCK_DEBUG(sk, ""NET/ROM: bind failed: invalid node callsign\n""); release_sock(sk); return -EADDRNOTAVAIL; } if (addr->fsa_ax25.sax25_ndigis == 1) { if (!capable(CAP_NET_BIND_SERVICE)) { dev_put(dev); release_sock(sk); return -EACCES; } nr->user_addr = addr->fsa_digipeater[0]; nr->source_addr = addr->fsa_ax25.sax25_call; } else { source = &addr->fsa_ax25.sax25_call; user = ax25_findbyuid(current_euid()); if (user) { nr->user_addr = user->call; ax25_uid_put(user); } else { if (ax25_uid_policy && !capable(CAP_NET_BIND_SERVICE)) { release_sock(sk); dev_put(dev); return -EPERM; } nr->user_addr = *source; } nr->source_addr = *source; } nr->device = dev; nr_insert_socket(sk); sock_reset_flag(sk, SOCK_ZAPPED); dev_put(dev); release_sock(sk); SOCK_DEBUG(sk, ""NET/ROM: socket is bound\n""); return 0; }",linux-2.6,,,133603494973383536434999065519501140526,0 966,['CWE-189'],"ProcShmQueryVersion(client) register ClientPtr client; { xShmQueryVersionReply rep; register int n; REQUEST_SIZE_MATCH(xShmQueryVersionReq); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; rep.sharedPixmaps = sharedPixmaps; rep.pixmapFormat = pixmapFormat; rep.majorVersion = SHM_MAJOR_VERSION; rep.minorVersion = SHM_MINOR_VERSION; rep.uid = geteuid(); rep.gid = getegid(); if (client->swapped) { swaps(&rep.sequenceNumber, n); swapl(&rep.length, n); swaps(&rep.majorVersion, n); swaps(&rep.minorVersion, n); swaps(&rep.uid, n); swaps(&rep.gid, n); } WriteToClient(client, sizeof(xShmQueryVersionReply), (char *)&rep); return (client->noClientException); }",xserver,,,134936486129868114855775734454616679104,0 702,CWE-20,"int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; size_t copied; int err; BT_DBG(""sock %p sk %p len %zu"", sock, sk, len); if (flags & (MSG_OOB)) return -EOPNOTSUPP; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) { if (sk->sk_shutdown & RCV_SHUTDOWN) { msg->msg_namelen = 0; return 0; } return err; } copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err == 0) { sock_recv_ts_and_drops(msg, sk, skb); if (bt_sk(sk)->skb_msg_name) bt_sk(sk)->skb_msg_name(skb, msg->msg_name, &msg->msg_namelen); else msg->msg_namelen = 0; } skb_free_datagram(sk, skb); return err ? : copied; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,145229541403126,1 558,CWE-189,"void* ipc_alloc(int size) { void* out; if(size > PAGE_SIZE) out = vmalloc(size); else out = kmalloc(size, GFP_KERNEL); return out; }",visit repo url,ipc/util.c,https://github.com/torvalds/linux,229198930973453,1 2440,CWE-476,"static int show_stream(WriterContext *w, AVFormatContext *fmt_ctx, int stream_idx, InputStream *ist, int in_program) { AVStream *stream = ist->st; AVCodecParameters *par; AVCodecContext *dec_ctx; char val_str[128]; const char *s; AVRational sar, dar; AVBPrint pbuf; const AVCodecDescriptor *cd; int ret = 0; const char *profile = NULL; av_bprint_init(&pbuf, 1, AV_BPRINT_SIZE_UNLIMITED); writer_print_section_header(w, in_program ? SECTION_ID_PROGRAM_STREAM : SECTION_ID_STREAM); print_int(""index"", stream->index); par = stream->codecpar; dec_ctx = ist->dec_ctx; if (cd = avcodec_descriptor_get(par->codec_id)) { print_str(""codec_name"", cd->name); if (!do_bitexact) { print_str(""codec_long_name"", cd->long_name ? cd->long_name : ""unknown""); } } else { print_str_opt(""codec_name"", ""unknown""); if (!do_bitexact) { print_str_opt(""codec_long_name"", ""unknown""); } } if (!do_bitexact && (profile = avcodec_profile_name(par->codec_id, par->profile))) print_str(""profile"", profile); else { if (par->profile != FF_PROFILE_UNKNOWN) { char profile_num[12]; snprintf(profile_num, sizeof(profile_num), ""%d"", par->profile); print_str(""profile"", profile_num); } else print_str_opt(""profile"", ""unknown""); } s = av_get_media_type_string(par->codec_type); if (s) print_str (""codec_type"", s); else print_str_opt(""codec_type"", ""unknown""); #if FF_API_LAVF_AVCTX if (dec_ctx) print_q(""codec_time_base"", dec_ctx->time_base, '/'); #endif print_str(""codec_tag_string"", av_fourcc2str(par->codec_tag)); print_fmt(""codec_tag"", ""0x%04""PRIx32, par->codec_tag); switch (par->codec_type) { case AVMEDIA_TYPE_VIDEO: print_int(""width"", par->width); print_int(""height"", par->height); if (dec_ctx) { print_int(""coded_width"", dec_ctx->coded_width); print_int(""coded_height"", dec_ctx->coded_height); } print_int(""has_b_frames"", par->video_delay); sar = av_guess_sample_aspect_ratio(fmt_ctx, stream, NULL); if (sar.den) { print_q(""sample_aspect_ratio"", sar, ':'); av_reduce(&dar.num, &dar.den, par->width * sar.num, par->height * sar.den, 1024*1024); print_q(""display_aspect_ratio"", dar, ':'); } else { print_str_opt(""sample_aspect_ratio"", ""N/A""); print_str_opt(""display_aspect_ratio"", ""N/A""); } s = av_get_pix_fmt_name(par->format); if (s) print_str (""pix_fmt"", s); else print_str_opt(""pix_fmt"", ""unknown""); print_int(""level"", par->level); if (par->color_range != AVCOL_RANGE_UNSPECIFIED) print_str (""color_range"", av_color_range_name(par->color_range)); else print_str_opt(""color_range"", ""N/A""); if (par->color_space != AVCOL_SPC_UNSPECIFIED) print_str(""color_space"", av_color_space_name(par->color_space)); else print_str_opt(""color_space"", av_color_space_name(par->color_space)); if (par->color_trc != AVCOL_TRC_UNSPECIFIED) print_str(""color_transfer"", av_color_transfer_name(par->color_trc)); else print_str_opt(""color_transfer"", av_color_transfer_name(par->color_trc)); if (par->color_primaries != AVCOL_PRI_UNSPECIFIED) print_str(""color_primaries"", av_color_primaries_name(par->color_primaries)); else print_str_opt(""color_primaries"", av_color_primaries_name(par->color_primaries)); if (par->chroma_location != AVCHROMA_LOC_UNSPECIFIED) print_str(""chroma_location"", av_chroma_location_name(par->chroma_location)); else print_str_opt(""chroma_location"", av_chroma_location_name(par->chroma_location)); if (par->field_order == AV_FIELD_PROGRESSIVE) print_str(""field_order"", ""progressive""); else if (par->field_order == AV_FIELD_TT) print_str(""field_order"", ""tt""); else if (par->field_order == AV_FIELD_BB) print_str(""field_order"", ""bb""); else if (par->field_order == AV_FIELD_TB) print_str(""field_order"", ""tb""); else if (par->field_order == AV_FIELD_BT) print_str(""field_order"", ""bt""); else print_str_opt(""field_order"", ""unknown""); #if FF_API_PRIVATE_OPT if (dec_ctx && dec_ctx->timecode_frame_start >= 0) { char tcbuf[AV_TIMECODE_STR_SIZE]; av_timecode_make_mpeg_tc_string(tcbuf, dec_ctx->timecode_frame_start); print_str(""timecode"", tcbuf); } else { print_str_opt(""timecode"", ""N/A""); } #endif if (dec_ctx) print_int(""refs"", dec_ctx->refs); break; case AVMEDIA_TYPE_AUDIO: s = av_get_sample_fmt_name(par->format); if (s) print_str (""sample_fmt"", s); else print_str_opt(""sample_fmt"", ""unknown""); print_val(""sample_rate"", par->sample_rate, unit_hertz_str); print_int(""channels"", par->channels); if (par->channel_layout) { av_bprint_clear(&pbuf); av_bprint_channel_layout(&pbuf, par->channels, par->channel_layout); print_str (""channel_layout"", pbuf.str); } else { print_str_opt(""channel_layout"", ""unknown""); } print_int(""bits_per_sample"", av_get_bits_per_sample(par->codec_id)); break; case AVMEDIA_TYPE_SUBTITLE: if (par->width) print_int(""width"", par->width); else print_str_opt(""width"", ""N/A""); if (par->height) print_int(""height"", par->height); else print_str_opt(""height"", ""N/A""); break; } if (dec_ctx && dec_ctx->codec && dec_ctx->codec->priv_class && show_private_data) { const AVOption *opt = NULL; while (opt = av_opt_next(dec_ctx->priv_data,opt)) { uint8_t *str; if (opt->flags) continue; if (av_opt_get(dec_ctx->priv_data, opt->name, 0, &str) >= 0) { print_str(opt->name, str); av_free(str); } } } if (fmt_ctx->iformat->flags & AVFMT_SHOW_IDS) print_fmt (""id"", ""0x%x"", stream->id); else print_str_opt(""id"", ""N/A""); print_q(""r_frame_rate"", stream->r_frame_rate, '/'); print_q(""avg_frame_rate"", stream->avg_frame_rate, '/'); print_q(""time_base"", stream->time_base, '/'); print_ts (""start_pts"", stream->start_time); print_time(""start_time"", stream->start_time, &stream->time_base); print_ts (""duration_ts"", stream->duration); print_time(""duration"", stream->duration, &stream->time_base); if (par->bit_rate > 0) print_val (""bit_rate"", par->bit_rate, unit_bit_per_second_str); else print_str_opt(""bit_rate"", ""N/A""); #if FF_API_LAVF_AVCTX if (stream->codec->rc_max_rate > 0) print_val (""max_bit_rate"", stream->codec->rc_max_rate, unit_bit_per_second_str); else print_str_opt(""max_bit_rate"", ""N/A""); #endif if (dec_ctx && dec_ctx->bits_per_raw_sample > 0) print_fmt(""bits_per_raw_sample"", ""%d"", dec_ctx->bits_per_raw_sample); else print_str_opt(""bits_per_raw_sample"", ""N/A""); if (stream->nb_frames) print_fmt (""nb_frames"", ""%""PRId64, stream->nb_frames); else print_str_opt(""nb_frames"", ""N/A""); if (nb_streams_frames[stream_idx]) print_fmt (""nb_read_frames"", ""%""PRIu64, nb_streams_frames[stream_idx]); else print_str_opt(""nb_read_frames"", ""N/A""); if (nb_streams_packets[stream_idx]) print_fmt (""nb_read_packets"", ""%""PRIu64, nb_streams_packets[stream_idx]); else print_str_opt(""nb_read_packets"", ""N/A""); if (do_show_data) writer_print_data(w, ""extradata"", par->extradata, par->extradata_size); writer_print_data_hash(w, ""extradata_hash"", par->extradata, par->extradata_size); #define PRINT_DISPOSITION(flagname, name) do { \ print_int(name, !!(stream->disposition & AV_DISPOSITION_##flagname)); \ } while (0) if (do_show_stream_disposition) { writer_print_section_header(w, in_program ? SECTION_ID_PROGRAM_STREAM_DISPOSITION : SECTION_ID_STREAM_DISPOSITION); PRINT_DISPOSITION(DEFAULT, ""default""); PRINT_DISPOSITION(DUB, ""dub""); PRINT_DISPOSITION(ORIGINAL, ""original""); PRINT_DISPOSITION(COMMENT, ""comment""); PRINT_DISPOSITION(LYRICS, ""lyrics""); PRINT_DISPOSITION(KARAOKE, ""karaoke""); PRINT_DISPOSITION(FORCED, ""forced""); PRINT_DISPOSITION(HEARING_IMPAIRED, ""hearing_impaired""); PRINT_DISPOSITION(VISUAL_IMPAIRED, ""visual_impaired""); PRINT_DISPOSITION(CLEAN_EFFECTS, ""clean_effects""); PRINT_DISPOSITION(ATTACHED_PIC, ""attached_pic""); PRINT_DISPOSITION(TIMED_THUMBNAILS, ""timed_thumbnails""); writer_print_section_footer(w); } if (do_show_stream_tags) ret = show_tags(w, stream->metadata, in_program ? SECTION_ID_PROGRAM_STREAM_TAGS : SECTION_ID_STREAM_TAGS); if (stream->nb_side_data) { print_pkt_side_data(w, stream->codecpar, stream->side_data, stream->nb_side_data, SECTION_ID_STREAM_SIDE_DATA_LIST, SECTION_ID_STREAM_SIDE_DATA); } writer_print_section_footer(w); av_bprint_finalize(&pbuf, NULL); fflush(stdout); return ret; }",visit repo url,ffprobe.c,https://github.com/FFmpeg/FFmpeg,232671807918474,1 3911,['CWE-399'],"static int tda9840_checkit(struct CHIPSTATE *chip) { int rc; rc = chip_read(chip); return ((rc & 0x1f) == 0) ? 1 : 0; }",linux-2.6,,,302046400266889831129599831175714098685,0 5943,['CWE-909'],"static int tc_fill_qdisc(struct sk_buff *skb, struct Qdisc *q, u32 clid, u32 pid, u32 seq, u16 flags, int event) { struct tcmsg *tcm; struct nlmsghdr *nlh; unsigned char *b = skb_tail_pointer(skb); struct gnet_dump d; nlh = NLMSG_NEW(skb, pid, seq, event, sizeof(*tcm), flags); tcm = NLMSG_DATA(nlh); tcm->tcm_family = AF_UNSPEC; tcm->tcm__pad1 = 0; tcm->tcm__pad2 = 0; tcm->tcm_ifindex = qdisc_dev(q)->ifindex; tcm->tcm_parent = clid; tcm->tcm_handle = q->handle; tcm->tcm_info = atomic_read(&q->refcnt); NLA_PUT_STRING(skb, TCA_KIND, q->ops->id); if (q->ops->dump && q->ops->dump(q, skb) < 0) goto nla_put_failure; q->qstats.qlen = q->q.qlen; if (q->stab && qdisc_dump_stab(skb, q->stab) < 0) goto nla_put_failure; if (gnet_stats_start_copy_compat(skb, TCA_STATS2, TCA_STATS, TCA_XSTATS, qdisc_root_sleeping_lock(q), &d) < 0) goto nla_put_failure; if (q->ops->dump_stats && q->ops->dump_stats(q, &d) < 0) goto nla_put_failure; if (gnet_stats_copy_basic(&d, &q->bstats) < 0 || gnet_stats_copy_rate_est(&d, &q->rate_est) < 0 || gnet_stats_copy_queue(&d, &q->qstats) < 0) goto nla_put_failure; if (gnet_stats_finish_copy(&d) < 0) goto nla_put_failure; nlh->nlmsg_len = skb_tail_pointer(skb) - b; return skb->len; nlmsg_failure: nla_put_failure: nlmsg_trim(skb, b); return -1; }",linux-2.6,,,143092292430182274303990661736264894446,0 4088,['CWE-399'],"static struct bsg_device *bsg_get_device(struct inode *inode, struct file *file) { struct bsg_device *bd; struct bsg_class_device *bcd; mutex_lock(&bsg_mutex); bcd = idr_find(&bsg_minor_idr, iminor(inode)); if (bcd) kref_get(&bcd->ref); mutex_unlock(&bsg_mutex); if (!bcd) return ERR_PTR(-ENODEV); bd = __bsg_get_device(iminor(inode), bcd->queue); if (bd) return bd; bd = bsg_add_device(inode, bcd->queue, file); if (IS_ERR(bd)) kref_put(&bcd->ref, bsg_kref_release_function); return bd; }",linux-2.6,,,32626307196695359783873911470389213478,0 6403,['CWE-59'],"check_fstab(const char *progname, char *mountpoint, char *devname, char **options) { FILE *fstab; struct mntent *mnt; fstab = setmntent(_PATH_FSTAB, ""r""); if (!fstab) { fprintf(stderr, ""Couldn't open %s for reading!\n"", _PATH_FSTAB); return EX_FILEIO; } while((mnt = getmntent(fstab))) { if (!strcmp(mountpoint, mnt->mnt_dir)) break; } endmntent(fstab); if (mnt == NULL || strcmp(mnt->mnt_fsname, devname)) { fprintf(stderr, ""%s: permission denied: no match for "" ""%s found in %s\n"", progname, mountpoint, _PATH_FSTAB); return EX_USAGE; } free(*options); *options = strdup(mnt->mnt_opts); return 0; }",samba,,,107123566214634690230581486329592278525,0 5819,['CWE-200'],"static int atrtr_create(struct rtentry *r, struct net_device *devhint) { struct sockaddr_at *ta = (struct sockaddr_at *)&r->rt_dst; struct sockaddr_at *ga = (struct sockaddr_at *)&r->rt_gateway; struct atalk_route *rt; struct atalk_iface *iface, *riface; int retval = -EINVAL; if (ta->sat_family != AF_APPLETALK || (!devhint && ga->sat_family != AF_APPLETALK)) goto out; write_lock_bh(&atalk_routes_lock); for (rt = atalk_routes; rt; rt = rt->next) { if (r->rt_flags != rt->flags) continue; if (ta->sat_addr.s_net == rt->target.s_net) { if (!(rt->flags & RTF_HOST)) break; if (ta->sat_addr.s_node == rt->target.s_node) break; } } if (!devhint) { riface = NULL; read_lock_bh(&atalk_interfaces_lock); for (iface = atalk_interfaces; iface; iface = iface->next) { if (!riface && ntohs(ga->sat_addr.s_net) >= ntohs(iface->nets.nr_firstnet) && ntohs(ga->sat_addr.s_net) <= ntohs(iface->nets.nr_lastnet)) riface = iface; if (ga->sat_addr.s_net == iface->address.s_net && ga->sat_addr.s_node == iface->address.s_node) riface = iface; } read_unlock_bh(&atalk_interfaces_lock); retval = -ENETUNREACH; if (!riface) goto out_unlock; devhint = riface->dev; } if (!rt) { rt = kzalloc(sizeof(*rt), GFP_ATOMIC); retval = -ENOBUFS; if (!rt) goto out_unlock; rt->next = atalk_routes; atalk_routes = rt; } rt->target = ta->sat_addr; dev_hold(devhint); rt->dev = devhint; rt->flags = r->rt_flags; rt->gateway = ga->sat_addr; retval = 0; out_unlock: write_unlock_bh(&atalk_routes_lock); out: return retval; }",linux-2.6,,,281764454275670343272426161436626749559,0 5045,[],"void async_request(TALLOC_CTX *mem_ctx, struct winbindd_child *child, struct winbindd_request *request, struct winbindd_response *response, void (*continuation)(void *private_data, BOOL success), void *private_data) { struct winbindd_async_request *state; SMB_ASSERT(continuation != NULL); state = TALLOC_P(mem_ctx, struct winbindd_async_request); if (state == NULL) { DEBUG(0, (""talloc failed\n"")); continuation(private_data, False); return; } state->mem_ctx = mem_ctx; state->child = child; state->reply_timeout_event = NULL; state->request = request; state->response = response; state->continuation = continuation; state->private_data = private_data; DLIST_ADD_END(child->requests, state, struct winbindd_async_request *); schedule_async_request(child); return; }",samba,,,290522069479937862640323057375622473607,0 2440,['CWE-119'],"static int is_summary_empty(const struct diff_queue_struct *q) { int i; for (i = 0; i < q->nr; i++) { const struct diff_filepair *p = q->queue[i]; switch (p->status) { case DIFF_STATUS_DELETED: case DIFF_STATUS_ADDED: case DIFF_STATUS_COPIED: case DIFF_STATUS_RENAMED: return 0; default: if (p->score) return 0; if (p->one->mode && p->two->mode && p->one->mode != p->two->mode) return 0; break; } } return 1; }",git,,,184419633595493671720894802755006448718,0 5433,CWE-273,"completion_glob_pattern (string) char *string; { register int c; char *send; int open; DECLARE_MBSTATE; open = 0; send = string + strlen (string); while (c = *string++) { switch (c) { case '?': case '*': return (1); case '[': open++; continue; case ']': if (open) return (1); continue; case '+': case '@': case '!': if (*string == '(') return (1); continue; case '\\': if (*string++ == 0) return (0); } #ifdef HANDLE_MULTIBYTE string--; ADVANCE_CHAR_P (string, send - string); string++; #else ADVANCE_CHAR_P (string, send - string); #endif } return (0); }",visit repo url,bashline.c,https://github.com/bminor/bash,160004247980542,1 2599,NVD-CWE-noinfo,"int delete_sdp_line( struct sip_msg * msg, char * s, struct sdp_stream_cell *stream) { char * start,*end; if( !s ) return 1; start = s; end = s; while(*start != '\n' && start > stream->body.s) start--; start++; while(*end != '\n' && end < (stream->body.s+stream->body.len) ) end++; end++; if( del_lump(msg, start - msg->buf, end - start,0) == NULL ) { return -1; } return 0; }",visit repo url,modules/sipmsgops/codecs.c,https://github.com/OpenSIPS/opensips,56966689578369,1 4540,CWE-122,"static void adts_dmx_check_dur(GF_Filter *filter, GF_ADTSDmxCtx *ctx) { FILE *stream; GF_BitStream *bs; ADTSHeader hdr; u64 duration, cur_dur, rate; s32 sr_idx = -1; const GF_PropertyValue *p; if (!ctx->opid || ctx->timescale || ctx->file_loaded) return; if (ctx->index<=0) { ctx->file_loaded = GF_TRUE; return; } p = gf_filter_pid_get_property(ctx->ipid, GF_PROP_PID_FILEPATH); if (!p || !p->value.string || !strncmp(p->value.string, ""gmem://"", 7)) { ctx->is_file = GF_FALSE; ctx->file_loaded = GF_TRUE; return; } ctx->is_file = GF_TRUE; stream = gf_fopen_ex(p->value.string, NULL, ""rb"", GF_TRUE); if (!stream) { if (gf_fileio_is_main_thread(p->value.string)) ctx->file_loaded = GF_TRUE; return; } ctx->index_size = 0; bs = gf_bs_from_file(stream, GF_BITSTREAM_READ); duration = 0; cur_dur = 0; while (adts_dmx_sync_frame_bs(bs, &hdr)) { if ((sr_idx>=0) && (sr_idx != hdr.sr_idx)) { duration *= GF_M4ASampleRates[hdr.sr_idx]; duration /= GF_M4ASampleRates[sr_idx]; cur_dur *= GF_M4ASampleRates[hdr.sr_idx]; cur_dur /= GF_M4ASampleRates[sr_idx]; } sr_idx = hdr.sr_idx; duration += ctx->frame_size; cur_dur += ctx->frame_size; if (cur_dur > ctx->index * GF_M4ASampleRates[sr_idx]) { if (!ctx->index_alloc_size) ctx->index_alloc_size = 10; else if (ctx->index_alloc_size == ctx->index_size) ctx->index_alloc_size *= 2; ctx->indexes = gf_realloc(ctx->indexes, sizeof(ADTSIdx)*ctx->index_alloc_size); ctx->indexes[ctx->index_size].pos = gf_bs_get_position(bs) - hdr.hdr_size; ctx->indexes[ctx->index_size].duration = (Double) duration; ctx->indexes[ctx->index_size].duration /= GF_M4ASampleRates[sr_idx]; ctx->index_size ++; cur_dur = 0; } gf_bs_skip_bytes(bs, hdr.frame_size); } rate = gf_bs_get_position(bs); gf_bs_del(bs); gf_fclose(stream); if (sr_idx>=0) { if (!ctx->duration.num || (ctx->duration.num * GF_M4ASampleRates[sr_idx] != duration * ctx->duration.den)) { ctx->duration.num = (s32) duration; ctx->duration.den = GF_M4ASampleRates[sr_idx]; gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_DURATION, & PROP_FRAC64(ctx->duration)); if (duration && !gf_sys_is_test_mode() ) { rate *= 8 * ctx->duration.den; rate /= ctx->duration.num; ctx->bitrate = (u32) rate; } } } p = gf_filter_pid_get_property(ctx->ipid, GF_PROP_PID_FILE_CACHED); if (p && p->value.boolean) ctx->file_loaded = GF_TRUE; }",visit repo url,src/filters/reframe_adts.c,https://github.com/gpac/gpac,127882200279588,1 1442,CWE-362,"static struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_root *root, struct btrfs_path *path, const char *name, int name_len) { struct btrfs_dir_item *dir_item; unsigned long name_ptr; u32 total_len; u32 cur = 0; u32 this_len; struct extent_buffer *leaf; leaf = path->nodes[0]; dir_item = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_dir_item); if (verify_dir_item(root, leaf, dir_item)) return NULL; total_len = btrfs_item_size_nr(leaf, path->slots[0]); while (cur < total_len) { this_len = sizeof(*dir_item) + btrfs_dir_name_len(leaf, dir_item) + btrfs_dir_data_len(leaf, dir_item); name_ptr = (unsigned long)(dir_item + 1); if (btrfs_dir_name_len(leaf, dir_item) == name_len && memcmp_extent_buffer(leaf, name, name_ptr, name_len) == 0) return dir_item; cur += this_len; dir_item = (struct btrfs_dir_item *)((char *)dir_item + this_len); } return NULL; }",visit repo url,fs/btrfs/dir-item.c,https://github.com/torvalds/linux,2472866219377,1 6017,CWE-863,"static int discovery_stop(struct discovery_client *client) { struct btd_adapter *adapter = client->adapter; struct mgmt_cp_stop_discovery cp; if (g_slist_next(adapter->discovery_list)) { discovery_remove(client); update_discovery_filter(adapter); return 0; } if (adapter->discovery_discoverable) set_discovery_discoverable(adapter, false); if (adapter->discovery_enable == 0x00) { discovery_remove(client); adapter->discovering = false; g_dbus_emit_property_changed(dbus_conn, adapter->path, ADAPTER_INTERFACE, ""Discovering""); trigger_passive_scanning(adapter); return 0; } cp.type = adapter->discovery_type; adapter->client = client; mgmt_send(adapter->mgmt, MGMT_OP_STOP_DISCOVERY, adapter->dev_id, sizeof(cp), &cp, stop_discovery_complete, adapter, NULL); return -EINPROGRESS; }",visit repo url,src/adapter.c,https://github.com/bluez/bluez,187998929350660,1 1842,['CWE-189'],"_gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret) { const int siz = SSL_MSG_LEN; digest_hd_st td_md5; digest_hd_st td_sha; const char *mesg; int rc; rc = _gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle_md5); if (rc < 0) { gnutls_assert (); return rc; } rc = _gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha); if (rc < 0) { gnutls_assert (); _gnutls_hash_deinit (&td_md5, NULL); return rc; } if (type == GNUTLS_SERVER) { mesg = SSL3_SERVER_MSG; } else { mesg = SSL3_CLIENT_MSG; } _gnutls_hash (&td_md5, mesg, siz); _gnutls_hash (&td_sha, mesg, siz); _gnutls_mac_deinit_ssl3_handshake (&td_md5, ret, session->security_parameters. master_secret, TLS_MASTER_SIZE); _gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16], session->security_parameters. master_secret, TLS_MASTER_SIZE); return 0; }",gnutls,,,206709729681758154283470426358933443924,0 292,[],"static int do_atmif_sioc(unsigned int fd, unsigned int cmd, unsigned long arg) { struct atmif_sioc __user *sioc; struct atmif_sioc32 __user *sioc32; u32 data; void __user *datap; int err; sioc = compat_alloc_user_space(sizeof(*sioc)); sioc32 = compat_ptr(arg); if (copy_in_user(&sioc->number, &sioc32->number, 2 * sizeof(int)) || get_user(data, &sioc32->arg)) return -EFAULT; datap = compat_ptr(data); if (put_user(datap, &sioc->arg)) return -EFAULT; err = sys_ioctl(fd, cmd, (unsigned long) sioc); if (!err) { if (copy_in_user(&sioc32->length, &sioc->length, sizeof(int))) err = -EFAULT; } return err; }",linux-2.6,,,32687098977663598383685433933773096707,0 1055,['CWE-20'],"int getrusage(struct task_struct *p, int who, struct rusage __user *ru) { struct rusage r; k_getrusage(p, who, &r); return copy_to_user(ru, &r, sizeof(r)) ? -EFAULT : 0; }",linux-2.6,,,22877679046616964805838842804108928788,0 2854,CWE-119,"horizontalDifferenceF(float *ip, int n, int stride, uint16 *wp, uint16 *FromLT2) { int32 r1, g1, b1, a1, r2, g2, b2, a2, mask; float fltsize = Fltsize; #define CLAMP(v) ( (v<(float)0.) ? 0 \ : (v<(float)2.) ? FromLT2[(int)(v*fltsize)] \ : (v>(float)24.2) ? 2047 \ : LogK1*log(v*LogK2) + 0.5 ) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = (uint16) CLAMP(ip[0]); g2 = wp[1] = (uint16) CLAMP(ip[1]); b2 = wp[2] = (uint16) CLAMP(ip[2]); a2 = wp[3] = (uint16) CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = (int32) CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = (int32) CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = (int32) CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = (int32) CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,249185675440749,1 6434,CWE-20,"void stm32h7xxEthInitGpio(NetInterface *interface) { GPIO_InitTypeDef GPIO_InitStructure; #if defined(USE_STM32H743I_EVAL) || defined(USE_STM32H747I_EVAL) || \ defined(USE_STM32H747I_DISCO) __HAL_RCC_SYSCFG_CLK_ENABLE(); __HAL_RCC_GPIOA_CLK_ENABLE(); __HAL_RCC_GPIOC_CLK_ENABLE(); __HAL_RCC_GPIOG_CLK_ENABLE(); HAL_SYSCFG_ETHInterfaceSelect(SYSCFG_ETH_RMII); GPIO_InitStructure.Mode = GPIO_MODE_AF_PP; GPIO_InitStructure.Pull = GPIO_NOPULL; GPIO_InitStructure.Speed = GPIO_SPEED_FREQ_VERY_HIGH; GPIO_InitStructure.Alternate = GPIO_AF11_ETH; GPIO_InitStructure.Pin = GPIO_PIN_1 | GPIO_PIN_2 | GPIO_PIN_7; HAL_GPIO_Init(GPIOA, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_1 | GPIO_PIN_4 | GPIO_PIN_5; HAL_GPIO_Init(GPIOC, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_11 | GPIO_PIN_12 | GPIO_PIN_13; HAL_GPIO_Init(GPIOG, &GPIO_InitStructure); #elif defined(USE_STM32H745I_DISCO) || defined(USE_STM32H750B_DISCO) __HAL_RCC_SYSCFG_CLK_ENABLE(); __HAL_RCC_GPIOA_CLK_ENABLE(); __HAL_RCC_GPIOB_CLK_ENABLE(); __HAL_RCC_GPIOC_CLK_ENABLE(); __HAL_RCC_GPIOE_CLK_ENABLE(); __HAL_RCC_GPIOG_CLK_ENABLE(); __HAL_RCC_GPIOH_CLK_ENABLE(); __HAL_RCC_GPIOI_CLK_ENABLE(); HAL_SYSCFG_ETHInterfaceSelect(SYSCFG_ETH_MII); GPIO_InitStructure.Mode = GPIO_MODE_AF_PP; GPIO_InitStructure.Pull = GPIO_NOPULL; GPIO_InitStructure.Speed = GPIO_SPEED_FREQ_VERY_HIGH; GPIO_InitStructure.Alternate = GPIO_AF11_ETH; GPIO_InitStructure.Pin = GPIO_PIN_1 | GPIO_PIN_2 | GPIO_PIN_7; HAL_GPIO_Init(GPIOA, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_0 | GPIO_PIN_1 | GPIO_PIN_2; HAL_GPIO_Init(GPIOB, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_1 | GPIO_PIN_2 | GPIO_PIN_3 | GPIO_PIN_4 | GPIO_PIN_5; HAL_GPIO_Init(GPIOC, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_2; HAL_GPIO_Init(GPIOE, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_11 | GPIO_PIN_12 | GPIO_PIN_13; HAL_GPIO_Init(GPIOG, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_10; HAL_GPIO_Init(GPIOI, &GPIO_InitStructure); #elif defined(USE_STM32H7XX_NUCLEO_144) || defined(USE_STM32H7XX_NUCLEO_144_MB1363) || \ defined(USE_STM32H7XX_NUCLEO_144_MB1364) __HAL_RCC_SYSCFG_CLK_ENABLE(); __HAL_RCC_GPIOA_CLK_ENABLE(); __HAL_RCC_GPIOB_CLK_ENABLE(); __HAL_RCC_GPIOC_CLK_ENABLE(); __HAL_RCC_GPIOG_CLK_ENABLE(); HAL_SYSCFG_ETHInterfaceSelect(SYSCFG_ETH_RMII); GPIO_InitStructure.Mode = GPIO_MODE_AF_PP; GPIO_InitStructure.Pull = GPIO_NOPULL; GPIO_InitStructure.Speed = GPIO_SPEED_FREQ_VERY_HIGH; GPIO_InitStructure.Alternate = GPIO_AF11_ETH; GPIO_InitStructure.Pin = GPIO_PIN_1 | GPIO_PIN_2 | GPIO_PIN_7; HAL_GPIO_Init(GPIOA, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_13; HAL_GPIO_Init(GPIOB, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_1 | GPIO_PIN_4 | GPIO_PIN_5; HAL_GPIO_Init(GPIOC, &GPIO_InitStructure); GPIO_InitStructure.Pin = GPIO_PIN_11 | GPIO_PIN_13; HAL_GPIO_Init(GPIOG, &GPIO_InitStructure); #endif }",visit repo url,drivers/mac/stm32h7xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,3337057889690,1 4734,['CWE-20'],"static journal_t *ext4_get_journal(struct super_block *sb, unsigned int journal_inum) { struct inode *journal_inode; journal_t *journal; BUG_ON(!EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)); journal_inode = ext4_iget(sb, journal_inum); if (IS_ERR(journal_inode)) { printk(KERN_ERR ""EXT4-fs: no journal found.\n""); return NULL; } if (!journal_inode->i_nlink) { make_bad_inode(journal_inode); iput(journal_inode); printk(KERN_ERR ""EXT4-fs: journal inode is deleted.\n""); return NULL; } jbd_debug(2, ""Journal inode found at %p: %lld bytes\n"", journal_inode, journal_inode->i_size); if (!S_ISREG(journal_inode->i_mode)) { printk(KERN_ERR ""EXT4-fs: invalid journal inode.\n""); iput(journal_inode); return NULL; } journal = jbd2_journal_init_inode(journal_inode); if (!journal) { printk(KERN_ERR ""EXT4-fs: Could not load journal inode\n""); iput(journal_inode); return NULL; } journal->j_private = sb; ext4_init_journal_params(sb, journal); return journal; }",linux-2.6,,,169023872624901707799220545927626670489,0 1362,CWE-16,"static int override_release(char __user *release, int len) { int ret = 0; char buf[65]; if (current->personality & UNAME26) { char *rest = UTS_RELEASE; int ndots = 0; unsigned v; while (*rest) { if (*rest == '.' && ++ndots >= 3) break; if (!isdigit(*rest) && *rest != '.') break; rest++; } v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40; snprintf(buf, len, ""2.6.%u%s"", v, rest); ret = copy_to_user(release, buf, len); } return ret; }",visit repo url,kernel/sys.c,https://github.com/torvalds/linux,138776326378841,1 6635,NVD-CWE-noinfo,"njs_array_prototype_sort(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs, njs_index_t unused) { int64_t i, und, len, nlen, length; njs_int_t ret, fast_path; njs_array_t *array; njs_value_t *this, *comparefn, *start, *strings; njs_array_sort_ctx_t ctx; njs_array_sort_slot_t *p, *end, *slots, *nslots; comparefn = njs_arg(args, nargs, 1); if (njs_is_defined(comparefn)) { if (njs_slow_path(!njs_is_function(comparefn))) { njs_type_error(vm, ""comparefn must be callable or undefined""); return NJS_ERROR; } ctx.function = njs_function(comparefn); } else { ctx.function = NULL; } this = njs_argument(args, 0); ret = njs_value_to_object(vm, this); if (njs_slow_path(ret != NJS_OK)) { return ret; } ret = njs_value_length(vm, this, &length); if (njs_slow_path(ret != NJS_OK)) { return ret; } if (njs_slow_path(length < 2)) { vm->retval = *this; return NJS_OK; } slots = NULL; ctx.vm = vm; ctx.strings.separate = 0; ctx.strings.pointer = 0; ctx.exception = 0; fast_path = njs_is_fast_array(this); if (njs_fast_path(fast_path)) { array = njs_array(this); start = array->start; slots = njs_mp_alloc(vm->mem_pool, sizeof(njs_array_sort_slot_t) * length); if (njs_slow_path(slots == NULL)) { return NJS_ERROR; } und = 0; p = slots; for (i = 0; i < length; i++) { if (njs_slow_path(!njs_is_valid(&start[i]))) { fast_path = 0; njs_mp_free(vm->mem_pool, slots); slots = NULL; goto slow_path; } if (njs_slow_path(njs_is_undefined(&start[i]))) { und++; continue; } p->value = start[i]; p->pos = i; p->str = NULL; p++; } len = p - slots; } else { slow_path: und = 0; p = NULL; end = NULL; for (i = 0; i < length; i++) { if (p >= end) { nlen = njs_min(njs_max((p - slots) * 2, 8), length); nslots = njs_mp_alloc(vm->mem_pool, sizeof(njs_array_sort_slot_t) * nlen); if (njs_slow_path(nslots == NULL)) { njs_memory_error(vm); return NJS_ERROR; } if (slots != NULL) { p = (void *) njs_cpymem(nslots, slots, sizeof(njs_array_sort_slot_t) * (p - slots)); njs_mp_free(vm->mem_pool, slots); } else { p = nslots; } slots = nslots; end = slots + nlen; } ret = njs_value_property_i64(vm, this, i, &p->value); if (njs_slow_path(ret == NJS_ERROR)) { ret = NJS_ERROR; goto exception; } if (ret == NJS_DECLINED) { continue; } if (njs_is_undefined(&p->value)) { und++; continue; } p->pos = i; p->str = NULL; p++; } len = p - slots; } strings = njs_arr_init(vm->mem_pool, &ctx.strings, NULL, len + 1, sizeof(njs_value_t)); if (njs_slow_path(strings == NULL)) { ret = NJS_ERROR; goto exception; } njs_qsort(slots, len, sizeof(njs_array_sort_slot_t), njs_array_compare, &ctx); if (ctx.exception) { ret = NJS_ERROR; goto exception; } if (njs_fast_path(fast_path)) { array = njs_array(this); start = array->start; for (i = 0; i < len; i++) { start[i] = slots[i].value; } for (i = len; und-- > 0; i++) { start[i] = njs_value_undefined; } } else { for (i = 0; i < len; i++) { if (slots[i].pos != i) { ret = njs_value_property_i64_set(vm, this, i, &slots[i].value); if (njs_slow_path(ret == NJS_ERROR)) { goto exception; } } } for (i = len; und-- > 0; i++) { ret = njs_value_property_i64_set(vm, this, i, njs_value_arg(&njs_value_undefined)); if (njs_slow_path(ret == NJS_ERROR)) { goto exception; } } for (; i < length; i++) { ret = njs_value_property_i64_delete(vm, this, i, NULL); if (njs_slow_path(ret == NJS_ERROR)) { goto exception; } } } vm->retval = *this; ret = NJS_OK; exception: if (slots != NULL) { njs_mp_free(vm->mem_pool, slots); } njs_arr_destroy(&ctx.strings); return ret; }",visit repo url,src/njs_array.c,https://github.com/nginx/njs,54114036930713,1 6051,CWE-190,"void bn_trim(bn_t a) { if (a->used <= a->alloc) { while (a->used > 0 && a->dp[a->used - 1] == 0) { --(a->used); } if (a->used <= 0) { a->used = 1; a->dp[0] = 0; a->sign = RLC_POS; } } }",visit repo url,src/bn/relic_bn_mem.c,https://github.com/relic-toolkit/relic,139092287190016,1 5755,['CWE-200'],"static int irda_extract_ias_value(struct irda_ias_set *ias_opt, struct ias_value *ias_value) { switch (ias_value->type) { case IAS_INTEGER: ias_opt->attribute.irda_attrib_int = ias_value->t.integer; break; case IAS_OCT_SEQ: ias_opt->attribute.irda_attrib_octet_seq.len = ias_value->len; memcpy(ias_opt->attribute.irda_attrib_octet_seq.octet_seq, ias_value->t.oct_seq, ias_value->len); break; case IAS_STRING: ias_opt->attribute.irda_attrib_string.len = ias_value->len; ias_opt->attribute.irda_attrib_string.charset = ias_value->charset; memcpy(ias_opt->attribute.irda_attrib_string.string, ias_value->t.string, ias_value->len); ias_opt->attribute.irda_attrib_string.string[ias_value->len] = '\0'; break; case IAS_MISSING: default : return -EINVAL; } ias_opt->irda_attrib_type = ias_value->type; return 0; }",linux-2.6,,,196632348851239091932313152348952728637,0 1697,[],"static inline void resched_rq(struct rq *rq) { unsigned long flags; spin_lock_irqsave(&rq->lock, flags); resched_task(rq->curr); spin_unlock_irqrestore(&rq->lock, flags); }",linux-2.6,,,53170055197478888471275009245514102531,0 5034,[],"static void async_main_request_sent(void *private_data, BOOL success) { struct winbindd_async_request *state = talloc_get_type_abort(private_data, struct winbindd_async_request); if (!success) { DEBUG(5, (""Could not send async request\n"")); async_request_fail(state); return; } if (state->request->extra_len == 0) { async_request_sent(private_data, True); return; } setup_async_write(&state->child->event, state->request->extra_data.data, state->request->extra_len, async_request_sent, state); }",samba,,,242927859258189594404834317053817575131,0 1492,[],"sd_parent_degenerate(struct sched_domain *sd, struct sched_domain *parent) { unsigned long cflags = sd->flags, pflags = parent->flags; if (sd_degenerate(parent)) return 1; if (!cpus_equal(sd->span, parent->span)) return 0; if (cflags & SD_WAKE_AFFINE) pflags &= ~SD_WAKE_BALANCE; if (parent->groups == parent->groups->next) { pflags &= ~(SD_LOAD_BALANCE | SD_BALANCE_NEWIDLE | SD_BALANCE_FORK | SD_BALANCE_EXEC | SD_SHARE_CPUPOWER | SD_SHARE_PKG_RESOURCES); } if (~cflags & pflags) return 0; return 1; }",linux-2.6,,,282408367894173140066698274285747996266,0 732,[],"static int jpc_qcc_dumpparms(jpc_ms_t *ms, FILE *out) { jpc_qcc_t *qcc = &ms->parms.qcc; int i; fprintf(out, ""compno = %d; qntsty = %d; numguard = %d; "" ""numstepsizes = %d\n"", qcc->compno, qcc->compparms.qntsty, qcc->compparms.numguard, qcc->compparms.numstepsizes); for (i = 0; i < qcc->compparms.numstepsizes; ++i) { fprintf(out, ""expn[%d] = 0x%04x; mant[%d] = 0x%04x;\n"", i, (unsigned) JPC_QCX_GETEXPN(qcc->compparms.stepsizes[i]), i, (unsigned) JPC_QCX_GETMANT(qcc->compparms.stepsizes[i])); } return 0; }",jasper,,,179768605961823088326796487921122810347,0 3932,['CWE-362'],"s32 inotify_find_update_watch(struct inotify_handle *ih, struct inode *inode, u32 mask) { struct inotify_watch *old; int mask_add = 0; int ret; if (mask & IN_MASK_ADD) mask_add = 1; mask &= IN_ALL_EVENTS | IN_ONESHOT; if (unlikely(!mask)) return -EINVAL; mutex_lock(&inode->inotify_mutex); mutex_lock(&ih->mutex); old = inode_find_handle(inode, ih); if (unlikely(!old)) { ret = -ENOENT; goto out; } if (mask_add) old->mask |= mask; else old->mask = mask; ret = old->wd; out: mutex_unlock(&ih->mutex); mutex_unlock(&inode->inotify_mutex); return ret; }",linux-2.6,,,337228798843056552254813768658670208225,0 1252,[],"m4_placeholder (struct obstack *obs, int argc, token_data **argv) { M4ERROR ((warning_status, 0, ""\ builtin `%s' requested by frozen file is not supported"", ARG (0))); }",m4,,,187541890035946898054586666926777797406,0 2866,['CWE-189'],"static long file_seek(jas_stream_obj_t *obj, long offset, int origin) { jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj); return lseek(fileobj->fd, offset, origin); }",jasper,,,296306064292199117534063402925082382791,0 6711,CWE-116,"match_expr(struct search_node_list *head, struct eventlog *evlog, bool last_match) { struct search_node *sn; bool res = false, matched = last_match; int rc; debug_decl(match_expr, SUDO_DEBUG_UTIL); STAILQ_FOREACH(sn, head, entries) { switch (sn->type) { case ST_EXPR: res = match_expr(&sn->u.expr, evlog, matched); break; case ST_CWD: if (evlog->cwd != NULL) res = strcmp(sn->u.cwd, evlog->cwd) == 0; break; case ST_HOST: if (evlog->submithost != NULL) res = strcmp(sn->u.host, evlog->submithost) == 0; break; case ST_TTY: if (evlog->ttyname != NULL) res = strcmp(sn->u.tty, evlog->ttyname) == 0; break; case ST_RUNASGROUP: if (evlog->rungroup != NULL) res = strcmp(sn->u.runas_group, evlog->rungroup) == 0; break; case ST_RUNASUSER: if (evlog->runuser != NULL) res = strcmp(sn->u.runas_user, evlog->runuser) == 0; break; case ST_USER: if (evlog->submituser != NULL) res = strcmp(sn->u.user, evlog->submituser) == 0; break; case ST_PATTERN: rc = regexec(&sn->u.cmdre, evlog->command, 0, NULL, 0); if (rc && rc != REG_NOMATCH) { char buf[BUFSIZ]; regerror(rc, &sn->u.cmdre, buf, sizeof(buf)); sudo_fatalx(""%s"", buf); } res = rc == REG_NOMATCH ? 0 : 1; break; case ST_FROMDATE: res = sudo_timespeccmp(&evlog->submit_time, &sn->u.tstamp, >=); break; case ST_TODATE: res = sudo_timespeccmp(&evlog->submit_time, &sn->u.tstamp, <=); break; default: sudo_fatalx(U_(""unknown search type %d""), sn->type); } if (sn->negated) res = !res; matched = sn->or ? (res || last_match) : (res && last_match); last_match = matched; } debug_return_bool(matched); }",visit repo url,plugins/sudoers/sudoreplay.c,https://github.com/sudo-project/sudo,54556504973646,1 6632,['CWE-200'],"static void nma_init (NMApplet *applet) { applet->animation_id = 0; applet->animation_step = 0; applet->icon_theme = NULL; applet->notification = NULL; applet->size = -1; }",network-manager-applet,,,39364994591919380899795961075889463362,0 4803,CWE-119,"static int gemsafe_get_cert_len(sc_card_t *card) { int r; u8 ibuf[GEMSAFE_MAX_OBJLEN]; u8 *iptr; struct sc_path path; struct sc_file *file; size_t objlen, certlen; unsigned int ind, i=0; sc_format_path(GEMSAFE_PATH, &path); r = sc_select_file(card, &path, &file); if (r != SC_SUCCESS || !file) return SC_ERROR_INTERNAL; r = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0); if (r < 0) return SC_ERROR_INTERNAL; objlen = (((size_t) ibuf[0]) << 8) | ibuf[1]; sc_log(card->ctx, ""Stored object is of size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); if (objlen < 1 || objlen > GEMSAFE_MAX_OBJLEN) { sc_log(card->ctx, ""Invalid object size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); return SC_ERROR_INTERNAL; } ind = 2; while (ibuf[ind] == 0x01) { if (ibuf[ind+1] == 0xFE) { gemsafe_prkeys[i].ref = ibuf[ind+4]; sc_log(card->ctx, ""Key container %d is allocated and uses key_ref %d"", i+1, gemsafe_prkeys[i].ref); ind += 9; } else { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; sc_log(card->ctx, ""Key container %d is unallocated"", i+1); ind += 8; } i++; } for (; i < gemsafe_cert_max; i++) { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } iptr = ibuf + GEMSAFE_READ_QUANTUM; while ((size_t)(iptr - ibuf) < objlen) { r = sc_read_binary(card, iptr - ibuf, iptr, MIN(GEMSAFE_READ_QUANTUM, objlen - (iptr - ibuf)), 0); if (r < 0) { sc_log(card->ctx, ""Could not read cert object""); return SC_ERROR_INTERNAL; } iptr += GEMSAFE_READ_QUANTUM; } i = 0; while (ind < objlen - 1) { if (ibuf[ind] == 0x30 && ibuf[ind+1] == 0x82) { while (i < gemsafe_cert_max && gemsafe_cert[i].label == NULL) i++; if (i == gemsafe_cert_max) { sc_log(card->ctx, ""Warning: Found orphaned certificate at offset %d"", ind); return SC_SUCCESS; } if (ind+3 >= sizeof ibuf) return SC_ERROR_INVALID_DATA; certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4; sc_log(card->ctx, ""Found certificate of key container %d at offset %d, len %""SC_FORMAT_LEN_SIZE_T""u"", i+1, ind, certlen); gemsafe_cert[i].index = ind; gemsafe_cert[i].count = certlen; ind += certlen; i++; } else ind++; } for (; i < gemsafe_cert_max; i++) { if (gemsafe_cert[i].label) { sc_log(card->ctx, ""Warning: Certificate of key container %d is missing"", i+1); gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-gemsafeV1.c,https://github.com/OpenSC/OpenSC,187411920034295,1 6325,CWE-295,"void unbind_ports(void) { SERVICE_OPTIONS *opt; s_poll_init(fds, 1); CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_SECTIONS]); opt=service_options.next; service_options.next=NULL; service_free(&service_options); while(opt) { unsigned i; s_log(LOG_DEBUG, ""Unbinding service [%s]"", opt->servname); for(i=0; ilocal_addr.num; ++i) unbind_port(opt, i); if(opt->exec_name && opt->connect_addr.names) { opt->option.retry=0; } if(opt->ctx) SSL_CTX_flush_sessions(opt->ctx, (long)time(NULL)+opt->session_timeout+1); s_log(LOG_DEBUG, ""Service [%s] closed"", opt->servname); { SERVICE_OPTIONS *garbage=opt; opt=opt->next; garbage->next=NULL; service_free(garbage); } } CRYPTO_THREAD_unlock(stunnel_locks[LOCK_SECTIONS]); }",visit repo url,src/stunnel.c,https://github.com/mtrojnar/stunnel,186303662955053,1 1879,NVD-CWE-Other,"int io_msg_ring(struct io_kiocb *req, unsigned int issue_flags) { struct io_msg *msg = io_kiocb_to_cmd(req, struct io_msg); int ret; ret = -EBADFD; if (!io_is_uring_fops(req->file)) goto done; switch (msg->cmd) { case IORING_MSG_DATA: ret = io_msg_ring_data(req); break; case IORING_MSG_SEND_FD: ret = io_msg_send_fd(req, issue_flags); break; default: ret = -EINVAL; break; } done: if (ret < 0) req_set_fail(req); io_req_set_res(req, ret, 0); io_put_file(req->file); req->file = NULL; return IOU_OK; }",visit repo url,io_uring/msg_ring.c,https://github.com/torvalds/linux,134764967178902,1 3792,CWE-416,"may_get_cmd_block(exarg_T *eap, char_u *p, char_u **tofree, int *flags) { char_u *retp = p; if (*p == '{' && ends_excmd2(eap->arg, skipwhite(p + 1)) && eap->getline != NULL) { garray_T ga; char_u *line = NULL; ga_init2(&ga, sizeof(char_u *), 10); if (ga_add_string(&ga, p) == FAIL) return retp; if (p[STRLEN(p) - 1] != '}') for (;;) { vim_free(line); if ((line = eap->getline(':', eap->cookie, 0, GETLINE_CONCAT_CONTBAR)) == NULL) { emsg(_(e_missing_rcurly)); break; } if (ga_add_string(&ga, line) == FAIL) break; if (*skipwhite(line) == '}') break; } vim_free(line); retp = *tofree = ga_concat_strings(&ga, ""\n""); ga_clear_strings(&ga); *flags |= UC_VIM9; } return retp; }",visit repo url,src/usercmd.c,https://github.com/vim/vim,59373527985629,1 4544,CWE-400,"static GF_Err gf_filter_pid_configure(GF_Filter *filter, GF_FilterPid *pid, GF_PidConnectType ctype) { u32 i, count; GF_Err e; Bool refire_events=GF_FALSE; Bool new_pid_inst=GF_FALSE; Bool remove_filter=GF_FALSE; GF_FilterPidInst *pidinst=NULL; GF_Filter *alias_orig = NULL; if (filter->multi_sink_target) { alias_orig = filter; filter = filter->multi_sink_target; } assert(filter->freg->configure_pid); if (filter->finalized) { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Trying to configure PID %s in finalized filter %s\n"", pid->name, filter->name)); if (ctype==GF_PID_CONF_CONNECT) { assert(pid->filter->out_pid_connection_pending); safe_int_dec(&pid->filter->out_pid_connection_pending); } return GF_SERVICE_ERROR; } if (filter->detached_pid_inst) { count = gf_list_count(filter->detached_pid_inst); for (i=0; idetached_pid_inst, i); if (pidinst->filter==filter) { gf_list_rem(filter->detached_pid_inst, i); pidinst->filter = filter; pidinst->pid = pid; assert(!pidinst->props); if (ctype == GF_PID_CONF_CONNECT) { new_pid_inst=GF_TRUE; if (!pid->filter->nb_pids_playing && (pidinst->is_playing || pidinst->is_paused)) refire_events = GF_TRUE; } assert(pidinst->detach_pending); safe_int_dec(&pidinst->detach_pending); if (filter->sticky == 2) filter->sticky = 0; break; } pidinst=NULL; } if (! gf_list_count(filter->detached_pid_inst)) { gf_list_del(filter->detached_pid_inst); filter->detached_pid_inst = NULL; } } if (!pidinst) { count = pid->num_destinations; for (i=0; idestinations, i); if (pidinst->filter==filter) { break; } pidinst=NULL; } } if (!pidinst) { if (ctype != GF_PID_CONF_CONNECT) { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Trying to disconnect PID %s not present in filter %s inputs\n"", pid->name, filter->name)); return GF_SERVICE_ERROR; } pidinst = gf_filter_pid_inst_new(filter, pid); new_pid_inst=GF_TRUE; } if (!pidinst->alias_orig) pidinst->alias_orig = alias_orig; if (new_pid_inst) { assert(pidinst); gf_mx_p(pid->filter->tasks_mx); GF_LOG(GF_LOG_DEBUG, GF_LOG_FILTER, (""Registering %s:%s as destination for %s:%s\n"", pid->filter->name, pid->name, pidinst->filter->name, pidinst->pid->name)); gf_list_add(pid->destinations, pidinst); pid->num_destinations = gf_list_count(pid->destinations); gf_mx_v(pid->filter->tasks_mx); gf_mx_p(filter->tasks_mx); if (!filter->input_pids) filter->input_pids = gf_list_new(); gf_list_add(filter->input_pids, pidinst); filter->num_input_pids = gf_list_count(filter->input_pids); if (filter->num_input_pids==1) { filter->single_source = pidinst->pid->filter; } else if (filter->single_source != pidinst->pid->filter) { filter->single_source = NULL; } gf_mx_v(filter->tasks_mx); gf_filter_pid_update_caps(pid); } if (filter->swap_pending) { gf_filter_pid_inst_swap(filter, pidinst); filter->swap_pending = GF_FALSE; } filter->in_connect_err = GF_EOS; #if 0 FSESS_CHECK_THREAD(filter) #endif GF_LOG(GF_LOG_DEBUG, GF_LOG_FILTER, (""Filter %s PID %s reconfigure\n"", pidinst->filter->name, pidinst->pid->name)); e = filter->freg->configure_pid(filter, (GF_FilterPid*) pidinst, (ctype==GF_PID_CONF_REMOVE) ? GF_TRUE : GF_FALSE); #ifdef GPAC_MEMORY_TRACKING if (filter->session->check_allocs) { if (filter->nb_consecutive_process >= filter->max_nb_consecutive_process) { filter->max_nb_consecutive_process = filter->nb_consecutive_process; filter->max_nb_process = filter->nb_process_since_reset; filter->max_stats_nb_alloc = filter->stats_nb_alloc; filter->max_stats_nb_calloc = filter->stats_nb_calloc; filter->max_stats_nb_realloc = filter->stats_nb_realloc; filter->max_stats_nb_free = filter->stats_nb_free; } filter->stats_mem_allocated = 0; filter->stats_nb_alloc = filter->stats_nb_realloc = filter->stats_nb_free = 0; filter->nb_process_since_reset = filter->nb_consecutive_process = 0; } #endif if ((e==GF_OK) && (filter->in_connect_errin_connect_err; filter->in_connect_err = GF_OK; if (e==GF_OK) { if (new_pid_inst) { GF_LOG(GF_LOG_INFO, GF_LOG_FILTER, (""Filter %s (%p) PID %s (%p) (%d fan-out) connected to filter %s (%p)\n"", pid->filter->name, pid->filter, pid->name, pid, pid->num_destinations, filter->name, filter)); } gf_list_reset(pidinst->pid->filter->blacklisted); } else if ((ctype==GF_PID_CONF_RECONFIG) && (e != GF_FILTER_NOT_SUPPORTED)) { pidinst->is_end_of_stream = GF_TRUE; if (e==GF_BAD_PARAM) { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Failed to reconfigure PID %s:%s in filter %s: %s\n"", pid->filter->name, pid->name, filter->name, gf_error_to_string(e) )); filter->session->last_connect_error = e; } else { GF_LOG(GF_LOG_INFO, GF_LOG_FILTER, (""Failed to reconfigure PID %s:%s in filter %s: %s, reloading filter graph\n"", pid->filter->name, pid->name, filter->name, gf_error_to_string(e) )); gf_list_add(pid->filter->blacklisted, (void *) filter->freg); gf_filter_relink_dst(pidinst, e); } } else { gf_mx_p(filter->tasks_mx); gf_list_del_item(filter->input_pids, pidinst); filter->num_input_pids = gf_list_count(filter->input_pids); if (!filter->num_input_pids) filter->single_source = NULL; filter->freg->configure_pid(filter, (GF_FilterPid *) pidinst, GF_TRUE); gf_mx_v(filter->tasks_mx); gf_mx_p(pidinst->pid->filter->tasks_mx); gf_list_del_item(pidinst->pid->destinations, pidinst); pidinst->pid->num_destinations = gf_list_count(pidinst->pid->destinations); gf_filter_instance_detach_pid(pidinst); gf_mx_v(pidinst->pid->filter->tasks_mx); if (new_pid_inst) { gf_mx_p(pid->filter->tasks_mx); gf_list_del_item(pid->destinations, pidinst); pid->num_destinations = gf_list_count(pid->destinations); gf_mx_p(pid->filter->tasks_mx); count = gf_fq_count(pid->filter->tasks); for (i=0; ifilter->tasks, i); if (t->pid == (GF_FilterPid *) pidinst) { t->run_task = task_canceled; } } gf_mx_v(pid->filter->tasks_mx); gf_filter_pid_inst_del(pidinst); gf_mx_v(pid->filter->tasks_mx); } if (e==GF_REQUIRES_NEW_INSTANCE) { GF_Filter *new_filter = gf_filter_clone(filter, pid->filter); if (new_filter) { GF_LOG(GF_LOG_DEBUG, GF_LOG_FILTER, (""Clone filter %s, new instance for pid %s\n"", filter->name, pid->name)); gf_filter_pid_post_connect_task(new_filter, pid); return GF_OK; } else { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Failed to clone filter %s\n"", filter->name)); e = GF_OUT_OF_MEM; } } if (e && (ctype==GF_PID_CONF_REMOVE)) { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Failed to disconnect filter %s PID %s from filter %s: %s\n"", pid->filter->name, pid->name, filter->name, gf_error_to_string(e) )); } else if (e) { if (e!= GF_EOS) { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Failed to connect filter %s PID %s to filter %s: %s\n"", pid->filter->name, pid->name, filter->name, gf_error_to_string(e) )); } if ((e==GF_BAD_PARAM) || (e==GF_SERVICE_ERROR) || (e==GF_REMOTE_SERVICE_ERROR) || (e==GF_FILTER_NOT_SUPPORTED) || (e==GF_EOS) || (filter->session->flags & GF_FS_FLAG_NO_REASSIGN) ) { if (filter->session->flags & GF_FS_FLAG_NO_REASSIGN) { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Filter reassignment disabled, skippping chain reload for filter %s PID %s\n"", pid->filter->name, pid->name )); } if (e!= GF_EOS) { filter->session->last_connect_error = e; } if (ctype==GF_PID_CONF_CONNECT) { GF_FilterEvent evt; GF_FEVT_INIT(evt, GF_FEVT_PLAY, pid); gf_filter_pid_send_event_internal(pid, &evt, GF_TRUE); GF_FEVT_INIT(evt, GF_FEVT_STOP, pid); gf_filter_pid_send_event_internal(pid, &evt, GF_TRUE); gf_filter_pid_set_eos(pid); if (pid->filter->freg->process_event) { GF_FEVT_INIT(evt, GF_FEVT_CONNECT_FAIL, pid); gf_filter_pid_send_event_internal(pid, &evt, GF_TRUE); } if (!filter->num_input_pids && !filter->num_output_pids) { remove_filter = GF_TRUE; } } } else if (filter->has_out_caps) { Bool unload_filter = GF_TRUE; GF_LOG(GF_LOG_WARNING, GF_LOG_FILTER, (""Blacklisting %s as output from %s and retrying connections\n"", filter->name, pid->filter->name)); gf_list_add(pid->filter->blacklisted, (void *) filter->freg); gf_mx_p(filter->tasks_mx); while (gf_list_count(filter->input_pids)) { GF_FilterPidInst *a_pidinst = gf_list_pop_back(filter->input_pids); FSESS_CHECK_THREAD(filter) filter->num_input_pids--; filter->freg->configure_pid(filter, (GF_FilterPid *) a_pidinst, GF_TRUE); gf_filter_pid_post_init_task(a_pidinst->pid->filter, a_pidinst->pid); gf_fs_post_task(filter->session, gf_filter_pid_inst_delete_task, a_pidinst->pid->filter, a_pidinst->pid, ""pid_inst_delete"", a_pidinst); unload_filter = GF_FALSE; } filter->num_input_pids = 0; filter->single_source = NULL; filter->removed = 1; filter->has_pending_pids = GF_FALSE; gf_mx_v(filter->tasks_mx); if (ctype==GF_PID_CONF_CONNECT) { assert(pid->filter->out_pid_connection_pending); safe_int_dec(&pid->filter->out_pid_connection_pending); } gf_filter_pid_post_init_task(pid->filter, pid); if (unload_filter) { assert(!gf_list_count(filter->input_pids)); if (filter->num_output_pids) { for (i=0; inum_output_pids; i++) { u32 j; GF_FilterPid *opid = gf_list_get(filter->output_pids, i); for (j=0; j< opid->num_destinations; j++) { GF_FilterPidInst *a_pidi = gf_list_get(opid->destinations, j); a_pidi->pid = NULL; } gf_list_reset(opid->destinations); opid->num_destinations = 0; gf_filter_pid_remove(opid); } } filter->swap_pidinst_src = NULL; if (filter->swap_pidinst_dst) { GF_Filter *target = filter->swap_pidinst_dst->filter; assert(target); if (!target->detached_pid_inst) { target->detached_pid_inst = gf_list_new(); } if (filter->swap_pidinst_dst->props) { filter->swap_pidinst_dst->props = NULL; } filter->swap_pidinst_dst->pid = NULL; if (gf_list_find(target->detached_pid_inst, filter->swap_pidinst_dst)<0) gf_list_add(target->detached_pid_inst, filter->swap_pidinst_dst); } filter->swap_pidinst_dst = NULL; if (filter->on_setup_error) { gf_filter_notification_failure(filter, e, GF_TRUE); } else { gf_filter_post_remove(filter); } } return e; } else { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Failed to reconfigure input of sink %s, cannot rebuild graph\n"", filter->name)); if (pid->filter->freg->process_event) { GF_FilterEvent evt; GF_FEVT_INIT(evt, GF_FEVT_CONNECT_FAIL, pid); pid->filter->freg->process_event(pid->filter, &evt); } filter->session->last_connect_error = e; } } else { filter->session->last_connect_error = GF_OK; } if (filter->session->requires_solved_graph) return e; } if (filter->has_pending_pids) { filter->has_pending_pids = GF_FALSE; while (gf_fq_count(filter->pending_pids)) { GF_FilterPid *a_pid=gf_fq_pop(filter->pending_pids); if (pid->is_playing && filter->is_pid_adaptation_filter) a_pid->is_playing = GF_TRUE; gf_filter_pid_post_init_task(filter, a_pid); } } if (ctype==GF_PID_CONF_REMOVE) { gf_mx_p(filter->tasks_mx); gf_list_del_item(filter->input_pids, pidinst); filter->num_input_pids = gf_list_count(filter->input_pids); if (!filter->num_input_pids) filter->single_source = NULL; gf_mx_v(filter->tasks_mx); gf_mx_p(pidinst->pid->filter->tasks_mx); pidinst->pid->num_pidinst_del_pending ++; gf_list_del_item(pidinst->pid->destinations, pidinst); pidinst->pid->num_destinations = gf_list_count(pidinst->pid->destinations); gf_filter_instance_detach_pid(pidinst); gf_mx_v(pidinst->pid->filter->tasks_mx); if (!filter->num_input_pids && !filter->sticky) { gf_filter_reset_pending_packets(filter); filter->removed = 1; } gf_fs_post_task(filter->session, gf_filter_pid_inst_delete_task, pid->filter, pid, ""pid_inst_delete"", pidinst); return e; } if (ctype==GF_PID_CONF_CONNECT) { assert(pid->filter->out_pid_connection_pending); if (safe_int_dec(&pid->filter->out_pid_connection_pending) == 0) { if (refire_events) { GF_FilterEvent evt; if (pidinst->is_playing) { pidinst->is_playing = GF_FALSE; GF_FEVT_INIT(evt, GF_FEVT_PLAY, (GF_FilterPid*)pidinst); gf_filter_pid_send_event((GF_FilterPid *)pidinst, &evt); } if (pidinst->is_paused) { pidinst->is_paused = GF_FALSE; GF_FEVT_INIT(evt, GF_FEVT_PAUSE, (GF_FilterPid*)pidinst); gf_filter_pid_send_event((GF_FilterPid *)pidinst, &evt); } } if (e==GF_OK) { if (pid->filter->postponed_packets || pid->filter->pending_packets || pid->filter->nb_caps_renegociate) { gf_filter_post_process_task(pid->filter); } } } if (remove_filter && !filter->sticky) gf_filter_post_remove(filter); } gf_filter_pid_update_caps(pid); return e;",visit repo url,src/filter_core/filter_pid.c,https://github.com/gpac/gpac,32057319473151,1 4376,['CWE-264'],"void sk_stop_timer(struct sock *sk, struct timer_list* timer) { if (timer_pending(timer) && del_timer(timer)) __sock_put(sk); }",linux-2.6,,,340230797024456556112025144294182246782,0 3589,['CWE-20'],"struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, __u8 type, __u8 flags, int paylen) { struct sctp_chunk *retval; sctp_chunkhdr_t *chunk_hdr; struct sk_buff *skb; struct sock *sk; skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), GFP_ATOMIC); if (!skb) goto nodata; chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); chunk_hdr->type = type; chunk_hdr->flags = flags; chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); sk = asoc ? asoc->base.sk : NULL; retval = sctp_chunkify(skb, asoc, sk); if (!retval) { kfree_skb(skb); goto nodata; } retval->chunk_hdr = chunk_hdr; retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); if (sctp_auth_send_cid(type, asoc)) retval->auth = 1; skb->sk = sk; return retval; nodata: return NULL; }",linux-2.6,,,327308962417163785910186647102131882100,0 6400,CWE-20,"error_t enc624j600ReceivePacket(NetInterface *interface) { error_t error; uint16_t n; uint32_t status; Enc624j600Context *context; context = (Enc624j600Context *) interface->nicContext; if(enc624j600ReadReg(interface, ENC624J600_REG_ESTAT) & ESTAT_PKTCNT) { enc624j600WriteReg(interface, ENC624J600_REG_ERXRDPT, context->nextPacket); enc624j600ReadBuffer(interface, ENC624J600_CMD_RRXDATA, (uint8_t *) &context->nextPacket, sizeof(uint16_t)); context->nextPacket = letoh16(context->nextPacket); enc624j600ReadBuffer(interface, ENC624J600_CMD_RRXDATA, (uint8_t *) &n, sizeof(uint16_t)); n = letoh16(n); enc624j600ReadBuffer(interface, ENC624J600_CMD_RRXDATA, (uint8_t *) &status, sizeof(uint32_t)); status = letoh32(status); if((status & RSV_RECEIVED_OK) != 0) { n = MIN(n, ETH_MAX_FRAME_SIZE); enc624j600ReadBuffer(interface, ENC624J600_CMD_RRXDATA, context->rxBuffer, n); error = NO_ERROR; } else { error = ERROR_INVALID_PACKET; } if(context->nextPacket == ENC624J600_RX_BUFFER_START) { enc624j600WriteReg(interface, ENC624J600_REG_ERXTAIL, ENC624J600_RX_BUFFER_STOP); } else { enc624j600WriteReg(interface, ENC624J600_REG_ERXTAIL, context->nextPacket - 2); } enc624j600SetBit(interface, ENC624J600_REG_ECON1, ECON1_PKTDEC); } else { error = ERROR_BUFFER_EMPTY; } if(!error) { NetRxAncillary ancillary; ancillary = NET_DEFAULT_RX_ANCILLARY; nicProcessPacket(interface, context->rxBuffer, n, &ancillary); } return error; }",visit repo url,drivers/eth/enc624j600_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,186872913072087,1 6484,[],"lt_dlopenadvise (const char *filename, lt_dladvise advise) { lt_dlhandle handle = 0; int errors = 0; const char * saved_error = 0; LT__GETERROR (saved_error); if (advise && advise->is_symlocal && advise->is_symglobal) { LT__SETERROR (CONFLICTING_FLAGS); return 0; } if (!filename || !advise || !advise->try_ext || has_library_ext (filename)) { if (try_dlopen (&handle, filename, NULL, advise) != 0) return 0; return handle; } else if (filename && *filename) { errors += try_dlopen (&handle, filename, archive_ext, advise); if (handle || ((errors > 0) && !file_not_found ())) return handle; #if defined(LT_MODULE_EXT) LT__SETERRORSTR (saved_error); errors = try_dlopen (&handle, filename, shlib_ext, advise); if (handle || ((errors > 0) && !file_not_found ())) return handle; #endif } LT__SETERROR (FILE_NOT_FOUND); return 0; }",libtool,,,35351440739254207991644678323239570652,0 3239,['CWE-189'],"void jpc_qmfb_join_colres(jpc_fix_t *a, int numrows, int numcols, int stride, int parity) { int bufsize = JPC_CEILDIVPOW2(numrows, 1); jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE]; jpc_fix_t *buf = joinbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; register jpc_fix_t *srcptr2; register jpc_fix_t *dstptr2; register int n; register int i; int hstartcol; if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) { abort(); } } hstartcol = (numrows + 1 - parity) >> 1; n = hstartcol; srcptr = &a[0]; dstptr = buf; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < numcols; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } srcptr += stride; dstptr += numcols; } srcptr = &a[hstartcol * stride]; dstptr = &a[(1 - parity) * stride]; n = numrows - hstartcol; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < numcols; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += 2 * stride; srcptr += stride; } srcptr = buf; dstptr = &a[parity * stride]; n = hstartcol; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < numcols; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += 2 * stride; srcptr += numcols; } if (buf != joinbuf) { jas_free(buf); } }",jasper,,,208792465488352857381915277927073312673,0 555,CWE-189,"static int semctl_down(struct ipc_namespace *ns, int semid, int cmd, int version, void __user *p) { struct sem_array *sma; int err; struct semid64_ds semid64; struct kern_ipc_perm *ipcp; if(cmd == IPC_SET) { if (copy_semid_from_user(&semid64, p, version)) return -EFAULT; } ipcp = ipcctl_pre_down_nolock(ns, &sem_ids(ns), semid, cmd, &semid64.sem_perm, 0); if (IS_ERR(ipcp)) return PTR_ERR(ipcp); sma = container_of(ipcp, struct sem_array, sem_perm); err = security_sem_semctl(sma, cmd); if (err) { rcu_read_unlock(); goto out_unlock; } switch(cmd){ case IPC_RMID: ipc_lock_object(&sma->sem_perm); freeary(ns, ipcp); goto out_up; case IPC_SET: ipc_lock_object(&sma->sem_perm); err = ipc_update_perm(&semid64.sem_perm, ipcp); if (err) goto out_unlock; sma->sem_ctime = get_seconds(); break; default: rcu_read_unlock(); err = -EINVAL; goto out_up; } out_unlock: sem_unlock(sma); out_up: up_write(&sem_ids(ns).rw_mutex); return err; }",visit repo url,ipc/sem.c,https://github.com/torvalds/linux,88130473483486,1 5917,CWE-190,"static Jsi_RC jsi_ArrayFindSubCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this,Jsi_Value **ret, Jsi_Func *funcPtr, int op) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array""); Jsi_Obj *obj; int curlen; uint i; Jsi_RC rc = JSI_OK; Jsi_Value *func, *vpargs, *sthis = Jsi_ValueArrayIndex(interp, args, 1); func = Jsi_ValueArrayIndex(interp, args, 0); if (!Jsi_ValueIsFunction(interp, func)) return Jsi_LogError(""expected function""); Jsi_Value *nthis = NULL; if (!sthis) sthis = nthis = Jsi_ValueNew1(interp); obj = _this->d.obj; curlen = Jsi_ObjGetLength(interp, obj); if (curlen < 0) { Jsi_ObjSetLength(interp, obj, 0); } Jsi_ObjListifyArray(interp, obj); int fval = 0; Jsi_Value *nrPtr = Jsi_ValueNew1(interp); Jsi_Value *vobjs[3]; Jsi_Func *fptr = func->d.obj->d.fobj->func; int maa = (fptr->argnames?fptr->argnames->argCnt:0); if (maa>3) maa = 3; for (i = 0; i < obj->arrCnt && rc == JSI_OK; i++) { if (!obj->arr[i]) continue; vobjs[0] = obj->arr[i]; vobjs[1] = (maa>1?Jsi_ValueNewNumber(interp, i):NULL); vobjs[2] = _this; vpargs = Jsi_ValueMakeObject(interp, NULL, Jsi_ObjNewArray(interp, vobjs, maa, 0)); Jsi_IncrRefCount(interp, vpargs); rc = Jsi_FunctionInvoke(interp, func, vpargs, &nrPtr, sthis); Jsi_DecrRefCount(interp, vpargs); if (rc != JSI_OK) break; fval = Jsi_ValueIsTrue(interp, nrPtr); Jsi_ValueMakeUndef(interp, &nrPtr); if (op == 3) { if (!fval) break; } else if (fval) break; } if (rc == JSI_OK) { if (op == 1 && fval) Jsi_ValueCopy(interp, *ret, obj->arr[i]); else if (op == 2 || op == 3) Jsi_ValueMakeBool(interp, ret, fval); else if (op == 4) Jsi_ValueMakeNumber(interp, ret, (Jsi_Number)(fval?(int)i:-1)); } if (nthis) Jsi_DecrRefCount(interp, nthis); Jsi_DecrRefCount(interp, nrPtr); return rc; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,91848202378431,1 32,['CWE-264'],"static PHP_METHOD(SQLite, sqliteCreateFunction) { struct pdo_sqlite_func *func; zval *callback; char *func_name; int func_name_len; long argc = -1; char *cbname = NULL; pdo_dbh_t *dbh; pdo_sqlite_db_handle *H; int ret; if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""sz|l"", &func_name, &func_name_len, &callback, &argc)) { RETURN_FALSE; } dbh = zend_object_store_get_object(getThis() TSRMLS_CC); PDO_CONSTRUCT_CHECK; if (!zend_is_callable(callback, 0, &cbname TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""function '%s' is not callable"", cbname); efree(cbname); RETURN_FALSE; } efree(cbname); H = (pdo_sqlite_db_handle *)dbh->driver_data; func = (struct pdo_sqlite_func*)ecalloc(1, sizeof(*func)); ret = sqlite3_create_function(H->db, func_name, argc, SQLITE_UTF8, func, php_sqlite3_func_callback, NULL, NULL); if (ret == SQLITE_OK) { func->funcname = estrdup(func_name); MAKE_STD_ZVAL(func->func); MAKE_COPY_ZVAL(&callback, func->func); func->argc = argc; func->next = H->funcs; H->funcs = func; RETURN_TRUE; } efree(func); RETURN_FALSE; }",php-src,,,70816763282049699390488106834530239613,0 6491,['CWE-20'],"static int read_descriptor(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops, void *ptr, u16 *size, unsigned long *address, int op_bytes) { int rc; if (op_bytes == 2) op_bytes = 3; *address = 0; rc = ops->read_std((unsigned long)ptr, (unsigned long *)size, 2, ctxt->vcpu); if (rc) return rc; rc = ops->read_std((unsigned long)ptr + 2, address, op_bytes, ctxt->vcpu); return rc; }",kvm,,,191295860554288530666260315146082398362,0 5558,CWE-125,"ast2obj_mod(void* _o) { mod_ty o = (mod_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case Module_kind: result = PyType_GenericNew(Module_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Module.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Module.type_ignores, ast2obj_type_ignore); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type_ignores, value) == -1) goto failed; Py_DECREF(value); break; case Interactive_kind: result = PyType_GenericNew(Interactive_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Interactive.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; case Expression_kind: result = PyType_GenericNew(Expression_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Expression.body); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; case FunctionType_kind: result = PyType_GenericNew(FunctionType_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.FunctionType.argtypes, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_argtypes, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.FunctionType.returns); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_returns, value) == -1) goto failed; Py_DECREF(value); break; case Suite_kind: result = PyType_GenericNew(Suite_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Suite.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; } return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,192939688364872,1 2693,CWE-190,"SPL_METHOD(SplFileInfo, getFileInfo) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); zend_class_entry *ce = intern->info_class; zend_error_handling error_handling; zend_replace_error_handling(EH_THROW, spl_ce_UnexpectedValueException, &error_handling TSRMLS_CC); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""|C"", &ce) == SUCCESS) { spl_filesystem_object_create_type(ht, intern, SPL_FS_INFO, ce, return_value TSRMLS_CC); } zend_restore_error_handling(&error_handling TSRMLS_CC); }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,228787156080023,1 5470,['CWE-476'],"void kvm_arch_hardware_unsetup(void) { kvm_x86_ops->hardware_unsetup(); }",linux-2.6,,,127215099740261703452704095911403350543,0 2939,CWE-59,"static bool cgm_bind_dir(const char *root, const char *dirname) { nih_local char *cgpath = NULL; cgpath = NIH_MUST( nih_strdup(NULL, root) ); NIH_MUST( nih_strcat(&cgpath, NULL, ""/sys/fs/cgroup"") ); if (!dir_exists(cgpath)) { ERROR(""%s does not exist"", cgpath); return false; } if (mount(""cgroup"", cgpath, ""tmpfs"", 0, ""size=10000,mode=755"")) { SYSERROR(""Failed to mount tmpfs at %s"", cgpath); return false; } NIH_MUST( nih_strcat(&cgpath, NULL, ""/cgmanager"") ); if (mkdir(cgpath, 0755) < 0) { SYSERROR(""Failed to create %s"", cgpath); return false; } if (mount(dirname, cgpath, ""none"", MS_BIND, 0)) { SYSERROR(""Failed to bind mount %s to %s"", dirname, cgpath); return false; } return true; }",visit repo url,src/lxc/cgmanager.c,https://github.com/lxc/lxc,231264174751179,1 3373,CWE-119,"static MagickBooleanType WriteGROUP4Image(const ImageInfo *image_info, Image *image,ExceptionInfo *exception) { char filename[MagickPathExtent]; FILE *file; Image *huffman_image; ImageInfo *write_info; int unique_file; MagickBooleanType status; register ssize_t i; ssize_t count; TIFF *tiff; toff_t *byte_count, strip_size; unsigned char *buffer; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(image != (Image *) NULL); assert(image->signature == MagickCoreSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception); if (status == MagickFalse) return(status); huffman_image=CloneImage(image,0,0,MagickTrue,exception); if (huffman_image == (Image *) NULL) { (void) CloseBlob(image); return(MagickFalse); } huffman_image->endian=MSBEndian; file=(FILE *) NULL; unique_file=AcquireUniqueFileResource(filename); if (unique_file != -1) file=fdopen(unique_file,""wb""); if ((unique_file == -1) || (file == (FILE *) NULL)) { ThrowFileException(exception,FileOpenError,""UnableToCreateTemporaryFile"", filename); return(MagickFalse); } (void) FormatLocaleString(huffman_image->filename,MagickPathExtent,""tiff:%s"", filename); (void) SetImageType(huffman_image,BilevelType,exception); write_info=CloneImageInfo((ImageInfo *) NULL); SetImageInfoFile(write_info,file); (void) SetImageType(image,BilevelType,exception); (void) SetImageDepth(image,1,exception); write_info->compression=Group4Compression; write_info->type=BilevelType; (void) SetImageOption(write_info,""quantum:polarity"",""min-is-white""); status=WriteTIFFImage(write_info,huffman_image,exception); (void) fflush(file); write_info=DestroyImageInfo(write_info); if (status == MagickFalse) { huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); return(MagickFalse); } tiff=TIFFOpen(filename,""rb""); if (tiff == (TIFF *) NULL) { huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); ThrowFileException(exception,FileOpenError,""UnableToOpenFile"", image_info->filename); return(MagickFalse); } if (TIFFGetField(tiff,TIFFTAG_STRIPBYTECOUNTS,&byte_count) != 1) { TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); return(MagickFalse); } strip_size=byte_count[0]; for (i=1; i < (ssize_t) TIFFNumberOfStrips(tiff); i++) if (byte_count[i] > strip_size) strip_size=byte_count[i]; buffer=(unsigned char *) AcquireQuantumMemory((size_t) strip_size, sizeof(*buffer)); if (buffer == (unsigned char *) NULL) { TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); ThrowBinaryException(ResourceLimitError,""MemoryAllocationFailed"", image_info->filename); } for (i=0; i < (ssize_t) TIFFNumberOfStrips(tiff); i++) { count=(ssize_t) TIFFReadRawStrip(tiff,(uint32) i,buffer,strip_size); if (WriteBlob(image,(size_t) count,buffer) != count) status=MagickFalse; } buffer=(unsigned char *) RelinquishMagickMemory(buffer); TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); (void) CloseBlob(image); return(status); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,127830029859842,1 481,CWE-20,"static void request_key_auth_describe(const struct key *key, struct seq_file *m) { struct request_key_auth *rka = key->payload.data[0]; seq_puts(m, ""key:""); seq_puts(m, key->description); if (key_is_instantiated(key)) seq_printf(m, "" pid:%d ci:%zu"", rka->pid, rka->callout_len); }",visit repo url,security/keys/request_key_auth.c,https://github.com/torvalds/linux,66956741697699,1 6076,CWE-190,"void bn_read_raw(bn_t a, const dig_t *raw, int len) { RLC_TRY { bn_grow(a, len); a->used = len; a->sign = RLC_POS; dv_copy(a->dp, raw, len); bn_trim(a); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,116753847466509,1 2904,CWE-119,"swabHorAcc16(TIFF* tif, uint8* cp0, tmsize_t cc) { uint16* wp = (uint16*) cp0; tmsize_t wc = cc / 2; TIFFSwabArrayOfShort(wp, wc); horAcc16(tif, cp0, cc); }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,62932101159653,1 4392,['CWE-264'],"void sk_setup_caps(struct sock *sk, struct dst_entry *dst) { __sk_dst_set(sk, dst); sk->sk_route_caps = dst->dev->features; if (sk->sk_route_caps & NETIF_F_GSO) sk->sk_route_caps |= NETIF_F_GSO_SOFTWARE; if (sk_can_gso(sk)) { if (dst->header_len) { sk->sk_route_caps &= ~NETIF_F_GSO_MASK; } else { sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM; sk->sk_gso_max_size = dst->dev->gso_max_size; } } }",linux-2.6,,,217648757004851262179531302950414932049,0 5173,CWE-119,"void libxsmm_sparse_csc_reader( libxsmm_generated_code* io_generated_code, const char* i_csc_file_in, unsigned int** o_row_idx, unsigned int** o_column_idx, double** o_values, unsigned int* o_row_count, unsigned int* o_column_count, unsigned int* o_element_count ) { FILE *l_csc_file_handle; const unsigned int l_line_length = 512; char l_line[512 +1]; unsigned int l_header_read = 0; unsigned int* l_column_idx_id = NULL; unsigned int l_i = 0; l_csc_file_handle = fopen( i_csc_file_in, ""r"" ); if ( l_csc_file_handle == NULL ) { LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_INPUT ); return; } while (fgets(l_line, l_line_length, l_csc_file_handle) != NULL) { if ( strlen(l_line) == l_line_length ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; fclose( l_csc_file_handle ); LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_LEN ); return; } if ( l_line[0] == '%' ) { continue; } else { if ( l_header_read == 0 ) { if ( sscanf(l_line, ""%u %u %u"", o_row_count, o_column_count, o_element_count) == 3 ) { *o_row_idx = (unsigned int*) malloc(sizeof(unsigned int) * (*o_element_count)); *o_column_idx = (unsigned int*) malloc(sizeof(unsigned int) * ((size_t)(*o_column_count) + 1)); *o_values = (double*) malloc(sizeof(double) * (*o_element_count)); l_column_idx_id = (unsigned int*) malloc(sizeof(unsigned int) * (*o_column_count)); if ( ( *o_row_idx == NULL ) || ( *o_column_idx == NULL ) || ( *o_values == NULL ) || ( l_column_idx_id == NULL ) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; fclose(l_csc_file_handle); LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_ALLOC_DATA ); return; } memset(*o_row_idx, 0, sizeof(unsigned int) * (*o_element_count)); memset(*o_column_idx, 0, sizeof(unsigned int) * ((size_t)(*o_column_count) + 1)); memset(*o_values, 0, sizeof(double) * (*o_element_count)); memset(l_column_idx_id, 0, sizeof(unsigned int) * (*o_column_count)); for (l_i = 0; l_i <= *o_column_count; ++l_i) { (*o_column_idx)[l_i] = *o_element_count; } (*o_column_idx)[0] = 0; l_i = 0; l_header_read = 1; } else { LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_DESC ); fclose( l_csc_file_handle ); return; } } else { unsigned int l_row = 0, l_column = 0; double l_value = 0; if ( sscanf(l_line, ""%u %u %lf"", &l_row, &l_column, &l_value) != 3 ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; fclose(l_csc_file_handle); LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_READ_ELEMS ); return; } l_row--; l_column--; (*o_row_idx)[l_i] = l_row; (*o_values)[l_i] = l_value; l_i++; l_column_idx_id[l_column] = 1; (*o_column_idx)[l_column+1] = l_i; } } } fclose( l_csc_file_handle ); if ( l_i != (*o_element_count) ) { free(*o_row_idx); free(*o_column_idx); free(*o_values); free(l_column_idx_id); *o_row_idx = 0; *o_column_idx = 0; *o_values = 0; LIBXSMM_HANDLE_ERROR( io_generated_code, LIBXSMM_ERR_CSC_LEN ); return; } if ( l_column_idx_id != NULL ) { for ( l_i = 0; l_i < (*o_column_count); l_i++) { if ( l_column_idx_id[l_i] == 0 ) { (*o_column_idx)[l_i+1] = (*o_column_idx)[l_i]; } } free( l_column_idx_id ); } }",visit repo url,src/generator_spgemm_csc_reader.c,https://github.com/hfp/libxsmm,44364376158328,1 362,[],"pfm_restart(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { struct task_struct *task; pfm_buffer_fmt_t *fmt; pfm_ovfl_ctrl_t rst_ctrl; int state, is_system; int ret = 0; state = ctx->ctx_state; fmt = ctx->ctx_buf_fmt; is_system = ctx->ctx_fl_system; task = PFM_CTX_TASK(ctx); switch(state) { case PFM_CTX_MASKED: break; case PFM_CTX_LOADED: if (CTX_HAS_SMPL(ctx) && fmt->fmt_restart_active) break; case PFM_CTX_UNLOADED: case PFM_CTX_ZOMBIE: DPRINT((""invalid state=%d\n"", state)); return -EBUSY; default: DPRINT((""state=%d, cannot operate (no active_restart handler)\n"", state)); return -EINVAL; } if (is_system && ctx->ctx_cpu != smp_processor_id()) { DPRINT((""should be running on CPU%d\n"", ctx->ctx_cpu)); return -EBUSY; } if (unlikely(task == NULL)) { printk(KERN_ERR ""perfmon: [%d] pfm_restart no task\n"", current->pid); return -EINVAL; } if (task == current || is_system) { fmt = ctx->ctx_buf_fmt; DPRINT((""restarting self %d ovfl=0x%lx\n"", task->pid, ctx->ctx_ovfl_regs[0])); if (CTX_HAS_SMPL(ctx)) { prefetch(ctx->ctx_smpl_hdr); rst_ctrl.bits.mask_monitoring = 0; rst_ctrl.bits.reset_ovfl_pmds = 0; if (state == PFM_CTX_LOADED) ret = pfm_buf_fmt_restart_active(fmt, task, &rst_ctrl, ctx->ctx_smpl_hdr, regs); else ret = pfm_buf_fmt_restart(fmt, task, &rst_ctrl, ctx->ctx_smpl_hdr, regs); } else { rst_ctrl.bits.mask_monitoring = 0; rst_ctrl.bits.reset_ovfl_pmds = 1; } if (ret == 0) { if (rst_ctrl.bits.reset_ovfl_pmds) pfm_reset_regs(ctx, ctx->ctx_ovfl_regs, PFM_PMD_LONG_RESET); if (rst_ctrl.bits.mask_monitoring == 0) { DPRINT((""resuming monitoring for [%d]\n"", task->pid)); if (state == PFM_CTX_MASKED) pfm_restore_monitoring(task); } else { DPRINT((""keeping monitoring stopped for [%d]\n"", task->pid)); } } ctx->ctx_ovfl_regs[0] = 0UL; ctx->ctx_state = PFM_CTX_LOADED; ctx->ctx_fl_can_restart = 0; return 0; } if (state == PFM_CTX_MASKED) { if (ctx->ctx_fl_can_restart == 0) return -EINVAL; ctx->ctx_fl_can_restart = 0; } if (CTX_OVFL_NOBLOCK(ctx) == 0 && state == PFM_CTX_MASKED) { DPRINT((""unblocking [%d] \n"", task->pid)); complete(&ctx->ctx_restart_done); } else { DPRINT((""[%d] armed exit trap\n"", task->pid)); ctx->ctx_fl_trap_reason = PFM_TRAP_REASON_RESET; PFM_SET_WORK_PENDING(task, 1); pfm_set_task_notify(task); } return 0; }",linux-2.6,,,220881886874330048787764636881545923483,0 4230,CWE-78,"static int bin_symbols(RCore *r, int mode, ut64 laddr, int va, ut64 at, const char *name, bool exponly, const char *args) { RBinInfo *info = r_bin_get_info (r->bin); RList *entries = r_bin_get_entries (r->bin); RBinSymbol *symbol; RBinAddr *entry; RListIter *iter; bool firstexp = true; bool printHere = false; int i = 0, lastfs = 's'; bool bin_demangle = r_config_get_i (r->config, ""bin.demangle""); if (!info) { return 0; } if (args && *args == '.') { printHere = true; } bool is_arm = info && info->arch && !strncmp (info->arch, ""arm"", 3); const char *lang = bin_demangle ? r_config_get (r->config, ""bin.lang"") : NULL; RList *symbols = r_bin_get_symbols (r->bin); r_spaces_push (&r->anal->meta_spaces, ""bin""); if (IS_MODE_JSON (mode) && !printHere) { r_cons_printf (""[""); } else if (IS_MODE_SET (mode)) { r_flag_space_set (r->flags, R_FLAGS_FS_SYMBOLS); } else if (!at && exponly) { if (IS_MODE_RAD (mode)) { r_cons_printf (""fs exports\n""); } else if (IS_MODE_NORMAL (mode)) { r_cons_printf (printHere ? """" : ""[Exports]\n""); } } else if (!at && !exponly) { if (IS_MODE_RAD (mode)) { r_cons_printf (""fs symbols\n""); } else if (IS_MODE_NORMAL (mode)) { r_cons_printf (printHere ? """" : ""[Symbols]\n""); } } if (IS_MODE_NORMAL (mode)) { r_cons_printf (""Num Paddr Vaddr Bind Type Size Name\n""); } size_t count = 0; r_list_foreach (symbols, iter, symbol) { if (!symbol->name) { continue; } char *r_symbol_name = r_str_escape_utf8 (symbol->name, false, true); ut64 addr = compute_addr (r->bin, symbol->paddr, symbol->vaddr, va); int len = symbol->size ? symbol->size : 32; SymName sn = {0}; if (exponly && !isAnExport (symbol)) { free (r_symbol_name); continue; } if (name && strcmp (r_symbol_name, name)) { free (r_symbol_name); continue; } if (at && (!symbol->size || !is_in_range (at, addr, symbol->size))) { free (r_symbol_name); continue; } if ((printHere && !is_in_range (r->offset, symbol->paddr, len)) && (printHere && !is_in_range (r->offset, addr, len))) { free (r_symbol_name); continue; } count ++; snInit (r, &sn, symbol, lang); if (IS_MODE_SET (mode) && (is_section_symbol (symbol) || is_file_symbol (symbol))) { } else if (IS_MODE_SET (mode) && is_special_symbol (symbol)) { if (is_arm) { handle_arm_special_symbol (r, symbol, va); } } else if (IS_MODE_SET (mode)) { if (is_arm) { handle_arm_symbol (r, symbol, info, va); } select_flag_space (r, symbol); if (sn.classname) { RFlagItem *fi = r_flag_get (r->flags, sn.methflag); if (r->bin->prefix) { char *prname = r_str_newf (""%s.%s"", r->bin->prefix, sn.methflag); r_name_filter (sn.methflag, -1); free (sn.methflag); sn.methflag = prname; } if (fi) { r_flag_item_set_realname (fi, sn.methname); if ((fi->offset - r->flags->base) == addr) { r_flag_unset (r->flags, fi); } } else { fi = r_flag_set (r->flags, sn.methflag, addr, symbol->size); char *comment = fi->comment ? strdup (fi->comment) : NULL; if (comment) { r_flag_item_set_comment (fi, comment); R_FREE (comment); } } } else { const char *n = sn.demname ? sn.demname : sn.name; const char *fn = sn.demflag ? sn.demflag : sn.nameflag; char *fnp = (r->bin->prefix) ? r_str_newf (""%s.%s"", r->bin->prefix, fn): strdup (fn); RFlagItem *fi = r_flag_set (r->flags, fnp, addr, symbol->size); if (fi) { r_flag_item_set_realname (fi, n); fi->demangled = (bool)(size_t)sn.demname; } else { if (fn) { eprintf (""[Warning] Can't find flag (%s)\n"", fn); } } free (fnp); } if (sn.demname) { r_meta_add (r->anal, R_META_TYPE_COMMENT, addr, symbol->size, sn.demname); } r_flag_space_pop (r->flags); } else if (IS_MODE_JSON (mode)) { char *str = r_str_escape_utf8_for_json (r_symbol_name, -1); r_cons_printf (""%s{\""name\"":\""%s\"","" ""\""demname\"":\""%s\"","" ""\""flagname\"":\""%s\"","" ""\""ordinal\"":%d,"" ""\""bind\"":\""%s\"","" ""\""size\"":%d,"" ""\""type\"":\""%s\"","" ""\""vaddr\"":%""PFMT64d"","" ""\""paddr\"":%""PFMT64d""}"", ((exponly && firstexp) || printHere) ? """" : (iter->p ? "","" : """"), str, sn.demname? sn.demname: """", sn.nameflag, symbol->ordinal, symbol->bind, (int)symbol->size, symbol->type, (ut64)addr, (ut64)symbol->paddr); free (str); } else if (IS_MODE_SIMPLE (mode)) { const char *name = sn.demname? sn.demname: r_symbol_name; r_cons_printf (""0x%08""PFMT64x"" %d %s\n"", addr, (int)symbol->size, name); } else if (IS_MODE_SIMPLEST (mode)) { const char *name = sn.demname? sn.demname: r_symbol_name; r_cons_printf (""%s\n"", name); } else if (IS_MODE_RAD (mode)) { if (is_special_symbol (symbol)) { goto next; } RBinFile *binfile; RBinPlugin *plugin; const char *name = sn.demname? sn.demname: r_symbol_name; if (!name) { goto next; } if (!strncmp (name, ""imp."", 4)) { if (lastfs != 'i') { r_cons_printf (""fs imports\n""); } lastfs = 'i'; } else { if (lastfs != 's') { const char *fs = exponly? ""exports"": ""symbols""; r_cons_printf (""fs %s\n"", fs); } lastfs = 's'; } if (r->bin->prefix || *name) { char *flagname = construct_symbol_flagname (""sym"", name, MAXFLAG_LEN_DEFAULT); if (!flagname) { goto next; } r_cons_printf (""\""f %s%s%s %u 0x%08"" PFMT64x ""\""\n"", r->bin->prefix ? r->bin->prefix : """", r->bin->prefix ? ""."" : """", flagname, symbol->size, addr); free (flagname); } binfile = r_bin_cur (r->bin); plugin = r_bin_file_cur_plugin (binfile); if (plugin && plugin->name) { if (r_str_startswith (plugin->name, ""pe"")) { char *module = strdup (r_symbol_name); char *p = strstr (module, "".dll_""); if (p && strstr (module, ""imp."")) { char *symname = __filterShell (p + 5); char *m = __filterShell (module); *p = 0; if (r->bin->prefix) { r_cons_printf (""k bin/pe/%s/%d=%s.%s\n"", module, symbol->ordinal, r->bin->prefix, symname); } else { r_cons_printf (""k bin/pe/%s/%d=%s\n"", module, symbol->ordinal, symname); } free (symname); free (m); } free (module); } } } else { const char *bind = symbol->bind? symbol->bind: ""NONE""; const char *type = symbol->type? symbol->type: ""NONE""; const char *name = r_str_get (sn.demname? sn.demname: r_symbol_name); r_cons_printf (""%03u"", symbol->ordinal); if (symbol->paddr == UT64_MAX) { r_cons_printf ("" ----------""); } else { r_cons_printf ("" 0x%08""PFMT64x, symbol->paddr); } r_cons_printf ("" 0x%08""PFMT64x"" %6s %6s %4d%s%s\n"", addr, bind, type, symbol->size, *name? "" "": """", name); } next: snFini (&sn); i++; free (r_symbol_name); if (exponly && firstexp) { firstexp = false; } if (printHere) { break; } } if (count == 0 && IS_MODE_JSON (mode)) { r_cons_printf (""{}""); } if (is_arm) { r_list_foreach (entries, iter, entry) { if (IS_MODE_SET (mode)) { handle_arm_entry (r, entry, info, va); } } } if (IS_MODE_JSON (mode) && !printHere) { r_cons_printf (""]""); } r_spaces_pop (&r->anal->meta_spaces); return true; }",visit repo url,libr/core/cbin.c,https://github.com/radareorg/radare2,207876984376665,1 4225,CWE-74,"static int cmd_meta_comment(RCore *core, const char *input) { ut64 addr = core->offset; switch (input[1]) { case '?': r_core_cmd_help (core, help_msg_CC); break; case ',': r_meta_print_list_all (core->anal, R_META_TYPE_COMMENT, ',', input + 2); break; case 'F': if (input[2]=='?') { eprintf (""Usage: CCF [file]\n""); } else if (input[2] == ' ') { const char *fn = input + 2; const char *comment = r_meta_get_string (core->anal, R_META_TYPE_COMMENT, addr); fn = r_str_trim_head_ro (fn); if (comment && *comment) { char *nc = r_str_newf (""%s ,(%s)"", comment, fn); r_meta_set_string (core->anal, R_META_TYPE_COMMENT, addr, nc); free (nc); } else { char *newcomment = r_str_newf ("",(%s)"", fn); r_meta_set_string (core->anal, R_META_TYPE_COMMENT, addr, newcomment); free (newcomment); } } else { const char *comment = r_meta_get_string (core->anal, R_META_TYPE_COMMENT, addr); if (comment && *comment) { char *cmtfile = r_str_between (comment, "",("", "")""); if (cmtfile && *cmtfile) { char *cwd = getcommapath (core); r_cons_printf (""%s""R_SYS_DIR""%s\n"", cwd, cmtfile); free (cwd); } free (cmtfile); } } break; case '.': { ut64 at = input[2]? r_num_math (core->num, input + 2): addr; const char *comment = r_meta_get_string (core->anal, R_META_TYPE_COMMENT, at); if (comment) { r_cons_println (comment); } } break; case 0: r_meta_print_list_all (core->anal, R_META_TYPE_COMMENT, 0, NULL); break; case 'f': switch (input[2]) { case '-': { ut64 arg = r_num_math (core->num, input + 2); if (!arg) { arg = core->offset; } RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, arg, 0); if (fcn) { RAnalBlock *bb; RListIter *iter; r_list_foreach (fcn->bbs, iter, bb) { int i; for (i = 0; i < bb->size; i++) { ut64 addr = bb->addr + i; r_meta_del (core->anal, R_META_TYPE_COMMENT, addr, 1); } } } } break; case ',': r_meta_print_list_in_function (core->anal, R_META_TYPE_COMMENT, ',', core->offset, input + 3); break; case 'j': r_meta_print_list_in_function (core->anal, R_META_TYPE_COMMENT, 'j', core->offset, NULL); break; case '*': r_meta_print_list_in_function (core->anal, R_META_TYPE_COMMENT, 1, core->offset, NULL); break; default: r_meta_print_list_in_function (core->anal, R_META_TYPE_COMMENT, 0, core->offset, NULL); break; } break; case 'j': r_meta_print_list_all (core->anal, R_META_TYPE_COMMENT, 'j', input + 2); break; case '!': { char *out; const char *comment = r_meta_get_string (core->anal, R_META_TYPE_COMMENT, addr); out = r_core_editor (core, NULL, comment); if (out) { r_core_cmdf (core, ""CC-@0x%08""PFMT64x, addr); r_meta_set_string (core->anal, R_META_TYPE_COMMENT, addr, out); free (out); } } break; case '+': case ' ': { const char *newcomment = r_str_trim_head_ro (input + 2); const char *comment = r_meta_get_string (core->anal, R_META_TYPE_COMMENT, addr); char *text; char *nc = strdup (newcomment); r_str_unescape (nc); if (comment) { text = malloc (strlen (comment) + strlen (newcomment) + 2); if (text) { strcpy (text, comment); strcat (text, "" ""); strcat (text, nc); r_meta_set_string (core->anal, R_META_TYPE_COMMENT, addr, text); free (text); } else { r_sys_perror (""malloc""); } } else { r_meta_set_string (core->anal, R_META_TYPE_COMMENT, addr, nc); if (r_config_get_b (core->config, ""cmd.undo"")) { char *a = r_str_newf (""CC-0x%08""PFMT64x, addr); char *b = r_str_newf (""CC %s@0x%08""PFMT64x, nc, addr); RCoreUndo *uc = r_core_undo_new (core->offset, b, a); r_core_undo_push (core, uc); free (a); free (b); } } free (nc); } break; case '*': r_meta_print_list_all (core->anal, R_META_TYPE_COMMENT, 1, NULL); break; case '-': if (input[2] == '*') { r_meta_del (core->anal, R_META_TYPE_COMMENT, UT64_MAX, UT64_MAX); } else if (input[2]) { ut64 arg = r_num_math (core->num, input + 2); r_meta_del (core->anal, R_META_TYPE_COMMENT, arg, 1); } else { r_meta_del (core->anal, R_META_TYPE_COMMENT, core->offset, 1); } break; case 'u': { char *newcomment; const char *arg = input + 2; while (*arg && *arg == ' ') arg++; if (!strncmp (arg, ""base64:"", 7)) { char *s = (char *)sdb_decode (arg + 7, NULL); if (s) { newcomment = s; } else { newcomment = NULL; } } else { newcomment = strdup (arg); } if (newcomment) { const char *comment = r_meta_get_string (core->anal, R_META_TYPE_COMMENT, addr); if (!comment || (comment && !strstr (comment, newcomment))) { r_meta_set_string (core->anal, R_META_TYPE_COMMENT, addr, newcomment); } free (newcomment); } } break; case 'a': { char *s, *p; s = strchr (input, ' '); if (s) { s = strdup (s + 1); } else { eprintf (""Usage: CCa [address] [comment]\n""); eprintf (""Usage: CCa-[address]\n""); return false; } p = strchr (s, ' '); if (p) { *p++ = 0; } ut64 addr; if (input[2] == '-') { if (input[3]) { addr = r_num_math (core->num, input+3); r_meta_del (core->anal, R_META_TYPE_COMMENT, addr, 1); } else { eprintf (""Usage: CCa-[address]\n""); } free (s); return true; } addr = r_num_math (core->num, s); if (p) { if (input[2]=='+') { const char *comment = r_meta_get_string (core->anal, R_META_TYPE_COMMENT, addr); if (comment) { char *text = r_str_newf (""%s\n%s"", comment, p); r_meta_set (core->anal, R_META_TYPE_COMMENT, addr, 1, text); free (text); } else { r_meta_set (core->anal, R_META_TYPE_COMMENT, addr, 1, p); } } else { r_meta_set (core->anal, R_META_TYPE_COMMENT, addr, 1, p); } } else { eprintf (""Usage: CCa [address] [comment]\n""); } free (s); return true; } } return true; }",visit repo url,libr/core/cmd_meta.c,https://github.com/radareorg/radare2,218062013825709,1 944,CWE-19,"xfs_attr3_leaf_getvalue( struct xfs_buf *bp, struct xfs_da_args *args) { struct xfs_attr_leafblock *leaf; struct xfs_attr3_icleaf_hdr ichdr; struct xfs_attr_leaf_entry *entry; struct xfs_attr_leaf_name_local *name_loc; struct xfs_attr_leaf_name_remote *name_rmt; int valuelen; leaf = bp->b_addr; xfs_attr3_leaf_hdr_from_disk(&ichdr, leaf); ASSERT(ichdr.count < XFS_LBSIZE(args->dp->i_mount) / 8); ASSERT(args->index < ichdr.count); entry = &xfs_attr3_leaf_entryp(leaf)[args->index]; if (entry->flags & XFS_ATTR_LOCAL) { name_loc = xfs_attr3_leaf_name_local(leaf, args->index); ASSERT(name_loc->namelen == args->namelen); ASSERT(memcmp(args->name, name_loc->nameval, args->namelen) == 0); valuelen = be16_to_cpu(name_loc->valuelen); if (args->flags & ATTR_KERNOVAL) { args->valuelen = valuelen; return 0; } if (args->valuelen < valuelen) { args->valuelen = valuelen; return XFS_ERROR(ERANGE); } args->valuelen = valuelen; memcpy(args->value, &name_loc->nameval[args->namelen], valuelen); } else { name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index); ASSERT(name_rmt->namelen == args->namelen); ASSERT(memcmp(args->name, name_rmt->name, args->namelen) == 0); valuelen = be32_to_cpu(name_rmt->valuelen); args->rmtblkno = be32_to_cpu(name_rmt->valueblk); args->rmtblkcnt = xfs_attr3_rmt_blocks(args->dp->i_mount, valuelen); if (args->flags & ATTR_KERNOVAL) { args->valuelen = valuelen; return 0; } if (args->valuelen < valuelen) { args->valuelen = valuelen; return XFS_ERROR(ERANGE); } args->valuelen = valuelen; } return 0; }",visit repo url,fs/xfs/xfs_attr_leaf.c,https://github.com/torvalds/linux,124531087846675,1 2373,CWE-787,"static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPacket *avpkt) { EXRContext *s = avctx->priv_data; ThreadFrame frame = { .f = data }; AVFrame *picture = data; uint8_t *ptr; int i, y, ret, ymax; int planes; int out_line_size; int nb_blocks; uint64_t start_offset_table; uint64_t start_next_scanline; PutByteContext offset_table_writer; bytestream2_init(&s->gb, avpkt->data, avpkt->size); if ((ret = decode_header(s, picture)) < 0) return ret; switch (s->pixel_type) { case EXR_FLOAT: case EXR_HALF: if (s->channel_offsets[3] >= 0) { if (!s->is_luma) { avctx->pix_fmt = AV_PIX_FMT_GBRAPF32; } else { avctx->pix_fmt = AV_PIX_FMT_GBRAPF32; } } else { if (!s->is_luma) { avctx->pix_fmt = AV_PIX_FMT_GBRPF32; } else { avctx->pix_fmt = AV_PIX_FMT_GRAYF32; } } break; case EXR_UINT: if (s->channel_offsets[3] >= 0) { if (!s->is_luma) { avctx->pix_fmt = AV_PIX_FMT_RGBA64; } else { avctx->pix_fmt = AV_PIX_FMT_YA16; } } else { if (!s->is_luma) { avctx->pix_fmt = AV_PIX_FMT_RGB48; } else { avctx->pix_fmt = AV_PIX_FMT_GRAY16; } } break; default: av_log(avctx, AV_LOG_ERROR, ""Missing channel list.\n""); return AVERROR_INVALIDDATA; } if (s->apply_trc_type != AVCOL_TRC_UNSPECIFIED) avctx->color_trc = s->apply_trc_type; switch (s->compression) { case EXR_RAW: case EXR_RLE: case EXR_ZIP1: s->scan_lines_per_block = 1; break; case EXR_PXR24: case EXR_ZIP16: s->scan_lines_per_block = 16; break; case EXR_PIZ: case EXR_B44: case EXR_B44A: s->scan_lines_per_block = 32; break; default: avpriv_report_missing_feature(avctx, ""Compression %d"", s->compression); return AVERROR_PATCHWELCOME; } if (s->xmin > s->xmax || s->ymin > s->ymax || s->ydelta == 0xFFFFFFFF || s->xdelta == 0xFFFFFFFF) { av_log(avctx, AV_LOG_ERROR, ""Wrong or missing size information.\n""); return AVERROR_INVALIDDATA; } if ((ret = ff_set_dimensions(avctx, s->w, s->h)) < 0) return ret; s->desc = av_pix_fmt_desc_get(avctx->pix_fmt); if (!s->desc) return AVERROR_INVALIDDATA; if (s->desc->flags & AV_PIX_FMT_FLAG_FLOAT) { planes = s->desc->nb_components; out_line_size = avctx->width * 4; } else { planes = 1; out_line_size = avctx->width * 2 * s->desc->nb_components; } if (s->is_tile) { nb_blocks = ((s->xdelta + s->tile_attr.xSize - 1) / s->tile_attr.xSize) * ((s->ydelta + s->tile_attr.ySize - 1) / s->tile_attr.ySize); } else { nb_blocks = (s->ydelta + s->scan_lines_per_block - 1) / s->scan_lines_per_block; } if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0) return ret; if (bytestream2_get_bytes_left(&s->gb)/8 < nb_blocks) return AVERROR_INVALIDDATA; if (!s->is_tile && bytestream2_peek_le64(&s->gb) == 0) { av_log(s->avctx, AV_LOG_DEBUG, ""recreating invalid scanline offset table\n""); start_offset_table = bytestream2_tell(&s->gb); start_next_scanline = start_offset_table + nb_blocks * 8; bytestream2_init_writer(&offset_table_writer, &avpkt->data[start_offset_table], nb_blocks * 8); for (y = 0; y < nb_blocks; y++) { bytestream2_put_le64(&offset_table_writer, start_next_scanline); bytestream2_seek(&s->gb, start_next_scanline + 4, SEEK_SET); start_next_scanline += (bytestream2_get_le32(&s->gb) + 8); } bytestream2_seek(&s->gb, start_offset_table, SEEK_SET); } s->buf = avpkt->data; s->buf_size = avpkt->size; for (i = 0; i < planes; i++) { ptr = picture->data[i]; for (y = 0; y < s->ymin; y++) { memset(ptr, 0, out_line_size); ptr += picture->linesize[i]; } } s->picture = picture; avctx->execute2(avctx, decode_block, s->thread_data, NULL, nb_blocks); ymax = FFMAX(0, s->ymax + 1); for (i = 0; i < planes; i++) { ptr = picture->data[i] + (ymax * picture->linesize[i]); for (y = ymax; y < avctx->height; y++) { memset(ptr, 0, out_line_size); ptr += picture->linesize[i]; } } picture->pict_type = AV_PICTURE_TYPE_I; *got_frame = 1; return avpkt->size; }",visit repo url,libavcodec/exr.c,https://github.com/FFmpeg/FFmpeg,33440044024395,1 5401,CWE-787,"int main(int argc, char *argv[]) { int result; int infoOnly = 0; int writeToStdio = 0; int readFromStdin = 0; int object_type = LC; int def_srate = 0; int downMatrix = 0; int format = 1; int outputFormat = FAAD_FMT_16BIT; int outfile_set = 0; int adts_out = 0; int old_format = 0; int showHelp = 0; int mp4file = 0; int noGapless = 0; char *fnp; char aacFileName[255]; char audioFileName[255]; char adtsFileName[255]; unsigned char header[8]; float length = 0; FILE *hMP4File; #ifdef _WIN32 long begin; #else clock_t begin; #endif unsigned long cap = NeAACDecGetCapabilities(); progName = argv[0]; while (1) { int c = -1; int option_index = 0; static struct option long_options[] = { { ""quiet"", 0, 0, 'q' }, { ""outfile"", 0, 0, 'o' }, { ""adtsout"", 0, 0, 'a' }, { ""oldformat"", 0, 0, 't' }, { ""format"", 0, 0, 'f' }, { ""bits"", 0, 0, 'b' }, { ""samplerate"", 0, 0, 's' }, { ""objecttype"", 0, 0, 'l' }, { ""downmix"", 0, 0, 'd' }, { ""info"", 0, 0, 'i' }, { ""stdio"", 0, 0, 'w' }, { ""stdio"", 0, 0, 'g' }, { ""help"", 0, 0, 'h' }, { 0, 0, 0, 0 } }; c = getopt_long(argc, argv, ""o:a:s:f:b:l:wgdhitq"", long_options, &option_index); if (c == -1) break; switch (c) { case 'o': if (optarg) { outfile_set = 1; strcpy(audioFileName, optarg); } break; case 'a': if (optarg) { adts_out = 1; strcpy(adtsFileName, optarg); } break; case 's': if (optarg) { char dr[10]; if (sscanf(optarg, ""%s"", dr) < 1) { def_srate = 0; } else { def_srate = atoi(dr); } } break; case 'f': if (optarg) { char dr[10]; if (sscanf(optarg, ""%s"", dr) < 1) { format = 1; } else { format = atoi(dr); if ((format < 1) || (format > 2)) showHelp = 1; } } break; case 'b': if (optarg) { char dr[10]; if (sscanf(optarg, ""%s"", dr) < 1) { outputFormat = FAAD_FMT_16BIT; } else { outputFormat = atoi(dr); if ((outputFormat < 1) || (outputFormat > 5)) showHelp = 1; } } break; case 'l': if (optarg) { char dr[10]; if (sscanf(optarg, ""%s"", dr) < 1) { object_type = LC; } else { object_type = atoi(dr); if ((object_type != LC) && (object_type != MAIN) && (object_type != LTP) && (object_type != LD)) { showHelp = 1; } } } break; case 't': old_format = 1; break; case 'd': downMatrix = 1; break; case 'w': writeToStdio = 1; break; case 'g': noGapless = 1; break; case 'i': infoOnly = 1; break; case 'h': showHelp = 1; break; case 'q': quiet = 1; break; default: break; } } faad_fprintf(stderr, "" *********** Ahead Software MPEG-4 AAC Decoder V%s ******************\n\n"", FAAD2_VERSION); faad_fprintf(stderr, "" Build: %s\n"", __DATE__); faad_fprintf(stderr, "" Copyright 2002-2004: Ahead Software AG\n""); faad_fprintf(stderr, "" http://www.audiocoding.com\n""); if (cap & FIXED_POINT_CAP) faad_fprintf(stderr, "" Fixed point version\n""); else faad_fprintf(stderr, "" Floating point version\n""); faad_fprintf(stderr, ""\n""); faad_fprintf(stderr, "" This program is free software; you can redistribute it and/or modify\n""); faad_fprintf(stderr, "" it under the terms of the GNU General Public License.\n""); faad_fprintf(stderr, ""\n""); faad_fprintf(stderr, "" **************************************************************************\n\n""); if (((argc - optind) < 1) || showHelp) { usage(); return 1; } #if 0 if (writeToStdio == 1) { format = 2; } #endif strcpy(aacFileName, argv[optind]); #ifdef _WIN32 begin = GetTickCount(); #else begin = clock(); #endif if(!writeToStdio && !outfile_set) { strcpy(audioFileName, aacFileName); fnp = (char *)strrchr(audioFileName,'.'); if (fnp) fnp[0] = '\0'; strcat(audioFileName, file_ext[format]); } if (0 == strcmp(aacFileName, ""-"")) { faad_fprintf(stderr, ""Reading from stdin: %s\n"", aacFileName); readFromStdin = 1; hMP4File = stdin; #ifdef _WIN32 setmode(fileno(stdin), O_BINARY); #endif } else { mp4file = 0; hMP4File = fopen(aacFileName, ""rb""); if (!hMP4File) { faad_fprintf(stderr, ""Error opening file: %s\n"", aacFileName); return 1; } } fread(header, 1, 8, hMP4File); if (! readFromStdin ) fclose(hMP4File); if (header[4] == 'f' && header[5] == 't' && header[6] == 'y' && header[7] == 'p') mp4file = 1; if (mp4file) { result = decodeMP4file(aacFileName, audioFileName, adtsFileName, writeToStdio, outputFormat, format, downMatrix, noGapless, infoOnly, adts_out, &length); } else { if (readFromStdin == 1) { ungetc(header[7],hMP4File); ungetc(header[6],hMP4File); ungetc(header[5],hMP4File); ungetc(header[4],hMP4File); ungetc(header[3],hMP4File); ungetc(header[2],hMP4File); ungetc(header[1],hMP4File); ungetc(header[0],hMP4File); } result = decodeAACfile(aacFileName, audioFileName, adtsFileName, writeToStdio, def_srate, object_type, outputFormat, format, downMatrix, infoOnly, adts_out, old_format, &length); } if (!result && !infoOnly) { #ifdef _WIN32 float dec_length = (float)(GetTickCount()-begin)/1000.0; SetConsoleTitle(""FAAD""); #else float dec_length = (float)(clock() - begin)/(float)CLOCKS_PER_SEC; #endif faad_fprintf(stderr, ""Decoding %s took: %5.2f sec. %5.2fx real-time.\n"", aacFileName, dec_length, length/dec_length); } return 0; }",visit repo url,frontend/main.c,https://github.com/knik0/faad2,190453294800082,1 2230,NVD-CWE-noinfo,"static int can_open_cached(struct nfs4_state *state, int mode) { int ret = 0; switch (mode & (FMODE_READ|FMODE_WRITE|O_EXCL)) { case FMODE_READ: ret |= test_bit(NFS_O_RDONLY_STATE, &state->flags) != 0; break; case FMODE_WRITE: ret |= test_bit(NFS_O_WRONLY_STATE, &state->flags) != 0; break; case FMODE_READ|FMODE_WRITE: ret |= test_bit(NFS_O_RDWR_STATE, &state->flags) != 0; } return ret; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,6307311740227,1 4963,CWE-787,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 4532,CWE-122,"GF_Err gf_isom_box_parse_ex(GF_Box **outBox, GF_BitStream *bs, u32 parent_type, Bool is_root_box, u64 parent_size) { u32 type, uuid_type, hdr_size, restore_type; u64 size, start, comp_start, end; char uuid[16]; GF_Err e; GF_BitStream *uncomp_bs = NULL; u8 *uncomp_data = NULL; u32 compressed_size=0; GF_Box *newBox; Bool skip_logs = (gf_bs_get_cookie(bs) & GF_ISOM_BS_COOKIE_NO_LOGS ) ? GF_TRUE : GF_FALSE; Bool is_special = GF_TRUE; if ((bs == NULL) || (outBox == NULL) ) return GF_BAD_PARAM; *outBox = NULL; if (gf_bs_available(bs) < 8) { return GF_ISOM_INCOMPLETE_FILE; } comp_start = start = gf_bs_get_position(bs); uuid_type = 0; size = (u64) gf_bs_read_u32(bs); hdr_size = 4; if ((size >= 2) && (size <= 4)) { size = 4; type = GF_ISOM_BOX_TYPE_VOID; } else { type = gf_bs_read_u32(bs); hdr_size += 4; if (type == GF_ISOM_BOX_TYPE_TOTL) size = 12; if (!size) { if (is_root_box) { if (!skip_logs) { GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Warning Read Box type %s (0x%08X) size 0 reading till the end of file\n"", gf_4cc_to_str(type), type)); } size = gf_bs_available(bs) + 8; } else { if (!skip_logs) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Read Box type %s (0x%08X) at position ""LLU"" has size 0 but is not at root/file level. Forbidden, skipping end of parent box !\n"", gf_4cc_to_str(type), type, start)); return GF_SKIP_BOX; } return GF_OK; } } if (is_root_box && (size>=8)) { Bool do_uncompress = GF_FALSE; u8 *compb = NULL; u32 osize = 0; u32 otype = type; if (type==GF_4CC('!', 'm', 'o', 'f')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_MOOF; } else if (type==GF_4CC('!', 'm', 'o', 'v')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_MOOV; } else if (type==GF_4CC('!', 's', 'i', 'x')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_SIDX; } else if (type==GF_4CC('!', 's', 's', 'x')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_SSIX; } if (do_uncompress) { compb = gf_malloc((u32) (size-8)); if (!compb) return GF_OUT_OF_MEM; compressed_size = (u32) (size - 8); gf_bs_read_data(bs, compb, compressed_size); e = gf_gz_decompress_payload(compb, compressed_size, &uncomp_data, &osize); if (e) { gf_free(compb); GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Failed to uncompress payload for box type %s (0x%08X)\n"", gf_4cc_to_str(otype), otype)); return e; } size = osize + 8; uncomp_bs = gf_bs_new(uncomp_data, osize, GF_BITSTREAM_READ); bs = uncomp_bs; start = 0; gf_free(compb); } } } #define ERR_EXIT(_e) { \ if (uncomp_bs) {\ gf_free(uncomp_data);\ gf_bs_del(uncomp_bs); \ }\ return _e;\ } memset(uuid, 0, 16); if (type == GF_ISOM_BOX_TYPE_UUID ) { if (gf_bs_available(bs) < 16) { ERR_EXIT(GF_ISOM_INCOMPLETE_FILE); } gf_bs_read_data(bs, uuid, 16); hdr_size += 16; uuid_type = gf_isom_solve_uuid_box(uuid); } if (size == 1) { if (gf_bs_available(bs) < 8) { ERR_EXIT(GF_ISOM_INCOMPLETE_FILE); } size = gf_bs_read_u64(bs); hdr_size += 8; } if (!skip_logs) GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Read Box type %s size ""LLD"" start ""LLD""\n"", gf_4cc_to_str(type), size, start)); if ( size < hdr_size ) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Box %s size ""LLD"" less than box header size %d\n"", gf_4cc_to_str(type), size, hdr_size)); ERR_EXIT(GF_ISOM_INVALID_FILE); } if (parent_size && (parent_sizereference_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_IREF)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_REFI); if (!newBox) ERR_EXIT(GF_OUT_OF_MEM); ((GF_ItemReferenceTypeBox*)newBox)->reference_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_TRGR)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_TRGT); if (!newBox) ERR_EXIT(GF_OUT_OF_MEM); ((GF_TrackGroupTypeBox*)newBox)->group_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_GRPL)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_GRPT); if (!newBox) ERR_EXIT(GF_OUT_OF_MEM); ((GF_EntityToGroupTypeBox*)newBox)->grouping_type = type; } else { is_special = GF_FALSE; newBox = gf_isom_box_new_ex(uuid_type ? uuid_type : type, parent_type, skip_logs, is_root_box); if (!newBox) ERR_EXIT(GF_OUT_OF_MEM); } if (type==GF_ISOM_BOX_TYPE_UUID && !is_special) { memcpy(((GF_UUIDBox *)newBox)->uuid, uuid, 16); ((GF_UUIDBox *)newBox)->internal_4cc = uuid_type; } if (!newBox->type) newBox->type = type; if (restore_type) newBox->type = restore_type; end = gf_bs_available(bs); if (size - hdr_size > end ) { newBox->size = size - hdr_size - end; *outBox = newBox; ERR_EXIT(GF_ISOM_INCOMPLETE_FILE); } newBox->size = size - hdr_size; e = gf_isom_full_box_read(newBox, bs); if (!e) e = gf_isom_box_read(newBox, bs); if (e) { if (gf_opts_get_bool(""core"", ""no-check"")) e = GF_OK; } newBox->size = size; end = gf_bs_get_position(bs); if (uncomp_bs) { gf_free(uncomp_data); gf_bs_del(uncomp_bs); if (e) { gf_isom_box_del(newBox); *outBox = NULL; return e; } size -= 8; if (type==GF_ISOM_BOX_TYPE_MOOF) { ((GF_MovieFragmentBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; } else if (type==GF_ISOM_BOX_TYPE_MOOV) { ((GF_MovieBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; ((GF_MovieBox *)newBox)->file_offset = comp_start; } else if (type==GF_ISOM_BOX_TYPE_SIDX) { ((GF_SegmentIndexBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; } else if (type==GF_ISOM_BOX_TYPE_SSIX) { ((GF_SubsegmentIndexBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; } newBox->internal_flags = GF_ISOM_BOX_COMPRESSED; } if (e && (e != GF_ISOM_INCOMPLETE_FILE)) { gf_isom_box_del(newBox); *outBox = NULL; if (is_root_box && (e==GF_SKIP_BOX)) e = GF_ISOM_INVALID_FILE; if (!skip_logs && (e!=GF_SKIP_BOX)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Read Box \""%s\"" (start ""LLU"") failed (%s) - skipping\n"", gf_4cc_to_str(type), start, gf_error_to_string(e))); } return e; } if (end-start > size) { if (!skip_logs) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Box \""%s\"" size ""LLU"" (start ""LLU"") invalid (read ""LLU"")\n"", gf_4cc_to_str(type), size, start, (end-start) )); } gf_bs_seek(bs, start+size); } else if (end-start < size) { u32 to_skip = (u32) (size-(end-start)); if (!skip_logs) { if ((to_skip!=4) || gf_bs_peek_bits(bs, 32, 0)) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Box \""%s\"" (start ""LLU"") has %u extra bytes\n"", gf_4cc_to_str(type), start, to_skip)); unused_bytes += to_skip; } } gf_bs_skip_bytes(bs, to_skip); } *outBox = newBox; return e; }",visit repo url,src/isomedia/box_funcs.c,https://github.com/gpac/gpac,171349486273478,1 2533,['CWE-119'],"static void setup_diff_attr_check(struct git_attr_check *check) { static struct git_attr *attr_diff; if (!attr_diff) { attr_diff = git_attr(""diff"", 4); } check[0].attr = attr_diff; }",git,,,133147810122987398249546547092325580276,0 4514,['CWE-20'],"struct dentry *ext4_get_parent(struct dentry *child) { __u32 ino; struct inode *inode; static const struct qstr dotdot = { .name = "".."", .len = 2, }; struct ext4_dir_entry_2 * de; struct buffer_head *bh; bh = ext4_find_entry(child->d_inode, &dotdot, &de); inode = NULL; if (!bh) return ERR_PTR(-ENOENT); ino = le32_to_cpu(de->inode); brelse(bh); if (!ext4_valid_inum(child->d_inode->i_sb, ino)) { ext4_error(child->d_inode->i_sb, ""ext4_get_parent"", ""bad inode number: %u"", ino); return ERR_PTR(-EIO); } return d_obtain_alias(ext4_iget(child->d_inode->i_sb, ino)); }",linux-2.6,,,220149981058174525910361268454394545341,0 1085,['CWE-20'],"int register_reboot_notifier(struct notifier_block * nb) { return blocking_notifier_chain_register(&reboot_notifier_list, nb); }",linux-2.6,,,8350201037623848643839331259445678014,0 4672,CWE-125,"GF_Err hdlr_dump(GF_Box *a, FILE * trace) { GF_HandlerBox *p = (GF_HandlerBox *)a; gf_isom_box_dump_start(a, ""HandlerBox"", trace); if (p->nameUTF8 && (u32) p->nameUTF8[0] == strlen(p->nameUTF8+1)) { fprintf(trace, ""hdlrType=\""%s\"" Name=\""%s\"" "", gf_4cc_to_str(p->handlerType), p->nameUTF8+1); } else { fprintf(trace, ""hdlrType=\""%s\"" Name=\""%s\"" "", gf_4cc_to_str(p->handlerType), p->nameUTF8); } fprintf(trace, ""reserved1=\""%d\"" reserved2=\"""", p->reserved1); dump_data(trace, (char *) p->reserved2, 12); fprintf(trace, ""\""""); fprintf(trace, "">\n""); gf_isom_box_dump_done(""HandlerBox"", a, trace); return GF_OK; }",visit repo url,src/isomedia/box_dump.c,https://github.com/gpac/gpac,57636778762252,1 5115,['CWE-20'],"static void update_tpr_threshold(struct kvm_vcpu *vcpu) { int max_irr, tpr; if (!vm_need_tpr_shadow(vcpu->kvm)) return; if (!kvm_lapic_enabled(vcpu) || ((max_irr = kvm_lapic_find_highest_irr(vcpu)) == -1)) { vmcs_write32(TPR_THRESHOLD, 0); return; } tpr = (kvm_lapic_get_cr8(vcpu) & 0x0f) << 4; vmcs_write32(TPR_THRESHOLD, (max_irr > tpr) ? tpr >> 4 : max_irr >> 4); }",linux-2.6,,,300178069395682304159535297112604150898,0 6588,CWE-787,"static RzList *symbols(RzBinFile *bf) { if (!bf) { return NULL; } LuacBinInfo *bin_info_obj = GET_INTERNAL_BIN_INFO_OBJ(bf); if (!bin_info_obj) { return NULL; } return bin_info_obj->symbol_list; }",visit repo url,librz/bin/p/bin_luac.c,https://github.com/rizinorg/rizin,116353863989792,1 5160,CWE-125,"builtin_compile_impl(PyObject *module, PyObject *source, PyObject *filename, const char *mode, int flags, int dont_inherit, int optimize) { PyObject *source_copy; const char *str; int compile_mode = -1; int is_ast; PyCompilerFlags cf; int start[] = {Py_file_input, Py_eval_input, Py_single_input}; PyObject *result; cf.cf_flags = flags | PyCF_SOURCE_IS_UTF8; if (flags & ~(PyCF_MASK | PyCF_MASK_OBSOLETE | PyCF_DONT_IMPLY_DEDENT | PyCF_ONLY_AST)) { PyErr_SetString(PyExc_ValueError, ""compile(): unrecognised flags""); goto error; } if (optimize < -1 || optimize > 2) { PyErr_SetString(PyExc_ValueError, ""compile(): invalid optimize value""); goto error; } if (!dont_inherit) { PyEval_MergeCompilerFlags(&cf); } if (strcmp(mode, ""exec"") == 0) compile_mode = 0; else if (strcmp(mode, ""eval"") == 0) compile_mode = 1; else if (strcmp(mode, ""single"") == 0) compile_mode = 2; else { PyErr_SetString(PyExc_ValueError, ""compile() mode must be 'exec', 'eval' or 'single'""); goto error; } is_ast = PyAST_Check(source); if (is_ast == -1) goto error; if (is_ast) { if (flags & PyCF_ONLY_AST) { Py_INCREF(source); result = source; } else { PyArena *arena; mod_ty mod; arena = PyArena_New(); if (arena == NULL) goto error; mod = PyAST_obj2mod(source, arena, compile_mode); if (mod == NULL) { PyArena_Free(arena); goto error; } if (!PyAST_Validate(mod)) { PyArena_Free(arena); goto error; } result = (PyObject*)PyAST_CompileObject(mod, filename, &cf, optimize, arena); PyArena_Free(arena); } goto finally; } str = source_as_string(source, ""compile"", ""string, bytes or AST"", &cf, &source_copy); if (str == NULL) goto error; result = Py_CompileStringObject(str, filename, start[compile_mode], &cf, optimize); Py_XDECREF(source_copy); goto finally; error: result = NULL; finally: Py_DECREF(filename); return result; }",visit repo url,Python/bltinmodule.c,https://github.com/python/cpython,12353106264337,1 6439,CWE-20,"error_t httpClientSetMethod(HttpClientContext *context, const char_t *method) { size_t m; size_t n; char_t *p; if(context == NULL || method == NULL) return ERROR_INVALID_PARAMETER; n = osStrlen(method); if(n == 0 || n > HTTP_CLIENT_MAX_METHOD_LEN) return ERROR_INVALID_LENGTH; if(context->bufferLen > HTTP_CLIENT_BUFFER_SIZE) return ERROR_INVALID_SYNTAX; context->buffer[context->bufferLen] = '\0'; p = strchr(context->buffer, ' '); if(p == NULL) return ERROR_INVALID_SYNTAX; m = p - context->buffer; if((context->bufferLen + n - m) > HTTP_CLIENT_BUFFER_SIZE) return ERROR_BUFFER_OVERFLOW; osMemmove(context->buffer + n, p, context->bufferLen + 1 - m); osStrncpy(context->buffer, method, n); context->bufferLen = context->bufferLen + n - m; osStrcpy(context->method, method); return NO_ERROR; }",visit repo url,http/http_client.c,https://github.com/Oryx-Embedded/CycloneTCP,131349206766021,1 831,['CWE-119'],"isdn_readbchan(int di, int channel, u_char * buf, u_char * fp, int len, wait_queue_head_t *sleep) { int count; int count_pull; int count_put; int dflag; struct sk_buff *skb; u_char *cp; if (!dev->drv[di]) return 0; if (skb_queue_empty(&dev->drv[di]->rpqueue[channel])) { if (sleep) interruptible_sleep_on(sleep); else return 0; } if (len > dev->drv[di]->rcvcount[channel]) len = dev->drv[di]->rcvcount[channel]; cp = buf; count = 0; while (len) { if (!(skb = skb_peek(&dev->drv[di]->rpqueue[channel]))) break; #ifdef CONFIG_ISDN_AUDIO if (ISDN_AUDIO_SKB_LOCK(skb)) break; ISDN_AUDIO_SKB_LOCK(skb) = 1; if ((ISDN_AUDIO_SKB_DLECOUNT(skb)) || (dev->drv[di]->DLEflag & (1 << channel))) { char *p = skb->data; unsigned long DLEmask = (1 << channel); dflag = 0; count_pull = count_put = 0; while ((count_pull < skb->len) && (len > 0)) { len--; if (dev->drv[di]->DLEflag & DLEmask) { *cp++ = DLE; dev->drv[di]->DLEflag &= ~DLEmask; } else { *cp++ = *p; if (*p == DLE) { dev->drv[di]->DLEflag |= DLEmask; (ISDN_AUDIO_SKB_DLECOUNT(skb))--; } p++; count_pull++; } count_put++; } if (count_pull >= skb->len) dflag = 1; } else { #endif dflag = 1; if ((count_pull = skb->len) > len) { count_pull = len; dflag = 0; } count_put = count_pull; skb_copy_from_linear_data(skb, cp, count_put); cp += count_put; len -= count_put; #ifdef CONFIG_ISDN_AUDIO } #endif count += count_put; if (fp) { memset(fp, 0, count_put); fp += count_put; } if (dflag) { if (fp) *(fp - 1) = 0xff; #ifdef CONFIG_ISDN_AUDIO ISDN_AUDIO_SKB_LOCK(skb) = 0; #endif skb = skb_dequeue(&dev->drv[di]->rpqueue[channel]); dev_kfree_skb(skb); } else { skb_pull(skb, count_pull); #ifdef CONFIG_ISDN_AUDIO ISDN_AUDIO_SKB_LOCK(skb) = 0; #endif } dev->drv[di]->rcvcount[channel] -= count_put; } return count; }",linux-2.6,,,265386193835805913467498898279565601142,0 287,CWE-119,"static int atusb_get_and_show_revision(struct atusb *atusb) { struct usb_device *usb_dev = atusb->usb_dev; unsigned char buffer[3]; int ret; ret = atusb_control_msg(atusb, usb_rcvctrlpipe(usb_dev, 0), ATUSB_ID, ATUSB_REQ_FROM_DEV, 0, 0, buffer, 3, 1000); if (ret >= 0) { atusb->fw_ver_maj = buffer[0]; atusb->fw_ver_min = buffer[1]; atusb->fw_hw_type = buffer[2]; dev_info(&usb_dev->dev, ""Firmware: major: %u, minor: %u, hardware type: %u\n"", atusb->fw_ver_maj, atusb->fw_ver_min, atusb->fw_hw_type); } if (atusb->fw_ver_maj == 0 && atusb->fw_ver_min < 2) { dev_info(&usb_dev->dev, ""Firmware version (%u.%u) predates our first public release."", atusb->fw_ver_maj, atusb->fw_ver_min); dev_info(&usb_dev->dev, ""Please update to version 0.2 or newer""); } return ret; }",visit repo url,drivers/net/ieee802154/atusb.c,https://github.com/torvalds/linux,190819207196680,1 2225,NVD-CWE-noinfo,"static void nfs4_open_prepare(struct rpc_task *task, void *calldata) { struct nfs4_opendata *data = calldata; struct nfs4_state_owner *sp = data->owner; if (nfs_wait_on_sequence(data->o_arg.seqid, task) != 0) return; if (data->state != NULL) { struct nfs_delegation *delegation; if (can_open_cached(data->state, data->o_arg.open_flags & (FMODE_READ|FMODE_WRITE|O_EXCL))) goto out_no_action; rcu_read_lock(); delegation = rcu_dereference(NFS_I(data->state->inode)->delegation); if (delegation != NULL && test_bit(NFS_DELEGATION_NEED_RECLAIM, &delegation->flags) == 0) { rcu_read_unlock(); goto out_no_action; } rcu_read_unlock(); } data->o_arg.id = sp->so_owner_id.id; data->o_arg.clientid = sp->so_client->cl_clientid; if (data->o_arg.claim == NFS4_OPEN_CLAIM_PREVIOUS) { task->tk_msg.rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_OPEN_NOATTR]; nfs_copy_fh(&data->o_res.fh, data->o_arg.fh); } data->timestamp = jiffies; rpc_call_start(task); return; out_no_action: task->tk_action = NULL; }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,267950505199349,1 4745,['CWE-20'],"__acquires(bitlock) { va_list args; struct ext4_super_block *es = EXT4_SB(sb)->s_es; va_start(args, fmt); printk(KERN_CRIT ""EXT4-fs error (device %s): %s: "", sb->s_id, function); vprintk(fmt, args); printk(""\n""); va_end(args); if (test_opt(sb, ERRORS_CONT)) { EXT4_SB(sb)->s_mount_state |= EXT4_ERROR_FS; es->s_state |= cpu_to_le16(EXT4_ERROR_FS); ext4_commit_super(sb, es, 0); return; } ext4_unlock_group(sb, grp); ext4_handle_error(sb); ext4_lock_group(sb, grp); return; }",linux-2.6,,,183762988912586061415970796063132813572,0 306,[],"static int ppp_gidle(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ppp_idle __user *idle; struct ppp_idle32 __user *idle32; __kernel_time_t xmit, recv; int err; idle = compat_alloc_user_space(sizeof(*idle)); idle32 = compat_ptr(arg); err = sys_ioctl(fd, PPPIOCGIDLE, (unsigned long) idle); if (!err) { if (get_user(xmit, &idle->xmit_idle) || get_user(recv, &idle->recv_idle) || put_user(xmit, &idle32->xmit_idle) || put_user(recv, &idle32->recv_idle)) err = -EFAULT; } return err; }",linux-2.6,,,55498477334416909669723383400723447226,0 5318,['CWE-119'],"static unsigned int addr_hash_test(const u32 *mask, const u8 *addr) { int n = ether_crc(ETH_ALEN, addr) >> 26; return mask[n >> 5] & (1 << (n & 31)); }",linux-2.6,,,120696510113837450675103132877383326653,0 2925,CWE-310,"static size_t hash_str(const void *ptr) { const char *str = (const char *)ptr; size_t hash = 5381; size_t c; while((c = (size_t)*str)) { hash = ((hash << 5) + hash) + c; str++; } return hash; }",visit repo url,src/hashtable.c,https://github.com/akheron/jansson,184351944574209,1 1448,CWE-269,"struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask) { struct crypto_alg *alg; if (!name) return ERR_PTR(-ENOENT); mask &= ~(CRYPTO_ALG_LARVAL | CRYPTO_ALG_DEAD); type &= mask; alg = crypto_alg_lookup(name, type, mask); if (!alg) { request_module(""%s"", name); if (!((type ^ CRYPTO_ALG_NEED_FALLBACK) & mask & CRYPTO_ALG_NEED_FALLBACK)) request_module(""%s-all"", name); alg = crypto_alg_lookup(name, type, mask); } if (alg) return crypto_is_larval(alg) ? crypto_larval_wait(alg) : alg; return crypto_larval_add(name, type, mask); }",visit repo url,crypto/api.c,https://github.com/torvalds/linux,276655260452305,1 4300,['CWE-264'],"static int copy_sighand(unsigned long clone_flags, struct task_struct *tsk) { struct sighand_struct *sig; if (clone_flags & CLONE_SIGHAND) { atomic_inc(¤t->sighand->count); return 0; } sig = kmem_cache_alloc(sighand_cachep, GFP_KERNEL); rcu_assign_pointer(tsk->sighand, sig); if (!sig) return -ENOMEM; atomic_set(&sig->count, 1); memcpy(sig->action, current->sighand->action, sizeof(sig->action)); return 0; }",linux-2.6,,,323823915917350526165196792052120399799,0 2490,CWE-704,"void xgroupCommand(client *c) { const char *help[] = { ""CREATE -- Create a new consumer group."", ""SETID -- Set the current group ID."", ""DELGROUP -- Remove the specified group."", ""DELCONSUMER -- Remove the specified conusmer."", ""HELP -- Prints this help."", NULL }; stream *s = NULL; sds grpname = NULL; streamCG *cg = NULL; char *opt = c->argv[1]->ptr; if (c->argc >= 4) { robj *o = lookupKeyWriteOrReply(c,c->argv[2],shared.nokeyerr); if (o == NULL) return; s = o->ptr; grpname = c->argv[3]->ptr; if ((cg = streamLookupCG(s,grpname)) == NULL && (!strcasecmp(opt,""SETID"") || !strcasecmp(opt,""DELCONSUMER""))) { addReplyErrorFormat(c, ""-NOGROUP No such consumer group '%s' "" ""for key name '%s'"", (char*)grpname, (char*)c->argv[2]->ptr); return; } } if (!strcasecmp(opt,""CREATE"") && c->argc == 5) { streamID id; if (!strcmp(c->argv[4]->ptr,""$"")) { id = s->last_id; } else if (streamParseIDOrReply(c,c->argv[4],&id,0) != C_OK) { return; } streamCG *cg = streamCreateCG(s,grpname,sdslen(grpname),&id); if (cg) { addReply(c,shared.ok); server.dirty++; } else { addReplySds(c, sdsnew(""-BUSYGROUP Consumer Group name already exists\r\n"")); } } else if (!strcasecmp(opt,""SETID"") && c->argc == 5) { streamID id; if (!strcmp(c->argv[4]->ptr,""$"")) { id = s->last_id; } else if (streamParseIDOrReply(c,c->argv[4],&id,0) != C_OK) { return; } cg->last_id = id; addReply(c,shared.ok); } else if (!strcasecmp(opt,""DESTROY"") && c->argc == 4) { if (cg) { raxRemove(s->cgroups,(unsigned char*)grpname,sdslen(grpname),NULL); streamFreeCG(cg); addReply(c,shared.cone); } else { addReply(c,shared.czero); } } else if (!strcasecmp(opt,""DELCONSUMER"") && c->argc == 5) { long long pending = streamDelConsumer(cg,c->argv[4]->ptr); addReplyLongLong(c,pending); server.dirty++; } else if (!strcasecmp(opt,""HELP"")) { addReplyHelp(c, help); } else { addReply(c,shared.syntaxerr); } }",visit repo url,src/t_stream.c,https://github.com/antirez/redis,220248666633890,1 408,CWE-125,"static irqreturn_t snd_msnd_interrupt(int irq, void *dev_id) { struct snd_msnd *chip = dev_id; void *pwDSPQData = chip->mappedbase + DSPQ_DATA_BUFF; while (readw(chip->DSPQ + JQS_wTail) != readw(chip->DSPQ + JQS_wHead)) { u16 wTmp; snd_msnd_eval_dsp_msg(chip, readw(pwDSPQData + 2 * readw(chip->DSPQ + JQS_wHead))); wTmp = readw(chip->DSPQ + JQS_wHead) + 1; if (wTmp > readw(chip->DSPQ + JQS_wSize)) writew(0, chip->DSPQ + JQS_wHead); else writew(wTmp, chip->DSPQ + JQS_wHead); } inb(chip->io + HP_RXL); return IRQ_HANDLED; }",visit repo url,sound/isa/msnd/msnd_pinnacle.c,https://github.com/torvalds/linux,174045699285414,1 4316,CWE-125,"static bool init_ehdr(ELFOBJ *bin) { ut8 e_ident[EI_NIDENT]; ut8 ehdr[sizeof (Elf_(Ehdr))] = {0}; int i, len; if (r_buf_read_at (bin->b, 0, e_ident, EI_NIDENT) == -1) { R_LOG_ERROR (""read (magic)""); return false; } sdb_set (bin->kv, ""elf_type.cparse"", ""enum elf_type { ET_NONE=0, ET_REL=1,"" "" ET_EXEC=2, ET_DYN=3, ET_CORE=4, ET_LOOS=0xfe00, ET_HIOS=0xfeff,"" "" ET_LOPROC=0xff00, ET_HIPROC=0xffff };"", 0); sdb_set (bin->kv, ""elf_machine.cparse"", ""enum elf_machine {EM_NONE=0, EM_M32=1,"" "" EM_SPARC=2, EM_386=3, EM_68K=4, EM_88K=5, EM_IAMCU=6, EM_860=7, EM_MIPS=8,"" "" EM_S370=9, EM_MIPS_RS3_LE=10, EM_RS6000=11, EM_PARISC=15, EM_nCUBE=16,"" "" EM_VPP500=17, EM_SPARC32PLUS=18, EM_960=19, EM_PPC=20, EM_PPC64=21, EM_S390=22,"" "" EM_SPU=23, EM_V800=36, EM_FR20=37, EM_RH32=38, EM_RCE=39, EM_ARM=40,"" "" EM_ALPHA=41, EM_SH=42, EM_SPARCV9=43, EM_TRICORE=44, EM_ARC=45, EM_H8_300=46,"" "" EM_H8_300H=47, EM_H8S=48, EM_H8_500=49, EM_IA_64=50, EM_MIPS_X=51,"" "" EM_COLDFIRE=52, EM_68HC12=53, EM_MMA=54, EM_PCP=55, EM_NCPU=56, EM_NDR1=57,"" "" EM_STARCORE=58, EM_ME16=59, EM_ST100=60, EM_TINYJ=61, EM_X86_64=62, EM_PDSP=63,"" "" EM_PDP10=64, EM_PDP11=65, EM_FX66=66, EM_ST9PLUS=67, EM_ST7=68, EM_68HC16=69,"" "" EM_68HC11=70, EM_68HC08=71, EM_68HC05=72, EM_SVX=73, EM_ST19=74, EM_VAX=75,"" "" EM_CRIS=76, EM_JAVELIN=77, EM_FIREPATH=78, EM_ZSP=79, EM_MMIX=80, EM_HUANY=81,"" "" EM_PRISM=82, EM_AVR=83, EM_FR30=84, EM_D10V=85, EM_D30V=86, EM_V850=87,"" "" EM_M32R=88, EM_MN10300=89, EM_MN10200=90, EM_PJ=91, EM_OPENRISC=92,"" "" EM_ARC_COMPACT=93, EM_XTENSA=94, EM_VIDEOCORE=95, EM_TMM_GPP=96, EM_NS32K=97,"" "" EM_TPC=98, EM_SNP1K=99, EM_ST200=100, EM_IP2K=101, EM_MAX=102, EM_CR=103,"" "" EM_F2MC16=104, EM_MSP430=105, EM_BLACKFIN=106, EM_SE_C33=107, EM_SEP=108,"" "" EM_ARCA=109, EM_UNICORE=110, EM_EXCESS=111, EM_DXP=112, EM_ALTERA_NIOS2=113,"" "" EM_CRX=114, EM_XGATE=115, EM_C166=116, EM_M16C=117, EM_DSPIC30F=118, EM_CE=119,"" "" EM_M32C=120, EM_TSK3000=131, EM_RS08=132, EM_SHARC=133, EM_ECOG2=134,"" "" EM_SCORE7=135, EM_DSP24=136, EM_VIDEOCORE3=137, EM_LATTICEMICO32=138,"" "" EM_SE_C17=139, EM_TI_C6000=140, EM_TI_C2000=141, EM_TI_C5500=142,"" "" EM_TI_ARP32=143, EM_TI_PRU=144,"" "" EM_MMDSP_PLUS=160, EM_CYPRESS_M8C=161, EM_R32C=162, EM_TRIMEDIA=163,"" "" EM_QDSP6=164, EM_8051=165, EM_STXP7X=166, EM_NDS32=167,"" "" EM_ECOG1X=168, EM_MAXQ30=169, EM_XIMO16=170, EM_MANIK=171, EM_CRAYNV2=172,"" "" EM_RX=173, EM_METAG=174, EM_MCST_ELBRUS=175, EM_ECOG16=176, EM_CR16=177,"" "" EM_ETPU=178, EM_SLE9X=179, EM_L10M=180, EM_K10M=181, EM_AARCH64=183,"" "" EM_AVR32=185, EM_STM8=186, EM_TILE64=187, EM_TILEPRO=188, EM_CUDA=190,"" "" EM_TILEGX=191, EM_CLOUDSHIELD=192, EM_COREA_1ST=193, EM_COREA_2ND=194,"" "" EM_ARC_COMPACT2=195, EM_OPEN8=196, EM_RL78=197, EM_VIDEOCORE5=198,"" "" EM_78KOR=199, EM_56800EX=200, EM_BA1=201, EM_BA2=202, EM_XCORE=203,"" "" EM_MCHP_PIC=204, EM_INTEL205=205, EM_INTEL206=206, EM_INTEL207=207,"" "" EM_INTEL208=208, EM_INTEL209=209, EM_KM32=210, EM_KMX32=211, EM_KMX16=212,"" "" EM_KMX8=213, EM_KVARC=214, EM_CDP=215, EM_COGE=216, EM_COOL=217, EM_NORC=218,"" "" EM_CSR_KALIMBA=219, EM_AMDGPU=224, EM_RISCV=243, EM_LANAI=244, EM_BPF=247,"" "" EM_CSKY=252, EM_KVX=256, EM_LOONGARCH=258}"", 0); sdb_set (bin->kv, ""elf_class.cparse"", ""enum elf_class {ELFCLASSNONE=0, ELFCLASS32=1, ELFCLASS64=2};"", 0); sdb_set (bin->kv, ""elf_data.cparse"", ""enum elf_data {ELFDATANONE=0, ELFDATA2LSB=1, ELFDATA2MSB=2};"", 0); sdb_set (bin->kv, ""elf_hdr_version.cparse"", ""enum elf_hdr_version {EV_NONE=0, EV_CURRENT=1};"", 0); sdb_set (bin->kv, ""elf_obj_version.cparse"", ""enum elf_obj_version {EV_NONE=0, EV_CURRENT=1};"", 0); sdb_num_set (bin->kv, ""elf_header.offset"", 0, 0); sdb_num_set (bin->kv, ""elf_header.size"", sizeof (Elf_(Ehdr)), 0); sdb_set (bin->kv, ""elf_ident.format"", ""[4]z[1]E[1]E[1]E.::"" "" magic (elf_class)class (elf_data)data (elf_hdr_version)version"", 0); #if R_BIN_ELF64 sdb_set (bin->kv, ""elf_header.format"", ""?[2]E[2]E[4]EqqqxN2N2N2N2N2N2"" "" (elf_ident)ident (elf_type)type (elf_machine)machine (elf_obj_version)version"" "" entry phoff shoff flags ehsize phentsize phnum shentsize shnum shstrndx"", 0); #else sdb_set (bin->kv, ""elf_header.format"", ""?[2]E[2]E[4]ExxxxN2N2N2N2N2N2"" "" (elf_ident)ident (elf_type)type (elf_machine)machine (elf_obj_version)version"" "" entry phoff shoff flags ehsize phentsize phnum shentsize shnum shstrndx"", 0); #endif bin->endian = (e_ident[EI_DATA] == ELFDATA2MSB)? 1: 0; memset (&bin->ehdr, 0, sizeof (Elf_(Ehdr))); len = r_buf_read_at (bin->b, 0, ehdr, sizeof (ehdr)); if (len < 32) { R_LOG_ERROR (""read (ehdr)""); return false; } memcpy (&bin->ehdr.e_ident, ehdr, 16); if (!__is_valid_ident (bin)) { return false; } i = 16; bin->ehdr.e_type = READ16 (ehdr, i); bin->ehdr.e_machine = READ16 (ehdr, i); bin->ehdr.e_version = READ32 (ehdr, i); #if R_BIN_ELF64 bin->ehdr.e_entry = READ64 (ehdr, i); bin->ehdr.e_phoff = READ64 (ehdr, i); bin->ehdr.e_shoff = READ64 (ehdr, i); #else bin->ehdr.e_entry = READ32 (ehdr, i); bin->ehdr.e_phoff = READ32 (ehdr, i); bin->ehdr.e_shoff = READ32 (ehdr, i); #endif bin->ehdr.e_flags = READ32 (ehdr, i); bin->ehdr.e_ehsize = READ16 (ehdr, i); bin->ehdr.e_phentsize = READ16 (ehdr, i); bin->ehdr.e_phnum = READ16 (ehdr, i); bin->ehdr.e_shentsize = READ16 (ehdr, i); bin->ehdr.e_shnum = READ16 (ehdr, i); bin->ehdr.e_shstrndx = READ16 (ehdr, i); return true; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radareorg/radare2,50325084870456,1 3941,CWE-476,"static int resize(int new_rows, int new_cols, VTermPos *delta, void *user) { VTermScreen *screen = user; int is_altscreen = (screen->buffers[1] && screen->buffer == screen->buffers[1]); int old_rows = screen->rows; int old_cols = screen->cols; int first_blank_row; if(!is_altscreen && new_rows < old_rows) { VTermPos pos = { 0, 0 }; VTermPos cursor = screen->state->pos; for(pos.row = old_rows - 1; pos.row >= new_rows; pos.row--) if(!vterm_screen_is_eol(screen, pos) || cursor.row == pos.row) break; first_blank_row = pos.row + 1; if(first_blank_row > new_rows) { VTermRect rect = {0,0,0,0}; rect.end_row = old_rows; rect.end_col = old_cols; scrollrect(rect, first_blank_row - new_rows, 0, user); vterm_screen_flush_damage(screen); delta->row -= first_blank_row - new_rows; } } screen->buffers[0] = realloc_buffer(screen, screen->buffers[0], new_rows, new_cols); if(screen->buffers[1]) screen->buffers[1] = realloc_buffer(screen, screen->buffers[1], new_rows, new_cols); screen->buffer = is_altscreen ? screen->buffers[1] : screen->buffers[0]; screen->rows = new_rows; screen->cols = new_cols; if(screen->sb_buffer) vterm_allocator_free(screen->vt, screen->sb_buffer); screen->sb_buffer = vterm_allocator_malloc(screen->vt, sizeof(VTermScreenCell) * new_cols); if(new_cols > old_cols) { VTermRect rect; rect.start_row = 0; rect.end_row = old_rows; rect.start_col = old_cols; rect.end_col = new_cols; damagerect(screen, rect); } if(new_rows > old_rows) { if(!is_altscreen && screen->callbacks && screen->callbacks->sb_popline) { int rows = new_rows - old_rows; while(rows) { VTermRect rect = {0,0,0,0}; VTermPos pos = { 0, 0 }; if(!(screen->callbacks->sb_popline(screen->cols, screen->sb_buffer, screen->cbdata))) break; rect.end_row = screen->rows; rect.end_col = screen->cols; scrollrect(rect, -1, 0, user); for(pos.col = 0; pos.col < screen->cols; pos.col += screen->sb_buffer[pos.col].width) vterm_screen_set_cell(screen, pos, screen->sb_buffer + pos.col); rect.end_row = 1; damagerect(screen, rect); vterm_screen_flush_damage(screen); rows--; delta->row++; } } { VTermRect rect; rect.start_row = old_rows; rect.end_row = new_rows; rect.start_col = 0; rect.end_col = new_cols; damagerect(screen, rect); } } if(screen->callbacks && screen->callbacks->resize) return (*screen->callbacks->resize)(new_rows, new_cols, screen->cbdata); return 1; }",visit repo url,src/libvterm/src/termscreen.c,https://github.com/vim/vim,82689684176740,1 1765,CWE-119,"check_entry_size_and_hooks(struct ipt_entry *e, struct xt_table_info *newinfo, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks) { unsigned int h; int err; if ((unsigned long)e % __alignof__(struct ipt_entry) != 0 || (unsigned char *)e + sizeof(struct ipt_entry) >= limit || (unsigned char *)e + e->next_offset > limit) { duprintf(""Bad offset %p\n"", e); return -EINVAL; } if (e->next_offset < sizeof(struct ipt_entry) + sizeof(struct xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } err = check_entry(e); if (err) return err; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if (!(valid_hooks & (1 << h))) continue; if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) { if (!check_underflow(e)) { pr_err(""Underflows must be unconditional and "" ""use the STANDARD target with "" ""ACCEPT/DROP\n""); return -EINVAL; } newinfo->underflow[h] = underflows[h]; } } e->counters = ((struct xt_counters) { 0, 0 }); e->comefrom = 0; return 0; }",visit repo url,net/ipv4/netfilter/ip_tables.c,https://github.com/torvalds/linux,133164117025881,1 1121,['CWE-399'],"asmlinkage long sys32_sigreturn(struct pt_regs *regs) { struct sigframe __user *frame = (struct sigframe __user *)(regs->sp-8); sigset_t set; unsigned int ax; if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) goto badframe; if (__get_user(set.sig[0], &frame->sc.oldmask) || (_COMPAT_NSIG_WORDS > 1 && __copy_from_user((((char *) &set.sig) + 4), &frame->extramask, sizeof(frame->extramask)))) goto badframe; sigdelsetmask(&set, ~_BLOCKABLE); spin_lock_irq(¤t->sighand->siglock); current->blocked = set; recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); if (ia32_restore_sigcontext(regs, &frame->sc, &ax)) goto badframe; return ax; badframe: signal_fault(regs, frame, ""32bit sigreturn""); return 0; }",linux-2.6,,,240150414475018297768070253672632450826,0 6430,['CWE-190'],"read_header_block (PSDimage *img_a, FILE *f, GError **error) { guint16 version; gchar sig[4]; gchar buf[6]; if (fread (sig, 4, 1, f) < 1 || fread (&version, 2, 1, f) < 1 || fread (buf, 6, 1, f) < 1 || fread (&img_a->channels, 2, 1, f) < 1 || fread (&img_a->rows, 4, 1, f) < 1 || fread (&img_a->columns, 4, 1, f) < 1 || fread (&img_a->bps, 2, 1, f) < 1 || fread (&img_a->color_mode, 2, 1, f) < 1) { psd_set_error (feof (f), errno, error); return -1; } version = GUINT16_FROM_BE (version); img_a->channels = GUINT16_FROM_BE (img_a->channels); img_a->rows = GUINT32_FROM_BE (img_a->rows); img_a->columns = GUINT32_FROM_BE (img_a->columns); img_a->bps = GUINT16_FROM_BE (img_a->bps); img_a->color_mode = GUINT16_FROM_BE (img_a->color_mode); IFDBG(1) g_debug (""\n\n\tSig: %.4s\n\tVer: %d\n\tChannels: "" ""%d\n\tSize: %dx%d\n\tBPS: %d\n\tMode: %d\n"", sig, version, img_a->channels, img_a->columns, img_a->rows, img_a->bps, img_a->color_mode); if (memcmp (sig, ""8BPS"", 4) != 0) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Not a valid photoshop document file"")); return -1; } if (version != 1) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Unsupported file format version: %d""), version); return -1; } if (img_a->channels > MAX_CHANNELS) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Too many channels in file: %d""), img_a->channels); return -1; } if (img_a->rows < 1 || img_a->rows > GIMP_MAX_IMAGE_SIZE) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Unsupported or invalid image height: %d""), img_a->rows); return -1; } if (img_a->columns < 1 || img_a->columns > GIMP_MAX_IMAGE_SIZE) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Unsupported or invalid image width: %d""), img_a->columns); return -1; } if (img_a->columns > G_MAXINT32 / img_a->rows) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Unsupported or invalid image size: %dx%d""), img_a->columns, img_a->rows); return -1; } if (img_a->color_mode != PSD_BITMAP && img_a->color_mode != PSD_GRAYSCALE && img_a->color_mode != PSD_INDEXED && img_a->color_mode != PSD_RGB && img_a->color_mode != PSD_DUOTONE) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Unsupported color mode: %s""), get_psd_color_mode_name (img_a->color_mode)); return -1; } switch (img_a->bps) { case 16: IFDBG(3) g_debug (""16 Bit Data""); if (CONVERSION_WARNINGS) g_message (_(""Warning:\n"" ""The image you are loading has 16 bits per channel. GIMP "" ""can only handle 8 bit, so it will be converted for you. "" ""Information will be lost because of this conversion."")); break; case 8: IFDBG(3) g_debug (""8 Bit Data""); break; case 1: IFDBG(3) g_debug (""1 Bit Data""); break; default: g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Unsupported bit depth: %d""), img_a->bps); return -1; break; } return 0; }",gimp,,,96991920556253812898989426542915567092,0 5037,CWE-787,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 2471,['CWE-119'],"static int still_interesting(struct commit_list *src, unsigned long date, int slop) { if (!src) return 0; if (date < src->item->date) return SLOP; if (!everybody_uninteresting(src)) return SLOP; return slop-1; }",git,,,250434269269947090910386924464179001903,0 2235,NVD-CWE-noinfo,"nfs4_state_set_mode_locked(struct nfs4_state *state, mode_t mode) { if (state->state == mode) return; if ((mode & FMODE_WRITE) != (state->state & FMODE_WRITE)) { if (mode & FMODE_WRITE) list_move(&state->open_states, &state->owner->so_states); else list_move_tail(&state->open_states, &state->owner->so_states); } state->state = mode; }",visit repo url,fs/nfs/nfs4state.c,https://github.com/torvalds/linux,174527513616174,1 1825,['CWE-189'],"_gnutls_handshake_hash_pending (gnutls_session_t session) { size_t siz; int ret; opaque *data; if (session->internals.handshake_mac_handle_init == 0) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } if ((ret = _gnutls_handshake_buffer_get_ptr (session, &data, &siz)) < 0) { gnutls_assert (); return ret; } if (siz > 0) { _gnutls_hash (&session->internals.handshake_mac_handle_sha, data, siz); _gnutls_hash (&session->internals.handshake_mac_handle_md5, data, siz); } _gnutls_handshake_buffer_empty (session); return 0; }",gnutls,,,7523005793623721905641058863130191532,0 1669,[],"static inline int task_has_rt_policy(struct task_struct *p) { return rt_policy(p->policy); }",linux-2.6,,,34659446186214241242080650142880410274,0 1390,[],"static void moved_group_fair(struct task_struct *p) { struct cfs_rq *cfs_rq = task_cfs_rq(p); update_curr(cfs_rq); place_entity(cfs_rq, &p->se, 1); }",linux-2.6,,,98811293687185703074991536502038857755,0 1213,CWE-400,"do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; unsigned long address; struct mm_struct *mm; int fault; int write = error_code & PF_WRITE; unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | (write ? FAULT_FLAG_WRITE : 0); tsk = current; mm = tsk->mm; address = read_cr2(); if (kmemcheck_active(regs)) kmemcheck_hide(regs); prefetchw(&mm->mmap_sem); if (unlikely(kmmio_fault(regs, address))) return; if (unlikely(fault_in_kernel_space(address))) { if (!(error_code & (PF_RSVD | PF_USER | PF_PROT))) { if (vmalloc_fault(address) >= 0) return; if (kmemcheck_fault(regs, address, error_code)) return; } if (spurious_fault(error_code, address)) return; if (notify_page_fault(regs)) return; bad_area_nosemaphore(regs, error_code, address); return; } if (unlikely(notify_page_fault(regs))) return; if (user_mode_vm(regs)) { local_irq_enable(); error_code |= PF_USER; } else { if (regs->flags & X86_EFLAGS_IF) local_irq_enable(); } if (unlikely(error_code & PF_RSVD)) pgtable_bad(regs, error_code, address); perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, 0, regs, address); if (unlikely(in_atomic() || !mm)) { bad_area_nosemaphore(regs, error_code, address); return; } if (unlikely(!down_read_trylock(&mm->mmap_sem))) { if ((error_code & PF_USER) == 0 && !search_exception_tables(regs->ip)) { bad_area_nosemaphore(regs, error_code, address); return; } retry: down_read(&mm->mmap_sem); } else { might_sleep(); } vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); return; } if (likely(vma->vm_start <= address)) goto good_area; if (unlikely(!(vma->vm_flags & VM_GROWSDOWN))) { bad_area(regs, error_code, address); return; } if (error_code & PF_USER) { if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) { bad_area(regs, error_code, address); return; } } if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; } good_area: if (unlikely(access_error(error_code, vma))) { bad_area_access_error(regs, error_code, address); return; } fault = handle_mm_fault(mm, vma, address, flags); if (unlikely(fault & (VM_FAULT_RETRY|VM_FAULT_ERROR))) { if (mm_fault_error(regs, error_code, address, fault)) return; } if (flags & FAULT_FLAG_ALLOW_RETRY) { if (fault & VM_FAULT_MAJOR) { tsk->maj_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, 0, regs, address); } else { tsk->min_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, 0, regs, address); } if (fault & VM_FAULT_RETRY) { flags &= ~FAULT_FLAG_ALLOW_RETRY; goto retry; } } check_v8086_mode(regs, address, tsk); up_read(&mm->mmap_sem); }",visit repo url,arch/x86/mm/fault.c,https://github.com/torvalds/linux,248089436023426,1 307,[],"static int do_blkgetsize64(unsigned int fd, unsigned int cmd, unsigned long arg) { return sys_ioctl(fd, BLKGETSIZE64, (unsigned long)compat_ptr(arg)); }",linux-2.6,,,269996712491129314763245980094756178635,0 5810,CWE-476,"service_info *FindServiceControlURLPath( service_table *table, const char *controlURLPath) { service_info *finger = NULL; uri_type parsed_url; uri_type parsed_url_in; if (table && parse_uri(controlURLPath, strlen(controlURLPath), &parsed_url_in) == HTTP_SUCCESS) { finger = table->serviceList; while (finger) { if (finger->controlURL) { if (parse_uri(finger->controlURL, strlen(finger->controlURL), &parsed_url) == HTTP_SUCCESS) { if (!token_cmp(&parsed_url.pathquery, &parsed_url_in.pathquery)) { return finger; } } } finger = finger->next; } } return NULL; }",visit repo url,upnp/src/genlib/service_table/service_table.c,https://github.com/pupnp/pupnp,21945935867978,1 4550,['CWE-20'],"static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) { handle_t *handle; struct inode *old_inode, *new_inode; struct buffer_head *old_bh, *new_bh, *dir_bh; struct ext4_dir_entry_2 *old_de, *new_de; int retval; old_bh = new_bh = dir_bh = NULL; if (new_dentry->d_inode) DQUOT_INIT(new_dentry->d_inode); handle = ext4_journal_start(old_dir, 2 * EXT4_DATA_TRANS_BLOCKS(old_dir->i_sb) + EXT4_INDEX_EXTRA_TRANS_BLOCKS + 2); if (IS_ERR(handle)) return PTR_ERR(handle); if (IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir)) ext4_handle_sync(handle); old_bh = ext4_find_entry(old_dir, &old_dentry->d_name, &old_de); old_inode = old_dentry->d_inode; retval = -ENOENT; if (!old_bh || le32_to_cpu(old_de->inode) != old_inode->i_ino) goto end_rename; new_inode = new_dentry->d_inode; new_bh = ext4_find_entry(new_dir, &new_dentry->d_name, &new_de); if (new_bh) { if (!new_inode) { brelse(new_bh); new_bh = NULL; } } if (S_ISDIR(old_inode->i_mode)) { if (new_inode) { retval = -ENOTEMPTY; if (!empty_dir(new_inode)) goto end_rename; } retval = -EIO; dir_bh = ext4_bread(handle, old_inode, 0, 0, &retval); if (!dir_bh) goto end_rename; if (le32_to_cpu(PARENT_INO(dir_bh->b_data)) != old_dir->i_ino) goto end_rename; retval = -EMLINK; if (!new_inode && new_dir != old_dir && new_dir->i_nlink >= EXT4_LINK_MAX) goto end_rename; } if (!new_bh) { retval = ext4_add_entry(handle, new_dentry, old_inode); if (retval) goto end_rename; } else { BUFFER_TRACE(new_bh, ""get write access""); ext4_journal_get_write_access(handle, new_bh); new_de->inode = cpu_to_le32(old_inode->i_ino); if (EXT4_HAS_INCOMPAT_FEATURE(new_dir->i_sb, EXT4_FEATURE_INCOMPAT_FILETYPE)) new_de->file_type = old_de->file_type; new_dir->i_version++; new_dir->i_ctime = new_dir->i_mtime = ext4_current_time(new_dir); ext4_mark_inode_dirty(handle, new_dir); BUFFER_TRACE(new_bh, ""call ext4_handle_dirty_metadata""); ext4_handle_dirty_metadata(handle, new_dir, new_bh); brelse(new_bh); new_bh = NULL; } old_inode->i_ctime = ext4_current_time(old_inode); ext4_mark_inode_dirty(handle, old_inode); if (le32_to_cpu(old_de->inode) != old_inode->i_ino || old_de->name_len != old_dentry->d_name.len || strncmp(old_de->name, old_dentry->d_name.name, old_de->name_len) || (retval = ext4_delete_entry(handle, old_dir, old_de, old_bh)) == -ENOENT) { struct buffer_head *old_bh2; struct ext4_dir_entry_2 *old_de2; old_bh2 = ext4_find_entry(old_dir, &old_dentry->d_name, &old_de2); if (old_bh2) { retval = ext4_delete_entry(handle, old_dir, old_de2, old_bh2); brelse(old_bh2); } } if (retval) { ext4_warning(old_dir->i_sb, ""ext4_rename"", ""Deleting old file (%lu), %d, error=%d"", old_dir->i_ino, old_dir->i_nlink, retval); } if (new_inode) { ext4_dec_count(handle, new_inode); new_inode->i_ctime = ext4_current_time(new_inode); } old_dir->i_ctime = old_dir->i_mtime = ext4_current_time(old_dir); ext4_update_dx_flag(old_dir); if (dir_bh) { BUFFER_TRACE(dir_bh, ""get_write_access""); ext4_journal_get_write_access(handle, dir_bh); PARENT_INO(dir_bh->b_data) = cpu_to_le32(new_dir->i_ino); BUFFER_TRACE(dir_bh, ""call ext4_handle_dirty_metadata""); ext4_handle_dirty_metadata(handle, old_dir, dir_bh); ext4_dec_count(handle, old_dir); if (new_inode) { new_inode->i_nlink = 0; } else { ext4_inc_count(handle, new_dir); ext4_update_dx_flag(new_dir); ext4_mark_inode_dirty(handle, new_dir); } } ext4_mark_inode_dirty(handle, old_dir); if (new_inode) { ext4_mark_inode_dirty(handle, new_inode); if (!new_inode->i_nlink) ext4_orphan_add(handle, new_inode); } retval = 0; end_rename: brelse(dir_bh); brelse(old_bh); brelse(new_bh); ext4_journal_stop(handle); return retval; }",linux-2.6,,,51811869235434267151146196596868635908,0 6487,CWE-787,"int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) { if (!message) { LOG_ERROR(""Null message in AES_encrypt_DH""); return -1; } if (!encr_message) { LOG_ERROR(""Null encr message in AES_encrypt_DH""); return -2; } if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) { LOG_ERROR(""length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE""); return -1; } uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE; if (msgLen < len) { LOG_ERROR(""Output buffer not large enough""); return -2; } sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_DH_key, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, (unsigned char*) message, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, (sgx_aes_gcm_128bit_tag_t *)encr_message); return status; }",visit repo url,secure_enclave/AESUtils.c,https://github.com/skalenetwork/sgxwallet,151465298058144,1 170,[],"int compat_printk(const char *fmt, ...) { va_list ap; int ret; if (!compat_log) return 0; va_start(ap, fmt); ret = vprintk(fmt, ap); va_end(ap); return ret; }",linux-2.6,,,244691021903914891476903180472405223267,0 3632,['CWE-287'],"void sctp_association_put(struct sctp_association *asoc) { if (atomic_dec_and_test(&asoc->base.refcnt)) sctp_association_destroy(asoc); }",linux-2.6,,,157127909917103174752342955497366089098,0 4682,['CWE-399'],"static int ext4_da_get_block_write(struct inode *inode, sector_t iblock, struct buffer_head *bh_result, int create) { int ret; unsigned max_blocks = bh_result->b_size >> inode->i_blkbits; loff_t disksize = EXT4_I(inode)->i_disksize; handle_t *handle = NULL; handle = ext4_journal_current_handle(); BUG_ON(!handle); ret = ext4_get_blocks_wrap(handle, inode, iblock, max_blocks, bh_result, create, 0, EXT4_DELALLOC_RSVED); if (ret > 0) { bh_result->b_size = (ret << inode->i_blkbits); if (ext4_should_order_data(inode)) { int retval; retval = ext4_jbd2_file_inode(handle, inode); if (retval) return retval; } disksize = ((loff_t) iblock + ret) << inode->i_blkbits; if (disksize > i_size_read(inode)) disksize = i_size_read(inode); if (disksize > EXT4_I(inode)->i_disksize) { ext4_update_i_disksize(inode, disksize); ret = ext4_mark_inode_dirty(handle, inode); return ret; } ret = 0; } return ret; }",linux-2.6,,,76470541327921811986216600902545361142,0 1340,['CWE-399'],"static void ipip6_tunnel_setup(struct net_device *dev) { dev->uninit = ipip6_tunnel_uninit; dev->destructor = free_netdev; dev->hard_start_xmit = ipip6_tunnel_xmit; dev->get_stats = ipip6_tunnel_get_stats; dev->do_ioctl = ipip6_tunnel_ioctl; dev->change_mtu = ipip6_tunnel_change_mtu; dev->type = ARPHRD_SIT; dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr); dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr); dev->flags = IFF_NOARP; dev->iflink = 0; dev->addr_len = 4; dev->features |= NETIF_F_NETNS_LOCAL; }",linux-2.6,,,283779471852897414375896547828015018167,0 6705,CWE-116,"new_logline(int event_type, int flags, struct eventlog_args *args, const struct eventlog *evlog) { const struct eventlog_config *evl_conf = eventlog_getconf(); char *line = NULL, *evstr = NULL; const char *iolog_file; const char *tty, *tsid = NULL; char exit_str[(((sizeof(int) * 8) + 2) / 3) + 2]; char sessid[7], offsetstr[64] = """"; size_t len = 0; int i; debug_decl(new_logline, SUDO_DEBUG_UTIL); if (ISSET(flags, EVLOG_RAW) || evlog == NULL) { if (args->reason != NULL) { if (args->errstr != NULL) { if (asprintf(&line, ""%s: %s"", args->reason, args->errstr) == -1) goto oom; } else { if ((line = strdup(args->reason)) == NULL) goto oom; } } debug_return_str(line); } iolog_file = evlog->iolog_file; if (iolog_file != NULL) { if (IS_SESSID(iolog_file)) { sessid[0] = iolog_file[0]; sessid[1] = iolog_file[1]; sessid[2] = iolog_file[3]; sessid[3] = iolog_file[4]; sessid[4] = iolog_file[6]; sessid[5] = iolog_file[7]; sessid[6] = '\0'; tsid = sessid; } else { tsid = iolog_file; } if (sudo_timespecisset(&evlog->iolog_offset)) { if (evlog->iolog_offset.tv_nsec > 10000000) { (void)snprintf(offsetstr, sizeof(offsetstr), ""@%lld.%02ld"", (long long)evlog->iolog_offset.tv_sec, evlog->iolog_offset.tv_nsec / 10000000); } else if (evlog->iolog_offset.tv_sec != 0) { (void)snprintf(offsetstr, sizeof(offsetstr), ""@%lld"", (long long)evlog->iolog_offset.tv_sec); } } } if ((tty = evlog->ttyname) != NULL) { if (strncmp(tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) tty += sizeof(_PATH_DEV) - 1; } if (args->reason != NULL) len += strlen(args->reason) + 3; if (args->errstr != NULL) len += strlen(args->errstr) + 3; if (evlog->submithost != NULL && !evl_conf->omit_hostname) len += sizeof(LL_HOST_STR) + 2 + strlen(evlog->submithost); if (tty != NULL) len += sizeof(LL_TTY_STR) + 2 + strlen(tty); if (evlog->runchroot != NULL) len += sizeof(LL_CHROOT_STR) + 2 + strlen(evlog->runchroot); if (evlog->runcwd != NULL) len += sizeof(LL_CWD_STR) + 2 + strlen(evlog->runcwd); if (evlog->runuser != NULL) len += sizeof(LL_USER_STR) + 2 + strlen(evlog->runuser); if (evlog->rungroup != NULL) len += sizeof(LL_GROUP_STR) + 2 + strlen(evlog->rungroup); if (tsid != NULL) { len += sizeof(LL_TSID_STR) + 2 + strlen(tsid) + strlen(offsetstr); } if (evlog->env_add != NULL) { size_t evlen = 0; char * const *ep; for (ep = evlog->env_add; *ep != NULL; ep++) evlen += strlen(*ep) + 1; if (evlen != 0) { if ((evstr = malloc(evlen)) == NULL) goto oom; ep = evlog->env_add; if (strlcpy(evstr, *ep, evlen) >= evlen) goto toobig; while (*++ep != NULL) { if (strlcat(evstr, "" "", evlen) >= evlen || strlcat(evstr, *ep, evlen) >= evlen) goto toobig; } len += sizeof(LL_ENV_STR) + 2 + evlen; } } if (evlog->command != NULL) { len += sizeof(LL_CMND_STR) - 1 + strlen(evlog->command); if (evlog->argv != NULL && evlog->argv[0] != NULL) { for (i = 1; evlog->argv[i] != NULL; i++) len += strlen(evlog->argv[i]) + 1; } if (event_type == EVLOG_EXIT) { if (evlog->signal_name != NULL) len += sizeof(LL_SIGNAL_STR) + 2 + strlen(evlog->signal_name); if (evlog->exit_value != -1) { (void)snprintf(exit_str, sizeof(exit_str), ""%d"", evlog->exit_value); len += sizeof(LL_EXIT_STR) + 2 + strlen(exit_str); } } } if ((line = malloc(++len)) == NULL) goto oom; line[0] = '\0'; if (args->reason != NULL) { if (strlcat(line, args->reason, len) >= len || strlcat(line, args->errstr ? "" : "" : "" ; "", len) >= len) goto toobig; } if (args->errstr != NULL) { if (strlcat(line, args->errstr, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->submithost != NULL && !evl_conf->omit_hostname) { if (strlcat(line, LL_HOST_STR, len) >= len || strlcat(line, evlog->submithost, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (tty != NULL) { if (strlcat(line, LL_TTY_STR, len) >= len || strlcat(line, tty, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->runchroot != NULL) { if (strlcat(line, LL_CHROOT_STR, len) >= len || strlcat(line, evlog->runchroot, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->runcwd != NULL) { if (strlcat(line, LL_CWD_STR, len) >= len || strlcat(line, evlog->runcwd, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->runuser != NULL) { if (strlcat(line, LL_USER_STR, len) >= len || strlcat(line, evlog->runuser, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evlog->rungroup != NULL) { if (strlcat(line, LL_GROUP_STR, len) >= len || strlcat(line, evlog->rungroup, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (tsid != NULL) { if (strlcat(line, LL_TSID_STR, len) >= len || strlcat(line, tsid, len) >= len || strlcat(line, offsetstr, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; } if (evstr != NULL) { if (strlcat(line, LL_ENV_STR, len) >= len || strlcat(line, evstr, len) >= len || strlcat(line, "" ; "", len) >= len) goto toobig; free(evstr); evstr = NULL; } if (evlog->command != NULL) { if (strlcat(line, LL_CMND_STR, len) >= len) goto toobig; if (strlcat(line, evlog->command, len) >= len) goto toobig; if (evlog->argv != NULL && evlog->argv[0] != NULL) { for (i = 1; evlog->argv[i] != NULL; i++) { if (strlcat(line, "" "", len) >= len || strlcat(line, evlog->argv[i], len) >= len) goto toobig; } } if (event_type == EVLOG_EXIT) { if (evlog->signal_name != NULL) { if (strlcat(line, "" ; "", len) >= len || strlcat(line, LL_SIGNAL_STR, len) >= len || strlcat(line, evlog->signal_name, len) >= len) goto toobig; } if (evlog->exit_value != -1) { if (strlcat(line, "" ; "", len) >= len || strlcat(line, LL_EXIT_STR, len) >= len || strlcat(line, exit_str, len) >= len) goto toobig; } } } debug_return_str(line); oom: free(evstr); sudo_warnx(U_(""%s: %s""), __func__, U_(""unable to allocate memory"")); debug_return_str(NULL); toobig: free(evstr); free(line); sudo_warnx(U_(""internal error, %s overflow""), __func__); debug_return_str(NULL); }",visit repo url,lib/eventlog/eventlog.c,https://github.com/sudo-project/sudo,68029610147374,1 2394,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *in) { AVFilterContext *ctx = inlink->dst; FlipContext *s = ctx->priv; AVFilterLink *outlink = ctx->outputs[0]; AVFrame *out; uint8_t *inrow, *outrow; int i, j, plane, step; out = ff_get_video_buffer(outlink, outlink->w, outlink->h); if (!out) { av_frame_free(&in); return AVERROR(ENOMEM); } av_frame_copy_props(out, in); if (av_pix_fmt_desc_get(inlink->format)->flags & AV_PIX_FMT_FLAG_PAL) memcpy(out->data[1], in->data[1], AVPALETTE_SIZE); for (plane = 0; plane < 4 && in->data[plane]; plane++) { const int width = (plane == 1 || plane == 2) ? FF_CEIL_RSHIFT(inlink->w, s->hsub) : inlink->w; const int height = (plane == 1 || plane == 2) ? FF_CEIL_RSHIFT(inlink->h, s->vsub) : inlink->h; step = s->max_step[plane]; outrow = out->data[plane]; inrow = in ->data[plane] + (width - 1) * step; for (i = 0; i < height; i++) { switch (step) { case 1: for (j = 0; j < width; j++) outrow[j] = inrow[-j]; break; case 2: { uint16_t *outrow16 = (uint16_t *)outrow; uint16_t * inrow16 = (uint16_t *) inrow; for (j = 0; j < width; j++) outrow16[j] = inrow16[-j]; } break; case 3: { uint8_t *in = inrow; uint8_t *out = outrow; for (j = 0; j < width; j++, out += 3, in -= 3) { int32_t v = AV_RB24(in); AV_WB24(out, v); } } break; case 4: { uint32_t *outrow32 = (uint32_t *)outrow; uint32_t * inrow32 = (uint32_t *) inrow; for (j = 0; j < width; j++) outrow32[j] = inrow32[-j]; } break; default: for (j = 0; j < width; j++) memcpy(outrow + j*step, inrow - j*step, step); } inrow += in ->linesize[plane]; outrow += out->linesize[plane]; } } av_frame_free(&in); return ff_filter_frame(outlink, out); }",visit repo url,libavfilter/vf_hflip.c,https://github.com/FFmpeg/FFmpeg,137645457573834,1 4734,CWE-476,"CopyKeyAliasesToKeymap(struct xkb_keymap *keymap, KeyNamesInfo *info) { AliasInfo *alias; unsigned i, num_key_aliases; struct xkb_key_alias *key_aliases; num_key_aliases = 0; darray_foreach(alias, info->aliases) { if (!XkbKeyByName(keymap, alias->real, false)) { log_vrb(info->ctx, 5, ""Attempt to alias %s to non-existent key %s; Ignored\n"", KeyNameText(info->ctx, alias->alias), KeyNameText(info->ctx, alias->real)); alias->real = XKB_ATOM_NONE; continue; } if (XkbKeyByName(keymap, alias->alias, false)) { log_vrb(info->ctx, 5, ""Attempt to create alias with the name of a real key; "" ""Alias \""%s = %s\"" ignored\n"", KeyNameText(info->ctx, alias->alias), KeyNameText(info->ctx, alias->real)); alias->real = XKB_ATOM_NONE; continue; } num_key_aliases++; } key_aliases = NULL; if (num_key_aliases > 0) { key_aliases = calloc(num_key_aliases, sizeof(*key_aliases)); if (!key_aliases) return false; } i = 0; darray_foreach(alias, info->aliases) { if (alias->real != XKB_ATOM_NONE) { key_aliases[i].alias = alias->alias; key_aliases[i].real = alias->real; i++; } } keymap->num_key_aliases = num_key_aliases; keymap->key_aliases = key_aliases; return true; }",visit repo url,src/xkbcomp/keycodes.c,https://github.com/xkbcommon/libxkbcommon,182272651045970,1 3317,CWE-119,"header_put_be_int (SF_PRIVATE *psf, int x) { if (psf->headindex < SIGNED_SIZEOF (psf->header) - 4) { psf->header [psf->headindex++] = (x >> 24) ; psf->header [psf->headindex++] = (x >> 16) ; psf->header [psf->headindex++] = (x >> 8) ; psf->header [psf->headindex++] = x ; } ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,151757901693262,1 5535,['CWE-20'],"int inflate_fixed() { int i; struct huft *tl; struct huft *td; int bl; int bd; unsigned l[288]; for (i = 0; i < 144; i++) l[i] = 8; for (; i < 256; i++) l[i] = 9; for (; i < 280; i++) l[i] = 7; for (; i < 288; i++) l[i] = 8; bl = 7; if ((i = huft_build(l, 288, 257, cplens, cplext, &tl, &bl)) != 0) return i; for (i = 0; i < 30; i++) l[i] = 5; bd = 5; if ((i = huft_build(l, 30, 0, cpdist, cpdext, &td, &bd)) > 1) { huft_free(tl); return i; } if (inflate_codes(tl, td, bl, bd)) return 1; huft_free(tl); huft_free(td); return 0; }",gzip,,,278563300489342060075103733957590405260,0 4299,CWE-125,"static int analop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len, RAnalOpMask mask) { int opsize = -1; op->type = -1; opsize = 2; switch (buf[0]) { case 0x3f: case 0x4f: op->type = R_ANAL_OP_TYPE_MOV; opsize = 4; break; case 0x6f: op->type = R_ANAL_OP_TYPE_MOV; opsize = 6; break; case 0x7f: op->type = R_ANAL_OP_TYPE_LEA; if (len > 5) { op->ptr = buf[2]; op->ptr |= buf[3]<<8; op->ptr |= buf[4]<<16; op->ptr |= ((ut32)(0xff&buf[5]))<<24; op->ptr += addr; opsize = 6; } else { op->ptr = UT64_MAX; } break; case 0xbf: op->type = R_ANAL_OP_TYPE_CALL; if (len > 5) { st32 delta = buf[2]; delta |= buf[3]<<8; delta |= buf[4]<<16; delta |= buf[5]<<24; op->jump = addr + delta; } else { op->jump = UT64_MAX; } op->fail = addr + 6; opsize = 6; break; case 0x00: if (buf[1] == 0x00) { op->type = R_ANAL_OP_TYPE_TRAP; } else { op->type = R_ANAL_OP_TYPE_JMP; { st8 delta = buf[0]; op->jump = addr + delta; } } break; case 0xf0: if (buf[1]==0xb9) { op->type = R_ANAL_OP_TYPE_RET; } break; default: switch (buf[1]) { case 0x00: op->type = R_ANAL_OP_TYPE_CJMP; break; case 0xf3: op->type = R_ANAL_OP_TYPE_SHR; break; case 0x96: if (buf[0] >=0xc0) { op->type = R_ANAL_OP_TYPE_CMP; } else { op->type = R_ANAL_OP_TYPE_MOV; } break; case 0xf2: case 0x0b: case 0x72: op->type = R_ANAL_OP_TYPE_CMP; break; case 0x05: if (buf[0] == 0xb0) { op->type = R_ANAL_OP_TYPE_NOP; } break; case 0x01: case 0x02: case 0xc2: case 0xf5: case 0x91: case 0x41: case 0x61: case 0x65: op->type = R_ANAL_OP_TYPE_ADD; break; case 0x12: case 0xf6: case 0xe2: op->type = R_ANAL_OP_TYPE_SUB; break; case 0x82: case 0xba: case 0xeb: case 0xc6: case 0x92: case 0x9b: case 0xbe: case 0x06: case 0x26: case 0xfb: case 0x9a: case 0xb2: case 0xda: case 0x2b: case 0x6f: case 0xa2: case 0x2f: case 0x8b: case 0x1b: case 0xaa: case 0xa6: case 0xb6: op->type = R_ANAL_OP_TYPE_MOV; break; case 0xe0: op->type = R_ANAL_OP_TYPE_JMP; { st8 delta = buf[0]; op->jump = addr + delta; } break; case 0x10: case 0x30: case 0x20: case 0x2d: op->type = R_ANAL_OP_TYPE_CJMP; op->jump = addr + buf[0]; op->fail = addr + 2; break; case 0xbf: op->type = R_ANAL_OP_TYPE_CALL; break; case 0xb9: op->type = R_ANAL_OP_TYPE_UJMP; break; } } #if 0 switch (*buf) { case 0x3f: opsize = 4; case 0x01: case 0x53: case 0x04: case 0x61: case 0x62: case 0x63: op->type = R_ANAL_OP_TYPE_ADD; break; case 0x88: case 0x84: case 0x81: case 0x8c: case 0xad: op->type = R_ANAL_OP_TYPE_SUB; break; case 0x7f: op->type = R_ANAL_OP_TYPE_LEA; break; case 0xcf: case 0xbe: case 0x60: case 0x6f: case 0x6a: case 0x7e: case 0xfe: op->type = R_ANAL_OP_TYPE_MOV; break; case 0x00: op->type = R_ANAL_OP_TYPE_JMP; break; case 0xff: opsize = 6; case 0x14: case 0x0e: case 0x1a: case 0x9c: case 0x6d: op->type = R_ANAL_OP_TYPE_CJMP; break; case 0xbf: opsize = 6; case 0xb1: case 0xb2: case 0xb3: case 0xb4: case 0xb5: case 0xb6: case 0xb7: case 0xb8: case 0xb9: op->type = R_ANAL_OP_TYPE_UJMP; break; case 0x8f: case 0xc0: case 0xe1: case 0xaa: op->type = R_ANAL_OP_TYPE_CMP; break; default: switch (*w) { case 0xb0b9: op->type = R_ANAL_OP_TYPE_CJMP; break; case 0xb005: case 0x05b0: op->type = R_ANAL_OP_TYPE_NOP; break; case 0xf0b9: case 0xb9f0: op->type = R_ANAL_OP_TYPE_RET; break; default: op->type = R_ANAL_OP_TYPE_MOV; break; } } #endif op->size = opsize; return opsize; }",visit repo url,libr/anal/p/anal_cris.c,https://github.com/radareorg/radare2,280891306973756,1 2621,CWE-190,"static inline int unicode_cp_is_allowed(unsigned uni_cp, int document_type) { switch (document_type) { case ENT_HTML_DOC_HTML401: return (uni_cp >= 0x20 && uni_cp <= 0x7E) || (uni_cp == 0x0A || uni_cp == 0x09 || uni_cp == 0x0D) || (uni_cp >= 0xA0 && uni_cp <= 0xD7FF) || (uni_cp >= 0xE000 && uni_cp <= 0x10FFFF); case ENT_HTML_DOC_HTML5: return (uni_cp >= 0x20 && uni_cp <= 0x7E) || (uni_cp >= 0x09 && uni_cp <= 0x0D && uni_cp != 0x0B) || (uni_cp >= 0xA0 && uni_cp <= 0xD7FF) || (uni_cp >= 0xE000 && uni_cp <= 0x10FFFF && ((uni_cp & 0xFFFF) < 0xFFFE) && (uni_cp < 0xFDD0 || uni_cp > 0xFDEF)); case ENT_HTML_DOC_XHTML: case ENT_HTML_DOC_XML1: return (uni_cp >= 0x20 && uni_cp <= 0xD7FF) || (uni_cp == 0x0A || uni_cp == 0x09 || uni_cp == 0x0D) || (uni_cp >= 0xE000 && uni_cp <= 0x10FFFF && uni_cp != 0xFFFE && uni_cp != 0xFFFF); default: return 1; } }",visit repo url,ext/standard/html.c,https://github.com/php/php-src,196283781168354,1 1949,['CWE-20'],"int migrate_page(struct address_space *mapping, struct page *newpage, struct page *page) { int rc; BUG_ON(PageWriteback(page)); rc = migrate_page_move_mapping(mapping, newpage, page); if (rc) return rc; migrate_page_copy(newpage, page); return 0; }",linux-2.6,,,27490362882345485917421680036694107160,0 2518,CWE-59,"set_acl(struct archive *a, int fd, const char *name, struct archive_acl *abstract_acl, int ae_requested_type, const char *tname) { aclent_t *aclent; #if ARCHIVE_ACL_SUNOS_NFS4 ace_t *ace; #endif int cmd, e, r; void *aclp; int ret; int ae_type, ae_permset, ae_tag, ae_id; int perm_map_size; const acl_perm_map_t *perm_map; uid_t ae_uid; gid_t ae_gid; const char *ae_name; int entries; int i; ret = ARCHIVE_OK; entries = archive_acl_reset(abstract_acl, ae_requested_type); if (entries == 0) return (ARCHIVE_OK); switch (ae_requested_type) { case ARCHIVE_ENTRY_ACL_TYPE_POSIX1E: cmd = SETACL; aclp = malloc(entries * sizeof(aclent_t)); break; #if ARCHIVE_ACL_SUNOS_NFS4 case ARCHIVE_ENTRY_ACL_TYPE_NFS4: cmd = ACE_SETACL; aclp = malloc(entries * sizeof(ace_t)); break; #endif default: errno = ENOENT; archive_set_error(a, errno, ""Unsupported ACL type""); return (ARCHIVE_FAILED); } if (aclp == NULL) { archive_set_error(a, errno, ""Can't allocate memory for acl buffer""); return (ARCHIVE_FAILED); } e = 0; while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type, &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) { aclent = NULL; #if ARCHIVE_ACL_SUNOS_NFS4 ace = NULL; #endif if (cmd == SETACL) { aclent = &((aclent_t *)aclp)[e]; aclent->a_id = -1; aclent->a_type = 0; aclent->a_perm = 0; } #if ARCHIVE_ACL_SUNOS_NFS4 else { ace = &((ace_t *)aclp)[e]; ace->a_who = -1; ace->a_access_mask = 0; ace->a_flags = 0; } #endif switch (ae_tag) { case ARCHIVE_ENTRY_ACL_USER: ae_uid = archive_write_disk_uid(a, ae_name, ae_id); if (aclent != NULL) { aclent->a_id = ae_uid; aclent->a_type |= USER; } #if ARCHIVE_ACL_SUNOS_NFS4 else { ace->a_who = ae_uid; } #endif break; case ARCHIVE_ENTRY_ACL_GROUP: ae_gid = archive_write_disk_gid(a, ae_name, ae_id); if (aclent != NULL) { aclent->a_id = ae_gid; aclent->a_type |= GROUP; } #if ARCHIVE_ACL_SUNOS_NFS4 else { ace->a_who = ae_gid; ace->a_flags |= ACE_IDENTIFIER_GROUP; } #endif break; case ARCHIVE_ENTRY_ACL_USER_OBJ: if (aclent != NULL) aclent->a_type |= USER_OBJ; #if ARCHIVE_ACL_SUNOS_NFS4 else { ace->a_flags |= ACE_OWNER; } #endif break; case ARCHIVE_ENTRY_ACL_GROUP_OBJ: if (aclent != NULL) aclent->a_type |= GROUP_OBJ; #if ARCHIVE_ACL_SUNOS_NFS4 else { ace->a_flags |= ACE_GROUP; ace->a_flags |= ACE_IDENTIFIER_GROUP; } #endif break; case ARCHIVE_ENTRY_ACL_MASK: if (aclent != NULL) aclent->a_type |= CLASS_OBJ; break; case ARCHIVE_ENTRY_ACL_OTHER: if (aclent != NULL) aclent->a_type |= OTHER_OBJ; break; #if ARCHIVE_ACL_SUNOS_NFS4 case ARCHIVE_ENTRY_ACL_EVERYONE: if (ace != NULL) ace->a_flags |= ACE_EVERYONE; break; #endif default: archive_set_error(a, ARCHIVE_ERRNO_MISC, ""Unsupported ACL tag""); ret = ARCHIVE_FAILED; goto exit_free; } r = 0; switch (ae_type) { #if ARCHIVE_ACL_SUNOS_NFS4 case ARCHIVE_ENTRY_ACL_TYPE_ALLOW: if (ace != NULL) ace->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE; else r = -1; break; case ARCHIVE_ENTRY_ACL_TYPE_DENY: if (ace != NULL) ace->a_type = ACE_ACCESS_DENIED_ACE_TYPE; else r = -1; break; case ARCHIVE_ENTRY_ACL_TYPE_AUDIT: if (ace != NULL) ace->a_type = ACE_SYSTEM_AUDIT_ACE_TYPE; else r = -1; break; case ARCHIVE_ENTRY_ACL_TYPE_ALARM: if (ace != NULL) ace->a_type = ACE_SYSTEM_ALARM_ACE_TYPE; else r = -1; break; #endif case ARCHIVE_ENTRY_ACL_TYPE_ACCESS: if (aclent == NULL) r = -1; break; case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT: if (aclent != NULL) aclent->a_type |= ACL_DEFAULT; else r = -1; break; default: archive_set_error(a, ARCHIVE_ERRNO_MISC, ""Unsupported ACL entry type""); ret = ARCHIVE_FAILED; goto exit_free; } if (r != 0) { errno = EINVAL; archive_set_error(a, errno, ""Failed to set ACL entry type""); ret = ARCHIVE_FAILED; goto exit_free; } #if ARCHIVE_ACL_SUNOS_NFS4 if (ae_requested_type == ARCHIVE_ENTRY_ACL_TYPE_NFS4) { perm_map_size = acl_nfs4_perm_map_size; perm_map = acl_nfs4_perm_map; } else { #endif perm_map_size = acl_posix_perm_map_size; perm_map = acl_posix_perm_map; #if ARCHIVE_ACL_SUNOS_NFS4 } #endif for (i = 0; i < perm_map_size; ++i) { if (ae_permset & perm_map[i].a_perm) { #if ARCHIVE_ACL_SUNOS_NFS4 if (ae_requested_type == ARCHIVE_ENTRY_ACL_TYPE_NFS4) ace->a_access_mask |= perm_map[i].p_perm; else #endif aclent->a_perm |= perm_map[i].p_perm; } } #if ARCHIVE_ACL_SUNOS_NFS4 if (ae_requested_type == ARCHIVE_ENTRY_ACL_TYPE_NFS4) { for (i = 0; i < acl_nfs4_flag_map_size; ++i) { if (ae_permset & acl_nfs4_flag_map[i].a_perm) { ace->a_flags |= acl_nfs4_flag_map[i].p_perm; } } } #endif e++; } if (fd >= 0) { if (facl(fd, cmd, entries, aclp) == 0) ret = ARCHIVE_OK; else { if (errno == EOPNOTSUPP) { ret = ARCHIVE_OK; } else { archive_set_error(a, errno, ""Failed to set acl on fd: %s"", tname); ret = ARCHIVE_WARN; } } } else if (acl(name, cmd, entries, aclp) != 0) { if (errno == EOPNOTSUPP) { ret = ARCHIVE_OK; } else { archive_set_error(a, errno, ""Failed to set acl: %s"", tname); ret = ARCHIVE_WARN; } } exit_free: free(aclp); return (ret); }",visit repo url,libarchive/archive_disk_acl_sunos.c,https://github.com/libarchive/libarchive,231713384547529,1 2813,['CWE-264'],"int __init init_module( void ) { struct net_device *dev; int err; while( num < SBNI_MAX_NUM_CARDS ) { dev = alloc_netdev(sizeof(struct net_local), ""sbni%d"", sbni_devsetup); if( !dev) break; sprintf( dev->name, ""sbni%d"", num ); err = sbni_init(dev); if (err) { free_netdev(dev); break; } if( register_netdev( dev ) ) { release_region( dev->base_addr, SBNI_IO_EXTENT ); free_netdev( dev ); break; } } return *sbni_cards ? 0 : -ENODEV; }",linux-2.6,,,181433901727487330964454453377713851548,0 6616,['CWE-200'],"nm_g_ptr_array_contains (const GPtrArray *haystack, gpointer needle) { int i; for (i = 0; haystack && (i < haystack->len); i++) { if (g_ptr_array_index (haystack, i) == needle) return TRUE; } return FALSE; }",network-manager-applet,,,63365466547933730271865212399971858808,0 1277,CWE-119,"static int empty_write_end(struct page *page, unsigned from, unsigned to, int mode) { struct inode *inode = page->mapping->host; struct gfs2_inode *ip = GFS2_I(inode); struct buffer_head *bh; unsigned offset, blksize = 1 << inode->i_blkbits; pgoff_t end_index = i_size_read(inode) >> PAGE_CACHE_SHIFT; zero_user(page, from, to-from); mark_page_accessed(page); if (page->index < end_index || !(mode & FALLOC_FL_KEEP_SIZE)) { if (!gfs2_is_writeback(ip)) gfs2_page_add_databufs(ip, page, from, to); block_commit_write(page, from, to); return 0; } offset = 0; bh = page_buffers(page); while (offset < to) { if (offset >= from) { set_buffer_uptodate(bh); mark_buffer_dirty(bh); clear_buffer_new(bh); write_dirty_buffer(bh, WRITE); } offset += blksize; bh = bh->b_this_page; } offset = 0; bh = page_buffers(page); while (offset < to) { if (offset >= from) { wait_on_buffer(bh); if (!buffer_uptodate(bh)) return -EIO; } offset += blksize; bh = bh->b_this_page; } return 0; }",visit repo url,fs/gfs2/file.c,https://github.com/torvalds/linux,274025659212143,1 3950,CWE-337,"void codingXOR(char* extractedString, char* keyString, char* xoredString, int bufferLength) { int i; if(isCodingInverted){ for (i = 0; i < bufferLength; ++i) { xoredString[i] = scrambleAsciiTables[keyString[i] & (1+2+4+8)][(unsigned char)(extractedString[i] ^ keyString[i])]; } }else{ for (i = 0; i < bufferLength; ++i) { xoredString[i] = scrambleAsciiTables[keyString[i] & (1+2+4+8)][(unsigned char)extractedString[i]] ^ keyString[i]; } } }",visit repo url,main.c,https://github.com/pfmonville/enigmaX,198423692957281,1 5813,CWE-120,"void M_LoadDefaults (void) { int i; int len; FILE* f; char def[80]; char strparm[100]; char* newstring; int parm; boolean isstring; numdefaults = sizeof(defaults)/sizeof(defaults[0]); for (i=0 ; irestart_block; return restart->fn(restart); }",linux-2.6,,,81162979245818687746755602135338484863,0 2538,NVD-CWE-Other,"static int init_nss_hash(struct crypto_instance *instance) { PK11SlotInfo* hash_slot = NULL; SECItem hash_param; if (!hash_to_nss[instance->crypto_hash_type]) { return 0; } hash_param.type = siBuffer; hash_param.data = 0; hash_param.len = 0; hash_slot = PK11_GetBestSlot(hash_to_nss[instance->crypto_hash_type], NULL); if (hash_slot == NULL) { log_printf(instance->log_level_security, ""Unable to find security slot (err %d)"", PR_GetError()); return -1; } instance->nss_sym_key_sign = PK11_ImportSymKey(hash_slot, hash_to_nss[instance->crypto_hash_type], PK11_OriginUnwrap, CKA_SIGN, &hash_param, NULL); if (instance->nss_sym_key_sign == NULL) { log_printf(instance->log_level_security, ""Failure to import key into NSS (err %d)"", PR_GetError()); return -1; } PK11_FreeSlot(hash_slot); return 0; }",visit repo url,exec/totemcrypto.c,https://github.com/corosync/corosync,59170835113181,1 1949,CWE-401,"ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) { struct ccp_sha_engine *sha = &cmd->u.sha; struct ccp_dm_workarea ctx; struct ccp_data src; struct ccp_op op; unsigned int ioffset, ooffset; unsigned int digest_size; int sb_count; const void *init; u64 block_size; int ctx_size; int ret; switch (sha->type) { case CCP_SHA_TYPE_1: if (sha->ctx_len < SHA1_DIGEST_SIZE) return -EINVAL; block_size = SHA1_BLOCK_SIZE; break; case CCP_SHA_TYPE_224: if (sha->ctx_len < SHA224_DIGEST_SIZE) return -EINVAL; block_size = SHA224_BLOCK_SIZE; break; case CCP_SHA_TYPE_256: if (sha->ctx_len < SHA256_DIGEST_SIZE) return -EINVAL; block_size = SHA256_BLOCK_SIZE; break; case CCP_SHA_TYPE_384: if (cmd_q->ccp->vdata->version < CCP_VERSION(4, 0) || sha->ctx_len < SHA384_DIGEST_SIZE) return -EINVAL; block_size = SHA384_BLOCK_SIZE; break; case CCP_SHA_TYPE_512: if (cmd_q->ccp->vdata->version < CCP_VERSION(4, 0) || sha->ctx_len < SHA512_DIGEST_SIZE) return -EINVAL; block_size = SHA512_BLOCK_SIZE; break; default: return -EINVAL; } if (!sha->ctx) return -EINVAL; if (!sha->final && (sha->src_len & (block_size - 1))) return -EINVAL; if (cmd_q->ccp->vdata->version == CCP_VERSION(3, 0)) { if (!sha->src_len) { unsigned int digest_len; const u8 *sha_zero; if (!sha->final) return 0; if (sha->msg_bits) return -EINVAL; switch (sha->type) { case CCP_SHA_TYPE_1: sha_zero = sha1_zero_message_hash; digest_len = SHA1_DIGEST_SIZE; break; case CCP_SHA_TYPE_224: sha_zero = sha224_zero_message_hash; digest_len = SHA224_DIGEST_SIZE; break; case CCP_SHA_TYPE_256: sha_zero = sha256_zero_message_hash; digest_len = SHA256_DIGEST_SIZE; break; default: return -EINVAL; } scatterwalk_map_and_copy((void *)sha_zero, sha->ctx, 0, digest_len, 1); return 0; } } switch (sha->type) { case CCP_SHA_TYPE_1: digest_size = SHA1_DIGEST_SIZE; init = (void *) ccp_sha1_init; ctx_size = SHA1_DIGEST_SIZE; sb_count = 1; if (cmd_q->ccp->vdata->version != CCP_VERSION(3, 0)) ooffset = ioffset = CCP_SB_BYTES - SHA1_DIGEST_SIZE; else ooffset = ioffset = 0; break; case CCP_SHA_TYPE_224: digest_size = SHA224_DIGEST_SIZE; init = (void *) ccp_sha224_init; ctx_size = SHA256_DIGEST_SIZE; sb_count = 1; ioffset = 0; if (cmd_q->ccp->vdata->version != CCP_VERSION(3, 0)) ooffset = CCP_SB_BYTES - SHA224_DIGEST_SIZE; else ooffset = 0; break; case CCP_SHA_TYPE_256: digest_size = SHA256_DIGEST_SIZE; init = (void *) ccp_sha256_init; ctx_size = SHA256_DIGEST_SIZE; sb_count = 1; ooffset = ioffset = 0; break; case CCP_SHA_TYPE_384: digest_size = SHA384_DIGEST_SIZE; init = (void *) ccp_sha384_init; ctx_size = SHA512_DIGEST_SIZE; sb_count = 2; ioffset = 0; ooffset = 2 * CCP_SB_BYTES - SHA384_DIGEST_SIZE; break; case CCP_SHA_TYPE_512: digest_size = SHA512_DIGEST_SIZE; init = (void *) ccp_sha512_init; ctx_size = SHA512_DIGEST_SIZE; sb_count = 2; ooffset = ioffset = 0; break; default: ret = -EINVAL; goto e_data; } if (sha->src_len && !sha->src) return -EINVAL; memset(&op, 0, sizeof(op)); op.cmd_q = cmd_q; op.jobid = CCP_NEW_JOBID(cmd_q->ccp); op.sb_ctx = cmd_q->sb_ctx; op.u.sha.type = sha->type; op.u.sha.msg_bits = sha->msg_bits; ret = ccp_init_dm_workarea(&ctx, cmd_q, sb_count * CCP_SB_BYTES, DMA_BIDIRECTIONAL); if (ret) return ret; if (sha->first) { switch (sha->type) { case CCP_SHA_TYPE_1: case CCP_SHA_TYPE_224: case CCP_SHA_TYPE_256: memcpy(ctx.address + ioffset, init, ctx_size); break; case CCP_SHA_TYPE_384: case CCP_SHA_TYPE_512: memcpy(ctx.address + ctx_size / 2, init, ctx_size / 2); memcpy(ctx.address, init + ctx_size / 2, ctx_size / 2); break; default: ret = -EINVAL; goto e_ctx; } } else { ret = ccp_set_dm_area(&ctx, 0, sha->ctx, 0, sb_count * CCP_SB_BYTES); if (ret) goto e_ctx; } ret = ccp_copy_to_sb(cmd_q, &ctx, op.jobid, op.sb_ctx, CCP_PASSTHRU_BYTESWAP_256BIT); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_ctx; } if (sha->src) { ret = ccp_init_data(&src, cmd_q, sha->src, sha->src_len, block_size, DMA_TO_DEVICE); if (ret) goto e_ctx; while (src.sg_wa.bytes_left) { ccp_prepare_data(&src, NULL, &op, block_size, false); if (sha->final && !src.sg_wa.bytes_left) op.eom = 1; ret = cmd_q->ccp->vdata->perform->sha(&op); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_data; } ccp_process_data(&src, NULL, &op); } } else { op.eom = 1; ret = cmd_q->ccp->vdata->perform->sha(&op); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_data; } } ret = ccp_copy_from_sb(cmd_q, &ctx, op.jobid, op.sb_ctx, CCP_PASSTHRU_BYTESWAP_256BIT); if (ret) { cmd->engine_error = cmd_q->cmd_error; goto e_data; } if (sha->final) { switch (sha->type) { case CCP_SHA_TYPE_1: case CCP_SHA_TYPE_224: case CCP_SHA_TYPE_256: ccp_get_dm_area(&ctx, ooffset, sha->ctx, 0, digest_size); break; case CCP_SHA_TYPE_384: case CCP_SHA_TYPE_512: ccp_get_dm_area(&ctx, 0, sha->ctx, LSB_ITEM_SIZE - ooffset, LSB_ITEM_SIZE); ccp_get_dm_area(&ctx, LSB_ITEM_SIZE + ooffset, sha->ctx, 0, LSB_ITEM_SIZE - ooffset); break; default: ret = -EINVAL; goto e_ctx; } } else { ccp_get_dm_area(&ctx, 0, sha->ctx, 0, sb_count * CCP_SB_BYTES); } if (sha->final && sha->opad) { struct ccp_cmd hmac_cmd; struct scatterlist sg; u8 *hmac_buf; if (sha->opad_len != block_size) { ret = -EINVAL; goto e_data; } hmac_buf = kmalloc(block_size + digest_size, GFP_KERNEL); if (!hmac_buf) { ret = -ENOMEM; goto e_data; } sg_init_one(&sg, hmac_buf, block_size + digest_size); scatterwalk_map_and_copy(hmac_buf, sha->opad, 0, block_size, 0); switch (sha->type) { case CCP_SHA_TYPE_1: case CCP_SHA_TYPE_224: case CCP_SHA_TYPE_256: memcpy(hmac_buf + block_size, ctx.address + ooffset, digest_size); break; case CCP_SHA_TYPE_384: case CCP_SHA_TYPE_512: memcpy(hmac_buf + block_size, ctx.address + LSB_ITEM_SIZE + ooffset, LSB_ITEM_SIZE); memcpy(hmac_buf + block_size + (LSB_ITEM_SIZE - ooffset), ctx.address, LSB_ITEM_SIZE); break; default: ret = -EINVAL; goto e_ctx; } memset(&hmac_cmd, 0, sizeof(hmac_cmd)); hmac_cmd.engine = CCP_ENGINE_SHA; hmac_cmd.u.sha.type = sha->type; hmac_cmd.u.sha.ctx = sha->ctx; hmac_cmd.u.sha.ctx_len = sha->ctx_len; hmac_cmd.u.sha.src = &sg; hmac_cmd.u.sha.src_len = block_size + digest_size; hmac_cmd.u.sha.opad = NULL; hmac_cmd.u.sha.opad_len = 0; hmac_cmd.u.sha.first = 1; hmac_cmd.u.sha.final = 1; hmac_cmd.u.sha.msg_bits = (block_size + digest_size) << 3; ret = ccp_run_sha_cmd(cmd_q, &hmac_cmd); if (ret) cmd->engine_error = hmac_cmd.engine_error; kfree(hmac_buf); } e_data: if (sha->src) ccp_free_data(&src, cmd_q); e_ctx: ccp_dm_free(&ctx); return ret; }",visit repo url,drivers/crypto/ccp/ccp-ops.c,https://github.com/torvalds/linux,131105596069656,1 1552,[]," __releases(rq2->lock) { spin_unlock(&rq1->lock); if (rq1 != rq2) spin_unlock(&rq2->lock); else __release(rq2->lock); }",linux-2.6,,,279354065768446709094622114662349020380,0 2299,['CWE-120'],"static long do_rmdir(int dfd, const char __user *pathname) { int error = 0; char * name; struct dentry *dentry; struct nameidata nd; name = getname(pathname); if(IS_ERR(name)) return PTR_ERR(name); error = do_path_lookup(dfd, name, LOOKUP_PARENT, &nd); if (error) goto exit; switch(nd.last_type) { case LAST_DOTDOT: error = -ENOTEMPTY; goto exit1; case LAST_DOT: error = -EINVAL; goto exit1; case LAST_ROOT: error = -EBUSY; goto exit1; } mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT); dentry = lookup_hash(&nd); error = PTR_ERR(dentry); if (IS_ERR(dentry)) goto exit2; error = mnt_want_write(nd.path.mnt); if (error) goto exit3; error = vfs_rmdir(nd.path.dentry->d_inode, dentry); mnt_drop_write(nd.path.mnt); exit3: dput(dentry); exit2: mutex_unlock(&nd.path.dentry->d_inode->i_mutex); exit1: path_put(&nd.path); exit: putname(name); return error; }",linux-2.6,,,166036289148825661749924637108057876802,0 4701,CWE-787,"int nntp_add_group(char *line, void *data) { struct NntpServer *nserv = data; struct NntpData *nntp_data = NULL; char group[LONG_STRING]; char desc[HUGE_STRING] = """"; char mod; anum_t first, last; if (!nserv || !line) return 0; if (sscanf(line, ""%s "" ANUM "" "" ANUM "" %c %[^\n]"", group, &last, &first, &mod, desc) < 4) return 0; nntp_data = nntp_data_find(nserv, group); nntp_data->deleted = false; nntp_data->first_message = first; nntp_data->last_message = last; nntp_data->allowed = (mod == 'y') || (mod == 'm'); mutt_str_replace(&nntp_data->desc, desc); if (nntp_data->newsrc_ent || nntp_data->last_cached) nntp_group_unread_stat(nntp_data); else if (nntp_data->last_message && nntp_data->first_message <= nntp_data->last_message) nntp_data->unread = nntp_data->last_message - nntp_data->first_message + 1; else nntp_data->unread = 0; return 0; }",visit repo url,newsrc.c,https://github.com/neomutt/neomutt,101488691228692,1 6205,CWE-190,"void fp54_exp_cyc_sps(fp54_t c, const fp54_t a, const int *b, int len, int sign) { int i, j, k, w = len; fp54_t t, *u = RLC_ALLOCA(fp54_t, w); if (len == 0) { RLC_FREE(u); fp54_set_dig(c, 1); return; } fp54_null(t); RLC_TRY { if (u == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (i = 0; i < w; i++) { fp54_null(u[i]); fp54_new(u[i]); } fp54_new(t); fp54_copy(t, a); if (b[0] == 0) { for (j = 0, i = 1; i < len; i++) { k = (b[i] < 0 ? -b[i] : b[i]); for (; j < k; j++) { fp54_sqr_pck(t, t); } if (b[i] < 0) { fp54_inv_cyc(u[i - 1], t); } else { fp54_copy(u[i - 1], t); } } fp54_back_cyc_sim(u, u, w - 1); fp54_copy(c, a); for (i = 0; i < w - 1; i++) { fp54_mul(c, c, u[i]); } } else { for (j = 0, i = 0; i < len; i++) { k = (b[i] < 0 ? -b[i] : b[i]); for (; j < k; j++) { fp54_sqr_pck(t, t); } if (b[i] < 0) { fp54_inv_cyc(u[i], t); } else { fp54_copy(u[i], t); } } fp54_back_cyc_sim(u, u, w); fp54_copy(c, u[0]); for (i = 1; i < w; i++) { fp54_mul(c, c, u[i]); } } if (sign == RLC_NEG) { fp54_inv_cyc(c, c); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < w; i++) { fp54_free(u[i]); } fp54_free(t); RLC_FREE(u); } }",visit repo url,src/fpx/relic_fpx_cyc.c,https://github.com/relic-toolkit/relic,17401841741420,1 4992,CWE-787,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 6710,CWE-116,"list_session(char *log_dir, regex_t *re, const char *user, const char *tty) { char idbuf[7], *idstr, *cp; struct eventlog *evlog = NULL; const char *timestr; int ret = -1; debug_decl(list_session, SUDO_DEBUG_UTIL); if ((evlog = iolog_parse_loginfo(-1, log_dir)) == NULL) goto done; if (evlog->command == NULL || evlog->submituser == NULL || evlog->runuser == NULL) { goto done; } if (!STAILQ_EMPTY(&search_expr) && !match_expr(&search_expr, evlog, true)) goto done; cp = log_dir + strlen(session_dir) + 1; if (IS_IDLOG(cp)) { idbuf[0] = cp[0]; idbuf[1] = cp[1]; idbuf[2] = cp[3]; idbuf[3] = cp[4]; idbuf[4] = cp[6]; idbuf[5] = cp[7]; idbuf[6] = '\0'; idstr = idbuf; } else { idstr = cp; } timestr = get_timestr(evlog->submit_time.tv_sec, 1); printf(""%s : %s : "", timestr ? timestr : ""invalid date"", evlog->submituser); if (evlog->submithost != NULL) printf(""HOST=%s ; "", evlog->submithost); if (evlog->ttyname != NULL) printf(""TTY=%s ; "", evlog->ttyname); if (evlog->runchroot != NULL) printf(""CHROOT=%s ; "", evlog->runchroot); if (evlog->runcwd != NULL || evlog->cwd != NULL) printf(""CWD=%s ; "", evlog->runcwd ? evlog->runcwd : evlog->cwd); printf(""USER=%s ; "", evlog->runuser); if (evlog->rungroup != NULL) printf(""GROUP=%s ; "", evlog->rungroup); printf(""TSID=%s ; COMMAND=%s\n"", idstr, evlog->command); ret = 0; done: eventlog_free(evlog); debug_return_int(ret); }",visit repo url,plugins/sudoers/sudoreplay.c,https://github.com/sudo-project/sudo,183092709117970,1 3848,CWE-122,"ins_bs( int c, int mode, int *inserted_space_p) { linenr_T lnum; int cc; int temp = 0; colnr_T save_col; colnr_T mincol; int did_backspace = FALSE; int in_indent; int oldState; int cpc[MAX_MCO]; int call_fix_indent = FALSE; if ( BUFEMPTY() || ( #ifdef FEAT_RIGHTLEFT !revins_on && #endif ((curwin->w_cursor.lnum == 1 && curwin->w_cursor.col == 0) || (!can_bs(BS_START) && ((arrow_used #ifdef FEAT_JOB_CHANNEL && !bt_prompt(curbuf) #endif ) || (curwin->w_cursor.lnum == Insstart_orig.lnum && curwin->w_cursor.col <= Insstart_orig.col))) || (!can_bs(BS_INDENT) && !arrow_used && ai_col > 0 && curwin->w_cursor.col <= ai_col) || (!can_bs(BS_EOL) && curwin->w_cursor.col == 0)))) { vim_beep(BO_BS); return FALSE; } if (stop_arrow() == FAIL) return FALSE; in_indent = inindent(0); if (in_indent) can_cindent = FALSE; end_comment_pending = NUL; #ifdef FEAT_RIGHTLEFT if (revins_on) inc_cursor(); #endif if (curwin->w_cursor.coladd > 0) { if (mode == BACKSPACE_CHAR) { --curwin->w_cursor.coladd; return TRUE; } if (mode == BACKSPACE_WORD) { curwin->w_cursor.coladd = 0; return TRUE; } curwin->w_cursor.coladd = 0; } if (curwin->w_cursor.col == 0) { lnum = Insstart.lnum; if (curwin->w_cursor.lnum == lnum #ifdef FEAT_RIGHTLEFT || revins_on #endif ) { if (u_save((linenr_T)(curwin->w_cursor.lnum - 2), (linenr_T)(curwin->w_cursor.lnum + 1)) == FAIL) return FALSE; --Insstart.lnum; Insstart.col = (colnr_T)STRLEN(ml_get(Insstart.lnum)); } cc = -1; if (State & REPLACE_FLAG) cc = replace_pop(); if ((State & REPLACE_FLAG) && curwin->w_cursor.lnum <= lnum) { dec_cursor(); } else { if (!(State & VREPLACE_FLAG) || curwin->w_cursor.lnum > orig_line_count) { temp = gchar_cursor(); --curwin->w_cursor.lnum; if (has_format_option(FO_AUTO) && has_format_option(FO_WHITE_PAR)) { char_u *ptr = ml_get_buf(curbuf, curwin->w_cursor.lnum, TRUE); int len; len = (int)STRLEN(ptr); if (len > 0 && ptr[len - 1] == ' ') ptr[len - 1] = NUL; } (void)do_join(2, FALSE, FALSE, FALSE, FALSE); if (temp == NUL && gchar_cursor() != NUL) inc_cursor(); } else dec_cursor(); if (State & REPLACE_FLAG) { oldState = State; State = MODE_NORMAL; while (cc > 0) { save_col = curwin->w_cursor.col; mb_replace_pop_ins(cc); curwin->w_cursor.col = save_col; cc = replace_pop(); } replace_pop_ins(); State = oldState; } } did_ai = FALSE; } else { #ifdef FEAT_RIGHTLEFT if (revins_on) dec_cursor(); #endif mincol = 0; if (mode == BACKSPACE_LINE && (curbuf->b_p_ai || cindent_on()) #ifdef FEAT_RIGHTLEFT && !revins_on #endif ) { save_col = curwin->w_cursor.col; beginline(BL_WHITE); if (curwin->w_cursor.col < save_col) { mincol = curwin->w_cursor.col; call_fix_indent = TRUE; } curwin->w_cursor.col = save_col; } if ( mode == BACKSPACE_CHAR && ((p_sta && in_indent) || ((get_sts_value() != 0 #ifdef FEAT_VARTABS || tabstop_count(curbuf->b_p_vsts_array) #endif ) && curwin->w_cursor.col > 0 && (*(ml_get_cursor() - 1) == TAB || (*(ml_get_cursor() - 1) == ' ' && (!*inserted_space_p || arrow_used)))))) { int ts; colnr_T vcol; colnr_T want_vcol; colnr_T start_vcol; *inserted_space_p = FALSE; getvcol(curwin, &curwin->w_cursor, &vcol, NULL, NULL); start_vcol = vcol; dec_cursor(); getvcol(curwin, &curwin->w_cursor, NULL, NULL, &want_vcol); inc_cursor(); #ifdef FEAT_VARTABS if (p_sta && in_indent) { ts = (int)get_sw_value(curbuf); want_vcol = (want_vcol / ts) * ts; } else want_vcol = tabstop_start(want_vcol, get_sts_value(), curbuf->b_p_vsts_array); #else if (p_sta && in_indent) ts = (int)get_sw_value(curbuf); else ts = (int)get_sts_value(); want_vcol = (want_vcol / ts) * ts; #endif while (vcol > want_vcol && (cc = *(ml_get_cursor() - 1), VIM_ISWHITE(cc))) ins_bs_one(&vcol); while (vcol < want_vcol) { if (curwin->w_cursor.lnum == Insstart_orig.lnum && curwin->w_cursor.col < Insstart_orig.col) Insstart_orig.col = curwin->w_cursor.col; if (State & VREPLACE_FLAG) ins_char(' '); else { ins_str((char_u *)"" ""); if ((State & REPLACE_FLAG)) replace_push(NUL); } getvcol(curwin, &curwin->w_cursor, &vcol, NULL, NULL); } if (vcol >= start_vcol) ins_bs_one(&vcol); } else { int cclass = 0, prev_cclass = 0; if (has_mbyte) cclass = mb_get_class(ml_get_cursor()); do { #ifdef FEAT_RIGHTLEFT if (!revins_on) #endif dec_cursor(); cc = gchar_cursor(); if (has_mbyte) { prev_cclass = cclass; cclass = mb_get_class(ml_get_cursor()); } if (mode == BACKSPACE_WORD && !vim_isspace(cc)) { mode = BACKSPACE_WORD_NOT_SPACE; temp = vim_iswordc(cc); } else if (mode == BACKSPACE_WORD_NOT_SPACE && ((vim_isspace(cc) || vim_iswordc(cc) != temp) || prev_cclass != cclass)) { #ifdef FEAT_RIGHTLEFT if (!revins_on) #endif inc_cursor(); #ifdef FEAT_RIGHTLEFT else if (State & REPLACE_FLAG) dec_cursor(); #endif break; } if (State & REPLACE_FLAG) replace_do_bs(-1); else { if (enc_utf8 && p_deco) (void)utfc_ptr2char(ml_get_cursor(), cpc); (void)del_char(FALSE); if (enc_utf8 && p_deco && cpc[0] != NUL) inc_cursor(); #ifdef FEAT_RIGHTLEFT if (revins_chars) { revins_chars--; revins_legal++; } if (revins_on && gchar_cursor() == NUL) break; #endif } if (mode == BACKSPACE_CHAR) break; } while ( #ifdef FEAT_RIGHTLEFT revins_on || #endif (curwin->w_cursor.col > mincol && (can_bs(BS_NOSTOP) || (curwin->w_cursor.lnum != Insstart_orig.lnum || curwin->w_cursor.col != Insstart_orig.col) ))); } did_backspace = TRUE; } did_si = FALSE; can_si = FALSE; can_si_back = FALSE; if (curwin->w_cursor.col <= 1) did_ai = FALSE; if (call_fix_indent) fix_indent(); AppendCharToRedobuff(c); if (curwin->w_cursor.lnum == Insstart_orig.lnum && curwin->w_cursor.col < Insstart_orig.col) Insstart_orig.col = curwin->w_cursor.col; if (vim_strchr(p_cpo, CPO_BACKSPACE) != NULL && dollar_vcol == -1) dollar_vcol = curwin->w_virtcol; #ifdef FEAT_FOLDING if (did_backspace) foldOpenCursor(); #endif return did_backspace; }",visit repo url,src/edit.c,https://github.com/vim/vim,117519204420605,1 800,['CWE-16'],"static void esp_output_done(struct crypto_async_request *base, int err) { struct sk_buff *skb = base->data; kfree(ESP_SKB_CB(skb)->tmp); xfrm_output_resume(skb, err); }",linux-2.6,,,199851497095640175832175701822359258477,0 6363,CWE-787,"pspdf_prepare_outpages() { int c, i, j; int nup; page_t *page; outpage_t *outpage; outpages = (outpage_t *)malloc(sizeof(outpage_t) * num_pages); memset(outpages, -1, sizeof(outpage_t) * num_pages); num_outpages = 0; outpage = outpages; if (TitlePage) { for (i = 0, j = 0, nup = -1, page = pages; i < chapter_starts[1]; i ++, page ++) { if (nup != page->nup) { if (j) { outpage ++; num_outpages ++; } nup = page->nup; j = 0; } if (!j) outpage->nup = nup; pspdf_transform_page(num_outpages, j, i); j ++; if (j >= nup) { j = 0; outpage ++; num_outpages ++; } } if (j) { outpage ++; num_outpages ++; } } if (OutputType == OUTPUT_BOOK && TocLevels > 0) c = 0; else c = 1; for (; c <= TocDocCount; c ++) { if (chapter_starts[c] < 0) continue; chapter_outstarts[c] = num_outpages; for (i = chapter_starts[c], j = 0, nup = -1, page = pages + i; i <= chapter_ends[c]; i ++, page ++) { if (nup != page->nup) { if (j) { outpage ++; num_outpages ++; } nup = page->nup; j = 0; } if (!j) outpage->nup = nup; pspdf_transform_page(num_outpages, j, i); j ++; if (j >= nup) { j = 0; outpage ++; num_outpages ++; } } if (j) { outpage ++; num_outpages ++; } chapter_outends[c] = num_outpages; } #ifdef DEBUG for (c = 0; c <= TocDocCount; c ++) printf(""chapter_outstarts[%d] = %d, chapter_outends[%d] = %d\n"", c, chapter_outstarts[c], c, chapter_outends[c]); printf(""num_outpages = %d\n"", (int)num_outpages); for (i = 0, outpage = outpages; i < (int)num_outpages; i ++, outpage ++) { printf(""outpage[%d]:\tnup=%d, pages=["", i, outpage->nup); for (j = 0; j < outpage->nup; j ++) printf("" %d"", outpage->pages[j]); puts("" ]""); page = pages + outpage->pages[0]; printf(""\t\twidth = %d, length = %d\n"", page->width, page->length); } for (c = 0; c <= TocDocCount; c ++) printf(""chapter_starts[%d] = %d, chapter_ends[%d] = %d\n"", c, chapter_starts[c], c, chapter_ends[c]); for (i = 0; i < (int)num_pages; i ++) printf(""pages[%d]->outpage = %d\n"", i, pages[i].outpage); for (i = 0; i < (int)num_headings; i ++) printf(""heading_pages[%d] = %d\n"", i, heading_pages[i]); for (i = 0; i < (int)num_links; i ++) printf(""links[%d].name = \""%s\"", page = %d\n"", i, links[i].name, links[i].page); #endif }",visit repo url,htmldoc/ps-pdf.cxx,https://github.com/michaelrsweet/htmldoc,224083443084398,1 3071,CWE-190,"char *string_crypt(const char *key, const char *salt) { assertx(key); assertx(salt); char random_salt[12]; if (!*salt) { memcpy(random_salt,""$1$"",3); ito64(random_salt+3,rand(),8); random_salt[11] = '\0'; return string_crypt(key, random_salt); } auto const saltLen = strlen(salt); if ((saltLen > sizeof(""$2X$00$"")) && (salt[0] == '$') && (salt[1] == '2') && (salt[2] >= 'a') && (salt[2] <= 'z') && (salt[3] == '$') && (salt[4] >= '0') && (salt[4] <= '3') && (salt[5] >= '0') && (salt[5] <= '9') && (salt[6] == '$')) { char output[61]; static constexpr size_t maxSaltLength = 123; char paddedSalt[maxSaltLength + 1]; paddedSalt[0] = paddedSalt[maxSaltLength] = '\0'; memset(&paddedSalt[1], '$', maxSaltLength - 1); memcpy(paddedSalt, salt, std::min(maxSaltLength, saltLen)); paddedSalt[saltLen] = '\0'; if (php_crypt_blowfish_rn(key, paddedSalt, output, sizeof(output))) { return strdup(output); } } else { #ifdef USE_PHP_CRYPT_R return php_crypt_r(key, salt); #else static Mutex mutex; Lock lock(mutex); char *crypt_res = crypt(key,salt); if (crypt_res) { return strdup(crypt_res); } #endif } return ((salt[0] == '*') && (salt[1] == '0')) ? strdup(""*1"") : strdup(""*0""); }",visit repo url,hphp/zend/zend-string.cpp,https://github.com/facebook/hhvm,171278930242578,1 5507,['CWE-119'],"static int process_request_key_err(long err_code) { int rc = 0; switch (err_code) { case -ENOKEY: ecryptfs_printk(KERN_WARNING, ""No key\n""); rc = -ENOENT; break; case -EKEYEXPIRED: ecryptfs_printk(KERN_WARNING, ""Key expired\n""); rc = -ETIME; break; case -EKEYREVOKED: ecryptfs_printk(KERN_WARNING, ""Key revoked\n""); rc = -EINVAL; break; default: ecryptfs_printk(KERN_WARNING, ""Unknown error code: "" ""[0x%.16x]\n"", err_code); rc = -EINVAL; } return rc; }",linux-2.6,,,26578344930038981814876926963087341058,0 3119,CWE-119,"bool initiate_stratum(struct pool *pool) { bool ret = false, recvd = false, noresume = false, sockd = false; char s[RBUFSIZE], *sret = NULL, *nonce1, *sessionid; json_t *val = NULL, *res_val, *err_val; json_error_t err; int n2size; resend: if (!setup_stratum_socket(pool)) { sockd = false; goto out; } sockd = true; if (recvd) { clear_sock(pool); sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": []}"", swork_id++); } else { if (pool->sessionid) sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": [\""""PACKAGE""/""VERSION""\"", \""%s\""]}"", swork_id++, pool->sessionid); else sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": [\""""PACKAGE""/""VERSION""\""]}"", swork_id++); } if (__stratum_send(pool, s, strlen(s)) != SEND_OK) { applog(LOG_DEBUG, ""Failed to send s in initiate_stratum""); goto out; } if (!socket_full(pool, DEFAULT_SOCKWAIT)) { applog(LOG_DEBUG, ""Timed out waiting for response in initiate_stratum""); goto out; } sret = recv_line(pool); if (!sret) goto out; recvd = true; val = JSON_LOADS(sret, &err); free(sret); if (!val) { applog(LOG_INFO, ""JSON decode failed(%d): %s"", err.line, err.text); goto out; } res_val = json_object_get(val, ""result""); err_val = json_object_get(val, ""error""); if (!res_val || json_is_null(res_val) || (err_val && !json_is_null(err_val))) { char *ss; if (err_val) ss = json_dumps(err_val, JSON_INDENT(3)); else ss = strdup(""(unknown reason)""); applog(LOG_INFO, ""JSON-RPC decode failed: %s"", ss); free(ss); goto out; } sessionid = get_sessionid(res_val); if (!sessionid) applog(LOG_DEBUG, ""Failed to get sessionid in initiate_stratum""); nonce1 = json_array_string(res_val, 1); if (!nonce1) { applog(LOG_INFO, ""Failed to get nonce1 in initiate_stratum""); free(sessionid); goto out; } n2size = json_integer_value(json_array_get(res_val, 2)); if (!n2size) { applog(LOG_INFO, ""Failed to get n2size in initiate_stratum""); free(sessionid); free(nonce1); goto out; } cg_wlock(&pool->data_lock); pool->sessionid = sessionid; pool->nonce1 = nonce1; pool->n1_len = strlen(nonce1) / 2; free(pool->nonce1bin); pool->nonce1bin = calloc(pool->n1_len, 1); if (unlikely(!pool->nonce1bin)) quithere(1, ""Failed to calloc pool->nonce1bin""); hex2bin(pool->nonce1bin, pool->nonce1, pool->n1_len); pool->n2size = n2size; cg_wunlock(&pool->data_lock); if (sessionid) applog(LOG_DEBUG, ""Pool %d stratum session id: %s"", pool->pool_no, pool->sessionid); ret = true; out: if (ret) { if (!pool->stratum_url) pool->stratum_url = pool->sockaddr_url; pool->stratum_active = true; pool->sdiff = 1; if (opt_protocol) { applog(LOG_DEBUG, ""Pool %d confirmed mining.subscribe with extranonce1 %s extran2size %d"", pool->pool_no, pool->nonce1, pool->n2size); } } else { if (recvd && !noresume) { cg_wlock(&pool->data_lock); free(pool->sessionid); free(pool->nonce1); pool->sessionid = pool->nonce1 = NULL; cg_wunlock(&pool->data_lock); applog(LOG_DEBUG, ""Failed to resume stratum, trying afresh""); noresume = true; json_decref(val); goto resend; } applog(LOG_DEBUG, ""Initiate stratum failed""); if (sockd) suspend_stratum(pool); } json_decref(val); return ret; }",visit repo url,util.c,https://github.com/ckolivas/cgminer,255282262861080,1 5776,CWE-125,"sysName_handler(snmp_varbind_t *varbind, uint32_t *oid) { snmp_api_set_string(varbind, oid, ""Contiki-NG - ""CONTIKI_TARGET_STRING); }",visit repo url,examples/snmp-server/resources/snmp-SNMP-MIB-2-System.c,https://github.com/contiki-ng/contiki-ng,278248772257278,1 649,CWE-20,"static int l2tp_ip_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); size_t copied = 0; int err = -EOPNOTSUPP; struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; struct sk_buff *skb; if (flags & MSG_OOB) goto out; if (addr_len) *addr_len = sizeof(*sin); skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_timestamp(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; sin->sin_port = 0; memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); } if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); if (flags & MSG_TRUNC) copied = skb->len; done: skb_free_datagram(sk, skb); out: return err ? err : copied; }",visit repo url,net/l2tp/l2tp_ip.c,https://github.com/torvalds/linux,25169350195135,1 2900,CWE-119,"PredictorDecodeTile(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) { TIFFPredictorState *sp = PredictorState(tif); assert(sp != NULL); assert(sp->decodetile != NULL); if ((*sp->decodetile)(tif, op0, occ0, s)) { tmsize_t rowsize = sp->rowsize; assert(rowsize > 0); assert((occ0%rowsize)==0); assert(sp->decodepfunc != NULL); while (occ0 > 0) { (*sp->decodepfunc)(tif, op0, rowsize); occ0 -= rowsize; op0 += rowsize; } return 1; } else return 0; }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,274595257349164,1 3510,CWE-190,"int read_xattrs_from_disk(int fd, struct squashfs_super_block *sBlk, int flag, long long *table_start) { int res, bytes, i, indexes, index_bytes, ids; long long *index, start, end; struct squashfs_xattr_table id_table; TRACE(""read_xattrs_from_disk\n""); if(sBlk->xattr_id_table_start == SQUASHFS_INVALID_BLK) return SQUASHFS_INVALID_BLK; res = read_fs_bytes(fd, sBlk->xattr_id_table_start, sizeof(id_table), &id_table); if(res == 0) return 0; SQUASHFS_INSWAP_XATTR_TABLE(&id_table); if(flag) { *table_start = id_table.xattr_table_start; return id_table.xattr_ids; } ids = id_table.xattr_ids; xattr_table_start = id_table.xattr_table_start; index_bytes = SQUASHFS_XATTR_BLOCK_BYTES(ids); indexes = SQUASHFS_XATTR_BLOCKS(ids); index = malloc(index_bytes); if(index == NULL) MEM_ERROR(); res = read_fs_bytes(fd, sBlk->xattr_id_table_start + sizeof(id_table), index_bytes, index); if(res ==0) goto failed1; SQUASHFS_INSWAP_LONG_LONGS(index, indexes); bytes = SQUASHFS_XATTR_BYTES(ids); xattr_ids = malloc(bytes); if(xattr_ids == NULL) MEM_ERROR(); for(i = 0; i < indexes; i++) { int expected = (i + 1) != indexes ? SQUASHFS_METADATA_SIZE : bytes & (SQUASHFS_METADATA_SIZE - 1); int length = read_block(fd, index[i], NULL, expected, ((unsigned char *) xattr_ids) + (i * SQUASHFS_METADATA_SIZE)); TRACE(""Read xattr id table block %d, from 0x%llx, length "" ""%d\n"", i, index[i], length); if(length == 0) { ERROR(""Failed to read xattr id table block %d, "" ""from 0x%llx, length %d\n"", i, index[i], length); goto failed2; } } start = xattr_table_start; end = index[0]; for(i = 0; start < end; i++) { int length; xattrs = realloc(xattrs, (i + 1) * SQUASHFS_METADATA_SIZE); if(xattrs == NULL) MEM_ERROR(); save_xattr_block(start, i * SQUASHFS_METADATA_SIZE); length = read_block(fd, start, &start, 0, ((unsigned char *) xattrs) + (i * SQUASHFS_METADATA_SIZE)); TRACE(""Read xattr block %d, length %d\n"", i, length); if(length == 0) { ERROR(""Failed to read xattr block %d\n"", i); goto failed3; } if(start != end && length != SQUASHFS_METADATA_SIZE) { ERROR(""Xattr block %d should be %d bytes in length, "" ""it is %d bytes\n"", i, SQUASHFS_METADATA_SIZE, length); goto failed3; } } for(i = 0; i < ids; i++) SQUASHFS_INSWAP_XATTR_ID(&xattr_ids[i]); free(index); return ids; failed3: free(xattrs); failed2: free(xattr_ids); failed1: free(index); return 0; }",visit repo url,squashfs-tools/read_xattrs.c,https://github.com/plougher/squashfs-tools,59556073409303,1 3254,['CWE-189'],"static int jas_icccurv_copy(jas_iccattrval_t *attrval, jas_iccattrval_t *othattrval) { attrval = 0; othattrval = 0; abort(); return -1; }",jasper,,,175904592416999126442044190443056468598,0 3697,CWE-320,"sshkey_load_file(int fd, struct sshbuf *blob) { u_char buf[1024]; size_t len; struct stat st; int r; if (fstat(fd, &st) < 0) return SSH_ERR_SYSTEM_ERROR; if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size > MAX_KEY_FILE_SIZE) return SSH_ERR_INVALID_FORMAT; for (;;) { if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { if (errno == EPIPE) break; r = SSH_ERR_SYSTEM_ERROR; goto out; } if ((r = sshbuf_put(blob, buf, len)) != 0) goto out; if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { r = SSH_ERR_INVALID_FORMAT; goto out; } } if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && st.st_size != (off_t)sshbuf_len(blob)) { r = SSH_ERR_FILE_CHANGED; goto out; } r = 0; out: explicit_bzero(buf, sizeof(buf)); if (r != 0) sshbuf_reset(blob); return r; }",visit repo url,usr.bin/ssh/authfile.c,https://github.com/openbsd/src,61243699210842,1 645,[],"static int __init dccp_mib_init(void) { int rc = -ENOMEM; dccp_statistics[0] = alloc_percpu(struct dccp_mib); if (dccp_statistics[0] == NULL) goto out; dccp_statistics[1] = alloc_percpu(struct dccp_mib); if (dccp_statistics[1] == NULL) goto out_free_one; rc = 0; out: return rc; out_free_one: free_percpu(dccp_statistics[0]); dccp_statistics[0] = NULL; goto out; }",linux-2.6,,,78773490028062686007462215723596203513,0 431,CWE-20,"static int vmx_update_pi_irte(struct kvm *kvm, unsigned int host_irq, uint32_t guest_irq, bool set) { struct kvm_kernel_irq_routing_entry *e; struct kvm_irq_routing_table *irq_rt; struct kvm_lapic_irq irq; struct kvm_vcpu *vcpu; struct vcpu_data vcpu_info; int idx, ret = -EINVAL; if (!kvm_arch_has_assigned_device(kvm) || !irq_remapping_cap(IRQ_POSTING_CAP) || !kvm_vcpu_apicv_active(kvm->vcpus[0])) return 0; idx = srcu_read_lock(&kvm->irq_srcu); irq_rt = srcu_dereference(kvm->irq_routing, &kvm->irq_srcu); BUG_ON(guest_irq >= irq_rt->nr_rt_entries); hlist_for_each_entry(e, &irq_rt->map[guest_irq], link) { if (e->type != KVM_IRQ_ROUTING_MSI) continue; kvm_set_msi_irq(kvm, e, &irq); if (!kvm_intr_is_single_vcpu(kvm, &irq, &vcpu)) { ret = irq_set_vcpu_affinity(host_irq, NULL); if (ret < 0) { printk(KERN_INFO ""failed to back to remapped mode, irq: %u\n"", host_irq); goto out; } continue; } vcpu_info.pi_desc_addr = __pa(vcpu_to_pi_desc(vcpu)); vcpu_info.vector = irq.vector; trace_kvm_pi_irte_update(vcpu->vcpu_id, host_irq, e->gsi, vcpu_info.vector, vcpu_info.pi_desc_addr, set); if (set) ret = irq_set_vcpu_affinity(host_irq, &vcpu_info); else { pi_set_sn(vcpu_to_pi_desc(vcpu)); ret = irq_set_vcpu_affinity(host_irq, NULL); pi_clear_sn(vcpu_to_pi_desc(vcpu)); } if (ret < 0) { printk(KERN_INFO ""%s: failed to update PI IRTE\n"", __func__); goto out; } } ret = 0; out: srcu_read_unlock(&kvm->irq_srcu, idx); return ret; }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,153518360153919,1 2780,['CWE-264'],"download_data( struct net_device *dev, u32 *crc_p ) { struct net_local *nl = (struct net_local *) dev->priv; struct sk_buff *skb = nl->tx_buf_p; unsigned len = min_t(unsigned int, skb->len - nl->outpos, nl->framelen); outsb( dev->base_addr + DAT, skb->data + nl->outpos, len ); *crc_p = calc_crc32( *crc_p, skb->data + nl->outpos, len ); for( len = nl->framelen - len; len--; ) outb( 0, dev->base_addr + DAT ), *crc_p = CRC32( 0, *crc_p ); }",linux-2.6,,,15169222793996352510525449413939520672,0 3311,['CWE-189'],"int jpc_tagtree_encode(jpc_tagtree_t *tree, jpc_tagtreenode_t *leaf, int threshold, jpc_bitstream_t *out) { jpc_tagtreenode_t *stk[JPC_TAGTREE_MAXDEPTH - 1]; jpc_tagtreenode_t **stkptr; jpc_tagtreenode_t *node; int low; tree = 0; assert(leaf); assert(threshold >= 0); stkptr = stk; node = leaf; while (node->parent_) { *stkptr++ = node; node = node->parent_; } low = 0; for (;;) { if (low > node->low_) { node->low_ = low; } else { low = node->low_; } while (low < threshold) { if (low >= node->value_) { if (!node->known_) { if (jpc_bitstream_putbit(out, 1) == EOF) { return -1; } node->known_ = 1; } break; } if (jpc_bitstream_putbit(out, 0) == EOF) { return -1; } ++low; } node->low_ = low; if (stkptr == stk) { break; } node = *--stkptr; } return (leaf->low_ < threshold) ? 1 : 0; }",jasper,,,218358929552024897193268474985753269108,0 6343,['CWE-200'],"int ipmr_ioctl(struct sock *sk, int cmd, void __user *arg) { struct sioc_sg_req sr; struct sioc_vif_req vr; struct vif_device *vif; struct mfc_cache *c; switch(cmd) { case SIOCGETVIFCNT: if (copy_from_user(&vr,arg,sizeof(vr))) return -EFAULT; if(vr.vifi>=maxvif) return -EINVAL; read_lock(&mrt_lock); vif=&vif_table[vr.vifi]; if(VIF_EXISTS(vr.vifi)) { vr.icount=vif->pkt_in; vr.ocount=vif->pkt_out; vr.ibytes=vif->bytes_in; vr.obytes=vif->bytes_out; read_unlock(&mrt_lock); if (copy_to_user(arg,&vr,sizeof(vr))) return -EFAULT; return 0; } read_unlock(&mrt_lock); return -EADDRNOTAVAIL; case SIOCGETSGCNT: if (copy_from_user(&sr,arg,sizeof(sr))) return -EFAULT; read_lock(&mrt_lock); c = ipmr_cache_find(sr.src.s_addr, sr.grp.s_addr); if (c) { sr.pktcnt = c->mfc_un.res.pkt; sr.bytecnt = c->mfc_un.res.bytes; sr.wrong_if = c->mfc_un.res.wrong_if; read_unlock(&mrt_lock); if (copy_to_user(arg,&sr,sizeof(sr))) return -EFAULT; return 0; } read_unlock(&mrt_lock); return -EADDRNOTAVAIL; default: return -ENOIOCTLCMD; } }",linux-2.6,,,196662380937958315926999960956976591736,0 3506,CWE-193,"static unsigned char *read_chunk(struct mschm_decompressor_p *self, struct mschmd_header *chm, struct mspack_file *fh, unsigned int chunk_num) { struct mspack_system *sys = self->system; unsigned char *buf; if (chunk_num > chm->num_chunks) return NULL; if (!chm->chunk_cache) { size_t size = sizeof(unsigned char *) * chm->num_chunks; if (!(chm->chunk_cache = (unsigned char **) sys->alloc(sys, size))) { self->error = MSPACK_ERR_NOMEMORY; return NULL; } memset(chm->chunk_cache, 0, size); } if (chm->chunk_cache[chunk_num]) return chm->chunk_cache[chunk_num]; if (!(buf = (unsigned char *) sys->alloc(sys, chm->chunk_size))) { self->error = MSPACK_ERR_NOMEMORY; return NULL; } if (sys->seek(fh, (off_t) (chm->dir_offset + (chunk_num * chm->chunk_size)), MSPACK_SYS_SEEK_START)) { self->error = MSPACK_ERR_SEEK; sys->free(buf); return NULL; } if (sys->read(fh, buf, (int)chm->chunk_size) != (int)chm->chunk_size) { self->error = MSPACK_ERR_READ; sys->free(buf); return NULL; } if (!((buf[0] == 0x50) && (buf[1] == 0x4D) && (buf[2] == 0x47) && ((buf[3] == 0x4C) || (buf[3] == 0x49)))) { self->error = MSPACK_ERR_SEEK; sys->free(buf); return NULL; } return chm->chunk_cache[chunk_num] = buf; }",visit repo url,libmspack/mspack/chmd.c,https://github.com/kyz/libmspack,194513908246299,1 1483,CWE-264,"int perf_event_refresh(struct perf_event *event, int refresh) { if (event->attr.inherit || !is_sampling_event(event)) return -EINVAL; atomic_add(refresh, &event->event_limit); perf_event_enable(event); return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,151277313027093,1 4270,CWE-416,"static pyc_object *get_tuple_object(RBuffer *buffer) { pyc_object *ret = NULL; bool error = false; ut32 n = 0; n = get_ut32 (buffer, &error); if (n > ST32_MAX) { eprintf (""bad marshal data (tuple size out of range)\n""); return NULL; } if (error) { return NULL; } ret = get_array_object_generic (buffer, n); if (ret) { ret->type = TYPE_TUPLE; return ret; } return NULL; }",visit repo url,libr/bin/format/pyc/marshal.c,https://github.com/radareorg/radare2,226127618297606,1 1812,CWE-284,"static bool msr_mtrr_valid(unsigned msr) { switch (msr) { case 0x200 ... 0x200 + 2 * KVM_NR_VAR_MTRR - 1: case MSR_MTRRfix64K_00000: case MSR_MTRRfix16K_80000: case MSR_MTRRfix16K_A0000: case MSR_MTRRfix4K_C0000: case MSR_MTRRfix4K_C8000: case MSR_MTRRfix4K_D0000: case MSR_MTRRfix4K_D8000: case MSR_MTRRfix4K_E0000: case MSR_MTRRfix4K_E8000: case MSR_MTRRfix4K_F0000: case MSR_MTRRfix4K_F8000: case MSR_MTRRdefType: case MSR_IA32_CR_PAT: return true; case 0x2f8: return true; } return false; }",visit repo url,arch/x86/kvm/mtrr.c,https://github.com/torvalds/linux,220709034528769,1 1204,CWE-400,"int do_mathemu(struct pt_regs *regs, struct fpustate *f) { unsigned long pc = regs->tpc; unsigned long tstate = regs->tstate; u32 insn = 0; int type = 0; #define TYPE(ftt, r, ru, b, bu, a, au) type = (au << 2) | (a << 0) | (bu << 5) | (b << 3) | (ru << 8) | (r << 6) | (ftt << 9) int freg; static u64 zero[2] = { 0L, 0L }; int flags; FP_DECL_EX; FP_DECL_S(SA); FP_DECL_S(SB); FP_DECL_S(SR); FP_DECL_D(DA); FP_DECL_D(DB); FP_DECL_D(DR); FP_DECL_Q(QA); FP_DECL_Q(QB); FP_DECL_Q(QR); int IR; long XR, xfsr; if (tstate & TSTATE_PRIV) die_if_kernel(""unfinished/unimplemented FPop from kernel"", regs); perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); if (test_thread_flag(TIF_32BIT)) pc = (u32)pc; if (get_user(insn, (u32 __user *) pc) != -EFAULT) { if ((insn & 0xc1f80000) == 0x81a00000) { switch ((insn >> 5) & 0x1ff) { case FMOVQ: case FNEGQ: case FABSQ: TYPE(3,3,0,3,0,0,0); break; case FSQRTQ: TYPE(3,3,1,3,1,0,0); break; case FADDQ: case FSUBQ: case FMULQ: case FDIVQ: TYPE(3,3,1,3,1,3,1); break; case FDMULQ: TYPE(3,3,1,2,1,2,1); break; case FQTOX: TYPE(3,2,0,3,1,0,0); break; case FXTOQ: TYPE(3,3,1,2,0,0,0); break; case FQTOS: TYPE(3,1,1,3,1,0,0); break; case FQTOD: TYPE(3,2,1,3,1,0,0); break; case FITOQ: TYPE(3,3,1,1,0,0,0); break; case FSTOQ: TYPE(3,3,1,1,1,0,0); break; case FDTOQ: TYPE(3,3,1,2,1,0,0); break; case FQTOI: TYPE(3,1,0,3,1,0,0); break; case FSQRTS: { unsigned long x = current_thread_info()->xfsr[0]; x = (x >> 14) & 0xf; TYPE(x,1,1,1,1,0,0); break; } case FSQRTD: { unsigned long x = current_thread_info()->xfsr[0]; x = (x >> 14) & 0xf; TYPE(x,2,1,2,1,0,0); break; } case FADDD: case FSUBD: case FMULD: case FDIVD: TYPE(2,2,1,2,1,2,1); break; case FADDS: case FSUBS: case FMULS: case FDIVS: TYPE(2,1,1,1,1,1,1); break; case FSMULD: TYPE(2,2,1,1,1,1,1); break; case FSTOX: TYPE(2,2,0,1,1,0,0); break; case FDTOX: TYPE(2,2,0,2,1,0,0); break; case FDTOS: TYPE(2,1,1,2,1,0,0); break; case FSTOD: TYPE(2,2,1,1,1,0,0); break; case FSTOI: TYPE(2,1,0,1,1,0,0); break; case FDTOI: TYPE(2,1,0,2,1,0,0); break; case FXTOS: TYPE(2,1,1,2,0,0,0); break; case FXTOD: TYPE(2,2,1,2,0,0,0); break; #if 0 case FITOS: TYPE(2,1,1,1,0,0,0); break; #endif case FITOD: TYPE(2,2,1,1,0,0,0); break; } } else if ((insn & 0xc1f80000) == 0x81a80000) { IR = 2; switch ((insn >> 5) & 0x1ff) { case FCMPQ: TYPE(3,0,0,3,1,3,1); break; case FCMPEQ: TYPE(3,0,0,3,1,3,1); break; case FMOVQ0: case FMOVQ1: case FMOVQ2: case FMOVQ3: if (!((insn >> 11) & 3)) XR = current_thread_info()->xfsr[0] >> 10; else XR = current_thread_info()->xfsr[0] >> (30 + ((insn >> 10) & 0x6)); XR &= 3; IR = 0; switch ((insn >> 14) & 0x7) { case 1: if (XR) IR = 1; break; case 2: if (XR == 1 || XR == 2) IR = 1; break; case 3: if (XR & 1) IR = 1; break; case 4: if (XR == 1) IR = 1; break; case 5: if (XR & 2) IR = 1; break; case 6: if (XR == 2) IR = 1; break; case 7: if (XR == 3) IR = 1; break; } if ((insn >> 14) & 8) IR ^= 1; break; case FMOVQI: case FMOVQX: XR = regs->tstate >> 32; if ((insn >> 5) & 0x80) XR >>= 4; XR &= 0xf; IR = 0; freg = ((XR >> 2) ^ XR) & 2; switch ((insn >> 14) & 0x7) { case 1: if (XR & 4) IR = 1; break; case 2: if ((XR & 4) || freg) IR = 1; break; case 3: if (freg) IR = 1; break; case 4: if (XR & 5) IR = 1; break; case 5: if (XR & 1) IR = 1; break; case 6: if (XR & 8) IR = 1; break; case 7: if (XR & 2) IR = 1; break; } if ((insn >> 14) & 8) IR ^= 1; break; case FMOVQZ: case FMOVQLE: case FMOVQLZ: case FMOVQNZ: case FMOVQGZ: case FMOVQGE: freg = (insn >> 14) & 0x1f; if (!freg) XR = 0; else if (freg < 16) XR = regs->u_regs[freg]; else if (test_thread_flag(TIF_32BIT)) { struct reg_window32 __user *win32; flushw_user (); win32 = (struct reg_window32 __user *)((unsigned long)((u32)regs->u_regs[UREG_FP])); get_user(XR, &win32->locals[freg - 16]); } else { struct reg_window __user *win; flushw_user (); win = (struct reg_window __user *)(regs->u_regs[UREG_FP] + STACK_BIAS); get_user(XR, &win->locals[freg - 16]); } IR = 0; switch ((insn >> 10) & 3) { case 1: if (!XR) IR = 1; break; case 2: if (XR <= 0) IR = 1; break; case 3: if (XR < 0) IR = 1; break; } if ((insn >> 10) & 4) IR ^= 1; break; } if (IR == 0) { current_thread_info()->xfsr[0] &= ~(FSR_CEXC_MASK); regs->tpc = regs->tnpc; regs->tnpc += 4; return 1; } else if (IR == 1) { insn = (insn & 0x3e00001f) | 0x81a00060; TYPE(3,3,0,3,0,0,0); } } } if (type) { argp rs1 = NULL, rs2 = NULL, rd = NULL; freg = (current_thread_info()->xfsr[0] >> 14) & 0xf; if (freg != (type >> 9)) goto err; current_thread_info()->xfsr[0] &= ~0x1c000; freg = ((insn >> 14) & 0x1f); switch (type & 0x3) { case 3: if (freg & 2) { current_thread_info()->xfsr[0] |= (6 << 14) ; goto err; } case 2: freg = ((freg & 1) << 5) | (freg & 0x1e); case 1: rs1 = (argp)&f->regs[freg]; flags = (freg < 32) ? FPRS_DL : FPRS_DU; if (!(current_thread_info()->fpsaved[0] & flags)) rs1 = (argp)&zero; break; } switch (type & 0x7) { case 7: FP_UNPACK_QP (QA, rs1); break; case 6: FP_UNPACK_DP (DA, rs1); break; case 5: FP_UNPACK_SP (SA, rs1); break; } freg = (insn & 0x1f); switch ((type >> 3) & 0x3) { case 3: if (freg & 2) { current_thread_info()->xfsr[0] |= (6 << 14) ; goto err; } case 2: freg = ((freg & 1) << 5) | (freg & 0x1e); case 1: rs2 = (argp)&f->regs[freg]; flags = (freg < 32) ? FPRS_DL : FPRS_DU; if (!(current_thread_info()->fpsaved[0] & flags)) rs2 = (argp)&zero; break; } switch ((type >> 3) & 0x7) { case 7: FP_UNPACK_QP (QB, rs2); break; case 6: FP_UNPACK_DP (DB, rs2); break; case 5: FP_UNPACK_SP (SB, rs2); break; } freg = ((insn >> 25) & 0x1f); switch ((type >> 6) & 0x3) { case 3: if (freg & 2) { current_thread_info()->xfsr[0] |= (6 << 14) ; goto err; } case 2: freg = ((freg & 1) << 5) | (freg & 0x1e); case 1: rd = (argp)&f->regs[freg]; flags = (freg < 32) ? FPRS_DL : FPRS_DU; if (!(current_thread_info()->fpsaved[0] & FPRS_FEF)) { current_thread_info()->fpsaved[0] = FPRS_FEF; current_thread_info()->gsr[0] = 0; } if (!(current_thread_info()->fpsaved[0] & flags)) { if (freg < 32) memset(f->regs, 0, 32*sizeof(u32)); else memset(f->regs+32, 0, 32*sizeof(u32)); } current_thread_info()->fpsaved[0] |= flags; break; } switch ((insn >> 5) & 0x1ff) { case FADDS: FP_ADD_S (SR, SA, SB); break; case FADDD: FP_ADD_D (DR, DA, DB); break; case FADDQ: FP_ADD_Q (QR, QA, QB); break; case FSUBS: FP_SUB_S (SR, SA, SB); break; case FSUBD: FP_SUB_D (DR, DA, DB); break; case FSUBQ: FP_SUB_Q (QR, QA, QB); break; case FMULS: FP_MUL_S (SR, SA, SB); break; case FSMULD: FP_CONV (D, S, 1, 1, DA, SA); FP_CONV (D, S, 1, 1, DB, SB); case FMULD: FP_MUL_D (DR, DA, DB); break; case FDMULQ: FP_CONV (Q, D, 2, 1, QA, DA); FP_CONV (Q, D, 2, 1, QB, DB); case FMULQ: FP_MUL_Q (QR, QA, QB); break; case FDIVS: FP_DIV_S (SR, SA, SB); break; case FDIVD: FP_DIV_D (DR, DA, DB); break; case FDIVQ: FP_DIV_Q (QR, QA, QB); break; case FSQRTS: FP_SQRT_S (SR, SB); break; case FSQRTD: FP_SQRT_D (DR, DB); break; case FSQRTQ: FP_SQRT_Q (QR, QB); break; case FMOVQ: rd->q[0] = rs2->q[0]; rd->q[1] = rs2->q[1]; break; case FABSQ: rd->q[0] = rs2->q[0] & 0x7fffffffffffffffUL; rd->q[1] = rs2->q[1]; break; case FNEGQ: rd->q[0] = rs2->q[0] ^ 0x8000000000000000UL; rd->q[1] = rs2->q[1]; break; case FSTOI: FP_TO_INT_S (IR, SB, 32, 1); break; case FDTOI: FP_TO_INT_D (IR, DB, 32, 1); break; case FQTOI: FP_TO_INT_Q (IR, QB, 32, 1); break; case FSTOX: FP_TO_INT_S (XR, SB, 64, 1); break; case FDTOX: FP_TO_INT_D (XR, DB, 64, 1); break; case FQTOX: FP_TO_INT_Q (XR, QB, 64, 1); break; case FITOQ: IR = rs2->s; FP_FROM_INT_Q (QR, IR, 32, int); break; case FXTOQ: XR = rs2->d; FP_FROM_INT_Q (QR, XR, 64, long); break; case FXTOS: XR = rs2->d; FP_FROM_INT_S (SR, XR, 64, long); break; case FXTOD: XR = rs2->d; FP_FROM_INT_D (DR, XR, 64, long); break; #if 0 case FITOS: IR = rs2->s; FP_FROM_INT_S (SR, IR, 32, int); break; #endif case FITOD: IR = rs2->s; FP_FROM_INT_D (DR, IR, 32, int); break; case FSTOD: FP_CONV (D, S, 1, 1, DR, SB); break; case FSTOQ: FP_CONV (Q, S, 2, 1, QR, SB); break; case FDTOQ: FP_CONV (Q, D, 2, 1, QR, DB); break; case FDTOS: FP_CONV (S, D, 1, 1, SR, DB); break; case FQTOS: FP_CONV (S, Q, 1, 2, SR, QB); break; case FQTOD: FP_CONV (D, Q, 1, 2, DR, QB); break; case FCMPQ: case FCMPEQ: FP_CMP_Q(XR, QB, QA, 3); if (XR == 3 && (((insn >> 5) & 0x1ff) == FCMPEQ || FP_ISSIGNAN_Q(QA) || FP_ISSIGNAN_Q(QB))) FP_SET_EXCEPTION (FP_EX_INVALID); } if (!FP_INHIBIT_RESULTS) { switch ((type >> 6) & 0x7) { case 0: xfsr = current_thread_info()->xfsr[0]; if (XR == -1) XR = 2; switch (freg & 3) { case 0: xfsr &= ~0xc00; xfsr |= (XR << 10); break; case 1: xfsr &= ~0x300000000UL; xfsr |= (XR << 32); break; case 2: xfsr &= ~0xc00000000UL; xfsr |= (XR << 34); break; case 3: xfsr &= ~0x3000000000UL; xfsr |= (XR << 36); break; } current_thread_info()->xfsr[0] = xfsr; break; case 1: rd->s = IR; break; case 2: rd->d = XR; break; case 5: FP_PACK_SP (rd, SR); break; case 6: FP_PACK_DP (rd, DR); break; case 7: FP_PACK_QP (rd, QR); break; } } if(_fex != 0) return record_exception(regs, _fex); current_thread_info()->xfsr[0] &= ~(FSR_CEXC_MASK); regs->tpc = regs->tnpc; regs->tnpc += 4; return 1; } err: return 0; }",visit repo url,arch/sparc/math-emu/math_64.c,https://github.com/torvalds/linux,205050916422906,1 4500,CWE-476,"GF_Err gf_isom_box_parse_ex(GF_Box **outBox, GF_BitStream *bs, u32 parent_type, Bool is_root_box, u64 parent_size) { u32 type, uuid_type, hdr_size, restore_type; u64 size, start, comp_start, end; char uuid[16]; GF_Err e; GF_BitStream *uncomp_bs = NULL; u8 *uncomp_data = NULL; u32 compressed_size=0; GF_Box *newBox; Bool skip_logs = (gf_bs_get_cookie(bs) & GF_ISOM_BS_COOKIE_NO_LOGS ) ? GF_TRUE : GF_FALSE; Bool is_special = GF_TRUE; if ((bs == NULL) || (outBox == NULL) ) return GF_BAD_PARAM; *outBox = NULL; if (gf_bs_available(bs) < 8) { return GF_ISOM_INCOMPLETE_FILE; } comp_start = start = gf_bs_get_position(bs); uuid_type = 0; size = (u64) gf_bs_read_u32(bs); hdr_size = 4; if ((size >= 2) && (size <= 4)) { size = 4; type = GF_ISOM_BOX_TYPE_VOID; } else { type = gf_bs_read_u32(bs); hdr_size += 4; if (type == GF_ISOM_BOX_TYPE_TOTL) size = 12; if (!size) { if (is_root_box) { if (!skip_logs) { GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Warning Read Box type %s (0x%08X) size 0 reading till the end of file\n"", gf_4cc_to_str(type), type)); } size = gf_bs_available(bs) + 8; } else { if (!skip_logs) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Read Box type %s (0x%08X) at position ""LLU"" has size 0 but is not at root/file level. Forbidden, skipping end of parent box !\n"", gf_4cc_to_str(type), type, start)); return GF_SKIP_BOX; } return GF_OK; } } if (is_root_box && (size>=8)) { Bool do_uncompress = GF_FALSE; u8 *compb = NULL; u32 osize = 0; u32 otype = type; if (type==GF_4CC('!', 'm', 'o', 'f')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_MOOF; } else if (type==GF_4CC('!', 'm', 'o', 'v')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_MOOV; } else if (type==GF_4CC('!', 's', 'i', 'x')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_SIDX; } else if (type==GF_4CC('!', 's', 's', 'x')) { do_uncompress = GF_TRUE; type = GF_ISOM_BOX_TYPE_SSIX; } if (do_uncompress) { compb = gf_malloc((u32) (size-8)); compressed_size = (u32) (size - 8); gf_bs_read_data(bs, compb, compressed_size); e = gf_gz_decompress_payload(compb, compressed_size, &uncomp_data, &osize); if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Failed to uncompress payload for box type %s (0x%08X)\n"", gf_4cc_to_str(otype), otype)); return e; } size = osize + 8; uncomp_bs = gf_bs_new(uncomp_data, osize, GF_BITSTREAM_READ); bs = uncomp_bs; start = 0; gf_free(compb); } } } memset(uuid, 0, 16); if (type == GF_ISOM_BOX_TYPE_UUID ) { if (gf_bs_available(bs) < 16) { return GF_ISOM_INCOMPLETE_FILE; } gf_bs_read_data(bs, uuid, 16); hdr_size += 16; uuid_type = gf_isom_solve_uuid_box(uuid); } if (size == 1) { if (gf_bs_available(bs) < 8) { return GF_ISOM_INCOMPLETE_FILE; } size = gf_bs_read_u64(bs); hdr_size += 8; } if (!skip_logs) GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[iso file] Read Box type %s size ""LLD"" start ""LLD""\n"", gf_4cc_to_str(type), size, start)); if ( size < hdr_size ) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Box %s size ""LLD"" less than box header size %d\n"", gf_4cc_to_str(type), size, hdr_size)); return GF_ISOM_INVALID_FILE; } if (parent_size && (parent_sizereference_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_IREF)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_REFI); if (!newBox) return GF_OUT_OF_MEM; ((GF_ItemReferenceTypeBox*)newBox)->reference_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_TRGR)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_TRGT); if (!newBox) return GF_OUT_OF_MEM; ((GF_TrackGroupTypeBox*)newBox)->group_type = type; } else if (parent_type && (parent_type == GF_ISOM_BOX_TYPE_GRPL)) { newBox = gf_isom_box_new(GF_ISOM_BOX_TYPE_GRPT); if (!newBox) return GF_OUT_OF_MEM; ((GF_EntityToGroupTypeBox*)newBox)->grouping_type = type; } else { is_special = GF_FALSE; newBox = gf_isom_box_new_ex(uuid_type ? uuid_type : type, parent_type, skip_logs, is_root_box); if (!newBox) return GF_OUT_OF_MEM; } if (type==GF_ISOM_BOX_TYPE_UUID && !is_special) { memcpy(((GF_UUIDBox *)newBox)->uuid, uuid, 16); ((GF_UUIDBox *)newBox)->internal_4cc = uuid_type; } if (!newBox->type) newBox->type = type; if (restore_type) newBox->type = restore_type; end = gf_bs_available(bs); if (size - hdr_size > end ) { newBox->size = size - hdr_size - end; *outBox = newBox; return GF_ISOM_INCOMPLETE_FILE; } newBox->size = size - hdr_size; e = gf_isom_full_box_read(newBox, bs); if (!e) e = gf_isom_box_read(newBox, bs); if (e) { if (gf_opts_get_bool(""core"", ""no-check"")) e = GF_OK; } newBox->size = size; end = gf_bs_get_position(bs); if (uncomp_bs) { gf_free(uncomp_data); gf_bs_del(uncomp_bs); if (e) { gf_isom_box_del(newBox); *outBox = NULL; return e; } size -= 8; if (type==GF_ISOM_BOX_TYPE_MOOF) { ((GF_MovieFragmentBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; } else if (type==GF_ISOM_BOX_TYPE_MOOV) { ((GF_MovieBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; ((GF_MovieBox *)newBox)->file_offset = comp_start; } else if (type==GF_ISOM_BOX_TYPE_SIDX) { ((GF_SegmentIndexBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; } else if (type==GF_ISOM_BOX_TYPE_SSIX) { ((GF_SubsegmentIndexBox *)newBox)->compressed_diff = (s32)size - (s32)compressed_size; } newBox->internal_flags = GF_ISOM_BOX_COMPRESSED; } if (e && (e != GF_ISOM_INCOMPLETE_FILE)) { gf_isom_box_del(newBox); *outBox = NULL; if (!skip_logs) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Read Box \""%s\"" (start ""LLU"") failed (%s) - skipping\n"", gf_4cc_to_str(type), start, gf_error_to_string(e))); } return e; } if (end-start > size) { if (!skip_logs) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Box \""%s\"" size ""LLU"" (start ""LLU"") invalid (read ""LLU"")\n"", gf_4cc_to_str(type), size, start, (end-start) )); } gf_bs_seek(bs, start+size); } else if (end-start < size) { u32 to_skip = (u32) (size-(end-start)); if (!skip_logs) { if ((to_skip!=4) || gf_bs_peek_bits(bs, 32, 0)) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[iso file] Box \""%s\"" (start ""LLU"") has %u extra bytes\n"", gf_4cc_to_str(type), start, to_skip)); unused_bytes += to_skip; } } gf_bs_skip_bytes(bs, to_skip); } *outBox = newBox; return e; }",visit repo url,src/isomedia/box_funcs.c,https://github.com/gpac/gpac,50383014184537,1 867,['CWE-119'],"isdn_timer_funct(ulong dummy) { int tf = dev->tflags; if (tf & ISDN_TIMER_FAST) { if (tf & ISDN_TIMER_MODEMREAD) isdn_tty_readmodem(); if (tf & ISDN_TIMER_MODEMPLUS) isdn_tty_modem_escape(); if (tf & ISDN_TIMER_MODEMXMIT) isdn_tty_modem_xmit(); } if (tf & ISDN_TIMER_SLOW) { if (++isdn_timer_cnt1 >= ISDN_TIMER_02SEC) { isdn_timer_cnt1 = 0; if (tf & ISDN_TIMER_NETDIAL) isdn_net_dial(); } if (++isdn_timer_cnt2 >= ISDN_TIMER_1SEC) { isdn_timer_cnt2 = 0; if (tf & ISDN_TIMER_NETHANGUP) isdn_net_autohup(); if (++isdn_timer_cnt3 >= ISDN_TIMER_RINGING) { isdn_timer_cnt3 = 0; if (tf & ISDN_TIMER_MODEMRING) isdn_tty_modem_ring(); } if (tf & ISDN_TIMER_CARRIER) isdn_tty_carrier_timeout(); } } if (tf) mod_timer(&dev->timer, jiffies+ISDN_TIMER_RES); }",linux-2.6,,,302897780546057226935252792213787379173,0 6726,['CWE-310'],"read_applet_private_values_from_gconf (NMSetting *setting, ReadFromGConfInfo *info) { const char *setting_name = nm_setting_get_name (setting); gboolean value; GError *error = NULL; if (!NM_IS_SETTING_802_1X (setting)) return; if (nm_gconf_get_bool_helper (info->client, info->dir, NMA_CA_CERT_IGNORE_TAG, setting_name, &value)) { g_object_set_data (G_OBJECT (info->connection), NMA_CA_CERT_IGNORE_TAG, GUINT_TO_POINTER (value)); } if (nm_gconf_get_bool_helper (info->client, info->dir, NMA_PHASE2_CA_CERT_IGNORE_TAG, setting_name, &value)) { g_object_set_data (G_OBJECT (info->connection), NMA_PHASE2_CA_CERT_IGNORE_TAG, GUINT_TO_POINTER (value)); } if (!read_one_cert (info, setting_name, NMA_PATH_CA_CERT_TAG, TRUE, &error)) { if (!info->error) { info->error = error; error = NULL; } g_clear_error (&error); } if (!read_one_cert (info, setting_name, NMA_PATH_PHASE2_CA_CERT_TAG, TRUE, &error)) { if (!info->error) { info->error = error; error = NULL; } g_clear_error (&error); } read_one_cert (info, setting_name, NMA_PATH_CLIENT_CERT_TAG, FALSE, NULL); read_one_cert (info, setting_name, NMA_PATH_PRIVATE_KEY_TAG, FALSE, NULL); read_one_cert (info, setting_name, NMA_PATH_PHASE2_CLIENT_CERT_TAG, FALSE, NULL); read_one_cert (info, setting_name, NMA_PATH_PHASE2_PRIVATE_KEY_TAG, FALSE, NULL); }",network-manager-applet,,,34562777979632082247499670217425247599,0 3936,CWE-416,"ins_compl_get_exp(pos_T *ini) { static ins_compl_next_state_T st; static int st_cleared = FALSE; int i; int found_new_match; int type = ctrl_x_mode; if (!compl_started) { buf_T *buf; FOR_ALL_BUFFERS(buf) buf->b_scanned = 0; if (!st_cleared) { CLEAR_FIELD(st); st_cleared = TRUE; } st.found_all = FALSE; st.ins_buf = curbuf; vim_free(st.e_cpt_copy); st.e_cpt_copy = vim_strsave((compl_cont_status & CONT_LOCAL) ? (char_u *)""."" : curbuf->b_p_cpt); st.e_cpt = st.e_cpt_copy == NULL ? (char_u *)"""" : st.e_cpt_copy; st.last_match_pos = st.first_match_pos = *ini; } else if (st.ins_buf != curbuf && !buf_valid(st.ins_buf)) st.ins_buf = curbuf; compl_old_match = compl_curr_match; st.cur_match_pos = (compl_dir_forward()) ? &st.last_match_pos : &st.first_match_pos; for (;;) { found_new_match = FAIL; st.set_match_pos = FALSE; if ((ctrl_x_mode_normal() || ctrl_x_mode_line_or_eval()) && (!compl_started || st.found_all)) { int status = process_next_cpt_value(&st, &type, ini); if (status == INS_COMPL_CPT_END) break; if (status == INS_COMPL_CPT_CONT) continue; } if (compl_pattern == NULL) break; found_new_match = get_next_completion_match(type, &st, ini); if ((ctrl_x_mode_not_default() && !ctrl_x_mode_line_or_eval()) || found_new_match != FAIL) { if (got_int) break; if (type != -1) ins_compl_check_keys(0, FALSE); if ((ctrl_x_mode_not_default() && !ctrl_x_mode_line_or_eval()) || compl_interrupted) break; compl_started = TRUE; } else { if (type == 0 || type == CTRL_X_PATH_PATTERNS) st.ins_buf->b_scanned = TRUE; compl_started = FALSE; } } compl_started = TRUE; if ((ctrl_x_mode_normal() || ctrl_x_mode_line_or_eval()) && *st.e_cpt == NUL) found_new_match = FAIL; i = -1; if (found_new_match == FAIL || (ctrl_x_mode_not_default() && !ctrl_x_mode_line_or_eval())) i = ins_compl_make_cyclic(); if (compl_old_match != NULL) { compl_curr_match = compl_dir_forward() ? compl_old_match->cp_next : compl_old_match->cp_prev; if (compl_curr_match == NULL) compl_curr_match = compl_old_match; } may_trigger_modechanged(); return i; }",visit repo url,src/insexpand.c,https://github.com/vim/vim,232667648250478,1 4939,['CWE-20'],"static void nfs_refresh_verifier(struct dentry * dentry, unsigned long verf) { nfs_set_verifier(dentry, verf); }",linux-2.6,,,293739711746847481220816140658707275842,0 4596,CWE-190,"static s32 gf_hevc_read_vps_bs_internal(GF_BitStream *bs, HEVCState *hevc, Bool stop_at_vps_ext) { u8 vps_sub_layer_ordering_info_present_flag, vps_extension_flag; u32 i, j; s32 vps_id; HEVC_VPS *vps; u8 layer_id_included_flag[MAX_LHVC_LAYERS][64]; vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) return -1; vps = &hevc->vps[vps_id]; vps->bit_pos_vps_extensions = -1; if (!vps->state) { vps->id = vps_id; vps->state = 1; } vps->base_layer_internal_flag = gf_bs_read_int_log(bs, 1, ""base_layer_internal_flag""); vps->base_layer_available_flag = gf_bs_read_int_log(bs, 1, ""base_layer_available_flag""); vps->max_layers = 1 + gf_bs_read_int_log(bs, 6, ""max_layers_minus1""); if (vps->max_layers > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] sorry, %d layers in VPS but only %d supported\n"", vps->max_layers, MAX_LHVC_LAYERS)); return -1; } vps->max_sub_layers = gf_bs_read_int_log(bs, 3, ""max_sub_layers_minus1"") + 1; vps->temporal_id_nesting = gf_bs_read_int_log(bs, 1, ""temporal_id_nesting""); gf_bs_read_int_log(bs, 16, ""vps_reserved_ffff_16bits""); hevc_profile_tier_level(bs, 1, vps->max_sub_layers - 1, &vps->ptl, 0); vps_sub_layer_ordering_info_present_flag = gf_bs_read_int_log(bs, 1, ""vps_sub_layer_ordering_info_present_flag""); for (i = (vps_sub_layer_ordering_info_present_flag ? 0 : vps->max_sub_layers - 1); i < vps->max_sub_layers; i++) { gf_bs_read_ue_log_idx(bs, ""vps_max_dec_pic_buffering_minus1"", i); gf_bs_read_ue_log_idx(bs, ""vps_max_num_reorder_pics"", i); gf_bs_read_ue_log_idx(bs, ""vps_max_latency_increase_plus1"", i); } vps->max_layer_id = gf_bs_read_int_log(bs, 6, ""max_layer_id""); if (vps->max_layer_id > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] VPS max layer ID %u but GPAC only supports %u\n"", vps->max_layer_id, MAX_LHVC_LAYERS)); return -1; } vps->num_layer_sets = gf_bs_read_ue_log(bs, ""num_layer_sets_minus1"") + 1; if (vps->num_layer_sets > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Wrong number of layer sets in VPS %d\n"", vps->num_layer_sets)); return -1; } for (i = 1; i < vps->num_layer_sets; i++) { for (j = 0; j <= vps->max_layer_id; j++) { layer_id_included_flag[i][j] = gf_bs_read_int_log_idx2(bs, 1, ""layer_id_included_flag"", i, j); } } vps->num_layers_in_id_list[0] = 1; for (i = 1; i < vps->num_layer_sets; i++) { u32 n, m; n = 0; for (m = 0; m <= vps->max_layer_id; m++) { if (layer_id_included_flag[i][m]) { vps->LayerSetLayerIdList[i][n++] = m; if (vps->LayerSetLayerIdListMax[i] < m) vps->LayerSetLayerIdListMax[i] = m; } } vps->num_layers_in_id_list[i] = n; } if (gf_bs_read_int_log(bs, 1, ""vps_timing_info_present_flag"")) { u32 vps_num_hrd_parameters; gf_bs_read_int_log(bs, 32, ""vps_num_units_in_tick""); gf_bs_read_int_log(bs, 32, ""vps_time_scale""); if (gf_bs_read_int_log(bs, 1, ""vps_poc_proportional_to_timing_flag"")) { gf_bs_read_ue_log(bs, ""vps_num_ticks_poc_diff_one_minus1""); } vps_num_hrd_parameters = gf_bs_read_ue_log(bs, ""vps_num_hrd_parameters""); for (i = 0; i < vps_num_hrd_parameters; i++) { Bool cprms_present_flag = GF_TRUE; gf_bs_read_ue_log_idx(bs, ""hrd_layer_set_idx"", i); if (i > 0) cprms_present_flag = gf_bs_read_int_log(bs, 1, ""cprms_present_flag""); hevc_parse_hrd_parameters(bs, cprms_present_flag, vps->max_sub_layers - 1, i); } } if (stop_at_vps_ext) { return vps_id; } vps_extension_flag = gf_bs_read_int_log(bs, 1, ""vps_extension_flag""); if (vps_extension_flag) { Bool res; gf_bs_align(bs); res = hevc_parse_vps_extension(vps, bs); if (res != GF_TRUE) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] Failed to parse VPS extensions\n"")); return -1; } if (gf_bs_read_int_log(bs, 1, ""vps_extension2_flag"")) { #if 0 while (gf_bs_available(bs)) { gf_bs_read_int(bs, 1); } #endif } } return vps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,85408619606295,1 2277,CWE-193,"bool radeon_atom_get_tv_timings(struct radeon_device *rdev, int index, struct drm_display_mode *mode) { struct radeon_mode_info *mode_info = &rdev->mode_info; ATOM_ANALOG_TV_INFO *tv_info; ATOM_ANALOG_TV_INFO_V1_2 *tv_info_v1_2; ATOM_DTD_FORMAT *dtd_timings; int data_index = GetIndexIntoMasterTable(DATA, AnalogTV_Info); u8 frev, crev; u16 data_offset, misc; if (!atom_parse_data_header(mode_info->atom_context, data_index, NULL, &frev, &crev, &data_offset)) return false; switch (crev) { case 1: tv_info = (ATOM_ANALOG_TV_INFO *)(mode_info->atom_context->bios + data_offset); if (index > MAX_SUPPORTED_TV_TIMING) return false; mode->crtc_htotal = le16_to_cpu(tv_info->aModeTimings[index].usCRTC_H_Total); mode->crtc_hdisplay = le16_to_cpu(tv_info->aModeTimings[index].usCRTC_H_Disp); mode->crtc_hsync_start = le16_to_cpu(tv_info->aModeTimings[index].usCRTC_H_SyncStart); mode->crtc_hsync_end = le16_to_cpu(tv_info->aModeTimings[index].usCRTC_H_SyncStart) + le16_to_cpu(tv_info->aModeTimings[index].usCRTC_H_SyncWidth); mode->crtc_vtotal = le16_to_cpu(tv_info->aModeTimings[index].usCRTC_V_Total); mode->crtc_vdisplay = le16_to_cpu(tv_info->aModeTimings[index].usCRTC_V_Disp); mode->crtc_vsync_start = le16_to_cpu(tv_info->aModeTimings[index].usCRTC_V_SyncStart); mode->crtc_vsync_end = le16_to_cpu(tv_info->aModeTimings[index].usCRTC_V_SyncStart) + le16_to_cpu(tv_info->aModeTimings[index].usCRTC_V_SyncWidth); mode->flags = 0; misc = le16_to_cpu(tv_info->aModeTimings[index].susModeMiscInfo.usAccess); if (misc & ATOM_VSYNC_POLARITY) mode->flags |= DRM_MODE_FLAG_NVSYNC; if (misc & ATOM_HSYNC_POLARITY) mode->flags |= DRM_MODE_FLAG_NHSYNC; if (misc & ATOM_COMPOSITESYNC) mode->flags |= DRM_MODE_FLAG_CSYNC; if (misc & ATOM_INTERLACE) mode->flags |= DRM_MODE_FLAG_INTERLACE; if (misc & ATOM_DOUBLE_CLOCK_MODE) mode->flags |= DRM_MODE_FLAG_DBLSCAN; mode->clock = le16_to_cpu(tv_info->aModeTimings[index].usPixelClock) * 10; if (index == 1) { mode->crtc_htotal -= 1; mode->crtc_vtotal -= 1; } break; case 2: tv_info_v1_2 = (ATOM_ANALOG_TV_INFO_V1_2 *)(mode_info->atom_context->bios + data_offset); if (index > MAX_SUPPORTED_TV_TIMING_V1_2) return false; dtd_timings = &tv_info_v1_2->aModeTimings[index]; mode->crtc_htotal = le16_to_cpu(dtd_timings->usHActive) + le16_to_cpu(dtd_timings->usHBlanking_Time); mode->crtc_hdisplay = le16_to_cpu(dtd_timings->usHActive); mode->crtc_hsync_start = le16_to_cpu(dtd_timings->usHActive) + le16_to_cpu(dtd_timings->usHSyncOffset); mode->crtc_hsync_end = mode->crtc_hsync_start + le16_to_cpu(dtd_timings->usHSyncWidth); mode->crtc_vtotal = le16_to_cpu(dtd_timings->usVActive) + le16_to_cpu(dtd_timings->usVBlanking_Time); mode->crtc_vdisplay = le16_to_cpu(dtd_timings->usVActive); mode->crtc_vsync_start = le16_to_cpu(dtd_timings->usVActive) + le16_to_cpu(dtd_timings->usVSyncOffset); mode->crtc_vsync_end = mode->crtc_vsync_start + le16_to_cpu(dtd_timings->usVSyncWidth); mode->flags = 0; misc = le16_to_cpu(dtd_timings->susModeMiscInfo.usAccess); if (misc & ATOM_VSYNC_POLARITY) mode->flags |= DRM_MODE_FLAG_NVSYNC; if (misc & ATOM_HSYNC_POLARITY) mode->flags |= DRM_MODE_FLAG_NHSYNC; if (misc & ATOM_COMPOSITESYNC) mode->flags |= DRM_MODE_FLAG_CSYNC; if (misc & ATOM_INTERLACE) mode->flags |= DRM_MODE_FLAG_INTERLACE; if (misc & ATOM_DOUBLE_CLOCK_MODE) mode->flags |= DRM_MODE_FLAG_DBLSCAN; mode->clock = le16_to_cpu(dtd_timings->usPixClk) * 10; break; } return true; }",visit repo url,drivers/gpu/drm/radeon/radeon_atombios.c,https://github.com/torvalds/linux,195686824304960,1 2937,['CWE-189'],"jpc_tagtreenode_t *jpc_tagtree_getleaf(jpc_tagtree_t *tree, int n) { return &tree->nodes_[n]; }",jasper,,,114381306789278674968187665794219979008,0 3990,CWE-787,"CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread) { ssize_t i; ssize_t si; struct Curl_easy *data = conn->data; struct SMTP *smtp = data->req.protop; char *scratch = data->state.scratch; char *newscratch = NULL; char *oldscratch = NULL; size_t eob_sent; if(!scratch || data->set.crlf) { oldscratch = scratch; scratch = newscratch = malloc(2 * data->set.buffer_size); if(!newscratch) { failf(data, ""Failed to alloc scratch buffer!""); return CURLE_OUT_OF_MEMORY; } } eob_sent = smtp->eob; for(i = 0, si = 0; i < nread; i++) { if(SMTP_EOB[smtp->eob] == data->req.upload_fromhere[i]) { smtp->eob++; if(2 == smtp->eob || SMTP_EOB_LEN == smtp->eob) smtp->trailing_crlf = TRUE; else smtp->trailing_crlf = FALSE; } else if(smtp->eob) { memcpy(&scratch[si], &SMTP_EOB[eob_sent], smtp->eob - eob_sent); si += smtp->eob - eob_sent; if(SMTP_EOB[0] == data->req.upload_fromhere[i]) smtp->eob = 1; else smtp->eob = 0; eob_sent = 0; smtp->trailing_crlf = FALSE; } if(SMTP_EOB_FIND_LEN == smtp->eob) { memcpy(&scratch[si], &SMTP_EOB_REPL[eob_sent], SMTP_EOB_REPL_LEN - eob_sent); si += SMTP_EOB_REPL_LEN - eob_sent; smtp->eob = 0; eob_sent = 0; } else if(!smtp->eob) scratch[si++] = data->req.upload_fromhere[i]; } if(smtp->eob - eob_sent) { memcpy(&scratch[si], &SMTP_EOB[eob_sent], smtp->eob - eob_sent); si += smtp->eob - eob_sent; } if(si != nread) { data->req.upload_fromhere = scratch; data->state.scratch = scratch; free(oldscratch); data->req.upload_present = si; } else free(newscratch); return CURLE_OK; }",visit repo url,lib/smtp.c,https://github.com/curl/curl,47871584145674,1 4410,['CWE-264'],"void sk_free(struct sock *sk) { struct sk_filter *filter; if (sk->sk_destruct) sk->sk_destruct(sk); filter = rcu_dereference(sk->sk_filter); if (filter) { sk_filter_uncharge(sk, filter); rcu_assign_pointer(sk->sk_filter, NULL); } sock_disable_timestamp(sk); if (atomic_read(&sk->sk_omem_alloc)) printk(KERN_DEBUG ""%s: optmem leakage (%d bytes) detected.\n"", __func__, atomic_read(&sk->sk_omem_alloc)); put_net(sock_net(sk)); sk_prot_free(sk->sk_prot_creator, sk); }",linux-2.6,,,176016785055355385882177207407423046122,0 1806,[],"static ssize_t sched_smt_power_savings_show(struct sys_device *dev, char *page) { return sprintf(page, ""%u\n"", sched_smt_power_savings); }",linux-2.6,,,306221590429859885472782792740733218028,0 47,['CWE-787'],"static void cirrus_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val) { #ifdef TARGET_WORDS_BIGENDIAN cirrus_mmio_writeb(opaque, addr, (val >> 24) & 0xff); cirrus_mmio_writeb(opaque, addr + 1, (val >> 16) & 0xff); cirrus_mmio_writeb(opaque, addr + 2, (val >> 8) & 0xff); cirrus_mmio_writeb(opaque, addr + 3, val & 0xff); #else cirrus_mmio_writeb(opaque, addr, val & 0xff); cirrus_mmio_writeb(opaque, addr + 1, (val >> 8) & 0xff); cirrus_mmio_writeb(opaque, addr + 2, (val >> 16) & 0xff); cirrus_mmio_writeb(opaque, addr + 3, (val >> 24) & 0xff); #endif }",qemu,,,334699662091006313918310302634576482728,0 2368,CWE-476,"static int decode_nal_unit(HEVCContext *s, const H2645NAL *nal) { HEVCLocalContext *lc = s->HEVClc; GetBitContext *gb = &lc->gb; int ctb_addr_ts, ret; *gb = nal->gb; s->nal_unit_type = nal->type; s->temporal_id = nal->temporal_id; switch (s->nal_unit_type) { case HEVC_NAL_VPS: if (s->avctx->hwaccel && s->avctx->hwaccel->decode_params) { ret = s->avctx->hwaccel->decode_params(s->avctx, nal->type, nal->raw_data, nal->raw_size); if (ret < 0) goto fail; } ret = ff_hevc_decode_nal_vps(gb, s->avctx, &s->ps); if (ret < 0) goto fail; break; case HEVC_NAL_SPS: if (s->avctx->hwaccel && s->avctx->hwaccel->decode_params) { ret = s->avctx->hwaccel->decode_params(s->avctx, nal->type, nal->raw_data, nal->raw_size); if (ret < 0) goto fail; } ret = ff_hevc_decode_nal_sps(gb, s->avctx, &s->ps, s->apply_defdispwin); if (ret < 0) goto fail; break; case HEVC_NAL_PPS: if (s->avctx->hwaccel && s->avctx->hwaccel->decode_params) { ret = s->avctx->hwaccel->decode_params(s->avctx, nal->type, nal->raw_data, nal->raw_size); if (ret < 0) goto fail; } ret = ff_hevc_decode_nal_pps(gb, s->avctx, &s->ps); if (ret < 0) goto fail; break; case HEVC_NAL_SEI_PREFIX: case HEVC_NAL_SEI_SUFFIX: if (s->avctx->hwaccel && s->avctx->hwaccel->decode_params) { ret = s->avctx->hwaccel->decode_params(s->avctx, nal->type, nal->raw_data, nal->raw_size); if (ret < 0) goto fail; } ret = ff_hevc_decode_nal_sei(gb, s->avctx, &s->sei, &s->ps, s->nal_unit_type); if (ret < 0) goto fail; break; case HEVC_NAL_TRAIL_R: case HEVC_NAL_TRAIL_N: case HEVC_NAL_TSA_N: case HEVC_NAL_TSA_R: case HEVC_NAL_STSA_N: case HEVC_NAL_STSA_R: case HEVC_NAL_BLA_W_LP: case HEVC_NAL_BLA_W_RADL: case HEVC_NAL_BLA_N_LP: case HEVC_NAL_IDR_W_RADL: case HEVC_NAL_IDR_N_LP: case HEVC_NAL_CRA_NUT: case HEVC_NAL_RADL_N: case HEVC_NAL_RADL_R: case HEVC_NAL_RASL_N: case HEVC_NAL_RASL_R: ret = hls_slice_header(s); if (ret < 0) return ret; if ( (s->avctx->skip_frame >= AVDISCARD_BIDIR && s->sh.slice_type == HEVC_SLICE_B) || (s->avctx->skip_frame >= AVDISCARD_NONINTRA && s->sh.slice_type != HEVC_SLICE_I) || (s->avctx->skip_frame >= AVDISCARD_NONKEY && !IS_IRAP(s))) { break; } if (s->sh.first_slice_in_pic_flag) { if (s->ref) { av_log(s->avctx, AV_LOG_ERROR, ""Two slices reporting being the first in the same frame.\n""); goto fail; } if (s->max_ra == INT_MAX) { if (s->nal_unit_type == HEVC_NAL_CRA_NUT || IS_BLA(s)) { s->max_ra = s->poc; } else { if (IS_IDR(s)) s->max_ra = INT_MIN; } } if ((s->nal_unit_type == HEVC_NAL_RASL_R || s->nal_unit_type == HEVC_NAL_RASL_N) && s->poc <= s->max_ra) { s->is_decoded = 0; break; } else { if (s->nal_unit_type == HEVC_NAL_RASL_R && s->poc > s->max_ra) s->max_ra = INT_MIN; } s->overlap ++; ret = hevc_frame_start(s); if (ret < 0) return ret; } else if (!s->ref) { av_log(s->avctx, AV_LOG_ERROR, ""First slice in a frame missing.\n""); goto fail; } if (s->nal_unit_type != s->first_nal_type) { av_log(s->avctx, AV_LOG_ERROR, ""Non-matching NAL types of the VCL NALUs: %d %d\n"", s->first_nal_type, s->nal_unit_type); return AVERROR_INVALIDDATA; } if (!s->sh.dependent_slice_segment_flag && s->sh.slice_type != HEVC_SLICE_I) { ret = ff_hevc_slice_rpl(s); if (ret < 0) { av_log(s->avctx, AV_LOG_WARNING, ""Error constructing the reference lists for the current slice.\n""); goto fail; } } if (s->sh.first_slice_in_pic_flag && s->avctx->hwaccel) { ret = s->avctx->hwaccel->start_frame(s->avctx, NULL, 0); if (ret < 0) goto fail; } if (s->avctx->hwaccel) { ret = s->avctx->hwaccel->decode_slice(s->avctx, nal->raw_data, nal->raw_size); if (ret < 0) goto fail; } else { if (s->threads_number > 1 && s->sh.num_entry_point_offsets > 0) ctb_addr_ts = hls_slice_data_wpp(s, nal); else ctb_addr_ts = hls_slice_data(s); if (ctb_addr_ts >= (s->ps.sps->ctb_width * s->ps.sps->ctb_height)) { s->is_decoded = 1; } if (ctb_addr_ts < 0) { ret = ctb_addr_ts; goto fail; } } break; case HEVC_NAL_EOS_NUT: case HEVC_NAL_EOB_NUT: s->seq_decode = (s->seq_decode + 1) & 0xff; s->max_ra = INT_MAX; break; case HEVC_NAL_AUD: case HEVC_NAL_FD_NUT: break; default: av_log(s->avctx, AV_LOG_INFO, ""Skipping NAL unit %d\n"", s->nal_unit_type); } return 0; fail: if (s->avctx->err_recognition & AV_EF_EXPLODE) return ret; return 0; }",visit repo url,libavcodec/hevcdec.c,https://github.com/FFmpeg/FFmpeg,133954744152438,1 6521,CWE-476,"void print_summary(const MOBIData *m) { char *title = mobi_meta_get_title(m); if (title) { printf(""Title: %s\n"", title); free(title); } char *author = mobi_meta_get_author(m); if (author) { printf(""Author: %s\n"", author); free(author); } char *contributor = mobi_meta_get_contributor(m); uint32_t major = 0, minor = 0, build = 0; bool is_calibre = false; if (contributor) { const char *calibre_contributor = ""calibre (""; if (strncmp(contributor, calibre_contributor, strlen(calibre_contributor)) == 0) { is_calibre = true; sscanf(contributor, ""calibre (%u.%u.%u)"", &major, &minor, &build); } else { printf(""Contributor: %s\n"", contributor); } free(contributor); } char *subject = mobi_meta_get_subject(m); if (subject) { printf(""Subject: %s\n"", subject); free(subject); } char *publisher = mobi_meta_get_publisher(m); if (publisher) { printf(""Publisher: %s\n"", publisher); free(publisher); } char *date = mobi_meta_get_publishdate(m); if (date) { printf(""Publishing date: %s\n"", date); free(date); } char *description = mobi_meta_get_description(m); if (description) { printf(""Description: %s\n"", description); free(description); } char *review = mobi_meta_get_review(m); if (review) { printf(""Review: %s\n"", review); free(review); } char *imprint = mobi_meta_get_imprint(m); if (imprint) { printf(""Imprint: %s\n"", imprint); free(imprint); } char *copyright = mobi_meta_get_copyright(m); if (copyright) { printf(""Copyright: %s\n"", copyright); free(copyright); } char *isbn = mobi_meta_get_isbn(m); if (isbn) { printf(""ISBN: %s\n"", isbn); free(isbn); } char *asin = mobi_meta_get_asin(m); if (asin) { printf(""ASIN: %s\n"", asin); free(asin); } char *language = mobi_meta_get_language(m); if (language) { printf(""Language: %s"", language); free(language); if (m->mh && m->mh->text_encoding) { uint32_t encoding = *m->mh->text_encoding; if (encoding == MOBI_CP1252) { printf("" (cp1252)""); } else if (encoding == MOBI_UTF8) { printf("" (utf8)""); } } printf(""\n""); } if (mobi_is_dictionary(m)) { printf(""Dictionary""); if (m->mh && m->mh->dict_input_lang && m->mh->dict_output_lang && *m->mh->dict_input_lang && *m->mh->dict_output_lang) { const char *locale_in = mobi_get_locale_string(*m->mh->dict_input_lang); const char *locale_out = mobi_get_locale_string(*m->mh->dict_output_lang); printf("": %s => %s"", locale_in, locale_out); } printf(""\n""); } printf(""__\n""); if (strcmp(m->ph->type, ""TEXt"") == 0) { if (strcmp(m->ph->creator, ""TlDc"") == 0) { printf(""TealDoc\n""); } else { printf(""PalmDoc\n""); } } else { printf(""Mobi version: %zu"", mobi_get_fileversion(m)); if (mobi_is_hybrid(m)) { size_t version = mobi_get_fileversion(m->next); if (version != MOBI_NOTSET) { printf("" (hybrid with version %zu)"", version); } } printf(""\n""); } if (mobi_is_replica(m)) { printf(""Print Replica\n""); } if (mobi_is_encrypted(m)) { printf(""Document is encrypted\n""); } if (is_calibre) { printf(""Creator software: calibre %u.%u.%u\n"", major, minor, build); } else { MOBIExthHeader *exth = mobi_get_exthrecord_by_tag(m, EXTH_CREATORSOFT); if (exth) { printf(""Creator software: ""); uint32_t creator = mobi_decode_exthvalue(exth->data, exth->size); exth = mobi_get_exthrecord_by_tag(m, EXTH_CREATORMAJOR); if (exth) { major = mobi_decode_exthvalue(exth->data, exth->size); } exth = mobi_get_exthrecord_by_tag(m, EXTH_CREATORMINOR); if (exth) { minor = mobi_decode_exthvalue(exth->data, exth->size); } exth = mobi_get_exthrecord_by_tag(m, EXTH_CREATORBUILD); if (exth) { build = mobi_decode_exthvalue(exth->data, exth->size); } exth = mobi_get_exthrecord_by_tag(m, EXTH_CREATORBUILDREV); if (major == 2 && minor == 9 && build == 0 && exth) { char *rev = mobi_decode_exthstring(m, exth->data, exth->size); if (rev) { if (strcmp(rev, ""0730-890adc2"") == 0) { is_calibre = true; } free(rev); } } switch (creator) { case 0: printf(""mobipocket reader %u.%u.%u"", major, minor, build); break; case 1: case 101: printf(""mobigen %u.%u.%u"", major, minor, build); break; case 2: printf(""mobipocket creator %u.%u.%u"", major, minor, build); break; case 200: printf(""kindlegen %u.%u.%u (windows)"", major, minor, build); if (is_calibre) { printf("" or calibre""); } break; case 201: printf(""kindlegen %u.%u.%u (linux)"", major, minor, build); if ((major == 1 && minor == 2 && build == 33307) || (major == 2 && minor == 0 && build == 101) || is_calibre) { printf("" or calibre""); } break; case 202: printf(""kindlegen %u.%u.%u (mac)"", major, minor, build); if (is_calibre) { printf("" or calibre""); } break; default: printf(""unknown""); break; } printf(""\n""); } } }",visit repo url,tools/common.c,https://github.com/bfabiszewski/libmobi,90974532174516,1 3193,['CWE-189'],"void jpc_mqenc_init(jpc_mqenc_t *mqenc) { mqenc->areg = 0x8000; mqenc->outbuf = -1; mqenc->creg = 0; mqenc->ctreg = 12; mqenc->lastbyte = -1; mqenc->err = 0; }",jasper,,,206910133505828784922019875974311601882,0 4003,['CWE-362'],"static inline void inotify_d_instantiate(struct dentry *dentry, struct inode *inode) { }",linux-2.6,,,125449754774964576327842424231944114923,0 5599,CWE-125,"expr_context_name(expr_context_ty ctx) { switch (ctx) { case Load: return ""Load""; case Store: return ""Store""; case Del: return ""Del""; case AugLoad: return ""AugLoad""; case AugStore: return ""AugStore""; case Param: return ""Param""; default: assert(0); return ""(unknown)""; } }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,260872093129908,1 5383,CWE-125,"double GetGPMFSampleRate(size_t handle, uint32_t fourcc, uint32_t flags) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return 0.0; GPMF_stream metadata_stream, *ms = &metadata_stream; uint32_t teststart = 0; uint32_t testend = mp4->indexcount; double rate = 0.0; if (mp4->indexcount < 1) return 0.0; if (mp4->indexcount > 3) { teststart++; testend--; } uint32_t *payload = GetPayload(handle, NULL, teststart); uint32_t payloadsize = GetPayloadSize(handle, teststart); int32_t ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; { uint32_t startsamples = 0; uint32_t endsamples = 0; uint32_t missing_samples = 0; while (ret == GPMF_OK && GPMF_OK != GPMF_FindNext(ms, fourcc, GPMF_RECURSE_LEVELS)) { missing_samples = 1; teststart++; payload = GetPayload(handle, payload, teststart); payloadsize = GetPayloadSize(handle, teststart); ret = GPMF_Init(ms, payload, payloadsize); } if (missing_samples) { teststart++; payload = GetPayload(handle, payload, teststart); payloadsize = GetPayloadSize(handle, teststart); ret = GPMF_Init(ms, payload, payloadsize); } if (ret == GPMF_OK) { uint32_t samples = GPMF_Repeat(ms); GPMF_stream find_stream; GPMF_CopyState(ms, &find_stream); if (!(flags & GPMF_SAMPLE_RATE_PRECISE) && GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TOTAL_SAMPLES, GPMF_CURRENT_LEVEL)) { startsamples = BYTESWAP32(*(uint32_t *)GPMF_RawData(&find_stream)) - samples; payload = GetPayload(handle, payload, testend); payloadsize = GetPayloadSize(handle, testend); ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; if (GPMF_OK == GPMF_FindNext(ms, fourcc, GPMF_RECURSE_LEVELS)) { GPMF_CopyState(ms, &find_stream); if (GPMF_OK == GPMF_FindPrev(&find_stream, GPMF_KEY_TOTAL_SAMPLES, GPMF_CURRENT_LEVEL)) { endsamples = BYTESWAP32(*(uint32_t *)GPMF_RawData(&find_stream)); rate = (double)(endsamples - startsamples) / (mp4->metadatalength * ((double)(testend - teststart + 1)) / (double)mp4->indexcount); goto cleanup; } } rate = (double)(samples) / (mp4->metadatalength * ((double)(testend - teststart + 1)) / (double)mp4->indexcount); } else { uint32_t payloadpos = 0, payloadcount = 0; double slope, top = 0.0, bot = 0.0, meanX = 0, meanY = 0; uint32_t *repeatarray = malloc(mp4->indexcount * 4 + 4); memset(repeatarray, 0, mp4->indexcount * 4 + 4); samples = 0; for (payloadpos = teststart; payloadpos < testend; payloadcount++, payloadpos++) { payload = GetPayload(handle, payload, payloadpos); payloadsize = GetPayloadSize(handle, payloadpos); ret = GPMF_Init(ms, payload, payloadsize); if (ret != GPMF_OK) goto cleanup; if (GPMF_OK == GPMF_FindNext(ms, fourcc, GPMF_RECURSE_LEVELS)) { GPMF_stream find_stream2; GPMF_CopyState(ms, &find_stream2); if (GPMF_OK == GPMF_FindNext(&find_stream2, fourcc, GPMF_CURRENT_LEVEL)) { if (repeatarray) { float in, out; do { samples++; } while (GPMF_OK == GPMF_FindNext(ms, fourcc, GPMF_CURRENT_LEVEL)); repeatarray[payloadpos] = samples; meanY += (double)samples; GetPayloadTime(handle, payloadpos, &in, &out); meanX += out; } } else { uint32_t repeat = GPMF_Repeat(ms); samples += repeat; if (repeatarray) { float in, out; repeatarray[payloadpos] = samples; meanY += (double)samples; GetPayloadTime(handle, payloadpos, &in, &out); meanX += out; } } } } if (repeatarray) { meanY /= (double)payloadcount; meanX /= (double)payloadcount; for (payloadpos = teststart; payloadpos < testend; payloadpos++) { float in, out; GetPayloadTime(handle, payloadpos, &in, &out); top += ((double)out - meanX)*((double)repeatarray[payloadpos] - meanY); bot += ((double)out - meanX)*((double)out - meanX); } slope = top / bot; #if 0 { double intercept; intercept = meanY - slope*meanX; printf(""%c%c%c%c start offset = %f (%.3fms)\n"", PRINTF_4CC(fourcc), intercept, 1000.0 * intercept / slope); } #endif rate = slope; } else { rate = (double)(samples) / (mp4->metadatalength * ((double)(testend - teststart + 1)) / (double)mp4->indexcount); } free(repeatarray); goto cleanup; } } } cleanup: if (payload) { FreePayload(payload); payload = NULL; } return rate; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,227559842246580,1 4223,CWE-476,"R_API int r_io_bank_read_from_submap_at(RIO *io, const ut32 bankid, ut64 addr, ut8 *buf, int len) { r_return_val_if_fail (io, -1); RIOBank *bank = r_io_bank_get (io, bankid); if (!bank) { return 0; } if (!len) { return 0; } RRBNode *node; if (bank->last_used && r_io_submap_contain (((RIOSubMap *)bank->last_used->data), addr)) { node = bank->last_used; } else { node = r_crbtree_find_node (bank->submaps, &addr, _find_sm_by_vaddr_cb, NULL); if (!node) { return 0; } bank->last_used = node; } RIOSubMap *sm = (RIOSubMap *)node->data; if (!r_io_submap_contain (sm, addr)) { return 0; } RIOMap *map = r_io_map_get_by_ref (io, &sm->mapref); if (!map || !(map->perm & R_PERM_R)) { return -1; } const int read_len = R_MIN (len, r_io_submap_to (sm) - addr + 1); if (map->perm & R_PERM_RELOC) { return map->reloc_map->read (io, map, addr, buf, read_len); } const ut64 paddr = addr - r_io_map_from (map) + map->delta; return r_io_fd_read_at (io, map->fd, paddr, buf, read_len); }",visit repo url,libr/io/io_bank.c,https://github.com/radareorg/radare2,81168507559187,1 790,['CWE-119'],"isdn_net_init(struct net_device *ndev) { ushort max_hlhdr_len = 0; int drvidx; ether_setup(ndev); ndev->header_ops = NULL; ndev->mtu = 1500; ndev->flags = IFF_NOARP|IFF_POINTOPOINT; ndev->type = ARPHRD_ETHER; ndev->addr_len = ETH_ALEN; ndev->tx_queue_len = 30; ndev->open = &isdn_net_open; ndev->hard_start_xmit = &isdn_net_start_xmit; for (drvidx = 0; drvidx < ISDN_MAX_DRIVERS; drvidx++) if (dev->drv[drvidx]) if (max_hlhdr_len < dev->drv[drvidx]->interface->hl_hdrlen) max_hlhdr_len = dev->drv[drvidx]->interface->hl_hdrlen; ndev->hard_header_len = ETH_HLEN + max_hlhdr_len; ndev->stop = &isdn_net_close; ndev->get_stats = &isdn_net_get_stats; ndev->do_ioctl = NULL; return 0; }",linux-2.6,,,39287088212837684188620369197720735311,0 1819,CWE-415,"static int rpmsg_probe(struct virtio_device *vdev) { vq_callback_t *vq_cbs[] = { rpmsg_recv_done, rpmsg_xmit_done }; static const char * const names[] = { ""input"", ""output"" }; struct virtqueue *vqs[2]; struct virtproc_info *vrp; struct virtio_rpmsg_channel *vch = NULL; struct rpmsg_device *rpdev_ns, *rpdev_ctrl; void *bufs_va; int err = 0, i; size_t total_buf_space; bool notify; vrp = kzalloc(sizeof(*vrp), GFP_KERNEL); if (!vrp) return -ENOMEM; vrp->vdev = vdev; idr_init(&vrp->endpoints); mutex_init(&vrp->endpoints_lock); mutex_init(&vrp->tx_lock); init_waitqueue_head(&vrp->sendq); err = virtio_find_vqs(vdev, 2, vqs, vq_cbs, names, NULL); if (err) goto free_vrp; vrp->rvq = vqs[0]; vrp->svq = vqs[1]; WARN_ON(virtqueue_get_vring_size(vrp->rvq) != virtqueue_get_vring_size(vrp->svq)); if (virtqueue_get_vring_size(vrp->rvq) < MAX_RPMSG_NUM_BUFS / 2) vrp->num_bufs = virtqueue_get_vring_size(vrp->rvq) * 2; else vrp->num_bufs = MAX_RPMSG_NUM_BUFS; vrp->buf_size = MAX_RPMSG_BUF_SIZE; total_buf_space = vrp->num_bufs * vrp->buf_size; bufs_va = dma_alloc_coherent(vdev->dev.parent, total_buf_space, &vrp->bufs_dma, GFP_KERNEL); if (!bufs_va) { err = -ENOMEM; goto vqs_del; } dev_dbg(&vdev->dev, ""buffers: va %pK, dma %pad\n"", bufs_va, &vrp->bufs_dma); vrp->rbufs = bufs_va; vrp->sbufs = bufs_va + total_buf_space / 2; for (i = 0; i < vrp->num_bufs / 2; i++) { struct scatterlist sg; void *cpu_addr = vrp->rbufs + i * vrp->buf_size; rpmsg_sg_init(&sg, cpu_addr, vrp->buf_size); err = virtqueue_add_inbuf(vrp->rvq, &sg, 1, cpu_addr, GFP_KERNEL); WARN_ON(err); } virtqueue_disable_cb(vrp->svq); vdev->priv = vrp; rpdev_ctrl = rpmsg_virtio_add_ctrl_dev(vdev); if (IS_ERR(rpdev_ctrl)) { err = PTR_ERR(rpdev_ctrl); goto free_coherent; } if (virtio_has_feature(vdev, VIRTIO_RPMSG_F_NS)) { vch = kzalloc(sizeof(*vch), GFP_KERNEL); if (!vch) { err = -ENOMEM; goto free_ctrldev; } vch->vrp = vrp; rpdev_ns = &vch->rpdev; rpdev_ns->ops = &virtio_rpmsg_ops; rpdev_ns->little_endian = virtio_is_little_endian(vrp->vdev); rpdev_ns->dev.parent = &vrp->vdev->dev; rpdev_ns->dev.release = virtio_rpmsg_release_device; err = rpmsg_ns_register_device(rpdev_ns); if (err) goto free_vch; } notify = virtqueue_kick_prepare(vrp->rvq); virtio_device_ready(vdev); if (notify) virtqueue_notify(vrp->rvq); dev_info(&vdev->dev, ""rpmsg host is online\n""); return 0; free_vch: kfree(vch); free_ctrldev: rpmsg_virtio_del_ctrl_dev(rpdev_ctrl); free_coherent: dma_free_coherent(vdev->dev.parent, total_buf_space, bufs_va, vrp->bufs_dma); vqs_del: vdev->config->del_vqs(vrp->vdev); free_vrp: kfree(vrp); return err; }",visit repo url,drivers/rpmsg/virtio_rpmsg_bus.c,https://github.com/torvalds/linux,37567597698164,1 1791,CWE-200,"static int atl2_probe(struct pci_dev *pdev, const struct pci_device_id *ent) { struct net_device *netdev; struct atl2_adapter *adapter; static int cards_found; unsigned long mmio_start; int mmio_len; int err; cards_found = 0; err = pci_enable_device(pdev); if (err) return err; if (pci_set_dma_mask(pdev, DMA_BIT_MASK(32)) && pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32))) { printk(KERN_ERR ""atl2: No usable DMA configuration, aborting\n""); goto err_dma; } err = pci_request_regions(pdev, atl2_driver_name); if (err) goto err_pci_reg; pci_set_master(pdev); err = -ENOMEM; netdev = alloc_etherdev(sizeof(struct atl2_adapter)); if (!netdev) goto err_alloc_etherdev; SET_NETDEV_DEV(netdev, &pdev->dev); pci_set_drvdata(pdev, netdev); adapter = netdev_priv(netdev); adapter->netdev = netdev; adapter->pdev = pdev; adapter->hw.back = adapter; mmio_start = pci_resource_start(pdev, 0x0); mmio_len = pci_resource_len(pdev, 0x0); adapter->hw.mem_rang = (u32)mmio_len; adapter->hw.hw_addr = ioremap(mmio_start, mmio_len); if (!adapter->hw.hw_addr) { err = -EIO; goto err_ioremap; } atl2_setup_pcicmd(pdev); netdev->netdev_ops = &atl2_netdev_ops; netdev->ethtool_ops = &atl2_ethtool_ops; netdev->watchdog_timeo = 5 * HZ; strncpy(netdev->name, pci_name(pdev), sizeof(netdev->name) - 1); netdev->mem_start = mmio_start; netdev->mem_end = mmio_start + mmio_len; adapter->bd_number = cards_found; adapter->pci_using_64 = false; err = atl2_sw_init(adapter); if (err) goto err_sw_init; err = -EIO; netdev->hw_features = NETIF_F_SG | NETIF_F_HW_VLAN_CTAG_RX; netdev->features |= (NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_CTAG_RX); atl2_phy_init(&adapter->hw); if (atl2_reset_hw(&adapter->hw)) { err = -EIO; goto err_reset; } atl2_read_mac_addr(&adapter->hw); memcpy(netdev->dev_addr, adapter->hw.mac_addr, netdev->addr_len); if (!is_valid_ether_addr(netdev->dev_addr)) { err = -EIO; goto err_eeprom; } atl2_check_options(adapter); setup_timer(&adapter->watchdog_timer, atl2_watchdog, (unsigned long)adapter); setup_timer(&adapter->phy_config_timer, atl2_phy_config, (unsigned long)adapter); INIT_WORK(&adapter->reset_task, atl2_reset_task); INIT_WORK(&adapter->link_chg_task, atl2_link_chg_task); strcpy(netdev->name, ""eth%d""); err = register_netdev(netdev); if (err) goto err_register; netif_carrier_off(netdev); netif_stop_queue(netdev); cards_found++; return 0; err_reset: err_register: err_sw_init: err_eeprom: iounmap(adapter->hw.hw_addr); err_ioremap: free_netdev(netdev); err_alloc_etherdev: pci_release_regions(pdev); err_pci_reg: err_dma: pci_disable_device(pdev); return err; }",visit repo url,drivers/net/ethernet/atheros/atlx/atl2.c,https://github.com/torvalds/linux,26328493354155,1 6722,['CWE-310'],"destroy_8021x_dialog (gpointer user_data, GObject *finalized) { NM8021xInfo *info = user_data; gtk_widget_hide (info->dialog); gtk_widget_destroy (info->dialog); g_free (info); }",network-manager-applet,,,225527808253399080668043396678260705806,0 4149,CWE-416,"xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, xmlNodePtr elem, const xmlChar *name, const xmlChar *value) { xmlChar *ret, *dst; const xmlChar *src; xmlAttributePtr attrDecl = NULL; int extsubset = 0; if (doc == NULL) return(NULL); if (elem == NULL) return(NULL); if (name == NULL) return(NULL); if (value == NULL) return(NULL); if ((elem->ns != NULL) && (elem->ns->prefix != NULL)) { xmlChar fn[50]; xmlChar *fullname; fullname = xmlBuildQName(elem->name, elem->ns->prefix, fn, 50); if (fullname == NULL) return(NULL); attrDecl = xmlGetDtdAttrDesc(doc->intSubset, fullname, name); if ((attrDecl == NULL) && (doc->extSubset != NULL)) { attrDecl = xmlGetDtdAttrDesc(doc->extSubset, fullname, name); if (attrDecl != NULL) extsubset = 1; } if ((fullname != fn) && (fullname != elem->name)) xmlFree(fullname); } if ((attrDecl == NULL) && (doc->intSubset != NULL)) attrDecl = xmlGetDtdAttrDesc(doc->intSubset, elem->name, name); if ((attrDecl == NULL) && (doc->extSubset != NULL)) { attrDecl = xmlGetDtdAttrDesc(doc->extSubset, elem->name, name); if (attrDecl != NULL) extsubset = 1; } if (attrDecl == NULL) return(NULL); if (attrDecl->atype == XML_ATTRIBUTE_CDATA) return(NULL); ret = xmlStrdup(value); if (ret == NULL) return(NULL); src = value; dst = ret; while (*src == 0x20) src++; while (*src != 0) { if (*src == 0x20) { while (*src == 0x20) src++; if (*src != 0) *dst++ = 0x20; } else { *dst++ = *src++; } } *dst = 0; if ((doc->standalone) && (extsubset == 1) && (!xmlStrEqual(value, ret))) { xmlErrValidNode(ctxt, elem, XML_DTD_NOT_STANDALONE, ""standalone: %s on %s value had to be normalized based on external subset declaration\n"", name, elem->name, NULL); ctxt->valid = 0; } return(ret); }",visit repo url,valid.c,https://github.com/GNOME/libxml2,153213950429687,1 2647,CWE-125,"static char* getPreferredTag(const char* gf_tag) { char* result = NULL; int grOffset = 0; grOffset = findOffset( LOC_GRANDFATHERED ,gf_tag); if(grOffset < 0) { return NULL; } if( grOffset < LOC_PREFERRED_GRANDFATHERED_LEN ){ result = estrdup( LOC_PREFERRED_GRANDFATHERED[grOffset] ); } else { result = estrdup( LOC_GRANDFATHERED[grOffset] ); } return result; }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,260815623739027,1 6554,['CWE-200'],"nma_menu_create (NMApplet *applet) { GtkWidget *menu; g_return_val_if_fail (applet != NULL, NULL); menu = gtk_menu_new (); gtk_container_set_border_width (GTK_CONTAINER (menu), 0); g_signal_connect (menu, ""show"", G_CALLBACK (nma_menu_show_cb), applet); g_signal_connect (menu, ""deactivate"", G_CALLBACK (nma_menu_deactivate_cb), applet); return menu; }",network-manager-applet,,,59768855734936509089488008670336843453,0 3025,CWE-415,"BGD_DECLARE(void *) gdImageGifPtr(gdImagePtr im, int *size) { void *rv; gdIOCtx *out = gdNewDynamicCtx(2048, NULL); if (out == NULL) return NULL; gdImageGifCtx(im, out); rv = gdDPExtractData(out, size); out->gd_free(out); return rv; }",visit repo url,src/gd_gif_out.c,https://github.com/libgd/libgd,93811758015262,1 4566,['CWE-399'],"static int ext4_alloc_branch(handle_t *handle, struct inode *inode, ext4_lblk_t iblock, int indirect_blks, int *blks, ext4_fsblk_t goal, ext4_lblk_t *offsets, Indirect *branch) { int blocksize = inode->i_sb->s_blocksize; int i, n = 0; int err = 0; struct buffer_head *bh; int num; ext4_fsblk_t new_blocks[4]; ext4_fsblk_t current_block; num = ext4_alloc_blocks(handle, inode, iblock, goal, indirect_blks, *blks, new_blocks, &err); if (err) return err; branch[0].key = cpu_to_le32(new_blocks[0]); for (n = 1; n <= indirect_blks; n++) { bh = sb_getblk(inode->i_sb, new_blocks[n-1]); branch[n].bh = bh; lock_buffer(bh); BUFFER_TRACE(bh, ""call get_create_access""); err = ext4_journal_get_create_access(handle, bh); if (err) { unlock_buffer(bh); brelse(bh); goto failed; } memset(bh->b_data, 0, blocksize); branch[n].p = (__le32 *) bh->b_data + offsets[n]; branch[n].key = cpu_to_le32(new_blocks[n]); *branch[n].p = branch[n].key; if (n == indirect_blks) { current_block = new_blocks[n]; for (i=1; i < num; i++) *(branch[n].p + i) = cpu_to_le32(++current_block); } BUFFER_TRACE(bh, ""marking uptodate""); set_buffer_uptodate(bh); unlock_buffer(bh); BUFFER_TRACE(bh, ""call ext4_handle_dirty_metadata""); err = ext4_handle_dirty_metadata(handle, inode, bh); if (err) goto failed; } *blks = num; return err; failed: for (i = 1; i <= n ; i++) { BUFFER_TRACE(branch[i].bh, ""call jbd2_journal_forget""); ext4_journal_forget(handle, branch[i].bh); } for (i = 0; i < indirect_blks; i++) ext4_free_blocks(handle, inode, new_blocks[i], 1, 0); ext4_free_blocks(handle, inode, new_blocks[i], num, 0); return err; }",linux-2.6,,,10852103872815363088011248730132263049,0 2502,['CWE-119'],"static void diff_words_show(struct diff_words_data *diff_words) { xpparam_t xpp; xdemitconf_t xecfg; xdemitcb_t ecb; mmfile_t minus, plus; int i; memset(&xecfg, 0, sizeof(xecfg)); minus.size = diff_words->minus.text.size; minus.ptr = xmalloc(minus.size); memcpy(minus.ptr, diff_words->minus.text.ptr, minus.size); for (i = 0; i < minus.size; i++) if (isspace(minus.ptr[i])) minus.ptr[i] = '\n'; diff_words->minus.current = 0; plus.size = diff_words->plus.text.size; plus.ptr = xmalloc(plus.size); memcpy(plus.ptr, diff_words->plus.text.ptr, plus.size); for (i = 0; i < plus.size; i++) if (isspace(plus.ptr[i])) plus.ptr[i] = '\n'; diff_words->plus.current = 0; xpp.flags = XDF_NEED_MINIMAL; xecfg.ctxlen = diff_words->minus.alloc + diff_words->plus.alloc; ecb.outf = xdiff_outf; ecb.priv = diff_words; diff_words->xm.consume = fn_out_diff_words_aux; xdi_diff(&minus, &plus, &xpp, &xecfg, &ecb); free(minus.ptr); free(plus.ptr); diff_words->minus.text.size = diff_words->plus.text.size = 0; if (diff_words->minus.suppressed_newline) { putc('\n', diff_words->file); diff_words->minus.suppressed_newline = 0; } }",git,,,156111123856323397606280370174963062931,0 3064,CWE-125,"static int xbuf_format_converter(char **outbuf, const char *fmt, va_list ap) { register char *s = nullptr; char *q; int s_len; register int min_width = 0; int precision = 0; enum { LEFT, RIGHT } adjust; char pad_char; char prefix_char; double fp_num; wide_int i_num = (wide_int) 0; u_wide_int ui_num; char num_buf[NUM_BUF_SIZE]; char char_buf[2]; #ifdef HAVE_LOCALE_H struct lconv *lconv = nullptr; #endif length_modifier_e modifier; boolean_e alternate_form; boolean_e print_sign; boolean_e print_blank; boolean_e adjust_precision; boolean_e adjust_width; int is_negative; int size = 240; char *result = (char *)malloc(size); int outpos = 0; while (*fmt) { if (*fmt != '%') { appendchar(&result, &outpos, &size, *fmt); } else { adjust = RIGHT; alternate_form = print_sign = print_blank = NO; pad_char = ' '; prefix_char = NUL; fmt++; if (isascii((int)*fmt) && !islower((int)*fmt)) { for (;; fmt++) { if (*fmt == '-') adjust = LEFT; else if (*fmt == '+') print_sign = YES; else if (*fmt == '#') alternate_form = YES; else if (*fmt == ' ') print_blank = YES; else if (*fmt == '0') pad_char = '0'; else break; } if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, min_width); adjust_width = YES; } else if (*fmt == '*') { min_width = va_arg(ap, int); fmt++; adjust_width = YES; if (min_width < 0) { adjust = LEFT; min_width = -min_width; } } else adjust_width = NO; if (*fmt == '.') { adjust_precision = YES; fmt++; if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, precision); } else if (*fmt == '*') { precision = va_arg(ap, int); fmt++; if (precision < 0) precision = 0; } else precision = 0; } else adjust_precision = NO; } else adjust_precision = adjust_width = NO; switch (*fmt) { case 'L': fmt++; modifier = LM_LONG_DOUBLE; break; case 'I': fmt++; #if SIZEOF_LONG_LONG if (*fmt == '6' && *(fmt+1) == '4') { fmt += 2; modifier = LM_LONG_LONG; } else #endif if (*fmt == '3' && *(fmt+1) == '2') { fmt += 2; modifier = LM_LONG; } else { #ifdef _WIN64 modifier = LM_LONG_LONG; #else modifier = LM_LONG; #endif } break; case 'l': fmt++; #if SIZEOF_LONG_LONG if (*fmt == 'l') { fmt++; modifier = LM_LONG_LONG; } else #endif modifier = LM_LONG; break; case 'z': fmt++; modifier = LM_SIZE_T; break; case 'j': fmt++; #if SIZEOF_INTMAX_T modifier = LM_INTMAX_T; #else modifier = LM_SIZE_T; #endif break; case 't': fmt++; #if SIZEOF_PTRDIFF_T modifier = LM_PTRDIFF_T; #else modifier = LM_SIZE_T; #endif break; case 'h': fmt++; if (*fmt == 'h') { fmt++; } default: modifier = LM_STD; break; } switch (*fmt) { case 'u': switch(modifier) { default: i_num = (wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: i_num = (wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } case 'd': case 'i': if ((*fmt) != 'u') { switch(modifier) { default: i_num = (wide_int) va_arg(ap, int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, long int); break; case LM_SIZE_T: #if SIZEOF_SSIZE_T i_num = (wide_int) va_arg(ap, ssize_t); #else i_num = (wide_int) va_arg(ap, size_t); #endif break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, intmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } } s = ap_php_conv_10(i_num, (*fmt) == 'u', &is_negative, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (*fmt != 'u') { if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'o': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 3, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && *s != '0') { *--s = '0'; s_len++; } break; case 'x': case 'X': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 4, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && i_num != 0) { *--s = *fmt; *--s = '0'; s_len += 2; } break; case 's': case 'v': s = va_arg(ap, char *); if (s != nullptr) { s_len = strlen(s); if (adjust_precision && precision < s_len) s_len = precision; } else { s = const_cast(s_null); s_len = S_NULL_LEN; } pad_char = ' '; break; case 'f': case 'F': case 'e': case 'E': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""nan""); s_len = 3; } else if (std::isinf(fp_num)) { s = const_cast(""inf""); s_len = 3; } else { #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_conv_fp((*fmt == 'f')?'F':*fmt, fp_num, alternate_form, (adjust_precision == NO) ? FLOAT_DIGITS : precision, (*fmt == 'f')?LCONV_DECIMAL_POINT:'.', &is_negative, &num_buf[1], &s_len); if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'g': case 'k': case 'G': case 'H': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""NAN""); s_len = 3; break; } else if (std::isinf(fp_num)) { if (fp_num > 0) { s = const_cast(""INF""); s_len = 3; } else { s = const_cast(""-INF""); s_len = 4; } break; } if (adjust_precision == NO) precision = FLOAT_DIGITS; else if (precision == 0) precision = 1; #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_gcvt(fp_num, precision, (*fmt=='H' || *fmt == 'k') ? '.' : LCONV_DECIMAL_POINT, (*fmt == 'G' || *fmt == 'H')?'E':'e', &num_buf[1]); if (*s == '-') prefix_char = *s++; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; s_len = strlen(s); if (alternate_form && (q = strchr(s, '.')) == nullptr) s[s_len++] = '.'; break; case 'c': char_buf[0] = (char) (va_arg(ap, int)); s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case '%': char_buf[0] = '%'; s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case 'n': *(va_arg(ap, int *)) = outpos; goto skip_output; case 'p': if (sizeof(char *) <= sizeof(u_wide_int)) { ui_num = (u_wide_int)((size_t) va_arg(ap, char *)); s = ap_php_conv_p2(ui_num, 4, 'x', &num_buf[NUM_BUF_SIZE], &s_len); if (ui_num != 0) { *--s = 'x'; *--s = '0'; s_len += 2; } } else { s = const_cast(""%p""); s_len = 2; } pad_char = ' '; break; case NUL: continue; fmt_error: throw Exception(""Illegal length modifier specified '%c'"", *fmt); default: char_buf[0] = '%'; char_buf[1] = *fmt; s = char_buf; s_len = 2; pad_char = ' '; break; } if (prefix_char != NUL) { *--s = prefix_char; s_len++; } if (adjust_width && adjust == RIGHT && min_width > s_len) { if (pad_char == '0' && prefix_char != NUL) { appendchar(&result, &outpos, &size, *s); s++; s_len--; min_width--; } for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } appendsimplestring(&result, &outpos, &size, s, s_len); if (adjust_width && adjust == LEFT && min_width > s_len) { for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } } skip_output: fmt++; } result[outpos] = NUL; *outbuf = result; return outpos; }",visit repo url,hphp/zend/zend-printf.cpp,https://github.com/facebook/hhvm,58531151562577,1 481,[],"pfm_check_task_exist(pfm_context_t *ctx) { struct task_struct *g, *t; int ret = -ESRCH; read_lock(&tasklist_lock); do_each_thread (g, t) { if (t->thread.pfm_context == ctx) { ret = 0; break; } } while_each_thread (g, t); read_unlock(&tasklist_lock); DPRINT((""pfm_check_task_exist: ret=%d ctx=%p\n"", ret, ctx)); return ret; }",linux-2.6,,,311322294141577937014556470484401720027,0 6358,CWE-476,"file_rlookup(const char *filename) { int i; cache_t *wc; for (i = web_files, wc = web_cache; i > 0; i --, wc ++) if (!strcmp(wc->name, filename)) return (wc->url); return (filename); }",visit repo url,htmldoc/file.c,https://github.com/michaelrsweet/htmldoc,45525968310321,1 1567,CWE-665,"bool __skb_flow_dissect(const struct sk_buff *skb, struct flow_dissector *flow_dissector, void *target_container, void *data, __be16 proto, int nhoff, int hlen) { struct flow_dissector_key_control *key_control; struct flow_dissector_key_basic *key_basic; struct flow_dissector_key_addrs *key_addrs; struct flow_dissector_key_ports *key_ports; struct flow_dissector_key_tags *key_tags; struct flow_dissector_key_keyid *key_keyid; u8 ip_proto = 0; if (!data) { data = skb->data; proto = skb->protocol; nhoff = skb_network_offset(skb); hlen = skb_headlen(skb); } key_control = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_CONTROL, target_container); key_basic = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_BASIC, target_container); if (skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ETH_ADDRS)) { struct ethhdr *eth = eth_hdr(skb); struct flow_dissector_key_eth_addrs *key_eth_addrs; key_eth_addrs = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_ETH_ADDRS, target_container); memcpy(key_eth_addrs, ð->h_dest, sizeof(*key_eth_addrs)); } again: switch (proto) { case htons(ETH_P_IP): { const struct iphdr *iph; struct iphdr _iph; ip: iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph); if (!iph || iph->ihl < 5) return false; nhoff += iph->ihl * 4; ip_proto = iph->protocol; if (ip_is_fragment(iph)) ip_proto = 0; if (!skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPV4_ADDRS)) break; key_addrs = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_IPV4_ADDRS, target_container); memcpy(&key_addrs->v4addrs, &iph->saddr, sizeof(key_addrs->v4addrs)); key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; break; } case htons(ETH_P_IPV6): { const struct ipv6hdr *iph; struct ipv6hdr _iph; __be32 flow_label; ipv6: iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph); if (!iph) return false; ip_proto = iph->nexthdr; nhoff += sizeof(struct ipv6hdr); if (skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPV6_ADDRS)) { struct flow_dissector_key_ipv6_addrs *key_ipv6_addrs; key_ipv6_addrs = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_IPV6_ADDRS, target_container); memcpy(key_ipv6_addrs, &iph->saddr, sizeof(*key_ipv6_addrs)); key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; } flow_label = ip6_flowlabel(iph); if (flow_label) { if (skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_FLOW_LABEL)) { key_tags = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_FLOW_LABEL, target_container); key_tags->flow_label = ntohl(flow_label); } } break; } case htons(ETH_P_8021AD): case htons(ETH_P_8021Q): { const struct vlan_hdr *vlan; struct vlan_hdr _vlan; vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan), data, hlen, &_vlan); if (!vlan) return false; if (skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_VLANID)) { key_tags = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_VLANID, target_container); key_tags->vlan_id = skb_vlan_tag_get_id(skb); } proto = vlan->h_vlan_encapsulated_proto; nhoff += sizeof(*vlan); goto again; } case htons(ETH_P_PPP_SES): { struct { struct pppoe_hdr hdr; __be16 proto; } *hdr, _hdr; hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr); if (!hdr) return false; proto = hdr->proto; nhoff += PPPOE_SES_HLEN; switch (proto) { case htons(PPP_IP): goto ip; case htons(PPP_IPV6): goto ipv6; default: return false; } } case htons(ETH_P_TIPC): { struct { __be32 pre[3]; __be32 srcnode; } *hdr, _hdr; hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr); if (!hdr) return false; key_basic->n_proto = proto; key_control->thoff = (u16)nhoff; if (skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_TIPC_ADDRS)) { key_addrs = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_TIPC_ADDRS, target_container); key_addrs->tipcaddrs.srcnode = hdr->srcnode; key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS; } return true; } case htons(ETH_P_MPLS_UC): case htons(ETH_P_MPLS_MC): { struct mpls_label *hdr, _hdr[2]; mpls: hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr); if (!hdr) return false; if ((ntohl(hdr[0].entry) & MPLS_LS_LABEL_MASK) >> MPLS_LS_LABEL_SHIFT == MPLS_LABEL_ENTROPY) { if (skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_MPLS_ENTROPY)) { key_keyid = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_MPLS_ENTROPY, target_container); key_keyid->keyid = hdr[1].entry & htonl(MPLS_LS_LABEL_MASK); } key_basic->n_proto = proto; key_basic->ip_proto = ip_proto; key_control->thoff = (u16)nhoff; return true; } return true; } case htons(ETH_P_FCOE): key_control->thoff = (u16)(nhoff + FCOE_HEADER_LEN); default: return false; } ip_proto_again: switch (ip_proto) { case IPPROTO_GRE: { struct gre_hdr { __be16 flags; __be16 proto; } *hdr, _hdr; hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr); if (!hdr) return false; if (hdr->flags & (GRE_VERSION | GRE_ROUTING)) break; proto = hdr->proto; nhoff += 4; if (hdr->flags & GRE_CSUM) nhoff += 4; if (hdr->flags & GRE_KEY) { const __be32 *keyid; __be32 _keyid; keyid = __skb_header_pointer(skb, nhoff, sizeof(_keyid), data, hlen, &_keyid); if (!keyid) return false; if (skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_GRE_KEYID)) { key_keyid = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_GRE_KEYID, target_container); key_keyid->keyid = *keyid; } nhoff += 4; } if (hdr->flags & GRE_SEQ) nhoff += 4; if (proto == htons(ETH_P_TEB)) { const struct ethhdr *eth; struct ethhdr _eth; eth = __skb_header_pointer(skb, nhoff, sizeof(_eth), data, hlen, &_eth); if (!eth) return false; proto = eth->h_proto; nhoff += sizeof(*eth); } goto again; } case NEXTHDR_HOP: case NEXTHDR_ROUTING: case NEXTHDR_DEST: { u8 _opthdr[2], *opthdr; if (proto != htons(ETH_P_IPV6)) break; opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr), data, hlen, &_opthdr); if (!opthdr) return false; ip_proto = opthdr[0]; nhoff += (opthdr[1] + 1) << 3; goto ip_proto_again; } case IPPROTO_IPIP: proto = htons(ETH_P_IP); goto ip; case IPPROTO_IPV6: proto = htons(ETH_P_IPV6); goto ipv6; case IPPROTO_MPLS: proto = htons(ETH_P_MPLS_UC); goto mpls; default: break; } key_basic->n_proto = proto; key_basic->ip_proto = ip_proto; key_control->thoff = (u16)nhoff; if (skb_flow_dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS)) { key_ports = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_PORTS, target_container); key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto, data, hlen); } return true; }",visit repo url,net/core/flow_dissector.c,https://github.com/torvalds/linux,39591891742317,1 539,['CWE-399'],"static void pwc_isoc_handler(struct urb *urb) { struct pwc_device *pdev; int i, fst, flen; int awake; struct pwc_frame_buf *fbuf; unsigned char *fillptr = NULL, *iso_buf = NULL; awake = 0; pdev = (struct pwc_device *)urb->context; if (pdev == NULL) { PWC_ERROR(""isoc_handler() called with NULL device?!\n""); return; } if (urb->status == -ENOENT || urb->status == -ECONNRESET) { PWC_DEBUG_OPEN(""URB (%p) unlinked %ssynchronuously.\n"", urb, urb->status == -ENOENT ? """" : ""a""); return; } if (urb->status != -EINPROGRESS && urb->status != 0) { const char *errmsg; errmsg = ""Unknown""; switch(urb->status) { case -ENOSR: errmsg = ""Buffer error (overrun)""; break; case -EPIPE: errmsg = ""Stalled (device not responding)""; break; case -EOVERFLOW: errmsg = ""Babble (bad cable?)""; break; case -EPROTO: errmsg = ""Bit-stuff error (bad cable?)""; break; case -EILSEQ: errmsg = ""CRC/Timeout (could be anything)""; break; case -ETIME: errmsg = ""Device does not respond""; break; } PWC_DEBUG_FLOW(""pwc_isoc_handler() called with status %d [%s].\n"", urb->status, errmsg); if (++pdev->visoc_errors > MAX_ISOC_ERRORS) { PWC_INFO(""Too many ISOC errors, bailing out.\n""); pdev->error_status = EIO; awake = 1; wake_up_interruptible(&pdev->frameq); } goto handler_end; } fbuf = pdev->fill_frame; if (fbuf == NULL) { PWC_ERROR(""pwc_isoc_handler without valid fill frame.\n""); awake = 1; goto handler_end; } else { fillptr = fbuf->data + fbuf->filled; } pdev->visoc_errors = 0; for (i = 0; i < urb->number_of_packets; i++) { fst = urb->iso_frame_desc[i].status; flen = urb->iso_frame_desc[i].actual_length; iso_buf = urb->transfer_buffer + urb->iso_frame_desc[i].offset; if (fst == 0) { if (flen > 0) { if (pdev->vsync > 0) { pdev->vsync = 2; if (flen + fbuf->filled > pdev->frame_total_size) { PWC_DEBUG_FLOW(""Frame buffer overflow (flen = %d, frame_total_size = %d).\n"", flen, pdev->frame_total_size); pdev->vsync = 0; pdev->vframes_error++; } else { memmove(fillptr, iso_buf, flen); fillptr += flen; } } fbuf->filled += flen; } if (flen < pdev->vlast_packet_size) { if (pdev->vsync == 2) { if (pwc_rcv_short_packet(pdev, fbuf)) { awake = 1; fbuf = pdev->fill_frame; } } fbuf->filled = 0; fillptr = fbuf->data; pdev->vsync = 1; } pdev->vlast_packet_size = flen; } else { static int iso_error = 0; iso_error++; if (iso_error < 20) PWC_DEBUG_FLOW(""Iso frame %d of USB has error %d\n"", i, fst); } } handler_end: if (awake) wake_up_interruptible(&pdev->frameq); urb->dev = pdev->udev; i = usb_submit_urb(urb, GFP_ATOMIC); if (i != 0) PWC_ERROR(""Error (%d) re-submitting urb in pwc_isoc_handler.\n"", i); }",linux-2.6,,,2175944787651064537712736465810639244,0 1433,NVD-CWE-Other,"sctp_disposition_t sctp_sf_do_5_2_4_dupcook(struct net *net, const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { sctp_disposition_t retval; struct sctp_chunk *chunk = arg; struct sctp_association *new_asoc; int error = 0; char action; struct sctp_chunk *err_chk_p; if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(net, ep, asoc, type, arg, commands); chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data; if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t))) goto nomem; new_asoc = sctp_unpack_cookie(ep, asoc, chunk, GFP_ATOMIC, &error, &err_chk_p); if (!new_asoc) { switch (error) { case -SCTP_IERROR_NOMEM: goto nomem; case -SCTP_IERROR_STALE_COOKIE: sctp_send_stale_cookie_err(net, ep, asoc, chunk, commands, err_chk_p); return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); case -SCTP_IERROR_BAD_SIG: default: return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); } } action = sctp_tietags_compare(new_asoc, asoc); switch (action) { case 'A': retval = sctp_sf_do_dupcook_a(net, ep, asoc, chunk, commands, new_asoc); break; case 'B': retval = sctp_sf_do_dupcook_b(net, ep, asoc, chunk, commands, new_asoc); break; case 'C': retval = sctp_sf_do_dupcook_c(net, ep, asoc, chunk, commands, new_asoc); break; case 'D': retval = sctp_sf_do_dupcook_d(net, ep, asoc, chunk, commands, new_asoc); break; default: retval = sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); break; } sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc)); sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_SET_ASOC, SCTP_ASOC((struct sctp_association *)asoc)); return retval; nomem: return SCTP_DISPOSITION_NOMEM; }",visit repo url,net/sctp/sm_statefuns.c,https://github.com/torvalds/linux,295621004322,1 645,CWE-20,"int udpv6_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct inet_sock *inet = inet_sk(sk); struct sk_buff *skb; unsigned int ulen, copied; int peeked, off = 0; int err; int is_udplite = IS_UDPLITE(sk); int is_udp4; bool slow; if (addr_len) *addr_len = sizeof(struct sockaddr_in6); if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len); if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len); try_again: skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), &peeked, &off, &err); if (!skb) goto out; ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) copied = ulen; else if (copied < ulen) msg->msg_flags |= MSG_TRUNC; is_udp4 = (skb->protocol == htons(ETH_P_IP)); if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { if (udp_lib_checksum_complete(skb)) goto csum_copy_err; } if (skb_csum_unnecessary(skb)) err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov, copied); else { err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (unlikely(err)) { trace_kfree_skb(skb, udpv6_recvmsg); if (!peeked) { atomic_inc(&sk->sk_drops); if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } goto out_free; } if (!peeked) { if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); } sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) { struct sockaddr_in6 *sin6; sin6 = (struct sockaddr_in6 *) msg->msg_name; sin6->sin6_family = AF_INET6; sin6->sin6_port = udp_hdr(skb)->source; sin6->sin6_flowinfo = 0; if (is_udp4) { ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &sin6->sin6_addr); sin6->sin6_scope_id = 0; } else { sin6->sin6_addr = ipv6_hdr(skb)->saddr; sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); } } if (is_udp4) { if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); } else { if (np->rxopt.all) ip6_datagram_recv_ctl(sk, msg, skb); } err = copied; if (flags & MSG_TRUNC) err = ulen; out_free: skb_free_datagram_locked(sk, skb); out: return err; csum_copy_err: slow = lock_sock_fast(sk); if (!skb_kill_datagram(sk, skb, flags)) { if (is_udp4) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } else { UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } } unlock_sock_fast(sk, slow); if (noblock) return -EAGAIN; msg->msg_flags &= ~MSG_TRUNC; goto try_again; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,261709041298464,1 3586,['CWE-20'],"sctp_disposition_t sctp_sf_do_prm_send(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(chunk)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,78421425539727059216693332511439724724,0 939,CWE-190,"static u64 __skb_get_nlattr_nest(u64 ctx, u64 A, u64 X, u64 r4, u64 r5) { struct sk_buff *skb = (struct sk_buff *)(long) ctx; struct nlattr *nla; if (skb_is_nonlinear(skb)) return 0; if (A > skb->len - sizeof(struct nlattr)) return 0; nla = (struct nlattr *) &skb->data[A]; if (nla->nla_len > A - skb->len) return 0; nla = nla_find_nested(nla, X); if (nla) return (void *) nla - (void *) skb->data; return 0; }",visit repo url,net/core/filter.c,https://github.com/torvalds/linux,93123523497198,1 3618,CWE-264,"mm_answer_pam_free_ctx(int sock, Buffer *m) { debug3(""%s"", __func__); (sshpam_device.free_ctx)(sshpam_ctxt); buffer_clear(m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); auth_method = ""keyboard-interactive""; auth_submethod = ""pam""; return (sshpam_authok == sshpam_ctxt); }",visit repo url,monitor.c,https://github.com/openssh/openssh-portable,208846677969743,1 4984,['CWE-20'],"static int nfs_probe_fsinfo(struct nfs_server *server, struct nfs_fh *mntfh, struct nfs_fattr *fattr) { struct nfs_fsinfo fsinfo; struct nfs_client *clp = server->nfs_client; int error; dprintk(""--> nfs_probe_fsinfo()\n""); if (clp->rpc_ops->set_capabilities != NULL) { error = clp->rpc_ops->set_capabilities(server, mntfh); if (error < 0) goto out_error; } fsinfo.fattr = fattr; nfs_fattr_init(fattr); error = clp->rpc_ops->fsinfo(server, mntfh, &fsinfo); if (error < 0) goto out_error; nfs_server_set_fsinfo(server, &fsinfo); if (server->namelen == 0) { struct nfs_pathconf pathinfo; pathinfo.fattr = fattr; nfs_fattr_init(fattr); if (clp->rpc_ops->pathconf(server, mntfh, &pathinfo) >= 0) server->namelen = pathinfo.max_namelen; } dprintk(""<-- nfs_probe_fsinfo() = 0\n""); return 0; out_error: dprintk(""nfs_probe_fsinfo: error = %d\n"", -error); return error; }",linux-2.6,,,50278177499765882505834722922227617540,0 3156,['CWE-189'],"static int jpc_enc_encodemainbody(jpc_enc_t *enc) { int tileno; int tilex; int tiley; int i; jpc_sot_t *sot; jpc_enc_tcmpt_t *comp; jpc_enc_tcmpt_t *endcomps; jpc_enc_band_t *band; jpc_enc_band_t *endbands; jpc_enc_rlvl_t *lvl; int rlvlno; jpc_qcc_t *qcc; jpc_cod_t *cod; int adjust; int j; int absbandno; long numbytes; long tilehdrlen; long tilelen; jpc_enc_tile_t *tile; jpc_enc_cp_t *cp; double rho; int lyrno; int cmptno; int samestepsizes; jpc_enc_ccp_t *ccps; jpc_enc_tccp_t *tccp; int bandno; uint_fast32_t x; uint_fast32_t y; int mingbits; int actualnumbps; jpc_fix_t mxmag; jpc_fix_t mag; int numgbits; cp = enc->cp; numbytes = 0; for (tileno = 0; tileno < JAS_CAST(int, cp->numtiles); ++tileno) { tilex = tileno % cp->numhtiles; tiley = tileno / cp->numhtiles; if (!(enc->curtile = jpc_enc_tile_create(enc->cp, enc->image, tileno))) { abort(); } tile = enc->curtile; if (jas_getdbglevel() >= 10) { jpc_enc_dump(enc); } endcomps = &tile->tcmpts[tile->numtcmpts]; for (cmptno = 0, comp = tile->tcmpts; cmptno < tile->numtcmpts; ++cmptno, ++comp) { if (!cp->ccps[cmptno].sgnd) { adjust = 1 << (cp->ccps[cmptno].prec - 1); for (i = 0; i < jas_matrix_numrows(comp->data); ++i) { for (j = 0; j < jas_matrix_numcols(comp->data); ++j) { *jas_matrix_getref(comp->data, i, j) -= adjust; } } } } if (!tile->intmode) { endcomps = &tile->tcmpts[tile->numtcmpts]; for (comp = tile->tcmpts; comp != endcomps; ++comp) { jas_matrix_asl(comp->data, JPC_FIX_FRACBITS); } } switch (tile->mctid) { case JPC_MCT_RCT: assert(jas_image_numcmpts(enc->image) == 3); jpc_rct(tile->tcmpts[0].data, tile->tcmpts[1].data, tile->tcmpts[2].data); break; case JPC_MCT_ICT: assert(jas_image_numcmpts(enc->image) == 3); jpc_ict(tile->tcmpts[0].data, tile->tcmpts[1].data, tile->tcmpts[2].data); break; default: break; } for (i = 0; i < jas_image_numcmpts(enc->image); ++i) { comp = &tile->tcmpts[i]; jpc_tsfb_analyze(comp->tsfb, comp->data); } endcomps = &tile->tcmpts[tile->numtcmpts]; for (cmptno = 0, comp = tile->tcmpts; comp != endcomps; ++cmptno, ++comp) { mingbits = 0; absbandno = 0; memset(comp->stepsizes, 0, sizeof(comp->stepsizes)); for (rlvlno = 0, lvl = comp->rlvls; rlvlno < comp->numrlvls; ++rlvlno, ++lvl) { if (!lvl->bands) { absbandno += rlvlno ? 3 : 1; continue; } endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { ++absbandno; continue; } actualnumbps = 0; mxmag = 0; for (y = 0; y < JAS_CAST(uint_fast32_t, jas_matrix_numrows(band->data)); ++y) { for (x = 0; x < JAS_CAST(uint_fast32_t, jas_matrix_numcols(band->data)); ++x) { mag = abs(jas_matrix_get(band->data, y, x)); if (mag > mxmag) { mxmag = mag; } } } if (tile->intmode) { actualnumbps = jpc_firstone(mxmag) + 1; } else { actualnumbps = jpc_firstone(mxmag) + 1 - JPC_FIX_FRACBITS; } numgbits = actualnumbps - (cp->ccps[cmptno].prec - 1 + band->analgain); #if 0 jas_eprintf(""%d %d mag=%d actual=%d numgbits=%d\n"", cp->ccps[cmptno].prec, band->analgain, mxmag, actualnumbps, numgbits); #endif if (numgbits > mingbits) { mingbits = numgbits; } if (!tile->intmode) { band->absstepsize = jpc_fix_div(jpc_inttofix(1 << (band->analgain + 1)), band->synweight); } else { band->absstepsize = jpc_inttofix(1); } band->stepsize = jpc_abstorelstepsize( band->absstepsize, cp->ccps[cmptno].prec + band->analgain); band->numbps = cp->tccp.numgbits + JPC_QCX_GETEXPN(band->stepsize) - 1; if ((!tile->intmode) && band->data) { jpc_quantize(band->data, band->absstepsize); } comp->stepsizes[absbandno] = band->stepsize; ++absbandno; } } assert(JPC_FIX_FRACBITS >= JPC_NUMEXTRABITS); if (!tile->intmode) { jas_matrix_divpow2(comp->data, JPC_FIX_FRACBITS - JPC_NUMEXTRABITS); } else { jas_matrix_asl(comp->data, JPC_NUMEXTRABITS); } #if 0 jas_eprintf(""mingbits %d\n"", mingbits); #endif if (mingbits > cp->tccp.numgbits) { jas_eprintf(""error: too few guard bits (need at least %d)\n"", mingbits); return -1; } } if (!(enc->tmpstream = jas_stream_memopen(0, 0))) { jas_eprintf(""cannot open tmp file\n""); return -1; } if (!(enc->mrk = jpc_ms_create(JPC_MS_SOT))) { return -1; } sot = &enc->mrk->parms.sot; sot->len = 0; sot->tileno = tileno; sot->partno = 0; sot->numparts = 1; if (jpc_putms(enc->tmpstream, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write SOT marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; tccp = &cp->tccp; for (cmptno = 0; cmptno < JAS_CAST(int, cp->numcmpts); ++cmptno) { comp = &tile->tcmpts[cmptno]; if (comp->numrlvls != tccp->maxrlvls) { if (!(enc->mrk = jpc_ms_create(JPC_MS_COD))) { return -1; } comp = &tile->tcmpts[0]; cod = &enc->mrk->parms.cod; cod->compparms.csty = 0; cod->compparms.numdlvls = comp->numrlvls - 1; cod->prg = tile->prg; cod->numlyrs = tile->numlyrs; cod->compparms.cblkwidthval = JPC_COX_CBLKSIZEEXPN(comp->cblkwidthexpn); cod->compparms.cblkheightval = JPC_COX_CBLKSIZEEXPN(comp->cblkheightexpn); cod->compparms.cblksty = comp->cblksty; cod->compparms.qmfbid = comp->qmfbid; cod->mctrans = (tile->mctid != JPC_MCT_NONE); for (i = 0; i < comp->numrlvls; ++i) { cod->compparms.rlvls[i].parwidthval = comp->rlvls[i].prcwidthexpn; cod->compparms.rlvls[i].parheightval = comp->rlvls[i].prcheightexpn; } if (jpc_putms(enc->tmpstream, enc->cstate, enc->mrk)) { return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; } } for (cmptno = 0, comp = tile->tcmpts; cmptno < JAS_CAST(int, cp->numcmpts); ++cmptno, ++comp) { ccps = &cp->ccps[cmptno]; if (JAS_CAST(int, ccps->numstepsizes) == comp->numstepsizes) { samestepsizes = 1; for (bandno = 0; bandno < JAS_CAST(int, ccps->numstepsizes); ++bandno) { if (ccps->stepsizes[bandno] != comp->stepsizes[bandno]) { samestepsizes = 0; break; } } } else { samestepsizes = 0; } if (!samestepsizes) { if (!(enc->mrk = jpc_ms_create(JPC_MS_QCC))) { return -1; } qcc = &enc->mrk->parms.qcc; qcc->compno = cmptno; qcc->compparms.numguard = cp->tccp.numgbits; qcc->compparms.qntsty = (comp->qmfbid == JPC_COX_INS) ? JPC_QCX_SEQNT : JPC_QCX_NOQNT; qcc->compparms.numstepsizes = comp->numstepsizes; qcc->compparms.stepsizes = comp->stepsizes; if (jpc_putms(enc->tmpstream, enc->cstate, enc->mrk)) { return -1; } qcc->compparms.stepsizes = 0; jpc_ms_destroy(enc->mrk); enc->mrk = 0; } } if (!(enc->mrk = jpc_ms_create(JPC_MS_SOD))) { return -1; } if (jpc_putms(enc->tmpstream, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write SOD marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; tilehdrlen = jas_stream_getrwcount(enc->tmpstream); if (jpc_enc_enccblks(enc)) { abort(); return -1; } cp = enc->cp; rho = (double) (tile->brx - tile->tlx) * (tile->bry - tile->tly) / ((cp->refgrdwidth - cp->imgareatlx) * (cp->refgrdheight - cp->imgareatly)); tile->rawsize = cp->rawsize * rho; for (lyrno = 0; lyrno < tile->numlyrs - 1; ++lyrno) { tile->lyrsizes[lyrno] = tile->rawsize * jpc_fixtodbl( cp->tcp.ilyrrates[lyrno]); } tile->lyrsizes[tile->numlyrs - 1] = (cp->totalsize != UINT_FAST32_MAX) ? (rho * enc->mainbodysize) : UINT_FAST32_MAX; for (lyrno = 0; lyrno < tile->numlyrs; ++lyrno) { if (tile->lyrsizes[lyrno] != UINT_FAST32_MAX) { if (tilehdrlen <= JAS_CAST(long, tile->lyrsizes[lyrno])) { tile->lyrsizes[lyrno] -= tilehdrlen; } else { tile->lyrsizes[lyrno] = 0; } } } if (rateallocate(enc, tile->numlyrs, tile->lyrsizes)) { return -1; } #if 0 jas_eprintf(""ENCODE TILE DATA\n""); #endif if (jpc_enc_encodetiledata(enc)) { jas_eprintf(""dotile failed\n""); return -1; } tilelen = jas_stream_tell(enc->tmpstream); if (jas_stream_seek(enc->tmpstream, 6, SEEK_SET) < 0) { return -1; } jpc_putuint32(enc->tmpstream, tilelen); if (jas_stream_seek(enc->tmpstream, 0, SEEK_SET) < 0) { return -1; } if (jpc_putdata(enc->out, enc->tmpstream, -1)) { return -1; } enc->len += tilelen; jas_stream_close(enc->tmpstream); enc->tmpstream = 0; jpc_enc_tile_destroy(enc->curtile); enc->curtile = 0; } return 0; }",jasper,,,278509320601633047359729239505739092250,0 6395,CWE-20,"error_t enc28j60SendPacket(NetInterface *interface, const NetBuffer *buffer, size_t offset, NetTxAncillary *ancillary) { size_t length; length = netBufferGetLength(buffer) - offset; if(length > 1536) { osSetEvent(&interface->nicTxEvent); return ERROR_INVALID_LENGTH; } if(!interface->linkState) { osSetEvent(&interface->nicTxEvent); return NO_ERROR; } enc28j60SetBit(interface, ENC28J60_REG_ECON1, ECON1_TXRST); enc28j60ClearBit(interface, ENC28J60_REG_ECON1, ECON1_TXRST); enc28j60ClearBit(interface, ENC28J60_REG_EIR, EIR_TXIF | EIR_TXERIF); enc28j60WriteReg(interface, ENC28J60_REG_ETXSTL, LSB(ENC28J60_TX_BUFFER_START)); enc28j60WriteReg(interface, ENC28J60_REG_ETXSTH, MSB(ENC28J60_TX_BUFFER_START)); enc28j60WriteReg(interface, ENC28J60_REG_EWRPTL, LSB(ENC28J60_TX_BUFFER_START)); enc28j60WriteReg(interface, ENC28J60_REG_EWRPTH, MSB(ENC28J60_TX_BUFFER_START)); enc28j60WriteBuffer(interface, buffer, offset); enc28j60WriteReg(interface, ENC28J60_REG_ETXNDL, LSB(ENC28J60_TX_BUFFER_START + length)); enc28j60WriteReg(interface, ENC28J60_REG_ETXNDH, MSB(ENC28J60_TX_BUFFER_START + length)); enc28j60SetBit(interface, ENC28J60_REG_ECON1, ECON1_TXRTS); return NO_ERROR; }",visit repo url,drivers/eth/enc28j60_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,266753468966706,1 683,[],"static int jpc_cod_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_cod_t *cod = &ms->parms.cod; if (jpc_getuint8(in, &cod->csty)) { return -1; } if (jpc_getuint8(in, &cod->prg) || jpc_getuint16(in, &cod->numlyrs) || jpc_getuint8(in, &cod->mctrans)) { return -1; } if (jpc_cox_getcompparms(ms, cstate, in, (cod->csty & JPC_COX_PRT) != 0, &cod->compparms)) { return -1; } if (jas_stream_eof(in)) { jpc_cod_destroyparms(ms); return -1; } return 0; }",jasper,,,178565647829682344107102590526806354005,0 1480,[],"static void free_rt_sched_group(struct task_group *tg) { int i; destroy_rt_bandwidth(&tg->rt_bandwidth); for_each_possible_cpu(i) { if (tg->rt_rq) kfree(tg->rt_rq[i]); if (tg->rt_se) kfree(tg->rt_se[i]); } kfree(tg->rt_rq); kfree(tg->rt_se); }",linux-2.6,,,304218727898098770925413619065210082662,0 2164,CWE-326,"__be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb) { static u32 ip6_proxy_idents_hashrnd __read_mostly; struct in6_addr buf[2]; struct in6_addr *addrs; u32 id; addrs = skb_header_pointer(skb, skb_network_offset(skb) + offsetof(struct ipv6hdr, saddr), sizeof(buf), buf); if (!addrs) return 0; net_get_random_once(&ip6_proxy_idents_hashrnd, sizeof(ip6_proxy_idents_hashrnd)); id = __ipv6_select_ident(net, ip6_proxy_idents_hashrnd, &addrs[1], &addrs[0]); return htonl(id); }",visit repo url,net/ipv6/output_core.c,https://github.com/torvalds/linux,69126435083382,1 4854,['CWE-189'],"int ecryptfs_derive_iv(char *iv, struct ecryptfs_crypt_stat *crypt_stat, loff_t offset) { int rc = 0; char dst[MD5_DIGEST_SIZE]; char src[ECRYPTFS_MAX_IV_BYTES + 16]; if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""root iv:\n""); ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes); } memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes); memset((src + crypt_stat->iv_bytes), 0, 16); snprintf((src + crypt_stat->iv_bytes), 16, ""%lld"", offset); if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""source:\n""); ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16)); } rc = ecryptfs_calculate_md5(dst, crypt_stat, src, (crypt_stat->iv_bytes + 16)); if (rc) { ecryptfs_printk(KERN_WARNING, ""Error attempting to compute "" ""MD5 while generating IV for a page\n""); goto out; } memcpy(iv, dst, crypt_stat->iv_bytes); if (unlikely(ecryptfs_verbosity > 0)) { ecryptfs_printk(KERN_DEBUG, ""derived iv:\n""); ecryptfs_dump_hex(iv, crypt_stat->iv_bytes); } out: return rc; }",linux-2.6,,,179532666883780723165537695902649453242,0 1616,[],"void complete_all(struct completion *x) { unsigned long flags; spin_lock_irqsave(&x->wait.lock, flags); x->done += UINT_MAX/2; __wake_up_common(&x->wait, TASK_NORMAL, 0, 0, NULL); spin_unlock_irqrestore(&x->wait.lock, flags); }",linux-2.6,,,157241193628737280910340392516091344920,0 985,CWE-269,"static struct mount *clone_mnt(struct mount *old, struct dentry *root, int flag) { struct super_block *sb = old->mnt.mnt_sb; struct mount *mnt; int err; mnt = alloc_vfsmnt(old->mnt_devname); if (!mnt) return ERR_PTR(-ENOMEM); if (flag & (CL_SLAVE | CL_PRIVATE | CL_SHARED_TO_SLAVE)) mnt->mnt_group_id = 0; else mnt->mnt_group_id = old->mnt_group_id; if ((flag & CL_MAKE_SHARED) && !mnt->mnt_group_id) { err = mnt_alloc_group_id(mnt); if (err) goto out_free; } mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~(MNT_WRITE_HOLD|MNT_MARKED); if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY)) mnt->mnt.mnt_flags |= MNT_LOCK_READONLY; if ((flag & CL_UNPRIVILEGED) && list_empty(&old->mnt_expire)) mnt->mnt.mnt_flags |= MNT_LOCKED; atomic_inc(&sb->s_active); mnt->mnt.mnt_sb = sb; mnt->mnt.mnt_root = dget(root); mnt->mnt_mountpoint = mnt->mnt.mnt_root; mnt->mnt_parent = mnt; lock_mount_hash(); list_add_tail(&mnt->mnt_instance, &sb->s_mounts); unlock_mount_hash(); if ((flag & CL_SLAVE) || ((flag & CL_SHARED_TO_SLAVE) && IS_MNT_SHARED(old))) { list_add(&mnt->mnt_slave, &old->mnt_slave_list); mnt->mnt_master = old; CLEAR_MNT_SHARED(mnt); } else if (!(flag & CL_PRIVATE)) { if ((flag & CL_MAKE_SHARED) || IS_MNT_SHARED(old)) list_add(&mnt->mnt_share, &old->mnt_share); if (IS_MNT_SLAVE(old)) list_add(&mnt->mnt_slave, &old->mnt_slave); mnt->mnt_master = old->mnt_master; } if (flag & CL_MAKE_SHARED) set_mnt_shared(mnt); if (flag & CL_EXPIRE) { if (!list_empty(&old->mnt_expire)) list_add(&mnt->mnt_expire, &old->mnt_expire); } return mnt; out_free: mnt_free_id(mnt); free_vfsmnt(mnt); return ERR_PTR(err); }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,210900859254498,1 5367,['CWE-476'],"int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { int r; sigset_t sigsaved; vcpu_load(vcpu); if (vcpu->sigset_active) sigprocmask(SIG_SETMASK, &vcpu->sigset, &sigsaved); if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_UNINITIALIZED)) { kvm_vcpu_block(vcpu); clear_bit(KVM_REQ_UNHALT, &vcpu->requests); r = -EAGAIN; goto out; } if (!irqchip_in_kernel(vcpu->kvm)) kvm_set_cr8(vcpu, kvm_run->cr8); if (vcpu->arch.pio.cur_count) { r = complete_pio(vcpu); if (r) goto out; } #if CONFIG_HAS_IOMEM if (vcpu->mmio_needed) { memcpy(vcpu->mmio_data, kvm_run->mmio.data, 8); vcpu->mmio_read_completed = 1; vcpu->mmio_needed = 0; down_read(&vcpu->kvm->slots_lock); r = emulate_instruction(vcpu, kvm_run, vcpu->arch.mmio_fault_cr2, 0, EMULTYPE_NO_DECODE); up_read(&vcpu->kvm->slots_lock); if (r == EMULATE_DO_MMIO) { r = 0; goto out; } } #endif if (kvm_run->exit_reason == KVM_EXIT_HYPERCALL) kvm_register_write(vcpu, VCPU_REGS_RAX, kvm_run->hypercall.ret); r = __vcpu_run(vcpu, kvm_run); out: if (vcpu->sigset_active) sigprocmask(SIG_SETMASK, &sigsaved, NULL); vcpu_put(vcpu); return r; }",linux-2.6,,,58474275191179981508639806594560818517,0 4165,['CWE-399'],"int avahi_server_errno(AvahiServer *s) { assert(s); return s->error; }",avahi,,,314531111712489189443114062555998682002,0 3757,[],"static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr=msg->msg_name; int copied = 0; int check_creds = 0; int target; int err = 0; long timeo; err = -EINVAL; if (sk->sk_state != TCP_ESTABLISHED) goto out; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); msg->msg_namelen = 0; if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } mutex_lock(&u->readlock); do { int chunk; struct sk_buff *skb; unix_state_lock(sk); skb = skb_dequeue(&sk->sk_receive_queue); if (skb==NULL) { if (copied >= target) goto unlock; if ((err = sock_error(sk)) != 0) goto unlock; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; unix_state_unlock(sk); err = -EAGAIN; if (!timeo) break; mutex_unlock(&u->readlock); timeo = unix_stream_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } mutex_lock(&u->readlock); continue; unlock: unix_state_unlock(sk); break; } unix_state_unlock(sk); if (check_creds) { if (memcmp(UNIXCREDS(skb), &siocb->scm->creds, sizeof(siocb->scm->creds)) != 0) { skb_queue_head(&sk->sk_receive_queue, skb); break; } } else { siocb->scm->creds = *UNIXCREDS(skb); check_creds = 1; } if (sunaddr) { unix_copy_addr(msg, skb->sk); sunaddr = NULL; } chunk = min_t(unsigned int, skb->len, size); if (memcpy_toiovec(msg->msg_iov, skb->data, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { skb_pull(skb, chunk); if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); if (siocb->scm->fp) break; } else { if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); mutex_unlock(&u->readlock); scm_recv(sock, msg, siocb->scm, flags); out: return copied ? : err; }",linux-2.6,,,135694475495272999840059587962590869419,0 5605,CWE-125,"decode_unicode_with_escapes(struct compiling *c, const node *n, const char *s, size_t len) { PyObject *u; char *buf; char *p; const char *end; if (len > SIZE_MAX / 6) return NULL; u = PyBytes_FromStringAndSize((char *)NULL, len * 6); if (u == NULL) return NULL; p = buf = PyBytes_AsString(u); end = s + len; while (s < end) { if (*s == '\\') { *p++ = *s++; if (*s & 0x80) { strcpy(p, ""u005c""); p += 5; } } if (*s & 0x80) { PyObject *w; int kind; void *data; Py_ssize_t len, i; w = decode_utf8(c, &s, end); if (w == NULL) { Py_DECREF(u); return NULL; } kind = PyUnicode_KIND(w); data = PyUnicode_DATA(w); len = PyUnicode_GET_LENGTH(w); for (i = 0; i < len; i++) { Py_UCS4 chr = PyUnicode_READ(kind, data, i); sprintf(p, ""\\U%08x"", chr); p += 10; } assert(p - buf <= Py_SIZE(u)); Py_DECREF(w); } else { *p++ = *s++; } } len = p - buf; s = buf; return PyUnicode_DecodeUnicodeEscape(s, len, NULL); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,61470789694978,1 3092,['CWE-189'],"void jpc_save_t2state(jpc_enc_t *enc) { jpc_enc_tcmpt_t *comp; jpc_enc_tcmpt_t *endcomps; jpc_enc_rlvl_t *lvl; jpc_enc_rlvl_t *endlvls; jpc_enc_band_t *band; jpc_enc_band_t *endbands; jpc_enc_cblk_t *cblk; jpc_enc_cblk_t *endcblks; jpc_enc_tile_t *tile; int prcno; jpc_enc_prc_t *prc; tile = enc->curtile; endcomps = &tile->tcmpts[tile->numtcmpts]; for (comp = tile->tcmpts; comp != endcomps; ++comp) { endlvls = &comp->rlvls[comp->numrlvls]; for (lvl = comp->rlvls; lvl != endlvls; ++lvl) { if (!lvl->bands) { continue; } endbands = &lvl->bands[lvl->numbands]; for (band = lvl->bands; band != endbands; ++band) { if (!band->data) { continue; } for (prcno = 0, prc = band->prcs; prcno < lvl->numprcs; ++prcno, ++prc) { if (!prc->cblks) { continue; } jpc_tagtree_copy(prc->savincltree, prc->incltree); jpc_tagtree_copy(prc->savnlibtree, prc->nlibtree); endcblks = &prc->cblks[prc->numcblks]; for (cblk = prc->cblks; cblk != endcblks; ++cblk) { cblk->savedcurpass = cblk->curpass; cblk->savednumencpasses = cblk->numencpasses; cblk->savednumlenbits = cblk->numlenbits; } } } } } }",jasper,,,1126238187996306024816214681438454498,0 6691,CWE-129,"stl_fix_normal_directions(stl_file *stl) { char *norm_sw; int checked = 0; int facet_num; int i; int j; struct stl_normal { int facet_num; struct stl_normal *next; }; struct stl_normal *head; struct stl_normal *tail; struct stl_normal *newn; struct stl_normal *temp; if (stl->error) return; head = (struct stl_normal*)malloc(sizeof(struct stl_normal)); if(head == NULL) perror(""stl_fix_normal_directions""); tail = (struct stl_normal*)malloc(sizeof(struct stl_normal)); if(tail == NULL) perror(""stl_fix_normal_directions""); head->next = tail; tail->next = tail; norm_sw = (char*)calloc(stl->stats.number_of_facets, sizeof(char)); if(norm_sw == NULL) perror(""stl_fix_normal_directions""); facet_num = 0; if(stl_check_normal_vector(stl, 0, 0) == 2) stl_reverse_facet(stl, 0); norm_sw[facet_num] = 1; checked++; for(;;) { for(j = 0; j < 3; j++) { if(stl->neighbors_start[facet_num].which_vertex_not[j] > 2) { if(stl->neighbors_start[facet_num].neighbor[j] != -1) { stl_reverse_facet (stl, stl->neighbors_start[facet_num].neighbor[j]); } } if(stl->neighbors_start[facet_num].neighbor[j] != -1) { if(norm_sw[stl->neighbors_start[facet_num].neighbor[j]] != 1) { newn = (struct stl_normal*)malloc(sizeof(struct stl_normal)); if(newn == NULL) perror(""stl_fix_normal_directions""); newn->facet_num = stl->neighbors_start[facet_num].neighbor[j]; newn->next = head->next; head->next = newn; } } } if(head->next != tail) { facet_num = head->next->facet_num; if(norm_sw[facet_num] != 1) { norm_sw[facet_num] = 1; checked++; } temp = head->next; head->next = head->next->next; free(temp); } else { stl->stats.number_of_parts += 1; if(checked >= stl->stats.number_of_facets) { break; } else { for(i = 0; i < stl->stats.number_of_facets; i++) { if(norm_sw[i] == 0) { facet_num = i; if(stl_check_normal_vector(stl, i, 0) == 2) { stl_reverse_facet(stl, i); } norm_sw[facet_num] = 1; checked++; break; } } } } } free(head); free(tail); free(norm_sw); }",visit repo url,src/normals.c,https://github.com/admesh/admesh,67345365442553,1 3302,['CWE-189'],"int getthebyte(jas_stream_t *in, long off) { int c; long oldpos; oldpos = jas_stream_tell(in); assert(oldpos >= 0); jas_stream_seek(in, off, SEEK_SET); c = jas_stream_peekc(in); jas_stream_seek(in, oldpos, SEEK_SET); return c; }",jasper,,,170610501654221975634425693159117126470,0 6455,CWE-20,"error_t mqttSnClientSubscribe(MqttSnClientContext *context, const char_t *topicName, MqttSnQosLevel qos) { error_t error; systime_t time; if(context == NULL || topicName == NULL) return ERROR_INVALID_PARAMETER; error = NO_ERROR; while(!error) { time = osGetSystemTime(); if(context->state == MQTT_SN_CLIENT_STATE_ACTIVE) { mqttSnClientGenerateMessageId(context); context->startTime = time; error = mqttSnClientSendSubscribe(context, topicName, qos); } else if(context->state == MQTT_SN_CLIENT_STATE_SENDING_REQ) { if(timeCompare(time, context->startTime + context->timeout) >= 0) { context->state = MQTT_SN_CLIENT_STATE_DISCONNECTING; error = ERROR_TIMEOUT; } else if(timeCompare(time, context->retransmitStartTime + MQTT_SN_CLIENT_RETRY_TIMEOUT) >= 0) { error = mqttSnClientSendSubscribe(context, topicName, qos); } else { error = mqttSnClientProcessEvents(context, MQTT_SN_CLIENT_TICK_INTERVAL); } } else if(context->state == MQTT_SN_CLIENT_STATE_RESP_RECEIVED) { context->state = MQTT_SN_CLIENT_STATE_ACTIVE; if(context->msgType == MQTT_SN_MSG_TYPE_SUBACK) { if(context->returnCode == MQTT_SN_RETURN_CODE_ACCEPTED) { if(strchr(topicName, '#') == NULL && strchr(topicName, '+') == NULL) { error = mqttSnClientAddTopic(context, topicName, context->topicId); } break; } else { error = ERROR_REQUEST_REJECTED; } } else { error = ERROR_UNEXPECTED_RESPONSE; } } else { error = ERROR_NOT_CONNECTED; } } return error; }",visit repo url,mqtt_sn/mqtt_sn_client.c,https://github.com/Oryx-Embedded/CycloneTCP,260046356329787,1 4557,CWE-122,"int AVI_read_frame(avi_t *AVI, u8 *vidbuf, int *keyframe) { int n; if(AVI->mode==AVI_MODE_WRITE) { AVI_errno = AVI_ERR_NOT_PERM; return -1; } if(!AVI->video_index) { AVI_errno = AVI_ERR_NO_IDX; return -1; } if(AVI->video_pos < 0 || AVI->video_pos >= AVI->video_frames) return -1; n = (u32) AVI->video_index[AVI->video_pos].len; *keyframe = (AVI->video_index[AVI->video_pos].key==0x10) ? 1:0; if (vidbuf == NULL) { AVI->video_pos++; return n; } gf_fseek(AVI->fdes, AVI->video_index[AVI->video_pos].pos, SEEK_SET); if (avi_read(AVI->fdes,vidbuf,n) != (u32) n) { AVI_errno = AVI_ERR_READ; return -1; } AVI->video_pos++; return n; }",visit repo url,src/media_tools/avilib.c,https://github.com/gpac/gpac,249969982665283,1 3870,[],"int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags) { switch (flags) { case LSM_SETID_RE: case LSM_SETID_ID: case LSM_SETID_RES: if (!issecure (SECURE_NO_SETUID_FIXUP)) { cap_emulate_setxuid (old_ruid, old_euid, old_suid); } break; case LSM_SETID_FS: { uid_t old_fsuid = old_ruid; if (!issecure (SECURE_NO_SETUID_FIXUP)) { if (old_fsuid == 0 && current->fsuid != 0) { current->cap_effective = cap_drop_fs_set( current->cap_effective); } if (old_fsuid != 0 && current->fsuid == 0) { current->cap_effective = cap_raise_fs_set( current->cap_effective, current->cap_permitted); } } break; } default: return -EINVAL; } return 0; }",linux-2.6,,,75141262172518591661768176318000393725,0 2238,['CWE-193'],"int try_to_release_page(struct page *page, gfp_t gfp_mask) { struct address_space * const mapping = page->mapping; BUG_ON(!PageLocked(page)); if (PageWriteback(page)) return 0; if (mapping && mapping->a_ops->releasepage) return mapping->a_ops->releasepage(page, gfp_mask); return try_to_free_buffers(page); }",linux-2.6,,,29515515496039925298804137913444814008,0 2592,CWE-20,"int mk_request_error(int http_status, struct client_session *cs, struct session_request *sr) { int ret, fd; mk_ptr_t message, *page = 0; struct error_page *entry; struct mk_list *head; struct file_info finfo; mk_header_set_http_status(sr, http_status); if (http_status != MK_CLIENT_LENGTH_REQUIRED && http_status != MK_CLIENT_BAD_REQUEST && http_status != MK_CLIENT_REQUEST_ENTITY_TOO_LARGE) { mk_list_foreach(head, &sr->host_conf->error_pages) { entry = mk_list_entry(head, struct error_page, _head); if (entry->status != http_status) { continue; } ret = mk_file_get_info(entry->real_path, &finfo); if (ret == -1) { break; } fd = open(entry->real_path, config->open_flags); if (fd == -1) { break; } sr->fd_file = fd; sr->bytes_to_send = finfo.size; sr->headers.content_length = finfo.size; sr->headers.real_length = finfo.size; memcpy(&sr->file_info, &finfo, sizeof(struct file_info)); mk_header_send(cs->socket, cs, sr); return mk_http_send_file(cs, sr); } } mk_ptr_reset(&message); switch (http_status) { case MK_CLIENT_BAD_REQUEST: page = mk_request_set_default_page(""Bad Request"", sr->uri, sr->host_conf->host_signature); break; case MK_CLIENT_FORBIDDEN: page = mk_request_set_default_page(""Forbidden"", sr->uri, sr->host_conf->host_signature); break; case MK_CLIENT_NOT_FOUND: mk_string_build(&message.data, &message.len, ""The requested URL was not found on this server.""); page = mk_request_set_default_page(""Not Found"", message, sr->host_conf->host_signature); mk_ptr_free(&message); break; case MK_CLIENT_REQUEST_ENTITY_TOO_LARGE: mk_string_build(&message.data, &message.len, ""The request entity is too large.""); page = mk_request_set_default_page(""Entity too large"", message, sr->host_conf->host_signature); mk_ptr_free(&message); break; case MK_CLIENT_METHOD_NOT_ALLOWED: page = mk_request_set_default_page(""Method Not Allowed"", sr->uri, sr->host_conf->host_signature); break; case MK_CLIENT_REQUEST_TIMEOUT: case MK_CLIENT_LENGTH_REQUIRED: break; case MK_SERVER_NOT_IMPLEMENTED: page = mk_request_set_default_page(""Method Not Implemented"", sr->uri, sr->host_conf->host_signature); break; case MK_SERVER_INTERNAL_ERROR: page = mk_request_set_default_page(""Internal Server Error"", sr->uri, sr->host_conf->host_signature); break; case MK_SERVER_HTTP_VERSION_UNSUP: mk_ptr_reset(&message); page = mk_request_set_default_page(""HTTP Version Not Supported"", message, sr->host_conf->host_signature); break; } if (page) { sr->headers.content_length = page->len; } sr->headers.location = NULL; sr->headers.cgi = SH_NOCGI; sr->headers.pconnections_left = 0; sr->headers.last_modified = -1; if (!page) { mk_ptr_reset(&sr->headers.content_type); } else { mk_ptr_set(&sr->headers.content_type, ""text/html\r\n""); } mk_header_send(cs->socket, cs, sr); if (page) { if (sr->method != MK_HTTP_METHOD_HEAD) mk_socket_send(cs->socket, page->data, page->len); mk_ptr_free(page); mk_mem_free(page); } mk_server_cork_flag(cs->socket, TCP_CORK_OFF); return EXIT_ERROR; }",visit repo url,src/mk_request.c,https://github.com/monkey/monkey,124738060124685,1 1861,CWE-125,"int smb2_write(struct ksmbd_work *work) { struct smb2_write_req *req; struct smb2_write_rsp *rsp; struct ksmbd_file *fp = NULL; loff_t offset; size_t length; ssize_t nbytes; char *data_buf; bool writethrough = false, is_rdma_channel = false; int err = 0; unsigned int max_write_size = work->conn->vals->max_write_size; WORK_BUFFERS(work, req, rsp); if (test_share_config_flag(work->tcon->share_conf, KSMBD_SHARE_FLAG_PIPE)) { ksmbd_debug(SMB, ""IPC pipe write request\n""); return smb2_write_pipe(work); } offset = le64_to_cpu(req->Offset); length = le32_to_cpu(req->Length); if (req->Channel == SMB2_CHANNEL_RDMA_V1 || req->Channel == SMB2_CHANNEL_RDMA_V1_INVALIDATE) { is_rdma_channel = true; max_write_size = get_smbd_max_read_write_size(); length = le32_to_cpu(req->RemainingBytes); } if (is_rdma_channel == true) { unsigned int ch_offset = le16_to_cpu(req->WriteChannelInfoOffset); if (req->Length != 0 || req->DataOffset != 0 || ch_offset < offsetof(struct smb2_write_req, Buffer)) { err = -EINVAL; goto out; } err = smb2_set_remote_key_for_rdma(work, (struct smb2_buffer_desc_v1 *) ((char *)req + ch_offset), req->Channel, req->WriteChannelInfoLength); if (err) goto out; } if (!test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE)) { ksmbd_debug(SMB, ""User does not have write permission\n""); err = -EACCES; goto out; } fp = ksmbd_lookup_fd_slow(work, req->VolatileFileId, req->PersistentFileId); if (!fp) { err = -ENOENT; goto out; } if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_READ_ATTRIBUTES_LE))) { pr_err(""Not permitted to write : 0x%x\n"", fp->daccess); err = -EACCES; goto out; } if (length > max_write_size) { ksmbd_debug(SMB, ""limiting write size to max size(%u)\n"", max_write_size); err = -EINVAL; goto out; } ksmbd_debug(SMB, ""flags %u\n"", le32_to_cpu(req->Flags)); if (le32_to_cpu(req->Flags) & SMB2_WRITEFLAG_WRITE_THROUGH) writethrough = true; if (is_rdma_channel == false) { if ((u64)le16_to_cpu(req->DataOffset) + length > get_rfc1002_len(work->request_buf)) { pr_err(""invalid write data offset %u, smb_len %u\n"", le16_to_cpu(req->DataOffset), get_rfc1002_len(work->request_buf)); err = -EINVAL; goto out; } data_buf = (char *)(((char *)&req->hdr.ProtocolId) + le16_to_cpu(req->DataOffset)); ksmbd_debug(SMB, ""filename %pd, offset %lld, len %zu\n"", fp->filp->f_path.dentry, offset, length); err = ksmbd_vfs_write(work, fp, data_buf, length, &offset, writethrough, &nbytes); if (err < 0) goto out; } else { nbytes = smb2_write_rdma_channel(work, req, fp, offset, length, writethrough); if (nbytes < 0) { err = (int)nbytes; goto out; } } rsp->StructureSize = cpu_to_le16(17); rsp->DataOffset = 0; rsp->Reserved = 0; rsp->DataLength = cpu_to_le32(nbytes); rsp->DataRemaining = 0; rsp->Reserved2 = 0; inc_rfc1001_len(work->response_buf, 16); ksmbd_fd_put(work, fp); return 0; out: if (err == -EAGAIN) rsp->hdr.Status = STATUS_FILE_LOCK_CONFLICT; else if (err == -ENOSPC || err == -EFBIG) rsp->hdr.Status = STATUS_DISK_FULL; else if (err == -ENOENT) rsp->hdr.Status = STATUS_FILE_CLOSED; else if (err == -EACCES) rsp->hdr.Status = STATUS_ACCESS_DENIED; else if (err == -ESHARE) rsp->hdr.Status = STATUS_SHARING_VIOLATION; else if (err == -EINVAL) rsp->hdr.Status = STATUS_INVALID_PARAMETER; else rsp->hdr.Status = STATUS_INVALID_HANDLE; smb2_set_err_rsp(work); ksmbd_fd_put(work, fp); return err; }",visit repo url,fs/ksmbd/smb2pdu.c,https://github.com/torvalds/linux,55176530257022,1 6308,CWE-295,"NOEXPORT int dh_init(SERVICE_OPTIONS *section) { DH *dh=NULL; int i, n; char description[128]; STACK_OF(SSL_CIPHER) *ciphers; section->option.dh_temp_params=0; ciphers=SSL_CTX_get_ciphers(section->ctx); if(!ciphers) return 1; n=sk_SSL_CIPHER_num(ciphers); for(i=0; iengine) #endif dh=dh_read(section->cert); if(dh) { SSL_CTX_set_tmp_dh(section->ctx, dh); s_log(LOG_INFO, ""%d-bit DH parameters loaded"", 8*DH_size(dh)); DH_free(dh); return 0; } CRYPTO_THREAD_read_lock(stunnel_locks[LOCK_DH]); SSL_CTX_set_tmp_dh(section->ctx, dh_params); CRYPTO_THREAD_unlock(stunnel_locks[LOCK_DH]); dh_temp_params=1; section->option.dh_temp_params=1; s_log(LOG_INFO, ""Using dynamic DH parameters""); return 0; }",visit repo url,src/ctx.c,https://github.com/mtrojnar/stunnel,169913423732564,1 384,[],"pfm_write_pmds(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { struct task_struct *task; pfarg_reg_t *req = (pfarg_reg_t *)arg; unsigned long value, hw_value, ovfl_mask; unsigned int cnum; int i, can_access_pmu = 0, state; int is_counting, is_loaded, is_system, expert_mode; int ret = -EINVAL; pfm_reg_check_t wr_func; state = ctx->ctx_state; is_loaded = state == PFM_CTX_LOADED ? 1 : 0; is_system = ctx->ctx_fl_system; ovfl_mask = pmu_conf->ovfl_val; task = ctx->ctx_task; if (unlikely(state == PFM_CTX_ZOMBIE)) return -EINVAL; if (likely(is_loaded)) { if (unlikely(is_system && ctx->ctx_cpu != smp_processor_id())) { DPRINT((""should be running on CPU%d\n"", ctx->ctx_cpu)); return -EBUSY; } can_access_pmu = GET_PMU_OWNER() == task || is_system ? 1 : 0; } expert_mode = pfm_sysctl.expert_mode; for (i = 0; i < count; i++, req++) { cnum = req->reg_num; value = req->reg_value; if (!PMD_IS_IMPL(cnum)) { DPRINT((""pmd[%u] is unimplemented or invalid\n"", cnum)); goto abort_mission; } is_counting = PMD_IS_COUNTING(cnum); wr_func = pmu_conf->pmd_desc[cnum].write_check; if (unlikely(expert_mode == 0 && wr_func)) { unsigned long v = value; ret = (*wr_func)(task, ctx, cnum, &v, regs); if (ret) goto abort_mission; value = v; ret = -EINVAL; } PFM_REG_RETFLAG_SET(req->reg_flags, 0); hw_value = value; if (is_counting) { ctx->ctx_pmds[cnum].lval = value; if (is_loaded) { hw_value = value & ovfl_mask; value = value & ~ovfl_mask; } } ctx->ctx_pmds[cnum].long_reset = req->reg_long_reset; ctx->ctx_pmds[cnum].short_reset = req->reg_short_reset; ctx->ctx_pmds[cnum].seed = req->reg_random_seed; ctx->ctx_pmds[cnum].mask = req->reg_random_mask; ctx->ctx_pmds[cnum].val = value; CTX_USED_PMD(ctx, PMD_PMD_DEP(cnum)); CTX_USED_PMD(ctx, RDEP(cnum)); if (is_counting && state == PFM_CTX_MASKED) { ctx->ctx_ovfl_regs[0] &= ~1UL << cnum; } if (is_loaded) { if (is_system == 0) ctx->th_pmds[cnum] = hw_value; if (can_access_pmu) { ia64_set_pmd(cnum, hw_value); } else { #ifdef CONFIG_SMP ctx->ctx_reload_pmds[0] |= 1UL << cnum; #endif } } DPRINT((""pmd[%u]=0x%lx ld=%d apmu=%d, hw_value=0x%lx ctx_pmd=0x%lx short_reset=0x%lx "" ""long_reset=0x%lx notify=%c seed=0x%lx mask=0x%lx used_pmds=0x%lx reset_pmds=0x%lx reload_pmds=0x%lx all_pmds=0x%lx ovfl_regs=0x%lx\n"", cnum, value, is_loaded, can_access_pmu, hw_value, ctx->ctx_pmds[cnum].val, ctx->ctx_pmds[cnum].short_reset, ctx->ctx_pmds[cnum].long_reset, PMC_OVFL_NOTIFY(ctx, cnum) ? 'Y':'N', ctx->ctx_pmds[cnum].seed, ctx->ctx_pmds[cnum].mask, ctx->ctx_used_pmds[0], ctx->ctx_pmds[cnum].reset_pmds[0], ctx->ctx_reload_pmds[0], ctx->ctx_all_pmds[0], ctx->ctx_ovfl_regs[0])); } if (can_access_pmu) ia64_srlz_d(); return 0; abort_mission: PFM_REG_RETFLAG_SET(req->reg_flags, PFM_REG_RETFL_EINVAL); return ret; }",linux-2.6,,,186394007514055039017527550549413307050,0 1416,[],"static inline struct task_struct *task_of(struct sched_entity *se) { return container_of(se, struct task_struct, se); }",linux-2.6,,,29886116653582645523229480564905035719,0 1567,[],"cpuacct_destroy(struct cgroup_subsys *ss, struct cgroup *cgrp) { struct cpuacct *ca = cgroup_ca(cgrp); free_percpu(ca->cpuusage); kfree(ca); }",linux-2.6,,,138153645374871916316184650976063944820,0 106,['CWE-787'],"static uint32_t cirrus_vga_mem_readb(void *opaque, target_phys_addr_t addr) { CirrusVGAState *s = opaque; unsigned bank_index; unsigned bank_offset; uint32_t val; if ((s->sr[0x07] & 0x01) == 0) { return vga_mem_readb(s, addr); } addr &= 0x1ffff; if (addr < 0x10000) { bank_index = addr >> 15; bank_offset = addr & 0x7fff; if (bank_offset < s->cirrus_bank_limit[bank_index]) { bank_offset += s->cirrus_bank_base[bank_index]; if ((s->gr[0x0B] & 0x14) == 0x14) { bank_offset <<= 4; } else if (s->gr[0x0B] & 0x02) { bank_offset <<= 3; } bank_offset &= s->cirrus_addr_mask; val = *(s->vram_ptr + bank_offset); } else val = 0xff; } else if (addr >= 0x18000 && addr < 0x18100) { val = 0xff; if ((s->sr[0x17] & 0x44) == 0x04) { val = cirrus_mmio_blt_read(s, addr & 0xff); } } else { val = 0xff; #ifdef DEBUG_CIRRUS printf(""cirrus: mem_readb %06x\n"", addr); #endif } return val; }",qemu,,,148366860606710067575492480665695662987,0 3041,['CWE-189'],"static int jpc_dec_process_com(jpc_dec_t *dec, jpc_ms_t *ms) { dec = 0; ms = 0; return 0; }",jasper,,,99820268697716283528431710594472432473,0 2604,CWE-415,"void * gdImageGifPtr (gdImagePtr im, int *size) { void *rv; gdIOCtx *out = gdNewDynamicCtx (2048, NULL); gdImageGifCtx (im, out); rv = gdDPExtractData (out, size); out->gd_free (out); return rv; }",visit repo url,ext/gd/libgd/gd_gif_out.c,https://github.com/php/php-src,192221190240077,1 5594,[],"SYSCALL_DEFINE2(rt_sigpending, sigset_t __user *, set, size_t, sigsetsize) { return do_sigpending(set, sigsetsize); }",linux-2.6,,,184149572300437775539387161987159277321,0 2535,['CWE-119'],"static int add_parents_only(struct rev_info *revs, const char *arg, int flags) { unsigned char sha1[20]; struct object *it; struct commit *commit; struct commit_list *parents; if (*arg == '^') { flags ^= UNINTERESTING; arg++; } if (get_sha1(arg, sha1)) return 0; while (1) { it = get_reference(revs, arg, sha1, 0); if (it->type != OBJ_TAG) break; if (!((struct tag*)it)->tagged) return 0; hashcpy(sha1, ((struct tag*)it)->tagged->sha1); } if (it->type != OBJ_COMMIT) return 0; commit = (struct commit *)it; for (parents = commit->parents; parents; parents = parents->next) { it = &parents->item->object; it->flags |= flags; add_pending_object(revs, it, arg); } return 1; }",git,,,289645320323453096965499746506683501346,0 3818,CWE-416,"set_curbuf(buf_T *buf, int action) { buf_T *prevbuf; int unload = (action == DOBUF_UNLOAD || action == DOBUF_DEL || action == DOBUF_WIPE || action == DOBUF_WIPE_REUSE); #ifdef FEAT_SYN_HL long old_tw = curbuf->b_p_tw; #endif bufref_T newbufref; bufref_T prevbufref; setpcmark(); if ((cmdmod.cmod_flags & CMOD_KEEPALT) == 0) curwin->w_alt_fnum = curbuf->b_fnum; buflist_altfpos(curwin); VIsual_reselect = FALSE; prevbuf = curbuf; set_bufref(&prevbufref, prevbuf); set_bufref(&newbufref, buf); if (!apply_autocmds(EVENT_BUFLEAVE, NULL, NULL, FALSE, curbuf) || (bufref_valid(&prevbufref) && bufref_valid(&newbufref) #ifdef FEAT_EVAL && !aborting() #endif )) { #ifdef FEAT_SYN_HL if (prevbuf == curwin->w_buffer) reset_synblock(curwin); #endif if (unload) close_windows(prevbuf, FALSE); #if defined(FEAT_EVAL) if (bufref_valid(&prevbufref) && !aborting()) #else if (bufref_valid(&prevbufref)) #endif { win_T *previouswin = curwin; if (prevbuf == curbuf && ((State & INSERT) == 0 || curbuf->b_nwindows <= 1)) u_sync(FALSE); close_buffer(prevbuf == curwin->w_buffer ? curwin : NULL, prevbuf, unload ? action : (action == DOBUF_GOTO && !buf_hide(prevbuf) && !bufIsChanged(prevbuf)) ? DOBUF_UNLOAD : 0, FALSE, FALSE); if (curwin != previouswin && win_valid(previouswin)) curwin = previouswin; } } if ((buf_valid(buf) && buf != curbuf #ifdef FEAT_EVAL && !aborting() #endif ) || curwin->w_buffer == NULL) { enter_buffer(buf); #ifdef FEAT_SYN_HL if (old_tw != curbuf->b_p_tw) check_colorcolumn(curwin); #endif } }",visit repo url,src/buffer.c,https://github.com/vim/vim,176866857872840,1 5971,['CWE-200'],"cbq_dequeue_prio(struct Qdisc *sch, int prio) { struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *cl_tail, *cl_prev, *cl; struct sk_buff *skb; int deficit; cl_tail = cl_prev = q->active[prio]; cl = cl_prev->next_alive; do { deficit = 0; do { struct cbq_class *borrow = cl; if (cl->q->q.qlen && (borrow = cbq_under_limit(cl)) == NULL) goto skip_class; if (cl->deficit <= 0) { deficit = 1; cl->deficit += cl->quantum; goto next_class; } skb = cl->q->dequeue(cl->q); if (skb == NULL) goto skip_class; cl->deficit -= skb->len; q->tx_class = cl; q->tx_borrowed = borrow; if (borrow != cl) { #ifndef CBQ_XSTATS_BORROWS_BYTES borrow->xstats.borrows++; cl->xstats.borrows++; #else borrow->xstats.borrows += skb->len; cl->xstats.borrows += skb->len; #endif } q->tx_len = skb->len; if (cl->deficit <= 0) { q->active[prio] = cl; cl = cl->next_alive; cl->deficit += cl->quantum; } return skb; skip_class: if (cl->q->q.qlen == 0 || prio != cl->cpriority) { cl_prev->next_alive = cl->next_alive; cl->next_alive = NULL; if (cl == cl_tail) { cl_tail = cl_prev; if (cl == cl_tail) { q->active[prio] = NULL; q->activemask &= ~(1<q->q.qlen) cbq_activate_class(cl); return NULL; } q->active[prio] = cl_tail; } if (cl->q->q.qlen) cbq_activate_class(cl); cl = cl_prev; } next_class: cl_prev = cl; cl = cl->next_alive; } while (cl_prev != cl_tail); } while (deficit); q->active[prio] = cl_prev; return NULL; }",linux-2.6,,,39311556656655472875680455781041430905,0 6239,CWE-190,"void md_map_b2s160(uint8_t *hash, const uint8_t *msg, int len) { memset(hash, 0, RLC_MD_LEN_B2S160); blake2s(hash, RLC_MD_LEN_B2S160, msg, len, NULL, 0); }",visit repo url,src/md/relic_md_blake2s.c,https://github.com/relic-toolkit/relic,103081810679106,1 400,CWE-200,"int vmw_gb_surface_define_ioctl(struct drm_device *dev, void *data, struct drm_file *file_priv) { struct vmw_private *dev_priv = vmw_priv(dev); struct vmw_user_surface *user_srf; struct vmw_surface *srf; struct vmw_resource *res; struct vmw_resource *tmp; union drm_vmw_gb_surface_create_arg *arg = (union drm_vmw_gb_surface_create_arg *)data; struct drm_vmw_gb_surface_create_req *req = &arg->req; struct drm_vmw_gb_surface_create_rep *rep = &arg->rep; struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; int ret; uint32_t size; uint32_t backup_handle; if (req->multisample_count != 0) return -EINVAL; if (req->mip_levels > DRM_VMW_MAX_MIP_LEVELS) return -EINVAL; if (unlikely(vmw_user_surface_size == 0)) vmw_user_surface_size = ttm_round_pot(sizeof(*user_srf)) + 128; size = vmw_user_surface_size + 128; ret = vmw_surface_gb_priv_define(dev, size, req->svga3d_flags, req->format, req->drm_surface_flags & drm_vmw_surface_flag_scanout, req->mip_levels, req->multisample_count, req->array_size, req->base_size, &srf); if (unlikely(ret != 0)) return ret; user_srf = container_of(srf, struct vmw_user_surface, srf); if (drm_is_primary_client(file_priv)) user_srf->master = drm_master_get(file_priv->master); ret = ttm_read_lock(&dev_priv->reservation_sem, true); if (unlikely(ret != 0)) return ret; res = &user_srf->srf.res; if (req->buffer_handle != SVGA3D_INVALID_ID) { ret = vmw_user_dmabuf_lookup(tfile, req->buffer_handle, &res->backup, &user_srf->backup_base); if (ret == 0 && res->backup->base.num_pages * PAGE_SIZE < res->backup_size) { DRM_ERROR(""Surface backup buffer is too small.\n""); vmw_dmabuf_unreference(&res->backup); ret = -EINVAL; goto out_unlock; } } else if (req->drm_surface_flags & drm_vmw_surface_flag_create_buffer) ret = vmw_user_dmabuf_alloc(dev_priv, tfile, res->backup_size, req->drm_surface_flags & drm_vmw_surface_flag_shareable, &backup_handle, &res->backup, &user_srf->backup_base); if (unlikely(ret != 0)) { vmw_resource_unreference(&res); goto out_unlock; } tmp = vmw_resource_reference(res); ret = ttm_prime_object_init(tfile, res->backup_size, &user_srf->prime, req->drm_surface_flags & drm_vmw_surface_flag_shareable, VMW_RES_SURFACE, &vmw_user_surface_base_release, NULL); if (unlikely(ret != 0)) { vmw_resource_unreference(&tmp); vmw_resource_unreference(&res); goto out_unlock; } rep->handle = user_srf->prime.base.hash.key; rep->backup_size = res->backup_size; if (res->backup) { rep->buffer_map_handle = drm_vma_node_offset_addr(&res->backup->base.vma_node); rep->buffer_size = res->backup->base.num_pages * PAGE_SIZE; rep->buffer_handle = backup_handle; } else { rep->buffer_map_handle = 0; rep->buffer_size = 0; rep->buffer_handle = SVGA3D_INVALID_ID; } vmw_resource_unreference(&res); out_unlock: ttm_read_unlock(&dev_priv->reservation_sem); return ret; }",visit repo url,drivers/gpu/drm/vmwgfx/vmwgfx_surface.c,https://github.com/torvalds/linux,94612466202538,1 4403,['CWE-264'],"void __sk_mem_reclaim(struct sock *sk) { struct proto *prot = sk->sk_prot; atomic_sub(sk->sk_forward_alloc >> SK_MEM_QUANTUM_SHIFT, prot->memory_allocated); sk->sk_forward_alloc &= SK_MEM_QUANTUM - 1; if (prot->memory_pressure && *prot->memory_pressure && (atomic_read(prot->memory_allocated) < prot->sysctl_mem[0])) *prot->memory_pressure = 0; }",linux-2.6,,,286454908872736406334491452542654375721,0 962,CWE-264,"int generic_permission(struct inode *inode, int mask) { int ret; ret = acl_permission_check(inode, mask); if (ret != -EACCES) return ret; if (S_ISDIR(inode->i_mode)) { if (inode_capable(inode, CAP_DAC_OVERRIDE)) return 0; if (!(mask & MAY_WRITE)) if (inode_capable(inode, CAP_DAC_READ_SEARCH)) return 0; return -EACCES; } if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO)) if (inode_capable(inode, CAP_DAC_OVERRIDE)) return 0; mask &= MAY_READ | MAY_WRITE | MAY_EXEC; if (mask == MAY_READ) if (inode_capable(inode, CAP_DAC_READ_SEARCH)) return 0; return -EACCES; }",visit repo url,fs/namei.c,https://github.com/torvalds/linux,194031267261118,1 6535,CWE-203,"static int check_passwd(unsigned char *passwd, size_t length) { struct digest *d = NULL; unsigned char *passwd1_sum; unsigned char *passwd2_sum; int ret = 0; int hash_len; if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) { hash_len = PBKDF2_LENGTH; } else { d = digest_alloc(PASSWD_SUM); if (!d) { pr_err(""No such digest: %s\n"", PASSWD_SUM ? PASSWD_SUM : ""NULL""); return -ENOENT; } hash_len = digest_length(d); } passwd1_sum = calloc(hash_len * 2, sizeof(unsigned char)); if (!passwd1_sum) return -ENOMEM; passwd2_sum = passwd1_sum + hash_len; if (is_passwd_env_enable()) ret = read_env_passwd(passwd2_sum, hash_len); else if (is_passwd_default_enable()) ret = read_default_passwd(passwd2_sum, hash_len); else ret = -EINVAL; if (ret < 0) goto err; if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) { char *key = passwd2_sum + PBKDF2_SALT_LEN; char *salt = passwd2_sum; int keylen = PBKDF2_LENGTH - PBKDF2_SALT_LEN; ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt, PBKDF2_SALT_LEN, PBKDF2_COUNT, keylen, passwd1_sum); if (ret) goto err; if (strncmp(passwd1_sum, key, keylen) == 0) ret = 1; } else { ret = digest_digest(d, passwd, length, passwd1_sum); if (ret) goto err; if (strncmp(passwd1_sum, passwd2_sum, hash_len) == 0) ret = 1; } err: free(passwd1_sum); digest_free(d); return ret; }",visit repo url,common/password.c,https://github.com/saschahauer/barebox,200165381864847,1 3936,['CWE-362'],"int __init audit_register_class(int class, unsigned *list) { __u32 *p = kzalloc(AUDIT_BITMASK_SIZE * sizeof(__u32), GFP_KERNEL); if (!p) return -ENOMEM; while (*list != ~0U) { unsigned n = *list++; if (n >= AUDIT_BITMASK_SIZE * 32 - AUDIT_SYSCALL_CLASSES) { kfree(p); return -EINVAL; } p[AUDIT_WORD(n)] |= AUDIT_BIT(n); } if (class >= AUDIT_SYSCALL_CLASSES || classes[class]) { kfree(p); return -EINVAL; } classes[class] = p; return 0; }",linux-2.6,,,339720827878889762470348927527950823427,0 4172,CWE-787,"char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length) { char *buffer=NULL; int n=0; FILEXFER_ALLOWED_OR_CLOSE_AND_RETURN("""", cl, NULL); if (length>0) { buffer=malloc((uint64_t)length+1); if (buffer!=NULL) { if ((n = rfbReadExact(cl, (char *)buffer, length)) <= 0) { if (n != 0) rfbLogPerror(""rfbProcessFileTransferReadBuffer: read""); rfbCloseClient(cl); if (buffer!=NULL) free(buffer); return NULL; } buffer[length]=0; } } return buffer; }",visit repo url,libvncserver/rfbserver.c,https://github.com/LibVNC/libvncserver,234259938149462,1 5544,CWE-125,"ast2obj_withitem(void* _o) { withitem_ty o = (withitem_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(withitem_type, NULL, NULL); if (!result) return NULL; value = ast2obj_expr(o->context_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_context_expr, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->optional_vars); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_optional_vars, value) == -1) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,73855277347068,1 2897,CWE-119,"PredictorEncodeRow(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) { TIFFPredictorState *sp = PredictorState(tif); assert(sp != NULL); assert(sp->encodepfunc != NULL); assert(sp->encoderow != NULL); (*sp->encodepfunc)(tif, bp, cc); return (*sp->encoderow)(tif, bp, cc, s); }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,218284724325273,1 5945,['CWE-909'],"void tcf_destroy_chain(struct tcf_proto **fl) { struct tcf_proto *tp; while ((tp = *fl) != NULL) { *fl = tp->next; tcf_destroy(tp); } }",linux-2.6,,,56935381468878164800500725762058033723,0 4849,['CWE-189'],"int ecryptfs_init_crypto(void) { mutex_init(&key_tfm_list_mutex); INIT_LIST_HEAD(&key_tfm_list); return 0; }",linux-2.6,,,246630441276286892914995969355920033361,0 3026,['CWE-189'],"static int jp2_cmap_putdata(jp2_box_t *box, jas_stream_t *out) { box = 0; out = 0; return -1; }",jasper,,,47818269470690553250819051363857271262,0 6698,['CWE-200'],"is_system_connection (NMConnection *connection) { return (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_SYSTEM) ? TRUE : FALSE; }",network-manager-applet,,,210168331183175506069524677326060297059,0 3551,['CWE-20'],"static sctp_disposition_t sctp_sf_violation_chunk( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { static const char err_str[]=""The following chunk violates protocol:""; if (!asoc) return sctp_sf_violation(ep, asoc, type, arg, commands); return sctp_sf_abort_violation(ep, asoc, arg, commands, err_str, sizeof(err_str)); }",linux-2.6,,,99706099329814437975915521411448494915,0 59,['CWE-787'],"static void cirrus_init_common(CirrusVGAState * s, int device_id, int is_pci) { int vga_io_memory, i; static int inited; if (!inited) { inited = 1; for(i = 0;i < 256; i++) rop_to_index[i] = CIRRUS_ROP_NOP_INDEX; rop_to_index[CIRRUS_ROP_0] = 0; rop_to_index[CIRRUS_ROP_SRC_AND_DST] = 1; rop_to_index[CIRRUS_ROP_NOP] = 2; rop_to_index[CIRRUS_ROP_SRC_AND_NOTDST] = 3; rop_to_index[CIRRUS_ROP_NOTDST] = 4; rop_to_index[CIRRUS_ROP_SRC] = 5; rop_to_index[CIRRUS_ROP_1] = 6; rop_to_index[CIRRUS_ROP_NOTSRC_AND_DST] = 7; rop_to_index[CIRRUS_ROP_SRC_XOR_DST] = 8; rop_to_index[CIRRUS_ROP_SRC_OR_DST] = 9; rop_to_index[CIRRUS_ROP_NOTSRC_OR_NOTDST] = 10; rop_to_index[CIRRUS_ROP_SRC_NOTXOR_DST] = 11; rop_to_index[CIRRUS_ROP_SRC_OR_NOTDST] = 12; rop_to_index[CIRRUS_ROP_NOTSRC] = 13; rop_to_index[CIRRUS_ROP_NOTSRC_OR_DST] = 14; rop_to_index[CIRRUS_ROP_NOTSRC_AND_NOTDST] = 15; } register_ioport_write(0x3c0, 16, 1, vga_ioport_write, s); register_ioport_write(0x3b4, 2, 1, vga_ioport_write, s); register_ioport_write(0x3d4, 2, 1, vga_ioport_write, s); register_ioport_write(0x3ba, 1, 1, vga_ioport_write, s); register_ioport_write(0x3da, 1, 1, vga_ioport_write, s); register_ioport_read(0x3c0, 16, 1, vga_ioport_read, s); register_ioport_read(0x3b4, 2, 1, vga_ioport_read, s); register_ioport_read(0x3d4, 2, 1, vga_ioport_read, s); register_ioport_read(0x3ba, 1, 1, vga_ioport_read, s); register_ioport_read(0x3da, 1, 1, vga_ioport_read, s); vga_io_memory = cpu_register_io_memory(0, cirrus_vga_mem_read, cirrus_vga_mem_write, s); cpu_register_physical_memory(isa_mem_base + 0x000a0000, 0x20000, vga_io_memory); s->sr[0x06] = 0x0f; if (device_id == CIRRUS_ID_CLGD5446) { s->sr[0x1F] = 0x2d; s->gr[0x18] = 0x0f; #if 1 s->sr[0x0f] = 0x98; s->sr[0x17] = 0x20; s->sr[0x15] = 0x04; s->real_vram_size = 4096 * 1024; #else s->sr[0x0f] = 0x18; s->sr[0x17] = 0x20; s->sr[0x15] = 0x03; s->real_vram_size = 2048 * 1024; #endif } else { s->sr[0x1F] = 0x22; s->sr[0x0F] = CIRRUS_MEMSIZE_2M; if (is_pci) s->sr[0x17] = CIRRUS_BUSTYPE_PCI; else s->sr[0x17] = CIRRUS_BUSTYPE_ISA; s->real_vram_size = 2048 * 1024; s->sr[0x15] = 0x03; } s->cr[0x27] = device_id; memset(s->vram_ptr, 0xff, s->real_vram_size); s->cirrus_hidden_dac_lockindex = 5; s->cirrus_hidden_dac_data = 0; s->cirrus_linear_io_addr = cpu_register_io_memory(0, cirrus_linear_read, cirrus_linear_write, s); s->cirrus_linear_write = cpu_get_io_memory_write(s->cirrus_linear_io_addr); s->cirrus_linear_bitblt_io_addr = cpu_register_io_memory(0, cirrus_linear_bitblt_read, cirrus_linear_bitblt_write, s); s->cirrus_mmio_io_addr = cpu_register_io_memory(0, cirrus_mmio_read, cirrus_mmio_write, s); s->cirrus_addr_mask = s->real_vram_size - 1; s->linear_mmio_mask = s->real_vram_size - 256; s->get_bpp = cirrus_get_bpp; s->get_offsets = cirrus_get_offsets; s->get_resolution = cirrus_get_resolution; s->cursor_invalidate = cirrus_cursor_invalidate; s->cursor_draw_line = cirrus_cursor_draw_line; register_savevm(""cirrus_vga"", 0, 2, cirrus_vga_save, cirrus_vga_load, s); }",qemu,,,120300668079899529682511310723952568587,0 5389,['CWE-476'],"void kvm_arch_hardware_enable(void *garbage) { kvm_x86_ops->hardware_enable(garbage); }",linux-2.6,,,151842107599344728915546477236417390399,0 2976,['CWE-189'],"void jpc_ns_fwdlift_colres(jpc_fix_t *a, int numrows, int numcols, int stride, int parity) { jpc_fix_t *lptr; jpc_fix_t *hptr; register jpc_fix_t *lptr2; register jpc_fix_t *hptr2; register int n; register int i; int llen; llen = (numrows + 1 - parity) >> 1; if (numrows > 1) { lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(ALPHA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * ALPHA), lptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(BETA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * BETA), hptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(GAMMA), jpc_fix_add(lptr2[0], lptr2[stride]))); ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(hptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * GAMMA), lptr2[0])); ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(DELTA), jpc_fix_add(hptr2[0], hptr2[stride]))); ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < numcols; ++i) { jpc_fix_pluseq(lptr2[0], jpc_fix_mul(jpc_dbltofix(2.0 * DELTA), hptr2[0])); ++lptr2; ++hptr2; } } #if defined(WT_DOSCALE) lptr = &a[0]; n = llen; while (n-- > 0) { lptr2 = lptr; for (i = 0; i < numcols; ++i) { lptr2[0] = jpc_fix_mul(lptr2[0], jpc_dbltofix(LGAIN)); ++lptr2; } lptr += stride; } hptr = &a[llen * stride]; n = numrows - llen; while (n-- > 0) { hptr2 = hptr; for (i = 0; i < numcols; ++i) { hptr2[0] = jpc_fix_mul(hptr2[0], jpc_dbltofix(HGAIN)); ++hptr2; } hptr += stride; } #endif } else { #if defined(WT_LENONE) if (parity) { lptr2 = &a[0]; for (i = 0; i < numcols; ++i) { lptr2[0] <<= 1; ++lptr2; } } #endif } }",jasper,,,67800285557404510774335097816735361378,0 643,[],"const char *dccp_packet_name(const int type) { static const char *dccp_packet_names[] = { [DCCP_PKT_REQUEST] = ""REQUEST"", [DCCP_PKT_RESPONSE] = ""RESPONSE"", [DCCP_PKT_DATA] = ""DATA"", [DCCP_PKT_ACK] = ""ACK"", [DCCP_PKT_DATAACK] = ""DATAACK"", [DCCP_PKT_CLOSEREQ] = ""CLOSEREQ"", [DCCP_PKT_CLOSE] = ""CLOSE"", [DCCP_PKT_RESET] = ""RESET"", [DCCP_PKT_SYNC] = ""SYNC"", [DCCP_PKT_SYNCACK] = ""SYNCACK"", }; if (type >= DCCP_NR_PKT_TYPES) return ""INVALID""; else return dccp_packet_names[type]; }",linux-2.6,,,134372372857515295365524788117727217632,0 4080,CWE-416,"struct addr_t* MACH0_(get_entrypoint)(struct MACH0_(obj_t)* bin) { struct addr_t *entry; int i; if (!bin->entry && !bin->sects) { return NULL; } if (!(entry = calloc (1, sizeof (struct addr_t)))) { return NULL; } if (bin->entry) { entry->addr = entry_to_vaddr (bin); entry->offset = addr_to_offset (bin, entry->addr); entry->haddr = sdb_num_get (bin->kv, ""mach0.entry.offset"", 0); } if (!bin->entry || entry->offset == 0) { for (i = 0; i < bin->nsects; i++) { if (!strncmp (bin->sects[i].sectname, ""__text"", 6)) { entry->offset = (ut64)bin->sects[i].offset; sdb_num_set (bin->kv, ""mach0.entry"", entry->offset, 0); entry->addr = (ut64)bin->sects[i].addr; if (!entry->addr) { entry->addr = entry->offset; } break; } } bin->entry = entry->addr; } return entry; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radare/radare2,79768317262622,1 4849,CWE-119,"static int read_public_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I1012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_public_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,241413677709066,1 3879,CWE-416,"get_lambda_tv( char_u **arg, typval_T *rettv, int types_optional, evalarg_T *evalarg) { int evaluate = evalarg != NULL && (evalarg->eval_flags & EVAL_EVALUATE); garray_T newargs; garray_T newlines; garray_T *pnewargs; garray_T argtypes; garray_T default_args; ufunc_T *fp = NULL; partial_T *pt = NULL; int varargs; char_u *ret_type = NULL; int ret; char_u *s; char_u *start, *end; int *old_eval_lavars = eval_lavars_used; int eval_lavars = FALSE; char_u *tofree1 = NULL; char_u *tofree2 = NULL; int equal_arrow = **arg == '('; int white_error = FALSE; int called_emsg_start = called_emsg; int vim9script = in_vim9script(); long start_lnum = SOURCING_LNUM; if (equal_arrow && !vim9script) return NOTDONE; ga_init(&newargs); ga_init(&newlines); s = *arg + 1; ret = get_function_args(&s, equal_arrow ? ')' : '-', NULL, types_optional ? &argtypes : NULL, types_optional, evalarg, NULL, &default_args, TRUE, NULL, NULL); if (ret == FAIL || skip_arrow(s, equal_arrow, &ret_type, NULL) == NULL) { if (types_optional) ga_clear_strings(&argtypes); return called_emsg == called_emsg_start ? NOTDONE : FAIL; } if (evaluate) pnewargs = &newargs; else pnewargs = NULL; *arg += 1; ret = get_function_args(arg, equal_arrow ? ')' : '-', pnewargs, types_optional ? &argtypes : NULL, types_optional, evalarg, &varargs, &default_args, FALSE, NULL, NULL); if (ret == FAIL || (s = skip_arrow(*arg, equal_arrow, &ret_type, equal_arrow || vim9script ? &white_error : NULL)) == NULL) { if (types_optional) ga_clear_strings(&argtypes); ga_clear_strings(&newargs); return white_error ? FAIL : NOTDONE; } *arg = s; if (ret_type != NULL) { ret_type = vim_strsave(ret_type); tofree2 = ret_type; } if (evaluate) eval_lavars_used = &eval_lavars; *arg = skipwhite_and_linebreak(*arg, evalarg); if (equal_arrow && **arg == '{') { if (evalarg == NULL) goto theend; SOURCING_LNUM = start_lnum; if (lambda_function_body(arg, rettv, evalarg, pnewargs, types_optional ? &argtypes : NULL, varargs, &default_args, ret_type) == FAIL) goto errret; goto theend; } if (default_args.ga_len > 0) { emsg(_(e_cannot_use_default_values_in_lambda)); goto errret; } start = *arg; ret = skip_expr_concatenate(arg, &start, &end, evalarg); if (ret == FAIL) goto errret; if (evalarg != NULL) { tofree1 = evalarg->eval_tofree; evalarg->eval_tofree = NULL; } if (!equal_arrow) { *arg = skipwhite_and_linebreak(*arg, evalarg); if (**arg != '}') { semsg(_(e_expected_right_curly_str), *arg); goto errret; } ++*arg; } if (evaluate) { int len; int flags = FC_LAMBDA; char_u *p; char_u *line_end; char_u *name = get_lambda_name(); fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); if (fp == NULL) goto errret; fp->uf_def_status = UF_NOT_COMPILED; pt = ALLOC_CLEAR_ONE(partial_T); if (pt == NULL) goto errret; ga_init2(&newlines, sizeof(char_u *), 1); if (ga_grow(&newlines, 1) == FAIL) goto errret; line_end = vim_strchr(start, '\n'); if (line_end == NULL || line_end > end) line_end = end; len = 7 + (int)(line_end - start) + 1; p = alloc(len); if (p == NULL) goto errret; ((char_u **)(newlines.ga_data))[newlines.ga_len++] = p; STRCPY(p, ""return ""); vim_strncpy(p + 7, start, line_end - start); if (line_end != end) { while (*line_end == '\n') { if (ga_grow(&newlines, 1) == FAIL) goto errret; start = line_end + 1; line_end = vim_strchr(start, '\n'); if (line_end == NULL) line_end = end; ((char_u **)(newlines.ga_data))[newlines.ga_len++] = vim_strnsave(start, line_end - start); } } if (strstr((char *)p + 7, ""a:"") == NULL) flags |= FC_NOARGS; fp->uf_refcount = 1; set_ufunc_name(fp, name); fp->uf_args = newargs; ga_init(&fp->uf_def_args); if (types_optional) { if (parse_argument_types(fp, &argtypes, vim9script && varargs) == FAIL) goto errret; if (ret_type != NULL) { fp->uf_ret_type = parse_type(&ret_type, &fp->uf_type_list, TRUE); if (fp->uf_ret_type == NULL) goto errret; } else fp->uf_ret_type = &t_unknown; } fp->uf_lines = newlines; if (current_funccal != NULL && eval_lavars) { flags |= FC_CLOSURE; if (register_closure(fp) == FAIL) goto errret; } #ifdef FEAT_PROFILE if (prof_def_func()) func_do_profile(fp); #endif if (sandbox) flags |= FC_SANDBOX; fp->uf_varargs = !vim9script || varargs; fp->uf_flags = flags; fp->uf_calls = 0; fp->uf_script_ctx = current_sctx; fp->uf_script_ctx.sc_lnum += start_lnum; function_using_block_scopes(fp, evalarg->eval_cstack); pt->pt_func = fp; pt->pt_refcount = 1; rettv->vval.v_partial = pt; rettv->v_type = VAR_PARTIAL; hash_add(&func_hashtab, UF2HIKEY(fp)); } theend: eval_lavars_used = old_eval_lavars; if (evalarg != NULL && evalarg->eval_tofree == NULL) evalarg->eval_tofree = tofree1; else vim_free(tofree1); vim_free(tofree2); if (types_optional) ga_clear_strings(&argtypes); return OK; errret: ga_clear_strings(&newargs); ga_clear_strings(&newlines); ga_clear_strings(&default_args); if (types_optional) { ga_clear_strings(&argtypes); if (fp != NULL) vim_free(fp->uf_arg_types); } vim_free(fp); vim_free(pt); if (evalarg != NULL && evalarg->eval_tofree == NULL) evalarg->eval_tofree = tofree1; else vim_free(tofree1); vim_free(tofree2); eval_lavars_used = old_eval_lavars; return FAIL; }",visit repo url,src/userfunc.c,https://github.com/vim/vim,12606475002291,1 4140,CWE-120,"irc_mode_channel_update (struct t_irc_server *server, struct t_irc_channel *channel, char set_flag, char chanmode, const char *argument) { char *pos_args, *str_modes, **argv, *pos, *ptr_arg; char *new_modes, *new_args, str_mode[2], *str_temp; int argc, current_arg, chanmode_found, length; if (!channel->modes) channel->modes = strdup (""+""); if (!channel->modes) return; argc = 0; argv = NULL; pos_args = strchr (channel->modes, ' '); if (pos_args) { str_modes = weechat_strndup (channel->modes, pos_args - channel->modes); if (!str_modes) return; pos_args++; while (pos_args[0] == ' ') pos_args++; argv = weechat_string_split (pos_args, "" "", NULL, WEECHAT_STRING_SPLIT_STRIP_LEFT | WEECHAT_STRING_SPLIT_STRIP_RIGHT | WEECHAT_STRING_SPLIT_COLLAPSE_SEPS, 0, &argc); } else { str_modes = strdup (channel->modes); if (!str_modes) return; } new_modes = malloc (strlen (channel->modes) + 1 + 1); new_args = malloc (((pos_args) ? strlen (pos_args) : 0) + ((argument) ? 1 + strlen (argument) : 0) + 1); if (new_modes && new_args) { new_modes[0] = '\0'; new_args[0] = '\0'; current_arg = 0; chanmode_found = 0; pos = str_modes; while (pos && pos[0]) { if ((pos[0] == '+') || (pos[0] == '-')) { str_mode[0] = pos[0]; str_mode[1] = '\0'; strcat (new_modes, str_mode); } else { ptr_arg = NULL; switch (irc_mode_get_chanmode_type (server, pos[0])) { case 'A': case 'B': case 'C': ptr_arg = (current_arg < argc) ? argv[current_arg] : NULL; break; case 'D': break; } if (ptr_arg) current_arg++; if (pos[0] == chanmode) { chanmode_found = 1; if (set_flag == '+') { str_mode[0] = pos[0]; str_mode[1] = '\0'; strcat (new_modes, str_mode); if (argument) { if (new_args[0]) strcat (new_args, "" ""); strcat (new_args, argument); } } } else { str_mode[0] = pos[0]; str_mode[1] = '\0'; strcat (new_modes, str_mode); if (ptr_arg) { if (new_args[0]) strcat (new_args, "" ""); strcat (new_args, ptr_arg); } } } pos++; } if (!chanmode_found) { if (set_flag == '+') { if (argument) { str_mode[0] = chanmode; str_mode[1] = '\0'; strcat (new_modes, str_mode); if (new_args[0]) strcat (new_args, "" ""); strcat (new_args, argument); } else { pos = new_modes; while (pos[0] == '+') pos++; memmove (pos + 1, pos, strlen (pos) + 1); pos[0] = chanmode; } } } if (new_args[0]) { length = strlen (new_modes) + 1 + strlen (new_args) + 1; str_temp = malloc (length); if (str_temp) { snprintf (str_temp, length, ""%s %s"", new_modes, new_args); if (channel->modes) free (channel->modes); channel->modes = str_temp; } } else { if (channel->modes) free (channel->modes); channel->modes = strdup (new_modes); } } if (new_modes) free (new_modes); if (new_args) free (new_args); if (str_modes) free (str_modes); if (argv) weechat_string_free_split (argv); }",visit repo url,src/plugins/irc/irc-mode.c,https://github.com/weechat/weechat,165553381264707,1 4763,CWE-119,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 2358,['CWE-200'],"get_synthdev(struct seq_oss_devinfo *dp, int dev) { struct seq_oss_synth *rec; if (dev < 0 || dev >= dp->max_synthdev) return NULL; if (! dp->synths[dev].opened) return NULL; if (dp->synths[dev].is_midi) return &midi_synth_dev; if ((rec = get_sdev(dev)) == NULL) return NULL; if (! rec->opened) { snd_use_lock_free(&rec->use_lock); return NULL; } return rec; }",linux-2.6,,,202926925048266785624099153062691542772,0 5976,['CWE-200'],"static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { int idx, err; int s_idx = cb->args[0]; struct net_device *dev; struct inet6_dev *idev; read_lock(&dev_base_lock); for (dev=dev_base, idx=0; dev; dev = dev->next, idx++) { if (idx < s_idx) continue; if ((idev = in6_dev_get(dev)) == NULL) continue; err = inet6_fill_ifinfo(skb, idev, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, RTM_NEWLINK, NLM_F_MULTI); in6_dev_put(idev); if (err <= 0) break; } read_unlock(&dev_base_lock); cb->args[0] = idx; return skb->len; }",linux-2.6,,,315564782058166851274723563023850330833,0 5016,['CWE-120'],"static int utf8_unichar_to_encoded_len(int unichar) { if (unichar < 0x80) return 1; if (unichar < 0x800) return 2; if (unichar < 0x10000) return 3; if (unichar < 0x200000) return 4; if (unichar < 0x4000000) return 5; return 6; }",udev,,,176663044449808812580689980385047039729,0 5529,['CWE-119'],"parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, unsigned char *data, struct list_head *auth_tok_list, struct ecryptfs_auth_tok **new_auth_tok, size_t *packet_size, size_t max_packet_size) { size_t body_size; struct ecryptfs_auth_tok_list_item *auth_tok_list_item; size_t length_size; int rc = 0; (*packet_size) = 0; (*new_auth_tok) = NULL; if (max_packet_size < (ECRYPTFS_SALT_SIZE + 7)) { printk(KERN_ERR ""Max packet size too large\n""); rc = -EINVAL; goto out; } if (data[(*packet_size)++] != ECRYPTFS_TAG_3_PACKET_TYPE) { printk(KERN_ERR ""First byte != 0x%.2x; invalid packet\n"", ECRYPTFS_TAG_3_PACKET_TYPE); rc = -EINVAL; goto out; } auth_tok_list_item = kmem_cache_zalloc(ecryptfs_auth_tok_list_item_cache, GFP_KERNEL); if (!auth_tok_list_item) { printk(KERN_ERR ""Unable to allocate memory\n""); rc = -ENOMEM; goto out; } (*new_auth_tok) = &auth_tok_list_item->auth_tok; rc = ecryptfs_parse_packet_length(&data[(*packet_size)], &body_size, &length_size); if (rc) { printk(KERN_WARNING ""Error parsing packet length; rc = [%d]\n"", rc); goto out_free; } if (unlikely(body_size < (ECRYPTFS_SALT_SIZE + 5))) { printk(KERN_WARNING ""Invalid body size ([%td])\n"", body_size); rc = -EINVAL; goto out_free; } (*packet_size) += length_size; if (unlikely((*packet_size) + body_size > max_packet_size)) { printk(KERN_ERR ""Packet size exceeds max\n""); rc = -EINVAL; goto out_free; } (*new_auth_tok)->session_key.encrypted_key_size = (body_size - (ECRYPTFS_SALT_SIZE + 5)); if ((*new_auth_tok)->session_key.encrypted_key_size > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) { printk(KERN_WARNING ""Tag 3 packet contains key larger "" ""than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n""); rc = -EINVAL; goto out_free; } if (unlikely(data[(*packet_size)++] != 0x04)) { printk(KERN_WARNING ""Unknown version number [%d]\n"", data[(*packet_size) - 1]); rc = -EINVAL; goto out_free; } ecryptfs_cipher_code_to_string(crypt_stat->cipher, (u16)data[(*packet_size)]); switch(data[(*packet_size)++]) { case RFC2440_CIPHER_AES_192: crypt_stat->key_size = 24; break; default: crypt_stat->key_size = (*new_auth_tok)->session_key.encrypted_key_size; } ecryptfs_init_crypt_ctx(crypt_stat); if (unlikely(data[(*packet_size)++] != 0x03)) { printk(KERN_WARNING ""Only S2K ID 3 is currently supported\n""); rc = -ENOSYS; goto out_free; } switch (data[(*packet_size)++]) { case 0x01: memcpy((*new_auth_tok)->token.password.salt, &data[(*packet_size)], ECRYPTFS_SALT_SIZE); (*packet_size) += ECRYPTFS_SALT_SIZE; (*new_auth_tok)->token.password.hash_iterations = ((u32) 16 + (data[(*packet_size)] & 15)) << ((data[(*packet_size)] >> 4) + 6); (*packet_size)++; memcpy((*new_auth_tok)->session_key.encrypted_key, &data[(*packet_size)], (*new_auth_tok)->session_key.encrypted_key_size); (*packet_size) += (*new_auth_tok)->session_key.encrypted_key_size; (*new_auth_tok)->session_key.flags &= ~ECRYPTFS_CONTAINS_DECRYPTED_KEY; (*new_auth_tok)->session_key.flags |= ECRYPTFS_CONTAINS_ENCRYPTED_KEY; (*new_auth_tok)->token.password.hash_algo = 0x01; break; default: ecryptfs_printk(KERN_ERR, ""Unsupported hash algorithm: "" ""[%d]\n"", data[(*packet_size) - 1]); rc = -ENOSYS; goto out_free; } (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; (*new_auth_tok)->session_key.flags &= ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); (*new_auth_tok)->session_key.flags &= ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); list_add(&auth_tok_list_item->list, auth_tok_list); goto out; out_free: (*new_auth_tok) = NULL; memset(auth_tok_list_item, 0, sizeof(struct ecryptfs_auth_tok_list_item)); kmem_cache_free(ecryptfs_auth_tok_list_item_cache, auth_tok_list_item); out: if (rc) (*packet_size) = 0; return rc; }",linux-2.6,,,155560020917312249809978461750461840919,0 6576,['CWE-200'],"find_hints_in_secrets (gpointer key, gpointer data, gpointer user_data) { FindHintsInfo *info = (FindHintsInfo *) user_data; const char **iter; for (iter = info->hints; !info->found && *iter; iter++) { if (!strcmp (*iter, (const char *) key) && data && G_IS_VALUE (data)) info->found = TRUE; } }",network-manager-applet,,,242044045268227852572314497186146375460,0 5883,['CWE-200'],"static void __exit nr_exit(void) { int i; proc_net_remove(&init_net, ""nr""); proc_net_remove(&init_net, ""nr_neigh""); proc_net_remove(&init_net, ""nr_nodes""); nr_loopback_clear(); nr_rt_free(); #ifdef CONFIG_SYSCTL nr_unregister_sysctl(); #endif ax25_linkfail_release(&nr_linkfail_notifier); ax25_protocol_release(AX25_P_NETROM); unregister_netdevice_notifier(&nr_dev_notifier); sock_unregister(PF_NETROM); for (i = 0; i < nr_ndevs; i++) { struct net_device *dev = dev_nr[i]; if (dev) { unregister_netdev(dev); free_netdev(dev); } } kfree(dev_nr); proto_unregister(&nr_proto); }",linux-2.6,,,53143003684708927711217648619128960426,0 3337,CWE-119,"sf_flac_write_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC__Frame *frame, const int32_t * const buffer [], void *client_data) { SF_PRIVATE *psf = (SF_PRIVATE*) client_data ; FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ; pflac->frame = frame ; pflac->bufferpos = 0 ; pflac->bufferbackup = SF_FALSE ; pflac->wbuffer = buffer ; flac_buffer_copy (psf) ; return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE ; } ",visit repo url,src/flac.c,https://github.com/erikd/libsndfile,259371159964846,1 1310,['CWE-119'],"static unsigned char snmp_trap_decode(struct asn1_ctx *ctx, struct snmp_v1_trap *trap, const struct oct1_map *map, __sum16 *check) { unsigned int cls, con, tag, len; unsigned char *end; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) return 0; if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OJI) return 0; if (!asn1_oid_decode(ctx, end, &trap->id, &trap->id_len)) return 0; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) goto err_id_free; if (!((cls == ASN1_APL && con == ASN1_PRI && tag == SNMP_IPA) || (cls == ASN1_UNI && con == ASN1_PRI && tag == ASN1_OTS))) goto err_id_free; if (!asn1_octets_decode(ctx, end, (unsigned char **)&trap->ip_address, &len)) goto err_id_free; if (len != 4) goto err_addr_free; mangle_address(ctx->begin, ctx->pointer - 4, map, check); if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) goto err_addr_free; if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) goto err_addr_free; if (!asn1_uint_decode(ctx, end, &trap->general)) goto err_addr_free; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) goto err_addr_free; if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT) goto err_addr_free; if (!asn1_uint_decode(ctx, end, &trap->specific)) goto err_addr_free; if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) goto err_addr_free; if (!((cls == ASN1_APL && con == ASN1_PRI && tag == SNMP_TIT) || (cls == ASN1_UNI && con == ASN1_PRI && tag == ASN1_INT))) goto err_addr_free; if (!asn1_ulong_decode(ctx, end, &trap->time)) goto err_addr_free; return 1; err_addr_free: kfree((unsigned long *)trap->ip_address); err_id_free: kfree(trap->id); return 0; }",linux-2.6,,,216677395477819205530579567219380732627,0 1559,[],"find_idlest_cpu(struct sched_group *group, struct task_struct *p, int this_cpu, cpumask_t *tmp) { unsigned long load, min_load = ULONG_MAX; int idlest = -1; int i; cpus_and(*tmp, group->cpumask, p->cpus_allowed); for_each_cpu_mask(i, *tmp) { load = weighted_cpuload(i); if (load < min_load || (load == min_load && i == this_cpu)) { min_load = load; idlest = i; } } return idlest; }",linux-2.6,,,297053349706381052560942526984951450983,0 4733,CWE-835,"lex(struct scanner *s, union lvalue *val) { skip_more_whitespace_and_comments: while (is_space(peek(s))) if (next(s) == '\n') return TOK_END_OF_LINE; if (chr(s, '#')) { skip_to_eol(s); goto skip_more_whitespace_and_comments; } if (eof(s)) return TOK_END_OF_FILE; s->token_line = s->line; s->token_column = s->column; s->buf_pos = 0; if (chr(s, '<')) { while (peek(s) != '>' && !eol(s)) buf_append(s, next(s)); if (!chr(s, '>')) { scanner_err(s, ""unterminated keysym literal""); return TOK_ERROR; } if (!buf_append(s, '\0')) { scanner_err(s, ""keysym literal is too long""); return TOK_ERROR; } val->string.str = s->buf; val->string.len = s->buf_pos; return TOK_LHS_KEYSYM; } if (chr(s, ':')) return TOK_COLON; if (chr(s, '!')) return TOK_BANG; if (chr(s, '~')) return TOK_TILDE; if (chr(s, '\""')) { while (!eof(s) && !eol(s) && peek(s) != '\""') { if (chr(s, '\\')) { uint8_t o; if (chr(s, '\\')) { buf_append(s, '\\'); } else if (chr(s, '""')) { buf_append(s, '""'); } else if (chr(s, 'x') || chr(s, 'X')) { if (hex(s, &o)) buf_append(s, (char) o); else scanner_warn(s, ""illegal hexadecimal escape sequence in string literal""); } else if (oct(s, &o)) { buf_append(s, (char) o); } else { scanner_warn(s, ""unknown escape sequence (%c) in string literal"", peek(s)); } } else { buf_append(s, next(s)); } } if (!chr(s, '\""')) { scanner_err(s, ""unterminated string literal""); return TOK_ERROR; } if (!buf_append(s, '\0')) { scanner_err(s, ""string literal is too long""); return TOK_ERROR; } if (!is_valid_utf8(s->buf, s->buf_pos - 1)) { scanner_err(s, ""string literal is not a valid UTF-8 string""); return TOK_ERROR; } val->string.str = s->buf; val->string.len = s->buf_pos; return TOK_STRING; } if (is_alpha(peek(s)) || peek(s) == '_') { s->buf_pos = 0; while (is_alnum(peek(s)) || peek(s) == '_') buf_append(s, next(s)); if (!buf_append(s, '\0')) { scanner_err(s, ""identifier is too long""); return TOK_ERROR; } if (streq(s->buf, ""include"")) return TOK_INCLUDE; val->string.str = s->buf; val->string.len = s->buf_pos; return TOK_IDENT; } skip_to_eol(s); scanner_err(s, ""unrecognized token""); return TOK_ERROR; }",visit repo url,src/compose/parser.c,https://github.com/xkbcommon/libxkbcommon,63900857673358,1 4413,['CWE-264'],"static inline void assign_proto_idx(struct proto *prot) { }",linux-2.6,,,221777098961826111312461469846228657361,0 5268,CWE-323,"static int oidc_cache_crypto_decrypt_impl(request_rec *r, unsigned char *ciphertext, int ciphertext_len, const unsigned char *aad, int aad_len, const unsigned char *tag, int tag_len, unsigned char *key, const unsigned char *iv, int iv_len, unsigned char *plaintext) { EVP_CIPHER_CTX *ctx; int len; int plaintext_len; int ret; if (!(ctx = EVP_CIPHER_CTX_new())) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_new""); return -1; } if (!EVP_DecryptInit_ex(ctx, OIDC_CACHE_CIPHER, NULL, NULL, NULL)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptInit_ex""); return -1; } if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_SET_IVLEN, iv_len, NULL)) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_ctrl""); return -1; } if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptInit_ex""); return -1; } if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptUpdate aad: aad_len=%d"", aad_len); return -1; } if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptUpdate ciphertext""); return -1; } plaintext_len = len; if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_SET_TAG, tag_len, (void *) tag)) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_ctrl""); return -1; } ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len); EVP_CIPHER_CTX_free(ctx); if (ret > 0) { plaintext_len += len; return plaintext_len; } else { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptFinal_ex""); return -1; } }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,272140247053342,1 3275,CWE-125,"ikev2_sa_print(netdissect_options *ndo, u_char tpay, const struct isakmp_gen *ext1, u_int osa_length, const u_char *ep, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto _U_, int depth) { const struct isakmp_gen *ext; struct isakmp_gen e; u_int sa_length; const u_char *cp; int i; int pcount; u_char np; u_int item_len; ND_TCHECK(*ext1); UNALIGNED_MEMCPY(&e, ext1, sizeof(e)); ikev2_pay_print(ndo, ""sa"", e.critical); osa_length= ntohs(e.len); sa_length = osa_length - 4; ND_PRINT((ndo,"" len=%d"", sa_length)); cp = (const u_char *)(ext1 + 1); pcount = 0; for (np = ISAKMP_NPTYPE_P; np != 0; np = e.np) { pcount++; ext = (const struct isakmp_gen *)cp; if (sa_length < sizeof(*ext)) goto toolong; ND_TCHECK(*ext); UNALIGNED_MEMCPY(&e, ext, sizeof(e)); item_len = ntohs(e.len); if (item_len <= 4) goto trunc; if (sa_length < item_len) goto toolong; ND_TCHECK2(*cp, item_len); depth++; ND_PRINT((ndo,""\n"")); for (i = 0; i < depth; i++) ND_PRINT((ndo,"" "")); ND_PRINT((ndo,""("")); if (np == ISAKMP_NPTYPE_P) { cp = ikev2_p_print(ndo, np, pcount, ext, item_len, ep, depth); if (cp == NULL) { return NULL; } } else { ND_PRINT((ndo, ""%s"", NPSTR(np))); cp += item_len; } ND_PRINT((ndo,"")"")); depth--; sa_length -= item_len; } return cp; toolong: cp += sa_length; ND_PRINT((ndo,"" [|%s]"", NPSTR(tpay))); return cp; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(tpay))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,135864636047739,1 2331,['CWE-120'],"static int may_mknod(mode_t mode) { switch (mode & S_IFMT) { case S_IFREG: case S_IFCHR: case S_IFBLK: case S_IFIFO: case S_IFSOCK: case 0: return 0; case S_IFDIR: return -EPERM; default: return -EINVAL; } }",linux-2.6,,,90997865253691954100807693964356666640,0 6130,['CWE-200'],"static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, enum addr_type_t type) { int idx, ip_idx; int s_idx, s_ip_idx; int err = 1; struct net_device *dev; struct inet6_dev *idev = NULL; struct inet6_ifaddr *ifa; struct ifmcaddr6 *ifmca; struct ifacaddr6 *ifaca; s_idx = cb->args[0]; s_ip_idx = ip_idx = cb->args[1]; read_lock(&dev_base_lock); for (dev = dev_base, idx = 0; dev; dev = dev->next, idx++) { if (idx < s_idx) continue; if (idx > s_idx) s_ip_idx = 0; ip_idx = 0; if ((idev = in6_dev_get(dev)) == NULL) continue; read_lock_bh(&idev->lock); switch (type) { case UNICAST_ADDR: for (ifa = idev->addr_list; ifa; ifa = ifa->if_next, ip_idx++) { if (ip_idx < s_ip_idx) continue; if ((err = inet6_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, RTM_NEWADDR, NLM_F_MULTI)) <= 0) goto done; } #ifdef CONFIG_IPV6_PRIVACY for (ifa = idev->tempaddr_list; ifa; ifa = ifa->tmp_next, ip_idx++) { if (ip_idx < s_ip_idx) continue; if ((err = inet6_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, RTM_NEWADDR, NLM_F_MULTI)) <= 0) goto done; } #endif break; case MULTICAST_ADDR: for (ifmca = idev->mc_list; ifmca; ifmca = ifmca->next, ip_idx++) { if (ip_idx < s_ip_idx) continue; if ((err = inet6_fill_ifmcaddr(skb, ifmca, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, RTM_GETMULTICAST, NLM_F_MULTI)) <= 0) goto done; } break; case ANYCAST_ADDR: for (ifaca = idev->ac_list; ifaca; ifaca = ifaca->aca_next, ip_idx++) { if (ip_idx < s_ip_idx) continue; if ((err = inet6_fill_ifacaddr(skb, ifaca, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, RTM_GETANYCAST, NLM_F_MULTI)) <= 0) goto done; } break; default: break; } read_unlock_bh(&idev->lock); in6_dev_put(idev); } done: if (err <= 0) { read_unlock_bh(&idev->lock); in6_dev_put(idev); } read_unlock(&dev_base_lock); cb->args[0] = idx; cb->args[1] = ip_idx; return skb->len; }",linux-2.6,,,60194136961235652472314137776187626118,0 1228,CWE-400,"void perf_tp_event(u64 addr, u64 count, void *record, int entry_size, struct pt_regs *regs, struct hlist_head *head, int rctx) { struct perf_sample_data data; struct perf_event *event; struct hlist_node *node; struct perf_raw_record raw = { .size = entry_size, .data = record, }; perf_sample_data_init(&data, addr); data.raw = &raw; hlist_for_each_entry_rcu(event, node, head, hlist_entry) { if (perf_tp_event_match(event, &data, regs)) perf_swevent_event(event, count, 1, &data, regs); } perf_swevent_put_recursion_context(rctx); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,56330341729518,1 3733,CWE-125,"static int read_new_config_info (WavpackContext *wpc, WavpackMetadata *wpmd) { int bytecnt = wpmd->byte_length; unsigned char *byteptr = wpmd->data; wpc->version_five = 1; wpc->file_format = wpc->config.qmode = wpc->channel_layout = 0; if (wpc->channel_reordering) { free (wpc->channel_reordering); wpc->channel_reordering = NULL; } if (bytecnt) { wpc->file_format = *byteptr++; wpc->config.qmode = (wpc->config.qmode & ~0xff) | *byteptr++; bytecnt -= 2; if (bytecnt) { int nchans, i; wpc->channel_layout = (int32_t) *byteptr++ << 16; bytecnt--; if (bytecnt) { wpc->channel_layout += nchans = *byteptr++; bytecnt--; if (bytecnt) { if (bytecnt > nchans) return FALSE; wpc->channel_reordering = malloc (nchans); if (wpc->channel_reordering) { for (i = 0; i < nchans; ++i) if (bytecnt) { wpc->channel_reordering [i] = *byteptr++; bytecnt--; } else wpc->channel_reordering [i] = i; } } } else wpc->channel_layout += wpc->config.num_channels; } } return TRUE; }",visit repo url,src/open_utils.c,https://github.com/dbry/WavPack,215536530621628,1 4296,['CWE-264'],"struct mm_struct * mm_alloc(void) { struct mm_struct * mm; mm = allocate_mm(); if (mm) { memset(mm, 0, sizeof(*mm)); mm = mm_init(mm, current); } return mm; }",linux-2.6,,,182801163649556417979402732308251440892,0 4629,CWE-476,"GF_Box *encs_box_new() { ISOM_DECL_BOX_ALLOC(GF_MPEGSampleEntryBox, GF_ISOM_BOX_TYPE_ENCS); gf_isom_sample_entry_init((GF_SampleEntryBox*)tmp); tmp->internal_type = GF_ISOM_SAMPLE_ENTRY_MP4S; return (GF_Box *)tmp; }",visit repo url,src/isomedia/box_code_base.c,https://github.com/gpac/gpac,277136768863228,1 5477,CWE-617,"pci_get_cfgdata32(struct pci_vdev *dev, int offset) { assert(offset <= (PCI_REGMAX - 3) && (offset & 3) == 0); return (*(uint32_t *)(dev->cfgdata + offset)); }",visit repo url,devicemodel/include/pci_core.h,https://github.com/projectacrn/acrn-hypervisor,194429384768400,1 2876,CWE-119,"loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned char **read_ptr) { uint32 i; float xres = 0.0, yres = 0.0; uint16 nstrips = 0, ntiles = 0, planar = 0; uint16 bps = 0, spp = 0, res_unit = 0; uint16 orientation = 0; uint16 input_compression = 0, input_photometric = 0; uint16 subsampling_horiz, subsampling_vert; uint32 width = 0, length = 0; uint32 stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; uint32 tw = 0, tl = 0; uint32 tile_rowsize = 0; unsigned char *read_buff = NULL; unsigned char *new_buff = NULL; int readunit = 0; static uint32 prev_readsize = 0; TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); TIFFGetFieldDefaulted(in, TIFFTAG_ORIENTATION, &orientation); if (! TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric)) TIFFError(""loadImage"",""Image lacks Photometric interpreation tag""); if (! TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width)) TIFFError(""loadimage"",""Image lacks image width tag""); if(! TIFFGetField(in, TIFFTAG_IMAGELENGTH, &length)) TIFFError(""loadimage"",""Image lacks image length tag""); TIFFGetFieldDefaulted(in, TIFFTAG_XRESOLUTION, &xres); TIFFGetFieldDefaulted(in, TIFFTAG_YRESOLUTION, &yres); if (!TIFFGetFieldDefaulted(in, TIFFTAG_RESOLUTIONUNIT, &res_unit)) res_unit = RESUNIT_INCH; if (!TIFFGetField(in, TIFFTAG_COMPRESSION, &input_compression)) input_compression = COMPRESSION_NONE; #ifdef DEBUG2 char compressionid[16]; switch (input_compression) { case COMPRESSION_NONE: strcpy (compressionid, ""None/dump""); break; case COMPRESSION_CCITTRLE: strcpy (compressionid, ""Huffman RLE""); break; case COMPRESSION_CCITTFAX3: strcpy (compressionid, ""Group3 Fax""); break; case COMPRESSION_CCITTFAX4: strcpy (compressionid, ""Group4 Fax""); break; case COMPRESSION_LZW: strcpy (compressionid, ""LZW""); break; case COMPRESSION_OJPEG: strcpy (compressionid, ""Old Jpeg""); break; case COMPRESSION_JPEG: strcpy (compressionid, ""New Jpeg""); break; case COMPRESSION_NEXT: strcpy (compressionid, ""Next RLE""); break; case COMPRESSION_CCITTRLEW: strcpy (compressionid, ""CITTRLEW""); break; case COMPRESSION_PACKBITS: strcpy (compressionid, ""Mac Packbits""); break; case COMPRESSION_THUNDERSCAN: strcpy (compressionid, ""Thunderscan""); break; case COMPRESSION_IT8CTPAD: strcpy (compressionid, ""IT8 padded""); break; case COMPRESSION_IT8LW: strcpy (compressionid, ""IT8 RLE""); break; case COMPRESSION_IT8MP: strcpy (compressionid, ""IT8 mono""); break; case COMPRESSION_IT8BL: strcpy (compressionid, ""IT8 lineart""); break; case COMPRESSION_PIXARFILM: strcpy (compressionid, ""Pixar 10 bit""); break; case COMPRESSION_PIXARLOG: strcpy (compressionid, ""Pixar 11bit""); break; case COMPRESSION_DEFLATE: strcpy (compressionid, ""Deflate""); break; case COMPRESSION_ADOBE_DEFLATE: strcpy (compressionid, ""Adobe deflate""); break; default: strcpy (compressionid, ""None/unknown""); break; } TIFFError(""loadImage"", ""Input compression %s"", compressionid); #endif scanlinesize = TIFFScanlineSize(in); image->bps = bps; image->spp = spp; image->planar = planar; image->width = width; image->length = length; image->xres = xres; image->yres = yres; image->res_unit = res_unit; image->compression = input_compression; image->photometric = input_photometric; #ifdef DEBUG2 char photometricid[12]; switch (input_photometric) { case PHOTOMETRIC_MINISWHITE: strcpy (photometricid, ""MinIsWhite""); break; case PHOTOMETRIC_MINISBLACK: strcpy (photometricid, ""MinIsBlack""); break; case PHOTOMETRIC_RGB: strcpy (photometricid, ""RGB""); break; case PHOTOMETRIC_PALETTE: strcpy (photometricid, ""Palette""); break; case PHOTOMETRIC_MASK: strcpy (photometricid, ""Mask""); break; case PHOTOMETRIC_SEPARATED: strcpy (photometricid, ""Separated""); break; case PHOTOMETRIC_YCBCR: strcpy (photometricid, ""YCBCR""); break; case PHOTOMETRIC_CIELAB: strcpy (photometricid, ""CIELab""); break; case PHOTOMETRIC_ICCLAB: strcpy (photometricid, ""ICCLab""); break; case PHOTOMETRIC_ITULAB: strcpy (photometricid, ""ITULab""); break; case PHOTOMETRIC_LOGL: strcpy (photometricid, ""LogL""); break; case PHOTOMETRIC_LOGLUV: strcpy (photometricid, ""LOGLuv""); break; default: strcpy (photometricid, ""Unknown""); break; } TIFFError(""loadImage"", ""Input photometric interpretation %s"", photometricid); #endif image->orientation = orientation; switch (orientation) { case 0: case ORIENTATION_TOPLEFT: image->adjustments = 0; break; case ORIENTATION_TOPRIGHT: image->adjustments = MIRROR_HORIZ; break; case ORIENTATION_BOTRIGHT: image->adjustments = ROTATECW_180; break; case ORIENTATION_BOTLEFT: image->adjustments = MIRROR_VERT; break; case ORIENTATION_LEFTTOP: image->adjustments = MIRROR_VERT | ROTATECW_90; break; case ORIENTATION_RIGHTTOP: image->adjustments = ROTATECW_90; break; case ORIENTATION_RIGHTBOT: image->adjustments = MIRROR_VERT | ROTATECW_270; break; case ORIENTATION_LEFTBOT: image->adjustments = ROTATECW_270; break; default: image->adjustments = 0; image->orientation = ORIENTATION_TOPLEFT; } if ((bps == 0) || (spp == 0)) { TIFFError(""loadImage"", ""Invalid samples per pixel (%d) or bits per sample (%d)"", spp, bps); return (-1); } if (TIFFIsTiled(in)) { readunit = TILE; tlsize = TIFFTileSize(in); ntiles = TIFFNumberOfTiles(in); TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); tile_rowsize = TIFFTileRowSize(in); if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) { TIFFError(""loadImage"", ""File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.""); exit(-1); } buffsize = tlsize * ntiles; if (tlsize != (buffsize / ntiles)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) { buffsize = ntiles * tl * tile_rowsize; if (ntiles != (buffsize / tl / tile_rowsize)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } #ifdef DEBUG2 TIFFError(""loadImage"", ""Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu"", tlsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Tilesize: %u, Number of Tiles: %u, Tile row size: %u"", tlsize, ntiles, tile_rowsize); } else { uint32 buffsize_check; readunit = STRIP; TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); stsize = TIFFStripSize(in); nstrips = TIFFNumberOfStrips(in); if (nstrips == 0 || stsize == 0) { TIFFError(""loadImage"", ""File appears to be striped, but the number of stipes or stripe size is zero.""); exit(-1); } buffsize = stsize * nstrips; if (stsize != (buffsize / nstrips)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } buffsize_check = ((length * width * spp * bps) + 7); if (length != ((buffsize_check - 7) / width / spp / bps)) { TIFFError(""loadImage"", ""Integer overflow detected.""); exit(-1); } if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) { buffsize = ((length * width * spp * bps) + 7) / 8; #ifdef DEBUG2 TIFFError(""loadImage"", ""Stripsize %u is too small, using imagelength * width * spp * bps / 8 = %lu"", stsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Stripsize: %u, Number of Strips: %u, Rows per Strip: %u, Scanline size: %u"", stsize, nstrips, rowsperstrip, scanlinesize); } if (input_compression == COMPRESSION_JPEG) { jpegcolormode = JPEGCOLORMODE_RGB; TIFFSetField(in, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { if (input_photometric == PHOTOMETRIC_YCBCR) { TIFFGetFieldDefaulted(in, TIFFTAG_YCBCRSUBSAMPLING, &subsampling_horiz, &subsampling_vert); if (subsampling_horiz != 1 || subsampling_vert != 1) { TIFFError(""loadImage"", ""Can't copy/convert subsampled image with subsampling %d horiz %d vert"", subsampling_horiz, subsampling_vert); return (-1); } } } read_buff = *read_ptr; if (!read_buff) read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); else { if (prev_readsize < buffsize) { new_buff = _TIFFrealloc(read_buff, buffsize+3); if (!new_buff) { free (read_buff); read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); } else read_buff = new_buff; } } if (!read_buff) { TIFFError(""loadImage"", ""Unable to allocate/reallocate read buffer""); return (-1); } read_buff[buffsize] = 0; read_buff[buffsize+1] = 0; read_buff[buffsize+2] = 0; prev_readsize = buffsize; *read_ptr = read_buff; switch (readunit) { case STRIP: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigStripsIntoBuffer(in, read_buff))) { TIFFError(""loadImage"", ""Unable to read contiguous strips into buffer""); return (-1); } } else { if (!(readSeparateStripsIntoBuffer(in, read_buff, length, width, spp, dump))) { TIFFError(""loadImage"", ""Unable to read separate strips into buffer""); return (-1); } } break; case TILE: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read contiguous tiles into buffer""); return (-1); } } else { if (!(readSeparateTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read separate tiles into buffer""); return (-1); } } break; default: TIFFError(""loadImage"", ""Unsupported image file format""); return (-1); break; } if ((dump->infile != NULL) && (dump->level == 2)) { dump_info (dump->infile, dump->format, ""loadImage"", ""Image width %d, length %d, Raw image data, %4d bytes"", width, length, buffsize); dump_info (dump->infile, dump->format, """", ""Bits per sample %d, Samples per pixel %d"", bps, spp); for (i = 0; i < length; i++) dump_buffer(dump->infile, dump->format, 1, scanlinesize, i, read_buff + (i * scanlinesize)); } return (0); } ",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,240254658313187,1 3958,CWE-284,"int socket_accept(int fd, uint16_t port) { #ifdef WIN32 int addr_len; #else socklen_t addr_len; #endif int result; struct sockaddr_in addr; memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; addr.sin_addr.s_addr = htonl(INADDR_ANY); addr.sin_port = htons(port); addr_len = sizeof(addr); result = accept(fd, (struct sockaddr*)&addr, &addr_len); return result; }",visit repo url,common/socket.c,https://github.com/libimobiledevice/libusbmuxd,130152622002592,1 6641,CWE-125,"load_header (XwdLoader *loader) { XwdHeader *h = &loader->header; XwdHeader in; const guint32 *p = (const guint32 *) ∈ if (!file_mapping_taste (loader->mapping, &in, 0, sizeof (in))) return FALSE; h->header_size = g_ntohl (*(p++)); h->file_version = g_ntohl (*(p++)); h->pixmap_format = g_ntohl (*(p++)); h->pixmap_depth = g_ntohl (*(p++)); h->pixmap_width = g_ntohl (*(p++)); h->pixmap_height = g_ntohl (*(p++)); h->x_offset = g_ntohl (*(p++)); h->byte_order = g_ntohl (*(p++)); h->bitmap_unit = g_ntohl (*(p++)); h->bitmap_bit_order = g_ntohl (*(p++)); h->bitmap_pad = g_ntohl (*(p++)); h->bits_per_pixel = g_ntohl (*(p++)); h->bytes_per_line = g_ntohl (*(p++)); h->visual_class = g_ntohl (*(p++)); h->red_mask = g_ntohl (*(p++)); h->green_mask = g_ntohl (*(p++)); h->blue_mask = g_ntohl (*(p++)); h->bits_per_rgb = g_ntohl (*(p++)); h->color_map_entries = g_ntohl (*(p++)); h->n_colors = g_ntohl (*(p++)); h->window_width = g_ntohl (*(p++)); h->window_height = g_ntohl (*(p++)); h->window_x = g_ntohl (*(p++)); h->window_y = g_ntohl (*(p++)); h->window_border_width = g_ntohl (*(p++)); ASSERT_HEADER (h->header_size >= sizeof (XwdHeader)); ASSERT_HEADER (h->file_version == 7); ASSERT_HEADER (h->pixmap_depth == 24); ASSERT_HEADER (h->bits_per_rgb == 8 || h->bits_per_rgb == 24); ASSERT_HEADER (h->bytes_per_line >= h->pixmap_width * (h->bits_per_pixel / 8)); ASSERT_HEADER (compute_pixel_type (loader) < CHAFA_PIXEL_MAX); loader->file_data = file_mapping_get_data (loader->mapping, &loader->file_data_len); if (!loader->file_data) return FALSE; ASSERT_HEADER (loader->file_data_len >= h->header_size + h->n_colors * sizeof (XwdColor) + h->pixmap_height * h->bytes_per_line); loader->image_data = (const guint8 *) loader->file_data + h->header_size + h->n_colors * sizeof (XwdColor); return TRUE; }",visit repo url,tools/chafa/xwd-loader.c,https://github.com/hpjansson/chafa,80253374690960,1 1280,[],"builtin_init (void) { const builtin *bp; const predefined *pp; char *string; for (bp = &builtin_tab[0]; bp->name != NULL; bp++) if (!no_gnu_extensions || !bp->gnu_extension) { if (prefix_all_builtins) { string = (char *) xmalloc (strlen (bp->name) + 4); strcpy (string, ""m4_""); strcat (string, bp->name); define_builtin (string, bp, SYMBOL_INSERT); free (string); } else define_builtin (bp->name, bp, SYMBOL_INSERT); } for (pp = &predefined_tab[0]; pp->func != NULL; pp++) if (no_gnu_extensions) { if (pp->unix_name != NULL) define_user_macro (pp->unix_name, pp->func, SYMBOL_INSERT); } else { if (pp->gnu_name != NULL) define_user_macro (pp->gnu_name, pp->func, SYMBOL_INSERT); } }",m4,,,99568625634287903529793094352559965595,0 1087,['CWE-20'],"int blocking_notifier_chain_register(struct blocking_notifier_head *nh, struct notifier_block *n) { int ret; if (unlikely(system_state == SYSTEM_BOOTING)) return notifier_chain_register(&nh->head, n); down_write(&nh->rwsem); ret = notifier_chain_register(&nh->head, n); up_write(&nh->rwsem); return ret; }",linux-2.6,,,172638901418899641144886264002644681273,0 3823,['CWE-120'],"static __u32 uvc_colorspace(const __u8 primaries) { static const __u8 colorprimaries[] = { 0, V4L2_COLORSPACE_SRGB, V4L2_COLORSPACE_470_SYSTEM_M, V4L2_COLORSPACE_470_SYSTEM_BG, V4L2_COLORSPACE_SMPTE170M, V4L2_COLORSPACE_SMPTE240M, }; if (primaries < ARRAY_SIZE(colorprimaries)) return colorprimaries[primaries]; return 0; }",linux-2.6,,,250787406220535228429805592569731820965,0 3751,[],"static int unix_autobind(struct socket *sock) { struct sock *sk = sock->sk; struct net *net = sock_net(sk); struct unix_sock *u = unix_sk(sk); static u32 ordernum = 1; struct unix_address * addr; int err; mutex_lock(&u->readlock); err = 0; if (u->addr) goto out; err = -ENOMEM; addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL); if (!addr) goto out; addr->name->sun_family = AF_UNIX; atomic_set(&addr->refcnt, 1); retry: addr->len = sprintf(addr->name->sun_path+1, ""%05x"", ordernum) + 1 + sizeof(short); addr->hash = unix_hash_fold(csum_partial((void*)addr->name, addr->len, 0)); spin_lock(&unix_table_lock); ordernum = (ordernum+1)&0xFFFFF; if (__unix_find_socket_byname(net, addr->name, addr->len, sock->type, addr->hash)) { spin_unlock(&unix_table_lock); if (!(ordernum&0xFF)) yield(); goto retry; } addr->hash ^= sk->sk_type; __unix_remove_socket(sk); u->addr = addr; __unix_insert_socket(&unix_socket_table[addr->hash], sk); spin_unlock(&unix_table_lock); err = 0; out: mutex_unlock(&u->readlock); return err; }",linux-2.6,,,323193332046829875379439603772413531600,0 4794,CWE-119,"sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; unsigned char buff[128]; int r, i; size_t field_length = 0, modulus_length = 0; sc_path_t tmppath; set_string (&p15card->tokeninfo->label, ""ID-kaart""); set_string (&p15card->tokeninfo->manufacturer_id, ""AS Sertifitseerimiskeskus""); sc_format_path (""3f00eeee5044"", &tmppath); r = sc_select_file (card, &tmppath, NULL); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""select esteid PD failed""); r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""read document number failed""); buff[r] = '\0'; set_string (&p15card->tokeninfo->serial_number, (const char *) buff); p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT | SC_PKCS15_TOKEN_READONLY; for (i = 0; i < 2; i++) { static const char *esteid_cert_names[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; static char const *esteid_cert_paths[2] = { ""3f00eeeeaace"", ""3f00eeeeddce""}; static int esteid_cert_ids[2] = {1, 2}; struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); cert_info.id.value[0] = esteid_cert_ids[i]; cert_info.id.len = 1; sc_format_path(esteid_cert_paths[i], &cert_info.path); strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label)); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; if (i == 0) { sc_pkcs15_cert_t *cert = NULL; r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); if (r < 0) return SC_ERROR_INTERNAL; if (cert->key->algorithm == SC_ALGORITHM_EC) field_length = cert->key->u.ec.params.field_length; else modulus_length = cert->key->u.rsa.modulus.len * 8; if (r == SC_SUCCESS) { static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }}; u8 *cn_name = NULL; size_t cn_len = 0; sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len); if (cn_len > 0) { char *token_name = malloc(cn_len+1); if (token_name) { memcpy(token_name, cn_name, cn_len); token_name[cn_len] = '\0'; set_string(&p15card->tokeninfo->label, (const char*)token_name); free(token_name); } } free(cn_name); sc_pkcs15_free_certificate(cert); } } } sc_format_path (""3f000016"", &tmppath); r = sc_select_file (card, &tmppath, NULL); if (r < 0) return SC_ERROR_INTERNAL; for (i = 0; i < 3; i++) { unsigned char tries_left; static const char *esteid_pin_names[3] = { ""PIN1"", ""PIN2"", ""PUK"" }; static const int esteid_pin_min[3] = {4, 5, 8}; static const int esteid_pin_ref[3] = {1, 2, 0}; static const int esteid_pin_authid[3] = {1, 2, 3}; static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN}; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = esteid_pin_authid[i]; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = esteid_pin_ref[i]; pin_info.attrs.pin.flags = esteid_pin_flags[i]; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = esteid_pin_min[i]; pin_info.attrs.pin.stored_length = 12; pin_info.attrs.pin.max_length = 12; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = (int)tries_left; pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; if (i < 2) { pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 3; } r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) return SC_ERROR_INTERNAL; } for (i = 0; i < 2; i++) { static int prkey_pin[2] = {1, 2}; static const char *prkey_name[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); prkey_info.id.len = 1; prkey_info.id.value[0] = prkey_pin[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; prkey_info.field_length = field_length; prkey_info.modulus_length = modulus_length; if (i == 1) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; else if(field_length > 0) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE; else prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; prkey_obj.auth_id.value[0] = prkey_pin[i]; prkey_obj.user_consent = 0; prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; if(field_length > 0) r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); else r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if (r < 0) return SC_ERROR_INTERNAL; } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-esteid.c,https://github.com/OpenSC/OpenSC,125994446105878,1 3645,CWE-119,"static pfunc check_literal(struct jv_parser* p) { if (p->tokenpos == 0) return 0; const char* pattern = 0; int plen; jv v; switch (p->tokenbuf[0]) { case 't': pattern = ""true""; plen = 4; v = jv_true(); break; case 'f': pattern = ""false""; plen = 5; v = jv_false(); break; case 'n': pattern = ""null""; plen = 4; v = jv_null(); break; } if (pattern) { if (p->tokenpos != plen) return ""Invalid literal""; for (int i=0; itokenbuf[i] != pattern[i]) return ""Invalid literal""; TRY(value(p, v)); } else { p->tokenbuf[p->tokenpos] = 0; char* end = 0; double d = jvp_strtod(&p->dtoa, p->tokenbuf, &end); if (end == 0 || *end != 0) return ""Invalid numeric literal""; TRY(value(p, jv_number(d))); } p->tokenpos = 0; return 0; }",visit repo url,src/jv_parse.c,https://github.com/stedolan/jq,219968201932903,1 6558,['CWE-200'],"G_DEFINE_TYPE (NMConnectionList, nm_connection_list, G_TYPE_OBJECT) enum { LIST_DONE, LIST_LAST_SIGNAL };",network-manager-applet,,,309882045085938158761196754387108100348,0 1247,[],"m4_m4wrap (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 2, -1)) return; if (no_gnu_extensions) obstack_grow (obs, ARG (1), strlen (ARG (1))); else dump_args (obs, argc, argv, "" "", false); obstack_1grow (obs, '\0'); push_wrapup ((char *) obstack_finish (obs)); }",m4,,,183188653411785196769473270050769674496,0 4576,['CWE-399'],"int ext4_can_truncate(struct inode *inode) { if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) return 0; if (S_ISREG(inode->i_mode)) return 1; if (S_ISDIR(inode->i_mode)) return 1; if (S_ISLNK(inode->i_mode)) return !ext4_inode_is_fast_symlink(inode); return 0; }",linux-2.6,,,15214371496751860991389458509205995829,0 876,CWE-20,"static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); int noblock = flags & MSG_DONTWAIT; struct sk_buff *skb; int err; int peeked, skip; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; msg->msg_namelen = 0; err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); goto out; } skip = sk_peek_offset(sk, flags); skb = __skb_recv_datagram(sk, flags, &peeked, &skip, &err); if (!skb) { unix_state_lock(sk); if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN && (sk->sk_shutdown & RCV_SHUTDOWN)) err = 0; unix_state_unlock(sk); goto out_unlock; } wake_up_interruptible_sync_poll(&u->peer_wait, POLLOUT | POLLWRNORM | POLLWRBAND); if (msg->msg_name) unix_copy_addr(msg, skb->sk); if (size > skb->len - skip) size = skb->len - skip; else if (size < skb->len - skip) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, skip, msg->msg_iov, size); if (err) goto out_free; if (sock_flag(sk, SOCK_RCVTSTAMP)) __sock_recv_timestamp(msg, sk, skb); if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); unix_set_secdata(siocb->scm, skb); if (!(flags & MSG_PEEK)) { if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); sk_peek_offset_bwd(sk, skb->len); } else { sk_peek_offset_fwd(sk, size); if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); } err = (flags & MSG_TRUNC) ? skb->len - skip : size; scm_recv(sock, msg, siocb->scm, flags); out_free: skb_free_datagram(sk, skb); out_unlock: mutex_unlock(&u->readlock); out: return err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,179527283060615,1 2577,[],"static struct attr_stack *read_attr_from_array(const char **list) { struct attr_stack *res; const char *line; int lineno = 0; res = xcalloc(1, sizeof(*res)); while ((line = *(list++)) != NULL) handle_attr_line(res, line, ""[builtin]"", ++lineno, 1); return res; }",git,,,329036139241442351470562882923399989216,0 5431,['CWE-476'],"static struct kvm_io_device *vcpu_find_mmio_dev(struct kvm_vcpu *vcpu, gpa_t addr, int len, int is_write) { struct kvm_io_device *dev; dev = vcpu_find_pervcpu_dev(vcpu, addr, len, is_write); if (dev == NULL) dev = kvm_io_bus_find_dev(&vcpu->kvm->mmio_bus, addr, len, is_write); return dev; }",linux-2.6,,,47538337440148545540560799443346540025,0 770,CWE-20,"static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); struct sk_buff *skb; size_t copied; int err; IRDA_DEBUG(4, ""%s()\n"", __func__); msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) return err; skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { IRDA_DEBUG(2, ""%s(), Received truncated frame (%zd < %zd)!\n"", __func__, copied, size); copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",visit repo url,net/irda/af_irda.c,https://github.com/torvalds/linux,97188153830666,1 1829,CWE-367,"int nfc_dev_down(struct nfc_dev *dev) { int rc = 0; pr_debug(""dev_name=%s\n"", dev_name(&dev->dev)); device_lock(&dev->dev); if (!device_is_registered(&dev->dev)) { rc = -ENODEV; goto error; } if (!dev->dev_up) { rc = -EALREADY; goto error; } if (dev->polling || dev->active_target) { rc = -EBUSY; goto error; } if (dev->ops->dev_down) dev->ops->dev_down(dev); dev->dev_up = false; error: device_unlock(&dev->dev); return rc; }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,3058991995205,1 1583,[],"asmlinkage long sys_sched_get_priority_min(int policy) { int ret = -EINVAL; switch (policy) { case SCHED_FIFO: case SCHED_RR: ret = 1; break; case SCHED_NORMAL: case SCHED_BATCH: case SCHED_IDLE: ret = 0; } return ret; }",linux-2.6,,,232734471921075619427632545535524122925,0 6525,['CWE-20'],"static inline int emulate_grp9(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops, unsigned long memop) { struct decode_cache *c = &ctxt->decode; u64 old, new; int rc; rc = ops->read_emulated(memop, &old, 8, ctxt->vcpu); if (rc != 0) return rc; if (((u32) (old >> 0) != (u32) c->regs[VCPU_REGS_RAX]) || ((u32) (old >> 32) != (u32) c->regs[VCPU_REGS_RDX])) { c->regs[VCPU_REGS_RAX] = (u32) (old >> 0); c->regs[VCPU_REGS_RDX] = (u32) (old >> 32); ctxt->eflags &= ~EFLG_ZF; } else { new = ((u64)c->regs[VCPU_REGS_RCX] << 32) | (u32) c->regs[VCPU_REGS_RBX]; rc = ops->cmpxchg_emulated(memop, &old, &new, 8, ctxt->vcpu); if (rc != 0) return rc; ctxt->eflags |= EFLG_ZF; } return 0; }",kvm,,,272287502140000631883156687428580537457,0 2637,CWE-125,"PHP_FUNCTION( locale_get_script ) { get_icu_value_src_php( LOC_SCRIPT_TAG , INTERNAL_FUNCTION_PARAM_PASSTHRU ); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,135213313646288,1 1734,CWE-20,"static inline void arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm) { if (oldmm->context.asce_limit < mm->context.asce_limit) crst_table_downgrade(mm, oldmm->context.asce_limit); }",visit repo url,arch/s390/include/asm/mmu_context.h,https://github.com/torvalds/linux,52089541720407,1 6029,['CWE-200'],"static void addrconf_add_mroute(struct net_device *dev) { struct in6_rtmsg rtmsg; memset(&rtmsg, 0, sizeof(rtmsg)); ipv6_addr_set(&rtmsg.rtmsg_dst, htonl(0xFF000000), 0, 0, 0); rtmsg.rtmsg_dst_len = 8; rtmsg.rtmsg_metric = IP6_RT_PRIO_ADDRCONF; rtmsg.rtmsg_ifindex = dev->ifindex; rtmsg.rtmsg_flags = RTF_UP; rtmsg.rtmsg_type = RTMSG_NEWROUTE; ip6_route_add(&rtmsg, NULL, NULL, NULL); }",linux-2.6,,,327839658391010774037896549580419010500,0 994,['CWE-94'],"asmlinkage long sys_splice(int fd_in, loff_t __user *off_in, int fd_out, loff_t __user *off_out, size_t len, unsigned int flags) { long error; struct file *in, *out; int fput_in, fput_out; if (unlikely(!len)) return 0; error = -EBADF; in = fget_light(fd_in, &fput_in); if (in) { if (in->f_mode & FMODE_READ) { out = fget_light(fd_out, &fput_out); if (out) { if (out->f_mode & FMODE_WRITE) error = do_splice(in, off_in, out, off_out, len, flags); fput_light(out, fput_out); } } fput_light(in, fput_in); } return error; }",linux-2.6,,,152166006142903464301404411001113889461,0 2474,CWE-119,"initpyfribidi (void) { PyObject *module; module = Py_InitModule3 (""pyfribidi"", PyfribidiMethods, _pyfribidi__doc__); PyModule_AddIntConstant (module, ""RTL"", (long) FRIBIDI_TYPE_RTL); PyModule_AddIntConstant (module, ""LTR"", (long) FRIBIDI_TYPE_LTR); PyModule_AddIntConstant (module, ""ON"", (long) FRIBIDI_TYPE_ON); PyModule_AddStringConstant (module, ""__author__"", ""Yaacov Zamir and Nir Soffer""); }",visit repo url,pyfribidi.c,https://github.com/pediapress/pyfribidi,246455353699081,1 6715,CWE-119,"dumpppp(f) FILE *f; { int c, n, k; int nb, nl, dn, proto, rv; char *dir, *q; unsigned char *p, *r, *endp; unsigned char *d; unsigned short fcs; struct pkt *pkt; spkt.cnt = rpkt.cnt = 0; spkt.esc = rpkt.esc = 0; while ((c = getc(f)) != EOF) { switch (c) { case 1: case 2: if (reverse) c = 3 - c; dir = c==1? ""sent"": ""rcvd""; pkt = c==1? &spkt: &rpkt; n = getc(f); n = (n << 8) + getc(f); *(c==1? &tot_sent: &tot_rcvd) += n; for (; n > 0; --n) { c = getc(f); switch (c) { case EOF: printf(""\nEOF\n""); if (spkt.cnt > 0) printf(""[%d bytes in incomplete send packet]\n"", spkt.cnt); if (rpkt.cnt > 0) printf(""[%d bytes in incomplete recv packet]\n"", rpkt.cnt); exit(0); case '~': if (pkt->cnt > 0) { q = dir; if (pkt->esc) { printf(""%s aborted packet:\n "", dir); q = "" ""; } nb = pkt->cnt; p = pkt->buf; pkt->cnt = 0; pkt->esc = 0; if (nb <= 2) { printf(""%s short packet [%d bytes]:"", q, nb); for (k = 0; k < nb; ++k) printf("" %.2x"", p[k]); printf(""\n""); break; } fcs = PPP_INITFCS; for (k = 0; k < nb; ++k) fcs = PPP_FCS(fcs, p[k]); fcs &= 0xFFFF; nb -= 2; endp = p + nb; r = p; if (r[0] == 0xff && r[1] == 3) r += 2; if ((r[0] & 1) == 0) ++r; ++r; if (endp - r > mru) printf("" ERROR: length (%zd) > MRU (%d)\n"", endp - r, mru); if (decompress && fcs == PPP_GOODFCS) { d = dbuf; r = p; if (r[0] == 0xff && r[1] == 3) { *d++ = *r++; *d++ = *r++; } proto = r[0]; if ((proto & 1) == 0) proto = (proto << 8) + r[1]; if (proto == PPP_CCP) { handle_ccp(pkt, r + 2, endp - r - 2); } else if (proto == PPP_COMP) { if ((pkt->flags & CCP_ISUP) && (pkt->flags & CCP_DECOMP_RUN) && pkt->state && (pkt->flags & CCP_ERR) == 0) { rv = pkt->comp->decompress(pkt->state, r, endp - r, d, &dn); switch (rv) { case DECOMP_OK: p = dbuf; nb = d + dn - p; if ((d[0] & 1) == 0) --dn; --dn; if (dn > mru) printf("" ERROR: decompressed length (%d) > MRU (%d)\n"", dn, mru); break; case DECOMP_ERROR: printf("" DECOMPRESSION ERROR\n""); pkt->flags |= CCP_ERROR; break; case DECOMP_FATALERROR: printf("" FATAL DECOMPRESSION ERROR\n""); pkt->flags |= CCP_FATALERROR; break; } } } else if (pkt->state && (pkt->flags & CCP_DECOMP_RUN)) { pkt->comp->incomp(pkt->state, r, endp - r); } } do { nl = nb < 16? nb: 16; printf(""%s "", q); for (k = 0; k < nl; ++k) printf("" %.2x"", p[k]); for (; k < 16; ++k) printf("" ""); printf("" ""); for (k = 0; k < nl; ++k) { c = p[k]; putchar((' ' <= c && c <= '~')? c: '.'); } printf(""\n""); q = "" ""; p += nl; nb -= nl; } while (nb > 0); if (fcs != PPP_GOODFCS) printf("" BAD FCS: (residue = %x)\n"", fcs); } break; case '}': if (!pkt->esc) { pkt->esc = 1; break; } default: if (pkt->esc) { c ^= 0x20; pkt->esc = 0; } pkt->buf[pkt->cnt++] = c; break; } } break; case 3: case 4: if (reverse) c = 7 - c; dir = c==3? ""send"": ""recv""; pkt = c==3? &spkt: &rpkt; printf(""end %s"", dir); if (pkt->cnt > 0) printf("" [%d bytes in incomplete packet]"", pkt->cnt); printf(""\n""); break; case 5: case 6: case 7: show_time(f, c); break; default: printf(""?%.2x\n"", c); } } }",visit repo url,pppdump/pppdump.c,https://github.com/ppp-project/ppp,260566365449916,1 5474,CWE-617,"pci_get_cfgdata16(struct pci_vdev *dev, int offset) { assert(offset <= (PCI_REGMAX - 1) && (offset & 1) == 0); return (*(uint16_t *)(dev->cfgdata + offset)); }",visit repo url,devicemodel/include/pci_core.h,https://github.com/projectacrn/acrn-hypervisor,10292116941843,1 4464,['CWE-264'],"unsigned long smt_get_time(void) { return jiffies; } ",linux-2.6,,,48732052925725945052971654220772842012,0 1686,[],"void __sched io_schedule(void) { struct rq *rq = &__raw_get_cpu_var(runqueues); delayacct_blkio_start(); atomic_inc(&rq->nr_iowait); schedule(); atomic_dec(&rq->nr_iowait); delayacct_blkio_end(); }",linux-2.6,,,52221034908215761745994662834764644243,0 6698,CWE-90,"static char *get_cert_prompt(TALLOC_CTX *mem_ctx, struct cert_auth_info *cert_info) { int ret; struct sss_certmap_ctx *ctx = NULL; unsigned char *der = NULL; size_t der_size; char *prompt = NULL; char *filter = NULL; char **domains = NULL; ret = sss_certmap_init(mem_ctx, NULL, NULL, &ctx); if (ret != 0) { DEBUG(SSSDBG_OP_FAILURE, ""sss_certmap_init failed.\n""); return NULL; } ret = sss_certmap_add_rule(ctx, 10, ""KRB5:.*"", ""LDAP:{subject_dn!nss}"", NULL); if (ret != 0) { DEBUG(SSSDBG_OP_FAILURE, ""sss_certmap_add_rule failed.\n""); goto done; } der = sss_base64_decode(mem_ctx, sss_cai_get_cert(cert_info), &der_size); if (der == NULL) { DEBUG(SSSDBG_OP_FAILURE, ""sss_base64_decode failed.\n""); goto done; } ret = sss_certmap_get_search_filter(ctx, der, der_size, &filter, &domains); if (ret != 0) { DEBUG(SSSDBG_OP_FAILURE, ""sss_certmap_get_search_filter failed.\n""); goto done; } prompt = talloc_asprintf(mem_ctx, ""%s\n%s"", sss_cai_get_label(cert_info), filter); if (prompt == NULL) { DEBUG(SSSDBG_OP_FAILURE, ""talloc_strdup failed.\n""); } done: sss_certmap_free_filter_and_domains(filter, domains); sss_certmap_free_ctx(ctx); talloc_free(der); return prompt; }",visit repo url,src/responder/pam/pamsrv_p11.c,https://github.com/SSSD/sssd,105511076973812,1 6432,['CWE-190'],"create_gimp_image (PSDimage *img_a, const gchar *filename) { gint32 image_id = -1; switch (img_a->color_mode) { case PSD_GRAYSCALE: case PSD_DUOTONE: img_a->base_type = GIMP_GRAY; break; case PSD_BITMAP: case PSD_INDEXED: img_a->base_type = GIMP_INDEXED; break; case PSD_RGB: img_a->base_type = GIMP_RGB; break; default: g_warning (""Invalid color mode""); return -1; break; } IFDBG(2) g_debug (""Create image""); image_id = gimp_image_new (img_a->columns, img_a->rows, img_a->base_type); gimp_image_set_filename (image_id, filename); gimp_image_undo_disable (image_id); return image_id; }",gimp,,,181506015408088566107921841160366089125,0 6650,CWE-787,"void iwjson_ftoa(long double val, char buf[static IWNUMBUF_SIZE], size_t *out_len) { int len = snprintf(buf, 64, ""%.8Lf"", val); if (len <= 0) { buf[0] = '\0'; *out_len = 0; return; } while (len > 0 && buf[len - 1] == '0') { buf[len - 1] = '\0'; len--; } if ((len > 0) && (buf[len - 1] == '.')) { buf[len - 1] = '\0'; len--; } *out_len = (size_t) len; }",visit repo url,src/json/iwjson.c,https://github.com/Softmotions/iowow,83124493100708,1 2526,CWE-20,"check_symlinks(struct archive_write_disk *a) { #if !defined(HAVE_LSTAT) (void)a; return (ARCHIVE_OK); #else char *pn; char c; int r; struct stat st; pn = a->name; if (archive_strlen(&(a->path_safe)) > 0) { char *p = a->path_safe.s; while ((*pn != '\0') && (*p == *pn)) ++p, ++pn; } if(pn == a->name && pn[0] == '/') ++pn; c = pn[0]; while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) { while (*pn != '\0' && *pn != '/') ++pn; c = pn[0]; pn[0] = '\0'; r = lstat(a->name, &st); if (r != 0) { if (errno == ENOENT) { break; } else { return (ARCHIVE_FAILED); } } else if (S_ISLNK(st.st_mode)) { if (c == '\0') { if (unlink(a->name)) { archive_set_error(&a->archive, errno, ""Could not remove symlink %s"", a->name); pn[0] = c; return (ARCHIVE_FAILED); } a->pst = NULL; if (!S_ISLNK(a->mode)) { archive_set_error(&a->archive, 0, ""Removing symlink %s"", a->name); } pn[0] = c; return (0); } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) { if (unlink(a->name) != 0) { archive_set_error(&a->archive, 0, ""Cannot remove intervening symlink %s"", a->name); pn[0] = c; return (ARCHIVE_FAILED); } a->pst = NULL; } else { archive_set_error(&a->archive, 0, ""Cannot extract through symlink %s"", a->name); pn[0] = c; return (ARCHIVE_FAILED); } } pn[0] = c; if (pn[0] != '\0') pn++; } pn[0] = c; archive_strcpy(&a->path_safe, a->name); return (ARCHIVE_OK); #endif }",visit repo url,libarchive/archive_write_disk_posix.c,https://github.com/libarchive/libarchive,213374845783239,1 631,['CWE-189'],"int ieee80211_rx(struct ieee80211_device *ieee, struct sk_buff *skb, struct ieee80211_rx_stats *rx_stats) { struct net_device *dev = ieee->dev; struct ieee80211_hdr_4addr *hdr; size_t hdrlen; u16 fc, type, stype, sc; struct net_device_stats *stats; unsigned int frag; u8 *payload; u16 ethertype; #ifdef NOT_YET struct net_device *wds = NULL; struct sk_buff *skb2 = NULL; struct net_device *wds = NULL; int frame_authorized = 0; int from_assoc_ap = 0; void *sta = NULL; #endif u8 dst[ETH_ALEN]; u8 src[ETH_ALEN]; struct ieee80211_crypt_data *crypt = NULL; int keyidx = 0; int can_be_decrypted = 0; hdr = (struct ieee80211_hdr_4addr *)skb->data; stats = &ieee->stats; if (skb->len < 10) { printk(KERN_INFO ""%s: SKB length < 10\n"", dev->name); goto rx_dropped; } fc = le16_to_cpu(hdr->frame_ctl); type = WLAN_FC_GET_TYPE(fc); stype = WLAN_FC_GET_STYPE(fc); sc = le16_to_cpu(hdr->seq_ctl); frag = WLAN_GET_SEQ_FRAG(sc); hdrlen = ieee80211_get_hdrlen(fc); if (skb->len < hdrlen) { printk(KERN_INFO ""%s: invalid SKB length %d\n"", dev->name, skb->len); goto rx_dropped; } #ifdef CONFIG_WIRELESS_EXT #ifdef IW_WIRELESS_SPY if (ieee->spy_data.spy_number > 0) { struct iw_quality wstats; wstats.updated = 0; if (rx_stats->mask & IEEE80211_STATMASK_RSSI) { wstats.level = rx_stats->rssi; wstats.updated |= IW_QUAL_LEVEL_UPDATED; } else wstats.updated |= IW_QUAL_LEVEL_INVALID; if (rx_stats->mask & IEEE80211_STATMASK_NOISE) { wstats.noise = rx_stats->noise; wstats.updated |= IW_QUAL_NOISE_UPDATED; } else wstats.updated |= IW_QUAL_NOISE_INVALID; if (rx_stats->mask & IEEE80211_STATMASK_SIGNAL) { wstats.qual = rx_stats->signal; wstats.updated |= IW_QUAL_QUAL_UPDATED; } else wstats.updated |= IW_QUAL_QUAL_INVALID; wireless_spy_update(ieee->dev, hdr->addr2, &wstats); } #endif #endif #ifdef NOT_YET hostap_update_rx_stats(local->ap, hdr, rx_stats); #endif if (ieee->iw_mode == IW_MODE_MONITOR) { stats->rx_packets++; stats->rx_bytes += skb->len; ieee80211_monitor_rx(ieee, skb, rx_stats); return 1; } can_be_decrypted = (is_multicast_ether_addr(hdr->addr1) || is_broadcast_ether_addr(hdr->addr2)) ? ieee->host_mc_decrypt : ieee->host_decrypt; if (can_be_decrypted) { if (skb->len >= hdrlen + 3) { keyidx = skb->data[hdrlen + 3] >> 6; } crypt = ieee->crypt[keyidx]; #ifdef NOT_YET sta = NULL; if (!(hdr->addr1[0] & 0x01) || local->bcrx_sta_key) (void)hostap_handle_sta_crypto(local, hdr, &crypt, &sta); #endif if (crypt && (crypt->ops == NULL || crypt->ops->decrypt_mpdu == NULL)) crypt = NULL; if (!crypt && (fc & IEEE80211_FCTL_PROTECTED)) { IEEE80211_DEBUG_DROP(""Decryption failed (not set)"" "" (SA="" MAC_FMT "")\n"", MAC_ARG(hdr->addr2)); ieee->ieee_stats.rx_discards_undecryptable++; goto rx_dropped; } } #ifdef NOT_YET if (type != WLAN_FC_TYPE_DATA) { if (type == WLAN_FC_TYPE_MGMT && stype == WLAN_FC_STYPE_AUTH && fc & IEEE80211_FCTL_PROTECTED && ieee->host_decrypt && (keyidx = hostap_rx_frame_decrypt(ieee, skb, crypt)) < 0) { printk(KERN_DEBUG ""%s: failed to decrypt mgmt::auth "" ""from "" MAC_FMT ""\n"", dev->name, MAC_ARG(hdr->addr2)); goto rx_dropped; } if (ieee80211_rx_frame_mgmt(ieee, skb, rx_stats, type, stype)) goto rx_dropped; else goto rx_exit; } #endif if (sc == ieee->prev_seq_ctl) goto rx_dropped; else ieee->prev_seq_ctl = sc; if (skb->len < IEEE80211_3ADDR_LEN) goto rx_dropped; switch (fc & (IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS)) { case IEEE80211_FCTL_FROMDS: memcpy(dst, hdr->addr1, ETH_ALEN); memcpy(src, hdr->addr3, ETH_ALEN); break; case IEEE80211_FCTL_TODS: memcpy(dst, hdr->addr3, ETH_ALEN); memcpy(src, hdr->addr2, ETH_ALEN); break; case IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS: if (skb->len < IEEE80211_4ADDR_LEN) goto rx_dropped; memcpy(dst, hdr->addr3, ETH_ALEN); memcpy(src, hdr->addr4, ETH_ALEN); break; case 0: memcpy(dst, hdr->addr1, ETH_ALEN); memcpy(src, hdr->addr2, ETH_ALEN); break; } #ifdef NOT_YET if (hostap_rx_frame_wds(ieee, hdr, fc, &wds)) goto rx_dropped; if (wds) { skb->dev = dev = wds; stats = hostap_get_stats(dev); } if (ieee->iw_mode == IW_MODE_MASTER && !wds && (fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_FROMDS && ieee->stadev && !compare_ether_addr(hdr->addr2, ieee->assoc_ap_addr)) { skb->dev = dev = ieee->stadev; stats = hostap_get_stats(dev); from_assoc_ap = 1; } #endif dev->last_rx = jiffies; #ifdef NOT_YET if ((ieee->iw_mode == IW_MODE_MASTER || ieee->iw_mode == IW_MODE_REPEAT) && !from_assoc_ap) { switch (hostap_handle_sta_rx(ieee, dev, skb, rx_stats, wds != NULL)) { case AP_RX_CONTINUE_NOT_AUTHORIZED: frame_authorized = 0; break; case AP_RX_CONTINUE: frame_authorized = 1; break; case AP_RX_DROP: goto rx_dropped; case AP_RX_EXIT: goto rx_exit; } } #endif stype &= ~IEEE80211_STYPE_QOS_DATA; if (stype != IEEE80211_STYPE_DATA && stype != IEEE80211_STYPE_DATA_CFACK && stype != IEEE80211_STYPE_DATA_CFPOLL && stype != IEEE80211_STYPE_DATA_CFACKPOLL) { if (stype != IEEE80211_STYPE_NULLFUNC) IEEE80211_DEBUG_DROP(""RX: dropped data frame "" ""with no data (type=0x%02x, "" ""subtype=0x%02x, len=%d)\n"", type, stype, skb->len); goto rx_dropped; } if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && (keyidx = ieee80211_rx_frame_decrypt(ieee, skb, crypt)) < 0) goto rx_dropped; hdr = (struct ieee80211_hdr_4addr *)skb->data; if ((frag != 0) || (fc & IEEE80211_FCTL_MOREFRAGS)) { int flen; struct sk_buff *frag_skb = ieee80211_frag_cache_get(ieee, hdr); IEEE80211_DEBUG_FRAG(""Rx Fragment received (%u)\n"", frag); if (!frag_skb) { IEEE80211_DEBUG(IEEE80211_DL_RX | IEEE80211_DL_FRAG, ""Rx cannot get skb from fragment "" ""cache (morefrag=%d seq=%u frag=%u)\n"", (fc & IEEE80211_FCTL_MOREFRAGS) != 0, WLAN_GET_SEQ_SEQ(sc), frag); goto rx_dropped; } flen = skb->len; if (frag != 0) flen -= hdrlen; if (frag_skb->tail + flen > frag_skb->end) { printk(KERN_WARNING ""%s: host decrypted and "" ""reassembled frame did not fit skb\n"", dev->name); ieee80211_frag_cache_invalidate(ieee, hdr); goto rx_dropped; } if (frag == 0) { skb_copy_from_linear_data(skb, skb_put(frag_skb, flen), flen); } else { skb_copy_from_linear_data_offset(skb, hdrlen, skb_put(frag_skb, flen), flen); } dev_kfree_skb_any(skb); skb = NULL; if (fc & IEEE80211_FCTL_MOREFRAGS) { goto rx_exit; } skb = frag_skb; hdr = (struct ieee80211_hdr_4addr *)skb->data; ieee80211_frag_cache_invalidate(ieee, hdr); } if ((fc & IEEE80211_FCTL_PROTECTED) && can_be_decrypted && ieee80211_rx_frame_decrypt_msdu(ieee, skb, keyidx, crypt)) goto rx_dropped; hdr = (struct ieee80211_hdr_4addr *)skb->data; if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep) { if ( ieee80211_is_eapol_frame(ieee, skb)) { } else { IEEE80211_DEBUG_DROP(""encryption configured, but RX "" ""frame not encrypted (SA="" MAC_FMT "")\n"", MAC_ARG(hdr->addr2)); goto rx_dropped; } } if (crypt && !(fc & IEEE80211_FCTL_PROTECTED) && !ieee->open_wep && !ieee80211_is_eapol_frame(ieee, skb)) { IEEE80211_DEBUG_DROP(""dropped unencrypted RX data "" ""frame from "" MAC_FMT "" (drop_unencrypted=1)\n"", MAC_ARG(hdr->addr2)); goto rx_dropped; } if (!can_be_decrypted && (fc & IEEE80211_FCTL_PROTECTED) && ieee->host_strip_iv_icv) { int trimlen = 0; if (skb->len >= hdrlen + 3) keyidx = skb->data[hdrlen + 3] >> 6; switch (ieee->sec.encode_alg[keyidx]) { case SEC_ALG_WEP: hdrlen += 4; trimlen = 4; break; case SEC_ALG_TKIP: hdrlen += 8; trimlen = 12; break; case SEC_ALG_CCMP: hdrlen += 8; trimlen = 8; break; } if (skb->len < trimlen) goto rx_dropped; __skb_trim(skb, skb->len - trimlen); if (skb->len < hdrlen) goto rx_dropped; } payload = skb->data + hdrlen; ethertype = (payload[6] << 8) | payload[7]; #ifdef NOT_YET if (ieee->ieee802_1x && ieee->iw_mode == IW_MODE_MASTER) { if (ethertype == ETH_P_PAE) { printk(KERN_DEBUG ""%s: RX: IEEE 802.1X frame\n"", dev->name); if (ieee->hostapd && ieee->apdev) { prism2_rx_80211(ieee->apdev, skb, rx_stats, PRISM2_RX_MGMT); ieee->apdevstats.rx_packets++; ieee->apdevstats.rx_bytes += skb->len; goto rx_exit; } } else if (!frame_authorized) { printk(KERN_DEBUG ""%s: dropped frame from "" ""unauthorized port (IEEE 802.1X): "" ""ethertype=0x%04x\n"", dev->name, ethertype); goto rx_dropped; } } #endif if (skb->len - hdrlen >= 8 && ((memcmp(payload, rfc1042_header, SNAP_SIZE) == 0 && ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || memcmp(payload, bridge_tunnel_header, SNAP_SIZE) == 0)) { skb_pull(skb, hdrlen + SNAP_SIZE); memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); } else { u16 len; skb_pull(skb, hdrlen); len = htons(skb->len); memcpy(skb_push(skb, 2), &len, 2); memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); } #ifdef NOT_YET if (wds && ((fc & (IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) == IEEE80211_FCTL_TODS) && skb->len >= ETH_HLEN + ETH_ALEN) { skb_copy_to_linear_data_offset(skb, ETH_ALEN, skb->data + skb->len - ETH_ALEN, ETH_ALEN); skb_trim(skb, skb->len - ETH_ALEN); } #endif stats->rx_packets++; stats->rx_bytes += skb->len; #ifdef NOT_YET if (ieee->iw_mode == IW_MODE_MASTER && !wds && ieee->ap->bridge_packets) { if (dst[0] & 0x01) { ieee->ap->bridged_multicast++; skb2 = skb_clone(skb, GFP_ATOMIC); if (skb2 == NULL) printk(KERN_DEBUG ""%s: skb_clone failed for "" ""multicast frame\n"", dev->name); } else if (hostap_is_sta_assoc(ieee->ap, dst)) { ieee->ap->bridged_unicast++; skb2 = skb; skb = NULL; } } if (skb2 != NULL) { skb2->dev = dev; skb2->protocol = __constant_htons(ETH_P_802_3); skb_reset_mac_header(skb2); skb_reset_network_header(skb2); dev_queue_xmit(skb2); } #endif if (skb) { skb->protocol = eth_type_trans(skb, dev); memset(skb->cb, 0, sizeof(skb->cb)); skb->ip_summed = CHECKSUM_NONE; if (netif_rx(skb) == NET_RX_DROP) { IEEE80211_DEBUG_DROP (""RX: netif_rx dropped the packet\n""); stats->rx_dropped++; } } rx_exit: #ifdef NOT_YET if (sta) hostap_handle_sta_release(sta); #endif return 1; rx_dropped: stats->rx_dropped++; return 0; }",linux-2.6,,,336731273450721327195298346081526617169,0 1578,[],"int sched_rt_handler(struct ctl_table *table, int write, struct file *filp, void __user *buffer, size_t *lenp, loff_t *ppos) { int ret; int old_period, old_runtime; static DEFINE_MUTEX(mutex); mutex_lock(&mutex); old_period = sysctl_sched_rt_period; old_runtime = sysctl_sched_rt_runtime; ret = proc_dointvec(table, write, filp, buffer, lenp, ppos); if (!ret && write) { ret = sched_rt_global_constraints(); if (ret) { sysctl_sched_rt_period = old_period; sysctl_sched_rt_runtime = old_runtime; } else { def_rt_bandwidth.rt_runtime = global_rt_runtime(); def_rt_bandwidth.rt_period = ns_to_ktime(global_rt_period()); } } mutex_unlock(&mutex); return ret; }",linux-2.6,,,98283693916920256272446179797526528480,0 5731,CWE-908,"init_device (u2fh_devs * devs, struct u2fdevice *dev) { unsigned char resp[1024]; unsigned char nonce[8]; if (obtain_nonce(nonce) != 0) { return U2FH_TRANSPORT_ERROR; } size_t resplen = sizeof (resp); dev->cid = CID_BROADCAST; if (u2fh_sendrecv (devs, dev->id, U2FHID_INIT, nonce, sizeof (nonce), resp, &resplen) == U2FH_OK) { U2FHID_INIT_RESP initresp; if (resplen > sizeof (initresp)) { return U2FH_MEMORY_ERROR; } memcpy (&initresp, resp, resplen); dev->cid = initresp.cid; dev->versionInterface = initresp.versionInterface; dev->versionMajor = initresp.versionMajor; dev->versionMinor = initresp.versionMinor; dev->capFlags = initresp.capFlags; } else { return U2FH_TRANSPORT_ERROR; } return U2FH_OK; }",visit repo url,u2f-host/devs.c,https://github.com/Yubico/libu2f-host,80790940961312,1 2116,['CWE-119'],"static inline void set_tssldt_descriptor(void *d, unsigned long addr, unsigned type, unsigned size) { #ifdef CONFIG_X86_64 struct ldttss_desc64 *desc = d; memset(desc, 0, sizeof(*desc)); desc->limit0 = size & 0xFFFF; desc->base0 = PTR_LOW(addr); desc->base1 = PTR_MIDDLE(addr) & 0xFF; desc->type = type; desc->p = 1; desc->limit1 = (size >> 16) & 0xF; desc->base2 = (PTR_MIDDLE(addr) >> 8) & 0xFF; desc->base3 = PTR_HIGH(addr); #else pack_descriptor((struct desc_struct *)d, addr, size, 0x80 | type, 0); #endif }",linux-2.6,,,222789762102524519054324301195576136310,0 6098,CWE-190,"int cp_sokaka_key(uint8_t *key, size_t key_len, const char *id1, const sokaka_t k, const char *id2) { int len1 = strlen(id1), len2 = strlen(id2); int size, first = 0, result = RLC_OK; uint8_t *buf; g1_t p; g2_t q; gt_t e; g1_null(p); g2_null(q); gt_null(e); RLC_TRY { g1_new(p); g2_new(q); gt_new(e); size = gt_size_bin(e, 0); buf = RLC_ALLOCA(uint8_t, size); if (buf == NULL) { RLC_THROW(ERR_NO_MEMORY); } if (len1 == len2) { if (strncmp(id1, id2, len1) == 0) { RLC_THROW(ERR_NO_VALID); } first = (strncmp(id1, id2, len1) < 0 ? 1 : 2); } else { if (len1 < len2) { if (strncmp(id1, id2, len1) == 0) { first = 1; } else { first = (strncmp(id1, id2, len1) < 0 ? 1 : 2); } } else { if (strncmp(id1, id2, len2) == 0) { first = 2; } else { first = (strncmp(id1, id2, len2) < 0 ? 1 : 2); } } } if (pc_map_is_type1()) { g2_map(q, (uint8_t *)id2, len2); pc_map(e, k->s1, q); } else { if (first == 1) { g2_map(q, (uint8_t *)id2, len2); pc_map(e, k->s1, q); } else { g1_map(p, (uint8_t *)id2, len2); pc_map(e, p, k->s2); } } gt_write_bin(buf, size, e, 0); md_kdf(key, key_len, buf, size); } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { g1_free(p); g2_free(q); gt_free(e); RLC_FREE(buf); } return result; }",visit repo url,src/cp/relic_cp_sokaka.c,https://github.com/relic-toolkit/relic,133060097430874,1 4116,CWE-494,"INT_PTR CALLBACK NewVersionCallback(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam) { char cmdline[] = APPLICATION_NAME "" -w 150""; static char* filepath = NULL; static int download_status = 0; LONG i; HWND hNotes; STARTUPINFOA si; PROCESS_INFORMATION pi; HFONT hyperlink_font = NULL; EXT_DECL(dl_ext, NULL, __VA_GROUP__(""*.exe""), __VA_GROUP__(lmprintf(MSG_037))); switch (message) { case WM_INITDIALOG: apply_localization(IDD_NEW_VERSION, hDlg); download_status = 0; SetTitleBarIcon(hDlg); CenterDialog(hDlg); update_original_proc = (WNDPROC)SetWindowLongPtr(hDlg, GWLP_WNDPROC, (LONG_PTR)update_subclass_callback); hNotes = GetDlgItem(hDlg, IDC_RELEASE_NOTES); SendMessage(hNotes, EM_AUTOURLDETECT, 1, 0); SendMessageA(hNotes, EM_SETTEXTEX, (WPARAM)&friggin_microsoft_unicode_amateurs, (LPARAM)update.release_notes); SendMessage(hNotes, EM_SETSEL, -1, -1); SendMessage(hNotes, EM_SETEVENTMASK, 0, ENM_LINK); SetWindowTextU(GetDlgItem(hDlg, IDC_YOUR_VERSION), lmprintf(MSG_018, rufus_version[0], rufus_version[1], rufus_version[2])); SetWindowTextU(GetDlgItem(hDlg, IDC_LATEST_VERSION), lmprintf(MSG_019, update.version[0], update.version[1], update.version[2])); SetWindowTextU(GetDlgItem(hDlg, IDC_DOWNLOAD_URL), update.download_url); SendMessage(GetDlgItem(hDlg, IDC_PROGRESS), PBM_SETRANGE, 0, (MAX_PROGRESS<<16) & 0xFFFF0000); if (update.download_url == NULL) EnableWindow(GetDlgItem(hDlg, IDC_DOWNLOAD), FALSE); break; case WM_CTLCOLORSTATIC: if ((HWND)lParam != GetDlgItem(hDlg, IDC_WEBSITE)) return FALSE; SetBkMode((HDC)wParam, TRANSPARENT); CreateStaticFont((HDC)wParam, &hyperlink_font); SelectObject((HDC)wParam, hyperlink_font); SetTextColor((HDC)wParam, RGB(0,0,125)); return (INT_PTR)CreateSolidBrush(GetSysColor(COLOR_BTNFACE)); case WM_COMMAND: switch (LOWORD(wParam)) { case IDCLOSE: case IDCANCEL: if (download_status != 1) { reset_localization(IDD_NEW_VERSION); safe_free(filepath); EndDialog(hDlg, LOWORD(wParam)); } return (INT_PTR)TRUE; case IDC_WEBSITE: ShellExecuteA(hDlg, ""open"", RUFUS_URL, NULL, NULL, SW_SHOWNORMAL); break; case IDC_DOWNLOAD: switch(download_status) { case 1: FormatStatus = ERROR_SEVERITY_ERROR|FAC(FACILITY_STORAGE)|ERROR_CANCELLED; download_status = 0; break; case 2: Sleep(1000); if (ValidateSignature(hDlg, filepath) != NO_ERROR) break; memset(&si, 0, sizeof(si)); memset(&pi, 0, sizeof(pi)); si.cb = sizeof(si); if (!CreateProcessU(filepath, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) { PrintInfo(0, MSG_214); uprintf(""Failed to launch new application: %s\n"", WindowsErrorString()); } else { PrintInfo(0, MSG_213); PostMessage(hDlg, WM_COMMAND, (WPARAM)IDCLOSE, 0); PostMessage(hMainDialog, WM_CLOSE, 0, 0); } break; default: if (update.download_url == NULL) { uprintf(""Could not get download URL\n""); break; } for (i=(int)strlen(update.download_url); (i>0)&&(update.download_url[i]!='/'); i--); dl_ext.filename = &update.download_url[i+1]; filepath = FileDialog(TRUE, app_dir, &dl_ext, OFN_NOCHANGEDIR); if (filepath == NULL) { uprintf(""Could not get save path\n""); break; } SendMessage(hDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hDlg, IDC_DOWNLOAD), TRUE); DownloadFileThreaded(update.download_url, filepath, hDlg); break; } return (INT_PTR)TRUE; } break; case UM_PROGRESS_INIT: EnableWindow(GetDlgItem(hDlg, IDCANCEL), FALSE); SetWindowTextU(GetDlgItem(hDlg, IDC_DOWNLOAD), lmprintf(MSG_038)); FormatStatus = 0; download_status = 1; return (INT_PTR)TRUE; case UM_PROGRESS_EXIT: EnableWindow(GetDlgItem(hDlg, IDCANCEL), TRUE); if (wParam) { SetWindowTextU(GetDlgItem(hDlg, IDC_DOWNLOAD), lmprintf(MSG_039)); download_status = 2; } else { SetWindowTextU(GetDlgItem(hDlg, IDC_DOWNLOAD), lmprintf(MSG_040)); download_status = 0; } return (INT_PTR)TRUE; } return (INT_PTR)FALSE; }",visit repo url,src/stdlg.c,https://github.com/pbatard/rufus,71723863714396,1 2529,CWE-22,"cleanup_pathname(struct archive_write_disk *a) { char *dest, *src; char separator = '\0'; dest = src = a->name; if (*src == '\0') { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Invalid empty pathname""); return (ARCHIVE_FAILED); } #if defined(__CYGWIN__) cleanup_pathname_win(a); #endif if (*src == '/') separator = *src++; for (;;) { if (src[0] == '\0') { break; } else if (src[0] == '/') { src++; continue; } else if (src[0] == '.') { if (src[1] == '\0') { break; } else if (src[1] == '/') { src += 2; continue; } else if (src[1] == '.') { if (src[2] == '/' || src[2] == '\0') { if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, ""Path contains '..'""); return (ARCHIVE_FAILED); } } } } if (separator) *dest++ = '/'; while (*src != '\0' && *src != '/') { *dest++ = *src++; } if (*src == '\0') break; separator = *src++; } if (dest == a->name) { if (separator) *dest++ = '/'; else *dest++ = '.'; } *dest = '\0'; return (ARCHIVE_OK); }",visit repo url,libarchive/archive_write_disk_posix.c,https://github.com/libarchive/libarchive,7335165906327,1 427,CWE-416,"static int snd_ctl_elem_read(struct snd_card *card, struct snd_ctl_elem_value *control) { struct snd_kcontrol *kctl; struct snd_kcontrol_volatile *vd; unsigned int index_offset; int result; down_read(&card->controls_rwsem); kctl = snd_ctl_find_id(card, &control->id); if (kctl == NULL) { result = -ENOENT; } else { index_offset = snd_ctl_get_ioff(kctl, &control->id); vd = &kctl->vd[index_offset]; if ((vd->access & SNDRV_CTL_ELEM_ACCESS_READ) && kctl->get != NULL) { snd_ctl_build_ioff(&control->id, kctl, index_offset); result = kctl->get(kctl, control); } else result = -EPERM; } up_read(&card->controls_rwsem); return result; }",visit repo url,sound/core/control.c,https://github.com/torvalds/linux,273193641617663,1 5889,CWE-122,"static pj_status_t decode_uint_attr(pj_pool_t *pool, const pj_uint8_t *buf, const pj_stun_msg_hdr *msghdr, void **p_attr) { pj_stun_uint_attr *attr; PJ_UNUSED_ARG(msghdr); attr = PJ_POOL_ZALLOC_T(pool, pj_stun_uint_attr); GETATTRHDR(buf, &attr->hdr); attr->value = GETVAL32H(buf, 4); if (attr->hdr.length != 4) return PJNATH_ESTUNINATTRLEN; *p_attr = attr; return PJ_SUCCESS; }",visit repo url,pjnath/src/pjnath/stun_msg.c,https://github.com/pjsip/pjproject,232579755086764,1 5054,['CWE-20'],"static void vmcs_write32(unsigned long field, u32 value) { vmcs_writel(field, value); }",linux-2.6,,,325590470048929143905492512416626204673,0 577,[],"static ssize_t bad_file_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos) { return -EIO; }",linux-2.6,,,141876644247375416614028375357169223273,0 413,[],"pfm_resume_after_ovfl(pfm_context_t *ctx, unsigned long ovfl_regs, struct pt_regs *regs) { pfm_buffer_fmt_t *fmt = ctx->ctx_buf_fmt; pfm_ovfl_ctrl_t rst_ctrl; int state; int ret = 0; state = ctx->ctx_state; if (CTX_HAS_SMPL(ctx)) { rst_ctrl.bits.mask_monitoring = 0; rst_ctrl.bits.reset_ovfl_pmds = 0; if (state == PFM_CTX_LOADED) ret = pfm_buf_fmt_restart_active(fmt, current, &rst_ctrl, ctx->ctx_smpl_hdr, regs); else ret = pfm_buf_fmt_restart(fmt, current, &rst_ctrl, ctx->ctx_smpl_hdr, regs); } else { rst_ctrl.bits.mask_monitoring = 0; rst_ctrl.bits.reset_ovfl_pmds = 1; } if (ret == 0) { if (rst_ctrl.bits.reset_ovfl_pmds) { pfm_reset_regs(ctx, &ovfl_regs, PFM_PMD_LONG_RESET); } if (rst_ctrl.bits.mask_monitoring == 0) { DPRINT((""resuming monitoring\n"")); if (ctx->ctx_state == PFM_CTX_MASKED) pfm_restore_monitoring(current); } else { DPRINT((""stopping monitoring\n"")); } ctx->ctx_state = PFM_CTX_LOADED; } }",linux-2.6,,,222052332777973303879318464755282006376,0 6249,CWE-190,"static void pp_mil_k24(fp24_t r, ep4_t *t, ep4_t *q, ep_t *p, int m, bn_t a) { fp24_t l; ep_t *_p = RLC_ALLOCA(ep_t, m); ep4_t *_q = RLC_ALLOCA(ep4_t, m); int i, j, len = bn_bits(a) + 1; int8_t s[RLC_FP_BITS + 1]; if (m == 0) { return; } fp24_null(l); RLC_TRY { fp24_new(l); if (_p == NULL || _q == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (j = 0; j < m; j++) { ep_null(_p[j]); ep4_null(_q[j]); ep_new(_p[j]); ep4_new(_q[j]); ep4_copy(t[j], q[j]); ep4_neg(_q[j], q[j]); #if EP_ADD == BASIC ep_neg(_p[j], p[j]); #else fp_add(_p[j]->x, p[j]->x, p[j]->x); fp_add(_p[j]->x, _p[j]->x, p[j]->x); fp_neg(_p[j]->y, p[j]->y); #endif } fp24_zero(l); bn_rec_naf(s, &len, a, 2); pp_dbl_k24(r, t[0], t[0], _p[0]); for (j = 1; j < m; j++) { pp_dbl_k24(l, t[j], t[j], _p[j]); fp24_mul_dxs(r, r, l); } if (s[len - 2] > 0) { for (j = 0; j < m; j++) { pp_add_k24(l, t[j], q[j], p[j]); fp24_mul_dxs(r, r, l); } } if (s[len - 2] < 0) { for (j = 0; j < m; j++) { pp_add_k24(l, t[j], _q[j], p[j]); fp24_mul_dxs(r, r, l); } } for (i = len - 3; i >= 0; i--) { fp24_sqr(r, r); for (j = 0; j < m; j++) { pp_dbl_k24(l, t[j], t[j], _p[j]); fp24_mul_dxs(r, r, l); if (s[i] > 0) { pp_add_k24(l, t[j], q[j], p[j]); fp24_mul_dxs(r, r, l); } if (s[i] < 0) { pp_add_k24(l, t[j], _q[j], p[j]); fp24_mul_dxs(r, r, l); } } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp24_free(l); for (j = 0; j < m; j++) { ep_free(_p[j]); ep4_free(_q[j]); } RLC_FREE(_p); RLC_FREE(_q); } }",visit repo url,src/pp/relic_pp_map_k24.c,https://github.com/relic-toolkit/relic,54954757902674,1 2284,NVD-CWE-noinfo,"static void frag_kfree_skb(struct netns_frags *nf, struct sk_buff *skb) { atomic_sub(skb->truesize, &nf->mem); kfree_skb(skb); }",visit repo url,net/ipv6/reassembly.c,https://github.com/torvalds/linux,86638848973146,1 2417,['CWE-119'],"static void mark_blob_uninteresting(struct blob *blob) { if (!blob) return; if (blob->object.flags & UNINTERESTING) return; blob->object.flags |= UNINTERESTING; }",git,,,56949881963896278271286286772080357120,0 4081,['CWE-399'],"static void bsg_free_command(struct bsg_command *bc) { struct bsg_device *bd = bc->bd; unsigned long flags; kmem_cache_free(bsg_cmd_cachep, bc); spin_lock_irqsave(&bd->lock, flags); bd->queued_cmds--; spin_unlock_irqrestore(&bd->lock, flags); wake_up(&bd->wq_free); }",linux-2.6,,,24035612765305324323294539121665511201,0 2408,['CWE-119'],"static void emit_add_line(const char *reset, struct emit_callback *ecbdata, const char *line, int len) { const char *ws = diff_get_color(ecbdata->color_diff, DIFF_WHITESPACE); const char *set = diff_get_color(ecbdata->color_diff, DIFF_FILE_NEW); if (!*ws) emit_line(ecbdata->file, set, reset, line, len); else { emit_line(ecbdata->file, set, reset, line, ecbdata->nparents); (void)check_and_emit_line(line + ecbdata->nparents, len - ecbdata->nparents, ecbdata->ws_rule, ecbdata->file, set, reset, ws); } }",git,,,267309237449456646216135612824295416223,0 6368,[],"void fprintProperty (TNEFStruct *tnef, FILE *fptr, DWORD proptype, DWORD propid, const gchar text[]) { variableLength *vl; if ((vl=MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (proptype, propid))) != MAPI_UNDEFINED) { if (vl->size > 0) { if ((vl->size == 1) && (vl->data[0] == 0)) { } else { fprintf (fptr, text, vl->data); } } } }",evolution,,,116442489137861579902944165941503625097,0 3898,['CWE-399'],"static int tvaudio_set_ctrl(struct CHIPSTATE *chip, struct v4l2_control *ctrl) { struct CHIPDESC *desc = chip->desc; switch (ctrl->id) { case V4L2_CID_AUDIO_MUTE: if (ctrl->value < 0 || ctrl->value >= 2) return -ERANGE; chip->muted = ctrl->value; if (chip->muted) chip_write_masked(chip,desc->inputreg,desc->inputmute,desc->inputmask); else chip_write_masked(chip,desc->inputreg, desc->inputmap[chip->input],desc->inputmask); return 0; case V4L2_CID_AUDIO_VOLUME: { int volume,balance; if (!(desc->flags & CHIP_HAS_VOLUME)) break; volume = max(chip->left,chip->right); if (volume) balance=(32768*min(chip->left,chip->right))/volume; else balance=32768; volume=ctrl->value; chip->left = (min(65536 - balance,32768) * volume) / 32768; chip->right = (min(balance,volume *(__u16)32768)) / 32768; chip_write(chip,desc->leftreg,desc->volfunc(chip->left)); chip_write(chip,desc->rightreg,desc->volfunc(chip->right)); return 0; } case V4L2_CID_AUDIO_BALANCE: { int volume, balance; if (!(desc->flags & CHIP_HAS_VOLUME)) break; volume = max(chip->left,chip->right); balance = ctrl->value; chip_write(chip,desc->leftreg,desc->volfunc(chip->left)); chip_write(chip,desc->rightreg,desc->volfunc(chip->right)); return 0; } case V4L2_CID_AUDIO_BASS: if (!(desc->flags & CHIP_HAS_BASSTREBLE)) break; chip->bass = ctrl->value; chip_write(chip,desc->bassreg,desc->bassfunc(chip->bass)); return 0; case V4L2_CID_AUDIO_TREBLE: if (!(desc->flags & CHIP_HAS_BASSTREBLE)) break; chip->treble = ctrl->value; chip_write(chip,desc->treblereg,desc->treblefunc(chip->treble)); return 0; } return -EINVAL; }",linux-2.6,,,53415879110854725534116723309762738743,0 516,['CWE-399'],"static int pwc_rcv_short_packet(struct pwc_device *pdev, const struct pwc_frame_buf *fbuf) { int awake = 0; if (pdev->type == 730) { unsigned char *ptr = (unsigned char *)fbuf->data; if (ptr[1] == 1 && ptr[0] & 0x10) { PWC_TRACE(""Hyundai CMOS sensor bug. Dropping frame.\n""); pdev->drop_frames += 2; pdev->vframes_error++; } if ((ptr[0] ^ pdev->vmirror) & 0x01) { if (ptr[0] & 0x01) { pdev->snapshot_button_status = 1; PWC_TRACE(""Snapshot button pressed.\n""); } else { PWC_TRACE(""Snapshot button released.\n""); } } if ((ptr[0] ^ pdev->vmirror) & 0x02) { if (ptr[0] & 0x02) PWC_TRACE(""Image is mirrored.\n""); else PWC_TRACE(""Image is normal.\n""); } pdev->vmirror = ptr[0] & 0x03; if (fbuf->filled == 4) pdev->drop_frames++; } else if (pdev->type == 740 || pdev->type == 720) { unsigned char *ptr = (unsigned char *)fbuf->data; if ((ptr[0] ^ pdev->vmirror) & 0x01) { if (ptr[0] & 0x01) { pdev->snapshot_button_status = 1; PWC_TRACE(""Snapshot button pressed.\n""); } else PWC_TRACE(""Snapshot button released.\n""); } pdev->vmirror = ptr[0] & 0x03; } if (pdev->drop_frames > 0) pdev->drop_frames--; else { if (fbuf->filled < pdev->frame_total_size) { PWC_DEBUG_FLOW(""Frame buffer underflow (%d bytes);"" "" discarded.\n"", fbuf->filled); pdev->vframes_error++; } else { awake = 1; if (pwc_next_fill_frame(pdev)) pwc_frame_dumped(pdev); } } pdev->vframe_count++; return awake; }",linux-2.6,,,270313886255126534571422989052141973647,0 1161,['CWE-189'],static inline void hrtimer_force_reprogram(struct hrtimer_cpu_base *base) { },linux-2.6,,,46858020652481562581967837828194185247,0 4746,CWE-347,"static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len) { int offset = 0; const uint8_t *ptr = NULL; if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE)) goto end_get_sig; if (asn1_sig[offset++] != ASN1_OCTET_STRING) goto end_get_sig; *len = get_asn1_length(asn1_sig, &offset); ptr = &asn1_sig[offset]; end_get_sig: return ptr; }",visit repo url,ssl/x509.c,https://github.com/igrr/axtls-8266,276741088675569,1 6139,['CWE-200'],"int ip_mroute_getsockopt(struct sock *sk,int optname,char __user *optval,int __user *optlen) { int olr; int val; if(optname!=MRT_VERSION && #ifdef CONFIG_IP_PIMSM optname!=MRT_PIM && #endif optname!=MRT_ASSERT) return -ENOPROTOOPT; if (get_user(olr, optlen)) return -EFAULT; olr = min_t(unsigned int, olr, sizeof(int)); if (olr < 0) return -EINVAL; if(put_user(olr,optlen)) return -EFAULT; if(optname==MRT_VERSION) val=0x0305; #ifdef CONFIG_IP_PIMSM else if(optname==MRT_PIM) val=mroute_do_pim; #endif else val=mroute_do_assert; if(copy_to_user(optval,&val,olr)) return -EFAULT; return 0; }",linux-2.6,,,99327156838137105919148898927443862314,0 348,CWE-119,"int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type) { struct hexline *hx; u8 reset; int ret,pos=0; hx = kmalloc(sizeof(*hx), GFP_KERNEL); if (!hx) return -ENOMEM; reset = 1; if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1) err(""could not stop the USB controller CPU.""); while ((ret = dvb_usb_get_hexline(fw, hx, &pos)) > 0) { deb_fw(""writing to address 0x%04x (buffer: 0x%02x %02x)\n"", hx->addr, hx->len, hx->chk); ret = usb_cypress_writemem(udev, hx->addr, hx->data, hx->len); if (ret != hx->len) { err(""error while transferring firmware (transferred size: %d, block size: %d)"", ret, hx->len); ret = -EINVAL; break; } } if (ret < 0) { err(""firmware download failed at %d with %d"",pos,ret); kfree(hx); return ret; } if (ret == 0) { reset = 0; if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) { err(""could not restart the USB controller CPU.""); ret = -EINVAL; } } else ret = -EIO; kfree(hx); return ret; }",visit repo url,drivers/media/usb/dvb-usb/dvb-usb-firmware.c,https://github.com/torvalds/linux,36476052099130,1 100,['CWE-787'],"static void cirrus_cursor_draw_line(VGAState *s1, uint8_t *d1, int scr_y) { CirrusVGAState *s = (CirrusVGAState *)s1; int w, h, bpp, x1, x2, poffset; unsigned int color0, color1; const uint8_t *palette, *src; uint32_t content; if (!(s->sr[0x12] & CIRRUS_CURSOR_SHOW)) return; if (s->sr[0x12] & CIRRUS_CURSOR_LARGE) { h = 64; } else { h = 32; } if (scr_y < s->hw_cursor_y || scr_y >= (s->hw_cursor_y + h)) return; src = s->vram_ptr + s->real_vram_size - 16 * 1024; if (s->sr[0x12] & CIRRUS_CURSOR_LARGE) { src += (s->sr[0x13] & 0x3c) * 256; src += (scr_y - s->hw_cursor_y) * 16; poffset = 8; content = ((uint32_t *)src)[0] | ((uint32_t *)src)[1] | ((uint32_t *)src)[2] | ((uint32_t *)src)[3]; } else { src += (s->sr[0x13] & 0x3f) * 256; src += (scr_y - s->hw_cursor_y) * 4; poffset = 128; content = ((uint32_t *)src)[0] | ((uint32_t *)(src + 128))[0]; } if (!content) return; w = h; x1 = s->hw_cursor_x; if (x1 >= s->last_scr_width) return; x2 = s->hw_cursor_x + w; if (x2 > s->last_scr_width) x2 = s->last_scr_width; w = x2 - x1; palette = s->cirrus_hidden_palette; color0 = s->rgb_to_pixel(c6_to_8(palette[0x0 * 3]), c6_to_8(palette[0x0 * 3 + 1]), c6_to_8(palette[0x0 * 3 + 2])); color1 = s->rgb_to_pixel(c6_to_8(palette[0xf * 3]), c6_to_8(palette[0xf * 3 + 1]), c6_to_8(palette[0xf * 3 + 2])); bpp = ((s->ds->depth + 7) >> 3); d1 += x1 * bpp; switch(s->ds->depth) { default: break; case 8: vga_draw_cursor_line_8(d1, src, poffset, w, color0, color1, 0xff); break; case 15: vga_draw_cursor_line_16(d1, src, poffset, w, color0, color1, 0x7fff); break; case 16: vga_draw_cursor_line_16(d1, src, poffset, w, color0, color1, 0xffff); break; case 32: vga_draw_cursor_line_32(d1, src, poffset, w, color0, color1, 0xffffff); break; } }",qemu,,,77509586421292096574202268344974102219,0 4262,CWE-416,"R_API bool r_io_bank_map_add_top(RIO *io, const ut32 bankid, const ut32 mapid) { RIOBank *bank = r_io_bank_get (io, bankid); RIOMap *map = r_io_map_get (io, mapid); r_return_val_if_fail (io && bank && map, false); RIOMapRef *mapref = _mapref_from_map (map); if (!mapref) { return false; } RIOSubMap *sm = r_io_submap_new (io, mapref); if (!sm) { free (mapref); return false; } RRBNode *entry = _find_entry_submap_node (bank, sm); if (!entry) { if (!r_crbtree_insert (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL)) { free (sm); free (mapref); return false; } r_list_append (bank->maprefs, mapref); return true; } bank->last_used = NULL; RIOSubMap *bd = (RIOSubMap *)entry->data; if (r_io_submap_to (bd) == r_io_submap_to (sm) && r_io_submap_from (bd) >= r_io_submap_from (sm)) { memcpy (bd, sm, sizeof (RIOSubMap)); free (sm); r_list_append (bank->maprefs, mapref); return true; } if (r_io_submap_from (bd) < r_io_submap_from (sm) && r_io_submap_to (sm) < r_io_submap_to (bd)) { RIOSubMap *bdsm = R_NEWCOPY (RIOSubMap, bd); if (!bdsm) { free (sm); free (mapref); return false; } r_io_submap_set_from (bdsm, r_io_submap_to (sm) + 1); r_io_submap_set_to (bd, r_io_submap_from (sm) - 1); if (!r_crbtree_insert (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL)) { free (sm); free (bdsm); free (mapref); return false; } if (!r_crbtree_insert (bank->submaps, bdsm, _find_sm_by_from_vaddr_cb, NULL)) { r_crbtree_delete (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL); free (sm); free (bdsm); free (mapref); return false; } r_list_append (bank->maprefs, mapref); return true; } if (r_io_submap_from (bd) < r_io_submap_from (sm)) { r_io_submap_set_to (bd, r_io_submap_from (sm) - 1); entry = r_rbnode_next (entry); } while (entry && r_io_submap_to (((RIOSubMap *)entry->data)) <= r_io_submap_to (sm)) { RRBNode *next = r_rbnode_next (entry); r_crbtree_delete (bank->submaps, entry->data, _find_sm_by_from_vaddr_cb, NULL); entry = next; } if (entry && r_io_submap_from (((RIOSubMap *)entry->data)) <= r_io_submap_to (sm)) { bd = (RIOSubMap *)entry->data; r_io_submap_set_from (bd, r_io_submap_to (sm) + 1); } if (!r_crbtree_insert (bank->submaps, sm, _find_sm_by_from_vaddr_cb, NULL)) { free (sm); free (mapref); return false; } r_list_append (bank->maprefs, mapref); return true; }",visit repo url,libr/io/io_bank.c,https://github.com/radareorg/radare2,55638449573057,1 1428,[],"static inline struct rb_node *first_fair(struct cfs_rq *cfs_rq) { return cfs_rq->rb_leftmost; }",linux-2.6,,,294350772009870204516042768223338634929,0 6468,[],"lt_dlopen (const char *filename) { return lt_dlopenadvise (filename, NULL); }",libtool,,,194726370986290445447704444505482560877,0 4163,['CWE-399'],"const char* avahi_server_get_host_name(AvahiServer *s) { assert(s); return s->host_name; }",avahi,,,46157198167218484910779845183974176195,0 1935,['CWE-20'],"static __init int vdso_fixup_alt_funcs(struct lib32_elfinfo *v32, struct lib64_elfinfo *v64) { int i; for (i = 0; i < ARRAY_SIZE(vdso_patches); i++) { struct vdso_patch_def *patch = &vdso_patches[i]; int match = (cur_cpu_spec->cpu_features & patch->ftr_mask) == patch->ftr_value; if (!match) continue; DBG(""replacing %s with %s...\n"", patch->gen_name, patch->fix_name ? ""NONE"" : patch->fix_name); vdso_do_func_patch32(v32, v64, patch->gen_name, patch->fix_name); #ifdef CONFIG_PPC64 vdso_do_func_patch64(v32, v64, patch->gen_name, patch->fix_name); #endif } return 0; }",linux-2.6,,,318477640614828356367167521796505726498,0 4558,CWE-476,"int avi_parse_input_file(avi_t *AVI, int getIndex) { int rate, scale, idx_type; s64 n, i; unsigned char *hdrl_data; u64 header_offset=0; int hdrl_len=0; int nvi, nai[AVI_MAX_TRACKS], ioff; u64 tot[AVI_MAX_TRACKS]; u32 j; int lasttag = 0; int vids_strh_seen = 0; int vids_strf_seen = 0; int auds_strh_seen = 0; int num_stream = 0; char data[256]; s64 oldpos=-1, newpos=-1; int aud_chunks = 0; if (!AVI) { AVI_errno = AVI_ERR_OPEN; return 0; } if (avi_read(AVI->fdes,data,12) != 12 ) ERR_EXIT(AVI_ERR_READ) if (strnicmp(data ,""RIFF"",4) !=0 || strnicmp(data+8,""AVI "",4) !=0 ) ERR_EXIT(AVI_ERR_NO_AVI) hdrl_data = 0; while(1) { if( avi_read(AVI->fdes,data,8) != 8 ) break; newpos = gf_ftell(AVI->fdes); if(oldpos==newpos) { return -1; } oldpos=newpos; n = str2ulong((unsigned char *)data+4); n = PAD_EVEN(n); if(strnicmp(data,""LIST"",4) == 0) { if( avi_read(AVI->fdes,data,4) != 4 ) ERR_EXIT(AVI_ERR_READ) n -= 4; if(strnicmp(data,""hdrl"",4) == 0) { if (n>0xFFFFFFFF) ERR_EXIT(AVI_ERR_READ) hdrl_len = (u32) n; hdrl_data = (unsigned char *) gf_malloc((u32)n); if(hdrl_data==0) ERR_EXIT(AVI_ERR_NO_MEM); header_offset = gf_ftell(AVI->fdes); if( avi_read(AVI->fdes,(char *)hdrl_data, (u32) n) != n ) ERR_EXIT(AVI_ERR_READ) } else if(strnicmp(data,""movi"",4) == 0) { AVI->movi_start = gf_ftell(AVI->fdes); if (gf_fseek(AVI->fdes,n,SEEK_CUR)==(u64)-1) break; } else if (gf_fseek(AVI->fdes,n,SEEK_CUR)==(u64)-1) break; } else if(strnicmp(data,""idx1"",4) == 0) { AVI->n_idx = AVI->max_idx = (u32) (n/16); AVI->idx = (unsigned char((*)[16]) ) gf_malloc((u32)n); if(AVI->idx==0) ERR_EXIT(AVI_ERR_NO_MEM) if(avi_read(AVI->fdes, (char *) AVI->idx, (u32) n) != n ) { gf_free( AVI->idx); AVI->idx=NULL; AVI->n_idx = 0; } } else gf_fseek(AVI->fdes,n,SEEK_CUR); } if(!hdrl_data ) ERR_EXIT(AVI_ERR_NO_HDRL) if(!AVI->movi_start) ERR_EXIT(AVI_ERR_NO_MOVI) for(i=0; ihdrl_len) ERR_EXIT(AVI_ERR_READ) if(strnicmp((char *)hdrl_data+i,""strh"",4)==0) { i += 8; #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] TAG %c%c%c%c\n"", (hdrl_data+i)[0], (hdrl_data+i)[1], (hdrl_data+i)[2], (hdrl_data+i)[3])); #endif if(strnicmp((char *)hdrl_data+i,""vids"",4) == 0 && !vids_strh_seen) { memcpy(AVI->compressor,hdrl_data+i+4,4); AVI->compressor[4] = 0; AVI->v_codech_off = header_offset + i+4; scale = str2ulong(hdrl_data+i+20); rate = str2ulong(hdrl_data+i+24); if(scale!=0) AVI->fps = (double)rate/(double)scale; AVI->video_frames = str2ulong(hdrl_data+i+32); AVI->video_strn = num_stream; AVI->max_len = 0; vids_strh_seen = 1; lasttag = 1; memcpy(&AVI->video_stream_header, hdrl_data + i, sizeof(alAVISTREAMHEADER)); } else if (strnicmp ((char *)hdrl_data+i,""auds"",4) ==0 && ! auds_strh_seen) { AVI->aptr=AVI->anum; ++AVI->anum; if(AVI->anum > AVI_MAX_TRACKS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] error - only %d audio tracks supported\n"", AVI_MAX_TRACKS)); return(-1); } AVI->track[AVI->aptr].audio_bytes = str2ulong(hdrl_data+i+32)*avi_sampsize(AVI, 0); AVI->track[AVI->aptr].audio_strn = num_stream; AVI->track[AVI->aptr].a_vbr = !str2ulong(hdrl_data+i+44); AVI->track[AVI->aptr].padrate = str2ulong(hdrl_data+i+24); memcpy(&AVI->stream_headers[AVI->aptr], hdrl_data + i, sizeof(alAVISTREAMHEADER)); lasttag = 2; AVI->track[AVI->aptr].a_codech_off = header_offset + i; } else if (strnicmp ((char*)hdrl_data+i,""iavs"",4) ==0 && ! auds_strh_seen) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] AVILIB: error - DV AVI Type 1 no supported\n"")); return (-1); } else lasttag = 0; num_stream++; } else if(strnicmp((char*)hdrl_data+i,""dmlh"",4) == 0) { AVI->total_frames = str2ulong(hdrl_data+i+8); #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] real number of frames %d\n"", AVI->total_frames)); #endif i += 8; } else if(strnicmp((char *)hdrl_data+i,""strf"",4)==0) { i += 8; if(lasttag == 1) { alBITMAPINFOHEADER bih; memcpy(&bih, hdrl_data + i, sizeof(alBITMAPINFOHEADER)); bih.bi_size = str2ulong((unsigned char *)&bih.bi_size); if (i + bih.bi_size > hdrl_len) ERR_EXIT(AVI_ERR_READ) AVI->bitmap_info_header = (alBITMAPINFOHEADER *) gf_malloc(bih.bi_size); if (AVI->bitmap_info_header != NULL) memcpy(AVI->bitmap_info_header, hdrl_data + i, bih.bi_size); AVI->width = str2ulong(hdrl_data+i+4); AVI->height = str2ulong(hdrl_data+i+8); vids_strf_seen = 1; AVI->v_codecf_off = header_offset + i+16; memcpy(AVI->compressor2, hdrl_data+i+16, 4); AVI->compressor2[4] = 0; if (n>40) { if (n>0xFFFFFFFF) ERR_EXIT(AVI_ERR_READ) AVI->extradata_size = (u32) (n - 40); AVI->extradata = gf_malloc(sizeof(u8)* AVI->extradata_size); if (!AVI->extradata) ERR_EXIT(AVI_ERR_NO_MEM) memcpy(AVI->extradata, hdrl_data + i + 40, AVI->extradata_size); } } else if(lasttag == 2) { alWAVEFORMATEX *wfe; char *nwfe; int wfes; if ((u32) (hdrl_len - i) < sizeof(alWAVEFORMATEX)) wfes = (int) (hdrl_len - i); else wfes = sizeof(alWAVEFORMATEX); wfe = (alWAVEFORMATEX *)gf_malloc(sizeof(alWAVEFORMATEX)); if (wfe != NULL) { memset(wfe, 0, sizeof(alWAVEFORMATEX)); memcpy(wfe, hdrl_data + i, wfes); if (str2ushort((unsigned char *)&wfe->cb_size) != 0) { nwfe = (char *) gf_realloc(wfe, sizeof(alWAVEFORMATEX) + str2ushort((unsigned char *)&wfe->cb_size)); if (nwfe != 0) { s64 lpos = gf_ftell(AVI->fdes); gf_fseek(AVI->fdes, header_offset + i + sizeof(alWAVEFORMATEX), SEEK_SET); wfe = (alWAVEFORMATEX *)nwfe; nwfe = &nwfe[sizeof(alWAVEFORMATEX)]; avi_read(AVI->fdes, nwfe, str2ushort((unsigned char *)&wfe->cb_size)); gf_fseek(AVI->fdes, lpos, SEEK_SET); } } AVI->wave_format_ex[AVI->aptr] = wfe; } AVI->track[AVI->aptr].a_fmt = str2ushort(hdrl_data+i ); AVI->track[AVI->aptr].a_codecf_off = header_offset + i; AVI->track[AVI->aptr].a_chans = str2ushort(hdrl_data+i+2); AVI->track[AVI->aptr].a_rate = str2ulong (hdrl_data+i+4); AVI->track[AVI->aptr].mp3rate = 8*str2ulong(hdrl_data+i+8)/1000; AVI->track[AVI->aptr].a_bits = str2ushort(hdrl_data+i+14); } } else if(strnicmp((char*)hdrl_data+i,""indx"",4) == 0) { char *a; if(lasttag == 1) { a = (char*)hdrl_data+i; int avail = hdrl_len-i; if (avail<32) ERR_EXIT(AVI_ERR_READ) AVI->video_superindex = (avisuperindex_chunk *) gf_malloc (sizeof (avisuperindex_chunk)); memset(AVI->video_superindex, 0, sizeof (avisuperindex_chunk)); memcpy (AVI->video_superindex->fcc, a, 4); a += 4; AVI->video_superindex->dwSize = str2ulong((unsigned char *)a); a += 4; AVI->video_superindex->wLongsPerEntry = str2ushort((unsigned char *)a); a += 2; AVI->video_superindex->bIndexSubType = *a; a += 1; AVI->video_superindex->bIndexType = *a; a += 1; AVI->video_superindex->nEntriesInUse = str2ulong((unsigned char *)a); a += 4; memcpy (AVI->video_superindex->dwChunkId, a, 4); a += 4; a += 4; a += 4; a += 4; if (AVI->video_superindex->bIndexSubType != 0) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] Invalid Header, bIndexSubType != 0\n"")); } avail -= 32; if (avail < AVI->video_superindex->nEntriesInUse*16) ERR_EXIT(AVI_ERR_READ) AVI->video_superindex->aIndex = (avisuperindex_entry*) gf_malloc (AVI->video_superindex->wLongsPerEntry * AVI->video_superindex->nEntriesInUse * sizeof (u32)); for (j=0; jvideo_superindex->nEntriesInUse; ++j) { AVI->video_superindex->aIndex[j].qwOffset = str2ullong ((unsigned char*)a); a += 8; AVI->video_superindex->aIndex[j].dwSize = str2ulong ((unsigned char*)a); a += 4; AVI->video_superindex->aIndex[j].dwDuration = str2ulong ((unsigned char*)a); a += 4; #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] [%d] 0x%llx 0x%lx %lu\n"", j, (unsigned int long)AVI->video_superindex->aIndex[j].qwOffset, (unsigned long)AVI->video_superindex->aIndex[j].dwSize, (unsigned long)AVI->video_superindex->aIndex[j].dwDuration)); #endif } #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] FOURCC \""%c%c%c%c\""\n"", AVI->video_superindex->fcc[0], AVI->video_superindex->fcc[1], AVI->video_superindex->fcc[2], AVI->video_superindex->fcc[3])); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] LEN \""%ld\""\n"", (long)AVI->video_superindex->dwSize)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] wLongsPerEntry \""%d\""\n"", AVI->video_superindex->wLongsPerEntry)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] bIndexSubType \""%d\""\n"", AVI->video_superindex->bIndexSubType)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] bIndexType \""%d\""\n"", AVI->video_superindex->bIndexType)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] nEntriesInUse \""%ld\""\n"", (long)AVI->video_superindex->nEntriesInUse)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] dwChunkId \""%c%c%c%c\""\n"", AVI->video_superindex->dwChunkId[0], AVI->video_superindex->dwChunkId[1], AVI->video_superindex->dwChunkId[2], AVI->video_superindex->dwChunkId[3])); #endif AVI->is_opendml = 1; } else if(lasttag == 2) { a = (char*) hdrl_data+i; int avail = hdrl_len-i; if (avail<32) ERR_EXIT(AVI_ERR_READ) AVI->track[AVI->aptr].audio_superindex = (avisuperindex_chunk *) gf_malloc (sizeof (avisuperindex_chunk)); memcpy (AVI->track[AVI->aptr].audio_superindex->fcc, a, 4); a += 4; AVI->track[AVI->aptr].audio_superindex->dwSize = str2ulong((unsigned char*)a); a += 4; AVI->track[AVI->aptr].audio_superindex->wLongsPerEntry = str2ushort((unsigned char*)a); a += 2; AVI->track[AVI->aptr].audio_superindex->bIndexSubType = *a; a += 1; AVI->track[AVI->aptr].audio_superindex->bIndexType = *a; a += 1; AVI->track[AVI->aptr].audio_superindex->nEntriesInUse = str2ulong((unsigned char*)a); a += 4; memcpy (AVI->track[AVI->aptr].audio_superindex->dwChunkId, a, 4); a += 4; a += 4; a += 4; a += 4; if (AVI->track[AVI->aptr].audio_superindex->bIndexSubType != 0) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] Invalid Header, bIndexSubType != 0\n"")); } avail -= 32; if (avail < AVI->track[AVI->aptr].audio_superindex->nEntriesInUse*16) ERR_EXIT(AVI_ERR_READ) AVI->track[AVI->aptr].audio_superindex->aIndex = (avisuperindex_entry*) gf_malloc (AVI->track[AVI->aptr].audio_superindex->wLongsPerEntry * AVI->track[AVI->aptr].audio_superindex->nEntriesInUse * sizeof (u32)); for (j=0; jtrack[AVI->aptr].audio_superindex->nEntriesInUse; ++j) { AVI->track[AVI->aptr].audio_superindex->aIndex[j].qwOffset = str2ullong ((unsigned char*)a); a += 8; AVI->track[AVI->aptr].audio_superindex->aIndex[j].dwSize = str2ulong ((unsigned char*)a); a += 4; AVI->track[AVI->aptr].audio_superindex->aIndex[j].dwDuration = str2ulong ((unsigned char*)a); a += 4; #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] [%d] 0x%llx 0x%lx %lu\n"", j, (unsigned int long)AVI->track[AVI->aptr].audio_superindex->aIndex[j].qwOffset, (unsigned long)AVI->track[AVI->aptr].audio_superindex->aIndex[j].dwSize, (unsigned long)AVI->track[AVI->aptr].audio_superindex->aIndex[j].dwDuration)); #endif } AVI->track[AVI->aptr].audio_superindex->stdindex = NULL; #ifdef DEBUG_ODML GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] FOURCC \""%.4s\""\n"", AVI->track[AVI->aptr].audio_superindex->fcc)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] LEN \""%ld\""\n"", (long)AVI->track[AVI->aptr].audio_superindex->dwSize)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] wLongsPerEntry \""%d\""\n"", AVI->track[AVI->aptr].audio_superindex->wLongsPerEntry)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] bIndexSubType \""%d\""\n"", AVI->track[AVI->aptr].audio_superindex->bIndexSubType)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] bIndexType \""%d\""\n"", AVI->track[AVI->aptr].audio_superindex->bIndexType)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] nEntriesInUse \""%ld\""\n"", (long)AVI->track[AVI->aptr].audio_superindex->nEntriesInUse)); GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] dwChunkId \""%.4s\""\n"", AVI->track[AVI->aptr].audio_superindex->dwChunkId[0])); #endif } i += 8; } else if((strnicmp((char*)hdrl_data+i,""JUNK"",4) == 0) || (strnicmp((char*)hdrl_data+i,""strn"",4) == 0) || (strnicmp((char*)hdrl_data+i,""vprp"",4) == 0)) { i += 8; } else { i += 8; lasttag = 0; } i += (u32) n; } gf_free(hdrl_data); if(!vids_strh_seen || !vids_strf_seen) ERR_EXIT(AVI_ERR_NO_VIDS) AVI->video_tag[0] = AVI->video_strn/10 + '0'; AVI->video_tag[1] = AVI->video_strn%10 + '0'; AVI->video_tag[2] = 'd'; AVI->video_tag[3] = 'b'; if(!AVI->track[0].a_chans) AVI->track[0].audio_strn = 99; { int tk=0; for(j=0; janum+1; ++j) { if (j == AVI->video_strn) continue; AVI->track[tk].audio_tag[0] = j/10 + '0'; AVI->track[tk].audio_tag[1] = j%10 + '0'; AVI->track[tk].audio_tag[2] = 'w'; AVI->track[tk].audio_tag[3] = 'b'; ++tk; } } gf_fseek(AVI->fdes,AVI->movi_start,SEEK_SET); if(!getIndex) return(0); idx_type = 0; if(AVI->idx) { s64 pos, len; for(i=0; in_idx; i++) if( strnicmp((char *)AVI->idx[i],(char *)AVI->video_tag,3)==0 ) break; if(i>=AVI->n_idx) ERR_EXIT(AVI_ERR_NO_VIDS) pos = str2ulong(AVI->idx[i]+ 8); len = str2ulong(AVI->idx[i]+12); gf_fseek(AVI->fdes,pos,SEEK_SET); if(avi_read(AVI->fdes,data,8)!=8) ERR_EXIT(AVI_ERR_READ) if( strnicmp(data,(char *)AVI->idx[i],4)==0 && str2ulong((unsigned char *)data+4)==len ) { idx_type = 1; } else { gf_fseek(AVI->fdes,pos+AVI->movi_start-4,SEEK_SET); if(avi_read(AVI->fdes,data,8)!=8) ERR_EXIT(AVI_ERR_READ) if( strnicmp(data,(char *)AVI->idx[i],4)==0 && str2ulong((unsigned char *)data+4)==len ) { idx_type = 2; } } } if(idx_type == 0 && !AVI->is_opendml && !AVI->total_frames) { gf_fseek(AVI->fdes, AVI->movi_start, SEEK_SET); AVI->n_idx = 0; while(1) { if( avi_read(AVI->fdes,data,8) != 8 ) break; n = str2ulong((unsigned char *)data+4); if(strnicmp(data,""LIST"",4)==0) { gf_fseek(AVI->fdes,4,SEEK_CUR); continue; } if( ( (data[2]=='d' || data[2]=='D') && (data[3]=='b' || data[3]=='B' || data[3]=='c' || data[3]=='C') ) || ( (data[2]=='w' || data[2]=='W') && (data[3]=='b' || data[3]=='B') ) ) { u64 __pos = gf_ftell(AVI->fdes) - 8; avi_add_index_entry(AVI,(unsigned char *)data,0,__pos,n); } gf_fseek(AVI->fdes,PAD_EVEN(n),SEEK_CUR); } idx_type = 1; } if (AVI->is_opendml) { u64 offset = 0; hdrl_len = 4+4+2+1+1+4+4+8+4; char *en, *chunk_start; int k = 0; u32 audtr = 0; u32 nrEntries = 0; AVI->video_index = NULL; nvi = 0; for(audtr=0; audtranum; ++audtr) { nai[audtr] = 0; tot[audtr] = 0; } for (j=0; jvideo_superindex->nEntriesInUse; j++) { chunk_start = en = (char*) gf_malloc ((u32) (AVI->video_superindex->aIndex[j].dwSize+hdrl_len) ); if (gf_fseek(AVI->fdes, AVI->video_superindex->aIndex[j].qwOffset, SEEK_SET) == (u64)-1) { gf_free(chunk_start); continue; } if (avi_read(AVI->fdes, en, (u32) (AVI->video_superindex->aIndex[j].dwSize+hdrl_len) ) <= 0) { gf_free(chunk_start); continue; } nrEntries = str2ulong((unsigned char*)en + 12); #ifdef DEBUG_ODML #endif offset = str2ullong((unsigned char*)en + 20); en += hdrl_len; nvi += nrEntries; AVI->video_index = (video_index_entry *) gf_realloc (AVI->video_index, nvi * sizeof (video_index_entry)); if (!AVI->video_index) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] out of mem (size = %ld)\n"", nvi * sizeof (video_index_entry))); exit(1); } while (k < nvi) { AVI->video_index[k].pos = offset + str2ulong((unsigned char*)en); en += 4; AVI->video_index[k].len = str2ulong_len((unsigned char*)en); AVI->video_index[k].key = str2ulong_key((unsigned char*)en); en += 4; if (AVI->video_index[k].pos-offset == 0 && AVI->video_index[k].len == 0) { k--; nvi--; } #ifdef DEBUG_ODML #endif k++; } gf_free(chunk_start); } AVI->video_frames = nvi; if (AVI->video_frames == 0) { AVI->is_opendml=0; goto multiple_riff; } for(audtr=0; audtranum; ++audtr) { k = 0; if (!AVI->track[audtr].audio_superindex) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] (%s) cannot read audio index for track %d\n"", __FILE__, audtr)); continue; } for (j=0; jtrack[audtr].audio_superindex->nEntriesInUse; j++) { chunk_start = en = (char*)gf_malloc ((u32) (AVI->track[audtr].audio_superindex->aIndex[j].dwSize+hdrl_len)); if (gf_fseek(AVI->fdes, AVI->track[audtr].audio_superindex->aIndex[j].qwOffset, SEEK_SET) == (u64)-1) { gf_free(chunk_start); continue; } if (avi_read(AVI->fdes, en, (u32) (AVI->track[audtr].audio_superindex->aIndex[j].dwSize+hdrl_len)) <= 0) { gf_free(chunk_start); continue; } nrEntries = str2ulong((unsigned char*)en + 12); #ifdef DEBUG_ODML #endif offset = str2ullong((unsigned char*)en + 20); en += hdrl_len; nai[audtr] += nrEntries; AVI->track[audtr].audio_index = (audio_index_entry *) gf_realloc (AVI->track[audtr].audio_index, nai[audtr] * sizeof (audio_index_entry)); while (k < nai[audtr]) { AVI->track[audtr].audio_index[k].pos = offset + str2ulong((unsigned char*)en); en += 4; AVI->track[audtr].audio_index[k].len = str2ulong_len((unsigned char*)en); en += 4; AVI->track[audtr].audio_index[k].tot = tot[audtr]; tot[audtr] += AVI->track[audtr].audio_index[k].len; #ifdef DEBUG_ODML #endif ++k; } gf_free(chunk_start); } AVI->track[audtr].audio_chunks = nai[audtr]; AVI->track[audtr].audio_bytes = tot[audtr]; } } else if (AVI->total_frames && !AVI->is_opendml && idx_type==0) { multiple_riff: gf_fseek(AVI->fdes, AVI->movi_start, SEEK_SET); AVI->n_idx = 0; GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] Reconstructing index..."")); nvi = AVI->video_frames = AVI->total_frames; nai[0] = AVI->track[0].audio_chunks = AVI->total_frames; for(j=1; janum; ++j) AVI->track[j].audio_chunks = 0; AVI->video_index = (video_index_entry *) gf_malloc(nvi*sizeof(video_index_entry)); if(AVI->video_index==0) ERR_EXIT(AVI_ERR_NO_MEM); for(j=0; janum; ++j) { if(AVI->track[j].audio_chunks) { AVI->track[j].audio_index = (audio_index_entry *) gf_malloc((nai[j]+1)*sizeof(audio_index_entry)); memset(AVI->track[j].audio_index, 0, (nai[j]+1)*(sizeof(audio_index_entry))); if(AVI->track[j].audio_index==0) ERR_EXIT(AVI_ERR_NO_MEM); } } nvi = 0; for(j=0; janum; ++j) { nai[j] = 0; tot[j] = 0; } aud_chunks = AVI->total_frames; while(1) { if (nvi >= AVI->total_frames) break; if( avi_read(AVI->fdes,data,8) != 8 ) break; n = str2ulong((unsigned char *)data+4); j=0; if (aud_chunks - nai[j] -1 <= 0) { aud_chunks += AVI->total_frames; AVI->track[j].audio_index = (audio_index_entry *) gf_realloc( AVI->track[j].audio_index, (aud_chunks+1)*sizeof(audio_index_entry)); if (!AVI->track[j].audio_index) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] Internal error in avilib -- no mem\n"")); AVI_errno = AVI_ERR_NO_MEM; return -1; } } if( (data[0]=='0' || data[1]=='0') && (data[2]=='d' || data[2]=='D') && (data[3]=='b' || data[3]=='B' || data[3]=='c' || data[3]=='C') ) { AVI->video_index[nvi].key = 0x0; AVI->video_index[nvi].pos = gf_ftell(AVI->fdes); AVI->video_index[nvi].len = (u32) n; nvi++; gf_fseek(AVI->fdes,PAD_EVEN(n),SEEK_CUR); } else if( (data[0]=='0' || data[1]=='1') && (data[2]=='w' || data[2]=='W') && (data[3]=='b' || data[3]=='B') ) { AVI->track[j].audio_index[nai[j]].pos = gf_ftell(AVI->fdes); AVI->track[j].audio_index[nai[j]].len = (u32) n; AVI->track[j].audio_index[nai[j]].tot = tot[j]; tot[j] += AVI->track[j].audio_index[nai[j]].len; nai[j]++; gf_fseek(AVI->fdes,PAD_EVEN(n),SEEK_CUR); } else { gf_fseek(AVI->fdes,-4,SEEK_CUR); } } if (nvi < AVI->total_frames) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[avilib] Uh? Some frames seems missing (%ld/%d)\n"", nvi, AVI->total_frames)); } AVI->video_frames = nvi; AVI->track[0].audio_chunks = nai[0]; for(j=0; janum; ++j) AVI->track[j].audio_bytes = tot[j]; GF_LOG(GF_LOG_DEBUG, GF_LOG_CONTAINER, (""[avilib] done. nvi=%ld nai=%ld tot=%ld\n"", nvi, nai[0], tot[0])); } else { nvi = 0; for(j=0; janum; ++j) nai[j] = 0; for(i=0; in_idx; i++) { if(strnicmp((char *)AVI->idx[i],AVI->video_tag,3) == 0) nvi++; for(j=0; janum; ++j) if(strnicmp((char *)AVI->idx[i], AVI->track[j].audio_tag,4) == 0) nai[j]++; } AVI->video_frames = nvi; for(j=0; janum; ++j) AVI->track[j].audio_chunks = nai[j]; if(AVI->video_frames==0) ERR_EXIT(AVI_ERR_NO_VIDS); AVI->video_index = (video_index_entry *) gf_malloc(nvi*sizeof(video_index_entry)); if(AVI->video_index==0) ERR_EXIT(AVI_ERR_NO_MEM); for(j=0; janum; ++j) { if(AVI->track[j].audio_chunks) { AVI->track[j].audio_index = (audio_index_entry *) gf_malloc((nai[j]+1)*sizeof(audio_index_entry)); memset(AVI->track[j].audio_index, 0, (nai[j]+1)*(sizeof(audio_index_entry))); if(AVI->track[j].audio_index==0) ERR_EXIT(AVI_ERR_NO_MEM); } } nvi = 0; for(j=0; janum; ++j) { nai[j] = 0; tot[j] = 0; } ioff = idx_type == 1 ? 8 : (u32)AVI->movi_start+4; for(i=0; in_idx; i++) { if(strnicmp((char *)AVI->idx[i],AVI->video_tag,3) == 0) { AVI->video_index[nvi].key = str2ulong(AVI->idx[i]+ 4); AVI->video_index[nvi].pos = str2ulong(AVI->idx[i]+ 8)+ioff; AVI->video_index[nvi].len = str2ulong(AVI->idx[i]+12); nvi++; } for(j=0; janum; ++j) { if(strnicmp((char *)AVI->idx[i],AVI->track[j].audio_tag,4) == 0) { AVI->track[j].audio_index[nai[j]].pos = str2ulong(AVI->idx[i]+ 8)+ioff; AVI->track[j].audio_index[nai[j]].len = str2ulong(AVI->idx[i]+12); AVI->track[j].audio_index[nai[j]].tot = tot[j]; tot[j] += AVI->track[j].audio_index[nai[j]].len; nai[j]++; } } } for(j=0; janum; ++j) AVI->track[j].audio_bytes = tot[j]; } gf_fseek(AVI->fdes,AVI->movi_start,SEEK_SET); AVI->video_pos = 0; return(0); }",visit repo url,src/media_tools/avilib.c,https://github.com/gpac/gpac,62844027628068,1 1250,[],"m4_undivert (struct obstack *obs, int argc, token_data **argv) { int i, file; FILE *fp; char *endp; if (argc == 1) undivert_all (); else for (i = 1; i < argc; i++) { file = strtol (ARG (i), &endp, 10); if (*endp == '\0' && !isspace (to_uchar (*ARG (i)))) insert_diversion (file); else if (no_gnu_extensions) M4ERROR ((warning_status, 0, ""non-numeric argument to builtin `%s'"", ARG (0))); else { fp = m4_path_search (ARG (i), NULL); if (fp != NULL) { insert_file (fp); if (fclose (fp) == EOF) M4ERROR ((warning_status, errno, ""error undiverting `%s'"", ARG (i))); } else M4ERROR ((warning_status, errno, ""cannot undivert `%s'"", ARG (i))); } } }",m4,,,302342487384878513984913644202050976174,0 2302,['CWE-120'],"int vfs_create(struct inode *dir, struct dentry *dentry, int mode, struct nameidata *nd) { int error = may_create(dir, dentry, nd); if (error) return error; if (!dir->i_op || !dir->i_op->create) return -EACCES; mode &= S_IALLUGO; mode |= S_IFREG; error = security_inode_create(dir, dentry, mode); if (error) return error; DQUOT_INIT(dir); error = dir->i_op->create(dir, dentry, mode, nd); if (!error) fsnotify_create(dir, dentry); return error; }",linux-2.6,,,327595452864692677293816740259082049943,0 2397,['CWE-119'],"int diff_queue_is_empty(void) { struct diff_queue_struct *q = &diff_queued_diff; int i; for (i = 0; i < q->nr; i++) if (!diff_unmodified_pair(q->queue[i])) return 0; return 1; }",git,,,245986263630664902445962383558428990754,0 4283,CWE-400,"static int bin_pe_parse_imports(RBinPEObj* pe, struct r_bin_pe_import_t** importp, int* nimp, const char* dll_name, PE_DWord OriginalFirstThunk, PE_DWord FirstThunk) { char import_name[PE_NAME_LENGTH + 1]; char name[PE_NAME_LENGTH + 1]; PE_Word import_hint, import_ordinal = 0; PE_DWord import_table = 0, off = 0; int i = 0, len; Sdb* db = NULL; char* sdb_module = NULL; char* symname = NULL; char* symdllname = NULL; if (!dll_name || !*dll_name || *dll_name == '0') { return 0; } if (!(off = PE_(va2pa) (pe, OriginalFirstThunk)) && !(off = PE_(va2pa) (pe, FirstThunk))) { return 0; } do { if (import_ordinal >= UT16_MAX) { break; } if (off + i * sizeof (PE_DWord) > pe->size) { break; } import_table = R_BUF_READ_PE_DWORD_AT (pe->b, off + i * sizeof (PE_DWord)); if (import_table == PE_DWORD_MAX) { pe_printf (""Warning: read (import table)\n""); goto error; } else if (import_table) { if (import_table & ILT_MASK1) { import_ordinal = import_table & ILT_MASK2; import_hint = 0; snprintf (import_name, PE_NAME_LENGTH, ""Ordinal_%i"", import_ordinal); free (symdllname); strncpy (name, dll_name, sizeof (name) - 1); name[sizeof (name) - 1] = 0; symdllname = strdup (name); size_t len = strlen (symdllname); r_str_case (symdllname, 0); len = len < 4? 0: len - 4; symdllname[len] = 0; char* filename = NULL; if (!sdb_module || strcmp (symdllname, sdb_module)) { sdb_free (db); db = NULL; free (sdb_module); sdb_module = strdup (symdllname); filename = r_str_newf (""%s.sdb"", symdllname); if (filename && r_file_exists (filename)) { db = sdb_new (NULL, filename, 0); } else { const char *dirPrefix = r_sys_prefix (NULL); char *lower_symdllname = strdup (symdllname); r_str_case (lower_symdllname, false); filename = r_str_newf (R_JOIN_4_PATHS (""%s"", R2_SDB_FORMAT, ""dll"", ""%s.sdb""), dirPrefix, lower_symdllname); free (lower_symdllname); if (r_file_exists (filename)) { db = sdb_new (NULL, filename, 0); } } } if (db) { symname = resolveModuleOrdinal (db, symdllname, import_ordinal); if (symname) { snprintf (import_name, PE_NAME_LENGTH, ""%s"", symname); R_FREE (symname); } } else { pe_printf (""Cannot find %s\n"", filename); } free (filename); } else { import_ordinal++; const ut64 off = PE_(va2pa) (pe, import_table); if (off > pe->size || (off + sizeof (PE_Word)) > pe->size) { pe_printf (""Warning: off > pe->size\n""); goto error; } import_hint = r_buf_read_le16_at (pe->b, off); if (import_hint == UT16_MAX) { pe_printf (""Warning: read import hint at 0x%08""PFMT64x ""\n"", off); goto error; } name[0] = '\0'; len = r_buf_read_at (pe->b, off + sizeof (PE_Word), (ut8*) name, PE_NAME_LENGTH); if (len < 1) { pe_printf (""Warning: read (import name)\n""); goto error; } else if (!*name) { break; } name[PE_NAME_LENGTH] = '\0'; int len = snprintf (import_name, sizeof (import_name), ""%s"" , name); if (len >= sizeof (import_name)) { eprintf (""Import name '%s' has been truncated.\n"", import_name); } } struct r_bin_pe_import_t *new_importp = realloc (*importp, (*nimp + 1) * sizeof (struct r_bin_pe_import_t)); if (!new_importp) { r_sys_perror (""realloc (import)""); goto error; } *importp = new_importp; memcpy ((*importp)[*nimp].name, import_name, PE_NAME_LENGTH); (*importp)[*nimp].name[PE_NAME_LENGTH] = '\0'; memcpy ((*importp)[*nimp].libname, dll_name, PE_NAME_LENGTH); (*importp)[*nimp].libname[PE_NAME_LENGTH] = '\0'; (*importp)[*nimp].vaddr = bin_pe_rva_to_va (pe, FirstThunk + i * sizeof (PE_DWord)); (*importp)[*nimp].paddr = PE_(va2pa) (pe, FirstThunk) + i * sizeof (PE_DWord); (*importp)[*nimp].hint = import_hint; (*importp)[*nimp].ordinal = import_ordinal; (*importp)[*nimp].last = 0; (*nimp)++; i++; } } while (import_table); if (db) { sdb_free (db); db = NULL; } free (symdllname); free (sdb_module); return i; error: if (db) { sdb_free (db); db = NULL; } free (symdllname); free (sdb_module); return false; }",visit repo url,libr/bin/format/pe/pe.c,https://github.com/radareorg/radare2,58711284817201,1 3181,['CWE-189'],"int jpc_mqdec_mpsexchrenormd(register jpc_mqdec_t *mqdec) { int ret; register jpc_mqstate_t *state = *mqdec->curctx; jpc_mqdec_mpsexchange(mqdec->areg, state->qeval, mqdec->curctx, ret); jpc_mqdec_renormd(mqdec->areg, mqdec->creg, mqdec->ctreg, mqdec->in, mqdec->eof, mqdec->inbuffer); return ret; }",jasper,,,334352284633743219631670996273003823773,0 4118,['CWE-399'],"void bsg_unregister_queue(struct request_queue *q) { struct bsg_class_device *bcd = &q->bsg_dev; if (!bcd->class_dev) return; mutex_lock(&bsg_mutex); idr_remove(&bsg_minor_idr, bcd->minor); sysfs_remove_link(&q->kobj, ""bsg""); device_unregister(bcd->class_dev); bcd->class_dev = NULL; kref_put(&bcd->ref, bsg_kref_release_function); mutex_unlock(&bsg_mutex); }",linux-2.6,,,208406510215673926957727098610490114686,0 2436,['CWE-119'],"static void flush_one_pair(struct diff_filepair *p, struct diff_options *opt) { int fmt = opt->output_format; if (fmt & DIFF_FORMAT_CHECKDIFF) diff_flush_checkdiff(p, opt); else if (fmt & (DIFF_FORMAT_RAW | DIFF_FORMAT_NAME_STATUS)) diff_flush_raw(p, opt); else if (fmt & DIFF_FORMAT_NAME) { const char *name_a, *name_b; name_a = p->two->path; name_b = NULL; strip_prefix(opt->prefix_length, &name_a, &name_b); write_name_quoted(name_a, opt->file, opt->line_termination); } }",git,,,261494344907558830465974937538578385725,0 1648,[],"static inline struct cpuacct *cgroup_ca(struct cgroup *cgrp) { return container_of(cgroup_subsys_state(cgrp, cpuacct_subsys_id), struct cpuacct, css); }",linux-2.6,,,338030986520230878197435603731194445437,0 2833,[],"static void dio_bio_submit(struct dio *dio) { struct bio *bio = dio->bio; unsigned long flags; bio->bi_private = dio; spin_lock_irqsave(&dio->bio_lock, flags); dio->refcount++; spin_unlock_irqrestore(&dio->bio_lock, flags); if (dio->is_async && dio->rw == READ) bio_set_pages_dirty(bio); submit_bio(dio->rw, bio); dio->bio = NULL; dio->boundary = 0; }",linux-2.6,,,165718390885867392944157490342252839465,0 1228,[],"m4_dumpdef (struct obstack *obs, int argc, token_data **argv) { symbol *s; int i; struct dump_symbol_data data; const builtin *bp; data.obs = obs; data.base = (symbol **) obstack_base (obs); data.size = 0; if (argc == 1) { hack_all_symbols (dump_symbol, &data); } else { for (i = 1; i < argc; i++) { s = lookup_symbol (TOKEN_DATA_TEXT (argv[i]), SYMBOL_LOOKUP); if (s != NULL && SYMBOL_TYPE (s) != TOKEN_VOID) dump_symbol (s, &data); else M4ERROR ((warning_status, 0, ""undefined macro `%s'"", TOKEN_DATA_TEXT (argv[i]))); } } obstack_finish (obs); qsort (data.base, data.size, sizeof (symbol *), dumpdef_cmp); for (; data.size > 0; --data.size, data.base++) { DEBUG_PRINT1 (""%s:\t"", SYMBOL_NAME (data.base[0])); switch (SYMBOL_TYPE (data.base[0])) { case TOKEN_TEXT: if (debug_level & DEBUG_TRACE_QUOTE) DEBUG_PRINT3 (""%s%s%s\n"", lquote.string, SYMBOL_TEXT (data.base[0]), rquote.string); else DEBUG_PRINT1 (""%s\n"", SYMBOL_TEXT (data.base[0])); break; case TOKEN_FUNC: bp = find_builtin_by_addr (SYMBOL_FUNC (data.base[0])); if (bp == NULL) { M4ERROR ((warning_status, 0, ""\ INTERNAL ERROR: builtin not found in builtin table"")); abort (); } DEBUG_PRINT1 (""<%s>\n"", bp->name); break; default: M4ERROR ((warning_status, 0, ""INTERNAL ERROR: bad token data type in m4_dumpdef ()"")); abort (); break; } } }",m4,,,268247597836390134916750135197078059614,0 5472,['CWE-476'],"static bool pdptrs_changed(struct kvm_vcpu *vcpu) { u64 pdpte[ARRAY_SIZE(vcpu->arch.pdptrs)]; bool changed = true; int r; if (is_long_mode(vcpu) || !is_pae(vcpu)) return false; r = kvm_read_guest(vcpu->kvm, vcpu->arch.cr3 & ~31u, pdpte, sizeof(pdpte)); if (r < 0) goto out; changed = memcmp(pdpte, vcpu->arch.pdptrs, sizeof(pdpte)) != 0; out: return changed; }",linux-2.6,,,307652686646333022169955885612552632694,0 6007,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedwriter_14BufferedWriter_12__reduce_cython__(struct __pyx_obj_17clickhouse_driver_14bufferedwriter_BufferedWriter *__pyx_v_self) { PyObject *__pyx_v_state = 0; PyObject *__pyx_v__dict = 0; int __pyx_v_use_setstate; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations PyObject *__pyx_t_1 = NULL; PyObject *__pyx_t_2 = NULL; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; int __pyx_t_5; int __pyx_t_6; __Pyx_RefNannySetupContext(""__reduce_cython__"", 0); __pyx_t_1 = __Pyx_PyBytes_FromString(__pyx_v_self->buffer); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); __pyx_t_2 = PyInt_FromSsize_t(__pyx_v_self->buffer_size); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_3 = PyInt_FromSsize_t(__pyx_v_self->position); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = PyTuple_New(3); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 5, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_GIVEREF(__pyx_t_1); PyTuple_SET_ITEM(__pyx_t_4, 0, __pyx_t_1); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_t_2); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_4, 2, __pyx_t_3); __pyx_t_1 = 0; __pyx_t_2 = 0; __pyx_t_3 = 0; __pyx_v_state = ((PyObject*)__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_GetAttr3(((PyObject *)__pyx_v_self), __pyx_n_s_dict, Py_None); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 6, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __pyx_v__dict = __pyx_t_4; __pyx_t_4 = 0; __pyx_t_5 = (__pyx_v__dict != Py_None); __pyx_t_6 = (__pyx_t_5 != 0); if (__pyx_t_6) { __pyx_t_4 = PyTuple_New(1); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(__pyx_v__dict); __Pyx_GIVEREF(__pyx_v__dict); PyTuple_SET_ITEM(__pyx_t_4, 0, __pyx_v__dict); __pyx_t_3 = PyNumber_InPlaceAdd(__pyx_v_state, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 8, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __Pyx_DECREF_SET(__pyx_v_state, ((PyObject*)__pyx_t_3)); __pyx_t_3 = 0; __pyx_v_use_setstate = 1; goto __pyx_L3; } { __pyx_v_use_setstate = 0; } __pyx_L3:; __pyx_t_6 = (__pyx_v_use_setstate != 0); if (__pyx_t_6) { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_pyx_unpickle_BufferedWriter); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = PyTuple_New(3); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_4, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_39656716); __Pyx_GIVEREF(__pyx_int_39656716); PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_int_39656716); __Pyx_INCREF(Py_None); __Pyx_GIVEREF(Py_None); PyTuple_SET_ITEM(__pyx_t_4, 2, Py_None); __pyx_t_2 = PyTuple_New(3); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 13, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_3); __Pyx_GIVEREF(__pyx_t_4); PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_t_4); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_2, 2, __pyx_v_state); __pyx_t_3 = 0; __pyx_t_4 = 0; __pyx_r = __pyx_t_2; __pyx_t_2 = 0; goto __pyx_L0; } { __Pyx_XDECREF(__pyx_r); __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_pyx_unpickle_BufferedWriter); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_2); __pyx_t_4 = PyTuple_New(3); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); PyTuple_SET_ITEM(__pyx_t_4, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))); __Pyx_INCREF(__pyx_int_39656716); __Pyx_GIVEREF(__pyx_int_39656716); PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_int_39656716); __Pyx_INCREF(__pyx_v_state); __Pyx_GIVEREF(__pyx_v_state); PyTuple_SET_ITEM(__pyx_t_4, 2, __pyx_v_state); __pyx_t_3 = PyTuple_New(2); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 15, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_GIVEREF(__pyx_t_2); PyTuple_SET_ITEM(__pyx_t_3, 0, __pyx_t_2); __Pyx_GIVEREF(__pyx_t_4); PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_t_4); __pyx_t_2 = 0; __pyx_t_4 = 0; __pyx_r = __pyx_t_3; __pyx_t_3 = 0; goto __pyx_L0; } __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); __Pyx_XDECREF(__pyx_t_2); __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_AddTraceback(""clickhouse_driver.bufferedwriter.BufferedWriter.__reduce_cython__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XDECREF(__pyx_v_state); __Pyx_XDECREF(__pyx_v__dict); __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedwriter.c,https://github.com/mymarilyn/clickhouse-driver,37278877319425,1 4349,['CWE-399'],"long keyctl_describe_key(key_serial_t keyid, char __user *buffer, size_t buflen) { struct key *key, *instkey; key_ref_t key_ref; char *tmpbuf; long ret; key_ref = lookup_user_key(keyid, 0, 1, KEY_VIEW); if (IS_ERR(key_ref)) { if (PTR_ERR(key_ref) == -EACCES) { instkey = key_get_instantiation_authkey(keyid); if (!IS_ERR(instkey)) { key_put(instkey); key_ref = lookup_user_key(keyid, 0, 1, 0); if (!IS_ERR(key_ref)) goto okay; } } ret = PTR_ERR(key_ref); goto error; } okay: ret = -ENOMEM; tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); if (!tmpbuf) goto error2; key = key_ref_to_ptr(key_ref); ret = snprintf(tmpbuf, PAGE_SIZE - 1, ""%s;%d;%d;%08x;%s"", key_ref_to_ptr(key_ref)->type->name, key_ref_to_ptr(key_ref)->uid, key_ref_to_ptr(key_ref)->gid, key_ref_to_ptr(key_ref)->perm, key_ref_to_ptr(key_ref)->description ? key_ref_to_ptr(key_ref)->description : """" ); if (ret > PAGE_SIZE - 1) ret = PAGE_SIZE - 1; tmpbuf[ret] = 0; ret++; if (buffer && buflen > 0) { if (buflen > ret) buflen = ret; if (copy_to_user(buffer, tmpbuf, buflen) != 0) ret = -EFAULT; } kfree(tmpbuf); error2: key_ref_put(key_ref); error: return ret; } ",linux-2.6,,,78857459615512747457822525063926599169,0 1304,CWE-399,"void hugetlb_unreserve_pages(struct inode *inode, long offset, long freed) { struct hstate *h = hstate_inode(inode); long chg = region_truncate(&inode->i_mapping->private_list, offset); spin_lock(&inode->i_lock); inode->i_blocks -= (blocks_per_huge_page(h) * freed); spin_unlock(&inode->i_lock); hugetlb_put_quota(inode->i_mapping, (chg - freed)); hugetlb_acct_memory(h, -(chg - freed)); }",visit repo url,mm/hugetlb.c,https://github.com/torvalds/linux,171164518488506,1 4292,CWE-416,"R_API void r_core_anal_esil(RCore *core, const char *str, const char *target) { bool cfg_anal_strings = r_config_get_i (core->config, ""anal.strings""); bool emu_lazy = r_config_get_i (core->config, ""emu.lazy""); bool gp_fixed = r_config_get_i (core->config, ""anal.gpfixed""); RAnalEsil *ESIL = core->anal->esil; ut64 refptr = 0LL; const char *pcname; RAnalOp op = R_EMPTY; ut8 *buf = NULL; bool end_address_set = false; int iend; int minopsize = 4; bool archIsArm = false; ut64 addr = core->offset; ut64 start = addr; ut64 end = 0LL; ut64 cur; if (esil_anal_stop || r_cons_is_breaked ()) { return; } mycore = core; if (!strcmp (str, ""?"")) { eprintf (""Usage: aae[f] [len] [addr] - analyze refs in function, section or len bytes with esil\n""); eprintf ("" aae $SS @ $S - analyze the whole section\n""); eprintf ("" aae $SS str.Hello @ $S - find references for str.Hellow\n""); eprintf ("" aaef - analyze functions discovered with esil\n""); return; } #define CHECKREF(x) ((refptr && (x) == refptr) || !refptr) if (target) { const char *expr = r_str_trim_head_ro (target); if (*expr) { refptr = ntarget = r_num_math (core->num, expr); if (!refptr) { ntarget = refptr = addr; } } else { ntarget = UT64_MAX; refptr = 0LL; } } else { ntarget = UT64_MAX; refptr = 0LL; } RAnalFunction *fcn = NULL; if (!strcmp (str, ""f"")) { fcn = r_anal_get_fcn_in (core->anal, core->offset, 0); if (fcn) { start = r_anal_function_min_addr (fcn); addr = fcn->addr; end = r_anal_function_max_addr (fcn); end_address_set = true; } } if (!end_address_set) { if (str[0] == ' ') { end = addr + r_num_math (core->num, str + 1); } else { RIOMap *map = r_io_map_get_at (core->io, addr); if (map) { end = r_io_map_end (map); } else { end = addr + core->blocksize; } } } iend = end - start; if (iend < 0) { return; } if (iend > MAX_SCAN_SIZE) { eprintf (""Warning: Not going to analyze 0x%08""PFMT64x"" bytes.\n"", (ut64)iend); return; } buf = malloc ((size_t)iend + 2); if (!buf) { perror (""malloc""); return; } esilbreak_last_read = UT64_MAX; r_io_read_at (core->io, start, buf, iend + 1); if (!ESIL) { r_core_cmd0 (core, ""aei""); ESIL = core->anal->esil; if (!ESIL) { eprintf (""ESIL not initialized\n""); return; } r_core_cmd0 (core, ""aeim""); ESIL = core->anal->esil; } const char *spname = r_reg_get_name (core->anal->reg, R_REG_NAME_SP); if (!spname) { eprintf (""Error: No =SP defined in the reg profile.\n""); return; } EsilBreakCtx ctx = { &op, fcn, spname, r_reg_getv (core->anal->reg, spname) }; ESIL->cb.hook_reg_write = &esilbreak_reg_write; ESIL->user = &ctx; ESIL->cb.hook_mem_read = &esilbreak_mem_read; ESIL->cb.hook_mem_write = &esilbreak_mem_write; if (fcn && fcn->reg_save_area) { r_reg_setv (core->anal->reg, ctx.spname, ctx.initial_sp - fcn->reg_save_area); } pcname = r_reg_get_name (core->anal->reg, R_REG_NAME_PC); if (!pcname || !*pcname) { eprintf (""Cannot find program counter register in the current profile.\n""); return; } esil_anal_stop = false; r_cons_break_push (cccb, core); int arch = -1; if (!strcmp (core->anal->cur->arch, ""arm"")) { switch (core->anal->cur->bits) { case 64: arch = R2_ARCH_ARM64; break; case 32: arch = R2_ARCH_ARM32; break; case 16: arch = R2_ARCH_THUMB; break; } archIsArm = true; } ut64 gp = r_config_get_i (core->config, ""anal.gp""); const char *gp_reg = NULL; if (!strcmp (core->anal->cur->arch, ""mips"")) { gp_reg = ""gp""; arch = R2_ARCH_MIPS; } const char *sn = r_reg_get_name (core->anal->reg, R_REG_NAME_SN); if (!sn) { eprintf (""Warning: No SN reg alias for current architecture.\n""); } r_reg_arena_push (core->anal->reg); IterCtx ictx = { start, end, fcn, NULL }; size_t i = addr - start; size_t i_old = 0; do { if (esil_anal_stop || r_cons_is_breaked ()) { break; } cur = start + i; if (!r_io_is_valid_offset (core->io, cur, 0)) { break; } #if 0 { RPVector *list = r_meta_get_all_in (core->anal, cur, R_META_TYPE_ANY); void **it; r_pvector_foreach (list, it) { RIntervalNode *node = *it; RAnalMetaItem *meta = node->data; switch (meta->type) { case R_META_TYPE_DATA: case R_META_TYPE_STRING: case R_META_TYPE_FORMAT: #if 0 { int msz = r_meta_get_size (core->anal, meta->type); i += (msz > 0)? msz: minopsize; } r_pvector_free (list); goto loopback; #elif 0 { int msz = r_meta_get_size (core->anal, meta->type); i += (msz > 0)? msz: minopsize; i--; } #else i += 4; goto repeat; #endif default: break; } } r_pvector_free (list); } #endif r_core_seek_arch_bits (core, cur); int opalign = core->anal->pcalign; if (opalign > 0) { cur -= (cur % opalign); } r_anal_op_fini (&op); r_asm_set_pc (core->rasm, cur); i_old = i; #if 1 if (i > iend) { goto repeat; } #endif if (!r_anal_op (core->anal, &op, cur, buf + i, iend - i, R_ANAL_OP_MASK_ESIL | R_ANAL_OP_MASK_VAL | R_ANAL_OP_MASK_HINT)) { i += minopsize - 1; } if (op.type == R_ANAL_OP_TYPE_ILL || op.type == R_ANAL_OP_TYPE_UNK) { r_anal_op_fini (&op); goto repeat; } if (op.size < 1) { i += minopsize - 1; goto repeat; } if (emu_lazy) { if (op.type & R_ANAL_OP_TYPE_REP) { i += op.size - 1; goto repeat; } switch (op.type & R_ANAL_OP_TYPE_MASK) { case R_ANAL_OP_TYPE_JMP: case R_ANAL_OP_TYPE_CJMP: case R_ANAL_OP_TYPE_CALL: case R_ANAL_OP_TYPE_RET: case R_ANAL_OP_TYPE_ILL: case R_ANAL_OP_TYPE_NOP: case R_ANAL_OP_TYPE_UJMP: case R_ANAL_OP_TYPE_IO: case R_ANAL_OP_TYPE_LEAVE: case R_ANAL_OP_TYPE_CRYPTO: case R_ANAL_OP_TYPE_CPL: case R_ANAL_OP_TYPE_SYNC: case R_ANAL_OP_TYPE_SWI: case R_ANAL_OP_TYPE_CMP: case R_ANAL_OP_TYPE_ACMP: case R_ANAL_OP_TYPE_NULL: case R_ANAL_OP_TYPE_CSWI: case R_ANAL_OP_TYPE_TRAP: i += op.size - 1; goto repeat; case R_ANAL_OP_TYPE_PUSH: case R_ANAL_OP_TYPE_POP: i += op.size - 1; goto repeat; } } if (sn && op.type == R_ANAL_OP_TYPE_SWI) { r_strf_buffer (64); r_flag_space_set (core->flags, R_FLAGS_FS_SYSCALLS); int snv = (arch == R2_ARCH_THUMB)? op.val: (int)r_reg_getv (core->anal->reg, sn); RSyscallItem *si = r_syscall_get (core->anal->syscall, snv, -1); if (si) { r_flag_set_next (core->flags, r_strf (""syscall.%s"", si->name), cur, 1); } else { r_flag_set_next (core->flags, r_strf (""syscall.%d"", snv), cur, 1); } r_flag_space_set (core->flags, NULL); r_syscall_item_free (si); } const char *esilstr = R_STRBUF_SAFEGET (&op.esil); i += op.size - 1; if (R_STR_ISEMPTY (esilstr)) { goto repeat; } r_anal_esil_set_pc (ESIL, cur); r_reg_setv (core->anal->reg, pcname, cur + op.size); if (gp_fixed && gp_reg) { r_reg_setv (core->anal->reg, gp_reg, gp); } (void)r_anal_esil_parse (ESIL, esilstr); switch (op.type) { case R_ANAL_OP_TYPE_LEA: if (core->anal->cur && arch == R2_ARCH_ARM64) { if (CHECKREF (ESIL->cur)) { r_anal_xrefs_set (core->anal, cur, ESIL->cur, R_ANAL_REF_TYPE_STRING); } } else if ((target && op.ptr == ntarget) || !target) { if (CHECKREF (ESIL->cur)) { if (op.ptr && r_io_is_valid_offset (core->io, op.ptr, !core->anal->opt.noncode)) { r_anal_xrefs_set (core->anal, cur, op.ptr, R_ANAL_REF_TYPE_STRING); } else { r_anal_xrefs_set (core->anal, cur, ESIL->cur, R_ANAL_REF_TYPE_STRING); } } } if (cfg_anal_strings) { add_string_ref (core, op.addr, op.ptr); } break; case R_ANAL_OP_TYPE_ADD: if (core->anal->cur && archIsArm) { ut64 dst = ESIL->cur; if ((target && dst == ntarget) || !target) { if (CHECKREF (dst)) { int type = core_type_by_addr (core, dst); r_anal_xrefs_set (core->anal, cur, dst, type); } } if (cfg_anal_strings) { add_string_ref (core, op.addr, dst); } } else if ((core->anal->bits == 32 && core->anal->cur && arch == R2_ARCH_MIPS)) { ut64 dst = ESIL->cur; if (!op.src[0] || !op.src[0]->reg || !op.src[0]->reg->name) { break; } if (!strcmp (op.src[0]->reg->name, ""sp"")) { break; } if (!strcmp (op.src[0]->reg->name, ""zero"")) { break; } if ((target && dst == ntarget) || !target) { if (dst > 0xffff && op.src[1] && (dst & 0xffff) == (op.src[1]->imm & 0xffff) && myvalid (mycore->io, dst)) { RFlagItem *f; char *str; if (CHECKREF (dst) || CHECKREF (cur)) { r_anal_xrefs_set (core->anal, cur, dst, R_ANAL_REF_TYPE_DATA); if (cfg_anal_strings) { add_string_ref (core, op.addr, dst); } if ((f = r_core_flag_get_by_spaces (core->flags, dst))) { r_meta_set_string (core->anal, R_META_TYPE_COMMENT, cur, f->name); } else if ((str = is_string_at (mycore, dst, NULL))) { char *str2 = r_str_newf (""esilref: '%s'"", str); r_str_replace_char (str2, '%', '&'); r_meta_set_string (core->anal, R_META_TYPE_COMMENT, cur, str2); free (str2); free (str); } } } } } break; case R_ANAL_OP_TYPE_LOAD: { ut64 dst = esilbreak_last_read; if (dst != UT64_MAX && CHECKREF (dst)) { if (myvalid (mycore->io, dst)) { r_anal_xrefs_set (core->anal, cur, dst, R_ANAL_REF_TYPE_DATA); if (cfg_anal_strings) { add_string_ref (core, op.addr, dst); } } } dst = esilbreak_last_data; if (dst != UT64_MAX && CHECKREF (dst)) { if (myvalid (mycore->io, dst)) { r_anal_xrefs_set (core->anal, cur, dst, R_ANAL_REF_TYPE_DATA); if (cfg_anal_strings) { add_string_ref (core, op.addr, dst); } } } } break; case R_ANAL_OP_TYPE_JMP: { ut64 dst = op.jump; if (CHECKREF (dst)) { if (myvalid (core->io, dst)) { r_anal_xrefs_set (core->anal, cur, dst, R_ANAL_REF_TYPE_CODE); } } } break; case R_ANAL_OP_TYPE_CALL: { ut64 dst = op.jump; if (CHECKREF (dst)) { if (myvalid (core->io, dst)) { r_anal_xrefs_set (core->anal, cur, dst, R_ANAL_REF_TYPE_CALL); } ESIL->old = cur + op.size; getpcfromstack (core, ESIL); } } break; case R_ANAL_OP_TYPE_UJMP: case R_ANAL_OP_TYPE_UCALL: case R_ANAL_OP_TYPE_ICALL: case R_ANAL_OP_TYPE_RCALL: case R_ANAL_OP_TYPE_IRCALL: case R_ANAL_OP_TYPE_MJMP: { ut64 dst = core->anal->esil->jump_target; if (dst == 0 || dst == UT64_MAX) { dst = r_reg_getv (core->anal->reg, pcname); } if (CHECKREF (dst)) { if (myvalid (core->io, dst)) { RAnalRefType ref = (op.type & R_ANAL_OP_TYPE_MASK) == R_ANAL_OP_TYPE_UCALL ? R_ANAL_REF_TYPE_CALL : R_ANAL_REF_TYPE_CODE; r_anal_xrefs_set (core->anal, cur, dst, ref); r_core_anal_fcn (core, dst, UT64_MAX, R_ANAL_REF_TYPE_NULL, 1); #if 0 if (op.type == R_ANAL_OP_TYPE_UCALL || op.type == R_ANAL_OP_TYPE_RCALL) { eprintf (""0x%08""PFMT64x"" RCALL TO %llx\n"", cur, dst); } #endif } } } break; default: break; } r_anal_esil_stack_free (ESIL); repeat: if (!r_anal_get_block_at (core->anal, cur)) { size_t fcn_i; for (fcn_i = i_old + 1; fcn_i <= i; fcn_i++) { if (r_anal_get_function_at (core->anal, start + fcn_i)) { i = fcn_i - 1; break; } } } if (i >= iend) { break; } } while (get_next_i (&ictx, &i)); r_list_free (ictx.bbl); r_list_free (ictx.path); r_list_free (ictx.switch_path); free (buf); ESIL->cb.hook_mem_read = NULL; ESIL->cb.hook_mem_write = NULL; ESIL->cb.hook_reg_write = NULL; ESIL->user = NULL; r_anal_op_fini (&op); r_cons_break_pop (); r_reg_arena_pop (core->anal->reg); }",visit repo url,libr/core/canal.c,https://github.com/radareorg/radare2,255183989869534,1 4287,CWE-400,"static bool load_buffer(RBinFile *bf, void **bin_obj, RBuffer *buf, ut64 loadaddr, Sdb *sdb) { QnxObj *qo = R_NEW0 (QnxObj); if (!qo) { return false; } lmf_record lrec; lmf_resource lres; lmf_data ldata; ut64 offset = QNX_RECORD_SIZE; RList *sections = NULL; RList *fixups = NULL; if (!qo) { goto beach; } if (!(sections = r_list_newf ((RListFree)r_bin_section_free)) || !(fixups = r_list_new ())) { goto beach; } qo->kv = sdb_new0 (); if (!qo->kv) { goto beach; } if (r_buf_fread_at (bf->buf, 0, (ut8 *)&lrec, ""ccss"", 1) < QNX_RECORD_SIZE) { goto beach; } lmf_header_load (&qo->lmfh, bf->buf, qo->kv); offset += lrec.data_nbytes; for (;;) { if (r_buf_fread_at (bf->buf, offset, (ut8 *)&lrec, ""ccss"", 1) < QNX_RECORD_SIZE) { goto beach; } offset += sizeof (lmf_record); if (lrec.rec_type == LMF_IMAGE_END_REC) { break; } else if (lrec.rec_type == LMF_RESOURCE_REC) { RBinSection *ptr = R_NEW0 (RBinSection); if (!ptr) { goto beach; } if (r_buf_fread_at (bf->buf, offset, (ut8 *)&lres, ""ssss"", 1) < sizeof (lmf_resource)) { goto beach; } ptr->name = strdup (""LMF_RESOURCE""); ptr->paddr = offset; ptr->vsize = lrec.data_nbytes - sizeof (lmf_resource); ptr->size = ptr->vsize; ptr->add = true; r_list_append (sections, ptr); } else if (lrec.rec_type == LMF_LOAD_REC) { RBinSection *ptr = R_NEW0 (RBinSection); if (r_buf_fread_at (bf->buf, offset, (ut8 *)&ldata, ""si"", 1) < sizeof (lmf_data)) { goto beach; } if (!ptr) { goto beach; } ptr->name = strdup (""LMF_LOAD""); ptr->paddr = offset; ptr->vaddr = ldata.offset; ptr->vsize = lrec.data_nbytes - sizeof (lmf_data); ptr->size = ptr->vsize; ptr->add = true; r_list_append (sections, ptr); } else if (lrec.rec_type == LMF_FIXUP_REC) { RBinReloc *ptr = R_NEW0 (RBinReloc); if (!ptr || r_buf_fread_at (bf->buf, offset, (ut8 *)&ldata, ""si"", 1) < sizeof (lmf_data)) { goto beach; } ptr->vaddr = ptr->paddr = ldata.offset; ptr->type = 'f'; r_list_append (fixups, ptr); } else if (lrec.rec_type == LMF_8087_FIXUP_REC) { RBinReloc *ptr = R_NEW0 (RBinReloc); if (!ptr || r_buf_fread_at (bf->buf, offset, (ut8 *)&ldata, ""si"", 1) < sizeof (lmf_data)) { goto beach; } ptr->vaddr = ptr->paddr = ldata.offset; ptr->type = 'F'; r_list_append (fixups, ptr); } else if (lrec.rec_type == LMF_RW_END_REC) { r_buf_fread_at (bf->buf, offset, (ut8 *)&qo->rwend, ""si"", 1); } offset += lrec.data_nbytes; } sdb_ns_set (sdb, ""info"", qo->kv); qo->sections = sections; qo->fixups = fixups; *bin_obj = qo; return true; beach: free (qo); r_list_free (fixups); r_list_free (sections); return false; }",visit repo url,libr/bin/p/bin_qnx.c,https://github.com/radareorg/radare2,257595630362170,1 3739,[],"void unix_inflight(struct file *fp) { struct sock *s = unix_get_socket(fp); if(s) { struct unix_sock *u = unix_sk(s); spin_lock(&unix_gc_lock); if (atomic_long_inc_return(&u->inflight) == 1) { BUG_ON(!list_empty(&u->link)); list_add_tail(&u->link, &gc_inflight_list); } else { BUG_ON(list_empty(&u->link)); } unix_tot_inflight++; spin_unlock(&unix_gc_lock); } }",linux-2.6,,,198885094788650237923845589656363242213,0 4002,['CWE-362'],"static inline int audit_match_class_bits(int class, u32 *mask) { int i; if (classes[class]) { for (i = 0; i < AUDIT_BITMASK_SIZE; i++) if (mask[i] & classes[class][i]) return 0; } return 1; }",linux-2.6,,,210916243658686255404118809484465109765,0 4157,CWE-401,"main(int argc, char* argv[]) { uint16 bitspersample, shortv; uint32 imagewidth, imagelength; uint16 config = PLANARCONFIG_CONTIG; uint32 rowsperstrip = (uint32) -1; uint16 photometric = PHOTOMETRIC_RGB; uint16 *rmap, *gmap, *bmap; uint32 row; int cmap = -1; TIFF *in, *out; int c; #if !HAVE_DECL_OPTARG extern int optind; extern char* optarg; #endif while ((c = getopt(argc, argv, ""C:c:p:r:"")) != -1) switch (c) { case 'C': cmap = atoi(optarg); break; case 'c': if (!processCompressOptions(optarg)) usage(); break; case 'p': if (streq(optarg, ""separate"")) config = PLANARCONFIG_SEPARATE; else if (streq(optarg, ""contig"")) config = PLANARCONFIG_CONTIG; else usage(); break; case 'r': rowsperstrip = atoi(optarg); break; case '?': usage(); } if (argc - optind != 2) usage(); in = TIFFOpen(argv[optind], ""r""); if (in == NULL) return (-1); if (!TIFFGetField(in, TIFFTAG_PHOTOMETRIC, &shortv) || shortv != PHOTOMETRIC_PALETTE) { fprintf(stderr, ""%s: Expecting a palette image.\n"", argv[optind]); return (-1); } if (!TIFFGetField(in, TIFFTAG_COLORMAP, &rmap, &gmap, &bmap)) { fprintf(stderr, ""%s: No colormap (not a valid palette image).\n"", argv[optind]); return (-1); } bitspersample = 0; TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bitspersample); if (bitspersample != 8) { fprintf(stderr, ""%s: Sorry, can only handle 8-bit images.\n"", argv[optind]); return (-1); } out = TIFFOpen(argv[optind+1], ""w""); if (out == NULL) return (-2); cpTags(in, out); TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &imagewidth); TIFFGetField(in, TIFFTAG_IMAGELENGTH, &imagelength); if (compression != (uint16)-1) TIFFSetField(out, TIFFTAG_COMPRESSION, compression); else TIFFGetField(in, TIFFTAG_COMPRESSION, &compression); switch (compression) { case COMPRESSION_JPEG: if (jpegcolormode == JPEGCOLORMODE_RGB) photometric = PHOTOMETRIC_YCBCR; else photometric = PHOTOMETRIC_RGB; TIFFSetField(out, TIFFTAG_JPEGQUALITY, quality); TIFFSetField(out, TIFFTAG_JPEGCOLORMODE, jpegcolormode); break; case COMPRESSION_LZW: case COMPRESSION_DEFLATE: if (predictor != 0) TIFFSetField(out, TIFFTAG_PREDICTOR, predictor); break; } TIFFSetField(out, TIFFTAG_PHOTOMETRIC, photometric); TIFFSetField(out, TIFFTAG_SAMPLESPERPIXEL, 3); TIFFSetField(out, TIFFTAG_PLANARCONFIG, config); TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, rowsperstrip = TIFFDefaultStripSize(out, rowsperstrip)); (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); if (cmap == -1) cmap = checkcmap(1<= 0; i--) { #define CVT(x) (((x) * 255) / ((1L<<16)-1)) rmap[i] = CVT(rmap[i]); gmap[i] = CVT(gmap[i]); bmap[i] = CVT(bmap[i]); } } { unsigned char *ibuf, *obuf; register unsigned char* pp; register uint32 x; tmsize_t tss_in = TIFFScanlineSize(in); tmsize_t tss_out = TIFFScanlineSize(out); if (tss_out / tss_in < 3) { fprintf(stderr, ""Could not determine correct image size for output. Exiting.\n""); return -1; } ibuf = (unsigned char*)_TIFFmalloc(tss_in); obuf = (unsigned char*)_TIFFmalloc(tss_out); switch (config) { case PLANARCONFIG_CONTIG: for (row = 0; row < imagelength; row++) { if (!TIFFReadScanline(in, ibuf, row, 0)) goto done; pp = obuf; for (x = 0; x < imagewidth; x++) { *pp++ = (unsigned char) rmap[ibuf[x]]; *pp++ = (unsigned char) gmap[ibuf[x]]; *pp++ = (unsigned char) bmap[ibuf[x]]; } if (!TIFFWriteScanline(out, obuf, row, 0)) goto done; } break; case PLANARCONFIG_SEPARATE: for (row = 0; row < imagelength; row++) { if (!TIFFReadScanline(in, ibuf, row, 0)) goto done; for (pp = obuf, x = 0; x < imagewidth; x++) *pp++ = (unsigned char) rmap[ibuf[x]]; if (!TIFFWriteScanline(out, obuf, row, 0)) goto done; for (pp = obuf, x = 0; x < imagewidth; x++) *pp++ = (unsigned char) gmap[ibuf[x]]; if (!TIFFWriteScanline(out, obuf, row, 0)) goto done; for (pp = obuf, x = 0; x < imagewidth; x++) *pp++ = (unsigned char) bmap[ibuf[x]]; if (!TIFFWriteScanline(out, obuf, row, 0)) goto done; } break; } _TIFFfree(ibuf); _TIFFfree(obuf); } done: (void) TIFFClose(in); (void) TIFFClose(out); return (0); }",visit repo url,tools/pal2rgb.c,https://gitlab.com/libtiff/libtiff,248769075209653,1 359,[],"pfm_write_pmcs(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { struct task_struct *task; pfarg_reg_t *req = (pfarg_reg_t *)arg; unsigned long value, pmc_pm; unsigned long smpl_pmds, reset_pmds, impl_pmds; unsigned int cnum, reg_flags, flags, pmc_type; int i, can_access_pmu = 0, is_loaded, is_system, expert_mode; int is_monitor, is_counting, state; int ret = -EINVAL; pfm_reg_check_t wr_func; #define PFM_CHECK_PMC_PM(x, y, z) ((x)->ctx_fl_system ^ PMC_PM(y, z)) state = ctx->ctx_state; is_loaded = state == PFM_CTX_LOADED ? 1 : 0; is_system = ctx->ctx_fl_system; task = ctx->ctx_task; impl_pmds = pmu_conf->impl_pmds[0]; if (state == PFM_CTX_ZOMBIE) return -EINVAL; if (is_loaded) { if (is_system && ctx->ctx_cpu != smp_processor_id()) { DPRINT((""should be running on CPU%d\n"", ctx->ctx_cpu)); return -EBUSY; } can_access_pmu = GET_PMU_OWNER() == task || is_system ? 1 : 0; } expert_mode = pfm_sysctl.expert_mode; for (i = 0; i < count; i++, req++) { cnum = req->reg_num; reg_flags = req->reg_flags; value = req->reg_value; smpl_pmds = req->reg_smpl_pmds[0]; reset_pmds = req->reg_reset_pmds[0]; flags = 0; if (cnum >= PMU_MAX_PMCS) { DPRINT((""pmc%u is invalid\n"", cnum)); goto error; } pmc_type = pmu_conf->pmc_desc[cnum].type; pmc_pm = (value >> pmu_conf->pmc_desc[cnum].pm_pos) & 0x1; is_counting = (pmc_type & PFM_REG_COUNTING) == PFM_REG_COUNTING ? 1 : 0; is_monitor = (pmc_type & PFM_REG_MONITOR) == PFM_REG_MONITOR ? 1 : 0; if ((pmc_type & PFM_REG_IMPL) == 0 || (pmc_type & PFM_REG_CONTROL) == PFM_REG_CONTROL) { DPRINT((""pmc%u is unimplemented or no-access pmc_type=%x\n"", cnum, pmc_type)); goto error; } wr_func = pmu_conf->pmc_desc[cnum].write_check; if (is_monitor && value != PMC_DFL_VAL(cnum) && is_system ^ pmc_pm) { DPRINT((""pmc%u pmc_pm=%lu is_system=%d\n"", cnum, pmc_pm, is_system)); goto error; } if (is_counting) { value |= 1 << PMU_PMC_OI; if (reg_flags & PFM_REGFL_OVFL_NOTIFY) { flags |= PFM_REGFL_OVFL_NOTIFY; } if (reg_flags & PFM_REGFL_RANDOM) flags |= PFM_REGFL_RANDOM; if ((smpl_pmds & impl_pmds) != smpl_pmds) { DPRINT((""invalid smpl_pmds 0x%lx for pmc%u\n"", smpl_pmds, cnum)); goto error; } if ((reset_pmds & impl_pmds) != reset_pmds) { DPRINT((""invalid reset_pmds 0x%lx for pmc%u\n"", reset_pmds, cnum)); goto error; } } else { if (reg_flags & (PFM_REGFL_OVFL_NOTIFY|PFM_REGFL_RANDOM)) { DPRINT((""cannot set ovfl_notify or random on pmc%u\n"", cnum)); goto error; } } if (likely(expert_mode == 0 && wr_func)) { ret = (*wr_func)(task, ctx, cnum, &value, regs); if (ret) goto error; ret = -EINVAL; } PFM_REG_RETFLAG_SET(req->reg_flags, 0); if (is_counting) { ctx->ctx_pmds[cnum].flags = flags; ctx->ctx_pmds[cnum].reset_pmds[0] = reset_pmds; ctx->ctx_pmds[cnum].smpl_pmds[0] = smpl_pmds; ctx->ctx_pmds[cnum].eventid = req->reg_smpl_eventid; CTX_USED_PMD(ctx, reset_pmds); CTX_USED_PMD(ctx, smpl_pmds); if (state == PFM_CTX_MASKED) ctx->ctx_ovfl_regs[0] &= ~1UL << cnum; } CTX_USED_PMD(ctx, pmu_conf->pmc_desc[cnum].dep_pmd[0]); if (is_monitor) CTX_USED_MONITOR(ctx, 1UL << cnum); ctx->ctx_pmcs[cnum] = value; if (is_loaded) { if (is_system == 0) ctx->th_pmcs[cnum] = value; if (can_access_pmu) { ia64_set_pmc(cnum, value); } #ifdef CONFIG_SMP else { ctx->ctx_reload_pmcs[0] |= 1UL << cnum; } #endif } DPRINT((""pmc[%u]=0x%lx ld=%d apmu=%d flags=0x%x all_pmcs=0x%lx used_pmds=0x%lx eventid=%ld smpl_pmds=0x%lx reset_pmds=0x%lx reloads_pmcs=0x%lx used_monitors=0x%lx ovfl_regs=0x%lx\n"", cnum, value, is_loaded, can_access_pmu, flags, ctx->ctx_all_pmcs[0], ctx->ctx_used_pmds[0], ctx->ctx_pmds[cnum].eventid, smpl_pmds, reset_pmds, ctx->ctx_reload_pmcs[0], ctx->ctx_used_monitors[0], ctx->ctx_ovfl_regs[0])); } if (can_access_pmu) ia64_srlz_d(); return 0; error: PFM_REG_RETFLAG_SET(req->reg_flags, PFM_REG_RETFL_EINVAL); return ret; }",linux-2.6,,,129010001028965043758590478140763580129,0 5330,['CWE-119'],"static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) { struct sock *sk; struct tun_struct *tun; struct net_device *dev; int err; dev = __dev_get_by_name(net, ifr->ifr_name); if (dev) { if (ifr->ifr_flags & IFF_TUN_EXCL) return -EBUSY; if ((ifr->ifr_flags & IFF_TUN) && dev->netdev_ops == &tun_netdev_ops) tun = netdev_priv(dev); else if ((ifr->ifr_flags & IFF_TAP) && dev->netdev_ops == &tap_netdev_ops) tun = netdev_priv(dev); else return -EINVAL; err = tun_attach(tun, file); if (err < 0) return err; } else { char *name; unsigned long flags = 0; err = -EINVAL; if (!capable(CAP_NET_ADMIN)) return -EPERM; if (ifr->ifr_flags & IFF_TUN) { flags |= TUN_TUN_DEV; name = ""tun%d""; } else if (ifr->ifr_flags & IFF_TAP) { flags |= TUN_TAP_DEV; name = ""tap%d""; } else goto failed; if (*ifr->ifr_name) name = ifr->ifr_name; dev = alloc_netdev(sizeof(struct tun_struct), name, tun_setup); if (!dev) return -ENOMEM; dev_net_set(dev, net); dev->rtnl_link_ops = &tun_link_ops; tun = netdev_priv(dev); tun->dev = dev; tun->flags = flags; tun->txflt.count = 0; err = -ENOMEM; sk = sk_alloc(net, AF_UNSPEC, GFP_KERNEL, &tun_proto); if (!sk) goto err_free_dev; init_waitqueue_head(&tun->socket.wait); sock_init_data(&tun->socket, sk); sk->sk_write_space = tun_sock_write_space; sk->sk_sndbuf = INT_MAX; tun->sk = sk; container_of(sk, struct tun_sock, sk)->tun = tun; tun_net_init(dev); if (strchr(dev->name, '%')) { err = dev_alloc_name(dev, dev->name); if (err < 0) goto err_free_sk; } err = -EINVAL; err = register_netdevice(tun->dev); if (err < 0) goto err_free_sk; if (device_create_file(&tun->dev->dev, &dev_attr_tun_flags) || device_create_file(&tun->dev->dev, &dev_attr_owner) || device_create_file(&tun->dev->dev, &dev_attr_group)) printk(KERN_ERR ""Failed to create tun sysfs files\n""); sk->sk_destruct = tun_sock_destruct; err = tun_attach(tun, file); if (err < 0) goto failed; } DBG(KERN_INFO ""%s: tun_set_iff\n"", tun->dev->name); if (ifr->ifr_flags & IFF_NO_PI) tun->flags |= TUN_NO_PI; else tun->flags &= ~TUN_NO_PI; if (ifr->ifr_flags & IFF_ONE_QUEUE) tun->flags |= TUN_ONE_QUEUE; else tun->flags &= ~TUN_ONE_QUEUE; if (ifr->ifr_flags & IFF_VNET_HDR) tun->flags |= TUN_VNET_HDR; else tun->flags &= ~TUN_VNET_HDR; if (netif_running(tun->dev)) netif_wake_queue(tun->dev); strcpy(ifr->ifr_name, tun->dev->name); return 0; err_free_sk: sock_put(sk); err_free_dev: free_netdev(dev); failed: return err; }",linux-2.6,,,8126143107281862672605573925936483712,0 648,[],"static void __exit dccp_fini(void) { dccp_mib_exit(); free_pages((unsigned long)dccp_hashinfo.bhash, get_order(dccp_hashinfo.bhash_size * sizeof(struct inet_bind_hashbucket))); free_pages((unsigned long)dccp_hashinfo.ehash, get_order(dccp_hashinfo.ehash_size * sizeof(struct inet_ehash_bucket))); kmem_cache_destroy(dccp_hashinfo.bind_bucket_cachep); dccp_ackvec_exit(); dccp_sysctl_exit(); }",linux-2.6,,,182275167402495586451022943645689407492,0 4294,CWE-787,"void *MACH0_(mach0_free)(struct MACH0_(obj_t) *mo) { if (!mo) { return NULL; } size_t i; if (mo->symbols) { for (i = 0; !mo->symbols[i].last; i++) { free (mo->symbols[i].name); } free (mo->symbols); } free (mo->segs); free (mo->sects); free (mo->symtab); free (mo->symstr); free (mo->indirectsyms); free (mo->imports_by_ord); ht_pp_free (mo->imports_by_name); free (mo->dyld_info); free (mo->toc); free (mo->modtab); free (mo->libs); free (mo->func_start); free (mo->signature); free (mo->intrp); free (mo->compiler); if (mo->chained_starts) { for (i = 0; i < mo->nsegs; i++) { if (mo->chained_starts[i]) { free (mo->chained_starts[i]->page_start); free (mo->chained_starts[i]); } } free (mo->chained_starts); } r_buf_free (mo->b); free (mo); return NULL; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radareorg/radare2,212616292380392,1 4296,CWE-787,"static bool parse_chained_fixups(struct MACH0_(obj_t) *bin, ut32 offset, ut32 size) { struct dyld_chained_fixups_header header; if (size < sizeof (header)) { return false; } if (r_buf_fread_at (bin->b, offset, (ut8 *)&header, ""7i"", 1) != sizeof (header)) { return false; } if (header.fixups_version > 0) { eprintf (""Unsupported fixups version: %u\n"", header.fixups_version); return false; } ut64 starts_at = offset + header.starts_offset; if (header.starts_offset > size) { return false; } ut32 segs_count; if ((segs_count = r_buf_read_le32_at (bin->b, starts_at)) == UT32_MAX) { return false; } bin->chained_starts = R_NEWS0 (struct r_dyld_chained_starts_in_segment *, segs_count); if (!bin->chained_starts) { return false; } bin->fixups_header = header; bin->fixups_offset = offset; bin->fixups_size = size; size_t i; ut64 cursor = starts_at + sizeof (ut32); ut64 bsize = r_buf_size (bin->b); for (i = 0; i < segs_count && cursor + 4 < bsize; i++) { ut32 seg_off; if ((seg_off = r_buf_read_le32_at (bin->b, cursor)) == UT32_MAX || !seg_off) { cursor += sizeof (ut32); continue; } if (i >= bin->nsegs) { break; } struct r_dyld_chained_starts_in_segment *cur_seg = R_NEW0 (struct r_dyld_chained_starts_in_segment); if (!cur_seg) { return false; } bin->chained_starts[i] = cur_seg; if (r_buf_fread_at (bin->b, starts_at + seg_off, (ut8 *)cur_seg, ""isslis"", 1) != 22) { return false; } if (cur_seg->page_count > 0) { ut16 *page_start = malloc (sizeof (ut16) * cur_seg->page_count); if (!page_start) { return false; } if (r_buf_fread_at (bin->b, starts_at + seg_off + 22, (ut8 *)page_start, ""s"", cur_seg->page_count) != cur_seg->page_count * 2) { return false; } cur_seg->page_start = page_start; } cursor += sizeof (ut32); } return true; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radareorg/radare2,89849596634161,1 2956,['CWE-189'],"static int jp2_putuint16(jas_stream_t *out, uint_fast16_t val) { if (jas_stream_putc(out, (val >> 8) & 0xff) == EOF || jas_stream_putc(out, val & 0xff) == EOF) { return -1; } return 0; }",jasper,,,203175418775856816000292596092471628002,0 3630,CWE-416,"_public_ int sd_bus_enqeue_for_read(sd_bus *bus, sd_bus_message *m) { int r; assert_return(bus, -EINVAL); assert_return(bus = bus_resolve(bus), -ENOPKG); assert_return(m, -EINVAL); assert_return(m->sealed, -EINVAL); assert_return(!bus_pid_changed(bus), -ECHILD); if (!BUS_IS_OPEN(bus->state)) return -ENOTCONN; r = bus_rqueue_make_room(bus); if (r < 0) return r; bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(m, bus); return 0; }",visit repo url,src/libsystemd/sd-bus/sd-bus.c,https://github.com/systemd/systemd,3305479975373,1 5499,['CWE-476'],"int kvm_emulate_pio_string(struct kvm_vcpu *vcpu, struct kvm_run *run, int in, int size, unsigned long count, int down, gva_t address, int rep, unsigned port) { unsigned now, in_page; int ret = 0; struct kvm_io_device *pio_dev; vcpu->run->exit_reason = KVM_EXIT_IO; vcpu->run->io.direction = in ? KVM_EXIT_IO_IN : KVM_EXIT_IO_OUT; vcpu->run->io.size = vcpu->arch.pio.size = size; vcpu->run->io.data_offset = KVM_PIO_PAGE_OFFSET * PAGE_SIZE; vcpu->run->io.count = vcpu->arch.pio.count = vcpu->arch.pio.cur_count = count; vcpu->run->io.port = vcpu->arch.pio.port = port; vcpu->arch.pio.in = in; vcpu->arch.pio.string = 1; vcpu->arch.pio.down = down; vcpu->arch.pio.rep = rep; if (vcpu->run->io.direction == KVM_EXIT_IO_IN) KVMTRACE_2D(IO_READ, vcpu, vcpu->run->io.port, (u32)size, handler); else KVMTRACE_2D(IO_WRITE, vcpu, vcpu->run->io.port, (u32)size, handler); if (!count) { kvm_x86_ops->skip_emulated_instruction(vcpu); return 1; } if (!down) in_page = PAGE_SIZE - offset_in_page(address); else in_page = offset_in_page(address) + size; now = min(count, (unsigned long)in_page / size); if (!now) now = 1; if (down) { pr_unimpl(vcpu, ""guest string pio down\n""); kvm_inject_gp(vcpu, 0); return 1; } vcpu->run->io.count = now; vcpu->arch.pio.cur_count = now; if (vcpu->arch.pio.cur_count == vcpu->arch.pio.count) kvm_x86_ops->skip_emulated_instruction(vcpu); vcpu->arch.pio.guest_gva = address; pio_dev = vcpu_find_pio_dev(vcpu, port, vcpu->arch.pio.cur_count, !vcpu->arch.pio.in); if (!vcpu->arch.pio.in) { ret = pio_copy_data(vcpu); if (ret == X86EMUL_PROPAGATE_FAULT) { kvm_inject_gp(vcpu, 0); return 1; } if (ret == 0 && pio_dev) { pio_string_write(pio_dev, vcpu); complete_pio(vcpu); if (vcpu->arch.pio.count == 0) ret = 1; } } else if (pio_dev) pr_unimpl(vcpu, ""no string pio read support yet, "" ""port %x size %d count %ld\n"", port, size, count); return ret; }",linux-2.6,,,280530427112072354060682262893022474753,0 3124,['CWE-189'],"static int jpc_pi_nextlrcp(register jpc_pi_t *pi) { jpc_pchg_t *pchg; int *prclyrno; pchg = pi->pchg; if (!pi->prgvolfirst) { prclyrno = &pi->pirlvl->prclyrnos[pi->prcno]; goto skip; } else { pi->prgvolfirst = false; } for (pi->lyrno = 0; pi->lyrno < pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { for (pi->rlvlno = pchg->rlvlnostart; pi->rlvlno < pi->maxrlvls && pi->rlvlno < pchg->rlvlnoend; ++pi->rlvlno) { for (pi->compno = pchg->compnostart, pi->picomp = &pi->picomps[pi->compno]; pi->compno < pi->numcomps && pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno, ++pi->picomp) { if (pi->rlvlno >= pi->picomp->numrlvls) { continue; } pi->pirlvl = &pi->picomp->pirlvls[pi->rlvlno]; for (pi->prcno = 0, prclyrno = pi->pirlvl->prclyrnos; pi->prcno < pi->pirlvl->numprcs; ++pi->prcno, ++prclyrno) { if (pi->lyrno >= *prclyrno) { *prclyrno = pi->lyrno; ++(*prclyrno); return 0; } skip: ; } } } } return 1; }",jasper,,,107577678005805339807252026888704054595,0 5325,['CWE-119'],"static inline struct sk_buff *tun_alloc_skb(struct tun_struct *tun, size_t prepad, size_t len, size_t linear, int noblock) { struct sock *sk = tun->sk; struct sk_buff *skb; int err; if (prepad + len < PAGE_SIZE || !linear) linear = len; skb = sock_alloc_send_pskb(sk, prepad + linear, len - linear, noblock, &err); if (!skb) return ERR_PTR(err); skb_reserve(skb, prepad); skb_put(skb, linear); skb->data_len = len - linear; skb->len += len - linear; return skb; }",linux-2.6,,,29945173748615964253741969651394014564,0 6087,CWE-190,"void bn_write_bin(uint8_t *bin, int len, const bn_t a) { int size, k; dig_t d; size = bn_size_bin(a); if (len < size) { RLC_THROW(ERR_NO_BUFFER); return; } k = 0; for (int i = 0; i < a->used - 1; i++) { d = a->dp[i]; for (int j = 0; j < (int)(RLC_DIG / 8); j++) { bin[len - 1 - k++] = d & 0xFF; d = d >> 8; } } d = a->dp[a->used - 1]; while (d != 0) { bin[len - 1 - k++] = d & 0xFF; d = d >> 8; } while (k < len) { bin[len - 1 - k++] = 0; } }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,53426989462507,1 4856,['CWE-189'],"ecryptfs_decrypt_page_offset(struct ecryptfs_crypt_stat *crypt_stat, struct page *dst_page, int dst_offset, struct page *src_page, int src_offset, int size, unsigned char *iv) { struct scatterlist src_sg, dst_sg; sg_init_table(&src_sg, 1); sg_set_page(&src_sg, src_page, size, src_offset); sg_init_table(&dst_sg, 1); sg_set_page(&dst_sg, dst_page, size, dst_offset); return decrypt_scatterlist(crypt_stat, &dst_sg, &src_sg, size, iv); }",linux-2.6,,,159230256980142015078679405117409515842,0 1898,NVD-CWE-noinfo,"static int nested_vmx_check_guest_state(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, enum vm_entry_failure_code *entry_failure_code) { bool ia32e; *entry_failure_code = ENTRY_FAIL_DEFAULT; if (CC(!nested_guest_cr0_valid(vcpu, vmcs12->guest_cr0)) || CC(!nested_guest_cr4_valid(vcpu, vmcs12->guest_cr4))) return -EINVAL; if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS) && CC(!kvm_dr7_valid(vmcs12->guest_dr7))) return -EINVAL; if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PAT) && CC(!kvm_pat_valid(vmcs12->guest_ia32_pat))) return -EINVAL; if (nested_vmx_check_vmcs_link_ptr(vcpu, vmcs12)) { *entry_failure_code = ENTRY_FAIL_VMCS_LINK_PTR; return -EINVAL; } if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) && CC(!kvm_valid_perf_global_ctrl(vcpu_to_pmu(vcpu), vmcs12->guest_ia32_perf_global_ctrl))) return -EINVAL; if (to_vmx(vcpu)->nested.nested_run_pending && (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER)) { ia32e = (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) != 0; if (CC(!kvm_valid_efer(vcpu, vmcs12->guest_ia32_efer)) || CC(ia32e != !!(vmcs12->guest_ia32_efer & EFER_LMA)) || CC(((vmcs12->guest_cr0 & X86_CR0_PG) && ia32e != !!(vmcs12->guest_ia32_efer & EFER_LME)))) return -EINVAL; } if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS) && (CC(is_noncanonical_address(vmcs12->guest_bndcfgs & PAGE_MASK, vcpu)) || CC((vmcs12->guest_bndcfgs & MSR_IA32_BNDCFGS_RSVD)))) return -EINVAL; if (nested_check_guest_non_reg_state(vmcs12)) return -EINVAL; return 0; }",visit repo url,arch/x86/kvm/vmx/nested.c,https://github.com/torvalds/linux,35597278777841,1 153,CWE-416,"static int io_register_personality(struct io_ring_ctx *ctx) { const struct cred *creds; u32 id; int ret; creds = get_current_cred(); ret = xa_alloc_cyclic(&ctx->personalities, &id, (void *)creds, XA_LIMIT(0, USHRT_MAX), &ctx->pers_next, GFP_KERNEL); if (!ret) return id; put_cred(creds); return ret;",visit repo url,fs/io_uring.c,https://github.com/torvalds/linux,250529995387171,1 6760,CWE-908,"int pico_tcp_initconn(struct pico_socket *s) { struct pico_socket_tcp *ts = TCP_SOCK(s); struct pico_frame *syn; struct pico_tcp_hdr *hdr; uint16_t mtu, opt_len = tcp_options_size(ts, PICO_TCP_SYN); syn = s->net->alloc(s->stack, s->net, NULL, (uint16_t)(PICO_SIZE_TCPHDR + opt_len)); if (!syn) return -1; hdr = (struct pico_tcp_hdr *) syn->transport_hdr; if (!ts->snd_nxt) ts->snd_nxt = long_be(pico_paws()); ts->snd_last = ts->snd_nxt; ts->cwnd = PICO_TCP_IW; mtu = (uint16_t)pico_socket_get_mss(s); ts->mss = (uint16_t)(mtu - PICO_SIZE_TCPHDR); ts->ssthresh = (uint16_t)((uint16_t)(PICO_DEFAULT_SOCKETQ / ts->mss) - (((uint16_t)(PICO_DEFAULT_SOCKETQ / ts->mss)) >> 3u)); syn->sock = s; hdr->seq = long_be(ts->snd_nxt); hdr->len = (uint8_t)((PICO_SIZE_TCPHDR + opt_len) << 2); hdr->flags = PICO_TCP_SYN; tcp_set_space(ts); hdr->rwnd = short_be(ts->wnd); tcp_add_options(ts, syn, PICO_TCP_SYN, opt_len); hdr->trans.sport = ts->sock.local_port; hdr->trans.dport = ts->sock.remote_port; hdr->crc = 0; hdr->crc = short_be(pico_tcp_checksum(syn)); tcp_dbg(""Sending SYN... (ports: %d - %d) size: %d\n"", short_be(ts->sock.local_port), short_be(ts->sock.remote_port), syn->buffer_len); ts->retrans_tmr = pico_timer_add(s->stack, PICO_TCP_SYN_TO << ts->backoff, initconn_retry, ts); if (!ts->retrans_tmr) { tcp_dbg(""TCP: Failed to start initconn_retry timer\n""); PICO_FREE(syn); return -1; } pico_enqueue(&s->stack->q_tcp.out, syn); return 0; }",visit repo url,modules/pico_tcp.c,https://github.com/virtualsquare/picotcp,272109107254789,1 4741,['CWE-20'],"static void ext4_mark_recovery_complete(struct super_block *sb, struct ext4_super_block *es) { journal_t *journal = EXT4_SB(sb)->s_journal; if (!EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)) { BUG_ON(journal != NULL); return; } jbd2_journal_lock_updates(journal); if (jbd2_journal_flush(journal) < 0) goto out; lock_super(sb); if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER) && sb->s_flags & MS_RDONLY) { EXT4_CLEAR_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER); sb->s_dirt = 0; ext4_commit_super(sb, es, 1); } unlock_super(sb); out: jbd2_journal_unlock_updates(journal); }",linux-2.6,,,98484150294522204993563067031699912485,0 1906,['CWE-20'],"unsigned long unmap_vmas(struct mmu_gather **tlbp, struct vm_area_struct *vma, unsigned long start_addr, unsigned long end_addr, unsigned long *nr_accounted, struct zap_details *details) { long zap_work = ZAP_BLOCK_SIZE; unsigned long tlb_start = 0; int tlb_start_valid = 0; unsigned long start = start_addr; spinlock_t *i_mmap_lock = details? details->i_mmap_lock: NULL; int fullmm = (*tlbp)->fullmm; for ( ; vma && vma->vm_start < end_addr; vma = vma->vm_next) { unsigned long end; start = max(vma->vm_start, start_addr); if (start >= vma->vm_end) continue; end = min(vma->vm_end, end_addr); if (end <= vma->vm_start) continue; if (vma->vm_flags & VM_ACCOUNT) *nr_accounted += (end - start) >> PAGE_SHIFT; while (start != end) { if (!tlb_start_valid) { tlb_start = start; tlb_start_valid = 1; } if (unlikely(is_vm_hugetlb_page(vma))) { unmap_hugepage_range(vma, start, end); zap_work -= (end - start) / (HPAGE_SIZE / PAGE_SIZE); start = end; } else start = unmap_page_range(*tlbp, vma, start, end, &zap_work, details); if (zap_work > 0) { BUG_ON(start != end); break; } tlb_finish_mmu(*tlbp, tlb_start, start); if (need_resched() || (i_mmap_lock && spin_needbreak(i_mmap_lock))) { if (i_mmap_lock) { *tlbp = NULL; goto out; } cond_resched(); } *tlbp = tlb_gather_mmu(vma->vm_mm, fullmm); tlb_start_valid = 0; zap_work = ZAP_BLOCK_SIZE; } } out: return start; }",linux-2.6,,,247213168581277490186540881492124331947,0 1839,['CWE-189'],"_gnutls_handshake_hash_add_recvd (gnutls_session_t session, gnutls_handshake_description_t recv_type, opaque * header, uint16_t header_size, opaque * dataptr, uint32_t datalen) { int ret; if ((ret = _gnutls_handshake_hash_pending (session)) < 0) { gnutls_assert (); return ret; } if (recv_type != GNUTLS_HANDSHAKE_HELLO_REQUEST) { if ((ret = _gnutls_handshake_buffer_put (session, header, header_size)) < 0) { gnutls_assert (); return ret; } if (datalen > 0) { if ((ret = _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0) { gnutls_assert (); return ret; } } } return 0; }",gnutls,,,273912599780112981658981325909711921539,0 2449,CWE-119,"static void scsi_read_data(SCSIRequest *req) { SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); uint32_t n; if (r->sector_count == (uint32_t)-1) { DPRINTF(""Read buf_len=%zd\n"", r->iov.iov_len); r->sector_count = 0; scsi_req_data(&r->req, r->iov.iov_len); return; } DPRINTF(""Read sector_count=%d\n"", r->sector_count); if (r->sector_count == 0) { scsi_req_complete(&r->req, GOOD); return; } assert(r->req.aiocb == NULL); if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { DPRINTF(""Data transfer direction invalid\n""); scsi_read_complete(r, -EINVAL); return; } n = r->sector_count; if (n > SCSI_DMA_BUF_SIZE / 512) n = SCSI_DMA_BUF_SIZE / 512; if (s->tray_open) { scsi_read_complete(r, -ENOMEDIUM); } r->iov.iov_len = n * 512; qemu_iovec_init_external(&r->qiov, &r->iov, 1); bdrv_acct_start(s->bs, &r->acct, n * BDRV_SECTOR_SIZE, BDRV_ACCT_READ); r->req.aiocb = bdrv_aio_readv(s->bs, r->sector, &r->qiov, n, scsi_read_complete, r); if (r->req.aiocb == NULL) { scsi_read_complete(r, -EIO); } }",visit repo url,hw/scsi-disk.c,https://github.com/bonzini/qemu,12372432859835,1 4601,CWE-787,"static s32 gf_hevc_read_pps_bs_internal(GF_BitStream *bs, HEVCState *hevc) { u32 i; s32 pps_id; HEVC_PPS *pps; pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if ((pps_id < 0) || (pps_id >= 64)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] wrong PPS ID %d in PPS\n"", pps_id)); return -1; } pps = &hevc->pps[pps_id]; if (!pps->state) { pps->id = pps_id; pps->state = 1; } pps->sps_id = gf_bs_read_ue_log(bs, ""sps_id""); if (pps->sps_id >= 16) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] wrong SPS ID %d in PPS\n"", pps->sps_id)); pps->sps_id=0; return -1; } hevc->sps_active_idx = pps->sps_id; pps->dependent_slice_segments_enabled_flag = gf_bs_read_int_log(bs, 1, ""dependent_slice_segments_enabled_flag""); pps->output_flag_present_flag = gf_bs_read_int_log(bs, 1, ""output_flag_present_flag""); pps->num_extra_slice_header_bits = gf_bs_read_int_log(bs, 3, ""num_extra_slice_header_bits""); pps->sign_data_hiding_flag = gf_bs_read_int_log(bs, 1, ""sign_data_hiding_flag""); pps->cabac_init_present_flag = gf_bs_read_int_log(bs, 1, ""cabac_init_present_flag""); pps->num_ref_idx_l0_default_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l0_default_active""); pps->num_ref_idx_l1_default_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l1_default_active""); pps->pic_init_qp_minus26 = gf_bs_read_se_log(bs, ""pic_init_qp_minus26""); pps->constrained_intra_pred_flag = gf_bs_read_int_log(bs, 1, ""constrained_intra_pred_flag""); pps->transform_skip_enabled_flag = gf_bs_read_int_log(bs, 1, ""transform_skip_enabled_flag""); if ((pps->cu_qp_delta_enabled_flag = gf_bs_read_int_log(bs, 1, ""cu_qp_delta_enabled_flag""))) pps->diff_cu_qp_delta_depth = gf_bs_read_ue_log(bs, ""diff_cu_qp_delta_depth""); pps->pic_cb_qp_offset = gf_bs_read_se_log(bs, ""pic_cb_qp_offset""); pps->pic_cr_qp_offset = gf_bs_read_se_log(bs, ""pic_cr_qp_offset""); pps->slice_chroma_qp_offsets_present_flag = gf_bs_read_int_log(bs, 1, ""slice_chroma_qp_offsets_present_flag""); pps->weighted_pred_flag = gf_bs_read_int_log(bs, 1, ""weighted_pred_flag""); pps->weighted_bipred_flag = gf_bs_read_int_log(bs, 1, ""weighted_bipred_flag""); pps->transquant_bypass_enable_flag = gf_bs_read_int_log(bs, 1, ""transquant_bypass_enable_flag""); pps->tiles_enabled_flag = gf_bs_read_int_log(bs, 1, ""tiles_enabled_flag""); pps->entropy_coding_sync_enabled_flag = gf_bs_read_int_log(bs, 1, ""entropy_coding_sync_enabled_flag""); if (pps->tiles_enabled_flag) { pps->num_tile_columns = 1 + gf_bs_read_ue_log(bs, ""num_tile_columns_minus1""); pps->num_tile_rows = 1 + gf_bs_read_ue_log(bs, ""num_tile_rows_minus1""); pps->uniform_spacing_flag = gf_bs_read_int_log(bs, 1, ""uniform_spacing_flag""); if (!pps->uniform_spacing_flag) { for (i = 0; i < pps->num_tile_columns - 1; i++) { pps->column_width[i] = 1 + gf_bs_read_ue_log_idx(bs, ""column_width_minus1"", i); } for (i = 0; i < pps->num_tile_rows - 1; i++) { pps->row_height[i] = 1 + gf_bs_read_ue_log_idx(bs, ""row_height_minus1"", i); } } pps->loop_filter_across_tiles_enabled_flag = gf_bs_read_int_log(bs, 1, ""loop_filter_across_tiles_enabled_flag""); } pps->loop_filter_across_slices_enabled_flag = gf_bs_read_int_log(bs, 1, ""loop_filter_across_slices_enabled_flag""); if ((pps->deblocking_filter_control_present_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_control_present_flag""))) { pps->deblocking_filter_override_enabled_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_override_enabled_flag""); if (! (pps->pic_disable_deblocking_filter_flag = gf_bs_read_int_log(bs, 1, ""pic_disable_deblocking_filter_flag""))) { pps->beta_offset_div2 = gf_bs_read_se_log(bs, ""beta_offset_div2""); pps->tc_offset_div2 = gf_bs_read_se_log(bs, ""tc_offset_div2""); } } if ((pps->pic_scaling_list_data_present_flag = gf_bs_read_int_log(bs, 1, ""pic_scaling_list_data_present_flag""))) { hevc_scaling_list_data(bs); } pps->lists_modification_present_flag = gf_bs_read_int_log(bs, 1, ""lists_modification_present_flag""); pps->log2_parallel_merge_level_minus2 = gf_bs_read_ue_log(bs, ""log2_parallel_merge_level_minus2""); pps->slice_segment_header_extension_present_flag = gf_bs_read_int_log(bs, 1, ""slice_segment_header_extension_present_flag""); if (gf_bs_read_int_log(bs, 1, ""pps_extension_flag"")) { #if 0 while (gf_bs_available(bs)) { gf_bs_read_int(bs, 1); } #endif } return pps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,258780298581047,1 3727,[],"static int unix_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { struct sock *sk = sock->sk; long amount=0; int err; switch(cmd) { case SIOCOUTQ: amount = atomic_read(&sk->sk_wmem_alloc); err = put_user(amount, (int __user *)arg); break; case SIOCINQ: { struct sk_buff *skb; if (sk->sk_state == TCP_LISTEN) { err = -EINVAL; break; } spin_lock(&sk->sk_receive_queue.lock); if (sk->sk_type == SOCK_STREAM || sk->sk_type == SOCK_SEQPACKET) { skb_queue_walk(&sk->sk_receive_queue, skb) amount += skb->len; } else { skb = skb_peek(&sk->sk_receive_queue); if (skb) amount=skb->len; } spin_unlock(&sk->sk_receive_queue.lock); err = put_user(amount, (int __user *)arg); break; } default: err = -ENOIOCTLCMD; break; } return err; }",linux-2.6,,,124344616822501702006606431788778895002,0 5075,['CWE-20'],"static void enter_lmode(struct kvm_vcpu *vcpu) { u32 guest_tr_ar; guest_tr_ar = vmcs_read32(GUEST_TR_AR_BYTES); if ((guest_tr_ar & AR_TYPE_MASK) != AR_TYPE_BUSY_64_TSS) { printk(KERN_DEBUG ""%s: tss fixup for long mode. \n"", __func__); vmcs_write32(GUEST_TR_AR_BYTES, (guest_tr_ar & ~AR_TYPE_MASK) | AR_TYPE_BUSY_64_TSS); } vcpu->arch.shadow_efer |= EFER_LMA; vmx_set_efer(vcpu, vcpu->arch.shadow_efer); }",linux-2.6,,,105620537713400927548098283051775746542,0 1595,[],"static unsigned long target_load(int cpu, int type) { struct rq *rq = cpu_rq(cpu); unsigned long total = weighted_cpuload(cpu); if (type == 0) return total; return max(rq->cpu_load[type-1], total); }",linux-2.6,,,236011759363805981501924299406517185252,0 787,CWE-20,"static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int err; struct sk_buff *skb; struct sock *sk = sock->sk; err = -EIO; if (sk->sk_state & PPPOX_BOUND) goto end; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) goto end; if (len > skb->len) len = skb->len; else if (len < skb->len) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len); if (likely(err == 0)) err = len; kfree_skb(skb); end: return err; }",visit repo url,net/l2tp/l2tp_ppp.c,https://github.com/torvalds/linux,83283590519134,1 1627,[],"static inline void unlock_doms_cur(void) { mutex_unlock(&doms_cur_mutex); }",linux-2.6,,,91955749752550900193891558427649036041,0 22,['CWE-264'],"static PHP_METHOD(SQLite, sqliteCreateAggregate) { struct pdo_sqlite_func *func; zval *step_callback, *fini_callback; char *func_name; int func_name_len; long argc = -1; char *cbname = NULL; pdo_dbh_t *dbh; pdo_sqlite_db_handle *H; int ret; if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""szz|l"", &func_name, &func_name_len, &step_callback, &fini_callback, &argc)) { RETURN_FALSE; } dbh = zend_object_store_get_object(getThis() TSRMLS_CC); PDO_CONSTRUCT_CHECK; if (!zend_is_callable(step_callback, 0, &cbname TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""function '%s' is not callable"", cbname); efree(cbname); RETURN_FALSE; } efree(cbname); if (!zend_is_callable(fini_callback, 0, &cbname TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""function '%s' is not callable"", cbname); efree(cbname); RETURN_FALSE; } efree(cbname); H = (pdo_sqlite_db_handle *)dbh->driver_data; func = (struct pdo_sqlite_func*)ecalloc(1, sizeof(*func)); ret = sqlite3_create_function(H->db, func_name, argc, SQLITE_UTF8, func, NULL, php_sqlite3_func_step_callback, php_sqlite3_func_final_callback); if (ret == SQLITE_OK) { func->funcname = estrdup(func_name); MAKE_STD_ZVAL(func->step); MAKE_COPY_ZVAL(&step_callback, func->step); MAKE_STD_ZVAL(func->fini); MAKE_COPY_ZVAL(&fini_callback, func->fini); func->argc = argc; func->next = H->funcs; H->funcs = func; RETURN_TRUE; } efree(func); RETURN_FALSE; }",php-src,,,148058950267439041336749805031356672515,0 3562,['CWE-20'],"sctp_disposition_t sctp_sf_cookie_echoed_prm_abort( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { return sctp_sf_cookie_wait_prm_abort(ep, asoc, type, arg, commands); }",linux-2.6,,,269463135722600317898702414957311802959,0 3492,['CWE-20'],"sctp_disposition_t sctp_sf_cookie_wait_prm_shutdown( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_CLOSED)); SCTP_INC_STATS(SCTP_MIB_SHUTDOWNS); sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); return SCTP_DISPOSITION_DELETE_TCB; }",linux-2.6,,,104252178458583225575802795744050953068,0 874,CWE-20,"static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock_iocb *siocb = kiocb_to_siocb(iocb); struct scm_cookie tmp_scm; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); struct sockaddr_un *sunaddr = msg->msg_name; int copied = 0; int check_creds = 0; int target; int err = 0; long timeo; int skip; err = -EINVAL; if (sk->sk_state != TCP_ESTABLISHED) goto out; err = -EOPNOTSUPP; if (flags&MSG_OOB) goto out; target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); msg->msg_namelen = 0; if (!siocb->scm) { siocb->scm = &tmp_scm; memset(&tmp_scm, 0, sizeof(tmp_scm)); } err = mutex_lock_interruptible(&u->readlock); if (err) { err = sock_intr_errno(timeo); goto out; } do { int chunk; struct sk_buff *skb, *last; unix_state_lock(sk); last = skb = skb_peek(&sk->sk_receive_queue); again: if (skb == NULL) { unix_sk(sk)->recursion_level = 0; if (copied >= target) goto unlock; err = sock_error(sk); if (err) goto unlock; if (sk->sk_shutdown & RCV_SHUTDOWN) goto unlock; unix_state_unlock(sk); err = -EAGAIN; if (!timeo) break; mutex_unlock(&u->readlock); timeo = unix_stream_data_wait(sk, timeo, last); if (signal_pending(current) || mutex_lock_interruptible(&u->readlock)) { err = sock_intr_errno(timeo); goto out; } continue; unlock: unix_state_unlock(sk); break; } skip = sk_peek_offset(sk, flags); while (skip >= unix_skb_len(skb)) { skip -= unix_skb_len(skb); last = skb; skb = skb_peek_next(skb, &sk->sk_receive_queue); if (!skb) goto again; } unix_state_unlock(sk); if (check_creds) { if ((UNIXCB(skb).pid != siocb->scm->pid) || !uid_eq(UNIXCB(skb).uid, siocb->scm->creds.uid) || !gid_eq(UNIXCB(skb).gid, siocb->scm->creds.gid)) break; } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).uid, UNIXCB(skb).gid); check_creds = 1; } if (sunaddr) { unix_copy_addr(msg, skb->sk); sunaddr = NULL; } chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); if (skb_copy_datagram_iovec(skb, UNIXCB(skb).consumed + skip, msg->msg_iov, chunk)) { if (copied == 0) copied = -EFAULT; break; } copied += chunk; size -= chunk; if (!(flags & MSG_PEEK)) { UNIXCB(skb).consumed += chunk; sk_peek_offset_bwd(sk, chunk); if (UNIXCB(skb).fp) unix_detach_fds(siocb->scm, skb); if (unix_skb_len(skb)) break; skb_unlink(skb, &sk->sk_receive_queue); consume_skb(skb); if (siocb->scm->fp) break; } else { if (UNIXCB(skb).fp) siocb->scm->fp = scm_fp_dup(UNIXCB(skb).fp); sk_peek_offset_fwd(sk, chunk); break; } } while (size); mutex_unlock(&u->readlock); scm_recv(sock, msg, siocb->scm, flags); out: return copied ? : err; }",visit repo url,net/unix/af_unix.c,https://github.com/torvalds/linux,252330469564730,1 5144,CWE-125,"handle_keywordonly_args(struct compiling *c, const node *n, int start, asdl_seq *kwonlyargs, asdl_seq *kwdefaults) { PyObject *argname; node *ch; expr_ty expression, annotation; arg_ty arg; int i = start; int j = 0; if (kwonlyargs == NULL) { ast_error(c, CHILD(n, start), ""named arguments must follow bare *""); return -1; } assert(kwdefaults != NULL); while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case vfpdef: case tfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) goto error; asdl_seq_SET(kwdefaults, j, expression); i += 2; } else { asdl_seq_SET(kwdefaults, j, NULL); } if (NCH(ch) == 3) { annotation = ast_for_expr(c, CHILD(ch, 2)); if (!annotation) goto error; } else { annotation = NULL; } ch = CHILD(ch, 0); argname = NEW_IDENTIFIER(ch); if (!argname) goto error; if (forbidden_name(c, argname, ch, 0)) goto error; arg = arg(argname, annotation, LINENO(ch), ch->n_col_offset, ch->n_end_lineno, ch->n_end_col_offset, c->c_arena); if (!arg) goto error; asdl_seq_SET(kwonlyargs, j++, arg); i += 2; break; case DOUBLESTAR: return i; default: ast_error(c, ch, ""unexpected node""); goto error; } } return i; error: return -1; }",visit repo url,Python/ast.c,https://github.com/python/cpython,83756074746116,1 5771,CWE-125,"sysContact_handler(snmp_varbind_t *varbind, uint32_t *oid) { snmp_api_set_string(varbind, oid, ""Contiki-NG, https://github.com/contiki-ng/contiki-ng""); }",visit repo url,examples/snmp-server/resources/snmp-SNMP-MIB-2-System.c,https://github.com/contiki-ng/contiki-ng,135426942900343,1 3517,['CWE-20'],"struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, const __u32 lowest_tsn) { struct sctp_chunk *retval; sctp_ecnehdr_t ecne; ecne.lowest_tsn = htonl(lowest_tsn); retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, sizeof(sctp_ecnehdr_t)); if (!retval) goto nodata; retval->subh.ecne_hdr = sctp_addto_chunk(retval, sizeof(ecne), &ecne); nodata: return retval; }",linux-2.6,,,200157685691770340938276848596863720643,0 6244,['CWE-200'],"void pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p, struct sk_buff *skb) { unsigned long now = jiffies; unsigned long sched_next = now + (net_random() % p->proxy_delay); if (tbl->proxy_queue.qlen > p->proxy_qlen) { kfree_skb(skb); return; } skb->stamp.tv_sec = LOCALLY_ENQUEUED; skb->stamp.tv_usec = sched_next; spin_lock(&tbl->proxy_queue.lock); if (del_timer(&tbl->proxy_timer)) { if (time_before(tbl->proxy_timer.expires, sched_next)) sched_next = tbl->proxy_timer.expires; } dst_release(skb->dst); skb->dst = NULL; dev_hold(skb->dev); __skb_queue_tail(&tbl->proxy_queue, skb); mod_timer(&tbl->proxy_timer, sched_next); spin_unlock(&tbl->proxy_queue.lock); }",linux-2.6,,,269407323311389216493472281686899967508,0 6411,CWE-20,"error_t ksz8851ReceivePacket(NetInterface *interface) { size_t n; uint16_t status; Ksz8851Context *context; NetRxAncillary ancillary; context = (Ksz8851Context *) interface->nicContext; status = ksz8851ReadReg(interface, KSZ8851_REG_RXFHSR); if((status & RXFHSR_RXFV) != 0) { if((status & (RXFHSR_RXMR | RXFHSR_RXFTL | RXFHSR_RXRF | RXFHSR_RXCE)) == 0) { n = ksz8851ReadReg(interface, KSZ8851_REG_RXFHBCR) & RXFHBCR_RXBC_MASK; if(n > 0 && n <= ETH_MAX_FRAME_SIZE) { ksz8851WriteReg(interface, KSZ8851_REG_RXFDPR, RXFDPR_RXFPAI); ksz8851SetBit(interface, KSZ8851_REG_RXQCR, RXQCR_SDA); ksz8851ReadFifo(interface, context->rxBuffer, n); ksz8851ClearBit(interface, KSZ8851_REG_RXQCR, RXQCR_SDA); ancillary = NET_DEFAULT_RX_ANCILLARY; nicProcessPacket(interface, context->rxBuffer, n, &ancillary); return NO_ERROR; } } } ksz8851SetBit(interface, KSZ8851_REG_RXQCR, RXQCR_RRXEF); return ERROR_INVALID_PACKET; }",visit repo url,drivers/eth/ksz8851_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,273646220670468,1 4637,CWE-787,"GF_Err Media_CheckDataEntry(GF_MediaBox *mdia, u32 dataEntryIndex) { GF_DataEntryURLBox *entry; GF_DataMap *map; GF_Err e; if (!mdia || !dataEntryIndex || dataEntryIndex > gf_list_count(mdia->information->dataInformation->dref->child_boxes)) return GF_BAD_PARAM; entry = (GF_DataEntryURLBox*)gf_list_get(mdia->information->dataInformation->dref->child_boxes, dataEntryIndex - 1); if (!entry) return GF_ISOM_INVALID_FILE; if (entry->flags == 1) return GF_OK; if (entry->type == GF_ISOM_BOX_TYPE_URN) return GF_NOT_SUPPORTED; if (mdia->mediaTrack->moov->mov->openMode == GF_ISOM_OPEN_WRITE) { e = gf_isom_datamap_new(entry->location, NULL, GF_ISOM_DATA_MAP_READ, &map); } else { e = gf_isom_datamap_new(entry->location, mdia->mediaTrack->moov->mov->fileName, GF_ISOM_DATA_MAP_READ, &map); } if (e) return e; gf_isom_datamap_del(map); return GF_OK; }",visit repo url,src/isomedia/media.c,https://github.com/gpac/gpac,137970107083941,1 4853,CWE-415,"static int read_public_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I1012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read public key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_public_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,241413677709066,1 859,['CWE-119'],"isdn_unlock_drivers(void) { int i; for (i = 0; i < ISDN_MAX_DRIVERS; i++) { if (!dev->drv[i]) continue; isdn_unlock_driver(dev->drv[i]); } }",linux-2.6,,,321300704056284272137280910692874228467,0 2840,CWE-190,"TRIO_PUBLIC trio_pointer_t trio_register TRIO_ARGS2((callback, name), trio_callback_t callback, TRIO_CONST char* name) { trio_userdef_t* def; trio_userdef_t* prev = NULL; if (callback == NULL) return NULL; if (name) { if (name[0] == ':') { if (trio_equal(name, "":enter"")) { internalEnterCriticalRegion = callback; } else if (trio_equal(name, "":leave"")) { internalLeaveCriticalRegion = callback; } return NULL; } if (trio_length(name) >= MAX_USER_NAME) return NULL; def = TrioFindNamespace(name, &prev); if (def) return NULL; } def = (trio_userdef_t*)TRIO_MALLOC(sizeof(trio_userdef_t)); if (def) { if (internalEnterCriticalRegion) (void)internalEnterCriticalRegion(NULL); if (name) { if (prev == NULL) internalUserDef = def; else prev->next = def; } def->callback = callback; def->name = (name == NULL) ? NULL : trio_duplicate(name); def->next = NULL; if (internalLeaveCriticalRegion) (void)internalLeaveCriticalRegion(NULL); } return (trio_pointer_t)def; }",visit repo url,winpr/libwinpr/utils/trio/trio.c,https://github.com/FreeRDP/FreeRDP,66129948993612,1 1126,['CWE-399'],"static int peek_user_compat(struct task_struct *child, addr_t addr, addr_t data) { __u32 tmp; if (!test_thread_flag(TIF_31BIT) || (addr & 3) || addr > sizeof(struct user) - 3) return -EIO; tmp = __peek_user_compat(child, addr); return put_user(tmp, (__u32 __user *) data); }",linux-2.6,,,249827125018432143119704885713103155579,0 1602,CWE-264,"static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr; struct inet_connection_sock *icsk = inet_csk(sk); struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct dccp_sock *dp = dccp_sk(sk); struct in6_addr *saddr = NULL, *final_p, final; struct flowi6 fl6; struct dst_entry *dst; int addr_type; int err; dp->dccps_role = DCCP_ROLE_CLIENT; if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; if (usin->sin6_family != AF_INET6) return -EAFNOSUPPORT; memset(&fl6, 0, sizeof(fl6)); if (np->sndflow) { fl6.flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK; IP6_ECN_flow_init(fl6.flowlabel); if (fl6.flowlabel & IPV6_FLOWLABEL_MASK) { struct ip6_flowlabel *flowlabel; flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (flowlabel == NULL) return -EINVAL; fl6_sock_release(flowlabel); } } if (ipv6_addr_any(&usin->sin6_addr)) usin->sin6_addr.s6_addr[15] = 1; addr_type = ipv6_addr_type(&usin->sin6_addr); if (addr_type & IPV6_ADDR_MULTICAST) return -ENETUNREACH; if (addr_type & IPV6_ADDR_LINKLOCAL) { if (addr_len >= sizeof(struct sockaddr_in6) && usin->sin6_scope_id) { if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != usin->sin6_scope_id) return -EINVAL; sk->sk_bound_dev_if = usin->sin6_scope_id; } if (!sk->sk_bound_dev_if) return -EINVAL; } sk->sk_v6_daddr = usin->sin6_addr; np->flow_label = fl6.flowlabel; if (addr_type == IPV6_ADDR_MAPPED) { u32 exthdrlen = icsk->icsk_ext_hdr_len; struct sockaddr_in sin; SOCK_DEBUG(sk, ""connect: ipv4 mapped\n""); if (__ipv6_only_sock(sk)) return -ENETUNREACH; sin.sin_family = AF_INET; sin.sin_port = usin->sin6_port; sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; icsk->icsk_af_ops = &dccp_ipv6_mapped; sk->sk_backlog_rcv = dccp_v4_do_rcv; err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); if (err) { icsk->icsk_ext_hdr_len = exthdrlen; icsk->icsk_af_ops = &dccp_ipv6_af_ops; sk->sk_backlog_rcv = dccp_v6_do_rcv; goto failure; } np->saddr = sk->sk_v6_rcv_saddr; return err; } if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) saddr = &sk->sk_v6_rcv_saddr; fl6.flowi6_proto = IPPROTO_DCCP; fl6.daddr = sk->sk_v6_daddr; fl6.saddr = saddr ? *saddr : np->saddr; fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.fl6_dport = usin->sin6_port; fl6.fl6_sport = inet->inet_sport; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); final_p = fl6_update_dst(&fl6, np->opt, &final); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { err = PTR_ERR(dst); goto failure; } if (saddr == NULL) { saddr = &fl6.saddr; sk->sk_v6_rcv_saddr = *saddr; } np->saddr = *saddr; inet->inet_rcv_saddr = LOOPBACK4_IPV6; __ip6_dst_store(sk, dst, NULL, NULL); icsk->icsk_ext_hdr_len = 0; if (np->opt != NULL) icsk->icsk_ext_hdr_len = (np->opt->opt_flen + np->opt->opt_nflen); inet->inet_dport = usin->sin6_port; dccp_set_state(sk, DCCP_REQUESTING); err = inet6_hash_connect(&dccp_death_row, sk); if (err) goto late_failure; dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32, sk->sk_v6_daddr.s6_addr32, inet->inet_sport, inet->inet_dport); err = dccp_connect(sk); if (err) goto late_failure; return 0; late_failure: dccp_set_state(sk, DCCP_CLOSED); __sk_dst_reset(sk); failure: inet->inet_dport = 0; sk->sk_route_caps = 0; return err; }",visit repo url,net/dccp/ipv6.c,https://github.com/torvalds/linux,205790860233892,1 5481,['CWE-476'],"int kvm_emulate_halt(struct kvm_vcpu *vcpu) { ++vcpu->stat.halt_exits; KVMTRACE_0D(HLT, vcpu, handler); if (irqchip_in_kernel(vcpu->kvm)) { vcpu->arch.mp_state = KVM_MP_STATE_HALTED; return 1; } else { vcpu->run->exit_reason = KVM_EXIT_HLT; return 0; } }",linux-2.6,,,175988959916864732664931906096778606825,0 5860,CWE-787,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_build_pli( pjmedia_rtcp_session *session, void *buf, pj_size_t *length) { pjmedia_rtcp_common *hdr; unsigned len; PJ_ASSERT_RETURN(session && buf && length, PJ_EINVAL); len = 12; if (len > *length) return PJ_ETOOSMALL; hdr = (pjmedia_rtcp_common*)buf; pj_memcpy(hdr, &session->rtcp_rr_pkt.common, sizeof(*hdr)); hdr->pt = RTCP_PSFB; hdr->count = 1; hdr->length = pj_htons((pj_uint16_t)(len/4 - 1)); *length = len; return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,244963794578092,1 238,[],"static int uni16_to_x8(unsigned char *ascii, wchar_t *uni, int uni_xlate, struct nls_table *nls) { wchar_t *ip, ec; unsigned char *op, nc; int charlen; int k; ip = uni; op = ascii; while (*ip) { ec = *ip++; if ( (charlen = nls->uni2char(ec, op, NLS_MAX_CHARSET_SIZE)) > 0) { op += charlen; } else { if (uni_xlate == 1) { *op = ':'; for (k = 4; k > 0; k--) { nc = ec & 0xF; op[k] = nc > 9 ? nc + ('a' - 10) : nc + '0'; ec >>= 4; } op += 5; } else { *op++ = '?'; } } if (op>ascii+256) { op = ascii + 256; break; } } *op = 0; return (op - ascii); }",linux-2.6,,,279959175313039433435236421850762621995,0 1454,[],"void complete(struct completion *x) { unsigned long flags; spin_lock_irqsave(&x->wait.lock, flags); x->done++; __wake_up_common(&x->wait, TASK_NORMAL, 1, 0, NULL); spin_unlock_irqrestore(&x->wait.lock, flags); }",linux-2.6,,,210719018118942130420534253059584171880,0 1353,CWE-200,"static inline int verify_replay(struct xfrm_usersa_info *p, struct nlattr **attrs) { struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; if ((p->flags & XFRM_STATE_ESN) && !rt) return -EINVAL; if (!rt) return 0; if (p->id.proto != IPPROTO_ESP) return -EINVAL; if (p->replay_window != 0) return -EINVAL; return 0; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/torvalds/linux,58467148376404,1 2297,['CWE-120'],"asmlinkage long sys_rename(const char __user *oldname, const char __user *newname) { return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname); }",linux-2.6,,,54746814730652549324860031445286843463,0 3813,CWE-122,"paste_option_changed(void) { static int old_p_paste = FALSE; static int save_sm = 0; static int save_sta = 0; #ifdef FEAT_CMDL_INFO static int save_ru = 0; #endif #ifdef FEAT_RIGHTLEFT static int save_ri = 0; static int save_hkmap = 0; #endif buf_T *buf; if (p_paste) { if (!old_p_paste) { FOR_ALL_BUFFERS(buf) { buf->b_p_tw_nopaste = buf->b_p_tw; buf->b_p_wm_nopaste = buf->b_p_wm; buf->b_p_sts_nopaste = buf->b_p_sts; buf->b_p_ai_nopaste = buf->b_p_ai; buf->b_p_et_nopaste = buf->b_p_et; #ifdef FEAT_VARTABS if (buf->b_p_vsts_nopaste) vim_free(buf->b_p_vsts_nopaste); buf->b_p_vsts_nopaste = buf->b_p_vsts && buf->b_p_vsts != empty_option ? vim_strsave(buf->b_p_vsts) : NULL; #endif } save_sm = p_sm; save_sta = p_sta; #ifdef FEAT_CMDL_INFO save_ru = p_ru; #endif #ifdef FEAT_RIGHTLEFT save_ri = p_ri; save_hkmap = p_hkmap; #endif p_ai_nopaste = p_ai; p_et_nopaste = p_et; p_sts_nopaste = p_sts; p_tw_nopaste = p_tw; p_wm_nopaste = p_wm; #ifdef FEAT_VARTABS if (p_vsts_nopaste) vim_free(p_vsts_nopaste); p_vsts_nopaste = p_vsts && p_vsts != empty_option ? vim_strsave(p_vsts) : NULL; #endif } FOR_ALL_BUFFERS(buf) { buf->b_p_tw = 0; buf->b_p_wm = 0; buf->b_p_sts = 0; buf->b_p_ai = 0; buf->b_p_et = 0; #ifdef FEAT_VARTABS if (buf->b_p_vsts) free_string_option(buf->b_p_vsts); buf->b_p_vsts = empty_option; if (buf->b_p_vsts_array) vim_free(buf->b_p_vsts_array); buf->b_p_vsts_array = 0; #endif } p_sm = 0; p_sta = 0; #ifdef FEAT_CMDL_INFO if (p_ru) status_redraw_all(); p_ru = 0; #endif #ifdef FEAT_RIGHTLEFT p_ri = 0; p_hkmap = 0; #endif p_tw = 0; p_wm = 0; p_sts = 0; p_ai = 0; #ifdef FEAT_VARTABS if (p_vsts) free_string_option(p_vsts); p_vsts = empty_option; #endif } else if (old_p_paste) { FOR_ALL_BUFFERS(buf) { buf->b_p_tw = buf->b_p_tw_nopaste; buf->b_p_wm = buf->b_p_wm_nopaste; buf->b_p_sts = buf->b_p_sts_nopaste; buf->b_p_ai = buf->b_p_ai_nopaste; buf->b_p_et = buf->b_p_et_nopaste; #ifdef FEAT_VARTABS if (buf->b_p_vsts) free_string_option(buf->b_p_vsts); buf->b_p_vsts = buf->b_p_vsts_nopaste ? vim_strsave(buf->b_p_vsts_nopaste) : empty_option; if (buf->b_p_vsts_array) vim_free(buf->b_p_vsts_array); if (buf->b_p_vsts && buf->b_p_vsts != empty_option) (void)tabstop_set(buf->b_p_vsts, &buf->b_p_vsts_array); else buf->b_p_vsts_array = 0; #endif } p_sm = save_sm; p_sta = save_sta; #ifdef FEAT_CMDL_INFO if (p_ru != save_ru) status_redraw_all(); p_ru = save_ru; #endif #ifdef FEAT_RIGHTLEFT p_ri = save_ri; p_hkmap = save_hkmap; #endif p_ai = p_ai_nopaste; p_et = p_et_nopaste; p_sts = p_sts_nopaste; p_tw = p_tw_nopaste; p_wm = p_wm_nopaste; #ifdef FEAT_VARTABS if (p_vsts) free_string_option(p_vsts); p_vsts = p_vsts_nopaste ? vim_strsave(p_vsts_nopaste) : empty_option; #endif } old_p_paste = p_paste; }",visit repo url,src/option.c,https://github.com/vim/vim,123573477687851,1 1046,['CWE-20'],"asmlinkage long sys_setfsuid(uid_t uid) { int old_fsuid; old_fsuid = current->fsuid; if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)) return old_fsuid; if (uid == current->uid || uid == current->euid || uid == current->suid || uid == current->fsuid || capable(CAP_SETUID)) { if (uid != old_fsuid) { current->mm->dumpable = suid_dumpable; smp_wmb(); } current->fsuid = uid; } key_fsuid_changed(current); proc_id_connector(current, PROC_EVENT_UID); security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); return old_fsuid; }",linux-2.6,,,201703655996724845959390366918436689593,0 229,CWE-285,"static int __jfs_set_acl(tid_t tid, struct inode *inode, int type, struct posix_acl *acl) { char *ea_name; int rc; int size = 0; char *value = NULL; switch (type) { case ACL_TYPE_ACCESS: ea_name = XATTR_NAME_POSIX_ACL_ACCESS; if (acl) { rc = posix_acl_equiv_mode(acl, &inode->i_mode); if (rc < 0) return rc; inode->i_ctime = CURRENT_TIME; mark_inode_dirty(inode); if (rc == 0) acl = NULL; } break; case ACL_TYPE_DEFAULT: ea_name = XATTR_NAME_POSIX_ACL_DEFAULT; break; default: return -EINVAL; } if (acl) { size = posix_acl_xattr_size(acl->a_count); value = kmalloc(size, GFP_KERNEL); if (!value) return -ENOMEM; rc = posix_acl_to_xattr(&init_user_ns, acl, value, size); if (rc < 0) goto out; } rc = __jfs_setxattr(tid, inode, ea_name, value, size, 0); out: kfree(value); if (!rc) set_cached_acl(inode, type, acl); return rc; }",visit repo url,fs/jfs/acl.c,https://github.com/torvalds/linux,131923242302716,1 6676,CWE-125,"minimask_equal(const struct minimask *a, const struct minimask *b) { return !memcmp(a, b, sizeof *a + MINIFLOW_VALUES_SIZE(miniflow_n_values(&a->masks))); }",visit repo url,lib/flow.c,https://github.com/cloudbase/ovs,102914232003713,1 401,CWE-476,"long keyctl_update_key(key_serial_t id, const void __user *_payload, size_t plen) { key_ref_t key_ref; void *payload; long ret; ret = -EINVAL; if (plen > PAGE_SIZE) goto error; payload = NULL; if (_payload) { ret = -ENOMEM; payload = kmalloc(plen, GFP_KERNEL); if (!payload) goto error; ret = -EFAULT; if (copy_from_user(payload, _payload, plen) != 0) goto error2; } key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); goto error2; } ret = key_update(key_ref, payload, plen); key_ref_put(key_ref); error2: kfree(payload); error: return ret; }",visit repo url,security/keys/keyctl.c,https://github.com/torvalds/linux,114733121542147,1 2117,['CWE-119'],"static inline void set_trap_gate(unsigned int n, void *addr) { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); }",linux-2.6,,,292942548401805445935401938343945736495,0 6677,CWE-552,"fu_plugin_set_secure_config_value(FuPlugin *self, const gchar *key, const gchar *value, GError **error) { g_autofree gchar *conf_path = fu_plugin_get_config_filename(self); gint ret; g_return_val_if_fail(FU_IS_PLUGIN(self), FALSE); g_return_val_if_fail(error == NULL || *error == NULL, FALSE); if (!g_file_test(conf_path, G_FILE_TEST_EXISTS)) { g_set_error(error, FWUPD_ERROR, FWUPD_ERROR_NOT_FOUND, ""%s is missing"", conf_path); return FALSE; } ret = g_chmod(conf_path, 0660); if (ret == -1) { g_set_error(error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, ""failed to set permissions on %s"", conf_path); return FALSE; } return fu_plugin_set_config_value(self, key, value, error); }",visit repo url,libfwupdplugin/fu-plugin.c,https://github.com/fwupd/fwupd,179138506370172,1 4041,CWE-287,"static void _sx_sasl_client_process(sx_t s, sx_plugin_t p, Gsasl_session *sd, const char *mech, const char *in, int inlen) { _sx_sasl_t ctx = (_sx_sasl_t) p->private; _sx_sasl_sess_t sctx = NULL; char *buf = NULL, *out = NULL, *realm = NULL, **ext_id; char hostname[256]; int ret; #ifdef HAVE_SSL int i; #endif size_t buflen, outlen; assert(ctx); assert(ctx->cb); if(mech != NULL) { _sx_debug(ZONE, ""auth request from client (mechanism=%s)"", mech); if(!gsasl_server_support_p(ctx->gsasl_ctx, mech)) { _sx_debug(ZONE, ""client requested mechanism (%s) that we didn't offer"", mech); _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_INVALID_MECHANISM, NULL), 0); return; } ret = gsasl_server_start(ctx->gsasl_ctx, mech, &sd); if(ret != GSASL_OK) { _sx_debug(ZONE, ""gsasl_server_start failed, no sasl for this conn; (%d): %s"", ret, gsasl_strerror(ret)); _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_TEMPORARY_FAILURE, gsasl_strerror(ret)), 0); return; } (ctx->cb)(sx_sasl_cb_GET_REALM, NULL, (void **) &realm, s, ctx->cbarg); sctx = gsasl_session_hook_get(sd); if (sctx != NULL) free(sctx); sctx = (_sx_sasl_sess_t) calloc(1, sizeof(struct _sx_sasl_sess_st)); sctx->s = s; sctx->ctx = ctx; gsasl_session_hook_set(sd, (void *) sctx); gsasl_property_set(sd, GSASL_SERVICE, ctx->appname); gsasl_property_set(sd, GSASL_REALM, realm); hostname[0] = '\0'; gethostname(hostname, 256); hostname[255] = '\0'; gsasl_property_set(sd, GSASL_HOSTNAME, hostname); ext_id = NULL; #ifdef HAVE_SSL for(i = 0; i < s->env->nplugins; i++) if(s->env->plugins[i]->magic == SX_SSL_MAGIC && s->plugin_data[s->env->plugins[i]->index] != NULL) ext_id = ((_sx_ssl_conn_t) s->plugin_data[s->env->plugins[i]->index])->external_id; if (ext_id != NULL) { for (i = 0; i < SX_CONN_EXTERNAL_ID_MAX_COUNT; i++) if (ext_id[i] != NULL) { ctx->ext_id[i] = strdup(ext_id[i]); } else { ctx->ext_id[i] = NULL; break; } } #endif _sx_debug(ZONE, ""sasl context initialised for %d"", s->tag); s->plugin_data[p->index] = (void *) sd; if(strcmp(mech, ""ANONYMOUS"") == 0) { (ctx->cb)(sx_sasl_cb_GEN_AUTHZID, NULL, (void **)&out, s, ctx->cbarg); buf = strdup(out); buflen = strlen(buf); } else if (strstr(in, ""<"") != NULL && strncmp(in, ""="", strstr(in, ""<"") - in ) == 0) { _sx_debug(ZONE, ""gsasl auth string is empty""); buf = strdup(""""); buflen = strlen(buf); } else { ret = gsasl_base64_from(in, inlen, &buf, &buflen); if (ret != GSASL_OK) { _sx_debug(ZONE, ""gsasl_base64_from failed, no sasl for this conn; (%d): %s"", ret, gsasl_strerror(ret)); _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_INCORRECT_ENCODING, gsasl_strerror(ret)), 0); if(buf != NULL) free(buf); return; } } ret = gsasl_step(sd, buf, buflen, &out, &outlen); } else { ret = gsasl_base64_from(in, inlen, &buf, &buflen); if (ret != GSASL_OK) { _sx_debug(ZONE, ""gsasl_base64_from failed, no sasl for this conn; (%d): %s"", ret, gsasl_strerror(ret)); _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_INCORRECT_ENCODING, gsasl_strerror(ret)), 0); return; } if(!sd) { _sx_debug(ZONE, ""response send before auth request enabling mechanism (decoded: %.*s)"", buflen, buf); _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_MECH_TOO_WEAK, ""response send before auth request enabling mechanism""), 0); if(buf != NULL) free(buf); return; } _sx_debug(ZONE, ""response from client (decoded: %.*s)"", buflen, buf); ret = gsasl_step(sd, buf, buflen, &out, &outlen); } if(buf != NULL) free(buf); if(ret == GSASL_OK) { _sx_debug(ZONE, ""sasl handshake completed""); ret = gsasl_base64_to(out, outlen, &buf, &buflen); if (ret == GSASL_OK) { _sx_nad_write(s, _sx_sasl_success(s, buf, buflen), 0); free(buf); ((sx_buf_t) s->wbufq->front->data)->notify = _sx_sasl_notify_success; ((sx_buf_t) s->wbufq->front->data)->notify_arg = (void *) p; } else { _sx_debug(ZONE, ""gsasl_base64_to failed, no sasl for this conn; (%d): %s"", ret, gsasl_strerror(ret)); _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_INCORRECT_ENCODING, gsasl_strerror(ret)), 0); if(buf != NULL) free(buf); } if(out != NULL) free(out); return; } if(ret == GSASL_NEEDS_MORE) { _sx_debug(ZONE, ""sasl handshake in progress (challenge: %.*s)"", outlen, out); ret = gsasl_base64_to(out, outlen, &buf, &buflen); if (ret == GSASL_OK) { _sx_nad_write(s, _sx_sasl_challenge(s, buf, buflen), 0); free(buf); } else { _sx_debug(ZONE, ""gsasl_base64_to failed, no sasl for this conn; (%d): %s"", ret, gsasl_strerror(ret)); _sx_nad_write(s, _sx_sasl_failure(s, _sasl_err_INCORRECT_ENCODING, gsasl_strerror(ret)), 0); if(buf != NULL) free(buf); } if(out != NULL) free(out); return; } if(out != NULL) free(out); _sx_debug(ZONE, ""sasl handshake failed; (%d): %s"", ret, gsasl_strerror(ret)); switch (ret) { case GSASL_AUTHENTICATION_ERROR: case GSASL_NO_ANONYMOUS_TOKEN: case GSASL_NO_AUTHID: case GSASL_NO_AUTHZID: case GSASL_NO_PASSWORD: case GSASL_NO_PASSCODE: case GSASL_NO_PIN: case GSASL_NO_SERVICE: case GSASL_NO_HOSTNAME: out = _sasl_err_NOT_AUTHORIZED; break; case GSASL_UNKNOWN_MECHANISM: case GSASL_MECHANISM_PARSE_ERROR: out = _sasl_err_INVALID_MECHANISM; break; case GSASL_BASE64_ERROR: out = _sasl_err_INCORRECT_ENCODING; break; default: out = _sasl_err_MALFORMED_REQUEST; } _sx_nad_write(s, _sx_sasl_failure(s, out, gsasl_strerror(ret)), 0); }",visit repo url,sx/sasl.c,https://github.com/jabberd2/jabberd2,179049354236648,1 2551,CWE-399,"crm_recv_remote_msg(void *session, gboolean encrypted) { char *reply = NULL; xmlNode *xml = NULL; if (encrypted) { #ifdef HAVE_GNUTLS_GNUTLS_H reply = cib_recv_tls(session); #else CRM_ASSERT(encrypted == FALSE); #endif } else { reply = cib_recv_plaintext(GPOINTER_TO_INT(session)); } if (reply == NULL || strlen(reply) == 0) { crm_trace(""Empty reply""); } else { xml = string2xml(reply); if (xml == NULL) { crm_err(""Couldn't parse: '%.120s'"", reply); } } free(reply); return xml; }",visit repo url,lib/common/remote.c,https://github.com/ClusterLabs/pacemaker,142940349073031,1 4233,CWE-193,"static int r_cmd_java_call(void *user, const char *input) { RCore *core = (RCore *) user; int res = false; ut32 i = 0; if (strncmp (input, ""java"", 4)) { return false; } if (input[4] != ' ') { return r_cmd_java_handle_help (core, input); } for (; i < END_CMDS; i++) { IFDBG r_cons_printf (""Checking cmd: %s %d\n"", JAVA_CMDS[i].name, strncmp (input+5, JAVA_CMDS[i].name, JAVA_CMDS[i].name_len)); if (!strncmp (input + 5, JAVA_CMDS[i].name, JAVA_CMDS[i].name_len)) { const char *cmd = input + 5 + JAVA_CMDS[i].name_len; if (*cmd && *cmd == ' ') { cmd++; } res = JAVA_CMDS[i].handler (core, cmd); break; } } if (!res) { return r_cmd_java_handle_help (core, input); } return true; }",visit repo url,libr/core/p/core_java.c,https://github.com/radareorg/radare2,252576547808207,1 377,CWE-404,"static int install_process_keyring(void) { struct cred *new; int ret; new = prepare_creds(); if (!new) return -ENOMEM; ret = install_process_keyring_to_cred(new); if (ret < 0) { abort_creds(new); return ret != -EEXIST ? ret : 0; } return commit_creds(new); }",visit repo url,security/keys/process_keys.c,https://github.com/torvalds/linux,145642485110272,1 5831,['CWE-200'],"static void econet_destroy_timer(unsigned long data) { struct sock *sk=(struct sock *)data; if (!sk_has_allocations(sk)) { sk_free(sk); return; } sk->sk_timer.expires = jiffies + 10 * HZ; add_timer(&sk->sk_timer); printk(KERN_DEBUG ""econet socket destroy delayed\n""); }",linux-2.6,,,217534539228970365409881586352642390578,0 61,CWE-18,"iakerb_gss_init_sec_context(OM_uint32 *minor_status, gss_cred_id_t claimant_cred_handle, gss_ctx_id_t *context_handle, gss_name_t target_name, gss_OID mech_type, OM_uint32 req_flags, OM_uint32 time_req, gss_channel_bindings_t input_chan_bindings, gss_buffer_t input_token, gss_OID *actual_mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec) { OM_uint32 major_status = GSS_S_FAILURE; krb5_error_code code; iakerb_ctx_id_t ctx; krb5_gss_cred_id_t kcred; krb5_gss_name_t kname; krb5_boolean cred_locked = FALSE; int initialContextToken = (*context_handle == GSS_C_NO_CONTEXT); if (initialContextToken) { code = iakerb_alloc_context(&ctx); if (code != 0) { *minor_status = code; goto cleanup; } if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) { major_status = iakerb_gss_acquire_cred(minor_status, NULL, GSS_C_INDEFINITE, GSS_C_NULL_OID_SET, GSS_C_INITIATE, &ctx->defcred, NULL, NULL); if (GSS_ERROR(major_status)) goto cleanup; claimant_cred_handle = ctx->defcred; } } else { ctx = (iakerb_ctx_id_t)*context_handle; if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) claimant_cred_handle = ctx->defcred; } kname = (krb5_gss_name_t)target_name; major_status = kg_cred_resolve(minor_status, ctx->k5c, claimant_cred_handle, target_name); if (GSS_ERROR(major_status)) goto cleanup; cred_locked = TRUE; kcred = (krb5_gss_cred_id_t)claimant_cred_handle; major_status = GSS_S_FAILURE; if (initialContextToken) { code = iakerb_get_initial_state(ctx, kcred, kname, time_req, &ctx->state); if (code != 0) { *minor_status = code; goto cleanup; } *context_handle = (gss_ctx_id_t)ctx; } if (ctx->state != IAKERB_AP_REQ) { code = iakerb_initiator_step(ctx, kcred, kname, time_req, input_token, output_token); if (code == KRB5_BAD_MSIZE) major_status = GSS_S_DEFECTIVE_TOKEN; if (code != 0) { *minor_status = code; goto cleanup; } } if (ctx->state == IAKERB_AP_REQ) { krb5_gss_ctx_ext_rec exts; if (cred_locked) { k5_mutex_unlock(&kcred->lock); cred_locked = FALSE; } iakerb_make_exts(ctx, &exts); if (ctx->gssc == GSS_C_NO_CONTEXT) input_token = GSS_C_NO_BUFFER; major_status = krb5_gss_init_sec_context_ext(minor_status, (gss_cred_id_t) kcred, &ctx->gssc, target_name, (gss_OID)gss_mech_iakerb, req_flags, time_req, input_chan_bindings, input_token, NULL, output_token, ret_flags, time_rec, &exts); if (major_status == GSS_S_COMPLETE) { *context_handle = ctx->gssc; ctx->gssc = GSS_C_NO_CONTEXT; iakerb_release_context(ctx); } if (actual_mech_type != NULL) *actual_mech_type = (gss_OID)gss_mech_krb5; } else { if (actual_mech_type != NULL) *actual_mech_type = (gss_OID)gss_mech_iakerb; if (ret_flags != NULL) *ret_flags = 0; if (time_rec != NULL) *time_rec = 0; major_status = GSS_S_CONTINUE_NEEDED; } cleanup: if (cred_locked) k5_mutex_unlock(&kcred->lock); if (initialContextToken && GSS_ERROR(major_status)) { iakerb_release_context(ctx); *context_handle = GSS_C_NO_CONTEXT; } return major_status; }",visit repo url,src/lib/gssapi/krb5/iakerb.c,https://github.com/krb5/krb5,60997044062460,1 2761,['CWE-189'],"int sctp_auth_del_key_id(struct sctp_endpoint *ep, struct sctp_association *asoc, __u16 key_id) { struct sctp_shared_key *key; struct list_head *sh_keys; int found = 0; if (asoc) { if (asoc->active_key_id == key_id) return -EINVAL; sh_keys = &asoc->endpoint_shared_keys; } else { if (ep->active_key_id == key_id) return -EINVAL; sh_keys = &ep->endpoint_shared_keys; } key_for_each(key, sh_keys) { if (key->key_id == key_id) { found = 1; break; } } if (!found) return -EINVAL; list_del_init(&key->key_list); sctp_auth_shkey_free(key); return 0; }",linux-2.6,,,1666482507960506701266302005837406280,0 5606,CWE-125,"ast_for_classdef(struct compiling *c, const node *n, asdl_seq *decorator_seq) { PyObject *classname; asdl_seq *s; expr_ty call; REQ(n, classdef); if (NCH(n) == 4) { s = ast_for_suite(c, CHILD(n, 3)); if (!s) return NULL; classname = NEW_IDENTIFIER(CHILD(n, 1)); if (!classname) return NULL; if (forbidden_name(c, classname, CHILD(n, 3), 0)) return NULL; return ClassDef(classname, NULL, NULL, s, decorator_seq, LINENO(n), n->n_col_offset, c->c_arena); } if (TYPE(CHILD(n, 3)) == RPAR) { s = ast_for_suite(c, CHILD(n,5)); if (!s) return NULL; classname = NEW_IDENTIFIER(CHILD(n, 1)); if (!classname) return NULL; if (forbidden_name(c, classname, CHILD(n, 3), 0)) return NULL; return ClassDef(classname, NULL, NULL, s, decorator_seq, LINENO(n), n->n_col_offset, c->c_arena); } { PyObject *dummy_name; expr_ty dummy; dummy_name = NEW_IDENTIFIER(CHILD(n, 1)); if (!dummy_name) return NULL; dummy = Name(dummy_name, Load, LINENO(n), n->n_col_offset, c->c_arena); call = ast_for_call(c, CHILD(n, 3), dummy); if (!call) return NULL; } s = ast_for_suite(c, CHILD(n, 6)); if (!s) return NULL; classname = NEW_IDENTIFIER(CHILD(n, 1)); if (!classname) return NULL; if (forbidden_name(c, classname, CHILD(n, 1), 0)) return NULL; return ClassDef(classname, call->v.Call.args, call->v.Call.keywords, s, decorator_seq, LINENO(n), n->n_col_offset, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,62107758330223,1 301,[],"static int ethtool_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ifreq __user *ifr; struct ifreq32 __user *ifr32; u32 data; void __user *datap; ifr = compat_alloc_user_space(sizeof(*ifr)); ifr32 = compat_ptr(arg); if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; if (get_user(data, &ifr32->ifr_ifru.ifru_data)) return -EFAULT; datap = compat_ptr(data); if (put_user(datap, &ifr->ifr_ifru.ifru_data)) return -EFAULT; return sys_ioctl(fd, cmd, (unsigned long) ifr); }",linux-2.6,,,40239483779406268332460145000948640876,0 2725,[],"int sctp_endpoint_is_peeled_off(struct sctp_endpoint *ep, const union sctp_addr *paddr) { struct sctp_sockaddr_entry *addr; struct sctp_bind_addr *bp; bp = &ep->base.bind_addr; list_for_each_entry(addr, &bp->address_list, list) { if (sctp_has_association(&addr->a, paddr)) return 1; } return 0; }",linux-2.6,,,34137503232037822353287076201641397669,0 953,['CWE-189'],"SProcShmGetImage(client) ClientPtr client; { register int n; REQUEST(xShmGetImageReq); swaps(&stuff->length, n); REQUEST_SIZE_MATCH(xShmGetImageReq); swapl(&stuff->drawable, n); swaps(&stuff->x, n); swaps(&stuff->y, n); swaps(&stuff->width, n); swaps(&stuff->height, n); swapl(&stuff->planeMask, n); swapl(&stuff->shmseg, n); swapl(&stuff->offset, n); return ProcShmGetImage(client); }",xserver,,,104075952243643225392337858612807194103,0 1383,CWE-20,"static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) { struct gnttab_copy *gop = netbk->tx_copy_ops, *request_gop; struct sk_buff *skb; int ret; while (((nr_pending_reqs(netbk) + MAX_SKB_FRAGS) < MAX_PENDING_REQS) && !list_empty(&netbk->net_schedule_list)) { struct xenvif *vif; struct xen_netif_tx_request txreq; struct xen_netif_tx_request txfrags[MAX_SKB_FRAGS]; struct page *page; struct xen_netif_extra_info extras[XEN_NETIF_EXTRA_TYPE_MAX-1]; u16 pending_idx; RING_IDX idx; int work_to_do; unsigned int data_len; pending_ring_idx_t index; vif = poll_net_schedule_list(netbk); if (!vif) continue; RING_FINAL_CHECK_FOR_REQUESTS(&vif->tx, work_to_do); if (!work_to_do) { xenvif_put(vif); continue; } idx = vif->tx.req_cons; rmb(); memcpy(&txreq, RING_GET_REQUEST(&vif->tx, idx), sizeof(txreq)); if (txreq.size > vif->remaining_credit && tx_credit_exceeded(vif, txreq.size)) { xenvif_put(vif); continue; } vif->remaining_credit -= txreq.size; work_to_do--; vif->tx.req_cons = ++idx; memset(extras, 0, sizeof(extras)); if (txreq.flags & XEN_NETTXF_extra_info) { work_to_do = xen_netbk_get_extras(vif, extras, work_to_do); idx = vif->tx.req_cons; if (unlikely(work_to_do < 0)) { netbk_tx_err(vif, &txreq, idx); continue; } } ret = netbk_count_requests(vif, &txreq, txfrags, work_to_do); if (unlikely(ret < 0)) { netbk_tx_err(vif, &txreq, idx - ret); continue; } idx += ret; if (unlikely(txreq.size < ETH_HLEN)) { netdev_dbg(vif->dev, ""Bad packet size: %d\n"", txreq.size); netbk_tx_err(vif, &txreq, idx); continue; } if (unlikely((txreq.offset + txreq.size) > PAGE_SIZE)) { netdev_dbg(vif->dev, ""txreq.offset: %x, size: %u, end: %lu\n"", txreq.offset, txreq.size, (txreq.offset&~PAGE_MASK) + txreq.size); netbk_tx_err(vif, &txreq, idx); continue; } index = pending_index(netbk->pending_cons); pending_idx = netbk->pending_ring[index]; data_len = (txreq.size > PKT_PROT_LEN && ret < MAX_SKB_FRAGS) ? PKT_PROT_LEN : txreq.size; skb = alloc_skb(data_len + NET_SKB_PAD + NET_IP_ALIGN, GFP_ATOMIC | __GFP_NOWARN); if (unlikely(skb == NULL)) { netdev_dbg(vif->dev, ""Can't allocate a skb in start_xmit.\n""); netbk_tx_err(vif, &txreq, idx); break; } skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN); if (extras[XEN_NETIF_EXTRA_TYPE_GSO - 1].type) { struct xen_netif_extra_info *gso; gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1]; if (netbk_set_skb_gso(vif, skb, gso)) { kfree_skb(skb); netbk_tx_err(vif, &txreq, idx); continue; } } page = xen_netbk_alloc_page(netbk, skb, pending_idx); if (!page) { kfree_skb(skb); netbk_tx_err(vif, &txreq, idx); continue; } gop->source.u.ref = txreq.gref; gop->source.domid = vif->domid; gop->source.offset = txreq.offset; gop->dest.u.gmfn = virt_to_mfn(page_address(page)); gop->dest.domid = DOMID_SELF; gop->dest.offset = txreq.offset; gop->len = txreq.size; gop->flags = GNTCOPY_source_gref; gop++; memcpy(&netbk->pending_tx_info[pending_idx].req, &txreq, sizeof(txreq)); netbk->pending_tx_info[pending_idx].vif = vif; *((u16 *)skb->data) = pending_idx; __skb_put(skb, data_len); skb_shinfo(skb)->nr_frags = ret; if (data_len < txreq.size) { skb_shinfo(skb)->nr_frags++; frag_set_pending_idx(&skb_shinfo(skb)->frags[0], pending_idx); } else { frag_set_pending_idx(&skb_shinfo(skb)->frags[0], INVALID_PENDING_IDX); } netbk->pending_cons++; request_gop = xen_netbk_get_requests(netbk, vif, skb, txfrags, gop); if (request_gop == NULL) { kfree_skb(skb); netbk_tx_err(vif, &txreq, idx); continue; } gop = request_gop; __skb_queue_tail(&netbk->tx_queue, skb); vif->tx.req_cons = idx; xen_netbk_check_rx_xenvif(vif); if ((gop-netbk->tx_copy_ops) >= ARRAY_SIZE(netbk->tx_copy_ops)) break; } return gop - netbk->tx_copy_ops; }",visit repo url,drivers/net/xen-netback/netback.c,https://github.com/torvalds/linux,144896204079049,1 3212,CWE-125,"l2tp_proxy_auth_type_print(netdissect_options *ndo, const u_char *dat) { const uint16_t *ptr = (const uint16_t *)dat; ND_PRINT((ndo, ""%s"", tok2str(l2tp_authentype2str, ""AuthType-#%u"", EXTRACT_16BITS(ptr)))); }",visit repo url,print-l2tp.c,https://github.com/the-tcpdump-group/tcpdump,222519041780498,1 4579,CWE-476,"int mp4boxMain(int argc, char **argv) { u32 i, j; const char *gpac_profile = ""0""; GF_Err e = GF_OK; nb_tsel_acts = nb_add = nb_cat = nb_track_act = nb_sdp_ex = max_ptime = nb_meta_act = rtp_rate = major_brand = nb_alt_brand_add = nb_alt_brand_rem = car_dur = minor_version = 0; split_duration = 0.0; split_start = -1.0; interleaving_time = 0; dash_duration = dash_subduration = 0.0; import_fps.num = import_fps.den = 0; import_flags = 0; split_size = 0; movie_time = 0; dump_nal = dump_saps = dump_saps_mode = force_new = 0; FullInter = HintInter = encode = do_scene_log = old_interleave = do_saf = do_hash = verbose = do_mpd_rip = merge_vtt_cues = get_nb_tracks = GF_FALSE; #ifndef GPAC_DISABLE_SCENE_DUMP dump_mode = GF_SM_DUMP_NONE; #endif Frag = force_ocr = remove_sys_tracks = agg_samples = remove_hint = keep_sys_tracks = remove_root_od = single_group = clean_groups = compress_moov = GF_FALSE; conv_type = HintIt = needSave = print_sdp = regular_iod = dump_std = open_edit = dump_rtp = dump_cr = dump_srt = dump_ttxt = dump_m2ts = dump_cart = import_subtitle = force_cat = pack_wgt = dash_live = GF_FALSE; no_fragments_defaults = GF_FALSE; single_traf_per_moof = hls_clock = GF_FALSE; tfdt_per_traf = GF_FALSE; dump_nal_type = 0; dump_isom = 0; print_info = 0; align_cat = GF_TRUE; subsegs_per_sidx = 0; track_dump_type = 0; crypt = 0; time_shift_depth = 0; file = NULL; itunes_tags = pes_dump = NULL; seg_name = dash_ctx_file = NULL; compress_top_boxes = NULL; initial_moof_sn = 0; initial_tfdt = 0; #ifndef GPAC_DISABLE_SCENE_ENCODER memset(&smenc_opts, 0, sizeof(smenc_opts)); #endif trackID = stat_level = hint_flags = 0; program_number = 0; info_track_id = 0; do_flat = 0; inName = outName = mediaSource = input_ctx = output_ctx = drm_file = avi2raw = cprt = chap_file = pack_file = raw_cat = high_dynamc_range_filename = use_init_seg = box_patch_filename = NULL; #ifndef GPAC_DISABLE_SWF_IMPORT swf_flags = GF_SM_SWF_SPLIT_TIMELINE; #endif swf_flatten_angle = 0.0f; tmpdir = NULL; for (i = 1; i < (u32) argc ; i++) { if (!strcmp(argv[i], ""-mem-track"") || !strcmp(argv[i], ""-mem-track-stack"")) { #ifdef GPAC_MEMORY_TRACKING mem_track = !strcmp(argv[i], ""-mem-track-stack"") ? GF_MemTrackerBackTrace : GF_MemTrackerSimple; #else fprintf(stderr, ""WARNING - GPAC not compiled with Memory Tracker - ignoring \""%s\""\n"", argv[i]); #endif break; } else if (!strcmp(argv[i], ""-p"")) { if (i+1<(u32) argc) gpac_profile = argv[i+1]; else { fprintf(stderr, ""Bad argument for -p, expecting profile name but no more args\n""); return 1; } } else if (!strncmp(argv[i], ""-p="", 3)) gpac_profile = argv[i]+3; } #ifdef _TWO_DIGIT_EXPONENT _set_output_format(_TWO_DIGIT_EXPONENT); #endif gf_sys_init(mem_track, gpac_profile); if (argc < 2) { fprintf(stderr, ""Not enough arguments - check usage with -h\n"" ""MP4Box - GPAC version %s\n"" ""%s\n"", gf_gpac_version(), gf_gpac_copyright()); gf_sys_close(); return 0; } helpout = stdout; i = mp4box_parse_args(argc, argv); if (i) { return mp4box_cleanup(i - 1); } if (!inName && dump_std) inName = ""std""; if (!inName) { if (has_next_arg) { fprintf(stderr, ""Broken argument specifier or file name missing - check usage with -h\n""); } else { PrintUsage(); } return mp4box_cleanup(1); } if (!strcmp(inName, ""std"")) dump_std = 2; if (!strcmp(inName, ""stdb"")) { inName = ""std""; dump_std = 1; } if (!interleaving_time) { if (dash_duration) interleaving_time = dash_duration; else if (!do_flat) { interleaving_time = DEFAULT_INTERLEAVING_IN_SEC; } } if (dump_std) outName = ""std""; if (dump_std==2) { #ifdef WIN32 if ( _setmode(_fileno(stdout), _O_BINARY) == -1 ) #else if ( freopen(NULL, ""wb"", stdout) == NULL) #endif { fprintf(stderr, ""Fatal error: cannot reopen stdout in binary mode.\n""); return mp4box_cleanup(1); } } #if !defined(GPAC_DISABLE_STREAMING) && !defined(GPAC_DISABLE_SENG) if (live_scene) { int ret = live_session(argc, argv); return mp4box_cleanup(ret); } #endif GF_LOG_Level level = verbose ? GF_LOG_DEBUG : GF_LOG_INFO; gf_log_set_tool_level(GF_LOG_CONTAINER, level); gf_log_set_tool_level(GF_LOG_SCENE, level); gf_log_set_tool_level(GF_LOG_PARSER, level); gf_log_set_tool_level(GF_LOG_AUTHOR, level); gf_log_set_tool_level(GF_LOG_CODING, level); gf_log_set_tool_level(GF_LOG_DASH, level); #ifdef GPAC_MEMORY_TRACKING if (mem_track) gf_log_set_tool_level(GF_LOG_MEMORY, level); #endif e = gf_sys_set_args(argc, (const char **) argv); if (e) { fprintf(stderr, ""Error assigning libgpac arguments: %s\n"", gf_error_to_string(e) ); return mp4box_cleanup(1); } if (raw_cat) { char chunk[4096]; FILE *fin, *fout; s64 to_copy, done; fin = gf_fopen(raw_cat, ""rb""); if (!fin) return mp4box_cleanup(1); fout = gf_fopen(inName, ""a+b""); if (!fout) { gf_fclose(fin); return mp4box_cleanup(1); } gf_fseek(fin, 0, SEEK_END); to_copy = gf_ftell(fin); gf_fseek(fin, 0, SEEK_SET); done = 0; while (1) { u32 nb_bytes = (u32) gf_fread(chunk, 4096, fin); gf_fwrite(chunk, nb_bytes, fout); done += nb_bytes; fprintf(stderr, ""Appending file %s - %02.2f done\r"", raw_cat, 100.0*done/to_copy); if (done >= to_copy) break; } gf_fclose(fin); gf_fclose(fout); return mp4box_cleanup(0); } if (compress_top_boxes) { if (size_top_box) { u64 top_size = do_size_top_boxes(inName, compress_top_boxes, size_top_box); fprintf(stdout, LLU""\n"", top_size); return mp4box_cleanup(e ? 1 : 0); } else { e = do_compress_top_boxes(inName, outName, compress_top_boxes, comp_top_box_version, comp_lzma); return mp4box_cleanup(e ? 1 : 0); } } if (do_mpd_rip) { e = rip_mpd(inName, outName); return mp4box_cleanup(e ? 1 : 0); } #ifndef GPAC_DISABLE_CORE_TOOLS if (do_wget != NULL) { e = gf_dm_wget(do_wget, inName, 0, 0, NULL); if (e != GF_OK) { fprintf(stderr, ""Cannot retrieve %s: %s\n"", do_wget, gf_error_to_string(e) ); return mp4box_cleanup(1); } return mp4box_cleanup(0); } #endif if (udp_dest) { GF_Socket *sock = gf_sk_new(GF_SOCK_TYPE_UDP); u16 port = 2345; char *sep = strrchr(udp_dest, ':'); if (sep) { sep[0] = 0; port = atoi(sep+1); } e = gf_sk_bind( sock, ""127.0.0.1"", 0, udp_dest, port, 0); if (sep) sep[0] = ':'; if (e) fprintf(stderr, ""Failed to bind socket to %s: %s\n"", udp_dest, gf_error_to_string(e) ); else { e = gf_sk_send(sock, (u8 *) inName, (u32)strlen(inName)); if (e) fprintf(stderr, ""Failed to send datagram: %s\n"", gf_error_to_string(e) ); } gf_sk_del(sock); return 0; } #ifndef GPAC_DISABLE_MPD if (do_mpd) { Bool remote = GF_FALSE; GF_MPD *mpd; char *mpd_base_url = NULL; if (!strnicmp(inName, ""http://"", 7) || !strnicmp(inName, ""https://"", 8)) { #if !defined(GPAC_DISABLE_CORE_TOOLS) e = gf_dm_wget(inName, ""tmp_main.m3u8"", 0, 0, &mpd_base_url); if (e != GF_OK) { fprintf(stderr, ""Cannot retrieve M3U8 (%s): %s\n"", inName, gf_error_to_string(e)); if (mpd_base_url) gf_free(mpd_base_url); return mp4box_cleanup(1); } remote = GF_TRUE; #else gf_free(mpd_base_url); fprintf(stderr, ""HTTP Downloader disabled in this build\n""); return mp4box_cleanup(1); #endif if (outName) strcpy(outfile, outName); else { const char *sep = gf_file_basename(inName); char *ext = gf_file_ext_start(sep); if (ext) ext[0] = 0; sprintf(outfile, ""%s.mpd"", sep); if (ext) ext[0] = '.'; } } else { if (outName) strcpy(outfile, outName); else { char *dst = strdup(inName); char *ext = strstr(dst, "".m3u8""); if (ext) ext[0] = 0; sprintf(outfile, ""%s.mpd"", dst); gf_free(dst); } } mpd = gf_mpd_new(); if (!mpd) { e = GF_OUT_OF_MEM; fprintf(stderr, ""[DASH] Error: MPD creation problem %s\n"", gf_error_to_string(e)); mp4box_cleanup(1); } FILE *f = gf_fopen(remote ? ""tmp_main.m3u8"" : inName, ""r""); u32 manif_type = 0; if (f) { char szDATA[1000]; s32 read; szDATA[999]=0; read = (s32) gf_fread(szDATA, 999, f); if (read<0) read = 0; szDATA[read]=0; gf_fclose(f); if (strstr(szDATA, ""SmoothStreamingMedia"")) manif_type = 2; else if (strstr(szDATA, ""#EXTM3U"")) manif_type = 1; } if (manif_type==1) { e = gf_m3u8_to_mpd(remote ? ""tmp_main.m3u8"" : inName, mpd_base_url ? mpd_base_url : inName, outfile, 0, ""video/mp2t"", GF_TRUE, use_url_template, segment_timeline, NULL, mpd, GF_TRUE, GF_TRUE); } else if (manif_type==2) { e = gf_mpd_smooth_to_mpd(remote ? ""tmp_main.m3u8"" : inName, mpd, mpd_base_url ? mpd_base_url : inName); } else { e = GF_NOT_SUPPORTED; } if (!e) gf_mpd_write_file(mpd, outfile); if (mpd) gf_mpd_del(mpd); if (mpd_base_url) gf_free(mpd_base_url); if (remote) { gf_file_delete(""tmp_main.m3u8""); } if (e != GF_OK) { fprintf(stderr, ""Error converting %s (%s) to MPD (%s): %s\n"", (manif_type==1) ? ""HLS"" : ""Smooth"", inName, outfile, gf_error_to_string(e)); return mp4box_cleanup(1); } else { fprintf(stderr, ""Done converting %s (%s) to MPD (%s)\n"", (manif_type==1) ? ""HLS"" : ""Smooth"", inName, outfile); return mp4box_cleanup(0); } } #endif if (dash_duration && !nb_dash_inputs) { dash_inputs = set_dash_input(dash_inputs, inName, &nb_dash_inputs); } if (do_saf && !encode) { switch (get_file_type_by_ext(inName)) { case GF_FILE_TYPE_BT_WRL_X3DV: case GF_FILE_TYPE_XMT_X3D: case GF_FILE_TYPE_SVG: encode = GF_TRUE; break; case GF_FILE_TYPE_NOT_SUPPORTED: case GF_FILE_TYPE_ISO_MEDIA: case GF_FILE_TYPE_SWF: case GF_FILE_TYPE_LSR_SAF: break; } } #ifndef GPAC_DISABLE_SCENE_DUMP if (dump_mode == GF_SM_DUMP_SVG) { if (strstr(inName, "".srt"") || strstr(inName, "".ttxt"")) import_subtitle = 2; } #endif if (import_subtitle && !trackID) { #ifndef GPAC_DISABLE_MEDIA_IMPORT GF_MediaImporter import; file = gf_isom_open(""ttxt_convert"", GF_ISOM_OPEN_WRITE, NULL); if (timescale && file) gf_isom_set_timescale(file, timescale); memset(&import, 0, sizeof(GF_MediaImporter)); import.dest = file; import.in_name = inName; e = gf_media_import(&import); if (e) { fprintf(stderr, ""Error importing %s: %s\n"", inName, gf_error_to_string(e)); gf_isom_delete(file); gf_file_delete(""ttxt_convert""); return mp4box_cleanup(1); } strcpy(outfile, inName); if (strchr(outfile, '.')) { while (outfile[strlen(outfile)-1] != '.') outfile[strlen(outfile)-1] = 0; outfile[strlen(outfile)-1] = 0; } #ifndef GPAC_DISABLE_ISOM_DUMP dump_isom_timed_text(file, gf_isom_get_track_id(file, 1), dump_std ? NULL : (outName ? outName : outfile), outName ? GF_TRUE : GF_FALSE, GF_TRUE, (import_subtitle==2) ? GF_TEXTDUMPTYPE_SVG : (dump_srt ? GF_TEXTDUMPTYPE_SRT : GF_TEXTDUMPTYPE_TTXT)); #endif gf_isom_delete(file); gf_file_delete(""ttxt_convert""); if (e) { fprintf(stderr, ""Error converting %s: %s\n"", inName, gf_error_to_string(e)); return mp4box_cleanup(1); } return mp4box_cleanup(0); #else fprintf(stderr, ""Feature not supported\n""); return mp4box_cleanup(1); #endif } #if !defined(GPAC_DISABLE_MEDIA_IMPORT) && !defined(GPAC_DISABLE_ISOM_WRITE) if (nb_add || nb_cat) { u32 ipass, nb_pass = 1; char *mux_args=NULL; GF_FilterSession *fs = NULL; if (nb_add) { GF_ISOOpenMode open_mode = GF_ISOM_OPEN_EDIT; if (force_new) { open_mode = (do_flat || (force_new==2)) ? GF_ISOM_OPEN_WRITE : GF_ISOM_WRITE_EDIT; } else { FILE *test = gf_fopen(inName, ""rb""); if (!test) { open_mode = (do_flat) ? GF_ISOM_OPEN_WRITE : GF_ISOM_WRITE_EDIT; if (!outName) outName = inName; } else { gf_fclose(test); if (! gf_isom_probe_file(inName) ) { open_mode = (do_flat) ? GF_ISOM_OPEN_WRITE : GF_ISOM_WRITE_EDIT; if (!outName) outName = inName; } } } open_edit = do_flat ? GF_FALSE : GF_TRUE; file = gf_isom_open(inName, open_mode, tmpdir); if (!file) { fprintf(stderr, ""Cannot open destination file %s: %s\n"", inName, gf_error_to_string(gf_isom_last_error(NULL)) ); return mp4box_cleanup(1); } if (freeze_box_order) gf_isom_freeze_order(file); } if (do_flat && interleaving_time) { char szSubArg[100]; gf_isom_set_storage_mode(file, GF_ISOM_STORE_FASTSTART); do_flat = 2; nb_pass = 2; fs = gf_fs_new_defaults(0); if (!fs) { fprintf(stderr, ""Error creating filter session\n""); gf_isom_delete(file); return mp4box_cleanup(1); } gf_dynstrcat(&mux_args, ""mp4mx:importer:store=fstart"", "":""); sprintf(szSubArg, ""file=%p"", file); gf_dynstrcat(&mux_args, szSubArg, "":""); sprintf(szSubArg, ""cdur=%g"", interleaving_time); gf_dynstrcat(&mux_args, szSubArg, "":""); } for (ipass=0; ipass0) && (dash_duration > dash_subduration)) { fprintf(stderr, ""Warning: -subdur parameter (%g s) should be greater than segment duration (%g s), using segment duration instead\n"", dash_subduration, dash_duration); dash_subduration = dash_duration; } if (dash_mode && dash_live) fprintf(stderr, ""Live DASH-ing - press 'q' to quit, 's' to save context and quit\n""); if (!dash_ctx_file && dash_live) { u32 r1; u64 add = (u64) (intptr_t) &dasher; add ^= gf_net_get_utc(); r1 = (u32) add ^ (u32) (add/0xFFFFFFFF); r1 ^= gf_rand(); sprintf(szStateFile, ""%s/dasher_%X.xml"", gf_get_default_cache_directory(), r1 ); dash_ctx_file = szStateFile; dyn_state_file = GF_TRUE; } else if (dash_ctx_file) { if (force_new) gf_file_delete(dash_ctx_file); } if (dash_profile==GF_DASH_PROFILE_AUTO) dash_profile = dash_mode ? GF_DASH_PROFILE_LIVE : GF_DASH_PROFILE_FULL; if (!dash_mode) { time_shift_depth = 0; mpd_update_time = 0; } else if ((dash_profile>=GF_DASH_PROFILE_MAIN) && !use_url_template && !mpd_update_time) { mpd_update_time = (Double) (dash_subduration ? dash_subduration : dash_duration); fprintf(stderr, ""Using default MPD refresh of %g seconds\n"", mpd_update_time); } if (file && needSave) { gf_isom_close(file); file = NULL; del_file = GF_TRUE; } dasher = gf_dasher_new(szMPD, dash_profile, tmpdir, dash_scale, dash_ctx_file); if (!dasher) { return mp4box_cleanup(1); } e = gf_dasher_set_info(dasher, dash_title, cprt, dash_more_info, dash_source, NULL); if (e) { fprintf(stderr, ""DASH Error: %s\n"", gf_error_to_string(e)); gf_dasher_del(dasher); return mp4box_cleanup(1); } gf_dasher_set_start_date(dasher, dash_start_date); gf_dasher_set_location(dasher, dash_source); for (i=0; i < nb_mpd_base_urls; i++) { e = gf_dasher_add_base_url(dasher, mpd_base_urls[i]); if (e) { fprintf(stderr, ""DASH Error: %s\n"", gf_error_to_string(e)); gf_dasher_del(dasher); return mp4box_cleanup(1); } } if (segment_timeline && !use_url_template) { fprintf(stderr, ""DASH Warning: using -segment-timeline with no -url-template. Forcing URL template.\n""); use_url_template = GF_TRUE; } e = gf_dasher_enable_url_template(dasher, (Bool) use_url_template, seg_name, seg_ext, init_seg_ext); if (!e) e = gf_dasher_enable_segment_timeline(dasher, segment_timeline); if (!e) e = gf_dasher_enable_single_segment(dasher, single_segment); if (!e) e = gf_dasher_enable_single_file(dasher, single_file); if (!e) e = gf_dasher_set_switch_mode(dasher, bitstream_switching_mode); if (!e) e = gf_dasher_set_durations(dasher, dash_duration, interleaving_time, dash_subduration); if (!e) e = gf_dasher_enable_rap_splitting(dasher, seg_at_rap, frag_at_rap); if (!e) e = gf_dasher_set_segment_marker(dasher, segment_marker); if (!e) e = gf_dasher_enable_sidx(dasher, (subsegs_per_sidx>=0) ? 1 : 0, (u32) subsegs_per_sidx, daisy_chain_sidx, use_ssix); if (!e) e = gf_dasher_set_dynamic_mode(dasher, dash_mode, mpd_update_time, time_shift_depth, mpd_live_duration); if (!e) e = gf_dasher_set_min_buffer(dasher, min_buffer); if (!e) e = gf_dasher_set_ast_offset(dasher, ast_offset_ms); if (!e) e = gf_dasher_enable_memory_fragmenting(dasher, memory_frags); if (!e) e = gf_dasher_set_initial_isobmf(dasher, initial_moof_sn, initial_tfdt); if (!e) e = gf_dasher_configure_isobmf_default(dasher, no_fragments_defaults, pssh_mode, samplegroups_in_traf, single_traf_per_moof, tfdt_per_traf, mvex_after_traks, sdtp_in_traf); if (!e) e = gf_dasher_enable_utc_ref(dasher, insert_utc); if (!e) e = gf_dasher_enable_real_time(dasher, frag_real_time); if (!e) e = gf_dasher_set_content_protection_location_mode(dasher, cp_location_mode); if (!e) e = gf_dasher_set_profile_extension(dasher, dash_profile_extension); if (!e) e = gf_dasher_enable_cached_inputs(dasher, no_cache); if (!e) e = gf_dasher_enable_loop_inputs(dasher, ! no_loop); if (!e) e = gf_dasher_set_split_mode(dasher, dash_split_mode); if (!e) e = gf_dasher_set_hls_clock(dasher, hls_clock); if (!e && dash_cues) e = gf_dasher_set_cues(dasher, dash_cues, strict_cues); if (!e && fs_dump_flags) e = gf_dasher_print_session_info(dasher, fs_dump_flags); for (i=0; i < nb_dash_inputs; i++) { if (!e) e = gf_dasher_add_input(dasher, &dash_inputs[i]); } if (e) { fprintf(stderr, ""DASH Setup Error: %s\n"", gf_error_to_string(e)); gf_dasher_del(dasher); return mp4box_cleanup(1); } dash_cumulated_time=0; while (1) { if (run_for && (dash_cumulated_time >= run_for)) { fprintf(stderr, ""Done running, computing static MPD\n""); do_abort = 3; } dash_prev_time=gf_sys_clock(); if (do_abort>=2) { e = gf_dasher_set_dynamic_mode(dasher, GF_DASH_DYNAMIC_LAST, 0, time_shift_depth, mpd_live_duration); } if (!e) e = gf_dasher_process(dasher); if (!dash_live && (e==GF_EOS) ) { fprintf(stderr, ""Nothing to dash, too early ...\n""); e = GF_OK; } if (do_abort) break; if (dash_live && (e==GF_IO_ERR) ) { fprintf(stderr, ""Error dashing file (%s) but continuing ...\n"", gf_error_to_string(e) ); e = GF_OK; } if (e) break; if (dash_live) { u64 ms_in_session=0; u32 slept = gf_sys_clock(); u32 sleep_for = gf_dasher_next_update_time(dasher, &ms_in_session); fprintf(stderr, ""Next generation scheduled in %u ms (DASH time ""LLU"" ms)\r"", sleep_for, ms_in_session); if (run_for && (ms_in_session>=run_for)) { dash_cumulated_time = 1+run_for; continue; } while (1) { if (gf_prompt_has_input()) { char c = (char) gf_prompt_get_char(); if (c=='X') { do_abort = 1; break; } if (c=='q') { do_abort = 2; break; } if (c=='s') { do_abort = 3; break; } } if (dash_mode == GF_DASH_DYNAMIC_DEBUG) { break; } if (!sleep_for) break; gf_sleep(sleep_for/10); sleep_for = gf_dasher_next_update_time(dasher, NULL); if (sleep_for<=1) { dash_now_time=gf_sys_clock(); dash_cumulated_time+=(dash_now_time-dash_prev_time); fprintf(stderr, ""Slept for %d ms before generation, dash cumulated time %d\n"", dash_now_time - slept, dash_cumulated_time); break; } } } else { break; } } gf_dasher_del(dasher); if (!run_for && dash_ctx_file && (do_abort==3) && (dyn_state_file) && !gf_sys_is_test_mode() ) { char szName[1024]; fprintf(stderr, ""Enter file name to save dash context:\n""); if (scanf(""%1023s"", szName) == 1) { gf_file_move(dash_ctx_file, szName); } } if (e) fprintf(stderr, ""Error DASHing file: %s\n"", gf_error_to_string(e)); if (file) gf_isom_delete(file); if (del_file) gf_file_delete(inName); if (e) return mp4box_cleanup(1); goto exit; } else if (!file && !do_hash #ifndef GPAC_DISABLE_MEDIA_EXPORT && !(track_dump_type & GF_EXPORT_AVI_NATIVE) #endif ) { FILE *st = gf_fopen(inName, ""rb""); Bool file_exists = 0; GF_ISOOpenMode omode; if (st) { file_exists = 1; gf_fclose(st); } switch (get_file_type_by_ext(inName)) { case 1: omode = (u8) (force_new ? GF_ISOM_WRITE_EDIT : (open_edit ? GF_ISOM_OPEN_EDIT : ( ((dump_isom>0) || print_info) ? GF_ISOM_OPEN_READ_DUMP : GF_ISOM_OPEN_READ) ) ); if (crypt) { omode = GF_ISOM_OPEN_READ; if (use_init_seg) file = gf_isom_open(use_init_seg, GF_ISOM_OPEN_READ, tmpdir); } if (!crypt && use_init_seg) { file = gf_isom_open(use_init_seg, GF_ISOM_OPEN_READ_DUMP, tmpdir); if (file) { e = gf_isom_open_segment(file, inName, 0, 0, 0); if (e) { fprintf(stderr, ""Error opening segment %s: %s\n"", inName, gf_error_to_string(e) ); gf_isom_delete(file); file = NULL; } } } if (!file) file = gf_isom_open(inName, omode, tmpdir); if (!file && (gf_isom_last_error(NULL) == GF_ISOM_INCOMPLETE_FILE) && !open_edit) { u64 missing_bytes; e = gf_isom_open_progressive(inName, 0, 0, GF_FALSE, &file, &missing_bytes); fprintf(stderr, ""Truncated file - missing ""LLD"" bytes\n"", missing_bytes); } if (!file) { if (open_edit && nb_meta_act) { file = gf_isom_open(inName, GF_ISOM_WRITE_EDIT, tmpdir); if (!outName && file) outName = inName; } if (!file) { fprintf(stderr, ""Error opening file %s: %s\n"", inName, gf_error_to_string(gf_isom_last_error(NULL))); return mp4box_cleanup(1); } } if (freeze_box_order) gf_isom_freeze_order(file); break; case 2: case 3: case 4: case 5: break; case 6: #ifndef GPAC_DISABLE_SCENE_DUMP if ((dump_mode==GF_SM_DUMP_LASER) || (dump_mode==GF_SM_DUMP_SVG)) { break; } #endif default: if (!open_edit && file_exists && !gf_isom_probe_file(inName) && track_dump_type) { } #ifndef GPAC_DISABLE_ISOM_WRITE else if (!open_edit && file_exists #ifndef GPAC_DISABLE_SCENE_DUMP && dump_mode == GF_SM_DUMP_NONE #endif ) { #ifndef GPAC_DISABLE_MEDIA_IMPORT if(dvbhdemux) { GF_MediaImporter import; file = gf_isom_open(""ttxt_convert"", GF_ISOM_OPEN_WRITE, NULL); memset(&import, 0, sizeof(GF_MediaImporter)); import.dest = file; import.in_name = inName; import.flags = GF_IMPORT_MPE_DEMUX; e = gf_media_import(&import); if (e) { fprintf(stderr, ""Error importing %s: %s\n"", inName, gf_error_to_string(e)); gf_isom_delete(file); gf_file_delete(""ttxt_convert""); return mp4box_cleanup(1); } } #endif if (dump_m2ts) { #ifndef GPAC_DISABLE_MPEG2TS dump_mpeg2_ts(inName, pes_dump, program_number); #endif } else if (dump_timestamps) { #ifndef GPAC_DISABLE_MPEG2TS dump_mpeg2_ts(inName, pes_dump, program_number); #endif #ifndef GPAC_DISABLE_CORE_TOOLS } else if (do_bin_xml) { xml_bs_to_bin(inName, outName, dump_std); #endif } else if (do_hash) { hash_file(inName, dump_std); } else if (print_info) { #ifndef GPAC_DISABLE_MEDIA_IMPORT convert_file_info(inName, info_track_id); #endif } else { fprintf(stderr, ""Input %s is not an MP4 file, operation not allowed\n"", inName); return mp4box_cleanup(1); } goto exit; } #endif else if (open_edit) { file = gf_isom_open(inName, GF_ISOM_WRITE_EDIT, tmpdir); if (!outName && file) outName = inName; } else if (!file_exists) { fprintf(stderr, ""Error creating file %s: %s\n"", inName, gf_error_to_string(GF_URL_ERROR)); return mp4box_cleanup(1); } else { fprintf(stderr, ""Cannot open %s - extension not supported\n"", inName); return mp4box_cleanup(1); } } } if (high_dynamc_range_filename) { e = parse_high_dynamc_range_xml_desc(file, high_dynamc_range_filename); if (e) goto err_exit; } if (file && keep_utc && open_edit) { gf_isom_keep_utc_times(file, 1); } strcpy(outfile, outName ? outName : inName); { char *szExt = gf_file_ext_start(outfile); if (szExt) { if (!stricmp(szExt, "".3gp"") || !stricmp(szExt, "".3gpp"") || !stricmp(szExt, "".3g2"")) conv_type = GF_ISOM_CONV_TYPE_3GPP; else if (!stricmp(szExt, "".m4a"") || !stricmp(szExt, "".m4v"")) conv_type = GF_ISOM_CONV_TYPE_IPOD; else if (!stricmp(szExt, "".psp"")) conv_type = GF_ISOM_CONV_TYPE_PSP; else if (!stricmp(szExt, "".mov"") || !stricmp(szExt, "".qt"")) conv_type = GF_ISOM_CONV_TYPE_MOV; *szExt = 0; } } #ifndef GPAC_DISABLE_MEDIA_EXPORT if (track_dump_type & GF_EXPORT_AVI_NATIVE) { char szFile[GF_MAX_PATH+24]; GF_MediaExporter mdump; memset(&mdump, 0, sizeof(mdump)); mdump.in_name = inName; mdump.flags = GF_EXPORT_AVI_NATIVE; mdump.trackID = trackID; if (dump_std) { mdump.out_name = ""std""; } else if (outName) { mdump.out_name = outName; } else if (trackID>2) { sprintf(szFile, ""%s_audio%d"", outfile, trackID-1); mdump.out_name = szFile; } else { sprintf(szFile, ""%s_%s"", outfile, (trackID==1) ? ""video"" : ""audio""); mdump.out_name = szFile; } mdump.print_stats_graph = fs_dump_flags; e = gf_media_export(&mdump); if (e) goto err_exit; goto exit; } if (!open_edit && track_dump_type && !gf_isom_probe_file(inName)) { GF_MediaExporter mdump; char szFile[GF_MAX_PATH+24]; for (i=0; iact_type != TRAC_ACTION_RAW_EXTRACT) continue; memset(&mdump, 0, sizeof(mdump)); mdump.in_name = inName; mdump.flags = tka->dump_type; mdump.trackID = tka->trackID; mdump.sample_num = tka->sample_num; if (outName) { mdump.out_name = outName; mdump.flags |= GF_EXPORT_MERGE; } else if (nb_track_act>1) { sprintf(szFile, ""%s_track%d"", outfile, mdump.trackID); mdump.out_name = szFile; } else { mdump.out_name = outfile; } mdump.print_stats_graph = fs_dump_flags; e = gf_media_export(&mdump); if (e) goto err_exit; } goto exit; } #endif #ifndef GPAC_DISABLE_SCENE_DUMP if (dump_mode != GF_SM_DUMP_NONE) { e = dump_isom_scene(inName, dump_std ? NULL : (outName ? outName : outfile), outName ? GF_TRUE : GF_FALSE, dump_mode, do_scene_log, no_odf_conf); if (e) goto err_exit; } #endif #ifndef GPAC_DISABLE_SCENE_STATS if (stat_level) dump_isom_scene_stats(inName, dump_std ? NULL : (outName ? outName : outfile), outName ? GF_TRUE : GF_FALSE, stat_level); #endif #ifndef GPAC_DISABLE_ISOM_HINTING if (!HintIt && print_sdp) dump_isom_sdp(file, dump_std ? NULL : (outName ? outName : outfile), outName ? GF_TRUE : GF_FALSE); #endif if (get_nb_tracks) { fprintf(stdout, ""%d\n"", gf_isom_get_track_count(file)); } if (print_info) { if (!file) { fprintf(stderr, ""Cannot print info on a non ISOM file (%s)\n"", inName); } else { if (info_track_id) DumpTrackInfo(file, info_track_id, 1, (print_info==2) ? GF_TRUE : GF_FALSE); else DumpMovieInfo(file); } } #ifndef GPAC_DISABLE_ISOM_DUMP if (dump_isom) { e = dump_isom_xml(file, dump_std ? NULL : (outName ? outName : outfile), outName ? GF_TRUE : GF_FALSE, (dump_isom==2) ? GF_TRUE : GF_FALSE, merge_vtt_cues, use_init_seg ? GF_TRUE : GF_FALSE, (dump_isom==3) ? GF_TRUE : GF_FALSE); if (e) goto err_exit; } if (dump_cr) dump_isom_ismacryp(file, dump_std ? NULL : (outName ? outName : outfile), outName ? GF_TRUE : GF_FALSE); if ((dump_ttxt || dump_srt) && trackID) { if (trackID == (u32)-1) { for (j=0; jact_type != TRAC_ACTION_RAW_EXTRACT) continue; memset(&mdump, 0, sizeof(mdump)); mdump.file = file; mdump.flags = tka->dump_type; mdump.trackID = tka->trackID; mdump.sample_num = tka->sample_num; if (tka->out_name) { mdump.out_name = tka->out_name; } else if (outName) { mdump.out_name = outName; mdump.flags |= GF_EXPORT_MERGE; mdump.flags |= GF_EXPORT_NO_FILE_EXT; } else if (mdump.trackID) { sprintf(szFile, ""%s_track%d"", outfile, mdump.trackID); mdump.out_name = szFile; } else { sprintf(szFile, ""%s_export"", outfile); mdump.out_name = szFile; } if (tka->trackID==(u32) -1) { for (j=0; jtrackID) tk = gf_isom_get_track_by_id(file, meta->trackID); switch (meta->act_type) { #ifndef GPAC_DISABLE_ISOM_WRITE case META_ACTION_SET_TYPE: e = gf_isom_set_meta_type(file, meta->root_meta, tk, meta->meta_4cc); gf_isom_modify_alternate_brand(file, GF_ISOM_BRAND_ISO2, GF_TRUE); needSave = GF_TRUE; break; case META_ACTION_ADD_ITEM: self_ref = !stricmp(meta->szPath, ""NULL"") || !stricmp(meta->szPath, ""this"") || !stricmp(meta->szPath, ""self""); e = gf_isom_add_meta_item(file, meta->root_meta, tk, self_ref, self_ref ? NULL : meta->szPath, meta->szName, meta->item_id, meta->item_type, meta->mime_type, meta->enc_type, meta->use_dref ? meta->szPath : NULL, NULL, meta->image_props); if (meta->ref_type) { e = gf_isom_meta_add_item_ref(file, meta->root_meta, tk, meta->item_id, meta->ref_item_id, meta->ref_type, NULL); } needSave = GF_TRUE; break; case META_ACTION_ADD_IMAGE_ITEM: { u32 old_tk_count = gf_isom_get_track_count(file); GF_Fraction _frac = {0,0}; e = import_file(file, meta->szPath, 0, _frac, 0, NULL, NULL, 0); if (e == GF_OK) { u32 meta_type = gf_isom_get_meta_type(file, meta->root_meta, tk); if (!meta_type) { e = gf_isom_set_meta_type(file, meta->root_meta, tk, GF_META_ITEM_TYPE_PICT); } else { if (meta_type != GF_META_ITEM_TYPE_PICT) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""Warning: file already has a root 'meta' box of type %s\n"", gf_4cc_to_str(meta_type))); e = GF_BAD_PARAM; } } if (e == GF_OK) { if (!meta->item_id) { e = gf_isom_meta_get_next_item_id(file, meta->root_meta, tk, &meta->item_id); } if (e == GF_OK) { e = gf_isom_iff_create_image_item_from_track(file, meta->root_meta, tk, 1, meta->szName, meta->item_id, meta->image_props, NULL); if (e == GF_OK && meta->primary) { e = gf_isom_set_meta_primary_item(file, meta->root_meta, tk, meta->item_id); } if (e == GF_OK && meta->ref_type) { e = gf_isom_meta_add_item_ref(file, meta->root_meta, tk, meta->item_id, meta->ref_item_id, meta->ref_type, NULL); } } } } gf_isom_remove_track(file, old_tk_count+1); needSave = GF_TRUE; } break; case META_ACTION_REM_ITEM: e = gf_isom_remove_meta_item(file, meta->root_meta, tk, meta->item_id); needSave = GF_TRUE; break; case META_ACTION_SET_PRIMARY_ITEM: e = gf_isom_set_meta_primary_item(file, meta->root_meta, tk, meta->item_id); needSave = GF_TRUE; break; case META_ACTION_SET_XML: case META_ACTION_SET_BINARY_XML: e = gf_isom_set_meta_xml(file, meta->root_meta, tk, meta->szPath, NULL, 0, (meta->act_type==META_ACTION_SET_BINARY_XML) ? 1 : 0); needSave = GF_TRUE; break; case META_ACTION_REM_XML: if (gf_isom_get_meta_item_count(file, meta->root_meta, tk)) { e = gf_isom_remove_meta_xml(file, meta->root_meta, tk); needSave = GF_TRUE; } else { fprintf(stderr, ""No meta box in input file\n""); } break; case META_ACTION_DUMP_ITEM: if (gf_isom_get_meta_item_count(file, meta->root_meta, tk)) { e = gf_isom_extract_meta_item(file, meta->root_meta, tk, meta->item_id, strlen(meta->szPath) ? meta->szPath : NULL); } else { fprintf(stderr, ""No meta box in input file\n""); } break; #endif case META_ACTION_DUMP_XML: if (gf_isom_has_meta_xml(file, meta->root_meta, tk)) { e = gf_isom_extract_meta_xml(file, meta->root_meta, tk, meta->szPath, NULL); } else { fprintf(stderr, ""No meta box in input file\n""); } break; default: break; } if (meta->image_props) { gf_free(meta->image_props); meta->image_props = NULL; } if (e) goto err_exit; } if (!open_edit && !needSave) { if (file) gf_isom_delete(file); goto exit; } #ifndef GPAC_DISABLE_ISOM_WRITE if (clean_groups) { e = gf_isom_reset_switch_parameters(file); if (e) goto err_exit; needSave = GF_TRUE; } for (i=0; i0) { u32 tk, k; for (k=0; k<(u32) count; k++) { gf_isom_get_reference(file, j+1, GF_ISOM_REF_CHAP, k+1, &tk); if (tk==i+1) { is_chap = 1; break; } } if (is_chap) break; } if (is_chap) break; } if (!is_chap) gf_isom_set_media_type(file, i+1, GF_ISOM_MEDIA_SUBT); } break; } } gf_isom_set_brand_info(file, ipod_major_brand, 1); gf_isom_modify_alternate_brand(file, GF_ISOM_BRAND_MP42, GF_TRUE); needSave = GF_TRUE; } } else if (outName) { strcpy(outfile, outName); } for (j=0; jtrackID ? gf_isom_get_track_by_id(file, tka->trackID) : 0; timescale = gf_isom_get_timescale(file); switch (tka->act_type) { case TRAC_ACTION_REM_TRACK: e = gf_isom_remove_track(file, track); if (e) { fprintf(stderr, ""Error Removing track ID %d: %s\n"", tka->trackID, gf_error_to_string(e)); } else { fprintf(stderr, ""Removing track ID %d\n"", tka->trackID); } needSave = GF_TRUE; break; case TRAC_ACTION_SET_LANGUAGE: for (i=0; ilang); if (e) goto err_exit; needSave = GF_TRUE; } needSave = GF_TRUE; break; case TRAC_ACTION_SET_KIND: for (i=0; ikind_scheme, tka->kind_value); if (e) goto err_exit; needSave = GF_TRUE; } needSave = GF_TRUE; break; case TRAC_ACTION_REM_KIND: for (i=0; ikind_scheme, tka->kind_value); if (e) goto err_exit; needSave = GF_TRUE; } needSave = GF_TRUE; break; case TRAC_ACTION_SET_DELAY: if (tka->delay_ms) { u64 tk_dur; gf_isom_remove_edits(file, track); tk_dur = gf_isom_get_track_duration(file, track); if (gf_isom_get_edits_count(file, track)) needSave = GF_TRUE; if (tka->delay_ms>0) { gf_isom_append_edit(file, track, (timescale*tka->delay_ms)/1000, 0, GF_ISOM_EDIT_EMPTY); gf_isom_append_edit(file, track, tk_dur, 0, GF_ISOM_EDIT_NORMAL); needSave = GF_TRUE; } else { u64 to_skip = (timescale*(-tka->delay_ms))/1000; if (to_skipdelay_ms)*gf_isom_get_media_timescale(file, track) / 1000; gf_isom_append_edit(file, track, tk_dur-to_skip, media_time, GF_ISOM_EDIT_NORMAL); needSave = GF_TRUE; } else { fprintf(stderr, ""Warning: request negative delay longer than track duration - ignoring\n""); } } } else if (gf_isom_get_edits_count(file, track)) { gf_isom_remove_edits(file, track); needSave = GF_TRUE; } break; case TRAC_ACTION_SET_KMS_URI: for (i=0; ikms); if (e) goto err_exit; needSave = GF_TRUE; } break; case TRAC_ACTION_SET_ID: if (!tka->trackID && (gf_isom_get_track_count(file) == 1)) { fprintf(stderr, ""Warning: track id is not specified, but file has only one track - assume that you want to change id for this track\n""); track = 1; } if (track) { u32 newTrack; newTrack = gf_isom_get_track_by_id(file, tka->newTrackID); if (newTrack != 0) { fprintf(stderr, ""Error: Cannot set track id with value %d because a track already exists - ignoring"", tka->newTrackID); } else { e = gf_isom_set_track_id(file, track, tka->newTrackID); needSave = GF_TRUE; } } else { fprintf(stderr, ""Error: Cannot change id for track %d because it does not exist - ignoring"", tka->trackID); } break; case TRAC_ACTION_SWAP_ID: if (track) { u32 tk1, tk2; tk1 = gf_isom_get_track_by_id(file, tka->trackID); tk2 = gf_isom_get_track_by_id(file, tka->newTrackID); if (!tk1 || !tk2) { fprintf(stderr, ""Error: Cannot swap track IDs because not existing - ignoring""); } else { e = gf_isom_set_track_id(file, tk2, 0); if (!e) e = gf_isom_set_track_id(file, tk1, tka->newTrackID); if (!e) e = gf_isom_set_track_id(file, tk2, tka->trackID); needSave = GF_TRUE; } } else { fprintf(stderr, ""Error: Cannot change id for track %d because it does not exist - ignoring"", tka->trackID); } break; case TRAC_ACTION_SET_PAR: e = gf_media_change_par(file, track, tka->par_num, tka->par_den, tka->force_par, tka->rewrite_bs); needSave = GF_TRUE; break; case TRAC_ACTION_SET_CLAP: e = gf_isom_set_clean_aperture(file, track, 1, tka->clap_wnum, tka->clap_wden, tka->clap_hnum, tka->clap_hden, tka->clap_honum, tka->clap_hoden, tka->clap_vonum, tka->clap_voden); needSave = GF_TRUE; break; case TRAC_ACTION_SET_MX: e = gf_isom_set_track_matrix(file, track, tka->mx); needSave = GF_TRUE; break; case TRAC_ACTION_SET_HANDLER_NAME: e = gf_isom_set_handler_name(file, track, tka->hdl_name); needSave = GF_TRUE; break; case TRAC_ACTION_ENABLE: if (!gf_isom_is_track_enabled(file, track)) { e = gf_isom_set_track_enabled(file, track, GF_TRUE); needSave = GF_TRUE; } break; case TRAC_ACTION_DISABLE: if (gf_isom_is_track_enabled(file, track)) { e = gf_isom_set_track_enabled(file, track, GF_FALSE); needSave = GF_TRUE; } break; case TRAC_ACTION_REFERENCE: e = gf_isom_set_track_reference(file, track, GF_4CC(tka->lang[0], tka->lang[1], tka->lang[2], tka->lang[3]), (u32) tka->delay_ms); needSave = GF_TRUE; break; case TRAC_ACTION_REM_NON_RAP: fprintf(stderr, ""Removing non-rap samples from track %d\n"", tka->trackID); e = gf_media_remove_non_rap(file, track, GF_FALSE); needSave = GF_TRUE; break; case TRAC_ACTION_REM_NON_REFS: fprintf(stderr, ""Removing non-reference samples from track %d\n"", tka->trackID); e = gf_media_remove_non_rap(file, track, GF_TRUE); needSave = GF_TRUE; break; case TRAC_ACTION_SET_UDTA: fprintf(stderr, ""Assigning udta box\n""); e = set_file_udta(file, track, tka->udta_type, tka->src_name, tka->sample_num ? GF_TRUE : GF_FALSE); if (e) goto err_exit; needSave = GF_TRUE; break; default: break; } if (e) goto err_exit; } if (itunes_tags) { char *tags = itunes_tags; while (tags) { char *val; char *sep = gf_url_colon_suffix(tags); u32 tlen, itag = 0; if (sep) { while (sep) { for (itag=0; itag> 8; _t[5] = t; _t[4] = t >> 8; } else if (sscanf(val, ""%u"", &n) == 1) { _t[3] = n; _t[2] = n >> 8; } else tlen = 0; } if (!val || tlen) gf_isom_apple_set_tag(file, itag, val ? (u8 *)_t : NULL, tlen); } break; case GF_ISOM_ITUNE_GAPLESS: case GF_ISOM_ITUNE_COMPILATION: { u8 _t[1]; if (val && !stricmp(val, ""yes"")) _t[0] = 1; else _t[0] = 0; gf_isom_apple_set_tag(file, itag, _t, 1); } break; default: gf_isom_apple_set_tag(file, itag, (u8 *)val, tlen); break; } needSave = GF_TRUE; if (sep) { sep[0] = ':'; tags = sep+1; } else { tags = NULL; } } } if (movie_time) { gf_isom_set_creation_time(file, movie_time); for (i=0; ictx); void *va; size_t dst_offs; if (!callee_params) { memset(param, 0, sizeof(*param)); } else { res = tee_mmu_check_access_rights(utc, TEE_MEMORY_ACCESS_READ | TEE_MEMORY_ACCESS_ANY_OWNER, (uaddr_t)callee_params, sizeof(struct utee_params)); if (res != TEE_SUCCESS) return res; utee_param_to_param(param, callee_params); } if (called_sess && is_pseudo_ta_ctx(called_sess->ctx)) { return TEE_SUCCESS; } for (n = 0; n < TEE_NUM_PARAMS; n++) { ta_private_memref[n] = false; switch (TEE_PARAM_TYPE_GET(param->types, n)) { case TEE_PARAM_TYPE_MEMREF_INPUT: case TEE_PARAM_TYPE_MEMREF_OUTPUT: case TEE_PARAM_TYPE_MEMREF_INOUT: va = (void *)param->u[n].mem.offs; s = param->u[n].mem.size; if (!va) { if (s) return TEE_ERROR_BAD_PARAMETERS; break; } if (tee_mmu_is_vbuf_inside_ta_private(utc, va, s)) { s = ROUNDUP(s, sizeof(uint32_t)); if (ADD_OVERFLOW(req_mem, s, &req_mem)) return TEE_ERROR_BAD_PARAMETERS; ta_private_memref[n] = true; break; } res = tee_mmu_vbuf_to_mobj_offs(utc, va, s, ¶m->u[n].mem.mobj, ¶m->u[n].mem.offs); if (res != TEE_SUCCESS) return res; break; default: break; } } if (req_mem == 0) return TEE_SUCCESS; res = alloc_temp_sec_mem(req_mem, mobj_tmp, &dst); if (res != TEE_SUCCESS) return res; dst_offs = 0; for (n = 0; n < TEE_NUM_PARAMS; n++) { if (!ta_private_memref[n]) continue; s = ROUNDUP(param->u[n].mem.size, sizeof(uint32_t)); switch (TEE_PARAM_TYPE_GET(param->types, n)) { case TEE_PARAM_TYPE_MEMREF_INPUT: case TEE_PARAM_TYPE_MEMREF_INOUT: va = (void *)param->u[n].mem.offs; if (va) { res = tee_svc_copy_from_user(dst, va, param->u[n].mem.size); if (res != TEE_SUCCESS) return res; param->u[n].mem.offs = dst_offs; param->u[n].mem.mobj = *mobj_tmp; tmp_buf_va[n] = dst; dst += s; dst_offs += s; } break; case TEE_PARAM_TYPE_MEMREF_OUTPUT: va = (void *)param->u[n].mem.offs; if (va) { param->u[n].mem.offs = dst_offs; param->u[n].mem.mobj = *mobj_tmp; tmp_buf_va[n] = dst; dst += s; dst_offs += s; } break; default: continue; } } return TEE_SUCCESS; }",visit repo url,core/tee/tee_svc.c,https://github.com/OP-TEE/optee_os,41804425162260,1 4864,['CWE-189'],"ecryptfs_decode_from_filename(unsigned char *dst, size_t *dst_size, const unsigned char *src, size_t src_size) { u8 current_bit_offset = 0; size_t src_byte_offset = 0; size_t dst_byte_offset = 0; if (dst == NULL) { (*dst_size) = (((src_size + 1) * 3) / 4); goto out; } while (src_byte_offset < src_size) { unsigned char src_byte = filename_rev_map[(int)src[src_byte_offset]]; switch (current_bit_offset) { case 0: dst[dst_byte_offset] = (src_byte << 2); current_bit_offset = 6; break; case 6: dst[dst_byte_offset++] |= (src_byte >> 4); dst[dst_byte_offset] = ((src_byte & 0xF) << 4); current_bit_offset = 4; break; case 4: dst[dst_byte_offset++] |= (src_byte >> 2); dst[dst_byte_offset] = (src_byte << 6); current_bit_offset = 2; break; case 2: dst[dst_byte_offset++] |= (src_byte); dst[dst_byte_offset] = 0; current_bit_offset = 0; break; } src_byte_offset++; } (*dst_size) = dst_byte_offset; out: return; }",linux-2.6,,,219438018314016546090054204125824042107,0 5579,CWE-125,"ast2obj_excepthandler(void* _o) { excepthandler_ty o = (excepthandler_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case ExceptHandler_kind: result = PyType_GenericNew(ExceptHandler_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.ExceptHandler.type); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_type, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_identifier(o->v.ExceptHandler.name); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_name, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ExceptHandler.body, ast2obj_stmt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; } value = ast2obj_int(o->lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) < 0) goto failed; Py_DECREF(value); value = ast2obj_int(o->col_offset); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_col_offset, value) < 0) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,84888941853243,1 4451,CWE-190,"layer_resize(int layer, int x_size, int y_size) { int old_height; int old_width; struct map_tile* tile; int tile_width; int tile_height; struct map_tile* tilemap; struct map_trigger* trigger; struct map_zone* zone; int x, y, i; old_width = s_map->layers[layer].width; old_height = s_map->layers[layer].height; if (!(tilemap = malloc(x_size * y_size * sizeof(struct map_tile)))) return false; for (x = 0; x < x_size; ++x) { for (y = 0; y < y_size; ++y) { if (x < old_width && y < old_height) { tilemap[x + y * x_size] = s_map->layers[layer].tilemap[x + y * old_width]; } else { tile = &tilemap[x + y * x_size]; tile->frames_left = tileset_get_delay(s_map->tileset, 0); tile->tile_index = 0; } } } free(s_map->layers[layer].tilemap); s_map->layers[layer].tilemap = tilemap; s_map->layers[layer].width = x_size; s_map->layers[layer].height = y_size; tileset_get_size(s_map->tileset, &tile_width, &tile_height); s_map->width = 0; s_map->height = 0; for (i = 0; i < s_map->num_layers; ++i) { if (!s_map->layers[i].is_parallax) { s_map->width = fmax(s_map->width, s_map->layers[i].width * tile_width); s_map->height = fmax(s_map->height, s_map->layers[i].height * tile_height); } } for (i = (int)vector_len(s_map->zones) - 1; i >= 0; --i) { zone = vector_get(s_map->zones, i); if (zone->bounds.x1 >= s_map->width || zone->bounds.y1 >= s_map->height) vector_remove(s_map->zones, i); else { if (zone->bounds.x2 > s_map->width) zone->bounds.x2 = s_map->width; if (zone->bounds.y2 > s_map->height) zone->bounds.y2 = s_map->height; } } for (i = (int)vector_len(s_map->triggers) - 1; i >= 0; --i) { trigger = vector_get(s_map->triggers, i); if (trigger->x >= s_map->width || trigger->y >= s_map->height) vector_remove(s_map->triggers, i); } return true; }",visit repo url,src/minisphere/map_engine.c,https://github.com/fatcerberus/minisphere,82950897974721,1 5461,CWE-617,"pci_emul_add_capability(struct pci_vdev *dev, u_char *capdata, int caplen) { int i, capoff, reallen; uint16_t sts; assert(caplen > 0); reallen = roundup2(caplen, 4); sts = pci_get_cfgdata16(dev, PCIR_STATUS); if ((sts & PCIM_STATUS_CAPPRESENT) == 0) capoff = CAP_START_OFFSET; else capoff = dev->capend + 1; if (capoff + reallen > PCI_REGMAX + 1) return -1; if ((sts & PCIM_STATUS_CAPPRESENT) == 0) { pci_set_cfgdata8(dev, PCIR_CAP_PTR, capoff); pci_set_cfgdata16(dev, PCIR_STATUS, sts|PCIM_STATUS_CAPPRESENT); } else pci_set_cfgdata8(dev, dev->prevcap + 1, capoff); for (i = 0; i < caplen; i++) pci_set_cfgdata8(dev, capoff + i, capdata[i]); pci_set_cfgdata8(dev, capoff + 1, 0); dev->prevcap = capoff; dev->capend = capoff + reallen - 1; return 0; }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,21289177682942,1 5192,CWE-787,"TfLiteStatus Eval(TfLiteContext* context, TfLiteNode* node) { auto* params = reinterpret_cast(node->builtin_data); const TfLiteTensor* input = GetInput(context, node, kInputTensor); const TfLiteTensor* input_weights = GetInput(context, node, kWeightsTensor); const TfLiteTensor* recurrent_weights = GetInput(context, node, kRecurrentWeightsTensor); const TfLiteTensor* bias = GetInput(context, node, kBiasTensor); TfLiteTensor* hidden_state = const_cast(GetInput(context, node, kHiddenStateTensor)); TfLiteTensor* output = GetOutput(context, node, kOutputTensor); switch (input_weights->type) { case kTfLiteFloat32: return EvalFloat(input, input_weights, recurrent_weights, bias, params, hidden_state, output); case kTfLiteUInt8: case kTfLiteInt8: { auto* op_data = reinterpret_cast(node->user_data); TfLiteTensor* input_quantized = GetTemporary(context, node, 0); TfLiteTensor* hidden_state_quantized = GetTemporary(context, node, 1); TfLiteTensor* scaling_factors = GetTemporary(context, node, 2); TfLiteTensor* accum_scratch = GetTemporary(context, node, 3); TfLiteTensor* zero_points = GetTemporary(context, node, 4); TfLiteTensor* row_sums = GetTemporary(context, node, 5); return EvalHybrid(input, input_weights, recurrent_weights, bias, params, input_quantized, hidden_state_quantized, scaling_factors, hidden_state, output, zero_points, accum_scratch, row_sums, &op_data->compute_row_sums); } default: TF_LITE_KERNEL_LOG(context, ""Type %d not currently supported."", TfLiteTypeGetName(input_weights->type)); return kTfLiteError; } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/unidirectional_sequence_rnn.cc,https://github.com/tensorflow/tensorflow,149794079248942,1 5915,CWE-190,"static Jsi_RC jsi_ArrayConcatCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this,Jsi_Value **ret, Jsi_Func *funcPtr) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array object""); Jsi_RC rc = JSI_OK; int curlen, argc, nsiz; Jsi_Obj *obj, *nobj; Jsi_Value *va; obj = _this->d.obj; argc = Jsi_ValueGetLength(interp, args); curlen = Jsi_ObjGetLength(interp, obj); if (curlen < 0) { Jsi_ObjSetLength(interp, obj, 0); } Jsi_ObjListifyArray(interp, obj); nobj = Jsi_ObjNewType(interp, JSI_OT_ARRAY); nsiz = obj->arrMaxSize; if (nsiz<=0) nsiz = 100; if (Jsi_ObjArraySizer(interp, nobj, nsiz+1) <= 0) { rc = JSI_ERROR; Jsi_LogError(""index too large: %d"", nsiz+1); goto bail; } int i, j, m; for (i = 0; iarr[i]) continue; nobj->arr[i] = NULL; Jsi_ValueDup2(interp, nobj->arr+i, obj->arr[i]); } m = i; for (i = 0; i < argc; i++) { va = Jsi_ValueArrayIndex(interp, args, i); if (va->vt == JSI_VT_OBJECT && Jsi_ObjIsArray(interp, va->d.obj)) { int margc = Jsi_ValueGetLength(interp, va); Jsi_Obj *mobj = va->d.obj; Jsi_ObjListifyArray(interp, mobj); if (Jsi_ObjArraySizer(interp, nobj, curlen += margc) <= 0) { rc = JSI_ERROR; Jsi_LogError(""index too large: %d"", curlen); goto bail; } for (j = 0; jarr[j]) continue; nobj->arr[m] = NULL; Jsi_ValueDup2(interp, nobj->arr+m, mobj->arr[j]); } } else { if (Jsi_ObjArraySizer(interp, nobj, ++curlen) <= 0) { rc = JSI_ERROR; Jsi_LogError(""index too large: %d"", curlen); goto bail; } nobj->arr[m] = NULL; Jsi_ValueDup2(interp, nobj->arr+m++, va); } } Jsi_ObjSetLength(interp, nobj, curlen); Jsi_ValueMakeArrayObject(interp, ret, nobj); return JSI_OK; bail: Jsi_ValueMakeNull(interp, ret); return rc; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,64513171244743,1 6165,CWE-190,"static void ep4_mul_naf_imp(ep4_t r, const ep4_t p, const bn_t k) { int l, i, n; int8_t naf[RLC_FP_BITS + 1]; ep4_t t[1 << (EP_WIDTH - 2)]; RLC_TRY { for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep4_null(t[i]); ep4_new(t[i]); } ep4_tab(t, p, EP_WIDTH); l = sizeof(naf); bn_rec_naf(naf, &l, k, EP_WIDTH); ep4_set_infty(r); for (i = l - 1; i >= 0; i--) { ep4_dbl(r, r); n = naf[i]; if (n > 0) { ep4_add(r, r, t[n / 2]); } if (n < 0) { ep4_sub(r, r, t[-n / 2]); } } ep4_norm(r, r); if (bn_sign(k) == RLC_NEG) { ep4_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep4_free(t[i]); } } }",visit repo url,src/epx/relic_ep4_mul.c,https://github.com/relic-toolkit/relic,160489603927810,1 1148,CWE-189,"SYSCALL_DEFINE2(osf_getdomainname, char __user *, name, int, namelen) { unsigned len; int i; if (!access_ok(VERIFY_WRITE, name, namelen)) return -EFAULT; len = namelen; if (namelen > 32) len = 32; down_read(&uts_sem); for (i = 0; i < len; ++i) { __put_user(utsname()->domainname[i], name + i); if (utsname()->domainname[i] == '\0') break; } up_read(&uts_sem); return 0; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,211716187258866,1 4988,['CWE-20'],"void dir_page_release(nfs_readdir_descriptor_t *desc) { kunmap(desc->page); page_cache_release(desc->page); desc->page = NULL; desc->ptr = NULL; }",linux-2.6,,,309673175416117311003469742398172107995,0 5375,CWE-125,"GPMF_ERR IsValidSize(GPMF_stream *ms, uint32_t size) { if (ms) { int32_t nestsize = (int32_t)ms->nest_size[ms->nest_level]; if (nestsize == 0 && ms->nest_level == 0) nestsize = ms->buffer_size_longs; if (size + 2 <= nestsize) return GPMF_OK; } return GPMF_ERROR_BAD_STRUCTURE; }",visit repo url,GPMF_parser.c,https://github.com/gopro/gpmf-parser,203812939871895,1 4716,CWE-78,"void imap_quote_string(char *dest, size_t dlen, const char *src) { static const char quote[] = ""\""\\""; char *pt = dest; const char *s = src; *pt++ = '""'; dlen -= 2; for (; *s && dlen; s++) { if (strchr(quote, *s)) { dlen -= 2; if (dlen == 0) break; *pt++ = '\\'; *pt++ = *s; } else { *pt++ = *s; dlen--; } } *pt++ = '""'; *pt = '\0'; }",visit repo url,imap/util.c,https://github.com/neomutt/neomutt,17834808214376,1 3132,CWE-134,"int bad_format( char *fmt) { char *ptr; int n = 0; ptr = fmt; while (*ptr != '\0') if (*ptr++ == '%') { if (*ptr == '\0') return 1; if (*ptr == 's' || *ptr == 'S' || *ptr == '%') ptr++; else if (*ptr == 'c') { ptr++; n = 1; } else { if (*ptr == ' ' || *ptr == '+' || *ptr == '-') ptr++; while (*ptr >= '0' && *ptr <= '9') ptr++; if (*ptr == '.') ptr++; while (*ptr >= '0' && *ptr <= '9') ptr++; if (*ptr++ != 'l') return 1; if (*ptr == 'e' || *ptr == 'f' || *ptr == 'g') ptr++; else return 1; n++; } } return (n != 1); }",visit repo url,src/rrd_graph.c,https://github.com/oetiker/rrdtool-1.x,62275778647309,1 3792,[],"static void scan_children(struct sock *x, void (*func)(struct sock *), struct sk_buff_head *hitlist) { if (x->sk_state != TCP_LISTEN) scan_inflight(x, func, hitlist); else { struct sk_buff *skb; struct sk_buff *next; struct unix_sock *u; LIST_HEAD(embryos); spin_lock(&x->sk_receive_queue.lock); receive_queue_for_each_skb(x, next, skb) { u = unix_sk(skb->sk); BUG_ON(!list_empty(&u->link)); list_add_tail(&u->link, &embryos); } spin_unlock(&x->sk_receive_queue.lock); while (!list_empty(&embryos)) { u = list_entry(embryos.next, struct unix_sock, link); scan_inflight(&u->sk, func, hitlist); list_del_init(&u->link); } } }",linux-2.6,,,61592070873784169866062239444867258076,0 247,[],"int fat_dir_empty(struct inode *dir) { struct buffer_head *bh; struct msdos_dir_entry *de; loff_t cpos; int result = 0; bh = NULL; cpos = 0; while (fat_get_short_entry(dir, &cpos, &bh, &de) >= 0) { if (strncmp(de->name, MSDOS_DOT , MSDOS_NAME) && strncmp(de->name, MSDOS_DOTDOT, MSDOS_NAME)) { result = -ENOTEMPTY; break; } } brelse(bh); return result; }",linux-2.6,,,34381105216989212609720521842417061134,0 3294,['CWE-189'],"void jp2_box_dump(jp2_box_t *box, FILE *out) { jp2_boxinfo_t *boxinfo; boxinfo = jp2_boxinfolookup(box->type); assert(boxinfo); fprintf(out, ""JP2 box: ""); fprintf(out, ""type=%c%s%c (0x%08x); length=%d\n"", '""', boxinfo->name, '""', box->type, box->len); if (box->ops->dumpdata) { (*box->ops->dumpdata)(box, out); } }",jasper,,,23026798143374692848356771249464135038,0 3353,CWE-119,"test_save_copy (const char *origname) { char buf[TESTBUFSIZE]; int ret; snprintf_func (buf, TESTBUFSIZE, ""cp -f %s %s"", origname, TEST_COPY_FILE); if ((ret = system (buf)) != 0) { return XD3_INTERNAL; } return 0; }",visit repo url,xdelta3/xdelta3-test.h,https://github.com/jmacd/xdelta-devel,32633882417993,1 917,['CWE-200'],"static struct page **shmem_dir_map(struct page *page) { return (struct page **)kmap_atomic(page, KM_USER0); }",linux-2.6,,,208936920727025541320504979533346754847,0 4240,CWE-78,"R_API int r_socket_block_time(RSocket *s, int block, int sec, int usec) { #if __UNIX__ int ret, flags; #endif if (!s) { return false; } #if __UNIX__ flags = fcntl (s->fd, F_GETFL, 0); if (flags < 0) { return false; } ret = fcntl (s->fd, F_SETFL, block? (flags & ~O_NONBLOCK): (flags | O_NONBLOCK)); if (ret < 0) { return false; } #elif __WINDOWS__ ioctlsocket (s->fd, FIONBIO, (u_long FAR*)&block); #endif if (sec > 0 || usec > 0) { struct timeval tv = {0}; tv.tv_sec = sec; tv.tv_usec = usec; if (setsockopt (s->fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof (tv)) < 0) { return false; } } return true; }",visit repo url,libr/socket/socket.c,https://github.com/radareorg/radare2,31054286266404,1 4006,['CWE-362'],"static int tag_chunk(struct inode *inode, struct audit_tree *tree) { struct inotify_watch *watch; struct audit_tree *owner; struct audit_chunk *chunk, *old; struct node *p; int n; if (inotify_find_watch(rtree_ih, inode, &watch) < 0) return create_chunk(inode, tree); old = container_of(watch, struct audit_chunk, watch); spin_lock(&hash_lock); for (n = 0; n < old->count; n++) { if (old->owners[n].owner == tree) { spin_unlock(&hash_lock); put_inotify_watch(watch); return 0; } } spin_unlock(&hash_lock); chunk = alloc_chunk(old->count + 1); if (!chunk) return -ENOMEM; mutex_lock(&inode->inotify_mutex); if (inotify_clone_watch(&old->watch, &chunk->watch) < 0) { mutex_unlock(&inode->inotify_mutex); free_chunk(chunk); return -ENOSPC; } spin_lock(&hash_lock); if (tree->goner) { spin_unlock(&hash_lock); chunk->dead = 1; inotify_evict_watch(&chunk->watch); mutex_unlock(&inode->inotify_mutex); put_inotify_watch(&chunk->watch); return 0; } list_replace_init(&old->trees, &chunk->trees); for (n = 0, p = chunk->owners; n < old->count; n++, p++) { struct audit_tree *s = old->owners[n].owner; p->owner = s; p->index = old->owners[n].index; if (!s) continue; get_tree(s); list_replace_init(&old->owners[n].list, &p->list); } p->index = (chunk->count - 1) | (1U<<31); p->owner = tree; get_tree(tree); list_add(&p->list, &tree->chunks); list_replace_rcu(&old->hash, &chunk->hash); list_for_each_entry(owner, &chunk->trees, same_root) owner->root = chunk; old->dead = 1; if (!tree->root) { tree->root = chunk; list_add(&tree->same_root, &chunk->trees); } spin_unlock(&hash_lock); inotify_evict_watch(&old->watch); mutex_unlock(&inode->inotify_mutex); put_inotify_watch(&old->watch); return 0; }",linux-2.6,,,219500673631879871678755801820231839627,0 3009,CWE-125,"BGD_DECLARE(gdImagePtr) gdImageCreateFromTgaCtx(gdIOCtx* ctx) { int bitmap_caret = 0; oTga *tga = NULL; volatile gdImagePtr image = NULL; int x = 0; int y = 0; tga = (oTga *) gdMalloc(sizeof(oTga)); if (!tga) { return NULL; } tga->bitmap = NULL; tga->ident = NULL; if (read_header_tga(ctx, tga) < 0) { free_tga(tga); return NULL; } if (read_image_tga(ctx, tga) < 0) { free_tga(tga); return NULL; } image = gdImageCreateTrueColor((int)tga->width, (int)tga->height ); if (image == 0) { free_tga( tga ); return NULL; } if (tga->alphabits) { gdImageAlphaBlending(image, 0); gdImageSaveAlpha(image, 1); } for (y = 0; y < tga->height; y++) { register int *tpix = image->tpixels[y]; for ( x = 0; x < tga->width; x++, tpix++) { if (tga->bits == TGA_BPP_24) { *tpix = gdTrueColor(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret]); bitmap_caret += 3; } else if (tga->bits == TGA_BPP_32 || tga->alphabits) { register int a = tga->bitmap[bitmap_caret + 3]; *tpix = gdTrueColorAlpha(tga->bitmap[bitmap_caret + 2], tga->bitmap[bitmap_caret + 1], tga->bitmap[bitmap_caret], gdAlphaMax - (a >> 1)); bitmap_caret += 4; } } } if (tga->flipv && tga->fliph) { gdImageFlipBoth(image); } else if (tga->flipv) { gdImageFlipVertical(image); } else if (tga->fliph) { gdImageFlipHorizontal(image); } free_tga(tga); return image; }",visit repo url,src/gd_tga.c,https://github.com/libgd/libgd,198869832688280,1 5105,['CWE-20'],"static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); u64 phys_addr = __pa(vmx->vmcs); u64 tsc_this, delta, new_offset; if (vcpu->cpu != cpu) { vcpu_clear(vmx); kvm_migrate_timers(vcpu); vpid_sync_vcpu_all(vmx); local_irq_disable(); list_add(&vmx->local_vcpus_link, &per_cpu(vcpus_on_cpu, cpu)); local_irq_enable(); } if (per_cpu(current_vmcs, cpu) != vmx->vmcs) { u8 error; per_cpu(current_vmcs, cpu) = vmx->vmcs; asm volatile (__ex(ASM_VMX_VMPTRLD_RAX) ""; setna %0"" : ""=g""(error) : ""a""(&phys_addr), ""m""(phys_addr) : ""cc""); if (error) printk(KERN_ERR ""kvm: vmptrld %p/%llx fail\n"", vmx->vmcs, phys_addr); } if (vcpu->cpu != cpu) { struct descriptor_table dt; unsigned long sysenter_esp; vcpu->cpu = cpu; vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); kvm_get_gdt(&dt); vmcs_writel(HOST_GDTR_BASE, dt.base); rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); rdtscll(tsc_this); if (tsc_this < vcpu->arch.host_tsc) { delta = vcpu->arch.host_tsc - tsc_this; new_offset = vmcs_read64(TSC_OFFSET) + delta; vmcs_write64(TSC_OFFSET, new_offset); } } }",linux-2.6,,,99987861969731584776845928151857574943,0 3991,['CWE-362'],"static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) { struct audit_entry *entry; struct audit_field *ino_f; int err = 0; int i; entry = audit_to_entry_common(rule); if (IS_ERR(entry)) goto exit_nofree; for (i = 0; i < rule->field_count; i++) { struct audit_field *f = &entry->rule.fields[i]; f->op = rule->fields[i] & (AUDIT_NEGATE|AUDIT_OPERATORS); f->type = rule->fields[i] & ~(AUDIT_NEGATE|AUDIT_OPERATORS); f->val = rule->values[i]; err = -EINVAL; switch(f->type) { default: goto exit_free; case AUDIT_PID: case AUDIT_UID: case AUDIT_EUID: case AUDIT_SUID: case AUDIT_FSUID: case AUDIT_GID: case AUDIT_EGID: case AUDIT_SGID: case AUDIT_FSGID: case AUDIT_LOGINUID: case AUDIT_PERS: case AUDIT_MSGTYPE: case AUDIT_PPID: case AUDIT_DEVMAJOR: case AUDIT_DEVMINOR: case AUDIT_EXIT: case AUDIT_SUCCESS: if (f->op == AUDIT_BIT_MASK || f->op == AUDIT_BIT_TEST) { err = -EINVAL; goto exit_free; } break; case AUDIT_ARG0: case AUDIT_ARG1: case AUDIT_ARG2: case AUDIT_ARG3: break; case AUDIT_ARCH: if ((f->op != AUDIT_NOT_EQUAL) && (f->op != AUDIT_EQUAL) && (f->op != AUDIT_NEGATE) && (f->op)) { err = -EINVAL; goto exit_free; } entry->rule.arch_f = f; break; case AUDIT_PERM: if (f->val & ~15) goto exit_free; break; case AUDIT_FILETYPE: if ((f->val & ~S_IFMT) > S_IFMT) goto exit_free; break; case AUDIT_INODE: err = audit_to_inode(&entry->rule, f); if (err) goto exit_free; break; } entry->rule.vers_ops = (f->op & AUDIT_OPERATORS) ? 2 : 1; if (f->op & AUDIT_NEGATE) f->op = AUDIT_NOT_EQUAL; else if (!f->op) f->op = AUDIT_EQUAL; else if (f->op == AUDIT_OPERATORS) { err = -EINVAL; goto exit_free; } } ino_f = entry->rule.inode_f; if (ino_f) { switch(ino_f->op) { case AUDIT_NOT_EQUAL: entry->rule.inode_f = NULL; case AUDIT_EQUAL: break; default: err = -EINVAL; goto exit_free; } } exit_nofree: return entry; exit_free: audit_free_rule(entry); return ERR_PTR(err); }",linux-2.6,,,279565425496874308948460106342583468525,0 3678,['CWE-119'],"int hfsplus_delete_cat(u32 cnid, struct inode *dir, struct qstr *str) { struct super_block *sb; struct hfs_find_data fd; struct hfsplus_fork_raw fork; struct list_head *pos; int err, off; u16 type; dprint(DBG_CAT_MOD, ""delete_cat: %s,%u\n"", str ? str->name : NULL, cnid); sb = dir->i_sb; hfs_find_init(HFSPLUS_SB(sb).cat_tree, &fd); if (!str) { int len; hfsplus_cat_build_key(sb, fd.search_key, cnid, NULL); err = hfs_brec_find(&fd); if (err) goto out; off = fd.entryoffset + offsetof(struct hfsplus_cat_thread, nodeName); fd.search_key->cat.parent = cpu_to_be32(dir->i_ino); hfs_bnode_read(fd.bnode, &fd.search_key->cat.name.length, off, 2); len = be16_to_cpu(fd.search_key->cat.name.length) * 2; hfs_bnode_read(fd.bnode, &fd.search_key->cat.name.unicode, off + 2, len); fd.search_key->key_len = cpu_to_be16(6 + len); } else hfsplus_cat_build_key(sb, fd.search_key, dir->i_ino, str); err = hfs_brec_find(&fd); if (err) goto out; type = hfs_bnode_read_u16(fd.bnode, fd.entryoffset); if (type == HFSPLUS_FILE) { #if 0 off = fd.entryoffset + offsetof(hfsplus_cat_file, data_fork); hfs_bnode_read(fd.bnode, &fork, off, sizeof(fork)); hfsplus_free_fork(sb, cnid, &fork, HFSPLUS_TYPE_DATA); #endif off = fd.entryoffset + offsetof(struct hfsplus_cat_file, rsrc_fork); hfs_bnode_read(fd.bnode, &fork, off, sizeof(fork)); hfsplus_free_fork(sb, cnid, &fork, HFSPLUS_TYPE_RSRC); } list_for_each(pos, &HFSPLUS_I(dir).open_dir_list) { struct hfsplus_readdir_data *rd = list_entry(pos, struct hfsplus_readdir_data, list); if (fd.tree->keycmp(fd.search_key, (void *)&rd->key) < 0) rd->file->f_pos--; } err = hfs_brec_remove(&fd); if (err) goto out; hfsplus_cat_build_key(sb, fd.search_key, cnid, NULL); err = hfs_brec_find(&fd); if (err) goto out; err = hfs_brec_remove(&fd); if (err) goto out; dir->i_size--; dir->i_mtime = dir->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(dir); out: hfs_find_exit(&fd); return err; }",linux-2.6,,,140532638066930827590360478499539808490,0 2915,['CWE-189'],"static int jp2_getuint8(jas_stream_t *in, uint_fast8_t *val) { int c; if ((c = jas_stream_getc(in)) == EOF) { return -1; } if (val) { *val = c; } return 0; }",jasper,,,308974853304127102348394480013843856500,0 5496,['CWE-476'],"static inline u32 bit(int bitno) { return 1 << (bitno & 31); }",linux-2.6,,,167403253537145869754741606595422207516,0 5621,CWE-125,"new_identifier(const char *n, struct compiling *c) { PyObject *id = PyUnicode_DecodeUTF8(n, strlen(n), NULL); if (!id) return NULL; assert(PyUnicode_IS_READY(id)); if (!PyUnicode_IS_ASCII(id)) { PyObject *id2; if (!c->c_normalize && !init_normalization(c)) { Py_DECREF(id); return NULL; } PyTuple_SET_ITEM(c->c_normalize_args, 1, id); id2 = PyObject_Call(c->c_normalize, c->c_normalize_args, NULL); Py_DECREF(id); if (!id2) return NULL; id = id2; } PyUnicode_InternInPlace(&id); if (PyArena_AddPyObject(c->c_arena, id) < 0) { Py_DECREF(id); return NULL; } return id; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,162193885861996,1 2665,[],"static int sctp_setsockopt_primary_addr(struct sock *sk, char __user *optval, int optlen) { struct sctp_prim prim; struct sctp_transport *trans; if (optlen != sizeof(struct sctp_prim)) return -EINVAL; if (copy_from_user(&prim, optval, sizeof(struct sctp_prim))) return -EFAULT; trans = sctp_addr_id2transport(sk, &prim.ssp_addr, prim.ssp_assoc_id); if (!trans) return -EINVAL; sctp_assoc_set_primary(trans->asoc, trans); return 0; }",linux-2.6,,,41143561861822847424045963568488420981,0 931,CWE-120,"static int complete_emulated_mmio(struct kvm_vcpu *vcpu) { struct kvm_run *run = vcpu->run; struct kvm_mmio_fragment *frag; unsigned len; BUG_ON(!vcpu->mmio_needed); frag = &vcpu->mmio_fragments[vcpu->mmio_cur_fragment]; len = min(8u, frag->len); if (!vcpu->mmio_is_write) memcpy(frag->data, run->mmio.data, len); if (frag->len <= 8) { frag++; vcpu->mmio_cur_fragment++; } else { frag->data += len; frag->gpa += len; frag->len -= len; } if (vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments) { vcpu->mmio_needed = 0; if (vcpu->mmio_is_write) return 1; vcpu->mmio_read_completed = 1; return complete_emulated_io(vcpu); } run->exit_reason = KVM_EXIT_MMIO; run->mmio.phys_addr = frag->gpa; if (vcpu->mmio_is_write) memcpy(run->mmio.data, frag->data, min(8u, frag->len)); run->mmio.len = min(8u, frag->len); run->mmio.is_write = vcpu->mmio_is_write; vcpu->arch.complete_userspace_io = complete_emulated_mmio; return 0; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,242143370405151,1 1044,CWE-125,"static void ftrace_syscall_exit(void *data, struct pt_regs *regs, long ret) { struct trace_array *tr = data; struct ftrace_event_file *ftrace_file; struct syscall_trace_exit *entry; struct syscall_metadata *sys_data; struct ring_buffer_event *event; struct ring_buffer *buffer; unsigned long irq_flags; int pc; int syscall_nr; syscall_nr = trace_get_syscall_nr(current, regs); if (syscall_nr < 0) return; ftrace_file = rcu_dereference_sched(tr->exit_syscall_files[syscall_nr]); if (!ftrace_file) return; if (ftrace_trigger_soft_disabled(ftrace_file)) return; sys_data = syscall_nr_to_meta(syscall_nr); if (!sys_data) return; local_save_flags(irq_flags); pc = preempt_count(); buffer = tr->trace_buffer.buffer; event = trace_buffer_lock_reserve(buffer, sys_data->exit_event->event.type, sizeof(*entry), irq_flags, pc); if (!event) return; entry = ring_buffer_event_data(event); entry->nr = syscall_nr; entry->ret = syscall_get_return_value(current, regs); event_trigger_unlock_commit(ftrace_file, buffer, event, entry, irq_flags, pc); }",visit repo url,kernel/trace/trace_syscalls.c,https://github.com/torvalds/linux,84985701402767,1 6639,CWE-415,"static char ** split(const char *arg, const char *delim) { char *copy = dupstr(arg); char **result = NULL; int i = 0; for (char *cptr = strtok(copy, delim); cptr; cptr = strtok(NULL, delim)) { char **tmp = realloc (result, sizeof *result * (i + 1)); if (!tmp && result) { while (i > 0) { free(result[--i]); } free(result); free(copy); return NULL; } result = tmp; result[i++] = dupstr(cptr); } free(copy); if (i) { char **tmp = realloc(result, sizeof *result * (i + 1)); if (!tmp) { while (i > 0) { free(result[--i]); } free(result); free(copy); return NULL; } result = tmp; result[i++] = NULL; } return result; }",visit repo url,contrib/shpsort.c,https://github.com/OSGeo/shapelib,77113295702353,1 6136,['CWE-200'],"int unregister_tcf_proto_ops(struct tcf_proto_ops *ops) { struct tcf_proto_ops *t, **tp; int rc = -ENOENT; write_lock(&cls_mod_lock); for (tp = &tcf_proto_base; (t=*tp) != NULL; tp = &t->next) if (t == ops) break; if (!t) goto out; *tp = t->next; rc = 0; out: write_unlock(&cls_mod_lock); return rc; }",linux-2.6,,,174696920077191836711558050992991407255,0 1668,CWE-119,"void unix_notinflight(struct file *fp) { struct sock *s = unix_get_socket(fp); if (s) { struct unix_sock *u = unix_sk(s); spin_lock(&unix_gc_lock); BUG_ON(list_empty(&u->link)); if (atomic_long_dec_and_test(&u->inflight)) list_del_init(&u->link); unix_tot_inflight--; spin_unlock(&unix_gc_lock); } }",visit repo url,net/unix/garbage.c,https://github.com/torvalds/linux,187073302488862,1 5100,['CWE-20'],"static u16 vmcs_read16(unsigned long field) { return vmcs_readl(field); }",linux-2.6,,,141692066859976318284023108713516585165,0 4357,['CWE-399'],"SYSCALL_DEFINE5(add_key, const char __user *, _type, const char __user *, _description, const void __user *, _payload, size_t, plen, key_serial_t, ringid) { key_ref_t keyring_ref, key_ref; char type[32], *description; void *payload; long ret; bool vm; ret = -EINVAL; if (plen > 1024 * 1024 - 1) goto error; ret = key_get_type_from_user(type, _type, sizeof(type)); if (ret < 0) goto error; description = strndup_user(_description, PAGE_SIZE); if (IS_ERR(description)) { ret = PTR_ERR(description); goto error; } payload = NULL; vm = false; if (_payload) { ret = -ENOMEM; payload = kmalloc(plen, GFP_KERNEL); if (!payload) { if (plen <= PAGE_SIZE) goto error2; vm = true; payload = vmalloc(plen); if (!payload) goto error2; } ret = -EFAULT; if (copy_from_user(payload, _payload, plen) != 0) goto error3; } keyring_ref = lookup_user_key(ringid, 1, 0, KEY_WRITE); if (IS_ERR(keyring_ref)) { ret = PTR_ERR(keyring_ref); goto error3; } key_ref = key_create_or_update(keyring_ref, type, description, payload, plen, KEY_PERM_UNDEF, KEY_ALLOC_IN_QUOTA); if (!IS_ERR(key_ref)) { ret = key_ref_to_ptr(key_ref)->serial; key_ref_put(key_ref); } else { ret = PTR_ERR(key_ref); } key_ref_put(keyring_ref); error3: if (!vm) kfree(payload); else vfree(payload); error2: kfree(description); error: return ret; } ",linux-2.6,,,196570673742758751851291919402348238327,0 6197,['CWE-200'],"void neigh_sysctl_unregister(struct neigh_parms *p) { if (p->sysctl_table) { struct neigh_sysctl_table *t = p->sysctl_table; p->sysctl_table = NULL; unregister_sysctl_table(t->sysctl_header); kfree(t->neigh_dev[0].procname); kfree(t); } }",linux-2.6,,,224924375521005256700488889499663457142,0 4711,CWE-22,"static int pop_fetch_headers(struct Context *ctx) { struct PopData *pop_data = (struct PopData *) ctx->data; struct Progress progress; #ifdef USE_HCACHE header_cache_t *hc = pop_hcache_open(pop_data, ctx->path); #endif time(&pop_data->check_time); pop_data->clear_cache = false; for (int i = 0; i < ctx->msgcount; i++) ctx->hdrs[i]->refno = -1; const int old_count = ctx->msgcount; int ret = pop_fetch_data(pop_data, ""UIDL\r\n"", NULL, fetch_uidl, ctx); const int new_count = ctx->msgcount; ctx->msgcount = old_count; if (pop_data->cmd_uidl == 2) { if (ret == 0) { pop_data->cmd_uidl = 1; mutt_debug(1, ""set UIDL capability\n""); } if (ret == -2 && pop_data->cmd_uidl == 2) { pop_data->cmd_uidl = 0; mutt_debug(1, ""unset UIDL capability\n""); snprintf(pop_data->err_msg, sizeof(pop_data->err_msg), ""%s"", _(""Command UIDL is not supported by server."")); } } if (!ctx->quiet) { mutt_progress_init(&progress, _(""Fetching message headers...""), MUTT_PROGRESS_MSG, ReadInc, new_count - old_count); } if (ret == 0) { int i, deleted; for (i = 0, deleted = 0; i < old_count; i++) { if (ctx->hdrs[i]->refno == -1) { ctx->hdrs[i]->deleted = true; deleted++; } } if (deleted > 0) { mutt_error( ngettext(""%d message has been lost. Try reopening the mailbox."", ""%d messages have been lost. Try reopening the mailbox."", deleted), deleted); } bool hcached = false; for (i = old_count; i < new_count; i++) { if (!ctx->quiet) mutt_progress_update(&progress, i + 1 - old_count, -1); #ifdef USE_HCACHE void *data = mutt_hcache_fetch(hc, ctx->hdrs[i]->data, strlen(ctx->hdrs[i]->data)); if (data) { char *uidl = mutt_str_strdup(ctx->hdrs[i]->data); int refno = ctx->hdrs[i]->refno; int index = ctx->hdrs[i]->index; struct Header *h = mutt_hcache_restore((unsigned char *) data); mutt_hcache_free(hc, &data); mutt_header_free(&ctx->hdrs[i]); ctx->hdrs[i] = h; ctx->hdrs[i]->refno = refno; ctx->hdrs[i]->index = index; ctx->hdrs[i]->data = uidl; ret = 0; hcached = true; } else #endif if ((ret = pop_read_header(pop_data, ctx->hdrs[i])) < 0) break; #ifdef USE_HCACHE else { mutt_hcache_store(hc, ctx->hdrs[i]->data, strlen(ctx->hdrs[i]->data), ctx->hdrs[i], 0); } #endif const bool bcached = (mutt_bcache_exists(pop_data->bcache, ctx->hdrs[i]->data) == 0); ctx->hdrs[i]->old = false; ctx->hdrs[i]->read = false; if (hcached) { if (bcached) ctx->hdrs[i]->read = true; else if (MarkOld) ctx->hdrs[i]->old = true; } else { if (bcached) ctx->hdrs[i]->read = true; } ctx->msgcount++; } if (i > old_count) mx_update_context(ctx, i - old_count); } #ifdef USE_HCACHE mutt_hcache_close(hc); #endif if (ret < 0) { for (int i = ctx->msgcount; i < new_count; i++) mutt_header_free(&ctx->hdrs[i]); return ret; } if (MessageCacheClean) mutt_bcache_list(pop_data->bcache, msg_cache_check, (void *) ctx); mutt_clear_error(); return (new_count - old_count); }",visit repo url,pop.c,https://github.com/neomutt/neomutt,277771220888940,1 4301,CWE-129,"RList *r_bin_ne_get_segments(r_bin_ne_obj_t *bin) { int i; if (!bin) { return NULL; } RList *segments = r_list_newf (free); for (i = 0; i < bin->ne_header->SegCount; i++) { RBinSection *bs = R_NEW0 (RBinSection); NE_image_segment_entry *se = &bin->segment_entries[i]; if (!bs) { return segments; } bs->size = se->length; bs->vsize = se->minAllocSz ? se->minAllocSz : 64000; bs->bits = R_SYS_BITS_16; bs->is_data = se->flags & IS_DATA; bs->perm = __translate_perms (se->flags); bs->paddr = (ut64)se->offset * bin->alignment; bs->name = r_str_newf (""%s.%"" PFMT64d, se->flags & IS_MOVEABLE ? ""MOVEABLE"" : ""FIXED"", bs->paddr); bs->is_segment = true; r_list_append (segments, bs); } bin->segments = segments; return segments; }",visit repo url,libr/bin/format/ne/ne.c,https://github.com/radareorg/radare2,74228324145380,1 1577,CWE-362,"static int newseg(struct ipc_namespace *ns, struct ipc_params *params) { key_t key = params->key; int shmflg = params->flg; size_t size = params->u.size; int error; struct shmid_kernel *shp; size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT; struct file *file; char name[13]; int id; vm_flags_t acctflag = 0; if (size < SHMMIN || size > ns->shm_ctlmax) return -EINVAL; if (numpages << PAGE_SHIFT < size) return -ENOSPC; if (ns->shm_tot + numpages < ns->shm_tot || ns->shm_tot + numpages > ns->shm_ctlall) return -ENOSPC; shp = ipc_rcu_alloc(sizeof(*shp)); if (!shp) return -ENOMEM; shp->shm_perm.key = key; shp->shm_perm.mode = (shmflg & S_IRWXUGO); shp->mlock_user = NULL; shp->shm_perm.security = NULL; error = security_shm_alloc(shp); if (error) { ipc_rcu_putref(shp, ipc_rcu_free); return error; } sprintf(name, ""SYSV%08x"", key); if (shmflg & SHM_HUGETLB) { struct hstate *hs; size_t hugesize; hs = hstate_sizelog((shmflg >> SHM_HUGE_SHIFT) & SHM_HUGE_MASK); if (!hs) { error = -EINVAL; goto no_file; } hugesize = ALIGN(size, huge_page_size(hs)); if (shmflg & SHM_NORESERVE) acctflag = VM_NORESERVE; file = hugetlb_file_setup(name, hugesize, acctflag, &shp->mlock_user, HUGETLB_SHMFS_INODE, (shmflg >> SHM_HUGE_SHIFT) & SHM_HUGE_MASK); } else { if ((shmflg & SHM_NORESERVE) && sysctl_overcommit_memory != OVERCOMMIT_NEVER) acctflag = VM_NORESERVE; file = shmem_kernel_file_setup(name, size, acctflag); } error = PTR_ERR(file); if (IS_ERR(file)) goto no_file; id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni); if (id < 0) { error = id; goto no_id; } shp->shm_cprid = task_tgid_vnr(current); shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; shp->shm_creator = current; list_add(&shp->shm_clist, ¤t->sysvshm.shm_clist); file_inode(file)->i_ino = shp->shm_perm.id; ns->shm_tot += numpages; error = shp->shm_perm.id; ipc_unlock_object(&shp->shm_perm); rcu_read_unlock(); return error; no_id: if (is_file_hugepages(file) && shp->mlock_user) user_shm_unlock(size, shp->mlock_user); fput(file); no_file: ipc_rcu_putref(shp, shm_rcu_free); return error; }",visit repo url,ipc/shm.c,https://github.com/torvalds/linux,82227661059253,1 241,CWE-119,"static int vfio_msi_enable(struct vfio_pci_device *vdev, int nvec, bool msix) { struct pci_dev *pdev = vdev->pdev; unsigned int flag = msix ? PCI_IRQ_MSIX : PCI_IRQ_MSI; int ret; if (!is_irq_none(vdev)) return -EINVAL; vdev->ctx = kzalloc(nvec * sizeof(struct vfio_pci_irq_ctx), GFP_KERNEL); if (!vdev->ctx) return -ENOMEM; ret = pci_alloc_irq_vectors(pdev, 1, nvec, flag); if (ret < nvec) { if (ret > 0) pci_free_irq_vectors(pdev); kfree(vdev->ctx); return ret; } vdev->num_ctx = nvec; vdev->irq_type = msix ? VFIO_PCI_MSIX_IRQ_INDEX : VFIO_PCI_MSI_IRQ_INDEX; if (!msix) { vdev->msi_qmax = fls(nvec * 2 - 1) - 1; } return 0; }",visit repo url,drivers/vfio/pci/vfio_pci_intrs.c,https://github.com/torvalds/linux,1788425737561,1 5644,CWE-125,"ast_for_arguments(struct compiling *c, const node *n) { int i, j, k, nposargs = 0, nkwonlyargs = 0; int nposdefaults = 0, found_default = 0; asdl_seq *posargs, *posdefaults, *kwonlyargs, *kwdefaults; arg_ty vararg = NULL, kwarg = NULL; arg_ty arg = NULL; node *ch; if (TYPE(n) == parameters) { if (NCH(n) == 2) return arguments(NULL, NULL, NULL, NULL, NULL, NULL, c->c_arena); n = CHILD(n, 1); } assert(TYPE(n) == typedargslist || TYPE(n) == varargslist); for (i = 0; i < NCH(n); i++) { ch = CHILD(n, i); if (TYPE(ch) == STAR) { i++; if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { i++; } break; } if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == vfpdef || TYPE(ch) == tfpdef) nposargs++; if (TYPE(ch) == EQUAL) nposdefaults++; } for ( ; i < NCH(n); ++i) { ch = CHILD(n, i); if (TYPE(ch) == DOUBLESTAR) break; if (TYPE(ch) == tfpdef || TYPE(ch) == vfpdef) nkwonlyargs++; } posargs = (nposargs ? _Ta3_asdl_seq_new(nposargs, c->c_arena) : NULL); if (!posargs && nposargs) return NULL; kwonlyargs = (nkwonlyargs ? _Ta3_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwonlyargs && nkwonlyargs) return NULL; posdefaults = (nposdefaults ? _Ta3_asdl_seq_new(nposdefaults, c->c_arena) : NULL); if (!posdefaults && nposdefaults) return NULL; kwdefaults = (nkwonlyargs ? _Ta3_asdl_seq_new(nkwonlyargs, c->c_arena) : NULL); if (!kwdefaults && nkwonlyargs) return NULL; i = 0; j = 0; k = 0; while (i < NCH(n)) { ch = CHILD(n, i); switch (TYPE(ch)) { case tfpdef: case vfpdef: if (i + 1 < NCH(n) && TYPE(CHILD(n, i + 1)) == EQUAL) { expr_ty expression = ast_for_expr(c, CHILD(n, i + 2)); if (!expression) return NULL; assert(posdefaults != NULL); asdl_seq_SET(posdefaults, j++, expression); i += 2; found_default = 1; } else if (found_default) { ast_error(c, n, ""non-default argument follows default argument""); return NULL; } arg = ast_for_arg(c, ch); if (!arg) return NULL; asdl_seq_SET(posargs, k++, arg); i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; break; case STAR: if (i+1 >= NCH(n) || (i+2 == NCH(n) && (TYPE(CHILD(n, i+1)) == COMMA || TYPE(CHILD(n, i+1)) == TYPE_COMMENT))) { ast_error(c, CHILD(n, i), ""named arguments must follow bare *""); return NULL; } ch = CHILD(n, i+1); if (TYPE(ch) == COMMA) { int res = 0; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { ast_error(c, CHILD(n, i), ""bare * has associated type comment""); return NULL; } res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } else { vararg = ast_for_arg(c, ch); if (!vararg) return NULL; i += 2; if (i < NCH(n) && TYPE(CHILD(n, i)) == COMMA) i += 1; if (i < NCH(n) && TYPE(CHILD(n, i)) == TYPE_COMMENT) { vararg->type_comment = NEW_TYPE_COMMENT(CHILD(n, i)); if (!vararg->type_comment) return NULL; i += 1; } if (i < NCH(n) && (TYPE(CHILD(n, i)) == tfpdef || TYPE(CHILD(n, i)) == vfpdef)) { int res = 0; res = handle_keywordonly_args(c, n, i, kwonlyargs, kwdefaults); if (res == -1) return NULL; i = res; } } break; case DOUBLESTAR: ch = CHILD(n, i+1); assert(TYPE(ch) == tfpdef || TYPE(ch) == vfpdef); kwarg = ast_for_arg(c, ch); if (!kwarg) return NULL; i += 2; if (TYPE(CHILD(n, i)) == COMMA) i += 1; break; case TYPE_COMMENT: assert(i); if (kwarg) arg = kwarg; arg->type_comment = NEW_TYPE_COMMENT(ch); if (!arg->type_comment) return NULL; i += 1; break; default: PyErr_Format(PyExc_SystemError, ""unexpected node in varargslist: %d @ %d"", TYPE(ch), i); return NULL; } } return arguments(posargs, vararg, kwonlyargs, kwdefaults, kwarg, posdefaults, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,163745358076974,1 4463,CWE-125,"static int jpeg_size(unsigned char* data, unsigned int data_size, int *width, int *height) { int i = 0; if (i + 3 < data_size && data[i] == 0xFF && data[i+1] == 0xD8 && data[i+2] == 0xFF && data[i+3] == 0xE0) { i += 4; if(i + 6 < data_size && data[i+2] == 'J' && data[i+3] == 'F' && data[i+4] == 'I' && data[i+5] == 'F' && data[i+6] == 0x00) { unsigned short block_length = data[i] * 256 + data[i+1]; while(i= data_size) return -1; if(data[i] != 0xFF) return -1; if(data[i+1] == 0xC0) { *height = data[i+5]*256 + data[i+6]; *width = data[i+7]*256 + data[i+8]; return 0; } i+=2; block_length = data[i] * 256 + data[i+1]; } } } return -1; }",visit repo url,pdfgen.c,https://github.com/AndreRenaud/PDFGen,136677637498119,1 5409,CWE-908,"parseuid(const char *s, uid_t *uid) { struct passwd *pw; const char *errstr; if ((pw = getpwnam(s)) != NULL) { *uid = pw->pw_uid; return 0; } #if !defined(__linux__) && !defined(__NetBSD__) *uid = strtonum(s, 0, UID_MAX, &errstr); #else sscanf(s, ""%d"", uid); #endif if (errstr) return -1; return 0; }",visit repo url,doas.c,https://github.com/slicer69/doas,12248068660656,1 560,[],"static int bad_file_dir_notify(struct file *file, unsigned long arg) { return -EIO; }",linux-2.6,,,53660805823819445234747671162549321521,0 2540,CWE-399,"do_local_notify(xmlNode * notify_src, const char *client_id, gboolean sync_reply, gboolean from_peer) { cib_client_t *client_obj = NULL; int local_rc = pcmk_ok; if (client_id != NULL) { client_obj = g_hash_table_lookup(client_list, client_id); } else { crm_trace(""No client to sent the response to. F_CIB_CLIENTID not set.""); } if (client_obj == NULL) { local_rc = -ECONNRESET; } else { int rid = 0; if(sync_reply) { CRM_LOG_ASSERT(client_obj->request_id); rid = client_obj->request_id; client_obj->request_id = 0; crm_trace(""Sending response %d to %s %s"", rid, client_obj->name, from_peer?""(originator of delegated request)"":""""); } else { crm_trace(""Sending an event to %s %s"", client_obj->name, from_peer?""(originator of delegated request)"":""""); } if (client_obj->ipc && crm_ipcs_send(client_obj->ipc, rid, notify_src, !sync_reply) < 0) { local_rc = -ENOMSG; #ifdef HAVE_GNUTLS_GNUTLS_H } else if (client_obj->session) { crm_send_remote_msg(client_obj->session, notify_src, client_obj->encrypted); #endif } else if(client_obj->ipc == NULL) { crm_err(""Unknown transport for %s"", client_obj->name); } } if (local_rc != pcmk_ok && client_obj != NULL) { crm_warn(""%sSync reply to %s failed: %s"", sync_reply ? """" : ""A-"", client_obj ? client_obj->name : """", pcmk_strerror(local_rc)); } }",visit repo url,cib/callbacks.c,https://github.com/ClusterLabs/pacemaker,200856166131644,1 5918,CWE-190,"static Jsi_RC jsi_ArrayForeachCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this,Jsi_Value **ret, Jsi_Func *funcPtr) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array object""); Jsi_Obj *obj; int curlen; uint i; Jsi_Value *func, *vpargs; func = Jsi_ValueArrayIndex(interp, args, 0); if (!Jsi_ValueIsFunction(interp, func)) return Jsi_LogError(""expected function""); Jsi_Value *sthis = Jsi_ValueArrayIndex(interp, args, 1); Jsi_Value *nthis = NULL; if (!sthis) sthis = nthis = Jsi_ValueNew1(interp); obj = _this->d.obj; curlen = Jsi_ObjGetLength(interp, obj); if (curlen < 0) { Jsi_ObjSetLength(interp, obj, 0); } Jsi_ObjListifyArray(interp, obj); Jsi_RC rc = JSI_OK; Jsi_Value *vobjs[3]; Jsi_Func *fptr = func->d.obj->d.fobj->func; int maa = (fptr->argnames?fptr->argnames->argCnt:0); if (maa>3) maa = 3; for (i = 0; i < obj->arrCnt && rc == JSI_OK; i++) { if (!obj->arr[i]) continue; vobjs[0] = obj->arr[i]; vobjs[1] = (maa>1?Jsi_ValueNewNumber(interp, i):NULL); vobjs[2] = _this; vpargs = Jsi_ValueMakeObject(interp, NULL, Jsi_ObjNewArray(interp, vobjs, maa, 0)); Jsi_IncrRefCount(interp, vpargs); rc = Jsi_FunctionInvoke(interp, func, vpargs, ret, sthis); Jsi_DecrRefCount(interp, vpargs); } if (nthis) Jsi_DecrRefCount(interp, nthis); return rc; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,922212788603,1 1646,[],"static inline void free_fair_sched_group(struct task_group *tg) { }",linux-2.6,,,208284522836762160951621647637011215090,0 3359,CWE-125,"dbd_st_prepare( SV *sth, imp_sth_t *imp_sth, char *statement, SV *attribs) { int i; SV **svp; dTHX; #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION #if MYSQL_VERSION_ID < CALL_PLACEHOLDER_VERSION char *str_ptr, *str_last_ptr; #if MYSQL_VERSION_ID < LIMIT_PLACEHOLDER_VERSION int limit_flag=0; #endif #endif int col_type, prepare_retval; MYSQL_BIND *bind, *bind_end; imp_sth_phb_t *fbind; #endif D_imp_xxh(sth); D_imp_dbh_from_sth; if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t-> dbd_st_prepare MYSQL_VERSION_ID %d, SQL statement: %s\n"", MYSQL_VERSION_ID, statement); #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION imp_sth->use_server_side_prepare= imp_dbh->use_server_side_prepare; if (attribs) { svp= DBD_ATTRIB_GET_SVP(attribs, ""mysql_server_prepare"", 20); imp_sth->use_server_side_prepare = (svp) ? SvTRUE(*svp) : imp_dbh->use_server_side_prepare; svp = DBD_ATTRIB_GET_SVP(attribs, ""async"", 5); if(svp && SvTRUE(*svp)) { #if MYSQL_ASYNC imp_sth->is_async = TRUE; imp_sth->use_server_side_prepare = FALSE; #else do_error(sth, 2000, ""Async support was not built into this version of DBD::mysql"", ""HY000""); return 0; #endif } } imp_sth->fetch_done= 0; #endif imp_sth->done_desc= 0; imp_sth->result= NULL; imp_sth->currow= 0; svp= DBD_ATTRIB_GET_SVP(attribs, ""mysql_use_result"", 16); imp_sth->use_mysql_use_result= svp ? SvTRUE(*svp) : imp_dbh->use_mysql_use_result; for (i= 0; i < AV_ATTRIB_LAST; i++) imp_sth->av_attr[i]= Nullav; mysql_st_free_result_sets(sth, imp_sth); #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION && MYSQL_VERSION_ID < CALL_PLACEHOLDER_VERSION if (imp_sth->use_server_side_prepare) { if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tuse_server_side_prepare set, check restrictions\n""); if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), #if MYSQL_VERSION_ID < LIMIT_PLACEHOLDER_VERSION ""\t\tneed to test for LIMIT & CALL\n""); #else ""\t\tneed to test for restrictions\n""); #endif str_last_ptr = statement + strlen(statement); for (str_ptr= statement; str_ptr < str_last_ptr; str_ptr++) { #if MYSQL_VERSION_ID < LIMIT_PLACEHOLDER_VERSION if (limit_flag) { if (*str_ptr == '?') { if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tLIMIT and ? found, set to use_server_side_prepare=0\n""); imp_sth->use_server_side_prepare= 0; break; } } else if (str_ptr < str_last_ptr - 6 && isspace(*(str_ptr + 0)) && tolower(*(str_ptr + 1)) == 'l' && tolower(*(str_ptr + 2)) == 'i' && tolower(*(str_ptr + 3)) == 'm' && tolower(*(str_ptr + 4)) == 'i' && tolower(*(str_ptr + 5)) == 't' && isspace(*(str_ptr + 6))) { if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""LIMIT set limit flag to 1\n""); limit_flag= 1; } #endif if (str_ptr < str_last_ptr - 4 && tolower(*(str_ptr + 0)) == 'c' && tolower(*(str_ptr + 1)) == 'a' && tolower(*(str_ptr + 2)) == 'l' && tolower(*(str_ptr + 3)) == 'l' && isspace(*(str_ptr + 4))) { if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""Disable PS mode for CALL()\n""); imp_sth->use_server_side_prepare= 0; break; } } } #endif #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION if (imp_sth->use_server_side_prepare) { if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tuse_server_side_prepare set\n""); if (imp_sth->stmt) fprintf(stderr, ""ERROR: Trying to prepare new stmt while we have \ already not closed one \n""); imp_sth->stmt= mysql_stmt_init(imp_dbh->pmysql); if (! imp_sth->stmt) { if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tERROR: Unable to return MYSQL_STMT structure \ from mysql_stmt_init(): ERROR NO: %d ERROR MSG:%s\n"", mysql_errno(imp_dbh->pmysql), mysql_error(imp_dbh->pmysql)); } prepare_retval= mysql_stmt_prepare(imp_sth->stmt, statement, strlen(statement)); if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tmysql_stmt_prepare returned %d\n"", prepare_retval); if (prepare_retval) { if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tmysql_stmt_prepare %d %s\n"", mysql_stmt_errno(imp_sth->stmt), mysql_stmt_error(imp_sth->stmt)); if (mysql_stmt_errno(imp_sth->stmt) == ER_UNSUPPORTED_PS) { if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tSETTING imp_sth->use_server_side_prepare to 0\n""); imp_sth->use_server_side_prepare= 0; } else { do_error(sth, mysql_stmt_errno(imp_sth->stmt), mysql_stmt_error(imp_sth->stmt), mysql_sqlstate(imp_dbh->pmysql)); mysql_stmt_close(imp_sth->stmt); imp_sth->stmt= NULL; return FALSE; } } else { DBIc_NUM_PARAMS(imp_sth)= mysql_stmt_param_count(imp_sth->stmt); if (DBIc_NUM_PARAMS(imp_sth) > 0) { int has_statement_fields= imp_sth->stmt->fields != 0; imp_sth->bind= alloc_bind(DBIc_NUM_PARAMS(imp_sth)); imp_sth->fbind= alloc_fbind(DBIc_NUM_PARAMS(imp_sth)); imp_sth->has_been_bound= 0; for (i= 0, bind= imp_sth->bind, fbind= imp_sth->fbind, bind_end= bind+DBIc_NUM_PARAMS(imp_sth); bind < bind_end ; bind++, fbind++, i++ ) { col_type= (has_statement_fields ? imp_sth->stmt->fields[i].type : MYSQL_TYPE_STRING); bind->buffer_type= mysql_to_perl_type(col_type); if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t\tmysql_to_perl_type returned %d\n"", col_type); bind->buffer= NULL; bind->length= &(fbind->length); bind->is_null= (char*) &(fbind->is_null); fbind->is_null= 1; fbind->length= 0; } } } } #endif #if MYSQL_VERSION_ID >= SERVER_PREPARE_VERSION if (imp_sth->use_server_side_prepare == 0) DBIc_NUM_PARAMS(imp_sth) = count_params((imp_xxh_t *)imp_dbh, aTHX_ statement, imp_dbh->bind_comment_placeholders); #else DBIc_NUM_PARAMS(imp_sth) = count_params((imp_xxh_t *)imp_dbh, aTHX_ statement, imp_dbh->bind_comment_placeholders); #endif imp_sth->params= alloc_param(DBIc_NUM_PARAMS(imp_sth)); DBIc_IMPSET_on(imp_sth); if (DBIc_TRACE_LEVEL(imp_xxh) >= 2) PerlIO_printf(DBIc_LOGPIO(imp_xxh), ""\t<- dbd_st_prepare\n""); return 1; }",visit repo url,dbdimp.c,https://github.com/perl5-dbi/DBD-mysql,273582192653171,1 3392,['CWE-264'],"void fastcall put_unused_fd(unsigned int fd) { struct files_struct *files = current->files; spin_lock(&files->file_lock); __put_unused_fd(files, fd); spin_unlock(&files->file_lock); }",linux-2.6,,,177645795540733984558220781327566615738,0 5149,['CWE-20'],"static int alloc_identity_pagetable(struct kvm *kvm) { struct kvm_userspace_memory_region kvm_userspace_mem; int r = 0; down_write(&kvm->slots_lock); if (kvm->arch.ept_identity_pagetable) goto out; kvm_userspace_mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT; kvm_userspace_mem.flags = 0; kvm_userspace_mem.guest_phys_addr = VMX_EPT_IDENTITY_PAGETABLE_ADDR; kvm_userspace_mem.memory_size = PAGE_SIZE; r = __kvm_set_memory_region(kvm, &kvm_userspace_mem, 0); if (r) goto out; kvm->arch.ept_identity_pagetable = gfn_to_page(kvm, VMX_EPT_IDENTITY_PAGETABLE_ADDR >> PAGE_SHIFT); out: up_write(&kvm->slots_lock); return r; }",linux-2.6,,,146501091290807739691214735735077741979,0 5479,['CWE-476'],"static void post_kvm_run_save(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { kvm_run->if_flag = (kvm_x86_ops->get_rflags(vcpu) & X86_EFLAGS_IF) != 0; kvm_run->cr8 = kvm_get_cr8(vcpu); kvm_run->apic_base = kvm_get_apic_base(vcpu); if (irqchip_in_kernel(vcpu->kvm)) kvm_run->ready_for_interrupt_injection = 1; else kvm_run->ready_for_interrupt_injection = (vcpu->arch.interrupt_window_open && vcpu->arch.irq_summary == 0); }",linux-2.6,,,43512791246800968620782745950925424791,0 1887,['CWE-189'],"_gnutls_ciphertext2compressed (gnutls_session_t session, opaque * compress_data, int compress_size, gnutls_datum_t ciphertext, uint8_t type) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; uint8_t pad; int length; digest_hd_st td; uint16_t blocksize; int ret, i, pad_failed = 0; uint8_t major, minor; gnutls_protocol_t ver; int hash_size = _gnutls_hash_get_algo_len (session->security_parameters. read_mac_algorithm); ver = gnutls_protocol_get_version (session); minor = _gnutls_version_get_minor (ver); major = _gnutls_version_get_major (ver); blocksize = _gnutls_cipher_get_block_size (session->security_parameters. read_bulk_cipher_algorithm); ret = mac_init (&td, session->security_parameters.read_mac_algorithm, session->connection_state.read_mac_secret.data, session->connection_state.read_mac_secret.size, ver); if (ret < 0 && session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } switch (_gnutls_cipher_is_block (session->security_parameters.read_bulk_cipher_algorithm)) { case CIPHER_STREAM: if ((ret = _gnutls_cipher_decrypt (&session->connection_state. read_cipher_state, ciphertext.data, ciphertext.size)) < 0) { gnutls_assert (); return ret; } length = ciphertext.size - hash_size; break; case CIPHER_BLOCK: if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0)) { gnutls_assert (); return GNUTLS_E_DECRYPTION_FAILED; } if ((ret = _gnutls_cipher_decrypt (&session->connection_state. read_cipher_state, ciphertext.data, ciphertext.size)) < 0) { gnutls_assert (); return ret; } if (session->security_parameters.version >= GNUTLS_TLS1_1) { ciphertext.size -= blocksize; ciphertext.data += blocksize; if (ciphertext.size == 0) { gnutls_assert (); return GNUTLS_E_DECRYPTION_FAILED; } } pad = ciphertext.data[ciphertext.size - 1] + 1; if ((int)pad > (int)ciphertext.size - hash_size) { gnutls_assert (); _gnutls_record_log (""REC[%x]: Short record length %d > %d - %d (under attack?)\n"", session, pad, ciphertext.size, hash_size); pad_failed = GNUTLS_E_DECRYPTION_FAILED; } length = ciphertext.size - hash_size - pad; if (ver >= GNUTLS_TLS1 && pad_failed == 0) for (i = 2; i < pad; i++) { if (ciphertext.data[ciphertext.size - i] != ciphertext.data[ciphertext.size - 1]) pad_failed = GNUTLS_E_DECRYPTION_FAILED; } break; default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } if (length < 0) length = 0; c_length = _gnutls_conv_uint16 ((uint16_t) length); if (session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL) { _gnutls_hmac (&td, UINT64DATA (session->connection_state. read_sequence_number), 8); _gnutls_hmac (&td, &type, 1); if (ver >= GNUTLS_TLS1) { _gnutls_hmac (&td, &major, 1); _gnutls_hmac (&td, &minor, 1); } _gnutls_hmac (&td, &c_length, 2); if (length > 0) _gnutls_hmac (&td, ciphertext.data, length); mac_deinit (&td, MAC, ver); } if (pad_failed != 0) return pad_failed; if (memcmp (MAC, &ciphertext.data[length], hash_size) != 0) { gnutls_assert (); return GNUTLS_E_DECRYPTION_FAILED; } if (compress_size < length) { gnutls_assert (); return GNUTLS_E_DECOMPRESSION_FAILED; } memcpy (compress_data, ciphertext.data, length); return length; }",gnutls,,,71075734724174952553502640199265785099,0 2853,['CWE-119'],"ace2type(struct nfs4_ace *ace) { switch (ace->whotype) { case NFS4_ACL_WHO_NAMED: return (ace->flag & NFS4_ACE_IDENTIFIER_GROUP ? ACL_GROUP : ACL_USER); case NFS4_ACL_WHO_OWNER: return ACL_USER_OBJ; case NFS4_ACL_WHO_GROUP: return ACL_GROUP_OBJ; case NFS4_ACL_WHO_EVERYONE: return ACL_OTHER; } BUG(); return -1; }",linux-2.6,,,277553485250731470398279539226838506441,0 1877,CWE-416,"int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) { struct anon_vma_chain *avc; struct anon_vma *anon_vma; int error; if (!pvma->anon_vma) return 0; vma->anon_vma = NULL; error = anon_vma_clone(vma, pvma); if (error) return error; if (vma->anon_vma) return 0; anon_vma = anon_vma_alloc(); if (!anon_vma) goto out_error; avc = anon_vma_chain_alloc(GFP_KERNEL); if (!avc) goto out_error_free_anon_vma; anon_vma->root = pvma->anon_vma->root; anon_vma->parent = pvma->anon_vma; get_anon_vma(anon_vma->root); vma->anon_vma = anon_vma; anon_vma_lock_write(anon_vma); anon_vma_chain_link(vma, avc, anon_vma); anon_vma->parent->degree++; anon_vma_unlock_write(anon_vma); return 0; out_error_free_anon_vma: put_anon_vma(anon_vma); out_error: unlink_anon_vmas(vma); return -ENOMEM; }",visit repo url,mm/rmap.c,https://github.com/torvalds/linux,264841470793281,1 4841,['CWE-189'],"static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_mount_crypt_stat *mount_crypt_stat) { struct ecryptfs_global_auth_tok *global_auth_tok; int rc = 0; mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); list_for_each_entry(global_auth_tok, &mount_crypt_stat->global_auth_tok_list, mount_crypt_stat_list) { if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_FNEK) continue; rc = ecryptfs_add_keysig(crypt_stat, global_auth_tok->sig); if (rc) { printk(KERN_ERR ""Error adding keysig; rc = [%d]\n"", rc); mutex_unlock( &mount_crypt_stat->global_auth_tok_list_mutex); goto out; } } mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); out: return rc; }",linux-2.6,,,293938321385783011607246204938135907718,0 2748,['CWE-189'],"static int sctp_auth_compare_vectors(struct sctp_auth_bytes *vector1, struct sctp_auth_bytes *vector2) { int diff; int i; const __u8 *longer; diff = vector1->len - vector2->len; if (diff) { longer = (diff > 0) ? vector1->data : vector2->data; for (i = 0; i < abs(diff); i++ ) { if (longer[i] != 0) return diff; } } return memcmp(vector1->data, vector2->data, vector1->len); }",linux-2.6,,,145458445078989761607658040699195895119,0 5087,CWE-787,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 3159,NVD-CWE-noinfo,"static FILE * pw_tmpfile(int lockfd) { FILE *fd; char *tmpname = NULL; char *dir = ""/etc""; if ((fd = xfmkstemp(&tmpname, dir)) == NULL) { ulckpwdf(); err(EXIT_FAILURE, _(""can't open temporary file"")); } copyfile(lockfd, fileno(fd)); tmp_file = tmpname; return fd; }",visit repo url,login-utils/vipw.c,https://github.com/karelzak/util-linux,28645097545013,1 686,[],"static int jpc_unk_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { cstate = 0; ms = 0; out = 0; return -1; }",jasper,,,336470889273952689517343756526798134216,0 2091,CWE-119,"static int create_qp_common(struct mlx5_ib_dev *dev, struct ib_pd *pd, struct ib_qp_init_attr *init_attr, struct ib_udata *udata, struct mlx5_ib_qp *qp) { struct mlx5_ib_resources *devr = &dev->devr; int inlen = MLX5_ST_SZ_BYTES(create_qp_in); struct mlx5_core_dev *mdev = dev->mdev; struct mlx5_ib_create_qp_resp resp; struct mlx5_ib_cq *send_cq; struct mlx5_ib_cq *recv_cq; unsigned long flags; u32 uidx = MLX5_IB_DEFAULT_UIDX; struct mlx5_ib_create_qp ucmd; struct mlx5_ib_qp_base *base; int mlx5_st; void *qpc; u32 *in; int err; mutex_init(&qp->mutex); spin_lock_init(&qp->sq.lock); spin_lock_init(&qp->rq.lock); mlx5_st = to_mlx5_st(init_attr->qp_type); if (mlx5_st < 0) return -EINVAL; if (init_attr->rwq_ind_tbl) { if (!udata) return -ENOSYS; err = create_rss_raw_qp_tir(dev, qp, pd, init_attr, udata); return err; } if (init_attr->create_flags & IB_QP_CREATE_BLOCK_MULTICAST_LOOPBACK) { if (!MLX5_CAP_GEN(mdev, block_lb_mc)) { mlx5_ib_dbg(dev, ""block multicast loopback isn't supported\n""); return -EINVAL; } else { qp->flags |= MLX5_IB_QP_BLOCK_MULTICAST_LOOPBACK; } } if (init_attr->create_flags & (IB_QP_CREATE_CROSS_CHANNEL | IB_QP_CREATE_MANAGED_SEND | IB_QP_CREATE_MANAGED_RECV)) { if (!MLX5_CAP_GEN(mdev, cd)) { mlx5_ib_dbg(dev, ""cross-channel isn't supported\n""); return -EINVAL; } if (init_attr->create_flags & IB_QP_CREATE_CROSS_CHANNEL) qp->flags |= MLX5_IB_QP_CROSS_CHANNEL; if (init_attr->create_flags & IB_QP_CREATE_MANAGED_SEND) qp->flags |= MLX5_IB_QP_MANAGED_SEND; if (init_attr->create_flags & IB_QP_CREATE_MANAGED_RECV) qp->flags |= MLX5_IB_QP_MANAGED_RECV; } if (init_attr->qp_type == IB_QPT_UD && (init_attr->create_flags & IB_QP_CREATE_IPOIB_UD_LSO)) if (!MLX5_CAP_GEN(mdev, ipoib_basic_offloads)) { mlx5_ib_dbg(dev, ""ipoib UD lso qp isn't supported\n""); return -EOPNOTSUPP; } if (init_attr->create_flags & IB_QP_CREATE_SCATTER_FCS) { if (init_attr->qp_type != IB_QPT_RAW_PACKET) { mlx5_ib_dbg(dev, ""Scatter FCS is supported only for Raw Packet QPs""); return -EOPNOTSUPP; } if (!MLX5_CAP_GEN(dev->mdev, eth_net_offloads) || !MLX5_CAP_ETH(dev->mdev, scatter_fcs)) { mlx5_ib_dbg(dev, ""Scatter FCS isn't supported\n""); return -EOPNOTSUPP; } qp->flags |= MLX5_IB_QP_CAP_SCATTER_FCS; } if (init_attr->sq_sig_type == IB_SIGNAL_ALL_WR) qp->sq_signal_bits = MLX5_WQE_CTRL_CQ_UPDATE; if (init_attr->create_flags & IB_QP_CREATE_CVLAN_STRIPPING) { if (!(MLX5_CAP_GEN(dev->mdev, eth_net_offloads) && MLX5_CAP_ETH(dev->mdev, vlan_cap)) || (init_attr->qp_type != IB_QPT_RAW_PACKET)) return -EOPNOTSUPP; qp->flags |= MLX5_IB_QP_CVLAN_STRIPPING; } if (pd && pd->uobject) { if (ib_copy_from_udata(&ucmd, udata, sizeof(ucmd))) { mlx5_ib_dbg(dev, ""copy failed\n""); return -EFAULT; } err = get_qp_user_index(to_mucontext(pd->uobject->context), &ucmd, udata->inlen, &uidx); if (err) return err; qp->wq_sig = !!(ucmd.flags & MLX5_QP_FLAG_SIGNATURE); qp->scat_cqe = !!(ucmd.flags & MLX5_QP_FLAG_SCATTER_CQE); if (ucmd.flags & MLX5_QP_FLAG_TUNNEL_OFFLOADS) { if (init_attr->qp_type != IB_QPT_RAW_PACKET || !tunnel_offload_supported(mdev)) { mlx5_ib_dbg(dev, ""Tunnel offload isn't supported\n""); return -EOPNOTSUPP; } qp->tunnel_offload_en = true; } if (init_attr->create_flags & IB_QP_CREATE_SOURCE_QPN) { if (init_attr->qp_type != IB_QPT_UD || (MLX5_CAP_GEN(dev->mdev, port_type) != MLX5_CAP_PORT_TYPE_IB) || !mlx5_get_flow_namespace(dev->mdev, MLX5_FLOW_NAMESPACE_BYPASS)) { mlx5_ib_dbg(dev, ""Source QP option isn't supported\n""); return -EOPNOTSUPP; } qp->flags |= MLX5_IB_QP_UNDERLAY; qp->underlay_qpn = init_attr->source_qpn; } } else { qp->wq_sig = !!wq_signature; } base = (init_attr->qp_type == IB_QPT_RAW_PACKET || qp->flags & MLX5_IB_QP_UNDERLAY) ? &qp->raw_packet_qp.rq.base : &qp->trans_qp.base; qp->has_rq = qp_has_rq(init_attr); err = set_rq_size(dev, &init_attr->cap, qp->has_rq, qp, (pd && pd->uobject) ? &ucmd : NULL); if (err) { mlx5_ib_dbg(dev, ""err %d\n"", err); return err; } if (pd) { if (pd->uobject) { __u32 max_wqes = 1 << MLX5_CAP_GEN(mdev, log_max_qp_sz); mlx5_ib_dbg(dev, ""requested sq_wqe_count (%d)\n"", ucmd.sq_wqe_count); if (ucmd.rq_wqe_shift != qp->rq.wqe_shift || ucmd.rq_wqe_count != qp->rq.wqe_cnt) { mlx5_ib_dbg(dev, ""invalid rq params\n""); return -EINVAL; } if (ucmd.sq_wqe_count > max_wqes) { mlx5_ib_dbg(dev, ""requested sq_wqe_count (%d) > max allowed (%d)\n"", ucmd.sq_wqe_count, max_wqes); return -EINVAL; } if (init_attr->create_flags & mlx5_ib_create_qp_sqpn_qp1()) { mlx5_ib_dbg(dev, ""user-space is not allowed to create UD QPs spoofing as QP1\n""); return -EINVAL; } err = create_user_qp(dev, pd, qp, udata, init_attr, &in, &resp, &inlen, base); if (err) mlx5_ib_dbg(dev, ""err %d\n"", err); } else { err = create_kernel_qp(dev, init_attr, qp, &in, &inlen, base); if (err) mlx5_ib_dbg(dev, ""err %d\n"", err); } if (err) return err; } else { in = kvzalloc(inlen, GFP_KERNEL); if (!in) return -ENOMEM; qp->create_type = MLX5_QP_EMPTY; } if (is_sqp(init_attr->qp_type)) qp->port = init_attr->port_num; qpc = MLX5_ADDR_OF(create_qp_in, in, qpc); MLX5_SET(qpc, qpc, st, mlx5_st); MLX5_SET(qpc, qpc, pm_state, MLX5_QP_PM_MIGRATED); if (init_attr->qp_type != MLX5_IB_QPT_REG_UMR) MLX5_SET(qpc, qpc, pd, to_mpd(pd ? pd : devr->p0)->pdn); else MLX5_SET(qpc, qpc, latency_sensitive, 1); if (qp->wq_sig) MLX5_SET(qpc, qpc, wq_signature, 1); if (qp->flags & MLX5_IB_QP_BLOCK_MULTICAST_LOOPBACK) MLX5_SET(qpc, qpc, block_lb_mc, 1); if (qp->flags & MLX5_IB_QP_CROSS_CHANNEL) MLX5_SET(qpc, qpc, cd_master, 1); if (qp->flags & MLX5_IB_QP_MANAGED_SEND) MLX5_SET(qpc, qpc, cd_slave_send, 1); if (qp->flags & MLX5_IB_QP_MANAGED_RECV) MLX5_SET(qpc, qpc, cd_slave_receive, 1); if (qp->scat_cqe && is_connected(init_attr->qp_type)) { int rcqe_sz; int scqe_sz; rcqe_sz = mlx5_ib_get_cqe_size(dev, init_attr->recv_cq); scqe_sz = mlx5_ib_get_cqe_size(dev, init_attr->send_cq); if (rcqe_sz == 128) MLX5_SET(qpc, qpc, cs_res, MLX5_RES_SCAT_DATA64_CQE); else MLX5_SET(qpc, qpc, cs_res, MLX5_RES_SCAT_DATA32_CQE); if (init_attr->sq_sig_type == IB_SIGNAL_ALL_WR) { if (scqe_sz == 128) MLX5_SET(qpc, qpc, cs_req, MLX5_REQ_SCAT_DATA64_CQE); else MLX5_SET(qpc, qpc, cs_req, MLX5_REQ_SCAT_DATA32_CQE); } } if (qp->rq.wqe_cnt) { MLX5_SET(qpc, qpc, log_rq_stride, qp->rq.wqe_shift - 4); MLX5_SET(qpc, qpc, log_rq_size, ilog2(qp->rq.wqe_cnt)); } MLX5_SET(qpc, qpc, rq_type, get_rx_type(qp, init_attr)); if (qp->sq.wqe_cnt) { MLX5_SET(qpc, qpc, log_sq_size, ilog2(qp->sq.wqe_cnt)); } else { MLX5_SET(qpc, qpc, no_sq, 1); if (init_attr->srq && init_attr->srq->srq_type == IB_SRQT_TM) MLX5_SET(qpc, qpc, offload_type, MLX5_QPC_OFFLOAD_TYPE_RNDV); } switch (init_attr->qp_type) { case IB_QPT_XRC_TGT: MLX5_SET(qpc, qpc, cqn_rcv, to_mcq(devr->c0)->mcq.cqn); MLX5_SET(qpc, qpc, cqn_snd, to_mcq(devr->c0)->mcq.cqn); MLX5_SET(qpc, qpc, srqn_rmpn_xrqn, to_msrq(devr->s0)->msrq.srqn); MLX5_SET(qpc, qpc, xrcd, to_mxrcd(init_attr->xrcd)->xrcdn); break; case IB_QPT_XRC_INI: MLX5_SET(qpc, qpc, cqn_rcv, to_mcq(devr->c0)->mcq.cqn); MLX5_SET(qpc, qpc, xrcd, to_mxrcd(devr->x1)->xrcdn); MLX5_SET(qpc, qpc, srqn_rmpn_xrqn, to_msrq(devr->s0)->msrq.srqn); break; default: if (init_attr->srq) { MLX5_SET(qpc, qpc, xrcd, to_mxrcd(devr->x0)->xrcdn); MLX5_SET(qpc, qpc, srqn_rmpn_xrqn, to_msrq(init_attr->srq)->msrq.srqn); } else { MLX5_SET(qpc, qpc, xrcd, to_mxrcd(devr->x1)->xrcdn); MLX5_SET(qpc, qpc, srqn_rmpn_xrqn, to_msrq(devr->s1)->msrq.srqn); } } if (init_attr->send_cq) MLX5_SET(qpc, qpc, cqn_snd, to_mcq(init_attr->send_cq)->mcq.cqn); if (init_attr->recv_cq) MLX5_SET(qpc, qpc, cqn_rcv, to_mcq(init_attr->recv_cq)->mcq.cqn); MLX5_SET64(qpc, qpc, dbr_addr, qp->db.dma); if (MLX5_CAP_GEN(mdev, cqe_version) == MLX5_CQE_VERSION_V1) MLX5_SET(qpc, qpc, user_index, uidx); if (init_attr->qp_type == IB_QPT_UD && (init_attr->create_flags & IB_QP_CREATE_IPOIB_UD_LSO)) { MLX5_SET(qpc, qpc, ulp_stateless_offload_mode, 1); qp->flags |= MLX5_IB_QP_LSO; } if (init_attr->create_flags & IB_QP_CREATE_PCI_WRITE_END_PADDING) { if (!MLX5_CAP_GEN(dev->mdev, end_pad)) { mlx5_ib_dbg(dev, ""scatter end padding is not supported\n""); err = -EOPNOTSUPP; goto err; } else if (init_attr->qp_type != IB_QPT_RAW_PACKET) { MLX5_SET(qpc, qpc, end_padding_mode, MLX5_WQ_END_PAD_MODE_ALIGN); } else { qp->flags |= MLX5_IB_QP_PCI_WRITE_END_PADDING; } } if (inlen < 0) { err = -EINVAL; goto err; } if (init_attr->qp_type == IB_QPT_RAW_PACKET || qp->flags & MLX5_IB_QP_UNDERLAY) { qp->raw_packet_qp.sq.ubuffer.buf_addr = ucmd.sq_buf_addr; raw_packet_qp_copy_info(qp, &qp->raw_packet_qp); err = create_raw_packet_qp(dev, qp, in, inlen, pd); } else { err = mlx5_core_create_qp(dev->mdev, &base->mqp, in, inlen); } if (err) { mlx5_ib_dbg(dev, ""create qp failed\n""); goto err_create; } kvfree(in); base->container_mibqp = qp; base->mqp.event = mlx5_ib_qp_event; get_cqs(init_attr->qp_type, init_attr->send_cq, init_attr->recv_cq, &send_cq, &recv_cq); spin_lock_irqsave(&dev->reset_flow_resource_lock, flags); mlx5_ib_lock_cqs(send_cq, recv_cq); list_add_tail(&qp->qps_list, &dev->qp_list); if (send_cq) list_add_tail(&qp->cq_send_list, &send_cq->list_send_qp); if (recv_cq) list_add_tail(&qp->cq_recv_list, &recv_cq->list_recv_qp); mlx5_ib_unlock_cqs(send_cq, recv_cq); spin_unlock_irqrestore(&dev->reset_flow_resource_lock, flags); return 0; err_create: if (qp->create_type == MLX5_QP_USER) destroy_qp_user(dev, pd, qp, base); else if (qp->create_type == MLX5_QP_KERNEL) destroy_qp_kernel(dev, qp); err: kvfree(in); return err; }",visit repo url,drivers/infiniband/hw/mlx5/qp.c,https://github.com/torvalds/linux,150153102171160,1 6644,CWE-125,"static void compile_xclass_matchingpath(compiler_common *common, PCRE2_SPTR cc, jump_list **backtracks) { DEFINE_COMPILER; jump_list *found = NULL; jump_list **list = (cc[0] & XCL_NOT) == 0 ? &found : backtracks; sljit_uw c, charoffset, max = 256, min = READ_CHAR_MAX; struct sljit_jump *jump = NULL; PCRE2_SPTR ccbegin; int compares, invertcmp, numberofcmps; #if defined SUPPORT_UNICODE && (PCRE2_CODE_UNIT_WIDTH == 8 || PCRE2_CODE_UNIT_WIDTH == 16) BOOL utf = common->utf; #endif #ifdef SUPPORT_UNICODE sljit_u32 unicode_status = 0; int typereg = TMP1; const sljit_u32 *other_cases; sljit_uw typeoffset; #endif cc++; ccbegin = cc; compares = 0; if (cc[-1] & XCL_MAP) { min = 0; cc += 32 / sizeof(PCRE2_UCHAR); } while (*cc != XCL_END) { compares++; if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); if (c > max) max = c; if (c < min) min = c; #ifdef SUPPORT_UNICODE unicode_status |= XCLASS_SAVE_CHAR; #endif } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); if (c < min) min = c; GETCHARINCTEST(c, cc); if (c > max) max = c; #ifdef SUPPORT_UNICODE unicode_status |= XCLASS_SAVE_CHAR; #endif } #ifdef SUPPORT_UNICODE else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; if (*cc == PT_CLIST && *cc == XCL_PROP) { other_cases = PRIV(ucd_caseless_sets) + cc[1]; while (*other_cases != NOTACHAR) { if (*other_cases > max) max = *other_cases; if (*other_cases < min) min = *other_cases; other_cases++; } } else { max = READ_CHAR_MAX; min = 0; } switch(*cc) { case PT_ANY: if (cc[-1] == XCL_PROP) { compile_char1_matchingpath(common, OP_ALLANY, cc, backtracks, FALSE); if (list == backtracks) add_jump(compiler, backtracks, JUMP(SLJIT_JUMP)); return; } break; case PT_LAMP: case PT_GC: case PT_PC: case PT_ALNUM: unicode_status |= XCLASS_HAS_TYPE; break; case PT_SCX: unicode_status |= XCLASS_HAS_SCRIPT_EXTENSION; if (cc[-1] == XCL_NOTPROP) { unicode_status |= XCLASS_SCRIPT_EXTENSION_NOTPROP; break; } compares++; case PT_SC: unicode_status |= XCLASS_HAS_SCRIPT; break; case PT_SPACE: case PT_PXSPACE: case PT_WORD: case PT_PXGRAPH: case PT_PXPRINT: case PT_PXPUNCT: unicode_status |= XCLASS_SAVE_CHAR | XCLASS_HAS_TYPE; break; case PT_CLIST: case PT_UCNC: unicode_status |= XCLASS_SAVE_CHAR; break; case PT_BOOL: unicode_status |= XCLASS_HAS_BOOL; break; case PT_BIDICL: unicode_status |= XCLASS_HAS_BIDICL; break; default: SLJIT_UNREACHABLE(); break; } cc += 2; } #endif } SLJIT_ASSERT(compares > 0); cc = ccbegin; if ((cc[-1] & XCL_NOT) != 0) read_char(common, min, max, backtracks, READ_CHAR_UPDATE_STR_PTR); else { #ifdef SUPPORT_UNICODE read_char(common, min, max, (unicode_status & XCLASS_NEEDS_UCD) ? backtracks : NULL, 0); #else read_char(common, min, max, NULL, 0); #endif } if ((cc[-1] & XCL_HASPROP) == 0) { if ((cc[-1] & XCL_MAP) != 0) { jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255); if (!optimize_class(common, (const sljit_u8 *)cc, (((const sljit_u8 *)cc)[31] & 0x80) != 0, TRUE, &found)) { OP2(SLJIT_AND, TMP2, 0, TMP1, 0, SLJIT_IMM, 0x7); OP2(SLJIT_LSHR, TMP1, 0, TMP1, 0, SLJIT_IMM, 3); OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)cc); OP2(SLJIT_SHL, TMP2, 0, SLJIT_IMM, 1, TMP2, 0); OP2U(SLJIT_AND | SLJIT_SET_Z, TMP1, 0, TMP2, 0); add_jump(compiler, &found, JUMP(SLJIT_NOT_ZERO)); } add_jump(compiler, backtracks, JUMP(SLJIT_JUMP)); JUMPHERE(jump); cc += 32 / sizeof(PCRE2_UCHAR); } else { OP2(SLJIT_SUB, TMP2, 0, TMP1, 0, SLJIT_IMM, min); add_jump(compiler, (cc[-1] & XCL_NOT) == 0 ? backtracks : &found, CMP(SLJIT_GREATER, TMP2, 0, SLJIT_IMM, max - min)); } } else if ((cc[-1] & XCL_MAP) != 0) { OP1(SLJIT_MOV, RETURN_ADDR, 0, TMP1, 0); #ifdef SUPPORT_UNICODE unicode_status |= XCLASS_CHAR_SAVED; #endif if (!optimize_class(common, (const sljit_u8 *)cc, FALSE, TRUE, list)) { #if PCRE2_CODE_UNIT_WIDTH == 8 jump = NULL; if (common->utf) #endif jump = CMP(SLJIT_GREATER, TMP1, 0, SLJIT_IMM, 255); OP2(SLJIT_AND, TMP2, 0, TMP1, 0, SLJIT_IMM, 0x7); OP2(SLJIT_LSHR, TMP1, 0, TMP1, 0, SLJIT_IMM, 3); OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)cc); OP2(SLJIT_SHL, TMP2, 0, SLJIT_IMM, 1, TMP2, 0); OP2U(SLJIT_AND | SLJIT_SET_Z, TMP1, 0, TMP2, 0); add_jump(compiler, list, JUMP(SLJIT_NOT_ZERO)); #if PCRE2_CODE_UNIT_WIDTH == 8 if (common->utf) #endif JUMPHERE(jump); } OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); cc += 32 / sizeof(PCRE2_UCHAR); } #ifdef SUPPORT_UNICODE if (unicode_status & XCLASS_NEEDS_UCD) { if ((unicode_status & (XCLASS_SAVE_CHAR | XCLASS_CHAR_SAVED)) == XCLASS_SAVE_CHAR) OP1(SLJIT_MOV, RETURN_ADDR, 0, TMP1, 0); #if PCRE2_CODE_UNIT_WIDTH == 32 if (!common->utf) { jump = CMP(SLJIT_LESS, TMP1, 0, SLJIT_IMM, MAX_UTF_CODE_POINT + 1); OP1(SLJIT_MOV, TMP1, 0, SLJIT_IMM, UNASSIGNED_UTF_CHAR); JUMPHERE(jump); } #endif OP2(SLJIT_LSHR, TMP2, 0, TMP1, 0, SLJIT_IMM, UCD_BLOCK_SHIFT); OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 1); OP1(SLJIT_MOV_U16, TMP2, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_stage1)); OP2(SLJIT_AND, TMP1, 0, TMP1, 0, SLJIT_IMM, UCD_BLOCK_MASK); OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, UCD_BLOCK_SHIFT); OP2(SLJIT_ADD, TMP1, 0, TMP1, 0, TMP2, 0); OP1(SLJIT_MOV, TMP2, 0, SLJIT_IMM, (sljit_sw)PRIV(ucd_stage2)); OP1(SLJIT_MOV_U16, TMP2, 0, SLJIT_MEM2(TMP2, TMP1), 1); OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 3); OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 2); OP2(SLJIT_ADD, TMP2, 0, TMP2, 0, TMP1, 0); ccbegin = cc; if (unicode_status & XCLASS_HAS_BIDICL) { OP1(SLJIT_MOV_U16, TMP1, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, scriptx_bidiclass)); OP2(SLJIT_LSHR, TMP1, 0, TMP1, 0, SLJIT_IMM, UCD_BIDICLASS_SHIFT); while (*cc != XCL_END) { if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); GETCHARINCTEST(c, cc); } else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; if (*cc == PT_BIDICL) { compares--; invertcmp = (compares == 0 && list != backtracks); if (cc[-1] == XCL_NOTPROP) invertcmp ^= 0x1; jump = CMP(SLJIT_EQUAL ^ invertcmp, TMP1, 0, SLJIT_IMM, (int)cc[1]); add_jump(compiler, compares > 0 ? list : backtracks, jump); } cc += 2; } } cc = ccbegin; } if (unicode_status & XCLASS_HAS_BOOL) { OP1(SLJIT_MOV_U16, TMP1, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, bprops)); OP2(SLJIT_AND, TMP1, 0, TMP1, 0, SLJIT_IMM, UCD_BPROPS_MASK); OP2(SLJIT_SHL, TMP1, 0, TMP1, 0, SLJIT_IMM, 2); while (*cc != XCL_END) { if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); GETCHARINCTEST(c, cc); } else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; if (*cc == PT_BOOL) { compares--; invertcmp = (compares == 0 && list != backtracks); if (cc[-1] == XCL_NOTPROP) invertcmp ^= 0x1; OP2U(SLJIT_AND32 | SLJIT_SET_Z, SLJIT_MEM1(TMP1), (sljit_sw)(PRIV(ucd_boolprop_sets) + (cc[1] >> 5)), SLJIT_IMM, (sljit_sw)1 << (cc[1] & 0x1f)); add_jump(compiler, compares > 0 ? list : backtracks, JUMP(SLJIT_NOT_ZERO ^ invertcmp)); } cc += 2; } } cc = ccbegin; } if (unicode_status & XCLASS_HAS_SCRIPT) { OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, script)); while (*cc != XCL_END) { if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); GETCHARINCTEST(c, cc); } else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; switch (*cc) { case PT_SCX: if (cc[-1] == XCL_NOTPROP) break; case PT_SC: compares--; invertcmp = (compares == 0 && list != backtracks); if (cc[-1] == XCL_NOTPROP) invertcmp ^= 0x1; add_jump(compiler, compares > 0 ? list : backtracks, CMP(SLJIT_EQUAL ^ invertcmp, TMP1, 0, SLJIT_IMM, (int)cc[1])); } cc += 2; } } cc = ccbegin; } if (unicode_status & XCLASS_HAS_SCRIPT_EXTENSION) { OP1(SLJIT_MOV_U16, TMP1, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, scriptx_bidiclass)); OP2(SLJIT_AND, TMP1, 0, TMP1, 0, SLJIT_IMM, UCD_SCRIPTX_MASK); OP2(SLJIT_SHL, TMP1, 0, TMP1, 0, SLJIT_IMM, 2); if (unicode_status & XCLASS_SCRIPT_EXTENSION_NOTPROP) { if (unicode_status & XCLASS_HAS_TYPE) { if (unicode_status & XCLASS_SAVE_CHAR) { OP1(SLJIT_MOV, SLJIT_MEM1(SLJIT_SP), LOCALS0, TMP2, 0); unicode_status |= XCLASS_SCRIPT_EXTENSION_RESTORE_LOCALS0; } else { OP1(SLJIT_MOV, RETURN_ADDR, 0, TMP2, 0); unicode_status |= XCLASS_SCRIPT_EXTENSION_RESTORE_RETURN_ADDR; } } OP1(SLJIT_MOV_U8, TMP2, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, script)); } while (*cc != XCL_END) { if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); GETCHARINCTEST(c, cc); } else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); cc++; if (*cc == PT_SCX) { compares--; invertcmp = (compares == 0 && list != backtracks); jump = NULL; if (cc[-1] == XCL_NOTPROP) { jump = CMP(SLJIT_EQUAL, TMP2, 0, SLJIT_IMM, (int)cc[1]); if (invertcmp) { add_jump(compiler, backtracks, jump); jump = NULL; } invertcmp ^= 0x1; } OP2U(SLJIT_AND32 | SLJIT_SET_Z, SLJIT_MEM1(TMP1), (sljit_sw)(PRIV(ucd_script_sets) + (cc[1] >> 5)), SLJIT_IMM, (sljit_sw)1 << (cc[1] & 0x1f)); add_jump(compiler, compares > 0 ? list : backtracks, JUMP(SLJIT_NOT_ZERO ^ invertcmp)); if (jump != NULL) JUMPHERE(jump); } cc += 2; } } if (unicode_status & XCLASS_SCRIPT_EXTENSION_RESTORE_LOCALS0) OP1(SLJIT_MOV, TMP2, 0, SLJIT_MEM1(SLJIT_SP), LOCALS0); else if (unicode_status & XCLASS_SCRIPT_EXTENSION_RESTORE_RETURN_ADDR) OP1(SLJIT_MOV, TMP2, 0, RETURN_ADDR, 0); cc = ccbegin; } if (unicode_status & XCLASS_SAVE_CHAR) OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); if (unicode_status & XCLASS_HAS_TYPE) { if (unicode_status & XCLASS_SAVE_CHAR) typereg = RETURN_ADDR; OP1(SLJIT_MOV_U8, typereg, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype)); } } #endif charoffset = 0; numberofcmps = 0; #ifdef SUPPORT_UNICODE typeoffset = 0; #endif while (*cc != XCL_END) { compares--; invertcmp = (compares == 0 && list != backtracks); jump = NULL; if (*cc == XCL_SINGLE) { cc ++; GETCHARINCTEST(c, cc); if (numberofcmps < 3 && (*cc == XCL_SINGLE || *cc == XCL_RANGE)) { OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); OP_FLAGS(numberofcmps == 0 ? SLJIT_MOV : SLJIT_OR, TMP2, 0, SLJIT_EQUAL); numberofcmps++; } else if (numberofcmps > 0) { OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); numberofcmps = 0; } else { jump = CMP(SLJIT_EQUAL ^ invertcmp, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); numberofcmps = 0; } } else if (*cc == XCL_RANGE) { cc ++; GETCHARINCTEST(c, cc); SET_CHAR_OFFSET(c); GETCHARINCTEST(c, cc); if (numberofcmps < 3 && (*cc == XCL_SINGLE || *cc == XCL_RANGE)) { OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); OP_FLAGS(numberofcmps == 0 ? SLJIT_MOV : SLJIT_OR, TMP2, 0, SLJIT_LESS_EQUAL); numberofcmps++; } else if (numberofcmps > 0) { OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_LESS_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); numberofcmps = 0; } else { jump = CMP(SLJIT_LESS_EQUAL ^ invertcmp, TMP1, 0, SLJIT_IMM, (sljit_sw)(c - charoffset)); numberofcmps = 0; } } #ifdef SUPPORT_UNICODE else { SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP); if (*cc == XCL_NOTPROP) invertcmp ^= 0x1; cc++; switch(*cc) { case PT_ANY: if (!invertcmp) jump = JUMP(SLJIT_JUMP); break; case PT_LAMP: OP2U(SLJIT_SUB | SLJIT_SET_Z, typereg, 0, SLJIT_IMM, ucp_Lu - typeoffset); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, typereg, 0, SLJIT_IMM, ucp_Ll - typeoffset); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, typereg, 0, SLJIT_IMM, ucp_Lt - typeoffset); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_GC: c = PRIV(ucp_typerange)[(int)cc[1] * 2]; SET_TYPE_OFFSET(c); jump = CMP(SLJIT_LESS_EQUAL ^ invertcmp, typereg, 0, SLJIT_IMM, PRIV(ucp_typerange)[(int)cc[1] * 2 + 1] - c); break; case PT_PC: jump = CMP(SLJIT_EQUAL ^ invertcmp, typereg, 0, SLJIT_IMM, (int)cc[1] - typeoffset); break; case PT_SC: case PT_SCX: case PT_BOOL: case PT_BIDICL: compares++; break; case PT_SPACE: case PT_PXSPACE: SET_CHAR_OFFSET(9); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, 0xd - 0x9); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_LESS_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x85 - 0x9); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x180e - 0x9); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); SET_TYPE_OFFSET(ucp_Zl); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_Zs - ucp_Zl); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_LESS_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_WORD: OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(CHAR_UNDERSCORE - charoffset)); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); case PT_ALNUM: SET_TYPE_OFFSET(ucp_Ll); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_Lu - ucp_Ll); OP_FLAGS((*cc == PT_ALNUM) ? SLJIT_MOV : SLJIT_OR, TMP2, 0, SLJIT_LESS_EQUAL); SET_TYPE_OFFSET(ucp_Nd); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_No - ucp_Nd); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_LESS_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_CLIST: other_cases = PRIV(ucd_caseless_sets) + cc[1]; SLJIT_ASSERT(other_cases[0] != NOTACHAR && other_cases[1] != NOTACHAR && other_cases[2] != NOTACHAR); SLJIT_ASSERT(other_cases[0] < other_cases[1] && other_cases[1] < other_cases[2]); if (is_powerof2(other_cases[1] ^ other_cases[0])) { if (charoffset == 0) OP2(SLJIT_OR, TMP2, 0, TMP1, 0, SLJIT_IMM, other_cases[1] ^ other_cases[0]); else { OP2(SLJIT_ADD, TMP2, 0, TMP1, 0, SLJIT_IMM, (sljit_sw)charoffset); OP2(SLJIT_OR, TMP2, 0, TMP2, 0, SLJIT_IMM, other_cases[1] ^ other_cases[0]); } OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP2, 0, SLJIT_IMM, other_cases[1]); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); other_cases += 2; } else if (is_powerof2(other_cases[2] ^ other_cases[1])) { if (charoffset == 0) OP2(SLJIT_OR, TMP2, 0, TMP1, 0, SLJIT_IMM, other_cases[2] ^ other_cases[1]); else { OP2(SLJIT_ADD, TMP2, 0, TMP1, 0, SLJIT_IMM, (sljit_sw)charoffset); OP2(SLJIT_OR, TMP2, 0, TMP2, 0, SLJIT_IMM, other_cases[1] ^ other_cases[0]); } OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP2, 0, SLJIT_IMM, other_cases[2]); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(other_cases[0] - charoffset)); OP_FLAGS(SLJIT_OR | ((other_cases[3] == NOTACHAR) ? SLJIT_SET_Z : 0), TMP2, 0, SLJIT_EQUAL); other_cases += 3; } else { OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(*other_cases++ - charoffset)); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); } while (*other_cases != NOTACHAR) { OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(*other_cases++ - charoffset)); OP_FLAGS(SLJIT_OR | ((*other_cases == NOTACHAR) ? SLJIT_SET_Z : 0), TMP2, 0, SLJIT_EQUAL); } jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_UCNC: OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(CHAR_DOLLAR_SIGN - charoffset)); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(CHAR_COMMERCIAL_AT - charoffset)); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, (sljit_sw)(CHAR_GRAVE_ACCENT - charoffset)); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); SET_CHAR_OFFSET(0xa0); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, (sljit_sw)(0xd7ff - charoffset)); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_LESS_EQUAL); SET_CHAR_OFFSET(0); OP2U(SLJIT_SUB | SLJIT_SET_GREATER_EQUAL, TMP1, 0, SLJIT_IMM, 0xe000 - 0); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_GREATER_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; case PT_PXGRAPH: SET_TYPE_OFFSET(ucp_Ll); OP2U(SLJIT_SUB | SLJIT_SET_GREATER, typereg, 0, SLJIT_IMM, ucp_So - ucp_Ll); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_GREATER); jump = CMP(SLJIT_NOT_EQUAL, typereg, 0, SLJIT_IMM, ucp_Cf - ucp_Ll); SET_CHAR_OFFSET(0x2066); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, 0x2069 - 0x2066); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_LESS_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x061c - 0x2066); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x180e - 0x2066); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); JUMPHERE(jump); jump = CMP(SLJIT_ZERO ^ invertcmp, TMP2, 0, SLJIT_IMM, 0); break; case PT_PXPRINT: SET_TYPE_OFFSET(ucp_Ll); OP2U(SLJIT_SUB | SLJIT_SET_GREATER, typereg, 0, SLJIT_IMM, ucp_So - ucp_Ll); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_GREATER); OP2U(SLJIT_SUB | SLJIT_SET_Z, typereg, 0, SLJIT_IMM, ucp_Zs - ucp_Ll); OP_FLAGS(SLJIT_AND, TMP2, 0, SLJIT_NOT_EQUAL); jump = CMP(SLJIT_NOT_EQUAL, typereg, 0, SLJIT_IMM, ucp_Cf - ucp_Ll); SET_CHAR_OFFSET(0x2066); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, 0x2069 - 0x2066); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_LESS_EQUAL); OP2U(SLJIT_SUB | SLJIT_SET_Z, TMP1, 0, SLJIT_IMM, 0x061c - 0x2066); OP_FLAGS(SLJIT_OR, TMP2, 0, SLJIT_EQUAL); JUMPHERE(jump); jump = CMP(SLJIT_ZERO ^ invertcmp, TMP2, 0, SLJIT_IMM, 0); break; case PT_PXPUNCT: SET_TYPE_OFFSET(ucp_Sc); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_So - ucp_Sc); OP_FLAGS(SLJIT_MOV, TMP2, 0, SLJIT_LESS_EQUAL); SET_CHAR_OFFSET(0); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, TMP1, 0, SLJIT_IMM, 0x7f); OP_FLAGS(SLJIT_AND, TMP2, 0, SLJIT_LESS_EQUAL); SET_TYPE_OFFSET(ucp_Pc); OP2U(SLJIT_SUB | SLJIT_SET_LESS_EQUAL, typereg, 0, SLJIT_IMM, ucp_Ps - ucp_Pc); OP_FLAGS(SLJIT_OR | SLJIT_SET_Z, TMP2, 0, SLJIT_LESS_EQUAL); jump = JUMP(SLJIT_NOT_ZERO ^ invertcmp); break; default: SLJIT_UNREACHABLE(); break; } cc += 2; } #endif if (jump != NULL) add_jump(compiler, compares > 0 ? list : backtracks, jump); } if (found != NULL) set_jumps(found, LABEL()); }",visit repo url,src/pcre2_jit_compile.c,https://github.com/PCRE2Project/pcre2,175368409451118,1 1016,CWE-399,"static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, struct ceph_authorizer *a, size_t len) { struct ceph_x_authorizer *au = (void *)a; struct ceph_x_ticket_handler *th; int ret = 0; struct ceph_x_authorize_reply reply; void *p = au->reply_buf; void *end = p + sizeof(au->reply_buf); th = get_ticket_handler(ac, au->service); if (IS_ERR(th)) return PTR_ERR(th); ret = ceph_x_decrypt(&th->session_key, &p, end, &reply, sizeof(reply)); if (ret < 0) return ret; if (ret != sizeof(reply)) return -EPERM; if (au->nonce + 1 != le64_to_cpu(reply.nonce_plus_one)) ret = -EPERM; else ret = 0; dout(""verify_authorizer_reply nonce %llx got %llx ret %d\n"", au->nonce, le64_to_cpu(reply.nonce_plus_one), ret); return ret; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,130043564286570,1 5468,CWE-617,"pci_lintr_deassert(struct pci_vdev *dev) { assert(dev->lintr.pin > 0); pthread_mutex_lock(&dev->lintr.lock); if (dev->lintr.state == ASSERTED) { dev->lintr.state = IDLE; pci_irq_deassert(dev); } else if (dev->lintr.state == PENDING) dev->lintr.state = IDLE; pthread_mutex_unlock(&dev->lintr.lock); }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,35419628941826,1 4543,CWE-400,"void gf_filter_pid_inst_del(GF_FilterPidInst *pidinst) { assert(pidinst); gf_filter_pid_inst_reset(pidinst); gf_fq_del(pidinst->packets, (gf_destruct_fun) pcki_del); gf_mx_del(pidinst->pck_mx); gf_list_del(pidinst->pck_reassembly); if (pidinst->props) { assert(pidinst->props->reference_count); if (safe_int_dec(&pidinst->props->reference_count) == 0) { gf_mx_p(pidinst->pid->filter->tasks_mx); gf_list_del_item(pidinst->pid->properties, pidinst->props); gf_mx_v(pidinst->pid->filter->tasks_mx); gf_props_del(pidinst->props); } } gf_free(pidinst); }",visit repo url,src/filter_core/filter_pid.c,https://github.com/gpac/gpac,146359604727435,1 4630,CWE-476,"GF_Err Media_GetESD(GF_MediaBox *mdia, u32 sampleDescIndex, GF_ESD **out_esd, Bool true_desc_only) { u32 type; GF_ESD *esd; GF_MPEGSampleEntryBox *entry = NULL; GF_ESDBox *ESDa; GF_ProtectionSchemeInfoBox *sinf; GF_SampleDescriptionBox *stsd = mdia->information->sampleTable->SampleDescription; *out_esd = NULL; if (!stsd || !stsd->child_boxes || !sampleDescIndex || (sampleDescIndex > gf_list_count(stsd->child_boxes)) ) return GF_BAD_PARAM; esd = NULL; entry = (GF_MPEGSampleEntryBox*)gf_list_get(stsd->child_boxes, sampleDescIndex - 1); if (! entry) return GF_ISOM_INVALID_MEDIA; *out_esd = NULL; ESDa = NULL; type = entry->type; switch (type) { case GF_ISOM_BOX_TYPE_ENCV: case GF_ISOM_BOX_TYPE_ENCA: case GF_ISOM_BOX_TYPE_ENCS: case GF_ISOM_BOX_TYPE_ENCF: case GF_ISOM_BOX_TYPE_ENCM: case GF_ISOM_BOX_TYPE_ENCT: sinf = (GF_ProtectionSchemeInfoBox *) gf_isom_box_find_child(entry->child_boxes, GF_ISOM_BOX_TYPE_SINF); if (sinf && sinf->original_format) { type = sinf->original_format->data_format; } break; case GF_ISOM_BOX_TYPE_RESV: sinf = (GF_ProtectionSchemeInfoBox *) gf_isom_box_find_child(entry->child_boxes, GF_ISOM_BOX_TYPE_RINF); if (sinf && sinf->original_format) { type = sinf->original_format->data_format; } break; } switch (type) { case GF_ISOM_BOX_TYPE_MP4V: ESDa = ((GF_MPEGVisualSampleEntryBox*)entry)->esd; if (ESDa) esd = (GF_ESD *) ESDa->desc; else esd = ((GF_MPEGVisualSampleEntryBox*) entry)->emul_esd; break; case GF_ISOM_BOX_TYPE_AVC1: case GF_ISOM_BOX_TYPE_AVC2: case GF_ISOM_BOX_TYPE_AVC3: case GF_ISOM_BOX_TYPE_AVC4: case GF_ISOM_BOX_TYPE_HVC1: case GF_ISOM_BOX_TYPE_HEV1: case GF_ISOM_BOX_TYPE_HVC2: case GF_ISOM_BOX_TYPE_HEV2: case GF_ISOM_BOX_TYPE_HVT1: case GF_ISOM_BOX_TYPE_264B: case GF_ISOM_BOX_TYPE_265B: case GF_ISOM_BOX_TYPE_DVHE: case GF_ISOM_BOX_TYPE_VVC1: case GF_ISOM_BOX_TYPE_VVI1: esd = ((GF_MPEGVisualSampleEntryBox*) entry)->emul_esd; break; case GF_ISOM_BOX_TYPE_SVC1: case GF_ISOM_BOX_TYPE_MVC1: if ((mdia->mediaTrack->extractor_mode & 0x0000FFFF) != GF_ISOM_NALU_EXTRACT_INSPECT) AVC_RewriteESDescriptorEx((GF_MPEGVisualSampleEntryBox*) entry, mdia); else AVC_RewriteESDescriptorEx((GF_MPEGVisualSampleEntryBox*) entry, NULL); esd = ((GF_MPEGVisualSampleEntryBox*) entry)->emul_esd; break; case GF_ISOM_BOX_TYPE_LHE1: case GF_ISOM_BOX_TYPE_LHV1: if ((mdia->mediaTrack->extractor_mode & 0x0000FFFF) != GF_ISOM_NALU_EXTRACT_INSPECT) HEVC_RewriteESDescriptorEx((GF_MPEGVisualSampleEntryBox*) entry, mdia); else HEVC_RewriteESDescriptorEx((GF_MPEGVisualSampleEntryBox*) entry, NULL); esd = ((GF_MPEGVisualSampleEntryBox*) entry)->emul_esd; break; case GF_ISOM_BOX_TYPE_AV01: AV1_RewriteESDescriptorEx((GF_MPEGVisualSampleEntryBox*)entry, mdia); esd = ((GF_MPEGVisualSampleEntryBox*)entry)->emul_esd; break; case GF_ISOM_BOX_TYPE_VP08: case GF_ISOM_BOX_TYPE_VP09: VP9_RewriteESDescriptorEx((GF_MPEGVisualSampleEntryBox*)entry, mdia); esd = ((GF_MPEGVisualSampleEntryBox*)entry)->emul_esd; break; case GF_ISOM_BOX_TYPE_MP4A: { GF_MPEGAudioSampleEntryBox *ase = (GF_MPEGAudioSampleEntryBox*)entry; ESDa = ase->esd; if (ESDa) { esd = (GF_ESD *) ESDa->desc; } else if (!true_desc_only) { Bool make_mp4a = GF_FALSE; sinf = (GF_ProtectionSchemeInfoBox *) gf_isom_box_find_child(entry->child_boxes, GF_ISOM_BOX_TYPE_SINF); if (sinf && sinf->original_format) { if (sinf->original_format->data_format==GF_ISOM_BOX_TYPE_MP4A) { make_mp4a = GF_TRUE; } } else { make_mp4a = GF_TRUE; } if (make_mp4a) { GF_M4ADecSpecInfo aacinfo; memset(&aacinfo, 0, sizeof(GF_M4ADecSpecInfo)); aacinfo.nb_chan = ase->channel_count; aacinfo.base_object_type = GF_M4A_AAC_LC; aacinfo.base_sr = ase->samplerate_hi; *out_esd = gf_odf_desc_esd_new(0); (*out_esd)->decoderConfig->streamType = GF_STREAM_AUDIO; (*out_esd)->decoderConfig->objectTypeIndication = GF_CODECID_AAC_MPEG4; gf_m4a_write_config(&aacinfo, &(*out_esd)->decoderConfig->decoderSpecificInfo->data, &(*out_esd)->decoderConfig->decoderSpecificInfo->dataLength); } } } break; case GF_ISOM_BOX_TYPE_MP4S: if (entry->internal_type==GF_ISOM_SAMPLE_ENTRY_MP4S) { ESDa = entry->esd; if (ESDa) esd = (GF_ESD *) ESDa->desc; } break; #ifndef GPAC_DISABLE_TTXT case GF_ISOM_BOX_TYPE_TX3G: case GF_ISOM_BOX_TYPE_TEXT: if (!true_desc_only && mdia->mediaTrack->moov->mov->convert_streaming_text) { GF_Err e = gf_isom_get_ttxt_esd(mdia, out_esd); if (e) return e; break; } else return GF_ISOM_INVALID_MEDIA; #endif #ifndef GPAC_DISABLE_VTT case GF_ISOM_BOX_TYPE_WVTT: { GF_WebVTTSampleEntryBox*vtte = (GF_WebVTTSampleEntryBox*)entry; esd = gf_odf_desc_esd_new(2); *out_esd = esd; esd->decoderConfig->streamType = GF_STREAM_TEXT; esd->decoderConfig->objectTypeIndication = GF_CODECID_WEBVTT; if (vtte->config) { esd->decoderConfig->decoderSpecificInfo->dataLength = (u32) strlen(vtte->config->string); esd->decoderConfig->decoderSpecificInfo->data = gf_malloc(sizeof(char)*esd->decoderConfig->decoderSpecificInfo->dataLength); memcpy(esd->decoderConfig->decoderSpecificInfo->data, vtte->config->string, esd->decoderConfig->decoderSpecificInfo->dataLength); } } break; case GF_ISOM_BOX_TYPE_STPP: case GF_ISOM_BOX_TYPE_SBTT: case GF_ISOM_BOX_TYPE_STXT: break; #endif case GF_ISOM_SUBTYPE_3GP_AMR: case GF_ISOM_SUBTYPE_3GP_AMR_WB: case GF_ISOM_SUBTYPE_3GP_EVRC: case GF_ISOM_SUBTYPE_3GP_QCELP: case GF_ISOM_SUBTYPE_3GP_SMV: if (!true_desc_only) { GF_Err e = gf_isom_get_3gpp_audio_esd(mdia->information->sampleTable, type, (GF_GenericAudioSampleEntryBox*)entry, out_esd); if (e) return e; break; } else return GF_ISOM_INVALID_MEDIA; case GF_ISOM_SUBTYPE_OPUS: { GF_OpusSpecificBox *e = ((GF_MPEGAudioSampleEntryBox*)entry)->cfg_opus; GF_BitStream *bs_out; if (!e) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""ESD not found for Opus\n)"")); break; } *out_esd = gf_odf_desc_esd_new(2); (*out_esd)->decoderConfig->streamType = GF_STREAM_AUDIO; (*out_esd)->decoderConfig->objectTypeIndication = GF_CODECID_OPUS; bs_out = gf_bs_new(NULL, 0, GF_BITSTREAM_WRITE); gf_isom_box_size((GF_Box *) e); gf_isom_box_write((GF_Box *) e, bs_out); gf_bs_get_content(bs_out, & (*out_esd)->decoderConfig->decoderSpecificInfo->data, & (*out_esd)->decoderConfig->decoderSpecificInfo->dataLength); gf_bs_del(bs_out); break; } case GF_ISOM_SUBTYPE_3GP_H263: if (true_desc_only) { return GF_ISOM_INVALID_MEDIA; } else { esd = gf_odf_desc_esd_new(2); *out_esd = esd; esd->decoderConfig->streamType = GF_STREAM_VISUAL; esd->decoderConfig->objectTypeIndication = GF_CODECID_H263; break; } case GF_ISOM_SUBTYPE_MP3: if (true_desc_only) { return GF_ISOM_INVALID_MEDIA; } else { esd = gf_odf_desc_esd_new(2); *out_esd = esd; esd->decoderConfig->streamType = GF_STREAM_AUDIO; esd->decoderConfig->objectTypeIndication = GF_CODECID_MPEG_AUDIO; break; } case GF_ISOM_SUBTYPE_LSR1: if (true_desc_only) { return GF_ISOM_INVALID_MEDIA; } else { GF_LASeRSampleEntryBox*ptr = (GF_LASeRSampleEntryBox*)entry; esd = gf_odf_desc_esd_new(2); *out_esd = esd; esd->decoderConfig->streamType = GF_STREAM_SCENE; esd->decoderConfig->objectTypeIndication = GF_CODECID_LASER; esd->decoderConfig->decoderSpecificInfo->dataLength = ptr->lsr_config->hdr_size; esd->decoderConfig->decoderSpecificInfo->data = gf_malloc(sizeof(char)*ptr->lsr_config->hdr_size); if (!esd->decoderConfig->decoderSpecificInfo->data) return GF_OUT_OF_MEM; memcpy(esd->decoderConfig->decoderSpecificInfo->data, ptr->lsr_config->hdr, sizeof(char)*ptr->lsr_config->hdr_size); break; } case GF_ISOM_SUBTYPE_MH3D_MHA1: case GF_ISOM_SUBTYPE_MH3D_MHA2: case GF_ISOM_SUBTYPE_MH3D_MHM1: case GF_ISOM_SUBTYPE_MH3D_MHM2: if (true_desc_only) { return GF_ISOM_INVALID_MEDIA; } else { GF_MPEGAudioSampleEntryBox*ptr = (GF_MPEGAudioSampleEntryBox*)entry; esd = gf_odf_desc_esd_new(2); *out_esd = esd; esd->decoderConfig->streamType = GF_STREAM_AUDIO; if ((type==GF_ISOM_SUBTYPE_MH3D_MHA1) || (type==GF_ISOM_SUBTYPE_MH3D_MHA2)) esd->decoderConfig->objectTypeIndication = GF_CODECID_MPHA; else esd->decoderConfig->objectTypeIndication = GF_CODECID_MHAS; if (ptr->cfg_mha) { GF_BitStream *bs = gf_bs_new(NULL, 0, GF_BITSTREAM_WRITE); gf_bs_write_u8(bs, ptr->cfg_mha->configuration_version); gf_bs_write_u8(bs, ptr->cfg_mha->mha_pl_indication); gf_bs_write_u8(bs, ptr->cfg_mha->reference_channel_layout); gf_bs_write_u16(bs, ptr->cfg_mha->mha_config ? ptr->cfg_mha->mha_config_size : 0); if (ptr->cfg_mha->mha_config && ptr->cfg_mha->mha_config_size) gf_bs_write_data(bs, ptr->cfg_mha->mha_config, ptr->cfg_mha->mha_config_size); gf_bs_get_content(bs, &esd->decoderConfig->decoderSpecificInfo->data, &esd->decoderConfig->decoderSpecificInfo->dataLength); gf_bs_del(bs); } } break; default: return GF_ISOM_INVALID_MEDIA; } if (true_desc_only) { if (!esd) return GF_ISOM_INVALID_MEDIA; *out_esd = esd; return GF_OK; } else { if (!esd && !*out_esd) return GF_ISOM_INVALID_MEDIA; if (*out_esd == NULL) return gf_odf_desc_copy((GF_Descriptor *)esd, (GF_Descriptor **)out_esd); } return GF_OK; }",visit repo url,src/isomedia/media.c,https://github.com/gpac/gpac,38727004573135,1 137,[],"asmlinkage long compat_sys_select(int n, compat_ulong_t __user *inp, compat_ulong_t __user *outp, compat_ulong_t __user *exp, struct compat_timeval __user *tvp) { s64 timeout = -1; struct compat_timeval tv; int ret; if (tvp) { if (copy_from_user(&tv, tvp, sizeof(tv))) return -EFAULT; if (tv.tv_sec < 0 || tv.tv_usec < 0) return -EINVAL; if ((u64)tv.tv_sec >= (u64)MAX_INT64_SECONDS) timeout = -1; else { timeout = ROUND_UP(tv.tv_usec, 1000000/HZ); timeout += tv.tv_sec * HZ; } } ret = compat_core_sys_select(n, inp, outp, exp, &timeout); if (tvp) { struct compat_timeval rtv; if (current->personality & STICKY_TIMEOUTS) goto sticky; rtv.tv_usec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ)); rtv.tv_sec = timeout; if (compat_timeval_compare(&rtv, &tv) >= 0) rtv = tv; if (copy_to_user(tvp, &rtv, sizeof(rtv))) { sticky: if (ret == -ERESTARTNOHAND) ret = -EINTR; } } return ret; }",linux-2.6,,,133187400329310624671984259020731765843,0 3179,CWE-125,"handle_ppp(netdissect_options *ndo, u_int proto, const u_char *p, int length) { if ((proto & 0xff00) == 0x7e00) { ppp_hdlc(ndo, p - 1, length); return; } switch (proto) { case PPP_LCP: case PPP_IPCP: case PPP_OSICP: case PPP_MPLSCP: case PPP_IPV6CP: case PPP_CCP: case PPP_BACP: handle_ctrl_proto(ndo, proto, p, length); break; case PPP_ML: handle_mlppp(ndo, p, length); break; case PPP_CHAP: handle_chap(ndo, p, length); break; case PPP_PAP: handle_pap(ndo, p, length); break; case PPP_BAP: handle_bap(ndo, p, length); break; case ETHERTYPE_IP: case PPP_VJNC: case PPP_IP: ip_print(ndo, p, length); break; case ETHERTYPE_IPV6: case PPP_IPV6: ip6_print(ndo, p, length); break; case ETHERTYPE_IPX: case PPP_IPX: ipx_print(ndo, p, length); break; case PPP_OSI: isoclns_print(ndo, p, length, length); break; case PPP_MPLS_UCAST: case PPP_MPLS_MCAST: mpls_print(ndo, p, length); break; case PPP_COMP: ND_PRINT((ndo, ""compressed PPP data"")); break; default: ND_PRINT((ndo, ""%s "", tok2str(ppptype2str, ""unknown PPP protocol (0x%04x)"", proto))); print_unknown_data(ndo, p, ""\n\t"", length); break; } }",visit repo url,print-ppp.c,https://github.com/the-tcpdump-group/tcpdump,227400057314491,1 205,[],"static unsigned long atalk_sum_partial(const unsigned char *data, int len, unsigned long sum) { while (len--) { sum += *data++; sum <<= 1; sum = ((sum >> 16) + sum) & 0xFFFF; } return sum; }",history,,,146427636604321954232118678950605540731,0 4663,CWE-697,"void naludmx_create_avc_decoder_config(GF_NALUDmxCtx *ctx, u8 **dsi, u32 *dsi_size, u8 **dsi_enh, u32 *dsi_enh_size, u32 *max_width, u32 *max_height, u32 *max_enh_width, u32 *max_enh_height, GF_Fraction *sar) { u32 i, count; Bool first = GF_TRUE; Bool first_svc = GF_TRUE; GF_AVCConfig *cfg; GF_AVCConfig *avcc; GF_AVCConfig *svcc; u32 max_w, max_h, max_ew, max_eh; max_w = max_h = max_ew = max_eh = 0; sar->num = sar->den = 0; avcc = gf_odf_avc_cfg_new(); svcc = gf_odf_avc_cfg_new(); avcc->nal_unit_size = ctx->nal_length; svcc->nal_unit_size = ctx->nal_length; ctx->is_mvc = GF_FALSE; count = gf_list_count(ctx->sps); for (i=0; isps, i); AVC_SPS *sps = &ctx->avc_state->sps[sl->id]; u32 nal_type = sl->data[0] & 0x1F; if ((sps->profile_idc == 118) || (sps->profile_idc == 128)) { ctx->is_mvc = GF_TRUE; } if (ctx->explicit) { cfg = svcc; } else if (nal_type == GF_AVC_NALU_SVC_SUBSEQ_PARAM) { cfg = svcc; is_svc = GF_TRUE; } else { cfg = avcc; } if (first || (is_svc && first_svc) ) { cfg->configurationVersion = 1; cfg->profile_compatibility = sps->prof_compat; cfg->AVCProfileIndication = sps->profile_idc; cfg->AVCLevelIndication = sps->level_idc; cfg->chroma_format = sps->chroma_format; cfg->luma_bit_depth = 8 + sps->luma_bit_depth_m8; cfg->chroma_bit_depth = 8 + sps->chroma_bit_depth_m8; if (!gf_avc_is_rext_profile(cfg->AVCProfileIndication) && ((cfg->chroma_format>1) || (cfg->luma_bit_depth>8) || (cfg->chroma_bit_depth>8)) ) { if ((cfg->luma_bit_depth>8) || (cfg->chroma_bit_depth>8)) { cfg->AVCProfileIndication = 110; } else { cfg->AVCProfileIndication = (cfg->chroma_format==3) ? 244 : 122; } } if (sps->vui_parameters_present_flag && sps->vui.par_num && sps->vui.par_den) { sar->num = sps->vui.par_num; sar->den = sps->vui.par_den; } ctx->interlaced = sps->frame_mbs_only_flag ? GF_FALSE : GF_TRUE; if (first && (!ctx->fps.num || !ctx->fps.den) && sps->vui.timing_info_present_flag && (sps->vui.time_scale <= 1000*sps->vui.num_units_in_tick) ) { u8 DeltaTfiDivisorIdx; if (!sps->vui.pic_struct_present_flag) { DeltaTfiDivisorIdx = 1 + (1 - ctx->avc_state->s_info.field_pic_flag); } else { if (!ctx->avc_state->sei.pic_timing.pic_struct) DeltaTfiDivisorIdx = 2; else if (ctx->avc_state->sei.pic_timing.pic_struct == 8) DeltaTfiDivisorIdx = 6; else DeltaTfiDivisorIdx = (ctx->avc_state->sei.pic_timing.pic_struct+1) / 2; } if (!ctx->timescale) { ctx->cur_fps.num = 2 * sps->vui.time_scale; ctx->cur_fps.den = 2 * sps->vui.num_units_in_tick * DeltaTfiDivisorIdx; if (!ctx->fps.num && ctx->dts==ctx->fps.den) ctx->dts = ctx->cur_fps.den; } if (! sps->vui.fixed_frame_rate_flag) GF_LOG(GF_LOG_INFO, GF_LOG_PARSER, (""[%s] Possible Variable Frame Rate: VUI \""fixed_frame_rate_flag\"" absent\n"", ctx->log_name)); } ctx->fps = ctx->cur_fps; } first = GF_FALSE; if (is_svc) { first_svc = GF_FALSE; if (sps->width > max_ew) max_ew = sps->width; if (sps->height > max_eh) max_eh = sps->height; } else { if (sps->width > max_w) max_w = sps->width; if (sps->height > max_h) max_h = sps->height; } if (!ctx->analyze) gf_list_add(cfg->sequenceParameterSets, sl); } cfg = ctx->explicit ? svcc : avcc; count = gf_list_count(ctx->sps_ext); for (i=0; isps_ext, i); if (!cfg->sequenceParameterSetExtensions) cfg->sequenceParameterSetExtensions = gf_list_new(); if (!ctx->analyze) gf_list_add(cfg->sequenceParameterSetExtensions, sl); } cfg = ctx->explicit ? svcc : avcc; count = gf_list_count(ctx->pps); for (i=0; ipps, i); if (!ctx->analyze) gf_list_add(cfg->pictureParameterSets, sl); } cfg = svcc; count = gf_list_count(ctx->pps_svc); for (i=0; ipps_svc, i); if (!ctx->analyze) gf_list_add(cfg->pictureParameterSets, sl); } *dsi = *dsi_enh = NULL; *dsi_size = *dsi_enh_size = 0; if (ctx->explicit) { gf_odf_avc_cfg_write(svcc, dsi, dsi_size); } else { gf_odf_avc_cfg_write(avcc, dsi, dsi_size); if (gf_list_count(svcc->sequenceParameterSets) || svcc->sequenceParameterSetExtensions) { gf_odf_avc_cfg_write(svcc, dsi_enh, dsi_enh_size); } } gf_list_reset(avcc->sequenceParameterSets); gf_list_reset(avcc->sequenceParameterSetExtensions); gf_list_reset(avcc->pictureParameterSets); gf_list_reset(svcc->sequenceParameterSets); gf_list_reset(svcc->sequenceParameterSetExtensions); gf_list_reset(svcc->pictureParameterSets); gf_odf_avc_cfg_del(avcc); gf_odf_avc_cfg_del(svcc); *max_width = max_w; *max_height = max_h; *max_enh_width = max_ew; *max_enh_height = max_eh; }",visit repo url,src/filters/reframe_nalu.c,https://github.com/gpac/gpac,227884698832415,1 2296,CWE-399,"static int br_multicast_add_group(struct net_bridge *br, struct net_bridge_port *port, struct br_ip *group) { struct net_bridge_mdb_entry *mp; struct net_bridge_port_group *p; struct net_bridge_port_group __rcu **pp; unsigned long now = jiffies; int err; spin_lock(&br->multicast_lock); if (!netif_running(br->dev) || (port && port->state == BR_STATE_DISABLED)) goto out; mp = br_multicast_new_group(br, port, group); err = PTR_ERR(mp); if (IS_ERR(mp)) goto err; if (!port) { hlist_add_head(&mp->mglist, &br->mglist); mod_timer(&mp->timer, now + br->multicast_membership_interval); goto out; } for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL; pp = &p->next) { if (p->port == port) goto found; if ((unsigned long)p->port < (unsigned long)port) break; } p = kzalloc(sizeof(*p), GFP_ATOMIC); err = -ENOMEM; if (unlikely(!p)) goto err; p->addr = *group; p->port = port; p->next = *pp; hlist_add_head(&p->mglist, &port->mglist); setup_timer(&p->timer, br_multicast_port_group_expired, (unsigned long)p); setup_timer(&p->query_timer, br_multicast_port_group_query_expired, (unsigned long)p); rcu_assign_pointer(*pp, p); found: mod_timer(&p->timer, now + br->multicast_membership_interval); out: err = 0; err: spin_unlock(&br->multicast_lock); return err; }",visit repo url,net/bridge/br_multicast.c,https://github.com/torvalds/linux,168660089187117,1 1592,[],"int __sched wait_for_completion_interruptible(struct completion *x) { long t = wait_for_common(x, MAX_SCHEDULE_TIMEOUT, TASK_INTERRUPTIBLE); if (t == -ERESTARTSYS) return t; return 0; }",linux-2.6,,,266923962323620522237444060343123226209,0 3022,CWE-125,"int read_image_tga( gdIOCtx *ctx, oTga *tga ) { int pixel_block_size = (tga->bits / 8); int image_block_size = (tga->width * tga->height) * pixel_block_size; int* decompression_buffer = NULL; unsigned char* conversion_buffer = NULL; int buffer_caret = 0; int bitmap_caret = 0; int i = 0; int encoded_pixels; int rle_size; if(overflow2(tga->width, tga->height)) { return -1; } if(overflow2(tga->width * tga->height, pixel_block_size)) { return -1; } if(overflow2(image_block_size, sizeof(int))) { return -1; } if (tga->imagetype != TGA_TYPE_RGB && tga->imagetype != TGA_TYPE_RGB_RLE) return -1; tga->bitmap = (int *) gdMalloc(image_block_size * sizeof(int)); if (tga->bitmap == NULL) return -1; switch (tga->imagetype) { case TGA_TYPE_RGB: conversion_buffer = (unsigned char *) gdMalloc(image_block_size * sizeof(unsigned char)); if (conversion_buffer == NULL) { return -1; } if (gdGetBuf(conversion_buffer, image_block_size, ctx) != image_block_size) { gd_error(""gd-tga: premature end of image data\n""); gdFree(conversion_buffer); return -1; } while (buffer_caret < image_block_size) { tga->bitmap[buffer_caret] = (int) conversion_buffer[buffer_caret]; buffer_caret++; } gdFree(conversion_buffer); break; case TGA_TYPE_RGB_RLE: decompression_buffer = (int*) gdMalloc(image_block_size * sizeof(int)); if (decompression_buffer == NULL) { return -1; } conversion_buffer = (unsigned char *) gdMalloc(image_block_size * sizeof(unsigned char)); if (conversion_buffer == NULL) { gd_error(""gd-tga: premature end of image data\n""); gdFree( decompression_buffer ); return -1; } rle_size = gdGetBuf(conversion_buffer, image_block_size, ctx); if (rle_size <= 0) { gdFree(conversion_buffer); gdFree(decompression_buffer); return -1; } buffer_caret = 0; while( buffer_caret < rle_size) { decompression_buffer[buffer_caret] = (int)conversion_buffer[buffer_caret]; buffer_caret++; } buffer_caret = 0; while( bitmap_caret < image_block_size ) { if ((decompression_buffer[buffer_caret] & TGA_RLE_FLAG) == TGA_RLE_FLAG) { encoded_pixels = ( ( decompression_buffer[ buffer_caret ] & ~TGA_RLE_FLAG ) + 1 ); buffer_caret++; if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size || buffer_caret + pixel_block_size > rle_size) { gdFree( decompression_buffer ); gdFree( conversion_buffer ); return -1; } for (i = 0; i < encoded_pixels; i++) { memcpy(tga->bitmap + bitmap_caret, decompression_buffer + buffer_caret, pixel_block_size * sizeof(int)); bitmap_caret += pixel_block_size; } buffer_caret += pixel_block_size; } else { encoded_pixels = decompression_buffer[ buffer_caret ] + 1; buffer_caret++; if ((bitmap_caret + (encoded_pixels * pixel_block_size)) > image_block_size || buffer_caret + (encoded_pixels * pixel_block_size) > rle_size) { gdFree( decompression_buffer ); gdFree( conversion_buffer ); return -1; } memcpy(tga->bitmap + bitmap_caret, decompression_buffer + buffer_caret, encoded_pixels * pixel_block_size * sizeof(int)); bitmap_caret += (encoded_pixels * pixel_block_size); buffer_caret += (encoded_pixels * pixel_block_size); } } gdFree( decompression_buffer ); gdFree( conversion_buffer ); break; } return 1; }",visit repo url,src/gd_tga.c,https://github.com/libgd/libgd,88174895921861,1 4748,CWE-119,"static int cac_get_serial_nr_from_CUID(sc_card_t* card, sc_serial_number_t* serial) { cac_private_data_t * priv = CAC_DATA(card); SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); if (card->serialnr.len) { *serial = card->serialnr; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } if (priv->cac_id_len) { serial->len = MIN(priv->cac_id_len, SC_MAX_SERIALNR); memcpy(serial->value, priv->cac_id, priv->cac_id_len); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_SUCCESS); } SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND); }",visit repo url,src/libopensc/card-cac.c,https://github.com/OpenSC/OpenSC,194185458772061,1 3627,CWE-416,"int bus_verify_polkit_async( sd_bus_message *call, int capability, const char *action, const char **details, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *ret_error) { #if ENABLE_POLKIT _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; AsyncPolkitQuery *q; const char *sender; sd_bus_message_handler_t callback; void *userdata; int c; #endif int r; assert(call); assert(action); assert(registry); r = check_good_user(call, good_user); if (r != 0) return r; #if ENABLE_POLKIT q = hashmap_get(*registry, call); if (q) { int authorized, challenge; assert(q->reply); if (!streq(q->action, action) || !strv_equal(q->details, (char**) details)) return -ESTALE; if (sd_bus_message_is_method_error(q->reply, NULL)) { const sd_bus_error *e; e = sd_bus_message_get_error(q->reply); if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN) || sd_bus_error_has_name(e, SD_BUS_ERROR_NAME_HAS_NO_OWNER)) return -EACCES; sd_bus_error_copy(ret_error, e); return -sd_bus_error_get_errno(e); } r = sd_bus_message_enter_container(q->reply, 'r', ""bba{ss}""); if (r >= 0) r = sd_bus_message_read(q->reply, ""bb"", &authorized, &challenge); if (r < 0) return r; if (authorized) return 1; if (challenge) return sd_bus_error_set(ret_error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, ""Interactive authentication required.""); return -EACCES; } #endif r = sd_bus_query_sender_privilege(call, capability); if (r < 0) return r; else if (r > 0) return 1; #if ENABLE_POLKIT if (sd_bus_get_current_message(call->bus) != call) return -EINVAL; callback = sd_bus_get_current_handler(call->bus); if (!callback) return -EINVAL; userdata = sd_bus_get_current_userdata(call->bus); sender = sd_bus_message_get_sender(call); if (!sender) return -EBADMSG; c = sd_bus_message_get_allow_interactive_authorization(call); if (c < 0) return c; if (c > 0) interactive = true; r = hashmap_ensure_allocated(registry, NULL); if (r < 0) return r; r = sd_bus_message_new_method_call( call->bus, &pk, ""org.freedesktop.PolicyKit1"", ""/org/freedesktop/PolicyKit1/Authority"", ""org.freedesktop.PolicyKit1.Authority"", ""CheckAuthorization""); if (r < 0) return r; r = sd_bus_message_append( pk, ""(sa{sv})s"", ""system-bus-name"", 1, ""name"", ""s"", sender, action); if (r < 0) return r; r = bus_message_append_strv_key_value(pk, details); if (r < 0) return r; r = sd_bus_message_append(pk, ""us"", interactive, NULL); if (r < 0) return r; q = new(AsyncPolkitQuery, 1); if (!q) return -ENOMEM; *q = (AsyncPolkitQuery) { .request = sd_bus_message_ref(call), .callback = callback, .userdata = userdata, }; q->action = strdup(action); if (!q->action) { async_polkit_query_free(q); return -ENOMEM; } q->details = strv_copy((char**) details); if (!q->details) { async_polkit_query_free(q); return -ENOMEM; } r = hashmap_put(*registry, call, q); if (r < 0) { async_polkit_query_free(q); return r; } q->registry = *registry; r = sd_bus_call_async(call->bus, &q->slot, pk, async_polkit_callback, q, 0); if (r < 0) { async_polkit_query_free(q); return r; } return 0; #endif return -EACCES; }",visit repo url,src/shared/bus-polkit.c,https://github.com/systemd/systemd,43660046755724,1 3366,[],"static inline int nla_attr_size(int payload) { return NLA_HDRLEN + payload; }",linux-2.6,,,243861480136650632656950315553606843739,0 5374,['CWE-476'],"static int set_msr_mtrr(struct kvm_vcpu *vcpu, u32 msr, u64 data) { u64 *p = (u64 *)&vcpu->arch.mtrr_state.fixed_ranges; if (!msr_mtrr_valid(msr)) return 1; if (msr == MSR_MTRRdefType) { vcpu->arch.mtrr_state.def_type = data; vcpu->arch.mtrr_state.enabled = (data & 0xc00) >> 10; } else if (msr == MSR_MTRRfix64K_00000) p[0] = data; else if (msr == MSR_MTRRfix16K_80000 || msr == MSR_MTRRfix16K_A0000) p[1 + msr - MSR_MTRRfix16K_80000] = data; else if (msr >= MSR_MTRRfix4K_C0000 && msr <= MSR_MTRRfix4K_F8000) p[3 + msr - MSR_MTRRfix4K_C0000] = data; else if (msr == MSR_IA32_CR_PAT) vcpu->arch.pat = data; else { int idx, is_mtrr_mask; u64 *pt; idx = (msr - 0x200) / 2; is_mtrr_mask = msr - 0x200 - 2 * idx; if (!is_mtrr_mask) pt = (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].base_lo; else pt = (u64 *)&vcpu->arch.mtrr_state.var_ranges[idx].mask_lo; *pt = data; } kvm_mmu_reset_context(vcpu); return 0; }",linux-2.6,,,57779950718460918978329420409195721579,0 1048,CWE-476,"static void ftrace_syscall_exit(void *data, struct pt_regs *regs, long ret) { struct trace_array *tr = data; struct ftrace_event_file *ftrace_file; struct syscall_trace_exit *entry; struct syscall_metadata *sys_data; struct ring_buffer_event *event; struct ring_buffer *buffer; unsigned long irq_flags; int pc; int syscall_nr; syscall_nr = trace_get_syscall_nr(current, regs); if (syscall_nr < 0) return; ftrace_file = rcu_dereference_sched(tr->exit_syscall_files[syscall_nr]); if (!ftrace_file) return; if (ftrace_trigger_soft_disabled(ftrace_file)) return; sys_data = syscall_nr_to_meta(syscall_nr); if (!sys_data) return; local_save_flags(irq_flags); pc = preempt_count(); buffer = tr->trace_buffer.buffer; event = trace_buffer_lock_reserve(buffer, sys_data->exit_event->event.type, sizeof(*entry), irq_flags, pc); if (!event) return; entry = ring_buffer_event_data(event); entry->nr = syscall_nr; entry->ret = syscall_get_return_value(current, regs); event_trigger_unlock_commit(ftrace_file, buffer, event, entry, irq_flags, pc); }",visit repo url,kernel/trace/trace_syscalls.c,https://github.com/torvalds/linux,84985701402767,1 3514,CWE-190,"static int read_fragment_table(long long *directory_table_end) { int res, i; int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); long long fragment_table_index[indexes]; TRACE(""read_fragment_table: %d fragments, reading %d fragment indexes "" ""from 0x%llx\n"", sBlk.s.fragments, indexes, sBlk.s.fragment_table_start); if(sBlk.s.fragments == 0) { *directory_table_end = sBlk.s.fragment_table_start; return TRUE; } fragment_table = malloc(bytes); if(fragment_table == NULL) EXIT_UNSQUASH(""read_fragment_table: failed to allocate "" ""fragment table\n""); res = read_fs_bytes(fd, sBlk.s.fragment_table_start, SQUASHFS_FRAGMENT_INDEX_BYTES(sBlk.s.fragments), fragment_table_index); if(res == FALSE) { ERROR(""read_fragment_table: failed to read fragment table "" ""index\n""); return FALSE; } SQUASHFS_INSWAP_FRAGMENT_INDEXES(fragment_table_index, indexes); for(i = 0; i < indexes; i++) { int expected = (i + 1) != indexes ? SQUASHFS_METADATA_SIZE : bytes & (SQUASHFS_METADATA_SIZE - 1); int length = read_block(fd, fragment_table_index[i], NULL, expected, ((char *) fragment_table) + (i * SQUASHFS_METADATA_SIZE)); TRACE(""Read fragment table block %d, from 0x%llx, length %d\n"", i, fragment_table_index[i], length); if(length == FALSE) { ERROR(""read_fragment_table: failed to read fragment "" ""table index\n""); return FALSE; } } for(i = 0; i < sBlk.s.fragments; i++) SQUASHFS_INSWAP_FRAGMENT_ENTRY(&fragment_table[i]); *directory_table_end = fragment_table_index[0]; return TRUE; }",visit repo url,squashfs-tools/unsquash-4.c,https://github.com/plougher/squashfs-tools,269866167980227,1 4620,['CWE-399'],"static int ext4_nonda_switch(struct super_block *sb) { s64 free_blocks, dirty_blocks; struct ext4_sb_info *sbi = EXT4_SB(sb); free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); dirty_blocks = percpu_counter_read_positive(&sbi->s_dirtyblocks_counter); if (2 * free_blocks < 3 * dirty_blocks || free_blocks < (dirty_blocks + EXT4_FREEBLOCKS_WATERMARK)) { return 1; } return 0; }",linux-2.6,,,123015780009141435225506801693626406614,0 4289,['CWE-264'],"static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) { struct vm_area_struct *mpnt, *tmp, **pprev; struct rb_node **rb_link, *rb_parent; int retval; unsigned long charge; struct mempolicy *pol; down_write(&oldmm->mmap_sem); flush_cache_dup_mm(oldmm); down_write_nested(&mm->mmap_sem, SINGLE_DEPTH_NESTING); mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; mm->free_area_cache = oldmm->mmap_base; mm->cached_hole_size = ~0UL; mm->map_count = 0; cpus_clear(mm->cpu_vm_mask); mm->mm_rb = RB_ROOT; rb_link = &mm->mm_rb.rb_node; rb_parent = NULL; pprev = &mm->mmap; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { struct file *file; if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; vm_stat_account(mm, mpnt->vm_flags, mpnt->vm_file, -pages); continue; } charge = 0; if (mpnt->vm_flags & VM_ACCOUNT) { unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; if (security_vm_enough_memory(len)) goto fail_nomem; charge = len; } tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL); if (!tmp) goto fail_nomem; *tmp = *mpnt; pol = mpol_dup(vma_policy(mpnt)); retval = PTR_ERR(pol); if (IS_ERR(pol)) goto fail_nomem_policy; vma_set_policy(tmp, pol); tmp->vm_flags &= ~VM_LOCKED; tmp->vm_mm = mm; tmp->vm_next = NULL; anon_vma_link(tmp); file = tmp->vm_file; if (file) { struct inode *inode = file->f_path.dentry->d_inode; struct address_space *mapping = file->f_mapping; get_file(file); if (tmp->vm_flags & VM_DENYWRITE) atomic_dec(&inode->i_writecount); spin_lock(&mapping->i_mmap_lock); if (tmp->vm_flags & VM_SHARED) mapping->i_mmap_writable++; tmp->vm_truncate_count = mpnt->vm_truncate_count; flush_dcache_mmap_lock(mapping); vma_prio_tree_add(tmp, mpnt); flush_dcache_mmap_unlock(mapping); spin_unlock(&mapping->i_mmap_lock); } if (is_vm_hugetlb_page(tmp)) reset_vma_resv_huge_pages(tmp); *pprev = tmp; pprev = &tmp->vm_next; __vma_link_rb(mm, tmp, rb_link, rb_parent); rb_link = &tmp->vm_rb.rb_right; rb_parent = &tmp->vm_rb; mm->map_count++; retval = copy_page_range(mm, oldmm, mpnt); if (tmp->vm_ops && tmp->vm_ops->open) tmp->vm_ops->open(tmp); if (retval) goto out; } arch_dup_mmap(oldmm, mm); retval = 0; out: up_write(&mm->mmap_sem); flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; fail_nomem_policy: kmem_cache_free(vm_area_cachep, tmp); fail_nomem: retval = -ENOMEM; vm_unacct_memory(charge); goto out; }",linux-2.6,,,126853099421411625944122761359464872576,0 463,CWE-476,"static int dev_get_valid_name(struct net *net, struct net_device *dev, const char *name) { BUG_ON(!net); if (!dev_valid_name(name)) return -EINVAL; if (strchr(name, '%')) return dev_alloc_name_ns(net, dev, name); else if (__dev_get_by_name(net, name)) return -EEXIST; else if (dev->name != name) strlcpy(dev->name, name, IFNAMSIZ); return 0; }",visit repo url,net/core/dev.c,https://github.com/torvalds/linux,218838224600377,1 4451,['CWE-264'],"static struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len, unsigned long data_len, int noblock, int *errcode) { struct sk_buff *skb; gfp_t gfp_mask; long timeo; int err; gfp_mask = sk->sk_allocation; if (gfp_mask & __GFP_WAIT) gfp_mask |= __GFP_REPEAT; timeo = sock_sndtimeo(sk, noblock); while (1) { err = sock_error(sk); if (err != 0) goto failure; err = -EPIPE; if (sk->sk_shutdown & SEND_SHUTDOWN) goto failure; if (atomic_read(&sk->sk_wmem_alloc) < sk->sk_sndbuf) { skb = alloc_skb(header_len, gfp_mask); if (skb) { int npages; int i; if (!data_len) break; npages = (data_len + (PAGE_SIZE - 1)) >> PAGE_SHIFT; skb->truesize += data_len; skb_shinfo(skb)->nr_frags = npages; for (i = 0; i < npages; i++) { struct page *page; skb_frag_t *frag; page = alloc_pages(sk->sk_allocation, 0); if (!page) { err = -ENOBUFS; skb_shinfo(skb)->nr_frags = i; kfree_skb(skb); goto failure; } frag = &skb_shinfo(skb)->frags[i]; frag->page = page; frag->page_offset = 0; frag->size = (data_len >= PAGE_SIZE ? PAGE_SIZE : data_len); data_len -= PAGE_SIZE; } break; } err = -ENOBUFS; goto failure; } set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags); set_bit(SOCK_NOSPACE, &sk->sk_socket->flags); err = -EAGAIN; if (!timeo) goto failure; if (signal_pending(current)) goto interrupted; timeo = sock_wait_for_wmem(sk, timeo); } skb_set_owner_w(skb, sk); return skb; interrupted: err = sock_intr_errno(timeo); failure: *errcode = err; return NULL; }",linux-2.6,,,339566674102378859691171824427625308625,0 2813,CWE-119,"static BOOL rdp_read_font_capability_set(wStream* s, UINT16 length, rdpSettings* settings) { WINPR_UNUSED(settings); if (length > 4) Stream_Seek_UINT16(s); if (length > 6) Stream_Seek_UINT16(s); return TRUE; }",visit repo url,libfreerdp/core/capabilities.c,https://github.com/FreeRDP/FreeRDP,208715988574405,1 2861,CWE-119,"horizontalDifference16(unsigned short *ip, int n, int stride, unsigned short *wp, uint16 *From14) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) From14[(v) >> 2] mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,33444542816717,1 5044,CWE-125,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 1038,['CWE-20'],"int unregister_reboot_notifier(struct notifier_block * nb) { return blocking_notifier_chain_unregister(&reboot_notifier_list, nb); }",linux-2.6,,,310612071983560999112812634210657453555,0 2416,['CWE-119'],"void diff_tree_release_paths(struct diff_options *opt) { free(opt->pathlens); }",git,,,153664875000079249938230070840255826030,0 4807,['CWE-399'],"SYSCALL_DEFINE3(inotify_add_watch, int, fd, const char __user *, pathname, u32, mask) { struct inode *inode; struct inotify_device *dev; struct path path; struct file *filp; int ret, fput_needed; unsigned flags = 0; filp = fget_light(fd, &fput_needed); if (unlikely(!filp)) return -EBADF; if (unlikely(filp->f_op != &inotify_fops)) { ret = -EINVAL; goto fput_and_out; } if (!(mask & IN_DONT_FOLLOW)) flags |= LOOKUP_FOLLOW; if (mask & IN_ONLYDIR) flags |= LOOKUP_DIRECTORY; ret = find_inode(pathname, &path, flags); if (unlikely(ret)) goto fput_and_out; inode = path.dentry->d_inode; dev = filp->private_data; mutex_lock(&dev->up_mutex); ret = inotify_find_update_watch(dev->ih, inode, mask); if (ret == -ENOENT) ret = create_watch(dev, inode, mask); mutex_unlock(&dev->up_mutex); path_put(&path); fput_and_out: fput_light(filp, fput_needed); return ret; }",linux-2.6,,,22822962111166541214071968403910787341,0 1609,CWE-416,"void inet6_destroy_sock(struct sock *sk) { struct ipv6_pinfo *np = inet6_sk(sk); struct sk_buff *skb; struct ipv6_txoptions *opt; skb = xchg(&np->pktoptions, NULL); if (skb) kfree_skb(skb); skb = xchg(&np->rxpmtu, NULL); if (skb) kfree_skb(skb); fl6_free_socklist(sk); opt = xchg(&np->opt, NULL); if (opt) sock_kfree_s(sk, opt, opt->tot_len); }",visit repo url,net/ipv6/af_inet6.c,https://github.com/torvalds/linux,132928787989107,1 1721,[],"void set_user_nice(struct task_struct *p, long nice) { int old_prio, delta, on_rq; unsigned long flags; struct rq *rq; if (TASK_NICE(p) == nice || nice < -20 || nice > 19) return; rq = task_rq_lock(p, &flags); update_rq_clock(rq); if (task_has_rt_policy(p)) { p->static_prio = NICE_TO_PRIO(nice); goto out_unlock; } on_rq = p->se.on_rq; if (on_rq) dequeue_task(rq, p, 0); p->static_prio = NICE_TO_PRIO(nice); set_load_weight(p); old_prio = p->prio; p->prio = effective_prio(p); delta = p->prio - old_prio; if (on_rq) { enqueue_task(rq, p, 0); if (delta < 0 || (delta > 0 && task_running(rq, p))) resched_task(rq->curr); } out_unlock: task_rq_unlock(rq, &flags); }",linux-2.6,,,80653397182524564638212572104791328792,0 1083,CWE-399,"static struct fsnotify_group *inotify_new_group(struct user_struct *user, unsigned int max_events) { struct fsnotify_group *group; group = fsnotify_alloc_group(&inotify_fsnotify_ops); if (IS_ERR(group)) return group; group->max_events = max_events; spin_lock_init(&group->inotify_data.idr_lock); idr_init(&group->inotify_data.idr); group->inotify_data.last_wd = 0; group->inotify_data.user = user; group->inotify_data.fa = NULL; return group; }",visit repo url,fs/notify/inotify/inotify_user.c,https://github.com/torvalds/linux,238585348837141,1 4580,['CWE-399'],"static inline ext4_fsblk_t ext4_free_blocks_count(struct ext4_super_block *es) { return ((ext4_fsblk_t)le32_to_cpu(es->s_free_blocks_count_hi) << 32) | le32_to_cpu(es->s_free_blocks_count_lo);",linux-2.6,,,131842222677936519919933884856675960292,0 5850,CWE-125,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_nack( const void *buf, pj_size_t length, unsigned *nack_cnt, pjmedia_rtcp_fb_nack nack[]) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; pj_uint8_t *p; unsigned cnt, i; PJ_ASSERT_RETURN(buf && nack_cnt && nack, PJ_EINVAL); PJ_ASSERT_RETURN(length >= sizeof(pjmedia_rtcp_common), PJ_ETOOSMALL); if (hdr->pt != RTCP_RTPFB || hdr->count != 1) return PJ_ENOTFOUND; cnt = pj_ntohs((pj_uint16_t)hdr->length); if (cnt > 2) cnt -= 2; else cnt = 0; if (length < (cnt+3)*4) return PJ_ETOOSMALL; *nack_cnt = PJ_MIN(*nack_cnt, cnt); p = (pj_uint8_t*)hdr + sizeof(*hdr); for (i = 0; i < *nack_cnt; ++i) { pj_uint16_t val; pj_memcpy(&val, p, 2); nack[i].pid = pj_ntohs(val); pj_memcpy(&val, p+2, 2); nack[i].blp = pj_ntohs(val); p += 4; } return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,183847780778538,1 5463,['CWE-476'],"void kvm_put_guest_fpu(struct kvm_vcpu *vcpu) { if (!vcpu->guest_fpu_loaded) return; vcpu->guest_fpu_loaded = 0; kvm_fx_save(&vcpu->arch.guest_fx_image); kvm_fx_restore(&vcpu->arch.host_fx_image); ++vcpu->stat.fpu_reload; }",linux-2.6,,,89063078621274714905325851330191452996,0 186,[],"static int put_compat_statfs(struct compat_statfs __user *ubuf, struct kstatfs *kbuf) { if (sizeof ubuf->f_blocks == 4) { if ((kbuf->f_blocks | kbuf->f_bfree | kbuf->f_bavail) & 0xffffffff00000000ULL) return -EOVERFLOW; if (kbuf->f_files != 0xffffffffffffffffULL && (kbuf->f_files & 0xffffffff00000000ULL)) return -EOVERFLOW; if (kbuf->f_ffree != 0xffffffffffffffffULL && (kbuf->f_ffree & 0xffffffff00000000ULL)) return -EOVERFLOW; } if (!access_ok(VERIFY_WRITE, ubuf, sizeof(*ubuf)) || __put_user(kbuf->f_type, &ubuf->f_type) || __put_user(kbuf->f_bsize, &ubuf->f_bsize) || __put_user(kbuf->f_blocks, &ubuf->f_blocks) || __put_user(kbuf->f_bfree, &ubuf->f_bfree) || __put_user(kbuf->f_bavail, &ubuf->f_bavail) || __put_user(kbuf->f_files, &ubuf->f_files) || __put_user(kbuf->f_ffree, &ubuf->f_ffree) || __put_user(kbuf->f_namelen, &ubuf->f_namelen) || __put_user(kbuf->f_fsid.val[0], &ubuf->f_fsid.val[0]) || __put_user(kbuf->f_fsid.val[1], &ubuf->f_fsid.val[1]) || __put_user(kbuf->f_frsize, &ubuf->f_frsize) || __put_user(0, &ubuf->f_spare[0]) || __put_user(0, &ubuf->f_spare[1]) || __put_user(0, &ubuf->f_spare[2]) || __put_user(0, &ubuf->f_spare[3]) || __put_user(0, &ubuf->f_spare[4])) return -EFAULT; return 0; }",linux-2.6,,,338245970569882065817211948281521854528,0 2847,CWE-119,"horizontalDifference8(unsigned char *ip, int n, int stride, unsigned short *wp, uint16 *From8) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) (From8[(v)]) mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; r1 = CLAMP(ip[3]); wp[3] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[4]); wp[4] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[5]); wp[5] = (uint16)((b1-b2) & mask); b2 = b1; wp += 3; ip += 3; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; r1 = CLAMP(ip[4]); wp[4] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[5]); wp[5] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[6]); wp[6] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[7]); wp[7] = (uint16)((a1-a2) & mask); a2 = a1; wp += 4; ip += 4; } } else { wp += n + stride - 1; ip += n + stride - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,90993586991407,1 2402,['CWE-119'],"static int remove_space(char *line, int len) { int i; char *dst = line; unsigned char c; for (i = 0; i < len; i++) if (!isspace((c = line[i]))) *dst++ = c; return dst - line; }",git,,,100916661862848415038550548596749869221,0 4595,CWE-190,"static s32 gf_media_vvc_read_sps_bs_internal(GF_BitStream *bs, VVCState *vvc, u8 layer_id, u32 *vui_flag_pos) { s32 vps_id, sps_id; u32 i, CtbSizeY; VVC_SPS *sps; u8 sps_ptl_dpb_hrd_params_present_flag; if (vui_flag_pos) *vui_flag_pos = 0; sps_id = gf_bs_read_int_log(bs, 4, ""sps_id""); if (sps_id >= 16) { return -1; } vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) { return -1; } if (!vps_id && !vvc->vps[0].state) { vvc->vps[0].state = 1; vvc->vps[0].num_ptl = 1; vvc->vps[0].max_layers = 1; vvc->vps[0].all_layers_independent = 1; } sps = &vvc->sps[sps_id]; if (!sps->state) { sps->state = 1; sps->id = sps_id; sps->vps_id = vps_id; } sps->max_sublayers = 1 + gf_bs_read_int_log(bs, 3, ""max_sublayers_minus1""); sps->chroma_format_idc = gf_bs_read_int_log(bs, 2, ""chroma_format_idc""); sps->log2_ctu_size = 5 + gf_bs_read_int_log(bs, 2, ""log2_ctu_size_minus5""); CtbSizeY = 1<log2_ctu_size; sps_ptl_dpb_hrd_params_present_flag = gf_bs_read_int_log(bs, 1, ""sps_ptl_dpb_hrd_params_present_flag""); if (sps_ptl_dpb_hrd_params_present_flag) { VVC_ProfileTierLevel ptl, *p_ptl; if (sps->vps_id) { p_ptl = &ptl; } else { p_ptl = &vvc->vps[0].ptl[0]; } memset(p_ptl, 0, sizeof(VVC_ProfileTierLevel)); p_ptl->pt_present = 1; p_ptl->ptl_max_tid = sps->max_sublayers; vvc_profile_tier_level(bs, p_ptl, 0); } sps->gdr_enabled = gf_bs_read_int_log(bs, 1, ""gdr_enabled""); sps->ref_pic_resampling = gf_bs_read_int_log(bs, 1, ""ref_pic_resampling""); if (sps->ref_pic_resampling) sps->res_change_in_clvs = gf_bs_read_int_log(bs, 1, ""res_change_in_clvs""); sps->width = gf_bs_read_ue_log(bs, ""width""); sps->height = gf_bs_read_ue_log(bs, ""height""); sps->conf_window = gf_bs_read_int_log(bs, 1, ""conformance_window_present_flag""); if (sps->conf_window) { sps->cw_left = gf_bs_read_ue_log(bs, ""conformance_window_left""); sps->cw_right = gf_bs_read_ue_log(bs, ""conformance_window_right""); sps->cw_top = gf_bs_read_ue_log(bs, ""conformance_window_top""); sps->cw_bottom = gf_bs_read_ue_log(bs, ""conformance_window_bottom""); } sps->subpic_info_present = gf_bs_read_int_log(bs, 1, ""subpic_info_present""); if (sps->subpic_info_present) { sps->nb_subpics = 1 + gf_bs_read_ue_log(bs, ""nb_subpics_minus1""); if (sps->nb_subpics>1) { u32 tmpWidthVal, tmpHeightVal; sps->independent_subpic_flags = gf_bs_read_int_log(bs, 1, ""independent_subpic_flags""); sps->subpic_same_size = gf_bs_read_int_log(bs, 1, ""subpic_same_size""); tmpWidthVal = (sps->width + CtbSizeY-1) / CtbSizeY; tmpWidthVal = gf_get_bit_size(tmpWidthVal); tmpHeightVal = (sps->height + CtbSizeY-1) / CtbSizeY; tmpHeightVal = gf_get_bit_size(tmpHeightVal); for (i=0; inb_subpics; i++) { if( !sps->subpic_same_size || !i) { if (i && (sps->width > CtbSizeY)) gf_bs_read_int_log(bs, tmpWidthVal, ""subpic_ctu_top_left_x""); if (i && (sps->height > CtbSizeY)) gf_bs_read_int_log(bs, tmpHeightVal, ""subpic_ctu_top_left_y""); if ((i+1 < sps->nb_subpics) && (sps->width > CtbSizeY)) gf_bs_read_int_log(bs, tmpWidthVal, ""subpic_width_minus1""); if ((i+1 < sps->nb_subpics) && (sps->height > CtbSizeY)) gf_bs_read_int_log(bs, tmpHeightVal, ""subpic_height_minus1""); } if (!sps->independent_subpic_flags) { gf_bs_read_int_log(bs, 1, ""subpic_treated_as_pic_flag""); gf_bs_read_int_log(bs, 1, ""loop_filter_across_subpic_enabled_flag""); } } sps->subpicid_len = gf_bs_read_ue_log(bs, ""subpic_id_len_minus1"") + 1; sps->subpicid_mapping_explicit = gf_bs_read_int_log(bs, 1, ""subpic_id_mapping_explicitly_signalled_flag""); if (sps->subpicid_mapping_explicit) { sps->subpicid_mapping_present = gf_bs_read_int_log(bs, 1, ""subpic_id_mapping_present_flag""); if (sps->subpicid_mapping_present) { for (i=0; inb_subpics; i++) { gf_bs_read_ue_log(bs, ""subpic_id""); } } } } } sps->bitdepth = gf_bs_read_ue_log(bs, ""bitdepth_minus8"") + 8; gf_bs_read_int_log(bs, 1, ""entropy_coding_sync_enabled_flag""); gf_bs_read_int_log(bs, 1, ""entry_point_offsets_present_flag""); sps->log2_max_poc_lsb = 4 + gf_bs_read_int_log(bs, 4, ""log2_max_poc_lsb_minus4""); if ((sps->poc_msb_cycle_flag = gf_bs_read_int_log(bs, 1, ""poc_msb_cycle_flag""))) sps->poc_msb_cycle_len = 1 + gf_bs_read_ue_log(bs, ""poc_msb_cycle_len_minus1""); u8 sps_num_extra_ph_bits = 8 * gf_bs_read_int_log(bs, 2, ""sps_num_extra_ph_bytes""); for (i=0; iph_num_extra_bits++; } u8 sps_num_extra_sh_bits = 8 * gf_bs_read_int_log(bs, 2, ""num_extra_sh_bytes""); for (i=0; ish_num_extra_bits++; } if (sps_ptl_dpb_hrd_params_present_flag) { u8 sps_sublayer_dpb_params_flag = 0; if (sps->max_sublayers>1) { sps_sublayer_dpb_params_flag = gf_bs_read_int_log(bs, 1, ""sps_sublayer_dpb_params_flag""); } for (i=(sps_sublayer_dpb_params_flag ? 0 : sps->max_sublayers-1); i < sps->max_sublayers; i++ ) { gf_bs_read_ue_log_idx(bs, ""dpb_max_dec_pic_buffering_minus1"", i); gf_bs_read_ue_log_idx(bs, ""dpb_max_num_reorder_pics"", i); gf_bs_read_ue_log_idx(bs, ""dpb_max_latency_increase_plus1"", i); } } gf_bs_read_ue_log(bs, ""sps_log2_min_luma_coding_block_size_minus2""); gf_bs_read_int_log(bs, 1, ""sps_partition_constraints_override_enabled_flag""); gf_bs_read_ue_log(bs, ""sps_log2_min_luma_coding_block_size_minus2""); u8 sps_max_mtt_hierarchy_depth_intra_slice_luma = gf_bs_read_ue_log(bs, ""sps_max_mtt_hierarchy_depth_intra_slice_luma""); if (sps_max_mtt_hierarchy_depth_intra_slice_luma != 0) { gf_bs_read_ue_log(bs, ""sps_log2_diff_max_bt_min_qt_intra_slice_luma""); gf_bs_read_ue_log(bs, ""sps_log2_diff_max_tt_min_qt_intra_slice_luma""); } u8 sps_qtbtt_dual_tree_intra_flag = 0; if (sps->chroma_format_idc) { sps_qtbtt_dual_tree_intra_flag = gf_bs_read_int_log(bs, 1, ""sps_qtbtt_dual_tree_intra_flag""); } if (sps_qtbtt_dual_tree_intra_flag) { gf_bs_read_ue_log(bs, ""sps_log2_diff_min_qt_min_cb_intra_slice_chroma""); u8 sps_max_mtt_hierarchy_depth_intra_slice_chroma = gf_bs_read_ue_log(bs, ""sps_max_mtt_hierarchy_depth_intra_slice_chroma""); if( sps_max_mtt_hierarchy_depth_intra_slice_chroma != 0) { gf_bs_read_ue_log(bs, ""sps_log2_diff_max_bt_min_qt_intra_slice_chroma""); gf_bs_read_ue_log(bs, ""sps_log2_diff_max_tt_min_qt_intra_slice_chroma""); } } gf_bs_read_ue_log(bs, ""sps_log2_diff_min_qt_min_cb_inter_slice""); u8 sps_max_mtt_hierarchy_depth_inter_slice = gf_bs_read_ue_log(bs, ""sps_max_mtt_hierarchy_depth_inter_slice""); if (sps_max_mtt_hierarchy_depth_inter_slice != 0) { gf_bs_read_ue_log(bs, ""sps_log2_diff_max_bt_min_qt_inter_slice""); gf_bs_read_ue_log(bs, ""sps_log2_diff_max_tt_min_qt_inter_slice""); } if (CtbSizeY > 32) { gf_bs_read_int_log(bs, 1, ""sps_max_luma_transform_size_64_flag""); } u8 sps_transform_skip_enabled_flag = gf_bs_read_int_log(bs, 1, ""sps_transform_skip_enabled_flag""); if (sps_transform_skip_enabled_flag) { gf_bs_read_ue_log(bs, ""sps_log2_transform_skip_max_size_minus2""); gf_bs_read_int_log(bs, 1, ""sps_bdpcm_enabled_flag""); } if (gf_bs_read_int_log(bs, 1, ""sps_mts_enabled_flag"")) { gf_bs_read_int_log(bs, 1, ""sps_explicit_mts_intra_enabled_flag""); gf_bs_read_int_log(bs, 1, ""sps_explicit_mts_inter_enabled_flag""); } gf_bs_read_int_log(bs, 1, ""sps_lfnst_enabled_flag""); if (sps->chroma_format_idc) { u8 sps_joint_cbcr_enabled_flag = gf_bs_read_int_log(bs, 1, ""sps_joint_cbcr_enabled_flag""); u8 sps_same_qp_table_for_chroma_flag = gf_bs_read_int_log(bs, 1, ""sps_same_qp_table_for_chroma_flag""); u32 numQpTables = sps_same_qp_table_for_chroma_flag ? 1 : (sps_joint_cbcr_enabled_flag ? 3 : 2); for (i=0; ialf_enabled_flag = gf_bs_read_int_log(bs, 1, ""sps_alf_enabled_flag""); if (sps->alf_enabled_flag && sps->chroma_format_idc) { gf_bs_read_int_log(bs, 1, ""sps_ccalf_enabled_flag""); } return sps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,77414370045047,1 2357,CWE-617,"static int er_supported(ERContext *s) { if(s->avctx->hwaccel && s->avctx->hwaccel->decode_slice || !s->cur_pic.f || s->cur_pic.field_picture || s->avctx->profile == FF_PROFILE_MPEG4_SIMPLE_STUDIO ) return 0; return 1; }",visit repo url,libavcodec/error_resilience.c,https://github.com/FFmpeg/FFmpeg,69825798195561,1 4365,CWE-59,"static int fsmMkdir(const char *path, mode_t mode) { int rc = mkdir(path, (mode & 07777)); if (_fsm_debug) rpmlog(RPMLOG_DEBUG, "" %8s (%s, 0%04o) %s\n"", __func__, path, (unsigned)(mode & 07777), (rc < 0 ? strerror(errno) : """")); if (rc < 0) rc = RPMERR_MKDIR_FAILED; return rc; }",visit repo url,lib/fsm.c,https://github.com/rpm-software-management/rpm,52200461557310,1 4242,['CWE-399'],"static int noop_enqueue(struct sk_buff *skb, struct Qdisc * qdisc) { kfree_skb(skb); return NET_XMIT_CN; }",linux-2.6,,,157119407709171144484012111017591299206,0 2994,CWE-20,"doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, size_t size, off_t fsize, int *flags, int mach, int strtab) { Elf32_Shdr sh32; Elf64_Shdr sh64; int stripped = 1; size_t nbadcap = 0; void *nbuf; off_t noff, coff, name_off; uint64_t cap_hw1 = 0; uint64_t cap_sf1 = 0; char name[50]; if (size != xsh_sizeof) { if (file_printf(ms, "", corrupted section header size"") == -1) return -1; return 0; } if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) == -1) { file_badread(ms); return -1; } name_off = xsh_offset; for ( ; num; num--) { if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) { file_badread(ms); return -1; } name[sizeof(name) - 1] = '\0'; if (strcmp(name, "".debug_info"") == 0) stripped = 0; if (pread(fd, xsh_addr, xsh_sizeof, off) == -1) { file_badread(ms); return -1; } off += size; switch (xsh_type) { case SHT_SYMTAB: #if 0 case SHT_DYNSYM: #endif stripped = 0; break; default: if (fsize != SIZE_UNKNOWN && xsh_offset > fsize) { continue; } break; } switch (xsh_type) { case SHT_NOTE: if ((nbuf = malloc(xsh_size)) == NULL) { file_error(ms, errno, ""Cannot allocate memory"" "" for note""); return -1; } if (pread(fd, nbuf, xsh_size, xsh_offset) == -1) { file_badread(ms); free(nbuf); return -1; } noff = 0; for (;;) { if (noff >= (off_t)xsh_size) break; noff = donote(ms, nbuf, (size_t)noff, xsh_size, clazz, swap, 4, flags); if (noff == 0) break; } free(nbuf); break; case SHT_SUNW_cap: switch (mach) { case EM_SPARC: case EM_SPARCV9: case EM_IA_64: case EM_386: case EM_AMD64: break; default: goto skip; } if (nbadcap > 5) break; if (lseek(fd, xsh_offset, SEEK_SET) == (off_t)-1) { file_badseek(ms); return -1; } coff = 0; for (;;) { Elf32_Cap cap32; Elf64_Cap cap64; char cbuf[ MAX(sizeof cap32, sizeof cap64)]; if ((coff += xcap_sizeof) > (off_t)xsh_size) break; if (read(fd, cbuf, (size_t)xcap_sizeof) != (ssize_t)xcap_sizeof) { file_badread(ms); return -1; } if (cbuf[0] == 'A') { #ifdef notyet char *p = cbuf + 1; uint32_t len, tag; memcpy(&len, p, sizeof(len)); p += 4; len = getu32(swap, len); if (memcmp(""gnu"", p, 3) != 0) { if (file_printf(ms, "", unknown capability %.3s"", p) == -1) return -1; break; } p += strlen(p) + 1; tag = *p++; memcpy(&len, p, sizeof(len)); p += 4; len = getu32(swap, len); if (tag != 1) { if (file_printf(ms, "", unknown gnu"" "" capability tag %d"", tag) == -1) return -1; break; } #endif break; } (void)memcpy(xcap_addr, cbuf, xcap_sizeof); switch (xcap_tag) { case CA_SUNW_NULL: break; case CA_SUNW_HW_1: cap_hw1 |= xcap_val; break; case CA_SUNW_SF_1: cap_sf1 |= xcap_val; break; default: if (file_printf(ms, "", with unknown capability "" ""0x%"" INT64_T_FORMAT ""x = 0x%"" INT64_T_FORMAT ""x"", (unsigned long long)xcap_tag, (unsigned long long)xcap_val) == -1) return -1; if (nbadcap++ > 2) coff = xsh_size; break; } } skip: default: break; } } if (file_printf(ms, "", %sstripped"", stripped ? """" : ""not "") == -1) return -1; if (cap_hw1) { const cap_desc_t *cdp; switch (mach) { case EM_SPARC: case EM_SPARC32PLUS: case EM_SPARCV9: cdp = cap_desc_sparc; break; case EM_386: case EM_IA_64: case EM_AMD64: cdp = cap_desc_386; break; default: cdp = NULL; break; } if (file_printf(ms, "", uses"") == -1) return -1; if (cdp) { while (cdp->cd_name) { if (cap_hw1 & cdp->cd_mask) { if (file_printf(ms, "" %s"", cdp->cd_name) == -1) return -1; cap_hw1 &= ~cdp->cd_mask; } ++cdp; } if (cap_hw1) if (file_printf(ms, "" unknown hardware capability 0x%"" INT64_T_FORMAT ""x"", (unsigned long long)cap_hw1) == -1) return -1; } else { if (file_printf(ms, "" hardware capability 0x%"" INT64_T_FORMAT ""x"", (unsigned long long)cap_hw1) == -1) return -1; } } if (cap_sf1) { if (cap_sf1 & SF1_SUNW_FPUSED) { if (file_printf(ms, (cap_sf1 & SF1_SUNW_FPKNWN) ? "", uses frame pointer"" : "", not known to use frame pointer"") == -1) return -1; } cap_sf1 &= ~SF1_SUNW_MASK; if (cap_sf1) if (file_printf(ms, "", with unknown software capability 0x%"" INT64_T_FORMAT ""x"", (unsigned long long)cap_sf1) == -1) return -1; } return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,218853316767271,1 4480,CWE-125,"get_word_rgb_row(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) { ppm_source_ptr source = (ppm_source_ptr)sinfo; register JSAMPROW ptr; register U_CHAR *bufferptr; register JSAMPLE *rescale = source->rescale; JDIMENSION col; unsigned int maxval = source->maxval; if (!ReadOK(source->pub.input_file, source->iobuffer, source->buffer_width)) ERREXIT(cinfo, JERR_INPUT_EOF); ptr = source->pub.buffer[0]; bufferptr = source->iobuffer; for (col = cinfo->image_width; col > 0; col--) { register unsigned int temp; temp = UCH(*bufferptr++) << 8; temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_TOOLARGE); *ptr++ = rescale[temp]; temp = UCH(*bufferptr++) << 8; temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_TOOLARGE); *ptr++ = rescale[temp]; temp = UCH(*bufferptr++) << 8; temp |= UCH(*bufferptr++); if (temp > maxval) ERREXIT(cinfo, JERR_PPM_TOOLARGE); *ptr++ = rescale[temp]; } return 1; }",visit repo url,rdppm.c,https://github.com/libjpeg-turbo/libjpeg-turbo,95124964450977,1 5697,CWE-125,"bgp_auth_parse (struct peer *peer, u_char *pnt, size_t length) { bgp_notify_send (peer, BGP_NOTIFY_OPEN_ERR, BGP_NOTIFY_OPEN_AUTH_FAILURE); return -1; }",visit repo url,bgpd/bgp_open.c,https://github.com/FRRouting/frr,39886592994699,1 3192,CWE-835,"ikev1_n_print(netdissect_options *ndo, u_char tpay _U_, const struct isakmp_gen *ext, u_int item_len, const u_char *ep, uint32_t phase, uint32_t doi0 _U_, uint32_t proto0 _U_, int depth) { const struct ikev1_pl_n *p; struct ikev1_pl_n n; const u_char *cp; const u_char *ep2; uint32_t doi; uint32_t proto; static const char *notify_error_str[] = { NULL, ""INVALID-PAYLOAD-TYPE"", ""DOI-NOT-SUPPORTED"", ""SITUATION-NOT-SUPPORTED"", ""INVALID-COOKIE"", ""INVALID-MAJOR-VERSION"", ""INVALID-MINOR-VERSION"", ""INVALID-EXCHANGE-TYPE"", ""INVALID-FLAGS"", ""INVALID-MESSAGE-ID"", ""INVALID-PROTOCOL-ID"", ""INVALID-SPI"", ""INVALID-TRANSFORM-ID"", ""ATTRIBUTES-NOT-SUPPORTED"", ""NO-PROPOSAL-CHOSEN"", ""BAD-PROPOSAL-SYNTAX"", ""PAYLOAD-MALFORMED"", ""INVALID-KEY-INFORMATION"", ""INVALID-ID-INFORMATION"", ""INVALID-CERT-ENCODING"", ""INVALID-CERTIFICATE"", ""CERT-TYPE-UNSUPPORTED"", ""INVALID-CERT-AUTHORITY"", ""INVALID-HASH-INFORMATION"", ""AUTHENTICATION-FAILED"", ""INVALID-SIGNATURE"", ""ADDRESS-NOTIFICATION"", ""NOTIFY-SA-LIFETIME"", ""CERTIFICATE-UNAVAILABLE"", ""UNSUPPORTED-EXCHANGE-TYPE"", ""UNEQUAL-PAYLOAD-LENGTHS"", }; static const char *ipsec_notify_error_str[] = { ""RESERVED"", }; static const char *notify_status_str[] = { ""CONNECTED"", }; static const char *ipsec_notify_status_str[] = { ""RESPONDER-LIFETIME"", ""REPLAY-STATUS"", ""INITIAL-CONTACT"", }; #define NOTIFY_ERROR_STR(x) \ STR_OR_ID((x), notify_error_str) #define IPSEC_NOTIFY_ERROR_STR(x) \ STR_OR_ID((u_int)((x) - 8192), ipsec_notify_error_str) #define NOTIFY_STATUS_STR(x) \ STR_OR_ID((u_int)((x) - 16384), notify_status_str) #define IPSEC_NOTIFY_STATUS_STR(x) \ STR_OR_ID((u_int)((x) - 24576), ipsec_notify_status_str) ND_PRINT((ndo,""%s:"", NPSTR(ISAKMP_NPTYPE_N))); p = (const struct ikev1_pl_n *)ext; ND_TCHECK(*p); UNALIGNED_MEMCPY(&n, ext, sizeof(n)); doi = ntohl(n.doi); proto = n.prot_id; if (doi != 1) { ND_PRINT((ndo,"" doi=%d"", doi)); ND_PRINT((ndo,"" proto=%d"", proto)); if (ntohs(n.type) < 8192) ND_PRINT((ndo,"" type=%s"", NOTIFY_ERROR_STR(ntohs(n.type)))); else if (ntohs(n.type) < 16384) ND_PRINT((ndo,"" type=%s"", numstr(ntohs(n.type)))); else if (ntohs(n.type) < 24576) ND_PRINT((ndo,"" type=%s"", NOTIFY_STATUS_STR(ntohs(n.type)))); else ND_PRINT((ndo,"" type=%s"", numstr(ntohs(n.type)))); if (n.spi_size) { ND_PRINT((ndo,"" spi="")); if (!rawprint(ndo, (const uint8_t *)(p + 1), n.spi_size)) goto trunc; } return (const u_char *)(p + 1) + n.spi_size; } ND_PRINT((ndo,"" doi=ipsec"")); ND_PRINT((ndo,"" proto=%s"", PROTOIDSTR(proto))); if (ntohs(n.type) < 8192) ND_PRINT((ndo,"" type=%s"", NOTIFY_ERROR_STR(ntohs(n.type)))); else if (ntohs(n.type) < 16384) ND_PRINT((ndo,"" type=%s"", IPSEC_NOTIFY_ERROR_STR(ntohs(n.type)))); else if (ntohs(n.type) < 24576) ND_PRINT((ndo,"" type=%s"", NOTIFY_STATUS_STR(ntohs(n.type)))); else if (ntohs(n.type) < 32768) ND_PRINT((ndo,"" type=%s"", IPSEC_NOTIFY_STATUS_STR(ntohs(n.type)))); else ND_PRINT((ndo,"" type=%s"", numstr(ntohs(n.type)))); if (n.spi_size) { ND_PRINT((ndo,"" spi="")); if (!rawprint(ndo, (const uint8_t *)(p + 1), n.spi_size)) goto trunc; } cp = (const u_char *)(p + 1) + n.spi_size; ep2 = (const u_char *)p + item_len; if (cp < ep) { ND_PRINT((ndo,"" orig=("")); switch (ntohs(n.type)) { case IPSECDOI_NTYPE_RESPONDER_LIFETIME: { const struct attrmap *map = oakley_t_map; size_t nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]); while (cp < ep && cp < ep2) { cp = ikev1_attrmap_print(ndo, cp, (ep < ep2) ? ep : ep2, map, nmap); } break; } case IPSECDOI_NTYPE_REPLAY_STATUS: ND_PRINT((ndo,""replay detection %sabled"", EXTRACT_32BITS(cp) ? ""en"" : ""dis"")); break; case ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN: if (ikev1_sub_print(ndo, ISAKMP_NPTYPE_SA, (const struct isakmp_gen *)cp, ep, phase, doi, proto, depth) == NULL) return NULL; break; default: isakmp_print(ndo, cp, item_len - sizeof(*p) - n.spi_size, NULL); } ND_PRINT((ndo,"")"")); } return (const u_char *)ext + item_len; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(ISAKMP_NPTYPE_N))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,155379360894776,1 2066,CWE-120,"struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off, const struct bpf_insn *patch, u32 len) { u32 insn_adj_cnt, insn_rest, insn_delta = len - 1; struct bpf_prog *prog_adj; if (insn_delta == 0) { memcpy(prog->insnsi + off, patch, sizeof(*patch)); return prog; } insn_adj_cnt = prog->len + insn_delta; prog_adj = bpf_prog_realloc(prog, bpf_prog_size(insn_adj_cnt), GFP_USER); if (!prog_adj) return NULL; prog_adj->len = insn_adj_cnt; insn_rest = insn_adj_cnt - off - len; memmove(prog_adj->insnsi + off + len, prog_adj->insnsi + off + 1, sizeof(*patch) * insn_rest); memcpy(prog_adj->insnsi + off, patch, sizeof(*patch) * len); bpf_adj_branches(prog_adj, off, insn_delta); return prog_adj; }",visit repo url,kernel/bpf/core.c,https://github.com/torvalds/linux,271381670175210,1 4203,CWE-190,"xmalloc (size_t size) { void *ptr = malloc (size); if (!ptr && (size != 0)) { perror (""xmalloc: Memory allocation failure""); abort(); } return ptr; }",visit repo url,src/alloc.c,https://github.com/verdammelt/tnef,207391898543954,1 1240,[],"m4_pushdef (struct obstack *obs, int argc, token_data **argv) { define_macro (argc, argv, SYMBOL_PUSHDEF); }",m4,,,49643228606914269893866415067387503741,0 218,[],"static inline void __atalk_insert_socket(struct sock *sk) { sk_add_node(sk, &atalk_sockets); }",history,,,174684491810107002017700648429199557487,0 3185,CWE-125,"linkaddr_string(netdissect_options *ndo, const u_char *ep, const unsigned int type, const unsigned int len) { register u_int i; register char *cp; register struct enamemem *tp; if (len == 0) return (""""); if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN) return (etheraddr_string(ndo, ep)); if (type == LINKADDR_FRELAY) return (q922_string(ndo, ep, len)); tp = lookup_bytestring(ndo, ep, len); if (tp->e_name) return (tp->e_name); tp->e_name = cp = (char *)malloc(len*3); if (tp->e_name == NULL) (*ndo->ndo_error)(ndo, ""linkaddr_string: malloc""); *cp++ = hex[*ep >> 4]; *cp++ = hex[*ep++ & 0xf]; for (i = len-1; i > 0 ; --i) { *cp++ = ':'; *cp++ = hex[*ep >> 4]; *cp++ = hex[*ep++ & 0xf]; } *cp = '\0'; return (tp->e_name); }",visit repo url,addrtoname.c,https://github.com/the-tcpdump-group/tcpdump,222956046984098,1 3969,CWE-20,"parse_toshiba_packet(FILE_T fh, struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info) { union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header; char line[TOSHIBA_LINE_LENGTH]; int num_items_scanned; guint pkt_len; int pktnum, hr, min, sec, csec; char channel[10], direction[10]; int i, hex_lines; guint8 *pd; if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) { *err = file_error(fh, err_info); if (*err == 0) { *err = WTAP_ERR_SHORT_READ; } return FALSE; } num_items_scanned = sscanf(line, ""%9d] %2d:%2d:%2d.%9d %9s %9s"", &pktnum, &hr, &min, &sec, &csec, channel, direction); if (num_items_scanned != 7) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""toshiba: record header isn't valid""); return FALSE; } do { if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) { *err = file_error(fh, err_info); if (*err == 0) { *err = WTAP_ERR_SHORT_READ; } return FALSE; } line[16] = '\0'; } while (strcmp(line, ""OFFSET 0001-0203"") != 0); num_items_scanned = sscanf(line+64, ""LEN=%9u"", &pkt_len); if (num_items_scanned != 1) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""toshiba: OFFSET line doesn't have valid LEN item""); return FALSE; } if (pkt_len > WTAP_MAX_PACKET_SIZE) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup_printf(""toshiba: File has %u-byte packet, bigger than maximum of %u"", pkt_len, WTAP_MAX_PACKET_SIZE); return FALSE; } phdr->rec_type = REC_TYPE_PACKET; phdr->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN; phdr->ts.secs = hr * 3600 + min * 60 + sec; phdr->ts.nsecs = csec * 10000000; phdr->caplen = pkt_len; phdr->len = pkt_len; switch (channel[0]) { case 'B': phdr->pkt_encap = WTAP_ENCAP_ISDN; pseudo_header->isdn.uton = (direction[0] == 'T'); pseudo_header->isdn.channel = (guint8) strtol(&channel[1], NULL, 10); break; case 'D': phdr->pkt_encap = WTAP_ENCAP_ISDN; pseudo_header->isdn.uton = (direction[0] == 'T'); pseudo_header->isdn.channel = 0; break; default: phdr->pkt_encap = WTAP_ENCAP_ETHERNET; pseudo_header->eth.fcs_len = -1; break; } ws_buffer_assure_space(buf, pkt_len); pd = ws_buffer_start_ptr(buf); hex_lines = pkt_len / 16 + ((pkt_len % 16) ? 1 : 0); for (i = 0; i < hex_lines; i++) { if (file_gets(line, TOSHIBA_LINE_LENGTH, fh) == NULL) { *err = file_error(fh, err_info); if (*err == 0) { *err = WTAP_ERR_SHORT_READ; } return FALSE; } if (!parse_single_hex_dump_line(line, pd, i * 16)) { *err = WTAP_ERR_BAD_FILE; *err_info = g_strdup(""toshiba: hex dump not valid""); return FALSE; } } return TRUE; }",visit repo url,wiretap/toshiba.c,https://github.com/wireshark/wireshark,40728422110511,1 200,CWE-681,"static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, int attr_len, bool log) { struct sw_flow_actions *acts; int new_acts_size; size_t req_size = NLA_ALIGN(attr_len); int next_offset = offsetof(struct sw_flow_actions, actions) + (*sfa)->actions_len; if (req_size <= (ksize(*sfa) - next_offset)) goto out; new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2); if (new_acts_size > MAX_ACTIONS_BUFSIZE) { if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { OVS_NLERR(log, ""Flow action size exceeds max %u"", MAX_ACTIONS_BUFSIZE); return ERR_PTR(-EMSGSIZE); } new_acts_size = MAX_ACTIONS_BUFSIZE; } acts = nla_alloc_flow_actions(new_acts_size); if (IS_ERR(acts)) return (void *)acts; memcpy(acts->actions, (*sfa)->actions, (*sfa)->actions_len); acts->actions_len = (*sfa)->actions_len; acts->orig_len = (*sfa)->orig_len; kfree(*sfa); *sfa = acts; out: (*sfa)->actions_len += req_size; return (struct nlattr *) ((unsigned char *)(*sfa) + next_offset); }",visit repo url,net/openvswitch/flow_netlink.c,https://github.com/torvalds/linux,187402346526483,1 198,CWE-476,"static void kvm_vcpu_destroy(struct kvm_vcpu *vcpu) { kvm_dirty_ring_free(&vcpu->dirty_ring); kvm_arch_vcpu_destroy(vcpu); put_pid(rcu_dereference_protected(vcpu->pid, 1)); free_page((unsigned long)vcpu->run); kmem_cache_free(kvm_vcpu_cache, vcpu); }",visit repo url,virt/kvm/kvm_main.c,https://github.com/torvalds/linux,29340215933107,1 3257,CWE-125,"ikev1_n_print(netdissect_options *ndo, u_char tpay _U_, const struct isakmp_gen *ext, u_int item_len, const u_char *ep, uint32_t phase _U_, uint32_t doi0 _U_, uint32_t proto0 _U_, int depth _U_) { const struct ikev1_pl_n *p; struct ikev1_pl_n n; const u_char *cp; const u_char *ep2; uint32_t doi; uint32_t proto; static const char *notify_error_str[] = { NULL, ""INVALID-PAYLOAD-TYPE"", ""DOI-NOT-SUPPORTED"", ""SITUATION-NOT-SUPPORTED"", ""INVALID-COOKIE"", ""INVALID-MAJOR-VERSION"", ""INVALID-MINOR-VERSION"", ""INVALID-EXCHANGE-TYPE"", ""INVALID-FLAGS"", ""INVALID-MESSAGE-ID"", ""INVALID-PROTOCOL-ID"", ""INVALID-SPI"", ""INVALID-TRANSFORM-ID"", ""ATTRIBUTES-NOT-SUPPORTED"", ""NO-PROPOSAL-CHOSEN"", ""BAD-PROPOSAL-SYNTAX"", ""PAYLOAD-MALFORMED"", ""INVALID-KEY-INFORMATION"", ""INVALID-ID-INFORMATION"", ""INVALID-CERT-ENCODING"", ""INVALID-CERTIFICATE"", ""CERT-TYPE-UNSUPPORTED"", ""INVALID-CERT-AUTHORITY"", ""INVALID-HASH-INFORMATION"", ""AUTHENTICATION-FAILED"", ""INVALID-SIGNATURE"", ""ADDRESS-NOTIFICATION"", ""NOTIFY-SA-LIFETIME"", ""CERTIFICATE-UNAVAILABLE"", ""UNSUPPORTED-EXCHANGE-TYPE"", ""UNEQUAL-PAYLOAD-LENGTHS"", }; static const char *ipsec_notify_error_str[] = { ""RESERVED"", }; static const char *notify_status_str[] = { ""CONNECTED"", }; static const char *ipsec_notify_status_str[] = { ""RESPONDER-LIFETIME"", ""REPLAY-STATUS"", ""INITIAL-CONTACT"", }; #define NOTIFY_ERROR_STR(x) \ STR_OR_ID((x), notify_error_str) #define IPSEC_NOTIFY_ERROR_STR(x) \ STR_OR_ID((u_int)((x) - 8192), ipsec_notify_error_str) #define NOTIFY_STATUS_STR(x) \ STR_OR_ID((u_int)((x) - 16384), notify_status_str) #define IPSEC_NOTIFY_STATUS_STR(x) \ STR_OR_ID((u_int)((x) - 24576), ipsec_notify_status_str) ND_PRINT((ndo,""%s:"", NPSTR(ISAKMP_NPTYPE_N))); p = (const struct ikev1_pl_n *)ext; ND_TCHECK(*p); UNALIGNED_MEMCPY(&n, ext, sizeof(n)); doi = ntohl(n.doi); proto = n.prot_id; if (doi != 1) { ND_PRINT((ndo,"" doi=%d"", doi)); ND_PRINT((ndo,"" proto=%d"", proto)); if (ntohs(n.type) < 8192) ND_PRINT((ndo,"" type=%s"", NOTIFY_ERROR_STR(ntohs(n.type)))); else if (ntohs(n.type) < 16384) ND_PRINT((ndo,"" type=%s"", numstr(ntohs(n.type)))); else if (ntohs(n.type) < 24576) ND_PRINT((ndo,"" type=%s"", NOTIFY_STATUS_STR(ntohs(n.type)))); else ND_PRINT((ndo,"" type=%s"", numstr(ntohs(n.type)))); if (n.spi_size) { ND_PRINT((ndo,"" spi="")); if (!rawprint(ndo, (const uint8_t *)(p + 1), n.spi_size)) goto trunc; } return (const u_char *)(p + 1) + n.spi_size; } ND_PRINT((ndo,"" doi=ipsec"")); ND_PRINT((ndo,"" proto=%s"", PROTOIDSTR(proto))); if (ntohs(n.type) < 8192) ND_PRINT((ndo,"" type=%s"", NOTIFY_ERROR_STR(ntohs(n.type)))); else if (ntohs(n.type) < 16384) ND_PRINT((ndo,"" type=%s"", IPSEC_NOTIFY_ERROR_STR(ntohs(n.type)))); else if (ntohs(n.type) < 24576) ND_PRINT((ndo,"" type=%s"", NOTIFY_STATUS_STR(ntohs(n.type)))); else if (ntohs(n.type) < 32768) ND_PRINT((ndo,"" type=%s"", IPSEC_NOTIFY_STATUS_STR(ntohs(n.type)))); else ND_PRINT((ndo,"" type=%s"", numstr(ntohs(n.type)))); if (n.spi_size) { ND_PRINT((ndo,"" spi="")); if (!rawprint(ndo, (const uint8_t *)(p + 1), n.spi_size)) goto trunc; } cp = (const u_char *)(p + 1) + n.spi_size; ep2 = (const u_char *)p + item_len; if (cp < ep) { switch (ntohs(n.type)) { case IPSECDOI_NTYPE_RESPONDER_LIFETIME: { const struct attrmap *map = oakley_t_map; size_t nmap = sizeof(oakley_t_map)/sizeof(oakley_t_map[0]); ND_PRINT((ndo,"" attrs=("")); while (cp < ep && cp < ep2) { cp = ikev1_attrmap_print(ndo, cp, (ep < ep2) ? ep : ep2, map, nmap); } ND_PRINT((ndo,"")"")); break; } case IPSECDOI_NTYPE_REPLAY_STATUS: ND_PRINT((ndo,"" status=("")); ND_PRINT((ndo,""replay detection %sabled"", EXTRACT_32BITS(cp) ? ""en"" : ""dis"")); ND_PRINT((ndo,"")"")); break; default: if (ndo->ndo_vflag > 3) { ND_PRINT((ndo,"" data=("")); if (!rawprint(ndo, (const uint8_t *)(cp), ep - cp)) goto trunc; ND_PRINT((ndo,"")"")); } else { if (!ike_show_somedata(ndo, cp, ep)) goto trunc; } break; } } return (const u_char *)ext + item_len; trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(ISAKMP_NPTYPE_N))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,262305651338500,1 5023,[],"static void account_lockout_policy_handler(struct event_context *ctx, struct timed_event *te, const struct timeval *now, void *private_data) { struct winbindd_child *child = (struct winbindd_child *)private_data; TALLOC_CTX *mem_ctx = NULL; struct winbindd_methods *methods; SAM_UNK_INFO_12 lockout_policy; NTSTATUS result; DEBUG(10,(""account_lockout_policy_handler called\n"")); TALLOC_FREE(child->lockout_policy_event); methods = child->domain->methods; mem_ctx = talloc_init(""account_lockout_policy_handler ctx""); if (!mem_ctx) { result = NT_STATUS_NO_MEMORY; } else { result = methods->lockout_policy(child->domain, mem_ctx, &lockout_policy); } talloc_destroy(mem_ctx); if (!NT_STATUS_IS_OK(result)) { DEBUG(10,(""account_lockout_policy_handler: lockout_policy failed error %s\n"", nt_errstr(result))); } child->lockout_policy_event = event_add_timed(winbind_event_context(), NULL, timeval_current_ofs(3600, 0), ""account_lockout_policy_handler"", account_lockout_policy_handler, child); }",samba,,,242608317163784488044708418157255026878,0 3221,CWE-125,"l2tp_proto_ver_print(netdissect_options *ndo, const uint16_t *dat) { ND_PRINT((ndo, ""%u.%u"", (EXTRACT_16BITS(dat) >> 8), (EXTRACT_16BITS(dat) & 0xff))); }",visit repo url,print-l2tp.c,https://github.com/the-tcpdump-group/tcpdump,75239689768329,1 5340,NVD-CWE-noinfo,"int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { struct passwd *pw = NULL, pw_s; const char *user = NULL; cfg_t cfg_st; cfg_t *cfg = &cfg_st; char buffer[BUFSIZE]; char *buf = NULL; char *authfile_dir; size_t authfile_dir_len; int pgu_ret, gpn_ret; int retval = PAM_IGNORE; device_t *devices = NULL; unsigned n_devices = 0; int openasuser; int should_free_origin = 0; int should_free_appid = 0; int should_free_auth_file = 0; int should_free_authpending_file = 0; parse_cfg(flags, argc, argv, cfg); if (!cfg->origin) { strcpy(buffer, DEFAULT_ORIGIN_PREFIX); if (gethostname(buffer + strlen(DEFAULT_ORIGIN_PREFIX), BUFSIZE - strlen(DEFAULT_ORIGIN_PREFIX)) == -1) { DBG(""Unable to get host name""); goto done; } DBG(""Origin not specified, using \""%s\"""", buffer); cfg->origin = strdup(buffer); if (!cfg->origin) { DBG(""Unable to allocate memory""); goto done; } else { should_free_origin = 1; } } if (!cfg->appid) { DBG(""Appid not specified, using the same value of origin (%s)"", cfg->origin); cfg->appid = strdup(cfg->origin); if (!cfg->appid) { DBG(""Unable to allocate memory"") goto done; } else { should_free_appid = 1; } } if (cfg->max_devs == 0) { DBG(""Maximum devices number not set. Using default (%d)"", MAX_DEVS); cfg->max_devs = MAX_DEVS; } devices = malloc(sizeof(device_t) * cfg->max_devs); if (!devices) { DBG(""Unable to allocate memory""); retval = PAM_IGNORE; goto done; } pgu_ret = pam_get_user(pamh, &user, NULL); if (pgu_ret != PAM_SUCCESS || user == NULL) { DBG(""Unable to access user %s"", user); retval = PAM_CONV_ERR; goto done; } DBG(""Requesting authentication for user %s"", user); gpn_ret = getpwnam_r(user, &pw_s, buffer, sizeof(buffer), &pw); if (gpn_ret != 0 || pw == NULL || pw->pw_dir == NULL || pw->pw_dir[0] != '/') { DBG(""Unable to retrieve credentials for user %s, (%s)"", user, strerror(errno)); retval = PAM_USER_UNKNOWN; goto done; } DBG(""Found user %s"", user); DBG(""Home directory for %s is %s"", user, pw->pw_dir); if (!cfg->auth_file) { buf = NULL; authfile_dir = secure_getenv(DEFAULT_AUTHFILE_DIR_VAR); if (!authfile_dir) { DBG(""Variable %s is not set. Using default value ($HOME/.config/)"", DEFAULT_AUTHFILE_DIR_VAR); authfile_dir_len = strlen(pw->pw_dir) + strlen(""/.config"") + strlen(DEFAULT_AUTHFILE) + 1; buf = malloc(sizeof(char) * (authfile_dir_len)); if (!buf) { DBG(""Unable to allocate memory""); retval = PAM_IGNORE; goto done; } snprintf(buf, authfile_dir_len, ""%s/.config%s"", pw->pw_dir, DEFAULT_AUTHFILE); } else { DBG(""Variable %s set to %s"", DEFAULT_AUTHFILE_DIR_VAR, authfile_dir); authfile_dir_len = strlen(authfile_dir) + strlen(DEFAULT_AUTHFILE) + 1; buf = malloc(sizeof(char) * (authfile_dir_len)); if (!buf) { DBG(""Unable to allocate memory""); retval = PAM_IGNORE; goto done; } snprintf(buf, authfile_dir_len, ""%s%s"", authfile_dir, DEFAULT_AUTHFILE); } DBG(""Using default authentication file %s"", buf); cfg->auth_file = buf; should_free_auth_file = 1; buf = NULL; } else { DBG(""Using authentication file %s"", cfg->auth_file); } openasuser = geteuid() == 0 && cfg->openasuser; if (openasuser) { if (seteuid(pw_s.pw_uid)) { DBG(""Unable to switch user to uid %i"", pw_s.pw_uid); retval = PAM_IGNORE; goto done; } DBG(""Switched to uid %i"", pw_s.pw_uid); } retval = get_devices_from_authfile(cfg->auth_file, user, cfg->max_devs, cfg->debug, cfg->debug_file, devices, &n_devices); if (openasuser) { if (seteuid(0)) { DBG(""Unable to switch back to uid 0""); retval = PAM_IGNORE; goto done; } DBG(""Switched back to uid 0""); } if (retval != 1) { n_devices = 0; } if (n_devices == 0) { if (cfg->nouserok) { DBG(""Found no devices but nouserok specified. Skipping authentication""); retval = PAM_SUCCESS; goto done; } else if (retval != 1) { DBG(""Unable to get devices from file %s"", cfg->auth_file); retval = PAM_AUTHINFO_UNAVAIL; goto done; } else { DBG(""Found no devices. Aborting.""); retval = PAM_AUTHINFO_UNAVAIL; goto done; } } if (!cfg->authpending_file) { int actual_size = snprintf(buffer, BUFSIZE, DEFAULT_AUTHPENDING_FILE_PATH, getuid()); if (actual_size >= 0 && actual_size < BUFSIZE) { cfg->authpending_file = strdup(buffer); } if (!cfg->authpending_file) { DBG(""Unable to allocate memory for the authpending_file, touch request notifications will not be emitted""); } else { should_free_authpending_file = 1; } } else { if (strlen(cfg->authpending_file) == 0) { DBG(""authpending_file is set to an empty value, touch request notifications will be disabled""); cfg->authpending_file = NULL; } } int authpending_file_descriptor = -1; if (cfg->authpending_file) { DBG(""Using file '%s' for emitting touch request notifications"", cfg->authpending_file); authpending_file_descriptor = open(cfg->authpending_file, O_RDONLY | O_CREAT, 0664); if (authpending_file_descriptor < 0) { DBG(""Unable to emit 'authentication started' notification by opening the file '%s', (%s)"", cfg->authpending_file, strerror(errno)); } } if (cfg->manual == 0) { if (cfg->interactive) { converse(pamh, PAM_PROMPT_ECHO_ON, cfg->prompt != NULL ? cfg->prompt : DEFAULT_PROMPT); } retval = do_authentication(cfg, devices, n_devices, pamh); } else { retval = do_manual_authentication(cfg, devices, n_devices, pamh); } if (authpending_file_descriptor >= 0) { if (close(authpending_file_descriptor) < 0) { DBG(""Unable to emit 'authentication stopped' notification by closing the file '%s', (%s)"", cfg->authpending_file, strerror(errno)); } } if (retval != 1) { DBG(""do_authentication returned %d"", retval); retval = PAM_AUTH_ERR; goto done; } retval = PAM_SUCCESS; done: free_devices(devices, n_devices); if (buf) { free(buf); buf = NULL; } if (should_free_origin) { free((char *) cfg->origin); cfg->origin = NULL; } if (should_free_appid) { free((char *) cfg->appid); cfg->appid = NULL; } if (should_free_auth_file) { free((char *) cfg->auth_file); cfg->auth_file = NULL; } if (should_free_authpending_file) { free((char *) cfg->authpending_file); cfg->authpending_file = NULL; } if (cfg->alwaysok && retval != PAM_SUCCESS) { DBG(""alwaysok needed (otherwise return with %d)"", retval); retval = PAM_SUCCESS; } DBG(""done. [%s]"", pam_strerror(pamh, retval)); return retval; }",visit repo url,pam-u2f.c,https://github.com/Yubico/pam-u2f,56925158457182,1 1045,['CWE-20'],"asmlinkage long sys_getpgid(pid_t pid) { if (!pid) return process_group(current); else { int retval; struct task_struct *p; read_lock(&tasklist_lock); p = find_task_by_pid(pid); retval = -ESRCH; if (p) { retval = security_task_getpgid(p); if (!retval) retval = process_group(p); } read_unlock(&tasklist_lock); return retval; } }",linux-2.6,,,78105642089590199572405253658361747474,0 3209,['CWE-189'],"static int file_read(jas_stream_obj_t *obj, char *buf, int cnt) { jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj); return read(fileobj->fd, buf, cnt); }",jasper,,,227552824070532164337539487708393152514,0 3082,CWE-310,"int dtls1_accept(SSL *s) { BUF_MEM *buf; unsigned long Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; unsigned long alg_k; int ret= -1; int new_state,state,skip=0; int listen; #ifndef OPENSSL_NO_SCTP unsigned char sctpauthkey[64]; char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)]; #endif RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); clear_sys_error(); if (s->info_callback != NULL) cb=s->info_callback; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; listen = s->d1->listen; s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); s->d1->listen = listen; #ifndef OPENSSL_NO_SCTP BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL); #endif if (s->cert == NULL) { SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET); return(-1); } #ifndef OPENSSL_NO_HEARTBEATS if (s->tlsext_hb_pending) { dtls1_stop_timer(s); s->tlsext_hb_pending = 0; s->tlsext_hb_seq++; } #endif for (;;) { state=s->state; switch (s->state) { case SSL_ST_RENEGOTIATE: s->renegotiate=1; case SSL_ST_BEFORE: case SSL_ST_ACCEPT: case SSL_ST_BEFORE|SSL_ST_ACCEPT: case SSL_ST_OK|SSL_ST_ACCEPT: s->server=1; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); return -1; } s->type=SSL_ST_ACCEPT; if (s->init_buf == NULL) { if ((buf=BUF_MEM_new()) == NULL) { ret= -1; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret= -1; goto end; } s->init_buf=buf; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } s->init_num=0; s->d1->change_cipher_spec_ok = 0; s->s3->change_cipher_spec = 0; if (s->state != SSL_ST_RENEGOTIATE) { #ifndef OPENSSL_NO_SCTP if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) #endif if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } ssl3_init_finished_mac(s); s->state=SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; } else { s->ctx->stats.sess_accept_renegotiate++; s->state=SSL3_ST_SW_HELLO_REQ_A; } break; case SSL3_ST_SW_HELLO_REQ_A: case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; dtls1_clear_record_buffer(s); dtls1_start_timer(s); ret=ssl3_send_hello_request(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; s->state=SSL3_ST_SW_FLUSH; s->init_num=0; ssl3_init_finished_mac(s); break; case SSL3_ST_SW_HELLO_REQ_C: s->state=SSL_ST_OK; break; case SSL3_ST_SR_CLNT_HELLO_A: case SSL3_ST_SR_CLNT_HELLO_B: case SSL3_ST_SR_CLNT_HELLO_C: s->shutdown=0; ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; dtls1_stop_timer(s); if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; else s->state = SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; if (listen) { memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); } if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; s->d1->listen = 0; s->d1->handshake_read_seq = 2; s->d1->handshake_write_seq = 1; s->d1->next_handshake_write_seq = 1; goto end; } break; case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: ret = dtls1_send_hello_verify_request(s); if ( ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; if (s->version != DTLS1_BAD_VER) ssl3_init_finished_mac(s); break; #ifndef OPENSSL_NO_SCTP case DTLS1_SCTP_ST_SR_READ_SOCK: if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) { s->s3->in_read_app_data=2; s->rwstate=SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); ret = -1; goto end; } s->state=SSL3_ST_SR_FINISHED_A; break; case DTLS1_SCTP_ST_SW_WRITE_SOCK: ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); if (ret < 0) goto end; if (ret == 0) { if (s->d1->next_state != SSL_ST_OK) { s->s3->in_read_app_data=2; s->rwstate=SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); ret = -1; goto end; } } s->state=s->d1->next_state; break; #endif case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: s->renegotiate = 2; dtls1_start_timer(s); ret=ssl3_send_server_hello(s); if (ret <= 0) goto end; if (s->hit) { #ifndef OPENSSL_NO_SCTP snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, sizeof(labelbuffer), NULL, 0, 0); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); #endif #ifndef OPENSSL_NO_TLSEXT if (s->tlsext_ticket_expected) s->state=SSL3_ST_SW_SESSION_TICKET_A; else s->state=SSL3_ST_SW_CHANGE_A; #else s->state=SSL3_ST_SW_CHANGE_A; #endif } else s->state=SSL3_ST_SW_CERT_A; s->init_num=0; break; case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { dtls1_start_timer(s); ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; #ifndef OPENSSL_NO_TLSEXT if (s->tlsext_status_expected) s->state=SSL3_ST_SW_CERT_STATUS_A; else s->state=SSL3_ST_SW_KEY_EXCH_A; } else { skip = 1; s->state=SSL3_ST_SW_KEY_EXCH_A; } #else } else skip=1; s->state=SSL3_ST_SW_KEY_EXCH_A; #endif s->init_num=0; break; case SSL3_ST_SW_KEY_EXCH_A: case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; if ((s->options & SSL_OP_EPHEMERAL_RSA) #ifndef OPENSSL_NO_KRB5 && !(alg_k & SSL_kKRB5) #endif ) s->s3->tmp.use_rsa_tmp=1; else s->s3->tmp.use_rsa_tmp=0; if (s->s3->tmp.use_rsa_tmp #ifndef OPENSSL_NO_PSK || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) #endif || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) || (alg_k & SSL_kECDHE) || ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) ) ) ) ) { dtls1_start_timer(s); ret=ssl3_send_server_key_exchange(s); if (ret <= 0) goto end; } else skip=1; s->state=SSL3_ST_SW_CERT_REQ_A; s->init_num=0; break; case SSL3_ST_SW_CERT_REQ_A: case SSL3_ST_SW_CERT_REQ_B: if ( !(s->verify_mode & SSL_VERIFY_PEER) || ((s->session->peer != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { skip=1; s->s3->tmp.cert_request=0; s->state=SSL3_ST_SW_SRVR_DONE_A; #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; } #endif } else { s->s3->tmp.cert_request=1; dtls1_start_timer(s); ret=ssl3_send_certificate_request(s); if (ret <= 0) goto end; #ifndef NETSCAPE_HANG_BUG s->state=SSL3_ST_SW_SRVR_DONE_A; #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A; s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; } #endif #else s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { s->d1->next_state = s->s3->tmp.next_state; s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; } #endif #endif s->init_num=0; } break; case SSL3_ST_SW_SRVR_DONE_A: case SSL3_ST_SW_SRVR_DONE_B: dtls1_start_timer(s); ret=ssl3_send_server_done(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; s->state=SSL3_ST_SW_FLUSH; s->init_num=0; break; case SSL3_ST_SW_FLUSH: s->rwstate=SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { if (!BIO_should_retry(s->wbio)) { s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; } ret= -1; goto end; } s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: if (s->s3->tmp.cert_request) { ret=ssl3_get_client_certificate(s); if (ret <= 0) goto end; } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: case SSL3_ST_SR_KEY_EXCH_B: ret=ssl3_get_client_key_exchange(s); if (ret <= 0) goto end; #ifndef OPENSSL_NO_SCTP snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, sizeof(labelbuffer), NULL, 0, 0); BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); #endif s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; if (ret == 2) { s->state=SSL3_ST_SR_FINISHED_A; s->init_num = 0; } else if (SSL_USE_SIGALGS(s)) { s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; if (!s->session->peer) break; if (!s->s3->handshake_buffer) { SSLerr(SSL_F_DTLS1_ACCEPT,ERR_R_INTERNAL_ERROR); return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; if (!ssl3_digest_cached_records(s)) return -1; } else { s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; s->method->ssl3_enc->cert_verify_mac(s, NID_md5, &(s->s3->tmp.cert_verify_md[0])); s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); } break; case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: if (!s->s3->change_cipher_spec) s->d1->change_cipher_spec_ok = 1; ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && state == SSL_ST_RENEGOTIATE) s->state=DTLS1_SCTP_ST_SR_READ_SOCK; else #endif s->state=SSL3_ST_SR_FINISHED_A; s->init_num=0; break; case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: if (!s->s3->change_cipher_spec) s->d1->change_cipher_spec_ok = 1; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; dtls1_stop_timer(s); if (s->hit) s->state=SSL_ST_OK; #ifndef OPENSSL_NO_TLSEXT else if (s->tlsext_ticket_expected) s->state=SSL3_ST_SW_SESSION_TICKET_A; #endif else s->state=SSL3_ST_SW_CHANGE_A; s->init_num=0; break; #ifndef OPENSSL_NO_TLSEXT case SSL3_ST_SW_SESSION_TICKET_A: case SSL3_ST_SW_SESSION_TICKET_B: ret=ssl3_send_newsession_ticket(s); if (ret <= 0) goto end; s->state=SSL3_ST_SW_CHANGE_A; s->init_num=0; break; case SSL3_ST_SW_CERT_STATUS_A: case SSL3_ST_SW_CERT_STATUS_B: ret=ssl3_send_cert_status(s); if (ret <= 0) goto end; s->state=SSL3_ST_SW_KEY_EXCH_A; s->init_num=0; break; #endif case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: s->session->cipher=s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; goto end; } ret=dtls1_send_change_cipher_spec(s, SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); if (ret <= 0) goto end; #ifndef OPENSSL_NO_SCTP if (!s->hit) { BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); } #endif s->state=SSL3_ST_SW_FINISHED_A; s->init_num=0; if (!s->method->ssl3_enc->change_cipher_state(s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret= -1; goto end; } dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); break; case SSL3_ST_SW_FINISHED_A: case SSL3_ST_SW_FINISHED_B: ret=ssl3_send_finished(s, SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, s->method->ssl3_enc->server_finished_label, s->method->ssl3_enc->server_finished_label_len); if (ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; if (s->hit) { s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #ifndef OPENSSL_NO_SCTP BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL); #endif } else { s->s3->tmp.next_state=SSL_ST_OK; #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { s->d1->next_state = s->s3->tmp.next_state; s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK; } #endif } s->init_num=0; break; case SSL_ST_OK: ssl3_cleanup_key_block(s); #if 0 BUF_MEM_free(s->init_buf); s->init_buf=NULL; #endif ssl_free_wbio_buffer(s); s->init_num=0; if (s->renegotiate == 2) { s->renegotiate=0; s->new_session=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); s->ctx->stats.sess_accept_good++; s->handshake_func=dtls1_accept; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); } ret = 1; s->d1->handshake_read_seq = 0; s->d1->handshake_write_seq = 0; s->d1->next_handshake_write_seq = 0; goto end; default: SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE); ret= -1; goto end; } if (!s->s3->tmp.reuse_message && !skip) { if (s->debug) { if ((ret=BIO_flush(s->wbio)) <= 0) goto end; } if ((cb != NULL) && (s->state != state)) { new_state=s->state; s->state=state; cb(s,SSL_CB_ACCEPT_LOOP,1); s->state=new_state; } } skip=0; }",visit repo url,ssl/d1_srvr.c,https://github.com/openssl/openssl,196125323561383,1 3990,['CWE-362'],"s32 inotify_find_watch(struct inotify_handle *ih, struct inode *inode, struct inotify_watch **watchp) { struct inotify_watch *old; int ret = -ENOENT; mutex_lock(&inode->inotify_mutex); mutex_lock(&ih->mutex); old = inode_find_handle(inode, ih); if (unlikely(old)) { get_inotify_watch(old); *watchp = old; ret = old->wd; } mutex_unlock(&ih->mutex); mutex_unlock(&inode->inotify_mutex); return ret; }",linux-2.6,,,228223467363452496298887572970165049994,0 106,CWE-674,"split_der(asn1buf *buf, uint8_t *const *der, size_t len, taginfo *tag_out) { krb5_error_code ret; const uint8_t *contents, *remainder; size_t clen, rlen; ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen); if (ret) return ret; if (rlen != 0) return ASN1_BAD_LENGTH; insert_bytes(buf, contents, clen); return 0; }",visit repo url,src/lib/krb5/asn.1/asn1_encode.c,https://github.com/krb5/krb5,222212952360548,1 605,['CWE-200'],"void create_section_mapping(unsigned long start, unsigned long end) { BUG_ON(htab_bolt_mapping(start, end, __pa(start), _PAGE_ACCESSED | _PAGE_DIRTY | _PAGE_COHERENT | PP_RWXX, mmu_linear_psize)); }",linux-2.6,,,154019420399770044395366684958265926308,0 1837,['CWE-189'],"_gnutls_set_adv_version (gnutls_session_t session, gnutls_protocol_t ver) { set_adv_version (session, _gnutls_version_get_major (ver), _gnutls_version_get_minor (ver)); }",gnutls,,,263933733120717896648256449857748181712,0 4433,['CWE-264'],"static int __init proto_init(void) { return register_pernet_subsys(&proto_net_ops); }",linux-2.6,,,16893633926895448303144111856487648037,0 4798,['CWE-399'],"static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddress *src_address, uint16_t port, const AvahiAddress *dst_address, AvahiIfIndex iface, int ttl) { AvahiInterface *i; int from_local_iface = 0; assert(s); assert(p); assert(src_address); assert(dst_address); assert(iface > 0); assert(src_address->proto == dst_address->proto); if (!(i = avahi_interface_monitor_get_interface(s->monitor, iface, src_address->proto)) || !i->announcing) { avahi_log_warn(""Received packet from invalid interface.""); return; } if (port <= 0) { avahi_log_warn(""Received packet from invalid source port %u."", (unsigned) port); return; } if (avahi_address_is_ipv4_in_ipv6(src_address)) return; if (originates_from_local_legacy_unicast_socket(s, src_address, port)) return; if (s->config.enable_reflector) from_local_iface = originates_from_local_iface(s, iface, src_address, port); if (avahi_dns_packet_check_valid_multicast(p) < 0) { avahi_log_warn(""Received invalid packet.""); return; } if (avahi_dns_packet_is_query(p)) { int legacy_unicast = 0; if (avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_ARCOUNT) != 0) { avahi_log_warn(""Invalid query packet.""); return; } if (port != AVAHI_MDNS_PORT) { if ((avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_ANCOUNT) != 0 || avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_NSCOUNT) != 0)) { avahi_log_warn(""Invalid legacy unicast query packet.""); return; } legacy_unicast = 1; } if (legacy_unicast) reflect_legacy_unicast_query_packet(s, p, i, src_address, port); handle_query_packet(s, p, i, src_address, port, legacy_unicast, from_local_iface); } else { char t[AVAHI_ADDRESS_STR_MAX]; if (port != AVAHI_MDNS_PORT) { avahi_log_warn(""Received response from host %s with invalid source port %u on interface '%s.%i'"", avahi_address_snprint(t, sizeof(t), src_address), port, i->hardware->name, i->protocol); return; } if (ttl != 255 && s->config.check_response_ttl) { avahi_log_warn(""Received response from host %s with invalid TTL %u on interface '%s.%i'."", avahi_address_snprint(t, sizeof(t), src_address), ttl, i->hardware->name, i->protocol); return; } if (!is_mdns_mcast_address(dst_address) && !avahi_interface_address_on_link(i, src_address)) { avahi_log_warn(""Received non-local response from host %s on interface '%s.%i'."", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); return; } if (avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_QDCOUNT) != 0 || avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_ANCOUNT) == 0 || avahi_dns_packet_get_field(p, AVAHI_DNS_FIELD_NSCOUNT) != 0) { avahi_log_warn(""Invalid response packet from host %s."", avahi_address_snprint(t, sizeof(t), src_address)); return; } handle_response_packet(s, p, i, src_address, from_local_iface); } }",avahi,,,218676532363773524474674856440984947198,0 3546,CWE-20,"static int jas_iccputsint(jas_stream_t *out, int n, longlong val) { ulonglong tmp; tmp = (val < 0) ? (abort(), 0) : val; return jas_iccputuint(out, n, tmp); }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,138904391254163,1 4732,['CWE-20'],"static int ext4_acquire_dquot(struct dquot *dquot) { int ret, err; handle_t *handle; handle = ext4_journal_start(dquot_to_inode(dquot), EXT4_QUOTA_INIT_BLOCKS(dquot->dq_sb)); if (IS_ERR(handle)) return PTR_ERR(handle); ret = dquot_acquire(dquot); err = ext4_journal_stop(handle); if (!ret) ret = err; return ret; }",linux-2.6,,,17161466403793356439759558963090585946,0 1330,CWE-787,"static int udf_load_logicalvol(struct super_block *sb, sector_t block, struct kernel_lb_addr *fileset) { struct logicalVolDesc *lvd; int i, j, offset; uint8_t type; struct udf_sb_info *sbi = UDF_SB(sb); struct genericPartitionMap *gpm; uint16_t ident; struct buffer_head *bh; unsigned int table_len; int ret = 0; bh = udf_read_tagged(sb, block, block, &ident); if (!bh) return 1; BUG_ON(ident != TAG_IDENT_LVD); lvd = (struct logicalVolDesc *)bh->b_data; table_len = le32_to_cpu(lvd->mapTableLength); if (sizeof(*lvd) + table_len > sb->s_blocksize) { udf_err(sb, ""error loading logical volume descriptor: "" ""Partition table too long (%u > %lu)\n"", table_len, sb->s_blocksize - sizeof(*lvd)); goto out_bh; } ret = udf_sb_alloc_partition_maps(sb, le32_to_cpu(lvd->numPartitionMaps)); if (ret) goto out_bh; for (i = 0, offset = 0; i < sbi->s_partitions && offset < table_len; i++, offset += gpm->partitionMapLength) { struct udf_part_map *map = &sbi->s_partmaps[i]; gpm = (struct genericPartitionMap *) &(lvd->partitionMaps[offset]); type = gpm->partitionMapType; if (type == 1) { struct genericPartitionMap1 *gpm1 = (struct genericPartitionMap1 *)gpm; map->s_partition_type = UDF_TYPE1_MAP15; map->s_volumeseqnum = le16_to_cpu(gpm1->volSeqNum); map->s_partition_num = le16_to_cpu(gpm1->partitionNum); map->s_partition_func = NULL; } else if (type == 2) { struct udfPartitionMap2 *upm2 = (struct udfPartitionMap2 *)gpm; if (!strncmp(upm2->partIdent.ident, UDF_ID_VIRTUAL, strlen(UDF_ID_VIRTUAL))) { u16 suf = le16_to_cpu(((__le16 *)upm2->partIdent. identSuffix)[0]); if (suf < 0x0200) { map->s_partition_type = UDF_VIRTUAL_MAP15; map->s_partition_func = udf_get_pblock_virt15; } else { map->s_partition_type = UDF_VIRTUAL_MAP20; map->s_partition_func = udf_get_pblock_virt20; } } else if (!strncmp(upm2->partIdent.ident, UDF_ID_SPARABLE, strlen(UDF_ID_SPARABLE))) { uint32_t loc; struct sparingTable *st; struct sparablePartitionMap *spm = (struct sparablePartitionMap *)gpm; map->s_partition_type = UDF_SPARABLE_MAP15; map->s_type_specific.s_sparing.s_packet_len = le16_to_cpu(spm->packetLength); for (j = 0; j < spm->numSparingTables; j++) { struct buffer_head *bh2; loc = le32_to_cpu( spm->locSparingTable[j]); bh2 = udf_read_tagged(sb, loc, loc, &ident); map->s_type_specific.s_sparing. s_spar_map[j] = bh2; if (bh2 == NULL) continue; st = (struct sparingTable *)bh2->b_data; if (ident != 0 || strncmp( st->sparingIdent.ident, UDF_ID_SPARING, strlen(UDF_ID_SPARING))) { brelse(bh2); map->s_type_specific.s_sparing. s_spar_map[j] = NULL; } } map->s_partition_func = udf_get_pblock_spar15; } else if (!strncmp(upm2->partIdent.ident, UDF_ID_METADATA, strlen(UDF_ID_METADATA))) { struct udf_meta_data *mdata = &map->s_type_specific.s_metadata; struct metadataPartitionMap *mdm = (struct metadataPartitionMap *) &(lvd->partitionMaps[offset]); udf_debug(""Parsing Logical vol part %d type %d id=%s\n"", i, type, UDF_ID_METADATA); map->s_partition_type = UDF_METADATA_MAP25; map->s_partition_func = udf_get_pblock_meta25; mdata->s_meta_file_loc = le32_to_cpu(mdm->metadataFileLoc); mdata->s_mirror_file_loc = le32_to_cpu(mdm->metadataMirrorFileLoc); mdata->s_bitmap_file_loc = le32_to_cpu(mdm->metadataBitmapFileLoc); mdata->s_alloc_unit_size = le32_to_cpu(mdm->allocUnitSize); mdata->s_align_unit_size = le16_to_cpu(mdm->alignUnitSize); if (mdm->flags & 0x01) mdata->s_flags |= MF_DUPLICATE_MD; udf_debug(""Metadata Ident suffix=0x%x\n"", le16_to_cpu(*(__le16 *) mdm->partIdent.identSuffix)); udf_debug(""Metadata part num=%d\n"", le16_to_cpu(mdm->partitionNum)); udf_debug(""Metadata part alloc unit size=%d\n"", le32_to_cpu(mdm->allocUnitSize)); udf_debug(""Metadata file loc=%d\n"", le32_to_cpu(mdm->metadataFileLoc)); udf_debug(""Mirror file loc=%d\n"", le32_to_cpu(mdm->metadataMirrorFileLoc)); udf_debug(""Bitmap file loc=%d\n"", le32_to_cpu(mdm->metadataBitmapFileLoc)); udf_debug(""Flags: %d %d\n"", mdata->s_flags, mdm->flags); } else { udf_debug(""Unknown ident: %s\n"", upm2->partIdent.ident); continue; } map->s_volumeseqnum = le16_to_cpu(upm2->volSeqNum); map->s_partition_num = le16_to_cpu(upm2->partitionNum); } udf_debug(""Partition (%d:%d) type %d on volume %d\n"", i, map->s_partition_num, type, map->s_volumeseqnum); } if (fileset) { struct long_ad *la = (struct long_ad *)&(lvd->logicalVolContentsUse[0]); *fileset = lelb_to_cpu(la->extLocation); udf_debug(""FileSet found in LogicalVolDesc at block=%d, partition=%d\n"", fileset->logicalBlockNum, fileset->partitionReferenceNum); } if (lvd->integritySeqExt.extLength) udf_load_logicalvolint(sb, leea_to_cpu(lvd->integritySeqExt)); out_bh: brelse(bh); return ret; }",visit repo url,fs/udf/super.c,https://github.com/torvalds/linux,87329921877071,1 536,CWE-189,"static int perf_swevent_init(struct perf_event *event) { int event_id = event->attr.config; if (event->attr.type != PERF_TYPE_SOFTWARE) return -ENOENT; if (has_branch_stack(event)) return -EOPNOTSUPP; switch (event_id) { case PERF_COUNT_SW_CPU_CLOCK: case PERF_COUNT_SW_TASK_CLOCK: return -ENOENT; default: break; } if (event_id >= PERF_COUNT_SW_MAX) return -ENOENT; if (!event->parent) { int err; err = swevent_hlist_get(event); if (err) return err; static_key_slow_inc(&perf_swevent_enabled[event_id]); event->destroy = sw_perf_event_destroy; } return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,102921725272752,1 5346,CWE-668,"static void prefetch_enc(void) { prefetch_table((const void *)encT, sizeof(encT)); }",visit repo url,cipher/rijndael.c,https://github.com/gpg/libgcrypt,23277040384438,1 491,CWE-476,"static bool assoc_array_insert_into_terminal_node(struct assoc_array_edit *edit, const struct assoc_array_ops *ops, const void *index_key, struct assoc_array_walk_result *result) { struct assoc_array_shortcut *shortcut, *new_s0; struct assoc_array_node *node, *new_n0, *new_n1, *side; struct assoc_array_ptr *ptr; unsigned long dissimilarity, base_seg, blank; size_t keylen; bool have_meta; int level, diff; int slot, next_slot, free_slot, i, j; node = result->terminal_node.node; level = result->terminal_node.level; edit->segment_cache[ASSOC_ARRAY_FAN_OUT] = result->terminal_node.slot; pr_devel(""-->%s()\n"", __func__); free_slot = -1; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { ptr = node->slots[i]; if (!ptr) { free_slot = i; continue; } if (assoc_array_ptr_is_leaf(ptr) && ops->compare_object(assoc_array_ptr_to_leaf(ptr), index_key)) { pr_devel(""replace in slot %d\n"", i); edit->leaf_p = &node->slots[i]; edit->dead_leaf = node->slots[i]; pr_devel(""<--%s() = ok [replace]\n"", __func__); return true; } } if (free_slot >= 0) { pr_devel(""insert in free slot %d\n"", free_slot); edit->leaf_p = &node->slots[free_slot]; edit->adjust_count_on = node; pr_devel(""<--%s() = ok [insert]\n"", __func__); return true; } new_n0 = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL); if (!new_n0) return false; edit->new_meta[0] = assoc_array_node_to_ptr(new_n0); new_n1 = kzalloc(sizeof(struct assoc_array_node), GFP_KERNEL); if (!new_n1) return false; edit->new_meta[1] = assoc_array_node_to_ptr(new_n1); pr_devel(""no spare slots\n""); have_meta = false; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { ptr = node->slots[i]; if (assoc_array_ptr_is_meta(ptr)) { edit->segment_cache[i] = 0xff; have_meta = true; continue; } base_seg = ops->get_object_key_chunk( assoc_array_ptr_to_leaf(ptr), level); base_seg >>= level & ASSOC_ARRAY_KEY_CHUNK_MASK; edit->segment_cache[i] = base_seg & ASSOC_ARRAY_FAN_MASK; } if (have_meta) { pr_devel(""have meta\n""); goto split_node; } dissimilarity = 0; base_seg = edit->segment_cache[0]; for (i = 1; i < ASSOC_ARRAY_FAN_OUT; i++) dissimilarity |= edit->segment_cache[i] ^ base_seg; pr_devel(""only leaves; dissimilarity=%lx\n"", dissimilarity); if ((dissimilarity & ASSOC_ARRAY_FAN_MASK) == 0) { if ((edit->segment_cache[ASSOC_ARRAY_FAN_OUT] ^ base_seg) == 0) goto all_leaves_cluster_together; goto present_leaves_cluster_but_not_new_leaf; } split_node: pr_devel(""split node\n""); edit->set[0].to = assoc_array_node_to_ptr(new_n0); new_n0->back_pointer = node->back_pointer; new_n0->parent_slot = node->parent_slot; new_n1->back_pointer = assoc_array_node_to_ptr(new_n0); new_n1->parent_slot = -1; do_split_node: pr_devel(""do_split_node\n""); new_n0->nr_leaves_on_branch = node->nr_leaves_on_branch; new_n1->nr_leaves_on_branch = 0; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { slot = edit->segment_cache[i]; if (slot != 0xff) for (j = i + 1; j < ASSOC_ARRAY_FAN_OUT + 1; j++) if (edit->segment_cache[j] == slot) goto found_slot_for_multiple_occupancy; } found_slot_for_multiple_occupancy: pr_devel(""same slot: %x %x [%02x]\n"", i, j, slot); BUG_ON(i >= ASSOC_ARRAY_FAN_OUT); BUG_ON(j >= ASSOC_ARRAY_FAN_OUT + 1); BUG_ON(slot >= ASSOC_ARRAY_FAN_OUT); new_n1->parent_slot = slot; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) if (assoc_array_ptr_is_meta(node->slots[i])) new_n0->slots[i] = node->slots[i]; else new_n0->slots[i] = NULL; BUG_ON(new_n0->slots[slot] != NULL); new_n0->slots[slot] = assoc_array_node_to_ptr(new_n1); free_slot = -1; next_slot = 0; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { if (assoc_array_ptr_is_meta(node->slots[i])) continue; if (edit->segment_cache[i] == slot) { new_n1->slots[next_slot++] = node->slots[i]; new_n1->nr_leaves_on_branch++; } else { do { free_slot++; } while (new_n0->slots[free_slot] != NULL); new_n0->slots[free_slot] = node->slots[i]; } } pr_devel(""filtered: f=%x n=%x\n"", free_slot, next_slot); if (edit->segment_cache[ASSOC_ARRAY_FAN_OUT] != slot) { do { free_slot++; } while (new_n0->slots[free_slot] != NULL); edit->leaf_p = &new_n0->slots[free_slot]; edit->adjust_count_on = new_n0; } else { edit->leaf_p = &new_n1->slots[next_slot++]; edit->adjust_count_on = new_n1; } BUG_ON(next_slot <= 1); edit->set_backpointers_to = assoc_array_node_to_ptr(new_n0); for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { if (edit->segment_cache[i] == 0xff) { ptr = node->slots[i]; BUG_ON(assoc_array_ptr_is_leaf(ptr)); if (assoc_array_ptr_is_node(ptr)) { side = assoc_array_ptr_to_node(ptr); edit->set_backpointers[i] = &side->back_pointer; } else { shortcut = assoc_array_ptr_to_shortcut(ptr); edit->set_backpointers[i] = &shortcut->back_pointer; } } } ptr = node->back_pointer; if (!ptr) edit->set[0].ptr = &edit->array->root; else if (assoc_array_ptr_is_node(ptr)) edit->set[0].ptr = &assoc_array_ptr_to_node(ptr)->slots[node->parent_slot]; else edit->set[0].ptr = &assoc_array_ptr_to_shortcut(ptr)->next_node; edit->excised_meta[0] = assoc_array_node_to_ptr(node); pr_devel(""<--%s() = ok [split node]\n"", __func__); return true; present_leaves_cluster_but_not_new_leaf: pr_devel(""present leaves cluster but not new leaf\n""); new_n0->back_pointer = node->back_pointer; new_n0->parent_slot = node->parent_slot; new_n0->nr_leaves_on_branch = node->nr_leaves_on_branch; new_n1->back_pointer = assoc_array_node_to_ptr(new_n0); new_n1->parent_slot = edit->segment_cache[0]; new_n1->nr_leaves_on_branch = node->nr_leaves_on_branch; edit->adjust_count_on = new_n0; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) new_n1->slots[i] = node->slots[i]; new_n0->slots[edit->segment_cache[0]] = assoc_array_node_to_ptr(new_n0); edit->leaf_p = &new_n0->slots[edit->segment_cache[ASSOC_ARRAY_FAN_OUT]]; edit->set[0].ptr = &assoc_array_ptr_to_node(node->back_pointer)->slots[node->parent_slot]; edit->set[0].to = assoc_array_node_to_ptr(new_n0); edit->excised_meta[0] = assoc_array_node_to_ptr(node); pr_devel(""<--%s() = ok [insert node before]\n"", __func__); return true; all_leaves_cluster_together: pr_devel(""all leaves cluster together\n""); diff = INT_MAX; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { int x = ops->diff_objects(assoc_array_ptr_to_leaf(node->slots[i]), index_key); if (x < diff) { BUG_ON(x < 0); diff = x; } } BUG_ON(diff == INT_MAX); BUG_ON(diff < level + ASSOC_ARRAY_LEVEL_STEP); keylen = round_up(diff, ASSOC_ARRAY_KEY_CHUNK_SIZE); keylen >>= ASSOC_ARRAY_KEY_CHUNK_SHIFT; new_s0 = kzalloc(sizeof(struct assoc_array_shortcut) + keylen * sizeof(unsigned long), GFP_KERNEL); if (!new_s0) return false; edit->new_meta[2] = assoc_array_shortcut_to_ptr(new_s0); edit->set[0].to = assoc_array_shortcut_to_ptr(new_s0); new_s0->back_pointer = node->back_pointer; new_s0->parent_slot = node->parent_slot; new_s0->next_node = assoc_array_node_to_ptr(new_n0); new_n0->back_pointer = assoc_array_shortcut_to_ptr(new_s0); new_n0->parent_slot = 0; new_n1->back_pointer = assoc_array_node_to_ptr(new_n0); new_n1->parent_slot = -1; new_s0->skip_to_level = level = diff & ~ASSOC_ARRAY_LEVEL_STEP_MASK; pr_devel(""skip_to_level = %d [diff %d]\n"", level, diff); BUG_ON(level <= 0); for (i = 0; i < keylen; i++) new_s0->index_key[i] = ops->get_key_chunk(index_key, i * ASSOC_ARRAY_KEY_CHUNK_SIZE); blank = ULONG_MAX << (level & ASSOC_ARRAY_KEY_CHUNK_MASK); pr_devel(""blank off [%zu] %d: %lx\n"", keylen - 1, level, blank); new_s0->index_key[keylen - 1] &= ~blank; for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) { ptr = node->slots[i]; base_seg = ops->get_object_key_chunk(assoc_array_ptr_to_leaf(ptr), level); base_seg >>= level & ASSOC_ARRAY_KEY_CHUNK_MASK; edit->segment_cache[i] = base_seg & ASSOC_ARRAY_FAN_MASK; } base_seg = ops->get_key_chunk(index_key, level); base_seg >>= level & ASSOC_ARRAY_KEY_CHUNK_MASK; edit->segment_cache[ASSOC_ARRAY_FAN_OUT] = base_seg & ASSOC_ARRAY_FAN_MASK; goto do_split_node; }",visit repo url,lib/assoc_array.c,https://github.com/torvalds/linux,213976439010296,1 1225,[],"m4___program__ (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 1, 1)) return; obstack_grow (obs, lquote.string, lquote.length); obstack_grow (obs, program_name, strlen (program_name)); obstack_grow (obs, rquote.string, rquote.length); }",m4,,,19882275399123067283407186079120845356,0 4102,['CWE-399'],"static int __init bsg_init(void) { int ret, i; dev_t devid; bsg_cmd_cachep = kmem_cache_create(""bsg_cmd"", sizeof(struct bsg_command), 0, 0, NULL); if (!bsg_cmd_cachep) { printk(KERN_ERR ""bsg: failed creating slab cache\n""); return -ENOMEM; } for (i = 0; i < BSG_LIST_ARRAY_SIZE; i++) INIT_HLIST_HEAD(&bsg_device_list[i]); bsg_class = class_create(THIS_MODULE, ""bsg""); if (IS_ERR(bsg_class)) { ret = PTR_ERR(bsg_class); goto destroy_kmemcache; } ret = alloc_chrdev_region(&devid, 0, BSG_MAX_DEVS, ""bsg""); if (ret) goto destroy_bsg_class; bsg_major = MAJOR(devid); cdev_init(&bsg_cdev, &bsg_fops); ret = cdev_add(&bsg_cdev, MKDEV(bsg_major, 0), BSG_MAX_DEVS); if (ret) goto unregister_chrdev; printk(KERN_INFO BSG_DESCRIPTION "" version "" BSG_VERSION "" loaded (major %d)\n"", bsg_major); return 0; unregister_chrdev: unregister_chrdev_region(MKDEV(bsg_major, 0), BSG_MAX_DEVS); destroy_bsg_class: class_destroy(bsg_class); destroy_kmemcache: kmem_cache_destroy(bsg_cmd_cachep); return ret; }",linux-2.6,,,338819998010046451002076488624894683734,0 1506,CWE-264,"static int command_read(struct pci_dev *dev, int offset, u16 *value, void *data) { int i; int ret; ret = xen_pcibk_read_config_word(dev, offset, value, data); if (!pci_is_enabled(dev)) return ret; for (i = 0; i < PCI_ROM_RESOURCE; i++) { if (dev->resource[i].flags & IORESOURCE_IO) *value |= PCI_COMMAND_IO; if (dev->resource[i].flags & IORESOURCE_MEM) *value |= PCI_COMMAND_MEMORY; } return ret; }",visit repo url,drivers/xen/xen-pciback/conf_space_header.c,https://github.com/torvalds/linux,65491536204053,1 5126,['CWE-20'],"static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf) { u32 vmx_msr_low, vmx_msr_high; u32 min, opt, min2, opt2; u32 _pin_based_exec_control = 0; u32 _cpu_based_exec_control = 0; u32 _cpu_based_2nd_exec_control = 0; u32 _vmexit_control = 0; u32 _vmentry_control = 0; min = PIN_BASED_EXT_INTR_MASK | PIN_BASED_NMI_EXITING; opt = PIN_BASED_VIRTUAL_NMIS; if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PINBASED_CTLS, &_pin_based_exec_control) < 0) return -EIO; min = CPU_BASED_HLT_EXITING | #ifdef CONFIG_X86_64 CPU_BASED_CR8_LOAD_EXITING | CPU_BASED_CR8_STORE_EXITING | #endif CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_CR3_STORE_EXITING | CPU_BASED_USE_IO_BITMAPS | CPU_BASED_MOV_DR_EXITING | CPU_BASED_USE_TSC_OFFSETING | CPU_BASED_INVLPG_EXITING; opt = CPU_BASED_TPR_SHADOW | CPU_BASED_USE_MSR_BITMAPS | CPU_BASED_ACTIVATE_SECONDARY_CONTROLS; if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &_cpu_based_exec_control) < 0) return -EIO; #ifdef CONFIG_X86_64 if ((_cpu_based_exec_control & CPU_BASED_TPR_SHADOW)) _cpu_based_exec_control &= ~CPU_BASED_CR8_LOAD_EXITING & ~CPU_BASED_CR8_STORE_EXITING; #endif if (_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS) { min2 = 0; opt2 = SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | SECONDARY_EXEC_WBINVD_EXITING | SECONDARY_EXEC_ENABLE_VPID | SECONDARY_EXEC_ENABLE_EPT; if (adjust_vmx_controls(min2, opt2, MSR_IA32_VMX_PROCBASED_CTLS2, &_cpu_based_2nd_exec_control) < 0) return -EIO; } #ifndef CONFIG_X86_64 if (!(_cpu_based_2nd_exec_control & SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES)) _cpu_based_exec_control &= ~CPU_BASED_TPR_SHADOW; #endif if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) { min &= ~(CPU_BASED_CR3_LOAD_EXITING | CPU_BASED_CR3_STORE_EXITING | CPU_BASED_INVLPG_EXITING); if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS, &_cpu_based_exec_control) < 0) return -EIO; rdmsr(MSR_IA32_VMX_EPT_VPID_CAP, vmx_capability.ept, vmx_capability.vpid); } min = 0; #ifdef CONFIG_X86_64 min |= VM_EXIT_HOST_ADDR_SPACE_SIZE; #endif opt = VM_EXIT_SAVE_IA32_PAT | VM_EXIT_LOAD_IA32_PAT; if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_EXIT_CTLS, &_vmexit_control) < 0) return -EIO; min = 0; opt = VM_ENTRY_LOAD_IA32_PAT; if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_ENTRY_CTLS, &_vmentry_control) < 0) return -EIO; rdmsr(MSR_IA32_VMX_BASIC, vmx_msr_low, vmx_msr_high); if ((vmx_msr_high & 0x1fff) > PAGE_SIZE) return -EIO; #ifdef CONFIG_X86_64 if (vmx_msr_high & (1u<<16)) return -EIO; #endif if (((vmx_msr_high >> 18) & 15) != 6) return -EIO; vmcs_conf->size = vmx_msr_high & 0x1fff; vmcs_conf->order = get_order(vmcs_config.size); vmcs_conf->revision_id = vmx_msr_low; vmcs_conf->pin_based_exec_ctrl = _pin_based_exec_control; vmcs_conf->cpu_based_exec_ctrl = _cpu_based_exec_control; vmcs_conf->cpu_based_2nd_exec_ctrl = _cpu_based_2nd_exec_control; vmcs_conf->vmexit_ctrl = _vmexit_control; vmcs_conf->vmentry_ctrl = _vmentry_control; return 0; }",linux-2.6,,,235963412976347735941709679551941124636,0 5290,['CWE-119'],"static inline struct tun_sock *tun_sk(struct sock *sk) { return container_of(sk, struct tun_sock, sk); }",linux-2.6,,,282648328538860978489961886127295932239,0 3491,['CWE-20'],"void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, size_t paylen) { sctp_errhdr_t err; __u16 len; err.cause = cause_code; len = sizeof(sctp_errhdr_t) + paylen; err.length = htons(len); chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); }",linux-2.6,,,272418344088940284477383373625003730998,0 4974,['CWE-20'],"static int nfs_rmdir(struct inode *dir, struct dentry *dentry) { int error; dfprintk(VFS, ""NFS: rmdir(%s/%ld), %s\n"", dir->i_sb->s_id, dir->i_ino, dentry->d_name.name); lock_kernel(); nfs_begin_data_update(dir); error = NFS_PROTO(dir)->rmdir(dir, &dentry->d_name); if (error == 0 && dentry->d_inode != NULL) clear_nlink(dentry->d_inode); nfs_end_data_update(dir); unlock_kernel(); return error; }",linux-2.6,,,242122300968387659592350402771596365957,0 3549,CWE-20,"static int jas_iccgetuint16(jas_stream_t *in, jas_iccuint16_t *val) { ulonglong tmp; if (jas_iccgetuint(in, 2, &tmp)) return -1; *val = tmp; return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,225373468249061,1 3132,['CWE-189'],"jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t *cp, jpc_enc_tile_t *tile) { jpc_pi_t *pi; int compno; jpc_picomp_t *picomp; jpc_pirlvl_t *pirlvl; jpc_enc_tcmpt_t *tcomp; int rlvlno; jpc_enc_rlvl_t *rlvl; int prcno; int *prclyrno; if (!(pi = jpc_pi_create0())) { return 0; } pi->pktno = -1; pi->numcomps = cp->numcmpts; if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) { jpc_pi_destroy(pi); return 0; } for (compno = 0, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++picomp) { picomp->pirlvls = 0; } for (compno = 0, tcomp = tile->tcmpts, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++tcomp, ++picomp) { picomp->numrlvls = tcomp->numrlvls; if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls, sizeof(jpc_pirlvl_t)))) { jpc_pi_destroy(pi); return 0; } for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl) { pirlvl->prclyrnos = 0; } for (rlvlno = 0, pirlvl = picomp->pirlvls, rlvl = tcomp->rlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) { pirlvl->numprcs = rlvl->numprcs; if (rlvl->numprcs) { if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs, sizeof(long)))) { jpc_pi_destroy(pi); return 0; } } else { pirlvl->prclyrnos = 0; } } } pi->maxrlvls = 0; for (compno = 0, tcomp = tile->tcmpts, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++tcomp, ++picomp) { picomp->hsamp = cp->ccps[compno].sampgrdstepx; picomp->vsamp = cp->ccps[compno].sampgrdstepy; for (rlvlno = 0, pirlvl = picomp->pirlvls, rlvl = tcomp->rlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) { pirlvl->prcwidthexpn = rlvl->prcwidthexpn; pirlvl->prcheightexpn = rlvl->prcheightexpn; for (prcno = 0, prclyrno = pirlvl->prclyrnos; prcno < pirlvl->numprcs; ++prcno, ++prclyrno) { *prclyrno = 0; } pirlvl->numhprcs = rlvl->numhprcs; } if (pi->maxrlvls < tcomp->numrlvls) { pi->maxrlvls = tcomp->numrlvls; } } pi->numlyrs = tile->numlyrs; pi->xstart = tile->tlx; pi->ystart = tile->tly; pi->xend = tile->brx; pi->yend = tile->bry; pi->picomp = 0; pi->pirlvl = 0; pi->x = 0; pi->y = 0; pi->compno = 0; pi->rlvlno = 0; pi->prcno = 0; pi->lyrno = 0; pi->xstep = 0; pi->ystep = 0; pi->pchgno = -1; pi->defaultpchg.prgord = tile->prg; pi->defaultpchg.compnostart = 0; pi->defaultpchg.compnoend = pi->numcomps; pi->defaultpchg.rlvlnostart = 0; pi->defaultpchg.rlvlnoend = pi->maxrlvls; pi->defaultpchg.lyrnoend = pi->numlyrs; pi->pchg = 0; pi->valid = 0; return pi; }",jasper,,,47113183929432496089648496216408131815,0 2704,[],"static int sctp_get_port(struct sock *sk, unsigned short snum) { long ret; union sctp_addr addr; struct sctp_af *af = sctp_sk(sk)->pf->af; af->from_sk(&addr, sk); addr.v4.sin_port = htons(snum); ret = sctp_get_port_local(sk, &addr); return (ret ? 1 : 0); }",linux-2.6,,,302610405658957064204257426185862377658,0 6253,CWE-190,"int rand_check(uint8_t *buf, int size) { int count = 0; for (int i = 1; i < size; i++) { if (buf[i] == buf[i - 1]) { count++; } else { count = 0; } } if (count > RAND_REP) { return RLC_ERR; } return RLC_OK; }",visit repo url,src/rand/relic_rand_core.c,https://github.com/relic-toolkit/relic,76714638143397,1 5658,CWE-59,"add_mibfile(const char* tmpstr, const char* d_name, FILE *ip ) { FILE *fp; char token[MAXTOKEN], token2[MAXTOKEN]; if ((fp = fopen(tmpstr, ""r"")) == NULL) { snmp_log_perror(tmpstr); return 1; } DEBUGMSGTL((""parse-mibs"", ""Checking file: %s...\n"", tmpstr)); mibLine = 1; File = tmpstr; if (get_token(fp, token, MAXTOKEN) != LABEL) { fclose(fp); return 1; } if (get_token(fp, token2, MAXTOKEN) == DEFINITIONS) { new_module(token, tmpstr); if (ip) fprintf(ip, ""%s %s\n"", token, d_name); fclose(fp); return 0; } else { fclose(fp); return 1; } }",visit repo url,snmplib/parse.c,https://github.com/net-snmp/net-snmp,120449116593945,1 818,CWE-20,"static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int noblock = flags & MSG_DONTWAIT; struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int rc; pr_debug(""sock=%p sk=%p len=%zu flags=%d\n"", sock, sk, len, flags); skb = skb_recv_datagram(sk, flags, noblock, &rc); if (!skb) return rc; msg->msg_namelen = 0; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } rc = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); return rc ? : copied; }",visit repo url,net/nfc/rawsock.c,https://github.com/torvalds/linux,193439535934568,1 1065,CWE-189,"static inline long div_ll_X_l_rem(long long divs, long div, long *rem) { long dum2; asm(""divl %2"":""=a""(dum2), ""=d""(*rem) : ""rm""(div), ""A""(divs)); return dum2; }",visit repo url,include/asm-x86/div64.h,https://github.com/torvalds/linux,251738822824908,1 217,[],"static inline void atalk_remove_socket(struct sock *sk) { write_lock_bh(&atalk_sockets_lock); sk_del_node_init(sk); write_unlock_bh(&atalk_sockets_lock); }",history,,,199161742049733710279972344149742155880,0 2501,CWE-787,"static void controloptions (lua_State *L, int opt, const char **fmt, Header *h) { switch (opt) { case ' ': return; case '>': h->endian = BIG; return; case '<': h->endian = LITTLE; return; case '!': { int a = getnum(fmt, MAXALIGN); if (!isp2(a)) luaL_error(L, ""alignment %d is not a power of 2"", a); h->align = a; return; } default: { const char *msg = lua_pushfstring(L, ""invalid format option '%c'"", opt); luaL_argerror(L, 1, msg); } } }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,277790078657069,1 3266,CWE-125,"esis_print(netdissect_options *ndo, const uint8_t *pptr, u_int length) { const uint8_t *optr; u_int li,esis_pdu_type,source_address_length, source_address_number; const struct esis_header_t *esis_header; if (!ndo->ndo_eflag) ND_PRINT((ndo, ""ES-IS"")); if (length <= 2) { ND_PRINT((ndo, ndo->ndo_qflag ? ""bad pkt!"" : ""no header at all!"")); return; } esis_header = (const struct esis_header_t *) pptr; ND_TCHECK(*esis_header); li = esis_header->length_indicator; optr = pptr; if (esis_header->nlpid != NLPID_ESIS) { ND_PRINT((ndo, "" nlpid 0x%02x packet not supported"", esis_header->nlpid)); return; } if (esis_header->version != ESIS_VERSION) { ND_PRINT((ndo, "" version %d packet not supported"", esis_header->version)); return; } if (li > length) { ND_PRINT((ndo, "" length indicator(%u) > PDU size (%u)!"", li, length)); return; } if (li < sizeof(struct esis_header_t) + 2) { ND_PRINT((ndo, "" length indicator %u < min PDU size:"", li)); while (pptr < ndo->ndo_snapend) ND_PRINT((ndo, ""%02X"", *pptr++)); return; } esis_pdu_type = esis_header->type & ESIS_PDU_TYPE_MASK; if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, ""%s%s, length %u"", ndo->ndo_eflag ? """" : "", "", tok2str(esis_pdu_values,""unknown type (%u)"",esis_pdu_type), length)); return; } else ND_PRINT((ndo, ""%slength %u\n\t%s (%u)"", ndo->ndo_eflag ? """" : "", "", length, tok2str(esis_pdu_values,""unknown type: %u"", esis_pdu_type), esis_pdu_type)); ND_PRINT((ndo, "", v: %u%s"", esis_header->version, esis_header->version == ESIS_VERSION ? """" : ""unsupported"" )); ND_PRINT((ndo, "", checksum: 0x%04x"", EXTRACT_16BITS(esis_header->cksum))); osi_print_cksum(ndo, pptr, EXTRACT_16BITS(esis_header->cksum), 7, li); ND_PRINT((ndo, "", holding time: %us, length indicator: %u"", EXTRACT_16BITS(esis_header->holdtime), li)); if (ndo->ndo_vflag > 1) print_unknown_data(ndo, optr, ""\n\t"", sizeof(struct esis_header_t)); pptr += sizeof(struct esis_header_t); li -= sizeof(struct esis_header_t); switch (esis_pdu_type) { case ESIS_PDU_REDIRECT: { const uint8_t *dst, *snpa, *neta; u_int dstl, snpal, netal; ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad redirect/li"")); return; } dstl = *pptr; pptr++; li--; ND_TCHECK2(*pptr, dstl); if (li < dstl) { ND_PRINT((ndo, "", bad redirect/li"")); return; } dst = pptr; pptr += dstl; li -= dstl; ND_PRINT((ndo, ""\n\t %s"", isonsap_string(ndo, dst, dstl))); ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad redirect/li"")); return; } snpal = *pptr; pptr++; li--; ND_TCHECK2(*pptr, snpal); if (li < snpal) { ND_PRINT((ndo, "", bad redirect/li"")); return; } snpa = pptr; pptr += snpal; li -= snpal; ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad redirect/li"")); return; } netal = *pptr; pptr++; ND_TCHECK2(*pptr, netal); if (li < netal) { ND_PRINT((ndo, "", bad redirect/li"")); return; } neta = pptr; pptr += netal; li -= netal; if (snpal == 6) ND_PRINT((ndo, ""\n\t SNPA (length: %u): %s"", snpal, etheraddr_string(ndo, snpa))); else ND_PRINT((ndo, ""\n\t SNPA (length: %u): %s"", snpal, linkaddr_string(ndo, snpa, LINKADDR_OTHER, snpal))); if (netal != 0) ND_PRINT((ndo, ""\n\t NET (length: %u) %s"", netal, isonsap_string(ndo, neta, netal))); break; } case ESIS_PDU_ESH: ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad esh/li"")); return; } source_address_number = *pptr; pptr++; li--; ND_PRINT((ndo, ""\n\t Number of Source Addresses: %u"", source_address_number)); while (source_address_number > 0) { ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad esh/li"")); return; } source_address_length = *pptr; pptr++; li--; ND_TCHECK2(*pptr, source_address_length); if (li < source_address_length) { ND_PRINT((ndo, "", bad esh/li"")); return; } ND_PRINT((ndo, ""\n\t NET (length: %u): %s"", source_address_length, isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; source_address_number--; } break; case ESIS_PDU_ISH: { ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad ish/li"")); return; } source_address_length = *pptr; pptr++; li--; ND_TCHECK2(*pptr, source_address_length); if (li < source_address_length) { ND_PRINT((ndo, "", bad ish/li"")); return; } ND_PRINT((ndo, ""\n\t NET (length: %u): %s"", source_address_length, isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; break; } default: if (ndo->ndo_vflag <= 1) { if (pptr < ndo->ndo_snapend) print_unknown_data(ndo, pptr, ""\n\t "", ndo->ndo_snapend - pptr); } return; } while (li != 0) { u_int op, opli; const uint8_t *tptr; if (li < 2) { ND_PRINT((ndo, "", bad opts/li"")); return; } ND_TCHECK2(*pptr, 2); op = *pptr++; opli = *pptr++; li -= 2; if (opli > li) { ND_PRINT((ndo, "", opt (%d) too long"", op)); return; } li -= opli; tptr = pptr; ND_PRINT((ndo, ""\n\t %s Option #%u, length %u, value: "", tok2str(esis_option_values,""Unknown"",op), op, opli)); switch (op) { case ESIS_OPTION_ES_CONF_TIME: if (opli == 2) { ND_TCHECK2(*pptr, 2); ND_PRINT((ndo, ""%us"", EXTRACT_16BITS(tptr))); } else ND_PRINT((ndo, ""(bad length)"")); break; case ESIS_OPTION_PROTOCOLS: while (opli>0) { ND_TCHECK(*pptr); ND_PRINT((ndo, ""%s (0x%02x)"", tok2str(nlpid_values, ""unknown"", *tptr), *tptr)); if (opli>1) ND_PRINT((ndo, "", "")); tptr++; opli--; } break; case ESIS_OPTION_QOS_MAINTENANCE: case ESIS_OPTION_SECURITY: case ESIS_OPTION_PRIORITY: case ESIS_OPTION_ADDRESS_MASK: case ESIS_OPTION_SNPA_MASK: default: print_unknown_data(ndo, tptr, ""\n\t "", opli); break; } if (ndo->ndo_vflag > 1) print_unknown_data(ndo, pptr, ""\n\t "", opli); pptr += opli; } trunc: return; }",visit repo url,print-isoclns.c,https://github.com/the-tcpdump-group/tcpdump,2933334848592,1 1632,CWE-264,"static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, struct request_sock *req, struct dst_entry *dst, struct request_sock *req_unhash, bool *own_req) { struct inet_request_sock *ireq; struct ipv6_pinfo *newnp; const struct ipv6_pinfo *np = inet6_sk(sk); struct tcp6_sock *newtcp6sk; struct inet_sock *newinet; struct tcp_sock *newtp; struct sock *newsk; #ifdef CONFIG_TCP_MD5SIG struct tcp_md5sig_key *key; #endif struct flowi6 fl6; if (skb->protocol == htons(ETH_P_IP)) { newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst, req_unhash, own_req); if (!newsk) return NULL; newtcp6sk = (struct tcp6_sock *)newsk; inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; newinet = inet_sk(newsk); newnp = inet6_sk(newsk); newtp = tcp_sk(newsk); memcpy(newnp, np, sizeof(struct ipv6_pinfo)); newnp->saddr = newsk->sk_v6_rcv_saddr; inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; newsk->sk_backlog_rcv = tcp_v4_do_rcv; #ifdef CONFIG_TCP_MD5SIG newtp->af_specific = &tcp_sock_ipv6_mapped_specific; #endif newnp->ipv6_ac_list = NULL; newnp->ipv6_fl_list = NULL; newnp->pktoptions = NULL; newnp->opt = NULL; newnp->mcast_oif = tcp_v6_iif(skb); newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb)); if (np->repflow) newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb)); tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); return newsk; } ireq = inet_rsk(req); if (sk_acceptq_is_full(sk)) goto out_overflow; if (!dst) { dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP); if (!dst) goto out; } newsk = tcp_create_openreq_child(sk, req, skb); if (!newsk) goto out_nonewsk; newsk->sk_gso_type = SKB_GSO_TCPV6; __ip6_dst_store(newsk, dst, NULL, NULL); inet6_sk_rx_dst_set(newsk, skb); newtcp6sk = (struct tcp6_sock *)newsk; inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; newtp = tcp_sk(newsk); newinet = inet_sk(newsk); newnp = inet6_sk(newsk); memcpy(newnp, np, sizeof(struct ipv6_pinfo)); newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; newnp->saddr = ireq->ir_v6_loc_addr; newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; newsk->sk_bound_dev_if = ireq->ir_iif; newinet->inet_opt = NULL; newnp->ipv6_ac_list = NULL; newnp->ipv6_fl_list = NULL; newnp->rxopt.all = np->rxopt.all; newnp->pktoptions = NULL; newnp->opt = NULL; newnp->mcast_oif = tcp_v6_iif(skb); newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb)); if (np->repflow) newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb)); if (np->opt) newnp->opt = ipv6_dup_options(newsk, np->opt); inet_csk(newsk)->icsk_ext_hdr_len = 0; if (newnp->opt) inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + newnp->opt->opt_flen); tcp_ca_openreq_child(newsk, dst); tcp_sync_mss(newsk, dst_mtu(dst)); newtp->advmss = dst_metric_advmss(dst); if (tcp_sk(sk)->rx_opt.user_mss && tcp_sk(sk)->rx_opt.user_mss < newtp->advmss) newtp->advmss = tcp_sk(sk)->rx_opt.user_mss; tcp_initialize_rcv_mss(newsk); newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; newinet->inet_rcv_saddr = LOOPBACK4_IPV6; #ifdef CONFIG_TCP_MD5SIG key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr); if (key) { tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr, AF_INET6, key->key, key->keylen, sk_gfp_atomic(sk, GFP_ATOMIC)); } #endif if (__inet_inherit_port(sk, newsk) < 0) { inet_csk_prepare_forced_close(newsk); tcp_done(newsk); goto out; } *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); if (*own_req) { tcp_move_syn(newtp, req); if (ireq->pktopts) { newnp->pktoptions = skb_clone(ireq->pktopts, sk_gfp_atomic(sk, GFP_ATOMIC)); consume_skb(ireq->pktopts); ireq->pktopts = NULL; if (newnp->pktoptions) skb_set_owner_r(newnp->pktoptions, newsk); } } return newsk; out_overflow: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); out_nonewsk: dst_release(dst); out: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); return NULL; }",visit repo url,net/ipv6/tcp_ipv6.c,https://github.com/torvalds/linux,274760929828065,1 552,CWE-189,"static void freeary(struct ipc_namespace *ns, struct kern_ipc_perm *ipcp) { struct sem_undo *un, *tu; struct sem_queue *q, *tq; struct sem_array *sma = container_of(ipcp, struct sem_array, sem_perm); struct list_head tasks; int i; assert_spin_locked(&sma->sem_perm.lock); list_for_each_entry_safe(un, tu, &sma->list_id, list_id) { list_del(&un->list_id); spin_lock(&un->ulp->lock); un->semid = -1; list_del_rcu(&un->list_proc); spin_unlock(&un->ulp->lock); kfree_rcu(un, rcu); } INIT_LIST_HEAD(&tasks); list_for_each_entry_safe(q, tq, &sma->sem_pending, list) { unlink_queue(sma, q); wake_up_sem_queue_prepare(&tasks, q, -EIDRM); } for (i = 0; i < sma->sem_nsems; i++) { struct sem *sem = sma->sem_base + i; list_for_each_entry_safe(q, tq, &sem->sem_pending, list) { unlink_queue(sma, q); wake_up_sem_queue_prepare(&tasks, q, -EIDRM); } } sem_rmid(ns, sma); sem_unlock(sma); wake_up_sem_queue_do(&tasks); ns->used_sems -= sma->sem_nsems; security_sem_free(sma); ipc_rcu_putref(sma); }",visit repo url,ipc/sem.c,https://github.com/torvalds/linux,30851026755028,1 1379,CWE-362,"static int ptrace_check_attach(struct task_struct *child, bool ignore_state) { int ret = -ESRCH; read_lock(&tasklist_lock); if ((child->ptrace & PT_PTRACED) && child->parent == current) { spin_lock_irq(&child->sighand->siglock); WARN_ON_ONCE(task_is_stopped(child)); if (ignore_state || (task_is_traced(child) && !(child->jobctl & JOBCTL_LISTENING))) ret = 0; spin_unlock_irq(&child->sighand->siglock); } read_unlock(&tasklist_lock); if (!ret && !ignore_state) ret = wait_task_inactive(child, TASK_TRACED) ? 0 : -ESRCH; return ret; }",visit repo url,kernel/ptrace.c,https://github.com/torvalds/linux,253538754928913,1 5542,[],"static inline int wants_signal(int sig, struct task_struct *p) { if (sigismember(&p->blocked, sig)) return 0; if (p->flags & PF_EXITING) return 0; if (sig == SIGKILL) return 1; if (task_is_stopped_or_traced(p)) return 0; return task_curr(p) || !signal_pending(p); }",linux-2.6,,,290291531381696982249665663880127740108,0 381,CWE-119,"static int hns_gmac_get_sset_count(int stringset) { if (stringset == ETH_SS_STATS) return ARRAY_SIZE(g_gmac_stats_string); return 0; }",visit repo url,drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c,https://github.com/torvalds/linux,109786277618114,1 2140,CWE-476,"int btrfs_init_dev_replace(struct btrfs_fs_info *fs_info) { struct btrfs_key key; struct btrfs_root *dev_root = fs_info->dev_root; struct btrfs_dev_replace *dev_replace = &fs_info->dev_replace; struct extent_buffer *eb; int slot; int ret = 0; struct btrfs_path *path = NULL; int item_size; struct btrfs_dev_replace_item *ptr; u64 src_devid; path = btrfs_alloc_path(); if (!path) { ret = -ENOMEM; goto out; } key.objectid = 0; key.type = BTRFS_DEV_REPLACE_KEY; key.offset = 0; ret = btrfs_search_slot(NULL, dev_root, &key, path, 0, 0); if (ret) { no_valid_dev_replace_entry_found: ret = 0; dev_replace->replace_state = BTRFS_DEV_REPLACE_ITEM_STATE_NEVER_STARTED; dev_replace->cont_reading_from_srcdev_mode = BTRFS_DEV_REPLACE_ITEM_CONT_READING_FROM_SRCDEV_MODE_ALWAYS; dev_replace->time_started = 0; dev_replace->time_stopped = 0; atomic64_set(&dev_replace->num_write_errors, 0); atomic64_set(&dev_replace->num_uncorrectable_read_errors, 0); dev_replace->cursor_left = 0; dev_replace->committed_cursor_left = 0; dev_replace->cursor_left_last_write_of_item = 0; dev_replace->cursor_right = 0; dev_replace->srcdev = NULL; dev_replace->tgtdev = NULL; dev_replace->is_valid = 0; dev_replace->item_needs_writeback = 0; goto out; } slot = path->slots[0]; eb = path->nodes[0]; item_size = btrfs_item_size_nr(eb, slot); ptr = btrfs_item_ptr(eb, slot, struct btrfs_dev_replace_item); if (item_size != sizeof(struct btrfs_dev_replace_item)) { btrfs_warn(fs_info, ""dev_replace entry found has unexpected size, ignore entry""); goto no_valid_dev_replace_entry_found; } src_devid = btrfs_dev_replace_src_devid(eb, ptr); dev_replace->cont_reading_from_srcdev_mode = btrfs_dev_replace_cont_reading_from_srcdev_mode(eb, ptr); dev_replace->replace_state = btrfs_dev_replace_replace_state(eb, ptr); dev_replace->time_started = btrfs_dev_replace_time_started(eb, ptr); dev_replace->time_stopped = btrfs_dev_replace_time_stopped(eb, ptr); atomic64_set(&dev_replace->num_write_errors, btrfs_dev_replace_num_write_errors(eb, ptr)); atomic64_set(&dev_replace->num_uncorrectable_read_errors, btrfs_dev_replace_num_uncorrectable_read_errors(eb, ptr)); dev_replace->cursor_left = btrfs_dev_replace_cursor_left(eb, ptr); dev_replace->committed_cursor_left = dev_replace->cursor_left; dev_replace->cursor_left_last_write_of_item = dev_replace->cursor_left; dev_replace->cursor_right = btrfs_dev_replace_cursor_right(eb, ptr); dev_replace->is_valid = 1; dev_replace->item_needs_writeback = 0; switch (dev_replace->replace_state) { case BTRFS_IOCTL_DEV_REPLACE_STATE_NEVER_STARTED: case BTRFS_IOCTL_DEV_REPLACE_STATE_FINISHED: case BTRFS_IOCTL_DEV_REPLACE_STATE_CANCELED: dev_replace->srcdev = NULL; dev_replace->tgtdev = NULL; break; case BTRFS_IOCTL_DEV_REPLACE_STATE_STARTED: case BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED: dev_replace->srcdev = btrfs_find_device(fs_info->fs_devices, src_devid, NULL, NULL); dev_replace->tgtdev = btrfs_find_device(fs_info->fs_devices, BTRFS_DEV_REPLACE_DEVID, NULL, NULL); if (!dev_replace->srcdev && !btrfs_test_opt(fs_info, DEGRADED)) { ret = -EIO; btrfs_warn(fs_info, ""cannot mount because device replace operation is ongoing and""); btrfs_warn(fs_info, ""srcdev (devid %llu) is missing, need to run 'btrfs dev scan'?"", src_devid); } if (!dev_replace->tgtdev && !btrfs_test_opt(fs_info, DEGRADED)) { ret = -EIO; btrfs_warn(fs_info, ""cannot mount because device replace operation is ongoing and""); btrfs_warn(fs_info, ""tgtdev (devid %llu) is missing, need to run 'btrfs dev scan'?"", BTRFS_DEV_REPLACE_DEVID); } if (dev_replace->tgtdev) { if (dev_replace->srcdev) { dev_replace->tgtdev->total_bytes = dev_replace->srcdev->total_bytes; dev_replace->tgtdev->disk_total_bytes = dev_replace->srcdev->disk_total_bytes; dev_replace->tgtdev->commit_total_bytes = dev_replace->srcdev->commit_total_bytes; dev_replace->tgtdev->bytes_used = dev_replace->srcdev->bytes_used; dev_replace->tgtdev->commit_bytes_used = dev_replace->srcdev->commit_bytes_used; } set_bit(BTRFS_DEV_STATE_REPLACE_TGT, &dev_replace->tgtdev->dev_state); WARN_ON(fs_info->fs_devices->rw_devices == 0); dev_replace->tgtdev->io_width = fs_info->sectorsize; dev_replace->tgtdev->io_align = fs_info->sectorsize; dev_replace->tgtdev->sector_size = fs_info->sectorsize; dev_replace->tgtdev->fs_info = fs_info; set_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &dev_replace->tgtdev->dev_state); } break; } out: btrfs_free_path(path); return ret; }",visit repo url,fs/btrfs/dev-replace.c,https://github.com/torvalds/linux,48875944202535,1 5163,['CWE-20'],"static void vmx_get_gdt(struct kvm_vcpu *vcpu, struct descriptor_table *dt) { dt->limit = vmcs_read32(GUEST_GDTR_LIMIT); dt->base = vmcs_readl(GUEST_GDTR_BASE); }",linux-2.6,,,109139292784122718920455884317408439852,0 3566,CWE-20,"static int jpc_ppm_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in) { jpc_ppm_t *ppm = &ms->parms.ppm; cstate = 0; ppm->data = 0; if (ms->len < 1) { goto error; } if (jpc_getuint8(in, &ppm->ind)) { goto error; } ppm->len = ms->len - 1; if (ppm->len > 0) { if (!(ppm->data = jas_malloc(ppm->len))) { goto error; } if (JAS_CAST(uint, jas_stream_read(in, ppm->data, ppm->len)) != ppm->len) { goto error; } } else { ppm->data = 0; } return 0; error: jpc_ppm_destroyparms(ms); return -1; }",visit repo url,src/libjasper/jpc/jpc_cs.c,https://github.com/mdadams/jasper,251380772730862,1 6216,['CWE-200'],"static inline int get_priv_size(__u16 args) { int num = args & IW_PRIV_SIZE_MASK; int type = (args & IW_PRIV_TYPE_MASK) >> 12; return num * iw_priv_type_size[type]; }",linux-2.6,,,218293552861243173439664150578154531823,0 972,['CWE-189'],"ProcShmDetach(client) register ClientPtr client; { ShmDescPtr shmdesc; REQUEST(xShmDetachReq); REQUEST_SIZE_MATCH(xShmDetachReq); VERIFY_SHMSEG(stuff->shmseg, shmdesc, client); FreeResource(stuff->shmseg, RT_NONE); return(client->noClientException); }",xserver,,,183496314935465456603092578789777479681,0 4112,['CWE-399'],"bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, fmode_t has_write_perm) { struct request_queue *q = bd->queue; struct request *rq, *next_rq = NULL; int ret, rw; unsigned int dxfer_len; void *dxferp = NULL; dprintk(""map hdr %llx/%u %llx/%u\n"", (unsigned long long) hdr->dout_xferp, hdr->dout_xfer_len, (unsigned long long) hdr->din_xferp, hdr->din_xfer_len); ret = bsg_validate_sgv4_hdr(q, hdr, &rw); if (ret) return ERR_PTR(ret); rq = blk_get_request(q, rw, GFP_KERNEL); if (!rq) return ERR_PTR(-ENOMEM); ret = blk_fill_sgv4_hdr_rq(q, rq, hdr, bd, has_write_perm); if (ret) goto out; if (rw == WRITE && hdr->din_xfer_len) { if (!test_bit(QUEUE_FLAG_BIDI, &q->queue_flags)) { ret = -EOPNOTSUPP; goto out; } next_rq = blk_get_request(q, READ, GFP_KERNEL); if (!next_rq) { ret = -ENOMEM; goto out; } rq->next_rq = next_rq; next_rq->cmd_type = rq->cmd_type; dxferp = (void*)(unsigned long)hdr->din_xferp; ret = blk_rq_map_user(q, next_rq, NULL, dxferp, hdr->din_xfer_len, GFP_KERNEL); if (ret) goto out; } if (hdr->dout_xfer_len) { dxfer_len = hdr->dout_xfer_len; dxferp = (void*)(unsigned long)hdr->dout_xferp; } else if (hdr->din_xfer_len) { dxfer_len = hdr->din_xfer_len; dxferp = (void*)(unsigned long)hdr->din_xferp; } else dxfer_len = 0; if (dxfer_len) { ret = blk_rq_map_user(q, rq, NULL, dxferp, dxfer_len, GFP_KERNEL); if (ret) goto out; } return rq; out: if (rq->cmd != rq->__cmd) kfree(rq->cmd); blk_put_request(rq); if (next_rq) { blk_rq_unmap_user(next_rq->bio); blk_put_request(next_rq); } return ERR_PTR(ret); }",linux-2.6,,,176860798888060979809230888165701865638,0 2512,['CWE-119'],"void diff_setup(struct diff_options *options) { memset(options, 0, sizeof(*options)); options->file = stdout; options->line_termination = '\n'; options->break_opt = -1; options->rename_limit = -1; options->dirstat_percent = 3; options->context = 3; options->change = diff_change; options->add_remove = diff_addremove; if (diff_use_color_default > 0) DIFF_OPT_SET(options, COLOR_DIFF); else DIFF_OPT_CLR(options, COLOR_DIFF); options->detect_rename = diff_detect_rename_default; options->a_prefix = ""a/""; options->b_prefix = ""b/""; }",git,,,92553199690681661481157906812738635206,0 44,['CWE-787'],"glue(glue(cirrus_bitblt_rop_bkwd_transp_, ROP_NAME),_16)(CirrusVGAState *s, uint8_t *dst,const uint8_t *src, int dstpitch,int srcpitch, int bltwidth,int bltheight) { int x,y; uint8_t p1, p2; dstpitch += bltwidth; srcpitch += bltwidth; for (y = 0; y < bltheight; y++) { for (x = 0; x < bltwidth; x+=2) { p1 = *(dst-1); p2 = *dst; ROP_OP(p1, *(src-1)); ROP_OP(p2, *src); if ((p1 != s->gr[0x34]) || (p2 != s->gr[0x35])) { *(dst-1) = p1; *dst = p2; } dst-=2; src-=2; } dst += dstpitch; src += srcpitch; } }",qemu,,,26724004335636406514054021713772771086,0 3590,['CWE-20'],"static sctp_disposition_t sctp_sf_shut_8_4_5(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_packet *packet = NULL; struct sctp_chunk *chunk = arg; struct sctp_chunk *shut; packet = sctp_ootb_pkt_new(asoc, chunk); if (packet) { shut = sctp_make_shutdown_complete(asoc, chunk); if (!shut) { sctp_ootb_pkt_free(packet); return SCTP_DISPOSITION_NOMEM; } if (sctp_test_T_bit(shut)) packet->vtag = ntohl(chunk->sctp_hdr->vtag); shut->skb->sk = ep->base.sk; sctp_packet_append_chunk(packet, shut); sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(packet)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); return sctp_sf_pdiscard(ep, asoc, type, arg, commands); } return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,7059880915762761611536799197172410331,0 6162,CWE-190,"void ep2_write_bin(uint8_t *bin, int len, const ep2_t a, int pack) { ep2_t t; ep2_null(t); memset(bin, 0, len); if (ep2_is_infty(a)) { if (len < 1) { RLC_THROW(ERR_NO_BUFFER); return; } else { return; } } RLC_TRY { ep2_new(t); ep2_norm(t, a); if (pack) { if (len < 2 * RLC_FP_BYTES + 1) { RLC_THROW(ERR_NO_BUFFER); } else { ep2_pck(t, t); bin[0] = 2 | fp_get_bit(t->y[0], 0); fp2_write_bin(bin + 1, 2 * RLC_FP_BYTES, t->x, 0); } } else { if (len < 4 * RLC_FP_BYTES + 1) { RLC_THROW(ERR_NO_BUFFER); } else { bin[0] = 4; fp2_write_bin(bin + 1, 2 * RLC_FP_BYTES, t->x, 0); fp2_write_bin(bin + 2 * RLC_FP_BYTES + 1, 2 * RLC_FP_BYTES, t->y, 0); } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { ep2_free(t); } }",visit repo url,src/epx/relic_ep2_util.c,https://github.com/relic-toolkit/relic,275176855303647,1 908,['CWE-200'],"shmem_write_end(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned copied, struct page *page, void *fsdata) { struct inode *inode = mapping->host; set_page_dirty(page); page_cache_release(page); if (pos+copied > inode->i_size) i_size_write(inode, pos+copied); return copied; }",linux-2.6,,,42667191263144685498009777796781491122,0 2543,['CWE-119'],"static int diff_get_patch_id(struct diff_options *options, unsigned char *sha1) { struct diff_queue_struct *q = &diff_queued_diff; int i; SHA_CTX ctx; struct patch_id_t data; char buffer[PATH_MAX * 4 + 20]; SHA1_Init(&ctx); memset(&data, 0, sizeof(struct patch_id_t)); data.ctx = &ctx; data.xm.consume = patch_id_consume; for (i = 0; i < q->nr; i++) { xpparam_t xpp; xdemitconf_t xecfg; xdemitcb_t ecb; mmfile_t mf1, mf2; struct diff_filepair *p = q->queue[i]; int len1, len2; memset(&xecfg, 0, sizeof(xecfg)); if (p->status == 0) return error(""internal diff status error""); if (p->status == DIFF_STATUS_UNKNOWN) continue; if (diff_unmodified_pair(p)) continue; if ((DIFF_FILE_VALID(p->one) && S_ISDIR(p->one->mode)) || (DIFF_FILE_VALID(p->two) && S_ISDIR(p->two->mode))) continue; if (DIFF_PAIR_UNMERGED(p)) continue; diff_fill_sha1_info(p->one); diff_fill_sha1_info(p->two); if (fill_mmfile(&mf1, p->one) < 0 || fill_mmfile(&mf2, p->two) < 0) return error(""unable to read files to diff""); len1 = remove_space(p->one->path, strlen(p->one->path)); len2 = remove_space(p->two->path, strlen(p->two->path)); if (p->one->mode == 0) len1 = snprintf(buffer, sizeof(buffer), ""diff--gita/%.*sb/%.*s"" ""newfilemode%06o"" ""---/dev/null"" ""+++b/%.*s"", len1, p->one->path, len2, p->two->path, p->two->mode, len2, p->two->path); else if (p->two->mode == 0) len1 = snprintf(buffer, sizeof(buffer), ""diff--gita/%.*sb/%.*s"" ""deletedfilemode%06o"" ""---a/%.*s"" ""+++/dev/null"", len1, p->one->path, len2, p->two->path, p->one->mode, len1, p->one->path); else len1 = snprintf(buffer, sizeof(buffer), ""diff--gita/%.*sb/%.*s"" ""---a/%.*s"" ""+++b/%.*s"", len1, p->one->path, len2, p->two->path, len1, p->one->path, len2, p->two->path); SHA1_Update(&ctx, buffer, len1); xpp.flags = XDF_NEED_MINIMAL; xecfg.ctxlen = 3; xecfg.flags = XDL_EMIT_FUNCNAMES; ecb.outf = xdiff_outf; ecb.priv = &data; xdi_diff(&mf1, &mf2, &xpp, &xecfg, &ecb); } SHA1_Final(sha1, &ctx); return 0; }",git,,,79396347205158530735615026912050457587,0 3676,CWE-787,"hb_set_set (hb_set_t *set, const hb_set_t *other) { if (unlikely (hb_object_is_immutable (set))) return; set->set (*other); }",visit repo url,src/hb-set.cc,https://github.com/harfbuzz/harfbuzz,211350792986084,1 4347,['CWE-399'],"long keyctl_set_reqkey_keyring(int reqkey_defl) { struct cred *new; int ret, old_setting; old_setting = current_cred_xxx(jit_keyring); if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) return old_setting; new = prepare_creds(); if (!new) return -ENOMEM; switch (reqkey_defl) { case KEY_REQKEY_DEFL_THREAD_KEYRING: ret = install_thread_keyring_to_cred(new); if (ret < 0) goto error; goto set; case KEY_REQKEY_DEFL_PROCESS_KEYRING: ret = install_process_keyring_to_cred(new); if (ret < 0) { if (ret != -EEXIST) goto error; ret = 0; } goto set; case KEY_REQKEY_DEFL_DEFAULT: case KEY_REQKEY_DEFL_SESSION_KEYRING: case KEY_REQKEY_DEFL_USER_KEYRING: case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: goto set; case KEY_REQKEY_DEFL_NO_CHANGE: case KEY_REQKEY_DEFL_GROUP_KEYRING: default: ret = -EINVAL; goto error; } set: new->jit_keyring = reqkey_defl; commit_creds(new); return old_setting; error: abort_creds(new); return -EINVAL; } ",linux-2.6,,,188805580132650102270087228787588134572,0 3147,CWE-125,"read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) { byte c, c1; size_t size, nread, n; cdk_subpkt_t node; cdk_error_t rc; if (!inp || !r_nbytes) return CDK_Inv_Value; if (DEBUG_PKT) _gnutls_write_log(""read_subpkt:\n""); n = 0; *r_nbytes = 0; c = cdk_stream_getc(inp); n++; if (c == 255) { size = read_32(inp); n += 4; } else if (c >= 192 && c < 255) { c1 = cdk_stream_getc(inp); n++; if (c1 == 0) return 0; size = ((c - 192) << 8) + c1 + 192; } else if (c < 192) size = c; else return CDK_Inv_Packet; node = cdk_subpkt_new(size); if (!node) return CDK_Out_Of_Core; node->size = size; node->type = cdk_stream_getc(inp); if (DEBUG_PKT) _gnutls_write_log("" %d octets %d type\n"", node->size, node->type); n++; node->size--; rc = stream_read(inp, node->d, node->size, &nread); n += nread; if (rc) { cdk_subpkt_free(node); return rc; } *r_nbytes = n; if (!*r_ctx) *r_ctx = node; else cdk_subpkt_add(*r_ctx, node); return rc; }",visit repo url,lib/opencdk/read-packet.c,https://gitlab.com/gnutls/gnutls,264297122040782,1 3242,['CWE-189'],"jas_cmprof_t *jas_cmprof_createfromiccprof(jas_iccprof_t *iccprof) { jas_cmprof_t *prof; jas_icchdr_t icchdr; jas_cmpxformseq_t *fwdpxformseq; jas_cmpxformseq_t *revpxformseq; prof = 0; fwdpxformseq = 0; revpxformseq = 0; if (!(prof = jas_cmprof_create())) goto error; jas_iccprof_gethdr(iccprof, &icchdr); if (!(prof->iccprof = jas_iccprof_copy(iccprof))) goto error; prof->clrspc = icctoclrspc(icchdr.colorspc, 0); prof->refclrspc = icctoclrspc(icchdr.refcolorspc, 1); prof->numchans = jas_clrspc_numchans(prof->clrspc); prof->numrefchans = jas_clrspc_numchans(prof->refclrspc); if (prof->numchans == 1) { if (mono(prof->iccprof, 0, &fwdpxformseq)) goto error; if (mono(prof->iccprof, 1, &revpxformseq)) goto error; } else if (prof->numchans == 3) { if (triclr(prof->iccprof, 0, &fwdpxformseq)) goto error; if (triclr(prof->iccprof, 1, &revpxformseq)) goto error; } prof->pxformseqs[SEQFWD(0)] = fwdpxformseq; prof->pxformseqs[SEQREV(0)] = revpxformseq; #if 0 if (prof->numchans > 1) { lut(prof->iccprof, 0, PER, &pxformseq); pxformseqs_set(prof, SEQFWD(PER), pxformseq); lut(prof->iccprof, 1, PER, &pxformseq); pxformseqs_set(prof, SEQREV(PER), pxformseq); lut(prof->iccprof, 0, CLR, &pxformseq); pxformseqs_set(prof, SEQREV(CLR), pxformseq); lut(prof->iccprof, 1, CLR, &pxformseq); pxformseqs_set(prof, SEQREV(CLR), pxformseq); lut(prof->iccprof, 0, SAT, &pxformseq); pxformseqs_set(prof, SEQREV(SAT), pxformseq); lut(prof->iccprof, 1, SAT, &pxformseq); pxformseqs_set(prof, SEQREV(SAT), pxformseq); } #endif return prof; error: if (fwdpxformseq) { jas_cmpxformseq_destroy(fwdpxformseq); } if (revpxformseq) { jas_cmpxformseq_destroy(revpxformseq); } if (prof) { jas_cmprof_destroy(prof); } return 0; }",jasper,,,92980220744710042941686536859755616128,0 1435,[],"static int wake_idle(int cpu, struct task_struct *p) { cpumask_t tmp; struct sched_domain *sd; int i; if (idle_cpu(cpu) || cpu_rq(cpu)->nr_running > 1) return cpu; for_each_domain(cpu, sd) { if ((sd->flags & SD_WAKE_IDLE) || ((sd->flags & SD_WAKE_IDLE_FAR) && !task_hot(p, task_rq(p)->clock, sd))) { cpus_and(tmp, sd->span, p->cpus_allowed); for_each_cpu_mask(i, tmp) { if (idle_cpu(i)) { if (i != task_cpu(p)) { schedstat_inc(p, se.nr_wakeups_idle); } return i; } } } else { break; } } return cpu; }",linux-2.6,,,243240894571263304850839842937805261896,0 1470,[],"static inline int normal_prio(struct task_struct *p) { int prio; if (task_has_rt_policy(p)) prio = MAX_RT_PRIO-1 - p->rt_priority; else prio = __normal_prio(p); return prio; }",linux-2.6,,,51957293515592669874100832589914378431,0 3793,[],"static void __exit af_unix_exit(void) { sock_unregister(PF_UNIX); unix_sysctl_unregister(); proc_net_remove(""unix""); proto_unregister(&unix_proto); }",linux-2.6,,,37458926425759674266729326384512716947,0 1336,CWE-200,"static int llc_ui_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddrlen, int peer) { struct sockaddr_llc sllc; struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); int rc = 0; memset(&sllc, 0, sizeof(sllc)); lock_sock(sk); if (sock_flag(sk, SOCK_ZAPPED)) goto out; *uaddrlen = sizeof(sllc); memset(uaddr, 0, *uaddrlen); if (peer) { rc = -ENOTCONN; if (sk->sk_state != TCP_ESTABLISHED) goto out; if(llc->dev) sllc.sllc_arphrd = llc->dev->type; sllc.sllc_sap = llc->daddr.lsap; memcpy(&sllc.sllc_mac, &llc->daddr.mac, IFHWADDRLEN); } else { rc = -EINVAL; if (!llc->sap) goto out; sllc.sllc_sap = llc->sap->laddr.lsap; if (llc->dev) { sllc.sllc_arphrd = llc->dev->type; memcpy(&sllc.sllc_mac, llc->dev->dev_addr, IFHWADDRLEN); } } rc = 0; sllc.sllc_family = AF_LLC; memcpy(uaddr, &sllc, sizeof(sllc)); out: release_sock(sk); return rc; }",visit repo url,net/llc/af_llc.c,https://github.com/torvalds/linux,82468636774581,1 910,CWE-20,"static int __vcpu_run(struct kvm_vcpu *vcpu) { int r; struct kvm *kvm = vcpu->kvm; vcpu->srcu_idx = srcu_read_lock(&kvm->srcu); r = vapic_enter(vcpu); if (r) { srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx); return r; } r = 1; while (r > 0) { if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE && !vcpu->arch.apf.halted) r = vcpu_enter_guest(vcpu); else { srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx); kvm_vcpu_block(vcpu); vcpu->srcu_idx = srcu_read_lock(&kvm->srcu); if (kvm_check_request(KVM_REQ_UNHALT, vcpu)) { kvm_apic_accept_events(vcpu); switch(vcpu->arch.mp_state) { case KVM_MP_STATE_HALTED: vcpu->arch.pv.pv_unhalted = false; vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; case KVM_MP_STATE_RUNNABLE: vcpu->arch.apf.halted = false; break; case KVM_MP_STATE_INIT_RECEIVED: break; default: r = -EINTR; break; } } } if (r <= 0) break; clear_bit(KVM_REQ_PENDING_TIMER, &vcpu->requests); if (kvm_cpu_has_pending_timer(vcpu)) kvm_inject_pending_timer_irqs(vcpu); if (dm_request_for_irq_injection(vcpu)) { r = -EINTR; vcpu->run->exit_reason = KVM_EXIT_INTR; ++vcpu->stat.request_irq_exits; } kvm_check_async_pf_completion(vcpu); if (signal_pending(current)) { r = -EINTR; vcpu->run->exit_reason = KVM_EXIT_INTR; ++vcpu->stat.signal_exits; } if (need_resched()) { srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx); kvm_resched(vcpu); vcpu->srcu_idx = srcu_read_lock(&kvm->srcu); } } srcu_read_unlock(&kvm->srcu, vcpu->srcu_idx); vapic_exit(vcpu); return r; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,157918787273530,1 2342,CWE-772,"processBatchMultiRuleset(batch_t *pBatch) { ruleset_t *currRuleset; batch_t snglRuleBatch; int i; int iStart; int iNew; DEFiRet; CHKiRet(batchInit(&snglRuleBatch, pBatch->nElem)); snglRuleBatch.pbShutdownImmediate = pBatch->pbShutdownImmediate; while(1) { for(iStart = 0 ; iStart < pBatch->nElem && pBatch->pElem[iStart].state == BATCH_STATE_DISC ; ++iStart) ; if(iStart == pBatch->nElem) FINALIZE; currRuleset = batchElemGetRuleset(pBatch, iStart); iNew = 0; for(i = iStart ; i < pBatch->nElem ; ++i) { if(batchElemGetRuleset(pBatch, i) == currRuleset) { batchCopyElem(&(snglRuleBatch.pElem[iNew++]), &(pBatch->pElem[i])); pBatch->pElem[i].state = BATCH_STATE_DISC; } } snglRuleBatch.nElem = iNew; batchSetSingleRuleset(&snglRuleBatch, 1); processBatch(&snglRuleBatch); } batchFree(&snglRuleBatch); finalize_it: RETiRet; }",visit repo url,runtime/ruleset.c,https://github.com/rsyslog/rsyslog,149385621023883,1 5472,CWE-617,"pci_emul_alloc_pbar(struct pci_vdev *pdi, int idx, uint64_t hostbase, enum pcibar_type type, uint64_t size) { int error; uint64_t *baseptr, limit, addr, mask, lobits, bar; assert(idx >= 0 && idx <= PCI_BARMAX); if ((size & (size - 1)) != 0) size = 1UL << flsl(size); if (type == PCIBAR_IO) { if (size < 4) size = 4; } else { if (size < 16) size = 16; } switch (type) { case PCIBAR_NONE: baseptr = NULL; addr = mask = lobits = 0; break; case PCIBAR_IO: baseptr = &pci_emul_iobase; limit = PCI_EMUL_IOLIMIT; mask = PCIM_BAR_IO_BASE; lobits = PCIM_BAR_IO_SPACE; break; case PCIBAR_MEM64: if (!skip_pci_mem64bar_workaround && (size <= 32 * 1024 * 1024)) { baseptr = &pci_emul_membase32; limit = PCI_EMUL_MEMLIMIT32; mask = PCIM_BAR_MEM_BASE; lobits = PCIM_BAR_MEM_SPACE | PCIM_BAR_MEM_64; break; } if (size == 0x100000000UL) baseptr = &hostbase; else baseptr = &pci_emul_membase64; limit = PCI_EMUL_MEMLIMIT64; mask = PCIM_BAR_MEM_BASE; lobits = PCIM_BAR_MEM_SPACE | PCIM_BAR_MEM_64 | PCIM_BAR_MEM_PREFETCH; break; case PCIBAR_MEM32: baseptr = &pci_emul_membase32; limit = PCI_EMUL_MEMLIMIT32; mask = PCIM_BAR_MEM_BASE; lobits = PCIM_BAR_MEM_SPACE | PCIM_BAR_MEM_32; break; default: printf(""%s: invalid bar type %d\n"", __func__, type); assert(0); } if (baseptr != NULL) { error = pci_emul_alloc_resource(baseptr, limit, size, &addr); if (error != 0) return error; } pdi->bar[idx].type = type; pdi->bar[idx].addr = addr; pdi->bar[idx].size = size; bar = (addr & mask) | lobits; pci_set_cfgdata32(pdi, PCIR_BAR(idx), bar); if (type == PCIBAR_MEM64) { assert(idx + 1 <= PCI_BARMAX); pdi->bar[idx + 1].type = PCIBAR_MEMHI64; pci_set_cfgdata32(pdi, PCIR_BAR(idx + 1), bar >> 32); } register_bar(pdi, idx); return 0; }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,82697182605055,1 4913,['CWE-20'],"static inline void nfs_init_server_aclclient(struct nfs_server *server) { server->flags &= ~NFS_MOUNT_NOACL; server->caps &= ~NFS_CAP_ACLS; }",linux-2.6,,,80264146089756229698778324175175341191,0 5804,CWE-20,"SockParse(Sock *sockPtr) { const Tcl_DString *bufPtr; const Driver *drvPtr; Request *reqPtr; char save; SockState result; NS_NONNULL_ASSERT(sockPtr != NULL); drvPtr = sockPtr->drvPtr; NsUpdateProgress((Ns_Sock *) sockPtr); reqPtr = sockPtr->reqPtr; bufPtr = &reqPtr->buffer; while (reqPtr->coff == 0u) { char *s, *e; size_t cnt; s = bufPtr->string + reqPtr->roff; e = memchr(s, INTCHAR('\n'), reqPtr->avail); if (unlikely(e == NULL)) { return SOCK_MORE; } if (unlikely((e - s) > drvPtr->maxline)) { sockPtr->keep = NS_FALSE; if (reqPtr->request.line == NULL) { Ns_Log(DriverDebug, ""SockParse: maxline reached of %d bytes"", drvPtr->maxline); sockPtr->flags = NS_CONN_REQUESTURITOOLONG; Ns_Log(Warning, ""request line is too long (%d bytes)"", (int)(e - s)); } else { sockPtr->flags = NS_CONN_LINETOOLONG; Ns_Log(Warning, ""request header line is too long (%d bytes)"", (int)(e - s)); } } cnt = (size_t)(e - s) + 1u; reqPtr->roff += cnt; reqPtr->avail -= cnt; if (likely(e > s) && likely(*(e-1) == '\r')) { --e; } if (unlikely(e == s) && (reqPtr->coff == 0u)) { reqPtr->coff = EndOfHeader(sockPtr); if ((sockPtr->flags & NS_CONN_CONTINUE) != 0u) { Ns_Log(Ns_LogRequestDebug, ""honoring 100-continue""); if ((sockPtr->flags & NS_CONN_ENTITYTOOLARGE) != 0u) { Ns_Log(Ns_LogRequestDebug, ""100-continue: entity too large""); return SOCK_ENTITYTOOLARGE; } else { struct iovec iov[1]; ssize_t sent; Ns_Log(Ns_LogRequestDebug, ""100-continue: reply CONTINUE""); iov[0].iov_base = (char *)""HTTP/1.1 100 Continue\r\n\r\n""; iov[0].iov_len = strlen(iov[0].iov_base); sent = Ns_SockSendBufs((Ns_Sock *)sockPtr, iov, 1, NULL, 0u); if (sent != (ssize_t)iov[0].iov_len) { Ns_Log(Warning, ""could not deliver response: 100 Continue""); } } } } else { save = *e; *e = '\0'; if (unlikely(reqPtr->request.line == NULL)) { Ns_Log(DriverDebug, ""SockParse (%d): parse request line <%s>"", sockPtr->sock, s); if (Ns_ParseRequest(&reqPtr->request, s) == NS_ERROR) { return SOCK_BADREQUEST; } if (unlikely(reqPtr->request.version < 1.0)) { reqPtr->coff = reqPtr->roff; Ns_Log(Notice, ""pre-HTTP/1.0 request <%s>"", reqPtr->request.line); } } else if (Ns_ParseHeader(reqPtr->headers, s, Preserve) != NS_OK) { return SOCK_BADHEADER; } else { if (unlikely(Ns_SetSize(reqPtr->headers) > (size_t)drvPtr->maxheaders)) { Ns_Log(DriverDebug, ""SockParse (%d): maxheaders reached of %d bytes"", sockPtr->sock, drvPtr->maxheaders); return SOCK_TOOMANYHEADERS; } } *e = save; } } if (unlikely(reqPtr->request.line == NULL)) { return SOCK_BADREQUEST; } assert(reqPtr->coff > 0u); assert(reqPtr->request.line != NULL); Ns_Log(Dev, ""=== length < avail (length %"" PRIuz "", avail %"" PRIuz "") tfd %d tfile %p chunkStartOff %"" PRIuz, reqPtr->length, reqPtr->avail, sockPtr->tfd, (void *)sockPtr->tfile, reqPtr->chunkStartOff); if (reqPtr->chunkStartOff != 0u) { bool complete; size_t currentContentLength; complete = ChunkedDecode(reqPtr, NS_TRUE); currentContentLength = reqPtr->chunkWriteOff - reqPtr->coff; if ((!complete) || (reqPtr->expectedLength != 0u && currentContentLength < reqPtr->expectedLength)) { return SOCK_MORE; } reqPtr->length = (size_t)currentContentLength; } if (reqPtr->avail < reqPtr->length) { Ns_Log(DriverDebug, ""SockRead wait for more input""); return SOCK_MORE; } Ns_Log(Dev, ""=== all required data is available (avail %"" PRIuz"", length %"" PRIuz "", "" ""readahead %"" TCL_LL_MODIFIER ""d maxupload %"" TCL_LL_MODIFIER ""d) tfd %d"", reqPtr->avail, reqPtr->length, drvPtr->readahead, drvPtr->maxupload, sockPtr->tfd); result = SOCK_READY; if (sockPtr->tfile != NULL) { reqPtr->content = NULL; reqPtr->next = NULL; reqPtr->avail = 0u; Ns_Log(DriverDebug, ""content spooled to file: size %"" PRIdz "", file %s"", reqPtr->length, sockPtr->tfile); } else { if (sockPtr->tfd > 0) { #ifdef _WIN32 assert(0); #else int prot = PROT_READ | PROT_WRITE; ssize_t rc = ns_write(sockPtr->tfd, ""\0"", 1); if (rc == -1) { Ns_Log(Error, ""socket: could not append terminating 0-byte""); } sockPtr->tsize = reqPtr->length + 1; sockPtr->taddr = mmap(0, sockPtr->tsize, prot, MAP_PRIVATE, sockPtr->tfd, 0); if (sockPtr->taddr == MAP_FAILED) { sockPtr->taddr = NULL; result = SOCK_ERROR; } else { reqPtr->content = sockPtr->taddr; Ns_Log(Debug, ""content spooled to mmapped file: readahead=%"" TCL_LL_MODIFIER ""d, filesize=%"" PRIdz, drvPtr->readahead, sockPtr->tsize); } #endif } else { reqPtr->content = bufPtr->string + reqPtr->coff; } reqPtr->next = reqPtr->content; if (reqPtr->length > 0u) { Ns_Log(DriverDebug, ""SockRead adds null terminating character at content[%"" PRIuz ""]"", reqPtr->length); reqPtr->savedChar = reqPtr->content[reqPtr->length]; reqPtr->content[reqPtr->length] = '\0'; if (sockPtr->taddr == NULL) { LogBuffer(DriverDebug, ""UPDATED BUFFER"", sockPtr->reqPtr->buffer.string, (size_t)reqPtr->buffer.length); } } } return result; }",visit repo url,nsd/driver.c,https://bitbucket.org/naviserver/naviserver,108659974292199,1 5902,CWE-190,"static Jsi_RC jsi_ArrayFlatSub(Jsi_Interp *interp, Jsi_Obj* nobj, Jsi_Value *arr, int depth) { int i, n = 0, len = Jsi_ObjGetLength(interp, arr->d.obj); if (len <= 0) return JSI_OK; Jsi_RC rc = JSI_OK; int clen = Jsi_ObjGetLength(interp, nobj); for (i = 0; i < len && rc == JSI_OK; i++) { Jsi_Value *t = Jsi_ValueArrayIndex(interp, arr, i); if (t && depth>0 && Jsi_ValueIsArray(interp, t)) rc = jsi_ArrayFlatSub(interp, nobj, t , depth-1); else if (!Jsi_ValueIsUndef(interp, t)) Jsi_ObjArrayAdd(interp, nobj, t); if ((++n + clen)>interp->maxArrayList) return Jsi_LogError(""array size exceeded""); } return rc; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,153814382399667,1 86,['CWE-787'],"static inline void cirrus_bitblt_fgcol(CirrusVGAState *s) { unsigned int color; switch (s->cirrus_blt_pixelwidth) { case 1: s->cirrus_blt_fgcol = s->cirrus_shadow_gr1; break; case 2: color = s->cirrus_shadow_gr1 | (s->gr[0x11] << 8); s->cirrus_blt_fgcol = le16_to_cpu(color); break; case 3: s->cirrus_blt_fgcol = s->cirrus_shadow_gr1 | (s->gr[0x11] << 8) | (s->gr[0x13] << 16); break; default: case 4: color = s->cirrus_shadow_gr1 | (s->gr[0x11] << 8) | (s->gr[0x13] << 16) | (s->gr[0x15] << 24); s->cirrus_blt_fgcol = le32_to_cpu(color); break; } }",qemu,,,267760980515021640442885570852732549843,0 5246,CWE-125,"pixReadFromTiffStream(TIFF *tif) { char *text; l_uint8 *linebuf, *data, *rowptr; l_uint16 spp, bps, photometry, tiffcomp, orientation, sample_fmt; l_uint16 *redmap, *greenmap, *bluemap; l_int32 d, wpl, bpl, comptype, i, j, k, ncolors, rval, gval, bval, aval; l_int32 xres, yres, tiffbpl, packedbpl, halfsize; l_uint32 w, h, tiffword, read_oriented; l_uint32 *line, *ppixel, *tiffdata, *pixdata; PIX *pix, *pix1; PIXCMAP *cmap; PROCNAME(""pixReadFromTiffStream""); if (!tif) return (PIX *)ERROR_PTR(""tif not defined"", procName, NULL); read_oriented = 0; TIFFGetFieldDefaulted(tif, TIFFTAG_SAMPLEFORMAT, &sample_fmt); if (sample_fmt != SAMPLEFORMAT_UINT) { L_ERROR(""sample format = %d is not uint\n"", procName, sample_fmt); return NULL; } if (TIFFIsTiled(tif)) { L_ERROR(""tiled format is not supported\n"", procName); return NULL; } TIFFGetFieldDefaulted(tif, TIFFTAG_COMPRESSION, &tiffcomp); if (tiffcomp == COMPRESSION_OJPEG) { L_ERROR(""old style jpeg format is not supported\n"", procName); return NULL; } TIFFGetFieldDefaulted(tif, TIFFTAG_BITSPERSAMPLE, &bps); TIFFGetFieldDefaulted(tif, TIFFTAG_SAMPLESPERPIXEL, &spp); if (bps != 1 && bps != 2 && bps != 4 && bps != 8 && bps != 16) { L_ERROR(""invalid bps = %d\n"", procName, bps); return NULL; } if (spp == 2 && bps != 8) { L_WARNING(""for 2 spp, only handle 8 bps\n"", procName); return NULL; } if (spp == 1) d = bps; else if (spp == 2) d = 32; else if (spp == 3 || spp == 4) d = 32; else return (PIX *)ERROR_PTR(""spp not in set {1,2,3,4}"", procName, NULL); TIFFGetField(tif, TIFFTAG_IMAGEWIDTH, &w); TIFFGetField(tif, TIFFTAG_IMAGELENGTH, &h); if (w > MaxTiffWidth) { L_ERROR(""width = %d pixels; too large\n"", procName, w); return NULL; } if (h > MaxTiffHeight) { L_ERROR(""height = %d pixels; too large\n"", procName, h); return NULL; } tiffbpl = TIFFScanlineSize(tif); packedbpl = (bps * spp * w + 7) / 8; halfsize = L_ABS(2 * tiffbpl - packedbpl) <= 8; #if 0 if (halfsize) L_INFO(""packedbpl = %d is approx. twice tiffbpl = %d\n"", procName, packedbpl, tiffbpl); #endif if (tiffbpl != packedbpl && !halfsize) { L_ERROR(""invalid tiffbpl: tiffbpl = %d, packedbpl = %d, "" ""bps = %d, spp = %d, w = %d\n"", procName, tiffbpl, packedbpl, bps, spp, w); return NULL; } if ((pix = pixCreate(w, h, d)) == NULL) return (PIX *)ERROR_PTR(""pix not made"", procName, NULL); pixSetInputFormat(pix, IFF_TIFF); data = (l_uint8 *)pixGetData(pix); wpl = pixGetWpl(pix); bpl = 4 * wpl; if (spp == 1) { linebuf = (l_uint8 *)LEPT_CALLOC(tiffbpl + 1, sizeof(l_uint8)); for (i = 0; i < h; i++) { if (TIFFReadScanline(tif, linebuf, i, 0) < 0) { LEPT_FREE(linebuf); pixDestroy(&pix); return (PIX *)ERROR_PTR(""line read fail"", procName, NULL); } memcpy(data, linebuf, tiffbpl); data += bpl; } if (bps <= 8) pixEndianByteSwap(pix); else pixEndianTwoByteSwap(pix); LEPT_FREE(linebuf); } else if (spp == 2 && bps == 8) { L_INFO(""gray+alpha is not supported; converting to RGBA\n"", procName); pixSetSpp(pix, 4); linebuf = (l_uint8 *)LEPT_CALLOC(tiffbpl + 1, sizeof(l_uint8)); pixdata = pixGetData(pix); for (i = 0; i < h; i++) { if (TIFFReadScanline(tif, linebuf, i, 0) < 0) { LEPT_FREE(linebuf); pixDestroy(&pix); return (PIX *)ERROR_PTR(""line read fail"", procName, NULL); } rowptr = linebuf; ppixel = pixdata + i * wpl; for (j = k = 0; j < w; j++) { SET_DATA_BYTE(ppixel, COLOR_RED, rowptr[k]); SET_DATA_BYTE(ppixel, COLOR_GREEN, rowptr[k]); SET_DATA_BYTE(ppixel, COLOR_BLUE, rowptr[k++]); SET_DATA_BYTE(ppixel, L_ALPHA_CHANNEL, rowptr[k++]); ppixel++; } } LEPT_FREE(linebuf); } else { if ((tiffdata = (l_uint32 *)LEPT_CALLOC((size_t)w * h, sizeof(l_uint32))) == NULL) { pixDestroy(&pix); return (PIX *)ERROR_PTR(""calloc fail for tiffdata"", procName, NULL); } if (!TIFFReadRGBAImageOriented(tif, w, h, tiffdata, ORIENTATION_TOPLEFT, 0)) { LEPT_FREE(tiffdata); pixDestroy(&pix); return (PIX *)ERROR_PTR(""failed to read tiffdata"", procName, NULL); } else { read_oriented = 1; } if (spp == 4) pixSetSpp(pix, 4); line = pixGetData(pix); for (i = 0; i < h; i++, line += wpl) { for (j = 0, ppixel = line; j < w; j++) { tiffword = tiffdata[i * w + j]; rval = TIFFGetR(tiffword); gval = TIFFGetG(tiffword); bval = TIFFGetB(tiffword); if (spp == 3) { composeRGBPixel(rval, gval, bval, ppixel); } else { aval = TIFFGetA(tiffword); composeRGBAPixel(rval, gval, bval, aval, ppixel); } ppixel++; } } LEPT_FREE(tiffdata); } if (getTiffStreamResolution(tif, &xres, &yres) == 0) { pixSetXRes(pix, xres); pixSetYRes(pix, yres); } comptype = getTiffCompressedFormat(tiffcomp); pixSetInputFormat(pix, comptype); if (TIFFGetField(tif, TIFFTAG_COLORMAP, &redmap, &greenmap, &bluemap)) { if (bps > 8) { pixDestroy(&pix); return (PIX *)ERROR_PTR(""colormap size > 256"", procName, NULL); } if ((cmap = pixcmapCreate(bps)) == NULL) { pixDestroy(&pix); return (PIX *)ERROR_PTR(""colormap not made"", procName, NULL); } ncolors = 1 << bps; for (i = 0; i < ncolors; i++) pixcmapAddColor(cmap, redmap[i] >> 8, greenmap[i] >> 8, bluemap[i] >> 8); if (pixSetColormap(pix, cmap)) { pixDestroy(&pix); return (PIX *)ERROR_PTR(""invalid colormap"", procName, NULL); } if (bps == 1) { pix1 = pixRemoveColormap(pix, REMOVE_CMAP_BASED_ON_SRC); pixDestroy(&pix); pix = pix1; } } else { if (!TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometry)) { if (tiffcomp == COMPRESSION_CCITTFAX3 || tiffcomp == COMPRESSION_CCITTFAX4 || tiffcomp == COMPRESSION_CCITTRLE || tiffcomp == COMPRESSION_CCITTRLEW) { photometry = PHOTOMETRIC_MINISWHITE; } else { photometry = PHOTOMETRIC_MINISBLACK; } } if ((d == 1 && photometry == PHOTOMETRIC_MINISBLACK) || (d == 8 && photometry == PHOTOMETRIC_MINISWHITE)) pixInvert(pix, pix); } if (TIFFGetField(tif, TIFFTAG_ORIENTATION, &orientation)) { if (orientation >= 1 && orientation <= 8) { struct tiff_transform *transform = (read_oriented) ? &tiff_partial_orientation_transforms[orientation - 1] : &tiff_orientation_transforms[orientation - 1]; if (transform->vflip) pixFlipTB(pix, pix); if (transform->hflip) pixFlipLR(pix, pix); if (transform->rotate) { PIX *oldpix = pix; pix = pixRotate90(oldpix, transform->rotate); pixDestroy(&oldpix); } } } text = NULL; TIFFGetField(tif, TIFFTAG_IMAGEDESCRIPTION, &text); if (text) pixSetText(pix, text); return pix; }",visit repo url,src/tiffio.c,https://github.com/DanBloomberg/leptonica,248432285816638,1 2163,['CWE-400'],"static inline void shmem_show_mpol(struct seq_file *seq, struct mempolicy *p) { }",linux-2.6,,,7088264505843134511318989228611256813,0 1275,CWE-119,"static long gfs2_fallocate(struct file *file, int mode, loff_t offset, loff_t len) { struct inode *inode = file->f_path.dentry->d_inode; struct gfs2_sbd *sdp = GFS2_SB(inode); struct gfs2_inode *ip = GFS2_I(inode); unsigned int data_blocks = 0, ind_blocks = 0, rblocks; loff_t bytes, max_bytes; struct gfs2_alloc *al; int error; loff_t bsize_mask = ~((loff_t)sdp->sd_sb.sb_bsize - 1); loff_t next = (offset + len - 1) >> sdp->sd_sb.sb_bsize_shift; next = (next + 1) << sdp->sd_sb.sb_bsize_shift; if (mode & ~FALLOC_FL_KEEP_SIZE) return -EOPNOTSUPP; offset &= bsize_mask; len = next - offset; bytes = sdp->sd_max_rg_data * sdp->sd_sb.sb_bsize / 2; if (!bytes) bytes = UINT_MAX; bytes &= bsize_mask; if (bytes == 0) bytes = sdp->sd_sb.sb_bsize; gfs2_holder_init(ip->i_gl, LM_ST_EXCLUSIVE, 0, &ip->i_gh); error = gfs2_glock_nq(&ip->i_gh); if (unlikely(error)) goto out_uninit; if (!gfs2_write_alloc_required(ip, offset, len)) goto out_unlock; while (len > 0) { if (len < bytes) bytes = len; al = gfs2_alloc_get(ip); if (!al) { error = -ENOMEM; goto out_unlock; } error = gfs2_quota_lock_check(ip); if (error) goto out_alloc_put; retry: gfs2_write_calc_reserv(ip, bytes, &data_blocks, &ind_blocks); al->al_requested = data_blocks + ind_blocks; error = gfs2_inplace_reserve(ip); if (error) { if (error == -ENOSPC && bytes > sdp->sd_sb.sb_bsize) { bytes >>= 1; bytes &= bsize_mask; if (bytes == 0) bytes = sdp->sd_sb.sb_bsize; goto retry; } goto out_qunlock; } max_bytes = bytes; calc_max_reserv(ip, len, &max_bytes, &data_blocks, &ind_blocks); al->al_requested = data_blocks + ind_blocks; rblocks = RES_DINODE + ind_blocks + RES_STATFS + RES_QUOTA + RES_RG_HDR + gfs2_rg_blocks(ip); if (gfs2_is_jdata(ip)) rblocks += data_blocks ? data_blocks : 1; error = gfs2_trans_begin(sdp, rblocks, PAGE_CACHE_SIZE/sdp->sd_sb.sb_bsize); if (error) goto out_trans_fail; error = fallocate_chunk(inode, offset, max_bytes, mode); gfs2_trans_end(sdp); if (error) goto out_trans_fail; len -= max_bytes; offset += max_bytes; gfs2_inplace_release(ip); gfs2_quota_unlock(ip); gfs2_alloc_put(ip); } goto out_unlock; out_trans_fail: gfs2_inplace_release(ip); out_qunlock: gfs2_quota_unlock(ip); out_alloc_put: gfs2_alloc_put(ip); out_unlock: gfs2_glock_dq(&ip->i_gh); out_uninit: gfs2_holder_uninit(&ip->i_gh); return error; }",visit repo url,fs/gfs2/file.c,https://github.com/torvalds/linux,22691579994558,1 2533,CWE-401,"archive_read_format_zip_cleanup(struct archive_read *a) { struct zip *zip; struct zip_entry *zip_entry, *next_zip_entry; zip = (struct zip *)(a->format->data); #ifdef HAVE_ZLIB_H if (zip->stream_valid) inflateEnd(&zip->stream); #endif #if HAVA_LZMA_H && HAVE_LIBLZMA if (zip->zipx_lzma_valid) { lzma_end(&zip->zipx_lzma_stream); } #endif #ifdef HAVE_BZLIB_H if (zip->bzstream_valid) { BZ2_bzDecompressEnd(&zip->bzstream); } #endif free(zip->uncompressed_buffer); if (zip->ppmd8_valid) __archive_ppmd8_functions.Ppmd8_Free(&zip->ppmd8); if (zip->zip_entries) { zip_entry = zip->zip_entries; while (zip_entry != NULL) { next_zip_entry = zip_entry->next; archive_string_free(&zip_entry->rsrcname); free(zip_entry); zip_entry = next_zip_entry; } } free(zip->decrypted_buffer); if (zip->cctx_valid) archive_decrypto_aes_ctr_release(&zip->cctx); if (zip->hctx_valid) archive_hmac_sha1_cleanup(&zip->hctx); free(zip->iv); free(zip->erd); free(zip->v_data); archive_string_free(&zip->format_name); free(zip); (a->format->data) = NULL; return (ARCHIVE_OK); }",visit repo url,libarchive/archive_read_support_format_zip.c,https://github.com/libarchive/libarchive,260294772197843,1 5876,['CWE-200'],"static int nr_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { struct sock *sk = sock->sk; void __user *argp = (void __user *)arg; int ret; switch (cmd) { case TIOCOUTQ: { long amount; lock_sock(sk); amount = sk->sk_sndbuf - sk_wmem_alloc_get(sk); if (amount < 0) amount = 0; release_sock(sk); return put_user(amount, (int __user *)argp); } case TIOCINQ: { struct sk_buff *skb; long amount = 0L; lock_sock(sk); if ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) amount = skb->len; release_sock(sk); return put_user(amount, (int __user *)argp); } case SIOCGSTAMP: lock_sock(sk); ret = sock_get_timestamp(sk, argp); release_sock(sk); return ret; case SIOCGSTAMPNS: lock_sock(sk); ret = sock_get_timestampns(sk, argp); release_sock(sk); return ret; case SIOCGIFADDR: case SIOCSIFADDR: case SIOCGIFDSTADDR: case SIOCSIFDSTADDR: case SIOCGIFBRDADDR: case SIOCSIFBRDADDR: case SIOCGIFNETMASK: case SIOCSIFNETMASK: case SIOCGIFMETRIC: case SIOCSIFMETRIC: return -EINVAL; case SIOCADDRT: case SIOCDELRT: case SIOCNRDECOBS: if (!capable(CAP_NET_ADMIN)) return -EPERM; return nr_rt_ioctl(cmd, argp); default: return -ENOIOCTLCMD; } return 0; }",linux-2.6,,,336779632318528309463872144754811617469,0 5700,CWE-125,"bgp_capability_msg_parse (struct peer *peer, u_char *pnt, bgp_size_t length) { u_char *end; struct capability cap; u_char action; struct bgp *bgp; afi_t afi; safi_t safi; bgp = peer->bgp; end = pnt + length; while (pnt < end) { if (pnt + 3 > end) { zlog_info (""%s Capability length error"", peer->host); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } action = *pnt; memcpy (&cap, pnt + 1, sizeof (struct capability)); if (action != CAPABILITY_ACTION_SET && action != CAPABILITY_ACTION_UNSET) { zlog_info (""%s Capability Action Value error %d"", peer->host, action); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s CAPABILITY has action: %d, code: %u, length %u"", peer->host, action, cap.code, cap.length); if (pnt + (cap.length + 3) > end) { zlog_info (""%s Capability length error"", peer->host); bgp_notify_send (peer, BGP_NOTIFY_CEASE, 0); return -1; } if (cap.code == CAPABILITY_CODE_MP) { afi = ntohs (cap.mpc.afi); safi = cap.mpc.safi; if (CHECK_FLAG (peer->flags, PEER_FLAG_OVERRIDE_CAPABILITY)) continue; if ((afi == AFI_IP || afi == AFI_IP6) && (safi == SAFI_UNICAST || safi == SAFI_MULTICAST || safi == BGP_SAFI_VPNV4)) { if (BGP_DEBUG (normal, NORMAL)) zlog_debug (""%s CAPABILITY has %s MP_EXT CAP for afi/safi: %u/%u"", peer->host, action == CAPABILITY_ACTION_SET ? ""Advertising"" : ""Removing"", ntohs(cap.mpc.afi) , cap.mpc.safi); if (safi == BGP_SAFI_VPNV4) safi = SAFI_MPLS_VPN; if (action == CAPABILITY_ACTION_SET) { peer->afc_recv[afi][safi] = 1; if (peer->afc[afi][safi]) { peer->afc_nego[afi][safi] = 1; bgp_announce_route (peer, afi, safi); } } else { peer->afc_recv[afi][safi] = 0; peer->afc_nego[afi][safi] = 0; if (peer_active_nego (peer)) bgp_clear_route (peer, afi, safi); else BGP_EVENT_ADD (peer, BGP_Stop); } } } else { zlog_warn (""%s unrecognized capability code: %d - ignored"", peer->host, cap.code); } pnt += cap.length + 3; } return 0; }",visit repo url,bgpd/bgp_packet.c,https://github.com/FRRouting/frr,239372997199776,1 5561,CWE-125,"obj2ast_stmt(PyObject* obj, stmt_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; int lineno; int col_offset; if (obj == Py_None) { *out = NULL; return 0; } if (_PyObject_HasAttrId(obj, &PyId_lineno)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_lineno); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &lineno, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""lineno\"" missing from stmt""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_col_offset)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_col_offset); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &col_offset, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""col_offset\"" missing from stmt""); return 1; } isinstance = PyObject_IsInstance(obj, (PyObject*)FunctionDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; arguments_ty args; asdl_seq* body; asdl_seq* decorator_list; expr_ty returns; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_name)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_name); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from FunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_args)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_args); if (tmp == NULL) goto failed; res = obj2ast_arguments(tmp, &args, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from FunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from FunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_decorator_list)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_decorator_list); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""FunctionDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Ta3_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""FunctionDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from FunctionDef""); return 1; } if (exists_not_none(obj, &PyId_returns)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_returns); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { returns = NULL; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = FunctionDef(name, args, body, decorator_list, returns, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncFunctionDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; arguments_ty args; asdl_seq* body; asdl_seq* decorator_list; expr_ty returns; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_name)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_name); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from AsyncFunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_args)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_args); if (tmp == NULL) goto failed; res = obj2ast_arguments(tmp, &args, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""args\"" missing from AsyncFunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFunctionDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFunctionDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncFunctionDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_decorator_list)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_decorator_list); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFunctionDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Ta3_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFunctionDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from AsyncFunctionDef""); return 1; } if (exists_not_none(obj, &PyId_returns)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_returns); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &returns, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { returns = NULL; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = AsyncFunctionDef(name, args, body, decorator_list, returns, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ClassDef_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier name; asdl_seq* bases; asdl_seq* keywords; asdl_seq* body; asdl_seq* decorator_list; if (_PyObject_HasAttrId(obj, &PyId_name)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_name); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &name, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""name\"" missing from ClassDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_bases)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_bases); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""bases\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); bases = _Ta3_asdl_seq_new(len, arena); if (bases == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""bases\"" changed size during iteration""); goto failed; } asdl_seq_SET(bases, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""bases\"" missing from ClassDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_keywords)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_keywords); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""keywords\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); keywords = _Ta3_asdl_seq_new(len, arena); if (keywords == NULL) goto failed; for (i = 0; i < len; i++) { keyword_ty value; res = obj2ast_keyword(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""keywords\"" changed size during iteration""); goto failed; } asdl_seq_SET(keywords, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""keywords\"" missing from ClassDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from ClassDef""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_decorator_list)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_decorator_list); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ClassDef field \""decorator_list\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); decorator_list = _Ta3_asdl_seq_new(len, arena); if (decorator_list == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ClassDef field \""decorator_list\"" changed size during iteration""); goto failed; } asdl_seq_SET(decorator_list, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""decorator_list\"" missing from ClassDef""); return 1; } *out = ClassDef(name, bases, keywords, body, decorator_list, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Return_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (exists_not_none(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { value = NULL; } *out = Return(value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Delete_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* targets; if (_PyObject_HasAttrId(obj, &PyId_targets)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_targets); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Delete field \""targets\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); targets = _Ta3_asdl_seq_new(len, arena); if (targets == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Delete field \""targets\"" changed size during iteration""); goto failed; } asdl_seq_SET(targets, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""targets\"" missing from Delete""); return 1; } *out = Delete(targets, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Assign_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* targets; expr_ty value; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_targets)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_targets); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Assign field \""targets\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); targets = _Ta3_asdl_seq_new(len, arena); if (targets == NULL) goto failed; for (i = 0; i < len; i++) { expr_ty value; res = obj2ast_expr(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Assign field \""targets\"" changed size during iteration""); goto failed; } asdl_seq_SET(targets, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""targets\"" missing from Assign""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Assign""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = Assign(targets, value, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AugAssign_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; operator_ty op; expr_ty value; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AugAssign""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_op)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_op); if (tmp == NULL) goto failed; res = obj2ast_operator(tmp, &op, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""op\"" missing from AugAssign""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from AugAssign""); return 1; } *out = AugAssign(target, op, value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AnnAssign_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty annotation; expr_ty value; int simple; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AnnAssign""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_annotation)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_annotation); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &annotation, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""annotation\"" missing from AnnAssign""); return 1; } if (exists_not_none(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { value = NULL; } if (_PyObject_HasAttrId(obj, &PyId_simple)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_simple); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &simple, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""simple\"" missing from AnnAssign""); return 1; } *out = AnnAssign(target, annotation, value, simple, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)For_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty iter; asdl_seq* body; asdl_seq* orelse; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from For""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_iter)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_iter); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from For""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""For field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""For field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from For""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""For field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""For field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from For""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = For(target, iter, body, orelse, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncFor_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty target; expr_ty iter; asdl_seq* body; asdl_seq* orelse; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_target)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_target); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &target, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""target\"" missing from AsyncFor""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_iter)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_iter); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &iter, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""iter\"" missing from AsyncFor""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFor field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFor field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncFor""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncFor field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncFor field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from AsyncFor""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = AsyncFor(target, iter, body, orelse, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)While_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; asdl_seq* body; asdl_seq* orelse; if (_PyObject_HasAttrId(obj, &PyId_test)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_test); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from While""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""While field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""While field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from While""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""While field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""While field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from While""); return 1; } *out = While(test, body, orelse, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)If_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; asdl_seq* body; asdl_seq* orelse; if (_PyObject_HasAttrId(obj, &PyId_test)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_test); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from If""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""If field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""If field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from If""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""If field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""If field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from If""); return 1; } *out = If(test, body, orelse, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)With_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* items; asdl_seq* body; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_items)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_items); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""With field \""items\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); items = _Ta3_asdl_seq_new(len, arena); if (items == NULL) goto failed; for (i = 0; i < len; i++) { withitem_ty value; res = obj2ast_withitem(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""With field \""items\"" changed size during iteration""); goto failed; } asdl_seq_SET(items, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""items\"" missing from With""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""With field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""With field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from With""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = With(items, body, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)AsyncWith_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* items; asdl_seq* body; string type_comment; if (_PyObject_HasAttrId(obj, &PyId_items)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_items); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncWith field \""items\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); items = _Ta3_asdl_seq_new(len, arena); if (items == NULL) goto failed; for (i = 0; i < len; i++) { withitem_ty value; res = obj2ast_withitem(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncWith field \""items\"" changed size during iteration""); goto failed; } asdl_seq_SET(items, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""items\"" missing from AsyncWith""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""AsyncWith field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""AsyncWith field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from AsyncWith""); return 1; } if (exists_not_none(obj, &PyId_type_comment)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_type_comment); if (tmp == NULL) goto failed; res = obj2ast_string(tmp, &type_comment, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { type_comment = NULL; } *out = AsyncWith(items, body, type_comment, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Raise_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty exc; expr_ty cause; if (exists_not_none(obj, &PyId_exc)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_exc); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &exc, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { exc = NULL; } if (exists_not_none(obj, &PyId_cause)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_cause); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &cause, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { cause = NULL; } *out = Raise(exc, cause, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Try_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* body; asdl_seq* handlers; asdl_seq* orelse; asdl_seq* finalbody; if (_PyObject_HasAttrId(obj, &PyId_body)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_body); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""body\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); body = _Ta3_asdl_seq_new(len, arena); if (body == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""body\"" changed size during iteration""); goto failed; } asdl_seq_SET(body, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""body\"" missing from Try""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_handlers)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_handlers); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""handlers\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); handlers = _Ta3_asdl_seq_new(len, arena); if (handlers == NULL) goto failed; for (i = 0; i < len; i++) { excepthandler_ty value; res = obj2ast_excepthandler(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""handlers\"" changed size during iteration""); goto failed; } asdl_seq_SET(handlers, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""handlers\"" missing from Try""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_orelse)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_orelse); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""orelse\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); orelse = _Ta3_asdl_seq_new(len, arena); if (orelse == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""orelse\"" changed size during iteration""); goto failed; } asdl_seq_SET(orelse, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""orelse\"" missing from Try""); return 1; } if (_PyObject_HasAttrId(obj, &PyId_finalbody)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_finalbody); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Try field \""finalbody\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); finalbody = _Ta3_asdl_seq_new(len, arena); if (finalbody == NULL) goto failed; for (i = 0; i < len; i++) { stmt_ty value; res = obj2ast_stmt(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Try field \""finalbody\"" changed size during iteration""); goto failed; } asdl_seq_SET(finalbody, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""finalbody\"" missing from Try""); return 1; } *out = Try(body, handlers, orelse, finalbody, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Assert_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty test; expr_ty msg; if (_PyObject_HasAttrId(obj, &PyId_test)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_test); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &test, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""test\"" missing from Assert""); return 1; } if (exists_not_none(obj, &PyId_msg)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_msg); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &msg, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { msg = NULL; } *out = Assert(test, msg, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Import_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_HasAttrId(obj, &PyId_names)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_names); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Import field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Ta3_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { alias_ty value; res = obj2ast_alias(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Import field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Import""); return 1; } *out = Import(names, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ImportFrom_type); if (isinstance == -1) { return 1; } if (isinstance) { identifier module; asdl_seq* names; int level; if (exists_not_none(obj, &PyId_module)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_module); if (tmp == NULL) goto failed; res = obj2ast_identifier(tmp, &module, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { module = NULL; } if (_PyObject_HasAttrId(obj, &PyId_names)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_names); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ImportFrom field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Ta3_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { alias_ty value; res = obj2ast_alias(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ImportFrom field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from ImportFrom""); return 1; } if (exists_not_none(obj, &PyId_level)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_level); if (tmp == NULL) goto failed; res = obj2ast_int(tmp, &level, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { level = 0; } *out = ImportFrom(module, names, level, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Global_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_HasAttrId(obj, &PyId_names)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_names); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Global field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Ta3_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { identifier value; res = obj2ast_identifier(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Global field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Global""); return 1; } *out = Global(names, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Nonlocal_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* names; if (_PyObject_HasAttrId(obj, &PyId_names)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_names); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""Nonlocal field \""names\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); names = _Ta3_asdl_seq_new(len, arena); if (names == NULL) goto failed; for (i = 0; i < len; i++) { identifier value; res = obj2ast_identifier(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""Nonlocal field \""names\"" changed size during iteration""); goto failed; } asdl_seq_SET(names, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""names\"" missing from Nonlocal""); return 1; } *out = Nonlocal(names, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Expr_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Expr""); return 1; } *out = Expr(value, lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Pass_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Pass(lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Break_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Break(lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Continue_type); if (isinstance == -1) { return 1; } if (isinstance) { *out = Continue(lineno, col_offset, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of stmt, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,216257625036322,1 3989,['CWE-362'],"static void __put_chunk(struct rcu_head *rcu) { struct audit_chunk *chunk = container_of(rcu, struct audit_chunk, head); audit_put_chunk(chunk); }",linux-2.6,,,244627591301499091771873486781885087034,0 1103,['CWE-399'],"sys_sigaltstack(const stack_t __user *uss, stack_t __user *uoss, struct pt_regs *regs) { return do_sigaltstack(uss, uoss, regs->sp); }",linux-2.6,,,13796153415720403944321968210072838368,0 3645,['CWE-287'],"struct sctp_transport *sctp_assoc_lookup_tsn(struct sctp_association *asoc, __u32 tsn) { struct sctp_transport *active; struct sctp_transport *match; struct sctp_transport *transport; struct sctp_chunk *chunk; __be32 key = htonl(tsn); match = NULL; active = asoc->peer.active_path; list_for_each_entry(chunk, &active->transmitted, transmitted_list) { if (key == chunk->subh.data_hdr->tsn) { match = active; goto out; } } list_for_each_entry(transport, &asoc->peer.transport_addr_list, transports) { if (transport == active) break; list_for_each_entry(chunk, &transport->transmitted, transmitted_list) { if (key == chunk->subh.data_hdr->tsn) { match = transport; goto out; } } } out: return match; }",linux-2.6,,,115784642837972205669277126613413945118,0 1413,[],"static void prio_changed_fair(struct rq *rq, struct task_struct *p, int oldprio, int running) { if (running) { if (p->prio > oldprio) resched_task(rq->curr); } else check_preempt_curr(rq, p); }",linux-2.6,,,251590922698470819724484252439820805755,0 4539,CWE-125,"GF_Err mhas_dmx_process(GF_Filter *filter) { GF_MHASDmxCtx *ctx = gf_filter_get_udta(filter); GF_FilterPacket *in_pck; u8 *output; u8 *start; Bool final_flush=GF_FALSE; u32 pck_size, remain, prev_pck_size; u64 cts = GF_FILTER_NO_TS; u32 au_start = 0; u32 consumed = 0; u32 nb_trunc_samples = 0; Bool trunc_from_begin = 0; Bool has_cfg = 0; if (!ctx->duration.num) mhas_dmx_check_dur(filter, ctx); if (ctx->opid && !ctx->is_playing) return GF_OK; in_pck = gf_filter_pid_get_packet(ctx->ipid); if (!in_pck) { if (gf_filter_pid_is_eos(ctx->ipid)) { if (!ctx->mhas_buffer_size) { if (ctx->opid) gf_filter_pid_set_eos(ctx->opid); if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = NULL; return GF_EOS; } final_flush = GF_TRUE; } else if (!ctx->resume_from) { return GF_OK; } } prev_pck_size = ctx->mhas_buffer_size; if (ctx->resume_from) in_pck = NULL; if (in_pck) { u8 *data = (u8 *) gf_filter_pck_get_data(in_pck, &pck_size); if (ctx->byte_offset != GF_FILTER_NO_BO) { u64 byte_offset = gf_filter_pck_get_byte_offset(in_pck); if (!ctx->mhas_buffer_size) { ctx->byte_offset = byte_offset; } else if (ctx->byte_offset + ctx->mhas_buffer_size != byte_offset) { ctx->byte_offset = GF_FILTER_NO_BO; if ((byte_offset != GF_FILTER_NO_BO) && (byte_offset>ctx->mhas_buffer_size) ) { ctx->byte_offset = byte_offset - ctx->mhas_buffer_size; } } } if (ctx->mhas_buffer_size + pck_size > ctx->mhas_buffer_alloc) { ctx->mhas_buffer_alloc = ctx->mhas_buffer_size + pck_size; ctx->mhas_buffer = gf_realloc(ctx->mhas_buffer, ctx->mhas_buffer_alloc); } memcpy(ctx->mhas_buffer + ctx->mhas_buffer_size, data, pck_size); ctx->mhas_buffer_size += pck_size; } if (ctx->timescale && in_pck) { cts = gf_filter_pck_get_cts(in_pck); if (!ctx->cts && (cts != GF_FILTER_NO_TS)) ctx->cts = cts; } if (cts == GF_FILTER_NO_TS) { prev_pck_size = 0; } remain = ctx->mhas_buffer_size; start = ctx->mhas_buffer; if (ctx->resume_from) { start += ctx->resume_from - 1; remain -= ctx->resume_from - 1; ctx->resume_from = 0; } while (ctx->nosync && (remain>3)) { u8 *hdr_start = memchr(start, 0xC0, remain); if (!hdr_start) { remain=0; break; } if ((hdr_start[1]==0x01) && (hdr_start[2]==0xA5)) { GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] Sync found !\n"")); ctx->nosync = GF_FALSE; break; } GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] not sync, skipping byte\n"")); start++; remain--; } if (ctx->nosync) goto skip; gf_bs_reassign_buffer(ctx->bs, start, remain); ctx->buffer_too_small = GF_FALSE; while (remain > consumed) { u32 pay_start, parse_end, mhas_size, mhas_label; Bool mhas_sap = 0; u32 mhas_type; if (!ctx->is_playing && ctx->opid) { ctx->resume_from = 1; consumed = 0; break; } mhas_type = (u32) gf_mpegh_escaped_value(ctx->bs, 3, 8, 8); mhas_label = (u32) gf_mpegh_escaped_value(ctx->bs, 2, 8, 32); mhas_size = (u32) gf_mpegh_escaped_value(ctx->bs, 11, 24, 24); if (ctx->buffer_too_small) break; if (mhas_type>18) { ctx->nb_unknown_pck++; if (ctx->nb_unknown_pck > ctx->pcksync) { GF_LOG(ctx->is_sync ? GF_LOG_WARNING : GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] %d packets of unknown type, considering sync was lost\n"")); ctx->is_sync = GF_FALSE; consumed = 0; ctx->nosync = GF_TRUE; ctx->nb_unknown_pck = 0; break; } } else if (!mhas_size) { GF_LOG(ctx->is_sync ? GF_LOG_WARNING : GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] MHAS packet with 0 payload size, considering sync was lost\n"")); ctx->is_sync = GF_FALSE; consumed = 0; ctx->nosync = GF_TRUE; ctx->nb_unknown_pck = 0; break; } pay_start = (u32) gf_bs_get_position(ctx->bs); if (ctx->buffer_too_small) break; if (mhas_size > gf_bs_available(ctx->bs)) { GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] incomplete packet type %d %s label ""LLU"" size ""LLU"" - keeping in buffer\n"", mhas_type, mhas_pck_name(mhas_type), mhas_label, mhas_size)); break; } ctx->is_sync = GF_TRUE; if (mhas_type==2) { mhas_sap = gf_bs_peek_bits(ctx->bs, 1, 0); ctx->nb_unknown_pck = 0; } else if (mhas_type==1) { s32 CICPspeakerLayoutIdx = -1; s32 numSpeakers = -1; u32 sr = 0; u32 frame_len; u32 pl = gf_bs_read_u8(ctx->bs); u32 idx = gf_bs_read_int(ctx->bs, 5); if (idx==0x1f) sr = gf_bs_read_int(ctx->bs, 24); else if (sr < nb_usac_sr) { sr = USACSampleRates[idx]; } ctx->nb_unknown_pck = 0; idx = gf_bs_read_int(ctx->bs, 3); if ((idx==0) || (idx==2) ) frame_len = 768; else frame_len = 1024; gf_bs_read_int(ctx->bs, 1); gf_bs_read_int(ctx->bs, 1); u32 speakerLayoutType = gf_bs_read_int(ctx->bs, 2); if (speakerLayoutType == 0) { CICPspeakerLayoutIdx = gf_bs_read_int(ctx->bs, 6); } else { numSpeakers = (s32) gf_mpegh_escaped_value(ctx->bs, 5, 8, 16) + 1; } mhas_dmx_check_pid(filter, ctx, pl, sr, frame_len, CICPspeakerLayoutIdx, numSpeakers, start + pay_start, (u32) mhas_size); has_cfg = GF_TRUE; } else if (mhas_type==17) { Bool isActive = gf_bs_read_int(ctx->bs, 1); gf_bs_read_int(ctx->bs, 1); trunc_from_begin = gf_bs_read_int(ctx->bs, 1); nb_trunc_samples = gf_bs_read_int(ctx->bs, 13); if (!isActive) { nb_trunc_samples = 0; } } else if ((mhas_type==6) || (mhas_type==7)) { ctx->nb_unknown_pck = 0; } #if 0 else if (mhas_type==8) { u8 marker_type = gf_bs_read_u8(ctx->bs); if (marker_type==0x01) {} else if (marker_type==0x02) { has_marker = GF_TRUE; } } #endif gf_bs_align(ctx->bs); parse_end = (u32) gf_bs_get_position(ctx->bs) - pay_start; gf_bs_skip_bytes(ctx->bs, mhas_size - parse_end); GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] MHAS Packet type %d %s label ""LLU"" size ""LLU""\n"", mhas_type, mhas_pck_name(mhas_type), mhas_label, mhas_size)); if (ctx->timescale && !prev_pck_size && (cts != GF_FILTER_NO_TS) ) { ctx->cts = cts; cts = GF_FILTER_NO_TS; } if ((mhas_type==2) && ctx->opid) { GF_FilterPacket *dst; u64 pck_dur = ctx->frame_len; u32 au_size; if (ctx->mpha) { au_start = pay_start; au_size = mhas_size; } else { au_size = (u32) gf_bs_get_position(ctx->bs) - au_start; } if (nb_trunc_samples) { if (trunc_from_begin) { if (!ctx->nb_frames) { s64 offset = trunc_from_begin; if (ctx->timescale) { offset *= ctx->timescale; offset /= ctx->sample_rate; } gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_DELAY , &PROP_LONGSINT( -offset)); } } else { pck_dur -= nb_trunc_samples; } nb_trunc_samples = 0; } if (ctx->timescale) { pck_dur *= ctx->timescale; pck_dur /= ctx->sample_rate; } dst = gf_filter_pck_new_alloc(ctx->opid, au_size, &output); if (!dst) break; if (ctx->src_pck) gf_filter_pck_merge_properties(ctx->src_pck, dst); memcpy(output, start + au_start, au_size); if (!has_cfg) mhas_sap = 0; if (mhas_sap) { gf_filter_pck_set_sap(dst, GF_FILTER_SAP_1); } gf_filter_pck_set_dts(dst, ctx->cts); gf_filter_pck_set_cts(dst, ctx->cts); gf_filter_pck_set_duration(dst, (u32) pck_dur); if (ctx->byte_offset != GF_FILTER_NO_BO) { u64 offset = (u64) (start - ctx->mhas_buffer); offset += ctx->byte_offset + au_start; gf_filter_pck_set_byte_offset(dst, offset); } GF_LOG(GF_LOG_DEBUG, GF_LOG_MEDIA, (""[MHASDmx] Send AU CTS ""LLU"" size %d dur %d sap %d\n"", ctx->cts, au_size, (u32) pck_dur, mhas_sap)); gf_filter_pck_send(dst); au_start += au_size; consumed = au_start; ctx->nb_frames ++; mhas_dmx_update_cts(ctx); has_cfg = 0; if (prev_pck_size) { u64 next_pos = (u64) (start + au_start - ctx->mhas_buffer); if (prev_pck_size <= next_pos) { prev_pck_size = 0; if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = in_pck; if (in_pck) gf_filter_pck_ref_props(&ctx->src_pck); if (ctx->timescale && (cts != GF_FILTER_NO_TS) ) { ctx->cts = cts; cts = GF_FILTER_NO_TS; } } } if (remain==consumed) break; if (gf_filter_pid_would_block(ctx->opid)) { ctx->resume_from = 1; final_flush = GF_FALSE; break; } } } if (consumed) { assert(remain>=consumed); remain -= consumed; start += consumed; } skip: if (remain < ctx->mhas_buffer_size) { memmove(ctx->mhas_buffer, start, remain); if (ctx->byte_offset != GF_FILTER_NO_BO) ctx->byte_offset += ctx->mhas_buffer_size - remain; } ctx->mhas_buffer_size = remain; if (final_flush) ctx->mhas_buffer_size = 0; if (!ctx->mhas_buffer_size) { if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = NULL; } if (in_pck) gf_filter_pid_drop_packet(ctx->ipid); return GF_OK; }",visit repo url,src/filters/reframe_mhas.c,https://github.com/gpac/gpac,173473196339093,1 1586,[],"aggregate(struct task_group *tg, struct sched_domain *sd) { return &tg->cfs_rq[sd->first_cpu]->aggregate; }",linux-2.6,,,238394624123556722875788647436364800128,0 6123,CWE-190,"void ed_mul_sim_trick(ed_t r, const ed_t p, const bn_t k, const ed_t q, const bn_t m) { ed_t t0[1 << (ED_WIDTH / 2)], t1[1 << (ED_WIDTH / 2)], t[1 << ED_WIDTH]; bn_t n; int l0, l1, w = ED_WIDTH / 2; uint8_t w0[RLC_FP_BITS + 1], w1[RLC_FP_BITS + 1]; bn_null(n); if (bn_is_zero(k) || ed_is_infty(p)) { ed_mul(r, q, m); return; } if (bn_is_zero(m) || ed_is_infty(q)) { ed_mul(r, p, k); return; } RLC_TRY { bn_new(n); ed_curve_get_ord(n); for (int i = 0; i < (1 << w); i++) { ed_null(t0[i]); ed_null(t1[i]); ed_new(t0[i]); ed_new(t1[i]); } for (int i = 0; i < (1 << ED_WIDTH); i++) { ed_null(t[i]); ed_new(t[i]); } ed_set_infty(t0[0]); ed_copy(t0[1], p); if (bn_sign(k) == RLC_NEG) { ed_neg(t0[1], t0[1]); } for (int i = 2; i < (1 << w); i++) { ed_add(t0[i], t0[i - 1], t0[1]); } ed_set_infty(t1[0]); ed_copy(t1[1], q); if (bn_sign(m) == RLC_NEG) { ed_neg(t1[1], t1[1]); } for (int i = 1; i < (1 << w); i++) { ed_add(t1[i], t1[i - 1], t1[1]); } for (int i = 0; i < (1 << w); i++) { for (int j = 0; j < (1 << w); j++) { ed_add(t[(i << w) + j], t0[i], t1[j]); } } #if defined(ED_MIXED) ed_norm_sim(t + 1, (const ed_t *)t + 1, (1 << (ED_WIDTH)) - 1); #endif l0 = l1 = RLC_CEIL(RLC_FP_BITS, w); bn_rec_win(w0, &l0, k, w); bn_rec_win(w1, &l1, m, w); for (int i = l0; i < l1; i++) { w0[i] = 0; } for (int i = l1; i < l0; i++) { w1[i] = 0; } ed_set_infty(r); for (int i = RLC_MAX(l0, l1) - 1; i >= 0; i--) { for (int j = 0; j < w; j++) { ed_dbl(r, r); } ed_add(r, r, t[(w0[i] << w) + w1[i]]); } ed_norm(r, r); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); for (int i = 0; i < (1 << w); i++) { ed_free(t0[i]); ed_free(t1[i]); } for (int i = 0; i < (1 << ED_WIDTH); i++) { ed_free(t[i]); } } }",visit repo url,src/ed/relic_ed_mul_sim.c,https://github.com/relic-toolkit/relic,205874596636440,1 4051,['CWE-362'],"s32 inotify_clone_watch(struct inotify_watch *old, struct inotify_watch *new) { struct inotify_handle *ih = old->ih; int ret = 0; new->mask = old->mask; new->ih = ih; mutex_lock(&ih->mutex); ret = inotify_handle_get_wd(ih, new); if (unlikely(ret)) goto out; ret = new->wd; get_inotify_handle(ih); new->inode = igrab(old->inode); list_add(&new->h_list, &ih->watches); list_add(&new->i_list, &old->inode->inotify_watches); out: mutex_unlock(&ih->mutex); return ret; }",linux-2.6,,,111807428390606638430534313417135804712,0 96,CWE-617,"kdc_process_s4u_x509_user(krb5_context context, krb5_kdc_req *request, krb5_pa_data *pa_data, krb5_keyblock *tgs_subkey, krb5_keyblock *tgs_session, krb5_pa_s4u_x509_user **s4u_x509_user, const char **status) { krb5_error_code code; krb5_data req_data; req_data.length = pa_data->length; req_data.data = (char *)pa_data->contents; code = decode_krb5_pa_s4u_x509_user(&req_data, s4u_x509_user); if (code) return code; code = verify_s4u_x509_user_checksum(context, tgs_subkey ? tgs_subkey : tgs_session, &req_data, request->nonce, *s4u_x509_user); if (code) { *status = ""INVALID_S4U2SELF_CHECKSUM""; krb5_free_pa_s4u_x509_user(context, *s4u_x509_user); *s4u_x509_user = NULL; return code; } if (krb5_princ_size(context, (*s4u_x509_user)->user_id.user) == 0 || (*s4u_x509_user)->user_id.subject_cert.length != 0) { *status = ""INVALID_S4U2SELF_REQUEST""; krb5_free_pa_s4u_x509_user(context, *s4u_x509_user); *s4u_x509_user = NULL; return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; } return 0; }",visit repo url,src/kdc/kdc_util.c,https://github.com/krb5/krb5,195470200973114,1 594,['CWE-200'],"static inline void make_bl(unsigned int *insn_addr, void *func) { unsigned long funcp = *((unsigned long *)func); int offset = funcp - (unsigned long)insn_addr; *insn_addr = (unsigned int)(0x48000001 | (offset & 0x03fffffc)); flush_icache_range((unsigned long)insn_addr, 4+ (unsigned long)insn_addr); }",linux-2.6,,,269709192613501857626068524417798757883,0 5370,['CWE-476'],"int kvm_load_segment_descriptor(struct kvm_vcpu *vcpu, u16 selector, int type_bits, int seg) { struct kvm_segment kvm_seg; if (!(vcpu->arch.cr0 & X86_CR0_PE)) return kvm_load_realmode_segment(vcpu, selector, seg); if (load_segment_descriptor_to_kvm_desct(vcpu, selector, &kvm_seg)) return 1; kvm_seg.type |= type_bits; if (seg != VCPU_SREG_SS && seg != VCPU_SREG_CS && seg != VCPU_SREG_LDTR) if (!kvm_seg.s) kvm_seg.unusable = 1; kvm_set_segment(vcpu, &kvm_seg, seg); return 0; }",linux-2.6,,,83619485191415359833437671873309410108,0 6531,['CWE-200'],"static void nma_menu_show_cb (GtkWidget *menu, NMApplet *applet) { guint32 n_wireless; g_return_if_fail (menu != NULL); g_return_if_fail (applet != NULL); #if GTK_CHECK_VERSION(2, 15, 0) gtk_status_icon_set_tooltip_text (applet->status_icon, NULL); #else gtk_status_icon_set_tooltip (applet->status_icon, NULL); #endif if (!nm_client_get_manager_running (applet->nm_client)) { nma_menu_add_text_item (menu, _(""NetworkManager is not running..."")); return; } if (nm_client_get_state (applet->nm_client) == NM_STATE_ASLEEP) { nma_menu_add_text_item (menu, _(""Networking disabled"")); return; } n_wireless = nma_menu_add_devices (menu, applet); nma_menu_add_vpn_submenu (menu, applet); if (n_wireless > 0 && nm_client_wireless_get_enabled (applet->nm_client)) { nma_menu_add_separator_item (menu); nma_menu_add_hidden_network_item (menu, applet); nma_menu_add_create_network_item (menu, applet); } gtk_widget_show_all (menu); }",network-manager-applet,,,116540424051336448838605692890858696233,0 2217,['CWE-193'],"generic_file_buffered_write(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos, loff_t *ppos, size_t count, ssize_t written) { struct file *file = iocb->ki_filp; struct address_space *mapping = file->f_mapping; const struct address_space_operations *a_ops = mapping->a_ops; struct inode *inode = mapping->host; ssize_t status; struct iov_iter i; iov_iter_init(&i, iov, nr_segs, count, written); if (a_ops->write_begin) status = generic_perform_write(file, &i, pos); else status = generic_perform_write_2copy(file, &i, pos); if (likely(status >= 0)) { written += status; *ppos = pos + status; if (unlikely((file->f_flags & O_SYNC) || IS_SYNC(inode))) { if (!a_ops->writepage || !is_sync_kiocb(iocb)) status = generic_osync_inode(inode, mapping, OSYNC_METADATA|OSYNC_DATA); } } if (unlikely(file->f_flags & O_DIRECT) && written) status = filemap_write_and_wait(mapping); return written ? written : status; }",linux-2.6,,,256622608029918551550943704541175275664,0 3602,CWE-119,"void jpc_qmfb_split_colgrp(jpc_fix_t *a, int numrows, int stride, int parity) { int bufsize = JPC_CEILDIVPOW2(numrows, 1); jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; jpc_fix_t *buf = splitbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; register jpc_fix_t *srcptr2; register jpc_fix_t *dstptr2; register int n; register int i; int m; int hstartcol; if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { abort(); } } if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; m = numrows - hstartcol; n = m; dstptr = buf; srcptr = &a[(1 - parity) * stride]; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += JPC_QMFB_COLGRPSIZE; srcptr += stride << 1; } dstptr = &a[(1 - parity) * stride]; srcptr = &a[(2 - parity) * stride]; n = numrows - m - (!parity); while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += stride; srcptr += stride << 1; } dstptr = &a[hstartcol * stride]; srcptr = buf; n = m; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += stride; srcptr += JPC_QMFB_COLGRPSIZE; } } if (buf != splitbuf) { jas_free(buf); } }",visit repo url,src/libjasper/jpc/jpc_qmfb.c,https://github.com/mdadams/jasper,183090223051296,1 1318,CWE-190,"static ssize_t aio_setup_single_vector(struct kiocb *kiocb) { kiocb->ki_iovec = &kiocb->ki_inline_vec; kiocb->ki_iovec->iov_base = kiocb->ki_buf; kiocb->ki_iovec->iov_len = kiocb->ki_left; kiocb->ki_nr_segs = 1; kiocb->ki_cur_seg = 0; return 0; }",visit repo url,fs/aio.c,https://github.com/torvalds/linux,141056283499677,1 1541,CWE-399,"int udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *inet = inet_sk(sk); DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name); struct sk_buff *skb; unsigned int ulen, copied; int peeked, off = 0; int err; int is_udplite = IS_UDPLITE(sk); bool slow; if (flags & MSG_ERRQUEUE) return ip_recv_error(sk, msg, len, addr_len); try_again: skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), &peeked, &off, &err); if (!skb) goto out; ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) copied = ulen; else if (copied < ulen) msg->msg_flags |= MSG_TRUNC; if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { if (udp_lib_checksum_complete(skb)) goto csum_copy_err; } if (skb_csum_unnecessary(skb)) err = skb_copy_datagram_msg(skb, sizeof(struct udphdr), msg, copied); else { err = skb_copy_and_csum_datagram_msg(skb, sizeof(struct udphdr), msg); if (err == -EINVAL) goto csum_copy_err; } if (unlikely(err)) { trace_kfree_skb(skb, udp_recvmsg); if (!peeked) { atomic_inc(&sk->sk_drops); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } goto out_free; } if (!peeked) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); sock_recv_ts_and_drops(msg, sk, skb); if (sin) { sin->sin_family = AF_INET; sin->sin_port = udp_hdr(skb)->source; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); *addr_len = sizeof(*sin); } if (inet->cmsg_flags) ip_cmsg_recv_offset(msg, skb, sizeof(struct udphdr)); err = copied; if (flags & MSG_TRUNC) err = ulen; out_free: skb_free_datagram_locked(sk, skb); out: return err; csum_copy_err: slow = lock_sock_fast(sk); if (!skb_kill_datagram(sk, skb, flags)) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } unlock_sock_fast(sk, slow); if (noblock) return -EAGAIN; msg->msg_flags &= ~MSG_TRUNC; goto try_again; }",visit repo url,net/ipv4/udp.c,https://github.com/torvalds/linux,153036494842303,1 6170,['CWE-200'],"int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait) { int err; struct mfc_cache *cache; struct rtable *rt = (struct rtable*)skb->dst; read_lock(&mrt_lock); cache = ipmr_cache_find(rt->rt_src, rt->rt_dst); if (cache==NULL) { struct net_device *dev; int vif; if (nowait) { read_unlock(&mrt_lock); return -EAGAIN; } dev = skb->dev; if (dev == NULL || (vif = ipmr_find_vif(dev)) < 0) { read_unlock(&mrt_lock); return -ENODEV; } skb->nh.raw = skb_push(skb, sizeof(struct iphdr)); skb->nh.iph->ihl = sizeof(struct iphdr)>>2; skb->nh.iph->saddr = rt->rt_src; skb->nh.iph->daddr = rt->rt_dst; skb->nh.iph->version = 0; err = ipmr_cache_unresolved(vif, skb); read_unlock(&mrt_lock); return err; } if (!nowait && (rtm->rtm_flags&RTM_F_NOTIFY)) cache->mfc_flags |= MFC_NOTIFY; err = ipmr_fill_mroute(skb, cache, rtm); read_unlock(&mrt_lock); return err; }",linux-2.6,,,270307369120163545906255559516167042177,0 3875,['CWE-119'],"static int lbs_do_scan(struct lbs_private *priv, uint8_t bsstype, struct chanscanparamset *chan_list, int chan_count) { int ret = -ENOMEM; struct cmd_ds_802_11_scan *scan_cmd; uint8_t *tlv; lbs_deb_enter_args(LBS_DEB_SCAN, ""bsstype %d, chanlist[].chan %d, chan_count %d"", bsstype, chan_list ? chan_list[0].channumber : -1, chan_count); scan_cmd = kzalloc(MAX_SCAN_CFG_ALLOC, GFP_KERNEL); if (scan_cmd == NULL) goto out; tlv = scan_cmd->tlvbuffer; scan_cmd->bsstype = bsstype; if (priv->scan_ssid_len) tlv += lbs_scan_add_ssid_tlv(priv, tlv); if (chan_list && chan_count) tlv += lbs_scan_add_chanlist_tlv(tlv, chan_list, chan_count); tlv += lbs_scan_add_rates_tlv(tlv); scan_cmd->hdr.size = cpu_to_le16(tlv - (uint8_t *)scan_cmd); lbs_deb_hex(LBS_DEB_SCAN, ""SCAN_CMD"", (void *)scan_cmd, sizeof(*scan_cmd)); lbs_deb_hex(LBS_DEB_SCAN, ""SCAN_TLV"", scan_cmd->tlvbuffer, tlv - scan_cmd->tlvbuffer); ret = __lbs_cmd(priv, CMD_802_11_SCAN, &scan_cmd->hdr, le16_to_cpu(scan_cmd->hdr.size), lbs_ret_80211_scan, 0); out: kfree(scan_cmd); lbs_deb_leave_args(LBS_DEB_SCAN, ""ret %d"", ret); return ret; }",linux-2.6,,,168679046655145281161923241308870172226,0 282,[],"static int do_fontx_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg, struct file *file) { struct consolefontdesc32 __user *user_cfd = compat_ptr(arg); struct console_font_op op; compat_caddr_t data; int i, perm; perm = vt_check(file); if (perm < 0) return perm; switch (cmd) { case PIO_FONTX: if (!perm) return -EPERM; op.op = KD_FONT_OP_SET; op.flags = 0; op.width = 8; if (get_user(op.height, &user_cfd->charheight) || get_user(op.charcount, &user_cfd->charcount) || get_user(data, &user_cfd->chardata)) return -EFAULT; op.data = compat_ptr(data); return con_font_op(vc_cons[fg_console].d, &op); case GIO_FONTX: op.op = KD_FONT_OP_GET; op.flags = 0; op.width = 8; if (get_user(op.height, &user_cfd->charheight) || get_user(op.charcount, &user_cfd->charcount) || get_user(data, &user_cfd->chardata)) return -EFAULT; if (!data) return 0; op.data = compat_ptr(data); i = con_font_op(vc_cons[fg_console].d, &op); if (i) return i; if (put_user(op.height, &user_cfd->charheight) || put_user(op.charcount, &user_cfd->charcount) || put_user((compat_caddr_t)(unsigned long)op.data, &user_cfd->chardata)) return -EFAULT; return 0; } return -EINVAL; }",linux-2.6,,,157136636227739583168449737476307146294,0 5566,[],"SYSCALL_DEFINE1(ssetmask, int, newmask) { int old; spin_lock_irq(¤t->sighand->siglock); old = current->blocked.sig[0]; siginitset(¤t->blocked, newmask & ~(sigmask(SIGKILL)| sigmask(SIGSTOP))); recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); return old; }",linux-2.6,,,64739357939531185017641211325808259927,0 6364,CWE-787,"htmlGetText(tree_t *t) { uchar *s, *s2, *tdata = NULL, *talloc = NULL; size_t slen, tlen; slen = 0; s = NULL; while (t != NULL) { if (t->child) tdata = talloc = htmlGetText(t->child); else tdata = t->data; if (tdata != NULL) { tlen = strlen((char *)tdata); if (s) s2 = (uchar *)realloc(s, 1 + slen + tlen); else s2 = (uchar *)malloc(1 + tlen); if (!s2) break; s = s2; memcpy((char *)s + slen, (char *)tdata, tlen); slen += tlen; if (talloc) { free(talloc); talloc = NULL; } } t = t->next; } if (slen) s[slen] = '\0'; if (talloc) free(talloc); return (s); }",visit repo url,htmldoc/htmllib.cxx,https://github.com/michaelrsweet/htmldoc,261307844308449,1 2075,NVD-CWE-noinfo,"static int handle_vmread(struct kvm_vcpu *vcpu) { unsigned long field; u64 field_value; unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); u32 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO); gva_t gva = 0; if (!nested_vmx_check_permission(vcpu)) return 1; if (!nested_vmx_check_vmcs12(vcpu)) return kvm_skip_emulated_instruction(vcpu); field = kvm_register_readl(vcpu, (((vmx_instruction_info) >> 28) & 0xf)); if (vmcs12_read_any(vcpu, field, &field_value) < 0) { nested_vmx_failValid(vcpu, VMXERR_UNSUPPORTED_VMCS_COMPONENT); return kvm_skip_emulated_instruction(vcpu); } if (vmx_instruction_info & (1u << 10)) { kvm_register_writel(vcpu, (((vmx_instruction_info) >> 3) & 0xf), field_value); } else { if (get_vmx_mem_address(vcpu, exit_qualification, vmx_instruction_info, true, &gva)) return 1; kvm_write_guest_virt_system(&vcpu->arch.emulate_ctxt, gva, &field_value, (is_long_mode(vcpu) ? 8 : 4), NULL); } nested_vmx_succeed(vcpu); return kvm_skip_emulated_instruction(vcpu); }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,164673724225370,1 2564,NVD-CWE-noinfo,"apr_status_t modsecurity_tx_init(modsec_rec *msr) { const char *s = NULL; const apr_array_header_t *arr; char *semicolon = NULL; char *comma = NULL; apr_table_entry_t *te; int i; apr_pool_cleanup_register(msr->mp, msr, modsecurity_tx_cleanup, apr_pool_cleanup_null); msr->request_content_length = -1; s = apr_table_get(msr->request_headers, ""Content-Length""); if (s != NULL) { msr->request_content_length = strtol(s, NULL, 10); } msr->reqbody_chunked = 0; msr->reqbody_should_exist = 0; if (msr->request_content_length == -1) { char *transfer_encoding = (char *)apr_table_get(msr->request_headers, ""Transfer-Encoding""); if ((transfer_encoding != NULL)&&(strstr(transfer_encoding, ""chunked"") != NULL)) { msr->reqbody_should_exist = 1; msr->reqbody_chunked = 1; } } else { msr->reqbody_should_exist = 1; } msr->request_content_type = NULL; s = apr_table_get(msr->request_headers, ""Content-Type""); if (s != NULL) msr->request_content_type = s; if ((msr->request_content_type != NULL) && (strncasecmp(msr->request_content_type, ""application/x-www-form-urlencoded"", 33) == 0)) { msr->msc_reqbody_storage = MSC_REQBODY_MEMORY; msr->msc_reqbody_spilltodisk = 0; msr->msc_reqbody_processor = ""URLENCODED""; } else { if ((msr->request_content_length != -1) && (msr->request_content_length > msr->txcfg->reqbody_inmemory_limit)) { msr->msc_reqbody_storage = MSC_REQBODY_DISK; } msr->msc_reqbody_storage = MSC_REQBODY_MEMORY; msr->msc_reqbody_spilltodisk = 1; if (msr->request_content_type != NULL) { if (strncasecmp(msr->request_content_type, ""multipart/form-data"", 19) == 0) { msr->msc_reqbody_processor = ""MULTIPART""; } } } if (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_OFF) { msr->msc_reqbody_storage = MSC_REQBODY_MEMORY; msr->msc_reqbody_spilltodisk = 0; } msr->arguments = apr_table_make(msr->mp, 32); if (msr->arguments == NULL) return -1; if (msr->query_string != NULL) { int invalid_count = 0; if (parse_arguments(msr, msr->query_string, strlen(msr->query_string), msr->txcfg->argument_separator, ""QUERY_STRING"", msr->arguments, &invalid_count) < 0) { msr_log(msr, 1, ""Initialisation: Error occurred while parsing QUERY_STRING arguments.""); return -1; } if (invalid_count) { msr->urlencoded_error = 1; } } msr->arguments_to_sanitize = apr_table_make(msr->mp, 16); if (msr->arguments_to_sanitize == NULL) return -1; msr->request_headers_to_sanitize = apr_table_make(msr->mp, 16); if (msr->request_headers_to_sanitize == NULL) return -1; msr->response_headers_to_sanitize = apr_table_make(msr->mp, 16); if (msr->response_headers_to_sanitize == NULL) return -1; msr->pattern_to_sanitize = apr_table_make(msr->mp, 32); if (msr->pattern_to_sanitize == NULL) return -1; msr->removed_targets = apr_table_make(msr->mp, 16); if (msr->removed_targets == NULL) return -1; msr->request_cookies = apr_table_make(msr->mp, 16); if (msr->request_cookies == NULL) return -1; msr->matched_vars = apr_table_make(msr->mp, 8); if (msr->matched_vars == NULL) return -1; apr_table_clear(msr->matched_vars); msr->perf_rules = apr_table_make(msr->mp, 8); if (msr->perf_rules == NULL) return -1; apr_table_clear(msr->perf_rules); arr = apr_table_elts(msr->request_headers); te = (apr_table_entry_t *)arr->elts; for (i = 0; i < arr->nelts; i++) { if (strcasecmp(te[i].key, ""Cookie"") == 0) { if (msr->txcfg->cookie_format == COOKIES_V0) { semicolon = apr_pstrdup(msr->mp, te[i].val); while((*semicolon != 0)&&(*semicolon != ';')) semicolon++; if(*semicolon == ';') { parse_cookies_v0(msr, te[i].val, msr->request_cookies, "";""); } else { comma = apr_pstrdup(msr->mp, te[i].val); while((*comma != 0)&&(*comma != ',')) comma++; if(*comma == ',') { comma++; if(*comma == 0x20) { if (msr->txcfg->debuglog_level >= 5) { msr_log(msr, 5, ""Cookie v0 parser: Using comma as a separator. Semi-colon was not identified!""); } parse_cookies_v0(msr, te[i].val, msr->request_cookies, "",""); } else { parse_cookies_v0(msr, te[i].val, msr->request_cookies, "";""); } } else { parse_cookies_v0(msr, te[i].val, msr->request_cookies, "";""); } } } else { parse_cookies_v1(msr, te[i].val, msr->request_cookies); } } } msr->tx_vars = apr_table_make(msr->mp, 32); if (msr->tx_vars == NULL) return -1; msr->geo_vars = apr_table_make(msr->mp, 8); if (msr->geo_vars == NULL) return -1; msr->collections_original = apr_table_make(msr->mp, 8); if (msr->collections_original == NULL) return -1; msr->collections = apr_table_make(msr->mp, 8); if (msr->collections == NULL) return -1; msr->collections_dirty = apr_table_make(msr->mp, 8); if (msr->collections_dirty == NULL) return -1; msr->tcache = NULL; msr->tcache_items = 0; msr->matched_rules = apr_array_make(msr->mp, 16, sizeof(void *)); if (msr->matched_rules == NULL) return -1; msr->matched_var = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string)); if (msr->matched_var == NULL) return -1; msr->highest_severity = 255; msr->removed_rules = apr_array_make(msr->mp, 16, sizeof(char *)); if (msr->removed_rules == NULL) return -1; msr->removed_rules_tag = apr_array_make(msr->mp, 16, sizeof(char *)); if (msr->removed_rules_tag == NULL) return -1; msr->removed_rules_msg = apr_array_make(msr->mp, 16, sizeof(char *)); if (msr->removed_rules_msg == NULL) return -1; return 1; }",visit repo url,apache2/modsecurity.c,https://github.com/SpiderLabs/ModSecurity,132685533863113,1 4578,CWE-125,"GF_Err abst_box_read(GF_Box *s, GF_BitStream *bs) { GF_AdobeBootstrapInfoBox *ptr = (GF_AdobeBootstrapInfoBox *)s; int i; u32 tmp_strsize; char *tmp_str; GF_Err e; ISOM_DECREASE_SIZE(ptr, 25) ptr->bootstrapinfo_version = gf_bs_read_u32(bs); ptr->profile = gf_bs_read_int(bs, 2); ptr->live = gf_bs_read_int(bs, 1); ptr->update = gf_bs_read_int(bs, 1); ptr->reserved = gf_bs_read_int(bs, 4); ptr->time_scale = gf_bs_read_u32(bs); ptr->current_media_time = gf_bs_read_u64(bs); ptr->smpte_time_code_offset = gf_bs_read_u64(bs); i=0; if (ptr->size<8) return GF_ISOM_INVALID_FILE; tmp_strsize =(u32)ptr->size-8; tmp_str = gf_malloc(sizeof(char)*tmp_strsize); if (!tmp_str) return GF_OUT_OF_MEM; memset(tmp_str, 0, sizeof(char)*tmp_strsize); while (tmp_strsize) { tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) break; i++; } if (i) { ptr->movie_identifier = gf_strdup(tmp_str); } ptr->server_entry_count = gf_bs_read_u8(bs); for (i=0; iserver_entry_count; i++) { int j=0; tmp_strsize=(u32)ptr->size-8; while (tmp_strsize) { tmp_str[j] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[j]) break; j++; } if (j) { gf_list_insert(ptr->server_entry_table, gf_strdup(tmp_str), i); } } ptr->quality_entry_count = gf_bs_read_u8(bs); for (i=0; iquality_entry_count; i++) { int j=0; tmp_strsize=(u32)ptr->size-8; while (tmp_strsize) { tmp_str[j] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[j]) break; j++; } if (j) { gf_list_insert(ptr->quality_entry_table, gf_strdup(tmp_str), i); } } i=0; tmp_strsize=(u32)ptr->size-8; while (tmp_strsize) { tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) break; i++; } if (i) { ptr->drm_data = gf_strdup(tmp_str); } i=0; tmp_strsize=(u32)ptr->size-8; while (tmp_strsize) { tmp_str[i] = gf_bs_read_u8(bs); tmp_strsize--; if (!tmp_str[i]) break; i++; } if (i) { ptr->meta_data = gf_strdup(tmp_str); } ptr->segment_run_table_count = gf_bs_read_u8(bs); for (i=0; isegment_run_table_count; i++) { GF_AdobeSegmentRunTableBox *asrt = NULL; e = gf_isom_box_parse((GF_Box **)&asrt, bs); if (e) { if (asrt) gf_isom_box_del((GF_Box*)asrt); gf_free(tmp_str); return e; } gf_list_add(ptr->segment_run_table_entries, asrt); } ptr->fragment_run_table_count = gf_bs_read_u8(bs); for (i=0; ifragment_run_table_count; i++) { GF_AdobeFragmentRunTableBox *afrt = NULL; e = gf_isom_box_parse((GF_Box **)&afrt, bs); if (e) { if (afrt) gf_isom_box_del((GF_Box*)afrt); gf_free(tmp_str); return e; } gf_list_add(ptr->fragment_run_table_entries, afrt); } gf_free(tmp_str); return GF_OK; }",visit repo url,src/isomedia/box_code_adobe.c,https://github.com/gpac/gpac,230708598163430,1 3221,['CWE-189'],"long jas_stream_seek(jas_stream_t *stream, long offset, int origin) { long newpos; assert(!((stream->bufmode_ & JAS_STREAM_RDBUF) && (stream->bufmode_ & JAS_STREAM_WRBUF))); stream->flags_ &= ~JAS_STREAM_EOF; if (stream->bufmode_ & JAS_STREAM_RDBUF) { if (origin == SEEK_CUR) { offset -= stream->cnt_; } } else if (stream->bufmode_ & JAS_STREAM_WRBUF) { if (jas_stream_flush(stream)) { return -1; } } stream->cnt_ = 0; stream->ptr_ = stream->bufstart_; stream->bufmode_ &= ~(JAS_STREAM_RDBUF | JAS_STREAM_WRBUF); if ((newpos = (*stream->ops_->seek_)(stream->obj_, offset, origin)) < 0) { return -1; } return newpos; }",jasper,,,255641120395053980525778761679867737068,0 6313,CWE-295,"int options_parse(CONF_TYPE type) { SERVICE_OPTIONS *section; options_defaults(); section=&new_service_options; if(options_file(configuration_file, type, §ion)) return 1; if(init_section(1, §ion)) return 1; s_log(LOG_NOTICE, ""Configuration successful""); return 0; }",visit repo url,src/options.c,https://github.com/mtrojnar/stunnel,106544849477177,1 2450,['CWE-119'],"static void add_pending_object_with_mode(struct rev_info *revs, struct object *obj, const char *name, unsigned mode) { if (revs->no_walk && (obj->flags & UNINTERESTING)) die(""object ranges do not make sense when not walking revisions""); if (revs->reflog_info && obj->type == OBJ_COMMIT && add_reflog_for_walk(revs->reflog_info, (struct commit *)obj, name)) return; add_object_array_with_mode(obj, name, &revs->pending, mode); }",git,,,120834399528139765365535816360919941585,0 3366,CWE-119,"static Image *ReadTIFFImage(const ImageInfo *image_info, ExceptionInfo *exception) { const char *option; float *chromaticity, x_position, y_position, x_resolution, y_resolution; Image *image; int tiff_status; MagickBooleanType status; MagickSizeType number_pixels; QuantumInfo *quantum_info; QuantumType quantum_type; register ssize_t i; size_t pad; ssize_t y; TIFF *tiff; TIFFMethodType method; uint16 compress_tag, bits_per_sample, endian, extra_samples, interlace, max_sample_value, min_sample_value, orientation, pages, photometric, *sample_info, sample_format, samples_per_pixel, units, value; uint32 height, rows_per_strip, width; unsigned char *pixels; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); if (image_info->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"", image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); image=AcquireImage(image_info,exception); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } (void) SetMagickThreadValue(tiff_exception,exception); tiff=TIFFClientOpen(image->filename,""rb"",(thandle_t) image,TIFFReadBlob, TIFFWriteBlob,TIFFSeekBlob,TIFFCloseBlob,TIFFGetBlobSize,TIFFMapBlob, TIFFUnmapBlob); if (tiff == (TIFF *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } if (image_info->number_scenes != 0) { if (image_info->scene < (size_t) TIFFNumberOfDirectories(tiff)) { for (i=0; i < (ssize_t) image_info->scene; i++) { status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status == MagickFalse) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { TIFFClose(tiff); image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); } } } do { DisableMSCWarning(4127) if (0 && (image_info->verbose != MagickFalse)) TIFFPrintDirectory(tiff,stdout,MagickFalse); RestoreMSCWarning if ((TIFFGetField(tiff,TIFFTAG_IMAGEWIDTH,&width) != 1) || (TIFFGetField(tiff,TIFFTAG_IMAGELENGTH,&height) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_COMPRESSION,&compress_tag) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_FILLORDER,&endian) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PLANARCONFIG,&interlace) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL,&samples_per_pixel) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_BITSPERSAMPLE,&bits_per_sample) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLEFORMAT,&sample_format) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MINSAMPLEVALUE,&min_sample_value) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_MAXSAMPLEVALUE,&max_sample_value) != 1) || (TIFFGetFieldDefaulted(tiff,TIFFTAG_PHOTOMETRIC,&photometric) != 1)) { TIFFClose(tiff); ThrowReaderException(CorruptImageError,""ImproperImageHeader""); } if (sample_format == SAMPLEFORMAT_IEEEFP) (void) SetImageProperty(image,""quantum:format"",""floating-point"", exception); switch (photometric) { case PHOTOMETRIC_MINISBLACK: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-black"", exception); break; } case PHOTOMETRIC_MINISWHITE: { (void) SetImageProperty(image,""tiff:photometric"",""min-is-white"", exception); break; } case PHOTOMETRIC_PALETTE: { (void) SetImageProperty(image,""tiff:photometric"",""palette"",exception); break; } case PHOTOMETRIC_RGB: { (void) SetImageProperty(image,""tiff:photometric"",""RGB"",exception); break; } case PHOTOMETRIC_CIELAB: { (void) SetImageProperty(image,""tiff:photometric"",""CIELAB"",exception); break; } case PHOTOMETRIC_LOGL: { (void) SetImageProperty(image,""tiff:photometric"",""CIE Log2(L)"", exception); break; } case PHOTOMETRIC_LOGLUV: { (void) SetImageProperty(image,""tiff:photometric"",""LOGLUV"",exception); break; } #if defined(PHOTOMETRIC_MASK) case PHOTOMETRIC_MASK: { (void) SetImageProperty(image,""tiff:photometric"",""MASK"",exception); break; } #endif case PHOTOMETRIC_SEPARATED: { (void) SetImageProperty(image,""tiff:photometric"",""separated"",exception); break; } case PHOTOMETRIC_YCBCR: { (void) SetImageProperty(image,""tiff:photometric"",""YCBCR"",exception); break; } default: { (void) SetImageProperty(image,""tiff:photometric"",""unknown"",exception); break; } } if (image->debug != MagickFalse) { (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Geometry: %ux%u"", (unsigned int) width,(unsigned int) height); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Interlace: %u"", interlace); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Bits per sample: %u"",bits_per_sample); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Min sample value: %u"",min_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Max sample value: %u"",max_sample_value); (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Photometric "" ""interpretation: %s"",GetImageProperty(image,""tiff:photometric"", exception)); } image->columns=(size_t) width; image->rows=(size_t) height; image->depth=(size_t) bits_per_sample; if (image->debug != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(),""Image depth: %.20g"", (double) image->depth); image->endian=MSBEndian; if (endian == FILLORDER_LSB2MSB) image->endian=LSBEndian; #if defined(MAGICKCORE_HAVE_TIFFISBIGENDIAN) if (TIFFIsBigEndian(tiff) == 0) { (void) SetImageProperty(image,""tiff:endian"",""lsb"",exception); image->endian=LSBEndian; } else { (void) SetImageProperty(image,""tiff:endian"",""msb"",exception); image->endian=MSBEndian; } #endif if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) SetImageColorspace(image,GRAYColorspace,exception); if (photometric == PHOTOMETRIC_SEPARATED) SetImageColorspace(image,CMYKColorspace,exception); if (photometric == PHOTOMETRIC_CIELAB) SetImageColorspace(image,LabColorspace,exception); TIFFGetProfiles(tiff,image,image_info->ping,exception); TIFFGetProperties(tiff,image,exception); option=GetImageOption(image_info,""tiff:exif-properties""); if (IsStringFalse(option) == MagickFalse) TIFFGetEXIFProperties(tiff,image,exception); (void) TIFFGetFieldDefaulted(tiff,TIFFTAG_SAMPLESPERPIXEL, &samples_per_pixel); if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XRESOLUTION,&x_resolution) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YRESOLUTION,&y_resolution) == 1)) { image->resolution.x=x_resolution; image->resolution.y=y_resolution; } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_RESOLUTIONUNIT,&units) == 1) { if (units == RESUNIT_INCH) image->units=PixelsPerInchResolution; if (units == RESUNIT_CENTIMETER) image->units=PixelsPerCentimeterResolution; } if ((TIFFGetFieldDefaulted(tiff,TIFFTAG_XPOSITION,&x_position) == 1) && (TIFFGetFieldDefaulted(tiff,TIFFTAG_YPOSITION,&y_position) == 1)) { image->page.x=(ssize_t) ceil(x_position*image->resolution.x-0.5); image->page.y=(ssize_t) ceil(y_position*image->resolution.y-0.5); } if (TIFFGetFieldDefaulted(tiff,TIFFTAG_ORIENTATION,&orientation) == 1) image->orientation=(OrientationType) orientation; if (TIFFGetField(tiff,TIFFTAG_WHITEPOINT,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.white_point.x=chromaticity[0]; image->chromaticity.white_point.y=chromaticity[1]; } } if (TIFFGetField(tiff,TIFFTAG_PRIMARYCHROMATICITIES,&chromaticity) == 1) { if (chromaticity != (float *) NULL) { image->chromaticity.red_primary.x=chromaticity[0]; image->chromaticity.red_primary.y=chromaticity[1]; image->chromaticity.green_primary.x=chromaticity[2]; image->chromaticity.green_primary.y=chromaticity[3]; image->chromaticity.blue_primary.x=chromaticity[4]; image->chromaticity.blue_primary.y=chromaticity[5]; } } #if defined(MAGICKCORE_HAVE_TIFFISCODECCONFIGURED) || (TIFFLIB_VERSION > 20040919) if ((compress_tag != COMPRESSION_NONE) && (TIFFIsCODECConfigured(compress_tag) == 0)) { TIFFClose(tiff); ThrowReaderException(CoderError,""CompressNotSupported""); } #endif switch (compress_tag) { case COMPRESSION_NONE: image->compression=NoCompression; break; case COMPRESSION_CCITTFAX3: image->compression=FaxCompression; break; case COMPRESSION_CCITTFAX4: image->compression=Group4Compression; break; case COMPRESSION_JPEG: { image->compression=JPEGCompression; #if defined(JPEG_SUPPORT) { char sampling_factor[MagickPathExtent]; int tiff_status; uint16 horizontal, vertical; tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_YCBCRSUBSAMPLING, &horizontal,&vertical); if (tiff_status == 1) { (void) FormatLocaleString(sampling_factor,MagickPathExtent, ""%dx%d"",horizontal,vertical); (void) SetImageProperty(image,""jpeg:sampling-factor"", sampling_factor,exception); (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""Sampling Factors: %s"",sampling_factor); } } #endif break; } case COMPRESSION_OJPEG: image->compression=JPEGCompression; break; #if defined(COMPRESSION_LZMA) case COMPRESSION_LZMA: image->compression=LZMACompression; break; #endif case COMPRESSION_LZW: image->compression=LZWCompression; break; case COMPRESSION_DEFLATE: image->compression=ZipCompression; break; case COMPRESSION_ADOBE_DEFLATE: image->compression=ZipCompression; break; default: image->compression=RLECompression; break; } quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } if (sample_format == SAMPLEFORMAT_UINT) status=SetQuantumFormat(image,quantum_info,UnsignedQuantumFormat); if (sample_format == SAMPLEFORMAT_INT) status=SetQuantumFormat(image,quantum_info,SignedQuantumFormat); if (sample_format == SAMPLEFORMAT_IEEEFP) status=SetQuantumFormat(image,quantum_info,FloatingPointQuantumFormat); if (status == MagickFalse) { TIFFClose(tiff); quantum_info=DestroyQuantumInfo(quantum_info); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } status=MagickTrue; switch (photometric) { case PHOTOMETRIC_MINISBLACK: { quantum_info->min_is_white=MagickFalse; break; } case PHOTOMETRIC_MINISWHITE: { quantum_info->min_is_white=MagickTrue; break; } default: break; } tiff_status=TIFFGetFieldDefaulted(tiff,TIFFTAG_EXTRASAMPLES,&extra_samples, &sample_info); if (tiff_status == 1) { (void) SetImageProperty(image,""tiff:alpha"",""unspecified"",exception); if (extra_samples == 0) { if ((samples_per_pixel == 4) && (photometric == PHOTOMETRIC_RGB)) image->alpha_trait=BlendPixelTrait; } else for (i=0; i < extra_samples; i++) { image->alpha_trait=BlendPixelTrait; if (sample_info[i] == EXTRASAMPLE_ASSOCALPHA) { SetQuantumAlphaType(quantum_info,DisassociatedQuantumAlpha); (void) SetImageProperty(image,""tiff:alpha"",""associated"", exception); } else if (sample_info[i] == EXTRASAMPLE_UNASSALPHA) (void) SetImageProperty(image,""tiff:alpha"",""unassociated"", exception); } } if ((photometric == PHOTOMETRIC_PALETTE) && (pow(2.0,1.0*bits_per_sample) <= MaxColormapSize)) { size_t colors; colors=(size_t) GetQuantumRange(bits_per_sample)+1; if (AcquireImageColormap(image,colors,exception) == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } } value=(unsigned short) image->scene; if (TIFFGetFieldDefaulted(tiff,TIFFTAG_PAGENUMBER,&value,&pages) == 1) image->scene=value; if (image->storage_class == PseudoClass) { int tiff_status; size_t range; uint16 *blue_colormap, *green_colormap, *red_colormap; tiff_status=TIFFGetField(tiff,TIFFTAG_COLORMAP,&red_colormap, &green_colormap,&blue_colormap); if (tiff_status == 1) { if ((red_colormap != (uint16 *) NULL) && (green_colormap != (uint16 *) NULL) && (blue_colormap != (uint16 *) NULL)) { range=255; for (i=0; i < (ssize_t) image->colors; i++) if ((red_colormap[i] >= 256) || (green_colormap[i] >= 256) || (blue_colormap[i] >= 256)) { range=65535; break; } for (i=0; i < (ssize_t) image->colors; i++) { image->colormap[i].red=ClampToQuantum(((double) QuantumRange*red_colormap[i])/range); image->colormap[i].green=ClampToQuantum(((double) QuantumRange*green_colormap[i])/range); image->colormap[i].blue=ClampToQuantum(((double) QuantumRange*blue_colormap[i])/range); } } } if (image->alpha_trait == UndefinedPixelTrait) image->depth=GetImageDepth(image,exception); } if (image_info->ping != MagickFalse) { if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) { quantum_info=DestroyQuantumInfo(quantum_info); break; } goto next_tiff_frame; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); method=ReadGenericMethod; if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) { char value[MagickPathExtent]; method=ReadStripMethod; (void) FormatLocaleString(value,MagickPathExtent,""%u"", (unsigned int) rows_per_strip); (void) SetImageProperty(image,""tiff:rows-per-strip"",value,exception); } if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_CONTIG)) method=ReadRGBAMethod; if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_SEPARATE)) method=ReadCMYKAMethod; if ((photometric != PHOTOMETRIC_RGB) && (photometric != PHOTOMETRIC_CIELAB) && (photometric != PHOTOMETRIC_SEPARATED)) method=ReadGenericMethod; if (image->storage_class == PseudoClass) method=ReadSingleSampleMethod; if ((photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) method=ReadSingleSampleMethod; if ((photometric != PHOTOMETRIC_SEPARATED) && (interlace == PLANARCONFIG_SEPARATE) && (bits_per_sample < 64)) method=ReadGenericMethod; if (image->compression == JPEGCompression) method=GetJPEGMethod(image,tiff,photometric,bits_per_sample, samples_per_pixel); if (compress_tag == COMPRESSION_JBIG) method=ReadStripMethod; if (TIFFIsTiled(tiff) != MagickFalse) method=ReadTileMethod; quantum_info->endian=LSBEndian; quantum_type=RGBQuantum; pixels=(unsigned char *) GetQuantumPixels(quantum_info); switch (method) { case ReadSingleSampleMethod: { quantum_type=IndexQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-1,0); if (image->alpha_trait != UndefinedPixelTrait) { if (image->storage_class != PseudoClass) { quantum_type=samples_per_pixel == 1 ? AlphaQuantum : GrayAlphaQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-2,0); } else { quantum_type=IndexAlphaQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-2,0); } } else if (image->storage_class != PseudoClass) { quantum_type=GrayQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-1,0); } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadRGBAMethod: { pad=(size_t) MagickMax((size_t) samples_per_pixel-3,0); quantum_type=RGBQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=RGBAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); } if (image->colorspace == CMYKColorspace) { pad=(size_t) MagickMax((size_t) samples_per_pixel-4,0); quantum_type=CMYKQuantum; if (image->alpha_trait != UndefinedPixelTrait) { quantum_type=CMYKAQuantum; pad=(size_t) MagickMax((size_t) samples_per_pixel-5,0); } } status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3)); if (status == MagickFalse) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadCMYKAMethod: { for (i=0; i < (ssize_t) samples_per_pixel; i++) { for (y=0; y < (ssize_t) image->rows; y++) { register Quantum *magick_restrict q; int status; status=TIFFReadPixels(tiff,bits_per_sample,(tsample_t) i,y,(char *) pixels); if (status == -1) break; q=GetAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; if (image->colorspace != CMYKColorspace) switch (i) { case 0: quantum_type=RedQuantum; break; case 1: quantum_type=GreenQuantum; break; case 2: quantum_type=BlueQuantum; break; case 3: quantum_type=AlphaQuantum; break; default: quantum_type=UndefinedQuantum; break; } else switch (i) { case 0: quantum_type=CyanQuantum; break; case 1: quantum_type=MagentaQuantum; break; case 2: quantum_type=YellowQuantum; break; case 3: quantum_type=BlackQuantum; break; case 4: quantum_type=AlphaQuantum; break; default: quantum_type=UndefinedQuantum; break; } (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, quantum_type,pixels,exception); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadYCCKMethod: { pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; register ssize_t x; unsigned char *p; status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); if (status == -1) break; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; p=pixels; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelCyan(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.402*(double) *(p+2))-179.456)),q); SetPixelMagenta(image,ScaleCharToQuantum(ClampYCC((double) *p- (0.34414*(double) *(p+1))-(0.71414*(double ) *(p+2))+ 135.45984)),q); SetPixelYellow(image,ScaleCharToQuantum(ClampYCC((double) *p+ (1.772*(double) *(p+1))-226.816)),q); SetPixelBlack(image,ScaleCharToQuantum((unsigned char) *(p+3)),q); q+=GetPixelChannels(image); p+=4; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadStripMethod: { register uint32 *p; i=0; p=(uint32 *) NULL; for (y=0; y < (ssize_t) image->rows; y++) { register ssize_t x; register Quantum *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; if (i == 0) { if (TIFFReadRGBAStrip(tiff,(tstrip_t) y,(uint32 *) pixels) == 0) break; i=(ssize_t) MagickMin((ssize_t) rows_per_strip,(ssize_t) image->rows-y); } i--; p=((uint32 *) pixels)+image->columns*i; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) (TIFFGetR(*p))),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) (TIFFGetG(*p))),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) (TIFFGetB(*p))),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) (TIFFGetA(*p))),q); p++; q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } break; } case ReadTileMethod: { register uint32 *p; uint32 *tile_pixels, columns, rows; if ((TIFFGetField(tiff,TIFFTAG_TILEWIDTH,&columns) != 1) || (TIFFGetField(tiff,TIFFTAG_TILELENGTH,&rows) != 1)) { TIFFClose(tiff); ThrowReaderException(CoderError,""ImageIsNotTiled""); } (void) SetImageStorageClass(image,DirectClass,exception); number_pixels=(MagickSizeType) columns*rows; if ((number_pixels*sizeof(uint32)) != (MagickSizeType) ((size_t) (number_pixels*sizeof(uint32)))) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } tile_pixels=(uint32 *) AcquireQuantumMemory(columns, rows*sizeof(*tile_pixels)); if (tile_pixels == (uint32 *) NULL) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } for (y=0; y < (ssize_t) image->rows; y+=rows) { register ssize_t x; register Quantum *magick_restrict q, *magick_restrict tile; size_t columns_remaining, rows_remaining; rows_remaining=image->rows-y; if ((ssize_t) (y+rows) < (ssize_t) image->rows) rows_remaining=rows; tile=QueueAuthenticPixels(image,0,y,image->columns,rows_remaining, exception); if (tile == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x+=columns) { size_t column, row; if (TIFFReadRGBATile(tiff,(uint32) x,(uint32) y,tile_pixels) == 0) break; columns_remaining=image->columns-x; if ((ssize_t) (x+columns) < (ssize_t) image->columns) columns_remaining=columns; p=tile_pixels+(rows-rows_remaining)*columns; q=tile+GetPixelChannels(image)*(image->columns*(rows_remaining-1)+ x); for (row=rows_remaining; row > 0; row--) { if (image->alpha_trait != UndefinedPixelTrait) for (column=columns_remaining; column > 0; column--) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) TIFFGetA(*p)),q); p++; q+=GetPixelChannels(image); } else for (column=columns_remaining; column > 0; column--) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); p++; q+=GetPixelChannels(image); } p+=columns-columns_remaining; q-=GetPixelChannels(image)*(image->columns+columns_remaining); } } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } tile_pixels=(uint32 *) RelinquishMagickMemory(tile_pixels); break; } case ReadGenericMethod: default: { MemoryInfo *pixel_info; register uint32 *p; uint32 *pixels; number_pixels=(MagickSizeType) image->columns*image->rows; if ((number_pixels*sizeof(uint32)) != (MagickSizeType) ((size_t) (number_pixels*sizeof(uint32)))) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixel_info=AcquireVirtualMemory(image->columns,image->rows* sizeof(uint32)); if (pixel_info == (MemoryInfo *) NULL) { TIFFClose(tiff); ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); } pixels=(uint32 *) GetVirtualMemoryBlob(pixel_info); (void) TIFFReadRGBAImage(tiff,(uint32) image->columns, (uint32) image->rows,(uint32 *) pixels,0); p=pixels+number_pixels-1; for (y=0; y < (ssize_t) image->rows; y++) { register ssize_t x; register Quantum *magick_restrict q; q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; q+=GetPixelChannels(image)*(image->columns-1); for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum((unsigned char) TIFFGetR(*p)),q); SetPixelGreen(image,ScaleCharToQuantum((unsigned char) TIFFGetG(*p)),q); SetPixelBlue(image,ScaleCharToQuantum((unsigned char) TIFFGetB(*p)),q); if (image->alpha_trait != UndefinedPixelTrait) SetPixelAlpha(image,ScaleCharToQuantum((unsigned char) TIFFGetA(*p)),q); p--; q-=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } pixel_info=RelinquishVirtualMemory(pixel_info); break; } } SetQuantumImageType(image,quantum_type); next_tiff_frame: quantum_info=DestroyQuantumInfo(quantum_info); if (photometric == PHOTOMETRIC_CIELAB) DecodeLabImage(image,exception); if ((photometric == PHOTOMETRIC_LOGL) || (photometric == PHOTOMETRIC_MINISBLACK) || (photometric == PHOTOMETRIC_MINISWHITE)) { image->type=GrayscaleType; if (bits_per_sample == 1) image->type=BilevelType; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; status=TIFFReadDirectory(tiff) != 0 ? MagickTrue : MagickFalse; if (status != MagickFalse) { AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,image->scene-1, image->scene); if (status == MagickFalse) break; } } while (status != MagickFalse); TIFFClose(tiff); TIFFReadPhotoshopLayers(image,image_info,exception); if (image_info->number_scenes != 0) { if (image_info->scene >= GetImageListLength(image)) { image=DestroyImageList(image); return((Image *)NULL); } } return(GetFirstImageInList(image)); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,233130035715187,1 903,['CWE-200'],"static ssize_t shmem_file_read(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { read_descriptor_t desc; if ((ssize_t) count < 0) return -EINVAL; if (!access_ok(VERIFY_WRITE, buf, count)) return -EFAULT; if (!count) return 0; desc.written = 0; desc.count = count; desc.arg.buf = buf; desc.error = 0; do_shmem_file_read(filp, ppos, &desc, file_read_actor); if (desc.written) return desc.written; return desc.error; }",linux-2.6,,,340139874339518567151768104205642196502,0 3618,[],"static void rtc_uie_task(struct work_struct *work) { struct rtc_device *rtc = container_of(work, struct rtc_device, uie_task); struct rtc_time tm; int num = 0; int err; err = rtc_read_time(rtc, &tm); local_irq_disable(); spin_lock(&rtc->irq_lock); if (rtc->stop_uie_polling || err) { rtc->uie_task_active = 0; } else if (rtc->oldsecs != tm.tm_sec) { num = (tm.tm_sec + 60 - rtc->oldsecs) % 60; rtc->oldsecs = tm.tm_sec; rtc->uie_timer.expires = jiffies + HZ - (HZ/10); rtc->uie_timer_active = 1; rtc->uie_task_active = 0; add_timer(&rtc->uie_timer); } else if (schedule_work(&rtc->uie_task) == 0) { rtc->uie_task_active = 0; } spin_unlock(&rtc->irq_lock); if (num) rtc_update_irq(rtc, num, RTC_UF | RTC_IRQF); local_irq_enable(); }",linux-2.6,,,316750646998337871031631935734024664027,0 6084,['CWE-200'],"static unsigned int cbq_drop(struct Qdisc* sch) { struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *cl, *cl_head; int prio; unsigned int len; for (prio = TC_CBQ_MAXPRIO; prio >= 0; prio--) { if ((cl_head = q->active[prio]) == NULL) continue; cl = cl_head; do { if (cl->q->ops->drop && (len = cl->q->ops->drop(cl->q))) { sch->q.qlen--; return len; } } while ((cl = cl->next_alive) != cl_head); } return 0; }",linux-2.6,,,222123018196116999786466050297246420831,0 6243,['CWE-200'],"find_dump_kind(struct nlmsghdr *n) { struct rtattr *tb1, *tb2[TCA_ACT_MAX+1]; struct rtattr *tb[TCA_ACT_MAX_PRIO + 1]; struct rtattr *rta[TCAA_MAX + 1]; struct rtattr *kind; int min_len = NLMSG_LENGTH(sizeof(struct tcamsg)); int attrlen = n->nlmsg_len - NLMSG_ALIGN(min_len); struct rtattr *attr = (void *) n + NLMSG_ALIGN(min_len); if (rtattr_parse(rta, TCAA_MAX, attr, attrlen) < 0) return NULL; tb1 = rta[TCA_ACT_TAB - 1]; if (tb1 == NULL) return NULL; if (rtattr_parse(tb, TCA_ACT_MAX_PRIO, RTA_DATA(tb1), NLMSG_ALIGN(RTA_PAYLOAD(tb1))) < 0) return NULL; if (tb[0] == NULL) return NULL; if (rtattr_parse(tb2, TCA_ACT_MAX, RTA_DATA(tb[0]), RTA_PAYLOAD(tb[0])) < 0) return NULL; kind = tb2[TCA_ACT_KIND-1]; return (char *) RTA_DATA(kind); }",linux-2.6,,,198980748684732384786204065964639548592,0 3737,CWE-125,"int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { uint32_t chan_chunk = 0, channel_layout = 0, bcount; unsigned char *channel_identities = NULL; unsigned char *channel_reorder = NULL; int64_t total_samples = 0, infilesize; CAFFileHeader caf_file_header; CAFChunkHeader caf_chunk_header; CAFAudioFormat caf_audio_format; int i; infilesize = DoGetFileSize (infile); memcpy (&caf_file_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &caf_file_header) + 4, sizeof (CAFFileHeader) - 4, &bcount) || bcount != sizeof (CAFFileHeader) - 4)) { error_line (""%s is not a valid .CAF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &caf_file_header, sizeof (CAFFileHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&caf_file_header, CAFFileHeaderFormat); if (caf_file_header.mFileVersion != 1) { error_line (""%s: can't handle version %d .CAF files!"", infilename, caf_file_header.mFileVersion); return WAVPACK_SOFT_ERROR; } while (1) { if (!DoReadFile (infile, &caf_chunk_header, sizeof (CAFChunkHeader), &bcount) || bcount != sizeof (CAFChunkHeader)) { error_line (""%s is not a valid .CAF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &caf_chunk_header, sizeof (CAFChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&caf_chunk_header, CAFChunkHeaderFormat); if (!strncmp (caf_chunk_header.mChunkType, ""desc"", 4)) { int supported = TRUE; if (caf_chunk_header.mChunkSize != sizeof (CAFAudioFormat) || !DoReadFile (infile, &caf_audio_format, (uint32_t) caf_chunk_header.mChunkSize, &bcount) || bcount != caf_chunk_header.mChunkSize) { error_line (""%s is not a valid .CAF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &caf_audio_format, (uint32_t) caf_chunk_header.mChunkSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (&caf_audio_format, CAFAudioFormatFormat); if (debug_logging_mode) { char formatstr [5]; memcpy (formatstr, caf_audio_format.mFormatID, 4); formatstr [4] = 0; error_line (""format = %s, flags = %x, sampling rate = %g"", formatstr, caf_audio_format.mFormatFlags, caf_audio_format.mSampleRate); error_line (""packet = %d bytes and %d frames"", caf_audio_format.mBytesPerPacket, caf_audio_format.mFramesPerPacket); error_line (""channels per frame = %d, bits per channel = %d"", caf_audio_format.mChannelsPerFrame, caf_audio_format.mBitsPerChannel); } if (strncmp (caf_audio_format.mFormatID, ""lpcm"", 4) || (caf_audio_format.mFormatFlags & ~3)) supported = FALSE; else if (caf_audio_format.mSampleRate < 1.0 || caf_audio_format.mSampleRate > 16777215.0 || caf_audio_format.mSampleRate != floor (caf_audio_format.mSampleRate)) supported = FALSE; else if (!caf_audio_format.mChannelsPerFrame || caf_audio_format.mChannelsPerFrame > 256) supported = FALSE; else if (caf_audio_format.mBitsPerChannel < 1 || caf_audio_format.mBitsPerChannel > 32 || ((caf_audio_format.mFormatFlags & CAF_FORMAT_FLOAT) && caf_audio_format.mBitsPerChannel != 32)) supported = FALSE; else if (caf_audio_format.mFramesPerPacket != 1 || caf_audio_format.mBytesPerPacket / caf_audio_format.mChannelsPerFrame < (caf_audio_format.mBitsPerChannel + 7) / 8 || caf_audio_format.mBytesPerPacket / caf_audio_format.mChannelsPerFrame > 4 || caf_audio_format.mBytesPerPacket % caf_audio_format.mChannelsPerFrame) supported = FALSE; if (!supported) { error_line (""%s is an unsupported .CAF format!"", infilename); return WAVPACK_SOFT_ERROR; } config->bytes_per_sample = caf_audio_format.mBytesPerPacket / caf_audio_format.mChannelsPerFrame; config->float_norm_exp = (caf_audio_format.mFormatFlags & CAF_FORMAT_FLOAT) ? 127 : 0; config->bits_per_sample = caf_audio_format.mBitsPerChannel; config->num_channels = caf_audio_format.mChannelsPerFrame; config->sample_rate = (int) caf_audio_format.mSampleRate; if (!(caf_audio_format.mFormatFlags & CAF_FORMAT_LITTLE_ENDIAN) && config->bytes_per_sample > 1) config->qmode |= QMODE_BIG_ENDIAN; if (config->bytes_per_sample == 1) config->qmode |= QMODE_SIGNED_BYTES; if (debug_logging_mode) { if (config->float_norm_exp == 127) error_line (""data format: 32-bit %s-endian floating point"", (config->qmode & QMODE_BIG_ENDIAN) ? ""big"" : ""little""); else error_line (""data format: %d-bit %s-endian integers stored in %d byte(s)"", config->bits_per_sample, (config->qmode & QMODE_BIG_ENDIAN) ? ""big"" : ""little"", config->bytes_per_sample); } } else if (!strncmp (caf_chunk_header.mChunkType, ""chan"", 4)) { CAFChannelLayout *caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize); if (caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout) || !DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) || bcount != caf_chunk_header.mChunkSize) { error_line (""%s is not a valid .CAF file!"", infilename); free (caf_channel_layout); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (caf_channel_layout); return WAVPACK_SOFT_ERROR; } WavpackBigEndianToNative (caf_channel_layout, CAFChannelLayoutFormat); chan_chunk = 1; if (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED)) { error_line (""this CAF file already has channel order information!""); free (caf_channel_layout); return WAVPACK_SOFT_ERROR; } switch (caf_channel_layout->mChannelLayoutTag) { case kCAFChannelLayoutTag_UseChannelDescriptions: { CAFChannelDescription *descriptions = (CAFChannelDescription *) (caf_channel_layout + 1); int num_descriptions = caf_channel_layout->mNumberChannelDescriptions; int label, cindex = 0, idents = 0; if (caf_chunk_header.mChunkSize != sizeof (CAFChannelLayout) + sizeof (CAFChannelDescription) * num_descriptions || num_descriptions != config->num_channels) { error_line (""channel descriptions in 'chan' chunk are the wrong size!""); free (caf_channel_layout); return WAVPACK_SOFT_ERROR; } if (num_descriptions >= 256) { error_line (""%d channel descriptions is more than we can handle...ignoring!""); break; } channel_reorder = malloc (num_descriptions); memset (channel_reorder, -1, num_descriptions); channel_identities = malloc (num_descriptions+1); for (i = 0; i < num_descriptions; ++i) { WavpackBigEndianToNative (descriptions + i, CAFChannelDescriptionFormat); if (debug_logging_mode) error_line (""chan %d --> %d"", i + 1, descriptions [i].mChannelLabel); } for (label = 1; label <= 18; ++label) for (i = 0; i < num_descriptions; ++i) if (descriptions [i].mChannelLabel == label) { config->channel_mask |= 1 << (label - 1); channel_reorder [i] = cindex++; break; } for (i = 0; i < num_descriptions; ++i) if (channel_reorder [i] == (unsigned char) -1) { uint32_t clabel = descriptions [i].mChannelLabel; if (clabel == 0 || clabel == 0xffffffff || clabel == 100) channel_identities [idents++] = 0xff; else if ((clabel >= 33 && clabel <= 44) || (clabel >= 200 && clabel <= 207) || (clabel >= 301 && clabel <= 305)) channel_identities [idents++] = clabel >= 301 ? clabel - 80 : clabel; else { error_line (""warning: unknown channel descriptions label: %d"", clabel); channel_identities [idents++] = 0xff; } channel_reorder [i] = cindex++; } for (i = 0; i < num_descriptions; ++i) if (channel_reorder [i] != i) break; if (i == num_descriptions) { free (channel_reorder); channel_reorder = NULL; } else { config->qmode |= QMODE_REORDERED_CHANS; channel_layout = num_descriptions; } if (!idents) { free (channel_identities); channel_identities = NULL; } else channel_identities [idents] = 0; if (debug_logging_mode) { error_line (""layout_tag = 0x%08x, so generated bitmap of 0x%08x from %d descriptions, %d non-MS"", caf_channel_layout->mChannelLayoutTag, config->channel_mask, caf_channel_layout->mNumberChannelDescriptions, idents); if (channel_reorder && num_descriptions <= 8) { char reorder_string [] = ""12345678""; for (i = 0; i < num_descriptions; ++i) reorder_string [i] = channel_reorder [i] + '1'; reorder_string [i] = 0; error_line (""reordering string = \""%s\""\n"", reorder_string); } } } break; case kCAFChannelLayoutTag_UseChannelBitmap: config->channel_mask = caf_channel_layout->mChannelBitmap; if (debug_logging_mode) error_line (""layout_tag = 0x%08x, so using supplied bitmap of 0x%08x"", caf_channel_layout->mChannelLayoutTag, caf_channel_layout->mChannelBitmap); break; default: for (i = 0; i < NUM_LAYOUTS; ++i) if (caf_channel_layout->mChannelLayoutTag == layouts [i].mChannelLayoutTag) { config->channel_mask = layouts [i].mChannelBitmap; channel_layout = layouts [i].mChannelLayoutTag; if (layouts [i].mChannelReorder) { channel_reorder = (unsigned char *) strdup (layouts [i].mChannelReorder); config->qmode |= QMODE_REORDERED_CHANS; } if (layouts [i].mChannelIdentities) channel_identities = (unsigned char *) strdup (layouts [i].mChannelIdentities); if (debug_logging_mode) error_line (""layout_tag 0x%08x found in table, bitmap = 0x%08x, reorder = %s, identities = %s"", channel_layout, config->channel_mask, channel_reorder ? ""yes"" : ""no"", channel_identities ? ""yes"" : ""no""); break; } if (i == NUM_LAYOUTS && debug_logging_mode) error_line (""layout_tag 0x%08x not found in table...all channels unassigned"", caf_channel_layout->mChannelLayoutTag); break; } free (caf_channel_layout); } else if (!strncmp (caf_chunk_header.mChunkType, ""data"", 4)) { uint32_t mEditCount; if (!DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) || bcount != sizeof (mEditCount)) { error_line (""%s is not a valid .CAF file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &mEditCount, sizeof (mEditCount))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } if ((config->qmode & QMODE_IGNORE_LENGTH) || caf_chunk_header.mChunkSize == -1) { config->qmode |= QMODE_IGNORE_LENGTH; if (infilesize && DoGetFilePosition (infile) != -1) total_samples = (infilesize - DoGetFilePosition (infile)) / caf_audio_format.mBytesPerPacket; else total_samples = -1; } else { if (infilesize && infilesize - caf_chunk_header.mChunkSize > 16777216) { error_line ("".CAF file %s has over 16 MB of extra CAFF data, probably is corrupt!"", infilename); return WAVPACK_SOFT_ERROR; } if ((caf_chunk_header.mChunkSize - 4) % caf_audio_format.mBytesPerPacket) { error_line ("".CAF file %s has an invalid data chunk size, probably is corrupt!"", infilename); return WAVPACK_SOFT_ERROR; } total_samples = (caf_chunk_header.mChunkSize - 4) / caf_audio_format.mBytesPerPacket; if (!total_samples) { error_line (""this .CAF file has no audio samples, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (total_samples > MAX_WAVPACK_SAMPLES) { error_line (""%s has too many samples for WavPack!"", infilename); return WAVPACK_SOFT_ERROR; } } break; } else { int bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize; char *buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", caf_chunk_header.mChunkType [0], caf_chunk_header.mChunkType [1], caf_chunk_header.mChunkType [2], caf_chunk_header.mChunkType [3], caf_chunk_header.mChunkSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (!chan_chunk && !config->channel_mask && config->num_channels <= 2 && !(config->qmode & QMODE_CHANS_UNASSIGNED)) config->channel_mask = 0x5 - config->num_channels; if (!WavpackSetConfiguration64 (wpc, config, total_samples, channel_identities)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } if (channel_identities) free (channel_identities); if (channel_layout || channel_reorder) { if (!WavpackSetChannelLayout (wpc, channel_layout, channel_reorder)) { error_line (""problem with setting channel layout (should not happen)""); return WAVPACK_SOFT_ERROR; } if (channel_reorder) free (channel_reorder); } return WAVPACK_NO_ERROR; }",visit repo url,cli/caff.c,https://github.com/dbry/WavPack,208667305048962,1 987,CWE-399,"SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, struct cifs_tcon *tcon, const struct nls_table *cp) { struct smb2_tree_connect_req *req; struct smb2_tree_connect_rsp *rsp = NULL; struct kvec iov[2]; int rc = 0; int resp_buftype; int unc_path_len; struct TCP_Server_Info *server; __le16 *unc_path = NULL; cifs_dbg(FYI, ""TCON\n""); if ((ses->server) && tree) server = ses->server; else return -EIO; if (tcon && tcon->bad_network_name) return -ENOENT; unc_path = kmalloc(MAX_SHARENAME_LENGTH * 2, GFP_KERNEL); if (unc_path == NULL) return -ENOMEM; unc_path_len = cifs_strtoUTF16(unc_path, tree, strlen(tree), cp) + 1; unc_path_len *= 2; if (unc_path_len < 2) { kfree(unc_path); return -EINVAL; } rc = small_smb2_init(SMB2_TREE_CONNECT, tcon, (void **) &req); if (rc) { kfree(unc_path); return rc; } if (tcon == NULL) { req->hdr.SessionId = ses->Suid; } iov[0].iov_base = (char *)req; iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; req->PathOffset = cpu_to_le16(sizeof(struct smb2_tree_connect_req) - 1 - 4 ); req->PathLength = cpu_to_le16(unc_path_len - 2); iov[1].iov_base = unc_path; iov[1].iov_len = unc_path_len; inc_rfc1001_len(req, unc_path_len - 1 ); rc = SendReceive2(xid, ses, iov, 2, &resp_buftype, 0); rsp = (struct smb2_tree_connect_rsp *)iov[0].iov_base; if (rc != 0) { if (tcon) { cifs_stats_fail_inc(tcon, SMB2_TREE_CONNECT_HE); tcon->need_reconnect = true; } goto tcon_error_exit; } if (tcon == NULL) { ses->ipc_tid = rsp->hdr.TreeId; goto tcon_exit; } if (rsp->ShareType & SMB2_SHARE_TYPE_DISK) cifs_dbg(FYI, ""connection to disk share\n""); else if (rsp->ShareType & SMB2_SHARE_TYPE_PIPE) { tcon->ipc = true; cifs_dbg(FYI, ""connection to pipe share\n""); } else if (rsp->ShareType & SMB2_SHARE_TYPE_PRINT) { tcon->print = true; cifs_dbg(FYI, ""connection to printer\n""); } else { cifs_dbg(VFS, ""unknown share type %d\n"", rsp->ShareType); rc = -EOPNOTSUPP; goto tcon_error_exit; } tcon->share_flags = le32_to_cpu(rsp->ShareFlags); tcon->capabilities = rsp->Capabilities; tcon->maximal_access = le32_to_cpu(rsp->MaximalAccess); tcon->tidStatus = CifsGood; tcon->need_reconnect = false; tcon->tid = rsp->hdr.TreeId; strlcpy(tcon->treeName, tree, sizeof(tcon->treeName)); if ((rsp->Capabilities & SMB2_SHARE_CAP_DFS) && ((tcon->share_flags & SHI1005_FLAGS_DFS) == 0)) cifs_dbg(VFS, ""DFS capability contradicts DFS flag\n""); init_copy_chunk_defaults(tcon); if (tcon->ses->server->ops->validate_negotiate) rc = tcon->ses->server->ops->validate_negotiate(xid, tcon); tcon_exit: free_rsp_buf(resp_buftype, rsp); kfree(unc_path); return rc; tcon_error_exit: if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) { cifs_dbg(VFS, ""BAD_NETWORK_NAME: %s\n"", tree); tcon->bad_network_name = true; } goto tcon_exit; }",visit repo url,fs/cifs/smb2pdu.c,https://github.com/torvalds/linux,82968061299687,1 39,CWE-763,"create_spnego_ctx(void) { spnego_gss_ctx_id_t spnego_ctx = NULL; spnego_ctx = (spnego_gss_ctx_id_t) malloc(sizeof (spnego_gss_ctx_id_rec)); if (spnego_ctx == NULL) { return (NULL); } spnego_ctx->magic_num = SPNEGO_MAGIC_ID; spnego_ctx->ctx_handle = GSS_C_NO_CONTEXT; spnego_ctx->mech_set = NULL; spnego_ctx->internal_mech = NULL; spnego_ctx->optionStr = NULL; spnego_ctx->DER_mechTypes.length = 0; spnego_ctx->DER_mechTypes.value = NULL; spnego_ctx->default_cred = GSS_C_NO_CREDENTIAL; spnego_ctx->mic_reqd = 0; spnego_ctx->mic_sent = 0; spnego_ctx->mic_rcvd = 0; spnego_ctx->mech_complete = 0; spnego_ctx->nego_done = 0; spnego_ctx->internal_name = GSS_C_NO_NAME; spnego_ctx->actual_mech = GSS_C_NO_OID; check_spnego_options(spnego_ctx); return (spnego_ctx); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,22212294577402,1 962,['CWE-189'],"ShmDestroyPixmap (PixmapPtr pPixmap) { ScreenPtr pScreen = pPixmap->drawable.pScreen; Bool ret; if (pPixmap->refcnt == 1) { ShmDescPtr shmdesc; shmdesc = (ShmDescPtr)dixLookupPrivate(&pPixmap->devPrivates, shmPixmapPrivate); if (shmdesc) ShmDetachSegment ((pointer) shmdesc, pPixmap->drawable.id); } pScreen->DestroyPixmap = destroyPixmap[pScreen->myNum]; ret = (*pScreen->DestroyPixmap) (pPixmap); destroyPixmap[pScreen->myNum] = pScreen->DestroyPixmap; pScreen->DestroyPixmap = ShmDestroyPixmap; return ret; }",xserver,,,114275247775057693314092594034500147277,0 3163,CWE-125,"chdlc_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, register const u_char *p) { register u_int length = h->len; register u_int caplen = h->caplen; if (caplen < CHDLC_HDRLEN) { ND_PRINT((ndo, ""[|chdlc]"")); return (caplen); } return (chdlc_print(ndo, p,length)); }",visit repo url,print-chdlc.c,https://github.com/the-tcpdump-group/tcpdump,184759667643020,1 214,[],"static __inline__ int is_ip_over_ddp(struct sk_buff *skb) { return skb->data[12] == 22; }",history,,,113347544619783093234830263592641529875,0 5849,['CWE-200'],"static inline void raw_disable_errfilter(struct net_device *dev, struct sock *sk, can_err_mask_t err_mask) { if (err_mask) can_rx_unregister(dev, 0, err_mask | CAN_ERR_FLAG, raw_rcv, sk); }",linux-2.6,,,156369770284345246802242916737855143428,0 1079,['CWE-20'],"asmlinkage long sys_setfsgid(gid_t gid) { int old_fsgid; old_fsgid = current->fsgid; if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) return old_fsgid; if (gid == current->gid || gid == current->egid || gid == current->sgid || gid == current->fsgid || capable(CAP_SETGID)) { if (gid != old_fsgid) { current->mm->dumpable = suid_dumpable; smp_wmb(); } current->fsgid = gid; key_fsgid_changed(current); proc_id_connector(current, PROC_EVENT_GID); } return old_fsgid; }",linux-2.6,,,305070527012871713263015702688583492713,0 3502,['CWE-20'],"struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, struct sctp_chunk *chunk, gfp_t gfp) { struct sctp_association *asoc; struct sk_buff *skb; sctp_scope_t scope; struct sctp_af *af; scope = sctp_scope(sctp_source(chunk)); asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); if (!asoc) goto nodata; asoc->temp = 1; skb = chunk->skb; af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); if (unlikely(!af)) goto fail; af->from_skb(&asoc->c.peer_addr, skb, 1); nodata: return asoc; fail: sctp_association_free(asoc); return NULL; }",linux-2.6,,,153289334868183750530232628242725047682,0 6228,['CWE-200'],"static int ipmr_vif_open(struct inode *inode, struct file *file) { struct seq_file *seq; int rc = -ENOMEM; struct ipmr_vif_iter *s = kmalloc(sizeof(*s), GFP_KERNEL); if (!s) goto out; rc = seq_open(file, &ipmr_vif_seq_ops); if (rc) goto out_kfree; s->ct = 0; seq = file->private_data; seq->private = s; out: return rc; out_kfree: kfree(s); goto out; }",linux-2.6,,,160799007592011367254007097108562554903,0 4937,CWE-190,"exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d, unsigned int ds, ExifLong o, ExifLong s) { if ((o + s < o) || (o + s < s) || (o + s > ds) || (o > ds)) { exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, ""ExifData"", ""Bogus thumbnail offset (%u) or size (%u)."", o, s); return; } if (data->data) exif_mem_free (data->priv->mem, data->data); if (!(data->data = exif_data_alloc (data, s))) { EXIF_LOG_NO_MEMORY (data->priv->log, ""ExifData"", s); data->size = 0; return; } data->size = s; memcpy (data->data, d + o, s); }",visit repo url,libexif/exif-data.c,https://github.com/libexif/libexif,269146537582614,1 2623,CWE-190,"PHPAPI char *php_unescape_html_entities(unsigned char *old, size_t oldlen, size_t *newlen, int all, int flags, char *hint_charset TSRMLS_DC) { size_t retlen; char *ret; enum entity_charset charset; const entity_ht *inverse_map = NULL; size_t new_size = TRAVERSE_FOR_ENTITIES_EXPAND_SIZE(oldlen); if (all) { charset = determine_charset(hint_charset TSRMLS_CC); } else { charset = cs_8859_1; } if (oldlen > new_size) { ret = estrndup((char*)old, oldlen); retlen = oldlen; goto empty_source; } ret = emalloc(new_size); *ret = '\0'; retlen = oldlen; if (retlen == 0) { goto empty_source; } inverse_map = unescape_inverse_map(all, flags); traverse_for_entities(old, oldlen, ret, &retlen, all, flags, inverse_map, charset); empty_source: *newlen = retlen; return ret; }",visit repo url,ext/standard/html.c,https://github.com/php/php-src,235234644562151,1 4247,['CWE-119'],"sctp_disposition_t sctp_sf_do_9_2_prm_shutdown( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { int disposition; sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_SHUTDOWN_PENDING)); disposition = SCTP_DISPOSITION_CONSUME; if (sctp_outq_is_empty(&asoc->outqueue)) { disposition = sctp_sf_do_9_2_start_shutdown(ep, asoc, type, arg, commands); } return disposition; }",linux-2.6,,,173236239600388483928552016558179677572,0 2632,[],"void sctp_sock_rfree(struct sk_buff *skb) { struct sock *sk = skb->sk; struct sctp_ulpevent *event = sctp_skb2event(skb); atomic_sub(event->rmem_len, &sk->sk_rmem_alloc); sk_mem_uncharge(sk, event->rmem_len); }",linux-2.6,,,9111958914728228981418755717892551858,0 1074,['CWE-20'],"asmlinkage long sys_reboot(int magic1, int magic2, unsigned int cmd, void __user * arg) { char buffer[256]; if (!capable(CAP_SYS_BOOT)) return -EPERM; if (magic1 != LINUX_REBOOT_MAGIC1 || (magic2 != LINUX_REBOOT_MAGIC2 && magic2 != LINUX_REBOOT_MAGIC2A && magic2 != LINUX_REBOOT_MAGIC2B && magic2 != LINUX_REBOOT_MAGIC2C)) return -EINVAL; if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !pm_power_off) cmd = LINUX_REBOOT_CMD_HALT; lock_kernel(); switch (cmd) { case LINUX_REBOOT_CMD_RESTART: kernel_restart(NULL); break; case LINUX_REBOOT_CMD_CAD_ON: C_A_D = 1; break; case LINUX_REBOOT_CMD_CAD_OFF: C_A_D = 0; break; case LINUX_REBOOT_CMD_HALT: kernel_halt(); unlock_kernel(); do_exit(0); break; case LINUX_REBOOT_CMD_POWER_OFF: kernel_power_off(); unlock_kernel(); do_exit(0); break; case LINUX_REBOOT_CMD_RESTART2: if (strncpy_from_user(&buffer[0], arg, sizeof(buffer) - 1) < 0) { unlock_kernel(); return -EFAULT; } buffer[sizeof(buffer) - 1] = '\0'; kernel_restart(buffer); break; case LINUX_REBOOT_CMD_KEXEC: kernel_kexec(); unlock_kernel(); return -EINVAL; #ifdef CONFIG_SOFTWARE_SUSPEND case LINUX_REBOOT_CMD_SW_SUSPEND: { int ret = pm_suspend(PM_SUSPEND_DISK); unlock_kernel(); return ret; } #endif default: unlock_kernel(); return -EINVAL; } unlock_kernel(); return 0; }",linux-2.6,,,173489383013473046821238932035550206909,0 5183,CWE-787,"TfLiteStatus EvalQuantized(TfLiteContext* context, TfLiteNode* node, OpData* data, const RuntimeShape& lhs_shape, const TfLiteTensor* lhs, const RuntimeShape& rhs_shape, const TfLiteTensor* rhs, TfLiteTensor* output) { if (lhs->type == kTfLiteFloat32) { TfLiteTensor* input_quantized = GetTemporary(context, node, 2); TfLiteTensor* scaling_factors = GetTemporary(context, node, 3); TfLiteTensor* accum_scratch = GetTemporary(context, node, 4); TfLiteTensor* input_offsets = GetTemporary(context, node, 5); TfLiteTensor* row_sums = GetTemporary(context, node, 6); return EvalHybrid( context, node, data, lhs_shape, lhs, rhs_shape, rhs, input_quantized, scaling_factors, accum_scratch, row_sums, input_offsets, output); } else if (lhs->type == kTfLiteInt8) { return EvalInt8(context, data, lhs_shape, lhs, rhs_shape, rhs, GetTensorShape(output), output); } else { TF_LITE_KERNEL_LOG( context, ""Currently only hybrid and int8 quantization is supported.\n""); return kTfLiteError; } return kTfLiteOk; }",visit repo url,tensorflow/lite/kernels/batch_matmul.cc,https://github.com/tensorflow/tensorflow,256592427905275,1 4984,CWE-125,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 5160,['CWE-20'],"static void vmcs_clear(struct vmcs *vmcs) { u64 phys_addr = __pa(vmcs); u8 error; asm volatile (__ex(ASM_VMX_VMCLEAR_RAX) ""; setna %0"" : ""=g""(error) : ""a""(&phys_addr), ""m""(phys_addr) : ""cc"", ""memory""); if (error) printk(KERN_ERR ""kvm: vmclear fail: %p/%llx\n"", vmcs, phys_addr); }",linux-2.6,,,215308509307343526728745542345227968598,0 113,CWE-824,"_xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, int v) { unsigned int n; if (!xdr_krb5_principal(xdrs, &objp->principal)) { return (FALSE); } if (!xdr_krb5_timestamp(xdrs, &objp->princ_expire_time)) { return (FALSE); } if (!xdr_krb5_timestamp(xdrs, &objp->last_pwd_change)) { return (FALSE); } if (!xdr_krb5_timestamp(xdrs, &objp->pw_expiration)) { return (FALSE); } if (!xdr_krb5_deltat(xdrs, &objp->max_life)) { return (FALSE); } if (!xdr_nulltype(xdrs, (void **) &objp->mod_name, xdr_krb5_principal)) { return (FALSE); } if (!xdr_krb5_timestamp(xdrs, &objp->mod_date)) { return (FALSE); } if (!xdr_krb5_flags(xdrs, &objp->attributes)) { return (FALSE); } if (!xdr_krb5_kvno(xdrs, &objp->kvno)) { return (FALSE); } if (!xdr_krb5_kvno(xdrs, &objp->mkvno)) { return (FALSE); } if (!xdr_nullstring(xdrs, &objp->policy)) { return (FALSE); } if (!xdr_long(xdrs, &objp->aux_attributes)) { return (FALSE); } if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) { return (FALSE); } if (!xdr_krb5_timestamp(xdrs, &objp->last_success)) { return (FALSE); } if (!xdr_krb5_timestamp(xdrs, &objp->last_failed)) { return (FALSE); } if (!xdr_krb5_kvno(xdrs, &objp->fail_auth_count)) { return (FALSE); } if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) { return (FALSE); } if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) { return (FALSE); } if (!xdr_nulltype(xdrs, (void **) &objp->tl_data, xdr_krb5_tl_data)) { return FALSE; } n = objp->n_key_data; if (!xdr_array(xdrs, (caddr_t *) &objp->key_data, &n, ~0, sizeof(krb5_key_data), xdr_krb5_key_data_nocontents)) { return (FALSE); } return (TRUE); }",visit repo url,src/lib/kadm5/kadm_rpc_xdr.c,https://github.com/krb5/krb5,211653660810653,1 5211,CWE-276,"flatpak_transaction_add_ref (FlatpakTransaction *self, const char *remote, FlatpakDecomposed *ref, const char **subpaths, const char **previous_ids, const char *commit, FlatpakTransactionOperationType kind, GFile *bundle, const char *external_metadata, gboolean pin_on_deploy, GError **error) { FlatpakTransactionPrivate *priv = flatpak_transaction_get_instance_private (self); g_autofree char *origin = NULL; g_auto(GStrv) new_subpaths = NULL; const char *pref; g_autofree char *origin_remote = NULL; g_autoptr(FlatpakRemoteState) state = NULL; FlatpakTransactionOperation *op; if (remote_name_is_file (remote)) { gboolean changed_config; g_autofree char *id = flatpak_decomposed_dup_id (ref); origin_remote = flatpak_dir_create_origin_remote (priv->dir, remote, id, ""Local repo"", flatpak_decomposed_get_ref (ref), NULL, NULL, &changed_config, NULL, error); if (origin_remote == NULL) return FALSE; if (changed_config) flatpak_installation_drop_caches (priv->installation, NULL, NULL); g_ptr_array_add (priv->added_origin_remotes, g_strdup (origin_remote)); remote = origin_remote; } pref = flatpak_decomposed_get_pref (ref); if (kind == FLATPAK_TRANSACTION_OPERATION_UPDATE) { g_autoptr(GBytes) deploy_data = NULL; if (!dir_ref_is_installed (priv->dir, ref, &origin, &deploy_data)) return flatpak_fail_error (error, FLATPAK_ERROR_NOT_INSTALLED, _(""%s not installed""), pref); if (flatpak_dir_get_remote_disabled (priv->dir, origin)) { g_debug (_(""Remote %s disabled, ignoring %s update""), origin, pref); return TRUE; } remote = origin; if (subpaths == NULL) { g_autofree const char **old_subpaths = flatpak_deploy_data_get_subpaths (deploy_data); if (flatpak_decomposed_id_has_suffix (ref, "".Locale"")) { g_auto(GStrv) extra_subpaths = flatpak_dir_get_locale_subpaths (priv->dir); new_subpaths = flatpak_subpaths_merge ((char **)old_subpaths, extra_subpaths); } else { new_subpaths = g_strdupv ((char **)old_subpaths); } subpaths = (const char **)new_subpaths; } } else if (kind == FLATPAK_TRANSACTION_OPERATION_INSTALL) { if (!priv->reinstall && dir_ref_is_installed (priv->dir, ref, &origin, NULL)) { if (g_strcmp0 (remote, origin) == 0) return flatpak_fail_error (error, FLATPAK_ERROR_ALREADY_INSTALLED, _(""%s is already installed""), pref); else return flatpak_fail_error (error, FLATPAK_ERROR_DIFFERENT_REMOTE, _(""%s is already installed from remote %s""), pref, origin); } } else if (kind == FLATPAK_TRANSACTION_OPERATION_UNINSTALL) { if (!dir_ref_is_installed (priv->dir, ref, &origin, NULL)) return flatpak_fail_error (error, FLATPAK_ERROR_NOT_INSTALLED, _(""%s not installed""), pref); remote = origin; } g_assert (remote != NULL); if (kind != FLATPAK_TRANSACTION_OPERATION_UNINSTALL) { g_autofree char *arch = flatpak_decomposed_dup_arch (ref); state = flatpak_transaction_ensure_remote_state (self, kind, remote, arch, error); if (state == NULL) return FALSE; } op = flatpak_transaction_add_op (self, remote, ref, subpaths, previous_ids, commit, bundle, kind, pin_on_deploy, error); if (op == NULL) return FALSE; if (external_metadata) op->external_metadata = g_bytes_new (external_metadata, strlen (external_metadata) + 1); return TRUE; }",visit repo url,common/flatpak-transaction.c,https://github.com/flatpak/flatpak,119980450390655,1 6461,NVD-CWE-noinfo,"SaltTextAway(XtermWidget xw, int which, CELL *cellc, CELL *cell) { TScreen *screen = TScreenOf(xw); SelectedCells *scp; int i; int eol; int need = 0; Char *line; Char *lp; CELL first = *cellc; CELL last = *cell; if (which < 0 || which >= MAX_SELECTIONS) { TRACE((""SaltTextAway - which selection?\n"")); return; } scp = &(screen->selected_cells[which]); TRACE((""SaltTextAway which=%d, first=%d,%d, last=%d,%d\n"", which, first.row, first.col, last.row, last.col)); if (isSameRow(&first, &last) && first.col > last.col) { int tmp; EXCHANGE(first.col, last.col, tmp); } --last.col; if (isSameRow(&last, &first)) { need = Length(screen, first.row, first.col, last.col); } else { need += Length(screen, first.row, first.col, screen->max_col) + 1; for (i = first.row + 1; i < last.row; i++) need += Length(screen, i, 0, screen->max_col) + 1; if (last.col >= 0) need += Length(screen, last.row, 0, last.col); } if_OPT_WIDE_CHARS(screen, { need *= 4; }); if (need < 0) return; if (scp->data_limit <= (unsigned) need) { if ((line = (Char *) malloc((size_t) need + 1)) == 0) SysError(ERROR_BMALLOC2); free(scp->data_buffer); scp->data_buffer = line; scp->data_limit = (size_t) (need + 1); } else { line = scp->data_buffer; } if (line == 0) return; line[need] = '\0'; lp = line; if (isSameRow(&last, &first)) { lp = SaveText(screen, last.row, first.col, last.col, lp, &eol); } else { lp = SaveText(screen, first.row, first.col, screen->max_col, lp, &eol); if (eol) *lp++ = '\n'; for (i = first.row + 1; i < last.row; i++) { lp = SaveText(screen, i, 0, screen->max_col, lp, &eol); if (eol) *lp++ = '\n'; } if (last.col >= 0) lp = SaveText(screen, last.row, 0, last.col, lp, &eol); } *lp = '\0'; TRACE((""Salted TEXT:%u:%s\n"", (unsigned) (lp - line), visibleChars(line, (unsigned) (lp - line)))); scp->data_length = (size_t) (lp - line); }",visit repo url,button.c,https://github.com/ThomasDickey/xterm-snapshots,155976331046258,1 2528,['CWE-119'],"static void builtin_checkdiff(const char *name_a, const char *name_b, const char *attr_path, struct diff_filespec *one, struct diff_filespec *two, struct diff_options *o) { mmfile_t mf1, mf2; struct checkdiff_t data; if (!two) return; memset(&data, 0, sizeof(data)); data.xm.consume = checkdiff_consume; data.filename = name_b ? name_b : name_a; data.lineno = 0; data.color_diff = DIFF_OPT_TST(o, COLOR_DIFF); data.ws_rule = whitespace_rule(attr_path); data.file = o->file; if (fill_mmfile(&mf1, one) < 0 || fill_mmfile(&mf2, two) < 0) die(""unable to read files to diff""); if (diff_filespec_is_binary(two)) goto free_and_return; else { xpparam_t xpp; xdemitconf_t xecfg; xdemitcb_t ecb; memset(&xecfg, 0, sizeof(xecfg)); xpp.flags = XDF_NEED_MINIMAL; ecb.outf = xdiff_outf; ecb.priv = &data; xdi_diff(&mf1, &mf2, &xpp, &xecfg, &ecb); } free_and_return: diff_free_filespec_data(one); diff_free_filespec_data(two); if (data.status) DIFF_OPT_SET(o, CHECK_FAILED); }",git,,,237057970208831849366704595040673378350,0 494,[],"void snd_free_pages(void *ptr, size_t size) { int pg; if (ptr == NULL) return; pg = get_order(size); dec_snd_pages(pg); free_pages((unsigned long) ptr, pg); }",linux-2.6,,,138740442001219761064112231531286398957,0 4922,CWE-59,"vrrp_tfile_end_handler(void) { vrrp_tracked_file_t *tfile = LIST_TAIL_DATA(vrrp_data->vrrp_track_files); struct stat statb; FILE *tf; int ret; if (!tfile->file_path) { report_config_error(CONFIG_GENERAL_ERROR, ""No file set for track_file %s - removing"", tfile->fname); free_list_element(vrrp_data->vrrp_track_files, vrrp_data->vrrp_track_files->tail); return; } if (track_file_init == TRACK_FILE_NO_INIT) return; ret = stat(tfile->file_path, &statb); if (!ret) { if (track_file_init == TRACK_FILE_CREATE) { return; } if ((statb.st_mode & S_IFMT) != S_IFREG) { report_config_error(CONFIG_GENERAL_ERROR, ""Cannot initialise track file %s - it is not a regular file"", tfile->fname); return; } if (reload) return; } if (!__test_bit(CONFIG_TEST_BIT, &debug)) { if ((tf = fopen(tfile->file_path, ""w""))) { fprintf(tf, ""%d\n"", track_file_init_value); fclose(tf); } else report_config_error(CONFIG_GENERAL_ERROR, ""Unable to initialise track file %s"", tfile->fname); } }",visit repo url,keepalived/vrrp/vrrp_parser.c,https://github.com/acassen/keepalived,179059557355815,1 4570,CWE-119,"Bool GPAC_EventProc(void *ptr, GF_Event *evt) { if (!term) return 0; if (gui_mode==1) { if (evt->type==GF_EVENT_QUIT) { Run = 0; } else if (evt->type==GF_EVENT_KEYDOWN) { switch (evt->key.key_code) { case GF_KEY_C: if (evt->key.flags & (GF_KEY_MOD_CTRL|GF_KEY_MOD_ALT)) { hide_shell(shell_visible ? 1 : 0); if (shell_visible) gui_mode=2; } break; default: break; } } return 0; } switch (evt->type) { case GF_EVENT_DURATION: Duration = (u64) ( 1000 * (s64) evt->duration.duration); CanSeek = evt->duration.can_seek; break; case GF_EVENT_MESSAGE: { const char *servName; if (!evt->message.service || !strcmp(evt->message.service, the_url)) { servName = """"; } else if (!strnicmp(evt->message.service, ""data:"", 5)) { servName = ""(embedded data)""; } else { servName = evt->message.service; } if (!evt->message.message) return 0; if (evt->message.error) { if (!is_connected) last_error = evt->message.error; if (evt->message.error==GF_SCRIPT_INFO) { GF_LOG(GF_LOG_INFO, GF_LOG_CONSOLE, (""%s\n"", evt->message.message)); } else { GF_LOG(GF_LOG_ERROR, GF_LOG_CONSOLE, (""%s %s: %s\n"", servName, evt->message.message, gf_error_to_string(evt->message.error))); } } else if (!be_quiet) GF_LOG(GF_LOG_INFO, GF_LOG_CONSOLE, (""%s %s\n"", servName, evt->message.message)); } break; case GF_EVENT_PROGRESS: { char *szTitle = """"; if (evt->progress.progress_type==0) { szTitle = ""Buffer ""; if (bench_mode && (bench_mode!=3) ) { if (evt->progress.done >= evt->progress.total) bench_buffer = 0; else bench_buffer = 1 + 100*evt->progress.done / evt->progress.total; break; } } else if (evt->progress.progress_type==1) { if (bench_mode) break; szTitle = ""Download ""; } else if (evt->progress.progress_type==2) szTitle = ""Import ""; gf_set_progress(szTitle, evt->progress.done, evt->progress.total); } break; case GF_EVENT_DBLCLICK: gf_term_set_option(term, GF_OPT_FULLSCREEN, !gf_term_get_option(term, GF_OPT_FULLSCREEN)); return 0; case GF_EVENT_MOUSEDOWN: if (evt->mouse.button==GF_MOUSE_RIGHT) { right_down = 1; last_x = evt->mouse.x; last_y = evt->mouse.y; } return 0; case GF_EVENT_MOUSEUP: if (evt->mouse.button==GF_MOUSE_RIGHT) { right_down = 0; last_x = evt->mouse.x; last_y = evt->mouse.y; } return 0; case GF_EVENT_MOUSEMOVE: if (right_down && (user.init_flags & GF_TERM_WINDOWLESS) ) { GF_Event move; move.move.x = evt->mouse.x - last_x; move.move.y = last_y-evt->mouse.y; move.type = GF_EVENT_MOVE; move.move.relative = 1; gf_term_user_event(term, &move); } return 0; case GF_EVENT_KEYUP: switch (evt->key.key_code) { case GF_KEY_SPACE: if (evt->key.flags & GF_KEY_MOD_CTRL) switch_bench(!bench_mode); break; } break; case GF_EVENT_KEYDOWN: gf_term_process_shortcut(term, evt); switch (evt->key.key_code) { case GF_KEY_SPACE: if (evt->key.flags & GF_KEY_MOD_CTRL) { if (!bench_mode) switch_bench(!bench_mode); } break; case GF_KEY_PAGEDOWN: case GF_KEY_MEDIANEXTTRACK: request_next_playlist_item = 1; break; case GF_KEY_MEDIAPREVIOUSTRACK: break; case GF_KEY_ESCAPE: gf_term_set_option(term, GF_OPT_FULLSCREEN, !gf_term_get_option(term, GF_OPT_FULLSCREEN)); break; case GF_KEY_C: if (evt->key.flags & (GF_KEY_MOD_CTRL|GF_KEY_MOD_ALT)) { hide_shell(shell_visible ? 1 : 0); if (!shell_visible) gui_mode=1; } break; case GF_KEY_F: if (evt->key.flags & GF_KEY_MOD_CTRL) fprintf(stderr, ""Rendering rate: %f FPS\n"", gf_term_get_framerate(term, 0)); break; case GF_KEY_T: if (evt->key.flags & GF_KEY_MOD_CTRL) fprintf(stderr, ""Scene Time: %f \n"", gf_term_get_time_in_ms(term)/1000.0); break; case GF_KEY_D: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_DRAW_MODE, (gf_term_get_option(term, GF_OPT_DRAW_MODE)==GF_DRAW_MODE_DEFER) ? GF_DRAW_MODE_IMMEDIATE : GF_DRAW_MODE_DEFER ); break; case GF_KEY_4: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_4_3); break; case GF_KEY_5: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_16_9); break; case GF_KEY_6: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_FILL_SCREEN); break; case GF_KEY_7: if (evt->key.flags & GF_KEY_MOD_CTRL) gf_term_set_option(term, GF_OPT_ASPECT_RATIO, GF_ASPECT_RATIO_KEEP); break; case GF_KEY_O: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { if (gf_term_get_option(term, GF_OPT_MAIN_ADDON)) { fprintf(stderr, ""Resuming to main content\n""); gf_term_set_option(term, GF_OPT_PLAY_STATE, GF_STATE_PLAY_LIVE); } else { fprintf(stderr, ""Main addon not enabled\n""); } } break; case GF_KEY_P: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { u32 pause_state = gf_term_get_option(term, GF_OPT_PLAY_STATE) ; fprintf(stderr, ""[Status: %s]\n"", pause_state ? ""Playing"" : ""Paused""); if ((pause_state == GF_STATE_PAUSED) && (evt->key.flags & GF_KEY_MOD_SHIFT)) { gf_term_set_option(term, GF_OPT_PLAY_STATE, GF_STATE_PLAY_LIVE); } else { gf_term_set_option(term, GF_OPT_PLAY_STATE, (pause_state==GF_STATE_PAUSED) ? GF_STATE_PLAYING : GF_STATE_PAUSED); } } break; case GF_KEY_S: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { gf_term_set_option(term, GF_OPT_PLAY_STATE, GF_STATE_STEP_PAUSE); fprintf(stderr, ""Step time: ""); PrintTime(gf_term_get_time_in_ms(term)); fprintf(stderr, ""\n""); } break; case GF_KEY_B: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) ViewODs(term, 1); break; case GF_KEY_M: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) ViewODs(term, 0); break; case GF_KEY_H: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { gf_term_switch_quality(term, 1); } break; case GF_KEY_L: if ((evt->key.flags & GF_KEY_MOD_CTRL) && is_connected) { gf_term_switch_quality(term, 0); } break; case GF_KEY_F5: if (is_connected) reload = 1; break; case GF_KEY_A: addon_visible = !addon_visible; gf_term_toggle_addons(term, addon_visible); break; case GF_KEY_UP: if ((evt->key.flags & VK_MOD) && is_connected) { do_set_speed(playback_speed * 2); } break; case GF_KEY_DOWN: if ((evt->key.flags & VK_MOD) && is_connected) { do_set_speed(playback_speed / 2); } break; case GF_KEY_LEFT: if ((evt->key.flags & VK_MOD) && is_connected) { do_set_speed(-1 * playback_speed ); } break; } break; case GF_EVENT_CONNECT: if (evt->connect.is_connected) { is_connected = 1; fprintf(stderr, ""Service Connected\n""); eos_seen = GF_FALSE; if (playback_speed != FIX_ONE) gf_term_set_speed(term, playback_speed); } else if (is_connected) { fprintf(stderr, ""Service %s\n"", is_connected ? ""Disconnected"" : ""Connection Failed""); is_connected = 0; Duration = 0; } if (init_w && init_h) { gf_term_set_size(term, init_w, init_h); } ResetCaption(); break; case GF_EVENT_EOS: eos_seen = GF_TRUE; if (playlist) { if (Duration>1500) request_next_playlist_item = GF_TRUE; } else if (loop_at_end) { restart = 1; } break; case GF_EVENT_SIZE: if (user.init_flags & GF_TERM_WINDOWLESS) { GF_Event move; move.type = GF_EVENT_MOVE; move.move.align_x = align_mode & 0xFF; move.move.align_y = (align_mode>>8) & 0xFF; move.move.relative = 2; gf_term_user_event(term, &move); } break; case GF_EVENT_SCENE_SIZE: if (forced_width && forced_height) { GF_Event size; size.type = GF_EVENT_SIZE; size.size.width = forced_width; size.size.height = forced_height; gf_term_user_event(term, &size); } break; case GF_EVENT_METADATA: ResetCaption(); break; case GF_EVENT_RELOAD: if (is_connected) reload = 1; break; case GF_EVENT_DROPFILE: { u32 i, pos; if (readonly_playlist) { gf_fclose(playlist); playlist = NULL; } readonly_playlist = 0; if (!playlist) { readonly_playlist = 0; playlist = gf_temp_file_new(NULL); } pos = ftell(playlist); i=0; while (iopen_file.nb_files) { if (evt->open_file.files[i] != NULL) { fprintf(playlist, ""%s\n"", evt->open_file.files[i]); } i++; } fseek(playlist, pos, SEEK_SET); request_next_playlist_item = 1; } return 1; case GF_EVENT_QUIT: if (evt->message.error) { fprintf(stderr, ""A fatal error was encoutered: %s (%s) - exiting ...\n"", evt->message.message ? evt->message.message : ""no details"", gf_error_to_string(evt->message.error) ); } Run = 0; break; case GF_EVENT_DISCONNECT: gf_term_disconnect(term); break; case GF_EVENT_MIGRATE: { } break; case GF_EVENT_NAVIGATE_INFO: if (evt->navigate.to_url) fprintf(stderr, ""Go to URL: \""%s\""\r"", evt->navigate.to_url); break; case GF_EVENT_NAVIGATE: if (gf_term_is_supported_url(term, evt->navigate.to_url, 1, no_mime_check)) { strcpy(the_url, evt->navigate.to_url); fprintf(stderr, ""Navigating to URL %s\n"", the_url); gf_term_navigate_to(term, evt->navigate.to_url); return 1; } else { fprintf(stderr, ""Navigation destination not supported\nGo to URL: %s\n"", evt->navigate.to_url); } break; case GF_EVENT_SET_CAPTION: gf_term_user_event(term, evt); break; case GF_EVENT_AUTHORIZATION: { int maxTries = 1; assert( evt->type == GF_EVENT_AUTHORIZATION); assert( evt->auth.user); assert( evt->auth.password); assert( evt->auth.site_url); while ((!strlen(evt->auth.user) || !strlen(evt->auth.password)) && (maxTries--) >= 0) { fprintf(stderr, ""**** Authorization required for site %s ****\n"", evt->auth.site_url); fprintf(stderr, ""login : ""); read_line_input(evt->auth.user, 50, 1); fprintf(stderr, ""\npassword: ""); read_line_input(evt->auth.password, 50, 0); fprintf(stderr, ""*********\n""); } if (maxTries < 0) { fprintf(stderr, ""**** No User or password has been filled, aborting ***\n""); return 0; } return 1; } case GF_EVENT_ADDON_DETECTED: if (enable_add_ons) { fprintf(stderr, ""Media Addon %s detected - enabling it\n"", evt->addon_connect.addon_url); addon_visible = 1; } return enable_add_ons; } return 0; }",visit repo url,applications/mp4client/main.c,https://github.com/gpac/gpac,70700846870518,1 5316,CWE-787,"static int do_i2c_loop(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { uint chip; int alen; uint addr; uint length; u_char bytes[16]; int delay; int ret; #if CONFIG_IS_ENABLED(DM_I2C) struct udevice *dev; #endif if (argc < 3) return CMD_RET_USAGE; chip = hextoul(argv[1], NULL); addr = hextoul(argv[2], NULL); alen = get_alen(argv[2], DEFAULT_ADDR_LEN); if (alen > 3) return CMD_RET_USAGE; #if CONFIG_IS_ENABLED(DM_I2C) ret = i2c_get_cur_bus_chip(chip, &dev); if (!ret && alen != -1) ret = i2c_set_chip_offset_len(dev, alen); if (ret) return i2c_report_err(ret, I2C_ERR_WRITE); #endif length = 1; length = hextoul(argv[3], NULL); if (length > sizeof(bytes)) length = sizeof(bytes); delay = 1000; if (argc > 3) delay = dectoul(argv[4], NULL); while (1) { #if CONFIG_IS_ENABLED(DM_I2C) ret = dm_i2c_read(dev, addr, bytes, length); #else ret = i2c_read(chip, addr, alen, bytes, length); #endif if (ret) i2c_report_err(ret, I2C_ERR_READ); udelay(delay); } return 0; }",visit repo url,cmd/i2c.c,https://github.com/u-boot/u-boot,173935704254909,1 2715,[],"SCTP_STATIC int sctp_setsockopt_bindx(struct sock* sk, struct sockaddr __user *addrs, int addrs_size, int op) { struct sockaddr *kaddrs; int err; int addrcnt = 0; int walk_size = 0; struct sockaddr *sa_addr; void *addr_buf; struct sctp_af *af; SCTP_DEBUG_PRINTK(""sctp_setsocktopt_bindx: sk %p addrs %p"" "" addrs_size %d opt %d\n"", sk, addrs, addrs_size, op); if (unlikely(addrs_size <= 0)) return -EINVAL; if (unlikely(!access_ok(VERIFY_READ, addrs, addrs_size))) return -EFAULT; kaddrs = kmalloc(addrs_size, GFP_KERNEL); if (unlikely(!kaddrs)) return -ENOMEM; if (__copy_from_user(kaddrs, addrs, addrs_size)) { kfree(kaddrs); return -EFAULT; } addr_buf = kaddrs; while (walk_size < addrs_size) { sa_addr = (struct sockaddr *)addr_buf; af = sctp_get_af_specific(sa_addr->sa_family); if (!af || (walk_size + af->sockaddr_len) > addrs_size) { kfree(kaddrs); return -EINVAL; } addrcnt++; addr_buf += af->sockaddr_len; walk_size += af->sockaddr_len; } switch (op) { case SCTP_BINDX_ADD_ADDR: err = sctp_bindx_add(sk, kaddrs, addrcnt); if (err) goto out; err = sctp_send_asconf_add_ip(sk, kaddrs, addrcnt); break; case SCTP_BINDX_REM_ADDR: err = sctp_bindx_rem(sk, kaddrs, addrcnt); if (err) goto out; err = sctp_send_asconf_del_ip(sk, kaddrs, addrcnt); break; default: err = -EINVAL; break; } out: kfree(kaddrs); return err; }",linux-2.6,,,254491089165663997124406649302610738520,0 3232,CWE-125,"esis_print(netdissect_options *ndo, const uint8_t *pptr, u_int length) { const uint8_t *optr; u_int li,esis_pdu_type,source_address_length, source_address_number; const struct esis_header_t *esis_header; if (!ndo->ndo_eflag) ND_PRINT((ndo, ""ES-IS"")); if (length <= 2) { ND_PRINT((ndo, ndo->ndo_qflag ? ""bad pkt!"" : ""no header at all!"")); return; } esis_header = (const struct esis_header_t *) pptr; ND_TCHECK(*esis_header); li = esis_header->length_indicator; optr = pptr; if (esis_header->nlpid != NLPID_ESIS) { ND_PRINT((ndo, "" nlpid 0x%02x packet not supported"", esis_header->nlpid)); return; } if (esis_header->version != ESIS_VERSION) { ND_PRINT((ndo, "" version %d packet not supported"", esis_header->version)); return; } if (li > length) { ND_PRINT((ndo, "" length indicator(%u) > PDU size (%u)!"", li, length)); return; } if (li < sizeof(struct esis_header_t) + 2) { ND_PRINT((ndo, "" length indicator %u < min PDU size:"", li)); while (pptr < ndo->ndo_snapend) ND_PRINT((ndo, ""%02X"", *pptr++)); return; } esis_pdu_type = esis_header->type & ESIS_PDU_TYPE_MASK; if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, ""%s%s, length %u"", ndo->ndo_eflag ? """" : "", "", tok2str(esis_pdu_values,""unknown type (%u)"",esis_pdu_type), length)); return; } else ND_PRINT((ndo, ""%slength %u\n\t%s (%u)"", ndo->ndo_eflag ? """" : "", "", length, tok2str(esis_pdu_values,""unknown type: %u"", esis_pdu_type), esis_pdu_type)); ND_PRINT((ndo, "", v: %u%s"", esis_header->version, esis_header->version == ESIS_VERSION ? """" : ""unsupported"" )); ND_PRINT((ndo, "", checksum: 0x%04x"", EXTRACT_16BITS(esis_header->cksum))); osi_print_cksum(ndo, pptr, EXTRACT_16BITS(esis_header->cksum), 7, li); ND_PRINT((ndo, "", holding time: %us, length indicator: %u"", EXTRACT_16BITS(esis_header->holdtime), li)); if (ndo->ndo_vflag > 1) print_unknown_data(ndo, optr, ""\n\t"", sizeof(struct esis_header_t)); pptr += sizeof(struct esis_header_t); li -= sizeof(struct esis_header_t); switch (esis_pdu_type) { case ESIS_PDU_REDIRECT: { const uint8_t *dst, *snpa, *neta; u_int dstl, snpal, netal; ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad redirect/li"")); return; } dstl = *pptr; pptr++; li--; ND_TCHECK2(*pptr, dstl); if (li < dstl) { ND_PRINT((ndo, "", bad redirect/li"")); return; } dst = pptr; pptr += dstl; li -= dstl; ND_PRINT((ndo, ""\n\t %s"", isonsap_string(ndo, dst, dstl))); ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad redirect/li"")); return; } snpal = *pptr; pptr++; li--; ND_TCHECK2(*pptr, snpal); if (li < snpal) { ND_PRINT((ndo, "", bad redirect/li"")); return; } snpa = pptr; pptr += snpal; li -= snpal; ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad redirect/li"")); return; } netal = *pptr; pptr++; ND_TCHECK2(*pptr, netal); if (li < netal) { ND_PRINT((ndo, "", bad redirect/li"")); return; } neta = pptr; pptr += netal; li -= netal; if (netal == 0) ND_PRINT((ndo, ""\n\t %s"", etheraddr_string(ndo, snpa))); else ND_PRINT((ndo, ""\n\t %s"", isonsap_string(ndo, neta, netal))); break; } case ESIS_PDU_ESH: ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad esh/li"")); return; } source_address_number = *pptr; pptr++; li--; ND_PRINT((ndo, ""\n\t Number of Source Addresses: %u"", source_address_number)); while (source_address_number > 0) { ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad esh/li"")); return; } source_address_length = *pptr; pptr++; li--; ND_TCHECK2(*pptr, source_address_length); if (li < source_address_length) { ND_PRINT((ndo, "", bad esh/li"")); return; } ND_PRINT((ndo, ""\n\t NET (length: %u): %s"", source_address_length, isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; source_address_number--; } break; case ESIS_PDU_ISH: { ND_TCHECK(*pptr); if (li < 1) { ND_PRINT((ndo, "", bad ish/li"")); return; } source_address_length = *pptr; pptr++; li--; ND_TCHECK2(*pptr, source_address_length); if (li < source_address_length) { ND_PRINT((ndo, "", bad ish/li"")); return; } ND_PRINT((ndo, ""\n\t NET (length: %u): %s"", source_address_length, isonsap_string(ndo, pptr, source_address_length))); pptr += source_address_length; li -= source_address_length; break; } default: if (ndo->ndo_vflag <= 1) { if (pptr < ndo->ndo_snapend) print_unknown_data(ndo, pptr, ""\n\t "", ndo->ndo_snapend - pptr); } return; } while (li != 0) { u_int op, opli; const uint8_t *tptr; if (li < 2) { ND_PRINT((ndo, "", bad opts/li"")); return; } ND_TCHECK2(*pptr, 2); op = *pptr++; opli = *pptr++; li -= 2; if (opli > li) { ND_PRINT((ndo, "", opt (%d) too long"", op)); return; } li -= opli; tptr = pptr; ND_PRINT((ndo, ""\n\t %s Option #%u, length %u, value: "", tok2str(esis_option_values,""Unknown"",op), op, opli)); switch (op) { case ESIS_OPTION_ES_CONF_TIME: if (opli == 2) { ND_TCHECK2(*pptr, 2); ND_PRINT((ndo, ""%us"", EXTRACT_16BITS(tptr))); } else ND_PRINT((ndo, ""(bad length)"")); break; case ESIS_OPTION_PROTOCOLS: while (opli>0) { ND_TCHECK(*pptr); ND_PRINT((ndo, ""%s (0x%02x)"", tok2str(nlpid_values, ""unknown"", *tptr), *tptr)); if (opli>1) ND_PRINT((ndo, "", "")); tptr++; opli--; } break; case ESIS_OPTION_QOS_MAINTENANCE: case ESIS_OPTION_SECURITY: case ESIS_OPTION_PRIORITY: case ESIS_OPTION_ADDRESS_MASK: case ESIS_OPTION_SNPA_MASK: default: print_unknown_data(ndo, tptr, ""\n\t "", opli); break; } if (ndo->ndo_vflag > 1) print_unknown_data(ndo, pptr, ""\n\t "", opli); pptr += opli; } trunc: return; }",visit repo url,print-isoclns.c,https://github.com/the-tcpdump-group/tcpdump,179016235888162,1 2672,[],"static int sctp_send_asconf(struct sctp_association *asoc, struct sctp_chunk *chunk) { int retval = 0; if (asoc->addip_last_asconf) { list_add_tail(&chunk->list, &asoc->addip_chunk_list); goto out; } sctp_chunk_hold(chunk); retval = sctp_primitive_ASCONF(asoc, chunk); if (retval) sctp_chunk_free(chunk); else asoc->addip_last_asconf = chunk; out: return retval; }",linux-2.6,,,152988001145751869813708670606221457203,0 667,[],"jpc_cstate_t *jpc_cstate_create() { jpc_cstate_t *cstate; if (!(cstate = jas_malloc(sizeof(jpc_cstate_t)))) { return 0; } cstate->numcomps = 0; return cstate; }",jasper,,,128463143019328044798329912327076715904,0 722,[],"static int jpc_qcc_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_qcc_t *qcc = &ms->parms.qcc; if (cstate->numcomps <= 256) { if (jpc_putuint8(out, qcc->compno)) { return -1; } } else { if (jpc_putuint16(out, qcc->compno)) { return -1; } } if (jpc_qcx_putcompparms(&qcc->compparms, cstate, out)) { return -1; } return 0; }",jasper,,,93251889604789031108600601968809656947,0 3994,['CWE-362'],"static inline void inotify_destroy(struct inotify_handle *ih) { }",linux-2.6,,,271975902982911399501562822448260749558,0 3775,[],"static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags) { struct sockaddr_un *sunaddr=(struct sockaddr_un *)uaddr; struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk), *newu, *otheru; struct sock *newsk = NULL; struct sock *other = NULL; struct sk_buff *skb = NULL; unsigned hash; int st; int err; long timeo; err = unix_mkname(sunaddr, addr_len, &hash); if (err < 0) goto out; addr_len = err; if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr && (err = unix_autobind(sock)) != 0) goto out; timeo = sock_sndtimeo(sk, flags & O_NONBLOCK); err = -ENOMEM; newsk = unix_create1(NULL); if (newsk == NULL) goto out; skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL); if (skb == NULL) goto out; restart: other = unix_find_other(sunaddr, addr_len, sk->sk_type, hash, &err); if (!other) goto out; unix_state_lock(other); if (sock_flag(other, SOCK_DEAD)) { unix_state_unlock(other); sock_put(other); goto restart; } err = -ECONNREFUSED; if (other->sk_state != TCP_LISTEN) goto out_unlock; if (skb_queue_len(&other->sk_receive_queue) > other->sk_max_ack_backlog) { err = -EAGAIN; if (!timeo) goto out_unlock; timeo = unix_wait_for_peer(other, timeo); err = sock_intr_errno(timeo); if (signal_pending(current)) goto out; sock_put(other); goto restart; } st = sk->sk_state; switch (st) { case TCP_CLOSE: break; case TCP_ESTABLISHED: err = -EISCONN; goto out_unlock; default: err = -EINVAL; goto out_unlock; } unix_state_lock_nested(sk); if (sk->sk_state != st) { unix_state_unlock(sk); unix_state_unlock(other); sock_put(other); goto restart; } err = security_unix_stream_connect(sock, other->sk_socket, newsk); if (err) { unix_state_unlock(sk); goto out_unlock; } sock_hold(sk); unix_peer(newsk) = sk; newsk->sk_state = TCP_ESTABLISHED; newsk->sk_type = sk->sk_type; newsk->sk_peercred.pid = current->tgid; newsk->sk_peercred.uid = current->euid; newsk->sk_peercred.gid = current->egid; newu = unix_sk(newsk); newsk->sk_sleep = &newu->peer_wait; otheru = unix_sk(other); if (otheru->addr) { atomic_inc(&otheru->addr->refcnt); newu->addr = otheru->addr; } if (otheru->dentry) { newu->dentry = dget(otheru->dentry); newu->mnt = mntget(otheru->mnt); } sk->sk_peercred = other->sk_peercred; sock->state = SS_CONNECTED; sk->sk_state = TCP_ESTABLISHED; sock_hold(newsk); smp_mb__after_atomic_inc(); unix_peer(sk) = newsk; unix_state_unlock(sk); spin_lock(&other->sk_receive_queue.lock); __skb_queue_tail(&other->sk_receive_queue, skb); spin_unlock(&other->sk_receive_queue.lock); unix_state_unlock(other); other->sk_data_ready(other, 0); sock_put(other); return 0; out_unlock: if (other) unix_state_unlock(other); out: if (skb) kfree_skb(skb); if (newsk) unix_release_sock(newsk, 0); if (other) sock_put(other); return err; }",linux-2.6,,,282953059578954739780166620026070881913,0 4898,CWE-190,"static void ExportIndexQuantum(const Image *image,QuantumInfo *quantum_info, const MagickSizeType number_pixels,const PixelPacket *magick_restrict p, const IndexPacket *magick_restrict indexes,unsigned char *magick_restrict q, ExceptionInfo *exception) { ssize_t x; ssize_t bit; if (image->storage_class != PseudoClass) { (void) ThrowMagickException(exception,GetMagickModule(),ImageError, ""ColormappedImageRequired"",""`%s'"",image->filename); return; } switch (quantum_info->depth) { case 1: { unsigned char pixel; for (x=((ssize_t) number_pixels-7); x > 0; x-=8) { pixel=(unsigned char) *indexes++; *q=((pixel & 0x01) << 7); pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 6); pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 5); pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 4); pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 3); pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 2); pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 1); pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 0); q++; } if ((number_pixels % 8) != 0) { *q='\0'; for (bit=7; bit >= (ssize_t) (8-(number_pixels % 8)); bit--) { pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << (unsigned char) bit); } q++; } break; } case 4: { unsigned char pixel; for (x=0; x < (ssize_t) (number_pixels-1) ; x+=2) { pixel=(unsigned char) *indexes++; *q=((pixel & 0xf) << 4); pixel=(unsigned char) *indexes++; *q|=((pixel & 0xf) << 0); q++; } if ((number_pixels % 2) != 0) { pixel=(unsigned char) *indexes++; *q=((pixel & 0xf) << 4); q++; } break; } case 8: { for (x=0; x < (ssize_t) number_pixels; x++) { q=PopCharPixel((unsigned char) GetPixelIndex(indexes+x),q); q+=quantum_info->pad; } break; } case 16: { if (quantum_info->format == FloatingPointQuantumFormat) { for (x=0; x < (ssize_t) number_pixels; x++) { q=PopShortPixel(quantum_info->endian,SinglePrecisionToHalf(QuantumScale* GetPixelIndex(indexes+x)),q); q+=quantum_info->pad; } break; } for (x=0; x < (ssize_t) number_pixels; x++) { q=PopShortPixel(quantum_info->endian,(unsigned short) GetPixelIndex(indexes+x),q); q+=quantum_info->pad; } break; } case 32: { if (quantum_info->format == FloatingPointQuantumFormat) { for (x=0; x < (ssize_t) number_pixels; x++) { q=PopFloatPixel(quantum_info,(float) GetPixelIndex(indexes+x),q); p++; q+=quantum_info->pad; } break; } for (x=0; x < (ssize_t) number_pixels; x++) { q=PopLongPixel(quantum_info->endian,(unsigned int) GetPixelIndex(indexes+x),q); q+=quantum_info->pad; } break; } case 64: { if (quantum_info->format == FloatingPointQuantumFormat) { for (x=0; x < (ssize_t) number_pixels; x++) { q=PopDoublePixel(quantum_info,(double) GetPixelIndex(indexes+x), q); p++; q+=quantum_info->pad; } break; } } default: { for (x=0; x < (ssize_t) number_pixels; x++) { q=PopQuantumPixel(quantum_info, GetPixelIndex(indexes+x),q); p++; q+=quantum_info->pad; } break; } } }",visit repo url,magick/quantum-export.c,https://github.com/ImageMagick/ImageMagick6,45943383953965,1 6372,CWE-787,"write_node(FILE *out, tree_t *t, int col) { int i; uchar *ptr, *entity, *src, *realsrc, newsrc[1024]; if (out == NULL) return (0); switch (t->markup) { case MARKUP_NONE : if (t->data == NULL) break; if (t->preformatted) { for (ptr = t->data; *ptr; ptr ++) fputs((char *)iso8859(*ptr), out); if (t->data[strlen((char *)t->data) - 1] == '\n') col = 0; else col += strlen((char *)t->data); } else { if ((col + (int)strlen((char *)t->data)) > 72 && col > 0) { putc('\n', out); col = 0; } for (ptr = t->data; *ptr; ptr ++) fputs((char *)iso8859(*ptr), out); col += strlen((char *)t->data); if (col > 72) { putc('\n', out); col = 0; } } break; case MARKUP_COMMENT : case MARKUP_UNKNOWN : fputs(""\n\n"", out); col = 0; break; case MARKUP_AREA : case MARKUP_BODY : case MARKUP_DOCTYPE : case MARKUP_ERROR : case MARKUP_FILE : case MARKUP_HEAD : case MARKUP_HTML : case MARKUP_MAP : case MARKUP_META : case MARKUP_TITLE : break; case MARKUP_BR : case MARKUP_CENTER : case MARKUP_DD : case MARKUP_DL : case MARKUP_DT : case MARKUP_H1 : case MARKUP_H2 : case MARKUP_H3 : case MARKUP_H4 : case MARKUP_H5 : case MARKUP_H6 : case MARKUP_H7 : case MARKUP_H8 : case MARKUP_H9 : case MARKUP_H10 : case MARKUP_H11 : case MARKUP_H12 : case MARKUP_H13 : case MARKUP_H14 : case MARKUP_H15 : case MARKUP_HR : case MARKUP_LI : case MARKUP_OL : case MARKUP_P : case MARKUP_PRE : case MARKUP_TABLE : case MARKUP_TR : case MARKUP_UL : if (col > 0) { putc('\n', out); col = 0; } default : if (t->markup == MARKUP_IMG && (src = htmlGetVariable(t, (uchar *)""SRC"")) != NULL && (realsrc = htmlGetVariable(t, (uchar *)""REALSRC"")) != NULL) { if (file_method((char *)src) == NULL && src[0] != '/' && src[0] != '\\' && (!isalpha(src[0]) || src[1] != ':')) { image_copy((char *)src, (char *)realsrc, OutputPath); strlcpy((char *)newsrc, file_basename((char *)src), sizeof(newsrc)); htmlSetVariable(t, (uchar *)""SRC"", newsrc); } } if (t->markup != MARKUP_EMBED) { col += fprintf(out, ""<%s"", _htmlMarkups[t->markup]); for (i = 0; i < t->nvars; i ++) { if (strcasecmp((char *)t->vars[i].name, ""BREAK"") == 0 && t->markup == MARKUP_HR) continue; if (strcasecmp((char *)t->vars[i].name, ""REALSRC"") == 0 && t->markup == MARKUP_IMG) continue; if (strncasecmp((char *)t->vars[i].name, ""_HD_"", 4) == 0) continue; if (col > 72 && !t->preformatted) { putc('\n', out); col = 0; } if (col > 0) { putc(' ', out); col ++; } if (t->vars[i].value == NULL) col += fprintf(out, ""%s"", t->vars[i].name); else { col += fprintf(out, ""%s=\"""", t->vars[i].name); for (ptr = t->vars[i].value; *ptr; ptr ++) { entity = iso8859(*ptr); fputs((char *)entity, out); col += strlen((char *)entity); } putc('\""', out); col ++; } } putc('>', out); col ++; if (col > 72 && !t->preformatted) { putc('\n', out); col = 0; } } break; } return (col); }",visit repo url,htmldoc/htmlsep.cxx,https://github.com/michaelrsweet/htmldoc,178787876800300,1 2589,CWE-362,"multi_process_incoming_link(struct multi_context *m, struct multi_instance *instance, const unsigned int mpp_flags) { struct gc_arena gc = gc_new(); struct context *c; struct mroute_addr src, dest; unsigned int mroute_flags; struct multi_instance *mi; bool ret = true; bool floated = false; if (m->pending) { return true; } if (!instance) { #ifdef MULTI_DEBUG_EVENT_LOOP printf(""TCP/UDP -> TUN [%d]\n"", BLEN(&m->top.c2.buf)); #endif multi_set_pending(m, multi_get_create_instance_udp(m, &floated)); } else { multi_set_pending(m, instance); } if (m->pending) { set_prefix(m->pending); c = &m->pending->context; if (!instance) { c->c2.buf = m->top.c2.buf; if (!floated) { c->c2.from = m->top.c2.from; } } if (BLEN(&c->c2.buf) > 0) { struct link_socket_info *lsi; const uint8_t *orig_buf; perf_push(PERF_PROC_IN_LINK); lsi = get_link_socket_info(c); orig_buf = c->c2.buf.data; if (process_incoming_link_part1(c, lsi, floated)) { if (floated) { multi_process_float(m, m->pending); } process_incoming_link_part2(c, lsi, orig_buf); } perf_pop(); if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TUN) { mroute_flags = mroute_extract_addr_from_packet(&src, &dest, NULL, NULL, 0, &c->c2.to_tun, DEV_TYPE_TUN); if (!(mroute_flags & MROUTE_EXTRACT_SUCCEEDED)) { c->c2.to_tun.len = 0; } else if (multi_get_instance_by_virtual_addr(m, &src, true) != m->pending) { if ( (src.type & MR_ADDR_MASK) == MR_ADDR_IPV6 && IN6_IS_ADDR_LINKLOCAL(&src.v6.addr) ) { } else { msg(D_MULTI_DROPPED, ""MULTI: bad source address from client [%s], packet dropped"", mroute_addr_print(&src, &gc)); } c->c2.to_tun.len = 0; } else if (m->enable_c2c) { if (mroute_flags & MROUTE_EXTRACT_MCAST) { multi_bcast(m, &c->c2.to_tun, m->pending, NULL, 0); } else { ASSERT(!(mroute_flags & MROUTE_EXTRACT_BCAST)); mi = multi_get_instance_by_virtual_addr(m, &dest, true); if (mi) { #ifdef ENABLE_PF if (!pf_c2c_test(&c->c2.pf, c->c2.tls_multi, &mi->context.c2.pf, mi->context.c2.tls_multi, ""tun_c2c"")) { msg(D_PF_DROPPED, ""PF: client -> client[%s] packet dropped by TUN packet filter"", mi_prefix(mi)); } else #endif { multi_unicast(m, &c->c2.to_tun, mi); register_activity(c, BLEN(&c->c2.to_tun)); } c->c2.to_tun.len = 0; } } } #ifdef ENABLE_PF if (c->c2.to_tun.len && !pf_addr_test(&c->c2.pf, c, &dest, ""tun_dest_addr"")) { msg(D_PF_DROPPED, ""PF: client -> addr[%s] packet dropped by TUN packet filter"", mroute_addr_print_ex(&dest, MAPF_SHOW_ARP, &gc)); c->c2.to_tun.len = 0; } #endif } else if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TAP) { uint16_t vid = 0; #ifdef ENABLE_PF struct mroute_addr edest; mroute_addr_reset(&edest); #endif if (m->top.options.vlan_tagging) { if (vlan_is_tagged(&c->c2.to_tun)) { msg(D_VLAN_DEBUG, ""dropping incoming VLAN-tagged frame""); c->c2.to_tun.len = 0; } else { vid = c->options.vlan_pvid; } } mroute_flags = mroute_extract_addr_from_packet(&src, &dest, NULL, #ifdef ENABLE_PF &edest, #else NULL, #endif vid, &c->c2.to_tun, DEV_TYPE_TAP); if (mroute_flags & MROUTE_EXTRACT_SUCCEEDED) { if (multi_learn_addr(m, m->pending, &src, 0) == m->pending) { if (m->enable_c2c) { if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST)) { multi_bcast(m, &c->c2.to_tun, m->pending, NULL, vid); } else { mi = multi_get_instance_by_virtual_addr(m, &dest, false); if (mi) { #ifdef ENABLE_PF if (!pf_c2c_test(&c->c2.pf, c->c2.tls_multi, &mi->context.c2.pf, mi->context.c2.tls_multi, ""tap_c2c"")) { msg(D_PF_DROPPED, ""PF: client -> client[%s] packet dropped by TAP packet filter"", mi_prefix(mi)); } else #endif { multi_unicast(m, &c->c2.to_tun, mi); register_activity(c, BLEN(&c->c2.to_tun)); } c->c2.to_tun.len = 0; } } } #ifdef ENABLE_PF if (c->c2.to_tun.len && !pf_addr_test(&c->c2.pf, c, &edest, ""tap_dest_addr"")) { msg(D_PF_DROPPED, ""PF: client -> addr[%s] packet dropped by TAP packet filter"", mroute_addr_print_ex(&edest, MAPF_SHOW_ARP, &gc)); c->c2.to_tun.len = 0; } #endif } else { msg(D_MULTI_DROPPED, ""MULTI: bad source address from client [%s], packet dropped"", mroute_addr_print(&src, &gc)); c->c2.to_tun.len = 0; } } else { c->c2.to_tun.len = 0; } } } ret = multi_process_post(m, m->pending, mpp_flags); clear_prefix(); } gc_free(&gc); return ret; }",visit repo url,src/openvpn/multi.c,https://github.com/OpenVPN/openvpn,49726426900413,1 1884,['CWE-189'],"_gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, int *datalen, gnutls_handshake_description_t type, Optional optional) { int ret; uint32_t length32 = 0; opaque *dataptr = NULL; gnutls_handshake_description_t recv_type; ret = _gnutls_recv_handshake_header (session, type, &recv_type); if (ret < 0) { if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET && optional == OPTIONAL_PACKET) { if (datalen != NULL) *datalen = 0; if (data != NULL) *data = NULL; return 0; } return ret; } session->internals.last_handshake_in = recv_type; length32 = ret; if (length32 > 0) dataptr = gnutls_malloc (length32); else if (recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { gnutls_assert (); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } if (dataptr == NULL && length32 > 0) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } if (datalen != NULL) *datalen = length32; if (length32 > 0) { ret = _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, type, dataptr, length32); if (ret <= 0) { gnutls_assert (); gnutls_free (dataptr); return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret; } } if (data != NULL && length32 > 0) *data = dataptr; ret = _gnutls_handshake_hash_add_recvd (session, recv_type, session->internals. handshake_header_buffer.header, session->internals. handshake_header_buffer. header_size, dataptr, length32); if (ret < 0) { gnutls_assert (); _gnutls_handshake_header_buffer_clear (session); return ret; } _gnutls_handshake_header_buffer_clear (session); switch (recv_type) { case GNUTLS_HANDSHAKE_CLIENT_HELLO: case GNUTLS_HANDSHAKE_SERVER_HELLO: ret = _gnutls_recv_hello (session, dataptr, length32); gnutls_free (dataptr); if (data != NULL) *data = NULL; break; case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: if (length32 == 0) ret = 0; else ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; break; case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: case GNUTLS_HANDSHAKE_FINISHED: case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: case GNUTLS_HANDSHAKE_SUPPLEMENTAL: ret = length32; break; default: gnutls_assert (); gnutls_free (dataptr); if (data != NULL) *data = NULL; ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; } return ret; }",gnutls,,,143764575448100625929085387883815646462,0 4614,['CWE-399'],"int ext4_setattr(struct dentry *dentry, struct iattr *attr) { struct inode *inode = dentry->d_inode; int error, rc = 0; const unsigned int ia_valid = attr->ia_valid; error = inode_change_ok(inode, attr); if (error) return error; if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) { handle_t *handle; handle = ext4_journal_start(inode, 2*(EXT4_QUOTA_INIT_BLOCKS(inode->i_sb)+ EXT4_QUOTA_DEL_BLOCKS(inode->i_sb))+3); if (IS_ERR(handle)) { error = PTR_ERR(handle); goto err_out; } error = DQUOT_TRANSFER(inode, attr) ? -EDQUOT : 0; if (error) { ext4_journal_stop(handle); return error; } if (attr->ia_valid & ATTR_UID) inode->i_uid = attr->ia_uid; if (attr->ia_valid & ATTR_GID) inode->i_gid = attr->ia_gid; error = ext4_mark_inode_dirty(handle, inode); ext4_journal_stop(handle); } if (attr->ia_valid & ATTR_SIZE) { if (!(EXT4_I(inode)->i_flags & EXT4_EXTENTS_FL)) { struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); if (attr->ia_size > sbi->s_bitmap_maxbytes) { error = -EFBIG; goto err_out; } } } if (S_ISREG(inode->i_mode) && attr->ia_valid & ATTR_SIZE && attr->ia_size < inode->i_size) { handle_t *handle; handle = ext4_journal_start(inode, 3); if (IS_ERR(handle)) { error = PTR_ERR(handle); goto err_out; } error = ext4_orphan_add(handle, inode); EXT4_I(inode)->i_disksize = attr->ia_size; rc = ext4_mark_inode_dirty(handle, inode); if (!error) error = rc; ext4_journal_stop(handle); if (ext4_should_order_data(inode)) { error = ext4_begin_ordered_truncate(inode, attr->ia_size); if (error) { handle = ext4_journal_start(inode, 3); if (IS_ERR(handle)) { ext4_orphan_del(NULL, inode); goto err_out; } ext4_orphan_del(handle, inode); ext4_journal_stop(handle); goto err_out; } } } rc = inode_setattr(inode, attr); if (inode->i_nlink) ext4_orphan_del(NULL, inode); if (!rc && (ia_valid & ATTR_MODE)) rc = ext4_acl_chmod(inode); err_out: ext4_std_error(inode->i_sb, error); if (!error) error = rc; return error; }",linux-2.6,,,239860127118630952345623523368298013404,0 3702,[],"static inline unsigned unix_hash_fold(__wsum n) { unsigned hash = (__force unsigned)n; hash ^= hash>>16; hash ^= hash>>8; return hash&(UNIX_HASH_SIZE-1); }",linux-2.6,,,110611372789235079640239263105717305900,0 429,[],"pfm_buf_fmt_restart(pfm_buffer_fmt_t *fmt, struct task_struct *task, pfm_ovfl_ctrl_t *ctrl, void *buf, struct pt_regs *regs) { int ret = 0; if (fmt->fmt_restart) ret = (*fmt->fmt_restart)(task, ctrl, buf, regs); return ret; }",linux-2.6,,,35993882614573965491414024647044525854,0 2884,['CWE-189'],"int jas_stream_getc_func(jas_stream_t *stream) { assert(stream->ptr_ - stream->bufbase_ <= stream->bufsize_ + JAS_STREAM_MAXPUTBACK); return jas_stream_getc_macro(stream); }",jasper,,,273363940808516508840865958414015002064,0 5474,['CWE-476'],"int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs) { vcpu_load(vcpu); regs->rax = kvm_register_read(vcpu, VCPU_REGS_RAX); regs->rbx = kvm_register_read(vcpu, VCPU_REGS_RBX); regs->rcx = kvm_register_read(vcpu, VCPU_REGS_RCX); regs->rdx = kvm_register_read(vcpu, VCPU_REGS_RDX); regs->rsi = kvm_register_read(vcpu, VCPU_REGS_RSI); regs->rdi = kvm_register_read(vcpu, VCPU_REGS_RDI); regs->rsp = kvm_register_read(vcpu, VCPU_REGS_RSP); regs->rbp = kvm_register_read(vcpu, VCPU_REGS_RBP); #ifdef CONFIG_X86_64 regs->r8 = kvm_register_read(vcpu, VCPU_REGS_R8); regs->r9 = kvm_register_read(vcpu, VCPU_REGS_R9); regs->r10 = kvm_register_read(vcpu, VCPU_REGS_R10); regs->r11 = kvm_register_read(vcpu, VCPU_REGS_R11); regs->r12 = kvm_register_read(vcpu, VCPU_REGS_R12); regs->r13 = kvm_register_read(vcpu, VCPU_REGS_R13); regs->r14 = kvm_register_read(vcpu, VCPU_REGS_R14); regs->r15 = kvm_register_read(vcpu, VCPU_REGS_R15); #endif regs->rip = kvm_rip_read(vcpu); regs->rflags = kvm_x86_ops->get_rflags(vcpu); if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) regs->rflags &= ~(X86_EFLAGS_TF | X86_EFLAGS_RF); vcpu_put(vcpu); return 0; }",linux-2.6,,,21547332471493012939632627629641743781,0 5690,CWE-436,"bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr, bgp_size_t size, struct bgp_nlri *mp_update, struct bgp_nlri *mp_withdraw) { bgp_attr_parse_ret_t ret; uint8_t flag = 0; uint8_t type = 0; bgp_size_t length; uint8_t *startp, *endp; uint8_t *attr_endp; uint8_t seen[BGP_ATTR_BITMAP_SIZE]; struct aspath *as4_path = NULL; as_t as4_aggregator = 0; struct in_addr as4_aggregator_addr = {.s_addr = 0}; memset(seen, 0, BGP_ATTR_BITMAP_SIZE); endp = BGP_INPUT_PNT(peer) + size; while (BGP_INPUT_PNT(peer) < endp) { if (endp - BGP_INPUT_PNT(peer) < BGP_ATTR_MIN_LEN) { flog_warn( EC_BGP_ATTRIBUTE_TOO_SMALL, ""%s: error BGP attribute length %lu is smaller than min len"", peer->host, (unsigned long)(endp - stream_pnt(BGP_INPUT(peer)))); bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR); return BGP_ATTR_PARSE_ERROR; } startp = BGP_INPUT_PNT(peer); flag = 0xF0 & stream_getc(BGP_INPUT(peer)); type = stream_getc(BGP_INPUT(peer)); if (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) && ((endp - startp) < (BGP_ATTR_MIN_LEN + 1))) { flog_warn( EC_BGP_EXT_ATTRIBUTE_TOO_SMALL, ""%s: Extended length set, but just %lu bytes of attr header"", peer->host, (unsigned long)(endp - stream_pnt(BGP_INPUT(peer)))); bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR); return BGP_ATTR_PARSE_ERROR; } if (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN)) length = stream_getw(BGP_INPUT(peer)); else length = stream_getc(BGP_INPUT(peer)); if (CHECK_BITMAP(seen, type)) { flog_warn( EC_BGP_ATTRIBUTE_REPEATED, ""%s: error BGP attribute type %d appears twice in a message"", peer->host, type); bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, BGP_NOTIFY_UPDATE_MAL_ATTR); return BGP_ATTR_PARSE_ERROR; } SET_BITMAP(seen, type); attr_endp = BGP_INPUT_PNT(peer) + length; if (attr_endp > endp) { flog_warn( EC_BGP_ATTRIBUTE_TOO_LARGE, ""%s: BGP type %d length %d is too large, attribute total length is %d. attr_endp is %p. endp is %p"", peer->host, type, length, size, attr_endp, endp); unsigned char ndata[BGP_MAX_PACKET_SIZE]; memset(ndata, 0x00, sizeof(ndata)); size_t lfl = CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 2 : 1; stream_forward_getp(BGP_INPUT(peer), -(1 + lfl)); stream_get(&ndata[0], BGP_INPUT(peer), 1); stream_get(&ndata[1], BGP_INPUT(peer), lfl); size_t atl = attr_endp - startp; size_t ndl = MIN(atl, STREAM_READABLE(BGP_INPUT(peer))); stream_get(&ndata[lfl + 1], BGP_INPUT(peer), ndl); bgp_notify_send_with_data( peer, BGP_NOTIFY_UPDATE_ERR, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR, ndata, ndl + lfl + 1); return BGP_ATTR_PARSE_ERROR; } struct bgp_attr_parser_args attr_args = { .peer = peer, .length = length, .attr = attr, .type = type, .flags = flag, .startp = startp, .total = attr_endp - startp, }; if (bgp_attr_flag_invalid(&attr_args)) { ret = bgp_attr_malformed( &attr_args, BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR, attr_args.total); if (ret == BGP_ATTR_PARSE_PROCEED) continue; return ret; } switch (type) { case BGP_ATTR_ORIGIN: ret = bgp_attr_origin(&attr_args); break; case BGP_ATTR_AS_PATH: ret = bgp_attr_aspath(&attr_args); break; case BGP_ATTR_AS4_PATH: ret = bgp_attr_as4_path(&attr_args, &as4_path); break; case BGP_ATTR_NEXT_HOP: ret = bgp_attr_nexthop(&attr_args); break; case BGP_ATTR_MULTI_EXIT_DISC: ret = bgp_attr_med(&attr_args); break; case BGP_ATTR_LOCAL_PREF: ret = bgp_attr_local_pref(&attr_args); break; case BGP_ATTR_ATOMIC_AGGREGATE: ret = bgp_attr_atomic(&attr_args); break; case BGP_ATTR_AGGREGATOR: ret = bgp_attr_aggregator(&attr_args); break; case BGP_ATTR_AS4_AGGREGATOR: ret = bgp_attr_as4_aggregator(&attr_args, &as4_aggregator, &as4_aggregator_addr); break; case BGP_ATTR_COMMUNITIES: ret = bgp_attr_community(&attr_args); break; case BGP_ATTR_LARGE_COMMUNITIES: ret = bgp_attr_large_community(&attr_args); break; case BGP_ATTR_ORIGINATOR_ID: ret = bgp_attr_originator_id(&attr_args); break; case BGP_ATTR_CLUSTER_LIST: ret = bgp_attr_cluster_list(&attr_args); break; case BGP_ATTR_MP_REACH_NLRI: ret = bgp_mp_reach_parse(&attr_args, mp_update); break; case BGP_ATTR_MP_UNREACH_NLRI: ret = bgp_mp_unreach_parse(&attr_args, mp_withdraw); break; case BGP_ATTR_EXT_COMMUNITIES: ret = bgp_attr_ext_communities(&attr_args); break; #if ENABLE_BGP_VNC case BGP_ATTR_VNC: #endif case BGP_ATTR_ENCAP: ret = bgp_attr_encap(type, peer, length, attr, flag, startp); break; case BGP_ATTR_PREFIX_SID: ret = bgp_attr_prefix_sid(length, &attr_args, mp_update); break; case BGP_ATTR_PMSI_TUNNEL: ret = bgp_attr_pmsi_tunnel(&attr_args); break; default: ret = bgp_attr_unknown(&attr_args); break; } if (ret == BGP_ATTR_PARSE_ERROR_NOTIFYPLS) { bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, BGP_NOTIFY_UPDATE_MAL_ATTR); ret = BGP_ATTR_PARSE_ERROR; } if (ret == BGP_ATTR_PARSE_EOR) { if (as4_path) aspath_unintern(&as4_path); return ret; } if (ret == BGP_ATTR_PARSE_ERROR) { flog_warn(EC_BGP_ATTRIBUTE_PARSE_ERROR, ""%s: Attribute %s, parse error"", peer->host, lookup_msg(attr_str, type, NULL)); if (as4_path) aspath_unintern(&as4_path); return ret; } if (ret == BGP_ATTR_PARSE_WITHDRAW) { flog_warn( EC_BGP_ATTRIBUTE_PARSE_WITHDRAW, ""%s: Attribute %s, parse error - treating as withdrawal"", peer->host, lookup_msg(attr_str, type, NULL)); if (as4_path) aspath_unintern(&as4_path); return ret; } if (BGP_INPUT_PNT(peer) != attr_endp) { flog_warn(EC_BGP_ATTRIBUTE_FETCH_ERROR, ""%s: BGP attribute %s, fetch error"", peer->host, lookup_msg(attr_str, type, NULL)); bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR); if (as4_path) aspath_unintern(&as4_path); return BGP_ATTR_PARSE_ERROR; } } if (BGP_INPUT_PNT(peer) != endp) { flog_warn(EC_BGP_ATTRIBUTES_MISMATCH, ""%s: BGP attribute %s, length mismatch"", peer->host, lookup_msg(attr_str, type, NULL)); bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR); if (as4_path) aspath_unintern(&as4_path); return BGP_ATTR_PARSE_ERROR; } if ((ret = bgp_attr_check(peer, attr)) < 0) { if (as4_path) aspath_unintern(&as4_path); return ret; } if (CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_AS_PATH)) && bgp_attr_munge_as4_attrs(peer, attr, as4_path, as4_aggregator, &as4_aggregator_addr)) { bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, BGP_NOTIFY_UPDATE_MAL_ATTR); if (as4_path) aspath_unintern(&as4_path); return BGP_ATTR_PARSE_ERROR; } if (as4_path) { aspath_unintern(&as4_path); } if (attr->flag & (ATTR_FLAG_BIT(BGP_ATTR_AS_PATH))) { ret = bgp_attr_aspath_check(peer, attr); if (ret != BGP_ATTR_PARSE_PROCEED) return ret; } if (attr->transit) attr->transit = transit_intern(attr->transit); if (attr->encap_subtlvs) attr->encap_subtlvs = encap_intern(attr->encap_subtlvs, ENCAP_SUBTLV_TYPE); #if ENABLE_BGP_VNC if (attr->vnc_subtlvs) attr->vnc_subtlvs = encap_intern(attr->vnc_subtlvs, VNC_SUBTLV_TYPE); #endif return BGP_ATTR_PARSE_PROCEED; }",visit repo url,bgpd/bgp_attr.c,https://github.com/FRRouting/frr,213014001104455,1 698,CWE-20,"static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int copied; int err = 0; lock_sock(sk); if (sk->sk_type == SOCK_SEQPACKET && sk->sk_state != TCP_ESTABLISHED) { err = -ENOTCONN; goto out; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; if (!ax25_sk(sk)->pidincl) skb_pull(skb, 1); skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (msg->msg_namelen != 0) { struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name; ax25_digi digi; ax25_address src; const unsigned char *mac = skb_mac_header(skb); memset(sax, 0, sizeof(struct full_sockaddr_ax25)); ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, &digi, NULL, NULL); sax->sax25_family = AF_AX25; sax->sax25_ndigis = digi.ndigi; sax->sax25_call = src; if (sax->sax25_ndigis != 0) { int ct; struct full_sockaddr_ax25 *fsa = (struct full_sockaddr_ax25 *)sax; for (ct = 0; ct < digi.ndigi; ct++) fsa->fsa_digipeater[ct] = digi.calls[ct]; } msg->msg_namelen = sizeof(struct full_sockaddr_ax25); } skb_free_datagram(sk, skb); err = copied; out: release_sock(sk); return err; }",visit repo url,net/ax25/af_ax25.c,https://github.com/torvalds/linux,113629503405761,1 1106,['CWE-399'],"asmlinkage long sys_rt_sigreturn(struct pt_regs *regs) { struct rt_sigframe __user *frame; sigset_t set; unsigned long ax; frame = (struct rt_sigframe __user *)(regs->sp - 8); if (!access_ok(VERIFY_READ, frame, sizeof(*frame))) { goto badframe; } if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) { goto badframe; } sigdelsetmask(&set, ~_BLOCKABLE); spin_lock_irq(¤t->sighand->siglock); current->blocked = set; recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); if (restore_sigcontext(regs, &frame->uc.uc_mcontext, &ax)) goto badframe; #ifdef DEBUG_SIG printk(""%d sigreturn ip:%lx sp:%lx frame:%p ax:%lx\n"",current->pid,regs->ip,regs->sp,frame,ax); #endif if (do_sigaltstack(&frame->uc.uc_stack, NULL, regs->sp) == -EFAULT) goto badframe; return ax; badframe: signal_fault(regs,frame,""sigreturn""); return 0; } ",linux-2.6,,,248671270488468663888390366533209151534,0 2004,['CWE-20'],"int get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, int len, int write, int force, struct page **pages, struct vm_area_struct **vmas) { int i; unsigned int vm_flags; if (len <= 0) return 0; vm_flags = write ? (VM_WRITE | VM_MAYWRITE) : (VM_READ | VM_MAYREAD); vm_flags &= force ? (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); i = 0; do { struct vm_area_struct *vma; unsigned int foll_flags; vma = find_extend_vma(mm, start); if (!vma && in_gate_area(tsk, start)) { unsigned long pg = start & PAGE_MASK; struct vm_area_struct *gate_vma = get_gate_vma(tsk); pgd_t *pgd; pud_t *pud; pmd_t *pmd; pte_t *pte; if (write) return i ? : -EFAULT; if (pg > TASK_SIZE) pgd = pgd_offset_k(pg); else pgd = pgd_offset_gate(mm, pg); BUG_ON(pgd_none(*pgd)); pud = pud_offset(pgd, pg); BUG_ON(pud_none(*pud)); pmd = pmd_offset(pud, pg); if (pmd_none(*pmd)) return i ? : -EFAULT; pte = pte_offset_map(pmd, pg); if (pte_none(*pte)) { pte_unmap(pte); return i ? : -EFAULT; } if (pages) { struct page *page = vm_normal_page(gate_vma, start, *pte); pages[i] = page; if (page) get_page(page); } pte_unmap(pte); if (vmas) vmas[i] = gate_vma; i++; start += PAGE_SIZE; len--; continue; } if (!vma || (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; if (is_vm_hugetlb_page(vma)) { i = follow_hugetlb_page(mm, vma, pages, vmas, &start, &len, i, write); continue; } foll_flags = FOLL_TOUCH; if (pages) foll_flags |= FOLL_GET; if (!write && use_zero_page(vma)) foll_flags |= FOLL_ANON; do { struct page *page; if (unlikely(test_tsk_thread_flag(tsk, TIF_MEMDIE))) return -ENOMEM; if (write) foll_flags |= FOLL_WRITE; cond_resched(); while (!(page = follow_page(vma, start, foll_flags))) { int ret; ret = handle_mm_fault(mm, vma, start, foll_flags & FOLL_WRITE); if (ret & VM_FAULT_ERROR) { if (ret & VM_FAULT_OOM) return i ? i : -ENOMEM; else if (ret & VM_FAULT_SIGBUS) return i ? i : -EFAULT; BUG(); } if (ret & VM_FAULT_MAJOR) tsk->maj_flt++; else tsk->min_flt++; if (ret & VM_FAULT_WRITE) foll_flags &= ~FOLL_WRITE; cond_resched(); } if (IS_ERR(page)) return i ? i : PTR_ERR(page); if (pages) { pages[i] = page; flush_anon_page(vma, page, start); flush_dcache_page(page); } if (vmas) vmas[i] = vma; i++; start += PAGE_SIZE; len--; } while (len && start < vma->vm_end); } while (len); return i; }",linux-2.6,,,318822390747461237610575137206468088802,0 2315,CWE-264,"eval_js(WebKitWebView * web_view, gchar *script, GString *result) { WebKitWebFrame *frame; JSGlobalContextRef context; JSObjectRef globalobject; JSStringRef var_name; JSStringRef js_script; JSValueRef js_result; JSStringRef js_result_string; size_t js_result_size; js_init(); frame = webkit_web_view_get_main_frame(WEBKIT_WEB_VIEW(web_view)); context = webkit_web_frame_get_global_context(frame); globalobject = JSContextGetGlobalObject(context); var_name = JSStringCreateWithUTF8CString(""Uzbl""); JSObjectSetProperty(context, globalobject, var_name, JSObjectMake(context, uzbl.js.classref, NULL), kJSClassAttributeNone, NULL); js_script = JSStringCreateWithUTF8CString(script); js_result = JSEvaluateScript(context, js_script, globalobject, NULL, 0, NULL); if (js_result && !JSValueIsUndefined(context, js_result)) { js_result_string = JSValueToStringCopy(context, js_result, NULL); js_result_size = JSStringGetMaximumUTF8CStringSize(js_result_string); if (js_result_size) { char js_result_utf8[js_result_size]; JSStringGetUTF8CString(js_result_string, js_result_utf8, js_result_size); g_string_assign(result, js_result_utf8); } JSStringRelease(js_result_string); } JSObjectDeleteProperty(context, globalobject, var_name, NULL); JSStringRelease(var_name); JSStringRelease(js_script); }",visit repo url,uzbl-core.c,https://github.com/Dieterbe/uzbl,25454669468241,1 3144,CWE-125,"read_old_length(cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size) { int llen = ctb & 0x03; if (llen == 0) { *r_len = cdk_stream_getc(inp); (*r_size)++; } else if (llen == 1) { *r_len = read_16(inp); (*r_size) += 2; } else if (llen == 2) { *r_len = read_32(inp); (*r_size) += 4; } else { *r_len = 0; *r_size = 0; } }",visit repo url,lib/opencdk/read-packet.c,https://gitlab.com/gnutls/gnutls,174504134322354,1 2,CWE-252,"_dl_dst_count (const char *name, int is_path) { size_t cnt = 0; do { size_t len = 1; if ((((!__libc_enable_secure && strncmp (&name[1], ""ORIGIN"", 6) == 0 && (len = 7) != 0) || (strncmp (&name[1], ""PLATFORM"", 8) == 0 && (len = 9) != 0)) && (name[len] == '\0' || name[len] == '/' || (is_path && name[len] == ':'))) || (name[1] == '{' && ((!__libc_enable_secure && strncmp (&name[2], ""ORIGIN}"", 7) == 0 && (len = 9) != 0) || (strncmp (&name[2], ""PLATFORM}"", 9) == 0 && (len = 11) != 0)))) ++cnt; name = strchr (name + len, '$'); } while (name != NULL); return cnt; }",visit repo url,elf/dl-load.c,https://github.com/bminor/glibc,74157465573383,1 1356,['CWE-399'],"isatap_chksrc(struct sk_buff *skb, struct iphdr *iph, struct ip_tunnel *t) { struct ip_tunnel_prl_entry *p; int ok = 1; read_lock(&ipip6_lock); p = __ipip6_tunnel_locate_prl(t, iph->saddr); if (p) { if (p->flags & PRL_DEFAULT) skb->ndisc_nodetype = NDISC_NODETYPE_DEFAULT; else skb->ndisc_nodetype = NDISC_NODETYPE_NODEFAULT; } else { struct in6_addr *addr6 = &ipv6_hdr(skb)->saddr; if (ipv6_addr_is_isatap(addr6) && (addr6->s6_addr32[3] == iph->saddr) && ipv6_chk_prefix(addr6, t->dev)) skb->ndisc_nodetype = NDISC_NODETYPE_HOST; else ok = 0; } read_unlock(&ipip6_lock); return ok; }",linux-2.6,,,5728213990244412979252927159874405838,0 5552,CWE-125,"static int add_ast_fields(void) { PyObject *empty_tuple, *d; if (PyType_Ready(&AST_type) < 0) return -1; d = AST_type.tp_dict; empty_tuple = PyTuple_New(0); if (!empty_tuple || PyDict_SetItemString(d, ""_fields"", empty_tuple) < 0 || PyDict_SetItemString(d, ""_attributes"", empty_tuple) < 0) { Py_XDECREF(empty_tuple); return -1; } Py_DECREF(empty_tuple); return 0; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,136209209319151,1 4860,CWE-119,"int read_file(struct sc_card *card, char *str_path, unsigned char **data, size_t *data_len) { struct sc_path path; struct sc_file *file; unsigned char *p; int ok = 0; int r; size_t len; sc_format_path(str_path, &path); if (SC_SUCCESS != sc_select_file(card, &path, &file)) { goto err; } len = file ? file->size : 4096; p = realloc(*data, len); if (!p) { goto err; } *data = p; *data_len = len; r = sc_read_binary(card, 0, p, len, 0); if (r < 0) goto err; *data_len = r; ok = 1; err: sc_file_free(file); return ok; }",visit repo url,src/tools/egk-tool.c,https://github.com/OpenSC/OpenSC,85752421728798,1 2804,CWE-401,"static BOOL region16_simplify_bands(REGION16* region) { RECTANGLE_16* band1, *band2, *endPtr, *endBand, *tmp; int nbRects, finalNbRects; int bandItems, toMove; finalNbRects = nbRects = region16_n_rects(region); if (nbRects < 2) return TRUE; band1 = region16_rects_noconst(region); endPtr = band1 + nbRects; do { band2 = next_band(band1, endPtr, &bandItems); if (band2 == endPtr) break; if ((band1->bottom == band2->top) && band_match(band1, band2, endPtr)) { tmp = band1; while (tmp < band2) { tmp->bottom = band2->bottom; tmp++; } endBand = band2 + bandItems; toMove = (endPtr - endBand) * sizeof(RECTANGLE_16); if (toMove) MoveMemory(band2, endBand, toMove); finalNbRects -= bandItems; endPtr -= bandItems; } else { band1 = band2; } } while (TRUE); if (finalNbRects != nbRects) { int allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16)); region->data = realloc(region->data, allocSize); if (!region->data) { region->data = &empty_region; return FALSE; } region->data->nbRects = finalNbRects; region->data->size = allocSize; } return TRUE; }",visit repo url,libfreerdp/codec/region.c,https://github.com/FreeRDP/FreeRDP,83468785683683,1 4955,CWE-125,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 1981,['CWE-20'],"void migration_entry_wait(struct mm_struct *mm, pmd_t *pmd, unsigned long address) { pte_t *ptep, pte; spinlock_t *ptl; swp_entry_t entry; struct page *page; ptep = pte_offset_map_lock(mm, pmd, address, &ptl); pte = *ptep; if (!is_swap_pte(pte)) goto out; entry = pte_to_swp_entry(pte); if (!is_migration_entry(entry)) goto out; page = migration_entry_to_page(entry); get_page(page); pte_unmap_unlock(ptep, ptl); wait_on_page_locked(page); put_page(page); return; out: pte_unmap_unlock(ptep, ptl); }",linux-2.6,,,116573522127045528728065094159409711424,0 6084,CWE-190,"void bn_write_raw(dig_t *raw, int len, const bn_t a) { int i, size; size = a->used; if (len < size) { RLC_THROW(ERR_NO_BUFFER); return; } for (i = 0; i < size; i++) { raw[i] = a->dp[i]; } for (; i < len; i++) { raw[i] = 0; } }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,251158725084605,1 6476,[],"unload_deplibs (lt_dlhandle handle) { int i; int errors = 0; lt_dlhandle cur = handle; if (cur->depcount) { for (i = 0; i < cur->depcount; ++i) { if (!LT_DLIS_RESIDENT (cur->deplibs[i])) { errors += lt_dlclose (cur->deplibs[i]); } } FREE (cur->deplibs); } return errors; }",libtool,,,156176021421856969579162571252352913147,0 4125,['CWE-399'],"static struct bsg_device *bsg_alloc_device(void) { struct bsg_device *bd; bd = kzalloc(sizeof(struct bsg_device), GFP_KERNEL); if (unlikely(!bd)) return NULL; spin_lock_init(&bd->lock); bd->max_queue = BSG_DEFAULT_CMDS; INIT_LIST_HEAD(&bd->busy_list); INIT_LIST_HEAD(&bd->done_list); INIT_HLIST_NODE(&bd->dev_list); init_waitqueue_head(&bd->wq_free); init_waitqueue_head(&bd->wq_done); return bd; }",linux-2.6,,,12904253582178024143257369941017860786,0 6309,CWE-295,"int context_init(SERVICE_OPTIONS *section) { #if OPENSSL_VERSION_NUMBER>=0x10100000L if(section->option.client) section->ctx=SSL_CTX_new(TLS_client_method()); else section->ctx=SSL_CTX_new(TLS_server_method()); if(!SSL_CTX_set_min_proto_version(section->ctx, section->min_proto_version)) { s_log(LOG_ERR, ""Failed to set the minimum protocol version 0x%X"", section->min_proto_version); return 1; } if(!SSL_CTX_set_max_proto_version(section->ctx, section->max_proto_version)) { s_log(LOG_ERR, ""Failed to set the maximum protocol version 0x%X"", section->max_proto_version); return 1; } #else if(section->option.client) section->ctx=SSL_CTX_new(section->client_method); else section->ctx=SSL_CTX_new(section->server_method); #endif if(!section->ctx) { sslerror(""SSL_CTX_new""); return 1; } if(!SSL_CTX_set_ex_data(section->ctx, index_ssl_ctx_opt, section)) { sslerror(""SSL_CTX_set_ex_data""); return 1; } current_section=section; if(section->cipher_list) { s_log(LOG_DEBUG, ""Ciphers: %s"", section->cipher_list); if(!SSL_CTX_set_cipher_list(section->ctx, section->cipher_list)) { sslerror(""SSL_CTX_set_cipher_list""); return 1; } } #ifndef OPENSSL_NO_TLS1_3 if(section->ciphersuites) { s_log(LOG_DEBUG, ""TLSv1.3 ciphersuites: %s"", section->ciphersuites); if(!SSL_CTX_set_ciphersuites(section->ctx, section->ciphersuites)) { sslerror(""SSL_CTX_set_ciphersuites""); return 1; } } #endif SSL_CTX_set_options(section->ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3); #ifdef SSL_OP_NO_COMPRESSION SSL_CTX_clear_options(section->ctx, SSL_OP_NO_COMPRESSION); #endif SSL_CTX_set_options(section->ctx, (SSL_OPTIONS_TYPE)(section->ssl_options_set)); #if OPENSSL_VERSION_NUMBER>=0x009080dfL SSL_CTX_clear_options(section->ctx, (SSL_OPTIONS_TYPE)(section->ssl_options_clear)); #endif #if OPENSSL_VERSION_NUMBER>=0x009080dfL s_log(LOG_DEBUG, ""TLS options: 0x%08lX (+0x%08lX, -0x%08lX)"", SSL_CTX_get_options(section->ctx), section->ssl_options_set, section->ssl_options_clear); #else s_log(LOG_DEBUG, ""TLS options: 0x%08lX (+0x%08lX)"", SSL_CTX_get_options(section->ctx), section->ssl_options_set); #endif if(conf_init(section)) return 1; #ifdef SSL_MODE_RELEASE_BUFFERS SSL_CTX_set_mode(section->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_RELEASE_BUFFERS); #else SSL_CTX_set_mode(section->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); #endif #if OPENSSL_VERSION_NUMBER >= 0x10101000L SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb, decrypt_session_ticket_cb, NULL); #endif #if OPENSSL_VERSION_NUMBER>=0x10000000L if((section->ticket_key)&&(section->ticket_mac)) SSL_CTX_set_tlsext_ticket_key_cb(section->ctx, ssl_tlsext_ticket_key_cb); #endif if(!section->option.client) { unsigned servname_len=(unsigned)strlen(section->servname); if(servname_len>SSL_MAX_SSL_SESSION_ID_LENGTH) servname_len=SSL_MAX_SSL_SESSION_ID_LENGTH; if(!SSL_CTX_set_session_id_context(section->ctx, (unsigned char *)section->servname, servname_len)) { sslerror(""SSL_CTX_set_session_id_context""); return 1; } } SSL_CTX_set_session_cache_mode(section->ctx, SSL_SESS_CACHE_BOTH | SSL_SESS_CACHE_NO_INTERNAL_STORE); SSL_CTX_sess_set_cache_size(section->ctx, section->session_size); SSL_CTX_set_timeout(section->ctx, section->session_timeout); SSL_CTX_sess_set_new_cb(section->ctx, sess_new_cb); SSL_CTX_sess_set_get_cb(section->ctx, sess_get_cb); SSL_CTX_sess_set_remove_cb(section->ctx, sess_remove_cb); SSL_CTX_set_info_callback(section->ctx, info_callback); if(auth_init(section)) return 1; if(verify_init(section)) return 1; if(!section->option.client) { #ifndef OPENSSL_NO_TLSEXT SSL_CTX_set_tlsext_servername_callback(section->ctx, servername_cb); #endif #ifndef OPENSSL_NO_DH dh_init(section); #endif #ifndef OPENSSL_NO_ECDH ecdh_init(section); #endif } return 0; }",visit repo url,src/ctx.c,https://github.com/mtrojnar/stunnel,182839439474457,1 2594,CWE-20,"static inline int mk_vhost_fdt_close(struct session_request *sr) { int id; unsigned int hash; struct vhost_fdt_hash_table *ht = NULL; struct vhost_fdt_hash_chain *hc; if (config->fdt == MK_FALSE) { return close(sr->fd_file); } id = sr->vhost_fdt_id; hash = sr->vhost_fdt_hash; ht = mk_vhost_fdt_table_lookup(id, sr->host_conf); if (mk_unlikely(!ht)) { return close(sr->fd_file); } hc = mk_vhost_fdt_chain_lookup(hash, ht); if (hc) { hc->readers--; if (hc->readers == 0) { hc->fd = -1; hc->hash = 0; ht->av_slots++; return close(sr->fd_file); } else { return 0; } } return close(sr->fd_file); }",visit repo url,src/mk_vhost.c,https://github.com/monkey/monkey,280802223647243,1 406,[],"pfm_get_unmapped_area(struct file *file, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags, unsigned long exec) { return get_unmapped_area(file, addr, len, pgoff, flags); }",linux-2.6,,,287635092303198021668107787354970856092,0 5387,CWE-125,"uint32_t *GetPayload(size_t handle, uint32_t *lastpayload, uint32_t index) { mp4object *mp4 = (mp4object *)handle; if (mp4 == NULL) return NULL; uint32_t *MP4buffer = NULL; if (index < mp4->indexcount && mp4->mediafp) { MP4buffer = (uint32_t *)realloc((void *)lastpayload, mp4->metasizes[index]); if (MP4buffer) { LONGSEEK(mp4->mediafp, mp4->metaoffsets[index], SEEK_SET); fread(MP4buffer, 1, mp4->metasizes[index], mp4->mediafp); return MP4buffer; } } return NULL; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,120996069001588,1 872,['CWE-200'],"static int shmem_unuse_inode(struct shmem_inode_info *info, swp_entry_t entry, struct page *page) { struct inode *inode; unsigned long idx; unsigned long size; unsigned long limit; unsigned long stage; struct page **dir; struct page *subdir; swp_entry_t *ptr; int offset; idx = 0; ptr = info->i_direct; spin_lock(&info->lock); limit = info->next_index; size = limit; if (size > SHMEM_NR_DIRECT) size = SHMEM_NR_DIRECT; offset = shmem_find_swp(entry, ptr, ptr+size); if (offset >= 0) { shmem_swp_balance_unmap(); goto found; } if (!info->i_indirect) goto lost2; dir = shmem_dir_map(info->i_indirect); stage = SHMEM_NR_DIRECT + ENTRIES_PER_PAGEPAGE/2; for (idx = SHMEM_NR_DIRECT; idx < limit; idx += ENTRIES_PER_PAGE, dir++) { if (unlikely(idx == stage)) { shmem_dir_unmap(dir-1); dir = shmem_dir_map(info->i_indirect) + ENTRIES_PER_PAGE/2 + idx/ENTRIES_PER_PAGEPAGE; while (!*dir) { dir++; idx += ENTRIES_PER_PAGEPAGE; if (idx >= limit) goto lost1; } stage = idx + ENTRIES_PER_PAGEPAGE; subdir = *dir; shmem_dir_unmap(dir); dir = shmem_dir_map(subdir); } subdir = *dir; if (subdir && page_private(subdir)) { ptr = shmem_swp_map(subdir); size = limit - idx; if (size > ENTRIES_PER_PAGE) size = ENTRIES_PER_PAGE; offset = shmem_find_swp(entry, ptr, ptr+size); if (offset >= 0) { shmem_dir_unmap(dir); goto found; } shmem_swp_unmap(ptr); } } lost1: shmem_dir_unmap(dir-1); lost2: spin_unlock(&info->lock); return 0; found: idx += offset; inode = &info->vfs_inode; if (move_from_swap_cache(page, idx, inode->i_mapping) == 0) { info->flags |= SHMEM_PAGEIN; shmem_swp_set(info, ptr + offset, 0); } shmem_swp_unmap(ptr); spin_unlock(&info->lock); swap_free(entry); return 1; }",linux-2.6,,,195538941301522964625136598508594854964,0 797,['CWE-119'],"isdn_net_delphone(isdn_net_ioctl_phone * phone) { isdn_net_dev *p = isdn_net_findif(phone->name); int inout = phone->outgoing & 1; isdn_net_phone *n; isdn_net_phone *m; if (p) { n = p->local->phone[inout]; m = NULL; while (n) { if (!strcmp(n->num, phone->phone)) { if (p->local->dial == n) p->local->dial = n->next; if (m) m->next = n->next; else p->local->phone[inout] = n->next; kfree(n); return 0; } m = n; n = (isdn_net_phone *) n->next; } return -EINVAL; } return -ENODEV; }",linux-2.6,,,283924785950087196812448745741899873646,0 4077,CWE-416,"ut64 MACH0_(get_baddr)(struct MACH0_(obj_t)* bin) { int i; if (bin->hdr.filetype != MH_EXECUTE && bin->hdr.filetype != MH_DYLINKER) return 0; for (i = 0; i < bin->nsegs; ++i) if (bin->segs[i].fileoff == 0 && bin->segs[i].filesize != 0) return bin->segs[i].vmaddr; return 0; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radare/radare2,131921486715420,1 5235,CWE-125,"pixFewColorsOctcubeQuantMixed(PIX *pixs, l_int32 level, l_int32 darkthresh, l_int32 lightthresh, l_int32 diffthresh, l_float32 minfract, l_int32 maxspan) { l_int32 i, j, w, h, wplc, wplm, wpld, ncolors, index; l_int32 rval, gval, bval, val, minval, maxval; l_int32 *lut; l_uint32 *datac, *datam, *datad, *linec, *linem, *lined; PIX *pixc, *pixm, *pixg, *pixd; PIXCMAP *cmap, *cmapd; PROCNAME(""pixFewColorsOctcubeQuantMixed""); if (!pixs || pixGetDepth(pixs) != 32) return (PIX *)ERROR_PTR(""pixs undefined or not 32 bpp"", procName, NULL); if (level <= 0) level = 3; if (level > 6) return (PIX *)ERROR_PTR(""invalid level"", procName, NULL); if (darkthresh <= 0) darkthresh = 20; if (lightthresh <= 0) lightthresh = 244; if (diffthresh <= 0) diffthresh = 20; if (minfract <= 0.0) minfract = 0.05; if (maxspan <= 2) maxspan = 15; if ((pixc = pixFewColorsOctcubeQuant1(pixs, level)) == NULL) return (PIX *)ERROR_PTR(""too many colors"", procName, NULL); cmap = pixGetColormap(pixc); ncolors = pixcmapGetCount(cmap); cmapd = pixcmapCreate(8); lut = (l_int32 *)LEPT_CALLOC(256, sizeof(l_int32)); for (i = 0; i < 256; i++) lut[i] = -1; for (i = 0, index = 0; i < ncolors; i++) { pixcmapGetColor(cmap, i, &rval, &gval, &bval); minval = L_MIN(rval, gval); minval = L_MIN(minval, bval); if (minval > lightthresh) continue; maxval = L_MAX(rval, gval); maxval = L_MAX(maxval, bval); if (maxval < darkthresh) continue; if (maxval - minval >= diffthresh) { pixcmapAddColor(cmapd, rval, gval, bval); lut[i] = index; index++; } } pixGetDimensions(pixs, &w, &h, NULL); pixd = pixCreate(w, h, 8); pixSetColormap(pixd, cmapd); pixm = pixCreate(w, h, 1); datac = pixGetData(pixc); datam = pixGetData(pixm); datad = pixGetData(pixd); wplc = pixGetWpl(pixc); wplm = pixGetWpl(pixm); wpld = pixGetWpl(pixd); for (i = 0; i < h; i++) { linec = datac + i * wplc; linem = datam + i * wplm; lined = datad + i * wpld; for (j = 0; j < w; j++) { val = GET_DATA_BYTE(linec, j); if (lut[val] == -1) SET_DATA_BIT(linem, j); else SET_DATA_BYTE(lined, j, lut[val]); } } pixg = pixConvertTo8(pixs, 0); pixGrayQuantFromHisto(pixd, pixg, pixm, minfract, maxspan); LEPT_FREE(lut); pixDestroy(&pixc); pixDestroy(&pixm); pixDestroy(&pixg); return pixd; }",visit repo url,src/colorquant1.c,https://github.com/DanBloomberg/leptonica,207236121006299,1 848,['CWE-119'],"isdn_read(struct file *file, char __user *buf, size_t count, loff_t * off) { uint minor = iminor(file->f_path.dentry->d_inode); int len = 0; int drvidx; int chidx; int retval; char *p; lock_kernel(); if (minor == ISDN_MINOR_STATUS) { if (!file->private_data) { if (file->f_flags & O_NONBLOCK) { retval = -EAGAIN; goto out; } interruptible_sleep_on(&(dev->info_waitq)); } p = isdn_statstr(); file->private_data = NULL; if ((len = strlen(p)) <= count) { if (copy_to_user(buf, p, len)) { retval = -EFAULT; goto out; } *off += len; retval = len; goto out; } retval = 0; goto out; } if (!dev->drivers) { retval = -ENODEV; goto out; } if (minor <= ISDN_MINOR_BMAX) { printk(KERN_WARNING ""isdn_read minor %d obsolete!\n"", minor); drvidx = isdn_minor2drv(minor); if (drvidx < 0) { retval = -ENODEV; goto out; } if (!(dev->drv[drvidx]->flags & DRV_FLAG_RUNNING)) { retval = -ENODEV; goto out; } chidx = isdn_minor2chan(minor); if (!(p = kmalloc(count, GFP_KERNEL))) { retval = -ENOMEM; goto out; } len = isdn_readbchan(drvidx, chidx, p, NULL, count, &dev->drv[drvidx]->rcv_waitq[chidx]); *off += len; if (copy_to_user(buf,p,len)) len = -EFAULT; kfree(p); retval = len; goto out; } if (minor <= ISDN_MINOR_CTRLMAX) { drvidx = isdn_minor2drv(minor - ISDN_MINOR_CTRL); if (drvidx < 0) { retval = -ENODEV; goto out; } if (!dev->drv[drvidx]->stavail) { if (file->f_flags & O_NONBLOCK) { retval = -EAGAIN; goto out; } interruptible_sleep_on(&(dev->drv[drvidx]->st_waitq)); } if (dev->drv[drvidx]->interface->readstat) { if (count > dev->drv[drvidx]->stavail) count = dev->drv[drvidx]->stavail; len = dev->drv[drvidx]->interface->readstat(buf, count, drvidx, isdn_minor2chan(minor - ISDN_MINOR_CTRL)); if (len < 0) { retval = len; goto out; } } else { len = 0; } if (len) dev->drv[drvidx]->stavail -= len; else dev->drv[drvidx]->stavail = 0; *off += len; retval = len; goto out; } #ifdef CONFIG_ISDN_PPP if (minor <= ISDN_MINOR_PPPMAX) { retval = isdn_ppp_read(minor - ISDN_MINOR_PPP, file, buf, count); goto out; } #endif retval = -ENODEV; out: unlock_kernel(); return retval; }",linux-2.6,,,193737845650477280843262947065933790536,0 1580,[],"sd_alloc_ctl_domain_table(struct sched_domain *sd) { struct ctl_table *table = sd_alloc_ctl_entry(12); if (table == NULL) return NULL; set_table_entry(&table[0], ""min_interval"", &sd->min_interval, sizeof(long), 0644, proc_doulongvec_minmax); set_table_entry(&table[1], ""max_interval"", &sd->max_interval, sizeof(long), 0644, proc_doulongvec_minmax); set_table_entry(&table[2], ""busy_idx"", &sd->busy_idx, sizeof(int), 0644, proc_dointvec_minmax); set_table_entry(&table[3], ""idle_idx"", &sd->idle_idx, sizeof(int), 0644, proc_dointvec_minmax); set_table_entry(&table[4], ""newidle_idx"", &sd->newidle_idx, sizeof(int), 0644, proc_dointvec_minmax); set_table_entry(&table[5], ""wake_idx"", &sd->wake_idx, sizeof(int), 0644, proc_dointvec_minmax); set_table_entry(&table[6], ""forkexec_idx"", &sd->forkexec_idx, sizeof(int), 0644, proc_dointvec_minmax); set_table_entry(&table[7], ""busy_factor"", &sd->busy_factor, sizeof(int), 0644, proc_dointvec_minmax); set_table_entry(&table[8], ""imbalance_pct"", &sd->imbalance_pct, sizeof(int), 0644, proc_dointvec_minmax); set_table_entry(&table[9], ""cache_nice_tries"", &sd->cache_nice_tries, sizeof(int), 0644, proc_dointvec_minmax); set_table_entry(&table[10], ""flags"", &sd->flags, sizeof(int), 0644, proc_dointvec_minmax); return table; }",linux-2.6,,,184319791404828902898606844047865193200,0 3559,CWE-190,"static int jas_iccgetuint32(jas_stream_t *in, jas_iccuint32_t *val) { ulonglong tmp; if (jas_iccgetuint(in, 4, &tmp)) return -1; *val = tmp; return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,44294517142333,1 6341,CWE-190,"void hrandfieldCommand(client *c) { long l; int withvalues = 0; robj *hash; listpackEntry ele; if (c->argc >= 3) { if (getLongFromObjectOrReply(c,c->argv[2],&l,NULL) != C_OK) return; if (c->argc > 4 || (c->argc == 4 && strcasecmp(c->argv[3]->ptr,""withvalues""))) { addReplyErrorObject(c,shared.syntaxerr); return; } else if (c->argc == 4) withvalues = 1; hrandfieldWithCountCommand(c, l, withvalues); return; } if ((hash = lookupKeyReadOrReply(c,c->argv[1],shared.null[c->resp]))== NULL || checkType(c,hash,OBJ_HASH)) { return; } hashTypeRandomElement(hash,hashTypeLength(hash),&ele,NULL); hashReplyFromListpackEntry(c, &ele); }",visit repo url,src/t_hash.c,https://github.com/redis/redis,200517293551047,1 4592,CWE-190,"static s32 gf_avc_read_sps_bs_internal(GF_BitStream *bs, AVCState *avc, u32 subseq_sps, u32 *vui_flag_pos, u32 nal_hdr) { AVC_SPS *sps; s32 mb_width, mb_height, sps_id = -1; u32 profile_idc, level_idc, pcomp, i, chroma_format_idc, cl = 0, cr = 0, ct = 0, cb = 0, luma_bd, chroma_bd; u8 separate_colour_plane_flag = 0; if (!vui_flag_pos) { gf_bs_enable_emulation_byte_removal(bs, GF_TRUE); } if (!bs) { return -1; } if (!nal_hdr) { gf_bs_read_int_log(bs, 1, ""forbidden_zero_bit""); gf_bs_read_int_log(bs, 2, ""nal_ref_idc""); gf_bs_read_int_log(bs, 5, ""nal_unit_type""); } profile_idc = gf_bs_read_int_log(bs, 8, ""profile_idc""); pcomp = gf_bs_read_int_log(bs, 8, ""profile_compatibility""); if (pcomp & 0x3) return -1; level_idc = gf_bs_read_int_log(bs, 8, ""level_idc""); sps_id = gf_bs_read_ue_log(bs, ""sps_id"") + GF_SVC_SSPS_ID_SHIFT * subseq_sps; if (sps_id >= 32) { return -1; } if (sps_id < 0) { return -1; } luma_bd = chroma_bd = 0; sps = &avc->sps[sps_id]; chroma_format_idc = sps->ChromaArrayType = 1; sps->state |= subseq_sps ? AVC_SUBSPS_PARSED : AVC_SPS_PARSED; switch (profile_idc) { case 100: case 110: case 122: case 244: case 44: if (pcomp & 0xE0) return -1; case 83: case 86: case 118: case 128: chroma_format_idc = gf_bs_read_ue_log(bs, ""chroma_format_idc""); sps->ChromaArrayType = chroma_format_idc; if (chroma_format_idc == 3) { separate_colour_plane_flag = gf_bs_read_int_log(bs, 1, ""separate_colour_plane_flag""); if (separate_colour_plane_flag) sps->ChromaArrayType = 0; } luma_bd = gf_bs_read_ue_log(bs, ""luma_bit_depth""); chroma_bd = gf_bs_read_ue_log(bs, ""chroma_bit_depth""); gf_bs_read_int_log(bs, 1, ""qpprime_y_zero_transform_bypass_flag""); if (gf_bs_read_int_log(bs, 1, ""seq_scaling_matrix_present_flag"")) { u32 k; for (k = 0; k < 8; k++) { if (gf_bs_read_int_log_idx(bs, 1, ""seq_scaling_list_present_flag"", k)) { u32 z, last = 8, next = 8; u32 sl = k < 6 ? 16 : 64; for (z = 0; z < sl; z++) { if (next) { s32 delta = gf_bs_read_se(bs); next = (last + delta + 256) % 256; } last = next ? next : last; } } } } break; } sps->profile_idc = profile_idc; sps->level_idc = level_idc; sps->prof_compat = pcomp; sps->log2_max_frame_num = gf_bs_read_ue_log(bs, ""log2_max_frame_num"") + 4; sps->poc_type = gf_bs_read_ue_log(bs, ""poc_type""); sps->chroma_format = chroma_format_idc; sps->luma_bit_depth_m8 = luma_bd; sps->chroma_bit_depth_m8 = chroma_bd; if (sps->poc_type == 0) { sps->log2_max_poc_lsb = gf_bs_read_ue_log(bs, ""log2_max_poc_lsb"") + 4; } else if (sps->poc_type == 1) { sps->delta_pic_order_always_zero_flag = gf_bs_read_int_log(bs, 1, ""delta_pic_order_always_zero_flag""); sps->offset_for_non_ref_pic = gf_bs_read_se_log(bs, ""offset_for_non_ref_pic""); sps->offset_for_top_to_bottom_field = gf_bs_read_se_log(bs, ""offset_for_top_to_bottom_field""); sps->poc_cycle_length = gf_bs_read_ue_log(bs, ""poc_cycle_length""); if (sps->poc_cycle_length > GF_ARRAY_LENGTH(sps->offset_for_ref_frame)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[avc-h264] offset_for_ref_frame overflow from poc_cycle_length\n"")); return -1; } for (i = 0; i < sps->poc_cycle_length; i++) sps->offset_for_ref_frame[i] = gf_bs_read_se_log_idx(bs, ""offset_for_ref_frame"", i); } if (sps->poc_type > 2) { return -1; } sps->max_num_ref_frames = gf_bs_read_ue_log(bs, ""max_num_ref_frames""); sps->gaps_in_frame_num_value_allowed_flag = gf_bs_read_int_log(bs, 1, ""gaps_in_frame_num_value_allowed_flag""); mb_width = gf_bs_read_ue_log(bs, ""pic_width_in_mbs_minus1"") + 1; mb_height = gf_bs_read_ue_log(bs, ""pic_height_in_map_units_minus1"") + 1; sps->frame_mbs_only_flag = gf_bs_read_int_log(bs, 1, ""frame_mbs_only_flag""); sps->width = mb_width * 16; sps->height = (2 - sps->frame_mbs_only_flag) * mb_height * 16; if (!sps->frame_mbs_only_flag) sps->mb_adaptive_frame_field_flag = gf_bs_read_int_log(bs, 1, ""mb_adaptive_frame_field_flag""); gf_bs_read_int_log(bs, 1, ""direct_8x8_inference_flag""); if (gf_bs_read_int_log(bs, 1, ""frame_cropping_flag"")) { int CropUnitX, CropUnitY, SubWidthC = -1, SubHeightC = -1; if (chroma_format_idc == 1) { SubWidthC = 2; SubHeightC = 2; } else if (chroma_format_idc == 2) { SubWidthC = 2; SubHeightC = 1; } else if ((chroma_format_idc == 3) && (separate_colour_plane_flag == 0)) { SubWidthC = 1; SubHeightC = 1; } if (sps->ChromaArrayType == 0) { assert(SubWidthC == -1); CropUnitX = 1; CropUnitY = 2 - sps->frame_mbs_only_flag; } else { CropUnitX = SubWidthC; CropUnitY = SubHeightC * (2 - sps->frame_mbs_only_flag); } cl = gf_bs_read_ue_log(bs, ""frame_crop_left_offset""); cr = gf_bs_read_ue_log(bs, ""frame_crop_right_offset""); ct = gf_bs_read_ue_log(bs, ""frame_crop_top_offset""); cb = gf_bs_read_ue_log(bs, ""frame_crop_bottom_offset""); sps->width -= CropUnitX * (cl + cr); sps->height -= CropUnitY * (ct + cb); cl *= CropUnitX; cr *= CropUnitX; ct *= CropUnitY; cb *= CropUnitY; } sps->crop.left = cl; sps->crop.right = cr; sps->crop.top = ct; sps->crop.bottom = cb; if (vui_flag_pos) { *vui_flag_pos = (u32)gf_bs_get_bit_offset(bs); } sps->vui_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_parameters_present_flag""); if (sps->vui_parameters_present_flag) { sps->vui.aspect_ratio_info_present_flag = gf_bs_read_int_log(bs, 1, ""aspect_ratio_info_present_flag""); if (sps->vui.aspect_ratio_info_present_flag) { s32 aspect_ratio_idc = gf_bs_read_int_log(bs, 8, ""aspect_ratio_idc""); if (aspect_ratio_idc == 255) { sps->vui.par_num = gf_bs_read_int_log(bs, 16, ""aspect_ratio_num""); sps->vui.par_den = gf_bs_read_int_log(bs, 16, ""aspect_ratio_den""); } else if (aspect_ratio_idc < GF_ARRAY_LENGTH(avc_hevc_sar) ) { sps->vui.par_num = avc_hevc_sar[aspect_ratio_idc].w; sps->vui.par_den = avc_hevc_sar[aspect_ratio_idc].h; } else { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[avc-h264] Unknown aspect_ratio_idc: your video may have a wrong aspect ratio. Contact the GPAC team!\n"")); } } sps->vui.overscan_info_present_flag = gf_bs_read_int_log(bs, 1, ""overscan_info_present_flag""); if (sps->vui.overscan_info_present_flag) gf_bs_read_int_log(bs, 1, ""overscan_appropriate_flag""); sps->vui.video_format = 5; sps->vui.colour_primaries = 2; sps->vui.transfer_characteristics = 2; sps->vui.matrix_coefficients = 2; sps->vui.video_signal_type_present_flag = gf_bs_read_int_log(bs, 1, ""video_signal_type_present_flag""); if (sps->vui.video_signal_type_present_flag) { sps->vui.video_format = gf_bs_read_int_log(bs, 3, ""video_format""); sps->vui.video_full_range_flag = gf_bs_read_int_log(bs, 1, ""video_full_range_flag""); sps->vui.colour_description_present_flag = gf_bs_read_int_log(bs, 1, ""colour_description_present_flag""); if (sps->vui.colour_description_present_flag) { sps->vui.colour_primaries = gf_bs_read_int_log(bs, 8, ""colour_primaries""); sps->vui.transfer_characteristics = gf_bs_read_int_log(bs, 8, ""transfer_characteristics""); sps->vui.matrix_coefficients = gf_bs_read_int_log(bs, 8, ""matrix_coefficients""); } } if (gf_bs_read_int_log(bs, 1, ""chroma_location_info_present_flag"")) { gf_bs_read_ue_log(bs, ""chroma_sample_location_type_top_field""); gf_bs_read_ue_log(bs, ""chroma_sample_location_type_bottom_field""); } sps->vui.timing_info_present_flag = gf_bs_read_int_log(bs, 1, ""timing_info_present_flag""); if (sps->vui.timing_info_present_flag) { sps->vui.num_units_in_tick = gf_bs_read_int_log(bs, 32, ""num_units_in_tick""); sps->vui.time_scale = gf_bs_read_int_log(bs, 32, ""time_scale""); sps->vui.fixed_frame_rate_flag = gf_bs_read_int_log(bs, 1, ""fixed_frame_rate_flag""); } sps->vui.nal_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""nal_hrd_parameters_present_flag""); if (sps->vui.nal_hrd_parameters_present_flag) avc_parse_hrd_parameters(bs, &sps->vui.hrd); sps->vui.vcl_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vcl_hrd_parameters_present_flag""); if (sps->vui.vcl_hrd_parameters_present_flag) avc_parse_hrd_parameters(bs, &sps->vui.hrd); if (sps->vui.nal_hrd_parameters_present_flag || sps->vui.vcl_hrd_parameters_present_flag) sps->vui.low_delay_hrd_flag = gf_bs_read_int_log(bs, 1, ""low_delay_hrd_flag""); sps->vui.pic_struct_present_flag = gf_bs_read_int_log(bs, 1, ""pic_struct_present_flag""); } if (subseq_sps) { if ((profile_idc == 83) || (profile_idc == 86)) { u8 extended_spatial_scalability_idc; gf_bs_read_int_log(bs, 1, ""inter_layer_deblocking_filter_control_present_flag""); extended_spatial_scalability_idc = gf_bs_read_int_log(bs, 2, ""extended_spatial_scalability_idc""); if (sps->ChromaArrayType == 1 || sps->ChromaArrayType == 2) { gf_bs_read_int_log(bs, 1, ""chroma_phase_x_plus1_flag""); } if (sps->ChromaArrayType == 1) { gf_bs_read_int_log(bs, 2, ""chroma_phase_y_plus1""); } if (extended_spatial_scalability_idc == 1) { if (sps->ChromaArrayType > 0) { gf_bs_read_int_log(bs, 1, ""seq_ref_layer_chroma_phase_x_plus1_flag""); gf_bs_read_int_log(bs, 2, ""seq_ref_layer_chroma_phase_y_plus1""); } gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_left_offset""); gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_top_offset""); gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_right_offset""); gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_bottom_offset""); } if (gf_bs_read_int_log(bs, 1, ""seq_tcoeff_level_prediction_flag"")) { gf_bs_read_int_log(bs, 1, ""adaptive_tcoeff_level_prediction_flag""); } gf_bs_read_int_log(bs, 1, ""slice_header_restriction_flag""); if (gf_bs_read_int_log(bs, 1, ""svc_vui_parameters_present"")) { u32 vui_ext_num_entries_minus1 = gf_bs_read_ue_log(bs, ""vui_ext_num_entries_minus1""); for (i = 0; i <= vui_ext_num_entries_minus1; i++) { u8 vui_ext_nal_hrd_parameters_present_flag, vui_ext_vcl_hrd_parameters_present_flag, vui_ext_timing_info_present_flag; gf_bs_read_int_log(bs, 3, ""vui_ext_dependency_id""); gf_bs_read_int_log(bs, 4, ""vui_ext_quality_id""); gf_bs_read_int_log(bs, 3, ""vui_ext_temporal_id""); vui_ext_timing_info_present_flag = gf_bs_read_int_log(bs, 1, ""vui_ext_timing_info_present_flag""); if (vui_ext_timing_info_present_flag) { gf_bs_read_int_log(bs, 32, ""vui_ext_num_units_in_tick""); gf_bs_read_int_log(bs, 32, ""vui_ext_time_scale""); gf_bs_read_int_log(bs, 1, ""vui_ext_fixed_frame_rate_flag""); } vui_ext_nal_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_ext_nal_hrd_parameters_present_flag""); if (vui_ext_nal_hrd_parameters_present_flag) { } vui_ext_vcl_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_ext_vcl_hrd_parameters_present_flag""); if (vui_ext_vcl_hrd_parameters_present_flag) { } if (vui_ext_nal_hrd_parameters_present_flag || vui_ext_vcl_hrd_parameters_present_flag) { gf_bs_read_int_log(bs, 1, ""vui_ext_low_delay_hrd_flag""); } gf_bs_read_int_log(bs, 1, ""vui_ext_pic_struct_present_flag""); } } } else if ((profile_idc == 118) || (profile_idc == 128)) { GF_LOG(GF_LOG_INFO, GF_LOG_CODING, (""[avc-h264] MVC parsing not implemented - skipping parsing end of Subset SPS\n"")); return sps_id; } if (gf_bs_read_int_log(bs, 1, ""additional_extension2"")) { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[avc-h264] skipping parsing end of Subset SPS (additional_extension2)\n"")); return sps_id; } } return sps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,260169268145613,1 4914,['CWE-20'],"static int nfs_init_server(struct nfs_server *server, const struct nfs_mount_data *data) { struct nfs_client *clp; int error, nfsvers = 2; dprintk(""--> nfs_init_server()\n""); #ifdef CONFIG_NFS_V3 if (data->flags & NFS_MOUNT_VER3) nfsvers = 3; #endif clp = nfs_get_client(data->hostname, &data->addr, nfsvers); if (IS_ERR(clp)) { dprintk(""<-- nfs_init_server() = error %ld\n"", PTR_ERR(clp)); return PTR_ERR(clp); } error = nfs_init_client(clp, data); if (error < 0) goto error; server->nfs_client = clp; server->flags = data->flags & NFS_MOUNT_FLAGMASK; if (data->rsize) server->rsize = nfs_block_size(data->rsize, NULL); if (data->wsize) server->wsize = nfs_block_size(data->wsize, NULL); server->acregmin = data->acregmin * HZ; server->acregmax = data->acregmax * HZ; server->acdirmin = data->acdirmin * HZ; server->acdirmax = data->acdirmax * HZ; error = nfs_start_lockd(server); if (error < 0) goto error; error = nfs_init_server_rpcclient(server, data->pseudoflavor); if (error < 0) goto error; server->namelen = data->namlen; nfs_init_server_aclclient(server); dprintk(""<-- nfs_init_server() = 0 [new %p]\n"", clp); return 0; error: server->nfs_client = NULL; nfs_put_client(clp); dprintk(""<-- nfs_init_server() = xerror %d\n"", error); return error; }",linux-2.6,,,337497672690720010244799634236854799179,0 3801,[],"static void __unix_insert_socket(struct hlist_head *list, struct sock *sk) { BUG_TRAP(sk_unhashed(sk)); sk_add_node(sk, list); }",linux-2.6,,,59707428629147872211511226530798248306,0 4476,CWE-476,"h2v2_merged_upsample_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf, JDIMENSION in_row_group_ctr, JSAMPARRAY output_buf) { my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; register int y, cred, cgreen, cblue; int cb, cr; register JSAMPROW outptr0, outptr1; JSAMPROW inptr00, inptr01, inptr1, inptr2; JDIMENSION col; register JSAMPLE *range_limit = cinfo->sample_range_limit; int *Crrtab = upsample->Cr_r_tab; int *Cbbtab = upsample->Cb_b_tab; JLONG *Crgtab = upsample->Cr_g_tab; JLONG *Cbgtab = upsample->Cb_g_tab; SHIFT_TEMPS inptr00 = input_buf[0][in_row_group_ctr * 2]; inptr01 = input_buf[0][in_row_group_ctr * 2 + 1]; inptr1 = input_buf[1][in_row_group_ctr]; inptr2 = input_buf[2][in_row_group_ctr]; outptr0 = output_buf[0]; outptr1 = output_buf[1]; for (col = cinfo->output_width >> 1; col > 0; col--) { cb = GETJSAMPLE(*inptr1++); cr = GETJSAMPLE(*inptr2++); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr00++); outptr0[RGB_RED] = range_limit[y + cred]; outptr0[RGB_GREEN] = range_limit[y + cgreen]; outptr0[RGB_BLUE] = range_limit[y + cblue]; #ifdef RGB_ALPHA outptr0[RGB_ALPHA] = 0xFF; #endif outptr0 += RGB_PIXELSIZE; y = GETJSAMPLE(*inptr00++); outptr0[RGB_RED] = range_limit[y + cred]; outptr0[RGB_GREEN] = range_limit[y + cgreen]; outptr0[RGB_BLUE] = range_limit[y + cblue]; #ifdef RGB_ALPHA outptr0[RGB_ALPHA] = 0xFF; #endif outptr0 += RGB_PIXELSIZE; y = GETJSAMPLE(*inptr01++); outptr1[RGB_RED] = range_limit[y + cred]; outptr1[RGB_GREEN] = range_limit[y + cgreen]; outptr1[RGB_BLUE] = range_limit[y + cblue]; #ifdef RGB_ALPHA outptr1[RGB_ALPHA] = 0xFF; #endif outptr1 += RGB_PIXELSIZE; y = GETJSAMPLE(*inptr01++); outptr1[RGB_RED] = range_limit[y + cred]; outptr1[RGB_GREEN] = range_limit[y + cgreen]; outptr1[RGB_BLUE] = range_limit[y + cblue]; #ifdef RGB_ALPHA outptr1[RGB_ALPHA] = 0xFF; #endif outptr1 += RGB_PIXELSIZE; } if (cinfo->output_width & 1) { cb = GETJSAMPLE(*inptr1); cr = GETJSAMPLE(*inptr2); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr00); outptr0[RGB_RED] = range_limit[y + cred]; outptr0[RGB_GREEN] = range_limit[y + cgreen]; outptr0[RGB_BLUE] = range_limit[y + cblue]; #ifdef RGB_ALPHA outptr0[RGB_ALPHA] = 0xFF; #endif y = GETJSAMPLE(*inptr01); outptr1[RGB_RED] = range_limit[y + cred]; outptr1[RGB_GREEN] = range_limit[y + cgreen]; outptr1[RGB_BLUE] = range_limit[y + cblue]; #ifdef RGB_ALPHA outptr1[RGB_ALPHA] = 0xFF; #endif } }",visit repo url,jdmrgext.c,https://github.com/libjpeg-turbo/libjpeg-turbo,60049982298571,1 101,['CWE-787'],"static int cirrus_hook_write_palette(CirrusVGAState * s, int reg_value) { if (!(s->sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) return CIRRUS_HOOK_NOT_HANDLED; s->dac_cache[s->dac_sub_index] = reg_value; if (++s->dac_sub_index == 3) { memcpy(&s->cirrus_hidden_palette[(s->dac_write_index & 0x0f) * 3], s->dac_cache, 3); s->dac_sub_index = 0; s->dac_write_index++; } return CIRRUS_HOOK_HANDLED; }",qemu,,,120504775361909001362465203107002973807,0 5280,['CWE-264'],"static bool acl_group_override(connection_struct *conn, SMB_STRUCT_STAT *psbuf, const char *fname) { if ((errno != EPERM) && (errno != EACCES)) { return false; } if (lp_acl_group_control(SNUM(conn)) && current_user_in_group(psbuf->st_gid)) { return true; } if (lp_dos_filemode(SNUM(conn)) && can_write_to_file(conn, fname, psbuf)) { return true; } return false; }",samba,,,98370203701002993678204372902256110929,0 65,CWE-125,"bool_t xdr_nullstring(XDR *xdrs, char **objp) { u_int size; if (xdrs->x_op == XDR_ENCODE) { if (*objp == NULL) size = 0; else size = strlen(*objp) + 1; } if (! xdr_u_int(xdrs, &size)) { return FALSE; } switch (xdrs->x_op) { case XDR_DECODE: if (size == 0) { *objp = NULL; return TRUE; } else if (*objp == NULL) { *objp = (char *) mem_alloc(size); if (*objp == NULL) { errno = ENOMEM; return FALSE; } } return (xdr_opaque(xdrs, *objp, size)); case XDR_ENCODE: if (size != 0) return (xdr_opaque(xdrs, *objp, size)); return TRUE; case XDR_FREE: if (*objp != NULL) mem_free(*objp, size); *objp = NULL; return TRUE; } return FALSE; }",visit repo url,src/lib/kadm5/kadm_rpc_xdr.c,https://github.com/krb5/krb5,65606141587309,1 2790,['CWE-264'],"sbni_isa_probe( struct net_device *dev ) { if( dev->base_addr > 0x1ff && request_region( dev->base_addr, SBNI_IO_EXTENT, dev->name ) && sbni_probe1( dev, dev->base_addr, dev->irq ) ) return 0; else { printk( KERN_ERR ""sbni: base address 0x%lx is busy, or adapter "" ""is malfunctional!\n"", dev->base_addr ); return -ENODEV; } }",linux-2.6,,,23435996843988008996709935911737797945,0 6467,CWE-119,"void * pvPortMalloc( size_t xWantedSize ) { void * pvReturn = NULL; static uint8_t * pucAlignedHeap = NULL; #if ( portBYTE_ALIGNMENT != 1 ) { if( xWantedSize & portBYTE_ALIGNMENT_MASK ) { xWantedSize += ( portBYTE_ALIGNMENT - ( xWantedSize & portBYTE_ALIGNMENT_MASK ) ); } } #endif vTaskSuspendAll(); { if( pucAlignedHeap == NULL ) { pucAlignedHeap = ( uint8_t * ) ( ( ( portPOINTER_SIZE_TYPE ) & ucHeap[ portBYTE_ALIGNMENT ] ) & ( ~( ( portPOINTER_SIZE_TYPE ) portBYTE_ALIGNMENT_MASK ) ) ); } if( ( ( xNextFreeByte + xWantedSize ) < configADJUSTED_HEAP_SIZE ) && ( ( xNextFreeByte + xWantedSize ) > xNextFreeByte ) ) { pvReturn = pucAlignedHeap + xNextFreeByte; xNextFreeByte += xWantedSize; } traceMALLOC( pvReturn, xWantedSize ); } ( void ) xTaskResumeAll(); #if ( configUSE_MALLOC_FAILED_HOOK == 1 ) { if( pvReturn == NULL ) { extern void vApplicationMallocFailedHook( void ); vApplicationMallocFailedHook(); } } #endif return pvReturn; } ",visit repo url,portable/MemMang/heap_1.c,https://github.com/FreeRTOS/FreeRTOS-Kernel,153899616035795,1 3211,CWE-125,"l2tp_call_errors_print(netdissect_options *ndo, const u_char *dat) { const uint16_t *ptr = (const uint16_t *)dat; uint16_t val_h, val_l; ptr++; val_h = EXTRACT_16BITS(ptr); ptr++; val_l = EXTRACT_16BITS(ptr); ptr++; ND_PRINT((ndo, ""CRCErr=%u "", (val_h<<16) + val_l)); val_h = EXTRACT_16BITS(ptr); ptr++; val_l = EXTRACT_16BITS(ptr); ptr++; ND_PRINT((ndo, ""FrameErr=%u "", (val_h<<16) + val_l)); val_h = EXTRACT_16BITS(ptr); ptr++; val_l = EXTRACT_16BITS(ptr); ptr++; ND_PRINT((ndo, ""HardOver=%u "", (val_h<<16) + val_l)); val_h = EXTRACT_16BITS(ptr); ptr++; val_l = EXTRACT_16BITS(ptr); ptr++; ND_PRINT((ndo, ""BufOver=%u "", (val_h<<16) + val_l)); val_h = EXTRACT_16BITS(ptr); ptr++; val_l = EXTRACT_16BITS(ptr); ptr++; ND_PRINT((ndo, ""Timeout=%u "", (val_h<<16) + val_l)); val_h = EXTRACT_16BITS(ptr); ptr++; val_l = EXTRACT_16BITS(ptr); ptr++; ND_PRINT((ndo, ""AlignErr=%u "", (val_h<<16) + val_l)); }",visit repo url,print-l2tp.c,https://github.com/the-tcpdump-group/tcpdump,169199244529109,1 1102,CWE-362,"int cipso_v4_sock_setattr(struct sock *sk, const struct cipso_v4_doi *doi_def, const struct netlbl_lsm_secattr *secattr) { int ret_val = -EPERM; unsigned char *buf = NULL; u32 buf_len; u32 opt_len; struct ip_options *opt = NULL; struct inet_sock *sk_inet; struct inet_connection_sock *sk_conn; if (sk == NULL) return 0; buf_len = CIPSO_V4_OPT_LEN_MAX; buf = kmalloc(buf_len, GFP_ATOMIC); if (buf == NULL) { ret_val = -ENOMEM; goto socket_setattr_failure; } ret_val = cipso_v4_genopt(buf, buf_len, doi_def, secattr); if (ret_val < 0) goto socket_setattr_failure; buf_len = ret_val; opt_len = (buf_len + 3) & ~3; opt = kzalloc(sizeof(*opt) + opt_len, GFP_ATOMIC); if (opt == NULL) { ret_val = -ENOMEM; goto socket_setattr_failure; } memcpy(opt->__data, buf, buf_len); opt->optlen = opt_len; opt->cipso = sizeof(struct iphdr); kfree(buf); buf = NULL; sk_inet = inet_sk(sk); if (sk_inet->is_icsk) { sk_conn = inet_csk(sk); if (sk_inet->opt) sk_conn->icsk_ext_hdr_len -= sk_inet->opt->optlen; sk_conn->icsk_ext_hdr_len += opt->optlen; sk_conn->icsk_sync_mss(sk, sk_conn->icsk_pmtu_cookie); } opt = xchg(&sk_inet->opt, opt); kfree(opt); return 0; socket_setattr_failure: kfree(buf); kfree(opt); return ret_val; }",visit repo url,net/ipv4/cipso_ipv4.c,https://github.com/torvalds/linux,169750473977027,1 1588,CWE-835,"static ssize_t fuse_fill_write_pages(struct fuse_req *req, struct address_space *mapping, struct iov_iter *ii, loff_t pos) { struct fuse_conn *fc = get_fuse_conn(mapping->host); unsigned offset = pos & (PAGE_CACHE_SIZE - 1); size_t count = 0; int err; req->in.argpages = 1; req->page_descs[0].offset = offset; do { size_t tmp; struct page *page; pgoff_t index = pos >> PAGE_CACHE_SHIFT; size_t bytes = min_t(size_t, PAGE_CACHE_SIZE - offset, iov_iter_count(ii)); bytes = min_t(size_t, bytes, fc->max_write - count); again: err = -EFAULT; if (iov_iter_fault_in_readable(ii, bytes)) break; err = -ENOMEM; page = grab_cache_page_write_begin(mapping, index, 0); if (!page) break; if (mapping_writably_mapped(mapping)) flush_dcache_page(page); tmp = iov_iter_copy_from_user_atomic(page, ii, offset, bytes); flush_dcache_page(page); if (!tmp) { unlock_page(page); page_cache_release(page); bytes = min(bytes, iov_iter_single_seg_count(ii)); goto again; } err = 0; req->pages[req->num_pages] = page; req->page_descs[req->num_pages].length = tmp; req->num_pages++; iov_iter_advance(ii, tmp); count += tmp; pos += tmp; offset += tmp; if (offset == PAGE_CACHE_SIZE) offset = 0; if (!fc->big_writes) break; } while (iov_iter_count(ii) && count < fc->max_write && req->num_pages < req->max_pages && offset == 0); return count > 0 ? count : err; }",visit repo url,fs/fuse/file.c,https://github.com/torvalds/linux,118367009559132,1 4358,CWE-59,"static int fsmVerify(const char *path, rpmfi fi) { int rc; int saveerrno = errno; struct stat dsb; mode_t mode = rpmfiFMode(fi); rc = fsmStat(path, 1, &dsb); if (rc) return rc; if (S_ISREG(mode)) { char *rmpath = rstrscat(NULL, path, ""-RPMDELETE"", NULL); rc = fsmRename(path, rmpath); if (!rc) (void) fsmUnlink(rmpath); else rc = RPMERR_UNLINK_FAILED; free(rmpath); return (rc ? rc : RPMERR_ENOENT); } else if (S_ISDIR(mode)) { if (S_ISDIR(dsb.st_mode)) return 0; if (S_ISLNK(dsb.st_mode)) { rc = fsmStat(path, 0, &dsb); if (rc == RPMERR_ENOENT) rc = 0; if (rc) return rc; errno = saveerrno; if (S_ISDIR(dsb.st_mode)) return 0; } } else if (S_ISLNK(mode)) { if (S_ISLNK(dsb.st_mode)) { char buf[8 * BUFSIZ]; size_t len; rc = fsmReadLink(path, buf, 8 * BUFSIZ, &len); errno = saveerrno; if (rc) return rc; if (rstreq(rpmfiFLink(fi), buf)) return 0; } } else if (S_ISFIFO(mode)) { if (S_ISFIFO(dsb.st_mode)) return 0; } else if (S_ISCHR(mode) || S_ISBLK(mode)) { if ((S_ISCHR(dsb.st_mode) || S_ISBLK(dsb.st_mode)) && (dsb.st_rdev == rpmfiFRdev(fi))) return 0; } else if (S_ISSOCK(mode)) { if (S_ISSOCK(dsb.st_mode)) return 0; } rc = fsmUnlink(path); if (rc == 0) rc = RPMERR_ENOENT; return (rc ? rc : RPMERR_ENOENT); }",visit repo url,lib/fsm.c,https://github.com/rpm-software-management/rpm,187658457496258,1 2486,CWE-119,"int squidclamav_check_preview_handler(char *preview_data, int preview_data_len, ci_request_t * req) { ci_headers_list_t *req_header; struct http_info httpinf; av_req_data_t *data = ci_service_data(req); char *clientip; struct hostent *clientname; unsigned long ip; char *username; char *content_type; ci_off_t content_length; char *chain_ret = NULL; char *ret = NULL; int chkipdone = 0; ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: processing preview header.\n""); if (preview_data_len) ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: preview data size is %d\n"", preview_data_len); if ((req_header = ci_http_request_headers(req)) == NULL) { ci_debug_printf(0, ""ERROR squidclamav_check_preview_handler: bad http header, aborting.\n""); return CI_ERROR; } if ((username = ci_headers_value(req->request_header, ""X-Authenticated-User"")) != NULL) { ci_debug_printf(2, ""DEBUG squidclamav_check_preview_handler: X-Authenticated-User: %s\n"", username); if (simple_pattern_compare(username, TRUSTUSER) == 1) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: No squidguard and antivir check (TRUSTUSER match) for user: %s\n"", username); return CI_MOD_ALLOW204; } } else { username = (char *)malloc(sizeof(char)*2); strcpy(username, ""-""); } if ((clientip = ci_headers_value(req->request_header, ""X-Client-IP"")) != NULL) { ci_debug_printf(2, ""DEBUG squidclamav_check_preview_handler: X-Client-IP: %s\n"", clientip); ip = inet_addr(clientip); chkipdone = 0; if (dnslookup == 1) { if ( (clientname = gethostbyaddr((char *)&ip, sizeof(ip), AF_INET)) != NULL) { if (clientname->h_name != NULL) { if (client_pattern_compare(clientip, clientname->h_name) > 0) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: No squidguard and antivir check (TRUSTCLIENT match) for client: %s(%s)\n"", clientname->h_name, clientip); return CI_MOD_ALLOW204; } chkipdone = 1; } } } if (chkipdone == 0) { if (client_pattern_compare(clientip, NULL) > 0) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: No squidguard and antivir check (TRUSTCLIENT match) for client: %s\n"", clientip); return CI_MOD_ALLOW204; } } } else { clientip = (char *)malloc(sizeof(char)*2); strcpy(clientip, ""-""); } if (!extract_http_info(req, req_header, &httpinf)) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: bad http header, aborting.\n""); return CI_MOD_ALLOW204; } ci_debug_printf(2, ""DEBUG squidclamav_check_preview_handler: URL requested: %s\n"", httpinf.url); if (simple_pattern_compare(httpinf.url, WHITELIST) == 1) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: No squidguard and antivir check (WHITELIST match) for url: %s\n"", httpinf.url); return CI_MOD_ALLOW204; } if (usepipe == 1) { ci_debug_printf(2, ""DEBUG squidclamav_check_preview_handler: Sending request to chained program: %s\n"", squidguard); ci_debug_printf(2, ""DEBUG squidclamav_check_preview_handler: Request: %s %s %s %s\n"", httpinf.url,clientip,username,httpinf.method); fprintf(sgfpw,""%s %s %s %s\n"",httpinf.url,clientip,username,httpinf.method); fflush(sgfpw); chain_ret = (char *)malloc(sizeof(char)*MAX_URL_SIZE); if (chain_ret != NULL) { ret = fgets(chain_ret,MAX_URL_SIZE,sgfpr); if ((ret != NULL) && (strlen(chain_ret) > 1)) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: Chained program redirection received: %s\n"", chain_ret); if (logredir) ci_debug_printf(0, ""INFO Chained program redirection received: %s\n"", chain_ret); data->blocked = 1; generate_redirect_page(strtok(chain_ret, "" ""), req, data); xfree(chain_ret); chain_ret = NULL; return CI_MOD_CONTINUE; } xfree(chain_ret); chain_ret = NULL; } } if (strcmp(httpinf.method, ""CONNECT"") == 0) { ci_debug_printf(2, ""DEBUG squidclamav_check_preview_handler: method %s can't be scanned.\n"", httpinf.method); return CI_MOD_ALLOW204; } if (simple_pattern_compare(httpinf.url, ABORT) == 1) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: No antivir check (ABORT match) for url: %s\n"", httpinf.url); return CI_MOD_ALLOW204; } content_length = ci_http_content_length(req); ci_debug_printf(2, ""DEBUG squidclamav_check_preview_handler: Content-Length: %d\n"", (int)content_length); if ((content_length > 0) && (maxsize > 0) && (content_length >= maxsize)) { ci_debug_printf(2, ""DEBUG squidclamav_check_preview_handler: No antivir check, content-length upper than maxsize (%d > %d)\n"", content_length, (int)maxsize); return CI_MOD_ALLOW204; } if ((content_type = http_content_type(req)) != NULL) { ci_debug_printf(2, ""DEBUG squidclamav_check_preview_handler: Content-Type: %s\n"", content_type); if (simple_pattern_compare(content_type, ABORTCONTENT)) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: No antivir check (ABORTCONTENT match) for content-type: %s\n"", content_type); return CI_MOD_ALLOW204; } } if (!data || !ci_req_hasbody(req)) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: No body data, allow 204\n""); return CI_MOD_ALLOW204; } if (preview_data_len == 0) { ci_debug_printf(1, ""DEBUG squidclamav_check_preview_handler: can not begin to scan url: No preview data.\n""); return CI_MOD_ALLOW204; } data->url = ci_buffer_alloc(strlen(httpinf.url)+1); strcpy(data->url, httpinf.url); if (username != NULL) { data->user = ci_buffer_alloc(strlen(username)+1); strcpy(data->user, username); } else { data->user = NULL; } if (clientip != NULL) { data->clientip = ci_buffer_alloc(strlen(clientip)+1); strcpy(data->clientip, clientip); } else { ci_debug_printf(0, ""ERROR squidclamav_check_preview_handler: clientip is null, you must set 'icap_send_client_ip on' into squid.conf\n""); data->clientip = NULL; } data->body = ci_simple_file_new(0); if ((SEND_PERCENT_BYTES >= 0) && (START_SEND_AFTER == 0)) { ci_req_unlock_data(req); ci_simple_file_lock_all(data->body); } if (!data->body) return CI_ERROR; if (preview_data_len) { if (ci_simple_file_write(data->body, preview_data, preview_data_len, ci_req_hasalldata(req)) == CI_ERROR) return CI_ERROR; } return CI_MOD_CONTINUE; }",visit repo url,src/squidclamav.c,https://github.com/darold/squidclamav,122179653446155,1 532,['CWE-399'],"static int pwc_create_sysfs_files(struct video_device *vdev) { struct pwc_device *pdev = video_get_drvdata(vdev); int rc; rc = video_device_create_file(vdev, &class_device_attr_button); if (rc) goto err; if (pdev->features & FEATURE_MOTOR_PANTILT) { rc = video_device_create_file(vdev,&class_device_attr_pan_tilt); if (rc) goto err_button; } return 0; err_button: video_device_remove_file(vdev, &class_device_attr_button); err: return rc; }",linux-2.6,,,87374017914219368358722770633701762723,0 3781,CWE-416,"define_function(exarg_T *eap, char_u *name_arg) { char_u *line_to_free = NULL; int j; int c; int saved_did_emsg; char_u *name = name_arg; int is_global = FALSE; char_u *p; char_u *arg; char_u *whitep; char_u *line_arg = NULL; garray_T newargs; garray_T argtypes; garray_T default_args; garray_T newlines; int varargs = FALSE; int flags = 0; char_u *ret_type = NULL; ufunc_T *fp = NULL; int fp_allocated = FALSE; int free_fp = FALSE; int overwrite = FALSE; dictitem_T *v; funcdict_T fudi; static int func_nr = 0; int paren; hashitem_T *hi; linenr_T sourcing_lnum_top; int vim9script = in_vim9script(); imported_T *import = NULL; if (ends_excmd2(eap->cmd, eap->arg)) { if (!eap->skip) list_functions(NULL); set_nextcmd(eap, eap->arg); return NULL; } if (*eap->arg == '/') { p = skip_regexp(eap->arg + 1, '/', TRUE); if (!eap->skip) { regmatch_T regmatch; c = *p; *p = NUL; regmatch.regprog = vim_regcomp(eap->arg + 1, RE_MAGIC); *p = c; if (regmatch.regprog != NULL) { regmatch.rm_ic = p_ic; list_functions(®match); vim_regfree(regmatch.regprog); } } if (*p == '/') ++p; set_nextcmd(eap, p); return NULL; } ga_init(&newargs); ga_init(&argtypes); ga_init(&default_args); p = eap->arg; if (name_arg != NULL) { paren = TRUE; CLEAR_FIELD(fudi); } else { name = save_function_name(&p, &is_global, eap->skip, TFN_NO_AUTOLOAD, &fudi); paren = (vim_strchr(p, '(') != NULL); if (name == NULL && (fudi.fd_dict == NULL || !paren) && !eap->skip) { if (!aborting()) { if (!eap->skip && fudi.fd_newkey != NULL) semsg(_(e_dictkey), fudi.fd_newkey); vim_free(fudi.fd_newkey); return NULL; } else eap->skip = TRUE; } } saved_did_emsg = did_emsg; did_emsg = FALSE; if (!paren) { if (!ends_excmd(*skipwhite(p))) { semsg(_(e_trailing_arg), p); goto ret_free; } set_nextcmd(eap, p); if (eap->nextcmd != NULL) *p = NUL; if (!eap->skip && !got_int) { fp = find_func(name, is_global, NULL); if (fp == NULL && ASCII_ISUPPER(*eap->arg)) { char_u *up = untrans_function_name(name); if (up != NULL) fp = find_func(up, FALSE, NULL); } if (fp != NULL) { list_func_head(fp, TRUE); for (j = 0; j < fp->uf_lines.ga_len && !got_int; ++j) { if (FUNCLINE(fp, j) == NULL) continue; msg_putchar('\n'); msg_outnum((long)(j + 1)); if (j < 9) msg_putchar(' '); if (j < 99) msg_putchar(' '); msg_prt_line(FUNCLINE(fp, j), FALSE); out_flush(); ui_breakcheck(); } if (!got_int) { msg_putchar('\n'); if (fp->uf_def_status != UF_NOT_COMPILED) msg_puts("" enddef""); else msg_puts("" endfunction""); } } else emsg_funcname(N_(""E123: Undefined function: %s""), eap->arg); } goto ret_free; } p = skipwhite(p); if (*p != '(') { if (!eap->skip) { semsg(_(""E124: Missing '(': %s""), eap->arg); goto ret_free; } if (vim_strchr(p, '(') != NULL) p = vim_strchr(p, '('); } if ((vim9script || eap->cmdidx == CMD_def) && VIM_ISWHITE(p[-1])) { semsg(_(e_no_white_space_allowed_before_str_str), ""("", p - 1); goto ret_free; } if (vim9script && eap->forceit && !is_global) { emsg(_(e_nobang)); goto ret_free; } ga_init2(&newlines, (int)sizeof(char_u *), 10); if (!eap->skip && name_arg == NULL) { if (name != NULL) arg = name; else arg = fudi.fd_newkey; if (arg != NULL && (fudi.fd_di == NULL || (fudi.fd_di->di_tv.v_type != VAR_FUNC && fudi.fd_di->di_tv.v_type != VAR_PARTIAL))) { char_u *name_base = arg; int i; if (*arg == K_SPECIAL) { name_base = vim_strchr(arg, '_'); if (name_base == NULL) name_base = arg + 3; else ++name_base; } for (i = 0; name_base[i] != NUL && (i == 0 ? eval_isnamec1(name_base[i]) : eval_isnamec(name_base[i])); ++i) ; if (name_base[i] != NUL) emsg_funcname((char *)e_invarg2, arg); if (vim9script && *arg == K_SPECIAL && eval_variable(name_base, (int)STRLEN(name_base), NULL, NULL, EVAL_VAR_NOAUTOLOAD + EVAL_VAR_IMPORT + EVAL_VAR_NO_FUNC) == OK) { semsg(_(e_redefining_script_item_str), name_base); goto ret_free; } } if (fudi.fd_dict != NULL && fudi.fd_dict->dv_scope == VAR_DEF_SCOPE) { emsg(_(""E862: Cannot use g: here"")); goto ret_free; } } ++p; if (get_function_args(&p, ')', &newargs, eap->cmdidx == CMD_def ? &argtypes : NULL, FALSE, NULL, &varargs, &default_args, eap->skip, eap, &line_to_free) == FAIL) goto errret_2; whitep = p; if (eap->cmdidx == CMD_def) { if (*skipwhite(p) == ':') { if (*p != ':') { semsg(_(e_no_white_space_allowed_before_colon_str), p); p = skipwhite(p); } else if (!IS_WHITE_OR_NUL(p[1])) semsg(_(e_white_space_required_after_str_str), "":"", p); ret_type = skipwhite(p + 1); p = skip_type(ret_type, FALSE); if (p > ret_type) { ret_type = vim_strnsave(ret_type, p - ret_type); whitep = p; p = skipwhite(p); } else { semsg(_(e_expected_type_str), ret_type); ret_type = NULL; } } p = skipwhite(p); } else for (;;) { whitep = p; p = skipwhite(p); if (STRNCMP(p, ""range"", 5) == 0) { flags |= FC_RANGE; p += 5; } else if (STRNCMP(p, ""dict"", 4) == 0) { flags |= FC_DICT; p += 4; } else if (STRNCMP(p, ""abort"", 5) == 0) { flags |= FC_ABORT; p += 5; } else if (STRNCMP(p, ""closure"", 7) == 0) { flags |= FC_CLOSURE; p += 7; if (current_funccal == NULL) { emsg_funcname(N_(""E932: Closure function should not be at top level: %s""), name == NULL ? (char_u *)"""" : name); goto erret; } } else break; } if (*p == '\n') line_arg = p + 1; else if (*p != NUL && !(*p == '""' && (!vim9script || eap->cmdidx == CMD_function) && eap->cmdidx != CMD_def) && !(VIM_ISWHITE(*whitep) && *p == '#' && (vim9script || eap->cmdidx == CMD_def)) && !eap->skip && !did_emsg) semsg(_(e_trailing_arg), p); if (KeyTyped) { if (!eap->skip && !eap->forceit) { if (fudi.fd_dict != NULL && fudi.fd_newkey == NULL) emsg(_(e_funcdict)); else if (name != NULL && find_func(name, is_global, NULL) != NULL) emsg_funcname(e_funcexts, name); } if (!eap->skip && did_emsg) goto erret; msg_putchar('\n'); cmdline_row = msg_row; } sourcing_lnum_top = SOURCING_LNUM; if (get_function_body(eap, &newlines, line_arg, &line_to_free) == FAIL || eap->skip) goto erret; if (fudi.fd_dict == NULL) { hashtab_T *ht; v = find_var(name, &ht, TRUE); if (v != NULL && v->di_tv.v_type == VAR_FUNC) { emsg_funcname(N_(""E707: Function name conflicts with variable: %s""), name); goto erret; } fp = find_func_even_dead(name, is_global, NULL); if (vim9script) { char_u *uname = untrans_function_name(name); import = find_imported(uname == NULL ? name : uname, 0, NULL); } if (fp != NULL || import != NULL) { int dead = fp != NULL && (fp->uf_flags & FC_DEAD); if (import != NULL || (!dead && !eap->forceit && (fp->uf_script_ctx.sc_sid != current_sctx.sc_sid || fp->uf_script_ctx.sc_seq == current_sctx.sc_seq))) { SOURCING_LNUM = sourcing_lnum_top; if (vim9script) emsg_funcname(e_name_already_defined_str, name); else emsg_funcname(e_funcexts, name); goto erret; } if (fp->uf_calls > 0) { emsg_funcname( N_(""E127: Cannot redefine function %s: It is in use""), name); goto erret; } if (fp->uf_refcount > 1) { --fp->uf_refcount; fp->uf_flags |= FC_REMOVED; fp = NULL; overwrite = TRUE; } else { char_u *exp_name = fp->uf_name_exp; VIM_CLEAR(name); fp->uf_name_exp = NULL; func_clear_items(fp); fp->uf_name_exp = exp_name; fp->uf_flags &= ~FC_DEAD; #ifdef FEAT_PROFILE fp->uf_profiling = FALSE; fp->uf_prof_initialized = FALSE; #endif fp->uf_def_status = UF_NOT_COMPILED; } } } else { char numbuf[20]; fp = NULL; if (fudi.fd_newkey == NULL && !eap->forceit) { emsg(_(e_funcdict)); goto erret; } if (fudi.fd_di == NULL) { if (value_check_lock(fudi.fd_dict->dv_lock, eap->arg, FALSE)) goto erret; } else if (value_check_lock(fudi.fd_di->di_tv.v_lock, eap->arg, FALSE)) goto erret; vim_free(name); sprintf(numbuf, ""%d"", ++func_nr); name = vim_strsave((char_u *)numbuf); if (name == NULL) goto erret; } if (fp == NULL) { if (fudi.fd_dict == NULL && vim_strchr(name, AUTOLOAD_CHAR) != NULL) { int slen, plen; char_u *scriptname; j = FAIL; if (SOURCING_NAME != NULL) { scriptname = autoload_name(name); if (scriptname != NULL) { p = vim_strchr(scriptname, '/'); plen = (int)STRLEN(p); slen = (int)STRLEN(SOURCING_NAME); if (slen > plen && fnamecmp(p, SOURCING_NAME + slen - plen) == 0) j = OK; vim_free(scriptname); } } if (j == FAIL) { linenr_T save_lnum = SOURCING_LNUM; SOURCING_LNUM = sourcing_lnum_top; semsg(_(""E746: Function name does not match script file name: %s""), name); SOURCING_LNUM = save_lnum; goto erret; } } fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); if (fp == NULL) goto erret; fp_allocated = TRUE; if (fudi.fd_dict != NULL) { if (fudi.fd_di == NULL) { fudi.fd_di = dictitem_alloc(fudi.fd_newkey); if (fudi.fd_di == NULL) { vim_free(fp); fp = NULL; goto erret; } if (dict_add(fudi.fd_dict, fudi.fd_di) == FAIL) { vim_free(fudi.fd_di); vim_free(fp); fp = NULL; goto erret; } } else clear_tv(&fudi.fd_di->di_tv); fudi.fd_di->di_tv.v_type = VAR_FUNC; fudi.fd_di->di_tv.vval.v_string = vim_strsave(name); flags |= FC_DICT; } } fp->uf_args = newargs; fp->uf_def_args = default_args; fp->uf_ret_type = &t_any; fp->uf_func_type = &t_func_any; if (eap->cmdidx == CMD_def) { int lnum_save = SOURCING_LNUM; cstack_T *cstack = eap->cstack; fp->uf_def_status = UF_TO_BE_COMPILED; SOURCING_LNUM = sourcing_lnum_top; function_using_block_scopes(fp, cstack); if (parse_argument_types(fp, &argtypes, varargs) == FAIL) { SOURCING_LNUM = lnum_save; free_fp = fp_allocated; goto erret; } varargs = FALSE; if (parse_return_type(fp, ret_type) == FAIL) { SOURCING_LNUM = lnum_save; free_fp = fp_allocated; goto erret; } SOURCING_LNUM = lnum_save; } else fp->uf_def_status = UF_NOT_COMPILED; if (fp_allocated) { set_ufunc_name(fp, name); if (overwrite) { hi = hash_find(&func_hashtab, name); hi->hi_key = UF2HIKEY(fp); } else if (hash_add(&func_hashtab, UF2HIKEY(fp)) == FAIL) { free_fp = TRUE; goto erret; } fp->uf_refcount = 1; } fp->uf_lines = newlines; newlines.ga_data = NULL; if ((flags & FC_CLOSURE) != 0) { if (register_closure(fp) == FAIL) goto erret; } else fp->uf_scoped = NULL; #ifdef FEAT_PROFILE if (prof_def_func()) func_do_profile(fp); #endif fp->uf_varargs = varargs; if (sandbox) flags |= FC_SANDBOX; if (vim9script && !ASCII_ISUPPER(*fp->uf_name)) flags |= FC_VIM9; fp->uf_flags = flags; fp->uf_calls = 0; fp->uf_cleared = FALSE; fp->uf_script_ctx = current_sctx; fp->uf_script_ctx_version = current_sctx.sc_version; fp->uf_script_ctx.sc_lnum += sourcing_lnum_top; if (is_export) { fp->uf_flags |= FC_EXPORT; is_export = FALSE; } if (eap->cmdidx == CMD_def) set_function_type(fp); else if (fp->uf_script_ctx.sc_version == SCRIPT_VERSION_VIM9) fp->uf_script_ctx.sc_version = SCRIPT_VERSION_MAX; goto ret_free; erret: ga_clear_strings(&newargs); ga_clear_strings(&default_args); if (fp != NULL) { ga_init(&fp->uf_args); ga_init(&fp->uf_def_args); } errret_2: ga_clear_strings(&newlines); if (fp != NULL) VIM_CLEAR(fp->uf_arg_types); if (free_fp) { vim_free(fp); fp = NULL; } ret_free: ga_clear_strings(&argtypes); vim_free(line_to_free); vim_free(fudi.fd_newkey); if (name != name_arg) vim_free(name); vim_free(ret_type); did_emsg |= saved_did_emsg; return fp; }",visit repo url,src/userfunc.c,https://github.com/vim/vim,35655762296599,1 878,['CWE-200'],"static int shmem_remount_fs(struct super_block *sb, int *flags, char *data) { struct shmem_sb_info *sbinfo = SHMEM_SB(sb); unsigned long max_blocks = sbinfo->max_blocks; unsigned long max_inodes = sbinfo->max_inodes; int policy = sbinfo->policy; nodemask_t policy_nodes = sbinfo->policy_nodes; unsigned long blocks; unsigned long inodes; int error = -EINVAL; if (shmem_parse_options(data, NULL, NULL, NULL, &max_blocks, &max_inodes, &policy, &policy_nodes)) return error; spin_lock(&sbinfo->stat_lock); blocks = sbinfo->max_blocks - sbinfo->free_blocks; inodes = sbinfo->max_inodes - sbinfo->free_inodes; if (max_blocks < blocks) goto out; if (max_inodes < inodes) goto out; if (max_blocks && !sbinfo->max_blocks) goto out; if (max_inodes && !sbinfo->max_inodes) goto out; error = 0; sbinfo->max_blocks = max_blocks; sbinfo->free_blocks = max_blocks - blocks; sbinfo->max_inodes = max_inodes; sbinfo->free_inodes = max_inodes - inodes; sbinfo->policy = policy; sbinfo->policy_nodes = policy_nodes; out: spin_unlock(&sbinfo->stat_lock); return error; }",linux-2.6,,,255715185792665806621822310719396709208,0 4874,CWE-119,"const char * util_acl_to_str(const sc_acl_entry_t *e) { static char line[80], buf[20]; unsigned int acl; if (e == NULL) return ""N/A""; line[0] = 0; while (e != NULL) { acl = e->method; switch (acl) { case SC_AC_UNKNOWN: return ""N/A""; case SC_AC_NEVER: return ""NEVR""; case SC_AC_NONE: return ""NONE""; case SC_AC_CHV: strcpy(buf, ""CHV""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""%d"", e->key_ref); break; case SC_AC_TERM: strcpy(buf, ""TERM""); break; case SC_AC_PRO: strcpy(buf, ""PROT""); break; case SC_AC_AUT: strcpy(buf, ""AUTH""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 4, ""%d"", e->key_ref); break; case SC_AC_SEN: strcpy(buf, ""Sec.Env. ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; case SC_AC_SCB: strcpy(buf, ""Sec.ControlByte ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""Ox%X"", e->key_ref); break; case SC_AC_IDA: strcpy(buf, ""PKCS#15 AuthID ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; default: strcpy(buf, ""????""); break; } strcat(line, buf); strcat(line, "" ""); e = e->next; } line[strlen(line)-1] = 0; return line; }",visit repo url,src/tools/util.c,https://github.com/OpenSC/OpenSC,34728816745796,1 2911,['CWE-189'],"int jas_iccprof_gethdr(jas_iccprof_t *prof, jas_icchdr_t *hdr) { *hdr = prof->hdr; return 0; }",jasper,,,21902136889618905910740788710978890794,0 2855,CWE-119,"horizontalDifference16(unsigned short *ip, int n, int stride, unsigned short *wp, uint16 *From14) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) From14[(v) >> 2] mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,33444542816717,1 6274,CWE-787,"addMultiArrayContentJSON(CtxJson *ctx, void* array, const UA_DataType *type, size_t *index, UA_UInt32 *arrayDimensions, size_t dimensionIndex, size_t dimensionSize) { if(ctx->depth > UA_JSON_ENCODING_MAX_RECURSION) return UA_STATUSCODE_BADENCODINGERROR; status ret; if(dimensionIndex == (dimensionSize - 1)) { ret = encodeJsonArray(ctx, ((u8*)array) + (type->memSize * *index), arrayDimensions[dimensionIndex], type); (*index) += arrayDimensions[dimensionIndex]; return ret; } ret = writeJsonArrStart(ctx); for(size_t i = 0; i < arrayDimensions[dimensionIndex]; i++) { ret |= writeJsonCommaIfNeeded(ctx); ret |= addMultiArrayContentJSON(ctx, array, type, index, arrayDimensions, dimensionIndex + 1, dimensionSize); ctx->commaNeeded[ctx->depth] = true; if(ret != UA_STATUSCODE_GOOD) return ret; } ret |= writeJsonArrEnd(ctx); return ret; }",visit repo url,src/ua_types_encoding_json.c,https://github.com/open62541/open62541,163042328550624,1 6424,['CWE-190'],"get_gimp_image_type (const GimpImageBaseType image_base_type, const gboolean alpha) { GimpImageType image_type; switch (image_base_type) { case GIMP_GRAY: image_type = (alpha) ? GIMP_GRAYA_IMAGE : GIMP_GRAY_IMAGE; break; case GIMP_INDEXED: image_type = (alpha) ? GIMP_INDEXEDA_IMAGE : GIMP_INDEXED_IMAGE; break; case GIMP_RGB: image_type = (alpha) ? GIMP_RGBA_IMAGE : GIMP_RGB_IMAGE; break; default: image_type = -1; break; } return image_type; }",gimp,,,197684270780044806765109353909320451060,0 177,CWE-416,"static void ax25_kill_by_device(struct net_device *dev) { ax25_dev *ax25_dev; ax25_cb *s; struct sock *sk; if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL) return; spin_lock_bh(&ax25_list_lock); again: ax25_for_each(s, &ax25_list) { if (s->ax25_dev == ax25_dev) { sk = s->sk; sock_hold(sk); spin_unlock_bh(&ax25_list_lock); lock_sock(sk); s->ax25_dev = NULL; ax25_dev_put(ax25_dev); release_sock(sk); ax25_disconnect(s, ENETUNREACH); spin_lock_bh(&ax25_list_lock); sock_put(sk); goto again; } } spin_unlock_bh(&ax25_list_lock); }",visit repo url,net/ax25/af_ax25.c,https://github.com/torvalds/linux,13235392193164,1 6158,['CWE-200'],"static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c) { struct sk_buff *skb; struct nlmsgerr *e; while((skb=__skb_dequeue(&uc->mfc_un.unres.unresolved))) { if (skb->nh.iph->version == 0) { int err; struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct iphdr)); if (ipmr_fill_mroute(skb, c, NLMSG_DATA(nlh)) > 0) { nlh->nlmsg_len = skb->tail - (u8*)nlh; } else { nlh->nlmsg_type = NLMSG_ERROR; nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr)); skb_trim(skb, nlh->nlmsg_len); e = NLMSG_DATA(nlh); e->error = -EMSGSIZE; memset(&e->msg, 0, sizeof(e->msg)); } err = netlink_unicast(rtnl, skb, NETLINK_CB(skb).dst_pid, MSG_DONTWAIT); } else ip_mr_forward(skb, c, 0); } }",linux-2.6,,,302332778300372772878977232622515633909,0 4814,CWE-119,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 6225,CWE-190,"void fp54_write_bin(uint8_t *bin, int len, const fp54_t a, int pack) { fp54_t t; fp54_null(t); RLC_TRY { fp54_new(t); if (pack) { if (len != 36 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); } fp54_pck(t, a); fp9_write_bin(bin, 9 * RLC_FP_BYTES, a[1][0]); fp9_write_bin(bin + 9 * RLC_FP_BYTES, 9 * RLC_FP_BYTES, a[1][1]); fp9_write_bin(bin + 18 * RLC_FP_BYTES, 9 * RLC_FP_BYTES, a[2][0]); fp9_write_bin(bin + 27 * RLC_FP_BYTES, 9 * RLC_FP_BYTES, a[2][1]); } else { if (len != 54 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); } fp18_write_bin(bin, 18 * RLC_FP_BYTES, a[0]); fp18_write_bin(bin + 18 * RLC_FP_BYTES, 18 * RLC_FP_BYTES, a[1]); fp18_write_bin(bin + 36 * RLC_FP_BYTES, 18 * RLC_FP_BYTES, a[2]); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp54_free(t); } }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,224144671443728,1 23,['CWE-264'],"static void pdo_sqlite_request_shutdown(pdo_dbh_t *dbh TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; if (H) { pdo_sqlite_cleanup_callbacks(H TSRMLS_CC); } }",php-src,,,113593127295735753541296252328704400838,0 5984,['CWE-200'],"static void cbq_watchdog(unsigned long arg) { struct Qdisc *sch = (struct Qdisc*)arg; sch->flags &= ~TCQ_F_THROTTLED; netif_schedule(sch->dev); }",linux-2.6,,,155497662974472299600475823124240908351,0 1751,[],"asmlinkage long sys_sched_setaffinity(pid_t pid, unsigned int len, unsigned long __user *user_mask_ptr) { cpumask_t new_mask; int retval; retval = get_user_cpu_mask(user_mask_ptr, len, &new_mask); if (retval) return retval; return sched_setaffinity(pid, &new_mask); }",linux-2.6,,,59596158332242805991815051902218853109,0 5550,CWE-125,"ast2obj_expr(void* _o) { expr_ty o = (expr_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } switch (o->kind) { case BoolOp_kind: result = PyType_GenericNew(BoolOp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_boolop(o->v.BoolOp.op); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_op, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.BoolOp.values, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_values, value) == -1) goto failed; Py_DECREF(value); break; case BinOp_kind: result = PyType_GenericNew(BinOp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.BinOp.left); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_left, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_operator(o->v.BinOp.op); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_op, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.BinOp.right); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_right, value) == -1) goto failed; Py_DECREF(value); break; case UnaryOp_kind: result = PyType_GenericNew(UnaryOp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_unaryop(o->v.UnaryOp.op); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_op, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.UnaryOp.operand); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_operand, value) == -1) goto failed; Py_DECREF(value); break; case Lambda_kind: result = PyType_GenericNew(Lambda_type, NULL, NULL); if (!result) goto failed; value = ast2obj_arguments(o->v.Lambda.args); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.Lambda.body); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); break; case IfExp_kind: result = PyType_GenericNew(IfExp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.IfExp.test); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_test, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.IfExp.body); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_body, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.IfExp.orelse); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_orelse, value) == -1) goto failed; Py_DECREF(value); break; case Dict_kind: result = PyType_GenericNew(Dict_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Dict.keys, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_keys, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Dict.values, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_values, value) == -1) goto failed; Py_DECREF(value); break; case Set_kind: result = PyType_GenericNew(Set_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Set.elts, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elts, value) == -1) goto failed; Py_DECREF(value); break; case ListComp_kind: result = PyType_GenericNew(ListComp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.ListComp.elt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elt, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.ListComp.generators, ast2obj_comprehension); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_generators, value) == -1) goto failed; Py_DECREF(value); break; case SetComp_kind: result = PyType_GenericNew(SetComp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.SetComp.elt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elt, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.SetComp.generators, ast2obj_comprehension); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_generators, value) == -1) goto failed; Py_DECREF(value); break; case DictComp_kind: result = PyType_GenericNew(DictComp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.DictComp.key); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_key, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.DictComp.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.DictComp.generators, ast2obj_comprehension); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_generators, value) == -1) goto failed; Py_DECREF(value); break; case GeneratorExp_kind: result = PyType_GenericNew(GeneratorExp_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.GeneratorExp.elt); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elt, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.GeneratorExp.generators, ast2obj_comprehension); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_generators, value) == -1) goto failed; Py_DECREF(value); break; case Await_kind: result = PyType_GenericNew(Await_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Await.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Yield_kind: result = PyType_GenericNew(Yield_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Yield.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case YieldFrom_kind: result = PyType_GenericNew(YieldFrom_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.YieldFrom.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Compare_kind: result = PyType_GenericNew(Compare_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Compare.left); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_left, value) == -1) goto failed; Py_DECREF(value); { Py_ssize_t i, n = asdl_seq_LEN(o->v.Compare.ops); value = PyList_New(n); if (!value) goto failed; for(i = 0; i < n; i++) PyList_SET_ITEM(value, i, ast2obj_cmpop((cmpop_ty)asdl_seq_GET(o->v.Compare.ops, i))); } if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ops, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Compare.comparators, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_comparators, value) == -1) goto failed; Py_DECREF(value); break; case Call_kind: result = PyType_GenericNew(Call_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Call.func); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_func, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Call.args, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->v.Call.keywords, ast2obj_keyword); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_keywords, value) == -1) goto failed; Py_DECREF(value); break; case Num_kind: result = PyType_GenericNew(Num_type, NULL, NULL); if (!result) goto failed; value = ast2obj_object(o->v.Num.n); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_n, value) == -1) goto failed; Py_DECREF(value); break; case Str_kind: result = PyType_GenericNew(Str_type, NULL, NULL); if (!result) goto failed; value = ast2obj_string(o->v.Str.s); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_s, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_string(o->v.Str.kind); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_kind, value) == -1) goto failed; Py_DECREF(value); break; case FormattedValue_kind: result = PyType_GenericNew(FormattedValue_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.FormattedValue.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_int(o->v.FormattedValue.conversion); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_conversion, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->v.FormattedValue.format_spec); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_format_spec, value) == -1) goto failed; Py_DECREF(value); break; case JoinedStr_kind: result = PyType_GenericNew(JoinedStr_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.JoinedStr.values, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_values, value) == -1) goto failed; Py_DECREF(value); break; case Bytes_kind: result = PyType_GenericNew(Bytes_type, NULL, NULL); if (!result) goto failed; value = ast2obj_bytes(o->v.Bytes.s); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_s, value) == -1) goto failed; Py_DECREF(value); break; case NameConstant_kind: result = PyType_GenericNew(NameConstant_type, NULL, NULL); if (!result) goto failed; value = ast2obj_singleton(o->v.NameConstant.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Ellipsis_kind: result = PyType_GenericNew(Ellipsis_type, NULL, NULL); if (!result) goto failed; break; case Constant_kind: result = PyType_GenericNew(Constant_type, NULL, NULL); if (!result) goto failed; value = ast2obj_constant(o->v.Constant.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); break; case Attribute_kind: result = PyType_GenericNew(Attribute_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Attribute.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_identifier(o->v.Attribute.attr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_attr, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Attribute.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case Subscript_kind: result = PyType_GenericNew(Subscript_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Subscript.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_slice(o->v.Subscript.slice); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_slice, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Subscript.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case Starred_kind: result = PyType_GenericNew(Starred_type, NULL, NULL); if (!result) goto failed; value = ast2obj_expr(o->v.Starred.value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Starred.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case Name_kind: result = PyType_GenericNew(Name_type, NULL, NULL); if (!result) goto failed; value = ast2obj_identifier(o->v.Name.id); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_id, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Name.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case List_kind: result = PyType_GenericNew(List_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.List.elts, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elts, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.List.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; case Tuple_kind: result = PyType_GenericNew(Tuple_type, NULL, NULL); if (!result) goto failed; value = ast2obj_list(o->v.Tuple.elts, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_elts, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr_context(o->v.Tuple.ctx); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_ctx, value) == -1) goto failed; Py_DECREF(value); break; } value = ast2obj_int(o->lineno); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_lineno, value) < 0) goto failed; Py_DECREF(value); value = ast2obj_int(o->col_offset); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_col_offset, value) < 0) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,112324066274021,1 1361,[],"static void check_preempt_wakeup(struct rq *rq, struct task_struct *p) { struct task_struct *curr = rq->curr; struct cfs_rq *cfs_rq = task_cfs_rq(curr); struct sched_entity *se = &curr->se, *pse = &p->se; unsigned long gran; if (unlikely(rt_prio(p->prio))) { update_rq_clock(rq); update_curr(cfs_rq); resched_task(curr); return; } cfs_rq_of(pse)->next = pse; if (unlikely(p->policy == SCHED_BATCH)) return; if (!sched_feat(WAKEUP_PREEMPT)) return; while (!is_same_group(se, pse)) { se = parent_entity(se); pse = parent_entity(pse); } gran = sysctl_sched_wakeup_granularity; if (unlikely(se->load.weight > NICE_0_LOAD)) gran = calc_delta_fair(gran, &se->load); if (pse->vruntime + gran < se->vruntime) resched_task(curr); }",linux-2.6,,,116930890413800300301618785319835562529,0 6659,CWE-787,"static SDL_Surface* Create_Surface_Solid(int width, int height, SDL_Color fg, Uint32 *color) { const int alignment = Get_Alignement() - 1; SDL_Surface *textbuf; Sint64 size; void *pixels, *ptr; Sint64 pitch = width + alignment; pitch += alignment; pitch &= ~alignment; size = height * pitch + sizeof (void *) + alignment; if (size < 0 || size > SDL_MAX_SINT32) { return NULL; } ptr = SDL_malloc((size_t)size); if (ptr == NULL) { return NULL; } pixels = (void *)(((uintptr_t)ptr + sizeof(void *) + alignment) & ~alignment); ((void **)pixels)[-1] = ptr; textbuf = SDL_CreateRGBSurfaceWithFormatFrom(pixels, width, height, 0, pitch, SDL_PIXELFORMAT_INDEX8); if (textbuf == NULL) { SDL_free(ptr); return NULL; } textbuf->flags &= ~SDL_PREALLOC; textbuf->flags |= SDL_SIMD_ALIGNED; SDL_memset(pixels, 0, height * pitch); *color = 1; { SDL_Palette *palette = textbuf->format->palette; palette->colors[0].r = 255 - fg.r; palette->colors[0].g = 255 - fg.g; palette->colors[0].b = 255 - fg.b; palette->colors[1].r = fg.r; palette->colors[1].g = fg.g; palette->colors[1].b = fg.b; palette->colors[1].a = fg.a; } SDL_SetColorKey(textbuf, SDL_TRUE, 0); return textbuf;",visit repo url,SDL_ttf.c,https://github.com/libsdl-org/SDL_ttf,46882434550889,1 978,CWE-269,"static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) { struct sock *sk = sock->sk; struct l2tp_session *session; struct l2tp_tunnel *tunnel; struct pppol2tp_session *ps; int val; int err; if (level != SOL_PPPOL2TP) return udp_prot.setsockopt(sk, level, optname, optval, optlen); if (optlen < sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; err = -ENOTCONN; if (sk->sk_user_data == NULL) goto end; err = -EBADF; session = pppol2tp_sock_to_session(sk); if (session == NULL) goto end; ps = l2tp_session_priv(session); if ((session->session_id == 0) && (session->peer_session_id == 0)) { err = -EBADF; tunnel = l2tp_sock_to_tunnel(ps->tunnel_sock); if (tunnel == NULL) goto end_put_sess; err = pppol2tp_tunnel_setsockopt(sk, tunnel, optname, val); sock_put(ps->tunnel_sock); } else err = pppol2tp_session_setsockopt(sk, session, optname, val); err = 0; end_put_sess: sock_put(sk); end: return err; }",visit repo url,net/l2tp/l2tp_ppp.c,https://github.com/torvalds/linux,247603547363620,1 602,['CWE-200'],"static void __init htab_finish_init(void) { extern unsigned int *htab_call_hpte_insert1; extern unsigned int *htab_call_hpte_insert2; extern unsigned int *htab_call_hpte_remove; extern unsigned int *htab_call_hpte_updatepp; #ifdef CONFIG_PPC_64K_PAGES extern unsigned int *ht64_call_hpte_insert1; extern unsigned int *ht64_call_hpte_insert2; extern unsigned int *ht64_call_hpte_remove; extern unsigned int *ht64_call_hpte_updatepp; make_bl(ht64_call_hpte_insert1, ppc_md.hpte_insert); make_bl(ht64_call_hpte_insert2, ppc_md.hpte_insert); make_bl(ht64_call_hpte_remove, ppc_md.hpte_remove); make_bl(ht64_call_hpte_updatepp, ppc_md.hpte_updatepp); #endif make_bl(htab_call_hpte_insert1, ppc_md.hpte_insert); make_bl(htab_call_hpte_insert2, ppc_md.hpte_insert); make_bl(htab_call_hpte_remove, ppc_md.hpte_remove); make_bl(htab_call_hpte_updatepp, ppc_md.hpte_updatepp); }",linux-2.6,,,139873521196194826938312733608951241364,0 533,CWE-264,"static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid, struct uid_gid_map *new_map) { if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) { u32 id = new_map->extent[0].lower_first; if (cap_setid == CAP_SETUID) { kuid_t uid = make_kuid(ns->parent, id); if (uid_eq(uid, current_fsuid())) return true; } else if (cap_setid == CAP_SETGID) { kgid_t gid = make_kgid(ns->parent, id); if (gid_eq(gid, current_fsgid())) return true; } } if (!cap_valid(cap_setid)) return true; if (ns_capable(ns->parent, cap_setid)) return true; return false; }",visit repo url,kernel/user_namespace.c,https://github.com/torvalds/linux,104330566866335,1 2849,CWE-787,"horizontalDifference16(unsigned short *ip, int n, int stride, unsigned short *wp, uint16 *From14) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) From14[(v) >> 2] mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,33444542816717,1 5697,['CWE-200'],"static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sockaddr_llc *uaddr = (struct sockaddr_llc *)msg->msg_name; const int nonblock = flags & MSG_DONTWAIT; struct sk_buff *skb = NULL; struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); size_t copied = 0; u32 peek_seq = 0; u32 *seq; unsigned long used; int target; long timeo; lock_sock(sk); copied = -ENOTCONN; if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) goto out; timeo = sock_rcvtimeo(sk, nonblock); seq = &llc->copied_seq; if (flags & MSG_PEEK) { peek_seq = llc->copied_seq; seq = &peek_seq; } target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); copied = 0; do { u32 offset; if (signal_pending(current)) { if (copied) break; copied = timeo ? sock_intr_errno(timeo) : -EAGAIN; break; } skb = skb_peek(&sk->sk_receive_queue); if (skb) { offset = *seq; goto found_ok_skb; } if (copied >= target && !sk->sk_backlog.tail) break; if (copied) { if (sk->sk_err || sk->sk_state == TCP_CLOSE || (sk->sk_shutdown & RCV_SHUTDOWN) || !timeo || (flags & MSG_PEEK)) break; } else { if (sock_flag(sk, SOCK_DONE)) break; if (sk->sk_err) { copied = sock_error(sk); break; } if (sk->sk_shutdown & RCV_SHUTDOWN) break; if (sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_CLOSE) { if (!sock_flag(sk, SOCK_DONE)) { copied = -ENOTCONN; break; } break; } if (!timeo) { copied = -EAGAIN; break; } } if (copied >= target) { release_sock(sk); lock_sock(sk); } else sk_wait_data(sk, &timeo); if ((flags & MSG_PEEK) && peek_seq != llc->copied_seq) { if (net_ratelimit()) printk(KERN_DEBUG ""LLC(%s:%d): Application "" ""bug, race in MSG_PEEK.\n"", current->comm, task_pid_nr(current)); peek_seq = llc->copied_seq; } continue; found_ok_skb: used = skb->len - offset; if (len < used) used = len; if (!(flags & MSG_TRUNC)) { int rc = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, used); if (rc) { if (!copied) copied = -EFAULT; break; } } *seq += used; copied += used; len -= used; if (!(flags & MSG_PEEK)) { sk_eat_skb(sk, skb, 0); *seq = 0; } if (sk->sk_type != SOCK_STREAM) goto copy_uaddr; if (used + offset < skb->len) continue; } while (len > 0); out: release_sock(sk); return copied; copy_uaddr: if (uaddr != NULL && skb != NULL) { memcpy(uaddr, llc_ui_skb_cb(skb), sizeof(*uaddr)); msg->msg_namelen = sizeof(*uaddr); } goto out; }",linux-2.6,,,130562314383448919135499583846418497765,0 1538,CWE-189,"void oz_hcd_get_desc_cnf(void *hport, u8 req_id, int status, const u8 *desc, int length, int offset, int total_size) { struct oz_port *port = hport; struct urb *urb; int err = 0; oz_dbg(ON, ""oz_hcd_get_desc_cnf length = %d offs = %d tot_size = %d\n"", length, offset, total_size); urb = oz_find_urb_by_id(port, 0, req_id); if (!urb) return; if (status == 0) { int copy_len; int required_size = urb->transfer_buffer_length; if (required_size > total_size) required_size = total_size; copy_len = required_size-offset; if (length <= copy_len) copy_len = length; memcpy(urb->transfer_buffer+offset, desc, copy_len); offset += copy_len; if (offset < required_size) { struct usb_ctrlrequest *setup = (struct usb_ctrlrequest *)urb->setup_packet; unsigned wvalue = le16_to_cpu(setup->wValue); if (oz_enqueue_ep_urb(port, 0, 0, urb, req_id)) err = -ENOMEM; else if (oz_usb_get_desc_req(port->hpd, req_id, setup->bRequestType, (u8)(wvalue>>8), (u8)wvalue, setup->wIndex, offset, required_size-offset)) { oz_dequeue_ep_urb(port, 0, 0, urb); err = -ENOMEM; } if (err == 0) return; } } urb->actual_length = total_size; oz_complete_urb(port->ozhcd->hcd, urb, 0); }",visit repo url,drivers/staging/ozwpan/ozhcd.c,https://github.com/torvalds/linux,232878740258261,1 3837,[],"void cap_task_reparent_to_init (struct task_struct *p) { cap_set_init_eff(p->cap_effective); cap_clear(p->cap_inheritable); cap_set_full(p->cap_permitted); p->securebits = SECUREBITS_DEFAULT; return; }",linux-2.6,,,317800580691893041579154414557427116983,0 4432,['CWE-264'],"static void sk_prot_free(struct proto *prot, struct sock *sk) { struct kmem_cache *slab; struct module *owner; owner = prot->owner; slab = prot->slab; security_sk_free(sk); if (slab != NULL) kmem_cache_free(slab, sk); else kfree(sk); module_put(owner); }",linux-2.6,,,148586212992357459148535801673920161318,0 3273,['CWE-189'],"jas_seq2d_t *jas_seq2d_copy(jas_seq2d_t *x) { jas_matrix_t *y; int i; int j; y = jas_seq2d_create(jas_seq2d_xstart(x), jas_seq2d_ystart(x), jas_seq2d_xend(x), jas_seq2d_yend(x)); assert(y); for (i = 0; i < x->numrows_; ++i) { for (j = 0; j < x->numcols_; ++j) { *jas_matrix_getref(y, i, j) = jas_matrix_get(x, i, j); } } return y; }",jasper,,,254211620374541703406598029013039408306,0 1264,NVD-CWE-Other,"u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, __be16 dport) { struct keydata *keyptr = get_keyptr(); u32 hash[12]; memcpy(hash, saddr, 16); hash[4] = (__force u32)dport; memcpy(&hash[5], keyptr->secret, sizeof(__u32) * 7); return twothirdsMD4Transform((const __u32 *)daddr, hash); }",visit repo url,drivers/char/random.c,https://github.com/torvalds/linux,6822474168921,1 1723,[]," __acquires(rq2->lock) { BUG_ON(!irqs_disabled()); if (rq1 == rq2) { spin_lock(&rq1->lock); __acquire(rq2->lock); } else { if (rq1 < rq2) { spin_lock(&rq1->lock); spin_lock(&rq2->lock); } else { spin_lock(&rq2->lock); spin_lock(&rq1->lock); } } update_rq_clock(rq1); update_rq_clock(rq2); }",linux-2.6,,,128261966043957303577697772168786870206,0 534,['CWE-399'],"static unsigned int pwc_video_poll(struct file *file, poll_table *wait) { struct video_device *vdev = file->private_data; struct pwc_device *pdev; if (vdev == NULL) return -EFAULT; pdev = vdev->priv; if (pdev == NULL) return -EFAULT; poll_wait(file, &pdev->frameq, wait); if (pdev->error_status) return POLLERR; if (pdev->full_frames != NULL) return (POLLIN | POLLRDNORM); return 0; }",linux-2.6,,,333406196361167327965026772227899910764,0 348,['CWE-20'],"static inline int put_stack_long(struct task_struct *task, int offset, unsigned long data) { unsigned char * stack; stack = (unsigned char *)task->thread.esp0 - sizeof(struct pt_regs); stack += offset; *(unsigned long *) stack = data; return 0; }",linux-2.6,,,338954615957823473631284123332864926447,0 5835,CWE-125,"PJ_DEF(void) pjmedia_rtcp_rx_rtcp( pjmedia_rtcp_session *sess, const void *pkt, pj_size_t size) { pj_uint8_t *p, *p_end; p = (pj_uint8_t*)pkt; p_end = p + size; while (p < p_end) { pjmedia_rtcp_common *common = (pjmedia_rtcp_common*)p; unsigned len; len = (pj_ntohs((pj_uint16_t)common->length)+1) * 4; if (p + len > p_end) break; switch(common->pt) { case RTCP_SR: case RTCP_RR: case RTCP_XR: parse_rtcp_report(sess, p, len); break; case RTCP_SDES: parse_rtcp_sdes(sess, p, len); break; case RTCP_BYE: parse_rtcp_bye(sess, p, len); break; case RTCP_RTPFB: case RTCP_PSFB: parse_rtcp_fb(sess, p, len); break; default: TRACE_((sess->name, ""Received unknown RTCP packet type=%d"", common->pt)); break; } p += len; } }",visit repo url,pjmedia/src/pjmedia/rtcp.c,https://github.com/pjsip/pjproject,106824608984709,1 1697,CWE-399,"void unix_notinflight(struct file *fp) { struct sock *s = unix_get_socket(fp); spin_lock(&unix_gc_lock); if (s) { struct unix_sock *u = unix_sk(s); BUG_ON(list_empty(&u->link)); if (atomic_long_dec_and_test(&u->inflight)) list_del_init(&u->link); unix_tot_inflight--; } fp->f_cred->user->unix_inflight--; spin_unlock(&unix_gc_lock); }",visit repo url,net/unix/garbage.c,https://github.com/torvalds/linux,62746775538748,1 4447,CWE-125,"int cli_scanxar(cli_ctx *ctx) { int rc = CL_SUCCESS; unsigned int cksum_fails = 0; unsigned int extract_errors = 0; #if HAVE_LIBXML2 int fd = -1; struct xar_header hdr; fmap_t *map = *ctx->fmap; long length, offset, size, at; int encoding; z_stream strm; char *toc, *tmpname; xmlTextReaderPtr reader = NULL; int a_hash, e_hash; unsigned char *a_cksum = NULL, *e_cksum = NULL; void *a_hash_ctx = NULL, *e_hash_ctx = NULL; char result[SHA1_HASH_SIZE]; memset(&strm, 0x00, sizeof(z_stream)); if (fmap_readn(*ctx->fmap, &hdr, 0, sizeof(hdr)) != sizeof(hdr)) { cli_dbgmsg(""cli_scanxar: Invalid header, too short.\n""); return CL_EFORMAT; } hdr.magic = be32_to_host(hdr.magic); if (hdr.magic == XAR_HEADER_MAGIC) { cli_dbgmsg(""cli_scanxar: Matched magic\n""); } else { cli_dbgmsg(""cli_scanxar: Invalid magic\n""); return CL_EFORMAT; } hdr.size = be16_to_host(hdr.size); hdr.version = be16_to_host(hdr.version); hdr.toc_length_compressed = be64_to_host(hdr.toc_length_compressed); hdr.toc_length_decompressed = be64_to_host(hdr.toc_length_decompressed); hdr.chksum_alg = be32_to_host(hdr.chksum_alg); strm.next_in = (unsigned char *)fmap_need_off_once(*ctx->fmap, hdr.size, hdr.toc_length_compressed); if (strm.next_in == NULL) { cli_dbgmsg(""cli_scanxar: fmap_need_off_once fails on TOC.\n""); return CL_EREAD; } strm.avail_in = hdr.toc_length_compressed; toc = cli_malloc(hdr.toc_length_decompressed+1); if (toc == NULL) { cli_dbgmsg(""cli_scanxar: cli_malloc fails on TOC decompress buffer.\n""); return CL_EMEM; } toc[hdr.toc_length_decompressed] = '\0'; strm.avail_out = hdr.toc_length_decompressed; strm.next_out = (unsigned char *)toc; rc = inflateInit(&strm); if (rc != Z_OK) { cli_dbgmsg(""cli_scanxar:inflateInit error %i \n"", rc); rc = CL_EFORMAT; goto exit_toc; } rc = inflate(&strm, Z_SYNC_FLUSH); if (rc != Z_OK && rc != Z_STREAM_END) { cli_dbgmsg(""cli_scanxar:inflate error %i \n"", rc); rc = CL_EFORMAT; goto exit_toc; } rc = inflateEnd(&strm); if (rc != Z_OK) { cli_dbgmsg(""cli_scanxar:inflateEnd error %i \n"", rc); rc = CL_EFORMAT; goto exit_toc; } cli_dbgmsg(""cli_scanxar: scanning xar TOC xml in memory.\n""); rc = cli_mem_scandesc(toc, hdr.toc_length_decompressed, ctx); if (rc != CL_SUCCESS) { if (rc != CL_VIRUS || !SCAN_ALL) goto exit_toc; } if(ctx->engine->keeptmp) { if ((rc = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &fd)) != CL_SUCCESS) { cli_dbgmsg(""cli_scanxar: Can't create temporary file for TOC.\n""); goto exit_toc; } if (cli_writen(fd, toc, hdr.toc_length_decompressed) < 0) { cli_dbgmsg(""cli_scanxar: cli_writen error writing TOC.\n""); rc = CL_EWRITE; xar_cleanup_temp_file(ctx, fd, tmpname); goto exit_toc; } rc = xar_cleanup_temp_file(ctx, fd, tmpname); if (rc != CL_SUCCESS) goto exit_toc; } reader = xmlReaderForMemory(toc, hdr.toc_length_decompressed, ""noname.xml"", NULL, CLAMAV_MIN_XMLREADER_FLAGS); if (reader == NULL) { cli_dbgmsg(""cli_scanxar: xmlReaderForMemory error for TOC\n""); goto exit_toc; } rc = xar_scan_subdocuments(reader, ctx); if (rc != CL_SUCCESS) { cli_dbgmsg(""xar_scan_subdocuments returns %i.\n"", rc); goto exit_reader; } fd = -1; tmpname = NULL; while (CL_SUCCESS == (rc = xar_get_toc_data_values(reader, &length, &offset, &size, &encoding, &a_cksum, &a_hash, &e_cksum, &e_hash))) { int do_extract_cksum = 1; unsigned char * blockp; void *a_sc, *e_sc; void *a_mc, *e_mc; char * expected; if (fd > -1 && tmpname) { rc = xar_cleanup_temp_file(ctx, fd, tmpname); if (rc != CL_SUCCESS) goto exit_reader; } at = offset + hdr.toc_length_compressed + hdr.size; if ((rc = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &fd)) != CL_SUCCESS) { cli_dbgmsg(""cli_scanxar: Can't generate temporary file.\n""); goto exit_reader; } cli_dbgmsg(""cli_scanxar: decompress into temp file:\n%s, size %li,\n"" ""from xar heap offset %li length %li\n"", tmpname, size, offset, length); a_hash_ctx = xar_hash_init(a_hash, &a_sc, &a_mc); e_hash_ctx = xar_hash_init(e_hash, &e_sc, &e_mc); switch (encoding) { case CL_TYPE_GZ: memset(&strm, 0, sizeof(strm)); if ((rc = inflateInit(&strm)) != Z_OK) { cli_dbgmsg(""cli_scanxar: InflateInit failed: %d\n"", rc); rc = CL_EFORMAT; extract_errors++; break; } while ((size_t)at < map->len && (unsigned long)at < offset+hdr.toc_length_compressed+hdr.size+length) { unsigned long avail_in; void * next_in; unsigned int bytes = MIN(map->len - at, map->pgsz); bytes = MIN(length, bytes); if(!(strm.next_in = next_in = (void*)fmap_need_off_once(map, at, bytes))) { cli_dbgmsg(""cli_scanxar: Can't read %u bytes @ %lu.\n"", bytes, (long unsigned)at); inflateEnd(&strm); rc = CL_EREAD; goto exit_tmpfile; } at += bytes; strm.avail_in = avail_in = bytes; do { int inf, outsize = 0; unsigned char buff[FILEBUFF]; strm.avail_out = sizeof(buff); strm.next_out = buff; inf = inflate(&strm, Z_SYNC_FLUSH); if (inf != Z_OK && inf != Z_STREAM_END && inf != Z_BUF_ERROR) { cli_dbgmsg(""cli_scanxar: inflate error %i %s.\n"", inf, strm.msg?strm.msg:""""); rc = CL_EFORMAT; extract_errors++; break; } bytes = sizeof(buff) - strm.avail_out; if (e_hash_ctx != NULL) xar_hash_update(e_hash_ctx, buff, bytes, e_hash); if (cli_writen(fd, buff, bytes) < 0) { cli_dbgmsg(""cli_scanxar: cli_writen error file %s.\n"", tmpname); inflateEnd(&strm); rc = CL_EWRITE; goto exit_tmpfile; } outsize += sizeof(buff) - strm.avail_out; if (cli_checklimits(""cli_scanxar"", ctx, outsize, 0, 0) != CL_CLEAN) { break; } if (inf == Z_STREAM_END) { break; } } while (strm.avail_out == 0); if (rc != CL_SUCCESS) break; avail_in -= strm.avail_in; if (a_hash_ctx != NULL) xar_hash_update(a_hash_ctx, next_in, avail_in, a_hash); } inflateEnd(&strm); break; case CL_TYPE_7Z: #define CLI_LZMA_OBUF_SIZE 1024*1024 #define CLI_LZMA_HDR_SIZE LZMA_PROPS_SIZE+8 #define CLI_LZMA_IBUF_SIZE CLI_LZMA_OBUF_SIZE>>2 { struct CLI_LZMA lz; unsigned long in_remaining = length; unsigned long out_size = 0; unsigned char * buff = __lzma_wrap_alloc(NULL, CLI_LZMA_OBUF_SIZE); int lret; memset(&lz, 0, sizeof(lz)); if (buff == NULL) { cli_dbgmsg(""cli_scanxar: memory request for lzma decompression buffer fails.\n""); rc = CL_EMEM; goto exit_tmpfile; } blockp = (void*)fmap_need_off_once(map, at, CLI_LZMA_HDR_SIZE); if (blockp == NULL) { char errbuff[128]; cli_strerror(errno, errbuff, sizeof(errbuff)); cli_dbgmsg(""cli_scanxar: Can't read %li bytes @ %li, errno:%s.\n"", length, at, errbuff); rc = CL_EREAD; __lzma_wrap_free(NULL, buff); goto exit_tmpfile; } lz.next_in = blockp; lz.avail_in = CLI_LZMA_HDR_SIZE; if (a_hash_ctx != NULL) xar_hash_update(a_hash_ctx, blockp, CLI_LZMA_HDR_SIZE, a_hash); lret = cli_LzmaInit(&lz, 0); if (lret != LZMA_RESULT_OK) { cli_dbgmsg(""cli_scanxar: cli_LzmaInit() fails: %i.\n"", lret); rc = CL_EFORMAT; __lzma_wrap_free(NULL, buff); extract_errors++; break; } at += CLI_LZMA_HDR_SIZE; in_remaining -= CLI_LZMA_HDR_SIZE; while ((size_t)at < map->len && (unsigned long)at < offset+hdr.toc_length_compressed+hdr.size+length) { SizeT avail_in; SizeT avail_out; void * next_in; unsigned long in_consumed; lz.next_out = buff; lz.avail_out = CLI_LZMA_OBUF_SIZE; lz.avail_in = avail_in = MIN(CLI_LZMA_IBUF_SIZE, in_remaining); lz.next_in = next_in = (void*)fmap_need_off_once(map, at, lz.avail_in); if (lz.next_in == NULL) { char errbuff[128]; cli_strerror(errno, errbuff, sizeof(errbuff)); cli_dbgmsg(""cli_scanxar: Can't read %li bytes @ %li, errno: %s.\n"", length, at, errbuff); rc = CL_EREAD; __lzma_wrap_free(NULL, buff); cli_LzmaShutdown(&lz); goto exit_tmpfile; } lret = cli_LzmaDecode(&lz); if (lret != LZMA_RESULT_OK && lret != LZMA_STREAM_END) { cli_dbgmsg(""cli_scanxar: cli_LzmaDecode() fails: %i.\n"", lret); rc = CL_EFORMAT; extract_errors++; break; } in_consumed = avail_in - lz.avail_in; in_remaining -= in_consumed; at += in_consumed; avail_out = CLI_LZMA_OBUF_SIZE - lz.avail_out; if (avail_out == 0) cli_dbgmsg(""cli_scanxar: cli_LzmaDecode() produces no output for "" ""avail_in %llu, avail_out %llu.\n"", (long long unsigned)avail_in, (long long unsigned)avail_out); if (a_hash_ctx != NULL) xar_hash_update(a_hash_ctx, next_in, in_consumed, a_hash); if (e_hash_ctx != NULL) xar_hash_update(e_hash_ctx, buff, avail_out, e_hash); if (cli_writen(fd, buff, avail_out) < 0) { cli_dbgmsg(""cli_scanxar: cli_writen error writing lzma temp file for %llu bytes.\n"", (long long unsigned)avail_out); __lzma_wrap_free(NULL, buff); cli_LzmaShutdown(&lz); rc = CL_EWRITE; goto exit_tmpfile; } out_size += avail_out; if (cli_checklimits(""cli_scanxar"", ctx, out_size, 0, 0) != CL_CLEAN) { break; } if (lret == LZMA_STREAM_END) break; } cli_LzmaShutdown(&lz); __lzma_wrap_free(NULL, buff); } break; case CL_TYPE_ANY: default: case CL_TYPE_BZ: case CL_TYPE_XZ: do_extract_cksum = 0; { unsigned long write_len; if (ctx->engine->maxfilesize) write_len = MIN((size_t)(ctx->engine->maxfilesize), (size_t)length); else write_len = length; if (!(blockp = (void*)fmap_need_off_once(map, at, length))) { char errbuff[128]; cli_strerror(errno, errbuff, sizeof(errbuff)); cli_dbgmsg(""cli_scanxar: Can't read %li bytes @ %li, errno:%s.\n"", length, at, errbuff); rc = CL_EREAD; goto exit_tmpfile; } if (a_hash_ctx != NULL) xar_hash_update(a_hash_ctx, blockp, length, a_hash); if (cli_writen(fd, blockp, write_len) < 0) { cli_dbgmsg(""cli_scanxar: cli_writen error %li bytes @ %li.\n"", length, at); rc = CL_EWRITE; goto exit_tmpfile; } } } if (rc == CL_SUCCESS) { if (a_hash_ctx != NULL) { xar_hash_final(a_hash_ctx, result, a_hash); a_hash_ctx = NULL; } else { cli_dbgmsg(""cli_scanxar: archived-checksum missing.\n""); cksum_fails++; } if (a_cksum != NULL) { expected = cli_hex2str((char *)a_cksum); if (xar_hash_check(a_hash, result, expected) != 0) { cli_dbgmsg(""cli_scanxar: archived-checksum mismatch.\n""); cksum_fails++; } else { cli_dbgmsg(""cli_scanxar: archived-checksum matched.\n""); } free(expected); } if (e_hash_ctx != NULL) { xar_hash_final(e_hash_ctx, result, e_hash); e_hash_ctx = NULL; } else { cli_dbgmsg(""cli_scanxar: extracted-checksum(unarchived-checksum) missing.\n""); cksum_fails++; } if (e_cksum != NULL) { if (do_extract_cksum) { expected = cli_hex2str((char *)e_cksum); if (xar_hash_check(e_hash, result, expected) != 0) { cli_dbgmsg(""cli_scanxar: extracted-checksum mismatch.\n""); cksum_fails++; } else { cli_dbgmsg(""cli_scanxar: extracted-checksum matched.\n""); } free(expected); } } rc = cli_magic_scandesc(fd, ctx); if (rc != CL_SUCCESS) { if (rc == CL_VIRUS) { cli_dbgmsg(""cli_scanxar: Infected with %s\n"", cli_get_last_virus(ctx)); if (!SCAN_ALL) goto exit_tmpfile; } else if (rc != CL_BREAK) { cli_dbgmsg(""cli_scanxar: cli_magic_scandesc error %i\n"", rc); goto exit_tmpfile; } } } if (a_cksum != NULL) { xmlFree(a_cksum); a_cksum = NULL; } if (e_cksum != NULL) { xmlFree(e_cksum); e_cksum = NULL; } } exit_tmpfile: xar_cleanup_temp_file(ctx, fd, tmpname); if (a_hash_ctx != NULL) xar_hash_final(a_hash_ctx, result, a_hash); if (e_hash_ctx != NULL) xar_hash_final(e_hash_ctx, result, e_hash); exit_reader: if (a_cksum != NULL) xmlFree(a_cksum); if (e_cksum != NULL) xmlFree(e_cksum); xmlTextReaderClose(reader); xmlFreeTextReader(reader); exit_toc: free(toc); if (rc == CL_BREAK) rc = CL_SUCCESS; #else cli_dbgmsg(""cli_scanxar: can't scan xar files, need libxml2.\n""); #endif if (cksum_fails + extract_errors != 0) { cli_warnmsg(""cli_scanxar: %u checksum errors and %u extraction errors, use --debug for more info.\n"", cksum_fails, extract_errors); } return rc; }",visit repo url,libclamav/xar.c,https://github.com/Cisco-Talos/clamav-devel,170353876426416,1 4218,CWE-125,"struct r_bin_dyldcache_obj_t* r_bin_dyldcache_from_bytes_new(const ut8* buf, ut64 size) { struct r_bin_dyldcache_obj_t *bin; if (!(bin = malloc (sizeof (struct r_bin_dyldcache_obj_t)))) { return NULL; } memset (bin, 0, sizeof (struct r_bin_dyldcache_obj_t)); if (!buf) { return r_bin_dyldcache_free (bin); } bin->b = r_buf_new(); if (!r_buf_set_bytes (bin->b, buf, size)) { return r_bin_dyldcache_free (bin); } if (!r_bin_dyldcache_init (bin)) { return r_bin_dyldcache_free (bin); } bin->size = size; return bin; }",visit repo url,libr/bin/format/mach0/dyldcache.c,https://github.com/radareorg/radare2,50199694288432,1 4170,['CWE-399'],"static int is_mdns_mcast_address(const AvahiAddress *a) { AvahiAddress b; assert(a); avahi_address_parse(a->proto == AVAHI_PROTO_INET ? AVAHI_IPV4_MCAST_GROUP : AVAHI_IPV6_MCAST_GROUP, a->proto, &b); return avahi_address_cmp(a, &b) == 0; }",avahi,,,266532328501494538938986388912537679036,0 6525,CWE-125,"MOBI_RET mobi_search_links_kf7(MOBIResult *result, const unsigned char *data_start, const unsigned char *data_end) { if (!result) { debug_print(""Result structure is null%s"", ""\n""); return MOBI_PARAM_ERR; } result->start = result->end = NULL; *(result->value) = '\0'; if (!data_start || !data_end) { debug_print(""Data is null%s"", ""\n""); return MOBI_PARAM_ERR; } const char *needle1 = ""filepos=""; const char *needle2 = ""recindex=""; const size_t needle1_length = strlen(needle1); const size_t needle2_length = strlen(needle2); const size_t needle_length = max(needle1_length,needle2_length); if (data_start + needle_length > data_end) { return MOBI_SUCCESS; } unsigned char *data = (unsigned char *) data_start; const unsigned char tag_open = '<'; const unsigned char tag_close = '>'; unsigned char last_border = tag_open; while (data <= data_end) { if (*data == tag_open || *data == tag_close) { last_border = *data; } if (data + needle_length <= data_end && (memcmp(data, needle1, needle1_length) == 0 || memcmp(data, needle2, needle2_length) == 0)) { if (last_border != tag_open) { data += needle_length; continue; } while (data >= data_start && !isspace(*data) && *data != tag_open) { data--; } result->start = ++data; int i = 0; while (data <= data_end && !isspace(*data) && *data != tag_close && i < MOBI_ATTRVALUE_MAXSIZE) { result->value[i++] = (char) *data++; } if (*(data - 1) == '/' && *data == '>') { --data; --i; } result->end = data; result->value[i] = '\0'; return MOBI_SUCCESS; } data++; } return MOBI_SUCCESS; }",visit repo url,src/parse_rawml.c,https://github.com/bfabiszewski/libmobi,103044538538743,1 2575,CWE-120,"static size_t send_control_msg(VirtIOSerial *vser, void *buf, size_t len) { VirtQueueElement elem; VirtQueue *vq; vq = vser->c_ivq; if (!virtio_queue_ready(vq)) { return 0; } if (!virtqueue_pop(vq, &elem)) { return 0; } memcpy(elem.in_sg[0].iov_base, buf, len); virtqueue_push(vq, &elem, len); virtio_notify(VIRTIO_DEVICE(vser), vq); return len; }",visit repo url,hw/char/virtio-serial-bus.c,https://github.com/qemu/qemu,173486493519884,1 4578,['CWE-399'],"static void ext4_da_update_reserve_space(struct inode *inode, int used) { struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); int total, mdb, mdb_free; spin_lock(&EXT4_I(inode)->i_block_reservation_lock); total = EXT4_I(inode)->i_reserved_data_blocks - used; mdb = ext4_calc_metadata_amount(inode, total); BUG_ON(mdb > EXT4_I(inode)->i_reserved_meta_blocks); mdb_free = EXT4_I(inode)->i_reserved_meta_blocks - mdb; if (mdb_free) { mdb_free -= EXT4_I(inode)->i_allocated_meta_blocks; percpu_counter_sub(&sbi->s_dirtyblocks_counter, mdb_free); EXT4_I(inode)->i_allocated_meta_blocks = 0; EXT4_I(inode)->i_reserved_meta_blocks = mdb; } BUG_ON(used > EXT4_I(inode)->i_reserved_data_blocks); EXT4_I(inode)->i_reserved_data_blocks -= used; spin_unlock(&EXT4_I(inode)->i_block_reservation_lock); }",linux-2.6,,,303019751156189959098276584441653196913,0 361,[],"pfm_copy_pmcs(struct task_struct *task, pfm_context_t *ctx) { unsigned long mask = ctx->ctx_all_pmcs[0]; int i; DPRINT((""mask=0x%lx\n"", mask)); for (i=0; mask; i++, mask>>=1) { ctx->th_pmcs[i] = ctx->ctx_pmcs[i]; DPRINT((""pmc[%d]=0x%lx\n"", i, ctx->th_pmcs[i])); } }",linux-2.6,,,320876882185562610058872361793764811975,0 4807,CWE-119,"static int gemsafe_get_cert_len(sc_card_t *card) { int r; u8 ibuf[GEMSAFE_MAX_OBJLEN]; u8 *iptr; struct sc_path path; struct sc_file *file; size_t objlen, certlen; unsigned int ind, i=0; sc_format_path(GEMSAFE_PATH, &path); r = sc_select_file(card, &path, &file); if (r != SC_SUCCESS || !file) return SC_ERROR_INTERNAL; r = sc_read_binary(card, 0, ibuf, GEMSAFE_READ_QUANTUM, 0); if (r < 0) return SC_ERROR_INTERNAL; objlen = (((size_t) ibuf[0]) << 8) | ibuf[1]; sc_log(card->ctx, ""Stored object is of size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); if (objlen < 1 || objlen > GEMSAFE_MAX_OBJLEN) { sc_log(card->ctx, ""Invalid object size: %""SC_FORMAT_LEN_SIZE_T""u"", objlen); return SC_ERROR_INTERNAL; } ind = 2; while (ibuf[ind] == 0x01) { if (ibuf[ind+1] == 0xFE) { gemsafe_prkeys[i].ref = ibuf[ind+4]; sc_log(card->ctx, ""Key container %d is allocated and uses key_ref %d"", i+1, gemsafe_prkeys[i].ref); ind += 9; } else { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; sc_log(card->ctx, ""Key container %d is unallocated"", i+1); ind += 8; } i++; } for (; i < gemsafe_cert_max; i++) { gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } iptr = ibuf + GEMSAFE_READ_QUANTUM; while ((size_t)(iptr - ibuf) < objlen) { r = sc_read_binary(card, iptr - ibuf, iptr, MIN(GEMSAFE_READ_QUANTUM, objlen - (iptr - ibuf)), 0); if (r < 0) { sc_log(card->ctx, ""Could not read cert object""); return SC_ERROR_INTERNAL; } iptr += GEMSAFE_READ_QUANTUM; } i = 0; while (ind < objlen - 1) { if (ibuf[ind] == 0x30 && ibuf[ind+1] == 0x82) { while (i < gemsafe_cert_max && gemsafe_cert[i].label == NULL) i++; if (i == gemsafe_cert_max) { sc_log(card->ctx, ""Warning: Found orphaned certificate at offset %d"", ind); return SC_SUCCESS; } if (ind+3 >= sizeof ibuf) return SC_ERROR_INVALID_DATA; certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4; sc_log(card->ctx, ""Found certificate of key container %d at offset %d, len %""SC_FORMAT_LEN_SIZE_T""u"", i+1, ind, certlen); gemsafe_cert[i].index = ind; gemsafe_cert[i].count = certlen; ind += certlen; i++; } else ind++; } for (; i < gemsafe_cert_max; i++) { if (gemsafe_cert[i].label) { sc_log(card->ctx, ""Warning: Certificate of key container %d is missing"", i+1); gemsafe_prkeys[i].label = NULL; gemsafe_cert[i].label = NULL; } } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-gemsafeV1.c,https://github.com/OpenSC/OpenSC,187411920034295,1 3485,['CWE-20'],"sctp_disposition_t sctp_sf_timer_ignore(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { SCTP_DEBUG_PRINTK(""Timer %d ignored.\n"", type.chunk); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,248020142285662283044137127317951416316,0 3372,['CWE-399'],"static long vmsplice_to_pipe(struct file *file, const struct iovec __user *iov, unsigned long nr_segs, unsigned int flags) { struct pipe_inode_info *pipe; struct page *pages[PIPE_BUFFERS]; struct partial_page partial[PIPE_BUFFERS]; struct splice_pipe_desc spd = { .pages = pages, .partial = partial, .flags = flags, .ops = &user_page_pipe_buf_ops, }; pipe = pipe_info(file->f_path.dentry->d_inode); if (!pipe) return -EBADF; spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial, flags & SPLICE_F_GIFT); if (spd.nr_pages <= 0) return spd.nr_pages; return splice_to_pipe(pipe, &spd); }",linux-2.6,,,319687779286017346888206131066609814560,0 3961,['CWE-362'],"static struct audit_parent *audit_init_parent(struct nameidata *ndp) { struct audit_parent *parent; s32 wd; parent = kzalloc(sizeof(*parent), GFP_KERNEL); if (unlikely(!parent)) return ERR_PTR(-ENOMEM); INIT_LIST_HEAD(&parent->watches); parent->flags = 0; inotify_init_watch(&parent->wdata); get_inotify_watch(&parent->wdata); wd = inotify_add_watch(audit_ih, &parent->wdata, ndp->path.dentry->d_inode, AUDIT_IN_WATCH); if (wd < 0) { audit_free_parent(&parent->wdata); return ERR_PTR(wd); } return parent; }",linux-2.6,,,264746240600137811601078911272322019705,0 4522,CWE-190,"static void lsr_read_extend_class(GF_LASeRCodec *lsr, char **out_data, u32 *out_len, const char *name) { u32 len; GF_LSR_READ_INT(lsr, len, lsr->info->cfg.extensionIDBits, ""reserved""); len = lsr_read_vluimsbf5(lsr, ""len""); gf_bs_read_long_int(lsr->bs, len); if (out_data) *out_data = NULL; if (out_len) *out_len = 0; }",visit repo url,src/laser/lsr_dec.c,https://github.com/gpac/gpac,198836567766247,1 3066,CWE-190,"static int xbuf_format_converter(char **outbuf, const char *fmt, va_list ap) { register char *s = nullptr; char *q; int s_len; register int min_width = 0; int precision = 0; enum { LEFT, RIGHT } adjust; char pad_char; char prefix_char; double fp_num; wide_int i_num = (wide_int) 0; u_wide_int ui_num; char num_buf[NUM_BUF_SIZE]; char char_buf[2]; #ifdef HAVE_LOCALE_H struct lconv *lconv = nullptr; #endif length_modifier_e modifier; boolean_e alternate_form; boolean_e print_sign; boolean_e print_blank; boolean_e adjust_precision; boolean_e adjust_width; int is_negative; int size = 240; char *result = (char *)malloc(size); int outpos = 0; while (*fmt) { if (*fmt != '%') { appendchar(&result, &outpos, &size, *fmt); } else { adjust = RIGHT; alternate_form = print_sign = print_blank = NO; pad_char = ' '; prefix_char = NUL; fmt++; if (isascii((int)*fmt) && !islower((int)*fmt)) { for (;; fmt++) { if (*fmt == '-') adjust = LEFT; else if (*fmt == '+') print_sign = YES; else if (*fmt == '#') alternate_form = YES; else if (*fmt == ' ') print_blank = YES; else if (*fmt == '0') pad_char = '0'; else break; } if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, min_width); adjust_width = YES; } else if (*fmt == '*') { min_width = va_arg(ap, int); fmt++; adjust_width = YES; if (min_width < 0) { adjust = LEFT; min_width = -min_width; } } else adjust_width = NO; if (*fmt == '.') { adjust_precision = YES; fmt++; if (isdigit((int)*fmt)) { STR_TO_DEC(fmt, precision); } else if (*fmt == '*') { precision = va_arg(ap, int); fmt++; if (precision < 0) precision = 0; } else precision = 0; } else adjust_precision = NO; } else adjust_precision = adjust_width = NO; switch (*fmt) { case 'L': fmt++; modifier = LM_LONG_DOUBLE; break; case 'I': fmt++; #if SIZEOF_LONG_LONG if (*fmt == '6' && *(fmt+1) == '4') { fmt += 2; modifier = LM_LONG_LONG; } else #endif if (*fmt == '3' && *(fmt+1) == '2') { fmt += 2; modifier = LM_LONG; } else { #ifdef _WIN64 modifier = LM_LONG_LONG; #else modifier = LM_LONG; #endif } break; case 'l': fmt++; #if SIZEOF_LONG_LONG if (*fmt == 'l') { fmt++; modifier = LM_LONG_LONG; } else #endif modifier = LM_LONG; break; case 'z': fmt++; modifier = LM_SIZE_T; break; case 'j': fmt++; #if SIZEOF_INTMAX_T modifier = LM_INTMAX_T; #else modifier = LM_SIZE_T; #endif break; case 't': fmt++; #if SIZEOF_PTRDIFF_T modifier = LM_PTRDIFF_T; #else modifier = LM_SIZE_T; #endif break; case 'h': fmt++; if (*fmt == 'h') { fmt++; } default: modifier = LM_STD; break; } switch (*fmt) { case 'u': switch(modifier) { default: i_num = (wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: i_num = (wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } case 'd': case 'i': if ((*fmt) != 'u') { switch(modifier) { default: i_num = (wide_int) va_arg(ap, int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: i_num = (wide_int) va_arg(ap, long int); break; case LM_SIZE_T: #if SIZEOF_SSIZE_T i_num = (wide_int) va_arg(ap, ssize_t); #else i_num = (wide_int) va_arg(ap, size_t); #endif break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: i_num = (wide_int) va_arg(ap, wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: i_num = (wide_int) va_arg(ap, intmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: i_num = (wide_int) va_arg(ap, ptrdiff_t); break; #endif } } s = ap_php_conv_10(i_num, (*fmt) == 'u', &is_negative, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (*fmt != 'u') { if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'o': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 3, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && *s != '0') { *--s = '0'; s_len++; } break; case 'x': case 'X': switch(modifier) { default: ui_num = (u_wide_int) va_arg(ap, unsigned int); break; case LM_LONG_DOUBLE: goto fmt_error; case LM_LONG: ui_num = (u_wide_int) va_arg(ap, unsigned long int); break; case LM_SIZE_T: ui_num = (u_wide_int) va_arg(ap, size_t); break; #if SIZEOF_LONG_LONG case LM_LONG_LONG: ui_num = (u_wide_int) va_arg(ap, u_wide_int); break; #endif #if SIZEOF_INTMAX_T case LM_INTMAX_T: ui_num = (u_wide_int) va_arg(ap, uintmax_t); break; #endif #if SIZEOF_PTRDIFF_T case LM_PTRDIFF_T: ui_num = (u_wide_int) va_arg(ap, ptrdiff_t); break; #endif } s = ap_php_conv_p2(ui_num, 4, *fmt, &num_buf[NUM_BUF_SIZE], &s_len); FIX_PRECISION(adjust_precision, precision, s, s_len); if (alternate_form && i_num != 0) { *--s = *fmt; *--s = '0'; s_len += 2; } break; case 's': case 'v': s = va_arg(ap, char *); if (s != nullptr) { s_len = strlen(s); if (adjust_precision && precision < s_len) s_len = precision; } else { s = const_cast(s_null); s_len = S_NULL_LEN; } pad_char = ' '; break; case 'f': case 'F': case 'e': case 'E': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""nan""); s_len = 3; } else if (std::isinf(fp_num)) { s = const_cast(""inf""); s_len = 3; } else { #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_conv_fp((*fmt == 'f')?'F':*fmt, fp_num, alternate_form, (adjust_precision == NO) ? FLOAT_DIGITS : precision, (*fmt == 'f')?LCONV_DECIMAL_POINT:'.', &is_negative, &num_buf[1], &s_len); if (is_negative) prefix_char = '-'; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; } break; case 'g': case 'k': case 'G': case 'H': switch(modifier) { case LM_LONG_DOUBLE: fp_num = (double) va_arg(ap, long double); break; case LM_STD: fp_num = va_arg(ap, double); break; default: goto fmt_error; } if (std::isnan(fp_num)) { s = const_cast(""NAN""); s_len = 3; break; } else if (std::isinf(fp_num)) { if (fp_num > 0) { s = const_cast(""INF""); s_len = 3; } else { s = const_cast(""-INF""); s_len = 4; } break; } if (adjust_precision == NO) precision = FLOAT_DIGITS; else if (precision == 0) precision = 1; #ifdef HAVE_LOCALE_H if (!lconv) { lconv = localeconv(); } #endif s = php_gcvt(fp_num, precision, (*fmt=='H' || *fmt == 'k') ? '.' : LCONV_DECIMAL_POINT, (*fmt == 'G' || *fmt == 'H')?'E':'e', &num_buf[1]); if (*s == '-') prefix_char = *s++; else if (print_sign) prefix_char = '+'; else if (print_blank) prefix_char = ' '; s_len = strlen(s); if (alternate_form && (q = strchr(s, '.')) == nullptr) s[s_len++] = '.'; break; case 'c': char_buf[0] = (char) (va_arg(ap, int)); s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case '%': char_buf[0] = '%'; s = &char_buf[0]; s_len = 1; pad_char = ' '; break; case 'n': *(va_arg(ap, int *)) = outpos; goto skip_output; case 'p': if (sizeof(char *) <= sizeof(u_wide_int)) { ui_num = (u_wide_int)((size_t) va_arg(ap, char *)); s = ap_php_conv_p2(ui_num, 4, 'x', &num_buf[NUM_BUF_SIZE], &s_len); if (ui_num != 0) { *--s = 'x'; *--s = '0'; s_len += 2; } } else { s = const_cast(""%p""); s_len = 2; } pad_char = ' '; break; case NUL: continue; fmt_error: throw Exception(""Illegal length modifier specified '%c'"", *fmt); default: char_buf[0] = '%'; char_buf[1] = *fmt; s = char_buf; s_len = 2; pad_char = ' '; break; } if (prefix_char != NUL) { *--s = prefix_char; s_len++; } if (adjust_width && adjust == RIGHT && min_width > s_len) { if (pad_char == '0' && prefix_char != NUL) { appendchar(&result, &outpos, &size, *s); s++; s_len--; min_width--; } for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } appendsimplestring(&result, &outpos, &size, s, s_len); if (adjust_width && adjust == LEFT && min_width > s_len) { for (int i = 0; i < min_width - s_len; i++) { appendchar(&result, &outpos, &size, pad_char); } } } skip_output: fmt++; } result[outpos] = NUL; *outbuf = result; return outpos; }",visit repo url,hphp/zend/zend-printf.cpp,https://github.com/facebook/hhvm,58531151562577,1 5057,CWE-787,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 1429,CWE-20,"static ext3_fsblk_t get_sb_block(void **data, struct super_block *sb) { ext3_fsblk_t sb_block; char *options = (char *) *data; if (!options || strncmp(options, ""sb="", 3) != 0) return 1; options += 3; sb_block = simple_strtoul(options, &options, 0); if (*options && *options != ',') { ext3_msg(sb, ""error: invalid sb specification: %s"", (char *) *data); return 1; } if (*options == ',') options++; *data = (void *) options; return sb_block; }",visit repo url,fs/ext3/super.c,https://github.com/torvalds/linux,25533115275265,1 4677,['CWE-399'],"static void ext4_clear_blocks(handle_t *handle, struct inode *inode, struct buffer_head *bh, ext4_fsblk_t block_to_free, unsigned long count, __le32 *first, __le32 *last) { __le32 *p; if (try_to_extend_transaction(handle, inode)) { if (bh) { BUFFER_TRACE(bh, ""call ext4_handle_dirty_metadata""); ext4_handle_dirty_metadata(handle, inode, bh); } ext4_mark_inode_dirty(handle, inode); ext4_journal_test_restart(handle, inode); if (bh) { BUFFER_TRACE(bh, ""retaking write access""); ext4_journal_get_write_access(handle, bh); } } for (p = first; p < last; p++) { u32 nr = le32_to_cpu(*p); if (nr) { struct buffer_head *tbh; *p = 0; tbh = sb_find_get_block(inode->i_sb, nr); ext4_forget(handle, 0, inode, tbh, nr); } } ext4_free_blocks(handle, inode, block_to_free, count, 0); }",linux-2.6,,,130202982907163190551482569239409207073,0 1627,CWE-416,"static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) { struct ipv6_txoptions opt_space; DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name); struct in6_addr *daddr, *final_p, final; struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct raw6_sock *rp = raw6_sk(sk); struct ipv6_txoptions *opt = NULL; struct ip6_flowlabel *flowlabel = NULL; struct dst_entry *dst = NULL; struct raw6_frag_vec rfv; struct flowi6 fl6; int addr_len = msg->msg_namelen; int hlimit = -1; int tclass = -1; int dontfrag = -1; u16 proto; int err; if (len > INT_MAX) return -EMSGSIZE; if (msg->msg_flags & MSG_OOB) return -EOPNOTSUPP; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_mark = sk->sk_mark; if (sin6) { if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; if (sin6->sin6_family && sin6->sin6_family != AF_INET6) return -EAFNOSUPPORT; proto = ntohs(sin6->sin6_port); if (!proto) proto = inet->inet_num; else if (proto != inet->inet_num) return -EINVAL; if (proto > 255) return -EINVAL; daddr = &sin6->sin6_addr; if (np->sndflow) { fl6.flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK; if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } } if (sk->sk_state == TCP_ESTABLISHED && ipv6_addr_equal(daddr, &sk->sk_v6_daddr)) daddr = &sk->sk_v6_daddr; if (addr_len >= sizeof(struct sockaddr_in6) && sin6->sin6_scope_id && __ipv6_addr_needs_scope_id(__ipv6_addr_type(daddr))) fl6.flowi6_oif = sin6->sin6_scope_id; } else { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; proto = inet->inet_num; daddr = &sk->sk_v6_daddr; fl6.flowlabel = np->flow_label; } if (fl6.flowi6_oif == 0) fl6.flowi6_oif = sk->sk_bound_dev_if; if (msg->msg_controllen) { opt = &opt_space; memset(opt, 0, sizeof(struct ipv6_txoptions)); opt->tot_len = sizeof(struct ipv6_txoptions); err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt, &hlimit, &tclass, &dontfrag); if (err < 0) { fl6_sock_release(flowlabel); return err; } if ((fl6.flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; } if (!opt) opt = np->opt; if (flowlabel) opt = fl6_merge_options(&opt_space, flowlabel, opt); opt = ipv6_fixup_options(&opt_space, opt); fl6.flowi6_proto = proto; rfv.msg = msg; rfv.hlen = 0; err = rawv6_probe_proto_opt(&rfv, &fl6); if (err) goto out; if (!ipv6_addr_any(daddr)) fl6.daddr = *daddr; else fl6.daddr.s6_addr[15] = 0x1; if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr)) fl6.saddr = np->saddr; final_p = fl6_update_dst(&fl6, opt, &final); if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) fl6.flowi6_oif = np->mcast_oif; else if (!fl6.flowi6_oif) fl6.flowi6_oif = np->ucast_oif; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); if (inet->hdrincl) fl6.flowi6_flags |= FLOWI_FLAG_KNOWN_NH; dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { err = PTR_ERR(dst); goto out; } if (hlimit < 0) hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); if (tclass < 0) tclass = np->tclass; if (dontfrag < 0) dontfrag = np->dontfrag; if (msg->msg_flags&MSG_CONFIRM) goto do_confirm; back_from_confirm: if (inet->hdrincl) err = rawv6_send_hdrinc(sk, msg, len, &fl6, &dst, msg->msg_flags); else { lock_sock(sk); err = ip6_append_data(sk, raw6_getfrag, &rfv, len, 0, hlimit, tclass, opt, &fl6, (struct rt6_info *)dst, msg->msg_flags, dontfrag); if (err) ip6_flush_pending_frames(sk); else if (!(msg->msg_flags & MSG_MORE)) err = rawv6_push_pending_frames(sk, &fl6, rp); release_sock(sk); } done: dst_release(dst); out: fl6_sock_release(flowlabel); return err < 0 ? err : len; do_confirm: dst_confirm(dst); if (!(msg->msg_flags & MSG_PROBE) || len) goto back_from_confirm; err = 0; goto done; }",visit repo url,net/ipv6/raw.c,https://github.com/torvalds/linux,33723257750216,1 6113,CWE-190,"void eb_read_bin(eb_t a, const uint8_t *bin, int len) { if (len == 1) { if (bin[0] == 0) { eb_set_infty(a); return; } else { RLC_THROW(ERR_NO_BUFFER); return; } } if (len != (RLC_FB_BYTES + 1) && len != (2 * RLC_FB_BYTES + 1)) { RLC_THROW(ERR_NO_BUFFER); return; } a->coord = BASIC; fb_set_dig(a->z, 1); fb_read_bin(a->x, bin + 1, RLC_FB_BYTES); if (len == RLC_FB_BYTES + 1) { switch(bin[0]) { case 2: fb_zero(a->y); break; case 3: fb_zero(a->y); fb_set_bit(a->y, 0, 1); break; default: RLC_THROW(ERR_NO_VALID); break; } eb_upk(a, a); } if (len == 2 * RLC_FB_BYTES + 1) { if (bin[0] == 4) { fb_read_bin(a->y, bin + RLC_FB_BYTES + 1, RLC_FB_BYTES); } else { RLC_THROW(ERR_NO_VALID); return; } } if (!eb_on_curve(a)) { RLC_THROW(ERR_NO_VALID); return; } }",visit repo url,src/eb/relic_eb_util.c,https://github.com/relic-toolkit/relic,262592685225679,1 3741,CWE-787,"int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { int is_rf64 = !strncmp (fourcc, ""RF64"", 4), got_ds64 = 0; int64_t total_samples = 0, infilesize; RiffChunkHeader riff_chunk_header; ChunkHeader chunk_header; WaveHeader WaveHeader; DS64Chunk ds64_chunk; uint32_t bcount; CLEAR (WaveHeader); CLEAR (ds64_chunk); infilesize = DoGetFileSize (infile); if (!is_rf64 && infilesize >= 4294967296LL && !(config->qmode & QMODE_IGNORE_LENGTH)) { error_line (""can't handle .WAV files larger than 4 GB (non-standard)!""); return WAVPACK_SOFT_ERROR; } memcpy (&riff_chunk_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &riff_chunk_header) + 4, sizeof (RiffChunkHeader) - 4, &bcount) || bcount != sizeof (RiffChunkHeader) - 4 || strncmp (riff_chunk_header.formType, ""WAVE"", 4))) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &riff_chunk_header, sizeof (RiffChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } while (1) { if (!DoReadFile (infile, &chunk_header, sizeof (ChunkHeader), &bcount) || bcount != sizeof (ChunkHeader)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &chunk_header, sizeof (ChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackLittleEndianToNative (&chunk_header, ChunkHeaderFormat); if (!strncmp (chunk_header.ckID, ""ds64"", 4)) { if (chunk_header.ckSize < sizeof (DS64Chunk) || !DoReadFile (infile, &ds64_chunk, sizeof (DS64Chunk), &bcount) || bcount != sizeof (DS64Chunk)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &ds64_chunk, sizeof (DS64Chunk))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } got_ds64 = 1; WavpackLittleEndianToNative (&ds64_chunk, DS64ChunkFormat); if (debug_logging_mode) error_line (""DS64: riffSize = %lld, dataSize = %lld, sampleCount = %lld, table_length = %d"", (long long) ds64_chunk.riffSize64, (long long) ds64_chunk.dataSize64, (long long) ds64_chunk.sampleCount64, ds64_chunk.tableLength); if (ds64_chunk.tableLength * sizeof (CS64Chunk) != chunk_header.ckSize - sizeof (DS64Chunk)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } while (ds64_chunk.tableLength--) { CS64Chunk cs64_chunk; if (!DoReadFile (infile, &cs64_chunk, sizeof (CS64Chunk), &bcount) || bcount != sizeof (CS64Chunk) || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &cs64_chunk, sizeof (CS64Chunk)))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } } } else if (!strncmp (chunk_header.ckID, ""fmt "", 4)) { int supported = TRUE, format; if (chunk_header.ckSize < 16 || chunk_header.ckSize > sizeof (WaveHeader) || !DoReadFile (infile, &WaveHeader, chunk_header.ckSize, &bcount) || bcount != chunk_header.ckSize) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &WaveHeader, chunk_header.ckSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackLittleEndianToNative (&WaveHeader, WaveHeaderFormat); if (debug_logging_mode) { error_line (""format tag size = %d"", chunk_header.ckSize); error_line (""FormatTag = %x, NumChannels = %d, BitsPerSample = %d"", WaveHeader.FormatTag, WaveHeader.NumChannels, WaveHeader.BitsPerSample); error_line (""BlockAlign = %d, SampleRate = %d, BytesPerSecond = %d"", WaveHeader.BlockAlign, WaveHeader.SampleRate, WaveHeader.BytesPerSecond); if (chunk_header.ckSize > 16) error_line (""cbSize = %d, ValidBitsPerSample = %d"", WaveHeader.cbSize, WaveHeader.ValidBitsPerSample); if (chunk_header.ckSize > 20) error_line (""ChannelMask = %x, SubFormat = %d"", WaveHeader.ChannelMask, WaveHeader.SubFormat); } if (chunk_header.ckSize > 16 && WaveHeader.cbSize == 2) config->qmode |= QMODE_ADOBE_MODE; format = (WaveHeader.FormatTag == 0xfffe && chunk_header.ckSize == 40) ? WaveHeader.SubFormat : WaveHeader.FormatTag; config->bits_per_sample = (chunk_header.ckSize == 40 && WaveHeader.ValidBitsPerSample) ? WaveHeader.ValidBitsPerSample : WaveHeader.BitsPerSample; if (format != 1 && format != 3) supported = FALSE; if (format == 3 && config->bits_per_sample != 32) supported = FALSE; if (!WaveHeader.NumChannels || WaveHeader.NumChannels > 256 || WaveHeader.BlockAlign / WaveHeader.NumChannels < (config->bits_per_sample + 7) / 8 || WaveHeader.BlockAlign / WaveHeader.NumChannels > 4 || WaveHeader.BlockAlign % WaveHeader.NumChannels) supported = FALSE; if (config->bits_per_sample < 1 || config->bits_per_sample > 32) supported = FALSE; if (!supported) { error_line (""%s is an unsupported .WAV format!"", infilename); return WAVPACK_SOFT_ERROR; } if (chunk_header.ckSize < 40) { if (!config->channel_mask && !(config->qmode & QMODE_CHANS_UNASSIGNED)) { if (WaveHeader.NumChannels <= 2) config->channel_mask = 0x5 - WaveHeader.NumChannels; else if (WaveHeader.NumChannels <= 18) config->channel_mask = (1 << WaveHeader.NumChannels) - 1; else config->channel_mask = 0x3ffff; } } else if (WaveHeader.ChannelMask && (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED))) { error_line (""this WAV file already has channel order information!""); return WAVPACK_SOFT_ERROR; } else if (WaveHeader.ChannelMask) config->channel_mask = WaveHeader.ChannelMask; if (format == 3) config->float_norm_exp = 127; else if ((config->qmode & QMODE_ADOBE_MODE) && WaveHeader.BlockAlign / WaveHeader.NumChannels == 4) { if (WaveHeader.BitsPerSample == 24) config->float_norm_exp = 127 + 23; else if (WaveHeader.BitsPerSample == 32) config->float_norm_exp = 127 + 15; } if (debug_logging_mode) { if (config->float_norm_exp == 127) error_line (""data format: normalized 32-bit floating point""); else if (config->float_norm_exp) error_line (""data format: 32-bit floating point (Audition %d:%d float type 1)"", config->float_norm_exp - 126, 150 - config->float_norm_exp); else error_line (""data format: %d-bit integers stored in %d byte(s)"", config->bits_per_sample, WaveHeader.BlockAlign / WaveHeader.NumChannels); } } else if (!strncmp (chunk_header.ckID, ""data"", 4)) { int64_t data_chunk_size = (got_ds64 && chunk_header.ckSize == (uint32_t) -1) ? ds64_chunk.dataSize64 : chunk_header.ckSize; if (!WaveHeader.NumChannels || (is_rf64 && !got_ds64)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } if (infilesize && !(config->qmode & QMODE_IGNORE_LENGTH) && infilesize - data_chunk_size > 16777216) { error_line (""this .WAV file has over 16 MB of extra RIFF data, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (config->qmode & QMODE_IGNORE_LENGTH) { if (infilesize && DoGetFilePosition (infile) != -1) total_samples = (infilesize - DoGetFilePosition (infile)) / WaveHeader.BlockAlign; else total_samples = -1; } else { total_samples = data_chunk_size / WaveHeader.BlockAlign; if (got_ds64 && total_samples != ds64_chunk.sampleCount64) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } if (!total_samples) { error_line (""this .WAV file has no audio samples, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (total_samples > MAX_WAVPACK_SAMPLES) { error_line (""%s has too many samples for WavPack!"", infilename); return WAVPACK_SOFT_ERROR; } } config->bytes_per_sample = WaveHeader.BlockAlign / WaveHeader.NumChannels; config->num_channels = WaveHeader.NumChannels; config->sample_rate = WaveHeader.SampleRate; break; } else { int bytes_to_copy = (chunk_header.ckSize + 1) & ~1L; char *buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", chunk_header.ckID [0], chunk_header.ckID [1], chunk_header.ckID [2], chunk_header.ckID [3], chunk_header.ckSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (!WavpackSetConfiguration64 (wpc, config, total_samples, NULL)) { error_line (""%s: %s"", infilename, WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } return WAVPACK_NO_ERROR; }",visit repo url,cli/riff.c,https://github.com/dbry/WavPack,197485221710697,1 784,CWE-20,"static int pfkey_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk = sock->sk; struct pfkey_sock *pfk = pfkey_sk(sk); struct sk_buff *skb; int copied, err; err = -EINVAL; if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) goto out; msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); if (skb == NULL) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } skb_reset_transport_header(skb); err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto out_free; sock_recv_ts_and_drops(msg, sk, skb); err = (flags & MSG_TRUNC) ? skb->len : copied; if (pfk->dump.dump != NULL && 3 * atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf) pfkey_do_dump(pfk); out_free: skb_free_datagram(sk, skb); out: return err; }",visit repo url,net/key/af_key.c,https://github.com/torvalds/linux,186000895945295,1 6765,['CWE-310'],"wifi_available_dont_show_cb (NotifyNotification *notify, gchar *id, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); if (!id || strcmp (id, ""dont-show"")) return; gconf_client_set_bool (applet->gconf_client, PREF_SUPPRESS_WIRELESS_NETWORKS_AVAILABLE, TRUE, NULL); }",network-manager-applet,,,267100767227559471222557428591593066161,0 2026,NVD-CWE-noinfo,"static void evtchn_2l_handle_events(unsigned cpu) { int irq; xen_ulong_t pending_words; xen_ulong_t pending_bits; int start_word_idx, start_bit_idx; int word_idx, bit_idx; int i; struct shared_info *s = HYPERVISOR_shared_info; struct vcpu_info *vcpu_info = __this_cpu_read(xen_vcpu); irq = irq_from_virq(cpu, VIRQ_TIMER); if (irq != -1) { evtchn_port_t evtchn = evtchn_from_irq(irq); word_idx = evtchn / BITS_PER_LONG; bit_idx = evtchn % BITS_PER_LONG; if (active_evtchns(cpu, s, word_idx) & (1ULL << bit_idx)) generic_handle_irq(irq); } pending_words = xchg_xen_ulong(&vcpu_info->evtchn_pending_sel, 0); start_word_idx = __this_cpu_read(current_word_idx); start_bit_idx = __this_cpu_read(current_bit_idx); word_idx = start_word_idx; for (i = 0; pending_words != 0; i++) { xen_ulong_t words; words = MASK_LSBS(pending_words, word_idx); if (words == 0) { word_idx = 0; bit_idx = 0; continue; } word_idx = EVTCHN_FIRST_BIT(words); pending_bits = active_evtchns(cpu, s, word_idx); bit_idx = 0; if (word_idx == start_word_idx) { if (i == 0) bit_idx = start_bit_idx; } do { xen_ulong_t bits; evtchn_port_t port; bits = MASK_LSBS(pending_bits, bit_idx); if (bits == 0) break; bit_idx = EVTCHN_FIRST_BIT(bits); port = (word_idx * BITS_PER_EVTCHN_WORD) + bit_idx; irq = get_evtchn_to_irq(port); if (irq != -1) generic_handle_irq(irq); bit_idx = (bit_idx + 1) % BITS_PER_EVTCHN_WORD; __this_cpu_write(current_word_idx, bit_idx ? word_idx : (word_idx+1) % BITS_PER_EVTCHN_WORD); __this_cpu_write(current_bit_idx, bit_idx); } while (bit_idx != 0); if ((word_idx != start_word_idx) || (i != 0)) pending_words &= ~(1UL << word_idx); word_idx = (word_idx + 1) % BITS_PER_EVTCHN_WORD; } }",visit repo url,drivers/xen/events/events_2l.c,https://github.com/torvalds/linux,37911834623408,1 6506,['CWE-20'],"static unsigned long ss_base(struct x86_emulate_ctxt *ctxt) { return seg_base(ctxt, VCPU_SREG_SS); }",kvm,,,237034677172307048453054425103212646670,0 6008,['CWE-200'],"static unsigned long cbq_get(struct Qdisc *sch, u32 classid) { struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *cl = cbq_class_lookup(q, classid); if (cl) { cl->refcnt++; return (unsigned long)cl; } return 0; }",linux-2.6,,,108447935190072605857459227449660523809,0 1033,CWE-399,"struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) { struct sctp_chunk *chunk; sctp_chunkhdr_t *ch = NULL; if ((chunk = queue->in_progress)) { if (chunk->singleton || chunk->end_of_packet || chunk->pdiscard) { sctp_chunk_free(chunk); chunk = queue->in_progress = NULL; } else { ch = (sctp_chunkhdr_t *) chunk->chunk_end; skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data); if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) { sctp_chunk_free(chunk); chunk = queue->in_progress = NULL; } } } if (!chunk) { struct list_head *entry; if (list_empty(&queue->in_chunk_list)) return NULL; entry = queue->in_chunk_list.next; chunk = queue->in_progress = list_entry(entry, struct sctp_chunk, list); list_del_init(entry); chunk->singleton = 1; ch = (sctp_chunkhdr_t *) chunk->skb->data; chunk->data_accepted = 0; } chunk->chunk_hdr = ch; chunk->chunk_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length)); if (unlikely(skb_is_nonlinear(chunk->skb))) { if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) chunk->chunk_end = skb_tail_pointer(chunk->skb); } skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t)); chunk->subh.v = NULL; if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) { chunk->singleton = 0; } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) { sctp_chunk_free(chunk); chunk = queue->in_progress = NULL; return NULL; } else { chunk->end_of_packet = 1; } pr_debug(""+++sctp_inq_pop+++ chunk:%p[%s], length:%d, skb->len:%d\n"", chunk, sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type)), ntohs(chunk->chunk_hdr->length), chunk->skb->len); return chunk; }",visit repo url,net/sctp/inqueue.c,https://github.com/torvalds/linux,242711341818978,1 2106,[],"static void udp4_hwcsum_outgoing(struct sock *sk, struct sk_buff *skb, __be32 src, __be32 dst, int len ) { unsigned int offset; struct udphdr *uh = udp_hdr(skb); __wsum csum = 0; if (skb_queue_len(&sk->sk_write_queue) == 1) { skb->csum_start = skb_transport_header(skb) - skb->head; skb->csum_offset = offsetof(struct udphdr, check); uh->check = ~csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, 0); } else { offset = skb_transport_offset(skb); skb->csum = skb_checksum(skb, offset, skb->len - offset, 0); skb->ip_summed = CHECKSUM_NONE; skb_queue_walk(&sk->sk_write_queue, skb) { csum = csum_add(csum, skb->csum); } uh->check = csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, csum); if (uh->check == 0) uh->check = CSUM_MANGLED_0; } }",linux-2.6,,,155360495542568100328624002867452778531,0 4475,['CWE-264'],"void *mac_drv_get_desc_mem(struct s_smc *smc, unsigned int size) { char *virt; PRINTK(KERN_INFO ""mac_drv_get_desc_mem\n""); virt = mac_drv_get_space(smc, size); size = (u_int) (16 - (((unsigned long) virt) & 15UL)); size = size % 16; PRINTK(""Allocate %u bytes alignment gap "", size); PRINTK(""for descriptor memory.\n""); if (!mac_drv_get_space(smc, size)) { printk(""fddi: Unable to align descriptor memory.\n""); return (NULL); } return (virt + size); } ",linux-2.6,,,153197659775218635031356811058888567624,0 1629,CWE-416,"struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) { struct tcp_options_received tcp_opt; struct inet_request_sock *ireq; struct tcp_request_sock *treq; struct ipv6_pinfo *np = inet6_sk(sk); struct tcp_sock *tp = tcp_sk(sk); const struct tcphdr *th = tcp_hdr(skb); __u32 cookie = ntohl(th->ack_seq) - 1; struct sock *ret = sk; struct request_sock *req; int mss; struct dst_entry *dst; __u8 rcv_wscale; if (!sysctl_tcp_syncookies || !th->ack || th->rst) goto out; if (tcp_synq_no_recent_overflow(sk)) goto out; mss = __cookie_v6_check(ipv6_hdr(skb), th, cookie); if (mss == 0) { NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESFAILED); goto out; } NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESRECV); memset(&tcp_opt, 0, sizeof(tcp_opt)); tcp_parse_options(skb, &tcp_opt, 0, NULL); if (!cookie_timestamp_decode(&tcp_opt)) goto out; ret = NULL; req = inet_reqsk_alloc(&tcp6_request_sock_ops, sk, false); if (!req) goto out; ireq = inet_rsk(req); treq = tcp_rsk(req); treq->tfo_listener = false; if (security_inet_conn_request(sk, skb, req)) goto out_free; req->mss = mss; ireq->ir_rmt_port = th->source; ireq->ir_num = ntohs(th->dest); ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) || np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { atomic_inc(&skb->users); ireq->pktopts = skb; } ireq->ir_iif = sk->sk_bound_dev_if; if (!sk->sk_bound_dev_if && ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL) ireq->ir_iif = tcp_v6_iif(skb); ireq->ir_mark = inet_request_mark(sk, skb); req->num_retrans = 0; ireq->snd_wscale = tcp_opt.snd_wscale; ireq->sack_ok = tcp_opt.sack_ok; ireq->wscale_ok = tcp_opt.wscale_ok; ireq->tstamp_ok = tcp_opt.saw_tstamp; req->ts_recent = tcp_opt.saw_tstamp ? tcp_opt.rcv_tsval : 0; treq->snt_synack.v64 = 0; treq->rcv_isn = ntohl(th->seq) - 1; treq->snt_isn = cookie; { struct in6_addr *final_p, final; struct flowi6 fl6; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_proto = IPPROTO_TCP; fl6.daddr = ireq->ir_v6_rmt_addr; final_p = fl6_update_dst(&fl6, np->opt, &final); fl6.saddr = ireq->ir_v6_loc_addr; fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.flowi6_mark = ireq->ir_mark; fl6.fl6_dport = ireq->ir_rmt_port; fl6.fl6_sport = inet_sk(sk)->inet_sport; security_req_classify_flow(req, flowi6_to_flowi(&fl6)); dst = ip6_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) goto out_free; } req->rsk_window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW); tcp_select_initial_window(tcp_full_space(sk), req->mss, &req->rsk_rcv_wnd, &req->rsk_window_clamp, ireq->wscale_ok, &rcv_wscale, dst_metric(dst, RTAX_INITRWND)); ireq->rcv_wscale = rcv_wscale; ireq->ecn_ok = cookie_ecn_ok(&tcp_opt, sock_net(sk), dst); ret = tcp_get_cookie_sock(sk, skb, req, dst); out: return ret; out_free: reqsk_free(req); return NULL; }",visit repo url,net/ipv6/syncookies.c,https://github.com/torvalds/linux,256855057637539,1 411,CWE-362,"int __fsnotify_parent(const struct path *path, struct dentry *dentry, __u32 mask) { struct dentry *parent; struct inode *p_inode; int ret = 0; if (!dentry) dentry = path->dentry; if (!(dentry->d_flags & DCACHE_FSNOTIFY_PARENT_WATCHED)) return 0; parent = dget_parent(dentry); p_inode = parent->d_inode; if (unlikely(!fsnotify_inode_watches_children(p_inode))) __fsnotify_update_child_dentry_flags(p_inode); else if (p_inode->i_fsnotify_mask & mask) { mask |= FS_EVENT_ON_CHILD; if (path) ret = fsnotify(p_inode, mask, path, FSNOTIFY_EVENT_PATH, dentry->d_name.name, 0); else ret = fsnotify(p_inode, mask, dentry->d_inode, FSNOTIFY_EVENT_INODE, dentry->d_name.name, 0); } dput(parent); return ret; }",visit repo url,fs/notify/fsnotify.c,https://github.com/torvalds/linux,49856684151035,1 3150,CWE-17,"_gnutls_verify_certificate2 (gnutls_x509_crt_t cert, const gnutls_x509_crt_t * trusted_cas, int tcas_size, unsigned int flags, unsigned int *output) { gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t cert_signature = { NULL, 0 }; gnutls_x509_crt_t issuer; int ret, issuer_version, result; if (output) *output = 0; if (tcas_size >= 1) issuer = find_issuer (cert, trusted_cas, tcas_size); else { gnutls_assert (); if (output) *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; return 0; } if (issuer == NULL) { if (output) *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; gnutls_assert (); return 0; } issuer_version = gnutls_x509_crt_get_version (issuer); if (issuer_version < 0) { gnutls_assert (); return issuer_version; } if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && !((flags & GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT) && issuer_version == 1)) { if (check_if_ca (cert, issuer, flags) == 0) { gnutls_assert (); if (output) *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; return 0; } } result = _gnutls_x509_get_signed_data (cert->cert, ""tbsCertificate"", &cert_signed_data); if (result < 0) { gnutls_assert (); goto cleanup; } result = _gnutls_x509_get_signature (cert->cert, ""signature"", &cert_signature); if (result < 0) { gnutls_assert (); goto cleanup; } ret = _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature, issuer); if (ret < 0) { gnutls_assert (); } else if (ret == 0) { gnutls_assert (); if (output) *output |= GNUTLS_CERT_INVALID; ret = 0; } if (is_issuer (cert, cert) == 0) { int sigalg; sigalg = gnutls_x509_crt_get_signature_algorithm (cert); if (((sigalg == GNUTLS_SIGN_RSA_MD2) && !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) || ((sigalg == GNUTLS_SIGN_RSA_MD5) && !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))) { if (output) *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; ret = 0; } } result = ret; cleanup: _gnutls_free_datum (&cert_signed_data); _gnutls_free_datum (&cert_signature); return result; }",visit repo url,lib/x509/verify.c,https://gitlab.com/gnutls/gnutls,206418741829906,1 830,['CWE-119'],"isdn_writebuf_stub(int drvidx, int chan, const u_char __user * buf, int len) { int ret; int hl = dev->drv[drvidx]->interface->hl_hdrlen; struct sk_buff *skb = alloc_skb(hl + len, GFP_ATOMIC); if (!skb) return -ENOMEM; skb_reserve(skb, hl); if (copy_from_user(skb_put(skb, len), buf, len)) return -EFAULT; ret = dev->drv[drvidx]->interface->writebuf_skb(drvidx, chan, 1, skb); if (ret <= 0) dev_kfree_skb(skb); if (ret > 0) dev->obytes[isdn_dc2minor(drvidx, chan)] += ret; return ret; }",linux-2.6,,,40276032381815723639979907848280069043,0 6277,['CWE-200'],"static struct Qdisc *qdisc_leaf(struct Qdisc *p, u32 classid) { unsigned long cl; struct Qdisc *leaf; struct Qdisc_class_ops *cops = p->ops->cl_ops; if (cops == NULL) return NULL; cl = cops->get(p, classid); if (cl == 0) return NULL; leaf = cops->leaf(p, cl); cops->put(p, cl); return leaf; }",linux-2.6,,,305713564778789837634786426553224734072,0 2409,['CWE-119'],"static void print_word(FILE *file, struct diff_words_buffer *buffer, int len, int color, int suppress_newline) { const char *ptr; int eol = 0; if (len == 0) return; ptr = buffer->text.ptr + buffer->current; buffer->current += len; if (ptr[len - 1] == '\n') { eol = 1; len--; } fputs(diff_get_color(1, color), file); fwrite(ptr, len, 1, file); fputs(diff_get_color(1, DIFF_RESET), file); if (eol) { if (suppress_newline) buffer->suppressed_newline = 1; else putc('\n', file); } }",git,,,227792277765098751919401757161983014767,0 5118,CWE-125,"Assign(asdl_seq * targets, expr_ty value, int lineno, int col_offset, int end_lineno, int end_col_offset, PyArena *arena) { stmt_ty p; if (!value) { PyErr_SetString(PyExc_ValueError, ""field value is required for Assign""); return NULL; } p = (stmt_ty)PyArena_Malloc(arena, sizeof(*p)); if (!p) return NULL; p->kind = Assign_kind; p->v.Assign.targets = targets; p->v.Assign.value = value; p->lineno = lineno; p->col_offset = col_offset; p->end_lineno = end_lineno; p->end_col_offset = end_col_offset; return p; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,155859342361474,1 6128,['CWE-200'],"static void addrconf_sysctl_register(struct inet6_dev *idev, struct ipv6_devconf *p) { int i; struct net_device *dev = idev ? idev->dev : NULL; struct addrconf_sysctl_table *t; char *dev_name = NULL; t = kmalloc(sizeof(*t), GFP_KERNEL); if (t == NULL) return; memcpy(t, &addrconf_sysctl, sizeof(*t)); for (i=0; t->addrconf_vars[i].data; i++) { t->addrconf_vars[i].data += (char*)p - (char*)&ipv6_devconf; t->addrconf_vars[i].de = NULL; t->addrconf_vars[i].extra1 = idev; } if (dev) { dev_name = dev->name; t->addrconf_dev[0].ctl_name = dev->ifindex; } else { dev_name = ""default""; t->addrconf_dev[0].ctl_name = NET_PROTO_CONF_DEFAULT; } dev_name = kstrdup(dev_name, GFP_KERNEL); if (!dev_name) goto free; t->addrconf_dev[0].procname = dev_name; t->addrconf_dev[0].child = t->addrconf_vars; t->addrconf_dev[0].de = NULL; t->addrconf_conf_dir[0].child = t->addrconf_dev; t->addrconf_conf_dir[0].de = NULL; t->addrconf_proto_dir[0].child = t->addrconf_conf_dir; t->addrconf_proto_dir[0].de = NULL; t->addrconf_root_dir[0].child = t->addrconf_proto_dir; t->addrconf_root_dir[0].de = NULL; t->sysctl_header = register_sysctl_table(t->addrconf_root_dir, 0); if (t->sysctl_header == NULL) goto free_procname; else p->sysctl = t; return; free_procname: kfree(dev_name); free: kfree(t); return; }",linux-2.6,,,256042262278771470546828712423065065471,0 6661,['CWE-200'],"action_info_set_button (ActionInfo *info, GtkWidget *button, PolKitGnomeAction *gnome_action) { g_return_if_fail (info != NULL); info->button = button; if (info->gnome_action) g_object_unref (info->gnome_action); info->gnome_action = gnome_action; }",network-manager-applet,,,286134307633052243524750153503453071641,0 4136,[],"static long ibwdt_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { int new_margin; void __user *argp = (void __user *)arg; int __user *p = argp; static struct watchdog_info ident = { .options = WDIOF_KEEPALIVEPING | WDIOF_SETTIMEOUT | WDIOF_MAGICCLOSE, .firmware_version = 1, .identity = ""IB700 WDT"", }; switch (cmd) { case WDIOC_GETSUPPORT: if (copy_to_user(argp, &ident, sizeof(ident))) return -EFAULT; break; case WDIOC_GETSTATUS: case WDIOC_GETBOOTSTATUS: return put_user(0, p); case WDIOC_SETOPTIONS: { int options, retval = -EINVAL; if (get_user(options, p)) return -EFAULT; if (options & WDIOS_DISABLECARD) { ibwdt_disable(); retval = 0; } if (options & WDIOS_ENABLECARD) { ibwdt_ping(); retval = 0; } return retval; } case WDIOC_KEEPALIVE: ibwdt_ping(); break; case WDIOC_SETTIMEOUT: if (get_user(new_margin, p)) return -EFAULT; if (ibwdt_set_heartbeat(new_margin)) return -EINVAL; ibwdt_ping(); case WDIOC_GETTIMEOUT: return put_user(wd_times[wd_margin], p); default: return -ENOTTY; } return 0; }",linux-2.6,,,239104350821040538265139599971523521577,0 258,CWE-362,"static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct sockaddr_l2tpip6 *addr = (struct sockaddr_l2tpip6 *) uaddr; struct net *net = sock_net(sk); __be32 v4addr = 0; int addr_type; int err; if (!sock_flag(sk, SOCK_ZAPPED)) return -EINVAL; if (addr->l2tp_family != AF_INET6) return -EINVAL; if (addr_len < sizeof(*addr)) return -EINVAL; addr_type = ipv6_addr_type(&addr->l2tp_addr); if (addr_type == IPV6_ADDR_MAPPED) return -EADDRNOTAVAIL; if (addr_type & IPV6_ADDR_MULTICAST) return -EADDRNOTAVAIL; err = -EADDRINUSE; read_lock_bh(&l2tp_ip6_lock); if (__l2tp_ip6_bind_lookup(net, &addr->l2tp_addr, sk->sk_bound_dev_if, addr->l2tp_conn_id)) goto out_in_use; read_unlock_bh(&l2tp_ip6_lock); lock_sock(sk); err = -EINVAL; if (sk->sk_state != TCP_CLOSE) goto out_unlock; rcu_read_lock(); if (addr_type != IPV6_ADDR_ANY) { struct net_device *dev = NULL; if (addr_type & IPV6_ADDR_LINKLOCAL) { if (addr_len >= sizeof(struct sockaddr_in6) && addr->l2tp_scope_id) { sk->sk_bound_dev_if = addr->l2tp_scope_id; } if (!sk->sk_bound_dev_if) goto out_unlock_rcu; err = -ENODEV; dev = dev_get_by_index_rcu(sock_net(sk), sk->sk_bound_dev_if); if (!dev) goto out_unlock_rcu; } v4addr = LOOPBACK4_IPV6; err = -EADDRNOTAVAIL; if (!ipv6_chk_addr(sock_net(sk), &addr->l2tp_addr, dev, 0)) goto out_unlock_rcu; } rcu_read_unlock(); inet->inet_rcv_saddr = inet->inet_saddr = v4addr; sk->sk_v6_rcv_saddr = addr->l2tp_addr; np->saddr = addr->l2tp_addr; l2tp_ip6_sk(sk)->conn_id = addr->l2tp_conn_id; write_lock_bh(&l2tp_ip6_lock); sk_add_bind_node(sk, &l2tp_ip6_bind_table); sk_del_node_init(sk); write_unlock_bh(&l2tp_ip6_lock); sock_reset_flag(sk, SOCK_ZAPPED); release_sock(sk); return 0; out_unlock_rcu: rcu_read_unlock(); out_unlock: release_sock(sk); return err; out_in_use: read_unlock_bh(&l2tp_ip6_lock); return err; }",visit repo url,net/l2tp/l2tp_ip6.c,https://github.com/torvalds/linux,136536700617723,1 6433,CWE-20,"error_t rza1EthInit(NetInterface *interface) { error_t error; TRACE_INFO(""Initializing RZ/A1 Ethernet MAC...\r\n""); nicDriverInterface = interface; CPG.STBCR7 &= ~CPG_STBCR7_MSTP74; rza1EthInitGpio(interface); ETHER.ARSTR = ETHER_ARSTR_ARST; sleep(10); ETHER.EDSR0 = ETHER_EDSR0_ENT | ETHER_EDSR0_ENR; ETHER.EDMR0 = ETHER_EDMR0_SWRT | ETHER_EDMR0_SWRR; while(ETHER.EDMR0 & (ETHER_EDMR0_SWRT | ETHER_EDMR0_SWRR)) { } if(interface->phyDriver != NULL) { error = interface->phyDriver->init(interface); } else if(interface->switchDriver != NULL) { error = interface->switchDriver->init(interface); } else { error = ERROR_FAILURE; } if(error) { return error; } rza1EthInitDmaDesc(interface); ETHER.EDMR0 = ETHER_EDMR0_DE | ETHER_EDMR0_DL_16; ETHER.TRSCER0 = 0; ETHER.TFTR0 = 0; ETHER.FDR0 = ETHER_FDR0_TFD_2048 | ETHER_FDR0_RFD_2048; ETHER.RMCR0 = ETHER_RMCR0_RNC; ETHER.RPADIR0 = 0; ETHER.FCFTR0 = ETHER_FCFTR0_RFF_8 | ETHER_FCFTR0_RFD_2048; ETHER.CSMR = 0; ETHER.ECMR0 |= ETH_ECMR0_MCT; ETHER.MAHR0 = (interface->macAddr.b[0] << 24) | (interface->macAddr.b[1] << 16) | (interface->macAddr.b[2] << 8) | interface->macAddr.b[3]; ETHER.MALR0 = (interface->macAddr.b[4] << 8) | interface->macAddr.b[5]; ETHER.TSU_TEN = 0; ETHER.RFLR0 = RZA1_ETH_RX_BUFFER_SIZE; ETHER.APR0 = 0; ETHER.MPR0 = 0; ETHER.TPAUSER0 = 0; ETHER.ECSIPR0 = 0; ETHER.EESIPR0 = ETHER_EESIPR0_TWBIP | ETHER_EESIPR0_FRIP; R_INTC_Regist_Int_Func(INTC_ID_ETHERI, rza1EthIrqHandler); R_INTC_Set_Priority(INTC_ID_ETHERI, RZA1_ETH_IRQ_PRIORITY); ETHER.ECMR0 |= ETH_ECMR0_RE | ETH_ECMR0_TE; ETHER.EDRRR0 = ETHER_EDRRR0_RR; osSetEvent(&interface->nicTxEvent); return NO_ERROR; }",visit repo url,drivers/mac/rza1_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,253948674338250,1 1436,[],"static void update_avg_stats(struct cfs_rq *cfs_rq, struct sched_entity *se) { if (!se->last_wakeup) return; update_avg(&se->avg_overlap, se->sum_exec_runtime - se->last_wakeup); se->last_wakeup = 0; }",linux-2.6,,,1345749097721017828886585914831632250,0 3874,CWE-476,"generate_loadvar( cctx_T *cctx, assign_dest_T dest, char_u *name, lvar_T *lvar, type_T *type) { switch (dest) { case dest_option: case dest_func_option: generate_LOAD(cctx, ISN_LOADOPT, 0, name, type); break; case dest_global: if (vim_strchr(name, AUTOLOAD_CHAR) == NULL) { if (name[2] == NUL) generate_instr_type(cctx, ISN_LOADGDICT, &t_dict_any); else generate_LOAD(cctx, ISN_LOADG, 0, name + 2, type); } else generate_LOAD(cctx, ISN_LOADAUTO, 0, name, type); break; case dest_buffer: generate_LOAD(cctx, ISN_LOADB, 0, name + 2, type); break; case dest_window: generate_LOAD(cctx, ISN_LOADW, 0, name + 2, type); break; case dest_tab: generate_LOAD(cctx, ISN_LOADT, 0, name + 2, type); break; case dest_script: compile_load_scriptvar(cctx, name + (name[1] == ':' ? 2 : 0), NULL, NULL); break; case dest_env: generate_LOAD(cctx, ISN_LOADENV, 0, name, type); break; case dest_reg: generate_LOAD(cctx, ISN_LOADREG, name[1], NULL, &t_string); break; case dest_vimvar: generate_LOADV(cctx, name + 2); break; case dest_local: if (lvar->lv_from_outer > 0) generate_LOADOUTER(cctx, lvar->lv_idx, lvar->lv_from_outer, type); else generate_LOAD(cctx, ISN_LOAD, lvar->lv_idx, NULL, type); break; case dest_expr: break; } }",visit repo url,src/vim9compile.c,https://github.com/vim/vim,244936673496618,1 5979,CWE-120,"static int __pyx_pf_17clickhouse_driver_14bufferedreader_14BufferedReader_19current_buffer_size_2__set__(struct __pyx_obj_17clickhouse_driver_14bufferedreader_BufferedReader *__pyx_v_self, PyObject *__pyx_v_value) { int __pyx_r; __Pyx_RefNannyDeclarations Py_ssize_t __pyx_t_1; __Pyx_RefNannySetupContext(""__set__"", 0); __pyx_t_1 = __Pyx_PyIndex_AsSsize_t(__pyx_v_value); if (unlikely((__pyx_t_1 == (Py_ssize_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 11, __pyx_L1_error) __pyx_v_self->current_buffer_size = __pyx_t_1; __pyx_r = 0; goto __pyx_L0; __pyx_L1_error:; __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.BufferedReader.current_buffer_size.__set__"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = -1; __pyx_L0:; __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,115354919794485,1 4386,['CWE-264'],"int sock_no_bind(struct socket *sock, struct sockaddr *saddr, int len) { return -EOPNOTSUPP; }",linux-2.6,,,313103756381891224544568485911294134221,0 3056,['CWE-189'],"static int mono(jas_iccprof_t *iccprof, int op, jas_cmpxformseq_t **retpxformseq) { jas_iccattrval_t *graytrc; jas_cmshapmat_t *shapmat; jas_cmpxform_t *pxform; jas_cmpxformseq_t *pxformseq; jas_cmshapmatlut_t lut; jas_cmshapmatlut_init(&lut); if (!(graytrc = jas_iccprof_getattr(iccprof, JAS_ICC_TAG_GRYTRC)) || graytrc->type != JAS_ICC_TYPE_CURV) goto error; if (!(pxform = jas_cmpxform_createshapmat())) goto error; shapmat = &pxform->data.shapmat; if (!(pxformseq = jas_cmpxformseq_create())) goto error; if (jas_cmpxformseq_insertpxform(pxformseq, -1, pxform)) goto error; pxform->numinchans = 1; pxform->numoutchans = 3; shapmat->mono = 1; shapmat->useluts = 1; shapmat->usemat = 1; if (!op) { shapmat->order = 0; shapmat->mat[0][0] = 0.9642; shapmat->mat[1][0] = 1.0; shapmat->mat[2][0] = 0.8249; if (jas_cmshapmatlut_set(&shapmat->luts[0], &graytrc->data.curv)) goto error; } else { shapmat->order = 1; shapmat->mat[0][0] = 1.0 / 0.9642; shapmat->mat[1][0] = 1.0; shapmat->mat[2][0] = 1.0 / 0.8249; jas_cmshapmatlut_init(&lut); if (jas_cmshapmatlut_set(&lut, &graytrc->data.curv)) goto error; if (jas_cmshapmatlut_invert(&shapmat->luts[0], &lut, lut.size)) goto error; jas_cmshapmatlut_cleanup(&lut); } jas_iccattrval_destroy(graytrc); jas_cmpxform_destroy(pxform); *retpxformseq = pxformseq; return 0; error: return -1; }",jasper,,,17960630750094713640401698833340088479,0 6102,['CWE-200'],"int ipv6_chk_addr(struct in6_addr *addr, struct net_device *dev, int strict) { struct inet6_ifaddr * ifp; u8 hash = ipv6_addr_hash(addr); read_lock_bh(&addrconf_hash_lock); for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) { if (ipv6_addr_equal(&ifp->addr, addr) && !(ifp->flags&IFA_F_TENTATIVE)) { if (dev == NULL || ifp->idev->dev == dev || !(ifp->scope&(IFA_LINK|IFA_HOST) || strict)) break; } } read_unlock_bh(&addrconf_hash_lock); return ifp != NULL; }",linux-2.6,,,295174519179976978285132021947324318724,0 3082,['CWE-189'],"void jas_iccattrval_destroy(jas_iccattrval_t *attrval) { #if 0 jas_eprintf(""refcnt=%d\n"", attrval->refcnt); #endif if (--attrval->refcnt <= 0) { if (attrval->ops->destroy) (*attrval->ops->destroy)(attrval); jas_free(attrval); } }",jasper,,,194978623506389376514714248958878580285,0 4587,CWE-787,"GF_Err flac_dmx_process(GF_Filter *filter) { GF_FLACDmxCtx *ctx = gf_filter_get_udta(filter); GF_FilterPacket *pck, *dst_pck; u8 *output; u8 *start; Bool final_flush=GF_FALSE; u32 pck_size, remain, prev_pck_size; u64 cts = GF_FILTER_NO_TS; FLACHeader hdr; if (!ctx->duration.num) flac_dmx_check_dur(filter, ctx); if (ctx->opid && !ctx->is_playing) return GF_OK; pck = gf_filter_pid_get_packet(ctx->ipid); if (!pck) { if (gf_filter_pid_is_eos(ctx->ipid)) { if (!ctx->flac_buffer_size) { if (ctx->opid) gf_filter_pid_set_eos(ctx->opid); if (ctx->src_pck) gf_filter_pck_unref(ctx->src_pck); ctx->src_pck = NULL; return GF_EOS; } final_flush = GF_TRUE; } else { return GF_OK; } } prev_pck_size = ctx->flac_buffer_size; if (pck && !ctx->resume_from) { u8 *data = (u8 *) gf_filter_pck_get_data(pck, &pck_size); if (ctx->byte_offset != GF_FILTER_NO_BO) { u64 byte_offset = gf_filter_pck_get_byte_offset(pck); if (!ctx->flac_buffer_size) { ctx->byte_offset = byte_offset; } else if (ctx->byte_offset + ctx->flac_buffer_size != byte_offset) { ctx->byte_offset = GF_FILTER_NO_BO; if ((byte_offset != GF_FILTER_NO_BO) && (byte_offset>ctx->flac_buffer_size) ) { ctx->byte_offset = byte_offset - ctx->flac_buffer_size; } } } if (ctx->flac_buffer_size + pck_size > ctx->flac_buffer_alloc) { ctx->flac_buffer_alloc = ctx->flac_buffer_size + pck_size; ctx->flac_buffer = gf_realloc(ctx->flac_buffer, ctx->flac_buffer_alloc); } memcpy(ctx->flac_buffer + ctx->flac_buffer_size, data, pck_size); ctx->flac_buffer_size += pck_size; } if (ctx->timescale && pck) { cts = gf_filter_pck_get_cts(pck); } if (cts == GF_FILTER_NO_TS) { prev_pck_size = 0; } remain = ctx->flac_buffer_size; start = ctx->flac_buffer; if (ctx->resume_from) { start += ctx->resume_from - 1; remain -= ctx->resume_from - 1; ctx->resume_from = 0; } while (remain>2) { u32 next_frame=0, nb_samp; u32 cur_size = remain-2; u8 *cur_buf = start+2; u8 *hdr_start = NULL; if (final_flush) { next_frame = remain; } else { while (cur_size) { hdr_start = memchr(cur_buf, 0xFF, cur_size); if (!hdr_start) break; next_frame = (u32) (hdr_start-start); if (next_frame == remain) break; if ((hdr_start[1]&0xFC) == 0xF8) { if (flac_parse_header(ctx, hdr_start, (u32) remain - next_frame, &hdr)) break; } cur_buf = hdr_start+1; cur_size = (u32) (cur_buf - start); assert(cur_size<=remain); cur_size = remain - cur_size; hdr_start = NULL; } if (!hdr_start) break; if (next_frame == remain) break; } if (!ctx->initialized) { u32 size = next_frame; u32 dsi_end = 0; gf_bs_reassign_buffer(ctx->bs, ctx->flac_buffer, size); u32 magic = gf_bs_read_u32(ctx->bs); if (magic != GF_4CC('f','L','a','C')) { } while (gf_bs_available(ctx->bs)) { Bool last = gf_bs_read_int(ctx->bs, 1); u32 type = gf_bs_read_int(ctx->bs, 7); u32 len = gf_bs_read_int(ctx->bs, 24); if (type==0) { u16 min_block_size = gf_bs_read_u16(ctx->bs); u16 max_block_size = gf_bs_read_u16(ctx->bs); gf_bs_read_u24(ctx->bs); gf_bs_read_u24(ctx->bs); ctx->sample_rate = gf_bs_read_int(ctx->bs, 20); ctx->nb_channels = 1 + gf_bs_read_int(ctx->bs, 3); ctx->bits_per_sample = 1 + gf_bs_read_int(ctx->bs, 5); if (min_block_size==max_block_size) ctx->block_size = min_block_size; else ctx->block_size = 0; ctx->duration.num = gf_bs_read_long_int(ctx->bs, 36); ctx->duration.den = ctx->sample_rate; gf_bs_skip_bytes(ctx->bs, 16); dsi_end = (u32) gf_bs_get_position(ctx->bs); } else { gf_bs_skip_bytes(ctx->bs, len); } if (last) break; } flac_dmx_check_pid(filter, ctx, ctx->flac_buffer+4, dsi_end-4); remain -= size; start += size; ctx->initialized = GF_TRUE; if (!ctx->is_playing) break; continue; } if ((start[0] != 0xFF) && ((start[1]&0xFC) != 0xF8)) { GF_LOG(GF_LOG_WARNING, GF_LOG_PARSER, (""[FLACDmx] invalid frame, droping %d bytes and resyncing\n"", next_frame)); start += next_frame; remain -= next_frame; continue; } flac_parse_header(ctx,start, next_frame, &hdr); if (hdr.sample_rate != ctx->sample_rate) { ctx->sample_rate = hdr.sample_rate; gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_SAMPLE_RATE, & PROP_UINT(ctx->sample_rate)); } nb_samp = hdr.block_size; if (ctx->in_seek) { u64 nb_samples_at_seek = (u64) (ctx->start_range * ctx->sample_rate); if (ctx->cts + nb_samp >= nb_samples_at_seek) { ctx->in_seek = GF_FALSE; } } if (ctx->timescale && !prev_pck_size && (cts != GF_FILTER_NO_TS) ) { ctx->cts = cts; cts = GF_FILTER_NO_TS; } if (!ctx->in_seek) { dst_pck = gf_filter_pck_new_alloc(ctx->opid, next_frame, &output); memcpy(output, start, next_frame); gf_filter_pck_set_cts(dst_pck, ctx->cts); if (!ctx->timescale || (ctx->timescale==ctx->sample_rate) ) gf_filter_pck_set_duration(dst_pck, nb_samp); else { gf_filter_pck_set_duration(dst_pck, (nb_samp * ctx->timescale) / ctx->sample_rate); } gf_filter_pck_set_sap(dst_pck, GF_FILTER_SAP_1); gf_filter_pck_set_framing(dst_pck, GF_TRUE, GF_TRUE); if (ctx->byte_offset != GF_FILTER_NO_BO) { gf_filter_pck_set_byte_offset(dst_pck, ctx->byte_offset); } gf_filter_pck_send(dst_pck); } flac_dmx_update_cts(ctx, nb_samp); assert (start[0] == 0xFF); assert((start[1]&0xFC) == 0xF8); start += next_frame; assert(remain >= next_frame); remain -= next_frame; } if (!pck) { ctx->flac_buffer_size = 0; return flac_dmx_process(filter); } else { if (remain < ctx->flac_buffer_size) { memmove(ctx->flac_buffer, start, remain); } ctx->flac_buffer_size = remain; gf_filter_pid_drop_packet(ctx->ipid); } return GF_OK; }",visit repo url,src/filters/reframe_flac.c,https://github.com/gpac/gpac,256523064272005,1 2682,[],"static int sctp_wait_for_accept(struct sock *sk, long timeo) { struct sctp_endpoint *ep; int err = 0; DEFINE_WAIT(wait); ep = sctp_sk(sk)->ep; for (;;) { prepare_to_wait_exclusive(sk->sk_sleep, &wait, TASK_INTERRUPTIBLE); if (list_empty(&ep->asocs)) { sctp_release_sock(sk); timeo = schedule_timeout(timeo); sctp_lock_sock(sk); } err = -EINVAL; if (!sctp_sstate(sk, LISTENING)) break; err = 0; if (!list_empty(&ep->asocs)) break; err = sock_intr_errno(timeo); if (signal_pending(current)) break; err = -EAGAIN; if (!timeo) break; } finish_wait(sk->sk_sleep, &wait); return err; }",linux-2.6,,,235510866022350317083982915115183376566,0 3515,CWE-190,"static int parse_exports_table(long long *table_start) { int res; int indexes = SQUASHFS_LOOKUP_BLOCKS(sBlk.s.inodes); long long export_index_table[indexes]; res = read_fs_bytes(fd, sBlk.s.lookup_table_start, SQUASHFS_LOOKUP_BLOCK_BYTES(sBlk.s.inodes), export_index_table); if(res == FALSE) { ERROR(""parse_exports_table: failed to read export index table\n""); return FALSE; } SQUASHFS_INSWAP_LOOKUP_BLOCKS(export_index_table, indexes); *table_start = export_index_table[0]; return TRUE; }",visit repo url,squashfs-tools/unsquash-4.c,https://github.com/plougher/squashfs-tools,93109027179777,1 5720,['CWE-200'],"static int llc_ui_listen(struct socket *sock, int backlog) { struct sock *sk = sock->sk; int rc = -EINVAL; lock_sock(sk); if (unlikely(sock->state != SS_UNCONNECTED)) goto out; rc = -EOPNOTSUPP; if (unlikely(sk->sk_type != SOCK_STREAM)) goto out; rc = -EAGAIN; if (sock_flag(sk, SOCK_ZAPPED)) goto out; rc = 0; if (!(unsigned)backlog) backlog = 1; sk->sk_max_ack_backlog = backlog; if (sk->sk_state != TCP_LISTEN) { sk->sk_ack_backlog = 0; sk->sk_state = TCP_LISTEN; } sk->sk_socket->flags |= __SO_ACCEPTCON; out: release_sock(sk); return rc; }",linux-2.6,,,234187788881534723577798081663190568656,0 2018,['CWE-269'],"static int show_vfsstat(struct seq_file *m, void *v) { struct vfsmount *mnt = v; int err = 0; if (mnt->mnt_devname) { seq_puts(m, ""device ""); mangle(m, mnt->mnt_devname); } else seq_puts(m, ""no device""); seq_puts(m, "" mounted on ""); seq_path(m, mnt, mnt->mnt_root, "" \t\n\\""); seq_putc(m, ' '); seq_puts(m, ""with fstype ""); mangle(m, mnt->mnt_sb->s_type->name); if (mnt->mnt_sb->s_op->show_stats) { seq_putc(m, ' '); err = mnt->mnt_sb->s_op->show_stats(m, mnt); } seq_putc(m, '\n'); return err; }",linux-2.6,,,218712821477980783663275113926303236740,0 1763,[],"static void register_sched_domain_sysctl(void) { int i, cpu_num = num_online_cpus(); struct ctl_table *entry = sd_alloc_ctl_entry(cpu_num + 1); char buf[32]; WARN_ON(sd_ctl_dir[0].child); sd_ctl_dir[0].child = entry; if (entry == NULL) return; for_each_online_cpu(i) { snprintf(buf, 32, ""cpu%d"", i); entry->procname = kstrdup(buf, GFP_KERNEL); entry->mode = 0555; entry->child = sd_alloc_ctl_cpu_table(i); entry++; } WARN_ON(sd_sysctl_header); sd_sysctl_header = register_sysctl_table(sd_ctl_root); }",linux-2.6,,,263885515168887125976363783791046601457,0 655,[],"int dccp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { if (level != SOL_DCCP) return inet_csk(sk)->icsk_af_ops->getsockopt(sk, level, optname, optval, optlen); return do_dccp_getsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,223442227205688119829279993170904044657,0 3953,CWE-532,"int _pam_parse(int argc, const char **argv) { int ctrl = 0; const char *current_secret = NULL; memset(tac_srv, 0, sizeof(tacplus_server_t) * TAC_PLUS_MAXSERVERS); memset(&tac_srv_addr, 0, sizeof(struct addrinfo) * TAC_PLUS_MAXSERVERS); memset(&tac_sock_addr, 0, sizeof(struct sockaddr) * TAC_PLUS_MAXSERVERS); memset(&tac_sock6_addr, 0, sizeof(struct sockaddr_in6) * TAC_PLUS_MAXSERVERS); tac_srv_no = 0; tac_service[0] = 0; tac_protocol[0] = 0; tac_prompt[0] = 0; tac_login[0] = 0; for (ctrl = 0; argc-- > 0; ++argv) { if (!strcmp(*argv, ""debug"")) { ctrl |= PAM_TAC_DEBUG; } else if (!strcmp(*argv, ""use_first_pass"")) { ctrl |= PAM_TAC_USE_FIRST_PASS; } else if (!strcmp(*argv, ""try_first_pass"")) { ctrl |= PAM_TAC_TRY_FIRST_PASS; } else if (!strncmp(*argv, ""service="", 8)) { xstrcpy(tac_service, *argv + 8, sizeof(tac_service)); } else if (!strncmp(*argv, ""protocol="", 9)) { xstrcpy(tac_protocol, *argv + 9, sizeof(tac_protocol)); } else if (!strncmp(*argv, ""prompt="", 7)) { xstrcpy(tac_prompt, *argv + 7, sizeof(tac_prompt)); unsigned long chr; for (chr = 0; chr < strlen(tac_prompt); chr++) { if (tac_prompt[chr] == '_') { tac_prompt[chr] = ' '; } } } else if (!strncmp(*argv, ""login="", 6)) { xstrcpy(tac_login, *argv + 6, sizeof(tac_login)); } else if (!strcmp(*argv, ""acct_all"")) { ctrl |= PAM_TAC_ACCT; } else if (!strncmp(*argv, ""server="", 7)) { if (tac_srv_no < TAC_PLUS_MAXSERVERS) { struct addrinfo hints, *servers, *server; int rv; char *close_bracket, *server_name, *port, server_buf[256]; memset(&hints, 0, sizeof hints); memset(&server_buf, 0, sizeof(server_buf)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if (strlen(*argv + 7) >= sizeof(server_buf)) { _pam_log(LOG_ERR, ""server address too long, sorry""); continue; } strcpy(server_buf, *argv + 7); if (*server_buf == '[' && (close_bracket = strchr(server_buf, ']')) != NULL) { server_name = server_buf + 1; _pam_log (LOG_ERR, ""reading server address as: %s "", server_name); port = strchr(close_bracket, ':'); *close_bracket = '\0'; } else { server_name = server_buf; port = strchr(server_buf, ':'); } if (port != NULL) { *port = '\0'; port++; } _pam_log (LOG_DEBUG, ""sending server address to getaddrinfo as: %s "", server_name); if ((rv = getaddrinfo(server_name, (port == NULL) ? ""49"" : port, &hints, &servers)) == 0) { for (server = servers; server != NULL && tac_srv_no < TAC_PLUS_MAXSERVERS; server = server->ai_next) { set_tac_srv_addr(tac_srv_no, server); set_tac_srv_key(tac_srv_no, current_secret); tac_srv_no++; } _pam_log(LOG_DEBUG, ""%s: server index %d "", __FUNCTION__, tac_srv_no); freeaddrinfo (servers); } else { _pam_log(LOG_ERR, ""skip invalid server: %s (getaddrinfo: %s)"", server_name, gai_strerror(rv)); } } else { _pam_log(LOG_ERR, ""maximum number of servers (%d) exceeded, skipping"", TAC_PLUS_MAXSERVERS); } } else if (!strncmp(*argv, ""secret="", 7)) { current_secret = *argv + 7; if (tac_srv_no == 0) { _pam_log(LOG_ERR, ""secret set but no servers configured yet""); } else { set_tac_srv_key(tac_srv_no - 1, current_secret); } } else if (!strncmp(*argv, ""timeout="", 8)) { #ifdef HAVE_STRTOL tac_timeout = strtol(*argv + 8, NULL, 10); #else tac_timeout = atoi(*argv + 8); #endif if (tac_timeout == LONG_MAX) { _pam_log(LOG_ERR, ""timeout parameter cannot be parsed as integer: %s"", *argv); tac_timeout = 0; } else { tac_readtimeout_enable = 1; } } else { _pam_log(LOG_WARNING, ""unrecognized option: %s"", *argv); } } if (ctrl & PAM_TAC_DEBUG) { unsigned long n; _pam_log(LOG_DEBUG, ""%d servers defined"", tac_srv_no); for (n = 0; n < tac_srv_no; n++) { _pam_log(LOG_DEBUG, ""server[%lu] { addr=%s, key='%s' }"", n, tac_ntop(tac_srv[n].addr->ai_addr), tac_srv[n].key); } _pam_log(LOG_DEBUG, ""tac_service='%s'"", tac_service); _pam_log(LOG_DEBUG, ""tac_protocol='%s'"", tac_protocol); _pam_log(LOG_DEBUG, ""tac_prompt='%s'"", tac_prompt); _pam_log(LOG_DEBUG, ""tac_login='%s'"", tac_login); } return ctrl; } ",visit repo url,support.c,https://github.com/kravietz/pam_tacplus,78763531994711,1 3864,CWE-787,"diff_mark_adjust_tp( tabpage_T *tp, int idx, linenr_T line1, linenr_T line2, long amount, long amount_after) { diff_T *dp; diff_T *dprev; diff_T *dnext; int i; int inserted, deleted; int n, off; linenr_T last; linenr_T lnum_deleted = line1; int check_unchanged; if (diff_internal()) { tp->tp_diff_invalid = TRUE; tp->tp_diff_update = TRUE; } if (line2 == MAXLNUM) { inserted = amount; deleted = 0; } else if (amount_after > 0) { inserted = amount_after; deleted = 0; } else { inserted = 0; deleted = -amount_after; } dprev = NULL; dp = tp->tp_first_diff; for (;;) { if ((dp == NULL || dp->df_lnum[idx] - 1 > line2 || (line2 == MAXLNUM && dp->df_lnum[idx] > line1)) && (dprev == NULL || dprev->df_lnum[idx] + dprev->df_count[idx] < line1) && !diff_busy) { dnext = diff_alloc_new(tp, dprev, dp); if (dnext == NULL) return; dnext->df_lnum[idx] = line1; dnext->df_count[idx] = inserted; for (i = 0; i < DB_COUNT; ++i) if (tp->tp_diffbuf[i] != NULL && i != idx) { if (dprev == NULL) dnext->df_lnum[i] = line1; else dnext->df_lnum[i] = line1 + (dprev->df_lnum[i] + dprev->df_count[i]) - (dprev->df_lnum[idx] + dprev->df_count[idx]); dnext->df_count[i] = deleted; } } if (dp == NULL) break; last = dp->df_lnum[idx] + dp->df_count[idx] - 1; if (last >= line1 - 1) { if (dp->df_lnum[idx] - (deleted + inserted != 0) > line2) { if (amount_after == 0) break; dp->df_lnum[idx] += amount_after; } else { check_unchanged = FALSE; if (deleted > 0) { off = 0; if (dp->df_lnum[idx] >= line1) { if (last <= line2) { if (dp->df_next != NULL && dp->df_next->df_lnum[idx] - 1 <= line2) { n = dp->df_next->df_lnum[idx] - lnum_deleted; deleted -= n; n -= dp->df_count[idx]; lnum_deleted = dp->df_next->df_lnum[idx]; } else n = deleted - dp->df_count[idx]; dp->df_count[idx] = 0; } else { off = dp->df_lnum[idx] - lnum_deleted; n = off; dp->df_count[idx] -= line2 - dp->df_lnum[idx] + 1; check_unchanged = TRUE; } dp->df_lnum[idx] = line1; } else { if (last < line2) { dp->df_count[idx] -= last - lnum_deleted + 1; if (dp->df_next != NULL && dp->df_next->df_lnum[idx] - 1 <= line2) { n = dp->df_next->df_lnum[idx] - 1 - last; deleted -= dp->df_next->df_lnum[idx] - lnum_deleted; lnum_deleted = dp->df_next->df_lnum[idx]; } else n = line2 - last; check_unchanged = TRUE; } else { n = 0; dp->df_count[idx] -= deleted; } } for (i = 0; i < DB_COUNT; ++i) if (tp->tp_diffbuf[i] != NULL && i != idx) { dp->df_lnum[i] -= off; dp->df_count[i] += n; } } else { if (dp->df_lnum[idx] <= line1) { dp->df_count[idx] += inserted; check_unchanged = TRUE; } else dp->df_lnum[idx] += inserted; } if (check_unchanged) diff_check_unchanged(tp, dp); } } if (dprev != NULL && dprev->df_lnum[idx] + dprev->df_count[idx] == dp->df_lnum[idx]) { for (i = 0; i < DB_COUNT; ++i) if (tp->tp_diffbuf[i] != NULL) dprev->df_count[i] += dp->df_count[i]; dprev->df_next = dp->df_next; vim_free(dp); dp = dprev->df_next; } else { dprev = dp; dp = dp->df_next; } } dprev = NULL; dp = tp->tp_first_diff; while (dp != NULL) { for (i = 0; i < DB_COUNT; ++i) if (tp->tp_diffbuf[i] != NULL && dp->df_count[i] != 0) break; if (i == DB_COUNT) { dnext = dp->df_next; vim_free(dp); dp = dnext; if (dprev == NULL) tp->tp_first_diff = dnext; else dprev->df_next = dnext; } else { dprev = dp; dp = dp->df_next; } } if (tp == curtab) { need_diff_redraw = TRUE; diff_need_scrollbind = TRUE; } }",visit repo url,src/diff.c,https://github.com/vim/vim,204859798937599,1 4012,CWE-617,"connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint) { static int num_seen=0; relay_header_t rh; unsigned domain = layer_hint?LD_APP:LD_EXIT; int reason; int optimistic_data = 0; tor_assert(cell); tor_assert(circ); relay_header_unpack(&rh, cell->payload); num_seen++; log_debug(domain, ""Now seen %d relay cells here (command %d, stream %d)."", num_seen, rh.command, rh.stream_id); if (rh.length > RELAY_PAYLOAD_SIZE) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""Relay cell length field too long. Closing circuit.""); return - END_CIRC_REASON_TORPROTOCOL; } if (rh.stream_id == 0) { switch (rh.command) { case RELAY_COMMAND_BEGIN: case RELAY_COMMAND_CONNECTED: case RELAY_COMMAND_DATA: case RELAY_COMMAND_END: case RELAY_COMMAND_RESOLVE: case RELAY_COMMAND_RESOLVED: case RELAY_COMMAND_BEGIN_DIR: log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""Relay command %d with zero "" ""stream_id. Dropping."", (int)rh.command); return 0; default: ; } } if (conn && !connection_state_is_open(TO_CONN(conn))) { if (conn->base_.type == CONN_TYPE_EXIT && (conn->base_.state == EXIT_CONN_STATE_CONNECTING || conn->base_.state == EXIT_CONN_STATE_RESOLVING) && rh.command == RELAY_COMMAND_DATA) { optimistic_data = 1; } else { return connection_edge_process_relay_cell_not_open( &rh, cell, circ, conn, layer_hint); } } switch (rh.command) { case RELAY_COMMAND_DROP: return 0; case RELAY_COMMAND_BEGIN: case RELAY_COMMAND_BEGIN_DIR: if (layer_hint && circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { log_fn(LOG_PROTOCOL_WARN, LD_APP, ""Relay begin request unsupported at AP. Dropping.""); return 0; } if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED && layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) { log_fn(LOG_PROTOCOL_WARN, LD_APP, ""Relay begin request to Hidden Service "" ""from intermediary node. Dropping.""); return 0; } if (conn) { log_fn(LOG_PROTOCOL_WARN, domain, ""Begin cell for known stream. Dropping.""); return 0; } if (rh.command == RELAY_COMMAND_BEGIN_DIR) { static uint64_t next_id = 0; circ->dirreq_id = ++next_id; TO_OR_CIRCUIT(circ)->p_chan->dirreq_id = circ->dirreq_id; } return connection_exit_begin_conn(cell, circ); case RELAY_COMMAND_DATA: ++stats_n_data_cells_received; if (( layer_hint && --layer_hint->deliver_window < 0) || (!layer_hint && --circ->deliver_window < 0)) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""(relay data) circ deliver_window below 0. Killing.""); if (conn) { connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_for_close(TO_CONN(conn)); } return -END_CIRC_REASON_TORPROTOCOL; } log_debug(domain,""circ deliver_window now %d."", layer_hint ? layer_hint->deliver_window : circ->deliver_window); circuit_consider_sending_sendme(circ, layer_hint); if (!conn) { log_info(domain,""data cell dropped, unknown stream (streamid %d)."", rh.stream_id); return 0; } if (--conn->deliver_window < 0) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""(relay data) conn deliver_window below 0. Killing.""); return -END_CIRC_REASON_TORPROTOCOL; } stats_n_data_bytes_received += rh.length; connection_write_to_buf((char*)(cell->payload + RELAY_HEADER_SIZE), rh.length, TO_CONN(conn)); if (!optimistic_data) { connection_edge_consider_sending_sendme(conn); } return 0; case RELAY_COMMAND_END: reason = rh.length > 0 ? get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC; if (!conn) { log_info(domain,""end cell (%s) dropped, unknown stream."", stream_end_reason_to_string(reason)); return 0; } log_info(domain,TOR_SOCKET_T_FORMAT"": end cell (%s) for stream %d. "" ""Removing stream."", conn->base_.s, stream_end_reason_to_string(reason), conn->stream_id); if (conn->base_.type == CONN_TYPE_AP) { entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn); if (entry_conn->socks_request && !entry_conn->socks_request->has_finished) log_warn(LD_BUG, ""open stream hasn't sent socks answer yet? Closing.""); } conn->edge_has_sent_end = 1; if (!conn->end_reason) conn->end_reason = reason | END_STREAM_REASON_FLAG_REMOTE; if (!conn->base_.marked_for_close) { connection_mark_and_flush(TO_CONN(conn)); } return 0; case RELAY_COMMAND_EXTEND: case RELAY_COMMAND_EXTEND2: { static uint64_t total_n_extend=0, total_nonearly=0; total_n_extend++; if (rh.stream_id) { log_fn(LOG_PROTOCOL_WARN, domain, ""'extend' cell received for non-zero stream. Dropping.""); return 0; } if (cell->command != CELL_RELAY_EARLY && !networkstatus_get_param(NULL,""AllowNonearlyExtend"",0,0,1)) { #define EARLY_WARNING_INTERVAL 3600 static ratelim_t early_warning_limit = RATELIM_INIT(EARLY_WARNING_INTERVAL); char *m; if (cell->command == CELL_RELAY) { ++total_nonearly; if ((m = rate_limit_log(&early_warning_limit, approx_time()))) { double percentage = ((double)total_nonearly)/total_n_extend; percentage *= 100; log_fn(LOG_PROTOCOL_WARN, domain, ""EXTEND cell received, "" ""but not via RELAY_EARLY. Dropping.%s"", m); log_fn(LOG_PROTOCOL_WARN, domain, "" (We have dropped %.02f%% of "" ""all EXTEND cells for this reason)"", percentage); tor_free(m); } } else { log_fn(LOG_WARN, domain, ""EXTEND cell received, in a cell with type %d! Dropping."", cell->command); } return 0; } return circuit_extend(cell, circ); } case RELAY_COMMAND_EXTENDED: case RELAY_COMMAND_EXTENDED2: if (!layer_hint) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""'extended' unsupported at non-origin. Dropping.""); return 0; } log_debug(domain,""Got an extended cell! Yay.""); { extended_cell_t extended_cell; if (extended_cell_parse(&extended_cell, rh.command, (const uint8_t*)cell->payload+RELAY_HEADER_SIZE, rh.length)<0) { log_warn(LD_PROTOCOL, ""Can't parse EXTENDED cell; killing circuit.""); return -END_CIRC_REASON_TORPROTOCOL; } if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ), &extended_cell.created_cell)) < 0) { log_warn(domain,""circuit_finish_handshake failed.""); return reason; } } if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) { log_info(domain,""circuit_send_next_onion_skin() failed.""); return reason; } return 0; case RELAY_COMMAND_TRUNCATE: if (layer_hint) { log_fn(LOG_PROTOCOL_WARN, LD_APP, ""'truncate' unsupported at origin. Dropping.""); return 0; } if (circ->n_hop) { if (circ->n_chan) log_warn(LD_BUG, ""n_chan and n_hop set on the same circuit!""); extend_info_free(circ->n_hop); circ->n_hop = NULL; tor_free(circ->n_chan_create_cell); circuit_set_state(circ, CIRCUIT_STATE_OPEN); } if (circ->n_chan) { uint8_t trunc_reason = get_uint8(cell->payload + RELAY_HEADER_SIZE); circuit_clear_cell_queue(circ, circ->n_chan); channel_send_destroy(circ->n_circ_id, circ->n_chan, trunc_reason); circuit_set_n_circid_chan(circ, 0, NULL); } log_debug(LD_EXIT, ""Processed 'truncate', replying.""); { char payload[1]; payload[0] = (char)END_CIRC_REASON_REQUESTED; relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED, payload, sizeof(payload), NULL); } return 0; case RELAY_COMMAND_TRUNCATED: if (!layer_hint) { log_fn(LOG_PROTOCOL_WARN, LD_EXIT, ""'truncated' unsupported at non-origin. Dropping.""); return 0; } circuit_truncated(TO_ORIGIN_CIRCUIT(circ), layer_hint, get_uint8(cell->payload + RELAY_HEADER_SIZE)); return 0; case RELAY_COMMAND_CONNECTED: if (conn) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""'connected' unsupported while open. Closing circ.""); return -END_CIRC_REASON_TORPROTOCOL; } log_info(domain, ""'connected' received, no conn attached anymore. Ignoring.""); return 0; case RELAY_COMMAND_SENDME: if (!rh.stream_id) { if (layer_hint) { if (layer_hint->package_window + CIRCWINDOW_INCREMENT > CIRCWINDOW_START_MAX) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""Unexpected sendme cell from exit relay. "" ""Closing circ.""); return -END_CIRC_REASON_TORPROTOCOL; } layer_hint->package_window += CIRCWINDOW_INCREMENT; log_debug(LD_APP,""circ-level sendme at origin, packagewindow %d."", layer_hint->package_window); circuit_resume_edge_reading(circ, layer_hint); } else { if (circ->package_window + CIRCWINDOW_INCREMENT > CIRCWINDOW_START_MAX) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""Unexpected sendme cell from client. "" ""Closing circ (window %d)."", circ->package_window); return -END_CIRC_REASON_TORPROTOCOL; } circ->package_window += CIRCWINDOW_INCREMENT; log_debug(LD_APP, ""circ-level sendme at non-origin, packagewindow %d."", circ->package_window); circuit_resume_edge_reading(circ, layer_hint); } return 0; } if (!conn) { log_info(domain,""sendme cell dropped, unknown stream (streamid %d)."", rh.stream_id); return 0; } conn->package_window += STREAMWINDOW_INCREMENT; log_debug(domain,""stream-level sendme, packagewindow now %d."", conn->package_window); if (circuit_queue_streams_are_blocked(circ)) { return 0; } connection_start_reading(TO_CONN(conn)); if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) { connection_mark_for_close(TO_CONN(conn)); return 0; } return 0; case RELAY_COMMAND_RESOLVE: if (layer_hint) { log_fn(LOG_PROTOCOL_WARN, LD_APP, ""resolve request unsupported at AP; dropping.""); return 0; } else if (conn) { log_fn(LOG_PROTOCOL_WARN, domain, ""resolve request for known stream; dropping.""); return 0; } else if (circ->purpose != CIRCUIT_PURPOSE_OR) { log_fn(LOG_PROTOCOL_WARN, domain, ""resolve request on circ with purpose %d; dropping"", circ->purpose); return 0; } connection_exit_begin_resolve(cell, TO_OR_CIRCUIT(circ)); return 0; case RELAY_COMMAND_RESOLVED: if (conn) { log_fn(LOG_PROTOCOL_WARN, domain, ""'resolved' unsupported while open. Closing circ.""); return -END_CIRC_REASON_TORPROTOCOL; } log_info(domain, ""'resolved' received, no conn attached anymore. Ignoring.""); return 0; case RELAY_COMMAND_ESTABLISH_INTRO: case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: case RELAY_COMMAND_INTRODUCE1: case RELAY_COMMAND_INTRODUCE2: case RELAY_COMMAND_INTRODUCE_ACK: case RELAY_COMMAND_RENDEZVOUS1: case RELAY_COMMAND_RENDEZVOUS2: case RELAY_COMMAND_INTRO_ESTABLISHED: case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED: rend_process_relay_cell(circ, layer_hint, rh.command, rh.length, cell->payload+RELAY_HEADER_SIZE); return 0; } log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, ""Received unknown relay command %d. Perhaps the other side is using "" ""a newer version of Tor? Dropping."", rh.command); return 0; }",visit repo url,src/or/relay.c,https://github.com/torproject/tor,257433495072678,1 2063,['CWE-269'],"void set_fs_pwd(struct fs_struct *fs, struct vfsmount *mnt, struct dentry *dentry) { struct dentry *old_pwd; struct vfsmount *old_pwdmnt; write_lock(&fs->lock); old_pwd = fs->pwd; old_pwdmnt = fs->pwdmnt; fs->pwdmnt = mntget(mnt); fs->pwd = dget(dentry); write_unlock(&fs->lock); if (old_pwd) { dput(old_pwd); mntput(old_pwdmnt); } }",linux-2.6,,,271701959915529261727229346750570791812,0 1203,['CWE-189'],"static void run_hrtimer_softirq(struct softirq_action *h) { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); spin_lock_irq(&cpu_base->lock); while (!list_empty(&cpu_base->cb_pending)) { enum hrtimer_restart (*fn)(struct hrtimer *); struct hrtimer *timer; int restart; timer = list_entry(cpu_base->cb_pending.next, struct hrtimer, cb_entry); timer_stats_account_hrtimer(timer); fn = timer->function; __remove_hrtimer(timer, timer->base, HRTIMER_STATE_CALLBACK, 0); spin_unlock_irq(&cpu_base->lock); restart = fn(timer); spin_lock_irq(&cpu_base->lock); timer->state &= ~HRTIMER_STATE_CALLBACK; if (restart == HRTIMER_RESTART) { BUG_ON(hrtimer_active(timer)); enqueue_hrtimer(timer, timer->base, 1); } else if (hrtimer_active(timer)) { if (timer->base->first == &timer->node) hrtimer_reprogram(timer, timer->base); } } spin_unlock_irq(&cpu_base->lock); }",linux-2.6,,,138057623280507088432219375111079566447,0 436,CWE-119,"void uwbd_start(struct uwb_rc *rc) { rc->uwbd.task = kthread_run(uwbd, rc, ""uwbd""); if (rc->uwbd.task == NULL) printk(KERN_ERR ""UWB: Cannot start management daemon; "" ""UWB won't work\n""); else rc->uwbd.pid = rc->uwbd.task->pid; }",visit repo url,drivers/uwb/uwbd.c,https://github.com/torvalds/linux,91612880649818,1 1997,['CWE-20'],"static int migrate_page_move_mapping(struct address_space *mapping, struct page *newpage, struct page *page) { void **pslot; if (!mapping) { if (page_count(page) != 1) return -EAGAIN; return 0; } write_lock_irq(&mapping->tree_lock); pslot = radix_tree_lookup_slot(&mapping->page_tree, page_index(page)); if (page_count(page) != 2 + !!PagePrivate(page) || (struct page *)radix_tree_deref_slot(pslot) != page) { write_unlock_irq(&mapping->tree_lock); return -EAGAIN; } get_page(newpage); #ifdef CONFIG_SWAP if (PageSwapCache(page)) { SetPageSwapCache(newpage); set_page_private(newpage, page_private(page)); } #endif radix_tree_replace_slot(pslot, newpage); __put_page(page); __dec_zone_page_state(page, NR_FILE_PAGES); __inc_zone_page_state(newpage, NR_FILE_PAGES); write_unlock_irq(&mapping->tree_lock); return 0; }",linux-2.6,,,272232158078763953287210261588056709741,0 54,['CWE-787'],"static inline void invalidate_cursor1(CirrusVGAState *s) { if (s->last_hw_cursor_size) { vga_invalidate_scanlines((VGAState *)s, s->last_hw_cursor_y + s->last_hw_cursor_y_start, s->last_hw_cursor_y + s->last_hw_cursor_y_end); } }",qemu,,,65595313429928489956058731213652164801,0 6112,['CWE-200'],"static void inet6_prefix_notify(int event, struct inet6_dev *idev, struct prefix_info *pinfo) { struct sk_buff *skb; int size = NLMSG_SPACE(sizeof(struct prefixmsg)+128); skb = alloc_skb(size, GFP_ATOMIC); if (!skb) { netlink_set_err(rtnl, 0, RTMGRP_IPV6_PREFIX, ENOBUFS); return; } if (inet6_fill_prefix(skb, idev, pinfo, current->pid, 0, event, 0) < 0) { kfree_skb(skb); netlink_set_err(rtnl, 0, RTMGRP_IPV6_PREFIX, EINVAL); return; } NETLINK_CB(skb).dst_groups = RTMGRP_IPV6_PREFIX; netlink_broadcast(rtnl, skb, 0, RTMGRP_IPV6_PREFIX, GFP_ATOMIC); }",linux-2.6,,,328218471966378333182105916268986922340,0 1905,CWE-416,"struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev) { struct nfc_llcp_local *local; list_for_each_entry(local, &llcp_devices, list) if (local->dev == dev) return local; pr_debug(""No device found\n""); return NULL; }",visit repo url,net/nfc/llcp_core.c,https://github.com/torvalds/linux,132638378013654,1 6349,['CWE-200'],"tc_dump_action(struct sk_buff *skb, struct netlink_callback *cb) { struct nlmsghdr *nlh; unsigned char *b = skb->tail; struct rtattr *x; struct tc_action_ops *a_o; struct tc_action a; int ret = 0; struct tcamsg *t = (struct tcamsg *) NLMSG_DATA(cb->nlh); char *kind = find_dump_kind(cb->nlh); if (kind == NULL) { printk(""tc_dump_action: action bad kind\n""); return 0; } a_o = tc_lookup_action_n(kind); if (a_o == NULL) { printk(""failed to find %s\n"", kind); return 0; } memset(&a, 0, sizeof(struct tc_action)); a.ops = a_o; if (a_o->walk == NULL) { printk(""tc_dump_action: %s !capable of dumping table\n"", kind); goto rtattr_failure; } nlh = NLMSG_PUT(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, cb->nlh->nlmsg_type, sizeof(*t)); t = NLMSG_DATA(nlh); t->tca_family = AF_UNSPEC; t->tca__pad1 = 0; t->tca__pad2 = 0; x = (struct rtattr *) skb->tail; RTA_PUT(skb, TCA_ACT_TAB, 0, NULL); ret = a_o->walk(skb, cb, RTM_GETACTION, &a); if (ret < 0) goto rtattr_failure; if (ret > 0) { x->rta_len = skb->tail - (u8 *) x; ret = skb->len; } else skb_trim(skb, (u8*)x - skb->data); nlh->nlmsg_len = skb->tail - b; if (NETLINK_CB(cb->skb).pid && ret) nlh->nlmsg_flags |= NLM_F_MULTI; module_put(a_o->owner); return skb->len; rtattr_failure: nlmsg_failure: module_put(a_o->owner); skb_trim(skb, b - skb->data); return skb->len; }",linux-2.6,,,283641132050627748876737986752114218675,0 1397,CWE-310,"static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_aead raead; struct aead_alg *aead = &alg->cra_aead; snprintf(raead.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""aead""); snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, ""%s"", aead->geniv ?: """"); raead.blocksize = alg->cra_blocksize; raead.maxauthsize = aead->maxauthsize; raead.ivsize = aead->ivsize; if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(struct crypto_report_aead), &raead)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/aead.c,https://github.com/torvalds/linux,15737403031920,1 4678,['CWE-399'],"struct buffer_head *ext4_bread(handle_t *handle, struct inode *inode, ext4_lblk_t block, int create, int *err) { struct buffer_head *bh; bh = ext4_getblk(handle, inode, block, create, err); if (!bh) return bh; if (buffer_uptodate(bh)) return bh; ll_rw_block(READ_META, 1, &bh); wait_on_buffer(bh); if (buffer_uptodate(bh)) return bh; put_bh(bh); *err = -EIO; return NULL; }",linux-2.6,,,112993416383971985039216032282561442404,0 1034,CWE-400,"static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); unsigned long debugctlmsr; if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) vmx->entry_time = ktime_get(); if (vmx->emulation_required) return; if (vmx->ple_window_dirty) { vmx->ple_window_dirty = false; vmcs_write32(PLE_WINDOW, vmx->ple_window); } if (vmx->nested.sync_shadow_vmcs) { copy_vmcs12_to_shadow(vmx); vmx->nested.sync_shadow_vmcs = false; } if (test_bit(VCPU_REGS_RSP, (unsigned long *)&vcpu->arch.regs_dirty)) vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]); if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) vmx_set_interrupt_shadow(vcpu, 0); atomic_switch_perf_msrs(vmx); debugctlmsr = get_debugctlmsr(); vmx->__launched = vmx->loaded_vmcs->launched; asm( ""push %%"" _ASM_DX ""; push %%"" _ASM_BP "";"" ""push %%"" _ASM_CX "" \n\t"" ""push %%"" _ASM_CX "" \n\t"" ""cmp %%"" _ASM_SP "", %c[host_rsp](%0) \n\t"" ""je 1f \n\t"" ""mov %%"" _ASM_SP "", %c[host_rsp](%0) \n\t"" __ex(ASM_VMX_VMWRITE_RSP_RDX) ""\n\t"" ""1: \n\t"" ""mov %c[cr2](%0), %%"" _ASM_AX "" \n\t"" ""mov %%cr2, %%"" _ASM_DX "" \n\t"" ""cmp %%"" _ASM_AX "", %%"" _ASM_DX "" \n\t"" ""je 2f \n\t"" ""mov %%"" _ASM_AX"", %%cr2 \n\t"" ""2: \n\t"" ""cmpl $0, %c[launched](%0) \n\t"" ""mov %c[rax](%0), %%"" _ASM_AX "" \n\t"" ""mov %c[rbx](%0), %%"" _ASM_BX "" \n\t"" ""mov %c[rdx](%0), %%"" _ASM_DX "" \n\t"" ""mov %c[rsi](%0), %%"" _ASM_SI "" \n\t"" ""mov %c[rdi](%0), %%"" _ASM_DI "" \n\t"" ""mov %c[rbp](%0), %%"" _ASM_BP "" \n\t"" #ifdef CONFIG_X86_64 ""mov %c[r8](%0), %%r8 \n\t"" ""mov %c[r9](%0), %%r9 \n\t"" ""mov %c[r10](%0), %%r10 \n\t"" ""mov %c[r11](%0), %%r11 \n\t"" ""mov %c[r12](%0), %%r12 \n\t"" ""mov %c[r13](%0), %%r13 \n\t"" ""mov %c[r14](%0), %%r14 \n\t"" ""mov %c[r15](%0), %%r15 \n\t"" #endif ""mov %c[rcx](%0), %%"" _ASM_CX "" \n\t"" ""jne 1f \n\t"" __ex(ASM_VMX_VMLAUNCH) ""\n\t"" ""jmp 2f \n\t"" ""1: "" __ex(ASM_VMX_VMRESUME) ""\n\t"" ""2: "" ""mov %0, %c[wordsize](%%"" _ASM_SP "") \n\t"" ""pop %0 \n\t"" ""mov %%"" _ASM_AX "", %c[rax](%0) \n\t"" ""mov %%"" _ASM_BX "", %c[rbx](%0) \n\t"" __ASM_SIZE(pop) "" %c[rcx](%0) \n\t"" ""mov %%"" _ASM_DX "", %c[rdx](%0) \n\t"" ""mov %%"" _ASM_SI "", %c[rsi](%0) \n\t"" ""mov %%"" _ASM_DI "", %c[rdi](%0) \n\t"" ""mov %%"" _ASM_BP "", %c[rbp](%0) \n\t"" #ifdef CONFIG_X86_64 ""mov %%r8, %c[r8](%0) \n\t"" ""mov %%r9, %c[r9](%0) \n\t"" ""mov %%r10, %c[r10](%0) \n\t"" ""mov %%r11, %c[r11](%0) \n\t"" ""mov %%r12, %c[r12](%0) \n\t"" ""mov %%r13, %c[r13](%0) \n\t"" ""mov %%r14, %c[r14](%0) \n\t"" ""mov %%r15, %c[r15](%0) \n\t"" #endif ""mov %%cr2, %%"" _ASM_AX "" \n\t"" ""mov %%"" _ASM_AX "", %c[cr2](%0) \n\t"" ""pop %%"" _ASM_BP ""; pop %%"" _ASM_DX "" \n\t"" ""setbe %c[fail](%0) \n\t"" "".pushsection .rodata \n\t"" "".global vmx_return \n\t"" ""vmx_return: "" _ASM_PTR "" 2b \n\t"" "".popsection"" : : ""c""(vmx), ""d""((unsigned long)HOST_RSP), [launched]""i""(offsetof(struct vcpu_vmx, __launched)), [fail]""i""(offsetof(struct vcpu_vmx, fail)), [host_rsp]""i""(offsetof(struct vcpu_vmx, host_rsp)), [rax]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RAX])), [rbx]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RBX])), [rcx]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RCX])), [rdx]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RDX])), [rsi]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RSI])), [rdi]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RDI])), [rbp]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RBP])), #ifdef CONFIG_X86_64 [r8]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R8])), [r9]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R9])), [r10]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R10])), [r11]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R11])), [r12]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R12])), [r13]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R13])), [r14]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R14])), [r15]""i""(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R15])), #endif [cr2]""i""(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]""i""(sizeof(ulong)) : ""cc"", ""memory"" #ifdef CONFIG_X86_64 , ""rax"", ""rbx"", ""rdi"", ""rsi"" , ""r8"", ""r9"", ""r10"", ""r11"", ""r12"", ""r13"", ""r14"", ""r15"" #else , ""eax"", ""ebx"", ""edi"", ""esi"" #endif ); if (debugctlmsr) update_debugctlmsr(debugctlmsr); #ifndef CONFIG_X86_64 loadsegment(ds, __USER_DS); loadsegment(es, __USER_DS); #endif vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) | (1 << VCPU_EXREG_RFLAGS) | (1 << VCPU_EXREG_PDPTR) | (1 << VCPU_EXREG_SEGMENTS) | (1 << VCPU_EXREG_CR3)); vcpu->arch.regs_dirty = 0; vmx->idt_vectoring_info = vmcs_read32(IDT_VECTORING_INFO_FIELD); vmx->loaded_vmcs->launched = 1; vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); trace_kvm_exit(vmx->exit_reason, vcpu, KVM_ISA_VMX); if (vmx->nested.nested_run_pending) kvm_make_request(KVM_REQ_EVENT, vcpu); vmx->nested.nested_run_pending = 0; vmx_complete_atomic_exit(vmx); vmx_recover_nmi_blocking(vmx); vmx_complete_interrupts(vmx); }",visit repo url,arch/x86/kvm/vmx.c,https://github.com/torvalds/linux,163585940984227,1 5354,['CWE-476'],"int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu, struct kvm_mp_state *mp_state) { vcpu_load(vcpu); mp_state->mp_state = vcpu->arch.mp_state; vcpu_put(vcpu); return 0; }",linux-2.6,,,321385861468337998107576190194525798043,0 2582,CWE-119,"int cli_scanpe(cli_ctx *ctx) { uint16_t e_magic; uint16_t nsections; uint32_t e_lfanew; uint32_t ep, vep; uint8_t polipos = 0; time_t timestamp; struct pe_image_file_hdr file_hdr; union { struct pe_image_optional_hdr64 opt64; struct pe_image_optional_hdr32 opt32; } pe_opt; struct pe_image_section_hdr *section_hdr; char sname[9], epbuff[4096], *tempfile; uint32_t epsize; ssize_t bytes, at; unsigned int i, found, upx_success = 0, min = 0, max = 0, err, overlays = 0; unsigned int ssize = 0, dsize = 0, dll = 0, pe_plus = 0, corrupted_cur; int (*upxfn)(const char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t) = NULL; const char *src = NULL; char *dest = NULL; int ndesc, ret = CL_CLEAN, upack = 0, native=0; size_t fsize; uint32_t valign, falign, hdr_size, j; struct cli_exe_section *exe_sections; char timestr[32]; struct pe_image_data_dir *dirs; struct cli_bc_ctx *bc_ctx; fmap_t *map; struct cli_pe_hook_data pedata; #ifdef HAVE__INTERNAL__SHA_COLLECT int sha_collect = ctx->sha_collect; #endif const char *archtype=NULL, *subsystem=NULL; uint32_t viruses_found = 0; #if HAVE_JSON int toval = 0; struct json_object *pe_json=NULL; char jsonbuf[128]; #endif if(!ctx) { cli_errmsg(""cli_scanpe: ctx == NULL\n""); return CL_ENULLARG; } #if HAVE_JSON if (cli_json_timeout_cycle_check(ctx, &toval) != CL_SUCCESS) { return CL_ETIMEOUT; } if (ctx->options & CL_SCAN_FILE_PROPERTIES) { pe_json = get_pe_property(ctx); } #endif map = *ctx->fmap; if(fmap_readn(map, &e_magic, 0, sizeof(e_magic)) != sizeof(e_magic)) { cli_dbgmsg(""Can't read DOS signature\n""); return CL_CLEAN; } if(EC16(e_magic) != PE_IMAGE_DOS_SIGNATURE && EC16(e_magic) != PE_IMAGE_DOS_SIGNATURE_OLD) { cli_dbgmsg(""Invalid DOS signature\n""); return CL_CLEAN; } if(fmap_readn(map, &e_lfanew, 58 + sizeof(e_magic), sizeof(e_lfanew)) != sizeof(e_lfanew)) { cli_dbgmsg(""Can't read new header address\n""); if(DETECT_BROKEN_PE) { cli_append_virus(ctx,""Heuristics.Broken.Executable""); return CL_VIRUS; } return CL_CLEAN; } e_lfanew = EC32(e_lfanew); cli_dbgmsg(""e_lfanew == %d\n"", e_lfanew); if(!e_lfanew) { cli_dbgmsg(""Not a PE file\n""); return CL_CLEAN; } if(fmap_readn(map, &file_hdr, e_lfanew, sizeof(struct pe_image_file_hdr)) != sizeof(struct pe_image_file_hdr)) { cli_dbgmsg(""Can't read file header\n""); return CL_CLEAN; } if(EC32(file_hdr.Magic) != PE_IMAGE_NT_SIGNATURE) { cli_dbgmsg(""Invalid PE signature (probably NE file)\n""); return CL_CLEAN; } if(EC16(file_hdr.Characteristics) & 0x2000) { #if HAVE_JSON if ((pe_json)) cli_jsonstr(pe_json, ""Type"", ""DLL""); #endif cli_dbgmsg(""File type: DLL\n""); dll = 1; } else if(EC16(file_hdr.Characteristics) & 0x01) { #if HAVE_JSON if ((pe_json)) cli_jsonstr(pe_json, ""Type"", ""EXE""); #endif cli_dbgmsg(""File type: Executable\n""); } switch(EC16(file_hdr.Machine)) { case 0x0: archtype = ""Unknown""; break; case 0x14c: archtype = ""80386""; break; case 0x14d: archtype = ""80486""; break; case 0x14e: archtype = ""80586""; break; case 0x160: archtype = ""R30000 (big-endian)""; break; case 0x162: archtype = ""R3000""; break; case 0x166: archtype = ""R4000""; break; case 0x168: archtype = ""R10000""; break; case 0x184: archtype = ""DEC Alpha AXP""; break; case 0x284: archtype = ""DEC Alpha AXP 64bit""; break; case 0x1f0: archtype = ""PowerPC""; break; case 0x200: archtype = ""IA64""; break; case 0x268: archtype = ""M68k""; break; case 0x266: archtype = ""MIPS16""; break; case 0x366: archtype = ""MIPS+FPU""; break; case 0x466: archtype = ""MIPS16+FPU""; break; case 0x1a2: archtype = ""Hitachi SH3""; break; case 0x1a3: archtype = ""Hitachi SH3-DSP""; break; case 0x1a4: archtype = ""Hitachi SH3-E""; break; case 0x1a6: archtype = ""Hitachi SH4""; break; case 0x1a8: archtype = ""Hitachi SH5""; break; case 0x1c0: archtype = ""ARM""; break; case 0x1c2: archtype = ""THUMB""; break; case 0x1d3: archtype = ""AM33""; break; case 0x520: archtype = ""Infineon TriCore""; break; case 0xcef: archtype = ""CEF""; break; case 0xebc: archtype = ""EFI Byte Code""; break; case 0x9041: archtype = ""M32R""; break; case 0xc0ee: archtype = ""CEEE""; break; case 0x8664: archtype = ""AMD64""; break; default: archtype = ""Unknown""; } if ((archtype)) { cli_dbgmsg(""Machine type: %s\n"", archtype); #if HAVE_JSON cli_jsonstr(pe_json, ""ArchType"", archtype); #endif } nsections = EC16(file_hdr.NumberOfSections); if(nsections < 1 || nsections > 96) { #if HAVE_JSON pe_add_heuristic_property(ctx, ""BadNumberOfSections""); #endif if(DETECT_BROKEN_PE) { cli_append_virus(ctx,""Heuristics.Broken.Executable""); return CL_VIRUS; } if(!ctx->corrupted_input) { if(nsections) cli_warnmsg(""PE file contains %d sections\n"", nsections); else cli_warnmsg(""PE file contains no sections\n""); } return CL_CLEAN; } cli_dbgmsg(""NumberOfSections: %d\n"", nsections); timestamp = (time_t) EC32(file_hdr.TimeDateStamp); cli_dbgmsg(""TimeDateStamp: %s"", cli_ctime(×tamp, timestr, sizeof(timestr))); #if HAVE_JSON cli_jsonstr(pe_json, ""TimeDateStamp"", cli_ctime(×tamp, timestr, sizeof(timestr))); #endif cli_dbgmsg(""SizeOfOptionalHeader: %x\n"", EC16(file_hdr.SizeOfOptionalHeader)); #if HAVE_JSON cli_jsonint(pe_json, ""SizeOfOptionalHeader"", EC16(file_hdr.SizeOfOptionalHeader)); #endif if (EC16(file_hdr.SizeOfOptionalHeader) < sizeof(struct pe_image_optional_hdr32)) { #if HAVE_JSON pe_add_heuristic_property(ctx, ""BadOptionalHeaderSize""); #endif cli_dbgmsg(""SizeOfOptionalHeader too small\n""); if(DETECT_BROKEN_PE) { cli_append_virus(ctx,""Heuristics.Broken.Executable""); return CL_VIRUS; } return CL_CLEAN; } at = e_lfanew + sizeof(struct pe_image_file_hdr); if(fmap_readn(map, &optional_hdr32, at, sizeof(struct pe_image_optional_hdr32)) != sizeof(struct pe_image_optional_hdr32)) { cli_dbgmsg(""Can't read optional file header\n""); if(DETECT_BROKEN_PE) { cli_append_virus(ctx,""Heuristics.Broken.Executable""); return CL_VIRUS; } return CL_CLEAN; } at += sizeof(struct pe_image_optional_hdr32); if(EC16(optional_hdr64.Magic)==PE32P_SIGNATURE) { #if HAVE_JSON pe_add_heuristic_property(ctx, ""BadOptionalHeaderSizePE32Plus""); #endif if(EC16(file_hdr.SizeOfOptionalHeader)!=sizeof(struct pe_image_optional_hdr64)) { cli_dbgmsg(""Incorrect SizeOfOptionalHeader for PE32+\n""); if(DETECT_BROKEN_PE) { cli_append_virus(ctx,""Heuristics.Broken.Executable""); return CL_VIRUS; } return CL_CLEAN; } pe_plus = 1; } if(!pe_plus) { if (EC16(file_hdr.SizeOfOptionalHeader)!=sizeof(struct pe_image_optional_hdr32)) { at += EC16(file_hdr.SizeOfOptionalHeader)-sizeof(struct pe_image_optional_hdr32); } if(DCONF & PE_CONF_UPACK) upack = (EC16(file_hdr.SizeOfOptionalHeader)==0x148); vep = EC32(optional_hdr32.AddressOfEntryPoint); hdr_size = EC32(optional_hdr32.SizeOfHeaders); cli_dbgmsg(""File format: PE\n""); cli_dbgmsg(""MajorLinkerVersion: %d\n"", optional_hdr32.MajorLinkerVersion); cli_dbgmsg(""MinorLinkerVersion: %d\n"", optional_hdr32.MinorLinkerVersion); cli_dbgmsg(""SizeOfCode: 0x%x\n"", EC32(optional_hdr32.SizeOfCode)); cli_dbgmsg(""SizeOfInitializedData: 0x%x\n"", EC32(optional_hdr32.SizeOfInitializedData)); cli_dbgmsg(""SizeOfUninitializedData: 0x%x\n"", EC32(optional_hdr32.SizeOfUninitializedData)); cli_dbgmsg(""AddressOfEntryPoint: 0x%x\n"", vep); cli_dbgmsg(""BaseOfCode: 0x%x\n"", EC32(optional_hdr32.BaseOfCode)); cli_dbgmsg(""SectionAlignment: 0x%x\n"", EC32(optional_hdr32.SectionAlignment)); cli_dbgmsg(""FileAlignment: 0x%x\n"", EC32(optional_hdr32.FileAlignment)); cli_dbgmsg(""MajorSubsystemVersion: %d\n"", EC16(optional_hdr32.MajorSubsystemVersion)); cli_dbgmsg(""MinorSubsystemVersion: %d\n"", EC16(optional_hdr32.MinorSubsystemVersion)); cli_dbgmsg(""SizeOfImage: 0x%x\n"", EC32(optional_hdr32.SizeOfImage)); cli_dbgmsg(""SizeOfHeaders: 0x%x\n"", hdr_size); cli_dbgmsg(""NumberOfRvaAndSizes: %d\n"", EC32(optional_hdr32.NumberOfRvaAndSizes)); dirs = optional_hdr32.DataDirectory; #if HAVE_JSON cli_jsonint(pe_json, ""MajorLinkerVersion"", optional_hdr32.MajorLinkerVersion); cli_jsonint(pe_json, ""MinorLinkerVersion"", optional_hdr32.MinorLinkerVersion); cli_jsonint(pe_json, ""SizeOfCode"", EC32(optional_hdr32.SizeOfCode)); cli_jsonint(pe_json, ""SizeOfInitializedData"", EC32(optional_hdr32.SizeOfInitializedData)); cli_jsonint(pe_json, ""SizeOfUninitializedData"", EC32(optional_hdr32.SizeOfUninitializedData)); cli_jsonint(pe_json, ""NumberOfRvaAndSizes"", EC32(optional_hdr32.NumberOfRvaAndSizes)); cli_jsonint(pe_json, ""MajorSubsystemVersion"", EC16(optional_hdr32.MajorSubsystemVersion)); cli_jsonint(pe_json, ""MinorSubsystemVersion"", EC16(optional_hdr32.MinorSubsystemVersion)); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", EC32(optional_hdr32.BaseOfCode)); cli_jsonstr(pe_json, ""BaseOfCode"", jsonbuf); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", EC32(optional_hdr32.SectionAlignment)); cli_jsonstr(pe_json, ""SectionAlignment"", jsonbuf); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", EC32(optional_hdr32.FileAlignment)); cli_jsonstr(pe_json, ""FileAlignment"", jsonbuf); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", EC32(optional_hdr32.SizeOfImage)); cli_jsonstr(pe_json, ""SizeOfImage"", jsonbuf); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", hdr_size); cli_jsonstr(pe_json, ""SizeOfHeaders"", jsonbuf); #endif } else { if(fmap_readn(map, &optional_hdr32 + 1, at, sizeof(struct pe_image_optional_hdr64) - sizeof(struct pe_image_optional_hdr32)) != sizeof(struct pe_image_optional_hdr64) - sizeof(struct pe_image_optional_hdr32)) { cli_dbgmsg(""Can't read optional file header\n""); if(DETECT_BROKEN_PE) { cli_append_virus(ctx,""Heuristics.Broken.Executable""); return CL_VIRUS; } return CL_CLEAN; } at += sizeof(struct pe_image_optional_hdr64) - sizeof(struct pe_image_optional_hdr32); vep = EC32(optional_hdr64.AddressOfEntryPoint); hdr_size = EC32(optional_hdr64.SizeOfHeaders); cli_dbgmsg(""File format: PE32+\n""); cli_dbgmsg(""MajorLinkerVersion: %d\n"", optional_hdr64.MajorLinkerVersion); cli_dbgmsg(""MinorLinkerVersion: %d\n"", optional_hdr64.MinorLinkerVersion); cli_dbgmsg(""SizeOfCode: 0x%x\n"", EC32(optional_hdr64.SizeOfCode)); cli_dbgmsg(""SizeOfInitializedData: 0x%x\n"", EC32(optional_hdr64.SizeOfInitializedData)); cli_dbgmsg(""SizeOfUninitializedData: 0x%x\n"", EC32(optional_hdr64.SizeOfUninitializedData)); cli_dbgmsg(""AddressOfEntryPoint: 0x%x\n"", vep); cli_dbgmsg(""BaseOfCode: 0x%x\n"", EC32(optional_hdr64.BaseOfCode)); cli_dbgmsg(""SectionAlignment: 0x%x\n"", EC32(optional_hdr64.SectionAlignment)); cli_dbgmsg(""FileAlignment: 0x%x\n"", EC32(optional_hdr64.FileAlignment)); cli_dbgmsg(""MajorSubsystemVersion: %d\n"", EC16(optional_hdr64.MajorSubsystemVersion)); cli_dbgmsg(""MinorSubsystemVersion: %d\n"", EC16(optional_hdr64.MinorSubsystemVersion)); cli_dbgmsg(""SizeOfImage: 0x%x\n"", EC32(optional_hdr64.SizeOfImage)); cli_dbgmsg(""SizeOfHeaders: 0x%x\n"", hdr_size); cli_dbgmsg(""NumberOfRvaAndSizes: %d\n"", EC32(optional_hdr64.NumberOfRvaAndSizes)); dirs = optional_hdr64.DataDirectory; #if HAVE_JSON cli_jsonint(pe_json, ""MajorLinkerVersion"", optional_hdr64.MajorLinkerVersion); cli_jsonint(pe_json, ""MinorLinkerVersion"", optional_hdr64.MinorLinkerVersion); cli_jsonint(pe_json, ""SizeOfCode"", EC32(optional_hdr64.SizeOfCode)); cli_jsonint(pe_json, ""SizeOfInitializedData"", EC32(optional_hdr64.SizeOfInitializedData)); cli_jsonint(pe_json, ""SizeOfUninitializedData"", EC32(optional_hdr64.SizeOfUninitializedData)); cli_jsonint(pe_json, ""NumberOfRvaAndSizes"", EC32(optional_hdr64.NumberOfRvaAndSizes)); cli_jsonint(pe_json, ""MajorSubsystemVersion"", EC16(optional_hdr64.MajorSubsystemVersion)); cli_jsonint(pe_json, ""MinorSubsystemVersion"", EC16(optional_hdr64.MinorSubsystemVersion)); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", EC32(optional_hdr64.BaseOfCode)); cli_jsonstr(pe_json, ""BaseOfCode"", jsonbuf); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", EC32(optional_hdr64.SectionAlignment)); cli_jsonstr(pe_json, ""SectionAlignment"", jsonbuf); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", EC32(optional_hdr64.FileAlignment)); cli_jsonstr(pe_json, ""FileAlignment"", jsonbuf); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", EC32(optional_hdr64.SizeOfImage)); cli_jsonstr(pe_json, ""SizeOfImage"", jsonbuf); snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", hdr_size); cli_jsonstr(pe_json, ""SizeOfHeaders"", jsonbuf); #endif } #if HAVE_JSON if (ctx->options & CL_SCAN_FILE_PROPERTIES) { snprintf(jsonbuf, sizeof(jsonbuf), ""0x%x"", vep); cli_jsonstr(pe_json, ""EntryPoint"", jsonbuf); } #endif switch(pe_plus ? EC16(optional_hdr64.Subsystem) : EC16(optional_hdr32.Subsystem)) { case 0: subsystem = ""Unknown""; break; case 1: subsystem = ""Native (svc)""; native = 1; break; case 2: subsystem = ""Win32 GUI""; break; case 3: subsystem = ""Win32 console""; break; case 5: subsystem = ""OS/2 console""; break; case 7: subsystem = ""POSIX console""; break; case 8: subsystem = ""Native Win9x driver""; break; case 9: subsystem = ""WinCE GUI""; break; case 10: subsystem = ""EFI application""; break; case 11: subsystem = ""EFI driver""; break; case 12: subsystem = ""EFI runtime driver""; break; case 13: subsystem = ""EFI ROM image""; break; case 14: subsystem = ""Xbox""; break; case 16: subsystem = ""Boot application""; break; default: subsystem = ""Unknown""; } cli_dbgmsg(""Subsystem: %s\n"", subsystem); #if HAVE_JSON cli_jsonstr(pe_json, ""Subsystem"", subsystem); #endif cli_dbgmsg(""------------------------------------\n""); if (DETECT_BROKEN_PE && !native && (!(pe_plus?EC32(optional_hdr64.SectionAlignment):EC32(optional_hdr32.SectionAlignment)) || (pe_plus?EC32(optional_hdr64.SectionAlignment):EC32(optional_hdr32.SectionAlignment))%0x1000)) { cli_dbgmsg(""Bad virtual alignemnt\n""); cli_append_virus(ctx,""Heuristics.Broken.Executable""); return CL_VIRUS; } if (DETECT_BROKEN_PE && !native && (!(pe_plus?EC32(optional_hdr64.FileAlignment):EC32(optional_hdr32.FileAlignment)) || (pe_plus?EC32(optional_hdr64.FileAlignment):EC32(optional_hdr32.FileAlignment))%0x200)) { cli_dbgmsg(""Bad file alignemnt\n""); cli_append_virus(ctx, ""Heuristics.Broken.Executable""); return CL_VIRUS; } fsize = map->len; section_hdr = (struct pe_image_section_hdr *) cli_calloc(nsections, sizeof(struct pe_image_section_hdr)); if(!section_hdr) { cli_dbgmsg(""Can't allocate memory for section headers\n""); return CL_EMEM; } exe_sections = (struct cli_exe_section *) cli_calloc(nsections, sizeof(struct cli_exe_section)); if(!exe_sections) { cli_dbgmsg(""Can't allocate memory for section headers\n""); free(section_hdr); return CL_EMEM; } valign = (pe_plus)?EC32(optional_hdr64.SectionAlignment):EC32(optional_hdr32.SectionAlignment); falign = (pe_plus)?EC32(optional_hdr64.FileAlignment):EC32(optional_hdr32.FileAlignment); if(fmap_readn(map, section_hdr, at, sizeof(struct pe_image_section_hdr)*nsections) != (int)(nsections*sizeof(struct pe_image_section_hdr))) { cli_dbgmsg(""Can't read section header\n""); cli_dbgmsg(""Possibly broken PE file\n""); free(section_hdr); free(exe_sections); if(DETECT_BROKEN_PE) { cli_append_virus(ctx,""Heuristics.Broken.Executable""); return CL_VIRUS; } return CL_CLEAN; } at += sizeof(struct pe_image_section_hdr)*nsections; for(i = 0; falign!=0x200 && iexe_sections[i].raw && !CLI_ISCONTAINED(0, (uint32_t) fsize, exe_sections[i].raw, exe_sections[i].rsz)) exe_sections[i].rsz = fsize - exe_sections[i].raw; cli_dbgmsg(""Section %d\n"", i); cli_dbgmsg(""Section name: %s\n"", sname); cli_dbgmsg(""Section data (from headers - in memory)\n""); cli_dbgmsg(""VirtualSize: 0x%x 0x%x\n"", exe_sections[i].uvsz, exe_sections[i].vsz); cli_dbgmsg(""VirtualAddress: 0x%x 0x%x\n"", exe_sections[i].urva, exe_sections[i].rva); cli_dbgmsg(""SizeOfRawData: 0x%x 0x%x\n"", exe_sections[i].ursz, exe_sections[i].rsz); cli_dbgmsg(""PointerToRawData: 0x%x 0x%x\n"", exe_sections[i].uraw, exe_sections[i].raw); if(exe_sections[i].chr & 0x20) { cli_dbgmsg(""Section contains executable code\n""); if(exe_sections[i].vsz < exe_sections[i].rsz) { cli_dbgmsg(""Section contains free space\n""); } } if(exe_sections[i].chr & 0x20000000) cli_dbgmsg(""Section's memory is executable\n""); if(exe_sections[i].chr & 0x80000000) cli_dbgmsg(""Section's memory is writeable\n""); if (DETECT_BROKEN_PE && (!valign || (exe_sections[i].urva % valign))) { cli_dbgmsg(""VirtualAddress is misaligned\n""); cli_dbgmsg(""------------------------------------\n""); cli_append_virus(ctx, ""Heuristics.Broken.Executable""); free(section_hdr); free(exe_sections); return CL_VIRUS; } if (exe_sections[i].rsz) { if (exe_sections[i].raw >= fsize) { cli_dbgmsg(""Broken PE file - Section %d starts beyond the end of file (Offset@ %lu, Total filesize %lu)\n"", i, (unsigned long)exe_sections[i].raw, (unsigned long)fsize); cli_dbgmsg(""------------------------------------\n""); free(section_hdr); free(exe_sections); if(DETECT_BROKEN_PE) { cli_append_virus(ctx, ""Heuristics.Broken.Executable""); return CL_VIRUS; } return CL_CLEAN; } if(SCAN_ALGO && (DCONF & PE_CONF_POLIPOS) && !*sname && exe_sections[i].vsz > 40000 && exe_sections[i].vsz < 70000 && exe_sections[i].chr == 0xe0000060) polipos = i; if((DCONF & PE_CONF_MD5SECT) && ctx->engine->hm_mdb) { ret = scan_pe_mdb(ctx, &exe_sections[i]); if (ret != CL_CLEAN) { if (ret != CL_VIRUS) cli_errmsg(""scan_pe: scan_pe_mdb failed: %s!\n"", cl_strerror(ret)); cli_dbgmsg(""------------------------------------\n""); free(section_hdr); free(exe_sections); return ret; } } } cli_dbgmsg(""------------------------------------\n""); if (exe_sections[i].urva>>31 || exe_sections[i].uvsz>>31 || (exe_sections[i].rsz && exe_sections[i].uraw>>31) || exe_sections[i].ursz>>31) { cli_dbgmsg(""Found PE values with sign bit set\n""); free(section_hdr); free(exe_sections); if(DETECT_BROKEN_PE) { cli_append_virus(ctx, ""Heuristics.Broken.Executable""); return CL_VIRUS; } return CL_CLEAN; } if(!i) { if (DETECT_BROKEN_PE && exe_sections[i].urva!=hdr_size) { cli_dbgmsg(""First section is in the wrong place\n""); cli_append_virus(ctx, ""Heuristics.Broken.Executable""); free(section_hdr); free(exe_sections); return CL_VIRUS; } min = exe_sections[i].rva; max = exe_sections[i].rva + exe_sections[i].rsz; } else { if (DETECT_BROKEN_PE && exe_sections[i].urva - exe_sections[i-1].urva != exe_sections[i-1].vsz) { cli_dbgmsg(""Virtually misplaced section (wrong order, overlapping, non contiguous)\n""); cli_append_virus(ctx, ""Heuristics.Broken.Executable""); free(section_hdr); free(exe_sections); return CL_VIRUS; } if(exe_sections[i].rva < min) min = exe_sections[i].rva; if(exe_sections[i].rva + exe_sections[i].rsz > max) { max = exe_sections[i].rva + exe_sections[i].rsz; overlays = exe_sections[i].raw + exe_sections[i].rsz; } } } free(section_hdr); if(!(ep = cli_rawaddr(vep, exe_sections, nsections, &err, fsize, hdr_size)) && err) { cli_dbgmsg(""EntryPoint out of file\n""); free(exe_sections); if(DETECT_BROKEN_PE) { cli_append_virus(ctx,""Heuristics.Broken.Executable""); return CL_VIRUS; } return CL_CLEAN; } #if HAVE_JSON cli_jsonint(pe_json, ""EntryPointOffset"", ep); if (cli_json_timeout_cycle_check(ctx, &toval) != CL_SUCCESS) { return CL_ETIMEOUT; } #endif cli_dbgmsg(""EntryPoint offset: 0x%x (%d)\n"", ep, ep); if(pe_plus) { free(exe_sections); return CL_CLEAN; } epsize = fmap_readn(map, epbuff, ep, 4096); if(overlays) { int overlays_sz = fsize - overlays; if(overlays_sz > 0) { ret = cli_scanishield(ctx, overlays, overlays_sz); if(ret != CL_CLEAN) { free(exe_sections); return ret; } } } pedata.nsections = nsections; pedata.ep = ep; pedata.offset = 0; memcpy(&pedata.file_hdr, &file_hdr, sizeof(file_hdr)); memcpy(&pedata.opt32, &pe_opt.opt32, sizeof(pe_opt.opt32)); memcpy(&pedata.opt64, &pe_opt.opt64, sizeof(pe_opt.opt64)); memcpy(&pedata.dirs, dirs, sizeof(pedata.dirs)); pedata.e_lfanew = e_lfanew; pedata.overlays = overlays; pedata.overlays_sz = fsize - overlays; pedata.hdr_size = hdr_size; bc_ctx = cli_bytecode_context_alloc(); if (!bc_ctx) { cli_errmsg(""cli_scanpe: can't allocate memory for bc_ctx\n""); free(exe_sections); return CL_EMEM; } cli_bytecode_context_setpe(bc_ctx, &pedata, exe_sections); cli_bytecode_context_setctx(bc_ctx, ctx); ret = cli_bytecode_runhook(ctx, ctx->engine, bc_ctx, BC_PE_ALL, map); switch (ret) { case CL_ENULLARG: cli_warnmsg(""cli_scanpe: NULL argument supplied\n""); break; case CL_VIRUS: case CL_BREAK: free(exe_sections); cli_bytecode_context_destroy(bc_ctx); return ret == CL_VIRUS ? CL_VIRUS : CL_CLEAN; } cli_bytecode_context_destroy(bc_ctx); if(SCAN_ALGO && (DCONF & PE_CONF_PARITE) && !dll && epsize == 4096 && ep == exe_sections[nsections - 1].raw) { const char *pt = cli_memstr(epbuff, 4040, ""\x47\x65\x74\x50\x72\x6f\x63\x41\x64\x64\x72\x65\x73\x73\x00"", 15); if(pt) { pt += 15; if((((uint32_t)cli_readint32(pt) ^ (uint32_t)cli_readint32(pt + 4)) == 0x505a4f) && (((uint32_t)cli_readint32(pt + 8) ^ (uint32_t)cli_readint32(pt + 12)) == 0xffffb) && (((uint32_t)cli_readint32(pt + 16) ^ (uint32_t)cli_readint32(pt + 20)) == 0xb8)) { cli_append_virus(ctx,""Heuristics.W32.Parite.B""); if (!SCAN_ALL) { free(exe_sections); return CL_VIRUS; } viruses_found++; } } } if(SCAN_ALGO && (DCONF & PE_CONF_KRIZ) && epsize >= 200 && CLI_ISCONTAINED(exe_sections[nsections - 1].raw, exe_sections[nsections - 1].rsz, ep, 0x0fd2) && epbuff[1]=='\x9c' && epbuff[2]=='\x60') { enum {KZSTRASH,KZSCDELTA,KZSPDELTA,KZSGETSIZE,KZSXORPRFX,KZSXOR,KZSDDELTA,KZSLOOP,KZSTOP}; uint8_t kzs[] = {KZSTRASH,KZSCDELTA,KZSPDELTA,KZSGETSIZE,KZSTRASH,KZSXORPRFX,KZSXOR,KZSTRASH,KZSDDELTA,KZSTRASH,KZSLOOP,KZSTOP}; uint8_t *kzstate = kzs; uint8_t *kzcode = (uint8_t *)epbuff + 3; uint8_t kzdptr=0xff, kzdsize=0xff; int kzlen = 197, kzinitlen=0xffff, kzxorlen=-1; cli_dbgmsg(""in kriz\n""); while(*kzstate!=KZSTOP) { uint8_t op; if(kzlen<=6) break; op = *kzcode++; kzlen--; switch (*kzstate) { case KZSTRASH: case KZSGETSIZE: { int opsz=0; switch(op) { case 0x81: kzcode+=5; kzlen-=5; break; case 0xb8: case 0xb9: case 0xba: case 0xbb: case 0xbd: case 0xbe: case 0xbf: if(*kzstate==KZSGETSIZE && cli_readint32(kzcode)==0x0fd2) { kzinitlen = kzlen-5; kzdsize=op-0xb8; kzstate++; op=4; cli_dbgmsg(""kriz: using #%d as size counter\n"", kzdsize); } opsz=4; case 0x48: case 0x49: case 0x4a: case 0x4b: case 0x4d: case 0x4e: case 0x4f: op&=7; if(op!=kzdptr && op!=kzdsize) { kzcode+=opsz; kzlen-=opsz; break; } default: kzcode--; kzlen++; kzstate++; } break; } case KZSCDELTA: if(op==0xe8 && (uint32_t)cli_readint32(kzcode) < 0xff) { kzlen-=*kzcode+4; kzcode+=*kzcode+4; kzstate++; } else *kzstate=KZSTOP; break; case KZSPDELTA: if((op&0xf8)==0x58 && (kzdptr=op-0x58)!=4) { kzstate++; cli_dbgmsg(""kriz: using #%d as pointer\n"", kzdptr); } else *kzstate=KZSTOP; break; case KZSXORPRFX: kzstate++; if(op==0x3e) break; case KZSXOR: if (op==0x80 && *kzcode==kzdptr+0xb0) { kzxorlen=kzlen; kzcode+=+6; kzlen-=+6; kzstate++; } else *kzstate=KZSTOP; break; case KZSDDELTA: if (op==kzdptr+0x48) kzstate++; else *kzstate=KZSTOP; break; case KZSLOOP: if (op==kzdsize+0x48 && *kzcode==0x75 && kzlen-(int8_t)kzcode[1]-3<=kzinitlen && kzlen-(int8_t)kzcode[1]>=kzxorlen) { cli_append_virus(ctx,""Heuristics.W32.Kriz""); if (!SCAN_ALL) { free(exe_sections); return CL_VIRUS; } viruses_found++; } cli_dbgmsg(""kriz: loop out of bounds, corrupted sample?\n""); kzstate++; } } } if(SCAN_ALGO && (DCONF & PE_CONF_MAGISTR) && !dll && (nsections>1) && (exe_sections[nsections - 1].chr & 0x80000000)) { uint32_t rsize, vsize, dam = 0; vsize = exe_sections[nsections - 1].uvsz; rsize = exe_sections[nsections - 1].rsz; if(rsize < exe_sections[nsections - 1].ursz) { rsize = exe_sections[nsections - 1].ursz; dam = 1; } if(vsize >= 0x612c && rsize >= 0x612c && ((vsize & 0xff) == 0xec)) { int bw = rsize < 0x7000 ? rsize : 0x7000; const char *tbuff; if((tbuff = fmap_need_off_once(map, exe_sections[nsections - 1].raw + rsize - bw, 4096))) { if(cli_memstr(tbuff, 4091, ""\xe8\x2c\x61\x00\x00"", 5)) { cli_append_virus(ctx, dam ? ""Heuristics.W32.Magistr.A.dam"" : ""Heuristics.W32.Magistr.A""); if (!SCAN_ALL) { free(exe_sections); return CL_VIRUS; } viruses_found++; } } } else if(rsize >= 0x7000 && vsize >= 0x7000 && ((vsize & 0xff) == 0xed)) { int bw = rsize < 0x8000 ? rsize : 0x8000; const char *tbuff; if((tbuff = fmap_need_off_once(map, exe_sections[nsections - 1].raw + rsize - bw, 4096))) { if(cli_memstr(tbuff, 4091, ""\xe8\x04\x72\x00\x00"", 5)) { cli_append_virus(ctx,dam ? ""Heuristics.W32.Magistr.B.dam"" : ""Heuristics.W32.Magistr.B""); if (!SCAN_ALL) { free(exe_sections); return CL_VIRUS; } viruses_found++; } } } } while(polipos && !dll && nsections > 2 && nsections < 13 && e_lfanew <= 0x800 && (EC16(optional_hdr32.Subsystem) == 2 || EC16(optional_hdr32.Subsystem) == 3) && EC16(file_hdr.Machine) == 0x14c && optional_hdr32.SizeOfStackReserve >= 0x80000) { uint32_t jump, jold, *jumps = NULL; const uint8_t *code; unsigned int xsjs = 0; if(exe_sections[0].rsz > CLI_MAX_ALLOCATION) break; if(!exe_sections[0].rsz) break; if(!(code=fmap_need_off_once(map, exe_sections[0].raw, exe_sections[0].rsz))) break; for(i=0; i 1) continue; jump = cli_rawaddr(exe_sections[0].rva+i+5+cli_readint32(&code[i+1]), exe_sections, nsections, &err, fsize, hdr_size); if(err || !CLI_ISCONTAINED(exe_sections[polipos].raw, exe_sections[polipos].rsz, jump, 9)) continue; if(xsjs % 128 == 0) { if(xsjs == 1280) break; if(!(jumps=(uint32_t *)cli_realloc2(jumps, (xsjs+128)*sizeof(uint32_t)))) { free(exe_sections); return CL_EMEM; } } j=0; for(; j 1 && fsize > 64*1024 && fsize < 4*1024*1024) { if(dirs[2].Size) { struct swizz_stats *stats = cli_calloc(1, sizeof(*stats)); unsigned int m = 1000; ret = CL_CLEAN; if (!stats) ret = CL_EMEM; else { cli_parseres_special(EC32(dirs[2].VirtualAddress), EC32(dirs[2].VirtualAddress), map, exe_sections, nsections, fsize, hdr_size, 0, 0, &m, stats); if ((ret = cli_detect_swizz(stats)) == CL_VIRUS) { cli_append_virus(ctx,""Heuristics.Trojan.Swizzor.Gen""); } free(stats); } if (ret != CL_CLEAN) { if (!(ret == CL_VIRUS && SCAN_ALL)) { free(exe_sections); return ret; } viruses_found++; } } } corrupted_cur = ctx->corrupted_input; ctx->corrupted_input = 2; found = 0; if(DCONF & (PE_CONF_UPX | PE_CONF_FSG | PE_CONF_MEW)) { for(i = 0; i < (unsigned int) nsections - 1; i++) { if(!exe_sections[i].rsz && exe_sections[i].vsz && exe_sections[i + 1].rsz && exe_sections[i + 1].vsz) { found = 1; cli_dbgmsg(""UPX/FSG/MEW: empty section found - assuming compression\n""); #if HAVE_JSON cli_jsonbool(pe_json, ""HasEmptySection"", 1); #endif break; } } } if (found && (DCONF & PE_CONF_MEW) && epsize>=16 && epbuff[0]=='\xe9') { uint32_t fileoffset; const char *tbuff; fileoffset = (vep + cli_readint32(epbuff + 1) + 5); while (fileoffset == 0x154 || fileoffset == 0x158) { char *src; uint32_t offdiff, uselzma; cli_dbgmsg (""MEW: found MEW characteristics %08X + %08X + 5 = %08X\n"", cli_readint32(epbuff + 1), vep, cli_readint32(epbuff + 1) + vep + 5); if(!(tbuff = fmap_need_off_once(map, fileoffset, 0xb0))) break; if (fileoffset == 0x154) cli_dbgmsg(""MEW: Win9x compatibility was set!\n""); else cli_dbgmsg(""MEW: Win9x compatibility was NOT set!\n""); if((offdiff = cli_readint32(tbuff+1) - EC32(optional_hdr32.ImageBase)) <= exe_sections[i + 1].rva || offdiff >= exe_sections[i + 1].rva + exe_sections[i + 1].raw - 4) { cli_dbgmsg(""MEW: ESI is not in proper section\n""); break; } offdiff -= exe_sections[i + 1].rva; if(!exe_sections[i + 1].rsz) { cli_dbgmsg(""MEW: mew section is empty\n""); break; } ssize = exe_sections[i + 1].vsz; dsize = exe_sections[i].vsz; cli_dbgmsg(""MEW: ssize %08x dsize %08x offdiff: %08x\n"", ssize, dsize, offdiff); CLI_UNPSIZELIMITS(""MEW"", MAX(ssize, dsize)); CLI_UNPSIZELIMITS(""MEW"", MAX(ssize + dsize, exe_sections[i + 1].rsz)); if (exe_sections[i + 1].rsz < offdiff + 12 || exe_sections[i + 1].rsz > ssize) { cli_dbgmsg(""MEW: Size mismatch: %08x\n"", exe_sections[i + 1].rsz); break; } if (!(src = cli_calloc (ssize + dsize, sizeof(char)))) { free(exe_sections); return CL_EMEM; } if((bytes = fmap_readn(map, src + dsize, exe_sections[i + 1].raw, exe_sections[i + 1].rsz)) != exe_sections[i + 1].rsz) { cli_dbgmsg(""MEW: Can't read %d bytes [read: %lu]\n"", exe_sections[i + 1].rsz, (unsigned long)bytes); free(exe_sections); free(src); return CL_EREAD; } cli_dbgmsg(""MEW: %u (%08x) bytes read\n"", (unsigned int)bytes, (unsigned int)bytes); if (tbuff[0x7b] == '\xe8') { if (!CLI_ISCONTAINED(exe_sections[1].rva, exe_sections[1].vsz, cli_readint32(tbuff + 0x7c) + fileoffset + 0x80, 4)) { cli_dbgmsg(""MEW: lzma proc out of bounds!\n""); free(src); break; } uselzma = cli_readint32(tbuff + 0x7c) - (exe_sections[0].rva - fileoffset - 0x80); } else { uselzma = 0; } #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""MEW""); #endif CLI_UNPTEMP(""MEW"",(src,exe_sections,0)); CLI_UNPRESULTS(""MEW"",(unmew11(src, offdiff, ssize, dsize, EC32(optional_hdr32.ImageBase), exe_sections[0].rva, uselzma, ndesc)),1,(src,0)); break; } } if(epsize<168) { free(exe_sections); return CL_CLEAN; } if (found || upack) { while(((upack && nsections == 3) && (( epbuff[0] == '\xbe' && cli_readint32(epbuff + 1) - EC32(optional_hdr32.ImageBase) > min && epbuff[5] == '\xad' && epbuff[6] == '\x50' ) || (epbuff[0] == '\xbe' && cli_readint32(epbuff + 1) - EC32(optional_hdr32.ImageBase) > min && epbuff[5] == '\xff' && epbuff[6] == '\x36' ) )) || ((!upack && nsections == 2) && (( epbuff[0] == '\x60' && epbuff[1] == '\xe8' && cli_readint32(epbuff+2) == 0x9 ) || ( epbuff[0] == '\xbe' && cli_readint32(epbuff+1) - EC32(optional_hdr32.ImageBase) < min && cli_readint32(epbuff + 1) - EC32(optional_hdr32.ImageBase) > 0 && epbuff[5] == '\xad' && epbuff[6] == '\x8b' && epbuff[7] == '\xf8' ) )) ) { uint32_t vma, off; int a,b,c; cli_dbgmsg(""Upack characteristics found.\n""); a = exe_sections[0].vsz; b = exe_sections[1].vsz; if (upack) { cli_dbgmsg(""Upack: var set\n""); c = exe_sections[2].vsz; ssize = exe_sections[0].ursz + exe_sections[0].uraw; off = exe_sections[0].rva; vma = EC32(optional_hdr32.ImageBase) + exe_sections[0].rva; } else { cli_dbgmsg(""Upack: var NOT set\n""); c = exe_sections[1].rva; ssize = exe_sections[1].uraw; off = 0; vma = exe_sections[1].rva - exe_sections[1].uraw; } dsize = a+b+c; CLI_UNPSIZELIMITS(""Upack"", MAX(MAX(dsize, ssize), exe_sections[1].ursz)); if (!CLI_ISCONTAINED(0, dsize, exe_sections[1].rva - off, exe_sections[1].ursz) || (upack && !CLI_ISCONTAINED(0, dsize, exe_sections[2].rva - exe_sections[0].rva, ssize)) || ssize > dsize) { cli_dbgmsg(""Upack: probably malformed pe-header, skipping to next unpacker\n""); break; } if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) { free(exe_sections); return CL_EMEM; } if((unsigned int)fmap_readn(map, dest, 0, ssize) != ssize) { cli_dbgmsg(""Upack: Can't read raw data of section 0\n""); free(dest); break; } if(upack) memmove(dest + exe_sections[2].rva - exe_sections[0].rva, dest, ssize); if((unsigned int)fmap_readn(map, dest + exe_sections[1].rva - off, exe_sections[1].uraw, exe_sections[1].ursz) != exe_sections[1].ursz) { cli_dbgmsg(""Upack: Can't read raw data of section 1\n""); free(dest); break; } #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""Upack""); #endif CLI_UNPTEMP(""Upack"",(dest,exe_sections,0)); CLI_UNPRESULTS(""Upack"",(unupack(upack, dest, dsize, epbuff, vma, ep, EC32(optional_hdr32.ImageBase), exe_sections[0].rva, ndesc)),1,(dest,0)); break; } } while(found && (DCONF & PE_CONF_FSG) && epbuff[0] == '\x87' && epbuff[1] == '\x25') { const char *dst; uint32_t newesi, newedi, newebx, newedx; ssize = exe_sections[i + 1].rsz; dsize = exe_sections[i].vsz; CLI_UNPSIZELIMITS(""FSG"", MAX(dsize, ssize)); if(ssize <= 0x19 || dsize <= ssize) { cli_dbgmsg(""FSG: Size mismatch (ssize: %d, dsize: %d)\n"", ssize, dsize); free(exe_sections); return CL_CLEAN; } newedx = cli_readint32(epbuff + 2) - EC32(optional_hdr32.ImageBase); if(!CLI_ISCONTAINED(exe_sections[i + 1].rva, exe_sections[i + 1].rsz, newedx, 4)) { cli_dbgmsg(""FSG: xchg out of bounds (%x), giving up\n"", newedx); break; } if(!exe_sections[i + 1].rsz || !(src = fmap_need_off_once(map, exe_sections[i + 1].raw, ssize))) { cli_dbgmsg(""Can't read raw data of section %d\n"", i + 1); free(exe_sections); return CL_ESEEK; } dst = src + newedx - exe_sections[i + 1].rva; if(newedx < exe_sections[i + 1].rva || !CLI_ISCONTAINED(src, ssize, dst, 4)) { cli_dbgmsg(""FSG: New ESP out of bounds\n""); break; } newedx = cli_readint32(dst) - EC32(optional_hdr32.ImageBase); if(!CLI_ISCONTAINED(exe_sections[i + 1].rva, exe_sections[i + 1].rsz, newedx, 4)) { cli_dbgmsg(""FSG: New ESP (%x) is wrong\n"", newedx); break; } dst = src + newedx - exe_sections[i + 1].rva; if(!CLI_ISCONTAINED(src, ssize, dst, 32)) { cli_dbgmsg(""FSG: New stack out of bounds\n""); break; } newedi = cli_readint32(dst) - EC32(optional_hdr32.ImageBase); newesi = cli_readint32(dst + 4) - EC32(optional_hdr32.ImageBase); newebx = cli_readint32(dst + 16) - EC32(optional_hdr32.ImageBase); newedx = cli_readint32(dst + 20); if(newedi != exe_sections[i].rva) { cli_dbgmsg(""FSG: Bad destination buffer (edi is %x should be %x)\n"", newedi, exe_sections[i].rva); break; } if(newesi < exe_sections[i + 1].rva || newesi - exe_sections[i + 1].rva >= exe_sections[i + 1].rsz) { cli_dbgmsg(""FSG: Source buffer out of section bounds\n""); break; } if(!CLI_ISCONTAINED(exe_sections[i + 1].rva, exe_sections[i + 1].rsz, newebx, 16)) { cli_dbgmsg(""FSG: Array of functions out of bounds\n""); break; } newedx=cli_readint32(newebx + 12 - exe_sections[i + 1].rva + src) - EC32(optional_hdr32.ImageBase); cli_dbgmsg(""FSG: found old EP @%x\n"",newedx); if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) { free(exe_sections); return CL_EMEM; } #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""FSG""); #endif CLI_UNPTEMP(""FSG"",(dest,exe_sections,0)); CLI_UNPRESULTSFSG2(""FSG"",(unfsg_200(newesi - exe_sections[i + 1].rva + src, dest, ssize + exe_sections[i + 1].rva - newesi, dsize, newedi, EC32(optional_hdr32.ImageBase), newedx, ndesc)),1,(dest,0)); break; } while(found && (DCONF & PE_CONF_FSG) && epbuff[0] == '\xbe' && cli_readint32(epbuff + 1) - EC32(optional_hdr32.ImageBase) < min) { int sectcnt = 0; const char *support; uint32_t newesi, newedi, oldep, gp, t; struct cli_exe_section *sections; ssize = exe_sections[i + 1].rsz; dsize = exe_sections[i].vsz; CLI_UNPSIZELIMITS(""FSG"", MAX(dsize, ssize)); if(ssize <= 0x19 || dsize <= ssize) { cli_dbgmsg(""FSG: Size mismatch (ssize: %d, dsize: %d)\n"", ssize, dsize); free(exe_sections); return CL_CLEAN; } if(!(t = cli_rawaddr(cli_readint32(epbuff + 1) - EC32(optional_hdr32.ImageBase), NULL, 0 , &err, fsize, hdr_size)) && err ) { cli_dbgmsg(""FSG: Support data out of padding area\n""); break; } gp = exe_sections[i + 1].raw - t; CLI_UNPSIZELIMITS(""FSG"", gp); if(!(support = fmap_need_off_once(map, t, gp))) { cli_dbgmsg(""Can't read %d bytes from padding area\n"", gp); free(exe_sections); return CL_EREAD; } newedi = cli_readint32(support + 4) - EC32(optional_hdr32.ImageBase); newesi = cli_readint32(support + 8) - EC32(optional_hdr32.ImageBase); if(newesi < exe_sections[i + 1].rva || newesi - exe_sections[i + 1].rva >= exe_sections[i + 1].rsz) { cli_dbgmsg(""FSG: Source buffer out of section bounds\n""); break; } if(newedi != exe_sections[i].rva) { cli_dbgmsg(""FSG: Bad destination (is %x should be %x)\n"", newedi, exe_sections[i].rva); break; } for(t = 12; t < gp - 4; t += 4) { uint32_t rva = cli_readint32(support+t); if(!rva) break; rva -= EC32(optional_hdr32.ImageBase)+1; sectcnt++; if(rva % 0x1000) cli_dbgmsg(""FSG: Original section %d is misaligned\n"", sectcnt); if(rva < exe_sections[i].rva || rva - exe_sections[i].rva >= exe_sections[i].vsz) { cli_dbgmsg(""FSG: Original section %d is out of bounds\n"", sectcnt); break; } } if(t >= gp - 4 || cli_readint32(support + t)) { break; } if((sections = (struct cli_exe_section *) cli_malloc((sectcnt + 1) * sizeof(struct cli_exe_section))) == NULL) { cli_errmsg(""FSG: Unable to allocate memory for sections %lu\n"", (sectcnt + 1) * sizeof(struct cli_exe_section)); free(exe_sections); return CL_EMEM; } sections[0].rva = newedi; for(t = 1; t <= (uint32_t)sectcnt; t++) sections[t].rva = cli_readint32(support + 8 + t * 4) - 1 - EC32(optional_hdr32.ImageBase); if(!exe_sections[i + 1].rsz || !(src = fmap_need_off_once(map, exe_sections[i + 1].raw, ssize))) { cli_dbgmsg(""Can't read raw data of section %d\n"", i); free(exe_sections); free(sections); return CL_EREAD; } if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) { free(exe_sections); free(sections); return CL_EMEM; } oldep = vep + 161 + 6 + cli_readint32(epbuff+163); cli_dbgmsg(""FSG: found old EP @%x\n"", oldep); #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""FSG""); #endif CLI_UNPTEMP(""FSG"",(dest,sections,exe_sections,0)); CLI_UNPRESULTSFSG1(""FSG"",(unfsg_133(src + newesi - exe_sections[i + 1].rva, dest, ssize + exe_sections[i + 1].rva - newesi, dsize, sections, sectcnt, EC32(optional_hdr32.ImageBase), oldep, ndesc)),1,(dest,sections,0)); break; } while(found && (DCONF & PE_CONF_FSG) && epbuff[0] == '\xbb' && cli_readint32(epbuff + 1) - EC32(optional_hdr32.ImageBase) < min && epbuff[5] == '\xbf' && epbuff[10] == '\xbe' && vep >= exe_sections[i + 1].rva && vep - exe_sections[i + 1].rva > exe_sections[i + 1].rva - 0xe0 ) { int sectcnt = 0; uint32_t gp, t = cli_rawaddr(cli_readint32(epbuff+1) - EC32(optional_hdr32.ImageBase), NULL, 0 , &err, fsize, hdr_size); const char *support; uint32_t newesi = cli_readint32(epbuff+11) - EC32(optional_hdr32.ImageBase); uint32_t newedi = cli_readint32(epbuff+6) - EC32(optional_hdr32.ImageBase); uint32_t oldep = vep - exe_sections[i + 1].rva; struct cli_exe_section *sections; ssize = exe_sections[i + 1].rsz; dsize = exe_sections[i].vsz; if(err) { cli_dbgmsg(""FSG: Support data out of padding area\n""); break; } if(newesi < exe_sections[i + 1].rva || newesi - exe_sections[i + 1].rva >= exe_sections[i + 1].raw) { cli_dbgmsg(""FSG: Source buffer out of section bounds\n""); break; } if(newedi != exe_sections[i].rva) { cli_dbgmsg(""FSG: Bad destination (is %x should be %x)\n"", newedi, exe_sections[i].rva); break; } CLI_UNPSIZELIMITS(""FSG"", MAX(dsize, ssize)); if(ssize <= 0x19 || dsize <= ssize) { cli_dbgmsg(""FSG: Size mismatch (ssize: %d, dsize: %d)\n"", ssize, dsize); free(exe_sections); return CL_CLEAN; } gp = exe_sections[i + 1].raw - t; CLI_UNPSIZELIMITS(""FSG"", gp) if(!(support = fmap_need_off_once(map, t, gp))) { cli_dbgmsg(""Can't read %d bytes from padding area\n"", gp); free(exe_sections); return CL_EREAD; } for(t = 0; t < gp - 2; t += 2) { uint32_t rva = support[t]|(support[t+1]<<8); if (rva == 2 || rva == 1) break; rva = ((rva-2)<<12) - EC32(optional_hdr32.ImageBase); sectcnt++; if(rva < exe_sections[i].rva || rva - exe_sections[i].rva >= exe_sections[i].vsz) { cli_dbgmsg(""FSG: Original section %d is out of bounds\n"", sectcnt); break; } } if(t >= gp-10 || cli_readint32(support + t + 6) != 2) { break; } if((sections = (struct cli_exe_section *) cli_malloc((sectcnt + 1) * sizeof(struct cli_exe_section))) == NULL) { cli_errmsg(""FSG: Unable to allocate memory for sections %lu\n"", (sectcnt + 1) * sizeof(struct cli_exe_section)); free(exe_sections); return CL_EMEM; } sections[0].rva = newedi; for(t = 0; t <= (uint32_t)sectcnt - 1; t++) { sections[t+1].rva = (((support[t*2]|(support[t*2+1]<<8))-2)<<12)-EC32(optional_hdr32.ImageBase); } if(!exe_sections[i + 1].rsz || !(src = fmap_need_off_once(map, exe_sections[i + 1].raw, ssize))) { cli_dbgmsg(""FSG: Can't read raw data of section %d\n"", i); free(exe_sections); free(sections); return CL_EREAD; } if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) { free(exe_sections); free(sections); return CL_EMEM; } gp = 0xda + 6*(epbuff[16]=='\xe8'); oldep = vep + gp + 6 + cli_readint32(src+gp+2+oldep); cli_dbgmsg(""FSG: found old EP @%x\n"", oldep); #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""FSG""); #endif CLI_UNPTEMP(""FSG"",(dest,sections,exe_sections,0)); CLI_UNPRESULTSFSG1(""FSG"",(unfsg_133(src + newesi - exe_sections[i + 1].rva, dest, ssize + exe_sections[i + 1].rva - newesi, dsize, sections, sectcnt, EC32(optional_hdr32.ImageBase), oldep, ndesc)),1,(dest,sections,0)); break; } if(found && (DCONF & PE_CONF_UPX)) { ssize = exe_sections[i + 1].rsz; dsize = exe_sections[i].vsz + exe_sections[i + 1].vsz; CLI_UNPSIZELIMITS(""UPX"", MAX(dsize, ssize)); if(ssize <= 0x19 || dsize <= ssize || dsize > CLI_MAX_ALLOCATION ) { cli_dbgmsg(""UPX: Size mismatch or dsize too big (ssize: %d, dsize: %d)\n"", ssize, dsize); free(exe_sections); return CL_CLEAN; } if(!exe_sections[i + 1].rsz || !(src = fmap_need_off_once(map, exe_sections[i + 1].raw, ssize))) { cli_dbgmsg(""UPX: Can't read raw data of section %d\n"", i+1); free(exe_sections); return CL_EREAD; } if((dest = (char *) cli_calloc(dsize + 8192, sizeof(char))) == NULL) { free(exe_sections); return CL_EMEM; } if(cli_memstr(UPX_NRV2B, 24, epbuff + 0x69, 13) || cli_memstr(UPX_NRV2B, 24, epbuff + 0x69 + 8, 13)) { cli_dbgmsg(""UPX: Looks like a NRV2B decompression routine\n""); upxfn = upx_inflate2b; } else if(cli_memstr(UPX_NRV2D, 24, epbuff + 0x69, 13) || cli_memstr(UPX_NRV2D, 24, epbuff + 0x69 + 8, 13)) { cli_dbgmsg(""UPX: Looks like a NRV2D decompression routine\n""); upxfn = upx_inflate2d; } else if(cli_memstr(UPX_NRV2E, 24, epbuff + 0x69, 13) || cli_memstr(UPX_NRV2E, 24, epbuff + 0x69 + 8, 13)) { cli_dbgmsg(""UPX: Looks like a NRV2E decompression routine\n""); upxfn = upx_inflate2e; } if(upxfn) { int skew = cli_readint32(epbuff + 2) - EC32(optional_hdr32.ImageBase) - exe_sections[i + 1].rva; if(epbuff[1] != '\xbe' || skew <= 0 || skew > 0xfff) { skew = 0; } else if ((unsigned int)skew > ssize) { skew = 0; } else { cli_dbgmsg(""UPX: UPX1 seems skewed by %d bytes\n"", skew); } if(upxfn(src + skew, ssize - skew, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep-skew) >= 0) { upx_success = 1; } else if(skew && (upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0)) { upx_success = 1; } if(upx_success) cli_dbgmsg(""UPX: Successfully decompressed\n""); else cli_dbgmsg(""UPX: Preferred decompressor failed\n""); } if(!upx_success && upxfn != upx_inflate2b) { if(upx_inflate2b(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) == -1 && upx_inflate2b(src + 0x15, ssize - 0x15, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep - 0x15) == -1) { cli_dbgmsg(""UPX: NRV2B decompressor failed\n""); } else { upx_success = 1; cli_dbgmsg(""UPX: Successfully decompressed with NRV2B\n""); } } if(!upx_success && upxfn != upx_inflate2d) { if(upx_inflate2d(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) == -1 && upx_inflate2d(src + 0x15, ssize - 0x15, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep - 0x15) == -1) { cli_dbgmsg(""UPX: NRV2D decompressor failed\n""); } else { upx_success = 1; cli_dbgmsg(""UPX: Successfully decompressed with NRV2D\n""); } } if(!upx_success && upxfn != upx_inflate2e) { if(upx_inflate2e(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) == -1 && upx_inflate2e(src + 0x15, ssize - 0x15, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep - 0x15) == -1) { cli_dbgmsg(""UPX: NRV2E decompressor failed\n""); } else { upx_success = 1; cli_dbgmsg(""UPX: Successfully decompressed with NRV2E\n""); } } if(cli_memstr(UPX_LZMA2, 20, epbuff + 0x2f, 20)) { uint32_t strictdsize=cli_readint32(epbuff+0x21), skew = 0; if(ssize > 0x15 && epbuff[0] == '\x60' && epbuff[1] == '\xbe') { skew = cli_readint32(epbuff+2) - exe_sections[i + 1].rva - optional_hdr32.ImageBase; if(skew!=0x15) skew = 0; } if(strictdsize<=dsize) upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0; } else if (cli_memstr(UPX_LZMA1, 20, epbuff + 0x39, 20)) { uint32_t strictdsize=cli_readint32(epbuff+0x2b), skew = 0; if(ssize > 0x15 && epbuff[0] == '\x60' && epbuff[1] == '\xbe') { skew = cli_readint32(epbuff+2) - exe_sections[i + 1].rva - optional_hdr32.ImageBase; if(skew!=0x15) skew = 0; } if(strictdsize<=dsize) upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0; } if(!upx_success) { cli_dbgmsg(""UPX: All decompressors failed\n""); free(dest); } } if(upx_success) { free(exe_sections); CLI_UNPTEMP(""UPX/FSG"",(dest,0)); #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""UPX""); #endif if((unsigned int) write(ndesc, dest, dsize) != dsize) { cli_dbgmsg(""UPX/FSG: Can't write %d bytes\n"", dsize); free(tempfile); free(dest); close(ndesc); return CL_EWRITE; } free(dest); if (lseek(ndesc, 0, SEEK_SET) == -1) { cli_dbgmsg(""UPX/FSG: lseek() failed\n""); close(ndesc); CLI_TMPUNLK(); free(tempfile); SHA_RESET; return CL_ESEEK; } if(ctx->engine->keeptmp) cli_dbgmsg(""UPX/FSG: Decompressed data saved in %s\n"", tempfile); cli_dbgmsg(""***** Scanning decompressed file *****\n""); SHA_OFF; if((ret = cli_magic_scandesc(ndesc, ctx)) == CL_VIRUS) { close(ndesc); CLI_TMPUNLK(); free(tempfile); SHA_RESET; return CL_VIRUS; } SHA_RESET; close(ndesc); CLI_TMPUNLK(); free(tempfile); return ret; } if(epsize<200) { free(exe_sections); return CL_CLEAN; } found = 2; if(epbuff[0] != '\xb8' || (uint32_t) cli_readint32(epbuff + 1) != exe_sections[nsections - 1].rva + EC32(optional_hdr32.ImageBase)) { if(nsections < 2 || epbuff[0] != '\xb8' || (uint32_t) cli_readint32(epbuff + 1) != exe_sections[nsections - 2].rva + EC32(optional_hdr32.ImageBase)) found = 0; else found = 1; } if(found && (DCONF & PE_CONF_PETITE)) { cli_dbgmsg(""Petite: v2.%d compression detected\n"", found); if(cli_readint32(epbuff + 0x80) == 0x163c988d) { cli_dbgmsg(""Petite: level zero compression is not supported yet\n""); } else { dsize = max - min; CLI_UNPSIZELIMITS(""Petite"", dsize); if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) { cli_dbgmsg(""Petite: Can't allocate %d bytes\n"", dsize); free(exe_sections); return CL_EMEM; } for(i = 0 ; i < nsections; i++) { if(exe_sections[i].raw) { if(!exe_sections[i].rsz || (unsigned int)fmap_readn(map, dest + exe_sections[i].rva - min, exe_sections[i].raw, exe_sections[i].ursz) != exe_sections[i].ursz) { free(exe_sections); free(dest); return CL_CLEAN; } } } #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""Petite""); #endif CLI_UNPTEMP(""Petite"",(dest,exe_sections,0)); CLI_UNPRESULTS(""Petite"",(petite_inflate2x_1to9(dest, min, max - min, exe_sections, nsections - (found == 1 ? 1 : 0), EC32(optional_hdr32.ImageBase),vep, ndesc, found, EC32(optional_hdr32.DataDirectory[2].VirtualAddress),EC32(optional_hdr32.DataDirectory[2].Size))),0,(dest,0)); } } if((DCONF & PE_CONF_PESPIN) && nsections > 1 && vep >= exe_sections[nsections - 1].rva && vep < exe_sections[nsections - 1].rva + exe_sections[nsections - 1].rsz - 0x3217 - 4 && memcmp(epbuff+4, ""\xe8\x00\x00\x00\x00\x8b\x1c\x24\x83\xc3"", 10) == 0) { char *spinned; CLI_UNPSIZELIMITS(""PEspin"", fsize); if((spinned = (char *) cli_malloc(fsize)) == NULL) { cli_errmsg(""PESping: Unable to allocate memory for spinned %lu\n"", (unsigned long)fsize); free(exe_sections); return CL_EMEM; } if((size_t) fmap_readn(map, spinned, 0, fsize) != fsize) { cli_dbgmsg(""PESpin: Can't read %lu bytes\n"", (unsigned long)fsize); free(spinned); free(exe_sections); return CL_EREAD; } #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""PEspin""); #endif CLI_UNPTEMP(""PESpin"",(spinned,exe_sections,0)); CLI_UNPRESULTS_(""PEspin"",SPINCASE(),(unspin(spinned, fsize, exe_sections, nsections - 1, vep, ndesc, ctx)),0,(spinned,0)); } if((DCONF & PE_CONF_YC) && nsections > 1 && (EC32(optional_hdr32.AddressOfEntryPoint) == exe_sections[nsections - 1].rva + 0x60)) { uint32_t ecx = 0; int16_t offset; if (!memcmp(epbuff, ""\x55\x8B\xEC\x53\x56\x57\x60\xE8\x00\x00\x00\x00\x5D\x81\xED"", 15) && !memcmp(epbuff+0x26, ""\x8D\x3A\x8B\xF7\x33\xC0\xEB\x04\x90\xEB\x01\xC2\xAC"", 13) && ((uint8_t)epbuff[0x13] == 0xB9) && ((uint16_t)(cli_readint16(epbuff+0x18)) == 0xE981) && !memcmp(epbuff+0x1e,""\x8B\xD5\x81\xC2"", 4)) { offset = 0; if (0x6c - cli_readint32(epbuff+0xf) + cli_readint32(epbuff+0x22) == 0xC6) ecx = cli_readint32(epbuff+0x14) - cli_readint32(epbuff+0x1a); } if (!ecx && !memcmp(epbuff, ""\x55\x8B\xEC\x83\xEC\x40\x53\x56\x57"", 9) && !memcmp(epbuff+0x17, ""\xe8\x00\x00\x00\x00\x5d\x81\xed"", 8) && ((uint8_t)epbuff[0x23] == 0xB9)) { offset = 0x10; if (0x6c - cli_readint32(epbuff+0x1f) + cli_readint32(epbuff+0x32) == 0xC6) ecx = cli_readint32(epbuff+0x24) - cli_readint32(epbuff+0x2a); } if (!ecx && !memcmp(epbuff, ""\x60\xe8\x00\x00\x00\x00\x5d\x81\xed"",9) && ((uint8_t)epbuff[0xd] == 0xb9) && ((uint16_t)cli_readint16(epbuff + 0x12)== 0xbd8d) && !memcmp(epbuff+0x18, ""\x8b\xf7\xac"", 3)) { offset = -0x18; if (0x66 - cli_readint32(epbuff+0x9) + cli_readint32(epbuff+0x14) == 0xae) ecx = cli_readint32(epbuff+0xe); } if (ecx > 0x800 && ecx < 0x2000 && !memcmp(epbuff+0x63+offset, ""\xaa\xe2\xcc"", 3) && (fsize >= exe_sections[nsections-1].raw + 0xC6 + ecx + offset)) { char *spinned; if((spinned = (char *) cli_malloc(fsize)) == NULL) { cli_errmsg(""yC: Unable to allocate memory for spinned %lu\n"", (unsigned long)fsize); free(exe_sections); return CL_EMEM; } if((size_t) fmap_readn(map, spinned, 0, fsize) != fsize) { cli_dbgmsg(""yC: Can't read %lu bytes\n"", (unsigned long)fsize); free(spinned); free(exe_sections); return CL_EREAD; } #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""yC""); #endif cli_dbgmsg(""%d,%d,%d,%d\n"", nsections-1, e_lfanew, ecx, offset); CLI_UNPTEMP(""yC"",(spinned,exe_sections,0)); CLI_UNPRESULTS(""yC"",(yc_decrypt(spinned, fsize, exe_sections, nsections-1, e_lfanew, ndesc, ecx, offset)),0,(spinned,0)); } } while ((DCONF & PE_CONF_WWPACK) && nsections > 1 && vep == exe_sections[nsections - 1].rva && memcmp(epbuff, ""\x53\x55\x8b\xe8\x33\xdb\xeb"", 7) == 0 && memcmp(epbuff+0x68, ""\xe8\x00\x00\x00\x00\x58\x2d\x6d\x00\x00\x00\x50\x60\x33\xc9\x50\x58\x50\x50"", 19) == 0) { uint32_t head = exe_sections[nsections - 1].raw; uint8_t *packer; char *src; ssize = 0; for(i=0 ; ; i++) { if(exe_sections[i].rawssize) break; CLI_UNPSIZELIMITS(""WWPack"", ssize); if(!(src=(char *)cli_calloc(ssize, sizeof(char)))) { free(exe_sections); return CL_EMEM; } if((size_t) fmap_readn(map, src, 0, head) != head) { cli_dbgmsg(""WWPack: Can't read %d bytes from headers\n"", head); free(src); free(exe_sections); return CL_EREAD; } for(i = 0 ; i < (unsigned int)nsections-1; i++) { if(!exe_sections[i].rsz) continue; if(!CLI_ISCONTAINED(src, ssize, src+exe_sections[i].rva, exe_sections[i].rsz)) break; if((unsigned int)fmap_readn(map, src+exe_sections[i].rva, exe_sections[i].raw, exe_sections[i].rsz)!=exe_sections[i].rsz) break; } if(i+1!=nsections) { cli_dbgmsg(""WWpack: Probably hacked/damaged file.\n""); free(src); break; } if((packer = (uint8_t *) cli_calloc(exe_sections[nsections - 1].rsz, sizeof(char))) == NULL) { free(src); free(exe_sections); return CL_EMEM; } if(!exe_sections[nsections - 1].rsz || (size_t) fmap_readn(map, packer, exe_sections[nsections - 1].raw, exe_sections[nsections - 1].rsz) != exe_sections[nsections - 1].rsz) { cli_dbgmsg(""WWPack: Can't read %d bytes from wwpack sect\n"", exe_sections[nsections - 1].rsz); free(src); free(packer); free(exe_sections); return CL_EREAD; } #if HAVE_JSON cli_jsonstr(pe_json, ""Packer"", ""WWPack""); #endif CLI_UNPTEMP(""WWPack"",(src,packer,exe_sections,0)); CLI_UNPRESULTS(""WWPack"",(wwunpack((uint8_t *)src, ssize, packer, exe_sections, nsections-1, e_lfanew, ndesc)),0,(src,packer,0)); break; } while((DCONF & PE_CONF_ASPACK) && ep+58+0x70e < fsize && !memcmp(epbuff,""\x60\xe8\x03\x00\x00\x00\xe9\xeb"",8)) { char *src; if(epsize<0x3bf || memcmp(epbuff+0x3b9, ""\x68\x00\x00\x00\x00\xc3"",6)) break; ssize = 0; for(i=0 ; i< nsections ; i++) if(ssizecorrupted_input = corrupted_cur; bc_ctx = cli_bytecode_context_alloc(); if (!bc_ctx) { cli_errmsg(""cli_scanpe: can't allocate memory for bc_ctx\n""); return CL_EMEM; } cli_bytecode_context_setpe(bc_ctx, &pedata, exe_sections); cli_bytecode_context_setctx(bc_ctx, ctx); ret = cli_bytecode_runhook(ctx, ctx->engine, bc_ctx, BC_PE_UNPACKER, map); switch (ret) { case CL_VIRUS: free(exe_sections); cli_bytecode_context_destroy(bc_ctx); return CL_VIRUS; case CL_SUCCESS: ndesc = cli_bytecode_context_getresult_file(bc_ctx, &tempfile); cli_bytecode_context_destroy(bc_ctx); if (ndesc != -1 && tempfile) { CLI_UNPRESULTS(""bytecode PE hook"", 1, 1, (0)); } break; default: cli_bytecode_context_destroy(bc_ctx); } free(exe_sections); #if HAVE_JSON if (cli_json_timeout_cycle_check(ctx, &toval) != CL_SUCCESS) { return CL_ETIMEOUT; } #endif if (SCAN_ALL && viruses_found) return CL_VIRUS; return CL_CLEAN;",visit repo url,libclamav/pe.c,https://github.com/vrtadmin/clamav-devel,25018425336801,1 6107,CWE-190,"static void eb_mul_lnaf_imp(eb_t r, const eb_t p, const bn_t k) { int i, l, n; int8_t naf[RLC_FB_BITS + 1]; eb_t t[1 << (EB_WIDTH - 2)]; RLC_TRY { for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_null(t[i]); eb_new(t[i]); eb_set_infty(t[i]); fb_set_dig(t[i]->z, 1); t[i]->coord = BASIC; } eb_tab(t, p, EB_WIDTH); l = sizeof(naf); bn_rec_naf(naf, &l, k, EB_WIDTH); n = naf[l - 1]; if (n > 0) { eb_copy(r, t[n / 2]); } for (i = l - 2; i >= 0; i--) { eb_dbl(r, r); n = naf[i]; if (n > 0) { eb_add(r, r, t[n / 2]); } if (n < 0) { eb_sub(r, r, t[-n / 2]); } } eb_norm(r, r); if (bn_sign(k) == RLC_NEG) { eb_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < (1 << (EB_WIDTH - 2)); i++) { eb_free(t[i]); } } }",visit repo url,src/eb/relic_eb_mul.c,https://github.com/relic-toolkit/relic,278674656297476,1 4719,CWE-787,"static int msg_parse_fetch(struct ImapHeader *h, char *s) { char tmp[SHORT_STRING]; char *ptmp = NULL; if (!s) return -1; while (*s) { SKIPWS(s); if (mutt_str_strncasecmp(""FLAGS"", s, 5) == 0) { s = msg_parse_flags(h, s); if (!s) return -1; } else if (mutt_str_strncasecmp(""UID"", s, 3) == 0) { s += 3; SKIPWS(s); if (mutt_str_atoui(s, &h->data->uid) < 0) return -1; s = imap_next_word(s); } else if (mutt_str_strncasecmp(""INTERNALDATE"", s, 12) == 0) { s += 12; SKIPWS(s); if (*s != '\""') { mutt_debug(1, ""bogus INTERNALDATE entry: %s\n"", s); return -1; } s++; ptmp = tmp; while (*s && *s != '\""') *ptmp++ = *s++; if (*s != '\""') return -1; s++; *ptmp = '\0'; h->received = mutt_date_parse_imap(tmp); } else if (mutt_str_strncasecmp(""RFC822.SIZE"", s, 11) == 0) { s += 11; SKIPWS(s); ptmp = tmp; while (isdigit((unsigned char) *s)) *ptmp++ = *s++; *ptmp = '\0'; if (mutt_str_atol(tmp, &h->content_length) < 0) return -1; } else if ((mutt_str_strncasecmp(""BODY"", s, 4) == 0) || (mutt_str_strncasecmp(""RFC822.HEADER"", s, 13) == 0)) { return -2; } else if (*s == ')') s++; else if (*s) { imap_error(""msg_parse_fetch"", s); return -1; } } return 0; }",visit repo url,imap/message.c,https://github.com/neomutt/neomutt,248809737400782,1 4022,['CWE-362'],"static void audit_add_to_parent(struct audit_krule *krule, struct audit_parent *parent) { struct audit_watch *w, *watch = krule->watch; int watch_found = 0; list_for_each_entry(w, &parent->watches, wlist) { if (strcmp(watch->path, w->path)) continue; watch_found = 1; audit_put_watch(watch); audit_put_watch(watch); audit_get_watch(w); krule->watch = watch = w; break; } if (!watch_found) { get_inotify_watch(&parent->wdata); watch->parent = parent; list_add(&watch->wlist, &parent->watches); } list_add(&krule->rlist, &watch->rules); }",linux-2.6,,,21508238422458331882252313498474833634,0 4107,['CWE-399'],"static void bsg_kref_release_function(struct kref *kref) { struct bsg_class_device *bcd = container_of(kref, struct bsg_class_device, ref); struct device *parent = bcd->parent; if (bcd->release) bcd->release(bcd->parent); put_device(parent); }",linux-2.6,,,288584842952919362257693726972771832758,0 2542,CWE-399,"init_remote_listener(int port, gboolean encrypted) { int rc; int *ssock = NULL; struct sockaddr_in saddr; int optval; static struct mainloop_fd_callbacks remote_listen_fd_callbacks = { .dispatch = cib_remote_listen, .destroy = remote_connection_destroy, }; if (port <= 0) { return 0; } if (encrypted) { #ifndef HAVE_GNUTLS_GNUTLS_H crm_warn(""TLS support is not available""); return 0; #else crm_notice(""Starting a tls listener on port %d."", port); gnutls_global_init(); gnutls_global_set_log_function(debug_log); gnutls_dh_params_init(&dh_params); gnutls_dh_params_generate2(dh_params, DH_BITS); gnutls_anon_allocate_server_credentials(&anon_cred_s); gnutls_anon_set_server_dh_params(anon_cred_s, dh_params); #endif } else { crm_warn(""Starting a plain_text listener on port %d."", port); } #ifndef HAVE_PAM crm_warn(""PAM is _not_ enabled!""); #endif ssock = malloc(sizeof(int)); *ssock = socket(AF_INET, SOCK_STREAM, 0); if (*ssock == -1) { crm_perror(LOG_ERR, ""Can not create server socket."" ERROR_SUFFIX); free(ssock); return -1; } optval = 1; rc = setsockopt(*ssock, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); if(rc < 0) { crm_perror(LOG_INFO, ""Couldn't allow the reuse of local addresses by our remote listener""); } memset(&saddr, '\0', sizeof(saddr)); saddr.sin_family = AF_INET; saddr.sin_addr.s_addr = INADDR_ANY; saddr.sin_port = htons(port); if (bind(*ssock, (struct sockaddr *)&saddr, sizeof(saddr)) == -1) { crm_perror(LOG_ERR, ""Can not bind server socket."" ERROR_SUFFIX); close(*ssock); free(ssock); return -2; } if (listen(*ssock, 10) == -1) { crm_perror(LOG_ERR, ""Can not start listen."" ERROR_SUFFIX); close(*ssock); free(ssock); return -3; } mainloop_add_fd(""cib-remote"", G_PRIORITY_DEFAULT, *ssock, ssock, &remote_listen_fd_callbacks); return *ssock; }",visit repo url,cib/remote.c,https://github.com/ClusterLabs/pacemaker,218233543227134,1 5636,CWE-125,"ast_for_classdef(struct compiling *c, const node *n, asdl_seq *decorator_seq) { PyObject *classname; asdl_seq *s; expr_ty call; REQ(n, classdef); if (NCH(n) == 4) { s = ast_for_suite(c, CHILD(n, 3)); if (!s) return NULL; classname = NEW_IDENTIFIER(CHILD(n, 1)); if (!classname) return NULL; if (forbidden_name(c, classname, CHILD(n, 3), 0)) return NULL; return ClassDef(classname, NULL, NULL, s, decorator_seq, LINENO(n), n->n_col_offset, c->c_arena); } if (TYPE(CHILD(n, 3)) == RPAR) { s = ast_for_suite(c, CHILD(n,5)); if (!s) return NULL; classname = NEW_IDENTIFIER(CHILD(n, 1)); if (!classname) return NULL; if (forbidden_name(c, classname, CHILD(n, 3), 0)) return NULL; return ClassDef(classname, NULL, NULL, s, decorator_seq, LINENO(n), n->n_col_offset, c->c_arena); } { PyObject *dummy_name; expr_ty dummy; dummy_name = NEW_IDENTIFIER(CHILD(n, 1)); if (!dummy_name) return NULL; dummy = Name(dummy_name, Load, LINENO(n), n->n_col_offset, c->c_arena); call = ast_for_call(c, CHILD(n, 3), dummy); if (!call) return NULL; } s = ast_for_suite(c, CHILD(n, 6)); if (!s) return NULL; classname = NEW_IDENTIFIER(CHILD(n, 1)); if (!classname) return NULL; if (forbidden_name(c, classname, CHILD(n, 1), 0)) return NULL; return ClassDef(classname, call->v.Call.args, call->v.Call.keywords, s, decorator_seq, LINENO(n), n->n_col_offset, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,62107758330223,1 4467,['CWE-264'],"static int skfp_send_pkt(struct sk_buff *skb, struct net_device *dev) { struct s_smc *smc = netdev_priv(dev); skfddi_priv *bp = &smc->os; PRINTK(KERN_INFO ""skfp_send_pkt\n""); if (!(skb->len >= FDDI_K_LLC_ZLEN && skb->len <= FDDI_K_LLC_LEN)) { bp->MacStat.gen.tx_errors++; netif_start_queue(dev); dev_kfree_skb(skb); return (0); } if (bp->QueueSkb == 0) { netif_stop_queue(dev); return 1; } bp->QueueSkb--; skb_queue_tail(&bp->SendSkbQueue, skb); send_queued_packets(netdev_priv(dev)); if (bp->QueueSkb == 0) { netif_stop_queue(dev); } dev->trans_start = jiffies; return 0; } ",linux-2.6,,,100179716301191802840939130286196735591,0 4405,CWE-787,"next_state_class(CClassNode* cc, OnigCodePoint* vs, enum CCVALTYPE* type, enum CCSTATE* state, ScanEnv* env) { int r; if (*state == CCS_RANGE) return ONIGERR_CHAR_CLASS_VALUE_AT_END_OF_RANGE; if (*state == CCS_VALUE && *type != CCV_CLASS) { if (*type == CCV_SB) BITSET_SET_BIT(cc->bs, (int )(*vs)); else if (*type == CCV_CODE_POINT) { r = add_code_range(&(cc->mbuf), env, *vs, *vs); if (r < 0) return r; } } *state = CCS_VALUE; *type = CCV_CLASS; return 0; }",visit repo url,src/regparse.c,https://github.com/kkos/oniguruma,229044829648304,1 2725,CWE-415,"static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patlen, OnigOptionType options, OnigEncoding enc, OnigSyntaxType *syntax TSRMLS_DC) { int err_code = 0; int found = 0; php_mb_regex_t *retval = NULL, **rc = NULL; OnigErrorInfo err_info; OnigUChar err_str[ONIG_MAX_ERROR_MESSAGE_LEN]; found = zend_hash_find(&MBREX(ht_rc), (char *)pattern, patlen+1, (void **) &rc); if (found == FAILURE || (*rc)->options != options || (*rc)->enc != enc || (*rc)->syntax != syntax) { if ((err_code = onig_new(&retval, (OnigUChar *)pattern, (OnigUChar *)(pattern + patlen), options, enc, syntax, &err_info)) != ONIG_NORMAL) { onig_error_code_to_str(err_str, err_code, err_info); php_error_docref(NULL TSRMLS_CC, E_WARNING, ""mbregex compile err: %s"", err_str); retval = NULL; goto out; } zend_hash_update(&MBREX(ht_rc), (char *) pattern, patlen + 1, (void *) &retval, sizeof(retval), NULL); } else if (found == SUCCESS) { retval = *rc; } out: return retval; }",visit repo url,ext/mbstring/php_mbregex.c,https://github.com/php/php-src,217808415233488,1 2512,CWE-20,"void initServer() { int j; signal(SIGHUP, SIG_IGN); signal(SIGPIPE, SIG_IGN); setupSigSegvAction(); if (server.syslog_enabled) { openlog(server.syslog_ident, LOG_PID | LOG_NDELAY | LOG_NOWAIT, server.syslog_facility); } server.mainthread = pthread_self(); server.clients = listCreate(); server.slaves = listCreate(); server.monitors = listCreate(); server.unblocked_clients = listCreate(); createSharedObjects(); server.el = aeCreateEventLoop(); server.db = zmalloc(sizeof(redisDb)*server.dbnum); server.ipfd = anetTcpServer(server.neterr,server.port,server.bindaddr); if (server.ipfd == ANET_ERR) { redisLog(REDIS_WARNING, ""Opening port: %s"", server.neterr); exit(1); } if (server.unixsocket != NULL) { unlink(server.unixsocket); server.sofd = anetUnixServer(server.neterr,server.unixsocket); if (server.sofd == ANET_ERR) { redisLog(REDIS_WARNING, ""Opening socket: %s"", server.neterr); exit(1); } } if (server.ipfd < 0 && server.sofd < 0) { redisLog(REDIS_WARNING, ""Configured to not listen anywhere, exiting.""); exit(1); } for (j = 0; j < server.dbnum; j++) { server.db[j].dict = dictCreate(&dbDictType,NULL); server.db[j].expires = dictCreate(&keyptrDictType,NULL); server.db[j].blocking_keys = dictCreate(&keylistDictType,NULL); server.db[j].watched_keys = dictCreate(&keylistDictType,NULL); if (server.vm_enabled) server.db[j].io_keys = dictCreate(&keylistDictType,NULL); server.db[j].id = j; } server.pubsub_channels = dictCreate(&keylistDictType,NULL); server.pubsub_patterns = listCreate(); listSetFreeMethod(server.pubsub_patterns,freePubsubPattern); listSetMatchMethod(server.pubsub_patterns,listMatchPubsubPattern); server.cronloops = 0; server.bgsavechildpid = -1; server.bgrewritechildpid = -1; server.bgrewritebuf = sdsempty(); server.aofbuf = sdsempty(); server.lastsave = time(NULL); server.dirty = 0; server.stat_numcommands = 0; server.stat_numconnections = 0; server.stat_expiredkeys = 0; server.stat_evictedkeys = 0; server.stat_starttime = time(NULL); server.stat_keyspace_misses = 0; server.stat_keyspace_hits = 0; server.unixtime = time(NULL); aeCreateTimeEvent(server.el, 1, serverCron, NULL, NULL); if (server.ipfd > 0 && aeCreateFileEvent(server.el,server.ipfd,AE_READABLE, acceptTcpHandler,NULL) == AE_ERR) oom(""creating file event""); if (server.sofd > 0 && aeCreateFileEvent(server.el,server.sofd,AE_READABLE, acceptUnixHandler,NULL) == AE_ERR) oom(""creating file event""); if (server.appendonly) { server.appendfd = open(server.appendfilename,O_WRONLY|O_APPEND|O_CREAT,0644); if (server.appendfd == -1) { redisLog(REDIS_WARNING, ""Can't open the append-only file: %s"", strerror(errno)); exit(1); } } if (server.vm_enabled) vmInit(); }",visit repo url,src/redis.c,https://github.com/antirez/redis,69865979349710,1 447,[],"pfm_inherit(struct task_struct *task, struct pt_regs *regs) { struct thread_struct *thread; DPRINT((""perfmon: pfm_inherit clearing state for [%d]\n"", task->pid)); thread = &task->thread; thread->pfm_context = NULL; PFM_SET_WORK_PENDING(task, 0); }",linux-2.6,,,93767384719573166935130686714158133160,0 1764,[],"static inline void update_last_tick_seen(struct rq *rq) { }",linux-2.6,,,66175328050885530172301314951762809947,0 1770,CWE-119,"mark_source_chains(const struct xt_table_info *newinfo, unsigned int valid_hooks, void *entry0) { unsigned int hook; for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) { unsigned int pos = newinfo->hook_entry[hook]; struct ip6t_entry *e = (struct ip6t_entry *)(entry0 + pos); if (!(valid_hooks & (1 << hook))) continue; e->counters.pcnt = pos; for (;;) { const struct xt_standard_target *t = (void *)ip6t_get_target_c(e); int visited = e->comefrom & (1 << hook); if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { pr_err(""iptables: loop hook %u pos %u %08X.\n"", hook, pos, e->comefrom); return 0; } e->comefrom |= ((1 << hook) | (1 << NF_INET_NUMHOOKS)); if ((e->target_offset == sizeof(struct ip6t_entry) && (strcmp(t->target.u.user.name, XT_STANDARD_TARGET) == 0) && t->verdict < 0 && unconditional(&e->ipv6)) || visited) { unsigned int oldpos, size; if ((strcmp(t->target.u.user.name, XT_STANDARD_TARGET) == 0) && t->verdict < -NF_MAX_VERDICT - 1) { duprintf(""mark_source_chains: bad "" ""negative verdict (%i)\n"", t->verdict); return 0; } do { e->comefrom ^= (1<comefrom & (1 << NF_INET_NUMHOOKS)) { duprintf(""Back unset "" ""on hook %u "" ""rule %u\n"", hook, pos); } #endif oldpos = pos; pos = e->counters.pcnt; e->counters.pcnt = 0; if (pos == oldpos) goto next; e = (struct ip6t_entry *) (entry0 + pos); } while (oldpos == pos + e->next_offset); size = e->next_offset; e = (struct ip6t_entry *) (entry0 + pos + size); e->counters.pcnt = pos; pos += size; } else { int newpos = t->verdict; if (strcmp(t->target.u.user.name, XT_STANDARD_TARGET) == 0 && newpos >= 0) { if (newpos > newinfo->size - sizeof(struct ip6t_entry)) { duprintf(""mark_source_chains: "" ""bad verdict (%i)\n"", newpos); return 0; } duprintf(""Jump rule %u -> %u\n"", pos, newpos); } else { newpos = pos + e->next_offset; } e = (struct ip6t_entry *) (entry0 + newpos); e->counters.pcnt = pos; pos = newpos; } } next: duprintf(""Finished chain %u\n"", hook); } return 1; }",visit repo url,net/ipv6/netfilter/ip6_tables.c,https://github.com/torvalds/linux,180809706538956,1 4080,['CWE-399'],"static int svc_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { int error, ep_ref; struct sockaddr_atmsvc sa; struct atm_vcc *vcc = ATM_SD(sock); switch (cmd) { case ATM_ADDPARTY: if (!test_bit(ATM_VF_SESSION, &vcc->flags)) return -EINVAL; if (copy_from_user(&sa, (void __user *) arg, sizeof(sa))) return -EFAULT; error = svc_addparty(sock, (struct sockaddr *) &sa, sizeof(sa), 0); break; case ATM_DROPPARTY: if (!test_bit(ATM_VF_SESSION, &vcc->flags)) return -EINVAL; if (copy_from_user(&ep_ref, (void __user *) arg, sizeof(int))) return -EFAULT; error = svc_dropparty(sock, ep_ref); break; default: error = vcc_ioctl(sock, cmd, arg); } return error; }",linux-2.6,,,314415910600576599869615730935821214057,0 2504,CWE-20,"void freeClient(redisClient *c) { listNode *ln; sdsfree(c->querybuf); c->querybuf = NULL; if (c->flags & REDIS_BLOCKED) unblockClientWaitingData(c); unwatchAllKeys(c); listRelease(c->watched_keys); pubsubUnsubscribeAllChannels(c,0); pubsubUnsubscribeAllPatterns(c,0); dictRelease(c->pubsub_channels); listRelease(c->pubsub_patterns); aeDeleteFileEvent(server.el,c->fd,AE_READABLE); aeDeleteFileEvent(server.el,c->fd,AE_WRITABLE); listRelease(c->reply); freeClientArgv(c); close(c->fd); ln = listSearchKey(server.clients,c); redisAssert(ln != NULL); listDelNode(server.clients,ln); if (c->flags & REDIS_IO_WAIT) { redisAssert(server.vm_enabled); if (listLength(c->io_keys) == 0) { ln = listSearchKey(server.io_ready_clients,c); redisAssert(ln != NULL); listDelNode(server.io_ready_clients,ln); } else { while (listLength(c->io_keys)) { ln = listFirst(c->io_keys); dontWaitForSwappedKey(c,ln->value); } } server.vm_blocked_clients--; } listRelease(c->io_keys); if (c->flags & REDIS_SLAVE) { if (c->replstate == REDIS_REPL_SEND_BULK && c->repldbfd != -1) close(c->repldbfd); list *l = (c->flags & REDIS_MONITOR) ? server.monitors : server.slaves; ln = listSearchKey(l,c); redisAssert(ln != NULL); listDelNode(l,ln); } if (c->flags & REDIS_MASTER) { server.master = NULL; server.replstate = REDIS_REPL_CONNECT; while (listLength(server.slaves)) { ln = listFirst(server.slaves); freeClient((redisClient*)ln->value); } } zfree(c->argv); freeClientMultiState(c); zfree(c); }",visit repo url,src/networking.c,https://github.com/antirez/redis,187757549458792,1 4376,CWE-787,"static int iw_process_rows_intermediate_to_final(struct iw_context *ctx, int intermed_channel, const struct iw_csdescr *out_csdescr) { int i,j; int z; int k; int retval=0; iw_tmpsample tmpsamp; iw_tmpsample alphasamp = 0.0; iw_tmpsample *inpix_tofree = NULL; iw_tmpsample *outpix_tofree = NULL; int using_errdiffdither = 0; int output_channel; int is_alpha_channel; int bkgd_has_transparency; double tmpbkgdalpha=0.0; int alt_bkgd = 0; struct iw_resize_settings *rs = NULL; int ditherfamily, dithersubtype; struct iw_channelinfo_intermed *int_ci; struct iw_channelinfo_out *out_ci; iw_tmpsample *in_pix = NULL; iw_tmpsample *out_pix = NULL; int num_in_pix; int num_out_pix; num_in_pix = ctx->intermed_canvas_width; num_out_pix = ctx->img2.width; int_ci = &ctx->intermed_ci[intermed_channel]; output_channel = int_ci->corresponding_output_channel; out_ci = &ctx->img2_ci[output_channel]; is_alpha_channel = (int_ci->channeltype==IW_CHANNELTYPE_ALPHA); bkgd_has_transparency = iw_bkgd_has_transparency(ctx); inpix_tofree = (iw_tmpsample*)iw_malloc(ctx, num_in_pix * sizeof(iw_tmpsample)); in_pix = inpix_tofree; outpix_tofree = (iw_tmpsample*)iw_malloc(ctx, num_out_pix * sizeof(iw_tmpsample)); if(!outpix_tofree) goto done; out_pix = outpix_tofree; if(ctx->nearest_color_table && !is_alpha_channel && out_ci->ditherfamily==IW_DITHERFAMILY_NONE && out_ci->color_count==0) { out_ci->use_nearest_color_table = 1; } else { out_ci->use_nearest_color_table = 0; } ditherfamily = out_ci->ditherfamily; dithersubtype = out_ci->dithersubtype; if(ditherfamily==IW_DITHERFAMILY_RANDOM) { if(dithersubtype==IW_DITHERSUBTYPE_SAMEPATTERN && out_ci->channeltype!=IW_CHANNELTYPE_ALPHA) { iwpvt_prng_set_random_seed(ctx->prng,ctx->random_seed); } else { iwpvt_prng_set_random_seed(ctx->prng,ctx->random_seed+out_ci->channeltype); } } if(output_channel>=0 && out_ci->ditherfamily==IW_DITHERFAMILY_ERRDIFF) { using_errdiffdither = 1; for(i=0;iimg2.width;i++) { for(k=0;kdither_errors[k][i] = 0.0; } } } rs=&ctx->resize_settings[IW_DIMENSION_H]; if(!rs->rrctx) { rs->rrctx = iwpvt_resize_rows_init(ctx,rs,int_ci->channeltype, num_in_pix, num_out_pix); if(!rs->rrctx) goto done; } for(j=0;jintermed_canvas_height;j++) { if(is_alpha_channel) { for(i=0;iintermediate_alpha32[((size_t)j)*ctx->intermed_canvas_width+i]; } } else { for(i=0;iintermediate32[((size_t)j)*ctx->intermed_canvas_width+i]; } } iwpvt_resize_row_main(rs->rrctx,in_pix,out_pix); if(ctx->intclamp) clamp_output_samples(ctx,out_pix,num_out_pix); if(is_alpha_channel && outpix_tofree && ctx->final_alpha32) { for(i=0;ifinal_alpha32[((size_t)j)*ctx->img2.width+i] = (iw_float32)outpix_tofree[i]; } } if(output_channel == -1) { goto here; } for(z=0;zimg2.width;z++) { if(using_errdiffdither && (j%2)) i=ctx->img2.width-1-z; else i=z; tmpsamp = out_pix[i]; if(ctx->bkgd_checkerboard) { alt_bkgd = (((ctx->bkgd_check_origin[IW_DIMENSION_H]+i)/ctx->bkgd_check_size)%2) != (((ctx->bkgd_check_origin[IW_DIMENSION_V]+j)/ctx->bkgd_check_size)%2); } if(bkgd_has_transparency) { tmpbkgdalpha = alt_bkgd ? ctx->bkgd2alpha : ctx->bkgd1alpha; } if(int_ci->need_unassoc_alpha_processing) { alphasamp = ctx->final_alpha32[((size_t)j)*ctx->img2.width + i]; if(alphasamp!=0.0) { tmpsamp /= alphasamp; } if(ctx->apply_bkgd && ctx->apply_bkgd_strategy==IW_BKGD_STRATEGY_LATE) { double bkcolor; bkcolor = alt_bkgd ? out_ci->bkgd2_color_lin : out_ci->bkgd1_color_lin; if(bkgd_has_transparency) { tmpsamp = tmpsamp*alphasamp + bkcolor*tmpbkgdalpha*(1.0-alphasamp); } else { tmpsamp = tmpsamp*alphasamp + bkcolor*(1.0-alphasamp); } } } else if(is_alpha_channel && bkgd_has_transparency) { tmpsamp = tmpsamp + tmpbkgdalpha*(1.0-tmpsamp); } if(ctx->img2.sampletype==IW_SAMPLETYPE_FLOATINGPOINT) put_sample_convert_from_linear_flt(ctx,tmpsamp,i,j,output_channel,out_csdescr); else put_sample_convert_from_linear(ctx,tmpsamp,i,j,output_channel,out_csdescr); } if(using_errdiffdither) { for(i=0;iimg2.width;i++) { for(k=0;kdither_errors[k][i] = ctx->dither_errors[k+1][i]; } ctx->dither_errors[IW_DITHER_MAXROWS-1][i] = 0.0; } } here: ; } retval=1; done: if(rs && rs->disable_rrctx_cache && rs->rrctx) { iwpvt_resize_rows_done(rs->rrctx); rs->rrctx = NULL; } if(inpix_tofree) iw_free(ctx,inpix_tofree); if(outpix_tofree) iw_free(ctx,outpix_tofree); return retval; }",visit repo url,src/imagew-main.c,https://github.com/jsummers/imageworsener,228217101458167,1 1847,CWE-416,"void rose_stop_heartbeat(struct sock *sk) { del_timer(&sk->sk_timer); }",visit repo url,net/rose/rose_timer.c,https://github.com/torvalds/linux,100820659432153,1 3468,NVD-CWE-noinfo,"list_fields(MYSQL *mysql,const char *db,const char *table, const char *wild) { char query[1024],*end; MYSQL_RES *result; MYSQL_ROW row; ulong UNINIT_VAR(rows); if (mysql_select_db(mysql,db)) { fprintf(stderr,""%s: Cannot connect to db: %s: %s\n"",my_progname,db, mysql_error(mysql)); return 1; } if (opt_count) { sprintf(query,""select count(*) from `%s`"", table); if (mysql_query(mysql,query) || !(result=mysql_store_result(mysql))) { fprintf(stderr,""%s: Cannot get record count for db: %s, table: %s: %s\n"", my_progname,db,table,mysql_error(mysql)); return 1; } row= mysql_fetch_row(result); rows= (ulong) strtoull(row[0], (char**) 0, 10); mysql_free_result(result); } end=strmov(strmov(strmov(query,""show /*!32332 FULL */ columns from `""),table),""`""); if (wild && wild[0]) strxmov(end,"" like '"",wild,""'"",NullS); if (mysql_query(mysql,query) || !(result=mysql_store_result(mysql))) { fprintf(stderr,""%s: Cannot list columns in db: %s, table: %s: %s\n"", my_progname,db,table,mysql_error(mysql)); return 1; } printf(""Database: %s Table: %s"", db, table); if (opt_count) printf("" Rows: %lu"", rows); if (wild && wild[0]) printf("" Wildcard: %s"",wild); putchar('\n'); print_res_header(result); while ((row=mysql_fetch_row(result))) print_res_row(result,row); print_res_top(result); if (opt_show_keys) { end=strmov(strmov(strmov(query,""show keys from `""),table),""`""); if (mysql_query(mysql,query) || !(result=mysql_store_result(mysql))) { fprintf(stderr,""%s: Cannot list keys in db: %s, table: %s: %s\n"", my_progname,db,table,mysql_error(mysql)); return 1; } if (mysql_num_rows(result)) { print_res_header(result); while ((row=mysql_fetch_row(result))) print_res_row(result,row); print_res_top(result); } else puts(""Table has no keys""); } mysql_free_result(result); return 0; }",visit repo url,client/mysqlshow.c,https://github.com/mysql/mysql-server,269307023905986,1 3287,CWE-787,"arista_print_date_hms_time(netdissect_options *ndo, uint32_t seconds, uint32_t nanoseconds) { time_t ts; struct tm *tm; char buf[BUFSIZE]; ts = seconds + (nanoseconds / 1000000000); nanoseconds %= 1000000000; if (NULL == (tm = gmtime(&ts))) ND_PRINT(""gmtime() error""); else if (0 == strftime(buf, sizeof(buf), ""%Y-%m-%d %H:%M:%S"", tm)) ND_PRINT(""strftime() error""); else ND_PRINT(""%s.%09u"", buf, nanoseconds); }",visit repo url,print-arista.c,https://github.com/the-tcpdump-group/tcpdump,72903932802541,1 2367,CWE-129,"static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc, const char *name, uint32_t *write_to, uint32_t range_min, uint32_t range_max) { uint32_t value; int position, zeroes, i, j; char bits[65]; if (ctx->trace_enable) position = get_bits_count(gbc); zeroes = i = 0; while (1) { if (get_bits_left(gbc) < zeroes + 1) { av_log(ctx->log_ctx, AV_LOG_ERROR, ""Invalid uvlc code at "" ""%s: bitstream ended.\n"", name); return AVERROR_INVALIDDATA; } if (get_bits1(gbc)) { bits[i++] = '1'; break; } else { bits[i++] = '0'; ++zeroes; } } if (zeroes >= 32) { value = MAX_UINT_BITS(32); } else { value = get_bits_long(gbc, zeroes); for (j = 0; j < zeroes; j++) bits[i++] = (value >> (zeroes - j - 1) & 1) ? '1' : '0'; value += (1 << zeroes) - 1; } if (ctx->trace_enable) { bits[i] = 0; ff_cbs_trace_syntax_element(ctx, position, name, NULL, bits, value); } if (value < range_min || value > range_max) { av_log(ctx->log_ctx, AV_LOG_ERROR, ""%s out of range: "" ""%""PRIu32"", but must be in [%""PRIu32"",%""PRIu32""].\n"", name, value, range_min, range_max); return AVERROR_INVALIDDATA; } *write_to = value; return 0; }",visit repo url,libavcodec/cbs_av1.c,https://github.com/FFmpeg/FFmpeg,196058234714022,1 3164,CWE-125,"isakmp_rfc3948_print(netdissect_options *ndo, const u_char *bp, u_int length, const u_char *bp2) { if(length == 1 && bp[0]==0xff) { ND_PRINT((ndo, ""isakmp-nat-keep-alive"")); return; } if(length < 4) { goto trunc; } if(bp[0]==0 && bp[1]==0 && bp[2]==0 && bp[3]==0) { ND_PRINT((ndo, ""NONESP-encap: "")); isakmp_print(ndo, bp+4, length-4, bp2); return; } { int nh, enh, padlen; int advance; ND_PRINT((ndo, ""UDP-encap: "")); advance = esp_print(ndo, bp, length, bp2, &enh, &padlen); if(advance <= 0) return; bp += advance; length -= advance + padlen; nh = enh & 0xff; ip_print_inner(ndo, bp, length, nh, bp2); return; } trunc: ND_PRINT((ndo,""[|isakmp]"")); return; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,256822068576290,1 136,[],"int compat_do_execve(char * filename, compat_uptr_t __user *argv, compat_uptr_t __user *envp, struct pt_regs * regs) { struct linux_binprm *bprm; struct file *file; int retval; int i; retval = -ENOMEM; bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); if (!bprm) goto out_ret; file = open_exec(filename); retval = PTR_ERR(file); if (IS_ERR(file)) goto out_kfree; sched_exec(); bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); bprm->file = file; bprm->filename = filename; bprm->interp = filename; bprm->mm = mm_alloc(); retval = -ENOMEM; if (!bprm->mm) goto out_file; retval = init_new_context(current, bprm->mm); if (retval < 0) goto out_mm; bprm->argc = compat_count(argv, bprm->p / sizeof(compat_uptr_t)); if ((retval = bprm->argc) < 0) goto out_mm; bprm->envc = compat_count(envp, bprm->p / sizeof(compat_uptr_t)); if ((retval = bprm->envc) < 0) goto out_mm; retval = security_bprm_alloc(bprm); if (retval) goto out; retval = prepare_binprm(bprm); if (retval < 0) goto out; retval = copy_strings_kernel(1, &bprm->filename, bprm); if (retval < 0) goto out; bprm->exec = bprm->p; retval = compat_copy_strings(bprm->envc, envp, bprm); if (retval < 0) goto out; retval = compat_copy_strings(bprm->argc, argv, bprm); if (retval < 0) goto out; retval = search_binary_handler(bprm, regs); if (retval >= 0) { free_arg_pages(bprm); security_bprm_free(bprm); acct_update_integrals(current); kfree(bprm); return retval; } out: for (i = 0 ; i < MAX_ARG_PAGES ; i++) { struct page * page = bprm->page[i]; if (page) __free_page(page); } if (bprm->security) security_bprm_free(bprm); out_mm: if (bprm->mm) mmdrop(bprm->mm); out_file: if (bprm->file) { allow_write_access(bprm->file); fput(bprm->file); } out_kfree: kfree(bprm); out_ret: return retval; }",linux-2.6,,,56736574750204326297218206297573759473,0 3205,CWE-125,"ieee802_15_4_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { u_int caplen = h->caplen; u_int hdrlen; uint16_t fc; uint8_t seq; uint16_t panid = 0; if (caplen < 3) { ND_PRINT((ndo, ""[|802.15.4]"")); return caplen; } hdrlen = 3; fc = EXTRACT_LE_16BITS(p); seq = EXTRACT_LE_8BITS(p + 2); p += 3; caplen -= 3; ND_PRINT((ndo,""IEEE 802.15.4 %s packet "", ftypes[FC_FRAME_TYPE(fc)])); if (ndo->ndo_vflag) ND_PRINT((ndo,""seq %02x "", seq)); switch (FC_DEST_ADDRESSING_MODE(fc)) { case FC_ADDRESSING_MODE_NONE: if (fc & FC_PAN_ID_COMPRESSION) { ND_PRINT((ndo, ""[|802.15.4]"")); return hdrlen; } if (ndo->ndo_vflag) ND_PRINT((ndo,""none "")); break; case FC_ADDRESSING_MODE_RESERVED: if (ndo->ndo_vflag) ND_PRINT((ndo,""reserved destination addressing mode"")); return hdrlen; case FC_ADDRESSING_MODE_SHORT: if (caplen < 2) { ND_PRINT((ndo, ""[|802.15.4]"")); return hdrlen; } panid = EXTRACT_LE_16BITS(p); p += 2; caplen -= 2; hdrlen += 2; if (caplen < 2) { ND_PRINT((ndo, ""[|802.15.4]"")); return hdrlen; } if (ndo->ndo_vflag) ND_PRINT((ndo,""%04x:%04x "", panid, EXTRACT_LE_16BITS(p + 2))); p += 2; caplen -= 2; hdrlen += 2; break; case FC_ADDRESSING_MODE_LONG: if (caplen < 2) { ND_PRINT((ndo, ""[|802.15.4]"")); return hdrlen; } panid = EXTRACT_LE_16BITS(p); p += 2; caplen -= 2; hdrlen += 2; if (caplen < 8) { ND_PRINT((ndo, ""[|802.15.4]"")); return hdrlen; } if (ndo->ndo_vflag) ND_PRINT((ndo,""%04x:%s "", panid, le64addr_string(ndo, p))); p += 8; caplen -= 8; hdrlen += 8; break; } if (ndo->ndo_vflag) ND_PRINT((ndo,""< "")); switch (FC_SRC_ADDRESSING_MODE(fc)) { case FC_ADDRESSING_MODE_NONE: if (ndo->ndo_vflag) ND_PRINT((ndo,""none "")); break; case FC_ADDRESSING_MODE_RESERVED: if (ndo->ndo_vflag) ND_PRINT((ndo,""reserved source addressing mode"")); return 0; case FC_ADDRESSING_MODE_SHORT: if (!(fc & FC_PAN_ID_COMPRESSION)) { if (caplen < 2) { ND_PRINT((ndo, ""[|802.15.4]"")); return hdrlen; } panid = EXTRACT_LE_16BITS(p); p += 2; caplen -= 2; hdrlen += 2; } if (caplen < 2) { ND_PRINT((ndo, ""[|802.15.4]"")); return hdrlen; } if (ndo->ndo_vflag) ND_PRINT((ndo,""%04x:%04x "", panid, EXTRACT_LE_16BITS(p))); p += 2; caplen -= 2; hdrlen += 2; break; case FC_ADDRESSING_MODE_LONG: if (!(fc & FC_PAN_ID_COMPRESSION)) { if (caplen < 2) { ND_PRINT((ndo, ""[|802.15.4]"")); return hdrlen; } panid = EXTRACT_LE_16BITS(p); p += 2; caplen -= 2; hdrlen += 2; } if (caplen < 8) { ND_PRINT((ndo, ""[|802.15.4]"")); return hdrlen; } if (ndo->ndo_vflag) ND_PRINT((ndo,""%04x:%s "", panid, le64addr_string(ndo, p))); p += 8; caplen -= 8; hdrlen += 8; break; } if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); return hdrlen; }",visit repo url,print-802_15_4.c,https://github.com/the-tcpdump-group/tcpdump,266306272140185,1 1847,['CWE-189'],"_gnutls_recv_handshake_final (gnutls_session_t session, int init) { int ret = 0; uint8_t ch; switch (STATE) { case STATE0: case STATE30: ret = _gnutls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); STATE = STATE30; if (ret <= 0) { ERR (""recv ChangeCipherSpec"", ret); gnutls_assert (); return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } if (init == TRUE) { ret = _gnutls_connection_state_init (session); if (ret < 0) { gnutls_assert (); return ret; } } ret = _gnutls_read_connection_state_init (session); if (ret < 0) { gnutls_assert (); return ret; } case STATE31: ret = _gnutls_recv_finished (session); STATE = STATE31; if (ret < 0) { ERR (""recv finished"", ret); gnutls_assert (); return ret; } STATE = STATE0; default: break; } return 0; }",gnutls,,,125435987633412999518082344380162627587,0 1010,CWE-119,"static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, struct ceph_crypto_key *secret, void *buf, void *end) { void *p = buf; char *dbuf; char *ticket_buf; u8 reply_struct_v; u32 num; int ret; dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); if (!dbuf) return -ENOMEM; ret = -ENOMEM; ticket_buf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); if (!ticket_buf) goto out_dbuf; ceph_decode_8_safe(&p, end, reply_struct_v, bad); if (reply_struct_v != 1) return -EINVAL; ceph_decode_32_safe(&p, end, num, bad); dout(""%d tickets\n"", num); while (num--) { ret = process_one_ticket(ac, secret, &p, end, dbuf, ticket_buf); if (ret) goto out; } ret = 0; out: kfree(ticket_buf); out_dbuf: kfree(dbuf); return ret; bad: ret = -EINVAL; goto out; }",visit repo url,net/ceph/auth_x.c,https://github.com/torvalds/linux,240857070215404,1 66,NVD-CWE-Other,"kadm5_create_principal_3(void *server_handle, kadm5_principal_ent_t entry, long mask, int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, char *password) { krb5_db_entry *kdb; osa_princ_ent_rec adb; kadm5_policy_ent_rec polent; krb5_boolean have_polent = FALSE; krb5_int32 now; krb5_tl_data *tl_data_tail; unsigned int ret; kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; krb5_kvno act_kvno; int new_n_ks_tuple = 0; krb5_key_salt_tuple *new_ks_tuple = NULL; CHECK_HANDLE(server_handle); krb5_clear_error_message(handle->context); check_1_6_dummy(entry, mask, n_ks_tuple, ks_tuple, &password); if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) || (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED) || (mask & KADM5_FAIL_AUTH_COUNT)) return KADM5_BAD_MASK; if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0) return KADM5_BAD_MASK; if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) return KADM5_BAD_MASK; if((mask & ~ALL_PRINC_MASK)) return KADM5_BAD_MASK; if (entry == NULL) return EINVAL; ret = kdb_get_entry(handle, entry->principal, &kdb, &adb); switch(ret) { case KADM5_UNK_PRINC: break; case 0: kdb_free_entry(handle, kdb, &adb); return KADM5_DUP; default: return ret; } kdb = krb5_db_alloc(handle->context, NULL, sizeof(*kdb)); if (kdb == NULL) return ENOMEM; memset(kdb, 0, sizeof(*kdb)); memset(&adb, 0, sizeof(osa_princ_ent_rec)); if ((mask & KADM5_POLICY)) { ret = get_policy(handle, entry->policy, &polent, &have_polent); if (ret) goto cleanup; } if (password) { ret = passwd_check(handle, password, have_polent ? &polent : NULL, entry->principal); if (ret) goto cleanup; } if ((ret = krb5_timeofday(handle->context, &now))) goto cleanup; kdb->magic = KRB5_KDB_MAGIC_NUMBER; kdb->len = KRB5_KDB_V1_BASE_LENGTH; if ((mask & KADM5_ATTRIBUTES)) kdb->attributes = entry->attributes; else kdb->attributes = handle->params.flags; if ((mask & KADM5_MAX_LIFE)) kdb->max_life = entry->max_life; else kdb->max_life = handle->params.max_life; if (mask & KADM5_MAX_RLIFE) kdb->max_renewable_life = entry->max_renewable_life; else kdb->max_renewable_life = handle->params.max_rlife; if ((mask & KADM5_PRINC_EXPIRE_TIME)) kdb->expiration = entry->princ_expire_time; else kdb->expiration = handle->params.expiration; kdb->pw_expiration = 0; if (have_polent) { if(polent.pw_max_life) kdb->pw_expiration = now + polent.pw_max_life; else kdb->pw_expiration = 0; } if ((mask & KADM5_PW_EXPIRATION)) kdb->pw_expiration = entry->pw_expiration; kdb->last_success = 0; kdb->last_failed = 0; kdb->fail_auth_count = 0; if ((ret = kadm5_copy_principal(handle->context, entry->principal, &(kdb->princ)))) goto cleanup; if ((ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now))) goto cleanup; if (mask & KADM5_TL_DATA) { for (tl_data_tail = entry->tl_data; tl_data_tail; tl_data_tail = tl_data_tail->tl_data_next) { ret = krb5_dbe_update_tl_data(handle->context, kdb, tl_data_tail); if( ret ) goto cleanup; } } ret = apply_keysalt_policy(handle, entry->policy, n_ks_tuple, ks_tuple, &new_n_ks_tuple, &new_ks_tuple); if (ret) goto cleanup; ret = kdb_get_active_mkey(handle, &act_kvno, &act_mkey); if (ret) goto cleanup; if (mask & KADM5_KEY_DATA) { assert(entry->n_key_data == 0); } else if (password) { ret = krb5_dbe_cpw(handle->context, act_mkey, new_ks_tuple, new_n_ks_tuple, password, (mask & KADM5_KVNO)?entry->kvno:1, FALSE, kdb); } else { ret = krb5_dbe_crk(handle->context, &master_keyblock, new_ks_tuple, new_n_ks_tuple, FALSE, kdb); } if (ret) goto cleanup; ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno); if (ret) goto cleanup; ret = k5_kadm5_hook_create(handle->context, handle->hook_handles, KADM5_HOOK_STAGE_PRECOMMIT, entry, mask, new_n_ks_tuple, new_ks_tuple, password); if (ret) goto cleanup; adb.admin_history_kvno = INITIAL_HIST_KVNO; if (mask & KADM5_POLICY) { adb.aux_attributes = KADM5_POLICY; adb.policy = entry->policy; } kdb->mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL ; ret = kdb_put_entry(handle, kdb, &adb); (void) k5_kadm5_hook_create(handle->context, handle->hook_handles, KADM5_HOOK_STAGE_POSTCOMMIT, entry, mask, new_n_ks_tuple, new_ks_tuple, password); cleanup: free(new_ks_tuple); krb5_db_free_principal(handle->context, kdb); if (have_polent) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return ret; }",visit repo url,src/lib/kadm5/srv/svr_principal.c,https://github.com/krb5/krb5,58353868606930,1 4035,['CWE-362'],"static void remove_watch_no_event(struct inotify_watch *watch, struct inotify_handle *ih) { list_del(&watch->i_list); list_del(&watch->h_list); if (!inotify_inode_watched(watch->inode)) set_dentry_child_flags(watch->inode, 0); idr_remove(&ih->idr, watch->wd); }",linux-2.6,,,302621632448579203511917067708671645065,0 14,['CWE-264'],"static const zend_function_entry *get_driver_methods(pdo_dbh_t *dbh, int kind TSRMLS_DC) { switch (kind) { case PDO_DBH_DRIVER_METHOD_KIND_DBH: return dbh_methods; default: return NULL; } }",php-src,,,18568887945204641529437389181394007272,0 4775,['CWE-20'],"static int ext4_setup_super(struct super_block *sb, struct ext4_super_block *es, int read_only) { struct ext4_sb_info *sbi = EXT4_SB(sb); int res = 0; if (le32_to_cpu(es->s_rev_level) > EXT4_MAX_SUPP_REV) { printk(KERN_ERR ""EXT4-fs warning: revision level too high, "" ""forcing read-only mode\n""); res = MS_RDONLY; } if (read_only) return res; if (!(sbi->s_mount_state & EXT4_VALID_FS)) printk(KERN_WARNING ""EXT4-fs warning: mounting unchecked fs, "" ""running e2fsck is recommended\n""); else if ((sbi->s_mount_state & EXT4_ERROR_FS)) printk(KERN_WARNING ""EXT4-fs warning: mounting fs with errors, "" ""running e2fsck is recommended\n""); else if ((__s16) le16_to_cpu(es->s_max_mnt_count) >= 0 && le16_to_cpu(es->s_mnt_count) >= (unsigned short) (__s16) le16_to_cpu(es->s_max_mnt_count)) printk(KERN_WARNING ""EXT4-fs warning: maximal mount count reached, "" ""running e2fsck is recommended\n""); else if (le32_to_cpu(es->s_checkinterval) && (le32_to_cpu(es->s_lastcheck) + le32_to_cpu(es->s_checkinterval) <= get_seconds())) printk(KERN_WARNING ""EXT4-fs warning: checktime reached, "" ""running e2fsck is recommended\n""); if (!sbi->s_journal) es->s_state &= cpu_to_le16(~EXT4_VALID_FS); if (!(__s16) le16_to_cpu(es->s_max_mnt_count)) es->s_max_mnt_count = cpu_to_le16(EXT4_DFL_MAX_MNT_COUNT); le16_add_cpu(&es->s_mnt_count, 1); es->s_mtime = cpu_to_le32(get_seconds()); ext4_update_dynamic_rev(sb); if (sbi->s_journal) EXT4_SET_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER); ext4_commit_super(sb, es, 1); if (test_opt(sb, DEBUG)) printk(KERN_INFO ""[EXT4 FS bs=%lu, gc=%u, "" ""bpg=%lu, ipg=%lu, mo=%04lx]\n"", sb->s_blocksize, sbi->s_groups_count, EXT4_BLOCKS_PER_GROUP(sb), EXT4_INODES_PER_GROUP(sb), sbi->s_mount_opt); if (EXT4_SB(sb)->s_journal) { printk(KERN_INFO ""EXT4 FS on %s, %s journal on %s\n"", sb->s_id, EXT4_SB(sb)->s_journal->j_inode ? ""internal"" : ""external"", EXT4_SB(sb)->s_journal->j_devname); } else { printk(KERN_INFO ""EXT4 FS on %s, no journal\n"", sb->s_id); } return res; }",linux-2.6,,,249441384551853798599839677416319122210,0 374,CWE-732,"static ssize_t write_mem(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { phys_addr_t p = *ppos; ssize_t written, sz; unsigned long copied; void *ptr; if (p != *ppos) return -EFBIG; if (!valid_phys_addr_range(p, count)) return -EFAULT; written = 0; #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED if (p < PAGE_SIZE) { sz = size_inside_page(p, count); buf += sz; p += sz; count -= sz; written += sz; } #endif while (count > 0) { sz = size_inside_page(p, count); if (!range_is_allowed(p >> PAGE_SHIFT, sz)) return -EPERM; ptr = xlate_dev_mem_ptr(p); if (!ptr) { if (written) break; return -EFAULT; } copied = copy_from_user(ptr, buf, sz); unxlate_dev_mem_ptr(p, ptr); if (copied) { written += sz - copied; if (written) break; return -EFAULT; } buf += sz; p += sz; count -= sz; written += sz; } *ppos += written; return written; }",visit repo url,drivers/char/mem.c,https://github.com/torvalds/linux,188306730683487,1 1335,['CWE-399'],"static void ipip6_tunnel_uninit(struct net_device *dev) { struct net *net = dev_net(dev); struct sit_net *sitn = net_generic(net, sit_net_id); if (dev == sitn->fb_tunnel_dev) { write_lock_bh(&ipip6_lock); sitn->tunnels_wc[0] = NULL; write_unlock_bh(&ipip6_lock); dev_put(dev); } else { ipip6_tunnel_unlink(sitn, netdev_priv(dev)); ipip6_tunnel_del_prl(netdev_priv(dev), NULL); dev_put(dev); } }",linux-2.6,,,68527663333103723296634166857380211572,0 3607,CWE-362,"unix_client_connect(hsm_com_client_hdl_t *hdl) { int fd, len; struct sockaddr_un unix_addr; if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { return HSM_COM_ERROR; } memset(&unix_addr,0,sizeof(unix_addr)); unix_addr.sun_family = AF_UNIX; if(strlen(hdl->c_path) >= sizeof(unix_addr.sun_path)) { close(fd); return HSM_COM_PATH_ERR; } snprintf(unix_addr.sun_path, sizeof(unix_addr.sun_path), ""%s"", hdl->c_path); len = SUN_LEN(&unix_addr); unlink(unix_addr.sun_path); if(bind(fd, (struct sockaddr *)&unix_addr, len) < 0) { unlink(hdl->c_path); close(fd); return HSM_COM_BIND_ERR; } if(chmod(unix_addr.sun_path, S_IRWXU) < 0) { unlink(hdl->c_path); close(fd); return HSM_COM_CHMOD_ERR; } memset(&unix_addr,0,sizeof(unix_addr)); unix_addr.sun_family = AF_UNIX; strncpy(unix_addr.sun_path, hdl->s_path, sizeof(unix_addr.sun_path)); unix_addr.sun_path[sizeof(unix_addr.sun_path)-1] = 0; len = SUN_LEN(&unix_addr); if (connect(fd, (struct sockaddr *) &unix_addr, len) < 0) { unlink(hdl->c_path); close(fd); return HSM_COM_CONX_ERR; } hdl->client_fd = fd; hdl->client_state = HSM_COM_C_STATE_CT; if(unix_sck_send_conn(hdl, 2) != HSM_COM_OK) { hdl->client_state = HSM_COM_C_STATE_IN; return HSM_COM_SEND_ERR; } return HSM_COM_OK; } ",visit repo url,Esm/ib/src/linux/fm_cmd/hsm_com_client.c,https://github.com/01org/opa-fm,87799770600679,1 6347,CWE-125,"image_load_bmp(image_t *img, FILE *fp, int gray, int load_data) { int info_size, depth, compression, colors_used, x, y, color, count, temp, align; uchar bit, byte; uchar *ptr; uchar colormap[256][4]; getc(fp); getc(fp); read_dword(fp); read_word(fp); read_word(fp); read_dword(fp); info_size = (int)read_dword(fp); img->width = read_long(fp); img->height = read_long(fp); read_word(fp); depth = read_word(fp); compression = (int)read_dword(fp); read_dword(fp); read_long(fp); read_long(fp); colors_used = (int)read_dword(fp); read_dword(fp); if (info_size > 40) for (info_size -= 40; info_size > 0; info_size --) getc(fp); if (colors_used == 0 && depth <= 8) colors_used = 1 << depth; fread(colormap, (size_t)colors_used, 4, fp); img->depth = gray ? 1 : 3; if (depth <= 8 && Encryption) img->use ++; if (!load_data) return (0); img->pixels = (uchar *)malloc((size_t)(img->width * img->height * img->depth)); if (img->pixels == NULL) return (-1); if (gray && depth <= 8) { for (color = colors_used - 1; color >= 0; color --) colormap[color][0] = (colormap[color][2] * 31 + colormap[color][1] * 61 + colormap[color][0] * 8) / 100; } color = 0; count = 0; align = 0; byte = 0; temp = 0; for (y = img->height - 1; y >= 0; y --) { ptr = img->pixels + y * img->width * img->depth; switch (depth) { case 1 : for (x = img->width, bit = 128; x > 0; x --) { if (bit == 128) byte = (uchar)getc(fp); if (byte & bit) { if (!gray) { *ptr++ = colormap[1][2]; *ptr++ = colormap[1][1]; } *ptr++ = colormap[1][0]; } else { if (!gray) { *ptr++ = colormap[0][2]; *ptr++ = colormap[0][1]; } *ptr++ = colormap[0][0]; } if (bit > 1) bit >>= 1; else bit = 128; } for (temp = (img->width + 7) / 8; temp & 3; temp ++) getc(fp); break; case 4 : for (x = img->width, bit = 0xf0; x > 0; x --) { if (compression != BI_RLE4 && count == 0) { count = 2; color = -1; } if (count == 0) { while (align > 0) { align --; getc(fp); } if ((count = getc(fp)) == 0) { if ((count = getc(fp)) == 0) { x ++; continue; } else if (count == 1) { break; } else if (count == 2) { count = getc(fp) * getc(fp) * img->width; color = 0; } else { color = -1; align = ((4 - (count & 3)) / 2) & 1; } } else color = getc(fp); } count --; if (bit == 0xf0) { if (color < 0) temp = getc(fp); else temp = color; if (!gray) { *ptr++ = colormap[temp >> 4][2]; *ptr++ = colormap[temp >> 4][1]; } *ptr++ = colormap[temp >> 4][0]; bit = 0x0f; } else { if (!gray) { *ptr++ = colormap[temp & 15][2]; *ptr++ = colormap[temp & 15][1]; } *ptr++ = colormap[temp & 15][0]; bit = 0xf0; } } break; case 8 : for (x = img->width; x > 0; x --) { if (compression != BI_RLE8) { count = 1; color = -1; } if (count == 0) { while (align > 0) { align --; getc(fp); } if ((count = getc(fp)) == 0) { if ((count = getc(fp)) == 0) { x ++; continue; } else if (count == 1) { break; } else if (count == 2) { count = getc(fp) * getc(fp) * img->width; color = 0; } else { color = -1; align = (2 - (count & 1)) & 1; } } else color = getc(fp); } if (color < 0) temp = getc(fp); else temp = color; count --; if (!gray) { *ptr++ = colormap[temp][2]; *ptr++ = colormap[temp][1]; } *ptr++ = colormap[temp][0]; } break; case 24 : if (gray) { for (x = img->width; x > 0; x --) { temp = getc(fp) * 8; temp += getc(fp) * 61; temp += getc(fp) * 31; *ptr++ = (uchar)(temp / 100); } } else { for (x = img->width; x > 0; x --, ptr += 3) { ptr[2] = (uchar)getc(fp); ptr[1] = (uchar)getc(fp); ptr[0] = (uchar)getc(fp); } } for (temp = img->width * 3; temp & 3; temp ++) getc(fp); break; } } return (0); }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,132652307337771,1 847,CWE-20,"static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, struct msghdr *msg_sys, unsigned int flags, int nosec) { struct compat_msghdr __user *msg_compat = (struct compat_msghdr __user *)msg; struct iovec iovstack[UIO_FASTIOV]; struct iovec *iov = iovstack; unsigned long cmsg_ptr; int err, total_len, len; struct sockaddr_storage addr; struct sockaddr __user *uaddr; int __user *uaddr_len; if (MSG_CMSG_COMPAT & flags) { if (get_compat_msghdr(msg_sys, msg_compat)) return -EFAULT; } else { err = copy_msghdr_from_user(msg_sys, msg); if (err) return err; } if (msg_sys->msg_iovlen > UIO_FASTIOV) { err = -EMSGSIZE; if (msg_sys->msg_iovlen > UIO_MAXIOV) goto out; err = -ENOMEM; iov = kmalloc(msg_sys->msg_iovlen * sizeof(struct iovec), GFP_KERNEL); if (!iov) goto out; } uaddr = (__force void __user *)msg_sys->msg_name; uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); } else err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE); if (err < 0) goto out_freeiov; total_len = err; cmsg_ptr = (unsigned long)msg_sys->msg_control; msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys, total_len, flags); if (err < 0) goto out_freeiov; len = err; if (uaddr != NULL) { err = move_addr_to_user(&addr, msg_sys->msg_namelen, uaddr, uaddr_len); if (err < 0) goto out_freeiov; } err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT), COMPAT_FLAGS(msg)); if (err) goto out_freeiov; if (MSG_CMSG_COMPAT & flags) err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr, &msg_compat->msg_controllen); else err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr, &msg->msg_controllen); if (err) goto out_freeiov; err = len; out_freeiov: if (iov != iovstack) kfree(iov); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,76305007079054,1 2845,['CWE-119'],"init_state(struct posix_acl_state *state, int cnt) { int alloc; memset(state, 0, sizeof(struct posix_acl_state)); state->empty = 1; alloc = sizeof(struct posix_ace_state_array) + cnt*sizeof(struct posix_user_ace_state); state->users = kzalloc(alloc, GFP_KERNEL); if (!state->users) return -ENOMEM; state->groups = kzalloc(alloc, GFP_KERNEL); if (!state->groups) { kfree(state->users); return -ENOMEM; } return 0; }",linux-2.6,,,120184063783331768050414347899225132675,0 4675,CWE-732,"static M_fs_error_t M_fs_copy_file(const char *path_old, const char *path_new, M_fs_file_mode_t mode, M_fs_progress_cb_t cb, M_fs_progress_flags_t progress_flags, M_fs_progress_t *progress, const M_fs_perms_t *perms) { M_fs_file_t *fd_old; M_fs_file_t *fd_new; M_fs_info_t *info = NULL; unsigned char temp[M_FS_BUF_SIZE]; size_t read_len; size_t wrote_len; size_t wrote_total = 0; size_t offset; M_fs_error_t res; if (M_fs_perms_can_access(path_new, M_FS_PERMS_MODE_NONE) == M_FS_ERROR_SUCCESS) { res = M_fs_delete(path_new, M_FALSE, NULL, M_FS_PROGRESS_NOEXTRA); if (res != M_FS_ERROR_SUCCESS) { return res; } } res = M_fs_file_open(&fd_old, path_old, M_FS_BUF_SIZE, M_FS_FILE_MODE_READ|M_FS_FILE_MODE_NOCREATE, NULL); if (res != M_FS_ERROR_SUCCESS) { return res; } if (perms == NULL && mode & M_FS_FILE_MODE_PRESERVE_PERMS) { res = M_fs_info_file(&info, fd_old, M_FS_PATH_INFO_FLAGS_NONE); if (res != M_FS_ERROR_SUCCESS) { M_fs_file_close(fd_old); return res; } perms = M_fs_info_get_perms(info); } res = M_fs_file_open(&fd_new, path_new, M_FS_BUF_SIZE, M_FS_FILE_MODE_WRITE|M_FS_FILE_MODE_OVERWRITE, perms); M_fs_info_destroy(info); if (res != M_FS_ERROR_SUCCESS) { M_fs_file_close(fd_old); return res; } while ((res = M_fs_file_read(fd_old, temp, sizeof(temp), &read_len, M_FS_FILE_RW_NORMAL)) == M_FS_ERROR_SUCCESS && read_len != 0) { offset = 0; while (offset < read_len) { res = M_fs_file_write(fd_new, temp+offset, read_len-offset, &wrote_len, M_FS_FILE_RW_NORMAL); offset += wrote_len; wrote_total += wrote_len; if (cb) { M_fs_progress_set_result(progress, res); if (progress_flags & M_FS_PROGRESS_SIZE_TOTAL) { M_fs_progress_set_size_total_progess(progress, M_fs_progress_get_size_total_progess(progress)+wrote_len); } if (progress_flags & M_FS_PROGRESS_SIZE_CUR) { M_fs_progress_set_size_current_progress(progress, wrote_total); } if (progress_flags & M_FS_PROGRESS_COUNT) { M_fs_progress_set_count(progress, M_fs_progress_get_count(progress)+1); } if (!cb(progress)) { res = M_FS_ERROR_CANCELED; } } if (res != M_FS_ERROR_SUCCESS) { break; } } if (res != M_FS_ERROR_SUCCESS) { break; } } M_fs_file_close(fd_old); M_fs_file_close(fd_new); if (res != M_FS_ERROR_SUCCESS) { return res; } return M_FS_ERROR_SUCCESS; }",visit repo url,base/fs/m_fs.c,https://github.com/Monetra/mstdlib,164387838728506,1 5603,[],"force_sigsegv(int sig, struct task_struct *p) { if (sig == SIGSEGV) { unsigned long flags; spin_lock_irqsave(&p->sighand->siglock, flags); p->sighand->action[sig - 1].sa.sa_handler = SIG_DFL; spin_unlock_irqrestore(&p->sighand->siglock, flags); } force_sig(SIGSEGV, p); return 0; }",linux-2.6,,,26444707690376303472644289447656303015,0 2287,CWE-119,"static int futex_wait_requeue_pi(u32 __user *uaddr, int fshared, u32 val, ktime_t *abs_time, u32 bitset, int clockrt, u32 __user *uaddr2) { struct hrtimer_sleeper timeout, *to = NULL; struct rt_mutex_waiter rt_waiter; struct rt_mutex *pi_mutex = NULL; struct futex_hash_bucket *hb; union futex_key key2; struct futex_q q; int res, ret; if (!bitset) return -EINVAL; if (abs_time) { to = &timeout; hrtimer_init_on_stack(&to->timer, clockrt ? CLOCK_REALTIME : CLOCK_MONOTONIC, HRTIMER_MODE_ABS); hrtimer_init_sleeper(to, current); hrtimer_set_expires_range_ns(&to->timer, *abs_time, current->timer_slack_ns); } debug_rt_mutex_init_waiter(&rt_waiter); rt_waiter.task = NULL; key2 = FUTEX_KEY_INIT; ret = get_futex_key(uaddr2, fshared, &key2); if (unlikely(ret != 0)) goto out; q.pi_state = NULL; q.bitset = bitset; q.rt_waiter = &rt_waiter; q.requeue_pi_key = &key2; ret = futex_wait_setup(uaddr, val, fshared, &q, &hb); if (ret) goto out_key2; futex_wait_queue_me(hb, &q, to); spin_lock(&hb->lock); ret = handle_early_requeue_pi_wakeup(hb, &q, &key2, to); spin_unlock(&hb->lock); if (ret) goto out_put_keys; if (!q.rt_waiter) { if (q.pi_state && (q.pi_state->owner != current)) { spin_lock(q.lock_ptr); ret = fixup_pi_state_owner(uaddr2, &q, current, fshared); spin_unlock(q.lock_ptr); } } else { WARN_ON(!&q.pi_state); pi_mutex = &q.pi_state->pi_mutex; ret = rt_mutex_finish_proxy_lock(pi_mutex, to, &rt_waiter, 1); debug_rt_mutex_free_waiter(&rt_waiter); spin_lock(q.lock_ptr); res = fixup_owner(uaddr2, fshared, &q, !ret); if (res) ret = (res < 0) ? res : 0; unqueue_me_pi(&q); } if (ret == -EFAULT) { if (rt_mutex_owner(pi_mutex) == current) rt_mutex_unlock(pi_mutex); } else if (ret == -EINTR) { ret = -EWOULDBLOCK; } out_put_keys: put_futex_key(fshared, &q.key); out_key2: put_futex_key(fshared, &key2); out: if (to) { hrtimer_cancel(&to->timer); destroy_hrtimer_on_stack(&to->timer); } return ret; }",visit repo url,kernel/futex.c,https://github.com/torvalds/linux,249513629399177,1 3938,['CWE-362'],"static inline void inotify_unmount_inodes(struct list_head *list) { }",linux-2.6,,,180872405008616379479033070371078351621,0 2099,[],"int udp4_seq_show(struct seq_file *seq, void *v) { if (v == SEQ_START_TOKEN) seq_printf(seq, ""%-127s\n"", "" sl local_address rem_address st tx_queue "" ""rx_queue tr tm->when retrnsmt uid timeout "" ""inode""); else { char tmpbuf[129]; struct udp_iter_state *state = seq->private; udp4_format_sock(v, tmpbuf, state->bucket); seq_printf(seq, ""%-127s\n"", tmpbuf); } return 0; }",linux-2.6,,,277282619021787510241620406577386810542,0 500,CWE-476,"static ssize_t o2nm_node_num_store(struct config_item *item, const char *page, size_t count) { struct o2nm_node *node = to_o2nm_node(item); struct o2nm_cluster *cluster = to_o2nm_cluster_from_node(node); unsigned long tmp; char *p = (char *)page; int ret = 0; tmp = simple_strtoul(p, &p, 0); if (!p || (*p && (*p != '\n'))) return -EINVAL; if (tmp >= O2NM_MAX_NODES) return -ERANGE; if (!test_bit(O2NM_NODE_ATTR_ADDRESS, &node->nd_set_attributes) || !test_bit(O2NM_NODE_ATTR_PORT, &node->nd_set_attributes)) return -EINVAL; write_lock(&cluster->cl_nodes_lock); if (cluster->cl_nodes[tmp]) ret = -EEXIST; else if (test_and_set_bit(O2NM_NODE_ATTR_NUM, &node->nd_set_attributes)) ret = -EBUSY; else { cluster->cl_nodes[tmp] = node; node->nd_num = tmp; set_bit(tmp, cluster->cl_nodes_bitmap); } write_unlock(&cluster->cl_nodes_lock); if (ret) return ret; return count; }",visit repo url,fs/ocfs2/cluster/nodemanager.c,https://github.com/torvalds/linux,4724690297667,1 585,CWE-119,"int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), void *from, int length, int transhdrlen, int hlimit, int tclass, struct ipv6_txoptions *opt, struct flowi6 *fl6, struct rt6_info *rt, unsigned int flags, int dontfrag) { struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct inet_cork *cork; struct sk_buff *skb, *skb_prev = NULL; unsigned int maxfraglen, fragheaderlen, mtu; int exthdrlen; int dst_exthdrlen; int hh_len; int copy; int err; int offset = 0; __u8 tx_flags = 0; if (flags&MSG_PROBE) return 0; cork = &inet->cork.base; if (skb_queue_empty(&sk->sk_write_queue)) { if (opt) { if (WARN_ON(np->cork.opt)) return -EINVAL; np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation); if (unlikely(np->cork.opt == NULL)) return -ENOBUFS; np->cork.opt->tot_len = opt->tot_len; np->cork.opt->opt_flen = opt->opt_flen; np->cork.opt->opt_nflen = opt->opt_nflen; np->cork.opt->dst0opt = ip6_opt_dup(opt->dst0opt, sk->sk_allocation); if (opt->dst0opt && !np->cork.opt->dst0opt) return -ENOBUFS; np->cork.opt->dst1opt = ip6_opt_dup(opt->dst1opt, sk->sk_allocation); if (opt->dst1opt && !np->cork.opt->dst1opt) return -ENOBUFS; np->cork.opt->hopopt = ip6_opt_dup(opt->hopopt, sk->sk_allocation); if (opt->hopopt && !np->cork.opt->hopopt) return -ENOBUFS; np->cork.opt->srcrt = ip6_rthdr_dup(opt->srcrt, sk->sk_allocation); if (opt->srcrt && !np->cork.opt->srcrt) return -ENOBUFS; } dst_hold(&rt->dst); cork->dst = &rt->dst; inet->cork.fl.u.ip6 = *fl6; np->cork.hop_limit = hlimit; np->cork.tclass = tclass; if (rt->dst.flags & DST_XFRM_TUNNEL) mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? rt->dst.dev->mtu : dst_mtu(&rt->dst); else mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? rt->dst.dev->mtu : dst_mtu(rt->dst.path); if (np->frag_size < mtu) { if (np->frag_size) mtu = np->frag_size; } cork->fragsize = mtu; if (dst_allfrag(rt->dst.path)) cork->flags |= IPCORK_ALLFRAG; cork->length = 0; exthdrlen = (opt ? opt->opt_flen : 0); length += exthdrlen; transhdrlen += exthdrlen; dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len; } else { rt = (struct rt6_info *)cork->dst; fl6 = &inet->cork.fl.u.ip6; opt = np->cork.opt; transhdrlen = 0; exthdrlen = 0; dst_exthdrlen = 0; mtu = cork->fragsize; } hh_len = LL_RESERVED_SPACE(rt->dst.dev); fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len + (opt ? opt->opt_nflen : 0); maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); if (mtu <= sizeof(struct ipv6hdr) + IPV6_MAXPLEN) { if (cork->length + length > sizeof(struct ipv6hdr) + IPV6_MAXPLEN - fragheaderlen) { ipv6_local_error(sk, EMSGSIZE, fl6, mtu-exthdrlen); return -EMSGSIZE; } } if (sk->sk_type == SOCK_DGRAM) sock_tx_timestamp(sk, &tx_flags); cork->length += length; if (length > mtu) { int proto = sk->sk_protocol; if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); return -EMSGSIZE; } if (proto == IPPROTO_UDP && (rt->dst.dev->features & NETIF_F_UFO)) { err = ip6_ufo_append_data(sk, getfrag, from, length, hh_len, fragheaderlen, transhdrlen, mtu, flags, rt); if (err) goto error; return 0; } } if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) goto alloc_new_skb; while (length > 0) { copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; if (copy < length) copy = maxfraglen - skb->len; if (copy <= 0) { char *data; unsigned int datalen; unsigned int fraglen; unsigned int fraggap; unsigned int alloclen; alloc_new_skb: if (skb) fraggap = skb->len - maxfraglen; else fraggap = 0; if (skb == NULL || skb_prev == NULL) ip6_append_data_mtu(&mtu, &maxfraglen, fragheaderlen, skb, rt, np->pmtudisc == IPV6_PMTUDISC_PROBE); skb_prev = skb; datalen = length + fraggap; if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len; if ((flags & MSG_MORE) && !(rt->dst.dev->features&NETIF_F_SG)) alloclen = mtu; else alloclen = datalen + fragheaderlen; alloclen += dst_exthdrlen; if (datalen != length + fraggap) { datalen += rt->dst.trailer_len; } alloclen += rt->dst.trailer_len; fraglen = datalen + fragheaderlen; alloclen += sizeof(struct frag_hdr); if (transhdrlen) { skb = sock_alloc_send_skb(sk, alloclen + hh_len, (flags & MSG_DONTWAIT), &err); } else { skb = NULL; if (atomic_read(&sk->sk_wmem_alloc) <= 2 * sk->sk_sndbuf) skb = sock_wmalloc(sk, alloclen + hh_len, 1, sk->sk_allocation); if (unlikely(skb == NULL)) err = -ENOBUFS; else { tx_flags = 0; } } if (skb == NULL) goto error; skb->protocol = htons(ETH_P_IPV6); skb->ip_summed = CHECKSUM_NONE; skb->csum = 0; skb_reserve(skb, hh_len + sizeof(struct frag_hdr) + dst_exthdrlen); if (sk->sk_type == SOCK_DGRAM) skb_shinfo(skb)->tx_flags = tx_flags; data = skb_put(skb, fraglen); skb_set_network_header(skb, exthdrlen); data += fragheaderlen; skb->transport_header = (skb->network_header + fragheaderlen); if (fraggap) { skb->csum = skb_copy_and_csum_bits( skb_prev, maxfraglen, data + transhdrlen, fraggap, 0); skb_prev->csum = csum_sub(skb_prev->csum, skb->csum); data += fraggap; pskb_trim_unique(skb_prev, maxfraglen); } copy = datalen - transhdrlen - fraggap; if (copy < 0) { err = -EINVAL; kfree_skb(skb); goto error; } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { err = -EFAULT; kfree_skb(skb); goto error; } offset += copy; length -= datalen - fraggap; transhdrlen = 0; exthdrlen = 0; dst_exthdrlen = 0; __skb_queue_tail(&sk->sk_write_queue, skb); continue; } if (copy > length) copy = length; if (!(rt->dst.dev->features&NETIF_F_SG)) { unsigned int off; off = skb->len; if (getfrag(from, skb_put(skb, copy), offset, copy, off, skb) < 0) { __skb_trim(skb, off); err = -EFAULT; goto error; } } else { int i = skb_shinfo(skb)->nr_frags; struct page_frag *pfrag = sk_page_frag(sk); err = -ENOMEM; if (!sk_page_frag_refill(sk, pfrag)) goto error; if (!skb_can_coalesce(skb, i, pfrag->page, pfrag->offset)) { err = -EMSGSIZE; if (i == MAX_SKB_FRAGS) goto error; __skb_fill_page_desc(skb, i, pfrag->page, pfrag->offset, 0); skb_shinfo(skb)->nr_frags = ++i; get_page(pfrag->page); } copy = min_t(int, copy, pfrag->size - pfrag->offset); if (getfrag(from, page_address(pfrag->page) + pfrag->offset, offset, copy, skb->len, skb) < 0) goto error_efault; pfrag->offset += copy; skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy); skb->len += copy; skb->data_len += copy; skb->truesize += copy; atomic_add(copy, &sk->sk_wmem_alloc); } offset += copy; length -= copy; } return 0; error_efault: err = -EFAULT; error: cork->length -= length; IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); return err; }",visit repo url,net/ipv6/ip6_output.c,https://github.com/torvalds/linux,93566728421385,1 6266,CWE-327,"static int pad_pkcs2(bn_t m, int *p_len, int m_len, int k_len, int operation) { uint8_t pad, h1[RLC_MD_LEN], h2[RLC_MD_LEN]; uint8_t *mask = RLC_ALLOCA(uint8_t, k_len); int result = RLC_OK; bn_t t; bn_null(t); RLC_TRY { bn_new(t); switch (operation) { case RSA_ENC: md_map(h1, NULL, 0); bn_read_bin(m, h1, RLC_MD_LEN); *p_len = k_len - 2 * RLC_MD_LEN - 2 - m_len; bn_lsh(m, m, *p_len * 8); bn_lsh(m, m, 8); bn_add_dig(m, m, 0x01); bn_lsh(m, m, m_len * 8); break; case RSA_ENC_FIN: rand_bytes(h1, RLC_MD_LEN); md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < t->used; i++) { m->dp[i] ^= t->dp[i]; } bn_write_bin(mask, k_len - RLC_MD_LEN - 1, m); md_mgf(h2, RLC_MD_LEN, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < RLC_MD_LEN; i++) { h1[i] ^= h2[i]; } bn_read_bin(t, h1, RLC_MD_LEN); bn_lsh(t, t, 8 * (k_len - RLC_MD_LEN - 1)); bn_add(t, t, m); bn_copy(m, t); break; case RSA_DEC: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } m_len -= RLC_MD_LEN; bn_rsh(t, m, 8 * m_len); bn_write_bin(h1, RLC_MD_LEN, t); bn_mod_2b(m, m, 8 * m_len); bn_write_bin(mask, m_len, m); md_mgf(h2, RLC_MD_LEN, mask, m_len); for (int i = 0; i < RLC_MD_LEN; i++) { h1[i] ^= h2[i]; } md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < t->used; i++) { m->dp[i] ^= t->dp[i]; } m_len -= RLC_MD_LEN; bn_rsh(t, m, 8 * m_len); bn_write_bin(h2, RLC_MD_LEN, t); md_map(h1, NULL, 0); pad = 0; for (int i = 0; i < RLC_MD_LEN; i++) { pad |= h1[i] - h2[i]; } if (result == RLC_OK) { result = (pad ? RLC_ERR : RLC_OK); } bn_mod_2b(m, m, 8 * m_len); *p_len = bn_size_bin(m); (*p_len)--; bn_rsh(t, m, *p_len * 8); if (bn_cmp_dig(t, 1) != RLC_EQ) { result = RLC_ERR; } bn_mod_2b(m, m, *p_len * 8); *p_len = k_len - *p_len; break; case RSA_SIG: case RSA_SIG_HASH: bn_zero(m); bn_lsh(m, m, 64); bn_lsh(m, m, RLC_MD_LEN * 8); break; case RSA_SIG_FIN: memset(mask, 0, 8); bn_write_bin(mask + 8, RLC_MD_LEN, m); md_map(h1, mask, RLC_MD_LEN + 8); bn_read_bin(m, h1, RLC_MD_LEN); md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); t->dp[0] ^= 0x01; bn_lsh(t, t, 8 * RLC_MD_LEN); bn_add(m, t, m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PSS); for (int i = m_len - 1; i < 8 * k_len; i++) { bn_set_bit(m, i, 0); } break; case RSA_VER: case RSA_VER_HASH: bn_mod_2b(t, m, 8); if (bn_cmp_dig(t, RSA_PSS) != RLC_EQ) { result = RLC_ERR; } else { for (int i = m_len; i < 8 * k_len; i++) { if (bn_get_bit(m, i) != 0) { result = RLC_ERR; } } bn_rsh(m, m, 8); bn_mod_2b(t, m, 8 * RLC_MD_LEN); bn_write_bin(h2, RLC_MD_LEN, t); bn_rsh(m, m, 8 * RLC_MD_LEN); bn_write_bin(h1, RLC_MD_LEN, t); md_mgf(mask, k_len - RLC_MD_LEN - 1, h1, RLC_MD_LEN); bn_read_bin(t, mask, k_len - RLC_MD_LEN - 1); for (int i = 0; i < t->used; i++) { m->dp[i] ^= t->dp[i]; } m->dp[0] ^= 0x01; for (int i = m_len - 1; i < 8 * k_len; i++) { bn_set_bit(m, i - ((RLC_MD_LEN + 1) * 8), 0); } if (!bn_is_zero(m)) { result = RLC_ERR; } bn_read_bin(m, h2, RLC_MD_LEN); *p_len = k_len - RLC_MD_LEN; } break; } } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(t); } RLC_FREE(mask); return result; }",visit repo url,src/cp/relic_cp_rsa.c,https://github.com/relic-toolkit/relic,197869994325309,1 4222,['CWE-399'],"void netif_carrier_off(struct net_device *dev) { if (!test_and_set_bit(__LINK_STATE_NOCARRIER, &dev->state)) linkwatch_fire_event(dev); }",linux-2.6,,,9081932811037842484076144818953487640,0 2456,CWE-119,"static int32_t scsi_send_command(SCSIRequest *req, uint8_t *buf) { SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req); SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev); int32_t len; uint8_t command; uint8_t *outbuf; int rc; command = buf[0]; outbuf = (uint8_t *)r->iov.iov_base; DPRINTF(""Command: lun=%d tag=0x%x data=0x%02x"", req->lun, req->tag, buf[0]); #ifdef DEBUG_SCSI { int i; for (i = 1; i < r->req.cmd.len; i++) { printf("" 0x%02x"", buf[i]); } printf(""\n""); } #endif switch (command) { case TEST_UNIT_READY: case INQUIRY: case MODE_SENSE: case MODE_SENSE_10: case RESERVE: case RESERVE_10: case RELEASE: case RELEASE_10: case START_STOP: case ALLOW_MEDIUM_REMOVAL: case READ_CAPACITY_10: case READ_TOC: case GET_CONFIGURATION: case SERVICE_ACTION_IN_16: case VERIFY_10: rc = scsi_disk_emulate_command(r, outbuf); if (rc < 0) { return 0; } r->iov.iov_len = rc; break; case SYNCHRONIZE_CACHE: bdrv_acct_start(s->bs, &r->acct, 0, BDRV_ACCT_FLUSH); r->req.aiocb = bdrv_aio_flush(s->bs, scsi_flush_complete, r); if (r->req.aiocb == NULL) { scsi_flush_complete(r, -EIO); } return 0; case READ_6: case READ_10: case READ_12: case READ_16: len = r->req.cmd.xfer / s->qdev.blocksize; DPRINTF(""Read (sector %"" PRId64 "", count %d)\n"", r->req.cmd.lba, len); if (r->req.cmd.lba > s->max_lba) goto illegal_lba; r->sector = r->req.cmd.lba * s->cluster_size; r->sector_count = len * s->cluster_size; break; case WRITE_6: case WRITE_10: case WRITE_12: case WRITE_16: case WRITE_VERIFY_10: case WRITE_VERIFY_12: case WRITE_VERIFY_16: len = r->req.cmd.xfer / s->qdev.blocksize; DPRINTF(""Write %s(sector %"" PRId64 "", count %d)\n"", (command & 0xe) == 0xe ? ""And Verify "" : """", r->req.cmd.lba, len); if (r->req.cmd.lba > s->max_lba) goto illegal_lba; r->sector = r->req.cmd.lba * s->cluster_size; r->sector_count = len * s->cluster_size; break; case MODE_SELECT: DPRINTF(""Mode Select(6) (len %lu)\n"", (long)r->req.cmd.xfer); if (r->req.cmd.xfer > 12) { goto fail; } break; case MODE_SELECT_10: DPRINTF(""Mode Select(10) (len %lu)\n"", (long)r->req.cmd.xfer); if (r->req.cmd.xfer > 16) { goto fail; } break; case SEEK_6: case SEEK_10: DPRINTF(""Seek(%d) (sector %"" PRId64 "")\n"", command == SEEK_6 ? 6 : 10, r->req.cmd.lba); if (r->req.cmd.lba > s->max_lba) { goto illegal_lba; } break; case WRITE_SAME_16: len = r->req.cmd.xfer / s->qdev.blocksize; DPRINTF(""WRITE SAME(16) (sector %"" PRId64 "", count %d)\n"", r->req.cmd.lba, len); if (r->req.cmd.lba > s->max_lba) { goto illegal_lba; } if (!(buf[1] & 0x8)) { goto fail; } rc = bdrv_discard(s->bs, r->req.cmd.lba * s->cluster_size, len * s->cluster_size); if (rc < 0) { goto fail; } break; case REQUEST_SENSE: abort(); default: DPRINTF(""Unknown SCSI command (%2.2x)\n"", buf[0]); scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE)); return 0; fail: scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); return 0; illegal_lba: scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE)); return 0; } if (r->sector_count == 0 && r->iov.iov_len == 0) { scsi_req_complete(&r->req, GOOD); } len = r->sector_count * 512 + r->iov.iov_len; if (r->req.cmd.mode == SCSI_XFER_TO_DEV) { return -len; } else { if (!r->sector_count) r->sector_count = -1; return len; } }",visit repo url,hw/scsi-disk.c,https://github.com/bonzini/qemu,233026393952519,1 3581,['CWE-20'],"struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, const struct sctp_chunk *chunk) { struct sctp_chunk *retval; retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); if (retval && chunk) retval->transport = chunk->transport; return retval; }",linux-2.6,,,327439347384826305000443661537044706333,0 3474,CWE-295,"init_connection_options(MYSQL *mysql) { #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) if (opt_use_ssl) { mysql_ssl_set(mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); mysql_options(mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); } mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (char*) &opt_ssl_verify_server_cert); #endif if (opt_protocol) mysql_options(mysql, MYSQL_OPT_PROTOCOL, (char*) &opt_protocol); #ifdef HAVE_SMEM if (shared_memory_base_name) mysql_options(mysql, MYSQL_SHARED_MEMORY_BASE_NAME, shared_memory_base_name); #endif }",visit repo url,client/mysql_secure_installation.cc,https://github.com/mysql/mysql-server,255361632473580,1 5043,[],"static void async_request_fail(struct winbindd_async_request *state) { DLIST_REMOVE(state->child->requests, state); TALLOC_FREE(state->reply_timeout_event); SMB_ASSERT(state->child_pid != (pid_t)0); if (state->child->pid == state->child_pid) { kill(state->child_pid, SIGTERM); winbind_child_died(state->child_pid); } state->response->length = sizeof(struct winbindd_response); state->response->result = WINBINDD_ERROR; state->continuation(state->private_data, False); }",samba,,,131091277549117991946882537713517958586,0 1696,CWE-399,"void unix_inflight(struct file *fp) { struct sock *s = unix_get_socket(fp); spin_lock(&unix_gc_lock); if (s) { struct unix_sock *u = unix_sk(s); if (atomic_long_inc_return(&u->inflight) == 1) { BUG_ON(!list_empty(&u->link)); list_add_tail(&u->link, &gc_inflight_list); } else { BUG_ON(list_empty(&u->link)); } unix_tot_inflight++; } fp->f_cred->user->unix_inflight++; spin_unlock(&unix_gc_lock); }",visit repo url,net/unix/garbage.c,https://github.com/torvalds/linux,136572551472637,1 4135,CWE-20,"mark_desktop_file_trusted (CommonJob *common, GCancellable *cancellable, GFile *file, gboolean interactive) { char *contents, *new_contents; gsize length, new_length; GError *error; guint32 current_perms, new_perms; int response; GFileInfo *info; retry: error = NULL; if (!g_file_load_contents (file, cancellable, &contents, &length, NULL, &error)) { if (interactive) { response = run_error (common, g_strdup (_(""Unable to mark launcher trusted (executable)"")), error->message, NULL, FALSE, CANCEL, RETRY, NULL); } else { response = 0; } if (response == 0 || response == GTK_RESPONSE_DELETE_EVENT) { abort_job (common); } else if (response == 1) { goto retry; } else { g_assert_not_reached (); } goto out; } if (!g_str_has_prefix (contents, ""#!"")) { new_length = length + strlen (TRUSTED_SHEBANG); new_contents = g_malloc (new_length); strcpy (new_contents, TRUSTED_SHEBANG); memcpy (new_contents + strlen (TRUSTED_SHEBANG), contents, length); if (!g_file_replace_contents (file, new_contents, new_length, NULL, FALSE, 0, NULL, cancellable, &error)) { g_free (contents); g_free (new_contents); if (interactive) { response = run_error (common, g_strdup (_(""Unable to mark launcher trusted (executable)"")), error->message, NULL, FALSE, CANCEL, RETRY, NULL); } else { response = 0; } if (response == 0 || response == GTK_RESPONSE_DELETE_EVENT) { abort_job (common); } else if (response == 1) { goto retry; } else { g_assert_not_reached (); } goto out; } g_free (new_contents); } g_free (contents); info = g_file_query_info (file, G_FILE_ATTRIBUTE_STANDARD_TYPE "","" G_FILE_ATTRIBUTE_UNIX_MODE, G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, common->cancellable, &error); if (info == NULL) { if (interactive) { response = run_error (common, g_strdup (_(""Unable to mark launcher trusted (executable)"")), error->message, NULL, FALSE, CANCEL, RETRY, NULL); } else { response = 0; } if (response == 0 || response == GTK_RESPONSE_DELETE_EVENT) { abort_job (common); } else if (response == 1) { goto retry; } else { g_assert_not_reached (); } goto out; } if (g_file_info_has_attribute (info, G_FILE_ATTRIBUTE_UNIX_MODE)) { current_perms = g_file_info_get_attribute_uint32 (info, G_FILE_ATTRIBUTE_UNIX_MODE); new_perms = current_perms | S_IXGRP | S_IXUSR | S_IXOTH; if ((current_perms != new_perms) && !g_file_set_attribute_uint32 (file, G_FILE_ATTRIBUTE_UNIX_MODE, new_perms, G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, common->cancellable, &error)) { g_object_unref (info); if (interactive) { response = run_error (common, g_strdup (_(""Unable to mark launcher trusted (executable)"")), error->message, NULL, FALSE, CANCEL, RETRY, NULL); } else { response = 0; } if (response == 0 || response == GTK_RESPONSE_DELETE_EVENT) { abort_job (common); } else if (response == 1) { goto retry; } else { g_assert_not_reached (); } goto out; } } g_object_unref (info); out: ; }",visit repo url,src/nautilus-file-operations.c,https://github.com/GNOME/nautilus,164556907075355,1 3131,CWE-134,"int print_calc( image_desc_t *im) { long i, ii, validsteps; double printval; struct tm tmvdef; int graphelement = 0; long vidx; int max_ii; double magfact = -1; char *si_symb = """"; char *percent_s; int prline_cnt = 0; time_t now = time(NULL); localtime_r(&now, &tmvdef); for (i = 0; i < im->gdes_c; i++) { vidx = im->gdes[i].vidx; switch (im->gdes[i].gf) { case GF_PRINT: case GF_GPRINT: if (im->gdes[vidx].gf == GF_VDEF) { printval = im->gdes[vidx].vf.val; localtime_r(&im->gdes[vidx].vf.when, &tmvdef); } else { max_ii = ((im->gdes[vidx].end - im->gdes[vidx].start) / im->gdes[vidx].step * im->gdes[vidx].ds_cnt); printval = DNAN; validsteps = 0; for (ii = im->gdes[vidx].ds; ii < max_ii; ii += im->gdes[vidx].ds_cnt) { if (!finite(im->gdes[vidx].data[ii])) continue; if (isnan(printval)) { printval = im->gdes[vidx].data[ii]; validsteps++; continue; } switch (im->gdes[i].cf) { case CF_HWPREDICT: case CF_MHWPREDICT: case CF_DEVPREDICT: case CF_DEVSEASONAL: case CF_SEASONAL: case CF_AVERAGE: validsteps++; printval += im->gdes[vidx].data[ii]; break; case CF_MINIMUM: printval = min(printval, im->gdes[vidx].data[ii]); break; case CF_FAILURES: case CF_MAXIMUM: printval = max(printval, im->gdes[vidx].data[ii]); break; case CF_LAST: printval = im->gdes[vidx].data[ii]; } } if (im->gdes[i].cf == CF_AVERAGE || im->gdes[i].cf > CF_LAST) { if (validsteps > 1) { printval = (printval / validsteps); } } } if (!im->gdes[i].strftm && (percent_s = strstr(im->gdes[i].format, ""%S"")) != NULL) { if (magfact < 0.0) { auto_scale(im, &printval, &si_symb, &magfact); if (printval == 0.0) magfact = -1.0; } else { printval /= magfact; } *(++percent_s) = 's'; } else if (!im->gdes[i].strftm && strstr(im->gdes[i].format, ""%s"") != NULL) { auto_scale(im, &printval, &si_symb, &magfact); } if (im->gdes[i].gf == GF_PRINT) { rrd_infoval_t prline; if (im->gdes[i].strftm) { prline.u_str = (char*)malloc((FMT_LEG_LEN + 2) * sizeof(char)); if (im->gdes[vidx].vf.never == 1) { time_clean(prline.u_str, im->gdes[i].format); } else { strftime(prline.u_str, FMT_LEG_LEN, im->gdes[i].format, &tmvdef); } } else if (bad_format(im->gdes[i].format)) { rrd_set_error (""bad format for PRINT in '%s'"", im->gdes[i].format); return -1; } else { prline.u_str = sprintf_alloc(im->gdes[i].format, printval, si_symb); } grinfo_push(im, sprintf_alloc (""print[%ld]"", prline_cnt++), RD_I_STR, prline); free(prline.u_str); } else { if (im->gdes[i].strftm) { if (im->gdes[vidx].vf.never == 1) { time_clean(im->gdes[i].legend, im->gdes[i].format); } else { strftime(im->gdes[i].legend, FMT_LEG_LEN, im->gdes[i].format, &tmvdef); } } else { if (bad_format(im->gdes[i].format)) { rrd_set_error (""bad format for GPRINT in '%s'"", im->gdes[i].format); return -1; } snprintf(im->gdes[i].legend, FMT_LEG_LEN - 2, im->gdes[i].format, printval, si_symb); } graphelement = 1; } break; case GF_LINE: case GF_AREA: case GF_GRAD: case GF_TICK: graphelement = 1; break; case GF_HRULE: if (isnan(im->gdes[i].yrule)) { im->gdes[i].yrule = im->gdes[vidx].vf.val; }; graphelement = 1; break; case GF_VRULE: if (im->gdes[i].xrule == 0) { im->gdes[i].xrule = im->gdes[vidx].vf.when; }; graphelement = 1; break; case GF_COMMENT: case GF_TEXTALIGN: case GF_DEF: case GF_CDEF: case GF_VDEF: #ifdef WITH_PIECHART case GF_PART: #endif case GF_SHIFT: case GF_XPORT: break; case GF_STACK: rrd_set_error (""STACK should already be turned into LINE or AREA here""); return -1; break; case GF_XAXIS: case GF_YAXIS: break; } } return graphelement; }",visit repo url,src/rrd_graph.c,https://github.com/oetiker/rrdtool-1.x,58133983546885,1 5443,['CWE-476'],"static void cache_all_regs(struct kvm_vcpu *vcpu) { kvm_register_read(vcpu, VCPU_REGS_RAX); kvm_register_read(vcpu, VCPU_REGS_RSP); kvm_register_read(vcpu, VCPU_REGS_RIP); vcpu->arch.regs_dirty = ~0; }",linux-2.6,,,260771549032183926827272264730192391994,0 1218,['CWE-20'],"static void fileWrite(void *stream, char *data, int len) { fwrite(data, 1, len, (FILE *)stream); }",poppler,,,88901045164841776930282538932795656231,0 656,NVD-CWE-Other,"int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct inet_sock *isk = inet_sk(sk); int family = sk->sk_family; struct sk_buff *skb; int copied, err; pr_debug(""ping_recvmsg(sk=%p,sk->num=%u)\n"", isk, isk->inet_num); err = -EOPNOTSUPP; if (flags & MSG_OOB) goto out; if (flags & MSG_ERRQUEUE) { if (family == AF_INET) { return ip_recv_error(sk, msg, len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { return pingv6_ops.ipv6_recv_error(sk, msg, len); #endif } } skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (copied > len) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_timestamp(msg, sk, skb); if (family == AF_INET) { struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; sin->sin_family = AF_INET; sin->sin_port = 0 ; sin->sin_addr.s_addr = ip_hdr(skb)->saddr; memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); *addr_len = sizeof(*sin); if (isk->cmsg_flags) ip_cmsg_recv(msg, skb); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { struct ipv6_pinfo *np = inet6_sk(sk); struct ipv6hdr *ip6 = ipv6_hdr(skb); struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)msg->msg_name; sin6->sin6_family = AF_INET6; sin6->sin6_port = 0; sin6->sin6_addr = ip6->saddr; sin6->sin6_flowinfo = 0; if (np->sndflow) sin6->sin6_flowinfo = ip6_flowinfo(ip6); sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); *addr_len = sizeof(*sin6); if (inet6_sk(sk)->rxopt.all) pingv6_ops.ip6_datagram_recv_ctl(sk, msg, skb); #endif } else { BUG(); } err = copied; done: skb_free_datagram(sk, skb); out: pr_debug(""ping_recvmsg -> %d\n"", err); return err; }",visit repo url,net/ipv4/ping.c,https://github.com/torvalds/linux,83452019916269,1 4973,['CWE-20'],"static void nfs_free_client(struct nfs_client *clp) { dprintk(""--> nfs_free_client(%d)\n"", clp->cl_nfsversion); nfs4_shutdown_client(clp); if (!IS_ERR(clp->cl_rpcclient)) rpc_shutdown_client(clp->cl_rpcclient); if (__test_and_clear_bit(NFS_CS_CALLBACK, &clp->cl_res_state)) nfs_callback_down(); kfree(clp->cl_hostname); kfree(clp); dprintk(""<-- nfs_free_client()\n""); }",linux-2.6,,,303904106845699329250176802162465721091,0 4425,CWE-125,"gen_assignment(codegen_scope *s, node *tree, node *rhs, int sp, int val) { int idx; int type = nint(tree->car); switch (type) { case NODE_GVAR: case NODE_ARG: case NODE_LVAR: case NODE_IVAR: case NODE_CVAR: case NODE_CONST: case NODE_NIL: case NODE_MASGN: if (rhs) { codegen(s, rhs, VAL); pop(); sp = cursp(); } break; case NODE_COLON2: case NODE_CALL: case NODE_SCALL: break; case NODE_NVAR: codegen_error(s, ""Can't assign to numbered parameter""); break; default: codegen_error(s, ""unknown lhs""); break; } tree = tree->cdr; switch (type) { case NODE_GVAR: gen_setxv(s, OP_SETGV, sp, nsym(tree), val); break; case NODE_ARG: case NODE_LVAR: idx = lv_idx(s, nsym(tree)); if (idx > 0) { if (idx != sp) { gen_move(s, idx, sp, val); } break; } else { gen_setupvar(s, sp, nsym(tree)); } break; case NODE_IVAR: gen_setxv(s, OP_SETIV, sp, nsym(tree), val); break; case NODE_CVAR: gen_setxv(s, OP_SETCV, sp, nsym(tree), val); break; case NODE_CONST: gen_setxv(s, OP_SETCONST, sp, nsym(tree), val); break; case NODE_COLON2: if (sp) { gen_move(s, cursp(), sp, 0); } sp = cursp(); push(); codegen(s, tree->car, VAL); if (rhs) { codegen(s, rhs, VAL); pop(); gen_move(s, sp, cursp(), 0); } pop_n(2); idx = new_sym(s, nsym(tree->cdr)); genop_2(s, OP_SETMCNST, sp, idx); break; case NODE_CALL: case NODE_SCALL: { int noself = 0, safe = (type == NODE_SCALL), skip = 0, top, call, n = 0; mrb_sym mid = nsym(tree->cdr->car); top = cursp(); if (val || sp == cursp()) { push(); } call = cursp(); if (!tree->car) { noself = 1; push(); } else { codegen(s, tree->car, VAL); } if (safe) { int recv = cursp()-1; gen_move(s, cursp(), recv, 1); skip = genjmp2_0(s, OP_JMPNIL, cursp(), val); } tree = tree->cdr->cdr->car; if (tree) { if (tree->car) { n = gen_values(s, tree->car, VAL, (tree->cdr->car)?13:14); if (n < 0) { n = 15; push(); } } if (tree->cdr->car) { if (n == 14) { pop_n(n); genop_2(s, OP_ARRAY, cursp(), n); push(); n = 15; } gen_hash(s, tree->cdr->car->cdr, VAL, 0); if (n < 14) { n++; } else { pop_n(2); genop_2(s, OP_ARYPUSH, cursp(), 1); } push(); } } if (rhs) { codegen(s, rhs, VAL); pop(); } else { gen_move(s, cursp(), sp, 0); } if (val) { gen_move(s, top, cursp(), 1); } if (n < 14) { n++; } else { pop(); genop_2(s, OP_ARYPUSH, cursp(), 1); } s->sp = call; if (mid == MRB_OPSYM_2(s->mrb, aref) && n == 2) { genop_1(s, OP_SETIDX, cursp()); } else { genop_3(s, noself ? OP_SSEND : OP_SEND, cursp(), new_sym(s, attrsym(s, mid)), n); } if (safe) { dispatch(s, skip); } s->sp = top; } break; case NODE_MASGN: gen_vmassignment(s, tree->car, sp, val); break; case NODE_NIL: break; default: codegen_error(s, ""unknown lhs""); break; } if (val) push(); }",visit repo url,mrbgems/mruby-compiler/core/codegen.c,https://github.com/mruby/mruby,263494610037541,1 3095,['CWE-189'],"int jpc_ppxstab_insert(jpc_ppxstab_t *tab, jpc_ppxstabent_t *ent) { int inspt; int i; for (i = 0; i < tab->numents; ++i) { if (tab->ents[i]->ind > ent->ind) { break; } } inspt = i; if (tab->numents >= tab->maxents) { if (jpc_ppxstab_grow(tab, tab->maxents + 128)) { return -1; } } for (i = tab->numents; i > inspt; --i) { tab->ents[i] = tab->ents[i - 1]; } tab->ents[i] = ent; ++tab->numents; return 0; }",jasper,,,194633040314173465532710329842564145365,0 1763,CWE-119,"static inline bool unconditional(const struct arpt_arp *arp) { static const struct arpt_arp uncond; return memcmp(arp, &uncond, sizeof(uncond)) == 0; }",visit repo url,net/ipv4/netfilter/arp_tables.c,https://github.com/torvalds/linux,78953497172060,1 4502,['CWE-20'],"static int add_new_gdb(handle_t *handle, struct inode *inode, struct ext4_new_group_data *input, struct buffer_head **primary) { struct super_block *sb = inode->i_sb; struct ext4_super_block *es = EXT4_SB(sb)->s_es; unsigned long gdb_num = input->group / EXT4_DESC_PER_BLOCK(sb); ext4_fsblk_t gdblock = EXT4_SB(sb)->s_sbh->b_blocknr + 1 + gdb_num; struct buffer_head **o_group_desc, **n_group_desc; struct buffer_head *dind; int gdbackups; struct ext4_iloc iloc; __le32 *data; int err; if (test_opt(sb, DEBUG)) printk(KERN_DEBUG ""EXT4-fs: ext4_add_new_gdb: adding group block %lu\n"", gdb_num); if (EXT4_SB(sb)->s_sbh->b_blocknr != le32_to_cpu(EXT4_SB(sb)->s_es->s_first_data_block)) { ext4_warning(sb, __func__, ""won't resize using backup superblock at %llu"", (unsigned long long)EXT4_SB(sb)->s_sbh->b_blocknr); return -EPERM; } *primary = sb_bread(sb, gdblock); if (!*primary) return -EIO; if ((gdbackups = verify_reserved_gdb(sb, *primary)) < 0) { err = gdbackups; goto exit_bh; } data = EXT4_I(inode)->i_data + EXT4_DIND_BLOCK; dind = sb_bread(sb, le32_to_cpu(*data)); if (!dind) { err = -EIO; goto exit_bh; } data = (__le32 *)dind->b_data; if (le32_to_cpu(data[gdb_num % EXT4_ADDR_PER_BLOCK(sb)]) != gdblock) { ext4_warning(sb, __func__, ""new group %u GDT block %llu not reserved"", input->group, gdblock); err = -EINVAL; goto exit_dind; } if ((err = ext4_journal_get_write_access(handle, EXT4_SB(sb)->s_sbh))) goto exit_dind; if ((err = ext4_journal_get_write_access(handle, *primary))) goto exit_sbh; if ((err = ext4_journal_get_write_access(handle, dind))) goto exit_primary; if ((err = ext4_reserve_inode_write(handle, inode, &iloc))) goto exit_dindj; n_group_desc = kmalloc((gdb_num + 1) * sizeof(struct buffer_head *), GFP_NOFS); if (!n_group_desc) { err = -ENOMEM; ext4_warning(sb, __func__, ""not enough memory for %lu groups"", gdb_num + 1); goto exit_inode; } data[gdb_num % EXT4_ADDR_PER_BLOCK(sb)] = 0; ext4_handle_dirty_metadata(handle, NULL, dind); brelse(dind); inode->i_blocks -= (gdbackups + 1) * sb->s_blocksize >> 9; ext4_mark_iloc_dirty(handle, inode, &iloc); memset((*primary)->b_data, 0, sb->s_blocksize); ext4_handle_dirty_metadata(handle, NULL, *primary); o_group_desc = EXT4_SB(sb)->s_group_desc; memcpy(n_group_desc, o_group_desc, EXT4_SB(sb)->s_gdb_count * sizeof(struct buffer_head *)); n_group_desc[gdb_num] = *primary; EXT4_SB(sb)->s_group_desc = n_group_desc; EXT4_SB(sb)->s_gdb_count++; kfree(o_group_desc); le16_add_cpu(&es->s_reserved_gdt_blocks, -1); ext4_handle_dirty_metadata(handle, NULL, EXT4_SB(sb)->s_sbh); return 0; exit_inode: brelse(iloc.bh); exit_dindj: exit_primary: exit_sbh: exit_dind: brelse(dind); exit_bh: brelse(*primary); ext4_debug(""leaving with error %d\n"", err); return err; }",linux-2.6,,,332885612281430633913420144249098882494,0 2518,['CWE-119'],"static void show_shortstats(struct diffstat_t* data, struct diff_options *options) { int i, adds = 0, dels = 0, total_files = data->nr; if (data->nr == 0) return; for (i = 0; i < data->nr; i++) { if (!data->files[i]->is_binary && !data->files[i]->is_unmerged) { int added = data->files[i]->added; int deleted= data->files[i]->deleted; if (!data->files[i]->is_renamed && (added + deleted == 0)) { total_files--; } else { adds += added; dels += deleted; } } } fprintf(options->file, "" %d files changed, %d insertions(+), %d deletions(-)\n"", total_files, adds, dels); }",git,,,208469053669334226634038093924392973630,0 5278,CWE-330,"apr_byte_t oidc_cache_get(request_rec *r, const char *section, const char *key, char **value) { oidc_cfg *cfg = ap_get_module_config(r->server->module_config, &auth_openidc_module); int encrypted = oidc_cfg_cache_encrypt(r); apr_byte_t rc = TRUE; char *msg = NULL; oidc_debug(r, ""enter: %s (section=%s, decrypt=%d, type=%s)"", key, section, encrypted, cfg->cache->name); if (encrypted == 1) key = oidc_cache_get_hashed_key(r, cfg->crypto_passphrase, key); const char *cache_value = NULL; if (cfg->cache->get(r, section, key, &cache_value) == FALSE) { rc = FALSE; goto out; } if (cache_value == NULL) goto out; if (encrypted == 0) { *value = apr_pstrdup(r->pool, cache_value); goto out; } rc = (oidc_cache_crypto_decrypt(r, cache_value, oidc_cache_hash_passphrase(r, cfg->crypto_passphrase), (unsigned char **) value) > 0); out: msg = apr_psprintf(r->pool, ""from %s cache backend for %skey %s"", cfg->cache->name, encrypted ? ""encrypted "" : """", key); if (rc == TRUE) if (*value != NULL) oidc_debug(r, ""cache hit: return %d bytes %s"", *value ? (int )strlen(*value) : 0, msg); else oidc_debug(r, ""cache miss %s"", msg); else oidc_warn(r, ""error retrieving value %s"", msg); return rc; }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,4342827097326,1 1025,CWE-476,"struct key *key_get_instantiation_authkey(key_serial_t target_id) { char description[16]; struct keyring_search_context ctx = { .index_key.type = &key_type_request_key_auth, .index_key.description = description, .cred = current_cred(), .match_data.cmp = user_match, .match_data.raw_data = description, .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, }; struct key *authkey; key_ref_t authkey_ref; sprintf(description, ""%x"", target_id); authkey_ref = search_process_keyrings(&ctx); if (IS_ERR(authkey_ref)) { authkey = ERR_CAST(authkey_ref); if (authkey == ERR_PTR(-EAGAIN)) authkey = ERR_PTR(-ENOKEY); goto error; } authkey = key_ref_to_ptr(authkey_ref); if (test_bit(KEY_FLAG_REVOKED, &authkey->flags)) { key_put(authkey); authkey = ERR_PTR(-EKEYREVOKED); } error: return authkey; }",visit repo url,security/keys/request_key_auth.c,https://github.com/torvalds/linux,136463550324450,1 4479,CWE-125,"read_pbm_integer(j_compress_ptr cinfo, FILE *infile, unsigned int maxval) { register int ch; register unsigned int val; do { ch = pbm_getc(infile); if (ch == EOF) ERREXIT(cinfo, JERR_INPUT_EOF); } while (ch == ' ' || ch == '\t' || ch == '\n' || ch == '\r'); if (ch < '0' || ch > '9') ERREXIT(cinfo, JERR_PPM_NONNUMERIC); val = ch - '0'; while ((ch = pbm_getc(infile)) >= '0' && ch <= '9') { val *= 10; val += ch - '0'; } if (val > maxval) ERREXIT(cinfo, JERR_PPM_TOOLARGE); return val; }",visit repo url,rdppm.c,https://github.com/libjpeg-turbo/libjpeg-turbo,89772717737031,1 5218,CWE-276,"resolve_ops (FlatpakTransaction *self, GCancellable *cancellable, GError **error) { FlatpakTransactionPrivate *priv = flatpak_transaction_get_instance_private (self); GList *l; for (l = priv->ops; l != NULL; l = l->next) { FlatpakTransactionOperation *op = l->data; g_autoptr(FlatpakRemoteState) state = NULL; g_autofree char *checksum = NULL; g_autoptr(GBytes) metadata_bytes = NULL; if (op->resolved) continue; if (op->skip) { g_assert (op->resolved_commit != NULL); mark_op_resolved (op, op->resolved_commit, NULL, NULL, NULL); continue; } if (op->kind == FLATPAK_TRANSACTION_OPERATION_UNINSTALL) { metadata_bytes = load_deployed_metadata (self, op->ref, &checksum, NULL); if (metadata_bytes == NULL) { op->skip = TRUE; continue; } mark_op_resolved (op, checksum, NULL, metadata_bytes, NULL); continue; } if (op->kind == FLATPAK_TRANSACTION_OPERATION_INSTALL_BUNDLE) { g_assert (op->commit != NULL); mark_op_resolved (op, op->commit, NULL, op->external_metadata, NULL); continue; } if (flatpak_decomposed_is_app (op->ref)) { if (op->kind == FLATPAK_TRANSACTION_OPERATION_INSTALL) priv->max_op = APP_INSTALL; else priv->max_op = MAX (priv->max_op, APP_UPDATE); } else if (flatpak_decomposed_is_runtime (op->ref)) { if (op->kind == FLATPAK_TRANSACTION_OPERATION_INSTALL) priv->max_op = MAX (priv->max_op, RUNTIME_INSTALL); } state = flatpak_transaction_ensure_remote_state (self, op->kind, op->remote, NULL, error); if (state == NULL) return FALSE; if (transaction_is_local_only (self, op->kind)) { g_autoptr(GVariant) commit_data = flatpak_dir_read_latest_commit (priv->dir, op->remote, op->ref, &checksum, NULL, error); if (commit_data == NULL) return FALSE; resolve_op_from_commit (self, op, checksum, NULL, commit_data); } else { g_autoptr(GError) local_error = NULL; g_autoptr(GFile) sideload_path = NULL; if (op->commit != NULL) { checksum = g_strdup (op->commit); sideload_path = flatpak_remote_state_lookup_sideload_checksum (state, op->commit); } else { g_autofree char *latest_checksum = NULL; g_autoptr(GFile) latest_sideload_path = NULL; g_autofree char *local_checksum = NULL; guint64 latest_timestamp; g_autoptr(GVariant) local_commit_data = flatpak_dir_read_latest_commit (priv->dir, op->remote, op->ref, &local_checksum, NULL, NULL); if (flatpak_dir_find_latest_rev (priv->dir, state, flatpak_decomposed_get_ref (op->ref), op->commit, &latest_checksum, &latest_timestamp, &latest_sideload_path, cancellable, &local_error)) { if (latest_sideload_path != NULL && local_commit_data && latest_timestamp != 0 && ostree_commit_get_timestamp (local_commit_data) > latest_timestamp) { g_debug (""Installed commit %s newer than sideloaded %s, ignoring"", local_checksum, latest_checksum); checksum = g_steal_pointer (&local_checksum); } else { checksum = g_steal_pointer (&latest_checksum); sideload_path = g_steal_pointer (&latest_sideload_path); } } else { if (local_commit_data == NULL) { g_propagate_error (error, g_steal_pointer (&local_error)); return FALSE; } g_message (_(""Warning: Treating remote fetch error as non-fatal since %s is already installed: %s""), flatpak_decomposed_get_ref (op->ref), local_error->message); g_clear_error (&local_error); checksum = g_steal_pointer (&local_checksum); } } if (!try_resolve_op_from_metadata (self, op, checksum, sideload_path, state)) { g_autoptr(GVariant) commit_data = NULL; VarRefInfoRef ref_info; if (op->summary_metadata == NULL && flatpak_remote_state_lookup_ref (state, flatpak_decomposed_get_ref (op->ref), NULL, NULL, &ref_info, NULL, NULL)) op->summary_metadata = var_metadata_dup_to_gvariant (var_ref_info_get_metadata (ref_info)); commit_data = flatpak_remote_state_load_ref_commit (state, priv->dir, flatpak_decomposed_get_ref (op->ref), checksum, op->resolved_token, NULL, NULL, &local_error); if (commit_data == NULL) { if (g_error_matches (local_error, FLATPAK_HTTP_ERROR, FLATPAK_HTTP_ERROR_UNAUTHORIZED) && !op->requested_token) { g_debug (""Unauthorized access during resolve by commit of %s, retrying with token"", flatpak_decomposed_get_ref (op->ref)); priv->needs_resolve = TRUE; priv->needs_tokens = TRUE; op->token_type = G_MAXINT32; op->resolved_commit = g_strdup (checksum); g_clear_error (&local_error); continue; } g_propagate_error (error, g_steal_pointer (&local_error)); return FALSE; } resolve_op_from_commit (self, op, checksum, sideload_path, commit_data); } } } return TRUE; }",visit repo url,common/flatpak-transaction.c,https://github.com/flatpak/flatpak,167528483946594,1 784,['CWE-119'],"static __inline__ int isdn_net_device_busy(isdn_net_local *lp) { isdn_net_local *nlp; isdn_net_dev *nd; unsigned long flags; if (!isdn_net_lp_busy(lp)) return 0; if (lp->master) nd = ((isdn_net_local *) lp->master->priv)->netdev; else nd = lp->netdev; spin_lock_irqsave(&nd->queue_lock, flags); nlp = lp->next; while (nlp != lp) { if (!isdn_net_lp_busy(nlp)) { spin_unlock_irqrestore(&nd->queue_lock, flags); return 0; } nlp = nlp->next; } spin_unlock_irqrestore(&nd->queue_lock, flags); return 1; }",linux-2.6,,,299969226358325212780229173141670582757,0 5810,['CWE-200'],"static void __exit atalk_exit(void) { #ifdef CONFIG_SYSCTL atalk_unregister_sysctl(); #endif atalk_proc_exit(); aarp_cleanup_module(); unregister_netdevice_notifier(&ddp_notifier); dev_remove_pack(<alk_packet_type); dev_remove_pack(&ppptalk_packet_type); unregister_snap_client(ddp_dl); sock_unregister(PF_APPLETALK); proto_unregister(&ddp_proto); }",linux-2.6,,,161589759116739677982575221201385634358,0 6290,NVD-CWE-noinfo,"static void dhcps_initialize_message(struct dhcp_msg *dhcp_message_repository) { dhcp_message_repository->op = DHCP_MESSAGE_OP_REPLY; dhcp_message_repository->htype = DHCP_MESSAGE_HTYPE; dhcp_message_repository->hlen = DHCP_MESSAGE_HLEN; dhcp_message_repository->hops = 0; memcpy((char *)dhcp_recorded_xid, (char *) dhcp_message_repository->xid, sizeof(dhcp_message_repository->xid)); dhcp_message_repository->secs = 0; dhcp_message_repository->flags = htons(BOOTP_BROADCAST); memcpy((char *)dhcp_message_repository->yiaddr, (char *)&dhcps_allocated_client_address, sizeof(dhcp_message_repository->yiaddr)); memset((char *)dhcp_message_repository->ciaddr, 0, sizeof(dhcp_message_repository->ciaddr)); memset((char *)dhcp_message_repository->siaddr, 0, sizeof(dhcp_message_repository->siaddr)); memset((char *)dhcp_message_repository->giaddr, 0, sizeof(dhcp_message_repository->giaddr)); memset((char *)dhcp_message_repository->sname, 0, sizeof(dhcp_message_repository->sname)); memset((char *)dhcp_message_repository->file, 0, sizeof(dhcp_message_repository->file)); memset((char *)dhcp_message_repository->options, 0, dhcp_message_total_options_lenth); memcpy((char *)dhcp_message_repository->options, (char *)dhcp_magic_cookie, sizeof(dhcp_magic_cookie)); }",visit repo url,component/common/network/dhcp/dhcps.c,https://github.com/ambiot/amb1_sdk,107295075901611,1 2965,['CWE-189'],"static int jpc_dec_cp_setfromqcd(jpc_dec_cp_t *cp, jpc_qcd_t *qcd) { int compno; jpc_dec_ccp_t *ccp; for (compno = 0, ccp = cp->ccps; compno < cp->numcomps; ++compno, ++ccp) { jpc_dec_cp_setfromqcx(cp, ccp, &qcd->compparms, 0); } cp->flags |= JPC_QSET; return 0; }",jasper,,,96793795690961616578404940081409749051,0 2873,CWE-119,"loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned char **read_ptr) { uint32 i; float xres = 0.0, yres = 0.0; uint16 nstrips = 0, ntiles = 0, planar = 0; uint16 bps = 0, spp = 0, res_unit = 0; uint16 orientation = 0; uint16 input_compression = 0, input_photometric = 0; uint16 subsampling_horiz, subsampling_vert; uint32 width = 0, length = 0; uint32 stsize = 0, tlsize = 0, buffsize = 0, scanlinesize = 0; uint32 tw = 0, tl = 0; uint32 tile_rowsize = 0; unsigned char *read_buff = NULL; unsigned char *new_buff = NULL; int readunit = 0; static uint32 prev_readsize = 0; TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); TIFFGetFieldDefaulted(in, TIFFTAG_SAMPLESPERPIXEL, &spp); TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); TIFFGetFieldDefaulted(in, TIFFTAG_ORIENTATION, &orientation); if (! TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric)) TIFFError(""loadImage"",""Image lacks Photometric interpreation tag""); if (! TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width)) TIFFError(""loadimage"",""Image lacks image width tag""); if(! TIFFGetField(in, TIFFTAG_IMAGELENGTH, &length)) TIFFError(""loadimage"",""Image lacks image length tag""); TIFFGetFieldDefaulted(in, TIFFTAG_XRESOLUTION, &xres); TIFFGetFieldDefaulted(in, TIFFTAG_YRESOLUTION, &yres); if (!TIFFGetFieldDefaulted(in, TIFFTAG_RESOLUTIONUNIT, &res_unit)) res_unit = RESUNIT_INCH; if (!TIFFGetField(in, TIFFTAG_COMPRESSION, &input_compression)) input_compression = COMPRESSION_NONE; #ifdef DEBUG2 char compressionid[16]; switch (input_compression) { case COMPRESSION_NONE: strcpy (compressionid, ""None/dump""); break; case COMPRESSION_CCITTRLE: strcpy (compressionid, ""Huffman RLE""); break; case COMPRESSION_CCITTFAX3: strcpy (compressionid, ""Group3 Fax""); break; case COMPRESSION_CCITTFAX4: strcpy (compressionid, ""Group4 Fax""); break; case COMPRESSION_LZW: strcpy (compressionid, ""LZW""); break; case COMPRESSION_OJPEG: strcpy (compressionid, ""Old Jpeg""); break; case COMPRESSION_JPEG: strcpy (compressionid, ""New Jpeg""); break; case COMPRESSION_NEXT: strcpy (compressionid, ""Next RLE""); break; case COMPRESSION_CCITTRLEW: strcpy (compressionid, ""CITTRLEW""); break; case COMPRESSION_PACKBITS: strcpy (compressionid, ""Mac Packbits""); break; case COMPRESSION_THUNDERSCAN: strcpy (compressionid, ""Thunderscan""); break; case COMPRESSION_IT8CTPAD: strcpy (compressionid, ""IT8 padded""); break; case COMPRESSION_IT8LW: strcpy (compressionid, ""IT8 RLE""); break; case COMPRESSION_IT8MP: strcpy (compressionid, ""IT8 mono""); break; case COMPRESSION_IT8BL: strcpy (compressionid, ""IT8 lineart""); break; case COMPRESSION_PIXARFILM: strcpy (compressionid, ""Pixar 10 bit""); break; case COMPRESSION_PIXARLOG: strcpy (compressionid, ""Pixar 11bit""); break; case COMPRESSION_DEFLATE: strcpy (compressionid, ""Deflate""); break; case COMPRESSION_ADOBE_DEFLATE: strcpy (compressionid, ""Adobe deflate""); break; default: strcpy (compressionid, ""None/unknown""); break; } TIFFError(""loadImage"", ""Input compression %s"", compressionid); #endif scanlinesize = TIFFScanlineSize(in); image->bps = bps; image->spp = spp; image->planar = planar; image->width = width; image->length = length; image->xres = xres; image->yres = yres; image->res_unit = res_unit; image->compression = input_compression; image->photometric = input_photometric; #ifdef DEBUG2 char photometricid[12]; switch (input_photometric) { case PHOTOMETRIC_MINISWHITE: strcpy (photometricid, ""MinIsWhite""); break; case PHOTOMETRIC_MINISBLACK: strcpy (photometricid, ""MinIsBlack""); break; case PHOTOMETRIC_RGB: strcpy (photometricid, ""RGB""); break; case PHOTOMETRIC_PALETTE: strcpy (photometricid, ""Palette""); break; case PHOTOMETRIC_MASK: strcpy (photometricid, ""Mask""); break; case PHOTOMETRIC_SEPARATED: strcpy (photometricid, ""Separated""); break; case PHOTOMETRIC_YCBCR: strcpy (photometricid, ""YCBCR""); break; case PHOTOMETRIC_CIELAB: strcpy (photometricid, ""CIELab""); break; case PHOTOMETRIC_ICCLAB: strcpy (photometricid, ""ICCLab""); break; case PHOTOMETRIC_ITULAB: strcpy (photometricid, ""ITULab""); break; case PHOTOMETRIC_LOGL: strcpy (photometricid, ""LogL""); break; case PHOTOMETRIC_LOGLUV: strcpy (photometricid, ""LOGLuv""); break; default: strcpy (photometricid, ""Unknown""); break; } TIFFError(""loadImage"", ""Input photometric interpretation %s"", photometricid); #endif image->orientation = orientation; switch (orientation) { case 0: case ORIENTATION_TOPLEFT: image->adjustments = 0; break; case ORIENTATION_TOPRIGHT: image->adjustments = MIRROR_HORIZ; break; case ORIENTATION_BOTRIGHT: image->adjustments = ROTATECW_180; break; case ORIENTATION_BOTLEFT: image->adjustments = MIRROR_VERT; break; case ORIENTATION_LEFTTOP: image->adjustments = MIRROR_VERT | ROTATECW_90; break; case ORIENTATION_RIGHTTOP: image->adjustments = ROTATECW_90; break; case ORIENTATION_RIGHTBOT: image->adjustments = MIRROR_VERT | ROTATECW_270; break; case ORIENTATION_LEFTBOT: image->adjustments = ROTATECW_270; break; default: image->adjustments = 0; image->orientation = ORIENTATION_TOPLEFT; } if ((bps == 0) || (spp == 0)) { TIFFError(""loadImage"", ""Invalid samples per pixel (%d) or bits per sample (%d)"", spp, bps); return (-1); } if (TIFFIsTiled(in)) { readunit = TILE; tlsize = TIFFTileSize(in); ntiles = TIFFNumberOfTiles(in); TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); tile_rowsize = TIFFTileRowSize(in); if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0) { TIFFError(""loadImage"", ""File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.""); exit(-1); } buffsize = tlsize * ntiles; if (tlsize != (buffsize / ntiles)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } if (buffsize < (uint32)(ntiles * tl * tile_rowsize)) { buffsize = ntiles * tl * tile_rowsize; if (ntiles != (buffsize / tl / tile_rowsize)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } #ifdef DEBUG2 TIFFError(""loadImage"", ""Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu"", tlsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Tilesize: %u, Number of Tiles: %u, Tile row size: %u"", tlsize, ntiles, tile_rowsize); } else { uint32 buffsize_check; readunit = STRIP; TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); stsize = TIFFStripSize(in); nstrips = TIFFNumberOfStrips(in); if (nstrips == 0 || stsize == 0) { TIFFError(""loadImage"", ""File appears to be striped, but the number of stipes or stripe size is zero.""); exit(-1); } buffsize = stsize * nstrips; if (stsize != (buffsize / nstrips)) { TIFFError(""loadImage"", ""Integer overflow when calculating buffer size""); exit(-1); } buffsize_check = ((length * width * spp * bps) + 7); if (length != ((buffsize_check - 7) / width / spp / bps)) { TIFFError(""loadImage"", ""Integer overflow detected.""); exit(-1); } if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8)) { buffsize = ((length * width * spp * bps) + 7) / 8; #ifdef DEBUG2 TIFFError(""loadImage"", ""Stripsize %u is too small, using imagelength * width * spp * bps / 8 = %lu"", stsize, (unsigned long)buffsize); #endif } if (dump->infile != NULL) dump_info (dump->infile, dump->format, """", ""Stripsize: %u, Number of Strips: %u, Rows per Strip: %u, Scanline size: %u"", stsize, nstrips, rowsperstrip, scanlinesize); } if (input_compression == COMPRESSION_JPEG) { jpegcolormode = JPEGCOLORMODE_RGB; TIFFSetField(in, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { if (input_photometric == PHOTOMETRIC_YCBCR) { TIFFGetFieldDefaulted(in, TIFFTAG_YCBCRSUBSAMPLING, &subsampling_horiz, &subsampling_vert); if (subsampling_horiz != 1 || subsampling_vert != 1) { TIFFError(""loadImage"", ""Can't copy/convert subsampled image with subsampling %d horiz %d vert"", subsampling_horiz, subsampling_vert); return (-1); } } } read_buff = *read_ptr; if (!read_buff) read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); else { if (prev_readsize < buffsize) { new_buff = _TIFFrealloc(read_buff, buffsize+3); if (!new_buff) { free (read_buff); read_buff = (unsigned char *)_TIFFmalloc(buffsize+3); } else read_buff = new_buff; } } if (!read_buff) { TIFFError(""loadImage"", ""Unable to allocate/reallocate read buffer""); return (-1); } read_buff[buffsize] = 0; read_buff[buffsize+1] = 0; read_buff[buffsize+2] = 0; prev_readsize = buffsize; *read_ptr = read_buff; switch (readunit) { case STRIP: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigStripsIntoBuffer(in, read_buff))) { TIFFError(""loadImage"", ""Unable to read contiguous strips into buffer""); return (-1); } } else { if (!(readSeparateStripsIntoBuffer(in, read_buff, length, width, spp, dump))) { TIFFError(""loadImage"", ""Unable to read separate strips into buffer""); return (-1); } } break; case TILE: if (planar == PLANARCONFIG_CONTIG) { if (!(readContigTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read contiguous tiles into buffer""); return (-1); } } else { if (!(readSeparateTilesIntoBuffer(in, read_buff, length, width, tw, tl, spp, bps))) { TIFFError(""loadImage"", ""Unable to read separate tiles into buffer""); return (-1); } } break; default: TIFFError(""loadImage"", ""Unsupported image file format""); return (-1); break; } if ((dump->infile != NULL) && (dump->level == 2)) { dump_info (dump->infile, dump->format, ""loadImage"", ""Image width %d, length %d, Raw image data, %4d bytes"", width, length, buffsize); dump_info (dump->infile, dump->format, """", ""Bits per sample %d, Samples per pixel %d"", bps, spp); for (i = 0; i < length; i++) dump_buffer(dump->infile, dump->format, 1, scanlinesize, i, read_buff + (i * scanlinesize)); } return (0); } ",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,240254658313187,1 5318,CWE-787,"static int do_i2c_mw(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) { uint chip; ulong addr; int alen; uchar byte; int count; int ret; #if CONFIG_IS_ENABLED(DM_I2C) struct udevice *dev; #endif if ((argc < 4) || (argc > 5)) return CMD_RET_USAGE; chip = hextoul(argv[1], NULL); addr = hextoul(argv[2], NULL); alen = get_alen(argv[2], DEFAULT_ADDR_LEN); if (alen > 3) return CMD_RET_USAGE; #if CONFIG_IS_ENABLED(DM_I2C) ret = i2c_get_cur_bus_chip(chip, &dev); if (!ret && alen != -1) ret = i2c_set_chip_offset_len(dev, alen); if (ret) return i2c_report_err(ret, I2C_ERR_WRITE); #endif byte = hextoul(argv[3], NULL); if (argc == 5) count = hextoul(argv[4], NULL); else count = 1; while (count-- > 0) { #if CONFIG_IS_ENABLED(DM_I2C) ret = dm_i2c_write(dev, addr++, &byte, 1); #else ret = i2c_write(chip, addr++, alen, &byte, 1); #endif if (ret) return i2c_report_err(ret, I2C_ERR_WRITE); #if !defined(CONFIG_SYS_I2C_FRAM) udelay(11000); #endif } return 0; }",visit repo url,cmd/i2c.c,https://github.com/u-boot/u-boot,207261158342086,1 3264,CWE-125,"vqp_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) { const struct vqp_common_header_t *vqp_common_header; const struct vqp_obj_tlv_t *vqp_obj_tlv; const u_char *tptr; uint16_t vqp_obj_len; uint32_t vqp_obj_type; int tlen; uint8_t nitems; tptr=pptr; tlen = len; vqp_common_header = (const struct vqp_common_header_t *)pptr; ND_TCHECK(*vqp_common_header); if (VQP_EXTRACT_VERSION(vqp_common_header->version) != VQP_VERSION) { ND_PRINT((ndo, ""VQP version %u packet not supported"", VQP_EXTRACT_VERSION(vqp_common_header->version))); return; } if (ndo->ndo_vflag < 1) { ND_PRINT((ndo, ""VQPv%u %s Message, error-code %s (%u), length %u"", VQP_EXTRACT_VERSION(vqp_common_header->version), tok2str(vqp_msg_type_values, ""unknown (%u)"",vqp_common_header->msg_type), tok2str(vqp_error_code_values, ""unknown (%u)"",vqp_common_header->error_code), vqp_common_header->error_code, len)); return; } nitems = vqp_common_header->nitems; ND_PRINT((ndo, ""\n\tVQPv%u, %s Message, error-code %s (%u), seq 0x%08x, items %u, length %u"", VQP_EXTRACT_VERSION(vqp_common_header->version), tok2str(vqp_msg_type_values, ""unknown (%u)"",vqp_common_header->msg_type), tok2str(vqp_error_code_values, ""unknown (%u)"",vqp_common_header->error_code), vqp_common_header->error_code, EXTRACT_32BITS(&vqp_common_header->sequence), nitems, len)); tptr+=sizeof(const struct vqp_common_header_t); tlen-=sizeof(const struct vqp_common_header_t); while (nitems > 0 && tlen > 0) { vqp_obj_tlv = (const struct vqp_obj_tlv_t *)tptr; vqp_obj_type = EXTRACT_32BITS(vqp_obj_tlv->obj_type); vqp_obj_len = EXTRACT_16BITS(vqp_obj_tlv->obj_length); tptr+=sizeof(struct vqp_obj_tlv_t); tlen-=sizeof(struct vqp_obj_tlv_t); ND_PRINT((ndo, ""\n\t %s Object (0x%08x), length %u, value: "", tok2str(vqp_obj_values, ""Unknown"", vqp_obj_type), vqp_obj_type, vqp_obj_len)); if (vqp_obj_type == 0 || vqp_obj_len ==0) { return; } ND_TCHECK2(*tptr, vqp_obj_len); switch(vqp_obj_type) { case VQP_OBJ_IP_ADDRESS: ND_PRINT((ndo, ""%s (0x%08x)"", ipaddr_string(ndo, tptr), EXTRACT_32BITS(tptr))); break; case VQP_OBJ_PORT_NAME: case VQP_OBJ_VLAN_NAME: case VQP_OBJ_VTP_DOMAIN: case VQP_OBJ_ETHERNET_PKT: safeputs(ndo, tptr, vqp_obj_len); break; case VQP_OBJ_MAC_ADDRESS: case VQP_OBJ_MAC_NULL: ND_PRINT((ndo, ""%s"", etheraddr_string(ndo, tptr))); break; default: if (ndo->ndo_vflag <= 1) print_unknown_data(ndo,tptr, ""\n\t "", vqp_obj_len); break; } tptr += vqp_obj_len; tlen -= vqp_obj_len; nitems--; } return; trunc: ND_PRINT((ndo, ""\n\t[|VQP]"")); }",visit repo url,print-vqp.c,https://github.com/the-tcpdump-group/tcpdump,163814995337646,1 158,[],"static void *do_ncp_super_data_conv(void *raw_data) { int version = *(unsigned int *)raw_data; if (version == 3) { struct compat_ncp_mount_data *c_n = raw_data; struct ncp_mount_data *n = raw_data; n->dir_mode = c_n->dir_mode; n->file_mode = c_n->file_mode; n->gid = c_n->gid; n->uid = c_n->uid; memmove (n->mounted_vol, c_n->mounted_vol, (sizeof (c_n->mounted_vol) + 3 * sizeof (unsigned int))); n->wdog_pid = c_n->wdog_pid; n->mounted_uid = c_n->mounted_uid; } else if (version == 4) { struct compat_ncp_mount_data_v4 *c_n = raw_data; struct ncp_mount_data_v4 *n = raw_data; n->dir_mode = c_n->dir_mode; n->file_mode = c_n->file_mode; n->gid = c_n->gid; n->uid = c_n->uid; n->retry_count = c_n->retry_count; n->time_out = c_n->time_out; n->ncp_fd = c_n->ncp_fd; n->wdog_pid = c_n->wdog_pid; n->mounted_uid = c_n->mounted_uid; n->flags = c_n->flags; } else if (version != 5) { return NULL; } return raw_data; }",linux-2.6,,,147399996199881401300241071752917201278,0 3483,['CWE-20'],"int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, const union sctp_addr *peer_addr, sctp_init_chunk_t *peer_init, gfp_t gfp) { union sctp_params param; struct sctp_transport *transport; struct list_head *pos, *temp; char *cookie; if (peer_addr) { if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) goto nomem; } sctp_walk_params(param, peer_init, init_hdr.params) { if (!sctp_process_param(asoc, param, peer_addr, gfp)) goto clean_up; } if (asoc->peer.auth_capable && (!asoc->peer.peer_random || !asoc->peer.peer_hmacs)) asoc->peer.auth_capable = 0; if (!sctp_addip_noauth && (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | SCTP_PARAM_DEL_IP | SCTP_PARAM_SET_PRIMARY); asoc->peer.asconf_capable = 0; goto clean_up; } list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { transport = list_entry(pos, struct sctp_transport, transports); if (transport->state == SCTP_UNKNOWN) { sctp_assoc_rm_peer(asoc, transport); } } asoc->peer.i.init_tag = ntohl(peer_init->init_hdr.init_tag); asoc->peer.i.a_rwnd = ntohl(peer_init->init_hdr.a_rwnd); asoc->peer.i.num_outbound_streams = ntohs(peer_init->init_hdr.num_outbound_streams); asoc->peer.i.num_inbound_streams = ntohs(peer_init->init_hdr.num_inbound_streams); asoc->peer.i.initial_tsn = ntohl(peer_init->init_hdr.initial_tsn); if (asoc->c.sinit_num_ostreams > ntohs(peer_init->init_hdr.num_inbound_streams)) { asoc->c.sinit_num_ostreams = ntohs(peer_init->init_hdr.num_inbound_streams); } if (asoc->c.sinit_max_instreams > ntohs(peer_init->init_hdr.num_outbound_streams)) { asoc->c.sinit_max_instreams = ntohs(peer_init->init_hdr.num_outbound_streams); } asoc->c.peer_vtag = asoc->peer.i.init_tag; asoc->peer.rwnd = asoc->peer.i.a_rwnd; cookie = asoc->peer.cookie; if (cookie) { asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); if (!asoc->peer.cookie) goto clean_up; } list_for_each_entry(transport, &asoc->peer.transport_addr_list, transports) { transport->ssthresh = asoc->peer.i.a_rwnd; } sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, asoc->peer.i.initial_tsn); if (!asoc->temp) { int error; asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, asoc->c.sinit_num_ostreams, gfp); if (!asoc->ssnmap) goto clean_up; error = sctp_assoc_set_id(asoc, gfp); if (error) goto clean_up; } asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; return 1; clean_up: list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { transport = list_entry(pos, struct sctp_transport, transports); if (transport->state != SCTP_ACTIVE) sctp_assoc_rm_peer(asoc, transport); } nomem: return 0; }",linux-2.6,,,169164398148674809387762496925544126624,0 1438,[],"static inline int depth_se(struct sched_entity *se) { int depth = 0; for_each_sched_entity(se) depth++; return depth; }",linux-2.6,,,308244691755814968847955555640049983862,0 533,['CWE-399'],"static void pwc_remove_sysfs_files(struct video_device *vdev) { struct pwc_device *pdev = video_get_drvdata(vdev); if (pdev->features & FEATURE_MOTOR_PANTILT) video_device_remove_file(vdev, &class_device_attr_pan_tilt); video_device_remove_file(vdev, &class_device_attr_button); }",linux-2.6,,,304264344777449152457169660621351269373,0 1703,CWE-19,"void ext4_xattr_destroy_cache(struct mb_cache *cache) { if (cache) mb_cache_destroy(cache); }",visit repo url,fs/ext4/xattr.c,https://github.com/torvalds/linux,121695835973649,1 1736,[],"fire_sched_out_preempt_notifiers(struct task_struct *curr, struct task_struct *next) { struct preempt_notifier *notifier; struct hlist_node *node; hlist_for_each_entry(notifier, node, &curr->preempt_notifiers, link) notifier->ops->sched_out(notifier, next); }",linux-2.6,,,171427942909375217941498601751573641545,0 136,CWE-476,"unsigned long perf_instruction_pointer(struct pt_regs *regs) { bool use_siar = regs_use_siar(regs); unsigned long siar = mfspr(SPRN_SIAR); if (ppmu->flags & PPMU_P10_DD1) { if (siar) return siar; else return regs->nip; } else if (use_siar && siar_valid(regs)) return mfspr(SPRN_SIAR) + perf_ip_adjust(regs); else if (use_siar) return 0; else return regs->nip; }",visit repo url,arch/powerpc/perf/core-book3s.c,https://github.com/torvalds/linux,106050274749888,1 5649,CWE-120,"process_options(argc, argv) int argc; char *argv[]; { int i, l; while (argc > 1 && argv[1][0] == '-') { argv++; argc--; l = (int) strlen(*argv); if (l < 4) l = 4; switch (argv[0][1]) { case 'D': case 'd': if ((argv[0][1] == 'D' && !argv[0][2]) || !strcmpi(*argv, ""-debug"")) { wizard = TRUE, discover = FALSE; } else if (!strncmpi(*argv, ""-DECgraphics"", l)) { load_symset(""DECGraphics"", PRIMARY); switch_symbols(TRUE); } else { raw_printf(""Unknown option: %s"", *argv); } break; case 'X': discover = TRUE, wizard = FALSE; break; #ifdef NEWS case 'n': iflags.news = FALSE; break; #endif case 'u': if (argv[0][2]) { (void) strncpy(plname, argv[0] + 2, sizeof plname - 1); } else if (argc > 1) { argc--; argv++; (void) strncpy(plname, argv[0], sizeof plname - 1); } else { raw_print(""Player name expected after -u""); } break; case 'I': case 'i': if (!strncmpi(*argv, ""-IBMgraphics"", l)) { load_symset(""IBMGraphics"", PRIMARY); load_symset(""RogueIBM"", ROGUESET); switch_symbols(TRUE); } else { raw_printf(""Unknown option: %s"", *argv); } break; case 'p': if (argv[0][2]) { if ((i = str2role(&argv[0][2])) >= 0) flags.initrole = i; } else if (argc > 1) { argc--; argv++; if ((i = str2role(argv[0])) >= 0) flags.initrole = i; } break; case 'r': if (argv[0][2]) { if ((i = str2race(&argv[0][2])) >= 0) flags.initrace = i; } else if (argc > 1) { argc--; argv++; if ((i = str2race(argv[0])) >= 0) flags.initrace = i; } break; case 'w': config_error_init(FALSE, ""command line"", FALSE); choose_windows(&argv[0][2]); config_error_done(); break; case '@': flags.randomall = 1; break; default: if ((i = str2role(&argv[0][1])) >= 0) { flags.initrole = i; break; } } } #ifdef SYSCF if (argc > 1) raw_printf(""MAXPLAYERS are set in sysconf file.\n""); #else if (argc > 1) locknum = atoi(argv[1]); #endif #ifdef MAX_NR_OF_PLAYERS if (!locknum || locknum > MAX_NR_OF_PLAYERS) locknum = MAX_NR_OF_PLAYERS; #endif #ifdef SYSCF if (!locknum || (sysopt.maxplayers && locknum > sysopt.maxplayers)) locknum = sysopt.maxplayers; #endif }",visit repo url,sys/unix/unixmain.c,https://github.com/NetHack/NetHack,193356282385237,1 3057,['CWE-189'],"void jpc_mqdec_dump(jpc_mqdec_t *mqdec, FILE *out) { fprintf(out, ""MQDEC A = %08lx, C = %08lx, CT=%08lx, "", (unsigned long) mqdec->areg, (unsigned long) mqdec->creg, (unsigned long) mqdec->ctreg); fprintf(out, ""CTX = %d, "", mqdec->curctx - mqdec->ctxs); fprintf(out, ""IND %d, MPS %d, QEVAL %x\n"", *mqdec->curctx - jpc_mqstates, (*mqdec->curctx)->mps, (*mqdec->curctx)->qeval); }",jasper,,,325736977465751627154660097767064871814,0 4436,CWE-476,"mrb_vm_exec(mrb_state *mrb, const struct RProc *proc, const mrb_code *pc) { const mrb_irep *irep = proc->body.irep; const mrb_pool_value *pool = irep->pool; const mrb_sym *syms = irep->syms; mrb_code insn; int ai = mrb_gc_arena_save(mrb); struct mrb_jmpbuf *prev_jmp = mrb->jmp; struct mrb_jmpbuf c_jmp; uint32_t a; uint16_t b; uint16_t c; mrb_sym mid; const struct mrb_irep_catch_handler *ch; #ifdef DIRECT_THREADED static const void * const optable[] = { #define OPCODE(x,_) &&L_OP_ ## x, #include ""mruby/ops.h"" #undef OPCODE }; #endif mrb_bool exc_catched = FALSE; RETRY_TRY_BLOCK: MRB_TRY(&c_jmp) { if (exc_catched) { exc_catched = FALSE; mrb_gc_arena_restore(mrb, ai); if (mrb->exc && mrb->exc->tt == MRB_TT_BREAK) goto L_BREAK; goto L_RAISE; } mrb->jmp = &c_jmp; mrb_vm_ci_proc_set(mrb->c->ci, proc); #define regs (mrb->c->ci->stack) INIT_DISPATCH { CASE(OP_NOP, Z) { NEXT; } CASE(OP_MOVE, BB) { regs[a] = regs[b]; NEXT; } CASE(OP_LOADL, BB) { switch (pool[b].tt) { case IREP_TT_INT32: regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i32); break; case IREP_TT_INT64: #if defined(MRB_INT64) regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; #else #if defined(MRB_64BIT) if (INT32_MIN <= pool[b].u.i64 && pool[b].u.i64 <= INT32_MAX) { regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; } #endif goto L_INT_OVERFLOW; #endif case IREP_TT_BIGINT: goto L_INT_OVERFLOW; #ifndef MRB_NO_FLOAT case IREP_TT_FLOAT: regs[a] = mrb_float_value(mrb, pool[b].u.f); break; #endif default: regs[a] = mrb_nil_value(); break; } NEXT; } CASE(OP_LOADI, BB) { SET_FIXNUM_VALUE(regs[a], b); NEXT; } CASE(OP_LOADINEG, BB) { SET_FIXNUM_VALUE(regs[a], -b); NEXT; } CASE(OP_LOADI__1,B) goto L_LOADI; CASE(OP_LOADI_0,B) goto L_LOADI; CASE(OP_LOADI_1,B) goto L_LOADI; CASE(OP_LOADI_2,B) goto L_LOADI; CASE(OP_LOADI_3,B) goto L_LOADI; CASE(OP_LOADI_4,B) goto L_LOADI; CASE(OP_LOADI_5,B) goto L_LOADI; CASE(OP_LOADI_6,B) goto L_LOADI; CASE(OP_LOADI_7, B) { L_LOADI: SET_FIXNUM_VALUE(regs[a], (mrb_int)insn - (mrb_int)OP_LOADI_0); NEXT; } CASE(OP_LOADI16, BS) { SET_FIXNUM_VALUE(regs[a], (mrb_int)(int16_t)b); NEXT; } CASE(OP_LOADI32, BSS) { SET_INT_VALUE(mrb, regs[a], (int32_t)(((uint32_t)b<<16)+c)); NEXT; } CASE(OP_LOADSYM, BB) { SET_SYM_VALUE(regs[a], syms[b]); NEXT; } CASE(OP_LOADNIL, B) { SET_NIL_VALUE(regs[a]); NEXT; } CASE(OP_LOADSELF, B) { regs[a] = regs[0]; NEXT; } CASE(OP_LOADT, B) { SET_TRUE_VALUE(regs[a]); NEXT; } CASE(OP_LOADF, B) { SET_FALSE_VALUE(regs[a]); NEXT; } CASE(OP_GETGV, BB) { mrb_value val = mrb_gv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETGV, BB) { mrb_gv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETSV, BB) { mrb_value val = mrb_vm_special_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETSV, BB) { mrb_vm_special_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIV, BB) { regs[a] = mrb_iv_get(mrb, regs[0], syms[b]); NEXT; } CASE(OP_SETIV, BB) { mrb_iv_set(mrb, regs[0], syms[b], regs[a]); NEXT; } CASE(OP_GETCV, BB) { mrb_value val; val = mrb_vm_cv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETCV, BB) { mrb_vm_cv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIDX, B) { mrb_value va = regs[a], vb = regs[a+1]; switch (mrb_type(va)) { case MRB_TT_ARRAY: if (!mrb_integer_p(vb)) goto getidx_fallback; regs[a] = mrb_ary_entry(va, mrb_integer(vb)); break; case MRB_TT_HASH: va = mrb_hash_get(mrb, va, vb); regs[a] = va; break; case MRB_TT_STRING: switch (mrb_type(vb)) { case MRB_TT_INTEGER: case MRB_TT_STRING: case MRB_TT_RANGE: va = mrb_str_aref(mrb, va, vb, mrb_undef_value()); regs[a] = va; break; default: goto getidx_fallback; } break; default: getidx_fallback: mid = MRB_OPSYM(aref); goto L_SEND_SYM; } NEXT; } CASE(OP_SETIDX, B) { c = 2; mid = MRB_OPSYM(aset); SET_NIL_VALUE(regs[a+3]); goto L_SENDB_SYM; } CASE(OP_GETCONST, BB) { mrb_value v = mrb_vm_const_get(mrb, syms[b]); regs[a] = v; NEXT; } CASE(OP_SETCONST, BB) { mrb_vm_const_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETMCNST, BB) { mrb_value v = mrb_const_get(mrb, regs[a], syms[b]); regs[a] = v; NEXT; } CASE(OP_SETMCNST, BB) { mrb_const_set(mrb, regs[a+1], syms[b], regs[a]); NEXT; } CASE(OP_GETUPVAR, BBB) { mrb_value *regs_a = regs + a; struct REnv *e = uvenv(mrb, c); if (e && b < MRB_ENV_LEN(e)) { *regs_a = e->stack[b]; } else { *regs_a = mrb_nil_value(); } NEXT; } CASE(OP_SETUPVAR, BBB) { struct REnv *e = uvenv(mrb, c); if (e) { mrb_value *regs_a = regs + a; if (b < MRB_ENV_LEN(e)) { e->stack[b] = *regs_a; mrb_write_barrier(mrb, (struct RBasic*)e); } } NEXT; } CASE(OP_JMP, S) { pc += (int16_t)a; JUMP; } CASE(OP_JMPIF, BS) { if (mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNOT, BS) { if (!mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNIL, BS) { if (mrb_nil_p(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPUW, S) { a = (uint32_t)((pc - irep->iseq) + (int16_t)a); CHECKPOINT_RESTORE(RBREAK_TAG_JUMP) { struct RBreak *brk = (struct RBreak*)mrb->exc; mrb_value target = mrb_break_value_get(brk); mrb_assert(mrb_integer_p(target)); a = (uint32_t)mrb_integer(target); mrb_assert(a >= 0 && a < irep->ilen); } CHECKPOINT_MAIN(RBREAK_TAG_JUMP) { ch = catch_handler_find(mrb, mrb->c->ci, pc, MRB_CATCH_FILTER_ENSURE); if (ch) { if (a < mrb_irep_catch_handler_unpack(ch->begin) || a >= mrb_irep_catch_handler_unpack(ch->end)) { THROW_TAGGED_BREAK(mrb, RBREAK_TAG_JUMP, proc, mrb_fixnum_value(a)); } } } CHECKPOINT_END(RBREAK_TAG_JUMP); mrb->exc = NULL; pc = irep->iseq + a; JUMP; } CASE(OP_EXCEPT, B) { mrb_value exc; if (mrb->exc == NULL) { exc = mrb_nil_value(); } else { switch (mrb->exc->tt) { case MRB_TT_BREAK: case MRB_TT_EXCEPTION: exc = mrb_obj_value(mrb->exc); break; default: mrb_assert(!""bad mrb_type""); exc = mrb_nil_value(); break; } mrb->exc = NULL; } regs[a] = exc; NEXT; } CASE(OP_RESCUE, BB) { mrb_value exc = regs[a]; mrb_value e = regs[b]; struct RClass *ec; switch (mrb_type(e)) { case MRB_TT_CLASS: case MRB_TT_MODULE: break; default: { mrb_value exc; exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""class or module required for rescue clause""); mrb_exc_set(mrb, exc); goto L_RAISE; } } ec = mrb_class_ptr(e); regs[b] = mrb_bool_value(mrb_obj_is_kind_of(mrb, exc, ec)); NEXT; } CASE(OP_RAISEIF, B) { mrb_value exc = regs[a]; if (mrb_break_p(exc)) { mrb->exc = mrb_obj_ptr(exc); goto L_BREAK; } mrb_exc_set(mrb, exc); if (mrb->exc) { goto L_RAISE; } NEXT; } CASE(OP_SSEND, BBB) { regs[a] = regs[0]; insn = OP_SEND; } goto L_SENDB; CASE(OP_SSENDB, BBB) { regs[a] = regs[0]; } goto L_SENDB; CASE(OP_SEND, BBB) goto L_SENDB; L_SEND_SYM: c = 1; SET_NIL_VALUE(regs[a+2]); goto L_SENDB_SYM; CASE(OP_SENDB, BBB) L_SENDB: mid = syms[b]; L_SENDB_SYM: { mrb_callinfo *ci = mrb->c->ci; mrb_method_t m; struct RClass *cls; mrb_value recv, blk; ARGUMENT_NORMALIZE(a, &c, insn); recv = regs[a]; cls = mrb_class(mrb, recv); m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &c, blk, 0); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, c); if (MRB_METHOD_CFUNC_P(m)) { if (MRB_METHOD_PROC_P(m)) { struct RProc *p = MRB_METHOD_PROC(m); mrb_vm_ci_proc_set(ci, p); recv = p->body.func(mrb, recv); } else { if (MRB_METHOD_NOARG_P(m)) { check_method_noarg(mrb, ci); } recv = MRB_METHOD_FUNC(m)(mrb, recv); } mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (p && !MRB_PROC_STRICT_P(p) && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } if (!ci->u.target_class) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return recv; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } ci->stack[0] = recv; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } } JUMP; CASE(OP_CALL, Z) { mrb_callinfo *ci = mrb->c->ci; mrb_value recv = ci->stack[0]; struct RProc *m = mrb_proc_ptr(recv); ci->u.target_class = MRB_PROC_TARGET_CLASS(m); mrb_vm_ci_proc_set(ci, m); if (MRB_PROC_ENV_P(m)) { ci->mid = MRB_PROC_ENV(m)->mid; } if (MRB_PROC_CFUNC_P(m)) { recv = MRB_PROC_CFUNC(m)(mrb, recv); mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = cipop(mrb); pc = ci->pc; ci[1].stack[0] = recv; irep = mrb->c->ci->proc->body.irep; } else { proc = m; irep = m->body.irep; if (!irep) { mrb->c->ci->stack[0] = mrb_nil_value(); a = 0; c = OP_R_NORMAL; goto L_OP_RETURN_BODY; } mrb_int nargs = mrb_ci_bidx(ci)+1; if (nargs < irep->nregs) { mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+nargs, irep->nregs-nargs); } if (MRB_PROC_ENV_P(m)) { regs[0] = MRB_PROC_ENV(m)->stack[0]; } pc = irep->iseq; } pool = irep->pool; syms = irep->syms; JUMP; } CASE(OP_SUPER, BB) { mrb_method_t m; struct RClass *cls; mrb_callinfo *ci = mrb->c->ci; mrb_value recv, blk; const struct RProc *p = ci->proc; mrb_sym mid = ci->mid; struct RClass* target_class = MRB_PROC_TARGET_CLASS(p); if (MRB_PROC_ENV_P(p) && p->e.env->mid && p->e.env->mid != mid) { mid = p->e.env->mid; } if (mid == 0 || !target_class) { mrb_value exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (target_class->flags & MRB_FL_CLASS_IS_PREPENDED) { target_class = mrb_vm_ci_target_class(ci); } else if (target_class->tt == MRB_TT_MODULE) { target_class = mrb_vm_ci_target_class(ci); if (target_class->tt != MRB_TT_ICLASS) { goto super_typeerror; } } recv = regs[0]; if (!mrb_obj_is_kind_of(mrb, recv, target_class)) { super_typeerror: ; mrb_value exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""self has wrong type to call super in this context""); mrb_exc_set(mrb, exc); goto L_RAISE; } ARGUMENT_NORMALIZE(a, &b, OP_SUPER); cls = target_class->super; m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &b, blk, 1); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, b); ci->stack[0] = recv; if (MRB_METHOD_CFUNC_P(m)) { mrb_value v; if (MRB_METHOD_PROC_P(m)) { mrb_vm_ci_proc_set(ci, MRB_METHOD_PROC(m)); } v = MRB_METHOD_CFUNC(m)(mrb, recv); mrb_gc_arena_restore(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; mrb_assert(!mrb_break_p(v)); if (!mrb_vm_ci_target_class(ci)) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return v; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } mrb->c->ci->stack[0] = v; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } JUMP; } CASE(OP_ARGARY, BS) { mrb_int m1 = (b>>11)&0x3f; mrb_int r = (b>>10)&0x1; mrb_int m2 = (b>>5)&0x1f; mrb_int kd = (b>>4)&0x1; mrb_int lv = (b>>0)&0xf; mrb_value *stack; if (mrb->c->ci->mid == 0 || mrb_vm_ci_target_class(mrb->c->ci) == NULL) { mrb_value exc; L_NOSUPER: exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e) goto L_NOSUPER; if (MRB_ENV_LEN(e) <= m1+r+m2+1) goto L_NOSUPER; stack = e->stack + 1; } if (r == 0) { regs[a] = mrb_ary_new_from_values(mrb, m1+m2, stack); } else { mrb_value *pp = NULL; struct RArray *rest; mrb_int len = 0; if (mrb_array_p(stack[m1])) { struct RArray *ary = mrb_ary_ptr(stack[m1]); pp = ARY_PTR(ary); len = ARY_LEN(ary); } regs[a] = mrb_ary_new_capa(mrb, m1+len+m2); rest = mrb_ary_ptr(regs[a]); if (m1 > 0) { stack_copy(ARY_PTR(rest), stack, m1); } if (len > 0) { stack_copy(ARY_PTR(rest)+m1, pp, len); } if (m2 > 0) { stack_copy(ARY_PTR(rest)+m1+len, stack+m1+1, m2); } ARY_SET_LEN(rest, m1+len+m2); } if (kd) { regs[a+1] = stack[m1+r+m2]; regs[a+2] = stack[m1+r+m2+1]; } else { regs[a+1] = stack[m1+r+m2]; } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ENTER, W) { mrb_int m1 = MRB_ASPEC_REQ(a); mrb_int o = MRB_ASPEC_OPT(a); mrb_int r = MRB_ASPEC_REST(a); mrb_int m2 = MRB_ASPEC_POST(a); mrb_int kd = (MRB_ASPEC_KEY(a) > 0 || MRB_ASPEC_KDICT(a))? 1 : 0; mrb_int const len = m1 + o + r + m2; mrb_callinfo *ci = mrb->c->ci; mrb_int argc = ci->n; mrb_value *argv = regs+1; mrb_value * const argv0 = argv; mrb_int const kw_pos = len + kd; mrb_int const blk_pos = kw_pos + 1; mrb_value blk = regs[mrb_ci_bidx(ci)]; mrb_value kdict = mrb_nil_value(); if (ci->nk > 0) { mrb_int kidx = mrb_ci_kidx(ci); kdict = regs[kidx]; if (!mrb_hash_p(kdict) || mrb_hash_size(mrb, kdict) == 0) { kdict = mrb_nil_value(); ci->nk = 0; } } if (!kd && !mrb_nil_p(kdict)) { if (argc < 14) { ci->n++; argc++; } else if (argc == 14) { regs[1] = mrb_ary_new_from_values(mrb, argc+1, ®s[1]); argc = ci->n = 15; } else { mrb_ary_push(mrb, regs[1], regs[2]); } ci->nk = 0; } if (kd && MRB_ASPEC_KEY(a) > 0 && mrb_hash_p(kdict)) { kdict = mrb_hash_dup(mrb, kdict); } if (argc == 15) { struct RArray *ary = mrb_ary_ptr(regs[1]); argv = ARY_PTR(ary); argc = (int)ARY_LEN(ary); mrb_gc_protect(mrb, regs[1]); } if (ci->proc && MRB_PROC_STRICT_P(ci->proc)) { if (argc < m1 + m2 || (r == 0 && argc > len)) { argnum_error(mrb, m1+m2); goto L_RAISE; } } else if (len > 1 && argc == 1 && mrb_array_p(argv[0])) { mrb_gc_protect(mrb, argv[0]); argc = (int)RARRAY_LEN(argv[0]); argv = RARRAY_PTR(argv[0]); } mrb_value rest = mrb_nil_value(); if (argc < len) { mrb_int mlen = m2; if (argc < m1+m2) { mlen = m1 < argc ? argc - m1 : 0; } if (argv0 != argv && argv) { value_move(®s[1], argv, argc-mlen); } if (argc < m1) { stack_clear(®s[argc+1], m1-argc); } if (mlen) { value_move(®s[len-m2+1], &argv[argc-mlen], mlen); } if (mlen < m2) { stack_clear(®s[len-m2+mlen+1], m2-mlen); } if (r) { rest = mrb_ary_new_capa(mrb, 0); regs[m1+o+1] = rest; } if (o > 0 && argc > m1+m2) pc += (argc - m1 - m2)*3; } else { mrb_int rnum = 0; if (argv0 != argv) { value_move(®s[1], argv, m1+o); } if (r) { rnum = argc-m1-o-m2; rest = mrb_ary_new_from_values(mrb, rnum, argv+m1+o); regs[m1+o+1] = rest; } if (m2 > 0 && argc-m2 > m1) { value_move(®s[m1+o+r+1], &argv[m1+o+rnum], m2); } pc += o*3; } regs[blk_pos] = blk; if (kd) { if (mrb_nil_p(kdict)) kdict = mrb_hash_new_capa(mrb, 0); regs[kw_pos] = kdict; } mrb->c->ci->n = len; if (irep->nlocals-blk_pos-1 > 0) { stack_clear(®s[blk_pos+1], irep->nlocals-blk_pos-1); } JUMP; } CASE(OP_KARG, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict, v; if (kidx < 0 || !mrb_hash_p(kdict=regs[kidx]) || !mrb_hash_key_p(mrb, kdict, k)) { mrb_value str = mrb_format(mrb, ""missing keyword: %v"", k); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } v = mrb_hash_get(mrb, kdict, k); regs[a] = v; mrb_hash_delete_key(mrb, kdict, k); NEXT; } CASE(OP_KEY_P, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; mrb_bool key_p = FALSE; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx])) { key_p = mrb_hash_key_p(mrb, kdict, k); } regs[a] = mrb_bool_value(key_p); NEXT; } CASE(OP_KEYEND, Z) { mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx]) && !mrb_hash_empty_p(mrb, kdict)) { mrb_value keys = mrb_hash_keys(mrb, kdict); mrb_value key1 = RARRAY_PTR(keys)[0]; mrb_value str = mrb_format(mrb, ""unknown keyword: %v"", key1); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } NEXT; } CASE(OP_BREAK, B) { c = OP_R_BREAK; goto L_RETURN; } CASE(OP_RETURN_BLK, B) { c = OP_R_RETURN; goto L_RETURN; } CASE(OP_RETURN, B) c = OP_R_NORMAL; L_RETURN: { mrb_callinfo *ci; ci = mrb->c->ci; if (ci->mid) { mrb_value blk = regs[mrb_ci_bidx(ci)]; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p) && ci > mrb->c->cibase && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } } if (mrb->exc) { L_RAISE: ci = mrb->c->ci; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) goto L_FTOP; goto L_CATCH; } while ((ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL)) == NULL) { ci = cipop(mrb); if (ci[1].cci == CINFO_SKIP && prev_jmp) { mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } pc = ci[0].pc; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) { L_FTOP: if (mrb->c == mrb->root_c) { mrb->c->ci->stack = mrb->c->stbase; goto L_STOP; } else { struct mrb_context *c = mrb->c; c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; c->prev = NULL; goto L_RAISE; } } break; } } L_CATCH: if (ch == NULL) goto L_STOP; if (FALSE) { L_CATCH_TAGGED_BREAK: ci = mrb->c->ci; } proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); pc = irep->iseq + mrb_irep_catch_handler_unpack(ch->target); } else { mrb_int acc; mrb_value v; ci = mrb->c->ci; v = regs[a]; mrb_gc_protect(mrb, v); switch (c) { case OP_R_RETURN: if (ci->cci == CINFO_NONE && MRB_PROC_ENV_P(proc) && !MRB_PROC_STRICT_P(proc)) { const struct RProc *dst; mrb_callinfo *cibase; cibase = mrb->c->cibase; dst = top_proc(mrb, proc); if (MRB_PROC_ENV_P(dst)) { struct REnv *e = MRB_PROC_ENV(dst); if (!MRB_ENV_ONSTACK_P(e) || (e->cxt && e->cxt != mrb->c)) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } } while (cibase <= ci && ci->proc != dst) { if (ci->cci > CINFO_NONE) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci--; } if (ci <= cibase) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci = mrb->c->ci; while (cibase <= ci && ci->proc != dst) { CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_BLOCK) { cibase = mrb->c->cibase; dst = top_proc(mrb, proc); } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_BLOCK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_BLOCK, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_BLOCK); ci = cipop(mrb); pc = ci->pc; } proc = ci->proc; mrb->exc = NULL; break; } case OP_R_NORMAL: NORMAL_RETURN: if (ci == mrb->c->cibase) { struct mrb_context *c; c = mrb->c; if (!c->prev) { regs[irep->nlocals] = v; goto CHECKPOINT_LABEL_MAKE(RBREAK_TAG_STOP); } if (!c->vmexec && c->prev->ci == c->prev->cibase) { mrb_value exc = mrb_exc_new_lit(mrb, E_FIBER_ERROR, ""double resume""); mrb_exc_set(mrb, exc); goto L_RAISE; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_TOPLEVEL) { c = mrb->c; } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_TOPLEVEL) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_TOPLEVEL, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_TOPLEVEL); c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; mrb->c->status = MRB_FIBER_RUNNING; c->prev = NULL; if (c->vmexec) { mrb_gc_arena_restore(mrb, ai); c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } ci = mrb->c->ci; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN) { } CHECKPOINT_MAIN(RBREAK_TAG_RETURN) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN); mrb->exc = NULL; break; case OP_R_BREAK: if (MRB_PROC_STRICT_P(proc)) goto NORMAL_RETURN; if (MRB_PROC_ORPHAN_P(proc)) { mrb_value exc; L_BREAK_ERROR: exc = mrb_exc_new_lit(mrb, E_LOCALJUMP_ERROR, ""break from proc-closure""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (!MRB_PROC_ENV_P(proc) || !MRB_ENV_ONSTACK_P(MRB_PROC_ENV(proc))) { goto L_BREAK_ERROR; } else { struct REnv *e = MRB_PROC_ENV(proc); if (e->cxt != mrb->c) { goto L_BREAK_ERROR; } } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK); if (ci == mrb->c->cibase && ci->pc) { struct mrb_context *c = mrb->c; mrb->c = c->prev; c->prev = NULL; ci = mrb->c->ci; } if (ci->cci > CINFO_NONE) { ci = cipop(mrb); mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } if (FALSE) { struct RBreak *brk; L_BREAK: brk = (struct RBreak*)mrb->exc; proc = mrb_break_proc_get(brk); v = mrb_break_value_get(brk); ci = mrb->c->ci; switch (mrb_break_tag_get(brk)) { #define DISPATCH_CHECKPOINTS(n, i) case n: goto CHECKPOINT_LABEL_MAKE(n); RBREAK_TAG_FOREACH(DISPATCH_CHECKPOINTS) #undef DISPATCH_CHECKPOINTS default: mrb_assert(!""wrong break tag""); } } while (mrb->c->cibase < ci && ci[-1].proc != proc->upper) { if (ci[-1].cci == CINFO_SKIP) { goto L_BREAK_ERROR; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_UPPER) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_UPPER) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_UPPER, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_UPPER); ci = cipop(mrb); pc = ci->pc; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_INTARGET) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_INTARGET) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_INTARGET, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_INTARGET); if (ci == mrb->c->cibase) { goto L_BREAK_ERROR; } mrb->exc = NULL; break; default: break; } mrb_assert(ci == mrb->c->ci); mrb_assert(mrb->exc == NULL); if (mrb->c->vmexec && !mrb_vm_ci_target_class(ci)) { mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } acc = ci->cci; ci = cipop(mrb); if (acc == CINFO_SKIP || acc == CINFO_DIRECT) { mrb_gc_arena_restore(mrb, ai); mrb->jmp = prev_jmp; return v; } pc = ci->pc; DEBUG(fprintf(stderr, ""from :%s\n"", mrb_sym_name(mrb, ci->mid))); proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; ci[1].stack[0] = v; mrb_gc_arena_restore(mrb, ai); } JUMP; } CASE(OP_BLKPUSH, BS) { int m1 = (b>>11)&0x3f; int r = (b>>10)&0x1; int m2 = (b>>5)&0x1f; int kd = (b>>4)&0x1; int lv = (b>>0)&0xf; mrb_value *stack; if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e || (!MRB_ENV_ONSTACK_P(e) && e->mid == 0) || MRB_ENV_LEN(e) <= m1+r+m2+1) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } stack = e->stack + 1; } if (mrb_nil_p(stack[m1+r+m2+kd])) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } regs[a] = stack[m1+r+m2+kd]; NEXT; } L_INT_OVERFLOW: { mrb_value exc = mrb_exc_new_lit(mrb, E_RANGE_ERROR, ""integer overflow""); mrb_exc_set(mrb, exc); } goto L_RAISE; #define TYPES2(a,b) ((((uint16_t)(a))<<8)|(((uint16_t)(b))&0xff)) #define OP_MATH(op_name) \ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { \ OP_MATH_CASE_INTEGER(op_name); \ OP_MATH_CASE_FLOAT(op_name, integer, float); \ OP_MATH_CASE_FLOAT(op_name, float, integer); \ OP_MATH_CASE_FLOAT(op_name, float, float); \ OP_MATH_CASE_STRING_##op_name(); \ default: \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATH_CASE_INTEGER(op_name) \ case TYPES2(MRB_TT_INTEGER, MRB_TT_INTEGER): \ { \ mrb_int x = mrb_integer(regs[a]), y = mrb_integer(regs[a+1]), z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATH_CASE_FLOAT(op_name, t1, t2) (void)0 #else #define OP_MATH_CASE_FLOAT(op_name, t1, t2) \ case TYPES2(OP_MATH_TT_##t1, OP_MATH_TT_##t2): \ { \ mrb_float z = mrb_##t1(regs[a]) OP_MATH_OP_##op_name mrb_##t2(regs[a+1]); \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif #define OP_MATH_OVERFLOW_INT() goto L_INT_OVERFLOW #define OP_MATH_CASE_STRING_add() \ case TYPES2(MRB_TT_STRING, MRB_TT_STRING): \ regs[a] = mrb_str_plus(mrb, regs[a], regs[a+1]); \ mrb_gc_arena_restore(mrb, ai); \ break #define OP_MATH_CASE_STRING_sub() (void)0 #define OP_MATH_CASE_STRING_mul() (void)0 #define OP_MATH_OP_add + #define OP_MATH_OP_sub - #define OP_MATH_OP_mul * #define OP_MATH_TT_integer MRB_TT_INTEGER #define OP_MATH_TT_float MRB_TT_FLOAT CASE(OP_ADD, B) { OP_MATH(add); } CASE(OP_SUB, B) { OP_MATH(sub); } CASE(OP_MUL, B) { OP_MATH(mul); } CASE(OP_DIV, B) { #ifndef MRB_NO_FLOAT mrb_float x, y, f; #endif switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER): { mrb_int x = mrb_integer(regs[a]); mrb_int y = mrb_integer(regs[a+1]); mrb_int div = mrb_div_int(mrb, x, y); SET_INT_VALUE(mrb, regs[a], div); } NEXT; #ifndef MRB_NO_FLOAT case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT): x = (mrb_float)mrb_integer(regs[a]); y = mrb_float(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER): x = mrb_float(regs[a]); y = (mrb_float)mrb_integer(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): x = mrb_float(regs[a]); y = mrb_float(regs[a+1]); break; #endif default: mid = MRB_OPSYM(div); goto L_SEND_SYM; } #ifndef MRB_NO_FLOAT f = mrb_div_float(x, y); SET_FLOAT_VALUE(mrb, regs[a], f); #endif NEXT; } #define OP_MATHI(op_name) \ \ switch (mrb_type(regs[a])) { \ OP_MATHI_CASE_INTEGER(op_name); \ OP_MATHI_CASE_FLOAT(op_name); \ default: \ SET_INT_VALUE(mrb,regs[a+1], b); \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATHI_CASE_INTEGER(op_name) \ case MRB_TT_INTEGER: \ { \ mrb_int x = mrb_integer(regs[a]), y = (mrb_int)b, z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATHI_CASE_FLOAT(op_name) (void)0 #else #define OP_MATHI_CASE_FLOAT(op_name) \ case MRB_TT_FLOAT: \ { \ mrb_float z = mrb_float(regs[a]) OP_MATH_OP_##op_name b; \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif CASE(OP_ADDI, BB) { OP_MATHI(add); } CASE(OP_SUBI, BB) { OP_MATHI(sub); } #define OP_CMP_BODY(op,v1,v2) (v1(regs[a]) op v2(regs[a+1])) #ifdef MRB_NO_FLOAT #define OP_CMP(op,sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #else #define OP_CMP(op, sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_float);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_float,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_float,mrb_float);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #endif CASE(OP_EQ, B) { if (mrb_obj_eq(mrb, regs[a], regs[a+1])) { SET_TRUE_VALUE(regs[a]); } else { OP_CMP(==,eq); } NEXT; } CASE(OP_LT, B) { OP_CMP(<,lt); NEXT; } CASE(OP_LE, B) { OP_CMP(<=,le); NEXT; } CASE(OP_GT, B) { OP_CMP(>,gt); NEXT; } CASE(OP_GE, B) { OP_CMP(>=,ge); NEXT; } CASE(OP_ARRAY, BB) { regs[a] = mrb_ary_new_from_values(mrb, b, ®s[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARRAY2, BBB) { regs[a] = mrb_ary_new_from_values(mrb, c, ®s[b]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYCAT, B) { mrb_value splat = mrb_ary_splat(mrb, regs[a+1]); if (mrb_nil_p(regs[a])) { regs[a] = splat; } else { mrb_assert(mrb_array_p(regs[a])); mrb_ary_concat(mrb, regs[a], splat); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYPUSH, BB) { mrb_assert(mrb_array_p(regs[a])); for (mrb_int i=0; i pre + post) { v = mrb_ary_new_from_values(mrb, len - pre - post, ARY_PTR(ary)+pre); regs[a++] = v; while (post--) { regs[a++] = ARY_PTR(ary)[len-post-1]; } } else { v = mrb_ary_new_capa(mrb, 0); regs[a++] = v; for (idx=0; idx+pre> 2; if (pool[b].tt & IREP_TT_SFLAG) { sym = mrb_intern_static(mrb, pool[b].u.str, len); } else { sym = mrb_intern(mrb, pool[b].u.str, len); } regs[a] = mrb_symbol_value(sym); NEXT; } CASE(OP_STRING, BB) { mrb_int len; mrb_assert((pool[b].tt&IREP_TT_NFLAG)==0); len = pool[b].tt >> 2; if (pool[b].tt & IREP_TT_SFLAG) { regs[a] = mrb_str_new_static(mrb, pool[b].u.str, len); } else { regs[a] = mrb_str_new(mrb, pool[b].u.str, len); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_STRCAT, B) { mrb_assert(mrb_string_p(regs[a])); mrb_str_concat(mrb, regs[a], regs[a+1]); NEXT; } CASE(OP_HASH, BB) { mrb_value hash = mrb_hash_new_capa(mrb, b); int i; int lim = a+b*2; for (i=a; ireps[b]; if (c & OP_L_CAPTURE) { p = mrb_closure_new(mrb, nirep); } else { p = mrb_proc_new(mrb, nirep); p->flags |= MRB_PROC_SCOPE; } if (c & OP_L_STRICT) p->flags |= MRB_PROC_STRICT; regs[a] = mrb_obj_value(p); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_BLOCK, BB) { c = OP_L_BLOCK; goto L_MAKE_LAMBDA; } CASE(OP_METHOD, BB) { c = OP_L_METHOD; goto L_MAKE_LAMBDA; } CASE(OP_RANGE_INC, B) { mrb_value v = mrb_range_new(mrb, regs[a], regs[a+1], FALSE); regs[a] = v; mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_RANGE_EXC, B) { mrb_value v = mrb_range_new(mrb, regs[a], regs[a+1], TRUE); regs[a] = v; mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_OCLASS, B) { regs[a] = mrb_obj_value(mrb->object_class); NEXT; } CASE(OP_CLASS, BB) { struct RClass *c = 0, *baseclass; mrb_value base, super; mrb_sym id = syms[b]; base = regs[a]; super = regs[a+1]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } c = mrb_vm_define_class(mrb, base, super, id); regs[a] = mrb_obj_value(c); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_MODULE, BB) { struct RClass *cls = 0, *baseclass; mrb_value base; mrb_sym id = syms[b]; base = regs[a]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } cls = mrb_vm_define_module(mrb, base, id); regs[a] = mrb_obj_value(cls); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_EXEC, BB) { mrb_value recv = regs[a]; struct RProc *p; const mrb_irep *nirep = irep->reps[b]; p = mrb_proc_new(mrb, nirep); p->c = NULL; mrb_field_write_barrier(mrb, (struct RBasic*)p, (struct RBasic*)proc); MRB_PROC_SET_TARGET_CLASS(p, mrb_class_ptr(recv)); p->flags |= MRB_PROC_SCOPE; cipush(mrb, a, 0, mrb_class_ptr(recv), p, 0, 0); irep = p->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+1, irep->nregs-1); pc = irep->iseq; JUMP; } CASE(OP_DEF, BB) { struct RClass *target = mrb_class_ptr(regs[a]); struct RProc *p = mrb_proc_ptr(regs[a+1]); mrb_method_t m; mrb_sym mid = syms[b]; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, target, mid, m); mrb_method_added(mrb, target, mid); mrb_gc_arena_restore(mrb, ai); regs[a] = mrb_symbol_value(mid); NEXT; } CASE(OP_SCLASS, B) { regs[a] = mrb_singleton_class(mrb, regs[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_TCLASS, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; regs[a] = mrb_obj_value(target); NEXT; } CASE(OP_ALIAS, BB) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_alias_method(mrb, target, syms[a], syms[b]); mrb_method_added(mrb, target, syms[a]); NEXT; } CASE(OP_UNDEF, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_undef_method_id(mrb, target, syms[a]); NEXT; } CASE(OP_DEBUG, Z) { FETCH_BBB(); #ifdef MRB_USE_DEBUG_HOOK mrb->debug_op_hook(mrb, irep, pc, regs); #else #ifndef MRB_NO_STDIO printf(""OP_DEBUG %d %d %d\n"", a, b, c); #else abort(); #endif #endif NEXT; } CASE(OP_ERR, B) { size_t len = pool[a].tt >> 2; mrb_value exc; mrb_assert((pool[a].tt&IREP_TT_NFLAG)==0); exc = mrb_exc_new(mrb, E_LOCALJUMP_ERROR, pool[a].u.str, len); mrb_exc_set(mrb, exc); goto L_RAISE; } CASE(OP_EXT1, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _1(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT2, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _2(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT3, Z) { uint8_t insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _3(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_STOP, Z) { CHECKPOINT_RESTORE(RBREAK_TAG_STOP) { } CHECKPOINT_MAIN(RBREAK_TAG_STOP) { UNWIND_ENSURE(mrb, mrb->c->ci, pc, RBREAK_TAG_STOP, proc, mrb_nil_value()); } CHECKPOINT_END(RBREAK_TAG_STOP); L_STOP: mrb->jmp = prev_jmp; if (mrb->exc) { mrb_assert(mrb->exc->tt == MRB_TT_EXCEPTION); return mrb_obj_value(mrb->exc); } return regs[irep->nlocals]; } } END_DISPATCH; #undef regs } MRB_CATCH(&c_jmp) { mrb_callinfo *ci = mrb->c->ci; while (ci > mrb->c->cibase && ci->cci == CINFO_DIRECT) { ci = cipop(mrb); } exc_catched = TRUE; pc = ci->pc; goto RETRY_TRY_BLOCK; } MRB_END_EXC(&c_jmp); }",visit repo url,src/vm.c,https://github.com/mruby/mruby,55719812951385,1 2181,['CWE-193'],"static struct page *__read_cache_page(struct address_space *mapping, pgoff_t index, int (*filler)(void *,struct page*), void *data) { struct page *page; int err; repeat: page = find_get_page(mapping, index); if (!page) { page = page_cache_alloc_cold(mapping); if (!page) return ERR_PTR(-ENOMEM); err = add_to_page_cache_lru(page, mapping, index, GFP_KERNEL); if (unlikely(err)) { page_cache_release(page); if (err == -EEXIST) goto repeat; return ERR_PTR(err); } err = filler(data, page); if (err < 0) { page_cache_release(page); page = ERR_PTR(err); } } return page; }",linux-2.6,,,90678971551690852471552636261781449086,0 6204,CWE-190,"void fp8_exp_cyc(fp8_t c, const fp8_t a, const bn_t b) { fp8_t r, s, t[1 << (FP_WIDTH - 2)]; int i, l; int8_t naf[RLC_FP_BITS + 1], *k; if (bn_is_zero(b)) { return fp8_set_dig(c, 1); } fp8_null(r); fp8_null(s); RLC_TRY { fp8_new(r); fp8_new(s); for (i = 0; i < (1 << (FP_WIDTH - 2)); i ++) { fp8_null(t[i]); fp8_new(t[i]); } #if FP_WIDTH > 2 fp8_sqr_cyc(t[0], a); fp8_mul(t[1], t[0], a); for (int i = 2; i < (1 << (FP_WIDTH - 2)); i++) { fp8_mul(t[i], t[i - 1], t[0]); } #endif fp8_copy(t[0], a); l = RLC_FP_BITS + 1; fp8_set_dig(r, 1); bn_rec_naf(naf, &l, b, FP_WIDTH); k = naf + l - 1; for (i = l - 1; i >= 0; i--, k--) { fp8_sqr_cyc(r, r); if (*k > 0) { fp8_mul(r, r, t[*k / 2]); } if (*k < 0) { fp8_inv_cyc(s, t[-*k / 2]); fp8_mul(r, r, s); } } if (bn_sign(b) == RLC_NEG) { fp8_inv_cyc(c, r); } else { fp8_copy(c, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { fp8_free(r); fp8_free(s); for (i = 0; i < (1 << (FP_WIDTH - 2)); i++) { fp8_free(t[i]); } } }",visit repo url,src/fpx/relic_fpx_cyc.c,https://github.com/relic-toolkit/relic,140916315640133,1 2896,['CWE-189'],"jas_stream_t *jpc_streamlist_get(jpc_streamlist_t *streamlist, int streamno) { assert(streamno < streamlist->numstreams); return streamlist->streams[streamno]; }",jasper,,,177129748396504158702841806095156648874,0 438,[],"pfm_buf_fmt_validate(pfm_buffer_fmt_t *fmt, struct task_struct *task, unsigned int flags, int cpu, void *arg) { int ret = 0; if (fmt->fmt_validate) ret = (*fmt->fmt_validate)(task, flags, cpu, arg); return ret; }",linux-2.6,,,229059856969290094437289829913326860710,0 3076,['CWE-189'],"static void jp2_pclr_dumpdata(jp2_box_t *box, FILE *out) { jp2_pclr_t *pclr = &box->data.pclr; unsigned int i; int j; fprintf(out, ""numents=%d; numchans=%d\n"", (int) pclr->numlutents, (int) pclr->numchans); for (i = 0; i < pclr->numlutents; ++i) { for (j = 0; j < pclr->numchans; ++j) { fprintf(out, ""LUT[%d][%d]=%d\n"", i, j, pclr->lutdata[i * pclr->numchans + j]); } } }",jasper,,,201180091577853640922438930771352644143,0 1061,CWE-189,"static void sgi_timer_get(struct k_itimer *timr, struct itimerspec *cur_setting) { if (timr->it.mmtimer.clock == TIMER_OFF) { cur_setting->it_interval.tv_nsec = 0; cur_setting->it_interval.tv_sec = 0; cur_setting->it_value.tv_nsec = 0; cur_setting->it_value.tv_sec =0; return; } ns_to_timespec(cur_setting->it_interval, timr->it.mmtimer.incr * sgi_clock_period); ns_to_timespec(cur_setting->it_value, (timr->it.mmtimer.expires - rtc_time())* sgi_clock_period); return; }",visit repo url,drivers/char/mmtimer.c,https://github.com/torvalds/linux,217240320165032,1 6128,CWE-190,"void ep_map_dst(ep_t p, const uint8_t *msg, int len, const uint8_t *dst, int dst_len) { const int len_per_elm = (FP_PRIME + ep_param_level() + 7) / 8; uint8_t *pseudo_random_bytes = RLC_ALLOCA(uint8_t, 2 * len_per_elm); RLC_TRY { md_xmd(pseudo_random_bytes, 2 * len_per_elm, msg, len, dst, dst_len); ep_map_from_field(p, pseudo_random_bytes, 2 * len_per_elm); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { RLC_FREE(pseudo_random_bytes); } }",visit repo url,src/ep/relic_ep_map.c,https://github.com/relic-toolkit/relic,215004315450260,1 2864,CWE-787,"horizontalDifference16(unsigned short *ip, int n, int stride, unsigned short *wp, uint16 *From14) { register int r1, g1, b1, a1, r2, g2, b2, a2, mask; #undef CLAMP #define CLAMP(v) From14[(v) >> 2] mask = CODE_MASK; if (n >= stride) { if (stride == 3) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); n -= 3; while (n > 0) { n -= 3; wp += 3; ip += 3; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; } } else if (stride == 4) { r2 = wp[0] = CLAMP(ip[0]); g2 = wp[1] = CLAMP(ip[1]); b2 = wp[2] = CLAMP(ip[2]); a2 = wp[3] = CLAMP(ip[3]); n -= 4; while (n > 0) { n -= 4; wp += 4; ip += 4; r1 = CLAMP(ip[0]); wp[0] = (uint16)((r1-r2) & mask); r2 = r1; g1 = CLAMP(ip[1]); wp[1] = (uint16)((g1-g2) & mask); g2 = g1; b1 = CLAMP(ip[2]); wp[2] = (uint16)((b1-b2) & mask); b2 = b1; a1 = CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1; } } else { ip += n - 1; wp += n - 1; n -= stride; while (n > 0) { REPEAT(stride, wp[0] = CLAMP(ip[0]); wp[stride] -= wp[0]; wp[stride] &= mask; wp--; ip--) n -= stride; } REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--) } } }",visit repo url,libtiff/tif_pixarlog.c,https://github.com/vadz/libtiff,33444542816717,1 68,CWE-772,"create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) { static generic_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } prime_arg = arg->rec.policy; if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD, NULL, NULL)) { ret.code = KADM5_AUTH_ADD; log_unauth(""kadm5_create_policy"", prime_arg, &client_name, &service_name, rqstp); } else { ret.code = kadm5_create_policy((void *)handle, &arg->rec, arg->mask); if( ret.code != 0 ) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_create_policy"", ((prime_arg == NULL) ? ""(null)"" : prime_arg), errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,117667453659749,1 4000,['CWE-362'],"static inline void get_tree(struct audit_tree *tree) { atomic_inc(&tree->count); }",linux-2.6,,,52088273297063704100933550997815509051,0 5326,['CWE-119'],"static int tun_chr_fasync(int fd, struct file *file, int on) { struct tun_struct *tun = tun_get(file); int ret; if (!tun) return -EBADFD; DBG(KERN_INFO ""%s: tun_chr_fasync %d\n"", tun->dev->name, on); lock_kernel(); if ((ret = fasync_helper(fd, file, on, &tun->fasync)) < 0) goto out; if (on) { ret = __f_setown(file, task_pid(current), PIDTYPE_PID, 0); if (ret) goto out; tun->flags |= TUN_FASYNC; } else tun->flags &= ~TUN_FASYNC; ret = 0; out: unlock_kernel(); tun_put(tun); return ret; }",linux-2.6,,,292166686596583729903873710849665070294,0 5891,CWE-191,"search_impl(i_ctx_t *i_ctx_p, bool forward) { os_ptr op = osp; os_ptr op1 = op - 1; uint size = r_size(op); uint count; byte *pat; byte *ptr; byte ch; int incr = forward ? 1 : -1; check_read_type(*op1, t_string); check_read_type(*op, t_string); if (size > r_size(op1)) { make_false(op); return 0; } count = r_size(op1) - size; ptr = op1->value.bytes; if (size == 0) goto found; if (!forward) ptr += count; pat = op->value.bytes; ch = pat[0]; do { if (*ptr == ch && (size == 1 || !memcmp(ptr, pat, size))) goto found; ptr += incr; } while (count--); make_false(op); return 0; found: op->tas.type_attrs = op1->tas.type_attrs; op->value.bytes = ptr; r_set_size(op, size); push(2); op[-1] = *op1; r_set_size(op - 1, ptr - op[-1].value.bytes); op1->value.bytes = ptr + size; r_set_size(op1, count + (!forward ? (size - 1) : 0)); make_true(op); return 0; }",visit repo url,psi/zstring.c,https://github.com/ArtifexSoftware/ghostpdl,122497952576071,1 5417,CWE-776,"processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) { const char *textStart, *textEnd; const char *next; enum XML_Error result; OPEN_INTERNAL_ENTITY *openEntity; if (parser->m_freeInternalEntities) { openEntity = parser->m_freeInternalEntities; parser->m_freeInternalEntities = openEntity->next; } else { openEntity = (OPEN_INTERNAL_ENTITY *)MALLOC(parser, sizeof(OPEN_INTERNAL_ENTITY)); if (! openEntity) return XML_ERROR_NO_MEMORY; } entity->open = XML_TRUE; entity->processed = 0; openEntity->next = parser->m_openInternalEntities; parser->m_openInternalEntities = openEntity; openEntity->entity = entity; openEntity->startTagLevel = parser->m_tagLevel; openEntity->betweenDecl = betweenDecl; openEntity->internalEventPtr = NULL; openEntity->internalEventEndPtr = NULL; textStart = (char *)entity->textPtr; textEnd = (char *)(entity->textPtr + entity->textLen); next = textStart; #ifdef XML_DTD if (entity->is_param) { int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next); result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok, next, &next, XML_FALSE); } else #endif result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding, textStart, textEnd, &next, XML_FALSE); if (result == XML_ERROR_NONE) { if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) { entity->processed = (int)(next - textStart); parser->m_processor = internalEntityProcessor; } else { entity->open = XML_FALSE; parser->m_openInternalEntities = openEntity->next; openEntity->next = parser->m_freeInternalEntities; parser->m_freeInternalEntities = openEntity; } } return result; }",visit repo url,expat/lib/xmlparse.c,https://github.com/libexpat/libexpat,126618658631430,1 1535,[],"static void migrate_dead_tasks(unsigned int dead_cpu) { struct rq *rq = cpu_rq(dead_cpu); struct task_struct *next; for ( ; ; ) { if (!rq->nr_running) break; update_rq_clock(rq); next = pick_next_task(rq, rq->curr); if (!next) break; migrate_dead(dead_cpu, next); } }",linux-2.6,,,278349715160411900001754381982490035207,0 1196,CWE-400,"int handle_popc(u32 insn, struct pt_regs *regs) { u64 value; int ret, i, rd = ((insn >> 25) & 0x1f); int from_kernel = (regs->tstate & TSTATE_PRIV) != 0; perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); if (insn & 0x2000) { maybe_flush_windows(0, 0, rd, from_kernel); value = sign_extend_imm13(insn); } else { maybe_flush_windows(0, insn & 0x1f, rd, from_kernel); value = fetch_reg(insn & 0x1f, regs); } for (ret = 0, i = 0; i < 16; i++) { ret += popc_helper[value & 0xf]; value >>= 4; } if (rd < 16) { if (rd) regs->u_regs[rd] = ret; } else { if (test_thread_flag(TIF_32BIT)) { struct reg_window32 __user *win32; win32 = (struct reg_window32 __user *)((unsigned long)((u32)regs->u_regs[UREG_FP])); put_user(ret, &win32->locals[rd - 16]); } else { struct reg_window __user *win; win = (struct reg_window __user *)(regs->u_regs[UREG_FP] + STACK_BIAS); put_user(ret, &win->locals[rd - 16]); } } advance(regs); return 1; }",visit repo url,arch/sparc/kernel/unaligned_64.c,https://github.com/torvalds/linux,113211405162173,1 3498,['CWE-20'],"static int sctp_process_inv_paramlength(const struct sctp_association *asoc, struct sctp_paramhdr *param, const struct sctp_chunk *chunk, struct sctp_chunk **errp) { if (*errp) sctp_chunk_free(*errp); *errp = sctp_make_violation_paramlen(asoc, chunk, param); return 0; }",linux-2.6,,,14702477335649120638605447219066425611,0 326,NVD-CWE-noinfo,"int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func) { irda_queue_t* queue; unsigned long flags = 0; int i; IRDA_ASSERT(hashbin != NULL, return -1;); IRDA_ASSERT(hashbin->magic == HB_MAGIC, return -1;); if ( hashbin->hb_type & HB_LOCK ) { spin_lock_irqsave_nested(&hashbin->hb_spinlock, flags, hashbin_lock_depth++); } for (i = 0; i < HASHBIN_SIZE; i ++ ) { queue = dequeue_first((irda_queue_t**) &hashbin->hb_queue[i]); while (queue ) { if (free_func) (*free_func)(queue); queue = dequeue_first( (irda_queue_t**) &hashbin->hb_queue[i]); } } hashbin->hb_current = NULL; hashbin->magic = ~HB_MAGIC; if ( hashbin->hb_type & HB_LOCK) { spin_unlock_irqrestore(&hashbin->hb_spinlock, flags); #ifdef CONFIG_LOCKDEP hashbin_lock_depth--; #endif } kfree(hashbin); return 0; }",visit repo url,net/irda/irqueue.c,https://github.com/torvalds/linux,210400434265888,1 889,CWE-20,"vsock_stream_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk; struct vsock_sock *vsk; int err; size_t target; ssize_t copied; long timeout; struct vsock_transport_recv_notify_data recv_data; DEFINE_WAIT(wait); sk = sock->sk; vsk = vsock_sk(sk); err = 0; msg->msg_namelen = 0; lock_sock(sk); if (sk->sk_state != SS_CONNECTED) { if (sock_flag(sk, SOCK_DONE)) err = 0; else err = -ENOTCONN; goto out; } if (flags & MSG_OOB) { err = -EOPNOTSUPP; goto out; } if (sk->sk_shutdown & RCV_SHUTDOWN) { err = 0; goto out; } if (!len) { err = 0; goto out; } target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); if (target >= transport->stream_rcvhiwat(vsk)) { err = -ENOMEM; goto out; } timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); copied = 0; err = transport->notify_recv_init(vsk, target, &recv_data); if (err < 0) goto out; prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); while (1) { s64 ready = vsock_stream_has_data(vsk); if (ready < 0) { err = -ENOMEM; goto out_wait; } else if (ready > 0) { ssize_t read; err = transport->notify_recv_pre_dequeue( vsk, target, &recv_data); if (err < 0) break; read = transport->stream_dequeue( vsk, msg->msg_iov, len - copied, flags); if (read < 0) { err = -ENOMEM; break; } copied += read; err = transport->notify_recv_post_dequeue( vsk, target, read, !(flags & MSG_PEEK), &recv_data); if (err < 0) goto out_wait; if (read >= target || flags & MSG_PEEK) break; target -= read; } else { if (sk->sk_err != 0 || (sk->sk_shutdown & RCV_SHUTDOWN) || (vsk->peer_shutdown & SEND_SHUTDOWN)) { break; } if (timeout == 0) { err = -EAGAIN; break; } err = transport->notify_recv_pre_block( vsk, target, &recv_data); if (err < 0) break; release_sock(sk); timeout = schedule_timeout(timeout); lock_sock(sk); if (signal_pending(current)) { err = sock_intr_errno(timeout); break; } else if (timeout == 0) { err = -EAGAIN; break; } prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); } } if (sk->sk_err) err = -sk->sk_err; else if (sk->sk_shutdown & RCV_SHUTDOWN) err = 0; if (copied > 0) { if (!(flags & MSG_PEEK)) { if (vsk->peer_shutdown & SEND_SHUTDOWN) { if (vsock_stream_has_data(vsk) <= 0) { sk->sk_state = SS_UNCONNECTED; sock_set_flag(sk, SOCK_DONE); sk->sk_state_change(sk); } } } err = copied; } out_wait: finish_wait(sk_sleep(sk), &wait); out: release_sock(sk); return err; }",visit repo url,net/vmw_vsock/af_vsock.c,https://github.com/torvalds/linux,94541206747475,1 5132,CWE-125,"ast_for_for_stmt(struct compiling *c, const node *n0, bool is_async) { const node * const n = is_async ? CHILD(n0, 1) : n0; asdl_seq *_target, *seq = NULL, *suite_seq; expr_ty expression; expr_ty target, first; const node *node_target; int end_lineno, end_col_offset; REQ(n, for_stmt); if (NCH(n) == 9) { seq = ast_for_suite(c, CHILD(n, 8)); if (!seq) return NULL; } node_target = CHILD(n, 1); _target = ast_for_exprlist(c, node_target, Store); if (!_target) return NULL; first = (expr_ty)asdl_seq_GET(_target, 0); if (NCH(node_target) == 1) target = first; else target = Tuple(_target, Store, first->lineno, first->col_offset, node_target->n_end_lineno, node_target->n_end_col_offset, c->c_arena); expression = ast_for_testlist(c, CHILD(n, 3)); if (!expression) return NULL; suite_seq = ast_for_suite(c, CHILD(n, 5)); if (!suite_seq) return NULL; if (seq != NULL) { get_last_end_pos(seq, &end_lineno, &end_col_offset); } else { get_last_end_pos(suite_seq, &end_lineno, &end_col_offset); } if (is_async) return AsyncFor(target, expression, suite_seq, seq, LINENO(n0), n0->n_col_offset, end_lineno, end_col_offset, c->c_arena); else return For(target, expression, suite_seq, seq, LINENO(n), n->n_col_offset, end_lineno, end_col_offset, c->c_arena); }",visit repo url,Python/ast.c,https://github.com/python/cpython,152899011327021,1 79,['CWE-787'],"static uint32_t cirrus_linear_bitblt_readw(void *opaque, target_phys_addr_t addr) { uint32_t v; #ifdef TARGET_WORDS_BIGENDIAN v = cirrus_linear_bitblt_readb(opaque, addr) << 8; v |= cirrus_linear_bitblt_readb(opaque, addr + 1); #else v = cirrus_linear_bitblt_readb(opaque, addr); v |= cirrus_linear_bitblt_readb(opaque, addr + 1) << 8; #endif return v; }",qemu,,,261681411323759942101174101638126357100,0 4397,['CWE-264'],"int sock_prot_inuse_get(struct net *net, struct proto *prot) { int cpu, idx = prot->inuse_idx; int res = 0; for_each_possible_cpu(cpu) res += per_cpu(prot_inuse, cpu).val[idx]; return res >= 0 ? res : 0; }",linux-2.6,,,327202393047782914578430212612480915490,0 2451,CWE-119,"static void scsi_write_complete(void * opaque, int ret) { SCSIDiskReq *r = (SCSIDiskReq *)opaque; SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev); uint32_t len; uint32_t n; if (r->req.aiocb != NULL) { r->req.aiocb = NULL; bdrv_acct_done(s->bs, &r->acct); } if (ret) { if (scsi_handle_rw_error(r, -ret, SCSI_REQ_STATUS_RETRY_WRITE)) { return; } } n = r->iov.iov_len / 512; r->sector += n; r->sector_count -= n; if (r->sector_count == 0) { scsi_req_complete(&r->req, GOOD); } else { len = r->sector_count * 512; if (len > SCSI_DMA_BUF_SIZE) { len = SCSI_DMA_BUF_SIZE; } r->iov.iov_len = len; DPRINTF(""Write complete tag=0x%x more=%d\n"", r->req.tag, len); scsi_req_data(&r->req, len); } }",visit repo url,hw/scsi-disk.c,https://github.com/bonzini/qemu,23911740537182,1 182,CWE-415,"static struct rtrs_clt_sess *alloc_clt(const char *sessname, size_t paths_num, u16 port, size_t pdu_sz, void *priv, void (*link_ev)(void *priv, enum rtrs_clt_link_ev ev), unsigned int reconnect_delay_sec, unsigned int max_reconnect_attempts) { struct rtrs_clt_sess *clt; int err; if (!paths_num || paths_num > MAX_PATHS_NUM) return ERR_PTR(-EINVAL); if (strlen(sessname) >= sizeof(clt->sessname)) return ERR_PTR(-EINVAL); clt = kzalloc(sizeof(*clt), GFP_KERNEL); if (!clt) return ERR_PTR(-ENOMEM); clt->pcpu_path = alloc_percpu(typeof(*clt->pcpu_path)); if (!clt->pcpu_path) { kfree(clt); return ERR_PTR(-ENOMEM); } uuid_gen(&clt->paths_uuid); INIT_LIST_HEAD_RCU(&clt->paths_list); clt->paths_num = paths_num; clt->paths_up = MAX_PATHS_NUM; clt->port = port; clt->pdu_sz = pdu_sz; clt->max_segments = RTRS_MAX_SEGMENTS; clt->reconnect_delay_sec = reconnect_delay_sec; clt->max_reconnect_attempts = max_reconnect_attempts; clt->priv = priv; clt->link_ev = link_ev; clt->mp_policy = MP_POLICY_MIN_INFLIGHT; strscpy(clt->sessname, sessname, sizeof(clt->sessname)); init_waitqueue_head(&clt->permits_wait); mutex_init(&clt->paths_ev_mutex); mutex_init(&clt->paths_mutex); clt->dev.class = rtrs_clt_dev_class; clt->dev.release = rtrs_clt_dev_release; err = dev_set_name(&clt->dev, ""%s"", sessname); if (err) goto err; dev_set_uevent_suppress(&clt->dev, true); err = device_register(&clt->dev); if (err) { put_device(&clt->dev); goto err; } clt->kobj_paths = kobject_create_and_add(""paths"", &clt->dev.kobj); if (!clt->kobj_paths) { err = -ENOMEM; goto err_dev; } err = rtrs_clt_create_sysfs_root_files(clt); if (err) { kobject_del(clt->kobj_paths); kobject_put(clt->kobj_paths); goto err_dev; } dev_set_uevent_suppress(&clt->dev, false); kobject_uevent(&clt->dev.kobj, KOBJ_ADD); return clt; err_dev: device_unregister(&clt->dev); err: free_percpu(clt->pcpu_path); kfree(clt); return ERR_PTR(err); }",visit repo url,drivers/infiniband/ulp/rtrs/rtrs-clt.c,https://github.com/torvalds/linux,33257697764820,1 5695,CWE-125,"bgp_capability_mp (struct peer *peer, struct capability *cap) { if (ntohs (cap->mpc.afi) == AFI_IP) { if (cap->mpc.safi == SAFI_UNICAST) { peer->afc_recv[AFI_IP][SAFI_UNICAST] = 1; if (peer->afc[AFI_IP][SAFI_UNICAST]) peer->afc_nego[AFI_IP][SAFI_UNICAST] = 1; else return -1; } else if (cap->mpc.safi == SAFI_MULTICAST) { peer->afc_recv[AFI_IP][SAFI_MULTICAST] = 1; if (peer->afc[AFI_IP][SAFI_MULTICAST]) peer->afc_nego[AFI_IP][SAFI_MULTICAST] = 1; else return -1; } else if (cap->mpc.safi == BGP_SAFI_VPNV4) { peer->afc_recv[AFI_IP][SAFI_MPLS_VPN] = 1; if (peer->afc[AFI_IP][SAFI_MPLS_VPN]) peer->afc_nego[AFI_IP][SAFI_MPLS_VPN] = 1; else return -1; } else return -1; } #ifdef HAVE_IPV6 else if (ntohs (cap->mpc.afi) == AFI_IP6) { if (cap->mpc.safi == SAFI_UNICAST) { peer->afc_recv[AFI_IP6][SAFI_UNICAST] = 1; if (peer->afc[AFI_IP6][SAFI_UNICAST]) peer->afc_nego[AFI_IP6][SAFI_UNICAST] = 1; else return -1; } else if (cap->mpc.safi == SAFI_MULTICAST) { peer->afc_recv[AFI_IP6][SAFI_MULTICAST] = 1; if (peer->afc[AFI_IP6][SAFI_MULTICAST]) peer->afc_nego[AFI_IP6][SAFI_MULTICAST] = 1; else return -1; } else return -1; } #endif else { return -1; } return 0; }",visit repo url,bgpd/bgp_open.c,https://github.com/FRRouting/frr,214856415822104,1 1088,['CWE-399'],"static void do_signal(struct pt_regs *regs) { siginfo_t info; int signr; struct k_sigaction ka; sigset_t *oldset; if (!user_mode(regs)) return; if (test_thread_flag(TIF_RESTORE_SIGMASK)) oldset = ¤t->saved_sigmask; else oldset = ¤t->blocked; signr = get_signal_to_deliver(&info, &ka, regs, NULL); if (signr > 0) { if (unlikely(current->thread.debugreg7)) set_debugreg(current->thread.debugreg7, 7); if (handle_signal(signr, &info, &ka, oldset, regs) == 0) { if (test_thread_flag(TIF_RESTORE_SIGMASK)) clear_thread_flag(TIF_RESTORE_SIGMASK); } return; } if (regs->orig_ax >= 0) { switch (regs->ax) { case -ERESTARTNOHAND: case -ERESTARTSYS: case -ERESTARTNOINTR: regs->ax = regs->orig_ax; regs->ip -= 2; break; case -ERESTART_RESTARTBLOCK: regs->ax = __NR_restart_syscall; regs->ip -= 2; break; } } if (test_thread_flag(TIF_RESTORE_SIGMASK)) { clear_thread_flag(TIF_RESTORE_SIGMASK); sigprocmask(SIG_SETMASK, ¤t->saved_sigmask, NULL); } }",linux-2.6,,,150168813104791779216395561806627206797,0 5757,['CWE-200'],"unsigned int rose_new_lci(struct rose_neigh *neigh) { int lci; if (neigh->dce_mode) { for (lci = 1; lci <= sysctl_rose_maximum_vcs; lci++) if (rose_find_socket(lci, neigh) == NULL && rose_route_free_lci(lci, neigh) == NULL) return lci; } else { for (lci = sysctl_rose_maximum_vcs; lci > 0; lci--) if (rose_find_socket(lci, neigh) == NULL && rose_route_free_lci(lci, neigh) == NULL) return lci; } return 0; }",linux-2.6,,,253651602403179105704576571069441259973,0 3383,['CWE-264'],"static int vfs_statfs64(struct dentry *dentry, struct statfs64 *buf) { struct kstatfs st; int retval; retval = vfs_statfs(dentry, &st); if (retval) return retval; if (sizeof(*buf) == sizeof(st)) memcpy(buf, &st, sizeof(st)); else { buf->f_type = st.f_type; buf->f_bsize = st.f_bsize; buf->f_blocks = st.f_blocks; buf->f_bfree = st.f_bfree; buf->f_bavail = st.f_bavail; buf->f_files = st.f_files; buf->f_ffree = st.f_ffree; buf->f_fsid = st.f_fsid; buf->f_namelen = st.f_namelen; buf->f_frsize = st.f_frsize; memset(buf->f_spare, 0, sizeof(buf->f_spare)); } return 0; }",linux-2.6,,,299487404991698412533818468780842895517,0 2482,CWE-189,"void* chk_malloc(size_t bytes) { char* buffer = (char*)dlmalloc(bytes + CHK_OVERHEAD_SIZE); if (buffer) { memset(buffer, CHK_SENTINEL_VALUE, bytes + CHK_OVERHEAD_SIZE); size_t offset = dlmalloc_usable_size(buffer) - sizeof(size_t); *(size_t *)(buffer + offset) = bytes; buffer += CHK_SENTINEL_HEAD_SIZE; } return buffer; }",visit repo url,libc/bionic/malloc_debug_leak.c,https://github.com/android/platform_bionic,130874127038030,1 2170,['CWE-400'],"static int shmem_notify_change(struct dentry *dentry, struct iattr *attr) { struct inode *inode = dentry->d_inode; struct page *page = NULL; int error; if (S_ISREG(inode->i_mode) && (attr->ia_valid & ATTR_SIZE)) { if (attr->ia_size < inode->i_size) { if (attr->ia_size & (PAGE_CACHE_SIZE-1)) { (void) shmem_getpage(inode, attr->ia_size>>PAGE_CACHE_SHIFT, &page, SGP_READ, NULL); if (page) unlock_page(page); } if (attr->ia_size) { struct shmem_inode_info *info = SHMEM_I(inode); spin_lock(&info->lock); info->flags &= ~SHMEM_PAGEIN; spin_unlock(&info->lock); } } } error = inode_change_ok(inode, attr); if (!error) error = inode_setattr(inode, attr); #ifdef CONFIG_TMPFS_POSIX_ACL if (!error && (attr->ia_valid & ATTR_MODE)) error = generic_acl_chmod(inode, &shmem_acl_ops); #endif if (page) page_cache_release(page); return error; }",linux-2.6,,,163093704686199849668664014281673155909,0 2403,['CWE-119'],"void diffcore_std(struct diff_options *options) { if (DIFF_OPT_TST(options, QUIET)) return; if (options->skip_stat_unmatch && !DIFF_OPT_TST(options, FIND_COPIES_HARDER)) diffcore_skip_stat_unmatch(options); if (options->break_opt != -1) diffcore_break(options->break_opt); if (options->detect_rename) diffcore_rename(options); if (options->break_opt != -1) diffcore_merge_broken(); if (options->pickaxe) diffcore_pickaxe(options->pickaxe, options->pickaxe_opts); if (options->orderfile) diffcore_order(options->orderfile); diff_resolve_rename_copy(); diffcore_apply_filter(options->filter); if (diff_queued_diff.nr) DIFF_OPT_SET(options, HAS_CHANGES); else DIFF_OPT_CLR(options, HAS_CHANGES); }",git,,,41575523039841050771866836335877957145,0 2649,CWE-125,"PHP_FUNCTION(locale_get_all_variants) { const char* loc_name = NULL; int loc_name_len = 0; int result = 0; char* token = NULL; char* variant = NULL; char* saved_ptr = NULL; intl_error_reset( NULL TSRMLS_CC ); if(zend_parse_parameters( ZEND_NUM_ARGS() TSRMLS_CC, ""s"", &loc_name, &loc_name_len ) == FAILURE) { intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, ""locale_parse: unable to parse input params"", 0 TSRMLS_CC ); RETURN_FALSE; } if(loc_name_len == 0) { loc_name = intl_locale_get_default(TSRMLS_C); } array_init( return_value ); if( findOffset( LOC_GRANDFATHERED , loc_name ) >= 0 ){ } else { variant = get_icu_value_internal( loc_name , LOC_VARIANT_TAG , &result ,0); if( result > 0 && variant){ token = php_strtok_r( variant , DELIMITER , &saved_ptr); add_next_index_stringl( return_value, token , strlen(token) ,TRUE ); while( (token = php_strtok_r(NULL , DELIMITER, &saved_ptr)) && (strlen(token)>1) ){ add_next_index_stringl( return_value, token , strlen(token) ,TRUE ); } } if( variant ){ efree( variant ); } } }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,35637955376831,1 5598,[],"__attribute__((weak)) const char *arch_vma_name(struct vm_area_struct *vma) { return NULL; }",linux-2.6,,,328492720315731720414849449654926681305,0 2809,['CWE-264'],"enslave( struct net_device *dev, struct net_device *slave_dev ) { struct net_local *nl = (struct net_local *) dev->priv; struct net_local *snl = (struct net_local *) slave_dev->priv; if( nl->state & FL_SLAVE ) return -EBUSY; if( snl->state & FL_SLAVE ) return -EBUSY; spin_lock( &nl->lock ); spin_lock( &snl->lock ); snl->link = nl->link; nl->link = slave_dev; snl->master = dev; snl->state |= FL_SLAVE; memset( &snl->stats, 0, sizeof(struct net_device_stats) ); netif_stop_queue( slave_dev ); netif_wake_queue( dev ); spin_unlock( &snl->lock ); spin_unlock( &nl->lock ); printk( KERN_NOTICE ""%s: slave device (%s) attached.\n"", dev->name, slave_dev->name ); return 0; }",linux-2.6,,,40237212024833556638833799269631294123,0 4332,['CWE-119'],"void _af_adpcm_coder (const int16_t *indata, uint8_t *outdata, int frameCount, int channelCount, struct adpcm_state *state) { const int16_t *inp; uint8_t *outp; int val; int sign; int delta; int diff; int step; int valpred; int vpdiff; int index; int outputbuffer; int bufferstep; outp = outdata; inp = indata; valpred = state->valprev; index = state->index; step = stepsizeTable[index]; bufferstep = 1; for (; frameCount > 0 ; frameCount--) { val = *inp++; diff = val - valpred; sign = (diff < 0) ? 8 : 0; if ( sign ) diff = (-diff); delta = 0; vpdiff = (step >> 3); if ( diff >= step ) { delta = 4; diff -= step; vpdiff += step; } step >>= 1; if ( diff >= step ) { delta |= 2; diff -= step; vpdiff += step; } step >>= 1; if ( diff >= step ) { delta |= 1; vpdiff += step; } if ( sign ) valpred -= vpdiff; else valpred += vpdiff; if ( valpred > 32767 ) valpred = 32767; else if ( valpred < -32768 ) valpred = -32768; delta |= sign; index += indexTable[delta]; if ( index < 0 ) index = 0; if ( index > 88 ) index = 88; step = stepsizeTable[index]; if ( bufferstep ) { outputbuffer = delta & 0x0f; } else { *outp++ = ((delta << 4) & 0xf0) | outputbuffer; } bufferstep = !bufferstep; } if ( !bufferstep ) *outp++ = outputbuffer; state->valprev = valpred; state->index = index; }",audiofile,,,225840431614172083472790459310188380954,0 1882,['CWE-189'],"_gnutls_server_name_recv_params (gnutls_session_t session, const opaque * data, size_t _data_size) { int i; const unsigned char *p; uint16_t len, type; ssize_t data_size = _data_size; int server_names = 0; if (session->security_parameters.entity == GNUTLS_SERVER) { DECR_LENGTH_RET (data_size, 2, 0); len = _gnutls_read_uint16 (data); if (len != data_size) { gnutls_assert (); return 0; } p = data + 2; while (data_size > 0) { DECR_LENGTH_RET (data_size, 1, 0); p++; DECR_LEN (data_size, 2); len = _gnutls_read_uint16 (p); p += 2; if (len > 0) { DECR_LENGTH_RET (data_size, len, 0); server_names++; p += len; } else _gnutls_handshake_log (""HSK[%x]: Received zero size server name (under attack?)\n"", session); } if (server_names > MAX_SERVER_NAME_EXTENSIONS) { _gnutls_handshake_log (""HSK[%x]: Too many server names received (under attack?)\n"", session); server_names = MAX_SERVER_NAME_EXTENSIONS; } session->security_parameters.extensions.server_names_size = server_names; if (server_names == 0) return 0; p = data + 2; for (i = 0; i < server_names; i++) { type = *p; p++; len = _gnutls_read_uint16 (p); p += 2; switch (type) { case 0: if (len <= MAX_SERVER_NAME_SIZE) { memcpy (session->security_parameters.extensions. server_names[i].name, p, len); session->security_parameters.extensions. server_names[i].name_length = len; session->security_parameters.extensions. server_names[i].type = GNUTLS_NAME_DNS; break; } } p += len; } } return 0; }",gnutls,,,152957120570619493354523234303186797474,0 3544,CWE-190,"int main(int argc, char **argv) { int fmtid; int id; char *infile; jas_stream_t *instream; jas_image_t *image; int width; int height; int depth; int numcmpts; int verbose; char *fmtname; int debug; size_t max_mem; if (jas_init()) { abort(); } cmdname = argv[0]; infile = 0; verbose = 0; debug = 0; #if defined(JAS_DEFAULT_MAX_MEM_USAGE) max_mem = JAS_DEFAULT_MAX_MEM_USAGE; #endif while ((id = jas_getopt(argc, argv, opts)) >= 0) { switch (id) { case OPT_VERBOSE: verbose = 1; break; case OPT_VERSION: printf(""%s\n"", JAS_VERSION); exit(EXIT_SUCCESS); break; case OPT_DEBUG: debug = atoi(jas_optarg); break; case OPT_INFILE: infile = jas_optarg; break; case OPT_MAXMEM: max_mem = strtoull(jas_optarg, 0, 10); break; case OPT_HELP: default: usage(); break; } } jas_setdbglevel(debug); #if defined(JAS_DEFAULT_MAX_MEM_USAGE) jas_set_max_mem_usage(max_mem); #endif if (infile) { if (!(instream = jas_stream_fopen(infile, ""rb""))) { fprintf(stderr, ""cannot open input image file %s\n"", infile); exit(EXIT_FAILURE); } } else { if (!(instream = jas_stream_fdopen(0, ""rb""))) { fprintf(stderr, ""cannot open standard input\n""); exit(EXIT_FAILURE); } } if ((fmtid = jas_image_getfmt(instream)) < 0) { fprintf(stderr, ""unknown image format\n""); } if (!(image = jas_image_decode(instream, fmtid, 0))) { jas_stream_close(instream); fprintf(stderr, ""cannot load image\n""); return EXIT_FAILURE; } jas_stream_close(instream); if (!(numcmpts = jas_image_numcmpts(image))) { fprintf(stderr, ""warning: image has no components\n""); } if (numcmpts) { width = jas_image_cmptwidth(image, 0); height = jas_image_cmptheight(image, 0); depth = jas_image_cmptprec(image, 0); } else { width = 0; height = 0; depth = 0; } if (!(fmtname = jas_image_fmttostr(fmtid))) { abort(); } printf(""%s %d %d %d %d %ld\n"", fmtname, numcmpts, width, height, depth, (long) jas_image_rawsize(image)); jas_image_destroy(image); jas_image_clearfmts(); return EXIT_SUCCESS; }",visit repo url,src/appl/imginfo.c,https://github.com/mdadams/jasper,62520432085721,1 3550,CWE-20,"static int jas_iccputuint(jas_stream_t *out, int n, ulonglong val) { int i; int c; for (i = n; i > 0; --i) { c = (val >> (8 * (i - 1))) & 0xff; if (jas_stream_putc(out, c) == EOF) return -1; } return 0; }",visit repo url,src/libjasper/base/jas_icc.c,https://github.com/mdadams/jasper,42450445153190,1 4036,CWE-125,"_WM_ParseNewHmp(uint8_t *hmp_data, uint32_t hmp_size) { uint8_t is_hmp2 = 0; uint32_t zero_cnt = 0; uint32_t i = 0; uint32_t hmp_file_length = 0; uint32_t hmp_chunks = 0; uint32_t hmp_divisions = 0; uint32_t hmp_unknown = 0; uint32_t hmp_bpm = 0; uint32_t hmp_song_time = 0; struct _mdi *hmp_mdi; uint8_t **hmp_chunk; uint32_t *chunk_length; uint32_t *chunk_ofs; uint32_t *chunk_delta; uint8_t *chunk_end; uint32_t chunk_num = 0; uint32_t hmp_track = 0; uint32_t smallest_delta = 0; uint32_t subtract_delta = 0; uint32_t end_of_chunks = 0; uint32_t var_len_shift = 0; float tempo_f = 500000.0; float samples_per_delta_f = 0.0; uint32_t sample_count = 0; float sample_count_f = 0; float sample_remainder = 0; if (memcmp(hmp_data, ""HMIMIDIP"", 8)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_HMP, NULL, 0); return NULL; } hmp_data += 8; hmp_size -= 8; if (!memcmp(hmp_data, ""013195"", 6)) { hmp_data += 6; hmp_size -= 6; is_hmp2 = 1; } if (is_hmp2) { zero_cnt = 18; } else { zero_cnt = 24; } for (i = 0; i < zero_cnt; i++) { if (hmp_data[i] != 0) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_HMP, NULL, 0); return NULL; } } hmp_data += zero_cnt; hmp_size -= zero_cnt; hmp_file_length = *hmp_data++; hmp_file_length += (*hmp_data++ << 8); hmp_file_length += (*hmp_data++ << 16); hmp_file_length += (*hmp_data++ << 24); hmp_size -= 4; UNUSED(hmp_file_length); hmp_data += 12; hmp_size -= 12; hmp_chunks = *hmp_data++; hmp_chunks += (*hmp_data++ << 8); hmp_chunks += (*hmp_data++ << 16); hmp_chunks += (*hmp_data++ << 24); hmp_size -= 4; hmp_unknown = *hmp_data++; hmp_unknown += (*hmp_data++ << 8); hmp_unknown += (*hmp_data++ << 16); hmp_unknown += (*hmp_data++ << 24); hmp_size -= 4; UNUSED(hmp_unknown); hmp_divisions = 60; hmp_bpm = *hmp_data++; hmp_bpm += (*hmp_data++ << 8); hmp_bpm += (*hmp_data++ << 16); hmp_bpm += (*hmp_data++ << 24); hmp_size -= 4; if ((_WM_MixerOptions & WM_MO_ROUNDTEMPO)) { tempo_f = (float) (60000000 / hmp_bpm) + 0.5f; } else { tempo_f = (float) (60000000 / hmp_bpm); } samples_per_delta_f = _WM_GetSamplesPerTick(hmp_divisions, tempo_f); hmp_song_time = *hmp_data++; hmp_song_time += (*hmp_data++ << 8); hmp_song_time += (*hmp_data++ << 16); hmp_song_time += (*hmp_data++ << 24); hmp_size -= 4; UNUSED(hmp_song_time); if (is_hmp2) { hmp_data += 840; hmp_size -= 840; } else { hmp_data += 712; hmp_size -= 712; } hmp_mdi = _WM_initMDI(); _WM_midi_setup_divisions(hmp_mdi, hmp_divisions); _WM_midi_setup_tempo(hmp_mdi, (uint32_t)tempo_f); hmp_chunk = malloc(sizeof(uint8_t *) * hmp_chunks); chunk_length = malloc(sizeof(uint32_t) * hmp_chunks); chunk_delta = malloc(sizeof(uint32_t) * hmp_chunks); chunk_ofs = malloc(sizeof(uint32_t) * hmp_chunks); chunk_end = malloc(sizeof(uint8_t) * hmp_chunks); smallest_delta = 0xffffffff; for (i = 0; i < hmp_chunks; i++) { hmp_chunk[i] = hmp_data; chunk_ofs[i] = 0; chunk_num = *hmp_data++; chunk_num += (*hmp_data++ << 8); chunk_num += (*hmp_data++ << 16); chunk_num += (*hmp_data++ << 24); chunk_ofs[i] += 4; UNUSED(chunk_num); chunk_length[i] = *hmp_data++; chunk_length[i] += (*hmp_data++ << 8); chunk_length[i] += (*hmp_data++ << 16); chunk_length[i] += (*hmp_data++ << 24); chunk_ofs[i] += 4; if (chunk_length[i] > hmp_size) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_HMP, ""file too short"", 0); goto _hmp_end; } hmp_size -= chunk_length[i]; hmp_track = *hmp_data++; hmp_track += (*hmp_data++ << 8); hmp_track += (*hmp_data++ << 16); hmp_track += (*hmp_data++ << 24); chunk_ofs[i] += 4; UNUSED(hmp_track); chunk_delta[i] = 0; var_len_shift = 0; if (*hmp_data < 0x80) { do { chunk_delta[i] = chunk_delta[i] | ((*hmp_data++ & 0x7F) << var_len_shift); var_len_shift += 7; chunk_ofs[i]++; } while (*hmp_data < 0x80); } chunk_delta[i] = chunk_delta[i] | ((*hmp_data++ & 0x7F) << var_len_shift); chunk_ofs[i]++; if (chunk_delta[i] < smallest_delta) { smallest_delta = chunk_delta[i]; } hmp_data = hmp_chunk[i] + chunk_length[i]; hmp_chunk[i] += chunk_ofs[i]++; chunk_end[i] = 0; } subtract_delta = smallest_delta; sample_count_f = (((float) smallest_delta * samples_per_delta_f) + sample_remainder); sample_count = (uint32_t) sample_count_f; sample_remainder = sample_count_f - (float) sample_count; hmp_mdi->events[hmp_mdi->event_count - 1].samples_to_next += sample_count; hmp_mdi->extra_info.approx_total_samples += sample_count; while (end_of_chunks < hmp_chunks) { smallest_delta = 0; for (i = 0; i < hmp_chunks; i++) { if (chunk_end[i]) continue; if (chunk_delta[i]) { chunk_delta[i] -= subtract_delta; if (chunk_delta[i]) { if ((!smallest_delta) || (smallest_delta > chunk_delta[i])) { smallest_delta = chunk_delta[i]; } continue; } } do { if (((hmp_chunk[i][0] & 0xf0) == 0xb0 ) && ((hmp_chunk[i][1] == 110) || (hmp_chunk[i][1] == 111)) && (hmp_chunk[i][2] > 0x7f)) { hmp_chunk[i] += 3; } else { uint32_t setup_ret = 0; if ((setup_ret = _WM_SetupMidiEvent(hmp_mdi, hmp_chunk[i], 0)) == 0) { goto _hmp_end; } if ((hmp_chunk[i][0] == 0xff) && (hmp_chunk[i][1] == 0x2f) && (hmp_chunk[i][2] == 0x00)) { end_of_chunks++; chunk_end[i] = 1; hmp_chunk[i] += 3; goto NEXT_CHUNK; } else if ((hmp_chunk[i][0] == 0xff) && (hmp_chunk[i][1] == 0x51) && (hmp_chunk[i][2] == 0x03)) { tempo_f = (float)((hmp_chunk[i][3] << 16) + (hmp_chunk[i][4] << 8)+ hmp_chunk[i][5]); if (tempo_f == 0.0) tempo_f = 500000.0; fprintf(stderr,""DEBUG: Tempo change %f\r\n"", tempo_f); } hmp_chunk[i] += setup_ret; } var_len_shift = 0; chunk_delta[i] = 0; if (*hmp_chunk[i] < 0x80) { do { chunk_delta[i] = chunk_delta[i] + ((*hmp_chunk[i] & 0x7F) << var_len_shift); var_len_shift += 7; hmp_chunk[i]++; } while (*hmp_chunk[i] < 0x80); } chunk_delta[i] = chunk_delta[i] + ((*hmp_chunk[i] & 0x7F) << var_len_shift); hmp_chunk[i]++; } while (!chunk_delta[i]); if ((!smallest_delta) || (smallest_delta > chunk_delta[i])) { smallest_delta = chunk_delta[i]; } NEXT_CHUNK: continue; } subtract_delta = smallest_delta; sample_count_f= (((float) smallest_delta * samples_per_delta_f) + sample_remainder); sample_count = (uint32_t) sample_count_f; sample_remainder = sample_count_f - (float) sample_count; hmp_mdi->events[hmp_mdi->event_count - 1].samples_to_next += sample_count; hmp_mdi->extra_info.approx_total_samples += sample_count; } if ((hmp_mdi->reverb = _WM_init_reverb(_WM_SampleRate, _WM_reverb_room_width, _WM_reverb_room_length, _WM_reverb_listen_posx, _WM_reverb_listen_posy)) == NULL) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_MEM, ""to init reverb"", 0); goto _hmp_end; } hmp_mdi->extra_info.current_sample = 0; hmp_mdi->current_event = &hmp_mdi->events[0]; hmp_mdi->samples_to_mix = 0; hmp_mdi->note = NULL; _WM_ResetToStart(hmp_mdi); _hmp_end: free(hmp_chunk); free(chunk_length); free(chunk_delta); free(chunk_ofs); free(chunk_end); if (hmp_mdi->reverb) return (hmp_mdi); _WM_freeMDI(hmp_mdi); return NULL; }",visit repo url,src/f_hmp.c,https://github.com/Mindwerks/wildmidi,35570052073549,1 5443,CWE-787,"void handle_debug_usb_rx(const void *msg, size_t len) { if (msg_tiny_flag) { uint8_t buf[64]; memcpy(buf, msg, sizeof(buf)); uint16_t msgId = buf[4] | ((uint16_t)buf[3]) << 8; uint32_t msgSize = buf[8] | ((uint32_t)buf[7]) << 8 | ((uint32_t)buf[6]) << 16 | ((uint32_t)buf[5]) << 24; if (msgSize > 64 - 9) { (*msg_failure)(FailureType_Failure_UnexpectedMessage, ""Malformed tiny packet""); return; } const MessagesMap_t *entry = message_map_entry(DEBUG_MSG, msgId, IN_MSG); if (!entry) { (*msg_failure)(FailureType_Failure_UnexpectedMessage, ""Unknown message""); return; } tiny_dispatch(entry, buf + 9, msgSize); } else { usb_rx_helper(msg, len, DEBUG_MSG); } }",visit repo url,lib/board/messages.c,https://github.com/keepkey/keepkey-firmware,265278335969295,1 1840,CWE-476,"int x86_decode_emulated_instruction(struct kvm_vcpu *vcpu, int emulation_type, void *insn, int insn_len) { int r = EMULATION_OK; struct x86_emulate_ctxt *ctxt = vcpu->arch.emulate_ctxt; init_emulate_ctxt(vcpu); if (!(emulation_type & EMULTYPE_SKIP) && kvm_vcpu_check_breakpoint(vcpu, &r)) return r; r = x86_decode_insn(ctxt, insn, insn_len, emulation_type); trace_kvm_emulate_insn_start(vcpu); ++vcpu->stat.insn_emulation; return r; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,259451066173698,1 1122,CWE-362,"static int do_ip_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { struct inet_sock *inet = inet_sk(sk); int val; int len; if (level != SOL_IP) return -EOPNOTSUPP; if (ip_mroute_opt(optname)) return ip_mroute_getsockopt(sk, optname, optval, optlen); if (get_user(len, optlen)) return -EFAULT; if (len < 0) return -EINVAL; lock_sock(sk); switch (optname) { case IP_OPTIONS: { unsigned char optbuf[sizeof(struct ip_options)+40]; struct ip_options * opt = (struct ip_options *)optbuf; opt->optlen = 0; if (inet->opt) memcpy(optbuf, inet->opt, sizeof(struct ip_options)+ inet->opt->optlen); release_sock(sk); if (opt->optlen == 0) return put_user(0, optlen); ip_options_undo(opt); len = min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, opt->__data, len)) return -EFAULT; return 0; } case IP_PKTINFO: val = (inet->cmsg_flags & IP_CMSG_PKTINFO) != 0; break; case IP_RECVTTL: val = (inet->cmsg_flags & IP_CMSG_TTL) != 0; break; case IP_RECVTOS: val = (inet->cmsg_flags & IP_CMSG_TOS) != 0; break; case IP_RECVOPTS: val = (inet->cmsg_flags & IP_CMSG_RECVOPTS) != 0; break; case IP_RETOPTS: val = (inet->cmsg_flags & IP_CMSG_RETOPTS) != 0; break; case IP_PASSSEC: val = (inet->cmsg_flags & IP_CMSG_PASSSEC) != 0; break; case IP_RECVORIGDSTADDR: val = (inet->cmsg_flags & IP_CMSG_ORIGDSTADDR) != 0; break; case IP_TOS: val = inet->tos; break; case IP_TTL: val = (inet->uc_ttl == -1 ? sysctl_ip_default_ttl : inet->uc_ttl); break; case IP_HDRINCL: val = inet->hdrincl; break; case IP_NODEFRAG: val = inet->nodefrag; break; case IP_MTU_DISCOVER: val = inet->pmtudisc; break; case IP_MTU: { struct dst_entry *dst; val = 0; dst = sk_dst_get(sk); if (dst) { val = dst_mtu(dst); dst_release(dst); } if (!val) { release_sock(sk); return -ENOTCONN; } break; } case IP_RECVERR: val = inet->recverr; break; case IP_MULTICAST_TTL: val = inet->mc_ttl; break; case IP_MULTICAST_LOOP: val = inet->mc_loop; break; case IP_MULTICAST_IF: { struct in_addr addr; len = min_t(unsigned int, len, sizeof(struct in_addr)); addr.s_addr = inet->mc_addr; release_sock(sk); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &addr, len)) return -EFAULT; return 0; } case IP_MSFILTER: { struct ip_msfilter msf; int err; if (len < IP_MSFILTER_SIZE(0)) { release_sock(sk); return -EINVAL; } if (copy_from_user(&msf, optval, IP_MSFILTER_SIZE(0))) { release_sock(sk); return -EFAULT; } err = ip_mc_msfget(sk, &msf, (struct ip_msfilter __user *)optval, optlen); release_sock(sk); return err; } case MCAST_MSFILTER: { struct group_filter gsf; int err; if (len < GROUP_FILTER_SIZE(0)) { release_sock(sk); return -EINVAL; } if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) { release_sock(sk); return -EFAULT; } err = ip_mc_gsfget(sk, &gsf, (struct group_filter __user *)optval, optlen); release_sock(sk); return err; } case IP_MULTICAST_ALL: val = inet->mc_all; break; case IP_PKTOPTIONS: { struct msghdr msg; release_sock(sk); if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; msg.msg_control = optval; msg.msg_controllen = len; msg.msg_flags = 0; if (inet->cmsg_flags & IP_CMSG_PKTINFO) { struct in_pktinfo info; info.ipi_addr.s_addr = inet->inet_rcv_saddr; info.ipi_spec_dst.s_addr = inet->inet_rcv_saddr; info.ipi_ifindex = inet->mc_index; put_cmsg(&msg, SOL_IP, IP_PKTINFO, sizeof(info), &info); } if (inet->cmsg_flags & IP_CMSG_TTL) { int hlim = inet->mc_ttl; put_cmsg(&msg, SOL_IP, IP_TTL, sizeof(hlim), &hlim); } len -= msg.msg_controllen; return put_user(len, optlen); } case IP_FREEBIND: val = inet->freebind; break; case IP_TRANSPARENT: val = inet->transparent; break; case IP_MINTTL: val = inet->min_ttl; break; default: release_sock(sk); return -ENOPROTOOPT; } release_sock(sk); if (len < sizeof(int) && len > 0 && val >= 0 && val <= 255) { unsigned char ucval = (unsigned char)val; len = 1; if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &ucval, 1)) return -EFAULT; } else { len = min_t(unsigned int, sizeof(int), len); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) return -EFAULT; } return 0; }",visit repo url,net/ipv4/ip_sockglue.c,https://github.com/torvalds/linux,241648275415880,1 4912,CWE-116,"char *url_decode_r(char *to, char *url, size_t size) { char *s = url, *d = to, *e = &to[size - 1]; while(*s && d < e) { if(unlikely(*s == '%')) { if(likely(s[1] && s[2])) { *d++ = from_hex(s[1]) << 4 | from_hex(s[2]); s += 2; } } else if(unlikely(*s == '+')) *d++ = ' '; else *d++ = *s; s++; } *d = '\0'; return to; }",visit repo url,libnetdata/url/url.c,https://github.com/netdata/netdata,126743033781353,1 3783,CWE-416,"compile_def_function( ufunc_T *ufunc, int check_return_type, compiletype_T compile_type, cctx_T *outer_cctx) { char_u *line = NULL; char_u *line_to_free = NULL; char_u *p; char *errormsg = NULL; cctx_T cctx; garray_T *instr; int did_emsg_before = did_emsg; int did_emsg_silent_before = did_emsg_silent; int ret = FAIL; sctx_T save_current_sctx = current_sctx; int save_estack_compiling = estack_compiling; int save_cmod_flags = cmdmod.cmod_flags; int do_estack_push; int new_def_function = FALSE; #ifdef FEAT_PROFILE int prof_lnum = -1; #endif int debug_lnum = -1; if (ufunc->uf_dfunc_idx > 0) { dfunc_T *dfunc = ((dfunc_T *)def_functions.ga_data) + ufunc->uf_dfunc_idx; isn_T *instr_dest = NULL; switch (compile_type) { case CT_PROFILE: #ifdef FEAT_PROFILE instr_dest = dfunc->df_instr_prof; break; #endif case CT_NONE: instr_dest = dfunc->df_instr; break; case CT_DEBUG: instr_dest = dfunc->df_instr_debug; break; } if (instr_dest != NULL) delete_def_function_contents(dfunc, FALSE); ga_clear_strings(&dfunc->df_var_names); } else { if (add_def_function(ufunc) == FAIL) return FAIL; new_def_function = TRUE; } ufunc->uf_def_status = UF_COMPILING; CLEAR_FIELD(cctx); cctx.ctx_compile_type = compile_type; cctx.ctx_ufunc = ufunc; cctx.ctx_lnum = -1; cctx.ctx_outer = outer_cctx; ga_init2(&cctx.ctx_locals, sizeof(lvar_T), 10); ga_init2(&cctx.ctx_type_stack, sizeof(type_T *), 50); ga_init2(&cctx.ctx_imports, sizeof(imported_T), 10); cctx.ctx_type_list = &ufunc->uf_type_list; ga_init2(&cctx.ctx_instr, sizeof(isn_T), 50); instr = &cctx.ctx_instr; current_sctx = ufunc->uf_script_ctx; current_sctx.sc_version = SCRIPT_VERSION_VIM9; cmdmod.cmod_flags &= ~CMOD_LEGACY; do_estack_push = !estack_top_is_ufunc(ufunc, 1); if (do_estack_push) estack_push_ufunc(ufunc, 1); estack_compiling = TRUE; if (ufunc->uf_def_args.ga_len > 0) { int count = ufunc->uf_def_args.ga_len; int first_def_arg = ufunc->uf_args.ga_len - count; int i; char_u *arg; int off = STACK_FRAME_SIZE + (ufunc->uf_va_name != NULL ? 1 : 0); int did_set_arg_type = FALSE; SOURCING_LNUM = 0; for (i = 0; i < count; ++i) { garray_T *stack = &cctx.ctx_type_stack; type_T *val_type; int arg_idx = first_def_arg + i; where_T where = WHERE_INIT; int r; int jump_instr_idx = instr->ga_len; isn_T *isn; if (generate_JUMP_IF_ARG_SET(&cctx, i - count - off) == FAIL) goto erret; ufunc->uf_args_visible = arg_idx; arg = ((char_u **)(ufunc->uf_def_args.ga_data))[i]; r = compile_expr0(&arg, &cctx); if (r == FAIL) goto erret; val_type = ((type_T **)stack->ga_data)[stack->ga_len - 1]; where.wt_index = arg_idx + 1; if (ufunc->uf_arg_types[arg_idx] == &t_unknown) { did_set_arg_type = TRUE; ufunc->uf_arg_types[arg_idx] = val_type; } else if (need_type_where(val_type, ufunc->uf_arg_types[arg_idx], -1, where, &cctx, FALSE, FALSE) == FAIL) goto erret; if (generate_STORE(&cctx, ISN_STORE, i - count - off, NULL) == FAIL) goto erret; isn = ((isn_T *)instr->ga_data) + jump_instr_idx; isn->isn_arg.jumparg.jump_where = instr->ga_len; } if (did_set_arg_type) set_function_type(ufunc); } ufunc->uf_args_visible = ufunc->uf_args.ga_len; for (;;) { exarg_T ea; int starts_with_colon = FALSE; char_u *cmd; cmdmod_T local_cmdmod; if (did_emsg_before != did_emsg) goto erret; if (line != NULL && *line == '|') ++line; else if (line != NULL && *skipwhite(line) != NUL && !(*line == '#' && (line == cctx.ctx_line_start || VIM_ISWHITE(line[-1])))) { semsg(_(e_trailing_arg), line); goto erret; } else if (line != NULL && vim9_bad_comment(skipwhite(line))) goto erret; else { line = next_line_from_context(&cctx, FALSE); if (cctx.ctx_lnum >= ufunc->uf_lines.ga_len) { #ifdef FEAT_PROFILE if (cctx.ctx_skip != SKIP_YES) may_generate_prof_end(&cctx, prof_lnum); #endif break; } if (line != NULL) { line = vim_strsave(line); vim_free(line_to_free); line_to_free = line; } } CLEAR_FIELD(ea); ea.cmdlinep = &line; ea.cmd = skipwhite(line); if (*ea.cmd == '#') { line = (char_u *)""""; continue; } #ifdef FEAT_PROFILE if (cctx.ctx_compile_type == CT_PROFILE && cctx.ctx_lnum != prof_lnum && cctx.ctx_skip != SKIP_YES) { may_generate_prof_end(&cctx, prof_lnum); prof_lnum = cctx.ctx_lnum; generate_instr(&cctx, ISN_PROF_START); } #endif if (cctx.ctx_compile_type == CT_DEBUG && cctx.ctx_lnum != debug_lnum && cctx.ctx_skip != SKIP_YES) { debug_lnum = cctx.ctx_lnum; generate_instr_debug(&cctx); } cctx.ctx_prev_lnum = cctx.ctx_lnum + 1; switch (*ea.cmd) { case '}': { scopetype_T stype = cctx.ctx_scope == NULL ? NO_SCOPE : cctx.ctx_scope->se_type; if (stype == BLOCK_SCOPE) { compile_endblock(&cctx); line = ea.cmd; } else { emsg(_(e_using_rcurly_outside_if_block_scope)); goto erret; } if (line != NULL) line = skipwhite(ea.cmd + 1); continue; } case '{': if (ends_excmd(*skipwhite(ea.cmd + 1))) { line = compile_block(ea.cmd, &cctx); continue; } break; } cctx.ctx_has_cmdmod = FALSE; if (parse_command_modifiers(&ea, &errormsg, &local_cmdmod, FALSE) == FAIL) { if (errormsg != NULL) goto erret; line = (char_u *)""""; continue; } generate_cmdmods(&cctx, &local_cmdmod); undo_cmdmod(&local_cmdmod); for (p = ea.cmd; p >= line; --p) { if (*p == ':') starts_with_colon = TRUE; if (p < ea.cmd && !VIM_ISWHITE(*p)) break; } p = ea.cmd; if (!(local_cmdmod.cmod_flags & CMOD_LEGACY)) { if (checkforcmd(&ea.cmd, ""call"", 3)) { if (*ea.cmd == '(') ea.cmd = p; else ea.cmd = skipwhite(ea.cmd); } if (!starts_with_colon) { int assign; assign = may_compile_assignment(&ea, &line, &cctx); if (assign == OK) goto nextline; if (assign == FAIL) goto erret; } } cmd = ea.cmd; if ((*cmd != '$' || starts_with_colon) && (starts_with_colon || !(*cmd == '\'' || (cmd[0] == cmd[1] && (*cmd == '+' || *cmd == '-'))))) { ea.cmd = skip_range(ea.cmd, TRUE, NULL); if (ea.cmd > cmd) { if (!starts_with_colon && !(local_cmdmod.cmod_flags & CMOD_LEGACY)) { semsg(_(e_colon_required_before_range_str), cmd); goto erret; } ea.addr_count = 1; if (ends_excmd2(line, ea.cmd)) { generate_EXEC(&cctx, ISN_EXECRANGE, vim_strnsave(cmd, ea.cmd - cmd)); line = ea.cmd; goto nextline; } } } p = find_ex_command(&ea, NULL, starts_with_colon || (local_cmdmod.cmod_flags & CMOD_LEGACY) ? NULL : item_exists, &cctx); if (p == NULL) { if (cctx.ctx_skip != SKIP_YES) emsg(_(e_ambiguous_use_of_user_defined_command)); goto erret; } if (local_cmdmod.cmod_flags & CMOD_LEGACY) { char_u *start = ea.cmd; switch (ea.cmdidx) { case CMD_if: case CMD_elseif: case CMD_else: case CMD_endif: case CMD_for: case CMD_endfor: case CMD_continue: case CMD_break: case CMD_while: case CMD_endwhile: case CMD_try: case CMD_catch: case CMD_finally: case CMD_endtry: semsg(_(e_cannot_use_legacy_with_command_str), ea.cmd); goto erret; default: break; } if (checkforcmd(&start, ""return"", 4)) ea.cmdidx = CMD_return; else ea.cmdidx = CMD_legacy; } if (p == ea.cmd && ea.cmdidx != CMD_SIZE) { if (cctx.ctx_skip == SKIP_YES && ea.cmdidx != CMD_eval) { line += STRLEN(line); goto nextline; } else if (ea.cmdidx != CMD_eval) { semsg(_(e_command_not_recognized_str), ea.cmd); goto erret; } } if (cctx.ctx_had_return && ea.cmdidx != CMD_elseif && ea.cmdidx != CMD_else && ea.cmdidx != CMD_endif && ea.cmdidx != CMD_endfor && ea.cmdidx != CMD_endwhile && ea.cmdidx != CMD_catch && ea.cmdidx != CMD_finally && ea.cmdidx != CMD_endtry) { emsg(_(e_unreachable_code_after_return)); goto erret; } p = skipwhite(p); if (ea.cmdidx != CMD_SIZE && ea.cmdidx != CMD_write && ea.cmdidx != CMD_read) { if (ea.cmdidx >= 0) ea.argt = excmd_get_argt(ea.cmdidx); if ((ea.argt & EX_BANG) && *p == '!') { ea.forceit = TRUE; p = skipwhite(p + 1); } } switch (ea.cmdidx) { case CMD_def: case CMD_function: ea.arg = p; line = compile_nested_function(&ea, &cctx); break; case CMD_return: line = compile_return(p, check_return_type, local_cmdmod.cmod_flags & CMOD_LEGACY, &cctx); cctx.ctx_had_return = TRUE; break; case CMD_let: emsg(_(e_cannot_use_let_in_vim9_script)); break; case CMD_var: case CMD_final: case CMD_const: case CMD_increment: case CMD_decrement: line = compile_assignment(p, &ea, ea.cmdidx, &cctx); if (line == p) line = NULL; break; case CMD_unlet: case CMD_unlockvar: case CMD_lockvar: line = compile_unletlock(p, &ea, &cctx); break; case CMD_import: emsg(_(e_import_can_only_be_used_in_script)); line = NULL; break; case CMD_if: line = compile_if(p, &cctx); break; case CMD_elseif: line = compile_elseif(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_else: line = compile_else(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_endif: line = compile_endif(p, &cctx); break; case CMD_while: line = compile_while(p, &cctx); break; case CMD_endwhile: line = compile_endwhile(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_for: line = compile_for(p, &cctx); break; case CMD_endfor: line = compile_endfor(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_continue: line = compile_continue(p, &cctx); break; case CMD_break: line = compile_break(p, &cctx); break; case CMD_try: line = compile_try(p, &cctx); break; case CMD_catch: line = compile_catch(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_finally: line = compile_finally(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_endtry: line = compile_endtry(p, &cctx); cctx.ctx_had_return = FALSE; break; case CMD_throw: line = compile_throw(p, &cctx); break; case CMD_eval: line = compile_eval(p, &cctx); break; case CMD_echo: case CMD_echon: case CMD_execute: case CMD_echomsg: case CMD_echoerr: case CMD_echoconsole: line = compile_mult_expr(p, ea.cmdidx, &cctx); break; case CMD_put: ea.cmd = cmd; line = compile_put(p, &ea, &cctx); break; case CMD_substitute: if (check_global_and_subst(ea.cmd, p) == FAIL) goto erret; if (cctx.ctx_skip == SKIP_YES) line = (char_u *)""""; else { ea.arg = p; line = compile_substitute(line, &ea, &cctx); } break; case CMD_redir: ea.arg = p; line = compile_redir(line, &ea, &cctx); break; case CMD_cexpr: case CMD_lexpr: case CMD_caddexpr: case CMD_laddexpr: case CMD_cgetexpr: case CMD_lgetexpr: #ifdef FEAT_QUICKFIX ea.arg = p; line = compile_cexpr(line, &ea, &cctx); #else ex_ni(&ea); line = NULL; #endif break; case CMD_append: case CMD_change: case CMD_insert: case CMD_k: case CMD_t: case CMD_xit: not_in_vim9(&ea); goto erret; case CMD_SIZE: if (cctx.ctx_skip != SKIP_YES) { semsg(_(e_invalid_command_str), ea.cmd); goto erret; } line = (char_u *)""""; break; case CMD_lua: case CMD_mzscheme: case CMD_perl: case CMD_py3: case CMD_python3: case CMD_python: case CMD_pythonx: case CMD_ruby: case CMD_tcl: ea.arg = p; if (vim_strchr(line, '\n') == NULL) line = compile_exec(line, &ea, &cctx); else line = compile_script(line, &cctx); break; case CMD_global: if (check_global_and_subst(ea.cmd, p) == FAIL) goto erret; default: ea.arg = p; line = compile_exec(line, &ea, &cctx); break; } nextline: if (line == NULL) goto erret; line = skipwhite(line); generate_undo_cmdmods(&cctx); if (cctx.ctx_type_stack.ga_len < 0) { iemsg(""Type stack underflow""); goto erret; } } if (cctx.ctx_scope != NULL) { if (cctx.ctx_scope->se_type == IF_SCOPE) emsg(_(e_endif)); else if (cctx.ctx_scope->se_type == WHILE_SCOPE) emsg(_(e_endwhile)); else if (cctx.ctx_scope->se_type == FOR_SCOPE) emsg(_(e_endfor)); else emsg(_(e_missing_rcurly)); goto erret; } if (!cctx.ctx_had_return) { if (ufunc->uf_ret_type->tt_type == VAR_UNKNOWN) ufunc->uf_ret_type = &t_void; else if (ufunc->uf_ret_type->tt_type != VAR_VOID) { emsg(_(e_missing_return_statement)); goto erret; } generate_instr(&cctx, ISN_RETURN_VOID); } if (emsg_silent == 0 || did_emsg_silent == did_emsg_silent_before) { dfunc_T *dfunc = ((dfunc_T *)def_functions.ga_data) + ufunc->uf_dfunc_idx; dfunc->df_deleted = FALSE; dfunc->df_script_seq = current_sctx.sc_seq; #ifdef FEAT_PROFILE if (cctx.ctx_compile_type == CT_PROFILE) { dfunc->df_instr_prof = instr->ga_data; dfunc->df_instr_prof_count = instr->ga_len; } else #endif if (cctx.ctx_compile_type == CT_DEBUG) { dfunc->df_instr_debug = instr->ga_data; dfunc->df_instr_debug_count = instr->ga_len; } else { dfunc->df_instr = instr->ga_data; dfunc->df_instr_count = instr->ga_len; } dfunc->df_varcount = dfunc->df_var_names.ga_len; dfunc->df_has_closure = cctx.ctx_has_closure; if (cctx.ctx_outer_used) ufunc->uf_flags |= FC_CLOSURE; ufunc->uf_def_status = UF_COMPILED; } ret = OK; erret: if (ufunc->uf_def_status == UF_COMPILING) { dfunc_T *dfunc = ((dfunc_T *)def_functions.ga_data) + ufunc->uf_dfunc_idx; clear_instr_ga(instr); VIM_CLEAR(dfunc->df_name); ga_clear_strings(&dfunc->df_var_names); if (!dfunc->df_deleted && new_def_function && ufunc->uf_dfunc_idx == def_functions.ga_len - 1) { --def_functions.ga_len; ufunc->uf_dfunc_idx = 0; } ufunc->uf_def_status = UF_COMPILE_ERROR; while (cctx.ctx_scope != NULL) drop_scope(&cctx); if (errormsg != NULL) emsg(errormsg); else if (did_emsg == did_emsg_before) emsg(_(e_compiling_def_function_failed)); } if (cctx.ctx_redir_lhs.lhs_name != NULL) { if (ret == OK) { emsg(_(e_missing_redir_end)); ret = FAIL; } vim_free(cctx.ctx_redir_lhs.lhs_name); vim_free(cctx.ctx_redir_lhs.lhs_whole); } current_sctx = save_current_sctx; estack_compiling = save_estack_compiling; cmdmod.cmod_flags = save_cmod_flags; if (do_estack_push) estack_pop(); vim_free(line_to_free); free_imported(&cctx); free_locals(&cctx); ga_clear(&cctx.ctx_type_stack); return ret; }",visit repo url,src/vim9compile.c,https://github.com/vim/vim,46565939589589,1 2961,['CWE-189'],"static int jpc_dec_tileinit(jpc_dec_t *dec, jpc_dec_tile_t *tile) { jpc_dec_tcomp_t *tcomp; int compno; int rlvlno; jpc_dec_rlvl_t *rlvl; jpc_dec_band_t *band; jpc_dec_prc_t *prc; int bndno; jpc_tsfb_band_t *bnd; int bandno; jpc_dec_ccp_t *ccp; int prccnt; jpc_dec_cblk_t *cblk; int cblkcnt; uint_fast32_t tlprcxstart; uint_fast32_t tlprcystart; uint_fast32_t brprcxend; uint_fast32_t brprcyend; uint_fast32_t tlcbgxstart; uint_fast32_t tlcbgystart; uint_fast32_t brcbgxend; uint_fast32_t brcbgyend; uint_fast32_t cbgxstart; uint_fast32_t cbgystart; uint_fast32_t cbgxend; uint_fast32_t cbgyend; uint_fast32_t tlcblkxstart; uint_fast32_t tlcblkystart; uint_fast32_t brcblkxend; uint_fast32_t brcblkyend; uint_fast32_t cblkxstart; uint_fast32_t cblkystart; uint_fast32_t cblkxend; uint_fast32_t cblkyend; uint_fast32_t tmpxstart; uint_fast32_t tmpystart; uint_fast32_t tmpxend; uint_fast32_t tmpyend; jpc_dec_cp_t *cp; jpc_tsfb_band_t bnds[64]; jpc_pchg_t *pchg; int pchgno; jpc_dec_cmpt_t *cmpt; cp = tile->cp; tile->realmode = 0; if (cp->mctid == JPC_MCT_ICT) { tile->realmode = 1; } for (compno = 0, tcomp = tile->tcomps, cmpt = dec->cmpts; compno < dec->numcomps; ++compno, ++tcomp, ++cmpt) { ccp = &tile->cp->ccps[compno]; if (ccp->qmfbid == JPC_COX_INS) { tile->realmode = 1; } tcomp->numrlvls = ccp->numrlvls; if (!(tcomp->rlvls = jas_alloc2(tcomp->numrlvls, sizeof(jpc_dec_rlvl_t)))) { return -1; } if (!(tcomp->data = jas_seq2d_create(JPC_CEILDIV(tile->xstart, cmpt->hstep), JPC_CEILDIV(tile->ystart, cmpt->vstep), JPC_CEILDIV(tile->xend, cmpt->hstep), JPC_CEILDIV(tile->yend, cmpt->vstep)))) { return -1; } if (!(tcomp->tsfb = jpc_cod_gettsfb(ccp->qmfbid, tcomp->numrlvls - 1))) { return -1; } { jpc_tsfb_getbands(tcomp->tsfb, jas_seq2d_xstart(tcomp->data), jas_seq2d_ystart(tcomp->data), jas_seq2d_xend(tcomp->data), jas_seq2d_yend(tcomp->data), bnds); } for (rlvlno = 0, rlvl = tcomp->rlvls; rlvlno < tcomp->numrlvls; ++rlvlno, ++rlvl) { rlvl->bands = 0; rlvl->xstart = JPC_CEILDIVPOW2(tcomp->xstart, tcomp->numrlvls - 1 - rlvlno); rlvl->ystart = JPC_CEILDIVPOW2(tcomp->ystart, tcomp->numrlvls - 1 - rlvlno); rlvl->xend = JPC_CEILDIVPOW2(tcomp->xend, tcomp->numrlvls - 1 - rlvlno); rlvl->yend = JPC_CEILDIVPOW2(tcomp->yend, tcomp->numrlvls - 1 - rlvlno); rlvl->prcwidthexpn = ccp->prcwidthexpns[rlvlno]; rlvl->prcheightexpn = ccp->prcheightexpns[rlvlno]; tlprcxstart = JPC_FLOORDIVPOW2(rlvl->xstart, rlvl->prcwidthexpn) << rlvl->prcwidthexpn; tlprcystart = JPC_FLOORDIVPOW2(rlvl->ystart, rlvl->prcheightexpn) << rlvl->prcheightexpn; brprcxend = JPC_CEILDIVPOW2(rlvl->xend, rlvl->prcwidthexpn) << rlvl->prcwidthexpn; brprcyend = JPC_CEILDIVPOW2(rlvl->yend, rlvl->prcheightexpn) << rlvl->prcheightexpn; rlvl->numhprcs = (brprcxend - tlprcxstart) >> rlvl->prcwidthexpn; rlvl->numvprcs = (brprcyend - tlprcystart) >> rlvl->prcheightexpn; rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs; if (rlvl->xstart >= rlvl->xend || rlvl->ystart >= rlvl->yend) { rlvl->bands = 0; rlvl->numprcs = 0; rlvl->numhprcs = 0; rlvl->numvprcs = 0; continue; } if (!rlvlno) { tlcbgxstart = tlprcxstart; tlcbgystart = tlprcystart; brcbgxend = brprcxend; brcbgyend = brprcyend; rlvl->cbgwidthexpn = rlvl->prcwidthexpn; rlvl->cbgheightexpn = rlvl->prcheightexpn; } else { tlcbgxstart = JPC_CEILDIVPOW2(tlprcxstart, 1); tlcbgystart = JPC_CEILDIVPOW2(tlprcystart, 1); brcbgxend = JPC_CEILDIVPOW2(brprcxend, 1); brcbgyend = JPC_CEILDIVPOW2(brprcyend, 1); rlvl->cbgwidthexpn = rlvl->prcwidthexpn - 1; rlvl->cbgheightexpn = rlvl->prcheightexpn - 1; } rlvl->cblkwidthexpn = JAS_MIN(ccp->cblkwidthexpn, rlvl->cbgwidthexpn); rlvl->cblkheightexpn = JAS_MIN(ccp->cblkheightexpn, rlvl->cbgheightexpn); rlvl->numbands = (!rlvlno) ? 1 : 3; if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_dec_band_t)))) { return -1; } for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; ++bandno, ++band) { bndno = (!rlvlno) ? 0 : (3 * (rlvlno - 1) + bandno + 1); bnd = &bnds[bndno]; band->orient = bnd->orient; band->stepsize = ccp->stepsizes[bndno]; band->analgain = JPC_NOMINALGAIN(ccp->qmfbid, tcomp->numrlvls - 1, rlvlno, band->orient); band->absstepsize = jpc_calcabsstepsize(band->stepsize, cmpt->prec + band->analgain); band->numbps = ccp->numguardbits + JPC_QCX_GETEXPN(band->stepsize) - 1; band->roishift = (ccp->roishift + band->numbps >= JPC_PREC) ? (JPC_PREC - 1 - band->numbps) : ccp->roishift; band->data = 0; band->prcs = 0; if (bnd->xstart == bnd->xend || bnd->ystart == bnd->yend) { continue; } if (!(band->data = jas_seq2d_create(0, 0, 0, 0))) { return -1; } jas_seq2d_bindsub(band->data, tcomp->data, bnd->locxstart, bnd->locystart, bnd->locxend, bnd->locyend); jas_seq2d_setshift(band->data, bnd->xstart, bnd->ystart); assert(rlvl->numprcs); if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_dec_prc_t)))) { return -1; } cbgxstart = tlcbgxstart; cbgystart = tlcbgystart; for (prccnt = rlvl->numprcs, prc = band->prcs; prccnt > 0; --prccnt, ++prc) { cbgxend = cbgxstart + (1 << rlvl->cbgwidthexpn); cbgyend = cbgystart + (1 << rlvl->cbgheightexpn); prc->xstart = JAS_MAX(cbgxstart, JAS_CAST(uint_fast32_t, jas_seq2d_xstart(band->data))); prc->ystart = JAS_MAX(cbgystart, JAS_CAST(uint_fast32_t, jas_seq2d_ystart(band->data))); prc->xend = JAS_MIN(cbgxend, JAS_CAST(uint_fast32_t, jas_seq2d_xend(band->data))); prc->yend = JAS_MIN(cbgyend, JAS_CAST(uint_fast32_t, jas_seq2d_yend(band->data))); if (prc->xend > prc->xstart && prc->yend > prc->ystart) { tlcblkxstart = JPC_FLOORDIVPOW2(prc->xstart, rlvl->cblkwidthexpn) << rlvl->cblkwidthexpn; tlcblkystart = JPC_FLOORDIVPOW2(prc->ystart, rlvl->cblkheightexpn) << rlvl->cblkheightexpn; brcblkxend = JPC_CEILDIVPOW2(prc->xend, rlvl->cblkwidthexpn) << rlvl->cblkwidthexpn; brcblkyend = JPC_CEILDIVPOW2(prc->yend, rlvl->cblkheightexpn) << rlvl->cblkheightexpn; prc->numhcblks = (brcblkxend - tlcblkxstart) >> rlvl->cblkwidthexpn; prc->numvcblks = (brcblkyend - tlcblkystart) >> rlvl->cblkheightexpn; prc->numcblks = prc->numhcblks * prc->numvcblks; assert(prc->numcblks > 0); if (!(prc->incltagtree = jpc_tagtree_create(prc->numhcblks, prc->numvcblks))) { return -1; } if (!(prc->numimsbstagtree = jpc_tagtree_create(prc->numhcblks, prc->numvcblks))) { return -1; } if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_dec_cblk_t)))) { return -1; } cblkxstart = cbgxstart; cblkystart = cbgystart; for (cblkcnt = prc->numcblks, cblk = prc->cblks; cblkcnt > 0;) { cblkxend = cblkxstart + (1 << rlvl->cblkwidthexpn); cblkyend = cblkystart + (1 << rlvl->cblkheightexpn); tmpxstart = JAS_MAX(cblkxstart, prc->xstart); tmpystart = JAS_MAX(cblkystart, prc->ystart); tmpxend = JAS_MIN(cblkxend, prc->xend); tmpyend = JAS_MIN(cblkyend, prc->yend); if (tmpxend > tmpxstart && tmpyend > tmpystart) { cblk->firstpassno = -1; cblk->mqdec = 0; cblk->nulldec = 0; cblk->flags = 0; cblk->numpasses = 0; cblk->segs.head = 0; cblk->segs.tail = 0; cblk->curseg = 0; cblk->numimsbs = 0; cblk->numlenbits = 3; cblk->flags = 0; if (!(cblk->data = jas_seq2d_create(0, 0, 0, 0))) { return -1; } jas_seq2d_bindsub(cblk->data, band->data, tmpxstart, tmpystart, tmpxend, tmpyend); ++cblk; --cblkcnt; } cblkxstart += 1 << rlvl->cblkwidthexpn; if (cblkxstart >= cbgxend) { cblkxstart = cbgxstart; cblkystart += 1 << rlvl->cblkheightexpn; } } } else { prc->cblks = 0; prc->incltagtree = 0; prc->numimsbstagtree = 0; } cbgxstart += 1 << rlvl->cbgwidthexpn; if (cbgxstart >= brcbgxend) { cbgxstart = tlcbgxstart; cbgystart += 1 << rlvl->cbgheightexpn; } } } } } if (!(tile->pi = jpc_dec_pi_create(dec, tile))) { return -1; } for (pchgno = 0; pchgno < jpc_pchglist_numpchgs(tile->cp->pchglist); ++pchgno) { pchg = jpc_pchg_copy(jpc_pchglist_get(tile->cp->pchglist, pchgno)); assert(pchg); jpc_pi_addpchg(tile->pi, pchg); } jpc_pi_init(tile->pi); return 0; }",jasper,,,203119981486087989565626026308875898340,0 5095,['CWE-20'],"static unsigned long vmx_get_rflags(struct kvm_vcpu *vcpu) { return vmcs_readl(GUEST_RFLAGS); }",linux-2.6,,,301059796280145177256951985158094212357,0 386,[],"pfm_context_force_terminate(pfm_context_t *ctx, struct pt_regs *regs) { int ret; DPRINT((""entering for [%d]\n"", current->pid)); ret = pfm_context_unload(ctx, NULL, 0, regs); if (ret) { printk(KERN_ERR ""pfm_context_force_terminate: [%d] unloaded failed with %d\n"", current->pid, ret); } wake_up_interruptible(&ctx->ctx_zombieq); }",linux-2.6,,,164360250027120866978694206025742472939,0 2636,[],"static int sctp_getsockopt_adaptation_layer(struct sock *sk, int len, char __user *optval, int __user *optlen) { struct sctp_setadaptation adaptation; if (len < sizeof(struct sctp_setadaptation)) return -EINVAL; len = sizeof(struct sctp_setadaptation); adaptation.ssb_adaptation_ind = sctp_sk(sk)->adaptation_ind; if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &adaptation, len)) return -EFAULT; return 0; }",linux-2.6,,,84221179802655218966000578577999158102,0 2975,CWE-787,"cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, uint32_t offs, cdf_property_info_t **info, size_t *count, size_t *maxcount) { const cdf_section_header_t *shp; cdf_section_header_t sh; const uint8_t *p, *q, *e; size_t i, o4, nelements, j, slen, left; cdf_property_info_t *inp; if (offs > UINT32_MAX / 4) { errno = EFTYPE; goto out; } shp = CAST(const cdf_section_header_t *, cdf_offset(sst->sst_tab, offs)); if (cdf_check_stream_offset(sst, h, shp, sizeof(*shp), __LINE__) == -1) goto out; sh.sh_len = CDF_TOLE4(shp->sh_len); if (sh.sh_len > CDF_SHLEN_LIMIT) { errno = EFTYPE; goto out; } if (cdf_check_stream_offset(sst, h, shp, sh.sh_len, __LINE__) == -1) goto out; sh.sh_properties = CDF_TOLE4(shp->sh_properties); DPRINTF((""section len: %u properties %u\n"", sh.sh_len, sh.sh_properties)); if (sh.sh_properties > CDF_PROP_LIMIT) goto out; inp = cdf_grow_info(info, maxcount, sh.sh_properties); if (inp == NULL) goto out; inp += *count; *count += sh.sh_properties; p = CAST(const uint8_t *, cdf_offset(sst->sst_tab, offs + sizeof(sh))); e = CAST(const uint8_t *, cdf_offset(shp, sh.sh_len)); if (p >= e || cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) goto out; for (i = 0; i < sh.sh_properties; i++) { if ((q = cdf_get_property_info_pos(sst, h, p, e, i)) == NULL) goto out; inp[i].pi_id = CDF_GETUINT32(p, i << 1); left = CAST(size_t, e - q); if (left < sizeof(uint32_t)) { DPRINTF((""short info (no type)_\n"")); goto out; } inp[i].pi_type = CDF_GETUINT32(q, 0); DPRINTF((""%"" SIZE_T_FORMAT ""u) id=%#x type=%#x offs=%#tx,%#x\n"", i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); if (inp[i].pi_type & CDF_VECTOR) { if (left < sizeof(uint32_t) * 2) { DPRINTF((""missing CDF_VECTOR length\n"")); goto out; } nelements = CDF_GETUINT32(q, 1); if (nelements == 0) { DPRINTF((""CDF_VECTOR with nelements == 0\n"")); goto out; } slen = 2; } else { nelements = 1; slen = 1; } o4 = slen * sizeof(uint32_t); if (inp[i].pi_type & (CDF_ARRAY|CDF_BYREF|CDF_RESERVED)) goto unknown; switch (inp[i].pi_type & CDF_TYPEMASK) { case CDF_NULL: case CDF_EMPTY: break; case CDF_SIGNED16: if (!cdf_copy_info(&inp[i], &q[o4], e, sizeof(int16_t))) goto unknown; break; case CDF_SIGNED32: case CDF_BOOL: case CDF_UNSIGNED32: case CDF_FLOAT: if (!cdf_copy_info(&inp[i], &q[o4], e, sizeof(int32_t))) goto unknown; break; case CDF_SIGNED64: case CDF_UNSIGNED64: case CDF_DOUBLE: case CDF_FILETIME: if (!cdf_copy_info(&inp[i], &q[o4], e, sizeof(int64_t))) goto unknown; break; case CDF_LENGTH32_STRING: case CDF_LENGTH32_WSTRING: if (nelements > 1) { size_t nelem = inp - *info; inp = cdf_grow_info(info, maxcount, nelements); if (inp == NULL) goto out; inp += nelem; } DPRINTF((""nelements = %"" SIZE_T_FORMAT ""u\n"", nelements)); for (j = 0; j < nelements && i < sh.sh_properties; j++, i++) { uint32_t l; if (o4 + sizeof(uint32_t) > left) goto out; l = CDF_GETUINT32(q, slen); o4 += sizeof(uint32_t); if (o4 + l > left) goto out; inp[i].pi_str.s_len = l; inp[i].pi_str.s_buf = CAST(const char *, CAST(const void *, &q[o4])); DPRINTF((""o=%"" SIZE_T_FORMAT ""u l=%d(%"" SIZE_T_FORMAT ""u), t=%"" SIZE_T_FORMAT ""u s=%s\n"", o4, l, CDF_ROUND(l, sizeof(l)), left, inp[i].pi_str.s_buf)); if (l & 1) l++; slen += l >> 1; o4 = slen * sizeof(uint32_t); } i--; break; case CDF_CLIPBOARD: if (inp[i].pi_type & CDF_VECTOR) goto unknown; break; default: unknown: memset(&inp[i].pi_val, 0, sizeof(inp[i].pi_val)); DPRINTF((""Don't know how to deal with %#x\n"", inp[i].pi_type)); break; } } return 0; out: free(*info); *info = NULL; *count = 0; *maxcount = 0; errno = EFTYPE; return -1; }",visit repo url,src/cdf.c,https://github.com/file/file,39800492355084,1 3648,CWE-119,"CAMLprim value caml_alloc_dummy(value size) { mlsize_t wosize = Int_val(size); if (wosize == 0) return Atom(0); return caml_alloc (wosize, 0); }",visit repo url,byterun/alloc.c,https://github.com/ocaml/ocaml,244407536202463,1 4097,CWE-835,"setup_connection (GsmXSMPClient *client) { GIOChannel *channel; int fd; g_debug (""GsmXSMPClient: Setting up new connection""); fd = IceConnectionNumber (client->priv->ice_connection); fcntl (fd, F_SETFD, fcntl (fd, F_GETFD, 0) | FD_CLOEXEC); channel = g_io_channel_unix_new (fd); client->priv->watch_id = g_io_add_watch (channel, G_IO_IN | G_IO_ERR, (GIOFunc)client_iochannel_watch, client); g_io_channel_unref (channel); client->priv->protocol_timeout = g_timeout_add_seconds (5, (GSourceFunc)_client_protocol_timeout, client); set_description (client); g_debug (""GsmXSMPClient: New client '%s'"", client->priv->description); }",visit repo url,gnome-session/gsm-xsmp-client.c,https://github.com/GNOME/gnome-session,256886499823876,1 2289,CWE-119,"static int futex_wait(u32 __user *uaddr, int fshared, u32 val, ktime_t *abs_time, u32 bitset, int clockrt) { struct hrtimer_sleeper timeout, *to = NULL; struct restart_block *restart; struct futex_hash_bucket *hb; struct futex_q q; int ret; if (!bitset) return -EINVAL; q.pi_state = NULL; q.bitset = bitset; q.rt_waiter = NULL; q.requeue_pi_key = NULL; if (abs_time) { to = &timeout; hrtimer_init_on_stack(&to->timer, clockrt ? CLOCK_REALTIME : CLOCK_MONOTONIC, HRTIMER_MODE_ABS); hrtimer_init_sleeper(to, current); hrtimer_set_expires_range_ns(&to->timer, *abs_time, current->timer_slack_ns); } retry: ret = futex_wait_setup(uaddr, val, fshared, &q, &hb); if (ret) goto out; futex_wait_queue_me(hb, &q, to); ret = 0; if (!unqueue_me(&q)) goto out_put_key; ret = -ETIMEDOUT; if (to && !to->task) goto out_put_key; if (!signal_pending(current)) { put_futex_key(fshared, &q.key); goto retry; } ret = -ERESTARTSYS; if (!abs_time) goto out_put_key; restart = ¤t_thread_info()->restart_block; restart->fn = futex_wait_restart; restart->futex.uaddr = (u32 *)uaddr; restart->futex.val = val; restart->futex.time = abs_time->tv64; restart->futex.bitset = bitset; restart->futex.flags = FLAGS_HAS_TIMEOUT; if (fshared) restart->futex.flags |= FLAGS_SHARED; if (clockrt) restart->futex.flags |= FLAGS_CLOCKRT; ret = -ERESTART_RESTARTBLOCK; out_put_key: put_futex_key(fshared, &q.key); out: if (to) { hrtimer_cancel(&to->timer); destroy_hrtimer_on_stack(&to->timer); } return ret; }",visit repo url,kernel/futex.c,https://github.com/torvalds/linux,66361031029152,1 2630,[],"SCTP_STATIC int sctp_bind(struct sock *sk, struct sockaddr *addr, int addr_len) { int retval = 0; sctp_lock_sock(sk); SCTP_DEBUG_PRINTK(""sctp_bind(sk: %p, addr: %p, addr_len: %d)\n"", sk, addr, addr_len); if (!sctp_sk(sk)->ep->base.bind_addr.port) retval = sctp_do_bind(sk, (union sctp_addr *)addr, addr_len); else retval = -EINVAL; sctp_release_sock(sk); return retval; }",linux-2.6,,,73605428309697690395963633445171827622,0 6026,['CWE-200'],"static __inline__ int cbq_dump_rate(struct sk_buff *skb, struct cbq_class *cl) { unsigned char *b = skb->tail; RTA_PUT(skb, TCA_CBQ_RATE, sizeof(cl->R_tab->rate), &cl->R_tab->rate); return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,316109528916866897081201382600366789041,0 3856,[],"int cap_netlink_recv(struct sk_buff *skb, int cap) { if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) return -EPERM; return 0; }",linux-2.6,,,160462207379451515589661585076359187049,0 6584,CWE-787,"sonmp_decode(struct lldpd *cfg, char *frame, int s, struct lldpd_hardware *hardware, struct lldpd_chassis **newchassis, struct lldpd_port **newport) { const u_int8_t mcastaddr[] = SONMP_MULTICAST_ADDR; struct lldpd_chassis *chassis; struct lldpd_port *port; struct lldpd_mgmt *mgmt; int length, i; u_int8_t *pos; u_int8_t seg[3], rchassis; struct in_addr address; log_debug(""sonmp"", ""decode SONMP PDU from %s"", hardware->h_ifname); if ((chassis = calloc(1, sizeof(struct lldpd_chassis))) == NULL) { log_warn(""sonmp"", ""failed to allocate remote chassis""); return -1; } TAILQ_INIT(&chassis->c_mgmt); if ((port = calloc(1, sizeof(struct lldpd_port))) == NULL) { log_warn(""sonmp"", ""failed to allocate remote port""); free(chassis); return -1; } #ifdef ENABLE_DOT1 TAILQ_INIT(&port->p_vlans); #endif length = s; pos = (u_int8_t*)frame; if (length < SONMP_SIZE) { log_warnx(""sonmp"", ""too short SONMP frame received on %s"", hardware->h_ifname); goto malformed; } if (PEEK_CMP(mcastaddr, sizeof(mcastaddr)) != 0) goto malformed; PEEK_DISCARD(ETHER_ADDR_LEN); PEEK_DISCARD_UINT16; PEEK_DISCARD(6); if (PEEK_UINT16 != LLC_PID_SONMP_HELLO) { log_debug(""sonmp"", ""incorrect LLC protocol ID received for SONMP on %s"", hardware->h_ifname); goto malformed; } chassis->c_id_subtype = LLDP_CHASSISID_SUBTYPE_ADDR; if ((chassis->c_id = calloc(1, sizeof(struct in_addr) + 1)) == NULL) { log_warn(""sonmp"", ""unable to allocate memory for chassis id on %s"", hardware->h_ifname); goto malformed; } chassis->c_id_len = sizeof(struct in_addr) + 1; chassis->c_id[0] = 1; PEEK_BYTES(&address, sizeof(struct in_addr)); memcpy(chassis->c_id + 1, &address, sizeof(struct in_addr)); if (asprintf(&chassis->c_name, ""%s"", inet_ntoa(address)) == -1) { log_warnx(""sonmp"", ""unable to write chassis name for %s"", hardware->h_ifname); goto malformed; } PEEK_BYTES(seg, sizeof(seg)); rchassis = PEEK_UINT8; for (i=0; sonmp_chassis_types[i].type != 0; i++) { if (sonmp_chassis_types[i].type == rchassis) break; } if (asprintf(&chassis->c_descr, ""%s"", sonmp_chassis_types[i].description) == -1) { log_warnx(""sonmp"", ""unable to write chassis description for %s"", hardware->h_ifname); goto malformed; } mgmt = lldpd_alloc_mgmt(LLDPD_AF_IPV4, &address, sizeof(struct in_addr), 0); if (mgmt == NULL) { if (errno == ENOMEM) log_warn(""sonmp"", ""unable to allocate memory for management address""); else log_warn(""sonmp"", ""too large management address received on %s"", hardware->h_ifname); goto malformed; } TAILQ_INSERT_TAIL(&chassis->c_mgmt, mgmt, m_entries); port->p_ttl = cfg?(cfg->g_config.c_tx_interval * cfg->g_config.c_tx_hold): LLDPD_TTL; port->p_ttl = (port->p_ttl + 999) / 1000; port->p_id_subtype = LLDP_PORTID_SUBTYPE_LOCAL; if (asprintf(&port->p_id, ""%02x-%02x-%02x"", seg[0], seg[1], seg[2]) == -1) { log_warn(""sonmp"", ""unable to allocate memory for port id on %s"", hardware->h_ifname); goto malformed; } port->p_id_len = strlen(port->p_id); if ((seg[0] == 0) && (seg[1] == 0)) { if (asprintf(&port->p_descr, ""port %d"", seg[2]) == -1) { log_warnx(""sonmp"", ""unable to write port description for %s"", hardware->h_ifname); goto malformed; } } else if (seg[0] == 0) { if (asprintf(&port->p_descr, ""port %d/%d"", seg[1], seg[2]) == -1) { log_warnx(""sonmp"", ""unable to write port description for %s"", hardware->h_ifname); goto malformed; } } else { if (asprintf(&port->p_descr, ""port %x:%x:%x"", seg[0], seg[1], seg[2]) == -1) { log_warnx(""sonmp"", ""unable to write port description for %s"", hardware->h_ifname); goto malformed; } } *newchassis = chassis; *newport = port; return 1; malformed: lldpd_chassis_cleanup(chassis, 1); lldpd_port_cleanup(port, 1); free(port); return -1; }",visit repo url,src/daemon/protocols/sonmp.c,https://github.com/lldpd/lldpd,122250787947623,1 6251,['CWE-200'],"void neigh_parms_destroy(struct neigh_parms *parms) { kfree(parms); }",linux-2.6,,,131460733016856761441253688088475530545,0 3103,['CWE-189'],"static void jp2_cmap_dumpdata(jp2_box_t *box, FILE *out) { jp2_cmap_t *cmap = &box->data.cmap; unsigned int i; jp2_cmapent_t *ent; fprintf(out, ""numchans = %d\n"", (int) cmap->numchans); for (i = 0; i < cmap->numchans; ++i) { ent = &cmap->ents[i]; fprintf(out, ""cmptno=%d; map=%d; pcol=%d\n"", (int) ent->cmptno, (int) ent->map, (int) ent->pcol); } }",jasper,,,264518564049353661488145241518454187032,0 3311,CWE-119,"header_put_le_short (SF_PRIVATE *psf, int x) { if (psf->headindex < SIGNED_SIZEOF (psf->header) - 2) { psf->header [psf->headindex++] = x ; psf->header [psf->headindex++] = (x >> 8) ; } ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,101177631488792,1 1088,CWE-665,"static int br_parse_ip_options(struct sk_buff *skb) { struct ip_options *opt; struct iphdr *iph; struct net_device *dev = skb->dev; u32 len; iph = ip_hdr(skb); opt = &(IPCB(skb)->opt); if (iph->ihl < 5 || iph->version != 4) goto inhdr_error; if (!pskb_may_pull(skb, iph->ihl*4)) goto inhdr_error; iph = ip_hdr(skb); if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) goto inhdr_error; len = ntohs(iph->tot_len); if (skb->len < len) { IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INTRUNCATEDPKTS); goto drop; } else if (len < (iph->ihl*4)) goto inhdr_error; if (pskb_trim_rcsum(skb, len)) { IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS); goto drop; } if (iph->ihl == 5) { memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); return 0; } opt->optlen = iph->ihl*4 - sizeof(struct iphdr); if (ip_options_compile(dev_net(dev), opt, skb)) goto inhdr_error; if (unlikely(opt->srr)) { struct in_device *in_dev = __in_dev_get_rcu(dev); if (in_dev && !IN_DEV_SOURCE_ROUTE(in_dev)) goto drop; if (ip_options_rcv_srr(skb)) goto drop; } return 0; inhdr_error: IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INHDRERRORS); drop: return -1; }",visit repo url,net/bridge/br_netfilter.c,https://github.com/torvalds/linux,197972607347598,1 4272,CWE-416,"R_API bool r_crbtree_insert(RRBTree *tree, void *data, RRBComparator cmp, void *user) { r_return_val_if_fail (tree && data && cmp, false); bool inserted = false; if (tree->root == NULL) { tree->root = _node_new (data, NULL); if (tree->root == NULL) { return false; } inserted = true; goto out_exit; } RRBNode head; memset (&head, 0, sizeof (RRBNode)); RRBNode *g = NULL, *parent = &head; RRBNode *p = NULL, *q = tree->root; int dir = 0, last = 0; _set_link (parent, q, 1); for (;;) { if (!q) { q = _node_new (data, p); if (!q) { return false; } p->link[dir] = q; inserted = true; } else if (IS_RED (q->link[0]) && IS_RED (q->link[1])) { q->red = 1; q->link[0]->red = 0; q->link[1]->red = 0; } if (IS_RED (q) && IS_RED (p)) { #if 0 if (!parent) { return false; } #endif int dir2 = parent->link[1] == g; if (q == p->link[last]) { _set_link (parent, _rot_once (g, !last), dir2); } else { _set_link (parent, _rot_twice (g, !last), dir2); } } if (inserted) { break; } last = dir; dir = cmp (data, q->data, user) >= 0; if (g) { parent = g; } g = p; p = q; q = q->link[dir]; } tree->root = head.link[1]; out_exit: tree->root->red = 0; tree->root->parent = NULL; if (inserted) { tree->size++; } return inserted; }",visit repo url,libr/util/new_rbtree.c,https://github.com/radareorg/radare2,152912075329255,1 1419,[],"static void __enqueue_entity(struct cfs_rq *cfs_rq, struct sched_entity *se) { struct rb_node **link = &cfs_rq->tasks_timeline.rb_node; struct rb_node *parent = NULL; struct sched_entity *entry; s64 key = entity_key(cfs_rq, se); int leftmost = 1; while (*link) { parent = *link; entry = rb_entry(parent, struct sched_entity, run_node); if (key < entity_key(cfs_rq, entry)) { link = &parent->rb_left; } else { link = &parent->rb_right; leftmost = 0; } } if (leftmost) { cfs_rq->rb_leftmost = &se->run_node; cfs_rq->min_vruntime = max_vruntime(cfs_rq->min_vruntime, se->vruntime); } rb_link_node(&se->run_node, parent, link); rb_insert_color(&se->run_node, &cfs_rq->tasks_timeline); }",linux-2.6,,,205023021219808255451830111311309529268,0 2748,CWE-416," */ static int wddx_stack_destroy(wddx_stack *stack) { register int i; if (stack->elements) { for (i = 0; i < stack->top; i++) { if (((st_entry *)stack->elements[i])->data) { zval_ptr_dtor(&((st_entry *)stack->elements[i])->data); } if (((st_entry *)stack->elements[i])->varname) { efree(((st_entry *)stack->elements[i])->varname); } efree(stack->elements[i]); } efree(stack->elements); } return SUCCESS;",visit repo url,ext/wddx/wddx.c,https://github.com/php/php-src,163074844321474,1 1880,CWE-824,"static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data_size) { struct l2cap_conf_rsp *rsp = data; void *ptr = rsp->data; void *endptr = data + data_size; void *req = chan->conf_req; int len = chan->conf_len; int type, hint, olen; unsigned long val; struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; struct l2cap_conf_efs efs; u8 remote_efs = 0; u16 mtu = L2CAP_DEFAULT_MTU; u16 result = L2CAP_CONF_SUCCESS; u16 size; BT_DBG(""chan %p"", chan); while (len >= L2CAP_CONF_OPT_SIZE) { len -= l2cap_get_conf_opt(&req, &type, &olen, &val); if (len < 0) break; hint = type & L2CAP_CONF_HINT; type &= L2CAP_CONF_MASK; switch (type) { case L2CAP_CONF_MTU: if (olen != 2) break; mtu = val; break; case L2CAP_CONF_FLUSH_TO: if (olen != 2) break; chan->flush_to = val; break; case L2CAP_CONF_QOS: break; case L2CAP_CONF_RFC: if (olen != sizeof(rfc)) break; memcpy(&rfc, (void *) val, olen); break; case L2CAP_CONF_FCS: if (olen != 1) break; if (val == L2CAP_FCS_NONE) set_bit(CONF_RECV_NO_FCS, &chan->conf_state); break; case L2CAP_CONF_EFS: if (olen != sizeof(efs)) break; remote_efs = 1; memcpy(&efs, (void *) val, olen); break; case L2CAP_CONF_EWS: if (olen != 2) break; if (!(chan->conn->local_fixed_chan & L2CAP_FC_A2MP)) return -ECONNREFUSED; set_bit(FLAG_EXT_CTRL, &chan->flags); set_bit(CONF_EWS_RECV, &chan->conf_state); chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW; chan->remote_tx_win = val; break; default: if (hint) break; result = L2CAP_CONF_UNKNOWN; l2cap_add_conf_opt(&ptr, (u8)type, sizeof(u8), type, endptr - ptr); break; } } if (chan->num_conf_rsp || chan->num_conf_req > 1) goto done; switch (chan->mode) { case L2CAP_MODE_STREAMING: case L2CAP_MODE_ERTM: if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) { chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask); break; } if (remote_efs) { if (__l2cap_efs_supported(chan->conn)) set_bit(FLAG_EFS_ENABLE, &chan->flags); else return -ECONNREFUSED; } if (chan->mode != rfc.mode) return -ECONNREFUSED; break; } done: if (chan->mode != rfc.mode) { result = L2CAP_CONF_UNACCEPT; rfc.mode = chan->mode; if (chan->num_conf_rsp == 1) return -ECONNREFUSED; l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), (unsigned long) &rfc, endptr - ptr); } if (result == L2CAP_CONF_SUCCESS) { if (mtu < L2CAP_DEFAULT_MIN_MTU) result = L2CAP_CONF_UNACCEPT; else { chan->omtu = mtu; set_bit(CONF_MTU_DONE, &chan->conf_state); } l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu, endptr - ptr); if (remote_efs) { if (chan->local_stype != L2CAP_SERV_NOTRAFIC && efs.stype != L2CAP_SERV_NOTRAFIC && efs.stype != chan->local_stype) { result = L2CAP_CONF_UNACCEPT; if (chan->num_conf_req >= 1) return -ECONNREFUSED; l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs, endptr - ptr); } else { result = L2CAP_CONF_PENDING; set_bit(CONF_LOC_CONF_PEND, &chan->conf_state); } } switch (rfc.mode) { case L2CAP_MODE_BASIC: chan->fcs = L2CAP_FCS_NONE; set_bit(CONF_MODE_DONE, &chan->conf_state); break; case L2CAP_MODE_ERTM: if (!test_bit(CONF_EWS_RECV, &chan->conf_state)) chan->remote_tx_win = rfc.txwin_size; else rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW; chan->remote_max_tx = rfc.max_transmit; size = min_t(u16, le16_to_cpu(rfc.max_pdu_size), chan->conn->mtu - L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE); rfc.max_pdu_size = cpu_to_le16(size); chan->remote_mps = size; __l2cap_set_ertm_timeouts(chan, &rfc); set_bit(CONF_MODE_DONE, &chan->conf_state); l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), (unsigned long) &rfc, endptr - ptr); if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { chan->remote_id = efs.id; chan->remote_stype = efs.stype; chan->remote_msdu = le16_to_cpu(efs.msdu); chan->remote_flush_to = le32_to_cpu(efs.flush_to); chan->remote_acc_lat = le32_to_cpu(efs.acc_lat); chan->remote_sdu_itime = le32_to_cpu(efs.sdu_itime); l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs, endptr - ptr); } break; case L2CAP_MODE_STREAMING: size = min_t(u16, le16_to_cpu(rfc.max_pdu_size), chan->conn->mtu - L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE); rfc.max_pdu_size = cpu_to_le16(size); chan->remote_mps = size; set_bit(CONF_MODE_DONE, &chan->conf_state); l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc), (unsigned long) &rfc, endptr - ptr); break; default: result = L2CAP_CONF_UNACCEPT; memset(&rfc, 0, sizeof(rfc)); rfc.mode = chan->mode; } if (result == L2CAP_CONF_SUCCESS) set_bit(CONF_OUTPUT_DONE, &chan->conf_state); } rsp->scid = cpu_to_le16(chan->dcid); rsp->result = cpu_to_le16(result); rsp->flags = cpu_to_le16(0); return ptr - data; }",visit repo url,net/bluetooth/l2cap_core.c,https://github.com/torvalds/linux,245531149454791,1 4162,['CWE-399'],"void avahi_server_decrease_host_rr_pending(AvahiServer *s) { assert(s); assert(s->n_host_rr_pending > 0); if (--s->n_host_rr_pending == 0) server_set_state(s, AVAHI_SERVER_RUNNING); }",avahi,,,7645926274948215260490634803403383047,0 3769,CWE-119,"void queue_push(register Queue *qp, size_t extra_length, char const *info) { register char *cp; size_t memory_length; size_t available_length; size_t begin_length; size_t n_begin; size_t q_length; if (!extra_length) return; memory_length = qp->d_memory_end - qp->d_memory; q_length = qp->d_read <= qp->d_write ? (size_t)(qp->d_write - qp->d_read) : memory_length - (qp->d_read - qp->d_write); available_length = memory_length - q_length - 1; if (message_show(MSG_INFO)) message(""push_front %u bytes in `%s'"", (unsigned)extra_length, info); if (extra_length > available_length) { memory_length += extra_length - available_length + BLOCK_QUEUE; cp = new_memory(memory_length, sizeof(char)); if (message_show(MSG_INFO)) message(""Reallocating queue at %p to %p"", qp->d_memory, cp); if (qp->d_read > qp->d_write) { size_t tail_len = qp->d_memory_end - qp->d_read; memcpy(cp, qp->d_read, tail_len); memcpy(cp + tail_len, qp->d_memory, (size_t)(qp->d_write - qp->d_memory)); qp->d_write = cp + q_length; qp->d_read = cp; } else { memcpy(cp, qp->d_memory, memory_length); qp->d_read = cp + (qp->d_read - qp->d_memory); qp->d_write = cp + (qp->d_write - qp->d_memory); } free(qp->d_memory); qp->d_memory_end = cp + memory_length; qp->d_memory = cp; } begin_length = qp->d_read - qp->d_memory; n_begin = extra_length <= begin_length ? extra_length : begin_length; memcpy ( qp->d_read -= n_begin, info + extra_length - n_begin, n_begin ); if (extra_length > begin_length) { extra_length -= begin_length; memcpy ( qp->d_read = qp->d_memory_end - extra_length, info, extra_length ); } }",visit repo url,yodl/src/queue/queuepush.c,https://github.com/fbb-git/yodl,171622540407334,1 2208,NVD-CWE-noinfo,"static struct nfs4_state *nfs4_opendata_to_nfs4_state(struct nfs4_opendata *data) { struct inode *inode; struct nfs4_state *state = NULL; struct nfs_delegation *delegation; int ret; if (!data->rpc_done) { state = nfs4_try_open_cached(data); goto out; } ret = -EAGAIN; if (!(data->f_attr.valid & NFS_ATTR_FATTR)) goto err; inode = nfs_fhget(data->dir->d_sb, &data->o_res.fh, &data->f_attr); ret = PTR_ERR(inode); if (IS_ERR(inode)) goto err; ret = -ENOMEM; state = nfs4_get_open_state(inode, data->owner); if (state == NULL) goto err_put_inode; if (data->o_res.delegation_type != 0) { int delegation_flags = 0; rcu_read_lock(); delegation = rcu_dereference(NFS_I(inode)->delegation); if (delegation) delegation_flags = delegation->flags; rcu_read_unlock(); if ((delegation_flags & 1UL<inode, data->owner->so_cred, &data->o_res); else nfs_inode_reclaim_delegation(state->inode, data->owner->so_cred, &data->o_res); } update_open_stateid(state, &data->o_res.stateid, NULL, data->o_arg.open_flags); iput(inode); out: return state; err_put_inode: iput(inode); err: return ERR_PTR(ret); }",visit repo url,fs/nfs/nfs4proc.c,https://github.com/torvalds/linux,104632286301636,1 1529,[],"static inline int task_current(struct rq *rq, struct task_struct *p) { return rq->curr == p; }",linux-2.6,,,278162951973578027016984635501296555135,0 883,['CWE-200'],"static inline int shmem_acct_size(unsigned long flags, loff_t size) { return (flags & VM_ACCOUNT)? security_vm_enough_memory(VM_ACCT(size)): 0; }",linux-2.6,,,175976856095189567098716403137420389381,0 5373,['CWE-476'],"int emulate_instruction(struct kvm_vcpu *vcpu, struct kvm_run *run, unsigned long cr2, u16 error_code, int emulation_type) { int r; struct decode_cache *c; kvm_clear_exception_queue(vcpu); vcpu->arch.mmio_fault_cr2 = cr2; cache_all_regs(vcpu); vcpu->mmio_is_write = 0; vcpu->arch.pio.string = 0; if (!(emulation_type & EMULTYPE_NO_DECODE)) { int cs_db, cs_l; kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l); vcpu->arch.emulate_ctxt.vcpu = vcpu; vcpu->arch.emulate_ctxt.eflags = kvm_x86_ops->get_rflags(vcpu); vcpu->arch.emulate_ctxt.mode = (vcpu->arch.emulate_ctxt.eflags & X86_EFLAGS_VM) ? X86EMUL_MODE_REAL : cs_l ? X86EMUL_MODE_PROT64 : cs_db ? X86EMUL_MODE_PROT32 : X86EMUL_MODE_PROT16; r = x86_decode_insn(&vcpu->arch.emulate_ctxt, &emulate_ops); c = &vcpu->arch.emulate_ctxt.decode; if ((emulation_type & EMULTYPE_TRAP_UD) && (!(c->twobyte && c->b == 0x01 && (c->modrm_reg == 0 || c->modrm_reg == 3) && c->modrm_mod == 3 && c->modrm_rm == 1))) return EMULATE_FAIL; ++vcpu->stat.insn_emulation; if (r) { ++vcpu->stat.insn_emulation_fail; if (kvm_mmu_unprotect_page_virt(vcpu, cr2)) return EMULATE_DONE; return EMULATE_FAIL; } } if (emulation_type & EMULTYPE_SKIP) { kvm_rip_write(vcpu, vcpu->arch.emulate_ctxt.decode.eip); return EMULATE_DONE; } r = x86_emulate_insn(&vcpu->arch.emulate_ctxt, &emulate_ops); if (vcpu->arch.pio.string) return EMULATE_DO_MMIO; if ((r || vcpu->mmio_is_write) && run) { run->exit_reason = KVM_EXIT_MMIO; run->mmio.phys_addr = vcpu->mmio_phys_addr; memcpy(run->mmio.data, vcpu->mmio_data, 8); run->mmio.len = vcpu->mmio_size; run->mmio.is_write = vcpu->mmio_is_write; } if (r) { if (kvm_mmu_unprotect_page_virt(vcpu, cr2)) return EMULATE_DONE; if (!vcpu->mmio_needed) { kvm_report_emulation_failure(vcpu, ""mmio""); return EMULATE_FAIL; } return EMULATE_DO_MMIO; } kvm_x86_ops->set_rflags(vcpu, vcpu->arch.emulate_ctxt.eflags); if (vcpu->mmio_is_write) { vcpu->mmio_needed = 0; return EMULATE_DO_MMIO; } return EMULATE_DONE; }",linux-2.6,,,290842832152860975109547380536075940184,0 856,['CWE-119'],"isdn_getnum(char **p) { int v = -1; while (*p[0] >= '0' && *p[0] <= '9') v = ((v < 0) ? 0 : (v * 10)) + (int) ((*p[0]++) - '0'); return v; }",linux-2.6,,,277668957077830720168878176356564900613,0 6043,['CWE-200'],"int addrconf_add_ifaddr(void __user *arg) { struct in6_ifreq ireq; int err; if (!capable(CAP_NET_ADMIN)) return -EPERM; if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq))) return -EFAULT; rtnl_lock(); err = inet6_addr_add(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen); rtnl_unlock(); return err; }",linux-2.6,,,94307120488950464045602127258196100665,0 4522,['CWE-20'],"int ext4_orphan_add(handle_t *handle, struct inode *inode) { struct super_block *sb = inode->i_sb; struct ext4_iloc iloc; int err = 0, rc; if (!ext4_handle_valid(handle)) return 0; lock_super(sb); if (!list_empty(&EXT4_I(inode)->i_orphan)) goto out_unlock; J_ASSERT((S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) || inode->i_nlink == 0); BUFFER_TRACE(EXT4_SB(sb)->s_sbh, ""get_write_access""); err = ext4_journal_get_write_access(handle, EXT4_SB(sb)->s_sbh); if (err) goto out_unlock; err = ext4_reserve_inode_write(handle, inode, &iloc); if (err) goto out_unlock; NEXT_ORPHAN(inode) = le32_to_cpu(EXT4_SB(sb)->s_es->s_last_orphan); EXT4_SB(sb)->s_es->s_last_orphan = cpu_to_le32(inode->i_ino); err = ext4_handle_dirty_metadata(handle, inode, EXT4_SB(sb)->s_sbh); rc = ext4_mark_iloc_dirty(handle, inode, &iloc); if (!err) err = rc; if (!err) list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan); jbd_debug(4, ""superblock will point to %lu\n"", inode->i_ino); jbd_debug(4, ""orphan inode %lu will point to %d\n"", inode->i_ino, NEXT_ORPHAN(inode)); out_unlock: unlock_super(sb); ext4_std_error(inode->i_sb, err); return err; }",linux-2.6,,,235496625730878293051014114223151075268,0 2404,['CWE-119'],"static void mark_merge_entries(void) { int i; for (i = 0; i < active_nr; i++) { struct cache_entry *ce = active_cache[i]; if (!ce_stage(ce)) continue; ce->ce_flags |= CE_STAGEMASK; } }",git,,,205511767295591243846774585655373731425,0 3141,['CWE-189'],"static void jas_image_calcbbox2(jas_image_t *image, jas_image_coord_t *tlx, jas_image_coord_t *tly, jas_image_coord_t *brx, jas_image_coord_t *bry) { jas_image_cmpt_t *cmpt; jas_image_coord_t tmptlx; jas_image_coord_t tmptly; jas_image_coord_t tmpbrx; jas_image_coord_t tmpbry; jas_image_coord_t t; int i; if (image->numcmpts_ > 0) { cmpt = image->cmpts_[0]; tmptlx = cmpt->tlx_; tmptly = cmpt->tly_; tmpbrx = cmpt->tlx_ + cmpt->hstep_ * (cmpt->width_ - 1); tmpbry = cmpt->tly_ + cmpt->vstep_ * (cmpt->height_ - 1); for (i = 0; i < image->numcmpts_; ++i) { cmpt = image->cmpts_[i]; if (cmpt->tlx_ < tmptlx) tmptlx = cmpt->tlx_; if (cmpt->tly_ < tmptly) tmptly = cmpt->tly_; t = cmpt->tlx_ + cmpt->hstep_ * (cmpt->width_ - 1); if (t > tmpbrx) tmpbrx = t; t = cmpt->tly_ + cmpt->vstep_ * (cmpt->height_ - 1); if (t > tmpbry) tmpbry = t; } } else { tmptlx = 0; tmptly = 0; tmpbrx = -1; tmpbry = -1; } *tlx = tmptlx; *tly = tmptly; *brx = tmpbrx; *bry = tmpbry; }",jasper,,,233195020940518976573886827154457444034,0 1493,[],"void sched_show_task(struct task_struct *p) { unsigned long free = 0; unsigned state; state = p->state ? __ffs(p->state) + 1 : 0; printk(KERN_INFO ""%-13.13s %c"", p->comm, state < sizeof(stat_nam) - 1 ? stat_nam[state] : '?'); #if BITS_PER_LONG == 32 if (state == TASK_RUNNING) printk(KERN_CONT "" running ""); else printk(KERN_CONT "" %08lx "", thread_saved_pc(p)); #else if (state == TASK_RUNNING) printk(KERN_CONT "" running task ""); else printk(KERN_CONT "" %016lx "", thread_saved_pc(p)); #endif #ifdef CONFIG_DEBUG_STACK_USAGE { unsigned long *n = end_of_stack(p); while (!*n) n++; free = (unsigned long)n - (unsigned long)end_of_stack(p); } #endif printk(KERN_CONT ""%5lu %5d %6d\n"", free, task_pid_nr(p), task_pid_nr(p->real_parent)); show_stack(p, NULL); }",linux-2.6,,,196742444783899974736763167920382242587,0 4789,CWE-415,"static int tcos_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { sc_context_t *ctx; sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; unsigned int i; int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x04); switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) return SC_ERROR_INVALID_ARGUMENTS; case SC_PATH_TYPE_FROM_CURRENT: apdu.p1 = 9; break; case SC_PATH_TYPE_DF_NAME: apdu.p1 = 4; break; case SC_PATH_TYPE_PATH: apdu.p1 = 8; if (pathlen >= 2 && memcmp(path, ""\x3F\x00"", 2) == 0) path += 2, pathlen -= 2; if (pathlen == 0) apdu.p1 = 0; break; case SC_PATH_TYPE_PARENT: apdu.p1 = 3; pathlen = 0; break; default: SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; apdu.lc = pathlen; apdu.data = path; apdu.datalen = pathlen; if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); apdu.le = 256; } else { apdu.resplen = 0; apdu.le = 0; apdu.p2 = 0x0C; apdu.cse = (pathlen == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; } r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, ""APDU transmit failed""); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""received invalid template %02X\n"", apdu.resp[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); *file_out = file; file->path = *in_path; for(i=2; i+1size=0; for(j=0; jsize = (file->size<<8) | d[j]; break; case 0x82: file->shareable = (d[0] & 0x40) ? 1 : 0; file->ef_structure = d[0] & 7; switch ((d[0]>>3) & 7) { case 0: file->type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""invalid file type %02X in file descriptor\n"", d[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: file->id = (d[0]<<8) | d[1]; break; case 0x84: memcpy(file->name, d, len); file->namelen = len; break; case 0x86: sc_file_set_sec_attr(file, d, len); break; default: if (len>0) sc_file_set_prop_attr(file, d, len); } } file->magic = SC_FILE_MAGIC; parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len); return 0; }",visit repo url,src/libopensc/card-tcos.c,https://github.com/OpenSC/OpenSC,13139987058975,1 1985,CWE-763,"raw_copy_to_user(void __user *dst, const void *src, unsigned long size) { int ret = 0; if (!__builtin_constant_p(size)) return copy_user_generic((__force void *)dst, src, size); switch (size) { case 1: __uaccess_begin(); __put_user_asm(*(u8 *)src, (u8 __user *)dst, ret, ""b"", ""b"", ""iq"", 1); __uaccess_end(); return ret; case 2: __uaccess_begin(); __put_user_asm(*(u16 *)src, (u16 __user *)dst, ret, ""w"", ""w"", ""ir"", 2); __uaccess_end(); return ret; case 4: __uaccess_begin(); __put_user_asm(*(u32 *)src, (u32 __user *)dst, ret, ""l"", ""k"", ""ir"", 4); __uaccess_end(); return ret; case 8: __uaccess_begin(); __put_user_asm(*(u64 *)src, (u64 __user *)dst, ret, ""q"", """", ""er"", 8); __uaccess_end(); return ret; case 10: __uaccess_begin(); __put_user_asm(*(u64 *)src, (u64 __user *)dst, ret, ""q"", """", ""er"", 10); if (likely(!ret)) { asm("""":::""memory""); __put_user_asm(4[(u16 *)src], 4 + (u16 __user *)dst, ret, ""w"", ""w"", ""ir"", 2); } __uaccess_end(); return ret; case 16: __uaccess_begin(); __put_user_asm(*(u64 *)src, (u64 __user *)dst, ret, ""q"", """", ""er"", 16); if (likely(!ret)) { asm("""":::""memory""); __put_user_asm(1[(u64 *)src], 1 + (u64 __user *)dst, ret, ""q"", """", ""er"", 8); } __uaccess_end(); return ret; default: return copy_user_generic((__force void *)dst, src, size); } }",visit repo url,arch/x86/include/asm/uaccess_64.h,https://github.com/torvalds/linux,95482160814934,1 5816,['CWE-200'],"static void atalk_destroy_timer(unsigned long data) { struct sock *sk = (struct sock *)data; if (sk_has_allocations(sk)) { sk->sk_timer.expires = jiffies + SOCK_DESTROY_TIME; add_timer(&sk->sk_timer); } else sock_put(sk); }",linux-2.6,,,137065280228186927512356875985688038901,0 488,CWE-416,"static int xfrm_dump_policy_done(struct netlink_callback *cb) { struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; struct net *net = sock_net(cb->skb->sk); xfrm_policy_walk_done(walk, net); return 0; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/torvalds/linux,26649474741188,1 6533,CWE-119,"MOBI_RET mobi_parse_huff(MOBIHuffCdic *huffcdic, const MOBIPdbRecord *record) { MOBIBuffer *buf = mobi_buffer_init_null(record->data, record->size); if (buf == NULL) { debug_print(""%s\n"", ""Memory allocation failed""); return MOBI_MALLOC_FAILED; } char huff_magic[5]; mobi_buffer_getstring(huff_magic, buf, 4); const size_t header_length = mobi_buffer_get32(buf); if (strncmp(huff_magic, HUFF_MAGIC, 4) != 0 || header_length < HUFF_HEADER_LEN) { debug_print(""HUFF wrong magic: %s\n"", huff_magic); mobi_buffer_free_null(buf); return MOBI_DATA_CORRUPT; } const size_t data1_offset = mobi_buffer_get32(buf); const size_t data2_offset = mobi_buffer_get32(buf); mobi_buffer_setpos(buf, data1_offset); if (buf->offset + (256 * 4) > buf->maxlen) { debug_print(""%s"", ""HUFF data1 too short\n""); mobi_buffer_free_null(buf); return MOBI_DATA_CORRUPT; } for (int i = 0; i < 256; i++) { huffcdic->table1[i] = mobi_buffer_get32(buf); } mobi_buffer_setpos(buf, data2_offset); if (buf->offset + (64 * 4) > buf->maxlen) { debug_print(""%s"", ""HUFF data2 too short\n""); mobi_buffer_free_null(buf); return MOBI_DATA_CORRUPT; } huffcdic->mincode_table[0] = 0; huffcdic->maxcode_table[0] = 0xFFFFFFFF; for (int i = 1; i < 33; i++) { const uint32_t mincode = mobi_buffer_get32(buf); const uint32_t maxcode = mobi_buffer_get32(buf); huffcdic->mincode_table[i] = mincode << (32 - i); huffcdic->maxcode_table[i] = ((maxcode + 1) << (32 - i)) - 1; } mobi_buffer_free_null(buf); return MOBI_SUCCESS; }",visit repo url,src/read.c,https://github.com/bfabiszewski/libmobi,39176697064472,1 5684,['CWE-476'],"static inline struct sock *udp_v4_mcast_next(struct sock *sk, __be16 loc_port, __be32 loc_addr, __be16 rmt_port, __be32 rmt_addr, int dif) { struct hlist_node *node; struct sock *s = sk; unsigned short hnum = ntohs(loc_port); sk_for_each_from(s, node) { struct inet_sock *inet = inet_sk(s); if (inet->num != hnum || (inet->daddr && inet->daddr != rmt_addr) || (inet->dport != rmt_port && inet->dport) || (inet->rcv_saddr && inet->rcv_saddr != loc_addr) || ipv6_only_sock(s) || (s->sk_bound_dev_if && s->sk_bound_dev_if != dif)) continue; if (!ip_mc_sf_allow(s, loc_addr, rmt_addr, dif)) continue; goto found; } s = NULL; found: return s; }",linux-2.6,,,160924359814138367639749402889849198215,0 2025,['CWE-269'],"int simple_set_mnt(struct vfsmount *mnt, struct super_block *sb) { mnt->mnt_sb = sb; mnt->mnt_root = dget(sb->s_root); return 0; }",linux-2.6,,,93535296360298188827762957680226697991,0 2194,CWE-125,"qedi_dbg_err(struct qedi_dbg_ctx *qedi, const char *func, u32 line, const char *fmt, ...) { va_list va; struct va_format vaf; char nfunc[32]; memset(nfunc, 0, sizeof(nfunc)); memcpy(nfunc, func, sizeof(nfunc) - 1); va_start(va, fmt); vaf.fmt = fmt; vaf.va = &va; if (likely(qedi) && likely(qedi->pdev)) pr_err(""[%s]:[%s:%d]:%d: %pV"", dev_name(&qedi->pdev->dev), nfunc, line, qedi->host_no, &vaf); else pr_err(""[0000:00:00.0]:[%s:%d]: %pV"", nfunc, line, &vaf); va_end(va); }",visit repo url,drivers/scsi/qedi/qedi_dbg.c,https://github.com/torvalds/linux,106539764793428,1 5033,[],"static void child_msg_onlinestatus(int msg_type, struct process_id src, void *buf, size_t len, void *private_data) { TALLOC_CTX *mem_ctx; const char *message; struct process_id *sender; DEBUG(5,(""winbind_msg_onlinestatus received.\n"")); if (!buf) { return; } sender = (struct process_id *)buf; mem_ctx = talloc_init(""winbind_msg_onlinestatus""); if (mem_ctx == NULL) { return; } message = collect_onlinestatus(mem_ctx); if (message == NULL) { talloc_destroy(mem_ctx); return; } message_send_pid(*sender, MSG_WINBIND_ONLINESTATUS, message, strlen(message) + 1, True); talloc_destroy(mem_ctx); }",samba,,,248465118807215473742983544044257061089,0 1216,CWE-400,"static void perf_event_comm_output(struct perf_event *event, struct perf_comm_event *comm_event) { struct perf_output_handle handle; struct perf_sample_data sample; int size = comm_event->event_id.header.size; int ret; perf_event_header__init_id(&comm_event->event_id.header, &sample, event); ret = perf_output_begin(&handle, event, comm_event->event_id.header.size, 0, 0); if (ret) goto out; comm_event->event_id.pid = perf_event_pid(event, comm_event->task); comm_event->event_id.tid = perf_event_tid(event, comm_event->task); perf_output_put(&handle, comm_event->event_id); __output_copy(&handle, comm_event->comm, comm_event->comm_size); perf_event__output_id_sample(event, &handle, &sample); perf_output_end(&handle); out: comm_event->event_id.header.size = size; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,11463598935133,1 3674,['CWE-119'],"static int hfsplus_fill_cat_thread(struct super_block *sb, hfsplus_cat_entry *entry, int type, u32 parentid, struct qstr *str) { entry->type = cpu_to_be16(type); entry->thread.reserved = 0; entry->thread.parentID = cpu_to_be32(parentid); hfsplus_asc2uni(sb, &entry->thread.nodeName, str->name, str->len); return 10 + be16_to_cpu(entry->thread.nodeName.length) * 2; }",linux-2.6,,,281449374081262547122854085654280624830,0 3953,['CWE-362'],"static void handle_event(struct inotify_watch *watch, u32 wd, u32 mask, u32 cookie, const char *dname, struct inode *inode) { struct audit_chunk *chunk = container_of(watch, struct audit_chunk, watch); if (mask & IN_IGNORED) { evict_chunk(chunk); put_inotify_watch(watch); } }",linux-2.6,,,296448454374635233308492324950960780473,0 2458,CWE-119,"static uint32_t scsi_init_iovec(SCSIDiskReq *r) { r->iov.iov_len = MIN(r->sector_count * 512, SCSI_DMA_BUF_SIZE); qemu_iovec_init_external(&r->qiov, &r->iov, 1); return r->qiov.size / 512; }",visit repo url,hw/scsi-disk.c,https://github.com/bonzini/qemu,44274575127663,1 6636,CWE-416,"njs_object_iterate_reverse(njs_vm_t *vm, njs_iterator_args_t *args, njs_iterator_handler_t handler) { double idx; int64_t i, from, to, length; njs_int_t ret; njs_array_t *array, *keys; njs_value_t *entry, *value, prop, character, string_obj; const u_char *p, *end, *pos; njs_string_prop_t string_prop; njs_object_value_t *object; value = args->value; from = args->from; to = args->to; if (njs_is_array(value)) { array = njs_array(value); from += 1; while (from-- > to) { if (njs_slow_path(!array->object.fast_array)) { goto process_object; } if (njs_fast_path(from < array->length && njs_is_valid(&array->start[from]))) { ret = handler(vm, args, &array->start[from], from); } else { entry = njs_value_arg(&njs_value_invalid); ret = njs_value_property_i64(vm, value, from, &prop); if (njs_slow_path(ret != NJS_DECLINED)) { if (ret == NJS_ERROR) { return NJS_ERROR; } entry = ∝ } ret = handler(vm, args, entry, from); } if (njs_slow_path(ret != NJS_OK)) { if (ret == NJS_DONE) { return NJS_DONE; } return NJS_ERROR; } } return NJS_OK; } if (njs_is_string(value) || njs_is_object_string(value)) { if (njs_is_string(value)) { object = njs_object_value_alloc(vm, NJS_OBJ_TYPE_STRING, 0, value); if (njs_slow_path(object == NULL)) { return NJS_ERROR; } njs_set_object_value(&string_obj, object); args->value = &string_obj; } else { value = njs_object_value(value); } length = njs_string_prop(&string_prop, value); end = string_prop.start + string_prop.size; if ((size_t) length == string_prop.size) { p = string_prop.start + from; i = from + 1; while (i-- > to) { (void) njs_string_new(vm, &character, p, 1, 1); ret = handler(vm, args, &character, i); if (njs_slow_path(ret != NJS_OK)) { if (ret == NJS_DONE) { return NJS_DONE; } return NJS_ERROR; } p--; } } else { p = njs_string_offset(string_prop.start, end, from); p = njs_utf8_next(p, end); i = from + 1; while (i-- > to) { pos = njs_utf8_prev(p); (void) njs_string_new(vm, &character, pos, p - pos , 1); ret = handler(vm, args, &character, i); if (njs_slow_path(ret != NJS_OK)) { if (ret == NJS_DONE) { return NJS_DONE; } return NJS_ERROR; } p = pos; } } return NJS_OK; } if (!njs_is_object(value)) { return NJS_OK; } process_object: if (!njs_fast_object(from - to)) { keys = njs_array_indices(vm, value); if (njs_slow_path(keys == NULL)) { return NJS_ERROR; } i = keys->length; while (i > 0) { idx = njs_string_to_index(&keys->start[--i]); if (idx < to || idx > from) { continue; } ret = njs_iterator_object_handler(vm, handler, args, &keys->start[i], idx); if (njs_slow_path(ret != NJS_OK)) { njs_array_destroy(vm, keys); return ret; } } njs_array_destroy(vm, keys); return NJS_OK; } i = from + 1; while (i-- > to) { ret = njs_iterator_object_handler(vm, handler, args, NULL, i); if (njs_slow_path(ret != NJS_OK)) { return ret; } } return NJS_OK; }",visit repo url,src/njs_iterator.c,https://github.com/nginx/njs,65150739377743,1 2909,['CWE-189'],"jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *dec, jpc_dec_tile_t *tile) { jpc_pi_t *pi; int compno; jpc_picomp_t *picomp; jpc_pirlvl_t *pirlvl; jpc_dec_tcomp_t *tcomp; int rlvlno; jpc_dec_rlvl_t *rlvl; int prcno; int *prclyrno; jpc_dec_cmpt_t *cmpt; if (!(pi = jpc_pi_create0())) { return 0; } pi->numcomps = dec->numcomps; if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) { jpc_pi_destroy(pi); return 0; } for (compno = 0, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++picomp) { picomp->pirlvls = 0; } for (compno = 0, tcomp = tile->tcomps, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++tcomp, ++picomp) { picomp->numrlvls = tcomp->numrlvls; if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls, sizeof(jpc_pirlvl_t)))) { jpc_pi_destroy(pi); return 0; } for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl) { pirlvl->prclyrnos = 0; } for (rlvlno = 0, pirlvl = picomp->pirlvls, rlvl = tcomp->rlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) { pirlvl->numprcs = rlvl->numprcs; if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs, sizeof(long)))) { jpc_pi_destroy(pi); return 0; } } } pi->maxrlvls = 0; for (compno = 0, tcomp = tile->tcomps, picomp = pi->picomps, cmpt = dec->cmpts; compno < pi->numcomps; ++compno, ++tcomp, ++picomp, ++cmpt) { picomp->hsamp = cmpt->hstep; picomp->vsamp = cmpt->vstep; for (rlvlno = 0, pirlvl = picomp->pirlvls, rlvl = tcomp->rlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) { pirlvl->prcwidthexpn = rlvl->prcwidthexpn; pirlvl->prcheightexpn = rlvl->prcheightexpn; for (prcno = 0, prclyrno = pirlvl->prclyrnos; prcno < pirlvl->numprcs; ++prcno, ++prclyrno) { *prclyrno = 0; } pirlvl->numhprcs = rlvl->numhprcs; } if (pi->maxrlvls < tcomp->numrlvls) { pi->maxrlvls = tcomp->numrlvls; } } pi->numlyrs = tile->cp->numlyrs; pi->xstart = tile->xstart; pi->ystart = tile->ystart; pi->xend = tile->xend; pi->yend = tile->yend; pi->picomp = 0; pi->pirlvl = 0; pi->x = 0; pi->y = 0; pi->compno = 0; pi->rlvlno = 0; pi->prcno = 0; pi->lyrno = 0; pi->xstep = 0; pi->ystep = 0; pi->pchgno = -1; pi->defaultpchg.prgord = tile->cp->prgord; pi->defaultpchg.compnostart = 0; pi->defaultpchg.compnoend = pi->numcomps; pi->defaultpchg.rlvlnostart = 0; pi->defaultpchg.rlvlnoend = pi->maxrlvls; pi->defaultpchg.lyrnoend = pi->numlyrs; pi->pchg = 0; pi->valid = 0; return pi; }",jasper,,,12943042045660683082412042704560486380,0 1687,NVD-CWE-Other,"static int clie_5_attach(struct usb_serial *serial) { struct usb_serial_port *port; unsigned int pipe; int j; if (serial->num_ports < 2) return -1; port = serial->port[0]; port->bulk_out_endpointAddress = serial->port[1]->bulk_out_endpointAddress; pipe = usb_sndbulkpipe(serial->dev, port->bulk_out_endpointAddress); for (j = 0; j < ARRAY_SIZE(port->write_urbs); ++j) port->write_urbs[j]->pipe = pipe; return 0; }",visit repo url,drivers/usb/serial/visor.c,https://github.com/torvalds/linux,33685251591967,1 5597,CWE-125,"ast_for_for_stmt(struct compiling *c, const node *n, int is_async) { asdl_seq *_target, *seq = NULL, *suite_seq; expr_ty expression; expr_ty target, first; const node *node_target; int has_type_comment; string type_comment; if (is_async && c->c_feature_version < 5) { ast_error(c, n, ""Async for loops are only supported in Python 3.5 and greater""); return NULL; } REQ(n, for_stmt); has_type_comment = TYPE(CHILD(n, 5)) == TYPE_COMMENT; if (NCH(n) == 9 + has_type_comment) { seq = ast_for_suite(c, CHILD(n, 8 + has_type_comment)); if (!seq) return NULL; } node_target = CHILD(n, 1); _target = ast_for_exprlist(c, node_target, Store); if (!_target) return NULL; first = (expr_ty)asdl_seq_GET(_target, 0); if (NCH(node_target) == 1) target = first; else target = Tuple(_target, Store, first->lineno, first->col_offset, c->c_arena); expression = ast_for_testlist(c, CHILD(n, 3)); if (!expression) return NULL; suite_seq = ast_for_suite(c, CHILD(n, 5 + has_type_comment)); if (!suite_seq) return NULL; if (has_type_comment) type_comment = NEW_TYPE_COMMENT(CHILD(n, 5)); else type_comment = NULL; if (is_async) return AsyncFor(target, expression, suite_seq, seq, type_comment, LINENO(n), n->n_col_offset, c->c_arena); else return For(target, expression, suite_seq, seq, type_comment, LINENO(n), n->n_col_offset, c->c_arena); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,239675095182096,1 6631,['CWE-200'],"nma_gconf_settings_class_init (NMAGConfSettingsClass *gconf_settings_class) { GObjectClass *object_class = G_OBJECT_CLASS (gconf_settings_class); NMSettingsClass *settings_class = NM_SETTINGS_CLASS (gconf_settings_class); g_type_class_add_private (gconf_settings_class, sizeof (NMAGConfSettingsPrivate)); object_class->constructor = constructor; object_class->dispose = dispose; settings_class->list_connections = list_connections; signals[NEW_SECRETS_REQUESTED] = g_signal_new (""new-secrets-requested"", G_OBJECT_CLASS_TYPE (object_class), G_SIGNAL_RUN_FIRST, G_STRUCT_OFFSET (NMAGConfSettingsClass, new_secrets_requested), NULL, NULL, nma_marshal_VOID__OBJECT_STRING_POINTER_BOOLEAN_POINTER, G_TYPE_NONE, 5, G_TYPE_OBJECT, G_TYPE_STRING, G_TYPE_POINTER, G_TYPE_BOOLEAN, G_TYPE_POINTER); }",network-manager-applet,,,336502533490126984639929086111308456735,0 5824,CWE-754,"PJ_DEF(pj_status_t) pjmedia_sdp_neg_modify_local_offer2( pj_pool_t *pool, pjmedia_sdp_neg *neg, unsigned flags, const pjmedia_sdp_session *local) { pjmedia_sdp_session *new_offer; pjmedia_sdp_session *old_offer; char media_used[PJMEDIA_MAX_SDP_MEDIA]; unsigned oi; pj_status_t status; PJ_ASSERT_RETURN(pool && neg && local, PJ_EINVAL); PJ_ASSERT_RETURN(neg->state == PJMEDIA_SDP_NEG_STATE_DONE, PJMEDIA_SDPNEG_EINSTATE); status = pjmedia_sdp_validate(local); if (status != PJ_SUCCESS) return status; neg->state = PJMEDIA_SDP_NEG_STATE_LOCAL_OFFER; pj_bzero(media_used, sizeof(media_used)); old_offer = neg->active_local_sdp; new_offer = pjmedia_sdp_session_clone(pool, local); pj_strdup(pool, &new_offer->origin.user, &old_offer->origin.user); new_offer->origin.id = old_offer->origin.id; pj_strdup(pool, &new_offer->origin.net_type, &old_offer->origin.net_type); pj_strdup(pool, &new_offer->origin.addr_type,&old_offer->origin.addr_type); pj_strdup(pool, &new_offer->origin.addr, &old_offer->origin.addr); if ((flags & PJMEDIA_SDP_NEG_ALLOW_MEDIA_CHANGE) == 0) { for (oi = 0; oi < old_offer->media_count; ++oi) { pjmedia_sdp_media *om; pjmedia_sdp_media *nm; unsigned ni; pj_bool_t found = PJ_FALSE; om = old_offer->media[oi]; for (ni = oi; ni < new_offer->media_count; ++ni) { nm = new_offer->media[ni]; if (pj_strcmp(&nm->desc.media, &om->desc.media) == 0) { if (ni != oi) { pj_array_insert( new_offer->media, sizeof(new_offer->media[0]), ni, oi, &nm); } found = PJ_TRUE; break; } } if (!found) { pjmedia_sdp_media *m; m = sdp_media_clone_deactivate(pool, om, om, local); pj_array_insert(new_offer->media, sizeof(new_offer->media[0]), new_offer->media_count++, oi, &m); } } } else { for (oi = new_offer->media_count; oi < old_offer->media_count; ++oi) { pjmedia_sdp_media *m; m = sdp_media_clone_deactivate(pool, old_offer->media[oi], old_offer->media[oi], local); pj_array_insert(new_offer->media, sizeof(new_offer->media[0]), new_offer->media_count++, oi, &m); } } #if PJMEDIA_SDP_NEG_COMPARE_BEFORE_INC_VERSION new_offer->origin.version = old_offer->origin.version; if (pjmedia_sdp_session_cmp(new_offer, neg->initial_sdp, 0) != PJ_SUCCESS) { ++new_offer->origin.version; } #else new_offer->origin.version = old_offer->origin.version + 1; #endif neg->initial_sdp_tmp = neg->initial_sdp; neg->initial_sdp = new_offer; neg->neg_local_sdp = pjmedia_sdp_session_clone(pool, new_offer); return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/sdp_neg.c,https://github.com/pjsip/pjproject,87958291867136,1 3946,CWE-476,"create_pty_only(term_T *term, jobopt_T *opt) { create_vterm(term, term->tl_rows, term->tl_cols); term->tl_job = job_alloc(); if (term->tl_job == NULL) return FAIL; ++term->tl_job->jv_refcount; term->tl_job->jv_status = JOB_FINISHED; return mch_create_pty_channel(term->tl_job, opt); }",visit repo url,src/terminal.c,https://github.com/vim/vim,35142586261590,1 2815,[],"static int dio_send_cur_page(struct dio *dio) { int ret = 0; if (dio->bio) { if (dio->final_block_in_bio != dio->cur_page_block) dio_bio_submit(dio); if (dio->boundary) dio_bio_submit(dio); } if (dio->bio == NULL) { ret = dio_new_bio(dio, dio->cur_page_block); if (ret) goto out; } if (dio_bio_add_page(dio) != 0) { dio_bio_submit(dio); ret = dio_new_bio(dio, dio->cur_page_block); if (ret == 0) { ret = dio_bio_add_page(dio); BUG_ON(ret != 0); } } out: return ret; }",linux-2.6,,,339084408780163482960386056844883950536,0 4602,CWE-787,"static s32 gf_avc_read_sps_bs_internal(GF_BitStream *bs, AVCState *avc, u32 subseq_sps, u32 *vui_flag_pos, u32 nal_hdr) { AVC_SPS *sps; s32 mb_width, mb_height, sps_id = -1; u32 profile_idc, level_idc, pcomp, i, chroma_format_idc, cl = 0, cr = 0, ct = 0, cb = 0, luma_bd, chroma_bd; u8 separate_colour_plane_flag = 0; if (!vui_flag_pos) { gf_bs_enable_emulation_byte_removal(bs, GF_TRUE); } if (!bs) { return -1; } if (!nal_hdr) { gf_bs_read_int_log(bs, 1, ""forbidden_zero_bit""); gf_bs_read_int_log(bs, 2, ""nal_ref_idc""); gf_bs_read_int_log(bs, 5, ""nal_unit_type""); } profile_idc = gf_bs_read_int_log(bs, 8, ""profile_idc""); pcomp = gf_bs_read_int_log(bs, 8, ""profile_compatibility""); if (pcomp & 0x3) return -1; level_idc = gf_bs_read_int_log(bs, 8, ""level_idc""); sps_id = gf_bs_read_ue_log(bs, ""sps_id"") + GF_SVC_SSPS_ID_SHIFT * subseq_sps; if (sps_id >= 32) { return -1; } if (sps_id < 0) { return -1; } luma_bd = chroma_bd = 0; sps = &avc->sps[sps_id]; chroma_format_idc = sps->ChromaArrayType = 1; sps->state |= subseq_sps ? AVC_SUBSPS_PARSED : AVC_SPS_PARSED; switch (profile_idc) { case 100: case 110: case 122: case 244: case 44: if (pcomp & 0xE0) return -1; case 83: case 86: case 118: case 128: chroma_format_idc = gf_bs_read_ue_log(bs, ""chroma_format_idc""); sps->ChromaArrayType = chroma_format_idc; if (chroma_format_idc == 3) { separate_colour_plane_flag = gf_bs_read_int_log(bs, 1, ""separate_colour_plane_flag""); if (separate_colour_plane_flag) sps->ChromaArrayType = 0; } luma_bd = gf_bs_read_ue_log(bs, ""luma_bit_depth""); chroma_bd = gf_bs_read_ue_log(bs, ""chroma_bit_depth""); gf_bs_read_int_log(bs, 1, ""qpprime_y_zero_transform_bypass_flag""); if (gf_bs_read_int_log(bs, 1, ""seq_scaling_matrix_present_flag"")) { u32 k; for (k = 0; k < 8; k++) { if (gf_bs_read_int_log_idx(bs, 1, ""seq_scaling_list_present_flag"", k)) { u32 z, last = 8, next = 8; u32 sl = k < 6 ? 16 : 64; for (z = 0; z < sl; z++) { if (next) { s32 delta = gf_bs_read_se(bs); next = (last + delta + 256) % 256; } last = next ? next : last; } } } } break; } sps->profile_idc = profile_idc; sps->level_idc = level_idc; sps->prof_compat = pcomp; sps->log2_max_frame_num = gf_bs_read_ue_log(bs, ""log2_max_frame_num"") + 4; sps->poc_type = gf_bs_read_ue_log(bs, ""poc_type""); sps->chroma_format = chroma_format_idc; sps->luma_bit_depth_m8 = luma_bd; sps->chroma_bit_depth_m8 = chroma_bd; if (sps->poc_type == 0) { sps->log2_max_poc_lsb = gf_bs_read_ue_log(bs, ""log2_max_poc_lsb"") + 4; } else if (sps->poc_type == 1) { sps->delta_pic_order_always_zero_flag = gf_bs_read_int_log(bs, 1, ""delta_pic_order_always_zero_flag""); sps->offset_for_non_ref_pic = gf_bs_read_se_log(bs, ""offset_for_non_ref_pic""); sps->offset_for_top_to_bottom_field = gf_bs_read_se_log(bs, ""offset_for_top_to_bottom_field""); sps->poc_cycle_length = gf_bs_read_ue_log(bs, ""poc_cycle_length""); if (sps->poc_cycle_length > GF_ARRAY_LENGTH(sps->offset_for_ref_frame)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[avc-h264] offset_for_ref_frame overflow from poc_cycle_length\n"")); return -1; } for (i = 0; i < sps->poc_cycle_length; i++) sps->offset_for_ref_frame[i] = gf_bs_read_se_log_idx(bs, ""offset_for_ref_frame"", i); } if (sps->poc_type > 2) { return -1; } sps->max_num_ref_frames = gf_bs_read_ue_log(bs, ""max_num_ref_frames""); sps->gaps_in_frame_num_value_allowed_flag = gf_bs_read_int_log(bs, 1, ""gaps_in_frame_num_value_allowed_flag""); mb_width = gf_bs_read_ue_log(bs, ""pic_width_in_mbs_minus1"") + 1; mb_height = gf_bs_read_ue_log(bs, ""pic_height_in_map_units_minus1"") + 1; sps->frame_mbs_only_flag = gf_bs_read_int_log(bs, 1, ""frame_mbs_only_flag""); sps->width = mb_width * 16; sps->height = (2 - sps->frame_mbs_only_flag) * mb_height * 16; if (!sps->frame_mbs_only_flag) sps->mb_adaptive_frame_field_flag = gf_bs_read_int_log(bs, 1, ""mb_adaptive_frame_field_flag""); gf_bs_read_int_log(bs, 1, ""direct_8x8_inference_flag""); if (gf_bs_read_int_log(bs, 1, ""frame_cropping_flag"")) { int CropUnitX, CropUnitY, SubWidthC = -1, SubHeightC = -1; if (chroma_format_idc == 1) { SubWidthC = 2; SubHeightC = 2; } else if (chroma_format_idc == 2) { SubWidthC = 2; SubHeightC = 1; } else if ((chroma_format_idc == 3) && (separate_colour_plane_flag == 0)) { SubWidthC = 1; SubHeightC = 1; } if (sps->ChromaArrayType == 0) { assert(SubWidthC == -1); CropUnitX = 1; CropUnitY = 2 - sps->frame_mbs_only_flag; } else { CropUnitX = SubWidthC; CropUnitY = SubHeightC * (2 - sps->frame_mbs_only_flag); } cl = gf_bs_read_ue_log(bs, ""frame_crop_left_offset""); cr = gf_bs_read_ue_log(bs, ""frame_crop_right_offset""); ct = gf_bs_read_ue_log(bs, ""frame_crop_top_offset""); cb = gf_bs_read_ue_log(bs, ""frame_crop_bottom_offset""); sps->width -= CropUnitX * (cl + cr); sps->height -= CropUnitY * (ct + cb); cl *= CropUnitX; cr *= CropUnitX; ct *= CropUnitY; cb *= CropUnitY; } sps->crop.left = cl; sps->crop.right = cr; sps->crop.top = ct; sps->crop.bottom = cb; if (vui_flag_pos) { *vui_flag_pos = (u32)gf_bs_get_bit_offset(bs); } sps->vui_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_parameters_present_flag""); if (sps->vui_parameters_present_flag) { sps->vui.aspect_ratio_info_present_flag = gf_bs_read_int_log(bs, 1, ""aspect_ratio_info_present_flag""); if (sps->vui.aspect_ratio_info_present_flag) { s32 aspect_ratio_idc = gf_bs_read_int_log(bs, 8, ""aspect_ratio_idc""); if (aspect_ratio_idc == 255) { sps->vui.par_num = gf_bs_read_int_log(bs, 16, ""aspect_ratio_num""); sps->vui.par_den = gf_bs_read_int_log(bs, 16, ""aspect_ratio_den""); } else if (aspect_ratio_idc < GF_ARRAY_LENGTH(avc_hevc_sar) ) { sps->vui.par_num = avc_hevc_sar[aspect_ratio_idc].w; sps->vui.par_den = avc_hevc_sar[aspect_ratio_idc].h; } else { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[avc-h264] Unknown aspect_ratio_idc: your video may have a wrong aspect ratio. Contact the GPAC team!\n"")); } } sps->vui.overscan_info_present_flag = gf_bs_read_int_log(bs, 1, ""overscan_info_present_flag""); if (sps->vui.overscan_info_present_flag) gf_bs_read_int_log(bs, 1, ""overscan_appropriate_flag""); sps->vui.video_format = 5; sps->vui.colour_primaries = 2; sps->vui.transfer_characteristics = 2; sps->vui.matrix_coefficients = 2; sps->vui.video_signal_type_present_flag = gf_bs_read_int_log(bs, 1, ""video_signal_type_present_flag""); if (sps->vui.video_signal_type_present_flag) { sps->vui.video_format = gf_bs_read_int_log(bs, 3, ""video_format""); sps->vui.video_full_range_flag = gf_bs_read_int_log(bs, 1, ""video_full_range_flag""); sps->vui.colour_description_present_flag = gf_bs_read_int_log(bs, 1, ""colour_description_present_flag""); if (sps->vui.colour_description_present_flag) { sps->vui.colour_primaries = gf_bs_read_int_log(bs, 8, ""colour_primaries""); sps->vui.transfer_characteristics = gf_bs_read_int_log(bs, 8, ""transfer_characteristics""); sps->vui.matrix_coefficients = gf_bs_read_int_log(bs, 8, ""matrix_coefficients""); } } if (gf_bs_read_int_log(bs, 1, ""chroma_location_info_present_flag"")) { gf_bs_read_ue_log(bs, ""chroma_sample_location_type_top_field""); gf_bs_read_ue_log(bs, ""chroma_sample_location_type_bottom_field""); } sps->vui.timing_info_present_flag = gf_bs_read_int_log(bs, 1, ""timing_info_present_flag""); if (sps->vui.timing_info_present_flag) { sps->vui.num_units_in_tick = gf_bs_read_int_log(bs, 32, ""num_units_in_tick""); sps->vui.time_scale = gf_bs_read_int_log(bs, 32, ""time_scale""); sps->vui.fixed_frame_rate_flag = gf_bs_read_int_log(bs, 1, ""fixed_frame_rate_flag""); } sps->vui.nal_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""nal_hrd_parameters_present_flag""); if (sps->vui.nal_hrd_parameters_present_flag) avc_parse_hrd_parameters(bs, &sps->vui.hrd); sps->vui.vcl_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vcl_hrd_parameters_present_flag""); if (sps->vui.vcl_hrd_parameters_present_flag) avc_parse_hrd_parameters(bs, &sps->vui.hrd); if (sps->vui.nal_hrd_parameters_present_flag || sps->vui.vcl_hrd_parameters_present_flag) sps->vui.low_delay_hrd_flag = gf_bs_read_int_log(bs, 1, ""low_delay_hrd_flag""); sps->vui.pic_struct_present_flag = gf_bs_read_int_log(bs, 1, ""pic_struct_present_flag""); } if (subseq_sps) { if ((profile_idc == 83) || (profile_idc == 86)) { u8 extended_spatial_scalability_idc; gf_bs_read_int_log(bs, 1, ""inter_layer_deblocking_filter_control_present_flag""); extended_spatial_scalability_idc = gf_bs_read_int_log(bs, 2, ""extended_spatial_scalability_idc""); if (sps->ChromaArrayType == 1 || sps->ChromaArrayType == 2) { gf_bs_read_int_log(bs, 1, ""chroma_phase_x_plus1_flag""); } if (sps->ChromaArrayType == 1) { gf_bs_read_int_log(bs, 2, ""chroma_phase_y_plus1""); } if (extended_spatial_scalability_idc == 1) { if (sps->ChromaArrayType > 0) { gf_bs_read_int_log(bs, 1, ""seq_ref_layer_chroma_phase_x_plus1_flag""); gf_bs_read_int_log(bs, 2, ""seq_ref_layer_chroma_phase_y_plus1""); } gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_left_offset""); gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_top_offset""); gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_right_offset""); gf_bs_read_se_log(bs, ""seq_scaled_ref_layer_bottom_offset""); } if (gf_bs_read_int_log(bs, 1, ""seq_tcoeff_level_prediction_flag"")) { gf_bs_read_int_log(bs, 1, ""adaptive_tcoeff_level_prediction_flag""); } gf_bs_read_int_log(bs, 1, ""slice_header_restriction_flag""); if (gf_bs_read_int_log(bs, 1, ""svc_vui_parameters_present"")) { u32 vui_ext_num_entries_minus1 = gf_bs_read_ue_log(bs, ""vui_ext_num_entries_minus1""); for (i = 0; i <= vui_ext_num_entries_minus1; i++) { u8 vui_ext_nal_hrd_parameters_present_flag, vui_ext_vcl_hrd_parameters_present_flag, vui_ext_timing_info_present_flag; gf_bs_read_int_log(bs, 3, ""vui_ext_dependency_id""); gf_bs_read_int_log(bs, 4, ""vui_ext_quality_id""); gf_bs_read_int_log(bs, 3, ""vui_ext_temporal_id""); vui_ext_timing_info_present_flag = gf_bs_read_int_log(bs, 1, ""vui_ext_timing_info_present_flag""); if (vui_ext_timing_info_present_flag) { gf_bs_read_int_log(bs, 32, ""vui_ext_num_units_in_tick""); gf_bs_read_int_log(bs, 32, ""vui_ext_time_scale""); gf_bs_read_int_log(bs, 1, ""vui_ext_fixed_frame_rate_flag""); } vui_ext_nal_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_ext_nal_hrd_parameters_present_flag""); if (vui_ext_nal_hrd_parameters_present_flag) { } vui_ext_vcl_hrd_parameters_present_flag = gf_bs_read_int_log(bs, 1, ""vui_ext_vcl_hrd_parameters_present_flag""); if (vui_ext_vcl_hrd_parameters_present_flag) { } if (vui_ext_nal_hrd_parameters_present_flag || vui_ext_vcl_hrd_parameters_present_flag) { gf_bs_read_int_log(bs, 1, ""vui_ext_low_delay_hrd_flag""); } gf_bs_read_int_log(bs, 1, ""vui_ext_pic_struct_present_flag""); } } } else if ((profile_idc == 118) || (profile_idc == 128)) { GF_LOG(GF_LOG_INFO, GF_LOG_CODING, (""[avc-h264] MVC parsing not implemented - skipping parsing end of Subset SPS\n"")); return sps_id; } if (gf_bs_read_int_log(bs, 1, ""additional_extension2"")) { GF_LOG(GF_LOG_WARNING, GF_LOG_CODING, (""[avc-h264] skipping parsing end of Subset SPS (additional_extension2)\n"")); return sps_id; } } return sps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,260169268145613,1 4054,['CWE-362'],"int audit_remove_tree_rule(struct audit_krule *rule) { struct audit_tree *tree; tree = rule->tree; if (tree) { spin_lock(&hash_lock); list_del_init(&rule->rlist); if (list_empty(&tree->rules) && !tree->goner) { tree->root = NULL; list_del_init(&tree->same_root); tree->goner = 1; list_move(&tree->list, &prune_list); rule->tree = NULL; spin_unlock(&hash_lock); audit_schedule_prune(); return 1; } rule->tree = NULL; spin_unlock(&hash_lock); return 1; } return 0; }",linux-2.6,,,34852664413003960675289472642964692900,0 2250,CWE-119,"do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) { unsigned char arg[128]; int ret = 0; if (!capable(CAP_NET_ADMIN)) return -EPERM; if (*len < get_arglen[GET_CMDID(cmd)]) { pr_err(""get_ctl: len %u < %u\n"", *len, get_arglen[GET_CMDID(cmd)]); return -EINVAL; } if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0) return -EFAULT; if (mutex_lock_interruptible(&__ip_vs_mutex)) return -ERESTARTSYS; switch (cmd) { case IP_VS_SO_GET_VERSION: { char buf[64]; sprintf(buf, ""IP Virtual Server version %d.%d.%d (size=%d)"", NVERSION(IP_VS_VERSION_CODE), IP_VS_CONN_TAB_SIZE); if (copy_to_user(user, buf, strlen(buf)+1) != 0) { ret = -EFAULT; goto out; } *len = strlen(buf)+1; } break; case IP_VS_SO_GET_INFO: { struct ip_vs_getinfo info; info.version = IP_VS_VERSION_CODE; info.size = IP_VS_CONN_TAB_SIZE; info.num_services = ip_vs_num_services; if (copy_to_user(user, &info, sizeof(info)) != 0) ret = -EFAULT; } break; case IP_VS_SO_GET_SERVICES: { struct ip_vs_get_services *get; int size; get = (struct ip_vs_get_services *)arg; size = sizeof(*get) + sizeof(struct ip_vs_service_entry) * get->num_services; if (*len != size) { pr_err(""length: %u != %u\n"", *len, size); ret = -EINVAL; goto out; } ret = __ip_vs_get_service_entries(get, user); } break; case IP_VS_SO_GET_SERVICE: { struct ip_vs_service_entry *entry; struct ip_vs_service *svc; union nf_inet_addr addr; entry = (struct ip_vs_service_entry *)arg; addr.ip = entry->addr; if (entry->fwmark) svc = __ip_vs_svc_fwm_get(AF_INET, entry->fwmark); else svc = __ip_vs_service_get(AF_INET, entry->protocol, &addr, entry->port); if (svc) { ip_vs_copy_service(entry, svc); if (copy_to_user(user, entry, sizeof(*entry)) != 0) ret = -EFAULT; ip_vs_service_put(svc); } else ret = -ESRCH; } break; case IP_VS_SO_GET_DESTS: { struct ip_vs_get_dests *get; int size; get = (struct ip_vs_get_dests *)arg; size = sizeof(*get) + sizeof(struct ip_vs_dest_entry) * get->num_dests; if (*len != size) { pr_err(""length: %u != %u\n"", *len, size); ret = -EINVAL; goto out; } ret = __ip_vs_get_dest_entries(get, user); } break; case IP_VS_SO_GET_TIMEOUT: { struct ip_vs_timeout_user t; __ip_vs_get_timeouts(&t); if (copy_to_user(user, &t, sizeof(t)) != 0) ret = -EFAULT; } break; case IP_VS_SO_GET_DAEMON: { struct ip_vs_daemon_user d[2]; memset(&d, 0, sizeof(d)); if (ip_vs_sync_state & IP_VS_STATE_MASTER) { d[0].state = IP_VS_STATE_MASTER; strlcpy(d[0].mcast_ifn, ip_vs_master_mcast_ifn, sizeof(d[0].mcast_ifn)); d[0].syncid = ip_vs_master_syncid; } if (ip_vs_sync_state & IP_VS_STATE_BACKUP) { d[1].state = IP_VS_STATE_BACKUP; strlcpy(d[1].mcast_ifn, ip_vs_backup_mcast_ifn, sizeof(d[1].mcast_ifn)); d[1].syncid = ip_vs_backup_syncid; } if (copy_to_user(user, &d, sizeof(d)) != 0) ret = -EFAULT; } break; default: ret = -EINVAL; } out: mutex_unlock(&__ip_vs_mutex); return ret; }",visit repo url,net/netfilter/ipvs/ip_vs_ctl.c,https://github.com/torvalds/linux,36033571121387,1 3237,['CWE-189'],"jpc_dec_seg_t *jpc_seg_alloc() { jpc_dec_seg_t *seg; if (!(seg = jas_malloc(sizeof(jpc_dec_seg_t)))) { return 0; } seg->prev = 0; seg->next = 0; seg->passno = -1; seg->numpasses = 0; seg->maxpasses = 0; seg->type = JPC_SEG_INVALID; seg->stream = 0; seg->cnt = 0; seg->complete = 0; seg->lyrno = -1; return seg; }",jasper,,,130331382263509766831602945892356196972,0 3525,CWE-415,"static int mem_resize(jas_stream_memobj_t *m, int bufsize) { unsigned char *buf; assert(m->buf_); assert(bufsize >= 0); if (!(buf = jas_realloc2(m->buf_, bufsize, sizeof(unsigned char)))) { return -1; } m->buf_ = buf; m->bufsize_ = bufsize; return 0; }",visit repo url,src/libjasper/base/jas_stream.c,https://github.com/mdadams/jasper,255037390234098,1 2277,['CWE-120'],"do_revalidate(struct dentry *dentry, struct nameidata *nd) { int status = dentry->d_op->d_revalidate(dentry, nd); if (unlikely(status <= 0)) { if (!status) { if (!d_invalidate(dentry)) { dput(dentry); dentry = NULL; } } else { dput(dentry); dentry = ERR_PTR(status); } } return dentry; }",linux-2.6,,,67488562483743507025208432125124896012,0 1668,[],"asmlinkage void __sched preempt_schedule(void) { struct thread_info *ti = current_thread_info(); struct task_struct *task = current; int saved_lock_depth; if (likely(ti->preempt_count || irqs_disabled())) return; do { add_preempt_count(PREEMPT_ACTIVE); saved_lock_depth = task->lock_depth; task->lock_depth = -1; schedule(); task->lock_depth = saved_lock_depth; sub_preempt_count(PREEMPT_ACTIVE); barrier(); } while (unlikely(test_thread_flag(TIF_NEED_RESCHED))); }",linux-2.6,,,147748385946158128565064033436451785815,0 1098,['CWE-399'],"sys_sigsuspend(int history0, int history1, old_sigset_t mask) { mask &= _BLOCKABLE; spin_lock_irq(¤t->sighand->siglock); current->saved_sigmask = current->blocked; siginitset(¤t->blocked, mask); recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); current->state = TASK_INTERRUPTIBLE; schedule(); set_thread_flag(TIF_RESTORE_SIGMASK); return -ERESTARTNOHAND; }",linux-2.6,,,285961181980695406874298458336139547427,0 1237,[],"m4_changeword (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 2, 2)) return; set_word_regexp (TOKEN_DATA_TEXT (argv[1])); }",m4,,,49666776804925334142582208822971776033,0 583,[],"static ssize_t bad_file_sendfile(struct file *in_file, loff_t *ppos, size_t count, read_actor_t actor, void *target) { return -EIO; }",linux-2.6,,,15557384143163025031279465723864440731,0 3293,CWE-400,"_get_children (hive_h *h, hive_node_h blkoff, offset_list *children, offset_list *blocks, int flags) { if (_hivex_add_to_offset_list (blocks, blkoff) == -1) return -1; struct ntreg_hbin_block *block = (struct ntreg_hbin_block *) ((char *) h->addr + blkoff); size_t len = block_len (h, blkoff, NULL); if (block->id[0] == 'l' && (block->id[1] == 'f' || block->id[1] == 'h')) { struct ntreg_lf_record *lf = (struct ntreg_lf_record *) block; size_t nr_subkeys_in_lf = le16toh (lf->nr_keys); if (8 + nr_subkeys_in_lf * 8 > len) { SET_ERRNO (EFAULT, ""too many subkeys (%zu, %zu)"", nr_subkeys_in_lf, len); return -1; } size_t i; for (i = 0; i < nr_subkeys_in_lf; ++i) { hive_node_h subkey = le32toh (lf->keys[i].offset); subkey += 0x1000; if (check_child_is_nk_block (h, subkey, flags) == -1) { if (h->unsafe) { DEBUG (2, ""subkey at 0x%zx is not an NK block, skipping"", subkey); continue; } else { return -1; } } if (_hivex_add_to_offset_list (children, subkey) == -1) return -1; } } else if (block->id[0] == 'l' && block->id[1] == 'i') { struct ntreg_ri_record *ri = (struct ntreg_ri_record *) block; size_t nr_offsets = le16toh (ri->nr_offsets); if (8 + nr_offsets * 4 > len) { SET_ERRNO (EFAULT, ""too many offsets (%zu, %zu)"", nr_offsets, len); return -1; } size_t i; for (i = 0; i < nr_offsets; ++i) { hive_node_h subkey = le32toh (ri->offset[i]); subkey += 0x1000; if (check_child_is_nk_block (h, subkey, flags) == -1) { if (h->unsafe) { DEBUG (2, ""subkey at 0x%zx is not an NK block, skipping"", subkey); continue; } else { return -1; } } if (_hivex_add_to_offset_list (children, subkey) == -1) return -1; } } else if (block->id[0] == 'r' && block->id[1] == 'i') { struct ntreg_ri_record *ri = (struct ntreg_ri_record *) block; size_t nr_offsets = le16toh (ri->nr_offsets); if (8 + nr_offsets * 4 > len) { SET_ERRNO (EFAULT, ""too many offsets (%zu, %zu)"", nr_offsets, len); return -1; } size_t i; for (i = 0; i < nr_offsets; ++i) { hive_node_h offset = le32toh (ri->offset[i]); offset += 0x1000; if (!IS_VALID_BLOCK (h, offset)) { if (h->unsafe) { DEBUG (2, ""ri-offset is not a valid block (0x%zx), skipping"", offset); continue; } else { SET_ERRNO (EFAULT, ""ri-offset is not a valid block (0x%zx)"", offset); return -1; } } if (_get_children (h, offset, children, blocks, flags) == -1) return -1; } } else { SET_ERRNO (ENOTSUP, ""subkey block is not lf/lh/li/ri (0x%zx, %d, %d)"", blkoff, block->id[0], block->id[1]); return -1; } return 0; }",visit repo url,lib/node.c,https://github.com/libguestfs/hivex,124392492099933,1 4143,NVD-CWE-noinfo,"int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Flow *f, uint8_t *buffer, uint32_t buffer_len, uint32_t stream_start_offset, uint8_t inspection_mode, void *data) { SCEnter(); KEYWORD_PROFILING_START; det_ctx->inspection_recursion_counter++; if (det_ctx->inspection_recursion_counter == de_ctx->inspection_recursion_limit) { det_ctx->discontinue_matching = 1; KEYWORD_PROFILING_END(det_ctx, smd->type, 0); SCReturnInt(0); } if (smd == NULL || buffer_len == 0) { KEYWORD_PROFILING_END(det_ctx, smd->type, 0); SCReturnInt(0); } if (smd->type == DETECT_CONTENT) { DetectContentData *cd = (DetectContentData *)smd->ctx; SCLogDebug(""inspecting content %""PRIu32"" buffer_len %""PRIu32, cd->id, buffer_len); #ifdef DEBUG BUG_ON(cd->depth != 0 && cd->depth <= cd->offset); #endif uint8_t *found = NULL; uint32_t offset = 0; uint32_t depth = buffer_len; uint32_t prev_offset = 0; uint32_t prev_buffer_offset = det_ctx->buffer_offset; do { if ((cd->flags & DETECT_CONTENT_DISTANCE) || (cd->flags & DETECT_CONTENT_WITHIN)) { SCLogDebug(""det_ctx->buffer_offset %""PRIu32, det_ctx->buffer_offset); offset = prev_buffer_offset; depth = buffer_len; int distance = cd->distance; if (cd->flags & DETECT_CONTENT_DISTANCE) { if (cd->flags & DETECT_CONTENT_DISTANCE_BE) { distance = det_ctx->bj_values[cd->distance]; } if (distance < 0 && (uint32_t)(abs(distance)) > offset) offset = 0; else offset += distance; SCLogDebug(""cd->distance %""PRIi32"", offset %""PRIu32"", depth %""PRIu32, distance, offset, depth); } if (cd->flags & DETECT_CONTENT_WITHIN) { if (cd->flags & DETECT_CONTENT_WITHIN_BE) { if ((int32_t)depth > (int32_t)(prev_buffer_offset + det_ctx->bj_values[cd->within] + distance)) { depth = prev_buffer_offset + det_ctx->bj_values[cd->within] + distance; } } else { if ((int32_t)depth > (int32_t)(prev_buffer_offset + cd->within + distance)) { depth = prev_buffer_offset + cd->within + distance; } SCLogDebug(""cd->within %""PRIi32"", det_ctx->buffer_offset %""PRIu32"", depth %""PRIu32, cd->within, prev_buffer_offset, depth); } if (stream_start_offset != 0 && prev_buffer_offset == 0) { if (depth <= stream_start_offset) { goto no_match; } else if (depth >= (stream_start_offset + buffer_len)) { ; } else { depth = depth - stream_start_offset; } } } if (cd->flags & DETECT_CONTENT_DEPTH_BE) { if ((det_ctx->bj_values[cd->depth] + prev_buffer_offset) < depth) { depth = prev_buffer_offset + det_ctx->bj_values[cd->depth]; } } else { if (cd->depth != 0) { if ((cd->depth + prev_buffer_offset) < depth) { depth = prev_buffer_offset + cd->depth; } SCLogDebug(""cd->depth %""PRIu32"", depth %""PRIu32, cd->depth, depth); } } if (cd->flags & DETECT_CONTENT_OFFSET_BE) { if (det_ctx->bj_values[cd->offset] > offset) offset = det_ctx->bj_values[cd->offset]; } else { if (cd->offset > offset) { offset = cd->offset; SCLogDebug(""setting offset %""PRIu32, offset); } } } else { if (cd->flags & DETECT_CONTENT_DEPTH_BE) { depth = det_ctx->bj_values[cd->depth]; } else { if (cd->depth != 0) { depth = cd->depth; } } if (stream_start_offset != 0 && cd->flags & DETECT_CONTENT_DEPTH) { if (depth <= stream_start_offset) { goto no_match; } else if (depth >= (stream_start_offset + buffer_len)) { ; } else { depth = depth - stream_start_offset; } } if (cd->flags & DETECT_CONTENT_OFFSET_BE) offset = det_ctx->bj_values[cd->offset]; else offset = cd->offset; prev_buffer_offset = 0; } SCLogDebug(""offset %""PRIu32"", prev_offset %""PRIu32, offset, prev_offset); if (prev_offset != 0) offset = prev_offset; SCLogDebug(""offset %""PRIu32"", depth %""PRIu32, offset, depth); if (depth > buffer_len) depth = buffer_len; if (offset > depth || depth == 0) { if (cd->flags & DETECT_CONTENT_NEGATED) { goto match; } else { goto no_match; } } uint8_t *sbuffer = buffer + offset; uint32_t sbuffer_len = depth - offset; uint32_t match_offset = 0; SCLogDebug(""sbuffer_len %""PRIu32, sbuffer_len); #ifdef DEBUG BUG_ON(sbuffer_len > buffer_len); #endif found = SpmScan(cd->spm_ctx, det_ctx->spm_thread_ctx, sbuffer, sbuffer_len); SCLogDebug(""found %p cd negated %s"", found, cd->flags & DETECT_CONTENT_NEGATED ? ""true"" : ""false""); if (found == NULL && !(cd->flags & DETECT_CONTENT_NEGATED)) { goto no_match; } else if (found == NULL && (cd->flags & DETECT_CONTENT_NEGATED)) { goto match; } else if (found != NULL && (cd->flags & DETECT_CONTENT_NEGATED)) { SCLogDebug(""content %""PRIu32"" matched at offset %""PRIu32"", but negated so no match"", cd->id, match_offset); if (DETECT_CONTENT_IS_SINGLE(cd)) det_ctx->discontinue_matching = 1; goto no_match; } else { match_offset = (uint32_t)((found - buffer) + cd->content_len); SCLogDebug(""content %""PRIu32"" matched at offset %""PRIu32"""", cd->id, match_offset); det_ctx->buffer_offset = match_offset; if (cd->flags & DETECT_CONTENT_REPLACE) { if (inspection_mode == DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD) { det_ctx->replist = DetectReplaceAddToList(det_ctx->replist, found, cd); } else { SCLogWarning(SC_ERR_INVALID_VALUE, ""Can't modify payload without packet""); } } if (!(cd->flags & DETECT_CONTENT_RELATIVE_NEXT)) { SCLogDebug(""no relative match coming up, so this is a match""); goto match; } if (smd->is_last) { goto no_match; } SCLogDebug(""content %""PRIu32, cd->id); KEYWORD_PROFILING_END(det_ctx, smd->type, 1); int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1, f, buffer, buffer_len, stream_start_offset, inspection_mode, data); if (r == 1) { SCReturnInt(1); } if (det_ctx->discontinue_matching) goto no_match; prev_offset = (match_offset - (cd->content_len - 1)); SCLogDebug(""trying to see if there is another match after prev_offset %""PRIu32, prev_offset); } } while(1); } else if (smd->type == DETECT_ISDATAAT) { SCLogDebug(""inspecting isdataat""); DetectIsdataatData *id = (DetectIsdataatData *)smd->ctx; if (id->flags & ISDATAAT_RELATIVE) { if (det_ctx->buffer_offset + id->dataat > buffer_len) { SCLogDebug(""det_ctx->buffer_offset + id->dataat %""PRIu32"" > %""PRIu32, det_ctx->buffer_offset + id->dataat, buffer_len); if (id->flags & ISDATAAT_NEGATED) goto match; goto no_match; } else { SCLogDebug(""relative isdataat match""); if (id->flags & ISDATAAT_NEGATED) goto no_match; goto match; } } else { if (id->dataat < buffer_len) { SCLogDebug(""absolute isdataat match""); if (id->flags & ISDATAAT_NEGATED) goto no_match; goto match; } else { SCLogDebug(""absolute isdataat mismatch, id->isdataat %""PRIu32"", buffer_len %""PRIu32"""", id->dataat, buffer_len); if (id->flags & ISDATAAT_NEGATED) goto match; goto no_match; } } } else if (smd->type == DETECT_PCRE) { SCLogDebug(""inspecting pcre""); DetectPcreData *pe = (DetectPcreData *)smd->ctx; uint32_t prev_buffer_offset = det_ctx->buffer_offset; uint32_t prev_offset = 0; int r = 0; det_ctx->pcre_match_start_offset = 0; do { Packet *p = NULL; if (inspection_mode == DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD) p = (Packet *)data; r = DetectPcrePayloadMatch(det_ctx, s, smd, p, f, buffer, buffer_len); if (r == 0) { goto no_match; } if (!(pe->flags & DETECT_PCRE_RELATIVE_NEXT)) { SCLogDebug(""no relative match coming up, so this is a match""); goto match; } KEYWORD_PROFILING_END(det_ctx, smd->type, 1); prev_offset = det_ctx->pcre_match_start_offset; r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1, f, buffer, buffer_len, stream_start_offset, inspection_mode, data); if (r == 1) { SCReturnInt(1); } if (det_ctx->discontinue_matching) goto no_match; det_ctx->buffer_offset = prev_buffer_offset; det_ctx->pcre_match_start_offset = prev_offset; } while (1); } else if (smd->type == DETECT_BYTETEST) { DetectBytetestData *btd = (DetectBytetestData *)smd->ctx; uint8_t flags = btd->flags; int32_t offset = btd->offset; uint64_t value = btd->value; if (flags & DETECT_BYTETEST_OFFSET_BE) { offset = det_ctx->bj_values[offset]; } if (flags & DETECT_BYTETEST_VALUE_BE) { value = det_ctx->bj_values[value]; } if (flags & DETECT_BYTETEST_DCE && data != NULL) { DCERPCState *dcerpc_state = (DCERPCState *)data; flags |= ((dcerpc_state->dcerpc.dcerpchdr.packed_drep[0] & 0x10) ? DETECT_BYTETEST_LITTLE: 0); } if (DetectBytetestDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len, flags, offset, value) != 1) { goto no_match; } goto match; } else if (smd->type == DETECT_BYTEJUMP) { DetectBytejumpData *bjd = (DetectBytejumpData *)smd->ctx; uint8_t flags = bjd->flags; int32_t offset = bjd->offset; if (flags & DETECT_BYTEJUMP_OFFSET_BE) { offset = det_ctx->bj_values[offset]; } if (flags & DETECT_BYTEJUMP_DCE && data != NULL) { DCERPCState *dcerpc_state = (DCERPCState *)data; flags |= ((dcerpc_state->dcerpc.dcerpchdr.packed_drep[0] & 0x10) ? DETECT_BYTEJUMP_LITTLE: 0); } if (DetectBytejumpDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len, flags, offset) != 1) { goto no_match; } goto match; } else if (smd->type == DETECT_BYTE_EXTRACT) { DetectByteExtractData *bed = (DetectByteExtractData *)smd->ctx; uint8_t endian = bed->endian; if ((bed->flags & DETECT_BYTE_EXTRACT_FLAG_ENDIAN) && endian == DETECT_BYTE_EXTRACT_ENDIAN_DCE && data != NULL) { DCERPCState *dcerpc_state = (DCERPCState *)data; endian |= ((dcerpc_state->dcerpc.dcerpchdr.packed_drep[0] == 0x10) ? DETECT_BYTE_EXTRACT_ENDIAN_LITTLE : DETECT_BYTE_EXTRACT_ENDIAN_BIG); } if (DetectByteExtractDoMatch(det_ctx, smd, s, buffer, buffer_len, &det_ctx->bj_values[bed->local_id], endian) != 1) { goto no_match; } goto match; } else if (smd->type == DETECT_AL_URILEN) { SCLogDebug(""inspecting uri len""); int r = 0; DetectUrilenData *urilend = (DetectUrilenData *) smd->ctx; switch (urilend->mode) { case DETECT_URILEN_EQ: if (buffer_len == urilend->urilen1) r = 1; break; case DETECT_URILEN_LT: if (buffer_len < urilend->urilen1) r = 1; break; case DETECT_URILEN_GT: if (buffer_len > urilend->urilen1) r = 1; break; case DETECT_URILEN_RA: if (buffer_len > urilend->urilen1 && buffer_len < urilend->urilen2) { r = 1; } break; } if (r == 1) { goto match; } det_ctx->discontinue_matching = 0; goto no_match; #ifdef HAVE_LUA } else if (smd->type == DETECT_LUA) { SCLogDebug(""lua starting""); if (DetectLuaMatchBuffer(det_ctx, s, smd, buffer, buffer_len, det_ctx->buffer_offset, f) != 1) { SCLogDebug(""lua no_match""); goto no_match; } SCLogDebug(""lua match""); goto match; #endif } else if (smd->type == DETECT_BASE64_DECODE) { if (DetectBase64DecodeDoMatch(det_ctx, s, smd, buffer, buffer_len)) { if (s->sm_arrays[DETECT_SM_LIST_BASE64_DATA] != NULL) { KEYWORD_PROFILING_END(det_ctx, smd->type, 1); if (DetectBase64DataDoMatch(de_ctx, det_ctx, s, f)) { goto final_match; } } } } else { SCLogDebug(""sm->type %u"", smd->type); #ifdef DEBUG BUG_ON(1); #endif } no_match: KEYWORD_PROFILING_END(det_ctx, smd->type, 0); SCReturnInt(0); match: if (!smd->is_last) { KEYWORD_PROFILING_END(det_ctx, smd->type, 1); int r = DetectEngineContentInspection(de_ctx, det_ctx, s, smd+1, f, buffer, buffer_len, stream_start_offset, inspection_mode, data); SCReturnInt(r); } final_match: KEYWORD_PROFILING_END(det_ctx, smd->type, 1); SCReturnInt(1); }",visit repo url,src/detect-engine-content-inspection.c,https://github.com/OISF/suricata,163744900329484,1 4896,CWE-190,"static void ExportIndexAlphaQuantum(const Image *image, QuantumInfo *quantum_info,const MagickSizeType number_pixels, const PixelPacket *magick_restrict p, const IndexPacket *magick_restrict indexes,unsigned char *magick_restrict q, ExceptionInfo *exception) { ssize_t x; ssize_t bit; if (image->storage_class != PseudoClass) { (void) ThrowMagickException(exception,GetMagickModule(),ImageError, ""ColormappedImageRequired"",""`%s'"",image->filename); return; } switch (quantum_info->depth) { case 1: { unsigned char pixel; for (x=((ssize_t) number_pixels-3); x > 0; x-=4) { pixel=(unsigned char) *indexes++; *q=((pixel & 0x01) << 7); pixel=(unsigned char) (GetPixelOpacity(p) == (Quantum) TransparentOpacity ? 1 : 0); *q|=((pixel & 0x01) << 6); p++; pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 5); pixel=(unsigned char) (GetPixelOpacity(p) == (Quantum) TransparentOpacity ? 1 : 0); *q|=((pixel & 0x01) << 4); p++; pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 3); pixel=(unsigned char) (GetPixelOpacity(p) == (Quantum) TransparentOpacity ? 1 : 0); *q|=((pixel & 0x01) << 2); p++; pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << 1); pixel=(unsigned char) (GetPixelOpacity(p) == (Quantum) TransparentOpacity ? 1 : 0); *q|=((pixel & 0x01) << 0); p++; q++; } if ((number_pixels % 4) != 0) { *q='\0'; for (bit=3; bit >= (ssize_t) (4-(number_pixels % 4)); bit-=2) { pixel=(unsigned char) *indexes++; *q|=((pixel & 0x01) << (unsigned char) (bit+4)); pixel=(unsigned char) (GetPixelOpacity(p) == (Quantum) TransparentOpacity ? 1 : 0); *q|=((pixel & 0x01) << (unsigned char) (bit+4-1)); p++; } q++; } break; } case 4: { unsigned char pixel; for (x=0; x < (ssize_t) number_pixels ; x++) { pixel=(unsigned char) *indexes++; *q=((pixel & 0xf) << 4); pixel=(unsigned char) (16*QuantumScale*((Quantum) (QuantumRange- GetPixelOpacity(p)))+0.5); *q|=((pixel & 0xf) << 0); p++; q++; } break; } case 8: { unsigned char pixel; for (x=0; x < (ssize_t) number_pixels; x++) { q=PopCharPixel((unsigned char) GetPixelIndex(indexes+x),q); pixel=ScaleQuantumToChar((Quantum) (QuantumRange-GetPixelOpacity(p))); q=PopCharPixel(pixel,q); p++; q+=quantum_info->pad; } break; } case 16: { unsigned short pixel; if (quantum_info->format == FloatingPointQuantumFormat) { for (x=0; x < (ssize_t) number_pixels; x++) { q=PopShortPixel(quantum_info->endian,(unsigned short) GetPixelIndex(indexes+x),q); pixel=SinglePrecisionToHalf(QuantumScale*GetPixelAlpha(p)); q=PopShortPixel(quantum_info->endian,pixel,q); p++; q+=quantum_info->pad; } break; } for (x=0; x < (ssize_t) number_pixels; x++) { q=PopShortPixel(quantum_info->endian,(unsigned short) GetPixelIndex(indexes+x),q); pixel=ScaleQuantumToShort((Quantum) (QuantumRange-GetPixelOpacity(p))); q=PopShortPixel(quantum_info->endian,pixel,q); p++; q+=quantum_info->pad; } break; } case 32: { unsigned int pixel; if (quantum_info->format == FloatingPointQuantumFormat) { for (x=0; x < (ssize_t) number_pixels; x++) { float pixel; q=PopFloatPixel(quantum_info,(float) GetPixelIndex(indexes+x),q); pixel=(float) (GetPixelAlpha(p)); q=PopFloatPixel(quantum_info,pixel,q); p++; q+=quantum_info->pad; } break; } for (x=0; x < (ssize_t) number_pixels; x++) { q=PopLongPixel(quantum_info->endian,(unsigned int) GetPixelIndex(indexes+x),q); pixel=ScaleQuantumToLong((Quantum) (QuantumRange-GetPixelOpacity(p))); q=PopLongPixel(quantum_info->endian,pixel,q); p++; q+=quantum_info->pad; } break; } case 64: { if (quantum_info->format == FloatingPointQuantumFormat) { for (x=0; x < (ssize_t) number_pixels; x++) { double pixel; q=PopDoublePixel(quantum_info,(double) GetPixelIndex(indexes+x), q); pixel=(double) (GetPixelAlpha(p)); q=PopDoublePixel(quantum_info,pixel,q); p++; q+=quantum_info->pad; } break; } } default: { QuantumAny range; range=GetQuantumRange(quantum_info->depth); for (x=0; x < (ssize_t) number_pixels; x++) { q=PopQuantumPixel(quantum_info, GetPixelIndex(indexes+x),q); q=PopQuantumPixel(quantum_info, ScaleQuantumToAny((Quantum) (GetPixelAlpha(p)),range),q); p++; q+=quantum_info->pad; } break; } } }",visit repo url,magick/quantum-export.c,https://github.com/ImageMagick/ImageMagick6,223771852410117,1 1901,['CWE-20'],"int fail_migrate_page(struct address_space *mapping, struct page *newpage, struct page *page) { return -EIO; }",linux-2.6,,,112024308283256119675288919485249575676,0 5726,['CWE-200'],"static void irda_destroy_socket(struct irda_sock *self) { IRDA_DEBUG(2, ""%s(%p)\n"", __func__, self); irlmp_unregister_client(self->ckey); irlmp_unregister_service(self->skey); if (self->ias_obj) { irias_delete_object(self->ias_obj); self->ias_obj = NULL; } if (self->iriap) { iriap_close(self->iriap); self->iriap = NULL; } if (self->tsap) { irttp_disconnect_request(self->tsap, NULL, P_NORMAL); irttp_close_tsap(self->tsap); self->tsap = NULL; } #ifdef CONFIG_IRDA_ULTRA if (self->lsap) { irlmp_close_lsap(self->lsap); self->lsap = NULL; } #endif }",linux-2.6,,,122512984907888190054259691150410974119,0 2040,['CWE-269'],"asmlinkage long sys_pivot_root(const char __user * new_root, const char __user * put_old) { struct vfsmount *tmp; struct nameidata new_nd, old_nd, parent_nd, root_parent, user_nd; int error; if (!capable(CAP_SYS_ADMIN)) return -EPERM; lock_kernel(); error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &new_nd); if (error) goto out0; error = -EINVAL; if (!check_mnt(new_nd.mnt)) goto out1; error = __user_walk(put_old, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &old_nd); if (error) goto out1; error = security_sb_pivotroot(&old_nd, &new_nd); if (error) { path_release(&old_nd); goto out1; } read_lock(¤t->fs->lock); user_nd.mnt = mntget(current->fs->rootmnt); user_nd.dentry = dget(current->fs->root); read_unlock(¤t->fs->lock); down_write(&namespace_sem); mutex_lock(&old_nd.dentry->d_inode->i_mutex); error = -EINVAL; if (IS_MNT_SHARED(old_nd.mnt) || IS_MNT_SHARED(new_nd.mnt->mnt_parent) || IS_MNT_SHARED(user_nd.mnt->mnt_parent)) goto out2; if (!check_mnt(user_nd.mnt)) goto out2; error = -ENOENT; if (IS_DEADDIR(new_nd.dentry->d_inode)) goto out2; if (d_unhashed(new_nd.dentry) && !IS_ROOT(new_nd.dentry)) goto out2; if (d_unhashed(old_nd.dentry) && !IS_ROOT(old_nd.dentry)) goto out2; error = -EBUSY; if (new_nd.mnt == user_nd.mnt || old_nd.mnt == user_nd.mnt) goto out2; error = -EINVAL; if (user_nd.mnt->mnt_root != user_nd.dentry) goto out2; if (user_nd.mnt->mnt_parent == user_nd.mnt) goto out2; if (new_nd.mnt->mnt_root != new_nd.dentry) goto out2; if (new_nd.mnt->mnt_parent == new_nd.mnt) goto out2; tmp = old_nd.mnt; spin_lock(&vfsmount_lock); if (tmp != new_nd.mnt) { for (;;) { if (tmp->mnt_parent == tmp) goto out3; if (tmp->mnt_parent == new_nd.mnt) break; tmp = tmp->mnt_parent; } if (!is_subdir(tmp->mnt_mountpoint, new_nd.dentry)) goto out3; } else if (!is_subdir(old_nd.dentry, new_nd.dentry)) goto out3; detach_mnt(new_nd.mnt, &parent_nd); detach_mnt(user_nd.mnt, &root_parent); attach_mnt(user_nd.mnt, &old_nd); attach_mnt(new_nd.mnt, &root_parent); touch_mnt_namespace(current->nsproxy->mnt_ns); spin_unlock(&vfsmount_lock); chroot_fs_refs(&user_nd, &new_nd); security_sb_post_pivotroot(&user_nd, &new_nd); error = 0; path_release(&root_parent); path_release(&parent_nd); out2: mutex_unlock(&old_nd.dentry->d_inode->i_mutex); up_write(&namespace_sem); path_release(&user_nd); path_release(&old_nd); out1: path_release(&new_nd); out0: unlock_kernel(); return error; out3: spin_unlock(&vfsmount_lock); goto out2; }",linux-2.6,,,254118756418828729194865177801967473041,0 3324,CWE-119,"header_read (SF_PRIVATE *psf, void *ptr, int bytes) { int count = 0 ; if (psf->headindex >= SIGNED_SIZEOF (psf->header)) return psf_fread (ptr, 1, bytes, psf) ; if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header)) { int most ; most = SIGNED_SIZEOF (psf->header) - psf->headend ; psf_fread (psf->header + psf->headend, 1, most, psf) ; memcpy (ptr, psf->header + psf->headend, most) ; psf->headend = psf->headindex += most ; psf_fread ((char *) ptr + most, bytes - most, 1, psf) ; return bytes ; } ; if (psf->headindex + bytes > psf->headend) { count = psf_fread (psf->header + psf->headend, 1, bytes - (psf->headend - psf->headindex), psf) ; if (count != bytes - (int) (psf->headend - psf->headindex)) { psf_log_printf (psf, ""Error : psf_fread returned short count.\n"") ; return count ; } ; psf->headend += count ; } ; memcpy (ptr, psf->header + psf->headindex, bytes) ; psf->headindex += bytes ; return bytes ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,50605343825607,1 4034,['CWE-362'],"static inline int inotify_rm_watch(struct inotify_handle *ih, struct inotify_watch *watch) { return -EOPNOTSUPP; }",linux-2.6,,,293718577840415293205539091018052449521,0 472,CWE-20,"int key_update(key_ref_t key_ref, const void *payload, size_t plen) { struct key_preparsed_payload prep; struct key *key = key_ref_to_ptr(key_ref); int ret; key_check(key); ret = key_permission(key_ref, KEY_NEED_WRITE); if (ret < 0) return ret; if (!key->type->update) return -EOPNOTSUPP; memset(&prep, 0, sizeof(prep)); prep.data = payload; prep.datalen = plen; prep.quotalen = key->type->def_datalen; prep.expiry = TIME_T_MAX; if (key->type->preparse) { ret = key->type->preparse(&prep); if (ret < 0) goto error; } down_write(&key->sem); ret = key->type->update(key, &prep); if (ret == 0) clear_bit(KEY_FLAG_NEGATIVE, &key->flags); up_write(&key->sem); error: if (key->type->preparse) key->type->free_preparse(&prep); return ret; }",visit repo url,security/keys/key.c,https://github.com/torvalds/linux,279530516976713,1 2612,[],"static int sctp_setsockopt_associnfo(struct sock *sk, char __user *optval, int optlen) { struct sctp_assocparams assocparams; struct sctp_association *asoc; if (optlen != sizeof(struct sctp_assocparams)) return -EINVAL; if (copy_from_user(&assocparams, optval, optlen)) return -EFAULT; asoc = sctp_id2assoc(sk, assocparams.sasoc_assoc_id); if (!asoc && assocparams.sasoc_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (asoc) { if (assocparams.sasoc_asocmaxrxt != 0) { __u32 path_sum = 0; int paths = 0; struct sctp_transport *peer_addr; list_for_each_entry(peer_addr, &asoc->peer.transport_addr_list, transports) { path_sum += peer_addr->pathmaxrxt; paths++; } if (paths > 1 && assocparams.sasoc_asocmaxrxt > path_sum) return -EINVAL; asoc->max_retrans = assocparams.sasoc_asocmaxrxt; } if (assocparams.sasoc_cookie_life != 0) { asoc->cookie_life.tv_sec = assocparams.sasoc_cookie_life / 1000; asoc->cookie_life.tv_usec = (assocparams.sasoc_cookie_life % 1000) * 1000; } } else { struct sctp_sock *sp = sctp_sk(sk); if (assocparams.sasoc_asocmaxrxt != 0) sp->assocparams.sasoc_asocmaxrxt = assocparams.sasoc_asocmaxrxt; if (assocparams.sasoc_cookie_life != 0) sp->assocparams.sasoc_cookie_life = assocparams.sasoc_cookie_life; } return 0; }",linux-2.6,,,231298629763856508205219708795602758453,0 97,CWE-415,"gss_accept_sec_context (minor_status, context_handle, verifier_cred_handle, input_token_buffer, input_chan_bindings, src_name, mech_type, output_token, ret_flags, time_rec, d_cred) OM_uint32 * minor_status; gss_ctx_id_t * context_handle; gss_cred_id_t verifier_cred_handle; gss_buffer_t input_token_buffer; gss_channel_bindings_t input_chan_bindings; gss_name_t * src_name; gss_OID * mech_type; gss_buffer_t output_token; OM_uint32 * ret_flags; OM_uint32 * time_rec; gss_cred_id_t * d_cred; { OM_uint32 status, temp_status, temp_minor_status; OM_uint32 temp_ret_flags = 0; gss_union_ctx_id_t union_ctx_id = NULL; gss_cred_id_t input_cred_handle = GSS_C_NO_CREDENTIAL; gss_cred_id_t tmp_d_cred = GSS_C_NO_CREDENTIAL; gss_name_t internal_name = GSS_C_NO_NAME; gss_name_t tmp_src_name = GSS_C_NO_NAME; gss_OID_desc token_mech_type_desc; gss_OID token_mech_type = &token_mech_type_desc; gss_OID actual_mech = GSS_C_NO_OID; gss_OID selected_mech = GSS_C_NO_OID; gss_OID public_mech; gss_mechanism mech = NULL; gss_union_cred_t uc; int i; status = val_acc_sec_ctx_args(minor_status, context_handle, verifier_cred_handle, input_token_buffer, input_chan_bindings, src_name, mech_type, output_token, ret_flags, time_rec, d_cred); if (status != GSS_S_COMPLETE) return (status); if(*context_handle == GSS_C_NO_CONTEXT) { if (input_token_buffer == GSS_C_NO_BUFFER) return (GSS_S_CALL_INACCESSIBLE_READ); status = gssint_get_mech_type(token_mech_type, input_token_buffer); if (status) return status; if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) { uc = (gss_union_cred_t)verifier_cred_handle; for (i = 0; i < uc->count; i++) { public_mech = gssint_get_public_oid(&uc->mechs_array[i]); if (public_mech && g_OID_equal(token_mech_type, public_mech)) { selected_mech = &uc->mechs_array[i]; break; } } } if (selected_mech == GSS_C_NO_OID) { status = gssint_select_mech_type(minor_status, token_mech_type, &selected_mech); if (status) return status; } } else { union_ctx_id = (gss_union_ctx_id_t)*context_handle; selected_mech = union_ctx_id->mech_type; } if (*context_handle == GSS_C_NO_CONTEXT) { status = GSS_S_FAILURE; union_ctx_id = (gss_union_ctx_id_t) malloc(sizeof(gss_union_ctx_id_desc)); if (!union_ctx_id) return (GSS_S_FAILURE); union_ctx_id->loopback = union_ctx_id; union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT; status = generic_gss_copy_oid(&temp_minor_status, selected_mech, &union_ctx_id->mech_type); if (status != GSS_S_COMPLETE) { free(union_ctx_id); return (status); } *context_handle = (gss_ctx_id_t)union_ctx_id; } if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) { input_cred_handle = gssint_get_mechanism_cred((gss_union_cred_t)verifier_cred_handle, selected_mech); if (input_cred_handle == GSS_C_NO_CREDENTIAL) { status = GSS_S_NO_CRED; goto error_out; } } else if (!allow_mech_by_default(selected_mech)) { status = GSS_S_NO_CRED; goto error_out; } mech = gssint_get_mechanism(selected_mech); if (mech && mech->gss_accept_sec_context) { status = mech->gss_accept_sec_context(minor_status, &union_ctx_id->internal_ctx_id, input_cred_handle, input_token_buffer, input_chan_bindings, src_name ? &internal_name : NULL, &actual_mech, output_token, &temp_ret_flags, time_rec, d_cred ? &tmp_d_cred : NULL); if (status == GSS_S_CONTINUE_NEEDED) return GSS_S_CONTINUE_NEEDED; if (status != GSS_S_COMPLETE) { map_error(minor_status, mech); goto error_out; } if (src_name != NULL) { if (internal_name != GSS_C_NO_NAME) { temp_status = gssint_convert_name_to_union_name( &temp_minor_status, mech, internal_name, &tmp_src_name); if (temp_status != GSS_S_COMPLETE) { status = temp_status; *minor_status = temp_minor_status; map_error(minor_status, mech); if (output_token->length) (void) gss_release_buffer(&temp_minor_status, output_token); goto error_out; } *src_name = tmp_src_name; } else *src_name = GSS_C_NO_NAME; } #define g_OID_prefix_equal(o1, o2) \ (((o1)->length >= (o2)->length) && \ (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0)) if ((temp_ret_flags & GSS_C_DELEG_FLAG) && tmp_d_cred != GSS_C_NO_CREDENTIAL) { public_mech = gssint_get_public_oid(selected_mech); if (actual_mech != GSS_C_NO_OID && public_mech != GSS_C_NO_OID && !g_OID_prefix_equal(actual_mech, public_mech)) { *d_cred = tmp_d_cred; } else { gss_union_cred_t d_u_cred = NULL; d_u_cred = malloc(sizeof (gss_union_cred_desc)); if (d_u_cred == NULL) { status = GSS_S_FAILURE; goto error_out; } (void) memset(d_u_cred, 0, sizeof (gss_union_cred_desc)); d_u_cred->count = 1; status = generic_gss_copy_oid(&temp_minor_status, selected_mech, &d_u_cred->mechs_array); if (status != GSS_S_COMPLETE) { free(d_u_cred); goto error_out; } d_u_cred->cred_array = malloc(sizeof(gss_cred_id_t)); if (d_u_cred->cred_array != NULL) { d_u_cred->cred_array[0] = tmp_d_cred; } else { free(d_u_cred); status = GSS_S_FAILURE; goto error_out; } d_u_cred->loopback = d_u_cred; *d_cred = (gss_cred_id_t)d_u_cred; } } if (mech_type != NULL) *mech_type = gssint_get_public_oid(actual_mech); if (ret_flags != NULL) *ret_flags = temp_ret_flags; return (status); } else { status = GSS_S_BAD_MECH; } error_out: if (union_ctx_id) { if (union_ctx_id->mech_type) { if (union_ctx_id->mech_type->elements) free(union_ctx_id->mech_type->elements); free(union_ctx_id->mech_type); } if (union_ctx_id->internal_ctx_id && mech && mech->gss_delete_sec_context) { mech->gss_delete_sec_context(&temp_minor_status, &union_ctx_id->internal_ctx_id, GSS_C_NO_BUFFER); } free(union_ctx_id); *context_handle = GSS_C_NO_CONTEXT; } if (src_name) *src_name = GSS_C_NO_NAME; if (tmp_src_name != GSS_C_NO_NAME) (void) gss_release_buffer(&temp_minor_status, (gss_buffer_t)tmp_src_name); return (status); }",visit repo url,src/lib/gssapi/mechglue/g_accept_sec_context.c,https://github.com/krb5/krb5,205046090322948,1 2438,['CWE-119'],"static char *path_name(struct name_path *path, const char *name) { struct name_path *p; char *n, *m; int nlen = strlen(name); int len = nlen + 1; for (p = path; p; p = p->up) { if (p->elem_len) len += p->elem_len + 1; } n = xmalloc(len); m = n + len - (nlen + 1); strcpy(m, name); for (p = path; p; p = p->up) { if (p->elem_len) { m -= p->elem_len + 1; memcpy(m, p->elem, p->elem_len); m[p->elem_len] = '/'; } } return n; }",git,,,311662613530228316839187243946321599715,0 1153,CWE-189,"SYSCALL_DEFINE4(osf_wait4, pid_t, pid, int __user *, ustatus, int, options, struct rusage32 __user *, ur) { struct rusage r; long ret, err; mm_segment_t old_fs; if (!ur) return sys_wait4(pid, ustatus, options, NULL); old_fs = get_fs(); set_fs (KERNEL_DS); ret = sys_wait4(pid, ustatus, options, (struct rusage __user *) &r); set_fs (old_fs); if (!access_ok(VERIFY_WRITE, ur, sizeof(*ur))) return -EFAULT; err = 0; err |= __put_user(r.ru_utime.tv_sec, &ur->ru_utime.tv_sec); err |= __put_user(r.ru_utime.tv_usec, &ur->ru_utime.tv_usec); err |= __put_user(r.ru_stime.tv_sec, &ur->ru_stime.tv_sec); err |= __put_user(r.ru_stime.tv_usec, &ur->ru_stime.tv_usec); err |= __put_user(r.ru_maxrss, &ur->ru_maxrss); err |= __put_user(r.ru_ixrss, &ur->ru_ixrss); err |= __put_user(r.ru_idrss, &ur->ru_idrss); err |= __put_user(r.ru_isrss, &ur->ru_isrss); err |= __put_user(r.ru_minflt, &ur->ru_minflt); err |= __put_user(r.ru_majflt, &ur->ru_majflt); err |= __put_user(r.ru_nswap, &ur->ru_nswap); err |= __put_user(r.ru_inblock, &ur->ru_inblock); err |= __put_user(r.ru_oublock, &ur->ru_oublock); err |= __put_user(r.ru_msgsnd, &ur->ru_msgsnd); err |= __put_user(r.ru_msgrcv, &ur->ru_msgrcv); err |= __put_user(r.ru_nsignals, &ur->ru_nsignals); err |= __put_user(r.ru_nvcsw, &ur->ru_nvcsw); err |= __put_user(r.ru_nivcsw, &ur->ru_nivcsw); return err ? err : ret; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,83783111808735,1 1834,['CWE-189'],"resume_copy_required_values (gnutls_session_t session) { memcpy (session->internals.resumed_security_parameters. server_random, session->security_parameters.server_random, TLS_RANDOM_SIZE); memcpy (session->internals.resumed_security_parameters. client_random, session->security_parameters.client_random, TLS_RANDOM_SIZE); memcpy (session->security_parameters.current_cipher_suite. suite, session->internals.resumed_security_parameters. current_cipher_suite.suite, 2); session->internals.compression_method = session->internals.resumed_security_parameters.read_compression_algorithm; session->security_parameters.entity = session->internals.resumed_security_parameters.entity; _gnutls_set_current_version (session, session->internals. resumed_security_parameters.version); session->security_parameters.cert_type = session->internals.resumed_security_parameters.cert_type; memcpy (session->security_parameters.session_id, session->internals.resumed_security_parameters. session_id, sizeof (session->security_parameters.session_id)); session->security_parameters.session_id_size = session->internals.resumed_security_parameters.session_id_size; }",gnutls,,,179883944112752519398718787333837362569,0 5857,CWE-787,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_pli( const void *buf, pj_size_t length) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; PJ_ASSERT_RETURN(buf, PJ_EINVAL); if (length < 12) return PJ_ETOOSMALL; if (hdr->pt != RTCP_PSFB || hdr->count != 1) return PJ_ENOTFOUND; return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,17469031542658,1 1321,['CWE-119'],"static int snmp_translate(struct nf_conn *ct, enum ip_conntrack_info ctinfo, struct sk_buff *skb) { struct iphdr *iph = ip_hdr(skb); struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); u_int16_t udplen = ntohs(udph->len); u_int16_t paylen = udplen - sizeof(struct udphdr); int dir = CTINFO2DIR(ctinfo); struct oct1_map map; if (dir == IP_CT_DIR_ORIGINAL) { map.from = NOCT1(&ct->tuplehash[dir].tuple.src.u3.ip); map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip); } else { map.from = NOCT1(&ct->tuplehash[dir].tuple.src.u3.ip); map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip); } if (map.from == map.to) return NF_ACCEPT; if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr), paylen, &map, &udph->check)) { if (net_ratelimit()) printk(KERN_WARNING ""bsalg: parser failed\n""); return NF_DROP; } return NF_ACCEPT; }",linux-2.6,,,298862230042055628001336013897530542979,0 2380,['CWE-119'],"static int count_lines(const char *data, int size) { int count, ch, completely_empty = 1, nl_just_seen = 0; count = 0; while (0 < size--) { ch = *data++; if (ch == '\n') { count++; nl_just_seen = 1; completely_empty = 0; } else { nl_just_seen = 0; completely_empty = 0; } } if (completely_empty) return 0; if (!nl_just_seen) count++; return count; }",git,,,43067763992276648887753478982032659145,0 5339,['CWE-476'],"static int kvm_vm_ioctl_get_irqchip(struct kvm *kvm, struct kvm_irqchip *chip) { int r; r = 0; switch (chip->chip_id) { case KVM_IRQCHIP_PIC_MASTER: memcpy(&chip->chip.pic, &pic_irqchip(kvm)->pics[0], sizeof(struct kvm_pic_state)); break; case KVM_IRQCHIP_PIC_SLAVE: memcpy(&chip->chip.pic, &pic_irqchip(kvm)->pics[1], sizeof(struct kvm_pic_state)); break; case KVM_IRQCHIP_IOAPIC: memcpy(&chip->chip.ioapic, ioapic_irqchip(kvm), sizeof(struct kvm_ioapic_state)); break; default: r = -EINVAL; break; } return r; }",linux-2.6,,,310558981507885280822475555962613462456,0 150,[],"static int __init init_sys32_ioctl(void) { int i; for (i = 0; i < ioctl_table_size; i++) { if (ioctl_start[i].next != 0) { printk(""ioctl translation %d bad\n"",i); return -1; } ioctl32_insert_translation(&ioctl_start[i]); } return 0; }",linux-2.6,,,43637616046730863380149912970496385463,0 4890,['CWE-399'],"sel_pos(int n) { return inverse_translate(sel_cons, screen_glyph(sel_cons, n), use_unicode); }",linux-2.6,,,317974991162688376871294863802715631922,0 5638,['CWE-476'],"static unsigned short udp_check(struct udphdr *uh, int len, __be32 saddr, __be32 daddr, unsigned long base) { return(csum_tcpudp_magic(saddr, daddr, len, IPPROTO_UDP, base)); }",linux-2.6,,,207574659544196097448067222053366460902,0 4205,CWE-190,"alloc_limit_assert (char *fn_name, size_t size) { if (alloc_limit && size > alloc_limit) { alloc_limit_failure (fn_name, size); exit (-1); } }",visit repo url,src/alloc.c,https://github.com/verdammelt/tnef,2816244386356,1 4067,CWE-119,"static void dex_parse_debug_item(RBinFile *binfile, RBinDexObj *bin, RBinDexClass *c, int MI, int MA, int paddr, int ins_size, int insns_size, char *class_name, int regsz, int debug_info_off) { struct r_bin_t *rbin = binfile->rbin; const ut8 *p4 = r_buf_get_at (binfile->buf, debug_info_off, NULL); const ut8 *p4_end = p4 + binfile->buf->length - debug_info_off; ut64 line_start; ut64 parameters_size; ut64 param_type_idx; ut16 argReg = regsz - ins_size; ut64 source_file_idx = c->source_file; RList *params, *debug_positions, *emitted_debug_locals = NULL; bool keep = true; if (argReg >= regsz) { } p4 = r_uleb128 (p4, p4_end - p4, &line_start); p4 = r_uleb128 (p4, p4_end - p4, ¶meters_size); ut32 address = 0; ut32 line = line_start; if (!(debug_positions = r_list_newf ((RListFree)free))) { return; } if (!(emitted_debug_locals = r_list_newf ((RListFree)free))) { r_list_free (debug_positions); return; } struct dex_debug_local_t debug_locals[regsz]; memset (debug_locals, 0, sizeof (struct dex_debug_local_t) * regsz); if (!(MA & 0x0008)) { debug_locals[argReg].name = ""this""; debug_locals[argReg].descriptor = r_str_newf(""%s;"", class_name); debug_locals[argReg].startAddress = 0; debug_locals[argReg].signature = NULL; debug_locals[argReg].live = true; argReg++; } if (!(params = dex_method_signature2 (bin, MI))) { r_list_free (debug_positions); r_list_free (emitted_debug_locals); return; } RListIter *iter = r_list_iterator (params); char *name; char *type; int reg; r_list_foreach (params, iter, type) { if ((argReg >= regsz) || !type || parameters_size <= 0) { r_list_free (debug_positions); r_list_free (params); r_list_free (emitted_debug_locals); return; } p4 = r_uleb128 (p4, p4_end - p4, ¶m_type_idx); param_type_idx -= 1; name = getstr (bin, param_type_idx); reg = argReg; switch (type[0]) { case 'D': case 'J': argReg += 2; break; default: argReg += 1; break; } if (name) { debug_locals[reg].name = name; debug_locals[reg].descriptor = type; debug_locals[reg].signature = NULL; debug_locals[reg].startAddress = address; debug_locals[reg].live = true; } --parameters_size; } ut8 opcode = *(p4++) & 0xff; while (keep) { switch (opcode) { case 0x0: keep = false; break; case 0x1: { ut64 addr_diff; p4 = r_uleb128 (p4, p4_end - p4, &addr_diff); address += addr_diff; } break; case 0x2: { st64 line_diff = r_sleb128 (&p4, p4_end); line += line_diff; } break; case 0x3: { ut64 register_num; ut64 name_idx; ut64 type_idx; p4 = r_uleb128 (p4, p4_end - p4, ®ister_num); p4 = r_uleb128 (p4, p4_end - p4, &name_idx); name_idx -= 1; p4 = r_uleb128 (p4, p4_end - p4, &type_idx); type_idx -= 1; if (register_num >= regsz) { r_list_free (debug_positions); r_list_free (params); return; } if (debug_locals[register_num].live) { struct dex_debug_local_t *local = malloc ( sizeof (struct dex_debug_local_t)); if (!local) { keep = false; break; } local->name = debug_locals[register_num].name; local->descriptor = debug_locals[register_num].descriptor; local->startAddress = debug_locals[register_num].startAddress; local->signature = debug_locals[register_num].signature; local->live = true; local->reg = register_num; local->endAddress = address; r_list_append (emitted_debug_locals, local); } debug_locals[register_num].name = getstr (bin, name_idx); debug_locals[register_num].descriptor = dex_type_descriptor (bin, type_idx); debug_locals[register_num].startAddress = address; debug_locals[register_num].signature = NULL; debug_locals[register_num].live = true; } break; case 0x4: { ut64 register_num; ut64 name_idx; ut64 type_idx; ut64 sig_idx; p4 = r_uleb128 (p4, p4_end - p4, ®ister_num); p4 = r_uleb128 (p4, p4_end - p4, &name_idx); name_idx -= 1; p4 = r_uleb128 (p4, p4_end - p4, &type_idx); type_idx -= 1; p4 = r_uleb128 (p4, p4_end - p4, &sig_idx); sig_idx -= 1; if (register_num >= regsz) { r_list_free (debug_positions); r_list_free (params); return; } if (debug_locals[register_num].live) { struct dex_debug_local_t *local = malloc ( sizeof (struct dex_debug_local_t)); if (!local) { keep = false; break; } local->name = debug_locals[register_num].name; local->descriptor = debug_locals[register_num].descriptor; local->startAddress = debug_locals[register_num].startAddress; local->signature = debug_locals[register_num].signature; local->live = true; local->reg = register_num; local->endAddress = address; r_list_append (emitted_debug_locals, local); } debug_locals[register_num].name = getstr (bin, name_idx); debug_locals[register_num].descriptor = dex_type_descriptor (bin, type_idx); debug_locals[register_num].startAddress = address; debug_locals[register_num].signature = getstr (bin, sig_idx); debug_locals[register_num].live = true; } break; case 0x5: { ut64 register_num; p4 = r_uleb128 (p4, p4_end - p4, ®ister_num); if (debug_locals[register_num].live) { struct dex_debug_local_t *local = malloc ( sizeof (struct dex_debug_local_t)); if (!local) { keep = false; break; } local->name = debug_locals[register_num].name; local->descriptor = debug_locals[register_num].descriptor; local->startAddress = debug_locals[register_num].startAddress; local->signature = debug_locals[register_num].signature; local->live = true; local->reg = register_num; local->endAddress = address; r_list_append (emitted_debug_locals, local); } debug_locals[register_num].live = false; } break; case 0x6: { ut64 register_num; p4 = r_uleb128 (p4, p4_end - p4, ®ister_num); if (!debug_locals[register_num].live) { debug_locals[register_num].startAddress = address; debug_locals[register_num].live = true; } } break; case 0x7: break; case 0x8: break; case 0x9: { p4 = r_uleb128 (p4, p4_end - p4, &source_file_idx); source_file_idx--; } break; default: { int adjusted_opcode = opcode - 0x0a; address += (adjusted_opcode / 15); line += -4 + (adjusted_opcode % 15); struct dex_debug_position_t *position = malloc (sizeof (struct dex_debug_position_t)); if (!position) { keep = false; break; } position->source_file_idx = source_file_idx; position->address = address; position->line = line; r_list_append (debug_positions, position); } break; } opcode = *(p4++) & 0xff; } if (!binfile->sdb_addrinfo) { binfile->sdb_addrinfo = sdb_new0 (); } char *fileline; char offset[64]; char *offset_ptr; RListIter *iter1; struct dex_debug_position_t *pos; r_list_foreach (debug_positions, iter1, pos) { fileline = r_str_newf (""%s|%""PFMT64d, getstr (bin, pos->source_file_idx), pos->line); offset_ptr = sdb_itoa (pos->address + paddr, offset, 16); sdb_set (binfile->sdb_addrinfo, offset_ptr, fileline, 0); sdb_set (binfile->sdb_addrinfo, fileline, offset_ptr, 0); } if (!dexdump) { r_list_free (debug_positions); r_list_free (emitted_debug_locals); r_list_free (params); return; } RListIter *iter2; struct dex_debug_position_t *position; rbin->cb_printf ("" positions :\n""); r_list_foreach (debug_positions, iter2, position) { rbin->cb_printf ("" 0x%04llx line=%llu\n"", position->address, position->line); } rbin->cb_printf ("" locals :\n""); RListIter *iter3; struct dex_debug_local_t *local; r_list_foreach (emitted_debug_locals, iter3, local) { if (local->signature) { rbin->cb_printf ( "" 0x%04x - 0x%04x reg=%d %s %s %s\n"", local->startAddress, local->endAddress, local->reg, local->name, local->descriptor, local->signature); } else { rbin->cb_printf ( "" 0x%04x - 0x%04x reg=%d %s %s\n"", local->startAddress, local->endAddress, local->reg, local->name, local->descriptor); } } for (reg = 0; reg < regsz; reg++) { if (debug_locals[reg].live) { if (debug_locals[reg].signature) { rbin->cb_printf ( "" 0x%04x - 0x%04x reg=%d %s %s "" ""%s\n"", debug_locals[reg].startAddress, insns_size, reg, debug_locals[reg].name, debug_locals[reg].descriptor, debug_locals[reg].signature); } else { rbin->cb_printf ( "" 0x%04x - 0x%04x reg=%d %s %s"" ""\n"", debug_locals[reg].startAddress, insns_size, reg, debug_locals[reg].name, debug_locals[reg].descriptor); } } } r_list_free (debug_positions); r_list_free (emitted_debug_locals); r_list_free (params); }",visit repo url,libr/bin/p/bin_dex.c,https://github.com/radare/radare2,93766316785460,1 6287,CWE-444,"add_header_value(VALUE hh, const char *key, int klen, const char *val, int vlen) { if (sizeof(content_type) - 1 == klen && 0 == strncasecmp(key, content_type, sizeof(content_type) - 1)) { rb_hash_aset(hh, content_type_val, rb_str_new(val, vlen)); } else if (sizeof(content_length) - 1 == klen && 0 == strncasecmp(key, content_length, sizeof(content_length) - 1)) { rb_hash_aset(hh, content_length_val, rb_str_new(val, vlen)); } else { char hkey[1024]; char *k = hkey; volatile VALUE sval = rb_str_new(val, vlen); strcpy(hkey, ""HTTP_""); k = hkey + 5; if ((int)(sizeof(hkey) - 5) <= klen) { klen = sizeof(hkey) - 6; } strncpy(k, key, klen); hkey[klen + 5] = '\0'; for (k = hkey + 5; '\0' != *k; k++) { if ('-' == *k) { *k = '_'; } else { *k = toupper(*k); } } rb_hash_aset(hh, rb_str_new(hkey, klen + 5), sval); } }",visit repo url,ext/agoo/request.c,https://github.com/ohler55/agoo,220865130135325,1 4283,['CWE-264'],"SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr) { current->clear_child_tid = tidptr; return task_pid_vnr(current); }",linux-2.6,,,229501896955537319861723464784470964585,0 4421,['CWE-264'],"static int proto_seq_show(struct seq_file *seq, void *v) { if (v == &proto_list) seq_printf(seq, ""%-9s %-4s %-8s %-6s %-5s %-7s %-4s %-10s %s"", ""protocol"", ""size"", ""sockets"", ""memory"", ""press"", ""maxhdr"", ""slab"", ""module"", ""cl co di ac io in de sh ss gs se re sp bi br ha uh gp em\n""); else proto_seq_printf(seq, list_entry(v, struct proto, node)); return 0; }",linux-2.6,,,78330929080855298140906021351174616374,0 5275,CWE-330,"static unsigned char *oidc_cache_hash_passphrase(request_rec *r, const char *passphrase) { unsigned char *key = NULL; unsigned int key_len = 0; oidc_jose_error_t err; if (oidc_jose_hash_bytes(r->pool, OIDC_JOSE_ALG_SHA256, (const unsigned char *) passphrase, strlen(passphrase), &key, &key_len, &err) == FALSE) { oidc_error(r, ""oidc_jose_hash_bytes returned an error: %s"", err.text); return NULL; } return key; }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,265781423038176,1 6458,[],"lt_dlexit (void) { lt_dlloader *loader = 0; lt_dlhandle handle = handles; int errors = 0; if (!initialized) { LT__SETERROR (SHUTDOWN); ++errors; goto done; } if (--initialized == 0) { int level; while (handles && LT_DLIS_RESIDENT (handles)) { handles = handles->next; } for (level = 1; handle; ++level) { lt_dlhandle cur = handles; int saw_nonresident = 0; while (cur) { lt_dlhandle tmp = cur; cur = cur->next; if (!LT_DLIS_RESIDENT (tmp)) { saw_nonresident = 1; if (tmp->info.ref_count <= level) { if (lt_dlclose (tmp)) { ++errors; } if (cur) { for (tmp = handles; tmp; tmp = tmp->next) if (tmp == cur) break; if (! tmp) cur = handles; } } } } if (!saw_nonresident) break; } if (!errors) LT__SETERRORSTR (0); for (loader = (lt_dlloader *) lt_dlloader_next (NULL); loader;) { lt_dlloader *next = (lt_dlloader *) lt_dlloader_next (loader); lt_dlvtable *vtable = (lt_dlvtable *) lt_dlloader_get (loader); if ((vtable = lt_dlloader_remove ((char *) vtable->name))) { FREE (vtable); } else { const char *err; LT__GETERROR (err); if (err) ++errors; } loader = next; } FREE(user_search_path); } done: return errors; }",libtool,,,123172650569094566338209558394359130596,0 4889,['CWE-399'],"int sel_loadlut(char __user *p) { return copy_from_user(inwordLut, (u32 __user *)(p+4), 32) ? -EFAULT : 0; }",linux-2.6,,,19761855836235812346912273542965579584,0 3187,CWE-125,"mobility_print(netdissect_options *ndo, const u_char *bp, const u_char *bp2 _U_) { const struct ip6_mobility *mh; const u_char *ep; unsigned mhlen, hlen; uint8_t type; mh = (const struct ip6_mobility *)bp; ep = ndo->ndo_snapend; if (!ND_TTEST(mh->ip6m_len)) { mhlen = ep - bp; goto trunc; } mhlen = (mh->ip6m_len + 1) << 3; ND_TCHECK(mh->ip6m_type); type = mh->ip6m_type; if (type <= IP6M_MAX && mhlen < ip6m_hdrlen[type]) { ND_PRINT((ndo, ""(header length %u is too small for type %u)"", mhlen, type)); goto trunc; } ND_PRINT((ndo, ""mobility: %s"", tok2str(ip6m_str, ""type-#%u"", type))); switch (type) { case IP6M_BINDING_REQUEST: hlen = IP6M_MINLEN; break; case IP6M_HOME_TEST_INIT: case IP6M_CAREOF_TEST_INIT: hlen = IP6M_MINLEN; if (ndo->ndo_vflag) { ND_TCHECK2(*mh, hlen + 8); ND_PRINT((ndo, "" %s Init Cookie=%08x:%08x"", type == IP6M_HOME_TEST_INIT ? ""Home"" : ""Care-of"", EXTRACT_32BITS(&bp[hlen]), EXTRACT_32BITS(&bp[hlen + 4]))); } hlen += 8; break; case IP6M_HOME_TEST: case IP6M_CAREOF_TEST: ND_TCHECK(mh->ip6m_data16[0]); ND_PRINT((ndo, "" nonce id=0x%x"", EXTRACT_16BITS(&mh->ip6m_data16[0]))); hlen = IP6M_MINLEN; if (ndo->ndo_vflag) { ND_TCHECK2(*mh, hlen + 8); ND_PRINT((ndo, "" %s Init Cookie=%08x:%08x"", type == IP6M_HOME_TEST ? ""Home"" : ""Care-of"", EXTRACT_32BITS(&bp[hlen]), EXTRACT_32BITS(&bp[hlen + 4]))); } hlen += 8; if (ndo->ndo_vflag) { ND_TCHECK2(*mh, hlen + 8); ND_PRINT((ndo, "" %s Keygen Token=%08x:%08x"", type == IP6M_HOME_TEST ? ""Home"" : ""Care-of"", EXTRACT_32BITS(&bp[hlen]), EXTRACT_32BITS(&bp[hlen + 4]))); } hlen += 8; break; case IP6M_BINDING_UPDATE: ND_TCHECK(mh->ip6m_data16[0]); ND_PRINT((ndo, "" seq#=%u"", EXTRACT_16BITS(&mh->ip6m_data16[0]))); hlen = IP6M_MINLEN; ND_TCHECK2(*mh, hlen + 1); if (bp[hlen] & 0xf0) ND_PRINT((ndo, "" "")); if (bp[hlen] & 0x80) ND_PRINT((ndo, ""A"")); if (bp[hlen] & 0x40) ND_PRINT((ndo, ""H"")); if (bp[hlen] & 0x20) ND_PRINT((ndo, ""L"")); if (bp[hlen] & 0x10) ND_PRINT((ndo, ""K"")); hlen += 1; hlen += 1; ND_TCHECK2(*mh, hlen + 2); ND_PRINT((ndo, "" lifetime=%u"", EXTRACT_16BITS(&bp[hlen]) << 2)); hlen += 2; break; case IP6M_BINDING_ACK: ND_TCHECK(mh->ip6m_data8[0]); ND_PRINT((ndo, "" status=%u"", mh->ip6m_data8[0])); if (mh->ip6m_data8[1] & 0x80) ND_PRINT((ndo, "" K"")); hlen = IP6M_MINLEN; ND_TCHECK2(*mh, hlen + 2); ND_PRINT((ndo, "" seq#=%u"", EXTRACT_16BITS(&bp[hlen]))); hlen += 2; ND_TCHECK2(*mh, hlen + 2); ND_PRINT((ndo, "" lifetime=%u"", EXTRACT_16BITS(&bp[hlen]) << 2)); hlen += 2; break; case IP6M_BINDING_ERROR: ND_TCHECK(mh->ip6m_data8[0]); ND_PRINT((ndo, "" status=%u"", mh->ip6m_data8[0])); hlen = IP6M_MINLEN; ND_TCHECK2(*mh, hlen + 16); ND_PRINT((ndo, "" homeaddr %s"", ip6addr_string(ndo, &bp[hlen]))); hlen += 16; break; default: ND_PRINT((ndo, "" len=%u"", mh->ip6m_len)); return(mhlen); break; } if (ndo->ndo_vflag) if (mobility_opt_print(ndo, &bp[hlen], mhlen - hlen)) goto trunc; return(mhlen); trunc: ND_PRINT((ndo, ""%s"", tstr)); return(mhlen); }",visit repo url,print-mobility.c,https://github.com/the-tcpdump-group/tcpdump,73646860687208,1 211,[],"static int atalk_pick_and_bind_port(struct sock *sk, struct sockaddr_at *sat) { int retval; write_lock_bh(&atalk_sockets_lock); for (sat->sat_port = ATPORT_RESERVED; sat->sat_port < ATPORT_LAST; sat->sat_port++) { struct sock *s; struct hlist_node *node; sk_for_each(s, node, &atalk_sockets) { struct atalk_sock *at = at_sk(s); if (at->src_net == sat->sat_addr.s_net && at->src_node == sat->sat_addr.s_node && at->src_port == sat->sat_port) goto try_next_port; } __atalk_insert_socket(sk); at_sk(sk)->src_port = sat->sat_port; retval = 0; goto out; try_next_port:; } retval = -EBUSY; out: write_unlock_bh(&atalk_sockets_lock); return retval; }",history,,,326982870442072686057976710085222308843,0 5567,[],"struct sighand_struct *lock_task_sighand(struct task_struct *tsk, unsigned long *flags) { struct sighand_struct *sighand; rcu_read_lock(); for (;;) { sighand = rcu_dereference(tsk->sighand); if (unlikely(sighand == NULL)) break; spin_lock_irqsave(&sighand->siglock, *flags); if (likely(sighand == tsk->sighand)) break; spin_unlock_irqrestore(&sighand->siglock, *flags); } rcu_read_unlock(); return sighand; }",linux-2.6,,,328870717114253006894447234550781523006,0 6241,CWE-190,"void md_hmac(uint8_t *mac, const uint8_t *in, int in_len, const uint8_t *key, int key_len) { #if MD_MAP == SH224 || MD_MAP == SH256 || MD_MAP == B2S160 || MD_MAP == B2S256 #define block_size 64 #elif MD_MAP == SH384 || MD_MAP == SH512 #define block_size 128 #endif uint8_t opad[block_size + RLC_MD_LEN]; uint8_t *ipad = RLC_ALLOCA(uint8_t, block_size + in_len); uint8_t _key[RLC_MAX(RLC_MD_LEN, block_size)]; if (ipad == NULL) { RLC_THROW(ERR_NO_MEMORY); return; } if (key_len > block_size) { md_map(_key, key, key_len); key = _key; key_len = RLC_MD_LEN; } if (key_len <= block_size) { memcpy(_key, key, key_len); memset(_key + key_len, 0, block_size - key_len); key = _key; } for (int i = 0; i < block_size; i++) { opad[i] = 0x5C ^ key[i]; ipad[i] = 0x36 ^ key[i]; } memcpy(ipad + block_size, in, in_len); md_map(opad + block_size, ipad, block_size + in_len); md_map(mac, opad, block_size + RLC_MD_LEN); RLC_FREE(ipad); }",visit repo url,src/md/relic_md_hmac.c,https://github.com/relic-toolkit/relic,370972150287,1 5792,CWE-125,"snmp_ber_encode_type(unsigned char *out, uint32_t *out_len, uint8_t type) { *out-- = type; (*out_len)++; return out; }",visit repo url,os/net/app-layer/snmp/snmp-ber.c,https://github.com/contiki-ng/contiki-ng,92203210216139,1 1157,CWE-264,"SYSCALL_DEFINE4(osf_wait4, pid_t, pid, int __user *, ustatus, int, options, struct rusage32 __user *, ur) { struct rusage r; long ret, err; mm_segment_t old_fs; if (!ur) return sys_wait4(pid, ustatus, options, NULL); old_fs = get_fs(); set_fs (KERNEL_DS); ret = sys_wait4(pid, ustatus, options, (struct rusage __user *) &r); set_fs (old_fs); if (!access_ok(VERIFY_WRITE, ur, sizeof(*ur))) return -EFAULT; err = 0; err |= __put_user(r.ru_utime.tv_sec, &ur->ru_utime.tv_sec); err |= __put_user(r.ru_utime.tv_usec, &ur->ru_utime.tv_usec); err |= __put_user(r.ru_stime.tv_sec, &ur->ru_stime.tv_sec); err |= __put_user(r.ru_stime.tv_usec, &ur->ru_stime.tv_usec); err |= __put_user(r.ru_maxrss, &ur->ru_maxrss); err |= __put_user(r.ru_ixrss, &ur->ru_ixrss); err |= __put_user(r.ru_idrss, &ur->ru_idrss); err |= __put_user(r.ru_isrss, &ur->ru_isrss); err |= __put_user(r.ru_minflt, &ur->ru_minflt); err |= __put_user(r.ru_majflt, &ur->ru_majflt); err |= __put_user(r.ru_nswap, &ur->ru_nswap); err |= __put_user(r.ru_inblock, &ur->ru_inblock); err |= __put_user(r.ru_oublock, &ur->ru_oublock); err |= __put_user(r.ru_msgsnd, &ur->ru_msgsnd); err |= __put_user(r.ru_msgrcv, &ur->ru_msgrcv); err |= __put_user(r.ru_nsignals, &ur->ru_nsignals); err |= __put_user(r.ru_nvcsw, &ur->ru_nvcsw); err |= __put_user(r.ru_nivcsw, &ur->ru_nivcsw); return err ? err : ret; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,83783111808735,1 2951,['CWE-189'],"int jpc_streamlist_insert(jpc_streamlist_t *streamlist, int streamno, jas_stream_t *stream) { jas_stream_t **newstreams; int newmaxstreams; int i; if (streamlist->numstreams >= streamlist->maxstreams) { newmaxstreams = streamlist->maxstreams + 1024; if (!(newstreams = jas_realloc2(streamlist->streams, (newmaxstreams + 1024), sizeof(jas_stream_t *)))) { return -1; } for (i = streamlist->numstreams; i < streamlist->maxstreams; ++i) { streamlist->streams[i] = 0; } streamlist->maxstreams = newmaxstreams; streamlist->streams = newstreams; } if (streamno != streamlist->numstreams) { return -1; } streamlist->streams[streamno] = stream; ++streamlist->numstreams; return 0; }",jasper,,,61848836332420651951676701793391598871,0 1670,[],"void __sched wait_for_completion(struct completion *x) { wait_for_common(x, MAX_SCHEDULE_TIMEOUT, TASK_UNINTERRUPTIBLE); }",linux-2.6,,,178931800003650356817728551914688023131,0 5301,CWE-125,"static void utee_param_to_param(struct tee_ta_param *p, struct utee_params *up) { size_t n; uint32_t types = up->types; p->types = types; for (n = 0; n < TEE_NUM_PARAMS; n++) { uintptr_t a = up->vals[n * 2]; size_t b = up->vals[n * 2 + 1]; switch (TEE_PARAM_TYPE_GET(types, n)) { case TEE_PARAM_TYPE_MEMREF_INPUT: case TEE_PARAM_TYPE_MEMREF_OUTPUT: case TEE_PARAM_TYPE_MEMREF_INOUT: p->u[n].mem.mobj = &mobj_virt; p->u[n].mem.offs = a; p->u[n].mem.size = b; break; case TEE_PARAM_TYPE_VALUE_INPUT: case TEE_PARAM_TYPE_VALUE_INOUT: p->u[n].val.a = a; p->u[n].val.b = b; break; default: memset(&p->u[n], 0, sizeof(p->u[n])); break; } } }",visit repo url,core/tee/tee_svc.c,https://github.com/OP-TEE/optee_os,101521228659798,1 555,[],"static int bad_file_release(struct inode *inode, struct file *filp) { return -EIO; }",linux-2.6,,,217452278576450842928815792842347405201,0 2513,CWE-59,"set_acl(struct archive *a, int fd, const char *name, struct archive_acl *abstract_acl, int ae_requested_type, const char *tname) { int acl_type = 0; acl_t acl; acl_entry_t acl_entry; acl_permset_t acl_permset; #if ARCHIVE_ACL_FREEBSD_NFS4 acl_flagset_t acl_flagset; int r; #endif int ret; int ae_type, ae_permset, ae_tag, ae_id; int perm_map_size; const acl_perm_map_t *perm_map; uid_t ae_uid; gid_t ae_gid; const char *ae_name; int entries; int i; ret = ARCHIVE_OK; entries = archive_acl_reset(abstract_acl, ae_requested_type); if (entries == 0) return (ARCHIVE_OK); switch (ae_requested_type) { case ARCHIVE_ENTRY_ACL_TYPE_ACCESS: acl_type = ACL_TYPE_ACCESS; break; case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT: acl_type = ACL_TYPE_DEFAULT; break; #if ARCHIVE_ACL_FREEBSD_NFS4 case ARCHIVE_ENTRY_ACL_TYPE_NFS4: acl_type = ACL_TYPE_NFS4; break; #endif default: errno = ENOENT; archive_set_error(a, errno, ""Unsupported ACL type""); return (ARCHIVE_FAILED); } acl = acl_init(entries); if (acl == (acl_t)NULL) { archive_set_error(a, errno, ""Failed to initialize ACL working storage""); return (ARCHIVE_FAILED); } while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type, &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) { if (acl_create_entry(&acl, &acl_entry) != 0) { archive_set_error(a, errno, ""Failed to create a new ACL entry""); ret = ARCHIVE_FAILED; goto exit_free; } switch (ae_tag) { case ARCHIVE_ENTRY_ACL_USER: ae_uid = archive_write_disk_uid(a, ae_name, ae_id); acl_set_tag_type(acl_entry, ACL_USER); acl_set_qualifier(acl_entry, &ae_uid); break; case ARCHIVE_ENTRY_ACL_GROUP: ae_gid = archive_write_disk_gid(a, ae_name, ae_id); acl_set_tag_type(acl_entry, ACL_GROUP); acl_set_qualifier(acl_entry, &ae_gid); break; case ARCHIVE_ENTRY_ACL_USER_OBJ: acl_set_tag_type(acl_entry, ACL_USER_OBJ); break; case ARCHIVE_ENTRY_ACL_GROUP_OBJ: acl_set_tag_type(acl_entry, ACL_GROUP_OBJ); break; case ARCHIVE_ENTRY_ACL_MASK: acl_set_tag_type(acl_entry, ACL_MASK); break; case ARCHIVE_ENTRY_ACL_OTHER: acl_set_tag_type(acl_entry, ACL_OTHER); break; #if ARCHIVE_ACL_FREEBSD_NFS4 case ARCHIVE_ENTRY_ACL_EVERYONE: acl_set_tag_type(acl_entry, ACL_EVERYONE); break; #endif default: archive_set_error(a, ARCHIVE_ERRNO_MISC, ""Unsupported ACL tag""); ret = ARCHIVE_FAILED; goto exit_free; } #if ARCHIVE_ACL_FREEBSD_NFS4 r = 0; switch (ae_type) { case ARCHIVE_ENTRY_ACL_TYPE_ALLOW: r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALLOW); break; case ARCHIVE_ENTRY_ACL_TYPE_DENY: r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_DENY); break; case ARCHIVE_ENTRY_ACL_TYPE_AUDIT: r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_AUDIT); break; case ARCHIVE_ENTRY_ACL_TYPE_ALARM: r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALARM); break; case ARCHIVE_ENTRY_ACL_TYPE_ACCESS: case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT: break; default: archive_set_error(a, ARCHIVE_ERRNO_MISC, ""Unsupported ACL entry type""); ret = ARCHIVE_FAILED; goto exit_free; } if (r != 0) { archive_set_error(a, errno, ""Failed to set ACL entry type""); ret = ARCHIVE_FAILED; goto exit_free; } #endif if (acl_get_permset(acl_entry, &acl_permset) != 0) { archive_set_error(a, errno, ""Failed to get ACL permission set""); ret = ARCHIVE_FAILED; goto exit_free; } if (acl_clear_perms(acl_permset) != 0) { archive_set_error(a, errno, ""Failed to clear ACL permissions""); ret = ARCHIVE_FAILED; goto exit_free; } #if ARCHIVE_ACL_FREEBSD_NFS4 if (ae_requested_type == ARCHIVE_ENTRY_ACL_TYPE_NFS4) { perm_map_size = acl_nfs4_perm_map_size; perm_map = acl_nfs4_perm_map; } else { #endif perm_map_size = acl_posix_perm_map_size; perm_map = acl_posix_perm_map; #if ARCHIVE_ACL_FREEBSD_NFS4 } #endif for (i = 0; i < perm_map_size; ++i) { if (ae_permset & perm_map[i].a_perm) { if (acl_add_perm(acl_permset, perm_map[i].p_perm) != 0) { archive_set_error(a, errno, ""Failed to add ACL permission""); ret = ARCHIVE_FAILED; goto exit_free; } } } #if ARCHIVE_ACL_FREEBSD_NFS4 if (ae_requested_type == ARCHIVE_ENTRY_ACL_TYPE_NFS4) { if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) { archive_set_error(a, errno, ""Failed to get flagset from an NFSv4 "" ""ACL entry""); ret = ARCHIVE_FAILED; goto exit_free; } if (acl_clear_flags_np(acl_flagset) != 0) { archive_set_error(a, errno, ""Failed to clear flags from an NFSv4 "" ""ACL flagset""); ret = ARCHIVE_FAILED; goto exit_free; } for (i = 0; i < acl_nfs4_flag_map_size; ++i) { if (ae_permset & acl_nfs4_flag_map[i].a_perm) { if (acl_add_flag_np(acl_flagset, acl_nfs4_flag_map[i].p_perm) != 0) { archive_set_error(a, errno, ""Failed to add flag to "" ""NFSv4 ACL flagset""); ret = ARCHIVE_FAILED; goto exit_free; } } } } #endif } if (fd >= 0) { if (acl_set_fd_np(fd, acl, acl_type) == 0) ret = ARCHIVE_OK; else { if (errno == EOPNOTSUPP) { ret = ARCHIVE_OK; } else { archive_set_error(a, errno, ""Failed to set acl on fd: %s"", tname); ret = ARCHIVE_WARN; } } } #if HAVE_ACL_SET_LINK_NP else if (acl_set_link_np(name, acl_type, acl) != 0) #else else if (acl_set_file(name, acl_type, acl) != 0) #endif { if (errno == EOPNOTSUPP) { ret = ARCHIVE_OK; } else { archive_set_error(a, errno, ""Failed to set acl: %s"", tname); ret = ARCHIVE_WARN; } } exit_free: acl_free(acl); return (ret); }",visit repo url,libarchive/archive_disk_acl_freebsd.c,https://github.com/libarchive/libarchive,14685115379654,1 1322,['CWE-119'],"static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag) { unsigned char ch; *tag = 0; do { if (!asn1_octet_decode(ctx, &ch)) return 0; *tag <<= 7; *tag |= ch & 0x7F; } while ((ch & 0x80) == 0x80); return 1; }",linux-2.6,,,76655192200403859047570644219662572073,0 5103,['CWE-20'],"static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu) { u32 exit_reason = vmcs_read32(VM_EXIT_REASON); struct vcpu_vmx *vmx = to_vmx(vcpu); u32 vectoring_info = vmx->idt_vectoring_info; KVMTRACE_3D(VMEXIT, vcpu, exit_reason, (u32)kvm_rip_read(vcpu), (u32)((u64)kvm_rip_read(vcpu) >> 32), entryexit); if (vmx->emulation_required && emulate_invalid_guest_state) { if (guest_state_valid(vcpu)) vmx->emulation_required = 0; return vmx->invalid_state_emulation_result != EMULATE_DO_MMIO; } if (vm_need_ept() && is_paging(vcpu)) { vcpu->arch.cr3 = vmcs_readl(GUEST_CR3); ept_load_pdptrs(vcpu); } if (unlikely(vmx->fail)) { kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY; kvm_run->fail_entry.hardware_entry_failure_reason = vmcs_read32(VM_INSTRUCTION_ERROR); return 0; } if ((vectoring_info & VECTORING_INFO_VALID_MASK) && (exit_reason != EXIT_REASON_EXCEPTION_NMI && exit_reason != EXIT_REASON_EPT_VIOLATION && exit_reason != EXIT_REASON_TASK_SWITCH)) printk(KERN_WARNING ""%s: unexpected, valid vectoring info "" ""(0x%x) and exit reason is 0x%x\n"", __func__, vectoring_info, exit_reason); if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) { if (vcpu->arch.interrupt_window_open) { vmx->soft_vnmi_blocked = 0; vcpu->arch.nmi_window_open = 1; } else if (vmx->vnmi_blocked_time > 1000000000LL && vcpu->arch.nmi_pending) { printk(KERN_WARNING ""%s: Breaking out of NMI-blocked "" ""state on VCPU %d after 1 s timeout\n"", __func__, vcpu->vcpu_id); vmx->soft_vnmi_blocked = 0; vmx->vcpu.arch.nmi_window_open = 1; } } if (exit_reason < kvm_vmx_max_exit_handlers && kvm_vmx_exit_handlers[exit_reason]) return kvm_vmx_exit_handlers[exit_reason](vcpu, kvm_run); else { kvm_run->exit_reason = KVM_EXIT_UNKNOWN; kvm_run->hw.hardware_exit_reason = exit_reason; } return 0; }",linux-2.6,,,189567483175801996371889659466820060892,0 1405,[],"static void __dequeue_entity(struct cfs_rq *cfs_rq, struct sched_entity *se) { if (cfs_rq->rb_leftmost == &se->run_node) { struct rb_node *next_node; struct sched_entity *next; next_node = rb_next(&se->run_node); cfs_rq->rb_leftmost = next_node; if (next_node) { next = rb_entry(next_node, struct sched_entity, run_node); cfs_rq->min_vruntime = max_vruntime(cfs_rq->min_vruntime, next->vruntime); } } if (cfs_rq->next == se) cfs_rq->next = NULL; rb_erase(&se->run_node, &cfs_rq->tasks_timeline); }",linux-2.6,,,59529058681912028187569742872114528101,0 4996,['CWE-346'],"struct udev_monitor *udev_monitor_new_from_socket(struct udev *udev, const char *socket_path) { struct udev_monitor *udev_monitor; struct stat statbuf; if (udev == NULL) return NULL; if (socket_path == NULL) return NULL; udev_monitor = calloc(1, sizeof(struct udev_monitor)); if (udev_monitor == NULL) return NULL; udev_monitor->refcount = 1; udev_monitor->udev = udev; udev_monitor->sun.sun_family = AF_LOCAL; if (socket_path[0] == '@') { util_strlcpy(udev_monitor->sun.sun_path, socket_path, sizeof(udev_monitor->sun.sun_path)); udev_monitor->sun.sun_path[0] = '\0'; udev_monitor->addrlen = offsetof(struct sockaddr_un, sun_path) + strlen(socket_path); } else if (stat(socket_path, &statbuf) == 0 && S_ISSOCK(statbuf.st_mode)) { util_strlcpy(udev_monitor->sun.sun_path, socket_path, sizeof(udev_monitor->sun.sun_path)); udev_monitor->addrlen = offsetof(struct sockaddr_un, sun_path) + strlen(socket_path); } else { util_strlcpy(&udev_monitor->sun.sun_path[1], socket_path, sizeof(udev_monitor->sun.sun_path)-1); udev_monitor->addrlen = offsetof(struct sockaddr_un, sun_path) + strlen(socket_path)+1; } udev_monitor->sock = socket(AF_LOCAL, SOCK_DGRAM, 0); if (udev_monitor->sock == -1) { err(udev, ""error getting socket: %m\n""); free(udev_monitor); return NULL; } util_set_fd_cloexec(udev_monitor->sock); dbg(udev, ""monitor %p created with '%s'\n"", udev_monitor, socket_path); return udev_monitor; }",udev,,,139731742118803162060173564147629566645,0 181,[],"asmlinkage long compat_sys_newlstat(char __user * filename, struct compat_stat __user *statbuf) { struct kstat stat; int error = vfs_lstat_fd(AT_FDCWD, filename, &stat); if (!error) error = cp_compat_stat(&stat, statbuf); return error; }",linux-2.6,,,50320502487097409978534173735044406537,0 3484,CWE-295,"void do_connect(struct st_command *command) { int con_port= opt_port; char *con_options; my_bool con_ssl= 0, con_compress= 0; my_bool con_pipe= 0, con_shm= 0, con_cleartext_enable= 0; my_bool con_secure_auth= 1; struct st_connection* con_slot; static DYNAMIC_STRING ds_connection_name; static DYNAMIC_STRING ds_host; static DYNAMIC_STRING ds_user; static DYNAMIC_STRING ds_password; static DYNAMIC_STRING ds_database; static DYNAMIC_STRING ds_port; static DYNAMIC_STRING ds_sock; static DYNAMIC_STRING ds_options; static DYNAMIC_STRING ds_default_auth; #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) static DYNAMIC_STRING ds_shm; #endif const struct command_arg connect_args[] = { { ""connection name"", ARG_STRING, TRUE, &ds_connection_name, ""Name of the connection"" }, { ""host"", ARG_STRING, TRUE, &ds_host, ""Host to connect to"" }, { ""user"", ARG_STRING, FALSE, &ds_user, ""User to connect as"" }, { ""passsword"", ARG_STRING, FALSE, &ds_password, ""Password used when connecting"" }, { ""database"", ARG_STRING, FALSE, &ds_database, ""Database to select after connect"" }, { ""port"", ARG_STRING, FALSE, &ds_port, ""Port to connect to"" }, { ""socket"", ARG_STRING, FALSE, &ds_sock, ""Socket to connect with"" }, { ""options"", ARG_STRING, FALSE, &ds_options, ""Options to use while connecting"" }, { ""default_auth"", ARG_STRING, FALSE, &ds_default_auth, ""Default authentication to use"" } }; DBUG_ENTER(""do_connect""); DBUG_PRINT(""enter"",(""connect: %s"", command->first_argument)); strip_parentheses(command); check_command_args(command, command->first_argument, connect_args, sizeof(connect_args)/sizeof(struct command_arg), ','); if (ds_port.length) { con_port= atoi(ds_port.str); if (con_port == 0) die(""Illegal argument for port: '%s'"", ds_port.str); } #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) init_dynamic_string(&ds_shm, ds_sock.str, 0, 0); #endif if (ds_sock.length) { if (*ds_sock.str != FN_LIBCHAR) { char buff[FN_REFLEN]; fn_format(buff, ds_sock.str, TMPDIR, """", 0); dynstr_set(&ds_sock, buff); } } else { dynstr_set(&ds_sock, unix_sock); } DBUG_PRINT(""info"", (""socket: %s"", ds_sock.str)); con_options= ds_options.str; while (*con_options) { char* end; while (*con_options && my_isspace(charset_info, *con_options)) con_options++; end= con_options; while (*end && !my_isspace(charset_info, *end)) end++; if (!strncmp(con_options, ""SSL"", 3)) con_ssl= 1; else if (!strncmp(con_options, ""COMPRESS"", 8)) con_compress= 1; else if (!strncmp(con_options, ""PIPE"", 4)) con_pipe= 1; else if (!strncmp(con_options, ""SHM"", 3)) con_shm= 1; else if (!strncmp(con_options, ""CLEARTEXT"", 9)) con_cleartext_enable= 1; else if (!strncmp(con_options, ""SKIPSECUREAUTH"",14)) con_secure_auth= 0; else die(""Illegal option to connect: %.*s"", (int) (end - con_options), con_options); con_options= end; } if (find_connection_by_name(ds_connection_name.str)) die(""Connection %s already exists"", ds_connection_name.str); if (next_con != connections_end) con_slot= next_con; else { if (!(con_slot= find_connection_by_name(""-closed_connection-""))) die(""Connection limit exhausted, you can have max %d connections"", opt_max_connections); } #ifdef EMBEDDED_LIBRARY init_connection_thd(con_slot); #endif if (!mysql_init(&con_slot->mysql)) die(""Failed on mysql_init()""); if (opt_connect_timeout) mysql_options(&con_slot->mysql, MYSQL_OPT_CONNECT_TIMEOUT, (void *) &opt_connect_timeout); if (opt_compress || con_compress) mysql_options(&con_slot->mysql, MYSQL_OPT_COMPRESS, NullS); mysql_options(&con_slot->mysql, MYSQL_OPT_LOCAL_INFILE, 0); mysql_options(&con_slot->mysql, MYSQL_SET_CHARSET_NAME, charset_info->csname); if (opt_charsets_dir) mysql_options(&con_slot->mysql, MYSQL_SET_CHARSET_DIR, opt_charsets_dir); #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) if (opt_use_ssl) con_ssl= 1; #endif if (con_ssl) { #if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY) mysql_ssl_set(&con_slot->mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca, opt_ssl_capath, opt_ssl_cipher); mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRL, opt_ssl_crl); mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_CRLPATH, opt_ssl_crlpath); #if MYSQL_VERSION_ID >= 50000 opt_ssl_verify_server_cert= !strcmp(ds_host.str, ""localhost""); mysql_options(&con_slot->mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &opt_ssl_verify_server_cert); #endif #endif } if (con_pipe) { #if defined(_WIN32) && !defined(EMBEDDED_LIBRARY) opt_protocol= MYSQL_PROTOCOL_PIPE; #endif } #ifndef EMBEDDED_LIBRARY if (opt_protocol) mysql_options(&con_slot->mysql, MYSQL_OPT_PROTOCOL, (char*) &opt_protocol); #endif if (con_shm) { #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) uint protocol= MYSQL_PROTOCOL_MEMORY; if (!ds_shm.length) die(""Missing shared memory base name""); mysql_options(&con_slot->mysql, MYSQL_SHARED_MEMORY_BASE_NAME, ds_shm.str); mysql_options(&con_slot->mysql, MYSQL_OPT_PROTOCOL, &protocol); #endif } #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) else if (shared_memory_base_name) { mysql_options(&con_slot->mysql, MYSQL_SHARED_MEMORY_BASE_NAME, shared_memory_base_name); } #endif if (ds_database.length == 0) dynstr_set(&ds_database, opt_db); if (opt_plugin_dir && *opt_plugin_dir) mysql_options(&con_slot->mysql, MYSQL_PLUGIN_DIR, opt_plugin_dir); if (ds_default_auth.length) mysql_options(&con_slot->mysql, MYSQL_DEFAULT_AUTH, ds_default_auth.str); #if !defined(HAVE_YASSL) if (opt_server_public_key && *opt_server_public_key) mysql_options(&con_slot->mysql, MYSQL_SERVER_PUBLIC_KEY, opt_server_public_key); #endif if (con_cleartext_enable) mysql_options(&con_slot->mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, (char*) &con_cleartext_enable); if (!con_secure_auth) mysql_options(&con_slot->mysql, MYSQL_SECURE_AUTH, (char*) &con_secure_auth); if (ds_database.length && !strcmp(ds_database.str,""*NO-ONE*"")) dynstr_set(&ds_database, """"); if (connect_n_handle_errors(command, &con_slot->mysql, ds_host.str,ds_user.str, ds_password.str, ds_database.str, con_port, ds_sock.str)) { DBUG_PRINT(""info"", (""Inserting connection %s in connection pool"", ds_connection_name.str)); if (!(con_slot->name= my_strdup(PSI_NOT_INSTRUMENTED, ds_connection_name.str, MYF(MY_WME)))) die(""Out of memory""); con_slot->name_len= strlen(con_slot->name); set_current_connection(con_slot); if (con_slot == next_con) next_con++; } dynstr_free(&ds_connection_name); dynstr_free(&ds_host); dynstr_free(&ds_user); dynstr_free(&ds_password); dynstr_free(&ds_database); dynstr_free(&ds_port); dynstr_free(&ds_sock); dynstr_free(&ds_options); dynstr_free(&ds_default_auth); #if defined (_WIN32) && !defined (EMBEDDED_LIBRARY) dynstr_free(&ds_shm); #endif DBUG_VOID_RETURN; }",visit repo url,client/mysqltest.cc,https://github.com/mysql/mysql-server,89320860187983,1 4920,CWE-59,"read_file(gchar* filepath) { FILE * f; size_t length; gchar *ret = NULL; f = fopen(filepath, ""rb""); if (f) { fseek(f, 0, SEEK_END); length = (size_t)ftell(f); fseek(f, 0, SEEK_SET); ret = MALLOC(length + 1); if (ret) { if (fread(ret, length, 1, f) != 1) { log_message(LOG_INFO, ""Failed to read all of %s"", filepath); } ret[length] = '\0'; } else log_message(LOG_INFO, ""Unable to read Dbus file %s"", filepath); fclose(f); } return ret; }",visit repo url,keepalived/vrrp/vrrp_dbus.c,https://github.com/acassen/keepalived,36515012306851,1 1612,[],"int alloc_fair_sched_group(struct task_group *tg, struct task_group *parent) { struct cfs_rq *cfs_rq; struct sched_entity *se, *parent_se; struct rq *rq; int i; tg->cfs_rq = kzalloc(sizeof(cfs_rq) * nr_cpu_ids, GFP_KERNEL); if (!tg->cfs_rq) goto err; tg->se = kzalloc(sizeof(se) * nr_cpu_ids, GFP_KERNEL); if (!tg->se) goto err; tg->shares = NICE_0_LOAD; for_each_possible_cpu(i) { rq = cpu_rq(i); cfs_rq = kmalloc_node(sizeof(struct cfs_rq), GFP_KERNEL|__GFP_ZERO, cpu_to_node(i)); if (!cfs_rq) goto err; se = kmalloc_node(sizeof(struct sched_entity), GFP_KERNEL|__GFP_ZERO, cpu_to_node(i)); if (!se) goto err; parent_se = parent ? parent->se[i] : NULL; init_tg_cfs_entry(tg, cfs_rq, se, i, 0, parent_se); } return 1; err: return 0; }",linux-2.6,,,205319484890270460505608588195500855910,0 1851,['CWE-189'],"_gnutls_recv_finished (gnutls_session_t session) { uint8_t data[36], *vrfy; int data_size; int ret; int vrfysize; ret = _gnutls_recv_handshake (session, &vrfy, &vrfysize, GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); if (ret < 0) { ERR (""recv finished int"", ret); gnutls_assert (); return ret; } if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) { data_size = 36; } else { data_size = 12; } if (vrfysize != data_size) { gnutls_assert (); gnutls_free (vrfy); return GNUTLS_E_ERROR_IN_FINISHED_PACKET; } if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) { ret = _gnutls_ssl3_finished (session, (session->security_parameters. entity + 1) % 2, data); } else { ret = _gnutls_finished (session, (session->security_parameters.entity + 1) % 2, data); } if (ret < 0) { gnutls_assert (); gnutls_free (vrfy); return ret; } if (memcmp (vrfy, data, data_size) != 0) { gnutls_assert (); ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET; } gnutls_free (vrfy); return ret; }",gnutls,,,208583876686042439858507352985081234155,0 5911,['CWE-909'],"int qdisc_class_hash_init(struct Qdisc_class_hash *clhash) { unsigned int size = 4; clhash->hash = qdisc_class_hash_alloc(size); if (clhash->hash == NULL) return -ENOMEM; clhash->hashsize = size; clhash->hashmask = size - 1; clhash->hashelems = 0; return 0; }",linux-2.6,,,261999102049619678184969145134986858965,0 3976,CWE-254,"int bzrtp_packetParser(bzrtpContext_t *zrtpContext, bzrtpChannelContext_t *zrtpChannelContext, const uint8_t * input, uint16_t inputLength, bzrtpPacket_t *zrtpPacket) { int i; uint8_t *messageContent = (uint8_t *)(input+ZRTP_PACKET_HEADER_LENGTH+ZRTP_MESSAGE_HEADER_LENGTH); switch (zrtpPacket->messageType) { case MSGTYPE_HELLO : { bzrtpHelloMessage_t *messageData; messageData = (bzrtpHelloMessage_t *)malloc(sizeof(bzrtpHelloMessage_t)); memcpy(messageData->version, messageContent, 4); messageContent +=4; memcpy(messageData->clientIdentifier, messageContent, 16); messageContent +=16; memcpy(messageData->H3, messageContent, 32); messageContent +=32; memcpy(messageData->ZID, messageContent, 12); messageContent +=12; messageData->S = ((*messageContent)>>6)&0x01; messageData->M = ((*messageContent)>>5)&0x01; messageData->P = ((*messageContent)>>4)&0x01; messageContent +=1; messageData->hc = MIN((*messageContent)&0x0F, 7); messageContent +=1; messageData->cc = MIN(((*messageContent)>>4)&0x0F, 7); messageData->ac = MIN((*messageContent)&0x0F, 7); messageContent +=1; messageData->kc = MIN(((*messageContent)>>4)&0x0F, 7); messageData->sc = MIN((*messageContent)&0x0F, 7); messageContent +=1; if (zrtpPacket->messageLength != ZRTP_HELLOMESSAGE_FIXED_LENGTH + 4*((uint16_t)(messageData->hc)+(uint16_t)(messageData->cc)+(uint16_t)(messageData->ac)+(uint16_t)(messageData->kc)+(uint16_t)(messageData->sc))) { free(messageData); return BZRTP_PARSER_ERROR_INVALIDMESSAGE; } for (i=0; ihc; i++) { messageData->supportedHash[i] = cryptoAlgoTypeStringToInt(messageContent, ZRTP_HASH_TYPE); messageContent +=4; } for (i=0; icc; i++) { messageData->supportedCipher[i] = cryptoAlgoTypeStringToInt(messageContent, ZRTP_CIPHERBLOCK_TYPE); messageContent +=4; } for (i=0; iac; i++) { messageData->supportedAuthTag[i] = cryptoAlgoTypeStringToInt(messageContent, ZRTP_AUTHTAG_TYPE); messageContent +=4; } for (i=0; ikc; i++) { messageData->supportedKeyAgreement[i] = cryptoAlgoTypeStringToInt(messageContent, ZRTP_KEYAGREEMENT_TYPE); messageContent +=4; } for (i=0; isc; i++) { messageData->supportedSas[i] = cryptoAlgoTypeStringToInt(messageContent, ZRTP_SAS_TYPE); messageContent +=4; } addMandatoryCryptoTypesIfNeeded(ZRTP_HASH_TYPE, messageData->supportedHash, &messageData->hc); addMandatoryCryptoTypesIfNeeded(ZRTP_CIPHERBLOCK_TYPE, messageData->supportedCipher, &messageData->cc); addMandatoryCryptoTypesIfNeeded(ZRTP_AUTHTAG_TYPE, messageData->supportedAuthTag, &messageData->ac); addMandatoryCryptoTypesIfNeeded(ZRTP_KEYAGREEMENT_TYPE, messageData->supportedKeyAgreement, &messageData->kc); addMandatoryCryptoTypesIfNeeded(ZRTP_SAS_TYPE, messageData->supportedSas, &messageData->sc); memcpy(messageData->MAC, messageContent, 8); zrtpPacket->messageData = (void *)messageData; zrtpPacket->packetString = (uint8_t *)malloc(inputLength*sizeof(uint8_t)); memcpy(zrtpPacket->packetString, input, inputLength); } break; case MSGTYPE_HELLOACK : { if (zrtpPacket->messageLength != ZRTP_HELLOACKMESSAGE_FIXED_LENGTH) { return BZRTP_PARSER_ERROR_INVALIDMESSAGE; } } break; case MSGTYPE_COMMIT: { uint8_t checkH3[32]; uint8_t checkMAC[32]; bzrtpHelloMessage_t *peerHelloMessageData; uint16_t variableLength = 0; bzrtpCommitMessage_t *messageData; messageData = (bzrtpCommitMessage_t *)malloc(sizeof(bzrtpCommitMessage_t)); memcpy(messageData->H2, messageContent, 32); messageContent +=32; if (zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID] == NULL) { free (messageData); return BZRTP_PARSER_ERROR_UNEXPECTEDMESSAGE; } peerHelloMessageData = (bzrtpHelloMessage_t *)zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->messageData; bctoolbox_sha256(messageData->H2, 32, 32, checkH3); if (memcmp(checkH3, peerHelloMessageData->H3, 32) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGHASHCHAIN; } bctoolbox_hmacSha256(messageData->H2, 32, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->messageLength-8, 8, checkMAC); if (memcmp(checkMAC, peerHelloMessageData->MAC, 8) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGMAC; } memcpy(messageData->ZID, messageContent, 12); messageContent +=12; messageData->hashAlgo = cryptoAlgoTypeStringToInt(messageContent, ZRTP_HASH_TYPE); messageContent += 4; messageData->cipherAlgo = cryptoAlgoTypeStringToInt(messageContent, ZRTP_CIPHERBLOCK_TYPE); messageContent += 4; messageData->authTagAlgo = cryptoAlgoTypeStringToInt(messageContent, ZRTP_AUTHTAG_TYPE); messageContent += 4; messageData->keyAgreementAlgo = cryptoAlgoTypeStringToInt(messageContent, ZRTP_KEYAGREEMENT_TYPE); messageContent += 4; switch(messageData->keyAgreementAlgo) { case ZRTP_KEYAGREEMENT_DH2k : case ZRTP_KEYAGREEMENT_EC25 : case ZRTP_KEYAGREEMENT_DH3k : case ZRTP_KEYAGREEMENT_EC38 : case ZRTP_KEYAGREEMENT_EC52 : variableLength = 32; break; case ZRTP_KEYAGREEMENT_Prsh : variableLength = 24; break; case ZRTP_KEYAGREEMENT_Mult : variableLength = 16; break; default: free(messageData); return BZRTP_PARSER_ERROR_INVALIDMESSAGE; } if (zrtpPacket->messageLength != ZRTP_COMMITMESSAGE_FIXED_LENGTH + variableLength) { free(messageData); return BZRTP_PARSER_ERROR_INVALIDMESSAGE; } messageData->sasAlgo = cryptoAlgoTypeStringToInt(messageContent, ZRTP_SAS_TYPE); messageContent += 4; if ((messageData->keyAgreementAlgo == ZRTP_KEYAGREEMENT_Prsh) || (messageData->keyAgreementAlgo == ZRTP_KEYAGREEMENT_Mult)) { memcpy(messageData->nonce, messageContent, 16); messageContent +=16; if (messageData->keyAgreementAlgo == ZRTP_KEYAGREEMENT_Prsh) { memcpy(messageData->keyID, messageContent, 8); messageContent +=8; } } else { memcpy(messageData->hvi, messageContent, 32); messageContent +=32; } memcpy(messageData->MAC, messageContent, 8); zrtpPacket->messageData = (void *)messageData; zrtpPacket->packetString = (uint8_t *)malloc(inputLength*sizeof(uint8_t)); memcpy(zrtpPacket->packetString, input, inputLength); } break; case MSGTYPE_DHPART1 : case MSGTYPE_DHPART2 : { bzrtpDHPartMessage_t *messageData; uint16_t pvLength = computeKeyAgreementPrivateValueLength(zrtpChannelContext->keyAgreementAlgo); if (pvLength == 0) { return BZRTP_PARSER_ERROR_INVALIDCONTEXT; } if (zrtpPacket->messageLength != ZRTP_DHPARTMESSAGE_FIXED_LENGTH+pvLength) { return BZRTP_PARSER_ERROR_INVALIDMESSAGE; } messageData = (bzrtpDHPartMessage_t *)malloc(sizeof(bzrtpDHPartMessage_t)); messageData->pv = (uint8_t *)malloc(pvLength*sizeof(uint8_t)); memcpy(messageData->H1, messageContent, 32); messageContent +=32; if ( zrtpChannelContext->role == RESPONDER) { uint8_t checkH2[32]; uint8_t checkMAC[32]; bzrtpCommitMessage_t *peerCommitMessageData; if (zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID] == NULL) { free (messageData); return BZRTP_PARSER_ERROR_UNEXPECTEDMESSAGE; } peerCommitMessageData = (bzrtpCommitMessage_t *)zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->messageData; bctoolbox_sha256(messageData->H1, 32, 32, checkH2); if (memcmp(checkH2, peerCommitMessageData->H2, 32) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGHASHCHAIN; } bctoolbox_hmacSha256(messageData->H1, 32, zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->messageLength-8, 8, checkMAC); if (memcmp(checkMAC, peerCommitMessageData->MAC, 8) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGMAC; } } else { uint8_t checkH2[32]; uint8_t checkH3[32]; uint8_t checkMAC[32]; bzrtpHelloMessage_t *peerHelloMessageData; if (zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID] == NULL) { free (messageData); return BZRTP_PARSER_ERROR_UNEXPECTEDMESSAGE; } peerHelloMessageData = (bzrtpHelloMessage_t *)zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->messageData; bctoolbox_sha256(messageData->H1, 32, 32, checkH2); bctoolbox_sha256(checkH2, 32, 32, checkH3); if (memcmp(checkH3, peerHelloMessageData->H3, 32) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGHASHCHAIN; } bctoolbox_hmacSha256(checkH2, 32, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->messageLength-8, 8, checkMAC); if (memcmp(checkMAC, peerHelloMessageData->MAC, 8) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGMAC; } } memcpy(messageData->rs1ID, messageContent, 8); messageContent +=8; memcpy(messageData->rs2ID, messageContent, 8); messageContent +=8; memcpy(messageData->auxsecretID, messageContent, 8); messageContent +=8; memcpy(messageData->pbxsecretID, messageContent, 8); messageContent +=8; memcpy(messageData->pv, messageContent, pvLength); messageContent +=pvLength; memcpy(messageData->MAC, messageContent, 8); zrtpPacket->messageData = (void *)messageData; zrtpPacket->packetString = (uint8_t *)malloc(inputLength*sizeof(uint8_t)); memcpy(zrtpPacket->packetString, input, inputLength); } break; case MSGTYPE_CONFIRM1: case MSGTYPE_CONFIRM2: { uint8_t *confirmMessageKey = NULL; uint8_t *confirmMessageMacKey = NULL; bzrtpConfirmMessage_t *messageData; uint16_t cipherTextLength; uint8_t computedHmac[8]; uint8_t *confirmPlainMessageBuffer; uint8_t *confirmPlainMessage; if (zrtpChannelContext->role == RESPONDER) { if ((zrtpChannelContext->zrtpkeyi == NULL) || (zrtpChannelContext->mackeyi == NULL)) { return BZRTP_PARSER_ERROR_INVALIDCONTEXT; } confirmMessageKey = zrtpChannelContext->zrtpkeyi; confirmMessageMacKey = zrtpChannelContext->mackeyi; } if (zrtpChannelContext->role == INITIATOR) { if ((zrtpChannelContext->zrtpkeyr == NULL) || (zrtpChannelContext->mackeyr == NULL)) { return BZRTP_PARSER_ERROR_INVALIDCONTEXT; } confirmMessageKey = zrtpChannelContext->zrtpkeyr; confirmMessageMacKey = zrtpChannelContext->mackeyr; } messageData = (bzrtpConfirmMessage_t *)malloc(sizeof(bzrtpConfirmMessage_t)); memcpy(messageData->confirm_mac, messageContent, 8); messageContent +=8; memcpy(messageData->CFBIV, messageContent, 16); messageContent +=16; cipherTextLength = zrtpPacket->messageLength - ZRTP_MESSAGE_HEADER_LENGTH - 24; zrtpChannelContext->hmacFunction(confirmMessageMacKey, zrtpChannelContext->hashLength, messageContent, cipherTextLength, 8, computedHmac); if (memcmp(computedHmac, messageData->confirm_mac, 8) != 0) { free(messageData); return BZRTP_PARSER_ERROR_UNMATCHINGCONFIRMMAC; } confirmPlainMessageBuffer = (uint8_t *)malloc(cipherTextLength*sizeof(uint8_t)); zrtpChannelContext->cipherDecryptionFunction(confirmMessageKey, messageData->CFBIV, messageContent, cipherTextLength, confirmPlainMessageBuffer); confirmPlainMessage = confirmPlainMessageBuffer; memcpy(messageData->H0, confirmPlainMessage, 32); confirmPlainMessage +=33; if (zrtpChannelContext->keyAgreementAlgo == ZRTP_KEYAGREEMENT_Prsh || zrtpChannelContext->keyAgreementAlgo == ZRTP_KEYAGREEMENT_Mult) { uint8_t checkH1[32]; bctoolbox_sha256(messageData->H0, 32, 32, checkH1); if ( zrtpChannelContext->role == RESPONDER) { uint8_t checkH2[32]; uint8_t checkMAC[32]; bzrtpCommitMessage_t *peerCommitMessageData; if (zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID] == NULL) { free (messageData); return BZRTP_PARSER_ERROR_UNEXPECTEDMESSAGE; } peerCommitMessageData = (bzrtpCommitMessage_t *)zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->messageData; bctoolbox_sha256(checkH1, 32, 32, checkH2); if (memcmp(checkH2, peerCommitMessageData->H2, 32) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGHASHCHAIN; } bctoolbox_hmacSha256(checkH1, 32, zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[COMMIT_MESSAGE_STORE_ID]->messageLength-8, 8, checkMAC); if (memcmp(checkMAC, peerCommitMessageData->MAC, 8) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGMAC; } } else { uint8_t checkH2[32]; uint8_t checkH3[32]; uint8_t checkMAC[32]; bzrtpHelloMessage_t *peerHelloMessageData; if (zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID] == NULL) { free (messageData); return BZRTP_PARSER_ERROR_UNEXPECTEDMESSAGE; } peerHelloMessageData = (bzrtpHelloMessage_t *)zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->messageData; bctoolbox_sha256(checkH1, 32, 32, checkH2); bctoolbox_sha256(checkH2, 32, 32, checkH3); if (memcmp(checkH3, peerHelloMessageData->H3, 32) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGHASHCHAIN; } bctoolbox_hmacSha256(checkH2, 32, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[HELLO_MESSAGE_STORE_ID]->messageLength-8, 8, checkMAC); if (memcmp(checkMAC, peerHelloMessageData->MAC, 8) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGMAC; } } } else { uint8_t checkH1[32]; uint8_t checkMAC[32]; bzrtpDHPartMessage_t *peerDHPartMessageData; if (zrtpChannelContext->peerPackets[DHPART_MESSAGE_STORE_ID] == NULL) { free (messageData); return BZRTP_PARSER_ERROR_UNEXPECTEDMESSAGE; } peerDHPartMessageData = (bzrtpDHPartMessage_t *)zrtpChannelContext->peerPackets[DHPART_MESSAGE_STORE_ID]->messageData; bctoolbox_sha256(messageData->H0, 32, 32, checkH1); if (memcmp(checkH1, peerDHPartMessageData->H1, 32) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGHASHCHAIN; } bctoolbox_hmacSha256(messageData->H0, 32, zrtpChannelContext->peerPackets[DHPART_MESSAGE_STORE_ID]->packetString+ZRTP_PACKET_HEADER_LENGTH, zrtpChannelContext->peerPackets[DHPART_MESSAGE_STORE_ID]->messageLength-8, 8, checkMAC); if (memcmp(checkMAC, peerDHPartMessageData->MAC, 8) != 0) { free (messageData); return BZRTP_PARSER_ERROR_UNMATCHINGMAC; } } messageData->sig_len = ((uint16_t)(confirmPlainMessage[0]&0x01))<<8 | (((uint16_t)confirmPlainMessage[1])&0x00FF); confirmPlainMessage += 2; messageData->E = ((*confirmPlainMessage)&0x08)>>3; messageData->V = ((*confirmPlainMessage)&0x04)>>2; messageData->A = ((*confirmPlainMessage)&0x02)>>1; messageData->D = (*confirmPlainMessage)&0x01; confirmPlainMessage += 1; messageData->cacheExpirationInterval = (((uint32_t)confirmPlainMessage[0])<<24) | (((uint32_t)confirmPlainMessage[1])<<16) | (((uint32_t)confirmPlainMessage[2])<<8) | ((uint32_t)confirmPlainMessage[3]); confirmPlainMessage += 4; if (messageData->sig_len>0) { memcpy(messageData->signatureBlockType, confirmPlainMessage, 4); confirmPlainMessage += 4; messageData->signatureBlock = (uint8_t *)malloc(4*(messageData->sig_len-1)*sizeof(uint8_t)); memcpy(messageData->signatureBlock, confirmPlainMessage, 4*(messageData->sig_len-1)); } else { messageData->signatureBlock = NULL; } free(confirmPlainMessageBuffer); zrtpPacket->packetString = (uint8_t *)malloc(inputLength*sizeof(uint8_t)); memcpy(zrtpPacket->packetString, input, inputLength); zrtpPacket->messageData = (void *)messageData; } break; case MSGTYPE_CONF2ACK: break; case MSGTYPE_PING: { bzrtpPingMessage_t *messageData; messageData = (bzrtpPingMessage_t *)malloc(sizeof(bzrtpPingMessage_t)); memcpy(messageData->version, messageContent, 4); messageContent +=4; memcpy(messageData->endpointHash, messageContent, 8); zrtpPacket->messageData = (void *)messageData; } break; } return 0; }",visit repo url,src/packetParser.c,https://github.com/BelledonneCommunications/bzrtp,47104102817695,1 2894,CWE-119,"horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc) { tmsize_t stride = PredictorState(tif)->stride; uint16* wp = (uint16*) cp0; tmsize_t wc = cc / 2; assert((cc%(2*stride))==0); if (wc > stride) { wc -= stride; do { REPEAT4(stride, wp[stride] = (uint16)(((unsigned int)wp[stride] + (unsigned int)wp[0]) & 0xffff); wp++) wc -= stride; } while (wc > 0); } }",visit repo url,libtiff/tif_predict.c,https://github.com/vadz/libtiff,180632232816647,1 2814,CWE-415,"static CACHE_BITMAP_V3_ORDER* update_read_cache_bitmap_v3_order(rdpUpdate* update, wStream* s, UINT16 flags) { BYTE bitsPerPixelId; BITMAP_DATA_EX* bitmapData; UINT32 new_len; BYTE* new_data; CACHE_BITMAP_V3_ORDER* cache_bitmap_v3; if (!update || !s) return NULL; cache_bitmap_v3 = calloc(1, sizeof(CACHE_BITMAP_V3_ORDER)); if (!cache_bitmap_v3) goto fail; cache_bitmap_v3->cacheId = flags & 0x00000003; cache_bitmap_v3->flags = (flags & 0x0000FF80) >> 7; bitsPerPixelId = (flags & 0x00000078) >> 3; cache_bitmap_v3->bpp = CBR23_BPP[bitsPerPixelId]; if (Stream_GetRemainingLength(s) < 21) goto fail; Stream_Read_UINT16(s, cache_bitmap_v3->cacheIndex); Stream_Read_UINT32(s, cache_bitmap_v3->key1); Stream_Read_UINT32(s, cache_bitmap_v3->key2); bitmapData = &cache_bitmap_v3->bitmapData; Stream_Read_UINT8(s, bitmapData->bpp); if ((bitmapData->bpp < 1) || (bitmapData->bpp > 32)) { WLog_Print(update->log, WLOG_ERROR, ""invalid bpp value %"" PRIu32 """", bitmapData->bpp); goto fail; } Stream_Seek_UINT8(s); Stream_Seek_UINT8(s); Stream_Read_UINT8(s, bitmapData->codecID); Stream_Read_UINT16(s, bitmapData->width); Stream_Read_UINT16(s, bitmapData->height); Stream_Read_UINT32(s, new_len); if (Stream_GetRemainingLength(s) < new_len) goto fail; new_data = (BYTE*)realloc(bitmapData->data, new_len); if (!new_data) goto fail; bitmapData->data = new_data; bitmapData->length = new_len; Stream_Read(s, bitmapData->data, bitmapData->length); return cache_bitmap_v3; fail: free_cache_bitmap_v3_order(update->context, cache_bitmap_v3); return NULL; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,67460850489167,1 843,CWE-20,"int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct rxrpc_skb_priv *sp; struct rxrpc_call *call = NULL, *continue_call = NULL; struct rxrpc_sock *rx = rxrpc_sk(sock->sk); struct sk_buff *skb; long timeo; int copy, ret, ullen, offset, copied = 0; u32 abort_code; DEFINE_WAIT(wait); _enter("",,,%zu,%d"", len, flags); if (flags & (MSG_OOB | MSG_TRUNC)) return -EOPNOTSUPP; ullen = msg->msg_flags & MSG_CMSG_COMPAT ? 4 : sizeof(unsigned long); timeo = sock_rcvtimeo(&rx->sk, flags & MSG_DONTWAIT); msg->msg_flags |= MSG_MORE; lock_sock(&rx->sk); for (;;) { if (RB_EMPTY_ROOT(&rx->calls)) { if (copied) goto out; if (rx->sk.sk_state != RXRPC_SERVER_LISTENING) { release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); return -ENODATA; } } skb = skb_peek(&rx->sk.sk_receive_queue); if (!skb) { if (copied && (msg->msg_flags & MSG_PEEK || timeo == 0)) goto out; release_sock(&rx->sk); prepare_to_wait_exclusive(sk_sleep(&rx->sk), &wait, TASK_INTERRUPTIBLE); ret = sock_error(&rx->sk); if (ret) goto wait_error; if (skb_queue_empty(&rx->sk.sk_receive_queue)) { if (signal_pending(current)) goto wait_interrupted; timeo = schedule_timeout(timeo); } finish_wait(sk_sleep(&rx->sk), &wait); lock_sock(&rx->sk); continue; } peek_next_packet: sp = rxrpc_skb(skb); call = sp->call; ASSERT(call != NULL); _debug(""next pkt %s"", rxrpc_pkts[sp->hdr.type]); spin_lock_bh(&call->lock); spin_unlock_bh(&call->lock); if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { _debug(""packet from released call""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); continue; } if (continue_call) { _debug(""maybe cont""); if (call != continue_call || skb->mark != RXRPC_SKB_MARK_DATA) { release_sock(&rx->sk); rxrpc_put_call(continue_call); _leave("" = %d [noncont]"", copied); return copied; } } rxrpc_get_call(call); if (!continue_call) { if (msg->msg_name && msg->msg_namelen > 0) memcpy(msg->msg_name, &call->conn->trans->peer->srx, sizeof(call->conn->trans->peer->srx)); sock_recv_ts_and_drops(msg, &rx->sk, skb); } if (skb->mark != RXRPC_SKB_MARK_DATA) goto receive_non_data_message; _debug(""recvmsg DATA #%u { %d, %d }"", ntohl(sp->hdr.seq), skb->len, sp->offset); if (!continue_call) { ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); } ASSERTCMP(ntohl(sp->hdr.seq), >=, call->rx_data_recv); ASSERTCMP(ntohl(sp->hdr.seq), <=, call->rx_data_recv + 1); call->rx_data_recv = ntohl(sp->hdr.seq); ASSERTCMP(ntohl(sp->hdr.seq), >, call->rx_data_eaten); offset = sp->offset; copy = skb->len - offset; if (copy > len - copied) copy = len - copied; if (skb->ip_summed == CHECKSUM_UNNECESSARY) { ret = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copy); } else { ret = skb_copy_and_csum_datagram_iovec(skb, offset, msg->msg_iov); if (ret == -EINVAL) goto csum_copy_error; } if (ret < 0) goto copy_error; _debug(""copied %d+%d"", copy, copied); offset += copy; copied += copy; if (!(flags & MSG_PEEK)) sp->offset = offset; if (sp->offset < skb->len) { _debug(""buffer full""); ASSERTCMP(copied, ==, len); break; } if (sp->hdr.flags & RXRPC_LAST_PACKET) { _debug(""last""); if (call->conn->out_clientflag) { ret = copied; goto terminal_message; } if (!(flags & MSG_PEEK)) { _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } msg->msg_flags &= ~MSG_MORE; break; } _debug(""next""); if (!continue_call) continue_call = sp->call; else rxrpc_put_call(call); call = NULL; if (flags & MSG_PEEK) { _debug(""peek next""); skb = skb->next; if (skb == (struct sk_buff *) &rx->sk.sk_receive_queue) break; goto peek_next_packet; } _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } _debug(""end rcv data""); out: release_sock(&rx->sk); if (call) rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d [data]"", copied); return copied; receive_non_data_message: _debug(""non-data""); if (skb->mark == RXRPC_SKB_MARK_NEW_CALL) { _debug(""RECV NEW CALL""); ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &abort_code); if (ret < 0) goto copy_error; if (!(flags & MSG_PEEK)) { if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } goto out; } ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); switch (skb->mark) { case RXRPC_SKB_MARK_DATA: BUG(); case RXRPC_SKB_MARK_FINAL_ACK: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &abort_code); break; case RXRPC_SKB_MARK_BUSY: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_BUSY, 0, &abort_code); break; case RXRPC_SKB_MARK_REMOTE_ABORT: abort_code = call->abort_code; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &abort_code); break; case RXRPC_SKB_MARK_NET_ERROR: _debug(""RECV NET ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NET_ERROR, 4, &abort_code); break; case RXRPC_SKB_MARK_LOCAL_ERROR: _debug(""RECV LOCAL ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_LOCAL_ERROR, 4, &abort_code); break; default: BUG(); break; } if (ret < 0) goto copy_error; terminal_message: _debug(""terminal""); msg->msg_flags &= ~MSG_MORE; msg->msg_flags |= MSG_EOR; if (!(flags & MSG_PEEK)) { _net(""free terminal skb %p"", skb); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); rxrpc_remove_user_ID(rx, call); } release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; copy_error: _debug(""copy error""); release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; csum_copy_error: _debug(""csum error""); release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); rxrpc_kill_skb(skb); skb_kill_datagram(&rx->sk, skb, flags); rxrpc_put_call(call); return -EAGAIN; wait_interrupted: ret = sock_intr_errno(timeo); wait_error: finish_wait(sk_sleep(&rx->sk), &wait); if (continue_call) rxrpc_put_call(continue_call); if (copied) copied = ret; _leave("" = %d [waitfail %d]"", copied, ret); return copied; }",visit repo url,net/rxrpc/ar-recvmsg.c,https://github.com/torvalds/linux,131822081142701,1 5995,['CWE-200'],"static __inline__ int cbq_dump_fopt(struct sk_buff *skb, struct cbq_class *cl) { unsigned char *b = skb->tail; struct tc_cbq_fopt opt; if (cl->split || cl->defmap) { opt.split = cl->split ? cl->split->classid : 0; opt.defmap = cl->defmap; opt.defchange = ~0; RTA_PUT(skb, TCA_CBQ_FOPT, sizeof(opt), &opt); } return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; }",linux-2.6,,,259183056449349208584460518368086355862,0 6410,['CWE-190'],"ReadChannelMasks (guint32 *tmp, Bitmap_Channel *masks, guint channels) { guint32 mask; gint i, nbits, offset, bit; for (i = 0; i < channels; i++) { mask = tmp[i]; masks[i].mask = mask; nbits = 0; offset = -1; for (bit = 0; bit < 32; bit++) { if (mask & 1) { nbits++; if (offset == -1) offset = bit; } mask = mask >> 1; } masks[i].shiftin = offset; masks[i].max_value = (gfloat)((1<<(nbits))-1); #ifdef DEBUG g_print (""Channel %d mask %08x in %d max_val %d\n"", i, masks[i].mask, masks[i].shiftin, (gint)masks[i].max_value); #endif } return TRUE; }",gimp,,,126281686616643698591708247201857921222,0 2769,CWE-400,"static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof TSRMLS_DC) { char *ksep, *vsep, *val; size_t klen, vlen; unsigned int new_vlen; if (var->ptr >= var->end) { return 0; } vsep = memchr(var->ptr, '&', var->end - var->ptr); if (!vsep) { if (!eof) { return 0; } else { vsep = var->end; } } ksep = memchr(var->ptr, '=', vsep - var->ptr); if (ksep) { *ksep = '\0'; klen = ksep - var->ptr; vlen = vsep - ++ksep; } else { ksep = """"; klen = vsep - var->ptr; vlen = 0; } php_url_decode(var->ptr, klen); val = estrndup(ksep, vlen); if (vlen) { vlen = php_url_decode(val, vlen); } if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen TSRMLS_CC)) { php_register_variable_safe(var->ptr, val, new_vlen, arr TSRMLS_CC); } efree(val); var->ptr = vsep + (vsep != var->end); return 1; }",visit repo url,main/php_variables.c,https://github.com/php/php-src,91364156590311,1 4922,['CWE-20'],"static int nfs_readdir(struct file *filp, void *dirent, filldir_t filldir) { struct dentry *dentry = filp->f_path.dentry; struct inode *inode = dentry->d_inode; nfs_readdir_descriptor_t my_desc, *desc = &my_desc; struct nfs_entry my_entry; struct nfs_fh fh; struct nfs_fattr fattr; long res; dfprintk(VFS, ""NFS: readdir(%s/%s) starting at cookie %Lu\n"", dentry->d_parent->d_name.name, dentry->d_name.name, (long long)filp->f_pos); nfs_inc_stats(inode, NFSIOS_VFSGETDENTS); lock_kernel(); res = nfs_revalidate_mapping_nolock(inode, filp->f_mapping); if (res < 0) { unlock_kernel(); return res; } memset(desc, 0, sizeof(*desc)); desc->file = filp; desc->dir_cookie = &((struct nfs_open_context *)filp->private_data)->dir_cookie; desc->decode = NFS_PROTO(inode)->decode_dirent; desc->plus = NFS_USE_READDIRPLUS(inode); my_entry.cookie = my_entry.prev_cookie = 0; my_entry.eof = 0; my_entry.fh = &fh; my_entry.fattr = &fattr; nfs_fattr_init(&fattr); desc->entry = &my_entry; while(!desc->entry->eof) { res = readdir_search_pagecache(desc); if (res == -EBADCOOKIE) { if (*desc->dir_cookie && desc->entry->cookie != *desc->dir_cookie) { res = uncached_readdir(desc, dirent, filldir); if (res >= 0) continue; } res = 0; break; } if (res == -ETOOSMALL && desc->plus) { clear_bit(NFS_INO_ADVISE_RDPLUS, &NFS_FLAGS(inode)); nfs_zap_caches(inode); desc->plus = 0; desc->entry->eof = 0; continue; } if (res < 0) break; res = nfs_do_filldir(desc, dirent, filldir); if (res < 0) { res = 0; break; } } unlock_kernel(); if (res > 0) res = 0; dfprintk(VFS, ""NFS: readdir(%s/%s) returns %ld\n"", dentry->d_parent->d_name.name, dentry->d_name.name, res); return res; }",linux-2.6,,,122266809411039991380623805366901747996,0 6681,CWE-1284,"int main(int argc, char *argv[]) { int rc=0; int passlen=0; FILE *infp = NULL; FILE *outfp = NULL; encryptmode_t mode=UNINIT; char *infile = NULL; unsigned char pass[MAX_PASSWD_BUF]; int file_count = 0; char outfile[1024]; int password_acquired = 0; outfile[0] = '\0'; while ((rc = getopt(argc, argv, ""vhdek:p:o:"")) != -1) { switch (rc) { case 'h': usage(argv[0]); return 0; case 'v': version(argv[0]); return 0; case 'd': if (mode != UNINIT) { fprintf(stderr, ""Error: only specify one of -d or -e\n""); cleanup(outfile); return -1; } mode = DEC; break; case 'e': if (mode != UNINIT) { fprintf(stderr, ""Error: only specify one of -d or -e\n""); cleanup(outfile); return -1; } mode = ENC; break; case 'k': if (password_acquired) { fprintf(stderr, ""Error: password supplied twice\n""); cleanup(outfile); return -1; } if (optarg != 0) { if (!strcmp(""-"",optarg)) { fprintf(stderr, ""Error: keyfile cannot be read from stdin\n""); cleanup(outfile); return -1; } passlen = ReadKeyFile(optarg, pass); if (passlen < 0) { cleanup(outfile); return -1; } password_acquired = 1; } break; case 'p': if (password_acquired) { fprintf(stderr, ""Error: password supplied twice\n""); cleanup(outfile); return -1; } if (optarg != 0) { passlen = passwd_to_utf16( (unsigned char*) optarg, strlen((char *)optarg), MAX_PASSWD_LEN, pass); if (passlen < 0) { cleanup(outfile); return -1; } password_acquired = 1; } break; case 'o': if (!strncmp(""-"", optarg, 2)) { outfp = stdout; } else if ((outfp = fopen(optarg, ""w"")) == NULL) { fprintf(stderr, ""Error opening output file %s:"", optarg); perror(""""); cleanup(outfile); return -1; } strncpy(outfile, optarg, 1024); outfile[1023] = '\0'; break; default: fprintf(stderr, ""Error: Unknown option '%c'\n"", rc); } } if (optind >= argc) { fprintf(stderr, ""Error: No file argument specified\n""); usage(argv[0]); cleanup(outfile); return -1; } if (mode == UNINIT) { fprintf(stderr, ""Error: -e or -d not specified\n""); usage(argv[0]); cleanup(outfile); return -1; } if (passlen == 0) { passlen = read_password(pass, mode); switch (passlen) { case 0: fprintf(stderr, ""Error: No password supplied.\n""); cleanup(outfile); return -1; case AESCRYPT_READPWD_FOPEN: case AESCRYPT_READPWD_FILENO: case AESCRYPT_READPWD_TCGETATTR: case AESCRYPT_READPWD_TCSETATTR: case AESCRYPT_READPWD_FGETC: case AESCRYPT_READPWD_TOOLONG: case AESCRYPT_READPWD_ICONV: fprintf(stderr, ""Error in read_password: %s.\n"", read_password_error(passlen)); cleanup(outfile); return -1; case AESCRYPT_READPWD_NOMATCH: fprintf(stderr, ""Error: Passwords don't match.\n""); cleanup(outfile); return -1; } passlen = passwd_to_utf16( pass, strlen((char*)pass), MAX_PASSWD_LEN, pass); if (passlen < 0) { cleanup(outfile); memset_secure(pass, 0, MAX_PASSWD_BUF); return -1; } } file_count = argc - optind; if ((file_count > 1) && (outfp != NULL)) { if (outfp != stdout) { fclose(outfp); } fprintf(stderr, ""Error: A single output file may not be specified with multiple input files.\n""); usage(argv[0]); cleanup(outfile); memset_secure(pass, 0, MAX_PASSWD_BUF); return -1; } while (optind < argc) { infile = argv[optind++]; if(!strncmp(""-"", infile, 2)) { if (file_count > 1) { if ((outfp != stdout) && (outfp != NULL)) { fclose(outfp); } fprintf(stderr, ""Error: STDIN may not be specified with multiple input files.\n""); usage(argv[0]); cleanup(outfile); memset_secure(pass, 0, MAX_PASSWD_BUF); return -1; } infp = stdin; if (outfp == NULL) { outfp = stdout; } } else if ((infp = fopen(infile, ""r"")) == NULL) { if ((outfp != stdout) && (outfp != NULL)) { fclose(outfp); } fprintf(stderr, ""Error opening input file %s : "", infile); perror(""""); cleanup(outfile); memset_secure(pass, 0, MAX_PASSWD_BUF); return -1; } if (mode == ENC) { if (outfp == NULL) { snprintf(outfile, 1024, ""%s.aes"", infile); if ((outfp = fopen(outfile, ""w"")) == NULL) { if ((infp != stdin) && (infp != NULL)) { fclose(infp); } fprintf(stderr, ""Error opening output file %s : "", outfile); perror(""""); cleanup(outfile); memset_secure(pass, 0, MAX_PASSWD_BUF); return -1; } } rc = encrypt_stream(infp, outfp, pass, passlen); } else if (mode == DEC) { if (outfp == NULL) { strncpy(outfile, infile, strlen(infile)-4); outfile[strlen(infile)-4] = '\0'; if ((outfp = fopen(outfile, ""w"")) == NULL) { if ((infp != stdin) && (infp != NULL)) { fclose(infp); } fprintf(stderr, ""Error opening output file %s : "", outfile); perror(""""); cleanup(outfile); memset_secure(pass, 0, MAX_PASSWD_BUF); return -1; } } rc = decrypt_stream(infp, outfp, pass, passlen); } if ((infp != stdin) && (infp != NULL)) { fclose(infp); } if ((outfp != stdout) && (outfp != NULL)) { if (fclose(outfp)) { if (!rc) { fprintf(stderr, ""Error: Could not properly close output file \n""); rc = -1; } } } if (rc) { cleanup(outfile); memset_secure(pass, 0, MAX_PASSWD_BUF); return -1; } outfile[0] = '\0'; infp = NULL; outfp = NULL; } memset_secure(pass, 0, MAX_PASSWD_BUF); return rc; }",visit repo url,Linux/src/aescrypt.c,https://github.com/paulej/AESCrypt,248749037011389,1 4635,CWE-476,"static void gf_isom_write_tx3g(GF_Tx3gSampleEntryBox *a, GF_BitStream *bs, u32 sidx, u32 sidx_offset) { u32 size, j, fount_count; Bool is_qt_text = (a->type==GF_ISOM_BOX_TYPE_TEXT) ? GF_TRUE : GF_FALSE; const char *qt_fontname = NULL; void gpp_write_rgba(GF_BitStream *bs, u32 col); void gpp_write_box(GF_BitStream *bs, GF_BoxRecord *rec); void gpp_write_style(GF_BitStream *bs, GF_StyleRecord *rec); if (sidx_offset) gf_bs_write_u8(bs, sidx + sidx_offset); size = 8 + 18 + 8 + 12; size += 8 + 2; fount_count = 0; if (is_qt_text) { GF_TextSampleEntryBox *qt = (GF_TextSampleEntryBox *)a; if (qt->textName) { qt_fontname = qt->textName; fount_count = 1; } } else { if (a->font_table) { fount_count = a->font_table->entry_count; for (j=0; jfont_table->fonts[j].fontName) size += (u32) strlen(a->font_table->fonts[j].fontName); } } } gf_bs_write_u32(bs, size); gf_bs_write_u32(bs, a->type); gf_bs_write_data(bs, a->reserved, 6); gf_bs_write_u16(bs, a->dataReferenceIndex); gf_bs_write_u32(bs, a->displayFlags); gf_bs_write_u8(bs, a->horizontal_justification); gf_bs_write_u8(bs, a->vertical_justification); gpp_write_rgba(bs, a->back_color); gpp_write_box(bs, &a->default_box); gpp_write_style(bs, &a->default_style); size -= (8 + 18 + 8 + 12); gf_bs_write_u32(bs, size); gf_bs_write_u32(bs, GF_ISOM_BOX_TYPE_FTAB); gf_bs_write_u16(bs, fount_count); for (j=0; jfont_table->fonts[j].fontID); if (a->font_table->fonts[j].fontName) { u32 len = (u32) strlen(a->font_table->fonts[j].fontName); gf_bs_write_u8(bs, len); gf_bs_write_data(bs, a->font_table->fonts[j].fontName, len); } else { gf_bs_write_u8(bs, 0); } } } }",visit repo url,src/isomedia/tx3g.c,https://github.com/gpac/gpac,41586303605269,1 2,[],"int _gnutls_ciphertext2compressed(gnutls_session_t session, opaque * compress_data, int compress_size, gnutls_datum_t ciphertext, uint8 type) { uint8 MAC[MAX_HASH_SIZE]; uint16 c_length; uint8 pad; int length; mac_hd_t td; uint16 blocksize; int ret, i, pad_failed = 0; uint8 major, minor; gnutls_protocol_t ver; int hash_size = _gnutls_hash_get_algo_len(session->security_parameters. read_mac_algorithm); ver = gnutls_protocol_get_version(session); minor = _gnutls_version_get_minor(ver); major = _gnutls_version_get_major(ver); blocksize = _gnutls_cipher_get_block_size(session->security_parameters. read_bulk_cipher_algorithm); td = mac_init(session->security_parameters.read_mac_algorithm, session->connection_state.read_mac_secret.data, session->connection_state.read_mac_secret.size, ver); if (td == GNUTLS_MAC_FAILED && session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } switch (_gnutls_cipher_is_block (session->security_parameters.read_bulk_cipher_algorithm)) { case CIPHER_STREAM: if ((ret = _gnutls_cipher_decrypt(session->connection_state. read_cipher_state, ciphertext.data, ciphertext.size)) < 0) { gnutls_assert(); return ret; } length = ciphertext.size - hash_size; break; case CIPHER_BLOCK: if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0)) { gnutls_assert(); return GNUTLS_E_DECRYPTION_FAILED; } if ((ret = _gnutls_cipher_decrypt(session->connection_state. read_cipher_state, ciphertext.data, ciphertext.size)) < 0) { gnutls_assert(); return ret; } if (session->security_parameters.version >= GNUTLS_TLS1_1) { ciphertext.size -= blocksize; ciphertext.data += blocksize; if (ciphertext.size == 0) { gnutls_assert(); return GNUTLS_E_DECRYPTION_FAILED; } } pad = ciphertext.data[ciphertext.size - 1] + 1; length = ciphertext.size - hash_size - pad; if (pad > ciphertext.size - hash_size) { gnutls_assert(); pad_failed = GNUTLS_E_DECRYPTION_FAILED; } if (ver >= GNUTLS_TLS1 && pad_failed==0) for (i = 2; i < pad; i++) { if (ciphertext.data[ciphertext.size - i] != ciphertext.data[ciphertext.size - 1]) pad_failed = GNUTLS_E_DECRYPTION_FAILED; } break; default: gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } if (length < 0) length = 0; c_length = _gnutls_conv_uint16((uint16) length); if (td != GNUTLS_MAC_FAILED) { _gnutls_hmac(td, UINT64DATA(session->connection_state. read_sequence_number), 8); _gnutls_hmac(td, &type, 1); if (ver >= GNUTLS_TLS1) { _gnutls_hmac(td, &major, 1); _gnutls_hmac(td, &minor, 1); } _gnutls_hmac(td, &c_length, 2); if (length > 0) _gnutls_hmac(td, ciphertext.data, length); mac_deinit(td, MAC, ver); } if (pad_failed != 0) return pad_failed; if (memcmp(MAC, &ciphertext.data[length], hash_size) != 0) { gnutls_assert(); return GNUTLS_E_DECRYPTION_FAILED; } if (compress_size < length) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } memcpy(compress_data, ciphertext.data, length); return length; }",gnutls,,,158496975013272959571533274715541422662,0 3042,CWE-189,"poly_in(PG_FUNCTION_ARGS) { char *str = PG_GETARG_CSTRING(0); POLYGON *poly; int npts; int size; int isopen; char *s; if ((npts = pair_count(str, ',')) <= 0) ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""invalid input syntax for type polygon: \""%s\"""", str))); size = offsetof(POLYGON, p[0]) +sizeof(poly->p[0]) * npts; poly = (POLYGON *) palloc0(size); SET_VARSIZE(poly, size); poly->npts = npts; if ((!path_decode(FALSE, npts, str, &isopen, &s, &(poly->p[0]))) || (*s != '\0')) ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""invalid input syntax for type polygon: \""%s\"""", str))); make_bound_box(poly); PG_RETURN_POLYGON_P(poly); }",visit repo url,src/backend/utils/adt/geo_ops.c,https://github.com/postgres/postgres,183839744756679,1 5617,[],"__group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) { return send_signal(sig, info, p, 1); }",linux-2.6,,,265321376385071397200321712981896525428,0 2855,['CWE-119'],"deny_mask_from_posix(unsigned short perm, u32 flags) { u32 mask = 0; if (perm & ACL_READ) mask |= NFS4_READ_MODE; if (perm & ACL_WRITE) mask |= NFS4_WRITE_MODE; if ((perm & ACL_WRITE) && (flags & NFS4_ACL_DIR)) mask |= NFS4_ACE_DELETE_CHILD; if (perm & ACL_EXECUTE) mask |= NFS4_EXECUTE_MODE; return mask; }",linux-2.6,,,303532470786880369629520462631661388705,0 540,CWE-264,"static __inline__ void scm_set_cred(struct scm_cookie *scm, struct pid *pid, const struct cred *cred) { scm->pid = get_pid(pid); scm->cred = cred ? get_cred(cred) : NULL; scm->creds.pid = pid_vnr(pid); scm->creds.uid = cred ? cred->euid : INVALID_UID; scm->creds.gid = cred ? cred->egid : INVALID_GID; }",visit repo url,include/net/scm.h,https://github.com/torvalds/linux,181896037896599,1 4000,CWE-416,"static void cil_reset_classpermission(struct cil_classpermission *cp) { if (cp == NULL) { return; } cil_reset_classperms_list(cp->classperms); }",visit repo url,libsepol/cil/src/cil_reset_ast.c,https://github.com/SELinuxProject/selinux,26188590256396,1 2272,NVD-CWE-Other,"int flush_completed_IO(struct inode *inode) { ext4_io_end_t *io; int ret = 0; int ret2 = 0; if (list_empty(&EXT4_I(inode)->i_completed_io_list)) return ret; dump_completed_IO(inode); while (!list_empty(&EXT4_I(inode)->i_completed_io_list)){ io = list_entry(EXT4_I(inode)->i_completed_io_list.next, ext4_io_end_t, list); ret = ext4_end_io_nolock(io); if (ret < 0) ret2 = ret; else list_del_init(&io->list); } return (ret2 < 0) ? ret2 : 0; }",visit repo url,fs/ext4/inode.c,https://github.com/torvalds/linux,263987960262458,1 226,[],"static unsigned long atalk_sum_skb(const struct sk_buff *skb, int offset, int len, unsigned long sum) { int start = skb_headlen(skb); int i, copy; if ( (copy = start - offset) > 0) { if (copy > len) copy = len; sum = atalk_sum_partial(skb->data + offset, copy, sum); if ( (len -= copy) == 0) return sum; offset += copy; } for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { int end; BUG_TRAP(start <= offset + len); end = start + skb_shinfo(skb)->frags[i].size; if ((copy = end - offset) > 0) { u8 *vaddr; skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; if (copy > len) copy = len; vaddr = kmap_skb_frag(frag); sum = atalk_sum_partial(vaddr + frag->page_offset + offset - start, copy, sum); kunmap_skb_frag(vaddr); if (!(len -= copy)) return sum; offset += copy; } start = end; } if (skb_shinfo(skb)->frag_list) { struct sk_buff *list = skb_shinfo(skb)->frag_list; for (; list; list = list->next) { int end; BUG_TRAP(start <= offset + len); end = start + list->len; if ((copy = end - offset) > 0) { if (copy > len) copy = len; sum = atalk_sum_skb(list, offset - start, copy, sum); if ((len -= copy) == 0) return sum; offset += copy; } start = end; } } BUG_ON(len > 0); return sum; }",history,,,338397509486994393478071603458751711675,0 4004,CWE-326,"ossl_cipher_initialize(VALUE self, VALUE str) { EVP_CIPHER_CTX *ctx; const EVP_CIPHER *cipher; char *name; unsigned char dummy_key[EVP_MAX_KEY_LENGTH] = { 0 }; name = StringValueCStr(str); GetCipherInit(self, ctx); if (ctx) { ossl_raise(rb_eRuntimeError, ""Cipher already inititalized!""); } AllocCipher(self, ctx); if (!(cipher = EVP_get_cipherbyname(name))) { ossl_raise(rb_eRuntimeError, ""unsupported cipher algorithm (%""PRIsVALUE"")"", str); } if (EVP_CipherInit_ex(ctx, cipher, NULL, dummy_key, NULL, -1) != 1) ossl_raise(eCipherError, NULL); return self; }",visit repo url,ext/openssl/ossl_cipher.c,https://github.com/ruby/openssl,108119855448475,1 3807,CWE-122,"init_ccline(int firstc, int indent) { ccline.overstrike = FALSE; ccline.cmdfirstc = (firstc == '@' ? 0 : firstc); ccline.cmdindent = (firstc > 0 ? indent : 0); alloc_cmdbuff(exmode_active ? 250 : indent + 1); if (ccline.cmdbuff == NULL) return FAIL; ccline.cmdlen = ccline.cmdpos = 0; ccline.cmdbuff[0] = NUL; sb_text_start_cmdline(); if (firstc <= 0) { vim_memset(ccline.cmdbuff, ' ', indent); ccline.cmdbuff[indent] = NUL; ccline.cmdpos = indent; ccline.cmdspos = indent; ccline.cmdlen = indent; } return OK; }",visit repo url,src/ex_getln.c,https://github.com/vim/vim,98582960315197,1 4291,CWE-400,"R_API st64 r_buf_fread_at(RBuffer *b, ut64 addr, ut8 *buf, const char *fmt, int n) { r_return_val_if_fail (b && buf && fmt, -1); st64 o_addr = r_buf_seek (b, 0, R_BUF_CUR); st64 r = r_buf_seek (b, addr, R_BUF_SET); if (r < 0) { return r; } r = r_buf_fread (b, buf, fmt, n); r_buf_seek (b, o_addr, R_BUF_SET); return r; }",visit repo url,libr/util/buf.c,https://github.com/radareorg/radare2,88530891832205,1 3445,CWE-264,"static int cg_rmdir(const char *path) { struct fuse_context *fc = fuse_get_context(); char *fpath = NULL, *cgdir = NULL, *controller; const char *cgroup; int ret; if (!fc) return -EIO; controller = pick_controller_from_path(fc, path); if (!controller) return -EINVAL; cgroup = find_cgroup_in_path(path); if (!cgroup) return -EINVAL; get_cgdir_and_path(cgroup, &cgdir, &fpath); if (!fpath) { ret = -EINVAL; goto out; } fprintf(stderr, ""rmdir: verifying access to %s:%s (req path %s)\n"", controller, cgdir, path); if (!fc_may_access(fc, controller, cgdir, NULL, O_WRONLY)) { ret = -EACCES; goto out; } if (!caller_is_in_ancestor(fc->pid, controller, cgroup, NULL)) { ret = -EACCES; goto out; } if (!cgfs_remove(controller, cgroup)) { ret = -EINVAL; goto out; } ret = 0; out: free(cgdir); return ret; }",visit repo url,lxcfs.c,https://github.com/lxc/lxcfs,112254106046798,1 6747,['CWE-310'],"nm_gconf_get_all_connections (GConfClient *client) { GSList *connections; guint32 stamp = 0; GError *error = NULL; stamp = (guint32) gconf_client_get_int (client, APPLET_PREFS_STAMP, &error); if (error) { g_error_free (error); stamp = 0; } nm_gconf_migrate_0_7_connection_uuid (client); nm_gconf_migrate_0_7_keyring_items (client); nm_gconf_migrate_0_7_wireless_security (client); nm_gconf_migrate_0_7_netmask_to_prefix (client); nm_gconf_migrate_0_7_ip4_method (client); nm_gconf_migrate_0_7_ignore_dhcp_dns (client); nm_gconf_migrate_0_7_vpn_routes (client); nm_gconf_migrate_0_7_vpn_properties (client); nm_gconf_migrate_0_7_openvpn_properties (client); if (stamp < 1) { nm_gconf_migrate_0_7_vpn_never_default (client); nm_gconf_migrate_0_7_autoconnect_default (client); } connections = gconf_client_all_dirs (client, GCONF_PATH_CONNECTIONS, NULL); if (!connections) { nm_gconf_migrate_0_6_connections (client); connections = gconf_client_all_dirs (client, GCONF_PATH_CONNECTIONS, NULL); } if (stamp != APPLET_CURRENT_STAMP) gconf_client_set_int (client, APPLET_PREFS_STAMP, APPLET_CURRENT_STAMP, NULL); return connections; }",network-manager-applet,,,190267788909734211853723858527466809907,0 4097,['CWE-399'],"static int sg_set_reserved_size(struct request_queue *q, int __user *p) { int size, err = get_user(size, p); if (err) return err; if (size < 0) return -EINVAL; if (size > (q->max_sectors << 9)) size = q->max_sectors << 9; q->sg_reserved_size = size; return 0; }",linux-2.6,,,285223505568764673274243497415987233039,0 2796,CWE-787,"static void nsc_encode_subsampling(NSC_CONTEXT* context) { UINT16 x; UINT16 y; BYTE* co_dst; BYTE* cg_dst; INT8* co_src0; INT8* co_src1; INT8* cg_src0; INT8* cg_src1; UINT32 tempWidth; UINT32 tempHeight; tempWidth = ROUND_UP_TO(context->width, 8); tempHeight = ROUND_UP_TO(context->height, 2); for (y = 0; y < tempHeight >> 1; y++) { co_dst = context->priv->PlaneBuffers[1] + y * (tempWidth >> 1); cg_dst = context->priv->PlaneBuffers[2] + y * (tempWidth >> 1); co_src0 = (INT8*) context->priv->PlaneBuffers[1] + (y << 1) * tempWidth; co_src1 = co_src0 + tempWidth; cg_src0 = (INT8*) context->priv->PlaneBuffers[2] + (y << 1) * tempWidth; cg_src1 = cg_src0 + tempWidth; for (x = 0; x < tempWidth >> 1; x++) { *co_dst++ = (BYTE)(((INT16) * co_src0 + (INT16) * (co_src0 + 1) + (INT16) * co_src1 + (INT16) * (co_src1 + 1)) >> 2); *cg_dst++ = (BYTE)(((INT16) * cg_src0 + (INT16) * (cg_src0 + 1) + (INT16) * cg_src1 + (INT16) * (cg_src1 + 1)) >> 2); co_src0 += 2; co_src1 += 2; cg_src0 += 2; cg_src1 += 2; } } }",visit repo url,libfreerdp/codec/nsc_encode.c,https://github.com/FreeRDP/FreeRDP,266680036724640,1 6347,['CWE-200'],"int ip_mr_input(struct sk_buff *skb) { struct mfc_cache *cache; int local = ((struct rtable*)skb->dst)->rt_flags&RTCF_LOCAL; if (IPCB(skb)->flags&IPSKB_FORWARDED) goto dont_forward; if (!local) { if (IPCB(skb)->opt.router_alert) { if (ip_call_ra_chain(skb)) return 0; } else if (skb->nh.iph->protocol == IPPROTO_IGMP){ read_lock(&mrt_lock); if (mroute_socket) { nf_reset(skb); raw_rcv(mroute_socket, skb); read_unlock(&mrt_lock); return 0; } read_unlock(&mrt_lock); } } read_lock(&mrt_lock); cache = ipmr_cache_find(skb->nh.iph->saddr, skb->nh.iph->daddr); if (cache==NULL) { int vif; if (local) { struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); ip_local_deliver(skb); if (skb2 == NULL) { read_unlock(&mrt_lock); return -ENOBUFS; } skb = skb2; } vif = ipmr_find_vif(skb->dev); if (vif >= 0) { int err = ipmr_cache_unresolved(vif, skb); read_unlock(&mrt_lock); return err; } read_unlock(&mrt_lock); kfree_skb(skb); return -ENODEV; } ip_mr_forward(skb, cache, local); read_unlock(&mrt_lock); if (local) return ip_local_deliver(skb); return 0; dont_forward: if (local) return ip_local_deliver(skb); kfree_skb(skb); return 0; }",linux-2.6,,,298413060459923283522001249682094499580,0 5141,['CWE-20'],"static void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags) { if (vcpu->arch.rmode.active) rflags |= X86_EFLAGS_IOPL | X86_EFLAGS_VM; vmcs_writel(GUEST_RFLAGS, rflags); }",linux-2.6,,,213352523035683297329742726733251208281,0 6229,CWE-190,"void fp3_write_bin(uint8_t *bin, int len, const fp3_t a) { if (len != 3 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp_write_bin(bin, RLC_FP_BYTES, a[0]); fp_write_bin(bin + RLC_FP_BYTES, RLC_FP_BYTES, a[1]); fp_write_bin(bin + 2 * RLC_FP_BYTES, RLC_FP_BYTES, a[2]); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,256516607389248,1 839,CWE-20,"int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct rxrpc_skb_priv *sp; struct rxrpc_call *call = NULL, *continue_call = NULL; struct rxrpc_sock *rx = rxrpc_sk(sock->sk); struct sk_buff *skb; long timeo; int copy, ret, ullen, offset, copied = 0; u32 abort_code; DEFINE_WAIT(wait); _enter("",,,%zu,%d"", len, flags); if (flags & (MSG_OOB | MSG_TRUNC)) return -EOPNOTSUPP; ullen = msg->msg_flags & MSG_CMSG_COMPAT ? 4 : sizeof(unsigned long); timeo = sock_rcvtimeo(&rx->sk, flags & MSG_DONTWAIT); msg->msg_flags |= MSG_MORE; lock_sock(&rx->sk); for (;;) { if (RB_EMPTY_ROOT(&rx->calls)) { if (copied) goto out; if (rx->sk.sk_state != RXRPC_SERVER_LISTENING) { release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); return -ENODATA; } } skb = skb_peek(&rx->sk.sk_receive_queue); if (!skb) { if (copied && (msg->msg_flags & MSG_PEEK || timeo == 0)) goto out; release_sock(&rx->sk); prepare_to_wait_exclusive(sk_sleep(&rx->sk), &wait, TASK_INTERRUPTIBLE); ret = sock_error(&rx->sk); if (ret) goto wait_error; if (skb_queue_empty(&rx->sk.sk_receive_queue)) { if (signal_pending(current)) goto wait_interrupted; timeo = schedule_timeout(timeo); } finish_wait(sk_sleep(&rx->sk), &wait); lock_sock(&rx->sk); continue; } peek_next_packet: sp = rxrpc_skb(skb); call = sp->call; ASSERT(call != NULL); _debug(""next pkt %s"", rxrpc_pkts[sp->hdr.type]); spin_lock_bh(&call->lock); spin_unlock_bh(&call->lock); if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { _debug(""packet from released call""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); continue; } if (continue_call) { _debug(""maybe cont""); if (call != continue_call || skb->mark != RXRPC_SKB_MARK_DATA) { release_sock(&rx->sk); rxrpc_put_call(continue_call); _leave("" = %d [noncont]"", copied); return copied; } } rxrpc_get_call(call); if (!continue_call) { if (msg->msg_name && msg->msg_namelen > 0) memcpy(msg->msg_name, &call->conn->trans->peer->srx, sizeof(call->conn->trans->peer->srx)); sock_recv_ts_and_drops(msg, &rx->sk, skb); } if (skb->mark != RXRPC_SKB_MARK_DATA) goto receive_non_data_message; _debug(""recvmsg DATA #%u { %d, %d }"", ntohl(sp->hdr.seq), skb->len, sp->offset); if (!continue_call) { ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); } ASSERTCMP(ntohl(sp->hdr.seq), >=, call->rx_data_recv); ASSERTCMP(ntohl(sp->hdr.seq), <=, call->rx_data_recv + 1); call->rx_data_recv = ntohl(sp->hdr.seq); ASSERTCMP(ntohl(sp->hdr.seq), >, call->rx_data_eaten); offset = sp->offset; copy = skb->len - offset; if (copy > len - copied) copy = len - copied; if (skb->ip_summed == CHECKSUM_UNNECESSARY) { ret = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copy); } else { ret = skb_copy_and_csum_datagram_iovec(skb, offset, msg->msg_iov); if (ret == -EINVAL) goto csum_copy_error; } if (ret < 0) goto copy_error; _debug(""copied %d+%d"", copy, copied); offset += copy; copied += copy; if (!(flags & MSG_PEEK)) sp->offset = offset; if (sp->offset < skb->len) { _debug(""buffer full""); ASSERTCMP(copied, ==, len); break; } if (sp->hdr.flags & RXRPC_LAST_PACKET) { _debug(""last""); if (call->conn->out_clientflag) { ret = copied; goto terminal_message; } if (!(flags & MSG_PEEK)) { _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } msg->msg_flags &= ~MSG_MORE; break; } _debug(""next""); if (!continue_call) continue_call = sp->call; else rxrpc_put_call(call); call = NULL; if (flags & MSG_PEEK) { _debug(""peek next""); skb = skb->next; if (skb == (struct sk_buff *) &rx->sk.sk_receive_queue) break; goto peek_next_packet; } _debug(""eat packet""); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } _debug(""end rcv data""); out: release_sock(&rx->sk); if (call) rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d [data]"", copied); return copied; receive_non_data_message: _debug(""non-data""); if (skb->mark == RXRPC_SKB_MARK_NEW_CALL) { _debug(""RECV NEW CALL""); ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &abort_code); if (ret < 0) goto copy_error; if (!(flags & MSG_PEEK)) { if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); } goto out; } ret = put_cmsg(msg, SOL_RXRPC, RXRPC_USER_CALL_ID, ullen, &call->user_call_ID); if (ret < 0) goto copy_error; ASSERT(test_bit(RXRPC_CALL_HAS_USERID, &call->flags)); switch (skb->mark) { case RXRPC_SKB_MARK_DATA: BUG(); case RXRPC_SKB_MARK_FINAL_ACK: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &abort_code); break; case RXRPC_SKB_MARK_BUSY: ret = put_cmsg(msg, SOL_RXRPC, RXRPC_BUSY, 0, &abort_code); break; case RXRPC_SKB_MARK_REMOTE_ABORT: abort_code = call->abort_code; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ABORT, 4, &abort_code); break; case RXRPC_SKB_MARK_NET_ERROR: _debug(""RECV NET ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NET_ERROR, 4, &abort_code); break; case RXRPC_SKB_MARK_LOCAL_ERROR: _debug(""RECV LOCAL ERROR %d"", sp->error); abort_code = sp->error; ret = put_cmsg(msg, SOL_RXRPC, RXRPC_LOCAL_ERROR, 4, &abort_code); break; default: BUG(); break; } if (ret < 0) goto copy_error; terminal_message: _debug(""terminal""); msg->msg_flags &= ~MSG_MORE; msg->msg_flags |= MSG_EOR; if (!(flags & MSG_PEEK)) { _net(""free terminal skb %p"", skb); if (skb_dequeue(&rx->sk.sk_receive_queue) != skb) BUG(); rxrpc_free_skb(skb); rxrpc_remove_user_ID(rx, call); } release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; copy_error: _debug(""copy error""); release_sock(&rx->sk); rxrpc_put_call(call); if (continue_call) rxrpc_put_call(continue_call); _leave("" = %d"", ret); return ret; csum_copy_error: _debug(""csum error""); release_sock(&rx->sk); if (continue_call) rxrpc_put_call(continue_call); rxrpc_kill_skb(skb); skb_kill_datagram(&rx->sk, skb, flags); rxrpc_put_call(call); return -EAGAIN; wait_interrupted: ret = sock_intr_errno(timeo); wait_error: finish_wait(sk_sleep(&rx->sk), &wait); if (continue_call) rxrpc_put_call(continue_call); if (copied) copied = ret; _leave("" = %d [waitfail %d]"", copied, ret); return copied; }",visit repo url,net/rxrpc/ar-recvmsg.c,https://github.com/torvalds/linux,131822081142701,1 3008,['CWE-189'],"jas_cmprof_t *jas_cmprof_copy(jas_cmprof_t *prof) { jas_cmprof_t *newprof; int i; if (!(newprof = jas_cmprof_create())) goto error; newprof->clrspc = prof->clrspc; newprof->numchans = prof->numchans; newprof->refclrspc = prof->refclrspc; newprof->numrefchans = prof->numrefchans; newprof->iccprof = jas_iccprof_copy(prof->iccprof); for (i = 0; i < JAS_CMPROF_NUMPXFORMSEQS; ++i) { if (prof->pxformseqs[i]) { if (!(newprof->pxformseqs[i] = jas_cmpxformseq_copy(prof->pxformseqs[i]))) goto error; } } return newprof; error: return 0; }",jasper,,,114926668317368439110731760061080286749,0 592,CWE-264,"static inline int ip_ufo_append_data(struct sock *sk, struct sk_buff_head *queue, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), void *from, int length, int hh_len, int fragheaderlen, int transhdrlen, int maxfraglen, unsigned int flags) { struct sk_buff *skb; int err; if ((skb = skb_peek_tail(queue)) == NULL) { skb = sock_alloc_send_skb(sk, hh_len + fragheaderlen + transhdrlen + 20, (flags & MSG_DONTWAIT), &err); if (skb == NULL) return err; skb_reserve(skb, hh_len); skb_put(skb, fragheaderlen + transhdrlen); skb_reset_network_header(skb); skb->transport_header = skb->network_header + fragheaderlen; skb->ip_summed = CHECKSUM_PARTIAL; skb->csum = 0; skb_shinfo(skb)->gso_size = maxfraglen - fragheaderlen; skb_shinfo(skb)->gso_type = SKB_GSO_UDP; __skb_queue_tail(queue, skb); } return skb_append_datato_frags(sk, skb, getfrag, from, (length - transhdrlen)); }",visit repo url,net/ipv4/ip_output.c,https://github.com/torvalds/linux,255273506716934,1 4971,CWE-125,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 4103,NVD-CWE-noinfo,"void CL_InitRef( void ) { refimport_t ri; refexport_t *ret; #ifdef USE_RENDERER_DLOPEN GetRefAPI_t GetRefAPI; char dllName[MAX_OSPATH]; #endif Com_Printf( ""----- Initializing Renderer ----\n"" ); #ifdef USE_RENDERER_DLOPEN cl_renderer = Cvar_Get(""cl_renderer"", ""opengl2"", CVAR_ARCHIVE | CVAR_LATCH); Com_sprintf(dllName, sizeof(dllName), ""renderer_%s_"" ARCH_STRING DLL_EXT, cl_renderer->string); if(!(rendererLib = Sys_LoadDll(dllName, qfalse)) && strcmp(cl_renderer->string, cl_renderer->resetString)) { Com_Printf(""failed:\n\""%s\""\n"", Sys_LibraryError()); Cvar_ForceReset(""cl_renderer""); Com_sprintf(dllName, sizeof(dllName), ""renderer_opengl2_"" ARCH_STRING DLL_EXT); rendererLib = Sys_LoadDll(dllName, qfalse); } if(!rendererLib) { Com_Printf(""failed:\n\""%s\""\n"", Sys_LibraryError()); Com_Error(ERR_FATAL, ""Failed to load renderer""); } GetRefAPI = Sys_LoadFunction(rendererLib, ""GetRefAPI""); if(!GetRefAPI) { Com_Error(ERR_FATAL, ""Can't load symbol GetRefAPI: '%s'"", Sys_LibraryError()); } #endif ri.Cmd_AddCommand = Cmd_AddCommand; ri.Cmd_RemoveCommand = Cmd_RemoveCommand; ri.Cmd_Argc = Cmd_Argc; ri.Cmd_Argv = Cmd_Argv; ri.Cmd_ExecuteText = Cbuf_ExecuteText; ri.Printf = CL_RefPrintf; ri.Error = Com_Error; ri.Milliseconds = CL_ScaledMilliseconds; ri.Malloc = CL_RefMalloc; ri.Free = Z_Free; #ifdef HUNK_DEBUG ri.Hunk_AllocDebug = Hunk_AllocDebug; #else ri.Hunk_Alloc = Hunk_Alloc; #endif ri.Hunk_AllocateTempMemory = Hunk_AllocateTempMemory; ri.Hunk_FreeTempMemory = Hunk_FreeTempMemory; ri.CM_ClusterPVS = CM_ClusterPVS; ri.CM_DrawDebugSurface = CM_DrawDebugSurface; ri.FS_ReadFile = FS_ReadFile; ri.FS_FreeFile = FS_FreeFile; ri.FS_WriteFile = FS_WriteFile; ri.FS_FreeFileList = FS_FreeFileList; ri.FS_ListFiles = FS_ListFiles; ri.FS_FileIsInPAK = FS_FileIsInPAK; ri.FS_FileExists = FS_FileExists; ri.Cvar_Get = Cvar_Get; ri.Cvar_Set = Cvar_Set; ri.Cvar_SetValue = Cvar_SetValue; ri.Cvar_CheckRange = Cvar_CheckRange; ri.Cvar_SetDescription = Cvar_SetDescription; ri.Cvar_VariableIntegerValue = Cvar_VariableIntegerValue; ri.CIN_UploadCinematic = CIN_UploadCinematic; ri.CIN_PlayCinematic = CIN_PlayCinematic; ri.CIN_RunCinematic = CIN_RunCinematic; ri.CL_WriteAVIVideoFrame = CL_WriteAVIVideoFrame; ri.IN_Init = IN_Init; ri.IN_Shutdown = IN_Shutdown; ri.IN_Restart = IN_Restart; ri.ftol = Q_ftol; ri.Sys_SetEnv = Sys_SetEnv; ri.Sys_GLimpSafeInit = Sys_GLimpSafeInit; ri.Sys_GLimpInit = Sys_GLimpInit; ri.Sys_LowPhysicalMemory = Sys_LowPhysicalMemory; ret = GetRefAPI( REF_API_VERSION, &ri ); #if defined __USEA3D && defined __A3D_GEOM hA3Dg_ExportRenderGeom (ret); #endif Com_Printf( ""-------------------------------\n""); if ( !ret ) { Com_Error (ERR_FATAL, ""Couldn't initialize refresh"" ); } re = *ret; Cvar_Set( ""cl_paused"", ""0"" ); }",visit repo url,code/client/cl_main.c,https://github.com/ioquake/ioq3,226504561144699,1 3850,[],"int cap_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { if (!strcmp(name, XATTR_NAME_CAPS)) { if (!capable(CAP_SETFCAP)) return -EPERM; return 0; } else if (!strncmp(name, XATTR_SECURITY_PREFIX, sizeof(XATTR_SECURITY_PREFIX) - 1) && !capable(CAP_SYS_ADMIN)) return -EPERM; return 0; }",linux-2.6,,,226511218065978844788502093522339565509,0 28,['CWE-264'],"static int sqlite_handle_closer(pdo_dbh_t *dbh TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; if (H) { pdo_sqlite_error_info *einfo = &H->einfo; pdo_sqlite_cleanup_callbacks(H TSRMLS_CC); if (H->db) { sqlite3_close(H->db); H->db = NULL; } if (einfo->errmsg) { pefree(einfo->errmsg, dbh->is_persistent); einfo->errmsg = NULL; } pefree(H, dbh->is_persistent); dbh->driver_data = NULL; } return 0; }",php-src,,,20000368873374657454077850799756802102,0 377,[],"dump_pmu_state(const char *from) { struct task_struct *task; struct pt_regs *regs; pfm_context_t *ctx; unsigned long psr, dcr, info, flags; int i, this_cpu; local_irq_save(flags); this_cpu = smp_processor_id(); regs = task_pt_regs(current); info = PFM_CPUINFO_GET(); dcr = ia64_getreg(_IA64_REG_CR_DCR); if (info == 0 && ia64_psr(regs)->pp == 0 && (dcr & IA64_DCR_PP) == 0) { local_irq_restore(flags); return; } printk(""CPU%d from %s() current [%d] iip=0x%lx %s\n"", this_cpu, from, current->pid, regs->cr_iip, current->comm); task = GET_PMU_OWNER(); ctx = GET_PMU_CTX(); printk(""->CPU%d owner [%d] ctx=%p\n"", this_cpu, task ? task->pid : -1, ctx); psr = pfm_get_psr(); printk(""->CPU%d pmc0=0x%lx psr.pp=%d psr.up=%d dcr.pp=%d syst_info=0x%lx user_psr.up=%d user_psr.pp=%d\n"", this_cpu, ia64_get_pmc(0), psr & IA64_PSR_PP ? 1 : 0, psr & IA64_PSR_UP ? 1 : 0, dcr & IA64_DCR_PP ? 1 : 0, info, ia64_psr(regs)->up, ia64_psr(regs)->pp); ia64_psr(regs)->up = 0; ia64_psr(regs)->pp = 0; for (i=1; PMC_IS_LAST(i) == 0; i++) { if (PMC_IS_IMPL(i) == 0) continue; printk(""->CPU%d pmc[%d]=0x%lx thread_pmc[%d]=0x%lx\n"", this_cpu, i, ia64_get_pmc(i), i, ctx->th_pmcs[i]); } for (i=1; PMD_IS_LAST(i) == 0; i++) { if (PMD_IS_IMPL(i) == 0) continue; printk(""->CPU%d pmd[%d]=0x%lx thread_pmd[%d]=0x%lx\n"", this_cpu, i, ia64_get_pmd(i), i, ctx->th_pmds[i]); } if (ctx) { printk(""->CPU%d ctx_state=%d vaddr=%p addr=%p fd=%d ctx_task=[%d] saved_psr_up=0x%lx\n"", this_cpu, ctx->ctx_state, ctx->ctx_smpl_vaddr, ctx->ctx_smpl_hdr, ctx->ctx_msgq_head, ctx->ctx_msgq_tail, ctx->ctx_saved_psr_up); } local_irq_restore(flags); }",linux-2.6,,,316013430732132768857152492697010473003,0 2207,['CWE-193'],"void iov_iter_advance(struct iov_iter *i, size_t bytes) { BUG_ON(i->count < bytes); if (likely(i->nr_segs == 1)) { i->iov_offset += bytes; i->count -= bytes; } else { const struct iovec *iov = i->iov; size_t base = i->iov_offset; while (bytes || unlikely(i->count && !iov->iov_len)) { int copy; copy = min(bytes, iov->iov_len - base); BUG_ON(!i->count || i->count < copy); i->count -= copy; bytes -= copy; base += copy; if (iov->iov_len == base) { iov++; base = 0; } } i->iov = iov; i->iov_offset = base; } }",linux-2.6,,,174226579729022037989746728091694619365,0 1301,CWE-399,"int hugetlb_get_quota(struct address_space *mapping, long delta) { int ret = 0; struct hugetlbfs_sb_info *sbinfo = HUGETLBFS_SB(mapping->host->i_sb); if (sbinfo->free_blocks > -1) { spin_lock(&sbinfo->stat_lock); if (sbinfo->free_blocks - delta >= 0) sbinfo->free_blocks -= delta; else ret = -ENOMEM; spin_unlock(&sbinfo->stat_lock); } return ret; }",visit repo url,fs/hugetlbfs/inode.c,https://github.com/torvalds/linux,145694870045642,1 1817,[],"static inline void resched_hrt(struct task_struct *p) { __resched_task(p, TIF_HRTICK_RESCHED); }",linux-2.6,,,339153870917740678494770667642713007461,0 4357,CWE-59,"static int expandRegular(rpmfi fi, const char *dest, rpmpsm psm, int nodigest, int nocontent) { FD_t wfd = NULL; int rc = 0; { mode_t old_umask = umask(0577); wfd = Fopen(dest, ""w.ufdio""); umask(old_umask); } if (Ferror(wfd)) { rc = RPMERR_OPEN_FAILED; goto exit; } if (!nocontent) rc = rpmfiArchiveReadToFilePsm(fi, wfd, nodigest, psm); exit: if (wfd) { int myerrno = errno; Fclose(wfd); errno = myerrno; } return rc; }",visit repo url,lib/fsm.c,https://github.com/rpm-software-management/rpm,223091205912301,1 2858,['CWE-119'],"static inline int check_deny(u32 mask, int isowner) { if (mask & (NFS4_ACE_READ_ATTRIBUTES | NFS4_ACE_READ_ACL)) return -EINVAL; if (!isowner) return 0; if (mask & (NFS4_ACE_WRITE_ATTRIBUTES | NFS4_ACE_WRITE_ACL)) return -EINVAL; return 0; }",linux-2.6,,,253023264241807413488503581211927309247,0 3644,CWE-264,"int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) { _cleanup_close_ int fd; int r; assert(path); if (parents) mkdir_parents(path, 0755); fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644); if (fd < 0) return -errno; if (mode != MODE_INVALID) { r = fchmod(fd, mode); if (r < 0) return -errno; } if (uid != UID_INVALID || gid != GID_INVALID) { r = fchown(fd, uid, gid); if (r < 0) return -errno; } if (stamp != USEC_INFINITY) { struct timespec ts[2]; timespec_store(&ts[0], stamp); ts[1] = ts[0]; r = futimens(fd, ts); } else r = futimens(fd, NULL); if (r < 0) return -errno; return 0; }",visit repo url,src/basic/fs-util.c,https://github.com/systemd/systemd,149410279962641,1 2650,CWE-125,"static char* get_private_subtags(const char* loc_name) { char* result =NULL; int singletonPos = 0; int len =0; const char* mod_loc_name =NULL; if( loc_name && (len = strlen(loc_name)>0 ) ){ mod_loc_name = loc_name ; len = strlen(mod_loc_name); while( (singletonPos = getSingletonPos(mod_loc_name))!= -1){ if( singletonPos!=-1){ if( (*(mod_loc_name+singletonPos)=='x') || (*(mod_loc_name+singletonPos)=='X') ){ if( singletonPos + 2 == len){ } else{ result = estrndup(mod_loc_name + singletonPos+2 , (len -( singletonPos +2) ) ); } break; } else{ if( singletonPos + 1 >= len){ break; } else { mod_loc_name = mod_loc_name + singletonPos +1; len = strlen(mod_loc_name); } } } } } return result; }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,48507876242810,1 1600,[],"static void rebalance_domains(int cpu, enum cpu_idle_type idle) { int balance = 1; struct rq *rq = cpu_rq(cpu); unsigned long interval; struct sched_domain *sd; unsigned long next_balance = jiffies + 60*HZ; int update_next_balance = 0; cpumask_t tmp; for_each_domain(cpu, sd) { if (!(sd->flags & SD_LOAD_BALANCE)) continue; interval = sd->balance_interval; if (idle != CPU_IDLE) interval *= sd->busy_factor; interval = msecs_to_jiffies(interval); if (unlikely(!interval)) interval = 1; if (interval > HZ*NR_CPUS/10) interval = HZ*NR_CPUS/10; if (sd->flags & SD_SERIALIZE) { if (!spin_trylock(&balancing)) goto out; } if (time_after_eq(jiffies, sd->last_balance + interval)) { if (load_balance(cpu, rq, sd, idle, &balance, &tmp)) { idle = CPU_NOT_IDLE; } sd->last_balance = jiffies; } if (sd->flags & SD_SERIALIZE) spin_unlock(&balancing); out: if (time_after(next_balance, sd->last_balance + interval)) { next_balance = sd->last_balance + interval; update_next_balance = 1; } if (!balance) break; } if (likely(update_next_balance)) rq->next_balance = next_balance; }",linux-2.6,,,34972104749429982157226009927702409933,0 1123,CWE-362,"static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len) { struct inet_sock *inet = inet_sk(sk); struct ipcm_cookie ipc; struct rtable *rt = NULL; int free = 0; __be32 daddr; __be32 saddr; u8 tos; int err; err = -EMSGSIZE; if (len > 0xFFFF) goto out; err = -EOPNOTSUPP; if (msg->msg_flags & MSG_OOB) goto out; if (msg->msg_namelen) { struct sockaddr_in *usin = (struct sockaddr_in *)msg->msg_name; err = -EINVAL; if (msg->msg_namelen < sizeof(*usin)) goto out; if (usin->sin_family != AF_INET) { static int complained; if (!complained++) printk(KERN_INFO ""%s forgot to set AF_INET in "" ""raw sendmsg. Fix it!\n"", current->comm); err = -EAFNOSUPPORT; if (usin->sin_family) goto out; } daddr = usin->sin_addr.s_addr; } else { err = -EDESTADDRREQ; if (sk->sk_state != TCP_ESTABLISHED) goto out; daddr = inet->inet_daddr; } ipc.addr = inet->inet_saddr; ipc.opt = NULL; ipc.tx_flags = 0; ipc.oif = sk->sk_bound_dev_if; if (msg->msg_controllen) { err = ip_cmsg_send(sock_net(sk), msg, &ipc); if (err) goto out; if (ipc.opt) free = 1; } saddr = ipc.addr; ipc.addr = daddr; if (!ipc.opt) ipc.opt = inet->opt; if (ipc.opt) { err = -EINVAL; if (inet->hdrincl) goto done; if (ipc.opt->srr) { if (!daddr) goto done; daddr = ipc.opt->faddr; } } tos = RT_CONN_FLAGS(sk); if (msg->msg_flags & MSG_DONTROUTE) tos |= RTO_ONLINK; if (ipv4_is_multicast(daddr)) { if (!ipc.oif) ipc.oif = inet->mc_index; if (!saddr) saddr = inet->mc_addr; } { struct flowi4 fl4; flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos, RT_SCOPE_UNIVERSE, inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol, FLOWI_FLAG_CAN_SLEEP, daddr, saddr, 0, 0); if (!inet->hdrincl) { err = raw_probe_proto_opt(&fl4, msg); if (err) goto done; } security_sk_classify_flow(sk, flowi4_to_flowi(&fl4)); rt = ip_route_output_flow(sock_net(sk), &fl4, sk); if (IS_ERR(rt)) { err = PTR_ERR(rt); rt = NULL; goto done; } } err = -EACCES; if (rt->rt_flags & RTCF_BROADCAST && !sock_flag(sk, SOCK_BROADCAST)) goto done; if (msg->msg_flags & MSG_CONFIRM) goto do_confirm; back_from_confirm: if (inet->hdrincl) err = raw_send_hdrinc(sk, msg->msg_iov, len, &rt, msg->msg_flags); else { if (!ipc.addr) ipc.addr = rt->rt_dst; lock_sock(sk); err = ip_append_data(sk, ip_generic_getfrag, msg->msg_iov, len, 0, &ipc, &rt, msg->msg_flags); if (err) ip_flush_pending_frames(sk); else if (!(msg->msg_flags & MSG_MORE)) { err = ip_push_pending_frames(sk); if (err == -ENOBUFS && !inet->recverr) err = 0; } release_sock(sk); } done: if (free) kfree(ipc.opt); ip_rt_put(rt); out: if (err < 0) return err; return len; do_confirm: dst_confirm(&rt->dst); if (!(msg->msg_flags & MSG_PROBE) || len) goto back_from_confirm; err = 0; goto done; }",visit repo url,net/ipv4/raw.c,https://github.com/torvalds/linux,181561914508139,1 1944,CWE-401,"int rtl_usb_probe(struct usb_interface *intf, const struct usb_device_id *id, struct rtl_hal_cfg *rtl_hal_cfg) { int err; struct ieee80211_hw *hw = NULL; struct rtl_priv *rtlpriv = NULL; struct usb_device *udev; struct rtl_usb_priv *usb_priv; hw = ieee80211_alloc_hw(sizeof(struct rtl_priv) + sizeof(struct rtl_usb_priv), &rtl_ops); if (!hw) { WARN_ONCE(true, ""rtl_usb: ieee80211 alloc failed\n""); return -ENOMEM; } rtlpriv = hw->priv; rtlpriv->hw = hw; rtlpriv->usb_data = kcalloc(RTL_USB_MAX_RX_COUNT, sizeof(u32), GFP_KERNEL); if (!rtlpriv->usb_data) return -ENOMEM; spin_lock_init(&rtlpriv->locks.usb_lock); INIT_WORK(&rtlpriv->works.fill_h2c_cmd, rtl_fill_h2c_cmd_work_callback); INIT_WORK(&rtlpriv->works.lps_change_work, rtl_lps_change_work_callback); rtlpriv->usb_data_index = 0; init_completion(&rtlpriv->firmware_loading_complete); SET_IEEE80211_DEV(hw, &intf->dev); udev = interface_to_usbdev(intf); usb_get_dev(udev); usb_priv = rtl_usbpriv(hw); memset(usb_priv, 0, sizeof(*usb_priv)); usb_priv->dev.intf = intf; usb_priv->dev.udev = udev; usb_set_intfdata(intf, hw); rtlpriv->rtlhal.interface = INTF_USB; rtlpriv->cfg = rtl_hal_cfg; rtlpriv->intf_ops = &rtl_usb_ops; _rtl_usb_io_handler_init(&udev->dev, hw); rtlpriv->cfg->ops->read_chip_version(hw); rtlpriv->cfg->ops->read_eeprom_info(hw); err = _rtl_usb_init(hw); if (err) goto error_out2; rtl_usb_init_sw(hw); err = rtl_init_core(hw); if (err) { pr_err(""Can't allocate sw for mac80211\n""); goto error_out2; } if (rtlpriv->cfg->ops->init_sw_vars(hw)) { pr_err(""Can't init_sw_vars\n""); goto error_out; } rtlpriv->cfg->ops->init_sw_leds(hw); err = ieee80211_register_hw(hw); if (err) { pr_err(""Can't register mac80211 hw.\n""); err = -ENODEV; goto error_out; } rtlpriv->mac80211.mac80211_registered = 1; set_bit(RTL_STATUS_INTERFACE_START, &rtlpriv->status); return 0; error_out: rtl_deinit_core(hw); error_out2: _rtl_usb_io_handler_release(hw); usb_put_dev(udev); complete(&rtlpriv->firmware_loading_complete); return -ENODEV; }",visit repo url,drivers/net/wireless/realtek/rtlwifi/usb.c,https://github.com/torvalds/linux,232001768063287,1 5700,['CWE-200'],"static int __init llc2_init(void) { int rc = proto_register(&llc_proto, 0); if (rc != 0) goto out; llc_build_offset_table(); llc_station_init(); llc_ui_sap_last_autoport = LLC_SAP_DYN_START; rc = llc_proc_init(); if (rc != 0) { printk(llc_proc_err_msg); goto out_unregister_llc_proto; } rc = llc_sysctl_init(); if (rc) { printk(llc_sysctl_err_msg); goto out_proc; } rc = sock_register(&llc_ui_family_ops); if (rc) { printk(llc_sock_err_msg); goto out_sysctl; } llc_add_pack(LLC_DEST_SAP, llc_sap_handler); llc_add_pack(LLC_DEST_CONN, llc_conn_handler); out: return rc; out_sysctl: llc_sysctl_exit(); out_proc: llc_proc_exit(); out_unregister_llc_proto: proto_unregister(&llc_proto); goto out; }",linux-2.6,,,93231372502281043199206057216015490392,0 1097,CWE-362,"static struct sock *dccp_v6_request_recv_sock(struct sock *sk, struct sk_buff *skb, struct request_sock *req, struct dst_entry *dst) { struct inet6_request_sock *ireq6 = inet6_rsk(req); struct ipv6_pinfo *newnp, *np = inet6_sk(sk); struct inet_sock *newinet; struct dccp6_sock *newdp6; struct sock *newsk; struct ipv6_txoptions *opt; if (skb->protocol == htons(ETH_P_IP)) { newsk = dccp_v4_request_recv_sock(sk, skb, req, dst); if (newsk == NULL) return NULL; newdp6 = (struct dccp6_sock *)newsk; newinet = inet_sk(newsk); newinet->pinet6 = &newdp6->inet6; newnp = inet6_sk(newsk); memcpy(newnp, np, sizeof(struct ipv6_pinfo)); ipv6_addr_set_v4mapped(newinet->inet_daddr, &newnp->daddr); ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr); ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped; newsk->sk_backlog_rcv = dccp_v4_do_rcv; newnp->pktoptions = NULL; newnp->opt = NULL; newnp->mcast_oif = inet6_iif(skb); newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); return newsk; } opt = np->opt; if (sk_acceptq_is_full(sk)) goto out_overflow; if (dst == NULL) { struct in6_addr *final_p, final; struct flowi6 fl6; memset(&fl6, 0, sizeof(fl6)); fl6.flowi6_proto = IPPROTO_DCCP; ipv6_addr_copy(&fl6.daddr, &ireq6->rmt_addr); final_p = fl6_update_dst(&fl6, opt, &final); ipv6_addr_copy(&fl6.saddr, &ireq6->loc_addr); fl6.flowi6_oif = sk->sk_bound_dev_if; fl6.fl6_dport = inet_rsk(req)->rmt_port; fl6.fl6_sport = inet_rsk(req)->loc_port; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); dst = ip6_dst_lookup_flow(sk, &fl6, final_p, false); if (IS_ERR(dst)) goto out; } newsk = dccp_create_openreq_child(sk, req, skb); if (newsk == NULL) goto out_nonewsk; __ip6_dst_store(newsk, dst, NULL, NULL); newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | NETIF_F_TSO); newdp6 = (struct dccp6_sock *)newsk; newinet = inet_sk(newsk); newinet->pinet6 = &newdp6->inet6; newnp = inet6_sk(newsk); memcpy(newnp, np, sizeof(struct ipv6_pinfo)); ipv6_addr_copy(&newnp->daddr, &ireq6->rmt_addr); ipv6_addr_copy(&newnp->saddr, &ireq6->loc_addr); ipv6_addr_copy(&newnp->rcv_saddr, &ireq6->loc_addr); newsk->sk_bound_dev_if = ireq6->iif; newinet->opt = NULL; newnp->rxopt.all = np->rxopt.all; newnp->pktoptions = NULL; if (ireq6->pktopts != NULL) { newnp->pktoptions = skb_clone(ireq6->pktopts, GFP_ATOMIC); kfree_skb(ireq6->pktopts); ireq6->pktopts = NULL; if (newnp->pktoptions) skb_set_owner_r(newnp->pktoptions, newsk); } newnp->opt = NULL; newnp->mcast_oif = inet6_iif(skb); newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; if (opt != NULL) { newnp->opt = ipv6_dup_options(newsk, opt); if (opt != np->opt) sock_kfree_s(sk, opt, opt->tot_len); } inet_csk(newsk)->icsk_ext_hdr_len = 0; if (newnp->opt != NULL) inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + newnp->opt->opt_flen); dccp_sync_mss(newsk, dst_mtu(dst)); newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; newinet->inet_rcv_saddr = LOOPBACK4_IPV6; if (__inet_inherit_port(sk, newsk) < 0) { sock_put(newsk); goto out; } __inet6_hash(newsk, NULL); return newsk; out_overflow: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); out_nonewsk: dst_release(dst); out: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); if (opt != NULL && opt != np->opt) sock_kfree_s(sk, opt, opt->tot_len); return NULL; }",visit repo url,net/dccp/ipv6.c,https://github.com/torvalds/linux,94088350141043,1 2067,CWE-120,"static int bpf_convert_filter(struct sock_filter *prog, int len, struct bpf_prog *new_prog, int *new_len) { int new_flen = 0, pass = 0, target, i, stack_off; struct bpf_insn *new_insn, *first_insn = NULL; struct sock_filter *fp; int *addrs = NULL; u8 bpf_src; BUILD_BUG_ON(BPF_MEMWORDS * sizeof(u32) > MAX_BPF_STACK); BUILD_BUG_ON(BPF_REG_FP + 1 != MAX_BPF_REG); if (len <= 0 || len > BPF_MAXINSNS) return -EINVAL; if (new_prog) { first_insn = new_prog->insnsi; addrs = kcalloc(len, sizeof(*addrs), GFP_KERNEL | __GFP_NOWARN); if (!addrs) return -ENOMEM; } do_pass: new_insn = first_insn; fp = prog; if (new_prog) { *new_insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_A); *new_insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_X, BPF_REG_X); *new_insn++ = BPF_MOV64_REG(BPF_REG_CTX, BPF_REG_ARG1); } else { new_insn += 3; } for (i = 0; i < len; fp++, i++) { struct bpf_insn tmp_insns[6] = { }; struct bpf_insn *insn = tmp_insns; if (addrs) addrs[i] = new_insn - first_insn; switch (fp->code) { case BPF_ALU | BPF_ADD | BPF_X: case BPF_ALU | BPF_ADD | BPF_K: case BPF_ALU | BPF_SUB | BPF_X: case BPF_ALU | BPF_SUB | BPF_K: case BPF_ALU | BPF_AND | BPF_X: case BPF_ALU | BPF_AND | BPF_K: case BPF_ALU | BPF_OR | BPF_X: case BPF_ALU | BPF_OR | BPF_K: case BPF_ALU | BPF_LSH | BPF_X: case BPF_ALU | BPF_LSH | BPF_K: case BPF_ALU | BPF_RSH | BPF_X: case BPF_ALU | BPF_RSH | BPF_K: case BPF_ALU | BPF_XOR | BPF_X: case BPF_ALU | BPF_XOR | BPF_K: case BPF_ALU | BPF_MUL | BPF_X: case BPF_ALU | BPF_MUL | BPF_K: case BPF_ALU | BPF_DIV | BPF_X: case BPF_ALU | BPF_DIV | BPF_K: case BPF_ALU | BPF_MOD | BPF_X: case BPF_ALU | BPF_MOD | BPF_K: case BPF_ALU | BPF_NEG: case BPF_LD | BPF_ABS | BPF_W: case BPF_LD | BPF_ABS | BPF_H: case BPF_LD | BPF_ABS | BPF_B: case BPF_LD | BPF_IND | BPF_W: case BPF_LD | BPF_IND | BPF_H: case BPF_LD | BPF_IND | BPF_B: if (BPF_CLASS(fp->code) == BPF_LD && BPF_MODE(fp->code) == BPF_ABS && convert_bpf_extensions(fp, &insn)) break; if (fp->code == (BPF_ALU | BPF_DIV | BPF_X) || fp->code == (BPF_ALU | BPF_MOD | BPF_X)) { *insn++ = BPF_MOV32_REG(BPF_REG_X, BPF_REG_X); *insn++ = BPF_JMP_IMM(BPF_JNE, BPF_REG_X, 0, 2); *insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_A); *insn++ = BPF_EXIT_INSN(); } *insn = BPF_RAW_INSN(fp->code, BPF_REG_A, BPF_REG_X, 0, fp->k); break; #define BPF_EMIT_JMP \ do { \ if (target >= len || target < 0) \ goto err; \ insn->off = addrs ? addrs[target] - addrs[i] - 1 : 0; \ \ insn->off -= insn - tmp_insns; \ } while (0) case BPF_JMP | BPF_JA: target = i + fp->k + 1; insn->code = fp->code; BPF_EMIT_JMP; break; case BPF_JMP | BPF_JEQ | BPF_K: case BPF_JMP | BPF_JEQ | BPF_X: case BPF_JMP | BPF_JSET | BPF_K: case BPF_JMP | BPF_JSET | BPF_X: case BPF_JMP | BPF_JGT | BPF_K: case BPF_JMP | BPF_JGT | BPF_X: case BPF_JMP | BPF_JGE | BPF_K: case BPF_JMP | BPF_JGE | BPF_X: if (BPF_SRC(fp->code) == BPF_K && (int) fp->k < 0) { *insn++ = BPF_MOV32_IMM(BPF_REG_TMP, fp->k); insn->dst_reg = BPF_REG_A; insn->src_reg = BPF_REG_TMP; bpf_src = BPF_X; } else { insn->dst_reg = BPF_REG_A; insn->imm = fp->k; bpf_src = BPF_SRC(fp->code); insn->src_reg = bpf_src == BPF_X ? BPF_REG_X : 0; } if (fp->jf == 0) { insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src; target = i + fp->jt + 1; BPF_EMIT_JMP; break; } if (fp->jt == 0) { switch (BPF_OP(fp->code)) { case BPF_JEQ: insn->code = BPF_JMP | BPF_JNE | bpf_src; break; case BPF_JGT: insn->code = BPF_JMP | BPF_JLE | bpf_src; break; case BPF_JGE: insn->code = BPF_JMP | BPF_JLT | bpf_src; break; default: goto jmp_rest; } target = i + fp->jf + 1; BPF_EMIT_JMP; break; } jmp_rest: target = i + fp->jt + 1; insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src; BPF_EMIT_JMP; insn++; insn->code = BPF_JMP | BPF_JA; target = i + fp->jf + 1; BPF_EMIT_JMP; break; case BPF_LDX | BPF_MSH | BPF_B: *insn++ = BPF_MOV64_REG(BPF_REG_TMP, BPF_REG_A); *insn++ = BPF_LD_ABS(BPF_B, fp->k); *insn++ = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 0xf); *insn++ = BPF_ALU32_IMM(BPF_LSH, BPF_REG_A, 2); *insn++ = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A); *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_TMP); break; case BPF_RET | BPF_A: case BPF_RET | BPF_K: if (BPF_RVAL(fp->code) == BPF_K) *insn++ = BPF_MOV32_RAW(BPF_K, BPF_REG_0, 0, fp->k); *insn = BPF_EXIT_INSN(); break; case BPF_ST: case BPF_STX: stack_off = fp->k * 4 + 4; *insn = BPF_STX_MEM(BPF_W, BPF_REG_FP, BPF_CLASS(fp->code) == BPF_ST ? BPF_REG_A : BPF_REG_X, -stack_off); if (new_prog && new_prog->aux->stack_depth < stack_off) new_prog->aux->stack_depth = stack_off; break; case BPF_LD | BPF_MEM: case BPF_LDX | BPF_MEM: stack_off = fp->k * 4 + 4; *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ? BPF_REG_A : BPF_REG_X, BPF_REG_FP, -stack_off); break; case BPF_LD | BPF_IMM: case BPF_LDX | BPF_IMM: *insn = BPF_MOV32_IMM(BPF_CLASS(fp->code) == BPF_LD ? BPF_REG_A : BPF_REG_X, fp->k); break; case BPF_MISC | BPF_TAX: *insn = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A); break; case BPF_MISC | BPF_TXA: *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_X); break; case BPF_LD | BPF_W | BPF_LEN: case BPF_LDX | BPF_W | BPF_LEN: *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ? BPF_REG_A : BPF_REG_X, BPF_REG_CTX, offsetof(struct sk_buff, len)); break; case BPF_LDX | BPF_ABS | BPF_W: *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX, fp->k); break; default: goto err; } insn++; if (new_prog) memcpy(new_insn, tmp_insns, sizeof(*insn) * (insn - tmp_insns)); new_insn += insn - tmp_insns; } if (!new_prog) { *new_len = new_insn - first_insn; return 0; } pass++; if (new_flen != new_insn - first_insn) { new_flen = new_insn - first_insn; if (pass > 2) goto err; goto do_pass; } kfree(addrs); BUG_ON(*new_len != new_flen); return 0; err: kfree(addrs); return -EINVAL; }",visit repo url,net/core/filter.c,https://github.com/torvalds/linux,266417840173813,1 2461,['CWE-119'],"int run_diff_index(struct rev_info *revs, int cached) { struct object *ent; struct tree *tree; const char *tree_name; struct unpack_trees_options opts; struct tree_desc t; struct oneway_unpack_data unpack_cb; mark_merge_entries(); ent = revs->pending.objects[0].item; tree_name = revs->pending.objects[0].name; tree = parse_tree_indirect(ent->sha1); if (!tree) return error(""bad tree object %s"", tree_name); unpack_cb.revs = revs; unpack_cb.symcache[0] = '\0'; memset(&opts, 0, sizeof(opts)); opts.head_idx = 1; opts.index_only = cached; opts.merge = 1; opts.fn = oneway_diff; opts.unpack_data = &unpack_cb; opts.src_index = &the_index; opts.dst_index = NULL; init_tree_desc(&t, tree->buffer, tree->size); if (unpack_trees(1, &t, &opts)) exit(128); diffcore_std(&revs->diffopt); diff_flush(&revs->diffopt); return 0; }",git,,,281649236020517868932658098180225103409,0 4483,['CWE-264'],"void ring_status_indication(struct s_smc *smc, u_long status) { PRINTK(""ring_status_indication( ""); if (status & RS_RES15) PRINTK(""RS_RES15 ""); if (status & RS_HARDERROR) PRINTK(""RS_HARDERROR ""); if (status & RS_SOFTERROR) PRINTK(""RS_SOFTERROR ""); if (status & RS_BEACON) PRINTK(""RS_BEACON ""); if (status & RS_PATHTEST) PRINTK(""RS_PATHTEST ""); if (status & RS_SELFTEST) PRINTK(""RS_SELFTEST ""); if (status & RS_RES9) PRINTK(""RS_RES9 ""); if (status & RS_DISCONNECT) PRINTK(""RS_DISCONNECT ""); if (status & RS_RES7) PRINTK(""RS_RES7 ""); if (status & RS_DUPADDR) PRINTK(""RS_DUPADDR ""); if (status & RS_NORINGOP) PRINTK(""RS_NORINGOP ""); if (status & RS_VERSION) PRINTK(""RS_VERSION ""); if (status & RS_STUCKBYPASSS) PRINTK(""RS_STUCKBYPASSS ""); if (status & RS_EVENT) PRINTK(""RS_EVENT ""); if (status & RS_RINGOPCHANGE) PRINTK(""RS_RINGOPCHANGE ""); if (status & RS_RES0) PRINTK(""RS_RES0 ""); PRINTK(""]\n""); } ",linux-2.6,,,155350943493081764773847357429886755639,0 4027,['CWE-362'],"void audit_trim_trees(void) { struct list_head cursor; mutex_lock(&audit_filter_mutex); list_add(&cursor, &tree_list); while (cursor.next != &tree_list) { struct audit_tree *tree; struct path path; struct vfsmount *root_mnt; struct node *node; struct list_head list; int err; tree = container_of(cursor.next, struct audit_tree, list); get_tree(tree); list_del(&cursor); list_add(&cursor, &tree->list); mutex_unlock(&audit_filter_mutex); err = kern_path(tree->pathname, 0, &path); if (err) goto skip_it; root_mnt = collect_mounts(path.mnt, path.dentry); path_put(&path); if (!root_mnt) goto skip_it; list_add_tail(&list, &root_mnt->mnt_list); spin_lock(&hash_lock); list_for_each_entry(node, &tree->chunks, list) { struct audit_chunk *chunk = find_chunk(node); struct inode *inode = chunk->watch.inode; struct vfsmount *mnt; node->index |= 1U<<31; list_for_each_entry(mnt, &list, mnt_list) { if (mnt->mnt_root->d_inode == inode) { node->index &= ~(1U<<31); break; } } } spin_unlock(&hash_lock); trim_marked(tree); put_tree(tree); list_del_init(&list); drop_collected_mounts(root_mnt); skip_it: mutex_lock(&audit_filter_mutex); } list_del(&cursor); mutex_unlock(&audit_filter_mutex); }",linux-2.6,,,288948037478422982100840925087285741419,0 4307,CWE-125,"RList *r_bin_ne_get_relocs(r_bin_ne_obj_t *bin) { RList *segments = bin->segments; if (!segments) { return NULL; } RList *entries = bin->entries; if (!entries) { return NULL; } RList *symbols = bin->symbols; if (!symbols) { return NULL; } ut16 *modref = calloc (bin->ne_header->ModRefs, sizeof (ut16)); if (!modref) { return NULL; } r_buf_read_at (bin->buf, (ut64)bin->ne_header->ModRefTable + bin->header_offset, (ut8 *)modref, bin->ne_header->ModRefs * sizeof (ut16)); RList *relocs = r_list_newf (free); if (!relocs) { free (modref); return NULL; } RListIter *it; RBinSection *seg; int index = -1; r_list_foreach (segments, it, seg) { index++; if (!(bin->segment_entries[index].flags & RELOCINFO)) { continue; } ut32 off = seg->paddr + seg->size; ut32 start = off; ut16 length = r_buf_read_le16_at (bin->buf, off); if (!length) { continue; } off += 2; while (off < start + length * sizeof (NE_image_reloc_item)) { NE_image_reloc_item rel = {0}; if (r_buf_read_at (bin->buf, off, (ut8 *)&rel, sizeof (rel)) < 1) { return NULL; } RBinReloc *reloc = R_NEW0 (RBinReloc); if (!reloc) { return NULL; } reloc->paddr = seg->paddr + rel.offset; switch (rel.type) { case LOBYTE: reloc->type = R_BIN_RELOC_8; break; case SEL_16: case OFF_16: reloc->type = R_BIN_RELOC_16; break; case POI_32: case OFF_32: reloc->type = R_BIN_RELOC_32; break; case POI_48: reloc->type = R_BIN_RELOC_64; break; } ut32 offset; if (rel.flags & (IMPORTED_ORD | IMPORTED_NAME)) { RBinImport *imp = R_NEW0 (RBinImport); if (!imp) { free (reloc); break; } char *name; #if NE_BUG if (rel.index > 0 && rel.index < bin->ne_header->ModRefs) { offset = modref[rel.index - 1] + bin->header_offset + bin->ne_header->ImportNameTable; name = __read_nonnull_str_at (bin->buf, offset); } else { name = r_str_newf (""UnknownModule%d_%x"", rel.index, off); } #else if (rel.index > bin->ne_header->ModRefs) { name = r_str_newf (""UnknownModule%d_%x"", rel.index, off); } else { offset = modref[rel.index - 1] + bin->header_offset + bin->ne_header->ImportNameTable; name = __read_nonnull_str_at (bin->buf, offset); } #endif if (rel.flags & IMPORTED_ORD) { imp->ordinal = rel.func_ord; imp->name = r_str_newf (""%s.%s"", name, __func_name_from_ord(name, rel.func_ord)); } else { offset = bin->header_offset + bin->ne_header->ImportNameTable + rel.name_off; char *func = __read_nonnull_str_at (bin->buf, offset); imp->name = r_str_newf (""%s.%s"", name, func); free (func); } free (name); reloc->import = imp; } else if (rel.flags & OSFIXUP) { } else { if (strstr (seg->name, ""FIXED"")) { RBinSection *s = r_list_get_n (segments, rel.segnum - 1); if (s) { offset = s->paddr + rel.segoff; } else { offset = -1; } } else { RBinAddr *entry = r_list_get_n (entries, rel.entry_ordinal - 1); if (entry) { offset = entry->paddr; } else { offset = -1; } } reloc->addend = offset; RBinSymbol *sym = NULL; RListIter *sit; r_list_foreach (symbols, sit, sym) { if (sym->paddr == reloc->addend) { reloc->symbol = sym; break; } } } if (rel.flags & ADDITIVE) { reloc->additive = 1; r_list_append (relocs, reloc); } else { do { #if NE_BUG if (reloc->paddr + 4 < r_buf_size (bin->buf)) { break; } #endif r_list_append (relocs, reloc); offset = r_buf_read_le16_at (bin->buf, reloc->paddr); RBinReloc *tmp = reloc; reloc = R_NEW0 (RBinReloc); if (!reloc) { break; } *reloc = *tmp; reloc->paddr = seg->paddr + offset; } while (offset != 0xFFFF); free (reloc); } off += sizeof (NE_image_reloc_item); } } free (modref); return relocs; }",visit repo url,libr/bin/format/ne/ne.c,https://github.com/radareorg/radare2,85123654235455,1 1490,CWE-264,"static void perf_event_for_each(struct perf_event *event, void (*func)(struct perf_event *)) { struct perf_event_context *ctx = event->ctx; struct perf_event *sibling; WARN_ON_ONCE(ctx->parent_ctx); mutex_lock(&ctx->mutex); event = event->group_leader; perf_event_for_each_child(event, func); list_for_each_entry(sibling, &event->sibling_list, group_entry) perf_event_for_each_child(sibling, func); mutex_unlock(&ctx->mutex); }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,278695379199080,1 321,[],"static int do_unimap_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg, struct file *file) { struct unimapdesc32 tmp; struct unimapdesc32 __user *user_ud = compat_ptr(arg); int perm = vt_check(file); if (perm < 0) return perm; if (copy_from_user(&tmp, user_ud, sizeof tmp)) return -EFAULT; switch (cmd) { case PIO_UNIMAP: if (!perm) return -EPERM; return con_set_unimap(vc_cons[fg_console].d, tmp.entry_ct, compat_ptr(tmp.entries)); case GIO_UNIMAP: return con_get_unimap(vc_cons[fg_console].d, tmp.entry_ct, &(user_ud->entry_ct), compat_ptr(tmp.entries)); } return 0; }",linux-2.6,,,148309786503140027030100961377262342063,0 4379,['CWE-264'],"void sk_send_sigurg(struct sock *sk) { if (sk->sk_socket && sk->sk_socket->file) if (send_sigurg(&sk->sk_socket->file->f_owner)) sk_wake_async(sk, SOCK_WAKE_URG, POLL_PRI); }",linux-2.6,,,118189174101406741697344631618681531122,0 2527,CWE-125,"next_line(struct archive_read *a, const char **b, ssize_t *avail, ssize_t *ravail, ssize_t *nl) { ssize_t len; int quit; quit = 0; if (*avail == 0) { *nl = 0; len = 0; } else len = get_line_size(*b, *avail, nl); while (*nl == 0 && len == *avail && !quit) { ssize_t diff = *ravail - *avail; size_t nbytes_req = (*ravail+1023) & ~1023U; ssize_t tested; if (nbytes_req < (size_t)*ravail + 160) nbytes_req <<= 1; *b = __archive_read_ahead(a, nbytes_req, avail); if (*b == NULL) { if (*ravail >= *avail) return (0); *b = __archive_read_ahead(a, *avail, avail); quit = 1; } *ravail = *avail; *b += diff; *avail -= diff; tested = len; len = get_line_size(*b, *avail, nl); if (len >= 0) len += tested; } return (len); }",visit repo url,libarchive/archive_read_support_format_mtree.c,https://github.com/libarchive/libarchive,174329126581350,1 6429,['CWE-190'],"read_channel_data (PSDchannel *channel, const guint16 bps, const guint16 compression, const guint16 *rle_pack_len, FILE *f, GError **error) { gchar *raw_data; gchar *src; gchar *dst; guint32 readline_len; gint i; if (bps == 1) readline_len = ((channel->columns + 7) >> 3); else readline_len = (channel->columns * bps >> 3); IFDBG(3) g_debug (""raw data size %d x %d = %d"", readline_len, channel->rows, readline_len * channel->rows); if ((channel->rows == 0) || (channel->columns == 0) || (channel->rows > G_MAXINT32 / channel->columns / MAX (bps >> 3, 1))) { g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Unsupported or invalid channel size"")); return -1; } raw_data = g_malloc (readline_len * channel->rows); switch (compression) { case PSD_COMP_RAW: if (fread (raw_data, readline_len, channel->rows, f) < 1) { psd_set_error (feof (f), errno, error); return -1; } break; case PSD_COMP_RLE: for (i = 0; i < channel->rows; ++i) { src = g_malloc (rle_pack_len[i]); dst = g_malloc (readline_len); if (fread (src, rle_pack_len[i], 1, f) < 1) { psd_set_error (feof (f), errno, error); return -1; } decode_packbits (src, dst, rle_pack_len[i], readline_len); g_free (src); memcpy (raw_data + i * readline_len, dst, readline_len); g_free (dst); } break; } switch (bps) { case 16: channel->data = (gchar *) g_malloc (channel->rows * channel->columns); convert_16_bit (raw_data, channel->data, (channel->rows * channel->columns) << 1); break; case 8: channel->data = (gchar *) g_malloc (channel->rows * channel->columns); memcpy (channel->data, raw_data, (channel->rows * channel->columns)); break; case 1: channel->data = (gchar *) g_malloc (channel->rows * channel->columns); convert_1_bit (raw_data, channel->data, channel->rows, channel->columns); break; } g_free (raw_data); return 1; }",gimp,,,11343182587145331465875286599142775204,0 2714,CWE-190,"SPL_METHOD(SplFileInfo, getFilename) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); int path_len; if (zend_parse_parameters_none() == FAILURE) { return; } spl_filesystem_object_get_path(intern, &path_len TSRMLS_CC); if (path_len && path_len < intern->file_name_len) { RETURN_STRINGL(intern->file_name + path_len + 1, intern->file_name_len - (path_len + 1), 1); } else { RETURN_STRINGL(intern->file_name, intern->file_name_len, 1); } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,84382564993136,1 2179,['CWE-400'],"static struct page *shmem_alloc_page(gfp_t gfp, struct shmem_inode_info *info, unsigned long idx) { struct vm_area_struct pvma; pvma.vm_start = 0; pvma.vm_pgoff = idx; pvma.vm_ops = NULL; pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx); return alloc_page_vma(gfp, &pvma, 0); }",linux-2.6,,,90422571972587623136378299407276115302,0 3023,CWE-125,"int main() { gdImagePtr im; char *buffer; size_t size; size = read_test_file(&buffer, ""heap_overflow.tga""); im = gdImageCreateFromTgaPtr(size, (void *) buffer); gdTestAssert(im == NULL); free(buffer); return gdNumFailures(); }",visit repo url,tests/tga/heap_overflow.c,https://github.com/libgd/libgd,27669468337986,1 5052,CWE-190,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 3049,CWE-189,"bit_in(PG_FUNCTION_ARGS) { char *input_string = PG_GETARG_CSTRING(0); #ifdef NOT_USED Oid typelem = PG_GETARG_OID(1); #endif int32 atttypmod = PG_GETARG_INT32(2); VarBit *result; char *sp; bits8 *r; int len, bitlen, slen; bool bit_not_hex; int bc; bits8 x = 0; if (input_string[0] == 'b' || input_string[0] == 'B') { bit_not_hex = true; sp = input_string + 1; } else if (input_string[0] == 'x' || input_string[0] == 'X') { bit_not_hex = false; sp = input_string + 1; } else { bit_not_hex = true; sp = input_string; } slen = strlen(sp); if (bit_not_hex) bitlen = slen; else bitlen = slen * 4; if (atttypmod <= 0) atttypmod = bitlen; else if (bitlen != atttypmod) ereport(ERROR, (errcode(ERRCODE_STRING_DATA_LENGTH_MISMATCH), errmsg(""bit string length %d does not match type bit(%d)"", bitlen, atttypmod))); len = VARBITTOTALLEN(atttypmod); result = (VarBit *) palloc0(len); SET_VARSIZE(result, len); VARBITLEN(result) = atttypmod; r = VARBITS(result); if (bit_not_hex) { x = HIGHBIT; for (; *sp; sp++) { if (*sp == '1') *r |= x; else if (*sp != '0') ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""\""%c\"" is not a valid binary digit"", *sp))); x >>= 1; if (x == 0) { x = HIGHBIT; r++; } } } else { for (bc = 0; *sp; sp++) { if (*sp >= '0' && *sp <= '9') x = (bits8) (*sp - '0'); else if (*sp >= 'A' && *sp <= 'F') x = (bits8) (*sp - 'A') + 10; else if (*sp >= 'a' && *sp <= 'f') x = (bits8) (*sp - 'a') + 10; else ereport(ERROR, (errcode(ERRCODE_INVALID_TEXT_REPRESENTATION), errmsg(""\""%c\"" is not a valid hexadecimal digit"", *sp))); if (bc) { *r++ |= x; bc = 0; } else { *r = x << 4; bc = 1; } } } PG_RETURN_VARBIT_P(result); }",visit repo url,src/backend/utils/adt/varbit.c,https://github.com/postgres/postgres,240384154383156,1 6586,['CWE-200'],"get_iter_for_connection (GtkTreeModel *model, NMExportedConnection *exported, GtkTreeIter *iter) { GtkTreeIter temp_iter; gboolean found = FALSE; if (!gtk_tree_model_get_iter_first (model, &temp_iter)) return FALSE; do { NMExportedConnection *candidate = NULL; gtk_tree_model_get (model, &temp_iter, COL_CONNECTION, &candidate, -1); if (candidate && (candidate == exported)) { *iter = temp_iter; found = TRUE; break; } } while (gtk_tree_model_iter_next (model, &temp_iter)); return found; }",network-manager-applet,,,14005572858823475826204880286229059915,0 1781,[],"static struct ctl_table *sd_alloc_ctl_entry(int n) { struct ctl_table *entry = kcalloc(n, sizeof(struct ctl_table), GFP_KERNEL); return entry; }",linux-2.6,,,311990745307783070242200665206634570275,0 2037,CWE-416,"static void sunkbd_reinit(struct work_struct *work) { struct sunkbd *sunkbd = container_of(work, struct sunkbd, tq); wait_event_interruptible_timeout(sunkbd->wait, sunkbd->reset >= 0, HZ); serio_write(sunkbd->serio, SUNKBD_CMD_SETLED); serio_write(sunkbd->serio, (!!test_bit(LED_CAPSL, sunkbd->dev->led) << 3) | (!!test_bit(LED_SCROLLL, sunkbd->dev->led) << 2) | (!!test_bit(LED_COMPOSE, sunkbd->dev->led) << 1) | !!test_bit(LED_NUML, sunkbd->dev->led)); serio_write(sunkbd->serio, SUNKBD_CMD_NOCLICK - !!test_bit(SND_CLICK, sunkbd->dev->snd)); serio_write(sunkbd->serio, SUNKBD_CMD_BELLOFF - !!test_bit(SND_BELL, sunkbd->dev->snd)); }",visit repo url,drivers/input/keyboard/sunkbd.c,https://github.com/torvalds/linux,213081961397660,1 5982,CWE-120,"static PyObject *__pyx_pf_17clickhouse_driver_14bufferedreader_14BufferedReader_4read(struct __pyx_obj_17clickhouse_driver_14bufferedreader_BufferedReader *__pyx_v_self, Py_ssize_t __pyx_v_unread) { Py_ssize_t __pyx_v_next_position; Py_ssize_t __pyx_v_t; char *__pyx_v_buffer_ptr; Py_ssize_t __pyx_v_read_bytes; PyObject *__pyx_v_rv = NULL; PyObject *__pyx_r = NULL; __Pyx_RefNannyDeclarations int __pyx_t_1; Py_ssize_t __pyx_t_2; PyObject *__pyx_t_3 = NULL; PyObject *__pyx_t_4 = NULL; PyObject *__pyx_t_5 = NULL; Py_ssize_t __pyx_t_6; Py_ssize_t __pyx_t_7; __Pyx_RefNannySetupContext(""read"", 0); __pyx_v_next_position = (__pyx_v_unread + __pyx_v_self->position); __pyx_t_1 = ((__pyx_v_next_position < __pyx_v_self->current_buffer_size) != 0); if (__pyx_t_1) { __pyx_t_2 = __pyx_v_self->position; __pyx_v_t = __pyx_t_2; __pyx_v_self->position = __pyx_v_next_position; __Pyx_XDECREF(__pyx_r); if (unlikely(__pyx_v_self->buffer == Py_None)) { PyErr_SetString(PyExc_TypeError, ""'NoneType' object is not subscriptable""); __PYX_ERR(0, 32, __pyx_L1_error) } __pyx_t_3 = PySequence_GetSlice(__pyx_v_self->buffer, __pyx_v_t, __pyx_v_self->position); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 32, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_4 = __Pyx_PyObject_CallOneArg(((PyObject *)(&PyBytes_Type)), __pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 32, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __pyx_r = __pyx_t_4; __pyx_t_4 = 0; goto __pyx_L0; } __pyx_t_4 = __pyx_v_self->buffer; __Pyx_INCREF(__pyx_t_4); __pyx_v_buffer_ptr = PyByteArray_AsString(__pyx_t_4); __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __Pyx_PyObject_CallNoArg(((PyObject *)(&PyBytes_Type))); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 36, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __pyx_v_rv = ((PyObject*)__pyx_t_4); __pyx_t_4 = 0; while (1) { __pyx_t_1 = ((__pyx_v_unread > 0) != 0); if (!__pyx_t_1) break; __pyx_t_1 = ((__pyx_v_self->position == __pyx_v_self->current_buffer_size) != 0); if (__pyx_t_1) { __pyx_t_3 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_read_into_buffer); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 40, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __pyx_t_5 = NULL; if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_3))) { __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3); if (likely(__pyx_t_5)) { PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3); __Pyx_INCREF(__pyx_t_5); __Pyx_INCREF(function); __Pyx_DECREF_SET(__pyx_t_3, function); } } __pyx_t_4 = (__pyx_t_5) ? __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_5) : __Pyx_PyObject_CallNoArg(__pyx_t_3); __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0; if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 40, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0; __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_t_4 = __pyx_v_self->buffer; __Pyx_INCREF(__pyx_t_4); __pyx_v_buffer_ptr = PyByteArray_AsString(__pyx_t_4); __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __pyx_v_self->position = 0; } __pyx_t_2 = (__pyx_v_self->current_buffer_size - __pyx_v_self->position); __pyx_t_6 = __pyx_v_unread; if (((__pyx_t_2 < __pyx_t_6) != 0)) { __pyx_t_7 = __pyx_t_2; } else { __pyx_t_7 = __pyx_t_6; } __pyx_v_read_bytes = __pyx_t_7; __pyx_t_4 = PyBytes_FromStringAndSize((&(__pyx_v_buffer_ptr[__pyx_v_self->position])), __pyx_v_read_bytes); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 45, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_4); __pyx_t_3 = PyNumber_InPlaceAdd(__pyx_v_rv, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 45, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_3); __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0; __Pyx_DECREF_SET(__pyx_v_rv, ((PyObject*)__pyx_t_3)); __pyx_t_3 = 0; __pyx_v_self->position = (__pyx_v_self->position + __pyx_v_read_bytes); __pyx_v_unread = (__pyx_v_unread - __pyx_v_read_bytes); } __Pyx_XDECREF(__pyx_r); __Pyx_INCREF(__pyx_v_rv); __pyx_r = __pyx_v_rv; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_3); __Pyx_XDECREF(__pyx_t_4); __Pyx_XDECREF(__pyx_t_5); __Pyx_AddTraceback(""clickhouse_driver.bufferedreader.BufferedReader.read"", __pyx_clineno, __pyx_lineno, __pyx_filename); __pyx_r = NULL; __pyx_L0:; __Pyx_XDECREF(__pyx_v_rv); __Pyx_XGIVEREF(__pyx_r); __Pyx_RefNannyFinishContext(); return __pyx_r; }",visit repo url,clickhouse_driver/bufferedreader.c,https://github.com/mymarilyn/clickhouse-driver,156463000134176,1 6397,CWE-20,"bool_t enc624j600IrqHandler(NetInterface *interface) { bool_t flag; uint16_t status; flag = FALSE; enc624j600ClearBit(interface, ENC624J600_REG_EIE, EIE_INTIE); status = enc624j600ReadReg(interface, ENC624J600_REG_EIR); if((status & EIR_LINKIF) != 0) { enc624j600ClearBit(interface, ENC624J600_REG_EIE, EIE_LINKIE); interface->nicEvent = TRUE; flag |= osSetEventFromIsr(&netEvent); } if((status & EIR_PKTIF) != 0) { enc624j600ClearBit(interface, ENC624J600_REG_EIE, EIE_PKTIE); interface->nicEvent = TRUE; flag |= osSetEventFromIsr(&netEvent); } if((status & (EIR_TXIF | EIR_TXABTIF)) != 0) { enc624j600ClearBit(interface, ENC624J600_REG_EIR, EIR_TXIF | EIR_TXABTIF); flag |= osSetEventFromIsr(&interface->nicTxEvent); } enc624j600SetBit(interface, ENC624J600_REG_EIE, EIE_INTIE); return flag; }",visit repo url,drivers/eth/enc624j600_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,107638040217989,1 4429,['CWE-264'],"struct sock *sk_alloc(struct net *net, int family, gfp_t priority, struct proto *prot) { struct sock *sk; sk = sk_prot_alloc(prot, priority | __GFP_ZERO, family); if (sk) { sk->sk_family = family; sk->sk_prot = sk->sk_prot_creator = prot; sock_lock_init(sk); sock_net_set(sk, get_net(net)); } return sk; }",linux-2.6,,,230327109761553863673274271617362034344,0 1388,CWE-399,"static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx) { struct xenvif *vif; struct pending_tx_info *pending_tx_info; pending_ring_idx_t index; if (netbk->mmap_pages[pending_idx] == NULL) return; pending_tx_info = &netbk->pending_tx_info[pending_idx]; vif = pending_tx_info->vif; make_tx_response(vif, &pending_tx_info->req, XEN_NETIF_RSP_OKAY); index = pending_index(netbk->pending_prod++); netbk->pending_ring[index] = pending_idx; xenvif_put(vif); netbk->mmap_pages[pending_idx]->mapping = 0; put_page(netbk->mmap_pages[pending_idx]); netbk->mmap_pages[pending_idx] = NULL; }",visit repo url,drivers/net/xen-netback/netback.c,https://github.com/torvalds/linux,256982044762920,1 1080,['CWE-20'],"static void groups_sort(struct group_info *group_info) { int base, max, stride; int gidsetsize = group_info->ngroups; for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1) ; stride /= 3; while (stride) { max = gidsetsize - stride; for (base = 0; base < max; base++) { int left = base; int right = left + stride; gid_t tmp = GROUP_AT(group_info, right); while (left >= 0 && GROUP_AT(group_info, left) > tmp) { GROUP_AT(group_info, right) = GROUP_AT(group_info, left); right = left; left -= stride; } GROUP_AT(group_info, right) = tmp; } stride /= 3; } }",linux-2.6,,,119429697845714659953753441293436820984,0 3787,CWE-125,"getvcol( win_T *wp, pos_T *pos, colnr_T *start, colnr_T *cursor, colnr_T *end) { colnr_T vcol; char_u *ptr; char_u *posptr; char_u *line; int incr; int head; #ifdef FEAT_VARTABS int *vts = wp->w_buffer->b_p_vts_array; #endif int ts = wp->w_buffer->b_p_ts; int c; vcol = 0; line = ptr = ml_get_buf(wp->w_buffer, pos->lnum, FALSE); if (pos->col == MAXCOL) posptr = NULL; else { if (*ptr == NUL) pos->col = 0; posptr = ptr + pos->col; if (has_mbyte) posptr -= (*mb_head_off)(line, posptr); } if ((!wp->w_p_list || wp->w_lcs_chars.tab1 != NUL) #ifdef FEAT_LINEBREAK && !wp->w_p_lbr && *get_showbreak_value(wp) == NUL && !wp->w_p_bri #endif ) { for (;;) { head = 0; c = *ptr; if (c == NUL) { incr = 1; break; } if (c == TAB) #ifdef FEAT_VARTABS incr = tabstop_padding(vcol, ts, vts); #else incr = ts - (vcol % ts); #endif else { if (has_mbyte) { if (enc_utf8 && c >= 0x80) incr = utf_ptr2cells(ptr); else incr = g_chartab[c] & CT_CELL_MASK; if (incr == 2 && wp->w_p_wrap && MB_BYTE2LEN(*ptr) > 1 && in_win_border(wp, vcol)) { ++incr; head = 1; } } else incr = g_chartab[c] & CT_CELL_MASK; } if (posptr != NULL && ptr >= posptr) break; vcol += incr; MB_PTR_ADV(ptr); } } else { for (;;) { head = 0; incr = win_lbr_chartabsize(wp, line, ptr, vcol, &head); if (*ptr == NUL) { incr = 1; break; } if (posptr != NULL && ptr >= posptr) break; vcol += incr; MB_PTR_ADV(ptr); } } if (start != NULL) *start = vcol + head; if (end != NULL) *end = vcol + incr - 1; if (cursor != NULL) { if (*ptr == TAB && (State & NORMAL) && !wp->w_p_list && !virtual_active() && !(VIsual_active && (*p_sel == 'e' || LTOREQ_POS(*pos, VIsual))) ) *cursor = vcol + incr - 1; else *cursor = vcol + head; } }",visit repo url,src/charset.c,https://github.com/vim/vim,149195891053071,1 4490,['CWE-264'],"static irqreturn_t skfp_interrupt(int irq, void *dev_id) { struct net_device *dev = dev_id; struct s_smc *smc; skfddi_priv *bp; smc = netdev_priv(dev); bp = &smc->os; if (inpd(ADDR(B0_IMSK)) == 0) { return IRQ_NONE; } if ((inpd(ISR_A) & smc->hw.is_imask) == 0) { return IRQ_NONE; } CLI_FBI(); spin_lock(&bp->DriverLock); fddi_isr(smc); if (smc->os.ResetRequested) { ResetAdapter(smc); smc->os.ResetRequested = FALSE; } spin_unlock(&bp->DriverLock); STI_FBI(); return IRQ_HANDLED; } ",linux-2.6,,,302424821563859671229293390842063633025,0 1757,CWE-119,"check_entry_size_and_hooks(struct ipt_entry *e, struct xt_table_info *newinfo, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, unsigned int valid_hooks) { unsigned int h; int err; if ((unsigned long)e % __alignof__(struct ipt_entry) != 0 || (unsigned char *)e + sizeof(struct ipt_entry) >= limit) { duprintf(""Bad offset %p\n"", e); return -EINVAL; } if (e->next_offset < sizeof(struct ipt_entry) + sizeof(struct xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } err = check_entry(e); if (err) return err; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if (!(valid_hooks & (1 << h))) continue; if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) { if (!check_underflow(e)) { pr_err(""Underflows must be unconditional and "" ""use the STANDARD target with "" ""ACCEPT/DROP\n""); return -EINVAL; } newinfo->underflow[h] = underflows[h]; } } e->counters = ((struct xt_counters) { 0, 0 }); e->comefrom = 0; return 0; }",visit repo url,net/ipv4/netfilter/ip_tables.c,https://github.com/torvalds/linux,173499223915734,1 3255,['CWE-189'],"void jas_matrix_bindsub(jas_matrix_t *mat0, jas_matrix_t *mat1, int r0, int c0, int r1, int c1) { int i; if (mat0->data_) { if (!(mat0->flags_ & JAS_MATRIX_REF)) { jas_free(mat0->data_); } mat0->data_ = 0; mat0->datasize_ = 0; } if (mat0->rows_) { jas_free(mat0->rows_); mat0->rows_ = 0; } mat0->flags_ |= JAS_MATRIX_REF; mat0->numrows_ = r1 - r0 + 1; mat0->numcols_ = c1 - c0 + 1; mat0->maxrows_ = mat0->numrows_; mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *)); for (i = 0; i < mat0->numrows_; ++i) { mat0->rows_[i] = mat1->rows_[r0 + i] + c0; } mat0->xstart_ = mat1->xstart_ + c0; mat0->ystart_ = mat1->ystart_ + r0; mat0->xend_ = mat0->xstart_ + mat0->numcols_; mat0->yend_ = mat0->ystart_ + mat0->numrows_; }",jasper,,,117665757235894368201687867144178543739,0 1632,[],"static void destroy_rt_bandwidth(struct rt_bandwidth *rt_b) { hrtimer_cancel(&rt_b->rt_period_timer); }",linux-2.6,,,29586854407100999481044531196766850469,0 156,CWE-362,"static int sco_send_frame(struct sock *sk, struct msghdr *msg, int len) { struct sco_conn *conn = sco_pi(sk)->conn; struct sk_buff *skb; int err; if (len > conn->mtu) return -EINVAL; BT_DBG(""sk %p len %d"", sk, len); skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); if (!skb) return err; if (memcpy_from_msg(skb_put(skb, len), msg, len)) { kfree_skb(skb); return -EFAULT; } hci_send_sco(conn->hcon, skb); return len; }",visit repo url,net/bluetooth/sco.c,https://github.com/torvalds/linux,228342911295797,1 4778,CWE-415,"static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) { muscle_private_t* priv = MUSCLE_DATA(card); mscfs_t *fs = priv->fs; int x; int count = 0; mscfs_check_cache(priv->fs); for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ""FILE: %02X%02X%02X%02X\n"", oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; if(buf[0] == 0x00 && buf[1] == 0x00) continue; buf += 2; count+=2; } } return count; }",visit repo url,src/libopensc/card-muscle.c,https://github.com/OpenSC/OpenSC,15195210024435,1 1068,CWE-189,"struct timespec ns_to_timespec(const s64 nsec) { struct timespec ts; if (!nsec) return (struct timespec) {0, 0}; ts.tv_sec = div_long_long_rem_signed(nsec, NSEC_PER_SEC, &ts.tv_nsec); if (unlikely(nsec < 0)) set_normalized_timespec(&ts, ts.tv_sec, ts.tv_nsec); return ts; }",visit repo url,kernel/time.c,https://github.com/torvalds/linux,22394180264763,1 4801,['CWE-399'],"void avahi_server_config_free(AvahiServerConfig *c) { assert(c); avahi_free(c->host_name); avahi_free(c->domain_name); avahi_string_list_free(c->browse_domains); avahi_string_list_free(c->allow_interfaces); avahi_string_list_free(c->deny_interfaces); }",avahi,,,247172868058276305824303405978230480371,0 1603,[],"static void set_se_shares(struct sched_entity *se, unsigned long shares) { struct cfs_rq *cfs_rq = se->cfs_rq; struct rq *rq = cfs_rq->rq; unsigned long flags; spin_lock_irqsave(&rq->lock, flags); __set_se_shares(se, shares); spin_unlock_irqrestore(&rq->lock, flags); }",linux-2.6,,,215512390825948102205708316778280901786,0 5156,['CWE-20'],"static void vmcs_clear_bits(unsigned long field, u32 mask) { vmcs_writel(field, vmcs_readl(field) & ~mask); }",linux-2.6,,,124747986259635588578117164343513356188,0 892,CWE-20,"vsock_stream_recvmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { struct sock *sk; struct vsock_sock *vsk; int err; size_t target; ssize_t copied; long timeout; struct vsock_transport_recv_notify_data recv_data; DEFINE_WAIT(wait); sk = sock->sk; vsk = vsock_sk(sk); err = 0; msg->msg_namelen = 0; lock_sock(sk); if (sk->sk_state != SS_CONNECTED) { if (sock_flag(sk, SOCK_DONE)) err = 0; else err = -ENOTCONN; goto out; } if (flags & MSG_OOB) { err = -EOPNOTSUPP; goto out; } if (sk->sk_shutdown & RCV_SHUTDOWN) { err = 0; goto out; } if (!len) { err = 0; goto out; } target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); if (target >= transport->stream_rcvhiwat(vsk)) { err = -ENOMEM; goto out; } timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); copied = 0; err = transport->notify_recv_init(vsk, target, &recv_data); if (err < 0) goto out; prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); while (1) { s64 ready = vsock_stream_has_data(vsk); if (ready < 0) { err = -ENOMEM; goto out_wait; } else if (ready > 0) { ssize_t read; err = transport->notify_recv_pre_dequeue( vsk, target, &recv_data); if (err < 0) break; read = transport->stream_dequeue( vsk, msg->msg_iov, len - copied, flags); if (read < 0) { err = -ENOMEM; break; } copied += read; err = transport->notify_recv_post_dequeue( vsk, target, read, !(flags & MSG_PEEK), &recv_data); if (err < 0) goto out_wait; if (read >= target || flags & MSG_PEEK) break; target -= read; } else { if (sk->sk_err != 0 || (sk->sk_shutdown & RCV_SHUTDOWN) || (vsk->peer_shutdown & SEND_SHUTDOWN)) { break; } if (timeout == 0) { err = -EAGAIN; break; } err = transport->notify_recv_pre_block( vsk, target, &recv_data); if (err < 0) break; release_sock(sk); timeout = schedule_timeout(timeout); lock_sock(sk); if (signal_pending(current)) { err = sock_intr_errno(timeout); break; } else if (timeout == 0) { err = -EAGAIN; break; } prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE); } } if (sk->sk_err) err = -sk->sk_err; else if (sk->sk_shutdown & RCV_SHUTDOWN) err = 0; if (copied > 0) { if (!(flags & MSG_PEEK)) { if (vsk->peer_shutdown & SEND_SHUTDOWN) { if (vsock_stream_has_data(vsk) <= 0) { sk->sk_state = SS_UNCONNECTED; sock_set_flag(sk, SOCK_DONE); sk->sk_state_change(sk); } } } err = copied; } out_wait: finish_wait(sk_sleep(sk), &wait); out: release_sock(sk); return err; }",visit repo url,net/vmw_vsock/af_vsock.c,https://github.com/torvalds/linux,94541206747475,1 4870,CWE-119,"const char * util_acl_to_str(const sc_acl_entry_t *e) { static char line[80], buf[20]; unsigned int acl; if (e == NULL) return ""N/A""; line[0] = 0; while (e != NULL) { acl = e->method; switch (acl) { case SC_AC_UNKNOWN: return ""N/A""; case SC_AC_NEVER: return ""NEVR""; case SC_AC_NONE: return ""NONE""; case SC_AC_CHV: strcpy(buf, ""CHV""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""%d"", e->key_ref); break; case SC_AC_TERM: strcpy(buf, ""TERM""); break; case SC_AC_PRO: strcpy(buf, ""PROT""); break; case SC_AC_AUT: strcpy(buf, ""AUTH""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 4, ""%d"", e->key_ref); break; case SC_AC_SEN: strcpy(buf, ""Sec.Env. ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; case SC_AC_SCB: strcpy(buf, ""Sec.ControlByte ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""Ox%X"", e->key_ref); break; case SC_AC_IDA: strcpy(buf, ""PKCS#15 AuthID ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; default: strcpy(buf, ""????""); break; } strcat(line, buf); strcat(line, "" ""); e = e->next; } line[strlen(line)-1] = 0; return line; }",visit repo url,src/tools/util.c,https://github.com/OpenSC/OpenSC,34728816745796,1 747,['CWE-119'],"static __inline__ void isdn_net_zero_frame_cnt(isdn_net_local *lp) { atomic_set(&lp->frame_cnt, 0); }",linux-2.6,,,337132112774721331855658573207385667164,0 4570,['CWE-399'],"static inline loff_t ext4_isize(struct ext4_inode *raw_inode) { if (S_ISREG(le16_to_cpu(raw_inode->i_mode))) return ((loff_t)le32_to_cpu(raw_inode->i_size_high) << 32) | le32_to_cpu(raw_inode->i_size_lo); else return (loff_t) le32_to_cpu(raw_inode->i_size_lo);",linux-2.6,,,193151014114471267053974152130085703553,0 5564,[],"block_all_signals(int (*notifier)(void *priv), void *priv, sigset_t *mask) { unsigned long flags; spin_lock_irqsave(¤t->sighand->siglock, flags); current->notifier_mask = mask; current->notifier_data = priv; current->notifier = notifier; spin_unlock_irqrestore(¤t->sighand->siglock, flags); }",linux-2.6,,,53839032448739103055525314191084155971,0 6028,CWE-476,"print_just_file_entry_details(Dwarf_Debug dbg, Dwarf_Line_Context line_context) { unsigned fiu = 0; Dwarf_File_Entry fe = line_context->lc_file_entries; Dwarf_File_Entry fe2 = fe; dwarfstring m3; dwarfstring_constructor_static(&m3,locallinebuf, sizeof(locallinebuf)); dwarfstring_append_printf_i(&m3, "" file names count %d\n"", line_context->lc_file_entry_count); _dwarf_printf(dbg,dwarfstring_string(&m3)); dwarfstring_reset(&m3); for (fiu = 0 ; fe2 ; fe2 = fe->fi_next,++fiu ) { Dwarf_Unsigned tlm2 = 0; unsigned filenum = 0; fe = fe2; tlm2 = fe->fi_time_last_mod; filenum = fiu+1; if (line_context->lc_file_entry_count > 9) { dwarfstring_append_printf_u(&m3, "" file[%2u] "",fiu); dwarfstring_append_printf_s(&m3, ""%-20s "", (char *) fe->fi_file_name); dwarfstring_append_printf_u(&m3, ""(file-number: %u)\n"", filenum); } else { dwarfstring_append_printf_u(&m3, "" file[%u] "", fiu); dwarfstring_append_printf_s(&m3, ""%-20s "",(char *)fe->fi_file_name); dwarfstring_append_printf_u(&m3, ""(file-number: %u)\n"",filenum); } _dwarf_printf(dbg,dwarfstring_string(&m3)); dwarfstring_reset(&m3); if (fe->fi_dir_index_present) { Dwarf_Unsigned di = 0; di = fe->fi_dir_index; dwarfstring_append_printf_i(&m3, "" dir index %d\n"", di); } if (fe->fi_time_last_mod_present) { time_t tt = (time_t) tlm2; dwarfstring_append_printf_u(&m3, "" last time 0x%x "",tlm2); dwarfstring_append(&m3,(char *)ctime(&tt)); } if (fe->fi_file_length_present) { Dwarf_Unsigned fl = 0; fl = fe->fi_file_length; dwarfstring_append_printf_i(&m3, "" file length %ld "",fl); dwarfstring_append_printf_u(&m3, ""0x%lx\n"",fl); } if (fe->fi_md5_present) { char *c = (char *)&fe->fi_md5_value; char *end = c+sizeof(fe->fi_md5_value); dwarfstring_append(&m3, "" file md5 value 0x""); while(c < end) { dwarfstring_append_printf_u(&m3, ""%02x"",0xff&*c); ++c; } dwarfstring_append(&m3,""\n""); } if (dwarfstring_strlen(&m3)) { _dwarf_printf(dbg,dwarfstring_string(&m3)); dwarfstring_reset(&m3); } } dwarfstring_destructor(&m3); }",visit repo url,libdwarf/dwarf_print_lines.c,https://github.com/davea42/libdwarf-code,187598489577849,1 6189,['CWE-200'],"static inline int adjust_priv_size(__u16 args, union iwreq_data * wrqu) { int num = wrqu->data.length; int max = args & IW_PRIV_SIZE_MASK; int type = (args & IW_PRIV_TYPE_MASK) >> 12; if (max < num) num = max; return num * iw_priv_type_size[type]; }",linux-2.6,,,91143641267258756814855151748251707915,0 3952,['CWE-362'],"static void audit_update_watch(struct audit_parent *parent, const char *dname, dev_t dev, unsigned long ino, unsigned invalidating) { struct audit_watch *owatch, *nwatch, *nextw; struct audit_krule *r, *nextr; struct audit_entry *oentry, *nentry; mutex_lock(&audit_filter_mutex); list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) { if (audit_compare_dname_path(dname, owatch->path, NULL)) continue; if (invalidating && current->audit_context && audit_filter_inodes(current, current->audit_context) == AUDIT_RECORD_CONTEXT) audit_set_auditable(current->audit_context); nwatch = audit_dupe_watch(owatch); if (IS_ERR(nwatch)) { mutex_unlock(&audit_filter_mutex); audit_panic(""error updating watch, skipping""); return; } nwatch->dev = dev; nwatch->ino = ino; list_for_each_entry_safe(r, nextr, &owatch->rules, rlist) { oentry = container_of(r, struct audit_entry, rule); list_del(&oentry->rule.rlist); list_del_rcu(&oentry->list); nentry = audit_dupe_rule(&oentry->rule, nwatch); if (IS_ERR(nentry)) audit_panic(""error updating watch, removing""); else { int h = audit_hash_ino((u32)ino); list_add(&nentry->rule.rlist, &nwatch->rules); list_add_rcu(&nentry->list, &audit_inode_hash[h]); } call_rcu(&oentry->rcu, audit_free_rule_rcu); } if (audit_enabled) { struct audit_buffer *ab; ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); audit_log_format(ab, ""auid=%u ses=%u"", audit_get_loginuid(current), audit_get_sessionid(current)); audit_log_format(ab, "" op=updated rules specifying path=""); audit_log_untrustedstring(ab, owatch->path); audit_log_format(ab, "" with dev=%u ino=%lu\n"", dev, ino); audit_log_format(ab, "" list=%d res=1"", r->listnr); audit_log_end(ab); } audit_remove_watch(owatch); goto add_watch_to_parent; } mutex_unlock(&audit_filter_mutex); return; add_watch_to_parent: list_add(&nwatch->wlist, &parent->watches); mutex_unlock(&audit_filter_mutex); return; }",linux-2.6,,,234067363078627205801941169702140464348,0 852,['CWE-119'],"isdn_minor2drv(int minor) { return (dev->drvmap[minor]); }",linux-2.6,,,154708729676796835704421913217755081045,0 6307,['CWE-200'],"static struct tc_action_ops *tc_lookup_action_id(u32 type) { struct tc_action_ops *a = NULL; if (type) { read_lock(&act_mod_lock); for (a = act_base; a; a = a->next) { if (a->type == type) { if (!try_module_get(a->owner)) { read_unlock(&act_mod_lock); return NULL; } break; } } read_unlock(&act_mod_lock); } return a; }",linux-2.6,,,268898152485913561482003721752415025425,0 1426,CWE-310,"static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_hash rhash; struct shash_alg *salg = __crypto_shash_alg(alg); snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""shash""); rhash.blocksize = alg->cra_blocksize; rhash.digestsize = salg->digestsize; if (nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(struct crypto_report_hash), &rhash)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/shash.c,https://github.com/torvalds/linux,20784825367587,1 6190,CWE-190,"void fb_print(const fb_t a) { int i; (void)a; for (i = RLC_FB_DIGS - 1; i > 0; i--) { util_print_dig(a[i], 1); util_print("" ""); } util_print_dig(a[0], 1); util_print(""\n""); }",visit repo url,src/fb/relic_fb_util.c,https://github.com/relic-toolkit/relic,54723543908839,1 2688,CWE-190,"SPL_METHOD(SplFileObject, fgetcsv) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); char delimiter = intern->u.file.delimiter, enclosure = intern->u.file.enclosure, escape = intern->u.file.escape; char *delim = NULL, *enclo = NULL, *esc = NULL; int d_len = 0, e_len = 0, esc_len = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""|sss"", &delim, &d_len, &enclo, &e_len, &esc, &esc_len) == SUCCESS) { switch(ZEND_NUM_ARGS()) { case 3: if (esc_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""escape must be a character""); RETURN_FALSE; } escape = esc[0]; case 2: if (e_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""enclosure must be a character""); RETURN_FALSE; } enclosure = enclo[0]; case 1: if (d_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""delimiter must be a character""); RETURN_FALSE; } delimiter = delim[0]; case 0: break; } spl_filesystem_file_read_csv(intern, delimiter, enclosure, escape, return_value TSRMLS_CC); } }",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,217365059500841,1 3350,[],"static inline int nla_ok(const struct nlattr *nla, int remaining) { return remaining >= (int) sizeof(*nla) && nla->nla_len >= sizeof(*nla) && nla->nla_len <= remaining; }",linux-2.6,,,291105975237518945582282175274561227850,0 4545,CWE-400,"void gf_filter_pid_detach_task(GF_FSTask *task) { u32 i, count; GF_Filter *filter = task->filter; GF_FilterPid *pid = task->pid->pid; GF_FilterPidInst *pidinst=NULL; GF_Filter *new_chain_input = task->udta; if (pid->filter->stream_reset_pending) { TASK_REQUEUE(task) return; } if (new_chain_input->in_pid_connection_pending) { TASK_REQUEUE(task) return; } count = pid->num_destinations; for (i=0; idestinations, i); if (pidinst->filter==filter) { break; } pidinst=NULL; } if (pidinst && gf_fq_count(pidinst->packets)) { Bool in_process = filter->in_process; filter->in_process = GF_FALSE; filter->in_force_flush = GF_TRUE; pidinst->force_flush = GF_TRUE; gf_filter_process_inline(filter); pidinst->force_flush = GF_FALSE; filter->in_force_flush = GF_FALSE; filter->in_process = in_process; TASK_REQUEUE(task) return; } assert(filter->freg->configure_pid); GF_LOG(GF_LOG_INFO, GF_LOG_FILTER, (""Filter %s pid %s detach from %s\n"", task->pid->pid->filter->name, task->pid->pid->name, task->filter->name)); assert(pid->filter->detach_pid_tasks_pending); safe_int_dec(&pid->filter->detach_pid_tasks_pending); if (!pidinst) { GF_LOG(GF_LOG_ERROR, GF_LOG_FILTER, (""Trying to detach PID %s not present in filter %s inputs\n"", pid->name, filter->name)); assert(!new_chain_input->swap_pidinst_src); new_chain_input->swap_needs_init = GF_FALSE; return; } if (pidinst->props) { assert(pidinst->props->reference_count); if (safe_int_dec(& pidinst->props->reference_count) == 0) { gf_mx_p(pidinst->pid->filter->tasks_mx); gf_list_del_item(pidinst->pid->properties, pidinst->props); gf_mx_v(pidinst->pid->filter->tasks_mx); gf_props_del(pidinst->props); } } pidinst->props = NULL; gf_mx_p(filter->tasks_mx); count = gf_fq_count(pidinst->packets); assert(count <= filter->pending_packets); safe_int_sub(&filter->pending_packets, (s32) count); gf_filter_pid_inst_reset(pidinst); pidinst->pid = NULL; gf_list_del_item(pid->destinations, pidinst); pid->num_destinations = gf_list_count(pid->destinations); gf_list_del_item(filter->input_pids, pidinst); filter->num_input_pids = gf_list_count(filter->input_pids); if (!filter->num_input_pids) filter->single_source = NULL; gf_mx_v(filter->tasks_mx); if (!filter->detached_pid_inst) { filter->detached_pid_inst = gf_list_new(); } if (gf_list_find(filter->detached_pid_inst, pidinst)<0) gf_list_add(filter->detached_pid_inst, pidinst); if (new_chain_input->swap_needs_init) { new_chain_input->swap_pidinst_dst = NULL; new_chain_input->swap_pidinst_src = NULL; new_chain_input->swap_needs_init = GF_FALSE; } assert(new_chain_input->detach_pid_tasks_pending); safe_int_dec(&new_chain_input->detach_pid_tasks_pending);",visit repo url,src/filter_core/filter_pid.c,https://github.com/gpac/gpac,86606570887540,1 1566,[],"int sched_group_set_rt_runtime(struct task_group *tg, long rt_runtime_us) { u64 rt_runtime, rt_period; rt_period = ktime_to_ns(tg->rt_bandwidth.rt_period); rt_runtime = (u64)rt_runtime_us * NSEC_PER_USEC; if (rt_runtime_us < 0) rt_runtime = RUNTIME_INF; return tg_set_bandwidth(tg, rt_period, rt_runtime); }",linux-2.6,,,101267606639170642791713675886109952953,0 2724,CWE-415,"static void _php_mb_regex_ereg_replace_exec(INTERNAL_FUNCTION_PARAMETERS, OnigOptionType options, int is_callable) { zval **arg_pattern_zval; char *arg_pattern; int arg_pattern_len; char *replace; int replace_len; zend_fcall_info arg_replace_fci; zend_fcall_info_cache arg_replace_fci_cache; char *string; int string_len; char *p; php_mb_regex_t *re; OnigSyntaxType *syntax; OnigRegion *regs = NULL; smart_str out_buf = { 0 }; smart_str eval_buf = { 0 }; smart_str *pbuf; int i, err, eval, n; OnigUChar *pos; OnigUChar *string_lim; char *description = NULL; char pat_buf[2]; const mbfl_encoding *enc; { const char *current_enc_name; current_enc_name = _php_mb_regex_mbctype2name(MBREX(current_mbctype)); if (current_enc_name == NULL || (enc = mbfl_name2encoding(current_enc_name)) == NULL) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Unknown error""); RETURN_FALSE; } } eval = 0; { char *option_str = NULL; int option_str_len = 0; if (!is_callable) { if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""Zss|s"", &arg_pattern_zval, &replace, &replace_len, &string, &string_len, &option_str, &option_str_len) == FAILURE) { RETURN_FALSE; } } else { if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""Zfs|s"", &arg_pattern_zval, &arg_replace_fci, &arg_replace_fci_cache, &string, &string_len, &option_str, &option_str_len) == FAILURE) { RETURN_FALSE; } } if (option_str != NULL) { _php_mb_regex_init_options(option_str, option_str_len, &options, &syntax, &eval); } else { options |= MBREX(regex_default_options); syntax = MBREX(regex_default_syntax); } } if (Z_TYPE_PP(arg_pattern_zval) == IS_STRING) { arg_pattern = Z_STRVAL_PP(arg_pattern_zval); arg_pattern_len = Z_STRLEN_PP(arg_pattern_zval); } else { convert_to_long_ex(arg_pattern_zval); pat_buf[0] = (char)Z_LVAL_PP(arg_pattern_zval); pat_buf[1] = '\0'; arg_pattern = pat_buf; arg_pattern_len = 1; } re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, options, MBREX(current_mbctype), syntax TSRMLS_CC); if (re == NULL) { RETURN_FALSE; } if (eval || is_callable) { pbuf = &eval_buf; description = zend_make_compiled_string_description(""mbregex replace"" TSRMLS_CC); } else { pbuf = &out_buf; description = NULL; } if (is_callable) { if (eval) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Option 'e' cannot be used with replacement callback""); RETURN_FALSE; } } err = 0; pos = (OnigUChar *)string; string_lim = (OnigUChar*)(string + string_len); regs = onig_region_new(); while (err >= 0) { err = onig_search(re, (OnigUChar *)string, (OnigUChar *)string_lim, pos, (OnigUChar *)string_lim, regs, 0); if (err <= -2) { OnigUChar err_str[ONIG_MAX_ERROR_MESSAGE_LEN]; onig_error_code_to_str(err_str, err); php_error_docref(NULL TSRMLS_CC, E_WARNING, ""mbregex search failure in php_mbereg_replace_exec(): %s"", err_str); break; } if (err >= 0) { #if moriyoshi_0 if (regs->beg[0] == regs->end[0]) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Empty regular expression""); break; } #endif smart_str_appendl(&out_buf, pos, (size_t)((OnigUChar *)(string + regs->beg[0]) - pos)); if (!is_callable) { i = 0; p = replace; while (i < replace_len) { int fwd = (int) php_mb_mbchar_bytes_ex(p, enc); n = -1; if ((replace_len - i) >= 2 && fwd == 1 && p[0] == '\\' && p[1] >= '0' && p[1] <= '9') { n = p[1] - '0'; } if (n >= 0 && n < regs->num_regs) { if (regs->beg[n] >= 0 && regs->beg[n] < regs->end[n] && regs->end[n] <= string_len) { smart_str_appendl(pbuf, string + regs->beg[n], regs->end[n] - regs->beg[n]); } p += 2; i += 2; } else { smart_str_appendl(pbuf, p, fwd); p += fwd; i += fwd; } } } if (eval) { zval v; smart_str_0(&eval_buf); if (zend_eval_stringl(eval_buf.c, eval_buf.len, &v, description TSRMLS_CC) == FAILURE) { efree(description); php_error_docref(NULL TSRMLS_CC,E_ERROR, ""Failed evaluating code: %s%s"", PHP_EOL, eval_buf.c); } convert_to_string(&v); smart_str_appendl(&out_buf, Z_STRVAL(v), Z_STRLEN(v)); eval_buf.len = 0; zval_dtor(&v); } else if (is_callable) { zval *retval_ptr; zval **args[1]; zval *subpats; int i; MAKE_STD_ZVAL(subpats); array_init(subpats); for (i = 0; i < regs->num_regs; i++) { add_next_index_stringl(subpats, string + regs->beg[i], regs->end[i] - regs->beg[i], 1); } args[0] = &subpats; smart_str_0(&eval_buf); arg_replace_fci.param_count = 1; arg_replace_fci.params = args; arg_replace_fci.retval_ptr_ptr = &retval_ptr; if (zend_call_function(&arg_replace_fci, &arg_replace_fci_cache TSRMLS_CC) == SUCCESS && arg_replace_fci.retval_ptr_ptr) { convert_to_string_ex(&retval_ptr); smart_str_appendl(&out_buf, Z_STRVAL_P(retval_ptr), Z_STRLEN_P(retval_ptr)); eval_buf.len = 0; zval_ptr_dtor(&retval_ptr); } else { efree(description); if (!EG(exception)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, ""Unable to call custom replacement function""); } } zval_ptr_dtor(&subpats); } n = regs->end[0]; if ((pos - (OnigUChar *)string) < n) { pos = (OnigUChar *)string + n; } else { if (pos < string_lim) { smart_str_appendl(&out_buf, pos, 1); } pos++; } } else { if (string_lim - pos > 0) { smart_str_appendl(&out_buf, pos, string_lim - pos); } } onig_region_free(regs, 0); } if (description) { efree(description); } if (regs != NULL) { onig_region_free(regs, 1); } smart_str_free(&eval_buf); if (err <= -2) { smart_str_free(&out_buf); RETVAL_FALSE; } else { smart_str_appendc(&out_buf, '\0'); RETVAL_STRINGL((char *)out_buf.c, out_buf.len - 1, 0); } }",visit repo url,ext/mbstring/php_mbregex.c,https://github.com/php/php-src,154188239543471,1 2195,CWE-125,"qedi_dbg_notice(struct qedi_dbg_ctx *qedi, const char *func, u32 line, const char *fmt, ...) { va_list va; struct va_format vaf; char nfunc[32]; memset(nfunc, 0, sizeof(nfunc)); memcpy(nfunc, func, sizeof(nfunc) - 1); va_start(va, fmt); vaf.fmt = fmt; vaf.va = &va; if (!(qedi_dbg_log & QEDI_LOG_NOTICE)) goto ret; if (likely(qedi) && likely(qedi->pdev)) pr_notice(""[%s]:[%s:%d]:%d: %pV"", dev_name(&qedi->pdev->dev), nfunc, line, qedi->host_no, &vaf); else pr_notice(""[0000:00:00.0]:[%s:%d]: %pV"", nfunc, line, &vaf); ret: va_end(va); }",visit repo url,drivers/scsi/qedi/qedi_dbg.c,https://github.com/torvalds/linux,188093095735417,1 832,['CWE-119'],"isdn_statstr(void) { static char istatbuf[2048]; char *p; int i; sprintf(istatbuf, ""idmap:\t""); p = istatbuf + strlen(istatbuf); for (i = 0; i < ISDN_MAX_CHANNELS; i++) { sprintf(p, ""%s "", (dev->drvmap[i] < 0) ? ""-"" : dev->drvid[dev->drvmap[i]]); p = istatbuf + strlen(istatbuf); } sprintf(p, ""\nchmap:\t""); p = istatbuf + strlen(istatbuf); for (i = 0; i < ISDN_MAX_CHANNELS; i++) { sprintf(p, ""%d "", dev->chanmap[i]); p = istatbuf + strlen(istatbuf); } sprintf(p, ""\ndrmap:\t""); p = istatbuf + strlen(istatbuf); for (i = 0; i < ISDN_MAX_CHANNELS; i++) { sprintf(p, ""%d "", dev->drvmap[i]); p = istatbuf + strlen(istatbuf); } sprintf(p, ""\nusage:\t""); p = istatbuf + strlen(istatbuf); for (i = 0; i < ISDN_MAX_CHANNELS; i++) { sprintf(p, ""%d "", dev->usage[i]); p = istatbuf + strlen(istatbuf); } sprintf(p, ""\nflags:\t""); p = istatbuf + strlen(istatbuf); for (i = 0; i < ISDN_MAX_DRIVERS; i++) { if (dev->drv[i]) { sprintf(p, ""%ld "", dev->drv[i]->online); p = istatbuf + strlen(istatbuf); } else { sprintf(p, ""? ""); p = istatbuf + strlen(istatbuf); } } sprintf(p, ""\nphone:\t""); p = istatbuf + strlen(istatbuf); for (i = 0; i < ISDN_MAX_CHANNELS; i++) { sprintf(p, ""%s "", dev->num[i]); p = istatbuf + strlen(istatbuf); } sprintf(p, ""\n""); return istatbuf; }",linux-2.6,,,78952413972649153688678261638198357152,0 3088,['CWE-189'],"void jpc_qmfb_split_colres(jpc_fix_t *a, int numrows, int numcols, int stride, int parity) { int bufsize = JPC_CEILDIVPOW2(numrows, 1); jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; jpc_fix_t *buf = splitbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; register jpc_fix_t *srcptr2; register jpc_fix_t *dstptr2; register int n; register int i; int m; int hstartcol; if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { abort(); } } if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; m = (parity) ? hstartcol : (numrows - hstartcol); n = m; dstptr = buf; srcptr = &a[(1 - parity) * stride]; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < numcols; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += numcols; srcptr += stride << 1; } dstptr = &a[(1 - parity) * stride]; srcptr = &a[(2 - parity) * stride]; n = numrows - m - (!parity); while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < numcols; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += stride; srcptr += stride << 1; } dstptr = &a[hstartcol * stride]; srcptr = buf; n = m; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < numcols; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += stride; srcptr += numcols; } } if (buf != splitbuf) { jas_free(buf); } }",jasper,,,337715289397848257473296055165086729288,0 4234,['CWE-399'],"static void dev_watchdog_up(struct net_device *dev) { __netdev_watchdog_up(dev); }",linux-2.6,,,10232123208890998075617501961930587471,0 2348,['CWE-120'],"int path_lookup(const char *name, unsigned int flags, struct nameidata *nd) { return do_path_lookup(AT_FDCWD, name, flags, nd); }",linux-2.6,,,132483314650107083360735482299101184170,0 846,['CWE-119'],"isdn_minor2chan(int minor) { return (dev->chanmap[minor]); }",linux-2.6,,,82874095553178829217289690139814109774,0 1071,['CWE-20'],"asmlinkage long sys_gethostname(char __user *name, int len) { int i, errno; if (len < 0) return -EINVAL; down_read(&uts_sem); i = 1 + strlen(utsname()->nodename); if (i > len) i = len; errno = 0; if (copy_to_user(name, utsname()->nodename, i)) errno = -EFAULT; up_read(&uts_sem); return errno; }",linux-2.6,,,248785375577283941478477328913572117367,0 6554,CWE-407,"add_link_ref( struct link_ref **references, const uint8_t *name, size_t name_size) { struct link_ref *ref = calloc(1, sizeof(struct link_ref)); if (!ref) return NULL; ref->id = hash_link_ref(name, name_size); ref->next = references[ref->id % REF_TABLE_SIZE]; references[ref->id % REF_TABLE_SIZE] = ref; return ref; }",visit repo url,src/markdown.c,https://github.com/reddit/snudown,52350595908802,1 3975,['CWE-362'],"int audit_update_lsm_rules(void) { struct audit_entry *entry, *n, *nentry; struct audit_watch *watch; struct audit_tree *tree; int i, err = 0; mutex_lock(&audit_filter_mutex); for (i = 0; i < AUDIT_NR_FILTERS; i++) { list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { if (!security_audit_rule_known(&entry->rule)) continue; watch = entry->rule.watch; tree = entry->rule.tree; nentry = audit_dupe_rule(&entry->rule, watch); if (IS_ERR(nentry)) { if (!err) err = PTR_ERR(nentry); audit_panic(""error updating LSM filters""); if (watch) list_del(&entry->rule.rlist); list_del_rcu(&entry->list); } else { if (watch) { list_add(&nentry->rule.rlist, &watch->rules); list_del(&entry->rule.rlist); } else if (tree) list_replace_init(&entry->rule.rlist, &nentry->rule.rlist); list_replace_rcu(&entry->list, &nentry->list); } call_rcu(&entry->rcu, audit_free_rule_rcu); } } mutex_unlock(&audit_filter_mutex); return err; }",linux-2.6,,,143807434903505891699586450368595969246,0 946,CWE-19,"xfs_attr3_leaf_lookup_int( struct xfs_buf *bp, struct xfs_da_args *args) { struct xfs_attr_leafblock *leaf; struct xfs_attr3_icleaf_hdr ichdr; struct xfs_attr_leaf_entry *entry; struct xfs_attr_leaf_entry *entries; struct xfs_attr_leaf_name_local *name_loc; struct xfs_attr_leaf_name_remote *name_rmt; xfs_dahash_t hashval; int probe; int span; trace_xfs_attr_leaf_lookup(args); leaf = bp->b_addr; xfs_attr3_leaf_hdr_from_disk(&ichdr, leaf); entries = xfs_attr3_leaf_entryp(leaf); ASSERT(ichdr.count < XFS_LBSIZE(args->dp->i_mount) / 8); hashval = args->hashval; probe = span = ichdr.count / 2; for (entry = &entries[probe]; span > 4; entry = &entries[probe]) { span /= 2; if (be32_to_cpu(entry->hashval) < hashval) probe += span; else if (be32_to_cpu(entry->hashval) > hashval) probe -= span; else break; } ASSERT(probe >= 0 && (!ichdr.count || probe < ichdr.count)); ASSERT(span <= 4 || be32_to_cpu(entry->hashval) == hashval); while (probe > 0 && be32_to_cpu(entry->hashval) >= hashval) { entry--; probe--; } while (probe < ichdr.count && be32_to_cpu(entry->hashval) < hashval) { entry++; probe++; } if (probe == ichdr.count || be32_to_cpu(entry->hashval) != hashval) { args->index = probe; return XFS_ERROR(ENOATTR); } for (; probe < ichdr.count && (be32_to_cpu(entry->hashval) == hashval); entry++, probe++) { if ((args->flags & XFS_ATTR_INCOMPLETE) != (entry->flags & XFS_ATTR_INCOMPLETE)) { continue; } if (entry->flags & XFS_ATTR_LOCAL) { name_loc = xfs_attr3_leaf_name_local(leaf, probe); if (name_loc->namelen != args->namelen) continue; if (memcmp(args->name, name_loc->nameval, args->namelen) != 0) continue; if (!xfs_attr_namesp_match(args->flags, entry->flags)) continue; args->index = probe; return XFS_ERROR(EEXIST); } else { name_rmt = xfs_attr3_leaf_name_remote(leaf, probe); if (name_rmt->namelen != args->namelen) continue; if (memcmp(args->name, name_rmt->name, args->namelen) != 0) continue; if (!xfs_attr_namesp_match(args->flags, entry->flags)) continue; args->index = probe; args->valuelen = be32_to_cpu(name_rmt->valuelen); args->rmtblkno = be32_to_cpu(name_rmt->valueblk); args->rmtblkcnt = xfs_attr3_rmt_blocks( args->dp->i_mount, args->valuelen); return XFS_ERROR(EEXIST); } } args->index = probe; return XFS_ERROR(ENOATTR); }",visit repo url,fs/xfs/xfs_attr_leaf.c,https://github.com/torvalds/linux,237833511455857,1 1998,['CWE-20'],"static int do_move_pages(struct mm_struct *mm, struct page_to_node *pm, int migrate_all) { int err; struct page_to_node *pp; LIST_HEAD(pagelist); down_read(&mm->mmap_sem); migrate_prep(); for (pp = pm; pp->node != MAX_NUMNODES; pp++) { struct vm_area_struct *vma; struct page *page; pp->page = ZERO_PAGE(0); err = -EFAULT; vma = find_vma(mm, pp->addr); if (!vma || !vma_migratable(vma)) goto set_status; page = follow_page(vma, pp->addr, FOLL_GET); err = PTR_ERR(page); if (IS_ERR(page)) goto set_status; err = -ENOENT; if (!page) goto set_status; if (PageReserved(page)) goto put_and_set; pp->page = page; err = page_to_nid(page); if (err == pp->node) goto put_and_set; err = -EACCES; if (page_mapcount(page) > 1 && !migrate_all) goto put_and_set; err = isolate_lru_page(page, &pagelist); put_and_set: put_page(page); set_status: pp->status = err; } if (!list_empty(&pagelist)) err = migrate_pages(&pagelist, new_page_node, (unsigned long)pm); else err = -ENOENT; up_read(&mm->mmap_sem); return err; }",linux-2.6,,,292554068407026163950340803124944195524,0 88,CWE-772,"generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) { static generic_ret ret; gss_buffer_desc client_name, service_name; kadm5_server_handle_t handle; OM_uint32 minor_stat; const char *errmsg = NULL; size_t clen, slen; char *cdots, *sdots; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(*arg, rqstp, &handle))) goto exit_func; if (! (ret.code = check_handle((void *)handle))) { ret.api_version = handle->api_version; } free_server_handle(handle); if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (ret.code != 0) errmsg = krb5_get_error_message(NULL, ret.code); clen = client_name.length; trunc_name(&clen, &cdots); slen = service_name.length; trunc_name(&slen, &sdots); krb5_klog_syslog(LOG_NOTICE, _(""Request: kadm5_init, %.*s%s, %s, "" ""client=%.*s%s, service=%.*s%s, addr=%s, "" ""vers=%d, flavor=%d""), (int)clen, (char *)client_name.value, cdots, errmsg ? errmsg : _(""success""), (int)clen, (char *)client_name.value, cdots, (int)slen, (char *)service_name.value, sdots, client_addr(rqstp->rq_xprt), ret.api_version & ~(KADM5_API_VERSION_MASK), rqstp->rq_cred.oa_flavor); if (errmsg != NULL) krb5_free_error_message(NULL, errmsg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: return(&ret); }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,63750794129726,1 1801,[],"wait_for_completion_timeout(struct completion *x, unsigned long timeout) { return wait_for_common(x, timeout, TASK_UNINTERRUPTIBLE); }",linux-2.6,,,144696953984243606661746093246507596039,0 4158,CWE-190,"gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h) { TIFF* tif = img->tif; tileContigRoutine put = img->put.contig; uint32 row, y, nrow, nrowsub, rowstoread; tmsize_t pos; unsigned char* buf = NULL; uint32 rowsperstrip; uint16 subsamplinghor,subsamplingver; uint32 imagewidth = img->width; tmsize_t scanline; int32 fromskew, toskew; int ret = 1, flip; tmsize_t maxstripsize; TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver); if( subsamplingver == 0 ) { TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), ""Invalid vertical YCbCr subsampling""); return (0); } maxstripsize = TIFFStripSize(tif); flip = setorientation(img); if (flip & FLIP_VERTICALLY) { y = h - 1; toskew = -(int32)(w + w); } else { y = 0; toskew = -(int32)(w - w); } TIFFGetFieldDefaulted(tif, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); scanline = TIFFScanlineSize(tif); fromskew = (w < imagewidth ? imagewidth - w : 0); for (row = 0; row < h; row += nrow) { rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip; nrow = (row + rowstoread > h ? h - row : rowstoread); nrowsub = nrow; if ((nrowsub%subsamplingver)!=0) nrowsub+=subsamplingver-nrowsub%subsamplingver; if (_TIFFReadEncodedStripAndAllocBuffer(tif, TIFFComputeStrip(tif,row+img->row_offset, 0), (void**)(&buf), maxstripsize, ((row + img->row_offset)%rowsperstrip + nrowsub) * scanline)==(tmsize_t)(-1) && (buf == NULL || img->stoponerr)) { ret = 0; break; } pos = ((row + img->row_offset) % rowsperstrip) * scanline + \ ((tmsize_t) img->col_offset * img->samplesperpixel); (*put)(img, raster+y*w, 0, y, w, nrow, fromskew, toskew, buf + pos); y += ((flip & FLIP_VERTICALLY) ? -(int32) nrow : (int32) nrow); } if (flip & FLIP_HORIZONTALLY) { uint32 line; for (line = 0; line < h; line++) { uint32 *left = raster + (line * w); uint32 *right = left + w - 1; while ( left < right ) { uint32 temp = *left; *left = *right; *right = temp; left++; right--; } } } _TIFFfree(buf); return (ret); }",visit repo url,libtiff/tif_getimage.c,https://gitlab.com/libtiff/libtiff,106741379555609,1 194,[],"static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, int size, int flags) { struct sock *sk = sock->sk; struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name; struct ddpehdr *ddp; int copied = 0; int err = 0; struct ddpebits ddphv; struct sk_buff *skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) return err; ddp = ddp_hdr(skb); *((__u16 *)&ddphv) = ntohs(*((__u16 *)ddp)); if (sk->sk_type == SOCK_RAW) { copied = ddphv.deh_len; if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); } else { copied = ddphv.deh_len - sizeof(*ddp); if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, sizeof(*ddp), msg->msg_iov, copied); } if (!err) { if (sat) { sat->sat_family = AF_APPLETALK; sat->sat_port = ddp->deh_sport; sat->sat_addr.s_node = ddp->deh_snode; sat->sat_addr.s_net = ddp->deh_snet; } msg->msg_namelen = sizeof(*sat); } skb_free_datagram(sk, skb); return err ? : copied; }",history,,,162114781842207157246153114512284750804,0 2266,NVD-CWE-Other,"static void ext4_end_io_dio(struct kiocb *iocb, loff_t offset, ssize_t size, void *private) { ext4_io_end_t *io_end = iocb->private; struct workqueue_struct *wq; if (!io_end || !size) return; ext_debug(""ext4_end_io_dio(): io_end 0x%p"" ""for inode %lu, iocb 0x%p, offset %llu, size %llu\n"", iocb->private, io_end->inode->i_ino, iocb, offset, size); if (io_end->flag != EXT4_IO_UNWRITTEN){ ext4_free_io_end(io_end); iocb->private = NULL; return; } io_end->offset = offset; io_end->size = size; wq = EXT4_SB(io_end->inode->i_sb)->dio_unwritten_wq; queue_work(wq, &io_end->work); list_add_tail(&io_end->list, &EXT4_I(io_end->inode)->i_completed_io_list); iocb->private = NULL; }",visit repo url,fs/ext4/inode.c,https://github.com/torvalds/linux,110751742286557,1 2595,['CWE-189'],"static void __exit dccp_fini(void) { dccp_mib_exit(); free_pages((unsigned long)dccp_hashinfo.bhash, get_order(dccp_hashinfo.bhash_size * sizeof(struct inet_bind_hashbucket))); free_pages((unsigned long)dccp_hashinfo.ehash, get_order(dccp_hashinfo.ehash_size * sizeof(struct inet_ehash_bucket))); inet_ehash_locks_free(&dccp_hashinfo); kmem_cache_destroy(dccp_hashinfo.bind_bucket_cachep); dccp_ackvec_exit(); dccp_sysctl_exit(); }",linux-2.6,,,190055893379003472168334972294472966259,0 6209,CWE-190,"void fp48_exp_cyc_sps(fp48_t c, const fp48_t a, const int *b, int len, int sign) { int i, j, k, w = len; fp48_t t, *u = RLC_ALLOCA(fp48_t, w); if (len == 0) { RLC_FREE(u); fp48_set_dig(c, 1); return; } fp48_null(t); RLC_TRY { if (u == NULL) { RLC_THROW(ERR_NO_MEMORY); } for (i = 0; i < w; i++) { fp48_null(u[i]); fp48_new(u[i]); } fp48_new(t); fp48_copy(t, a); if (b[0] == 0) { for (j = 0, i = 1; i < len; i++) { k = (b[i] < 0 ? -b[i] : b[i]); for (; j < k; j++) { fp48_sqr_pck(t, t); } if (b[i] < 0) { fp48_inv_cyc(u[i - 1], t); } else { fp48_copy(u[i - 1], t); } } fp48_back_cyc_sim(u, u, w - 1); fp48_copy(c, a); for (i = 0; i < w - 1; i++) { fp48_mul(c, c, u[i]); } } else { for (j = 0, i = 0; i < len; i++) { k = (b[i] < 0 ? -b[i] : b[i]); for (; j < k; j++) { fp48_sqr_pck(t, t); } if (b[i] < 0) { fp48_inv_cyc(u[i], t); } else { fp48_copy(u[i], t); } } fp48_back_cyc_sim(u, u, w); fp48_copy(c, u[0]); for (i = 1; i < w; i++) { fp48_mul(c, c, u[i]); } } if (sign == RLC_NEG) { fp48_inv_cyc(c, c); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { for (i = 0; i < w; i++) { fp48_free(u[i]); } fp48_free(t); RLC_FREE(u); } }",visit repo url,src/fpx/relic_fpx_cyc.c,https://github.com/relic-toolkit/relic,259845618251496,1 3544,['CWE-20'],"static sctp_disposition_t sctp_sf_do_dupcook_d(const struct sctp_endpoint *ep, const struct sctp_association *asoc, struct sctp_chunk *chunk, sctp_cmd_seq_t *commands, struct sctp_association *new_asoc) { struct sctp_ulpevent *ev = NULL, *ai_ev = NULL; struct sctp_chunk *repl; if (asoc->state < SCTP_STATE_ESTABLISHED) { sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_ESTABLISHED)); SCTP_INC_STATS(SCTP_MIB_CURRESTAB); sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL()); ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_UP, 0, asoc->c.sinit_num_ostreams, asoc->c.sinit_max_instreams, NULL, GFP_ATOMIC); if (!ev) goto nomem; if (asoc->peer.adaptation_ind) { ai_ev = sctp_ulpevent_make_adaptation_indication(asoc, GFP_ATOMIC); if (!ai_ev) goto nomem; } } repl = sctp_make_cookie_ack(new_asoc, chunk); if (!repl) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); if (ev) sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev)); if (ai_ev) sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ai_ev)); return SCTP_DISPOSITION_CONSUME; nomem: if (ai_ev) sctp_ulpevent_free(ai_ev); if (ev) sctp_ulpevent_free(ev); return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,37090363016143258160878372008020180251,0 6359,CWE-415,"image_load_jpeg(image_t *img, FILE *fp, int gray, int load_data) { struct jpeg_decompress_struct cinfo; struct jpeg_error_mgr jerr; JSAMPROW row; jpeg_std_error(&jerr); jerr.error_exit = jpeg_error_handler; cinfo.err = &jerr; jpeg_create_decompress(&cinfo); jpeg_stdio_src(&cinfo, fp); jpeg_read_header(&cinfo, (boolean)1); cinfo.quantize_colors = FALSE; if (gray || cinfo.num_components == 1) { cinfo.out_color_space = JCS_GRAYSCALE; cinfo.out_color_components = 1; cinfo.output_components = 1; } else if (cinfo.num_components != 3) { jpeg_destroy_decompress(&cinfo); progress_error(HD_ERROR_BAD_FORMAT, ""CMYK JPEG files are not supported! (%s)"", file_rlookup(img->filename)); return (-1); } else { cinfo.out_color_space = JCS_RGB; cinfo.out_color_components = 3; cinfo.output_components = 3; } jpeg_calc_output_dimensions(&cinfo); img->width = (int)cinfo.output_width; img->height = (int)cinfo.output_height; img->depth = (int)cinfo.output_components; if (!load_data) { jpeg_destroy_decompress(&cinfo); return (0); } img->pixels = (uchar *)malloc((size_t)(img->width * img->height * img->depth)); if (img->pixels == NULL) { jpeg_destroy_decompress(&cinfo); return (-1); } jpeg_start_decompress(&cinfo); while (cinfo.output_scanline < cinfo.output_height) { row = (JSAMPROW)(img->pixels + (size_t)cinfo.output_scanline * (size_t)cinfo.output_width * (size_t)cinfo.output_components); jpeg_read_scanlines(&cinfo, &row, (JDIMENSION)1); } jpeg_finish_decompress(&cinfo); jpeg_destroy_decompress(&cinfo); return (0); }",visit repo url,htmldoc/image.cxx,https://github.com/michaelrsweet/htmldoc,201385466453759,1 4240,['CWE-399'],"void qdisc_destroy(struct Qdisc *qdisc) { const struct Qdisc_ops *ops = qdisc->ops; if (qdisc->flags & TCQ_F_BUILTIN || !atomic_dec_and_test(&qdisc->refcnt)) return; list_del(&qdisc->list); gen_kill_estimator(&qdisc->bstats, &qdisc->rate_est); if (ops->reset) ops->reset(qdisc); if (ops->destroy) ops->destroy(qdisc); module_put(ops->owner); dev_put(qdisc->dev); call_rcu(&qdisc->q_rcu, __qdisc_destroy); }",linux-2.6,,,38598947735424466909367065725793515376,0 2885,['CWE-189'],"static void jas_icctxtdesc_destroy(jas_iccattrval_t *attrval) { jas_icctxtdesc_t *txtdesc = &attrval->data.txtdesc; if (txtdesc->ascdata) { jas_free(txtdesc->ascdata); txtdesc->ascdata = 0; } if (txtdesc->ucdata) { jas_free(txtdesc->ucdata); txtdesc->ucdata = 0; } }",jasper,,,325060668059471511474827123634212696300,0 968,['CWE-189'],"ProcShmGetImage(client) register ClientPtr client; { DrawablePtr pDraw; long lenPer = 0, length; Mask plane = 0; xShmGetImageReply xgi; ShmDescPtr shmdesc; int n, rc; REQUEST(xShmGetImageReq); REQUEST_SIZE_MATCH(xShmGetImageReq); if ((stuff->format != XYPixmap) && (stuff->format != ZPixmap)) { client->errorValue = stuff->format; return(BadValue); } rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, DixReadAccess); if (rc != Success) return rc; VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client); if (pDraw->type == DRAWABLE_WINDOW) { if( !((WindowPtr) pDraw)->realized || pDraw->x + stuff->x < 0 || pDraw->x + stuff->x + (int)stuff->width > pDraw->pScreen->width || pDraw->y + stuff->y < 0 || pDraw->y + stuff->y + (int)stuff->height > pDraw->pScreen->height || stuff->x < - wBorderWidth((WindowPtr)pDraw) || stuff->x + (int)stuff->width > wBorderWidth((WindowPtr)pDraw) + (int)pDraw->width || stuff->y < -wBorderWidth((WindowPtr)pDraw) || stuff->y + (int)stuff->height > wBorderWidth((WindowPtr)pDraw) + (int)pDraw->height ) return(BadMatch); xgi.visual = wVisual(((WindowPtr)pDraw)); } else { if (stuff->x < 0 || stuff->x+(int)stuff->width > pDraw->width || stuff->y < 0 || stuff->y+(int)stuff->height > pDraw->height ) return(BadMatch); xgi.visual = None; } xgi.type = X_Reply; xgi.length = 0; xgi.sequenceNumber = client->sequence; xgi.depth = pDraw->depth; if(stuff->format == ZPixmap) { length = PixmapBytePad(stuff->width, pDraw->depth) * stuff->height; } else { lenPer = PixmapBytePad(stuff->width, 1) * stuff->height; plane = ((Mask)1) << (pDraw->depth - 1); length = lenPer * Ones(stuff->planeMask & (plane | (plane - 1))); } VERIFY_SHMSIZE(shmdesc, stuff->offset, length, client); xgi.size = length; if (length == 0) { } else if (stuff->format == ZPixmap) { (*pDraw->pScreen->GetImage)(pDraw, stuff->x, stuff->y, stuff->width, stuff->height, stuff->format, stuff->planeMask, shmdesc->addr + stuff->offset); } else { length = stuff->offset; for (; plane; plane >>= 1) { if (stuff->planeMask & plane) { (*pDraw->pScreen->GetImage)(pDraw, stuff->x, stuff->y, stuff->width, stuff->height, stuff->format, plane, shmdesc->addr + length); length += lenPer; } } } if (client->swapped) { swaps(&xgi.sequenceNumber, n); swapl(&xgi.length, n); swapl(&xgi.visual, n); swapl(&xgi.size, n); } WriteToClient(client, sizeof(xShmGetImageReply), (char *)&xgi); return(client->noClientException); }",xserver,,,27414520903807027721246280088175147962,0 5100,CWE-125,"tok_get(struct tok_state *tok, char **p_start, char **p_end) { int c; int blankline, nonascii; *p_start = *p_end = NULL; nextline: tok->start = NULL; blankline = 0; if (tok->atbol) { int col = 0; int altcol = 0; tok->atbol = 0; for (;;) { c = tok_nextc(tok); if (c == ' ') { col++, altcol++; } else if (c == '\t') { col = (col / tok->tabsize + 1) * tok->tabsize; altcol = (altcol / ALTTABSIZE + 1) * ALTTABSIZE; } else if (c == '\014') { col = altcol = 0; } else { break; } } tok_backup(tok, c); if (c == '#' || c == '\n') { if (col == 0 && c == '\n' && tok->prompt != NULL) { blankline = 0; } else { blankline = 1; } } if (!blankline && tok->level == 0) { if (col == tok->indstack[tok->indent]) { if (altcol != tok->altindstack[tok->indent]) { return indenterror(tok); } } else if (col > tok->indstack[tok->indent]) { if (tok->indent+1 >= MAXINDENT) { tok->done = E_TOODEEP; tok->cur = tok->inp; return ERRORTOKEN; } if (altcol <= tok->altindstack[tok->indent]) { return indenterror(tok); } tok->pendin++; tok->indstack[++tok->indent] = col; tok->altindstack[tok->indent] = altcol; } else { while (tok->indent > 0 && col < tok->indstack[tok->indent]) { tok->pendin--; tok->indent--; } if (col != tok->indstack[tok->indent]) { tok->done = E_DEDENT; tok->cur = tok->inp; return ERRORTOKEN; } if (altcol != tok->altindstack[tok->indent]) { return indenterror(tok); } } } } tok->start = tok->cur; if (tok->pendin != 0) { if (tok->pendin < 0) { tok->pendin++; return DEDENT; } else { tok->pendin--; return INDENT; } } again: tok->start = NULL; do { c = tok_nextc(tok); } while (c == ' ' || c == '\t' || c == '\014'); tok->start = tok->cur - 1; if (c == '#') { while (c != EOF && c != '\n') { c = tok_nextc(tok); } } if (c == EOF) { return tok->done == E_EOF ? ENDMARKER : ERRORTOKEN; } nonascii = 0; if (is_potential_identifier_start(c)) { int saw_b = 0, saw_r = 0, saw_u = 0, saw_f = 0; while (1) { if (!(saw_b || saw_u || saw_f) && (c == 'b' || c == 'B')) saw_b = 1; else if (!(saw_b || saw_u || saw_r || saw_f) && (c == 'u'|| c == 'U')) { saw_u = 1; } else if (!(saw_r || saw_u) && (c == 'r' || c == 'R')) { saw_r = 1; } else if (!(saw_f || saw_b || saw_u) && (c == 'f' || c == 'F')) { saw_f = 1; } else { break; } c = tok_nextc(tok); if (c == '""' || c == '\'') { goto letter_quote; } } while (is_potential_identifier_char(c)) { if (c >= 128) { nonascii = 1; } c = tok_nextc(tok); } tok_backup(tok, c); if (nonascii && !verify_identifier(tok)) { return ERRORTOKEN; } *p_start = tok->start; *p_end = tok->cur; return NAME; } if (c == '\n') { tok->atbol = 1; if (blankline || tok->level > 0) { goto nextline; } *p_start = tok->start; *p_end = tok->cur - 1; tok->cont_line = 0; return NEWLINE; } if (c == '.') { c = tok_nextc(tok); if (isdigit(c)) { goto fraction; } else if (c == '.') { c = tok_nextc(tok); if (c == '.') { *p_start = tok->start; *p_end = tok->cur; return ELLIPSIS; } else { tok_backup(tok, c); } tok_backup(tok, '.'); } else { tok_backup(tok, c); } *p_start = tok->start; *p_end = tok->cur; return DOT; } if (isdigit(c)) { if (c == '0') { c = tok_nextc(tok); if (c == 'x' || c == 'X') { c = tok_nextc(tok); do { if (c == '_') { c = tok_nextc(tok); } if (!isxdigit(c)) { tok_backup(tok, c); return syntaxerror(tok, ""invalid hexadecimal literal""); } do { c = tok_nextc(tok); } while (isxdigit(c)); } while (c == '_'); } else if (c == 'o' || c == 'O') { c = tok_nextc(tok); do { if (c == '_') { c = tok_nextc(tok); } if (c < '0' || c >= '8') { tok_backup(tok, c); if (isdigit(c)) { return syntaxerror(tok, ""invalid digit '%c' in octal literal"", c); } else { return syntaxerror(tok, ""invalid octal literal""); } } do { c = tok_nextc(tok); } while ('0' <= c && c < '8'); } while (c == '_'); if (isdigit(c)) { return syntaxerror(tok, ""invalid digit '%c' in octal literal"", c); } } else if (c == 'b' || c == 'B') { c = tok_nextc(tok); do { if (c == '_') { c = tok_nextc(tok); } if (c != '0' && c != '1') { tok_backup(tok, c); if (isdigit(c)) { return syntaxerror(tok, ""invalid digit '%c' in binary literal"", c); } else { return syntaxerror(tok, ""invalid binary literal""); } } do { c = tok_nextc(tok); } while (c == '0' || c == '1'); } while (c == '_'); if (isdigit(c)) { return syntaxerror(tok, ""invalid digit '%c' in binary literal"", c); } } else { int nonzero = 0; while (1) { if (c == '_') { c = tok_nextc(tok); if (!isdigit(c)) { tok_backup(tok, c); return syntaxerror(tok, ""invalid decimal literal""); } } if (c != '0') { break; } c = tok_nextc(tok); } if (isdigit(c)) { nonzero = 1; c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } } if (c == '.') { c = tok_nextc(tok); goto fraction; } else if (c == 'e' || c == 'E') { goto exponent; } else if (c == 'j' || c == 'J') { goto imaginary; } else if (nonzero) { tok_backup(tok, c); return syntaxerror(tok, ""leading zeros in decimal integer "" ""literals are not permitted; "" ""use an 0o prefix for octal integers""); } } } else { c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } { if (c == '.') { c = tok_nextc(tok); fraction: if (isdigit(c)) { c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } } } if (c == 'e' || c == 'E') { int e; exponent: e = c; c = tok_nextc(tok); if (c == '+' || c == '-') { c = tok_nextc(tok); if (!isdigit(c)) { tok_backup(tok, c); return syntaxerror(tok, ""invalid decimal literal""); } } else if (!isdigit(c)) { tok_backup(tok, c); tok_backup(tok, e); *p_start = tok->start; *p_end = tok->cur; return NUMBER; } c = tok_decimal_tail(tok); if (c == 0) { return ERRORTOKEN; } } if (c == 'j' || c == 'J') { imaginary: c = tok_nextc(tok); } } } tok_backup(tok, c); *p_start = tok->start; *p_end = tok->cur; return NUMBER; } letter_quote: if (c == '\'' || c == '""') { int quote = c; int quote_size = 1; int end_quote_size = 0; tok->first_lineno = tok->lineno; tok->multi_line_start = tok->line_start; c = tok_nextc(tok); if (c == quote) { c = tok_nextc(tok); if (c == quote) { quote_size = 3; } else { end_quote_size = 1; } } if (c != quote) { tok_backup(tok, c); } while (end_quote_size != quote_size) { c = tok_nextc(tok); if (c == EOF) { if (quote_size == 3) { tok->done = E_EOFS; } else { tok->done = E_EOLS; } tok->cur = tok->inp; return ERRORTOKEN; } if (quote_size == 1 && c == '\n') { tok->done = E_EOLS; tok->cur = tok->inp; return ERRORTOKEN; } if (c == quote) { end_quote_size += 1; } else { end_quote_size = 0; if (c == '\\') { tok_nextc(tok); } } } *p_start = tok->start; *p_end = tok->cur; return STRING; } if (c == '\\') { c = tok_nextc(tok); if (c != '\n') { tok->done = E_LINECONT; tok->cur = tok->inp; return ERRORTOKEN; } tok->cont_line = 1; goto again; } { int c2 = tok_nextc(tok); int token = PyToken_TwoChars(c, c2); if (token != OP) { int c3 = tok_nextc(tok); int token3 = PyToken_ThreeChars(c, c2, c3); if (token3 != OP) { token = token3; } else { tok_backup(tok, c3); } *p_start = tok->start; *p_end = tok->cur; return token; } tok_backup(tok, c2); } switch (c) { case '(': case '[': case '{': #ifndef PGEN if (tok->level >= MAXLEVEL) { return syntaxerror(tok, ""too many nested parentheses""); } tok->parenstack[tok->level] = c; tok->parenlinenostack[tok->level] = tok->lineno; #endif tok->level++; break; case ')': case ']': case '}': #ifndef PGEN if (!tok->level) { return syntaxerror(tok, ""unmatched '%c'"", c); } #endif tok->level--; #ifndef PGEN int opening = tok->parenstack[tok->level]; if (!((opening == '(' && c == ')') || (opening == '[' && c == ']') || (opening == '{' && c == '}'))) { if (tok->parenlinenostack[tok->level] != tok->lineno) { return syntaxerror(tok, ""closing parenthesis '%c' does not match "" ""opening parenthesis '%c' on line %d"", c, opening, tok->parenlinenostack[tok->level]); } else { return syntaxerror(tok, ""closing parenthesis '%c' does not match "" ""opening parenthesis '%c'"", c, opening); } } #endif break; } *p_start = tok->start; *p_end = tok->cur; return PyToken_OneChar(c); }",visit repo url,Parser/tokenizer.c,https://github.com/python/cpython,20576532172072,1 1647,CWE-362,"int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) { struct super_block *sb = inode->i_sb; ext4_lblk_t first_block, stop_block; struct address_space *mapping = inode->i_mapping; loff_t first_block_offset, last_block_offset; handle_t *handle; unsigned int credits; int ret = 0; if (!S_ISREG(inode->i_mode)) return -EOPNOTSUPP; trace_ext4_punch_hole(inode, offset, length, 0); if (mapping->nrpages && mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) { ret = filemap_write_and_wait_range(mapping, offset, offset + length - 1); if (ret) return ret; } mutex_lock(&inode->i_mutex); if (offset >= inode->i_size) goto out_mutex; if (offset + length > inode->i_size) { length = inode->i_size + PAGE_CACHE_SIZE - (inode->i_size & (PAGE_CACHE_SIZE - 1)) - offset; } if (offset & (sb->s_blocksize - 1) || (offset + length) & (sb->s_blocksize - 1)) { ret = ext4_inode_attach_jinode(inode); if (ret < 0) goto out_mutex; } first_block_offset = round_up(offset, sb->s_blocksize); last_block_offset = round_down((offset + length), sb->s_blocksize) - 1; if (last_block_offset > first_block_offset) truncate_pagecache_range(inode, first_block_offset, last_block_offset); ext4_inode_block_unlocked_dio(inode); inode_dio_wait(inode); if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) credits = ext4_writepage_trans_blocks(inode); else credits = ext4_blocks_for_truncate(inode); handle = ext4_journal_start(inode, EXT4_HT_TRUNCATE, credits); if (IS_ERR(handle)) { ret = PTR_ERR(handle); ext4_std_error(sb, ret); goto out_dio; } ret = ext4_zero_partial_blocks(handle, inode, offset, length); if (ret) goto out_stop; first_block = (offset + sb->s_blocksize - 1) >> EXT4_BLOCK_SIZE_BITS(sb); stop_block = (offset + length) >> EXT4_BLOCK_SIZE_BITS(sb); if (first_block >= stop_block) goto out_stop; down_write(&EXT4_I(inode)->i_data_sem); ext4_discard_preallocations(inode); ret = ext4_es_remove_extent(inode, first_block, stop_block - first_block); if (ret) { up_write(&EXT4_I(inode)->i_data_sem); goto out_stop; } if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) ret = ext4_ext_remove_space(inode, first_block, stop_block - 1); else ret = ext4_ind_remove_space(handle, inode, first_block, stop_block); up_write(&EXT4_I(inode)->i_data_sem); if (IS_SYNC(inode)) ext4_handle_sync(handle); if (last_block_offset > first_block_offset) truncate_pagecache_range(inode, first_block_offset, last_block_offset); inode->i_mtime = inode->i_ctime = ext4_current_time(inode); ext4_mark_inode_dirty(handle, inode); out_stop: ext4_journal_stop(handle); out_dio: ext4_inode_resume_unlocked_dio(inode); out_mutex: mutex_unlock(&inode->i_mutex); return ret; }",visit repo url,fs/ext4/inode.c,https://github.com/torvalds/linux,57601477856013,1 2021,CWE-416,"int get_evtchn_to_irq(evtchn_port_t evtchn) { if (evtchn >= xen_evtchn_max_channels()) return -1; if (evtchn_to_irq[EVTCHN_ROW(evtchn)] == NULL) return -1; return evtchn_to_irq[EVTCHN_ROW(evtchn)][EVTCHN_COL(evtchn)]; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,6430717779714,1 6203,['CWE-200'],"static inline int rtnetlink_rcv_skb(struct sk_buff *skb) { int err; struct nlmsghdr * nlh; while (skb->len >= NLMSG_SPACE(0)) { u32 rlen; nlh = (struct nlmsghdr *)skb->data; if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) return 0; rlen = NLMSG_ALIGN(nlh->nlmsg_len); if (rlen > skb->len) rlen = skb->len; if (rtnetlink_rcv_msg(skb, nlh, &err)) { if (err == 0) return -1; netlink_ack(skb, nlh, err); } else if (nlh->nlmsg_flags&NLM_F_ACK) netlink_ack(skb, nlh, 0); skb_pull(skb, rlen); } return 0; }",linux-2.6,,,27446553018055784781355272544346267121,0 360,[],"pfm_uuid_cmp(pfm_uuid_t a, pfm_uuid_t b) { return memcmp(a, b, sizeof(pfm_uuid_t)); }",linux-2.6,,,174842971621873702498810504868470706261,0 2059,['CWE-269'],"static struct mnt_namespace *dup_mnt_ns(struct mnt_namespace *mnt_ns, struct fs_struct *fs) { struct mnt_namespace *new_ns; struct vfsmount *rootmnt = NULL, *pwdmnt = NULL, *altrootmnt = NULL; struct vfsmount *p, *q; new_ns = kmalloc(sizeof(struct mnt_namespace), GFP_KERNEL); if (!new_ns) return NULL; atomic_set(&new_ns->count, 1); INIT_LIST_HEAD(&new_ns->list); init_waitqueue_head(&new_ns->poll); new_ns->event = 0; down_write(&namespace_sem); new_ns->root = copy_tree(mnt_ns->root, mnt_ns->root->mnt_root, CL_COPY_ALL | CL_EXPIRE); if (!new_ns->root) { up_write(&namespace_sem); kfree(new_ns); return NULL; } spin_lock(&vfsmount_lock); list_add_tail(&new_ns->list, &new_ns->root->mnt_list); spin_unlock(&vfsmount_lock); p = mnt_ns->root; q = new_ns->root; while (p) { q->mnt_ns = new_ns; if (fs) { if (p == fs->rootmnt) { rootmnt = p; fs->rootmnt = mntget(q); } if (p == fs->pwdmnt) { pwdmnt = p; fs->pwdmnt = mntget(q); } if (p == fs->altrootmnt) { altrootmnt = p; fs->altrootmnt = mntget(q); } } p = next_mnt(p, mnt_ns->root); q = next_mnt(q, new_ns->root); } up_write(&namespace_sem); if (rootmnt) mntput(rootmnt); if (pwdmnt) mntput(pwdmnt); if (altrootmnt) mntput(altrootmnt); return new_ns; }",linux-2.6,,,37158994599754405173676251802049065669,0 5058,['CWE-20'],"static int handle_cpuid(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) { kvm_emulate_cpuid(vcpu); return 1; }",linux-2.6,,,11393605540299428434651321675167598663,0 3940,CWE-476,"static ScreenCell *realloc_buffer(VTermScreen *screen, ScreenCell *buffer, int new_rows, int new_cols) { ScreenCell *new_buffer = vterm_allocator_malloc(screen->vt, sizeof(ScreenCell) * new_rows * new_cols); int row, col; for(row = 0; row < new_rows; row++) { for(col = 0; col < new_cols; col++) { ScreenCell *new_cell = new_buffer + row*new_cols + col; if(buffer && row < screen->rows && col < screen->cols) *new_cell = buffer[row * screen->cols + col]; else { new_cell->chars[0] = 0; new_cell->pen = screen->pen; } } } if(buffer) vterm_allocator_free(screen->vt, buffer); return new_buffer; }",visit repo url,src/libvterm/src/termscreen.c,https://github.com/vim/vim,245261508291636,1 6431,['CWE-190'],"load_image (const gchar *filename, GError **load_error) { FILE *f; struct stat st; PSDimage img_a; PSDlayer **lyr_a; gint32 image_id = -1; GError *error = NULL; if (g_stat (filename, &st) == -1) return -1; IFDBG(1) g_debug (""Open file %s"", gimp_filename_to_utf8 (filename)); f = g_fopen (filename, ""rb""); if (f == NULL) { g_set_error (load_error, G_FILE_ERROR, g_file_error_from_errno (errno), _(""Could not open '%s' for reading: %s""), gimp_filename_to_utf8 (filename), g_strerror (errno)); return -1; } gimp_progress_init_printf (_(""Opening '%s'""), gimp_filename_to_utf8 (filename)); IFDBG(2) g_debug (""Read header block""); if (read_header_block (&img_a, f, &error) < 0) goto load_error; gimp_progress_update (0.1); IFDBG(2) g_debug (""Read colour mode block""); if (read_color_mode_block (&img_a, f, &error) < 0) goto load_error; gimp_progress_update (0.2); IFDBG(2) g_debug (""Read image resource block""); if (read_image_resource_block (&img_a, f, &error) < 0) goto load_error; gimp_progress_update (0.3); IFDBG(2) g_debug (""Read layer & mask block""); lyr_a = read_layer_block (&img_a, f, &error); if (img_a.num_layers != 0 && lyr_a == NULL) goto load_error; gimp_progress_update (0.4); IFDBG(2) g_debug (""Read merged image and extra alpha channel block""); if (read_merged_image_block (&img_a, f, &error) < 0) goto load_error; gimp_progress_update (0.5); IFDBG(2) g_debug (""Create GIMP image""); image_id = create_gimp_image (&img_a, filename); if (image_id < 0) goto load_error; gimp_progress_update (0.6); IFDBG(2) g_debug (""Add color map""); if (add_color_map (image_id, &img_a) < 0) goto load_error; gimp_progress_update (0.7); IFDBG(2) g_debug (""Add image resources""); if (add_image_resources (image_id, &img_a, f, &error) < 0) goto load_error; gimp_progress_update (0.8); IFDBG(2) g_debug (""Add layers""); if (add_layers (image_id, &img_a, lyr_a, f, &error) < 0) goto load_error; gimp_progress_update (0.9); IFDBG(2) g_debug (""Add merged image data and extra alpha channels""); if (add_merged_image (image_id, &img_a, f, &error) < 0) goto load_error; gimp_progress_update (1.0); IFDBG(2) g_debug (""Close file & return, image id: %d"", image_id); IFDBG(1) g_debug (""\n----------------------------------------"" ""----------------------------------------\n""); gimp_image_clean_all (image_id); gimp_image_undo_enable (image_id); fclose (f); return image_id; load_error: if (error) { g_set_error (load_error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Error loading PSD file: %s""), error->message); g_error_free (error); } if (image_id > 0) gimp_image_delete (image_id); if (! (f == NULL)) fclose (f); return -1; }",gimp,,,8044114206218488500097922750492946100,0 6431,CWE-20,"void rx63nEthInitGpio(NetInterface *interface) { MPC.PWPR.BIT.B0WI = 0; MPC.PWPR.BIT.PFSWE = 1; #if defined(USE_RDK_RX63N) MPC.PFENET.BIT.PHYMODE = 0; PORTA.PMR.BIT.B3 = 1; MPC.PA3PFS.BYTE = 0x11; PORTA.PMR.BIT.B4 = 1; MPC.PA4PFS.BYTE = 0x11; PORTA.PMR.BIT.B5 = 1; MPC.PA5PFS.BYTE = 0x11; PORTB.PMR.BIT.B0 = 1; MPC.PB0PFS.BYTE = 0x12; PORTB.PMR.BIT.B1 = 1; MPC.PB1PFS.BYTE = 0x12; PORTB.PMR.BIT.B2 = 1; MPC.PB2PFS.BYTE = 0x12; PORTB.PMR.BIT.B3 = 1; MPC.PB3PFS.BYTE = 0x12; PORTB.PMR.BIT.B4 = 1; MPC.PB4PFS.BYTE = 0x12; PORTB.PMR.BIT.B5 = 1; MPC.PB5PFS.BYTE = 0x12; PORTB.PMR.BIT.B6 = 1; MPC.PB6PFS.BYTE = 0x12; PORTB.PMR.BIT.B7 = 1; MPC.PB7PFS.BYTE = 0x12; #elif defined(USE_RSK_RX63N) MPC.PFENET.BIT.PHYMODE = 1; PORT7.PMR.BIT.B1 = 1; MPC.P71PFS.BYTE = 0x11; PORT7.PMR.BIT.B2 = 1; MPC.P72PFS.BYTE = 0x11; PORT7.PMR.BIT.B4 = 1; MPC.P74PFS.BYTE = 0x11; PORT7.PMR.BIT.B5 = 1; MPC.P75PFS.BYTE = 0x11; PORT7.PMR.BIT.B6 = 1; MPC.P76PFS.BYTE = 0x11; PORT7.PMR.BIT.B7 = 1; MPC.P77PFS.BYTE = 0x11; PORT8.PMR.BIT.B0 = 1; MPC.P80PFS.BYTE = 0x11; PORT8.PMR.BIT.B1 = 1; MPC.P81PFS.BYTE = 0x11; PORT8.PMR.BIT.B2 = 1; MPC.P82PFS.BYTE = 0x11; PORT8.PMR.BIT.B3 = 1; MPC.P83PFS.BYTE = 0x11; PORTC.PMR.BIT.B0 = 1; MPC.PC0PFS.BYTE = 0x11; PORTC.PMR.BIT.B1 = 1; MPC.PC1PFS.BYTE = 0x11; PORTC.PMR.BIT.B2 = 1; MPC.PC2PFS.BYTE = 0x11; PORTC.PMR.BIT.B3 = 1; MPC.PC3PFS.BYTE = 0x11; PORTC.PMR.BIT.B4 = 1; MPC.PC4PFS.BYTE = 0x11; PORTC.PMR.BIT.B5 = 1; MPC.PC5PFS.BYTE = 0x11; PORTC.PMR.BIT.B6 = 1; MPC.PC6PFS.BYTE = 0x11; PORTC.PMR.BIT.B7 = 1; MPC.PC7PFS.BYTE = 0x11; #endif MPC.PWPR.BIT.PFSWE = 0; MPC.PWPR.BIT.B0WI = 0; }",visit repo url,drivers/mac/rx63n_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,260730513176942,1 2618,CWE-190,"static inline void find_entity_for_char( unsigned int k, enum entity_charset charset, const entity_stage1_row *table, const unsigned char **entity, size_t *entity_len, unsigned char *old, size_t oldlen, size_t *cursor) { unsigned stage1_idx = ENT_STAGE1_INDEX(k); const entity_stage3_row *c; if (stage1_idx > 0x1D) { *entity = NULL; *entity_len = 0; return; } c = &table[stage1_idx][ENT_STAGE2_INDEX(k)][ENT_STAGE3_INDEX(k)]; if (!c->ambiguous) { *entity = (const unsigned char *)c->data.ent.entity; *entity_len = c->data.ent.entity_len; } else { size_t cursor_before = *cursor; int status = SUCCESS; unsigned next_char; if (!(*cursor < oldlen)) goto no_suitable_2nd; next_char = get_next_char(charset, old, oldlen, cursor, &status); if (status == FAILURE) goto no_suitable_2nd; { const entity_multicodepoint_row *s, *e; s = &c->data.multicodepoint_table[1]; e = s - 1 + c->data.multicodepoint_table[0].leading_entry.size; for ( ; s <= e; s++) { if (s->normal_entry.second_cp == next_char) { *entity = s->normal_entry.entity; *entity_len = s->normal_entry.entity_len; return; } } } no_suitable_2nd: *cursor = cursor_before; *entity = (const unsigned char *) c->data.multicodepoint_table[0].leading_entry.default_entity; *entity_len = c->data.multicodepoint_table[0].leading_entry.default_entity_len; } }",visit repo url,ext/standard/html.c,https://github.com/php/php-src,154195777636902,1 4407,CWE-617,"scanner_scan_all (parser_context_t *context_p, const uint8_t *arg_list_p, const uint8_t *arg_list_end_p, const uint8_t *source_p, const uint8_t *source_end_p) { scanner_context_t scanner_context; #if ENABLED (JERRY_PARSER_DUMP_BYTE_CODE) if (context_p->is_show_opcodes) { JERRY_DEBUG_MSG (""\n--- Scanning start ---\n\n""); } #endif scanner_context.context_status_flags = context_p->status_flags; scanner_context.status_flags = SCANNER_CONTEXT_NO_FLAGS; #if ENABLED (JERRY_DEBUGGER) if (JERRY_CONTEXT (debugger_flags) & JERRY_DEBUGGER_CONNECTED) { scanner_context.status_flags |= SCANNER_CONTEXT_DEBUGGER_ENABLED; } #endif #if ENABLED (JERRY_ES2015) scanner_context.binding_type = SCANNER_BINDING_NONE; scanner_context.active_binding_list_p = NULL; #endif scanner_context.active_literal_pool_p = NULL; scanner_context.active_switch_statement.last_case_p = NULL; scanner_context.end_arguments_p = NULL; #if ENABLED (JERRY_ES2015) scanner_context.async_source_p = NULL; #endif context_p->u.scanner_context_p = &scanner_context; parser_stack_init (context_p); PARSER_TRY (context_p->try_buffer) { context_p->line = 1; context_p->column = 1; if (arg_list_p == NULL) { context_p->source_p = source_p; context_p->source_end_p = source_end_p; uint16_t status_flags = SCANNER_LITERAL_POOL_FUNCTION_WITHOUT_ARGUMENTS | SCANNER_LITERAL_POOL_CAN_EVAL; if (context_p->status_flags & PARSER_IS_STRICT) { status_flags |= SCANNER_LITERAL_POOL_IS_STRICT; } scanner_literal_pool_t *literal_pool_p = scanner_push_literal_pool (context_p, &scanner_context, status_flags); literal_pool_p->source_p = source_p; parser_stack_push_uint8 (context_p, SCAN_STACK_SCRIPT); lexer_next_token (context_p); scanner_check_directives (context_p, &scanner_context); } else { context_p->source_p = arg_list_p; context_p->source_end_p = arg_list_end_p; uint16_t status_flags = SCANNER_LITERAL_POOL_FUNCTION; if (context_p->status_flags & PARSER_IS_STRICT) { status_flags |= SCANNER_LITERAL_POOL_IS_STRICT; } #if ENABLED (JERRY_ES2015) if (context_p->status_flags & PARSER_IS_GENERATOR_FUNCTION) { status_flags |= SCANNER_LITERAL_POOL_GENERATOR; } #endif scanner_push_literal_pool (context_p, &scanner_context, status_flags); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; parser_stack_push_uint8 (context_p, SCAN_STACK_SCRIPT_FUNCTION); context_p->token.type = LEXER_LEFT_PAREN; } while (true) { lexer_token_type_t type = (lexer_token_type_t) context_p->token.type; scan_stack_modes_t stack_top = (scan_stack_modes_t) context_p->stack_top_uint8; switch (scanner_context.mode) { case SCAN_MODE_PRIMARY_EXPRESSION: { if (type == LEXER_ADD || type == LEXER_SUBTRACT || LEXER_IS_UNARY_OP_TOKEN (type)) { break; } } case SCAN_MODE_PRIMARY_EXPRESSION_AFTER_NEW: { if (scanner_scan_primary_expression (context_p, &scanner_context, type, stack_top) != SCAN_NEXT_TOKEN) { continue; } break; } #if ENABLED (JERRY_ES2015) case SCAN_MODE_CLASS_DECLARATION: { if (context_p->token.type == LEXER_KEYW_EXTENDS) { parser_stack_push_uint8 (context_p, SCAN_STACK_CLASS_EXTENDS); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } else if (context_p->token.type != LEXER_LEFT_BRACE) { scanner_raise_error (context_p); } scanner_context.mode = SCAN_MODE_CLASS_METHOD; } case SCAN_MODE_CLASS_METHOD: { JERRY_ASSERT (stack_top == SCAN_STACK_IMPLICIT_CLASS_CONSTRUCTOR || stack_top == SCAN_STACK_EXPLICIT_CLASS_CONSTRUCTOR); lexer_skip_empty_statements (context_p); lexer_scan_identifier (context_p); if (context_p->token.type == LEXER_RIGHT_BRACE) { scanner_source_start_t source_start; parser_stack_pop_uint8 (context_p); if (stack_top == SCAN_STACK_IMPLICIT_CLASS_CONSTRUCTOR) { parser_stack_pop (context_p, &source_start, sizeof (scanner_source_start_t)); } stack_top = context_p->stack_top_uint8; JERRY_ASSERT (stack_top == SCAN_STACK_CLASS_STATEMENT || stack_top == SCAN_STACK_CLASS_EXPRESSION); if (stack_top == SCAN_STACK_CLASS_STATEMENT) { scanner_context.mode = SCAN_MODE_STATEMENT_END; continue; } scanner_context.mode = SCAN_MODE_POST_PRIMARY_EXPRESSION; parser_stack_pop_uint8 (context_p); break; } if (context_p->token.type == LEXER_LITERAL && LEXER_IS_IDENT_OR_STRING (context_p->token.lit_location.type) && lexer_compare_literal_to_string (context_p, ""constructor"", 11)) { if (stack_top == SCAN_STACK_IMPLICIT_CLASS_CONSTRUCTOR) { scanner_source_start_t source_start; parser_stack_pop_uint8 (context_p); parser_stack_pop (context_p, &source_start, sizeof (scanner_source_start_t)); scanner_info_t *info_p = scanner_insert_info (context_p, source_start.source_p, sizeof (scanner_info_t)); info_p->type = SCANNER_TYPE_CLASS_CONSTRUCTOR; parser_stack_push_uint8 (context_p, SCAN_STACK_EXPLICIT_CLASS_CONSTRUCTOR); } } if (lexer_token_is_identifier (context_p, ""static"", 6)) { lexer_scan_identifier (context_p); } parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PROPERTY); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; uint16_t literal_pool_flags = SCANNER_LITERAL_POOL_FUNCTION; if (lexer_token_is_identifier (context_p, ""get"", 3) || lexer_token_is_identifier (context_p, ""set"", 3)) { lexer_scan_identifier (context_p); if (context_p->token.type == LEXER_LEFT_PAREN) { scanner_push_literal_pool (context_p, &scanner_context, SCANNER_LITERAL_POOL_FUNCTION); continue; } } else if (lexer_token_is_identifier (context_p, ""async"", 5)) { lexer_scan_identifier (context_p); if (context_p->token.type == LEXER_LEFT_PAREN) { scanner_push_literal_pool (context_p, &scanner_context, SCANNER_LITERAL_POOL_FUNCTION); continue; } literal_pool_flags |= SCANNER_LITERAL_POOL_ASYNC; if (context_p->token.type == LEXER_MULTIPLY) { lexer_scan_identifier (context_p); literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } } else if (context_p->token.type == LEXER_MULTIPLY) { lexer_scan_identifier (context_p); literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCANNER_FROM_LITERAL_POOL_TO_COMPUTED (literal_pool_flags)); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } if (literal_pool_flags & SCANNER_LITERAL_POOL_GENERATOR) { context_p->status_flags |= PARSER_IS_GENERATOR_FUNCTION; } scanner_push_literal_pool (context_p, &scanner_context, literal_pool_flags); lexer_next_token (context_p); continue; } #endif case SCAN_MODE_POST_PRIMARY_EXPRESSION: { if (scanner_scan_post_primary_expression (context_p, &scanner_context, type, stack_top)) { break; } type = (lexer_token_type_t) context_p->token.type; } case SCAN_MODE_PRIMARY_EXPRESSION_END: { if (scanner_scan_primary_expression_end (context_p, &scanner_context, type, stack_top) != SCAN_NEXT_TOKEN) { continue; } break; } case SCAN_MODE_STATEMENT_OR_TERMINATOR: { if (type == LEXER_RIGHT_BRACE || type == LEXER_EOS) { scanner_context.mode = SCAN_MODE_STATEMENT_END; continue; } } case SCAN_MODE_STATEMENT: { if (scanner_scan_statement (context_p, &scanner_context, type, stack_top) != SCAN_NEXT_TOKEN) { continue; } break; } case SCAN_MODE_STATEMENT_END: { if (scanner_scan_statement_end (context_p, &scanner_context, type) != SCAN_NEXT_TOKEN) { continue; } if (context_p->token.type == LEXER_EOS) { goto scan_completed; } break; } case SCAN_MODE_VAR_STATEMENT: { #if ENABLED (JERRY_ES2015) if (type == LEXER_LEFT_SQUARE || type == LEXER_LEFT_BRACE) { uint8_t binding_type = SCANNER_BINDING_VAR; if (stack_top == SCAN_STACK_LET || stack_top == SCAN_STACK_FOR_LET_START) { binding_type = SCANNER_BINDING_LET; } else if (stack_top == SCAN_STACK_CONST || stack_top == SCAN_STACK_FOR_CONST_START) { binding_type = SCANNER_BINDING_CONST; } scanner_push_destructuring_pattern (context_p, &scanner_context, binding_type, false); if (type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_ARRAY_LITERAL); scanner_context.mode = SCAN_MODE_BINDING; break; } parser_stack_push_uint8 (context_p, SCAN_STACK_OBJECT_LITERAL); scanner_context.mode = SCAN_MODE_PROPERTY_NAME; continue; } #endif if (type != LEXER_LITERAL || context_p->token.lit_location.type != LEXER_IDENT_LITERAL) { scanner_raise_error (context_p); } lexer_lit_location_t *literal_p = scanner_add_literal (context_p, &scanner_context); #if ENABLED (JERRY_ES2015) if (stack_top != SCAN_STACK_VAR && stack_top != SCAN_STACK_FOR_VAR_START) { scanner_detect_invalid_let (context_p, literal_p); if (stack_top == SCAN_STACK_LET || stack_top == SCAN_STACK_FOR_LET_START) { literal_p->type |= SCANNER_LITERAL_IS_LET; } else { JERRY_ASSERT (stack_top == SCAN_STACK_CONST || stack_top == SCAN_STACK_FOR_CONST_START); literal_p->type |= SCANNER_LITERAL_IS_CONST; } lexer_next_token (context_p); if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; } else if (context_p->token.type == LEXER_ASSIGN) { scanner_binding_literal_t binding_literal; binding_literal.literal_p = literal_p; parser_stack_push (context_p, &binding_literal, sizeof (scanner_binding_literal_t)); parser_stack_push_uint8 (context_p, SCAN_STACK_BINDING_INIT); } } else { if (!(literal_p->type & SCANNER_LITERAL_IS_VAR)) { scanner_detect_invalid_var (context_p, &scanner_context, literal_p); literal_p->type |= SCANNER_LITERAL_IS_VAR; if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_WITH) { literal_p->type |= SCANNER_LITERAL_NO_REG; } } lexer_next_token (context_p); } #else literal_p->type |= SCANNER_LITERAL_IS_VAR; if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_WITH) { literal_p->type |= SCANNER_LITERAL_NO_REG; } lexer_next_token (context_p); #endif #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_EXPORT) { literal_p->type |= SCANNER_LITERAL_NO_REG; } #endif switch (context_p->token.type) { case LEXER_ASSIGN: { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; } case LEXER_COMMA: { lexer_next_token (context_p); continue; } } if (SCANNER_IS_FOR_START (stack_top)) { #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) JERRY_ASSERT (!(scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_EXPORT)); #endif if (context_p->token.type != LEXER_SEMICOLON && context_p->token.type != LEXER_KEYW_IN && !SCANNER_IDENTIFIER_IS_OF ()) { scanner_raise_error (context_p); } scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION_END; continue; } #if ENABLED (JERRY_ES2015) JERRY_ASSERT (stack_top == SCAN_STACK_VAR || stack_top == SCAN_STACK_LET || stack_top == SCAN_STACK_CONST); #else JERRY_ASSERT (stack_top == SCAN_STACK_VAR); #endif #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) scanner_context.active_literal_pool_p->status_flags &= (uint16_t) ~SCANNER_LITERAL_POOL_IN_EXPORT; #endif scanner_context.mode = SCAN_MODE_STATEMENT_END; parser_stack_pop_uint8 (context_p); continue; } case SCAN_MODE_FUNCTION_ARGUMENTS: { JERRY_ASSERT (stack_top == SCAN_STACK_SCRIPT_FUNCTION || stack_top == SCAN_STACK_FUNCTION_STATEMENT || stack_top == SCAN_STACK_FUNCTION_EXPRESSION || stack_top == SCAN_STACK_FUNCTION_PROPERTY); scanner_literal_pool_t *literal_pool_p = scanner_context.active_literal_pool_p; JERRY_ASSERT (literal_pool_p != NULL && (literal_pool_p->status_flags & SCANNER_LITERAL_POOL_FUNCTION)); literal_pool_p->source_p = context_p->source_p; #if ENABLED (JERRY_ES2015) if (JERRY_UNLIKELY (scanner_context.async_source_p != NULL)) { literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ASYNC; literal_pool_p->source_p = scanner_context.async_source_p; scanner_context.async_source_p = NULL; } #endif if (type != LEXER_LEFT_PAREN) { scanner_raise_error (context_p); } lexer_next_token (context_p); #if ENABLED (JERRY_ES2015) } case SCAN_MODE_CONTINUE_FUNCTION_ARGUMENTS: { #endif if (context_p->token.type != LEXER_RIGHT_PAREN && context_p->token.type != LEXER_EOS) { #if ENABLED (JERRY_ES2015) lexer_lit_location_t *argument_literal_p; #endif while (true) { #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_THREE_DOTS) { scanner_context.active_literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ARGUMENTS_UNMAPPED; lexer_next_token (context_p); } if (context_p->token.type == LEXER_LEFT_SQUARE || context_p->token.type == LEXER_LEFT_BRACE) { argument_literal_p = NULL; break; } #endif if (context_p->token.type != LEXER_LITERAL || context_p->token.lit_location.type != LEXER_IDENT_LITERAL) { scanner_raise_error (context_p); } #if ENABLED (JERRY_ES2015) argument_literal_p = scanner_append_argument (context_p, &scanner_context); #else scanner_append_argument (context_p, &scanner_context); #endif lexer_next_token (context_p); if (context_p->token.type != LEXER_COMMA) { break; } lexer_next_token (context_p); } #if ENABLED (JERRY_ES2015) if (argument_literal_p == NULL) { scanner_context.active_literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ARGUMENTS_UNMAPPED; parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PARAMETERS); scanner_append_hole (context_p, &scanner_context); scanner_push_destructuring_pattern (context_p, &scanner_context, SCANNER_BINDING_ARG, false); if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_ARRAY_LITERAL); scanner_context.mode = SCAN_MODE_BINDING; break; } parser_stack_push_uint8 (context_p, SCAN_STACK_OBJECT_LITERAL); scanner_context.mode = SCAN_MODE_PROPERTY_NAME; continue; } if (context_p->token.type == LEXER_ASSIGN) { scanner_context.active_literal_pool_p->status_flags |= SCANNER_LITERAL_POOL_ARGUMENTS_UNMAPPED; parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PARAMETERS); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; if (argument_literal_p->type & SCANNER_LITERAL_IS_USED) { JERRY_ASSERT (argument_literal_p->type & SCANNER_LITERAL_EARLY_CREATE); break; } scanner_binding_literal_t binding_literal; binding_literal.literal_p = argument_literal_p; parser_stack_push (context_p, &binding_literal, sizeof (scanner_binding_literal_t)); parser_stack_push_uint8 (context_p, SCAN_STACK_BINDING_INIT); break; } #endif } if (context_p->token.type == LEXER_EOS && stack_top == SCAN_STACK_SCRIPT_FUNCTION) { scanner_info_t *scanner_info_p = (scanner_info_t *) scanner_malloc (context_p, sizeof (scanner_info_t)); scanner_info_p->next_p = context_p->next_scanner_info_p; scanner_info_p->source_p = NULL; scanner_info_p->type = SCANNER_TYPE_END_ARGUMENTS; scanner_context.end_arguments_p = scanner_info_p; context_p->next_scanner_info_p = scanner_info_p; context_p->source_p = source_p; context_p->source_end_p = source_end_p; context_p->line = 1; context_p->column = 1; scanner_filter_arguments (context_p, &scanner_context); lexer_next_token (context_p); scanner_check_directives (context_p, &scanner_context); continue; } if (context_p->token.type != LEXER_RIGHT_PAREN) { scanner_raise_error (context_p); } lexer_next_token (context_p); if (context_p->token.type != LEXER_LEFT_BRACE) { scanner_raise_error (context_p); } scanner_filter_arguments (context_p, &scanner_context); lexer_next_token (context_p); scanner_check_directives (context_p, &scanner_context); continue; } case SCAN_MODE_PROPERTY_NAME: { JERRY_ASSERT (stack_top == SCAN_STACK_OBJECT_LITERAL); if (lexer_scan_identifier (context_p)) { lexer_check_property_modifier (context_p); } #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_COMPUTED_PROPERTY); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } #endif if (context_p->token.type == LEXER_RIGHT_BRACE) { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION_END; continue; } if (context_p->token.type == LEXER_PROPERTY_GETTER #if ENABLED (JERRY_ES2015) || context_p->token.type == LEXER_KEYW_ASYNC || context_p->token.type == LEXER_MULTIPLY #endif || context_p->token.type == LEXER_PROPERTY_SETTER) { uint16_t literal_pool_flags = SCANNER_LITERAL_POOL_FUNCTION; #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_MULTIPLY) { literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } else if (context_p->token.type == LEXER_KEYW_ASYNC) { literal_pool_flags |= SCANNER_LITERAL_POOL_ASYNC; if (lexer_consume_generator (context_p)) { literal_pool_flags |= SCANNER_LITERAL_POOL_GENERATOR; } } #endif parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PROPERTY); lexer_scan_identifier (context_p); #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCANNER_FROM_LITERAL_POOL_TO_COMPUTED (literal_pool_flags)); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } #endif if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } scanner_push_literal_pool (context_p, &scanner_context, literal_pool_flags); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; break; } if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } #if ENABLED (JERRY_ES2015) parser_line_counter_t start_line = context_p->token.line; parser_line_counter_t start_column = context_p->token.column; bool is_ident = (context_p->token.lit_location.type == LEXER_IDENT_LITERAL); #endif lexer_next_token (context_p); #if ENABLED (JERRY_ES2015) if (context_p->token.type == LEXER_LEFT_PAREN) { scanner_push_literal_pool (context_p, &scanner_context, SCANNER_LITERAL_POOL_FUNCTION); parser_stack_push_uint8 (context_p, SCAN_STACK_FUNCTION_PROPERTY); scanner_context.mode = SCAN_MODE_FUNCTION_ARGUMENTS; continue; } if (is_ident && (context_p->token.type == LEXER_COMMA || context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN)) { context_p->source_p = context_p->token.lit_location.char_p; context_p->line = start_line; context_p->column = start_column; lexer_next_token (context_p); JERRY_ASSERT (context_p->token.type != LEXER_LITERAL || context_p->token.lit_location.type == LEXER_IDENT_LITERAL); if (context_p->token.type != LEXER_LITERAL) { scanner_raise_error (context_p); } if (scanner_context.binding_type != SCANNER_BINDING_NONE) { scanner_context.mode = SCAN_MODE_BINDING; continue; } scanner_add_reference (context_p, &scanner_context); lexer_next_token (context_p); if (context_p->token.type == LEXER_ASSIGN) { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION_END; continue; } #endif if (context_p->token.type != LEXER_COLON) { scanner_raise_error (context_p); } scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; #if ENABLED (JERRY_ES2015) if (scanner_context.binding_type != SCANNER_BINDING_NONE) { scanner_context.mode = SCAN_MODE_BINDING; } #endif break; } #if ENABLED (JERRY_ES2015) case SCAN_MODE_BINDING: { JERRY_ASSERT (scanner_context.binding_type == SCANNER_BINDING_VAR || scanner_context.binding_type == SCANNER_BINDING_LET || scanner_context.binding_type == SCANNER_BINDING_CATCH || scanner_context.binding_type == SCANNER_BINDING_CONST || scanner_context.binding_type == SCANNER_BINDING_ARG || scanner_context.binding_type == SCANNER_BINDING_ARROW_ARG); if (type == LEXER_THREE_DOTS) { lexer_next_token (context_p); type = (lexer_token_type_t) context_p->token.type; } if (type == LEXER_LEFT_SQUARE || type == LEXER_LEFT_BRACE) { scanner_push_destructuring_pattern (context_p, &scanner_context, scanner_context.binding_type, true); if (type == LEXER_LEFT_SQUARE) { parser_stack_push_uint8 (context_p, SCAN_STACK_ARRAY_LITERAL); break; } parser_stack_push_uint8 (context_p, SCAN_STACK_OBJECT_LITERAL); scanner_context.mode = SCAN_MODE_PROPERTY_NAME; continue; } if (type != LEXER_LITERAL || context_p->token.lit_location.type != LEXER_IDENT_LITERAL) { scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; continue; } lexer_lit_location_t *literal_p = scanner_add_literal (context_p, &scanner_context); scanner_context.mode = SCAN_MODE_POST_PRIMARY_EXPRESSION; if (scanner_context.binding_type == SCANNER_BINDING_VAR) { if (!(literal_p->type & SCANNER_LITERAL_IS_VAR)) { scanner_detect_invalid_var (context_p, &scanner_context, literal_p); literal_p->type |= SCANNER_LITERAL_IS_VAR; if (scanner_context.active_literal_pool_p->status_flags & SCANNER_LITERAL_POOL_IN_WITH) { literal_p->type |= SCANNER_LITERAL_NO_REG; } } break; } if (scanner_context.binding_type == SCANNER_BINDING_ARROW_ARG) { literal_p->type |= SCANNER_LITERAL_IS_ARG | SCANNER_LITERAL_IS_ARROW_DESTRUCTURED_ARG; if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; break; } } else { scanner_detect_invalid_let (context_p, literal_p); if (scanner_context.binding_type <= SCANNER_BINDING_CATCH) { JERRY_ASSERT ((scanner_context.binding_type == SCANNER_BINDING_LET) || (scanner_context.binding_type == SCANNER_BINDING_CATCH)); literal_p->type |= SCANNER_LITERAL_IS_LET; } else { literal_p->type |= SCANNER_LITERAL_IS_CONST; if (scanner_context.binding_type == SCANNER_BINDING_ARG) { literal_p->type |= SCANNER_LITERAL_IS_ARG; if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; break; } } } if (literal_p->type & SCANNER_LITERAL_IS_USED) { literal_p->type |= SCANNER_LITERAL_EARLY_CREATE; break; } } scanner_binding_item_t *binding_item_p; binding_item_p = (scanner_binding_item_t *) scanner_malloc (context_p, sizeof (scanner_binding_item_t)); binding_item_p->next_p = scanner_context.active_binding_list_p->items_p; binding_item_p->literal_p = literal_p; scanner_context.active_binding_list_p->items_p = binding_item_p; lexer_next_token (context_p); if (context_p->token.type != LEXER_ASSIGN) { continue; } scanner_binding_literal_t binding_literal; binding_literal.literal_p = literal_p; parser_stack_push (context_p, &binding_literal, sizeof (scanner_binding_literal_t)); parser_stack_push_uint8 (context_p, SCAN_STACK_BINDING_INIT); scanner_context.mode = SCAN_MODE_PRIMARY_EXPRESSION; break; } #endif } lexer_next_token (context_p); } scan_completed: if (context_p->stack_top_uint8 != SCAN_STACK_SCRIPT && context_p->stack_top_uint8 != SCAN_STACK_SCRIPT_FUNCTION) { scanner_raise_error (context_p); } scanner_pop_literal_pool (context_p, &scanner_context); #if ENABLED (JERRY_ES2015) JERRY_ASSERT (scanner_context.active_binding_list_p == NULL); #endif JERRY_ASSERT (scanner_context.active_literal_pool_p == NULL); #ifndef JERRY_NDEBUG scanner_context.context_status_flags |= PARSER_SCANNING_SUCCESSFUL; #endif } PARSER_CATCH { if (context_p->error != PARSER_ERR_OUT_OF_MEMORY) { context_p->error = PARSER_ERR_NO_ERROR; } #if ENABLED (JERRY_ES2015) while (scanner_context.active_binding_list_p != NULL) { scanner_pop_binding_list (&scanner_context); } #endif PARSER_TRY (context_p->try_buffer) { #if ENABLED (JERRY_ES2015) if (scanner_context.status_flags & SCANNER_CONTEXT_THROW_ERR_ASYNC_FUNCTION) { JERRY_ASSERT (scanner_context.async_source_p != NULL); scanner_info_t *info_p; info_p = scanner_insert_info (context_p, scanner_context.async_source_p, sizeof (scanner_info_t)); info_p->type = SCANNER_TYPE_ERR_ASYNC_FUNCTION; } #endif while (scanner_context.active_literal_pool_p != NULL) { scanner_pop_literal_pool (context_p, &scanner_context); } } PARSER_CATCH { JERRY_ASSERT (context_p->error == PARSER_ERR_NO_ERROR); while (scanner_context.active_literal_pool_p != NULL) { scanner_literal_pool_t *literal_pool_p = scanner_context.active_literal_pool_p; scanner_context.active_literal_pool_p = literal_pool_p->prev_p; parser_list_free (&literal_pool_p->literal_pool); scanner_free (literal_pool_p, sizeof (scanner_literal_pool_t)); } } PARSER_TRY_END #if ENABLED (JERRY_ES2015) context_p->status_flags &= (uint32_t) ~PARSER_IS_GENERATOR_FUNCTION; #endif } PARSER_TRY_END context_p->status_flags = scanner_context.context_status_flags; scanner_reverse_info_list (context_p); #if ENABLED (JERRY_PARSER_DUMP_BYTE_CODE) if (context_p->is_show_opcodes) { scanner_info_t *info_p = context_p->next_scanner_info_p; const uint8_t *source_start_p = (arg_list_p == NULL) ? source_p : arg_list_p; while (info_p->type != SCANNER_TYPE_END) { const char *name_p = NULL; bool print_location = false; switch (info_p->type) { case SCANNER_TYPE_END_ARGUMENTS: { JERRY_DEBUG_MSG ("" END_ARGUMENTS\n""); source_start_p = source_p; break; } case SCANNER_TYPE_FUNCTION: case SCANNER_TYPE_BLOCK: { const uint8_t *prev_source_p = info_p->source_p - 1; const uint8_t *data_p; if (info_p->type == SCANNER_TYPE_FUNCTION) { data_p = (const uint8_t *) (info_p + 1); JERRY_DEBUG_MSG ("" FUNCTION: flags: 0x%x declarations: %d"", (int) info_p->u8_arg, (int) info_p->u16_arg); } else { data_p = (const uint8_t *) (info_p + 1); JERRY_DEBUG_MSG ("" BLOCK:""); } JERRY_DEBUG_MSG ("" source:%d\n"", (int) (info_p->source_p - source_start_p)); while (data_p[0] != SCANNER_STREAM_TYPE_END) { switch (data_p[0] & SCANNER_STREAM_TYPE_MASK) { case SCANNER_STREAM_TYPE_VAR: { JERRY_DEBUG_MSG ("" VAR ""); break; } #if ENABLED (JERRY_ES2015) case SCANNER_STREAM_TYPE_LET: { JERRY_DEBUG_MSG ("" LET ""); break; } case SCANNER_STREAM_TYPE_CONST: { JERRY_DEBUG_MSG ("" CONST ""); break; } case SCANNER_STREAM_TYPE_LOCAL: { JERRY_DEBUG_MSG ("" LOCAL ""); break; } #endif #if ENABLED (JERRY_ES2015_MODULE_SYSTEM) case SCANNER_STREAM_TYPE_IMPORT: { JERRY_DEBUG_MSG ("" IMPORT ""); break; } #endif case SCANNER_STREAM_TYPE_ARG: { JERRY_DEBUG_MSG ("" ARG ""); break; } #if ENABLED (JERRY_ES2015) case SCANNER_STREAM_TYPE_DESTRUCTURED_ARG: { JERRY_DEBUG_MSG ("" DESTRUCTURED_ARG ""); break; } #endif case SCANNER_STREAM_TYPE_ARG_FUNC: { JERRY_DEBUG_MSG ("" ARG_FUNC ""); break; } #if ENABLED (JERRY_ES2015) case SCANNER_STREAM_TYPE_DESTRUCTURED_ARG_FUNC: { JERRY_DEBUG_MSG ("" DESTRUCTURED_ARG_FUNC ""); break; } #endif case SCANNER_STREAM_TYPE_FUNC: { JERRY_DEBUG_MSG ("" FUNC ""); break; } default: { JERRY_ASSERT ((data_p[0] & SCANNER_STREAM_TYPE_MASK) == SCANNER_STREAM_TYPE_HOLE); JERRY_DEBUG_MSG ("" HOLE\n""); data_p++; continue; } } size_t length; if (!(data_p[0] & SCANNER_STREAM_UINT16_DIFF)) { if (data_p[2] != 0) { prev_source_p += data_p[2]; length = 2 + 1; } else { memcpy (&prev_source_p, data_p + 2 + 1, sizeof (const uint8_t *)); length = 2 + 1 + sizeof (const uint8_t *); } } else { int32_t diff = ((int32_t) data_p[2]) | ((int32_t) data_p[3]) << 8; if (diff <= UINT8_MAX) { diff = -diff; } prev_source_p += diff; length = 2 + 2; } #if ENABLED (JERRY_ES2015) if (data_p[0] & SCANNER_STREAM_EARLY_CREATE) { JERRY_ASSERT (data_p[0] & SCANNER_STREAM_NO_REG); JERRY_DEBUG_MSG (""*""); } #endif if (data_p[0] & SCANNER_STREAM_NO_REG) { JERRY_DEBUG_MSG (""* ""); } JERRY_DEBUG_MSG (""'%.*s'\n"", data_p[1], (char *) prev_source_p); prev_source_p += data_p[1]; data_p += length; } break; } case SCANNER_TYPE_WHILE: { name_p = ""WHILE""; print_location = true; break; } case SCANNER_TYPE_FOR: { scanner_for_info_t *for_info_p = (scanner_for_info_t *) info_p; JERRY_DEBUG_MSG ("" FOR: source:%d expression:%d[%d:%d] end:%d[%d:%d]\n"", (int) (for_info_p->info.source_p - source_start_p), (int) (for_info_p->expression_location.source_p - source_start_p), (int) for_info_p->expression_location.line, (int) for_info_p->expression_location.column, (int) (for_info_p->end_location.source_p - source_start_p), (int) for_info_p->end_location.line, (int) for_info_p->end_location.column); break; } case SCANNER_TYPE_FOR_IN: { name_p = ""FOR-IN""; print_location = true; break; } #if ENABLED (JERRY_ES2015) case SCANNER_TYPE_FOR_OF: { name_p = ""FOR-OF""; print_location = true; break; } #endif case SCANNER_TYPE_SWITCH: { JERRY_DEBUG_MSG ("" SWITCH: source:%d\n"", (int) (info_p->source_p - source_start_p)); scanner_case_info_t *current_case_p = ((scanner_switch_info_t *) info_p)->case_p; while (current_case_p != NULL) { JERRY_DEBUG_MSG ("" CASE: location:%d[%d:%d]\n"", (int) (current_case_p->location.source_p - source_start_p), (int) current_case_p->location.line, (int) current_case_p->location.column); current_case_p = current_case_p->next_p; } break; } case SCANNER_TYPE_CASE: { name_p = ""CASE""; print_location = true; break; } #if ENABLED (JERRY_ES2015) case SCANNER_TYPE_INITIALIZER: { name_p = ""INITIALIZER""; print_location = true; break; } case SCANNER_TYPE_CLASS_CONSTRUCTOR: { JERRY_DEBUG_MSG ("" CLASS-CONSTRUCTOR: source:%d\n"", (int) (info_p->source_p - source_start_p)); print_location = false; break; } case SCANNER_TYPE_LET_EXPRESSION: { JERRY_DEBUG_MSG ("" LET_EXPRESSION: source:%d\n"", (int) (info_p->source_p - source_start_p)); break; } case SCANNER_TYPE_ERR_REDECLARED: { JERRY_DEBUG_MSG ("" ERR_REDECLARED: source:%d\n"", (int) (info_p->source_p - source_start_p)); break; } case SCANNER_TYPE_ERR_ASYNC_FUNCTION: { JERRY_DEBUG_MSG ("" ERR_ASYNC_FUNCTION: source:%d\n"", (int) (info_p->source_p - source_start_p)); break; } #endif } if (print_location) { scanner_location_info_t *location_info_p = (scanner_location_info_t *) info_p; JERRY_DEBUG_MSG ("" %s: source:%d location:%d[%d:%d]\n"", name_p, (int) (location_info_p->info.source_p - source_start_p), (int) (location_info_p->location.source_p - source_start_p), (int) location_info_p->location.line, (int) location_info_p->location.column); } info_p = info_p->next_p; } JERRY_DEBUG_MSG (""\n--- Scanning end ---\n\n""); } #endif parser_stack_free (context_p); } ",visit repo url,jerry-core/parser/js/js-scanner.c,https://github.com/jerryscript-project/jerryscript,199109117186543,1 5367,CWE-787,"static void ssdp_recv(int sd) { ssize_t len; struct sockaddr sa; socklen_t salen; char buf[MAX_PKT_SIZE]; memset(buf, 0, sizeof(buf)); len = recvfrom(sd, buf, sizeof(buf), MSG_DONTWAIT, &sa, &salen); if (len > 0) { buf[len] = 0; if (sa.sa_family != AF_INET) return; if (strstr(buf, ""M-SEARCH *"")) { size_t i; char *ptr, *type; struct ifsock *ifs; struct sockaddr_in *sin = (struct sockaddr_in *)&sa; ifs = find_outbound(&sa); if (!ifs) { logit(LOG_DEBUG, ""No matching socket for client %s"", inet_ntoa(sin->sin_addr)); return; } logit(LOG_DEBUG, ""Matching socket for client %s"", inet_ntoa(sin->sin_addr)); type = strcasestr(buf, ""\r\nST:""); if (!type) { logit(LOG_DEBUG, ""No Search Type (ST:) found in M-SEARCH *, assuming "" SSDP_ST_ALL); type = SSDP_ST_ALL; send_message(ifs, type, &sa); return; } type = strchr(type, ':'); if (!type) return; type++; while (isspace(*type)) type++; ptr = strstr(type, ""\r\n""); if (!ptr) return; *ptr = 0; for (i = 0; supported_types[i]; i++) { if (!strcmp(supported_types[i], type)) { logit(LOG_DEBUG, ""M-SEARCH * ST: %s from %s port %d"", type, inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); send_message(ifs, type, &sa); return; } } logit(LOG_DEBUG, ""M-SEARCH * for unsupported ST: %s from %s"", type, inet_ntoa(sin->sin_addr)); } } }",visit repo url,ssdpd.c,https://github.com/troglobit/ssdp-responder,215720258129999,1 2134,['CWE-119'],"static inline void native_write_idt_entry(gate_desc *idt, int entry, const gate_desc *gate) { memcpy(&idt[entry], gate, sizeof(*gate)); }",linux-2.6,,,71561457310690607334658192477769339943,0 4075,CWE-416,"static int init_items(struct MACH0_(obj_t)* bin) { struct load_command lc = {0, 0}; ut8 loadc[sizeof (struct load_command)] = {0}; bool is_first_thread = true; ut64 off = 0LL; int i, len; bin->uuidn = 0; bin->os = 0; bin->has_crypto = 0; if (bin->hdr.sizeofcmds > bin->size) { bprintf (""Warning: chopping hdr.sizeofcmds\n""); bin->hdr.sizeofcmds = bin->size - 128; } for (i = 0, off = sizeof (struct MACH0_(mach_header)); \ i < bin->hdr.ncmds; i++, off += lc.cmdsize) { if (off > bin->size || off + sizeof (struct load_command) > bin->size){ bprintf (""mach0: out of bounds command\n""); return false; } len = r_buf_read_at (bin->b, off, loadc, sizeof (struct load_command)); if (len < 1) { bprintf (""Error: read (lc) at 0x%08""PFMT64x""\n"", off); return false; } lc.cmd = r_read_ble32 (&loadc[0], bin->big_endian); lc.cmdsize = r_read_ble32 (&loadc[4], bin->big_endian); if (lc.cmdsize < 1 || off + lc.cmdsize > bin->size) { bprintf (""Warning: mach0_header %d = cmdsize<1.\n"", i); break; } sdb_num_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.offset"", i), off, 0); sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.format"", i), ""xd cmd size"", 0); switch (lc.cmd) { case LC_DATA_IN_CODE: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""data_in_code"", 0); break; case LC_RPATH: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""rpath"", 0); break; case LC_SEGMENT_64: case LC_SEGMENT: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""segment"", 0); bin->nsegs++; if (!parse_segments (bin, off)) { bprintf (""error parsing segment\n""); bin->nsegs--; return false; } break; case LC_SYMTAB: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""symtab"", 0); if (!parse_symtab (bin, off)) { bprintf (""error parsing symtab\n""); return false; } break; case LC_DYSYMTAB: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""dysymtab"", 0); if (!parse_dysymtab(bin, off)) { bprintf (""error parsing dysymtab\n""); return false; } break; case LC_DYLIB_CODE_SIGN_DRS: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""dylib_code_sign_drs"", 0); break; case LC_VERSION_MIN_MACOSX: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""version_min_macosx"", 0); bin->os = 1; break; case LC_VERSION_MIN_IPHONEOS: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""version_min_iphoneos"", 0); bin->os = 2; break; case LC_VERSION_MIN_TVOS: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""version_min_tvos"", 0); bin->os = 4; break; case LC_VERSION_MIN_WATCHOS: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""version_min_watchos"", 0); bin->os = 3; break; case LC_UUID: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""uuid"", 0); { struct uuid_command uc = {0}; if (off + sizeof (struct uuid_command) > bin->size) { bprintf (""UUID out of obunds\n""); return false; } if (r_buf_fread_at (bin->b, off, (ut8*)&uc, ""24c"", 1) != -1) { char key[128]; char val[128]; snprintf (key, sizeof (key)-1, ""uuid.%d"", bin->uuidn++); r_hex_bin2str ((ut8*)&uc.uuid, 16, val); sdb_set (bin->kv, key, val, 0); } } break; case LC_ENCRYPTION_INFO_64: case LC_ENCRYPTION_INFO: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""encryption_info"", 0); { struct MACH0_(encryption_info_command) eic = {0}; ut8 seic[sizeof (struct MACH0_(encryption_info_command))] = {0}; if (off + sizeof (struct MACH0_(encryption_info_command)) > bin->size) { bprintf (""encryption info out of bounds\n""); return false; } if (r_buf_read_at (bin->b, off, seic, sizeof (struct MACH0_(encryption_info_command))) != -1) { eic.cmd = r_read_ble32 (&seic[0], bin->big_endian); eic.cmdsize = r_read_ble32 (&seic[4], bin->big_endian); eic.cryptoff = r_read_ble32 (&seic[8], bin->big_endian); eic.cryptsize = r_read_ble32 (&seic[12], bin->big_endian); eic.cryptid = r_read_ble32 (&seic[16], bin->big_endian); bin->has_crypto = eic.cryptid; sdb_set (bin->kv, ""crypto"", ""true"", 0); sdb_num_set (bin->kv, ""cryptid"", eic.cryptid, 0); sdb_num_set (bin->kv, ""cryptoff"", eic.cryptoff, 0); sdb_num_set (bin->kv, ""cryptsize"", eic.cryptsize, 0); sdb_num_set (bin->kv, ""cryptheader"", off, 0); } } break; case LC_LOAD_DYLINKER: { sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""dylinker"", 0); free (bin->intrp); bin->intrp = NULL; struct dylinker_command dy = {0}; ut8 sdy[sizeof (struct dylinker_command)] = {0}; if (off + sizeof (struct dylinker_command) > bin->size){ bprintf (""Warning: Cannot parse dylinker command\n""); return false; } if (r_buf_read_at (bin->b, off, sdy, sizeof (struct dylinker_command)) == -1) { bprintf (""Warning: read (LC_DYLD_INFO) at 0x%08""PFMT64x""\n"", off); } else { dy.cmd = r_read_ble32 (&sdy[0], bin->big_endian); dy.cmdsize = r_read_ble32 (&sdy[4], bin->big_endian); dy.name = r_read_ble32 (&sdy[8], bin->big_endian); int len = dy.cmdsize; char *buf = malloc (len+1); if (buf) { r_buf_read_at (bin->b, off + 0xc, (ut8*)buf, len); buf[len] = 0; free (bin->intrp); bin->intrp = buf; } } } break; case LC_MAIN: { struct { ut64 eo; ut64 ss; } ep = {0}; ut8 sep[2 * sizeof (ut64)] = {0}; sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""main"", 0); if (!is_first_thread) { bprintf(""Error: LC_MAIN with other threads\n""); return false; } if (off + 8 > bin->size || off + sizeof (ep) > bin->size) { bprintf (""invalid command size for main\n""); return false; } r_buf_read_at (bin->b, off + 8, sep, 2 * sizeof (ut64)); ep.eo = r_read_ble64 (&sep[0], bin->big_endian); ep.ss = r_read_ble64 (&sep[8], bin->big_endian); bin->entry = ep.eo; bin->main_cmd = lc; sdb_num_set (bin->kv, ""mach0.entry.offset"", off + 8, 0); sdb_num_set (bin->kv, ""stacksize"", ep.ss, 0); is_first_thread = false; } break; case LC_UNIXTHREAD: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""unixthread"", 0); if (!is_first_thread) { bprintf(""Error: LC_UNIXTHREAD with other threads\n""); return false; } case LC_THREAD: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""thread"", 0); if (!parse_thread (bin, &lc, off, is_first_thread)) { bprintf (""Cannot parse thread\n""); return false; } is_first_thread = false; break; case LC_LOAD_DYLIB: case LC_LOAD_WEAK_DYLIB: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""load_dylib"", 0); bin->nlibs++; if (!parse_dylib(bin, off)){ bprintf (""Cannot parse dylib\n""); bin->nlibs--; return false; } break; case LC_DYLD_INFO: case LC_DYLD_INFO_ONLY: { ut8 dyldi[sizeof (struct dyld_info_command)] = {0}; sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""dyld_info"", 0); bin->dyld_info = malloc (sizeof(struct dyld_info_command)); if (off + sizeof (struct dyld_info_command) > bin->size){ bprintf (""Cannot parse dyldinfo\n""); free (bin->dyld_info); return false; } if (r_buf_read_at (bin->b, off, dyldi, sizeof (struct dyld_info_command)) == -1) { free (bin->dyld_info); bin->dyld_info = NULL; bprintf (""Error: read (LC_DYLD_INFO) at 0x%08""PFMT64x""\n"", off); } else { bin->dyld_info->cmd = r_read_ble32 (&dyldi[0], bin->big_endian); bin->dyld_info->cmdsize = r_read_ble32 (&dyldi[4], bin->big_endian); bin->dyld_info->rebase_off = r_read_ble32 (&dyldi[8], bin->big_endian); bin->dyld_info->rebase_size = r_read_ble32 (&dyldi[12], bin->big_endian); bin->dyld_info->bind_off = r_read_ble32 (&dyldi[16], bin->big_endian); bin->dyld_info->bind_size = r_read_ble32 (&dyldi[20], bin->big_endian); bin->dyld_info->weak_bind_off = r_read_ble32 (&dyldi[24], bin->big_endian); bin->dyld_info->weak_bind_size = r_read_ble32 (&dyldi[28], bin->big_endian); bin->dyld_info->lazy_bind_off = r_read_ble32 (&dyldi[32], bin->big_endian); bin->dyld_info->lazy_bind_size = r_read_ble32 (&dyldi[36], bin->big_endian); bin->dyld_info->export_off = r_read_ble32 (&dyldi[40], bin->big_endian); bin->dyld_info->export_size = r_read_ble32 (&dyldi[44], bin->big_endian); } } break; case LC_CODE_SIGNATURE: parse_signature (bin, off); sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""signature"", 0); break; case LC_SOURCE_VERSION: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""version"", 0); break; case LC_SEGMENT_SPLIT_INFO: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""split_info"", 0); break; case LC_FUNCTION_STARTS: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""function_starts"", 0); if (!parse_function_starts (bin, off)) { bprintf (""Cannot parse LC_FUNCTION_STARTS\n""); } break; case LC_REEXPORT_DYLIB: sdb_set (bin->kv, sdb_fmt (0, ""mach0_cmd_%d.cmd"", i), ""dylib"", 0); break; default: break; } } return true; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radare/radare2,121285234158358,1 5907,CWE-190,"static Jsi_RC jsi_ArrayJoinCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { if (_this->vt != JSI_VT_OBJECT || !Jsi_ObjIsArray(interp, _this->d.obj)) return Jsi_LogError(""expected array object""); const char *jstr = """"; int argc, curlen; Jsi_DString dStr = {}; curlen = Jsi_ObjGetLength(interp, _this->d.obj); if (curlen == 0) { goto bail; } if (Jsi_ValueGetLength(interp, args) >= 1) { Jsi_Value *sc = Jsi_ValueArrayIndex(interp, args, 0); if (sc != NULL) jstr = Jsi_ValueToString(interp, sc, NULL); } if (0 == (argc=Jsi_ObjGetLength(interp, _this->d.obj))) { goto bail; } int i; for (i = 0; i < argc; ++i) { const char *cp; Jsi_Value *ov = Jsi_ValueArrayIndex(interp, _this, i); if (!ov) { continue; cp = """"; } else cp = Jsi_ValueToString(interp, ov, NULL); if (i && jstr[0]) Jsi_DSAppend(&dStr, jstr, NULL); Jsi_DSAppend(&dStr, cp, NULL); } Jsi_ValueMakeStringDup(interp, ret, Jsi_DSValue(&dStr)); Jsi_DSFree(&dStr); return JSI_OK; bail: Jsi_ValueMakeStringDup(interp, ret, """"); return JSI_OK; }",visit repo url,src/jsiArray.c,https://github.com/pcmacdon/jsish,238374878202834,1 4663,['CWE-399'],"static inline void ext4_unlock_group(struct super_block *sb, ext4_group_t group) { struct ext4_group_info *grinfo = ext4_get_group_info(sb, group); bit_spin_unlock(EXT4_GROUP_INFO_LOCKED_BIT, &(grinfo->bb_state));",linux-2.6,,,312973852720074155316639429973025790898,0 3899,CWE-476,"do_mouse( oparg_T *oap, int c, int dir, long count, int fixindent) { static int do_always = FALSE; static int got_click = FALSE; int which_button; int is_click = FALSE; int is_drag = FALSE; int jump_flags = 0; pos_T start_visual; int moved; int in_status_line; static int in_tab_line = FALSE; int in_sep_line; int c1, c2; #if defined(FEAT_FOLDING) pos_T save_cursor; #endif win_T *old_curwin = curwin; static pos_T orig_cursor; colnr_T leftcol, rightcol; pos_T end_visual; int diff; int old_active = VIsual_active; int old_mode = VIsual_mode; int regname; #if defined(FEAT_FOLDING) save_cursor = curwin->w_cursor; #endif if (do_always) do_always = FALSE; else #ifdef FEAT_GUI if (!gui.in_use) #endif { if (VIsual_active) { if (!mouse_has(MOUSE_VISUAL)) return FALSE; } else if (State == MODE_NORMAL && !mouse_has(MOUSE_NORMAL)) return FALSE; } for (;;) { which_button = get_mouse_button(KEY2TERMCAP1(c), &is_click, &is_drag); if (is_drag) { if (!KeyStuffed && vpeekc() != NUL) { int nc; int save_mouse_row = mouse_row; int save_mouse_col = mouse_col; nc = safe_vgetc(); if (c == nc) continue; vungetc(nc); mouse_row = save_mouse_row; mouse_col = save_mouse_col; } } break; } if (c == K_MOUSEMOVE) { #ifdef FEAT_BEVAL_TERM ui_may_remove_balloon(); if (p_bevalterm) { profile_setlimit(p_bdlay, &bevalexpr_due); bevalexpr_due_set = TRUE; } #endif #ifdef FEAT_PROP_POPUP popup_handle_mouse_moved(); #endif return FALSE; } #ifdef FEAT_MOUSESHAPE if (!is_drag && drag_status_line) { drag_status_line = FALSE; update_mouseshape(SHAPE_IDX_STATUS); } if (!is_drag && drag_sep_line) { drag_sep_line = FALSE; update_mouseshape(SHAPE_IDX_VSEP); } #endif if (is_click) got_click = TRUE; else { if (!got_click) return FALSE; if (!is_drag) { got_click = FALSE; if (in_tab_line) { in_tab_line = FALSE; return FALSE; } } } if (is_click && (mod_mask & MOD_MASK_CTRL) && which_button == MOUSE_RIGHT) { if (State & MODE_INSERT) stuffcharReadbuff(Ctrl_O); if (count > 1) stuffnumReadbuff(count); stuffcharReadbuff(Ctrl_T); got_click = FALSE; return FALSE; } if ((mod_mask & MOD_MASK_CTRL) && which_button != MOUSE_LEFT) return FALSE; if ((mod_mask & (MOD_MASK_SHIFT | MOD_MASK_CTRL | MOD_MASK_ALT | MOD_MASK_META)) && (!is_click || (mod_mask & MOD_MASK_MULTI_CLICK) || which_button == MOUSE_MIDDLE) && !((mod_mask & (MOD_MASK_SHIFT|MOD_MASK_ALT)) && mouse_model_popup() && which_button == MOUSE_LEFT) && !((mod_mask & MOD_MASK_ALT) && !mouse_model_popup() && which_button == MOUSE_RIGHT) ) return FALSE; if (!is_click && which_button == MOUSE_MIDDLE) return FALSE; if (oap != NULL) regname = oap->regname; else regname = 0; if (which_button == MOUSE_MIDDLE) { if (State == MODE_NORMAL) { if (oap != NULL && oap->op_type != OP_NOP) { clearopbeep(oap); return FALSE; } if (VIsual_active) { if (VIsual_select) { stuffcharReadbuff(Ctrl_G); stuffReadbuff((char_u *)""\""+p""); } else { stuffcharReadbuff('y'); stuffcharReadbuff(K_MIDDLEMOUSE); } do_always = TRUE; return FALSE; } } else if ((State & MODE_INSERT) == 0) return FALSE; if ((State & MODE_INSERT) || !mouse_has(MOUSE_NORMAL)) { if (regname == '.') insert_reg(regname, TRUE); else { #ifdef FEAT_CLIPBOARD if (clip_star.available && regname == 0) regname = '*'; #endif if ((State & REPLACE_FLAG) && !yank_register_mline(regname)) insert_reg(regname, TRUE); else { do_put(regname, NULL, BACKWARD, 1L, fixindent | PUT_CURSEND); AppendCharToRedobuff(Ctrl_R); AppendCharToRedobuff(fixindent ? Ctrl_P : Ctrl_O); AppendCharToRedobuff(regname == 0 ? '""' : regname); } } return FALSE; } } if (!is_click) jump_flags |= MOUSE_FOCUS | MOUSE_DID_MOVE; start_visual.lnum = 0; if (mouse_row == 0 && firstwin->w_winrow > 0) { if (is_drag) { if (in_tab_line) { c1 = TabPageIdxs[mouse_col]; tabpage_move(c1 <= 0 ? 9999 : c1 < tabpage_index(curtab) ? c1 - 1 : c1); } return FALSE; } if (is_click # ifdef FEAT_CMDWIN && cmdwin_type == 0 # endif && mouse_col < Columns) { in_tab_line = TRUE; c1 = TabPageIdxs[mouse_col]; if (c1 >= 0) { if ((mod_mask & MOD_MASK_MULTI_CLICK) == MOD_MASK_2CLICK) { end_visual_mode_keep_button(); tabpage_new(); tabpage_move(c1 == 0 ? 9999 : c1 - 1); } else { goto_tabpage(c1); if (curwin != old_curwin) end_visual_mode_keep_button(); } } else { tabpage_T *tp; if (c1 == -999) tp = curtab; else tp = find_tabpage(-c1); if (tp == curtab) { if (first_tabpage->tp_next != NULL) tabpage_close(FALSE); } else if (tp != NULL) tabpage_close_other(tp, FALSE); } } return TRUE; } else if (is_drag && in_tab_line) { c1 = TabPageIdxs[mouse_col]; tabpage_move(c1 <= 0 ? 9999 : c1 - 1); return FALSE; } if (mouse_model_popup()) { if (which_button == MOUSE_RIGHT && !(mod_mask & (MOD_MASK_SHIFT | MOD_MASK_CTRL))) { #ifdef USE_POPUP_SETPOS # ifdef FEAT_GUI if (gui.in_use) { # if defined(FEAT_GUI_MOTIF) || defined(FEAT_GUI_GTK) \ || defined(FEAT_GUI_PHOTON) if (!is_click) return FALSE; # endif # if defined(FEAT_GUI_MSWIN) || defined(FEAT_GUI_HAIKU) if (is_click || is_drag) return FALSE; # endif } # endif # if defined(FEAT_GUI) && defined(FEAT_TERM_POPUP_MENU) else # endif # if defined(FEAT_TERM_POPUP_MENU) if (!is_click) return FALSE; #endif jump_flags = 0; if (STRCMP(p_mousem, ""popup_setpos"") == 0) { if (VIsual_active) { pos_T m_pos; if (mouse_row < curwin->w_winrow || mouse_row > (curwin->w_winrow + curwin->w_height)) jump_flags = MOUSE_MAY_STOP_VIS; else if (get_fpos_of_mouse(&m_pos) != IN_BUFFER) jump_flags = MOUSE_MAY_STOP_VIS; else { if ((LT_POS(curwin->w_cursor, VIsual) && (LT_POS(m_pos, curwin->w_cursor) || LT_POS(VIsual, m_pos))) || (LT_POS(VIsual, curwin->w_cursor) && (LT_POS(m_pos, VIsual) || LT_POS(curwin->w_cursor, m_pos)))) { jump_flags = MOUSE_MAY_STOP_VIS; } else if (VIsual_mode == Ctrl_V) { getvcols(curwin, &curwin->w_cursor, &VIsual, &leftcol, &rightcol); getvcol(curwin, &m_pos, NULL, &m_pos.col, NULL); if (m_pos.col < leftcol || m_pos.col > rightcol) jump_flags = MOUSE_MAY_STOP_VIS; } } } else jump_flags = MOUSE_MAY_STOP_VIS; } if (jump_flags) { jump_flags = jump_to_mouse(jump_flags, NULL, which_button); update_curbuf(VIsual_active ? UPD_INVERTED : UPD_VALID); setcursor(); out_flush(); } # ifdef FEAT_MENU show_popupmenu(); got_click = FALSE; # endif return (jump_flags & CURSOR_MOVED) != 0; #else return FALSE; #endif } if (which_button == MOUSE_LEFT && (mod_mask & (MOD_MASK_SHIFT|MOD_MASK_ALT))) { which_button = MOUSE_RIGHT; mod_mask &= ~MOD_MASK_SHIFT; } } if ((State & (MODE_NORMAL | MODE_INSERT)) && !(mod_mask & (MOD_MASK_SHIFT | MOD_MASK_CTRL))) { if (which_button == MOUSE_LEFT) { if (is_click) { if (VIsual_active) jump_flags |= MOUSE_MAY_STOP_VIS; } else if (mouse_has(MOUSE_VISUAL)) jump_flags |= MOUSE_MAY_VIS; } else if (which_button == MOUSE_RIGHT) { if (is_click && VIsual_active) { if (LT_POS(curwin->w_cursor, VIsual)) { start_visual = curwin->w_cursor; end_visual = VIsual; } else { start_visual = VIsual; end_visual = curwin->w_cursor; } } jump_flags |= MOUSE_FOCUS; if (mouse_has(MOUSE_VISUAL)) jump_flags |= MOUSE_MAY_VIS; } } if (!is_drag && oap != NULL && oap->op_type != OP_NOP) { got_click = FALSE; oap->motion_type = MCHAR; } if (!is_click && !is_drag) jump_flags |= MOUSE_RELEASED; jump_flags = jump_to_mouse(jump_flags, oap == NULL ? NULL : &(oap->inclusive), which_button); #ifdef FEAT_MENU if (jump_flags & MOUSE_WINBAR) return FALSE; #endif moved = (jump_flags & CURSOR_MOVED); in_status_line = (jump_flags & IN_STATUS_LINE); in_sep_line = (jump_flags & IN_SEP_LINE); #ifdef FEAT_NETBEANS_INTG if (isNetbeansBuffer(curbuf) && !(jump_flags & (IN_STATUS_LINE | IN_SEP_LINE))) { int key = KEY2TERMCAP1(c); if (key == (int)KE_LEFTRELEASE || key == (int)KE_MIDDLERELEASE || key == (int)KE_RIGHTRELEASE) netbeans_button_release(which_button); } #endif if (curwin != old_curwin && oap != NULL && oap->op_type != OP_NOP) clearop(oap); #ifdef FEAT_FOLDING if (mod_mask == 0 && !is_drag && (jump_flags & (MOUSE_FOLD_CLOSE | MOUSE_FOLD_OPEN)) && which_button == MOUSE_LEFT) { if (jump_flags & MOUSE_FOLD_OPEN) openFold(curwin->w_cursor.lnum, 1L); else closeFold(curwin->w_cursor.lnum, 1L); if (curwin == old_curwin) curwin->w_cursor = save_cursor; } #endif #if defined(FEAT_CLIPBOARD) && defined(FEAT_CMDWIN) if ((jump_flags & IN_OTHER_WIN) && !VIsual_active && clip_star.available) { clip_modeless(which_button, is_click, is_drag); return FALSE; } #endif if (VIsual_active && is_drag && get_scrolloff_value()) { if (mouse_row == 0) mouse_dragging = 2; else mouse_dragging = 1; } if (is_drag && mouse_row < 0 && !in_status_line) { scroll_redraw(FALSE, 1L); mouse_row = 0; } if (start_visual.lnum) { if (mod_mask & MOD_MASK_ALT) VIsual_mode = Ctrl_V; if (VIsual_mode == Ctrl_V) { getvcols(curwin, &start_visual, &end_visual, &leftcol, &rightcol); if (curwin->w_curswant > (leftcol + rightcol) / 2) end_visual.col = leftcol; else end_visual.col = rightcol; if (curwin->w_cursor.lnum >= (start_visual.lnum + end_visual.lnum) / 2) end_visual.lnum = start_visual.lnum; start_visual = curwin->w_cursor; curwin->w_cursor = end_visual; coladvance(end_visual.col); VIsual = curwin->w_cursor; curwin->w_cursor = start_visual; } else { if (LT_POS(curwin->w_cursor, start_visual)) VIsual = end_visual; else if (LT_POS(end_visual, curwin->w_cursor)) VIsual = start_visual; else { if (end_visual.lnum == start_visual.lnum) { if (curwin->w_cursor.col - start_visual.col > end_visual.col - curwin->w_cursor.col) VIsual = start_visual; else VIsual = end_visual; } else { diff = (curwin->w_cursor.lnum - start_visual.lnum) - (end_visual.lnum - curwin->w_cursor.lnum); if (diff > 0) VIsual = start_visual; else if (diff < 0) VIsual = end_visual; else { if (curwin->w_cursor.col < (start_visual.col + end_visual.col) / 2) VIsual = end_visual; else VIsual = start_visual; } } } } } else if ((State & MODE_INSERT) && VIsual_active) stuffcharReadbuff(Ctrl_O); if (which_button == MOUSE_MIDDLE) { #ifdef FEAT_CLIPBOARD if (clip_star.available && regname == 0) regname = '*'; #endif if (yank_register_mline(regname)) { if (mouse_past_bottom) dir = FORWARD; } else if (mouse_past_eol) dir = FORWARD; if (fixindent) { c1 = (dir == BACKWARD) ? '[' : ']'; c2 = 'p'; } else { c1 = (dir == FORWARD) ? 'p' : 'P'; c2 = NUL; } prep_redo(regname, count, NUL, c1, NUL, c2, NUL); if (restart_edit != 0) where_paste_started = curwin->w_cursor; do_put(regname, NULL, dir, count, fixindent | PUT_CURSEND); } #if defined(FEAT_QUICKFIX) else if (((mod_mask & MOD_MASK_CTRL) || (mod_mask & MOD_MASK_MULTI_CLICK) == MOD_MASK_2CLICK) && bt_quickfix(curbuf)) { if (curwin->w_llist_ref == NULL) do_cmdline_cmd((char_u *)"".cc""); else do_cmdline_cmd((char_u *)"".ll""); got_click = FALSE; } #endif else if ((mod_mask & MOD_MASK_CTRL) || (curbuf->b_help && (mod_mask & MOD_MASK_MULTI_CLICK) == MOD_MASK_2CLICK)) { if (State & MODE_INSERT) stuffcharReadbuff(Ctrl_O); stuffcharReadbuff(Ctrl_RSB); got_click = FALSE; } else if ((mod_mask & MOD_MASK_SHIFT)) { if ((State & MODE_INSERT) || (VIsual_active && VIsual_select)) stuffcharReadbuff(Ctrl_O); if (which_button == MOUSE_LEFT) stuffcharReadbuff('*'); else stuffcharReadbuff('#'); } else if (in_status_line) { #ifdef FEAT_MOUSESHAPE if ((is_drag || is_click) && !drag_status_line) { drag_status_line = TRUE; update_mouseshape(-1); } #endif } else if (in_sep_line) { #ifdef FEAT_MOUSESHAPE if ((is_drag || is_click) && !drag_sep_line) { drag_sep_line = TRUE; update_mouseshape(-1); } #endif } else if ((mod_mask & MOD_MASK_MULTI_CLICK) && (State & (MODE_NORMAL | MODE_INSERT)) && mouse_has(MOUSE_VISUAL)) { if (is_click || !VIsual_active) { if (VIsual_active) orig_cursor = VIsual; else { check_visual_highlight(); VIsual = curwin->w_cursor; orig_cursor = VIsual; VIsual_active = TRUE; VIsual_reselect = TRUE; may_start_select('o'); setmouse(); } if ((mod_mask & MOD_MASK_MULTI_CLICK) == MOD_MASK_2CLICK) { if (mod_mask & MOD_MASK_ALT) VIsual_mode = Ctrl_V; else VIsual_mode = 'v'; } else if ((mod_mask & MOD_MASK_MULTI_CLICK) == MOD_MASK_3CLICK) VIsual_mode = 'V'; else if ((mod_mask & MOD_MASK_MULTI_CLICK) == MOD_MASK_4CLICK) VIsual_mode = Ctrl_V; #ifdef FEAT_CLIPBOARD clip_star.vmode = NUL; #endif } if ((mod_mask & MOD_MASK_MULTI_CLICK) == MOD_MASK_2CLICK) { pos_T *pos = NULL; int gc; if (is_click) { end_visual = curwin->w_cursor; while (gc = gchar_pos(&end_visual), VIM_ISWHITE(gc)) inc(&end_visual); if (oap != NULL) oap->motion_type = MCHAR; if (oap != NULL && VIsual_mode == 'v' && !vim_iswordc(gchar_pos(&end_visual)) && EQUAL_POS(curwin->w_cursor, VIsual) && (pos = findmatch(oap, NUL)) != NULL) { curwin->w_cursor = *pos; if (oap->motion_type == MLINE) VIsual_mode = 'V'; else if (*p_sel == 'e') { if (LT_POS(curwin->w_cursor, VIsual)) ++VIsual.col; else ++curwin->w_cursor.col; } } } if (pos == NULL && (is_click || is_drag)) { if (LT_POS(curwin->w_cursor, orig_cursor)) { find_start_of_word(&curwin->w_cursor); find_end_of_word(&VIsual); } else { find_start_of_word(&VIsual); if (*p_sel == 'e' && *ml_get_cursor() != NUL) curwin->w_cursor.col += (*mb_ptr2len)(ml_get_cursor()); find_end_of_word(&curwin->w_cursor); } } curwin->w_set_curswant = TRUE; } if (is_click) redraw_curbuf_later(UPD_INVERTED); } else if (VIsual_active && !old_active) { if (mod_mask & MOD_MASK_ALT) VIsual_mode = Ctrl_V; else VIsual_mode = 'v'; } if ((!VIsual_active && old_active && mode_displayed) || (VIsual_active && p_smd && msg_silent == 0 && (!old_active || VIsual_mode != old_mode))) redraw_cmdline = TRUE; return moved; }",visit repo url,src/mouse.c,https://github.com/vim/vim,68621709236844,1 5291,['CWE-119'],"static void tun_net_mclist(struct net_device *dev) { return; }",linux-2.6,,,201607140998089192827788779160310353230,0 4383,CWE-125,"static void iwjpeg_scan_exif_ifd(struct iwjpegrcontext *rctx, struct iw_exif_state *e, iw_uint32 ifd) { unsigned int tag_count; unsigned int i; unsigned int tag_pos; unsigned int tag_id; unsigned int v; double v_dbl; if(ifd<8 || ifd>e->d_len-18) return; tag_count = iw_get_ui16_e(&e->d[ifd],e->endian); if(tag_count>1000) return; for(i=0;i e->d_len) return; tag_id = iw_get_ui16_e(&e->d[tag_pos],e->endian); switch(tag_id) { case 274: if(get_exif_tag_int_value(e,tag_pos,&v)) { rctx->exif_orientation = v; } break; case 296: if(get_exif_tag_int_value(e,tag_pos,&v)) { rctx->exif_density_unit = v; } break; case 282: if(get_exif_tag_dbl_value(e,tag_pos,&v_dbl)) { rctx->exif_density_x = v_dbl; } break; case 283: if(get_exif_tag_dbl_value(e,tag_pos,&v_dbl)) { rctx->exif_density_y = v_dbl; } break; } } }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,254890664792750,1 5877,CWE-120,"PJ_DEF(void) pj_scan_get( pj_scanner *scanner, const pj_cis_t *spec, pj_str_t *out) { register char *s = scanner->curptr; pj_assert(pj_cis_match(spec,0)==0); if (!pj_cis_match(spec, *s)) { pj_scan_syntax_err(scanner); return; } do { ++s; } while (pj_cis_match(spec, *s)); pj_strset3(out, scanner->curptr, s); scanner->curptr = s; if (PJ_SCAN_IS_PROBABLY_SPACE(*s) && scanner->skip_ws) { pj_scan_skip_whitespace(scanner); } }",visit repo url,pjlib-util/src/pjlib-util/scanner.c,https://github.com/pjsip/pjproject,180293305562704,1 2049,['CWE-269'],"static struct vfsmount *clone_mnt(struct vfsmount *old, struct dentry *root, int flag) { struct super_block *sb = old->mnt_sb; struct vfsmount *mnt = alloc_vfsmnt(old->mnt_devname); if (mnt) { mnt->mnt_flags = old->mnt_flags; atomic_inc(&sb->s_active); mnt->mnt_sb = sb; mnt->mnt_root = dget(root); mnt->mnt_mountpoint = mnt->mnt_root; mnt->mnt_parent = mnt; if (flag & CL_SLAVE) { list_add(&mnt->mnt_slave, &old->mnt_slave_list); mnt->mnt_master = old; CLEAR_MNT_SHARED(mnt); } else { if ((flag & CL_PROPAGATION) || IS_MNT_SHARED(old)) list_add(&mnt->mnt_share, &old->mnt_share); if (IS_MNT_SLAVE(old)) list_add(&mnt->mnt_slave, &old->mnt_slave); mnt->mnt_master = old->mnt_master; } if (flag & CL_MAKE_SHARED) set_mnt_shared(mnt); if (flag & CL_EXPIRE) { spin_lock(&vfsmount_lock); if (!list_empty(&old->mnt_expire)) list_add(&mnt->mnt_expire, &old->mnt_expire); spin_unlock(&vfsmount_lock); } } return mnt; }",linux-2.6,,,97390378940831886110489146808894933621,0 3650,['CWE-287'],"void sctp_assoc_del_peer(struct sctp_association *asoc, const union sctp_addr *addr) { struct list_head *pos; struct list_head *temp; struct sctp_transport *transport; list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { transport = list_entry(pos, struct sctp_transport, transports); if (sctp_cmp_addr_exact(addr, &transport->ipaddr)) { sctp_assoc_rm_peer(asoc, transport); break; } } }",linux-2.6,,,272704959219008343647987516823125839689,0 2866,CWE-119,"tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ tsize_t written=0; unsigned char* buffer=NULL; unsigned char* samplebuffer=NULL; tsize_t bufferoffset=0; tsize_t samplebufferoffset=0; tsize_t read=0; tstrip_t i=0; tstrip_t j=0; tstrip_t stripcount=0; tsize_t stripsize=0; tsize_t sepstripcount=0; tsize_t sepstripsize=0; #ifdef OJPEG_SUPPORT toff_t inputoffset=0; uint16 h_samp=1; uint16 v_samp=1; uint16 ri=1; uint32 rows=0; #endif #ifdef JPEG_SUPPORT unsigned char* jpt; float* xfloatp; uint64* sbc; unsigned char* stripbuffer; tsize_t striplength=0; uint32 max_striplength=0; #endif if (t2p->t2p_error != T2P_ERR_OK) return(0); if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){ #ifdef CCITT_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_G4){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if (buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for "" ""t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB){ TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef ZIP_SUPPORT if (t2p->pdf_compression == T2P_COMPRESS_ZIP) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB) { TIFFReverseBits(buffer, t2p->tiff_datasize); } t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } #endif #ifdef OJPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_OJPEG) { if(t2p->tiff_dataoffset != 0) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer == NULL) { TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if(t2p->pdf_ojpegiflength==0){ inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); t2pReadFile(input, (tdata_t) buffer, t2p->tiff_datasize); t2pSeekFile(input, inputoffset, SEEK_SET); t2pWriteFile(output, (tdata_t) buffer, t2p->tiff_datasize); _TIFFfree(buffer); return(t2p->tiff_datasize); } else { inputoffset=t2pSeekFile(input, 0, SEEK_CUR); t2pSeekFile(input, t2p->tiff_dataoffset, SEEK_SET); bufferoffset = t2pReadFile(input, (tdata_t) buffer, t2p->pdf_ojpegiflength); t2p->pdf_ojpegiflength = 0; t2pSeekFile(input, inputoffset, SEEK_SET); TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &h_samp, &v_samp); buffer[bufferoffset++]= 0xff; buffer[bufferoffset++]= 0xdd; buffer[bufferoffset++]= 0x00; buffer[bufferoffset++]= 0x04; h_samp*=8; v_samp*=8; ri=(t2p->tiff_width+h_samp-1) / h_samp; TIFFGetField(input, TIFFTAG_ROWSPERSTRIP, &rows); ri*=(rows+v_samp-1)/v_samp; buffer[bufferoffset++]= (ri>>8) & 0xff; buffer[bufferoffset++]= ri & 0xff; stripcount=TIFFNumberOfStrips(input); for(i=0;ipdf_ojpegdata){ TIFFError(TIFF2PDF_MODULE, ""No support for OJPEG image %s with bad tables"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); _TIFFmemcpy(buffer, t2p->pdf_ojpegdata, t2p->pdf_ojpegdatalength); bufferoffset=t2p->pdf_ojpegdatalength; stripcount=TIFFNumberOfStrips(input); for(i=0;it2p_error = T2P_ERR_ERROR; return(0); #endif } } #endif #ifdef JPEG_SUPPORT if(t2p->tiff_compression == COMPRESSION_JPEG) { uint32 count = 0; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); if (TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { if(count > 4) { _TIFFmemcpy(buffer, jpt, count); bufferoffset += count - 2; } } stripcount=TIFFNumberOfStrips(input); TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc); for(i=0;imax_striplength) max_striplength=sbc[i]; } stripbuffer = (unsigned char*) _TIFFmalloc(max_striplength); if(stripbuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s"", max_striplength, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } for(i=0;itiff_length)){ TIFFError(TIFF2PDF_MODULE, ""Can't process JPEG data in input file %s"", TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } } buffer[bufferoffset++]=0xff; buffer[bufferoffset++]=0xd9; t2pWriteFile(output, (tdata_t) buffer, bufferoffset); _TIFFfree(stripbuffer); _TIFFfree(buffer); return(bufferoffset); } #endif (void)0; } if(t2p->pdf_sample==T2P_SAMPLE_NOTHING){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } } else { if(t2p->pdf_sample & T2P_SAMPLE_PLANAR_SEPARATE_TO_CONTIG){ sepstripsize=TIFFStripSize(input); sepstripcount=TIFFNumberOfStrips(input); stripsize=sepstripsize*t2p->tiff_samplesperpixel; stripcount=sepstripcount/t2p->tiff_samplesperpixel; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); samplebuffer = (unsigned char*) _TIFFmalloc(stripsize); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } for(i=0;itiff_samplesperpixel;j++){ read = TIFFReadEncodedStrip(input, i + j*stripcount, (tdata_t) &(samplebuffer[samplebufferoffset]), TIFFmin(sepstripsize, stripsize - samplebufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i + j*stripcount, TIFFFileName(input)); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } samplebufferoffset+=read; } t2p_sample_planar_separate_to_contig( t2p, &(buffer[bufferoffset]), samplebuffer, samplebufferoffset); bufferoffset+=samplebufferoffset; } _TIFFfree(samplebuffer); goto dataready; } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;itiff_datasize - bufferoffset)); if(read==-1){ TIFFError(TIFF2PDF_MODULE, ""Error on decoding strip %u of %s"", i, TIFFFileName(input)); _TIFFfree(samplebuffer); _TIFFfree(buffer); t2p->t2p_error=T2P_ERR_ERROR; return(0); } bufferoffset+=read; } if(t2p->pdf_sample & T2P_SAMPLE_REALIZE_PALETTE){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t) buffer, t2p->tiff_datasize * t2p->tiff_samplesperpixel); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; t2p->tiff_datasize *= t2p->tiff_samplesperpixel; } t2p_sample_realize_palette(t2p, buffer); } if(t2p->pdf_sample & T2P_SAMPLE_RGBA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgba_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_RGBAA_TO_RGB){ t2p->tiff_datasize=t2p_sample_rgbaa_to_rgb( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_YCBCR_TO_RGB){ samplebuffer=(unsigned char*)_TIFFrealloc( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length*4); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, ""Can't allocate %lu bytes of memory for t2p_readwrite_pdf_image, %s"", (unsigned long) t2p->tiff_datasize, TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; _TIFFfree(buffer); return(0); } else { buffer=samplebuffer; } if(!TIFFReadRGBAImageOriented( input, t2p->tiff_width, t2p->tiff_length, (uint32*)buffer, ORIENTATION_TOPLEFT, 0)){ TIFFError(TIFF2PDF_MODULE, ""Can't use TIFFReadRGBAImageOriented to extract RGB image from %s"", TIFFFileName(input)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } t2p->tiff_datasize=t2p_sample_abgr_to_rgb( (tdata_t) buffer, t2p->tiff_width*t2p->tiff_length); } if(t2p->pdf_sample & T2P_SAMPLE_LAB_SIGNED_TO_UNSIGNED){ t2p->tiff_datasize=t2p_sample_lab_signed_to_unsigned( (tdata_t)buffer, t2p->tiff_width*t2p->tiff_length); } } dataready: t2p_disable(output); TIFFSetField(output, TIFFTAG_PHOTOMETRIC, t2p->tiff_photometric); TIFFSetField(output, TIFFTAG_BITSPERSAMPLE, t2p->tiff_bitspersample); TIFFSetField(output, TIFFTAG_SAMPLESPERPIXEL, t2p->tiff_samplesperpixel); TIFFSetField(output, TIFFTAG_IMAGEWIDTH, t2p->tiff_width); TIFFSetField(output, TIFFTAG_IMAGELENGTH, t2p->tiff_length); TIFFSetField(output, TIFFTAG_ROWSPERSTRIP, t2p->tiff_length); TIFFSetField(output, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); TIFFSetField(output, TIFFTAG_FILLORDER, FILLORDER_MSB2LSB); switch(t2p->pdf_compression){ case T2P_COMPRESS_NONE: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_NONE); break; #ifdef CCITT_SUPPORT case T2P_COMPRESS_G4: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_CCITTFAX4); break; #endif #ifdef JPEG_SUPPORT case T2P_COMPRESS_JPEG: if(t2p->tiff_photometric==PHOTOMETRIC_YCBCR) { uint16 hor = 0, ver = 0; if (TIFFGetField(input, TIFFTAG_YCBCRSUBSAMPLING, &hor, &ver) !=0 ) { if(hor != 0 && ver != 0){ TIFFSetField(output, TIFFTAG_YCBCRSUBSAMPLING, hor, ver); } } if(TIFFGetField(input, TIFFTAG_REFERENCEBLACKWHITE, &xfloatp)!=0){ TIFFSetField(output, TIFFTAG_REFERENCEBLACKWHITE, xfloatp); } } if(TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_JPEG)==0){ TIFFError(TIFF2PDF_MODULE, ""Unable to use JPEG compression for input %s and output %s"", TIFFFileName(input), TIFFFileName(output)); _TIFFfree(buffer); t2p->t2p_error = T2P_ERR_ERROR; return(0); } TIFFSetField(output, TIFFTAG_JPEGTABLESMODE, 0); if(t2p->pdf_colorspace & (T2P_CS_RGB | T2P_CS_LAB)){ TIFFSetField(output, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_YCBCR); if(t2p->tiff_photometric != PHOTOMETRIC_YCBCR){ TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else { TIFFSetField(output, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RAW); } } if(t2p->pdf_colorspace & T2P_CS_GRAY){ (void)0; } if(t2p->pdf_colorspace & T2P_CS_CMYK){ (void)0; } if(t2p->pdf_defaultcompressionquality != 0){ TIFFSetField(output, TIFFTAG_JPEGQUALITY, t2p->pdf_defaultcompressionquality); } break; #endif #ifdef ZIP_SUPPORT case T2P_COMPRESS_ZIP: TIFFSetField(output, TIFFTAG_COMPRESSION, COMPRESSION_DEFLATE); if(t2p->pdf_defaultcompressionquality%100 != 0){ TIFFSetField(output, TIFFTAG_PREDICTOR, t2p->pdf_defaultcompressionquality % 100); } if(t2p->pdf_defaultcompressionquality/100 != 0){ TIFFSetField(output, TIFFTAG_ZIPQUALITY, (t2p->pdf_defaultcompressionquality / 100)); } break; #endif default: break; } t2p_enable(output); t2p->outputwritten = 0; #ifdef JPEG_SUPPORT if(t2p->pdf_compression == T2P_COMPRESS_JPEG && t2p->tiff_photometric == PHOTOMETRIC_YCBCR){ bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, stripsize * stripcount); } else #endif { bufferoffset = TIFFWriteEncodedStrip(output, (tstrip_t)0, buffer, t2p->tiff_datasize); } if (buffer != NULL) { _TIFFfree(buffer); buffer=NULL; } if (bufferoffset == (tsize_t)-1) { TIFFError(TIFF2PDF_MODULE, ""Error writing encoded strip to output PDF %s"", TIFFFileName(output)); t2p->t2p_error = T2P_ERR_ERROR; return(0); } written = t2p->outputwritten; return(written); }",visit repo url,tools/tiff2pdf.c,https://github.com/vadz/libtiff,108893693056642,1 435,CWE-119,"void uwbd_stop(struct uwb_rc *rc) { kthread_stop(rc->uwbd.task); uwbd_flush(rc); }",visit repo url,drivers/uwb/uwbd.c,https://github.com/torvalds/linux,170573315452824,1 4918,CWE-59,"pidfile_write(const char *pid_file, int pid) { FILE *pidfile = NULL; int pidfd = creat(pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (pidfd != -1) pidfile = fdopen(pidfd, ""w""); if (!pidfile) { log_message(LOG_INFO, ""pidfile_write : Cannot open %s pidfile"", pid_file); return 0; } fprintf(pidfile, ""%d\n"", pid); fclose(pidfile); return 1; }",visit repo url,keepalived/core/pidfile.c,https://github.com/acassen/keepalived,90055102595522,1 3546,['CWE-20'],"sctp_disposition_t sctp_sf_cookie_echoed_err(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; sctp_errhdr_t *err; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_operr_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); sctp_walk_errors(err, chunk->chunk_hdr) { if (SCTP_ERROR_STALE_COOKIE == err->cause) return sctp_sf_do_5_2_6_stale(ep, asoc, type, arg, commands); } return sctp_sf_pdiscard(ep, asoc, type, arg, commands); }",linux-2.6,,,100516642136689598975670207531530324595,0 4290,['CWE-264'],"static void copy_flags(unsigned long clone_flags, struct task_struct *p) { unsigned long new_flags = p->flags; new_flags &= ~PF_SUPERPRIV; new_flags |= PF_FORKNOEXEC; new_flags |= PF_STARTING; p->flags = new_flags; clear_freeze_flag(p); }",linux-2.6,,,50605479015865386713045481149753047506,0 2779,CWE-125,"int ntlm_read_message_header(wStream* s, NTLM_MESSAGE_HEADER* header) { if (Stream_GetRemainingLength(s) < 12) return -1; Stream_Read(s, header->Signature, 8); Stream_Read_UINT32(s, header->MessageType); if (strncmp((char*) header->Signature, NTLM_SIGNATURE, 8) != 0) return -1; return 1; }",visit repo url,winpr/libwinpr/sspi/NTLM/ntlm_message.c,https://github.com/FreeRDP/FreeRDP,198559489665475,1 4626,['CWE-399'],"static int ext4_bh_unmapped_or_delay(handle_t *handle, struct buffer_head *bh) { return ((!buffer_mapped(bh) || buffer_delay(bh)) && buffer_dirty(bh)); }",linux-2.6,,,114155068154320455844132383690753936311,0 2247,['CWE-193'],"generic_file_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos) { struct file *filp = iocb->ki_filp; ssize_t retval; unsigned long seg; size_t count; loff_t *ppos = &iocb->ki_pos; count = 0; retval = generic_segment_checks(iov, &nr_segs, &count, VERIFY_WRITE); if (retval) return retval; if (filp->f_flags & O_DIRECT) { loff_t size; struct address_space *mapping; struct inode *inode; mapping = filp->f_mapping; inode = mapping->host; if (!count) goto out; size = i_size_read(inode); if (pos < size) { retval = filemap_write_and_wait(mapping); if (!retval) { retval = mapping->a_ops->direct_IO(READ, iocb, iov, pos, nr_segs); } if (retval > 0) *ppos = pos + retval; if (retval) { file_accessed(filp); goto out; } } } for (seg = 0; seg < nr_segs; seg++) { read_descriptor_t desc; desc.written = 0; desc.arg.buf = iov[seg].iov_base; desc.count = iov[seg].iov_len; if (desc.count == 0) continue; desc.error = 0; do_generic_file_read(filp, ppos, &desc, file_read_actor); retval += desc.written; if (desc.error) { retval = retval ?: desc.error; break; } if (desc.count > 0) break; } out: return retval; }",linux-2.6,,,271077870966556376326454499344371373259,0 5090,['CWE-20'],"static void ept_update_paging_mode_cr4(unsigned long *hw_cr4, struct kvm_vcpu *vcpu) { if (!is_paging(vcpu)) { *hw_cr4 &= ~X86_CR4_PAE; *hw_cr4 |= X86_CR4_PSE; } else if (!(vcpu->arch.cr4 & X86_CR4_PAE)) *hw_cr4 &= ~X86_CR4_PAE; }",linux-2.6,,,321892623608667241419749634724399065677,0 617,CWE-17,"void put_filp(struct file *file) { if (atomic_long_dec_and_test(&file->f_count)) { security_file_free(file); file_sb_list_del(file); file_free(file); } }",visit repo url,fs/file_table.c,https://github.com/torvalds/linux,85441403384531,1 4780,CWE-415,"static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) { muscle_private_t* priv = MUSCLE_DATA(card); mscfs_t *fs = priv->fs; int x; int count = 0; mscfs_check_cache(priv->fs); for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ""FILE: %02X%02X%02X%02X\n"", oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; if(buf[0] == 0x00 && buf[1] == 0x00) continue; buf += 2; count+=2; } } return count; }",visit repo url,src/libopensc/card-muscle.c,https://github.com/OpenSC/OpenSC,15195210024435,1 4469,CWE-476,"jinit_merged_upsampler(j_decompress_ptr cinfo) { my_upsample_ptr upsample; upsample = (my_upsample_ptr) (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, sizeof(my_upsampler)); cinfo->upsample = (struct jpeg_upsampler *)upsample; upsample->pub.start_pass = start_pass_merged_upsample; upsample->pub.need_context_rows = FALSE; upsample->out_row_width = cinfo->output_width * cinfo->out_color_components; if (cinfo->max_v_samp_factor == 2) { upsample->pub.upsample = merged_2v_upsample; if (jsimd_can_h2v2_merged_upsample()) upsample->upmethod = jsimd_h2v2_merged_upsample; else upsample->upmethod = h2v2_merged_upsample; if (cinfo->out_color_space == JCS_RGB565) { if (cinfo->dither_mode != JDITHER_NONE) { upsample->upmethod = h2v2_merged_upsample_565D; } else { upsample->upmethod = h2v2_merged_upsample_565; } } upsample->spare_row = (JSAMPROW) (*cinfo->mem->alloc_large) ((j_common_ptr)cinfo, JPOOL_IMAGE, (size_t)(upsample->out_row_width * sizeof(JSAMPLE))); } else { upsample->pub.upsample = merged_1v_upsample; if (jsimd_can_h2v1_merged_upsample()) upsample->upmethod = jsimd_h2v1_merged_upsample; else upsample->upmethod = h2v1_merged_upsample; if (cinfo->out_color_space == JCS_RGB565) { if (cinfo->dither_mode != JDITHER_NONE) { upsample->upmethod = h2v1_merged_upsample_565D; } else { upsample->upmethod = h2v1_merged_upsample_565; } } upsample->spare_row = NULL; } build_ycc_rgb_table(cinfo); }",visit repo url,jdmerge.c,https://github.com/libjpeg-turbo/libjpeg-turbo,63770969123372,1 2579,CWE-269,"uint32_t virtio_config_readb(VirtIODevice *vdev, uint32_t addr) { VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); uint8_t val; k->get_config(vdev, vdev->config); if (addr > (vdev->config_len - sizeof(val))) return (uint32_t)-1; val = ldub_p(vdev->config + addr); return val; }",visit repo url,hw/virtio/virtio.c,https://github.com/qemu/qemu,196338482293161,1 4180,CWE-476,"open_ssl_connection (rfbClient *client, int sockfd, rfbBool anonTLS, rfbCredential *cred) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; int n, finished = 0; X509_VERIFY_PARAM *param; uint8_t verify_crls = cred->x509Credential.x509CrlVerifyMode; if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method()))) { rfbClientLog(""Could not create new SSL context.\n""); return NULL; } param = X509_VERIFY_PARAM_new(); if (!anonTLS) { if (cred->x509Credential.x509CACertFile) { if (!SSL_CTX_load_verify_locations(ssl_ctx, cred->x509Credential.x509CACertFile, NULL)) { rfbClientLog(""Failed to load CA certificate from %s.\n"", cred->x509Credential.x509CACertFile); goto error_free_ctx; } } else { rfbClientLog(""Using default paths for certificate verification.\n""); SSL_CTX_set_default_verify_paths (ssl_ctx); } if (cred->x509Credential.x509CACrlFile) { if (!load_crls_from_file(cred->x509Credential.x509CACrlFile, ssl_ctx)) { rfbClientLog(""CRLs could not be loaded.\n""); goto error_free_ctx; } if (verify_crls == rfbX509CrlVerifyNone) verify_crls = rfbX509CrlVerifyAll; } if (cred->x509Credential.x509ClientCertFile && cred->x509Credential.x509ClientKeyFile) { if (SSL_CTX_use_certificate_chain_file(ssl_ctx, cred->x509Credential.x509ClientCertFile) != 1) { rfbClientLog(""Client certificate could not be loaded.\n""); goto error_free_ctx; } if (SSL_CTX_use_PrivateKey_file(ssl_ctx, cred->x509Credential.x509ClientKeyFile, SSL_FILETYPE_PEM) != 1) { rfbClientLog(""Client private key could not be loaded.\n""); goto error_free_ctx; } if (SSL_CTX_check_private_key(ssl_ctx) == 0) { rfbClientLog(""Client certificate and private key do not match.\n""); goto error_free_ctx; } } SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); if (verify_crls == rfbX509CrlVerifyClient) X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); else if (verify_crls == rfbX509CrlVerifyAll) X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); if(!X509_VERIFY_PARAM_set1_host(param, client->serverHost, strlen(client->serverHost))) { rfbClientLog(""Could not set server name for verification.\n""); goto error_free_ctx; } SSL_CTX_set1_param(ssl_ctx, param); } if (!(ssl = SSL_new (ssl_ctx))) { rfbClientLog(""Could not create a new SSL session.\n""); goto error_free_ctx; } SSL_set_cipher_list(ssl, ""ALL""); SSL_set_fd (ssl, sockfd); SSL_CTX_set_app_data (ssl_ctx, client); do { n = SSL_connect(ssl); if (n != 1) { if (wait_for_data(ssl, n, 1) != 1) { finished = 1; SSL_shutdown(ssl); goto error_free_ssl; } } } while( n != 1 && finished != 1 ); X509_VERIFY_PARAM_free(param); return ssl; error_free_ssl: SSL_free(ssl); error_free_ctx: X509_VERIFY_PARAM_free(param); SSL_CTX_free(ssl_ctx); return NULL; }",visit repo url,libvncclient/tls_openssl.c,https://github.com/LibVNC/libvncserver,45771796223805,1 3614,CWE-415,"compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) { if (!(ssh->compat & SSH_BUG_BIGENDIANAES)) return cipher_prop; debug2_f(""original cipher proposal: %s"", cipher_prop); if ((cipher_prop = match_filter_denylist(cipher_prop, ""aes*"")) == NULL) fatal(""match_filter_denylist failed""); debug2_f(""compat cipher proposal: %s"", cipher_prop); if (*cipher_prop == '\0') fatal(""No supported ciphers found""); return cipher_prop; }",visit repo url,compat.c,https://github.com/openssh/openssh-portable,55153011093851,1 3711,[],"static int unix_create(struct net *net, struct socket *sock, int protocol) { if (protocol && protocol != PF_UNIX) return -EPROTONOSUPPORT; sock->state = SS_UNCONNECTED; switch (sock->type) { case SOCK_STREAM: sock->ops = &unix_stream_ops; break; case SOCK_RAW: sock->type=SOCK_DGRAM; case SOCK_DGRAM: sock->ops = &unix_dgram_ops; break; case SOCK_SEQPACKET: sock->ops = &unix_seqpacket_ops; break; default: return -ESOCKTNOSUPPORT; } return unix_create1(net, sock) ? 0 : -ENOMEM; }",linux-2.6,,,137875609711229409274143489600605465408,0 6610,['CWE-200'],"nma_edit_connections_cb (GtkMenuItem *mi, NMApplet *applet) { char *argv[2]; GError *error = NULL; gboolean success; argv[0] = BINDIR ""/nm-connection-editor""; argv[1] = NULL; success = g_spawn_async (""/"", argv, NULL, 0, &ce_child_setup, NULL, NULL, &error); if (!success) { g_warning (""Error launching connection editor: %s"", error->message); g_error_free (error); } }",network-manager-applet,,,261856703647756563392347917704548921132,0 6279,['CWE-200'],"static void psched_tick(unsigned long dummy) { if (sizeof(cycles_t) == sizeof(u32)) { psched_time_t dummy_stamp; PSCHED_GET_TIME(dummy_stamp); psched_timer.expires = jiffies + 1*HZ; add_timer(&psched_timer); } }",linux-2.6,,,193705911324185563018937676710956592277,0 411,[],"pfm_copy_pmds(struct task_struct *task, pfm_context_t *ctx) { unsigned long ovfl_val = pmu_conf->ovfl_val; unsigned long mask = ctx->ctx_all_pmds[0]; unsigned long val; int i; DPRINT((""mask=0x%lx\n"", mask)); for (i=0; mask; i++, mask>>=1) { val = ctx->ctx_pmds[i].val; if (PMD_IS_COUNTING(i)) { ctx->ctx_pmds[i].val = val & ~ovfl_val; val &= ovfl_val; } ctx->th_pmds[i] = val; DPRINT((""pmd[%d]=0x%lx soft_val=0x%lx\n"", i, ctx->th_pmds[i], ctx->ctx_pmds[i].val)); } }",linux-2.6,,,290056132696560761913792427813851671986,0 6560,['CWE-200'],"applet_common_device_state_changed (NMDevice *device, NMDeviceState new_state, NMDeviceState old_state, NMDeviceStateReason reason, NMApplet *applet) { gboolean device_activating = FALSE, vpn_activating = FALSE; NMConnection *connection; NMActiveConnection *active = NULL; device_activating = applet_is_any_device_activating (applet); vpn_activating = applet_is_any_vpn_activating (applet); switch (new_state) { case NM_DEVICE_STATE_PREPARE: case NM_DEVICE_STATE_CONFIG: case NM_DEVICE_STATE_NEED_AUTH: case NM_DEVICE_STATE_IP_CONFIG: device_activating = TRUE; break; case NM_DEVICE_STATE_ACTIVATED: connection = applet_find_active_connection_for_device (device, applet, &active); if (connection && (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_USER)) update_connection_timestamp (active, connection, applet); break; default: break; } if (device_activating || vpn_activating) start_animation_timeout (applet); else clear_animation_timeout (applet); }",network-manager-applet,,,85619514910608494640757525694249327922,0 4242,CWE-78,"static char *r_socket_http_answer (RSocket *s, int *code, int *rlen) { r_return_val_if_fail (s, NULL); const char *p; int ret, len = 0, bufsz = 32768, delta = 0; char *dn, *buf = calloc (1, bufsz + 32); if (!buf) { return NULL; } char *res = NULL; int olen = __socket_slurp (s, (ut8*)buf, bufsz); if ((dn = (char*)r_str_casestr (buf, ""\n\n""))) { delta += 2; } else if ((dn = (char*)r_str_casestr (buf, ""\r\n\r\n""))) { delta += 4; } else { goto fail; } olen -= delta; *dn = 0; p = r_str_casestr (buf, ""Content-Length: ""); if (p) { len = atoi (p + 16); } else { len = olen - (dn - buf); } if (len > 0) { if (len > olen) { res = malloc (len + 2); memcpy (res, dn + delta, olen); do { ret = r_socket_read_block (s, (ut8*) res + olen, len - olen); if (ret < 1) { break; } olen += ret; } while (olen < len); res[len] = 0; } else { res = malloc (len + 1); if (res) { memcpy (res, dn + delta, len); res[len] = 0; } } } else { res = NULL; } fail: free (buf); r_socket_close (s); if (rlen) { *rlen = len; } return res; }",visit repo url,libr/socket/socket_http.c,https://github.com/radareorg/radare2,114372634816292,1 2074,CWE-362,"static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr) { int err = simple_setattr(dentry, iattr); if (!err && (iattr->ia_valid & ATTR_UID)) { struct socket *sock = SOCKET_I(d_inode(dentry)); sock->sk->sk_uid = iattr->ia_uid; } return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,203106933944764,1 6622,['CWE-200'],"applet_get_first_active_vpn_connection (NMApplet *applet, NMVPNConnectionState *out_state) { const GPtrArray *active_list; int i; active_list = nm_client_get_active_connections (applet->nm_client); for (i = 0; active_list && (i < active_list->len); i++) { NMActiveConnection *candidate; NMConnection *connection; NMSettingConnection *s_con; candidate = g_ptr_array_index (active_list, i); connection = applet_get_connection_for_active (applet, candidate); if (!connection) continue; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); g_assert (s_con); if (!strcmp (nm_setting_connection_get_connection_type (s_con), NM_SETTING_VPN_SETTING_NAME)) { if (out_state) *out_state = nm_vpn_connection_get_vpn_state (NM_VPN_CONNECTION (candidate)); return candidate; } } return NULL; }",network-manager-applet,,,160570388881933683449307866214284177506,0 1154,CWE-264,"SYSCALL_DEFINE5(osf_getsysinfo, unsigned long, op, void __user *, buffer, unsigned long, nbytes, int __user *, start, void __user *, arg) { unsigned long w; struct percpu_struct *cpu; switch (op) { case GSI_IEEE_FP_CONTROL: w = current_thread_info()->ieee_state & IEEE_SW_MASK; w = swcr_update_status(w, rdfpcr()); if (put_user(w, (unsigned long __user *) buffer)) return -EFAULT; return 0; case GSI_IEEE_STATE_AT_SIGNAL: break; case GSI_UACPROC: if (nbytes < sizeof(unsigned int)) return -EINVAL; w = (current_thread_info()->flags >> UAC_SHIFT) & UAC_BITMASK; if (put_user(w, (unsigned int __user *)buffer)) return -EFAULT; return 1; case GSI_PROC_TYPE: if (nbytes < sizeof(unsigned long)) return -EINVAL; cpu = (struct percpu_struct*) ((char*)hwrpb + hwrpb->processor_offset); w = cpu->type; if (put_user(w, (unsigned long __user*)buffer)) return -EFAULT; return 1; case GSI_GET_HWRPB: if (nbytes < sizeof(*hwrpb)) return -EINVAL; if (copy_to_user(buffer, hwrpb, nbytes) != 0) return -EFAULT; return 1; default: break; } return -EOPNOTSUPP; }",visit repo url,arch/alpha/kernel/osf_sys.c,https://github.com/torvalds/linux,160474443922201,1 2379,['CWE-119'],"void diff_tree_setup_paths(const char **p, struct diff_options *opt) { opt->nr_paths = 0; opt->pathlens = NULL; opt->paths = NULL; if (p) { int i; opt->paths = p; opt->nr_paths = count_paths(p); if (opt->nr_paths == 0) { opt->pathlens = NULL; return; } opt->pathlens = xmalloc(opt->nr_paths * sizeof(int)); for (i=0; i < opt->nr_paths; i++) opt->pathlens[i] = strlen(p[i]); } }",git,,,130187662563375169613893510416128764730,0 6488,CWE-787,"int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) { if (!message) { LOG_ERROR(""Null message in AES_encrypt""); return -1; } if (!encr_message) { LOG_ERROR(""Null encr message in AES_encrypt""); return -2; } if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) { LOG_ERROR(""length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE""); return -1; } uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE; if (msgLen < len) { LOG_ERROR(""Output buffer not large enough""); return -2; } sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, (unsigned char*) message, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, (sgx_aes_gcm_128bit_tag_t *)encr_message); return status; }",visit repo url,secure_enclave/AESUtils.c,https://github.com/skalenetwork/sgxwallet,186680241086039,1 781,['CWE-119'],"isdn_net_swapbind(int drvidx) { isdn_net_dev *p; #ifdef ISDN_DEBUG_NET_ICALL printk(KERN_DEBUG ""n_fi: swapping ch of %d\n"", drvidx); #endif p = dev->netdev; while (p) { if (p->local->pre_device == drvidx) switch (p->local->pre_channel) { case 0: p->local->pre_channel = 1; break; case 1: p->local->pre_channel = 0; break; } p = (isdn_net_dev *) p->next; } }",linux-2.6,,,209091125486578844708788041393780271437,0 3999,CWE-190,"void * CAPSTONE_API cs_winkernel_malloc(size_t size) { NT_ASSERT(size); #pragma prefast(suppress : 30030) CS_WINKERNEL_MEMBLOCK *block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag( NonPagedPool, size + sizeof(CS_WINKERNEL_MEMBLOCK), CS_WINKERNEL_POOL_TAG); if (!block) { return NULL; } block->size = size; return block->data; }",visit repo url,windows/winkernel_mm.c,https://github.com/aquynh/capstone,75999788072946,1 3003,CWE-399,"dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, size_t size, off_t fsize, int *flags, int sh_num) { Elf32_Phdr ph32; Elf64_Phdr ph64; const char *linking_style = ""statically""; const char *interp = """"; unsigned char nbuf[BUFSIZ]; char ibuf[BUFSIZ]; ssize_t bufsize; size_t offset, align, len; if (size != xph_sizeof) { if (file_printf(ms, "", corrupted program header size"") == -1) return -1; return 0; } for ( ; num; num--) { if (pread(fd, xph_addr, xph_sizeof, off) < (ssize_t)xph_sizeof) { file_badread(ms); return -1; } off += size; bufsize = 0; align = 4; switch (xph_type) { case PT_DYNAMIC: linking_style = ""dynamically""; break; case PT_NOTE: if (sh_num) continue; if (((align = xph_align) & 0x80000000UL) != 0 || align < 4) { if (file_printf(ms, "", invalid note alignment 0x%lx"", (unsigned long)align) == -1) return -1; align = 4; } case PT_INTERP: len = xph_filesz < sizeof(nbuf) ? xph_filesz : sizeof(nbuf); bufsize = pread(fd, nbuf, len, xph_offset); if (bufsize == -1) { file_badread(ms); return -1; } break; default: if (fsize != SIZE_UNKNOWN && xph_offset > fsize) { continue; } break; } switch (xph_type) { case PT_INTERP: if (bufsize && nbuf[0]) { nbuf[bufsize - 1] = '\0'; interp = (const char *)nbuf; } else interp = ""*empty*""; break; case PT_NOTE: offset = 0; for (;;) { if (offset >= (size_t)bufsize) break; offset = donote(ms, nbuf, offset, (size_t)bufsize, clazz, swap, align, flags); if (offset == 0) break; } break; default: break; } } if (file_printf(ms, "", %s linked"", linking_style) == -1) return -1; if (interp[0]) if (file_printf(ms, "", interpreter %s"", file_printable(ibuf, sizeof(ibuf), interp)) == -1) return -1; return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,48596913781822,1 5922,CWE-120,"static Jsi_RC DebugRemoveCmd_(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr, int op) { Jsi_Value *val = Jsi_ValueArrayIndex(interp, args, 0); if (interp->breakpointHash) { int num; char nbuf[100]; if (Jsi_GetIntFromValue(interp, val, &num) != JSI_OK) return Jsi_LogError(""bad number""); snprintf(nbuf, sizeof(nbuf), ""%d"", num); Jsi_HashEntry *hPtr = Jsi_HashEntryFind(interp->breakpointHash, nbuf); jsi_BreakPoint* bptr; if (hPtr && (bptr = (jsi_BreakPoint*)Jsi_HashValueGet(hPtr))) { switch (op) { case 1: bptr->enabled = 0; break; case 2: bptr->enabled = 1; break; default: Jsi_HashEntryDelete(hPtr); } return JSI_OK; } } return Jsi_LogError(""unknown breakpoint""); }",visit repo url,src/jsiCmds.c,https://github.com/pcmacdon/jsish,185974483221525,1 4958,CWE-191,"ber_parse_header(STREAM s, int tagval, int *length) { int tag, len; if (tagval > 0xff) { in_uint16_be(s, tag); } else { in_uint8(s, tag); } if (tag != tagval) { logger(Core, Error, ""ber_parse_header(), expected tag %d, got %d"", tagval, tag); return False; } in_uint8(s, len); if (len & 0x80) { len &= ~0x80; *length = 0; while (len--) next_be(s, *length); } else *length = len; return s_check(s); }",visit repo url,asn.c,https://github.com/rdesktop/rdesktop,108610331292156,1 5065,['CWE-20'],"static void vmx_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) { unsigned long hw_cr0 = (cr0 & ~KVM_GUEST_CR0_MASK) | KVM_VM_CR0_ALWAYS_ON; vmx_fpu_deactivate(vcpu); if (vcpu->arch.rmode.active && (cr0 & X86_CR0_PE)) enter_pmode(vcpu); if (!vcpu->arch.rmode.active && !(cr0 & X86_CR0_PE)) enter_rmode(vcpu); #ifdef CONFIG_X86_64 if (vcpu->arch.shadow_efer & EFER_LME) { if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) enter_lmode(vcpu); if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) exit_lmode(vcpu); } #endif if (vm_need_ept()) ept_update_paging_mode_cr0(&hw_cr0, cr0, vcpu); vmcs_writel(CR0_READ_SHADOW, cr0); vmcs_writel(GUEST_CR0, hw_cr0); vcpu->arch.cr0 = cr0; if (!(cr0 & X86_CR0_TS) || !(cr0 & X86_CR0_PE)) vmx_fpu_activate(vcpu); }",linux-2.6,,,280484419707230090618892354430971119892,0 5632,['CWE-476'],"static struct sock *udp_v4_lookup_longway(__be32 saddr, __be16 sport, __be32 daddr, __be16 dport, int dif) { struct sock *sk, *result = NULL; struct hlist_node *node; unsigned short hnum = ntohs(dport); int badness = -1; sk_for_each(sk, node, &udp_hash[hnum & (UDP_HTABLE_SIZE - 1)]) { struct inet_sock *inet = inet_sk(sk); if (inet->num == hnum && !ipv6_only_sock(sk)) { int score = (sk->sk_family == PF_INET ? 1 : 0); if (inet->rcv_saddr) { if (inet->rcv_saddr != daddr) continue; score+=2; } if (inet->daddr) { if (inet->daddr != saddr) continue; score+=2; } if (inet->dport) { if (inet->dport != sport) continue; score+=2; } if (sk->sk_bound_dev_if) { if (sk->sk_bound_dev_if != dif) continue; score+=2; } if(score == 9) { result = sk; break; } else if(score > badness) { result = sk; badness = score; } } } return result; }",linux-2.6,,,226717344530737734416788838320677146500,0 4034,CWE-763,"pam_converse (int num_msg, PAM_CONVERSE_ARG2_TYPE **msg, struct pam_response **resp, void *appdata_ptr) { int sep = 0; struct pam_response *reply; if ( pam_arg_ended || !(reply = malloc(sizeof(struct pam_response) * num_msg))) return PAM_CONV_ERR; for (int i = 0; i < num_msg; i++) { uschar *arg; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_OFF: if (!(arg = string_nextinlist(&pam_args, &sep, NULL, 0))) { arg = US""""; pam_arg_ended = TRUE; } reply[i].resp = CS string_copy_malloc(arg); reply[i].resp_retcode = PAM_SUCCESS; break; case PAM_TEXT_INFO: case PAM_ERROR_MSG: reply[i].resp_retcode = PAM_SUCCESS; reply[i].resp = NULL; break; default: free(reply); pam_conv_had_error = TRUE; return PAM_CONV_ERR; } } *resp = reply; return PAM_SUCCESS; }",visit repo url,src/src/auths/call_pam.c,https://github.com/Exim/exim,124357344430883,1 6687,CWE-1284,"int passwd_to_utf16(unsigned char *in_passwd, int length, int max_length, unsigned char *out_passwd) { #ifdef WIN32 int ret; (void)length; ret = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)in_passwd, -1, (LPWSTR)out_passwd, max_length / 2 ); if (ret == 0) return AESCRYPT_READPWD_ICONV; return ret * 2; #else #ifndef ENABLE_ICONV int i; for (i=0;i stsz->sampleCount + 1) return GF_BAD_PARAM; if (!nb_pack_samples) nb_pack_samples = 1; else if (nb_pack_samples>1) size /= nb_pack_samples; if (stsz->sizes == NULL) { if (! stsz->sampleCount && (stsz->type != GF_ISOM_BOX_TYPE_STZ2) ) { stsz->sampleCount = nb_pack_samples; stsz->sampleSize = size; return GF_OK; } if (stsz->sampleSize == size) { stsz->sampleCount += nb_pack_samples; return GF_OK; } if (nb_pack_samples>1) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[iso file] Inserting packed samples with different sizes is not yet supported\n"" )); return GF_NOT_SUPPORTED; } stsz->sizes = (u32*)gf_malloc(sizeof(u32) * (stsz->sampleCount + 1)); if (!stsz->sizes) return GF_OUT_OF_MEM; stsz->alloc_size = stsz->sampleCount + 1; k = 0; for (i = 0 ; i < stsz->sampleCount; i++) { if (i + 1 == sampleNumber) { stsz->sizes[i + k] = size; k = 1; } stsz->sizes[i+k] = stsz->sampleSize; } if (stsz->sampleCount + 1 == sampleNumber) { stsz->sizes[stsz->sampleCount] = size; } stsz->sampleSize = 0; stsz->sampleCount++; return GF_OK; } if (stsz->sampleCount + 1 == sampleNumber) { if (!stsz->alloc_size) stsz->alloc_size = stsz->sampleCount; if (stsz->sampleCount == stsz->alloc_size) { ALLOC_INC(stsz->alloc_size); stsz->sizes = gf_realloc(stsz->sizes, sizeof(u32)*(stsz->alloc_size) ); if (!stsz->sizes) return GF_OUT_OF_MEM; memset(&stsz->sizes[stsz->sampleCount], 0, sizeof(u32)*(stsz->alloc_size - stsz->sampleCount) ); } stsz->sizes[stsz->sampleCount] = size; } else { newSizes = (u32*)gf_malloc(sizeof(u32)*(1 + stsz->sampleCount) ); if (!newSizes) return GF_OUT_OF_MEM; k = 0; for (i = 0; i < stsz->sampleCount; i++) { if (i + 1 == sampleNumber) { newSizes[i + k] = size; k = 1; } newSizes[i + k] = stsz->sizes[i]; } gf_free(stsz->sizes); stsz->sizes = newSizes; stsz->alloc_size = 1 + stsz->sampleCount; } stsz->sampleCount++; return GF_OK; }",visit repo url,src/isomedia/stbl_write.c,https://github.com/gpac/gpac,175288031837512,1 1498,CWE-362,"static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, struct msghdr *msg, size_t ignored, int flags) { struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct skcipher_ctx *ctx = ask->private; unsigned bs = crypto_ablkcipher_blocksize(crypto_ablkcipher_reqtfm( &ctx->req)); struct skcipher_sg_list *sgl; struct scatterlist *sg; int err = -EAGAIN; int used; long copied = 0; lock_sock(sk); while (iov_iter_count(&msg->msg_iter)) { sgl = list_first_entry(&ctx->tsgl, struct skcipher_sg_list, list); sg = sgl->sg; while (!sg->length) sg++; used = ctx->used; if (!used) { err = skcipher_wait_for_data(sk, flags); if (err) goto unlock; } used = min_t(unsigned long, used, iov_iter_count(&msg->msg_iter)); used = af_alg_make_sg(&ctx->rsgl, &msg->msg_iter, used); err = used; if (err < 0) goto unlock; if (ctx->more || used < ctx->used) used -= used % bs; err = -EINVAL; if (!used) goto free; ablkcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used, ctx->iv); err = af_alg_wait_for_completion( ctx->enc ? crypto_ablkcipher_encrypt(&ctx->req) : crypto_ablkcipher_decrypt(&ctx->req), &ctx->completion); free: af_alg_free_sg(&ctx->rsgl); if (err) goto unlock; copied += used; skcipher_pull_sgl(sk, used); iov_iter_advance(&msg->msg_iter, used); } err = 0; unlock: skcipher_wmem_wakeup(sk); release_sock(sk); return copied ?: err; }",visit repo url,crypto/algif_skcipher.c,https://github.com/torvalds/linux,145666521119576,1 1932,['CWE-20'],"static inline void add_mm_rss(struct mm_struct *mm, int file_rss, int anon_rss) { if (file_rss) add_mm_counter(mm, file_rss, file_rss); if (anon_rss) add_mm_counter(mm, anon_rss, anon_rss); }",linux-2.6,,,15547307601400600523108093237960679010,0 2271,['CWE-120'],"static __always_inline int link_path_walk(const char *name, struct nameidata *nd) { struct path save = nd->path; int result; path_get(&save); result = __link_path_walk(name, nd); if (result == -ESTALE) { nd->path = save; path_get(&nd->path); nd->flags |= LOOKUP_REVAL; result = __link_path_walk(name, nd); } path_put(&save); return result; }",linux-2.6,,,114904236478238591462622208742978128489,0 4773,['CWE-20'],"static int ext4_ui_proc_show(struct seq_file *m, void *v) { unsigned int *p = m->private; seq_printf(m, ""%u\n"", *p); return 0; }",linux-2.6,,,333079279260422017873399825097995078992,0 3782,CWE-416,"ex_function(exarg_T *eap) { (void)define_function(eap, NULL); }",visit repo url,src/userfunc.c,https://github.com/vim/vim,72808996909764,1 1094,['CWE-399'],"static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, sigset_t *set, struct pt_regs * regs) { void __user *restorer; struct rt_sigframe __user *frame; int err = 0; int usig; frame = get_sigframe(ka, regs, sizeof(*frame)); if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) goto give_sigsegv; usig = current_thread_info()->exec_domain && current_thread_info()->exec_domain->signal_invmap && sig < 32 ? current_thread_info()->exec_domain->signal_invmap[sig] : sig; err |= __put_user(usig, &frame->sig); err |= __put_user(&frame->info, &frame->pinfo); err |= __put_user(&frame->uc, &frame->puc); err |= copy_siginfo_to_user(&frame->info, info); if (err) goto give_sigsegv; err |= __put_user(0, &frame->uc.uc_flags); err |= __put_user(0, &frame->uc.uc_link); err |= __put_user(current->sas_ss_sp, &frame->uc.uc_stack.ss_sp); err |= __put_user(sas_ss_flags(regs->sp), &frame->uc.uc_stack.ss_flags); err |= __put_user(current->sas_ss_size, &frame->uc.uc_stack.ss_size); err |= setup_sigcontext(&frame->uc.uc_mcontext, &frame->fpstate, regs, set->sig[0]); err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)); if (err) goto give_sigsegv; restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; err |= __put_user(restorer, &frame->pretcode); err |= __put_user(0xb8, (char __user *)(frame->retcode+0)); err |= __put_user(__NR_rt_sigreturn, (int __user *)(frame->retcode+1)); err |= __put_user(0x80cd, (short __user *)(frame->retcode+5)); if (err) goto give_sigsegv; regs->sp = (unsigned long) frame; regs->ip = (unsigned long) ka->sa.sa_handler; regs->ax = (unsigned long) usig; regs->dx = (unsigned long) &frame->info; regs->cx = (unsigned long) &frame->uc; regs->ds = __USER_DS; regs->es = __USER_DS; regs->ss = __USER_DS; regs->cs = __USER_CS; regs->flags &= ~(TF_MASK | X86_EFLAGS_DF); if (test_thread_flag(TIF_SINGLESTEP)) ptrace_notify(SIGTRAP); #if DEBUG_SIG printk(""SIG deliver (%s:%d): sp=%p pc=%p ra=%p\n"", current->comm, current->pid, frame, regs->ip, frame->pretcode); #endif return 0; give_sigsegv: force_sigsegv(sig, current); return -EFAULT; }",linux-2.6,,,297145141663809646887311558177951815592,0 4420,['CWE-264'],"static inline void sock_valbool_flag(struct sock *sk, int bit, int valbool) { if (valbool) sock_set_flag(sk, bit); else sock_reset_flag(sk, bit); }",linux-2.6,,,76122543704622323525345737178187429838,0 13,['CWE-264'],"static char *make_filename_safe(const char *filename TSRMLS_DC) { if (*filename && memcmp(filename, "":memory:"", sizeof("":memory:""))) { char *fullpath = expand_filepath(filename, NULL TSRMLS_CC); if (!fullpath) { return NULL; } if (PG(safe_mode) && (!php_checkuid(fullpath, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { efree(fullpath); return NULL; } if (php_check_open_basedir(fullpath TSRMLS_CC)) { efree(fullpath); return NULL; } return fullpath; } return estrdup(filename); }",php-src,,,107340962273293518000751223695455368366,0 4368,['CWE-264']," __acquires(proto_list_lock) { read_lock(&proto_list_lock); return seq_list_start_head(&proto_list, *pos); }",linux-2.6,,,76267412264969121697512681534948498411,0 6668,NVD-CWE-noinfo,"static int install_relocation_handler(int num_cpus, size_t save_state_size) { struct smm_loader_params smm_params = { .per_cpu_stack_size = CONFIG_SMM_STUB_STACK_SIZE, .num_concurrent_stacks = num_cpus, .per_cpu_save_state_size = save_state_size, .num_concurrent_save_states = 1, .handler = smm_do_relocation, }; if (mp_state.ops.adjust_smm_params != NULL) mp_state.ops.adjust_smm_params(&smm_params, 0); if (smm_setup_relocation_handler(&smm_params)) return -1; adjust_smm_apic_id_map(&smm_params); return 0; }",visit repo url,src/cpu/x86/mp_init.c,https://github.com/coreboot/coreboot,106669686973645,1 153,[],"asmlinkage long compat_sys_pselect7(int n, compat_ulong_t __user *inp, compat_ulong_t __user *outp, compat_ulong_t __user *exp, struct compat_timespec __user *tsp, compat_sigset_t __user *sigmask, compat_size_t sigsetsize) { compat_sigset_t ss32; sigset_t ksigmask, sigsaved; s64 timeout = MAX_SCHEDULE_TIMEOUT; struct compat_timespec ts; int ret; if (tsp) { if (copy_from_user(&ts, tsp, sizeof(ts))) return -EFAULT; if (ts.tv_sec < 0 || ts.tv_nsec < 0) return -EINVAL; } if (sigmask) { if (sigsetsize != sizeof(compat_sigset_t)) return -EINVAL; if (copy_from_user(&ss32, sigmask, sizeof(ss32))) return -EFAULT; sigset_from_compat(&ksigmask, &ss32); sigdelsetmask(&ksigmask, sigmask(SIGKILL)|sigmask(SIGSTOP)); sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved); } do { if (tsp) { if ((unsigned long)ts.tv_sec < MAX_SELECT_SECONDS) { timeout = ROUND_UP(ts.tv_nsec, 1000000000/HZ); timeout += ts.tv_sec * (unsigned long)HZ; ts.tv_sec = 0; ts.tv_nsec = 0; } else { ts.tv_sec -= MAX_SELECT_SECONDS; timeout = MAX_SELECT_SECONDS * HZ; } } ret = compat_core_sys_select(n, inp, outp, exp, &timeout); } while (!ret && !timeout && tsp && (ts.tv_sec || ts.tv_nsec)); if (tsp) { struct compat_timespec rts; if (current->personality & STICKY_TIMEOUTS) goto sticky; rts.tv_sec = timeout / HZ; rts.tv_nsec = (timeout % HZ) * (NSEC_PER_SEC/HZ); if (rts.tv_nsec >= NSEC_PER_SEC) { rts.tv_sec++; rts.tv_nsec -= NSEC_PER_SEC; } if (compat_timespec_compare(&rts, &ts) >= 0) rts = ts; if (copy_to_user(tsp, &rts, sizeof(rts))) { sticky: if (ret == -ERESTARTNOHAND) ret = -EINTR; } } if (ret == -ERESTARTNOHAND) { if (sigmask) { memcpy(¤t->saved_sigmask, &sigsaved, sizeof(sigsaved)); set_thread_flag(TIF_RESTORE_SIGMASK); } } else if (sigmask) sigprocmask(SIG_SETMASK, &sigsaved, NULL); return ret; }",linux-2.6,,,313633937766024914498626179296509403275,0 3502,CWE-22,"int main(int argc, char *argv[]) { struct mschm_decompressor *chmd; struct mschmd_header *chm; struct mschmd_file *file, **f; unsigned int numf, i; setbuf(stdout, NULL); setbuf(stderr, NULL); user_umask = umask(0); umask(user_umask); MSPACK_SYS_SELFTEST(i); if (i) return 0; if ((chmd = mspack_create_chm_decompressor(NULL))) { for (argv++; *argv; argv++) { printf(""%s\n"", *argv); if ((chm = chmd->open(chmd, *argv))) { for (numf=0, file=chm->files; file; file = file->next) numf++; if ((f = (struct mschmd_file **) calloc(numf, sizeof(struct mschmd_file *)))) { for (i=0, file=chm->files; file; file = file->next) f[i++] = file; qsort(f, numf, sizeof(struct mschmd_file *), &sortfunc); for (i = 0; i < numf; i++) { char *outname = create_output_name((unsigned char *)f[i]->filename,NULL,0,1,0); printf(""Extracting %s\n"", outname); ensure_filepath(outname); if (chmd->extract(chmd, f[i], outname)) { printf(""%s: extract error on \""%s\"": %s\n"", *argv, f[i]->filename, ERROR(chmd)); } free(outname); } free(f); } chmd->close(chmd, chm); } else { printf(""%s: can't open -- %s\n"", *argv, ERROR(chmd)); } } mspack_destroy_chm_decompressor(chmd); } return 0; }",visit repo url,libmspack/src/chmextract.c,https://github.com/kyz/libmspack,122617972601492,1 3726,[],"static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags) { struct sockaddr_un *sunaddr=(struct sockaddr_un *)uaddr; struct sock *sk = sock->sk; struct net *net = sock_net(sk); struct unix_sock *u = unix_sk(sk), *newu, *otheru; struct sock *newsk = NULL; struct sock *other = NULL; struct sk_buff *skb = NULL; unsigned hash; int st; int err; long timeo; err = unix_mkname(sunaddr, addr_len, &hash); if (err < 0) goto out; addr_len = err; if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr && (err = unix_autobind(sock)) != 0) goto out; timeo = sock_sndtimeo(sk, flags & O_NONBLOCK); err = -ENOMEM; newsk = unix_create1(sock_net(sk), NULL); if (newsk == NULL) goto out; skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL); if (skb == NULL) goto out; restart: other = unix_find_other(net, sunaddr, addr_len, sk->sk_type, hash, &err); if (!other) goto out; unix_state_lock(other); if (sock_flag(other, SOCK_DEAD)) { unix_state_unlock(other); sock_put(other); goto restart; } err = -ECONNREFUSED; if (other->sk_state != TCP_LISTEN) goto out_unlock; if (unix_recvq_full(other)) { err = -EAGAIN; if (!timeo) goto out_unlock; timeo = unix_wait_for_peer(other, timeo); err = sock_intr_errno(timeo); if (signal_pending(current)) goto out; sock_put(other); goto restart; } st = sk->sk_state; switch (st) { case TCP_CLOSE: break; case TCP_ESTABLISHED: err = -EISCONN; goto out_unlock; default: err = -EINVAL; goto out_unlock; } unix_state_lock_nested(sk); if (sk->sk_state != st) { unix_state_unlock(sk); unix_state_unlock(other); sock_put(other); goto restart; } err = security_unix_stream_connect(sock, other->sk_socket, newsk); if (err) { unix_state_unlock(sk); goto out_unlock; } sock_hold(sk); unix_peer(newsk) = sk; newsk->sk_state = TCP_ESTABLISHED; newsk->sk_type = sk->sk_type; newsk->sk_peercred.pid = task_tgid_vnr(current); newsk->sk_peercred.uid = current->euid; newsk->sk_peercred.gid = current->egid; newu = unix_sk(newsk); newsk->sk_sleep = &newu->peer_wait; otheru = unix_sk(other); if (otheru->addr) { atomic_inc(&otheru->addr->refcnt); newu->addr = otheru->addr; } if (otheru->dentry) { newu->dentry = dget(otheru->dentry); newu->mnt = mntget(otheru->mnt); } sk->sk_peercred = other->sk_peercred; sock->state = SS_CONNECTED; sk->sk_state = TCP_ESTABLISHED; sock_hold(newsk); smp_mb__after_atomic_inc(); unix_peer(sk) = newsk; unix_state_unlock(sk); spin_lock(&other->sk_receive_queue.lock); __skb_queue_tail(&other->sk_receive_queue, skb); spin_unlock(&other->sk_receive_queue.lock); unix_state_unlock(other); other->sk_data_ready(other, 0); sock_put(other); return 0; out_unlock: if (other) unix_state_unlock(other); out: if (skb) kfree_skb(skb); if (newsk) unix_release_sock(newsk, 0); if (other) sock_put(other); return err; }",linux-2.6,,,64122038942610528822251343150630557839,0 1788,[]," __releases(rq->lock) { struct rq *rq = this_rq(); finish_task_switch(rq, prev); #ifdef __ARCH_WANT_UNLOCKED_CTXSW preempt_enable(); #endif if (current->set_child_tid) put_user(task_pid_vnr(current), current->set_child_tid); }",linux-2.6,,,196303770717504880350803535525517105480,0 2869,['CWE-189'],"int jas_cmxform_apply(jas_cmxform_t *xform, jas_cmpixmap_t *in, jas_cmpixmap_t *out) { jas_cmcmptfmt_t *fmt; jas_cmreal_t buf[2][APPLYBUFSIZ]; jas_cmpxformseq_t *pxformseq; int i; int j; int width; int height; int total; int n; jas_cmreal_t *inbuf; jas_cmreal_t *outbuf; jas_cmpxform_t *pxform; long *dataptr; int maxchans; int bufmax; int m; int bias; jas_cmreal_t scale; long v; jas_cmreal_t *bufptr; if (xform->numinchans > in->numcmpts || xform->numoutchans > out->numcmpts) goto error; fmt = &in->cmptfmts[0]; width = fmt->width; height = fmt->height; for (i = 1; i < xform->numinchans; ++i) { fmt = &in->cmptfmts[i]; if (fmt->width != width || fmt->height != height) { goto error; } } for (i = 0; i < xform->numoutchans; ++i) { fmt = &out->cmptfmts[i]; if (fmt->width != width || fmt->height != height) { goto error; } } maxchans = 0; pxformseq = xform->pxformseq; for (i = 0; i < pxformseq->numpxforms; ++i) { pxform = pxformseq->pxforms[i]; if (pxform->numinchans > maxchans) { maxchans = pxform->numinchans; } if (pxform->numoutchans > maxchans) { maxchans = pxform->numoutchans; } } bufmax = APPLYBUFSIZ / maxchans; assert(bufmax > 0); total = width * height; n = 0; while (n < total) { inbuf = &buf[0][0]; m = JAS_MIN(total - n, bufmax); for (i = 0; i < xform->numinchans; ++i) { fmt = &in->cmptfmts[i]; scale = (double)((1 << fmt->prec) - 1); bias = fmt->sgnd ? (1 << (fmt->prec - 1)) : 0; dataptr = &fmt->buf[n]; bufptr = &inbuf[i]; for (j = 0; j < m; ++j) { if (jas_cmgetint(&dataptr, fmt->sgnd, fmt->prec, &v)) goto error; *bufptr = (v - bias) / scale; bufptr += xform->numinchans; } } inbuf = &buf[0][0]; outbuf = inbuf; for (i = 0; i < pxformseq->numpxforms; ++i) { pxform = pxformseq->pxforms[i]; if (pxform->numoutchans > pxform->numinchans) { outbuf = (inbuf == &buf[0][0]) ? &buf[1][0] : &buf[0][0]; } else { outbuf = inbuf; } if ((*pxform->ops->apply)(pxform, inbuf, outbuf, m)) goto error; inbuf = outbuf; } for (i = 0; i < xform->numoutchans; ++i) { fmt = &out->cmptfmts[i]; scale = (double)((1 << fmt->prec) - 1); bias = fmt->sgnd ? (1 << (fmt->prec - 1)) : 0; bufptr = &outbuf[i]; dataptr = &fmt->buf[n]; for (j = 0; j < m; ++j) { v = (*bufptr) * scale + bias; bufptr += xform->numoutchans; if (jas_cmputint(&dataptr, fmt->sgnd, fmt->prec, v)) goto error; } } n += m; } return 0; error: return -1; }",jasper,,,302539572070274930898195589350623871407,0 3134,CWE-20,"static int lua_websocket_read(lua_State *L) { apr_socket_t *sock; apr_status_t rv; int n = 0; apr_size_t len = 1; apr_size_t plen = 0; unsigned short payload_short = 0; apr_uint64_t payload_long = 0; unsigned char *mask_bytes; char byte; int plaintext; request_rec *r = ap_lua_check_request_rec(L, 1); plaintext = ap_lua_ssl_is_https(r->connection) ? 0 : 1; mask_bytes = apr_pcalloc(r->pool, 4); sock = ap_get_conn_socket(r->connection); if (plaintext) { rv = apr_socket_recv(sock, &byte, &len); } else { rv = lua_websocket_readbytes(r->connection, &byte, 1); } if (rv == APR_SUCCESS) { unsigned char ubyte, fin, opcode, mask, payload; ubyte = (unsigned char)byte; fin = ubyte >> (CHAR_BIT - 1); opcode = ubyte & 0xf; if (plaintext) { rv = apr_socket_recv(sock, &byte, &len); } else { rv = lua_websocket_readbytes(r->connection, &byte, 1); } if (rv == APR_SUCCESS) { ubyte = (unsigned char)byte; mask = ubyte >> (CHAR_BIT - 1); payload = ubyte & 0x7f; plen = payload; if (payload == 126) { len = 2; if (plaintext) { rv = apr_socket_recv(sock, (char*) &payload_short, &len); } else { rv = lua_websocket_readbytes(r->connection, (char*) &payload_short, 2); } payload_short = ntohs(payload_short); if (rv == APR_SUCCESS) { plen = payload_short; } else { return 0; } } if (payload == 127) { len = 8; if (plaintext) { rv = apr_socket_recv(sock, (char*) &payload_long, &len); } else { rv = lua_websocket_readbytes(r->connection, (char*) &payload_long, 8); } if (rv == APR_SUCCESS) { plen = ap_ntoh64(&payload_long); } else { return 0; } } ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ""Websocket: Reading %"" APR_SIZE_T_FMT "" (%s) bytes, masking is %s. %s"", plen, (payload >= 126) ? ""extra payload"" : ""no extra payload"", mask ? ""on"" : ""off"", fin ? ""This is a final frame"" : ""more to follow""); if (mask) { len = 4; if (plaintext) { rv = apr_socket_recv(sock, (char*) mask_bytes, &len); } else { rv = lua_websocket_readbytes(r->connection, (char*) mask_bytes, 4); } if (rv != APR_SUCCESS) { return 0; } } if (plen < (HUGE_STRING_LEN*1024) && plen > 0) { apr_size_t remaining = plen; apr_size_t received; apr_off_t at = 0; char *buffer = apr_palloc(r->pool, plen+1); buffer[plen] = 0; if (plaintext) { while (remaining > 0) { received = remaining; rv = apr_socket_recv(sock, buffer+at, &received); if (received > 0 ) { remaining -= received; at += received; } } ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, ""Websocket: Frame contained %"" APR_OFF_T_FMT "" bytes, pushed to Lua stack"", at); } else { rv = lua_websocket_readbytes(r->connection, buffer, remaining); ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, ""Websocket: SSL Frame contained %"" APR_SIZE_T_FMT "" bytes, ""\ ""pushed to Lua stack"", remaining); } if (mask) { for (n = 0; n < plen; n++) { buffer[n] ^= mask_bytes[n%4]; } } lua_pushlstring(L, buffer, (size_t) plen); lua_pushboolean(L, fin); return 2; } if (opcode == 0x09) { char frame[2]; plen = 2; frame[0] = 0x8A; frame[1] = 0; apr_socket_send(sock, frame, &plen); lua_websocket_read(L); } } } return 0; }",visit repo url,modules/lua/lua_request.c,https://github.com/apache/httpd,29044208930229,1 5789,['CWE-200'],"static struct sock *rose_make_new(struct sock *osk) { struct sock *sk; struct rose_sock *rose, *orose; if (osk->sk_type != SOCK_SEQPACKET) return NULL; sk = sk_alloc(sock_net(osk), PF_ROSE, GFP_ATOMIC, &rose_proto); if (sk == NULL) return NULL; rose = rose_sk(sk); sock_init_data(NULL, sk); skb_queue_head_init(&rose->ack_queue); #ifdef M_BIT skb_queue_head_init(&rose->frag_queue); rose->fraglen = 0; #endif sk->sk_type = osk->sk_type; sk->sk_priority = osk->sk_priority; sk->sk_protocol = osk->sk_protocol; sk->sk_rcvbuf = osk->sk_rcvbuf; sk->sk_sndbuf = osk->sk_sndbuf; sk->sk_state = TCP_ESTABLISHED; sock_copy_flags(sk, osk); init_timer(&rose->timer); init_timer(&rose->idletimer); orose = rose_sk(osk); rose->t1 = orose->t1; rose->t2 = orose->t2; rose->t3 = orose->t3; rose->hb = orose->hb; rose->idle = orose->idle; rose->defer = orose->defer; rose->device = orose->device; rose->qbitincl = orose->qbitincl; return sk; }",linux-2.6,,,75756857788043908158377906962138332905,0 3384,['CWE-264'],"void fastcall fd_install(unsigned int fd, struct file * file) { struct files_struct *files = current->files; struct fdtable *fdt; spin_lock(&files->file_lock); fdt = files_fdtable(files); BUG_ON(fdt->fd[fd] != NULL); rcu_assign_pointer(fdt->fd[fd], file); spin_unlock(&files->file_lock); }",linux-2.6,,,97054828135007643804257532290874286292,0 2153,['CWE-400'],"static int shmem_unlink(struct inode *dir, struct dentry *dentry) { struct inode *inode = dentry->d_inode; if (inode->i_nlink > 1 && !S_ISDIR(inode->i_mode)) shmem_free_inode(inode->i_sb); dir->i_size -= BOGO_DIRENT_SIZE; inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME; drop_nlink(inode); dput(dentry); return 0; }",linux-2.6,,,223652660173208849568167377903353089161,0 1896,['CWE-20'],"static __init int vdso_do_find_sections(struct lib32_elfinfo *v32, struct lib64_elfinfo *v64) { void *sect; v32->dynsym = find_section32(v32->hdr, "".dynsym"", &v32->dynsymsize); v32->dynstr = find_section32(v32->hdr, "".dynstr"", NULL); if (v32->dynsym == NULL || v32->dynstr == NULL) { printk(KERN_ERR ""vDSO32: required symbol section not found\n""); return -1; } sect = find_section32(v32->hdr, "".text"", NULL); if (sect == NULL) { printk(KERN_ERR ""vDSO32: the .text section was not found\n""); return -1; } v32->text = sect - vdso32_kbase; #ifdef CONFIG_PPC64 v64->dynsym = find_section64(v64->hdr, "".dynsym"", &v64->dynsymsize); v64->dynstr = find_section64(v64->hdr, "".dynstr"", NULL); if (v64->dynsym == NULL || v64->dynstr == NULL) { printk(KERN_ERR ""vDSO64: required symbol section not found\n""); return -1; } sect = find_section64(v64->hdr, "".text"", NULL); if (sect == NULL) { printk(KERN_ERR ""vDSO64: the .text section was not found\n""); return -1; } v64->text = sect - vdso64_kbase; #endif return 0; }",linux-2.6,,,212713002097346373613405254704853008033,0 5971,CWE-79,"rndr_quote(struct buf *ob, const struct buf *text, void *opaque) { if (!text || !text->size) return 0; BUFPUTSL(ob, """"); bufput(ob, text->data, text->size); BUFPUTSL(ob, """"); return 1; }",visit repo url,ext/redcarpet/html.c,https://github.com/vmg/redcarpet,227076177147880,1 1990,['CWE-20'],"static int do_nonlinear_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, int write_access, pte_t orig_pte) { unsigned int flags = FAULT_FLAG_NONLINEAR | (write_access ? FAULT_FLAG_WRITE : 0); pgoff_t pgoff; if (!pte_unmap_same(mm, pmd, page_table, orig_pte)) return 0; if (unlikely(!(vma->vm_flags & VM_NONLINEAR) || !(vma->vm_flags & VM_CAN_NONLINEAR))) { print_bad_pte(vma, orig_pte, address); return VM_FAULT_OOM; } pgoff = pte_to_pgoff(orig_pte); return __do_fault(mm, vma, address, pmd, pgoff, flags, orig_pte); }",linux-2.6,,,169012949277237288735472688293295157782,0 3522,['CWE-20'],"sctp_disposition_t sctp_sf_discard_chunk(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); SCTP_DEBUG_PRINTK(""Chunk %d is discarded\n"", type.chunk); return SCTP_DISPOSITION_DISCARD; }",linux-2.6,,,116145030464387997050135416562614369700,0 1680,CWE-20,"int snd_timer_close(struct snd_timer_instance *timeri) { struct snd_timer *timer = NULL; struct snd_timer_instance *slave, *tmp; if (snd_BUG_ON(!timeri)) return -ENXIO; snd_timer_stop(timeri); if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) { spin_lock_irq(&slave_active_lock); while (timeri->flags & SNDRV_TIMER_IFLG_CALLBACK) { spin_unlock_irq(&slave_active_lock); udelay(10); spin_lock_irq(&slave_active_lock); } spin_unlock_irq(&slave_active_lock); mutex_lock(®ister_mutex); list_del(&timeri->open_list); mutex_unlock(®ister_mutex); } else { timer = timeri->timer; if (snd_BUG_ON(!timer)) goto out; spin_lock_irq(&timer->lock); while (timeri->flags & SNDRV_TIMER_IFLG_CALLBACK) { spin_unlock_irq(&timer->lock); udelay(10); spin_lock_irq(&timer->lock); } spin_unlock_irq(&timer->lock); mutex_lock(®ister_mutex); list_del(&timeri->open_list); if (timer && list_empty(&timer->open_list_head) && timer->hw.close) timer->hw.close(timer); list_for_each_entry_safe(slave, tmp, &timeri->slave_list_head, open_list) { spin_lock_irq(&slave_active_lock); _snd_timer_stop(slave, 1, SNDRV_TIMER_EVENT_RESOLUTION); list_move_tail(&slave->open_list, &snd_timer_slave_list); slave->master = NULL; slave->timer = NULL; spin_unlock_irq(&slave_active_lock); } mutex_unlock(®ister_mutex); } out: if (timeri->private_free) timeri->private_free(timeri); kfree(timeri->owner); kfree(timeri); if (timer) module_put(timer->module); return 0; }",visit repo url,sound/core/timer.c,https://github.com/torvalds/linux,9222332381303,1 3199,['CWE-189'],"static int jp2_putuint32(jas_stream_t *out, uint_fast32_t val) { if (jas_stream_putc(out, (val >> 24) & 0xff) == EOF || jas_stream_putc(out, (val >> 16) & 0xff) == EOF || jas_stream_putc(out, (val >> 8) & 0xff) == EOF || jas_stream_putc(out, val & 0xff) == EOF) { return -1; } return 0; }",jasper,,,91969381549042087125047226820049770104,0 4050,['CWE-362'],"static int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op) { struct audit_watch *watch; if (!audit_ih) return -EOPNOTSUPP; if (path[0] != '/' || path[len-1] == '/' || krule->listnr != AUDIT_FILTER_EXIT || op & ~AUDIT_EQUAL || krule->inode_f || krule->watch || krule->tree) return -EINVAL; watch = audit_init_watch(path); if (IS_ERR(watch)) return PTR_ERR(watch); audit_get_watch(watch); krule->watch = watch; return 0; }",linux-2.6,,,227882557277530991924624508705299247998,0 4035,CWE-125,"_WM_ParseNewHmi(uint8_t *hmi_data, uint32_t hmi_size) { uint32_t hmi_tmp = 0; uint8_t *hmi_base = hmi_data; uint16_t hmi_bpm = 0; uint16_t hmi_division = 0; uint32_t hmi_track_cnt = 0; uint32_t *hmi_track_offset = NULL; uint32_t i = 0; uint32_t j = 0; uint8_t *hmi_addr = NULL; uint32_t *hmi_track_header_length = NULL; struct _mdi *hmi_mdi = NULL; uint32_t tempo_f = 5000000.0; uint32_t *hmi_track_end = NULL; uint8_t hmi_tracks_ended = 0; uint8_t *hmi_running_event = NULL; uint32_t setup_ret = 0; uint32_t *hmi_delta = NULL; uint32_t smallest_delta = 0; uint32_t subtract_delta = 0; uint32_t sample_count = 0; float sample_count_f = 0; float sample_remainder = 0; float samples_per_delta_f = 0.0; struct _note { uint32_t length; uint8_t channel; } *note; UNUSED(hmi_size); if (memcmp(hmi_data, ""HMI-MIDISONG061595"", 18)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_HMI, NULL, 0); return NULL; } hmi_bpm = hmi_data[212]; hmi_division = 60; hmi_track_cnt = hmi_data[228]; hmi_mdi = _WM_initMDI(); _WM_midi_setup_divisions(hmi_mdi, hmi_division); if ((_WM_MixerOptions & WM_MO_ROUNDTEMPO)) { tempo_f = (float) (60000000 / hmi_bpm) + 0.5f; } else { tempo_f = (float) (60000000 / hmi_bpm); } samples_per_delta_f = _WM_GetSamplesPerTick(hmi_division, (uint32_t)tempo_f); _WM_midi_setup_tempo(hmi_mdi, (uint32_t)tempo_f); hmi_track_offset = (uint32_t *)malloc(sizeof(uint32_t) * hmi_track_cnt); hmi_track_header_length = malloc(sizeof(uint32_t) * hmi_track_cnt); hmi_track_end = malloc(sizeof(uint32_t) * hmi_track_cnt); hmi_delta = malloc(sizeof(uint32_t) * hmi_track_cnt); note = malloc(sizeof(struct _note) * 128 * hmi_track_cnt); hmi_running_event = malloc(sizeof(uint8_t) * 128 * hmi_track_cnt); hmi_data += 370; smallest_delta = 0xffffffff; if (hmi_size < (370 + (hmi_track_cnt * 17))) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_HMI, ""file too short"", 0); goto _hmi_end; } hmi_track_offset[0] = *hmi_data; for (i = 0; i < hmi_track_cnt; i++) { hmi_track_offset[i] = *hmi_data++; hmi_track_offset[i] += (*hmi_data++ << 8); hmi_track_offset[i] += (*hmi_data++ << 16); hmi_track_offset[i] += (*hmi_data++ << 24); if (hmi_size < (hmi_track_offset[i] + 0x5a + 4)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_HMI, ""file too short"", 0); goto _hmi_end; } hmi_addr = hmi_base + hmi_track_offset[i]; if (memcmp(hmi_addr, ""HMI-MIDITRACK"", 13)) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_NOT_HMI, NULL, 0); goto _hmi_end; } hmi_track_header_length[i] = hmi_addr[0x57]; hmi_track_header_length[i] += (hmi_addr[0x58] << 8); hmi_track_header_length[i] += (hmi_addr[0x59] << 16); hmi_track_header_length[i] += (hmi_addr[0x5a] << 24); hmi_addr += hmi_track_header_length[i]; hmi_track_offset[i] += hmi_track_header_length[i]; hmi_delta[i] = 0; if (*hmi_addr > 0x7f) { do { hmi_delta[i] = (hmi_delta[i] << 7) + (*hmi_addr & 0x7f); hmi_addr++; hmi_track_offset[i]++; } while (*hmi_addr > 0x7f); } hmi_delta[i] = (hmi_delta[i] << 7) + (*hmi_addr & 0x7f); hmi_track_offset[i]++; hmi_addr++; if (hmi_delta[i] < smallest_delta) { smallest_delta = hmi_delta[i]; } hmi_track_end[i] = 0; hmi_running_event[i] = 0; for (j = 0; j < 128; j++) { hmi_tmp = (128 * i) + j; note[hmi_tmp].length = 0; note[hmi_tmp].channel = 0; } } subtract_delta = smallest_delta; sample_count_f= (((float) smallest_delta * samples_per_delta_f) + sample_remainder); sample_count = (uint32_t) sample_count_f; sample_remainder = sample_count_f - (float) sample_count; hmi_mdi->events[hmi_mdi->event_count - 1].samples_to_next += sample_count; hmi_mdi->extra_info.approx_total_samples += sample_count; while (hmi_tracks_ended < hmi_track_cnt) { smallest_delta = 0; for (i = 0; i < hmi_track_cnt; i++) { if (hmi_track_end[i]) continue; for (j = 0; j < 128; j++) { hmi_tmp = (128 * i) + j; if (note[hmi_tmp].length) { note[hmi_tmp].length -= subtract_delta; if (note[hmi_tmp].length) { if ((!smallest_delta) || (smallest_delta > note[hmi_tmp].length)) { smallest_delta = note[hmi_tmp].length; } } else { _WM_midi_setup_noteoff(hmi_mdi, note[hmi_tmp].channel, j, 0); } } } if (hmi_delta[i]) { hmi_delta[i] -= subtract_delta; if (hmi_delta[i]) { if ((!smallest_delta) || (smallest_delta > hmi_delta[i])) { smallest_delta = hmi_delta[i]; } continue; } } do { hmi_data = hmi_base + hmi_track_offset[i]; hmi_delta[i] = 0; if (hmi_data[0] == 0xfe) { if (hmi_data[1] == 0x10) { hmi_tmp = (hmi_data[4] + 5); hmi_data += hmi_tmp; hmi_track_offset[i] += hmi_tmp; } else if (hmi_data[1] == 0x15) { hmi_data += 4; hmi_track_offset[i] += 4; } hmi_data += 4; hmi_track_offset[i] += 4; } else { if ((setup_ret = _WM_SetupMidiEvent(hmi_mdi,hmi_data,hmi_running_event[i])) == 0) { goto _hmi_end; } if ((hmi_data[0] == 0xff) && (hmi_data[1] == 0x2f) && (hmi_data[2] == 0x00)) { hmi_track_end[i] = 1; hmi_tracks_ended++; for(j = 0; j < 128; j++) { hmi_tmp = (128 * i) + j; if (note[hmi_tmp].length) { _WM_midi_setup_noteoff(hmi_mdi, note[hmi_tmp].channel, j, 0); note[hmi_tmp].length = 0; } } goto _hmi_next_track; } if ((*hmi_data == 0xF0) || (*hmi_data == 0xF7)) { hmi_running_event[i] = 0; } else if (*hmi_data < 0xF0) { if (*hmi_data >= 0x80) { hmi_running_event[i] = *hmi_data; } } if ((hmi_running_event[i] & 0xf0) == 0x90) { if (*hmi_data > 127) { hmi_tmp = hmi_data[1]; } else { hmi_tmp = *hmi_data; } hmi_tmp += (i * 128); note[hmi_tmp].channel = hmi_running_event[i] & 0xf; hmi_data += setup_ret; hmi_track_offset[i] += setup_ret; note[hmi_tmp].length = 0; if (*hmi_data > 0x7f) { do { note[hmi_tmp].length = (note[hmi_tmp].length << 7) | (*hmi_data & 0x7F); hmi_data++; hmi_track_offset[i]++; } while (*hmi_data > 0x7F); } note[hmi_tmp].length = (note[hmi_tmp].length << 7) | (*hmi_data & 0x7F); hmi_data++; hmi_track_offset[i]++; if (note[hmi_tmp].length) { if ((!smallest_delta) || (smallest_delta > note[hmi_tmp].length)) { smallest_delta = note[hmi_tmp].length; } } else { _WM_midi_setup_noteoff(hmi_mdi, note[hmi_tmp].channel, j, 0); } } else { hmi_data += setup_ret; hmi_track_offset[i] += setup_ret; } } if (*hmi_data > 0x7f) { do { hmi_delta[i] = (hmi_delta[i] << 7) | (*hmi_data & 0x7F); hmi_data++; hmi_track_offset[i]++; } while (*hmi_data > 0x7F); } hmi_delta[i] = (hmi_delta[i] << 7) | (*hmi_data & 0x7F); hmi_data++; hmi_track_offset[i]++; } while (!hmi_delta[i]); if ((!smallest_delta) || (smallest_delta > hmi_delta[i])) { smallest_delta = hmi_delta[i]; } _hmi_next_track: hmi_tmp = 0; UNUSED(hmi_tmp); } subtract_delta = smallest_delta; sample_count_f= (((float) smallest_delta * samples_per_delta_f) + sample_remainder); sample_count = (uint32_t) sample_count_f; sample_remainder = sample_count_f - (float) sample_count; hmi_mdi->events[hmi_mdi->event_count - 1].samples_to_next += sample_count; hmi_mdi->extra_info.approx_total_samples += sample_count; } if ((hmi_mdi->reverb = _WM_init_reverb(_WM_SampleRate, _WM_reverb_room_width, _WM_reverb_room_length, _WM_reverb_listen_posx, _WM_reverb_listen_posy)) == NULL) { _WM_GLOBAL_ERROR(__FUNCTION__, __LINE__, WM_ERR_MEM, ""to init reverb"", 0); goto _hmi_end; } hmi_mdi->extra_info.current_sample = 0; hmi_mdi->current_event = &hmi_mdi->events[0]; hmi_mdi->samples_to_mix = 0; hmi_mdi->note = NULL; _WM_ResetToStart(hmi_mdi); _hmi_end: free(hmi_track_offset); free(hmi_track_header_length); free(hmi_track_end); free(hmi_delta); free(note); free(hmi_running_event); if (hmi_mdi->reverb) return (hmi_mdi); _WM_freeMDI(hmi_mdi); return 0; }",visit repo url,src/f_hmi.c,https://github.com/Mindwerks/wildmidi,228306204356738,1 1536,[],"int sched_setscheduler(struct task_struct *p, int policy, struct sched_param *param) { int retval, oldprio, oldpolicy = -1, on_rq, running; unsigned long flags; const struct sched_class *prev_class = p->sched_class; struct rq *rq; BUG_ON(in_interrupt()); recheck: if (policy < 0) policy = oldpolicy = p->policy; else if (policy != SCHED_FIFO && policy != SCHED_RR && policy != SCHED_NORMAL && policy != SCHED_BATCH && policy != SCHED_IDLE) return -EINVAL; if (param->sched_priority < 0 || (p->mm && param->sched_priority > MAX_USER_RT_PRIO-1) || (!p->mm && param->sched_priority > MAX_RT_PRIO-1)) return -EINVAL; if (rt_policy(policy) != (param->sched_priority != 0)) return -EINVAL; if (!capable(CAP_SYS_NICE)) { if (rt_policy(policy)) { unsigned long rlim_rtprio; if (!lock_task_sighand(p, &flags)) return -ESRCH; rlim_rtprio = p->signal->rlim[RLIMIT_RTPRIO].rlim_cur; unlock_task_sighand(p, &flags); if (policy != p->policy && !rlim_rtprio) return -EPERM; if (param->sched_priority > p->rt_priority && param->sched_priority > rlim_rtprio) return -EPERM; } if (p->policy == SCHED_IDLE && policy != SCHED_IDLE) return -EPERM; if ((current->euid != p->euid) && (current->euid != p->uid)) return -EPERM; } #ifdef CONFIG_RT_GROUP_SCHED if (rt_policy(policy) && task_group(p)->rt_bandwidth.rt_runtime == 0) return -EPERM; #endif retval = security_task_setscheduler(p, policy, param); if (retval) return retval; spin_lock_irqsave(&p->pi_lock, flags); rq = __task_rq_lock(p); if (unlikely(oldpolicy != -1 && oldpolicy != p->policy)) { policy = oldpolicy = -1; __task_rq_unlock(rq); spin_unlock_irqrestore(&p->pi_lock, flags); goto recheck; } update_rq_clock(rq); on_rq = p->se.on_rq; running = task_current(rq, p); if (on_rq) deactivate_task(rq, p, 0); if (running) p->sched_class->put_prev_task(rq, p); oldprio = p->prio; __setscheduler(rq, p, policy, param->sched_priority); if (running) p->sched_class->set_curr_task(rq); if (on_rq) { activate_task(rq, p, 0); check_class_changed(rq, p, prev_class, oldprio, running); } __task_rq_unlock(rq); spin_unlock_irqrestore(&p->pi_lock, flags); rt_mutex_adjust_pi(p); return 0; }",linux-2.6,,,331270262931666159769547357197253801270,0 3284,['CWE-189'],"static char *jas_iccsigtostr(int sig, char *buf) { int n; int c; char *bufptr; bufptr = buf; for (n = 4; n > 0; --n) { c = (sig >> 24) & 0xff; if (isalpha(c) || isdigit(c)) { *bufptr++ = c; } sig <<= 8; } *bufptr = '\0'; return buf; }",jasper,,,255751305036135083087207428797518347391,0 4982,CWE-787,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 1236,CWE-200,"static int do_devinfo_ioctl(struct comedi_device *dev, struct comedi_devinfo __user *arg, struct file *file) { struct comedi_devinfo devinfo; const unsigned minor = iminor(file->f_dentry->d_inode); struct comedi_device_file_info *dev_file_info = comedi_get_device_file_info(minor); struct comedi_subdevice *read_subdev = comedi_get_read_subdevice(dev_file_info); struct comedi_subdevice *write_subdev = comedi_get_write_subdevice(dev_file_info); memset(&devinfo, 0, sizeof(devinfo)); devinfo.version_code = COMEDI_VERSION_CODE; devinfo.n_subdevs = dev->n_subdevices; memcpy(devinfo.driver_name, dev->driver->driver_name, COMEDI_NAMELEN); memcpy(devinfo.board_name, dev->board_name, COMEDI_NAMELEN); if (read_subdev) devinfo.read_subdevice = read_subdev - dev->subdevices; else devinfo.read_subdevice = -1; if (write_subdev) devinfo.write_subdevice = write_subdev - dev->subdevices; else devinfo.write_subdevice = -1; if (copy_to_user(arg, &devinfo, sizeof(struct comedi_devinfo))) return -EFAULT; return 0; }",visit repo url,drivers/staging/comedi/comedi_fops.c,https://github.com/torvalds/linux,71569394185603,1 6530,CWE-125,"static MOBI_RET mobi_decompress_huffman_internal(MOBIBuffer *buf_out, MOBIBuffer *buf_in, const MOBIHuffCdic *huffcdic, size_t depth) { if (depth > MOBI_HUFFMAN_MAXDEPTH) { debug_print(""Too many levels of recursion: %zu\n"", depth); return MOBI_DATA_CORRUPT; } MOBI_RET ret = MOBI_SUCCESS; int8_t bitcount = 32; int bitsleft = (int) (buf_in->maxlen * 8); uint8_t code_length = 0; uint64_t buffer = mobi_buffer_fill64(buf_in); while (ret == MOBI_SUCCESS) { if (bitcount <= 0) { bitcount += 32; buffer = mobi_buffer_fill64(buf_in); } uint32_t code = (buffer >> bitcount) & 0xffffffffU; uint32_t t1 = huffcdic->table1[code >> 24]; code_length = t1 & 0x1f; uint32_t maxcode = (((t1 >> 8) + 1) << (32 - code_length)) - 1; if (!(t1 & 0x80)) { while (code < huffcdic->mincode_table[code_length]) { code_length++; } maxcode = huffcdic->maxcode_table[code_length]; } bitcount -= code_length; bitsleft -= code_length; if (bitsleft < 0) { break; } uint32_t index = (uint32_t) (maxcode - code) >> (32 - code_length); uint16_t cdic_index = (uint16_t) ((uint32_t)index >> huffcdic->code_length); if (index >= huffcdic->index_count) { debug_print(""Wrong symbol offsets index: %u\n"", index); return MOBI_DATA_CORRUPT; } uint32_t offset = huffcdic->symbol_offsets[index]; uint32_t symbol_length = (uint32_t) huffcdic->symbols[cdic_index][offset] << 8 | (uint32_t) huffcdic->symbols[cdic_index][offset + 1]; int is_decompressed = symbol_length >> 15; symbol_length &= 0x7fff; if (is_decompressed) { mobi_buffer_addraw(buf_out, (huffcdic->symbols[cdic_index] + offset + 2), symbol_length); ret = buf_out->error; } else { MOBIBuffer buf_sym; buf_sym.data = huffcdic->symbols[cdic_index] + offset + 2; buf_sym.offset = 0; buf_sym.maxlen = symbol_length; buf_sym.error = MOBI_SUCCESS; ret = mobi_decompress_huffman_internal(buf_out, &buf_sym, huffcdic, depth + 1); } } return ret; }",visit repo url,src/compression.c,https://github.com/bfabiszewski/libmobi,123802984556811,1 4503,CWE-125,"GF_Err diST_box_read(GF_Box *s, GF_BitStream *bs) { u32 i; char str[1024]; GF_DIMSScriptTypesBox *p = (GF_DIMSScriptTypesBox *)s; i=0; str[0]=0; while (1) { str[i] = gf_bs_read_u8(bs); if (!str[i]) break; i++; } ISOM_DECREASE_SIZE(p, i); p->content_script_types = gf_strdup(str); return GF_OK; }",visit repo url,src/isomedia/box_code_3gpp.c,https://github.com/gpac/gpac,251153550350918,1 6090,CWE-190,"int cp_bls_sig(g1_t s, const uint8_t *msg, int len, const bn_t d) { g1_t p; int result = RLC_OK; g1_null(p); RLC_TRY { g1_new(p); g1_map(p, msg, len); g1_mul_key(s, p, d); } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { g1_free(p); } return result; }",visit repo url,src/cp/relic_cp_bls.c,https://github.com/relic-toolkit/relic,228664803742593,1 5000,['CWE-346'],"int udev_monitor_send_device(struct udev_monitor *udev_monitor, struct udev_device *udev_device) { const char *buf; ssize_t len; ssize_t count; len = udev_device_get_properties_monitor_buf(udev_device, &buf); if (len < 32) return -1; if (udev_monitor->sun.sun_family != 0) count = sendto(udev_monitor->sock, buf, len, 0, (struct sockaddr *)&udev_monitor->sun, udev_monitor->addrlen); else if (udev_monitor->snl.nl_family != 0) count = sendto(udev_monitor->sock, buf, len, 0, (struct sockaddr *)&udev_monitor->snl_peer, sizeof(struct sockaddr_nl)); else return -1; info(udev_monitor->udev, ""passed %zi bytes to monitor %p\n"", count, udev_monitor); return count; }",udev,,,14987850168324568879021447526933639201,0 737,CWE-20,"static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int ret; int copylen; ret = -EOPNOTSUPP; if (m->msg_flags&MSG_OOB) goto read_error; m->msg_namelen = 0; skb = skb_recv_datagram(sk, flags, 0 , &ret); if (!skb) goto read_error; copylen = skb->len; if (len < copylen) { m->msg_flags |= MSG_TRUNC; copylen = len; } ret = skb_copy_datagram_iovec(skb, 0, m->msg_iov, copylen); if (ret) goto out_free; ret = (flags & MSG_TRUNC) ? skb->len : copylen; out_free: skb_free_datagram(sk, skb); caif_check_flow_release(sk); return ret; read_error: return ret; }",visit repo url,net/caif/caif_socket.c,https://github.com/torvalds/linux,109452384008025,1 3079,CWE-310,"int DSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; int ret=-1; s = DSA_SIG_new(); if (s == NULL) return(ret); if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; ret=DSA_do_verify(dgst,dgst_len,s,dsa); err: DSA_SIG_free(s); return(ret); }",visit repo url,crypto/dsa/dsa_asn1.c,https://github.com/openssl/openssl,267425325261949,1 642,CWE-20,"static int rawv6_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)msg->msg_name; struct sk_buff *skb; size_t copied; int err; if (flags & MSG_OOB) return -EOPNOTSUPP; if (addr_len) *addr_len=sizeof(*sin6); if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len); if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len); skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (copied > len) { copied = len; msg->msg_flags |= MSG_TRUNC; } if (skb_csum_unnecessary(skb)) { err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); } else if (msg->msg_flags&MSG_TRUNC) { if (__skb_checksum_complete(skb)) goto csum_copy_err; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); } else { err = skb_copy_and_csum_datagram_iovec(skb, 0, msg->msg_iov); if (err == -EINVAL) goto csum_copy_err; } if (err) goto out_free; if (sin6) { sin6->sin6_family = AF_INET6; sin6->sin6_port = 0; sin6->sin6_addr = ipv6_hdr(skb)->saddr; sin6->sin6_flowinfo = 0; sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, IP6CB(skb)->iif); } sock_recv_ts_and_drops(msg, sk, skb); if (np->rxopt.all) ip6_datagram_recv_ctl(sk, msg, skb); err = copied; if (flags & MSG_TRUNC) err = skb->len; out_free: skb_free_datagram(sk, skb); out: return err; csum_copy_err: skb_kill_datagram(sk, skb, flags); err = (flags&MSG_DONTWAIT) ? -EAGAIN : -EHOSTUNREACH; goto out; }",visit repo url,net/ipv6/raw.c,https://github.com/torvalds/linux,215034858141935,1 5992,['CWE-200'],"static unsigned long rsvp_get(struct tcf_proto *tp, u32 handle) { struct rsvp_session **sht = ((struct rsvp_head*)tp->root)->ht; struct rsvp_session *s; struct rsvp_filter *f; unsigned h1 = handle&0xFF; unsigned h2 = (handle>>8)&0xFF; if (h2 > 16) return 0; for (s = sht[h1]; s; s = s->next) { for (f = s->ht[h2]; f; f = f->next) { if (f->handle == handle) return (unsigned long)f; } } return 0; }",linux-2.6,,,189825555729764640536265455971491137960,0 3998,['CWE-362'],"void inotify_inode_is_dead(struct inode *inode) { struct inotify_watch *watch, *next; mutex_lock(&inode->inotify_mutex); list_for_each_entry_safe(watch, next, &inode->inotify_watches, i_list) { struct inotify_handle *ih = watch->ih; mutex_lock(&ih->mutex); inotify_remove_watch_locked(ih, watch); mutex_unlock(&ih->mutex); } mutex_unlock(&inode->inotify_mutex); }",linux-2.6,,,241198506121208974983782916058195424150,0 652,[],"void dccp_shutdown(struct sock *sk, int how) { dccp_pr_debug(""entry\n""); }",linux-2.6,,,173925927760466276053544744690195737182,0 6162,['CWE-200'],"static void mrtsock_destruct(struct sock *sk) { rtnl_lock(); if (sk == mroute_socket) { ipv4_devconf.mc_forwarding--; write_lock_bh(&mrt_lock); mroute_socket=NULL; write_unlock_bh(&mrt_lock); mroute_clean_tables(sk); } rtnl_unlock(); }",linux-2.6,,,177531172012155086197397056503334047016,0 5715,CWE-416,"void luaV_execute (lua_State *L, CallInfo *ci) { LClosure *cl; TValue *k; StkId base; const Instruction *pc; int trap; #if LUA_USE_JUMPTABLE #include ""ljumptab.h"" #endif tailcall: trap = L->hookmask; cl = clLvalue(s2v(ci->func)); k = cl->p->k; pc = ci->u.l.savedpc; if (trap) { if (cl->p->is_vararg) trap = 0; else if (pc == cl->p->code) luaD_hookcall(L, ci); ci->u.l.trap = 1; } base = ci->func + 1; for (;;) { Instruction i; StkId ra; vmfetch(); lua_assert(base == ci->func + 1); lua_assert(base <= L->top && L->top < L->stack + L->stacksize); lua_assert(isIT(i) || (cast_void(L->top = base), 1)); vmdispatch (GET_OPCODE(i)) { vmcase(OP_MOVE) { setobjs2s(L, ra, RB(i)); vmbreak; } vmcase(OP_LOADI) { lua_Integer b = GETARG_sBx(i); setivalue(s2v(ra), b); vmbreak; } vmcase(OP_LOADF) { int b = GETARG_sBx(i); setfltvalue(s2v(ra), cast_num(b)); vmbreak; } vmcase(OP_LOADK) { TValue *rb = k + GETARG_Bx(i); setobj2s(L, ra, rb); vmbreak; } vmcase(OP_LOADKX) { TValue *rb; rb = k + GETARG_Ax(*pc); pc++; setobj2s(L, ra, rb); vmbreak; } vmcase(OP_LOADFALSE) { setbfvalue(s2v(ra)); vmbreak; } vmcase(OP_LFALSESKIP) { setbfvalue(s2v(ra)); pc++; vmbreak; } vmcase(OP_LOADTRUE) { setbtvalue(s2v(ra)); vmbreak; } vmcase(OP_LOADNIL) { int b = GETARG_B(i); do { setnilvalue(s2v(ra++)); } while (b--); vmbreak; } vmcase(OP_GETUPVAL) { int b = GETARG_B(i); setobj2s(L, ra, cl->upvals[b]->v); vmbreak; } vmcase(OP_SETUPVAL) { UpVal *uv = cl->upvals[GETARG_B(i)]; setobj(L, uv->v, s2v(ra)); luaC_barrier(L, uv, s2v(ra)); vmbreak; } vmcase(OP_GETTABUP) { const TValue *slot; TValue *upval = cl->upvals[GETARG_B(i)]->v; TValue *rc = KC(i); TString *key = tsvalue(rc); if (luaV_fastget(L, upval, key, slot, luaH_getshortstr)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, upval, rc, ra, slot)); vmbreak; } vmcase(OP_GETTABLE) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = vRC(i); lua_Unsigned n; if (ttisinteger(rc) ? (cast_void(n = ivalue(rc)), luaV_fastgeti(L, rb, n, slot)) : luaV_fastget(L, rb, rc, slot, luaH_get)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, rb, rc, ra, slot)); vmbreak; } vmcase(OP_GETI) { const TValue *slot; TValue *rb = vRB(i); int c = GETARG_C(i); if (luaV_fastgeti(L, rb, c, slot)) { setobj2s(L, ra, slot); } else { TValue key; setivalue(&key, c); Protect(luaV_finishget(L, rb, &key, ra, slot)); } vmbreak; } vmcase(OP_GETFIELD) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = KC(i); TString *key = tsvalue(rc); if (luaV_fastget(L, rb, key, slot, luaH_getshortstr)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, rb, rc, ra, slot)); vmbreak; } vmcase(OP_SETTABUP) { const TValue *slot; TValue *upval = cl->upvals[GETARG_A(i)]->v; TValue *rb = KB(i); TValue *rc = RKC(i); TString *key = tsvalue(rb); if (luaV_fastget(L, upval, key, slot, luaH_getshortstr)) { luaV_finishfastset(L, upval, slot, rc); } else Protect(luaV_finishset(L, upval, rb, rc, slot)); vmbreak; } vmcase(OP_SETTABLE) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = RKC(i); lua_Unsigned n; if (ttisinteger(rb) ? (cast_void(n = ivalue(rb)), luaV_fastgeti(L, s2v(ra), n, slot)) : luaV_fastget(L, s2v(ra), rb, slot, luaH_get)) { luaV_finishfastset(L, s2v(ra), slot, rc); } else Protect(luaV_finishset(L, s2v(ra), rb, rc, slot)); vmbreak; } vmcase(OP_SETI) { const TValue *slot; int c = GETARG_B(i); TValue *rc = RKC(i); if (luaV_fastgeti(L, s2v(ra), c, slot)) { luaV_finishfastset(L, s2v(ra), slot, rc); } else { TValue key; setivalue(&key, c); Protect(luaV_finishset(L, s2v(ra), &key, rc, slot)); } vmbreak; } vmcase(OP_SETFIELD) { const TValue *slot; TValue *rb = KB(i); TValue *rc = RKC(i); TString *key = tsvalue(rb); if (luaV_fastget(L, s2v(ra), key, slot, luaH_getshortstr)) { luaV_finishfastset(L, s2v(ra), slot, rc); } else Protect(luaV_finishset(L, s2v(ra), rb, rc, slot)); vmbreak; } vmcase(OP_NEWTABLE) { int b = GETARG_B(i); int c = GETARG_C(i); Table *t; if (b > 0) b = 1 << (b - 1); lua_assert((!TESTARG_k(i)) == (GETARG_Ax(*pc) == 0)); if (TESTARG_k(i)) c += GETARG_Ax(*pc) * (MAXARG_C + 1); pc++; L->top = ra + 1; t = luaH_new(L); sethvalue2s(L, ra, t); if (b != 0 || c != 0) luaH_resize(L, t, c, b); checkGC(L, ra + 1); vmbreak; } vmcase(OP_SELF) { const TValue *slot; TValue *rb = vRB(i); TValue *rc = RKC(i); TString *key = tsvalue(rc); setobj2s(L, ra + 1, rb); if (luaV_fastget(L, rb, key, slot, luaH_getstr)) { setobj2s(L, ra, slot); } else Protect(luaV_finishget(L, rb, rc, ra, slot)); vmbreak; } vmcase(OP_ADDI) { op_arithI(L, l_addi, luai_numadd); vmbreak; } vmcase(OP_ADDK) { op_arithK(L, l_addi, luai_numadd); vmbreak; } vmcase(OP_SUBK) { op_arithK(L, l_subi, luai_numsub); vmbreak; } vmcase(OP_MULK) { op_arithK(L, l_muli, luai_nummul); vmbreak; } vmcase(OP_MODK) { op_arithK(L, luaV_mod, luaV_modf); vmbreak; } vmcase(OP_POWK) { op_arithfK(L, luai_numpow); vmbreak; } vmcase(OP_DIVK) { op_arithfK(L, luai_numdiv); vmbreak; } vmcase(OP_IDIVK) { op_arithK(L, luaV_idiv, luai_numidiv); vmbreak; } vmcase(OP_BANDK) { op_bitwiseK(L, l_band); vmbreak; } vmcase(OP_BORK) { op_bitwiseK(L, l_bor); vmbreak; } vmcase(OP_BXORK) { op_bitwiseK(L, l_bxor); vmbreak; } vmcase(OP_SHRI) { TValue *rb = vRB(i); int ic = GETARG_sC(i); lua_Integer ib; if (tointegerns(rb, &ib)) { pc++; setivalue(s2v(ra), luaV_shiftl(ib, -ic)); } vmbreak; } vmcase(OP_SHLI) { TValue *rb = vRB(i); int ic = GETARG_sC(i); lua_Integer ib; if (tointegerns(rb, &ib)) { pc++; setivalue(s2v(ra), luaV_shiftl(ic, ib)); } vmbreak; } vmcase(OP_ADD) { op_arith(L, l_addi, luai_numadd); vmbreak; } vmcase(OP_SUB) { op_arith(L, l_subi, luai_numsub); vmbreak; } vmcase(OP_MUL) { op_arith(L, l_muli, luai_nummul); vmbreak; } vmcase(OP_MOD) { op_arith(L, luaV_mod, luaV_modf); vmbreak; } vmcase(OP_POW) { op_arithf(L, luai_numpow); vmbreak; } vmcase(OP_DIV) { op_arithf(L, luai_numdiv); vmbreak; } vmcase(OP_IDIV) { op_arith(L, luaV_idiv, luai_numidiv); vmbreak; } vmcase(OP_BAND) { op_bitwise(L, l_band); vmbreak; } vmcase(OP_BOR) { op_bitwise(L, l_bor); vmbreak; } vmcase(OP_BXOR) { op_bitwise(L, l_bxor); vmbreak; } vmcase(OP_SHR) { op_bitwise(L, luaV_shiftr); vmbreak; } vmcase(OP_SHL) { op_bitwise(L, luaV_shiftl); vmbreak; } vmcase(OP_MMBIN) { Instruction pi = *(pc - 2); TValue *rb = vRB(i); TMS tm = (TMS)GETARG_C(i); StkId result = RA(pi); lua_assert(OP_ADD <= GET_OPCODE(pi) && GET_OPCODE(pi) <= OP_SHR); Protect(luaT_trybinTM(L, s2v(ra), rb, result, tm)); vmbreak; } vmcase(OP_MMBINI) { Instruction pi = *(pc - 2); int imm = GETARG_sB(i); TMS tm = (TMS)GETARG_C(i); int flip = GETARG_k(i); StkId result = RA(pi); Protect(luaT_trybiniTM(L, s2v(ra), imm, flip, result, tm)); vmbreak; } vmcase(OP_MMBINK) { Instruction pi = *(pc - 2); TValue *imm = KB(i); TMS tm = (TMS)GETARG_C(i); int flip = GETARG_k(i); StkId result = RA(pi); Protect(luaT_trybinassocTM(L, s2v(ra), imm, flip, result, tm)); vmbreak; } vmcase(OP_UNM) { TValue *rb = vRB(i); lua_Number nb; if (ttisinteger(rb)) { lua_Integer ib = ivalue(rb); setivalue(s2v(ra), intop(-, 0, ib)); } else if (tonumberns(rb, nb)) { setfltvalue(s2v(ra), luai_numunm(L, nb)); } else Protect(luaT_trybinTM(L, rb, rb, ra, TM_UNM)); vmbreak; } vmcase(OP_BNOT) { TValue *rb = vRB(i); lua_Integer ib; if (tointegerns(rb, &ib)) { setivalue(s2v(ra), intop(^, ~l_castS2U(0), ib)); } else Protect(luaT_trybinTM(L, rb, rb, ra, TM_BNOT)); vmbreak; } vmcase(OP_NOT) { TValue *rb = vRB(i); if (l_isfalse(rb)) setbtvalue(s2v(ra)); else setbfvalue(s2v(ra)); vmbreak; } vmcase(OP_LEN) { Protect(luaV_objlen(L, ra, vRB(i))); vmbreak; } vmcase(OP_CONCAT) { int n = GETARG_B(i); L->top = ra + n; ProtectNT(luaV_concat(L, n)); checkGC(L, L->top); vmbreak; } vmcase(OP_CLOSE) { Protect(luaF_close(L, ra, LUA_OK)); vmbreak; } vmcase(OP_TBC) { halfProtect(luaF_newtbcupval(L, ra)); vmbreak; } vmcase(OP_JMP) { dojump(ci, i, 0); vmbreak; } vmcase(OP_EQ) { int cond; TValue *rb = vRB(i); Protect(cond = luaV_equalobj(L, s2v(ra), rb)); docondjump(); vmbreak; } vmcase(OP_LT) { op_order(L, l_lti, LTnum, lessthanothers); vmbreak; } vmcase(OP_LE) { op_order(L, l_lei, LEnum, lessequalothers); vmbreak; } vmcase(OP_EQK) { TValue *rb = KB(i); int cond = luaV_rawequalobj(s2v(ra), rb); docondjump(); vmbreak; } vmcase(OP_EQI) { int cond; int im = GETARG_sB(i); if (ttisinteger(s2v(ra))) cond = (ivalue(s2v(ra)) == im); else if (ttisfloat(s2v(ra))) cond = luai_numeq(fltvalue(s2v(ra)), cast_num(im)); else cond = 0; docondjump(); vmbreak; } vmcase(OP_LTI) { op_orderI(L, l_lti, luai_numlt, 0, TM_LT); vmbreak; } vmcase(OP_LEI) { op_orderI(L, l_lei, luai_numle, 0, TM_LE); vmbreak; } vmcase(OP_GTI) { op_orderI(L, l_gti, luai_numgt, 1, TM_LT); vmbreak; } vmcase(OP_GEI) { op_orderI(L, l_gei, luai_numge, 1, TM_LE); vmbreak; } vmcase(OP_TEST) { int cond = !l_isfalse(s2v(ra)); docondjump(); vmbreak; } vmcase(OP_TESTSET) { TValue *rb = vRB(i); if (l_isfalse(rb) == GETARG_k(i)) pc++; else { setobj2s(L, ra, rb); donextjump(ci); } vmbreak; } vmcase(OP_CALL) { int b = GETARG_B(i); int nresults = GETARG_C(i) - 1; if (b != 0) L->top = ra + b; ProtectNT(luaD_call(L, ra, nresults)); vmbreak; } vmcase(OP_TAILCALL) { int b = GETARG_B(i); int nparams1 = GETARG_C(i); int delta = (nparams1) ? ci->u.l.nextraargs + nparams1 : 0; if (b != 0) L->top = ra + b; else b = cast_int(L->top - ra); savepc(ci); if (TESTARG_k(i)) { luaF_close(L, base, NOCLOSINGMETH); lua_assert(base == ci->func + 1); } while (!ttisfunction(s2v(ra))) { luaD_tryfuncTM(L, ra); b++; checkstackp(L, 1, ra); } if (!ttisLclosure(s2v(ra))) { luaD_call(L, ra, LUA_MULTRET); updatetrap(ci); updatestack(ci); ci->func -= delta; luaD_poscall(L, ci, cast_int(L->top - ra)); return; } ci->func -= delta; luaD_pretailcall(L, ci, ra, b); goto tailcall; } vmcase(OP_RETURN) { int n = GETARG_B(i) - 1; int nparams1 = GETARG_C(i); if (n < 0) n = cast_int(L->top - ra); savepc(ci); if (TESTARG_k(i)) { if (L->top < ci->top) L->top = ci->top; luaF_close(L, base, LUA_OK); updatetrap(ci); updatestack(ci); } if (nparams1) ci->func -= ci->u.l.nextraargs + nparams1; L->top = ra + n; luaD_poscall(L, ci, n); return; } vmcase(OP_RETURN0) { if (L->hookmask) { L->top = ra; halfProtectNT(luaD_poscall(L, ci, 0)); } else { int nres = ci->nresults; L->ci = ci->previous; L->top = base - 1; while (nres-- > 0) setnilvalue(s2v(L->top++)); } return; } vmcase(OP_RETURN1) { if (L->hookmask) { L->top = ra + 1; halfProtectNT(luaD_poscall(L, ci, 1)); } else { int nres = ci->nresults; L->ci = ci->previous; if (nres == 0) L->top = base - 1; else { setobjs2s(L, base - 1, ra); L->top = base; while (--nres > 0) setnilvalue(s2v(L->top++)); } } return; } vmcase(OP_FORLOOP) { if (ttisinteger(s2v(ra + 2))) { lua_Unsigned count = l_castS2U(ivalue(s2v(ra + 1))); if (count > 0) { lua_Integer step = ivalue(s2v(ra + 2)); lua_Integer idx = ivalue(s2v(ra)); chgivalue(s2v(ra + 1), count - 1); idx = intop(+, idx, step); chgivalue(s2v(ra), idx); setivalue(s2v(ra + 3), idx); pc -= GETARG_Bx(i); } } else if (floatforloop(ra)) pc -= GETARG_Bx(i); updatetrap(ci); vmbreak; } vmcase(OP_FORPREP) { savestate(L, ci); if (forprep(L, ra)) pc += GETARG_Bx(i) + 1; vmbreak; } vmcase(OP_TFORPREP) { halfProtect(luaF_newtbcupval(L, ra + 3)); pc += GETARG_Bx(i); i = *(pc++); lua_assert(GET_OPCODE(i) == OP_TFORCALL && ra == RA(i)); goto l_tforcall; } vmcase(OP_TFORCALL) { l_tforcall: memcpy(ra + 4, ra, 3 * sizeof(*ra)); L->top = ra + 4 + 3; ProtectNT(luaD_call(L, ra + 4, GETARG_C(i))); updatestack(ci); i = *(pc++); lua_assert(GET_OPCODE(i) == OP_TFORLOOP && ra == RA(i)); goto l_tforloop; } vmcase(OP_TFORLOOP) { l_tforloop: if (!ttisnil(s2v(ra + 4))) { setobjs2s(L, ra + 2, ra + 4); pc -= GETARG_Bx(i); } vmbreak; } vmcase(OP_SETLIST) { int n = GETARG_B(i); unsigned int last = GETARG_C(i); Table *h = hvalue(s2v(ra)); if (n == 0) n = cast_int(L->top - ra) - 1; else L->top = ci->top; last += n; if (TESTARG_k(i)) { last += GETARG_Ax(*pc) * (MAXARG_C + 1); pc++; } if (last > luaH_realasize(h)) luaH_resizearray(L, h, last); for (; n > 0; n--) { TValue *val = s2v(ra + n); setobj2t(L, &h->array[last - 1], val); last--; luaC_barrierback(L, obj2gco(h), val); } vmbreak; } vmcase(OP_CLOSURE) { Proto *p = cl->p->p[GETARG_Bx(i)]; halfProtect(pushclosure(L, p, cl->upvals, base, ra)); checkGC(L, ra + 1); vmbreak; } vmcase(OP_VARARG) { int n = GETARG_C(i) - 1; Protect(luaT_getvarargs(L, ci, ra, n)); vmbreak; } vmcase(OP_VARARGPREP) { luaT_adjustvarargs(L, GETARG_A(i), ci, cl->p); updatetrap(ci); if (trap) { luaD_hookcall(L, ci); L->oldpc = pc + 1; } updatebase(ci); vmbreak; } vmcase(OP_EXTRAARG) { lua_assert(0); vmbreak; } } } }",visit repo url,lvm.c,https://github.com/lua/lua,61224653283891,1 1106,CWE-362,"void cipso_v4_req_delattr(struct request_sock *req) { struct ip_options *opt; struct inet_request_sock *req_inet; req_inet = inet_rsk(req); opt = req_inet->opt; if (opt == NULL || opt->cipso == 0) return; cipso_v4_delopt(&req_inet->opt); }",visit repo url,net/ipv4/cipso_ipv4.c,https://github.com/torvalds/linux,7002036707200,1 3731,[],"static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb) { memcpy(UNIXSID(skb), &scm->secid, sizeof(u32)); }",linux-2.6,,,206776386293568646931171671792373939597,0 1190,CWE-400,"int do_fpu_inst(unsigned short inst, struct pt_regs *regs) { struct task_struct *tsk = current; struct sh_fpu_soft_struct *fpu = &(tsk->thread.xstate->softfpu); perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); if (!(task_thread_info(tsk)->status & TS_USEDFPU)) { fpu_init(fpu); task_thread_info(tsk)->status |= TS_USEDFPU; } return fpu_emulate(inst, fpu, regs); }",visit repo url,arch/sh/math-emu/math.c,https://github.com/torvalds/linux,223248019585872,1 4759,['CWE-20'],"__u32 ext4_free_blks_count(struct super_block *sb, struct ext4_group_desc *bg) { return le16_to_cpu(bg->bg_free_blocks_count_lo) | (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT ? (__u32)le16_to_cpu(bg->bg_free_blocks_count_hi) << 16 : 0); }",linux-2.6,,,225563730444624783085598496711383653581,0 1720,CWE-19,"ext2_xattr_delete_inode(struct inode *inode) { struct buffer_head *bh = NULL; struct mb_cache_entry *ce; down_write(&EXT2_I(inode)->xattr_sem); if (!EXT2_I(inode)->i_file_acl) goto cleanup; bh = sb_bread(inode->i_sb, EXT2_I(inode)->i_file_acl); if (!bh) { ext2_error(inode->i_sb, ""ext2_xattr_delete_inode"", ""inode %ld: block %d read error"", inode->i_ino, EXT2_I(inode)->i_file_acl); goto cleanup; } ea_bdebug(bh, ""b_count=%d"", atomic_read(&(bh->b_count))); if (HDR(bh)->h_magic != cpu_to_le32(EXT2_XATTR_MAGIC) || HDR(bh)->h_blocks != cpu_to_le32(1)) { ext2_error(inode->i_sb, ""ext2_xattr_delete_inode"", ""inode %ld: bad block %d"", inode->i_ino, EXT2_I(inode)->i_file_acl); goto cleanup; } ce = mb_cache_entry_get(ext2_xattr_cache, bh->b_bdev, bh->b_blocknr); lock_buffer(bh); if (HDR(bh)->h_refcount == cpu_to_le32(1)) { if (ce) mb_cache_entry_free(ce); ext2_free_blocks(inode, EXT2_I(inode)->i_file_acl, 1); get_bh(bh); bforget(bh); unlock_buffer(bh); } else { le32_add_cpu(&HDR(bh)->h_refcount, -1); if (ce) mb_cache_entry_release(ce); ea_bdebug(bh, ""refcount now=%d"", le32_to_cpu(HDR(bh)->h_refcount)); unlock_buffer(bh); mark_buffer_dirty(bh); if (IS_SYNC(inode)) sync_dirty_buffer(bh); dquot_free_block_nodirty(inode, 1); } EXT2_I(inode)->i_file_acl = 0; cleanup: brelse(bh); up_write(&EXT2_I(inode)->xattr_sem); }",visit repo url,fs/ext2/xattr.c,https://github.com/torvalds/linux,275752887577517,1 6587,['CWE-200'],"applet_get_all_connections (NMApplet *applet) { GSList *list; GSList *connections = NULL; list = nm_settings_list_connections (NM_SETTINGS (applet->dbus_settings)); g_slist_foreach (list, exported_connection_to_connection, &connections); g_slist_free (list); list = nm_settings_list_connections (NM_SETTINGS (applet->gconf_settings)); g_slist_foreach (list, exported_connection_to_connection, &connections); g_slist_free (list); return connections; }",network-manager-applet,,,107192676130611935747076476147843007917,0 3458,['CWE-20'],"static sctp_disposition_t sctp_sf_violation_chunklen( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { static const char err_str[]=""The following chunk had invalid length:""; return sctp_sf_abort_violation(ep, asoc, arg, commands, err_str, sizeof(err_str)); }",linux-2.6,,,251921199442124022652033749322699714868,0 5667,['CWE-476'],"static void udp_v6_unhash(struct sock *sk) { write_lock_bh(&udp_hash_lock); if (sk_del_node_init(sk)) { inet_sk(sk)->num = 0; sock_prot_dec_use(sk->sk_prot); } write_unlock_bh(&udp_hash_lock); }",linux-2.6,,,304986409885610847513587863153930685778,0 3248,['CWE-189'],"void jpc_seglist_remove(jpc_dec_seglist_t *list, jpc_dec_seg_t *seg) { jpc_dec_seg_t *prev; jpc_dec_seg_t *next; prev = seg->prev; next = seg->next; if (prev) { prev->next = next; } else { list->head = next; } if (next) { next->prev = prev; } else { list->tail = prev; } seg->prev = 0; seg->next = 0; }",jasper,,,128935476382735541280012189432243319657,0 375,CWE-732,"static ssize_t read_mem(struct file *file, char __user *buf, size_t count, loff_t *ppos) { phys_addr_t p = *ppos; ssize_t read, sz; void *ptr; if (p != *ppos) return 0; if (!valid_phys_addr_range(p, count)) return -EFAULT; read = 0; #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED if (p < PAGE_SIZE) { sz = size_inside_page(p, count); if (sz > 0) { if (clear_user(buf, sz)) return -EFAULT; buf += sz; p += sz; count -= sz; read += sz; } } #endif while (count > 0) { unsigned long remaining; sz = size_inside_page(p, count); if (!range_is_allowed(p >> PAGE_SHIFT, count)) return -EPERM; ptr = xlate_dev_mem_ptr(p); if (!ptr) return -EFAULT; remaining = copy_to_user(buf, ptr, sz); unxlate_dev_mem_ptr(p, ptr); if (remaining) return -EFAULT; buf += sz; p += sz; count -= sz; read += sz; } *ppos += read; return read; }",visit repo url,drivers/char/mem.c,https://github.com/torvalds/linux,245805057924464,1 5774,['CWE-200'],"static void rose_destroy_timer(unsigned long data) { rose_destroy_socket((struct sock *)data); }",linux-2.6,,,34214554152433350492150099207309057563,0 375,[],"pfm_check_task_state(pfm_context_t *ctx, int cmd, unsigned long flags) { struct task_struct *task; int state, old_state; recheck: state = ctx->ctx_state; task = ctx->ctx_task; if (task == NULL) { DPRINT((""context %d no task, state=%d\n"", ctx->ctx_fd, state)); return 0; } DPRINT((""context %d state=%d [%d] task_state=%ld must_stop=%d\n"", ctx->ctx_fd, state, task->pid, task->state, PFM_CMD_STOPPED(cmd))); if (task == current || ctx->ctx_fl_system) return 0; switch(state) { case PFM_CTX_UNLOADED: return 0; case PFM_CTX_ZOMBIE: DPRINT((""cmd %d state zombie cannot operate on context\n"", cmd)); return -EINVAL; case PFM_CTX_MASKED: if (cmd != PFM_UNLOAD_CONTEXT) return 0; } if (PFM_CMD_STOPPED(cmd)) { if ((task->state != TASK_STOPPED) && (task->state != TASK_TRACED)) { DPRINT((""[%d] task not in stopped state\n"", task->pid)); return -EBUSY; } old_state = state; UNPROTECT_CTX(ctx, flags); wait_task_inactive(task); PROTECT_CTX(ctx, flags); if (ctx->ctx_state != old_state) { DPRINT((""old_state=%d new_state=%d\n"", old_state, ctx->ctx_state)); goto recheck; } } return 0; }",linux-2.6,,,149195430170582445525580568727767421475,0 3283,CWE-20,"wb_prep(netdissect_options *ndo, const struct pkt_prep *prep, u_int len) { int n; const struct pgstate *ps; const u_char *ep = ndo->ndo_snapend; ND_PRINT((ndo, "" wb-prep:"")); if (len < sizeof(*prep)) { return (-1); } n = EXTRACT_32BITS(&prep->pp_n); ps = (const struct pgstate *)(prep + 1); while (--n >= 0 && !ND_TTEST(*ps)) { const struct id_off *io, *ie; char c = '<'; ND_PRINT((ndo, "" %u/%s:%u"", EXTRACT_32BITS(&ps->slot), ipaddr_string(ndo, &ps->page.p_sid), EXTRACT_32BITS(&ps->page.p_uid))); io = (struct id_off *)(ps + 1); for (ie = io + ps->nid; io < ie && !ND_TTEST(*io); ++io) { ND_PRINT((ndo, ""%c%s:%u"", c, ipaddr_string(ndo, &io->id), EXTRACT_32BITS(&io->off))); c = ','; } ND_PRINT((ndo, "">"")); ps = (struct pgstate *)io; } return ((u_char *)ps <= ep? 0 : -1); }",visit repo url,print-wb.c,https://github.com/the-tcpdump-group/tcpdump,57995139633970,1 2451,['CWE-119'],"static void add_ignore_packed(struct rev_info *revs, const char *name) { int num = ++revs->num_ignore_packed; revs->ignore_packed = xrealloc(revs->ignore_packed, sizeof(const char **) * (num + 1)); revs->ignore_packed[num-1] = name; revs->ignore_packed[num] = NULL; }",git,,,283284199469041874686552172448713092552,0 1686,CWE-399,"struct pipe_inode_info *alloc_pipe_info(void) { struct pipe_inode_info *pipe; pipe = kzalloc(sizeof(struct pipe_inode_info), GFP_KERNEL); if (pipe) { pipe->bufs = kzalloc(sizeof(struct pipe_buffer) * PIPE_DEF_BUFFERS, GFP_KERNEL); if (pipe->bufs) { init_waitqueue_head(&pipe->wait); pipe->r_counter = pipe->w_counter = 1; pipe->buffers = PIPE_DEF_BUFFERS; mutex_init(&pipe->mutex); return pipe; } kfree(pipe); } return NULL; }",visit repo url,fs/pipe.c,https://github.com/torvalds/linux,276534083508519,1 937,CWE-399,"xfs_da3_fixhashpath( struct xfs_da_state *state, struct xfs_da_state_path *path) { struct xfs_da_state_blk *blk; struct xfs_da_intnode *node; struct xfs_da_node_entry *btree; xfs_dahash_t lasthash=0; int level; int count; struct xfs_inode *dp = state->args->dp; trace_xfs_da_fixhashpath(state->args); level = path->active-1; blk = &path->blk[ level ]; switch (blk->magic) { case XFS_ATTR_LEAF_MAGIC: lasthash = xfs_attr_leaf_lasthash(blk->bp, &count); if (count == 0) return; break; case XFS_DIR2_LEAFN_MAGIC: lasthash = xfs_dir2_leafn_lasthash(dp, blk->bp, &count); if (count == 0) return; break; case XFS_DA_NODE_MAGIC: lasthash = xfs_da3_node_lasthash(dp, blk->bp, &count); if (count == 0) return; break; } for (blk--, level--; level >= 0; blk--, level--) { struct xfs_da3_icnode_hdr nodehdr; node = blk->bp->b_addr; dp->d_ops->node_hdr_from_disk(&nodehdr, node); btree = dp->d_ops->node_tree_p(node); if (be32_to_cpu(btree->hashval) == lasthash) break; blk->hashval = lasthash; btree[blk->index].hashval = cpu_to_be32(lasthash); xfs_trans_log_buf(state->args->trans, blk->bp, XFS_DA_LOGRANGE(node, &btree[blk->index], sizeof(*btree))); lasthash = be32_to_cpu(btree[nodehdr.count - 1].hashval); } }",visit repo url,fs/xfs/xfs_da_btree.c,https://github.com/torvalds/linux,166585671680650,1 6024,NVD-CWE-noinfo,"int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash, unsigned hash_size, const uint8_t *signature, uECC_Curve curve) { uECC_word_t u1[uECC_MAX_WORDS], u2[uECC_MAX_WORDS]; uECC_word_t z[uECC_MAX_WORDS]; uECC_word_t sum[uECC_MAX_WORDS * 2]; uECC_word_t rx[uECC_MAX_WORDS]; uECC_word_t ry[uECC_MAX_WORDS]; uECC_word_t tx[uECC_MAX_WORDS]; uECC_word_t ty[uECC_MAX_WORDS]; uECC_word_t tz[uECC_MAX_WORDS]; const uECC_word_t *points[4]; const uECC_word_t *point; bitcount_t num_bits; bitcount_t i; #if uECC_VLI_NATIVE_LITTLE_ENDIAN uECC_word_t *_public = (uECC_word_t *)public_key; #else uECC_word_t _public[uECC_MAX_WORDS * 2]; #endif uECC_word_t r[uECC_MAX_WORDS], s[uECC_MAX_WORDS]; wordcount_t num_words = curve->num_words; wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); rx[num_n_words - 1] = 0; r[num_n_words - 1] = 0; s[num_n_words - 1] = 0; #if uECC_VLI_NATIVE_LITTLE_ENDIAN bcopy((uint8_t *) r, signature, curve->num_bytes); bcopy((uint8_t *) s, signature + curve->num_bytes, curve->num_bytes); #else uECC_vli_bytesToNative(_public, public_key, curve->num_bytes); uECC_vli_bytesToNative( _public + num_words, public_key + curve->num_bytes, curve->num_bytes); uECC_vli_bytesToNative(r, signature, curve->num_bytes); uECC_vli_bytesToNative(s, signature + curve->num_bytes, curve->num_bytes); #endif if (uECC_vli_isZero(r, num_words) || uECC_vli_isZero(s, num_words)) { return 0; } if (uECC_vli_cmp_unsafe(curve->n, r, num_n_words) != 1 || uECC_vli_cmp_unsafe(curve->n, s, num_n_words) != 1) { return 0; } uECC_vli_modInv(z, s, curve->n, num_n_words); u1[num_n_words - 1] = 0; bits2int(u1, message_hash, hash_size, curve); uECC_vli_modMult(u1, u1, z, curve->n, num_n_words); uECC_vli_modMult(u2, r, z, curve->n, num_n_words); uECC_vli_set(sum, _public, num_words); uECC_vli_set(sum + num_words, _public + num_words, num_words); uECC_vli_set(tx, curve->G, num_words); uECC_vli_set(ty, curve->G + num_words, num_words); uECC_vli_modSub(z, sum, tx, curve->p, num_words); XYcZ_add(tx, ty, sum, sum + num_words, curve); uECC_vli_modInv(z, z, curve->p, num_words); apply_z(sum, sum + num_words, z, curve); points[0] = 0; points[1] = curve->G; points[2] = _public; points[3] = sum; num_bits = smax(uECC_vli_numBits(u1, num_n_words), uECC_vli_numBits(u2, num_n_words)); point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | ((!!uECC_vli_testBit(u2, num_bits - 1)) << 1)]; uECC_vli_set(rx, point, num_words); uECC_vli_set(ry, point + num_words, num_words); uECC_vli_clear(z, num_words); z[0] = 1; for (i = num_bits - 2; i >= 0; --i) { uECC_word_t index; curve->double_jacobian(rx, ry, z, curve); index = (!!uECC_vli_testBit(u1, i)) | ((!!uECC_vli_testBit(u2, i)) << 1); point = points[index]; if (point) { uECC_vli_set(tx, point, num_words); uECC_vli_set(ty, point + num_words, num_words); apply_z(tx, ty, z, curve); uECC_vli_modSub(tz, rx, tx, curve->p, num_words); XYcZ_add(tx, ty, rx, ry, curve); uECC_vli_modMult_fast(z, z, tz, curve); } } uECC_vli_modInv(z, z, curve->p, num_words); apply_z(rx, ry, z, curve); if (uECC_vli_cmp_unsafe(curve->n, rx, num_n_words) != 1) { uECC_vli_sub(rx, rx, curve->n, num_n_words); } return (int)(uECC_vli_equal(rx, r, num_words)); }",visit repo url,uECC.c,https://github.com/kmackay/micro-ecc,252554281192326,1 5588,CWE-125,"count_comp_fors(struct compiling *c, const node *n) { int n_fors = 0; int is_async; count_comp_for: is_async = 0; n_fors++; REQ(n, comp_for); if (TYPE(CHILD(n, 0)) == ASYNC) { is_async = 1; } if (NCH(n) == (5 + is_async)) { n = CHILD(n, 4 + is_async); } else { return n_fors; } count_comp_iter: REQ(n, comp_iter); n = CHILD(n, 0); if (TYPE(n) == comp_for) goto count_comp_for; else if (TYPE(n) == comp_if) { if (NCH(n) == 3) { n = CHILD(n, 2); goto count_comp_iter; } else return n_fors; } PyErr_SetString(PyExc_SystemError, ""logic error in count_comp_fors""); return -1; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,135759560825698,1 6059,['CWE-200'],"void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len) { struct prefix_info *pinfo; __u32 valid_lft; __u32 prefered_lft; int addr_type; unsigned long rt_expires; struct inet6_dev *in6_dev; pinfo = (struct prefix_info *) opt; if (len < sizeof(struct prefix_info)) { ADBG((""addrconf: prefix option too short\n"")); return; } addr_type = ipv6_addr_type(&pinfo->prefix); if (addr_type & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL)) return; valid_lft = ntohl(pinfo->valid); prefered_lft = ntohl(pinfo->prefered); if (prefered_lft > valid_lft) { if (net_ratelimit()) printk(KERN_WARNING ""addrconf: prefix option has invalid lifetime\n""); return; } in6_dev = in6_dev_get(dev); if (in6_dev == NULL) { if (net_ratelimit()) printk(KERN_DEBUG ""addrconf: device %s not configured\n"", dev->name); return; } if (valid_lft >= 0x7FFFFFFF/HZ) rt_expires = 0; else rt_expires = jiffies + valid_lft * HZ; if (pinfo->onlink) { struct rt6_info *rt; rt = rt6_lookup(&pinfo->prefix, NULL, dev->ifindex, 1); if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) { if (rt->rt6i_flags&RTF_EXPIRES) { if (valid_lft == 0) { ip6_del_rt(rt, NULL, NULL, NULL); rt = NULL; } else { rt->rt6i_expires = rt_expires; } } } else if (valid_lft) { addrconf_prefix_route(&pinfo->prefix, pinfo->prefix_len, dev, rt_expires, RTF_ADDRCONF|RTF_EXPIRES|RTF_PREFIX_RT); } if (rt) dst_release(&rt->u.dst); } if (pinfo->autoconf && in6_dev->cnf.autoconf) { struct inet6_ifaddr * ifp; struct in6_addr addr; int create = 0, update_lft = 0; if (pinfo->prefix_len == 64) { memcpy(&addr, &pinfo->prefix, 8); if (ipv6_generate_eui64(addr.s6_addr + 8, dev) && ipv6_inherit_eui64(addr.s6_addr + 8, in6_dev)) { in6_dev_put(in6_dev); return; } goto ok; } if (net_ratelimit()) printk(KERN_DEBUG ""IPv6 addrconf: prefix with wrong length %d\n"", pinfo->prefix_len); in6_dev_put(in6_dev); return; ok: ifp = ipv6_get_ifaddr(&addr, dev, 1); if (ifp == NULL && valid_lft) { int max_addresses = in6_dev->cnf.max_addresses; if (!max_addresses || ipv6_count_addresses(in6_dev) < max_addresses) ifp = ipv6_add_addr(in6_dev, &addr, pinfo->prefix_len, addr_type&IPV6_ADDR_SCOPE_MASK, 0); if (!ifp || IS_ERR(ifp)) { in6_dev_put(in6_dev); return; } update_lft = create = 1; ifp->cstamp = jiffies; addrconf_dad_start(ifp, RTF_ADDRCONF|RTF_PREFIX_RT); } if (ifp) { int flags; unsigned long now; #ifdef CONFIG_IPV6_PRIVACY struct inet6_ifaddr *ift; #endif u32 stored_lft; spin_lock(&ifp->lock); now = jiffies; if (ifp->valid_lft > (now - ifp->tstamp) / HZ) stored_lft = ifp->valid_lft - (now - ifp->tstamp) / HZ; else stored_lft = 0; if (!update_lft && stored_lft) { if (valid_lft > MIN_VALID_LIFETIME || valid_lft > stored_lft) update_lft = 1; else if (stored_lft <= MIN_VALID_LIFETIME) { update_lft = 0; } else { valid_lft = MIN_VALID_LIFETIME; if (valid_lft < prefered_lft) prefered_lft = valid_lft; update_lft = 1; } } if (update_lft) { ifp->valid_lft = valid_lft; ifp->prefered_lft = prefered_lft; ifp->tstamp = now; flags = ifp->flags; ifp->flags &= ~IFA_F_DEPRECATED; spin_unlock(&ifp->lock); if (!(flags&IFA_F_TENTATIVE)) ipv6_ifa_notify(0, ifp); } else spin_unlock(&ifp->lock); #ifdef CONFIG_IPV6_PRIVACY read_lock_bh(&in6_dev->lock); for (ift=in6_dev->tempaddr_list; ift; ift=ift->tmp_next) { spin_lock(&ift->lock); flags = ift->flags; if (ift->valid_lft > valid_lft && ift->valid_lft - valid_lft > (jiffies - ift->tstamp) / HZ) ift->valid_lft = valid_lft + (jiffies - ift->tstamp) / HZ; if (ift->prefered_lft > prefered_lft && ift->prefered_lft - prefered_lft > (jiffies - ift->tstamp) / HZ) ift->prefered_lft = prefered_lft + (jiffies - ift->tstamp) / HZ; spin_unlock(&ift->lock); if (!(flags&IFA_F_TENTATIVE)) ipv6_ifa_notify(0, ift); } if (create && in6_dev->cnf.use_tempaddr > 0) { read_unlock_bh(&in6_dev->lock); ipv6_create_tempaddr(ifp, NULL); } else { read_unlock_bh(&in6_dev->lock); } #endif in6_ifa_put(ifp); addrconf_verify(0); } } inet6_prefix_notify(RTM_NEWPREFIX, in6_dev, pinfo); in6_dev_put(in6_dev); }",linux-2.6,,,81576839396026816954328835565451125004,0 1224,[],"dump_symbol (symbol *sym, void *arg) { struct dump_symbol_data *data = (struct dump_symbol_data *) arg; if (!SYMBOL_SHADOWED (sym) && SYMBOL_TYPE (sym) != TOKEN_VOID) { obstack_blank (data->obs, sizeof (symbol *)); data->base = (symbol **) obstack_base (data->obs); data->base[data->size++] = sym; } }",m4,,,58873219300626175215089175684938611644,0 4366,CWE-59,"int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files, rpmpsm psm, char ** failedFile) { FD_t payload = rpmtePayload(te); rpmfi fi = NULL; rpmfs fs = rpmteGetFileStates(te); rpmPlugins plugins = rpmtsPlugins(ts); int rc = 0; int fx = -1; int fc = rpmfilesFC(files); int nodigest = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOFILEDIGEST) ? 1 : 0; int nofcaps = (rpmtsFlags(ts) & RPMTRANS_FLAG_NOCAPS) ? 1 : 0; FD_t firstlinkfile = NULL; char *tid = NULL; struct filedata_s *fdata = xcalloc(fc, sizeof(*fdata)); struct filedata_s *firstlink = NULL; rasprintf(&tid, "";%08x"", (unsigned)rpmtsGetTid(ts)); fi = rpmfilesIter(files, RPMFI_ITER_FWD); while (!rc && (fx = rpmfiNext(fi)) >= 0) { struct filedata_s *fp = &fdata[fx]; if (rpmfiFFlags(fi) & RPMFILE_GHOST) fp->action = FA_SKIP; else fp->action = rpmfsGetAction(fs, fx); fp->skip = XFA_SKIPPING(fp->action); fp->setmeta = 1; if (XFA_CREATING(fp->action) && !S_ISDIR(rpmfiFMode(fi))) fp->suffix = tid; fp->fpath = fsmFsPath(fi, fp->suffix); rc = rpmfiStat(fi, 1, &fp->sb); setFileState(fs, fx); fsmDebug(fp->fpath, fp->action, &fp->sb); rc = rpmpluginsCallFsmFilePre(plugins, fi, fp->fpath, fp->sb.st_mode, fp->action); fp->stage = FILE_PRE; } fi = rpmfiFree(fi); if (rc) goto exit; if (rpmteType(te) == TR_ADDED) fi = rpmfiNewArchiveReader(payload, files, RPMFI_ITER_READ_ARCHIVE); else fi = rpmfilesIter(files, RPMFI_ITER_FWD); if (fi == NULL) { rc = RPMERR_BAD_MAGIC; goto exit; } if (!rc) rc = fsmMkdirs(files, fs, plugins); while (!rc && (fx = rpmfiNext(fi)) >= 0) { struct filedata_s *fp = &fdata[fx]; if (!fp->skip) { if (!fp->suffix) { rc = fsmBackup(fi, fp->action); } if (!fp->suffix) { if (fp->action == FA_TOUCH) { struct stat sb; rc = fsmStat(fp->fpath, 1, &sb); } else { rc = fsmVerify(fp->fpath, fi); } } else { rc = RPMERR_ENOENT; } if (rc == RPMERR_ENOENT && fp->action == FA_TOUCH) { rpmlog(RPMLOG_DEBUG, ""file %s vanished unexpectedly\n"", fp->fpath); fp->action = FA_CREATE; fsmDebug(fp->fpath, fp->action, &fp->sb); } if (fp->action == FA_TOUCH) continue; if (S_ISREG(fp->sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmMkfile(fi, fp, files, psm, nodigest, &firstlink, &firstlinkfile); } } else if (S_ISDIR(fp->sb.st_mode)) { if (rc == RPMERR_ENOENT) { mode_t mode = fp->sb.st_mode; mode &= ~07777; mode |= 00700; rc = fsmMkdir(fp->fpath, mode); } } else if (S_ISLNK(fp->sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmSymlink(rpmfiFLink(fi), fp->fpath); } } else if (S_ISFIFO(fp->sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmMkfifo(fp->fpath, 0000); } } else if (S_ISCHR(fp->sb.st_mode) || S_ISBLK(fp->sb.st_mode) || S_ISSOCK(fp->sb.st_mode)) { if (rc == RPMERR_ENOENT) { rc = fsmMknod(fp->fpath, fp->sb.st_mode, fp->sb.st_rdev); } } else { if (!IS_DEV_LOG(fp->fpath)) rc = RPMERR_UNKNOWN_FILETYPE; } } else if (firstlink && rpmfiArchiveHasContent(fi)) { rc = fsmMkfile(fi, firstlink, files, psm, nodigest, &firstlink, &firstlinkfile); } if (rc) *failedFile = xstrdup(fp->fpath); else rpmpsmNotify(psm, RPMCALLBACK_INST_PROGRESS, rpmfiArchiveTell(fi)); fp->stage = FILE_UNPACK; } fi = rpmfiFree(fi); if (!rc && fx < 0 && fx != RPMERR_ITER_END) rc = fx; fi = rpmfilesIter(files, RPMFI_ITER_FWD); while (!rc && (fx = rpmfiNext(fi)) >= 0) { struct filedata_s *fp = &fdata[fx]; if (!fp->skip && fp->setmeta) { rc = fsmSetmeta(fp->fpath, fi, plugins, fp->action, &fp->sb, nofcaps); } if (rc) *failedFile = xstrdup(fp->fpath); fp->stage = FILE_PREP; } fi = rpmfiFree(fi); fi = rpmfilesIter(files, RPMFI_ITER_FWD); while (!rc && (fx = rpmfiNext(fi)) >= 0) { struct filedata_s *fp = &fdata[fx]; if (!fp->skip) { if (!rc && fp->suffix) rc = fsmBackup(fi, fp->action); if (!rc) rc = fsmCommit(&fp->fpath, fi, fp->action, fp->suffix); if (!rc) fp->stage = FILE_COMMIT; else *failedFile = xstrdup(fp->fpath); } } fi = rpmfiFree(fi); fi = rpmfilesIter(files, RPMFI_ITER_BACK); while ((fx = rpmfiNext(fi)) >= 0) { struct filedata_s *fp = &fdata[fx]; if (fp->stage) { rpmpluginsCallFsmFilePost(plugins, fi, fp->fpath, fp->sb.st_mode, fp->action, rc); } if (rc && fp->stage > FILE_NONE && !fp->skip) { (void) fsmRemove(fp->fpath, fp->sb.st_mode); } } rpmswAdd(rpmtsOp(ts, RPMTS_OP_UNCOMPRESS), fdOp(payload, FDSTAT_READ)); rpmswAdd(rpmtsOp(ts, RPMTS_OP_DIGEST), fdOp(payload, FDSTAT_DIGEST)); exit: fi = rpmfiFree(fi); Fclose(payload); free(tid); for (int i = 0; i < fc; i++) free(fdata[i].fpath); free(fdata); return rc; }",visit repo url,lib/fsm.c,https://github.com/rpm-software-management/rpm,74535989882771,1 1222,CWE-400,"static int __perf_event_overflow(struct perf_event *event, int nmi, int throttle, struct perf_sample_data *data, struct pt_regs *regs) { int events = atomic_read(&event->event_limit); struct hw_perf_event *hwc = &event->hw; int ret = 0; if (unlikely(!is_sampling_event(event))) return 0; if (unlikely(hwc->interrupts >= max_samples_per_tick)) { if (throttle) { hwc->interrupts = MAX_INTERRUPTS; perf_log_throttle(event, 0); ret = 1; } } else hwc->interrupts++; if (event->attr.freq) { u64 now = perf_clock(); s64 delta = now - hwc->freq_time_stamp; hwc->freq_time_stamp = now; if (delta > 0 && delta < 2*TICK_NSEC) perf_adjust_period(event, delta, hwc->last_period); } event->pending_kill = POLL_IN; if (events && atomic_dec_and_test(&event->event_limit)) { ret = 1; event->pending_kill = POLL_HUP; if (nmi) { event->pending_disable = 1; irq_work_queue(&event->pending); } else perf_event_disable(event); } if (event->overflow_handler) event->overflow_handler(event, nmi, data, regs); else perf_event_output(event, nmi, data, regs); if (event->fasync && event->pending_kill) { if (nmi) { event->pending_wakeup = 1; irq_work_queue(&event->pending); } else perf_event_wakeup(event); } return ret; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,188914901247321,1 5703,CWE-416,"void luaD_shrinkstack (lua_State *L) { int inuse = stackinuse(L); int goodsize = inuse + (inuse / 8) + 2*EXTRA_STACK; if (goodsize > LUAI_MAXSTACK) goodsize = LUAI_MAXSTACK; if (inuse <= (LUAI_MAXSTACK - EXTRA_STACK) && goodsize < L->stacksize) luaD_reallocstack(L, goodsize, 0); else condmovestack(L,{},{}); luaE_shrinkCI(L); }",visit repo url,ldo.c,https://github.com/lua/lua,93153615327379,1 5468,['CWE-476'],"int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa, const void *val, int bytes) { int ret; ret = kvm_write_guest(vcpu->kvm, gpa, val, bytes); if (ret < 0) return 0; kvm_mmu_pte_write(vcpu, gpa, val, bytes, 1); return 1; }",linux-2.6,,,260921565497647764239939459860974612458,0 5470,CWE-617,"pci_msix_table_init(struct pci_vdev *dev, int table_entries) { int i, table_size; assert(table_entries > 0); assert(table_entries <= MAX_MSIX_TABLE_ENTRIES); table_size = table_entries * MSIX_TABLE_ENTRY_SIZE; dev->msix.table = calloc(1, table_size); assert(dev->msix.table != NULL); for (i = 0; i < table_entries; i++) dev->msix.table[i].vector_control |= PCIM_MSIX_VCTRL_MASK; }",visit repo url,devicemodel/hw/pci/core.c,https://github.com/projectacrn/acrn-hypervisor,59907502875044,1 2511,['CWE-119'],"static int handle_one_reflog(const char *path, const unsigned char *sha1, int flag, void *cb_data) { struct all_refs_cb *cb = cb_data; cb->warned_bad_reflog = 0; cb->name_for_errormsg = path; for_each_reflog_ent(path, handle_one_reflog_ent, cb_data); return 0; }",git,,,161951989783188390894350570576625771074,0 1805,CWE-200,"int get_rock_ridge_filename(struct iso_directory_record *de, char *retname, struct inode *inode) { struct rock_state rs; struct rock_ridge *rr; int sig; int retnamlen = 0; int truncate = 0; int ret = 0; if (!ISOFS_SB(inode->i_sb)->s_rock) return 0; *retname = 0; init_rock_state(&rs, inode); setup_rock_ridge(de, inode, &rs); repeat: while (rs.len > 2) { rr = (struct rock_ridge *)rs.chr; if (rr->len < 3) goto out; sig = isonum_721(rs.chr); if (rock_check_overflow(&rs, sig)) goto eio; rs.chr += rr->len; rs.len -= rr->len; if (rs.len < 0) goto out; switch (sig) { case SIG('R', 'R'): if ((rr->u.RR.flags[0] & RR_NM) == 0) goto out; break; case SIG('S', 'P'): if (check_sp(rr, inode)) goto out; break; case SIG('C', 'E'): rs.cont_extent = isonum_733(rr->u.CE.extent); rs.cont_offset = isonum_733(rr->u.CE.offset); rs.cont_size = isonum_733(rr->u.CE.size); break; case SIG('N', 'M'): if (truncate) break; if (rr->len < 5) break; if (rr->u.NM.flags & 6) break; if (rr->u.NM.flags & ~1) { printk(""Unsupported NM flag settings (%d)\n"", rr->u.NM.flags); break; } if ((strlen(retname) + rr->len - 5) >= 254) { truncate = 1; break; } strncat(retname, rr->u.NM.name, rr->len - 5); retnamlen += rr->len - 5; break; case SIG('R', 'E'): kfree(rs.buffer); return -1; default: break; } } ret = rock_continue(&rs); if (ret == 0) goto repeat; if (ret == 1) return retnamlen; out: kfree(rs.buffer); return ret; eio: ret = -EIO; goto out; }",visit repo url,fs/isofs/rock.c,https://github.com/torvalds/linux,101564335052353,1 4679,CWE-732,"static M_bool M_fs_check_overwrite_allowed(const char *p1, const char *p2, M_uint32 mode) { M_fs_info_t *info = NULL; char *pold = NULL; char *pnew = NULL; M_fs_type_t type; M_bool ret = M_TRUE; if (mode & M_FS_FILE_MODE_OVERWRITE) return M_TRUE; if (M_fs_info(&info, p1, M_FS_PATH_INFO_FLAGS_BASIC) != M_FS_ERROR_SUCCESS) return M_FALSE; type = M_fs_info_get_type(info); M_fs_info_destroy(info); if (type != M_FS_TYPE_DIR) { if (M_fs_perms_can_access(p2, M_FS_PERMS_MODE_NONE) == M_FS_ERROR_SUCCESS) { ret = M_FALSE; goto done; } } pold = M_fs_path_basename(p1, M_FS_SYSTEM_AUTO); pnew = M_fs_path_join(p2, pnew, M_FS_SYSTEM_AUTO); if (M_fs_perms_can_access(pnew, M_FS_PERMS_MODE_NONE) == M_FS_ERROR_SUCCESS) { ret = M_FALSE; goto done; } done: M_free(pnew); M_free(pold); return ret; }",visit repo url,base/fs/m_fs.c,https://github.com/Monetra/mstdlib,98595181708045,1 5595,[],"static int recalc_sigpending_tsk(struct task_struct *t) { if (t->signal->group_stop_count > 0 || PENDING(&t->pending, &t->blocked) || PENDING(&t->signal->shared_pending, &t->blocked)) { set_tsk_thread_flag(t, TIF_SIGPENDING); return 1; } return 0; }",linux-2.6,,,21374077368462588649005253261802213937,0 1109,CWE-362,"static struct rtable *icmp_route_lookup(struct net *net, struct sk_buff *skb_in, const struct iphdr *iph, __be32 saddr, u8 tos, int type, int code, struct icmp_bxm *param) { struct flowi4 fl4 = { .daddr = (param->replyopts.srr ? param->replyopts.faddr : iph->saddr), .saddr = saddr, .flowi4_tos = RT_TOS(tos), .flowi4_proto = IPPROTO_ICMP, .fl4_icmp_type = type, .fl4_icmp_code = code, }; struct rtable *rt, *rt2; int err; security_skb_classify_flow(skb_in, flowi4_to_flowi(&fl4)); rt = __ip_route_output_key(net, &fl4); if (IS_ERR(rt)) return rt; rt2 = rt; if (!fl4.saddr) fl4.saddr = rt->rt_src; rt = (struct rtable *) xfrm_lookup(net, &rt->dst, flowi4_to_flowi(&fl4), NULL, 0); if (!IS_ERR(rt)) { if (rt != rt2) return rt; } else if (PTR_ERR(rt) == -EPERM) { rt = NULL; } else return rt; err = xfrm_decode_session_reverse(skb_in, flowi4_to_flowi(&fl4), AF_INET); if (err) goto relookup_failed; if (inet_addr_type(net, fl4.saddr) == RTN_LOCAL) { rt2 = __ip_route_output_key(net, &fl4); if (IS_ERR(rt2)) err = PTR_ERR(rt2); } else { struct flowi4 fl4_2 = {}; unsigned long orefdst; fl4_2.daddr = fl4.saddr; rt2 = ip_route_output_key(net, &fl4_2); if (IS_ERR(rt2)) { err = PTR_ERR(rt2); goto relookup_failed; } orefdst = skb_in->_skb_refdst; err = ip_route_input(skb_in, fl4.daddr, fl4.saddr, RT_TOS(tos), rt2->dst.dev); dst_release(&rt2->dst); rt2 = skb_rtable(skb_in); skb_in->_skb_refdst = orefdst; } if (err) goto relookup_failed; rt2 = (struct rtable *) xfrm_lookup(net, &rt2->dst, flowi4_to_flowi(&fl4), NULL, XFRM_LOOKUP_ICMP); if (!IS_ERR(rt2)) { dst_release(&rt->dst); rt = rt2; } else if (PTR_ERR(rt2) == -EPERM) { if (rt) dst_release(&rt->dst); return rt2; } else { err = PTR_ERR(rt2); goto relookup_failed; } return rt; relookup_failed: if (rt) return rt; return ERR_PTR(err); }",visit repo url,net/ipv4/icmp.c,https://github.com/torvalds/linux,227303802254263,1 695,[],"static int jpc_qcx_getcompparms(jpc_qcxcp_t *compparms, jpc_cstate_t *cstate, jas_stream_t *in, uint_fast16_t len) { uint_fast8_t tmp; int n; int i; cstate = 0; n = 0; if (jpc_getuint8(in, &tmp)) { return -1; } ++n; compparms->qntsty = tmp & 0x1f; compparms->numguard = (tmp >> 5) & 7; switch (compparms->qntsty) { case JPC_QCX_SIQNT: compparms->numstepsizes = 1; break; case JPC_QCX_NOQNT: compparms->numstepsizes = (len - n); break; case JPC_QCX_SEQNT: compparms->numstepsizes = (len - n) / 2; break; } if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) { jpc_qcx_destroycompparms(compparms); return -1; } if (compparms->numstepsizes > 0) { if (!(compparms->stepsizes = jas_alloc2(compparms->numstepsizes, sizeof(uint_fast16_t)))) { abort(); } for (i = 0; i < compparms->numstepsizes; ++i) { if (compparms->qntsty == JPC_QCX_NOQNT) { if (jpc_getuint8(in, &tmp)) { return -1; } compparms->stepsizes[i] = JPC_QCX_EXPN(tmp >> 3); } else { if (jpc_getuint16(in, &compparms->stepsizes[i])) { return -1; } } } } else { compparms->stepsizes = 0; } if (jas_stream_error(in) || jas_stream_eof(in)) { jpc_qcx_destroycompparms(compparms); return -1; } return 0; }",jasper,,,92235825195852898955220563930322818282,0 2170,CWE-476,"static int __init pf_init(void) { struct pf_unit *pf; int unit; if (disable) return -EINVAL; pf_init_units(); if (pf_detect()) return -ENODEV; pf_busy = 0; if (register_blkdev(major, name)) { for (pf = units, unit = 0; unit < PF_UNITS; pf++, unit++) put_disk(pf->disk); return -EBUSY; } for (pf = units, unit = 0; unit < PF_UNITS; pf++, unit++) { struct gendisk *disk = pf->disk; if (!pf->present) continue; disk->private_data = pf; add_disk(disk); } return 0; }",visit repo url,drivers/block/paride/pf.c,https://github.com/torvalds/linux,37970748582395,1 2392,CWE-119,"static int filter_frame(AVFilterLink *inlink, AVFrame *frame) { AVFilterContext *ctx = inlink->dst; FieldOrderContext *s = ctx->priv; AVFilterLink *outlink = ctx->outputs[0]; int h, plane, line_step, line_size, line; uint8_t *data; if (!frame->interlaced_frame || frame->top_field_first == s->dst_tff) return ff_filter_frame(outlink, frame); av_dlog(ctx, ""picture will move %s one line\n"", s->dst_tff ? ""up"" : ""down""); h = frame->height; for (plane = 0; plane < 4 && frame->data[plane]; plane++) { line_step = frame->linesize[plane]; line_size = s->line_size[plane]; data = frame->data[plane]; if (s->dst_tff) { for (line = 0; line < h; line++) { if (1 + line < frame->height) { memcpy(data, data + line_step, line_size); } else { memcpy(data, data - line_step - line_step, line_size); } data += line_step; } } else { data += (h - 1) * line_step; for (line = h - 1; line >= 0 ; line--) { if (line > 0) { memcpy(data, data - line_step, line_size); } else { memcpy(data, data + line_step + line_step, line_size); } data -= line_step; } } } frame->top_field_first = s->dst_tff; return ff_filter_frame(outlink, frame); }",visit repo url,libavfilter/vf_fieldorder.c,https://github.com/FFmpeg/FFmpeg,109099649639344,1 5623,[],"static int sig_handler_ignored(void __user *handler, int sig) { return handler == SIG_IGN || (handler == SIG_DFL && sig_kernel_ignore(sig)); }",linux-2.6,,,208014217368183653313186052083614231020,0 768,CWE-20,"static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); struct sk_buff *skb; size_t copied; int err; IRDA_DEBUG(4, ""%s()\n"", __func__); msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) return err; skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { IRDA_DEBUG(2, ""%s(), Received truncated frame (%zd < %zd)!\n"", __func__, copied, size); copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",visit repo url,net/irda/af_irda.c,https://github.com/torvalds/linux,97188153830666,1 5624,CWE-125,"ast_for_async_funcdef(struct compiling *c, const node *n, asdl_seq *decorator_seq) { REQ(n, async_funcdef); REQ(CHILD(n, 0), ASYNC); REQ(CHILD(n, 1), funcdef); return ast_for_funcdef_impl(c, CHILD(n, 1), decorator_seq, 1 ); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,208679991594538,1 2174,['CWE-400'],"static int shmem_remount_fs(struct super_block *sb, int *flags, char *data) { struct shmem_sb_info *sbinfo = SHMEM_SB(sb); struct shmem_sb_info config = *sbinfo; unsigned long blocks; unsigned long inodes; int error = -EINVAL; if (shmem_parse_options(data, &config, true)) return error; spin_lock(&sbinfo->stat_lock); blocks = sbinfo->max_blocks - sbinfo->free_blocks; inodes = sbinfo->max_inodes - sbinfo->free_inodes; if (config.max_blocks < blocks) goto out; if (config.max_inodes < inodes) goto out; if (config.max_blocks && !sbinfo->max_blocks) goto out; if (config.max_inodes && !sbinfo->max_inodes) goto out; error = 0; sbinfo->max_blocks = config.max_blocks; sbinfo->free_blocks = config.max_blocks - blocks; sbinfo->max_inodes = config.max_inodes; sbinfo->free_inodes = config.max_inodes - inodes; mpol_put(sbinfo->mpol); sbinfo->mpol = config.mpol; out: spin_unlock(&sbinfo->stat_lock); return error; }",linux-2.6,,,85681055874180981993977930721020780406,0 3374,CWE-119,"static MagickBooleanType WriteGROUP4Image(const ImageInfo *image_info, Image *image,ExceptionInfo *exception) { char filename[MagickPathExtent]; FILE *file; Image *huffman_image; ImageInfo *write_info; int unique_file; MagickBooleanType status; register ssize_t i; ssize_t count; TIFF *tiff; toff_t *byte_count, strip_size; unsigned char *buffer; assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(image != (Image *) NULL); assert(image->signature == MagickCoreSignature); if (image->debug != MagickFalse) (void) LogMagickEvent(TraceEvent,GetMagickModule(),""%s"",image->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception); if (status == MagickFalse) return(status); huffman_image=CloneImage(image,0,0,MagickTrue,exception); if (huffman_image == (Image *) NULL) { (void) CloseBlob(image); return(MagickFalse); } huffman_image->endian=MSBEndian; file=(FILE *) NULL; unique_file=AcquireUniqueFileResource(filename); if (unique_file != -1) file=fdopen(unique_file,""wb""); if ((unique_file == -1) || (file == (FILE *) NULL)) { ThrowFileException(exception,FileOpenError,""UnableToCreateTemporaryFile"", filename); return(MagickFalse); } (void) FormatLocaleString(huffman_image->filename,MagickPathExtent,""tiff:%s"", filename); (void) SetImageType(huffman_image,BilevelType,exception); write_info=CloneImageInfo((ImageInfo *) NULL); SetImageInfoFile(write_info,file); (void) SetImageType(image,BilevelType,exception); (void) SetImageDepth(image,1,exception); write_info->compression=Group4Compression; write_info->type=BilevelType; (void) SetImageOption(write_info,""quantum:polarity"",""min-is-white""); status=WriteTIFFImage(write_info,huffman_image,exception); (void) fflush(file); write_info=DestroyImageInfo(write_info); if (status == MagickFalse) { huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); return(MagickFalse); } tiff=TIFFOpen(filename,""rb""); if (tiff == (TIFF *) NULL) { huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); ThrowFileException(exception,FileOpenError,""UnableToOpenFile"", image_info->filename); return(MagickFalse); } if (TIFFGetField(tiff,TIFFTAG_STRIPBYTECOUNTS,&byte_count) != 1) { TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); return(MagickFalse); } strip_size=byte_count[0]; for (i=1; i < (ssize_t) TIFFNumberOfStrips(tiff); i++) if (byte_count[i] > strip_size) strip_size=byte_count[i]; buffer=(unsigned char *) AcquireQuantumMemory((size_t) strip_size, sizeof(*buffer)); if (buffer == (unsigned char *) NULL) { TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); ThrowBinaryException(ResourceLimitError,""MemoryAllocationFailed"", image_info->filename); } for (i=0; i < (ssize_t) TIFFNumberOfStrips(tiff); i++) { count=(ssize_t) TIFFReadRawStrip(tiff,(uint32) i,buffer,strip_size); if (WriteBlob(image,(size_t) count,buffer) != count) status=MagickFalse; } buffer=(unsigned char *) RelinquishMagickMemory(buffer); TIFFClose(tiff); huffman_image=DestroyImage(huffman_image); (void) fclose(file); (void) RelinquishUniqueFileResource(filename); (void) CloseBlob(image); return(status); }",visit repo url,coders/tiff.c,https://github.com/ImageMagick/ImageMagick,127830029859842,1 5720,NVD-CWE-Other,"static StkId rethook (lua_State *L, CallInfo *ci, StkId firstres, int nres) { ptrdiff_t oldtop = savestack(L, L->top); int delta = 0; if (isLuacode(ci)) { Proto *p = clLvalue(s2v(ci->func))->p; if (p->is_vararg) delta = ci->u.l.nextraargs + p->numparams + 1; if (L->top < ci->top) L->top = ci->top; } if (L->hookmask & LUA_MASKRET) { int ftransfer; ci->func += delta; ftransfer = cast(unsigned short, firstres - ci->func); luaD_hook(L, LUA_HOOKRET, -1, ftransfer, nres); ci->func -= delta; } if (isLua(ci->previous)) L->oldpc = ci->previous->u.l.savedpc; return restorestack(L, oldtop); }",visit repo url,ldo.c,https://github.com/lua/lua,33323503315374,1 4515,['CWE-20'],"static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir, struct buffer_head **bh,struct dx_frame *frame, struct dx_hash_info *hinfo, int *error) { unsigned blocksize = dir->i_sb->s_blocksize; unsigned count, continued; struct buffer_head *bh2; ext4_lblk_t newblock; u32 hash2; struct dx_map_entry *map; char *data1 = (*bh)->b_data, *data2; unsigned split, move, size; struct ext4_dir_entry_2 *de = NULL, *de2; int err = 0, i; bh2 = ext4_append (handle, dir, &newblock, &err); if (!(bh2)) { brelse(*bh); *bh = NULL; goto errout; } BUFFER_TRACE(*bh, ""get_write_access""); err = ext4_journal_get_write_access(handle, *bh); if (err) goto journal_error; BUFFER_TRACE(frame->bh, ""get_write_access""); err = ext4_journal_get_write_access(handle, frame->bh); if (err) goto journal_error; data2 = bh2->b_data; map = (struct dx_map_entry *) (data2 + blocksize); count = dx_make_map((struct ext4_dir_entry_2 *) data1, blocksize, hinfo, map); map -= count; dx_sort_map(map, count); size = 0; move = 0; for (i = count-1; i >= 0; i--) { if (size + map[i].size/2 > blocksize/2) break; size += map[i].size; move++; } split = count - move; hash2 = map[split].hash; continued = hash2 == map[split - 1].hash; dxtrace(printk(KERN_INFO ""Split block %lu at %x, %i/%i\n"", (unsigned long)dx_get_block(frame->at), hash2, split, count-split)); de2 = dx_move_dirents(data1, data2, map + split, count - split); de = dx_pack_dirents(data1, blocksize); de->rec_len = ext4_rec_len_to_disk(data1 + blocksize - (char *) de); de2->rec_len = ext4_rec_len_to_disk(data2 + blocksize - (char *) de2); dxtrace(dx_show_leaf (hinfo, (struct ext4_dir_entry_2 *) data1, blocksize, 1)); dxtrace(dx_show_leaf (hinfo, (struct ext4_dir_entry_2 *) data2, blocksize, 1)); if (hinfo->hash >= hash2) { swap(*bh, bh2); de = de2; } dx_insert_block(frame, hash2 + continued, newblock); err = ext4_handle_dirty_metadata(handle, dir, bh2); if (err) goto journal_error; err = ext4_handle_dirty_metadata(handle, dir, frame->bh); if (err) goto journal_error; brelse(bh2); dxtrace(dx_show_index(""frame"", frame->entries)); return de; journal_error: brelse(*bh); brelse(bh2); *bh = NULL; ext4_std_error(dir->i_sb, err); errout: *error = err; return NULL; }",linux-2.6,,,131541448719081692561503837298475986218,0 5842,CWE-120,"PJ_DEF(void) pjsip_auth_create_digestSHA256(pj_str_t *result, const pj_str_t *nonce, const pj_str_t *nc, const pj_str_t *cnonce, const pj_str_t *qop, const pj_str_t *uri, const pj_str_t *realm, const pjsip_cred_info *cred_info, const pj_str_t *method) { #if PJSIP_AUTH_HAS_DIGEST_SHA256 char ha1[PJSIP_SHA256STRLEN]; char ha2[PJSIP_SHA256STRLEN]; unsigned char digest[32]; SHA256_CTX pms; pj_assert(result->slen >= PJSIP_SHA256STRLEN); AUTH_TRACE_((THIS_FILE, ""Begin creating digest"")); if ((cred_info->data_type & PASSWD_MASK) == PJSIP_CRED_DATA_PLAIN_PASSWD) { SHA256_Init(&pms); SHA256_Update( &pms, cred_info->username.ptr, cred_info->username.slen); SHA256_Update( &pms, "":"", 1); SHA256_Update( &pms, realm->ptr, realm->slen); SHA256_Update( &pms, "":"", 1); SHA256_Update( &pms, cred_info->data.ptr, cred_info->data.slen); SHA256_Final(digest, &pms); digestNtoStr(digest, 32, ha1); } else if ((cred_info->data_type & PASSWD_MASK) == PJSIP_CRED_DATA_DIGEST) { pj_assert(cred_info->data.slen == 32); pj_memcpy( ha1, cred_info->data.ptr, cred_info->data.slen ); } else { pj_assert(!""Invalid data_type""); } AUTH_TRACE_((THIS_FILE, "" ha1=%.64s"", ha1)); SHA256_Init(&pms); SHA256_Update( &pms, method->ptr, method->slen); SHA256_Update( &pms, "":"", 1); SHA256_Update( &pms, uri->ptr, uri->slen); SHA256_Final( digest, &pms); digestNtoStr(digest, 32, ha2); AUTH_TRACE_((THIS_FILE, "" ha2=%.64s"", ha2)); SHA256_Init(&pms); SHA256_Update( &pms, ha1, PJSIP_SHA256STRLEN); SHA256_Update( &pms, "":"", 1); SHA256_Update( &pms, nonce->ptr, nonce->slen); if (qop && qop->slen != 0) { SHA256_Update( &pms, "":"", 1); SHA256_Update( &pms, nc->ptr, nc->slen); SHA256_Update( &pms, "":"", 1); SHA256_Update( &pms, cnonce->ptr, cnonce->slen); SHA256_Update( &pms, "":"", 1); SHA256_Update( &pms, qop->ptr, qop->slen); } SHA256_Update( &pms, "":"", 1); SHA256_Update( &pms, ha2, PJSIP_SHA256STRLEN); SHA256_Final(digest, &pms); result->slen = PJSIP_SHA256STRLEN; digestNtoStr(digest, 32, result->ptr); AUTH_TRACE_((THIS_FILE, "" digest=%.64s"", result->ptr)); AUTH_TRACE_((THIS_FILE, ""Digest created"")); #else PJ_UNUSED_ARG(result); PJ_UNUSED_ARG(nonce); PJ_UNUSED_ARG(nc); PJ_UNUSED_ARG(cnonce); PJ_UNUSED_ARG(qop); PJ_UNUSED_ARG(uri); PJ_UNUSED_ARG(realm); PJ_UNUSED_ARG(cred_info); PJ_UNUSED_ARG(method); #endif }",visit repo url,pjsip/src/pjsip/sip_auth_client.c,https://github.com/pjsip/pjproject,147859071754755,1 2355,CWE-476,"int ff_mpeg4_decode_picture_header(Mpeg4DecContext *ctx, GetBitContext *gb) { MpegEncContext *s = &ctx->m; unsigned startcode, v; int ret; int vol = 0; align_get_bits(gb); if (!s->studio_profile && s->avctx->bits_per_raw_sample != 8) s->avctx->bits_per_raw_sample = 0; if (s->codec_tag == AV_RL32(""WV1F"") && show_bits(gb, 24) == 0x575630) { skip_bits(gb, 24); if (get_bits(gb, 8) == 0xF0) goto end; } startcode = 0xff; for (;;) { if (get_bits_count(gb) >= gb->size_in_bits) { if (gb->size_in_bits == 8 && (ctx->divx_version >= 0 || ctx->xvid_build >= 0) || s->codec_tag == AV_RL32(""QMP4"")) { av_log(s->avctx, AV_LOG_VERBOSE, ""frame skip %d\n"", gb->size_in_bits); return FRAME_SKIPPED; } else return AVERROR_INVALIDDATA; } v = get_bits(gb, 8); startcode = ((startcode << 8) | v) & 0xffffffff; if ((startcode & 0xFFFFFF00) != 0x100) continue; if (s->avctx->debug & FF_DEBUG_STARTCODE) { av_log(s->avctx, AV_LOG_DEBUG, ""startcode: %3X "", startcode); if (startcode <= 0x11F) av_log(s->avctx, AV_LOG_DEBUG, ""Video Object Start""); else if (startcode <= 0x12F) av_log(s->avctx, AV_LOG_DEBUG, ""Video Object Layer Start""); else if (startcode <= 0x13F) av_log(s->avctx, AV_LOG_DEBUG, ""Reserved""); else if (startcode <= 0x15F) av_log(s->avctx, AV_LOG_DEBUG, ""FGS bp start""); else if (startcode <= 0x1AF) av_log(s->avctx, AV_LOG_DEBUG, ""Reserved""); else if (startcode == 0x1B0) av_log(s->avctx, AV_LOG_DEBUG, ""Visual Object Seq Start""); else if (startcode == 0x1B1) av_log(s->avctx, AV_LOG_DEBUG, ""Visual Object Seq End""); else if (startcode == 0x1B2) av_log(s->avctx, AV_LOG_DEBUG, ""User Data""); else if (startcode == 0x1B3) av_log(s->avctx, AV_LOG_DEBUG, ""Group of VOP start""); else if (startcode == 0x1B4) av_log(s->avctx, AV_LOG_DEBUG, ""Video Session Error""); else if (startcode == 0x1B5) av_log(s->avctx, AV_LOG_DEBUG, ""Visual Object Start""); else if (startcode == 0x1B6) av_log(s->avctx, AV_LOG_DEBUG, ""Video Object Plane start""); else if (startcode == 0x1B7) av_log(s->avctx, AV_LOG_DEBUG, ""slice start""); else if (startcode == 0x1B8) av_log(s->avctx, AV_LOG_DEBUG, ""extension start""); else if (startcode == 0x1B9) av_log(s->avctx, AV_LOG_DEBUG, ""fgs start""); else if (startcode == 0x1BA) av_log(s->avctx, AV_LOG_DEBUG, ""FBA Object start""); else if (startcode == 0x1BB) av_log(s->avctx, AV_LOG_DEBUG, ""FBA Object Plane start""); else if (startcode == 0x1BC) av_log(s->avctx, AV_LOG_DEBUG, ""Mesh Object start""); else if (startcode == 0x1BD) av_log(s->avctx, AV_LOG_DEBUG, ""Mesh Object Plane start""); else if (startcode == 0x1BE) av_log(s->avctx, AV_LOG_DEBUG, ""Still Texture Object start""); else if (startcode == 0x1BF) av_log(s->avctx, AV_LOG_DEBUG, ""Texture Spatial Layer start""); else if (startcode == 0x1C0) av_log(s->avctx, AV_LOG_DEBUG, ""Texture SNR Layer start""); else if (startcode == 0x1C1) av_log(s->avctx, AV_LOG_DEBUG, ""Texture Tile start""); else if (startcode == 0x1C2) av_log(s->avctx, AV_LOG_DEBUG, ""Texture Shape Layer start""); else if (startcode == 0x1C3) av_log(s->avctx, AV_LOG_DEBUG, ""stuffing start""); else if (startcode <= 0x1C5) av_log(s->avctx, AV_LOG_DEBUG, ""reserved""); else if (startcode <= 0x1FF) av_log(s->avctx, AV_LOG_DEBUG, ""System start""); av_log(s->avctx, AV_LOG_DEBUG, "" at %d\n"", get_bits_count(gb)); } if (startcode >= 0x120 && startcode <= 0x12F) { if (vol) { av_log(s->avctx, AV_LOG_WARNING, ""Ignoring multiple VOL headers\n""); continue; } vol++; if ((ret = decode_vol_header(ctx, gb)) < 0) return ret; } else if (startcode == USER_DATA_STARTCODE) { decode_user_data(ctx, gb); } else if (startcode == GOP_STARTCODE) { mpeg4_decode_gop_header(s, gb); } else if (startcode == VOS_STARTCODE) { mpeg4_decode_profile_level(s, gb); if (s->avctx->profile == FF_PROFILE_MPEG4_SIMPLE_STUDIO && (s->avctx->level > 0 && s->avctx->level < 9)) { s->studio_profile = 1; next_start_code_studio(gb); extension_and_user_data(s, gb, 0); } } else if (startcode == VISUAL_OBJ_STARTCODE) { if (s->studio_profile) { if ((ret = decode_studiovisualobject(ctx, gb)) < 0) return ret; } else mpeg4_decode_visual_object(s, gb); } else if (startcode == VOP_STARTCODE) { break; } align_get_bits(gb); startcode = 0xff; } end: if (s->avctx->flags & AV_CODEC_FLAG_LOW_DELAY) s->low_delay = 1; s->avctx->has_b_frames = !s->low_delay; if (s->studio_profile) { if (!s->avctx->bits_per_raw_sample) { av_log(s->avctx, AV_LOG_ERROR, ""Missing VOL header\n""); return AVERROR_INVALIDDATA; } return decode_studio_vop_header(ctx, gb); } else return decode_vop_header(ctx, gb); }",visit repo url,libavcodec/mpeg4videodec.c,https://github.com/FFmpeg/FFmpeg,193570601783787,1 298,CWE-404,"static void cp2112_gpio_set(struct gpio_chip *chip, unsigned offset, int value) { struct cp2112_device *dev = gpiochip_get_data(chip); struct hid_device *hdev = dev->hdev; u8 *buf = dev->in_out_buffer; unsigned long flags; int ret; spin_lock_irqsave(&dev->lock, flags); buf[0] = CP2112_GPIO_SET; buf[1] = value ? 0xff : 0; buf[2] = 1 << offset; ret = hid_hw_raw_request(hdev, CP2112_GPIO_SET, buf, CP2112_GPIO_SET_LENGTH, HID_FEATURE_REPORT, HID_REQ_SET_REPORT); if (ret < 0) hid_err(hdev, ""error setting GPIO values: %d\n"", ret); spin_unlock_irqrestore(&dev->lock, flags); }",visit repo url,drivers/hid/hid-cp2112.c,https://github.com/torvalds/linux,169750086370256,1 393,[],"pfm_flush(struct file *filp, fl_owner_t id) { pfm_context_t *ctx; struct task_struct *task; struct pt_regs *regs; unsigned long flags; unsigned long smpl_buf_size = 0UL; void *smpl_buf_vaddr = NULL; int state, is_system; if (PFM_IS_FILE(filp) == 0) { DPRINT((""bad magic for\n"")); return -EBADF; } ctx = (pfm_context_t *)filp->private_data; if (ctx == NULL) { printk(KERN_ERR ""perfmon: pfm_flush: NULL ctx [%d]\n"", current->pid); return -EBADF; } if (filp->f_flags & FASYNC) { DPRINT((""cleaning up async_queue=%p\n"", ctx->ctx_async_queue)); pfm_do_fasync (-1, filp, ctx, 0); } PROTECT_CTX(ctx, flags); state = ctx->ctx_state; is_system = ctx->ctx_fl_system; task = PFM_CTX_TASK(ctx); regs = task_pt_regs(task); DPRINT((""ctx_state=%d is_current=%d\n"", state, task == current ? 1 : 0)); if (task == current) { #ifdef CONFIG_SMP if (is_system && ctx->ctx_cpu != smp_processor_id()) { DPRINT((""should be running on CPU%d\n"", ctx->ctx_cpu)); local_irq_restore(flags); pfm_syswide_cleanup_other_cpu(ctx); local_irq_save(flags); } else #endif { DPRINT((""forcing unload\n"")); pfm_context_unload(ctx, NULL, 0, regs); DPRINT((""ctx_state=%d\n"", ctx->ctx_state)); } } if (ctx->ctx_smpl_vaddr && current->mm) { smpl_buf_vaddr = ctx->ctx_smpl_vaddr; smpl_buf_size = ctx->ctx_smpl_size; } UNPROTECT_CTX(ctx, flags); if (smpl_buf_vaddr) pfm_remove_smpl_mapping(current, smpl_buf_vaddr, smpl_buf_size); return 0; }",linux-2.6,,,23134480476658309869654450485652975123,0 3599,['CWE-20'],"sctp_disposition_t sctp_sf_error_shutdown(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR, SCTP_ERROR(-ESHUTDOWN)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,45331116874402827781040878773132794353,0 610,CWE-17,"void __fput_sync(struct file *file) { if (atomic_long_dec_and_test(&file->f_count)) { struct task_struct *task = current; file_sb_list_del(file); BUG_ON(!(task->flags & PF_KTHREAD)); __fput(file); } }",visit repo url,fs/file_table.c,https://github.com/torvalds/linux,163284894694990,1 2664,[],"SCTP_STATIC int sctp_stream_listen(struct sock *sk, int backlog) { struct sctp_sock *sp = sctp_sk(sk); struct sctp_endpoint *ep = sp->ep; if (!backlog) { if (sctp_sstate(sk, CLOSED)) return 0; sctp_unhash_endpoint(ep); sk->sk_state = SCTP_SS_CLOSED; return 0; } if (sctp_sstate(sk, LISTENING)) return 0; sk->sk_state = SCTP_SS_LISTENING; if (!ep->base.bind_addr.port) { if (sctp_autobind(sk)) return -EAGAIN; } else sctp_sk(sk)->bind_hash->fastreuse = 0; sk->sk_max_ack_backlog = backlog; sctp_hash_endpoint(ep); return 0; }",linux-2.6,,,302050545838509129007618793769690942789,0 3873,CWE-416,"compile_nested_function(exarg_T *eap, cctx_T *cctx, garray_T *lines_to_free) { int is_global = *eap->arg == 'g' && eap->arg[1] == ':'; char_u *name_start = eap->arg; char_u *name_end = to_name_end(eap->arg, TRUE); int off; char_u *func_name; char_u *lambda_name; ufunc_T *ufunc; int r = FAIL; compiletype_T compile_type; isn_T *funcref_isn = NULL; if (eap->forceit) { emsg(_(e_cannot_use_bang_with_nested_def)); return NULL; } if (*name_start == '/') { name_end = skip_regexp(name_start + 1, '/', TRUE); if (*name_end == '/') ++name_end; set_nextcmd(eap, name_end); } if (name_end == name_start || *skipwhite(name_end) != '(') { if (!ends_excmd2(name_start, name_end)) { if (*skipwhite(name_end) == '.') semsg(_(e_cannot_define_dict_func_in_vim9_script_str), eap->cmd); else semsg(_(e_invalid_command_str), eap->cmd); return NULL; } if (generate_DEF(cctx, name_start, name_end - name_start) == FAIL) return NULL; return eap->nextcmd == NULL ? (char_u *)"""" : eap->nextcmd; } if (name_start[1] == ':' && !is_global) { semsg(_(e_namespace_not_supported_str), name_start); return NULL; } if (cctx->ctx_skip != SKIP_YES && check_defined(name_start, name_end - name_start, cctx, NULL, FALSE) == FAIL) return NULL; if (!ASCII_ISUPPER(is_global ? name_start[2] : name_start[0])) { semsg(_(e_function_name_must_start_with_capital_str), name_start); return NULL; } eap->arg = name_end; fill_exarg_from_cctx(eap, cctx); eap->forceit = FALSE; lambda_name = vim_strsave(get_lambda_name()); if (lambda_name == NULL) return NULL; off = is_global ? 2 : 0; func_name = vim_strnsave(name_start + off, name_end - name_start - off); if (func_name == NULL) { r = FAIL; goto theend; } ufunc = define_function(eap, lambda_name, lines_to_free); if (ufunc == NULL) { r = eap->skip ? OK : FAIL; goto theend; } if (eap->nextcmd != NULL) { semsg(_(e_text_found_after_str_str), eap->cmdidx == CMD_def ? ""enddef"" : ""endfunction"", eap->nextcmd); r = FAIL; func_ptr_unref(ufunc); goto theend; } if (!is_global && cctx->ctx_ufunc->uf_block_depth > 0) { int block_depth = cctx->ctx_ufunc->uf_block_depth; ufunc->uf_block_ids = ALLOC_MULT(int, block_depth); if (ufunc->uf_block_ids != NULL) { mch_memmove(ufunc->uf_block_ids, cctx->ctx_ufunc->uf_block_ids, sizeof(int) * block_depth); ufunc->uf_block_depth = block_depth; } } if (is_global) { r = generate_NEWFUNC(cctx, lambda_name, func_name); func_name = NULL; lambda_name = NULL; } else { lvar_T *lvar = reserve_local(cctx, func_name, name_end - name_start, TRUE, ufunc->uf_func_type); if (lvar == NULL) goto theend; if (generate_FUNCREF(cctx, ufunc, &funcref_isn) == FAIL) goto theend; r = generate_STORE(cctx, ISN_STORE, lvar->lv_idx, NULL); } compile_type = get_compile_type(ufunc); #ifdef FEAT_PROFILE if (cctx->ctx_compile_type == CT_PROFILE) compile_type = CT_PROFILE; #endif if (func_needs_compiling(ufunc, compile_type) && compile_def_function(ufunc, TRUE, compile_type, cctx) == FAIL) { func_ptr_unref(ufunc); goto theend; } #ifdef FEAT_PROFILE if (compile_type == CT_PROFILE && func_needs_compiling(ufunc, CT_NONE)) compile_def_function(ufunc, FALSE, CT_NONE, cctx); #endif if (funcref_isn != NULL && ufunc->uf_def_status == UF_COMPILED) funcref_isn->isn_arg.funcref.fr_dfunc_idx = ufunc->uf_dfunc_idx; theend: vim_free(lambda_name); vim_free(func_name); return r == FAIL ? NULL : (char_u *)""""; }",visit repo url,src/vim9compile.c,https://github.com/vim/vim,244014294353908,1 3457,['CWE-20'],"struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, const struct sctp_chunk *chunk) { struct sctp_chunk *retval; retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); if (retval && chunk) retval->transport = chunk->transport; return retval; }",linux-2.6,,,76329519084938750454742254251726526763,0 5053,CWE-787,"mcs_recv_connect_response(STREAM mcs_data) { UNUSED(mcs_data); uint8 result; int length; STREAM s; RD_BOOL is_fastpath; uint8 fastpath_hdr; logger(Protocol, Debug, ""%s()"", __func__); s = iso_recv(&is_fastpath, &fastpath_hdr); if (s == NULL) return False; ber_parse_header(s, MCS_CONNECT_RESPONSE, &length); ber_parse_header(s, BER_TAG_RESULT, &length); in_uint8(s, result); if (result != 0) { logger(Protocol, Error, ""mcs_recv_connect_response(), result=%d"", result); return False; } ber_parse_header(s, BER_TAG_INTEGER, &length); in_uint8s(s, length); mcs_parse_domain_params(s); ber_parse_header(s, BER_TAG_OCTET_STRING, &length); sec_process_mcs_data(s); return s_check_end(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,147212801501316,1 1328,['CWE-119'],"static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, unsigned char *eoc, unsigned long **oid, unsigned int *len) { unsigned long subid; unsigned int size; unsigned long *optr; size = eoc - ctx->pointer + 1; if (size < 2 || size > ULONG_MAX/sizeof(unsigned long)) return 0; *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC); if (*oid == NULL) { if (net_ratelimit()) printk(""OOM in bsalg (%d)\n"", __LINE__); return 0; } optr = *oid; if (!asn1_subid_decode(ctx, &subid)) { kfree(*oid); *oid = NULL; return 0; } if (subid < 40) { optr [0] = 0; optr [1] = subid; } else if (subid < 80) { optr [0] = 1; optr [1] = subid - 40; } else { optr [0] = 2; optr [1] = subid - 80; } *len = 2; optr += 2; while (ctx->pointer < eoc) { if (++(*len) > size) { ctx->error = ASN1_ERR_DEC_BADVALUE; kfree(*oid); *oid = NULL; return 0; } if (!asn1_subid_decode(ctx, optr++)) { kfree(*oid); *oid = NULL; return 0; } } return 1; }",linux-2.6,,,101942061924583243196237170036656760343,0 5020,['CWE-120'],"void util_remove_trailing_chars(char *path, char c) { size_t len; if (path == NULL) return; len = strlen(path); while (len > 0 && path[len-1] == c) path[--len] = '\0'; }",udev,,,16342807529673078196836675306642724163,0 4400,['CWE-264'],"int sock_common_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int addr_len = 0; int err; err = sk->sk_prot->recvmsg(iocb, sk, msg, size, flags & MSG_DONTWAIT, flags & ~MSG_DONTWAIT, &addr_len); if (err >= 0) msg->msg_namelen = addr_len; return err; }",linux-2.6,,,108302188126851612922338040872878596825,0 4423,CWE-125,"mrb_vm_exec(mrb_state *mrb, const struct RProc *proc, const mrb_code *pc) { const mrb_irep *irep = proc->body.irep; const mrb_pool_value *pool = irep->pool; const mrb_sym *syms = irep->syms; mrb_code insn; int ai = mrb_gc_arena_save(mrb); struct mrb_jmpbuf *prev_jmp = mrb->jmp; struct mrb_jmpbuf c_jmp; uint32_t a; uint16_t b; uint16_t c; mrb_sym mid; const struct mrb_irep_catch_handler *ch; #ifdef DIRECT_THREADED static const void * const optable[] = { #define OPCODE(x,_) &&L_OP_ ## x, #include ""mruby/ops.h"" #undef OPCODE }; #endif mrb_bool exc_catched = FALSE; RETRY_TRY_BLOCK: MRB_TRY(&c_jmp) { if (exc_catched) { exc_catched = FALSE; mrb_gc_arena_restore(mrb, ai); if (mrb->exc && mrb->exc->tt == MRB_TT_BREAK) goto L_BREAK; goto L_RAISE; } mrb->jmp = &c_jmp; mrb_vm_ci_proc_set(mrb->c->ci, proc); #define regs (mrb->c->ci->stack) INIT_DISPATCH { CASE(OP_NOP, Z) { NEXT; } CASE(OP_MOVE, BB) { regs[a] = regs[b]; NEXT; } CASE(OP_LOADL, BB) { switch (pool[b].tt) { case IREP_TT_INT32: regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i32); break; case IREP_TT_INT64: #if defined(MRB_INT64) regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; #else #if defined(MRB_64BIT) if (INT32_MIN <= pool[b].u.i64 && pool[b].u.i64 <= INT32_MAX) { regs[a] = mrb_int_value(mrb, (mrb_int)pool[b].u.i64); break; } #endif goto L_INT_OVERFLOW; #endif case IREP_TT_BIGINT: goto L_INT_OVERFLOW; #ifndef MRB_NO_FLOAT case IREP_TT_FLOAT: regs[a] = mrb_float_value(mrb, pool[b].u.f); break; #endif default: regs[a] = mrb_nil_value(); break; } NEXT; } CASE(OP_LOADI, BB) { SET_FIXNUM_VALUE(regs[a], b); NEXT; } CASE(OP_LOADINEG, BB) { SET_FIXNUM_VALUE(regs[a], -b); NEXT; } CASE(OP_LOADI__1,B) goto L_LOADI; CASE(OP_LOADI_0,B) goto L_LOADI; CASE(OP_LOADI_1,B) goto L_LOADI; CASE(OP_LOADI_2,B) goto L_LOADI; CASE(OP_LOADI_3,B) goto L_LOADI; CASE(OP_LOADI_4,B) goto L_LOADI; CASE(OP_LOADI_5,B) goto L_LOADI; CASE(OP_LOADI_6,B) goto L_LOADI; CASE(OP_LOADI_7, B) { L_LOADI: SET_FIXNUM_VALUE(regs[a], (mrb_int)insn - (mrb_int)OP_LOADI_0); NEXT; } CASE(OP_LOADI16, BS) { SET_FIXNUM_VALUE(regs[a], (mrb_int)(int16_t)b); NEXT; } CASE(OP_LOADI32, BSS) { SET_INT_VALUE(mrb, regs[a], (int32_t)(((uint32_t)b<<16)+c)); NEXT; } CASE(OP_LOADSYM, BB) { SET_SYM_VALUE(regs[a], syms[b]); NEXT; } CASE(OP_LOADNIL, B) { SET_NIL_VALUE(regs[a]); NEXT; } CASE(OP_LOADSELF, B) { regs[a] = regs[0]; NEXT; } CASE(OP_LOADT, B) { SET_TRUE_VALUE(regs[a]); NEXT; } CASE(OP_LOADF, B) { SET_FALSE_VALUE(regs[a]); NEXT; } CASE(OP_GETGV, BB) { mrb_value val = mrb_gv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETGV, BB) { mrb_gv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETSV, BB) { mrb_value val = mrb_vm_special_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETSV, BB) { mrb_vm_special_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIV, BB) { regs[a] = mrb_iv_get(mrb, regs[0], syms[b]); NEXT; } CASE(OP_SETIV, BB) { mrb_iv_set(mrb, regs[0], syms[b], regs[a]); NEXT; } CASE(OP_GETCV, BB) { mrb_value val; val = mrb_vm_cv_get(mrb, syms[b]); regs[a] = val; NEXT; } CASE(OP_SETCV, BB) { mrb_vm_cv_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETIDX, B) { mrb_value va = regs[a], vb = regs[a+1]; switch (mrb_type(va)) { case MRB_TT_ARRAY: if (!mrb_integer_p(vb)) goto getidx_fallback; regs[a] = mrb_ary_entry(va, mrb_integer(vb)); break; case MRB_TT_HASH: regs[a] = mrb_hash_get(mrb, va, vb); break; case MRB_TT_STRING: switch (mrb_type(vb)) { case MRB_TT_INTEGER: case MRB_TT_STRING: case MRB_TT_RANGE: regs[a] = mrb_str_aref(mrb, va, vb, mrb_undef_value()); break; default: goto getidx_fallback; } break; default: getidx_fallback: mid = MRB_OPSYM(aref); goto L_SEND_SYM; } NEXT; } CASE(OP_SETIDX, B) { c = 2; mid = MRB_OPSYM(aset); SET_NIL_VALUE(regs[a+3]); goto L_SENDB_SYM; } CASE(OP_GETCONST, BB) { regs[a] = mrb_vm_const_get(mrb, syms[b]); NEXT; } CASE(OP_SETCONST, BB) { mrb_vm_const_set(mrb, syms[b], regs[a]); NEXT; } CASE(OP_GETMCNST, BB) { regs[a] = mrb_const_get(mrb, regs[a], syms[b]); NEXT; } CASE(OP_SETMCNST, BB) { mrb_const_set(mrb, regs[a+1], syms[b], regs[a]); NEXT; } CASE(OP_GETUPVAR, BBB) { mrb_value *regs_a = regs + a; struct REnv *e = uvenv(mrb, c); if (e && b < MRB_ENV_LEN(e)) { *regs_a = e->stack[b]; } else { *regs_a = mrb_nil_value(); } NEXT; } CASE(OP_SETUPVAR, BBB) { struct REnv *e = uvenv(mrb, c); if (e) { mrb_value *regs_a = regs + a; if (b < MRB_ENV_LEN(e)) { e->stack[b] = *regs_a; mrb_write_barrier(mrb, (struct RBasic*)e); } } NEXT; } CASE(OP_JMP, S) { pc += (int16_t)a; JUMP; } CASE(OP_JMPIF, BS) { if (mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNOT, BS) { if (!mrb_test(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPNIL, BS) { if (mrb_nil_p(regs[a])) { pc += (int16_t)b; JUMP; } NEXT; } CASE(OP_JMPUW, S) { a = (uint32_t)((pc - irep->iseq) + (int16_t)a); CHECKPOINT_RESTORE(RBREAK_TAG_JUMP) { struct RBreak *brk = (struct RBreak*)mrb->exc; mrb_value target = mrb_break_value_get(brk); mrb_assert(mrb_integer_p(target)); a = (uint32_t)mrb_integer(target); mrb_assert(a >= 0 && a < irep->ilen); } CHECKPOINT_MAIN(RBREAK_TAG_JUMP) { ch = catch_handler_find(mrb, mrb->c->ci, pc, MRB_CATCH_FILTER_ENSURE); if (ch) { if (a < mrb_irep_catch_handler_unpack(ch->begin) || a >= mrb_irep_catch_handler_unpack(ch->end)) { THROW_TAGGED_BREAK(mrb, RBREAK_TAG_JUMP, proc, mrb_fixnum_value(a)); } } } CHECKPOINT_END(RBREAK_TAG_JUMP); mrb->exc = NULL; pc = irep->iseq + a; JUMP; } CASE(OP_EXCEPT, B) { mrb_value exc; if (mrb->exc == NULL) { exc = mrb_nil_value(); } else { switch (mrb->exc->tt) { case MRB_TT_BREAK: case MRB_TT_EXCEPTION: exc = mrb_obj_value(mrb->exc); break; default: mrb_assert(!""bad mrb_type""); exc = mrb_nil_value(); break; } mrb->exc = NULL; } regs[a] = exc; NEXT; } CASE(OP_RESCUE, BB) { mrb_value exc = regs[a]; mrb_value e = regs[b]; struct RClass *ec; switch (mrb_type(e)) { case MRB_TT_CLASS: case MRB_TT_MODULE: break; default: { mrb_value exc; exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""class or module required for rescue clause""); mrb_exc_set(mrb, exc); goto L_RAISE; } } ec = mrb_class_ptr(e); regs[b] = mrb_bool_value(mrb_obj_is_kind_of(mrb, exc, ec)); NEXT; } CASE(OP_RAISEIF, B) { mrb_value exc = regs[a]; if (mrb_break_p(exc)) { mrb->exc = mrb_obj_ptr(exc); goto L_BREAK; } mrb_exc_set(mrb, exc); if (mrb->exc) { goto L_RAISE; } NEXT; } CASE(OP_SSEND, BBB) { regs[a] = regs[0]; insn = OP_SEND; } goto L_SENDB; CASE(OP_SSENDB, BBB) { regs[a] = regs[0]; } goto L_SENDB; CASE(OP_SEND, BBB) goto L_SENDB; L_SEND_SYM: c = 1; SET_NIL_VALUE(regs[a+2]); goto L_SENDB_SYM; CASE(OP_SENDB, BBB) L_SENDB: mid = syms[b]; L_SENDB_SYM: { mrb_callinfo *ci = mrb->c->ci; mrb_method_t m; struct RClass *cls; mrb_value recv, blk; ARGUMENT_NORMALIZE(a, &c, insn); recv = regs[a]; cls = mrb_class(mrb, recv); m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &c, blk, 0); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, c); if (MRB_METHOD_CFUNC_P(m)) { if (MRB_METHOD_PROC_P(m)) { struct RProc *p = MRB_METHOD_PROC(m); mrb_vm_ci_proc_set(ci, p); recv = p->body.func(mrb, recv); } else { if (MRB_METHOD_NOARG_P(m)) { check_method_noarg(mrb, ci); } recv = MRB_METHOD_FUNC(m)(mrb, recv); } mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (p && !MRB_PROC_STRICT_P(p) && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } if (!ci->u.target_class) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return recv; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } ci->stack[0] = recv; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } } JUMP; CASE(OP_CALL, Z) { mrb_callinfo *ci = mrb->c->ci; mrb_value recv = ci->stack[0]; struct RProc *m = mrb_proc_ptr(recv); ci->u.target_class = MRB_PROC_TARGET_CLASS(m); mrb_vm_ci_proc_set(ci, m); if (MRB_PROC_ENV_P(m)) { ci->mid = MRB_PROC_ENV(m)->mid; } if (MRB_PROC_CFUNC_P(m)) { recv = MRB_PROC_CFUNC(m)(mrb, recv); mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = cipop(mrb); pc = ci->pc; ci[1].stack[0] = recv; irep = mrb->c->ci->proc->body.irep; } else { proc = m; irep = m->body.irep; if (!irep) { mrb->c->ci->stack[0] = mrb_nil_value(); a = 0; c = OP_R_NORMAL; goto L_OP_RETURN_BODY; } mrb_int nargs = mrb_ci_bidx(ci)+1; if (nargs < irep->nregs) { mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+nargs, irep->nregs-nargs); } if (MRB_PROC_ENV_P(m)) { regs[0] = MRB_PROC_ENV(m)->stack[0]; } pc = irep->iseq; } pool = irep->pool; syms = irep->syms; JUMP; } CASE(OP_SUPER, BB) { mrb_method_t m; struct RClass *cls; mrb_callinfo *ci = mrb->c->ci; mrb_value recv, blk; const struct RProc *p = ci->proc; mrb_sym mid = ci->mid; struct RClass* target_class = MRB_PROC_TARGET_CLASS(p); if (MRB_PROC_ENV_P(p) && p->e.env->mid && p->e.env->mid != mid) { mid = p->e.env->mid; } if (mid == 0 || !target_class) { mrb_value exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (target_class->flags & MRB_FL_CLASS_IS_PREPENDED) { target_class = mrb_vm_ci_target_class(ci); } else if (target_class->tt == MRB_TT_MODULE) { target_class = mrb_vm_ci_target_class(ci); if (target_class->tt != MRB_TT_ICLASS) { goto super_typeerror; } } recv = regs[0]; if (!mrb_obj_is_kind_of(mrb, recv, target_class)) { super_typeerror: ; mrb_value exc = mrb_exc_new_lit(mrb, E_TYPE_ERROR, ""self has wrong type to call super in this context""); mrb_exc_set(mrb, exc); goto L_RAISE; } ARGUMENT_NORMALIZE(a, &b, OP_SUPER); cls = target_class->super; m = mrb_method_search_vm(mrb, &cls, mid); if (MRB_METHOD_UNDEF_P(m)) { m = prepare_missing(mrb, recv, mid, &cls, a, &b, blk, 1); mid = MRB_SYM(method_missing); } ci = cipush(mrb, a, 0, cls, NULL, mid, b); ci->stack[0] = recv; if (MRB_METHOD_CFUNC_P(m)) { mrb_value v; if (MRB_METHOD_PROC_P(m)) { mrb_vm_ci_proc_set(ci, MRB_METHOD_PROC(m)); } v = MRB_METHOD_CFUNC(m)(mrb, recv); mrb_gc_arena_restore(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; mrb_assert(!mrb_break_p(v)); if (!mrb_vm_ci_target_class(ci)) { if (ci->cci == CINFO_RESUMED) { mrb->jmp = prev_jmp; return v; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } mrb->c->ci->stack[0] = v; ci = cipop(mrb); pc = ci->pc; } else { mrb_vm_ci_proc_set(ci, (proc = MRB_METHOD_PROC(m))); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, (irep->nregs < 4) ? 4 : irep->nregs); pc = irep->iseq; } JUMP; } CASE(OP_ARGARY, BS) { mrb_int m1 = (b>>11)&0x3f; mrb_int r = (b>>10)&0x1; mrb_int m2 = (b>>5)&0x1f; mrb_int kd = (b>>4)&0x1; mrb_int lv = (b>>0)&0xf; mrb_value *stack; if (mrb->c->ci->mid == 0 || mrb_vm_ci_target_class(mrb->c->ci) == NULL) { mrb_value exc; L_NOSUPER: exc = mrb_exc_new_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e) goto L_NOSUPER; if (MRB_ENV_LEN(e) <= m1+r+m2+1) goto L_NOSUPER; stack = e->stack + 1; } if (r == 0) { regs[a] = mrb_ary_new_from_values(mrb, m1+m2, stack); } else { mrb_value *pp = NULL; struct RArray *rest; mrb_int len = 0; if (mrb_array_p(stack[m1])) { struct RArray *ary = mrb_ary_ptr(stack[m1]); pp = ARY_PTR(ary); len = ARY_LEN(ary); } regs[a] = mrb_ary_new_capa(mrb, m1+len+m2); rest = mrb_ary_ptr(regs[a]); if (m1 > 0) { stack_copy(ARY_PTR(rest), stack, m1); } if (len > 0) { stack_copy(ARY_PTR(rest)+m1, pp, len); } if (m2 > 0) { stack_copy(ARY_PTR(rest)+m1+len, stack+m1+1, m2); } ARY_SET_LEN(rest, m1+len+m2); } if (kd) { regs[a+1] = stack[m1+r+m2]; regs[a+2] = stack[m1+r+m2+1]; } else { regs[a+1] = stack[m1+r+m2]; } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ENTER, W) { mrb_int m1 = MRB_ASPEC_REQ(a); mrb_int o = MRB_ASPEC_OPT(a); mrb_int r = MRB_ASPEC_REST(a); mrb_int m2 = MRB_ASPEC_POST(a); mrb_int kd = (MRB_ASPEC_KEY(a) > 0 || MRB_ASPEC_KDICT(a))? 1 : 0; mrb_int const len = m1 + o + r + m2; mrb_callinfo *ci = mrb->c->ci; mrb_int argc = ci->n; mrb_value *argv = regs+1; mrb_value * const argv0 = argv; mrb_int const kw_pos = len + kd; mrb_int const blk_pos = kw_pos + 1; mrb_value blk = regs[mrb_ci_bidx(ci)]; mrb_value kdict = mrb_nil_value(); if (ci->nk > 0) { mrb_int kidx = mrb_ci_kidx(ci); kdict = regs[kidx]; if (!mrb_hash_p(kdict) || mrb_hash_size(mrb, kdict) == 0) { kdict = mrb_nil_value(); ci->nk = 0; } } if (!kd && !mrb_nil_p(kdict)) { if (argc < 14) { ci->n++; argc++; } else if (argc == 14) { regs[1] = mrb_ary_new_from_values(mrb, argc+1, ®s[1]); argc = ci->n = 15; } else { mrb_ary_push(mrb, regs[1], regs[2]); } ci->nk = 0; } if (kd && MRB_ASPEC_KEY(a) > 0 && mrb_hash_p(kdict)) { kdict = mrb_hash_dup(mrb, kdict); } if (argc == 15) { struct RArray *ary = mrb_ary_ptr(regs[1]); argv = ARY_PTR(ary); argc = (int)ARY_LEN(ary); mrb_gc_protect(mrb, regs[1]); } if (ci->proc && MRB_PROC_STRICT_P(ci->proc)) { if (argc < m1 + m2 || (r == 0 && argc > len)) { argnum_error(mrb, m1+m2); goto L_RAISE; } } else if (len > 1 && argc == 1 && mrb_array_p(argv[0])) { mrb_gc_protect(mrb, argv[0]); argc = (int)RARRAY_LEN(argv[0]); argv = RARRAY_PTR(argv[0]); } mrb_value rest = mrb_nil_value(); if (argc < len) { mrb_int mlen = m2; if (argc < m1+m2) { mlen = m1 < argc ? argc - m1 : 0; } if (argv0 != argv && argv) { value_move(®s[1], argv, argc-mlen); } if (argc < m1) { stack_clear(®s[argc+1], m1-argc); } if (mlen) { value_move(®s[len-m2+1], &argv[argc-mlen], mlen); } if (mlen < m2) { stack_clear(®s[len-m2+mlen+1], m2-mlen); } if (r) { rest = mrb_ary_new_capa(mrb, 0); regs[m1+o+1] = rest; } if (o > 0 && argc > m1+m2) pc += (argc - m1 - m2)*3; } else { mrb_int rnum = 0; if (argv0 != argv) { value_move(®s[1], argv, m1+o); } if (r) { rnum = argc-m1-o-m2; rest = mrb_ary_new_from_values(mrb, rnum, argv+m1+o); regs[m1+o+1] = rest; } if (m2 > 0 && argc-m2 > m1) { value_move(®s[m1+o+r+1], &argv[m1+o+rnum], m2); } pc += o*3; } regs[blk_pos] = blk; if (kd) { if (mrb_nil_p(kdict)) kdict = mrb_hash_new_capa(mrb, 0); regs[kw_pos] = kdict; } mrb->c->ci->n = len; if (irep->nlocals-blk_pos-1 > 0) { stack_clear(®s[blk_pos+1], irep->nlocals-blk_pos-1); } JUMP; } CASE(OP_KARG, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx < 0 || !mrb_hash_p(kdict=regs[kidx]) || !mrb_hash_key_p(mrb, kdict, k)) { mrb_value str = mrb_format(mrb, ""missing keyword: %v"", k); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } regs[a] = mrb_hash_get(mrb, kdict, k); mrb_hash_delete_key(mrb, kdict, k); NEXT; } CASE(OP_KEY_P, BB) { mrb_value k = mrb_symbol_value(syms[b]); mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; mrb_bool key_p = FALSE; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx])) { key_p = mrb_hash_key_p(mrb, kdict, k); } regs[a] = mrb_bool_value(key_p); NEXT; } CASE(OP_KEYEND, Z) { mrb_int kidx = mrb_ci_kidx(mrb->c->ci); mrb_value kdict; if (kidx >= 0 && mrb_hash_p(kdict=regs[kidx]) && !mrb_hash_empty_p(mrb, kdict)) { mrb_value keys = mrb_hash_keys(mrb, kdict); mrb_value key1 = RARRAY_PTR(keys)[0]; mrb_value str = mrb_format(mrb, ""unknown keyword: %v"", key1); mrb_exc_set(mrb, mrb_exc_new_str(mrb, E_ARGUMENT_ERROR, str)); goto L_RAISE; } NEXT; } CASE(OP_BREAK, B) { c = OP_R_BREAK; goto L_RETURN; } CASE(OP_RETURN_BLK, B) { c = OP_R_RETURN; goto L_RETURN; } CASE(OP_RETURN, B) c = OP_R_NORMAL; L_RETURN: { mrb_callinfo *ci; ci = mrb->c->ci; if (ci->mid) { mrb_value blk = regs[mrb_ci_bidx(ci)]; if (mrb_proc_p(blk)) { struct RProc *p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p) && ci > mrb->c->cibase && MRB_PROC_ENV(p) == mrb_vm_ci_env(&ci[-1])) { p->flags |= MRB_PROC_ORPHAN; } } } if (mrb->exc) { L_RAISE: ci = mrb->c->ci; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) goto L_FTOP; goto L_CATCH; } while ((ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL)) == NULL) { ci = cipop(mrb); if (ci[1].cci == CINFO_SKIP && prev_jmp) { mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } pc = ci[0].pc; if (ci == mrb->c->cibase) { ch = catch_handler_find(mrb, ci, pc, MRB_CATCH_FILTER_ALL); if (ch == NULL) { L_FTOP: if (mrb->c == mrb->root_c) { mrb->c->ci->stack = mrb->c->stbase; goto L_STOP; } else { struct mrb_context *c = mrb->c; c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; c->prev = NULL; goto L_RAISE; } } break; } } L_CATCH: if (ch == NULL) goto L_STOP; if (FALSE) { L_CATCH_TAGGED_BREAK: ci = mrb->c->ci; } proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); pc = irep->iseq + mrb_irep_catch_handler_unpack(ch->target); } else { mrb_int acc; mrb_value v; ci = mrb->c->ci; v = regs[a]; mrb_gc_protect(mrb, v); switch (c) { case OP_R_RETURN: if (ci->cci == CINFO_NONE && MRB_PROC_ENV_P(proc) && !MRB_PROC_STRICT_P(proc)) { const struct RProc *dst; mrb_callinfo *cibase; cibase = mrb->c->cibase; dst = top_proc(mrb, proc); if (MRB_PROC_ENV_P(dst)) { struct REnv *e = MRB_PROC_ENV(dst); if (!MRB_ENV_ONSTACK_P(e) || (e->cxt && e->cxt != mrb->c)) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } } while (cibase <= ci && ci->proc != dst) { if (ci->cci > CINFO_NONE) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci--; } if (ci <= cibase) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci = mrb->c->ci; while (cibase <= ci && ci->proc != dst) { CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_BLOCK) { cibase = mrb->c->cibase; dst = top_proc(mrb, proc); } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_BLOCK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_BLOCK, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_BLOCK); ci = cipop(mrb); pc = ci->pc; } proc = ci->proc; mrb->exc = NULL; break; } case OP_R_NORMAL: NORMAL_RETURN: if (ci == mrb->c->cibase) { struct mrb_context *c; c = mrb->c; if (!c->prev) { regs[irep->nlocals] = v; goto CHECKPOINT_LABEL_MAKE(RBREAK_TAG_STOP); } if (!c->vmexec && c->prev->ci == c->prev->cibase) { mrb_value exc = mrb_exc_new_lit(mrb, E_FIBER_ERROR, ""double resume""); mrb_exc_set(mrb, exc); goto L_RAISE; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN_TOPLEVEL) { c = mrb->c; } CHECKPOINT_MAIN(RBREAK_TAG_RETURN_TOPLEVEL) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN_TOPLEVEL, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN_TOPLEVEL); c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; mrb->c->status = MRB_FIBER_RUNNING; c->prev = NULL; if (c->vmexec) { mrb_gc_arena_restore(mrb, ai); c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } ci = mrb->c->ci; } CHECKPOINT_RESTORE(RBREAK_TAG_RETURN) { } CHECKPOINT_MAIN(RBREAK_TAG_RETURN) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_RETURN, proc, v); } CHECKPOINT_END(RBREAK_TAG_RETURN); mrb->exc = NULL; break; case OP_R_BREAK: if (MRB_PROC_STRICT_P(proc)) goto NORMAL_RETURN; if (MRB_PROC_ORPHAN_P(proc)) { mrb_value exc; L_BREAK_ERROR: exc = mrb_exc_new_lit(mrb, E_LOCALJUMP_ERROR, ""break from proc-closure""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (!MRB_PROC_ENV_P(proc) || !MRB_ENV_ONSTACK_P(MRB_PROC_ENV(proc))) { goto L_BREAK_ERROR; } else { struct REnv *e = MRB_PROC_ENV(proc); if (e->cxt != mrb->c) { goto L_BREAK_ERROR; } } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK); if (ci == mrb->c->cibase && ci->pc) { struct mrb_context *c = mrb->c; mrb->c = c->prev; c->prev = NULL; ci = mrb->c->ci; } if (ci->cci > CINFO_NONE) { ci = cipop(mrb); mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } if (FALSE) { struct RBreak *brk; L_BREAK: brk = (struct RBreak*)mrb->exc; proc = mrb_break_proc_get(brk); v = mrb_break_value_get(brk); ci = mrb->c->ci; switch (mrb_break_tag_get(brk)) { #define DISPATCH_CHECKPOINTS(n, i) case n: goto CHECKPOINT_LABEL_MAKE(n); RBREAK_TAG_FOREACH(DISPATCH_CHECKPOINTS) #undef DISPATCH_CHECKPOINTS default: mrb_assert(!""wrong break tag""); } } while (mrb->c->cibase < ci && ci[-1].proc != proc->upper) { if (ci[-1].cci == CINFO_SKIP) { goto L_BREAK_ERROR; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_UPPER) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_UPPER) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_UPPER, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_UPPER); ci = cipop(mrb); pc = ci->pc; } CHECKPOINT_RESTORE(RBREAK_TAG_BREAK_INTARGET) { } CHECKPOINT_MAIN(RBREAK_TAG_BREAK_INTARGET) { UNWIND_ENSURE(mrb, ci, pc, RBREAK_TAG_BREAK_INTARGET, proc, v); } CHECKPOINT_END(RBREAK_TAG_BREAK_INTARGET); if (ci == mrb->c->cibase) { goto L_BREAK_ERROR; } mrb->exc = NULL; break; default: break; } mrb_assert(ci == mrb->c->ci); mrb_assert(mrb->exc == NULL); if (mrb->c->vmexec && !mrb_vm_ci_target_class(ci)) { mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } acc = ci->cci; ci = cipop(mrb); if (acc == CINFO_SKIP || acc == CINFO_DIRECT) { mrb_gc_arena_restore(mrb, ai); mrb->jmp = prev_jmp; return v; } pc = ci->pc; DEBUG(fprintf(stderr, ""from :%s\n"", mrb_sym_name(mrb, ci->mid))); proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; ci[1].stack[0] = v; mrb_gc_arena_restore(mrb, ai); } JUMP; } CASE(OP_BLKPUSH, BS) { int m1 = (b>>11)&0x3f; int r = (b>>10)&0x1; int m2 = (b>>5)&0x1f; int kd = (b>>4)&0x1; int lv = (b>>0)&0xf; mrb_value *stack; if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e || (!MRB_ENV_ONSTACK_P(e) && e->mid == 0) || MRB_ENV_LEN(e) <= m1+r+m2+1) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } stack = e->stack + 1; } if (mrb_nil_p(stack[m1+r+m2+kd])) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } regs[a] = stack[m1+r+m2+kd]; NEXT; } L_INT_OVERFLOW: { mrb_value exc = mrb_exc_new_lit(mrb, E_RANGE_ERROR, ""integer overflow""); mrb_exc_set(mrb, exc); } goto L_RAISE; #define TYPES2(a,b) ((((uint16_t)(a))<<8)|(((uint16_t)(b))&0xff)) #define OP_MATH(op_name) \ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { \ OP_MATH_CASE_INTEGER(op_name); \ OP_MATH_CASE_FLOAT(op_name, integer, float); \ OP_MATH_CASE_FLOAT(op_name, float, integer); \ OP_MATH_CASE_FLOAT(op_name, float, float); \ OP_MATH_CASE_STRING_##op_name(); \ default: \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATH_CASE_INTEGER(op_name) \ case TYPES2(MRB_TT_INTEGER, MRB_TT_INTEGER): \ { \ mrb_int x = mrb_integer(regs[a]), y = mrb_integer(regs[a+1]), z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATH_CASE_FLOAT(op_name, t1, t2) (void)0 #else #define OP_MATH_CASE_FLOAT(op_name, t1, t2) \ case TYPES2(OP_MATH_TT_##t1, OP_MATH_TT_##t2): \ { \ mrb_float z = mrb_##t1(regs[a]) OP_MATH_OP_##op_name mrb_##t2(regs[a+1]); \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif #define OP_MATH_OVERFLOW_INT() goto L_INT_OVERFLOW #define OP_MATH_CASE_STRING_add() \ case TYPES2(MRB_TT_STRING, MRB_TT_STRING): \ regs[a] = mrb_str_plus(mrb, regs[a], regs[a+1]); \ mrb_gc_arena_restore(mrb, ai); \ break #define OP_MATH_CASE_STRING_sub() (void)0 #define OP_MATH_CASE_STRING_mul() (void)0 #define OP_MATH_OP_add + #define OP_MATH_OP_sub - #define OP_MATH_OP_mul * #define OP_MATH_TT_integer MRB_TT_INTEGER #define OP_MATH_TT_float MRB_TT_FLOAT CASE(OP_ADD, B) { OP_MATH(add); } CASE(OP_SUB, B) { OP_MATH(sub); } CASE(OP_MUL, B) { OP_MATH(mul); } CASE(OP_DIV, B) { #ifndef MRB_NO_FLOAT mrb_float x, y, f; #endif switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER): { mrb_int x = mrb_integer(regs[a]); mrb_int y = mrb_integer(regs[a+1]); mrb_int div = mrb_div_int(mrb, x, y); SET_INT_VALUE(mrb, regs[a], div); } NEXT; #ifndef MRB_NO_FLOAT case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT): x = (mrb_float)mrb_integer(regs[a]); y = mrb_float(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER): x = mrb_float(regs[a]); y = (mrb_float)mrb_integer(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): x = mrb_float(regs[a]); y = mrb_float(regs[a+1]); break; #endif default: mid = MRB_OPSYM(div); goto L_SEND_SYM; } #ifndef MRB_NO_FLOAT f = mrb_div_float(x, y); SET_FLOAT_VALUE(mrb, regs[a], f); #endif NEXT; } #define OP_MATHI(op_name) \ \ switch (mrb_type(regs[a])) { \ OP_MATHI_CASE_INTEGER(op_name); \ OP_MATHI_CASE_FLOAT(op_name); \ default: \ SET_INT_VALUE(mrb,regs[a+1], b); \ mid = MRB_OPSYM(op_name); \ goto L_SEND_SYM; \ } \ NEXT; #define OP_MATHI_CASE_INTEGER(op_name) \ case MRB_TT_INTEGER: \ { \ mrb_int x = mrb_integer(regs[a]), y = (mrb_int)b, z; \ if (mrb_int_##op_name##_overflow(x, y, &z)) \ OP_MATH_OVERFLOW_INT(); \ else \ SET_INT_VALUE(mrb,regs[a], z); \ } \ break #ifdef MRB_NO_FLOAT #define OP_MATHI_CASE_FLOAT(op_name) (void)0 #else #define OP_MATHI_CASE_FLOAT(op_name) \ case MRB_TT_FLOAT: \ { \ mrb_float z = mrb_float(regs[a]) OP_MATH_OP_##op_name b; \ SET_FLOAT_VALUE(mrb, regs[a], z); \ } \ break #endif CASE(OP_ADDI, BB) { OP_MATHI(add); } CASE(OP_SUBI, BB) { OP_MATHI(sub); } #define OP_CMP_BODY(op,v1,v2) (v1(regs[a]) op v2(regs[a+1])) #ifdef MRB_NO_FLOAT #define OP_CMP(op,sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #else #define OP_CMP(op, sym) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_INTEGER,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_INTEGER,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_float);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_INTEGER):\ result = OP_CMP_BODY(op,mrb_float,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_float,mrb_float);\ break;\ default:\ mid = MRB_OPSYM(sym);\ goto L_SEND_SYM;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #endif CASE(OP_EQ, B) { if (mrb_obj_eq(mrb, regs[a], regs[a+1])) { SET_TRUE_VALUE(regs[a]); } else { OP_CMP(==,eq); } NEXT; } CASE(OP_LT, B) { OP_CMP(<,lt); NEXT; } CASE(OP_LE, B) { OP_CMP(<=,le); NEXT; } CASE(OP_GT, B) { OP_CMP(>,gt); NEXT; } CASE(OP_GE, B) { OP_CMP(>=,ge); NEXT; } CASE(OP_ARRAY, BB) { regs[a] = mrb_ary_new_from_values(mrb, b, ®s[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARRAY2, BBB) { regs[a] = mrb_ary_new_from_values(mrb, c, ®s[b]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYCAT, B) { mrb_value splat = mrb_ary_splat(mrb, regs[a+1]); if (mrb_nil_p(regs[a])) { regs[a] = splat; } else { mrb_assert(mrb_array_p(regs[a])); mrb_ary_concat(mrb, regs[a], splat); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYPUSH, BB) { mrb_assert(mrb_array_p(regs[a])); for (mrb_int i=0; i pre + post) { v = mrb_ary_new_from_values(mrb, len - pre - post, ARY_PTR(ary)+pre); regs[a++] = v; while (post--) { regs[a++] = ARY_PTR(ary)[len-post-1]; } } else { v = mrb_ary_new_capa(mrb, 0); regs[a++] = v; for (idx=0; idx+pre> 2; if (pool[b].tt & IREP_TT_SFLAG) { sym = mrb_intern_static(mrb, pool[b].u.str, len); } else { sym = mrb_intern(mrb, pool[b].u.str, len); } regs[a] = mrb_symbol_value(sym); NEXT; } CASE(OP_STRING, BB) { size_t len; mrb_assert((pool[b].tt&IREP_TT_NFLAG)==0); len = pool[b].tt >> 2; if (pool[b].tt & IREP_TT_SFLAG) { regs[a] = mrb_str_new_static(mrb, pool[b].u.str, len); } else { regs[a] = mrb_str_new(mrb, pool[b].u.str, len); } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_STRCAT, B) { mrb_assert(mrb_string_p(regs[a])); mrb_str_concat(mrb, regs[a], regs[a+1]); NEXT; } CASE(OP_HASH, BB) { mrb_value hash = mrb_hash_new_capa(mrb, b); int i; int lim = a+b*2; for (i=a; ireps[b]; if (c & OP_L_CAPTURE) { p = mrb_closure_new(mrb, nirep); } else { p = mrb_proc_new(mrb, nirep); p->flags |= MRB_PROC_SCOPE; } if (c & OP_L_STRICT) p->flags |= MRB_PROC_STRICT; regs[a] = mrb_obj_value(p); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_BLOCK, BB) { c = OP_L_BLOCK; goto L_MAKE_LAMBDA; } CASE(OP_METHOD, BB) { c = OP_L_METHOD; goto L_MAKE_LAMBDA; } CASE(OP_RANGE_INC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], FALSE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_RANGE_EXC, B) { regs[a] = mrb_range_new(mrb, regs[a], regs[a+1], TRUE); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_OCLASS, B) { regs[a] = mrb_obj_value(mrb->object_class); NEXT; } CASE(OP_CLASS, BB) { struct RClass *c = 0, *baseclass; mrb_value base, super; mrb_sym id = syms[b]; base = regs[a]; super = regs[a+1]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } c = mrb_vm_define_class(mrb, base, super, id); regs[a] = mrb_obj_value(c); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_MODULE, BB) { struct RClass *cls = 0, *baseclass; mrb_value base; mrb_sym id = syms[b]; base = regs[a]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); if (!baseclass) baseclass = mrb->object_class; base = mrb_obj_value(baseclass); } cls = mrb_vm_define_module(mrb, base, id); regs[a] = mrb_obj_value(cls); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_EXEC, BB) { mrb_value recv = regs[a]; struct RProc *p; const mrb_irep *nirep = irep->reps[b]; p = mrb_proc_new(mrb, nirep); p->c = NULL; mrb_field_write_barrier(mrb, (struct RBasic*)p, (struct RBasic*)proc); MRB_PROC_SET_TARGET_CLASS(p, mrb_class_ptr(recv)); p->flags |= MRB_PROC_SCOPE; cipush(mrb, a, 0, mrb_class_ptr(recv), p, 0, 0); irep = p->body.irep; pool = irep->pool; syms = irep->syms; mrb_stack_extend(mrb, irep->nregs); stack_clear(regs+1, irep->nregs-1); pc = irep->iseq; JUMP; } CASE(OP_DEF, BB) { struct RClass *target = mrb_class_ptr(regs[a]); struct RProc *p = mrb_proc_ptr(regs[a+1]); mrb_method_t m; mrb_sym mid = syms[b]; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, target, mid, m); mrb_method_added(mrb, target, mid); mrb_gc_arena_restore(mrb, ai); regs[a] = mrb_symbol_value(mid); NEXT; } CASE(OP_SCLASS, B) { regs[a] = mrb_singleton_class(mrb, regs[a]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_TCLASS, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; regs[a] = mrb_obj_value(target); NEXT; } CASE(OP_ALIAS, BB) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_alias_method(mrb, target, syms[a], syms[b]); mrb_method_added(mrb, target, syms[a]); NEXT; } CASE(OP_UNDEF, B) { struct RClass *target = check_target_class(mrb); if (!target) goto L_RAISE; mrb_undef_method_id(mrb, target, syms[a]); NEXT; } CASE(OP_DEBUG, Z) { FETCH_BBB(); #ifdef MRB_USE_DEBUG_HOOK mrb->debug_op_hook(mrb, irep, pc, regs); #else #ifndef MRB_NO_STDIO printf(""OP_DEBUG %d %d %d\n"", a, b, c); #else abort(); #endif #endif NEXT; } CASE(OP_ERR, B) { size_t len = pool[a].tt >> 2; mrb_value exc; mrb_assert((pool[a].tt&IREP_TT_NFLAG)==0); exc = mrb_exc_new(mrb, E_LOCALJUMP_ERROR, pool[a].u.str, len); mrb_exc_set(mrb, exc); goto L_RAISE; } CASE(OP_EXT1, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _1(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT2, Z) { insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _2(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_EXT3, Z) { uint8_t insn = READ_B(); switch (insn) { #define OPCODE(insn,ops) case OP_ ## insn: FETCH_ ## ops ## _3(); mrb->c->ci->pc = pc; goto L_OP_ ## insn ## _BODY; #include ""mruby/ops.h"" #undef OPCODE } pc--; NEXT; } CASE(OP_STOP, Z) { CHECKPOINT_RESTORE(RBREAK_TAG_STOP) { } CHECKPOINT_MAIN(RBREAK_TAG_STOP) { UNWIND_ENSURE(mrb, mrb->c->ci, pc, RBREAK_TAG_STOP, proc, mrb_nil_value()); } CHECKPOINT_END(RBREAK_TAG_STOP); L_STOP: mrb->jmp = prev_jmp; if (mrb->exc) { mrb_assert(mrb->exc->tt == MRB_TT_EXCEPTION); return mrb_obj_value(mrb->exc); } return regs[irep->nlocals]; } } END_DISPATCH; #undef regs } MRB_CATCH(&c_jmp) { mrb_callinfo *ci = mrb->c->ci; while (ci > mrb->c->cibase && ci->cci == CINFO_DIRECT) { ci = cipop(mrb); } exc_catched = TRUE; pc = ci->pc; goto RETRY_TRY_BLOCK; } MRB_END_EXC(&c_jmp); }",visit repo url,src/vm.c,https://github.com/mruby/mruby,131986444842577,1 519,['CWE-399'],"static void pwc_frame_dumped(struct pwc_device *pdev) { pdev->vframes_dumped++; if (pdev->vframe_count < FRAME_LOWMARK) return; if (pdev->vframes_dumped < 20) PWC_DEBUG_FLOW(""Dumping frame %d\n"", pdev->vframe_count); else if (pdev->vframes_dumped == 20) PWC_DEBUG_FLOW(""Dumping frame %d (last message)\n"", pdev->vframe_count); }",linux-2.6,,,70839021204016751341622615542898009158,0 5306,['CWE-119'],"static void tun_detach(struct tun_struct *tun) { rtnl_lock(); __tun_detach(tun); rtnl_unlock(); }",linux-2.6,,,257325388001828085603164773578759772194,0 4670,CWE-125,"static void nalm_dump(FILE * trace, char *data, u32 data_size) { GF_BitStream *bs; Bool rle, large_size; u32 entry_count; if (!data) { fprintf(trace, ""\n""); fprintf(trace, ""\n""); fprintf(trace, ""\n""); return; } bs = gf_bs_new(data, data_size, GF_BITSTREAM_READ); gf_bs_read_int(bs, 6); large_size = gf_bs_read_int(bs, 1); rle = gf_bs_read_int(bs, 1); entry_count = gf_bs_read_int(bs, large_size ? 16 : 8); fprintf(trace, ""\n"", rle, large_size); while (entry_count) { u32 ID; fprintf(trace, ""\n"", ID); entry_count--; } gf_bs_del(bs); fprintf(trace, ""\n""); return; }",visit repo url,src/isomedia/box_dump.c,https://github.com/gpac/gpac,165978974617606,1 4248,['CWE-119'],"sctp_disposition_t sctp_sf_do_9_2_start_shutdown( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *reply; reply = sctp_make_shutdown(asoc, NULL); if (!reply) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_SETUP_T2, SCTP_CHUNK(reply)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_T2_SHUTDOWN)); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD)); if (asoc->autoclose) sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_SHUTDOWN_SENT)); sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_STOP, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(reply)); return SCTP_DISPOSITION_CONSUME; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,85241556798458403653601378207364173765,0 5954,CWE-190,"int Jsi_ObjArraySizer(Jsi_Interp *interp, Jsi_Obj *obj, uint len) { int nsiz = len + 1, mod = ALLOC_MOD_SIZE; assert(obj->isarrlist); if (mod>1) nsiz = nsiz + ((mod-1) - (nsiz + mod - 1)%mod); if (nsiz > MAX_ARRAY_LIST) { Jsi_LogError(""array size too large""); return 0; } if (len >= obj->arrMaxSize) { int oldsz = (nsiz-obj->arrMaxSize); obj->arr = (Jsi_Value**)Jsi_Realloc(obj->arr, nsiz*sizeof(Jsi_Value*)); memset(obj->arr+obj->arrMaxSize, 0, oldsz*sizeof(Jsi_Value*)); obj->arrMaxSize = nsiz; } if (len>obj->arrCnt) obj->arrCnt = len; return nsiz; }",visit repo url,src/jsiObj.c,https://github.com/pcmacdon/jsish,239990410910583,1 4692,CWE-119,"static int pop_fetch_message (CONTEXT* ctx, MESSAGE* msg, int msgno) { int ret; void *uidl; char buf[LONG_STRING]; char path[_POSIX_PATH_MAX]; progress_t progressbar; POP_DATA *pop_data = (POP_DATA *)ctx->data; POP_CACHE *cache; HEADER *h = ctx->hdrs[msgno]; unsigned short bcache = 1; if ((msg->fp = mutt_bcache_get (pop_data->bcache, h->data))) return 0; cache = &pop_data->cache[h->index % POP_CACHE_LEN]; if (cache->path) { if (cache->index == h->index) { msg->fp = fopen (cache->path, ""r""); if (msg->fp) return 0; mutt_perror (cache->path); mutt_sleep (2); return -1; } else { unlink (cache->path); FREE (&cache->path); } } FOREVER { if (pop_reconnect (ctx) < 0) return -1; if (h->refno < 0) { mutt_error _(""The message index is incorrect. Try reopening the mailbox.""); mutt_sleep (2); return -1; } mutt_progress_init (&progressbar, _(""Fetching message...""), MUTT_PROGRESS_SIZE, NetInc, h->content->length + h->content->offset - 1); if (!(msg->fp = mutt_bcache_put (pop_data->bcache, h->data, 1))) { bcache = 0; mutt_mktemp (path, sizeof (path)); if (!(msg->fp = safe_fopen (path, ""w+""))) { mutt_perror (path); mutt_sleep (2); return -1; } } snprintf (buf, sizeof (buf), ""RETR %d\r\n"", h->refno); ret = pop_fetch_data (pop_data, buf, &progressbar, fetch_message, msg->fp); if (ret == 0) break; safe_fclose (&msg->fp); if (!bcache) unlink (path); if (ret == -2) { mutt_error (""%s"", pop_data->err_msg); mutt_sleep (2); return -1; } if (ret == -3) { mutt_error _(""Can't write message to temporary file!""); mutt_sleep (2); return -1; } } if (bcache) mutt_bcache_commit (pop_data->bcache, h->data); else { cache->index = h->index; cache->path = safe_strdup (path); } rewind (msg->fp); uidl = h->data; if (ctx->subj_hash && h->env->real_subj) hash_delete (ctx->subj_hash, h->env->real_subj, h, NULL); mutt_label_hash_remove (ctx, h); mutt_free_envelope (&h->env); h->env = mutt_read_rfc822_header (msg->fp, h, 0, 0); if (ctx->subj_hash && h->env->real_subj) hash_insert (ctx->subj_hash, h->env->real_subj, h); mutt_label_hash_add (ctx, h); h->data = uidl; h->lines = 0; fgets (buf, sizeof (buf), msg->fp); while (!feof (msg->fp)) { ctx->hdrs[msgno]->lines++; fgets (buf, sizeof (buf), msg->fp); } h->content->length = ftello (msg->fp) - h->content->offset; if (!WithCrypto) h->security = crypt_query (h->content); mutt_clear_error(); rewind (msg->fp); return 0; }",visit repo url,pop.c,https://gitlab.com/muttmua/mutt,167837991741315,1 3137,['CWE-189'],"static void jp2_cdef_destroy(jp2_box_t *box) { jp2_cdef_t *cdef = &box->data.cdef; if (cdef->ents) { jas_free(cdef->ents); cdef->ents = 0; } }",jasper,,,312596155616004279328055244507446616046,0 2494,['CWE-119'],"static void handle_reflog(struct rev_info *revs, unsigned flags) { struct all_refs_cb cb; cb.all_revs = revs; cb.all_flags = flags; for_each_reflog(handle_one_reflog, &cb); }",git,,,236161702678222076065715879133915236539,0 484,CWE-20,"void user_describe(const struct key *key, struct seq_file *m) { seq_puts(m, key->description); if (key_is_instantiated(key)) seq_printf(m, "": %u"", key->datalen); }",visit repo url,security/keys/user_defined.c,https://github.com/torvalds/linux,222806023478774,1 2653,[],"static inline void sctp_set_owner_w(struct sctp_chunk *chunk) { struct sctp_association *asoc = chunk->asoc; struct sock *sk = asoc->base.sk; sctp_association_hold(asoc); skb_set_owner_w(chunk->skb, sk); chunk->skb->destructor = sctp_wfree; *((struct sctp_chunk **)(chunk->skb->cb)) = chunk; asoc->sndbuf_used += SCTP_DATA_SNDSIZE(chunk) + sizeof(struct sk_buff) + sizeof(struct sctp_chunk); atomic_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc); sk->sk_wmem_queued += chunk->skb->truesize; sk_mem_charge(sk, chunk->skb->truesize); }",linux-2.6,,,251456135085806199699642269553312980991,0 2901,['CWE-189'],"static char *mif_getline(jas_stream_t *stream, char *buf, int bufsize) { int c; char *bufptr; assert(bufsize > 0); bufptr = buf; while (bufsize > 1) { if ((c = mif_getc(stream)) == EOF) { break; } *bufptr++ = c; --bufsize; if (c == '\n') { break; } } *bufptr = '\0'; if (!(bufptr = strchr(buf, '\n'))) { return 0; } *bufptr = '\0'; return buf; }",jasper,,,222172123449565646751721769449166170917,0 1583,CWE-476,"nf_nat_redirect_ipv4(struct sk_buff *skb, const struct nf_nat_ipv4_multi_range_compat *mr, unsigned int hooknum) { struct nf_conn *ct; enum ip_conntrack_info ctinfo; __be32 newdst; struct nf_nat_range newrange; NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT); ct = nf_ct_get(skb, &ctinfo); NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); if (hooknum == NF_INET_LOCAL_OUT) { newdst = htonl(0x7F000001); } else { struct in_device *indev; struct in_ifaddr *ifa; newdst = 0; rcu_read_lock(); indev = __in_dev_get_rcu(skb->dev); if (indev != NULL) { ifa = indev->ifa_list; newdst = ifa->ifa_local; } rcu_read_unlock(); if (!newdst) return NF_DROP; } memset(&newrange.min_addr, 0, sizeof(newrange.min_addr)); memset(&newrange.max_addr, 0, sizeof(newrange.max_addr)); newrange.flags = mr->range[0].flags | NF_NAT_RANGE_MAP_IPS; newrange.min_addr.ip = newdst; newrange.max_addr.ip = newdst; newrange.min_proto = mr->range[0].min; newrange.max_proto = mr->range[0].max; return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST); }",visit repo url,net/netfilter/nf_nat_redirect.c,https://github.com/torvalds/linux,257095896466858,1 6604,CWE-476,"static int parse_json(ogs_sbi_message_t *message, char *content_type, char *json) { int rv = OGS_OK; cJSON *item = NULL; ogs_assert(message); if (!json) return OGS_OK; if (!content_type) { ogs_error(""No Content-type""); return OGS_ERROR; } ogs_log_print(OGS_LOG_TRACE, ""%s"", json); item = cJSON_Parse(json); if (!item) { ogs_error(""JSON parse error""); return OGS_ERROR; } if (content_type && !strncmp(content_type, OGS_SBI_CONTENT_PROBLEM_TYPE, strlen(OGS_SBI_CONTENT_PROBLEM_TYPE))) { message->ProblemDetails = OpenAPI_problem_details_parseFromJSON(item); } else if (content_type && !strncmp(content_type, OGS_SBI_CONTENT_PATCH_TYPE, strlen(OGS_SBI_CONTENT_PATCH_TYPE))) { if (item) { OpenAPI_patch_item_t *patch_item = NULL; cJSON *patchJSON = NULL; message->PatchItemList = OpenAPI_list_create(); cJSON_ArrayForEach(patchJSON, item) { if (!cJSON_IsObject(patchJSON)) { rv = OGS_ERROR; ogs_error(""Unknown JSON""); goto cleanup; } patch_item = OpenAPI_patch_item_parseFromJSON(patchJSON); OpenAPI_list_add(message->PatchItemList, patch_item); } } } else { SWITCH(message->h.service.name) CASE(OGS_SBI_SERVICE_NAME_NNRF_NFM) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_NF_INSTANCES) message->NFProfile = OpenAPI_nf_profile_parseFromJSON(item); if (!message->NFProfile) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SUBSCRIPTIONS) message->SubscriptionData = OpenAPI_subscription_data_parseFromJSON(item); if (!message->SubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_NF_STATUS_NOTIFY) message->NotificationData = OpenAPI_notification_data_parseFromJSON(item); if (!message->NotificationData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NNRF_DISC) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_NF_INSTANCES) message->SearchResult = OpenAPI_search_result_parseFromJSON(item); if (!message->SearchResult) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NAUSF_AUTH) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_UE_AUTHENTICATIONS) SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_POST) if (message->res_status == 0) { message->AuthenticationInfo = OpenAPI_authentication_info_parseFromJSON(item); if (!message->AuthenticationInfo) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->UeAuthenticationCtx = OpenAPI_ue_authentication_ctx_parseFromJSON(item); if (!message->UeAuthenticationCtx) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_HTTP_METHOD_PUT) if (message->res_status == 0) { message->ConfirmationData = OpenAPI_confirmation_data_parseFromJSON(item); if (!message->ConfirmationData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->ConfirmationDataResponse = OpenAPI_confirmation_data_response_parseFromJSON( item); if (!message->ConfirmationDataResponse) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown method [%s]"", message->h.method); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NUDM_UEAU) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_SECURITY_INFORMATION) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_GENERATE_AUTH_DATA) if (message->res_status == 0) { message->AuthenticationInfoRequest = OpenAPI_authentication_info_request_parseFromJSON( item); if (!message->AuthenticationInfoRequest) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->AuthenticationInfoResult = OpenAPI_authentication_info_result_parseFromJSON( item); if (!message->AuthenticationInfoResult) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; CASE(OGS_SBI_RESOURCE_NAME_AUTH_EVENTS) message->AuthEvent = OpenAPI_auth_event_parseFromJSON(item); if (!message->AuthEvent) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; CASE(OGS_SBI_SERVICE_NAME_NUDM_UECM) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_REGISTRATIONS) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_AMF_3GPP_ACCESS) message->Amf3GppAccessRegistration = OpenAPI_amf3_gpp_access_registration_parseFromJSON( item); if (!message->Amf3GppAccessRegistration) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; CASE(OGS_SBI_SERVICE_NAME_NUDM_SDM) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_AM_DATA) message->AccessAndMobilitySubscriptionData = OpenAPI_access_and_mobility_subscription_data_parseFromJSON( item); if (!message->AccessAndMobilitySubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SMF_SELECT_DATA) message->SmfSelectionSubscriptionData = OpenAPI_smf_selection_subscription_data_parseFromJSON(item); if (!message->SmfSelectionSubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_UE_CONTEXT_IN_SMF_DATA) message->UeContextInSmfData = OpenAPI_ue_context_in_smf_data_parseFromJSON(item); if (!message->UeContextInSmfData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SM_DATA) message->SessionManagementSubscriptionData = OpenAPI_session_management_subscription_data_parseFromJSON( item); if (!message->SessionManagementSubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; CASE(OGS_SBI_SERVICE_NAME_NUDR_DR) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_SUBSCRIPTION_DATA) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_AUTHENTICATION_DATA) SWITCH(message->h.resource.component[3]) CASE(OGS_SBI_RESOURCE_NAME_AUTHENTICATION_SUBSCRIPTION) if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->AuthenticationSubscription = OpenAPI_authentication_subscription_parseFromJSON(item); if (!message->AuthenticationSubscription) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_RESOURCE_NAME_AUTHENTICATION_STATUS) message->AuthEvent = OpenAPI_auth_event_parseFromJSON(item); if (!message->AuthEvent) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[3]); END break; CASE(OGS_SBI_RESOURCE_NAME_CONTEXT_DATA) message->Amf3GppAccessRegistration = OpenAPI_amf3_gpp_access_registration_parseFromJSON( item); if (!message->Amf3GppAccessRegistration) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT SWITCH(message->h.resource.component[3]) CASE(OGS_SBI_RESOURCE_NAME_PROVISIONED_DATA) SWITCH(message->h.resource.component[4]) CASE(OGS_SBI_RESOURCE_NAME_AM_DATA) message->AccessAndMobilitySubscriptionData = OpenAPI_access_and_mobility_subscription_data_parseFromJSON(item); if (!message->AccessAndMobilitySubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SMF_SELECTION_SUBSCRIPTION_DATA) message->SmfSelectionSubscriptionData = OpenAPI_smf_selection_subscription_data_parseFromJSON(item); if (!message->SmfSelectionSubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_UE_CONTEXT_IN_SMF_DATA) message->UeContextInSmfData = OpenAPI_ue_context_in_smf_data_parseFromJSON( item); if (!message->UeContextInSmfData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SM_DATA) message->SessionManagementSubscriptionData = OpenAPI_session_management_subscription_data_parseFromJSON(item); if (!message->SessionManagementSubscriptionData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[4]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[3]); END END break; CASE(OGS_SBI_RESOURCE_NAME_POLICY_DATA) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_UES) SWITCH(message->h.resource.component[3]) CASE(OGS_SBI_RESOURCE_NAME_AM_DATA) message->AmPolicyData = OpenAPI_am_policy_data_parseFromJSON(item); if (!message->AmPolicyData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SM_DATA) message->SmPolicyData = OpenAPI_sm_policy_data_parseFromJSON(item); if (!message->SmPolicyData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[3]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NSMF_PDUSESSION) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_SM_CONTEXTS) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_MODIFY) if (message->res_status == 0) { message->SmContextUpdateData = OpenAPI_sm_context_update_data_parseFromJSON(item); if (!message->SmContextUpdateData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->SmContextUpdatedData = OpenAPI_sm_context_updated_data_parseFromJSON(item); if (!message->SmContextUpdatedData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_BAD_REQUEST || message->res_status == OGS_SBI_HTTP_STATUS_FORBIDDEN || message->res_status == OGS_SBI_HTTP_STATUS_NOT_FOUND || message->res_status == OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR || message->res_status == OGS_SBI_HTTP_STATUS_SERVICE_UNAVAILABLE || message->res_status == OGS_SBI_HTTP_STATUS_GATEWAY_TIMEOUT) { message->SmContextUpdateError = OpenAPI_sm_context_update_error_parseFromJSON(item); if (!message->SmContextUpdateError) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_RESOURCE_NAME_RELEASE) if (message->res_status == 0) { message->SmContextReleaseData = OpenAPI_sm_context_release_data_parseFromJSON(item); if (!message->SmContextReleaseData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_NO_CONTENT) { } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->SmContextReleasedData = OpenAPI_sm_context_released_data_parseFromJSON( item); if (!message->SmContextReleasedData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT if (message->res_status == 0) { message->SmContextCreateData = OpenAPI_sm_context_create_data_parseFromJSON(item); if (!message->SmContextCreateData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->SmContextCreatedData = OpenAPI_sm_context_created_data_parseFromJSON(item); if (!message->SmContextCreatedData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_BAD_REQUEST || message->res_status == OGS_SBI_HTTP_STATUS_FORBIDDEN || message->res_status == OGS_SBI_HTTP_STATUS_NOT_FOUND || message->res_status == OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR || message->res_status == OGS_SBI_HTTP_STATUS_SERVICE_UNAVAILABLE || message->res_status == OGS_SBI_HTTP_STATUS_GATEWAY_TIMEOUT) { message->SmContextCreateError = OpenAPI_sm_context_create_error_parseFromJSON(item); if (!message->SmContextCreateError) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NAMF_COMM) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_UE_CONTEXTS) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_N1_N2_MESSAGES) if (message->res_status == 0) { message->N1N2MessageTransferReqData = OpenAPI_n1_n2_message_transfer_req_data_parseFromJSON(item); if (!message->N1N2MessageTransferReqData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_OK || message->res_status == OGS_SBI_HTTP_STATUS_ACCEPTED) { message->N1N2MessageTransferRspData = OpenAPI_n1_n2_message_transfer_rsp_data_parseFromJSON(item); if (!message->N1N2MessageTransferRspData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NPCF_AM_POLICY_CONTROL) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_POLICIES) if (message->res_status == 0) { message->PolicyAssociationRequest = OpenAPI_policy_association_request_parseFromJSON( item); if (!message->PolicyAssociationRequest) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->PolicyAssociation = OpenAPI_policy_association_parseFromJSON(item); if (!message->PolicyAssociation) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NPCF_SMPOLICYCONTROL) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_SM_POLICIES) if (!message->h.resource.component[1]) { if (message->res_status == 0) { message->SmPolicyContextData = OpenAPI_sm_policy_context_data_parseFromJSON(item); if (!message->SmPolicyContextData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } else if (message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->SmPolicyDecision = OpenAPI_sm_policy_decision_parseFromJSON(item); if (!message->SmPolicyDecision) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } } else { SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_DELETE) if (message->res_status == 0) { message->SmPolicyDeleteData = OpenAPI_sm_policy_delete_data_parseFromJSON( item); if (!message->SmPolicyDeleteData) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NNSSF_NSSELECTION) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_NETWORK_SLICE_INFORMATION) if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->AuthorizedNetworkSliceInfo = OpenAPI_authorized_network_slice_info_parseFromJSON( item); if (!message->AuthorizedNetworkSliceInfo) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NBSF_MANAGEMENT) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_PCF_BINDINGS) if (message->h.resource.component[1]) { SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_PATCH) if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->PcfBinding = OpenAPI_pcf_binding_parseFromJSON(item); if (!message->PcfBinding) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_HTTP_METHOD_DELETE) break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown method [%s]"", message->h.method); END break; } else { SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_POST) if (message->res_status == 0 || message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->PcfBinding = OpenAPI_pcf_binding_parseFromJSON(item); if (!message->PcfBinding) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; CASE(OGS_SBI_HTTP_METHOD_GET) if (message->res_status == OGS_SBI_HTTP_STATUS_OK) { message->PcfBinding = OpenAPI_pcf_binding_parseFromJSON(item); if (!message->PcfBinding) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown method [%s]"", message->h.method); END break; } DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NPCF_POLICYAUTHORIZATION) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_APP_SESSIONS) if (message->h.resource.component[1]) { if (message->h.resource.component[2]) { SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_DELETE) break; DEFAULT rv = OGS_ERROR; ogs_error(""JSON parse error""); END } else { SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_PATCH) message->AppSessionContextUpdateDataPatch = OpenAPI_app_session_context_update_data_patch_parseFromJSON(item); if (!message->AppSessionContextUpdateDataPatch) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""JSON parse error""); END } } else { SWITCH(message->h.method) CASE(OGS_SBI_HTTP_METHOD_POST) if (message->res_status == 0 || message->res_status == OGS_SBI_HTTP_STATUS_CREATED) { message->AppSessionContext = OpenAPI_app_session_context_parseFromJSON(item); if (!message->AppSessionContext) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown method [%s]"", message->h.method); END } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; CASE(OGS_SBI_SERVICE_NAME_NAMF_CALLBACK) SWITCH(message->h.resource.component[1]) CASE(OGS_SBI_RESOURCE_NAME_SM_CONTEXT_STATUS) message->SmContextStatusNotification = OpenAPI_sm_context_status_notification_parseFromJSON(item); if (!message->SmContextStatusNotification) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[1]); END break; CASE(OGS_SBI_SERVICE_NAME_NSMF_CALLBACK) SWITCH(message->h.resource.component[0]) CASE(OGS_SBI_RESOURCE_NAME_N1_N2_FAILURE_NOTIFY) message->N1N2MsgTxfrFailureNotification = OpenAPI_n1_n2_msg_txfr_failure_notification_parseFromJSON( item); if (!message->N1N2MsgTxfrFailureNotification) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_SM_POLICY_NOTIFY) SWITCH(message->h.resource.component[2]) CASE(OGS_SBI_RESOURCE_NAME_UPDATE) message->SmPolicyNotification = OpenAPI_sm_policy_notification_parseFromJSON(item); if (!message->SmPolicyNotification) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; CASE(OGS_SBI_RESOURCE_NAME_TERMINATE) message->TerminationNotification = OpenAPI_termination_notification_parseFromJSON(item); if (!message->TerminationNotification) { rv = OGS_ERROR; ogs_error(""JSON parse error""); } break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[2]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Unknown resource name [%s]"", message->h.resource.component[0]); END break; DEFAULT rv = OGS_ERROR; ogs_error(""Not implemented API name [%s]"", message->h.service.name); END } cleanup: cJSON_Delete(item); return rv; }",visit repo url,lib/sbi/message.c,https://github.com/open5gs/open5gs,129352543196487,1 528,CWE-119,"static void tg3_read_vpd(struct tg3 *tp) { u8 *vpd_data; unsigned int block_end, rosize, len; u32 vpdlen; int j, i = 0; vpd_data = (u8 *)tg3_vpd_readblock(tp, &vpdlen); if (!vpd_data) goto out_no_vpd; i = pci_vpd_find_tag(vpd_data, 0, vpdlen, PCI_VPD_LRDT_RO_DATA); if (i < 0) goto out_not_found; rosize = pci_vpd_lrdt_size(&vpd_data[i]); block_end = i + PCI_VPD_LRDT_TAG_SIZE + rosize; i += PCI_VPD_LRDT_TAG_SIZE; if (block_end > vpdlen) goto out_not_found; j = pci_vpd_find_info_keyword(vpd_data, i, rosize, PCI_VPD_RO_KEYWORD_MFR_ID); if (j > 0) { len = pci_vpd_info_field_size(&vpd_data[j]); j += PCI_VPD_INFO_FLD_HDR_SIZE; if (j + len > block_end || len != 4 || memcmp(&vpd_data[j], ""1028"", 4)) goto partno; j = pci_vpd_find_info_keyword(vpd_data, i, rosize, PCI_VPD_RO_KEYWORD_VENDOR0); if (j < 0) goto partno; len = pci_vpd_info_field_size(&vpd_data[j]); j += PCI_VPD_INFO_FLD_HDR_SIZE; if (j + len > block_end) goto partno; memcpy(tp->fw_ver, &vpd_data[j], len); strncat(tp->fw_ver, "" bc "", vpdlen - len - 1); } partno: i = pci_vpd_find_info_keyword(vpd_data, i, rosize, PCI_VPD_RO_KEYWORD_PARTNO); if (i < 0) goto out_not_found; len = pci_vpd_info_field_size(&vpd_data[i]); i += PCI_VPD_INFO_FLD_HDR_SIZE; if (len > TG3_BPN_SIZE || (len + i) > vpdlen) goto out_not_found; memcpy(tp->board_part_number, &vpd_data[i], len); out_not_found: kfree(vpd_data); if (tp->board_part_number[0]) return; out_no_vpd: if (tg3_asic_rev(tp) == ASIC_REV_5717) { if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_5717 || tp->pdev->device == TG3PCI_DEVICE_TIGON3_5717_C) strcpy(tp->board_part_number, ""BCM5717""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_5718) strcpy(tp->board_part_number, ""BCM5718""); else goto nomatch; } else if (tg3_asic_rev(tp) == ASIC_REV_57780) { if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57780) strcpy(tp->board_part_number, ""BCM57780""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57760) strcpy(tp->board_part_number, ""BCM57760""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57790) strcpy(tp->board_part_number, ""BCM57790""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57788) strcpy(tp->board_part_number, ""BCM57788""); else goto nomatch; } else if (tg3_asic_rev(tp) == ASIC_REV_57765) { if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57761) strcpy(tp->board_part_number, ""BCM57761""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57765) strcpy(tp->board_part_number, ""BCM57765""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57781) strcpy(tp->board_part_number, ""BCM57781""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57785) strcpy(tp->board_part_number, ""BCM57785""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57791) strcpy(tp->board_part_number, ""BCM57791""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57795) strcpy(tp->board_part_number, ""BCM57795""); else goto nomatch; } else if (tg3_asic_rev(tp) == ASIC_REV_57766) { if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57762) strcpy(tp->board_part_number, ""BCM57762""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57766) strcpy(tp->board_part_number, ""BCM57766""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57782) strcpy(tp->board_part_number, ""BCM57782""); else if (tp->pdev->device == TG3PCI_DEVICE_TIGON3_57786) strcpy(tp->board_part_number, ""BCM57786""); else goto nomatch; } else if (tg3_asic_rev(tp) == ASIC_REV_5906) { strcpy(tp->board_part_number, ""BCM95906""); } else { nomatch: strcpy(tp->board_part_number, ""none""); } }",visit repo url,drivers/net/ethernet/broadcom/tg3.c,https://github.com/torvalds/linux,267014111998608,1 4779,['CWE-20'],"static ext4_fsblk_t descriptor_loc(struct super_block *sb, ext4_fsblk_t logical_sb_block, int nr) { struct ext4_sb_info *sbi = EXT4_SB(sb); ext4_group_t bg, first_meta_bg; int has_super = 0; first_meta_bg = le32_to_cpu(sbi->s_es->s_first_meta_bg); if (!EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_META_BG) || nr < first_meta_bg) return logical_sb_block + nr + 1; bg = sbi->s_desc_per_block * nr; if (ext4_bg_has_super(sb, bg)) has_super = 1; return (has_super + ext4_group_first_block_no(sb, bg)); }",linux-2.6,,,163778192970127491075419902778403329982,0 6066,['CWE-200'],"static int cbq_delete(struct Qdisc *sch, unsigned long arg) { struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *cl = (struct cbq_class*)arg; if (cl->filters || cl->children || cl == &q->link) return -EBUSY; sch_tree_lock(sch); if (cl->next_alive) cbq_deactivate_class(cl); if (q->tx_borrowed == cl) q->tx_borrowed = q->tx_class; if (q->tx_class == cl) { q->tx_class = NULL; q->tx_borrowed = NULL; } #ifdef CONFIG_NET_CLS_POLICE if (q->rx_class == cl) q->rx_class = NULL; #endif cbq_unlink_class(cl); cbq_adjust_levels(cl->tparent); cl->defmap = 0; cbq_sync_defmap(cl); cbq_rmprio(q, cl); sch_tree_unlock(sch); if (--cl->refcnt == 0) cbq_destroy_class(sch, cl); return 0; }",linux-2.6,,,269776179672135192707824109492478544145,0 139,[],"void compat_set_fd_set(unsigned long nr, compat_ulong_t __user *ufdset, unsigned long *fdset) { unsigned long odd; nr = ROUND_UP(nr, __COMPAT_NFDBITS); if (!ufdset) return; odd = nr & 1UL; nr &= ~1UL; while (nr) { unsigned long h, l; l = *fdset++; h = l >> 32; __put_user(l, ufdset); __put_user(h, ufdset+1); ufdset += 2; nr -= 2; } if (odd) __put_user(*fdset, ufdset); }",linux-2.6,,,6872181246311153838978656181236124949,0 2065,CWE-120,"static void bpf_adj_branches(struct bpf_prog *prog, u32 pos, u32 delta) { struct bpf_insn *insn = prog->insnsi; u32 i, insn_cnt = prog->len; bool pseudo_call; u8 code; int off; for (i = 0; i < insn_cnt; i++, insn++) { code = insn->code; if (BPF_CLASS(code) != BPF_JMP) continue; if (BPF_OP(code) == BPF_EXIT) continue; if (BPF_OP(code) == BPF_CALL) { if (insn->src_reg == BPF_PSEUDO_CALL) pseudo_call = true; else continue; } else { pseudo_call = false; } off = pseudo_call ? insn->imm : insn->off; if (i < pos && i + off + 1 > pos) off += delta; else if (i > pos + delta && i + off + 1 <= pos + delta) off -= delta; if (pseudo_call) insn->imm = off; else insn->off = off; } }",visit repo url,kernel/bpf/core.c,https://github.com/torvalds/linux,148242878256066,1 2806,['CWE-264'],"check_fhdr( u32 ioaddr, u32 *framelen, u32 *frameno, u32 *ack, u32 *is_first, u32 *crc_p ) { u32 crc = *crc_p; u8 value; if( inb( ioaddr + DAT ) != SBNI_SIG ) return 0; value = inb( ioaddr + DAT ); *framelen = (u32)value; crc = CRC32( value, crc ); value = inb( ioaddr + DAT ); *framelen |= ((u32)value) << 8; crc = CRC32( value, crc ); *ack = *framelen & FRAME_ACK_MASK; *is_first = (*framelen & FRAME_FIRST) != 0; if( (*framelen &= FRAME_LEN_MASK) < 6 || *framelen > SBNI_MAX_FRAME - 3 ) return 0; value = inb( ioaddr + DAT ); *frameno = (u32)value; crc = CRC32( value, crc ); crc = CRC32( inb( ioaddr + DAT ), crc ); *framelen -= 2; *crc_p = crc; return 1; }",linux-2.6,,,10481140866930151282877110988672653844,0 1438,CWE-399,"static void kvmclock_reset(struct kvm_vcpu *vcpu) { if (vcpu->arch.time_page) { kvm_release_page_dirty(vcpu->arch.time_page); vcpu->arch.time_page = NULL; } }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,21387996709866,1 1689,[],"move_group_shares(struct task_group *tg, struct sched_domain *sd, int scpu, int dcpu) { while (tg) { __move_group_shares(tg, sd, scpu, dcpu); tg = tg->parent; } }",linux-2.6,,,75471065383893774554651028827396672806,0 2437,CWE-125,"static int dnxhd_decode_header(DNXHDContext *ctx, AVFrame *frame, const uint8_t *buf, int buf_size, int first_field) { int i, cid, ret; int old_bit_depth = ctx->bit_depth, bitdepth; uint64_t header_prefix; if (buf_size < 0x280) { av_log(ctx->avctx, AV_LOG_ERROR, ""buffer too small (%d < 640).\n"", buf_size); return AVERROR_INVALIDDATA; } header_prefix = ff_dnxhd_parse_header_prefix(buf); if (header_prefix == 0) { av_log(ctx->avctx, AV_LOG_ERROR, ""unknown header 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X\n"", buf[0], buf[1], buf[2], buf[3], buf[4]); return AVERROR_INVALIDDATA; } if (buf[5] & 2) { ctx->cur_field = buf[5] & 1; frame->interlaced_frame = 1; frame->top_field_first = first_field ^ ctx->cur_field; av_log(ctx->avctx, AV_LOG_DEBUG, ""interlaced %d, cur field %d\n"", buf[5] & 3, ctx->cur_field); } else { ctx->cur_field = 0; } ctx->mbaff = (buf[0x6] >> 5) & 1; ctx->height = AV_RB16(buf + 0x18); ctx->width = AV_RB16(buf + 0x1a); switch(buf[0x21] >> 5) { case 1: bitdepth = 8; break; case 2: bitdepth = 10; break; case 3: bitdepth = 12; break; default: av_log(ctx->avctx, AV_LOG_ERROR, ""Unknown bitdepth indicator (%d)\n"", buf[0x21] >> 5); return AVERROR_INVALIDDATA; } cid = AV_RB32(buf + 0x28); ctx->avctx->profile = dnxhd_get_profile(cid); if ((ret = dnxhd_init_vlc(ctx, cid, bitdepth)) < 0) return ret; if (ctx->mbaff && ctx->cid_table->cid != 1260) av_log(ctx->avctx, AV_LOG_WARNING, ""Adaptive MB interlace flag in an unsupported profile.\n""); ctx->act = buf[0x2C] & 7; if (ctx->act && ctx->cid_table->cid != 1256 && ctx->cid_table->cid != 1270) av_log(ctx->avctx, AV_LOG_WARNING, ""Adaptive color transform in an unsupported profile.\n""); ctx->is_444 = (buf[0x2C] >> 6) & 1; if (ctx->is_444) { if (bitdepth == 8) { avpriv_request_sample(ctx->avctx, ""4:4:4 8 bits""); return AVERROR_INVALIDDATA; } else if (bitdepth == 10) { ctx->decode_dct_block = dnxhd_decode_dct_block_10_444; ctx->pix_fmt = ctx->act ? AV_PIX_FMT_YUV444P10 : AV_PIX_FMT_GBRP10; } else { ctx->decode_dct_block = dnxhd_decode_dct_block_12_444; ctx->pix_fmt = ctx->act ? AV_PIX_FMT_YUV444P12 : AV_PIX_FMT_GBRP12; } } else if (bitdepth == 12) { ctx->decode_dct_block = dnxhd_decode_dct_block_12; ctx->pix_fmt = AV_PIX_FMT_YUV422P12; } else if (bitdepth == 10) { if (ctx->avctx->profile == FF_PROFILE_DNXHR_HQX) ctx->decode_dct_block = dnxhd_decode_dct_block_10_444; else ctx->decode_dct_block = dnxhd_decode_dct_block_10; ctx->pix_fmt = AV_PIX_FMT_YUV422P10; } else { ctx->decode_dct_block = dnxhd_decode_dct_block_8; ctx->pix_fmt = AV_PIX_FMT_YUV422P; } ctx->avctx->bits_per_raw_sample = ctx->bit_depth = bitdepth; if (ctx->bit_depth != old_bit_depth) { ff_blockdsp_init(&ctx->bdsp, ctx->avctx); ff_idctdsp_init(&ctx->idsp, ctx->avctx); ff_init_scantable(ctx->idsp.idct_permutation, &ctx->scantable, ff_zigzag_direct); } if (ctx->width != ctx->cid_table->width && ctx->cid_table->width != DNXHD_VARIABLE) { av_reduce(&ctx->avctx->sample_aspect_ratio.num, &ctx->avctx->sample_aspect_ratio.den, ctx->width, ctx->cid_table->width, 255); ctx->width = ctx->cid_table->width; } if (buf_size < ctx->cid_table->coding_unit_size) { av_log(ctx->avctx, AV_LOG_ERROR, ""incorrect frame size (%d < %u).\n"", buf_size, ctx->cid_table->coding_unit_size); return AVERROR_INVALIDDATA; } ctx->mb_width = (ctx->width + 15)>> 4; ctx->mb_height = AV_RB16(buf + 0x16c); if ((ctx->height + 15) >> 4 == ctx->mb_height && frame->interlaced_frame) ctx->height <<= 1; av_log(ctx->avctx, AV_LOG_VERBOSE, ""%dx%d, 4:%s %d bits, MBAFF=%d ACT=%d\n"", ctx->width, ctx->height, ctx->is_444 ? ""4:4"" : ""2:2"", ctx->bit_depth, ctx->mbaff, ctx->act); if (ctx->mb_height > 68 && ff_dnxhd_check_header_prefix_hr(header_prefix)) { ctx->data_offset = 0x170 + (ctx->mb_height << 2); } else { if (ctx->mb_height > 68 || (ctx->mb_height << frame->interlaced_frame) > (ctx->height + 15) >> 4) { av_log(ctx->avctx, AV_LOG_ERROR, ""mb height too big: %d\n"", ctx->mb_height); return AVERROR_INVALIDDATA; } ctx->data_offset = 0x280; } if (buf_size < ctx->data_offset) { av_log(ctx->avctx, AV_LOG_ERROR, ""buffer too small (%d < %d).\n"", buf_size, ctx->data_offset); return AVERROR_INVALIDDATA; } if (ctx->mb_height > FF_ARRAY_ELEMS(ctx->mb_scan_index)) { av_log(ctx->avctx, AV_LOG_ERROR, ""mb_height too big (%d > %""SIZE_SPECIFIER"").\n"", ctx->mb_height, FF_ARRAY_ELEMS(ctx->mb_scan_index)); return AVERROR_INVALIDDATA; } for (i = 0; i < ctx->mb_height; i++) { ctx->mb_scan_index[i] = AV_RB32(buf + 0x170 + (i << 2)); ff_dlog(ctx->avctx, ""mb scan index %d, pos %d: %""PRIu32""\n"", i, 0x170 + (i << 2), ctx->mb_scan_index[i]); if (buf_size - ctx->data_offset < ctx->mb_scan_index[i]) { av_log(ctx->avctx, AV_LOG_ERROR, ""invalid mb scan index (%""PRIu32"" vs %u).\n"", ctx->mb_scan_index[i], buf_size - ctx->data_offset); return AVERROR_INVALIDDATA; } } return 0; }",visit repo url,libavcodec/dnxhddec.c,https://github.com/FFmpeg/FFmpeg,242828758545036,1 5884,['CWE-200'],"static void nr_set_lockdep_one(struct net_device *dev, struct netdev_queue *txq, void *_unused) { lockdep_set_class(&txq->_xmit_lock, &nr_netdev_xmit_lock_key); }",linux-2.6,,,150701363696029322059975238318115813994,0 4724,['CWE-20'],"static int ext4_load_journal(struct super_block *sb, struct ext4_super_block *es, unsigned long journal_devnum) { journal_t *journal; unsigned int journal_inum = le32_to_cpu(es->s_journal_inum); dev_t journal_dev; int err = 0; int really_read_only; BUG_ON(!EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)); if (journal_devnum && journal_devnum != le32_to_cpu(es->s_journal_dev)) { printk(KERN_INFO ""EXT4-fs: external journal device major/minor "" ""numbers have changed\n""); journal_dev = new_decode_dev(journal_devnum); } else journal_dev = new_decode_dev(le32_to_cpu(es->s_journal_dev)); really_read_only = bdev_read_only(sb->s_bdev); if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER)) { if (sb->s_flags & MS_RDONLY) { printk(KERN_INFO ""EXT4-fs: INFO: recovery "" ""required on readonly filesystem.\n""); if (really_read_only) { printk(KERN_ERR ""EXT4-fs: write access "" ""unavailable, cannot proceed.\n""); return -EROFS; } printk(KERN_INFO ""EXT4-fs: write access will "" ""be enabled during recovery.\n""); } } if (journal_inum && journal_dev) { printk(KERN_ERR ""EXT4-fs: filesystem has both journal "" ""and inode journals!\n""); return -EINVAL; } if (journal_inum) { if (!(journal = ext4_get_journal(sb, journal_inum))) return -EINVAL; } else { if (!(journal = ext4_get_dev_journal(sb, journal_dev))) return -EINVAL; } if (journal->j_flags & JBD2_BARRIER) printk(KERN_INFO ""EXT4-fs: barriers enabled\n""); else printk(KERN_INFO ""EXT4-fs: barriers disabled\n""); if (!really_read_only && test_opt(sb, UPDATE_JOURNAL)) { err = jbd2_journal_update_format(journal); if (err) { printk(KERN_ERR ""EXT4-fs: error updating journal.\n""); jbd2_journal_destroy(journal); return err; } } if (!EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER)) err = jbd2_journal_wipe(journal, !really_read_only); if (!err) err = jbd2_journal_load(journal); if (err) { printk(KERN_ERR ""EXT4-fs: error loading journal.\n""); jbd2_journal_destroy(journal); return err; } EXT4_SB(sb)->s_journal = journal; ext4_clear_journal_err(sb, es); if (journal_devnum && journal_devnum != le32_to_cpu(es->s_journal_dev)) { es->s_journal_dev = cpu_to_le32(journal_devnum); sb->s_dirt = 1; ext4_commit_super(sb, es, 1); } return 0; }",linux-2.6,,,59379619733707504439056734220575754008,0 869,['CWE-119'],"register_isdn(isdn_if * i) { isdn_driver_t *d; int j; ulong flags; int drvidx; if (dev->drivers >= ISDN_MAX_DRIVERS) { printk(KERN_WARNING ""register_isdn: Max. %d drivers supported\n"", ISDN_MAX_DRIVERS); return 0; } if (!i->writebuf_skb) { printk(KERN_WARNING ""register_isdn: No write routine given.\n""); return 0; } if (!(d = kzalloc(sizeof(isdn_driver_t), GFP_KERNEL))) { printk(KERN_WARNING ""register_isdn: Could not alloc driver-struct\n""); return 0; } d->maxbufsize = i->maxbufsize; d->pktcount = 0; d->stavail = 0; d->flags = DRV_FLAG_LOADED; d->online = 0; d->interface = i; d->channels = 0; spin_lock_irqsave(&dev->lock, flags); for (drvidx = 0; drvidx < ISDN_MAX_DRIVERS; drvidx++) if (!dev->drv[drvidx]) break; if (isdn_add_channels(d, drvidx, i->channels, 0)) { spin_unlock_irqrestore(&dev->lock, flags); kfree(d); return 0; } i->channels = drvidx; i->rcvcallb_skb = isdn_receive_skb_callback; i->statcallb = isdn_status_callback; if (!strlen(i->id)) sprintf(i->id, ""line%d"", drvidx); for (j = 0; j < drvidx; j++) if (!strcmp(i->id, dev->drvid[j])) sprintf(i->id, ""line%d"", drvidx); dev->drv[drvidx] = d; strcpy(dev->drvid[drvidx], i->id); isdn_info_update(); dev->drivers++; set_global_features(); spin_unlock_irqrestore(&dev->lock, flags); return 1; }",linux-2.6,,,51939089566283922399547794635031816486,0 6220,CWE-190,"void fp54_read_bin(fp54_t a, const uint8_t *bin, int len) { if (len != 36 * RLC_FP_BYTES && len != 54 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } if (len == 36 * RLC_FP_BYTES) { fp9_zero(a[0][0]); fp9_zero(a[0][1]); fp9_read_bin(a[1][0], bin, 9 * RLC_FP_BYTES); fp9_read_bin(a[1][1], bin + 9 * RLC_FP_BYTES, 9 * RLC_FP_BYTES); fp9_read_bin(a[2][0], bin + 18 * RLC_FP_BYTES, 9 * RLC_FP_BYTES); fp9_read_bin(a[2][1], bin + 27 * RLC_FP_BYTES, 9 * RLC_FP_BYTES); fp54_back_cyc(a, a); } if (len == 54 * RLC_FP_BYTES) { fp18_read_bin(a[0], bin, 18 * RLC_FP_BYTES); fp18_read_bin(a[1], bin + 18 * RLC_FP_BYTES, 18 * RLC_FP_BYTES); fp18_read_bin(a[2], bin + 36 * RLC_FP_BYTES, 18 * RLC_FP_BYTES); } }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,144108399967483,1 3,CWE-252,"vsyslog(pri, fmt, ap) int pri; register const char *fmt; va_list ap; { struct tm now_tm; time_t now; int fd; FILE *f; char *buf = 0; size_t bufsize = 0; size_t prioff, msgoff; struct sigaction action, oldaction; struct sigaction *oldaction_ptr = NULL; int sigpipe; int saved_errno = errno; #define INTERNALLOG LOG_ERR|LOG_CONS|LOG_PERROR|LOG_PID if (pri & ~(LOG_PRIMASK|LOG_FACMASK)) { syslog(INTERNALLOG, ""syslog: unknown facility/priority: %x"", pri); pri &= LOG_PRIMASK|LOG_FACMASK; } if ((LOG_MASK (LOG_PRI (pri)) & LogMask) == 0) return; if ((pri & LOG_FACMASK) == 0) pri |= LogFacility; f = open_memstream (&buf, &bufsize); prioff = fprintf (f, ""<%d>"", pri); (void) time (&now); #ifdef USE_IN_LIBIO f->_IO_write_ptr += strftime (f->_IO_write_ptr, f->_IO_write_end - f->_IO_write_ptr, ""%h %e %T "", __localtime_r (&now, &now_tm)); #else f->__bufp += strftime (f->__bufp, f->__put_limit - f->__bufp, ""%h %e %T "", __localtime_r (&now, &now_tm)); #endif msgoff = ftell (f); if (LogTag == NULL) LogTag = __progname; if (LogTag != NULL) fputs_unlocked (LogTag, f); if (LogStat & LOG_PID) fprintf (f, ""[%d]"", __getpid ()); if (LogTag != NULL) putc_unlocked (':', f), putc_unlocked (' ', f); __set_errno (saved_errno); vfprintf (f, fmt, ap); fclose (f); if (LogStat & LOG_PERROR) { struct iovec iov[2]; register struct iovec *v = iov; v->iov_base = buf + msgoff; v->iov_len = bufsize - msgoff; ++v; v->iov_base = (char *) ""\n""; v->iov_len = 1; (void)__writev(STDERR_FILENO, iov, 2); } __libc_cleanup_region_start ((void (*) (void *)) cancel_handler, &oldaction_ptr); __libc_lock_lock (syslog_lock); memset (&action, 0, sizeof (action)); action.sa_handler = sigpipe_handler; sigemptyset (&action.sa_mask); sigpipe = __sigaction (SIGPIPE, &action, &oldaction); if (sigpipe == 0) oldaction_ptr = &oldaction; if (!connected) openlog_internal(LogTag, LogStat | LOG_NDELAY, 0); if (LogType == SOCK_STREAM) ++bufsize; if (!connected || __send(LogFile, buf, bufsize, 0) < 0) { closelog_internal (); if (LogStat & LOG_CONS && (fd = __open(_PATH_CONSOLE, O_WRONLY|O_NOCTTY, 0)) >= 0) { dprintf (fd, ""%s\r\n"", buf + msgoff); (void)__close(fd); } } if (sigpipe == 0) __sigaction (SIGPIPE, &oldaction, (struct sigaction *) NULL); __libc_cleanup_region_end (0); __libc_lock_unlock (syslog_lock); free (buf); }",visit repo url,misc/syslog.c,https://github.com/bminor/glibc,72830509948802,1 337,CWE-119,"static int su3000_power_ctrl(struct dvb_usb_device *d, int i) { struct dw2102_state *state = (struct dw2102_state *)d->priv; u8 obuf[] = {0xde, 0}; info(""%s: %d, initialized %d"", __func__, i, state->initialized); if (i && !state->initialized) { state->initialized = 1; return dvb_usb_generic_rw(d, obuf, 2, NULL, 0, 0); } return 0; }",visit repo url,drivers/media/usb/dvb-usb/dw2102.c,https://github.com/torvalds/linux,188452751930601,1 4027,CWE-787,"int ZEXPORT inflate(strm, flush) z_streamp strm; int flush; { struct inflate_state FAR *state; z_const unsigned char FAR *next; unsigned char FAR *put; unsigned have, left; unsigned long hold; unsigned bits; unsigned in, out; unsigned copy; unsigned char FAR *from; code here; code last; unsigned len; int ret; #ifdef GUNZIP unsigned char hbuf[4]; #endif static const unsigned short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; if (inflateStateCheck(strm) || strm->next_out == Z_NULL || (strm->next_in == Z_NULL && strm->avail_in != 0)) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; if (state->mode == TYPE) state->mode = TYPEDO; LOAD(); in = have; out = left; ret = Z_OK; for (;;) switch (state->mode) { case HEAD: if (state->wrap == 0) { state->mode = TYPEDO; break; } NEEDBITS(16); #ifdef GUNZIP if ((state->wrap & 2) && hold == 0x8b1f) { if (state->wbits == 0) state->wbits = 15; state->check = crc32(0L, Z_NULL, 0); CRC2(state->check, hold); INITBITS(); state->mode = FLAGS; break; } if (state->head != Z_NULL) state->head->done = -1; if (!(state->wrap & 1) || #else if ( #endif ((BITS(8) << 8) + (hold >> 8)) % 31) { strm->msg = (char *)""incorrect header check""; state->mode = BAD; break; } if (BITS(4) != Z_DEFLATED) { strm->msg = (char *)""unknown compression method""; state->mode = BAD; break; } DROPBITS(4); len = BITS(4) + 8; if (state->wbits == 0) state->wbits = len; if (len > 15 || len > state->wbits) { strm->msg = (char *)""invalid window size""; state->mode = BAD; break; } state->dmax = 1U << len; state->flags = 0; Tracev((stderr, ""inflate: zlib header ok\n"")); strm->adler = state->check = adler32(0L, Z_NULL, 0); state->mode = hold & 0x200 ? DICTID : TYPE; INITBITS(); break; #ifdef GUNZIP case FLAGS: NEEDBITS(16); state->flags = (int)(hold); if ((state->flags & 0xff) != Z_DEFLATED) { strm->msg = (char *)""unknown compression method""; state->mode = BAD; break; } if (state->flags & 0xe000) { strm->msg = (char *)""unknown header flags set""; state->mode = BAD; break; } if (state->head != Z_NULL) state->head->text = (int)((hold >> 8) & 1); if ((state->flags & 0x0200) && (state->wrap & 4)) CRC2(state->check, hold); INITBITS(); state->mode = TIME; case TIME: NEEDBITS(32); if (state->head != Z_NULL) state->head->time = hold; if ((state->flags & 0x0200) && (state->wrap & 4)) CRC4(state->check, hold); INITBITS(); state->mode = OS; case OS: NEEDBITS(16); if (state->head != Z_NULL) { state->head->xflags = (int)(hold & 0xff); state->head->os = (int)(hold >> 8); } if ((state->flags & 0x0200) && (state->wrap & 4)) CRC2(state->check, hold); INITBITS(); state->mode = EXLEN; case EXLEN: if (state->flags & 0x0400) { NEEDBITS(16); state->length = (unsigned)(hold); if (state->head != Z_NULL) state->head->extra_len = (unsigned)hold; if ((state->flags & 0x0200) && (state->wrap & 4)) CRC2(state->check, hold); INITBITS(); } else if (state->head != Z_NULL) state->head->extra = Z_NULL; state->mode = EXTRA; case EXTRA: if (state->flags & 0x0400) { copy = state->length; if (copy > have) copy = have; if (copy) { if (state->head != Z_NULL && state->head->extra != Z_NULL) { len = state->head->extra_len - state->length; zmemcpy(state->head->extra + len, next, len + copy > state->head->extra_max ? state->head->extra_max - len : copy); } if ((state->flags & 0x0200) && (state->wrap & 4)) state->check = crc32(state->check, next, copy); have -= copy; next += copy; state->length -= copy; } if (state->length) goto inf_leave; } state->length = 0; state->mode = NAME; case NAME: if (state->flags & 0x0800) { if (have == 0) goto inf_leave; copy = 0; do { len = (unsigned)(next[copy++]); if (state->head != Z_NULL && state->head->name != Z_NULL && state->length < state->head->name_max) state->head->name[state->length++] = (Bytef)len; } while (len && copy < have); if ((state->flags & 0x0200) && (state->wrap & 4)) state->check = crc32(state->check, next, copy); have -= copy; next += copy; if (len) goto inf_leave; } else if (state->head != Z_NULL) state->head->name = Z_NULL; state->length = 0; state->mode = COMMENT; case COMMENT: if (state->flags & 0x1000) { if (have == 0) goto inf_leave; copy = 0; do { len = (unsigned)(next[copy++]); if (state->head != Z_NULL && state->head->comment != Z_NULL && state->length < state->head->comm_max) state->head->comment[state->length++] = (Bytef)len; } while (len && copy < have); if ((state->flags & 0x0200) && (state->wrap & 4)) state->check = crc32(state->check, next, copy); have -= copy; next += copy; if (len) goto inf_leave; } else if (state->head != Z_NULL) state->head->comment = Z_NULL; state->mode = HCRC; case HCRC: if (state->flags & 0x0200) { NEEDBITS(16); if ((state->wrap & 4) && hold != (state->check & 0xffff)) { strm->msg = (char *)""header crc mismatch""; state->mode = BAD; break; } INITBITS(); } if (state->head != Z_NULL) { state->head->hcrc = (int)((state->flags >> 9) & 1); state->head->done = 1; } strm->adler = state->check = crc32(0L, Z_NULL, 0); state->mode = TYPE; break; #endif case DICTID: NEEDBITS(32); strm->adler = state->check = ZSWAP32(hold); INITBITS(); state->mode = DICT; case DICT: if (state->havedict == 0) { RESTORE(); return Z_NEED_DICT; } strm->adler = state->check = adler32(0L, Z_NULL, 0); state->mode = TYPE; case TYPE: if (flush == Z_BLOCK || flush == Z_TREES) goto inf_leave; case TYPEDO: if (state->last) { BYTEBITS(); state->mode = CHECK; break; } NEEDBITS(3); state->last = BITS(1); DROPBITS(1); switch (BITS(2)) { case 0: Tracev((stderr, ""inflate: stored block%s\n"", state->last ? "" (last)"" : """")); state->mode = STORED; break; case 1: fixedtables(state); Tracev((stderr, ""inflate: fixed codes block%s\n"", state->last ? "" (last)"" : """")); state->mode = LEN_; if (flush == Z_TREES) { DROPBITS(2); goto inf_leave; } break; case 2: Tracev((stderr, ""inflate: dynamic codes block%s\n"", state->last ? "" (last)"" : """")); state->mode = TABLE; break; case 3: strm->msg = (char *)""invalid block type""; state->mode = BAD; } DROPBITS(2); break; case STORED: BYTEBITS(); NEEDBITS(32); if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) { strm->msg = (char *)""invalid stored block lengths""; state->mode = BAD; break; } state->length = (unsigned)hold & 0xffff; Tracev((stderr, ""inflate: stored length %u\n"", state->length)); INITBITS(); state->mode = COPY_; if (flush == Z_TREES) goto inf_leave; case COPY_: state->mode = COPY; case COPY: copy = state->length; if (copy) { if (copy > have) copy = have; if (copy > left) copy = left; if (copy == 0) goto inf_leave; zmemcpy(put, next, copy); have -= copy; next += copy; left -= copy; put += copy; state->length -= copy; break; } Tracev((stderr, ""inflate: stored end\n"")); state->mode = TYPE; break; case TABLE: NEEDBITS(14); state->nlen = BITS(5) + 257; DROPBITS(5); state->ndist = BITS(5) + 1; DROPBITS(5); state->ncode = BITS(4) + 4; DROPBITS(4); #ifndef PKZIP_BUG_WORKAROUND if (state->nlen > 286 || state->ndist > 30) { strm->msg = (char *)""too many length or distance symbols""; state->mode = BAD; break; } #endif Tracev((stderr, ""inflate: table sizes ok\n"")); state->have = 0; state->mode = LENLENS; case LENLENS: while (state->have < state->ncode) { NEEDBITS(3); state->lens[order[state->have++]] = (unsigned short)BITS(3); DROPBITS(3); } while (state->have < 19) state->lens[order[state->have++]] = 0; state->next = state->codes; state->lencode = (const code FAR *)(state->next); state->lenbits = 7; ret = inflate_table(CODES, state->lens, 19, &(state->next), &(state->lenbits), state->work); if (ret) { strm->msg = (char *)""invalid code lengths set""; state->mode = BAD; break; } Tracev((stderr, ""inflate: code lengths ok\n"")); state->have = 0; state->mode = CODELENS; case CODELENS: while (state->have < state->nlen + state->ndist) { for (;;) { here = state->lencode[BITS(state->lenbits)]; if ((unsigned)(here.bits) <= bits) break; PULLBYTE(); } if (here.val < 16) { DROPBITS(here.bits); state->lens[state->have++] = here.val; } else { if (here.val == 16) { NEEDBITS(here.bits + 2); DROPBITS(here.bits); if (state->have == 0) { strm->msg = (char *)""invalid bit length repeat""; state->mode = BAD; break; } len = state->lens[state->have - 1]; copy = 3 + BITS(2); DROPBITS(2); } else if (here.val == 17) { NEEDBITS(here.bits + 3); DROPBITS(here.bits); len = 0; copy = 3 + BITS(3); DROPBITS(3); } else { NEEDBITS(here.bits + 7); DROPBITS(here.bits); len = 0; copy = 11 + BITS(7); DROPBITS(7); } if (state->have + copy > state->nlen + state->ndist) { strm->msg = (char *)""invalid bit length repeat""; state->mode = BAD; break; } while (copy--) state->lens[state->have++] = (unsigned short)len; } } if (state->mode == BAD) break; if (state->lens[256] == 0) { strm->msg = (char *)""invalid code -- missing end-of-block""; state->mode = BAD; break; } state->next = state->codes; state->lencode = (const code FAR *)(state->next); state->lenbits = 9; ret = inflate_table(LENS, state->lens, state->nlen, &(state->next), &(state->lenbits), state->work); if (ret) { strm->msg = (char *)""invalid literal/lengths set""; state->mode = BAD; break; } state->distcode = (const code FAR *)(state->next); state->distbits = 6; ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist, &(state->next), &(state->distbits), state->work); if (ret) { strm->msg = (char *)""invalid distances set""; state->mode = BAD; break; } Tracev((stderr, ""inflate: codes ok\n"")); state->mode = LEN_; if (flush == Z_TREES) goto inf_leave; case LEN_: state->mode = LEN; case LEN: if (have >= 6 && left >= 258) { RESTORE(); inflate_fast(strm, out); LOAD(); if (state->mode == TYPE) state->back = -1; break; } state->back = 0; for (;;) { here = state->lencode[BITS(state->lenbits)]; if ((unsigned)(here.bits) <= bits) break; PULLBYTE(); } if (here.op && (here.op & 0xf0) == 0) { last = here; for (;;) { here = state->lencode[last.val + (BITS(last.bits + last.op) >> last.bits)]; if ((unsigned)(last.bits + here.bits) <= bits) break; PULLBYTE(); } DROPBITS(last.bits); state->back += last.bits; } DROPBITS(here.bits); state->back += here.bits; state->length = (unsigned)here.val; if ((int)(here.op) == 0) { Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? ""inflate: literal '%c'\n"" : ""inflate: literal 0x%02x\n"", here.val)); state->mode = LIT; break; } if (here.op & 32) { Tracevv((stderr, ""inflate: end of block\n"")); state->back = -1; state->mode = TYPE; break; } if (here.op & 64) { strm->msg = (char *)""invalid literal/length code""; state->mode = BAD; break; } state->extra = (unsigned)(here.op) & 15; state->mode = LENEXT; case LENEXT: if (state->extra) { NEEDBITS(state->extra); state->length += BITS(state->extra); DROPBITS(state->extra); state->back += state->extra; } Tracevv((stderr, ""inflate: length %u\n"", state->length)); state->was = state->length; state->mode = DIST; case DIST: for (;;) { here = state->distcode[BITS(state->distbits)]; if ((unsigned)(here.bits) <= bits) break; PULLBYTE(); } if ((here.op & 0xf0) == 0) { last = here; for (;;) { here = state->distcode[last.val + (BITS(last.bits + last.op) >> last.bits)]; if ((unsigned)(last.bits + here.bits) <= bits) break; PULLBYTE(); } DROPBITS(last.bits); state->back += last.bits; } DROPBITS(here.bits); state->back += here.bits; if (here.op & 64) { strm->msg = (char *)""invalid distance code""; state->mode = BAD; break; } state->offset = (unsigned)here.val; state->extra = (unsigned)(here.op) & 15; state->mode = DISTEXT; case DISTEXT: if (state->extra) { NEEDBITS(state->extra); state->offset += BITS(state->extra); DROPBITS(state->extra); state->back += state->extra; } #ifdef INFLATE_STRICT if (state->offset > state->dmax) { strm->msg = (char *)""invalid distance too far back""; state->mode = BAD; break; } #endif Tracevv((stderr, ""inflate: distance %u\n"", state->offset)); state->mode = MATCH; case MATCH: if (left == 0) goto inf_leave; copy = out - left; if (state->offset > copy) { copy = state->offset - copy; if (copy > state->whave) { if (state->sane) { strm->msg = (char *)""invalid distance too far back""; state->mode = BAD; break; } #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR Trace((stderr, ""inflate.c too far\n"")); copy -= state->whave; if (copy > state->length) copy = state->length; if (copy > left) copy = left; left -= copy; state->length -= copy; do { *put++ = 0; } while (--copy); if (state->length == 0) state->mode = LEN; break; #endif } if (copy > state->wnext) { copy -= state->wnext; from = state->window + (state->wsize - copy); } else from = state->window + (state->wnext - copy); if (copy > state->length) copy = state->length; } else { from = put - state->offset; copy = state->length; } if (copy > left) copy = left; left -= copy; state->length -= copy; do { *put++ = *from++; } while (--copy); if (state->length == 0) state->mode = LEN; break; case LIT: if (left == 0) goto inf_leave; *put++ = (unsigned char)(state->length); left--; state->mode = LEN; break; case CHECK: if (state->wrap) { NEEDBITS(32); out -= left; strm->total_out += out; state->total += out; if ((state->wrap & 4) && out) strm->adler = state->check = UPDATE_CHECK(state->check, put - out, out); out = left; if ((state->wrap & 4) && ( #ifdef GUNZIP state->flags ? hold : #endif ZSWAP32(hold)) != state->check) { strm->msg = (char *)""incorrect data check""; state->mode = BAD; break; } INITBITS(); Tracev((stderr, ""inflate: check matches trailer\n"")); } #ifdef GUNZIP state->mode = LENGTH; case LENGTH: if (state->wrap && state->flags) { NEEDBITS(32); if ((state->wrap & 4) && hold != (state->total & 0xffffffff)) { strm->msg = (char *)""incorrect length check""; state->mode = BAD; break; } INITBITS(); Tracev((stderr, ""inflate: length matches trailer\n"")); } #endif state->mode = DONE; case DONE: ret = Z_STREAM_END; goto inf_leave; case BAD: ret = Z_DATA_ERROR; goto inf_leave; case MEM: return Z_MEM_ERROR; case SYNC: default: return Z_STREAM_ERROR; } inf_leave: RESTORE(); if (state->wsize || (out != strm->avail_out && state->mode < BAD && (state->mode < CHECK || flush != Z_FINISH))) if (updatewindow(strm, strm->next_out, out - strm->avail_out)) { state->mode = MEM; return Z_MEM_ERROR; } in -= strm->avail_in; out -= strm->avail_out; strm->total_in += in; strm->total_out += out; state->total += out; if ((state->wrap & 4) && out) strm->adler = state->check = UPDATE_CHECK(state->check, strm->next_out - out, out); strm->data_type = (int)state->bits + (state->last ? 64 : 0) + (state->mode == TYPE ? 128 : 0) + (state->mode == LEN_ || state->mode == COPY_ ? 256 : 0); if (((in == 0 && out == 0) || flush == Z_FINISH) && ret == Z_OK) ret = Z_BUF_ERROR; return ret; }",visit repo url,inflate.c,https://github.com/madler/zlib,244528728490889,1 2150,['CWE-400'],"static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *symname) { int error; int len; struct inode *inode; struct page *page = NULL; char *kaddr; struct shmem_inode_info *info; len = strlen(symname) + 1; if (len > PAGE_CACHE_SIZE) return -ENAMETOOLONG; inode = shmem_get_inode(dir->i_sb, S_IFLNK|S_IRWXUGO, 0); if (!inode) return -ENOSPC; error = security_inode_init_security(inode, dir, NULL, NULL, NULL); if (error) { if (error != -EOPNOTSUPP) { iput(inode); return error; } error = 0; } info = SHMEM_I(inode); inode->i_size = len-1; if (len <= (char *)inode - (char *)info) { memcpy(info, symname, len); inode->i_op = &shmem_symlink_inline_operations; } else { error = shmem_getpage(inode, 0, &page, SGP_WRITE, NULL); if (error) { iput(inode); return error; } unlock_page(page); inode->i_mapping->a_ops = &shmem_aops; inode->i_op = &shmem_symlink_inode_operations; kaddr = kmap_atomic(page, KM_USER0); memcpy(kaddr, symname, len); kunmap_atomic(kaddr, KM_USER0); set_page_dirty(page); page_cache_release(page); } if (dir->i_mode & S_ISGID) inode->i_gid = dir->i_gid; dir->i_size += BOGO_DIRENT_SIZE; dir->i_ctime = dir->i_mtime = CURRENT_TIME; d_instantiate(dentry, inode); dget(dentry); return 0; }",linux-2.6,,,247672961839612882487490956863416302649,0 1234,[],"m4_index (struct obstack *obs, int argc, token_data **argv) { const char *haystack; const char *result; int retval; if (bad_argc (argv[0], argc, 3, 3)) { if (argc == 2) shipout_int (obs, 0); return; } haystack = ARG (1); result = strstr (haystack, ARG (2)); retval = result ? result - haystack : -1; shipout_int (obs, retval); }",m4,,,41399366228791946433565872568635241368,0 6382,['CWE-200'],"static int tcf_node_dump(struct tcf_proto *tp, unsigned long n, struct tcf_walker *arg) { struct tcf_dump_args *a = (void *)arg; return tcf_fill_node(a->skb, tp, n, NETLINK_CB(a->cb->skb).pid, a->cb->nlh->nlmsg_seq, NLM_F_MULTI, RTM_NEWTFILTER); }",linux-2.6,,,70828206337047071003611273076779724029,0 5069,['CWE-20'],"static void fixup_rmode_irq(struct vcpu_vmx *vmx) { vmx->rmode.irq.pending = 0; if (kvm_rip_read(&vmx->vcpu) + 1 != vmx->rmode.irq.rip) return; kvm_rip_write(&vmx->vcpu, vmx->rmode.irq.rip); if (vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK) { vmx->idt_vectoring_info &= ~VECTORING_INFO_TYPE_MASK; vmx->idt_vectoring_info |= INTR_TYPE_EXT_INTR; return; } vmx->idt_vectoring_info = VECTORING_INFO_VALID_MASK | INTR_TYPE_EXT_INTR | vmx->rmode.irq.vector; }",linux-2.6,,,293223218752006671172354437452616521259,0 2937,CWE-310,"static void test_iterators() { json_t *object, *foo, *bar, *baz; void *iter; if(json_object_iter(NULL)) fail(""able to iterate over NULL""); if(json_object_iter_next(NULL, NULL)) fail(""able to increment an iterator on a NULL object""); object = json_object(); foo = json_string(""foo""); bar = json_string(""bar""); baz = json_string(""baz""); if(!object || !foo || !bar || !bar) fail(""unable to create values""); if(json_object_iter_next(object, NULL)) fail(""able to increment a NULL iterator""); if(json_object_set(object, ""a"", foo) || json_object_set(object, ""b"", bar) || json_object_set(object, ""c"", baz)) fail(""unable to populate object""); iter = json_object_iter(object); if(!iter) fail(""unable to get iterator""); if(strcmp(json_object_iter_key(iter), ""a"")) fail(""iterating failed: wrong key""); if(json_object_iter_value(iter) != foo) fail(""iterating failed: wrong value""); iter = json_object_iter_next(object, iter); if(!iter) fail(""unable to increment iterator""); if(strcmp(json_object_iter_key(iter), ""b"")) fail(""iterating failed: wrong key""); if(json_object_iter_value(iter) != bar) fail(""iterating failed: wrong value""); iter = json_object_iter_next(object, iter); if(!iter) fail(""unable to increment iterator""); if(strcmp(json_object_iter_key(iter), ""c"")) fail(""iterating failed: wrong key""); if(json_object_iter_value(iter) != baz) fail(""iterating failed: wrong value""); if(json_object_iter_next(object, iter) != NULL) fail(""able to iterate over the end""); if(json_object_iter_at(object, ""foo"")) fail(""json_object_iter_at() succeeds for non-existent key""); iter = json_object_iter_at(object, ""b""); if(!iter) fail(""json_object_iter_at() fails for an existing key""); if(strcmp(json_object_iter_key(iter), ""b"")) fail(""iterating failed: wrong key""); if(json_object_iter_value(iter) != bar) fail(""iterating failed: wrong value""); iter = json_object_iter_next(object, iter); if(!iter) fail(""unable to increment iterator""); if(strcmp(json_object_iter_key(iter), ""c"")) fail(""iterating failed: wrong key""); if(json_object_iter_value(iter) != baz) fail(""iterating failed: wrong value""); if(json_object_iter_set(object, iter, bar)) fail(""unable to set value at iterator""); if(strcmp(json_object_iter_key(iter), ""c"")) fail(""json_object_iter_key() fails after json_object_iter_set()""); if(json_object_iter_value(iter) != bar) fail(""json_object_iter_value() fails after json_object_iter_set()""); if(json_object_get(object, ""c"") != bar) fail(""json_object_get() fails after json_object_iter_set()""); json_decref(object); json_decref(foo); json_decref(bar); json_decref(baz); }",visit repo url,test/suites/api/test_object.c,https://github.com/akheron/jansson,231515174873993,1 1043,['CWE-20'],"asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5) { long error; error = security_task_prctl(option, arg2, arg3, arg4, arg5); if (error) return error; switch (option) { case PR_SET_PDEATHSIG: if (!valid_signal(arg2)) { error = -EINVAL; break; } current->pdeath_signal = arg2; break; case PR_GET_PDEATHSIG: error = put_user(current->pdeath_signal, (int __user *)arg2); break; case PR_GET_DUMPABLE: error = current->mm->dumpable; break; case PR_SET_DUMPABLE: if (arg2 < 0 || arg2 > 1) { error = -EINVAL; break; } current->mm->dumpable = arg2; break; case PR_SET_UNALIGN: error = SET_UNALIGN_CTL(current, arg2); break; case PR_GET_UNALIGN: error = GET_UNALIGN_CTL(current, arg2); break; case PR_SET_FPEMU: error = SET_FPEMU_CTL(current, arg2); break; case PR_GET_FPEMU: error = GET_FPEMU_CTL(current, arg2); break; case PR_SET_FPEXC: error = SET_FPEXC_CTL(current, arg2); break; case PR_GET_FPEXC: error = GET_FPEXC_CTL(current, arg2); break; case PR_GET_TIMING: error = PR_TIMING_STATISTICAL; break; case PR_SET_TIMING: if (arg2 == PR_TIMING_STATISTICAL) error = 0; else error = -EINVAL; break; case PR_GET_KEEPCAPS: if (current->keep_capabilities) error = 1; break; case PR_SET_KEEPCAPS: if (arg2 != 0 && arg2 != 1) { error = -EINVAL; break; } current->keep_capabilities = arg2; break; case PR_SET_NAME: { struct task_struct *me = current; unsigned char ncomm[sizeof(me->comm)]; ncomm[sizeof(me->comm)-1] = 0; if (strncpy_from_user(ncomm, (char __user *)arg2, sizeof(me->comm)-1) < 0) return -EFAULT; set_task_comm(me, ncomm); return 0; } case PR_GET_NAME: { struct task_struct *me = current; unsigned char tcomm[sizeof(me->comm)]; get_task_comm(tcomm, me); if (copy_to_user((char __user *)arg2, tcomm, sizeof(tcomm))) return -EFAULT; return 0; } case PR_GET_ENDIAN: error = GET_ENDIAN(current, arg2); break; case PR_SET_ENDIAN: error = SET_ENDIAN(current, arg2); break; default: error = -EINVAL; break; } return error; }",linux-2.6,,,261004715017878947527675279473515294722,0 3999,['CWE-362'],"static inline struct audit_entry *audit_init_entry(u32 field_count) { struct audit_entry *entry; struct audit_field *fields; entry = kzalloc(sizeof(*entry), GFP_KERNEL); if (unlikely(!entry)) return NULL; fields = kzalloc(sizeof(*fields) * field_count, GFP_KERNEL); if (unlikely(!fields)) { kfree(entry); return NULL; } entry->rule.fields = fields; return entry; }",linux-2.6,,,255560464969800585206849452812284567582,0 2475,CWE-119,"cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs, size_t len, const cdf_header_t *h, cdf_secid_t id) { assert((size_t)CDF_SHORT_SEC_SIZE(h) == len); (void)memcpy(((char *)buf) + offs, ((const char *)sst->sst_tab) + CDF_SHORT_SEC_POS(h, id), len); return len; }",visit repo url,src/cdf.c,https://github.com/glensc/file,139156781769784,1 1796,NVD-CWE-Other,"static void *bpf_obj_do_get(const struct filename *pathname, enum bpf_type *type) { struct inode *inode; struct path path; void *raw; int ret; ret = kern_path(pathname->name, LOOKUP_FOLLOW, &path); if (ret) return ERR_PTR(ret); inode = d_backing_inode(path.dentry); ret = inode_permission(inode, MAY_WRITE); if (ret) goto out; ret = bpf_inode_type(inode, type); if (ret) goto out; raw = bpf_any_get(inode->i_private, *type); touch_atime(&path); path_put(&path); return raw; out: path_put(&path); return ERR_PTR(ret); }",visit repo url,kernel/bpf/inode.c,https://github.com/torvalds/linux,273632357210857,1 1427,[],"static inline struct cfs_rq *cpu_cfs_rq(struct cfs_rq *cfs_rq, int this_cpu) { return &cpu_rq(this_cpu)->cfs; }",linux-2.6,,,192732867353641899226765965174584400836,0 3799,[],"static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags) { struct sock *sk = sock->sk; struct sockaddr_un *sunaddr=(struct sockaddr_un*)addr; struct sock *other; unsigned hash; int err; if (addr->sa_family != AF_UNSPEC) { err = unix_mkname(sunaddr, alen, &hash); if (err < 0) goto out; alen = err; if (test_bit(SOCK_PASSCRED, &sock->flags) && !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0) goto out; restart: other=unix_find_other(sunaddr, alen, sock->type, hash, &err); if (!other) goto out; unix_state_double_lock(sk, other); if (sock_flag(other, SOCK_DEAD)) { unix_state_double_unlock(sk, other); sock_put(other); goto restart; } err = -EPERM; if (!unix_may_send(sk, other)) goto out_unlock; err = security_unix_may_send(sk->sk_socket, other->sk_socket); if (err) goto out_unlock; } else { other = NULL; unix_state_double_lock(sk, other); } if (unix_peer(sk)) { struct sock *old_peer = unix_peer(sk); unix_peer(sk)=other; unix_state_double_unlock(sk, other); if (other != old_peer) unix_dgram_disconnected(sk, old_peer); sock_put(old_peer); } else { unix_peer(sk)=other; unix_state_double_unlock(sk, other); } return 0; out_unlock: unix_state_double_unlock(sk, other); sock_put(other); out: return err; }",linux-2.6,,,113231061339464272035942745640184541357,0 4471,['CWE-264'],"static struct net_device_stats *skfp_ctl_get_stats(struct net_device *dev) { struct s_smc *bp = netdev_priv(dev); bp->os.MacStat.port_bs_flag[0] = 0x1234; bp->os.MacStat.port_bs_flag[1] = 0x5678; #if 0 memcpy(bp->stats.smt_station_id, &bp->cmd_rsp_virt->smt_mib_get.smt_station_id, sizeof(bp->cmd_rsp_virt->smt_mib_get.smt_station_id)); bp->stats.smt_op_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_op_version_id; bp->stats.smt_hi_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_hi_version_id; bp->stats.smt_lo_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_lo_version_id; memcpy(bp->stats.smt_user_data, &bp->cmd_rsp_virt->smt_mib_get.smt_user_data, sizeof(bp->cmd_rsp_virt->smt_mib_get.smt_user_data)); bp->stats.smt_mib_version_id = bp->cmd_rsp_virt->smt_mib_get.smt_mib_version_id; bp->stats.smt_mac_cts = bp->cmd_rsp_virt->smt_mib_get.smt_mac_ct; bp->stats.smt_non_master_cts = bp->cmd_rsp_virt->smt_mib_get.smt_non_master_ct; bp->stats.smt_master_cts = bp->cmd_rsp_virt->smt_mib_get.smt_master_ct; bp->stats.smt_available_paths = bp->cmd_rsp_virt->smt_mib_get.smt_available_paths; bp->stats.smt_config_capabilities = bp->cmd_rsp_virt->smt_mib_get.smt_config_capabilities; bp->stats.smt_config_policy = bp->cmd_rsp_virt->smt_mib_get.smt_config_policy; bp->stats.smt_connection_policy = bp->cmd_rsp_virt->smt_mib_get.smt_connection_policy; bp->stats.smt_t_notify = bp->cmd_rsp_virt->smt_mib_get.smt_t_notify; bp->stats.smt_stat_rpt_policy = bp->cmd_rsp_virt->smt_mib_get.smt_stat_rpt_policy; bp->stats.smt_trace_max_expiration = bp->cmd_rsp_virt->smt_mib_get.smt_trace_max_expiration; bp->stats.smt_bypass_present = bp->cmd_rsp_virt->smt_mib_get.smt_bypass_present; bp->stats.smt_ecm_state = bp->cmd_rsp_virt->smt_mib_get.smt_ecm_state; bp->stats.smt_cf_state = bp->cmd_rsp_virt->smt_mib_get.smt_cf_state; bp->stats.smt_remote_disconnect_flag = bp->cmd_rsp_virt->smt_mib_get.smt_remote_disconnect_flag; bp->stats.smt_station_status = bp->cmd_rsp_virt->smt_mib_get.smt_station_status; bp->stats.smt_peer_wrap_flag = bp->cmd_rsp_virt->smt_mib_get.smt_peer_wrap_flag; bp->stats.smt_time_stamp = bp->cmd_rsp_virt->smt_mib_get.smt_msg_time_stamp.ls; bp->stats.smt_transition_time_stamp = bp->cmd_rsp_virt->smt_mib_get.smt_transition_time_stamp.ls; bp->stats.mac_frame_status_functions = bp->cmd_rsp_virt->smt_mib_get.mac_frame_status_functions; bp->stats.mac_t_max_capability = bp->cmd_rsp_virt->smt_mib_get.mac_t_max_capability; bp->stats.mac_tvx_capability = bp->cmd_rsp_virt->smt_mib_get.mac_tvx_capability; bp->stats.mac_available_paths = bp->cmd_rsp_virt->smt_mib_get.mac_available_paths; bp->stats.mac_current_path = bp->cmd_rsp_virt->smt_mib_get.mac_current_path; memcpy(bp->stats.mac_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_upstream_nbr, FDDI_K_ALEN); memcpy(bp->stats.mac_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_downstream_nbr, FDDI_K_ALEN); memcpy(bp->stats.mac_old_upstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_upstream_nbr, FDDI_K_ALEN); memcpy(bp->stats.mac_old_downstream_nbr, &bp->cmd_rsp_virt->smt_mib_get.mac_old_downstream_nbr, FDDI_K_ALEN); bp->stats.mac_dup_address_test = bp->cmd_rsp_virt->smt_mib_get.mac_dup_address_test; bp->stats.mac_requested_paths = bp->cmd_rsp_virt->smt_mib_get.mac_requested_paths; bp->stats.mac_downstream_port_type = bp->cmd_rsp_virt->smt_mib_get.mac_downstream_port_type; memcpy(bp->stats.mac_smt_address, &bp->cmd_rsp_virt->smt_mib_get.mac_smt_address, FDDI_K_ALEN); bp->stats.mac_t_req = bp->cmd_rsp_virt->smt_mib_get.mac_t_req; bp->stats.mac_t_neg = bp->cmd_rsp_virt->smt_mib_get.mac_t_neg; bp->stats.mac_t_max = bp->cmd_rsp_virt->smt_mib_get.mac_t_max; bp->stats.mac_tvx_value = bp->cmd_rsp_virt->smt_mib_get.mac_tvx_value; bp->stats.mac_frame_error_threshold = bp->cmd_rsp_virt->smt_mib_get.mac_frame_error_threshold; bp->stats.mac_frame_error_ratio = bp->cmd_rsp_virt->smt_mib_get.mac_frame_error_ratio; bp->stats.mac_rmt_state = bp->cmd_rsp_virt->smt_mib_get.mac_rmt_state; bp->stats.mac_da_flag = bp->cmd_rsp_virt->smt_mib_get.mac_da_flag; bp->stats.mac_una_da_flag = bp->cmd_rsp_virt->smt_mib_get.mac_unda_flag; bp->stats.mac_frame_error_flag = bp->cmd_rsp_virt->smt_mib_get.mac_frame_error_flag; bp->stats.mac_ma_unitdata_available = bp->cmd_rsp_virt->smt_mib_get.mac_ma_unitdata_available; bp->stats.mac_hardware_present = bp->cmd_rsp_virt->smt_mib_get.mac_hardware_present; bp->stats.mac_ma_unitdata_enable = bp->cmd_rsp_virt->smt_mib_get.mac_ma_unitdata_enable; bp->stats.path_tvx_lower_bound = bp->cmd_rsp_virt->smt_mib_get.path_tvx_lower_bound; bp->stats.path_t_max_lower_bound = bp->cmd_rsp_virt->smt_mib_get.path_t_max_lower_bound; bp->stats.path_max_t_req = bp->cmd_rsp_virt->smt_mib_get.path_max_t_req; memcpy(bp->stats.path_configuration, &bp->cmd_rsp_virt->smt_mib_get.path_configuration, sizeof(bp->cmd_rsp_virt->smt_mib_get.path_configuration)); bp->stats.port_my_type[0] = bp->cmd_rsp_virt->smt_mib_get.port_my_type[0]; bp->stats.port_my_type[1] = bp->cmd_rsp_virt->smt_mib_get.port_my_type[1]; bp->stats.port_neighbor_type[0] = bp->cmd_rsp_virt->smt_mib_get.port_neighbor_type[0]; bp->stats.port_neighbor_type[1] = bp->cmd_rsp_virt->smt_mib_get.port_neighbor_type[1]; bp->stats.port_connection_policies[0] = bp->cmd_rsp_virt->smt_mib_get.port_connection_policies[0]; bp->stats.port_connection_policies[1] = bp->cmd_rsp_virt->smt_mib_get.port_connection_policies[1]; bp->stats.port_mac_indicated[0] = bp->cmd_rsp_virt->smt_mib_get.port_mac_indicated[0]; bp->stats.port_mac_indicated[1] = bp->cmd_rsp_virt->smt_mib_get.port_mac_indicated[1]; bp->stats.port_current_path[0] = bp->cmd_rsp_virt->smt_mib_get.port_current_path[0]; bp->stats.port_current_path[1] = bp->cmd_rsp_virt->smt_mib_get.port_current_path[1]; memcpy(&bp->stats.port_requested_paths[0 * 3], &bp->cmd_rsp_virt->smt_mib_get.port_requested_paths[0], 3); memcpy(&bp->stats.port_requested_paths[1 * 3], &bp->cmd_rsp_virt->smt_mib_get.port_requested_paths[1], 3); bp->stats.port_mac_placement[0] = bp->cmd_rsp_virt->smt_mib_get.port_mac_placement[0]; bp->stats.port_mac_placement[1] = bp->cmd_rsp_virt->smt_mib_get.port_mac_placement[1]; bp->stats.port_available_paths[0] = bp->cmd_rsp_virt->smt_mib_get.port_available_paths[0]; bp->stats.port_available_paths[1] = bp->cmd_rsp_virt->smt_mib_get.port_available_paths[1]; bp->stats.port_pmd_class[0] = bp->cmd_rsp_virt->smt_mib_get.port_pmd_class[0]; bp->stats.port_pmd_class[1] = bp->cmd_rsp_virt->smt_mib_get.port_pmd_class[1]; bp->stats.port_connection_capabilities[0] = bp->cmd_rsp_virt->smt_mib_get.port_connection_capabilities[0]; bp->stats.port_connection_capabilities[1] = bp->cmd_rsp_virt->smt_mib_get.port_connection_capabilities[1]; bp->stats.port_bs_flag[0] = bp->cmd_rsp_virt->smt_mib_get.port_bs_flag[0]; bp->stats.port_bs_flag[1] = bp->cmd_rsp_virt->smt_mib_get.port_bs_flag[1]; bp->stats.port_ler_estimate[0] = bp->cmd_rsp_virt->smt_mib_get.port_ler_estimate[0]; bp->stats.port_ler_estimate[1] = bp->cmd_rsp_virt->smt_mib_get.port_ler_estimate[1]; bp->stats.port_ler_cutoff[0] = bp->cmd_rsp_virt->smt_mib_get.port_ler_cutoff[0]; bp->stats.port_ler_cutoff[1] = bp->cmd_rsp_virt->smt_mib_get.port_ler_cutoff[1]; bp->stats.port_ler_alarm[0] = bp->cmd_rsp_virt->smt_mib_get.port_ler_alarm[0]; bp->stats.port_ler_alarm[1] = bp->cmd_rsp_virt->smt_mib_get.port_ler_alarm[1]; bp->stats.port_connect_state[0] = bp->cmd_rsp_virt->smt_mib_get.port_connect_state[0]; bp->stats.port_connect_state[1] = bp->cmd_rsp_virt->smt_mib_get.port_connect_state[1]; bp->stats.port_pcm_state[0] = bp->cmd_rsp_virt->smt_mib_get.port_pcm_state[0]; bp->stats.port_pcm_state[1] = bp->cmd_rsp_virt->smt_mib_get.port_pcm_state[1]; bp->stats.port_pc_withhold[0] = bp->cmd_rsp_virt->smt_mib_get.port_pc_withhold[0]; bp->stats.port_pc_withhold[1] = bp->cmd_rsp_virt->smt_mib_get.port_pc_withhold[1]; bp->stats.port_ler_flag[0] = bp->cmd_rsp_virt->smt_mib_get.port_ler_flag[0]; bp->stats.port_ler_flag[1] = bp->cmd_rsp_virt->smt_mib_get.port_ler_flag[1]; bp->stats.port_hardware_present[0] = bp->cmd_rsp_virt->smt_mib_get.port_hardware_present[0]; bp->stats.port_hardware_present[1] = bp->cmd_rsp_virt->smt_mib_get.port_hardware_present[1]; bp->stats.mac_frame_cts = bp->cmd_rsp_virt->cntrs_get.cntrs.frame_cnt.ls; bp->stats.mac_copied_cts = bp->cmd_rsp_virt->cntrs_get.cntrs.copied_cnt.ls; bp->stats.mac_transmit_cts = bp->cmd_rsp_virt->cntrs_get.cntrs.transmit_cnt.ls; bp->stats.mac_error_cts = bp->cmd_rsp_virt->cntrs_get.cntrs.error_cnt.ls; bp->stats.mac_lost_cts = bp->cmd_rsp_virt->cntrs_get.cntrs.lost_cnt.ls; bp->stats.port_lct_fail_cts[0] = bp->cmd_rsp_virt->cntrs_get.cntrs.lct_rejects[0].ls; bp->stats.port_lct_fail_cts[1] = bp->cmd_rsp_virt->cntrs_get.cntrs.lct_rejects[1].ls; bp->stats.port_lem_reject_cts[0] = bp->cmd_rsp_virt->cntrs_get.cntrs.lem_rejects[0].ls; bp->stats.port_lem_reject_cts[1] = bp->cmd_rsp_virt->cntrs_get.cntrs.lem_rejects[1].ls; bp->stats.port_lem_cts[0] = bp->cmd_rsp_virt->cntrs_get.cntrs.link_errors[0].ls; bp->stats.port_lem_cts[1] = bp->cmd_rsp_virt->cntrs_get.cntrs.link_errors[1].ls; #endif return ((struct net_device_stats *) &bp->os.MacStat); } ",linux-2.6,,,101535694837220045281731321989988721675,0 4399,CWE-674,"parse_exp(Node** np, PToken* tok, int term, UChar** src, UChar* end, ScanEnv* env, int group_head) { int r, len, group = 0; Node* qn; Node** tp; *np = NULL; if (tok->type == (enum TokenSyms )term) goto end_of_token; switch (tok->type) { case TK_ALT: case TK_EOT: end_of_token: *np = node_new_empty(); CHECK_NULL_RETURN_MEMERR(*np); return tok->type; break; case TK_SUBEXP_OPEN: r = parse_bag(np, tok, TK_SUBEXP_CLOSE, src, end, env); if (r < 0) return r; if (r == 1) { if (group_head == 0) group = 1; else { Node* target = *np; *np = node_new_group(target); if (IS_NULL(*np)) { onig_node_free(target); return ONIGERR_MEMORY; } group = 2; } } else if (r == 2) { Node* target; OnigOptionType prev = env->options; env->options = BAG_(*np)->o.options; r = fetch_token(tok, src, end, env); if (r < 0) return r; r = parse_subexp(&target, tok, term, src, end, env, 0); env->options = prev; if (r < 0) { onig_node_free(target); return r; } NODE_BODY(*np) = target; return tok->type; } break; case TK_SUBEXP_CLOSE: if (! IS_SYNTAX_BV(env->syntax, ONIG_SYN_ALLOW_UNMATCHED_CLOSE_SUBEXP)) return ONIGERR_UNMATCHED_CLOSE_PARENTHESIS; if (tok->escaped) goto tk_raw_byte; else goto tk_byte; break; case TK_STRING: tk_byte: { *np = node_new_str(tok->backp, *src); CHECK_NULL_RETURN_MEMERR(*np); while (1) { r = fetch_token(tok, src, end, env); if (r < 0) return r; if (r != TK_STRING) break; r = onig_node_str_cat(*np, tok->backp, *src); if (r < 0) return r; } string_end: tp = np; goto repeat; } break; case TK_RAW_BYTE: tk_raw_byte: { *np = node_new_str_raw_char((UChar )tok->u.c); CHECK_NULL_RETURN_MEMERR(*np); len = 1; while (1) { if (len >= ONIGENC_MBC_MINLEN(env->enc)) { if (len == enclen(env->enc, STR_(*np)->s)) { r = fetch_token(tok, src, end, env); goto tk_raw_byte_end; } } r = fetch_token(tok, src, end, env); if (r < 0) return r; if (r != TK_RAW_BYTE) return ONIGERR_TOO_SHORT_MULTI_BYTE_STRING; r = node_str_cat_char(*np, (UChar )tok->u.c); if (r < 0) return r; len++; } tk_raw_byte_end: if (! ONIGENC_IS_VALID_MBC_STRING(env->enc, STR_(*np)->s, STR_(*np)->end)) return ONIGERR_INVALID_WIDE_CHAR_VALUE; NODE_STRING_CLEAR_RAW(*np); goto string_end; } break; case TK_CODE_POINT: { UChar buf[ONIGENC_CODE_TO_MBC_MAXLEN]; len = ONIGENC_CODE_TO_MBC(env->enc, tok->u.code, buf); if (len < 0) return len; #ifdef NUMBERED_CHAR_IS_NOT_CASE_AMBIG *np = node_new_str_raw(buf, buf + len); #else *np = node_new_str(buf, buf + len); #endif CHECK_NULL_RETURN_MEMERR(*np); } break; case TK_QUOTE_OPEN: { OnigCodePoint end_op[2]; UChar *qstart, *qend, *nextp; end_op[0] = (OnigCodePoint )MC_ESC(env->syntax); end_op[1] = (OnigCodePoint )'E'; qstart = *src; qend = find_str_position(end_op, 2, qstart, end, &nextp, env->enc); if (IS_NULL(qend)) { nextp = qend = end; } *np = node_new_str(qstart, qend); CHECK_NULL_RETURN_MEMERR(*np); *src = nextp; } break; case TK_CHAR_TYPE: { switch (tok->u.prop.ctype) { case ONIGENC_CTYPE_WORD: *np = node_new_ctype(tok->u.prop.ctype, tok->u.prop.not, env->options); CHECK_NULL_RETURN_MEMERR(*np); break; case ONIGENC_CTYPE_SPACE: case ONIGENC_CTYPE_DIGIT: case ONIGENC_CTYPE_XDIGIT: { CClassNode* cc; *np = node_new_cclass(); CHECK_NULL_RETURN_MEMERR(*np); cc = CCLASS_(*np); add_ctype_to_cc(cc, tok->u.prop.ctype, 0, env); if (tok->u.prop.not != 0) NCCLASS_SET_NOT(cc); } break; default: return ONIGERR_PARSER_BUG; break; } } break; case TK_CHAR_PROPERTY: r = parse_char_property(np, tok, src, end, env); if (r != 0) return r; break; case TK_CC_OPEN: { CClassNode* cc; r = parse_char_class(np, tok, src, end, env); if (r != 0) return r; cc = CCLASS_(*np); if (IS_IGNORECASE(env->options)) { IApplyCaseFoldArg iarg; iarg.env = env; iarg.cc = cc; iarg.alt_root = NULL_NODE; iarg.ptail = &(iarg.alt_root); r = ONIGENC_APPLY_ALL_CASE_FOLD(env->enc, env->case_fold_flag, i_apply_case_fold, &iarg); if (r != 0) { onig_node_free(iarg.alt_root); return r; } if (IS_NOT_NULL(iarg.alt_root)) { Node* work = onig_node_new_alt(*np, iarg.alt_root); if (IS_NULL(work)) { onig_node_free(iarg.alt_root); return ONIGERR_MEMORY; } *np = work; } } } break; case TK_ANYCHAR: *np = node_new_anychar(); CHECK_NULL_RETURN_MEMERR(*np); break; case TK_ANYCHAR_ANYTIME: *np = node_new_anychar(); CHECK_NULL_RETURN_MEMERR(*np); qn = node_new_quantifier(0, INFINITE_REPEAT, 0); CHECK_NULL_RETURN_MEMERR(qn); NODE_BODY(qn) = *np; *np = qn; break; case TK_BACKREF: len = tok->u.backref.num; *np = node_new_backref(len, (len > 1 ? tok->u.backref.refs : &(tok->u.backref.ref1)), tok->u.backref.by_name, #ifdef USE_BACKREF_WITH_LEVEL tok->u.backref.exist_level, tok->u.backref.level, #endif env); CHECK_NULL_RETURN_MEMERR(*np); break; #ifdef USE_CALL case TK_CALL: { int gnum = tok->u.call.gnum; *np = node_new_call(tok->u.call.name, tok->u.call.name_end, gnum, tok->u.call.by_number); CHECK_NULL_RETURN_MEMERR(*np); env->num_call++; if (tok->u.call.by_number != 0 && gnum == 0) { env->has_call_zero = 1; } } break; #endif case TK_ANCHOR: { int ascii_mode = IS_WORD_ASCII(env->options) && IS_WORD_ANCHOR_TYPE(tok->u.anchor) ? 1 : 0; *np = onig_node_new_anchor(tok->u.anchor, ascii_mode); CHECK_NULL_RETURN_MEMERR(*np); } break; case TK_REPEAT: case TK_INTERVAL: if (IS_SYNTAX_BV(env->syntax, ONIG_SYN_CONTEXT_INDEP_REPEAT_OPS)) { if (IS_SYNTAX_BV(env->syntax, ONIG_SYN_CONTEXT_INVALID_REPEAT_OPS)) return ONIGERR_TARGET_OF_REPEAT_OPERATOR_NOT_SPECIFIED; else { *np = node_new_empty(); CHECK_NULL_RETURN_MEMERR(*np); } } else { goto tk_byte; } break; case TK_KEEP: r = node_new_keep(np, env); if (r < 0) return r; break; case TK_GENERAL_NEWLINE: r = node_new_general_newline(np, env); if (r < 0) return r; break; case TK_NO_NEWLINE: r = node_new_no_newline(np, env); if (r < 0) return r; break; case TK_TRUE_ANYCHAR: r = node_new_true_anychar(np, env); if (r < 0) return r; break; case TK_TEXT_SEGMENT: r = make_text_segment(np, env); if (r < 0) return r; break; default: return ONIGERR_PARSER_BUG; break; } { tp = np; re_entry: r = fetch_token(tok, src, end, env); if (r < 0) return r; repeat: if (r == TK_REPEAT || r == TK_INTERVAL) { Node* target; if (is_invalid_quantifier_target(*tp)) return ONIGERR_TARGET_OF_REPEAT_OPERATOR_INVALID; qn = node_new_quantifier(tok->u.repeat.lower, tok->u.repeat.upper, r == TK_INTERVAL); CHECK_NULL_RETURN_MEMERR(qn); QUANT_(qn)->greedy = tok->u.repeat.greedy; if (group == 2) { target = node_drop_group(*tp); *tp = NULL_NODE; } else { target = *tp; } r = set_quantifier(qn, target, group, env); if (r < 0) { onig_node_free(qn); return r; } if (tok->u.repeat.possessive != 0) { Node* en; en = node_new_bag(BAG_STOP_BACKTRACK); if (IS_NULL(en)) { onig_node_free(qn); return ONIGERR_MEMORY; } NODE_BODY(en) = qn; qn = en; } if (r == 0) { *tp = qn; } else if (r == 1) { onig_node_free(qn); *tp = target; } else if (r == 2) { Node *tmp; *tp = node_new_list(*tp, NULL); if (IS_NULL(*tp)) { onig_node_free(qn); return ONIGERR_MEMORY; } tmp = NODE_CDR(*tp) = node_new_list(qn, NULL); if (IS_NULL(tmp)) { onig_node_free(qn); return ONIGERR_MEMORY; } tp = &(NODE_CAR(tmp)); } group = 0; goto re_entry; } } return r; }",visit repo url,src/regparse.c,https://github.com/kkos/oniguruma,15042612831426,1 2135,['CWE-119'],"static inline void set_system_intr_gate(unsigned int n, void *addr) { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0x3, 0, __KERNEL_CS); }",linux-2.6,,,115921036122102990231792645867173613107,0 2256,CWE-362,"static int __init sit_init(void) { int err; printk(KERN_INFO ""IPv6 over IPv4 tunneling driver\n""); if (xfrm4_tunnel_register(&sit_handler, AF_INET6) < 0) { printk(KERN_INFO ""sit init: Can't add protocol\n""); return -EAGAIN; } err = register_pernet_device(&sit_net_ops); if (err < 0) xfrm4_tunnel_deregister(&sit_handler, AF_INET6); return err; }",visit repo url,net/ipv6/sit.c,https://github.com/torvalds/linux,58605157452784,1 1976,CWE-787,"int input_set_keycode(struct input_dev *dev, const struct input_keymap_entry *ke) { unsigned long flags; unsigned int old_keycode; int retval; if (ke->keycode > KEY_MAX) return -EINVAL; spin_lock_irqsave(&dev->event_lock, flags); retval = dev->setkeycode(dev, ke, &old_keycode); if (retval) goto out; __clear_bit(KEY_RESERVED, dev->keybit); if (test_bit(EV_KEY, dev->evbit) && !is_event_supported(old_keycode, dev->keybit, KEY_MAX) && __test_and_clear_bit(old_keycode, dev->key)) { struct input_value vals[] = { { EV_KEY, old_keycode, 0 }, input_value_sync }; input_pass_values(dev, vals, ARRAY_SIZE(vals)); } out: spin_unlock_irqrestore(&dev->event_lock, flags); return retval; }",visit repo url,drivers/input/input.c,https://github.com/torvalds/linux,232727860687371,1 3814,CWE-122,"buf_copy_options(buf_T *buf, int flags) { int should_copy = TRUE; char_u *save_p_isk = NULL; int dont_do_help; int did_isk = FALSE; if (p_cpo != NULL) { if ((vim_strchr(p_cpo, CPO_BUFOPTGLOB) == NULL || !(flags & BCO_ENTER)) && (buf->b_p_initialized || (!(flags & BCO_ENTER) && vim_strchr(p_cpo, CPO_BUFOPT) != NULL))) should_copy = FALSE; if (should_copy || (flags & BCO_ALWAYS)) { #ifdef FEAT_EVAL CLEAR_FIELD(buf->b_p_script_ctx); init_buf_opt_idx(); #endif dont_do_help = ((flags & BCO_NOHELP) && buf->b_help) || buf->b_p_initialized; if (dont_do_help) { save_p_isk = buf->b_p_isk; buf->b_p_isk = NULL; } if (!buf->b_p_initialized) { free_buf_options(buf, TRUE); buf->b_p_ro = FALSE; buf->b_p_tx = p_tx; buf->b_p_fenc = vim_strsave(p_fenc); switch (*p_ffs) { case 'm': buf->b_p_ff = vim_strsave((char_u *)FF_MAC); break; case 'd': buf->b_p_ff = vim_strsave((char_u *)FF_DOS); break; case 'u': buf->b_p_ff = vim_strsave((char_u *)FF_UNIX); break; default: buf->b_p_ff = vim_strsave(p_ff); } if (buf->b_p_ff != NULL) buf->b_start_ffc = *buf->b_p_ff; buf->b_p_bh = empty_option; buf->b_p_bt = empty_option; } else free_buf_options(buf, FALSE); buf->b_p_ai = p_ai; COPY_OPT_SCTX(buf, BV_AI); buf->b_p_ai_nopaste = p_ai_nopaste; buf->b_p_sw = p_sw; COPY_OPT_SCTX(buf, BV_SW); buf->b_p_tw = p_tw; COPY_OPT_SCTX(buf, BV_TW); buf->b_p_tw_nopaste = p_tw_nopaste; buf->b_p_tw_nobin = p_tw_nobin; buf->b_p_wm = p_wm; COPY_OPT_SCTX(buf, BV_WM); buf->b_p_wm_nopaste = p_wm_nopaste; buf->b_p_wm_nobin = p_wm_nobin; buf->b_p_bin = p_bin; COPY_OPT_SCTX(buf, BV_BIN); buf->b_p_bomb = p_bomb; COPY_OPT_SCTX(buf, BV_BOMB); buf->b_p_fixeol = p_fixeol; COPY_OPT_SCTX(buf, BV_FIXEOL); buf->b_p_et = p_et; COPY_OPT_SCTX(buf, BV_ET); buf->b_p_et_nobin = p_et_nobin; buf->b_p_et_nopaste = p_et_nopaste; buf->b_p_ml = p_ml; COPY_OPT_SCTX(buf, BV_ML); buf->b_p_ml_nobin = p_ml_nobin; buf->b_p_inf = p_inf; COPY_OPT_SCTX(buf, BV_INF); if (cmdmod.cmod_flags & CMOD_NOSWAPFILE) buf->b_p_swf = FALSE; else { buf->b_p_swf = p_swf; COPY_OPT_SCTX(buf, BV_SWF); } buf->b_p_cpt = vim_strsave(p_cpt); COPY_OPT_SCTX(buf, BV_CPT); #ifdef BACKSLASH_IN_FILENAME buf->b_p_csl = vim_strsave(p_csl); COPY_OPT_SCTX(buf, BV_CSL); #endif #ifdef FEAT_COMPL_FUNC buf->b_p_cfu = vim_strsave(p_cfu); COPY_OPT_SCTX(buf, BV_CFU); set_buflocal_cfu_callback(buf); buf->b_p_ofu = vim_strsave(p_ofu); COPY_OPT_SCTX(buf, BV_OFU); set_buflocal_ofu_callback(buf); #endif #ifdef FEAT_EVAL buf->b_p_tfu = vim_strsave(p_tfu); COPY_OPT_SCTX(buf, BV_TFU); set_buflocal_tfu_callback(buf); #endif buf->b_p_sts = p_sts; COPY_OPT_SCTX(buf, BV_STS); buf->b_p_sts_nopaste = p_sts_nopaste; #ifdef FEAT_VARTABS buf->b_p_vsts = vim_strsave(p_vsts); COPY_OPT_SCTX(buf, BV_VSTS); if (p_vsts && p_vsts != empty_option) (void)tabstop_set(p_vsts, &buf->b_p_vsts_array); else buf->b_p_vsts_array = 0; buf->b_p_vsts_nopaste = p_vsts_nopaste ? vim_strsave(p_vsts_nopaste) : NULL; #endif buf->b_p_sn = p_sn; COPY_OPT_SCTX(buf, BV_SN); buf->b_p_com = vim_strsave(p_com); COPY_OPT_SCTX(buf, BV_COM); #ifdef FEAT_FOLDING buf->b_p_cms = vim_strsave(p_cms); COPY_OPT_SCTX(buf, BV_CMS); #endif buf->b_p_fo = vim_strsave(p_fo); COPY_OPT_SCTX(buf, BV_FO); buf->b_p_flp = vim_strsave(p_flp); COPY_OPT_SCTX(buf, BV_FLP); buf->b_p_nf = vim_strsave(p_nf); COPY_OPT_SCTX(buf, BV_NF); buf->b_p_mps = vim_strsave(p_mps); COPY_OPT_SCTX(buf, BV_MPS); #ifdef FEAT_SMARTINDENT buf->b_p_si = p_si; COPY_OPT_SCTX(buf, BV_SI); #endif buf->b_p_ci = p_ci; COPY_OPT_SCTX(buf, BV_CI); #ifdef FEAT_CINDENT buf->b_p_cin = p_cin; COPY_OPT_SCTX(buf, BV_CIN); buf->b_p_cink = vim_strsave(p_cink); COPY_OPT_SCTX(buf, BV_CINK); buf->b_p_cino = vim_strsave(p_cino); COPY_OPT_SCTX(buf, BV_CINO); #endif buf->b_p_ft = empty_option; buf->b_p_pi = p_pi; COPY_OPT_SCTX(buf, BV_PI); #if defined(FEAT_SMARTINDENT) || defined(FEAT_CINDENT) buf->b_p_cinw = vim_strsave(p_cinw); COPY_OPT_SCTX(buf, BV_CINW); #endif #ifdef FEAT_LISP buf->b_p_lisp = p_lisp; COPY_OPT_SCTX(buf, BV_LISP); #endif #ifdef FEAT_SYN_HL buf->b_p_syn = empty_option; buf->b_p_smc = p_smc; COPY_OPT_SCTX(buf, BV_SMC); buf->b_s.b_syn_isk = empty_option; #endif #ifdef FEAT_SPELL buf->b_s.b_p_spc = vim_strsave(p_spc); COPY_OPT_SCTX(buf, BV_SPC); (void)compile_cap_prog(&buf->b_s); buf->b_s.b_p_spf = vim_strsave(p_spf); COPY_OPT_SCTX(buf, BV_SPF); buf->b_s.b_p_spl = vim_strsave(p_spl); COPY_OPT_SCTX(buf, BV_SPL); buf->b_s.b_p_spo = vim_strsave(p_spo); COPY_OPT_SCTX(buf, BV_SPO); #endif #if defined(FEAT_CINDENT) && defined(FEAT_EVAL) buf->b_p_inde = vim_strsave(p_inde); COPY_OPT_SCTX(buf, BV_INDE); buf->b_p_indk = vim_strsave(p_indk); COPY_OPT_SCTX(buf, BV_INDK); #endif buf->b_p_fp = empty_option; #if defined(FEAT_EVAL) buf->b_p_fex = vim_strsave(p_fex); COPY_OPT_SCTX(buf, BV_FEX); #endif #ifdef FEAT_CRYPT buf->b_p_key = vim_strsave(p_key); COPY_OPT_SCTX(buf, BV_KEY); #endif #ifdef FEAT_SEARCHPATH buf->b_p_sua = vim_strsave(p_sua); COPY_OPT_SCTX(buf, BV_SUA); #endif #ifdef FEAT_KEYMAP buf->b_p_keymap = vim_strsave(p_keymap); COPY_OPT_SCTX(buf, BV_KMAP); buf->b_kmap_state |= KEYMAP_INIT; #endif #ifdef FEAT_TERMINAL buf->b_p_twsl = p_twsl; COPY_OPT_SCTX(buf, BV_TWSL); #endif buf->b_p_iminsert = p_iminsert; COPY_OPT_SCTX(buf, BV_IMI); buf->b_p_imsearch = p_imsearch; COPY_OPT_SCTX(buf, BV_IMS); buf->b_p_ar = -1; buf->b_p_ul = NO_LOCAL_UNDOLEVEL; buf->b_p_bkc = empty_option; buf->b_bkc_flags = 0; #ifdef FEAT_QUICKFIX buf->b_p_gp = empty_option; buf->b_p_mp = empty_option; buf->b_p_efm = empty_option; #endif buf->b_p_ep = empty_option; buf->b_p_kp = empty_option; buf->b_p_path = empty_option; buf->b_p_tags = empty_option; buf->b_p_tc = empty_option; buf->b_tc_flags = 0; #ifdef FEAT_FIND_ID buf->b_p_def = empty_option; buf->b_p_inc = empty_option; # ifdef FEAT_EVAL buf->b_p_inex = vim_strsave(p_inex); COPY_OPT_SCTX(buf, BV_INEX); # endif #endif buf->b_p_dict = empty_option; buf->b_p_tsr = empty_option; #ifdef FEAT_COMPL_FUNC buf->b_p_tsrfu = empty_option; #endif #ifdef FEAT_TEXTOBJ buf->b_p_qe = vim_strsave(p_qe); COPY_OPT_SCTX(buf, BV_QE); #endif #if defined(FEAT_BEVAL) && defined(FEAT_EVAL) buf->b_p_bexpr = empty_option; #endif #if defined(FEAT_CRYPT) buf->b_p_cm = empty_option; #endif #ifdef FEAT_PERSISTENT_UNDO buf->b_p_udf = p_udf; COPY_OPT_SCTX(buf, BV_UDF); #endif #ifdef FEAT_LISP buf->b_p_lw = empty_option; #endif buf->b_p_menc = empty_option; if (dont_do_help) { buf->b_p_isk = save_p_isk; #ifdef FEAT_VARTABS if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) (void)tabstop_set(p_vts, &buf->b_p_vts_array); else buf->b_p_vts_array = NULL; #endif } else { buf->b_p_isk = vim_strsave(p_isk); COPY_OPT_SCTX(buf, BV_ISK); did_isk = TRUE; buf->b_p_ts = p_ts; COPY_OPT_SCTX(buf, BV_TS); #ifdef FEAT_VARTABS buf->b_p_vts = vim_strsave(p_vts); COPY_OPT_SCTX(buf, BV_VTS); if (p_vts && p_vts != empty_option && !buf->b_p_vts_array) (void)tabstop_set(p_vts, &buf->b_p_vts_array); else buf->b_p_vts_array = NULL; #endif buf->b_help = FALSE; if (buf->b_p_bt[0] == 'h') clear_string_option(&buf->b_p_bt); buf->b_p_ma = p_ma; COPY_OPT_SCTX(buf, BV_MA); } } if (should_copy) buf->b_p_initialized = TRUE; } check_buf_options(buf); if (did_isk) (void)buf_init_chartab(buf, FALSE); }",visit repo url,src/option.c,https://github.com/vim/vim,141896383697770,1 6116,CWE-190,"void ed_map(ed_t p, const uint8_t *msg, int len) { ed_map_dst(p, msg, len, (const uint8_t *)""RELIC"", 5); }",visit repo url,src/ed/relic_ed_map.c,https://github.com/relic-toolkit/relic,234903019446993,1 3258,['CWE-189'],"int jpc_mqenc_codemps2(jpc_mqenc_t *mqenc) { jpc_mqstate_t *state = *(mqenc->curctx); if (mqenc->areg < state->qeval) { mqenc->areg = state->qeval; } else { mqenc->creg += state->qeval; } *mqenc->curctx = state->nmps; jpc_mqenc_renorme(mqenc->areg, mqenc->creg, mqenc->ctreg, mqenc); return jpc_mqenc_error(mqenc) ? (-1) : 0; }",jasper,,,148764936067939527383714475114384273194,0 4566,CWE-787,"static GF_Err swf_def_font(SWFReader *read, u32 revision) { u32 i, count; GF_Err e; SWFFont *ft; u32 *offset_table = NULL; u32 start; GF_SAFEALLOC(ft, SWFFont); if (!ft) return GF_OUT_OF_MEM; ft->glyphs = gf_list_new(); ft->fontID = swf_get_16(read); e = GF_OK; gf_list_add(read->fonts, ft); if (revision==0) { start = swf_get_file_pos(read); count = swf_get_16(read); ft->nbGlyphs = count / 2; offset_table = (u32*)gf_malloc(sizeof(u32) * ft->nbGlyphs); offset_table[0] = 0; for (i=1; inbGlyphs; i++) offset_table[i] = swf_get_16(read); for (i=0; inbGlyphs; i++) { swf_align(read); e = swf_seek_file_to(read, start + offset_table[i]); if (e) break; swf_parse_shape_def(read, ft, 0); } gf_free(offset_table); if (e) return e; } else if (revision==1) { SWFRec rc; Bool wide_offset, wide_codes; u32 code_offset, checkpos; ft->has_layout = swf_read_int(read, 1); ft->has_shiftJIS = swf_read_int(read, 1); ft->is_unicode = swf_read_int(read, 1); ft->is_ansi = swf_read_int(read, 1); wide_offset = swf_read_int(read, 1); wide_codes = swf_read_int(read, 1); ft->is_italic = swf_read_int(read, 1); ft->is_bold = swf_read_int(read, 1); swf_read_int(read, 8); count = swf_read_int(read, 8); ft->fontName = (char*)gf_malloc(sizeof(u8)*count+1); ft->fontName[count] = 0; for (i=0; ifontName[i] = swf_read_int(read, 8); ft->nbGlyphs = swf_get_16(read); start = swf_get_file_pos(read); if (ft->nbGlyphs) { offset_table = (u32*)gf_malloc(sizeof(u32) * ft->nbGlyphs); for (i=0; inbGlyphs; i++) { if (wide_offset) offset_table[i] = swf_get_32(read); else offset_table[i] = swf_get_16(read); } } if (wide_offset) { code_offset = swf_get_32(read); } else { code_offset = swf_get_16(read); } if (ft->nbGlyphs) { for (i=0; inbGlyphs; i++) { swf_align(read); e = swf_seek_file_to(read, start + offset_table[i]); if (e) break; swf_parse_shape_def(read, ft, 0); } gf_free(offset_table); if (e) return e; checkpos = swf_get_file_pos(read); if (checkpos != start + code_offset) { GF_LOG(GF_LOG_ERROR, GF_LOG_PARSER, (""[SWF Parsing] bad code offset in font\n"")); return GF_NON_COMPLIANT_BITSTREAM; } ft->glyph_codes = (u16*)gf_malloc(sizeof(u16) * ft->nbGlyphs); for (i=0; inbGlyphs; i++) { if (wide_codes) ft->glyph_codes[i] = swf_get_16(read); else ft->glyph_codes[i] = swf_read_int(read, 8); } } if (ft->has_layout) { ft->ascent = swf_get_s16(read); ft->descent = swf_get_s16(read); ft->leading = swf_get_s16(read); if (ft->nbGlyphs) { ft->glyph_adv = (s16*)gf_malloc(sizeof(s16) * ft->nbGlyphs); for (i=0; inbGlyphs; i++) ft->glyph_adv[i] = swf_get_s16(read); for (i=0; inbGlyphs; i++) swf_get_rec(read, &rc); } count = swf_get_16(read); for (i=0; irt_dst; struct sockaddr_at *ga = (struct sockaddr_at *)&r->rt_gateway; struct atalk_route *rt; struct atalk_iface *iface, *riface; int retval = -EINVAL; if (ta->sat_family != AF_APPLETALK || (!devhint && ga->sat_family != AF_APPLETALK)) goto out; write_lock_bh(&atalk_routes_lock); for (rt = atalk_routes; rt; rt = rt->next) { if (r->rt_flags != rt->flags) continue; if (ta->sat_addr.s_net == rt->target.s_net) { if (!(rt->flags & RTF_HOST)) break; if (ta->sat_addr.s_node == rt->target.s_node) break; } } if (!devhint) { riface = NULL; read_lock_bh(&atalk_interfaces_lock); for (iface = atalk_interfaces; iface; iface = iface->next) { if (!riface && ntohs(ga->sat_addr.s_net) >= ntohs(iface->nets.nr_firstnet) && ntohs(ga->sat_addr.s_net) <= ntohs(iface->nets.nr_lastnet)) riface = iface; if (ga->sat_addr.s_net == iface->address.s_net && ga->sat_addr.s_node == iface->address.s_node) riface = iface; } read_unlock_bh(&atalk_interfaces_lock); retval = -ENETUNREACH; if (!riface) goto out_unlock; devhint = riface->dev; } if (!rt) { rt = kmalloc(sizeof(*rt), GFP_ATOMIC); retval = -ENOBUFS; if (!rt) goto out; rt->next = atalk_routes; atalk_routes = rt; } rt->target = ta->sat_addr; rt->dev = devhint; rt->flags = r->rt_flags; rt->gateway = ga->sat_addr; retval = 0; out_unlock: write_unlock_bh(&atalk_routes_lock); out: return retval; }",history,,,40546032150774617574568271491368908474,0 4896,['CWE-20'],"static void *nfs_volume_list_start(struct seq_file *m, loff_t *_pos) { spin_lock(&nfs_client_lock); return seq_list_start_head(&nfs_volume_list, *_pos); }",linux-2.6,,,47775259747195838548097243884483443454,0 2666,[],"static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { if (len < sizeof(struct sctp_event_subscribe)) return -EINVAL; len = sizeof(struct sctp_event_subscribe); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &sctp_sk(sk)->subscribe, len)) return -EFAULT; return 0; }",linux-2.6,,,7590215255959186748145451593014650686,0 3379,CWE-772,"static Image *ReadMATImageV4(const ImageInfo *image_info,Image *image, ExceptionInfo *exception) { typedef struct { unsigned char Type[4]; unsigned int nRows; unsigned int nCols; unsigned int imagf; unsigned int nameLen; } MAT4_HDR; long ldblk; EndianType endian; Image *rotate_image; MagickBooleanType status; MAT4_HDR HDR; QuantumInfo *quantum_info; QuantumFormatType format_type; register ssize_t i; ssize_t count, y; unsigned char *pixels; unsigned int depth; (void) SeekBlob(image,0,SEEK_SET); while (EOFBlob(image) != MagickFalse) { ldblk=ReadBlobLSBLong(image); if ((ldblk > 9999) || (ldblk < 0)) break; HDR.Type[3]=ldblk % 10; ldblk /= 10; HDR.Type[2]=ldblk % 10; ldblk /= 10; HDR.Type[1]=ldblk % 10; ldblk /= 10; HDR.Type[0]=ldblk; if (HDR.Type[3] != 0) break; if (HDR.Type[2] != 0) break; if (HDR.Type[0] == 0) { HDR.nRows=ReadBlobLSBLong(image); HDR.nCols=ReadBlobLSBLong(image); HDR.imagf=ReadBlobLSBLong(image); HDR.nameLen=ReadBlobLSBLong(image); endian=LSBEndian; } else { HDR.nRows=ReadBlobMSBLong(image); HDR.nCols=ReadBlobMSBLong(image); HDR.imagf=ReadBlobMSBLong(image); HDR.nameLen=ReadBlobMSBLong(image); endian=MSBEndian; } if ((HDR.imagf != 0) && (HDR.imagf != 1)) break; if (HDR.nameLen > 0xFFFF) return((Image *) NULL); for (i=0; i < (ssize_t) HDR.nameLen; i++) { int byte; byte=ReadBlobByte(image); if (byte == EOF) { ThrowFileException(exception,CorruptImageError,""UnexpectedEndOfFile"", image->filename); break; } } image->columns=(size_t) HDR.nRows; image->rows=(size_t) HDR.nCols; SetImageColorspace(image,GRAYColorspace,exception); if (image_info->ping != MagickFalse) { Swap(image->columns,image->rows); return(image); } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return((Image *) NULL); quantum_info=AcquireQuantumInfo(image_info,image); if (quantum_info == (QuantumInfo *) NULL) return((Image *) NULL); switch(HDR.Type[1]) { case 0: format_type=FloatingPointQuantumFormat; depth=64; break; case 1: format_type=FloatingPointQuantumFormat; depth=32; break; case 2: format_type=UnsignedQuantumFormat; depth=16; break; case 3: format_type=SignedQuantumFormat; depth=16; break; case 4: format_type=UnsignedQuantumFormat; depth=8; break; default: format_type=UnsignedQuantumFormat; depth=8; break; } image->depth=depth; if (HDR.Type[0] != 0) SetQuantumEndian(image,quantum_info,MSBEndian); status=SetQuantumFormat(image,quantum_info,format_type); status=SetQuantumDepth(image,quantum_info,depth); status=SetQuantumEndian(image,quantum_info,endian); SetQuantumScale(quantum_info,1.0); pixels=(unsigned char *) GetQuantumPixels(quantum_info); for (y=0; y < (ssize_t) image->rows; y++) { int status; register Quantum *magick_restrict q; count=ReadBlob(image,depth/8*image->columns,(char *) pixels); if (count == -1) break; q=QueueAuthenticPixels(image,0,image->rows-y-1,image->columns,1, exception); if (q == (Quantum *) NULL) break; (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info, GrayQuantum,pixels,exception); if ((HDR.Type[1] == 2) || (HDR.Type[1] == 3)) FixSignedValues(image,q,(int) image->columns); if (SyncAuthenticPixels(image,exception) == MagickFalse) break; if (image->previous == (Image *) NULL) { status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, image->rows); if (status == MagickFalse) break; } } if (HDR.imagf == 1) for (y=0; y < (ssize_t) image->rows; y++) { count=ReadBlob(image,depth/8*image->columns,(char *) pixels); if (count == -1) break; if (HDR.Type[1] == 0) InsertComplexDoubleRow(image,(double *) pixels,y,0,0,exception); else InsertComplexFloatRow(image,(float *) pixels,y,0,0,exception); } quantum_info=DestroyQuantumInfo(quantum_info); rotate_image=RotateImage(image,90.0,exception); if (rotate_image != (Image *) NULL) { image=DestroyImage(image); image=rotate_image; } if (EOFBlob(image) != MagickFalse) { ThrowFileException(exception,CorruptImageError,""UnexpectedEndOfFile"", image->filename); break; } if (image_info->number_scenes != 0) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; AcquireNextImage(image_info,image,exception); if (GetNextImageInList(image) == (Image *) NULL) { image=DestroyImageList(image); return((Image *) NULL); } image=SyncNextImageInList(image); status=SetImageProgress(image,LoadImagesTag,TellBlob(image), GetBlobSize(image)); if (status == MagickFalse) break; } (void) CloseBlob(image); return(GetFirstImageInList(image)); }",visit repo url,coders/mat.c,https://github.com/ImageMagick/ImageMagick,249308144395537,1 3191,['CWE-189'],"int jas_image_readcmpt2(jas_image_t *image, int cmptno, jas_image_coord_t x, jas_image_coord_t y, jas_image_coord_t width, jas_image_coord_t height, long *buf) { jas_image_cmpt_t *cmpt; jas_image_coord_t i; jas_image_coord_t j; long v; long *bufptr; if (cmptno < 0 || cmptno >= image->numcmpts_) goto error; cmpt = image->cmpts_[cmptno]; if (x < 0 || x >= cmpt->width_ || y < 0 || y >= cmpt->height_ || width < 0 || height < 0 || x + width > cmpt->width_ || y + height > cmpt->height_) goto error; bufptr = buf; for (i = 0; i < height; ++i) { if (jas_stream_seek(cmpt->stream_, (cmpt->width_ * (y + i) + x) * cmpt->cps_, SEEK_SET) < 0) goto error; for (j = 0; j < width; ++j) { if (getint(cmpt->stream_, cmpt->sgnd_, cmpt->prec_, &v)) goto error; *bufptr++ = v; } } return 0; error: return -1; }",jasper,,,196689809930478492503308151241403058489,0 4842,CWE-119,"static int read_private_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; const sc_acl_entry_t *e; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I0012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select private key file: %s\n"", sc_strerror(r)); return 2; } e = sc_file_get_acl_entry(file, SC_AC_OP_READ); if (e == NULL || e->method == SC_AC_NEVER) return 10; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read private key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_private_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,178422530736789,1 3895,CWE-457,"suggest_trie_walk( suginfo_T *su, langp_T *lp, char_u *fword, int soundfold) { char_u tword[MAXWLEN]; trystate_T stack[MAXWLEN]; char_u preword[MAXWLEN * 3]; char_u compflags[MAXWLEN]; trystate_T *sp; int newscore; int score; char_u *byts, *fbyts, *pbyts; idx_T *idxs, *fidxs, *pidxs; int depth; int c, c2, c3; int n = 0; int flags; garray_T *gap; idx_T arridx; int len; char_u *p; fromto_T *ftp; int fl = 0, tl; int repextra = 0; slang_T *slang = lp->lp_slang; int fword_ends; int goodword_ends; #ifdef DEBUG_TRIEWALK char_u changename[MAXWLEN][80]; #endif int breakcheckcount = 1000; int compound_ok; depth = 0; sp = &stack[0]; CLEAR_POINTER(sp); sp->ts_curi = 1; if (soundfold) { byts = fbyts = slang->sl_sbyts; idxs = fidxs = slang->sl_sidxs; pbyts = NULL; pidxs = NULL; sp->ts_prefixdepth = PFD_NOPREFIX; sp->ts_state = STATE_START; } else { fbyts = slang->sl_fbyts; fidxs = slang->sl_fidxs; pbyts = slang->sl_pbyts; pidxs = slang->sl_pidxs; if (pbyts != NULL) { byts = pbyts; idxs = pidxs; sp->ts_prefixdepth = PFD_PREFIXTREE; sp->ts_state = STATE_NOPREFIX; } else { byts = fbyts; idxs = fidxs; sp->ts_prefixdepth = PFD_NOPREFIX; sp->ts_state = STATE_START; } } while (depth >= 0 && !got_int) { sp = &stack[depth]; switch (sp->ts_state) { case STATE_START: case STATE_NOPREFIX: arridx = sp->ts_arridx; len = byts[arridx]; arridx += sp->ts_curi; if (sp->ts_prefixdepth == PFD_PREFIXTREE) { for (n = 0; n < len && byts[arridx + n] == 0; ++n) ; sp->ts_curi += n; n = (int)sp->ts_state; PROF_STORE(sp->ts_state) sp->ts_state = STATE_ENDNUL; sp->ts_save_badflags = su->su_badflags; if (byts[arridx] == 0 || n == (int)STATE_NOPREFIX) { if (has_mbyte) n = nofold_len(fword, sp->ts_fidx, su->su_badptr); else n = sp->ts_fidx; flags = badword_captype(su->su_badptr, su->su_badptr + n); su->su_badflags = badword_captype(su->su_badptr + n, su->su_badptr + su->su_badlen); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""prefix""); #endif go_deeper(stack, depth, 0); ++depth; sp = &stack[depth]; sp->ts_prefixdepth = depth - 1; byts = fbyts; idxs = fidxs; sp->ts_arridx = 0; tword[sp->ts_twordlen] = NUL; make_case_word(tword + sp->ts_splitoff, preword + sp->ts_prewordlen, flags); sp->ts_prewordlen = (char_u)STRLEN(preword); sp->ts_splitoff = sp->ts_twordlen; } break; } if (sp->ts_curi > len || byts[arridx] != 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_ENDNUL; sp->ts_save_badflags = su->su_badflags; break; } ++sp->ts_curi; flags = (int)idxs[arridx]; if (flags & WF_NOSUGGEST) break; fword_ends = (fword[sp->ts_fidx] == NUL || (soundfold ? VIM_ISWHITE(fword[sp->ts_fidx]) : !spell_iswordp(fword + sp->ts_fidx, curwin))); tword[sp->ts_twordlen] = NUL; if (sp->ts_prefixdepth <= PFD_NOTSPECIAL && (sp->ts_flags & TSF_PREFIXOK) == 0 && pbyts != NULL) { n = stack[sp->ts_prefixdepth].ts_arridx; len = pbyts[n++]; for (c = 0; c < len && pbyts[n + c] == 0; ++c) ; if (c > 0) { c = valid_word_prefix(c, n, flags, tword + sp->ts_splitoff, slang, FALSE); if (c == 0) break; if (c & WF_RAREPFX) flags |= WF_RARE; sp->ts_flags |= TSF_PREFIXOK; } } if (sp->ts_complen == sp->ts_compsplit && fword_ends && (flags & WF_NEEDCOMP)) goodword_ends = FALSE; else goodword_ends = TRUE; p = NULL; compound_ok = TRUE; if (sp->ts_complen > sp->ts_compsplit) { if (slang->sl_nobreak) { if (sp->ts_fidx - sp->ts_splitfidx == sp->ts_twordlen - sp->ts_splitoff && STRNCMP(fword + sp->ts_splitfidx, tword + sp->ts_splitoff, sp->ts_fidx - sp->ts_splitfidx) == 0) { preword[sp->ts_prewordlen] = NUL; newscore = score_wordcount_adj(slang, sp->ts_score, preword + sp->ts_prewordlen, sp->ts_prewordlen > 0); if (newscore <= su->su_maxscore) add_suggestion(su, &su->su_ga, preword, sp->ts_splitfidx - repextra, newscore, 0, FALSE, lp->lp_sallang, FALSE); break; } } else { if (((unsigned)flags >> 24) == 0 || sp->ts_twordlen - sp->ts_splitoff < slang->sl_compminlen) break; if (has_mbyte && slang->sl_compminlen > 0 && mb_charlen(tword + sp->ts_splitoff) < slang->sl_compminlen) break; compflags[sp->ts_complen] = ((unsigned)flags >> 24); compflags[sp->ts_complen + 1] = NUL; vim_strncpy(preword + sp->ts_prewordlen, tword + sp->ts_splitoff, sp->ts_twordlen - sp->ts_splitoff); if (match_checkcompoundpattern(preword, sp->ts_prewordlen, &slang->sl_comppat)) compound_ok = FALSE; if (compound_ok) { p = preword; while (*skiptowhite(p) != NUL) p = skipwhite(skiptowhite(p)); if (fword_ends && !can_compound(slang, p, compflags + sp->ts_compsplit)) compound_ok = FALSE; } p = preword + sp->ts_prewordlen; MB_PTR_BACK(preword, p); } } if (soundfold) STRCPY(preword + sp->ts_prewordlen, tword + sp->ts_splitoff); else if (flags & WF_KEEPCAP) find_keepcap_word(slang, tword + sp->ts_splitoff, preword + sp->ts_prewordlen); else { c = su->su_badflags; if ((c & WF_ALLCAP) && su->su_badlen == (*mb_ptr2len)(su->su_badptr)) c = WF_ONECAP; c |= flags; if (p != NULL && spell_iswordp_nmw(p, curwin)) c &= ~WF_ONECAP; make_case_word(tword + sp->ts_splitoff, preword + sp->ts_prewordlen, c); } if (!soundfold) { if (flags & WF_BANNED) { add_banned(su, preword + sp->ts_prewordlen); break; } if ((sp->ts_complen == sp->ts_compsplit && WAS_BANNED(su, preword + sp->ts_prewordlen)) || WAS_BANNED(su, preword)) { if (slang->sl_compprog == NULL) break; goodword_ends = FALSE; } } newscore = 0; if (!soundfold) { if ((flags & WF_REGION) && (((unsigned)flags >> 16) & lp->lp_region) == 0) newscore += SCORE_REGION; if (flags & WF_RARE) newscore += SCORE_RARE; if (!spell_valid_case(su->su_badflags, captype(preword + sp->ts_prewordlen, NULL))) newscore += SCORE_ICASE; } if (fword_ends && goodword_ends && sp->ts_fidx >= sp->ts_fidxtry && compound_ok) { #ifdef DEBUG_TRIEWALK if (soundfold && STRCMP(preword, ""smwrd"") == 0) { int j; smsg(""------ %s -------"", fword); for (j = 0; j < depth; ++j) smsg(""%s"", changename[j]); } #endif if (soundfold) { add_sound_suggest(su, preword, sp->ts_score, lp); } else if (sp->ts_fidx > 0) { p = fword + sp->ts_fidx; MB_PTR_BACK(fword, p); if (!spell_iswordp(p, curwin)) { p = preword + STRLEN(preword); MB_PTR_BACK(preword, p); if (spell_iswordp(p, curwin)) newscore += SCORE_NONWORD; } score = score_wordcount_adj(slang, sp->ts_score + newscore, preword + sp->ts_prewordlen, sp->ts_prewordlen > 0); if (score <= su->su_maxscore) { add_suggestion(su, &su->su_ga, preword, sp->ts_fidx - repextra, score, 0, FALSE, lp->lp_sallang, FALSE); if (su->su_badflags & WF_MIXCAP) { c = captype(preword, NULL); if (c == 0 || c == WF_ALLCAP) { make_case_word(tword + sp->ts_splitoff, preword + sp->ts_prewordlen, c == 0 ? WF_ALLCAP : 0); add_suggestion(su, &su->su_ga, preword, sp->ts_fidx - repextra, score + SCORE_ICASE, 0, FALSE, lp->lp_sallang, FALSE); } } } } } if ((sp->ts_fidx >= sp->ts_fidxtry || fword_ends) && (!has_mbyte || sp->ts_tcharlen == 0)) { int try_compound; int try_split; try_split = (sp->ts_fidx - repextra < su->su_badlen) && !soundfold; try_compound = FALSE; if (!soundfold && !slang->sl_nocompoundsugs && slang->sl_compprog != NULL && ((unsigned)flags >> 24) != 0 && sp->ts_twordlen - sp->ts_splitoff >= slang->sl_compminlen && (!has_mbyte || slang->sl_compminlen == 0 || mb_charlen(tword + sp->ts_splitoff) >= slang->sl_compminlen) && (slang->sl_compsylmax < MAXWLEN || sp->ts_complen + 1 - sp->ts_compsplit < slang->sl_compmax) && (can_be_compound(sp, slang, compflags, ((unsigned)flags >> 24)))) { try_compound = TRUE; compflags[sp->ts_complen] = ((unsigned)flags >> 24); compflags[sp->ts_complen + 1] = NUL; } if (slang->sl_nobreak && !slang->sl_nocompoundsugs) try_compound = TRUE; else if (!fword_ends && try_compound && (sp->ts_flags & TSF_DIDSPLIT) == 0) { try_compound = FALSE; sp->ts_flags |= TSF_DIDSPLIT; --sp->ts_curi; compflags[sp->ts_complen] = NUL; } else sp->ts_flags &= ~TSF_DIDSPLIT; if (try_split || try_compound) { if (!try_compound && (!fword_ends || !goodword_ends)) { if (sp->ts_complen == sp->ts_compsplit && (flags & WF_NEEDCOMP)) break; p = preword; while (*skiptowhite(p) != NUL) p = skipwhite(skiptowhite(p)); if (sp->ts_complen > sp->ts_compsplit && !can_compound(slang, p, compflags + sp->ts_compsplit)) break; if (slang->sl_nosplitsugs) newscore += SCORE_SPLIT_NO; else newscore += SCORE_SPLIT; newscore = score_wordcount_adj(slang, newscore, preword + sp->ts_prewordlen, TRUE); } if (TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK if (!try_compound && !fword_ends) sprintf(changename[depth], ""%.*s-%s: split"", sp->ts_twordlen, tword, fword + sp->ts_fidx); else sprintf(changename[depth], ""%.*s-%s: compound"", sp->ts_twordlen, tword, fword + sp->ts_fidx); #endif sp->ts_save_badflags = su->su_badflags; PROF_STORE(sp->ts_state) sp->ts_state = STATE_SPLITUNDO; ++depth; sp = &stack[depth]; if (!try_compound && !fword_ends) STRCAT(preword, "" ""); sp->ts_prewordlen = (char_u)STRLEN(preword); sp->ts_splitoff = sp->ts_twordlen; sp->ts_splitfidx = sp->ts_fidx; if (((!try_compound && !spell_iswordp_nmw(fword + sp->ts_fidx, curwin)) || fword_ends) && fword[sp->ts_fidx] != NUL && goodword_ends) { int l; l = mb_ptr2len(fword + sp->ts_fidx); if (fword_ends) { mch_memmove(preword + sp->ts_prewordlen, fword + sp->ts_fidx, l); sp->ts_prewordlen += l; preword[sp->ts_prewordlen] = NUL; } else sp->ts_score -= SCORE_SPLIT - SCORE_SUBST; sp->ts_fidx += l; } if (try_compound) ++sp->ts_complen; else sp->ts_compsplit = sp->ts_complen; sp->ts_prefixdepth = PFD_NOPREFIX; if (has_mbyte) n = nofold_len(fword, sp->ts_fidx, su->su_badptr); else n = sp->ts_fidx; su->su_badflags = badword_captype(su->su_badptr + n, su->su_badptr + su->su_badlen); sp->ts_arridx = 0; if (pbyts != NULL) { byts = pbyts; idxs = pidxs; sp->ts_prefixdepth = PFD_PREFIXTREE; PROF_STORE(sp->ts_state) sp->ts_state = STATE_NOPREFIX; } } } } break; case STATE_SPLITUNDO: su->su_badflags = sp->ts_save_badflags; PROF_STORE(sp->ts_state) sp->ts_state = STATE_START; byts = fbyts; idxs = fidxs; break; case STATE_ENDNUL: su->su_badflags = sp->ts_save_badflags; if (fword[sp->ts_fidx] == NUL && sp->ts_tcharlen == 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_DEL; break; } PROF_STORE(sp->ts_state) sp->ts_state = STATE_PLAIN; case STATE_PLAIN: arridx = sp->ts_arridx; if (sp->ts_curi > byts[arridx]) { PROF_STORE(sp->ts_state) if (sp->ts_fidx >= sp->ts_fidxtry) sp->ts_state = STATE_DEL; else sp->ts_state = STATE_FINAL; } else { arridx += sp->ts_curi++; c = byts[arridx]; if (c == fword[sp->ts_fidx] || (sp->ts_tcharlen > 0 && sp->ts_isdiff != DIFF_NONE)) newscore = 0; else newscore = SCORE_SUBST; if ((newscore == 0 || (sp->ts_fidx >= sp->ts_fidxtry && ((sp->ts_flags & TSF_DIDDEL) == 0 || c != fword[sp->ts_delidx]))) && TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK if (newscore > 0) sprintf(changename[depth], ""%.*s-%s: subst %c to %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, fword[sp->ts_fidx], c); else sprintf(changename[depth], ""%.*s-%s: accept %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, fword[sp->ts_fidx]); #endif ++depth; sp = &stack[depth]; ++sp->ts_fidx; tword[sp->ts_twordlen++] = c; sp->ts_arridx = idxs[arridx]; if (newscore == SCORE_SUBST) sp->ts_isdiff = DIFF_YES; if (has_mbyte) { if (sp->ts_tcharlen == 0) { sp->ts_tcharidx = 0; sp->ts_tcharlen = MB_BYTE2LEN(c); sp->ts_fcharstart = sp->ts_fidx - 1; sp->ts_isdiff = (newscore != 0) ? DIFF_YES : DIFF_NONE; } else if (sp->ts_isdiff == DIFF_INSERT) --sp->ts_fidx; if (++sp->ts_tcharidx == sp->ts_tcharlen) { if (sp->ts_isdiff == DIFF_YES) { sp->ts_fidx = sp->ts_fcharstart + mb_ptr2len( fword + sp->ts_fcharstart); if (enc_utf8 && utf_iscomposing( utf_ptr2char(tword + sp->ts_twordlen - sp->ts_tcharlen)) && utf_iscomposing( utf_ptr2char(fword + sp->ts_fcharstart))) sp->ts_score -= SCORE_SUBST - SCORE_SUBCOMP; else if (!soundfold && slang->sl_has_map && similar_chars(slang, mb_ptr2char(tword + sp->ts_twordlen - sp->ts_tcharlen), mb_ptr2char(fword + sp->ts_fcharstart))) sp->ts_score -= SCORE_SUBST - SCORE_SIMILAR; } else if (sp->ts_isdiff == DIFF_INSERT && sp->ts_twordlen > sp->ts_tcharlen) { p = tword + sp->ts_twordlen - sp->ts_tcharlen; c = mb_ptr2char(p); if (enc_utf8 && utf_iscomposing(c)) { sp->ts_score -= SCORE_INS - SCORE_INSCOMP; } else { MB_PTR_BACK(tword, p); if (c == mb_ptr2char(p)) sp->ts_score -= SCORE_INS - SCORE_INSDUP; } } sp->ts_tcharlen = 0; } } else { if (newscore != 0 && !soundfold && slang->sl_has_map && similar_chars(slang, c, fword[sp->ts_fidx - 1])) sp->ts_score -= SCORE_SUBST - SCORE_SIMILAR; } } } break; case STATE_DEL: if (has_mbyte && sp->ts_tcharlen > 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } PROF_STORE(sp->ts_state) sp->ts_state = STATE_INS_PREP; sp->ts_curi = 1; if (soundfold && sp->ts_fidx == 0 && fword[sp->ts_fidx] == '*') newscore = 2 * SCORE_DEL / 3; else newscore = SCORE_DEL; if (fword[sp->ts_fidx] != NUL && TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: delete %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, fword[sp->ts_fidx]); #endif ++depth; stack[depth].ts_flags |= TSF_DIDDEL; stack[depth].ts_delidx = sp->ts_fidx; if (has_mbyte) { c = mb_ptr2char(fword + sp->ts_fidx); stack[depth].ts_fidx += mb_ptr2len(fword + sp->ts_fidx); if (enc_utf8 && utf_iscomposing(c)) stack[depth].ts_score -= SCORE_DEL - SCORE_DELCOMP; else if (c == mb_ptr2char(fword + stack[depth].ts_fidx)) stack[depth].ts_score -= SCORE_DEL - SCORE_DELDUP; } else { ++stack[depth].ts_fidx; if (fword[sp->ts_fidx] == fword[sp->ts_fidx + 1]) stack[depth].ts_score -= SCORE_DEL - SCORE_DELDUP; } break; } case STATE_INS_PREP: if (sp->ts_flags & TSF_DIDDEL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP; break; } n = sp->ts_arridx; for (;;) { if (sp->ts_curi > byts[n]) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP; break; } if (byts[n + sp->ts_curi] != NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_INS; break; } ++sp->ts_curi; } break; case STATE_INS: n = sp->ts_arridx; if (sp->ts_curi > byts[n]) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP; break; } n += sp->ts_curi++; c = byts[n]; if (soundfold && sp->ts_twordlen == 0 && c == '*') newscore = 2 * SCORE_INS / 3; else newscore = SCORE_INS; if (c != fword[sp->ts_fidx] && TRY_DEEPER(su, stack, depth, newscore)) { go_deeper(stack, depth, newscore); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: insert %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, c); #endif ++depth; sp = &stack[depth]; tword[sp->ts_twordlen++] = c; sp->ts_arridx = idxs[n]; if (has_mbyte) { fl = MB_BYTE2LEN(c); if (fl > 1) { sp->ts_tcharlen = fl; sp->ts_tcharidx = 1; sp->ts_isdiff = DIFF_INSERT; } } else fl = 1; if (fl == 1) { if (sp->ts_twordlen >= 2 && tword[sp->ts_twordlen - 2] == c) sp->ts_score -= SCORE_INS - SCORE_INSDUP; } } break; case STATE_SWAP: p = fword + sp->ts_fidx; c = *p; if (c == NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } if (!soundfold && !spell_iswordp(p, curwin)) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (has_mbyte) { n = MB_CPTR2LEN(p); c = mb_ptr2char(p); if (p[n] == NUL) c2 = NUL; else if (!soundfold && !spell_iswordp(p + n, curwin)) c2 = c; else c2 = mb_ptr2char(p + n); } else { if (p[1] == NUL) c2 = NUL; else if (!soundfold && !spell_iswordp(p + 1, curwin)) c2 = c; else c2 = p[1]; } if (c2 == NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (c == c2) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_SWAP3; break; } if (c2 != NUL && TRY_DEEPER(su, stack, depth, SCORE_SWAP)) { go_deeper(stack, depth, SCORE_SWAP); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: swap %c and %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, c, c2); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNSWAP; ++depth; if (has_mbyte) { fl = mb_char2len(c2); mch_memmove(p, p + n, fl); mb_char2bytes(c, p + fl); stack[depth].ts_fidxtry = sp->ts_fidx + n + fl; } else { p[0] = c2; p[1] = c; stack[depth].ts_fidxtry = sp->ts_fidx + 2; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNSWAP: p = fword + sp->ts_fidx; if (has_mbyte) { n = mb_ptr2len(p); c = mb_ptr2char(p + n); mch_memmove(p + mb_ptr2len(p + n), p, n); mb_char2bytes(c, p); } else { c = *p; *p = p[1]; p[1] = c; } case STATE_SWAP3: p = fword + sp->ts_fidx; if (has_mbyte) { n = MB_CPTR2LEN(p); c = mb_ptr2char(p); fl = MB_CPTR2LEN(p + n); c2 = mb_ptr2char(p + n); if (!soundfold && !spell_iswordp(p + n + fl, curwin)) c3 = c; else c3 = mb_ptr2char(p + n + fl); } else { c = *p; c2 = p[1]; if (!soundfold && !spell_iswordp(p + 2, curwin)) c3 = c; else c3 = p[2]; } if (c == c3 || c3 == NUL) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (TRY_DEEPER(su, stack, depth, SCORE_SWAP3)) { go_deeper(stack, depth, SCORE_SWAP3); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: swap3 %c and %c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, c, c3); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNSWAP3; ++depth; if (has_mbyte) { tl = mb_char2len(c3); mch_memmove(p, p + n + fl, tl); mb_char2bytes(c2, p + tl); mb_char2bytes(c, p + fl + tl); stack[depth].ts_fidxtry = sp->ts_fidx + n + fl + tl; } else { p[0] = p[2]; p[2] = c; stack[depth].ts_fidxtry = sp->ts_fidx + 3; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNSWAP3: p = fword + sp->ts_fidx; if (has_mbyte) { n = mb_ptr2len(p); c2 = mb_ptr2char(p + n); fl = mb_ptr2len(p + n); c = mb_ptr2char(p + n + fl); tl = mb_ptr2len(p + n + fl); mch_memmove(p + fl + tl, p, n); mb_char2bytes(c, p); mb_char2bytes(c2, p + tl); p = p + tl; } else { c = *p; *p = p[2]; p[2] = c; ++p; } if (!soundfold && !spell_iswordp(p, curwin)) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; break; } if (TRY_DEEPER(su, stack, depth, SCORE_SWAP3)) { go_deeper(stack, depth, SCORE_SWAP3); #ifdef DEBUG_TRIEWALK p = fword + sp->ts_fidx; sprintf(changename[depth], ""%.*s-%s: rotate left %c%c%c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, p[0], p[1], p[2]); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNROT3L; ++depth; p = fword + sp->ts_fidx; if (has_mbyte) { n = MB_CPTR2LEN(p); c = mb_ptr2char(p); fl = MB_CPTR2LEN(p + n); fl += MB_CPTR2LEN(p + n + fl); mch_memmove(p, p + n, fl); mb_char2bytes(c, p + fl); stack[depth].ts_fidxtry = sp->ts_fidx + n + fl; } else { c = *p; *p = p[1]; p[1] = p[2]; p[2] = c; stack[depth].ts_fidxtry = sp->ts_fidx + 3; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNROT3L: p = fword + sp->ts_fidx; if (has_mbyte) { n = mb_ptr2len(p); n += mb_ptr2len(p + n); c = mb_ptr2char(p + n); tl = mb_ptr2len(p + n); mch_memmove(p + tl, p, n); mb_char2bytes(c, p); } else { c = p[2]; p[2] = p[1]; p[1] = *p; *p = c; } if (TRY_DEEPER(su, stack, depth, SCORE_SWAP3)) { go_deeper(stack, depth, SCORE_SWAP3); #ifdef DEBUG_TRIEWALK p = fword + sp->ts_fidx; sprintf(changename[depth], ""%.*s-%s: rotate right %c%c%c"", sp->ts_twordlen, tword, fword + sp->ts_fidx, p[0], p[1], p[2]); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_UNROT3R; ++depth; p = fword + sp->ts_fidx; if (has_mbyte) { n = MB_CPTR2LEN(p); n += MB_CPTR2LEN(p + n); c = mb_ptr2char(p + n); tl = MB_CPTR2LEN(p + n); mch_memmove(p + tl, p, n); mb_char2bytes(c, p); stack[depth].ts_fidxtry = sp->ts_fidx + n + tl; } else { c = p[2]; p[2] = p[1]; p[1] = *p; *p = c; stack[depth].ts_fidxtry = sp->ts_fidx + 3; } } else { PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_INI; } break; case STATE_UNROT3R: p = fword + sp->ts_fidx; if (has_mbyte) { c = mb_ptr2char(p); tl = mb_ptr2len(p); n = mb_ptr2len(p + tl); n += mb_ptr2len(p + tl + n); mch_memmove(p, p + tl, n); mb_char2bytes(c, p + n); } else { c = *p; *p = p[1]; p[1] = p[2]; p[2] = c; } case STATE_REP_INI: if ((lp->lp_replang == NULL && !soundfold) || sp->ts_score + SCORE_REP >= su->su_maxscore || sp->ts_fidx < sp->ts_fidxtry) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } if (soundfold) sp->ts_curi = slang->sl_repsal_first[fword[sp->ts_fidx]]; else sp->ts_curi = lp->lp_replang->sl_rep_first[fword[sp->ts_fidx]]; if (sp->ts_curi < 0) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; break; } PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP; case STATE_REP: p = fword + sp->ts_fidx; if (soundfold) gap = &slang->sl_repsal; else gap = &lp->lp_replang->sl_rep; while (sp->ts_curi < gap->ga_len) { ftp = (fromto_T *)gap->ga_data + sp->ts_curi++; if (*ftp->ft_from != *p) { sp->ts_curi = gap->ga_len; break; } if (STRNCMP(ftp->ft_from, p, STRLEN(ftp->ft_from)) == 0 && TRY_DEEPER(su, stack, depth, SCORE_REP)) { go_deeper(stack, depth, SCORE_REP); #ifdef DEBUG_TRIEWALK sprintf(changename[depth], ""%.*s-%s: replace %s with %s"", sp->ts_twordlen, tword, fword + sp->ts_fidx, ftp->ft_from, ftp->ft_to); #endif PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP_UNDO; ++depth; fl = (int)STRLEN(ftp->ft_from); tl = (int)STRLEN(ftp->ft_to); if (fl != tl) { STRMOVE(p + tl, p + fl); repextra += tl - fl; } mch_memmove(p, ftp->ft_to, tl); stack[depth].ts_fidxtry = sp->ts_fidx + tl; stack[depth].ts_tcharlen = 0; break; } } if (sp->ts_curi >= gap->ga_len && sp->ts_state == STATE_REP) { PROF_STORE(sp->ts_state) sp->ts_state = STATE_FINAL; } break; case STATE_REP_UNDO: if (soundfold) gap = &slang->sl_repsal; else gap = &lp->lp_replang->sl_rep; ftp = (fromto_T *)gap->ga_data + sp->ts_curi - 1; fl = (int)STRLEN(ftp->ft_from); tl = (int)STRLEN(ftp->ft_to); p = fword + sp->ts_fidx; if (fl != tl) { STRMOVE(p + fl, p + tl); repextra -= tl - fl; } mch_memmove(p, ftp->ft_from, fl); PROF_STORE(sp->ts_state) sp->ts_state = STATE_REP; break; default: --depth; if (depth >= 0 && stack[depth].ts_prefixdepth == PFD_PREFIXTREE) { byts = pbyts; idxs = pidxs; } if (--breakcheckcount == 0) { ui_breakcheck(); breakcheckcount = 1000; } } } }",visit repo url,src/spellsuggest.c,https://github.com/vim/vim,226249269802842,1 5947,['CWE-909'],"int unregister_qdisc(struct Qdisc_ops *qops) { struct Qdisc_ops *q, **qp; int err = -ENOENT; write_lock(&qdisc_mod_lock); for (qp = &qdisc_base; (q=*qp)!=NULL; qp = &q->next) if (q == qops) break; if (q) { *qp = q->next; q->next = NULL; err = 0; } write_unlock(&qdisc_mod_lock); return err; }",linux-2.6,,,262984922161032882317219122129570400734,0 1756,CWE-119,"check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, struct xt_table_info *newinfo, unsigned int *size, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, const char *name) { struct xt_entry_match *ematch; struct xt_entry_target *t; struct xt_target *target; unsigned int entry_offset; unsigned int j; int ret, off, h; duprintf(""check_compat_entry_size_and_hooks %p\n"", e); if ((unsigned long)e % __alignof__(struct compat_ipt_entry) != 0 || (unsigned char *)e + sizeof(struct compat_ipt_entry) >= limit) { duprintf(""Bad offset %p, limit = %p\n"", e, limit); return -EINVAL; } if (e->next_offset < sizeof(struct compat_ipt_entry) + sizeof(struct compat_xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } ret = check_entry((struct ipt_entry *)e); if (ret) return ret; off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); entry_offset = (void *)e - (void *)base; j = 0; xt_ematch_foreach(ematch, e) { ret = compat_find_calc_match(ematch, name, &e->ip, &off); if (ret != 0) goto release_matches; ++j; } t = compat_ipt_get_target(e); target = xt_request_find_target(NFPROTO_IPV4, t->u.user.name, t->u.user.revision); if (IS_ERR(target)) { duprintf(""check_compat_entry_size_and_hooks: `%s' not found\n"", t->u.user.name); ret = PTR_ERR(target); goto release_matches; } t->u.kernel.target = target; off += xt_compat_target_offset(target); *size += off; ret = xt_compat_add_offset(AF_INET, entry_offset, off); if (ret) goto out; for (h = 0; h < NF_INET_NUMHOOKS; h++) { if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) newinfo->underflow[h] = underflows[h]; } memset(&e->counters, 0, sizeof(e->counters)); e->comefrom = 0; return 0; out: module_put(t->u.kernel.target->me); release_matches: xt_ematch_foreach(ematch, e) { if (j-- == 0) break; module_put(ematch->u.kernel.match->me); } return ret; }",visit repo url,net/ipv4/netfilter/ip_tables.c,https://github.com/torvalds/linux,158984606195898,1 5498,['CWE-476'],"static void kvm_init_msr_list(void) { u32 dummy[2]; unsigned i, j; for (i = j = 0; i < ARRAY_SIZE(msrs_to_save); i++) { if (rdmsr_safe(msrs_to_save[i], &dummy[0], &dummy[1]) < 0) continue; if (j < i) msrs_to_save[j] = msrs_to_save[i]; j++; } num_msrs_to_save = j; }",linux-2.6,,,186044214199344000940896426970147280456,0 4884,CWE-119,"static int cac_read_binary(sc_card_t *card, unsigned int idx, unsigned char *buf, size_t count, unsigned long flags) { cac_private_data_t * priv = CAC_DATA(card); int r = 0; u8 *val = NULL; u8 *cert_ptr; size_t val_len; size_t len, cert_len; u8 cert_type; SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); if (priv->cached) { sc_log(card->ctx, ""returning cached value idx=%d count=%""SC_FORMAT_LEN_SIZE_T""u"", idx, count); if (idx > priv->cache_buf_len) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_FILE_END_REACHED); } len = MIN(count, priv->cache_buf_len-idx); memcpy(buf, &priv->cache_buf[idx], len); LOG_FUNC_RETURN(card->ctx, len); } sc_log(card->ctx, ""clearing cache idx=%d count=%""SC_FORMAT_LEN_SIZE_T""u"", idx, count); free(priv->cache_buf); priv->cache_buf = NULL; priv->cache_buf_len = 0; r = cac_cac1_get_certificate(card, &val, &val_len); if (r < 0) goto done; if (val_len < 1) { r = SC_ERROR_INVALID_DATA; goto done; } cert_type = val[0]; cert_ptr = val + 1; cert_len = val_len - 1; if ((cert_type & 0x3) == 1) { #ifdef ENABLE_ZLIB r = sc_decompress_alloc(&priv->cache_buf, &priv->cache_buf_len, cert_ptr, cert_len, COMPRESSION_AUTO); #else sc_log(card->ctx, ""CAC compression not supported, no zlib""); r = SC_ERROR_NOT_SUPPORTED; #endif if (r) goto done; } else if (cert_len > 0) { priv->cache_buf = malloc(cert_len); if (priv->cache_buf == NULL) { r = SC_ERROR_OUT_OF_MEMORY; goto done; } priv->cache_buf_len = cert_len; memcpy(priv->cache_buf, cert_ptr, cert_len); } priv->cached = 1; len = MIN(count, priv->cache_buf_len-idx); if (len && priv->cache_buf) memcpy(buf, &priv->cache_buf[idx], len); r = len; done: if (val) free(val); LOG_FUNC_RETURN(card->ctx, r); }",visit repo url,src/libopensc/card-cac1.c,https://github.com/OpenSC/OpenSC,228014425813020,1 757,['CWE-119'],"isdn_net_ciscohdlck_slarp_in(isdn_net_local *lp, struct sk_buff *skb) { unsigned char *p; int period; u32 code; u32 my_seq, addr; u32 your_seq, mask; u32 local; u16 unused; if (skb->len < 14) return; p = skb->data; p += get_u32(p, &code); switch (code) { case CISCO_SLARP_REQUEST: lp->cisco_yourseq = 0; isdn_net_ciscohdlck_slarp_send_reply(lp); break; case CISCO_SLARP_REPLY: addr = ntohl(*(u32 *)p); mask = ntohl(*(u32 *)(p+4)); if (mask != 0xfffffffc) goto slarp_reply_out; if ((addr & 3) == 0 || (addr & 3) == 3) goto slarp_reply_out; local = addr ^ 3; printk(KERN_INFO ""%s: got slarp reply: "" ""remote ip: %d.%d.%d.%d, "" ""local ip: %d.%d.%d.%d "" ""mask: %d.%d.%d.%d\n"", lp->netdev->dev->name, HIPQUAD(addr), HIPQUAD(local), HIPQUAD(mask)); break; slarp_reply_out: printk(KERN_INFO ""%s: got invalid slarp "" ""reply (%d.%d.%d.%d/%d.%d.%d.%d) "" ""- ignored\n"", lp->netdev->dev->name, HIPQUAD(addr), HIPQUAD(mask)); break; case CISCO_SLARP_KEEPALIVE: period = (int)((jiffies - lp->cisco_last_slarp_in + HZ/2 - 1) / HZ); if (lp->cisco_debserint && (period != lp->cisco_keepalive_period) && lp->cisco_last_slarp_in) { printk(KERN_DEBUG ""%s: Keepalive period mismatch - "" ""is %d but should be %d.\n"", lp->netdev->dev->name, period, lp->cisco_keepalive_period); } lp->cisco_last_slarp_in = jiffies; p += get_u32(p, &my_seq); p += get_u32(p, &your_seq); p += get_u16(p, &unused); lp->cisco_yourseq = my_seq; lp->cisco_mineseen = your_seq; break; } }",linux-2.6,,,205623067823879189029699741679791489125,0 3605,CWE-125,"static int jpc_pi_nextrpcl(register jpc_pi_t *pi) { int rlvlno; jpc_pirlvl_t *pirlvl; jpc_pchg_t *pchg; int prchind; int prcvind; int *prclyrno; int compno; jpc_picomp_t *picomp; int xstep; int ystep; uint_fast32_t r; uint_fast32_t rpx; uint_fast32_t rpy; uint_fast32_t trx0; uint_fast32_t try0; pchg = pi->pchg; if (!pi->prgvolfirst) { goto skip; } else { pi->xstep = 0; pi->ystep = 0; for (compno = 0, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++picomp) { for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl) { if (pirlvl->prcwidthexpn + pi->picomp->numrlvls > JAS_UINTFAST32_NUMBITS - 2 || pirlvl->prcheightexpn + pi->picomp->numrlvls > JAS_UINTFAST32_NUMBITS - 2) { return -1; } xstep = picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcwidthexpn + picomp->numrlvls - rlvlno - 1)); ystep = picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcheightexpn + picomp->numrlvls - rlvlno - 1)); pi->xstep = (!pi->xstep) ? xstep : JAS_MIN(pi->xstep, xstep); pi->ystep = (!pi->ystep) ? ystep : JAS_MIN(pi->ystep, ystep); } } pi->prgvolfirst = 0; } for (pi->rlvlno = pchg->rlvlnostart; pi->rlvlno < pchg->rlvlnoend && pi->rlvlno < pi->maxrlvls; ++pi->rlvlno) { for (pi->y = pi->ystart; pi->y < pi->yend; pi->y += pi->ystep - (pi->y % pi->ystep)) { for (pi->x = pi->xstart; pi->x < pi->xend; pi->x += pi->xstep - (pi->x % pi->xstep)) { for (pi->compno = pchg->compnostart, pi->picomp = &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, ++pi->picomp) { if (pi->rlvlno >= pi->picomp->numrlvls) { continue; } pi->pirlvl = &pi->picomp->pirlvls[pi->rlvlno]; if (pi->pirlvl->numprcs == 0) { continue; } r = pi->picomp->numrlvls - 1 - pi->rlvlno; rpx = r + pi->pirlvl->prcwidthexpn; rpy = r + pi->pirlvl->prcheightexpn; trx0 = JPC_CEILDIV(pi->xstart, pi->picomp->hsamp << r); try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r); if (((pi->x == pi->xstart && ((trx0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpx))) || !(pi->x % (JAS_CAST(uint_fast32_t, 1) << rpx))) && ((pi->y == pi->ystart && ((try0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpy))) || !(pi->y % (JAS_CAST(uint_fast32_t, 1) << rpy)))) { prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn); prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn); pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind; assert(pi->prcno < pi->pirlvl->numprcs); for (pi->lyrno = 0; pi->lyrno < pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { prclyrno = &pi->pirlvl->prclyrnos[pi->prcno]; if (pi->lyrno >= *prclyrno) { ++(*prclyrno); return 0; } skip: ; } } } } } } return 1; }",visit repo url,src/libjasper/jpc/jpc_t2cod.c,https://github.com/mdadams/jasper,73039092080968,1 6636,['CWE-200'],"connections_changed_cb (GConfClient *conf_client, guint cnxn_id, GConfEntry *entry, gpointer user_data) { NMAGConfSettings *self = NMA_GCONF_SETTINGS (user_data); NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self); char **dirs = NULL; guint len; char *path = NULL; dirs = g_strsplit (gconf_entry_get_key (entry), ""/"", -1); len = g_strv_length (dirs); if (len < 5) goto out; if ( strcmp (dirs[0], """") || strcmp (dirs[1], ""system"") || strcmp (dirs[2], ""networking"") || strcmp (dirs[3], ""connections"")) goto out; path = g_strconcat (""/"", dirs[1], ""/"", dirs[2], ""/"", dirs[3], ""/"", dirs[4], NULL); if (!g_hash_table_lookup (priv->pending_changes, path)) { ConnectionChangedInfo *info; guint id; info = g_new (ConnectionChangedInfo, 1); info->settings = self; info->path = path; path = NULL; id = g_idle_add_full (G_PRIORITY_DEFAULT_IDLE, connection_changes_done, info, connection_changed_info_destroy); g_hash_table_insert (priv->pending_changes, info->path, GUINT_TO_POINTER (id)); } out: g_free (path); g_strfreev (dirs); }",network-manager-applet,,,59912947027044113072991181418638460382,0 886,['CWE-200'],"static inline int shmem_find_swp(swp_entry_t entry, swp_entry_t *dir, swp_entry_t *edir) { swp_entry_t *ptr; for (ptr = dir; ptr < edir; ptr++) { if (ptr->val == entry.val) return ptr - dir; } return -1; }",linux-2.6,,,286180273349392103906886656792497636922,0 754,CWE-20,"int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *address, int mode) { int size, ct, err; if (m->msg_namelen) { if (mode == VERIFY_READ) { void __user *namep; namep = (void __user __force *) m->msg_name; err = move_addr_to_kernel(namep, m->msg_namelen, address); if (err < 0) return err; } m->msg_name = address; } else { m->msg_name = NULL; } size = m->msg_iovlen * sizeof(struct iovec); if (copy_from_user(iov, (void __user __force *) m->msg_iov, size)) return -EFAULT; m->msg_iov = iov; err = 0; for (ct = 0; ct < m->msg_iovlen; ct++) { size_t len = iov[ct].iov_len; if (len > INT_MAX - err) { len = INT_MAX - err; iov[ct].iov_len = len; } err += len; } return err; }",visit repo url,net/core/iovec.c,https://github.com/torvalds/linux,95000477302680,1 3609,CWE-362,"fm_mgr_config_mgr_connect ( fm_config_conx_hdl *hdl, fm_mgr_type_t mgr ) { char s_path[256]; char c_path[256]; char *mgr_prefix; p_hsm_com_client_hdl_t *mgr_hdl; pid_t pid; memset(s_path,0,sizeof(s_path)); memset(c_path,0,sizeof(c_path)); pid = getpid(); switch ( mgr ) { case FM_MGR_SM: mgr_prefix = HSM_FM_SCK_SM; mgr_hdl = &hdl->sm_hdl; break; case FM_MGR_PM: mgr_prefix = HSM_FM_SCK_PM; mgr_hdl = &hdl->pm_hdl; break; case FM_MGR_FE: mgr_prefix = HSM_FM_SCK_FE; mgr_hdl = &hdl->fe_hdl; break; default: return FM_CONF_INIT_ERR; } sprintf(s_path,""%s%s%d"",HSM_FM_SCK_PREFIX,mgr_prefix,hdl->instance); sprintf(c_path,""%s%s%d_C_%lu"",HSM_FM_SCK_PREFIX,mgr_prefix, hdl->instance, (long unsigned)pid); if ( *mgr_hdl == NULL ) { if ( hcom_client_init(mgr_hdl,s_path,c_path,32768) != HSM_COM_OK ) { return FM_CONF_INIT_ERR; } } if ( hcom_client_connect(*mgr_hdl) == HSM_COM_OK ) { hdl->conx_mask |= mgr; return FM_CONF_OK; } return FM_CONF_CONX_ERR; } ",visit repo url,Esm/ib/src/linux/fm_cmd/hsm_config_client.c,https://github.com/01org/opa-fm,75257858725205,1 75,CWE-772,"get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) { static gstrings_ret ret; char *prime_arg; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; const char *errmsg = NULL; xdr_free(xdr_gstrings_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; if ((ret.code = check_handle((void *)handle))) goto exit_func; ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_INQUIRE, arg->princ, NULL))) { ret.code = KADM5_AUTH_GET; log_unauth(""kadm5_get_strings"", prime_arg, &client_name, &service_name, rqstp); } else { ret.code = kadm5_get_strings((void *)handle, arg->princ, &ret.strings, &ret.count); if (ret.code != 0) errmsg = krb5_get_error_message(handle->context, ret.code); log_done(""kadm5_get_strings"", prime_arg, errmsg, &client_name, &service_name, rqstp); if (errmsg != NULL) krb5_free_error_message(handle->context, errmsg); } free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: free_server_handle(handle); return &ret; }",visit repo url,src/kadmin/server/server_stubs.c,https://github.com/krb5/krb5,199696042253380,1 4441,['CWE-264'],"struct sk_buff *sock_alloc_send_skb(struct sock *sk, unsigned long size, int noblock, int *errcode) { return sock_alloc_send_pskb(sk, size, 0, noblock, errcode); }",linux-2.6,,,14267728559708331379144583861607502538,0 6565,CWE-401,"ASC_destroyAssociation(T_ASC_Association ** association) { OFCondition cond = EC_Normal; if (association == NULL) return EC_Normal; if (*association == NULL) return EC_Normal; if ((*association)->DULassociation != NULL) { ASC_dropAssociation(*association); } if ((*association)->params != NULL) { cond = ASC_destroyAssociationParameters(&(*association)->params); if (cond.bad()) return cond; } if ((*association)->sendPDVBuffer != NULL) free((*association)->sendPDVBuffer); free(*association); *association = NULL; return EC_Normal; }",visit repo url,dcmnet/libsrc/assoc.cc,https://github.com/DCMTK/dcmtk,119321269297063,1 2716,CWE-190,"SPL_METHOD(SplFileObject, ftruncate) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); long size; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ""l"", &size) == FAILURE) { return; } if (!php_stream_truncate_supported(intern->u.file.stream)) { zend_throw_exception_ex(spl_ce_LogicException, 0 TSRMLS_CC, ""Can't truncate file %s"", intern->file_name); RETURN_FALSE; } RETURN_BOOL(0 == php_stream_truncate_set_size(intern->u.file.stream, size)); } ",visit repo url,ext/spl/spl_directory.c,https://github.com/php/php-src,88451472823400,1 4550,CWE-476,"static GF_Err xml_sax_append_string(GF_SAXParser *parser, char *string) { u32 size = parser->line_size; u32 nl_size = (u32) strlen(string); if (!nl_size) return GF_OK; if ( (parser->alloc_size < size+nl_size+1) ) { parser->alloc_size = size+nl_size+1; parser->alloc_size = 3 * parser->alloc_size / 2; parser->buffer = (char*)gf_realloc(parser->buffer, sizeof(char) * parser->alloc_size); if (!parser->buffer ) return GF_OUT_OF_MEM; } memcpy(parser->buffer+size, string, sizeof(char)*nl_size); parser->buffer[size+nl_size] = 0; parser->line_size = size+nl_size; return GF_OK; }",visit repo url,src/utils/xml_parser.c,https://github.com/gpac/gpac,201558166976906,1 4973,CWE-125,"process_plane(uint8 * in, int width, int height, uint8 * out, int size) { UNUSED(size); int indexw; int indexh; int code; int collen; int replen; int color; int x; int revcode; uint8 * last_line; uint8 * this_line; uint8 * org_in; uint8 * org_out; org_in = in; org_out = out; last_line = 0; indexh = 0; while (indexh < height) { out = (org_out + width * height * 4) - ((indexh + 1) * width * 4); color = 0; this_line = out; indexw = 0; if (last_line == 0) { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { color = CVAL(in); *out = color; out += 4; indexw++; collen--; } while (replen > 0) { *out = color; out += 4; indexw++; replen--; } } } else { while (indexw < width) { code = CVAL(in); replen = code & 0xf; collen = (code >> 4) & 0xf; revcode = (replen << 4) | collen; if ((revcode <= 47) && (revcode >= 16)) { replen = revcode; collen = 0; } while (collen > 0) { x = CVAL(in); if (x & 1) { x = x >> 1; x = x + 1; color = -x; } else { x = x >> 1; color = x; } x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; collen--; } while (replen > 0) { x = last_line[indexw * 4] + color; *out = x; out += 4; indexw++; replen--; } } } indexh++; last_line = this_line; } return (int) (in - org_in); }",visit repo url,bitmap.c,https://github.com/rdesktop/rdesktop,37601928281314,1 394,CWE-20,"static int __ip6_append_data(struct sock *sk, struct flowi6 *fl6, struct sk_buff_head *queue, struct inet_cork *cork, struct inet6_cork *v6_cork, struct page_frag *pfrag, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), void *from, int length, int transhdrlen, unsigned int flags, struct ipcm6_cookie *ipc6, const struct sockcm_cookie *sockc) { struct sk_buff *skb, *skb_prev = NULL; unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu; int exthdrlen = 0; int dst_exthdrlen = 0; int hh_len; int copy; int err; int offset = 0; __u8 tx_flags = 0; u32 tskey = 0; struct rt6_info *rt = (struct rt6_info *)cork->dst; struct ipv6_txoptions *opt = v6_cork->opt; int csummode = CHECKSUM_NONE; unsigned int maxnonfragsize, headersize; skb = skb_peek_tail(queue); if (!skb) { exthdrlen = opt ? opt->opt_flen : 0; dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len; } mtu = cork->fragsize; orig_mtu = mtu; hh_len = LL_RESERVED_SPACE(rt->dst.dev); fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len + (opt ? opt->opt_nflen : 0); maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - sizeof(struct frag_hdr); headersize = sizeof(struct ipv6hdr) + (opt ? opt->opt_flen + opt->opt_nflen : 0) + (dst_allfrag(&rt->dst) ? sizeof(struct frag_hdr) : 0) + rt->rt6i_nfheader_len; if (cork->length + length > mtu - headersize && ipc6->dontfrag && (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_RAW)) { ipv6_local_rxpmtu(sk, fl6, mtu - headersize + sizeof(struct ipv6hdr)); goto emsgsize; } if (ip6_sk_ignore_df(sk)) maxnonfragsize = sizeof(struct ipv6hdr) + IPV6_MAXPLEN; else maxnonfragsize = mtu; if (cork->length + length > maxnonfragsize - headersize) { emsgsize: ipv6_local_error(sk, EMSGSIZE, fl6, mtu - headersize + sizeof(struct ipv6hdr)); return -EMSGSIZE; } if (transhdrlen && sk->sk_protocol == IPPROTO_UDP && headersize == sizeof(struct ipv6hdr) && length <= mtu - headersize && !(flags & MSG_MORE) && rt->dst.dev->features & (NETIF_F_IPV6_CSUM | NETIF_F_HW_CSUM)) csummode = CHECKSUM_PARTIAL; if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_RAW) { sock_tx_timestamp(sk, sockc->tsflags, &tx_flags); if (tx_flags & SKBTX_ANY_SW_TSTAMP && sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) tskey = sk->sk_tskey++; } cork->length += length; if ((((length + fragheaderlen) > mtu) || (skb && skb_is_gso(skb))) && (sk->sk_protocol == IPPROTO_UDP) && (rt->dst.dev->features & NETIF_F_UFO) && !dst_xfrm(&rt->dst) && (sk->sk_type == SOCK_DGRAM) && !udp_get_no_check6_tx(sk)) { err = ip6_ufo_append_data(sk, queue, getfrag, from, length, hh_len, fragheaderlen, exthdrlen, transhdrlen, mtu, flags, fl6); if (err) goto error; return 0; } if (!skb) goto alloc_new_skb; while (length > 0) { copy = (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - skb->len; if (copy < length) copy = maxfraglen - skb->len; if (copy <= 0) { char *data; unsigned int datalen; unsigned int fraglen; unsigned int fraggap; unsigned int alloclen; alloc_new_skb: if (skb) fraggap = skb->len - maxfraglen; else fraggap = 0; if (!skb || !skb_prev) ip6_append_data_mtu(&mtu, &maxfraglen, fragheaderlen, skb, rt, orig_mtu); skb_prev = skb; datalen = length + fraggap; if (datalen > (cork->length <= mtu && !(cork->flags & IPCORK_ALLFRAG) ? mtu : maxfraglen) - fragheaderlen) datalen = maxfraglen - fragheaderlen - rt->dst.trailer_len; if ((flags & MSG_MORE) && !(rt->dst.dev->features&NETIF_F_SG)) alloclen = mtu; else alloclen = datalen + fragheaderlen; alloclen += dst_exthdrlen; if (datalen != length + fraggap) { datalen += rt->dst.trailer_len; } alloclen += rt->dst.trailer_len; fraglen = datalen + fragheaderlen; alloclen += sizeof(struct frag_hdr); if (transhdrlen) { skb = sock_alloc_send_skb(sk, alloclen + hh_len, (flags & MSG_DONTWAIT), &err); } else { skb = NULL; if (atomic_read(&sk->sk_wmem_alloc) <= 2 * sk->sk_sndbuf) skb = sock_wmalloc(sk, alloclen + hh_len, 1, sk->sk_allocation); if (unlikely(!skb)) err = -ENOBUFS; } if (!skb) goto error; skb->protocol = htons(ETH_P_IPV6); skb->ip_summed = csummode; skb->csum = 0; skb_reserve(skb, hh_len + sizeof(struct frag_hdr) + dst_exthdrlen); skb_shinfo(skb)->tx_flags = tx_flags; tx_flags = 0; skb_shinfo(skb)->tskey = tskey; tskey = 0; data = skb_put(skb, fraglen); skb_set_network_header(skb, exthdrlen); data += fragheaderlen; skb->transport_header = (skb->network_header + fragheaderlen); if (fraggap) { skb->csum = skb_copy_and_csum_bits( skb_prev, maxfraglen, data + transhdrlen, fraggap, 0); skb_prev->csum = csum_sub(skb_prev->csum, skb->csum); data += fraggap; pskb_trim_unique(skb_prev, maxfraglen); } copy = datalen - transhdrlen - fraggap; if (copy < 0) { err = -EINVAL; kfree_skb(skb); goto error; } else if (copy > 0 && getfrag(from, data + transhdrlen, offset, copy, fraggap, skb) < 0) { err = -EFAULT; kfree_skb(skb); goto error; } offset += copy; length -= datalen - fraggap; transhdrlen = 0; exthdrlen = 0; dst_exthdrlen = 0; if ((flags & MSG_CONFIRM) && !skb_prev) skb_set_dst_pending_confirm(skb, 1); __skb_queue_tail(queue, skb); continue; } if (copy > length) copy = length; if (!(rt->dst.dev->features&NETIF_F_SG)) { unsigned int off; off = skb->len; if (getfrag(from, skb_put(skb, copy), offset, copy, off, skb) < 0) { __skb_trim(skb, off); err = -EFAULT; goto error; } } else { int i = skb_shinfo(skb)->nr_frags; err = -ENOMEM; if (!sk_page_frag_refill(sk, pfrag)) goto error; if (!skb_can_coalesce(skb, i, pfrag->page, pfrag->offset)) { err = -EMSGSIZE; if (i == MAX_SKB_FRAGS) goto error; __skb_fill_page_desc(skb, i, pfrag->page, pfrag->offset, 0); skb_shinfo(skb)->nr_frags = ++i; get_page(pfrag->page); } copy = min_t(int, copy, pfrag->size - pfrag->offset); if (getfrag(from, page_address(pfrag->page) + pfrag->offset, offset, copy, skb->len, skb) < 0) goto error_efault; pfrag->offset += copy; skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy); skb->len += copy; skb->data_len += copy; skb->truesize += copy; atomic_add(copy, &sk->sk_wmem_alloc); } offset += copy; length -= copy; } return 0; error_efault: err = -EFAULT; error: cork->length -= length; IP6_INC_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUTDISCARDS); return err; }",visit repo url,net/ipv6/ip6_output.c,https://github.com/torvalds/linux,119089200728447,1 1328,CWE-119,"static __u8 *nci_extract_rf_params_nfcf_passive_poll(struct nci_dev *ndev, struct rf_tech_specific_params_nfcf_poll *nfcf_poll, __u8 *data) { nfcf_poll->bit_rate = *data++; nfcf_poll->sensf_res_len = *data++; pr_debug(""bit_rate %d, sensf_res_len %d\n"", nfcf_poll->bit_rate, nfcf_poll->sensf_res_len); memcpy(nfcf_poll->sensf_res, data, nfcf_poll->sensf_res_len); data += nfcf_poll->sensf_res_len; return data; }",visit repo url,net/nfc/nci/ntf.c,https://github.com/torvalds/linux,35085575824740,1 305,[],"static int dev_ifsioc(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ifreq ifr; struct ifreq32 __user *uifr32; struct ifmap32 __user *uifmap32; mm_segment_t old_fs; int err; uifr32 = compat_ptr(arg); uifmap32 = &uifr32->ifr_ifru.ifru_map; switch (cmd) { case SIOCSIFMAP: err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name)); err |= __get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start); err |= __get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end); err |= __get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr); err |= __get_user(ifr.ifr_map.irq, &uifmap32->irq); err |= __get_user(ifr.ifr_map.dma, &uifmap32->dma); err |= __get_user(ifr.ifr_map.port, &uifmap32->port); if (err) return -EFAULT; break; default: if (copy_from_user(&ifr, uifr32, sizeof(*uifr32))) return -EFAULT; break; } old_fs = get_fs(); set_fs (KERNEL_DS); err = sys_ioctl (fd, cmd, (unsigned long)&ifr); set_fs (old_fs); if (!err) { switch (cmd) { case TUNSETIFF: case SIOCGIFFLAGS: case SIOCGIFMETRIC: case SIOCGIFMTU: case SIOCGIFMEM: case SIOCGIFHWADDR: case SIOCGIFINDEX: case SIOCGIFADDR: case SIOCGIFBRDADDR: case SIOCGIFDSTADDR: case SIOCGIFNETMASK: case SIOCGIFTXQLEN: if (copy_to_user(uifr32, &ifr, sizeof(*uifr32))) return -EFAULT; break; case SIOCGIFMAP: err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name)); err |= __put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start); err |= __put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end); err |= __put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr); err |= __put_user(ifr.ifr_map.irq, &uifmap32->irq); err |= __put_user(ifr.ifr_map.dma, &uifmap32->dma); err |= __put_user(ifr.ifr_map.port, &uifmap32->port); if (err) err = -EFAULT; break; } } return err; }",linux-2.6,,,332170751520559198796129627675356287438,0 4345,['CWE-399'],"long keyctl_instantiate_key(key_serial_t id, const void __user *_payload, size_t plen, key_serial_t ringid) { const struct cred *cred = current_cred(); struct request_key_auth *rka; struct key *instkey, *dest_keyring; void *payload; long ret; bool vm = false; kenter(""%d,,%zu,%d"", id, plen, ringid); ret = -EINVAL; if (plen > 1024 * 1024 - 1) goto error; ret = -EPERM; instkey = cred->request_key_auth; if (!instkey) goto error; rka = instkey->payload.data; if (rka->target_key->serial != id) goto error; payload = NULL; if (_payload) { ret = -ENOMEM; payload = kmalloc(plen, GFP_KERNEL); if (!payload) { if (plen <= PAGE_SIZE) goto error; vm = true; payload = vmalloc(plen); if (!payload) goto error; } ret = -EFAULT; if (copy_from_user(payload, _payload, plen) != 0) goto error2; } ret = get_instantiation_keyring(ringid, rka, &dest_keyring); if (ret < 0) goto error2; ret = key_instantiate_and_link(rka->target_key, payload, plen, dest_keyring, instkey); key_put(dest_keyring); if (ret == 0) keyctl_change_reqkey_auth(NULL); error2: if (!vm) kfree(payload); else vfree(payload); error: return ret; } ",linux-2.6,,,199147992649626401071897816562365831806,0 3596,['CWE-20'],"sctp_disposition_t sctp_sf_cookie_wait_icmp_abort(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { return sctp_stop_t1_and_abort(commands, SCTP_ERROR_NO_ERROR, ENOPROTOOPT, asoc, (struct sctp_transport *)arg); }",linux-2.6,,,27644194511967298618358185852497702083,0 908,CWE-20,"void kvm_lapic_set_vapic_addr(struct kvm_vcpu *vcpu, gpa_t vapic_addr) { vcpu->arch.apic->vapic_addr = vapic_addr; if (vapic_addr) __set_bit(KVM_APIC_CHECK_VAPIC, &vcpu->arch.apic_attention); else __clear_bit(KVM_APIC_CHECK_VAPIC, &vcpu->arch.apic_attention); }",visit repo url,arch/x86/kvm/lapic.c,https://github.com/torvalds/linux,73919324181569,1 1327,CWE-119,"static int nci_extract_activation_params_iso_dep(struct nci_dev *ndev, struct nci_rf_intf_activated_ntf *ntf, __u8 *data) { struct activation_params_nfca_poll_iso_dep *nfca_poll; struct activation_params_nfcb_poll_iso_dep *nfcb_poll; switch (ntf->activation_rf_tech_and_mode) { case NCI_NFC_A_PASSIVE_POLL_MODE: nfca_poll = &ntf->activation_params.nfca_poll_iso_dep; nfca_poll->rats_res_len = *data++; pr_debug(""rats_res_len %d\n"", nfca_poll->rats_res_len); if (nfca_poll->rats_res_len > 0) { memcpy(nfca_poll->rats_res, data, nfca_poll->rats_res_len); } break; case NCI_NFC_B_PASSIVE_POLL_MODE: nfcb_poll = &ntf->activation_params.nfcb_poll_iso_dep; nfcb_poll->attrib_res_len = *data++; pr_debug(""attrib_res_len %d\n"", nfcb_poll->attrib_res_len); if (nfcb_poll->attrib_res_len > 0) { memcpy(nfcb_poll->attrib_res, data, nfcb_poll->attrib_res_len); } break; default: pr_err(""unsupported activation_rf_tech_and_mode 0x%x\n"", ntf->activation_rf_tech_and_mode); return NCI_STATUS_RF_PROTOCOL_ERROR; } return NCI_STATUS_OK; }",visit repo url,net/nfc/nci/ntf.c,https://github.com/torvalds/linux,31817817247132,1 3123,['CWE-189'],"static int jpc_encsigpass(jpc_mqenc_t *mqenc, int bitpos, int orient, int vcausalflag, jas_matrix_t *flags, jas_matrix_t *data, int term, long *nmsedec) { int i; int j; int one; int vscanlen; int width; int height; int frowstep; int drowstep; int fstripestep; int dstripestep; jpc_fix_t *fstripestart; jpc_fix_t *dstripestart; jpc_fix_t *fp; jpc_fix_t *dp; jpc_fix_t *fvscanstart; jpc_fix_t *dvscanstart; int k; *nmsedec = 0; width = jas_matrix_numcols(data); height = jas_matrix_numrows(data); frowstep = jas_matrix_rowstep(flags); drowstep = jas_matrix_rowstep(data); fstripestep = frowstep << 2; dstripestep = drowstep << 2; one = 1 << (bitpos + JPC_NUMEXTRABITS); fstripestart = jas_matrix_getref(flags, 1, 1); dstripestart = jas_matrix_getref(data, 0, 0); for (i = height; i > 0; i -= 4, fstripestart += fstripestep, dstripestart += dstripestep) { fvscanstart = fstripestart; dvscanstart = dstripestart; vscanlen = JAS_MIN(i, 4); for (j = width; j > 0; --j, ++fvscanstart, ++dvscanstart) { fp = fvscanstart; dp = dvscanstart; k = vscanlen; sigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, orient, mqenc, vcausalflag); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; sigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, orient, mqenc, 0); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; sigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, orient, mqenc, 0); if (--k <= 0) { continue; } fp += frowstep; dp += drowstep; sigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, orient, mqenc, 0); } } if (term) { jpc_mqenc_flush(mqenc, term - 1); } return jpc_mqenc_error(mqenc) ? (-1) : 0; }",jasper,,,145929773266058226143142018521935847794,0 2919,CWE-119,"tiffcp(TIFF* in, TIFF* out) { uint16 bitspersample, samplesperpixel = 1; uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; copyFunc cf; uint32 width, length; struct cpTag* p; CopyField(TIFFTAG_IMAGEWIDTH, width); CopyField(TIFFTAG_IMAGELENGTH, length); CopyField(TIFFTAG_BITSPERSAMPLE, bitspersample); CopyField(TIFFTAG_SAMPLESPERPIXEL, samplesperpixel); if (compression != (uint16)-1) TIFFSetField(out, TIFFTAG_COMPRESSION, compression); else CopyField(TIFFTAG_COMPRESSION, compression); TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression); TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric); if (input_compression == COMPRESSION_JPEG) { TIFFSetField(in, TIFFTAG_JPEGCOLORMODE, JPEGCOLORMODE_RGB); } else if (input_photometric == PHOTOMETRIC_YCBCR) { uint16 subsamplinghor,subsamplingver; TIFFGetFieldDefaulted(in, TIFFTAG_YCBCRSUBSAMPLING, &subsamplinghor, &subsamplingver); if (subsamplinghor!=1 || subsamplingver!=1) { fprintf(stderr, ""tiffcp: %s: Can't copy/convert subsampled image.\n"", TIFFFileName(in)); return FALSE; } } if (compression == COMPRESSION_JPEG) { if (input_photometric == PHOTOMETRIC_RGB && jpegcolormode == JPEGCOLORMODE_RGB) TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_YCBCR); else TIFFSetField(out, TIFFTAG_PHOTOMETRIC, input_photometric); } else if (compression == COMPRESSION_SGILOG || compression == COMPRESSION_SGILOG24) TIFFSetField(out, TIFFTAG_PHOTOMETRIC, samplesperpixel == 1 ? PHOTOMETRIC_LOGL : PHOTOMETRIC_LOGLUV); else if (input_compression == COMPRESSION_JPEG && samplesperpixel == 3 ) { TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_RGB); } else CopyTag(TIFFTAG_PHOTOMETRIC, 1, TIFF_SHORT); if (fillorder != 0) TIFFSetField(out, TIFFTAG_FILLORDER, fillorder); else CopyTag(TIFFTAG_FILLORDER, 1, TIFF_SHORT); TIFFGetFieldDefaulted(in, TIFFTAG_ORIENTATION, &orientation); switch (orientation) { case ORIENTATION_BOTRIGHT: case ORIENTATION_RIGHTBOT: TIFFWarning(TIFFFileName(in), ""using bottom-left orientation""); orientation = ORIENTATION_BOTLEFT; case ORIENTATION_LEFTBOT: case ORIENTATION_BOTLEFT: break; case ORIENTATION_TOPRIGHT: case ORIENTATION_RIGHTTOP: default: TIFFWarning(TIFFFileName(in), ""using top-left orientation""); orientation = ORIENTATION_TOPLEFT; case ORIENTATION_LEFTTOP: case ORIENTATION_TOPLEFT: break; } TIFFSetField(out, TIFFTAG_ORIENTATION, orientation); if (outtiled == -1) outtiled = TIFFIsTiled(in); if (outtiled) { if (tilewidth == (uint32) -1) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tilewidth); if (tilelength == (uint32) -1) TIFFGetField(in, TIFFTAG_TILELENGTH, &tilelength); TIFFDefaultTileSize(out, &tilewidth, &tilelength); TIFFSetField(out, TIFFTAG_TILEWIDTH, tilewidth); TIFFSetField(out, TIFFTAG_TILELENGTH, tilelength); } else { if (rowsperstrip == (uint32) 0) { if (!TIFFGetField(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip)) { rowsperstrip = TIFFDefaultStripSize(out, rowsperstrip); } if (rowsperstrip > length && rowsperstrip != (uint32)-1) rowsperstrip = length; } else if (rowsperstrip == (uint32) -1) rowsperstrip = length; TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, rowsperstrip); } if (config != (uint16) -1) TIFFSetField(out, TIFFTAG_PLANARCONFIG, config); else CopyField(TIFFTAG_PLANARCONFIG, config); if (samplesperpixel <= 4) CopyTag(TIFFTAG_TRANSFERFUNCTION, 4, TIFF_SHORT); CopyTag(TIFFTAG_COLORMAP, 4, TIFF_SHORT); switch (compression) { case COMPRESSION_JPEG: TIFFSetField(out, TIFFTAG_JPEGQUALITY, quality); TIFFSetField(out, TIFFTAG_JPEGCOLORMODE, jpegcolormode); break; case COMPRESSION_JBIG: CopyTag(TIFFTAG_FAXRECVPARAMS, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXRECVTIME, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXSUBADDRESS, 1, TIFF_ASCII); CopyTag(TIFFTAG_FAXDCS, 1, TIFF_ASCII); break; case COMPRESSION_LZW: case COMPRESSION_ADOBE_DEFLATE: case COMPRESSION_DEFLATE: case COMPRESSION_LZMA: if (predictor != (uint16)-1) TIFFSetField(out, TIFFTAG_PREDICTOR, predictor); else CopyField(TIFFTAG_PREDICTOR, predictor); if (preset != -1) { if (compression == COMPRESSION_ADOBE_DEFLATE || compression == COMPRESSION_DEFLATE) TIFFSetField(out, TIFFTAG_ZIPQUALITY, preset); else if (compression == COMPRESSION_LZMA) TIFFSetField(out, TIFFTAG_LZMAPRESET, preset); } break; case COMPRESSION_CCITTFAX3: case COMPRESSION_CCITTFAX4: if (compression == COMPRESSION_CCITTFAX3) { if (g3opts != (uint32) -1) TIFFSetField(out, TIFFTAG_GROUP3OPTIONS, g3opts); else CopyField(TIFFTAG_GROUP3OPTIONS, g3opts); } else CopyTag(TIFFTAG_GROUP4OPTIONS, 1, TIFF_LONG); CopyTag(TIFFTAG_BADFAXLINES, 1, TIFF_LONG); CopyTag(TIFFTAG_CLEANFAXDATA, 1, TIFF_LONG); CopyTag(TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXRECVPARAMS, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXRECVTIME, 1, TIFF_LONG); CopyTag(TIFFTAG_FAXSUBADDRESS, 1, TIFF_ASCII); break; } { uint32 len32; void** data; if (TIFFGetField(in, TIFFTAG_ICCPROFILE, &len32, &data)) TIFFSetField(out, TIFFTAG_ICCPROFILE, len32, data); } { uint16 ninks; const char* inknames; if (TIFFGetField(in, TIFFTAG_NUMBEROFINKS, &ninks)) { TIFFSetField(out, TIFFTAG_NUMBEROFINKS, ninks); if (TIFFGetField(in, TIFFTAG_INKNAMES, &inknames)) { int inknameslen = strlen(inknames) + 1; const char* cp = inknames; while (ninks > 1) { cp = strchr(cp, '\0'); cp++; inknameslen += (strlen(cp) + 1); ninks--; } TIFFSetField(out, TIFFTAG_INKNAMES, inknameslen, inknames); } } } { unsigned short pg0, pg1; if (pageInSeq == 1) { if (pageNum < 0) { if (TIFFGetField(in, TIFFTAG_PAGENUMBER, &pg0, &pg1)) TIFFSetField(out, TIFFTAG_PAGENUMBER, pg0, pg1); } else TIFFSetField(out, TIFFTAG_PAGENUMBER, pageNum++, 0); } else { if (TIFFGetField(in, TIFFTAG_PAGENUMBER, &pg0, &pg1)) { if (pageNum < 0) TIFFSetField(out, TIFFTAG_PAGENUMBER, pg0, pg1); else TIFFSetField(out, TIFFTAG_PAGENUMBER, pageNum++, 0); } } } for (p = tags; p < &tags[NTAGS]; p++) CopyTag(p->tag, p->count, p->type); cf = pickCopyFunc(in, out, bitspersample, samplesperpixel); return (cf ? (*cf)(in, out, length, width, samplesperpixel) : FALSE); }",visit repo url,tools/tiffcp.c,https://github.com/vadz/libtiff,21367180281500,1 6390,CWE-20,"error_t enc28j60Init(NetInterface *interface) { uint8_t revisionId; Enc28j60Context *context; TRACE_INFO(""Initializing ENC28J60 Ethernet controller...\r\n""); interface->spiDriver->init(); interface->extIntDriver->init(); enc28j60SoftReset(interface); sleep(10); context = (Enc28j60Context *) interface->nicContext; context->currentBank = UINT16_MAX; context->nextPacket = ENC28J60_RX_BUFFER_START; context->rxBuffer = memPoolAlloc(ETH_MAX_FRAME_SIZE); if(context->rxBuffer == NULL) { return ERROR_OUT_OF_MEMORY; } revisionId = enc28j60ReadReg(interface, ENC28J60_REG_EREVID); TRACE_INFO(""ENC28J60 revision ID: 0x%02X\r\n"", revisionId); enc28j60WriteReg(interface, ENC28J60_REG_ECOCON, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_MAADR1, interface->macAddr.b[0]); enc28j60WriteReg(interface, ENC28J60_REG_MAADR2, interface->macAddr.b[1]); enc28j60WriteReg(interface, ENC28J60_REG_MAADR3, interface->macAddr.b[2]); enc28j60WriteReg(interface, ENC28J60_REG_MAADR4, interface->macAddr.b[3]); enc28j60WriteReg(interface, ENC28J60_REG_MAADR5, interface->macAddr.b[4]); enc28j60WriteReg(interface, ENC28J60_REG_MAADR6, interface->macAddr.b[5]); enc28j60WriteReg(interface, ENC28J60_REG_ERXSTL, LSB(ENC28J60_RX_BUFFER_START)); enc28j60WriteReg(interface, ENC28J60_REG_ERXSTH, MSB(ENC28J60_RX_BUFFER_START)); enc28j60WriteReg(interface, ENC28J60_REG_ERXNDL, LSB(ENC28J60_RX_BUFFER_STOP)); enc28j60WriteReg(interface, ENC28J60_REG_ERXNDH, MSB(ENC28J60_RX_BUFFER_STOP)); enc28j60WriteReg(interface, ENC28J60_REG_ERXRDPTL, LSB(ENC28J60_RX_BUFFER_STOP)); enc28j60WriteReg(interface, ENC28J60_REG_ERXRDPTH, MSB(ENC28J60_RX_BUFFER_STOP)); enc28j60WriteReg(interface, ENC28J60_REG_ERXFCON, ERXFCON_UCEN | ERXFCON_CRCEN | ERXFCON_HTEN | ERXFCON_BCEN); enc28j60WriteReg(interface, ENC28J60_REG_EHT0, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_EHT1, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_EHT2, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_EHT3, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_EHT4, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_EHT5, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_EHT6, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_EHT7, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_MACON2, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_MACON1, MACON1_TXPAUS | MACON1_RXPAUS | MACON1_MARXEN); #if (ENC28J60_FULL_DUPLEX_SUPPORT == ENABLED) enc28j60WriteReg(interface, ENC28J60_REG_MACON3, MACON3_PADCFG(1) | MACON3_TXCRCEN | MACON3_FRMLNEN | MACON3_FULDPX); #else enc28j60WriteReg(interface, ENC28J60_REG_MACON3, MACON3_PADCFG(1) | MACON3_TXCRCEN | MACON3_FRMLNEN); #endif enc28j60WriteReg(interface, ENC28J60_REG_MACON4, MACON4_DEFER); enc28j60WriteReg(interface, ENC28J60_REG_MAMXFLL, LSB(ETH_MAX_FRAME_SIZE)); enc28j60WriteReg(interface, ENC28J60_REG_MAMXFLH, MSB(ETH_MAX_FRAME_SIZE)); #if (ENC28J60_FULL_DUPLEX_SUPPORT == ENABLED) enc28j60WriteReg(interface, ENC28J60_REG_MABBIPG, 0x15); #else enc28j60WriteReg(interface, ENC28J60_REG_MABBIPG, 0x12); #endif enc28j60WriteReg(interface, ENC28J60_REG_MAIPGL, 0x12); enc28j60WriteReg(interface, ENC28J60_REG_MAIPGH, 0x0C); enc28j60WriteReg(interface, ENC28J60_REG_MACLCON2, 63); #if (ENC28J60_FULL_DUPLEX_SUPPORT == ENABLED) enc28j60WritePhyReg(interface, ENC28J60_PHY_REG_PHCON1, PHCON1_PDPXMD); #else enc28j60WritePhyReg(interface, ENC28J60_PHY_REG_PHCON1, 0x0000); #endif enc28j60WritePhyReg(interface, ENC28J60_PHY_REG_PHCON2, PHCON2_HDLDIS); enc28j60WritePhyReg(interface, ENC28J60_PHY_REG_PHLCON, PHLCON_LACFG(4) | PHLCON_LBCFG(7) | PHLCON_LFRQ(0) | PHLCON_STRCH); enc28j60WriteReg(interface, ENC28J60_REG_EIR, 0x00); enc28j60WriteReg(interface, ENC28J60_REG_EIE, EIE_INTIE | EIE_PKTIE | EIE_LINKIE | EIE_TXIE | EIE_TXERIE); enc28j60WritePhyReg(interface, ENC28J60_PHY_REG_PHIE, PHIE_PLNKIE | PHIE_PGEIE); enc28j60SetBit(interface, ENC28J60_REG_ECON1, ECON1_RXEN); enc28j60DumpReg(interface); enc28j60DumpPhyReg(interface); osSetEvent(&interface->nicTxEvent); interface->nicEvent = TRUE; osSetEvent(&netEvent); return NO_ERROR; }",visit repo url,drivers/eth/enc28j60_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,178287688405356,1 1676,CWE-362,"static long snd_timer_user_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { struct snd_timer_user *tu; void __user *argp = (void __user *)arg; int __user *p = argp; tu = file->private_data; switch (cmd) { case SNDRV_TIMER_IOCTL_PVERSION: return put_user(SNDRV_TIMER_VERSION, p) ? -EFAULT : 0; case SNDRV_TIMER_IOCTL_NEXT_DEVICE: return snd_timer_user_next_device(argp); case SNDRV_TIMER_IOCTL_TREAD: { int xarg; mutex_lock(&tu->tread_sem); if (tu->timeri) { mutex_unlock(&tu->tread_sem); return -EBUSY; } if (get_user(xarg, p)) { mutex_unlock(&tu->tread_sem); return -EFAULT; } tu->tread = xarg ? 1 : 0; mutex_unlock(&tu->tread_sem); return 0; } case SNDRV_TIMER_IOCTL_GINFO: return snd_timer_user_ginfo(file, argp); case SNDRV_TIMER_IOCTL_GPARAMS: return snd_timer_user_gparams(file, argp); case SNDRV_TIMER_IOCTL_GSTATUS: return snd_timer_user_gstatus(file, argp); case SNDRV_TIMER_IOCTL_SELECT: return snd_timer_user_tselect(file, argp); case SNDRV_TIMER_IOCTL_INFO: return snd_timer_user_info(file, argp); case SNDRV_TIMER_IOCTL_PARAMS: return snd_timer_user_params(file, argp); case SNDRV_TIMER_IOCTL_STATUS: return snd_timer_user_status(file, argp); case SNDRV_TIMER_IOCTL_START: case SNDRV_TIMER_IOCTL_START_OLD: return snd_timer_user_start(file); case SNDRV_TIMER_IOCTL_STOP: case SNDRV_TIMER_IOCTL_STOP_OLD: return snd_timer_user_stop(file); case SNDRV_TIMER_IOCTL_CONTINUE: case SNDRV_TIMER_IOCTL_CONTINUE_OLD: return snd_timer_user_continue(file); case SNDRV_TIMER_IOCTL_PAUSE: case SNDRV_TIMER_IOCTL_PAUSE_OLD: return snd_timer_user_pause(file); } return -ENOTTY; }",visit repo url,sound/core/timer.c,https://github.com/torvalds/linux,92292798933078,1 2916,['CWE-189'],"int jpc_enc_encpkts(jpc_enc_t *enc, jas_stream_t *out) { jpc_enc_tile_t *tile; jpc_pi_t *pi; tile = enc->curtile; jpc_init_t2state(enc, 0); pi = tile->pi; jpc_pi_init(pi); if (!jpc_pi_next(pi)) { for (;;) { if (jpc_enc_encpkt(enc, out, jpc_pi_cmptno(pi), jpc_pi_rlvlno(pi), jpc_pi_prcno(pi), jpc_pi_lyrno(pi))) { return -1; } if (jpc_pi_next(pi)) { break; } } } return 0; }",jasper,,,275691157376897767002202469619216438080,0 6378,CWE-20,"void dhcpAddOption(DhcpMessage *message, uint8_t optionCode, const void *optionValue, size_t optionLen) { size_t n; DhcpOption *option; n = 0; while(1) { option = (DhcpOption *) (message->options + n); if(option->code == DHCP_OPT_END) break; n += sizeof(DhcpOption) + option->length; } if(optionLen <= UINT8_MAX) { option = (DhcpOption *) (message->options + n); option->code = optionCode; option->length = (uint8_t) optionLen; osMemcpy(option->value, optionValue, optionLen); n += sizeof(DhcpOption) + option->length; option = (DhcpOption *) (message->options + n); option->code = DHCP_OPT_END; } }",visit repo url,dhcp/dhcp_common.c,https://github.com/Oryx-Embedded/CycloneTCP,150808532329094,1 2795,CWE-787,"static void nsc_encode_argb_to_aycocg(NSC_CONTEXT* context, const BYTE* data, UINT32 scanline) { UINT16 x; UINT16 y; UINT16 rw; BYTE ccl; const BYTE* src; BYTE* yplane = NULL; BYTE* coplane = NULL; BYTE* cgplane = NULL; BYTE* aplane = NULL; INT16 r_val; INT16 g_val; INT16 b_val; BYTE a_val; UINT32 tempWidth; tempWidth = ROUND_UP_TO(context->width, 8); rw = (context->ChromaSubsamplingLevel ? tempWidth : context->width); ccl = context->ColorLossLevel; for (y = 0; y < context->height; y++) { src = data + (context->height - 1 - y) * scanline; yplane = context->priv->PlaneBuffers[0] + y * rw; coplane = context->priv->PlaneBuffers[1] + y * rw; cgplane = context->priv->PlaneBuffers[2] + y * rw; aplane = context->priv->PlaneBuffers[3] + y * context->width; for (x = 0; x < context->width; x++) { switch (context->format) { case PIXEL_FORMAT_BGRX32: b_val = *src++; g_val = *src++; r_val = *src++; src++; a_val = 0xFF; break; case PIXEL_FORMAT_BGRA32: b_val = *src++; g_val = *src++; r_val = *src++; a_val = *src++; break; case PIXEL_FORMAT_RGBX32: r_val = *src++; g_val = *src++; b_val = *src++; src++; a_val = 0xFF; break; case PIXEL_FORMAT_RGBA32: r_val = *src++; g_val = *src++; b_val = *src++; a_val = *src++; break; case PIXEL_FORMAT_BGR24: b_val = *src++; g_val = *src++; r_val = *src++; a_val = 0xFF; break; case PIXEL_FORMAT_RGB24: r_val = *src++; g_val = *src++; b_val = *src++; a_val = 0xFF; break; case PIXEL_FORMAT_BGR16: b_val = (INT16)(((*(src + 1)) & 0xF8) | ((*(src + 1)) >> 5)); g_val = (INT16)((((*(src + 1)) & 0x07) << 5) | (((*src) & 0xE0) >> 3)); r_val = (INT16)((((*src) & 0x1F) << 3) | (((*src) >> 2) & 0x07)); a_val = 0xFF; src += 2; break; case PIXEL_FORMAT_RGB16: r_val = (INT16)(((*(src + 1)) & 0xF8) | ((*(src + 1)) >> 5)); g_val = (INT16)((((*(src + 1)) & 0x07) << 5) | (((*src) & 0xE0) >> 3)); b_val = (INT16)((((*src) & 0x1F) << 3) | (((*src) >> 2) & 0x07)); a_val = 0xFF; src += 2; break; case PIXEL_FORMAT_A4: { int shift; BYTE idx; shift = (7 - (x % 8)); idx = ((*src) >> shift) & 1; idx |= (((*(src + 1)) >> shift) & 1) << 1; idx |= (((*(src + 2)) >> shift) & 1) << 2; idx |= (((*(src + 3)) >> shift) & 1) << 3; idx *= 3; r_val = (INT16) context->palette[idx]; g_val = (INT16) context->palette[idx + 1]; b_val = (INT16) context->palette[idx + 2]; if (shift == 0) src += 4; } a_val = 0xFF; break; case PIXEL_FORMAT_RGB8: { int idx = (*src) * 3; r_val = (INT16) context->palette[idx]; g_val = (INT16) context->palette[idx + 1]; b_val = (INT16) context->palette[idx + 2]; src++; } a_val = 0xFF; break; default: r_val = g_val = b_val = a_val = 0; break; } *yplane++ = (BYTE)((r_val >> 2) + (g_val >> 1) + (b_val >> 2)); *coplane++ = (BYTE)((r_val - b_val) >> ccl); *cgplane++ = (BYTE)((-(r_val >> 1) + g_val - (b_val >> 1)) >> ccl); *aplane++ = a_val; } if (context->ChromaSubsamplingLevel && (x % 2) == 1) { *yplane = *(yplane - 1); *coplane = *(coplane - 1); *cgplane = *(cgplane - 1); } } if (context->ChromaSubsamplingLevel && (y % 2) == 1) { yplane = context->priv->PlaneBuffers[0] + y * rw; coplane = context->priv->PlaneBuffers[1] + y * rw; cgplane = context->priv->PlaneBuffers[2] + y * rw; CopyMemory(yplane, yplane - rw, rw); CopyMemory(coplane, coplane - rw, rw); CopyMemory(cgplane, cgplane - rw, rw); } }",visit repo url,libfreerdp/codec/nsc_encode.c,https://github.com/FreeRDP/FreeRDP,196372177013447,1 1110,CWE-362,"struct dst_entry *inet_csk_route_req(struct sock *sk, const struct request_sock *req) { struct rtable *rt; const struct inet_request_sock *ireq = inet_rsk(req); struct ip_options *opt = inet_rsk(req)->opt; struct net *net = sock_net(sk); struct flowi4 fl4; flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, sk->sk_protocol, inet_sk_flowi_flags(sk), (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, ireq->loc_addr, ireq->rmt_port, inet_sk(sk)->inet_sport); security_req_classify_flow(req, flowi4_to_flowi(&fl4)); rt = ip_route_output_flow(net, &fl4, sk); if (IS_ERR(rt)) goto no_route; if (opt && opt->is_strictroute && rt->rt_dst != rt->rt_gateway) goto route_err; return &rt->dst; route_err: ip_rt_put(rt); no_route: IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES); return NULL; }",visit repo url,net/ipv4/inet_connection_sock.c,https://github.com/torvalds/linux,269076706976984,1 68,['CWE-787'],"cirrus_hook_write_cr(CirrusVGAState * s, unsigned reg_index, int reg_value) { switch (reg_index) { case 0x00: case 0x01: case 0x02: case 0x03: case 0x04: case 0x05: case 0x06: case 0x07: case 0x08: case 0x09: case 0x0a: case 0x0b: case 0x0c: case 0x0d: case 0x0e: case 0x0f: case 0x10: case 0x11: case 0x12: case 0x13: case 0x14: case 0x15: case 0x16: case 0x17: case 0x18: return CIRRUS_HOOK_NOT_HANDLED; case 0x19: case 0x1a: case 0x1b: case 0x1c: case 0x1d: s->cr[reg_index] = reg_value; #ifdef DEBUG_CIRRUS printf(""cirrus: handled outport cr_index %02x, cr_value %02x\n"", reg_index, reg_value); #endif break; case 0x22: case 0x24: case 0x26: case 0x27: break; case 0x25: default: #ifdef DEBUG_CIRRUS printf(""cirrus: outport cr_index %02x, cr_value %02x\n"", reg_index, reg_value); #endif break; } return CIRRUS_HOOK_HANDLED; }",qemu,,,334272168429904375384323338064111134571,0 1886,CWE-416,"void gru_check_context_placement(struct gru_thread_state *gts) { struct gru_state *gru; gru = gts->ts_gru; if (!gru || gts->ts_tgid_owner != current->tgid) return; if (!gru_check_chiplet_assignment(gru, gts)) { STAT(check_context_unload); gru_unload_context(gts, 1); } else if (gru_retarget_intr(gts)) { STAT(check_context_retarget_intr); } }",visit repo url,drivers/misc/sgi-gru/grumain.c,https://github.com/torvalds/linux,158830209418207,1 4380,CWE-125,"static int get_exif_tag_dbl_value(struct iw_exif_state *e, unsigned int tag_pos, double *pv) { unsigned int field_type; unsigned int value_count; unsigned int value_pos; unsigned int numer, denom; field_type = iw_get_ui16_e(&e->d[tag_pos+2],e->endian); value_count = iw_get_ui32_e(&e->d[tag_pos+4],e->endian); if(value_count!=1) return 0; if(field_type!=5) return 0; value_pos = iw_get_ui32_e(&e->d[tag_pos+8],e->endian); if(value_pos > e->d_len-8) return 0; numer = iw_get_ui32_e(&e->d[value_pos ],e->endian); denom = iw_get_ui32_e(&e->d[value_pos+4],e->endian); if(denom==0) return 0; *pv = ((double)numer)/denom; return 1; }",visit repo url,src/imagew-jpeg.c,https://github.com/jsummers/imageworsener,72609735171069,1 6717,['CWE-310'],"nag_dialog_response_cb (GtkDialog *nag_dialog, gint response, gpointer user_data) { NMAWirelessDialog *wireless_dialog = NMA_WIRELESS_DIALOG (user_data); if (response == GTK_RESPONSE_NO) { nma_wireless_dialog_set_nag_ignored (wireless_dialog, TRUE); g_idle_add (wireless_dialog_close, wireless_dialog); } }",network-manager-applet,,,264783961701841616867123470763606842402,0 2263,NVD-CWE-Other,"int ext4_ext_get_blocks(handle_t *handle, struct inode *inode, ext4_lblk_t iblock, unsigned int max_blocks, struct buffer_head *bh_result, int flags) { struct ext4_ext_path *path = NULL; struct ext4_extent_header *eh; struct ext4_extent newex, *ex, *last_ex; ext4_fsblk_t newblock; int err = 0, depth, ret, cache_type; unsigned int allocated = 0; struct ext4_allocation_request ar; ext4_io_end_t *io = EXT4_I(inode)->cur_aio_dio; __clear_bit(BH_New, &bh_result->b_state); ext_debug(""blocks %u/%u requested for inode %lu\n"", iblock, max_blocks, inode->i_ino); cache_type = ext4_ext_in_cache(inode, iblock, &newex); if (cache_type) { if (cache_type == EXT4_EXT_CACHE_GAP) { if ((flags & EXT4_GET_BLOCKS_CREATE) == 0) { goto out2; } } else if (cache_type == EXT4_EXT_CACHE_EXTENT) { newblock = iblock - le32_to_cpu(newex.ee_block) + ext_pblock(&newex); allocated = ext4_ext_get_actual_len(&newex) - (iblock - le32_to_cpu(newex.ee_block)); goto out; } else { BUG(); } } path = ext4_ext_find_extent(inode, iblock, NULL); if (IS_ERR(path)) { err = PTR_ERR(path); path = NULL; goto out2; } depth = ext_depth(inode); if (path[depth].p_ext == NULL && depth != 0) { ext4_error(inode->i_sb, ""bad extent address "" ""inode: %lu, iblock: %d, depth: %d"", inode->i_ino, iblock, depth); err = -EIO; goto out2; } eh = path[depth].p_hdr; ex = path[depth].p_ext; if (ex) { ext4_lblk_t ee_block = le32_to_cpu(ex->ee_block); ext4_fsblk_t ee_start = ext_pblock(ex); unsigned short ee_len; ee_len = ext4_ext_get_actual_len(ex); if (iblock >= ee_block && iblock < ee_block + ee_len) { newblock = iblock - ee_block + ee_start; allocated = ee_len - (iblock - ee_block); ext_debug(""%u fit into %u:%d -> %llu\n"", iblock, ee_block, ee_len, newblock); if (!ext4_ext_is_uninitialized(ex)) { ext4_ext_put_in_cache(inode, ee_block, ee_len, ee_start, EXT4_EXT_CACHE_EXTENT); goto out; } ret = ext4_ext_handle_uninitialized_extents(handle, inode, iblock, max_blocks, path, flags, allocated, bh_result, newblock); return ret; } } if ((flags & EXT4_GET_BLOCKS_CREATE) == 0) { ext4_ext_put_gap_in_cache(inode, path, iblock); goto out2; } ar.lleft = iblock; err = ext4_ext_search_left(inode, path, &ar.lleft, &ar.pleft); if (err) goto out2; ar.lright = iblock; err = ext4_ext_search_right(inode, path, &ar.lright, &ar.pright); if (err) goto out2; if (max_blocks > EXT_INIT_MAX_LEN && !(flags & EXT4_GET_BLOCKS_UNINIT_EXT)) max_blocks = EXT_INIT_MAX_LEN; else if (max_blocks > EXT_UNINIT_MAX_LEN && (flags & EXT4_GET_BLOCKS_UNINIT_EXT)) max_blocks = EXT_UNINIT_MAX_LEN; newex.ee_block = cpu_to_le32(iblock); newex.ee_len = cpu_to_le16(max_blocks); err = ext4_ext_check_overlap(inode, &newex, path); if (err) allocated = ext4_ext_get_actual_len(&newex); else allocated = max_blocks; ar.inode = inode; ar.goal = ext4_ext_find_goal(inode, path, iblock); ar.logical = iblock; ar.len = allocated; if (S_ISREG(inode->i_mode)) ar.flags = EXT4_MB_HINT_DATA; else ar.flags = 0; newblock = ext4_mb_new_blocks(handle, &ar, &err); if (!newblock) goto out2; ext_debug(""allocate new block: goal %llu, found %llu/%u\n"", ar.goal, newblock, allocated); ext4_ext_store_pblock(&newex, newblock); newex.ee_len = cpu_to_le16(ar.len); if (flags & EXT4_GET_BLOCKS_UNINIT_EXT){ ext4_ext_mark_uninitialized(&newex); if (flags == EXT4_GET_BLOCKS_PRE_IO) { if (io) io->flag = EXT4_IO_UNWRITTEN; else ext4_set_inode_state(inode, EXT4_STATE_DIO_UNWRITTEN); } } if (unlikely(EXT4_I(inode)->i_flags & EXT4_EOFBLOCKS_FL)) { if (eh->eh_entries) { last_ex = EXT_LAST_EXTENT(eh); if (iblock + ar.len > le32_to_cpu(last_ex->ee_block) + ext4_ext_get_actual_len(last_ex)) EXT4_I(inode)->i_flags &= ~EXT4_EOFBLOCKS_FL; } else { WARN_ON(eh->eh_entries == 0); ext4_error(inode->i_sb, __func__, ""inode#%lu, eh->eh_entries = 0!"", inode->i_ino); } } err = ext4_ext_insert_extent(handle, inode, path, &newex, flags); if (err) { ext4_discard_preallocations(inode); ext4_free_blocks(handle, inode, 0, ext_pblock(&newex), ext4_ext_get_actual_len(&newex), 0); goto out2; } newblock = ext_pblock(&newex); allocated = ext4_ext_get_actual_len(&newex); if (allocated > max_blocks) allocated = max_blocks; set_buffer_new(bh_result); if (flags & EXT4_GET_BLOCKS_DELALLOC_RESERVE) ext4_da_update_reserve_space(inode, allocated, 1); if ((flags & EXT4_GET_BLOCKS_UNINIT_EXT) == 0) { ext4_ext_put_in_cache(inode, iblock, allocated, newblock, EXT4_EXT_CACHE_EXTENT); ext4_update_inode_fsync_trans(handle, inode, 1); } else ext4_update_inode_fsync_trans(handle, inode, 0); out: if (allocated > max_blocks) allocated = max_blocks; ext4_ext_show_leaf(inode, path); set_buffer_mapped(bh_result); bh_result->b_bdev = inode->i_sb->s_bdev; bh_result->b_blocknr = newblock; out2: if (path) { ext4_ext_drop_refs(path); kfree(path); } return err ? err : allocated; }",visit repo url,fs/ext4/extents.c,https://github.com/torvalds/linux,141915851650051,1 681,[],"static int jpc_com_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) { jpc_com_t *com = &ms->parms.com; cstate = 0; if (jpc_putuint16(out, com->regid)) { return -1; } if (jas_stream_write(out, com->data, com->len) != JAS_CAST(int, com->len)) { return -1; } return 0; }",jasper,,,232820046303235646271231108700747727946,0 5453,['CWE-476'],"int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) { unsigned long nr, a0, a1, a2, a3, ret; int r = 1; nr = kvm_register_read(vcpu, VCPU_REGS_RAX); a0 = kvm_register_read(vcpu, VCPU_REGS_RBX); a1 = kvm_register_read(vcpu, VCPU_REGS_RCX); a2 = kvm_register_read(vcpu, VCPU_REGS_RDX); a3 = kvm_register_read(vcpu, VCPU_REGS_RSI); KVMTRACE_1D(VMMCALL, vcpu, (u32)nr, handler); if (!is_long_mode(vcpu)) { nr &= 0xFFFFFFFF; a0 &= 0xFFFFFFFF; a1 &= 0xFFFFFFFF; a2 &= 0xFFFFFFFF; a3 &= 0xFFFFFFFF; } switch (nr) { case KVM_HC_VAPIC_POLL_IRQ: ret = 0; break; case KVM_HC_MMU_OP: r = kvm_pv_mmu_op(vcpu, a0, hc_gpa(vcpu, a1, a2), &ret); break; default: ret = -KVM_ENOSYS; break; } kvm_register_write(vcpu, VCPU_REGS_RAX, ret); ++vcpu->stat.hypercalls; return r; }",linux-2.6,,,57854538620822951151951834153450506462,0 2473,CWE-119,"log2vis_unicode (PyObject * unicode, FriBidiParType base_direction, int clean, int reordernsm) { PyObject *logical = NULL; PyObject *visual = NULL; PyObject *result = NULL; int length = PyUnicode_GET_SIZE (unicode); logical = PyUnicode_AsUTF8String (unicode); if (logical == NULL) goto cleanup; visual = log2vis_utf8 (logical, length, base_direction, clean, reordernsm); if (visual == NULL) goto cleanup; result = PyUnicode_DecodeUTF8 (PyString_AS_STRING (visual), PyString_GET_SIZE (visual), ""strict""); cleanup: Py_XDECREF (logical); Py_XDECREF (visual); return result; }",visit repo url,pyfribidi.c,https://github.com/pediapress/pyfribidi,221921981218839,1 420,[],"pfm_buf_fmt_init(pfm_buffer_fmt_t *fmt, struct task_struct *task, void *buf, unsigned int flags, int cpu, void *arg) { int ret = 0; if (fmt->fmt_init) ret = (*fmt->fmt_init)(task, buf, flags, cpu, arg); return ret; }",linux-2.6,,,173447176555693469392245450997377160563,0 3094,['CWE-189'],"jpc_ppxstab_t *jpc_ppxstab_create() { jpc_ppxstab_t *tab; if (!(tab = jas_malloc(sizeof(jpc_ppxstab_t)))) { return 0; } tab->numents = 0; tab->maxents = 0; tab->ents = 0; return tab; }",jasper,,,41935683578717221604960299554786606799,0 517,CWE-119,"static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) { struct bpf_reg_state *regs = cur_regs(env); u8 opcode = BPF_OP(insn->code); int err; if (opcode == BPF_END || opcode == BPF_NEG) { if (opcode == BPF_NEG) { if (BPF_SRC(insn->code) != 0 || insn->src_reg != BPF_REG_0 || insn->off != 0 || insn->imm != 0) { verbose(env, ""BPF_NEG uses reserved fields\n""); return -EINVAL; } } else { if (insn->src_reg != BPF_REG_0 || insn->off != 0 || (insn->imm != 16 && insn->imm != 32 && insn->imm != 64) || BPF_CLASS(insn->code) == BPF_ALU64) { verbose(env, ""BPF_END uses reserved fields\n""); return -EINVAL; } } err = check_reg_arg(env, insn->dst_reg, SRC_OP); if (err) return err; if (is_pointer_value(env, insn->dst_reg)) { verbose(env, ""R%d pointer arithmetic prohibited\n"", insn->dst_reg); return -EACCES; } err = check_reg_arg(env, insn->dst_reg, DST_OP); if (err) return err; } else if (opcode == BPF_MOV) { if (BPF_SRC(insn->code) == BPF_X) { if (insn->imm != 0 || insn->off != 0) { verbose(env, ""BPF_MOV uses reserved fields\n""); return -EINVAL; } err = check_reg_arg(env, insn->src_reg, SRC_OP); if (err) return err; } else { if (insn->src_reg != BPF_REG_0 || insn->off != 0) { verbose(env, ""BPF_MOV uses reserved fields\n""); return -EINVAL; } } err = check_reg_arg(env, insn->dst_reg, DST_OP); if (err) return err; if (BPF_SRC(insn->code) == BPF_X) { if (BPF_CLASS(insn->code) == BPF_ALU64) { regs[insn->dst_reg] = regs[insn->src_reg]; regs[insn->dst_reg].live |= REG_LIVE_WRITTEN; } else { if (is_pointer_value(env, insn->src_reg)) { verbose(env, ""R%d partial copy of pointer\n"", insn->src_reg); return -EACCES; } mark_reg_unknown(env, regs, insn->dst_reg); regs[insn->dst_reg].var_off = tnum_cast( regs[insn->dst_reg].var_off, 4); __update_reg_bounds(®s[insn->dst_reg]); } } else { regs[insn->dst_reg].type = SCALAR_VALUE; __mark_reg_known(regs + insn->dst_reg, insn->imm); } } else if (opcode > BPF_END) { verbose(env, ""invalid BPF_ALU opcode %x\n"", opcode); return -EINVAL; } else { if (BPF_SRC(insn->code) == BPF_X) { if (insn->imm != 0 || insn->off != 0) { verbose(env, ""BPF_ALU uses reserved fields\n""); return -EINVAL; } err = check_reg_arg(env, insn->src_reg, SRC_OP); if (err) return err; } else { if (insn->src_reg != BPF_REG_0 || insn->off != 0) { verbose(env, ""BPF_ALU uses reserved fields\n""); return -EINVAL; } } err = check_reg_arg(env, insn->dst_reg, SRC_OP); if (err) return err; if ((opcode == BPF_MOD || opcode == BPF_DIV) && BPF_SRC(insn->code) == BPF_K && insn->imm == 0) { verbose(env, ""div by zero\n""); return -EINVAL; } if ((opcode == BPF_LSH || opcode == BPF_RSH || opcode == BPF_ARSH) && BPF_SRC(insn->code) == BPF_K) { int size = BPF_CLASS(insn->code) == BPF_ALU64 ? 64 : 32; if (insn->imm < 0 || insn->imm >= size) { verbose(env, ""invalid shift %d\n"", insn->imm); return -EINVAL; } } err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); if (err) return err; return adjust_reg_min_max_vals(env, insn); } return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,211059236548451,1 1887,CWE-125,"void *wilc_parse_join_bss_param(struct cfg80211_bss *bss, struct cfg80211_crypto_settings *crypto) { struct wilc_join_bss_param *param; struct ieee80211_p2p_noa_attr noa_attr; u8 rates_len = 0; const u8 *tim_elm, *ssid_elm, *rates_ie, *supp_rates_ie; const u8 *ht_ie, *wpa_ie, *wmm_ie, *rsn_ie; int ret; const struct cfg80211_bss_ies *ies = rcu_dereference(bss->ies); param = kzalloc(sizeof(*param), GFP_KERNEL); if (!param) return NULL; param->beacon_period = cpu_to_le16(bss->beacon_interval); param->cap_info = cpu_to_le16(bss->capability); param->bss_type = WILC_FW_BSS_TYPE_INFRA; param->ch = ieee80211_frequency_to_channel(bss->channel->center_freq); ether_addr_copy(param->bssid, bss->bssid); ssid_elm = cfg80211_find_ie(WLAN_EID_SSID, ies->data, ies->len); if (ssid_elm) { if (ssid_elm[1] <= IEEE80211_MAX_SSID_LEN) memcpy(param->ssid, ssid_elm + 2, ssid_elm[1]); } tim_elm = cfg80211_find_ie(WLAN_EID_TIM, ies->data, ies->len); if (tim_elm && tim_elm[1] >= 2) param->dtim_period = tim_elm[3]; memset(param->p_suites, 0xFF, 3); memset(param->akm_suites, 0xFF, 3); rates_ie = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies->data, ies->len); if (rates_ie) { rates_len = rates_ie[1]; if (rates_len > WILC_MAX_RATES_SUPPORTED) rates_len = WILC_MAX_RATES_SUPPORTED; param->supp_rates[0] = rates_len; memcpy(¶m->supp_rates[1], rates_ie + 2, rates_len); } if (rates_len < WILC_MAX_RATES_SUPPORTED) { supp_rates_ie = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies->data, ies->len); if (supp_rates_ie) { u8 ext_rates = supp_rates_ie[1]; if (ext_rates > (WILC_MAX_RATES_SUPPORTED - rates_len)) param->supp_rates[0] = WILC_MAX_RATES_SUPPORTED; else param->supp_rates[0] += ext_rates; memcpy(¶m->supp_rates[rates_len + 1], supp_rates_ie + 2, (param->supp_rates[0] - rates_len)); } } ht_ie = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies->data, ies->len); if (ht_ie) param->ht_capable = true; ret = cfg80211_get_p2p_attr(ies->data, ies->len, IEEE80211_P2P_ATTR_ABSENCE_NOTICE, (u8 *)&noa_attr, sizeof(noa_attr)); if (ret > 0) { param->tsf_lo = cpu_to_le32(ies->tsf); param->noa_enabled = 1; param->idx = noa_attr.index; if (noa_attr.oppps_ctwindow & IEEE80211_P2P_OPPPS_ENABLE_BIT) { param->opp_enabled = 1; param->opp_en.ct_window = noa_attr.oppps_ctwindow; param->opp_en.cnt = noa_attr.desc[0].count; param->opp_en.duration = noa_attr.desc[0].duration; param->opp_en.interval = noa_attr.desc[0].interval; param->opp_en.start_time = noa_attr.desc[0].start_time; } else { param->opp_enabled = 0; param->opp_dis.cnt = noa_attr.desc[0].count; param->opp_dis.duration = noa_attr.desc[0].duration; param->opp_dis.interval = noa_attr.desc[0].interval; param->opp_dis.start_time = noa_attr.desc[0].start_time; } } wmm_ie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT, WLAN_OUI_TYPE_MICROSOFT_WMM, ies->data, ies->len); if (wmm_ie) { struct ieee80211_wmm_param_ie *ie; ie = (struct ieee80211_wmm_param_ie *)wmm_ie; if ((ie->oui_subtype == 0 || ie->oui_subtype == 1) && ie->version == 1) { param->wmm_cap = true; if (ie->qos_info & BIT(7)) param->uapsd_cap = true; } } wpa_ie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT, WLAN_OUI_TYPE_MICROSOFT_WPA, ies->data, ies->len); if (wpa_ie) { param->mode_802_11i = 1; param->rsn_found = true; } rsn_ie = cfg80211_find_ie(WLAN_EID_RSN, ies->data, ies->len); if (rsn_ie) { int offset = 8; param->mode_802_11i = 2; param->rsn_found = true; offset += (rsn_ie[offset] * 4) + 2; offset += (rsn_ie[offset] * 4) + 2; memcpy(param->rsn_cap, &rsn_ie[offset], 2); } if (param->rsn_found) { int i; param->rsn_grp_policy = crypto->cipher_group & 0xFF; for (i = 0; i < crypto->n_ciphers_pairwise && i < 3; i++) param->p_suites[i] = crypto->ciphers_pairwise[i] & 0xFF; for (i = 0; i < crypto->n_akm_suites && i < 3; i++) param->akm_suites[i] = crypto->akm_suites[i] & 0xFF; } return (void *)param; }",visit repo url,drivers/net/wireless/microchip/wilc1000/hif.c,https://github.com/torvalds/linux,119842945295877,1 1547,[],"static inline u64 global_rt_period(void) { return (u64)sysctl_sched_rt_period * NSEC_PER_USEC; }",linux-2.6,,,97579893997648016083589586246707542683,0 4766,CWE-119,"decrypt_response(struct sc_card *card, unsigned char *in, size_t inlen, unsigned char *out, size_t * out_len) { size_t cipher_len; size_t i; unsigned char iv[16] = { 0 }; unsigned char plaintext[4096] = { 0 }; epass2003_exdata *exdata = NULL; if (!card->drv_data) return SC_ERROR_INVALID_ARGUMENTS; exdata = (epass2003_exdata *)card->drv_data; if (in[0] == 0x99) return 0; if (0x01 == in[2] && 0x82 != in[1]) { cipher_len = in[1]; i = 3; } else if (0x01 == in[3] && 0x81 == in[1]) { cipher_len = in[2]; i = 4; } else if (0x01 == in[4] && 0x82 == in[1]) { cipher_len = in[2] * 0x100; cipher_len += in[3]; i = 5; } else { return -1; } if (cipher_len < 2 || i+cipher_len > inlen || cipher_len > sizeof plaintext) return -1; if (KEY_TYPE_AES == exdata->smtype) aes128_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); else des3_decrypt_cbc(exdata->sk_enc, 16, iv, &in[i], cipher_len - 1, plaintext); while (0x80 != plaintext[cipher_len - 2] && (cipher_len - 2 > 0)) cipher_len--; if (2 == cipher_len) return -1; memcpy(out, plaintext, cipher_len - 2); *out_len = cipher_len - 2; return 0; }",visit repo url,src/libopensc/card-epass2003.c,https://github.com/OpenSC/OpenSC,28476847865282,1 2785,['CWE-264'],"sbni_start_xmit( struct sk_buff *skb, struct net_device *dev ) { struct net_device *p; netif_stop_queue( dev ); for( p = dev; p; ) { struct net_local *nl = (struct net_local *) p->priv; spin_lock( &nl->lock ); if( nl->tx_buf_p || (nl->state & FL_LINE_DOWN) ) { p = nl->link; spin_unlock( &nl->lock ); } else { prepare_to_send( skb, p ); spin_unlock( &nl->lock ); netif_start_queue( dev ); return 0; } } return 1; }",linux-2.6,,,225283583690293156815209471351681753393,0 2938,CWE-59,"static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type) { size_t bufsz = strlen(root) + sizeof(""/sys/fs/cgroup""); char *path = NULL; char **parts = NULL; char *dirname = NULL; char *abs_path = NULL; char *abs_path2 = NULL; struct cgfs_data *cgfs_d; struct cgroup_process_info *info, *base_info; int r, saved_errno = 0; cgfs_d = hdata; if (!cgfs_d) return false; base_info = cgfs_d->info; if (type == LXC_AUTO_CGROUP_FULL_NOSPEC) type = LXC_AUTO_CGROUP_FULL_MIXED; else if (type == LXC_AUTO_CGROUP_NOSPEC) type = LXC_AUTO_CGROUP_MIXED; if (type < LXC_AUTO_CGROUP_RO || type > LXC_AUTO_CGROUP_FULL_MIXED) { ERROR(""could not mount cgroups into container: invalid type specified internally""); errno = EINVAL; return false; } path = calloc(1, bufsz); if (!path) return false; snprintf(path, bufsz, ""%s/sys/fs/cgroup"", root); r = mount(""cgroup_root"", path, ""tmpfs"", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_RELATIME, ""size=10240k,mode=755""); if (r < 0) { SYSERROR(""could not mount tmpfs to /sys/fs/cgroup in the container""); return false; } for (info = base_info; info; info = info->next) { size_t subsystem_count, i; struct cgroup_mount_point *mp = info->designated_mount_point; if (!mp) mp = lxc_cgroup_find_mount_point(info->hierarchy, info->cgroup_path, true); if (!mp) { SYSERROR(""could not find original mount point for cgroup hierarchy while trying to mount cgroup filesystem""); goto out_error; } subsystem_count = lxc_array_len((void **)info->hierarchy->subsystems); parts = calloc(subsystem_count + 1, sizeof(char *)); if (!parts) goto out_error; for (i = 0; i < subsystem_count; i++) { if (!strncmp(info->hierarchy->subsystems[i], ""name="", 5)) parts[i] = info->hierarchy->subsystems[i] + 5; else parts[i] = info->hierarchy->subsystems[i]; } dirname = lxc_string_join("","", (const char **)parts, false); if (!dirname) goto out_error; abs_path = lxc_append_paths(path, dirname); if (!abs_path) goto out_error; r = mkdir_p(abs_path, 0755); if (r < 0 && errno != EEXIST) { SYSERROR(""could not create cgroup subsystem directory /sys/fs/cgroup/%s"", dirname); goto out_error; } abs_path2 = lxc_append_paths(abs_path, info->cgroup_path); if (!abs_path2) goto out_error; if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_FULL_RW || type == LXC_AUTO_CGROUP_FULL_MIXED) { if (strcmp(mp->mount_prefix, ""/"") != 0) { ERROR(""could not automatically mount cgroup-full to /sys/fs/cgroup/%s: host has no mount point for this cgroup filesystem that has access to the root cgroup"", dirname); goto out_error; } r = mount(mp->mount_point, abs_path, ""none"", MS_BIND, 0); if (r < 0) { SYSERROR(""error bind-mounting %s to %s"", mp->mount_point, abs_path); goto out_error; } if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_FULL_MIXED) { r = mount(NULL, abs_path, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL); if (r < 0) { SYSERROR(""error re-mounting %s readonly"", abs_path); goto out_error; } } if (type == LXC_AUTO_CGROUP_FULL_MIXED) { r = mount(abs_path2, abs_path2, NULL, MS_BIND, NULL); if (r < 0) { SYSERROR(""error bind-mounting %s onto itself"", abs_path2); goto out_error; } r = mount(NULL, abs_path2, NULL, MS_REMOUNT|MS_BIND, NULL); if (r < 0) { SYSERROR(""error re-mounting %s readwrite"", abs_path2); goto out_error; } } } else { r = mkdir_p(abs_path2, 0755); if (r < 0 && errno != EEXIST) { SYSERROR(""could not create cgroup directory /sys/fs/cgroup/%s%s"", dirname, info->cgroup_path); goto out_error; } if (type == LXC_AUTO_CGROUP_MIXED || type == LXC_AUTO_CGROUP_RO) { r = mount(abs_path, abs_path, NULL, MS_BIND, NULL); if (r < 0) { SYSERROR(""error bind-mounting %s onto itself"", abs_path); goto out_error; } r = mount(NULL, abs_path, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL); if (r < 0) { SYSERROR(""error re-mounting %s readonly"", abs_path); goto out_error; } } free(abs_path); abs_path = NULL; abs_path = cgroup_to_absolute_path(mp, info->cgroup_path, NULL); if (!abs_path) goto out_error; r = mount(abs_path, abs_path2, ""none"", MS_BIND, 0); if (r < 0) { SYSERROR(""error bind-mounting %s to %s"", abs_path, abs_path2); goto out_error; } if (type == LXC_AUTO_CGROUP_RO) { r = mount(NULL, abs_path2, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL); if (r < 0) { SYSERROR(""error re-mounting %s readonly"", abs_path2); goto out_error; } } } free(abs_path); free(abs_path2); abs_path = NULL; abs_path2 = NULL; if (subsystem_count > 1) { for (i = 0; i < subsystem_count; i++) { abs_path = lxc_append_paths(path, parts[i]); if (!abs_path) goto out_error; r = symlink(dirname, abs_path); if (r < 0) WARN(""could not create symlink %s -> %s in /sys/fs/cgroup of container"", parts[i], dirname); free(abs_path); abs_path = NULL; } } free(dirname); free(parts); dirname = NULL; parts = NULL; } free(path); return true; out_error: saved_errno = errno; free(path); free(dirname); free(parts); free(abs_path); free(abs_path2); errno = saved_errno; return false; }",visit repo url,src/lxc/cgfs.c,https://github.com/lxc/lxc,80805195254098,1 6758,['CWE-310'],"utils_get_device_description (NMDevice *device) { char *description = NULL; const char *dev_product; const char *dev_vendor; char *product = NULL; char *vendor = NULL; GString *str; g_return_val_if_fail (device != NULL, NULL); description = g_object_get_data (G_OBJECT (device), DESC_TAG); if (description) return description; dev_product = nm_device_get_product (device); dev_vendor = nm_device_get_vendor (device); if (!dev_product || !dev_vendor) return NULL; product = fixup_desc_string (dev_product); vendor = fixup_desc_string (dev_vendor); str = g_string_new_len (NULL, strlen (vendor) + strlen (product) + 1); g_string_append (str, vendor); g_free (vendor); g_string_append_c (str, ' '); g_string_append (str, product); g_free (product); description = str->str; g_string_free (str, FALSE); g_object_set_data_full (G_OBJECT (device), ""description"", description, (GDestroyNotify) g_free); return description; }",network-manager-applet,,,335056643742672513646328978251635403540,0 6302,CWE-295,"static LUA_FUNCTION(openssl_x509_check_host) { X509 * cert = CHECK_OBJECT(1, X509, ""openssl.x509""); if (lua_isstring(L, 2)) { const char *hostname = lua_tostring(L, 2); lua_pushboolean(L, X509_check_host(cert, hostname, strlen(hostname), 0, NULL)); } else { lua_pushboolean(L, 0); } return 1; }",visit repo url,src/x509.c,https://github.com/zhaozg/lua-openssl,278207813030551,1 515,CWE-362,"struct net *get_net_ns_by_id(struct net *net, int id) { struct net *peer; if (id < 0) return NULL; rcu_read_lock(); spin_lock_bh(&net->nsid_lock); peer = idr_find(&net->netns_ids, id); if (peer) get_net(peer); spin_unlock_bh(&net->nsid_lock); rcu_read_unlock(); return peer; }",visit repo url,net/core/net_namespace.c,https://github.com/torvalds/linux,40921150088524,1 1315,CWE-119,"int sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) { struct sock *sk = sock->sk; int val; int valbool; struct linger ling; int ret = 0; if (optname == SO_BINDTODEVICE) return sock_bindtodevice(sk, optval, optlen); if (optlen < sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; valbool = val ? 1 : 0; lock_sock(sk); switch (optname) { case SO_DEBUG: if (val && !capable(CAP_NET_ADMIN)) ret = -EACCES; else sock_valbool_flag(sk, SOCK_DBG, valbool); break; case SO_REUSEADDR: sk->sk_reuse = (valbool ? SK_CAN_REUSE : SK_NO_REUSE); break; case SO_TYPE: case SO_PROTOCOL: case SO_DOMAIN: case SO_ERROR: ret = -ENOPROTOOPT; break; case SO_DONTROUTE: sock_valbool_flag(sk, SOCK_LOCALROUTE, valbool); break; case SO_BROADCAST: sock_valbool_flag(sk, SOCK_BROADCAST, valbool); break; case SO_SNDBUF: if (val > sysctl_wmem_max) val = sysctl_wmem_max; set_sndbuf: sk->sk_userlocks |= SOCK_SNDBUF_LOCK; if ((val * 2) < SOCK_MIN_SNDBUF) sk->sk_sndbuf = SOCK_MIN_SNDBUF; else sk->sk_sndbuf = val * 2; sk->sk_write_space(sk); break; case SO_SNDBUFFORCE: if (!capable(CAP_NET_ADMIN)) { ret = -EPERM; break; } goto set_sndbuf; case SO_RCVBUF: if (val > sysctl_rmem_max) val = sysctl_rmem_max; set_rcvbuf: sk->sk_userlocks |= SOCK_RCVBUF_LOCK; if ((val * 2) < SOCK_MIN_RCVBUF) sk->sk_rcvbuf = SOCK_MIN_RCVBUF; else sk->sk_rcvbuf = val * 2; break; case SO_RCVBUFFORCE: if (!capable(CAP_NET_ADMIN)) { ret = -EPERM; break; } goto set_rcvbuf; case SO_KEEPALIVE: #ifdef CONFIG_INET if (sk->sk_protocol == IPPROTO_TCP) tcp_set_keepalive(sk, valbool); #endif sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool); break; case SO_OOBINLINE: sock_valbool_flag(sk, SOCK_URGINLINE, valbool); break; case SO_NO_CHECK: sk->sk_no_check = valbool; break; case SO_PRIORITY: if ((val >= 0 && val <= 6) || capable(CAP_NET_ADMIN)) sk->sk_priority = val; else ret = -EPERM; break; case SO_LINGER: if (optlen < sizeof(ling)) { ret = -EINVAL; break; } if (copy_from_user(&ling, optval, sizeof(ling))) { ret = -EFAULT; break; } if (!ling.l_onoff) sock_reset_flag(sk, SOCK_LINGER); else { #if (BITS_PER_LONG == 32) if ((unsigned int)ling.l_linger >= MAX_SCHEDULE_TIMEOUT/HZ) sk->sk_lingertime = MAX_SCHEDULE_TIMEOUT; else #endif sk->sk_lingertime = (unsigned int)ling.l_linger * HZ; sock_set_flag(sk, SOCK_LINGER); } break; case SO_BSDCOMPAT: sock_warn_obsolete_bsdism(""setsockopt""); break; case SO_PASSCRED: if (valbool) set_bit(SOCK_PASSCRED, &sock->flags); else clear_bit(SOCK_PASSCRED, &sock->flags); break; case SO_TIMESTAMP: case SO_TIMESTAMPNS: if (valbool) { if (optname == SO_TIMESTAMP) sock_reset_flag(sk, SOCK_RCVTSTAMPNS); else sock_set_flag(sk, SOCK_RCVTSTAMPNS); sock_set_flag(sk, SOCK_RCVTSTAMP); sock_enable_timestamp(sk, SOCK_TIMESTAMP); } else { sock_reset_flag(sk, SOCK_RCVTSTAMP); sock_reset_flag(sk, SOCK_RCVTSTAMPNS); } break; case SO_TIMESTAMPING: if (val & ~SOF_TIMESTAMPING_MASK) { ret = -EINVAL; break; } sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE, val & SOF_TIMESTAMPING_TX_HARDWARE); sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_SOFTWARE, val & SOF_TIMESTAMPING_TX_SOFTWARE); sock_valbool_flag(sk, SOCK_TIMESTAMPING_RX_HARDWARE, val & SOF_TIMESTAMPING_RX_HARDWARE); if (val & SOF_TIMESTAMPING_RX_SOFTWARE) sock_enable_timestamp(sk, SOCK_TIMESTAMPING_RX_SOFTWARE); else sock_disable_timestamp(sk, (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE)); sock_valbool_flag(sk, SOCK_TIMESTAMPING_SOFTWARE, val & SOF_TIMESTAMPING_SOFTWARE); sock_valbool_flag(sk, SOCK_TIMESTAMPING_SYS_HARDWARE, val & SOF_TIMESTAMPING_SYS_HARDWARE); sock_valbool_flag(sk, SOCK_TIMESTAMPING_RAW_HARDWARE, val & SOF_TIMESTAMPING_RAW_HARDWARE); break; case SO_RCVLOWAT: if (val < 0) val = INT_MAX; sk->sk_rcvlowat = val ? : 1; break; case SO_RCVTIMEO: ret = sock_set_timeout(&sk->sk_rcvtimeo, optval, optlen); break; case SO_SNDTIMEO: ret = sock_set_timeout(&sk->sk_sndtimeo, optval, optlen); break; case SO_ATTACH_FILTER: ret = -EINVAL; if (optlen == sizeof(struct sock_fprog)) { struct sock_fprog fprog; ret = -EFAULT; if (copy_from_user(&fprog, optval, sizeof(fprog))) break; ret = sk_attach_filter(&fprog, sk); } break; case SO_DETACH_FILTER: ret = sk_detach_filter(sk); break; case SO_PASSSEC: if (valbool) set_bit(SOCK_PASSSEC, &sock->flags); else clear_bit(SOCK_PASSSEC, &sock->flags); break; case SO_MARK: if (!capable(CAP_NET_ADMIN)) ret = -EPERM; else sk->sk_mark = val; break; case SO_RXQ_OVFL: sock_valbool_flag(sk, SOCK_RXQ_OVFL, valbool); break; case SO_WIFI_STATUS: sock_valbool_flag(sk, SOCK_WIFI_STATUS, valbool); break; case SO_PEEK_OFF: if (sock->ops->set_peek_off) sock->ops->set_peek_off(sk, val); else ret = -EOPNOTSUPP; break; case SO_NOFCS: sock_valbool_flag(sk, SOCK_NOFCS, valbool); break; default: ret = -ENOPROTOOPT; break; } release_sock(sk); return ret; }",visit repo url,net/core/sock.c,https://github.com/torvalds/linux,279307653481760,1 3233,['CWE-189'],"jas_stream_t *jpc_streamlist_remove(jpc_streamlist_t *streamlist, int streamno) { jas_stream_t *stream; int i; if (streamno >= streamlist->numstreams) { abort(); } stream = streamlist->streams[streamno]; for (i = streamno + 1; i < streamlist->numstreams; ++i) { streamlist->streams[i - 1] = streamlist->streams[i]; } --streamlist->numstreams; return stream; }",jasper,,,202778682996544519932507601869293950412,0 5054,CWE-787,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 3124,CWE-119,"bool initiate_stratum(struct pool *pool) { bool ret = false, recvd = false, noresume = false, sockd = false; char s[RBUFSIZE], *sret = NULL, *nonce1, *sessionid; json_t *val = NULL, *res_val, *err_val; json_error_t err; int n2size; resend: if (!setup_stratum_socket(pool)) { applog(LOG_INFO, ""setup_stratum_socket() on %s failed"", get_pool_name(pool)); sockd = false; goto out; } sockd = true; if (recvd) { clear_sock(pool); sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": []}"", swork_id++); } else { if (pool->sessionid) sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": [\""""PACKAGE""/""VERSION""\"", \""%s\""]}"", swork_id++, pool->sessionid); else sprintf(s, ""{\""id\"": %d, \""method\"": \""mining.subscribe\"", \""params\"": [\""""PACKAGE""/""VERSION""\""]}"", swork_id++); } if (__stratum_send(pool, s, strlen(s)) != SEND_OK) { applog(LOG_DEBUG, ""Failed to send s in initiate_stratum""); goto out; } if (!socket_full(pool, DEFAULT_SOCKWAIT)) { applog(LOG_DEBUG, ""Timed out waiting for response in initiate_stratum""); goto out; } sret = recv_line(pool); if (!sret) goto out; recvd = true; val = JSON_LOADS(sret, &err); free(sret); if (!val) { applog(LOG_INFO, ""JSON decode failed(%d): %s"", err.line, err.text); goto out; } res_val = json_object_get(val, ""result""); err_val = json_object_get(val, ""error""); if (!res_val || json_is_null(res_val) || (err_val && !json_is_null(err_val))) { char *ss; if (err_val) ss = json_dumps(err_val, JSON_INDENT(3)); else ss = strdup(""(unknown reason)""); applog(LOG_INFO, ""JSON-RPC decode failed: %s"", ss); free(ss); goto out; } sessionid = get_sessionid(res_val); if (!sessionid) applog(LOG_DEBUG, ""Failed to get sessionid in initiate_stratum""); nonce1 = json_array_string(res_val, 1); if (!nonce1) { applog(LOG_INFO, ""Failed to get nonce1 in initiate_stratum""); free(sessionid); goto out; } n2size = json_integer_value(json_array_get(res_val, 2)); if (!n2size) { applog(LOG_INFO, ""Failed to get n2size in initiate_stratum""); free(sessionid); free(nonce1); goto out; } cg_wlock(&pool->data_lock); pool->sessionid = sessionid; pool->nonce1 = nonce1; pool->n1_len = strlen(nonce1) / 2; free(pool->nonce1bin); pool->nonce1bin = (unsigned char *)calloc(pool->n1_len, 1); if (unlikely(!pool->nonce1bin)) quithere(1, ""Failed to calloc pool->nonce1bin""); hex2bin(pool->nonce1bin, pool->nonce1, pool->n1_len); pool->n2size = n2size; cg_wunlock(&pool->data_lock); if (sessionid) applog(LOG_DEBUG, ""%s stratum session id: %s"", get_pool_name(pool), pool->sessionid); ret = true; out: if (ret) { if (!pool->stratum_url) pool->stratum_url = pool->sockaddr_url; pool->stratum_active = true; pool->swork.diff = 1; if (opt_protocol) { applog(LOG_DEBUG, ""%s confirmed mining.subscribe with extranonce1 %s extran2size %d"", get_pool_name(pool), pool->nonce1, pool->n2size); } } else { if (recvd && !noresume) { cg_wlock(&pool->data_lock); free(pool->sessionid); free(pool->nonce1); pool->sessionid = pool->nonce1 = NULL; cg_wunlock(&pool->data_lock); applog(LOG_DEBUG, ""Failed to resume stratum, trying afresh""); noresume = true; json_decref(val); goto resend; } applog(LOG_DEBUG, ""Initiating stratum failed on %s"", get_pool_name(pool)); if (sockd) { applog(LOG_DEBUG, ""Suspending stratum on %s"", get_pool_name(pool)); suspend_stratum(pool); } } json_decref(val); return ret; }",visit repo url,util.c,https://github.com/sgminer-dev/sgminer,148966525833483,1 2829,CWE-125,"static int update_write_order_info(rdpContext* context, wStream* s, ORDER_INFO* orderInfo, size_t offset) { size_t position; WINPR_UNUSED(context); position = Stream_GetPosition(s); Stream_SetPosition(s, offset); Stream_Write_UINT8(s, orderInfo->controlFlags); if (orderInfo->controlFlags & ORDER_TYPE_CHANGE) Stream_Write_UINT8(s, orderInfo->orderType); update_write_field_flags(s, orderInfo->fieldFlags, orderInfo->controlFlags, PRIMARY_DRAWING_ORDER_FIELD_BYTES[orderInfo->orderType]); update_write_bounds(s, orderInfo); Stream_SetPosition(s, position); return 0; }",visit repo url,libfreerdp/core/update.c,https://github.com/FreeRDP/FreeRDP,223408141286640,1 1178,CWE-400,"static void record_and_restart(struct perf_event *event, unsigned long val, struct pt_regs *regs, int nmi) { u64 period = event->hw.sample_period; s64 prev, delta, left; int record = 0; if (event->hw.state & PERF_HES_STOPPED) { write_pmc(event->hw.idx, 0); return; } prev = local64_read(&event->hw.prev_count); delta = check_and_compute_delta(prev, val); local64_add(delta, &event->count); val = 0; left = local64_read(&event->hw.period_left) - delta; if (period) { if (left <= 0) { left += period; if (left <= 0) left = period; record = 1; event->hw.last_period = event->hw.sample_period; } if (left < 0x80000000LL) val = 0x80000000LL - left; } write_pmc(event->hw.idx, val); local64_set(&event->hw.prev_count, val); local64_set(&event->hw.period_left, left); perf_event_update_userpage(event); if (record) { struct perf_sample_data data; perf_sample_data_init(&data, ~0ULL); data.period = event->hw.last_period; if (event->attr.sample_type & PERF_SAMPLE_ADDR) perf_get_data_addr(regs, &data.addr); if (perf_event_overflow(event, nmi, &data, regs)) power_pmu_stop(event, 0); } }",visit repo url,arch/powerpc/kernel/perf_event.c,https://github.com/torvalds/linux,249685077052168,1 3344,CWE-119,"main_get_appheader (xd3_stream *stream, main_file *ifile, main_file *output, main_file *sfile) { uint8_t *apphead; usize_t appheadsz; int ret; if (! option_use_appheader) { return; } ret = xd3_get_appheader (stream, & apphead, & appheadsz); if (ret != 0) { return; } if (appheadsz > 0) { char *start = (char*)apphead; char *slash; int place = 0; char *parsed[4]; memset (parsed, 0, sizeof (parsed)); while ((slash = strchr (start, '/')) != NULL) { *slash = 0; parsed[place++] = start; start = slash + 1; } parsed[place++] = start; if (place == 2 || place == 4) { main_get_appheader_params (output, parsed, 1, ""output"", ifile); } if (place == 4) { main_get_appheader_params (sfile, parsed+2, 0, ""source"", ifile); } } option_use_appheader = 0; return; }",visit repo url,xdelta3/xdelta3-main.h,https://github.com/jmacd/xdelta-devel,221291267306676,1 2458,['CWE-119'],"int diff_result_code(struct diff_options *opt, int status) { int result = 0; if (!DIFF_OPT_TST(opt, EXIT_WITH_STATUS) && !(opt->output_format & DIFF_FORMAT_CHECKDIFF)) return status; if (DIFF_OPT_TST(opt, EXIT_WITH_STATUS) && DIFF_OPT_TST(opt, HAS_CHANGES)) result |= 01; if ((opt->output_format & DIFF_FORMAT_CHECKDIFF) && DIFF_OPT_TST(opt, CHECK_FAILED)) result |= 02; return result; }",git,,,44021311096793633732997763368422457912,0 4371,CWE-682,"IW_IMPL(unsigned int) iw_get_ui16be(const iw_byte *b) { return (b[0]<<8) | b[1]; }",visit repo url,src/imagew-util.c,https://github.com/jsummers/imageworsener,15110044314200,1 4729,['CWE-20'],"__u32 ext4_free_inodes_count(struct super_block *sb, struct ext4_group_desc *bg) { return le16_to_cpu(bg->bg_free_inodes_count_lo) | (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT ? (__u32)le16_to_cpu(bg->bg_free_inodes_count_hi) << 16 : 0); }",linux-2.6,,,127601221133542230990070866422440419855,0 2141,['CWE-119'],"static inline void load_LDT(mm_context_t *pc) { preempt_disable(); load_LDT_nolock(pc); preempt_enable(); }",linux-2.6,,,143959803668839729538942238355691925307,0 3870,CWE-1284,"display_dollar(colnr_T col) { colnr_T save_col; if (!redrawing()) return; cursor_off(); save_col = curwin->w_cursor.col; curwin->w_cursor.col = col; if (has_mbyte) { char_u *p; p = ml_get_curline(); curwin->w_cursor.col -= (*mb_head_off)(p, p + col); } curs_columns(FALSE); if (curwin->w_wcol < curwin->w_width) { edit_putchar('$', FALSE); dollar_vcol = curwin->w_virtcol; } curwin->w_cursor.col = save_col; }",visit repo url,src/edit.c,https://github.com/vim/vim,148961915265259,1 2972,CWE-119,"cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, uint32_t offs, cdf_property_info_t **info, size_t *count, size_t *maxcount) { const cdf_section_header_t *shp; cdf_section_header_t sh; const uint8_t *p, *q, *e; int16_t s16; int32_t s32; uint32_t u32; int64_t s64; uint64_t u64; cdf_timestamp_t tp; size_t i, o, o4, nelements, j; cdf_property_info_t *inp; if (offs > UINT32_MAX / 4) { errno = EFTYPE; goto out; } shp = CAST(const cdf_section_header_t *, (const void *) ((const char *)sst->sst_tab + offs)); if (cdf_check_stream_offset(sst, h, shp, sizeof(*shp), __LINE__) == -1) goto out; sh.sh_len = CDF_TOLE4(shp->sh_len); #define CDF_SHLEN_LIMIT (UINT32_MAX / 8) if (sh.sh_len > CDF_SHLEN_LIMIT) { errno = EFTYPE; goto out; } sh.sh_properties = CDF_TOLE4(shp->sh_properties); #define CDF_PROP_LIMIT (UINT32_MAX / (4 * sizeof(*inp))) if (sh.sh_properties > CDF_PROP_LIMIT) goto out; DPRINTF((""section len: %u properties %u\n"", sh.sh_len, sh.sh_properties)); if (*maxcount) { if (*maxcount > CDF_PROP_LIMIT) goto out; *maxcount += sh.sh_properties; inp = CAST(cdf_property_info_t *, realloc(*info, *maxcount * sizeof(*inp))); } else { *maxcount = sh.sh_properties; inp = CAST(cdf_property_info_t *, malloc(*maxcount * sizeof(*inp))); } if (inp == NULL) goto out; *info = inp; inp += *count; *count += sh.sh_properties; p = CAST(const uint8_t *, (const void *) ((const char *)(const void *)sst->sst_tab + offs + sizeof(sh))); e = CAST(const uint8_t *, (const void *) (((const char *)(const void *)shp) + sh.sh_len)); if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) goto out; for (i = 0; i < sh.sh_properties; i++) { size_t ofs = CDF_GETUINT32(p, (i << 1) + 1); q = (const uint8_t *)(const void *) ((const char *)(const void *)p + ofs - 2 * sizeof(uint32_t)); if (q > e) { DPRINTF((""Ran of the end %p > %p\n"", q, e)); goto out; } inp[i].pi_id = CDF_GETUINT32(p, i << 1); inp[i].pi_type = CDF_GETUINT32(q, 0); DPRINTF((""%"" SIZE_T_FORMAT ""u) id=%x type=%x offs=0x%tx,0x%x\n"", i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); if (inp[i].pi_type & CDF_VECTOR) { nelements = CDF_GETUINT32(q, 1); o = 2; } else { nelements = 1; o = 1; } o4 = o * sizeof(uint32_t); if (inp[i].pi_type & (CDF_ARRAY|CDF_BYREF|CDF_RESERVED)) goto unknown; switch (inp[i].pi_type & CDF_TYPEMASK) { case CDF_NULL: case CDF_EMPTY: break; case CDF_SIGNED16: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&s16, &q[o4], sizeof(s16)); inp[i].pi_s16 = CDF_TOLE2(s16); break; case CDF_SIGNED32: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&s32, &q[o4], sizeof(s32)); inp[i].pi_s32 = CDF_TOLE4((uint32_t)s32); break; case CDF_BOOL: case CDF_UNSIGNED32: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u32, &q[o4], sizeof(u32)); inp[i].pi_u32 = CDF_TOLE4(u32); break; case CDF_SIGNED64: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&s64, &q[o4], sizeof(s64)); inp[i].pi_s64 = CDF_TOLE8((uint64_t)s64); break; case CDF_UNSIGNED64: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u64, &q[o4], sizeof(u64)); inp[i].pi_u64 = CDF_TOLE8((uint64_t)u64); break; case CDF_FLOAT: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u32, &q[o4], sizeof(u32)); u32 = CDF_TOLE4(u32); memcpy(&inp[i].pi_f, &u32, sizeof(inp[i].pi_f)); break; case CDF_DOUBLE: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&u64, &q[o4], sizeof(u64)); u64 = CDF_TOLE8((uint64_t)u64); memcpy(&inp[i].pi_d, &u64, sizeof(inp[i].pi_d)); break; case CDF_LENGTH32_STRING: case CDF_LENGTH32_WSTRING: if (nelements > 1) { size_t nelem = inp - *info; if (*maxcount > CDF_PROP_LIMIT || nelements > CDF_PROP_LIMIT) goto out; *maxcount += nelements; inp = CAST(cdf_property_info_t *, realloc(*info, *maxcount * sizeof(*inp))); if (inp == NULL) goto out; *info = inp; inp = *info + nelem; } DPRINTF((""nelements = %"" SIZE_T_FORMAT ""u\n"", nelements)); for (j = 0; j < nelements; j++, i++) { uint32_t l = CDF_GETUINT32(q, o); inp[i].pi_str.s_len = l; inp[i].pi_str.s_buf = (const char *) (const void *)(&q[o4 + sizeof(l)]); DPRINTF((""l = %d, r = %"" SIZE_T_FORMAT ""u, s = %s\n"", l, CDF_ROUND(l, sizeof(l)), inp[i].pi_str.s_buf)); if (l & 1) l++; o += l >> 1; if (q + o >= e) goto out; o4 = o * sizeof(uint32_t); } i--; break; case CDF_FILETIME: if (inp[i].pi_type & CDF_VECTOR) goto unknown; (void)memcpy(&tp, &q[o4], sizeof(tp)); inp[i].pi_tp = CDF_TOLE8((uint64_t)tp); break; case CDF_CLIPBOARD: if (inp[i].pi_type & CDF_VECTOR) goto unknown; break; default: unknown: DPRINTF((""Don't know how to deal with %x\n"", inp[i].pi_type)); break; } } return 0; out: free(*info); return -1; }",visit repo url,src/cdf.c,https://github.com/file/file,157851549704523,1 4273,['CWE-264'],"long do_fork(unsigned long clone_flags, unsigned long stack_start, struct pt_regs *regs, unsigned long stack_size, int __user *parent_tidptr, int __user *child_tidptr) { struct task_struct *p; int trace = 0; long nr; if (clone_flags & CLONE_NEWUSER) { if (clone_flags & CLONE_THREAD) return -EINVAL; if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) || !capable(CAP_SETGID)) return -EPERM; } if (unlikely(clone_flags & CLONE_STOPPED)) { static int __read_mostly count = 100; if (count > 0 && printk_ratelimit()) { char comm[TASK_COMM_LEN]; count--; printk(KERN_INFO ""fork(): process `%s' used deprecated "" ""clone flags 0x%lx\n"", get_task_comm(comm, current), clone_flags & CLONE_STOPPED); } } if (likely(user_mode(regs))) trace = tracehook_prepare_clone(clone_flags); p = copy_process(clone_flags, stack_start, regs, stack_size, child_tidptr, NULL, trace); if (!IS_ERR(p)) { struct completion vfork; trace_sched_process_fork(current, p); nr = task_pid_vnr(p); if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); } audit_finish_fork(p); tracehook_report_clone(trace, regs, clone_flags, nr, p); p->flags &= ~PF_STARTING; if (unlikely(clone_flags & CLONE_STOPPED)) { sigaddset(&p->pending.signal, SIGSTOP); set_tsk_thread_flag(p, TIF_SIGPENDING); __set_task_state(p, TASK_STOPPED); } else { wake_up_new_task(p, clone_flags); } tracehook_report_clone_complete(trace, regs, clone_flags, nr, p); if (clone_flags & CLONE_VFORK) { freezer_do_not_count(); wait_for_completion(&vfork); freezer_count(); tracehook_report_vfork_done(p, nr); } } else { nr = PTR_ERR(p); } return nr; }",linux-2.6,,,291612181894143151970933317799209626929,0 1647,[],"int cond_resched_lock(spinlock_t *lock) { int resched = need_resched() && system_state == SYSTEM_RUNNING; int ret = 0; if (spin_needbreak(lock) || resched) { spin_unlock(lock); if (resched && need_resched()) __cond_resched(); else cpu_relax(); ret = 1; spin_lock(lock); } return ret; }",linux-2.6,,,103952538446649570542937910463094159423,0 2218,['CWE-193'],"int sync_page_range_nolock(struct inode *inode, struct address_space *mapping, loff_t pos, loff_t count) { pgoff_t start = pos >> PAGE_CACHE_SHIFT; pgoff_t end = (pos + count - 1) >> PAGE_CACHE_SHIFT; int ret; if (!mapping_cap_writeback_dirty(mapping) || !count) return 0; ret = filemap_fdatawrite_range(mapping, pos, pos + count - 1); if (ret == 0) ret = generic_osync_inode(inode, mapping, OSYNC_METADATA); if (ret == 0) ret = wait_on_page_writeback_range(mapping, start, end); return ret; }",linux-2.6,,,156470054246307568251395770131688489551,0 6320,['CWE-200'],"tcf_exts_validate(struct tcf_proto *tp, struct rtattr **tb, struct rtattr *rate_tlv, struct tcf_exts *exts, struct tcf_ext_map *map) { memset(exts, 0, sizeof(*exts)); #ifdef CONFIG_NET_CLS_ACT { int err; struct tc_action *act; if (map->police && tb[map->police-1]) { act = tcf_action_init_1(tb[map->police-1], rate_tlv, ""police"", TCA_ACT_NOREPLACE, TCA_ACT_BIND, &err); if (act == NULL) return err; act->type = TCA_OLD_COMPAT; exts->action = act; } else if (map->action && tb[map->action-1]) { act = tcf_action_init(tb[map->action-1], rate_tlv, NULL, TCA_ACT_NOREPLACE, TCA_ACT_BIND, &err); if (act == NULL) return err; exts->action = act; } } #elif defined CONFIG_NET_CLS_POLICE if (map->police && tb[map->police-1]) { struct tcf_police *p; p = tcf_police_locate(tb[map->police-1], rate_tlv); if (p == NULL) return -EINVAL; exts->police = p; } else if (map->action && tb[map->action-1]) return -EOPNOTSUPP; #else if ((map->action && tb[map->action-1]) || (map->police && tb[map->police-1])) return -EOPNOTSUPP; #endif return 0; }",linux-2.6,,,311313245196665680157230089621360581552,0 2428,CWE-119,"static int decode_dds1(GetByteContext *gb, uint8_t *frame, int width, int height) { const uint8_t *frame_start = frame; const uint8_t *frame_end = frame + width * height; int mask = 0x10000, bitbuf = 0; int i, v, offset, count, segments; segments = bytestream2_get_le16(gb); while (segments--) { if (bytestream2_get_bytes_left(gb) < 2) return AVERROR_INVALIDDATA; if (mask == 0x10000) { bitbuf = bytestream2_get_le16u(gb); mask = 1; } if (bitbuf & mask) { v = bytestream2_get_le16(gb); offset = (v & 0x1FFF) << 2; count = ((v >> 13) + 2) << 1; if (frame - frame_start < offset || frame_end - frame < count*2 + width) return AVERROR_INVALIDDATA; for (i = 0; i < count; i++) { frame[0] = frame[1] = frame[width] = frame[width + 1] = frame[-offset]; frame += 2; } } else if (bitbuf & (mask << 1)) { v = bytestream2_get_le16(gb)*2; if (frame - frame_end < v) return AVERROR_INVALIDDATA; frame += v; } else { if (frame_end - frame < width + 3) return AVERROR_INVALIDDATA; frame[0] = frame[1] = frame[width] = frame[width + 1] = bytestream2_get_byte(gb); frame += 2; frame[0] = frame[1] = frame[width] = frame[width + 1] = bytestream2_get_byte(gb); frame += 2; } mask <<= 2; } return 0; }",visit repo url,libavcodec/dfa.c,https://github.com/FFmpeg/FFmpeg,37810056187651,1 6353,CWE-476,"file_extension(const char *s) { const char *extension; static char buf[1024]; if (s == NULL) return (NULL); else if (!strncmp(s, ""data:image/bmp;"", 15)) return (""bmp""); else if (!strncmp(s, ""data:image/gif;"", 15)) return (""gif""); else if (!strncmp(s, ""data:image/jpeg;"", 16)) return (""jpg""); else if (!strncmp(s, ""data:image/png;"", 15)) return (""png""); else if ((extension = strrchr(s, '/')) != NULL) extension ++; else if ((extension = strrchr(s, '\\')) != NULL) extension ++; else extension = s; if ((extension = strrchr(extension, '.')) == NULL) return (""""); else extension ++; if (strchr(extension, '#') == NULL) return (extension); strlcpy(buf, extension, sizeof(buf)); *(char *)strchr(buf, '#') = '\0'; return (buf); }",visit repo url,htmldoc/file.c,https://github.com/michaelrsweet/htmldoc,80988738011686,1 5831,CWE-362,"static pj_status_t STATUS_FROM_SSL_ERR(char *action, pj_ssl_sock_t *ssock, unsigned long err) { int level = 0; int len = 0; ERROR_LOG(""STATUS_FROM_SSL_ERR"", err, ssock); level++; if (err == SSL_ERROR_SSL) { err = ERR_get_error(); ERROR_LOG(""STATUS_FROM_SSL_ERR"", err, ssock); } ssock->last_err = err; return GET_STATUS_FROM_SSL_ERR(err); }",visit repo url,pjlib/src/pj/ssl_sock_ossl.c,https://github.com/pjsip/pjproject,83688951080359,1 5168,['CWE-20'],"static __init int adjust_vmx_controls(u32 ctl_min, u32 ctl_opt, u32 msr, u32 *result) { u32 vmx_msr_low, vmx_msr_high; u32 ctl = ctl_min | ctl_opt; rdmsr(msr, vmx_msr_low, vmx_msr_high); ctl &= vmx_msr_high; ctl |= vmx_msr_low; if (ctl_min & ~ctl) return -EIO; *result = ctl; return 0; }",linux-2.6,,,330246375992053058186756686201634631029,0 373,[],"pfm_init_percpu (void) { static int first_time=1; pfm_clear_psr_pp(); pfm_clear_psr_up(); pfm_unfreeze_pmu(); if (first_time) { register_percpu_irq(IA64_PERFMON_VECTOR, &perfmon_irqaction); first_time=0; } ia64_setreg(_IA64_REG_CR_PMV, IA64_PERFMON_VECTOR); ia64_srlz_d(); }",linux-2.6,,,308562461491574392373389603467125167241,0 4777,CWE-119,"static int muscle_list_files(sc_card_t *card, u8 *buf, size_t bufLen) { muscle_private_t* priv = MUSCLE_DATA(card); mscfs_t *fs = priv->fs; int x; int count = 0; mscfs_check_cache(priv->fs); for(x = 0; x < fs->cache.size; x++) { u8* oid= fs->cache.array[x].objectId.id; sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, ""FILE: %02X%02X%02X%02X\n"", oid[0],oid[1],oid[2],oid[3]); if(0 == memcmp(fs->currentPath, oid, 2)) { buf[0] = oid[2]; buf[1] = oid[3]; if(buf[0] == 0x00 && buf[1] == 0x00) continue; buf += 2; count+=2; } } return count; }",visit repo url,src/libopensc/card-muscle.c,https://github.com/OpenSC/OpenSC,15195210024435,1 1948,CWE-401,"static int acp_hw_init(void *handle) { int r, i; uint64_t acp_base; u32 val = 0; u32 count = 0; struct device *dev; struct i2s_platform_data *i2s_pdata; struct amdgpu_device *adev = (struct amdgpu_device *)handle; const struct amdgpu_ip_block *ip_block = amdgpu_device_ip_get_ip_block(adev, AMD_IP_BLOCK_TYPE_ACP); if (!ip_block) return -EINVAL; r = amd_acp_hw_init(adev->acp.cgs_device, ip_block->version->major, ip_block->version->minor); if (r == -ENODEV) { amdgpu_dpm_set_powergating_by_smu(adev, AMD_IP_BLOCK_TYPE_ACP, true); return 0; } else if (r) { return r; } if (adev->rmmio_size == 0 || adev->rmmio_size < 0x5289) return -EINVAL; acp_base = adev->rmmio_base; adev->acp.acp_genpd = kzalloc(sizeof(struct acp_pm_domain), GFP_KERNEL); if (adev->acp.acp_genpd == NULL) return -ENOMEM; adev->acp.acp_genpd->gpd.name = ""ACP_AUDIO""; adev->acp.acp_genpd->gpd.power_off = acp_poweroff; adev->acp.acp_genpd->gpd.power_on = acp_poweron; adev->acp.acp_genpd->adev = adev; pm_genpd_init(&adev->acp.acp_genpd->gpd, NULL, false); adev->acp.acp_cell = kcalloc(ACP_DEVS, sizeof(struct mfd_cell), GFP_KERNEL); if (adev->acp.acp_cell == NULL) return -ENOMEM; adev->acp.acp_res = kcalloc(5, sizeof(struct resource), GFP_KERNEL); if (adev->acp.acp_res == NULL) { kfree(adev->acp.acp_cell); return -ENOMEM; } i2s_pdata = kcalloc(3, sizeof(struct i2s_platform_data), GFP_KERNEL); if (i2s_pdata == NULL) { kfree(adev->acp.acp_res); kfree(adev->acp.acp_cell); return -ENOMEM; } switch (adev->asic_type) { case CHIP_STONEY: i2s_pdata[0].quirks = DW_I2S_QUIRK_COMP_REG_OFFSET | DW_I2S_QUIRK_16BIT_IDX_OVERRIDE; break; default: i2s_pdata[0].quirks = DW_I2S_QUIRK_COMP_REG_OFFSET; } i2s_pdata[0].cap = DWC_I2S_PLAY; i2s_pdata[0].snd_rates = SNDRV_PCM_RATE_8000_96000; i2s_pdata[0].i2s_reg_comp1 = ACP_I2S_COMP1_PLAY_REG_OFFSET; i2s_pdata[0].i2s_reg_comp2 = ACP_I2S_COMP2_PLAY_REG_OFFSET; switch (adev->asic_type) { case CHIP_STONEY: i2s_pdata[1].quirks = DW_I2S_QUIRK_COMP_REG_OFFSET | DW_I2S_QUIRK_COMP_PARAM1 | DW_I2S_QUIRK_16BIT_IDX_OVERRIDE; break; default: i2s_pdata[1].quirks = DW_I2S_QUIRK_COMP_REG_OFFSET | DW_I2S_QUIRK_COMP_PARAM1; } i2s_pdata[1].cap = DWC_I2S_RECORD; i2s_pdata[1].snd_rates = SNDRV_PCM_RATE_8000_96000; i2s_pdata[1].i2s_reg_comp1 = ACP_I2S_COMP1_CAP_REG_OFFSET; i2s_pdata[1].i2s_reg_comp2 = ACP_I2S_COMP2_CAP_REG_OFFSET; i2s_pdata[2].quirks = DW_I2S_QUIRK_COMP_REG_OFFSET; switch (adev->asic_type) { case CHIP_STONEY: i2s_pdata[2].quirks |= DW_I2S_QUIRK_16BIT_IDX_OVERRIDE; break; default: break; } i2s_pdata[2].cap = DWC_I2S_PLAY | DWC_I2S_RECORD; i2s_pdata[2].snd_rates = SNDRV_PCM_RATE_8000_96000; i2s_pdata[2].i2s_reg_comp1 = ACP_BT_COMP1_REG_OFFSET; i2s_pdata[2].i2s_reg_comp2 = ACP_BT_COMP2_REG_OFFSET; adev->acp.acp_res[0].name = ""acp2x_dma""; adev->acp.acp_res[0].flags = IORESOURCE_MEM; adev->acp.acp_res[0].start = acp_base; adev->acp.acp_res[0].end = acp_base + ACP_DMA_REGS_END; adev->acp.acp_res[1].name = ""acp2x_dw_i2s_play""; adev->acp.acp_res[1].flags = IORESOURCE_MEM; adev->acp.acp_res[1].start = acp_base + ACP_I2S_PLAY_REGS_START; adev->acp.acp_res[1].end = acp_base + ACP_I2S_PLAY_REGS_END; adev->acp.acp_res[2].name = ""acp2x_dw_i2s_cap""; adev->acp.acp_res[2].flags = IORESOURCE_MEM; adev->acp.acp_res[2].start = acp_base + ACP_I2S_CAP_REGS_START; adev->acp.acp_res[2].end = acp_base + ACP_I2S_CAP_REGS_END; adev->acp.acp_res[3].name = ""acp2x_dw_bt_i2s_play_cap""; adev->acp.acp_res[3].flags = IORESOURCE_MEM; adev->acp.acp_res[3].start = acp_base + ACP_BT_PLAY_REGS_START; adev->acp.acp_res[3].end = acp_base + ACP_BT_PLAY_REGS_END; adev->acp.acp_res[4].name = ""acp2x_dma_irq""; adev->acp.acp_res[4].flags = IORESOURCE_IRQ; adev->acp.acp_res[4].start = amdgpu_irq_create_mapping(adev, 162); adev->acp.acp_res[4].end = adev->acp.acp_res[4].start; adev->acp.acp_cell[0].name = ""acp_audio_dma""; adev->acp.acp_cell[0].num_resources = 5; adev->acp.acp_cell[0].resources = &adev->acp.acp_res[0]; adev->acp.acp_cell[0].platform_data = &adev->asic_type; adev->acp.acp_cell[0].pdata_size = sizeof(adev->asic_type); adev->acp.acp_cell[1].name = ""designware-i2s""; adev->acp.acp_cell[1].num_resources = 1; adev->acp.acp_cell[1].resources = &adev->acp.acp_res[1]; adev->acp.acp_cell[1].platform_data = &i2s_pdata[0]; adev->acp.acp_cell[1].pdata_size = sizeof(struct i2s_platform_data); adev->acp.acp_cell[2].name = ""designware-i2s""; adev->acp.acp_cell[2].num_resources = 1; adev->acp.acp_cell[2].resources = &adev->acp.acp_res[2]; adev->acp.acp_cell[2].platform_data = &i2s_pdata[1]; adev->acp.acp_cell[2].pdata_size = sizeof(struct i2s_platform_data); adev->acp.acp_cell[3].name = ""designware-i2s""; adev->acp.acp_cell[3].num_resources = 1; adev->acp.acp_cell[3].resources = &adev->acp.acp_res[3]; adev->acp.acp_cell[3].platform_data = &i2s_pdata[2]; adev->acp.acp_cell[3].pdata_size = sizeof(struct i2s_platform_data); r = mfd_add_hotplug_devices(adev->acp.parent, adev->acp.acp_cell, ACP_DEVS); if (r) return r; for (i = 0; i < ACP_DEVS ; i++) { dev = get_mfd_cell_dev(adev->acp.acp_cell[i].name, i); r = pm_genpd_add_device(&adev->acp.acp_genpd->gpd, dev); if (r) { dev_err(dev, ""Failed to add dev to genpd\n""); return r; } } val = cgs_read_register(adev->acp.cgs_device, mmACP_SOFT_RESET); val |= ACP_SOFT_RESET__SoftResetAud_MASK; cgs_write_register(adev->acp.cgs_device, mmACP_SOFT_RESET, val); count = ACP_SOFT_RESET_DONE_TIME_OUT_VALUE; while (true) { val = cgs_read_register(adev->acp.cgs_device, mmACP_SOFT_RESET); if (ACP_SOFT_RESET__SoftResetAudDone_MASK == (val & ACP_SOFT_RESET__SoftResetAudDone_MASK)) break; if (--count == 0) { dev_err(&adev->pdev->dev, ""Failed to reset ACP\n""); return -ETIMEDOUT; } udelay(100); } val = cgs_read_register(adev->acp.cgs_device, mmACP_CONTROL); val = val | ACP_CONTROL__ClkEn_MASK; cgs_write_register(adev->acp.cgs_device, mmACP_CONTROL, val); count = ACP_CLOCK_EN_TIME_OUT_VALUE; while (true) { val = cgs_read_register(adev->acp.cgs_device, mmACP_STATUS); if (val & (u32) 0x1) break; if (--count == 0) { dev_err(&adev->pdev->dev, ""Failed to reset ACP\n""); return -ETIMEDOUT; } udelay(100); } val = cgs_read_register(adev->acp.cgs_device, mmACP_SOFT_RESET); val &= ~ACP_SOFT_RESET__SoftResetAud_MASK; cgs_write_register(adev->acp.cgs_device, mmACP_SOFT_RESET, val); return 0; }",visit repo url,drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c,https://github.com/torvalds/linux,226914362852990,1 1775,NVD-CWE-Other,"static int cypress_open(struct tty_struct *tty, struct usb_serial_port *port) { struct cypress_private *priv = usb_get_serial_port_data(port); struct usb_serial *serial = port->serial; unsigned long flags; int result = 0; if (!priv->comm_is_ok) return -EIO; usb_clear_halt(serial->dev, 0x81); usb_clear_halt(serial->dev, 0x02); spin_lock_irqsave(&priv->lock, flags); priv->bytes_in = 0; priv->bytes_out = 0; priv->cmd_count = 0; priv->rx_flags = 0; spin_unlock_irqrestore(&priv->lock, flags); cypress_send(port); if (tty) cypress_set_termios(tty, port, &priv->tmp_termios); if (!port->interrupt_in_urb) { dev_err(&port->dev, ""%s - interrupt_in_urb is empty!\n"", __func__); return -1; } usb_fill_int_urb(port->interrupt_in_urb, serial->dev, usb_rcvintpipe(serial->dev, port->interrupt_in_endpointAddress), port->interrupt_in_urb->transfer_buffer, port->interrupt_in_urb->transfer_buffer_length, cypress_read_int_callback, port, priv->read_urb_interval); result = usb_submit_urb(port->interrupt_in_urb, GFP_KERNEL); if (result) { dev_err(&port->dev, ""%s - failed submitting read urb, error %d\n"", __func__, result); cypress_set_dead(port); } return result; } ",visit repo url,drivers/usb/serial/cypress_m8.c,https://github.com/torvalds/linux,183716197417895,1 6127,CWE-190,"void ed_write_bin(uint8_t *bin, int len, const ed_t a, int pack) { ed_t t; ed_null(t); memset(bin, 0, len); if (ed_is_infty(a)) { if (len < 1) { RLC_THROW(ERR_NO_BUFFER); return; } else { return; } } RLC_TRY { ed_new(t); ed_norm(t, a); if (pack) { if (len < RLC_FP_BYTES + 1) { RLC_THROW(ERR_NO_BUFFER); } else { ed_pck(t, t); bin[0] = 2 | fp_get_bit(t->x, 0); fp_write_bin(bin + 1, RLC_FP_BYTES, t->y); } } else { if (len < 2 * RLC_FP_BYTES + 1) { RLC_THROW(ERR_NO_BUFFER); } else { bin[0] = 4; fp_write_bin(bin + 1, RLC_FP_BYTES, t->y); fp_write_bin(bin + RLC_FP_BYTES + 1, RLC_FP_BYTES, t->x); } } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { ed_free(t); } }",visit repo url,src/ed/relic_ed_util.c,https://github.com/relic-toolkit/relic,2830123344472,1 2085,[],"int compat_udp_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen) { if (level == SOL_UDP || level == SOL_UDPLITE) return udp_lib_setsockopt(sk, level, optname, optval, optlen, udp_push_pending_frames); return compat_ip_setsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,153726987684240372144085433303110430133,0 3950,['CWE-362'],"static struct audit_entry *audit_dupe_rule(struct audit_krule *old, struct audit_watch *watch) { u32 fcount = old->field_count; struct audit_entry *entry; struct audit_krule *new; char *fk; int i, err = 0; entry = audit_init_entry(fcount); if (unlikely(!entry)) return ERR_PTR(-ENOMEM); new = &entry->rule; new->vers_ops = old->vers_ops; new->flags = old->flags; new->listnr = old->listnr; new->action = old->action; for (i = 0; i < AUDIT_BITMASK_SIZE; i++) new->mask[i] = old->mask[i]; new->buflen = old->buflen; new->inode_f = old->inode_f; new->watch = NULL; new->field_count = old->field_count; new->tree = old->tree; memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); for (i = 0; i < fcount; i++) { switch (new->fields[i].type) { case AUDIT_SUBJ_USER: case AUDIT_SUBJ_ROLE: case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: case AUDIT_OBJ_USER: case AUDIT_OBJ_ROLE: case AUDIT_OBJ_TYPE: case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: err = audit_dupe_lsm_field(&new->fields[i], &old->fields[i]); break; case AUDIT_FILTERKEY: fk = kstrdup(old->filterkey, GFP_KERNEL); if (unlikely(!fk)) err = -ENOMEM; else new->filterkey = fk; } if (err) { audit_free_rule(entry); return ERR_PTR(err); } } if (watch) { audit_get_watch(watch); new->watch = watch; } return entry; }",linux-2.6,,,333082068414022908481341010425172843853,0 5469,['CWE-476'],"static int move_to_next_stateful_cpuid_entry(struct kvm_vcpu *vcpu, int i) { struct kvm_cpuid_entry2 *e = &vcpu->arch.cpuid_entries[i]; int j, nent = vcpu->arch.cpuid_nent; e->flags &= ~KVM_CPUID_FLAG_STATE_READ_NEXT; for (j = i + 1; ; j = (j + 1) % nent) { struct kvm_cpuid_entry2 *ej = &vcpu->arch.cpuid_entries[j]; if (ej->function == e->function) { ej->flags |= KVM_CPUID_FLAG_STATE_READ_NEXT; return j; } } return 0; }",linux-2.6,,,48233229496230054269166043344111966630,0 1308,['CWE-119'],"static unsigned char asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len) { unsigned char ch, cnt; if (!asn1_octet_decode(ctx, &ch)) return 0; if (ch == 0x80) *def = 0; else { *def = 1; if (ch < 0x80) *len = ch; else { cnt = ch & 0x7F; *len = 0; while (cnt > 0) { if (!asn1_octet_decode(ctx, &ch)) return 0; *len <<= 8; *len |= ch; cnt--; } } } if (*len > ctx->end - ctx->pointer) return 0; return 1; }",linux-2.6,,,14133236615636080167552273762115632878,0 5447,CWE-354,"void recovery_cipher_finalize(void) { static char CONFIDENTIAL new_mnemonic[MNEMONIC_BUF] = """"; static char CONFIDENTIAL temp_word[CURRENT_WORD_BUF]; volatile bool auto_completed = true; char *tok = strtok(mnemonic, "" ""); while(tok) { strlcpy(temp_word, tok, CURRENT_WORD_BUF); auto_completed &= attempt_auto_complete(temp_word); strlcat(new_mnemonic, temp_word, MNEMONIC_BUF); strlcat(new_mnemonic, "" "", MNEMONIC_BUF); tok = strtok(NULL, "" ""); } memzero(temp_word, sizeof(temp_word)); if (!auto_completed && !enforce_wordlist) { if (!dry_run) { storage_reset(); } fsm_sendFailure(FailureType_Failure_SyntaxError, ""Words were not entered correctly. Make sure you are using the substition cipher.""); awaiting_character = false; layoutHome(); return; } new_mnemonic[strlen(new_mnemonic) - 1] = '\0'; if (!dry_run && (!enforce_wordlist || mnemonic_check(new_mnemonic))) { storage_setMnemonic(new_mnemonic); memzero(new_mnemonic, sizeof(new_mnemonic)); if (!enforce_wordlist) { storage_setImported(true); } storage_commit(); fsm_sendSuccess(""Device recovered""); } else if (dry_run) { bool match = storage_isInitialized() && storage_containsMnemonic(new_mnemonic); if (match) { review(ButtonRequestType_ButtonRequest_Other, ""Recovery Dry Run"", ""The seed is valid and MATCHES the one in the device.""); fsm_sendSuccess(""The seed is valid and matches the one in the device.""); } else if (mnemonic_check(new_mnemonic)) { review(ButtonRequestType_ButtonRequest_Other, ""Recovery Dry Run"", ""The seed is valid, but DOES NOT MATCH the one in the device.""); fsm_sendFailure(FailureType_Failure_Other, ""The seed is valid, but does not match the one in the device.""); } else { review(ButtonRequestType_ButtonRequest_Other, ""Recovery Dry Run"", ""The seed is INVALID, and DOES NOT MATCH the one in the device.""); fsm_sendFailure(FailureType_Failure_Other, ""The seed is invalid, and does not match the one in the device.""); } memzero(new_mnemonic, sizeof(new_mnemonic)); } else { session_clear(true); fsm_sendFailure(FailureType_Failure_SyntaxError, ""Invalid mnemonic, are words in correct order?""); recovery_abort(); } memzero(new_mnemonic, sizeof(new_mnemonic)); awaiting_character = false; memzero(mnemonic, sizeof(mnemonic)); memzero(cipher, sizeof(cipher)); layoutHome(); }",visit repo url,lib/firmware/recovery_cipher.c,https://github.com/keepkey/keepkey-firmware,20898045342432,1 2361,['CWE-200'],"snd_seq_oss_synth_load_patch(struct seq_oss_devinfo *dp, int dev, int fmt, const char __user *buf, int p, int c) { struct seq_oss_synth *rec; int rc; if (dev < 0 || dev >= dp->max_synthdev) return -ENXIO; if (is_midi_dev(dp, dev)) return 0; if ((rec = get_synthdev(dp, dev)) == NULL) return -ENXIO; if (rec->oper.load_patch == NULL) rc = -ENXIO; else rc = rec->oper.load_patch(&dp->synths[dev].arg, fmt, buf, p, c); snd_use_lock_free(&rec->use_lock); return rc; }",linux-2.6,,,239230544718505814771408284058017252231,0 1458,CWE-17,"static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName, int udfLen, uint8_t *fidName, int fidNameLen) { int index, newIndex = 0, needsCRC = 0; int extIndex = 0, newExtIndex = 0, hasExt = 0; unsigned short valueCRC; uint8_t curr; if (udfName[0] == '.' && (udfLen == 1 || (udfLen == 2 && udfName[1] == '.'))) { needsCRC = 1; newIndex = udfLen; memcpy(newName, udfName, udfLen); } else { for (index = 0; index < udfLen; index++) { curr = udfName[index]; if (curr == '/' || curr == 0) { needsCRC = 1; curr = ILLEGAL_CHAR_MARK; while (index + 1 < udfLen && (udfName[index + 1] == '/' || udfName[index + 1] == 0)) index++; } if (curr == EXT_MARK && (udfLen - index - 1) <= EXT_SIZE) { if (udfLen == index + 1) hasExt = 0; else { hasExt = 1; extIndex = index; newExtIndex = newIndex; } } if (newIndex < 256) newName[newIndex++] = curr; else needsCRC = 1; } } if (needsCRC) { uint8_t ext[EXT_SIZE]; int localExtIndex = 0; if (hasExt) { int maxFilenameLen; for (index = 0; index < EXT_SIZE && extIndex + index + 1 < udfLen; index++) { curr = udfName[extIndex + index + 1]; if (curr == '/' || curr == 0) { needsCRC = 1; curr = ILLEGAL_CHAR_MARK; while (extIndex + index + 2 < udfLen && (index + 1 < EXT_SIZE && (udfName[extIndex + index + 2] == '/' || udfName[extIndex + index + 2] == 0))) index++; } ext[localExtIndex++] = curr; } maxFilenameLen = 250 - localExtIndex; if (newIndex > maxFilenameLen) newIndex = maxFilenameLen; else newIndex = newExtIndex; } else if (newIndex > 250) newIndex = 250; newName[newIndex++] = CRC_MARK; valueCRC = crc_itu_t(0, fidName, fidNameLen); newName[newIndex++] = hex_asc_upper_hi(valueCRC >> 8); newName[newIndex++] = hex_asc_upper_lo(valueCRC >> 8); newName[newIndex++] = hex_asc_upper_hi(valueCRC); newName[newIndex++] = hex_asc_upper_lo(valueCRC); if (hasExt) { newName[newIndex++] = EXT_MARK; for (index = 0; index < localExtIndex; index++) newName[newIndex++] = ext[index]; } } return newIndex; }",visit repo url,fs/udf/unicode.c,https://github.com/torvalds/linux,26950818328342,1 3214,CWE-125,"l2tp_proxy_auth_id_print(netdissect_options *ndo, const u_char *dat) { const uint16_t *ptr = (const uint16_t *)dat; ND_PRINT((ndo, ""%u"", EXTRACT_16BITS(ptr) & L2TP_PROXY_AUTH_ID_MASK)); }",visit repo url,print-l2tp.c,https://github.com/the-tcpdump-group/tcpdump,234180107862958,1 3261,CWE-125,"mp_dss_print(netdissect_options *ndo, const u_char *opt, u_int opt_len, u_char flags) { const struct mp_dss *mdss = (const struct mp_dss *) opt; if ((opt_len != mp_dss_len(mdss, 1) && opt_len != mp_dss_len(mdss, 0)) || flags & TH_SYN) return 0; if (mdss->flags & MP_DSS_F) ND_PRINT((ndo, "" fin"")); opt += 4; if (mdss->flags & MP_DSS_A) { ND_PRINT((ndo, "" ack "")); if (mdss->flags & MP_DSS_a) { ND_PRINT((ndo, ""%"" PRIu64, EXTRACT_64BITS(opt))); opt += 8; } else { ND_PRINT((ndo, ""%u"", EXTRACT_32BITS(opt))); opt += 4; } } if (mdss->flags & MP_DSS_M) { ND_PRINT((ndo, "" seq "")); if (mdss->flags & MP_DSS_m) { ND_PRINT((ndo, ""%"" PRIu64, EXTRACT_64BITS(opt))); opt += 8; } else { ND_PRINT((ndo, ""%u"", EXTRACT_32BITS(opt))); opt += 4; } ND_PRINT((ndo, "" subseq %u"", EXTRACT_32BITS(opt))); opt += 4; ND_PRINT((ndo, "" len %u"", EXTRACT_16BITS(opt))); opt += 2; if (opt_len == mp_dss_len(mdss, 1)) ND_PRINT((ndo, "" csum 0x%x"", EXTRACT_16BITS(opt))); } return 1; }",visit repo url,print-mptcp.c,https://github.com/the-tcpdump-group/tcpdump,182769646049473,1 5368,CWE-190,"static void Process_ipfix_template_add(exporter_ipfix_domain_t *exporter, void *DataPtr, uint32_t size_left, FlowSource_t *fs) { input_translation_t *translation_table; ipfix_template_record_t *ipfix_template_record; ipfix_template_elements_std_t *NextElement; int i; while ( size_left ) { uint32_t table_id, count, size_required; uint32_t num_extensions = 0; if ( size_left && size_left < 4 ) { LogError(""Process_ipfix [%u] Template size error at %s line %u"" , exporter->info.id, __FILE__, __LINE__, strerror (errno)); size_left = 0; continue; } ipfix_template_record = (ipfix_template_record_t *)DataPtr; size_left -= 4; table_id = ntohs(ipfix_template_record->TemplateID); count = ntohs(ipfix_template_record->FieldCount); dbg_printf(""\n[%u] Template ID: %u\n"", exporter->info.id, table_id); dbg_printf(""FieldCount: %u buffersize: %u\n"", count, size_left); memset((void *)cache.common_extensions, 0, (Max_num_extensions+1)*sizeof(uint32_t)); memset((void *)cache.lookup_info, 0, 65536 * sizeof(struct element_param_s)); for (i=1; ipfix_element_map[i].id != 0; i++ ) { uint32_t Type = ipfix_element_map[i].id; if ( ipfix_element_map[i].id == ipfix_element_map[i-1].id ) continue; cache.lookup_info[Type].index = i; } cache.input_order = calloc(count, sizeof(struct order_s)); if ( !cache.input_order ) { LogError(""Process_ipfix: Panic! malloc(): %s line %d: %s"", __FILE__, __LINE__, strerror (errno)); size_left = 0; continue; } cache.input_count = count; size_required = 4*count; if ( size_left < size_required ) { LogError(""Process_ipfix: [%u] Not enough data for template elements! required: %i, left: %u"", exporter->info.id, size_required, size_left); dbg_printf(""ERROR: Not enough data for template elements! required: %i, left: %u"", size_required, size_left); return; } NextElement = (ipfix_template_elements_std_t *)ipfix_template_record->elements; for ( i=0; iType); Length = ntohs(NextElement->Length); Enterprise = Type & 0x8000 ? 1 : 0; Type = Type & 0x7FFF; ext_id = MapElement(Type, Length, i); if ( ext_id && extension_descriptor[ext_id].enabled ) { if ( cache.common_extensions[ext_id] == 0 ) { cache.common_extensions[ext_id] = 1; num_extensions++; } } if ( Enterprise ) { ipfix_template_elements_e_t *e = (ipfix_template_elements_e_t *)NextElement; size_required += 4; if ( size_left < size_required ) { LogError(""Process_ipfix: [%u] Not enough data for template elements! required: %i, left: %u"", exporter->info.id, size_required, size_left); dbg_printf(""ERROR: Not enough data for template elements! required: %i, left: %u"", size_required, size_left); return; } if ( ntohl(e->EnterpriseNumber) == IPFIX_ReverseInformationElement ) { dbg_printf("" [%i] Enterprise: 1, Type: %u, Length %u Reverse Information Element: %u\n"", i, Type, Length, ntohl(e->EnterpriseNumber)); } else { dbg_printf("" [%i] Enterprise: 1, Type: %u, Length %u EnterpriseNumber: %u\n"", i, Type, Length, ntohl(e->EnterpriseNumber)); } e++; NextElement = (ipfix_template_elements_std_t *)e; } else { dbg_printf("" [%i] Enterprise: 0, Type: %u, Length %u\n"", i, Type, Length); NextElement++; } } dbg_printf(""Processed: %u\n"", size_required); if ( compact_input_order() ) { if ( extension_descriptor[EX_ROUTER_IP_v4].enabled ) { if ( cache.common_extensions[EX_ROUTER_IP_v4] == 0 ) { cache.common_extensions[EX_ROUTER_IP_v4] = 1; num_extensions++; } dbg_printf(""Add sending router IP address (%s) => Extension: %u\n"", fs->sa_family == PF_INET6 ? ""ipv6"" : ""ipv4"", EX_ROUTER_IP_v4); } extension_descriptor[EX_ROUTER_ID].enabled = 0; if ( extension_descriptor[EX_RECEIVED].enabled ) { if ( cache.common_extensions[EX_RECEIVED] == 0 ) { cache.common_extensions[EX_RECEIVED] = 1; num_extensions++; } dbg_printf(""Force add packet received time, Extension: %u\n"", EX_RECEIVED); } #ifdef DEVEL { int i; for (i=4; extension_descriptor[i].id; i++ ) { if ( cache.common_extensions[i] ) { printf(""Enabled extension: %i\n"", i); } } } #endif translation_table = setup_translation_table(exporter, table_id); if (translation_table->extension_map_changed ) { dbg_printf(""Translation Table changed! Add extension map ID: %i\n"", translation_table->extension_info.map->map_id); AddExtensionMap(fs, translation_table->extension_info.map); translation_table->extension_map_changed = 0; dbg_printf(""Translation Table added! map ID: %i\n"", translation_table->extension_info.map->map_id); } if ( !reorder_sequencer(translation_table) ) { LogError(""Process_ipfix: [%u] Failed to reorder sequencer. Remove table id: %u"", exporter->info.id, table_id); remove_translation_table(fs, exporter, table_id); } } else { dbg_printf(""Template does not contain any common fields - skip\n""); } size_left -= size_required; DataPtr = DataPtr + size_required+4; if ( size_left < 4 ) { dbg_printf(""Skip %u bytes padding\n"", size_left); size_left = 0; } free(cache.input_order); cache.input_order = NULL; } } ",visit repo url,bin/ipfix.c,https://github.com/phaag/nfdump,21140510547602,1 5558,[],"struct sigqueue *sigqueue_alloc(void) { struct sigqueue *q; if ((q = __sigqueue_alloc(current, GFP_KERNEL, 0))) q->flags |= SIGQUEUE_PREALLOC; return(q); }",linux-2.6,,,139544813106452088250688471264804939572,0 5520,CWE-125,"ast2obj_keyword(void* _o) { keyword_ty o = (keyword_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(keyword_type, NULL, NULL); if (!result) return NULL; value = ast2obj_identifier(o->arg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_arg, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_expr(o->value); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_value, value) == -1) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,113293443157071,1 1323,['CWE-119'],"asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc) { unsigned char ch; if (eoc == NULL) { if (!asn1_octet_decode(ctx, &ch)) return 0; if (ch != 0x00) { ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; return 0; } if (!asn1_octet_decode(ctx, &ch)) return 0; if (ch != 0x00) { ctx->error = ASN1_ERR_DEC_EOC_MISMATCH; return 0; } return 1; } else { if (ctx->pointer != eoc) { ctx->error = ASN1_ERR_DEC_LENGTH_MISMATCH; return 0; } return 1; } }",linux-2.6,,,159578693093595539370592777924353526237,0 677,CWE-20,"static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t total_len, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int error = 0; if (sk->sk_state & PPPOX_BOUND) { error = -EIO; goto end; } skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &error); if (error < 0) goto end; m->msg_namelen = 0; if (skb) { total_len = min_t(size_t, total_len, skb->len); error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len); if (error == 0) { consume_skb(skb); return total_len; } } kfree_skb(skb); end: return error; }",visit repo url,drivers/net/ppp/pppoe.c,https://github.com/torvalds/linux,210801352169286,1 2203,['CWE-193'],"int generic_segment_checks(const struct iovec *iov, unsigned long *nr_segs, size_t *count, int access_flags) { unsigned long seg; size_t cnt = 0; for (seg = 0; seg < *nr_segs; seg++) { const struct iovec *iv = &iov[seg]; cnt += iv->iov_len; if (unlikely((ssize_t)(cnt|iv->iov_len) < 0)) return -EINVAL; if (access_ok(access_flags, iv->iov_base, iv->iov_len)) continue; if (seg == 0) return -EFAULT; *nr_segs = seg; cnt -= iv->iov_len; break; } *count = cnt; return 0; }",linux-2.6,,,104561351857128802964341545242397610790,0 2563,[],"static const char *parse_attr(const char *src, int lineno, const char *cp, int *num_attr, struct match_attr *res) { const char *ep, *equals; int len; ep = cp + strcspn(cp, blank); equals = strchr(cp, '='); if (equals && ep < equals) equals = NULL; if (equals) len = equals - cp; else len = ep - cp; if (!res) { if (*cp == '-' || *cp == '!') { cp++; len--; } if (invalid_attr_name(cp, len)) { fprintf(stderr, ""%.*s is not a valid attribute name: %s:%d\n"", len, cp, src, lineno); return NULL; } } else { struct attr_state *e; e = &(res->state[*num_attr]); if (*cp == '-' || *cp == '!') { e->setto = (*cp == '-') ? ATTR__FALSE : ATTR__UNSET; cp++; len--; } else if (!equals) e->setto = ATTR__TRUE; else { e->setto = xmemdupz(equals + 1, ep - equals - 1); } e->attr = git_attr(cp, len); } (*num_attr)++; return ep + strspn(ep, blank); }",git,,,219077836728078650959163973110722721503,0 3875,CWE-416,"clear_evalarg(evalarg_T *evalarg, exarg_T *eap) { if (evalarg != NULL) { if (evalarg->eval_tofree != NULL) { if (eap != NULL) { vim_free(eap->cmdline_tofree); eap->cmdline_tofree = *eap->cmdlinep; *eap->cmdlinep = evalarg->eval_tofree; } else vim_free(evalarg->eval_tofree); evalarg->eval_tofree = NULL; } ga_clear_strings(&evalarg->eval_tofree_ga); VIM_CLEAR(evalarg->eval_tofree_lambda); } }",visit repo url,src/eval.c,https://github.com/vim/vim,135188213789812,1 5610,CWE-125,"decode_bytes_with_escapes(struct compiling *c, const node *n, const char *s, size_t len) { return PyBytes_DecodeEscape(s, len, NULL, 0, NULL); }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,79956670048172,1 5391,CWE-125,"size_t OpenMP4SourceUDTA(char *filename) { mp4object *mp4 = (mp4object *)malloc(sizeof(mp4object)); if (mp4 == NULL) return 0; memset(mp4, 0, sizeof(mp4object)); #ifdef _WINDOWS fopen_s(&mp4->mediafp, filename, ""rb""); #else mp4->mediafp = fopen(filename, ""rb""); #endif if (mp4->mediafp) { uint32_t qttag, qtsize32, len; int32_t nest = 0; uint64_t nestsize[MAX_NEST_LEVEL] = { 0 }; uint64_t lastsize = 0, qtsize; do { len = fread(&qtsize32, 1, 4, mp4->mediafp); len += fread(&qttag, 1, 4, mp4->mediafp); if (len == 8) { if (!GPMF_VALID_FOURCC(qttag)) { LONGSEEK(mp4->mediafp, lastsize - 8 - 8, SEEK_CUR); NESTSIZE(lastsize - 8); continue; } qtsize32 = BYTESWAP32(qtsize32); if (qtsize32 == 1) { fread(&qtsize, 1, 8, mp4->mediafp); qtsize = BYTESWAP64(qtsize) - 8; } else qtsize = qtsize32; nest++; if (qtsize < 8) break; if (nest >= MAX_NEST_LEVEL) break; nestsize[nest] = qtsize; lastsize = qtsize; if (qttag == MAKEID('m', 'd', 'a', 't') || qttag == MAKEID('f', 't', 'y', 'p')) { LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); continue; } if (qttag == MAKEID('G', 'P', 'M', 'F')) { mp4->videolength += 1.0; mp4->metadatalength += 1.0; mp4->indexcount = (int)mp4->metadatalength; mp4->metasizes = (uint32_t *)malloc(mp4->indexcount * 4 + 4); memset(mp4->metasizes, 0, mp4->indexcount * 4 + 4); mp4->metaoffsets = (uint64_t *)malloc(mp4->indexcount * 8 + 8); memset(mp4->metaoffsets, 0, mp4->indexcount * 8 + 8); mp4->metasizes[0] = (int)qtsize - 8; mp4->metaoffsets[0] = ftell(mp4->mediafp); mp4->metasize_count = 1; return (size_t)mp4; } if (qttag != MAKEID('m', 'o', 'o', 'v') && qttag != MAKEID('u', 'd', 't', 'a')) { LONGSEEK(mp4->mediafp, qtsize - 8, SEEK_CUR); NESTSIZE(qtsize); continue; } else { NESTSIZE(8); } } } while (len > 0); } return (size_t)mp4; }",visit repo url,demo/GPMF_mp4reader.c,https://github.com/gopro/gpmf-parser,243757314246142,1 6063,['CWE-200'],"inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { struct rtattr **rta = arg; struct ifaddrmsg *ifm = NLMSG_DATA(nlh); struct in6_addr *pfx; pfx = NULL; if (rta[IFA_ADDRESS-1]) { if (RTA_PAYLOAD(rta[IFA_ADDRESS-1]) < sizeof(*pfx)) return -EINVAL; pfx = RTA_DATA(rta[IFA_ADDRESS-1]); } if (rta[IFA_LOCAL-1]) { if (pfx && memcmp(pfx, RTA_DATA(rta[IFA_LOCAL-1]), sizeof(*pfx))) return -EINVAL; pfx = RTA_DATA(rta[IFA_LOCAL-1]); } if (pfx == NULL) return -EINVAL; return inet6_addr_add(ifm->ifa_index, pfx, ifm->ifa_prefixlen); }",linux-2.6,,,293311003346035204496254175460821310231,0 584,[],"static int bad_inode_create (struct inode *dir, struct dentry *dentry, int mode, struct nameidata *nd) { return -EIO; }",linux-2.6,,,92509481825899538507586736458314447533,0 332,NVD-CWE-noinfo,"long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, unsigned long shmlba) { struct shmid_kernel *shp; unsigned long addr; unsigned long size; struct file *file; int err; unsigned long flags; unsigned long prot; int acc_mode; struct ipc_namespace *ns; struct shm_file_data *sfd; struct path path; fmode_t f_mode; unsigned long populate = 0; err = -EINVAL; if (shmid < 0) goto out; else if ((addr = (ulong)shmaddr)) { if (addr & (shmlba - 1)) { if (shmflg & SHM_RND) addr &= ~(shmlba - 1); else #ifndef __ARCH_FORCE_SHMLBA if (addr & ~PAGE_MASK) #endif goto out; } flags = MAP_SHARED | MAP_FIXED; } else { if ((shmflg & SHM_REMAP)) goto out; flags = MAP_SHARED; } if (shmflg & SHM_RDONLY) { prot = PROT_READ; acc_mode = S_IRUGO; f_mode = FMODE_READ; } else { prot = PROT_READ | PROT_WRITE; acc_mode = S_IRUGO | S_IWUGO; f_mode = FMODE_READ | FMODE_WRITE; } if (shmflg & SHM_EXEC) { prot |= PROT_EXEC; acc_mode |= S_IXUGO; } ns = current->nsproxy->ipc_ns; rcu_read_lock(); shp = shm_obtain_object_check(ns, shmid); if (IS_ERR(shp)) { err = PTR_ERR(shp); goto out_unlock; } err = -EACCES; if (ipcperms(ns, &shp->shm_perm, acc_mode)) goto out_unlock; err = security_shm_shmat(shp, shmaddr, shmflg); if (err) goto out_unlock; ipc_lock_object(&shp->shm_perm); if (!ipc_valid_object(&shp->shm_perm)) { ipc_unlock_object(&shp->shm_perm); err = -EIDRM; goto out_unlock; } path = shp->shm_file->f_path; path_get(&path); shp->shm_nattch++; size = i_size_read(d_inode(path.dentry)); ipc_unlock_object(&shp->shm_perm); rcu_read_unlock(); err = -ENOMEM; sfd = kzalloc(sizeof(*sfd), GFP_KERNEL); if (!sfd) { path_put(&path); goto out_nattch; } file = alloc_file(&path, f_mode, is_file_hugepages(shp->shm_file) ? &shm_file_operations_huge : &shm_file_operations); err = PTR_ERR(file); if (IS_ERR(file)) { kfree(sfd); path_put(&path); goto out_nattch; } file->private_data = sfd; file->f_mapping = shp->shm_file->f_mapping; sfd->id = shp->shm_perm.id; sfd->ns = get_ipc_ns(ns); sfd->file = shp->shm_file; sfd->vm_ops = NULL; err = security_mmap_file(file, prot, flags); if (err) goto out_fput; if (down_write_killable(¤t->mm->mmap_sem)) { err = -EINTR; goto out_fput; } if (addr && !(shmflg & SHM_REMAP)) { err = -EINVAL; if (addr + size < addr) goto invalid; if (find_vma_intersection(current->mm, addr, addr + size)) goto invalid; } addr = do_mmap_pgoff(file, addr, size, prot, flags, 0, &populate, NULL); *raddr = addr; err = 0; if (IS_ERR_VALUE(addr)) err = (long)addr; invalid: up_write(¤t->mm->mmap_sem); if (populate) mm_populate(addr, populate); out_fput: fput(file); out_nattch: down_write(&shm_ids(ns).rwsem); shp = shm_lock(ns, shmid); shp->shm_nattch--; if (shm_may_destroy(ns, shp)) shm_destroy(ns, shp); else shm_unlock(shp); up_write(&shm_ids(ns).rwsem); return err; out_unlock: rcu_read_unlock(); out: return err; }",visit repo url,ipc/shm.c,https://github.com/torvalds/linux,24761041164120,1 6213,CWE-190,"void fp24_exp_dig(fp24_t c, const fp24_t a, dig_t b) { bn_t _b; fp24_t t, v; int8_t u, naf[RLC_DIG + 1]; int l; if (b == 0) { fp24_set_dig(c, 1); return; } bn_null(_b); fp24_null(t); fp24_null(v); RLC_TRY { bn_new(_b); fp24_new(t); fp24_new(v); fp24_copy(t, a); if (fp24_test_cyc(a)) { fp24_inv_cyc(v, a); bn_set_dig(_b, b); l = RLC_DIG + 1; bn_rec_naf(naf, &l, _b, 2); for (int i = bn_bits(_b) - 2; i >= 0; i--) { fp24_sqr_cyc(t, t); u = naf[i]; if (u > 0) { fp24_mul(t, t, a); } else if (u < 0) { fp24_mul(t, t, v); } } } else { for (int i = util_bits_dig(b) - 2; i >= 0; i--) { fp24_sqr(t, t); if (b & ((dig_t)1 << i)) { fp24_mul(t, t, a); } } } fp24_copy(c, t); } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(_b); fp24_free(t); fp24_free(v); } }",visit repo url,src/fpx/relic_fpx_exp.c,https://github.com/relic-toolkit/relic,156010662102670,1 336,CWE-119,"static int t220_frontend_attach(struct dvb_usb_adapter *d) { u8 obuf[3] = { 0xe, 0x87, 0 }; u8 ibuf[] = { 0 }; if (dvb_usb_generic_rw(d->dev, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); obuf[0] = 0xe; obuf[1] = 0x86; obuf[2] = 1; if (dvb_usb_generic_rw(d->dev, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); obuf[0] = 0xe; obuf[1] = 0x80; obuf[2] = 0; if (dvb_usb_generic_rw(d->dev, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); msleep(50); obuf[0] = 0xe; obuf[1] = 0x80; obuf[2] = 1; if (dvb_usb_generic_rw(d->dev, obuf, 3, ibuf, 1, 0) < 0) err(""command 0x0e transfer failed.""); obuf[0] = 0x51; if (dvb_usb_generic_rw(d->dev, obuf, 1, ibuf, 1, 0) < 0) err(""command 0x51 transfer failed.""); d->fe_adap[0].fe = dvb_attach(cxd2820r_attach, &cxd2820r_config, &d->dev->i2c_adap, NULL); if (d->fe_adap[0].fe != NULL) { if (dvb_attach(tda18271_attach, d->fe_adap[0].fe, 0x60, &d->dev->i2c_adap, &tda18271_config)) { info(""Attached TDA18271HD/CXD2820R!""); return 0; } } info(""Failed to attach TDA18271HD/CXD2820R!""); return -EIO; }",visit repo url,drivers/media/usb/dvb-usb/dw2102.c,https://github.com/torvalds/linux,128206343834464,1 1086,CWE-189,"static struct vm_area_struct *vma_to_resize(unsigned long addr, unsigned long old_len, unsigned long new_len, unsigned long *p) { struct mm_struct *mm = current->mm; struct vm_area_struct *vma = find_vma(mm, addr); if (!vma || vma->vm_start > addr) goto Efault; if (is_vm_hugetlb_page(vma)) goto Einval; if (old_len > vma->vm_end - addr) goto Efault; if (vma->vm_flags & (VM_DONTEXPAND | VM_PFNMAP)) { if (new_len > old_len) goto Efault; } if (vma->vm_flags & VM_LOCKED) { unsigned long locked, lock_limit; locked = mm->locked_vm << PAGE_SHIFT; lock_limit = rlimit(RLIMIT_MEMLOCK); locked += new_len - old_len; if (locked > lock_limit && !capable(CAP_IPC_LOCK)) goto Eagain; } if (!may_expand_vm(mm, (new_len - old_len) >> PAGE_SHIFT)) goto Enomem; if (vma->vm_flags & VM_ACCOUNT) { unsigned long charged = (new_len - old_len) >> PAGE_SHIFT; if (security_vm_enough_memory(charged)) goto Efault; *p = charged; } return vma; Efault: return ERR_PTR(-EFAULT); Einval: return ERR_PTR(-EINVAL); Enomem: return ERR_PTR(-ENOMEM); Eagain: return ERR_PTR(-EAGAIN); }",visit repo url,mm/mremap.c,https://github.com/torvalds/linux,183547508550610,1 4059,['CWE-362'],"static void audit_put_nd(struct nameidata *ndp, struct nameidata *ndw) { if (ndp) { path_put(&ndp->path); kfree(ndp); } if (ndw) { path_put(&ndw->path); kfree(ndw); } }",linux-2.6,,,74496843986393757176670594827130564336,0 2995,CWE-20,"dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, size_t size, off_t fsize, int *flags, int sh_num) { Elf32_Phdr ph32; Elf64_Phdr ph64; const char *linking_style = ""statically""; const char *interp = """"; unsigned char nbuf[BUFSIZ]; char ibuf[BUFSIZ]; ssize_t bufsize; size_t offset, align, len; if (size != xph_sizeof) { if (file_printf(ms, "", corrupted program header size"") == -1) return -1; return 0; } for ( ; num; num--) { if (pread(fd, xph_addr, xph_sizeof, off) == -1) { file_badread(ms); return -1; } off += size; bufsize = 0; align = 4; switch (xph_type) { case PT_DYNAMIC: linking_style = ""dynamically""; break; case PT_NOTE: if (sh_num) continue; if (((align = xph_align) & 0x80000000UL) != 0 || align < 4) { if (file_printf(ms, "", invalid note alignment 0x%lx"", (unsigned long)align) == -1) return -1; align = 4; } case PT_INTERP: len = xph_filesz < sizeof(nbuf) ? xph_filesz : sizeof(nbuf); bufsize = pread(fd, nbuf, len, xph_offset); if (bufsize == -1) { file_badread(ms); return -1; } break; default: if (fsize != SIZE_UNKNOWN && xph_offset > fsize) { continue; } break; } switch (xph_type) { case PT_INTERP: if (bufsize && nbuf[0]) { nbuf[bufsize - 1] = '\0'; interp = (const char *)nbuf; } else interp = ""*empty*""; break; case PT_NOTE: offset = 0; for (;;) { if (offset >= (size_t)bufsize) break; offset = donote(ms, nbuf, offset, (size_t)bufsize, clazz, swap, align, flags); if (offset == 0) break; } break; default: break; } } if (file_printf(ms, "", %s linked"", linking_style) == -1) return -1; if (interp[0]) if (file_printf(ms, "", interpreter %s"", file_printable(ibuf, sizeof(ibuf), interp)) == -1) return -1; return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,253300860722349,1 3605,['CWE-20'],"struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, const struct sctp_chunk *chunk, __be16 cause_code, const void *payload, size_t paylen) { struct sctp_chunk *retval; retval = sctp_make_op_error_space(asoc, chunk, paylen); if (!retval) goto nodata; sctp_init_cause(retval, cause_code, paylen); sctp_addto_chunk(retval, paylen, payload); nodata: return retval; }",linux-2.6,,,155364056366523978218957819738004741434,0 5853,['CWE-200'],"static int raw_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sk_buff *skb; int err = 0; int noblock; noblock = flags & MSG_DONTWAIT; flags &= ~MSG_DONTWAIT; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) return err; if (size < skb->len) msg->msg_flags |= MSG_TRUNC; else size = skb->len; err = memcpy_toiovec(msg->msg_iov, skb->data, size); if (err < 0) { skb_free_datagram(sk, skb); return err; } sock_recv_timestamp(msg, sk, skb); if (msg->msg_name) { msg->msg_namelen = sizeof(struct sockaddr_can); memcpy(msg->msg_name, skb->cb, msg->msg_namelen); } skb_free_datagram(sk, skb); return size; }",linux-2.6,,,215076786178037788895811787439830333062,0 3830,CWE-126,"get_visual_text( cmdarg_T *cap, char_u **pp, int *lenp) { if (VIsual_mode != 'V') unadjust_for_sel(); if (VIsual.lnum != curwin->w_cursor.lnum) { if (cap != NULL) clearopbeep(cap->oap); return FAIL; } if (VIsual_mode == 'V') { *pp = ml_get_curline(); *lenp = (int)STRLEN(*pp); } else { if (LT_POS(curwin->w_cursor, VIsual)) { *pp = ml_get_pos(&curwin->w_cursor); *lenp = VIsual.col - curwin->w_cursor.col + 1; } else { *pp = ml_get_pos(&VIsual); *lenp = curwin->w_cursor.col - VIsual.col + 1; } if (**pp == NUL) *lenp = 0; if (has_mbyte && *lenp > 0) *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1; } reset_VIsual_and_resel(); return OK; }",visit repo url,src/normal.c,https://github.com/vim/vim,229635704350399,1 315,CWE-617,"static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, size_t msg_len) { struct sock *sk = asoc->base.sk; int err = 0; long current_timeo = *timeo_p; DEFINE_WAIT(wait); pr_debug(""%s: asoc:%p, timeo:%ld, msg_len:%zu\n"", __func__, asoc, *timeo_p, msg_len); sctp_association_hold(asoc); for (;;) { prepare_to_wait_exclusive(&asoc->wait, &wait, TASK_INTERRUPTIBLE); if (!*timeo_p) goto do_nonblock; if (sk->sk_err || asoc->state >= SCTP_STATE_SHUTDOWN_PENDING || asoc->base.dead) goto do_error; if (signal_pending(current)) goto do_interrupted; if (msg_len <= sctp_wspace(asoc)) break; release_sock(sk); current_timeo = schedule_timeout(current_timeo); BUG_ON(sk != asoc->base.sk); lock_sock(sk); *timeo_p = current_timeo; } out: finish_wait(&asoc->wait, &wait); sctp_association_put(asoc); return err; do_error: err = -EPIPE; goto out; do_interrupted: err = sock_intr_errno(*timeo_p); goto out; do_nonblock: err = -EAGAIN; goto out; }",visit repo url,net/sctp/socket.c,https://github.com/torvalds/linux,130908862380422,1 1753,[],"static u64 cpu_rt_period_read_uint(struct cgroup *cgrp, struct cftype *cft) { return sched_group_rt_period(cgroup_tg(cgrp)); }",linux-2.6,,,223764409002162384608804255052131962983,0 6638,['CWE-200'],"nma_gconf_settings_add_connection (NMAGConfSettings *self, NMConnection *connection) { NMAGConfSettingsPrivate *priv; NMAGConfConnection *exported; guint32 i = 0; char *path = NULL; g_return_val_if_fail (NMA_IS_GCONF_SETTINGS (self), NULL); g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL); priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self); while (i++ < G_MAXUINT32) { char buf[255]; snprintf (&buf[0], 255, GCONF_PATH_CONNECTIONS""/%d"", i); if (!gconf_client_dir_exists (priv->client, buf, NULL)) { path = g_strdup (buf); break; } } if (path == NULL) { nm_warning (""Couldn't find free GConf directory for new connection.""); return NULL; } exported = nma_gconf_connection_new_from_connection (priv->client, path, connection); g_free (path); if (!exported) return NULL; add_connection_real (self, exported); nma_gconf_connection_save (exported); return exported; }",network-manager-applet,,,255673554111850357561573304847205012256,0 1163,['CWE-189'],"static void hrtimer_force_reprogram(struct hrtimer_cpu_base *cpu_base) { int i; struct hrtimer_clock_base *base = cpu_base->clock_base; ktime_t expires; cpu_base->expires_next.tv64 = KTIME_MAX; for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++, base++) { struct hrtimer *timer; if (!base->first) continue; timer = rb_entry(base->first, struct hrtimer, node); expires = ktime_sub(timer->expires, base->offset); if (expires.tv64 < cpu_base->expires_next.tv64) cpu_base->expires_next = expires; } if (cpu_base->expires_next.tv64 != KTIME_MAX) tick_program_event(cpu_base->expires_next, 1); }",linux-2.6,,,269429321497458463096005232621723433905,0 2480,['CWE-119'],"int diff_filespec_is_binary(struct diff_filespec *one) { diff_filespec_check_attr(one); return one->is_binary; }",git,,,169063385957075215994604400415097597309,0 3084,['CWE-189'],"static int jp2_putuint8(jas_stream_t *out, uint_fast8_t val) { if (jas_stream_putc(out, val & 0xff) == EOF) { return -1; } return 0; }",jasper,,,234026117742976113950284983298806995829,0 1990,CWE-787,"int mpol_parse_str(char *str, struct mempolicy **mpol) { struct mempolicy *new = NULL; unsigned short mode_flags; nodemask_t nodes; char *nodelist = strchr(str, ':'); char *flags = strchr(str, '='); int err = 1, mode; if (flags) *flags++ = '\0'; if (nodelist) { *nodelist++ = '\0'; if (nodelist_parse(nodelist, nodes)) goto out; if (!nodes_subset(nodes, node_states[N_MEMORY])) goto out; } else nodes_clear(nodes); mode = match_string(policy_modes, MPOL_MAX, str); if (mode < 0) goto out; switch (mode) { case MPOL_PREFERRED: if (nodelist) { char *rest = nodelist; while (isdigit(*rest)) rest++; if (*rest) goto out; } break; case MPOL_INTERLEAVE: if (!nodelist) nodes = node_states[N_MEMORY]; break; case MPOL_LOCAL: if (nodelist) goto out; mode = MPOL_PREFERRED; break; case MPOL_DEFAULT: if (!nodelist) err = 0; goto out; case MPOL_BIND: if (!nodelist) goto out; } mode_flags = 0; if (flags) { if (!strcmp(flags, ""static"")) mode_flags |= MPOL_F_STATIC_NODES; else if (!strcmp(flags, ""relative"")) mode_flags |= MPOL_F_RELATIVE_NODES; else goto out; } new = mpol_new(mode, mode_flags, &nodes); if (IS_ERR(new)) goto out; if (mode != MPOL_PREFERRED) new->v.nodes = nodes; else if (nodelist) new->v.preferred_node = first_node(nodes); else new->flags |= MPOL_F_LOCAL; new->w.user_nodemask = nodes; err = 0; out: if (nodelist) *--nodelist = ':'; if (flags) *--flags = '='; if (!err) *mpol = new; return err; }",visit repo url,mm/mempolicy.c,https://github.com/torvalds/linux,70664457568105,1 4926,['CWE-20'],"int nfs_neg_need_reval(struct inode *dir, struct dentry *dentry, struct nameidata *nd) { if (nd != NULL && nfs_lookup_check_intent(nd, LOOKUP_CREATE) != 0) return 0; return !nfs_check_verifier(dir, dentry); }",linux-2.6,,,29778705919658935762162852702092418864,0 3229,['CWE-189'],"int jpc_pptstabwrite(jas_stream_t *out, jpc_ppxstab_t *tab) { int i; jpc_ppxstabent_t *ent; for (i = 0; i < tab->numents; ++i) { ent = tab->ents[i]; if (jas_stream_write(out, ent->data, ent->len) != JAS_CAST(int, ent->len)) { return -1; } } return 0; }",jasper,,,164398756813873038195006429984260508019,0 5202,['CWE-20'],"static int handle_rmode_exception(struct kvm_vcpu *vcpu, int vec, u32 err_code) { if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0) if (emulate_instruction(vcpu, NULL, 0, 0, 0) == EMULATE_DONE) return 1; switch (vec) { case DB_VECTOR: if (vcpu->guest_debug & (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) return 0; kvm_queue_exception(vcpu, vec); return 1; case BP_VECTOR: if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP) return 0; case DE_VECTOR: case OF_VECTOR: case BR_VECTOR: case UD_VECTOR: case DF_VECTOR: case SS_VECTOR: case GP_VECTOR: case MF_VECTOR: kvm_queue_exception(vcpu, vec); return 1; } return 0; }",linux-2.6,,,174875246041178840501442533167244854098,0 4867,['CWE-189'],"static unsigned long ecryptfs_get_zeroed_pages(gfp_t gfp_mask, unsigned int order) { struct page *page; page = alloc_pages(gfp_mask | __GFP_ZERO, order); if (page) return (unsigned long) page_address(page); return 0; }",linux-2.6,,,259163028708462752931707737861439187763,0 3160,['CWE-189'],"static int mif_hdr_put(mif_hdr_t *hdr, jas_stream_t *out) { int cmptno; mif_cmpt_t *cmpt; jas_stream_putc(out, (MIF_MAGIC >> 24) & 0xff); jas_stream_putc(out, (MIF_MAGIC >> 16) & 0xff); jas_stream_putc(out, (MIF_MAGIC >> 8) & 0xff); jas_stream_putc(out, MIF_MAGIC & 0xff); for (cmptno = 0; cmptno < hdr->numcmpts; ++cmptno) { cmpt = hdr->cmpts[cmptno]; jas_stream_printf(out, ""component tlx=%ld tly=%ld "" ""sampperx=%ld samppery=%ld width=%ld height=%ld prec=%d sgnd=%d"", cmpt->tlx, cmpt->tly, cmpt->sampperx, cmpt->samppery, cmpt->width, cmpt->height, cmpt->prec, cmpt->sgnd); if (cmpt->data) { jas_stream_printf(out, "" data=%s"", cmpt->data); } jas_stream_printf(out, ""\n""); } jas_stream_printf(out, ""end\n""); return 0; }",jasper,,,139108871330252660301075715737857156066,0 4545,['CWE-20'],"static void ext4_update_dx_flag(struct inode *inode) { if (!EXT4_HAS_COMPAT_FEATURE(inode->i_sb, EXT4_FEATURE_COMPAT_DIR_INDEX)) EXT4_I(inode)->i_flags &= ~EXT4_INDEX_FL; }",linux-2.6,,,117341786348524477035364857562469668038,0 2521,['CWE-119'],"static void add_pending_commit_list(struct rev_info *revs, struct commit_list *commit_list, unsigned int flags) { while (commit_list) { struct object *object = &commit_list->item->object; object->flags |= flags; add_pending_object(revs, object, sha1_to_hex(object->sha1)); commit_list = commit_list->next; } }",git,,,303638053252262584142451765570598802250,0 2808,CWE-401,"static BOOL region16_simplify_bands(REGION16* region) { RECTANGLE_16* band1, *band2, *endPtr, *endBand, *tmp; int nbRects, finalNbRects; int bandItems, toMove; finalNbRects = nbRects = region16_n_rects(region); if (nbRects < 2) return TRUE; band1 = region16_rects_noconst(region); endPtr = band1 + nbRects; do { band2 = next_band(band1, endPtr, &bandItems); if (band2 == endPtr) break; if ((band1->bottom == band2->top) && band_match(band1, band2, endPtr)) { tmp = band1; while (tmp < band2) { tmp->bottom = band2->bottom; tmp++; } endBand = band2 + bandItems; toMove = (endPtr - endBand) * sizeof(RECTANGLE_16); if (toMove) MoveMemory(band2, endBand, toMove); finalNbRects -= bandItems; endPtr -= bandItems; } else { band1 = band2; } } while (TRUE); if (finalNbRects != nbRects) { int allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16)); region->data = realloc(region->data, allocSize); if (!region->data) { region->data = &empty_region; return FALSE; } region->data->nbRects = finalNbRects; region->data->size = allocSize; } return TRUE; }",visit repo url,libfreerdp/codec/region.c,https://github.com/FreeRDP/FreeRDP,83468785683683,1 4480,['CWE-264'],"static int skfp_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) { struct s_smc *smc = netdev_priv(dev); skfddi_priv *lp = &smc->os; struct s_skfp_ioctl ioc; int status = 0; if (copy_from_user(&ioc, rq->ifr_data, sizeof(struct s_skfp_ioctl))) return -EFAULT; switch (ioc.cmd) { case SKFP_GET_STATS: ioc.len = sizeof(lp->MacStat); status = copy_to_user(ioc.data, skfp_ctl_get_stats(dev), ioc.len) ? -EFAULT : 0; break; case SKFP_CLR_STATS: if (!capable(CAP_NET_ADMIN)) { status = -EPERM; } else { memset(&lp->MacStat, 0, sizeof(lp->MacStat)); } break; default: printk(""ioctl for %s: unknow cmd: %04x\n"", dev->name, ioc.cmd); status = -EOPNOTSUPP; } return status; } ",linux-2.6,,,309274014351188764434844375939554483784,0 1271,[],"m4_divert (struct obstack *obs, int argc, token_data **argv) { int i = 0; if (bad_argc (argv[0], argc, 1, 2)) return; if (argc >= 2 && !numeric_arg (argv[0], ARG (1), &i)) return; make_diversion (i); }",m4,,,7112938685599703661299909143264091983,0 5600,[],"static int ptrace_signal(int signr, siginfo_t *info, struct pt_regs *regs, void *cookie) { if (!task_ptrace(current)) return signr; ptrace_signal_deliver(regs, cookie); ptrace_stop(signr, 0, info); signr = current->exit_code; if (signr == 0) return signr; current->exit_code = 0; if (signr != info->si_signo) { info->si_signo = signr; info->si_errno = 0; info->si_code = SI_USER; info->si_pid = task_pid_vnr(current->parent); info->si_uid = task_uid(current->parent); } if (sigismember(¤t->blocked, signr)) { specific_send_sig_info(signr, info, current); signr = 0; } return signr; }",linux-2.6,,,107868660045408863917689929160449336984,0 4817,['CWE-399'],"static int find_inode(const char __user *dirname, struct path *path, unsigned flags) { int error; error = user_path_at(AT_FDCWD, dirname, flags, path); if (error) return error; error = inode_permission(path->dentry->d_inode, MAY_READ); if (error) path_put(path); return error; }",linux-2.6,,,175644601817204816631240040232182042278,0 4947,CWE-401,"int db__message_store_find(struct mosquitto *context, uint16_t mid, struct mosquitto_msg_store **stored) { struct mosquitto_client_msg *tail; if(!context) return MOSQ_ERR_INVAL; *stored = NULL; DL_FOREACH(context->msgs_in.inflight, tail){ if(tail->store->source_mid == mid){ *stored = tail->store; return MOSQ_ERR_SUCCESS; } } DL_FOREACH(context->msgs_in.queued, tail){ if(tail->store->source_mid == mid){ *stored = tail->store; return MOSQ_ERR_SUCCESS; } } return 1; }",visit repo url,src/database.c,https://github.com/eclipse/mosquitto,160637615530406,1 466,CWE-20,"void big_key_revoke(struct key *key) { struct path *path = (struct path *)&key->payload.data[big_key_path]; key_payload_reserve(key, 0); if (key_is_instantiated(key) && (size_t)key->payload.data[big_key_len] > BIG_KEY_FILE_THRESHOLD) vfs_truncate(path, 0); }",visit repo url,security/keys/big_key.c,https://github.com/torvalds/linux,275546997537921,1 782,['CWE-119'],"isdn_net_findif(char *name) { isdn_net_dev *p = dev->netdev; while (p) { if (!strcmp(p->dev->name, name)) return p; p = (isdn_net_dev *) p->next; } return (isdn_net_dev *) NULL; }",linux-2.6,,,69558669931675240828883582512512589900,0 4548,['CWE-20'],"static inline int search_dirblock(struct buffer_head *bh, struct inode *dir, const struct qstr *d_name, unsigned int offset, struct ext4_dir_entry_2 ** res_dir) { struct ext4_dir_entry_2 * de; char * dlimit; int de_len; const char *name = d_name->name; int namelen = d_name->len; de = (struct ext4_dir_entry_2 *) bh->b_data; dlimit = bh->b_data + dir->i_sb->s_blocksize; while ((char *) de < dlimit) { if ((char *) de + namelen <= dlimit && ext4_match (namelen, name, de)) { if (!ext4_check_dir_entry(""ext4_find_entry"", dir, de, bh, offset)) return -1; *res_dir = de; return 1; } de_len = ext4_rec_len_from_disk(de->rec_len); if (de_len <= 0) return -1; offset += de_len; de = (struct ext4_dir_entry_2 *) ((char *) de + de_len); } return 0; }",linux-2.6,,,339359463232024650462742904002676477956,0 2932,['CWE-189'],"static void jpc_mqenc_setbits(jpc_mqenc_t *mqenc) { uint_fast32_t tmp = mqenc->creg + mqenc->areg; mqenc->creg |= 0xffff; if (mqenc->creg >= tmp) { mqenc->creg -= 0x8000; } }",jasper,,,304150484805368349192115176819402546616,0 626,['CWE-189'],"static struct sk_buff *ieee80211_frag_cache_get(struct ieee80211_device *ieee, struct ieee80211_hdr_4addr *hdr) { struct sk_buff *skb = NULL; u16 sc; unsigned int frag, seq; struct ieee80211_frag_entry *entry; sc = le16_to_cpu(hdr->seq_ctl); frag = WLAN_GET_SEQ_FRAG(sc); seq = WLAN_GET_SEQ_SEQ(sc); if (frag == 0) { skb = dev_alloc_skb(ieee->dev->mtu + sizeof(struct ieee80211_hdr_4addr) + 8 + 2 + 8 + ETH_ALEN ); if (skb == NULL) return NULL; entry = &ieee->frag_cache[ieee->frag_next_idx]; ieee->frag_next_idx++; if (ieee->frag_next_idx >= IEEE80211_FRAG_CACHE_LEN) ieee->frag_next_idx = 0; if (entry->skb != NULL) dev_kfree_skb_any(entry->skb); entry->first_frag_time = jiffies; entry->seq = seq; entry->last_frag = frag; entry->skb = skb; memcpy(entry->src_addr, hdr->addr2, ETH_ALEN); memcpy(entry->dst_addr, hdr->addr1, ETH_ALEN); } else { entry = ieee80211_frag_cache_find(ieee, seq, frag, hdr->addr2, hdr->addr1); if (entry != NULL) { entry->last_frag = frag; skb = entry->skb; } } return skb; }",linux-2.6,,,228675683238698324007193600488365063679,0 845,CWE-20,"static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, struct msghdr *msg_sys, unsigned int flags, int nosec) { struct compat_msghdr __user *msg_compat = (struct compat_msghdr __user *)msg; struct iovec iovstack[UIO_FASTIOV]; struct iovec *iov = iovstack; unsigned long cmsg_ptr; int err, total_len, len; struct sockaddr_storage addr; struct sockaddr __user *uaddr; int __user *uaddr_len; if (MSG_CMSG_COMPAT & flags) { if (get_compat_msghdr(msg_sys, msg_compat)) return -EFAULT; } else { err = copy_msghdr_from_user(msg_sys, msg); if (err) return err; } if (msg_sys->msg_iovlen > UIO_FASTIOV) { err = -EMSGSIZE; if (msg_sys->msg_iovlen > UIO_MAXIOV) goto out; err = -ENOMEM; iov = kmalloc(msg_sys->msg_iovlen * sizeof(struct iovec), GFP_KERNEL); if (!iov) goto out; } uaddr = (__force void __user *)msg_sys->msg_name; uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); } else err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE); if (err < 0) goto out_freeiov; total_len = err; cmsg_ptr = (unsigned long)msg_sys->msg_control; msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT); if (sock->file->f_flags & O_NONBLOCK) flags |= MSG_DONTWAIT; err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys, total_len, flags); if (err < 0) goto out_freeiov; len = err; if (uaddr != NULL) { err = move_addr_to_user(&addr, msg_sys->msg_namelen, uaddr, uaddr_len); if (err < 0) goto out_freeiov; } err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT), COMPAT_FLAGS(msg)); if (err) goto out_freeiov; if (MSG_CMSG_COMPAT & flags) err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr, &msg_compat->msg_controllen); else err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr, &msg->msg_controllen); if (err) goto out_freeiov; err = len; out_freeiov: if (iov != iovstack) kfree(iov); out: return err; }",visit repo url,net/socket.c,https://github.com/torvalds/linux,76305007079054,1 6593,CWE-787,"void _luac_build_info(LuaProto *proto, LuacBinInfo *info) { char *section_name; char *symbol_name; char *proto_name; char **upvalue_names = NULL; RzListIter *iter; int i = 0; ut64 current_offset; ut64 current_size; if (proto->name_size == 0 || proto->proto_name == NULL) { proto_name = rz_str_newf(""fcn.%08llx"", proto->offset); } else { proto_name = rz_str_new((char *)proto->proto_name); } current_offset = proto->offset; current_size = proto->size; section_name = rz_str_newf(""%s.header"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); current_offset = proto->code_offset; current_size = proto->code_size; section_name = rz_str_newf(""%s.code"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, true); RZ_FREE(section_name); current_offset = proto->const_offset; current_size = proto->const_size; section_name = rz_str_newf(""%s.const"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); current_offset = proto->upvalue_offset; current_size = proto->upvalue_size; section_name = rz_str_newf(""%s.upvalues"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); current_offset = proto->inner_proto_offset; current_size = proto->inner_proto_size; section_name = rz_str_newf(""%s.protos"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); current_offset = proto->debug_offset; current_size = proto->debug_size; section_name = rz_str_newf(""%s.debug"", proto_name); luac_add_section(info->section_list, section_name, current_offset, current_size, false); RZ_FREE(section_name); LuaLocalVarEntry *local_var_entry; rz_list_foreach (proto->local_var_info_entries, iter, local_var_entry) { luac_add_string( info->string_list, (char *)local_var_entry->varname, local_var_entry->offset, local_var_entry->varname_len); } size_t real_upvalue_cnt = rz_list_length(proto->upvalue_entries); if (real_upvalue_cnt > 0) { LuaDbgUpvalueEntry *debug_upv_entry; upvalue_names = RZ_NEWS0(char *, real_upvalue_cnt); if (!upvalue_names) { free(proto_name); return; } i = 0; rz_list_foreach (proto->dbg_upvalue_entries, iter, debug_upv_entry) { upvalue_names[i] = (char *)debug_upv_entry->upvalue_name; luac_add_string( info->string_list, upvalue_names[i], debug_upv_entry->offset, debug_upv_entry->name_len); i++; } } LuaConstEntry *const_entry; rz_list_foreach (proto->const_entries, iter, const_entry) { symbol_name = get_constant_symbol_name(proto_name, const_entry); luac_add_symbol( info->symbol_list, symbol_name, const_entry->offset, const_entry->data_len, get_tag_string(const_entry->tag)); if (const_entry->tag == LUA_VLNGSTR || const_entry->tag == LUA_VSHRSTR) { luac_add_string( info->string_list, (char *)const_entry->data, const_entry->offset, const_entry->data_len); } RZ_FREE(symbol_name); } LuaUpvalueEntry *upvalue_entry; i = 0; rz_list_foreach (proto->upvalue_entries, iter, upvalue_entry) { symbol_name = get_upvalue_symbol_name(proto_name, upvalue_entry, upvalue_names[i++]); luac_add_symbol( info->symbol_list, symbol_name, upvalue_entry->offset, 3, ""UPVALUE""); RZ_FREE(symbol_name); } LuaProto *sub_proto; rz_list_foreach (proto->proto_entries, iter, sub_proto) { _luac_build_info(sub_proto, info); } free(upvalue_names); free(proto_name); }",visit repo url,librz/bin/format/luac/luac_bin.c,https://github.com/rizinorg/rizin,103039971219568,1 1020,['CWE-20'],"asmlinkage long sys_getpriority(int which, int who) { struct task_struct *g, *p; struct user_struct *user; long niceval, retval = -ESRCH; struct pid *pgrp; if (which > 2 || which < 0) return -EINVAL; read_lock(&tasklist_lock); switch (which) { case PRIO_PROCESS: if (who) p = find_task_by_pid(who); else p = current; if (p) { niceval = 20 - task_nice(p); if (niceval > retval) retval = niceval; } break; case PRIO_PGRP: if (who) pgrp = find_pid(who); else pgrp = task_pgrp(current); do_each_pid_task(pgrp, PIDTYPE_PGID, p) { niceval = 20 - task_nice(p); if (niceval > retval) retval = niceval; } while_each_pid_task(pgrp, PIDTYPE_PGID, p); break; case PRIO_USER: user = current->user; if (!who) who = current->uid; else if ((who != current->uid) && !(user = find_user(who))) goto out_unlock; do_each_thread(g, p) if (p->uid == who) { niceval = 20 - task_nice(p); if (niceval > retval) retval = niceval; } while_each_thread(g, p); if (who != current->uid) free_uid(user); break; } out_unlock: read_unlock(&tasklist_lock); return retval; }",linux-2.6,,,81041242515733999175319077069979081248,0 2094,CWE-416,"void dump_mm(const struct mm_struct *mm) { pr_emerg(""mm %px mmap %px seqnum %d task_size %lu\n"" #ifdef CONFIG_MMU ""get_unmapped_area %px\n"" #endif ""mmap_base %lu mmap_legacy_base %lu highest_vm_end %lu\n"" ""pgd %px mm_users %d mm_count %d pgtables_bytes %lu map_count %d\n"" ""hiwater_rss %lx hiwater_vm %lx total_vm %lx locked_vm %lx\n"" ""pinned_vm %lx data_vm %lx exec_vm %lx stack_vm %lx\n"" ""start_code %lx end_code %lx start_data %lx end_data %lx\n"" ""start_brk %lx brk %lx start_stack %lx\n"" ""arg_start %lx arg_end %lx env_start %lx env_end %lx\n"" ""binfmt %px flags %lx core_state %px\n"" #ifdef CONFIG_AIO ""ioctx_table %px\n"" #endif #ifdef CONFIG_MEMCG ""owner %px "" #endif ""exe_file %px\n"" #ifdef CONFIG_MMU_NOTIFIER ""mmu_notifier_mm %px\n"" #endif #ifdef CONFIG_NUMA_BALANCING ""numa_next_scan %lu numa_scan_offset %lu numa_scan_seq %d\n"" #endif ""tlb_flush_pending %d\n"" ""def_flags: %#lx(%pGv)\n"", mm, mm->mmap, mm->vmacache_seqnum, mm->task_size, #ifdef CONFIG_MMU mm->get_unmapped_area, #endif mm->mmap_base, mm->mmap_legacy_base, mm->highest_vm_end, mm->pgd, atomic_read(&mm->mm_users), atomic_read(&mm->mm_count), mm_pgtables_bytes(mm), mm->map_count, mm->hiwater_rss, mm->hiwater_vm, mm->total_vm, mm->locked_vm, mm->pinned_vm, mm->data_vm, mm->exec_vm, mm->stack_vm, mm->start_code, mm->end_code, mm->start_data, mm->end_data, mm->start_brk, mm->brk, mm->start_stack, mm->arg_start, mm->arg_end, mm->env_start, mm->env_end, mm->binfmt, mm->flags, mm->core_state, #ifdef CONFIG_AIO mm->ioctx_table, #endif #ifdef CONFIG_MEMCG mm->owner, #endif mm->exe_file, #ifdef CONFIG_MMU_NOTIFIER mm->mmu_notifier_mm, #endif #ifdef CONFIG_NUMA_BALANCING mm->numa_next_scan, mm->numa_scan_offset, mm->numa_scan_seq, #endif atomic_read(&mm->tlb_flush_pending), mm->def_flags, &mm->def_flags ); }",visit repo url,mm/debug.c,https://github.com/torvalds/linux,94484161669895,1 5282,['CWE-264'],"static mode_t map_nt_perms( uint32 *mask, int type) { mode_t mode = 0; switch(type) { case S_IRUSR: if((*mask) & GENERIC_ALL_ACCESS) mode = S_IRUSR|S_IWUSR|S_IXUSR; else { mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0; mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0; mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0; } break; case S_IRGRP: if((*mask) & GENERIC_ALL_ACCESS) mode = S_IRGRP|S_IWGRP|S_IXGRP; else { mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0; mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0; mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0; } break; case S_IROTH: if((*mask) & GENERIC_ALL_ACCESS) mode = S_IROTH|S_IWOTH|S_IXOTH; else { mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0; mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0; mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0; } break; } return mode; }",samba,,,77681252309089738276708663600866652768,0 3794,[],"static void *unix_seq_start(struct seq_file *seq, loff_t *pos) { spin_lock(&unix_table_lock); return *pos ? unix_seq_idx(seq->private, *pos - 1) : ((void *) 1); }",linux-2.6,,,210812703204124615800949653272621054048,0 3315,CWE-119,"header_put_be_3byte (SF_PRIVATE *psf, int x) { if (psf->headindex < SIGNED_SIZEOF (psf->header) - 3) { psf->header [psf->headindex++] = (x >> 16) ; psf->header [psf->headindex++] = (x >> 8) ; psf->header [psf->headindex++] = x ; } ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,140399390692970,1 6537,['CWE-200'],"activate_connection_cb (gpointer user_data, const char *path, GError *error) { if (error) nm_warning (""Connection activation failed: %s"", error->message); applet_schedule_update_icon (NM_APPLET (user_data)); }",network-manager-applet,,,267087432359321447421848882149109857341,0 3633,['CWE-287'],"void sctp_assoc_rwnd_increase(struct sctp_association *asoc, unsigned len) { struct sctp_chunk *sack; struct timer_list *timer; if (asoc->rwnd_over) { if (asoc->rwnd_over >= len) { asoc->rwnd_over -= len; } else { asoc->rwnd += (len - asoc->rwnd_over); asoc->rwnd_over = 0; } } else { asoc->rwnd += len; } SCTP_DEBUG_PRINTK(""%s: asoc %p rwnd increased by %d to (%u, %u) "" ""- %u\n"", __func__, asoc, len, asoc->rwnd, asoc->rwnd_over, asoc->a_rwnd); if (sctp_peer_needs_update(asoc)) { asoc->a_rwnd = asoc->rwnd; SCTP_DEBUG_PRINTK(""%s: Sending window update SACK- asoc: %p "" ""rwnd: %u a_rwnd: %u\n"", __func__, asoc, asoc->rwnd, asoc->a_rwnd); sack = sctp_make_sack(asoc); if (!sack) return; asoc->peer.sack_needed = 0; sctp_outq_tail(&asoc->outqueue, sack); timer = &asoc->timers[SCTP_EVENT_TIMEOUT_SACK]; if (timer_pending(timer) && del_timer(timer)) sctp_association_put(asoc); } }",linux-2.6,,,305267898482212092137537217220076763235,0 6003,['CWE-200'],"static int cbq_set_overlimit(struct cbq_class *cl, struct tc_cbq_ovl *ovl) { switch (ovl->strategy) { case TC_CBQ_OVL_CLASSIC: cl->overlimit = cbq_ovl_classic; break; case TC_CBQ_OVL_DELAY: cl->overlimit = cbq_ovl_delay; break; case TC_CBQ_OVL_LOWPRIO: if (ovl->priority2-1 >= TC_CBQ_MAXPRIO || ovl->priority2-1 <= cl->priority) return -EINVAL; cl->priority2 = ovl->priority2-1; cl->overlimit = cbq_ovl_lowprio; break; case TC_CBQ_OVL_DROP: cl->overlimit = cbq_ovl_drop; break; case TC_CBQ_OVL_RCLASSIC: cl->overlimit = cbq_ovl_rclassic; break; default: return -EINVAL; } cl->penalty = (ovl->penalty*HZ)/1000; return 0; }",linux-2.6,,,130761081039345487419228347426135260715,0 6078,CWE-190,"void bn_rand(bn_t a, int sign, int bits) { int digits; RLC_RIP(bits, digits, bits); digits += (bits > 0 ? 1 : 0); bn_grow(a, digits); rand_bytes((uint8_t *)a->dp, digits * sizeof(dig_t)); a->used = digits; a->sign = sign; if (bits > 0) { dig_t mask = ((dig_t)1 << (dig_t)bits) - 1; a->dp[a->used - 1] &= mask; } bn_trim(a); }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,131300962850502,1 6519,CWE-125,"MOBI_RET mobi_decode_infl(unsigned char *decoded, int *decoded_size, const unsigned char *rule) { int pos = *decoded_size; char mod = 'i'; char dir = '<'; char olddir; unsigned char c; while ((c = *rule++)) { if (c <= 4) { mod = (c <= 2) ? 'i' : 'd'; olddir = dir; dir = (c & 2) ? '<' : '>'; if (olddir != dir && olddir) { pos = (c & 2) ? *decoded_size : 0; } } else if (c > 10 && c < 20) { if (dir == '>') { pos = *decoded_size; } pos -= c - 10; dir = 0; if (pos < 0 || pos > *decoded_size) { debug_print(""Position setting failed (%s)\n"", decoded); return MOBI_DATA_CORRUPT; } } else { if (mod == 'i') { const unsigned char *s = decoded + pos; unsigned char *d = decoded + pos + 1; const int l = *decoded_size - pos; if (l < 0 || d + l > decoded + INDX_INFLBUF_SIZEMAX) { debug_print(""Out of buffer in %s at pos: %i\n"", decoded, pos); return MOBI_DATA_CORRUPT; } memmove(d, s, (size_t) l); decoded[pos] = c; (*decoded_size)++; if (dir == '>') { pos++; } } else { if (dir == '<') { pos--; } const unsigned char *s = decoded + pos + 1; unsigned char *d = decoded + pos; const int l = *decoded_size - pos; if (l < 0 || d + l > decoded + INDX_INFLBUF_SIZEMAX) { debug_print(""Out of buffer in %s at pos: %i\n"", decoded, pos); return MOBI_DATA_CORRUPT; } if (decoded[pos] != c) { debug_print(""Character mismatch in %s at pos: %i (%c != %c)\n"", decoded, pos, decoded[pos], c); return MOBI_DATA_CORRUPT; } memmove(d, s, (size_t) l); (*decoded_size)--; } } } return MOBI_SUCCESS; }",visit repo url,src/index.c,https://github.com/bfabiszewski/libmobi,249615580540804,1 3163,['CWE-189'],"static int jas_icclut16_output(jas_iccattrval_t *attrval, jas_stream_t *out) { jas_icclut16_t *lut16 = &attrval->data.lut16; int i; int j; int n; if (jas_stream_putc(out, lut16->numinchans) == EOF || jas_stream_putc(out, lut16->numoutchans) == EOF || jas_stream_putc(out, lut16->clutlen) == EOF || jas_stream_putc(out, 0) == EOF) goto error; for (i = 0; i < 3; ++i) { for (j = 0; j < 3; ++j) { if (jas_iccputsint32(out, lut16->e[i][j])) goto error; } } if (jas_iccputuint16(out, lut16->numintabents) || jas_iccputuint16(out, lut16->numouttabents)) goto error; n = lut16->numinchans * lut16->numintabents; for (i = 0; i < n; ++i) { if (jas_iccputuint16(out, lut16->intabsbuf[i])) goto error; } n = lut16->numoutchans * lut16->numouttabents; for (i = 0; i < n; ++i) { if (jas_iccputuint16(out, lut16->outtabsbuf[i])) goto error; } n = jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans; for (i = 0; i < n; ++i) { if (jas_iccputuint16(out, lut16->clut[i])) goto error; } return 0; error: return -1; }",jasper,,,186195505498115428091221194232942918832,0 4061,CWE-125,"struct import_t* MACH0_(get_imports)(struct MACH0_(obj_t)* bin) { struct import_t *imports; int i, j, idx, stridx; const char *symstr; if (!bin->symtab || !bin->symstr || !bin->sects || !bin->indirectsyms) return NULL; if (bin->dysymtab.nundefsym < 1 || bin->dysymtab.nundefsym > 0xfffff) { return NULL; } if (!(imports = malloc ((bin->dysymtab.nundefsym + 1) * sizeof (struct import_t)))) { return NULL; } for (i = j = 0; i < bin->dysymtab.nundefsym; i++) { idx = bin->dysymtab.iundefsym + i; if (idx < 0 || idx >= bin->nsymtab) { bprintf (""WARNING: Imports index out of bounds. Ignoring relocs\n""); free (imports); return NULL; } stridx = bin->symtab[idx].n_strx; if (stridx >= 0 && stridx < bin->symstrlen) { symstr = (char *)bin->symstr + stridx; } else { symstr = """"; } if (!*symstr) { continue; } { int i = 0; int len = 0; char *symstr_dup = NULL; len = bin->symstrlen - stridx; imports[j].name[0] = 0; if (len > 0) { for (i = 0; i < len; i++) { if ((unsigned char)symstr[i] == 0xff || !symstr[i]) { len = i; break; } } symstr_dup = r_str_ndup (symstr, len); if (symstr_dup) { r_str_ncpy (imports[j].name, symstr_dup, R_BIN_MACH0_STRING_LENGTH); r_str_filter (imports[j].name, - 1); imports[j].name[R_BIN_MACH0_STRING_LENGTH - 2] = 0; free (symstr_dup); } } } imports[j].ord = i; imports[j++].last = 0; } imports[j].last = 1; if (!bin->imports_by_ord_size) { if (j > 0) { bin->imports_by_ord_size = j; bin->imports_by_ord = (RBinImport**)calloc (j, sizeof (RBinImport*)); } else { bin->imports_by_ord_size = 0; bin->imports_by_ord = NULL; } } return imports; }",visit repo url,libr/bin/format/mach0/mach0.c,https://github.com/radare/radare2,53616767991336,1 3582,CWE-20,"int mif_validate(jas_stream_t *in) { uchar buf[MIF_MAGICLEN]; uint_fast32_t magic; int i; int n; assert(JAS_STREAM_MAXPUTBACK >= MIF_MAGICLEN); if ((n = jas_stream_read(in, buf, MIF_MAGICLEN)) < 0) { return -1; } for (i = n - 1; i >= 0; --i) { if (jas_stream_ungetc(in, buf[i]) == EOF) { return -1; } } if (n < MIF_MAGICLEN) { return -1; } magic = (JAS_CAST(uint_fast32_t, buf[0]) << 24) | (JAS_CAST(uint_fast32_t, buf[1]) << 16) | (JAS_CAST(uint_fast32_t, buf[2]) << 8) | buf[3]; if (magic != MIF_MAGIC) { return -1; } return 0; }",visit repo url,src/libjasper/mif/mif_cod.c,https://github.com/mdadams/jasper,229605400366530,1 240,[],"static int __fat_readdir(struct inode *inode, struct file *filp, void *dirent, filldir_t filldir, int short_only, int both) { struct super_block *sb = inode->i_sb; struct msdos_sb_info *sbi = MSDOS_SB(sb); struct buffer_head *bh; struct msdos_dir_entry *de; struct nls_table *nls_io = sbi->nls_io; struct nls_table *nls_disk = sbi->nls_disk; unsigned char long_slots; const char *fill_name; int fill_len; wchar_t bufuname[14]; wchar_t *unicode = NULL; unsigned char c, work[8], bufname[56], *ptname = bufname; unsigned long lpos, dummy, *furrfu = &lpos; int uni_xlate = sbi->options.unicode_xlate; int isvfat = sbi->options.isvfat; int utf8 = sbi->options.utf8; int nocase = sbi->options.nocase; unsigned short opt_shortname = sbi->options.shortname; unsigned long inum; int chi, chl, i, i2, j, last, last_u, dotoffset = 0; loff_t cpos; int ret = 0; lock_kernel(); cpos = filp->f_pos; if (inode->i_ino == MSDOS_ROOT_INO) { while (cpos < 2) { if (filldir(dirent, "".."", cpos+1, cpos, MSDOS_ROOT_INO, DT_DIR) < 0) goto out; cpos++; filp->f_pos++; } if (cpos == 2) { dummy = 2; furrfu = &dummy; cpos = 0; } } if (cpos & (sizeof(struct msdos_dir_entry)-1)) { ret = -ENOENT; goto out; } bh = NULL; GetNew: if (fat_get_entry(inode, &cpos, &bh, &de) == -1) goto EODir; parse_record: long_slots = 0; if (isvfat) { if (de->name[0] == DELETED_FLAG) goto RecEnd; if (de->attr != ATTR_EXT && (de->attr & ATTR_VOLUME)) goto RecEnd; if (de->attr != ATTR_EXT && IS_FREE(de->name)) goto RecEnd; } else { if ((de->attr & ATTR_VOLUME) || IS_FREE(de->name)) goto RecEnd; } if (isvfat && de->attr == ATTR_EXT) { int status = fat_parse_long(inode, &cpos, &bh, &de, &unicode, &long_slots); if (status < 0) { filp->f_pos = cpos; ret = status; goto out; } else if (status == PARSE_INVALID) goto RecEnd; else if (status == PARSE_NOT_LONGNAME) goto parse_record; else if (status == PARSE_EOF) goto EODir; } if (sbi->options.dotsOK) { ptname = bufname; dotoffset = 0; if (de->attr & ATTR_HIDDEN) { *ptname++ = '.'; dotoffset = 1; } } memcpy(work, de->name, sizeof(de->name)); if (work[0] == 0x05) work[0] = 0xE5; for (i = 0, j = 0, last = 0, last_u = 0; i < 8;) { if (!(c = work[i])) break; chl = fat_shortname2uni(nls_disk, &work[i], 8 - i, &bufuname[j++], opt_shortname, de->lcase & CASE_LOWER_BASE); if (chl <= 1) { ptname[i++] = (!nocase && c>='A' && c<='Z') ? c+32 : c; if (c != ' ') { last = i; last_u = j; } } else { last_u = j; for (chi = 0; chi < chl && i < 8; chi++) { ptname[i] = work[i]; i++; last = i; } } } i = last; j = last_u; fat_short2uni(nls_disk, ""."", 1, &bufuname[j++]); ptname[i++] = '.'; for (i2 = 0; i2 < 3;) { if (!(c = de->ext[i2])) break; chl = fat_shortname2uni(nls_disk, &de->ext[i2], 3 - i2, &bufuname[j++], opt_shortname, de->lcase & CASE_LOWER_EXT); if (chl <= 1) { i2++; ptname[i++] = (!nocase && c>='A' && c<='Z') ? c+32 : c; if (c != ' ') { last = i; last_u = j; } } else { last_u = j; for (chi = 0; chi < chl && i2 < 3; chi++) { ptname[i++] = de->ext[i2++]; last = i; } } } if (!last) goto RecEnd; i = last + dotoffset; j = last_u; lpos = cpos - (long_slots+1)*sizeof(struct msdos_dir_entry); if (!memcmp(de->name, MSDOS_DOT, MSDOS_NAME)) inum = inode->i_ino; else if (!memcmp(de->name, MSDOS_DOTDOT, MSDOS_NAME)) { inum = parent_ino(filp->f_path.dentry); } else { loff_t i_pos = fat_make_i_pos(sb, bh, de); struct inode *tmp = fat_iget(sb, i_pos); if (tmp) { inum = tmp->i_ino; iput(tmp); } else inum = iunique(sb, MSDOS_ROOT_INO); } if (isvfat) { bufuname[j] = 0x0000; i = utf8 ? utf8_wcstombs(bufname, bufuname, sizeof(bufname)) : uni16_to_x8(bufname, bufuname, uni_xlate, nls_io); } fill_name = bufname; fill_len = i; if (!short_only && long_slots) { void *longname = unicode + 261; int buf_size = PAGE_SIZE - (261 * sizeof(unicode[0])); int long_len = utf8 ? utf8_wcstombs(longname, unicode, buf_size) : uni16_to_x8(longname, unicode, uni_xlate, nls_io); if (!both) { fill_name = longname; fill_len = long_len; } else { struct fat_ioctl_filldir_callback *p = dirent; p->longname = longname; p->long_len = long_len; p->shortname = bufname; p->short_len = i; fill_name = NULL; fill_len = 0; } } if (filldir(dirent, fill_name, fill_len, *furrfu, inum, (de->attr & ATTR_DIR) ? DT_DIR : DT_REG) < 0) goto FillFailed; RecEnd: furrfu = &lpos; filp->f_pos = cpos; goto GetNew; EODir: filp->f_pos = cpos; FillFailed: brelse(bh); if (unicode) free_page((unsigned long)unicode); out: unlock_kernel(); return ret; }",linux-2.6,,,321153245550604258971163419375267510141,0 5754,CWE-190,"int bson_check_field_name( bson *b, const char *string, const int length ) { return bson_validate_string( b, ( const unsigned char * )string, length, 1, 1, 1 ); }",visit repo url,src/encoding.c,https://github.com/10gen-archive/mongo-c-driver-legacy,246740204357709,1 5963,CWE-611,"static VALUE from_document(VALUE klass, VALUE document) { xmlDocPtr doc; xmlRelaxNGParserCtxtPtr ctx; xmlRelaxNGPtr schema; VALUE errors; VALUE rb_schema; Data_Get_Struct(document, xmlDoc, doc); doc = doc->doc; ctx = xmlRelaxNGNewDocParserCtxt(doc); errors = rb_ary_new(); xmlSetStructuredErrorFunc((void *)errors, Nokogiri_error_array_pusher); #ifdef HAVE_XMLRELAXNGSETPARSERSTRUCTUREDERRORS xmlRelaxNGSetParserStructuredErrors( ctx, Nokogiri_error_array_pusher, (void *)errors ); #endif schema = xmlRelaxNGParse(ctx); xmlSetStructuredErrorFunc(NULL, NULL); xmlRelaxNGFreeParserCtxt(ctx); if(NULL == schema) { xmlErrorPtr error = xmlGetLastError(); if(error) Nokogiri_error_raise(NULL, error); else rb_raise(rb_eRuntimeError, ""Could not parse document""); return Qnil; } rb_schema = Data_Wrap_Struct(klass, 0, dealloc, schema); rb_iv_set(rb_schema, ""@errors"", errors); return rb_schema; }",visit repo url,ext/nokogiri/xml_relax_ng.c,https://github.com/sparklemotion/nokogiri,169452427750771,1 1286,CWE-189,"void bpf_jit_compile(struct sk_filter *fp) { u8 temp[64]; u8 *prog; unsigned int proglen, oldproglen = 0; int ilen, i; int t_offset, f_offset; u8 t_op, f_op, seen = 0, pass; u8 *image = NULL; u8 *func; int pc_ret0 = -1; unsigned int cleanup_addr; unsigned int *addrs; const struct sock_filter *filter = fp->insns; int flen = fp->len; if (!bpf_jit_enable) return; addrs = kmalloc(flen * sizeof(*addrs), GFP_KERNEL); if (addrs == NULL) return; for (proglen = 0, i = 0; i < flen; i++) { proglen += 64; addrs[i] = proglen; } cleanup_addr = proglen; for (pass = 0; pass < 10; pass++) { proglen = 0; prog = temp; if (seen) { EMIT4(0x55, 0x48, 0x89, 0xe5); EMIT4(0x48, 0x83, 0xec, 96); if (seen & (SEEN_XREG | SEEN_DATAREF)) EMIT4(0x48, 0x89, 0x5d, 0xf8); if (seen & SEEN_XREG) CLEAR_X(); if (seen & SEEN_DATAREF) { if (offsetof(struct sk_buff, len) <= 127) EMIT4(0x44, 0x8b, 0x4f, offsetof(struct sk_buff, len)); else { EMIT3(0x44, 0x8b, 0x8f); EMIT(offsetof(struct sk_buff, len), 4); } if (is_imm8(offsetof(struct sk_buff, data_len))) EMIT4(0x44, 0x2b, 0x4f, offsetof(struct sk_buff, data_len)); else { EMIT3(0x44, 0x2b, 0x8f); EMIT(offsetof(struct sk_buff, data_len), 4); } if (is_imm8(offsetof(struct sk_buff, data))) EMIT4(0x4c, 0x8b, 0x47, offsetof(struct sk_buff, data)); else { EMIT3(0x4c, 0x8b, 0x87); EMIT(offsetof(struct sk_buff, data), 4); } } } switch (filter[0].code) { case BPF_S_RET_K: case BPF_S_LD_W_LEN: case BPF_S_ANC_PROTOCOL: case BPF_S_ANC_IFINDEX: case BPF_S_ANC_MARK: case BPF_S_ANC_RXHASH: case BPF_S_ANC_CPU: case BPF_S_ANC_QUEUE: case BPF_S_LD_W_ABS: case BPF_S_LD_H_ABS: case BPF_S_LD_B_ABS: break; default: CLEAR_A(); } for (i = 0; i < flen; i++) { unsigned int K = filter[i].k; switch (filter[i].code) { case BPF_S_ALU_ADD_X: seen |= SEEN_XREG; EMIT2(0x01, 0xd8); break; case BPF_S_ALU_ADD_K: if (!K) break; if (is_imm8(K)) EMIT3(0x83, 0xc0, K); else EMIT1_off32(0x05, K); break; case BPF_S_ALU_SUB_X: seen |= SEEN_XREG; EMIT2(0x29, 0xd8); break; case BPF_S_ALU_SUB_K: if (!K) break; if (is_imm8(K)) EMIT3(0x83, 0xe8, K); else EMIT1_off32(0x2d, K); break; case BPF_S_ALU_MUL_X: seen |= SEEN_XREG; EMIT3(0x0f, 0xaf, 0xc3); break; case BPF_S_ALU_MUL_K: if (is_imm8(K)) EMIT3(0x6b, 0xc0, K); else { EMIT2(0x69, 0xc0); EMIT(K, 4); } break; case BPF_S_ALU_DIV_X: seen |= SEEN_XREG; EMIT2(0x85, 0xdb); if (pc_ret0 != -1) EMIT_COND_JMP(X86_JE, addrs[pc_ret0] - (addrs[i] - 4)); else { EMIT_COND_JMP(X86_JNE, 2 + 5); CLEAR_A(); EMIT1_off32(0xe9, cleanup_addr - (addrs[i] - 4)); } EMIT4(0x31, 0xd2, 0xf7, 0xf3); break; case BPF_S_ALU_DIV_K: EMIT3(0x48, 0x69, 0xc0); EMIT(K, 4); EMIT4(0x48, 0xc1, 0xe8, 0x20); break; case BPF_S_ALU_AND_X: seen |= SEEN_XREG; EMIT2(0x21, 0xd8); break; case BPF_S_ALU_AND_K: if (K >= 0xFFFFFF00) { EMIT2(0x24, K & 0xFF); } else if (K >= 0xFFFF0000) { EMIT2(0x66, 0x25); EMIT2(K, 2); } else { EMIT1_off32(0x25, K); } break; case BPF_S_ALU_OR_X: seen |= SEEN_XREG; EMIT2(0x09, 0xd8); break; case BPF_S_ALU_OR_K: if (is_imm8(K)) EMIT3(0x83, 0xc8, K); else EMIT1_off32(0x0d, K); break; case BPF_S_ALU_LSH_X: seen |= SEEN_XREG; EMIT4(0x89, 0xd9, 0xd3, 0xe0); break; case BPF_S_ALU_LSH_K: if (K == 0) break; else if (K == 1) EMIT2(0xd1, 0xe0); else EMIT3(0xc1, 0xe0, K); break; case BPF_S_ALU_RSH_X: seen |= SEEN_XREG; EMIT4(0x89, 0xd9, 0xd3, 0xe8); break; case BPF_S_ALU_RSH_K: if (K == 0) break; else if (K == 1) EMIT2(0xd1, 0xe8); else EMIT3(0xc1, 0xe8, K); break; case BPF_S_ALU_NEG: EMIT2(0xf7, 0xd8); break; case BPF_S_RET_K: if (!K) { if (pc_ret0 == -1) pc_ret0 = i; CLEAR_A(); } else { EMIT1_off32(0xb8, K); } case BPF_S_RET_A: if (seen) { if (i != flen - 1) { EMIT_JMP(cleanup_addr - addrs[i]); break; } if (seen & SEEN_XREG) EMIT4(0x48, 0x8b, 0x5d, 0xf8); EMIT1(0xc9); } EMIT1(0xc3); break; case BPF_S_MISC_TAX: seen |= SEEN_XREG; EMIT2(0x89, 0xc3); break; case BPF_S_MISC_TXA: seen |= SEEN_XREG; EMIT2(0x89, 0xd8); break; case BPF_S_LD_IMM: if (!K) CLEAR_A(); else EMIT1_off32(0xb8, K); break; case BPF_S_LDX_IMM: seen |= SEEN_XREG; if (!K) CLEAR_X(); else EMIT1_off32(0xbb, K); break; case BPF_S_LD_MEM: seen |= SEEN_MEM; EMIT3(0x8b, 0x45, 0xf0 - K*4); break; case BPF_S_LDX_MEM: seen |= SEEN_XREG | SEEN_MEM; EMIT3(0x8b, 0x5d, 0xf0 - K*4); break; case BPF_S_ST: seen |= SEEN_MEM; EMIT3(0x89, 0x45, 0xf0 - K*4); break; case BPF_S_STX: seen |= SEEN_XREG | SEEN_MEM; EMIT3(0x89, 0x5d, 0xf0 - K*4); break; case BPF_S_LD_W_LEN: BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4); if (is_imm8(offsetof(struct sk_buff, len))) EMIT3(0x8b, 0x47, offsetof(struct sk_buff, len)); else { EMIT2(0x8b, 0x87); EMIT(offsetof(struct sk_buff, len), 4); } break; case BPF_S_LDX_W_LEN: seen |= SEEN_XREG; if (is_imm8(offsetof(struct sk_buff, len))) EMIT3(0x8b, 0x5f, offsetof(struct sk_buff, len)); else { EMIT2(0x8b, 0x9f); EMIT(offsetof(struct sk_buff, len), 4); } break; case BPF_S_ANC_PROTOCOL: BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2); if (is_imm8(offsetof(struct sk_buff, protocol))) { EMIT4(0x0f, 0xb7, 0x47, offsetof(struct sk_buff, protocol)); } else { EMIT3(0x0f, 0xb7, 0x87); EMIT(offsetof(struct sk_buff, protocol), 4); } EMIT2(0x86, 0xc4); break; case BPF_S_ANC_IFINDEX: if (is_imm8(offsetof(struct sk_buff, dev))) { EMIT4(0x48, 0x8b, 0x47, offsetof(struct sk_buff, dev)); } else { EMIT3(0x48, 0x8b, 0x87); EMIT(offsetof(struct sk_buff, dev), 4); } EMIT3(0x48, 0x85, 0xc0); EMIT_COND_JMP(X86_JE, cleanup_addr - (addrs[i] - 6)); BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4); EMIT2(0x8b, 0x80); EMIT(offsetof(struct net_device, ifindex), 4); break; case BPF_S_ANC_MARK: BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, mark) != 4); if (is_imm8(offsetof(struct sk_buff, mark))) { EMIT3(0x8b, 0x47, offsetof(struct sk_buff, mark)); } else { EMIT2(0x8b, 0x87); EMIT(offsetof(struct sk_buff, mark), 4); } break; case BPF_S_ANC_RXHASH: BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, rxhash) != 4); if (is_imm8(offsetof(struct sk_buff, rxhash))) { EMIT3(0x8b, 0x47, offsetof(struct sk_buff, rxhash)); } else { EMIT2(0x8b, 0x87); EMIT(offsetof(struct sk_buff, rxhash), 4); } break; case BPF_S_ANC_QUEUE: BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, queue_mapping) != 2); if (is_imm8(offsetof(struct sk_buff, queue_mapping))) { EMIT4(0x0f, 0xb7, 0x47, offsetof(struct sk_buff, queue_mapping)); } else { EMIT3(0x0f, 0xb7, 0x87); EMIT(offsetof(struct sk_buff, queue_mapping), 4); } break; case BPF_S_ANC_CPU: #ifdef CONFIG_SMP EMIT4(0x65, 0x8b, 0x04, 0x25); EMIT((u32)(unsigned long)&cpu_number, 4); #else CLEAR_A(); #endif break; case BPF_S_LD_W_ABS: func = sk_load_word; common_load: seen |= SEEN_DATAREF; if ((int)K < 0) goto out; t_offset = func - (image + addrs[i]); EMIT1_off32(0xbe, K); EMIT1_off32(0xe8, t_offset); break; case BPF_S_LD_H_ABS: func = sk_load_half; goto common_load; case BPF_S_LD_B_ABS: func = sk_load_byte; goto common_load; case BPF_S_LDX_B_MSH: if ((int)K < 0) { if (pc_ret0 != -1) { EMIT_JMP(addrs[pc_ret0] - addrs[i]); break; } CLEAR_A(); EMIT_JMP(cleanup_addr - addrs[i]); break; } seen |= SEEN_DATAREF | SEEN_XREG; t_offset = sk_load_byte_msh - (image + addrs[i]); EMIT1_off32(0xbe, K); EMIT1_off32(0xe8, t_offset); break; case BPF_S_LD_W_IND: func = sk_load_word_ind; common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; t_offset = func - (image + addrs[i]); EMIT1_off32(0xbe, K); EMIT1_off32(0xe8, t_offset); break; case BPF_S_LD_H_IND: func = sk_load_half_ind; goto common_load_ind; case BPF_S_LD_B_IND: func = sk_load_byte_ind; goto common_load_ind; case BPF_S_JMP_JA: t_offset = addrs[i + K] - addrs[i]; EMIT_JMP(t_offset); break; COND_SEL(BPF_S_JMP_JGT_K, X86_JA, X86_JBE); COND_SEL(BPF_S_JMP_JGE_K, X86_JAE, X86_JB); COND_SEL(BPF_S_JMP_JEQ_K, X86_JE, X86_JNE); COND_SEL(BPF_S_JMP_JSET_K,X86_JNE, X86_JE); COND_SEL(BPF_S_JMP_JGT_X, X86_JA, X86_JBE); COND_SEL(BPF_S_JMP_JGE_X, X86_JAE, X86_JB); COND_SEL(BPF_S_JMP_JEQ_X, X86_JE, X86_JNE); COND_SEL(BPF_S_JMP_JSET_X,X86_JNE, X86_JE); cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; t_offset = addrs[i + filter[i].jt] - addrs[i]; if (filter[i].jt == filter[i].jf) { EMIT_JMP(t_offset); break; } switch (filter[i].code) { case BPF_S_JMP_JGT_X: case BPF_S_JMP_JGE_X: case BPF_S_JMP_JEQ_X: seen |= SEEN_XREG; EMIT2(0x39, 0xd8); break; case BPF_S_JMP_JSET_X: seen |= SEEN_XREG; EMIT2(0x85, 0xd8); break; case BPF_S_JMP_JEQ_K: if (K == 0) { EMIT2(0x85, 0xc0); break; } case BPF_S_JMP_JGT_K: case BPF_S_JMP_JGE_K: if (K <= 127) EMIT3(0x83, 0xf8, K); else EMIT1_off32(0x3d, K); break; case BPF_S_JMP_JSET_K: if (K <= 0xFF) EMIT2(0xa8, K); else if (!(K & 0xFFFF00FF)) EMIT3(0xf6, 0xc4, K >> 8); else if (K <= 0xFFFF) { EMIT2(0x66, 0xa9); EMIT(K, 2); } else { EMIT1_off32(0xa9, K); } break; } if (filter[i].jt != 0) { if (filter[i].jf) t_offset += is_near(f_offset) ? 2 : 6; EMIT_COND_JMP(t_op, t_offset); if (filter[i].jf) EMIT_JMP(f_offset); break; } EMIT_COND_JMP(f_op, f_offset); break; default: goto out; } ilen = prog - temp; if (image) { if (unlikely(proglen + ilen > oldproglen)) { pr_err(""bpb_jit_compile fatal error\n""); kfree(addrs); module_free(NULL, image); return; } memcpy(image + proglen, temp, ilen); } proglen += ilen; addrs[i] = proglen; prog = temp; } cleanup_addr = proglen - 1; if (seen) cleanup_addr -= 1; if (seen & SEEN_XREG) cleanup_addr -= 4; if (image) { WARN_ON(proglen != oldproglen); break; } if (proglen == oldproglen) { image = module_alloc(max_t(unsigned int, proglen, sizeof(struct work_struct))); if (!image) goto out; } oldproglen = proglen; } if (bpf_jit_enable > 1) pr_err(""flen=%d proglen=%u pass=%d image=%p\n"", flen, proglen, pass, image); if (image) { if (bpf_jit_enable > 1) print_hex_dump(KERN_ERR, ""JIT code: "", DUMP_PREFIX_ADDRESS, 16, 1, image, proglen, false); bpf_flush_icache(image, image + proglen); fp->bpf_func = (void *)image; } out: kfree(addrs); return; }",visit repo url,arch/x86/net/bpf_jit_comp.c,https://github.com/torvalds/linux,58918154869196,1 3109,['CWE-189'],"static void jp2_colr_dumpdata(jp2_box_t *box, FILE *out) { jp2_colr_t *colr = &box->data.colr; fprintf(out, ""method=%d; pri=%d; approx=%d\n"", (int)colr->method, (int)colr->pri, (int)colr->approx); switch (colr->method) { case JP2_COLR_ENUM: fprintf(out, ""csid=%d\n"", (int)colr->csid); break; case JP2_COLR_ICC: jas_memdump(out, colr->iccp, colr->iccplen); break; } }",jasper,,,107549843700512167089335039976413598497,0 5091,['CWE-20'],"static void vmx_update_window_states(struct kvm_vcpu *vcpu) { u32 guest_intr = vmcs_read32(GUEST_INTERRUPTIBILITY_INFO); vcpu->arch.nmi_window_open = !(guest_intr & (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS | GUEST_INTR_STATE_NMI)); if (!cpu_has_virtual_nmis() && to_vmx(vcpu)->soft_vnmi_blocked) vcpu->arch.nmi_window_open = 0; vcpu->arch.interrupt_window_open = ((vmcs_readl(GUEST_RFLAGS) & X86_EFLAGS_IF) && !(guest_intr & (GUEST_INTR_STATE_STI | GUEST_INTR_STATE_MOV_SS))); }",linux-2.6,,,318541244896880771121412832857126746157,0 947,CWE-19,"xfs_attr3_leaf_flipflags( struct xfs_da_args *args) { struct xfs_attr_leafblock *leaf1; struct xfs_attr_leafblock *leaf2; struct xfs_attr_leaf_entry *entry1; struct xfs_attr_leaf_entry *entry2; struct xfs_attr_leaf_name_remote *name_rmt; struct xfs_buf *bp1; struct xfs_buf *bp2; int error; #ifdef DEBUG struct xfs_attr3_icleaf_hdr ichdr1; struct xfs_attr3_icleaf_hdr ichdr2; xfs_attr_leaf_name_local_t *name_loc; int namelen1, namelen2; char *name1, *name2; #endif trace_xfs_attr_leaf_flipflags(args); error = xfs_attr3_leaf_read(args->trans, args->dp, args->blkno, -1, &bp1); if (error) return error; if (args->blkno2 != args->blkno) { error = xfs_attr3_leaf_read(args->trans, args->dp, args->blkno2, -1, &bp2); if (error) return error; } else { bp2 = bp1; } leaf1 = bp1->b_addr; entry1 = &xfs_attr3_leaf_entryp(leaf1)[args->index]; leaf2 = bp2->b_addr; entry2 = &xfs_attr3_leaf_entryp(leaf2)[args->index2]; #ifdef DEBUG xfs_attr3_leaf_hdr_from_disk(&ichdr1, leaf1); ASSERT(args->index < ichdr1.count); ASSERT(args->index >= 0); xfs_attr3_leaf_hdr_from_disk(&ichdr2, leaf2); ASSERT(args->index2 < ichdr2.count); ASSERT(args->index2 >= 0); if (entry1->flags & XFS_ATTR_LOCAL) { name_loc = xfs_attr3_leaf_name_local(leaf1, args->index); namelen1 = name_loc->namelen; name1 = (char *)name_loc->nameval; } else { name_rmt = xfs_attr3_leaf_name_remote(leaf1, args->index); namelen1 = name_rmt->namelen; name1 = (char *)name_rmt->name; } if (entry2->flags & XFS_ATTR_LOCAL) { name_loc = xfs_attr3_leaf_name_local(leaf2, args->index2); namelen2 = name_loc->namelen; name2 = (char *)name_loc->nameval; } else { name_rmt = xfs_attr3_leaf_name_remote(leaf2, args->index2); namelen2 = name_rmt->namelen; name2 = (char *)name_rmt->name; } ASSERT(be32_to_cpu(entry1->hashval) == be32_to_cpu(entry2->hashval)); ASSERT(namelen1 == namelen2); ASSERT(memcmp(name1, name2, namelen1) == 0); #endif ASSERT(entry1->flags & XFS_ATTR_INCOMPLETE); ASSERT((entry2->flags & XFS_ATTR_INCOMPLETE) == 0); entry1->flags &= ~XFS_ATTR_INCOMPLETE; xfs_trans_log_buf(args->trans, bp1, XFS_DA_LOGRANGE(leaf1, entry1, sizeof(*entry1))); if (args->rmtblkno) { ASSERT((entry1->flags & XFS_ATTR_LOCAL) == 0); name_rmt = xfs_attr3_leaf_name_remote(leaf1, args->index); name_rmt->valueblk = cpu_to_be32(args->rmtblkno); name_rmt->valuelen = cpu_to_be32(args->valuelen); xfs_trans_log_buf(args->trans, bp1, XFS_DA_LOGRANGE(leaf1, name_rmt, sizeof(*name_rmt))); } entry2->flags |= XFS_ATTR_INCOMPLETE; xfs_trans_log_buf(args->trans, bp2, XFS_DA_LOGRANGE(leaf2, entry2, sizeof(*entry2))); if ((entry2->flags & XFS_ATTR_LOCAL) == 0) { name_rmt = xfs_attr3_leaf_name_remote(leaf2, args->index2); name_rmt->valueblk = 0; name_rmt->valuelen = 0; xfs_trans_log_buf(args->trans, bp2, XFS_DA_LOGRANGE(leaf2, name_rmt, sizeof(*name_rmt))); } error = xfs_trans_roll(&args->trans, args->dp); return error; }",visit repo url,fs/xfs/xfs_attr_leaf.c,https://github.com/torvalds/linux,82982000799502,1 3031,['CWE-189'],"static int jpc_dec_process_unk(jpc_dec_t *dec, jpc_ms_t *ms) { dec = 0; jas_eprintf(""warning: ignoring unknown marker segment\n""); jpc_ms_dump(ms, stderr); return 0; }",jasper,,,285300706485945507120767093932879178926,0 771,['CWE-119'],"isdn_net_getphones(isdn_net_ioctl_phone * phone, char __user *phones) { isdn_net_dev *p = isdn_net_findif(phone->name); int inout = phone->outgoing & 1; int more = 0; int count = 0; isdn_net_phone *n; if (!p) return -ENODEV; inout &= 1; for (n = p->local->phone[inout]; n; n = n->next) { if (more) { put_user(' ', phones++); count++; } if (copy_to_user(phones, n->num, strlen(n->num) + 1)) { return -EFAULT; } phones += strlen(n->num); count += strlen(n->num); more = 1; } put_user(0, phones); count++; return count; }",linux-2.6,,,292510587506123265329448538949006033633,0 477,CWE-20,"static void keyring_describe(const struct key *keyring, struct seq_file *m) { if (keyring->description) seq_puts(m, keyring->description); else seq_puts(m, ""[anon]""); if (key_is_instantiated(keyring)) { if (keyring->keys.nr_leaves_on_tree != 0) seq_printf(m, "": %lu"", keyring->keys.nr_leaves_on_tree); else seq_puts(m, "": empty""); } }",visit repo url,security/keys/keyring.c,https://github.com/torvalds/linux,246268264584157,1 4713,['CWE-20'],"static void ext4_put_super(struct super_block *sb) { struct ext4_sb_info *sbi = EXT4_SB(sb); struct ext4_super_block *es = sbi->s_es; int i, err; ext4_mb_release(sb); ext4_ext_release(sb); ext4_xattr_put_super(sb); if (sbi->s_journal) { err = jbd2_journal_destroy(sbi->s_journal); sbi->s_journal = NULL; if (err < 0) ext4_abort(sb, __func__, ""Couldn't clean up the journal""); } if (!(sb->s_flags & MS_RDONLY)) { EXT4_CLEAR_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_RECOVER); es->s_state = cpu_to_le16(sbi->s_mount_state); ext4_commit_super(sb, es, 1); } if (sbi->s_proc) { remove_proc_entry(""inode_readahead_blks"", sbi->s_proc); remove_proc_entry(sb->s_id, ext4_proc_root); } for (i = 0; i < sbi->s_gdb_count; i++) brelse(sbi->s_group_desc[i]); kfree(sbi->s_group_desc); kfree(sbi->s_flex_groups); percpu_counter_destroy(&sbi->s_freeblocks_counter); percpu_counter_destroy(&sbi->s_freeinodes_counter); percpu_counter_destroy(&sbi->s_dirs_counter); percpu_counter_destroy(&sbi->s_dirtyblocks_counter); brelse(sbi->s_sbh); #ifdef CONFIG_QUOTA for (i = 0; i < MAXQUOTAS; i++) kfree(sbi->s_qf_names[i]); #endif if (!list_empty(&sbi->s_orphan)) dump_orphan_list(sb, sbi); J_ASSERT(list_empty(&sbi->s_orphan)); invalidate_bdev(sb->s_bdev); if (sbi->journal_bdev && sbi->journal_bdev != sb->s_bdev) { sync_blockdev(sbi->journal_bdev); invalidate_bdev(sbi->journal_bdev); ext4_blkdev_remove(sbi); } sb->s_fs_info = NULL; kfree(sbi); return; }",linux-2.6,,,204943058822057110439558454872555732056,0 2656,CWE-125,"int gdTransformAffineGetImage(gdImagePtr *dst, const gdImagePtr src, gdRectPtr src_area, const double affine[6]) { int res; double m[6]; gdRect bbox; gdRect area_full; if (src_area == NULL) { area_full.x = 0; area_full.y = 0; area_full.width = gdImageSX(src); area_full.height = gdImageSY(src); src_area = &area_full; } gdTransformAffineBoundingBox(src_area, affine, &bbox); *dst = gdImageCreateTrueColor(bbox.width, bbox.height); if (*dst == NULL) { return GD_FALSE; } (*dst)->saveAlphaFlag = 1; if (!src->trueColor) { gdImagePaletteToTrueColor(src); } gdAffineTranslate(m, -bbox.x, -bbox.y); gdAffineConcat(m, affine, m); gdImageAlphaBlending(*dst, 0); res = gdTransformAffineCopy(*dst, 0,0, src, src_area, m); if (res != GD_TRUE) { gdImageDestroy(*dst); dst = NULL; return GD_FALSE; } else { return GD_TRUE; } }",visit repo url,ext/gd/libgd/gd_interpolation.c,https://github.com/php/php-src,120343378351344,1 3972,CWE-190,"static pngquant_error rwpng_read_image24_libpng(FILE *infile, png24_image *mainprog_ptr, int verbose) { png_structp png_ptr = NULL; png_infop info_ptr = NULL; png_size_t rowbytes; int color_type, bit_depth; png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, mainprog_ptr, rwpng_error_handler, verbose ? rwpng_warning_stderr_handler : rwpng_warning_silent_handler); if (!png_ptr) { return PNG_OUT_OF_MEMORY_ERROR; } info_ptr = png_create_info_struct(png_ptr); if (!info_ptr) { png_destroy_read_struct(&png_ptr, NULL, NULL); return PNG_OUT_OF_MEMORY_ERROR; } if (setjmp(mainprog_ptr->jmpbuf)) { png_destroy_read_struct(&png_ptr, &info_ptr, NULL); return LIBPNG_FATAL_ERROR; } #if defined(PNG_SKIP_sRGB_CHECK_PROFILE) && defined(PNG_SET_OPTION_SUPPORTED) png_set_option(png_ptr, PNG_SKIP_sRGB_CHECK_PROFILE, PNG_OPTION_ON); #endif #if PNG_LIBPNG_VER >= 10500 && defined(PNG_UNKNOWN_CHUNKS_SUPPORTED) png_set_keep_unknown_chunks(png_ptr, PNG_HANDLE_CHUNK_IF_SAFE, (png_const_bytep)""pHYs\0iTXt\0tEXt\0zTXt"", 4); #endif png_set_read_user_chunk_fn(png_ptr, &mainprog_ptr->chunks, read_chunk_callback); struct rwpng_read_data read_data = {infile, 0}; png_set_read_fn(png_ptr, &read_data, user_read_data); png_read_info(png_ptr, info_ptr); png_get_IHDR(png_ptr, info_ptr, &mainprog_ptr->width, &mainprog_ptr->height, &bit_depth, &color_type, NULL, NULL, NULL); if (mainprog_ptr->width > INT_MAX/mainprog_ptr->height) { png_destroy_read_struct(&png_ptr, &info_ptr, NULL); return PNG_OUT_OF_MEMORY_ERROR; } if (!(color_type & PNG_COLOR_MASK_ALPHA)) { #ifdef PNG_READ_FILLER_SUPPORTED png_set_expand(png_ptr); png_set_filler(png_ptr, 65535L, PNG_FILLER_AFTER); #else fprintf(stderr, ""pngquant readpng: image is neither RGBA nor GA\n""); png_destroy_read_struct(&png_ptr, &info_ptr, NULL); mainprog_ptr->retval = WRONG_INPUT_COLOR_TYPE; return mainprog_ptr->retval; #endif } if (bit_depth == 16) { png_set_strip_16(png_ptr); } if (!(color_type & PNG_COLOR_MASK_COLOR)) { png_set_gray_to_rgb(png_ptr); } double gamma = 0.45455; if (png_get_valid(png_ptr, info_ptr, PNG_INFO_sRGB)) { mainprog_ptr->input_color = RWPNG_SRGB; mainprog_ptr->output_color = RWPNG_SRGB; } else { png_get_gAMA(png_ptr, info_ptr, &gamma); if (gamma > 0 && gamma <= 1.0) { mainprog_ptr->input_color = RWPNG_GAMA_ONLY; mainprog_ptr->output_color = RWPNG_GAMA_ONLY; } else { fprintf(stderr, ""pngquant readpng: ignored out-of-range gamma %f\n"", gamma); mainprog_ptr->input_color = RWPNG_NONE; mainprog_ptr->output_color = RWPNG_NONE; gamma = 0.45455; } } mainprog_ptr->gamma = gamma; png_set_interlace_handling(png_ptr); png_read_update_info(png_ptr, info_ptr); rowbytes = png_get_rowbytes(png_ptr, info_ptr); if ((mainprog_ptr->rgba_data = malloc(rowbytes * mainprog_ptr->height)) == NULL) { fprintf(stderr, ""pngquant readpng: unable to allocate image data\n""); png_destroy_read_struct(&png_ptr, &info_ptr, NULL); return PNG_OUT_OF_MEMORY_ERROR; } png_bytepp row_pointers = rwpng_create_row_pointers(info_ptr, png_ptr, mainprog_ptr->rgba_data, mainprog_ptr->height, 0); png_read_image(png_ptr, row_pointers); png_read_end(png_ptr, NULL); #if USE_LCMS #if PNG_LIBPNG_VER < 10500 png_charp ProfileData; #else png_bytep ProfileData; #endif png_uint_32 ProfileLen; cmsHPROFILE hInProfile = NULL; int COLOR_PNG = color_type & PNG_COLOR_MASK_COLOR; if (png_get_iCCP(png_ptr, info_ptr, &(png_charp){0}, &(int){0}, &ProfileData, &ProfileLen)) { hInProfile = cmsOpenProfileFromMem(ProfileData, ProfileLen); cmsColorSpaceSignature colorspace = cmsGetColorSpace(hInProfile); if (colorspace == cmsSigRgbData && COLOR_PNG) { mainprog_ptr->input_color = RWPNG_ICCP; mainprog_ptr->output_color = RWPNG_SRGB; } else { if (colorspace == cmsSigGrayData && !COLOR_PNG) { mainprog_ptr->input_color = RWPNG_ICCP_WARN_GRAY; mainprog_ptr->output_color = RWPNG_SRGB; } cmsCloseProfile(hInProfile); hInProfile = NULL; } } if (hInProfile == NULL && COLOR_PNG && !png_get_valid(png_ptr, info_ptr, PNG_INFO_sRGB) && png_get_valid(png_ptr, info_ptr, PNG_INFO_gAMA) && png_get_valid(png_ptr, info_ptr, PNG_INFO_cHRM)) { cmsCIExyY WhitePoint; cmsCIExyYTRIPLE Primaries; png_get_cHRM(png_ptr, info_ptr, &WhitePoint.x, &WhitePoint.y, &Primaries.Red.x, &Primaries.Red.y, &Primaries.Green.x, &Primaries.Green.y, &Primaries.Blue.x, &Primaries.Blue.y); WhitePoint.Y = Primaries.Red.Y = Primaries.Green.Y = Primaries.Blue.Y = 1.0; cmsToneCurve *GammaTable[3]; GammaTable[0] = GammaTable[1] = GammaTable[2] = cmsBuildGamma(NULL, 1/gamma); hInProfile = cmsCreateRGBProfile(&WhitePoint, &Primaries, GammaTable); cmsFreeToneCurve(GammaTable[0]); mainprog_ptr->input_color = RWPNG_GAMA_CHRM; mainprog_ptr->output_color = RWPNG_SRGB; } if (hInProfile != NULL) { cmsHPROFILE hOutProfile = cmsCreate_sRGBProfile(); cmsHTRANSFORM hTransform = cmsCreateTransform(hInProfile, TYPE_RGBA_8, hOutProfile, TYPE_RGBA_8, INTENT_PERCEPTUAL, omp_get_max_threads() > 1 ? cmsFLAGS_NOCACHE : 0); #pragma omp parallel for \ if (mainprog_ptr->height*mainprog_ptr->width > 8000) \ schedule(static) for (unsigned int i = 0; i < mainprog_ptr->height; i++) { cmsDoTransform(hTransform, row_pointers[i], row_pointers[i], mainprog_ptr->width); } cmsDeleteTransform(hTransform); cmsCloseProfile(hOutProfile); cmsCloseProfile(hInProfile); mainprog_ptr->gamma = 0.45455; } #endif png_destroy_read_struct(&png_ptr, &info_ptr, NULL); mainprog_ptr->file_size = read_data.bytes_read; mainprog_ptr->row_pointers = (unsigned char **)row_pointers; return SUCCESS; }",visit repo url,rwpng.c,https://github.com/pornel/pngquant,203373695808162,1 628,['CWE-189'],"static inline int is_beacon(__le16 fc) { return (WLAN_FC_GET_STYPE(le16_to_cpu(fc)) == IEEE80211_STYPE_BEACON); }",linux-2.6,,,178635569281454982879424037068894725115,0 4129,['CWE-399'],"static struct bsg_command *bsg_get_done_cmd(struct bsg_device *bd) { struct bsg_command *bc; int ret; do { bc = bsg_next_done_cmd(bd); if (bc) break; if (!test_bit(BSG_F_BLOCK, &bd->flags)) { bc = ERR_PTR(-EAGAIN); break; } ret = wait_event_interruptible(bd->wq_done, bd->done_cmds); if (ret) { bc = ERR_PTR(-ERESTARTSYS); break; } } while (1); dprintk(""%s: returning done %p\n"", bd->name, bc); return bc; }",linux-2.6,,,88380488786958603437250035358915396068,0 1951,['CWE-20'],"static inline void cow_user_page(struct page *dst, struct page *src, unsigned long va, struct vm_area_struct *vma) { if (unlikely(!src)) { void *kaddr = kmap_atomic(dst, KM_USER0); void __user *uaddr = (void __user *)(va & PAGE_MASK); if (__copy_from_user_inatomic(kaddr, uaddr, PAGE_SIZE)) memset(kaddr, 0, PAGE_SIZE); kunmap_atomic(kaddr, KM_USER0); flush_dcache_page(dst); } else copy_user_highpage(dst, src, va, vma); }",linux-2.6,,,72715450633227248407956164033642662624,0 2137,['CWE-119'],"static inline void native_load_idt(const struct desc_ptr *dtr) { asm volatile(""lidt %0""::""m"" (*dtr)); }",linux-2.6,,,96827246150679814953908724516517986900,0 4172,['CWE-399'],"const char* avahi_server_get_domain_name(AvahiServer *s) { assert(s); return s->domain_name; }",avahi,,,3982091624593259796273048858042252095,0 1891,CWE-682,"static int fbcon_set_font(struct vc_data *vc, struct console_font *font, unsigned int flags) { struct fb_info *info = fbcon_info_from_console(vc->vc_num); unsigned charcount = font->charcount; int w = font->width; int h = font->height; int size; int i, csum; u8 *new_data, *data = font->data; int pitch = PITCH(font->width); if (charcount != 256 && charcount != 512) return -EINVAL; if (w > FBCON_SWAP(info->var.rotate, info->var.xres, info->var.yres) || h > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres)) return -EINVAL; if (!(info->pixmap.blit_x & (1 << (font->width - 1))) || !(info->pixmap.blit_y & (1 << (font->height - 1)))) return -EINVAL; if (fbcon_invalid_charcount(info, charcount)) return -EINVAL; size = CALC_FONTSZ(h, pitch, charcount); new_data = kmalloc(FONT_EXTRA_WORDS * sizeof(int) + size, GFP_USER); if (!new_data) return -ENOMEM; memset(new_data, 0, FONT_EXTRA_WORDS * sizeof(int)); new_data += FONT_EXTRA_WORDS * sizeof(int); FNTSIZE(new_data) = size; REFCOUNT(new_data) = 0; for (i=0; i< charcount; i++) { memcpy(new_data + i*h*pitch, data + i*32*pitch, h*pitch); } csum = crc32(0, new_data, size); FNTSUM(new_data) = csum; for (i = first_fb_vc; i <= last_fb_vc; i++) { struct vc_data *tmp = vc_cons[i].d; if (fb_display[i].userfont && fb_display[i].fontdata && FNTSUM(fb_display[i].fontdata) == csum && FNTSIZE(fb_display[i].fontdata) == size && tmp->vc_font.width == w && !memcmp(fb_display[i].fontdata, new_data, size)) { kfree(new_data - FONT_EXTRA_WORDS * sizeof(int)); new_data = (u8 *)fb_display[i].fontdata; break; } } return fbcon_do_set_font(vc, font->width, font->height, charcount, new_data, 1); }",visit repo url,drivers/video/fbdev/core/fbcon.c,https://github.com/torvalds/linux,115790114597786,1 802,['CWE-16'],"static int esp6_init_state(struct xfrm_state *x) { struct esp_data *esp; struct crypto_aead *aead; u32 align; int err; if (x->encap) return -EINVAL; esp = kzalloc(sizeof(*esp), GFP_KERNEL); if (esp == NULL) return -ENOMEM; x->data = esp; if (x->aead) err = esp_init_aead(x); else err = esp_init_authenc(x); if (err) goto error; aead = esp->aead; esp->padlen = 0; x->props.header_len = sizeof(struct ip_esp_hdr) + crypto_aead_ivsize(aead); switch (x->props.mode) { case XFRM_MODE_BEET: case XFRM_MODE_TRANSPORT: break; case XFRM_MODE_TUNNEL: x->props.header_len += sizeof(struct ipv6hdr); break; default: goto error; } align = ALIGN(crypto_aead_blocksize(aead), 4); if (esp->padlen) align = max_t(u32, align, esp->padlen); x->props.trailer_len = align + 1 + crypto_aead_authsize(esp->aead); error: return err; }",linux-2.6,,,19572796281220475597826866497312405742,0 3223,CWE-125,"parse_elements(netdissect_options *ndo, struct mgmt_body_t *pbody, const u_char *p, int offset, u_int length) { u_int elementlen; struct ssid_t ssid; struct challenge_t challenge; struct rates_t rates; struct ds_t ds; struct cf_t cf; struct tim_t tim; pbody->challenge_present = 0; pbody->ssid_present = 0; pbody->rates_present = 0; pbody->ds_present = 0; pbody->cf_present = 0; pbody->tim_present = 0; while (length != 0) { if (!ND_TTEST2(*(p + offset), 2)) return 0; if (length < 2) return 0; elementlen = *(p + offset + 1); if (!ND_TTEST2(*(p + offset + 2), elementlen)) return 0; if (length < elementlen + 2) return 0; switch (*(p + offset)) { case E_SSID: memcpy(&ssid, p + offset, 2); offset += 2; length -= 2; if (ssid.length != 0) { if (ssid.length > sizeof(ssid.ssid) - 1) return 0; if (!ND_TTEST2(*(p + offset), ssid.length)) return 0; if (length < ssid.length) return 0; memcpy(&ssid.ssid, p + offset, ssid.length); offset += ssid.length; length -= ssid.length; } ssid.ssid[ssid.length] = '\0'; if (!pbody->ssid_present) { pbody->ssid = ssid; pbody->ssid_present = 1; } break; case E_CHALLENGE: memcpy(&challenge, p + offset, 2); offset += 2; length -= 2; if (challenge.length != 0) { if (challenge.length > sizeof(challenge.text) - 1) return 0; if (!ND_TTEST2(*(p + offset), challenge.length)) return 0; if (length < challenge.length) return 0; memcpy(&challenge.text, p + offset, challenge.length); offset += challenge.length; length -= challenge.length; } challenge.text[challenge.length] = '\0'; if (!pbody->challenge_present) { pbody->challenge = challenge; pbody->challenge_present = 1; } break; case E_RATES: memcpy(&rates, p + offset, 2); offset += 2; length -= 2; if (rates.length != 0) { if (rates.length > sizeof rates.rate) return 0; if (!ND_TTEST2(*(p + offset), rates.length)) return 0; if (length < rates.length) return 0; memcpy(&rates.rate, p + offset, rates.length); offset += rates.length; length -= rates.length; } if (!pbody->rates_present && rates.length != 0) { pbody->rates = rates; pbody->rates_present = 1; } break; case E_DS: memcpy(&ds, p + offset, 2); offset += 2; length -= 2; if (ds.length != 1) { offset += ds.length; length -= ds.length; break; } ds.channel = *(p + offset); offset += 1; length -= 1; if (!pbody->ds_present) { pbody->ds = ds; pbody->ds_present = 1; } break; case E_CF: memcpy(&cf, p + offset, 2); offset += 2; length -= 2; if (cf.length != 6) { offset += cf.length; length -= cf.length; break; } memcpy(&cf.count, p + offset, 6); offset += 6; length -= 6; if (!pbody->cf_present) { pbody->cf = cf; pbody->cf_present = 1; } break; case E_TIM: memcpy(&tim, p + offset, 2); offset += 2; length -= 2; if (tim.length <= 3) { offset += tim.length; length -= tim.length; break; } if (tim.length - 3 > (int)sizeof tim.bitmap) return 0; memcpy(&tim.count, p + offset, 3); offset += 3; length -= 3; memcpy(tim.bitmap, p + offset + 3, tim.length - 3); offset += tim.length - 3; length -= tim.length - 3; if (!pbody->tim_present) { pbody->tim = tim; pbody->tim_present = 1; } break; default: #if 0 ND_PRINT((ndo, ""(1) unhandled element_id (%d) "", *(p + offset))); #endif offset += 2 + elementlen; length -= 2 + elementlen; break; } } return 1; }",visit repo url,print-802_11.c,https://github.com/the-tcpdump-group/tcpdump,166904889040819,1 5028,[],"static BOOL fork_domain_child(struct winbindd_child *child) { int fdpair[2]; struct winbindd_cli_state state; struct winbindd_domain *domain; struct winbindd_domain *primary_domain = NULL; if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) { DEBUG(0, (""Could not open child pipe: %s\n"", strerror(errno))); return False; } ZERO_STRUCT(state); state.pid = sys_getpid(); message_block(); child->pid = sys_fork(); if (child->pid == -1) { DEBUG(0, (""Could not fork: %s\n"", strerror(errno))); message_unblock(); return False; } if (child->pid != 0) { close(fdpair[0]); child->next = child->prev = NULL; DLIST_ADD(children, child); child->event.fd = fdpair[1]; child->event.flags = 0; child->requests = NULL; add_fd_event(&child->event); message_unblock(); return True; } CatchChild(); state.sock = fdpair[0]; close(fdpair[1]); if (tdb_reopen_all(1) == -1) { DEBUG(0,(""tdb_reopen_all failed.\n"")); _exit(0); } close_conns_after_fork(); if (!override_logfile) { lp_set_logfile(child->logfilename); reopen_logs(); } message_deregister(MSG_SMB_CONF_UPDATED); message_deregister(MSG_SHUTDOWN); message_deregister(MSG_WINBIND_OFFLINE); message_deregister(MSG_WINBIND_ONLINE); message_deregister(MSG_WINBIND_ONLINESTATUS); message_unblock(); message_register(MSG_WINBIND_OFFLINE, child_msg_offline, NULL); message_register(MSG_WINBIND_ONLINE, child_msg_online, NULL); message_register(MSG_WINBIND_ONLINESTATUS, child_msg_onlinestatus, NULL); if ( child->domain ) { child->domain->startup = True; child->domain->startup_time = time(NULL); } for (domain = domain_list(); domain; domain = domain->next) { if (domain->primary) { primary_domain = domain; } if ((domain != child->domain) && !domain->primary) { TALLOC_FREE(domain->check_online_event); } } cancel_named_event(winbind_event_context(), ""krb5_ticket_refresh_handler""); if (child->domain && !(child->domain->internal) && lp_winbind_offline_logon()) { set_domain_online_request(child->domain); if (primary_domain != child->domain) { set_domain_online_request(primary_domain); } child->lockout_policy_event = event_add_timed( winbind_event_context(), NULL, timeval_zero(), ""account_lockout_policy_handler"", account_lockout_policy_handler, child); } while (1) { int ret; fd_set read_fds; struct timeval t; struct timeval *tp; struct timeval now; lp_TALLOC_FREE(); main_loop_TALLOC_FREE(); winbind_check_sigterm(false); winbind_check_sighup(override_logfile ? NULL : child->logfilename); run_events(winbind_event_context(), 0, NULL, NULL); GetTimeOfDay(&now); if (child->domain && child->domain->startup && (now.tv_sec > child->domain->startup_time + 30)) { DEBUG(10,(""fork_domain_child: domain %s no longer in 'startup' mode.\n"", child->domain->name )); child->domain->startup = False; } tp = get_timed_events_timeout(winbind_event_context(), &t); if (tp) { DEBUG(11,(""select will use timeout of %u.%u seconds\n"", (unsigned int)tp->tv_sec, (unsigned int)tp->tv_usec )); } message_dispatch(); FD_ZERO(&read_fds); FD_SET(state.sock, &read_fds); ret = sys_select(state.sock + 1, &read_fds, NULL, NULL, tp); if (ret == 0) { DEBUG(11,(""nothing is ready yet, continue\n"")); continue; } if (ret == -1 && errno == EINTR) { continue; } if (ret == -1 && errno != EINTR) { DEBUG(0,(""select error occured\n"")); perror(""select""); return False; } child_read_request(&state); if (state.finished) { exit(0); } DEBUG(4,(""child daemon request %d\n"", (int)state.request.cmd)); ZERO_STRUCT(state.response); state.request.null_term = '\0'; child_process_request(child->domain, &state); SAFE_FREE(state.request.extra_data.data); cache_store_response(sys_getpid(), &state.response); SAFE_FREE(state.response.extra_data.data); if (write_data(state.sock, (const char *)&state.response.result, sizeof(state.response.result)) != sizeof(state.response.result)) { DEBUG(0, (""Could not write result\n"")); exit(1); } } }",samba,,,221567117557259202754834041287804709185,0 3115,['CWE-189'],"static jpc_dec_cp_t *jpc_dec_cp_create(uint_fast16_t numcomps) { jpc_dec_cp_t *cp; jpc_dec_ccp_t *ccp; int compno; if (!(cp = jas_malloc(sizeof(jpc_dec_cp_t)))) { return 0; } cp->flags = 0; cp->numcomps = numcomps; cp->prgord = 0; cp->numlyrs = 0; cp->mctid = 0; cp->csty = 0; if (!(cp->ccps = jas_alloc2(cp->numcomps, sizeof(jpc_dec_ccp_t)))) { return 0; } if (!(cp->pchglist = jpc_pchglist_create())) { jas_free(cp->ccps); return 0; } for (compno = 0, ccp = cp->ccps; compno < cp->numcomps; ++compno, ++ccp) { ccp->flags = 0; ccp->numrlvls = 0; ccp->cblkwidthexpn = 0; ccp->cblkheightexpn = 0; ccp->qmfbid = 0; ccp->numstepsizes = 0; ccp->numguardbits = 0; ccp->roishift = 0; ccp->cblkctx = 0; } return cp; }",jasper,,,222569360848764061271920821608118863975,0 4797,CWE-119,"sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; unsigned char buff[128]; int r, i; size_t field_length = 0, modulus_length = 0; sc_path_t tmppath; set_string (&p15card->tokeninfo->label, ""ID-kaart""); set_string (&p15card->tokeninfo->manufacturer_id, ""AS Sertifitseerimiskeskus""); sc_format_path (""3f00eeee5044"", &tmppath); r = sc_select_file (card, &tmppath, NULL); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""select esteid PD failed""); r = sc_read_record (card, SC_ESTEID_PD_DOCUMENT_NR, buff, sizeof(buff), SC_RECORD_BY_REC_NR); SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, ""read document number failed""); buff[r] = '\0'; set_string (&p15card->tokeninfo->serial_number, (const char *) buff); p15card->tokeninfo->flags = SC_PKCS15_TOKEN_PRN_GENERATION | SC_PKCS15_TOKEN_EID_COMPLIANT | SC_PKCS15_TOKEN_READONLY; for (i = 0; i < 2; i++) { static const char *esteid_cert_names[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; static char const *esteid_cert_paths[2] = { ""3f00eeeeaace"", ""3f00eeeeddce""}; static int esteid_cert_ids[2] = {1, 2}; struct sc_pkcs15_cert_info cert_info; struct sc_pkcs15_object cert_obj; memset(&cert_info, 0, sizeof(cert_info)); memset(&cert_obj, 0, sizeof(cert_obj)); cert_info.id.value[0] = esteid_cert_ids[i]; cert_info.id.len = 1; sc_format_path(esteid_cert_paths[i], &cert_info.path); strlcpy(cert_obj.label, esteid_cert_names[i], sizeof(cert_obj.label)); r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info); if (r < 0) return SC_ERROR_INTERNAL; if (i == 0) { sc_pkcs15_cert_t *cert = NULL; r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert); if (r < 0) return SC_ERROR_INTERNAL; if (cert->key->algorithm == SC_ALGORITHM_EC) field_length = cert->key->u.ec.params.field_length; else modulus_length = cert->key->u.rsa.modulus.len * 8; if (r == SC_SUCCESS) { static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }}; u8 *cn_name = NULL; size_t cn_len = 0; sc_pkcs15_get_name_from_dn(card->ctx, cert->subject, cert->subject_len, &cn_oid, &cn_name, &cn_len); if (cn_len > 0) { char *token_name = malloc(cn_len+1); if (token_name) { memcpy(token_name, cn_name, cn_len); token_name[cn_len] = '\0'; set_string(&p15card->tokeninfo->label, (const char*)token_name); free(token_name); } } free(cn_name); sc_pkcs15_free_certificate(cert); } } } sc_format_path (""3f000016"", &tmppath); r = sc_select_file (card, &tmppath, NULL); if (r < 0) return SC_ERROR_INTERNAL; for (i = 0; i < 3; i++) { unsigned char tries_left; static const char *esteid_pin_names[3] = { ""PIN1"", ""PIN2"", ""PUK"" }; static const int esteid_pin_min[3] = {4, 5, 8}; static const int esteid_pin_ref[3] = {1, 2, 0}; static const int esteid_pin_authid[3] = {1, 2, 3}; static const int esteid_pin_flags[3] = {0, 0, SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN}; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); r = sc_read_record (card, i + 1, buff, sizeof(buff), SC_RECORD_BY_REC_NR); if (r < 0) return SC_ERROR_INTERNAL; tries_left = buff[5]; pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = esteid_pin_authid[i]; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = esteid_pin_ref[i]; pin_info.attrs.pin.flags = esteid_pin_flags[i]; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = esteid_pin_min[i]; pin_info.attrs.pin.stored_length = 12; pin_info.attrs.pin.max_length = 12; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = (int)tries_left; pin_info.max_tries = 3; strlcpy(pin_obj.label, esteid_pin_names[i], sizeof(pin_obj.label)); pin_obj.flags = esteid_pin_flags[i]; if (i < 2) { pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 3; } r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) return SC_ERROR_INTERNAL; } for (i = 0; i < 2; i++) { static int prkey_pin[2] = {1, 2}; static const char *prkey_name[2] = { ""Isikutuvastus"", ""Allkirjastamine""}; struct sc_pkcs15_prkey_info prkey_info; struct sc_pkcs15_object prkey_obj; memset(&prkey_info, 0, sizeof(prkey_info)); memset(&prkey_obj, 0, sizeof(prkey_obj)); prkey_info.id.len = 1; prkey_info.id.value[0] = prkey_pin[i]; prkey_info.native = 1; prkey_info.key_reference = i + 1; prkey_info.field_length = field_length; prkey_info.modulus_length = modulus_length; if (i == 1) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION; else if(field_length > 0) prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DERIVE; else prkey_info.usage = SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_DECRYPT; strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label)); prkey_obj.auth_id.len = 1; prkey_obj.auth_id.value[0] = prkey_pin[i]; prkey_obj.user_consent = 0; prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; if(field_length > 0) r = sc_pkcs15emu_add_ec_prkey(p15card, &prkey_obj, &prkey_info); else r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info); if (r < 0) return SC_ERROR_INTERNAL; } return SC_SUCCESS; }",visit repo url,src/libopensc/pkcs15-esteid.c,https://github.com/OpenSC/OpenSC,125994446105878,1 4636,CWE-787,"} void print_udta(GF_ISOFile *file, u32 track_number, Bool has_itags) { u32 i, count; count = gf_isom_get_udta_count(file, track_number); if (!count) return; if (has_itags) { for (i=0; ihead, n); mutex_lock(&nh->mutex); ret = notifier_chain_register(&nh->head, n); mutex_unlock(&nh->mutex); return ret; }",linux-2.6,,,83975548040424475247052326107745089532,0 3270,['CWE-189'],"int jas_stream_flushbuf(jas_stream_t *stream, int c) { int len; int n; if ((stream->flags_ & (JAS_STREAM_ERRMASK)) != 0) { return EOF; } if ((stream->openmode_ & (JAS_STREAM_WRITE | JAS_STREAM_APPEND)) == 0) { return EOF; } assert(!(stream->bufmode_ & JAS_STREAM_RDBUF)); len = stream->ptr_ - stream->bufstart_; if (len > 0) { n = (*stream->ops_->write_)(stream->obj_, (char *) stream->bufstart_, len); if (n != len) { stream->flags_ |= JAS_STREAM_ERR; return EOF; } } stream->cnt_ = stream->bufsize_; stream->ptr_ = stream->bufstart_; stream->bufmode_ |= JAS_STREAM_WRBUF; if (c != EOF) { assert(stream->cnt_ > 0); return jas_stream_putc2(stream, c); } return 0; }",jasper,,,267696890211774727345505485959329178646,0 5729,CWE-787,"l_noret luaG_runerror (lua_State *L, const char *fmt, ...) { CallInfo *ci = L->ci; const char *msg; va_list argp; luaC_checkGC(L); va_start(argp, fmt); msg = luaO_pushvfstring(L, fmt, argp); va_end(argp); if (isLua(ci)) luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci)); luaG_errormsg(L); }",visit repo url,ldebug.c,https://github.com/lua/lua,25523871245681,1 4949,CWE-401,"int handle__publish(struct mosquitto *context) { uint8_t dup; int rc = 0; int rc2; uint8_t header = context->in_packet.command; int res = 0; struct mosquitto_msg_store *msg, *stored = NULL; size_t len; uint16_t slen; char *topic_mount; mosquitto_property *properties = NULL; mosquitto_property *p, *p_prev; mosquitto_property *msg_properties_last; uint32_t message_expiry_interval = 0; int topic_alias = -1; uint8_t reason_code = 0; uint16_t mid = 0; if(context->state != mosq_cs_active){ return MOSQ_ERR_PROTOCOL; } msg = mosquitto__calloc(1, sizeof(struct mosquitto_msg_store)); if(msg == NULL){ return MOSQ_ERR_NOMEM; } dup = (header & 0x08)>>3; msg->qos = (header & 0x06)>>1; if(dup == 1 && msg->qos == 0){ log__printf(NULL, MOSQ_LOG_INFO, ""Invalid PUBLISH (QoS=0 and DUP=1) from %s, disconnecting."", context->id); db__msg_store_free(msg); return MOSQ_ERR_MALFORMED_PACKET; } if(msg->qos == 3){ log__printf(NULL, MOSQ_LOG_INFO, ""Invalid QoS in PUBLISH from %s, disconnecting."", context->id); db__msg_store_free(msg); return MOSQ_ERR_MALFORMED_PACKET; } if(msg->qos > context->max_qos){ log__printf(NULL, MOSQ_LOG_INFO, ""Too high QoS in PUBLISH from %s, disconnecting."", context->id); db__msg_store_free(msg); return MOSQ_ERR_QOS_NOT_SUPPORTED; } msg->retain = (header & 0x01); if(msg->retain && db.config->retain_available == false){ db__msg_store_free(msg); return MOSQ_ERR_RETAIN_NOT_SUPPORTED; } if(packet__read_string(&context->in_packet, &msg->topic, &slen)){ db__msg_store_free(msg); return MOSQ_ERR_MALFORMED_PACKET; } if(!slen && context->protocol != mosq_p_mqtt5){ db__msg_store_free(msg); return MOSQ_ERR_MALFORMED_PACKET; } if(msg->qos > 0){ if(packet__read_uint16(&context->in_packet, &mid)){ db__msg_store_free(msg); return MOSQ_ERR_MALFORMED_PACKET; } if(mid == 0){ db__msg_store_free(msg); return MOSQ_ERR_PROTOCOL; } msg->source_mid = mid; } if(context->protocol == mosq_p_mqtt5){ rc = property__read_all(CMD_PUBLISH, &context->in_packet, &properties); if(rc){ db__msg_store_free(msg); return rc; } p = properties; p_prev = NULL; msg->properties = NULL; msg_properties_last = NULL; while(p){ switch(p->identifier){ case MQTT_PROP_CONTENT_TYPE: case MQTT_PROP_CORRELATION_DATA: case MQTT_PROP_PAYLOAD_FORMAT_INDICATOR: case MQTT_PROP_RESPONSE_TOPIC: case MQTT_PROP_USER_PROPERTY: if(msg->properties){ msg_properties_last->next = p; msg_properties_last = p; }else{ msg->properties = p; msg_properties_last = p; } if(p_prev){ p_prev->next = p->next; p = p_prev->next; }else{ properties = p->next; p = properties; } msg_properties_last->next = NULL; break; case MQTT_PROP_TOPIC_ALIAS: topic_alias = p->value.i16; p_prev = p; p = p->next; break; case MQTT_PROP_MESSAGE_EXPIRY_INTERVAL: message_expiry_interval = p->value.i32; p_prev = p; p = p->next; break; case MQTT_PROP_SUBSCRIPTION_IDENTIFIER: p_prev = p; p = p->next; break; default: p = p->next; break; } } } mosquitto_property_free_all(&properties); if(topic_alias == 0 || (context->listener && topic_alias > context->listener->max_topic_alias)){ db__msg_store_free(msg); return MOSQ_ERR_TOPIC_ALIAS_INVALID; }else if(topic_alias > 0){ if(msg->topic){ rc = alias__add(context, msg->topic, (uint16_t)topic_alias); if(rc){ db__msg_store_free(msg); return rc; } }else{ rc = alias__find(context, &msg->topic, (uint16_t)topic_alias); if(rc){ db__msg_store_free(msg); return MOSQ_ERR_PROTOCOL; } } } #ifdef WITH_BRIDGE rc = bridge__remap_topic_in(context, &msg->topic); if(rc){ db__msg_store_free(msg); return rc; } #endif if(mosquitto_pub_topic_check(msg->topic) != MOSQ_ERR_SUCCESS){ db__msg_store_free(msg); return MOSQ_ERR_MALFORMED_PACKET; } msg->payloadlen = context->in_packet.remaining_length - context->in_packet.pos; G_PUB_BYTES_RECEIVED_INC(msg->payloadlen); if(context->listener && context->listener->mount_point){ len = strlen(context->listener->mount_point) + strlen(msg->topic) + 1; topic_mount = mosquitto__malloc(len+1); if(!topic_mount){ db__msg_store_free(msg); return MOSQ_ERR_NOMEM; } snprintf(topic_mount, len, ""%s%s"", context->listener->mount_point, msg->topic); topic_mount[len] = '\0'; mosquitto__free(msg->topic); msg->topic = topic_mount; } if(msg->payloadlen){ if(db.config->message_size_limit && msg->payloadlen > db.config->message_size_limit){ log__printf(NULL, MOSQ_LOG_DEBUG, ""Dropped too large PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))"", context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic, (long)msg->payloadlen); reason_code = MQTT_RC_PACKET_TOO_LARGE; goto process_bad_message; } msg->payload = mosquitto__malloc(msg->payloadlen+1); if(msg->payload == NULL){ db__msg_store_free(msg); return MOSQ_ERR_NOMEM; } ((uint8_t *)msg->payload)[msg->payloadlen] = 0; if(packet__read_bytes(&context->in_packet, msg->payload, msg->payloadlen)){ db__msg_store_free(msg); return MOSQ_ERR_MALFORMED_PACKET; } } rc = mosquitto_acl_check(context, msg->topic, msg->payloadlen, msg->payload, msg->qos, msg->retain, MOSQ_ACL_WRITE); if(rc == MOSQ_ERR_ACL_DENIED){ log__printf(NULL, MOSQ_LOG_DEBUG, ""Denied PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))"", context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic, (long)msg->payloadlen); reason_code = MQTT_RC_NOT_AUTHORIZED; goto process_bad_message; }else if(rc != MOSQ_ERR_SUCCESS){ db__msg_store_free(msg); return rc; } log__printf(NULL, MOSQ_LOG_DEBUG, ""Received PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))"", context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic, (long)msg->payloadlen); if(!strncmp(msg->topic, ""$CONTROL/"", 9)){ #ifdef WITH_CONTROL rc = control__process(context, msg); db__msg_store_free(msg); return rc; #else reason_code = MQTT_RC_IMPLEMENTATION_SPECIFIC; goto process_bad_message; #endif } { rc = plugin__handle_message(context, msg); if(rc == MOSQ_ERR_ACL_DENIED){ log__printf(NULL, MOSQ_LOG_DEBUG, ""Denied PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))"", context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic, (long)msg->payloadlen); reason_code = MQTT_RC_NOT_AUTHORIZED; goto process_bad_message; }else if(rc != MOSQ_ERR_SUCCESS){ db__msg_store_free(msg); return rc; } } if(msg->qos > 0){ db__message_store_find(context, msg->source_mid, &stored); } if(stored && msg->source_mid != 0 && (stored->qos != msg->qos || stored->payloadlen != msg->payloadlen || strcmp(stored->topic, msg->topic) || memcmp(stored->payload, msg->payload, msg->payloadlen) )){ log__printf(NULL, MOSQ_LOG_WARNING, ""Reused message ID %u from %s detected. Clearing from storage."", msg->source_mid, context->id); db__message_remove_incoming(context, msg->source_mid); stored = NULL; } if(!stored){ if(msg->qos == 0 || db__ready_for_flight(context, mosq_md_in, msg->qos) || db__ready_for_queue(context, msg->qos, &context->msgs_in)){ dup = 0; rc = db__message_store(context, msg, message_expiry_interval, 0, mosq_mo_client); if(rc) return rc; }else{ reason_code = MQTT_RC_QUOTA_EXCEEDED; goto process_bad_message; } stored = msg; msg = NULL; }else{ db__msg_store_free(msg); msg = NULL; dup = 1; } switch(stored->qos){ case 0: rc2 = sub__messages_queue(context->id, stored->topic, stored->qos, stored->retain, &stored); if(rc2 > 0) rc = 1; break; case 1: util__decrement_receive_quota(context); rc2 = sub__messages_queue(context->id, stored->topic, stored->qos, stored->retain, &stored); if(rc2 == MOSQ_ERR_SUCCESS || context->protocol != mosq_p_mqtt5){ if(send__puback(context, mid, 0, NULL)) rc = 1; }else if(rc2 == MOSQ_ERR_NO_SUBSCRIBERS){ if(send__puback(context, mid, MQTT_RC_NO_MATCHING_SUBSCRIBERS, NULL)) rc = 1; }else{ rc = rc2; } break; case 2: if(dup == 0){ res = db__message_insert(context, stored->source_mid, mosq_md_in, stored->qos, stored->retain, stored, NULL, false); }else{ res = 0; } if(!res){ if(send__pubrec(context, stored->source_mid, 0, NULL)) rc = 1; }else if(res == 1){ rc = 1; } break; } db__message_write_queued_in(context); return rc; process_bad_message: rc = 1; if(msg){ switch(msg->qos){ case 0: rc = MOSQ_ERR_SUCCESS; break; case 1: rc = send__puback(context, msg->source_mid, reason_code, NULL); break; case 2: rc = send__pubrec(context, msg->source_mid, reason_code, NULL); break; } db__msg_store_free(msg); } return rc; }",visit repo url,src/handle_publish.c,https://github.com/eclipse/mosquitto,180473946395567,1 4331,['CWE-119'],"void _af_adpcm_decoder (const uint8_t *indata, int16_t *outdata, int frameCount, int channelCount, struct adpcm_state *state) { const uint8_t *inp = indata; int16_t *outp = outdata; int step[channelCount]; int valpred[channelCount]; int index[channelCount]; for (int c=0; c 0; frameCount -= 8) { for (int c=0; c> 4) & 0xf; } else { inputbuffer = *inp++; delta = inputbuffer & 0xf; } index[c] += indexTable[delta]; index[c] = clamp(index[c], 0, 88); int sign = delta & 8; delta = delta & 7; int vpdiff = step[c] >> 3; if (delta & 4) vpdiff += step[c]; if (delta & 2) vpdiff += step[c]>>1; if (delta & 1) vpdiff += step[c]>>2; if (sign) valpred[c] -= vpdiff; else valpred[c] += vpdiff; valpred[c] = clamp(valpred[c], -32768, 32767); step[c] = stepsizeTable[index[c]]; outp[s*channelCount + c] = valpred[c]; bufferstep = !bufferstep; } } outp += channelCount * 8; } for (int c=0; ckey_len; int error; struct neighbour *n1, *rc, *n = neigh_alloc(tbl); if (!n) { rc = ERR_PTR(-ENOBUFS); goto out; } memcpy(n->primary_key, pkey, key_len); n->dev = dev; dev_hold(dev); if (tbl->constructor && (error = tbl->constructor(n)) < 0) { rc = ERR_PTR(error); goto out_neigh_release; } if (n->parms->neigh_setup && (error = n->parms->neigh_setup(n)) < 0) { rc = ERR_PTR(error); goto out_neigh_release; } n->confirmed = jiffies - (n->parms->base_reachable_time << 1); write_lock_bh(&tbl->lock); if (atomic_read(&tbl->entries) > (tbl->hash_mask + 1)) neigh_hash_grow(tbl, (tbl->hash_mask + 1) << 1); hash_val = tbl->hash(pkey, dev) & tbl->hash_mask; if (n->parms->dead) { rc = ERR_PTR(-EINVAL); goto out_tbl_unlock; } for (n1 = tbl->hash_buckets[hash_val]; n1; n1 = n1->next) { if (dev == n1->dev && !memcmp(n1->primary_key, pkey, key_len)) { neigh_hold(n1); rc = n1; goto out_tbl_unlock; } } n->next = tbl->hash_buckets[hash_val]; tbl->hash_buckets[hash_val] = n; n->dead = 0; neigh_hold(n); write_unlock_bh(&tbl->lock); NEIGH_PRINTK2(""neigh %p is created.\n"", n); rc = n; out: return rc; out_tbl_unlock: write_unlock_bh(&tbl->lock); out_neigh_release: neigh_release(n); goto out; }",linux-2.6,,,37489440367235629021975273923886462794,0 5855,CWE-125,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_rpsi( const void *buf, pj_size_t length, pjmedia_rtcp_fb_rpsi *rpsi) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; pj_uint8_t *p; pj_uint8_t padlen; pj_size_t rpsi_len; PJ_ASSERT_RETURN(buf && rpsi, PJ_EINVAL); PJ_ASSERT_RETURN(length >= sizeof(pjmedia_rtcp_common), PJ_ETOOSMALL); if (hdr->pt != RTCP_PSFB || hdr->count != 3) return PJ_ENOTFOUND; rpsi_len = (pj_ntohs((pj_uint16_t)hdr->length)-2) * 4; if (length < rpsi_len + 12) return PJ_ETOOSMALL; p = (pj_uint8_t*)hdr + sizeof(*hdr); padlen = *p++; rpsi->pt = (*p++ & 0x7F); rpsi->rpsi_bit_len = rpsi_len*8 - 16 - padlen; pj_strset(&rpsi->rpsi, (char*)p, (rpsi->rpsi_bit_len + 7)/8); return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,62757712502521,1 2105,CWE-200,"static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_comp rcomp; strlcpy(rcomp.type, ""compression"", sizeof(rcomp.type)); if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, sizeof(struct crypto_report_comp), &rcomp)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user_base.c,https://github.com/torvalds/linux,128355935203311,1 2882,CWE-190,"static int readContigStripsIntoBuffer (TIFF* in, uint8* buf) { uint8* bufp = buf; int32 bytes_read = 0; uint16 strip, nstrips = TIFFNumberOfStrips(in); uint32 stripsize = TIFFStripSize(in); uint32 rows = 0; uint32 rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); tsize_t scanline_size = TIFFScanlineSize(in); if (scanline_size == 0) { TIFFError("""", ""TIFF scanline size is zero!""); return 0; } for (strip = 0; strip < nstrips; strip++) { bytes_read = TIFFReadEncodedStrip (in, strip, bufp, -1); rows = bytes_read / scanline_size; if ((strip < (nstrips - 1)) && (bytes_read != (int32)stripsize)) TIFFError("""", ""Strip %d: read %lu bytes, strip size %lu"", (int)strip + 1, (unsigned long) bytes_read, (unsigned long)stripsize); if (bytes_read < 0 && !ignore) { TIFFError("""", ""Error reading strip %lu after %lu rows"", (unsigned long) strip, (unsigned long)rows); return 0; } bufp += bytes_read; } return 1; } ",visit repo url,tools/tiffcrop.c,https://github.com/vadz/libtiff,156107693138886,1 5255,CWE-119,"SQLWCHAR* _single_string_alloc_and_expand( LPCSTR in ) { SQLWCHAR *chr; int len = 0; if ( !in ) { return in; } while ( in[ len ] != 0 ) { len ++; } chr = malloc( sizeof( SQLWCHAR ) * ( len + 1 )); len = 0; while ( in[ len ] != 0 ) { chr[ len ] = in[ len ]; len ++; } chr[ len ++ ] = 0; return chr; }",visit repo url,odbcinst/SQLCreateDataSource.c,https://github.com/lurcher/unixODBC,139391451091641,1 4763,['CWE-20'],"static int ext4_get_sb(struct file_system_type *fs_type, int flags, const char *dev_name, void *data, struct vfsmount *mnt) { return get_sb_bdev(fs_type, flags, dev_name, data, ext4_fill_super, mnt); }",linux-2.6,,,229622839776509319440109159797607853025,0 5975,CWE-120,"static CYTHON_SMALL_CODE int __pyx_pymod_exec_varint(PyObject *__pyx_pyinit_module) #endif #endif { PyObject *__pyx_t_1 = NULL; __Pyx_RefNannyDeclarations #if CYTHON_PEP489_MULTI_PHASE_INIT if (__pyx_m) { if (__pyx_m == __pyx_pyinit_module) return 0; PyErr_SetString(PyExc_RuntimeError, ""Module 'varint' has already been imported. Re-initialisation is not supported.""); return -1; } #elif PY_MAJOR_VERSION >= 3 if (__pyx_m) return __Pyx_NewRef(__pyx_m); #endif #if CYTHON_REFNANNY __Pyx_RefNanny = __Pyx_RefNannyImportAPI(""refnanny""); if (!__Pyx_RefNanny) { PyErr_Clear(); __Pyx_RefNanny = __Pyx_RefNannyImportAPI(""Cython.Runtime.refnanny""); if (!__Pyx_RefNanny) Py_FatalError(""failed to import 'refnanny' module""); } #endif __Pyx_RefNannySetupContext(""__Pyx_PyMODINIT_FUNC PyInit_varint(void)"", 0); if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #ifdef __Pxy_PyFrame_Initialize_Offsets __Pxy_PyFrame_Initialize_Offsets(); #endif __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error) __pyx_empty_bytes = PyBytes_FromStringAndSize("""", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error) __pyx_empty_unicode = PyUnicode_FromStringAndSize("""", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error) #ifdef __Pyx_CyFunction_USED if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_FusedFunction_USED if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_Coroutine_USED if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_Generator_USED if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_AsyncGen_USED if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #ifdef __Pyx_StopAsyncIteration_USED if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif #if defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS #ifdef WITH_THREAD PyEval_InitThreads(); #endif #endif #if CYTHON_PEP489_MULTI_PHASE_INIT __pyx_m = __pyx_pyinit_module; Py_INCREF(__pyx_m); #else #if PY_MAJOR_VERSION < 3 __pyx_m = Py_InitModule4(""varint"", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m); #else __pyx_m = PyModule_Create(&__pyx_moduledef); #endif if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error) #endif __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error) Py_INCREF(__pyx_d); __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error) Py_INCREF(__pyx_b); __pyx_cython_runtime = PyImport_AddModule((char *) ""cython_runtime""); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error) Py_INCREF(__pyx_cython_runtime); if (PyObject_SetAttrString(__pyx_m, ""__builtins__"", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error); if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT) if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif if (__pyx_module_is_main_clickhouse_driver__varint) { if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error) } #if PY_MAJOR_VERSION >= 3 { PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error) if (!PyDict_GetItemString(modules, ""clickhouse_driver.varint"")) { if (unlikely(PyDict_SetItemString(modules, ""clickhouse_driver.varint"", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error) } } #endif if (__Pyx_InitCachedBuiltins() < 0) goto __pyx_L1_error; if (__Pyx_InitCachedConstants() < 0) goto __pyx_L1_error; (void)__Pyx_modinit_global_init_code(); (void)__Pyx_modinit_variable_export_code(); (void)__Pyx_modinit_function_export_code(); (void)__Pyx_modinit_type_init_code(); if (unlikely(__Pyx_modinit_type_import_code() != 0)) goto __pyx_L1_error; (void)__Pyx_modinit_variable_import_code(); (void)__Pyx_modinit_function_import_code(); #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED) if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error) #endif __pyx_t_1 = PyCFunction_NewEx(&__pyx_mdef_17clickhouse_driver_6varint_1write_varint, NULL, __pyx_n_s_clickhouse_driver_varint); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); if (PyDict_SetItem(__pyx_d, __pyx_n_s_write_varint, __pyx_t_1) < 0) __PYX_ERR(0, 4, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = PyCFunction_NewEx(&__pyx_mdef_17clickhouse_driver_6varint_3read_varint, NULL, __pyx_n_s_clickhouse_driver_varint); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 29, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); if (PyDict_SetItem(__pyx_d, __pyx_n_s_read_varint, __pyx_t_1) < 0) __PYX_ERR(0, 29, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error) __Pyx_GOTREF(__pyx_t_1); if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error) __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0; goto __pyx_L0; __pyx_L1_error:; __Pyx_XDECREF(__pyx_t_1); if (__pyx_m) { if (__pyx_d) { __Pyx_AddTraceback(""init clickhouse_driver.varint"", __pyx_clineno, __pyx_lineno, __pyx_filename); } Py_CLEAR(__pyx_m); } else if (!PyErr_Occurred()) { PyErr_SetString(PyExc_ImportError, ""init clickhouse_driver.varint""); } __pyx_L0:; __Pyx_RefNannyFinishContext(); #if CYTHON_PEP489_MULTI_PHASE_INIT return (__pyx_m != NULL) ? 0 : -1; #elif PY_MAJOR_VERSION >= 3 return __pyx_m; #else return; #endif }",visit repo url,clickhouse_driver/varint.c,https://github.com/mymarilyn/clickhouse-driver,257976315808995,1 563,CWE-189,"build_unc_path_to_root(const struct smb_vol *vol, const struct cifs_sb_info *cifs_sb) { char *full_path, *pos; unsigned int pplen = vol->prepath ? strlen(vol->prepath) + 1 : 0; unsigned int unc_len = strnlen(vol->UNC, MAX_TREE_SIZE + 1); full_path = kmalloc(unc_len + pplen + 1, GFP_KERNEL); if (full_path == NULL) return ERR_PTR(-ENOMEM); strncpy(full_path, vol->UNC, unc_len); pos = full_path + unc_len; if (pplen) { *pos++ = CIFS_DIR_SEP(cifs_sb); strncpy(pos, vol->prepath, pplen); pos += pplen; } *pos = '\0'; convert_delimiter(full_path, CIFS_DIR_SEP(cifs_sb)); cifs_dbg(FYI, ""%s: full_path=%s\n"", __func__, full_path); return full_path; }",visit repo url,fs/cifs/connect.c,https://github.com/torvalds/linux,78497192818964,1 212,CWE-476,"static int xfrm_dump_sa_done(struct netlink_callback *cb) { struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; struct sock *sk = cb->skb->sk; struct net *net = sock_net(sk); xfrm_state_walk_done(walk, net); return 0; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/torvalds/linux,200668240098011,1 3869,CWE-416,"f_assert_fails(typval_T *argvars, typval_T *rettv) { char_u *cmd; garray_T ga; int save_trylevel = trylevel; int called_emsg_before = called_emsg; char *wrong_arg_msg = NULL; if (check_for_string_or_number_arg(argvars, 0) == FAIL || check_for_opt_string_or_list_arg(argvars, 1) == FAIL || (argvars[1].v_type != VAR_UNKNOWN && (argvars[2].v_type != VAR_UNKNOWN && (check_for_opt_number_arg(argvars, 3) == FAIL || (argvars[3].v_type != VAR_UNKNOWN && check_for_opt_string_arg(argvars, 4) == FAIL))))) return; cmd = tv_get_string_chk(&argvars[0]); trylevel = 0; suppress_errthrow = TRUE; in_assert_fails = TRUE; do_cmdline_cmd(cmd); if (called_emsg == called_emsg_before) { prepare_assert_error(&ga); ga_concat(&ga, (char_u *)""command did not fail: ""); assert_append_cmd_or_arg(&ga, argvars, cmd); assert_error(&ga); ga_clear(&ga); rettv->vval.v_number = 1; } else if (argvars[1].v_type != VAR_UNKNOWN) { char_u buf[NUMBUFLEN]; char_u *expected; char_u *expected_str = NULL; int error_found = FALSE; int error_found_index = 1; char_u *actual = emsg_assert_fails_msg == NULL ? (char_u *)""[unknown]"" : emsg_assert_fails_msg; if (argvars[1].v_type == VAR_STRING) { expected = tv_get_string_buf_chk(&argvars[1], buf); error_found = expected == NULL || strstr((char *)actual, (char *)expected) == NULL; } else if (argvars[1].v_type == VAR_LIST) { list_T *list = argvars[1].vval.v_list; typval_T *tv; if (list == NULL || list->lv_len < 1 || list->lv_len > 2) { wrong_arg_msg = e_assert_fails_second_arg; goto theend; } CHECK_LIST_MATERIALIZE(list); tv = &list->lv_first->li_tv; expected = tv_get_string_buf_chk(tv, buf); if (!pattern_match(expected, actual, FALSE)) { error_found = TRUE; expected_str = expected; } else if (list->lv_len == 2) { tv = &list->lv_u.mat.lv_last->li_tv; actual = get_vim_var_str(VV_ERRMSG); expected = tv_get_string_buf_chk(tv, buf); if (!pattern_match(expected, actual, FALSE)) { error_found = TRUE; expected_str = expected; } } } else { wrong_arg_msg = e_assert_fails_second_arg; goto theend; } if (!error_found && argvars[2].v_type != VAR_UNKNOWN && argvars[3].v_type != VAR_UNKNOWN) { if (argvars[3].v_type != VAR_NUMBER) { wrong_arg_msg = e_assert_fails_fourth_argument; goto theend; } else if (argvars[3].vval.v_number >= 0 && argvars[3].vval.v_number != emsg_assert_fails_lnum) { error_found = TRUE; error_found_index = 3; } if (!error_found && argvars[4].v_type != VAR_UNKNOWN) { if (argvars[4].v_type != VAR_STRING) { wrong_arg_msg = e_assert_fails_fifth_argument; goto theend; } else if (argvars[4].vval.v_string != NULL && !pattern_match(argvars[4].vval.v_string, emsg_assert_fails_context, FALSE)) { error_found = TRUE; error_found_index = 4; } } } if (error_found) { typval_T actual_tv; prepare_assert_error(&ga); if (error_found_index == 3) { actual_tv.v_type = VAR_NUMBER; actual_tv.vval.v_number = emsg_assert_fails_lnum; } else if (error_found_index == 4) { actual_tv.v_type = VAR_STRING; actual_tv.vval.v_string = emsg_assert_fails_context; } else { actual_tv.v_type = VAR_STRING; actual_tv.vval.v_string = actual; } fill_assert_error(&ga, &argvars[2], expected_str, &argvars[error_found_index], &actual_tv, ASSERT_OTHER); ga_concat(&ga, (char_u *)"": ""); assert_append_cmd_or_arg(&ga, argvars, cmd); assert_error(&ga); ga_clear(&ga); rettv->vval.v_number = 1; } } theend: trylevel = save_trylevel; suppress_errthrow = FALSE; in_assert_fails = FALSE; did_emsg = FALSE; got_int = FALSE; msg_col = 0; need_wait_return = FALSE; emsg_on_display = FALSE; msg_scrolled = 0; lines_left = Rows; VIM_CLEAR(emsg_assert_fails_msg); set_vim_var_string(VV_ERRMSG, NULL, 0); if (wrong_arg_msg != NULL) emsg(_(wrong_arg_msg)); }",visit repo url,src/testing.c,https://github.com/vim/vim,25509627591501,1 1800,[],"static inline u64 global_rt_runtime(void) { if (sysctl_sched_rt_period < 0) return RUNTIME_INF; return (u64)sysctl_sched_rt_runtime * NSEC_PER_USEC; }",linux-2.6,,,335226502135094481742848590802682324558,0 2444,CWE-834,"static int ivr_read_header(AVFormatContext *s) { unsigned tag, type, len, tlen, value; int i, j, n, count, nb_streams = 0, ret; uint8_t key[256], val[256]; AVIOContext *pb = s->pb; AVStream *st; int64_t pos, offset, temp; pos = avio_tell(pb); tag = avio_rl32(pb); if (tag == MKTAG('.','R','1','M')) { if (avio_rb16(pb) != 1) return AVERROR_INVALIDDATA; if (avio_r8(pb) != 1) return AVERROR_INVALIDDATA; len = avio_rb32(pb); avio_skip(pb, len); avio_skip(pb, 5); temp = avio_rb64(pb); while (!avio_feof(pb) && temp) { offset = temp; temp = avio_rb64(pb); } avio_skip(pb, offset - avio_tell(pb)); if (avio_r8(pb) != 1) return AVERROR_INVALIDDATA; len = avio_rb32(pb); avio_skip(pb, len); if (avio_r8(pb) != 2) return AVERROR_INVALIDDATA; avio_skip(pb, 16); pos = avio_tell(pb); tag = avio_rl32(pb); } if (tag != MKTAG('.','R','E','C')) return AVERROR_INVALIDDATA; if (avio_r8(pb) != 0) return AVERROR_INVALIDDATA; count = avio_rb32(pb); for (i = 0; i < count; i++) { if (avio_feof(pb)) return AVERROR_INVALIDDATA; type = avio_r8(pb); tlen = avio_rb32(pb); avio_get_str(pb, tlen, key, sizeof(key)); len = avio_rb32(pb); if (type == 5) { avio_get_str(pb, len, val, sizeof(val)); av_log(s, AV_LOG_DEBUG, ""%s = '%s'\n"", key, val); } else if (type == 4) { av_log(s, AV_LOG_DEBUG, ""%s = '0x"", key); for (j = 0; j < len; j++) av_log(s, AV_LOG_DEBUG, ""%X"", avio_r8(pb)); av_log(s, AV_LOG_DEBUG, ""'\n""); } else if (len == 4 && type == 3 && !strncmp(key, ""StreamCount"", tlen)) { nb_streams = value = avio_rb32(pb); } else if (len == 4 && type == 3) { value = avio_rb32(pb); av_log(s, AV_LOG_DEBUG, ""%s = %d\n"", key, value); } else { av_log(s, AV_LOG_DEBUG, ""Skipping unsupported key: %s\n"", key); avio_skip(pb, len); } } for (n = 0; n < nb_streams; n++) { st = avformat_new_stream(s, NULL); if (!st) return AVERROR(ENOMEM); st->priv_data = ff_rm_alloc_rmstream(); if (!st->priv_data) return AVERROR(ENOMEM); if (avio_r8(pb) != 1) return AVERROR_INVALIDDATA; count = avio_rb32(pb); for (i = 0; i < count; i++) { if (avio_feof(pb)) return AVERROR_INVALIDDATA; type = avio_r8(pb); tlen = avio_rb32(pb); avio_get_str(pb, tlen, key, sizeof(key)); len = avio_rb32(pb); if (type == 5) { avio_get_str(pb, len, val, sizeof(val)); av_log(s, AV_LOG_DEBUG, ""%s = '%s'\n"", key, val); } else if (type == 4 && !strncmp(key, ""OpaqueData"", tlen)) { ret = ffio_ensure_seekback(pb, 4); if (ret < 0) return ret; if (avio_rb32(pb) == MKBETAG('M', 'L', 'T', 'I')) { ret = rm_read_multi(s, pb, st, NULL); } else { avio_seek(pb, -4, SEEK_CUR); ret = ff_rm_read_mdpr_codecdata(s, pb, st, st->priv_data, len, NULL); } if (ret < 0) return ret; } else if (type == 4) { int j; av_log(s, AV_LOG_DEBUG, ""%s = '0x"", key); for (j = 0; j < len; j++) av_log(s, AV_LOG_DEBUG, ""%X"", avio_r8(pb)); av_log(s, AV_LOG_DEBUG, ""'\n""); } else if (len == 4 && type == 3 && !strncmp(key, ""Duration"", tlen)) { st->duration = avio_rb32(pb); } else if (len == 4 && type == 3) { value = avio_rb32(pb); av_log(s, AV_LOG_DEBUG, ""%s = %d\n"", key, value); } else { av_log(s, AV_LOG_DEBUG, ""Skipping unsupported key: %s\n"", key); avio_skip(pb, len); } } } if (avio_r8(pb) != 6) return AVERROR_INVALIDDATA; avio_skip(pb, 12); avio_skip(pb, avio_rb64(pb) + pos - avio_tell(s->pb)); if (avio_r8(pb) != 8) return AVERROR_INVALIDDATA; avio_skip(pb, 8); return 0; }",visit repo url,libavformat/rmdec.c,https://github.com/FFmpeg/FFmpeg,138790510671780,1 4108,CWE-119,"void Huff_offsetReceive (node_t *node, int *ch, byte *fin, int *offset) { bloc = *offset; while (node && node->symbol == INTERNAL_NODE) { if (get_bit(fin)) { node = node->right; } else { node = node->left; } } if (!node) { *ch = 0; return; } *ch = node->symbol; *offset = bloc; }",visit repo url,code/qcommon/huffman.c,https://github.com/ioquake/ioq3,29991319037201,1 626,CWE-20,"static int dgram_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { size_t copied = 0; int err = -EOPNOTSUPP; struct sk_buff *skb; struct sockaddr_ieee802154 *saddr; saddr = (struct sockaddr_ieee802154 *)msg->msg_name; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_ts_and_drops(msg, sk, skb); if (saddr) { saddr->family = AF_IEEE802154; saddr->addr = mac_cb(skb)->sa; } if (addr_len) *addr_len = sizeof(*saddr); if (flags & MSG_TRUNC) copied = skb->len; done: skb_free_datagram(sk, skb); out: if (err) return err; return copied; }",visit repo url,net/ieee802154/dgram.c,https://github.com/torvalds/linux,200215486943825,1 1233,[],"m4_format (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 2, -1)) return; format (obs, argc - 1, argv + 1); }",m4,,,264825743507493535505811651902632920867,0 269,[],"static int do_ncp_getprivatedata(unsigned int fd, unsigned int cmd, unsigned long arg) { struct ncp_privatedata_ioctl_32 n32, __user *p32 = compat_ptr(arg); struct ncp_privatedata_ioctl __user *p = compat_alloc_user_space(sizeof(*p)); u32 len; int err; if (copy_from_user(&n32, p32, sizeof(n32)) || put_user(n32.len, &p->len) || put_user(compat_ptr(n32.data), &p->data)) return -EFAULT; err = sys_ioctl(fd, NCP_IOC_GETPRIVATEDATA, (unsigned long)p); if (err) return err; if (get_user(len, &p->len) || put_user(len, &p32->len)) return -EFAULT; return 0; }",linux-2.6,,,76018555147974719493118470637566837210,0 1521,[],"int alloc_rt_sched_group(struct task_group *tg, struct task_group *parent) { return 1; }",linux-2.6,,,69773108934015691372504564947630734817,0 6271,CWE-120,"static int pad_pkcs1(bn_t m, int *p_len, int m_len, int k_len, int operation) { uint8_t *id, pad = 0; int len, result = RLC_OK; bn_t t; bn_null(t); RLC_TRY { bn_new(t); switch (operation) { case RSA_ENC: bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PUB); *p_len = k_len - 3 - m_len; for (int i = 0; i < *p_len; i++) { bn_lsh(m, m, 8); do { rand_bytes(&pad, 1); } while (pad == 0); bn_add_dig(m, m, pad); } bn_lsh(m, m, 8); bn_add_dig(m, m, 0); bn_lsh(m, m, m_len * 8); break; case RSA_DEC: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } *p_len = m_len; m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; if (pad != RSA_PUB) { result = RLC_ERR; } do { m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad != 0 && m_len > 0); *p_len -= (m_len - 1); bn_mod_2b(m, m, (k_len - *p_len) * 8); break; case RSA_SIG: id = hash_id(MD_MAP, &len); bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PRV); *p_len = k_len - 3 - m_len - len; for (int i = 0; i < *p_len; i++) { bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PAD); } bn_lsh(m, m, 8); bn_add_dig(m, m, 0); bn_lsh(m, m, 8 * len); bn_read_bin(t, id, len); bn_add(m, m, t); bn_lsh(m, m, m_len * 8); break; case RSA_SIG_HASH: bn_zero(m); bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PRV); *p_len = k_len - 3 - m_len; for (int i = 0; i < *p_len; i++) { bn_lsh(m, m, 8); bn_add_dig(m, m, RSA_PAD); } bn_lsh(m, m, 8); bn_add_dig(m, m, 0); bn_lsh(m, m, m_len * 8); break; case RSA_VER: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; if (pad != RSA_PRV) { result = RLC_ERR; } do { m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad != 0 && m_len > 0); if (m_len == 0) { result = RLC_ERR; } id = hash_id(MD_MAP, &len); m_len -= len; bn_rsh(t, m, m_len * 8); int r = 0; for (int i = 0; i < len; i++) { pad = (uint8_t)t->dp[0]; r |= pad - id[len - i - 1]; bn_rsh(t, t, 8); } *p_len = k_len - m_len; bn_mod_2b(m, m, m_len * 8); result = (r == 0 ? RLC_OK : RLC_ERR); break; case RSA_VER_HASH: m_len = k_len - 1; bn_rsh(t, m, 8 * m_len); if (!bn_is_zero(t)) { result = RLC_ERR; } m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; if (pad != RSA_PRV) { result = RLC_ERR; } do { m_len--; bn_rsh(t, m, 8 * m_len); pad = (uint8_t)t->dp[0]; } while (pad != 0 && m_len > 0); if (m_len == 0) { result = RLC_ERR; } *p_len = k_len - m_len; bn_mod_2b(m, m, m_len * 8); break; } } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { bn_free(t); } return result; }",visit repo url,src/cp/relic_cp_rsa.c,https://github.com/relic-toolkit/relic,215678258689758,1 4227,['CWE-399'],"void dev_init_scheduler(struct net_device *dev) { qdisc_lock_tree(dev); dev->qdisc = &noop_qdisc; dev->qdisc_sleeping = &noop_qdisc; INIT_LIST_HEAD(&dev->qdisc_list); qdisc_unlock_tree(dev); setup_timer(&dev->watchdog_timer, dev_watchdog, (unsigned long)dev); }",linux-2.6,,,332002716228869781204943223103768282253,0 6629,['CWE-200'],"add_done_cb (NMConnectionEditor *editor, gint response, GError *error, gpointer user_data) { ActionInfo *info = (ActionInfo *) user_data; NMConnection *connection; const char *message = _(""An unknown error ocurred.""); connection = nm_connection_editor_get_connection (editor); switch (response) { case GTK_RESPONSE_NONE: if (error && error->message) message = error->message; error_dialog (GTK_WINDOW (editor->window), _(""Error initializing editor""), ""%s"", message); break; case GTK_RESPONSE_OK: add_connection (info->list, editor, connection, NULL, NULL); break; case GTK_RESPONSE_CANCEL: break; default: g_assert_not_reached (); break; } g_hash_table_remove (info->list->editors, connection); }",network-manager-applet,,,317080227395646353974388447674650796673,0 2572,[],"static void free_attr_elem(struct attr_stack *e) { int i; free(e->origin); for (i = 0; i < e->num_matches; i++) { struct match_attr *a = e->attrs[i]; int j; for (j = 0; j < a->num_attr; j++) { const char *setto = a->state[j].setto; if (setto == ATTR__TRUE || setto == ATTR__FALSE || setto == ATTR__UNSET || setto == ATTR__UNKNOWN) ; else free((char*) setto); } free(a); } free(e); }",git,,,338185526678029445241502047900726709051,0 1182,['CWE-189'],"ktime_t ktime_add_ns(const ktime_t kt, u64 nsec) { ktime_t tmp; if (likely(nsec < NSEC_PER_SEC)) { tmp.tv64 = nsec; } else { unsigned long rem = do_div(nsec, NSEC_PER_SEC); tmp = ktime_set((long)nsec, rem); } return ktime_add(kt, tmp); }",linux-2.6,,,293222554793358803074898652992748647969,0 4164,['CWE-399'],"static void register_hinfo(AvahiServer *s) { struct utsname utsname; AvahiRecord *r; assert(s); if (!s->config.publish_hinfo) return; if (s->hinfo_entry_group) assert(avahi_s_entry_group_is_empty(s->hinfo_entry_group)); else s->hinfo_entry_group = avahi_s_entry_group_new(s, avahi_host_rr_entry_group_callback, NULL); if (!s->hinfo_entry_group) { avahi_log_warn(""Failed to create HINFO entry group: %s"", avahi_strerror(s->error)); return; } if ((r = avahi_record_new_full(s->host_name_fqdn, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_HINFO, AVAHI_DEFAULT_TTL_HOST_NAME))) { if (uname(&utsname) < 0) avahi_log_warn(""uname() failed: %s\n"", avahi_strerror(errno)); else { r->data.hinfo.cpu = avahi_strdup(avahi_strup(utsname.machine)); r->data.hinfo.os = avahi_strdup(avahi_strup(utsname.sysname)); avahi_log_info(""Registering HINFO record with values '%s'/'%s'."", r->data.hinfo.cpu, r->data.hinfo.os); if (avahi_server_add(s, s->hinfo_entry_group, AVAHI_IF_UNSPEC, AVAHI_PROTO_UNSPEC, AVAHI_PUBLISH_UNIQUE, r) < 0) { avahi_log_warn(""Failed to add HINFO RR: %s"", avahi_strerror(s->error)); return; } } avahi_record_unref(r); } if (avahi_s_entry_group_commit(s->hinfo_entry_group) < 0) avahi_log_warn(""Failed to commit HINFO entry group: %s"", avahi_strerror(s->error)); }",avahi,,,52260941177353036751319465344682851651,0 1636,CWE-264,"int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) { struct ipv6_txoptions opt_space; struct udp_sock *up = udp_sk(sk); struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name); struct in6_addr *daddr, *final_p, final; struct ipv6_txoptions *opt = NULL; struct ip6_flowlabel *flowlabel = NULL; struct flowi6 fl6; struct dst_entry *dst; int addr_len = msg->msg_namelen; int ulen = len; int hlimit = -1; int tclass = -1; int dontfrag = -1; int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; int err; int connected = 0; int is_udplite = IS_UDPLITE(sk); int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); if (sin6) { if (addr_len < offsetof(struct sockaddr, sa_data)) return -EINVAL; switch (sin6->sin6_family) { case AF_INET6: if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; daddr = &sin6->sin6_addr; break; case AF_INET: goto do_udp_sendmsg; case AF_UNSPEC: msg->msg_name = sin6 = NULL; msg->msg_namelen = addr_len = 0; daddr = NULL; break; default: return -EINVAL; } } else if (!up->pending) { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; daddr = &sk->sk_v6_daddr; } else daddr = NULL; if (daddr) { if (ipv6_addr_v4mapped(daddr)) { struct sockaddr_in sin; sin.sin_family = AF_INET; sin.sin_port = sin6 ? sin6->sin6_port : inet->inet_dport; sin.sin_addr.s_addr = daddr->s6_addr32[3]; msg->msg_name = &sin; msg->msg_namelen = sizeof(sin); do_udp_sendmsg: if (__ipv6_only_sock(sk)) return -ENETUNREACH; return udp_sendmsg(sk, msg, len); } } if (up->pending == AF_INET) return udp_sendmsg(sk, msg, len); if (len > INT_MAX - sizeof(struct udphdr)) return -EMSGSIZE; getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; if (up->pending) { lock_sock(sk); if (likely(up->pending)) { if (unlikely(up->pending != AF_INET6)) { release_sock(sk); return -EAFNOSUPPORT; } dst = NULL; goto do_append_data; } release_sock(sk); } ulen += sizeof(struct udphdr); memset(&fl6, 0, sizeof(fl6)); if (sin6) { if (sin6->sin6_port == 0) return -EINVAL; fl6.fl6_dport = sin6->sin6_port; daddr = &sin6->sin6_addr; if (np->sndflow) { fl6.flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK; if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } } if (sk->sk_state == TCP_ESTABLISHED && ipv6_addr_equal(daddr, &sk->sk_v6_daddr)) daddr = &sk->sk_v6_daddr; if (addr_len >= sizeof(struct sockaddr_in6) && sin6->sin6_scope_id && __ipv6_addr_needs_scope_id(__ipv6_addr_type(daddr))) fl6.flowi6_oif = sin6->sin6_scope_id; } else { if (sk->sk_state != TCP_ESTABLISHED) return -EDESTADDRREQ; fl6.fl6_dport = inet->inet_dport; daddr = &sk->sk_v6_daddr; fl6.flowlabel = np->flow_label; connected = 1; } if (!fl6.flowi6_oif) fl6.flowi6_oif = sk->sk_bound_dev_if; if (!fl6.flowi6_oif) fl6.flowi6_oif = np->sticky_pktinfo.ipi6_ifindex; fl6.flowi6_mark = sk->sk_mark; if (msg->msg_controllen) { opt = &opt_space; memset(opt, 0, sizeof(struct ipv6_txoptions)); opt->tot_len = sizeof(*opt); err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt, &hlimit, &tclass, &dontfrag); if (err < 0) { fl6_sock_release(flowlabel); return err; } if ((fl6.flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) { flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); if (!flowlabel) return -EINVAL; } if (!(opt->opt_nflen|opt->opt_flen)) opt = NULL; connected = 0; } if (!opt) opt = np->opt; if (flowlabel) opt = fl6_merge_options(&opt_space, flowlabel, opt); opt = ipv6_fixup_options(&opt_space, opt); fl6.flowi6_proto = sk->sk_protocol; if (!ipv6_addr_any(daddr)) fl6.daddr = *daddr; else fl6.daddr.s6_addr[15] = 0x1; if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr)) fl6.saddr = np->saddr; fl6.fl6_sport = inet->inet_sport; final_p = fl6_update_dst(&fl6, opt, &final); if (final_p) connected = 0; if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) { fl6.flowi6_oif = np->mcast_oif; connected = 0; } else if (!fl6.flowi6_oif) fl6.flowi6_oif = np->ucast_oif; security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); dst = ip6_sk_dst_lookup_flow(sk, &fl6, final_p); if (IS_ERR(dst)) { err = PTR_ERR(dst); dst = NULL; goto out; } if (hlimit < 0) hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); if (tclass < 0) tclass = np->tclass; if (msg->msg_flags&MSG_CONFIRM) goto do_confirm; back_from_confirm: if (!corkreq) { struct sk_buff *skb; skb = ip6_make_skb(sk, getfrag, msg, ulen, sizeof(struct udphdr), hlimit, tclass, opt, &fl6, (struct rt6_info *)dst, msg->msg_flags, dontfrag); err = PTR_ERR(skb); if (!IS_ERR_OR_NULL(skb)) err = udp_v6_send_skb(skb, &fl6); goto release_dst; } lock_sock(sk); if (unlikely(up->pending)) { release_sock(sk); net_dbg_ratelimited(""udp cork app bug 2\n""); err = -EINVAL; goto out; } up->pending = AF_INET6; do_append_data: if (dontfrag < 0) dontfrag = np->dontfrag; up->len += ulen; err = ip6_append_data(sk, getfrag, msg, ulen, sizeof(struct udphdr), hlimit, tclass, opt, &fl6, (struct rt6_info *)dst, corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags, dontfrag); if (err) udp_v6_flush_pending_frames(sk); else if (!corkreq) err = udp_v6_push_pending_frames(sk); else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) up->pending = 0; if (err > 0) err = np->recverr ? net_xmit_errno(err) : 0; release_sock(sk); release_dst: if (dst) { if (connected) { ip6_dst_store(sk, dst, ipv6_addr_equal(&fl6.daddr, &sk->sk_v6_daddr) ? &sk->sk_v6_daddr : NULL, #ifdef CONFIG_IPV6_SUBTREES ipv6_addr_equal(&fl6.saddr, &np->saddr) ? &np->saddr : #endif NULL); } else { dst_release(dst); } dst = NULL; } out: dst_release(dst); fl6_sock_release(flowlabel); if (!err) return len; if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_SNDBUFERRORS, is_udplite); } return err; do_confirm: dst_confirm(dst); if (!(msg->msg_flags&MSG_PROBE) || len) goto back_from_confirm; err = 0; goto out; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,80813634374848,1 1945,CWE-401,"int sdma_init(struct hfi1_devdata *dd, u8 port) { unsigned this_idx; struct sdma_engine *sde; struct rhashtable *tmp_sdma_rht; u16 descq_cnt; void *curr_head; struct hfi1_pportdata *ppd = dd->pport + port; u32 per_sdma_credits; uint idle_cnt = sdma_idle_cnt; size_t num_engines = chip_sdma_engines(dd); int ret = -ENOMEM; if (!HFI1_CAP_IS_KSET(SDMA)) { HFI1_CAP_CLEAR(SDMA_AHG); return 0; } if (mod_num_sdma && mod_num_sdma <= chip_sdma_engines(dd) && mod_num_sdma >= num_vls) num_engines = mod_num_sdma; dd_dev_info(dd, ""SDMA mod_num_sdma: %u\n"", mod_num_sdma); dd_dev_info(dd, ""SDMA chip_sdma_engines: %u\n"", chip_sdma_engines(dd)); dd_dev_info(dd, ""SDMA chip_sdma_mem_size: %u\n"", chip_sdma_mem_size(dd)); per_sdma_credits = chip_sdma_mem_size(dd) / (num_engines * SDMA_BLOCK_SIZE); init_waitqueue_head(&dd->sdma_unfreeze_wq); atomic_set(&dd->sdma_unfreeze_count, 0); descq_cnt = sdma_get_descq_cnt(); dd_dev_info(dd, ""SDMA engines %zu descq_cnt %u\n"", num_engines, descq_cnt); dd->per_sdma = kcalloc_node(num_engines, sizeof(*dd->per_sdma), GFP_KERNEL, dd->node); if (!dd->per_sdma) return ret; idle_cnt = ns_to_cclock(dd, idle_cnt); if (idle_cnt) dd->default_desc1 = SDMA_DESC1_HEAD_TO_HOST_FLAG; else dd->default_desc1 = SDMA_DESC1_INT_REQ_FLAG; if (!sdma_desct_intr) sdma_desct_intr = SDMA_DESC_INTR; for (this_idx = 0; this_idx < num_engines; ++this_idx) { sde = &dd->per_sdma[this_idx]; sde->dd = dd; sde->ppd = ppd; sde->this_idx = this_idx; sde->descq_cnt = descq_cnt; sde->desc_avail = sdma_descq_freecnt(sde); sde->sdma_shift = ilog2(descq_cnt); sde->sdma_mask = (1 << sde->sdma_shift) - 1; sde->int_mask = (u64)1 << (0 * TXE_NUM_SDMA_ENGINES + this_idx); sde->progress_mask = (u64)1 << (1 * TXE_NUM_SDMA_ENGINES + this_idx); sde->idle_mask = (u64)1 << (2 * TXE_NUM_SDMA_ENGINES + this_idx); sde->imask = sde->int_mask | sde->progress_mask | sde->idle_mask; spin_lock_init(&sde->tail_lock); seqlock_init(&sde->head_lock); spin_lock_init(&sde->senddmactrl_lock); spin_lock_init(&sde->flushlist_lock); seqlock_init(&sde->waitlock); sde->ahg_bits = 0xfffffffe00000000ULL; sdma_set_state(sde, sdma_state_s00_hw_down); kref_init(&sde->state.kref); init_completion(&sde->state.comp); INIT_LIST_HEAD(&sde->flushlist); INIT_LIST_HEAD(&sde->dmawait); sde->tail_csr = get_kctxt_csr_addr(dd, this_idx, SD(TAIL)); tasklet_init(&sde->sdma_hw_clean_up_task, sdma_hw_clean_up_task, (unsigned long)sde); tasklet_init(&sde->sdma_sw_clean_up_task, sdma_sw_clean_up_task, (unsigned long)sde); INIT_WORK(&sde->err_halt_worker, sdma_err_halt_wait); INIT_WORK(&sde->flush_worker, sdma_field_flush); sde->progress_check_head = 0; timer_setup(&sde->err_progress_check_timer, sdma_err_progress_check, 0); sde->descq = dma_alloc_coherent(&dd->pcidev->dev, descq_cnt * sizeof(u64[2]), &sde->descq_phys, GFP_KERNEL); if (!sde->descq) goto bail; sde->tx_ring = kvzalloc_node(array_size(descq_cnt, sizeof(struct sdma_txreq *)), GFP_KERNEL, dd->node); if (!sde->tx_ring) goto bail; } dd->sdma_heads_size = L1_CACHE_BYTES * num_engines; dd->sdma_heads_dma = dma_alloc_coherent(&dd->pcidev->dev, dd->sdma_heads_size, &dd->sdma_heads_phys, GFP_KERNEL); if (!dd->sdma_heads_dma) { dd_dev_err(dd, ""failed to allocate SendDMA head memory\n""); goto bail; } dd->sdma_pad_dma = dma_alloc_coherent(&dd->pcidev->dev, sizeof(u32), &dd->sdma_pad_phys, GFP_KERNEL); if (!dd->sdma_pad_dma) { dd_dev_err(dd, ""failed to allocate SendDMA pad memory\n""); goto bail; } curr_head = (void *)dd->sdma_heads_dma; for (this_idx = 0; this_idx < num_engines; ++this_idx) { unsigned long phys_offset; sde = &dd->per_sdma[this_idx]; sde->head_dma = curr_head; curr_head += L1_CACHE_BYTES; phys_offset = (unsigned long)sde->head_dma - (unsigned long)dd->sdma_heads_dma; sde->head_phys = dd->sdma_heads_phys + phys_offset; init_sdma_regs(sde, per_sdma_credits, idle_cnt); } dd->flags |= HFI1_HAS_SEND_DMA; dd->flags |= idle_cnt ? HFI1_HAS_SDMA_TIMEOUT : 0; dd->num_sdma = num_engines; ret = sdma_map_init(dd, port, ppd->vls_operational, NULL); if (ret < 0) goto bail; tmp_sdma_rht = kzalloc(sizeof(*tmp_sdma_rht), GFP_KERNEL); if (!tmp_sdma_rht) { ret = -ENOMEM; goto bail; } ret = rhashtable_init(tmp_sdma_rht, &sdma_rht_params); if (ret < 0) goto bail; dd->sdma_rht = tmp_sdma_rht; dd_dev_info(dd, ""SDMA num_sdma: %u\n"", dd->num_sdma); return 0; bail: sdma_clean(dd, num_engines); return ret; }",visit repo url,drivers/infiniband/hw/hfi1/sdma.c,https://github.com/torvalds/linux,62728906291227,1 1544,CWE-399,"int udpv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct ipv6_pinfo *np = inet6_sk(sk); struct inet_sock *inet = inet_sk(sk); struct sk_buff *skb; unsigned int ulen, copied; int peeked, off = 0; int err; int is_udplite = IS_UDPLITE(sk); int is_udp4; bool slow; if (flags & MSG_ERRQUEUE) return ipv6_recv_error(sk, msg, len, addr_len); if (np->rxpmtu && np->rxopt.bits.rxpmtu) return ipv6_recv_rxpmtu(sk, msg, len, addr_len); try_again: skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), &peeked, &off, &err); if (!skb) goto out; ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) copied = ulen; else if (copied < ulen) msg->msg_flags |= MSG_TRUNC; is_udp4 = (skb->protocol == htons(ETH_P_IP)); if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { if (udp_lib_checksum_complete(skb)) goto csum_copy_err; } if (skb_csum_unnecessary(skb)) err = skb_copy_datagram_msg(skb, sizeof(struct udphdr), msg, copied); else { err = skb_copy_and_csum_datagram_msg(skb, sizeof(struct udphdr), msg); if (err == -EINVAL) goto csum_copy_err; } if (unlikely(err)) { trace_kfree_skb(skb, udpv6_recvmsg); if (!peeked) { atomic_inc(&sk->sk_drops); if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } goto out_free; } if (!peeked) { if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); else UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INDATAGRAMS, is_udplite); } sock_recv_ts_and_drops(msg, sk, skb); if (msg->msg_name) { DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name); sin6->sin6_family = AF_INET6; sin6->sin6_port = udp_hdr(skb)->source; sin6->sin6_flowinfo = 0; if (is_udp4) { ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &sin6->sin6_addr); sin6->sin6_scope_id = 0; } else { sin6->sin6_addr = ipv6_hdr(skb)->saddr; sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr, inet6_iif(skb)); } *addr_len = sizeof(*sin6); } if (np->rxopt.all) ip6_datagram_recv_common_ctl(sk, msg, skb); if (is_udp4) { if (inet->cmsg_flags) ip_cmsg_recv(msg, skb); } else { if (np->rxopt.all) ip6_datagram_recv_specific_ctl(sk, msg, skb); } err = copied; if (flags & MSG_TRUNC) err = ulen; out_free: skb_free_datagram_locked(sk, skb); out: return err; csum_copy_err: slow = lock_sock_fast(sk); if (!skb_kill_datagram(sk, skb, flags)) { if (is_udp4) { UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } else { UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); UDP6_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } } unlock_sock_fast(sk, slow); if (noblock) return -EAGAIN; msg->msg_flags &= ~MSG_TRUNC; goto try_again; }",visit repo url,net/ipv6/udp.c,https://github.com/torvalds/linux,154413193433852,1 1214,['CWE-20'],"CairoFontEngine::CairoFontEngine(FT_Library libA) { int i; lib = libA; for (i = 0; i < cairoFontCacheSize; ++i) { fontCache[i] = NULL; } FT_Int major, minor, patch; FT_Library_Version(lib, &major, &minor, &patch); useCIDs = major > 2 || (major == 2 && (minor > 1 || (minor == 1 && patch > 7))); }",poppler,,,131815587523519632415790482208746910769,0 2169,CWE-476,"static void tw5864_handle_frame(struct tw5864_h264_frame *frame) { #define SKIP_VLCBUF_BYTES 3 struct tw5864_input *input = frame->input; struct tw5864_dev *dev = input->root; struct tw5864_buf *vb; struct vb2_v4l2_buffer *v4l2_buf; int frame_len = frame->vlc_len - SKIP_VLCBUF_BYTES; u8 *dst = input->buf_cur_ptr; u8 tail_mask, vlc_mask = 0; int i; u8 vlc_first_byte = ((u8 *)(frame->vlc.addr + SKIP_VLCBUF_BYTES))[0]; unsigned long flags; int zero_run; u8 *src; u8 *src_end; #ifdef DEBUG if (frame->checksum != tw5864_vlc_checksum((u32 *)frame->vlc.addr, frame_len)) dev_err(&dev->pci->dev, ""Checksum of encoded frame doesn't match!\n""); #endif spin_lock_irqsave(&input->slock, flags); vb = input->vb; input->vb = NULL; spin_unlock_irqrestore(&input->slock, flags); v4l2_buf = to_vb2_v4l2_buffer(&vb->vb.vb2_buf); if (!vb) { dev_dbg(&dev->pci->dev, ""vb is empty, dropping frame\n""); return; } if (input->buf_cur_space_left < frame_len * 5 / 4) { dev_err_once(&dev->pci->dev, ""Left space in vb2 buffer, %d bytes, is less than considered safely enough to put frame of length %d. Dropping this frame.\n"", input->buf_cur_space_left, frame_len); return; } for (i = 0; i < 8 - input->tail_nb_bits; i++) vlc_mask |= 1 << i; tail_mask = (~vlc_mask) & 0xff; dst[0] = (input->tail & tail_mask) | (vlc_first_byte & vlc_mask); frame_len--; dst++; src = frame->vlc.addr + SKIP_VLCBUF_BYTES + 1; src_end = src + frame_len; zero_run = 0; for (; src < src_end; src++) { if (zero_run < 2) { if (*src == 0) ++zero_run; else zero_run = 0; } else { if ((*src & ~0x03) == 0) *dst++ = 0x03; zero_run = *src == 0; } *dst++ = *src; } vb2_set_plane_payload(&vb->vb.vb2_buf, 0, dst - (u8 *)vb2_plane_vaddr(&vb->vb.vb2_buf, 0)); vb->vb.vb2_buf.timestamp = frame->timestamp; v4l2_buf->field = V4L2_FIELD_INTERLACED; v4l2_buf->sequence = frame->seqno; if (frame->gop_seqno && tw5864_is_motion_triggered(frame)) { struct v4l2_event ev = { .type = V4L2_EVENT_MOTION_DET, .u.motion_det = { .flags = V4L2_EVENT_MD_FL_HAVE_FRAME_SEQ, .frame_sequence = v4l2_buf->sequence, }, }; v4l2_event_queue(&input->vdev, &ev); } vb2_buffer_done(&vb->vb.vb2_buf, VB2_BUF_STATE_DONE); }",visit repo url,drivers/media/pci/tw5864/tw5864-video.c,https://github.com/torvalds/linux,207235003288521,1 5956,CWE-276,"zfs_fastaccesschk_execute(znode_t *zdp, cred_t *cr) { boolean_t owner = B_FALSE; boolean_t groupmbr = B_FALSE; boolean_t is_attr; uid_t uid = crgetuid(cr); if (zdp->z_pflags & ZFS_AV_QUARANTINED) return (1); is_attr = ((zdp->z_pflags & ZFS_XATTR) && (ZTOV(zdp)->v_type == VDIR)); if (is_attr) return (1); if (zdp->z_pflags & ZFS_NO_EXECS_DENIED) return (0); mutex_enter(&zdp->z_acl_lock); if (FUID_INDEX(zdp->z_uid) != 0 || FUID_INDEX(zdp->z_gid) != 0) { goto out_slow; } if (uid == zdp->z_uid) { owner = B_TRUE; if (zdp->z_mode & S_IXUSR) { goto out; } else { goto out_slow; } } if (groupmember(zdp->z_gid, cr)) { groupmbr = B_TRUE; if (zdp->z_mode & S_IXGRP) { goto out; } else { goto out_slow; } } if (!owner && !groupmbr) { if (zdp->z_mode & S_IXOTH) { goto out; } } out: mutex_exit(&zdp->z_acl_lock); return (0); out_slow: mutex_exit(&zdp->z_acl_lock); return (1); }",visit repo url,module/os/freebsd/zfs/zfs_acl.c,https://github.com/openzfs/zfs,155536398488683,1 6421,CWE-20,"error_t lpc546xxEthInit(NetInterface *interface) { error_t error; TRACE_INFO(""Initializing LPC546xx Ethernet MAC...\r\n""); nicDriverInterface = interface; CLOCK_EnableClock(kCLOCK_Eth); RESET_PeripheralReset(kETH_RST_SHIFT_RSTn); lpc546xxEthInitGpio(interface); ENET->DMA_MODE |= ENET_DMA_MODE_SWR_MASK; while((ENET->DMA_MODE & ENET_DMA_MODE_SWR_MASK) != 0) { } ENET->MAC_MDIO_ADDR = ENET_MAC_MDIO_ADDR_CR(4); if(interface->phyDriver != NULL) { error = interface->phyDriver->init(interface); } else if(interface->switchDriver != NULL) { error = interface->switchDriver->init(interface); } else { error = ERROR_FAILURE; } if(error) { return error; } ENET->MAC_CONFIG = ENET_MAC_CONFIG_PS_MASK | ENET_MAC_CONFIG_DO_MASK; ENET->MAC_ADDR_LOW = interface->macAddr.w[0] | (interface->macAddr.w[1] << 16); ENET->MAC_ADDR_HIGH = interface->macAddr.w[2]; ENET->MAC_FRAME_FILTER = 0; ENET->MAC_TX_FLOW_CTRL_Q[0] = 0; ENET->MAC_RX_FLOW_CTRL = 0; ENET->MAC_RXQ_CTRL[0] = ENET_MAC_RXQ_CTRL_RXQ0EN(1); ENET->DMA_MODE = ENET_DMA_MODE_PR(0); ENET->DMA_SYSBUS_MODE |= ENET_DMA_SYSBUS_MODE_AAL_MASK; ENET->DMA_CH[0].DMA_CHX_CTRL = ENET_DMA_CH_DMA_CHX_CTRL_DSL(0); ENET->DMA_CH[0].DMA_CHX_TX_CTRL = ENET_DMA_CH_DMA_CHX_TX_CTRL_TxPBL(1); ENET->DMA_CH[0].DMA_CHX_RX_CTRL = ENET_DMA_CH_DMA_CHX_RX_CTRL_RxPBL(1) | ENET_DMA_CH_DMA_CHX_RX_CTRL_RBSZ(LPC546XX_ETH_RX_BUFFER_SIZE / 4); ENET->MTL_QUEUE[0].MTL_TXQX_OP_MODE |= ENET_MTL_QUEUE_MTL_TXQX_OP_MODE_TQS(7) | ENET_MTL_QUEUE_MTL_TXQX_OP_MODE_TXQEN(2) | ENET_MTL_QUEUE_MTL_TXQX_OP_MODE_TSF_MASK; ENET->MTL_QUEUE[0].MTL_RXQX_OP_MODE |= ENET_MTL_QUEUE_MTL_RXQX_OP_MODE_RQS(7) | ENET_MTL_QUEUE_MTL_RXQX_OP_MODE_RSF_MASK; lpc546xxEthInitDmaDesc(interface); ENET->MAC_INTR_EN = 0; ENET->DMA_CH[0].DMA_CHX_INT_EN = ENET_DMA_CH_DMA_CHX_INT_EN_NIE_MASK | ENET_DMA_CH_DMA_CHX_INT_EN_RIE_MASK | ENET_DMA_CH_DMA_CHX_INT_EN_TIE_MASK; NVIC_SetPriorityGrouping(LPC546XX_ETH_IRQ_PRIORITY_GROUPING); NVIC_SetPriority(ETHERNET_IRQn, NVIC_EncodePriority(LPC546XX_ETH_IRQ_PRIORITY_GROUPING, LPC546XX_ETH_IRQ_GROUP_PRIORITY, LPC546XX_ETH_IRQ_SUB_PRIORITY)); ENET->MAC_CONFIG |= ENET_MAC_CONFIG_TE_MASK | ENET_MAC_CONFIG_RE_MASK; ENET->DMA_CH[0].DMA_CHX_TX_CTRL |= ENET_DMA_CH_DMA_CHX_TX_CTRL_ST_MASK; ENET->DMA_CH[0].DMA_CHX_RX_CTRL |= ENET_DMA_CH_DMA_CHX_RX_CTRL_SR_MASK; osSetEvent(&interface->nicTxEvent); return NO_ERROR; }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,192583415489542,1 6742,CWE-125,"BZIP3_API s32 bz3_decode_block(struct bz3_state * state, u8 * buffer, s32 data_size, s32 orig_size) { u32 crc32 = read_neutral_s32(buffer); s32 bwt_idx = read_neutral_s32(buffer + 4); if (data_size > bz3_bound(state->block_size) || data_size < 0) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } if (bwt_idx == -1) { if (data_size - 8 > 64) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } memmove(buffer, buffer + 8, data_size - 8); if (crc32sum(1, buffer, data_size - 8) != crc32) { state->last_error = BZ3_ERR_CRC; return -1; } return data_size - 8; } s8 model = buffer[8]; s32 lzp_size = -1, rle_size = -1, p = 0; if (model & 2) lzp_size = read_neutral_s32(buffer + 9 + 4 * p++); if (model & 4) rle_size = read_neutral_s32(buffer + 9 + 4 * p++); p += 2; data_size -= p * 4 + 1; if (((model & 2) && (lzp_size > bz3_bound(state->block_size) || lzp_size < 0)) || ((model & 4) && (rle_size > bz3_bound(state->block_size) || rle_size < 0))) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } if (orig_size > bz3_bound(state->block_size) || orig_size < 0) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } u8 *b1 = buffer, *b2 = state->swap_buffer; begin(state->cm_state); state->cm_state->in_queue = b1 + p * 4 + 1; state->cm_state->input_ptr = 0; state->cm_state->input_max = data_size; s32 size_src; if (model & 2) size_src = lzp_size; else if (model & 4) size_src = rle_size; else size_src = orig_size; decode_bytes(state->cm_state, b2, size_src); swap(b1, b2); if (bwt_idx >= size_src) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } if (libsais_unbwt(b1, b2, state->sais_array, size_src, NULL, bwt_idx) < 0) { state->last_error = BZ3_ERR_BWT; return -1; } swap(b1, b2); if (model & 2) { size_src = lzp_decompress(b1, b2, lzp_size, bz3_bound(state->block_size), state->lzp_lut); if (size_src == -1) { state->last_error = BZ3_ERR_CRC; return -1; } swap(b1, b2); } if (model & 4) { mrled(b1, b2, orig_size); size_src = orig_size; swap(b1, b2); } state->last_error = BZ3_OK; if (size_src > bz3_bound(state->block_size) || size_src < 0) { state->last_error = BZ3_ERR_MALFORMED_HEADER; return -1; } if (b1 != buffer) memcpy(buffer, b1, size_src); if (crc32 != crc32sum(1, buffer, size_src)) { state->last_error = BZ3_ERR_CRC; return -1; } return size_src; }",visit repo url,src/libbz3.c,https://github.com/kspalaiologos/bzip3,40402909414344,1 1419,CWE-310,"static int crypto_pcomp_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_comp rpcomp; snprintf(rpcomp.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""pcomp""); if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, sizeof(struct crypto_report_comp), &rpcomp)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/pcompress.c,https://github.com/torvalds/linux,241462321392294,1 1810,[],"static void __aggregate_redistribute_shares(struct task_group *tg) { int i, max_cpu = smp_processor_id(); unsigned long rq_weight = 0; unsigned long shares, max_shares = 0, shares_rem = tg->shares; for_each_possible_cpu(i) rq_weight += tg->cfs_rq[i]->load.weight; for_each_possible_cpu(i) { shares = tg->shares * tg->cfs_rq[i]->load.weight; shares /= rq_weight + 1; tg->cfs_rq[i]->shares = shares; if (shares > max_shares) { max_shares = shares; max_cpu = i; } shares_rem -= shares; } if (shares_rem) tg->cfs_rq[max_cpu]->shares += shares_rem; }",linux-2.6,,,330169239925133858576203567042233343896,0 1359,['CWE-399'],"static void sit_destroy_tunnels(struct sit_net *sitn) { int prio; for (prio = 1; prio < 4; prio++) { int h; for (h = 0; h < HASH_SIZE; h++) { struct ip_tunnel *t; while ((t = sitn->tunnels[prio][h]) != NULL) unregister_netdevice(t->dev); } } }",linux-2.6,,,253843599597458813885796542319136689194,0 3005,CWE-119,"file_check_mem(struct magic_set *ms, unsigned int level) { size_t len; if (level >= ms->c.len) { len = (ms->c.len += 20) * sizeof(*ms->c.li); ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ? malloc(len) : realloc(ms->c.li, len)); if (ms->c.li == NULL) { file_oomem(ms, len); return -1; } } ms->c.li[level].got_match = 0; #ifdef ENABLE_CONDITIONALS ms->c.li[level].last_match = 0; ms->c.li[level].last_cond = COND_NONE; #endif return 0; }",visit repo url,src/funcs.c,https://github.com/file/file,74670589343834,1 895,['CWE-200'],"static int shmem_mkdir(struct inode *dir, struct dentry *dentry, int mode) { int error; if ((error = shmem_mknod(dir, dentry, mode | S_IFDIR, 0))) return error; inc_nlink(dir); return 0; }",linux-2.6,,,313316505396834698838343812434922889388,0 268,[],"static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) { struct i2c_rdwr_ioctl_data32 __user *udata = compat_ptr(arg); struct i2c_rdwr_aligned __user *tdata; struct i2c_msg __user *tmsgs; struct i2c_msg32 __user *umsgs; compat_caddr_t datap; int nmsgs, i; if (get_user(nmsgs, &udata->nmsgs)) return -EFAULT; if (nmsgs > I2C_RDRW_IOCTL_MAX_MSGS) return -EINVAL; if (get_user(datap, &udata->msgs)) return -EFAULT; umsgs = compat_ptr(datap); tdata = compat_alloc_user_space(sizeof(*tdata) + nmsgs * sizeof(struct i2c_msg)); tmsgs = &tdata->msgs[0]; if (put_user(nmsgs, &tdata->cmd.nmsgs) || put_user(tmsgs, &tdata->cmd.msgs)) return -EFAULT; for (i = 0; i < nmsgs; i++) { if (copy_in_user(&tmsgs[i].addr, &umsgs[i].addr, 3*sizeof(u16))) return -EFAULT; if (get_user(datap, &umsgs[i].buf) || put_user(compat_ptr(datap), &tmsgs[i].buf)) return -EFAULT; } return sys_ioctl(fd, cmd, (unsigned long)tdata); }",linux-2.6,,,161875751525477094554404351864606792878,0 1835,CWE-367,"int nfc_activate_target(struct nfc_dev *dev, u32 target_idx, u32 protocol) { int rc; struct nfc_target *target; pr_debug(""dev_name=%s target_idx=%u protocol=%u\n"", dev_name(&dev->dev), target_idx, protocol); device_lock(&dev->dev); if (!device_is_registered(&dev->dev)) { rc = -ENODEV; goto error; } if (dev->active_target) { rc = -EBUSY; goto error; } target = nfc_find_target(dev, target_idx); if (target == NULL) { rc = -ENOTCONN; goto error; } rc = dev->ops->activate_target(dev, target, protocol); if (!rc) { dev->active_target = target; dev->rf_mode = NFC_RF_INITIATOR; if (dev->ops->check_presence && !dev->shutting_down) mod_timer(&dev->check_pres_timer, jiffies + msecs_to_jiffies(NFC_CHECK_PRES_FREQ_MS)); } error: device_unlock(&dev->dev); return rc; }",visit repo url,net/nfc/core.c,https://github.com/torvalds/linux,98726822601402,1 5227,['CWE-264'],"bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata) { SMB_ACL_T file_acl = NULL; if (!num_acls) { return remove_posix_acl(conn, fsp, fname); } if ((file_acl = create_posix_acl_from_wire(conn, num_acls, pdata)) == NULL) { return False; } if (fsp && fsp->fh->fd != -1) { if (SMB_VFS_SYS_ACL_SET_FD(fsp, file_acl) == -1) { DEBUG(5,(""set_unix_posix_acl: acl_set_file failed on %s (%s)\n"", fname, strerror(errno) )); SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl); return False; } } else { if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, file_acl) == -1) { DEBUG(5,(""set_unix_posix_acl: acl_set_file failed on %s (%s)\n"", fname, strerror(errno) )); SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl); return False; } } DEBUG(10,(""set_unix_posix_acl: set acl for file %s\n"", fname )); SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl); return True; }",samba,,,332345834530930329354302888615995523555,0 1202,CWE-400,"int vis_emul(struct pt_regs *regs, unsigned int insn) { unsigned long pc = regs->tpc; unsigned int opf; BUG_ON(regs->tstate & TSTATE_PRIV); perf_sw_event(PERF_COUNT_SW_EMULATION_FAULTS, 1, 0, regs, 0); if (test_thread_flag(TIF_32BIT)) pc = (u32)pc; if (get_user(insn, (u32 __user *) pc)) return -EFAULT; save_and_clear_fpu(); opf = (insn & VIS_OPF_MASK) >> VIS_OPF_SHIFT; switch (opf) { default: return -EINVAL; case FPACK16_OPF: case FPACK32_OPF: case FPACKFIX_OPF: case FEXPAND_OPF: case FPMERGE_OPF: pformat(regs, insn, opf); break; case FMUL8x16_OPF: case FMUL8x16AU_OPF: case FMUL8x16AL_OPF: case FMUL8SUx16_OPF: case FMUL8ULx16_OPF: case FMULD8SUx16_OPF: case FMULD8ULx16_OPF: pmul(regs, insn, opf); break; case FCMPGT16_OPF: case FCMPGT32_OPF: case FCMPLE16_OPF: case FCMPLE32_OPF: case FCMPNE16_OPF: case FCMPNE32_OPF: case FCMPEQ16_OPF: case FCMPEQ32_OPF: pcmp(regs, insn, opf); break; case EDGE8_OPF: case EDGE8N_OPF: case EDGE8L_OPF: case EDGE8LN_OPF: case EDGE16_OPF: case EDGE16N_OPF: case EDGE16L_OPF: case EDGE16LN_OPF: case EDGE32_OPF: case EDGE32N_OPF: case EDGE32L_OPF: case EDGE32LN_OPF: edge(regs, insn, opf); break; case PDIST_OPF: pdist(regs, insn); break; case ARRAY8_OPF: case ARRAY16_OPF: case ARRAY32_OPF: array(regs, insn, opf); break; case BMASK_OPF: bmask(regs, insn); break; case BSHUFFLE_OPF: bshuffle(regs, insn); break; } regs->tpc = regs->tnpc; regs->tnpc += 4; return 0; }",visit repo url,arch/sparc/kernel/visemul.c,https://github.com/torvalds/linux,240189918607332,1 6247,CWE-190,"void md_map_sh512(uint8_t *hash, const uint8_t *msg, int len) { SHA512Context ctx; if (SHA512Reset(&ctx) != shaSuccess) { RLC_THROW(ERR_NO_VALID); return; } if (SHA512Input(&ctx, msg, len) != shaSuccess) { RLC_THROW(ERR_NO_VALID); return; } if (SHA512Result(&ctx, hash) != shaSuccess) { RLC_THROW(ERR_NO_VALID); return; } }",visit repo url,src/md/relic_md_sha512.c,https://github.com/relic-toolkit/relic,220692292553793,1 4670,['CWE-399'],"static void ext4_da_page_release_reservation(struct page *page, unsigned long offset) { int to_release = 0; struct buffer_head *head, *bh; unsigned int curr_off = 0; head = page_buffers(page); bh = head; do { unsigned int next_off = curr_off + bh->b_size; if ((offset <= curr_off) && (buffer_delay(bh))) { to_release++; clear_buffer_delay(bh); } curr_off = next_off; } while ((bh = bh->b_this_page) != head); ext4_da_release_space(page->mapping->host, to_release); }",linux-2.6,,,34636291986542838760771994495111033703,0 5934,CWE-120,"static Jsi_RC NumberToPrecisionCmd(Jsi_Interp *interp, Jsi_Value *args, Jsi_Value *_this, Jsi_Value **ret, Jsi_Func *funcPtr) { char buf[100]; int prec = 0, skip = 0; Jsi_Number num; Jsi_Value *v; ChkStringN(_this, funcPtr, v); if (Jsi_GetIntFromValue(interp, Jsi_ValueArrayIndex(interp, args, skip), &prec) != JSI_OK) return JSI_ERROR; if (prec<=0) return JSI_ERROR; Jsi_GetDoubleFromValue(interp, v, &num); snprintf(buf, sizeof(buf),""%.*"" JSI_NUMFFMT, prec, num); if (num<0) prec++; buf[prec+1] = 0; if (buf[prec] == '.') buf[prec] = 0; Jsi_ValueMakeStringDup(interp, ret, buf); return JSI_OK; }",visit repo url,src/jsiNumber.c,https://github.com/pcmacdon/jsish,220995347805575,1 1346,CWE-399,"int __kvm_set_memory_region(struct kvm *kvm, struct kvm_userspace_memory_region *mem, int user_alloc) { int r; gfn_t base_gfn; unsigned long npages; unsigned long i; struct kvm_memory_slot *memslot; struct kvm_memory_slot old, new; struct kvm_memslots *slots, *old_memslots; r = check_memory_region_flags(mem); if (r) goto out; r = -EINVAL; if (mem->memory_size & (PAGE_SIZE - 1)) goto out; if (mem->guest_phys_addr & (PAGE_SIZE - 1)) goto out; if (user_alloc && ((mem->userspace_addr & (PAGE_SIZE - 1)) || !access_ok(VERIFY_WRITE, (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; if (mem->slot >= KVM_MEM_SLOTS_NUM) goto out; if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr) goto out; memslot = id_to_memslot(kvm->memslots, mem->slot); base_gfn = mem->guest_phys_addr >> PAGE_SHIFT; npages = mem->memory_size >> PAGE_SHIFT; r = -EINVAL; if (npages > KVM_MEM_MAX_NR_PAGES) goto out; if (!npages) mem->flags &= ~KVM_MEM_LOG_DIRTY_PAGES; new = old = *memslot; new.id = mem->slot; new.base_gfn = base_gfn; new.npages = npages; new.flags = mem->flags; r = -EINVAL; if (npages && old.npages && npages != old.npages) goto out_free; r = -EEXIST; for (i = 0; i < KVM_MEMORY_SLOTS; ++i) { struct kvm_memory_slot *s = &kvm->memslots->memslots[i]; if (s == memslot || !s->npages) continue; if (!((base_gfn + npages <= s->base_gfn) || (base_gfn >= s->base_gfn + s->npages))) goto out_free; } if (!(new.flags & KVM_MEM_LOG_DIRTY_PAGES)) new.dirty_bitmap = NULL; r = -ENOMEM; if (npages && !old.npages) { new.user_alloc = user_alloc; new.userspace_addr = mem->userspace_addr; if (kvm_arch_create_memslot(&new, npages)) goto out_free; } if ((new.flags & KVM_MEM_LOG_DIRTY_PAGES) && !new.dirty_bitmap) { if (kvm_create_dirty_bitmap(&new) < 0) goto out_free; } if (!npages) { struct kvm_memory_slot *slot; r = -ENOMEM; slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots), GFP_KERNEL); if (!slots) goto out_free; slot = id_to_memslot(slots, mem->slot); slot->flags |= KVM_MEMSLOT_INVALID; update_memslots(slots, NULL); old_memslots = kvm->memslots; rcu_assign_pointer(kvm->memslots, slots); synchronize_srcu_expedited(&kvm->srcu); kvm_arch_flush_shadow_memslot(kvm, slot); kfree(old_memslots); } r = kvm_arch_prepare_memory_region(kvm, &new, old, mem, user_alloc); if (r) goto out_free; if (npages) { r = kvm_iommu_map_pages(kvm, &new); if (r) goto out_free; } else kvm_iommu_unmap_pages(kvm, &old); r = -ENOMEM; slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots), GFP_KERNEL); if (!slots) goto out_free; if (!npages) { new.dirty_bitmap = NULL; memset(&new.arch, 0, sizeof(new.arch)); } update_memslots(slots, &new); old_memslots = kvm->memslots; rcu_assign_pointer(kvm->memslots, slots); synchronize_srcu_expedited(&kvm->srcu); kvm_arch_commit_memory_region(kvm, mem, old, user_alloc); if (npages && old.base_gfn != mem->guest_phys_addr >> PAGE_SHIFT) kvm_arch_flush_shadow_all(kvm); kvm_free_physmem_slot(&old, &new); kfree(old_memslots); return 0; out_free: kvm_free_physmem_slot(&new, &old); out: return r; }",visit repo url,virt/kvm/kvm_main.c,https://github.com/torvalds/linux,201789003440719,1 4611,CWE-190,"static s32 gf_hevc_read_pps_bs_internal(GF_BitStream *bs, HEVCState *hevc) { u32 i; s32 pps_id; HEVC_PPS *pps; pps_id = gf_bs_read_ue_log(bs, ""pps_id""); if ((pps_id < 0) || (pps_id >= 64)) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] wrong PPS ID %d in PPS\n"", pps_id)); return -1; } pps = &hevc->pps[pps_id]; if (!pps->state) { pps->id = pps_id; pps->state = 1; } pps->sps_id = gf_bs_read_ue_log(bs, ""sps_id""); if (pps->sps_id >= 16) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[HEVC] wrong SPS ID %d in PPS\n"", pps->sps_id)); pps->sps_id=0; return -1; } hevc->sps_active_idx = pps->sps_id; pps->dependent_slice_segments_enabled_flag = gf_bs_read_int_log(bs, 1, ""dependent_slice_segments_enabled_flag""); pps->output_flag_present_flag = gf_bs_read_int_log(bs, 1, ""output_flag_present_flag""); pps->num_extra_slice_header_bits = gf_bs_read_int_log(bs, 3, ""num_extra_slice_header_bits""); pps->sign_data_hiding_flag = gf_bs_read_int_log(bs, 1, ""sign_data_hiding_flag""); pps->cabac_init_present_flag = gf_bs_read_int_log(bs, 1, ""cabac_init_present_flag""); pps->num_ref_idx_l0_default_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l0_default_active""); pps->num_ref_idx_l1_default_active = 1 + gf_bs_read_ue_log(bs, ""num_ref_idx_l1_default_active""); pps->pic_init_qp_minus26 = gf_bs_read_se_log(bs, ""pic_init_qp_minus26""); pps->constrained_intra_pred_flag = gf_bs_read_int_log(bs, 1, ""constrained_intra_pred_flag""); pps->transform_skip_enabled_flag = gf_bs_read_int_log(bs, 1, ""transform_skip_enabled_flag""); if ((pps->cu_qp_delta_enabled_flag = gf_bs_read_int_log(bs, 1, ""cu_qp_delta_enabled_flag""))) pps->diff_cu_qp_delta_depth = gf_bs_read_ue_log(bs, ""diff_cu_qp_delta_depth""); pps->pic_cb_qp_offset = gf_bs_read_se_log(bs, ""pic_cb_qp_offset""); pps->pic_cr_qp_offset = gf_bs_read_se_log(bs, ""pic_cr_qp_offset""); pps->slice_chroma_qp_offsets_present_flag = gf_bs_read_int_log(bs, 1, ""slice_chroma_qp_offsets_present_flag""); pps->weighted_pred_flag = gf_bs_read_int_log(bs, 1, ""weighted_pred_flag""); pps->weighted_bipred_flag = gf_bs_read_int_log(bs, 1, ""weighted_bipred_flag""); pps->transquant_bypass_enable_flag = gf_bs_read_int_log(bs, 1, ""transquant_bypass_enable_flag""); pps->tiles_enabled_flag = gf_bs_read_int_log(bs, 1, ""tiles_enabled_flag""); pps->entropy_coding_sync_enabled_flag = gf_bs_read_int_log(bs, 1, ""entropy_coding_sync_enabled_flag""); if (pps->tiles_enabled_flag) { pps->num_tile_columns = 1 + gf_bs_read_ue_log(bs, ""num_tile_columns_minus1""); pps->num_tile_rows = 1 + gf_bs_read_ue_log(bs, ""num_tile_rows_minus1""); pps->uniform_spacing_flag = gf_bs_read_int_log(bs, 1, ""uniform_spacing_flag""); if (!pps->uniform_spacing_flag) { for (i = 0; i < pps->num_tile_columns - 1; i++) { pps->column_width[i] = 1 + gf_bs_read_ue_log_idx(bs, ""column_width_minus1"", i); } for (i = 0; i < pps->num_tile_rows - 1; i++) { pps->row_height[i] = 1 + gf_bs_read_ue_log_idx(bs, ""row_height_minus1"", i); } } pps->loop_filter_across_tiles_enabled_flag = gf_bs_read_int_log(bs, 1, ""loop_filter_across_tiles_enabled_flag""); } pps->loop_filter_across_slices_enabled_flag = gf_bs_read_int_log(bs, 1, ""loop_filter_across_slices_enabled_flag""); if ((pps->deblocking_filter_control_present_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_control_present_flag""))) { pps->deblocking_filter_override_enabled_flag = gf_bs_read_int_log(bs, 1, ""deblocking_filter_override_enabled_flag""); if (! (pps->pic_disable_deblocking_filter_flag = gf_bs_read_int_log(bs, 1, ""pic_disable_deblocking_filter_flag""))) { pps->beta_offset_div2 = gf_bs_read_se_log(bs, ""beta_offset_div2""); pps->tc_offset_div2 = gf_bs_read_se_log(bs, ""tc_offset_div2""); } } if ((pps->pic_scaling_list_data_present_flag = gf_bs_read_int_log(bs, 1, ""pic_scaling_list_data_present_flag""))) { hevc_scaling_list_data(bs); } pps->lists_modification_present_flag = gf_bs_read_int_log(bs, 1, ""lists_modification_present_flag""); pps->log2_parallel_merge_level_minus2 = gf_bs_read_ue_log(bs, ""log2_parallel_merge_level_minus2""); pps->slice_segment_header_extension_present_flag = gf_bs_read_int_log(bs, 1, ""slice_segment_header_extension_present_flag""); if (gf_bs_read_int_log(bs, 1, ""pps_extension_flag"")) { #if 0 while (gf_bs_available(bs)) { gf_bs_read_int(bs, 1); } #endif } return pps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,258780298581047,1 6422,['CWE-190'],"add_merged_image (const gint32 image_id, PSDimage *img_a, FILE *f, GError **error) { PSDchannel chn_a[MAX_CHANNELS]; gchar *alpha_name; guchar *pixels; guint16 comp_mode; guint16 base_channels; guint16 extra_channels; guint16 total_channels; guint16 *rle_pack_len[MAX_CHANNELS]; guint32 block_len; guint32 block_start; guint32 block_end; guint32 alpha_id; gint32 layer_size; gint32 layer_id = -1; gint32 channel_id = -1; gint32 active_layer; gint16 alpha_opacity; gint *lyr_lst; gint cidx; gint rowi; gint lyr_count; gint offset; gint i; gboolean alpha_visible; GimpDrawable *drawable; GimpPixelRgn pixel_rgn; GimpImageType image_type; GimpRGB alpha_rgb; total_channels = img_a->channels; extra_channels = 0; if ((img_a->color_mode == PSD_BITMAP || img_a->color_mode == PSD_GRAYSCALE || img_a->color_mode == PSD_DUOTONE || img_a->color_mode == PSD_INDEXED) && total_channels > 1) { extra_channels = total_channels - 1; } else if ((img_a->color_mode == PSD_RGB || img_a->color_mode == PSD_LAB) && total_channels > 3) { extra_channels = total_channels - 3; } else if ((img_a->color_mode == PSD_CMYK) && total_channels > 4) { extra_channels = total_channels - 4; } if (img_a->transparency && extra_channels > 0) extra_channels--; base_channels = total_channels - extra_channels; if (img_a->num_layers == 0 || extra_channels > 0) { block_start = img_a->merged_image_start; block_len = img_a->merged_image_len; block_end = block_start + block_len; fseek (f, block_start, SEEK_SET); if (fread (&comp_mode, COMP_MODE_SIZE, 1, f) < 1) { psd_set_error (feof (f), errno, error); return -1; } comp_mode = GUINT16_FROM_BE (comp_mode); switch (comp_mode) { case PSD_COMP_RAW: IFDBG(3) g_debug (""Raw data length: %d"", block_len); for (cidx = 0; cidx < total_channels; ++cidx) { chn_a[cidx].columns = img_a->columns; chn_a[cidx].rows = img_a->rows; if (read_channel_data (&chn_a[cidx], img_a->bps, PSD_COMP_RAW, NULL, f, error) < 1) return -1; } break; case PSD_COMP_RLE: IFDBG(3) g_debug (""RLE length data: %d, RLE data block: %d"", total_channels * img_a->rows * 2, block_len - (total_channels * img_a->rows * 2)); for (cidx = 0; cidx < total_channels; ++cidx) { chn_a[cidx].columns = img_a->columns; chn_a[cidx].rows = img_a->rows; rle_pack_len[cidx] = g_malloc (img_a->rows * 2); for (rowi = 0; rowi < img_a->rows; ++rowi) { if (fread (&rle_pack_len[cidx][rowi], 2, 1, f) < 1) { psd_set_error (feof (f), errno, error); return -1; } rle_pack_len[cidx][rowi] = GUINT16_FROM_BE (rle_pack_len[cidx][rowi]); } } IFDBG(3) g_debug (""RLE decode - data""); for (cidx = 0; cidx < total_channels; ++cidx) { if (read_channel_data (&chn_a[cidx], img_a->bps, PSD_COMP_RLE, rle_pack_len[cidx], f, error) < 1) return -1; g_free (rle_pack_len[cidx]); } break; case PSD_COMP_ZIP: case PSD_COMP_ZIP_PRED: g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _(""Unsupported compression mode: %d""), comp_mode); return -1; break; } } if (img_a->num_layers == 0) { image_type = get_gimp_image_type (img_a->base_type, img_a->transparency); layer_size = img_a->columns * img_a->rows; pixels = g_malloc (layer_size * base_channels); for (cidx = 0; cidx < base_channels; ++cidx) { for (i = 0; i < layer_size; ++i) { pixels[(i * base_channels) + cidx] = chn_a[cidx].data[i]; } g_free (chn_a[cidx].data); } IFDBG(2) g_debug (""Draw merged image""); layer_id = gimp_layer_new (image_id, _(""Background""), img_a->columns, img_a->rows, image_type, 100, GIMP_NORMAL_MODE); gimp_image_add_layer (image_id, layer_id, 0); drawable = gimp_drawable_get (layer_id); gimp_pixel_rgn_init (&pixel_rgn, drawable, 0, 0, drawable->width, drawable->height, TRUE, FALSE); gimp_pixel_rgn_set_rect (&pixel_rgn, pixels, 0, 0, drawable->width, drawable->height); gimp_drawable_flush (drawable); gimp_drawable_detach (drawable); g_free (pixels); } else { if (extra_channels) for (cidx = 0; cidx < base_channels; ++cidx) g_free (chn_a[cidx].data); } if ((extra_channels || img_a->transparency) && image_id > -1) { IFDBG(2) g_debug (""Add extra channels""); pixels = g_malloc(0); if (img_a->transparency) { offset = 1; if (img_a->alpha_names) { alpha_name = g_ptr_array_index (img_a->alpha_names, 0); if (alpha_name) g_free (alpha_name); } } else offset = 0; IFDBG(2) g_debug (""Number of channels: %d"", extra_channels); for (i = 0; i < extra_channels; ++i) { alpha_name = NULL; alpha_visible = FALSE; if (img_a->quick_mask_id) if (i == img_a->quick_mask_id - base_channels + offset) { alpha_name = g_ptr_array_index (img_a->alpha_names, i + offset); if (alpha_name) g_free (alpha_name); alpha_name = g_strdup (GIMP_IMAGE_QUICK_MASK_NAME); alpha_visible = TRUE; } if (! alpha_name && img_a->alpha_names) if (offset < img_a->alpha_names->len && i + offset <= img_a->alpha_names->len) alpha_name = g_ptr_array_index (img_a->alpha_names, i + offset); if (! alpha_name) alpha_name = g_strdup (_(""Extra"")); if (offset < img_a->alpha_id_count && offset + i <= img_a->alpha_id_count) alpha_id = img_a->alpha_id[i + offset]; else alpha_id = 0; if (offset < img_a->alpha_display_count && i + offset <= img_a->alpha_display_count) { alpha_rgb = img_a->alpha_display_info[i + offset]->gimp_color; alpha_opacity = img_a->alpha_display_info[i + offset]->opacity; } else { gimp_rgba_set (&alpha_rgb, 1.0, 0.0, 0.0, 1.0); alpha_opacity = 50; } cidx = base_channels + i; pixels = g_realloc (pixels, chn_a[cidx].columns * chn_a[cidx].rows); memcpy (pixels, chn_a[cidx].data, chn_a[cidx].columns * chn_a[cidx].rows); channel_id = gimp_channel_new (image_id, alpha_name, chn_a[cidx].columns, chn_a[cidx].rows, alpha_opacity, &alpha_rgb); gimp_image_add_channel (image_id, channel_id, 0); g_free (alpha_name); drawable = gimp_drawable_get (channel_id); if (alpha_id) gimp_drawable_set_tattoo (drawable->drawable_id, alpha_id); gimp_drawable_set_visible (drawable->drawable_id, alpha_visible); gimp_pixel_rgn_init (&pixel_rgn, drawable, 0, 0, drawable->width, drawable->height, TRUE, FALSE); gimp_pixel_rgn_set_rect (&pixel_rgn, pixels, 0, 0, drawable->width, drawable->height); gimp_drawable_flush (drawable); gimp_drawable_detach (drawable); g_free (chn_a[cidx].data); } g_free (pixels); if (img_a->alpha_names) g_ptr_array_free (img_a->alpha_names, TRUE); if (img_a->alpha_id) g_free (img_a->alpha_id); if (img_a->alpha_display_info) { for (cidx = 0; cidx < img_a->alpha_display_count; ++cidx) g_free (img_a->alpha_display_info[cidx]); g_free (img_a->alpha_display_info); } } lyr_lst = gimp_image_get_layers (image_id, &lyr_count); if (img_a->layer_state + 1 > lyr_count || img_a->layer_state + 1 < 0) img_a->layer_state = 0; active_layer = lyr_lst[lyr_count - img_a->layer_state - 1]; gimp_image_set_active_layer (image_id, active_layer); g_free (lyr_lst); return 0; }",gimp,,,37297796757755614173332835859200523882,0 4176,['CWE-399'],"uint32_t avahi_server_get_local_service_cookie(AvahiServer *s) { assert(s); return s->local_service_cookie; }",avahi,,,179845186113388842730877347254745255942,0 982,NVD-CWE-Other,"static int snd_compress_check_input(struct snd_compr_params *params) { if (params->buffer.fragment_size == 0 || params->buffer.fragments > SIZE_MAX / params->buffer.fragment_size) return -EINVAL; if (params->codec.id == 0 || params->codec.id > SND_AUDIOCODEC_MAX) return -EINVAL; if (params->codec.ch_in == 0 || params->codec.ch_out == 0) return -EINVAL; return 0; }",visit repo url,sound/core/compress_offload.c,https://github.com/torvalds/linux,100683014159015,1 1199,['CWE-189'],"static void migrate_hrtimer_list(struct hrtimer_clock_base *old_base, struct hrtimer_clock_base *new_base) { struct hrtimer *timer; struct rb_node *node; while ((node = rb_first(&old_base->active))) { timer = rb_entry(node, struct hrtimer, node); BUG_ON(hrtimer_callback_running(timer)); __remove_hrtimer(timer, old_base, HRTIMER_STATE_INACTIVE, 0); timer->base = new_base; enqueue_hrtimer(timer, new_base, 1); } }",linux-2.6,,,198574703470557751232584795807442004428,0 3134,['CWE-189'],"static int jas_iccattrtab_resize(jas_iccattrtab_t *tab, int maxents) { jas_iccattr_t *newattrs; assert(maxents >= tab->numattrs); newattrs = tab->attrs ? jas_realloc2(tab->attrs, maxents, sizeof(jas_iccattr_t)) : jas_alloc2(maxents, sizeof(jas_iccattr_t)); if (!newattrs) return -1; tab->attrs = newattrs; tab->maxattrs = maxents; return 0; }",jasper,,,303100678842000298155135009175864370827,0 3129,['CWE-189'],"void jpc_streamlist_destroy(jpc_streamlist_t *streamlist) { int streamno; if (streamlist->streams) { for (streamno = 0; streamno < streamlist->numstreams; ++streamno) { jas_stream_close(streamlist->streams[streamno]); } jas_free(streamlist->streams); } jas_free(streamlist); }",jasper,,,135848256806953539015913346429336176434,0 475,[],"pfm_free_fd(int fd, struct file *file) { struct files_struct *files = current->files; struct fdtable *fdt; spin_lock(&files->file_lock); fdt = files_fdtable(files); rcu_assign_pointer(fdt->fd[fd], NULL); spin_unlock(&files->file_lock); if (file) put_filp(file); put_unused_fd(fd); }",linux-2.6,,,254850205251905504733276861251723448786,0 5778,CWE-125,"snmp_api_set_oid(snmp_varbind_t *varbind, uint32_t *oid, uint32_t *ret_oid) { snmp_api_replace_oid(varbind, oid); varbind->value_type = BER_DATA_TYPE_OID; varbind->value.oid = ret_oid; }",visit repo url,os/net/app-layer/snmp/snmp-api.c,https://github.com/contiki-ng/contiki-ng,175381246061729,1 1975,['CWE-20'],"static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long addr, unsigned long end, pte_fn_t fn, void *data) { pud_t *pud; unsigned long next; int err; pud = pud_alloc(mm, pgd, addr); if (!pud) return -ENOMEM; do { next = pud_addr_end(addr, end); err = apply_to_pmd_range(mm, pud, addr, next, fn, data); if (err) break; } while (pud++, addr = next, addr != end); return err; }",linux-2.6,,,226176852310180356518317439243644433533,0 6459,[],"loader_init (lt_get_vtable *vtable_func, lt_user_data data) { const lt_dlvtable *vtable = 0; int errors = 0; if (vtable_func) { vtable = (*vtable_func) (data); } errors += lt_dlloader_add (vtable); assert (errors || vtable); if ((!errors) && vtable->dlloader_init) { if ((*vtable->dlloader_init) (vtable->dlloader_data)) { LT__SETERROR (INIT_LOADER); ++errors; } } return errors; }",libtool,,,293867594949208604727059301675722938448,0 4993,['CWE-346'],"struct udev_monitor *udev_monitor_ref(struct udev_monitor *udev_monitor) { if (udev_monitor == NULL) return NULL; udev_monitor->refcount++; return udev_monitor; }",udev,,,819007357148723714025863329378935047,0 2014,CWE-362,"static int set_evtchn_to_irq(evtchn_port_t evtchn, unsigned int irq) { unsigned row; unsigned col; if (evtchn >= xen_evtchn_max_channels()) return -EINVAL; row = EVTCHN_ROW(evtchn); col = EVTCHN_COL(evtchn); if (evtchn_to_irq[row] == NULL) { if (irq == -1) return 0; evtchn_to_irq[row] = (int *)get_zeroed_page(GFP_KERNEL); if (evtchn_to_irq[row] == NULL) return -ENOMEM; clear_evtchn_to_irq_row(row); } evtchn_to_irq[row][col] = irq; return 0; }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,106482848074728,1 2644,CWE-125,"PHP_FUNCTION(locale_get_display_name) { get_icu_disp_value_src_php( DISP_NAME , INTERNAL_FUNCTION_PARAM_PASSTHRU ); }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,206834974046103,1 3573,CWE-20,"static int jpc_enc_encodemainhdr(jpc_enc_t *enc) { jpc_siz_t *siz; jpc_cod_t *cod; jpc_qcd_t *qcd; int i; long startoff; long mainhdrlen; jpc_enc_cp_t *cp; jpc_qcc_t *qcc; jpc_enc_tccp_t *tccp; uint_fast16_t cmptno; jpc_tsfb_band_t bandinfos[JPC_MAXBANDS]; jpc_fix_t mctsynweight; jpc_enc_tcp_t *tcp; jpc_tsfb_t *tsfb; jpc_tsfb_band_t *bandinfo; uint_fast16_t numbands; uint_fast16_t bandno; uint_fast16_t rlvlno; uint_fast16_t analgain; jpc_fix_t absstepsize; char buf[1024]; jpc_com_t *com; cp = enc->cp; startoff = jas_stream_getrwcount(enc->out); if (!(enc->mrk = jpc_ms_create(JPC_MS_SOC))) { return -1; } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write SOC marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (!(enc->mrk = jpc_ms_create(JPC_MS_SIZ))) { return -1; } siz = &enc->mrk->parms.siz; siz->caps = 0; siz->xoff = cp->imgareatlx; siz->yoff = cp->imgareatly; siz->width = cp->refgrdwidth; siz->height = cp->refgrdheight; siz->tilexoff = cp->tilegrdoffx; siz->tileyoff = cp->tilegrdoffy; siz->tilewidth = cp->tilewidth; siz->tileheight = cp->tileheight; siz->numcomps = cp->numcmpts; siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)); assert(siz->comps); for (i = 0; i < JAS_CAST(int, cp->numcmpts); ++i) { siz->comps[i].prec = cp->ccps[i].prec; siz->comps[i].sgnd = cp->ccps[i].sgnd; siz->comps[i].hsamp = cp->ccps[i].sampgrdstepx; siz->comps[i].vsamp = cp->ccps[i].sampgrdstepy; } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write SIZ marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (!(enc->mrk = jpc_ms_create(JPC_MS_COM))) { return -1; } sprintf(buf, ""Creator: JasPer Version %s"", jas_getversion()); com = &enc->mrk->parms.com; com->len = JAS_CAST(uint_fast16_t, strlen(buf)); com->regid = JPC_COM_LATIN; if (!(com->data = JAS_CAST(uchar *, jas_strdup(buf)))) { abort(); } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write COM marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; #if 0 if (!(enc->mrk = jpc_ms_create(JPC_MS_CRG))) { return -1; } crg = &enc->mrk->parms.crg; crg->comps = jas_alloc2(crg->numcomps, sizeof(jpc_crgcomp_t)); if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write CRG marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; #endif tcp = &cp->tcp; tccp = &cp->tccp; for (cmptno = 0; cmptno < cp->numcmpts; ++cmptno) { tsfb = jpc_cod_gettsfb(tccp->qmfbid, tccp->maxrlvls - 1); jpc_tsfb_getbands(tsfb, 0, 0, 1 << tccp->maxrlvls, 1 << tccp->maxrlvls, bandinfos); jpc_tsfb_destroy(tsfb); mctsynweight = jpc_mct_getsynweight(tcp->mctid, cmptno); numbands = 3 * tccp->maxrlvls - 2; for (bandno = 0, bandinfo = bandinfos; bandno < numbands; ++bandno, ++bandinfo) { rlvlno = (bandno) ? ((bandno - 1) / 3 + 1) : 0; analgain = JPC_NOMINALGAIN(tccp->qmfbid, tccp->maxrlvls, rlvlno, bandinfo->orient); if (!tcp->intmode) { absstepsize = jpc_fix_div(jpc_inttofix(1 << (analgain + 1)), bandinfo->synenergywt); } else { absstepsize = jpc_inttofix(1); } cp->ccps[cmptno].stepsizes[bandno] = jpc_abstorelstepsize(absstepsize, cp->ccps[cmptno].prec + analgain); } cp->ccps[cmptno].numstepsizes = numbands; } if (!(enc->mrk = jpc_ms_create(JPC_MS_COD))) { return -1; } cod = &enc->mrk->parms.cod; cod->csty = cp->tccp.csty | cp->tcp.csty; cod->compparms.csty = cp->tccp.csty | cp->tcp.csty; cod->compparms.numdlvls = cp->tccp.maxrlvls - 1; cod->compparms.numrlvls = cp->tccp.maxrlvls; cod->prg = cp->tcp.prg; cod->numlyrs = cp->tcp.numlyrs; cod->compparms.cblkwidthval = JPC_COX_CBLKSIZEEXPN(cp->tccp.cblkwidthexpn); cod->compparms.cblkheightval = JPC_COX_CBLKSIZEEXPN(cp->tccp.cblkheightexpn); cod->compparms.cblksty = cp->tccp.cblksty; cod->compparms.qmfbid = cp->tccp.qmfbid; cod->mctrans = (cp->tcp.mctid != JPC_MCT_NONE); if (tccp->csty & JPC_COX_PRT) { for (rlvlno = 0; rlvlno < tccp->maxrlvls; ++rlvlno) { cod->compparms.rlvls[rlvlno].parwidthval = tccp->prcwidthexpns[rlvlno]; cod->compparms.rlvls[rlvlno].parheightval = tccp->prcheightexpns[rlvlno]; } } if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf(""cannot write COD marker\n""); return -1; } jpc_ms_destroy(enc->mrk); enc->mrk = 0; if (!(enc->mrk = jpc_ms_create(JPC_MS_QCD))) { return -1; } qcd = &enc->mrk->parms.qcd; qcd->compparms.qntsty = (tccp->qmfbid == JPC_COX_INS) ? JPC_QCX_SEQNT : JPC_QCX_NOQNT; qcd->compparms.numstepsizes = cp->ccps[0].numstepsizes; qcd->compparms.numguard = cp->tccp.numgbits; qcd->compparms.stepsizes = cp->ccps[0].stepsizes; if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { return -1; } qcd->compparms.stepsizes = 0; jpc_ms_destroy(enc->mrk); enc->mrk = 0; tccp = &cp->tccp; for (cmptno = 1; cmptno < cp->numcmpts; ++cmptno) { if (!(enc->mrk = jpc_ms_create(JPC_MS_QCC))) { return -1; } qcc = &enc->mrk->parms.qcc; qcc->compno = cmptno; qcc->compparms.qntsty = (tccp->qmfbid == JPC_COX_INS) ? JPC_QCX_SEQNT : JPC_QCX_NOQNT; qcc->compparms.numstepsizes = cp->ccps[cmptno].numstepsizes; qcc->compparms.numguard = cp->tccp.numgbits; qcc->compparms.stepsizes = cp->ccps[cmptno].stepsizes; if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { return -1; } qcc->compparms.stepsizes = 0; jpc_ms_destroy(enc->mrk); enc->mrk = 0; } #define MAINTLRLEN 2 mainhdrlen = jas_stream_getrwcount(enc->out) - startoff; enc->len += mainhdrlen; if (enc->cp->totalsize != UINT_FAST32_MAX) { uint_fast32_t overhead; overhead = mainhdrlen + MAINTLRLEN; enc->mainbodysize = (enc->cp->totalsize >= overhead) ? (enc->cp->totalsize - overhead) : 0; } else { enc->mainbodysize = UINT_FAST32_MAX; } return 0; }",visit repo url,src/libjasper/jpc/jpc_enc.c,https://github.com/mdadams/jasper,59504939398017,1 4846,CWE-119,"static int read_private_key(RSA *rsa) { int r; sc_path_t path; sc_file_t *file; const sc_acl_entry_t *e; u8 buf[2048], *p = buf; size_t bufsize, keysize; r = select_app_df(); if (r) return 1; sc_format_path(""I0012"", &path); r = sc_select_file(card, &path, &file); if (r) { fprintf(stderr, ""Unable to select private key file: %s\n"", sc_strerror(r)); return 2; } e = sc_file_get_acl_entry(file, SC_AC_OP_READ); if (e == NULL || e->method == SC_AC_NEVER) return 10; bufsize = file->size; sc_file_free(file); r = sc_read_binary(card, 0, buf, bufsize, 0); if (r < 0) { fprintf(stderr, ""Unable to read private key file: %s\n"", sc_strerror(r)); return 2; } bufsize = r; do { if (bufsize < 4) return 3; keysize = (p[0] << 8) | p[1]; if (keysize == 0) break; if (keysize < 3) return 3; if (p[2] == opt_key_num) break; p += keysize; bufsize -= keysize; } while (1); if (keysize == 0) { printf(""Key number %d not found.\n"", opt_key_num); return 2; } return parse_private_key(p, keysize, rsa); }",visit repo url,src/tools/cryptoflex-tool.c,https://github.com/OpenSC/OpenSC,178422530736789,1 2954,['CWE-189'],"jpc_pchglist_t *jpc_pchglist_create() { jpc_pchglist_t *pchglist; if (!(pchglist = jas_malloc(sizeof(jpc_pchglist_t)))) { return 0; } pchglist->numpchgs = 0; pchglist->maxpchgs = 0; pchglist->pchgs = 0; return pchglist; }",jasper,,,335704503976904009293316103473407150160,0 4438,['CWE-264'],"void sock_wfree(struct sk_buff *skb) { struct sock *sk = skb->sk; atomic_sub(skb->truesize, &sk->sk_wmem_alloc); if (!sock_flag(sk, SOCK_USE_WRITE_QUEUE)) sk->sk_write_space(sk); sock_put(sk); }",linux-2.6,,,270135682608871658730986802788058397842,0 6440,[],"find_file (const char *search_path, const char *base_name, char **pdir) { FILE *file = 0; foreach_dirinpath (search_path, base_name, find_file_callback, pdir, &file); return file; }",libtool,,,245590354190679239819823042975257641575,0 996,['CWE-94'],"asmlinkage long sys_vmsplice(int fd, const struct iovec __user *iov, unsigned long nr_segs, unsigned int flags) { struct file *file; long error; int fput; if (unlikely(nr_segs > UIO_MAXIOV)) return -EINVAL; else if (unlikely(!nr_segs)) return 0; error = -EBADF; file = fget_light(fd, &fput); if (file) { if (file->f_mode & FMODE_WRITE) error = vmsplice_to_pipe(file, iov, nr_segs, flags); else if (file->f_mode & FMODE_READ) error = vmsplice_to_user(file, iov, nr_segs, flags); fput_light(file, fput); } return error; }",linux-2.6,,,7304151467902349453507504569543084799,0 1373,[],"update_stats_dequeue(struct cfs_rq *cfs_rq, struct sched_entity *se) { if (se != cfs_rq->curr) update_stats_wait_end(cfs_rq, se); }",linux-2.6,,,124572729852808690673215123700771852665,0 5876,CWE-120,"PJ_DEF(void) pj_scan_get_until( pj_scanner *scanner, const pj_cis_t *spec, pj_str_t *out) { register char *s = scanner->curptr; if (s >= scanner->end) { pj_scan_syntax_err(scanner); return; } while (PJ_SCAN_CHECK_EOF(s) && !pj_cis_match(spec, *s)) { ++s; } pj_strset3(out, scanner->curptr, s); scanner->curptr = s; if (PJ_SCAN_IS_PROBABLY_SPACE(*s) && scanner->skip_ws) { pj_scan_skip_whitespace(scanner); } }",visit repo url,pjlib-util/src/pjlib-util/scanner.c,https://github.com/pjsip/pjproject,150611086953481,1 5062,['CWE-20'],"static struct kvm_msr_entry *find_msr_entry(struct vcpu_vmx *vmx, u32 msr) { int i; i = __find_msr_index(vmx, msr); if (i >= 0) return &vmx->guest_msrs[i]; return NULL; }",linux-2.6,,,183547243516515037309777797326657353806,0 6531,CWE-119,"static MOBI_RET mobi_decompress_huffman_internal(MOBIBuffer *buf_out, MOBIBuffer *buf_in, const MOBIHuffCdic *huffcdic, size_t depth) { if (depth > MOBI_HUFFMAN_MAXDEPTH) { debug_print(""Too many levels of recursion: %zu\n"", depth); return MOBI_DATA_CORRUPT; } MOBI_RET ret = MOBI_SUCCESS; int8_t bitcount = 32; int bitsleft = (int) (buf_in->maxlen * 8); uint8_t code_length = 0; uint64_t buffer = mobi_buffer_fill64(buf_in); while (ret == MOBI_SUCCESS) { if (bitcount <= 0) { bitcount += 32; buffer = mobi_buffer_fill64(buf_in); } uint32_t code = (buffer >> bitcount) & 0xffffffffU; uint32_t t1 = huffcdic->table1[code >> 24]; code_length = t1 & 0x1f; uint32_t maxcode = (((t1 >> 8) + 1) << (32 - code_length)) - 1; if (!(t1 & 0x80)) { while (code < huffcdic->mincode_table[code_length]) { code_length++; } maxcode = huffcdic->maxcode_table[code_length]; } bitcount -= code_length; bitsleft -= code_length; if (bitsleft < 0) { break; } uint32_t index = (uint32_t) (maxcode - code) >> (32 - code_length); uint16_t cdic_index = (uint16_t) ((uint32_t)index >> huffcdic->code_length); if (index >= huffcdic->index_count) { debug_print(""Wrong symbol offsets index: %u\n"", index); return MOBI_DATA_CORRUPT; } uint32_t offset = huffcdic->symbol_offsets[index]; uint32_t symbol_length = (uint32_t) huffcdic->symbols[cdic_index][offset] << 8 | (uint32_t) huffcdic->symbols[cdic_index][offset + 1]; int is_decompressed = symbol_length >> 15; symbol_length &= 0x7fff; if (is_decompressed) { mobi_buffer_addraw(buf_out, (huffcdic->symbols[cdic_index] + offset + 2), symbol_length); ret = buf_out->error; } else { MOBIBuffer buf_sym; buf_sym.data = huffcdic->symbols[cdic_index] + offset + 2; buf_sym.offset = 0; buf_sym.maxlen = symbol_length; buf_sym.error = MOBI_SUCCESS; ret = mobi_decompress_huffman_internal(buf_out, &buf_sym, huffcdic, depth + 1); } } return ret; }",visit repo url,src/compression.c,https://github.com/bfabiszewski/libmobi,123802984556811,1 3401,CWE-787,"static void InsertRow(Image *image,unsigned char *p,ssize_t y,int bpp, ExceptionInfo *exception) { int bit; Quantum index; register Quantum *q; ssize_t x; switch (bpp) { case 1: { q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < ((ssize_t) image->columns-7); x+=8) { for (bit=0; bit < 8; bit++) { index=((*p) & (0x80 >> bit) ? 0x01 : 0x00); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); } p++; } if ((image->columns % 8) != 0) { for (bit=0; bit < (ssize_t) (image->columns % 8); bit++) { index=((*p) & (0x80 >> bit) ? 0x01 : 0x00); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); } p++; } if (!SyncAuthenticPixels(image,exception)) break; break; } case 2: { q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < ((ssize_t) image->columns-1); x+=4) { index=ConstrainColormapIndex(image,(*p >> 6) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); index=ConstrainColormapIndex(image,(*p >> 4) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); index=ConstrainColormapIndex(image,(*p >> 2) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); index=ConstrainColormapIndex(image,(*p) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); p++; q+=GetPixelChannels(image); } if ((image->columns % 4) != 0) { index=ConstrainColormapIndex(image,(*p >> 6) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); if ((image->columns % 4) >= 1) { index=ConstrainColormapIndex(image,(*p >> 4) & 0x3,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); if ((image->columns % 4) >= 2) { index=ConstrainColormapIndex(image,(*p >> 2) & 0x3, exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); } } p++; } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; break; } case 4: { q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < ((ssize_t) image->columns-1); x+=2) { index=ConstrainColormapIndex(image,(*p >> 4) & 0x0f,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); q+=GetPixelChannels(image); index=ConstrainColormapIndex(image,(*p) & 0x0f,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); p++; q+=GetPixelChannels(image); } if ((image->columns % 2) != 0) { index=ConstrainColormapIndex(image,(*p >> 4) & 0x0f,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); p++; q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; break; } case 8: { q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { index=ConstrainColormapIndex(image,*p,exception); SetPixelIndex(image,index,q); SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q); p++; q+=GetPixelChannels(image); } if (SyncAuthenticPixels(image,exception) == MagickFalse) break; } break; case 24: q=QueueAuthenticPixels(image,0,y,image->columns,1,exception); if (q == (Quantum *) NULL) break; for (x=0; x < (ssize_t) image->columns; x++) { SetPixelRed(image,ScaleCharToQuantum(*p++),q); SetPixelGreen(image,ScaleCharToQuantum(*p++),q); SetPixelBlue(image,ScaleCharToQuantum(*p++),q); q+=GetPixelChannels(image); } if (!SyncAuthenticPixels(image,exception)) break; break; } }",visit repo url,coders/wpg.c,https://github.com/ImageMagick/ImageMagick,134401314593042,1 2892,['CWE-189'],"int jas_seq2d_output(jas_matrix_t *matrix, FILE *out) { #define MAXLINELEN 80 int i; int j; jas_seqent_t x; char buf[MAXLINELEN + 1]; char sbuf[MAXLINELEN + 1]; int n; fprintf(out, ""%d %d\n"", jas_seq2d_xstart(matrix), jas_seq2d_ystart(matrix)); fprintf(out, ""%d %d\n"", jas_matrix_numcols(matrix), jas_matrix_numrows(matrix)); buf[0] = '\0'; for (i = 0; i < jas_matrix_numrows(matrix); ++i) { for (j = 0; j < jas_matrix_numcols(matrix); ++j) { x = jas_matrix_get(matrix, i, j); sprintf(sbuf, ""%s%4ld"", (strlen(buf) > 0) ? "" "" : """", JAS_CAST(long, x)); n = strlen(buf); if (n + strlen(sbuf) > MAXLINELEN) { fputs(buf, out); fputs(""\n"", out); buf[0] = '\0'; } strcat(buf, sbuf); if (j == jas_matrix_numcols(matrix) - 1) { fputs(buf, out); fputs(""\n"", out); buf[0] = '\0'; } } } fputs(buf, out); return 0; }",jasper,,,68660306525976313551005931949097338943,0 1952,['CWE-20'],"int copy_page_range(struct mm_struct *dst_mm, struct mm_struct *src_mm, struct vm_area_struct *vma) { pgd_t *src_pgd, *dst_pgd; unsigned long next; unsigned long addr = vma->vm_start; unsigned long end = vma->vm_end; if (!(vma->vm_flags & (VM_HUGETLB|VM_NONLINEAR|VM_PFNMAP|VM_INSERTPAGE))) { if (!vma->anon_vma) return 0; } if (is_vm_hugetlb_page(vma)) return copy_hugetlb_page_range(dst_mm, src_mm, vma); dst_pgd = pgd_offset(dst_mm, addr); src_pgd = pgd_offset(src_mm, addr); do { next = pgd_addr_end(addr, end); if (pgd_none_or_clear_bad(src_pgd)) continue; if (copy_pud_range(dst_mm, src_mm, dst_pgd, src_pgd, vma, addr, next)) return -ENOMEM; } while (dst_pgd++, src_pgd++, addr = next, addr != end); return 0; }",linux-2.6,,,108881401337051754718025658967995999210,0 3350,CWE-119,"static int do_cmd (xd3_stream *stream, const char *buf) { int ret; if ((ret = system (buf)) != 0) { if (WIFEXITED (ret)) { stream->msg = ""command exited non-zero""; IF_DEBUG1 (XPR(NT ""command was: %s\n"", buf)); } else { stream->msg = ""abnormal command termination""; } return XD3_INTERNAL; } return 0; }",visit repo url,xdelta3/xdelta3-test.h,https://github.com/jmacd/xdelta-devel,210234734025039,1 2752,CWE-119,"ZEND_API void zend_object_store_ctor_failed(zval *zobject TSRMLS_DC) { zend_object_handle handle = Z_OBJ_HANDLE_P(zobject); zend_object_store_bucket *obj_bucket = &EG(objects_store).object_buckets[handle]; obj_bucket->bucket.obj.handlers = Z_OBJ_HT_P(zobject);; obj_bucket->destructor_called = 1; }",visit repo url,Zend/zend_objects_API.c,https://github.com/php/php-src,162925596524345,1 3145,['CWE-189'],"static int jas_iccgetuint8(jas_stream_t *in, jas_iccuint8_t *val) { int c; if ((c = jas_stream_getc(in)) == EOF) return -1; *val = c; return 0; }",jasper,,,260144372840581014538055233686438115770,0 4835,['CWE-189'],"int ecryptfs_read_and_validate_header_region(char *data, struct inode *ecryptfs_inode) { struct ecryptfs_crypt_stat *crypt_stat = &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); int rc; if (crypt_stat->extent_size == 0) crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size, ecryptfs_inode); if (rc) { printk(KERN_ERR ""%s: Error reading header region; rc = [%d]\n"", __func__, rc); goto out; } if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) { rc = -EINVAL; } out: return rc; }",linux-2.6,,,93437273771504708213372178727364238436,0 719,CWE-20,"static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; int len; if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { rfcomm_dlc_accept(d); msg->msg_namelen = 0; return 0; } len = bt_sock_stream_recvmsg(iocb, sock, msg, size, flags); lock_sock(sk); if (!(flags & MSG_PEEK) && len > 0) atomic_sub(len, &sk->sk_rmem_alloc); if (atomic_read(&sk->sk_rmem_alloc) <= (sk->sk_rcvbuf >> 2)) rfcomm_dlc_unthrottle(rfcomm_pi(sk)->dlc); release_sock(sk); return len; }",visit repo url,net/bluetooth/rfcomm/sock.c,https://github.com/torvalds/linux,68043523665785,1 313,CWE-119,"static int catc_probe(struct usb_interface *intf, const struct usb_device_id *id) { struct device *dev = &intf->dev; struct usb_device *usbdev = interface_to_usbdev(intf); struct net_device *netdev; struct catc *catc; u8 broadcast[ETH_ALEN]; int i, pktsz, ret; if (usb_set_interface(usbdev, intf->altsetting->desc.bInterfaceNumber, 1)) { dev_err(dev, ""Can't set altsetting 1.\n""); return -EIO; } netdev = alloc_etherdev(sizeof(struct catc)); if (!netdev) return -ENOMEM; catc = netdev_priv(netdev); netdev->netdev_ops = &catc_netdev_ops; netdev->watchdog_timeo = TX_TIMEOUT; netdev->ethtool_ops = &ops; catc->usbdev = usbdev; catc->netdev = netdev; spin_lock_init(&catc->tx_lock); spin_lock_init(&catc->ctrl_lock); init_timer(&catc->timer); catc->timer.data = (long) catc; catc->timer.function = catc_stats_timer; catc->ctrl_urb = usb_alloc_urb(0, GFP_KERNEL); catc->tx_urb = usb_alloc_urb(0, GFP_KERNEL); catc->rx_urb = usb_alloc_urb(0, GFP_KERNEL); catc->irq_urb = usb_alloc_urb(0, GFP_KERNEL); if ((!catc->ctrl_urb) || (!catc->tx_urb) || (!catc->rx_urb) || (!catc->irq_urb)) { dev_err(&intf->dev, ""No free urbs available.\n""); ret = -ENOMEM; goto fail_free; } if (le16_to_cpu(usbdev->descriptor.idVendor) == 0x0423 && le16_to_cpu(usbdev->descriptor.idProduct) == 0xa && le16_to_cpu(catc->usbdev->descriptor.bcdDevice) == 0x0130) { dev_dbg(dev, ""Testing for f5u011\n""); catc->is_f5u011 = 1; atomic_set(&catc->recq_sz, 0); pktsz = RX_PKT_SZ; } else { pktsz = RX_MAX_BURST * (PKT_SZ + 2); } usb_fill_control_urb(catc->ctrl_urb, usbdev, usb_sndctrlpipe(usbdev, 0), NULL, NULL, 0, catc_ctrl_done, catc); usb_fill_bulk_urb(catc->tx_urb, usbdev, usb_sndbulkpipe(usbdev, 1), NULL, 0, catc_tx_done, catc); usb_fill_bulk_urb(catc->rx_urb, usbdev, usb_rcvbulkpipe(usbdev, 1), catc->rx_buf, pktsz, catc_rx_done, catc); usb_fill_int_urb(catc->irq_urb, usbdev, usb_rcvintpipe(usbdev, 2), catc->irq_buf, 2, catc_irq_done, catc, 1); if (!catc->is_f5u011) { dev_dbg(dev, ""Checking memory size\n""); i = 0x12345678; catc_write_mem(catc, 0x7a80, &i, 4); i = 0x87654321; catc_write_mem(catc, 0xfa80, &i, 4); catc_read_mem(catc, 0x7a80, &i, 4); switch (i) { case 0x12345678: catc_set_reg(catc, TxBufCount, 8); catc_set_reg(catc, RxBufCount, 32); dev_dbg(dev, ""64k Memory\n""); break; default: dev_warn(&intf->dev, ""Couldn't detect memory size, assuming 32k\n""); case 0x87654321: catc_set_reg(catc, TxBufCount, 4); catc_set_reg(catc, RxBufCount, 16); dev_dbg(dev, ""32k Memory\n""); break; } dev_dbg(dev, ""Getting MAC from SEEROM.\n""); catc_get_mac(catc, netdev->dev_addr); dev_dbg(dev, ""Setting MAC into registers.\n""); for (i = 0; i < 6; i++) catc_set_reg(catc, StationAddr0 - i, netdev->dev_addr[i]); dev_dbg(dev, ""Filling the multicast list.\n""); eth_broadcast_addr(broadcast); catc_multicast(broadcast, catc->multicast); catc_multicast(netdev->dev_addr, catc->multicast); catc_write_mem(catc, 0xfa80, catc->multicast, 64); dev_dbg(dev, ""Clearing error counters.\n""); for (i = 0; i < 8; i++) catc_set_reg(catc, EthStats + i, 0); catc->last_stats = jiffies; dev_dbg(dev, ""Enabling.\n""); catc_set_reg(catc, MaxBurst, RX_MAX_BURST); catc_set_reg(catc, OpModes, OpTxMerge | OpRxMerge | OpLenInclude | Op3MemWaits); catc_set_reg(catc, LEDCtrl, LEDLink); catc_set_reg(catc, RxUnit, RxEnable | RxPolarity | RxMultiCast); } else { dev_dbg(dev, ""Performing reset\n""); catc_reset(catc); catc_get_mac(catc, netdev->dev_addr); dev_dbg(dev, ""Setting RX Mode\n""); catc->rxmode[0] = RxEnable | RxPolarity | RxMultiCast; catc->rxmode[1] = 0; f5u011_rxmode(catc, catc->rxmode); } dev_dbg(dev, ""Init done.\n""); printk(KERN_INFO ""%s: %s USB Ethernet at usb-%s-%s, %pM.\n"", netdev->name, (catc->is_f5u011) ? ""Belkin F5U011"" : ""CATC EL1210A NetMate"", usbdev->bus->bus_name, usbdev->devpath, netdev->dev_addr); usb_set_intfdata(intf, catc); SET_NETDEV_DEV(netdev, &intf->dev); ret = register_netdev(netdev); if (ret) goto fail_clear_intfdata; return 0; fail_clear_intfdata: usb_set_intfdata(intf, NULL); fail_free: usb_free_urb(catc->ctrl_urb); usb_free_urb(catc->tx_urb); usb_free_urb(catc->rx_urb); usb_free_urb(catc->irq_urb); free_netdev(netdev); return ret; }",visit repo url,drivers/net/usb/catc.c,https://github.com/torvalds/linux,110254329382359,1 3404,CWE-125,"static Image *ReadMATImage(const ImageInfo *image_info,ExceptionInfo *exception) { Image *image, *image2=NULL, *rotated_image; register Quantum *q; unsigned int status; MATHeader MATLAB_HDR; size_t size; size_t CellType; QuantumInfo *quantum_info; ImageInfo *clone_info; int i; ssize_t ldblk; unsigned char *BImgBuff = NULL; double MinVal, MaxVal; unsigned z, z2; unsigned Frames; int logging; int sample_size; MagickOffsetType filepos=0x80; BlobInfo *blob; size_t one; unsigned int (*ReadBlobXXXLong)(Image *image); unsigned short (*ReadBlobXXXShort)(Image *image); void (*ReadBlobDoublesXXX)(Image * image, size_t len, double *data); void (*ReadBlobFloatsXXX)(Image * image, size_t len, float *data); assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); logging = LogMagickEvent(CoderEvent,GetMagickModule(),""enter""); image = AcquireImage(image_info,exception); status = OpenBlob(image_info, image, ReadBinaryBlobMode, exception); if (status == MagickFalse) { image=DestroyImageList(image); return((Image *) NULL); } clone_info=CloneImageInfo(image_info); if(ReadBlob(image,124,(unsigned char *) &MATLAB_HDR.identific) != 124) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); MATLAB_HDR.Version = ReadBlobLSBShort(image); if(ReadBlob(image,2,(unsigned char *) &MATLAB_HDR.EndianIndicator) != 2) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(),"" Endian %c%c"", MATLAB_HDR.EndianIndicator[0],MATLAB_HDR.EndianIndicator[1]); if (!strncmp(MATLAB_HDR.EndianIndicator, ""IM"", 2)) { ReadBlobXXXLong = ReadBlobLSBLong; ReadBlobXXXShort = ReadBlobLSBShort; ReadBlobDoublesXXX = ReadBlobDoublesLSB; ReadBlobFloatsXXX = ReadBlobFloatsLSB; image->endian = LSBEndian; } else if (!strncmp(MATLAB_HDR.EndianIndicator, ""MI"", 2)) { ReadBlobXXXLong = ReadBlobMSBLong; ReadBlobXXXShort = ReadBlobMSBShort; ReadBlobDoublesXXX = ReadBlobDoublesMSB; ReadBlobFloatsXXX = ReadBlobFloatsMSB; image->endian = MSBEndian; } else goto MATLAB_KO; if (strncmp(MATLAB_HDR.identific, ""MATLAB"", 6)) MATLAB_KO: ThrowReaderException(CorruptImageError,""ImproperImageHeader""); filepos = TellBlob(image); while(!EOFBlob(image)) { Frames = 1; (void) SeekBlob(image,filepos,SEEK_SET); MATLAB_HDR.DataType = ReadBlobXXXLong(image); if(EOFBlob(image)) break; MATLAB_HDR.ObjectSize = ReadBlobXXXLong(image); if(EOFBlob(image)) break; filepos += MATLAB_HDR.ObjectSize + 4 + 4; image2 = image; #if defined(MAGICKCORE_ZLIB_DELEGATE) if(MATLAB_HDR.DataType == miCOMPRESSED) { image2 = DecompressBlock(image,MATLAB_HDR.ObjectSize,clone_info,exception); if(image2==NULL) continue; MATLAB_HDR.DataType = ReadBlobXXXLong(image2); } #endif if(MATLAB_HDR.DataType!=miMATRIX) continue; MATLAB_HDR.unknown1 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown2 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown5 = ReadBlobXXXLong(image2); MATLAB_HDR.StructureClass = MATLAB_HDR.unknown5 & 0xFF; MATLAB_HDR.StructureFlag = (MATLAB_HDR.unknown5>>8) & 0xFF; MATLAB_HDR.unknown3 = ReadBlobXXXLong(image2); if(image!=image2) MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.unknown4 = ReadBlobXXXLong(image2); MATLAB_HDR.DimFlag = ReadBlobXXXLong(image2); MATLAB_HDR.SizeX = ReadBlobXXXLong(image2); MATLAB_HDR.SizeY = ReadBlobXXXLong(image2); switch(MATLAB_HDR.DimFlag) { case 8: z2=z=1; break; case 12: z2=z = ReadBlobXXXLong(image2); (void) ReadBlobXXXLong(image2); if(z!=3) ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); break; case 16: z2=z = ReadBlobXXXLong(image2); if(z!=3 && z!=1) ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); Frames = ReadBlobXXXLong(image2); break; default: ThrowReaderException(CoderError, ""MultidimensionalMatricesAreNotSupported""); } MATLAB_HDR.Flag1 = ReadBlobXXXShort(image2); MATLAB_HDR.NameFlag = ReadBlobXXXShort(image2); if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.StructureClass %d"",MATLAB_HDR.StructureClass); if (MATLAB_HDR.StructureClass != mxCHAR_CLASS && MATLAB_HDR.StructureClass != mxSINGLE_CLASS && MATLAB_HDR.StructureClass != mxDOUBLE_CLASS && MATLAB_HDR.StructureClass != mxINT8_CLASS && MATLAB_HDR.StructureClass != mxUINT8_CLASS && MATLAB_HDR.StructureClass != mxINT16_CLASS && MATLAB_HDR.StructureClass != mxUINT16_CLASS && MATLAB_HDR.StructureClass != mxINT32_CLASS && MATLAB_HDR.StructureClass != mxUINT32_CLASS && MATLAB_HDR.StructureClass != mxINT64_CLASS && MATLAB_HDR.StructureClass != mxUINT64_CLASS) ThrowReaderException(CoderError,""UnsupportedCellTypeInTheMatrix""); switch (MATLAB_HDR.NameFlag) { case 0: size = ReadBlobXXXLong(image2); size = 4 * (ssize_t) ((size + 3 + 1) / 4); (void) SeekBlob(image2, size, SEEK_CUR); break; case 1: case 2: case 3: case 4: (void) ReadBlob(image2, 4, (unsigned char *) &size); break; default: goto MATLAB_KO; } CellType = ReadBlobXXXLong(image2); if (logging) (void) LogMagickEvent(CoderEvent,GetMagickModule(), ""MATLAB_HDR.CellType: %.20g"",(double) CellType); (void) ReadBlob(image2, 4, (unsigned char *) &size); NEXT_FRAME: switch (CellType) { case miINT8: case miUINT8: sample_size = 8; if(MATLAB_HDR.StructureFlag & FLAG_LOGICAL) image->depth = 1; else image->depth = 8; ldblk = (ssize_t) MATLAB_HDR.SizeX; break; case miINT16: case miUINT16: sample_size = 16; image->depth = 16; ldblk = (ssize_t) (2 * MATLAB_HDR.SizeX); break; case miINT32: case miUINT32: sample_size = 32; image->depth = 32; ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miINT64: case miUINT64: sample_size = 64; image->depth = 64; ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; case miSINGLE: sample_size = 32; image->depth = 32; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (4 * MATLAB_HDR.SizeX); break; case miDOUBLE: sample_size = 64; image->depth = 64; (void) SetImageOption(clone_info,""quantum:format"",""floating-point""); DisableMSCWarning(4127) if (sizeof(double) != 8) RestoreMSCWarning ThrowReaderException(CoderError, ""IncompatibleSizeOfDouble""); if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { } ldblk = (ssize_t) (8 * MATLAB_HDR.SizeX); break; default: ThrowReaderException(CoderError, ""UnsupportedCellTypeInTheMatrix""); } (void) sample_size; image->columns = MATLAB_HDR.SizeX; image->rows = MATLAB_HDR.SizeY; quantum_info=AcquireQuantumInfo(clone_info,image); if (quantum_info == (QuantumInfo *) NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); one=1; image->colors = one << image->depth; if (image->columns == 0 || image->rows == 0) goto MATLAB_KO; if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) { image->type=GrayscaleType; SetImageColorspace(image,GRAYColorspace,exception); } if (image_info->ping) { size_t temp = image->columns; image->columns = image->rows; image->rows = temp; goto done_reading; } status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) return(DestroyImageList(image)); BImgBuff = (unsigned char *) AcquireQuantumMemory((size_t) (ldblk),sizeof(unsigned char)); if (BImgBuff == NULL) ThrowReaderException(ResourceLimitError,""MemoryAllocationFailed""); MinVal = 0; MaxVal = 0; if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2, image_info->endian, MATLAB_HDR.SizeX, MATLAB_HDR.SizeY, CellType, ldblk, BImgBuff, &quantum_info->minimum, &quantum_info->maximum); } if(z==1) z=0; do { for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { q=GetAuthenticPixels(image,0,MATLAB_HDR.SizeY-i-1,image->columns,1,exception); if (q == (Quantum *) NULL) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT set image pixels returns unexpected NULL on a row %u."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto done_reading; } if(ReadBlob(image2,ldblk,(unsigned char *)BImgBuff) != (ssize_t) ldblk) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT cannot read scanrow %u from a file."", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } if((CellType==miINT8 || CellType==miUINT8) && (MATLAB_HDR.StructureFlag & FLAG_LOGICAL)) { FixLogical((unsigned char *)BImgBuff,ldblk); if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) { ImportQuantumPixelsFailed: if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to ImportQuantumPixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); break; } } else { if(ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,z2qtype[z],BImgBuff,exception) <= 0) goto ImportQuantumPixelsFailed; if (z<=1 && (CellType==miINT8 || CellType==miINT16 || CellType==miINT32 || CellType==miINT64)) FixSignedValues(image,q,MATLAB_HDR.SizeX); } if (!SyncAuthenticPixels(image,exception)) { if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(), "" MAT failed to sync image pixels for a row %u"", (unsigned)(MATLAB_HDR.SizeY-i-1)); goto ExitLoop; } } } while(z-- >= 2); ExitLoop: if (MATLAB_HDR.StructureFlag & FLAG_COMPLEX) { CellType = ReadBlobXXXLong(image2); i = ReadBlobXXXLong(image2); if (CellType==miDOUBLE || CellType==miSINGLE) { CalcMinMax(image2, image_info->endian, MATLAB_HDR.SizeX, MATLAB_HDR.SizeY, CellType, ldblk, BImgBuff, &MinVal, &MaxVal); } if (CellType==miDOUBLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobDoublesXXX(image2, ldblk, (double *)BImgBuff); InsertComplexDoubleRow(image, (double *)BImgBuff, i, MinVal, MaxVal, exception); } if (CellType==miSINGLE) for (i = 0; i < (ssize_t) MATLAB_HDR.SizeY; i++) { ReadBlobFloatsXXX(image2, ldblk, (float *)BImgBuff); InsertComplexFloatRow(image,(float *)BImgBuff,i,MinVal,MaxVal, exception); } } if ((MATLAB_HDR.DimFlag == 8) && ((MATLAB_HDR.StructureFlag & FLAG_COMPLEX) == 0)) image->type=GrayscaleType; if (image->depth == 1) image->type=BilevelType; if(image2==image) image2 = NULL; rotated_image = RotateImage(image, 90.0, exception); if (rotated_image != (Image *) NULL) { rotated_image->page.x=0; rotated_image->page.y=0; blob = rotated_image->blob; rotated_image->blob = image->blob; rotated_image->colors = image->colors; image->blob = blob; AppendImageToList(&image,rotated_image); DeleteImageFromList(&image); } done_reading: if(image2!=NULL) if(image2!=image) { DeleteImageFromList(&image2); if(clone_info) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } AcquireNextImage(image_info,image,exception); if (image->next == (Image *) NULL) break; image=SyncNextImageInList(image); image->columns=image->rows=0; image->colors=0; RelinquishMagickMemory(BImgBuff); BImgBuff = NULL; if(--Frames>0) { z = z2; if(image2==NULL) image2 = image; goto NEXT_FRAME; } if ((image2!=NULL) && (image2!=image)) { DeleteImageFromList(&image2); if(clone_info) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } } } } clone_info=DestroyImageInfo(clone_info); RelinquishMagickMemory(BImgBuff); CloseBlob(image); { Image *p; ssize_t scene=0; p=image; image=NULL; while (p != (Image *) NULL) { Image *tmp=p; if ((p->rows == 0) || (p->columns == 0)) { p=p->previous; DeleteImageFromList(&tmp); } else { image=p; p=p->previous; } } for (p=image; p != (Image *) NULL; p=p->next) p->scene=scene++; } if(clone_info != NULL) { if(clone_info->file) { fclose(clone_info->file); clone_info->file = NULL; (void) remove_utf8(clone_info->filename); } DestroyImageInfo(clone_info); clone_info = NULL; } if (logging) (void)LogMagickEvent(CoderEvent,GetMagickModule(),""return""); if(image==NULL) ThrowReaderException(CorruptImageError,""ImproperImageHeader""); return (image); }",visit repo url,coders/mat.c,https://github.com/ImageMagick/ImageMagick,71328030241027,1 2256,[],"static int __init nonx_setup(char *str) { if (!str) return -EINVAL; if (!strncmp(str, ""on"", 2)) { __supported_pte_mask |= _PAGE_NX; do_not_nx = 0; } else if (!strncmp(str, ""off"", 3)) { do_not_nx = 1; __supported_pte_mask &= ~_PAGE_NX; } return 0; } ",linux-2.6,,,107439768470337341950913578286545837022,0 314,CWE-362,"static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, size_t msg_len) { struct sock *sk = asoc->base.sk; int err = 0; long current_timeo = *timeo_p; DEFINE_WAIT(wait); pr_debug(""%s: asoc:%p, timeo:%ld, msg_len:%zu\n"", __func__, asoc, *timeo_p, msg_len); sctp_association_hold(asoc); for (;;) { prepare_to_wait_exclusive(&asoc->wait, &wait, TASK_INTERRUPTIBLE); if (!*timeo_p) goto do_nonblock; if (sk->sk_err || asoc->state >= SCTP_STATE_SHUTDOWN_PENDING || asoc->base.dead) goto do_error; if (signal_pending(current)) goto do_interrupted; if (msg_len <= sctp_wspace(asoc)) break; release_sock(sk); current_timeo = schedule_timeout(current_timeo); BUG_ON(sk != asoc->base.sk); lock_sock(sk); *timeo_p = current_timeo; } out: finish_wait(&asoc->wait, &wait); sctp_association_put(asoc); return err; do_error: err = -EPIPE; goto out; do_interrupted: err = sock_intr_errno(*timeo_p); goto out; do_nonblock: err = -EAGAIN; goto out; }",visit repo url,net/sctp/socket.c,https://github.com/torvalds/linux,130908862380422,1 3001,CWE-399,"file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf, size_t nbytes) { union { int32_t l; char c[sizeof (int32_t)]; } u; int clazz; int swap; struct stat st; off_t fsize; int flags = 0; Elf32_Ehdr elf32hdr; Elf64_Ehdr elf64hdr; uint16_t type, phnum, shnum; if (ms->flags & (MAGIC_MIME|MAGIC_APPLE)) return 0; if (buf[EI_MAG0] != ELFMAG0 || (buf[EI_MAG1] != ELFMAG1 && buf[EI_MAG1] != OLFMAG1) || buf[EI_MAG2] != ELFMAG2 || buf[EI_MAG3] != ELFMAG3) return 0; if((lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) && (errno == ESPIPE)) fd = file_pipe2file(ms, fd, buf, nbytes); if (fstat(fd, &st) == -1) { file_badread(ms); return -1; } if (S_ISREG(st.st_mode) || st.st_size != 0) fsize = st.st_size; else fsize = SIZE_UNKNOWN; clazz = buf[EI_CLASS]; switch (clazz) { case ELFCLASS32: #undef elf_getu #define elf_getu(a, b) elf_getu32(a, b) #undef elfhdr #define elfhdr elf32hdr #include ""elfclass.h"" case ELFCLASS64: #undef elf_getu #define elf_getu(a, b) elf_getu64(a, b) #undef elfhdr #define elfhdr elf64hdr #include ""elfclass.h"" default: if (file_printf(ms, "", unknown class %d"", clazz) == -1) return -1; break; } return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,31687573125871,1 3312,CWE-119,"header_put_marker (SF_PRIVATE *psf, int x) { if (psf->headindex < SIGNED_SIZEOF (psf->header) - 4) { psf->header [psf->headindex++] = (x >> 24) ; psf->header [psf->headindex++] = (x >> 16) ; psf->header [psf->headindex++] = (x >> 8) ; psf->header [psf->headindex++] = x ; } ; } ",visit repo url,src/common.c,https://github.com/erikd/libsndfile,101804195702142,1 1557,CWE-264,"static void bt_for_each(struct blk_mq_hw_ctx *hctx, struct blk_mq_bitmap_tags *bt, unsigned int off, busy_iter_fn *fn, void *data, bool reserved) { struct request *rq; int bit, i; for (i = 0; i < bt->map_nr; i++) { struct blk_align_bitmap *bm = &bt->map[i]; for (bit = find_first_bit(&bm->word, bm->depth); bit < bm->depth; bit = find_next_bit(&bm->word, bm->depth, bit + 1)) { rq = blk_mq_tag_to_rq(hctx->tags, off + bit); if (rq->q == hctx->queue) fn(hctx, rq, data, reserved); } off += (1 << bt->bits_per_word); } }",visit repo url,block/blk-mq-tag.c,https://github.com/torvalds/linux,11798449567866,1 5817,CWE-120,"static int decode_avp(struct l2tp_avp_t *avp, const struct l2tp_attr_t *RV, const char *secret, size_t secret_len) { MD5_CTX md5_ctx; uint8_t md5[MD5_DIGEST_LENGTH]; uint8_t p1[MD5_DIGEST_LENGTH]; uint8_t *prev_block = NULL; uint16_t attr_len; uint16_t orig_attr_len; uint16_t bytes_left; uint16_t blocks_left; uint16_t last_block_len; if (avp->length < sizeof(struct l2tp_avp_t) + 2) { log_warn(""l2tp: incorrect hidden avp received (type %hu):"" "" length too small (%hu bytes)\n"", ntohs(avp->type), avp->length); return -1; } attr_len = avp->length - sizeof(struct l2tp_avp_t); MD5_Init(&md5_ctx); MD5_Update(&md5_ctx, &avp->type, sizeof(avp->type)); MD5_Update(&md5_ctx, secret, secret_len); MD5_Update(&md5_ctx, RV->val.octets, RV->length); MD5_Final(p1, &md5_ctx); if (attr_len <= MD5_DIGEST_LENGTH) { memxor(avp->val, p1, attr_len); return 0; } memxor(p1, avp->val, MD5_DIGEST_LENGTH); orig_attr_len = ntohs(*(uint16_t *)p1); if (orig_attr_len <= MD5_DIGEST_LENGTH - 2) { memcpy(avp->val, p1, MD5_DIGEST_LENGTH); return 0; } if (orig_attr_len > attr_len - 2) { log_warn(""l2tp: incorrect hidden avp received (type %hu):"" "" original attribute length too big (ciphered"" "" attribute length: %hu bytes, advertised original"" "" attribute length: %hu bytes)\n"", ntohs(avp->type), attr_len, orig_attr_len); return -1; } bytes_left = orig_attr_len + 2 - MD5_DIGEST_LENGTH; last_block_len = bytes_left % MD5_DIGEST_LENGTH; blocks_left = bytes_left / MD5_DIGEST_LENGTH; if (last_block_len) { prev_block = avp->val + blocks_left * MD5_DIGEST_LENGTH; MD5_Init(&md5_ctx); MD5_Update(&md5_ctx, secret, secret_len); MD5_Update(&md5_ctx, prev_block, MD5_DIGEST_LENGTH); MD5_Final(md5, &md5_ctx); memxor(prev_block + MD5_DIGEST_LENGTH, md5, last_block_len); prev_block -= MD5_DIGEST_LENGTH; } else prev_block = avp->val + (blocks_left - 1) * MD5_DIGEST_LENGTH; while (prev_block >= avp->val) { MD5_Init(&md5_ctx); MD5_Update(&md5_ctx, secret, secret_len); MD5_Update(&md5_ctx, prev_block, MD5_DIGEST_LENGTH); MD5_Final(md5, &md5_ctx); memxor(prev_block + MD5_DIGEST_LENGTH, md5, MD5_DIGEST_LENGTH); prev_block -= MD5_DIGEST_LENGTH; } memcpy(avp->val, p1, MD5_DIGEST_LENGTH); return 0; }",visit repo url,accel-pppd/ctrl/l2tp/packet.c,https://github.com/accel-ppp/accel-ppp,176525659562831,1 4794,[],"static int selinux_netlbl_sock_setsid(struct sock *sk) { int rc; struct sk_security_struct *sksec = sk->sk_security; struct netlbl_lsm_secattr *secattr; if (sksec->nlbl_state != NLBL_REQUIRE) return 0; secattr = selinux_netlbl_sock_genattr(sk); if (secattr == NULL) return -ENOMEM; rc = netlbl_sock_setattr(sk, secattr); switch (rc) { case 0: sksec->nlbl_state = NLBL_LABELED; break; case -EDESTADDRREQ: sksec->nlbl_state = NLBL_REQSKB; rc = 0; break; } return rc; }",linux-2.6,,,177733037616160392832745459551738754034,0 3558,['CWE-20'],"sctp_disposition_t sctp_sf_cookie_wait_prm_abort( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *abort = arg; sctp_disposition_t retval; sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT)); retval = SCTP_DISPOSITION_CONSUME; sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_CLOSED)); SCTP_INC_STATS(SCTP_MIB_ABORTEDS); sctp_add_cmd_sf(commands, SCTP_CMD_SET_SK_ERR, SCTP_ERROR(ECONNREFUSED)); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_FAILED, SCTP_PERR(SCTP_ERROR_USER_ABORT)); return retval; }",linux-2.6,,,312643578381904855186022241262120379746,0 3452,CWE-787,"int tmx_check_pretran(sip_msg_t *msg) { unsigned int chid; unsigned int slotid; int dsize; struct via_param *vbr; str scallid; str scseqmet; str scseqnum; str sftag; str svbranch = {NULL, 0}; pretran_t *it; if(_tmx_ptran_table==NULL) { LM_ERR(""pretran hash table not initialized yet\n""); return -1; } if(get_route_type()!=REQUEST_ROUTE) { LM_ERR(""invalid usage - not in request route\n""); return -1; } if(msg->first_line.type!=SIP_REQUEST) { LM_ERR(""invalid usage - not a sip request\n""); return -1; } if(parse_headers(msg, HDR_FROM_F|HDR_VIA1_F|HDR_CALLID_F|HDR_CSEQ_F, 0)<0) { LM_ERR(""failed to parse required headers\n""); return -1; } if(msg->cseq==NULL || msg->cseq->parsed==NULL) { LM_ERR(""failed to parse cseq headers\n""); return -1; } if(get_cseq(msg)->method_id==METHOD_ACK || get_cseq(msg)->method_id==METHOD_CANCEL) { LM_DBG(""no pre-transaction management for ACK or CANCEL\n""); return -1; } if (msg->via1==0) { LM_ERR(""failed to get Via header\n""); return -1; } if (parse_from_header(msg)<0 || get_from(msg)->tag_value.len==0) { LM_ERR(""failed to get From header\n""); return -1; } if (msg->callid==NULL || msg->callid->body.s==NULL) { LM_ERR(""failed to parse callid headers\n""); return -1; } vbr = msg->via1->branch; scallid = msg->callid->body; trim(&scallid); scseqmet = get_cseq(msg)->method; trim(&scseqmet); scseqnum = get_cseq(msg)->number; trim(&scseqnum); sftag = get_from(msg)->tag_value; trim(&sftag); chid = get_hash1_raw(msg->callid->body.s, msg->callid->body.len); slotid = chid & (_tmx_ptran_size-1); if(unlikely(_tmx_proc_ptran == NULL)) { _tmx_proc_ptran = (pretran_t*)shm_malloc(sizeof(pretran_t)); if(_tmx_proc_ptran == NULL) { LM_ERR(""not enough memory for pretran structure\n""); return -1; } memset(_tmx_proc_ptran, 0, sizeof(pretran_t)); _tmx_proc_ptran->pid = my_pid(); } dsize = scallid.len + scseqnum.len + scseqmet.len + sftag.len + 4; if(likely(vbr!=NULL)) { svbranch = vbr->value; trim(&svbranch); dsize += svbranch.len; } if(dsize<256) dsize = 256; tmx_pretran_unlink(); if(dsize > _tmx_proc_ptran->dbuf.len) { if(_tmx_proc_ptran->dbuf.s) shm_free(_tmx_proc_ptran->dbuf.s); _tmx_proc_ptran->dbuf.s = (char*)shm_malloc(dsize); if(_tmx_proc_ptran->dbuf.s==NULL) { LM_ERR(""not enough memory for pretran data\n""); return -1; } _tmx_proc_ptran->dbuf.len = dsize; } _tmx_proc_ptran->hid = chid; _tmx_proc_ptran->cseqmetid = (get_cseq(msg))->method_id; _tmx_proc_ptran->callid.s = _tmx_proc_ptran->dbuf.s; memcpy(_tmx_proc_ptran->callid.s, scallid.s, scallid.len); _tmx_proc_ptran->callid.len = scallid.len; _tmx_proc_ptran->callid.s[_tmx_proc_ptran->callid.len] = '\0'; _tmx_proc_ptran->ftag.s = _tmx_proc_ptran->callid.s + _tmx_proc_ptran->callid.len + 1; memcpy(_tmx_proc_ptran->ftag.s, sftag.s, sftag.len); _tmx_proc_ptran->ftag.len = sftag.len; _tmx_proc_ptran->ftag.s[_tmx_proc_ptran->ftag.len] = '\0'; _tmx_proc_ptran->cseqnum.s = _tmx_proc_ptran->ftag.s + _tmx_proc_ptran->ftag.len + 1; memcpy(_tmx_proc_ptran->cseqnum.s, scseqnum.s, scseqnum.len); _tmx_proc_ptran->cseqnum.len = scseqnum.len; _tmx_proc_ptran->cseqnum.s[_tmx_proc_ptran->cseqnum.len] = '\0'; _tmx_proc_ptran->cseqmet.s = _tmx_proc_ptran->cseqnum.s + _tmx_proc_ptran->cseqnum.len + 1; memcpy(_tmx_proc_ptran->cseqmet.s, scseqmet.s, scseqmet.len); _tmx_proc_ptran->cseqmet.len = scseqmet.len; _tmx_proc_ptran->cseqmet.s[_tmx_proc_ptran->cseqmet.len] = '\0'; if(likely(vbr!=NULL)) { _tmx_proc_ptran->vbranch.s = _tmx_proc_ptran->cseqmet.s + _tmx_proc_ptran->cseqmet.len + 1; memcpy(_tmx_proc_ptran->vbranch.s, svbranch.s, svbranch.len); _tmx_proc_ptran->vbranch.len = svbranch.len; _tmx_proc_ptran->vbranch.s[_tmx_proc_ptran->vbranch.len] = '\0'; } else { _tmx_proc_ptran->vbranch.s = NULL; _tmx_proc_ptran->vbranch.len = 0; } lock_get(&_tmx_ptran_table[slotid].lock); it = _tmx_ptran_table[slotid].plist; tmx_pretran_link_safe(slotid); for(; it!=NULL; it=it->next) { if(_tmx_proc_ptran->hid != it->hid || _tmx_proc_ptran->cseqmetid != it->cseqmetid || _tmx_proc_ptran->callid.len != it->callid.len || _tmx_proc_ptran->ftag.len != it->ftag.len || _tmx_proc_ptran->cseqmet.len != it->cseqmet.len || _tmx_proc_ptran->cseqnum.len != it->cseqnum.len) continue; if(_tmx_proc_ptran->vbranch.s != NULL && it->vbranch.s != NULL) { if(_tmx_proc_ptran->vbranch.len != it->vbranch.len) continue; if(_tmx_proc_ptran->vbranch.s[it->vbranch.len-1] != it->vbranch.s[it->vbranch.len-1]) continue; if(memcmp(_tmx_proc_ptran->vbranch.s, it->vbranch.s, it->vbranch.len)!=0) continue; } if(memcmp(_tmx_proc_ptran->callid.s, it->callid.s, it->callid.len)!=0 || memcmp(_tmx_proc_ptran->ftag.s, it->ftag.s, it->ftag.len)!=0 || memcmp(_tmx_proc_ptran->cseqnum.s, it->cseqnum.s, it->cseqnum.len)!=0) continue; if((it->cseqmetid==METHOD_OTHER || it->cseqmetid==METHOD_UNDEF) && memcmp(_tmx_proc_ptran->cseqmet.s, it->cseqmet.s, it->cseqmet.len)!=0) continue; LM_DBG(""matched another pre-transaction by pid %d for [%.*s]\n"", it->pid, it->callid.len, it->callid.s); lock_release(&_tmx_ptran_table[slotid].lock); return 1; } lock_release(&_tmx_ptran_table[slotid].lock); return 0; }",visit repo url,src/modules/tmx/tmx_pretran.c,https://github.com/kamailio/kamailio,246797150588674,1 4795,[],"int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u16 family, u32 *type, u32 *sid) { int rc; struct netlbl_lsm_secattr secattr; if (!netlbl_enabled()) { *sid = SECSID_NULL; return 0; } netlbl_secattr_init(&secattr); rc = netlbl_skbuff_getattr(skb, family, &secattr); if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) rc = selinux_netlbl_sidlookup_cached(skb, &secattr, sid); else *sid = SECSID_NULL; *type = secattr.type; netlbl_secattr_destroy(&secattr); return rc; }",linux-2.6,,,318055822524892528358621296669512415337,0 3249,['CWE-189'],"static uint_fast32_t jp2_gettypeasoc(int colorspace, int ctype) { int type; int asoc; if (ctype & JAS_IMAGE_CT_OPACITY) { type = JP2_CDEF_TYPE_OPACITY; asoc = JP2_CDEF_ASOC_ALL; goto done; } type = JP2_CDEF_TYPE_UNSPEC; asoc = JP2_CDEF_ASOC_NONE; switch (jas_clrspc_fam(colorspace)) { case JAS_CLRSPC_FAM_RGB: switch (JAS_IMAGE_CT_COLOR(ctype)) { case JAS_IMAGE_CT_RGB_R: type = JP2_CDEF_TYPE_COLOR; asoc = JP2_CDEF_RGB_R; break; case JAS_IMAGE_CT_RGB_G: type = JP2_CDEF_TYPE_COLOR; asoc = JP2_CDEF_RGB_G; break; case JAS_IMAGE_CT_RGB_B: type = JP2_CDEF_TYPE_COLOR; asoc = JP2_CDEF_RGB_B; break; } break; case JAS_CLRSPC_FAM_YCBCR: switch (JAS_IMAGE_CT_COLOR(ctype)) { case JAS_IMAGE_CT_YCBCR_Y: type = JP2_CDEF_TYPE_COLOR; asoc = JP2_CDEF_YCBCR_Y; break; case JAS_IMAGE_CT_YCBCR_CB: type = JP2_CDEF_TYPE_COLOR; asoc = JP2_CDEF_YCBCR_CB; break; case JAS_IMAGE_CT_YCBCR_CR: type = JP2_CDEF_TYPE_COLOR; asoc = JP2_CDEF_YCBCR_CR; break; } break; case JAS_CLRSPC_FAM_GRAY: type = JP2_CDEF_TYPE_COLOR; asoc = JP2_CDEF_GRAY_Y; break; } done: return (type << 16) | asoc; }",jasper,,,304245247469886120611230194099223662490,0 2832,[],"submit_page_section(struct dio *dio, struct page *page, unsigned offset, unsigned len, sector_t blocknr) { int ret = 0; if (dio->rw & WRITE) { task_io_account_write(len); } if ( (dio->cur_page == page) && (dio->cur_page_offset + dio->cur_page_len == offset) && (dio->cur_page_block + (dio->cur_page_len >> dio->blkbits) == blocknr)) { dio->cur_page_len += len; if (dio->boundary) { ret = dio_send_cur_page(dio); page_cache_release(dio->cur_page); dio->cur_page = NULL; } goto out; } if (dio->cur_page) { ret = dio_send_cur_page(dio); page_cache_release(dio->cur_page); dio->cur_page = NULL; if (ret) goto out; } page_cache_get(page); dio->cur_page = page; dio->cur_page_offset = offset; dio->cur_page_len = len; dio->cur_page_block = blocknr; out: return ret; }",linux-2.6,,,165367591373219932982559720658383118445,0 6438,CWE-20,"error_t ftpClientParseDirEntry(char_t *line, FtpDirEntry *dirEntry) { uint_t i; size_t n; char_t *p; char_t *token; static const char_t months[13][4] = { "" "", ""Jan"", ""Feb"", ""Mar"", ""Apr"", ""May"", ""Jun"", ""Jul"", ""Aug"", ""Sep"", ""Oct"", ""Nov"", ""Dec"" }; token = osStrtok_r(line, "" \t"", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; if(osIsdigit(token[0])) { if(osStrlen(token) == 8 && token[2] == '-' && token[5] == '-') { dirEntry->modified.month = (uint8_t) osStrtoul(token, NULL, 10); dirEntry->modified.day = (uint8_t) osStrtoul(token + 3, NULL, 10); dirEntry->modified.year = (uint16_t) osStrtoul(token + 6, NULL, 10) + 2000; } else if(osStrlen(token) == 10 && token[2] == '/' && token[5] == '/') { dirEntry->modified.month = (uint8_t) osStrtoul(token, NULL, 10); dirEntry->modified.day = (uint8_t) osStrtoul(token + 3, NULL, 10); dirEntry->modified.year = (uint16_t) osStrtoul(token + 6, NULL, 10); } else { return ERROR_INVALID_SYNTAX; } token = osStrtok_r(NULL, "" "", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; if(osStrlen(token) >= 5 && token[2] == ':') { dirEntry->modified.hours = (uint8_t) osStrtoul(token, NULL, 10); dirEntry->modified.minutes = (uint8_t) osStrtoul(token + 3, NULL, 10); if(strstr(token, ""PM"") != NULL) dirEntry->modified.hours += 12; } else { return ERROR_INVALID_SYNTAX; } token = osStrtok_r(NULL, "" "", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; if(!osStrcmp(token, """")) { dirEntry->attributes |= FTP_FILE_ATTR_DIRECTORY; } else { dirEntry->size = osStrtoul(token, NULL, 10); } token = osStrtok_r(NULL, "" \r\n"", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; n = osStrlen(token); n = MIN(n, FTP_CLIENT_MAX_FILENAME_LEN); osStrncpy(dirEntry->name, token, n); dirEntry->name[n] = '\0'; } else { if(strchr(token, 'd') != NULL) dirEntry->attributes |= FTP_FILE_ATTR_DIRECTORY; if(strchr(token, 'w') == NULL) dirEntry->attributes |= FTP_FILE_ATTR_READ_ONLY; token = osStrtok_r(NULL, "" "", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; token = osStrtok_r(NULL, "" "", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; token = osStrtok_r(NULL, "" "", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; token = osStrtok_r(NULL, "" "", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; dirEntry->size = osStrtoul(token, NULL, 10); token = osStrtok_r(NULL, "" "", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; for(i = 1; i <= 12; i++) { if(!osStrcmp(token, months[i])) { dirEntry->modified.month = i; break; } } token = osStrtok_r(NULL, "" "", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; dirEntry->modified.day = (uint8_t) osStrtoul(token, NULL, 10); token = osStrtok_r(NULL, "" "", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; if(osStrlen(token) == 4) { dirEntry->modified.year = (uint16_t) osStrtoul(token, NULL, 10); } else if(osStrlen(token) == 5) { token[2] = '\0'; dirEntry->modified.hours = (uint8_t) osStrtoul(token, NULL, 10); dirEntry->modified.minutes = (uint8_t) osStrtoul(token + 3, NULL, 10); } else { return ERROR_INVALID_SYNTAX; } token = osStrtok_r(NULL, "" \r\n"", &p); if(token == NULL) return ERROR_INVALID_SYNTAX; n = osStrlen(token); n = MIN(n, FTP_CLIENT_MAX_FILENAME_LEN); osStrncpy(dirEntry->name, token, n); dirEntry->name[n] = '\0'; } return NO_ERROR; }",visit repo url,ftp/ftp_client_misc.c,https://github.com/Oryx-Embedded/CycloneTCP,60172711634345,1 861,['CWE-119'],"set_global_features(void) { int drvidx; dev->global_features = 0; for (drvidx = 0; drvidx < ISDN_MAX_DRIVERS; drvidx++) { if (!dev->drv[drvidx]) continue; if (dev->drv[drvidx]->interface) dev->global_features |= dev->drv[drvidx]->interface->features; } }",linux-2.6,,,102688599978227716978882080143546941610,0 2702,[],"static struct sctp_bind_bucket *sctp_bucket_create( struct sctp_bind_hashbucket *head, unsigned short snum) { struct sctp_bind_bucket *pp; pp = kmem_cache_alloc(sctp_bucket_cachep, GFP_ATOMIC); if (pp) { SCTP_DBG_OBJCNT_INC(bind_bucket); pp->port = snum; pp->fastreuse = 0; INIT_HLIST_HEAD(&pp->owner); hlist_add_head(&pp->node, &head->chain); } return pp; }",linux-2.6,,,12100163906250381201133631250588590210,0 6418,CWE-20,"error_t lpc546xxEthUpdateMacAddrFilter(NetInterface *interface) { uint_t i; bool_t acceptMulticast; TRACE_DEBUG(""Updating MAC filter...\r\n""); ENET->MAC_ADDR_LOW = interface->macAddr.w[0] | (interface->macAddr.w[1] << 16); ENET->MAC_ADDR_HIGH = interface->macAddr.w[2]; acceptMulticast = FALSE; for(i = 0; i < MAC_ADDR_FILTER_SIZE; i++) { if(interface->macAddrFilter[i].refCount > 0) { acceptMulticast = TRUE; break; } } if(acceptMulticast) { ENET->MAC_FRAME_FILTER |= ENET_MAC_FRAME_FILTER_PM_MASK; } else { ENET->MAC_FRAME_FILTER &= ~ENET_MAC_FRAME_FILTER_PM_MASK; } return NO_ERROR; }",visit repo url,drivers/mac/lpc546xx_eth_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,114819936815612,1 5066,['CWE-20'],"static void vmx_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l) { u32 ar = vmcs_read32(GUEST_CS_AR_BYTES); *db = (ar >> 14) & 1; *l = (ar >> 13) & 1; }",linux-2.6,,,150686856101286722044474207899952500942,0 3186,['CWE-189'],"void jpc_mqdec_setinput(jpc_mqdec_t *mqdec, jas_stream_t *in) { mqdec->in = in; }",jasper,,,58526306201820327201387449229909605269,0 2137,CWE-416,"int ipmi_si_port_setup(struct si_sm_io *io) { unsigned int addr = io->addr_data; int idx; if (!addr) return -ENODEV; io->io_cleanup = port_cleanup; switch (io->regsize) { case 1: io->inputb = port_inb; io->outputb = port_outb; break; case 2: io->inputb = port_inw; io->outputb = port_outw; break; case 4: io->inputb = port_inl; io->outputb = port_outl; break; default: dev_warn(io->dev, ""Invalid register size: %d\n"", io->regsize); return -EINVAL; } for (idx = 0; idx < io->io_size; idx++) { if (request_region(addr + idx * io->regspacing, io->regsize, DEVICE_NAME) == NULL) { while (idx--) release_region(addr + idx * io->regspacing, io->regsize); return -EIO; } } return 0; }",visit repo url,drivers/char/ipmi/ipmi_si_port_io.c,https://github.com/torvalds/linux,108828782001532,1 1865,['CWE-189'],"_gnutls_send_handshake_final (gnutls_session_t session, int init) { int ret = 0; switch (STATE) { case STATE0: case STATE20: ret = _gnutls_send_change_cipher_spec (session, AGAIN (STATE20)); STATE = STATE20; if (ret < 0) { ERR (""send ChangeCipherSpec"", ret); gnutls_assert (); return ret; } if (init == TRUE) { ret = _gnutls_connection_state_init (session); if (ret < 0) { gnutls_assert (); return ret; } } ret = _gnutls_write_connection_state_init (session); if (ret < 0) { gnutls_assert (); return ret; } case STATE21: ret = _gnutls_send_finished (session, AGAIN (STATE21)); STATE = STATE21; if (ret < 0) { ERR (""send Finished"", ret); gnutls_assert (); return ret; } STATE = STATE0; default: break; } return 0; }",gnutls,,,205460522125551874222704335337437084405,0 3507,CWE-193,"static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, struct mschmd_header *chm, int entire) { unsigned int section, name_len, x, errors, num_chunks; unsigned char buf[0x54], *chunk = NULL, *name, *p, *end; struct mschmd_file *fi, *link = NULL; off_t offset, length; int num_entries; chm->files = NULL; chm->sysfiles = NULL; chm->chunk_cache = NULL; chm->sec0.base.chm = chm; chm->sec0.base.id = 0; chm->sec1.base.chm = chm; chm->sec1.base.id = 1; chm->sec1.content = NULL; chm->sec1.control = NULL; chm->sec1.spaninfo = NULL; chm->sec1.rtable = NULL; if (sys->read(fh, &buf[0], chmhead_SIZEOF) != chmhead_SIZEOF) { return MSPACK_ERR_READ; } if (EndGetI32(&buf[chmhead_Signature]) != 0x46535449) { return MSPACK_ERR_SIGNATURE; } if (mspack_memcmp(&buf[chmhead_GUID1], &guids[0], 32L) != 0) { D((""incorrect GUIDs"")) return MSPACK_ERR_SIGNATURE; } chm->version = EndGetI32(&buf[chmhead_Version]); chm->timestamp = EndGetM32(&buf[chmhead_Timestamp]); chm->language = EndGetI32(&buf[chmhead_LanguageID]); if (chm->version > 3) { sys->message(fh, ""WARNING; CHM version > 3""); } if (sys->read(fh, &buf[0], chmhst3_SIZEOF) != chmhst3_SIZEOF) { return MSPACK_ERR_READ; } if (read_off64(&offset, &buf[chmhst_OffsetHS0], sys, fh) || read_off64(&chm->dir_offset, &buf[chmhst_OffsetHS1], sys, fh) || read_off64(&chm->sec0.offset, &buf[chmhst3_OffsetCS0], sys, fh)) { return MSPACK_ERR_DATAFORMAT; } if (sys->seek(fh, offset, MSPACK_SYS_SEEK_START)) { return MSPACK_ERR_SEEK; } if (sys->read(fh, &buf[0], chmhs0_SIZEOF) != chmhs0_SIZEOF) { return MSPACK_ERR_READ; } if (read_off64(&chm->length, &buf[chmhs0_FileLen], sys, fh)) { return MSPACK_ERR_DATAFORMAT; } if (sys->seek(fh, chm->dir_offset, MSPACK_SYS_SEEK_START)) { return MSPACK_ERR_SEEK; } if (sys->read(fh, &buf[0], chmhs1_SIZEOF) != chmhs1_SIZEOF) { return MSPACK_ERR_READ; } chm->dir_offset = sys->tell(fh); chm->chunk_size = EndGetI32(&buf[chmhs1_ChunkSize]); chm->density = EndGetI32(&buf[chmhs1_Density]); chm->depth = EndGetI32(&buf[chmhs1_Depth]); chm->index_root = EndGetI32(&buf[chmhs1_IndexRoot]); chm->num_chunks = EndGetI32(&buf[chmhs1_NumChunks]); chm->first_pmgl = EndGetI32(&buf[chmhs1_FirstPMGL]); chm->last_pmgl = EndGetI32(&buf[chmhs1_LastPMGL]); if (chm->version < 3) { chm->sec0.offset = chm->dir_offset + (chm->chunk_size * chm->num_chunks); } if (chm->sec0.offset > chm->length) { D((""content section begins after file has ended"")) return MSPACK_ERR_DATAFORMAT; } if (chm->chunk_size < (pmgl_Entries + 2)) { D((""chunk size not large enough"")) return MSPACK_ERR_DATAFORMAT; } if (chm->num_chunks == 0) { D((""no chunks"")) return MSPACK_ERR_DATAFORMAT; } if (chm->num_chunks > 100000) { D((""more than 100,000 chunks"")) return MSPACK_ERR_DATAFORMAT; } if ((off_t)chm->chunk_size * (off_t)chm->num_chunks > chm->length) { D((""chunks larger than entire file"")) return MSPACK_ERR_DATAFORMAT; } if ((chm->chunk_size & (chm->chunk_size - 1)) != 0) { sys->message(fh, ""WARNING; chunk size is not a power of two""); } if (chm->first_pmgl != 0) { sys->message(fh, ""WARNING; first PMGL chunk is not zero""); } if (chm->first_pmgl > chm->last_pmgl) { D((""first pmgl chunk is after last pmgl chunk"")) return MSPACK_ERR_DATAFORMAT; } if (chm->index_root != 0xFFFFFFFF && chm->index_root > chm->num_chunks) { D((""index_root outside valid range"")) return MSPACK_ERR_DATAFORMAT; } if (!entire) { return MSPACK_ERR_OK; } if ((x = chm->first_pmgl) != 0) { if (sys->seek(fh,(off_t) (x * chm->chunk_size), MSPACK_SYS_SEEK_CUR)) { return MSPACK_ERR_SEEK; } } num_chunks = chm->last_pmgl - x + 1; if (!(chunk = (unsigned char *) sys->alloc(sys, (size_t)chm->chunk_size))) { return MSPACK_ERR_NOMEMORY; } errors = 0; while (num_chunks--) { if (sys->read(fh, chunk, (int)chm->chunk_size) != (int)chm->chunk_size) { sys->free(chunk); return MSPACK_ERR_READ; } if (EndGetI32(&chunk[pmgl_Signature]) != 0x4C474D50) continue; if (EndGetI32(&chunk[pmgl_QuickRefSize]) < 2) { sys->message(fh, ""WARNING; PMGL quickref area is too small""); } if (EndGetI32(&chunk[pmgl_QuickRefSize]) > ((int)chm->chunk_size - pmgl_Entries)) { sys->message(fh, ""WARNING; PMGL quickref area is too large""); } p = &chunk[pmgl_Entries]; end = &chunk[chm->chunk_size - 2]; num_entries = EndGetI16(end); while (num_entries--) { READ_ENCINT(name_len); if (name_len > (unsigned int) (end - p)) goto chunk_end; name = p; p += name_len; READ_ENCINT(section); READ_ENCINT(offset); READ_ENCINT(length); if ((offset == 0) && (length == 0)) { if ((name_len > 0) && (name[name_len-1] == '/')) continue; } if (section > 1) { sys->message(fh, ""invalid section number '%u'."", section); continue; } if (!(fi = (struct mschmd_file *) sys->alloc(sys, sizeof(struct mschmd_file) + name_len + 1))) { sys->free(chunk); return MSPACK_ERR_NOMEMORY; } fi->next = NULL; fi->filename = (char *) &fi[1]; fi->section = ((section == 0) ? (struct mschmd_section *) (&chm->sec0) : (struct mschmd_section *) (&chm->sec1)); fi->offset = offset; fi->length = length; sys->copy(name, fi->filename, (size_t) name_len); fi->filename[name_len] = '\0'; if (name[0] == ':' && name[1] == ':') { if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) { if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) { chm->sec1.content = fi; } else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) { chm->sec1.control = fi; } else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) { chm->sec1.spaninfo = fi; } else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) { chm->sec1.rtable = fi; } } fi->next = chm->sysfiles; chm->sysfiles = fi; } else { if (link) link->next = fi; else chm->files = fi; link = fi; } } chunk_end: if (num_entries >= 0) { D((""chunk ended before all entries could be read"")) errors++; } } sys->free(chunk); return (errors > 0) ? MSPACK_ERR_DATAFORMAT : MSPACK_ERR_OK; }",visit repo url,libmspack/mspack/chmd.c,https://github.com/kyz/libmspack,244776480139116,1 5547,[],"SYSCALL_DEFINE4(rt_sigtimedwait, const sigset_t __user *, uthese, siginfo_t __user *, uinfo, const struct timespec __user *, uts, size_t, sigsetsize) { int ret, sig; sigset_t these; struct timespec ts; siginfo_t info; long timeout = 0; if (sigsetsize != sizeof(sigset_t)) return -EINVAL; if (copy_from_user(&these, uthese, sizeof(these))) return -EFAULT; sigdelsetmask(&these, sigmask(SIGKILL)|sigmask(SIGSTOP)); signotset(&these); if (uts) { if (copy_from_user(&ts, uts, sizeof(ts))) return -EFAULT; if (ts.tv_nsec >= 1000000000L || ts.tv_nsec < 0 || ts.tv_sec < 0) return -EINVAL; } spin_lock_irq(¤t->sighand->siglock); sig = dequeue_signal(current, &these, &info); if (!sig) { timeout = MAX_SCHEDULE_TIMEOUT; if (uts) timeout = (timespec_to_jiffies(&ts) + (ts.tv_sec || ts.tv_nsec)); if (timeout) { current->real_blocked = current->blocked; sigandsets(¤t->blocked, ¤t->blocked, &these); recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); timeout = schedule_timeout_interruptible(timeout); spin_lock_irq(¤t->sighand->siglock); sig = dequeue_signal(current, &these, &info); current->blocked = current->real_blocked; siginitset(¤t->real_blocked, 0); recalc_sigpending(); } } spin_unlock_irq(¤t->sighand->siglock); if (sig) { ret = sig; if (uinfo) { if (copy_siginfo_to_user(uinfo, &info)) ret = -EFAULT; } } else { ret = -EAGAIN; if (timeout) ret = -EINTR; } return ret; }",linux-2.6,,,216408634968533553853401361814745535885,0 2175,['CWE-400'],"static int shmem_fill_super(struct super_block *sb, void *data, int silent) { struct inode *inode; struct dentry *root; struct shmem_sb_info *sbinfo; int err = -ENOMEM; sbinfo = kmalloc(max((int)sizeof(struct shmem_sb_info), L1_CACHE_BYTES), GFP_KERNEL); if (!sbinfo) return -ENOMEM; sbinfo->max_blocks = 0; sbinfo->max_inodes = 0; sbinfo->mode = S_IRWXUGO | S_ISVTX; sbinfo->uid = current->fsuid; sbinfo->gid = current->fsgid; sbinfo->mpol = NULL; sb->s_fs_info = sbinfo; #ifdef CONFIG_TMPFS if (!(sb->s_flags & MS_NOUSER)) { sbinfo->max_blocks = shmem_default_max_blocks(); sbinfo->max_inodes = shmem_default_max_inodes(); if (shmem_parse_options(data, sbinfo, false)) { err = -EINVAL; goto failed; } } sb->s_export_op = &shmem_export_ops; #else sb->s_flags |= MS_NOUSER; #endif spin_lock_init(&sbinfo->stat_lock); sbinfo->free_blocks = sbinfo->max_blocks; sbinfo->free_inodes = sbinfo->max_inodes; sb->s_maxbytes = SHMEM_MAX_BYTES; sb->s_blocksize = PAGE_CACHE_SIZE; sb->s_blocksize_bits = PAGE_CACHE_SHIFT; sb->s_magic = TMPFS_MAGIC; sb->s_op = &shmem_ops; sb->s_time_gran = 1; #ifdef CONFIG_TMPFS_POSIX_ACL sb->s_xattr = shmem_xattr_handlers; sb->s_flags |= MS_POSIXACL; #endif inode = shmem_get_inode(sb, S_IFDIR | sbinfo->mode, 0); if (!inode) goto failed; inode->i_uid = sbinfo->uid; inode->i_gid = sbinfo->gid; root = d_alloc_root(inode); if (!root) goto failed_iput; sb->s_root = root; return 0; failed_iput: iput(inode); failed: shmem_put_super(sb); return err; }",linux-2.6,,,125726007232427243699085878035413754426,0 17,['CWE-264'],"static long sqlite_handle_doer(pdo_dbh_t *dbh, const char *sql, long sql_len TSRMLS_DC) { pdo_sqlite_db_handle *H = (pdo_sqlite_db_handle *)dbh->driver_data; char *errmsg = NULL; if (sqlite3_exec(H->db, sql, NULL, NULL, &errmsg) != SQLITE_OK) { pdo_sqlite_error(dbh); if (errmsg) sqlite3_free(errmsg); return -1; } else { return sqlite3_changes(H->db); } }",php-src,,,301795336471575172978277545291838582846,0 5722,CWE-119,"void luaD_callnoyield (lua_State *L, StkId func, int nResults) { incXCcalls(L); if (getCcalls(L) <= CSTACKERR) luaE_freeCI(L); luaD_call(L, func, nResults); decXCcalls(L); }",visit repo url,ldo.c,https://github.com/lua/lua,175548306785019,1 542,['CWE-399'],"static int __init usb_pwc_init(void) { int i, sz; char *sizenames[PSZ_MAX] = { ""sqcif"", ""qsif"", ""qcif"", ""sif"", ""cif"", ""vga"" }; PWC_INFO(""Philips webcam module version "" PWC_VERSION "" loaded.\n""); PWC_INFO(""Supports Philips PCA645/646, PCVC675/680/690, PCVC720[40]/730/740/750 & PCVC830/840.\n""); PWC_INFO(""Also supports the Askey VC010, various Logitech Quickcams, Samsung MPC-C10 and MPC-C30,\n""); PWC_INFO(""the Creative WebCam 5 & Pro Ex, SOTEC Afina Eye and Visionite VCS-UC300 and VCS-UM100.\n""); if (fps) { if (fps < 4 || fps > 30) { PWC_ERROR(""Framerate out of bounds (4-30).\n""); return -EINVAL; } default_fps = fps; PWC_DEBUG_MODULE(""Default framerate set to %d.\n"", default_fps); } if (size) { for (sz = 0; sz < PSZ_MAX; sz++) { if (!strcmp(sizenames[sz], size)) { default_size = sz; break; } } if (sz == PSZ_MAX) { PWC_ERROR(""Size not recognized; try size=[sqcif | qsif | qcif | sif | cif | vga].\n""); return -EINVAL; } PWC_DEBUG_MODULE(""Default image size set to %s [%dx%d].\n"", sizenames[default_size], pwc_image_sizes[default_size].x, pwc_image_sizes[default_size].y); } if (mbufs) { if (mbufs < 1 || mbufs > MAX_IMAGES) { PWC_ERROR(""Illegal number of mmap() buffers; use a number between 1 and %d.\n"", MAX_IMAGES); return -EINVAL; } pwc_mbufs = mbufs; PWC_DEBUG_MODULE(""Number of image buffers set to %d.\n"", pwc_mbufs); } if (fbufs) { if (fbufs < 2 || fbufs > MAX_FRAMES) { PWC_ERROR(""Illegal number of frame buffers; use a number between 2 and %d.\n"", MAX_FRAMES); return -EINVAL; } default_fbufs = fbufs; PWC_DEBUG_MODULE(""Number of frame buffers set to %d.\n"", default_fbufs); } #ifdef CONFIG_USB_PWC_DEBUG if (pwc_trace >= 0) { PWC_DEBUG_MODULE(""Trace options: 0x%04x\n"", pwc_trace); } #endif if (compression >= 0) { if (compression > 3) { PWC_ERROR(""Invalid compression setting; use a number between 0 (uncompressed) and 3 (high).\n""); return -EINVAL; } pwc_preferred_compression = compression; PWC_DEBUG_MODULE(""Preferred compression set to %d.\n"", pwc_preferred_compression); } if (power_save) PWC_DEBUG_MODULE(""Enabling power save on open/close.\n""); if (leds[0] >= 0) led_on = leds[0]; if (leds[1] >= 0) led_off = leds[1]; for (i = 0; i < MAX_DEV_HINTS; i++) { char *s, *colon, *dot; device_hint[i].pdev = NULL; s = dev_hint[i]; if (s != NULL && *s != '\0') { device_hint[i].type = -1; strcpy(device_hint[i].serial_number, ""*""); colon = dot = s; while (*colon != '\0' && *colon != ':') colon++; while (*dot != '\0' && *dot != '.') dot++; if (*dot != '\0' && dot > colon) { PWC_ERROR(""Malformed camera hint: the colon must be after the dot.\n""); return -EINVAL; } if (*colon == '\0') { if (*dot != '\0') { PWC_ERROR(""Malformed camera hint: no colon + device node given.\n""); return -EINVAL; } else { device_hint[i].device_node = pwc_atoi(s); } } else { device_hint[i].type = pwc_atoi(s); device_hint[i].device_node = pwc_atoi(colon + 1); if (*dot != '\0') { int k; dot++; k = 0; while (*dot != ':' && k < 29) { device_hint[i].serial_number[k++] = *dot; dot++; } device_hint[i].serial_number[k] = '\0'; } } PWC_TRACE(""device_hint[%d]:\n"", i); PWC_TRACE("" type : %d\n"", device_hint[i].type); PWC_TRACE("" serial# : %s\n"", device_hint[i].serial_number); PWC_TRACE("" node : %d\n"", device_hint[i].device_node); } else device_hint[i].type = 0; } PWC_DEBUG_PROBE(""Registering driver at address 0x%p.\n"", &pwc_driver); return usb_register(&pwc_driver); }",linux-2.6,,,310581144257595570809529030944411843108,0 122,CWE-787,"static int list_devices(struct file *filp, struct dm_ioctl *param, size_t param_size) { unsigned int i; struct hash_cell *hc; size_t len, needed = 0; struct gendisk *disk; struct dm_name_list *orig_nl, *nl, *old_nl = NULL; uint32_t *event_nr; down_write(&_hash_lock); for (i = 0; i < NUM_BUCKETS; i++) { list_for_each_entry (hc, _name_buckets + i, name_list) { needed += align_val(offsetof(struct dm_name_list, name) + strlen(hc->name) + 1); needed += align_val(sizeof(uint32_t)); } } nl = orig_nl = get_result_buffer(param, param_size, &len); if (len < needed) { param->flags |= DM_BUFFER_FULL_FLAG; goto out; } param->data_size = param->data_start + needed; nl->dev = 0; for (i = 0; i < NUM_BUCKETS; i++) { list_for_each_entry (hc, _name_buckets + i, name_list) { if (old_nl) old_nl->next = (uint32_t) ((void *) nl - (void *) old_nl); disk = dm_disk(hc->md); nl->dev = huge_encode_dev(disk_devt(disk)); nl->next = 0; strcpy(nl->name, hc->name); old_nl = nl; event_nr = align_ptr(nl->name + strlen(hc->name) + 1); *event_nr = dm_get_event_nr(hc->md); nl = align_ptr(event_nr + 1); } } BUG_ON((char *)nl - (char *)orig_nl != needed); out: up_write(&_hash_lock); return 0; }",visit repo url,drivers/md/dm-ioctl.c,https://github.com/torvalds/linux,25795660554516,1 6220,['CWE-200'],"static inline int dev_iwstats(struct net_device *dev, struct ifreq *ifr) { struct iw_statistics *stats; stats = get_wireless_stats(dev); if (stats != (struct iw_statistics *) NULL) { struct iwreq * wrq = (struct iwreq *)ifr; if(copy_to_user(wrq->u.data.pointer, stats, sizeof(struct iw_statistics))) return -EFAULT; if(wrq->u.data.flags != 0) stats->qual.updated = 0; return 0; } else return -EOPNOTSUPP; }",linux-2.6,,,134299947308004547034292954178831231876,0 5097,['CWE-20'],"static inline struct vcpu_vmx *to_vmx(struct kvm_vcpu *vcpu) { return container_of(vcpu, struct vcpu_vmx, vcpu); }",linux-2.6,,,196507404385586975847767782776067425611,0 2057,CWE-362,"dotraplinkage void notrace do_int3(struct pt_regs *regs, long error_code) { #ifdef CONFIG_DYNAMIC_FTRACE if (unlikely(atomic_read(&modifying_ftrace_code)) && ftrace_int3_handler(regs)) return; #endif if (poke_int3_handler(regs)) return; ist_enter(regs); RCU_LOCKDEP_WARN(!rcu_is_watching(), ""entry code didn't wake RCU""); #ifdef CONFIG_KGDB_LOW_LEVEL_TRAP if (kgdb_ll_trap(DIE_INT3, ""int3"", regs, error_code, X86_TRAP_BP, SIGTRAP) == NOTIFY_STOP) goto exit; #endif #ifdef CONFIG_KPROBES if (kprobe_int3_handler(regs)) goto exit; #endif if (notify_die(DIE_INT3, ""int3"", regs, error_code, X86_TRAP_BP, SIGTRAP) == NOTIFY_STOP) goto exit; debug_stack_usage_inc(); cond_local_irq_enable(regs); do_trap(X86_TRAP_BP, SIGTRAP, ""int3"", regs, error_code, NULL); cond_local_irq_disable(regs); debug_stack_usage_dec(); exit: ist_exit(regs); }",visit repo url,arch/x86/kernel/traps.c,https://github.com/torvalds/linux,260835780319643,1 445,NVD-CWE-noinfo,"int install_user_keyrings(void) { struct user_struct *user; const struct cred *cred; struct key *uid_keyring, *session_keyring; key_perm_t user_keyring_perm; char buf[20]; int ret; uid_t uid; user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; cred = current_cred(); user = cred->user; uid = from_kuid(cred->user_ns, user->uid); kenter(""%p{%u}"", user, uid); if (user->uid_keyring && user->session_keyring) { kleave("" = 0 [exist]""); return 0; } mutex_lock(&key_user_keyring_mutex); ret = 0; if (!user->uid_keyring) { sprintf(buf, ""_uid.%u"", uid); uid_keyring = find_keyring_by_name(buf, true); if (IS_ERR(uid_keyring)) { uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, cred, user_keyring_perm, KEY_ALLOC_IN_QUOTA, NULL, NULL); if (IS_ERR(uid_keyring)) { ret = PTR_ERR(uid_keyring); goto error; } } sprintf(buf, ""_uid_ses.%u"", uid); session_keyring = find_keyring_by_name(buf, true); if (IS_ERR(session_keyring)) { session_keyring = keyring_alloc(buf, user->uid, INVALID_GID, cred, user_keyring_perm, KEY_ALLOC_IN_QUOTA, NULL, NULL); if (IS_ERR(session_keyring)) { ret = PTR_ERR(session_keyring); goto error_release; } ret = key_link(session_keyring, uid_keyring); if (ret < 0) goto error_release_both; } user->uid_keyring = uid_keyring; user->session_keyring = session_keyring; } mutex_unlock(&key_user_keyring_mutex); kleave("" = 0""); return 0; error_release_both: key_put(session_keyring); error_release: key_put(uid_keyring); error: mutex_unlock(&key_user_keyring_mutex); kleave("" = %d"", ret); return ret; }",visit repo url,security/keys/process_keys.c,https://github.com/torvalds/linux,264811099488725,1 4307,['CWE-264'],"static int unshare_thread(unsigned long unshare_flags) { if (unshare_flags & CLONE_THREAD) return -EINVAL; return 0; }",linux-2.6,,,217053912333619881418754409161199364038,0 5529,CWE-125,"ast2obj_arguments(void* _o) { arguments_ty o = (arguments_ty)_o; PyObject *result = NULL, *value = NULL; if (!o) { Py_INCREF(Py_None); return Py_None; } result = PyType_GenericNew(arguments_type, NULL, NULL); if (!result) return NULL; value = ast2obj_list(o->args, ast2obj_arg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_args, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_arg(o->vararg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_vararg, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->kwonlyargs, ast2obj_arg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_kwonlyargs, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->kw_defaults, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_kw_defaults, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_arg(o->kwarg); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_kwarg, value) == -1) goto failed; Py_DECREF(value); value = ast2obj_list(o->defaults, ast2obj_expr); if (!value) goto failed; if (_PyObject_SetAttrId(result, &PyId_defaults, value) == -1) goto failed; Py_DECREF(value); return result; failed: Py_XDECREF(value); Py_XDECREF(result); return NULL; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,200545467438944,1 5116,['CWE-20'],"static int set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg) { int old_debug = vcpu->guest_debug; unsigned long flags; vcpu->guest_debug = dbg->control; if (!(vcpu->guest_debug & KVM_GUESTDBG_ENABLE)) vcpu->guest_debug = 0; if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) vmcs_writel(GUEST_DR7, dbg->arch.debugreg[7]); else vmcs_writel(GUEST_DR7, vcpu->arch.dr7); flags = vmcs_readl(GUEST_RFLAGS); if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) flags |= X86_EFLAGS_TF | X86_EFLAGS_RF; else if (old_debug & KVM_GUESTDBG_SINGLESTEP) flags &= ~(X86_EFLAGS_TF | X86_EFLAGS_RF); vmcs_writel(GUEST_RFLAGS, flags); update_exception_bitmap(vcpu); return 0; }",linux-2.6,,,319563739339554720922649624278803832917,0 5137,['CWE-20'],"static inline void ept_sync_context(u64 eptp) { if (vm_need_ept()) { if (cpu_has_vmx_invept_context()) __invept(VMX_EPT_EXTENT_CONTEXT, eptp, 0); else ept_sync_global(); } }",linux-2.6,,,259172536148772314557908438090130479635,0 5534,['CWE-20'],"int huft_free(t) struct huft *t; { register struct huft *p, *q; p = t; while (p != (struct huft *)NULL) { q = (--p)->v.t; free((char*)p); p = q; } return 0; }",gzip,,,38770220431050400534867206109329199766,0 2436,CWE-125,"static int ape_decode_frame(AVCodecContext *avctx, void *data, int *got_frame_ptr, AVPacket *avpkt) { AVFrame *frame = data; const uint8_t *buf = avpkt->data; APEContext *s = avctx->priv_data; uint8_t *sample8; int16_t *sample16; int32_t *sample24; int i, ch, ret; int blockstodecode; av_assert0(s->samples >= 0); if(!s->samples){ uint32_t nblocks, offset; int buf_size; if (!avpkt->size) { *got_frame_ptr = 0; return 0; } if (avpkt->size < 8) { av_log(avctx, AV_LOG_ERROR, ""Packet is too small\n""); return AVERROR_INVALIDDATA; } buf_size = avpkt->size & ~3; if (buf_size != avpkt->size) { av_log(avctx, AV_LOG_WARNING, ""packet size is not a multiple of 4. "" ""extra bytes at the end will be skipped.\n""); } if (s->fileversion < 3950) buf_size += 2; av_fast_padded_malloc(&s->data, &s->data_size, buf_size); if (!s->data) return AVERROR(ENOMEM); s->bdsp.bswap_buf((uint32_t *) s->data, (const uint32_t *) buf, buf_size >> 2); memset(s->data + (buf_size & ~3), 0, buf_size & 3); s->ptr = s->data; s->data_end = s->data + buf_size; nblocks = bytestream_get_be32(&s->ptr); offset = bytestream_get_be32(&s->ptr); if (s->fileversion >= 3900) { if (offset > 3) { av_log(avctx, AV_LOG_ERROR, ""Incorrect offset passed\n""); s->data = NULL; return AVERROR_INVALIDDATA; } if (s->data_end - s->ptr < offset) { av_log(avctx, AV_LOG_ERROR, ""Packet is too small\n""); return AVERROR_INVALIDDATA; } s->ptr += offset; } else { if ((ret = init_get_bits8(&s->gb, s->ptr, s->data_end - s->ptr)) < 0) return ret; if (s->fileversion > 3800) skip_bits_long(&s->gb, offset * 8); else skip_bits_long(&s->gb, offset); } if (!nblocks || nblocks > INT_MAX) { av_log(avctx, AV_LOG_ERROR, ""Invalid sample count: %""PRIu32"".\n"", nblocks); return AVERROR_INVALIDDATA; } if (init_frame_decoder(s) < 0) { av_log(avctx, AV_LOG_ERROR, ""Error reading frame header\n""); return AVERROR_INVALIDDATA; } s->samples = nblocks; } if (!s->data) { *got_frame_ptr = 0; return avpkt->size; } blockstodecode = FFMIN(s->blocks_per_loop, s->samples); if (s->fileversion < 3930) blockstodecode = s->samples; av_fast_malloc(&s->decoded_buffer, &s->decoded_size, 2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)); if (!s->decoded_buffer) return AVERROR(ENOMEM); memset(s->decoded_buffer, 0, s->decoded_size); s->decoded[0] = s->decoded_buffer; s->decoded[1] = s->decoded_buffer + FFALIGN(blockstodecode, 8); frame->nb_samples = blockstodecode; if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) return ret; s->error=0; if ((s->channels == 1) || (s->frameflags & APE_FRAMECODE_PSEUDO_STEREO)) ape_unpack_mono(s, blockstodecode); else ape_unpack_stereo(s, blockstodecode); emms_c(); if (s->error) { s->samples=0; av_log(avctx, AV_LOG_ERROR, ""Error decoding frame\n""); return AVERROR_INVALIDDATA; } switch (s->bps) { case 8: for (ch = 0; ch < s->channels; ch++) { sample8 = (uint8_t *)frame->data[ch]; for (i = 0; i < blockstodecode; i++) *sample8++ = (s->decoded[ch][i] + 0x80) & 0xff; } break; case 16: for (ch = 0; ch < s->channels; ch++) { sample16 = (int16_t *)frame->data[ch]; for (i = 0; i < blockstodecode; i++) *sample16++ = s->decoded[ch][i]; } break; case 24: for (ch = 0; ch < s->channels; ch++) { sample24 = (int32_t *)frame->data[ch]; for (i = 0; i < blockstodecode; i++) *sample24++ = s->decoded[ch][i] << 8; } break; } s->samples -= blockstodecode; *got_frame_ptr = 1; return !s->samples ? avpkt->size : 0; }",visit repo url,libavcodec/apedec.c,https://github.com/FFmpeg/FFmpeg,27737280202426,1 6136,CWE-190,"static void ep_mul_glv_imp(ep_t r, const ep_t p, const bn_t k) { int l, l0, l1, i, n0, n1, s0, s1; int8_t naf0[RLC_FP_BITS + 1], naf1[RLC_FP_BITS + 1], *t0, *t1; bn_t n, _k, k0, k1, v1[3], v2[3]; ep_t q, t[1 << (EP_WIDTH - 2)]; bn_null(n); bn_null(_k); bn_null(k0); bn_null(k1); ep_null(q); RLC_TRY { bn_new(n); bn_new(_k); bn_new(k0); bn_new(k1); ep_new(q); for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep_null(t[i]); ep_new(t[i]); } for (i = 0; i < 3; i++) { bn_null(v1[i]); bn_null(v2[i]); bn_new(v1[i]); bn_new(v2[i]); } ep_curve_get_ord(n); ep_curve_get_v1(v1); ep_curve_get_v2(v2); bn_mod(_k, k, n); bn_rec_glv(k0, k1, _k, n, (const bn_t *)v1, (const bn_t *)v2); s0 = bn_sign(k0); s1 = bn_sign(k1); bn_abs(k0, k0); bn_abs(k1, k1); if (s0 == RLC_POS) { ep_tab(t, p, EP_WIDTH); } else { ep_neg(q, p); ep_tab(t, q, EP_WIDTH); } l0 = l1 = RLC_FP_BITS + 1; bn_rec_naf(naf0, &l0, k0, EP_WIDTH); bn_rec_naf(naf1, &l1, k1, EP_WIDTH); l = RLC_MAX(l0, l1); t0 = naf0 + l - 1; t1 = naf1 + l - 1; ep_set_infty(r); for (i = l - 1; i >= 0; i--, t0--, t1--) { ep_dbl(r, r); n0 = *t0; n1 = *t1; if (n0 > 0) { ep_add(r, r, t[n0 / 2]); } if (n0 < 0) { ep_sub(r, r, t[-n0 / 2]); } if (n1 > 0) { ep_psi(q, t[n1 / 2]); if (s0 != s1) { ep_neg(q, q); } ep_add(r, r, q); } if (n1 < 0) { ep_psi(q, t[-n1 / 2]); if (s0 != s1) { ep_neg(q, q); } ep_sub(r, r, q); } } ep_norm(r, r); if (bn_sign(_k) == RLC_NEG) { ep_neg(r, r); } } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(n); bn_free(_k); bn_free(k0); bn_free(k1); bn_free(n) ep_free(q); for (i = 0; i < 1 << (EP_WIDTH - 2); i++) { ep_free(t[i]); } for (i = 0; i < 3; i++) { bn_free(v1[i]); bn_free(v2[i]); } } }",visit repo url,src/ep/relic_ep_mul.c,https://github.com/relic-toolkit/relic,258328674510206,1 1276,[],"m4_traceoff (struct obstack *obs, int argc, token_data **argv) { symbol *s; int i; if (argc == 1) hack_all_symbols (set_trace, NULL); else for (i = 1; i < argc; i++) { s = lookup_symbol (TOKEN_DATA_TEXT (argv[i]), SYMBOL_LOOKUP); if (s != NULL) set_trace (s, NULL); } }",m4,,,83044156747057404489613152030934907251,0 825,['CWE-16'],"static void esp6_destroy(struct xfrm_state *x) { struct esp_data *esp = x->data; if (!esp) return; crypto_free_aead(esp->aead); kfree(esp); }",linux-2.6,,,14916725806328641761664455876843481753,0 2427,['CWE-119'],"static void diff_flush_checkdiff(struct diff_filepair *p, struct diff_options *o) { if (diff_unmodified_pair(p)) return; if ((DIFF_FILE_VALID(p->one) && S_ISDIR(p->one->mode)) || (DIFF_FILE_VALID(p->two) && S_ISDIR(p->two->mode))) return; run_checkdiff(p, o); }",git,,,43566646794586847519954238806220839637,0 2311,['CWE-120'],"int __user_walk(const char __user *name, unsigned flags, struct nameidata *nd) { return __user_walk_fd(AT_FDCWD, name, flags, nd); }",linux-2.6,,,29560330262300912730630904865743305095,0 4664,CWE-476,"s32 gf_avc_parse_nalu(GF_BitStream *bs, AVCState *avc) { u8 idr_flag; s32 slice, ret; u32 nal_hdr; AVCSliceInfo n_state; gf_bs_enable_emulation_byte_removal(bs, GF_TRUE); nal_hdr = gf_bs_read_u8(bs); slice = 0; memcpy(&n_state, &avc->s_info, sizeof(AVCSliceInfo)); avc->last_nal_type_parsed = n_state.nal_unit_type = nal_hdr & 0x1F; n_state.nal_ref_idc = (nal_hdr >> 5) & 0x3; idr_flag = 0; switch (n_state.nal_unit_type) { case GF_AVC_NALU_ACCESS_UNIT: case GF_AVC_NALU_END_OF_SEQ: case GF_AVC_NALU_END_OF_STREAM: ret = 1; break; case GF_AVC_NALU_SVC_SLICE: SVC_ReadNal_header_extension(bs, &n_state.NalHeader); svc_parse_slice(bs, avc, &n_state); if (avc->s_info.nal_ref_idc) { n_state.poc_lsb_prev = avc->s_info.poc_lsb; n_state.poc_msb_prev = avc->s_info.poc_msb; } avc_compute_poc(&n_state); if (avc->s_info.poc != n_state.poc) { memcpy(&avc->s_info, &n_state, sizeof(AVCSliceInfo)); return 1; } memcpy(&avc->s_info, &n_state, sizeof(AVCSliceInfo)); return 0; case GF_AVC_NALU_SVC_PREFIX_NALU: SVC_ReadNal_header_extension(bs, &n_state.NalHeader); return 0; case GF_AVC_NALU_IDR_SLICE: case GF_AVC_NALU_NON_IDR_SLICE: case GF_AVC_NALU_DP_A_SLICE: case GF_AVC_NALU_DP_B_SLICE: case GF_AVC_NALU_DP_C_SLICE: slice = 1; ret = avc_parse_slice(bs, avc, idr_flag, &n_state); if (ret < 0) return ret; ret = 0; if ( ((avc->s_info.nal_unit_type > GF_AVC_NALU_IDR_SLICE) || (avc->s_info.nal_unit_type < GF_AVC_NALU_NON_IDR_SLICE)) && (avc->s_info.nal_unit_type != GF_AVC_NALU_SVC_SLICE) ) { break; } if (avc->s_info.frame_num != n_state.frame_num) { ret = 1; break; } if (avc->s_info.field_pic_flag != n_state.field_pic_flag) { ret = 1; break; } if ((avc->s_info.nal_ref_idc != n_state.nal_ref_idc) && (!avc->s_info.nal_ref_idc || !n_state.nal_ref_idc)) { ret = 1; break; } assert(avc->s_info.sps); if (avc->s_info.sps->poc_type == n_state.sps->poc_type) { if (!avc->s_info.sps->poc_type) { if (!n_state.bottom_field_flag && (avc->s_info.poc_lsb != n_state.poc_lsb)) { ret = 1; break; } if (avc->s_info.delta_poc_bottom != n_state.delta_poc_bottom) { ret = 1; break; } } else if (avc->s_info.sps->poc_type == 1) { if (avc->s_info.delta_poc[0] != n_state.delta_poc[0]) { ret = 1; break; } if (avc->s_info.delta_poc[1] != n_state.delta_poc[1]) { ret = 1; break; } } } if (n_state.nal_unit_type == GF_AVC_NALU_IDR_SLICE) { if (avc->s_info.nal_unit_type != GF_AVC_NALU_IDR_SLICE) { ret = 1; break; } else if (avc->s_info.idr_pic_id != n_state.idr_pic_id) { ret = 1; break; } } break; case GF_AVC_NALU_SEQ_PARAM: avc->last_ps_idx = gf_avc_read_sps_bs_internal(bs, avc, 0, NULL, nal_hdr); if (avc->last_ps_idx < 0) return -1; return 0; case GF_AVC_NALU_PIC_PARAM: avc->last_ps_idx = gf_avc_read_pps_bs_internal(bs, avc, nal_hdr); if (avc->last_ps_idx < 0) return -1; return 0; case GF_AVC_NALU_SVC_SUBSEQ_PARAM: avc->last_ps_idx = gf_avc_read_sps_bs_internal(bs, avc, 1, NULL, nal_hdr); if (avc->last_ps_idx < 0) return -1; return 0; case GF_AVC_NALU_SEQ_PARAM_EXT: avc->last_ps_idx = (s32) gf_bs_read_ue(bs); if (avc->last_ps_idx < 0) return -1; return 0; case GF_AVC_NALU_SEI: case GF_AVC_NALU_FILLER_DATA: return 0; default: if (avc->s_info.nal_unit_type <= GF_AVC_NALU_IDR_SLICE) ret = 1; else if ((nal_hdr & 0x1F) == GF_AVC_NALU_SEI && avc->s_info.nal_unit_type == GF_AVC_NALU_SVC_SLICE) ret = 1; else if ((nal_hdr & 0x1F) == GF_AVC_NALU_SEQ_PARAM && avc->s_info.nal_unit_type == GF_AVC_NALU_SVC_SLICE) ret = 1; else ret = 0; break; } if (ret && avc->s_info.sps) { n_state.frame_num_offset_prev = avc->s_info.frame_num_offset; if ((avc->s_info.sps->poc_type != 2) || (avc->s_info.nal_ref_idc != 0)) n_state.frame_num_prev = avc->s_info.frame_num; if (avc->s_info.nal_ref_idc) { n_state.poc_lsb_prev = avc->s_info.poc_lsb; n_state.poc_msb_prev = avc->s_info.poc_msb; } } if (slice) avc_compute_poc(&n_state); memcpy(&avc->s_info, &n_state, sizeof(AVCSliceInfo)); return ret; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,198136691821781,1 2124,CWE-835,"void print_cfs_stats(struct seq_file *m, int cpu) { struct cfs_rq *cfs_rq, *pos; rcu_read_lock(); for_each_leaf_cfs_rq_safe(cpu_rq(cpu), cfs_rq, pos) print_cfs_rq(m, cpu, cfs_rq); rcu_read_unlock(); }",visit repo url,kernel/sched/fair.c,https://github.com/torvalds/linux,26968218673527,1 3603,['CWE-20'],"sctp_disposition_t sctp_sf_do_5_1E_ca(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; struct sctp_ulpevent *ev; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_chunkhdr_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); sctp_add_cmd_sf(commands, SCTP_CMD_INIT_COUNTER_RESET, SCTP_NULL()); sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_STOP, SCTP_TO(SCTP_EVENT_TIMEOUT_T1_COOKIE)); sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, SCTP_STATE(SCTP_STATE_ESTABLISHED)); SCTP_INC_STATS(SCTP_MIB_CURRESTAB); SCTP_INC_STATS(SCTP_MIB_ACTIVEESTABS); sctp_add_cmd_sf(commands, SCTP_CMD_HB_TIMERS_START, SCTP_NULL()); if (asoc->autoclose) sctp_add_cmd_sf(commands, SCTP_CMD_TIMER_START, SCTP_TO(SCTP_EVENT_TIMEOUT_AUTOCLOSE)); ev = sctp_ulpevent_make_assoc_change(asoc, 0, SCTP_COMM_UP, 0, asoc->c.sinit_num_ostreams, asoc->c.sinit_max_instreams, NULL, GFP_ATOMIC); if (!ev) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev)); if (asoc->peer.adaptation_ind) { ev = sctp_ulpevent_make_adaptation_indication(asoc, GFP_ATOMIC); if (!ev) goto nomem; sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev)); } return SCTP_DISPOSITION_CONSUME; nomem: return SCTP_DISPOSITION_NOMEM; }",linux-2.6,,,224775897007999413409794567260228880929,0 6015,['CWE-200'],"void addrconf_join_solict(struct net_device *dev, struct in6_addr *addr) { struct in6_addr maddr; if (dev->flags&(IFF_LOOPBACK|IFF_NOARP)) return; addrconf_addr_solict_mult(addr, &maddr); ipv6_dev_mc_inc(dev, &maddr); }",linux-2.6,,,156595429835594413885580920725201497173,0 3547,['CWE-20'],"static struct sctp_packet *sctp_ootb_pkt_new(const struct sctp_association *asoc, const struct sctp_chunk *chunk) { struct sctp_packet *packet; struct sctp_transport *transport; __u16 sport; __u16 dport; __u32 vtag; sport = ntohs(chunk->sctp_hdr->dest); dport = ntohs(chunk->sctp_hdr->source); if (asoc) { switch(chunk->chunk_hdr->type) { case SCTP_CID_INIT_ACK: { sctp_initack_chunk_t *initack; initack = (sctp_initack_chunk_t *)chunk->chunk_hdr; vtag = ntohl(initack->init_hdr.init_tag); break; } default: vtag = asoc->peer.i.init_tag; break; } } else { switch(chunk->chunk_hdr->type) { case SCTP_CID_INIT: { sctp_init_chunk_t *init; init = (sctp_init_chunk_t *)chunk->chunk_hdr; vtag = ntohl(init->init_hdr.init_tag); break; } default: vtag = ntohl(chunk->sctp_hdr->vtag); break; } } transport = sctp_transport_new(sctp_source(chunk), GFP_ATOMIC); if (!transport) goto nomem; sctp_transport_route(transport, (union sctp_addr *)&chunk->dest, sctp_sk(sctp_get_ctl_sock())); packet = sctp_packet_init(&transport->packet, transport, sport, dport); packet = sctp_packet_config(packet, vtag, 0); return packet; nomem: return NULL; }",linux-2.6,,,2762106041040032197761757125610008721,0 4324,['CWE-119'],"static void ms_adpcm_reset1 (_AFmoduleinst *i) { ms_adpcm_data *d = (ms_adpcm_data *) i->modspec; AFframecount nextTrackFrame; int framesPerBlock; framesPerBlock = d->framesPerBlock; nextTrackFrame = d->track->nextfframe; d->track->nextfframe = (nextTrackFrame / framesPerBlock) * framesPerBlock; d->framesToIgnore = nextTrackFrame - d->track->nextfframe; }",audiofile,,,2298531852459191091956350795512417862,0 2565,CWE-611,"static const char *cmd_hash_engine(cmd_parms *cmd, void *_dcfg, const char *p1) { directory_config *dcfg = (directory_config *)_dcfg; if (dcfg == NULL) return NULL; if (strcasecmp(p1, ""on"") == 0) { dcfg->hash_is_enabled = HASH_ENABLED; dcfg->hash_enforcement = HASH_ENABLED; } else if (strcasecmp(p1, ""off"") == 0) { dcfg->hash_is_enabled = HASH_DISABLED; dcfg->hash_enforcement = HASH_DISABLED; } else return apr_psprintf(cmd->pool, ""ModSecurity: Invalid value for SecRuleEngine: %s"", p1); return NULL; }",visit repo url,apache2/apache2_config.c,https://github.com/SpiderLabs/ModSecurity,117561221520455,1 813,['CWE-16'],"static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead, struct aead_request *req) { return (void *)ALIGN((unsigned long)(req + 1) + crypto_aead_reqsize(aead), __alignof__(struct scatterlist)); }",linux-2.6,,,45686109726725410109292309471014956728,0 4044,CWE-125,"static Sdb *store_versioninfo_gnu_verneed(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz) { ut8 *end, *need = NULL; const char *section_name = """"; Elf_(Shdr) *link_shdr = NULL; const char *link_section_name = """"; Sdb *sdb_vernaux = NULL; Sdb *sdb_version = NULL; Sdb *sdb = NULL; int i, cnt; if (!bin || !bin->dynstr) { return NULL; } if (shdr->sh_link > bin->ehdr.e_shnum) { return NULL; } if (shdr->sh_size < 1) { return NULL; } sdb = sdb_new0 (); if (!sdb) { return NULL; } link_shdr = &bin->shdr[shdr->sh_link]; if (bin->shstrtab && shdr->sh_name < bin->shstrtab_size) { section_name = &bin->shstrtab[shdr->sh_name]; } if (bin->shstrtab && link_shdr->sh_name < bin->shstrtab_size) { link_section_name = &bin->shstrtab[link_shdr->sh_name]; } if (!(need = (ut8*) calloc (R_MAX (1, shdr->sh_size), sizeof (ut8)))) { bprintf (""Warning: Cannot allocate memory for Elf_(Verneed)\n""); goto beach; } end = need + shdr->sh_size; sdb_set (sdb, ""section_name"", section_name, 0); sdb_num_set (sdb, ""num_entries"", shdr->sh_info, 0); sdb_num_set (sdb, ""addr"", shdr->sh_addr, 0); sdb_num_set (sdb, ""offset"", shdr->sh_offset, 0); sdb_num_set (sdb, ""link"", shdr->sh_link, 0); sdb_set (sdb, ""link_section_name"", link_section_name, 0); if (shdr->sh_offset > bin->size || shdr->sh_offset + shdr->sh_size > bin->size) { goto beach; } if (shdr->sh_offset + shdr->sh_size < shdr->sh_size) { goto beach; } i = r_buf_read_at (bin->b, shdr->sh_offset, need, shdr->sh_size); if (i < 0) goto beach; for (i = 0, cnt = 0; cnt < shdr->sh_info; ++cnt) { int j, isum; ut8 *vstart = need + i; Elf_(Verneed) vvn = {0}; if (vstart + sizeof (Elf_(Verneed)) > end) { goto beach; } Elf_(Verneed) *entry = &vvn; char key[32] = {0}; sdb_version = sdb_new0 (); if (!sdb_version) { goto beach; } j = 0; vvn.vn_version = READ16 (vstart, j) vvn.vn_cnt = READ16 (vstart, j) vvn.vn_file = READ32 (vstart, j) vvn.vn_aux = READ32 (vstart, j) vvn.vn_next = READ32 (vstart, j) sdb_num_set (sdb_version, ""vn_version"", entry->vn_version, 0); sdb_num_set (sdb_version, ""idx"", i, 0); if (entry->vn_file > bin->dynstr_size) { goto beach; } { char *s = r_str_ndup (&bin->dynstr[entry->vn_file], 16); sdb_set (sdb_version, ""file_name"", s, 0); free (s); } sdb_num_set (sdb_version, ""cnt"", entry->vn_cnt, 0); vstart += entry->vn_aux; for (j = 0, isum = i + entry->vn_aux; j < entry->vn_cnt && vstart + sizeof (Elf_(Vernaux)) <= end; ++j) { int k; Elf_(Vernaux) * aux = NULL; Elf_(Vernaux) vaux = {0}; sdb_vernaux = sdb_new0 (); if (!sdb_vernaux) { goto beach; } aux = (Elf_(Vernaux)*)&vaux; k = 0; vaux.vna_hash = READ32 (vstart, k) vaux.vna_flags = READ16 (vstart, k) vaux.vna_other = READ16 (vstart, k) vaux.vna_name = READ32 (vstart, k) vaux.vna_next = READ32 (vstart, k) if (aux->vna_name > bin->dynstr_size) { goto beach; } sdb_num_set (sdb_vernaux, ""idx"", isum, 0); if (aux->vna_name > 0 && aux->vna_name + 8 < bin->dynstr_size) { char name [16]; strncpy (name, &bin->dynstr[aux->vna_name], sizeof (name)-1); name[sizeof(name)-1] = 0; sdb_set (sdb_vernaux, ""name"", name, 0); } sdb_set (sdb_vernaux, ""flags"", get_ver_flags (aux->vna_flags), 0); sdb_num_set (sdb_vernaux, ""version"", aux->vna_other, 0); isum += aux->vna_next; vstart += aux->vna_next; snprintf (key, sizeof (key), ""vernaux%d"", j); sdb_ns_set (sdb_version, key, sdb_vernaux); } if ((int)entry->vn_next < 0) { bprintf (""Invalid vn_next\n""); break; } i += entry->vn_next; snprintf (key, sizeof (key), ""version%d"", cnt ); sdb_ns_set (sdb, key, sdb_version); if (!entry->vn_next) { break; } } free (need); return sdb; beach: free (need); sdb_free (sdb_vernaux); sdb_free (sdb_version); sdb_free (sdb); return NULL; }",visit repo url,libr/bin/format/elf/elf.c,https://github.com/radare/radare2,27007659301149,1 4278,CWE-787,"RCoreSymCacheElement *r_coresym_cache_element_new(RBinFile *bf, RBuffer *buf, ut64 off, int bits, char * file_name) { RCoreSymCacheElement *result = NULL; ut8 *b = NULL; RCoreSymCacheElementHdr *hdr = r_coresym_cache_element_header_new (buf, off, bits); if (!hdr) { return NULL; } if (hdr->version != 1) { eprintf (""Unsupported CoreSymbolication cache version (%d)\n"", hdr->version); goto beach; } if (hdr->size == 0 || hdr->size > r_buf_size (buf) - off) { eprintf (""Corrupted CoreSymbolication header: size out of bounds (0x%x)\n"", hdr->size); goto beach; } result = R_NEW0 (RCoreSymCacheElement); if (!result) { goto beach; } result->hdr = hdr; b = malloc (hdr->size); if (!b) { goto beach; } if (r_buf_read_at (buf, off, b, hdr->size) != hdr->size) { goto beach; } ut8 *end = b + hdr->size; if (file_name) { result->file_name = file_name; } else if (hdr->file_name_off) { result->file_name = str_dup_safe (b, b + (size_t)hdr->file_name_off, end); } if (hdr->version_off) { result->binary_version = str_dup_safe (b, b + (size_t)hdr->version_off, end); } const size_t word_size = bits / 8; const ut64 start_of_sections = (ut64)hdr->n_segments * R_CS_EL_SIZE_SEG + R_CS_EL_OFF_SEGS; const ut64 sect_size = (bits == 32) ? R_CS_EL_SIZE_SECT_32 : R_CS_EL_SIZE_SECT_64; const ut64 start_of_symbols = start_of_sections + (ut64)hdr->n_sections * sect_size; const ut64 start_of_lined_symbols = start_of_symbols + (ut64)hdr->n_symbols * R_CS_EL_SIZE_SYM; const ut64 start_of_line_info = start_of_lined_symbols + (ut64)hdr->n_lined_symbols * R_CS_EL_SIZE_LSYM; const ut64 start_of_unknown_pairs = start_of_line_info + (ut64)hdr->n_line_info * R_CS_EL_SIZE_LINFO; const ut64 start_of_strings = start_of_unknown_pairs + (ut64)hdr->n_symbols * 8; ut64 page_zero_size = 0; size_t page_zero_idx = 0; if (UT32_MUL_OVFCHK (hdr->n_segments, sizeof (RCoreSymCacheElementSegment))) { goto beach; } else if (UT32_MUL_OVFCHK (hdr->n_sections, sizeof (RCoreSymCacheElementSection))) { goto beach; } else if (UT32_MUL_OVFCHK (hdr->n_symbols, sizeof (RCoreSymCacheElementSymbol))) { goto beach; } else if (UT32_MUL_OVFCHK (hdr->n_lined_symbols, sizeof (RCoreSymCacheElementLinedSymbol))) { goto beach; } else if (UT32_MUL_OVFCHK (hdr->n_line_info, sizeof (RCoreSymCacheElementLineInfo))) { goto beach; } if (hdr->n_segments > 0) { result->segments = R_NEWS0 (RCoreSymCacheElementSegment, hdr->n_segments); if (!result->segments) { goto beach; } size_t i; ut8 *cursor = b + R_CS_EL_OFF_SEGS; for (i = 0; i < hdr->n_segments && cursor < end; i++) { RCoreSymCacheElementSegment *seg = &result->segments[i]; seg->paddr = seg->vaddr = r_read_le64 (cursor); cursor += 8; if (cursor >= end) { break; } seg->size = seg->vsize = r_read_le64 (cursor); cursor += 8; if (cursor >= end) { break; } seg->name = str_dup_safe_fixed (b, cursor, 16, end); cursor += 16; if (!seg->name) { continue; } if (!strcmp (seg->name, ""__PAGEZERO"")) { page_zero_size = seg->size; page_zero_idx = i; seg->paddr = seg->vaddr = 0; seg->size = 0; } } for (i = 0; i < hdr->n_segments && page_zero_size > 0; i++) { if (i == page_zero_idx) { continue; } RCoreSymCacheElementSegment *seg = &result->segments[i]; if (seg->vaddr < page_zero_size) { seg->vaddr += page_zero_size; } } } bool relative_to_strings = false; ut8* string_origin; if (hdr->n_sections > 0) { result->sections = R_NEWS0 (RCoreSymCacheElementSection, hdr->n_sections); if (!result->sections) { goto beach; } size_t i; ut8 *cursor = b + start_of_sections; for (i = 0; i < hdr->n_sections && cursor < end; i++) { ut8 *sect_start = cursor; RCoreSymCacheElementSection *sect = &result->sections[i]; sect->vaddr = sect->paddr = r_read_ble (cursor, false, bits); if (sect->vaddr < page_zero_size) { sect->vaddr += page_zero_size; } cursor += word_size; if (cursor >= end) { break; } sect->size = r_read_ble (cursor, false, bits); cursor += word_size; if (cursor >= end) { break; } ut64 sect_name_off = r_read_ble (cursor, false, bits); if (!i && !sect_name_off) { relative_to_strings = true; } cursor += word_size; if (bits == 32) { cursor += word_size; } string_origin = relative_to_strings? b + start_of_strings : sect_start; sect->name = str_dup_safe (b, string_origin + (size_t)sect_name_off, end); } } if (hdr->n_symbols) { result->symbols = R_NEWS0 (RCoreSymCacheElementSymbol, hdr->n_symbols); if (!result->symbols) { goto beach; } size_t i; ut8 *cursor = b + start_of_symbols; for (i = 0; i < hdr->n_symbols && cursor + R_CS_EL_SIZE_SYM <= end; i++) { RCoreSymCacheElementSymbol *sym = &result->symbols[i]; sym->paddr = r_read_le32 (cursor); sym->size = r_read_le32 (cursor + 0x4); sym->unk1 = r_read_le32 (cursor + 0x8); size_t name_off = r_read_le32 (cursor + 0xc); size_t mangled_name_off = r_read_le32 (cursor + 0x10); sym->unk2 = (st32)r_read_le32 (cursor + 0x14); string_origin = relative_to_strings? b + start_of_strings : cursor; sym->name = str_dup_safe (b, string_origin + name_off, end); if (!sym->name) { cursor += R_CS_EL_SIZE_SYM; continue; } string_origin = relative_to_strings? b + start_of_strings : cursor; sym->mangled_name = str_dup_safe (b, string_origin + mangled_name_off, end); if (!sym->mangled_name) { cursor += R_CS_EL_SIZE_SYM; continue; } cursor += R_CS_EL_SIZE_SYM; } } if (hdr->n_lined_symbols) { result->lined_symbols = R_NEWS0 (RCoreSymCacheElementLinedSymbol, hdr->n_lined_symbols); if (!result->lined_symbols) { goto beach; } size_t i; ut8 *cursor = b + start_of_lined_symbols; for (i = 0; i < hdr->n_lined_symbols && cursor + R_CS_EL_SIZE_LSYM <= end; i++) { RCoreSymCacheElementLinedSymbol *lsym = &result->lined_symbols[i]; lsym->sym.paddr = r_read_le32 (cursor); lsym->sym.size = r_read_le32 (cursor + 0x4); lsym->sym.unk1 = r_read_le32 (cursor + 0x8); size_t name_off = r_read_le32 (cursor + 0xc); size_t mangled_name_off = r_read_le32 (cursor + 0x10); lsym->sym.unk2 = (st32)r_read_le32 (cursor + 0x14); size_t file_name_off = r_read_le32 (cursor + 0x18); lsym->flc.line = r_read_le32 (cursor + 0x1c); lsym->flc.col = r_read_le32 (cursor + 0x20); string_origin = relative_to_strings? b + start_of_strings : cursor; lsym->sym.name = str_dup_safe (b, string_origin + name_off, end); if (!lsym->sym.name) { cursor += R_CS_EL_SIZE_LSYM; continue; } string_origin = relative_to_strings? b + start_of_strings : cursor; lsym->sym.mangled_name = str_dup_safe (b, string_origin + mangled_name_off, end); if (!lsym->sym.mangled_name) { cursor += R_CS_EL_SIZE_LSYM; continue; } string_origin = relative_to_strings? b + start_of_strings : cursor; lsym->flc.file = str_dup_safe (b, string_origin + file_name_off, end); if (!lsym->flc.file) { cursor += R_CS_EL_SIZE_LSYM; continue; } cursor += R_CS_EL_SIZE_LSYM; meta_add_fileline (bf, r_coresym_cache_element_pa2va (result, lsym->sym.paddr), lsym->sym.size, &lsym->flc); } } if (hdr->n_line_info) { result->line_info = R_NEWS0 (RCoreSymCacheElementLineInfo, hdr->n_line_info); if (!result->line_info) { goto beach; } size_t i; ut8 *cursor = b + start_of_line_info; for (i = 0; i < hdr->n_line_info && cursor + R_CS_EL_SIZE_LINFO <= end; i++) { RCoreSymCacheElementLineInfo *info = &result->line_info[i]; info->paddr = r_read_le32 (cursor); info->size = r_read_le32 (cursor + 4); size_t file_name_off = r_read_le32 (cursor + 8); info->flc.line = r_read_le32 (cursor + 0xc); info->flc.col = r_read_le32 (cursor + 0x10); string_origin = relative_to_strings? b + start_of_strings : cursor; info->flc.file = str_dup_safe (b, string_origin + file_name_off, end); if (!info->flc.file) { break; } cursor += R_CS_EL_SIZE_LINFO; meta_add_fileline (bf, r_coresym_cache_element_pa2va (result, info->paddr), info->size, &info->flc); } } beach: free (b); return result; }",visit repo url,libr/bin/format/mach0/coresymbolication.c,https://github.com/radareorg/radare2,63470013181313,1 509,[],"static int snd_mem_proc_open(struct inode *inode, struct file *file) { return single_open(file, snd_mem_proc_read, NULL); }",linux-2.6,,,224341499704914158013268196588331732396,0 2125,CWE-189,"static struct bpf_verifier_state *push_stack(struct bpf_verifier_env *env, int insn_idx, int prev_insn_idx) { struct bpf_verifier_state *cur = env->cur_state; struct bpf_verifier_stack_elem *elem; int err; elem = kzalloc(sizeof(struct bpf_verifier_stack_elem), GFP_KERNEL); if (!elem) goto err; elem->insn_idx = insn_idx; elem->prev_insn_idx = prev_insn_idx; elem->next = env->head; env->head = elem; env->stack_size++; err = copy_verifier_state(&elem->st, cur); if (err) goto err; if (env->stack_size > BPF_COMPLEXITY_LIMIT_STACK) { verbose(env, ""BPF program is too complex\n""); goto err; } return &elem->st; err: free_verifier_state(env->cur_state, true); env->cur_state = NULL; while (!pop_stack(env, NULL, NULL)); return NULL; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,166900849186489,1 3344,[],"static inline int nla_total_size(int payload) { return NLA_ALIGN(nla_attr_size(payload)); }",linux-2.6,,,167256115622710120554594147955689827830,0 5005,['CWE-120'],"size_t util_strlcpy(char *dst, const char *src, size_t size) { size_t bytes = 0; char *q = dst; const char *p = src; char ch; while ((ch = *p++)) { if (bytes+1 < size) *q++ = ch; bytes++; } if (size) *q = '\0'; return bytes; }",udev,,,59372724724277103526580946639086123403,0 5292,['CWE-119'],"static int __init tun_init(void) { int ret = 0; printk(KERN_INFO ""tun: %s, %s\n"", DRV_DESCRIPTION, DRV_VERSION); printk(KERN_INFO ""tun: %s\n"", DRV_COPYRIGHT); ret = rtnl_link_register(&tun_link_ops); if (ret) { printk(KERN_ERR ""tun: Can't register link_ops\n""); goto err_linkops; } ret = misc_register(&tun_miscdev); if (ret) { printk(KERN_ERR ""tun: Can't register misc device %d\n"", TUN_MINOR); goto err_misc; } return 0; err_misc: rtnl_link_unregister(&tun_link_ops); err_linkops: return ret; }",linux-2.6,,,338324151442309343496258054186112587470,0 5692,CWE-125,"bgp_capability_vty_out (struct vty *vty, struct peer *peer) { char *pnt; char *end; struct capability cap; pnt = peer->notify.data; end = pnt + peer->notify.length; while (pnt < end) { memcpy(&cap, pnt, sizeof(struct capability)); if (pnt + 2 > end) return; if (pnt + (cap.length + 2) > end) return; if (cap.code == CAPABILITY_CODE_MP) { vty_out (vty, "" Capability error for: Multi protocol ""); switch (ntohs (cap.mpc.afi)) { case AFI_IP: vty_out (vty, ""AFI IPv4, ""); break; case AFI_IP6: vty_out (vty, ""AFI IPv6, ""); break; default: vty_out (vty, ""AFI Unknown %d, "", ntohs (cap.mpc.afi)); break; } switch (cap.mpc.safi) { case SAFI_UNICAST: vty_out (vty, ""SAFI Unicast""); break; case SAFI_MULTICAST: vty_out (vty, ""SAFI Multicast""); break; case SAFI_UNICAST_MULTICAST: vty_out (vty, ""SAFI Unicast Multicast""); break; case BGP_SAFI_VPNV4: vty_out (vty, ""SAFI MPLS-VPN""); break; default: vty_out (vty, ""SAFI Unknown %d "", cap.mpc.safi); break; } vty_out (vty, ""%s"", VTY_NEWLINE); } else if (cap.code >= 128) vty_out (vty, "" Capability error: vendor specific capability code %d"", cap.code); else vty_out (vty, "" Capability error: unknown capability code %d"", cap.code); pnt += cap.length + 2; } }",visit repo url,bgpd/bgp_open.c,https://github.com/FRRouting/frr,162109219469234,1 326,[],"static int fat_readdir(struct file *filp, void *dirent, filldir_t filldir) { struct inode *inode = filp->f_dentry->d_inode; return __fat_readdir(inode, filp, dirent, filldir, 0, 0); }",linux-2.6,,,169818358877457574691790322560551077014,0 213,CWE-476,"static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; struct xfrm_dump_info info; BUILD_BUG_ON(sizeof(struct xfrm_state_walk) > sizeof(cb->args) - sizeof(cb->args[0])); info.in_skb = cb->skb; info.out_skb = skb; info.nlmsg_seq = cb->nlh->nlmsg_seq; info.nlmsg_flags = NLM_F_MULTI; if (!cb->args[0]) { struct nlattr *attrs[XFRMA_MAX+1]; struct xfrm_address_filter *filter = NULL; u8 proto = 0; int err; cb->args[0] = 1; err = nlmsg_parse(cb->nlh, 0, attrs, XFRMA_MAX, xfrma_policy); if (err < 0) return err; if (attrs[XFRMA_ADDRESS_FILTER]) { filter = kmemdup(nla_data(attrs[XFRMA_ADDRESS_FILTER]), sizeof(*filter), GFP_KERNEL); if (filter == NULL) return -ENOMEM; } if (attrs[XFRMA_PROTO]) proto = nla_get_u8(attrs[XFRMA_PROTO]); xfrm_state_walk_init(walk, proto, filter); } (void) xfrm_state_walk(net, walk, dump_one_state, &info); return skb->len; }",visit repo url,net/xfrm/xfrm_user.c,https://github.com/torvalds/linux,257938091100308,1 6735,['CWE-310'],"get_pppoe_secrets_cb (GtkDialog *dialog, gint response, gpointer user_data) { NMPppoeInfo *info = (NMPppoeInfo *) user_data; NMAGConfConnection *gconf_connection; NMSetting *setting; GHashTable *settings_hash; GHashTable *secrets; GError *err = NULL; g_object_weak_unref (G_OBJECT (info->active_connection), destroy_pppoe_dialog, info); if (response != GTK_RESPONSE_OK) { g_set_error (&err, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_SECRETS_REQUEST_CANCELED, ""%s.%d (%s): canceled"", __FILE__, __LINE__, __func__); goto done; } setting = nm_connection_get_setting (info->connection, NM_TYPE_SETTING_PPPOE); pppoe_update_setting (NM_SETTING_PPPOE (setting), info); secrets = nm_setting_to_hash (setting); if (!secrets) { g_set_error (&err, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INTERNAL_ERROR, ""%s.%d (%s): failed to hash setting '%s'."", __FILE__, __LINE__, __func__, nm_setting_get_name (setting)); goto done; } settings_hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_hash_table_destroy); g_hash_table_insert (settings_hash, g_strdup (nm_setting_get_name (setting)), secrets); dbus_g_method_return (info->context, settings_hash); g_hash_table_destroy (settings_hash); gconf_connection = nma_gconf_settings_get_by_connection (info->applet->gconf_settings, info->connection); if (gconf_connection) nma_gconf_connection_save (gconf_connection); done: if (err) { g_warning (""%s"", err->message); dbus_g_method_return_error (info->context, err); g_error_free (err); } nm_connection_clear_secrets (info->connection); destroy_pppoe_dialog (info, NULL); }",network-manager-applet,,,256179064618594969871195079235220509008,0 482,CWE-20,"static int trusted_update(struct key *key, struct key_preparsed_payload *prep) { struct trusted_key_payload *p; struct trusted_key_payload *new_p; struct trusted_key_options *new_o; size_t datalen = prep->datalen; char *datablob; int ret = 0; if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) return -ENOKEY; p = key->payload.data[0]; if (!p->migratable) return -EPERM; if (datalen <= 0 || datalen > 32767 || !prep->data) return -EINVAL; datablob = kmalloc(datalen + 1, GFP_KERNEL); if (!datablob) return -ENOMEM; new_o = trusted_options_alloc(); if (!new_o) { ret = -ENOMEM; goto out; } new_p = trusted_payload_alloc(key); if (!new_p) { ret = -ENOMEM; goto out; } memcpy(datablob, prep->data, datalen); datablob[datalen] = '\0'; ret = datablob_parse(datablob, new_p, new_o); if (ret != Opt_update) { ret = -EINVAL; kzfree(new_p); goto out; } if (!new_o->keyhandle) { ret = -EINVAL; kzfree(new_p); goto out; } new_p->migratable = p->migratable; new_p->key_len = p->key_len; memcpy(new_p->key, p->key, p->key_len); dump_payload(p); dump_payload(new_p); ret = key_seal(new_p, new_o); if (ret < 0) { pr_info(""trusted_key: key_seal failed (%d)\n"", ret); kzfree(new_p); goto out; } if (new_o->pcrlock) { ret = pcrlock(new_o->pcrlock); if (ret < 0) { pr_info(""trusted_key: pcrlock failed (%d)\n"", ret); kzfree(new_p); goto out; } } rcu_assign_keypointer(key, new_p); call_rcu(&p->rcu, trusted_rcu_free); out: kzfree(datablob); kzfree(new_o); return ret; }",visit repo url,security/keys/trusted.c,https://github.com/torvalds/linux,254609754638743,1 704,[],"static int jpc_cox_getcompparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in, int prtflag, jpc_coxcp_t *compparms) { uint_fast8_t tmp; int i; ms = 0; cstate = 0; if (jpc_getuint8(in, &compparms->numdlvls) || jpc_getuint8(in, &compparms->cblkwidthval) || jpc_getuint8(in, &compparms->cblkheightval) || jpc_getuint8(in, &compparms->cblksty) || jpc_getuint8(in, &compparms->qmfbid)) { return -1; } compparms->numrlvls = compparms->numdlvls + 1; if (compparms->numrlvls > JPC_MAXRLVLS) { goto error; } if (prtflag) { for (i = 0; i < compparms->numrlvls; ++i) { if (jpc_getuint8(in, &tmp)) { goto error; } compparms->rlvls[i].parwidthval = tmp & 0xf; compparms->rlvls[i].parheightval = (tmp >> 4) & 0xf; } compparms->csty |= JPC_COX_PRT; } if (jas_stream_eof(in)) { goto error; } return 0; error: if (compparms) { jpc_cox_destroycompparms(compparms); } return -1; }",jasper,,,57268558547175603509913070279617707686,0 2405,NVD-CWE-Other,"int ff_jpeg2000_init_component(Jpeg2000Component *comp, Jpeg2000CodingStyle *codsty, Jpeg2000QuantStyle *qntsty, int cbps, int dx, int dy, AVCodecContext *avctx) { uint8_t log2_band_prec_width, log2_band_prec_height; int reslevelno, bandno, gbandno = 0, ret, i, j; uint32_t csize; if (codsty->nreslevels2decode <= 0) { av_log(avctx, AV_LOG_ERROR, ""nreslevels2decode %d invalid or uninitialized\n"", codsty->nreslevels2decode); return AVERROR_INVALIDDATA; } if (ret = ff_jpeg2000_dwt_init(&comp->dwt, comp->coord, codsty->nreslevels2decode - 1, codsty->transform)) return ret; csize = (comp->coord[0][1] - comp->coord[0][0]) * (comp->coord[1][1] - comp->coord[1][0]); if (codsty->transform == FF_DWT97) { comp->i_data = NULL; comp->f_data = av_malloc_array(csize, sizeof(*comp->f_data)); if (!comp->f_data) return AVERROR(ENOMEM); } else { comp->f_data = NULL; comp->i_data = av_malloc_array(csize, sizeof(*comp->i_data)); if (!comp->i_data) return AVERROR(ENOMEM); } comp->reslevel = av_malloc_array(codsty->nreslevels, sizeof(*comp->reslevel)); if (!comp->reslevel) return AVERROR(ENOMEM); for (reslevelno = 0; reslevelno < codsty->nreslevels; reslevelno++) { int declvl = codsty->nreslevels - reslevelno; Jpeg2000ResLevel *reslevel = comp->reslevel + reslevelno; for (i = 0; i < 2; i++) for (j = 0; j < 2; j++) reslevel->coord[i][j] = ff_jpeg2000_ceildivpow2(comp->coord_o[i][j], declvl - 1); reslevel->log2_prec_width = codsty->log2_prec_widths[reslevelno]; reslevel->log2_prec_height = codsty->log2_prec_heights[reslevelno]; if (reslevelno == 0) reslevel->nbands = 1; else reslevel->nbands = 3; if (reslevel->coord[0][1] == reslevel->coord[0][0]) reslevel->num_precincts_x = 0; else reslevel->num_precincts_x = ff_jpeg2000_ceildivpow2(reslevel->coord[0][1], reslevel->log2_prec_width) - (reslevel->coord[0][0] >> reslevel->log2_prec_width); if (reslevel->coord[1][1] == reslevel->coord[1][0]) reslevel->num_precincts_y = 0; else reslevel->num_precincts_y = ff_jpeg2000_ceildivpow2(reslevel->coord[1][1], reslevel->log2_prec_height) - (reslevel->coord[1][0] >> reslevel->log2_prec_height); reslevel->band = av_malloc_array(reslevel->nbands, sizeof(*reslevel->band)); if (!reslevel->band) return AVERROR(ENOMEM); for (bandno = 0; bandno < reslevel->nbands; bandno++, gbandno++) { Jpeg2000Band *band = reslevel->band + bandno; int cblkno, precno; int nb_precincts; switch (qntsty->quantsty) { uint8_t gain; int numbps; case JPEG2000_QSTY_NONE: band->f_stepsize = 1; break; case JPEG2000_QSTY_SI: numbps = cbps + lut_gain[codsty->transform == FF_DWT53][bandno + (reslevelno > 0)]; band->f_stepsize = SHL(2048 + qntsty->mant[gbandno], 2 + numbps - qntsty->expn[gbandno]); break; case JPEG2000_QSTY_SE: gain = cbps; band->f_stepsize = pow(2.0, gain - qntsty->expn[gbandno]); band->f_stepsize *= qntsty->mant[gbandno] / 2048.0 + 1.0; break; default: band->f_stepsize = 0; av_log(avctx, AV_LOG_ERROR, ""Unknown quantization format\n""); break; } if (!av_codec_is_encoder(avctx->codec)) band->f_stepsize *= 0.5; band->i_stepsize = band->f_stepsize * (1 << 15); if (reslevelno == 0) { for (i = 0; i < 2; i++) for (j = 0; j < 2; j++) band->coord[i][j] = ff_jpeg2000_ceildivpow2(comp->coord_o[i][j] - comp->coord_o[i][0], declvl - 1); log2_band_prec_width = reslevel->log2_prec_width; log2_band_prec_height = reslevel->log2_prec_height; band->log2_cblk_width = FFMIN(codsty->log2_cblk_width, reslevel->log2_prec_width); band->log2_cblk_height = FFMIN(codsty->log2_cblk_height, reslevel->log2_prec_height); } else { for (i = 0; i < 2; i++) for (j = 0; j < 2; j++) band->coord[i][j] = ff_jpeg2000_ceildivpow2(comp->coord_o[i][j] - comp->coord_o[i][0] - (((bandno + 1 >> i) & 1) << declvl - 1), declvl); band->log2_cblk_width = FFMIN(codsty->log2_cblk_width, reslevel->log2_prec_width - 1); band->log2_cblk_height = FFMIN(codsty->log2_cblk_height, reslevel->log2_prec_height - 1); log2_band_prec_width = reslevel->log2_prec_width - 1; log2_band_prec_height = reslevel->log2_prec_height - 1; } for (j = 0; j < 2; j++) band->coord[0][j] = ff_jpeg2000_ceildiv(band->coord[0][j], dx); for (j = 0; j < 2; j++) band->coord[1][j] = ff_jpeg2000_ceildiv(band->coord[1][j], dy); band->prec = av_malloc_array(reslevel->num_precincts_x * (uint64_t)reslevel->num_precincts_y, sizeof(*band->prec)); if (!band->prec) return AVERROR(ENOMEM); nb_precincts = reslevel->num_precincts_x * reslevel->num_precincts_y; for (precno = 0; precno < nb_precincts; precno++) { Jpeg2000Prec *prec = band->prec + precno; prec->coord[0][0] = (precno % reslevel->num_precincts_x) * (1 << log2_band_prec_width); prec->coord[0][0] = FFMAX(prec->coord[0][0], band->coord[0][0]); prec->coord[1][0] = (precno / reslevel->num_precincts_x) * (1 << log2_band_prec_height); prec->coord[1][0] = FFMAX(prec->coord[1][0], band->coord[1][0]); prec->coord[0][1] = prec->coord[0][0] + (1 << log2_band_prec_width); prec->coord[0][1] = FFMIN(prec->coord[0][1], band->coord[0][1]); prec->coord[1][1] = prec->coord[1][0] + (1 << log2_band_prec_height); prec->coord[1][1] = FFMIN(prec->coord[1][1], band->coord[1][1]); prec->nb_codeblocks_width = ff_jpeg2000_ceildivpow2(prec->coord[0][1] - prec->coord[0][0], band->log2_cblk_width); prec->nb_codeblocks_height = ff_jpeg2000_ceildivpow2(prec->coord[1][1] - prec->coord[1][0], band->log2_cblk_height); prec->cblkincl = ff_jpeg2000_tag_tree_init(prec->nb_codeblocks_width, prec->nb_codeblocks_height); if (!prec->cblkincl) return AVERROR(ENOMEM); prec->zerobits = ff_jpeg2000_tag_tree_init(prec->nb_codeblocks_width, prec->nb_codeblocks_height); if (!prec->zerobits) return AVERROR(ENOMEM); prec->cblk = av_mallocz_array(prec->nb_codeblocks_width * (uint64_t)prec->nb_codeblocks_height, sizeof(*prec->cblk)); if (!prec->cblk) return AVERROR(ENOMEM); for (cblkno = 0; cblkno < prec->nb_codeblocks_width * prec->nb_codeblocks_height; cblkno++) { Jpeg2000Cblk *cblk = prec->cblk + cblkno; uint16_t Cx0, Cy0; Cx0 = (prec->coord[0][0] >> band->log2_cblk_width) << band->log2_cblk_width; Cx0 = Cx0 + ((cblkno % prec->nb_codeblocks_width) << band->log2_cblk_width); cblk->coord[0][0] = FFMAX(Cx0, prec->coord[0][0]); Cy0 = (prec->coord[1][0] >> band->log2_cblk_height) << band->log2_cblk_height; Cy0 = Cy0 + ((cblkno / prec->nb_codeblocks_width) << band->log2_cblk_height); cblk->coord[1][0] = FFMAX(Cy0, prec->coord[1][0]); cblk->coord[0][1] = FFMIN(Cx0 + (1 << band->log2_cblk_width), prec->coord[0][1]); cblk->coord[1][1] = FFMIN(Cy0 + (1 << band->log2_cblk_height), prec->coord[1][1]); if ((bandno + !!reslevelno) & 1) { cblk->coord[0][0] += comp->reslevel[reslevelno-1].coord[0][1] - comp->reslevel[reslevelno-1].coord[0][0]; cblk->coord[0][1] += comp->reslevel[reslevelno-1].coord[0][1] - comp->reslevel[reslevelno-1].coord[0][0]; } if ((bandno + !!reslevelno) & 2) { cblk->coord[1][0] += comp->reslevel[reslevelno-1].coord[1][1] - comp->reslevel[reslevelno-1].coord[1][0]; cblk->coord[1][1] += comp->reslevel[reslevelno-1].coord[1][1] - comp->reslevel[reslevelno-1].coord[1][0]; } cblk->zero = 0; cblk->lblock = 3; cblk->length = 0; cblk->lengthinc = 0; cblk->npasses = 0; } } } } return 0; }",visit repo url,libavcodec/jpeg2000.c,https://github.com/FFmpeg/FFmpeg,173823042215559,1 6074,['CWE-200'],"cbq_update_toplevel(struct cbq_sched_data *q, struct cbq_class *cl, struct cbq_class *borrowed) { if (cl && q->toplevel >= borrowed->level) { if (cl->q->q.qlen > 1) { do { if (PSCHED_IS_PASTPERFECT(borrowed->undertime)) { q->toplevel = borrowed->level; return; } } while ((borrowed=borrowed->borrow) != NULL); } #if 0 q->toplevel = TC_CBQ_MAXLEVEL; #endif } }",linux-2.6,,,316548409578838186213988121784754025754,0 5927,CWE-120,"const char *jsi_GetHomeDir(Jsi_Interp *interp) { const char *str = NULL; if (interp->homeDir) return interp->homeDir; #ifdef __WIN32 str = getenv(""USERPROFILE""); #else if ((str = getenv(""HOME"")) == NULL) { struct passwd pwd, *pw; char buf[20000]; if (getpwuid_r(getuid(), &pwd, buf, sizeof(buf), &pw) == 0 && pw->pw_dir) str = pw->pw_dir; } #endif if (!str) { Jsi_LogBug(""no home dir""); str = ""/""; } #ifdef JSI_LITE_ONLY return str; #else return (interp->homeDir = Jsi_KeyAdd(interp, str)); #endif }",visit repo url,src/jsiFilesys.c,https://github.com/pcmacdon/jsish,226476160844561,1 1718,CWE-19,"ext2_xattr_cache_insert(struct buffer_head *bh) { __u32 hash = le32_to_cpu(HDR(bh)->h_hash); struct mb_cache_entry *ce; int error; ce = mb_cache_entry_alloc(ext2_xattr_cache, GFP_NOFS); if (!ce) return -ENOMEM; error = mb_cache_entry_insert(ce, bh->b_bdev, bh->b_blocknr, hash); if (error) { mb_cache_entry_free(ce); if (error == -EBUSY) { ea_bdebug(bh, ""already in cache (%d cache entries)"", atomic_read(&ext2_xattr_cache->c_entry_count)); error = 0; } } else { ea_bdebug(bh, ""inserting [%x] (%d cache entries)"", (int)hash, atomic_read(&ext2_xattr_cache->c_entry_count)); mb_cache_entry_release(ce); } return error; }",visit repo url,fs/ext2/xattr.c,https://github.com/torvalds/linux,248006056132466,1 2419,['CWE-119'],"static int tree_entry_interesting(struct tree_desc *desc, const char *base, int baselen, struct diff_options *opt) { const char *path; const unsigned char *sha1; unsigned mode; int i; int pathlen; int never_interesting = -1; if (!opt->nr_paths) return 1; sha1 = tree_entry_extract(desc, &path, &mode); pathlen = tree_entry_len(path, sha1); for (i = 0; i < opt->nr_paths; i++) { const char *match = opt->paths[i]; int matchlen = opt->pathlens[i]; int m = -1; if (baselen >= matchlen) { if (strncmp(base, match, matchlen)) continue; return 2; } if (strncmp(base, match, baselen)) continue; match += baselen; matchlen -= baselen; if (never_interesting) { m = strncmp(match, path, (matchlen < pathlen) ? matchlen : pathlen); if (m < 0) continue; never_interesting = 0; } if (pathlen > matchlen) continue; if (matchlen > pathlen) { if (match[pathlen] != '/') continue; if (!S_ISDIR(mode)) continue; } if (m == -1) m = strncmp(match, path, pathlen); if (!m) return 1; } return never_interesting; }",git,,,69693860731494761181018615269949232727,0 1259,NVD-CWE-Other,"static __u32 twothirdsMD4Transform(__u32 const buf[4], __u32 const in[12]) { __u32 a = buf[0], b = buf[1], c = buf[2], d = buf[3]; ROUND(F, a, b, c, d, in[ 0] + K1, 3); ROUND(F, d, a, b, c, in[ 1] + K1, 7); ROUND(F, c, d, a, b, in[ 2] + K1, 11); ROUND(F, b, c, d, a, in[ 3] + K1, 19); ROUND(F, a, b, c, d, in[ 4] + K1, 3); ROUND(F, d, a, b, c, in[ 5] + K1, 7); ROUND(F, c, d, a, b, in[ 6] + K1, 11); ROUND(F, b, c, d, a, in[ 7] + K1, 19); ROUND(F, a, b, c, d, in[ 8] + K1, 3); ROUND(F, d, a, b, c, in[ 9] + K1, 7); ROUND(F, c, d, a, b, in[10] + K1, 11); ROUND(F, b, c, d, a, in[11] + K1, 19); ROUND(G, a, b, c, d, in[ 1] + K2, 3); ROUND(G, d, a, b, c, in[ 3] + K2, 5); ROUND(G, c, d, a, b, in[ 5] + K2, 9); ROUND(G, b, c, d, a, in[ 7] + K2, 13); ROUND(G, a, b, c, d, in[ 9] + K2, 3); ROUND(G, d, a, b, c, in[11] + K2, 5); ROUND(G, c, d, a, b, in[ 0] + K2, 9); ROUND(G, b, c, d, a, in[ 2] + K2, 13); ROUND(G, a, b, c, d, in[ 4] + K2, 3); ROUND(G, d, a, b, c, in[ 6] + K2, 5); ROUND(G, c, d, a, b, in[ 8] + K2, 9); ROUND(G, b, c, d, a, in[10] + K2, 13); ROUND(H, a, b, c, d, in[ 3] + K3, 3); ROUND(H, d, a, b, c, in[ 7] + K3, 9); ROUND(H, c, d, a, b, in[11] + K3, 11); ROUND(H, b, c, d, a, in[ 2] + K3, 15); ROUND(H, a, b, c, d, in[ 6] + K3, 3); ROUND(H, d, a, b, c, in[10] + K3, 9); ROUND(H, c, d, a, b, in[ 1] + K3, 11); ROUND(H, b, c, d, a, in[ 5] + K3, 15); ROUND(H, a, b, c, d, in[ 9] + K3, 3); ROUND(H, d, a, b, c, in[ 0] + K3, 9); ROUND(H, c, d, a, b, in[ 4] + K3, 11); ROUND(H, b, c, d, a, in[ 8] + K3, 15); return buf[1] + b; }",visit repo url,drivers/char/random.c,https://github.com/torvalds/linux,247422533997160,1 119,CWE-22,"static void xcopy_pt_undepend_remotedev(struct xcopy_op *xop) { struct se_device *remote_dev; if (xop->op_origin == XCOL_SOURCE_RECV_OP) remote_dev = xop->dst_dev; else remote_dev = xop->src_dev; pr_debug(""Calling configfs_undepend_item for"" "" remote_dev: %p remote_dev->dev_group: %p\n"", remote_dev, &remote_dev->dev_group.cg_item); target_undepend_item(&remote_dev->dev_group.cg_item); }",visit repo url,drivers/target/target_core_xcopy.c,https://github.com/torvalds/linux,60527282978664,1 6401,CWE-20,"void enc624j600UpdateMacConfig(NetInterface *interface) { uint16_t duplexMode; duplexMode = enc624j600ReadReg(interface, ENC624J600_REG_ESTAT) & ESTAT_PHYDPX; if(duplexMode) { enc624j600WriteReg(interface, ENC624J600_REG_MACON2, MACON2_DEFER | MACON2_PADCFG2 | MACON2_PADCFG0 | MACON2_TXCRCEN | MACON2_R1 | MACON2_FULDPX); enc624j600WriteReg(interface, ENC624J600_REG_MABBIPG, 0x15); } else { enc624j600WriteReg(interface, ENC624J600_REG_MACON2, MACON2_DEFER | MACON2_PADCFG2 | MACON2_PADCFG0 | MACON2_TXCRCEN | MACON2_R1); enc624j600WriteReg(interface, ENC624J600_REG_MABBIPG, 0x12); } }",visit repo url,drivers/eth/enc624j600_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,194258175551380,1 667,CWE-20,"static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, struct msghdr *msg, size_t ignored, int flags) { struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct skcipher_ctx *ctx = ask->private; unsigned bs = crypto_ablkcipher_blocksize(crypto_ablkcipher_reqtfm( &ctx->req)); struct skcipher_sg_list *sgl; struct scatterlist *sg; unsigned long iovlen; struct iovec *iov; int err = -EAGAIN; int used; long copied = 0; lock_sock(sk); msg->msg_namelen = 0; for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; iovlen--, iov++) { unsigned long seglen = iov->iov_len; char __user *from = iov->iov_base; while (seglen) { sgl = list_first_entry(&ctx->tsgl, struct skcipher_sg_list, list); sg = sgl->sg; while (!sg->length) sg++; used = ctx->used; if (!used) { err = skcipher_wait_for_data(sk, flags); if (err) goto unlock; } used = min_t(unsigned long, used, seglen); used = af_alg_make_sg(&ctx->rsgl, from, used, 1); err = used; if (err < 0) goto unlock; if (ctx->more || used < ctx->used) used -= used % bs; err = -EINVAL; if (!used) goto free; ablkcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used, ctx->iv); err = af_alg_wait_for_completion( ctx->enc ? crypto_ablkcipher_encrypt(&ctx->req) : crypto_ablkcipher_decrypt(&ctx->req), &ctx->completion); free: af_alg_free_sg(&ctx->rsgl); if (err) goto unlock; copied += used; from += used; seglen -= used; skcipher_pull_sgl(sk, used); } } err = 0; unlock: skcipher_wmem_wakeup(sk); release_sock(sk); return copied ?: err; }",visit repo url,crypto/algif_skcipher.c,https://github.com/torvalds/linux,208261331521689,1 3084,CWE-310,"int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { EVP_MD_CTX ctx; unsigned char *buf_in=NULL; int ret= -1,inl; int mdnid, pknid; if (!pkey) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); return -1; } if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); return -1; } EVP_MD_CTX_init(&ctx); if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } if (mdnid == NID_undef) { if (!pkey->ameth || !pkey->ameth->item_verify) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); if (ret != 2) goto err; ret = -1; } else { const EVP_MD *type; type=EVP_get_digestbynid(mdnid); if (type == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); goto err; } if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); ret=0; goto err; } } inl = ASN1_item_i2d(asn, &buf_in, it); if (buf_in == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } ret = EVP_DigestVerifyUpdate(&ctx,buf_in,inl); OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (!ret) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); goto err; } ret = -1; if (EVP_DigestVerifyFinal(&ctx,signature->data, (size_t)signature->length) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); ret=0; goto err; } ret=1; err: EVP_MD_CTX_cleanup(&ctx); return(ret); }",visit repo url,crypto/asn1/a_verify.c,https://github.com/openssl/openssl,171184763343744,1 253,[],"int fat_get_dotdot_entry(struct inode *dir, struct buffer_head **bh, struct msdos_dir_entry **de, loff_t *i_pos) { loff_t offset; offset = 0; *bh = NULL; while (fat_get_short_entry(dir, &offset, bh, de) >= 0) { if (!strncmp((*de)->name, MSDOS_DOTDOT, MSDOS_NAME)) { *i_pos = fat_make_i_pos(dir->i_sb, *bh, *de); return 0; } } return -ENOENT; }",linux-2.6,,,289847027067771605013863661052508986175,0 4814,['CWE-399'],"inotify_dev_get_event(struct inotify_device *dev) { return list_entry(dev->events.next, struct inotify_kernel_event, list); }",linux-2.6,,,128959172686818430248161039837480906971,0 5128,CWE-125,"mod_ty PyAST_obj2mod(PyObject* ast, PyArena* arena, int mode) { mod_ty res; PyObject *req_type[3]; char *req_name[] = {""Module"", ""Expression"", ""Interactive""}; int isinstance; req_type[0] = (PyObject*)Module_type; req_type[1] = (PyObject*)Expression_type; req_type[2] = (PyObject*)Interactive_type; assert(0 <= mode && mode <= 2); if (!init_types()) return NULL; isinstance = PyObject_IsInstance(ast, req_type[mode]); if (isinstance == -1) return NULL; if (!isinstance) { PyErr_Format(PyExc_TypeError, ""expected %s node, got %.400s"", req_name[mode], Py_TYPE(ast)->tp_name); return NULL; } if (obj2ast_mod(ast, &res, arena) != 0) return NULL; else return res; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,71061683755023,1 2504,['CWE-119'],"static void diff_flush_stat(struct diff_filepair *p, struct diff_options *o, struct diffstat_t *diffstat) { if (diff_unmodified_pair(p)) return; if ((DIFF_FILE_VALID(p->one) && S_ISDIR(p->one->mode)) || (DIFF_FILE_VALID(p->two) && S_ISDIR(p->two->mode))) return; run_diffstat(p, o, diffstat); }",git,,,336420508492357564610334101126166531165,0 4318,['CWE-119'],"_AFmoduleinst _af_ima_adpcm_init_decompress (_Track *track, AFvirtualfile *fh, bool seekok, bool headerless, AFframecount *chunkframes) { _AFmoduleinst ret = _AFnewmodinst(&ima_adpcm_decompress); ima_adpcm_data *d; AUpvlist pv; long l; assert(af_ftell(fh) == track->fpos_first_frame); d = (ima_adpcm_data *) _af_malloc(sizeof (ima_adpcm_data)); d->track = track; d->fh = fh; d->track->frames2ignore = 0; d->track->fpos_next_frame = d->track->fpos_first_frame; pv = d->track->f.compressionParams; if (_af_pv_getlong(pv, _AF_FRAMES_PER_BLOCK, &l)) d->framesPerBlock = l; else _af_error(AF_BAD_CODEC_CONFIG, ""samples per block not set""); if (_af_pv_getlong(pv, _AF_BLOCK_SIZE, &l)) d->blockAlign = l; else _af_error(AF_BAD_CODEC_CONFIG, ""block size not set""); *chunkframes = d->framesPerBlock; ret.modspec = d; return ret; }",audiofile,,,249128523649853734550058313153663169724,0 1631,[],"static void migrate_live_tasks(int src_cpu) { struct task_struct *p, *t; read_lock(&tasklist_lock); do_each_thread(t, p) { if (p == current) continue; if (task_cpu(p) == src_cpu) move_task_off_dead_cpu(src_cpu, p); } while_each_thread(t, p); read_unlock(&tasklist_lock); }",linux-2.6,,,71368597157535371534401528067834002152,0 4465,CWE-476,"jpeg_skip_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines) { my_main_ptr main_ptr = (my_main_ptr)cinfo->main; my_coef_ptr coef = (my_coef_ptr)cinfo->coef; my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; JDIMENSION i, x; int y; JDIMENSION lines_per_iMCU_row, lines_left_in_iMCU_row, lines_after_iMCU_row; JDIMENSION lines_to_skip, lines_to_read; if (cinfo->global_state != DSTATE_SCANNING) ERREXIT1(cinfo, JERR_BAD_STATE, cinfo->global_state); if (cinfo->output_scanline + num_lines >= cinfo->output_height) { cinfo->output_scanline = cinfo->output_height; (*cinfo->inputctl->finish_input_pass) (cinfo); cinfo->inputctl->eoi_reached = TRUE; return cinfo->output_height - cinfo->output_scanline; } if (num_lines == 0) return 0; lines_per_iMCU_row = cinfo->_min_DCT_scaled_size * cinfo->max_v_samp_factor; lines_left_in_iMCU_row = (lines_per_iMCU_row - (cinfo->output_scanline % lines_per_iMCU_row)) % lines_per_iMCU_row; lines_after_iMCU_row = num_lines - lines_left_in_iMCU_row; if (cinfo->upsample->need_context_rows) { if ((num_lines < lines_left_in_iMCU_row + 1) || (lines_left_in_iMCU_row <= 1 && main_ptr->buffer_full && lines_after_iMCU_row < lines_per_iMCU_row + 1)) { read_and_discard_scanlines(cinfo, num_lines); return num_lines; } if (lines_left_in_iMCU_row <= 1 && main_ptr->buffer_full) { cinfo->output_scanline += lines_left_in_iMCU_row + lines_per_iMCU_row; lines_after_iMCU_row -= lines_per_iMCU_row; } else { cinfo->output_scanline += lines_left_in_iMCU_row; } if (main_ptr->iMCU_row_ctr == 0 || (main_ptr->iMCU_row_ctr == 1 && lines_left_in_iMCU_row > 2)) set_wraparound_pointers(cinfo); main_ptr->buffer_full = FALSE; main_ptr->rowgroup_ctr = 0; main_ptr->context_state = CTX_PREPARE_FOR_IMCU; upsample->next_row_out = cinfo->max_v_samp_factor; upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline; } else { if (num_lines < lines_left_in_iMCU_row) { increment_simple_rowgroup_ctr(cinfo, num_lines); return num_lines; } else { cinfo->output_scanline += lines_left_in_iMCU_row; main_ptr->buffer_full = FALSE; main_ptr->rowgroup_ctr = 0; upsample->next_row_out = cinfo->max_v_samp_factor; upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline; } } if (cinfo->upsample->need_context_rows) lines_to_skip = ((lines_after_iMCU_row - 1) / lines_per_iMCU_row) * lines_per_iMCU_row; else lines_to_skip = (lines_after_iMCU_row / lines_per_iMCU_row) * lines_per_iMCU_row; lines_to_read = lines_after_iMCU_row - lines_to_skip; if (cinfo->inputctl->has_multiple_scans) { if (cinfo->upsample->need_context_rows) { cinfo->output_scanline += lines_to_skip; cinfo->output_iMCU_row += lines_to_skip / lines_per_iMCU_row; main_ptr->iMCU_row_ctr += lines_to_skip / lines_per_iMCU_row; read_and_discard_scanlines(cinfo, lines_to_read); } else { cinfo->output_scanline += lines_to_skip; cinfo->output_iMCU_row += lines_to_skip / lines_per_iMCU_row; increment_simple_rowgroup_ctr(cinfo, lines_to_read); } upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline; return num_lines; } for (i = 0; i < lines_to_skip; i += lines_per_iMCU_row) { for (y = 0; y < coef->MCU_rows_per_iMCU_row; y++) { for (x = 0; x < cinfo->MCUs_per_row; x++) { (*cinfo->entropy->decode_mcu) (cinfo, NULL); } } cinfo->input_iMCU_row++; cinfo->output_iMCU_row++; if (cinfo->input_iMCU_row < cinfo->total_iMCU_rows) start_iMCU_row(cinfo); else (*cinfo->inputctl->finish_input_pass) (cinfo); } cinfo->output_scanline += lines_to_skip; if (cinfo->upsample->need_context_rows) { main_ptr->iMCU_row_ctr += lines_to_skip / lines_per_iMCU_row; read_and_discard_scanlines(cinfo, lines_to_read); } else { increment_simple_rowgroup_ctr(cinfo, lines_to_read); } upsample->rows_to_go = cinfo->output_height - cinfo->output_scanline; return num_lines; }",visit repo url,jdapistd.c,https://github.com/libjpeg-turbo/libjpeg-turbo,120151295383761,1 785,CWE-20,"static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags) { int err; struct sk_buff *skb; struct sock *sk = sock->sk; err = -EIO; if (sk->sk_state & PPPOX_BOUND) goto end; msg->msg_namelen = 0; err = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) goto end; if (len > skb->len) len = skb->len; else if (len < skb->len) msg->msg_flags |= MSG_TRUNC; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len); if (likely(err == 0)) err = len; kfree_skb(skb); end: return err; }",visit repo url,net/l2tp/l2tp_ppp.c,https://github.com/torvalds/linux,83283590519134,1 1679,[],"struct task_struct *idle_task(int cpu) { return cpu_rq(cpu)->idle; }",linux-2.6,,,3765484869257489688040264395781939416,0 1614,CWE-264,"static struct dst_entry *inet6_csk_route_socket(struct sock *sk, struct flowi6 *fl6) { struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct in6_addr *final_p, final; struct dst_entry *dst; memset(fl6, 0, sizeof(*fl6)); fl6->flowi6_proto = sk->sk_protocol; fl6->daddr = sk->sk_v6_daddr; fl6->saddr = np->saddr; fl6->flowlabel = np->flow_label; IP6_ECN_flow_xmit(sk, fl6->flowlabel); fl6->flowi6_oif = sk->sk_bound_dev_if; fl6->flowi6_mark = sk->sk_mark; fl6->fl6_sport = inet->inet_sport; fl6->fl6_dport = inet->inet_dport; security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); final_p = fl6_update_dst(fl6, np->opt, &final); dst = __inet6_csk_dst_check(sk, np->dst_cookie); if (!dst) { dst = ip6_dst_lookup_flow(sk, fl6, final_p); if (!IS_ERR(dst)) __inet6_csk_dst_store(sk, dst, NULL, NULL); } return dst; }",visit repo url,net/ipv6/inet6_connection_sock.c,https://github.com/torvalds/linux,149504478028072,1 6647,CWE-125,"static void copy_recurse_data(compiler_common *common, PCRE2_SPTR cc, PCRE2_SPTR ccend, int type, int stackptr, int stacktop, BOOL has_quit) { delayed_mem_copy_status status; PCRE2_SPTR alternative; sljit_sw private_srcw[2]; sljit_sw shared_srcw[3]; sljit_sw kept_shared_srcw[2]; int private_count, shared_count, kept_shared_count; int from_sp, base_reg, offset, i; BOOL setsom_found = FALSE; BOOL setmark_found = FALSE; BOOL capture_last_found = FALSE; BOOL control_head_found = FALSE; #if defined DEBUG_FORCE_CONTROL_HEAD && DEBUG_FORCE_CONTROL_HEAD SLJIT_ASSERT(common->control_head_ptr != 0); control_head_found = TRUE; #endif switch (type) { case recurse_copy_from_global: from_sp = TRUE; base_reg = STACK_TOP; break; case recurse_copy_private_to_global: case recurse_copy_shared_to_global: case recurse_copy_kept_shared_to_global: from_sp = FALSE; base_reg = STACK_TOP; break; default: SLJIT_ASSERT(type == recurse_swap_global); from_sp = FALSE; base_reg = TMP2; break; } stackptr = STACK(stackptr); stacktop = STACK(stacktop); status.tmp_regs[0] = TMP1; status.saved_tmp_regs[0] = TMP1; if (base_reg != TMP2) { status.tmp_regs[1] = TMP2; status.saved_tmp_regs[1] = TMP2; } else { status.saved_tmp_regs[1] = RETURN_ADDR; if (HAS_VIRTUAL_REGISTERS) status.tmp_regs[1] = STR_PTR; else status.tmp_regs[1] = RETURN_ADDR; } status.saved_tmp_regs[2] = TMP3; if (HAS_VIRTUAL_REGISTERS) status.tmp_regs[2] = STR_END; else status.tmp_regs[2] = TMP3; delayed_mem_copy_init(&status, common); if (type != recurse_copy_shared_to_global && type != recurse_copy_kept_shared_to_global) { SLJIT_ASSERT(type == recurse_copy_from_global || type == recurse_copy_private_to_global || type == recurse_swap_global); if (!from_sp) delayed_mem_copy_move(&status, base_reg, stackptr, SLJIT_SP, common->recursive_head_ptr); if (from_sp || type == recurse_swap_global) delayed_mem_copy_move(&status, SLJIT_SP, common->recursive_head_ptr, base_reg, stackptr); } stackptr += sizeof(sljit_sw); #if defined DEBUG_FORCE_CONTROL_HEAD && DEBUG_FORCE_CONTROL_HEAD if (type != recurse_copy_shared_to_global) { if (!from_sp) delayed_mem_copy_move(&status, base_reg, stackptr, SLJIT_SP, common->control_head_ptr); if (from_sp || type == recurse_swap_global) delayed_mem_copy_move(&status, SLJIT_SP, common->control_head_ptr, base_reg, stackptr); } stackptr += sizeof(sljit_sw); #endif while (cc < ccend) { private_count = 0; shared_count = 0; kept_shared_count = 0; switch(*cc) { case OP_SET_SOM: SLJIT_ASSERT(common->has_set_som); if (has_quit && !setsom_found) { kept_shared_srcw[0] = OVECTOR(0); kept_shared_count = 1; setsom_found = TRUE; } cc += 1; break; case OP_RECURSE: if (has_quit) { if (common->has_set_som && !setsom_found) { kept_shared_srcw[0] = OVECTOR(0); kept_shared_count = 1; setsom_found = TRUE; } if (common->mark_ptr != 0 && !setmark_found) { kept_shared_srcw[kept_shared_count] = common->mark_ptr; kept_shared_count++; setmark_found = TRUE; } } if (common->capture_last_ptr != 0 && !capture_last_found) { shared_srcw[0] = common->capture_last_ptr; shared_count = 1; capture_last_found = TRUE; } cc += 1 + LINK_SIZE; break; case OP_KET: if (PRIVATE_DATA(cc) != 0) { private_count = 1; private_srcw[0] = PRIVATE_DATA(cc); SLJIT_ASSERT(PRIVATE_DATA(cc + 1) != 0); cc += PRIVATE_DATA(cc + 1); } cc += 1 + LINK_SIZE; break; case OP_ASSERT: case OP_ASSERT_NOT: case OP_ASSERTBACK: case OP_ASSERTBACK_NOT: case OP_ASSERT_NA: case OP_ASSERTBACK_NA: case OP_ONCE: case OP_SCRIPT_RUN: case OP_BRAPOS: case OP_SBRA: case OP_SBRAPOS: case OP_SCOND: private_count = 1; private_srcw[0] = PRIVATE_DATA(cc); cc += 1 + LINK_SIZE; break; case OP_CBRA: case OP_SCBRA: offset = (GET2(cc, 1 + LINK_SIZE)) << 1; shared_srcw[0] = OVECTOR(offset); shared_srcw[1] = OVECTOR(offset + 1); shared_count = 2; if (common->capture_last_ptr != 0 && !capture_last_found) { shared_srcw[2] = common->capture_last_ptr; shared_count = 3; capture_last_found = TRUE; } if (common->optimized_cbracket[GET2(cc, 1 + LINK_SIZE)] == 0) { private_count = 1; private_srcw[0] = OVECTOR_PRIV(GET2(cc, 1 + LINK_SIZE)); } cc += 1 + LINK_SIZE + IMM2_SIZE; break; case OP_CBRAPOS: case OP_SCBRAPOS: offset = (GET2(cc, 1 + LINK_SIZE)) << 1; shared_srcw[0] = OVECTOR(offset); shared_srcw[1] = OVECTOR(offset + 1); shared_count = 2; if (common->capture_last_ptr != 0 && !capture_last_found) { shared_srcw[2] = common->capture_last_ptr; shared_count = 3; capture_last_found = TRUE; } private_count = 2; private_srcw[0] = PRIVATE_DATA(cc); private_srcw[1] = OVECTOR_PRIV(GET2(cc, 1 + LINK_SIZE)); cc += 1 + LINK_SIZE + IMM2_SIZE; break; case OP_COND: alternative = cc + GET(cc, 1); if (*alternative == OP_KETRMAX || *alternative == OP_KETRMIN) { private_count = 1; private_srcw[0] = PRIVATE_DATA(cc); } cc += 1 + LINK_SIZE; break; CASE_ITERATOR_PRIVATE_DATA_1 if (PRIVATE_DATA(cc)) { private_count = 1; private_srcw[0] = PRIVATE_DATA(cc); } cc += 2; #ifdef SUPPORT_UNICODE if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]); #endif break; CASE_ITERATOR_PRIVATE_DATA_2A if (PRIVATE_DATA(cc)) { private_count = 2; private_srcw[0] = PRIVATE_DATA(cc); private_srcw[1] = PRIVATE_DATA(cc) + sizeof(sljit_sw); } cc += 2; #ifdef SUPPORT_UNICODE if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]); #endif break; CASE_ITERATOR_PRIVATE_DATA_2B if (PRIVATE_DATA(cc)) { private_count = 2; private_srcw[0] = PRIVATE_DATA(cc); private_srcw[1] = PRIVATE_DATA(cc) + sizeof(sljit_sw); } cc += 2 + IMM2_SIZE; #ifdef SUPPORT_UNICODE if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]); #endif break; CASE_ITERATOR_TYPE_PRIVATE_DATA_1 if (PRIVATE_DATA(cc)) { private_count = 1; private_srcw[0] = PRIVATE_DATA(cc); } cc += 1; break; CASE_ITERATOR_TYPE_PRIVATE_DATA_2A if (PRIVATE_DATA(cc)) { private_count = 2; private_srcw[0] = PRIVATE_DATA(cc); private_srcw[1] = private_srcw[0] + sizeof(sljit_sw); } cc += 1; break; CASE_ITERATOR_TYPE_PRIVATE_DATA_2B if (PRIVATE_DATA(cc)) { private_count = 2; private_srcw[0] = PRIVATE_DATA(cc); private_srcw[1] = private_srcw[0] + sizeof(sljit_sw); } cc += 1 + IMM2_SIZE; break; case OP_CLASS: case OP_NCLASS: #if defined SUPPORT_UNICODE || PCRE2_CODE_UNIT_WIDTH != 8 case OP_XCLASS: i = (*cc == OP_XCLASS) ? GET(cc, 1) : 1 + 32 / (int)sizeof(PCRE2_UCHAR); #else i = 1 + 32 / (int)sizeof(PCRE2_UCHAR); #endif if (PRIVATE_DATA(cc) != 0) switch(get_class_iterator_size(cc + i)) { case 1: private_count = 1; private_srcw[0] = PRIVATE_DATA(cc); break; case 2: private_count = 2; private_srcw[0] = PRIVATE_DATA(cc); private_srcw[1] = private_srcw[0] + sizeof(sljit_sw); break; default: SLJIT_UNREACHABLE(); break; } cc += i; break; case OP_MARK: case OP_COMMIT_ARG: case OP_PRUNE_ARG: case OP_THEN_ARG: SLJIT_ASSERT(common->mark_ptr != 0); if (has_quit && !setmark_found) { kept_shared_srcw[0] = common->mark_ptr; kept_shared_count = 1; setmark_found = TRUE; } if (common->control_head_ptr != 0 && !control_head_found) { private_srcw[0] = common->control_head_ptr; private_count = 1; control_head_found = TRUE; } cc += 1 + 2 + cc[1]; break; case OP_THEN: SLJIT_ASSERT(common->control_head_ptr != 0); if (!control_head_found) { private_srcw[0] = common->control_head_ptr; private_count = 1; control_head_found = TRUE; } cc++; break; default: cc = next_opcode(common, cc); SLJIT_ASSERT(cc != NULL); break; } if (type != recurse_copy_shared_to_global && type != recurse_copy_kept_shared_to_global) { SLJIT_ASSERT(type == recurse_copy_from_global || type == recurse_copy_private_to_global || type == recurse_swap_global); for (i = 0; i < private_count; i++) { SLJIT_ASSERT(private_srcw[i] != 0); if (!from_sp) delayed_mem_copy_move(&status, base_reg, stackptr, SLJIT_SP, private_srcw[i]); if (from_sp || type == recurse_swap_global) delayed_mem_copy_move(&status, SLJIT_SP, private_srcw[i], base_reg, stackptr); stackptr += sizeof(sljit_sw); } } else stackptr += sizeof(sljit_sw) * private_count; if (type != recurse_copy_private_to_global && type != recurse_copy_kept_shared_to_global) { SLJIT_ASSERT(type == recurse_copy_from_global || type == recurse_copy_shared_to_global || type == recurse_swap_global); for (i = 0; i < shared_count; i++) { SLJIT_ASSERT(shared_srcw[i] != 0); if (!from_sp) delayed_mem_copy_move(&status, base_reg, stackptr, SLJIT_SP, shared_srcw[i]); if (from_sp || type == recurse_swap_global) delayed_mem_copy_move(&status, SLJIT_SP, shared_srcw[i], base_reg, stackptr); stackptr += sizeof(sljit_sw); } } else stackptr += sizeof(sljit_sw) * shared_count; if (type != recurse_copy_private_to_global && type != recurse_swap_global) { SLJIT_ASSERT(type == recurse_copy_from_global || type == recurse_copy_shared_to_global || type == recurse_copy_kept_shared_to_global); for (i = 0; i < kept_shared_count; i++) { SLJIT_ASSERT(kept_shared_srcw[i] != 0); if (!from_sp) delayed_mem_copy_move(&status, base_reg, stackptr, SLJIT_SP, kept_shared_srcw[i]); if (from_sp || type == recurse_swap_global) delayed_mem_copy_move(&status, SLJIT_SP, kept_shared_srcw[i], base_reg, stackptr); stackptr += sizeof(sljit_sw); } } else stackptr += sizeof(sljit_sw) * kept_shared_count; } SLJIT_ASSERT(cc == ccend && stackptr == stacktop); delayed_mem_copy_finish(&status); }",visit repo url,src/pcre2_jit_compile.c,https://github.com/PCRE2Project/pcre2,158511438979528,1 4551,CWE-252,"static GF_Err dasher_configure_pid(GF_Filter *filter, GF_FilterPid *pid, Bool is_remove) { Bool period_switch = GF_FALSE; const GF_PropertyValue *p, *dsi=NULL; u32 dc_crc, dc_enh_crc; GF_Err e; GF_DashStream *ds; Bool old_period_switch; u32 prev_stream_type; Bool new_period_request = GF_FALSE; const char *cue_file=NULL; s64 old_clamp_dur = 0; GF_DasherCtx *ctx = gf_filter_get_udta(filter); if (is_remove) { ds = gf_filter_pid_get_udta(pid); if (ds) { if (ds->dyn_bitrate) dasher_update_bitrate(ctx, ds); gf_list_del_item(ctx->pids, ds); gf_list_del_item(ctx->current_period->streams, ds); if (ctx->next_period) gf_list_del_item(ctx->next_period->streams, ds); dasher_reset_stream(filter, ds, GF_TRUE); gf_free(ds); } return GF_OK; } ctx->check_connections = GF_TRUE; if (!ctx->opid && !ctx->gencues) { u32 i, nb_opids = ctx->dual ? 2 : 1; for (i=0; i < nb_opids; i++) { char *segext=NULL; char *force_ext=NULL; GF_FilterPid *opid; if (i==0) { ctx->opid = gf_filter_pid_new(filter); gf_filter_pid_set_name(ctx->opid, ""MANIFEST""); opid = ctx->opid; } else { if (!ctx->alt_dst && ctx->out_path) { char szSRC[100]; GF_FileIO *gfio = NULL; char *mpath = ctx->out_path; u32 len; if (!strncmp(mpath, ""gfio://"", 7)) { gfio = gf_fileio_from_url(mpath); if (!gfio) return GF_BAD_PARAM; mpath = (char *) gf_file_basename(gf_fileio_resource_url(gfio)); if (!mpath) return GF_OUT_OF_MEM; } len = (u32) strlen(mpath); char *out_path = gf_malloc(len+10); if (!out_path) return GF_OUT_OF_MEM; memcpy(out_path, mpath, len); out_path[len]=0; char *sep = gf_file_ext_start(out_path); if (sep) sep[0] = 0; if (ctx->do_m3u8) { strcat(out_path, "".mpd""); force_ext = ""mpd""; } else { ctx->opid_alt_m3u8 = GF_TRUE; ctx->do_m3u8 = GF_TRUE; strcat(out_path, "".m3u8""); force_ext = ""m3u8""; } if (gfio) { const char *rel = gf_fileio_factory(gfio, out_path); gf_free(out_path); out_path = gf_strdup(rel); if (!out_path) return GF_OUT_OF_MEM; } ctx->alt_dst = gf_filter_connect_destination(filter, out_path, &e); if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_DASH, (""[Dasher] Couldn't create secondary manifest output %s: %s\n"", out_path, gf_error_to_string(e) )); gf_free(out_path); break; } gf_free(out_path); gf_filter_reset_source(ctx->alt_dst); snprintf(szSRC, 100, ""MuxSrc%cdasher_%p"", gf_filter_get_sep(filter, GF_FS_SEP_NAME), ctx->alt_dst); gf_filter_set_source(ctx->alt_dst, filter, szSRC); ctx->opid_alt = gf_filter_pid_new(filter); gf_filter_pid_set_name(ctx->opid_alt, ""MANIFEST_ALT""); snprintf(szSRC, 100, ""dasher_%p"", ctx->alt_dst); gf_filter_pid_set_property(ctx->opid_alt, GF_PROP_PID_MUX_SRC, &PROP_STRING(szSRC) ); snprintf(szSRC, 100, ""dasher_%p"", ctx); gf_filter_pid_set_property(ctx->opid, GF_PROP_PID_MUX_SRC, &PROP_STRING(szSRC) ); } opid = ctx->opid_alt; } if (!opid) continue; gf_filter_pid_copy_properties(opid, pid); gf_filter_pid_set_property(opid, GF_PROP_PID_DECODER_CONFIG, NULL); gf_filter_pid_set_property(opid, GF_PROP_PID_DECODER_CONFIG_ENHANCEMENT, NULL); gf_filter_pid_set_property(opid, GF_PROP_PID_CODECID, NULL); gf_filter_pid_set_property(opid, GF_PROP_PID_UNFRAMED, NULL); gf_filter_pid_set_property(opid, GF_PROP_PID_STREAM_TYPE, &PROP_UINT(GF_STREAM_FILE) ); gf_filter_pid_set_property(opid, GF_PROP_PID_ORIG_STREAM_TYPE, &PROP_UINT(GF_STREAM_FILE) ); gf_filter_pid_set_property(opid, GF_PROP_PID_IS_MANIFEST, &PROP_BOOL(GF_TRUE)); dasher_check_outpath(ctx); p = gf_filter_pid_caps_query(pid, GF_PROP_PID_FILE_EXT); if (p) { gf_filter_pid_set_property(opid, GF_PROP_PID_FILE_EXT, p ); segext = p->value.string; } else { segext = NULL; if (ctx->out_path) { segext = gf_file_ext_start(ctx->out_path); } else if (ctx->mname) { segext = gf_file_ext_start(ctx->mname); } if (!segext) segext = ""mpd""; else segext++; if (force_ext) segext = force_ext; gf_filter_pid_set_property(opid, GF_PROP_PID_FILE_EXT, &PROP_STRING(segext) ); if (!strcmp(segext, ""m3u8"")) { gf_filter_pid_set_property(opid, GF_PROP_PID_MIME, &PROP_STRING(""video/mpegurl"")); } else if (!strcmp(segext, ""ghi"")) { gf_filter_pid_set_property(opid, GF_PROP_PID_MIME, &PROP_STRING(""application/x-gpac-ghi"")); } else if (!strcmp(segext, ""ghix"")) { gf_filter_pid_set_property(opid, GF_PROP_PID_MIME, &PROP_STRING(""application/x-gpac-ghix"")); } else { gf_filter_pid_set_property(opid, GF_PROP_PID_MIME, &PROP_STRING(""application/dash+xml"")); } } if (!strcmp(segext, ""m3u8"")) { ctx->do_m3u8 = GF_TRUE; gf_filter_pid_set_name(opid, ""manifest_m3u8"" ); } else if (!strcmp(segext, ""ghix"") || !strcmp(segext, ""ghi"")) { ctx->do_index = !strcmp(segext, ""ghix"") ? 2 : 1; ctx->sigfrag = GF_FALSE; ctx->align = ctx->sap = GF_TRUE; ctx->sseg = ctx->sfile = ctx->tpl = GF_FALSE; if (ctx->state) { gf_free(ctx->state); ctx->state = NULL; GF_LOG(GF_LOG_WARNING, GF_LOG_DASH, (""[Dasher] Index generation mode, disabling state\n"" )); } if (!ctx->template) ctx->template = gf_strdup(""$RepresentationID$-$Number$$Init=init$""); gf_filter_pid_set_name(opid, ""dash_index"" ); } else { ctx->do_mpd = GF_TRUE; gf_filter_pid_set_name(opid, ""manifest_mpd"" ); } } ctx->store_seg_states = GF_FALSE; if (((ctx->state || ctx->purge_segments) && !ctx->sseg) || ctx->do_m3u8) ctx->store_seg_states = GF_TRUE; } ds = gf_filter_pid_get_udta(pid); if (!ds) { GF_SAFEALLOC(ds, GF_DashStream); if (!ds) return GF_OUT_OF_MEM; ds->ipid = pid; gf_list_add(ctx->pids, ds); ds->complementary_streams = gf_list_new(); period_switch = GF_TRUE; gf_filter_pid_set_udta(pid, ds); ds->sbound = ctx->sbound; ds->startNumber = 1; if (ctx->sbound!=DASHER_BOUNDS_OUT) ds->packet_queue = gf_list_new(); if (ctx->is_playing) { GF_FilterEvent evt; dasher_send_encode_hints(ctx, ds); GF_FEVT_INIT(evt, GF_FEVT_PLAY, ds->ipid); evt.play.speed = 1.0; gf_filter_pid_send_event(ds->ipid, &evt); } if (ctx->gencues) { ds->opid = gf_filter_pid_new(filter); gf_filter_pid_copy_properties(ds->opid, pid); gf_filter_pid_set_property(ds->opid, GF_PROP_PID_DASH_CUE, &PROP_STRING(""inband"") ); } } gf_filter_pid_set_framing_mode(pid, GF_TRUE); #define CHECK_PROP(_type, _mem, _e) \ p = gf_filter_pid_get_property(pid, _type); \ if (!p && (_e<=0) ) return _e; \ if (p && (p->value.uint != _mem) && _mem) period_switch = GF_TRUE; \ if (p) _mem = p->value.uint; \ #define CHECK_PROPL(_type, _mem, _e) \ p = gf_filter_pid_get_property(pid, _type); \ if (!p && (_e<=0) ) return _e; \ if (p && (p->value.longuint != _mem) && _mem) period_switch = GF_TRUE; \ if (p) _mem = p->value.longuint; \ #define CHECK_PROP_BOOL(_type, _mem, _e) \ p = gf_filter_pid_get_property(pid, _type); \ if (!p && (_e<=0) ) return _e; \ if (p && (p->value.boolean != _mem) && _mem) period_switch = GF_TRUE; \ if (p) _mem = p->value.uint; \ #define CHECK_PROP_FRAC(_type, _mem, _e) \ p = gf_filter_pid_get_property(pid, _type); \ if (!p && (_e<=0) ) return _e; \ if (p && (p->value.frac.num * _mem.den != p->value.frac.den * _mem.num) && _mem.den && _mem.num) period_switch = GF_TRUE; \ if (p) _mem = p->value.frac; \ #define CHECK_PROP_FRAC64(_type, _mem, _e) \ p = gf_filter_pid_get_property(pid, _type); \ if (!p && (_e<=0) ) return _e; \ if (p && (p->value.lfrac.num * _mem.den != p->value.lfrac.den * _mem.num) && _mem.den && _mem.num) period_switch = GF_TRUE; \ if (p) _mem = p->value.lfrac; \ #define CHECK_PROP_STR(_type, _mem, _e) \ p = gf_filter_pid_get_property(pid, _type); \ if (!p && (_e<=0) ) return _e; \ if (p && p->value.string && _mem && strcmp(_mem, p->value.string)) period_switch = GF_TRUE; \ if (p) { \ if (_mem) gf_free(_mem); \ _mem = gf_strdup(p->value.string); \ }\ #define CHECK_PROP_PROP(_type, _mem, _e) \ p = gf_filter_pid_get_property(pid, _type); \ if (!p && (_e<=0) ) return _e; \ if (p != _mem) period_switch = GF_TRUE;\ _mem = p; \ prev_stream_type = ds->stream_type; CHECK_PROP(GF_PROP_PID_STREAM_TYPE, ds->stream_type, GF_NOT_SUPPORTED) if (ctx->sigfrag) { p = gf_filter_pid_get_property_str(pid, ""nofrag""); if (p && p->value.boolean) { p = gf_filter_pid_get_property(pid, GF_PROP_PID_URL); GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[IsoMedia] sigfrag requested but file %s is not fragmented\n"", p->value.string)); return GF_BAD_PARAM; } } ds->tile_base = GF_FALSE; if (ds->stream_type != GF_STREAM_FILE) { u32 prev_bitrate = ds->bitrate; if (ds->stream_type==GF_STREAM_ENCRYPTED) { CHECK_PROP(GF_PROP_PID_ORIG_STREAM_TYPE, ds->stream_type, GF_EOS) ds->is_encrypted = GF_TRUE; } if (prev_stream_type==ds->stream_type) period_switch = GF_FALSE; CHECK_PROP(GF_PROP_PID_BITRATE, ds->bitrate, GF_EOS) if (!ds->bitrate && prev_bitrate) { ds->bitrate = prev_bitrate; period_switch = GF_FALSE; } if (ds->bitrate && period_switch) { if ((ds->bitrate <= 120 * prev_bitrate / 100) && (ds->bitrate >= 80 * prev_bitrate / 100)) { period_switch = GF_FALSE; } } CHECK_PROP(GF_PROP_PID_CODECID, ds->codec_id, GF_NOT_SUPPORTED) CHECK_PROP(GF_PROP_PID_TIMESCALE, ds->timescale, GF_NOT_SUPPORTED) if (ds->stream_type==GF_STREAM_VISUAL) { CHECK_PROP(GF_PROP_PID_WIDTH, ds->width, GF_EOS) CHECK_PROP(GF_PROP_PID_HEIGHT, ds->height, GF_EOS) CHECK_PROP_FRAC(GF_PROP_PID_SAR, ds->sar, GF_EOS) if (!ds->sar.num) ds->sar.num = ds->sar.den = 1; CHECK_PROP_FRAC(GF_PROP_PID_FPS, ds->fps, GF_EOS) p = gf_filter_pid_get_property(pid, GF_PROP_PID_TILE_BASE); if (p) { ds->srd.x = ds->srd.y = 0; ds->srd.z = ds->width; ds->srd.w = ds->height; ds->tile_base = GF_TRUE; } else { p = gf_filter_pid_get_property(pid, GF_PROP_PID_CROP_POS); if (p && ((p->value.vec2i.x != ds->srd.x) || (p->value.vec2i.y != ds->srd.y) ) ) period_switch = GF_TRUE; if (p) { ds->srd.x = p->value.vec2i.x; ds->srd.y = p->value.vec2i.y; ds->srd.z = ds->width; ds->srd.w = ds->height; } else { p = gf_filter_pid_get_property(pid, GF_PROP_PID_SRD); if (p && ( (p->value.vec4i.x != ds->srd.x) || (p->value.vec4i.y != ds->srd.y) || (p->value.vec4i.z != ds->srd.z) || (p->value.vec4i.w != ds->srd.w) ) ) period_switch = GF_TRUE; if (p) { ds->srd.x = p->value.vec4i.x; ds->srd.y = p->value.vec4i.y; ds->srd.z = p->value.vec4i.z; ds->srd.w = p->value.vec4i.w; } } } } else if (ds->stream_type==GF_STREAM_AUDIO) { CHECK_PROP(GF_PROP_PID_SAMPLE_RATE, ds->sr, GF_EOS) CHECK_PROP(GF_PROP_PID_NUM_CHANNELS, ds->nb_ch, GF_EOS) CHECK_PROPL(GF_PROP_PID_CHANNEL_LAYOUT, ds->ch_layout, GF_EOS) } old_period_switch = period_switch; CHECK_PROP(GF_PROP_PID_NB_FRAMES, ds->nb_samples_in_source, GF_EOS) CHECK_PROP_FRAC64(GF_PROP_PID_DURATION, ds->duration, GF_EOS) CHECK_PROP_STR(GF_PROP_PID_URL, ds->src_url, GF_EOS) period_switch = old_period_switch; if (ds->duration.num<0) ds->duration.num = 0; CHECK_PROP(GF_PROP_PID_ID, ds->id, GF_EOS) CHECK_PROP(GF_PROP_PID_DEPENDENCY_ID, ds->dep_id, GF_EOS) p = gf_filter_pid_get_property(pid, GF_PROP_PID_HAS_SYNC); u32 sync_type = DASHER_SYNC_UNKNOWN; if (p) sync_type = p->value.boolean ? DASHER_SYNC_PRESENT : DASHER_SYNC_NONE; if (sync_type != ds->sync_points_type) period_switch = GF_TRUE; ds->sync_points_type = sync_type; if (ds->inband_cues) period_switch = old_period_switch; if (ctx->scope_deps) { const char *src_args = gf_filter_pid_orig_src_args(pid, GF_TRUE); if (src_args) { ds->src_id = gf_crc_32(src_args, (u32) strlen(src_args)); } } if (ctx->pswitch==DASHER_PSWITCH_STSD) { p = gf_filter_pid_get_property(pid, GF_PROP_PID_ISOM_STSD_ALL_TEMPLATES); if (p) { u32 all_stsd_crc = gf_crc_32(p->value.data.ptr, p->value.data.size); if (all_stsd_crc==ds->all_stsd_crc) { ds->dsi_crc = 0; ds->dsi_enh_crc = 0; } else { ds->all_stsd_crc = all_stsd_crc; } } else { ds->all_stsd_crc = 0; } } dc_crc = 0; dsi = p = gf_filter_pid_get_property(pid, GF_PROP_PID_DECODER_CONFIG); if (p && (p->type==GF_PROP_DATA)) dc_crc = gf_crc_32(p->value.data.ptr, p->value.data.size); dc_enh_crc = 0; p = gf_filter_pid_get_property(pid, GF_PROP_PID_DECODER_CONFIG_ENHANCEMENT); if (p && (p->type==GF_PROP_DATA)) dc_enh_crc = gf_crc_32(p->value.data.ptr, p->value.data.size); if (((dc_crc != ds->dsi_crc) && ds->dsi_crc) || ((dc_enh_crc != ds->dsi_enh_crc) && ds->dsi_enh_crc) ) { switch (ds->codec_id) { case GF_CODECID_AVC: case GF_CODECID_SVC: case GF_CODECID_MVC: case GF_CODECID_HEVC: case GF_CODECID_LHVC: if (!ctx->bs_switch) period_switch = GF_TRUE; break; default: period_switch = GF_TRUE; break; } } ds->dcd_not_ready = 0; if (!dc_crc && !dc_enh_crc) { switch (ds->codec_id) { case GF_CODECID_AVC: case GF_CODECID_SVC: case GF_CODECID_MVC: case GF_CODECID_HEVC: case GF_CODECID_LHVC: case GF_CODECID_AAC_MPEG4: case GF_CODECID_AAC_MPEG2_MP: case GF_CODECID_AAC_MPEG2_LCP: case GF_CODECID_AAC_MPEG2_SSRP: case GF_CODECID_USAC: case GF_CODECID_AC3: case GF_CODECID_EAC3: case GF_CODECID_AV1: case GF_CODECID_VP8: case GF_CODECID_VP9: ds->dcd_not_ready = gf_sys_clock(); break; default: break; } } ds->dsi_crc = dc_crc; CHECK_PROP_STR(GF_PROP_PID_TEMPLATE, ds->template, GF_EOS) CHECK_PROP_STR(GF_PROP_PID_LANGUAGE, ds->lang, GF_EOS) CHECK_PROP_BOOL(GF_PROP_PID_INTERLACED, ds->interlaced, GF_EOS) CHECK_PROP_PROP(GF_PROP_PID_AS_COND_DESC, ds->p_as_desc, GF_EOS) CHECK_PROP_PROP(GF_PROP_PID_AS_ANY_DESC, ds->p_as_any_desc, GF_EOS) CHECK_PROP_PROP(GF_PROP_PID_REP_DESC, ds->p_rep_desc, GF_EOS) CHECK_PROP_PROP(GF_PROP_PID_BASE_URL, ds->p_base_url, GF_EOS) CHECK_PROP_PROP(GF_PROP_PID_ROLE, ds->p_role, GF_EOS) CHECK_PROP_STR(GF_PROP_PID_HLS_PLAYLIST, ds->hls_vp_name, GF_EOS) CHECK_PROP_BOOL(GF_PROP_PID_SINGLE_SCALE, ds->sscale, GF_EOS) if (ctx->sigfrag && ctx->tpl && !ctx->template && !ds->template) { GF_LOG(GF_LOG_WARNING, GF_LOG_DASH, (""[Dasher] Warning, manifest generation only mode requested for live-based profile but no template provided, switching to main profile.\n"")); ctx->profile = GF_DASH_PROFILE_MAIN; ctx->tpl = GF_FALSE; dasher_setup_profile(ctx); ctx->sfile = GF_TRUE; } if (ds->rate_first_dts_plus_one) dasher_update_bitrate(ctx, ds); if (!ds->bitrate) { char *tpl = ds->template ? ds->template : ctx->template; if (tpl && strstr(tpl, ""$Bandwidth$"")) { GF_LOG(GF_LOG_ERROR, GF_LOG_DASH, (""[Dasher] No bitrate property assigned to PID %s but template uses $Bandwidth$, cannot initialize !\n\tTry specifying bitrate property after your source, e.g. -i source.raw:#Bitrate=VAL\n"", gf_filter_pid_get_name(ds->ipid))); ctx->in_error = GF_TRUE; return GF_BAD_PARAM; } else { GF_LOG(GF_LOG_INFO, GF_LOG_DASH, (""[Dasher] No bitrate property assigned to PID %s, computing from bitstream\n"", gf_filter_pid_get_name(ds->ipid))); ds->dyn_bitrate = GF_TRUE; ds->rate_first_dts_plus_one = 0; ds->rate_media_size = 0; } } else { ds->dyn_bitrate = GF_FALSE; } if (!ds->src_url) ds->src_url = gf_strdup(""file""); CHECK_PROP(GF_PROP_PID_START_NUMBER, ds->startNumber, GF_EOS) ds->no_seg_dur = ctx->no_seg_dur; dasher_get_dash_dur(ctx, ds); ds->splitable = GF_FALSE; ds->is_av = GF_FALSE; switch (ds->stream_type) { case GF_STREAM_TEXT: case GF_STREAM_METADATA: case GF_STREAM_OD: case GF_STREAM_SCENE: ds->splitable = ctx->split; break; case GF_STREAM_VISUAL: case GF_STREAM_AUDIO: ds->is_av = GF_TRUE; break; } old_clamp_dur = ds->clamped_dur.num; ds->clamped_dur.num = 0; ds->clamped_dur.den = 1; p = gf_filter_pid_get_property(pid, GF_PROP_PID_CLAMP_DUR); if (p && p->value.lfrac.den) ds->clamped_dur = p->value.lfrac; #if !defined(GPAC_DISABLE_AV_PARSERS) if (dsi) { if (ds->codec_id == GF_CODECID_LHVC || ds->codec_id == GF_CODECID_HEVC_TILES || ds->codec_id == GF_CODECID_HEVC) { GF_HEVCConfig* hevccfg = gf_odf_hevc_cfg_read(dsi->value.data.ptr, dsi->value.data.size, GF_FALSE); if (hevccfg) { Bool is_interlaced; HEVCState hevc; HEVC_SPS* sps; memset(&hevc, 0, sizeof(HEVCState)); gf_hevc_parse_ps(hevccfg, &hevc, GF_HEVC_NALU_VID_PARAM); gf_hevc_parse_ps(hevccfg, &hevc, GF_HEVC_NALU_SEQ_PARAM); sps = &hevc.sps[hevc.sps_active_idx]; if (sps && sps->colour_description_present_flag) { DasherHDRType old_hdr_type = ds->hdr_type; if (sps->colour_primaries == 9 && sps->matrix_coeffs == 9) { if (sps->transfer_characteristic == 14) ds->hdr_type = DASHER_HDR_HLG; if (sps->transfer_characteristic == 16) ds->hdr_type = DASHER_HDR_PQ10; } if (old_hdr_type != ds->hdr_type) period_switch = GF_TRUE; } is_interlaced = hevccfg->interlaced_source_flag ? GF_TRUE : GF_FALSE; if (ds->interlaced != is_interlaced) period_switch = GF_TRUE; ds->interlaced = is_interlaced; gf_odf_hevc_cfg_del(hevccfg); } } else if (ds->codec_id == GF_CODECID_AVC || ds->codec_id == GF_CODECID_SVC || ds->codec_id == GF_CODECID_MVC) { AVCState avc; GF_AVCConfig* avccfg = gf_odf_avc_cfg_read(dsi->value.data.ptr, dsi->value.data.size); GF_NALUFFParam *sl = (GF_NALUFFParam *)gf_list_get(avccfg->sequenceParameterSets, 0); if (sl) { s32 idx; memset(&avc, 0, sizeof(AVCState)); idx = gf_avc_read_sps(sl->data, sl->size, &avc, 0, NULL); if (idx>=0) { Bool is_interlaced = avc.sps[idx].frame_mbs_only_flag ? GF_FALSE : GF_TRUE; if (ds->interlaced != is_interlaced) period_switch = GF_TRUE; ds->interlaced = is_interlaced; } } gf_odf_avc_cfg_del(avccfg); } } #endif if (ds->stream_type==GF_STREAM_AUDIO) { u32 _sr=0, _nb_ch=0; #ifndef GPAC_DISABLE_AV_PARSERS switch (ds->codec_id) { case GF_CODECID_AAC_MPEG4: case GF_CODECID_AAC_MPEG2_MP: case GF_CODECID_AAC_MPEG2_LCP: case GF_CODECID_AAC_MPEG2_SSRP: case GF_CODECID_USAC: if ((ctx->profile == GF_DASH_PROFILE_AVC264_LIVE) || (ctx->profile == GF_DASH_PROFILE_AVC264_ONDEMAND) || (ctx->profile == GF_DASH_PROFILE_DASHIF_LL) ) { GF_Err res = dasher_get_audio_info_with_m4a_sbr_ps(ds, dsi, &_sr, &_nb_ch); if (res) { GF_LOG(GF_LOG_ERROR, GF_LOG_DASH, (""[Dasher] Could not get AAC info, %s\n"", gf_error_to_string(res))); } } else if (dsi) { dasher_get_audio_info_with_m4a_sbr_ps(ds, dsi, NULL, &_nb_ch); } break; case GF_CODECID_AC3: case GF_CODECID_EAC3: if (dsi) { GF_AC3Config ac3; gf_odf_ac3_config_parse(dsi->value.data.ptr, dsi->value.data.size, (ds->codec_id==GF_CODECID_EAC3) ? GF_TRUE : GF_FALSE, &ac3); ds->nb_lfe = ac3.streams[0].lfon ? 1 : 0; ds->nb_surround = gf_ac3_get_surround_channels(ac3.streams[0].acmod); ds->atmos_complexity_type = ac3.is_ec3 ? ac3.complexity_index_type : 0; _nb_ch = gf_ac3_get_total_channels(ac3.streams[0].acmod); if (ac3.streams[0].nb_dep_sub) { _nb_ch += gf_eac3_get_chan_loc_count(ac3.streams[0].chan_loc); } if (ds->nb_lfe) _nb_ch++; } break; } #endif if (_sr > ds->sr) ds->sr = _sr; if (_nb_ch > ds->nb_ch) ds->nb_ch = _nb_ch; } ds->pts_minus_cts = 0; p = gf_filter_pid_get_property(ds->ipid, GF_PROP_PID_DELAY); if (p && p->value.longsint) { ds->pts_minus_cts = p->value.longsint; } if (period_switch) { cue_file = ctx->cues; if (!cue_file || strcmp(cue_file, ""none"") ) { p = gf_filter_pid_get_property(pid, GF_PROP_PID_DASH_CUE); if (p) cue_file = p->value.string; } if (ds->cues) gf_free(ds->cues); ds->cues = NULL; ds->nb_cues = 0; ds->inband_cues = GF_FALSE; if (cue_file) { if (!strcmp(cue_file, ""inband"")) { ds->inband_cues = GF_TRUE; if (!ctx->sigfrag) { p = gf_filter_pid_get_property(pid, GF_PROP_PID_DASH_FWD); if (p && p->value.uint) ctx->forward_mode = p->value.uint; } } else if (!strcmp(cue_file, ""idx_all"")) { ds->inband_cues = GF_TRUE; ctx->from_index = IDXMODE_ALL; } else if (!strcmp(cue_file, ""idx_man"")) { ds->inband_cues = GF_TRUE; ctx->from_index = IDXMODE_MANIFEST; } else if (!strcmp(cue_file, ""idx_init"")) { ds->inband_cues = GF_TRUE; ctx->from_index = IDXMODE_INIT; } else if (!strcmp(cue_file, ""idx_child"")) { ds->inband_cues = GF_TRUE; ctx->from_index = IDXMODE_CHILD; } else if (!strcmp(cue_file, ""idx_seg"")) { ds->inband_cues = GF_TRUE; ctx->from_index = IDXMODE_SEG; } else if (strcmp(cue_file, ""none"")) { e = gf_mpd_load_cues(cue_file, ds->id, &ds->cues_timescale, &ds->cues_use_edits, &ds->cues_ts_offset, &ds->cues, &ds->nb_cues); if (e) return e; if (!ds->cues_timescale) ds->cues_timescale = ds->timescale; } if (ctx->from_index==IDXMODE_CHILD) { p = gf_filter_pid_get_property_str(ds->ipid, ""idx_out""); if (p) { if (ds->hls_vp_name) gf_free(ds->hls_vp_name); ds->hls_vp_name = gf_strdup(p->value.string); } } } } } else { p = gf_filter_pid_get_property(pid, GF_PROP_PID_URL); if (!p) p = gf_filter_pid_get_property(pid, GF_PROP_PID_FILEPATH); if (p) return GF_NOT_SUPPORTED; CHECK_PROP_STR(GF_PROP_PID_XLINK, ds->xlink, GF_EOS) } if (ctx->do_index || ctx->from_index) { if (!ds->template && ctx->def_template) { p = gf_filter_pid_get_property_str(ds->ipid, ""idx_template""); if (p) { ds->template = gf_strdup(p->value.string); GF_LOG(GF_LOG_INFO, GF_LOG_DASH, (""[Dasher] Using template from index pass %s\n"", ds->template)); } } char *template = ds->template; if (!ds->template) { if ((ctx->def_template==1) && ctx->do_index) { gf_free(ctx->template); ctx->template = gf_strdup(""$RepresentationID$-$Number$$Init=init$""); ctx->def_template = 2; GF_LOG(GF_LOG_INFO, GF_LOG_DASH, (""[Dasher] No template assigned in index mode, using %s\n"", ctx->template)); } template = ctx->template; } if (dasher_template_use_source_url(template)) { GF_LOG(GF_LOG_ERROR, GF_LOG_DASH, (""[Dasher] Cannot use file-based templates with index mode\n"")); return GF_BAD_PARAM; } } if (!ds->rep && (gf_list_find(ctx->current_period->streams, ds)>=0)) period_switch = GF_FALSE; old_period_switch = period_switch; period_switch = GF_FALSE; CHECK_PROP_STR(GF_PROP_PID_PERIOD_ID, ds->period_id, GF_EOS) CHECK_PROP_PROP(GF_PROP_PID_PERIOD_DESC, ds->p_period_desc, GF_EOS) if (!period_switch && (ctx->pswitch==DASHER_PSWITCH_FORCE)) period_switch = GF_TRUE; if (gf_filter_pid_get_property_str(pid, ""period_switch"")) period_switch = GF_TRUE; p = gf_filter_pid_get_property(pid, GF_PROP_PID_PERIOD_START); if (p) { if (ds->period_start.num * p->value.lfrac.den != p->value.lfrac.num * ds->period_start.den) period_switch = GF_TRUE; ds->period_start = p->value.lfrac; } else { if (ds->period_start.num) period_switch = GF_TRUE; ds->period_start.num = 0; ds->period_start.den = 1000; } assert(ds->period_start.den); if (period_switch) { new_period_request = GF_TRUE; } else { period_switch = old_period_switch; } if (ds->period_continuity_id) gf_free(ds->period_continuity_id); ds->period_continuity_id = NULL; p = gf_filter_pid_get_property_str(ds->ipid, ""period_resume""); if (!ctx->mpd || (gf_list_find(ctx->mpd->periods, ds->last_period)<0)) ds->last_period = NULL; if (p && p->value.string && ds->last_period) { if (!ds->last_period->ID) { if (p->value.string[0]) { ds->last_period->ID = p->value.string; } else { char szPName[50]; sprintf(szPName, ""P%d"", 1 + gf_list_find(ctx->mpd->periods, ds->last_period)); ds->last_period->ID = gf_strdup(szPName); } } if (ds->set && (ds->set->id<0)) { if (!ds->as_id && ds->period && ds->period->period) ds->as_id = gf_list_find(ds->period->period->adaptation_sets, ds->set) + 1; ds->set->id = ds->as_id; } ds->period_continuity_id = gf_strdup(ds->last_period->ID); } ds->last_period = NULL; ds->period_dur.num = 0; ds->period_dur.den = 1; p = gf_filter_pid_get_property(pid, GF_PROP_PID_PERIOD_DUR); if (p) ds->period_dur = p->value.lfrac; p = gf_filter_pid_get_property_str(pid, ""max_seg_dur""); ctx->index_max_seg_dur = p ? p->value.uint : 0; p = gf_filter_pid_get_property_str(pid, ""mpd_duration""); ctx->index_media_duration = p ? p->value.longuint : 0; if (ds->stream_type==GF_STREAM_FILE) { if (!ds->xlink && !ds->period_start.num && !ds->period_dur.num) { ds->done = 1; GF_LOG(GF_LOG_WARNING, GF_LOG_DASH, (""[Dasher] null PID specified without any XLINK/start/duration, ignoring\n"")); } else if (ds->xlink) { ctx->use_xlink = GF_TRUE; } } else { if (ds->xlink) gf_free(ds->xlink); ds->xlink = NULL; CHECK_PROP_STR(GF_PROP_PID_XLINK, ds->xlink, GF_EOS) if (ds->xlink) ctx->use_xlink = GF_TRUE; } if (new_period_request && ds->done && old_clamp_dur) { gf_list_del_item(ctx->next_period->streams, ds); gf_filter_pid_set_discard(ds->ipid, GF_FALSE); if (ds->opid && !ctx->gencues) { gf_filter_pid_discard_block(ds->opid); gf_filter_pid_remove(ds->opid); ds->opid = NULL; } if (ctx->is_eos) { ctx->is_eos = GF_FALSE; gf_filter_pid_discard_block(ctx->opid); if (ctx->opid_alt) gf_filter_pid_discard_block(ctx->opid_alt); } ds->rep_init = GF_FALSE; ds->presentation_time_offset = 0; ds->rep = NULL; ds->set = NULL; ds->period = NULL; ds->done = 0; } if (gf_list_find(ctx->next_period->streams, ds)>=0) period_switch = GF_FALSE; if (!ds->period_id) ds->period_id = gf_strdup(DEFAULT_PERIOD_ID); e = dasher_hls_setup_crypto(ctx, ds); if (e) return e; if (!period_switch) { if (ds->opid) { gf_filter_pid_copy_properties(ds->opid, pid); if (ctx->is_route && ctx->do_m3u8) gf_filter_pid_set_property(ds->opid, GF_PROP_PCK_HLS_REF, &PROP_LONGUINT( ds->hls_ref_id ) ); if (ctx->llhls) gf_filter_pid_set_property(ds->opid, GF_PROP_PID_LLHLS, &PROP_UINT(ctx->llhls) ); if (ctx->gencues) gf_filter_pid_set_property(ds->opid, GF_PROP_PID_DASH_CUE, &PROP_STRING(""inband"") ); } if (ds->rep) dasher_update_rep(ctx, ds); return GF_OK; }",visit repo url,src/filters/dasher.c,https://github.com/gpac/gpac,57499661152590,1 3357,[],"static inline u8 nla_get_u8(struct nlattr *nla) { return *(u8 *) nla_data(nla); }",linux-2.6,,,307510272111858754975910290182699487568,0 6089,CWE-190,"int bn_size_bin(const bn_t a) { dig_t d; int digits; digits = (a->used - 1) * (RLC_DIG / 8); d = a->dp[a->used - 1]; while (d != 0) { d = d >> 8; digits++; } return digits; }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,91582866629723,1 243,CWE-190,"static int vfio_msi_enable(struct vfio_pci_device *vdev, int nvec, bool msix) { struct pci_dev *pdev = vdev->pdev; unsigned int flag = msix ? PCI_IRQ_MSIX : PCI_IRQ_MSI; int ret; if (!is_irq_none(vdev)) return -EINVAL; vdev->ctx = kzalloc(nvec * sizeof(struct vfio_pci_irq_ctx), GFP_KERNEL); if (!vdev->ctx) return -ENOMEM; ret = pci_alloc_irq_vectors(pdev, 1, nvec, flag); if (ret < nvec) { if (ret > 0) pci_free_irq_vectors(pdev); kfree(vdev->ctx); return ret; } vdev->num_ctx = nvec; vdev->irq_type = msix ? VFIO_PCI_MSIX_IRQ_INDEX : VFIO_PCI_MSI_IRQ_INDEX; if (!msix) { vdev->msi_qmax = fls(nvec * 2 - 1) - 1; } return 0; }",visit repo url,drivers/vfio/pci/vfio_pci_intrs.c,https://github.com/torvalds/linux,1788425737561,1 6290,['CWE-200'],"static int neigh_stat_seq_show(struct seq_file *seq, void *v) { struct proc_dir_entry *pde = seq->private; struct neigh_table *tbl = pde->data; struct neigh_statistics *st = v; if (v == SEQ_START_TOKEN) { seq_printf(seq, ""entries allocs destroys hash_grows lookups hits res_failed rcv_probes_mcast rcv_probes_ucast periodic_gc_runs forced_gc_runs\n""); return 0; } seq_printf(seq, ""%08x %08lx %08lx %08lx %08lx %08lx %08lx "" ""%08lx %08lx %08lx %08lx\n"", atomic_read(&tbl->entries), st->allocs, st->destroys, st->hash_grows, st->lookups, st->hits, st->res_failed, st->rcv_probes_mcast, st->rcv_probes_ucast, st->periodic_gc_runs, st->forced_gc_runs ); return 0; }",linux-2.6,,,314743130912990969593307247283223414017,0 1483,[],"cpu_cgroup_destroy(struct cgroup_subsys *ss, struct cgroup *cgrp) { struct task_group *tg = cgroup_tg(cgrp); sched_destroy_group(tg); }",linux-2.6,,,187829518522243205282561908972629488343,0 867,CWE-20,"static int recv_stream(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t buf_len, int flags) { struct sock *sk = sock->sk; struct tipc_port *tport = tipc_sk_port(sk); struct sk_buff *buf; struct tipc_msg *msg; long timeout; unsigned int sz; int sz_to_copy, target, needed; int sz_copied = 0; u32 err; int res = 0; if (unlikely(!buf_len)) return -EINVAL; lock_sock(sk); if (unlikely((sock->state == SS_UNCONNECTED))) { res = -ENOTCONN; goto exit; } m->msg_namelen = 0; target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); restart: while (skb_queue_empty(&sk->sk_receive_queue)) { if (sock->state == SS_DISCONNECTING) { res = -ENOTCONN; goto exit; } if (timeout <= 0L) { res = timeout ? timeout : -EWOULDBLOCK; goto exit; } release_sock(sk); timeout = wait_event_interruptible_timeout(*sk_sleep(sk), tipc_rx_ready(sock), timeout); lock_sock(sk); } buf = skb_peek(&sk->sk_receive_queue); msg = buf_msg(buf); sz = msg_data_sz(msg); err = msg_errcode(msg); if ((!sz) && (!err)) { advance_rx_queue(sk); goto restart; } if (sz_copied == 0) { set_orig_addr(m, msg); res = anc_data_recv(m, msg, tport); if (res) goto exit; } if (!err) { u32 offset = (u32)(unsigned long)(TIPC_SKB_CB(buf)->handle); sz -= offset; needed = (buf_len - sz_copied); sz_to_copy = (sz <= needed) ? sz : needed; res = skb_copy_datagram_iovec(buf, msg_hdr_sz(msg) + offset, m->msg_iov, sz_to_copy); if (res) goto exit; sz_copied += sz_to_copy; if (sz_to_copy < sz) { if (!(flags & MSG_PEEK)) TIPC_SKB_CB(buf)->handle = (void *)(unsigned long)(offset + sz_to_copy); goto exit; } } else { if (sz_copied != 0) goto exit; if ((err == TIPC_CONN_SHUTDOWN) || m->msg_control) res = 0; else res = -ECONNRESET; } if (likely(!(flags & MSG_PEEK))) { if (unlikely(++tport->conn_unacked >= TIPC_FLOW_CONTROL_WIN)) tipc_acknowledge(tport->ref, tport->conn_unacked); advance_rx_queue(sk); } if ((sz_copied < buf_len) && (!skb_queue_empty(&sk->sk_receive_queue) || (sz_copied < target)) && (!(flags & MSG_PEEK)) && (!err)) goto restart; exit: release_sock(sk); return sz_copied ? sz_copied : res; }",visit repo url,net/tipc/socket.c,https://github.com/torvalds/linux,263298236416144,1 3176,['CWE-189'],"static void jas_icctxt_dump(jas_iccattrval_t *attrval, FILE *out) { jas_icctxt_t *txt = &attrval->data.txt; fprintf(out, ""string = \""%s\""\n"", txt->string); }",jasper,,,202209719165089057390924843617507980032,0 6361,[],"void saveVTask (TNEFStruct *tnef, const gchar *tmpdir) { variableLength *vl; variableLength *filename; gint index; gchar *ifilename; gchar *absfilename, *file; gchar *charptr, *charptr2; dtr thedate; FILE *fptr; DWORD *dword_ptr; DWORD dword_val; vl = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_CONVERSATION_TOPIC)); if (vl == MAPI_UNDEFINED) { return; } index = strlen (vl->data); while (vl->data[index] == ' ') vl->data[index--] = 0; file = sanitize_filename (vl->data); if (!file) return; absfilename = g_strconcat (file, "".vcf"", NULL); ifilename = g_build_filename (tmpdir, absfilename, NULL); g_free (file); g_free (absfilename); printf(""%s\n"", ifilename); if ((fptr = fopen(ifilename, ""wb""))==NULL) { printf(""Error writing file to disk!""); } else { fprintf(fptr, ""BEGIN:VCALENDAR\n""); fprintf(fptr, ""VERSION:2.0\n""); fprintf(fptr, ""METHOD:PUBLISH\n""); filename = NULL; fprintf(fptr, ""BEGIN:VTODO\n""); if (tnef->messageID[0] != 0) { fprintf(fptr,""UID:%s\n"", tnef->messageID); } filename = MAPIFindUserProp (&(tnef->MapiProperties), \ PROP_TAG (PT_STRING8, 0x8122)); if (filename != MAPI_UNDEFINED) { fprintf(fptr, ""ORGANIZER:%s\n"", filename->data); } if ((filename = MAPIFindProperty (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, PR_DISPLAY_TO))) != MAPI_UNDEFINED) { filename = MAPIFindUserProp (&(tnef->MapiProperties), PROP_TAG (PT_STRING8, 0x811f)); } if ((filename != MAPI_UNDEFINED) && (filename->size > 1)) { charptr = filename->data-1; while (charptr != NULL) { charptr++; charptr2 = strstr(charptr, "";""); if (charptr2 != NULL) { *charptr2 = 0; } while (*charptr == ' ') charptr++; fprintf(fptr, ""ATTENDEE;CN=%s;ROLE=REQ-PARTICIPANT:%s\n"", charptr, charptr); charptr = charptr2; } } if (tnef->subject.size > 0) { fprintf(fptr,""SUMMARY:""); cstylefprint (fptr,&(tnef->subject)); fprintf(fptr,""\n""); } if (tnef->body.size > 0) { fprintf(fptr,""DESCRIPTION:""); cstylefprint (fptr,&(tnef->body)); fprintf(fptr,""\n""); } filename = MAPIFindProperty (&(tnef->MapiProperties), \ PROP_TAG (PT_SYSTIME, PR_CREATION_TIME)); if (filename != MAPI_UNDEFINED) { fprintf(fptr, ""DTSTAMP:""); MAPISysTimetoDTR ((guchar *) filename->data, &thedate); fprintf(fptr,""%04i%02i%02iT%02i%02i%02iZ\n"", thedate.wYear, thedate.wMonth, thedate.wDay, thedate.wHour, thedate.wMinute, thedate.wSecond); } filename = MAPIFindUserProp (&(tnef->MapiProperties), \ PROP_TAG (PT_SYSTIME, 0x8517)); if (filename != MAPI_UNDEFINED) { fprintf(fptr, ""DUE:""); MAPISysTimetoDTR ((guchar *) filename->data, &thedate); fprintf(fptr,""%04i%02i%02iT%02i%02i%02iZ\n"", thedate.wYear, thedate.wMonth, thedate.wDay, thedate.wHour, thedate.wMinute, thedate.wSecond); } filename = MAPIFindProperty (&(tnef->MapiProperties), \ PROP_TAG (PT_SYSTIME, PR_LAST_MODIFICATION_TIME)); if (filename != MAPI_UNDEFINED) { fprintf(fptr, ""LAST-MODIFIED:""); MAPISysTimetoDTR ((guchar *) filename->data, &thedate); fprintf(fptr,""%04i%02i%02iT%02i%02i%02iZ\n"", thedate.wYear, thedate.wMonth, thedate.wDay, thedate.wHour, thedate.wMinute, thedate.wSecond); } filename = MAPIFindUserProp (&(tnef->MapiProperties), \ PROP_TAG (PT_BOOLEAN, 0x8506)); if (filename != MAPI_UNDEFINED) { dword_ptr = (DWORD*)filename->data; dword_val = SwapDWord ((BYTE*)dword_ptr); fprintf(fptr, ""CLASS:"" ); if (*dword_ptr == 1) { fprintf(fptr,""PRIVATE\n""); } else { fprintf(fptr,""PUBLIC\n""); } } fprintf(fptr, ""END:VTODO\n""); fprintf(fptr, ""END:VCALENDAR\n""); fclose (fptr); } g_free (ifilename); }",evolution,,,262181411604660793594583315060774290576,0 3028,['CWE-189'],"static int jpc_dec_cp_isvalid(jpc_dec_cp_t *cp) { uint_fast16_t compcnt; jpc_dec_ccp_t *ccp; if (!(cp->flags & JPC_CSET) || !(cp->flags & JPC_QSET)) { return 0; } for (compcnt = cp->numcomps, ccp = cp->ccps; compcnt > 0; --compcnt, ++ccp) { if ((ccp->qsty != JPC_QCX_SIQNT && JAS_CAST(int, ccp->numstepsizes) < 3 * ccp->numrlvls - 2) || (ccp->qsty == JPC_QCX_SIQNT && ccp->numstepsizes != 1)) { return 0; } } return 1; }",jasper,,,236525972770524081339854649219122986921,0 115,['CWE-787'],"static void cirrus_linear_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val) { CirrusVGAState *s = (CirrusVGAState *) opaque; addr &= s->cirrus_addr_mask; *(s->vram_ptr + addr) = val; cpu_physical_memory_set_dirty(s->vram_offset + addr); }",qemu,,,130158653459349120418282158180503804786,0 2338,CWE-399,"void serveloop(GArray* servers) { struct sockaddr_storage addrin; socklen_t addrinlen=sizeof(addrin); int i; int max; fd_set mset; fd_set rset; max=0; FD_ZERO(&mset); for(i=0;ilen;i++) { int sock; if((sock=(g_array_index(servers, SERVER, i)).socket) >= 0) { FD_SET(sock, &mset); max=sock>max?sock:max; } } for(i=0;ilen;i++) { int sock = g_array_index(modernsocks, int, i); FD_SET(sock, &mset); max=sock>max?sock:max; } for(;;) { if (is_sighup_caught) { int n; GError *gerror = NULL; msg(LOG_INFO, ""reconfiguration request received""); is_sighup_caught = 0; n = append_new_servers(servers, &gerror); if (n == -1) msg(LOG_ERR, ""failed to append new servers: %s"", gerror->message); for (i = servers->len - n; i < servers->len; ++i) { const SERVER server = g_array_index(servers, SERVER, i); if (server.socket >= 0) { FD_SET(server.socket, &mset); max = server.socket > max ? server.socket : max; } msg(LOG_INFO, ""reconfigured new server: %s"", server.servename); } } memcpy(&rset, &mset, sizeof(fd_set)); if(select(max+1, &rset, NULL, NULL, NULL)>0) { int net; DEBUG(""accept, ""); for(i=0; i < modernsocks->len; i++) { int sock = g_array_index(modernsocks, int, i); if(!FD_ISSET(sock, &rset)) { continue; } CLIENT *client; if((net=accept(sock, (struct sockaddr *) &addrin, &addrinlen)) < 0) { err_nonfatal(""accept: %m""); continue; } client = negotiate(net, NULL, servers, NEG_INIT | NEG_MODERN); if(!client) { close(net); continue; } handle_connection(servers, net, client->server, client); } for(i=0; i < servers->len; i++) { SERVER *serve; serve=&(g_array_index(servers, SERVER, i)); if(serve->socket < 0) { continue; } if(FD_ISSET(serve->socket, &rset)) { if ((net=accept(serve->socket, (struct sockaddr *) &addrin, &addrinlen)) < 0) { err_nonfatal(""accept: %m""); continue; } handle_connection(servers, net, serve, NULL); } } } } }",visit repo url,nbd-server.c,https://github.com/yoe/nbd,13740449532002,1 1417,CWE-310,"static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_cipher rcipher; snprintf(rcipher.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""cipher""); rcipher.blocksize = alg->cra_blocksize; rcipher.min_keysize = alg->cra_cipher.cia_min_keysize; rcipher.max_keysize = alg->cra_cipher.cia_max_keysize; if (nla_put(skb, CRYPTOCFGA_REPORT_CIPHER, sizeof(struct crypto_report_cipher), &rcipher)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/crypto_user.c,https://github.com/torvalds/linux,281170485397244,1 975,['CWE-189'],"miShmPutImage(dst, pGC, depth, format, w, h, sx, sy, sw, sh, dx, dy, data) DrawablePtr dst; GCPtr pGC; int depth, w, h, sx, sy, sw, sh, dx, dy; unsigned int format; char *data; { PixmapPtr pmap; GCPtr putGC; putGC = GetScratchGC(depth, dst->pScreen); if (!putGC) return; pmap = (*dst->pScreen->CreatePixmap)(dst->pScreen, sw, sh, depth, CREATE_PIXMAP_USAGE_SCRATCH); if (!pmap) { FreeScratchGC(putGC); return; } ValidateGC((DrawablePtr)pmap, putGC); (*putGC->ops->PutImage)((DrawablePtr)pmap, putGC, depth, -sx, -sy, w, h, 0, (format == XYPixmap) ? XYPixmap : ZPixmap, data); FreeScratchGC(putGC); if (format == XYBitmap) (void)(*pGC->ops->CopyPlane)((DrawablePtr)pmap, dst, pGC, 0, 0, sw, sh, dx, dy, 1L); else (void)(*pGC->ops->CopyArea)((DrawablePtr)pmap, dst, pGC, 0, 0, sw, sh, dx, dy); (*pmap->drawable.pScreen->DestroyPixmap)(pmap); }",xserver,,,237244735243044203289433203029640770075,0 1195,['CWE-189'],"static inline void hrtimer_init_timer_hres(struct hrtimer *timer) { INIT_LIST_HEAD(&timer->cb_entry); }",linux-2.6,,,3032151339412896205300414947522311252,0 2333,CWE-119,"FUNC_DECODER(dissector_postgresql) { DECLARE_DISP_PTR(ptr); struct ec_session *s = NULL; void *ident = NULL; char tmp[MAX_ASCII_ADDR_LEN]; struct postgresql_status *conn_status; (void) DECODE_DATA; (void) DECODE_DATALEN; (void) DECODED_LEN; if (FROM_CLIENT(""postgresql"", PACKET)) { if (PACKET->DATA.len < 4) return NULL; dissect_create_ident(&ident, PACKET, DISSECT_CODE(dissector_postgresql)); if (session_get(&s, ident, DISSECT_IDENT_LEN) == -ENOTFOUND) { unsigned char *u = memmem(ptr, PACKET->DATA.len, ""user"", 4); unsigned char *d = memmem(ptr, PACKET->DATA.len, ""database"", 8); if (!memcmp(ptr + 4, ""\x00\x03\x00\x00"", 4) && u && d) { dissect_create_session(&s, PACKET, DISSECT_CODE(dissector_postgresql)); SAFE_CALLOC(s->data, 1, sizeof(struct postgresql_status)); conn_status = (struct postgresql_status *) s->data; conn_status->status = WAIT_AUTH; strncpy((char*)conn_status->user, (char*)(u + 5), 65); conn_status->user[64] = 0; strncpy((char*)conn_status->database, (char*)(d + 9), 65); conn_status->database[64] = 0; session_put(s); } } else { conn_status = (struct postgresql_status *) s->data; if (conn_status->status == WAIT_RESPONSE) { if (ptr[0] == 'p' && conn_status->type == MD5) { DEBUG_MSG(""\tDissector_postgresql RESPONSE type is MD5""); if(memcmp(ptr + 1, ""\x00\x00\x00\x28"", 4)) { DEBUG_MSG(""\tDissector_postgresql BUG, expected length is 40""); return NULL; } if (PACKET->DATA.len < 40) { DEBUG_MSG(""\tDissector_postgresql BUG, expected length is 40""); return NULL; } memcpy(conn_status->hash, ptr + 5 + 3, 32); conn_status->hash[32] = 0; DISSECT_MSG(""%s:$postgres$%s*%s*%s:%s:%d\n"", conn_status->user, conn_status->user, conn_status->salt, conn_status->hash, ip_addr_ntoa(&PACKET->L3.dst, tmp), ntohs(PACKET->L4.dst)); dissect_wipe_session(PACKET, DISSECT_CODE(dissector_postgresql)); } else if (ptr[0] == 'p' && conn_status->type == CT) { int length; DEBUG_MSG(""\tDissector_postgresql RESPONSE type is clear-text!""); GET_ULONG_BE(length, ptr, 1); strncpy((char*)conn_status->password, (char*)(ptr + 5), length - 4); conn_status->password[length - 4] = 0; DISSECT_MSG(""PostgreSQL credentials:%s-%d:%s:%s\n"", ip_addr_ntoa(&PACKET->L3.dst, tmp), ntohs(PACKET->L4.dst), conn_status->user, conn_status->password); dissect_wipe_session(PACKET, DISSECT_CODE(dissector_postgresql)); } } } } else { if (PACKET->DATA.len < 9) return NULL; dissect_create_ident(&ident, PACKET, DISSECT_CODE(dissector_postgresql)); if (session_get(&s, ident, DISSECT_IDENT_LEN) == ESUCCESS) { conn_status = (struct postgresql_status *) s->data; if (conn_status->status == WAIT_AUTH && ptr[0] == 'R' && !memcmp(ptr + 1, ""\x00\x00\x00\x0c"", 4) && !memcmp(ptr + 5, ""\x00\x00\x00\x05"", 4)) { conn_status->status = WAIT_RESPONSE; conn_status->type = MD5; DEBUG_MSG(""\tDissector_postgresql AUTH type is MD5""); hex_encode(ptr + 9, 4, conn_status->salt); } else if (conn_status->status == WAIT_AUTH && ptr[0] == 'R' && !memcmp(ptr + 1, ""\x00\x00\x00\x08"", 4) && !memcmp(ptr + 5, ""\x00\x00\x00\x03"", 4)) { conn_status->status = WAIT_RESPONSE; conn_status->type = CT; DEBUG_MSG(""\tDissector_postgresql AUTH type is clear-text!""); } } } SAFE_FREE(ident); return NULL; }",visit repo url,src/dissectors/ec_postgresql.c,https://github.com/Ettercap/ettercap,58106027107118,1 614,CWE-17,"void mark_files_ro(struct super_block *sb) { struct file *f; lg_global_lock(&files_lglock); do_file_list_for_each_entry(sb, f) { if (!file_count(f)) continue; if (!(f->f_mode & FMODE_WRITE)) continue; spin_lock(&f->f_lock); f->f_mode &= ~FMODE_WRITE; spin_unlock(&f->f_lock); if (file_check_writeable(f) != 0) continue; __mnt_drop_write(f->f_path.mnt); file_release_write(f); } while_file_list_for_each_entry; lg_global_unlock(&files_lglock); }",visit repo url,fs/file_table.c,https://github.com/torvalds/linux,261320874005491,1 2980,CWE-399,"private int mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir, const unsigned char *s, uint32_t offset, size_t nbytes, size_t linecnt) { if (indir == 0) { switch (type) { case FILE_SEARCH: ms->search.s = RCAST(const char *, s) + offset; ms->search.s_len = nbytes - offset; ms->search.offset = offset; return 0; case FILE_REGEX: { const char *b; const char *c; const char *last; const char *buf; const char *end; size_t lines; if (s == NULL) { ms->search.s_len = 0; ms->search.s = NULL; return 0; } buf = RCAST(const char *, s) + offset; end = last = RCAST(const char *, s) + nbytes; for (lines = linecnt, b = buf; lines && b < end && ((b = CAST(const char *, memchr(c = b, '\n', CAST(size_t, (end - b))))) || (b = CAST(const char *, memchr(c, '\r', CAST(size_t, (end - c)))))); lines--, b++) { last = b; if (b[0] == '\r' && b[1] == '\n') b++; } if (lines) last = RCAST(const char *, s) + nbytes; ms->search.s = buf; ms->search.s_len = last - buf; ms->search.offset = offset; ms->search.rm_len = 0; return 0; } case FILE_BESTRING16: case FILE_LESTRING16: { const unsigned char *src = s + offset; const unsigned char *esrc = s + nbytes; char *dst = p->s; char *edst = &p->s[sizeof(p->s) - 1]; if (type == FILE_BESTRING16) src++; if (offset >= nbytes) break; for ( ; src < esrc; src += 2, dst++) { if (dst < edst) *dst = *src; else break; if (*dst == '\0') { if (type == FILE_BESTRING16 ? *(src - 1) != '\0' : *(src + 1) != '\0') *dst = ' '; } } *edst = '\0'; return 0; } case FILE_STRING: case FILE_PSTRING: default: break; } } if (offset >= nbytes) { (void)memset(p, '\0', sizeof(*p)); return 0; } if (nbytes - offset < sizeof(*p)) nbytes = nbytes - offset; else nbytes = sizeof(*p); (void)memcpy(p, s + offset, nbytes); if (nbytes < sizeof(*p)) (void)memset(((char *)(void *)p) + nbytes, '\0', sizeof(*p) - nbytes);",visit repo url,src/softmagic.c,https://github.com/file/file,193090137528156,1 3765,[],"static struct sock *first_unix_socket(int *i) { for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) { if (!hlist_empty(&unix_socket_table[*i])) return __sk_head(&unix_socket_table[*i]); } return NULL; }",linux-2.6,,,187756313556978030519424224496595758823,0 803,['CWE-16'],"static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) { int err; struct ip_esp_hdr *esph; struct crypto_aead *aead; struct aead_givcrypt_request *req; struct scatterlist *sg; struct scatterlist *asg; struct sk_buff *trailer; void *tmp; int blksize; int clen; int alen; int nfrags; u8 *iv; u8 *tail; struct esp_data *esp = x->data; err = -ENOMEM; clen = skb->len; aead = esp->aead; alen = crypto_aead_authsize(aead); blksize = ALIGN(crypto_aead_blocksize(aead), 4); clen = ALIGN(clen + 2, blksize); if (esp->padlen) clen = ALIGN(clen, esp->padlen); if ((err = skb_cow_data(skb, clen - skb->len + alen, &trailer)) < 0) goto error; nfrags = err; tmp = esp_alloc_tmp(aead, nfrags + 1); if (!tmp) goto error; iv = esp_tmp_iv(aead, tmp); req = esp_tmp_givreq(aead, iv); asg = esp_givreq_sg(aead, req); sg = asg + 1; tail = skb_tail_pointer(trailer); do { int i; for (i=0; ilen - 2; i++) tail[i] = i + 1; } while (0); tail[clen-skb->len - 2] = (clen - skb->len) - 2; tail[clen - skb->len - 1] = *skb_mac_header(skb); pskb_put(skb, trailer, clen - skb->len + alen); skb_push(skb, -skb_network_offset(skb)); esph = ip_esp_hdr(skb); *skb_mac_header(skb) = IPPROTO_ESP; esph->spi = x->id.spi; esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); sg_init_table(sg, nfrags); skb_to_sgvec(skb, sg, esph->enc_data + crypto_aead_ivsize(aead) - skb->data, clen + alen); sg_init_one(asg, esph, sizeof(*esph)); aead_givcrypt_set_callback(req, 0, esp_output_done, skb); aead_givcrypt_set_crypt(req, sg, sg, clen, iv); aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); aead_givcrypt_set_giv(req, esph->enc_data, XFRM_SKB_CB(skb)->seq.output); ESP_SKB_CB(skb)->tmp = tmp; err = crypto_aead_givencrypt(req); if (err == -EINPROGRESS) goto error; if (err == -EBUSY) err = NET_XMIT_DROP; kfree(tmp); error: return err; }",linux-2.6,,,303969493887412150568444315244199799814,0 6354,['CWE-200'],"act_get_notify(u32 pid, struct nlmsghdr *n, struct tc_action *a, int event) { struct sk_buff *skb; int err = 0; skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); if (!skb) return -ENOBUFS; if (tca_get_fill(skb, a, pid, n->nlmsg_seq, 0, event, 0, 0) <= 0) { kfree_skb(skb); return -EINVAL; } err = netlink_unicast(rtnl, skb, pid, MSG_DONTWAIT); if (err > 0) err = 0; return err; }",linux-2.6,,,216968749774048829421141230462120069191,0 2835,CWE-125,"static CACHE_BITMAP_V2_ORDER* update_read_cache_bitmap_v2_order(rdpUpdate* update, wStream* s, BOOL compressed, UINT16 flags) { BYTE bitsPerPixelId; CACHE_BITMAP_V2_ORDER* cache_bitmap_v2; if (!update || !s) return NULL; cache_bitmap_v2 = calloc(1, sizeof(CACHE_BITMAP_V2_ORDER)); if (!cache_bitmap_v2) goto fail; cache_bitmap_v2->cacheId = flags & 0x0003; cache_bitmap_v2->flags = (flags & 0xFF80) >> 7; bitsPerPixelId = (flags & 0x0078) >> 3; cache_bitmap_v2->bitmapBpp = CBR2_BPP[bitsPerPixelId]; if (cache_bitmap_v2->flags & CBR2_PERSISTENT_KEY_PRESENT) { if (Stream_GetRemainingLength(s) < 8) goto fail; Stream_Read_UINT32(s, cache_bitmap_v2->key1); Stream_Read_UINT32(s, cache_bitmap_v2->key2); } if (cache_bitmap_v2->flags & CBR2_HEIGHT_SAME_AS_WIDTH) { if (!update_read_2byte_unsigned(s, &cache_bitmap_v2->bitmapWidth)) goto fail; cache_bitmap_v2->bitmapHeight = cache_bitmap_v2->bitmapWidth; } else { if (!update_read_2byte_unsigned(s, &cache_bitmap_v2->bitmapWidth) || !update_read_2byte_unsigned(s, &cache_bitmap_v2->bitmapHeight)) goto fail; } if (!update_read_4byte_unsigned(s, &cache_bitmap_v2->bitmapLength) || !update_read_2byte_unsigned(s, &cache_bitmap_v2->cacheIndex)) goto fail; if (cache_bitmap_v2->flags & CBR2_DO_NOT_CACHE) cache_bitmap_v2->cacheIndex = BITMAP_CACHE_WAITING_LIST_INDEX; if (compressed) { if (!(cache_bitmap_v2->flags & CBR2_NO_BITMAP_COMPRESSION_HDR)) { if (Stream_GetRemainingLength(s) < 8) goto fail; Stream_Read_UINT16( s, cache_bitmap_v2->cbCompFirstRowSize); Stream_Read_UINT16( s, cache_bitmap_v2->cbCompMainBodySize); Stream_Read_UINT16(s, cache_bitmap_v2->cbScanWidth); Stream_Read_UINT16( s, cache_bitmap_v2->cbUncompressedSize); cache_bitmap_v2->bitmapLength = cache_bitmap_v2->cbCompMainBodySize; } } if (cache_bitmap_v2->bitmapLength == 0) goto fail; if (Stream_GetRemainingLength(s) < cache_bitmap_v2->bitmapLength) goto fail; if (cache_bitmap_v2->bitmapLength == 0) goto fail; cache_bitmap_v2->bitmapDataStream = malloc(cache_bitmap_v2->bitmapLength); if (!cache_bitmap_v2->bitmapDataStream) goto fail; Stream_Read(s, cache_bitmap_v2->bitmapDataStream, cache_bitmap_v2->bitmapLength); cache_bitmap_v2->compressed = compressed; return cache_bitmap_v2; fail: free_cache_bitmap_v2_order(update->context, cache_bitmap_v2); return NULL; }",visit repo url,libfreerdp/core/orders.c,https://github.com/FreeRDP/FreeRDP,246892114095140,1 6393,CWE-20,"error_t enc28j60UpdateMacAddrFilter(NetInterface *interface) { uint_t i; uint_t k; uint32_t crc; uint8_t hashTable[8]; MacFilterEntry *entry; TRACE_DEBUG(""Updating MAC filter...\r\n""); osMemset(hashTable, 0, sizeof(hashTable)); for(i = 0; i < MAC_ADDR_FILTER_SIZE; i++) { entry = &interface->macAddrFilter[i]; if(entry->refCount > 0) { crc = enc28j60CalcCrc(&entry->addr, sizeof(MacAddr)); k = (crc >> 23) & 0x3F; hashTable[k / 8] |= (1 << (k % 8)); } } enc28j60WriteReg(interface, ENC28J60_REG_EHT0, hashTable[0]); enc28j60WriteReg(interface, ENC28J60_REG_EHT1, hashTable[1]); enc28j60WriteReg(interface, ENC28J60_REG_EHT2, hashTable[2]); enc28j60WriteReg(interface, ENC28J60_REG_EHT3, hashTable[3]); enc28j60WriteReg(interface, ENC28J60_REG_EHT4, hashTable[4]); enc28j60WriteReg(interface, ENC28J60_REG_EHT5, hashTable[5]); enc28j60WriteReg(interface, ENC28J60_REG_EHT6, hashTable[6]); enc28j60WriteReg(interface, ENC28J60_REG_EHT7, hashTable[7]); TRACE_DEBUG("" EHT0 = %02"" PRIX8 ""\r\n"", enc28j60ReadReg(interface, ENC28J60_REG_EHT0)); TRACE_DEBUG("" EHT1 = %02"" PRIX8 ""\r\n"", enc28j60ReadReg(interface, ENC28J60_REG_EHT1)); TRACE_DEBUG("" EHT2 = %02"" PRIX8 ""\r\n"", enc28j60ReadReg(interface, ENC28J60_REG_EHT2)); TRACE_DEBUG("" EHT3 = %02"" PRIX8 ""\r\n"", enc28j60ReadReg(interface, ENC28J60_REG_EHT3)); TRACE_DEBUG("" EHT0 = %02"" PRIX8 ""\r\n"", enc28j60ReadReg(interface, ENC28J60_REG_EHT4)); TRACE_DEBUG("" EHT1 = %02"" PRIX8 ""\r\n"", enc28j60ReadReg(interface, ENC28J60_REG_EHT5)); TRACE_DEBUG("" EHT2 = %02"" PRIX8 ""\r\n"", enc28j60ReadReg(interface, ENC28J60_REG_EHT6)); TRACE_DEBUG("" EHT3 = %02"" PRIX8 ""\r\n"", enc28j60ReadReg(interface, ENC28J60_REG_EHT7)); return NO_ERROR; }",visit repo url,drivers/eth/enc28j60_driver.c,https://github.com/Oryx-Embedded/CycloneTCP,240923182066555,1 6611,CWE-787,"static int on_part_data_end(multipart_parser *parser) { multipart_parser_data_t *data = NULL; ogs_assert(parser); data = multipart_parser_get_data(parser); ogs_assert(data); data->num_of_part++; return 0; }",visit repo url,lib/sbi/message.c,https://github.com/open5gs/open5gs,87735542465857,1 2027,NVD-CWE-noinfo,"static void __xen_evtchn_do_upcall(void) { struct vcpu_info *vcpu_info = __this_cpu_read(xen_vcpu); int cpu = smp_processor_id(); read_lock(&evtchn_rwlock); do { vcpu_info->evtchn_upcall_pending = 0; xen_evtchn_handle_events(cpu); BUG_ON(!irqs_disabled()); virt_rmb(); } while (vcpu_info->evtchn_upcall_pending); read_unlock(&evtchn_rwlock); }",visit repo url,drivers/xen/events/events_base.c,https://github.com/torvalds/linux,186943843963844,1 3981,CWE-352,"static void handle_do_action(HttpRequest req, HttpResponse res) { Service_T s; Action_Type doaction = Action_Ignored; const char *action = get_parameter(req, ""action""); const char *token = get_parameter(req, ""token""); if (action) { if (is_readonly(req)) { send_error(req, res, SC_FORBIDDEN, ""You do not have sufficient privileges to access this page""); return; } if ((doaction = Util_getAction(action)) == Action_Ignored) { send_error(req, res, SC_BAD_REQUEST, ""Invalid action \""%s\"""", action); return; } for (HttpParameter p = req->params; p; p = p->next) { if (IS(p->name, ""service"")) { s = Util_getService(p->value); if (! s) { send_error(req, res, SC_BAD_REQUEST, ""There is no service named \""%s\"""", p->value ? p->value : """"); return; } s->doaction = doaction; LogInfo(""'%s' %s on user request\n"", s->name, action); } } if (token) { Service_T q = NULL; for (s = servicelist; s; s = s->next) if (s->doaction == doaction) q = s; if (q) { FREE(q->token); q->token = Str_dup(token); } } Run.flags |= Run_ActionPending; do_wakeupcall(); } }",visit repo url,src/http/cervlet.c,https://bitbucket.org/tildeslash/monit,115647503131612,1 4822,CWE-415,"static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card) { sc_card_t *card = p15card->card; sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data; sc_file_t *file = NULL; sc_path_t path; u8 filelist[MAX_EXT_APDU_LENGTH]; int filelistlength; int r, i; sc_cvc_t devcert; struct sc_app_info *appinfo; struct sc_pkcs15_auth_info pin_info; struct sc_pkcs15_object pin_obj; struct sc_pin_cmd_data pindata; u8 efbin[1024]; u8 *ptr; size_t len; LOG_FUNC_CALLED(card->ctx); appinfo = calloc(1, sizeof(struct sc_app_info)); if (appinfo == NULL) { LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->aid = sc_hsm_aid; appinfo->ddo.aid = sc_hsm_aid; p15card->app = appinfo; sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0); r = sc_select_file(card, &path, &file); LOG_TEST_RET(card->ctx, r, ""Could not select SmartCard-HSM application""); p15card->card->version.hw_major = 24; p15card->card->version.hw_minor = 13; if (file && file->prop_attr && file->prop_attr_len >= 2) { p15card->card->version.fw_major = file->prop_attr[file->prop_attr_len - 2]; p15card->card->version.fw_minor = file->prop_attr[file->prop_attr_len - 1]; } sc_file_free(file); if (priv->EF_C_DevAut && priv->EF_C_DevAut_len) { ptr = priv->EF_C_DevAut; len = priv->EF_C_DevAut_len; } else { len = sizeof efbin; r = read_file(p15card, (u8 *) ""\x2F\x02"", efbin, &len, 1); LOG_TEST_RET(card->ctx, r, ""Skipping optional EF.C_DevAut""); ptr = realloc(priv->EF_C_DevAut, len); if (ptr) { memcpy(ptr, efbin, len); priv->EF_C_DevAut = ptr; priv->EF_C_DevAut_len = len; } ptr = efbin; } memset(&devcert, 0 ,sizeof(devcert)); r = sc_pkcs15emu_sc_hsm_decode_cvc(p15card, (const u8 **)&ptr, &len, &devcert); LOG_TEST_RET(card->ctx, r, ""Could not decode EF.C_DevAut""); sc_pkcs15emu_sc_hsm_read_tokeninfo(p15card); if (p15card->tokeninfo->label == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->label = strdup(""GoID""); } else { p15card->tokeninfo->label = strdup(""SmartCard-HSM""); } if (p15card->tokeninfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } if ((p15card->tokeninfo->manufacturer_id != NULL) && !strcmp(""(unknown)"", p15card->tokeninfo->manufacturer_id)) { free(p15card->tokeninfo->manufacturer_id); p15card->tokeninfo->manufacturer_id = NULL; } if (p15card->tokeninfo->manufacturer_id == NULL) { if (p15card->card->type == SC_CARD_TYPE_SC_HSM_GOID || p15card->card->type == SC_CARD_TYPE_SC_HSM_SOC) { p15card->tokeninfo->manufacturer_id = strdup(""Bundesdruckerei GmbH""); } else { p15card->tokeninfo->manufacturer_id = strdup(""www.CardContact.de""); } if (p15card->tokeninfo->manufacturer_id == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); } appinfo->label = strdup(p15card->tokeninfo->label); if (appinfo->label == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); len = strnlen(devcert.chr, sizeof devcert.chr); assert(len >= 8); len -= 5; p15card->tokeninfo->serial_number = calloc(len + 1, 1); if (p15card->tokeninfo->serial_number == NULL) LOG_FUNC_RETURN(card->ctx, SC_ERROR_OUT_OF_MEMORY); memcpy(p15card->tokeninfo->serial_number, devcert.chr, len); *(p15card->tokeninfo->serial_number + len) = 0; sc_hsm_set_serialnr(card, p15card->tokeninfo->serial_number); sc_pkcs15emu_sc_hsm_free_cvc(&devcert); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 1; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x81; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pin_info.attrs.pin.min_length = 6; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 15; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 3; pin_info.max_tries = 3; pin_obj.auth_id.len = 1; pin_obj.auth_id.value[0] = 2; strlcpy(pin_obj.label, ""UserPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); memset(&pin_info, 0, sizeof(pin_info)); memset(&pin_obj, 0, sizeof(pin_obj)); pin_info.auth_id.len = 1; pin_info.auth_id.value[0] = 2; pin_info.path.aid = sc_hsm_aid; pin_info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; pin_info.attrs.pin.reference = 0x88; pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED|SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED|SC_PKCS15_PIN_FLAG_SO_PIN; pin_info.attrs.pin.type = SC_PKCS15_PIN_TYPE_BCD; pin_info.attrs.pin.min_length = 16; pin_info.attrs.pin.stored_length = 0; pin_info.attrs.pin.max_length = 16; pin_info.attrs.pin.pad_char = '\0'; pin_info.tries_left = 15; pin_info.max_tries = 15; strlcpy(pin_obj.label, ""SOPIN"", sizeof(pin_obj.label)); pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE; r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info); if (r < 0) LOG_FUNC_RETURN(card->ctx, r); if (card->type == SC_CARD_TYPE_SC_HSM_SOC || card->type == SC_CARD_TYPE_SC_HSM_GOID) { r = SC_SUCCESS; } else { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x85; r = sc_pin_cmd(card, &pindata, NULL); } if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { memset(&pindata, 0, sizeof(pindata)); pindata.cmd = SC_PIN_CMD_GET_INFO; pindata.pin_type = SC_AC_CHV; pindata.pin_reference = 0x86; r = sc_pin_cmd(card, &pindata, NULL); } if ((r != SC_ERROR_DATA_OBJECT_NOT_FOUND) && (r != SC_ERROR_INCORRECT_PARAMETERS)) card->caps |= SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH; filelistlength = sc_list_files(card, filelist, sizeof(filelist)); LOG_TEST_RET(card->ctx, filelistlength, ""Could not enumerate file and key identifier""); for (i = 0; i < filelistlength; i += 2) { switch(filelist[i]) { case KEY_PREFIX: r = sc_pkcs15emu_sc_hsm_add_prkd(p15card, filelist[i + 1]); break; case DCOD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_dcod(p15card, filelist[i + 1]); break; case CD_PREFIX: r = sc_pkcs15emu_sc_hsm_add_cd(p15card, filelist[i + 1]); break; } if (r != SC_SUCCESS) { sc_log(card->ctx, ""Error %d adding elements to framework"", r); } } LOG_FUNC_RETURN(card->ctx, SC_SUCCESS); }",visit repo url,src/libopensc/pkcs15-sc-hsm.c,https://github.com/OpenSC/OpenSC,102536223365760,1 2276,['CWE-120'],"static __always_inline void follow_dotdot(struct nameidata *nd) { struct fs_struct *fs = current->fs; while(1) { struct vfsmount *parent; struct dentry *old = nd->path.dentry; read_lock(&fs->lock); if (nd->path.dentry == fs->root.dentry && nd->path.mnt == fs->root.mnt) { read_unlock(&fs->lock); break; } read_unlock(&fs->lock); spin_lock(&dcache_lock); if (nd->path.dentry != nd->path.mnt->mnt_root) { nd->path.dentry = dget(nd->path.dentry->d_parent); spin_unlock(&dcache_lock); dput(old); break; } spin_unlock(&dcache_lock); spin_lock(&vfsmount_lock); parent = nd->path.mnt->mnt_parent; if (parent == nd->path.mnt) { spin_unlock(&vfsmount_lock); break; } mntget(parent); nd->path.dentry = dget(nd->path.mnt->mnt_mountpoint); spin_unlock(&vfsmount_lock); dput(old); mntput(nd->path.mnt); nd->path.mnt = parent; } follow_mount(&nd->path.mnt, &nd->path.dentry); }",linux-2.6,,,193209242050034066156727267065950677180,0 123,[],"static int put_compat_flock64(struct flock *kfl, struct compat_flock64 __user *ufl) { if (!access_ok(VERIFY_WRITE, ufl, sizeof(*ufl)) || __put_user(kfl->l_type, &ufl->l_type) || __put_user(kfl->l_whence, &ufl->l_whence) || __put_user(kfl->l_start, &ufl->l_start) || __put_user(kfl->l_len, &ufl->l_len) || __put_user(kfl->l_pid, &ufl->l_pid)) return -EFAULT; return 0; }",linux-2.6,,,331152777448605663304416393440831327823,0 2637,[],"static int sctp_setsockopt_fragment_interleave(struct sock *sk, char __user *optval, int optlen) { int val; if (optlen != sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; sctp_sk(sk)->frag_interleave = (val == 0) ? 0 : 1; return 0; }",linux-2.6,,,181727116863959744863804109622977186199,0 4950,['CWE-20'],"static struct nfs_client *nfs_get_client(const char *hostname, const struct sockaddr_in *addr, int nfsversion) { struct nfs_client *clp, *new = NULL; int error; dprintk(""--> nfs_get_client(%s,""NIPQUAD_FMT"":%d,%d)\n"", hostname ?: """", NIPQUAD(addr->sin_addr), addr->sin_port, nfsversion); do { spin_lock(&nfs_client_lock); clp = __nfs_find_client(addr, nfsversion, 1); if (clp) goto found_client; if (new) goto install_client; spin_unlock(&nfs_client_lock); new = nfs_alloc_client(hostname, addr, nfsversion); } while (new); return ERR_PTR(-ENOMEM); install_client: clp = new; list_add(&clp->cl_share_link, &nfs_client_list); spin_unlock(&nfs_client_lock); dprintk(""--> nfs_get_client() = %p [new]\n"", clp); return clp; found_client: spin_unlock(&nfs_client_lock); if (new) nfs_free_client(new); error = wait_event_interruptible(nfs_client_active_wq, clp->cl_cons_state != NFS_CS_INITING); if (error < 0) { nfs_put_client(clp); return ERR_PTR(-ERESTARTSYS); } if (clp->cl_cons_state < NFS_CS_READY) { error = clp->cl_cons_state; nfs_put_client(clp); return ERR_PTR(error); } BUG_ON(clp->cl_cons_state != NFS_CS_READY); dprintk(""--> nfs_get_client() = %p [share]\n"", clp); return clp; }",linux-2.6,,,143202878752893266207867013503392305065,0 4607,CWE-787,"static s32 gf_media_vvc_read_vps_bs_internal(GF_BitStream *bs, VVCState *vvc, Bool stop_at_vps_ext) { u32 i, j; s32 vps_id; VVC_VPS *vps; Bool vps_default_ptl_dpb_hrd_max_tid_flag=0; vps_id = gf_bs_read_int_log(bs, 4, ""vps_id""); if (vps_id >= 16) return -1; if (!vps_id) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] VPS ID 0 is forbidden\n"")); return -1; } vps = &vvc->vps[vps_id]; if (!vps->state) { vps->id = vps_id; vps->state = 1; } vps->max_layers = 1 + gf_bs_read_int_log(bs, 6, ""max_layers""); if (vps->max_layers > MAX_LHVC_LAYERS) { GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, (""[VVC] sorry, %d layers in VPS but only %d supported\n"", vps->max_layers, MAX_LHVC_LAYERS)); return -1; } vps->max_sub_layers = gf_bs_read_int_log(bs, 3, ""max_sub_layers_minus1"") + 1; if ((vps->max_layers>1) && (vps->max_sub_layers>1)) vps_default_ptl_dpb_hrd_max_tid_flag = gf_bs_read_int_log(bs, 1, ""vps_default_ptl_dpb_hrd_max_tid_flag""); if (vps->max_layers>1) vps->all_layers_independent = gf_bs_read_int_log(bs, 1, ""all_layers_independent""); for (i=0; imax_layers; i++) { u32 layer_id = gf_bs_read_int_log_idx(bs, 6, ""layer_id"", i); if (layer_id>vps->max_layer_id) vps->max_layer_id = layer_id; if (i && !vps->all_layers_independent) { Bool layer_indep = gf_bs_read_int_log_idx(bs, 1, ""layer_independent"", i); if (!layer_indep) { Bool vps_max_tid_ref_present_flag = gf_bs_read_int_log_idx(bs, 1, ""vps_max_tid_ref_present_flag"", i); for (j=0; jnum_ptl = 1; if (vps->max_layers > 1) { if (vps->all_layers_independent) { vps->each_layer_is_ols = gf_bs_read_int_log(bs, 1, ""each_layer_is_ols""); } if (!vps->each_layer_is_ols) { u32 vps_ols_mode_idc = 2; if (!vps->all_layers_independent) { vps_ols_mode_idc = gf_bs_read_int_log(bs, 2, ""vps_ols_mode_idc""); } if (vps_ols_mode_idc==2) { u8 vps_num_output_layer_sets = 2 + gf_bs_read_int_log(bs, 8, ""vps_num_output_layer_sets_minus2""); for (i=0; imax_layers; j++) { gf_bs_read_int_log_idx2(bs, 1, ""vps_ols_output_layer_flag"", i, j); } } } } vps->num_ptl = 1 + gf_bs_read_int_log(bs, 8, ""num_ptl_minus1""); } vps->ptl[0].pt_present = 1; for (i=0; inum_ptl; i++) { if (i) vps->ptl[i].pt_present = gf_bs_read_int_log_idx(bs, 1, ""pt_present"", i); if (!vps_default_ptl_dpb_hrd_max_tid_flag) vps->ptl[i].ptl_max_tid = gf_bs_read_int_log_idx(bs, 3, ""ptl_max_tid"", i); else vps->ptl[i].ptl_max_tid = vps->max_sub_layers - 1;; } gf_bs_align(bs); for (i=0; inum_ptl; i++) { vvc_profile_tier_level(bs, &vps->ptl[i], i); } return vps_id; }",visit repo url,src/media_tools/av_parsers.c,https://github.com/gpac/gpac,95258776262761,1 491,[],"pfm_restore_pmds(unsigned long *pmds, unsigned long mask) { int i; unsigned long val, ovfl_val = pmu_conf->ovfl_val; for (i=0; mask; i++, mask>>=1) { if ((mask & 0x1) == 0) continue; val = PMD_IS_COUNTING(i) ? pmds[i] & ovfl_val : pmds[i]; ia64_set_pmd(i, val); } ia64_srlz_d(); }",linux-2.6,,,254499257325140554663801025911998110133,0 6081,CWE-190,"void bn_write_str(char *str, int len, const bn_t a, int radix) { bn_t t; dig_t d; int digits, l, i, j; char c; bn_null(t); l = bn_size_str(a, radix); if (len < l) { RLC_THROW(ERR_NO_BUFFER); return; } if (radix < 2 || radix > 64) { RLC_THROW(ERR_NO_VALID); return; } if (bn_is_zero(a) == 1) { *str++ = '0'; *str = '\0'; return; } RLC_TRY { bn_new(t); bn_copy(t, a); j = 0; if (t->sign == RLC_NEG) { str[j] = '-'; j++; t->sign = RLC_POS; } digits = 0; while (!bn_is_zero(t) && j < len) { bn_div_rem_dig(t, &d, t, (dig_t)radix); str[j] = util_conv_char(d); digits++; j++; } i = 0; if (str[0] == '-') { i = 1; } j = l - 2; while (i < j) { c = str[i]; str[i] = str[j]; str[j] = c; ++i; --j; } str[l - 1] = '\0'; } RLC_CATCH_ANY { RLC_THROW(ERR_CAUGHT); } RLC_FINALLY { bn_free(t); } }",visit repo url,src/bn/relic_bn_util.c,https://github.com/relic-toolkit/relic,188720222489047,1 6044,['CWE-200'],"static int cbq_reshape_fail(struct sk_buff *skb, struct Qdisc *child) { int len = skb->len; struct Qdisc *sch = child->__parent; struct cbq_sched_data *q = qdisc_priv(sch); struct cbq_class *cl = q->rx_class; q->rx_class = NULL; if (cl && (cl = cbq_reclassify(skb, cl)) != NULL) { cbq_mark_toplevel(q, cl); q->rx_class = cl; cl->q->__parent = sch; if (cl->q->enqueue(skb, cl->q) == 0) { sch->q.qlen++; sch->bstats.packets++; sch->bstats.bytes+=len; if (!cl->next_alive) cbq_activate_class(cl); return 0; } sch->qstats.drops++; return 0; } sch->qstats.drops++; return -1; }",linux-2.6,,,332909330584417922028046150195474273545,0 5259,CWE-362,"vips_foreign_load_start( VipsImage *out, void *a, void *b ) { VipsForeignLoad *load = VIPS_FOREIGN_LOAD( b ); VipsForeignLoadClass *class = VIPS_FOREIGN_LOAD_GET_CLASS( load ); if( !load->real ) { if( !(load->real = vips_foreign_load_temp( load )) ) return( NULL ); #ifdef DEBUG printf( ""vips_foreign_load_start: triggering ->load()\n"" ); #endif load->real->progress_signal = load->out; g_object_set_qdata( G_OBJECT( load->real ), vips__foreign_load_operation, load ); if( class->load( load ) || vips_image_pio_input( load->real ) ) return( NULL ); if( !vips_foreign_load_iscompat( load->real, out ) ) return( NULL ); vips_image_pipelinev( load->out, load->out->dhint, load->real, NULL ); } return( vips_region_new( load->real ) ); }",visit repo url,libvips/foreign/foreign.c,https://github.com/jcupitt/libvips,220928657930084,1 6700,['CWE-200'],"dispose (GObject *object) { NMConnectionList *list = NM_CONNECTION_LIST (object); if (list->dialog) gtk_widget_hide (list->dialog); if (list->editors) g_hash_table_destroy (list->editors); if (list->wired_icon) g_object_unref (list->wired_icon); if (list->wireless_icon) g_object_unref (list->wireless_icon); if (list->wwan_icon) g_object_unref (list->wwan_icon); if (list->vpn_icon) g_object_unref (list->vpn_icon); if (list->unknown_icon) g_object_unref (list->unknown_icon); polkit_action_unref (list->system_action); if (list->dialog) gtk_widget_destroy (list->dialog); if (list->gui) g_object_unref (list->gui); if (list->client) g_object_unref (list->client); g_slist_free (list->treeviews); if (list->gconf_settings) g_object_unref (list->gconf_settings); if (list->system_settings) g_object_unref (list->system_settings); G_OBJECT_CLASS (nm_connection_list_parent_class)->dispose (object); }",network-manager-applet,,,300531493354213095497911130816147564527,0 5240,CWE-787,"gplotCreate(const char *rootname, l_int32 outformat, const char *title, const char *xlabel, const char *ylabel) { char *newroot; char buf[L_BUF_SIZE]; l_int32 badchar; GPLOT *gplot; PROCNAME(""gplotCreate""); if (!rootname) return (GPLOT *)ERROR_PTR(""rootname not defined"", procName, NULL); if (outformat != GPLOT_PNG && outformat != GPLOT_PS && outformat != GPLOT_EPS && outformat != GPLOT_LATEX) return (GPLOT *)ERROR_PTR(""outformat invalid"", procName, NULL); stringCheckForChars(rootname, ""`;&|><\""?*"", &badchar); if (badchar) return (GPLOT *)ERROR_PTR(""invalid rootname"", procName, NULL); if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL) return (GPLOT *)ERROR_PTR(""gplot not made"", procName, NULL); gplot->cmddata = sarrayCreate(0); gplot->datanames = sarrayCreate(0); gplot->plotdata = sarrayCreate(0); gplot->plottitles = sarrayCreate(0); gplot->plotstyles = numaCreate(0); newroot = genPathname(rootname, NULL); gplot->rootname = newroot; gplot->outformat = outformat; snprintf(buf, L_BUF_SIZE, ""%s.cmd"", rootname); gplot->cmdname = stringNew(buf); if (outformat == GPLOT_PNG) snprintf(buf, L_BUF_SIZE, ""%s.png"", newroot); else if (outformat == GPLOT_PS) snprintf(buf, L_BUF_SIZE, ""%s.ps"", newroot); else if (outformat == GPLOT_EPS) snprintf(buf, L_BUF_SIZE, ""%s.eps"", newroot); else if (outformat == GPLOT_LATEX) snprintf(buf, L_BUF_SIZE, ""%s.tex"", newroot); gplot->outname = stringNew(buf); if (title) gplot->title = stringNew(title); if (xlabel) gplot->xlabel = stringNew(xlabel); if (ylabel) gplot->ylabel = stringNew(ylabel); return gplot; }",visit repo url,src/gplot.c,https://github.com/DanBloomberg/leptonica,173831041514077,1 5732,CWE-120,"static void ProcessRadioRxDone( void ) { LoRaMacHeader_t macHdr; ApplyCFListParams_t applyCFList; GetPhyParams_t getPhy; PhyParam_t phyParam; LoRaMacCryptoStatus_t macCryptoStatus = LORAMAC_CRYPTO_ERROR; LoRaMacMessageData_t macMsgData; LoRaMacMessageJoinAccept_t macMsgJoinAccept; uint8_t *payload = RxDoneParams.Payload; uint16_t size = RxDoneParams.Size; int16_t rssi = RxDoneParams.Rssi; int8_t snr = RxDoneParams.Snr; uint8_t pktHeaderLen = 0; uint32_t downLinkCounter = 0; uint32_t address = MacCtx.NvmCtx->DevAddr; uint8_t multicast = 0; AddressIdentifier_t addrID = UNICAST_DEV_ADDR; FCntIdentifier_t fCntID; MacCtx.McpsConfirm.AckReceived = false; MacCtx.McpsIndication.Rssi = rssi; MacCtx.McpsIndication.Snr = snr; MacCtx.McpsIndication.RxSlot = MacCtx.RxSlot; MacCtx.McpsIndication.Port = 0; MacCtx.McpsIndication.Multicast = 0; MacCtx.McpsIndication.FramePending = 0; MacCtx.McpsIndication.Buffer = NULL; MacCtx.McpsIndication.BufferSize = 0; MacCtx.McpsIndication.RxData = false; MacCtx.McpsIndication.AckReceived = false; MacCtx.McpsIndication.DownLinkCounter = 0; MacCtx.McpsIndication.McpsIndication = MCPS_UNCONFIRMED; MacCtx.McpsIndication.DevAddress = 0; MacCtx.McpsIndication.DeviceTimeAnsReceived = false; Radio.Sleep( ); TimerStop( &MacCtx.RxWindowTimer2 ); if( LoRaMacClassBRxBeacon( payload, size ) == true ) { MacCtx.MlmeIndication.BeaconInfo.Rssi = rssi; MacCtx.MlmeIndication.BeaconInfo.Snr = snr; return; } if( MacCtx.NvmCtx->DeviceClass == CLASS_B ) { if( LoRaMacClassBIsPingExpected( ) == true ) { LoRaMacClassBSetPingSlotState( PINGSLOT_STATE_CALC_PING_OFFSET ); LoRaMacClassBPingSlotTimerEvent( NULL ); MacCtx.McpsIndication.RxSlot = RX_SLOT_WIN_CLASS_B_PING_SLOT; } else if( LoRaMacClassBIsMulticastExpected( ) == true ) { LoRaMacClassBSetMulticastSlotState( PINGSLOT_STATE_CALC_PING_OFFSET ); LoRaMacClassBMulticastSlotTimerEvent( NULL ); MacCtx.McpsIndication.RxSlot = RX_SLOT_WIN_CLASS_B_MULTICAST_SLOT; } } macHdr.Value = payload[pktHeaderLen++]; switch( macHdr.Bits.MType ) { case FRAME_TYPE_JOIN_ACCEPT: macMsgJoinAccept.Buffer = payload; macMsgJoinAccept.BufSize = size; if( MacCtx.NvmCtx->NetworkActivation != ACTIVATION_TYPE_NONE ) { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_ERROR; PrepareRxDoneAbort( ); return; } macCryptoStatus = LoRaMacCryptoHandleJoinAccept( JOIN_REQ, SecureElementGetJoinEui( ), &macMsgJoinAccept ); if( LORAMAC_CRYPTO_SUCCESS == macCryptoStatus ) { MacCtx.NvmCtx->NetID = ( uint32_t ) macMsgJoinAccept.NetID[0]; MacCtx.NvmCtx->NetID |= ( ( uint32_t ) macMsgJoinAccept.NetID[1] << 8 ); MacCtx.NvmCtx->NetID |= ( ( uint32_t ) macMsgJoinAccept.NetID[2] << 16 ); MacCtx.NvmCtx->DevAddr = macMsgJoinAccept.DevAddr; MacCtx.NvmCtx->MacParams.Rx1DrOffset = macMsgJoinAccept.DLSettings.Bits.RX1DRoffset; MacCtx.NvmCtx->MacParams.Rx2Channel.Datarate = macMsgJoinAccept.DLSettings.Bits.RX2DataRate; MacCtx.NvmCtx->MacParams.RxCChannel.Datarate = macMsgJoinAccept.DLSettings.Bits.RX2DataRate; MacCtx.NvmCtx->MacParams.ReceiveDelay1 = macMsgJoinAccept.RxDelay; if( MacCtx.NvmCtx->MacParams.ReceiveDelay1 == 0 ) { MacCtx.NvmCtx->MacParams.ReceiveDelay1 = 1; } MacCtx.NvmCtx->MacParams.ReceiveDelay1 *= 1000; MacCtx.NvmCtx->MacParams.ReceiveDelay2 = MacCtx.NvmCtx->MacParams.ReceiveDelay1 + 1000; MacCtx.NvmCtx->Version.Fields.Minor = 0; applyCFList.Payload = macMsgJoinAccept.CFList; applyCFList.Size = size - 17; RegionApplyCFList( MacCtx.NvmCtx->Region, &applyCFList ); MacCtx.NvmCtx->NetworkActivation = ACTIVATION_TYPE_OTAA; if( LoRaMacConfirmQueueIsCmdActive( MLME_JOIN ) == true ) { LoRaMacConfirmQueueSetStatus( LORAMAC_EVENT_INFO_STATUS_OK, MLME_JOIN ); } } else { if( LoRaMacConfirmQueueIsCmdActive( MLME_JOIN ) == true ) { LoRaMacConfirmQueueSetStatus( LORAMAC_EVENT_INFO_STATUS_JOIN_FAIL, MLME_JOIN ); } } break; case FRAME_TYPE_DATA_CONFIRMED_DOWN: MacCtx.McpsIndication.McpsIndication = MCPS_CONFIRMED; case FRAME_TYPE_DATA_UNCONFIRMED_DOWN: getPhy.UplinkDwellTime = MacCtx.NvmCtx->MacParams.DownlinkDwellTime; getPhy.Datarate = MacCtx.McpsIndication.RxDatarate; getPhy.Attribute = PHY_MAX_PAYLOAD; phyParam = RegionGetPhyParam( MacCtx.NvmCtx->Region, &getPhy ); if( MAX( 0, ( int16_t )( ( int16_t ) size - ( int16_t ) LORA_MAC_FRMPAYLOAD_OVERHEAD ) ) > ( int16_t )phyParam.Value ) { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_ERROR; PrepareRxDoneAbort( ); return; } macMsgData.Buffer = payload; macMsgData.BufSize = size; macMsgData.FRMPayload = MacCtx.RxPayload; macMsgData.FRMPayloadSize = LORAMAC_PHY_MAXPAYLOAD; if( LORAMAC_PARSER_SUCCESS != LoRaMacParserData( &macMsgData ) ) { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_ERROR; PrepareRxDoneAbort( ); return; } MacCtx.McpsIndication.DevAddress = macMsgData.FHDR.DevAddr; FType_t fType; if( LORAMAC_STATUS_OK != DetermineFrameType( &macMsgData, &fType ) ) { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_ERROR; PrepareRxDoneAbort( ); return; } multicast = 0; downLinkCounter = 0; for( uint8_t i = 0; i < LORAMAC_MAX_MC_CTX; i++ ) { if( ( MacCtx.NvmCtx->MulticastChannelList[i].ChannelParams.Address == macMsgData.FHDR.DevAddr ) && ( MacCtx.NvmCtx->MulticastChannelList[i].ChannelParams.IsEnabled == true ) ) { multicast = 1; addrID = MacCtx.NvmCtx->MulticastChannelList[i].ChannelParams.GroupID; downLinkCounter = *( MacCtx.NvmCtx->MulticastChannelList[i].DownLinkCounter ); address = MacCtx.NvmCtx->MulticastChannelList[i].ChannelParams.Address; if( MacCtx.NvmCtx->DeviceClass == CLASS_C ) { MacCtx.McpsIndication.RxSlot = RX_SLOT_WIN_CLASS_C_MULTICAST; } break; } } if( ( multicast == 1 ) && ( ( fType != FRAME_TYPE_D ) || ( macMsgData.FHDR.FCtrl.Bits.Ack == true ) || ( macMsgData.FHDR.FCtrl.Bits.AdrAckReq == true ) ) ) { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_ERROR; PrepareRxDoneAbort( ); return; } getPhy.Attribute = PHY_MAX_FCNT_GAP; phyParam = RegionGetPhyParam( MacCtx.NvmCtx->Region, &getPhy ); macCryptoStatus = GetFCntDown( addrID, fType, &macMsgData, MacCtx.NvmCtx->Version, phyParam.Value, &fCntID, &downLinkCounter ); if( macCryptoStatus != LORAMAC_CRYPTO_SUCCESS ) { if( macCryptoStatus == LORAMAC_CRYPTO_FAIL_FCNT_DUPLICATED ) { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_DOWNLINK_REPEATED; if( ( MacCtx.NvmCtx->Version.Fields.Minor == 0 ) && ( macHdr.Bits.MType == FRAME_TYPE_DATA_CONFIRMED_DOWN ) && ( MacCtx.NvmCtx->LastRxMic == macMsgData.MIC ) ) { MacCtx.NvmCtx->SrvAckRequested = true; } } else if( macCryptoStatus == LORAMAC_CRYPTO_FAIL_MAX_GAP_FCNT ) { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_DOWNLINK_TOO_MANY_FRAMES_LOSS; } else { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_ERROR; } MacCtx.McpsIndication.DownLinkCounter = downLinkCounter; PrepareRxDoneAbort( ); return; } macCryptoStatus = LoRaMacCryptoUnsecureMessage( addrID, address, fCntID, downLinkCounter, &macMsgData ); if( macCryptoStatus != LORAMAC_CRYPTO_SUCCESS ) { if( macCryptoStatus == LORAMAC_CRYPTO_FAIL_ADDRESS ) { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_ADDRESS_FAIL; } else { MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_MIC_FAIL; } PrepareRxDoneAbort( ); return; } MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_OK; MacCtx.McpsIndication.Multicast = multicast; MacCtx.McpsIndication.FramePending = macMsgData.FHDR.FCtrl.Bits.FPending; MacCtx.McpsIndication.Buffer = NULL; MacCtx.McpsIndication.BufferSize = 0; MacCtx.McpsIndication.DownLinkCounter = downLinkCounter; MacCtx.McpsIndication.AckReceived = macMsgData.FHDR.FCtrl.Bits.Ack; MacCtx.McpsConfirm.Status = LORAMAC_EVENT_INFO_STATUS_OK; MacCtx.McpsConfirm.AckReceived = macMsgData.FHDR.FCtrl.Bits.Ack; if( ( MacCtx.McpsIndication.RxSlot == RX_SLOT_WIN_1 ) || ( MacCtx.McpsIndication.RxSlot == RX_SLOT_WIN_2 ) ) { MacCtx.NvmCtx->AdrAckCounter = 0; } if( multicast == 1 ) { MacCtx.McpsIndication.McpsIndication = MCPS_MULTICAST; } else { if( macHdr.Bits.MType == FRAME_TYPE_DATA_CONFIRMED_DOWN ) { MacCtx.NvmCtx->SrvAckRequested = true; if( MacCtx.NvmCtx->Version.Fields.Minor == 0 ) { MacCtx.NvmCtx->LastRxMic = macMsgData.MIC; } MacCtx.McpsIndication.McpsIndication = MCPS_CONFIRMED; } else { MacCtx.NvmCtx->SrvAckRequested = false; MacCtx.McpsIndication.McpsIndication = MCPS_UNCONFIRMED; } } RemoveMacCommands( MacCtx.McpsIndication.RxSlot, macMsgData.FHDR.FCtrl, MacCtx.McpsConfirm.McpsRequest ); switch( fType ) { case FRAME_TYPE_A: { ProcessMacCommands( macMsgData.FHDR.FOpts, 0, macMsgData.FHDR.FCtrl.Bits.FOptsLen, snr, MacCtx.McpsIndication.RxSlot ); MacCtx.McpsIndication.Port = macMsgData.FPort; MacCtx.McpsIndication.Buffer = macMsgData.FRMPayload; MacCtx.McpsIndication.BufferSize = macMsgData.FRMPayloadSize; MacCtx.McpsIndication.RxData = true; break; } case FRAME_TYPE_B: { ProcessMacCommands( macMsgData.FHDR.FOpts, 0, macMsgData.FHDR.FCtrl.Bits.FOptsLen, snr, MacCtx.McpsIndication.RxSlot ); MacCtx.McpsIndication.Port = macMsgData.FPort; break; } case FRAME_TYPE_C: { ProcessMacCommands( macMsgData.FRMPayload, 0, macMsgData.FRMPayloadSize, snr, MacCtx.McpsIndication.RxSlot ); MacCtx.McpsIndication.Port = macMsgData.FPort; break; } case FRAME_TYPE_D: { MacCtx.McpsIndication.Port = macMsgData.FPort; MacCtx.McpsIndication.Buffer = macMsgData.FRMPayload; MacCtx.McpsIndication.BufferSize = macMsgData.FRMPayloadSize; MacCtx.McpsIndication.RxData = true; break; } default: MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_ERROR; PrepareRxDoneAbort( ); break; } MacCtx.MacFlags.Bits.McpsInd = 1; break; case FRAME_TYPE_PROPRIETARY: memcpy1( MacCtx.RxPayload, &payload[pktHeaderLen], size - pktHeaderLen ); MacCtx.McpsIndication.McpsIndication = MCPS_PROPRIETARY; MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_OK; MacCtx.McpsIndication.Buffer = MacCtx.RxPayload; MacCtx.McpsIndication.BufferSize = size - pktHeaderLen; MacCtx.MacFlags.Bits.McpsInd = 1; break; default: MacCtx.McpsIndication.Status = LORAMAC_EVENT_INFO_STATUS_ERROR; PrepareRxDoneAbort( ); break; } if( MacCtx.NodeAckRequested == true ) { if( MacCtx.McpsConfirm.AckReceived == true ) { OnAckTimeoutTimerEvent( NULL ); } } else { if( MacCtx.NvmCtx->DeviceClass == CLASS_C ) { OnAckTimeoutTimerEvent( NULL ); } } MacCtx.MacFlags.Bits.MacDone = 1; UpdateRxSlotIdleState( ); } ",visit repo url,src/mac/LoRaMac.c,https://github.com/Lora-net/LoRaMac-node,17180227804206,1 1597,CWE-362,"int rds_sendmsg(struct socket *sock, struct msghdr *msg, size_t payload_len) { struct sock *sk = sock->sk; struct rds_sock *rs = rds_sk_to_rs(sk); DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name); __be32 daddr; __be16 dport; struct rds_message *rm = NULL; struct rds_connection *conn; int ret = 0; int queued = 0, allocated_mr = 0; int nonblock = msg->msg_flags & MSG_DONTWAIT; long timeo = sock_sndtimeo(sk, nonblock); if (msg->msg_flags & ~(MSG_DONTWAIT | MSG_CMSG_COMPAT)) { ret = -EOPNOTSUPP; goto out; } if (msg->msg_namelen) { if (msg->msg_namelen < sizeof(*usin) || usin->sin_family != AF_INET) { ret = -EINVAL; goto out; } daddr = usin->sin_addr.s_addr; dport = usin->sin_port; } else { lock_sock(sk); daddr = rs->rs_conn_addr; dport = rs->rs_conn_port; release_sock(sk); } if (daddr == 0 || rs->rs_bound_addr == 0) { ret = -ENOTCONN; goto out; } if (payload_len > rds_sk_sndbuf(rs)) { ret = -EMSGSIZE; goto out; } ret = rds_rm_size(msg, payload_len); if (ret < 0) goto out; rm = rds_message_alloc(ret, GFP_KERNEL); if (!rm) { ret = -ENOMEM; goto out; } if (payload_len) { rm->data.op_sg = rds_message_alloc_sgs(rm, ceil(payload_len, PAGE_SIZE)); if (!rm->data.op_sg) { ret = -ENOMEM; goto out; } ret = rds_message_copy_from_user(rm, &msg->msg_iter); if (ret) goto out; } rm->data.op_active = 1; rm->m_daddr = daddr; if (rs->rs_conn && rs->rs_conn->c_faddr == daddr) conn = rs->rs_conn; else { conn = rds_conn_create_outgoing(sock_net(sock->sk), rs->rs_bound_addr, daddr, rs->rs_transport, sock->sk->sk_allocation); if (IS_ERR(conn)) { ret = PTR_ERR(conn); goto out; } rs->rs_conn = conn; } ret = rds_cmsg_send(rs, rm, msg, &allocated_mr); if (ret) goto out; if (rm->rdma.op_active && !conn->c_trans->xmit_rdma) { printk_ratelimited(KERN_NOTICE ""rdma_op %p conn xmit_rdma %p\n"", &rm->rdma, conn->c_trans->xmit_rdma); ret = -EOPNOTSUPP; goto out; } if (rm->atomic.op_active && !conn->c_trans->xmit_atomic) { printk_ratelimited(KERN_NOTICE ""atomic_op %p conn xmit_atomic %p\n"", &rm->atomic, conn->c_trans->xmit_atomic); ret = -EOPNOTSUPP; goto out; } rds_conn_connect_if_down(conn); ret = rds_cong_wait(conn->c_fcong, dport, nonblock, rs); if (ret) { rs->rs_seen_congestion = 1; goto out; } while (!rds_send_queue_rm(rs, conn, rm, rs->rs_bound_port, dport, &queued)) { rds_stats_inc(s_send_queue_full); if (nonblock) { ret = -EAGAIN; goto out; } timeo = wait_event_interruptible_timeout(*sk_sleep(sk), rds_send_queue_rm(rs, conn, rm, rs->rs_bound_port, dport, &queued), timeo); rdsdebug(""sendmsg woke queued %d timeo %ld\n"", queued, timeo); if (timeo > 0 || timeo == MAX_SCHEDULE_TIMEOUT) continue; ret = timeo; if (ret == 0) ret = -ETIMEDOUT; goto out; } rds_stats_inc(s_send_queued); ret = rds_send_xmit(conn); if (ret == -ENOMEM || ret == -EAGAIN) queue_delayed_work(rds_wq, &conn->c_send_w, 1); rds_message_put(rm); return payload_len; out: if (allocated_mr) rds_rdma_unuse(rs, rds_rdma_cookie_key(rm->m_rdma_cookie), 1); if (rm) rds_message_put(rm); return ret; }",visit repo url,net/rds/send.c,https://github.com/torvalds/linux,219876621398087,1 4221,CWE-125,"static int string_scan_range(RList *list, RBinFile *bf, int min, const ut64 from, const ut64 to, int type, int raw, RBinSection *section) { RBin *bin = bf->rbin; ut8 tmp[R_STRING_SCAN_BUFFER_SIZE]; ut64 str_start, needle = from; int count = 0, i, rc, runes; int str_type = R_STRING_TYPE_DETECT; r_return_val_if_fail (bf, -1); if (type == -1) { type = R_STRING_TYPE_DETECT; } if (from == to) { return 0; } if (from > to) { eprintf (""Invalid range to find strings 0x%""PFMT64x"" .. 0x%""PFMT64x""\n"", from, to); return -1; } st64 len = (st64)(to - from); if (len < 1 || len > ST32_MAX) { eprintf (""String scan range is invalid (%""PFMT64d"" bytes)\n"", len); return -1; } ut8 *buf = calloc (len, 1); if (!buf || !min) { free (buf); return -1; } st64 vdelta = 0, pdelta = 0; RBinSection *s = NULL; bool ascii_only = false; PJ *pj = NULL; if (bf->strmode == R_MODE_JSON && !list) { pj = pj_new (); if (pj) { pj_a (pj); } } r_buf_read_at (bf->buf, from, buf, len); char *charset = r_sys_getenv (""RABIN2_CHARSET""); if (!R_STR_ISEMPTY (charset)) { RCharset *ch = r_charset_new (); if (r_charset_use (ch, charset)) { int outlen = len * 4; ut8 *out = calloc (len, 4); if (out) { int res = r_charset_encode_str (ch, out, outlen, buf, len); int i; for (i = 0; i < res; i++) { if (out[i] == '?') { out[i] = 0; } } len = res; free (buf); buf = out; } else { eprintf (""Cannot allocate\n""); } } else { eprintf (""Invalid value for RABIN2_CHARSET.\n""); } r_charset_free (ch); } free (charset); RConsIsBreaked is_breaked = (bin && bin->consb.is_breaked)? bin->consb.is_breaked: NULL; while (needle < to) { if (is_breaked && is_breaked ()) { break; } if (needle + 4 < to) { ut32 n1 = r_read_le32 (buf + needle - from); if (!n1) { needle += 4; continue; } } rc = r_utf8_decode (buf + needle - from, to - needle, NULL); if (!rc) { needle++; continue; } bool addr_aligned = !(needle % 4); if (type == R_STRING_TYPE_DETECT) { char *w = (char *)buf + needle + rc - from; if (((to - needle) > 8 + rc)) { bool is_wide32le = (needle + rc + 2 < to) && (!w[0] && !w[1] && !w[2] && w[3] && !w[4]); if (is_wide32le) { if (!w[5] && !w[6] && w[7] && w[8]) { is_wide32le = false; } } if (!addr_aligned) { is_wide32le = false; } if (is_wide32le && addr_aligned) { str_type = R_STRING_TYPE_WIDE32; } else { bool is_wide = needle + rc + 4 < to && !w[0] && w[1] && !w[2] && w[3] && !w[4]; str_type = is_wide? R_STRING_TYPE_WIDE: R_STRING_TYPE_ASCII; } } else { if (rc > 1) { str_type = R_STRING_TYPE_UTF8; } else { str_type = R_STRING_TYPE_ASCII; } } } else if (type == R_STRING_TYPE_UTF8) { str_type = R_STRING_TYPE_ASCII; } else { str_type = type; } runes = 0; str_start = needle; for (i = 0; i < sizeof (tmp) - 4 && needle < to; i += rc) { RRune r = {0}; if (str_type == R_STRING_TYPE_WIDE32) { rc = r_utf32le_decode (buf + needle - from, to - needle, &r); if (rc) { rc = 4; } } else if (str_type == R_STRING_TYPE_WIDE) { rc = r_utf16le_decode (buf + needle - from, to - needle, &r); if (rc == 1) { rc = 2; } } else { rc = r_utf8_decode (buf + needle - from, to - needle, &r); if (rc > 1) { str_type = R_STRING_TYPE_UTF8; } } if (!rc || (ascii_only && r > 0x7f)) { needle++; break; } needle += rc; if (r_isprint (r) && r != '\\') { if (str_type == R_STRING_TYPE_WIDE32) { if (r == 0xff) { r = 0; } } rc = r_utf8_encode (tmp + i, r); runes++; } else if (r && r < 0x100 && strchr (""\b\v\f\n\r\t\a\033\\"", (char)r)) { if ((i + 32) < sizeof (tmp) && r < 93) { tmp[i + 0] = '\\'; tmp[i + 1] = "" abtnvfr e "" "" "" "" "" "" \\""[r]; } else { break; } rc = 2; runes++; } else { break; } } tmp[i++] = '\0'; if (runes < min && runes >= 2 && str_type == R_STRING_TYPE_ASCII && needle < to) { needle -= 2; } if (runes >= min) { int j, num_blocks, *block_list; int *freq_list = NULL, expected_ascii, actual_ascii, num_chars; if (str_type == R_STRING_TYPE_ASCII) { for (j = 0; j < i; j++) { char ch = tmp[j]; if (ch != '\n' && ch != '\r' && ch != '\t') { if (!IS_PRINTABLE (tmp[j])) { continue; } } } } switch (str_type) { case R_STRING_TYPE_UTF8: case R_STRING_TYPE_WIDE: case R_STRING_TYPE_WIDE32: num_blocks = 0; block_list = r_utf_block_list ((const ut8*)tmp, i - 1, str_type == R_STRING_TYPE_WIDE? &freq_list: NULL); if (block_list) { for (j = 0; block_list[j] != -1; j++) { num_blocks++; } } if (freq_list) { num_chars = 0; actual_ascii = 0; for (j = 0; freq_list[j] != -1; j++) { num_chars += freq_list[j]; if (!block_list[j]) { actual_ascii = freq_list[j]; } } free (freq_list); expected_ascii = num_blocks ? num_chars / num_blocks : 0; if (actual_ascii > expected_ascii) { ascii_only = true; needle = str_start; free (block_list); continue; } } free (block_list); if (num_blocks > R_STRING_MAX_UNI_BLOCKS) { needle++; continue; } } RBinString *bs = R_NEW0 (RBinString); if (!bs) { break; } bs->type = str_type; bs->length = runes; bs->size = needle - str_start; bs->ordinal = count++; switch (str_type) { case R_STRING_TYPE_WIDE: if (str_start - from > 1) { const ut8 *p = buf + str_start - 2 - from; if (p[0] == 0xff && p[1] == 0xfe) { str_start -= 2; } } break; case R_STRING_TYPE_WIDE32: if (str_start - from > 3) { const ut8 *p = buf + str_start - 4 - from; if (p[0] == 0xff && p[1] == 0xfe) { str_start -= 4; } } break; } if (!s) { if (section) { s = section; } else if (bf->o) { s = r_bin_get_section_at (bf->o, str_start, false); } if (s) { vdelta = s->vaddr; pdelta = s->paddr; } } ut64 baddr = bf->loadaddr && bf->o? bf->o->baddr: bf->loadaddr; bs->paddr = str_start + baddr; bs->vaddr = str_start - pdelta + vdelta + baddr; bs->string = r_str_ndup ((const char *)tmp, i); if (list) { r_list_append (list, bs); if (bf->o) { ht_up_insert (bf->o->strings_db, bs->vaddr, bs); } } else { print_string (bf, bs, raw, pj); r_bin_string_free (bs); } if (from == 0 && to == bf->size) { s = NULL; } } ascii_only = false; } free (buf); if (pj) { pj_end (pj); if (bin) { RIO *io = bin->iob.io; if (io) { io->cb_printf (""%s"", pj_string (pj)); } } pj_free (pj); } return count; }",visit repo url,libr/bin/bfile.c,https://github.com/radareorg/radare2,260638021126397,1 3734,CWE-125,"int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { int is_rf64 = !strncmp (fourcc, ""RF64"", 4), got_ds64 = 0; int64_t total_samples = 0, infilesize; RiffChunkHeader riff_chunk_header; ChunkHeader chunk_header; WaveHeader WaveHeader; DS64Chunk ds64_chunk; uint32_t bcount; CLEAR (WaveHeader); CLEAR (ds64_chunk); infilesize = DoGetFileSize (infile); if (!is_rf64 && infilesize >= 4294967296LL && !(config->qmode & QMODE_IGNORE_LENGTH)) { error_line (""can't handle .WAV files larger than 4 GB (non-standard)!""); return WAVPACK_SOFT_ERROR; } memcpy (&riff_chunk_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &riff_chunk_header) + 4, sizeof (RiffChunkHeader) - 4, &bcount) || bcount != sizeof (RiffChunkHeader) - 4 || strncmp (riff_chunk_header.formType, ""WAVE"", 4))) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &riff_chunk_header, sizeof (RiffChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } while (1) { if (!DoReadFile (infile, &chunk_header, sizeof (ChunkHeader), &bcount) || bcount != sizeof (ChunkHeader)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &chunk_header, sizeof (ChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackLittleEndianToNative (&chunk_header, ChunkHeaderFormat); if (!strncmp (chunk_header.ckID, ""ds64"", 4)) { if (chunk_header.ckSize < sizeof (DS64Chunk) || !DoReadFile (infile, &ds64_chunk, chunk_header.ckSize, &bcount) || bcount != chunk_header.ckSize) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &ds64_chunk, chunk_header.ckSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } got_ds64 = 1; WavpackLittleEndianToNative (&ds64_chunk, DS64ChunkFormat); if (debug_logging_mode) error_line (""DS64: riffSize = %lld, dataSize = %lld, sampleCount = %lld, table_length = %d"", (long long) ds64_chunk.riffSize64, (long long) ds64_chunk.dataSize64, (long long) ds64_chunk.sampleCount64, ds64_chunk.tableLength); if (ds64_chunk.tableLength * sizeof (CS64Chunk) != chunk_header.ckSize - sizeof (DS64Chunk)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } while (ds64_chunk.tableLength--) { CS64Chunk cs64_chunk; if (!DoReadFile (infile, &cs64_chunk, sizeof (CS64Chunk), &bcount) || bcount != sizeof (CS64Chunk) || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &cs64_chunk, sizeof (CS64Chunk)))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } } } else if (!strncmp (chunk_header.ckID, ""fmt "", 4)) { int supported = TRUE, format; if (chunk_header.ckSize < 16 || chunk_header.ckSize > sizeof (WaveHeader) || !DoReadFile (infile, &WaveHeader, chunk_header.ckSize, &bcount) || bcount != chunk_header.ckSize) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &WaveHeader, chunk_header.ckSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackLittleEndianToNative (&WaveHeader, WaveHeaderFormat); if (debug_logging_mode) { error_line (""format tag size = %d"", chunk_header.ckSize); error_line (""FormatTag = %x, NumChannels = %d, BitsPerSample = %d"", WaveHeader.FormatTag, WaveHeader.NumChannels, WaveHeader.BitsPerSample); error_line (""BlockAlign = %d, SampleRate = %d, BytesPerSecond = %d"", WaveHeader.BlockAlign, WaveHeader.SampleRate, WaveHeader.BytesPerSecond); if (chunk_header.ckSize > 16) error_line (""cbSize = %d, ValidBitsPerSample = %d"", WaveHeader.cbSize, WaveHeader.ValidBitsPerSample); if (chunk_header.ckSize > 20) error_line (""ChannelMask = %x, SubFormat = %d"", WaveHeader.ChannelMask, WaveHeader.SubFormat); } if (chunk_header.ckSize > 16 && WaveHeader.cbSize == 2) config->qmode |= QMODE_ADOBE_MODE; format = (WaveHeader.FormatTag == 0xfffe && chunk_header.ckSize == 40) ? WaveHeader.SubFormat : WaveHeader.FormatTag; config->bits_per_sample = (chunk_header.ckSize == 40 && WaveHeader.ValidBitsPerSample) ? WaveHeader.ValidBitsPerSample : WaveHeader.BitsPerSample; if (format != 1 && format != 3) supported = FALSE; if (format == 3 && config->bits_per_sample != 32) supported = FALSE; if (!WaveHeader.NumChannels || WaveHeader.NumChannels > 256 || WaveHeader.BlockAlign / WaveHeader.NumChannels < (config->bits_per_sample + 7) / 8 || WaveHeader.BlockAlign / WaveHeader.NumChannels > 4 || WaveHeader.BlockAlign % WaveHeader.NumChannels) supported = FALSE; if (config->bits_per_sample < 1 || config->bits_per_sample > 32) supported = FALSE; if (!supported) { error_line (""%s is an unsupported .WAV format!"", infilename); return WAVPACK_SOFT_ERROR; } if (chunk_header.ckSize < 40) { if (!config->channel_mask && !(config->qmode & QMODE_CHANS_UNASSIGNED)) { if (WaveHeader.NumChannels <= 2) config->channel_mask = 0x5 - WaveHeader.NumChannels; else if (WaveHeader.NumChannels <= 18) config->channel_mask = (1 << WaveHeader.NumChannels) - 1; else config->channel_mask = 0x3ffff; } } else if (WaveHeader.ChannelMask && (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED))) { error_line (""this WAV file already has channel order information!""); return WAVPACK_SOFT_ERROR; } else if (WaveHeader.ChannelMask) config->channel_mask = WaveHeader.ChannelMask; if (format == 3) config->float_norm_exp = 127; else if ((config->qmode & QMODE_ADOBE_MODE) && WaveHeader.BlockAlign / WaveHeader.NumChannels == 4) { if (WaveHeader.BitsPerSample == 24) config->float_norm_exp = 127 + 23; else if (WaveHeader.BitsPerSample == 32) config->float_norm_exp = 127 + 15; } if (debug_logging_mode) { if (config->float_norm_exp == 127) error_line (""data format: normalized 32-bit floating point""); else if (config->float_norm_exp) error_line (""data format: 32-bit floating point (Audition %d:%d float type 1)"", config->float_norm_exp - 126, 150 - config->float_norm_exp); else error_line (""data format: %d-bit integers stored in %d byte(s)"", config->bits_per_sample, WaveHeader.BlockAlign / WaveHeader.NumChannels); } } else if (!strncmp (chunk_header.ckID, ""data"", 4)) { int64_t data_chunk_size = (got_ds64 && chunk_header.ckSize == (uint32_t) -1) ? ds64_chunk.dataSize64 : chunk_header.ckSize; if (!WaveHeader.NumChannels || (is_rf64 && !got_ds64)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } if (infilesize && !(config->qmode & QMODE_IGNORE_LENGTH) && infilesize - data_chunk_size > 16777216) { error_line (""this .WAV file has over 16 MB of extra RIFF data, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (config->qmode & QMODE_IGNORE_LENGTH) { if (infilesize && DoGetFilePosition (infile) != -1) total_samples = (infilesize - DoGetFilePosition (infile)) / WaveHeader.BlockAlign; else total_samples = -1; } else { total_samples = data_chunk_size / WaveHeader.BlockAlign; if (got_ds64 && total_samples != ds64_chunk.sampleCount64) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } if (!total_samples) { error_line (""this .WAV file has no audio samples, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (total_samples > MAX_WAVPACK_SAMPLES) { error_line (""%s has too many samples for WavPack!"", infilename); return WAVPACK_SOFT_ERROR; } } config->bytes_per_sample = WaveHeader.BlockAlign / WaveHeader.NumChannels; config->num_channels = WaveHeader.NumChannels; config->sample_rate = WaveHeader.SampleRate; break; } else { int bytes_to_copy = (chunk_header.ckSize + 1) & ~1L; char *buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", chunk_header.ckID [0], chunk_header.ckID [1], chunk_header.ckID [2], chunk_header.ckID [3], chunk_header.ckSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (!WavpackSetConfiguration64 (wpc, config, total_samples, NULL)) { error_line (""%s: %s"", infilename, WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } return WAVPACK_NO_ERROR; }",visit repo url,cli/riff.c,https://github.com/dbry/WavPack,243992511261911,1 3414,['CWE-264'],"int filp_close(struct file *filp, fl_owner_t id) { int retval = 0; if (!file_count(filp)) { printk(KERN_ERR ""VFS: Close: file count is 0\n""); return 0; } if (filp->f_op && filp->f_op->flush) retval = filp->f_op->flush(filp, id); dnotify_flush(filp, id); locks_remove_posix(filp, id); fput(filp); return retval; }",linux-2.6,,,12746644050157789131564823840819991098,0 986,CWE-269,"static int do_new_mount(struct path *path, const char *fstype, int flags, int mnt_flags, const char *name, void *data) { struct file_system_type *type; struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns; struct vfsmount *mnt; int err; if (!fstype) return -EINVAL; type = get_fs_type(fstype); if (!type) return -ENODEV; if (user_ns != &init_user_ns) { if (!(type->fs_flags & FS_USERNS_MOUNT)) { put_filesystem(type); return -EPERM; } if (!(type->fs_flags & FS_USERNS_DEV_MOUNT)) { flags |= MS_NODEV; mnt_flags |= MNT_NODEV; } } mnt = vfs_kern_mount(type, flags, name, data); if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE) && !mnt->mnt_sb->s_subtype) mnt = fs_set_subtype(mnt, fstype); put_filesystem(type); if (IS_ERR(mnt)) return PTR_ERR(mnt); err = do_add_mount(real_mount(mnt), path, mnt_flags); if (err) mntput(mnt); return err; }",visit repo url,fs/namespace.c,https://github.com/torvalds/linux,40309406162412,1 140,CWE-120,"static struct port_buffer *get_inbuf(struct port *port) { struct port_buffer *buf; unsigned int len; if (port->inbuf) return port->inbuf; buf = virtqueue_get_buf(port->in_vq, &len); if (buf) { buf->len = len; buf->offset = 0; port->stats.bytes_received += len; } return buf; }",visit repo url,drivers/char/virtio_console.c,https://github.com/torvalds/linux,248776888451949,1 6401,['CWE-59'],"check_fstab(const char *progname, char *mountpoint, char *devname, char **options) { return 0; }",samba,,,225883953640897590275946483747367060280,0 859,CWE-20,"static int recv_stream(struct kiocb *iocb, struct socket *sock, struct msghdr *m, size_t buf_len, int flags) { struct sock *sk = sock->sk; struct tipc_port *tport = tipc_sk_port(sk); struct sk_buff *buf; struct tipc_msg *msg; long timeout; unsigned int sz; int sz_to_copy, target, needed; int sz_copied = 0; u32 err; int res = 0; if (unlikely(!buf_len)) return -EINVAL; lock_sock(sk); if (unlikely((sock->state == SS_UNCONNECTED))) { res = -ENOTCONN; goto exit; } m->msg_namelen = 0; target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); restart: while (skb_queue_empty(&sk->sk_receive_queue)) { if (sock->state == SS_DISCONNECTING) { res = -ENOTCONN; goto exit; } if (timeout <= 0L) { res = timeout ? timeout : -EWOULDBLOCK; goto exit; } release_sock(sk); timeout = wait_event_interruptible_timeout(*sk_sleep(sk), tipc_rx_ready(sock), timeout); lock_sock(sk); } buf = skb_peek(&sk->sk_receive_queue); msg = buf_msg(buf); sz = msg_data_sz(msg); err = msg_errcode(msg); if ((!sz) && (!err)) { advance_rx_queue(sk); goto restart; } if (sz_copied == 0) { set_orig_addr(m, msg); res = anc_data_recv(m, msg, tport); if (res) goto exit; } if (!err) { u32 offset = (u32)(unsigned long)(TIPC_SKB_CB(buf)->handle); sz -= offset; needed = (buf_len - sz_copied); sz_to_copy = (sz <= needed) ? sz : needed; res = skb_copy_datagram_iovec(buf, msg_hdr_sz(msg) + offset, m->msg_iov, sz_to_copy); if (res) goto exit; sz_copied += sz_to_copy; if (sz_to_copy < sz) { if (!(flags & MSG_PEEK)) TIPC_SKB_CB(buf)->handle = (void *)(unsigned long)(offset + sz_to_copy); goto exit; } } else { if (sz_copied != 0) goto exit; if ((err == TIPC_CONN_SHUTDOWN) || m->msg_control) res = 0; else res = -ECONNRESET; } if (likely(!(flags & MSG_PEEK))) { if (unlikely(++tport->conn_unacked >= TIPC_FLOW_CONTROL_WIN)) tipc_acknowledge(tport->ref, tport->conn_unacked); advance_rx_queue(sk); } if ((sz_copied < buf_len) && (!skb_queue_empty(&sk->sk_receive_queue) || (sz_copied < target)) && (!(flags & MSG_PEEK)) && (!err)) goto restart; exit: release_sock(sk); return sz_copied ? sz_copied : res; }",visit repo url,net/tipc/socket.c,https://github.com/torvalds/linux,263298236416144,1 1194,CWE-400,"asmlinkage void user_unaligned_trap(struct pt_regs *regs, unsigned int insn) { enum direction dir; if(!(current->thread.flags & SPARC_FLAG_UNALIGNED) || (((insn >> 30) & 3) != 3)) goto kill_user; dir = decode_direction(insn); if(!ok_for_user(regs, insn, dir)) { goto kill_user; } else { int err, size = decode_access_size(insn); unsigned long addr; if(floating_point_load_or_store_p(insn)) { printk(""User FPU load/store unaligned unsupported.\n""); goto kill_user; } addr = compute_effective_address(regs, insn); perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, 0, regs, addr); switch(dir) { case load: err = do_int_load(fetch_reg_addr(((insn>>25)&0x1f), regs), size, (unsigned long *) addr, decode_signedness(insn)); break; case store: err = do_int_store(((insn>>25)&0x1f), size, (unsigned long *) addr, regs); break; case both: printk(""Unaligned SWAP unsupported.\n""); err = -EFAULT; break; default: unaligned_panic(""Impossible user unaligned trap.""); goto out; } if (err) goto kill_user; else advance(regs); goto out; } kill_user: user_mna_trap_fault(regs, insn); out: ; }",visit repo url,arch/sparc/kernel/unaligned_32.c,https://github.com/torvalds/linux,67537142225487,1 1221,CWE-400,"static enum hrtimer_restart perf_swevent_hrtimer(struct hrtimer *hrtimer) { enum hrtimer_restart ret = HRTIMER_RESTART; struct perf_sample_data data; struct pt_regs *regs; struct perf_event *event; u64 period; event = container_of(hrtimer, struct perf_event, hw.hrtimer); if (event->state != PERF_EVENT_STATE_ACTIVE) return HRTIMER_NORESTART; event->pmu->read(event); perf_sample_data_init(&data, 0); data.period = event->hw.last_period; regs = get_irq_regs(); if (regs && !perf_exclude_event(event, regs)) { if (!(event->attr.exclude_idle && current->pid == 0)) if (perf_event_overflow(event, 0, &data, regs)) ret = HRTIMER_NORESTART; } period = max_t(u64, 10000, event->hw.sample_period); hrtimer_forward_now(hrtimer, ns_to_ktime(period)); return ret; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,181606326422148,1 5481,NVD-CWE-noinfo,"void sqlite3EndTable( Parse *pParse, Token *pCons, Token *pEnd, u8 tabOpts, Select *pSelect ){ Table *p; sqlite3 *db = pParse->db; int iDb; Index *pIdx; if( pEnd==0 && pSelect==0 ){ return; } assert( !db->mallocFailed ); p = pParse->pNewTable; if( p==0 ) return; if( pSelect==0 && isShadowTableName(db, p->zName) ){ p->tabFlags |= TF_Shadow; } if( db->init.busy ){ if( pSelect ){ sqlite3ErrorMsg(pParse, """"); return; } p->tnum = db->init.newTnum; if( p->tnum==1 ) p->tabFlags |= TF_Readonly; } assert( (p->tabFlags & TF_HasPrimaryKey)==0 || p->iPKey>=0 || sqlite3PrimaryKeyIndex(p)!=0 ); assert( (p->tabFlags & TF_HasPrimaryKey)!=0 || (p->iPKey<0 && sqlite3PrimaryKeyIndex(p)==0) ); if( tabOpts & TF_WithoutRowid ){ if( (p->tabFlags & TF_Autoincrement) ){ sqlite3ErrorMsg(pParse, ""AUTOINCREMENT not allowed on WITHOUT ROWID tables""); return; } if( (p->tabFlags & TF_HasPrimaryKey)==0 ){ sqlite3ErrorMsg(pParse, ""PRIMARY KEY missing on table %s"", p->zName); return; } p->tabFlags |= TF_WithoutRowid | TF_NoVisibleRowid; convertToWithoutRowidTable(pParse, p); } iDb = sqlite3SchemaToIndex(db, p->pSchema); #ifndef SQLITE_OMIT_CHECK if( p->pCheck ){ sqlite3ResolveSelfReference(pParse, p, NC_IsCheck, 0, p->pCheck); } #endif #ifndef SQLITE_OMIT_GENERATED_COLUMNS if( p->tabFlags & TF_HasGenerated ){ int ii, nNG = 0; testcase( p->tabFlags & TF_HasVirtual ); testcase( p->tabFlags & TF_HasStored ); for(ii=0; iinCol; ii++){ u32 colFlags = p->aCol[ii].colFlags; if( (colFlags & COLFLAG_GENERATED)!=0 ){ testcase( colFlags & COLFLAG_VIRTUAL ); testcase( colFlags & COLFLAG_STORED ); sqlite3ResolveSelfReference(pParse, p, NC_GenCol, p->aCol[ii].pDflt, 0); }else{ nNG++; } } if( nNG==0 ){ sqlite3ErrorMsg(pParse, ""must have at least one non-generated column""); return; } } #endif estimateTableWidth(p); for(pIdx=p->pIndex; pIdx; pIdx=pIdx->pNext){ estimateIndexWidth(pIdx); } if( !db->init.busy ){ int n; Vdbe *v; char *zType; char *zType2; char *zStmt; v = sqlite3GetVdbe(pParse); if( NEVER(v==0) ) return; sqlite3VdbeAddOp1(v, OP_Close, 0); if( p->pSelect==0 ){ zType = ""table""; zType2 = ""TABLE""; #ifndef SQLITE_OMIT_VIEW }else{ zType = ""view""; zType2 = ""VIEW""; #endif } if( pSelect ){ SelectDest dest; int regYield; int addrTop; int regRec; int regRowid; int addrInsLoop; Table *pSelTab; regYield = ++pParse->nMem; regRec = ++pParse->nMem; regRowid = ++pParse->nMem; assert(pParse->nTab==1); sqlite3MayAbort(pParse); sqlite3VdbeAddOp3(v, OP_OpenWrite, 1, pParse->regRoot, iDb); sqlite3VdbeChangeP5(v, OPFLAG_P2ISREG); pParse->nTab = 2; addrTop = sqlite3VdbeCurrentAddr(v) + 1; sqlite3VdbeAddOp3(v, OP_InitCoroutine, regYield, 0, addrTop); if( pParse->nErr ) return; pSelTab = sqlite3ResultSetOfSelect(pParse, pSelect, SQLITE_AFF_BLOB); if( pSelTab==0 ) return; assert( p->aCol==0 ); p->nCol = p->nNVCol = pSelTab->nCol; p->aCol = pSelTab->aCol; pSelTab->nCol = 0; pSelTab->aCol = 0; sqlite3DeleteTable(db, pSelTab); sqlite3SelectDestInit(&dest, SRT_Coroutine, regYield); sqlite3Select(pParse, pSelect, &dest); if( pParse->nErr ) return; sqlite3VdbeEndCoroutine(v, regYield); sqlite3VdbeJumpHere(v, addrTop - 1); addrInsLoop = sqlite3VdbeAddOp1(v, OP_Yield, dest.iSDParm); VdbeCoverage(v); sqlite3VdbeAddOp3(v, OP_MakeRecord, dest.iSdst, dest.nSdst, regRec); sqlite3TableAffinity(v, p, 0); sqlite3VdbeAddOp2(v, OP_NewRowid, 1, regRowid); sqlite3VdbeAddOp3(v, OP_Insert, 1, regRec, regRowid); sqlite3VdbeGoto(v, addrInsLoop); sqlite3VdbeJumpHere(v, addrInsLoop); sqlite3VdbeAddOp1(v, OP_Close, 1); } if( pSelect ){ zStmt = createTableStmt(db, p); }else{ Token *pEnd2 = tabOpts ? &pParse->sLastToken : pEnd; n = (int)(pEnd2->z - pParse->sNameToken.z); if( pEnd2->z[0]!=';' ) n += pEnd2->n; zStmt = sqlite3MPrintf(db, ""CREATE %s %.*s"", zType2, n, pParse->sNameToken.z ); } sqlite3NestedParse(pParse, ""UPDATE %Q.%s "" ""SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q "" ""WHERE rowid=#%d"", db->aDb[iDb].zDbSName, MASTER_NAME, zType, p->zName, p->zName, pParse->regRoot, zStmt, pParse->regRowid ); sqlite3DbFree(db, zStmt); sqlite3ChangeCookie(pParse, iDb); #ifndef SQLITE_OMIT_AUTOINCREMENT if( (p->tabFlags & TF_Autoincrement)!=0 ){ Db *pDb = &db->aDb[iDb]; assert( sqlite3SchemaMutexHeld(db, iDb, 0) ); if( pDb->pSchema->pSeqTab==0 ){ sqlite3NestedParse(pParse, ""CREATE TABLE %Q.sqlite_sequence(name,seq)"", pDb->zDbSName ); } } #endif sqlite3VdbeAddParseSchemaOp(v, iDb, sqlite3MPrintf(db, ""tbl_name='%q' AND type!='trigger'"", p->zName)); } if( db->init.busy ){ Table *pOld; Schema *pSchema = p->pSchema; assert( sqlite3SchemaMutexHeld(db, iDb, 0) ); pOld = sqlite3HashInsert(&pSchema->tblHash, p->zName, p); if( pOld ){ assert( p==pOld ); sqlite3OomFault(db); return; } pParse->pNewTable = 0; db->mDbFlags |= DBFLAG_SchemaChange; #ifndef SQLITE_OMIT_ALTERTABLE if( !p->pSelect ){ const char *zName = (const char *)pParse->sNameToken.z; int nName; assert( !pSelect && pCons && pEnd ); if( pCons->z==0 ){ pCons = pEnd; } nName = (int)((const char *)pCons->z - zName); p->addColOffset = 13 + sqlite3Utf8CharLen(zName, nName); } #endif } }",visit repo url,src/build.c,https://github.com/sqlite/sqlite,119129381167384,1 6558,CWE-134,"int ecall_start(struct ecall *ecall, enum icall_call_type call_type, bool audio_cbr) { int err; info(""ecall(%p): start\n"", ecall); if (!ecall) return EINVAL; #ifdef ECALL_CBR_ALWAYS_ON audio_cbr = true; #endif if (ecall->econn) { if (ECONN_PENDING_INCOMING == econn_current_state(ecall->econn)) { return ecall_answer(ecall, call_type, audio_cbr); } else { warning(""ecall: start: already in progress (econn=%s)\n"", econn_state_name(econn_current_state(ecall->econn))); return EALREADY; } } #if 0 if (ecall->turnc == 0) { warning(""ecall: start: no TURN servers -- cannot start\n""); return EINTR; } #endif ecall->call_type = call_type; err = ecall_create_econn(ecall); if (err) { warning(""ecall: start: create_econn failed: %m\n"", err); return err; } econn_set_state(ecall_get_econn(ecall), ECONN_PENDING_OUTGOING); err = alloc_flow(ecall, ASYNC_OFFER, ecall->call_type, audio_cbr); if (err) { warning(""ecall: start: alloc_flow failed: %m\n"", err); goto out; } IFLOW_CALL(ecall->flow, set_audio_cbr, audio_cbr); if (ecall->props_local && (call_type == ICALL_CALL_TYPE_VIDEO && ecall->vstate == ICALL_VIDEO_STATE_STARTED)) { const char *vstate_string = ""true""; int err2 = econn_props_update(ecall->props_local, ""videosend"", vstate_string); if (err2) { warning(""ecall(%p): econn_props_update(videosend)"", "" failed (%m)\n"", ecall, err2); } } ecall->sdp.async = ASYNC_NONE; err = generate_offer(ecall); if (err) { warning(""ecall(%p): start: generate_offer"" "" failed (%m)\n"", ecall, err); goto out; } ecall->ts_started = tmr_jiffies(); ecall->call_setup_time = -1; out: return err; }",visit repo url,src/ecall/ecall.c,https://github.com/wireapp/wire-avs,55935753031409,1 3876,CWE-416,"eval_next_line(char_u *arg, evalarg_T *evalarg) { garray_T *gap = &evalarg->eval_ga; char_u *line; if (arg != NULL) { if (*arg == NL) return newline_skip_comments(arg); if (*skipwhite(arg) == '#') *arg = NUL; } if (evalarg->eval_cookie != NULL) line = evalarg->eval_getline(0, evalarg->eval_cookie, 0, GETLINE_CONCAT_ALL); else line = next_line_from_context(evalarg->eval_cctx, TRUE); if (line == NULL) return NULL; ++evalarg->eval_break_count; if (gap->ga_itemsize > 0 && ga_grow(gap, 1) == OK) { char_u *p = skipwhite(line); if (*p == NUL || vim9_comment_start(p)) { vim_free(line); line = vim_strsave((char_u *)""""); } ((char_u **)gap->ga_data)[gap->ga_len] = line; ++gap->ga_len; } else if (evalarg->eval_cookie != NULL) { vim_free(evalarg->eval_tofree); evalarg->eval_tofree = line; } evalarg->eval_using_cmdline = FALSE; return skipwhite(line); }",visit repo url,src/eval.c,https://github.com/vim/vim,192122909056600,1 3013,['CWE-189'],"void jpc_ft_fwdlift_colgrp(jpc_fix_t *a, int numrows, int stride, int parity) { jpc_fix_t *lptr; jpc_fix_t *hptr; register jpc_fix_t *lptr2; register jpc_fix_t *hptr2; register int n; register int i; int llen; llen = (numrows + 1 - parity) >> 1; if (numrows > 1) { lptr = &a[0]; hptr = &a[llen * stride]; if (parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { hptr2[0] -= lptr2[0]; ++hptr2; ++lptr2; } hptr += stride; } n = numrows - llen - parity - (parity == (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { hptr2[0] -= (lptr2[0] + lptr2[stride]) >> 1; ++lptr2; ++hptr2; } hptr += stride; lptr += stride; } if (parity == (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { hptr2[0] -= lptr2[0]; ++lptr2; ++hptr2; } } lptr = &a[0]; hptr = &a[llen * stride]; if (!parity) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] += (hptr2[0] + 1) >> 1; ++lptr2; ++hptr2; } lptr += stride; } n = llen - (!parity) - (parity != (numrows & 1)); while (n-- > 0) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] += (hptr2[0] + hptr2[stride] + 2) >> 2; ++lptr2; ++hptr2; } lptr += stride; hptr += stride; } if (parity != (numrows & 1)) { lptr2 = lptr; hptr2 = hptr; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] += (hptr2[0] + 1) >> 1; ++lptr2; ++hptr2; } } } else { if (parity) { lptr2 = &a[0]; for (i = 0; i < JPC_QMFB_COLGRPSIZE; ++i) { lptr2[0] <<= 1; ++lptr2; } } } }",jasper,,,31764455611641897642325625029586292230,0 222,CWE-285,"int ceph_set_acl(struct inode *inode, struct posix_acl *acl, int type) { int ret = 0, size = 0; const char *name = NULL; char *value = NULL; struct iattr newattrs; umode_t new_mode = inode->i_mode, old_mode = inode->i_mode; switch (type) { case ACL_TYPE_ACCESS: name = XATTR_NAME_POSIX_ACL_ACCESS; if (acl) { ret = posix_acl_equiv_mode(acl, &new_mode); if (ret < 0) goto out; if (ret == 0) acl = NULL; } break; case ACL_TYPE_DEFAULT: if (!S_ISDIR(inode->i_mode)) { ret = acl ? -EINVAL : 0; goto out; } name = XATTR_NAME_POSIX_ACL_DEFAULT; break; default: ret = -EINVAL; goto out; } if (acl) { size = posix_acl_xattr_size(acl->a_count); value = kmalloc(size, GFP_NOFS); if (!value) { ret = -ENOMEM; goto out; } ret = posix_acl_to_xattr(&init_user_ns, acl, value, size); if (ret < 0) goto out_free; } if (new_mode != old_mode) { newattrs.ia_mode = new_mode; newattrs.ia_valid = ATTR_MODE; ret = __ceph_setattr(inode, &newattrs); if (ret) goto out_free; } ret = __ceph_setxattr(inode, name, value, size, 0); if (ret) { if (new_mode != old_mode) { newattrs.ia_mode = old_mode; newattrs.ia_valid = ATTR_MODE; __ceph_setattr(inode, &newattrs); } goto out_free; } ceph_set_cached_acl(inode, type, acl); out_free: kfree(value); out: return ret; }",visit repo url,fs/ceph/acl.c,https://github.com/torvalds/linux,98013544837187,1 2361,CWE-125,"static void read_quant_matrix_ext(MpegEncContext *s, GetBitContext *gb) { int i, j, v; if (get_bits1(gb)) { for (i = 0; i < 64; i++) { v = get_bits(gb, 8); j = s->idsp.idct_permutation[ff_zigzag_direct[i]]; s->intra_matrix[j] = v; s->chroma_intra_matrix[j] = v; } } if (get_bits1(gb)) { for (i = 0; i < 64; i++) { get_bits(gb, 8); } } if (get_bits1(gb)) { for (i = 0; i < 64; i++) { v = get_bits(gb, 8); j = s->idsp.idct_permutation[ff_zigzag_direct[i]]; s->chroma_intra_matrix[j] = v; } } if (get_bits1(gb)) { for (i = 0; i < 64; i++) { get_bits(gb, 8); } } next_start_code_studio(gb); }",visit repo url,libavcodec/mpeg4videodec.c,https://github.com/FFmpeg/FFmpeg,272206664039389,1 1303,['CWE-119'],"asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch) { if (ctx->pointer >= ctx->end) { ctx->error = ASN1_ERR_DEC_EMPTY; return 0; } *ch = *(ctx->pointer)++; return 1; }",linux-2.6,,,37719404547481230562695884386951831016,0 2517,['CWE-119'],"static void file_add_remove(struct diff_options *options, int addremove, unsigned mode, const unsigned char *sha1, const char *fullpath) { int diff = REV_TREE_DIFFERENT; if (addremove == '+') { diff = tree_difference; if (diff != REV_TREE_SAME) return; diff = REV_TREE_NEW; } tree_difference = diff; if (tree_difference == REV_TREE_DIFFERENT) DIFF_OPT_SET(options, HAS_CHANGES); }",git,,,299104969348083512513845927510918301487,0 21,['CWE-264'],"static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, int unquotedlen, char **quoted, int *quotedlen, enum pdo_param_type paramtype TSRMLS_DC) { *quoted = safe_emalloc(2, unquotedlen, 3); sqlite3_snprintf(2*unquotedlen + 3, *quoted, ""'%q'"", unquoted); *quotedlen = strlen(*quoted); return 1; }",php-src,,,278824340571635316877368903075312538343,0 4949,['CWE-20'],"static int is_atomic_open(struct inode *dir, struct nameidata *nd) { if (nd == NULL || nfs_lookup_check_intent(nd, LOOKUP_OPEN) == 0) return 0; if (nd->flags & LOOKUP_DIRECTORY) return 0; if (IS_RDONLY(dir) && (nd->intent.open.flags & (O_CREAT|O_TRUNC|FMODE_WRITE))) return 0; return 1; }",linux-2.6,,,210061697185313648021048460506994403299,0 5527,['CWE-119'],"static void wipe_auth_tok_list(struct list_head *auth_tok_list_head) { struct ecryptfs_auth_tok_list_item *auth_tok_list_item; struct ecryptfs_auth_tok_list_item *auth_tok_list_item_tmp; list_for_each_entry_safe(auth_tok_list_item, auth_tok_list_item_tmp, auth_tok_list_head, list) { list_del(&auth_tok_list_item->list); kmem_cache_free(ecryptfs_auth_tok_list_item_cache, auth_tok_list_item); } }",linux-2.6,,,109123583158608713261700935632182472501,0 3899,['CWE-399'],static int tda9855_volume(int val) { return val/0x2e8+0x27; },linux-2.6,,,175870217736486694476296081045670953678,0 5285,CWE-601,"static int oidc_handle_logout(request_rec *r, oidc_cfg *c, oidc_session_t *session) { oidc_provider_t *provider = NULL; char *url = NULL; oidc_util_get_request_parameter(r, OIDC_REDIRECT_URI_REQUEST_LOGOUT, &url); oidc_debug(r, ""enter (url=%s)"", url); if (oidc_is_front_channel_logout(url)) { return oidc_handle_logout_request(r, c, session, url); } else if (oidc_is_back_channel_logout(url)) { return oidc_handle_logout_backchannel(r, c); } if ((url == NULL) || (apr_strnatcmp(url, """") == 0)) { url = c->default_slo_url; } else { const char *error_description = NULL; apr_uri_t uri; if (apr_uri_parse(r->pool, url, &uri) != APR_SUCCESS) { const char *error_description = apr_psprintf(r->pool, ""Logout URL malformed: %s"", url); oidc_error(r, ""%s"", error_description); return oidc_util_html_send_error(r, c->error_template, ""Malformed URL"", error_description, HTTP_INTERNAL_SERVER_ERROR); } const char *c_host = oidc_get_current_url_host(r); if ((uri.hostname != NULL) && ((strstr(c_host, uri.hostname) == NULL) || (strstr(uri.hostname, c_host) == NULL))) { error_description = apr_psprintf(r->pool, ""logout value \""%s\"" does not match the hostname of the current request \""%s\"""", apr_uri_unparse(r->pool, &uri, 0), c_host); oidc_error(r, ""%s"", error_description); return oidc_util_html_send_error(r, c->error_template, ""Invalid Request"", error_description, HTTP_INTERNAL_SERVER_ERROR); } if (((strstr(url, ""\n"") != NULL) || strstr(url, ""\r"") != NULL)) { error_description = apr_psprintf(r->pool, ""logout value \""%s\"" contains illegal \""\n\"" or \""\r\"" character(s)"", url); oidc_error(r, ""%s"", error_description); return oidc_util_html_send_error(r, c->error_template, ""Invalid Request"", error_description, HTTP_INTERNAL_SERVER_ERROR); } } oidc_get_provider_from_session(r, c, session, &provider); if ((provider != NULL) && (provider->end_session_endpoint != NULL)) { const char *id_token_hint = oidc_session_get_idtoken(r, session); char *logout_request = apr_pstrdup(r->pool, provider->end_session_endpoint); if (id_token_hint != NULL) { logout_request = apr_psprintf(r->pool, ""%s%sid_token_hint=%s"", logout_request, strchr(logout_request ? logout_request : """", OIDC_CHAR_QUERY) != NULL ? OIDC_STR_AMP : OIDC_STR_QUERY, oidc_util_escape_string(r, id_token_hint)); } if (url != NULL) { logout_request = apr_psprintf(r->pool, ""%s%spost_logout_redirect_uri=%s"", logout_request, strchr(logout_request ? logout_request : """", OIDC_CHAR_QUERY) != NULL ? OIDC_STR_AMP : OIDC_STR_QUERY, oidc_util_escape_string(r, url)); } url = logout_request; } return oidc_handle_logout_request(r, c, session, url); }",visit repo url,src/mod_auth_openidc.c,https://github.com/zmartzone/mod_auth_openidc,138570726463447,1 2127,CWE-189,"static int do_check(struct bpf_verifier_env *env) { struct bpf_verifier_state *state; struct bpf_insn *insns = env->prog->insnsi; struct bpf_reg_state *regs; int insn_cnt = env->prog->len, i; int insn_processed = 0; bool do_print_state = false; env->prev_linfo = NULL; state = kzalloc(sizeof(struct bpf_verifier_state), GFP_KERNEL); if (!state) return -ENOMEM; state->curframe = 0; state->frame[0] = kzalloc(sizeof(struct bpf_func_state), GFP_KERNEL); if (!state->frame[0]) { kfree(state); return -ENOMEM; } env->cur_state = state; init_func_state(env, state->frame[0], BPF_MAIN_FUNC , 0 , 0 ); for (;;) { struct bpf_insn *insn; u8 class; int err; if (env->insn_idx >= insn_cnt) { verbose(env, ""invalid insn idx %d insn_cnt %d\n"", env->insn_idx, insn_cnt); return -EFAULT; } insn = &insns[env->insn_idx]; class = BPF_CLASS(insn->code); if (++insn_processed > BPF_COMPLEXITY_LIMIT_INSNS) { verbose(env, ""BPF program is too large. Processed %d insn\n"", insn_processed); return -E2BIG; } err = is_state_visited(env, env->insn_idx); if (err < 0) return err; if (err == 1) { if (env->log.level) { if (do_print_state) verbose(env, ""\nfrom %d to %d: safe\n"", env->prev_insn_idx, env->insn_idx); else verbose(env, ""%d: safe\n"", env->insn_idx); } goto process_bpf_exit; } if (signal_pending(current)) return -EAGAIN; if (need_resched()) cond_resched(); if (env->log.level > 1 || (env->log.level && do_print_state)) { if (env->log.level > 1) verbose(env, ""%d:"", env->insn_idx); else verbose(env, ""\nfrom %d to %d:"", env->prev_insn_idx, env->insn_idx); print_verifier_state(env, state->frame[state->curframe]); do_print_state = false; } if (env->log.level) { const struct bpf_insn_cbs cbs = { .cb_print = verbose, .private_data = env, }; verbose_linfo(env, env->insn_idx, ""; ""); verbose(env, ""%d: "", env->insn_idx); print_bpf_insn(&cbs, insn, env->allow_ptr_leaks); } if (bpf_prog_is_dev_bound(env->prog->aux)) { err = bpf_prog_offload_verify_insn(env, env->insn_idx, env->prev_insn_idx); if (err) return err; } regs = cur_regs(env); env->insn_aux_data[env->insn_idx].seen = true; if (class == BPF_ALU || class == BPF_ALU64) { err = check_alu_op(env, insn); if (err) return err; } else if (class == BPF_LDX) { enum bpf_reg_type *prev_src_type, src_reg_type; err = check_reg_arg(env, insn->src_reg, SRC_OP); if (err) return err; err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); if (err) return err; src_reg_type = regs[insn->src_reg].type; err = check_mem_access(env, env->insn_idx, insn->src_reg, insn->off, BPF_SIZE(insn->code), BPF_READ, insn->dst_reg, false); if (err) return err; prev_src_type = &env->insn_aux_data[env->insn_idx].ptr_type; if (*prev_src_type == NOT_INIT) { *prev_src_type = src_reg_type; } else if (reg_type_mismatch(src_reg_type, *prev_src_type)) { verbose(env, ""same insn cannot be used with different pointers\n""); return -EINVAL; } } else if (class == BPF_STX) { enum bpf_reg_type *prev_dst_type, dst_reg_type; if (BPF_MODE(insn->code) == BPF_XADD) { err = check_xadd(env, env->insn_idx, insn); if (err) return err; env->insn_idx++; continue; } err = check_reg_arg(env, insn->src_reg, SRC_OP); if (err) return err; err = check_reg_arg(env, insn->dst_reg, SRC_OP); if (err) return err; dst_reg_type = regs[insn->dst_reg].type; err = check_mem_access(env, env->insn_idx, insn->dst_reg, insn->off, BPF_SIZE(insn->code), BPF_WRITE, insn->src_reg, false); if (err) return err; prev_dst_type = &env->insn_aux_data[env->insn_idx].ptr_type; if (*prev_dst_type == NOT_INIT) { *prev_dst_type = dst_reg_type; } else if (reg_type_mismatch(dst_reg_type, *prev_dst_type)) { verbose(env, ""same insn cannot be used with different pointers\n""); return -EINVAL; } } else if (class == BPF_ST) { if (BPF_MODE(insn->code) != BPF_MEM || insn->src_reg != BPF_REG_0) { verbose(env, ""BPF_ST uses reserved fields\n""); return -EINVAL; } err = check_reg_arg(env, insn->dst_reg, SRC_OP); if (err) return err; if (is_ctx_reg(env, insn->dst_reg)) { verbose(env, ""BPF_ST stores into R%d %s is not allowed\n"", insn->dst_reg, reg_type_str[reg_state(env, insn->dst_reg)->type]); return -EACCES; } err = check_mem_access(env, env->insn_idx, insn->dst_reg, insn->off, BPF_SIZE(insn->code), BPF_WRITE, -1, false); if (err) return err; } else if (class == BPF_JMP) { u8 opcode = BPF_OP(insn->code); if (opcode == BPF_CALL) { if (BPF_SRC(insn->code) != BPF_K || insn->off != 0 || (insn->src_reg != BPF_REG_0 && insn->src_reg != BPF_PSEUDO_CALL) || insn->dst_reg != BPF_REG_0) { verbose(env, ""BPF_CALL uses reserved fields\n""); return -EINVAL; } if (insn->src_reg == BPF_PSEUDO_CALL) err = check_func_call(env, insn, &env->insn_idx); else err = check_helper_call(env, insn->imm, env->insn_idx); if (err) return err; } else if (opcode == BPF_JA) { if (BPF_SRC(insn->code) != BPF_K || insn->imm != 0 || insn->src_reg != BPF_REG_0 || insn->dst_reg != BPF_REG_0) { verbose(env, ""BPF_JA uses reserved fields\n""); return -EINVAL; } env->insn_idx += insn->off + 1; continue; } else if (opcode == BPF_EXIT) { if (BPF_SRC(insn->code) != BPF_K || insn->imm != 0 || insn->src_reg != BPF_REG_0 || insn->dst_reg != BPF_REG_0) { verbose(env, ""BPF_EXIT uses reserved fields\n""); return -EINVAL; } if (state->curframe) { env->prev_insn_idx = env->insn_idx; err = prepare_func_exit(env, &env->insn_idx); if (err) return err; do_print_state = true; continue; } err = check_reference_leak(env); if (err) return err; err = check_reg_arg(env, BPF_REG_0, SRC_OP); if (err) return err; if (is_pointer_value(env, BPF_REG_0)) { verbose(env, ""R0 leaks addr as return value\n""); return -EACCES; } err = check_return_code(env); if (err) return err; process_bpf_exit: err = pop_stack(env, &env->prev_insn_idx, &env->insn_idx); if (err < 0) { if (err != -ENOENT) return err; break; } else { do_print_state = true; continue; } } else { err = check_cond_jmp_op(env, insn, &env->insn_idx); if (err) return err; } } else if (class == BPF_LD) { u8 mode = BPF_MODE(insn->code); if (mode == BPF_ABS || mode == BPF_IND) { err = check_ld_abs(env, insn); if (err) return err; } else if (mode == BPF_IMM) { err = check_ld_imm(env, insn); if (err) return err; env->insn_idx++; env->insn_aux_data[env->insn_idx].seen = true; } else { verbose(env, ""invalid BPF_LD mode\n""); return -EINVAL; } } else { verbose(env, ""unknown insn class %d\n"", class); return -EINVAL; } env->insn_idx++; } verbose(env, ""processed %d insns (limit %d), stack depth "", insn_processed, BPF_COMPLEXITY_LIMIT_INSNS); for (i = 0; i < env->subprog_cnt; i++) { u32 depth = env->subprog_info[i].stack_depth; verbose(env, ""%d"", depth); if (i + 1 < env->subprog_cnt) verbose(env, ""+""); } verbose(env, ""\n""); env->prog->aux->stack_depth = env->subprog_info[0].stack_depth; return 0; }",visit repo url,kernel/bpf/verifier.c,https://github.com/torvalds/linux,275392614012455,1 3900,CWE-416,"qf_jump_newwin(qf_info_T *qi, int dir, int errornr, int forceit, int newwin) { qf_list_T *qfl; qfline_T *qf_ptr; qfline_T *old_qf_ptr; int qf_index; int old_qf_index; char_u *old_swb = p_swb; unsigned old_swb_flags = swb_flags; int prev_winid; int opened_window = FALSE; int print_message = TRUE; int old_KeyTyped = KeyTyped; int retval = OK; if (qi == NULL) qi = &ql_info; if (qf_stack_empty(qi) || qf_list_empty(qf_get_curlist(qi))) { emsg(_(e_no_errors)); return; } incr_quickfix_busy(); qfl = qf_get_curlist(qi); qf_ptr = qfl->qf_ptr; old_qf_ptr = qf_ptr; qf_index = qfl->qf_index; old_qf_index = qf_index; qf_ptr = qf_get_entry(qfl, errornr, dir, &qf_index); if (qf_ptr == NULL) { qf_ptr = old_qf_ptr; qf_index = old_qf_index; goto theend; } qfl->qf_index = qf_index; qfl->qf_ptr = qf_ptr; if (qf_win_pos_update(qi, old_qf_index)) print_message = FALSE; prev_winid = curwin->w_id; retval = qf_jump_open_window(qi, qf_ptr, newwin, &opened_window); if (retval == FAIL) goto failed; if (retval == NOTDONE) goto theend; retval = qf_jump_to_buffer(qi, qf_index, qf_ptr, forceit, prev_winid, &opened_window, old_KeyTyped, print_message); if (retval == NOTDONE) { qi = NULL; qf_ptr = NULL; } if (retval != OK) { if (opened_window) win_close(curwin, TRUE); if (qf_ptr != NULL && qf_ptr->qf_fnum != 0) { failed: qf_ptr = old_qf_ptr; qf_index = old_qf_index; } } theend: if (qi != NULL) { qfl->qf_ptr = qf_ptr; qfl->qf_index = qf_index; } if (p_swb != old_swb && p_swb == empty_option) { p_swb = old_swb; swb_flags = old_swb_flags; } decr_quickfix_busy(); }",visit repo url,src/quickfix.c,https://github.com/vim/vim,133691216872892,1 6699,['CWE-200'],"edit_connection_cb (GtkButton *button, gpointer user_data) { do_edit ((ActionInfo *) user_data); }",network-manager-applet,,,214210348301285130179369593068445629830,0 5312,['CWE-119'],"static int set_offload(struct net_device *dev, unsigned long arg) { unsigned int old_features, features; old_features = dev->features; features = (old_features & ~(NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST |NETIF_F_TSO_ECN|NETIF_F_TSO|NETIF_F_TSO6)); if (arg & TUN_F_CSUM) { features |= NETIF_F_HW_CSUM|NETIF_F_SG|NETIF_F_FRAGLIST; arg &= ~TUN_F_CSUM; if (arg & (TUN_F_TSO4|TUN_F_TSO6)) { if (arg & TUN_F_TSO_ECN) { features |= NETIF_F_TSO_ECN; arg &= ~TUN_F_TSO_ECN; } if (arg & TUN_F_TSO4) features |= NETIF_F_TSO; if (arg & TUN_F_TSO6) features |= NETIF_F_TSO6; arg &= ~(TUN_F_TSO4|TUN_F_TSO6); } } if (arg) return -EINVAL; dev->features = features; if (old_features != dev->features) netdev_features_change(dev); return 0; }",linux-2.6,,,105488596070331598601443785592947370407,0 3389,['CWE-264'],"static int chown_common(struct dentry * dentry, uid_t user, gid_t group) { struct inode * inode; int error; struct iattr newattrs; error = -ENOENT; if (!(inode = dentry->d_inode)) { printk(KERN_ERR ""chown_common: NULL inode\n""); goto out; } error = -EROFS; if (IS_RDONLY(inode)) goto out; error = -EPERM; if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) goto out; newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { newattrs.ia_valid |= ATTR_UID; newattrs.ia_uid = user; } if (group != (gid_t) -1) { newattrs.ia_valid |= ATTR_GID; newattrs.ia_gid = group; } if (!S_ISDIR(inode->i_mode)) newattrs.ia_valid |= ATTR_KILL_SUID|ATTR_KILL_SGID; mutex_lock(&inode->i_mutex); error = notify_change(dentry, &newattrs); mutex_unlock(&inode->i_mutex); out: return error; }",linux-2.6,,,270891031204233953514636062594733097601,0 2320,CWE-667,"static inline void process_get_command(conn *c, token_t *tokens, size_t ntokens, bool return_cas) { char *key; size_t nkey; int i = 0; item *it; token_t *key_token = &tokens[KEY_TOKEN]; char *suffix; assert(c != NULL); do { while(key_token->length != 0) { key = key_token->value; nkey = key_token->length; if(nkey > KEY_MAX_LENGTH) { out_string(c, ""CLIENT_ERROR bad command line format""); while (i-- > 0) { item_remove(*(c->ilist + i)); } return; } it = item_get(key, nkey, c, DO_UPDATE); if (settings.detail_enabled) { stats_prefix_record_get(key, nkey, NULL != it); } if (it) { if (i >= c->isize) { item **new_list = realloc(c->ilist, sizeof(item *) * c->isize * 2); if (new_list) { c->isize *= 2; c->ilist = new_list; } else { STATS_LOCK(); stats.malloc_fails++; STATS_UNLOCK(); item_remove(it); break; } } if (return_cas || !settings.inline_ascii_response) { MEMCACHED_COMMAND_GET(c->sfd, ITEM_key(it), it->nkey, it->nbytes, ITEM_get_cas(it)); if (i >= c->suffixsize) { char **new_suffix_list = realloc(c->suffixlist, sizeof(char *) * c->suffixsize * 2); if (new_suffix_list) { c->suffixsize *= 2; c->suffixlist = new_suffix_list; } else { STATS_LOCK(); stats.malloc_fails++; STATS_UNLOCK(); item_remove(it); break; } } suffix = do_cache_alloc(c->thread->suffix_cache); if (suffix == NULL) { STATS_LOCK(); stats.malloc_fails++; STATS_UNLOCK(); out_of_memory(c, ""SERVER_ERROR out of memory making CAS suffix""); item_remove(it); while (i-- > 0) { item_remove(*(c->ilist + i)); } return; } *(c->suffixlist + i) = suffix; int suffix_len = make_ascii_get_suffix(suffix, it, return_cas); if (add_iov(c, ""VALUE "", 6) != 0 || add_iov(c, ITEM_key(it), it->nkey) != 0 || (settings.inline_ascii_response && add_iov(c, ITEM_suffix(it), it->nsuffix - 2) != 0) || add_iov(c, suffix, suffix_len) != 0) { item_remove(it); break; } if ((it->it_flags & ITEM_CHUNKED) == 0) { add_iov(c, ITEM_data(it), it->nbytes); } else if (add_chunked_item_iovs(c, it, it->nbytes) != 0) { item_remove(it); break; } } else { MEMCACHED_COMMAND_GET(c->sfd, ITEM_key(it), it->nkey, it->nbytes, ITEM_get_cas(it)); if (add_iov(c, ""VALUE "", 6) != 0 || add_iov(c, ITEM_key(it), it->nkey) != 0) { item_remove(it); break; } if ((it->it_flags & ITEM_CHUNKED) == 0) { if (add_iov(c, ITEM_suffix(it), it->nsuffix + it->nbytes) != 0) { item_remove(it); break; } } else if (add_iov(c, ITEM_suffix(it), it->nsuffix) != 0 || add_chunked_item_iovs(c, it, it->nbytes) != 0) { item_remove(it); break; } } if (settings.verbose > 1) { int ii; fprintf(stderr, "">%d sending key "", c->sfd); for (ii = 0; ii < it->nkey; ++ii) { fprintf(stderr, ""%c"", key[ii]); } fprintf(stderr, ""\n""); } pthread_mutex_lock(&c->thread->stats.mutex); c->thread->stats.slab_stats[ITEM_clsid(it)].get_hits++; c->thread->stats.get_cmds++; pthread_mutex_unlock(&c->thread->stats.mutex); *(c->ilist + i) = it; i++; } else { pthread_mutex_lock(&c->thread->stats.mutex); c->thread->stats.get_misses++; c->thread->stats.get_cmds++; pthread_mutex_unlock(&c->thread->stats.mutex); MEMCACHED_COMMAND_GET(c->sfd, key, nkey, -1, 0); } key_token++; } if(key_token->value != NULL) { ntokens = tokenize_command(key_token->value, tokens, MAX_TOKENS); key_token = tokens; } } while(key_token->value != NULL); c->icurr = c->ilist; c->ileft = i; if (return_cas || !settings.inline_ascii_response) { c->suffixcurr = c->suffixlist; c->suffixleft = i; } if (settings.verbose > 1) fprintf(stderr, "">%d END\n"", c->sfd); if (key_token->value != NULL || add_iov(c, ""END\r\n"", 5) != 0 || (IS_UDP(c->transport) && build_udp_headers(c) != 0)) { out_of_memory(c, ""SERVER_ERROR out of memory writing get response""); } else { conn_set_state(c, conn_mwrite); c->msgcurr = 0; } }",visit repo url,memcached.c,https://github.com/memcached/memcached,97903353043574,1 249,CWE-362,"__xfs_get_blocks( struct inode *inode, sector_t iblock, struct buffer_head *bh_result, int create, bool direct, bool dax_fault) { struct xfs_inode *ip = XFS_I(inode); struct xfs_mount *mp = ip->i_mount; xfs_fileoff_t offset_fsb, end_fsb; int error = 0; int lockmode = 0; struct xfs_bmbt_irec imap; int nimaps = 1; xfs_off_t offset; ssize_t size; int new = 0; bool is_cow = false; bool need_alloc = false; BUG_ON(create && !direct); if (XFS_FORCED_SHUTDOWN(mp)) return -EIO; offset = (xfs_off_t)iblock << inode->i_blkbits; ASSERT(bh_result->b_size >= (1 << inode->i_blkbits)); size = bh_result->b_size; if (!create && offset >= i_size_read(inode)) return 0; lockmode = xfs_ilock_data_map_shared(ip); ASSERT(offset <= mp->m_super->s_maxbytes); if (offset + size > mp->m_super->s_maxbytes) size = mp->m_super->s_maxbytes - offset; end_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + size); offset_fsb = XFS_B_TO_FSBT(mp, offset); if (create && direct && xfs_is_reflink_inode(ip)) is_cow = xfs_reflink_find_cow_mapping(ip, offset, &imap, &need_alloc); if (!is_cow) { error = xfs_bmapi_read(ip, offset_fsb, end_fsb - offset_fsb, &imap, &nimaps, XFS_BMAPI_ENTIRE); if (create && direct && nimaps && imap.br_startblock != HOLESTARTBLOCK && imap.br_startblock != DELAYSTARTBLOCK && !ISUNWRITTEN(&imap)) xfs_reflink_trim_irec_to_next_cow(ip, offset_fsb, &imap); } ASSERT(!need_alloc); if (error) goto out_unlock; if (create && (!nimaps || (imap.br_startblock == HOLESTARTBLOCK || imap.br_startblock == DELAYSTARTBLOCK) || (IS_DAX(inode) && ISUNWRITTEN(&imap)))) { if (lockmode == XFS_ILOCK_EXCL) xfs_ilock_demote(ip, lockmode); error = xfs_iomap_write_direct(ip, offset, size, &imap, nimaps); if (error) return error; new = 1; trace_xfs_get_blocks_alloc(ip, offset, size, ISUNWRITTEN(&imap) ? XFS_IO_UNWRITTEN : XFS_IO_DELALLOC, &imap); } else if (nimaps) { trace_xfs_get_blocks_found(ip, offset, size, ISUNWRITTEN(&imap) ? XFS_IO_UNWRITTEN : XFS_IO_OVERWRITE, &imap); xfs_iunlock(ip, lockmode); } else { trace_xfs_get_blocks_notfound(ip, offset, size); goto out_unlock; } if (IS_DAX(inode) && create) { ASSERT(!ISUNWRITTEN(&imap)); new = 0; } xfs_map_trim_size(inode, iblock, bh_result, &imap, offset, size); if (imap.br_startblock != HOLESTARTBLOCK && imap.br_startblock != DELAYSTARTBLOCK && (create || !ISUNWRITTEN(&imap))) { if (create && direct && !is_cow) { error = xfs_bounce_unaligned_dio_write(ip, offset_fsb, &imap); if (error) return error; } xfs_map_buffer(inode, bh_result, &imap, offset); if (ISUNWRITTEN(&imap)) set_buffer_unwritten(bh_result); if (create) { if (dax_fault) ASSERT(!ISUNWRITTEN(&imap)); else xfs_map_direct(inode, bh_result, &imap, offset, is_cow); } } bh_result->b_bdev = xfs_find_bdev_for_inode(inode); if (create && ((!buffer_mapped(bh_result) && !buffer_uptodate(bh_result)) || (offset >= i_size_read(inode)) || (new || ISUNWRITTEN(&imap)))) set_buffer_new(bh_result); BUG_ON(direct && imap.br_startblock == DELAYSTARTBLOCK); return 0; out_unlock: xfs_iunlock(ip, lockmode); return error; }",visit repo url,fs/xfs/xfs_aops.c,https://github.com/torvalds/linux,78385391082323,1 5740,['CWE-200'],"static int irda_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); struct irda_device_list list; struct irda_device_info *discoveries; struct irda_ias_set * ias_opt; struct ias_object * ias_obj; struct ias_attrib * ias_attr; int daddr = DEV_ADDR_ANY; int val = 0; int len = 0; int err; int offset, total; IRDA_DEBUG(2, ""%s(%p)\n"", __func__, self); if (level != SOL_IRLMP) return -ENOPROTOOPT; if (get_user(len, optlen)) return -EFAULT; if(len < 0) return -EINVAL; switch (optname) { case IRLMP_ENUMDEVICES: discoveries = irlmp_get_discoveries(&list.len, self->mask.word, self->nslots); if (discoveries == NULL) return -EAGAIN; err = 0; if (copy_to_user(optval, &list, sizeof(struct irda_device_list) - sizeof(struct irda_device_info))) err = -EFAULT; offset = sizeof(struct irda_device_list) - sizeof(struct irda_device_info); if(list.len > 2048) { err = -EINVAL; goto bed; } total = offset + (list.len * sizeof(struct irda_device_info)); if (total > len) total = len; if (copy_to_user(optval+offset, discoveries, total - offset)) err = -EFAULT; if (put_user(total, optlen)) err = -EFAULT; bed: kfree(discoveries); if (err) return err; break; case IRLMP_MAX_SDU_SIZE: val = self->max_data_size; len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; if (copy_to_user(optval, &val, len)) return -EFAULT; break; case IRLMP_IAS_GET: if (len != sizeof(struct irda_ias_set)) return -EINVAL; ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC); if (ias_opt == NULL) return -ENOMEM; if (copy_from_user(ias_opt, optval, len)) { kfree(ias_opt); return -EFAULT; } if(ias_opt->irda_class_name[0] == '\0') ias_obj = self->ias_obj; else ias_obj = irias_find_object(ias_opt->irda_class_name); if(ias_obj == (struct ias_object *) NULL) { kfree(ias_opt); return -EINVAL; } ias_attr = irias_find_attrib(ias_obj, ias_opt->irda_attrib_name); if(ias_attr == (struct ias_attrib *) NULL) { kfree(ias_opt); return -EINVAL; } err = irda_extract_ias_value(ias_opt, ias_attr->value); if(err) { kfree(ias_opt); return err; } if (copy_to_user(optval, ias_opt, sizeof(struct irda_ias_set))) { kfree(ias_opt); return -EFAULT; } kfree(ias_opt); break; case IRLMP_IAS_QUERY: if (len != sizeof(struct irda_ias_set)) return -EINVAL; ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC); if (ias_opt == NULL) return -ENOMEM; if (copy_from_user(ias_opt, optval, len)) { kfree(ias_opt); return -EFAULT; } if(self->daddr != DEV_ADDR_ANY) { daddr = self->daddr; } else { daddr = ias_opt->daddr; if((!daddr) || (daddr == DEV_ADDR_ANY)) { kfree(ias_opt); return -EINVAL; } } if (self->iriap) { IRDA_WARNING(""%s: busy with a previous query\n"", __func__); kfree(ias_opt); return -EBUSY; } self->iriap = iriap_open(LSAP_ANY, IAS_CLIENT, self, irda_getvalue_confirm); if (self->iriap == NULL) { kfree(ias_opt); return -ENOMEM; } self->errno = -EHOSTUNREACH; iriap_getvaluebyclass_request(self->iriap, self->saddr, daddr, ias_opt->irda_class_name, ias_opt->irda_attrib_name); if (wait_event_interruptible(self->query_wait, (self->iriap == NULL))) { kfree(ias_opt); return -EHOSTUNREACH; } if (self->errno) { kfree(ias_opt); if((self->errno == IAS_CLASS_UNKNOWN) || (self->errno == IAS_ATTRIB_UNKNOWN)) return (-EADDRNOTAVAIL); else return (-EHOSTUNREACH); } err = irda_extract_ias_value(ias_opt, self->ias_result); if (self->ias_result) irias_delete_value(self->ias_result); if (err) { kfree(ias_opt); return err; } if (copy_to_user(optval, ias_opt, sizeof(struct irda_ias_set))) { kfree(ias_opt); return -EFAULT; } kfree(ias_opt); break; case IRLMP_WAITDEVICE: if (len != sizeof(int)) return -EINVAL; if (get_user(val, (int __user *)optval)) return -EFAULT; irlmp_update_client(self->ckey, self->mask.word, irda_selective_discovery_indication, NULL, (void *) self); irlmp_discovery_request(self->nslots); if (!self->cachedaddr) { int ret = 0; IRDA_DEBUG(1, ""%s(), nothing discovered yet, going to sleep...\n"", __func__); self->errno = 0; setup_timer(&self->watchdog, irda_discovery_timeout, (unsigned long)self); self->watchdog.expires = jiffies + (val * HZ/1000); add_timer(&(self->watchdog)); __wait_event_interruptible(self->query_wait, (self->cachedaddr != 0 || self->errno == -ETIME), ret); if(timer_pending(&(self->watchdog))) del_timer(&(self->watchdog)); IRDA_DEBUG(1, ""%s(), ...waking up !\n"", __func__); if (ret != 0) return ret; } else IRDA_DEBUG(1, ""%s(), found immediately !\n"", __func__); irlmp_update_client(self->ckey, self->mask.word, NULL, NULL, NULL); if (!self->cachedaddr) return -EAGAIN; daddr = self->cachedaddr; self->cachedaddr = 0; if (put_user(daddr, (int __user *)optval)) return -EFAULT; break; default: return -ENOPROTOOPT; } return 0; }",linux-2.6,,,271118738780695486629097090105421529093,0 1683,CWE-476,"static void skcipher_release(void *private) { crypto_free_skcipher(private); }",visit repo url,crypto/algif_skcipher.c,https://github.com/torvalds/linux,37839878556220,1 3821,CWE-476,"get_user_var_name(expand_T *xp, int idx) { static long_u gdone; static long_u bdone; static long_u wdone; static long_u tdone; static int vidx; static hashitem_T *hi; hashtab_T *ht; if (idx == 0) { gdone = bdone = wdone = vidx = 0; tdone = 0; } if (gdone < globvarht.ht_used) { if (gdone++ == 0) hi = globvarht.ht_array; else ++hi; while (HASHITEM_EMPTY(hi)) ++hi; if (STRNCMP(""g:"", xp->xp_pattern, 2) == 0) return cat_prefix_varname('g', hi->hi_key); return hi->hi_key; } ht = #ifdef FEAT_CMDWIN is_in_cmdwin() ? &prevwin->w_buffer->b_vars->dv_hashtab : #endif &curbuf->b_vars->dv_hashtab; if (bdone < ht->ht_used) { if (bdone++ == 0) hi = ht->ht_array; else ++hi; while (HASHITEM_EMPTY(hi)) ++hi; return cat_prefix_varname('b', hi->hi_key); } ht = #ifdef FEAT_CMDWIN is_in_cmdwin() ? &prevwin->w_vars->dv_hashtab : #endif &curwin->w_vars->dv_hashtab; if (wdone < ht->ht_used) { if (wdone++ == 0) hi = ht->ht_array; else ++hi; while (HASHITEM_EMPTY(hi)) ++hi; return cat_prefix_varname('w', hi->hi_key); } ht = &curtab->tp_vars->dv_hashtab; if (tdone < ht->ht_used) { if (tdone++ == 0) hi = ht->ht_array; else ++hi; while (HASHITEM_EMPTY(hi)) ++hi; return cat_prefix_varname('t', hi->hi_key); } if (vidx < VV_LEN) return cat_prefix_varname('v', (char_u *)vimvars[vidx++].vv_name); VIM_CLEAR(varnamebuf); varnamebuflen = 0; return NULL; }",visit repo url,src/evalvars.c,https://github.com/vim/vim,109421590464431,1 5361,['CWE-476'],"void kvm_lmsw(struct kvm_vcpu *vcpu, unsigned long msw) { kvm_set_cr0(vcpu, (vcpu->arch.cr0 & ~0x0ful) | (msw & 0x0f)); KVMTRACE_1D(LMSW, vcpu, (u32)((vcpu->arch.cr0 & ~0x0ful) | (msw & 0x0f)), handler); }",linux-2.6,,,274258570942267934845220782756936513776,0 6696,['CWE-200'],"read_connections (NMAGConfSettings *settings) { NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (settings); GSList *dir_list; GSList *iter; dir_list = nm_gconf_get_all_connections (priv->client); if (!dir_list) return; for (iter = dir_list; iter; iter = iter->next) { char *dir = (char *) iter->data; NMAGConfConnection *connection; connection = nma_gconf_connection_new (priv->client, dir); if (connection) add_connection_real (settings, connection); g_free (dir); } g_slist_free (dir_list); priv->connections = g_slist_reverse (priv->connections); }",network-manager-applet,,,222083008163358240118588050302903133545,0 1206,CWE-400,"asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) { struct mm_struct *mm = current->mm; struct vm_area_struct *vma; unsigned int insn = 0; int si_code, fault_code, fault; unsigned long address, mm_rss; fault_code = get_thread_fault_code(); if (notify_page_fault(regs)) return; si_code = SEGV_MAPERR; address = current_thread_info()->fault_address; if ((fault_code & FAULT_CODE_ITLB) && (fault_code & FAULT_CODE_DTLB)) BUG(); if (test_thread_flag(TIF_32BIT)) { if (!(regs->tstate & TSTATE_PRIV)) { if (unlikely((regs->tpc >> 32) != 0)) { bogus_32bit_fault_tpc(regs); goto intr_or_no_mm; } } if (unlikely((address >> 32) != 0)) { bogus_32bit_fault_address(regs, address); goto intr_or_no_mm; } } if (regs->tstate & TSTATE_PRIV) { unsigned long tpc = regs->tpc; if ((tpc >= KERNBASE && tpc < (unsigned long) __init_end) || (tpc >= MODULES_VADDR && tpc < MODULES_END)) { } else { bad_kernel_pc(regs, address); return; } } if (in_atomic() || !mm) goto intr_or_no_mm; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, 0, regs, address); if (!down_read_trylock(&mm->mmap_sem)) { if ((regs->tstate & TSTATE_PRIV) && !search_exception_tables(regs->tpc)) { insn = get_fault_insn(regs, insn); goto handle_kernel_fault; } down_read(&mm->mmap_sem); } vma = find_vma(mm, address); if (!vma) goto bad_area; if (((fault_code & (FAULT_CODE_DTLB | FAULT_CODE_WRITE | FAULT_CODE_WINFIXUP)) == FAULT_CODE_DTLB) && (vma->vm_flags & VM_WRITE) != 0) { insn = get_fault_insn(regs, 0); if (!insn) goto continue_fault; if ((insn & 0xc0200000) == 0xc0200000 && (insn & 0x01780000) != 0x01680000) { fault_code |= FAULT_CODE_WRITE; } } continue_fault: if (vma->vm_start <= address) goto good_area; if (!(vma->vm_flags & VM_GROWSDOWN)) goto bad_area; if (!(fault_code & FAULT_CODE_WRITE)) { insn = get_fault_insn(regs, insn); if ((insn & 0xc0800000) == 0xc0800000) { unsigned char asi; if (insn & 0x2000) asi = (regs->tstate >> 24); else asi = (insn >> 5); if ((asi & 0xf2) == 0x82) goto bad_area; } } if (expand_stack(vma, address)) goto bad_area; good_area: si_code = SEGV_ACCERR; if ((fault_code & FAULT_CODE_ITLB) && !(vma->vm_flags & VM_EXEC)) { BUG_ON(address != regs->tpc); BUG_ON(regs->tstate & TSTATE_PRIV); goto bad_area; } if (fault_code & FAULT_CODE_WRITE) { if (!(vma->vm_flags & VM_WRITE)) goto bad_area; if (tlb_type == spitfire && (vma->vm_flags & VM_EXEC) != 0 && vma->vm_file != NULL) set_thread_fault_code(fault_code | FAULT_CODE_BLKCOMMIT); } else { if (!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; } fault = handle_mm_fault(mm, vma, address, (fault_code & FAULT_CODE_WRITE) ? FAULT_FLAG_WRITE : 0); if (unlikely(fault & VM_FAULT_ERROR)) { if (fault & VM_FAULT_OOM) goto out_of_memory; else if (fault & VM_FAULT_SIGBUS) goto do_sigbus; BUG(); } if (fault & VM_FAULT_MAJOR) { current->maj_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MAJ, 1, 0, regs, address); } else { current->min_flt++; perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS_MIN, 1, 0, regs, address); } up_read(&mm->mmap_sem); mm_rss = get_mm_rss(mm); #ifdef CONFIG_HUGETLB_PAGE mm_rss -= (mm->context.huge_pte_count * (HPAGE_SIZE / PAGE_SIZE)); #endif if (unlikely(mm_rss > mm->context.tsb_block[MM_TSB_BASE].tsb_rss_limit)) tsb_grow(mm, MM_TSB_BASE, mm_rss); #ifdef CONFIG_HUGETLB_PAGE mm_rss = mm->context.huge_pte_count; if (unlikely(mm_rss > mm->context.tsb_block[MM_TSB_HUGE].tsb_rss_limit)) tsb_grow(mm, MM_TSB_HUGE, mm_rss); #endif return; bad_area: insn = get_fault_insn(regs, insn); up_read(&mm->mmap_sem); handle_kernel_fault: do_kernel_fault(regs, si_code, fault_code, insn, address); return; out_of_memory: insn = get_fault_insn(regs, insn); up_read(&mm->mmap_sem); if (!(regs->tstate & TSTATE_PRIV)) { pagefault_out_of_memory(); return; } goto handle_kernel_fault; intr_or_no_mm: insn = get_fault_insn(regs, 0); goto handle_kernel_fault; do_sigbus: insn = get_fault_insn(regs, insn); up_read(&mm->mmap_sem); do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, insn, fault_code); if (regs->tstate & TSTATE_PRIV) goto handle_kernel_fault; }",visit repo url,arch/sparc/mm/fault_64.c,https://github.com/torvalds/linux,186303625546006,1 1799,[],"static unsigned long to_ratio(u64 period, u64 runtime) { if (runtime == RUNTIME_INF) return 1ULL << 16; return div64_64(runtime << 16, period); }",linux-2.6,,,200937582393366391285840311714810083517,0 5186,['CWE-20'],"static noinline void vmwrite_error(unsigned long field, unsigned long value) { printk(KERN_ERR ""vmwrite error: reg %lx value %lx (err %d)\n"", field, value, vmcs_read32(VM_INSTRUCTION_ERROR)); dump_stack(); }",linux-2.6,,,300106292851313859179967774695068312203,0 6434,[],"foreach_dirinpath (const char *search_path, const char *base_name, foreach_callback_func *func, void *data1, void *data2) { int result = 0; size_t filenamesize = 0; size_t lenbase = LT_STRLEN (base_name); size_t argz_len = 0; char *argz = 0; char *filename = 0; char *canonical = 0; if (!search_path || !*search_path) { LT__SETERROR (FILE_NOT_FOUND); goto cleanup; } if (canonicalize_path (search_path, &canonical) != 0) goto cleanup; if (argzize_path (canonical, &argz, &argz_len) != 0) goto cleanup; { char *dir_name = 0; while ((dir_name = argz_next (argz, argz_len, dir_name))) { size_t lendir = LT_STRLEN (dir_name); if (1+ lendir + lenbase >= filenamesize) { FREE (filename); filenamesize = 1+ lendir + 1+ lenbase; filename = MALLOC (char, filenamesize); if (!filename) goto cleanup; } assert (filenamesize > lendir); strcpy (filename, dir_name); if (base_name && *base_name) { if (filename[lendir -1] != '/') filename[lendir++] = '/'; strcpy (filename +lendir, base_name); } if ((result = (*func) (filename, data1, data2))) { break; } } } cleanup: FREE (argz); FREE (canonical); FREE (filename); return result; }",libtool,,,213728103189021762474040281805085381244,0 319,CWE-416,"static void timerfd_remove_cancel(struct timerfd_ctx *ctx) { if (ctx->might_cancel) { ctx->might_cancel = false; spin_lock(&cancel_lock); list_del_rcu(&ctx->clist); spin_unlock(&cancel_lock); } }",visit repo url,fs/timerfd.c,https://github.com/torvalds/linux,166641198761028,1 580,CWE-264,"static __inline__ int scm_check_creds(struct ucred *creds) { const struct cred *cred = current_cred(); kuid_t uid = make_kuid(cred->user_ns, creds->uid); kgid_t gid = make_kgid(cred->user_ns, creds->gid); if (!uid_valid(uid) || !gid_valid(gid)) return -EINVAL; if ((creds->pid == task_tgid_vnr(current) || ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) && ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) { return 0; } return -EPERM; }",visit repo url,net/core/scm.c,https://github.com/torvalds/linux,246586792960461,1 233,CWE-285,"xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type) { int error = 0; if (!acl) goto set_acl; error = -E2BIG; if (acl->a_count > XFS_ACL_MAX_ENTRIES(XFS_M(inode->i_sb))) return error; if (type == ACL_TYPE_ACCESS) { umode_t mode = inode->i_mode; error = posix_acl_equiv_mode(acl, &mode); if (error <= 0) { acl = NULL; if (error < 0) return error; } error = xfs_set_mode(inode, mode); if (error) return error; } set_acl: return __xfs_set_acl(inode, type, acl); }",visit repo url,fs/xfs/xfs_acl.c,https://github.com/torvalds/linux,51715248731654,1 1509,CWE-264,"validate_event(struct pmu_hw_events *hw_events, struct perf_event *event) { struct arm_pmu *armpmu = to_arm_pmu(event->pmu); struct hw_perf_event fake_event = event->hw; struct pmu *leader_pmu = event->group_leader->pmu; if (is_software_event(event)) return 1; if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF) return 1; if (event->state == PERF_EVENT_STATE_OFF && !event->attr.enable_on_exec) return 1; return armpmu->get_event_idx(hw_events, &fake_event) >= 0; }",visit repo url,arch/arm64/kernel/perf_event.c,https://github.com/torvalds/linux,39802852555448,1 1343,CWE-284,"static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, struct msghdr *msg, size_t len) { struct sock_iocb *siocb = kiocb_to_siocb(kiocb); struct sock *sk = sock->sk; struct netlink_sock *nlk = nlk_sk(sk); struct sockaddr_nl *addr = msg->msg_name; u32 dst_pid; u32 dst_group; struct sk_buff *skb; int err; struct scm_cookie scm; if (msg->msg_flags&MSG_OOB) return -EOPNOTSUPP; if (NULL == siocb->scm) siocb->scm = &scm; err = scm_send(sock, msg, siocb->scm, true); if (err < 0) return err; if (msg->msg_namelen) { err = -EINVAL; if (addr->nl_family != AF_NETLINK) goto out; dst_pid = addr->nl_pid; dst_group = ffs(addr->nl_groups); err = -EPERM; if (dst_group && !netlink_capable(sock, NL_NONROOT_SEND)) goto out; } else { dst_pid = nlk->dst_pid; dst_group = nlk->dst_group; } if (!nlk->pid) { err = netlink_autobind(sock); if (err) goto out; } err = -EMSGSIZE; if (len > sk->sk_sndbuf - 32) goto out; err = -ENOBUFS; skb = alloc_skb(len, GFP_KERNEL); if (skb == NULL) goto out; NETLINK_CB(skb).pid = nlk->pid; NETLINK_CB(skb).dst_group = dst_group; memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); err = -EFAULT; if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { kfree_skb(skb); goto out; } err = security_netlink_send(sk, skb); if (err) { kfree_skb(skb); goto out; } if (dst_group) { atomic_inc(&skb->users); netlink_broadcast(sk, skb, dst_pid, dst_group, GFP_KERNEL); } err = netlink_unicast(sk, skb, dst_pid, msg->msg_flags&MSG_DONTWAIT); out: scm_destroy(siocb->scm); return err; }",visit repo url,net/netlink/af_netlink.c,https://github.com/torvalds/linux,76117981325340,1 4562,CWE-190,"static GF_Err mp4_mux_initialize_movie(GF_MP4MuxCtx *ctx) { #ifndef GPAC_DISABLE_ISOM_FRAGMENTS GF_Err e; u32 i, count = gf_list_count(ctx->tracks); TrackWriter *ref_tkw = NULL; u64 min_dts = 0; u32 min_dts_scale=0; u32 def_fake_dur=0; u32 def_fake_scale=0; #ifdef GF_ENABLE_CTRN u32 traf_inherit_base_id=0; #endif u32 nb_segments=0; GF_Fraction64 max_dur; ctx->single_file = GF_TRUE; ctx->current_offset = ctx->current_size = 0; max_dur.den = 1; max_dur.num = 0; if (ctx->sseg && ctx->noinit) ctx->single_file = GF_FALSE; if (ctx->dur.num && ctx->dur.den) { max_dur.num = ctx->dur.num; max_dur.den = ctx->dur.den; } for (i=0; itracks, i); GF_FilterPacket *pck; if (tkw->fake_track) continue; pck = gf_filter_pid_get_packet(tkw->ipid); if (!pck) { if (gf_filter_pid_is_eos(tkw->ipid)) { if (tkw->dgl_copy) { gf_filter_pck_discard(tkw->dgl_copy); tkw->dgl_copy = NULL; } continue; } return GF_OK; } if (!ctx->dash_mode && !ctx->cur_file_idx_plus_one) { p = gf_filter_pck_get_property(pck, GF_PROP_PCK_FILENUM); if (p) { ctx->cur_file_idx_plus_one = p->value.uint + 1; if (!ctx->cur_file_suffix) { p = gf_filter_pck_get_property(pck, GF_PROP_PCK_FILESUF); if (p && p->value.string) ctx->cur_file_suffix = gf_strdup(p->value.string); } ctx->notify_filename = GF_TRUE; } } if (tkw->cenc_state==CENC_NEED_SETUP) { mp4_mux_cenc_update(ctx, tkw, pck, CENC_CONFIG, 0, 0); } p = gf_filter_pck_get_property(pck, GF_PROP_PCK_FILENAME); if (p && strlen(p->value.string)) ctx->single_file = GF_FALSE; def_fake_dur = gf_filter_pck_get_duration(pck); def_fake_scale = tkw->src_timescale; p = gf_filter_pid_get_property(tkw->ipid, GF_PROP_PID_DURATION); if (p && p->value.lfrac.den) { tkw->pid_dur = p->value.lfrac; if (tkw->pid_dur.num<0) tkw->pid_dur.num = -tkw->pid_dur.num; if (max_dur.num * (s64) tkw->pid_dur.den < (s64) max_dur.den * tkw->pid_dur.num) { max_dur.num = tkw->pid_dur.num; max_dur.den = tkw->pid_dur.den; } } #ifdef GF_ENABLE_CTRN if (tkw->codecid==GF_CODECID_HEVC) traf_inherit_base_id = tkw->track_id; #endif } for (i=0; itracks, i); if (tkw->fake_track) { if (def_fake_scale) { def_pck_dur = def_fake_dur; def_pck_dur *= tkw->src_timescale; def_pck_dur /= def_fake_scale; } else { def_pck_dur = 0; } } else { GF_FilterPacket *pck = gf_filter_pid_get_packet(tkw->ipid); if (pck) { u32 tscale; def_pck_dur = gf_filter_pck_get_duration(pck); dts = gf_filter_pck_get_dts(pck); if (dts == GF_FILTER_NO_TS) dts = gf_filter_pck_get_cts(pck); tscale = gf_filter_pck_get_timescale(pck); if (!min_dts || gf_timestamp_greater(min_dts, min_dts_scale, dts, tscale)) { min_dts = dts; min_dts_scale = tscale; } if (tkw->raw_audio_bytes_per_sample) { u32 pck_size; gf_filter_pck_get_data(pck, &pck_size); pck_size /= tkw->raw_audio_bytes_per_sample; if (pck_size) def_pck_dur /= pck_size; } } else { p = gf_filter_pid_get_property(tkw->ipid, GF_PROP_PID_CONSTANT_DURATION); def_pck_dur = p ? p->value.uint : 0; } if (tkw->raw_audio_bytes_per_sample) def_samp_size = tkw->raw_audio_bytes_per_sample; } if (tkw->src_timescale != tkw->tk_timescale) { def_pck_dur *= tkw->tk_timescale; def_pck_dur /= tkw->src_timescale; } switch (tkw->stream_type) { case GF_STREAM_AUDIO: case GF_STREAM_TEXT: def_is_rap = GF_ISOM_FRAG_DEF_IS_SYNC; p = gf_filter_pid_get_property(tkw->ipid, GF_PROP_PID_HAS_SYNC); if (p && p->value.boolean) def_is_rap = 0; break; case GF_STREAM_VISUAL: switch (tkw->codecid) { case GF_CODECID_PNG: case GF_CODECID_JPEG: case GF_CODECID_J2K: break; case GF_CODECID_HEVC_TILES: #ifdef GF_ENABLE_CTRN if (ctx->ctrn && ctx->ctrni) inherit_traf_from_track = traf_inherit_base_id; #endif break; default: if (!ref_tkw) ref_tkw = tkw; break; } def_is_rap = 0; break; default: def_is_rap = 0; break; } if (ctx->cmaf && !def_is_rap) { def_is_rap |= GF_ISOM_FRAG_USE_SYNC_TABLE; } mp4_mux_set_hevc_groups(ctx, tkw); e = gf_isom_setup_track_fragment(ctx->file, tkw->track_id, tkw->stsd_idx, def_pck_dur, def_samp_size, def_is_rap, 0, 0, ctx->nofragdef ? GF_TRUE : GF_FALSE); if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[MP4Mux] Unable to setup fragmentation for track ID %d: %s\n"", tkw->track_id, gf_error_to_string(e) )); return e; } #ifndef GPAC_DISABLE_ISOM_FRAGMENTS if (ctx->refrag) { p = gf_filter_pid_get_property(tkw->ipid, GF_PROP_PID_ISOM_TREX_TEMPLATE); if (p) { gf_isom_setup_track_fragment_template(ctx->file, tkw->track_id, p->value.data.ptr, p->value.data.size, ctx->nofragdef); } else if (!ctx->nofragdef) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[MP4Mux] Refragmentation with default track fragment flags signaling but no TREX found in source track %d, using defaults computed from PID, result might be broken\n"", tkw->track_id)); } } #endif if (ctx->tfdt.den && ctx->tfdt.num) { tkw->tfdt_offset = gf_timestamp_rescale(ctx->tfdt.num, ctx->tfdt.den, tkw->tk_timescale); } if (tkw->fake_track) { gf_list_del_item(ctx->tracks, tkw); if (ref_tkw==tkw) ref_tkw=NULL; mp4_mux_track_writer_del(tkw); i--; count--; continue; } #ifdef GF_ENABLE_CTRN if (inherit_traf_from_track) gf_isom_enable_traf_inherit(ctx->file, tkw->track_id, inherit_traf_from_track); #endif if (!tkw->box_patched) { p = gf_filter_pid_get_property_str(tkw->ipid, ""boxpatch""); if (p && p->value.string) { e = gf_isom_apply_box_patch(ctx->file, tkw->track_id, p->value.string, GF_FALSE); if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[MP4Mux] Unable to apply box patch %s to track %d: %s\n"", p->value.string, tkw->track_id, gf_error_to_string(e) )); } } tkw->box_patched = GF_TRUE; } p = gf_filter_pid_get_property(tkw->ipid, GF_PROP_PID_DASH_SEGMENTS); if (p && (p->value.uint>nb_segments)) nb_segments = p->value.uint; if (!ctx->dash_mode) gf_isom_purge_track_reference(ctx->file, tkw->track_num); } if (max_dur.num && max_dur.den) { u64 mdur = max_dur.num; if (ctx->moovts != max_dur.den) { mdur *= (u32) ctx->moovts; mdur /= max_dur.den; } gf_isom_set_movie_duration(ctx->file, mdur, GF_FALSE); } else if (ctx->cmaf) { gf_isom_set_movie_duration(ctx->file, 0, GF_TRUE); } if (ref_tkw) { gf_list_del_item(ctx->tracks, ref_tkw); gf_list_insert(ctx->tracks, ref_tkw, 0); } ctx->ref_tkw = gf_list_get(ctx->tracks, 0); if (!ctx->abs_offset) { u32 mval = ctx->dash_mode ? '6' : '5'; u32 mbrand, mcount, found=0; u8 szB[GF_4CC_MSIZE]; gf_isom_set_fragment_option(ctx->file, 0, GF_ISOM_TFHD_FORCE_MOOF_BASE_OFFSET, 1); gf_isom_get_brand_info(ctx->file, &mbrand, NULL, &mcount); strcpy(szB, gf_4cc_to_str(mbrand)); if (!strncmp(szB, ""iso"", 3) && (szB[3] >= mval) && (szB[3] <= 'F') ) found = 1; i=0; while (!found && (ifile, i, &mbrand); strcpy(szB, gf_4cc_to_str(mbrand)); if (!strncmp(szB, ""iso"", 3) && (szB[3] >= mval) && (szB[3] <= 'F') ) found = 1; } if (!found) { gf_isom_set_brand_info(ctx->file, ctx->dash_mode ? GF_ISOM_BRAND_ISO6 : GF_ISOM_BRAND_ISO5, 1); } gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_ISOM, GF_FALSE); gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_ISO1, GF_FALSE); gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_ISO2, GF_FALSE); gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_ISO3, GF_FALSE); gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_ISO4, GF_FALSE); gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_AVC1, GF_FALSE); gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_MP41, GF_FALSE); gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_MP42, GF_FALSE); } if (ctx->dash_mode) { if (ctx->dash_mode==MP4MX_DASH_VOD) { gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_DSMS, GF_TRUE); } else { gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_DASH, GF_TRUE); } gf_isom_modify_alternate_brand(ctx->file, GF_ISOM_BRAND_MSIX, ((ctx->dash_mode==MP4MX_DASH_VOD) && (ctx->subs_sidx>=0)) ? GF_TRUE : GF_FALSE); } if (ctx->boxpatch && !ctx->box_patched) { e = gf_isom_apply_box_patch(ctx->file, 0, ctx->boxpatch, GF_FALSE); if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[MP4Mux] Unable to apply box patch %s: %s\n"", ctx->boxpatch, gf_error_to_string(e) )); } ctx->box_patched = GF_TRUE; } e = gf_isom_finalize_for_fragment(ctx->file, ctx->dash_mode ? 1 : 0, ctx->mvex); if (e) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[MP4Mux] Unable to finalize moov for fragmentation: %s\n"", gf_error_to_string(e) )); return e; } ctx->init_movie_done = GF_TRUE; if (min_dts_scale) { u64 rs_dts = gf_timestamp_rescale(min_dts, min_dts_scale, ctx->cdur.den); ctx->next_frag_start = rs_dts; } ctx->next_frag_start += ctx->cdur.num; ctx->adjusted_next_frag_start = ctx->next_frag_start; ctx->fragment_started = GF_FALSE; if (ctx->noinit) { if (ctx->dst_pck) gf_filter_pck_discard(ctx->dst_pck); ctx->dst_pck = NULL; ctx->current_size = ctx->current_offset = 0; ctx->first_pck_sent = GF_FALSE; } else { mp4_mux_flush_seg(ctx, GF_TRUE, 0, 0, GF_TRUE); } assert(!ctx->dst_pck); if (ctx->styp && (strlen(ctx->styp)>=4)) { u32 styp_brand = GF_4CC(ctx->styp[0], ctx->styp[1], ctx->styp[2], ctx->styp[3]); u32 version = 0; char *sep = strchr(ctx->styp, '.'); if (sep) version = atoi(sep+1); gf_isom_set_brand_info(ctx->file, styp_brand, version); } if (ctx->dash_mode==MP4MX_DASH_VOD) { if ((ctx->vodcache==MP4MX_VODCACHE_REPLACE) && !nb_segments && (!ctx->media_dur || !ctx->dash_dur.num) ) { GF_LOG(GF_LOG_WARNING, GF_LOG_CONTAINER, (""[MP4Mux] Media duration unknown, cannot use replace mode of vodcache, using temp file for VoD storage\n"")); ctx->vodcache = MP4MX_VODCACHE_ON; e = mp4mx_setup_dash_vod(ctx, NULL); if (e) return e; } if (ctx->vodcache==MP4MX_VODCACHE_REPLACE) { GF_BitStream *bs; u8 *output; char *msg; GF_FilterPacket *pck; u32 len; Bool exact_sidx = GF_TRUE; if (!nb_segments) { exact_sidx = GF_FALSE; nb_segments = (u32) ( ctx->media_dur * ctx->dash_dur.den / ctx->dash_dur.num); nb_segments ++; if (nb_segments>10) nb_segments += 10*nb_segments/100; else nb_segments ++; } ctx->sidx_max_size = 12 + (12 + 16) + 12 * nb_segments; if (ctx->ssix) { ctx->sidx_max_size += 12 + 4 + nb_segments * 12; } if (!exact_sidx) { ctx->sidx_max_size += 8; ctx->sidx_size_exact = GF_FALSE; } else { ctx->sidx_size_exact = GF_TRUE; } ctx->sidx_chunk_offset = (u32) (ctx->current_offset + ctx->current_size); pck = gf_filter_pck_new_alloc(ctx->opid, ctx->sidx_max_size, &output); if (!pck) return GF_OUT_OF_MEM; gf_filter_pck_set_framing(pck, GF_FALSE, GF_FALSE); bs = gf_bs_new(output, ctx->sidx_max_size, GF_BITSTREAM_WRITE); gf_bs_write_u32(bs, ctx->sidx_max_size); gf_bs_write_u32(bs, GF_ISOM_BOX_TYPE_FREE); msg = ""GPAC "" GPAC_VERSION"" SIDX placeholder""; len = (u32) strlen(msg); if (len+8>ctx->sidx_max_size) len = ctx->sidx_max_size - 8; gf_bs_write_data(bs, msg, len ); gf_bs_del(bs); gf_filter_pck_send(pck); ctx->current_offset += ctx->sidx_max_size; } else if (ctx->vodcache==MP4MX_VODCACHE_ON) { ctx->store_output = GF_TRUE; } else { ctx->store_output = GF_FALSE; ctx->sidx_chunk_offset = (u32) (ctx->current_offset + ctx->current_size); } gf_isom_allocate_sidx(ctx->file, ctx->subs_sidx, ctx->chain_sidx, 0, NULL, NULL, NULL, ctx->ssix); } return GF_OK; #else return GF_NOT_SUPPORTED; #endif }",visit repo url,src/filters/mux_isom.c,https://github.com/gpac/gpac,91993423070664,1 2442,['CWE-119'],"const char *diff_unique_abbrev(const unsigned char *sha1, int len) { int abblen; const char *abbrev; if (len == 40) return sha1_to_hex(sha1); abbrev = find_unique_abbrev(sha1, len); abblen = strlen(abbrev); if (abblen < 37) { static char hex[41]; if (len < abblen && abblen <= len + 2) sprintf(hex, ""%s%.*s"", abbrev, len+3-abblen, ""..""); else sprintf(hex, ""%s..."", abbrev); return hex; } return sha1_to_hex(sha1); }",git,,,91072146179195666830194643992688492593,0 1442,[],"static void print_cfs_stats(struct seq_file *m, int cpu) { struct cfs_rq *cfs_rq; rcu_read_lock(); for_each_leaf_cfs_rq(cpu_rq(cpu), cfs_rq) print_cfs_rq(m, cpu, cfs_rq); rcu_read_unlock(); }",linux-2.6,,,333231720781053287414180384205496451499,0 3334,CWE-119,"sf_flac_write_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC__Frame *frame, const int32_t * const buffer [], void *client_data) { SF_PRIVATE *psf = (SF_PRIVATE*) client_data ; FLAC_PRIVATE* pflac = (FLAC_PRIVATE*) psf->codec_data ; pflac->frame = frame ; pflac->bufferpos = 0 ; pflac->bufferbackup = SF_FALSE ; pflac->wbuffer = buffer ; flac_buffer_copy (psf) ; return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE ; } ",visit repo url,src/flac.c,https://github.com/erikd/libsndfile,259371159964846,1 3284,CWE-119,"ppp_hdlc(netdissect_options *ndo, const u_char *p, int length) { u_char *b, *s, *t, c; int i, proto; const void *se; if (length <= 0) return; b = (uint8_t *)malloc(length); if (b == NULL) return; for (s = (u_char *)p, t = b, i = length; i > 0; i--) { c = *s++; if (c == 0x7d) { if (i > 1) { i--; c = *s++ ^ 0x20; } else continue; } *t++ = c; } se = ndo->ndo_snapend; ndo->ndo_snapend = t; length = t - b; if (length < 1) goto trunc; proto = *b; switch (proto) { case PPP_IP: ip_print(ndo, b + 1, length - 1); goto cleanup; case PPP_IPV6: ip6_print(ndo, b + 1, length - 1); goto cleanup; default: break; } if (length < 2) goto trunc; proto = EXTRACT_16BITS(b); switch (proto) { case (PPP_ADDRESS << 8 | PPP_CONTROL): if (length < 4) goto trunc; proto = EXTRACT_16BITS(b+2); handle_ppp(ndo, proto, b + 4, length - 4); break; default: handle_ppp(ndo, proto, b + 2, length - 2); break; } cleanup: ndo->ndo_snapend = se; free(b); return; trunc: ndo->ndo_snapend = se; free(b); ND_PRINT((ndo, ""[|ppp]"")); }",visit repo url,print-ppp.c,https://github.com/the-tcpdump-group/tcpdump,57068620156116,1 1667,[],"static void move_task_off_dead_cpu(int dead_cpu, struct task_struct *p) { unsigned long flags; cpumask_t mask; struct rq *rq; int dest_cpu; do { mask = node_to_cpumask(cpu_to_node(dead_cpu)); cpus_and(mask, mask, p->cpus_allowed); dest_cpu = any_online_cpu(mask); if (dest_cpu >= nr_cpu_ids) dest_cpu = any_online_cpu(p->cpus_allowed); if (dest_cpu >= nr_cpu_ids) { cpumask_t cpus_allowed; cpuset_cpus_allowed_locked(p, &cpus_allowed); rq = task_rq_lock(p, &flags); p->cpus_allowed = cpus_allowed; dest_cpu = any_online_cpu(p->cpus_allowed); task_rq_unlock(rq, &flags); if (p->mm && printk_ratelimit()) { printk(KERN_INFO ""process %d (%s) no "" ""longer affine to cpu%d\n"", task_pid_nr(p), p->comm, dead_cpu); } } } while (!__migrate_task_irq(p, dead_cpu, dest_cpu)); }",linux-2.6,,,200881472647194510449430146159189533037,0 3824,['CWE-120'],"static int uvc_parse_vendor_control(struct uvc_device *dev, const unsigned char *buffer, int buflen) { struct usb_device *udev = dev->udev; struct usb_host_interface *alts = dev->intf->cur_altsetting; struct uvc_entity *unit; unsigned int n, p; int handled = 0; switch (le16_to_cpu(dev->udev->descriptor.idVendor)) { case 0x046d: if (buffer[1] != 0x41 || buffer[2] != 0x01) break; p = buflen >= 22 ? buffer[21] : 0; n = buflen >= 25 + p ? buffer[22+p] : 0; if (buflen < 25 + p + 2*n) { uvc_trace(UVC_TRACE_DESCR, ""device %d videocontrol "" ""interface %d EXTENSION_UNIT error\n"", udev->devnum, alts->desc.bInterfaceNumber); break; } unit = kzalloc(sizeof *unit + p + 2*n, GFP_KERNEL); if (unit == NULL) return -ENOMEM; unit->id = buffer[3]; unit->type = VC_EXTENSION_UNIT; memcpy(unit->extension.guidExtensionCode, &buffer[4], 16); unit->extension.bNumControls = buffer[20]; unit->extension.bNrInPins = le16_to_cpup((__le16 *)&buffer[21]); unit->extension.baSourceID = (__u8 *)unit + sizeof *unit; memcpy(unit->extension.baSourceID, &buffer[22], p); unit->extension.bControlSize = buffer[22+p]; unit->extension.bmControls = (__u8 *)unit + sizeof *unit + p; unit->extension.bmControlsType = (__u8 *)unit + sizeof *unit + p + n; memcpy(unit->extension.bmControls, &buffer[23+p], 2*n); if (buffer[24+p+2*n] != 0) usb_string(udev, buffer[24+p+2*n], unit->name, sizeof unit->name); else sprintf(unit->name, ""Extension %u"", buffer[3]); list_add_tail(&unit->list, &dev->entities); handled = 1; break; } return handled; }",linux-2.6,,,339899195051423439569212046204910313329,0 764,CWE-20,"static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct irda_sock *self = irda_sk(sk); struct sk_buff *skb; size_t copied; int err; IRDA_DEBUG(4, ""%s()\n"", __func__); msg->msg_namelen = 0; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); if (!skb) return err; skb_reset_transport_header(skb); copied = skb->len; if (copied > size) { IRDA_DEBUG(2, ""%s(), Received truncated frame (%zd < %zd)!\n"", __func__, copied, size); copied = size; msg->msg_flags |= MSG_TRUNC; } skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); skb_free_datagram(sk, skb); if (self->rx_flow == FLOW_STOP) { if ((atomic_read(&sk->sk_rmem_alloc) << 2) <= sk->sk_rcvbuf) { IRDA_DEBUG(2, ""%s(), Starting IrTTP\n"", __func__); self->rx_flow = FLOW_START; irttp_flow_request(self->tsap, FLOW_START); } } return copied; }",visit repo url,net/irda/af_irda.c,https://github.com/torvalds/linux,97188153830666,1 3370,['CWE-399'],"static long do_splice_to(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { int ret; if (unlikely(!in->f_op || !in->f_op->splice_read)) return -EINVAL; if (unlikely(!(in->f_mode & FMODE_READ))) return -EBADF; ret = rw_verify_area(READ, in, ppos, len); if (unlikely(ret < 0)) return ret; ret = security_file_permission(in, MAY_READ); if (unlikely(ret < 0)) return ret; return in->f_op->splice_read(in, ppos, pipe, len, flags); }",linux-2.6,,,22776794735387336492807911505951713127,0 2523,['CWE-119'],"static int reuse_worktree_file(const char *name, const unsigned char *sha1, int want_file) { struct cache_entry *ce; struct stat st; int pos, len; if (!active_cache) return 0; if (!FAST_WORKING_DIRECTORY && !want_file && has_sha1_pack(sha1, NULL)) return 0; len = strlen(name); pos = cache_name_pos(name, len); if (pos < 0) return 0; ce = active_cache[pos]; if (hashcmp(sha1, ce->sha1) || !S_ISREG(ce->ce_mode)) return 0; if (ce_uptodate(ce) || (!lstat(name, &st) && !ce_match_stat(ce, &st, 0))) return 1; return 0; }",git,,,220654130678525801697328477054660194311,0 3055,CWE-787,"static int php_mb_parse_encoding_list(const char *value, int value_length, mbfl_encoding ***return_list, int *return_size, int persistent) { int n, l, size, bauto, ret = 1; char *p, *p1, *p2, *endp, *tmpstr; mbfl_encoding *encoding; mbfl_no_encoding *src; mbfl_encoding **entry, **list; list = nullptr; if (value == nullptr || value_length <= 0) { if (return_list) { *return_list = nullptr; } if (return_size) { *return_size = 0; } return 0; } else { mbfl_no_encoding *identify_list; int identify_list_size; identify_list = MBSTRG(default_detect_order_list); identify_list_size = MBSTRG(default_detect_order_list_size); if (value[0]=='""' && value[value_length-1]=='""' && value_length>2) { tmpstr = (char *)strndup(value+1, value_length-2); value_length -= 2; } else tmpstr = (char *)strndup(value, value_length); if (tmpstr == nullptr) { return 0; } endp = tmpstr + value_length; n = 1; p1 = tmpstr; while ((p2 = (char*)string_memnstr(p1, "","", 1, endp)) != nullptr) { p1 = p2 + 1; n++; } size = n + identify_list_size; list = (mbfl_encoding **)calloc(size, sizeof(mbfl_encoding*)); if (list != nullptr) { entry = list; n = 0; bauto = 0; p1 = tmpstr; do { p2 = p = (char*)string_memnstr(p1, "","", 1, endp); if (p == nullptr) { p = endp; } *p = '\0'; while (p1 < p && (*p1 == ' ' || *p1 == '\t')) { p1++; } p--; while (p > p1 && (*p == ' ' || *p == '\t')) { *p = '\0'; p--; } if (strcasecmp(p1, ""auto"") == 0) { if (!bauto) { bauto = 1; l = identify_list_size; src = identify_list; for (int i = 0; i < l; i++) { *entry++ = (mbfl_encoding*) mbfl_no2encoding(*src++); n++; } } } else { encoding = (mbfl_encoding*) mbfl_name2encoding(p1); if (encoding != nullptr) { *entry++ = encoding; n++; } else { ret = 0; } } p1 = p2 + 1; } while (n < size && p2 != nullptr); if (n > 0) { if (return_list) { *return_list = list; } else { free(list); } } else { free(list); if (return_list) { *return_list = nullptr; } ret = 0; } if (return_size) { *return_size = n; } } else { if (return_list) { *return_list = nullptr; } if (return_size) { *return_size = 0; } ret = 0; } free(tmpstr); } return ret; }",visit repo url,hphp/runtime/ext/mbstring/ext_mbstring.cpp,https://github.com/facebook/hhvm,198767333716506,1 1243,[],"m4___line__ (struct obstack *obs, int argc, token_data **argv) { if (bad_argc (argv[0], argc, 1, 1)) return; shipout_int (obs, current_line); }",m4,,,61445806470414064283983861398158512779,0 3938,CWE-476,"static VTermScreen *screen_new(VTerm *vt) { VTermState *state = vterm_obtain_state(vt); VTermScreen *screen; int rows, cols; if(!state) return NULL; screen = vterm_allocator_malloc(vt, sizeof(VTermScreen)); vterm_get_size(vt, &rows, &cols); screen->vt = vt; screen->state = state; screen->damage_merge = VTERM_DAMAGE_CELL; screen->damaged.start_row = -1; screen->pending_scrollrect.start_row = -1; screen->rows = rows; screen->cols = cols; screen->callbacks = NULL; screen->cbdata = NULL; screen->buffers[0] = realloc_buffer(screen, NULL, rows, cols); screen->buffer = screen->buffers[0]; screen->sb_buffer = vterm_allocator_malloc(screen->vt, sizeof(VTermScreenCell) * cols); vterm_state_set_callbacks(screen->state, &state_cbs, screen); return screen; }",visit repo url,src/libvterm/src/termscreen.c,https://github.com/vim/vim,159328101429966,1 210,CWE-200,"static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb) { static u32 challenge_timestamp; static unsigned int challenge_count; struct tcp_sock *tp = tcp_sk(sk); u32 now; if (tcp_oow_rate_limited(sock_net(sk), skb, LINUX_MIB_TCPACKSKIPPEDCHALLENGE, &tp->last_oow_ack_time)) return; now = jiffies / HZ; if (now != challenge_timestamp) { challenge_timestamp = now; challenge_count = 0; } if (++challenge_count <= sysctl_tcp_challenge_ack_limit) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK); tcp_send_ack(sk); } }",visit repo url,net/ipv4/tcp_input.c,https://github.com/torvalds/linux,158220914364462,1 4641,['CWE-399'],"int ext4_get_block(struct inode *inode, sector_t iblock, struct buffer_head *bh_result, int create) { handle_t *handle = ext4_journal_current_handle(); int ret = 0, started = 0; unsigned max_blocks = bh_result->b_size >> inode->i_blkbits; int dio_credits; if (create && !handle) { if (max_blocks > DIO_MAX_BLOCKS) max_blocks = DIO_MAX_BLOCKS; dio_credits = ext4_chunk_trans_blocks(inode, max_blocks); handle = ext4_journal_start(inode, dio_credits); if (IS_ERR(handle)) { ret = PTR_ERR(handle); goto out; } started = 1; } ret = ext4_get_blocks_wrap(handle, inode, iblock, max_blocks, bh_result, create, 0, 0); if (ret > 0) { bh_result->b_size = (ret << inode->i_blkbits); ret = 0; } if (started) ext4_journal_stop(handle); out: return ret; }",linux-2.6,,,88152851398479755587021725172343068292,0 1759,[],"unsigned long nr_active(void) { unsigned long i, running = 0, uninterruptible = 0; for_each_online_cpu(i) { running += cpu_rq(i)->nr_running; uninterruptible += cpu_rq(i)->nr_uninterruptible; } if (unlikely((long)uninterruptible < 0)) uninterruptible = 0; return running + uninterruptible; }",linux-2.6,,,218044779185562031984264064176032133916,0 4019,CWE-787,"local block_state deflate_rle(s, flush) deflate_state *s; int flush; { int bflush; uInt prev; Bytef *scan, *strend; for (;;) { if (s->lookahead <= MAX_MATCH) { fill_window(s); if (s->lookahead <= MAX_MATCH && flush == Z_NO_FLUSH) { return need_more; } if (s->lookahead == 0) break; } s->match_length = 0; if (s->lookahead >= MIN_MATCH && s->strstart > 0) { scan = s->window + s->strstart - 1; prev = *scan; if (prev == *++scan && prev == *++scan && prev == *++scan) { strend = s->window + s->strstart + MAX_MATCH; do { } while (prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && prev == *++scan && scan < strend); s->match_length = MAX_MATCH - (uInt)(strend - scan); if (s->match_length > s->lookahead) s->match_length = s->lookahead; } Assert(scan <= s->window+(uInt)(s->window_size-1), ""wild scan""); } if (s->match_length >= MIN_MATCH) { check_match(s, s->strstart, s->strstart - 1, s->match_length); _tr_tally_dist(s, 1, s->match_length - MIN_MATCH, bflush); s->lookahead -= s->match_length; s->strstart += s->match_length; s->match_length = 0; } else { Tracevv((stderr,""%c"", s->window[s->strstart])); _tr_tally_lit (s, s->window[s->strstart], bflush); s->lookahead--; s->strstart++; } if (bflush) FLUSH_BLOCK(s, 0); } s->insert = 0; if (flush == Z_FINISH) { FLUSH_BLOCK(s, 1); return finish_done; } if (s->last_lit) FLUSH_BLOCK(s, 0); return block_done; }",visit repo url,deflate.c,https://github.com/madler/zlib,62862078388107,1 1136,['CWE-399'],"long arch_ptrace(struct task_struct *child, long request, long addr, long data) { ptrace_area parea; int copied, ret; switch (request) { case PTRACE_PEEKTEXT: case PTRACE_PEEKDATA: addr &= PSW_ADDR_INSN; return generic_ptrace_peekdata(child, addr, data); case PTRACE_PEEKUSR: return peek_user(child, addr, data); case PTRACE_POKETEXT: case PTRACE_POKEDATA: addr &= PSW_ADDR_INSN; return generic_ptrace_pokedata(child, addr, data); case PTRACE_POKEUSR: return poke_user(child, addr, data); case PTRACE_PEEKUSR_AREA: case PTRACE_POKEUSR_AREA: if (copy_from_user(&parea, (void __force __user *) addr, sizeof(parea))) return -EFAULT; addr = parea.kernel_addr; data = parea.process_addr; copied = 0; while (copied < parea.len) { if (request == PTRACE_PEEKUSR_AREA) ret = peek_user(child, addr, data); else { addr_t utmp; if (get_user(utmp, (addr_t __force __user *) data)) return -EFAULT; ret = poke_user(child, addr, utmp); } if (ret) return ret; addr += sizeof(unsigned long); data += sizeof(unsigned long); copied += sizeof(unsigned long); } return 0; } return ptrace_request(child, request, addr, data); }",linux-2.6,,,23235890419714497513422566538207027849,0 2609,[],"static int sctp_setsockopt_delayed_ack(struct sock *sk, char __user *optval, int optlen) { struct sctp_sack_info params; struct sctp_transport *trans = NULL; struct sctp_association *asoc = NULL; struct sctp_sock *sp = sctp_sk(sk); if (optlen == sizeof(struct sctp_sack_info)) { if (copy_from_user(¶ms, optval, optlen)) return -EFAULT; if (params.sack_delay == 0 && params.sack_freq == 0) return 0; } else if (optlen == sizeof(struct sctp_assoc_value)) { printk(KERN_WARNING ""SCTP: Use of struct sctp_sack_info "" ""in delayed_ack socket option deprecated\n""); printk(KERN_WARNING ""SCTP: struct sctp_sack_info instead\n""); if (copy_from_user(¶ms, optval, optlen)) return -EFAULT; if (params.sack_delay == 0) params.sack_freq = 1; else params.sack_freq = 0; } else return - EINVAL; if (params.sack_delay > 500) return -EINVAL; asoc = sctp_id2assoc(sk, params.sack_assoc_id); if (!asoc && params.sack_assoc_id && sctp_style(sk, UDP)) return -EINVAL; if (params.sack_delay) { if (asoc) { asoc->sackdelay = msecs_to_jiffies(params.sack_delay); asoc->param_flags = (asoc->param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_ENABLE; } else { sp->sackdelay = params.sack_delay; sp->param_flags = (sp->param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_ENABLE; } } if (params.sack_freq == 1) { if (asoc) { asoc->param_flags = (asoc->param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_DISABLE; } else { sp->param_flags = (sp->param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_DISABLE; } } else if (params.sack_freq > 1) { if (asoc) { asoc->sackfreq = params.sack_freq; asoc->param_flags = (asoc->param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_ENABLE; } else { sp->sackfreq = params.sack_freq; sp->param_flags = (sp->param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_ENABLE; } } if (asoc) { list_for_each_entry(trans, &asoc->peer.transport_addr_list, transports) { if (params.sack_delay) { trans->sackdelay = msecs_to_jiffies(params.sack_delay); trans->param_flags = (trans->param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_ENABLE; } if (params.sack_freq == 1) { trans->param_flags = (trans->param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_DISABLE; } else if (params.sack_freq > 1) { trans->sackfreq = params.sack_freq; trans->param_flags = (trans->param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_ENABLE; } } } return 0; }",linux-2.6,,,233471593313092561565687993504863050993,0 5399,['CWE-476'],"static u32 get_tss_base_addr(struct kvm_vcpu *vcpu, struct desc_struct *seg_desc) { u32 base_addr; base_addr = seg_desc->base0; base_addr |= (seg_desc->base1 << 16); base_addr |= (seg_desc->base2 << 24); return vcpu->arch.mmu.gva_to_gpa(vcpu, base_addr); }",linux-2.6,,,23533736763389148288254300056053613039,0 6589,CWE-787,"static RzList *entries(RzBinFile *bf) { if (!bf) { return NULL; } LuacBinInfo *bin_info_obj = GET_INTERNAL_BIN_INFO_OBJ(bf); if (!bin_info_obj) { return NULL; } return bin_info_obj->entry_list; }",visit repo url,librz/bin/p/bin_luac.c,https://github.com/rizinorg/rizin,239627337599470,1 2208,['CWE-193'],"int generic_file_mmap(struct file * file, struct vm_area_struct * vma) { struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) return -ENOEXEC; file_accessed(file); vma->vm_ops = &generic_file_vm_ops; vma->vm_flags |= VM_CAN_NONLINEAR; return 0; }",linux-2.6,,,159130227368222013951037943543999134948,0 6734,['CWE-310'],"wireless_get_more_info (NMDevice *device, NMConnection *connection, NMApplet *applet, gpointer user_data) { WirelessMenuItemInfo *info = (WirelessMenuItemInfo *) user_data; GtkWidget *dialog; dialog = nma_wireless_dialog_new (applet, connection, device, info->ap); g_return_if_fail (dialog != NULL); g_signal_connect (dialog, ""response"", G_CALLBACK (wireless_dialog_response_cb), applet); show_ignore_focus_stealing_prevention (dialog); }",network-manager-applet,,,176021730779793618821788924912705569552,0 2650,[],"SCTP_STATIC int sctp_getsockopt(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { int retval = 0; int len; SCTP_DEBUG_PRINTK(""sctp_getsockopt(sk: %p... optname: %d)\n"", sk, optname); if (level != SOL_SCTP) { struct sctp_af *af = sctp_sk(sk)->pf->af; retval = af->getsockopt(sk, level, optname, optval, optlen); return retval; } if (get_user(len, optlen)) return -EFAULT; sctp_lock_sock(sk); switch (optname) { case SCTP_STATUS: retval = sctp_getsockopt_sctp_status(sk, len, optval, optlen); break; case SCTP_DISABLE_FRAGMENTS: retval = sctp_getsockopt_disable_fragments(sk, len, optval, optlen); break; case SCTP_EVENTS: retval = sctp_getsockopt_events(sk, len, optval, optlen); break; case SCTP_AUTOCLOSE: retval = sctp_getsockopt_autoclose(sk, len, optval, optlen); break; case SCTP_SOCKOPT_PEELOFF: retval = sctp_getsockopt_peeloff(sk, len, optval, optlen); break; case SCTP_PEER_ADDR_PARAMS: retval = sctp_getsockopt_peer_addr_params(sk, len, optval, optlen); break; case SCTP_DELAYED_ACK: retval = sctp_getsockopt_delayed_ack(sk, len, optval, optlen); break; case SCTP_INITMSG: retval = sctp_getsockopt_initmsg(sk, len, optval, optlen); break; case SCTP_GET_PEER_ADDRS_NUM_OLD: retval = sctp_getsockopt_peer_addrs_num_old(sk, len, optval, optlen); break; case SCTP_GET_LOCAL_ADDRS_NUM_OLD: retval = sctp_getsockopt_local_addrs_num_old(sk, len, optval, optlen); break; case SCTP_GET_PEER_ADDRS_OLD: retval = sctp_getsockopt_peer_addrs_old(sk, len, optval, optlen); break; case SCTP_GET_LOCAL_ADDRS_OLD: retval = sctp_getsockopt_local_addrs_old(sk, len, optval, optlen); break; case SCTP_GET_PEER_ADDRS: retval = sctp_getsockopt_peer_addrs(sk, len, optval, optlen); break; case SCTP_GET_LOCAL_ADDRS: retval = sctp_getsockopt_local_addrs(sk, len, optval, optlen); break; case SCTP_DEFAULT_SEND_PARAM: retval = sctp_getsockopt_default_send_param(sk, len, optval, optlen); break; case SCTP_PRIMARY_ADDR: retval = sctp_getsockopt_primary_addr(sk, len, optval, optlen); break; case SCTP_NODELAY: retval = sctp_getsockopt_nodelay(sk, len, optval, optlen); break; case SCTP_RTOINFO: retval = sctp_getsockopt_rtoinfo(sk, len, optval, optlen); break; case SCTP_ASSOCINFO: retval = sctp_getsockopt_associnfo(sk, len, optval, optlen); break; case SCTP_I_WANT_MAPPED_V4_ADDR: retval = sctp_getsockopt_mappedv4(sk, len, optval, optlen); break; case SCTP_MAXSEG: retval = sctp_getsockopt_maxseg(sk, len, optval, optlen); break; case SCTP_GET_PEER_ADDR_INFO: retval = sctp_getsockopt_peer_addr_info(sk, len, optval, optlen); break; case SCTP_ADAPTATION_LAYER: retval = sctp_getsockopt_adaptation_layer(sk, len, optval, optlen); break; case SCTP_CONTEXT: retval = sctp_getsockopt_context(sk, len, optval, optlen); break; case SCTP_FRAGMENT_INTERLEAVE: retval = sctp_getsockopt_fragment_interleave(sk, len, optval, optlen); break; case SCTP_PARTIAL_DELIVERY_POINT: retval = sctp_getsockopt_partial_delivery_point(sk, len, optval, optlen); break; case SCTP_MAX_BURST: retval = sctp_getsockopt_maxburst(sk, len, optval, optlen); break; case SCTP_AUTH_KEY: case SCTP_AUTH_CHUNK: case SCTP_AUTH_DELETE_KEY: retval = -EOPNOTSUPP; break; case SCTP_HMAC_IDENT: retval = sctp_getsockopt_hmac_ident(sk, len, optval, optlen); break; case SCTP_AUTH_ACTIVE_KEY: retval = sctp_getsockopt_active_key(sk, len, optval, optlen); break; case SCTP_PEER_AUTH_CHUNKS: retval = sctp_getsockopt_peer_auth_chunks(sk, len, optval, optlen); break; case SCTP_LOCAL_AUTH_CHUNKS: retval = sctp_getsockopt_local_auth_chunks(sk, len, optval, optlen); break; default: retval = -ENOPROTOOPT; break; } sctp_release_sock(sk); return retval; }",linux-2.6,,,239534037075657044220085343622840106392,0 4508,CWE-476,"static void gf_dump_vrml_dyn_field(GF_SceneDumper *sdump, GF_Node *node, GF_FieldInfo field, Bool has_sublist) { u32 i, sf_type; void *slot_ptr; if (gf_sg_vrml_is_sf_field(field.fieldType)) { DUMP_IND(sdump); if (sdump->XMLDump) { if (sdump->X3DDump) { gf_fprintf(sdump->trace, ""trace, ""X3DDump) { gf_fprintf(sdump->trace, "">\n""); sdump->indent++; gf_fprintf(sdump->trace, """"); gf_dump_vrml_node(sdump, field.far_ptr ? *(GF_Node **)field.far_ptr : NULL, 0, NULL); gf_fprintf(sdump->trace, """"); sdump->indent--; if (!has_sublist) gf_fprintf(sdump->trace, ""\n""); } else { if (field.far_ptr) { gf_fprintf(sdump->trace, "">\n""); gf_dump_vrml_node(sdump, *(GF_Node **)field.far_ptr, 0, NULL); gf_fprintf(sdump->trace, ""\n""); } else { gf_fprintf(sdump->trace, ""/>\n""); } } DUMP_IND(sdump); } else { if (sdump->X3DDump) { gf_fprintf(sdump->trace, "" value=\""""); } else { gf_fprintf(sdump->trace, "" %s=\"""", GetXMTFieldTypeValueName(field.fieldType)); } if (field.far_ptr) gf_dump_vrml_sffield(sdump, field.fieldType, field.far_ptr, 0, node); if (has_sublist) gf_fprintf(sdump->trace, ""\"">\n""); else gf_fprintf(sdump->trace, ""\""/>\n""); } } else { gf_fprintf(sdump->trace, ""/>\n""); } } else { gf_fprintf(sdump->trace, ""%s %s %s"", gf_sg_vrml_get_event_type_name(field.eventType, sdump->X3DDump), gf_sg_vrml_get_field_type_name(field.fieldType), field.name); if ((field.eventType==GF_SG_EVENT_FIELD) || (field.eventType==GF_SG_EVENT_EXPOSED_FIELD)) { gf_fprintf(sdump->trace, "" ""); if (field.fieldType == GF_SG_VRML_SFNODE) { gf_dump_vrml_node(sdump, field.far_ptr ? *(GF_Node **)field.far_ptr : NULL, 0, NULL); } else if (field.far_ptr) { gf_dump_vrml_simple_field(sdump, field, node); } } gf_fprintf(sdump->trace, ""\n""); } } else if (field.far_ptr) { GenMFField *mffield = (GenMFField *) field.far_ptr; sf_type = gf_sg_vrml_get_sf_type(field.fieldType); DUMP_IND(sdump); if (!sdump->XMLDump) { gf_fprintf(sdump->trace, ""%s %s %s"", gf_sg_vrml_get_event_type_name(field.eventType, sdump->X3DDump), gf_sg_vrml_get_field_type_name(field.fieldType), field.name); if ((field.eventType==GF_SG_EVENT_FIELD) || (field.eventType==GF_SG_EVENT_EXPOSED_FIELD)) { gf_fprintf(sdump->trace, "" [""); if (sf_type == GF_SG_VRML_SFNODE) { GF_ChildNodeItem *l = *(GF_ChildNodeItem **)field.far_ptr; gf_fprintf(sdump->trace, ""\n""); sdump->indent++; while (l) { gf_dump_vrml_node(sdump, l->node, 1, NULL); l = l->next; } sdump->indent--; DUMP_IND(sdump); } else { for (i=0; icount; i++) { if (i) gf_fprintf(sdump->trace, "" ""); if (field.fieldType != GF_SG_VRML_MFNODE) { gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, (mffield->count>1) ? 1 : 0, node); } } } gf_fprintf(sdump->trace, ""]""); } gf_fprintf(sdump->trace, ""\n""); } else { if (sdump->X3DDump) { gf_fprintf(sdump->trace, ""trace, ""trace, "">\n""); sdump->indent++; if (!sdump->X3DDump) gf_fprintf(sdump->trace, """"); while (list) { gf_dump_vrml_node(sdump, list->node, 1, NULL); list = list->next; } if (!sdump->X3DDump) gf_fprintf(sdump->trace, """"); sdump->indent++; DUMP_IND(sdump); if (!has_sublist) gf_fprintf(sdump->trace, ""\n""); } else { if (sdump->X3DDump) { gf_fprintf(sdump->trace, "" value=\""""); } else { gf_fprintf(sdump->trace, "" %s=\"""", GetXMTFieldTypeValueName(field.fieldType)); } for (i=0; icount; i++) { if (i) gf_fprintf(sdump->trace, "" ""); if (field.fieldType != GF_SG_VRML_MFNODE) { gf_sg_vrml_mf_get_item(field.far_ptr, field.fieldType, &slot_ptr, i); gf_dump_vrml_sffield(sdump, sf_type, slot_ptr, (mffield->count>1) ? 1 : 0, node); } } if (has_sublist) gf_fprintf(sdump->trace, ""\"">\n""); else gf_fprintf(sdump->trace, ""\""/>\n""); } } else { gf_fprintf(sdump->trace, ""/>\n""); } } } }",visit repo url,src/scene_manager/scene_dump.c,https://github.com/gpac/gpac,210623132152121,1 4568,['CWE-399'],"int ext4_write_inode(struct inode *inode, int wait) { if (current->flags & PF_MEMALLOC) return 0; if (ext4_journal_current_handle()) { jbd_debug(1, ""called recursively, non-PF_MEMALLOC!\n""); dump_stack(); return -EIO; } if (!wait) return 0; return ext4_force_commit(inode->i_sb); }",linux-2.6,,,236294027782630884833383463195180402854,0 4461,CWE-787,"static void WritePixels(struct ngiflib_img * i, struct ngiflib_decode_context * context, const u8 * pixels, u16 n) { u16 tocopy; struct ngiflib_gif * p = i->parent; while(n > 0) { tocopy = (context->Xtogo < n) ? context->Xtogo : n; if(!i->gce.transparent_flag) { #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif ngiflib_memcpy(context->frbuff_p.p8, pixels, tocopy); pixels += tocopy; context->frbuff_p.p8 += tocopy; #ifndef NGIFLIB_INDEXED_ONLY } else { int j; for(j = (int)tocopy; j > 0; j--) { *(context->frbuff_p.p32++) = GifIndexToTrueColor(i->palette, *pixels++); } } #endif } else { int j; #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif for(j = (int)tocopy; j > 0; j--) { if(*pixels != i->gce.transparent_color) *context->frbuff_p.p8 = *pixels; pixels++; context->frbuff_p.p8++; } #ifndef NGIFLIB_INDEXED_ONLY } else { for(j = (int)tocopy; j > 0; j--) { if(*pixels != i->gce.transparent_color) { *context->frbuff_p.p32 = GifIndexToTrueColor(i->palette, *pixels); } pixels++; context->frbuff_p.p32++; } } #endif } context->Xtogo -= tocopy; if(context->Xtogo == 0) { #ifdef NGIFLIB_ENABLE_CALLBACKS if(p->line_cb) p->line_cb(p, context->line_p, context->curY); #endif context->Xtogo = i->width; switch(context->pass) { case 0: context->curY++; break; case 1: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 4; } break; case 2: context->curY += 8; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 2; } break; case 3: context->curY += 4; if(context->curY >= p->height) { context->pass++; context->curY = i->posY + 1; } break; case 4: context->curY += 2; break; } #ifndef NGIFLIB_INDEXED_ONLY if(p->mode & NGIFLIB_MODE_INDEXED) { #endif #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width; context->frbuff_p.p8 = context->line_p.p8 + i->posX; #else context->frbuff_p.p8 = p->frbuff.p8 + (u32)context->curY*p->width + i->posX; #endif #ifndef NGIFLIB_INDEXED_ONLY } else { #ifdef NGIFLIB_ENABLE_CALLBACKS context->line_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width; context->frbuff_p.p32 = context->line_p.p32 + i->posX; #else context->frbuff_p.p32 = p->frbuff.p32 + (u32)context->curY*p->width + i->posX; #endif } #endif } n -= tocopy; } }",visit repo url,ngiflib.c,https://github.com/miniupnp/ngiflib,251883954057110,1 5230,['CWE-264'],"static void print_canon_ace_list(const char *name, canon_ace *ace_list) { int count = 0; if( DEBUGLVL( 10 )) { dbgtext( ""print_canon_ace_list: %s\n"", name ); for (;ace_list; ace_list = ace_list->next, count++) print_canon_ace(ace_list, count ); } }",samba,,,26088297660077108034287031504316722098,0 1758,[],"static inline void __set_task_cpu(struct task_struct *p, unsigned int cpu) { set_task_rq(p, cpu); #ifdef CONFIG_SMP smp_wmb(); task_thread_info(p)->cpu = cpu; #endif }",linux-2.6,,,338771221647904258419971124183229451713,0 3423,['CWE-264'],"static long do_sys_truncate(const char __user * path, loff_t length) { struct nameidata nd; struct inode * inode; int error; error = -EINVAL; if (length < 0) goto out; error = user_path_walk(path, &nd); if (error) goto out; inode = nd.dentry->d_inode; error = -EISDIR; if (S_ISDIR(inode->i_mode)) goto dput_and_out; error = -EINVAL; if (!S_ISREG(inode->i_mode)) goto dput_and_out; error = vfs_permission(&nd, MAY_WRITE); if (error) goto dput_and_out; error = -EROFS; if (IS_RDONLY(inode)) goto dput_and_out; error = -EPERM; if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) goto dput_and_out; error = break_lease(inode, FMODE_WRITE); if (error) goto dput_and_out; error = get_write_access(inode); if (error) goto dput_and_out; error = locks_verify_truncate(inode, NULL, length); if (!error) { DQUOT_INIT(inode); error = do_truncate(nd.dentry, length, 0, NULL); } put_write_access(inode); dput_and_out: path_release(&nd); out: return error; }",linux-2.6,,,339064139938020928213570964239991300331,0 6061,['CWE-200'],"static void addrconf_dad_timer(unsigned long data) { struct inet6_ifaddr *ifp = (struct inet6_ifaddr *) data; struct inet6_dev *idev = ifp->idev; struct in6_addr unspec; struct in6_addr mcaddr; read_lock_bh(&idev->lock); if (idev->dead) { read_unlock_bh(&idev->lock); goto out; } spin_lock_bh(&ifp->lock); if (ifp->probes == 0) { ifp->flags &= ~IFA_F_TENTATIVE; spin_unlock_bh(&ifp->lock); read_unlock_bh(&idev->lock); addrconf_dad_completed(ifp); goto out; } ifp->probes--; addrconf_mod_timer(ifp, AC_DAD, ifp->idev->nd_parms->retrans_time); spin_unlock_bh(&ifp->lock); read_unlock_bh(&idev->lock); memset(&unspec, 0, sizeof(unspec)); addrconf_addr_solict_mult(&ifp->addr, &mcaddr); ndisc_send_ns(ifp->idev->dev, NULL, &ifp->addr, &mcaddr, &unspec); out: in6_ifa_put(ifp); }",linux-2.6,,,114352665499792686645269825886943259139,0 6033,CWE-476,"print_actuals_and_locals(Dwarf_Debug dbg, Dwarf_Line_Context line_context, Dwarf_Unsigned bogus_bytes_count, Dwarf_Small *bogus_bytes_ptr, Dwarf_Small *orig_line_ptr, Dwarf_Small *line_ptr, Dwarf_Small *section_start, Dwarf_Small *line_ptr_actuals, Dwarf_Small *line_ptr_end, Dwarf_Half address_size, int * err_count_out, Dwarf_Error *error) { int res = 0; dwarfstring m8; Dwarf_Unsigned offset = 0; dwarfstring_constructor(&m8); if (bogus_bytes_count > 0) { Dwarf_Unsigned wcount = bogus_bytes_count; Dwarf_Unsigned boffset = bogus_bytes_ptr - section_start; dwarfstring_append_printf_u(&m8, ""*** DWARF CHECK: the line table prologue header_length "" "" is %"" DW_PR_DUu "" too high, we pretend it is smaller."", wcount); dwarfstring_append_printf_u(&m8, ""Section offset: 0x%"" DW_PR_XZEROS DW_PR_DUx, boffset); dwarfstring_append_printf_u(&m8, "" (%"" DW_PR_DUu "") ***\n"", boffset); *err_count_out += 1; } offset = line_ptr - section_start; dwarfstring_append_printf_u(&m8, "" statement prog offset in section: 0x%"" DW_PR_XZEROS DW_PR_DUx, offset); dwarfstring_append_printf_u(&m8, "" (%"" DW_PR_DUu "")\n"", offset); _dwarf_printf(dbg,dwarfstring_string(&m8)); dwarfstring_reset(&m8); { Dwarf_Bool doaddrs = false; Dwarf_Bool dolines = true; if (!line_ptr_actuals) { Dwarf_Bool is_single_table = true; Dwarf_Bool is_actuals_table = false; print_line_header(dbg, is_single_table, is_actuals_table); res = read_line_table_program(dbg, line_ptr, line_ptr_end, orig_line_ptr, section_start, line_context, address_size, doaddrs, dolines, is_single_table, is_actuals_table, error, err_count_out); if (res != DW_DLV_OK) { dwarfstring_destructor(&m8); dwarf_srclines_dealloc_b(line_context); return res; } } else { Dwarf_Bool is_single_table = false; Dwarf_Bool is_actuals_table = false; if (line_context->lc_version_number != EXPERIMENTAL_LINE_TABLES_VERSION) { dwarf_srclines_dealloc_b(line_context); dwarfstring_destructor(&m8); _dwarf_error(dbg, error, DW_DLE_VERSION_STAMP_ERROR); return (DW_DLV_ERROR); } print_line_header(dbg, is_single_table, is_actuals_table); res = read_line_table_program(dbg, line_ptr, line_ptr_actuals, orig_line_ptr, section_start, line_context, address_size, doaddrs, dolines, is_single_table, is_actuals_table, error,err_count_out); if (res != DW_DLV_OK) { dwarfstring_destructor(&m8); dwarf_srclines_dealloc_b(line_context); return res; } if (line_context->lc_actuals_table_offset > 0) { is_actuals_table = true; print_line_header(dbg, is_single_table, is_actuals_table); res = read_line_table_program(dbg, line_ptr_actuals, line_ptr_end, orig_line_ptr, section_start, line_context, address_size, doaddrs, dolines, is_single_table, is_actuals_table, error, err_count_out); if (res != DW_DLV_OK) { dwarfstring_destructor(&m8); dwarf_srclines_dealloc_b(line_context); return res; } } } } dwarfstring_destructor(&m8); dwarf_srclines_dealloc_b(line_context); return DW_DLV_OK; }",visit repo url,libdwarf/dwarf_print_lines.c,https://github.com/davea42/libdwarf-code,86493796824073,1 6447,[],"file_not_found (void) { const char *error = 0; LT__GETERROR (error); if (error == LT__STRERROR (FILE_NOT_FOUND)) return 1; return 0; }",libtool,,,99106209455646461248096784235578824613,0 4905,CWE-787,"convert_to_decimal (mpn_t a, size_t extra_zeroes) { mp_limb_t *a_ptr = a.limbs; size_t a_len = a.nlimbs; size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1); char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes)); if (c_ptr != NULL) { char *d_ptr = c_ptr; for (; extra_zeroes > 0; extra_zeroes--) *d_ptr++ = '0'; while (a_len > 0) { mp_limb_t remainder = 0; mp_limb_t *ptr = a_ptr + a_len; size_t count; for (count = a_len; count > 0; count--) { mp_twolimb_t num = ((mp_twolimb_t) remainder << GMP_LIMB_BITS) | *--ptr; *ptr = num / 1000000000; remainder = num % 1000000000; } for (count = 9; count > 0; count--) { *d_ptr++ = '0' + (remainder % 10); remainder = remainder / 10; } if (a_ptr[a_len - 1] == 0) a_len--; } while (d_ptr > c_ptr && d_ptr[-1] == '0') d_ptr--; if (d_ptr == c_ptr) *d_ptr++ = '0'; *d_ptr = '\0'; } return c_ptr; }",visit repo url,lib/vasnprintf.c,https://github.com/coreutils/gnulib,272684625700946,1 703,CWE-20,"int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; int err = 0; size_t target, copied = 0; long timeo; if (flags & MSG_OOB) return -EOPNOTSUPP; msg->msg_namelen = 0; BT_DBG(""sk %p size %zu"", sk, size); lock_sock(sk); target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); do { struct sk_buff *skb; int chunk; skb = skb_dequeue(&sk->sk_receive_queue); if (!skb) { if (copied >= target) break; err = sock_error(sk); if (err) break; if (sk->sk_shutdown & RCV_SHUTDOWN) break; err = -EAGAIN; if (!timeo) break; timeo = bt_sock_data_wait(sk, timeo); if (signal_pending(current)) { err = sock_intr_errno(timeo); goto out; } continue; } chunk = min_t(unsigned int, skb->len, size); if (skb_copy_datagram_iovec(skb, 0, msg->msg_iov, chunk)) { skb_queue_head(&sk->sk_receive_queue, skb); if (!copied) copied = -EFAULT; break; } copied += chunk; size -= chunk; sock_recv_ts_and_drops(msg, sk, skb); if (!(flags & MSG_PEEK)) { int skb_len = skb_headlen(skb); if (chunk <= skb_len) { __skb_pull(skb, chunk); } else { struct sk_buff *frag; __skb_pull(skb, skb_len); chunk -= skb_len; skb_walk_frags(skb, frag) { if (chunk <= frag->len) { skb->len -= chunk; skb->data_len -= chunk; __skb_pull(frag, chunk); break; } else if (frag->len) { chunk -= frag->len; skb->len -= frag->len; skb->data_len -= frag->len; __skb_pull(frag, frag->len); } } } if (skb->len) { skb_queue_head(&sk->sk_receive_queue, skb); break; } kfree_skb(skb); } else { skb_queue_head(&sk->sk_receive_queue, skb); break; } } while (size); out: release_sock(sk); return copied ? : err; }",visit repo url,net/bluetooth/af_bluetooth.c,https://github.com/torvalds/linux,130876190644773,1 3934,['CWE-362'],"void audit_free_rule_rcu(struct rcu_head *head) { struct audit_entry *e = container_of(head, struct audit_entry, rcu); audit_free_rule(e); }",linux-2.6,,,244682505317071119449110164102474854309,0 3307,CWE-667,"tdirenter( struct tmount *tm, struct tmpnode *dir, char *name, enum de_op op, struct tmpnode *fromparent, struct tmpnode *tp, struct vattr *va, struct tmpnode **tpp, struct cred *cred, caller_context_t *ctp) { struct tdirent *tdp; struct tmpnode *found = NULL; int error = 0; char *s; ASSERT(RW_WRITE_HELD(&dir->tn_rwlock)); ASSERT(dir->tn_type == VDIR); for (s = name; *s; s++) if (*s == '/') return (EACCES); if (name[0] == '\0') panic(""tdirenter: NULL name""); if (op == DE_LINK || op == DE_RENAME) { if (tp != dir) rw_enter(&tp->tn_rwlock, RW_WRITER); mutex_enter(&tp->tn_tlock); if (tp->tn_nlink == 0) { mutex_exit(&tp->tn_tlock); if (tp != dir) rw_exit(&tp->tn_rwlock); return (ENOENT); } if (tp->tn_nlink == MAXLINK) { mutex_exit(&tp->tn_tlock); if (tp != dir) rw_exit(&tp->tn_rwlock); return (EMLINK); } tp->tn_nlink++; gethrestime(&tp->tn_ctime); mutex_exit(&tp->tn_tlock); if (tp != dir) rw_exit(&tp->tn_rwlock); } if (dir->tn_nlink == 0) { error = ENOENT; goto out; } if (op == DE_RENAME) { if (tp == dir) { error = EINVAL; goto out; } if (tp->tn_type == VDIR) { if ((fromparent != dir) && (error = tdircheckpath(tp, dir, cred))) { goto out; } } } tdp = tmpfs_hash_lookup(name, dir, 1, &found); if (tdp) { ASSERT(found); switch (op) { case DE_CREATE: case DE_MKDIR: if (tpp) { *tpp = found; error = EEXIST; } else { tmpnode_rele(found); } break; case DE_RENAME: error = tdirrename(fromparent, tp, dir, name, found, tdp, cred); if (error == 0) { if (found != NULL) { vnevent_rename_dest(TNTOV(found), TNTOV(dir), name, ctp); } } tmpnode_rele(found); break; case DE_LINK: error = EEXIST; tmpnode_rele(found); break; } } else { if (error = tmp_taccess(dir, VWRITE, cred)) goto out; if (op == DE_CREATE || op == DE_MKDIR) { error = tdirmaketnode(dir, tm, va, op, &tp, cred); if (error) goto out; } if (error = tdiraddentry(dir, tp, name, op, fromparent)) { if (op == DE_CREATE || op == DE_MKDIR) { rw_enter(&tp->tn_rwlock, RW_WRITER); if ((tp->tn_type) == VDIR) { ASSERT(tdp == NULL); tdirtrunc(tp); } mutex_enter(&tp->tn_tlock); tp->tn_nlink = 0; mutex_exit(&tp->tn_tlock); gethrestime(&tp->tn_ctime); rw_exit(&tp->tn_rwlock); tmpnode_rele(tp); tp = NULL; } } else if (tpp) { *tpp = tp; } else if (op == DE_CREATE || op == DE_MKDIR) { tmpnode_rele(tp); } } out: if (error && (op == DE_LINK || op == DE_RENAME)) { DECR_COUNT(&tp->tn_nlink, &tp->tn_tlock); gethrestime(&tp->tn_ctime); } return (error); }",visit repo url,usr/src/uts/common/fs/tmpfs/tmp_dir.c,https://github.com/illumos/illumos-gate,190625653500846,1 392,[],"pfm_write(struct file *file, const char __user *ubuf, size_t size, loff_t *ppos) { DPRINT((""pfm_write called\n"")); return -EINVAL; }",linux-2.6,,,291674850347191100944134294152757561707,0 4489,['CWE-264'],"static int skfp_close(struct net_device *dev) { struct s_smc *smc = netdev_priv(dev); skfddi_priv *bp = &smc->os; CLI_FBI(); smt_reset_defaults(smc, 1); card_stop(smc); mac_drv_clear_tx_queue(smc); mac_drv_clear_rx_queue(smc); netif_stop_queue(dev); free_irq(dev->irq, dev); skb_queue_purge(&bp->SendSkbQueue); bp->QueueSkb = MAX_TX_QUEUE_LEN; return (0); } ",linux-2.6,,,3304443230158234485474616096160053144,0 3782,[],"static int unix_autobind(struct socket *sock) { struct sock *sk = sock->sk; struct unix_sock *u = unix_sk(sk); static u32 ordernum = 1; struct unix_address * addr; int err; mutex_lock(&u->readlock); err = 0; if (u->addr) goto out; err = -ENOMEM; addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL); if (!addr) goto out; addr->name->sun_family = AF_UNIX; atomic_set(&addr->refcnt, 1); retry: addr->len = sprintf(addr->name->sun_path+1, ""%05x"", ordernum) + 1 + sizeof(short); addr->hash = unix_hash_fold(csum_partial((void*)addr->name, addr->len, 0)); spin_lock(&unix_table_lock); ordernum = (ordernum+1)&0xFFFFF; if (__unix_find_socket_byname(addr->name, addr->len, sock->type, addr->hash)) { spin_unlock(&unix_table_lock); if (!(ordernum&0xFF)) yield(); goto retry; } addr->hash ^= sk->sk_type; __unix_remove_socket(sk); u->addr = addr; __unix_insert_socket(&unix_socket_table[addr->hash], sk); spin_unlock(&unix_table_lock); err = 0; out: mutex_unlock(&u->readlock); return err; }",linux-2.6,,,19292254685388167150482516837554700839,0 921,CWE-20,"static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb, unsigned int dataoff, enum ip_conntrack_info ctinfo, u_int8_t pf, unsigned int hooknum, unsigned int *timeouts) { struct net *net = nf_ct_net(ct); enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); struct dccp_hdr _dh, *dh; u_int8_t type, old_state, new_state; enum ct_dccp_roles role; dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); BUG_ON(dh == NULL); type = dh->dccph_type; if (type == DCCP_PKT_RESET && !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { nf_ct_kill_acct(ct, ctinfo, skb); return NF_ACCEPT; } spin_lock_bh(&ct->lock); role = ct->proto.dccp.role[dir]; old_state = ct->proto.dccp.state; new_state = dccp_state_table[role][type][old_state]; switch (new_state) { case CT_DCCP_REQUEST: if (old_state == CT_DCCP_TIMEWAIT && role == CT_DCCP_ROLE_SERVER) { ct->proto.dccp.role[dir] = CT_DCCP_ROLE_CLIENT; ct->proto.dccp.role[!dir] = CT_DCCP_ROLE_SERVER; } break; case CT_DCCP_RESPOND: if (old_state == CT_DCCP_REQUEST) ct->proto.dccp.handshake_seq = dccp_hdr_seq(dh); break; case CT_DCCP_PARTOPEN: if (old_state == CT_DCCP_RESPOND && type == DCCP_PKT_ACK && dccp_ack_seq(dh) == ct->proto.dccp.handshake_seq) set_bit(IPS_ASSURED_BIT, &ct->status); break; case CT_DCCP_IGNORE: if (ct->proto.dccp.last_dir == !dir && ct->proto.dccp.last_pkt == DCCP_PKT_REQUEST && type == DCCP_PKT_RESPONSE) { ct->proto.dccp.role[!dir] = CT_DCCP_ROLE_CLIENT; ct->proto.dccp.role[dir] = CT_DCCP_ROLE_SERVER; ct->proto.dccp.handshake_seq = dccp_hdr_seq(dh); new_state = CT_DCCP_RESPOND; break; } ct->proto.dccp.last_dir = dir; ct->proto.dccp.last_pkt = type; spin_unlock_bh(&ct->lock); if (LOG_INVALID(net, IPPROTO_DCCP)) nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, ""nf_ct_dccp: invalid packet ignored ""); return NF_ACCEPT; case CT_DCCP_INVALID: spin_unlock_bh(&ct->lock); if (LOG_INVALID(net, IPPROTO_DCCP)) nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, ""nf_ct_dccp: invalid state transition ""); return -NF_ACCEPT; } ct->proto.dccp.last_dir = dir; ct->proto.dccp.last_pkt = type; ct->proto.dccp.state = new_state; spin_unlock_bh(&ct->lock); if (new_state != old_state) nf_conntrack_event_cache(IPCT_PROTOINFO, ct); nf_ct_refresh_acct(ct, ctinfo, skb, timeouts[new_state]); return NF_ACCEPT; }",visit repo url,net/netfilter/nf_conntrack_proto_dccp.c,https://github.com/torvalds/linux,98812764686445,1 6494,CWE-787,"trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) { LOG_INFO(__FUNCTION__); INIT_ERROR_STATE CHECK_STATE(encrypted_dkg_secret); SAFE_CHAR_BUF(dkg_secret, DKG_BUFER_LENGTH); int status = gen_dkg_poly(dkg_secret, _t); CHECK_STATUS(""gen_dkg_poly failed"") status = AES_encrypt(dkg_secret, encrypted_dkg_secret, 3 * BUF_LEN); CHECK_STATUS(""SGX AES encrypt DKG poly failed""); *enc_len = strlen(dkg_secret) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE; SAFE_CHAR_BUF(decr_dkg_secret, DKG_BUFER_LENGTH); status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret, DKG_BUFER_LENGTH); CHECK_STATUS(""aes decrypt dkg poly failed""); if (strcmp(dkg_secret, decr_dkg_secret) != 0) { snprintf(errString, BUF_LEN, ""encrypted poly is not equal to decrypted poly""); LOG_ERROR(errString); *errStatus = -333; goto clean; } SET_SUCCESS clean: ; LOG_INFO(__FUNCTION__ ); LOG_INFO(""SGX call completed""); }",visit repo url,secure_enclave/secure_enclave.c,https://github.com/skalenetwork/sgxwallet,147862515935113,1 2033,NVD-CWE-noinfo,"static void handle_irq_for_port(evtchn_port_t port) { int irq; irq = get_evtchn_to_irq(port); if (irq != -1) generic_handle_irq(irq); }",visit repo url,drivers/xen/events/events_fifo.c,https://github.com/torvalds/linux,98197446939630,1 5412,['CWE-476'],"int kvm_fix_hypercall(struct kvm_vcpu *vcpu) { char instruction[3]; int ret = 0; unsigned long rip = kvm_rip_read(vcpu); kvm_mmu_zap_all(vcpu->kvm); kvm_x86_ops->patch_hypercall(vcpu, instruction); if (emulator_write_emulated(rip, instruction, 3, vcpu) != X86EMUL_CONTINUE) ret = -EFAULT; return ret; }",linux-2.6,,,99823145716195640227286475760862377162,0 2031,NVD-CWE-noinfo,"static void consume_one_event(unsigned cpu, struct evtchn_fifo_control_block *control_block, unsigned priority, unsigned long *ready, bool drop) { struct evtchn_fifo_queue *q = &per_cpu(cpu_queue, cpu); uint32_t head; evtchn_port_t port; event_word_t *word; head = q->head[priority]; if (head == 0) { virt_rmb(); head = control_block->head[priority]; } port = head; word = event_word_from_port(port); head = clear_linked(word); if (head == 0) clear_bit(priority, ready); if (evtchn_fifo_is_pending(port) && !evtchn_fifo_is_masked(port)) { if (unlikely(drop)) pr_warn(""Dropping pending event for port %u\n"", port); else handle_irq_for_port(port); } q->head[priority] = head; }",visit repo url,drivers/xen/events/events_fifo.c,https://github.com/torvalds/linux,236485855533296,1 5545,CWE-125,"obj2ast_slice(PyObject* obj, slice_ty* out, PyArena* arena) { int isinstance; PyObject *tmp = NULL; if (obj == Py_None) { *out = NULL; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Slice_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty lower; expr_ty upper; expr_ty step; if (exists_not_none(obj, &PyId_lower)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_lower); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &lower, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { lower = NULL; } if (exists_not_none(obj, &PyId_upper)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_upper); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &upper, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { upper = NULL; } if (exists_not_none(obj, &PyId_step)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_step); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &step, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { step = NULL; } *out = Slice(lower, upper, step, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)ExtSlice_type); if (isinstance == -1) { return 1; } if (isinstance) { asdl_seq* dims; if (_PyObject_HasAttrId(obj, &PyId_dims)) { int res; Py_ssize_t len; Py_ssize_t i; tmp = _PyObject_GetAttrId(obj, &PyId_dims); if (tmp == NULL) goto failed; if (!PyList_Check(tmp)) { PyErr_Format(PyExc_TypeError, ""ExtSlice field \""dims\"" must be a list, not a %.200s"", tmp->ob_type->tp_name); goto failed; } len = PyList_GET_SIZE(tmp); dims = _Ta3_asdl_seq_new(len, arena); if (dims == NULL) goto failed; for (i = 0; i < len; i++) { slice_ty value; res = obj2ast_slice(PyList_GET_ITEM(tmp, i), &value, arena); if (res != 0) goto failed; if (len != PyList_GET_SIZE(tmp)) { PyErr_SetString(PyExc_RuntimeError, ""ExtSlice field \""dims\"" changed size during iteration""); goto failed; } asdl_seq_SET(dims, i, value); } Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""dims\"" missing from ExtSlice""); return 1; } *out = ExtSlice(dims, arena); if (*out == NULL) goto failed; return 0; } isinstance = PyObject_IsInstance(obj, (PyObject*)Index_type); if (isinstance == -1) { return 1; } if (isinstance) { expr_ty value; if (_PyObject_HasAttrId(obj, &PyId_value)) { int res; tmp = _PyObject_GetAttrId(obj, &PyId_value); if (tmp == NULL) goto failed; res = obj2ast_expr(tmp, &value, arena); if (res != 0) goto failed; Py_CLEAR(tmp); } else { PyErr_SetString(PyExc_TypeError, ""required field \""value\"" missing from Index""); return 1; } *out = Index(value, arena); if (*out == NULL) goto failed; return 0; } PyErr_Format(PyExc_TypeError, ""expected some sort of slice, but got %R"", obj); failed: Py_XDECREF(tmp); return 1; }",visit repo url,ast3/Python/Python-ast.c,https://github.com/python/typed_ast,77563396714080,1 584,CWE-119,"static inline int ip6_ufo_append_data(struct sock *sk, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), void *from, int length, int hh_len, int fragheaderlen, int transhdrlen, int mtu,unsigned int flags, struct rt6_info *rt) { struct sk_buff *skb; int err; if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { skb = sock_alloc_send_skb(sk, hh_len + fragheaderlen + transhdrlen + 20, (flags & MSG_DONTWAIT), &err); if (skb == NULL) return err; skb_reserve(skb, hh_len); skb_put(skb,fragheaderlen + transhdrlen); skb_reset_network_header(skb); skb->transport_header = skb->network_header + fragheaderlen; skb->protocol = htons(ETH_P_IPV6); skb->ip_summed = CHECKSUM_PARTIAL; skb->csum = 0; } err = skb_append_datato_frags(sk,skb, getfrag, from, (length - transhdrlen)); if (!err) { struct frag_hdr fhdr; skb_shinfo(skb)->gso_size = (mtu - fragheaderlen - sizeof(struct frag_hdr)) & ~7; skb_shinfo(skb)->gso_type = SKB_GSO_UDP; ipv6_select_ident(&fhdr, rt); skb_shinfo(skb)->ip6_frag_id = fhdr.identification; __skb_queue_tail(&sk->sk_write_queue, skb); return 0; } kfree_skb(skb); return err; }",visit repo url,net/ipv6/ip6_output.c,https://github.com/torvalds/linux,236040461928265,1 5625,[],"static void print_fatal_signal(struct pt_regs *regs, int signr) { printk(""%s/%d: potentially unexpected fatal signal %d.\n"", current->comm, task_pid_nr(current), signr); #if defined(__i386__) && !defined(__arch_um__) printk(""code at %08lx: "", regs->ip); { int i; for (i = 0; i < 16; i++) { unsigned char insn; __get_user(insn, (unsigned char *)(regs->ip + i)); printk(""%02x "", insn); } } #endif printk(""\n""); preempt_disable(); show_regs(regs); preempt_enable(); }",linux-2.6,,,68895084478347306700112382277911558401,0 295,[],"static int do_kdfontop_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg, struct file *file) { struct console_font_op op; struct console_font_op32 __user *fontop = compat_ptr(arg); int perm = vt_check(file), i; struct vc_data *vc; if (perm < 0) return perm; if (copy_from_user(&op, fontop, sizeof(struct console_font_op32))) return -EFAULT; if (!perm && op.op != KD_FONT_OP_GET) return -EPERM; op.data = compat_ptr(((struct console_font_op32 *)&op)->data); op.flags |= KD_FONT_FLAG_OLD; vc = ((struct tty_struct *)file->private_data)->driver_data; i = con_font_op(vc, &op); if (i) return i; ((struct console_font_op32 *)&op)->data = (unsigned long)op.data; if (copy_to_user(fontop, &op, sizeof(struct console_font_op32))) return -EFAULT; return 0; }",linux-2.6,,,92369773754683762369915335088210343005,0 770,['CWE-119'],"isdn_net_xmit(struct net_device *ndev, struct sk_buff *skb) { isdn_net_dev *nd; isdn_net_local *slp; isdn_net_local *lp = (isdn_net_local *) ndev->priv; int retv = 0; if (((isdn_net_local *) (ndev->priv))->master) { printk(""isdn BUG at %s:%d!\n"", __FILE__, __LINE__); dev_kfree_skb(skb); return 0; } #ifdef CONFIG_ISDN_PPP if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP) { return isdn_ppp_xmit(skb, ndev); } #endif nd = ((isdn_net_local *) ndev->priv)->netdev; lp = isdn_net_get_locked_lp(nd); if (!lp) { printk(KERN_WARNING ""%s: all channels busy - requeuing!\n"", ndev->name); return 1; } lp->huptimer = 0; isdn_net_writebuf_skb(lp, skb); spin_unlock_bh(&lp->xmit_lock); if (lp->cps > lp->triggercps) { if (lp->slave) { if (!lp->sqfull) { lp->sqfull = 1; lp->sqfull_stamp = jiffies; } else { if (time_after(jiffies, lp->sqfull_stamp + lp->slavedelay)) { slp = lp->slave->priv; if (!(slp->flags & ISDN_NET_CONNECTED)) { isdn_net_force_dial_lp((isdn_net_local *) lp->slave->priv); } } } } } else { if (lp->sqfull && time_after(jiffies, lp->sqfull_stamp + lp->slavedelay + (10 * HZ))) { lp->sqfull = 0; } nd->queue = nd->local; } return retv; }",linux-2.6,,,194073431443426351430674760057839097358,0 2844,['CWE-119'],"low_mode_from_nfs4(u32 perm, unsigned short *mode, unsigned int flags) { u32 write_mode = NFS4_WRITE_MODE; if (flags & NFS4_ACL_DIR) write_mode |= NFS4_ACE_DELETE_CHILD; *mode = 0; if ((perm & NFS4_READ_MODE) == NFS4_READ_MODE) *mode |= ACL_READ; if ((perm & write_mode) == write_mode) *mode |= ACL_WRITE; if ((perm & NFS4_EXECUTE_MODE) == NFS4_EXECUTE_MODE) *mode |= ACL_EXECUTE; }",linux-2.6,,,272875488880596201336922024714278408210,0 394,[],"pfm_unprotect_ctx_ctxsw(pfm_context_t *x, unsigned long f) { spin_unlock(&(x)->ctx_lock); }",linux-2.6,,,256548832609384834078296073579540564977,0 1013,['CWE-94'],"static int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf, struct splice_desc *sd) { struct file *file = sd->u.file; struct address_space *mapping = file->f_mapping; unsigned int offset, this_len; struct page *page; void *fsdata; int ret; ret = buf->ops->confirm(pipe, buf); if (unlikely(ret)) return ret; offset = sd->pos & ~PAGE_CACHE_MASK; this_len = sd->len; if (this_len + offset > PAGE_CACHE_SIZE) this_len = PAGE_CACHE_SIZE - offset; ret = pagecache_write_begin(file, mapping, sd->pos, this_len, AOP_FLAG_UNINTERRUPTIBLE, &page, &fsdata); if (unlikely(ret)) goto out; if (buf->page != page) { char *src = buf->ops->map(pipe, buf, 1); char *dst = kmap_atomic(page, KM_USER1); memcpy(dst + offset, src + buf->offset, this_len); flush_dcache_page(page); kunmap_atomic(dst, KM_USER1); buf->ops->unmap(pipe, buf, src); } ret = pagecache_write_end(file, mapping, sd->pos, this_len, this_len, page, fsdata); out: return ret; }",linux-2.6,,,326276108741704301622429031466527430105,0 5364,['CWE-476'],"int emulator_write_emulated(unsigned long addr, const void *val, unsigned int bytes, struct kvm_vcpu *vcpu) { if (((addr + bytes - 1) ^ addr) & PAGE_MASK) { int rc, now; now = -addr & ~PAGE_MASK; rc = emulator_write_emulated_onepage(addr, val, now, vcpu); if (rc != X86EMUL_CONTINUE) return rc; addr += now; val += now; bytes -= now; } return emulator_write_emulated_onepage(addr, val, bytes, vcpu); }",linux-2.6,,,330085715865017128394911875582130384591,0 5438,['CWE-476'],"static int load_segment_descriptor_to_kvm_desct(struct kvm_vcpu *vcpu, u16 selector, struct kvm_segment *kvm_seg) { struct desc_struct seg_desc; if (load_guest_segment_descriptor(vcpu, selector, &seg_desc)) return 1; seg_desct_to_kvm_desct(&seg_desc, selector, kvm_seg); return 0; }",linux-2.6,,,24471688938094238025642588030501573315,0 247,CWE-119,"static void fwnet_receive_broadcast(struct fw_iso_context *context, u32 cycle, size_t header_length, void *header, void *data) { struct fwnet_device *dev; struct fw_iso_packet packet; __be16 *hdr_ptr; __be32 *buf_ptr; int retval; u32 length; u16 source_node_id; u32 specifier_id; u32 ver; unsigned long offset; unsigned long flags; dev = data; hdr_ptr = header; length = be16_to_cpup(hdr_ptr); spin_lock_irqsave(&dev->lock, flags); offset = dev->rcv_buffer_size * dev->broadcast_rcv_next_ptr; buf_ptr = dev->broadcast_rcv_buffer_ptrs[dev->broadcast_rcv_next_ptr++]; if (dev->broadcast_rcv_next_ptr == dev->num_broadcast_rcv_ptrs) dev->broadcast_rcv_next_ptr = 0; spin_unlock_irqrestore(&dev->lock, flags); specifier_id = (be32_to_cpu(buf_ptr[0]) & 0xffff) << 8 | (be32_to_cpu(buf_ptr[1]) & 0xff000000) >> 24; ver = be32_to_cpu(buf_ptr[1]) & 0xffffff; source_node_id = be32_to_cpu(buf_ptr[0]) >> 16; if (specifier_id == IANA_SPECIFIER_ID && (ver == RFC2734_SW_VERSION #if IS_ENABLED(CONFIG_IPV6) || ver == RFC3146_SW_VERSION #endif )) { buf_ptr += 2; length -= IEEE1394_GASP_HDR_SIZE; fwnet_incoming_packet(dev, buf_ptr, length, source_node_id, context->card->generation, true); } packet.payload_length = dev->rcv_buffer_size; packet.interrupt = 1; packet.skip = 0; packet.tag = 3; packet.sy = 0; packet.header_length = IEEE1394_GASP_HDR_SIZE; spin_lock_irqsave(&dev->lock, flags); retval = fw_iso_context_queue(dev->broadcast_rcv_context, &packet, &dev->broadcast_rcv_buffer, offset); spin_unlock_irqrestore(&dev->lock, flags); if (retval >= 0) fw_iso_context_queue_flush(dev->broadcast_rcv_context); else dev_err(&dev->netdev->dev, ""requeue failed\n""); }",visit repo url,drivers/firewire/net.c,https://github.com/torvalds/linux,278533662546238,1 4797,['CWE-399'],"AvahiServerConfig* avahi_server_config_copy(AvahiServerConfig *ret, const AvahiServerConfig *c) { char *d = NULL, *h = NULL; AvahiStringList *browse = NULL, *allow = NULL, *deny = NULL; assert(ret); assert(c); if (c->host_name) if (!(h = avahi_strdup(c->host_name))) return NULL; if (c->domain_name) if (!(d = avahi_strdup(c->domain_name))) { avahi_free(h); return NULL; } if (!(browse = avahi_string_list_copy(c->browse_domains)) && c->browse_domains) { avahi_free(h); avahi_free(d); return NULL; } if (!(allow = avahi_string_list_copy(c->allow_interfaces)) && c->allow_interfaces) { avahi_string_list_free(browse); avahi_free(h); avahi_free(d); return NULL; } if (!(deny = avahi_string_list_copy(c->deny_interfaces)) && c->deny_interfaces) { avahi_string_list_free(allow); avahi_string_list_free(browse); avahi_free(h); avahi_free(d); return NULL; } *ret = *c; ret->host_name = h; ret->domain_name = d; ret->browse_domains = browse; ret->allow_interfaces = allow; ret->deny_interfaces = deny; return ret; }",avahi,,,126890527267177029303955245189699836496,0 4916,CWE-200,"set_umask(const char *optarg) { long umask_long; mode_t umask_val; char *endptr; umask_long = strtoll(optarg, &endptr, 0); if (*endptr || umask_long < 0 || umask_long & ~0777L) { fprintf(stderr, ""Invalid --umask option %s"", optarg); return; } umask_val = umask_long & 0777; umask(umask_val); umask_cmdline = true; return umask_val; }",visit repo url,keepalived/core/main.c,https://github.com/acassen/keepalived,91990920318776,1 4745,CWE-347,"static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, bigint *modulus, bigint *pub_exp) { int i, size; bigint *decrypted_bi, *dat_bi; bigint *bir = NULL; uint8_t *block = (uint8_t *)malloc(sig_len); dat_bi = bi_import(ctx, sig, sig_len); ctx->mod_offset = BIGINT_M_OFFSET; decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp); bi_export(ctx, decrypted_bi, block, sig_len); ctx->mod_offset = BIGINT_M_OFFSET; i = 10; while (block[i++] && i < sig_len); size = sig_len - i; if (size > 0) { int len; const uint8_t *sig_ptr = get_signature(&block[i], &len); if (sig_ptr) { bir = bi_import(ctx, sig_ptr, len); } } free(block); bi_clear_cache(ctx); return bir; }",visit repo url,ssl/x509.c,https://github.com/igrr/axtls-8266,125222013541284,1 4344,['CWE-399'],"static int key_get_type_from_user(char *type, const char __user *_type, unsigned len) { int ret; ret = strncpy_from_user(type, _type, len); if (ret < 0) return -EFAULT; if (ret == 0 || ret >= len) return -EINVAL; if (type[0] == '.') return -EPERM; type[len - 1] = '\0'; return 0; }",linux-2.6,,,114342808805678727959942318649829890115,0 181,CWE-415,"static void free_clt(struct rtrs_clt_sess *clt) { free_permits(clt); free_percpu(clt->pcpu_path); mutex_destroy(&clt->paths_ev_mutex); mutex_destroy(&clt->paths_mutex); device_unregister(&clt->dev); }",visit repo url,drivers/infiniband/ulp/rtrs/rtrs-clt.c,https://github.com/torvalds/linux,209290709329679,1 588,[],"static int bad_file_check_flags(int flags) { return -EIO; }",linux-2.6,,,313534974094196525323430917827318552582,0 263,[],"static int do_i2c_smbus_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) { struct i2c_smbus_ioctl_data __user *tdata; struct i2c_smbus_ioctl_data32 __user *udata; compat_caddr_t datap; tdata = compat_alloc_user_space(sizeof(*tdata)); if (tdata == NULL) return -ENOMEM; if (!access_ok(VERIFY_WRITE, tdata, sizeof(*tdata))) return -EFAULT; udata = compat_ptr(arg); if (!access_ok(VERIFY_READ, udata, sizeof(*udata))) return -EFAULT; if (__copy_in_user(&tdata->read_write, &udata->read_write, 2 * sizeof(u8))) return -EFAULT; if (__copy_in_user(&tdata->size, &udata->size, 2 * sizeof(u32))) return -EFAULT; if (__get_user(datap, &udata->data) || __put_user(compat_ptr(datap), &tdata->data)) return -EFAULT; return sys_ioctl(fd, cmd, (unsigned long)tdata); }",linux-2.6,,,70348705854738821912410694007028360897,0 567,[],"static int bad_inode_setattr(struct dentry *direntry, struct iattr *attrs) { return -EIO; }",linux-2.6,,,261076683895034838292763907497092718382,0 1899,['CWE-20'],"static Elf32_Sym * __init find_symbol32(struct lib32_elfinfo *lib, const char *symname) { unsigned int i; char name[MAX_SYMNAME], *c; for (i = 0; i < (lib->dynsymsize / sizeof(Elf32_Sym)); i++) { if (lib->dynsym[i].st_name == 0) continue; strlcpy(name, lib->dynstr + lib->dynsym[i].st_name, MAX_SYMNAME); c = strchr(name, '@'); if (c) *c = 0; if (strcmp(symname, name) == 0) return &lib->dynsym[i]; } return NULL; }",linux-2.6,,,205031642200599295773036715874063383568,0 1964,CWE-401,"v3d_submit_cl_ioctl(struct drm_device *dev, void *data, struct drm_file *file_priv) { struct v3d_dev *v3d = to_v3d_dev(dev); struct v3d_file_priv *v3d_priv = file_priv->driver_priv; struct drm_v3d_submit_cl *args = data; struct v3d_bin_job *bin = NULL; struct v3d_render_job *render; struct ww_acquire_ctx acquire_ctx; int ret = 0; trace_v3d_submit_cl_ioctl(&v3d->drm, args->rcl_start, args->rcl_end); if (args->pad != 0) { DRM_INFO(""pad must be zero: %d\n"", args->pad); return -EINVAL; } render = kcalloc(1, sizeof(*render), GFP_KERNEL); if (!render) return -ENOMEM; render->start = args->rcl_start; render->end = args->rcl_end; INIT_LIST_HEAD(&render->unref_list); ret = v3d_job_init(v3d, file_priv, &render->base, v3d_render_job_free, args->in_sync_rcl); if (ret) { kfree(render); return ret; } if (args->bcl_start != args->bcl_end) { bin = kcalloc(1, sizeof(*bin), GFP_KERNEL); if (!bin) return -ENOMEM; ret = v3d_job_init(v3d, file_priv, &bin->base, v3d_job_free, args->in_sync_bcl); if (ret) { v3d_job_put(&render->base); return ret; } bin->start = args->bcl_start; bin->end = args->bcl_end; bin->qma = args->qma; bin->qms = args->qms; bin->qts = args->qts; bin->render = render; } ret = v3d_lookup_bos(dev, file_priv, &render->base, args->bo_handles, args->bo_handle_count); if (ret) goto fail; ret = v3d_lock_bo_reservations(&render->base, &acquire_ctx); if (ret) goto fail; mutex_lock(&v3d->sched_lock); if (bin) { ret = v3d_push_job(v3d_priv, &bin->base, V3D_BIN); if (ret) goto fail_unreserve; ret = drm_gem_fence_array_add(&render->base.deps, dma_fence_get(bin->base.done_fence)); if (ret) goto fail_unreserve; } ret = v3d_push_job(v3d_priv, &render->base, V3D_RENDER); if (ret) goto fail_unreserve; mutex_unlock(&v3d->sched_lock); v3d_attach_fences_and_unlock_reservation(file_priv, &render->base, &acquire_ctx, args->out_sync, render->base.done_fence); if (bin) v3d_job_put(&bin->base); v3d_job_put(&render->base); return 0; fail_unreserve: mutex_unlock(&v3d->sched_lock); drm_gem_unlock_reservations(render->base.bo, render->base.bo_count, &acquire_ctx); fail: if (bin) v3d_job_put(&bin->base); v3d_job_put(&render->base); return ret; }",visit repo url,drivers/gpu/drm/v3d/v3d_gem.c,https://github.com/torvalds/linux,64839106627998,1 1179,['CWE-189'],"static void retrigger_next_event(void *arg) { struct hrtimer_cpu_base *base; struct timespec realtime_offset; unsigned long seq; if (!hrtimer_hres_active()) return; do { seq = read_seqbegin(&xtime_lock); set_normalized_timespec(&realtime_offset, -wall_to_monotonic.tv_sec, -wall_to_monotonic.tv_nsec); } while (read_seqretry(&xtime_lock, seq)); base = &__get_cpu_var(hrtimer_bases); spin_lock(&base->lock); base->clock_base[CLOCK_REALTIME].offset = timespec_to_ktime(realtime_offset); hrtimer_force_reprogram(base); spin_unlock(&base->lock); }",linux-2.6,,,284641024854278491770868249271902234632,0 1087,CWE-20,"cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, char *mount_data_global, const char *devname) { int rc; int xid; struct smb_vol *volume_info; struct cifsSesInfo *pSesInfo; struct cifsTconInfo *tcon; struct TCP_Server_Info *srvTcp; char *full_path; char *mount_data = mount_data_global; struct tcon_link *tlink; #ifdef CONFIG_CIFS_DFS_UPCALL struct dfs_info3_param *referrals = NULL; unsigned int num_referrals = 0; int referral_walks_count = 0; try_mount_again: #endif rc = 0; tcon = NULL; pSesInfo = NULL; srvTcp = NULL; full_path = NULL; tlink = NULL; xid = GetXid(); volume_info = kzalloc(sizeof(struct smb_vol), GFP_KERNEL); if (!volume_info) { rc = -ENOMEM; goto out; } if (cifs_parse_mount_options(mount_data, devname, volume_info)) { rc = -EINVAL; goto out; } if (volume_info->nullauth) { cFYI(1, ""null user""); volume_info->username = """"; } else if (volume_info->username) { cFYI(1, ""Username: %s"", volume_info->username); } else { cifserror(""No username specified""); rc = -EINVAL; goto out; } if (volume_info->iocharset == NULL) { volume_info->local_nls = load_nls_default(); } else { volume_info->local_nls = load_nls(volume_info->iocharset); if (volume_info->local_nls == NULL) { cERROR(1, ""CIFS mount error: iocharset %s not found"", volume_info->iocharset); rc = -ELIBACC; goto out; } } cifs_sb->local_nls = volume_info->local_nls; srvTcp = cifs_get_tcp_session(volume_info); if (IS_ERR(srvTcp)) { rc = PTR_ERR(srvTcp); goto out; } pSesInfo = cifs_get_smb_ses(srvTcp, volume_info); if (IS_ERR(pSesInfo)) { rc = PTR_ERR(pSesInfo); pSesInfo = NULL; goto mount_fail_check; } setup_cifs_sb(volume_info, cifs_sb); if (pSesInfo->capabilities & CAP_LARGE_FILES) sb->s_maxbytes = MAX_LFS_FILESIZE; else sb->s_maxbytes = MAX_NON_LFS; sb->s_time_gran = 100; tcon = cifs_get_tcon(pSesInfo, volume_info); if (IS_ERR(tcon)) { rc = PTR_ERR(tcon); tcon = NULL; goto remote_path_check; } if (!tcon->ipc) { CIFSSMBQFSDeviceInfo(xid, tcon); CIFSSMBQFSAttributeInfo(xid, tcon); } if (tcon->ses->capabilities & CAP_UNIX) reset_cifs_unix_caps(xid, tcon, sb, volume_info); else tcon->unix_ext = 0; if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0) convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb)); if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) { cifs_sb->rsize = 1024 * 127; cFYI(DBG2, ""no very large read support, rsize now 127K""); } if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X)) cifs_sb->wsize = min(cifs_sb->wsize, (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE)); if (!(tcon->ses->capabilities & CAP_LARGE_READ_X)) cifs_sb->rsize = min(cifs_sb->rsize, (tcon->ses->server->maxBuf - MAX_CIFS_HDR_SIZE)); remote_path_check: if (!rc && cifs_sb->prepathlen && tcon) { full_path = cifs_build_path_to_root(cifs_sb, tcon); if (full_path == NULL) { rc = -ENOMEM; goto mount_fail_check; } rc = is_path_accessible(xid, tcon, cifs_sb, full_path); if (rc != 0 && rc != -EREMOTE) { kfree(full_path); goto mount_fail_check; } kfree(full_path); } if (rc == -EREMOTE) { #ifdef CONFIG_CIFS_DFS_UPCALL if (referral_walks_count > MAX_NESTED_LINKS) { rc = -ELOOP; goto mount_fail_check; } if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0) convert_delimiter(cifs_sb->prepath, CIFS_DIR_SEP(cifs_sb)); full_path = build_unc_path_to_root(volume_info, cifs_sb); if (IS_ERR(full_path)) { rc = PTR_ERR(full_path); goto mount_fail_check; } cFYI(1, ""Getting referral for: %s"", full_path); rc = get_dfs_path(xid, pSesInfo , full_path + 1, cifs_sb->local_nls, &num_referrals, &referrals, cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR); if (!rc && num_referrals > 0) { char *fake_devname = NULL; if (mount_data != mount_data_global) kfree(mount_data); mount_data = cifs_compose_mount_options( cifs_sb->mountdata, full_path + 1, referrals, &fake_devname); free_dfs_info_array(referrals, num_referrals); kfree(fake_devname); kfree(full_path); if (IS_ERR(mount_data)) { rc = PTR_ERR(mount_data); mount_data = NULL; goto mount_fail_check; } if (tcon) cifs_put_tcon(tcon); else if (pSesInfo) cifs_put_smb_ses(pSesInfo); cleanup_volume_info(&volume_info); referral_walks_count++; FreeXid(xid); goto try_mount_again; } #else rc = -EOPNOTSUPP; #endif } if (rc) goto mount_fail_check; tlink = kzalloc(sizeof *tlink, GFP_KERNEL); if (tlink == NULL) { rc = -ENOMEM; goto mount_fail_check; } tlink->tl_uid = pSesInfo->linux_uid; tlink->tl_tcon = tcon; tlink->tl_time = jiffies; set_bit(TCON_LINK_MASTER, &tlink->tl_flags); set_bit(TCON_LINK_IN_TREE, &tlink->tl_flags); cifs_sb->master_tlink = tlink; spin_lock(&cifs_sb->tlink_tree_lock); tlink_rb_insert(&cifs_sb->tlink_tree, tlink); spin_unlock(&cifs_sb->tlink_tree_lock); queue_delayed_work(system_nrt_wq, &cifs_sb->prune_tlinks, TLINK_IDLE_EXPIRE); mount_fail_check: if (rc) { if (mount_data != mount_data_global) kfree(mount_data); if (tcon) cifs_put_tcon(tcon); else if (pSesInfo) cifs_put_smb_ses(pSesInfo); else cifs_put_tcp_session(srvTcp); goto out; } out: cleanup_volume_info(&volume_info); FreeXid(xid); return rc; }",visit repo url,fs/cifs/connect.c,https://github.com/torvalds/linux,132526662975667,1 1717,CWE-19,"init_ext2_xattr(void) { ext2_xattr_cache = mb_cache_create(""ext2_xattr"", 6); if (!ext2_xattr_cache) return -ENOMEM; return 0; }",visit repo url,fs/ext2/xattr.c,https://github.com/torvalds/linux,244723561047766,1 4755,['CWE-20'],"static int ext4_dquot_drop(struct inode *inode) { handle_t *handle; int ret, err; handle = ext4_journal_start(inode, 2*EXT4_QUOTA_DEL_BLOCKS(inode->i_sb)); if (IS_ERR(handle)) { dquot_drop(inode); return PTR_ERR(handle); } ret = dquot_drop(inode); err = ext4_journal_stop(handle); if (!ret) ret = err; return ret; }",linux-2.6,,,274848487598972193067947913147153767951,0 4475,CWE-476,"h2v1_merged_upsample_internal(j_decompress_ptr cinfo, JSAMPIMAGE input_buf, JDIMENSION in_row_group_ctr, JSAMPARRAY output_buf) { my_upsample_ptr upsample = (my_upsample_ptr)cinfo->upsample; register int y, cred, cgreen, cblue; int cb, cr; register JSAMPROW outptr; JSAMPROW inptr0, inptr1, inptr2; JDIMENSION col; register JSAMPLE *range_limit = cinfo->sample_range_limit; int *Crrtab = upsample->Cr_r_tab; int *Cbbtab = upsample->Cb_b_tab; JLONG *Crgtab = upsample->Cr_g_tab; JLONG *Cbgtab = upsample->Cb_g_tab; SHIFT_TEMPS inptr0 = input_buf[0][in_row_group_ctr]; inptr1 = input_buf[1][in_row_group_ctr]; inptr2 = input_buf[2][in_row_group_ctr]; outptr = output_buf[0]; for (col = cinfo->output_width >> 1; col > 0; col--) { cb = GETJSAMPLE(*inptr1++); cr = GETJSAMPLE(*inptr2++); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr0++); outptr[RGB_RED] = range_limit[y + cred]; outptr[RGB_GREEN] = range_limit[y + cgreen]; outptr[RGB_BLUE] = range_limit[y + cblue]; #ifdef RGB_ALPHA outptr[RGB_ALPHA] = 0xFF; #endif outptr += RGB_PIXELSIZE; y = GETJSAMPLE(*inptr0++); outptr[RGB_RED] = range_limit[y + cred]; outptr[RGB_GREEN] = range_limit[y + cgreen]; outptr[RGB_BLUE] = range_limit[y + cblue]; #ifdef RGB_ALPHA outptr[RGB_ALPHA] = 0xFF; #endif outptr += RGB_PIXELSIZE; } if (cinfo->output_width & 1) { cb = GETJSAMPLE(*inptr1); cr = GETJSAMPLE(*inptr2); cred = Crrtab[cr]; cgreen = (int)RIGHT_SHIFT(Cbgtab[cb] + Crgtab[cr], SCALEBITS); cblue = Cbbtab[cb]; y = GETJSAMPLE(*inptr0); outptr[RGB_RED] = range_limit[y + cred]; outptr[RGB_GREEN] = range_limit[y + cgreen]; outptr[RGB_BLUE] = range_limit[y + cblue]; #ifdef RGB_ALPHA outptr[RGB_ALPHA] = 0xFF; #endif } }",visit repo url,jdmrgext.c,https://github.com/libjpeg-turbo/libjpeg-turbo,106135924815491,1 5955,['CWE-200'],"static int if6_seq_open(struct inode *inode, struct file *file) { struct seq_file *seq; int rc = -ENOMEM; struct if6_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL); if (!s) goto out; memset(s, 0, sizeof(*s)); rc = seq_open(file, &if6_seq_ops); if (rc) goto out_kfree; seq = file->private_data; seq->private = s; out: return rc; out_kfree: kfree(s); goto out; }",linux-2.6,,,6433209826569911668822649154600543496,0 5682,['CWE-476'],"static int udpv6_setsockopt(struct sock *sk, int level, int optname, char __user *optval, int optlen) { if (level != SOL_UDP) return ipv6_setsockopt(sk, level, optname, optval, optlen); return do_udpv6_setsockopt(sk, level, optname, optval, optlen); }",linux-2.6,,,245201047381438539009129041152626932226,0 4901,['CWE-20'],"struct nfs_server *nfs_clone_server(struct nfs_server *source, struct nfs_fh *fh, struct nfs_fattr *fattr) { struct nfs_server *server; struct nfs_fattr fattr_fsinfo; int error; dprintk(""--> nfs_clone_server(,%llx:%llx,)\n"", (unsigned long long) fattr->fsid.major, (unsigned long long) fattr->fsid.minor); server = nfs_alloc_server(); if (!server) return ERR_PTR(-ENOMEM); server->nfs_client = source->nfs_client; atomic_inc(&server->nfs_client->cl_count); nfs_server_copy_userdata(server, source); server->fsid = fattr->fsid; error = nfs_init_server_rpcclient(server, source->client->cl_auth->au_flavor); if (error < 0) goto out_free_server; if (!IS_ERR(source->client_acl)) nfs_init_server_aclclient(server); error = nfs_probe_fsinfo(server, fh, &fattr_fsinfo); if (error < 0) goto out_free_server; if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN) server->namelen = NFS4_MAXNAMLEN; dprintk(""Cloned FSID: %llx:%llx\n"", (unsigned long long) server->fsid.major, (unsigned long long) server->fsid.minor); error = nfs_start_lockd(server); if (error < 0) goto out_free_server; spin_lock(&nfs_client_lock); list_add_tail(&server->client_link, &server->nfs_client->cl_superblocks); list_add_tail(&server->master_link, &nfs_volume_list); spin_unlock(&nfs_client_lock); server->mount_time = jiffies; dprintk(""<-- nfs_clone_server() = %p\n"", server); return server; out_free_server: nfs_free_server(server); dprintk(""<-- nfs_clone_server() = error %d\n"", error); return ERR_PTR(error); }",linux-2.6,,,235499069692627622631866881893294172380,0 627,CWE-200,"static int dgram_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { size_t copied = 0; int err = -EOPNOTSUPP; struct sk_buff *skb; struct sockaddr_ieee802154 *saddr; saddr = (struct sockaddr_ieee802154 *)msg->msg_name; skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; copied = skb->len; if (len < copied) { msg->msg_flags |= MSG_TRUNC; copied = len; } err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); if (err) goto done; sock_recv_ts_and_drops(msg, sk, skb); if (saddr) { saddr->family = AF_IEEE802154; saddr->addr = mac_cb(skb)->sa; } if (addr_len) *addr_len = sizeof(*saddr); if (flags & MSG_TRUNC) copied = skb->len; done: skb_free_datagram(sk, skb); out: if (err) return err; return copied; }",visit repo url,net/ieee802154/dgram.c,https://github.com/torvalds/linux,200215486943825,1 2824,CWE-125,"static UINT serial_process_irp_write(SERIAL_DEVICE* serial, IRP* irp) { UINT32 Length; UINT64 Offset; DWORD nbWritten = 0; if (Stream_GetRemainingLength(irp->input) < 32) return ERROR_INVALID_DATA; Stream_Read_UINT32(irp->input, Length); Stream_Read_UINT64(irp->input, Offset); Stream_Seek(irp->input, 20); WLog_Print(serial->log, WLOG_DEBUG, ""writing %"" PRIu32 "" bytes to %s"", Length, serial->device.name); if (CommWriteFile(serial->hComm, Stream_Pointer(irp->input), Length, &nbWritten, NULL)) { irp->IoStatus = STATUS_SUCCESS; } else { WLog_Print(serial->log, WLOG_DEBUG, ""write failure to %s, nbWritten=%"" PRIu32 "", last-error: 0x%08"" PRIX32 """", serial->device.name, nbWritten, GetLastError()); irp->IoStatus = _GetLastErrorToIoStatus(serial); } WLog_Print(serial->log, WLOG_DEBUG, ""%"" PRIu32 "" bytes written to %s"", nbWritten, serial->device.name); Stream_Write_UINT32(irp->output, nbWritten); Stream_Write_UINT8(irp->output, 0); return CHANNEL_RC_OK; }",visit repo url,channels/serial/client/serial_main.c,https://github.com/FreeRDP/FreeRDP,212214976346079,1 1670,CWE-362,"void flush_tlb_page(struct vm_area_struct *vma, unsigned long start) { struct mm_struct *mm = vma->vm_mm; preempt_disable(); if (current->active_mm == mm) { if (current->mm) __flush_tlb_one(start); else leave_mm(smp_processor_id()); } if (cpumask_any_but(mm_cpumask(mm), smp_processor_id()) < nr_cpu_ids) flush_tlb_others(mm_cpumask(mm), mm, start, 0UL); preempt_enable(); }",visit repo url,arch/x86/mm/tlb.c,https://github.com/torvalds/linux,176311333283,1 3329,CWE-119,"sf_open_virtual (SF_VIRTUAL_IO *sfvirtual, int mode, SF_INFO *sfinfo, void *user_data) { SF_PRIVATE *psf ; if (sfvirtual->get_filelen == NULL || sfvirtual->seek == NULL || sfvirtual->tell == NULL) { sf_errno = SFE_BAD_VIRTUAL_IO ; snprintf (sf_parselog, sizeof (sf_parselog), ""Bad vio_get_filelen / vio_seek / vio_tell in SF_VIRTUAL_IO struct.\n"") ; return NULL ; } ; if ((mode == SFM_READ || mode == SFM_RDWR) && sfvirtual->read == NULL) { sf_errno = SFE_BAD_VIRTUAL_IO ; snprintf (sf_parselog, sizeof (sf_parselog), ""Bad vio_read in SF_VIRTUAL_IO struct.\n"") ; return NULL ; } ; if ((mode == SFM_WRITE || mode == SFM_RDWR) && sfvirtual->write == NULL) { sf_errno = SFE_BAD_VIRTUAL_IO ; snprintf (sf_parselog, sizeof (sf_parselog), ""Bad vio_write in SF_VIRTUAL_IO struct.\n"") ; return NULL ; } ; if ((psf = calloc (1, sizeof (SF_PRIVATE))) == NULL) { sf_errno = SFE_MALLOC_FAILED ; return NULL ; } ; psf_init_files (psf) ; psf->virtual_io = SF_TRUE ; psf->vio = *sfvirtual ; psf->vio_user_data = user_data ; psf->file.mode = mode ; return psf_open_file (psf, sfinfo) ; } ",visit repo url,src/sndfile.c,https://github.com/erikd/libsndfile,96624309867762,1 3940,['CWE-362'],"static void kill_rules(struct audit_tree *tree) { struct audit_krule *rule, *next; struct audit_entry *entry; struct audit_buffer *ab; list_for_each_entry_safe(rule, next, &tree->rules, rlist) { entry = container_of(rule, struct audit_entry, rule); list_del_init(&rule->rlist); if (rule->tree) { ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); audit_log_format(ab, ""op=remove rule dir=""); audit_log_untrustedstring(ab, rule->tree->pathname); if (rule->filterkey) { audit_log_format(ab, "" key=""); audit_log_untrustedstring(ab, rule->filterkey); } else audit_log_format(ab, "" key=(null)""); audit_log_format(ab, "" list=%d res=1"", rule->listnr); audit_log_end(ab); rule->tree = NULL; list_del_rcu(&entry->list); call_rcu(&entry->rcu, audit_free_rule_rcu); } } }",linux-2.6,,,121372430154162709549199941732945051854,0 5586,CWE-125,"init_normalization(struct compiling *c) { PyObject *m = PyImport_ImportModuleNoBlock(""unicodedata""); if (!m) return 0; c->c_normalize = PyObject_GetAttrString(m, ""normalize""); Py_DECREF(m); if (!c->c_normalize) return 0; c->c_normalize_args = Py_BuildValue(""(sN)"", ""NFKC"", Py_None); if (!c->c_normalize_args) { Py_CLEAR(c->c_normalize); return 0; } PyTuple_SET_ITEM(c->c_normalize_args, 1, NULL); return 1; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,131348259617798,1 4868,['CWE-189'],"ecryptfs_write_metadata_to_contents(struct dentry *ecryptfs_dentry, char *virt, size_t virt_len) { int rc; rc = ecryptfs_write_lower(ecryptfs_dentry->d_inode, virt, 0, virt_len); if (rc) printk(KERN_ERR ""%s: Error attempting to write header "" ""information to lower file; rc = [%d]\n"", __func__, rc); return rc; }",linux-2.6,,,39007406608263614536820566580045545541,0 141,[],"static int compat_filldir(void *__buf, const char *name, int namlen, loff_t offset, u64 ino, unsigned int d_type) { struct compat_linux_dirent __user * dirent; struct compat_getdents_callback *buf = __buf; compat_ulong_t d_ino; int reclen = COMPAT_ROUND_UP(NAME_OFFSET(dirent) + namlen + 2); buf->error = -EINVAL; if (reclen > buf->count) return -EINVAL; d_ino = ino; if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) return -EOVERFLOW; dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) goto efault; } dirent = buf->current_dir; if (__put_user(d_ino, &dirent->d_ino)) goto efault; if (__put_user(reclen, &dirent->d_reclen)) goto efault; if (copy_to_user(dirent->d_name, name, namlen)) goto efault; if (__put_user(0, dirent->d_name + namlen)) goto efault; if (__put_user(d_type, (char __user *) dirent + reclen - 1)) goto efault; buf->previous = dirent; dirent = (void __user *)dirent + reclen; buf->current_dir = dirent; buf->count -= reclen; return 0; efault: buf->error = -EFAULT; return -EFAULT; }",linux-2.6,,,321528783276364145546094702380978744653,0 6048,CWE-190,"static void memory2(void) { ep2_t a[BENCH]; BENCH_FEW(""ep2_null"", ep4_null(a[i]), 1); BENCH_FEW(""ep2_new"", ep4_new(a[i]), 1); for (int i = 0; i < BENCH; i++) { ep2_free(a[i]); } for (int i = 0; i < BENCH; i++) { ep2_new(a[i]); } BENCH_FEW(""ep2_free"", ep4_free(a[i]), 1); (void)a; }",visit repo url,bench/bench_epx.c,https://github.com/relic-toolkit/relic,78783559246007,1 1082,CWE-399,"SYSCALL_DEFINE1(inotify_init1, int, flags) { struct fsnotify_group *group; struct user_struct *user; int ret; BUILD_BUG_ON(IN_CLOEXEC != O_CLOEXEC); BUILD_BUG_ON(IN_NONBLOCK != O_NONBLOCK); if (flags & ~(IN_CLOEXEC | IN_NONBLOCK)) return -EINVAL; user = get_current_user(); if (unlikely(atomic_read(&user->inotify_devs) >= inotify_max_user_instances)) { ret = -EMFILE; goto out_free_uid; } group = inotify_new_group(user, inotify_max_queued_events); if (IS_ERR(group)) { ret = PTR_ERR(group); goto out_free_uid; } atomic_inc(&user->inotify_devs); ret = anon_inode_getfd(""inotify"", &inotify_fops, group, O_RDONLY | flags); if (ret >= 0) return ret; fsnotify_put_group(group); atomic_dec(&user->inotify_devs); out_free_uid: free_uid(user); return ret; }",visit repo url,fs/notify/inotify/inotify_user.c,https://github.com/torvalds/linux,109877192103789,1 977,['CWE-189'],"ProcShmDispatch (client) register ClientPtr client; { REQUEST(xReq); switch (stuff->data) { case X_ShmQueryVersion: return ProcShmQueryVersion(client); case X_ShmAttach: return ProcShmAttach(client); case X_ShmDetach: return ProcShmDetach(client); case X_ShmPutImage: #ifdef PANORAMIX if ( !noPanoramiXExtension ) return ProcPanoramiXShmPutImage(client); #endif return ProcShmPutImage(client); case X_ShmGetImage: #ifdef PANORAMIX if ( !noPanoramiXExtension ) return ProcPanoramiXShmGetImage(client); #endif return ProcShmGetImage(client); case X_ShmCreatePixmap: #ifdef PANORAMIX if ( !noPanoramiXExtension ) return ProcPanoramiXShmCreatePixmap(client); #endif return ProcShmCreatePixmap(client); default: return BadRequest; } }",xserver,,,172747206396602401114630371155168933171,0 6728,['CWE-310'],"get_secrets_dialog_response_cb (GtkDialog *foo, gint response, gpointer user_data) { NMWifiInfo *info = user_data; NMAWirelessDialog *dialog = NMA_WIRELESS_DIALOG (info->dialog); NMAGConfConnection *gconf_connection; NMConnection *connection = NULL; NMSettingWirelessSecurity *s_wireless_sec; NMDevice *device = NULL; GHashTable *settings = NULL; const char *key_mgmt, *auth_alg; GError *error = NULL; if ((response == GTK_RESPONSE_OK) && !nma_wireless_dialog_get_nag_ignored (dialog)) { GtkWidget *widget; widget = nma_wireless_dialog_nag_user (dialog); if (widget) { gtk_window_set_transient_for (GTK_WINDOW (widget), GTK_WINDOW (dialog)); g_signal_connect (widget, ""response"", G_CALLBACK (nag_dialog_response_cb), dialog); return; } } g_object_weak_unref (G_OBJECT (info->active_connection), destroy_wifi_dialog, info); if (response != GTK_RESPONSE_OK) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_SECRETS_REQUEST_CANCELED, ""%s.%d (%s): canceled"", __FILE__, __LINE__, __func__); goto done; } connection = nma_wireless_dialog_get_connection (dialog, &device, NULL); if (!connection) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INTERNAL_ERROR, ""%s.%d (%s): couldn't get connection from wireless dialog."", __FILE__, __LINE__, __func__); goto done; } s_wireless_sec = NM_SETTING_WIRELESS_SECURITY (nm_connection_get_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY)); if (!s_wireless_sec) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, ""%s.%d (%s): requested setting '802-11-wireless-security'"" "" didn't exist in the connection."", __FILE__, __LINE__, __func__); goto done; } settings = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_hash_table_destroy); if (!settings) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INTERNAL_ERROR, ""%s.%d (%s): not enough memory to return secrets."", __FILE__, __LINE__, __func__); goto done; } key_mgmt = nm_setting_wireless_security_get_key_mgmt (s_wireless_sec); if (!strcmp (key_mgmt, ""ieee8021x"") || !strcmp (key_mgmt, ""wpa-eap"")) { auth_alg = nm_setting_wireless_security_get_auth_alg (s_wireless_sec); if (!auth_alg || strcmp (auth_alg, ""leap"")) { NMSetting8021x *s_8021x; s_8021x = (NMSetting8021x *) nm_connection_get_setting (connection, NM_TYPE_SETTING_802_1X); if (!s_8021x) { g_set_error (&error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, ""%s.%d (%s): requested setting '802-1x' didn't"" "" exist in the connection."", __FILE__, __LINE__, __func__); goto done; } if (!add_one_setting (settings, connection, NM_SETTING (s_8021x), &error)) goto done; } } if (!add_one_setting (settings, connection, NM_SETTING (s_wireless_sec), &error)) goto done; dbus_g_method_return (info->context, settings); gconf_connection = nma_gconf_settings_get_by_connection (info->applet->gconf_settings, connection); if (gconf_connection) nma_gconf_connection_save (gconf_connection); done: if (settings) g_hash_table_destroy (settings); if (error) { g_warning (""%s"", error->message); dbus_g_method_return_error (info->context, error); g_error_free (error); } if (connection) nm_connection_clear_secrets (connection); destroy_wifi_dialog (info, NULL); }",network-manager-applet,,,289032628959338054707572470676978615220,0 1476,CWE-264,"static long perf_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { struct perf_event *event = file->private_data; void (*func)(struct perf_event *); u32 flags = arg; switch (cmd) { case PERF_EVENT_IOC_ENABLE: func = perf_event_enable; break; case PERF_EVENT_IOC_DISABLE: func = perf_event_disable; break; case PERF_EVENT_IOC_RESET: func = perf_event_reset; break; case PERF_EVENT_IOC_REFRESH: return perf_event_refresh(event, arg); case PERF_EVENT_IOC_PERIOD: return perf_event_period(event, (u64 __user *)arg); case PERF_EVENT_IOC_ID: { u64 id = primary_event_id(event); if (copy_to_user((void __user *)arg, &id, sizeof(id))) return -EFAULT; return 0; } case PERF_EVENT_IOC_SET_OUTPUT: { int ret; if (arg != -1) { struct perf_event *output_event; struct fd output; ret = perf_fget_light(arg, &output); if (ret) return ret; output_event = output.file->private_data; ret = perf_event_set_output(event, output_event); fdput(output); } else { ret = perf_event_set_output(event, NULL); } return ret; } case PERF_EVENT_IOC_SET_FILTER: return perf_event_set_filter(event, (void __user *)arg); default: return -ENOTTY; } if (flags & PERF_IOC_FLAG_GROUP) perf_event_for_each(event, func); else perf_event_for_each_child(event, func); return 0; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,265320802514143,1 4416,CWE-122,"mrb_proc_copy(mrb_state *mrb, struct RProc *a, struct RProc *b) { if (a->body.irep) { return; } a->flags = b->flags; a->body = b->body; a->upper = b->upper; if (!MRB_PROC_CFUNC_P(a) && a->body.irep) { mrb_irep_incref(mrb, (mrb_irep*)a->body.irep); } a->e.env = b->e.env; }",visit repo url,src/proc.c,https://github.com/mruby/mruby,219442986094193,1 3723,[],"static struct sock *unix_find_other(struct net *net, struct sockaddr_un *sunname, int len, int type, unsigned hash, int *error) { struct sock *u; struct path path; int err = 0; if (sunname->sun_path[0]) { struct inode *inode; err = kern_path(sunname->sun_path, LOOKUP_FOLLOW, &path); if (err) goto fail; inode = path.dentry->d_inode; err = inode_permission(inode, MAY_WRITE); if (err) goto put_fail; err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; u = unix_find_socket_byinode(net, inode); if (!u) goto put_fail; if (u->sk_type == type) touch_atime(path.mnt, path.dentry); path_put(&path); err=-EPROTOTYPE; if (u->sk_type != type) { sock_put(u); goto fail; } } else { err = -ECONNREFUSED; u=unix_find_socket_byname(net, sunname, len, type, hash); if (u) { struct dentry *dentry; dentry = unix_sk(u)->dentry; if (dentry) touch_atime(unix_sk(u)->mnt, dentry); } else goto fail; } return u; put_fail: path_put(&path); fail: *error=err; return NULL; }",linux-2.6,,,82385704564630647545668816482130494895,0 30,CWE-763,"spnego_gss_inquire_context( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_name_t *src_name, gss_name_t *targ_name, OM_uint32 *lifetime_rec, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, int *opened) { OM_uint32 ret = GSS_S_COMPLETE; ret = gss_inquire_context(minor_status, context_handle, src_name, targ_name, lifetime_rec, mech_type, ctx_flags, locally_initiated, opened); return (ret); }",visit repo url,src/lib/gssapi/spnego/spnego_mech.c,https://github.com/krb5/krb5,119138052327456,1 1445,CWE-17,"void __init trap_init(void) { int i; #ifdef CONFIG_EISA void __iomem *p = early_ioremap(0x0FFFD9, 4); if (readl(p) == 'E' + ('I'<<8) + ('S'<<16) + ('A'<<24)) EISA_bus = 1; early_iounmap(p, 4); #endif set_intr_gate(X86_TRAP_DE, divide_error); set_intr_gate_ist(X86_TRAP_NMI, &nmi, NMI_STACK); set_system_intr_gate(X86_TRAP_OF, &overflow); set_intr_gate(X86_TRAP_BR, bounds); set_intr_gate(X86_TRAP_UD, invalid_op); set_intr_gate(X86_TRAP_NM, device_not_available); #ifdef CONFIG_X86_32 set_task_gate(X86_TRAP_DF, GDT_ENTRY_DOUBLEFAULT_TSS); #else set_intr_gate_ist(X86_TRAP_DF, &double_fault, DOUBLEFAULT_STACK); #endif set_intr_gate(X86_TRAP_OLD_MF, coprocessor_segment_overrun); set_intr_gate(X86_TRAP_TS, invalid_TSS); set_intr_gate(X86_TRAP_NP, segment_not_present); set_intr_gate_ist(X86_TRAP_SS, &stack_segment, STACKFAULT_STACK); set_intr_gate(X86_TRAP_GP, general_protection); set_intr_gate(X86_TRAP_SPURIOUS, spurious_interrupt_bug); set_intr_gate(X86_TRAP_MF, coprocessor_error); set_intr_gate(X86_TRAP_AC, alignment_check); #ifdef CONFIG_X86_MCE set_intr_gate_ist(X86_TRAP_MC, &machine_check, MCE_STACK); #endif set_intr_gate(X86_TRAP_XF, simd_coprocessor_error); for (i = 0; i < FIRST_EXTERNAL_VECTOR; i++) set_bit(i, used_vectors); #ifdef CONFIG_IA32_EMULATION set_system_intr_gate(IA32_SYSCALL_VECTOR, ia32_syscall); set_bit(IA32_SYSCALL_VECTOR, used_vectors); #endif #ifdef CONFIG_X86_32 set_system_trap_gate(SYSCALL_VECTOR, &system_call); set_bit(SYSCALL_VECTOR, used_vectors); #endif __set_fixmap(FIX_RO_IDT, __pa_symbol(idt_table), PAGE_KERNEL_RO); idt_descr.address = fix_to_virt(FIX_RO_IDT); cpu_init(); x86_init.irqs.trap_init(); #ifdef CONFIG_X86_64 memcpy(&debug_idt_table, &idt_table, IDT_ENTRIES * 16); set_nmi_gate(X86_TRAP_DB, &debug); set_nmi_gate(X86_TRAP_BP, &int3); #endif }",visit repo url,arch/x86/kernel/traps.c,https://github.com/torvalds/linux,4977558412746,1 4134,CWE-20,"nautilus_file_mark_desktop_file_trusted (GFile *file, GtkWindow *parent_window, gboolean interactive, NautilusOpCallback done_callback, gpointer done_callback_data) { GTask *task; MarkTrustedJob *job; job = op_job_new (MarkTrustedJob, parent_window); job->file = g_object_ref (file); job->interactive = interactive; job->done_callback = done_callback; job->done_callback_data = done_callback_data; task = g_task_new (NULL, NULL, mark_trusted_task_done, job); g_task_set_task_data (task, job, NULL); g_task_run_in_thread (task, mark_trusted_task_thread_func); g_object_unref (task); }",visit repo url,src/nautilus-file-operations.c,https://github.com/GNOME/nautilus,152479956023012,1 6093,['CWE-200'],"static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) { enum addr_type_t type = UNICAST_ADDR; return inet6_dump_addr(skb, cb, type); }",linux-2.6,,,164169883555900298047595101398748755829,0 5044,[],"static void domain_init_recv(void *private_data_data, BOOL success) { struct domain_request_state *state = talloc_get_type_abort(private_data_data, struct domain_request_state); if (!success) { DEBUG(5, (""Domain init returned an error\n"")); state->continuation(state->private_data_data, False); return; } async_request(state->mem_ctx, &state->domain->child, state->request, state->response, state->continuation, state->private_data_data); }",samba,,,309521148701808161614581971248925360452,0 4520,CWE-189,"static Fixed lsr_translate_scale(GF_LASeRCodec *lsr, u32 val) { if (val >> (lsr->coord_bits-1) ) { s32 v = val - (1<coord_bits); return INT2FIX(v) / 256 ; } else { return INT2FIX(val) / 256; } }",visit repo url,src/laser/lsr_dec.c,https://github.com/gpac/gpac,95915782955899,1 5445,['CWE-476'],"static int kvm_vcpu_ioctl_get_lapic(struct kvm_vcpu *vcpu, struct kvm_lapic_state *s) { vcpu_load(vcpu); memcpy(s->regs, vcpu->arch.apic->regs, sizeof *s); vcpu_put(vcpu); return 0; }",linux-2.6,,,203973884465632916226572031895402864747,0 2221,['CWE-193'],"int generic_file_readonly_mmap(struct file * file, struct vm_area_struct * vma) { return -ENOSYS; }",linux-2.6,,,301486038494205425750601299051361046431,0 3682,['CWE-20'],"int hfsplus_block_free(struct super_block *sb, u32 offset, u32 count) { struct page *page; struct address_space *mapping; __be32 *pptr, *curr, *end; u32 mask, len, pnr; int i; if (!count) return 0; dprint(DBG_BITMAP, ""block_free: %u,%u\n"", offset, count); if ((offset + count) > HFSPLUS_SB(sb).total_blocks) return -2; mutex_lock(&HFSPLUS_SB(sb).alloc_file->i_mutex); mapping = HFSPLUS_SB(sb).alloc_file->i_mapping; pnr = offset / PAGE_CACHE_BITS; page = read_mapping_page(mapping, pnr, NULL); pptr = kmap(page); curr = pptr + (offset & (PAGE_CACHE_BITS - 1)) / 32; end = pptr + PAGE_CACHE_BITS / 32; len = count; i = offset % 32; if (i) { int j = 32 - i; mask = 0xffffffffU << j; if (j > count) { mask |= 0xffffffffU >> (i + count); *curr++ &= cpu_to_be32(mask); goto out; } *curr++ &= cpu_to_be32(mask); count -= j; } while (1) { while (curr < end) { if (count < 32) goto done; *curr++ = 0; count -= 32; } if (!count) break; set_page_dirty(page); kunmap(page); page = read_mapping_page(mapping, ++pnr, NULL); pptr = kmap(page); curr = pptr; end = pptr + PAGE_CACHE_BITS / 32; } done: if (count) { mask = 0xffffffffU >> count; *curr &= cpu_to_be32(mask); } out: set_page_dirty(page); kunmap(page); HFSPLUS_SB(sb).free_blocks += len; sb->s_dirt = 1; mutex_unlock(&HFSPLUS_SB(sb).alloc_file->i_mutex); return 0; }",linux-2.6,,,169967728195619127181094031492794453717,0 3078,CWE-119,"static void dtls1_clear_queues(SSL *s) { pitem *item = NULL; hm_fragment *frag = NULL; DTLS1_RECORD_DATA *rdata; while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *) item->data; if (rdata->rbuf.buf) { OPENSSL_free(rdata->rbuf.buf); } OPENSSL_free(item->data); pitem_free(item); } while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *) item->data; if (rdata->rbuf.buf) { OPENSSL_free(rdata->rbuf.buf); } OPENSSL_free(item->data); pitem_free(item); } while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) { frag = (hm_fragment *)item->data; OPENSSL_free(frag->fragment); OPENSSL_free(frag); pitem_free(item); } while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) { frag = (hm_fragment *)item->data; OPENSSL_free(frag->fragment); OPENSSL_free(frag); pitem_free(item); } while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { frag = (hm_fragment *)item->data; OPENSSL_free(frag->fragment); OPENSSL_free(frag); pitem_free(item); } }",visit repo url,ssl/d1_lib.c,https://github.com/openssl/openssl,165593790987822,1 2763,['CWE-189'],"int sctp_auth_ep_add_chunkid(struct sctp_endpoint *ep, __u8 chunk_id) { struct sctp_chunks_param *p = ep->auth_chunk_list; __u16 nchunks; __u16 param_len; if (__sctp_auth_cid(chunk_id, p)) return 0; param_len = ntohs(p->param_hdr.length); nchunks = param_len - sizeof(sctp_paramhdr_t); if (nchunks == SCTP_NUM_CHUNK_TYPES) return -EINVAL; p->chunks[nchunks] = chunk_id; p->param_hdr.length = htons(param_len + 1); return 0; }",linux-2.6,,,247134331983562079934445405326311707991,0 4428,CWE-190,"mrb_vm_exec(mrb_state *mrb, struct RProc *proc, mrb_code *pc) { mrb_irep *irep = proc->body.irep; mrb_value *pool = irep->pool; mrb_sym *syms = irep->syms; mrb_code i; int ai = mrb_gc_arena_save(mrb); struct mrb_jmpbuf *prev_jmp = mrb->jmp; struct mrb_jmpbuf c_jmp; #ifdef DIRECT_THREADED static void *optable[] = { &&L_OP_NOP, &&L_OP_MOVE, &&L_OP_LOADL, &&L_OP_LOADI, &&L_OP_LOADSYM, &&L_OP_LOADNIL, &&L_OP_LOADSELF, &&L_OP_LOADT, &&L_OP_LOADF, &&L_OP_GETGLOBAL, &&L_OP_SETGLOBAL, &&L_OP_GETSPECIAL, &&L_OP_SETSPECIAL, &&L_OP_GETIV, &&L_OP_SETIV, &&L_OP_GETCV, &&L_OP_SETCV, &&L_OP_GETCONST, &&L_OP_SETCONST, &&L_OP_GETMCNST, &&L_OP_SETMCNST, &&L_OP_GETUPVAR, &&L_OP_SETUPVAR, &&L_OP_JMP, &&L_OP_JMPIF, &&L_OP_JMPNOT, &&L_OP_ONERR, &&L_OP_RESCUE, &&L_OP_POPERR, &&L_OP_RAISE, &&L_OP_EPUSH, &&L_OP_EPOP, &&L_OP_SEND, &&L_OP_SENDB, &&L_OP_FSEND, &&L_OP_CALL, &&L_OP_SUPER, &&L_OP_ARGARY, &&L_OP_ENTER, &&L_OP_KARG, &&L_OP_KDICT, &&L_OP_RETURN, &&L_OP_TAILCALL, &&L_OP_BLKPUSH, &&L_OP_ADD, &&L_OP_ADDI, &&L_OP_SUB, &&L_OP_SUBI, &&L_OP_MUL, &&L_OP_DIV, &&L_OP_EQ, &&L_OP_LT, &&L_OP_LE, &&L_OP_GT, &&L_OP_GE, &&L_OP_ARRAY, &&L_OP_ARYCAT, &&L_OP_ARYPUSH, &&L_OP_AREF, &&L_OP_ASET, &&L_OP_APOST, &&L_OP_STRING, &&L_OP_STRCAT, &&L_OP_HASH, &&L_OP_LAMBDA, &&L_OP_RANGE, &&L_OP_OCLASS, &&L_OP_CLASS, &&L_OP_MODULE, &&L_OP_EXEC, &&L_OP_METHOD, &&L_OP_SCLASS, &&L_OP_TCLASS, &&L_OP_DEBUG, &&L_OP_STOP, &&L_OP_ERR, }; #endif mrb_bool exc_catched = FALSE; RETRY_TRY_BLOCK: MRB_TRY(&c_jmp) { if (exc_catched) { exc_catched = FALSE; if (mrb->exc && mrb->exc->tt == MRB_TT_BREAK) goto L_BREAK; goto L_RAISE; } mrb->jmp = &c_jmp; mrb->c->ci->proc = proc; mrb->c->ci->nregs = irep->nregs; #define regs (mrb->c->stack) INIT_DISPATCH { CASE(OP_NOP) { NEXT; } CASE(OP_MOVE) { int a = GETARG_A(i); int b = GETARG_B(i); regs[a] = regs[b]; NEXT; } CASE(OP_LOADL) { int a = GETARG_A(i); int bx = GETARG_Bx(i); #ifdef MRB_WORD_BOXING mrb_value val = pool[bx]; #ifndef MRB_WITHOUT_FLOAT if (mrb_float_p(val)) { val = mrb_float_value(mrb, mrb_float(val)); } #endif regs[a] = val; #else regs[a] = pool[bx]; #endif NEXT; } CASE(OP_LOADI) { int a = GETARG_A(i); mrb_int bx = GETARG_sBx(i); SET_INT_VALUE(regs[a], bx); NEXT; } CASE(OP_LOADSYM) { int a = GETARG_A(i); int bx = GETARG_Bx(i); SET_SYM_VALUE(regs[a], syms[bx]); NEXT; } CASE(OP_LOADSELF) { int a = GETARG_A(i); regs[a] = regs[0]; NEXT; } CASE(OP_LOADT) { int a = GETARG_A(i); SET_TRUE_VALUE(regs[a]); NEXT; } CASE(OP_LOADF) { int a = GETARG_A(i); SET_FALSE_VALUE(regs[a]); NEXT; } CASE(OP_GETGLOBAL) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_value val = mrb_gv_get(mrb, syms[bx]); regs[a] = val; NEXT; } CASE(OP_SETGLOBAL) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_gv_set(mrb, syms[bx], regs[a]); NEXT; } CASE(OP_GETSPECIAL) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_value val = mrb_vm_special_get(mrb, bx); regs[a] = val; NEXT; } CASE(OP_SETSPECIAL) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_vm_special_set(mrb, bx, regs[a]); NEXT; } CASE(OP_GETIV) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_value val = mrb_vm_iv_get(mrb, syms[bx]); regs[a] = val; NEXT; } CASE(OP_SETIV) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_vm_iv_set(mrb, syms[bx], regs[a]); NEXT; } CASE(OP_GETCV) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_value val; ERR_PC_SET(mrb, pc); val = mrb_vm_cv_get(mrb, syms[bx]); ERR_PC_CLR(mrb); regs[a] = val; NEXT; } CASE(OP_SETCV) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_vm_cv_set(mrb, syms[bx], regs[a]); NEXT; } CASE(OP_GETCONST) { mrb_value val; int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_sym sym = syms[bx]; ERR_PC_SET(mrb, pc); val = mrb_vm_const_get(mrb, sym); ERR_PC_CLR(mrb); regs[a] = val; NEXT; } CASE(OP_SETCONST) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_vm_const_set(mrb, syms[bx], regs[a]); NEXT; } CASE(OP_GETMCNST) { mrb_value val; int a = GETARG_A(i); int bx = GETARG_Bx(i); ERR_PC_SET(mrb, pc); val = mrb_const_get(mrb, regs[a], syms[bx]); ERR_PC_CLR(mrb); regs[a] = val; NEXT; } CASE(OP_SETMCNST) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_const_set(mrb, regs[a+1], syms[bx], regs[a]); NEXT; } CASE(OP_GETUPVAR) { int a = GETARG_A(i); int b = GETARG_B(i); int c = GETARG_C(i); mrb_value *regs_a = regs + a; struct REnv *e = uvenv(mrb, c); if (!e) { *regs_a = mrb_nil_value(); } else { *regs_a = e->stack[b]; } NEXT; } CASE(OP_SETUPVAR) { int a = GETARG_A(i); int b = GETARG_B(i); int c = GETARG_C(i); struct REnv *e = uvenv(mrb, c); if (e) { mrb_value *regs_a = regs + a; if (b < MRB_ENV_STACK_LEN(e)) { e->stack[b] = *regs_a; mrb_write_barrier(mrb, (struct RBasic*)e); } } NEXT; } CASE(OP_JMP) { int sbx = GETARG_sBx(i); pc += sbx; JUMP; } CASE(OP_JMPIF) { int a = GETARG_A(i); int sbx = GETARG_sBx(i); if (mrb_test(regs[a])) { pc += sbx; JUMP; } NEXT; } CASE(OP_JMPNOT) { int a = GETARG_A(i); int sbx = GETARG_sBx(i); if (!mrb_test(regs[a])) { pc += sbx; JUMP; } NEXT; } CASE(OP_ONERR) { int sbx = GETARG_sBx(i); if (mrb->c->rsize <= mrb->c->ci->ridx) { if (mrb->c->rsize == 0) mrb->c->rsize = RESCUE_STACK_INIT_SIZE; else mrb->c->rsize *= 2; mrb->c->rescue = (mrb_code **)mrb_realloc(mrb, mrb->c->rescue, sizeof(mrb_code*) * mrb->c->rsize); } mrb->c->rescue[mrb->c->ci->ridx++] = pc + sbx; NEXT; } CASE(OP_RESCUE) { int a = GETARG_A(i); int b = GETARG_B(i); int c = GETARG_C(i); mrb_value exc; if (c == 0) { exc = mrb_obj_value(mrb->exc); mrb->exc = 0; } else { exc = regs[a]; } if (b != 0) { mrb_value e = regs[b]; struct RClass *ec; switch (mrb_type(e)) { case MRB_TT_CLASS: case MRB_TT_MODULE: break; default: { mrb_value exc; exc = mrb_exc_new_str_lit(mrb, E_TYPE_ERROR, ""class or module required for rescue clause""); mrb_exc_set(mrb, exc); goto L_RAISE; } } ec = mrb_class_ptr(e); regs[b] = mrb_bool_value(mrb_obj_is_kind_of(mrb, exc, ec)); } if (a != 0 && c == 0) { regs[a] = exc; } NEXT; } CASE(OP_POPERR) { int a = GETARG_A(i); mrb->c->ci->ridx -= a; NEXT; } CASE(OP_RAISE) { int a = GETARG_A(i); mrb_exc_set(mrb, regs[a]); goto L_RAISE; } CASE(OP_EPUSH) { int bx = GETARG_Bx(i); struct RProc *p; p = mrb_closure_new(mrb, irep->reps[bx]); if (mrb->c->esize <= mrb->c->eidx+1) { if (mrb->c->esize == 0) mrb->c->esize = ENSURE_STACK_INIT_SIZE; else mrb->c->esize *= 2; mrb->c->ensure = (struct RProc **)mrb_realloc(mrb, mrb->c->ensure, sizeof(struct RProc*) * mrb->c->esize); } mrb->c->ensure[mrb->c->eidx++] = p; mrb->c->ensure[mrb->c->eidx] = NULL; mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_EPOP) { int a = GETARG_A(i); mrb_callinfo *ci = mrb->c->ci; int n, epos = ci->epos; mrb_value self = regs[0]; struct RClass *target_class = ci->target_class; if (mrb->c->eidx <= epos) { NEXT; } if (a > mrb->c->eidx - epos) a = mrb->c->eidx - epos; pc = pc + 1; for (n=0; nc->ensure[epos+n]; mrb->c->ensure[epos+n] = NULL; if (proc == NULL) continue; irep = proc->body.irep; ci = cipush(mrb); ci->mid = ci[-1].mid; ci->argc = 0; ci->proc = proc; ci->stackent = mrb->c->stack; ci->nregs = irep->nregs; ci->target_class = target_class; ci->pc = pc; ci->acc = ci[-1].nregs; mrb->c->stack += ci->acc; stack_extend(mrb, ci->nregs); regs[0] = self; pc = irep->iseq; } pool = irep->pool; syms = irep->syms; mrb->c->eidx = epos; JUMP; } CASE(OP_LOADNIL) { int a = GETARG_A(i); SET_NIL_VALUE(regs[a]); NEXT; } CASE(OP_SENDB) { }; L_SEND: CASE(OP_SEND) { int a = GETARG_A(i); int n = GETARG_C(i); int argc = (n == CALL_MAXARGS) ? -1 : n; int bidx = (argc < 0) ? a+2 : a+n+1; mrb_method_t m; struct RClass *c; mrb_callinfo *ci = mrb->c->ci; mrb_value recv, blk; mrb_sym mid = syms[GETARG_B(i)]; mrb_assert(bidx < ci->nregs); recv = regs[a]; if (GET_OPCODE(i) != OP_SENDB) { SET_NIL_VALUE(regs[bidx]); blk = regs[bidx]; } else { blk = regs[bidx]; if (!mrb_nil_p(blk) && mrb_type(blk) != MRB_TT_PROC) { blk = mrb_convert_type(mrb, blk, MRB_TT_PROC, ""Proc"", ""to_proc""); regs[bidx] = blk; } } c = mrb_class(mrb, recv); m = mrb_method_search_vm(mrb, &c, mid); if (MRB_METHOD_UNDEF_P(m)) { mrb_sym missing = mrb_intern_lit(mrb, ""method_missing""); m = mrb_method_search_vm(mrb, &c, missing); if (MRB_METHOD_UNDEF_P(m) || (missing == mrb->c->ci->mid && mrb_obj_eq(mrb, regs[0], recv))) { mrb_value args = (argc < 0) ? regs[a+1] : mrb_ary_new_from_values(mrb, n, regs+a+1); ERR_PC_SET(mrb, pc); mrb_method_missing(mrb, mid, recv, args); } if (argc >= 0) { if (a+2 >= irep->nregs) { stack_extend(mrb, a+3); } regs[a+1] = mrb_ary_new_from_values(mrb, n, regs+a+1); regs[a+2] = blk; argc = -1; } mrb_ary_unshift(mrb, regs[a+1], mrb_symbol_value(mid)); mid = missing; } ci = cipush(mrb); ci->mid = mid; ci->stackent = mrb->c->stack; ci->target_class = c; ci->argc = argc; ci->pc = pc + 1; ci->acc = a; mrb->c->stack += a; if (MRB_METHOD_CFUNC_P(m)) { ci->nregs = (argc < 0) ? 3 : n+2; if (MRB_METHOD_PROC_P(m)) { struct RProc *p = MRB_METHOD_PROC(m); ci->proc = p; recv = p->body.func(mrb, recv); } else { recv = MRB_METHOD_FUNC(m)(mrb, recv); } mrb_gc_arena_restore(mrb, ai); mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; if (GET_OPCODE(i) == OP_SENDB) { if (mrb_type(blk) == MRB_TT_PROC) { struct RProc *p = mrb_proc_ptr(blk); if (p && !MRB_PROC_STRICT_P(p) && MRB_PROC_ENV(p) == ci[-1].env) { p->flags |= MRB_PROC_ORPHAN; } } } if (!ci->target_class) { if (ci->acc == CI_ACC_RESUMED) { mrb->jmp = prev_jmp; return recv; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } mrb->c->stack[0] = recv; mrb->c->stack = ci->stackent; pc = ci->pc; cipop(mrb); JUMP; } else { proc = ci->proc = MRB_METHOD_PROC(m); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; ci->nregs = irep->nregs; stack_extend(mrb, (argc < 0 && ci->nregs < 3) ? 3 : ci->nregs); pc = irep->iseq; JUMP; } } CASE(OP_FSEND) { NEXT; } CASE(OP_CALL) { mrb_callinfo *ci; mrb_value recv = mrb->c->stack[0]; struct RProc *m = mrb_proc_ptr(recv); ci = mrb->c->ci; ci->target_class = MRB_PROC_TARGET_CLASS(m); ci->proc = m; if (MRB_PROC_ENV_P(m)) { mrb_sym mid; struct REnv *e = MRB_PROC_ENV(m); mid = e->mid; if (mid) ci->mid = mid; if (!e->stack) { e->stack = mrb->c->stack; } } if (MRB_PROC_CFUNC_P(m)) { recv = MRB_PROC_CFUNC(m)(mrb, recv); mrb_gc_arena_restore(mrb, ai); mrb_gc_arena_shrink(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; mrb->c->stack = ci->stackent; regs[ci->acc] = recv; pc = ci->pc; cipop(mrb); irep = mrb->c->ci->proc->body.irep; pool = irep->pool; syms = irep->syms; JUMP; } else { proc = m; irep = m->body.irep; if (!irep) { mrb->c->stack[0] = mrb_nil_value(); goto L_RETURN; } pool = irep->pool; syms = irep->syms; ci->nregs = irep->nregs; stack_extend(mrb, ci->nregs); if (ci->argc < 0) { if (irep->nregs > 3) { stack_clear(regs+3, irep->nregs-3); } } else if (ci->argc+2 < irep->nregs) { stack_clear(regs+ci->argc+2, irep->nregs-ci->argc-2); } if (MRB_PROC_ENV_P(m)) { regs[0] = MRB_PROC_ENV(m)->stack[0]; } pc = irep->iseq; JUMP; } } CASE(OP_SUPER) { int a = GETARG_A(i); int n = GETARG_C(i); int argc = (n == CALL_MAXARGS) ? -1 : n; int bidx = (argc < 0) ? a+2 : a+n+1; mrb_method_t m; struct RClass *c; mrb_callinfo *ci = mrb->c->ci; mrb_value recv, blk; mrb_sym mid = ci->mid; struct RClass* target_class = MRB_PROC_TARGET_CLASS(ci->proc); mrb_assert(bidx < ci->nregs); if (mid == 0 || !target_class) { mrb_value exc = mrb_exc_new_str_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (target_class->tt == MRB_TT_MODULE) { target_class = ci->target_class; if (target_class->tt != MRB_TT_ICLASS) { mrb_value exc = mrb_exc_new_str_lit(mrb, E_RUNTIME_ERROR, ""superclass info lost [mruby limitations]""); mrb_exc_set(mrb, exc); goto L_RAISE; } } recv = regs[0]; if (!mrb_obj_is_kind_of(mrb, recv, target_class)) { mrb_value exc = mrb_exc_new_str_lit(mrb, E_TYPE_ERROR, ""self has wrong type to call super in this context""); mrb_exc_set(mrb, exc); goto L_RAISE; } blk = regs[bidx]; if (!mrb_nil_p(blk) && mrb_type(blk) != MRB_TT_PROC) { blk = mrb_convert_type(mrb, blk, MRB_TT_PROC, ""Proc"", ""to_proc""); regs[bidx] = blk; ci = mrb->c->ci; } c = target_class->super; m = mrb_method_search_vm(mrb, &c, mid); if (MRB_METHOD_UNDEF_P(m)) { mrb_sym missing = mrb_intern_lit(mrb, ""method_missing""); if (mid != missing) { c = mrb_class(mrb, recv); } m = mrb_method_search_vm(mrb, &c, missing); if (MRB_METHOD_UNDEF_P(m)) { mrb_value args = (argc < 0) ? regs[a+1] : mrb_ary_new_from_values(mrb, n, regs+a+1); ERR_PC_SET(mrb, pc); mrb_method_missing(mrb, mid, recv, args); } mid = missing; if (argc >= 0) { if (a+2 >= ci->nregs) { stack_extend(mrb, a+3); } regs[a+1] = mrb_ary_new_from_values(mrb, n, regs+a+1); regs[a+2] = blk; argc = -1; } mrb_ary_unshift(mrb, regs[a+1], mrb_symbol_value(ci->mid)); } ci = cipush(mrb); ci->mid = mid; ci->stackent = mrb->c->stack; ci->target_class = c; ci->pc = pc + 1; ci->argc = argc; mrb->c->stack += a; mrb->c->stack[0] = recv; if (MRB_METHOD_CFUNC_P(m)) { mrb_value v; ci->nregs = (argc < 0) ? 3 : n+2; if (MRB_METHOD_PROC_P(m)) { ci->proc = MRB_METHOD_PROC(m); } v = MRB_METHOD_CFUNC(m)(mrb, recv); mrb_gc_arena_restore(mrb, ai); if (mrb->exc) goto L_RAISE; ci = mrb->c->ci; if (!ci->target_class) { if (ci->acc == CI_ACC_RESUMED) { mrb->jmp = prev_jmp; return v; } else { mrb_assert(!MRB_PROC_CFUNC_P(ci[-1].proc)); proc = ci[-1].proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; } } mrb->c->stack[0] = v; mrb->c->stack = ci->stackent; pc = ci->pc; cipop(mrb); JUMP; } else { ci->acc = a; proc = ci->proc = MRB_METHOD_PROC(m); irep = proc->body.irep; pool = irep->pool; syms = irep->syms; ci->nregs = irep->nregs; stack_extend(mrb, (argc < 0 && ci->nregs < 3) ? 3 : ci->nregs); pc = irep->iseq; JUMP; } } CASE(OP_ARGARY) { int a = GETARG_A(i); int bx = GETARG_Bx(i); int m1 = (bx>>10)&0x3f; int r = (bx>>9)&0x1; int m2 = (bx>>4)&0x1f; int lv = (bx>>0)&0xf; mrb_value *stack; if (mrb->c->ci->mid == 0 || mrb->c->ci->target_class == NULL) { mrb_value exc; L_NOSUPER: exc = mrb_exc_new_str_lit(mrb, E_NOMETHOD_ERROR, ""super called outside of method""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e) goto L_NOSUPER; if (MRB_ENV_STACK_LEN(e) <= m1+r+m2+1) goto L_NOSUPER; stack = e->stack + 1; } if (r == 0) { regs[a] = mrb_ary_new_from_values(mrb, m1+m2, stack); } else { mrb_value *pp = NULL; struct RArray *rest; int len = 0; if (mrb_array_p(stack[m1])) { struct RArray *ary = mrb_ary_ptr(stack[m1]); pp = ARY_PTR(ary); len = (int)ARY_LEN(ary); } regs[a] = mrb_ary_new_capa(mrb, m1+len+m2); rest = mrb_ary_ptr(regs[a]); if (m1 > 0) { stack_copy(ARY_PTR(rest), stack, m1); } if (len > 0) { stack_copy(ARY_PTR(rest)+m1, pp, len); } if (m2 > 0) { stack_copy(ARY_PTR(rest)+m1+len, stack+m1+1, m2); } ARY_SET_LEN(rest, m1+len+m2); } regs[a+1] = stack[m1+r+m2]; mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ENTER) { mrb_aspec ax = GETARG_Ax(i); int m1 = MRB_ASPEC_REQ(ax); int o = MRB_ASPEC_OPT(ax); int r = MRB_ASPEC_REST(ax); int m2 = MRB_ASPEC_POST(ax); int argc = mrb->c->ci->argc; mrb_value *argv = regs+1; mrb_value *argv0 = argv; int len = m1 + o + r + m2; mrb_value *blk = &argv[argc < 0 ? 1 : argc]; if (argc < 0) { struct RArray *ary = mrb_ary_ptr(regs[1]); argv = ARY_PTR(ary); argc = (int)ARY_LEN(ary); mrb_gc_protect(mrb, regs[1]); } if (mrb->c->ci->proc && MRB_PROC_STRICT_P(mrb->c->ci->proc)) { if (argc >= 0) { if (argc < m1 + m2 || (r == 0 && argc > len)) { argnum_error(mrb, m1+m2); goto L_RAISE; } } } else if (len > 1 && argc == 1 && mrb_array_p(argv[0])) { mrb_gc_protect(mrb, argv[0]); argc = (int)RARRAY_LEN(argv[0]); argv = RARRAY_PTR(argv[0]); } if (argc < len) { int mlen = m2; if (argc < m1+m2) { if (m1 < argc) mlen = argc - m1; else mlen = 0; } regs[len+1] = *blk; SET_NIL_VALUE(regs[argc+1]); if (argv0 != argv) { value_move(®s[1], argv, argc-mlen); } if (argc < m1) { stack_clear(®s[argc+1], m1-argc); } if (mlen) { value_move(®s[len-m2+1], &argv[argc-mlen], mlen); } if (mlen < m2) { stack_clear(®s[len-m2+mlen+1], m2-mlen); } if (r) { regs[m1+o+1] = mrb_ary_new_capa(mrb, 0); } if (o == 0 || argc < m1+m2) pc++; else pc += argc - m1 - m2 + 1; } else { int rnum = 0; if (argv0 != argv) { regs[len+1] = *blk; value_move(®s[1], argv, m1+o); } if (r) { rnum = argc-m1-o-m2; regs[m1+o+1] = mrb_ary_new_from_values(mrb, rnum, argv+m1+o); } if (m2) { if (argc-m2 > m1) { value_move(®s[m1+o+r+1], &argv[m1+o+rnum], m2); } } if (argv0 == argv) { regs[len+1] = *blk; } pc += o + 1; } mrb->c->ci->argc = len; if (irep->nlocals-len-2 > 0) { stack_clear(®s[len+2], irep->nlocals-len-2); } JUMP; } CASE(OP_KARG) { NEXT; } CASE(OP_KDICT) { NEXT; } L_RETURN: i = MKOP_AB(OP_RETURN, GETARG_A(i), OP_R_NORMAL); CASE(OP_RETURN) { mrb_callinfo *ci; #define ecall_adjust() do {\ ptrdiff_t cioff = ci - mrb->c->cibase;\ ecall(mrb);\ ci = mrb->c->cibase + cioff;\ } while (0) ci = mrb->c->ci; if (ci->mid) { mrb_value blk; if (ci->argc < 0) { blk = regs[2]; } else { blk = regs[ci->argc+1]; } if (mrb_type(blk) == MRB_TT_PROC) { struct RProc *p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p) && ci > mrb->c->cibase && MRB_PROC_ENV(p) == ci[-1].env) { p->flags |= MRB_PROC_ORPHAN; } } } if (mrb->exc) { mrb_callinfo *ci0; L_RAISE: ci0 = ci = mrb->c->ci; if (ci == mrb->c->cibase) { if (ci->ridx == 0) goto L_FTOP; goto L_RESCUE; } while (ci[0].ridx == ci[-1].ridx) { cipop(mrb); mrb->c->stack = ci->stackent; if (ci->acc == CI_ACC_SKIP && prev_jmp) { mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } ci = mrb->c->ci; if (ci == mrb->c->cibase) { if (ci->ridx == 0) { L_FTOP: if (mrb->c == mrb->root_c) { mrb->c->stack = mrb->c->stbase; goto L_STOP; } else { struct mrb_context *c = mrb->c; while (c->eidx > ci->epos) { ecall_adjust(); } if (c->fib) { mrb_write_barrier(mrb, (struct RBasic*)c->fib); } mrb->c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; c->prev = NULL; goto L_RAISE; } } break; } if (ci[0].ridx == ci[-1].ridx) { while (mrb->c->eidx > ci->epos) { ecall_adjust(); } } } L_RESCUE: if (ci->ridx == 0) goto L_STOP; proc = ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; if (ci < ci0) { mrb->c->stack = ci[1].stackent; } stack_extend(mrb, irep->nregs); pc = mrb->c->rescue[--ci->ridx]; } else { int acc; mrb_value v; struct RProc *dst; ci = mrb->c->ci; v = regs[GETARG_A(i)]; mrb_gc_protect(mrb, v); switch (GETARG_B(i)) { case OP_R_RETURN: if (ci->acc >=0 && MRB_PROC_ENV_P(proc) && !MRB_PROC_STRICT_P(proc)) { mrb_callinfo *cibase = mrb->c->cibase; dst = top_proc(mrb, proc); if (MRB_PROC_ENV_P(dst)) { struct REnv *e = MRB_PROC_ENV(dst); if (!MRB_ENV_STACK_SHARED_P(e) || e->cxt != mrb->c) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } } while (cibase <= ci && ci->proc != dst) { if (ci->acc < 0) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } ci--; } if (ci <= cibase) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } break; } case OP_R_NORMAL: NORMAL_RETURN: if (ci == mrb->c->cibase) { struct mrb_context *c; if (!mrb->c->prev) { localjump_error(mrb, LOCALJUMP_ERROR_RETURN); goto L_RAISE; } if (mrb->c->prev->ci == mrb->c->prev->cibase) { mrb_value exc = mrb_exc_new_str_lit(mrb, E_FIBER_ERROR, ""double resume""); mrb_exc_set(mrb, exc); goto L_RAISE; } while (mrb->c->eidx > 0) { ecall(mrb); } c = mrb->c; c->status = MRB_FIBER_TERMINATED; mrb->c = c->prev; c->prev = NULL; mrb->c->status = MRB_FIBER_RUNNING; ci = mrb->c->ci; } break; case OP_R_BREAK: if (MRB_PROC_STRICT_P(proc)) goto NORMAL_RETURN; if (MRB_PROC_ORPHAN_P(proc)) { mrb_value exc; L_BREAK_ERROR: exc = mrb_exc_new_str_lit(mrb, E_LOCALJUMP_ERROR, ""break from proc-closure""); mrb_exc_set(mrb, exc); goto L_RAISE; } if (!MRB_PROC_ENV_P(proc) || !MRB_ENV_STACK_SHARED_P(MRB_PROC_ENV(proc))) { goto L_BREAK_ERROR; } else { struct REnv *e = MRB_PROC_ENV(proc); if (e == mrb->c->cibase->env && proc != mrb->c->cibase->proc) { goto L_BREAK_ERROR; } if (e->cxt != mrb->c) { goto L_BREAK_ERROR; } } while (mrb->c->eidx > mrb->c->ci->epos) { ecall_adjust(); } if (ci == mrb->c->cibase && ci->pc) { struct mrb_context *c = mrb->c; mrb->c = c->prev; c->prev = NULL; ci = mrb->c->ci; } if (ci->acc < 0) { mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->exc = (struct RObject*)break_new(mrb, proc, v); mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } if (FALSE) { L_BREAK: v = ((struct RBreak*)mrb->exc)->val; proc = ((struct RBreak*)mrb->exc)->proc; mrb->exc = NULL; ci = mrb->c->ci; } mrb->c->stack = ci->stackent; proc = proc->upper; while (mrb->c->cibase < ci && ci[-1].proc != proc) { if (ci[-1].acc == CI_ACC_SKIP) { while (ci < mrb->c->ci) { cipop(mrb); } goto L_BREAK_ERROR; } ci--; } if (ci == mrb->c->cibase) { goto L_BREAK_ERROR; } break; default: break; } while (ci < mrb->c->ci) { cipop(mrb); } ci[0].ridx = ci[-1].ridx; while (mrb->c->eidx > ci->epos) { ecall_adjust(); } if (mrb->c->vmexec && !ci->target_class) { mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; mrb->jmp = prev_jmp; return v; } acc = ci->acc; mrb->c->stack = ci->stackent; cipop(mrb); if (acc == CI_ACC_SKIP || acc == CI_ACC_DIRECT) { mrb_gc_arena_restore(mrb, ai); mrb->jmp = prev_jmp; return v; } pc = ci->pc; ci = mrb->c->ci; DEBUG(fprintf(stderr, ""from :%s\n"", mrb_sym2name(mrb, ci->mid))); proc = mrb->c->ci->proc; irep = proc->body.irep; pool = irep->pool; syms = irep->syms; regs[acc] = v; mrb_gc_arena_restore(mrb, ai); } JUMP; } CASE(OP_TAILCALL) { int a = GETARG_A(i); int b = GETARG_B(i); int n = GETARG_C(i); mrb_method_t m; struct RClass *c; mrb_callinfo *ci; mrb_value recv; mrb_sym mid = syms[b]; recv = regs[a]; c = mrb_class(mrb, recv); m = mrb_method_search_vm(mrb, &c, mid); if (MRB_METHOD_UNDEF_P(m)) { mrb_value sym = mrb_symbol_value(mid); mrb_sym missing = mrb_intern_lit(mrb, ""method_missing""); m = mrb_method_search_vm(mrb, &c, missing); if (MRB_METHOD_UNDEF_P(m)) { mrb_value args; if (n == CALL_MAXARGS) { args = regs[a+1]; } else { args = mrb_ary_new_from_values(mrb, n, regs+a+1); } ERR_PC_SET(mrb, pc); mrb_method_missing(mrb, mid, recv, args); } mid = missing; if (n == CALL_MAXARGS) { mrb_ary_unshift(mrb, regs[a+1], sym); } else { value_move(regs+a+2, regs+a+1, ++n); regs[a+1] = sym; } } ci = mrb->c->ci; ci->mid = mid; ci->target_class = c; if (n == CALL_MAXARGS) { ci->argc = -1; } else { ci->argc = n; } value_move(mrb->c->stack, ®s[a], ci->argc+1); if (MRB_METHOD_CFUNC_P(m)) { mrb_value v = MRB_METHOD_CFUNC(m)(mrb, recv); mrb->c->stack[0] = v; mrb_gc_arena_restore(mrb, ai); goto L_RETURN; } else { struct RProc *p = MRB_METHOD_PROC(m); irep = p->body.irep; pool = irep->pool; syms = irep->syms; if (ci->argc < 0) { stack_extend(mrb, (irep->nregs < 3) ? 3 : irep->nregs); } else { stack_extend(mrb, irep->nregs); } pc = irep->iseq; } JUMP; } CASE(OP_BLKPUSH) { int a = GETARG_A(i); int bx = GETARG_Bx(i); int m1 = (bx>>10)&0x3f; int r = (bx>>9)&0x1; int m2 = (bx>>4)&0x1f; int lv = (bx>>0)&0xf; mrb_value *stack; if (lv == 0) stack = regs + 1; else { struct REnv *e = uvenv(mrb, lv-1); if (!e || (!MRB_ENV_STACK_SHARED_P(e) && e->mid == 0) || MRB_ENV_STACK_LEN(e) <= m1+r+m2+1) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } stack = e->stack + 1; } if (mrb_nil_p(stack[m1+r+m2])) { localjump_error(mrb, LOCALJUMP_ERROR_YIELD); goto L_RAISE; } regs[a] = stack[m1+r+m2]; NEXT; } #define TYPES2(a,b) ((((uint16_t)(a))<<8)|(((uint16_t)(b))&0xff)) #define OP_MATH_BODY(op,v1,v2) do {\ v1(regs[a]) = v1(regs[a]) op v2(regs[a+1]);\ } while(0) CASE(OP_ADD) { int a = GETARG_A(i); switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_FIXNUM,MRB_TT_FIXNUM): { mrb_int x, y, z; mrb_value *regs_a = regs + a; x = mrb_fixnum(regs_a[0]); y = mrb_fixnum(regs_a[1]); if (mrb_int_add_overflow(x, y, &z)) { #ifndef MRB_WITHOUT_FLOAT SET_FLOAT_VALUE(mrb, regs_a[0], (mrb_float)x + (mrb_float)y); break; #endif } SET_INT_VALUE(regs[a], z); } break; #ifndef MRB_WITHOUT_FLOAT case TYPES2(MRB_TT_FIXNUM,MRB_TT_FLOAT): { mrb_int x = mrb_fixnum(regs[a]); mrb_float y = mrb_float(regs[a+1]); SET_FLOAT_VALUE(mrb, regs[a], (mrb_float)x + y); } break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FIXNUM): #ifdef MRB_WORD_BOXING { mrb_float x = mrb_float(regs[a]); mrb_int y = mrb_fixnum(regs[a+1]); SET_FLOAT_VALUE(mrb, regs[a], x + y); } #else OP_MATH_BODY(+,mrb_float,mrb_fixnum); #endif break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): #ifdef MRB_WORD_BOXING { mrb_float x = mrb_float(regs[a]); mrb_float y = mrb_float(regs[a+1]); SET_FLOAT_VALUE(mrb, regs[a], x + y); } #else OP_MATH_BODY(+,mrb_float,mrb_float); #endif break; #endif case TYPES2(MRB_TT_STRING,MRB_TT_STRING): regs[a] = mrb_str_plus(mrb, regs[a], regs[a+1]); break; default: goto L_SEND; } mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_SUB) { int a = GETARG_A(i); switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_FIXNUM,MRB_TT_FIXNUM): { mrb_int x, y, z; x = mrb_fixnum(regs[a]); y = mrb_fixnum(regs[a+1]); if (mrb_int_sub_overflow(x, y, &z)) { #ifndef MRB_WITHOUT_FLOAT SET_FLOAT_VALUE(mrb, regs[a], (mrb_float)x - (mrb_float)y); break; #endif } SET_INT_VALUE(regs[a], z); } break; #ifndef MRB_WITHOUT_FLOAT case TYPES2(MRB_TT_FIXNUM,MRB_TT_FLOAT): { mrb_int x = mrb_fixnum(regs[a]); mrb_float y = mrb_float(regs[a+1]); SET_FLOAT_VALUE(mrb, regs[a], (mrb_float)x - y); } break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FIXNUM): #ifdef MRB_WORD_BOXING { mrb_float x = mrb_float(regs[a]); mrb_int y = mrb_fixnum(regs[a+1]); SET_FLOAT_VALUE(mrb, regs[a], x - y); } #else OP_MATH_BODY(-,mrb_float,mrb_fixnum); #endif break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): #ifdef MRB_WORD_BOXING { mrb_float x = mrb_float(regs[a]); mrb_float y = mrb_float(regs[a+1]); SET_FLOAT_VALUE(mrb, regs[a], x - y); } #else OP_MATH_BODY(-,mrb_float,mrb_float); #endif break; #endif default: goto L_SEND; } NEXT; } CASE(OP_MUL) { int a = GETARG_A(i); switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_FIXNUM,MRB_TT_FIXNUM): { mrb_int x, y, z; x = mrb_fixnum(regs[a]); y = mrb_fixnum(regs[a+1]); if (mrb_int_mul_overflow(x, y, &z)) { #ifndef MRB_WITHOUT_FLOAT SET_FLOAT_VALUE(mrb, regs[a], (mrb_float)x * (mrb_float)y); break; #endif } SET_INT_VALUE(regs[a], z); } break; #ifndef MRB_WITHOUT_FLOAT case TYPES2(MRB_TT_FIXNUM,MRB_TT_FLOAT): { mrb_int x = mrb_fixnum(regs[a]); mrb_float y = mrb_float(regs[a+1]); SET_FLOAT_VALUE(mrb, regs[a], (mrb_float)x * y); } break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FIXNUM): #ifdef MRB_WORD_BOXING { mrb_float x = mrb_float(regs[a]); mrb_int y = mrb_fixnum(regs[a+1]); SET_FLOAT_VALUE(mrb, regs[a], x * y); } #else OP_MATH_BODY(*,mrb_float,mrb_fixnum); #endif break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): #ifdef MRB_WORD_BOXING { mrb_float x = mrb_float(regs[a]); mrb_float y = mrb_float(regs[a+1]); SET_FLOAT_VALUE(mrb, regs[a], x * y); } #else OP_MATH_BODY(*,mrb_float,mrb_float); #endif break; #endif default: goto L_SEND; } NEXT; } CASE(OP_DIV) { int a = GETARG_A(i); #ifndef MRB_WITHOUT_FLOAT double x, y, f; #endif switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) { case TYPES2(MRB_TT_FIXNUM,MRB_TT_FIXNUM): #ifdef MRB_WITHOUT_FLOAT { mrb_int x = mrb_fixnum(regs[a]); mrb_int y = mrb_fixnum(regs[a+1]); SET_INT_VALUE(regs[a], y ? x / y : 0); } break; #else x = (mrb_float)mrb_fixnum(regs[a]); y = (mrb_float)mrb_fixnum(regs[a+1]); break; case TYPES2(MRB_TT_FIXNUM,MRB_TT_FLOAT): x = (mrb_float)mrb_fixnum(regs[a]); y = mrb_float(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FIXNUM): x = mrb_float(regs[a]); y = (mrb_float)mrb_fixnum(regs[a+1]); break; case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT): x = mrb_float(regs[a]); y = mrb_float(regs[a+1]); break; #endif default: goto L_SEND; } #ifndef MRB_WITHOUT_FLOAT if (y == 0) { if (x > 0) f = INFINITY; else if (x < 0) f = -INFINITY; else f = NAN; } else { f = x / y; } SET_FLOAT_VALUE(mrb, regs[a], f); #endif NEXT; } CASE(OP_ADDI) { int a = GETARG_A(i); switch (mrb_type(regs[a])) { case MRB_TT_FIXNUM: { mrb_int x = mrb_fixnum(regs[a]); mrb_int y = GETARG_C(i); mrb_int z; if (mrb_int_add_overflow(x, y, &z)) { #ifndef MRB_WITHOUT_FLOAT SET_FLOAT_VALUE(mrb, regs[a], (mrb_float)x + (mrb_float)y); break; #endif } SET_INT_VALUE(regs[a], z); } break; #ifndef MRB_WITHOUT_FLOAT case MRB_TT_FLOAT: #ifdef MRB_WORD_BOXING { mrb_float x = mrb_float(regs[a]); SET_FLOAT_VALUE(mrb, regs[a], x + GETARG_C(i)); } #else mrb_float(regs[a]) += GETARG_C(i); #endif break; #endif default: SET_INT_VALUE(regs[a+1], GETARG_C(i)); i = MKOP_ABC(OP_SEND, a, GETARG_B(i), 1); goto L_SEND; } NEXT; } CASE(OP_SUBI) { int a = GETARG_A(i); mrb_value *regs_a = regs + a; switch (mrb_type(regs_a[0])) { case MRB_TT_FIXNUM: { mrb_int x = mrb_fixnum(regs_a[0]); mrb_int y = GETARG_C(i); mrb_int z; if (mrb_int_sub_overflow(x, y, &z)) { #ifndef MRB_WITHOUT_FLOAT SET_FLOAT_VALUE(mrb, regs_a[0], (mrb_float)x - (mrb_float)y); break; #endif } SET_INT_VALUE(regs_a[0], z); } break; #ifndef MRB_WITHOUT_FLOAT case MRB_TT_FLOAT: #ifdef MRB_WORD_BOXING { mrb_float x = mrb_float(regs[a]); SET_FLOAT_VALUE(mrb, regs[a], x - GETARG_C(i)); } #else mrb_float(regs_a[0]) -= GETARG_C(i); #endif break; #endif default: SET_INT_VALUE(regs_a[1], GETARG_C(i)); i = MKOP_ABC(OP_SEND, a, GETARG_B(i), 1); goto L_SEND; } NEXT; } #define OP_CMP_BODY(op,v1,v2) (v1(regs[a]) op v2(regs[a+1])) #ifdef MRB_WITHOUT_FLOAT #define OP_CMP(op) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_FIXNUM,MRB_TT_FIXNUM):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ default:\ goto L_SEND;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #else #define OP_CMP(op) do {\ int result;\ \ switch (TYPES2(mrb_type(regs[a]),mrb_type(regs[a+1]))) {\ case TYPES2(MRB_TT_FIXNUM,MRB_TT_FIXNUM):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_FIXNUM,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_fixnum,mrb_float);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_FIXNUM):\ result = OP_CMP_BODY(op,mrb_float,mrb_fixnum);\ break;\ case TYPES2(MRB_TT_FLOAT,MRB_TT_FLOAT):\ result = OP_CMP_BODY(op,mrb_float,mrb_float);\ break;\ default:\ goto L_SEND;\ }\ if (result) {\ SET_TRUE_VALUE(regs[a]);\ }\ else {\ SET_FALSE_VALUE(regs[a]);\ }\ } while(0) #endif CASE(OP_EQ) { int a = GETARG_A(i); if (mrb_obj_eq(mrb, regs[a], regs[a+1])) { SET_TRUE_VALUE(regs[a]); } else { OP_CMP(==); } NEXT; } CASE(OP_LT) { int a = GETARG_A(i); OP_CMP(<); NEXT; } CASE(OP_LE) { int a = GETARG_A(i); OP_CMP(<=); NEXT; } CASE(OP_GT) { int a = GETARG_A(i); OP_CMP(>); NEXT; } CASE(OP_GE) { int a = GETARG_A(i); OP_CMP(>=); NEXT; } CASE(OP_ARRAY) { int a = GETARG_A(i); int b = GETARG_B(i); int c = GETARG_C(i); mrb_value v = mrb_ary_new_from_values(mrb, c, ®s[b]); regs[a] = v; mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYCAT) { int a = GETARG_A(i); int b = GETARG_B(i); mrb_value splat = mrb_ary_splat(mrb, regs[b]); mrb_ary_concat(mrb, regs[a], splat); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_ARYPUSH) { int a = GETARG_A(i); int b = GETARG_B(i); mrb_ary_push(mrb, regs[a], regs[b]); NEXT; } CASE(OP_AREF) { int a = GETARG_A(i); int b = GETARG_B(i); int c = GETARG_C(i); mrb_value v = regs[b]; if (!mrb_array_p(v)) { if (c == 0) { regs[a] = v; } else { SET_NIL_VALUE(regs[a]); } } else { v = mrb_ary_ref(mrb, v, c); regs[a] = v; } NEXT; } CASE(OP_ASET) { int a = GETARG_A(i); int b = GETARG_B(i); int c = GETARG_C(i); mrb_ary_set(mrb, regs[b], c, regs[a]); NEXT; } CASE(OP_APOST) { int a = GETARG_A(i); mrb_value v = regs[a]; int pre = GETARG_B(i); int post = GETARG_C(i); struct RArray *ary; int len, idx; if (!mrb_array_p(v)) { v = mrb_ary_new_from_values(mrb, 1, ®s[a]); } ary = mrb_ary_ptr(v); len = (int)ARY_LEN(ary); if (len > pre + post) { v = mrb_ary_new_from_values(mrb, len - pre - post, ARY_PTR(ary)+pre); regs[a++] = v; while (post--) { regs[a++] = ARY_PTR(ary)[len-post-1]; } } else { v = mrb_ary_new_capa(mrb, 0); regs[a++] = v; for (idx=0; idx+prereps[b]; if (c & OP_L_CAPTURE) { p = mrb_closure_new(mrb, nirep); } else { p = mrb_proc_new(mrb, nirep); p->flags |= MRB_PROC_SCOPE; } if (c & OP_L_STRICT) p->flags |= MRB_PROC_STRICT; regs[a] = mrb_obj_value(p); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_OCLASS) { regs[GETARG_A(i)] = mrb_obj_value(mrb->object_class); NEXT; } CASE(OP_CLASS) { struct RClass *c = 0, *baseclass; int a = GETARG_A(i); mrb_value base, super; mrb_sym id = syms[GETARG_B(i)]; base = regs[a]; super = regs[a+1]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); base = mrb_obj_value(baseclass); } c = mrb_vm_define_class(mrb, base, super, id); regs[a] = mrb_obj_value(c); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_MODULE) { struct RClass *c = 0, *baseclass; int a = GETARG_A(i); mrb_value base; mrb_sym id = syms[GETARG_B(i)]; base = regs[a]; if (mrb_nil_p(base)) { baseclass = MRB_PROC_TARGET_CLASS(mrb->c->ci->proc); base = mrb_obj_value(baseclass); } c = mrb_vm_define_module(mrb, base, id); regs[a] = mrb_obj_value(c); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_EXEC) { int a = GETARG_A(i); int bx = GETARG_Bx(i); mrb_callinfo *ci; mrb_value recv = regs[a]; struct RProc *p; mrb_irep *nirep = irep->reps[bx]; p = mrb_proc_new(mrb, nirep); p->c = NULL; mrb_field_write_barrier(mrb, (struct RBasic*)p, (struct RBasic*)proc); MRB_PROC_SET_TARGET_CLASS(p, mrb_class_ptr(recv)); p->flags |= MRB_PROC_SCOPE; ci = cipush(mrb); ci->pc = pc + 1; ci->acc = a; ci->mid = 0; ci->stackent = mrb->c->stack; ci->argc = 0; ci->target_class = mrb_class_ptr(recv); mrb->c->stack += a; ci->proc = p; irep = p->body.irep; pool = irep->pool; syms = irep->syms; ci->nregs = irep->nregs; stack_extend(mrb, ci->nregs); stack_clear(regs+1, ci->nregs-1); pc = irep->iseq; JUMP; } CASE(OP_METHOD) { int a = GETARG_A(i); struct RClass *c = mrb_class_ptr(regs[a]); struct RProc *p = mrb_proc_ptr(regs[a+1]); mrb_method_t m; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, c, syms[GETARG_B(i)], m); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_SCLASS) { int a = GETARG_A(i); int b = GETARG_B(i); regs[a] = mrb_singleton_class(mrb, regs[b]); mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_TCLASS) { if (!mrb->c->ci->target_class) { mrb_value exc = mrb_exc_new_str_lit(mrb, E_TYPE_ERROR, ""no target class or module""); mrb_exc_set(mrb, exc); goto L_RAISE; } regs[GETARG_A(i)] = mrb_obj_value(mrb->c->ci->target_class); NEXT; } CASE(OP_RANGE) { int b = GETARG_B(i); mrb_value val = mrb_range_new(mrb, regs[b], regs[b+1], GETARG_C(i)); regs[GETARG_A(i)] = val; mrb_gc_arena_restore(mrb, ai); NEXT; } CASE(OP_DEBUG) { #ifdef MRB_ENABLE_DEBUG_HOOK mrb->debug_op_hook(mrb, irep, pc, regs); #else #ifndef MRB_DISABLE_STDIO printf(""OP_DEBUG %d %d %d\n"", GETARG_A(i), GETARG_B(i), GETARG_C(i)); #else abort(); #endif #endif NEXT; } CASE(OP_STOP) { L_STOP: while (mrb->c->eidx > 0) { ecall(mrb); } ERR_PC_CLR(mrb); mrb->jmp = prev_jmp; if (mrb->exc) { return mrb_obj_value(mrb->exc); } return regs[irep->nlocals]; } CASE(OP_ERR) { mrb_value msg = mrb_str_dup(mrb, pool[GETARG_Bx(i)]); mrb_value exc; if (GETARG_A(i) == 0) { exc = mrb_exc_new_str(mrb, E_RUNTIME_ERROR, msg); } else { exc = mrb_exc_new_str(mrb, E_LOCALJUMP_ERROR, msg); } ERR_PC_SET(mrb, pc); mrb_exc_set(mrb, exc); goto L_RAISE; } } END_DISPATCH; #undef regs } MRB_CATCH(&c_jmp) { exc_catched = TRUE; goto RETRY_TRY_BLOCK; } MRB_END_EXC(&c_jmp); }",visit repo url,src/vm.c,https://github.com/mruby/mruby,134253608707353,1 4096,CWE-835,"_client_protocol_timeout (GsmXSMPClient *client) { g_debug (""GsmXSMPClient: client_protocol_timeout for client '%s' in ICE status %d"", client->priv->description, IceConnectionStatus (client->priv->ice_connection)); gsm_client_set_status (GSM_CLIENT (client), GSM_CLIENT_FAILED); gsm_client_disconnected (GSM_CLIENT (client)); return FALSE; }",visit repo url,gnome-session/gsm-xsmp-client.c,https://github.com/GNOME/gnome-session,140213582884921,1 4999,['CWE-346'],"int udev_monitor_get_fd(struct udev_monitor *udev_monitor) { if (udev_monitor == NULL) return -1; return udev_monitor->sock; }",udev,,,104243257241765860075083604316536032259,0 3251,CWE-125,"pgm_print(netdissect_options *ndo, register const u_char *bp, register u_int length, register const u_char *bp2) { register const struct pgm_header *pgm; register const struct ip *ip; register char ch; uint16_t sport, dport; u_int nla_afnum; char nla_buf[INET6_ADDRSTRLEN]; register const struct ip6_hdr *ip6; uint8_t opt_type, opt_len; uint32_t seq, opts_len, len, offset; pgm = (const struct pgm_header *)bp; ip = (const struct ip *)bp2; if (IP_V(ip) == 6) ip6 = (const struct ip6_hdr *)bp2; else ip6 = NULL; ch = '\0'; if (!ND_TTEST(pgm->pgm_dport)) { if (ip6) { ND_PRINT((ndo, ""%s > %s: [|pgm]"", ip6addr_string(ndo, &ip6->ip6_src), ip6addr_string(ndo, &ip6->ip6_dst))); return; } else { ND_PRINT((ndo, ""%s > %s: [|pgm]"", ipaddr_string(ndo, &ip->ip_src), ipaddr_string(ndo, &ip->ip_dst))); return; } } sport = EXTRACT_16BITS(&pgm->pgm_sport); dport = EXTRACT_16BITS(&pgm->pgm_dport); if (ip6) { if (ip6->ip6_nxt == IPPROTO_PGM) { ND_PRINT((ndo, ""%s.%s > %s.%s: "", ip6addr_string(ndo, &ip6->ip6_src), tcpport_string(ndo, sport), ip6addr_string(ndo, &ip6->ip6_dst), tcpport_string(ndo, dport))); } else { ND_PRINT((ndo, ""%s > %s: "", tcpport_string(ndo, sport), tcpport_string(ndo, dport))); } } else { if (ip->ip_p == IPPROTO_PGM) { ND_PRINT((ndo, ""%s.%s > %s.%s: "", ipaddr_string(ndo, &ip->ip_src), tcpport_string(ndo, sport), ipaddr_string(ndo, &ip->ip_dst), tcpport_string(ndo, dport))); } else { ND_PRINT((ndo, ""%s > %s: "", tcpport_string(ndo, sport), tcpport_string(ndo, dport))); } } ND_TCHECK(*pgm); ND_PRINT((ndo, ""PGM, length %u"", EXTRACT_16BITS(&pgm->pgm_length))); if (!ndo->ndo_vflag) return; ND_PRINT((ndo, "" 0x%02x%02x%02x%02x%02x%02x "", pgm->pgm_gsid[0], pgm->pgm_gsid[1], pgm->pgm_gsid[2], pgm->pgm_gsid[3], pgm->pgm_gsid[4], pgm->pgm_gsid[5])); switch (pgm->pgm_type) { case PGM_SPM: { const struct pgm_spm *spm; spm = (const struct pgm_spm *)(pgm + 1); ND_TCHECK(*spm); bp = (const u_char *) (spm + 1); switch (EXTRACT_16BITS(&spm->pgms_nla_afi)) { case AFNUM_INET: ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); break; case AFNUM_INET6: ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); break; default: goto trunc; break; } ND_PRINT((ndo, ""SPM seq %u trail %u lead %u nla %s"", EXTRACT_32BITS(&spm->pgms_seq), EXTRACT_32BITS(&spm->pgms_trailseq), EXTRACT_32BITS(&spm->pgms_leadseq), nla_buf)); break; } case PGM_POLL: { const struct pgm_poll *poll_msg; poll_msg = (const struct pgm_poll *)(pgm + 1); ND_TCHECK(*poll_msg); ND_PRINT((ndo, ""POLL seq %u round %u"", EXTRACT_32BITS(&poll_msg->pgmp_seq), EXTRACT_16BITS(&poll_msg->pgmp_round))); bp = (const u_char *) (poll_msg + 1); break; } case PGM_POLR: { const struct pgm_polr *polr; uint32_t ivl, rnd, mask; polr = (const struct pgm_polr *)(pgm + 1); ND_TCHECK(*polr); bp = (const u_char *) (polr + 1); switch (EXTRACT_16BITS(&polr->pgmp_nla_afi)) { case AFNUM_INET: ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); break; case AFNUM_INET6: ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); break; default: goto trunc; break; } ND_TCHECK2(*bp, sizeof(uint32_t)); ivl = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_TCHECK2(*bp, sizeof(uint32_t)); rnd = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_TCHECK2(*bp, sizeof(uint32_t)); mask = EXTRACT_32BITS(bp); bp += sizeof(uint32_t); ND_PRINT((ndo, ""POLR seq %u round %u nla %s ivl %u rnd 0x%08x "" ""mask 0x%08x"", EXTRACT_32BITS(&polr->pgmp_seq), EXTRACT_16BITS(&polr->pgmp_round), nla_buf, ivl, rnd, mask)); break; } case PGM_ODATA: { const struct pgm_data *odata; odata = (const struct pgm_data *)(pgm + 1); ND_TCHECK(*odata); ND_PRINT((ndo, ""ODATA trail %u seq %u"", EXTRACT_32BITS(&odata->pgmd_trailseq), EXTRACT_32BITS(&odata->pgmd_seq))); bp = (const u_char *) (odata + 1); break; } case PGM_RDATA: { const struct pgm_data *rdata; rdata = (const struct pgm_data *)(pgm + 1); ND_TCHECK(*rdata); ND_PRINT((ndo, ""RDATA trail %u seq %u"", EXTRACT_32BITS(&rdata->pgmd_trailseq), EXTRACT_32BITS(&rdata->pgmd_seq))); bp = (const u_char *) (rdata + 1); break; } case PGM_NAK: case PGM_NULLNAK: case PGM_NCF: { const struct pgm_nak *nak; char source_buf[INET6_ADDRSTRLEN], group_buf[INET6_ADDRSTRLEN]; nak = (const struct pgm_nak *)(pgm + 1); ND_TCHECK(*nak); bp = (const u_char *) (nak + 1); switch (EXTRACT_16BITS(&nak->pgmn_source_afi)) { case AFNUM_INET: ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, source_buf, sizeof(source_buf)); bp += sizeof(struct in_addr); break; case AFNUM_INET6: ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, source_buf, sizeof(source_buf)); bp += sizeof(struct in6_addr); break; default: goto trunc; break; } bp += (2 * sizeof(uint16_t)); switch (EXTRACT_16BITS(bp)) { case AFNUM_INET: ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, group_buf, sizeof(group_buf)); bp += sizeof(struct in_addr); break; case AFNUM_INET6: ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, group_buf, sizeof(group_buf)); bp += sizeof(struct in6_addr); break; default: goto trunc; break; } switch (pgm->pgm_type) { case PGM_NAK: ND_PRINT((ndo, ""NAK "")); break; case PGM_NULLNAK: ND_PRINT((ndo, ""NNAK "")); break; case PGM_NCF: ND_PRINT((ndo, ""NCF "")); break; default: break; } ND_PRINT((ndo, ""(%s -> %s), seq %u"", source_buf, group_buf, EXTRACT_32BITS(&nak->pgmn_seq))); break; } case PGM_ACK: { const struct pgm_ack *ack; ack = (const struct pgm_ack *)(pgm + 1); ND_TCHECK(*ack); ND_PRINT((ndo, ""ACK seq %u"", EXTRACT_32BITS(&ack->pgma_rx_max_seq))); bp = (const u_char *) (ack + 1); break; } case PGM_SPMR: ND_PRINT((ndo, ""SPMR"")); break; default: ND_PRINT((ndo, ""UNKNOWN type 0x%02x"", pgm->pgm_type)); break; } if (pgm->pgm_options & PGM_OPT_BIT_PRESENT) { if (!ND_TTEST2(*bp, PGM_MIN_OPT_LEN)) { ND_PRINT((ndo, ""[|OPT]"")); return; } opt_type = *bp++; if ((opt_type & PGM_OPT_MASK) != PGM_OPT_LENGTH) { ND_PRINT((ndo, ""[First option bad, should be PGM_OPT_LENGTH, is %u]"", opt_type & PGM_OPT_MASK)); return; } opt_len = *bp++; if (opt_len != 4) { ND_PRINT((ndo, ""[Bad OPT_LENGTH option, length %u != 4]"", opt_len)); return; } opts_len = EXTRACT_16BITS(bp); if (opts_len < 4) { ND_PRINT((ndo, ""[Bad total option length %u < 4]"", opts_len)); return; } bp += sizeof(uint16_t); ND_PRINT((ndo, "" OPTS LEN %d"", opts_len)); opts_len -= 4; while (opts_len) { if (opts_len < PGM_MIN_OPT_LEN) { ND_PRINT((ndo, ""[Total option length leaves no room for final option]"")); return; } if (!ND_TTEST2(*bp, 2)) { ND_PRINT((ndo, "" [|OPT]"")); return; } opt_type = *bp++; opt_len = *bp++; if (opt_len < PGM_MIN_OPT_LEN) { ND_PRINT((ndo, ""[Bad option, length %u < %u]"", opt_len, PGM_MIN_OPT_LEN)); break; } if (opts_len < opt_len) { ND_PRINT((ndo, ""[Total option length leaves no room for final option]"")); return; } if (!ND_TTEST2(*bp, opt_len - 2)) { ND_PRINT((ndo, "" [|OPT]"")); return; } switch (opt_type & PGM_OPT_MASK) { case PGM_OPT_LENGTH: #define PGM_OPT_LENGTH_LEN (2+2) if (opt_len != PGM_OPT_LENGTH_LEN) { ND_PRINT((ndo, ""[Bad OPT_LENGTH option, length %u != %u]"", opt_len, PGM_OPT_LENGTH_LEN)); return; } ND_PRINT((ndo, "" OPTS LEN (extra?) %d"", EXTRACT_16BITS(bp))); bp += 2; opts_len -= PGM_OPT_LENGTH_LEN; break; case PGM_OPT_FRAGMENT: #define PGM_OPT_FRAGMENT_LEN (2+2+4+4+4) if (opt_len != PGM_OPT_FRAGMENT_LEN) { ND_PRINT((ndo, ""[Bad OPT_FRAGMENT option, length %u != %u]"", opt_len, PGM_OPT_FRAGMENT_LEN)); return; } bp += 2; seq = EXTRACT_32BITS(bp); bp += 4; offset = EXTRACT_32BITS(bp); bp += 4; len = EXTRACT_32BITS(bp); bp += 4; ND_PRINT((ndo, "" FRAG seq %u off %u len %u"", seq, offset, len)); opts_len -= PGM_OPT_FRAGMENT_LEN; break; case PGM_OPT_NAK_LIST: bp += 2; opt_len -= 4; ND_PRINT((ndo, "" NAK LIST"")); while (opt_len) { if (opt_len < 4) { ND_PRINT((ndo, ""[Option length not a multiple of 4]"")); return; } ND_TCHECK2(*bp, 4); ND_PRINT((ndo, "" %u"", EXTRACT_32BITS(bp))); bp += 4; opt_len -= 4; opts_len -= 4; } break; case PGM_OPT_JOIN: #define PGM_OPT_JOIN_LEN (2+2+4) if (opt_len != PGM_OPT_JOIN_LEN) { ND_PRINT((ndo, ""[Bad OPT_JOIN option, length %u != %u]"", opt_len, PGM_OPT_JOIN_LEN)); return; } bp += 2; seq = EXTRACT_32BITS(bp); bp += 4; ND_PRINT((ndo, "" JOIN %u"", seq)); opts_len -= PGM_OPT_JOIN_LEN; break; case PGM_OPT_NAK_BO_IVL: #define PGM_OPT_NAK_BO_IVL_LEN (2+2+4+4) if (opt_len != PGM_OPT_NAK_BO_IVL_LEN) { ND_PRINT((ndo, ""[Bad OPT_NAK_BO_IVL option, length %u != %u]"", opt_len, PGM_OPT_NAK_BO_IVL_LEN)); return; } bp += 2; offset = EXTRACT_32BITS(bp); bp += 4; seq = EXTRACT_32BITS(bp); bp += 4; ND_PRINT((ndo, "" BACKOFF ivl %u ivlseq %u"", offset, seq)); opts_len -= PGM_OPT_NAK_BO_IVL_LEN; break; case PGM_OPT_NAK_BO_RNG: #define PGM_OPT_NAK_BO_RNG_LEN (2+2+4+4) if (opt_len != PGM_OPT_NAK_BO_RNG_LEN) { ND_PRINT((ndo, ""[Bad OPT_NAK_BO_RNG option, length %u != %u]"", opt_len, PGM_OPT_NAK_BO_RNG_LEN)); return; } bp += 2; offset = EXTRACT_32BITS(bp); bp += 4; seq = EXTRACT_32BITS(bp); bp += 4; ND_PRINT((ndo, "" BACKOFF max %u min %u"", offset, seq)); opts_len -= PGM_OPT_NAK_BO_RNG_LEN; break; case PGM_OPT_REDIRECT: #define PGM_OPT_REDIRECT_FIXED_LEN (2+2+2+2) if (opt_len < PGM_OPT_REDIRECT_FIXED_LEN) { ND_PRINT((ndo, ""[Bad OPT_REDIRECT option, length %u < %u]"", opt_len, PGM_OPT_REDIRECT_FIXED_LEN)); return; } bp += 2; nla_afnum = EXTRACT_16BITS(bp); bp += 2+2; switch (nla_afnum) { case AFNUM_INET: if (opt_len != PGM_OPT_REDIRECT_FIXED_LEN + sizeof(struct in_addr)) { ND_PRINT((ndo, ""[Bad OPT_REDIRECT option, length %u != %u + address size]"", opt_len, PGM_OPT_REDIRECT_FIXED_LEN)); return; } ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); opts_len -= PGM_OPT_REDIRECT_FIXED_LEN + sizeof(struct in_addr); break; case AFNUM_INET6: if (opt_len != PGM_OPT_REDIRECT_FIXED_LEN + sizeof(struct in6_addr)) { ND_PRINT((ndo, ""[Bad OPT_REDIRECT option, length %u != %u + address size]"", PGM_OPT_REDIRECT_FIXED_LEN, opt_len)); return; } ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); opts_len -= PGM_OPT_REDIRECT_FIXED_LEN + sizeof(struct in6_addr); break; default: goto trunc; break; } ND_PRINT((ndo, "" REDIRECT %s"", nla_buf)); break; case PGM_OPT_PARITY_PRM: #define PGM_OPT_PARITY_PRM_LEN (2+2+4) if (opt_len != PGM_OPT_PARITY_PRM_LEN) { ND_PRINT((ndo, ""[Bad OPT_PARITY_PRM option, length %u != %u]"", opt_len, PGM_OPT_PARITY_PRM_LEN)); return; } bp += 2; len = EXTRACT_32BITS(bp); bp += 4; ND_PRINT((ndo, "" PARITY MAXTGS %u"", len)); opts_len -= PGM_OPT_PARITY_PRM_LEN; break; case PGM_OPT_PARITY_GRP: #define PGM_OPT_PARITY_GRP_LEN (2+2+4) if (opt_len != PGM_OPT_PARITY_GRP_LEN) { ND_PRINT((ndo, ""[Bad OPT_PARITY_GRP option, length %u != %u]"", opt_len, PGM_OPT_PARITY_GRP_LEN)); return; } bp += 2; seq = EXTRACT_32BITS(bp); bp += 4; ND_PRINT((ndo, "" PARITY GROUP %u"", seq)); opts_len -= PGM_OPT_PARITY_GRP_LEN; break; case PGM_OPT_CURR_TGSIZE: #define PGM_OPT_CURR_TGSIZE_LEN (2+2+4) if (opt_len != PGM_OPT_CURR_TGSIZE_LEN) { ND_PRINT((ndo, ""[Bad OPT_CURR_TGSIZE option, length %u != %u]"", opt_len, PGM_OPT_CURR_TGSIZE_LEN)); return; } bp += 2; len = EXTRACT_32BITS(bp); bp += 4; ND_PRINT((ndo, "" PARITY ATGS %u"", len)); opts_len -= PGM_OPT_CURR_TGSIZE_LEN; break; case PGM_OPT_NBR_UNREACH: #define PGM_OPT_NBR_UNREACH_LEN (2+2) if (opt_len != PGM_OPT_NBR_UNREACH_LEN) { ND_PRINT((ndo, ""[Bad OPT_NBR_UNREACH option, length %u != %u]"", opt_len, PGM_OPT_NBR_UNREACH_LEN)); return; } bp += 2; ND_PRINT((ndo, "" NBR_UNREACH"")); opts_len -= PGM_OPT_NBR_UNREACH_LEN; break; case PGM_OPT_PATH_NLA: ND_PRINT((ndo, "" PATH_NLA [%d]"", opt_len)); bp += opt_len; opts_len -= opt_len; break; case PGM_OPT_SYN: #define PGM_OPT_SYN_LEN (2+2) if (opt_len != PGM_OPT_SYN_LEN) { ND_PRINT((ndo, ""[Bad OPT_SYN option, length %u != %u]"", opt_len, PGM_OPT_SYN_LEN)); return; } bp += 2; ND_PRINT((ndo, "" SYN"")); opts_len -= PGM_OPT_SYN_LEN; break; case PGM_OPT_FIN: #define PGM_OPT_FIN_LEN (2+2) if (opt_len != PGM_OPT_FIN_LEN) { ND_PRINT((ndo, ""[Bad OPT_FIN option, length %u != %u]"", opt_len, PGM_OPT_FIN_LEN)); return; } bp += 2; ND_PRINT((ndo, "" FIN"")); opts_len -= PGM_OPT_FIN_LEN; break; case PGM_OPT_RST: #define PGM_OPT_RST_LEN (2+2) if (opt_len != PGM_OPT_RST_LEN) { ND_PRINT((ndo, ""[Bad OPT_RST option, length %u != %u]"", opt_len, PGM_OPT_RST_LEN)); return; } bp += 2; ND_PRINT((ndo, "" RST"")); opts_len -= PGM_OPT_RST_LEN; break; case PGM_OPT_CR: ND_PRINT((ndo, "" CR"")); bp += opt_len; opts_len -= opt_len; break; case PGM_OPT_CRQST: #define PGM_OPT_CRQST_LEN (2+2) if (opt_len != PGM_OPT_CRQST_LEN) { ND_PRINT((ndo, ""[Bad OPT_CRQST option, length %u != %u]"", opt_len, PGM_OPT_CRQST_LEN)); return; } bp += 2; ND_PRINT((ndo, "" CRQST"")); opts_len -= PGM_OPT_CRQST_LEN; break; case PGM_OPT_PGMCC_DATA: #define PGM_OPT_PGMCC_DATA_FIXED_LEN (2+2+4+2+2) if (opt_len < PGM_OPT_PGMCC_DATA_FIXED_LEN) { ND_PRINT((ndo, ""[Bad OPT_PGMCC_DATA option, length %u < %u]"", opt_len, PGM_OPT_PGMCC_DATA_FIXED_LEN)); return; } bp += 2; offset = EXTRACT_32BITS(bp); bp += 4; nla_afnum = EXTRACT_16BITS(bp); bp += 2+2; switch (nla_afnum) { case AFNUM_INET: if (opt_len != PGM_OPT_PGMCC_DATA_FIXED_LEN + sizeof(struct in_addr)) { ND_PRINT((ndo, ""[Bad OPT_PGMCC_DATA option, length %u != %u + address size]"", opt_len, PGM_OPT_PGMCC_DATA_FIXED_LEN)); return; } ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); opts_len -= PGM_OPT_PGMCC_DATA_FIXED_LEN + sizeof(struct in_addr); break; case AFNUM_INET6: if (opt_len != PGM_OPT_PGMCC_DATA_FIXED_LEN + sizeof(struct in6_addr)) { ND_PRINT((ndo, ""[Bad OPT_PGMCC_DATA option, length %u != %u + address size]"", opt_len, PGM_OPT_PGMCC_DATA_FIXED_LEN)); return; } ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); opts_len -= PGM_OPT_PGMCC_DATA_FIXED_LEN + sizeof(struct in6_addr); break; default: goto trunc; break; } ND_PRINT((ndo, "" PGMCC DATA %u %s"", offset, nla_buf)); break; case PGM_OPT_PGMCC_FEEDBACK: #define PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN (2+2+4+2+2) if (opt_len < PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN) { ND_PRINT((ndo, ""[Bad PGM_OPT_PGMCC_FEEDBACK option, length %u < %u]"", opt_len, PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN)); return; } bp += 2; offset = EXTRACT_32BITS(bp); bp += 4; nla_afnum = EXTRACT_16BITS(bp); bp += 2+2; switch (nla_afnum) { case AFNUM_INET: if (opt_len != PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN + sizeof(struct in_addr)) { ND_PRINT((ndo, ""[Bad OPT_PGMCC_FEEDBACK option, length %u != %u + address size]"", opt_len, PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN)); return; } ND_TCHECK2(*bp, sizeof(struct in_addr)); addrtostr(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in_addr); opts_len -= PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN + sizeof(struct in_addr); break; case AFNUM_INET6: if (opt_len != PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN + sizeof(struct in6_addr)) { ND_PRINT((ndo, ""[Bad OPT_PGMCC_FEEDBACK option, length %u != %u + address size]"", opt_len, PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN)); return; } ND_TCHECK2(*bp, sizeof(struct in6_addr)); addrtostr6(bp, nla_buf, sizeof(nla_buf)); bp += sizeof(struct in6_addr); opts_len -= PGM_OPT_PGMCC_FEEDBACK_FIXED_LEN + sizeof(struct in6_addr); break; default: goto trunc; break; } ND_PRINT((ndo, "" PGMCC FEEDBACK %u %s"", offset, nla_buf)); break; default: ND_PRINT((ndo, "" OPT_%02X [%d] "", opt_type, opt_len)); bp += opt_len; opts_len -= opt_len; break; } if (opt_type & PGM_OPT_END) break; } } ND_PRINT((ndo, "" [%u]"", length)); if (ndo->ndo_packettype == PT_PGM_ZMTP1 && (pgm->pgm_type == PGM_ODATA || pgm->pgm_type == PGM_RDATA)) zmtp1_print_datagram(ndo, bp, EXTRACT_16BITS(&pgm->pgm_length)); return; trunc: ND_PRINT((ndo, ""[|pgm]"")); if (ch != '\0') ND_PRINT((ndo, "">"")); }",visit repo url,print-pgm.c,https://github.com/the-tcpdump-group/tcpdump,61468796900092,1 5663,['CWE-476'],"static struct sock *udp_v6_lookup(struct in6_addr *saddr, u16 sport, struct in6_addr *daddr, u16 dport, int dif) { struct sock *sk, *result = NULL; struct hlist_node *node; unsigned short hnum = ntohs(dport); int badness = -1; read_lock(&udp_hash_lock); sk_for_each(sk, node, &udp_hash[hnum & (UDP_HTABLE_SIZE - 1)]) { struct inet_sock *inet = inet_sk(sk); if (inet->num == hnum && sk->sk_family == PF_INET6) { struct ipv6_pinfo *np = inet6_sk(sk); int score = 0; if (inet->dport) { if (inet->dport != sport) continue; score++; } if (!ipv6_addr_any(&np->rcv_saddr)) { if (!ipv6_addr_equal(&np->rcv_saddr, daddr)) continue; score++; } if (!ipv6_addr_any(&np->daddr)) { if (!ipv6_addr_equal(&np->daddr, saddr)) continue; score++; } if (sk->sk_bound_dev_if) { if (sk->sk_bound_dev_if != dif) continue; score++; } if(score == 4) { result = sk; break; } else if(score > badness) { result = sk; badness = score; } } } if (result) sock_hold(result); read_unlock(&udp_hash_lock); return result; }",linux-2.6,,,143582848034732525760467895349521219743,0 315,[],"static int cdrom_do_read_audio(unsigned int fd, unsigned int cmd, unsigned long arg) { struct cdrom_read_audio __user *cdread_audio; struct cdrom_read_audio32 __user *cdread_audio32; __u32 data; void __user *datap; cdread_audio = compat_alloc_user_space(sizeof(*cdread_audio)); cdread_audio32 = compat_ptr(arg); if (copy_in_user(&cdread_audio->addr, &cdread_audio32->addr, (sizeof(*cdread_audio32) - sizeof(compat_caddr_t)))) return -EFAULT; if (get_user(data, &cdread_audio32->buf)) return -EFAULT; datap = compat_ptr(data); if (put_user(datap, &cdread_audio->buf)) return -EFAULT; return sys_ioctl(fd, cmd, (unsigned long) cdread_audio); }",linux-2.6,,,215115475429266402405073301081054084646,0 259,CWE-416,"static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) { struct inet_sock *inet = inet_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk); struct sockaddr_l2tpip6 *addr = (struct sockaddr_l2tpip6 *) uaddr; struct net *net = sock_net(sk); __be32 v4addr = 0; int addr_type; int err; if (!sock_flag(sk, SOCK_ZAPPED)) return -EINVAL; if (addr->l2tp_family != AF_INET6) return -EINVAL; if (addr_len < sizeof(*addr)) return -EINVAL; addr_type = ipv6_addr_type(&addr->l2tp_addr); if (addr_type == IPV6_ADDR_MAPPED) return -EADDRNOTAVAIL; if (addr_type & IPV6_ADDR_MULTICAST) return -EADDRNOTAVAIL; err = -EADDRINUSE; read_lock_bh(&l2tp_ip6_lock); if (__l2tp_ip6_bind_lookup(net, &addr->l2tp_addr, sk->sk_bound_dev_if, addr->l2tp_conn_id)) goto out_in_use; read_unlock_bh(&l2tp_ip6_lock); lock_sock(sk); err = -EINVAL; if (sk->sk_state != TCP_CLOSE) goto out_unlock; rcu_read_lock(); if (addr_type != IPV6_ADDR_ANY) { struct net_device *dev = NULL; if (addr_type & IPV6_ADDR_LINKLOCAL) { if (addr_len >= sizeof(struct sockaddr_in6) && addr->l2tp_scope_id) { sk->sk_bound_dev_if = addr->l2tp_scope_id; } if (!sk->sk_bound_dev_if) goto out_unlock_rcu; err = -ENODEV; dev = dev_get_by_index_rcu(sock_net(sk), sk->sk_bound_dev_if); if (!dev) goto out_unlock_rcu; } v4addr = LOOPBACK4_IPV6; err = -EADDRNOTAVAIL; if (!ipv6_chk_addr(sock_net(sk), &addr->l2tp_addr, dev, 0)) goto out_unlock_rcu; } rcu_read_unlock(); inet->inet_rcv_saddr = inet->inet_saddr = v4addr; sk->sk_v6_rcv_saddr = addr->l2tp_addr; np->saddr = addr->l2tp_addr; l2tp_ip6_sk(sk)->conn_id = addr->l2tp_conn_id; write_lock_bh(&l2tp_ip6_lock); sk_add_bind_node(sk, &l2tp_ip6_bind_table); sk_del_node_init(sk); write_unlock_bh(&l2tp_ip6_lock); sock_reset_flag(sk, SOCK_ZAPPED); release_sock(sk); return 0; out_unlock_rcu: rcu_read_unlock(); out_unlock: release_sock(sk); return err; out_in_use: read_unlock_bh(&l2tp_ip6_lock); return err; }",visit repo url,net/l2tp/l2tp_ip6.c,https://github.com/torvalds/linux,136536700617723,1 488,[],"pfm_clear_task_notify(void) { clear_thread_flag(TIF_NOTIFY_RESUME); }",linux-2.6,,,244422299266034792138634059605329036292,0 5388,['CWE-476'],"static inline gpa_t hc_gpa(struct kvm_vcpu *vcpu, unsigned long a0, unsigned long a1) { if (is_long_mode(vcpu)) return a0; else return a0 | ((gpa_t)a1 << 32); }",linux-2.6,,,49453493864081035609286538270596896197,0 5081,CWE-190,"process_bitmap_updates(STREAM s) { uint16 num_updates; uint16 left, top, right, bottom, width, height; uint16 cx, cy, bpp, Bpp, compress, bufsize, size; uint8 *data, *bmpdata; int i; logger(Protocol, Debug, ""%s()"", __func__); in_uint16_le(s, num_updates); for (i = 0; i < num_updates; i++) { in_uint16_le(s, left); in_uint16_le(s, top); in_uint16_le(s, right); in_uint16_le(s, bottom); in_uint16_le(s, width); in_uint16_le(s, height); in_uint16_le(s, bpp); Bpp = (bpp + 7) / 8; in_uint16_le(s, compress); in_uint16_le(s, bufsize); cx = right - left + 1; cy = bottom - top + 1; logger(Graphics, Debug, ""process_bitmap_updates(), [%d,%d,%d,%d], [%d,%d], bpp=%d, compression=%d"", left, top, right, bottom, width, height, Bpp, compress); if (!compress) { int y; bmpdata = (uint8 *) xmalloc(width * height * Bpp); for (y = 0; y < height; y++) { in_uint8a(s, &bmpdata[(height - y - 1) * (width * Bpp)], width * Bpp); } ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); xfree(bmpdata); continue; } if (compress & 0x400) { size = bufsize; } else { in_uint8s(s, 2); in_uint16_le(s, size); in_uint8s(s, 4); } in_uint8p(s, data, size); bmpdata = (uint8 *) xmalloc(width * height * Bpp); if (bitmap_decompress(bmpdata, width, height, data, size, Bpp)) { ui_paint_bitmap(left, top, cx, cy, width, height, bmpdata); } else { logger(Graphics, Warning, ""process_bitmap_updates(), failed to decompress bitmap""); } xfree(bmpdata); } }",visit repo url,rdp.c,https://github.com/rdesktop/rdesktop,84712037016740,1 2562,[],"static int fill_one(const char *what, struct match_attr *a, int rem) { struct git_attr_check *check = check_all_attr; int i; for (i = 0; 0 < rem && i < a->num_attr; i++) { struct git_attr *attr = a->state[i].attr; const char **n = &(check[attr->attr_nr].value); const char *v = a->state[i].setto; if (*n == ATTR__UNKNOWN) { debug_set(what, a->u.pattern, attr, v); *n = v; rem--; } } return rem; }",git,,,275792943614605097514220635134532715811,0 1137,CWE-20,"int __kvm_set_memory_region(struct kvm *kvm, struct kvm_userspace_memory_region *mem, int user_alloc) { int r; gfn_t base_gfn; unsigned long npages; unsigned long i; struct kvm_memory_slot *memslot; struct kvm_memory_slot old, new; struct kvm_memslots *slots, *old_memslots; r = -EINVAL; if (mem->memory_size & (PAGE_SIZE - 1)) goto out; if (mem->guest_phys_addr & (PAGE_SIZE - 1)) goto out; if (user_alloc && (mem->userspace_addr & (PAGE_SIZE - 1))) goto out; if (mem->slot >= KVM_MEMORY_SLOTS + KVM_PRIVATE_MEM_SLOTS) goto out; if (mem->guest_phys_addr + mem->memory_size < mem->guest_phys_addr) goto out; memslot = &kvm->memslots->memslots[mem->slot]; base_gfn = mem->guest_phys_addr >> PAGE_SHIFT; npages = mem->memory_size >> PAGE_SHIFT; r = -EINVAL; if (npages > KVM_MEM_MAX_NR_PAGES) goto out; if (!npages) mem->flags &= ~KVM_MEM_LOG_DIRTY_PAGES; new = old = *memslot; new.id = mem->slot; new.base_gfn = base_gfn; new.npages = npages; new.flags = mem->flags; r = -EINVAL; if (npages && old.npages && npages != old.npages) goto out_free; r = -EEXIST; for (i = 0; i < KVM_MEMORY_SLOTS; ++i) { struct kvm_memory_slot *s = &kvm->memslots->memslots[i]; if (s == memslot || !s->npages) continue; if (!((base_gfn + npages <= s->base_gfn) || (base_gfn >= s->base_gfn + s->npages))) goto out_free; } if (!(new.flags & KVM_MEM_LOG_DIRTY_PAGES)) new.dirty_bitmap = NULL; r = -ENOMEM; #ifndef CONFIG_S390 if (npages && !new.rmap) { new.rmap = vzalloc(npages * sizeof(*new.rmap)); if (!new.rmap) goto out_free; new.user_alloc = user_alloc; new.userspace_addr = mem->userspace_addr; } if (!npages) goto skip_lpage; for (i = 0; i < KVM_NR_PAGE_SIZES - 1; ++i) { unsigned long ugfn; unsigned long j; int lpages; int level = i + 2; (void)level; if (new.lpage_info[i]) continue; lpages = 1 + ((base_gfn + npages - 1) >> KVM_HPAGE_GFN_SHIFT(level)); lpages -= base_gfn >> KVM_HPAGE_GFN_SHIFT(level); new.lpage_info[i] = vzalloc(lpages * sizeof(*new.lpage_info[i])); if (!new.lpage_info[i]) goto out_free; if (base_gfn & (KVM_PAGES_PER_HPAGE(level) - 1)) new.lpage_info[i][0].write_count = 1; if ((base_gfn+npages) & (KVM_PAGES_PER_HPAGE(level) - 1)) new.lpage_info[i][lpages - 1].write_count = 1; ugfn = new.userspace_addr >> PAGE_SHIFT; if ((base_gfn ^ ugfn) & (KVM_PAGES_PER_HPAGE(level) - 1) || !largepages_enabled) for (j = 0; j < lpages; ++j) new.lpage_info[i][j].write_count = 1; } skip_lpage: if ((new.flags & KVM_MEM_LOG_DIRTY_PAGES) && !new.dirty_bitmap) { if (kvm_create_dirty_bitmap(&new) < 0) goto out_free; } #else new.user_alloc = user_alloc; if (user_alloc) new.userspace_addr = mem->userspace_addr; #endif if (!npages) { r = -ENOMEM; slots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL); if (!slots) goto out_free; memcpy(slots, kvm->memslots, sizeof(struct kvm_memslots)); if (mem->slot >= slots->nmemslots) slots->nmemslots = mem->slot + 1; slots->generation++; slots->memslots[mem->slot].flags |= KVM_MEMSLOT_INVALID; old_memslots = kvm->memslots; rcu_assign_pointer(kvm->memslots, slots); synchronize_srcu_expedited(&kvm->srcu); kvm_arch_flush_shadow(kvm); kfree(old_memslots); } r = kvm_arch_prepare_memory_region(kvm, &new, old, mem, user_alloc); if (r) goto out_free; if (npages) { r = kvm_iommu_map_pages(kvm, &new); if (r) goto out_free; } r = -ENOMEM; slots = kzalloc(sizeof(struct kvm_memslots), GFP_KERNEL); if (!slots) goto out_free; memcpy(slots, kvm->memslots, sizeof(struct kvm_memslots)); if (mem->slot >= slots->nmemslots) slots->nmemslots = mem->slot + 1; slots->generation++; if (!npages) { new.rmap = NULL; new.dirty_bitmap = NULL; for (i = 0; i < KVM_NR_PAGE_SIZES - 1; ++i) new.lpage_info[i] = NULL; } slots->memslots[mem->slot] = new; old_memslots = kvm->memslots; rcu_assign_pointer(kvm->memslots, slots); synchronize_srcu_expedited(&kvm->srcu); kvm_arch_commit_memory_region(kvm, mem, old, user_alloc); kvm_free_physmem_slot(&old, &new); kfree(old_memslots); return 0; out_free: kvm_free_physmem_slot(&new, &old); out: return r; }",visit repo url,virt/kvm/kvm_main.c,https://github.com/torvalds/linux,201859300354821,1 1460,[],"__load_balance_iterator(struct cfs_rq *cfs_rq, struct list_head *next) { struct task_struct *p = NULL; struct sched_entity *se; if (next == &cfs_rq->tasks) return NULL; do { se = list_entry(next, struct sched_entity, group_node); next = next->next; } while (next != &cfs_rq->tasks && !entity_is_task(se)); if (next == &cfs_rq->tasks) return NULL; cfs_rq->balance_iterator = next; if (entity_is_task(se)) p = task_of(se); return p; }",linux-2.6,,,250749130777759756828820231524476454190,0 764,['CWE-119'],"isdn_net_type_trans(struct sk_buff *skb, struct net_device *dev) { struct ethhdr *eth; unsigned char *rawp; skb_reset_mac_header(skb); skb_pull(skb, ETH_HLEN); eth = eth_hdr(skb); if (*eth->h_dest & 1) { if (memcmp(eth->h_dest, dev->broadcast, ETH_ALEN) == 0) skb->pkt_type = PACKET_BROADCAST; else skb->pkt_type = PACKET_MULTICAST; } else if (dev->flags & (IFF_PROMISC )) { if (memcmp(eth->h_dest, dev->dev_addr, ETH_ALEN)) skb->pkt_type = PACKET_OTHERHOST; } if (ntohs(eth->h_proto) >= 1536) return eth->h_proto; rawp = skb->data; if (*(unsigned short *) rawp == 0xFFFF) return htons(ETH_P_802_3); return htons(ETH_P_802_2); }",linux-2.6,,,25369722869968135454925191626871118115,0 540,['CWE-399'],"static ssize_t show_snapshot_button_status(struct class_device *class_dev, char *buf) { struct pwc_device *pdev = cd_to_pwc(class_dev); int status = pdev->snapshot_button_status; pdev->snapshot_button_status = 0; return sprintf(buf, ""%d\n"", status); }",linux-2.6,,,24778352953371085427351470962679574192,0 1398,[],"__load_balance_iterator(struct cfs_rq *cfs_rq, struct rb_node *curr) { struct task_struct *p; if (!curr) return NULL; p = rb_entry(curr, struct task_struct, se.run_node); cfs_rq->rb_load_balance_curr = rb_next(curr); return p; }",linux-2.6,,,34251901793385798619438088302275241012,0 3046,['CWE-189'],"static int putint(jas_stream_t *out, int sgnd, int prec, long val) { int n; int c; if (sgnd) { abort(); } val &= (1 << prec) - 1; n = (prec + 7) / 8; while (--n >= 0) { c = (val >> (n * 8)) & 0xff; if (jas_stream_putc(out, c) != c) return -1; } return 0; }",jasper,,,247586360605138980402126344983825052433,0 5210,['CWE-20'],"static bool cs_ss_rpl_check(struct kvm_vcpu *vcpu) { struct kvm_segment cs, ss; vmx_get_segment(vcpu, &cs, VCPU_SREG_CS); vmx_get_segment(vcpu, &ss, VCPU_SREG_SS); return ((cs.selector & SELECTOR_RPL_MASK) == (ss.selector & SELECTOR_RPL_MASK)); }",linux-2.6,,,166899700017099782556557806376746045829,0 6336,CWE-404,"static void *getMcontextEip(ucontext_t *uc) { #define NOT_SUPPORTED() do {\ UNUSED(uc);\ return NULL;\ } while(0) #if defined(__APPLE__) && !defined(MAC_OS_X_VERSION_10_6) #if defined(__x86_64__) return (void*) uc->uc_mcontext->__ss.__rip; #elif defined(__i386__) return (void*) uc->uc_mcontext->__ss.__eip; #else return (void*) uc->uc_mcontext->__ss.__srr0; #endif #elif defined(__APPLE__) && defined(MAC_OS_X_VERSION_10_6) #if defined(_STRUCT_X86_THREAD_STATE64) && !defined(__i386__) return (void*) uc->uc_mcontext->__ss.__rip; #elif defined(__i386__) return (void*) uc->uc_mcontext->__ss.__eip; #else return (void*) arm_thread_state64_get_pc(uc->uc_mcontext->__ss); #endif #elif defined(__linux__) #if defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__)) return (void*) uc->uc_mcontext.gregs[14]; #elif defined(__X86_64__) || defined(__x86_64__) return (void*) uc->uc_mcontext.gregs[16]; #elif defined(__ia64__) return (void*) uc->uc_mcontext.sc_ip; #elif defined(__arm__) return (void*) uc->uc_mcontext.arm_pc; #elif defined(__aarch64__) return (void*) uc->uc_mcontext.pc; #else NOT_SUPPORTED(); #endif #elif defined(__FreeBSD__) #if defined(__i386__) return (void*) uc->uc_mcontext.mc_eip; #elif defined(__x86_64__) return (void*) uc->uc_mcontext.mc_rip; #else NOT_SUPPORTED(); #endif #elif defined(__OpenBSD__) #if defined(__i386__) return (void*) uc->sc_eip; #elif defined(__x86_64__) return (void*) uc->sc_rip; #else NOT_SUPPORTED(); #endif #elif defined(__NetBSD__) #if defined(__i386__) return (void*) uc->uc_mcontext.__gregs[_REG_EIP]; #elif defined(__x86_64__) return (void*) uc->uc_mcontext.__gregs[_REG_RIP]; #else NOT_SUPPORTED(); #endif #elif defined(__DragonFly__) return (void*) uc->uc_mcontext.mc_rip; #else NOT_SUPPORTED(); #endif #undef NOT_SUPPORTED }",visit repo url,src/debug.c,https://github.com/redis/redis,67469668511672,1 4460,['CWE-264'],"void sock_rfree(struct sk_buff *skb) { struct sock *sk = skb->sk; atomic_sub(skb->truesize, &sk->sk_rmem_alloc); sk_mem_uncharge(skb->sk, skb->truesize); }",linux-2.6,,,298297976375539088903545208887476260288,0 4223,['CWE-399'],"static inline int handle_dev_cpu_collision(struct sk_buff *skb, struct net_device *dev, struct Qdisc *q) { int ret; if (unlikely(dev->xmit_lock_owner == smp_processor_id())) { kfree_skb(skb); if (net_ratelimit()) printk(KERN_WARNING ""Dead loop on netdevice %s, "" ""fix it urgently!\n"", dev->name); ret = qdisc_qlen(q); } else { __get_cpu_var(netdev_rx_stat).cpu_collision++; ret = dev_requeue_skb(skb, dev, q); } return ret; }",linux-2.6,,,237575902556810263912942300006726099199,0 4,CWE-252,"init_syntax_once () { register int c; static int done; if (done) return; bzero (re_syntax_table, sizeof re_syntax_table); for (c = 'a'; c <= 'z'; c++) re_syntax_table[c] = Sword; for (c = 'A'; c <= 'Z'; c++) re_syntax_table[c] = Sword; for (c = '0'; c <= '9'; c++) re_syntax_table[c] = Sword; re_syntax_table['_'] = Sword; done = 1; }",visit repo url,posix/regex.c,https://github.com/bminor/glibc,206792969238112,1 6716,['CWE-310'],"add_new_ap_item (NMDeviceWifi *device, NMAccessPoint *ap, struct dup_data *dup_data, NMAccessPoint *active_ap, NMConnection *active, GSList *connections, GtkWidget *menu, NMApplet *applet) { WirelessMenuItemInfo *info; GtkWidget *foo; GSList *iter; NMNetworkMenuItem *item = NULL; GSList *ap_connections = NULL; const GByteArray *ssid; guint8 strength; guint32 dev_caps; ap_connections = filter_connections_for_access_point (connections, device, ap); foo = nm_network_menu_item_new (applet->encryption_size_group, dup_data->hash, AP_HASH_LEN); item = NM_NETWORK_MENU_ITEM (foo); ssid = nm_access_point_get_ssid (ap); nm_network_menu_item_set_ssid (item, (GByteArray *) ssid); strength = nm_access_point_get_strength (ap); nm_network_menu_item_set_strength (item, strength); dev_caps = nm_device_wifi_get_capabilities (device); nm_network_menu_item_set_detail (item, ap, applet->adhoc_icon, dev_caps); nm_network_menu_item_add_dupe (item, ap); g_object_set_data (G_OBJECT (item), ""device"", NM_DEVICE (device)); gtk_menu_shell_append (GTK_MENU_SHELL (menu), GTK_WIDGET (item)); if (g_slist_length (ap_connections) > 1) { GtkWidget *submenu; submenu = gtk_menu_new (); for (iter = ap_connections; iter; iter = g_slist_next (iter)) { NMConnection *connection = NM_CONNECTION (iter->data); NMSettingConnection *s_con; GtkWidget *subitem; s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); subitem = gtk_menu_item_new_with_label (nm_setting_connection_get_id (s_con)); info = g_slice_new0 (WirelessMenuItemInfo); info->applet = applet; info->device = g_object_ref (G_OBJECT (device)); info->ap = g_object_ref (G_OBJECT (ap)); info->connection = g_object_ref (G_OBJECT (connection)); g_signal_connect_data (subitem, ""activate"", G_CALLBACK (wireless_menu_item_activate), info, (GClosureNotify) wireless_menu_item_info_destroy, 0); gtk_menu_shell_append (GTK_MENU_SHELL (submenu), GTK_WIDGET (subitem)); } gtk_menu_item_set_submenu (GTK_MENU_ITEM (item), submenu); } else { NMConnection *connection; info = g_slice_new0 (WirelessMenuItemInfo); info->applet = applet; info->device = g_object_ref (G_OBJECT (device)); info->ap = g_object_ref (G_OBJECT (ap)); if (g_slist_length (ap_connections) == 1) { connection = NM_CONNECTION (g_slist_nth_data (ap_connections, 0)); info->connection = g_object_ref (G_OBJECT (connection)); } g_signal_connect_data (GTK_WIDGET (item), ""activate"", G_CALLBACK (wireless_menu_item_activate), info, (GClosureNotify) wireless_menu_item_info_destroy, 0); } gtk_widget_show_all (GTK_WIDGET (item)); g_slist_free (ap_connections); return item; }",network-manager-applet,,,150177309119900239279532667880168815195,0 3387,['CWE-264'],"static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags, struct file *f, int (*open)(struct inode *, struct file *)) { struct inode *inode; int error; f->f_flags = flags; f->f_mode = ((flags+1) & O_ACCMODE) | FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE; inode = dentry->d_inode; if (f->f_mode & FMODE_WRITE) { error = get_write_access(inode); if (error) goto cleanup_file; } f->f_mapping = inode->i_mapping; f->f_path.dentry = dentry; f->f_path.mnt = mnt; f->f_pos = 0; f->f_op = fops_get(inode->i_fop); file_move(f, &inode->i_sb->s_files); if (!open && f->f_op) open = f->f_op->open; if (open) { error = open(inode, f); if (error) goto cleanup_all; } f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping); if (f->f_flags & O_DIRECT) { if (!f->f_mapping->a_ops || ((!f->f_mapping->a_ops->direct_IO) && (!f->f_mapping->a_ops->get_xip_page))) { fput(f); f = ERR_PTR(-EINVAL); } } return f; cleanup_all: fops_put(f->f_op); if (f->f_mode & FMODE_WRITE) put_write_access(inode); file_kill(f); f->f_path.dentry = NULL; f->f_path.mnt = NULL; cleanup_file: put_filp(f); dput(dentry); mntput(mnt); return ERR_PTR(error); }",linux-2.6,,,187812945813184297772371102696475634512,0 2314,CWE-264,"test_js (void) { GString *result = g_string_new(""""); parse_cmd_line(""js ('x' + 345).toUpperCase()"", result); g_assert_cmpstr(""X345"", ==, result->str); uzbl.net.useragent = ""Test useragent""; parse_cmd_line(""js Uzbl.run('print @useragent').toUpperCase();"", result); g_assert_cmpstr(""TEST USERAGENT"", ==, result->str); g_string_free(result, TRUE); }",visit repo url,tests/test-command.c,https://github.com/Dieterbe/uzbl,52687177855167,1 1327,['CWE-119'],"asn1_open(struct asn1_ctx *ctx, unsigned char *buf, unsigned int len) { ctx->begin = buf; ctx->end = buf + len; ctx->pointer = buf; ctx->error = ASN1_ERR_NOERROR; }",linux-2.6,,,26393378134210350180047640601402399525,0 5050,CWE-787,"mcs_parse_domain_params(STREAM s) { int length; ber_parse_header(s, MCS_TAG_DOMAIN_PARAMS, &length); in_uint8s(s, length); return s_check(s); }",visit repo url,mcs.c,https://github.com/rdesktop/rdesktop,97469784328502,1 6709,['CWE-310'],"nm_gconf_get_stringlist_helper (GConfClient *client, const char *path, const char *key, const char *setting, GSList **value) { char *gc_key; GConfValue *gc_value; gboolean success = FALSE; g_return_val_if_fail (key != NULL, FALSE); g_return_val_if_fail (setting != NULL, FALSE); g_return_val_if_fail (value != NULL, FALSE); gc_key = g_strdup_printf (""%s/%s/%s"", path, setting, key); if (!(gc_value = gconf_client_get (client, gc_key, NULL))) goto out; if (gc_value->type == GCONF_VALUE_LIST && gconf_value_get_list_type (gc_value) == GCONF_VALUE_STRING) { GSList *elt; for (elt = gconf_value_get_list (gc_value); elt != NULL; elt = g_slist_next (elt)) { const char *string = gconf_value_get_string ((GConfValue *) elt->data); *value = g_slist_append (*value, g_strdup (string)); } success = TRUE; } out: if (gc_value) gconf_value_free (gc_value); g_free (gc_key); return success; }",network-manager-applet,,,310681619484564550942767944148637998959,0 2921,CWE-20,"int ssl_parse_certificate( ssl_context *ssl ) { int ret; size_t i, n; SSL_DEBUG_MSG( 2, ( ""=> parse certificate"" ) ); if( ssl->endpoint == SSL_IS_SERVER && ssl->authmode == SSL_VERIFY_NONE ) { ssl->verify_result = BADCERT_SKIP_VERIFY; SSL_DEBUG_MSG( 2, ( ""<= skip parse certificate"" ) ); ssl->state++; return( 0 ); } if( ( ret = ssl_read_record( ssl ) ) != 0 ) { SSL_DEBUG_RET( 1, ""ssl_read_record"", ret ); return( ret ); } ssl->state++; if( ssl->endpoint == SSL_IS_SERVER && ssl->minor_ver == SSL_MINOR_VERSION_0 ) { if( ssl->in_msglen == 2 && ssl->in_msgtype == SSL_MSG_ALERT && ssl->in_msg[0] == SSL_ALERT_LEVEL_WARNING && ssl->in_msg[1] == SSL_ALERT_MSG_NO_CERT ) { SSL_DEBUG_MSG( 1, ( ""SSLv3 client has no certificate"" ) ); ssl->verify_result = BADCERT_MISSING; if( ssl->authmode == SSL_VERIFY_OPTIONAL ) return( 0 ); else return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE ); } } if( ssl->endpoint == SSL_IS_SERVER && ssl->minor_ver != SSL_MINOR_VERSION_0 ) { if( ssl->in_hslen == 7 && ssl->in_msgtype == SSL_MSG_HANDSHAKE && ssl->in_msg[0] == SSL_HS_CERTIFICATE && memcmp( ssl->in_msg + 4, ""\0\0\0"", 3 ) == 0 ) { SSL_DEBUG_MSG( 1, ( ""TLSv1 client has no certificate"" ) ); ssl->verify_result = BADCERT_MISSING; if( ssl->authmode == SSL_VERIFY_REQUIRED ) return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE ); else return( 0 ); } } if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) { SSL_DEBUG_MSG( 1, ( ""bad certificate message"" ) ); return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE ); } if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 ) { SSL_DEBUG_MSG( 1, ( ""bad certificate message"" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); } n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6]; if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n ) { SSL_DEBUG_MSG( 1, ( ""bad certificate message"" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); } if( ( ssl->session_negotiate->peer_cert = (x509_cert *) malloc( sizeof( x509_cert ) ) ) == NULL ) { SSL_DEBUG_MSG( 1, ( ""malloc(%d bytes) failed"", sizeof( x509_cert ) ) ); return( POLARSSL_ERR_SSL_MALLOC_FAILED ); } memset( ssl->session_negotiate->peer_cert, 0, sizeof( x509_cert ) ); i = 7; while( i < ssl->in_hslen ) { if( ssl->in_msg[i] != 0 ) { SSL_DEBUG_MSG( 1, ( ""bad certificate message"" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); } n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) | (unsigned int) ssl->in_msg[i + 2]; i += 3; if( n < 128 || i + n > ssl->in_hslen ) { SSL_DEBUG_MSG( 1, ( ""bad certificate message"" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); } ret = x509parse_crt( ssl->session_negotiate->peer_cert, ssl->in_msg + i, n ); if( ret != 0 ) { SSL_DEBUG_RET( 1, "" x509parse_crt"", ret ); return( ret ); } i += n; } SSL_DEBUG_CRT( 3, ""peer certificate"", ssl->session_negotiate->peer_cert ); if( ssl->authmode != SSL_VERIFY_NONE ) { if( ssl->ca_chain == NULL ) { SSL_DEBUG_MSG( 1, ( ""got no CA chain"" ) ); return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED ); } ret = x509parse_verify( ssl->session_negotiate->peer_cert, ssl->ca_chain, ssl->ca_crl, ssl->peer_cn, &ssl->verify_result, ssl->f_vrfy, ssl->p_vrfy ); if( ret != 0 ) SSL_DEBUG_RET( 1, ""x509_verify_cert"", ret ); if( ssl->authmode != SSL_VERIFY_REQUIRED ) ret = 0; } SSL_DEBUG_MSG( 2, ( ""<= parse certificate"" ) ); return( ret ); }",visit repo url,library/ssl_tls.c,https://github.com/polarssl/polarssl,233854353239760,1 3194,CWE-835,"ikev1_nonce_print(netdissect_options *ndo, u_char tpay _U_, const struct isakmp_gen *ext, u_int item_len _U_, const u_char *ep, uint32_t phase _U_, uint32_t doi _U_, uint32_t proto _U_, int depth _U_) { struct isakmp_gen e; ND_PRINT((ndo,""%s:"", NPSTR(ISAKMP_NPTYPE_NONCE))); ND_TCHECK(*ext); UNALIGNED_MEMCPY(&e, ext, sizeof(e)); ND_PRINT((ndo,"" n len=%d"", ntohs(e.len) - 4)); if (2 < ndo->ndo_vflag && 4 < ntohs(e.len)) { ND_PRINT((ndo,"" "")); if (!rawprint(ndo, (const uint8_t *)(ext + 1), ntohs(e.len) - 4)) goto trunc; } else if (1 < ndo->ndo_vflag && 4 < ntohs(e.len)) { ND_PRINT((ndo,"" "")); if (!ike_show_somedata(ndo, (const u_char *)(const uint8_t *)(ext + 1), ep)) goto trunc; } return (const u_char *)ext + ntohs(e.len); trunc: ND_PRINT((ndo,"" [|%s]"", NPSTR(ISAKMP_NPTYPE_NONCE))); return NULL; }",visit repo url,print-isakmp.c,https://github.com/the-tcpdump-group/tcpdump,227209619320791,1 292,CWE-119,"static ssize_t k90_show_current_profile(struct device *dev, struct device_attribute *attr, char *buf) { int ret; struct usb_interface *usbif = to_usb_interface(dev->parent); struct usb_device *usbdev = interface_to_usbdev(usbif); int current_profile; char data[8]; ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), K90_REQUEST_STATUS, USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, 0, 0, data, 8, USB_CTRL_SET_TIMEOUT); if (ret < 0) { dev_warn(dev, ""Failed to get K90 initial state (error %d).\n"", ret); return -EIO; } current_profile = data[7]; if (current_profile < 1 || current_profile > 3) { dev_warn(dev, ""Read invalid current profile: %02hhx.\n"", data[7]); return -EIO; } return snprintf(buf, PAGE_SIZE, ""%d\n"", current_profile); }",visit repo url,drivers/hid/hid-corsair.c,https://github.com/torvalds/linux,256624499003227,1 2238,NVD-CWE-noinfo,"static inline void encode_openhdr(struct xdr_stream *xdr, const struct nfs_openargs *arg) { __be32 *p; RESERVE_SPACE(8); WRITE32(OP_OPEN); WRITE32(arg->seqid->sequence->counter); encode_share_access(xdr, arg->open_flags); RESERVE_SPACE(28); WRITE64(arg->clientid); WRITE32(16); WRITEMEM(""open id:"", 8); WRITE64(arg->id); }",visit repo url,fs/nfs/nfs4xdr.c,https://github.com/torvalds/linux,131005226070771,1 4422,['CWE-264'],"void sock_prot_inuse_add(struct net *net, struct proto *prot, int val) { int cpu = smp_processor_id(); per_cpu_ptr(net->core.inuse, cpu)->val[prot->inuse_idx] += val; }",linux-2.6,,,332160135216691536579714304296104116909,0 3744,CWE-787,"int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config) { int is_rf64 = !strncmp (fourcc, ""RF64"", 4), got_ds64 = 0; int64_t total_samples = 0, infilesize; RiffChunkHeader riff_chunk_header; ChunkHeader chunk_header; WaveHeader WaveHeader; DS64Chunk ds64_chunk; uint32_t bcount; CLEAR (WaveHeader); CLEAR (ds64_chunk); infilesize = DoGetFileSize (infile); if (!is_rf64 && infilesize >= 4294967296LL && !(config->qmode & QMODE_IGNORE_LENGTH)) { error_line (""can't handle .WAV files larger than 4 GB (non-standard)!""); return WAVPACK_SOFT_ERROR; } memcpy (&riff_chunk_header, fourcc, 4); if ((!DoReadFile (infile, ((char *) &riff_chunk_header) + 4, sizeof (RiffChunkHeader) - 4, &bcount) || bcount != sizeof (RiffChunkHeader) - 4 || strncmp (riff_chunk_header.formType, ""WAVE"", 4))) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &riff_chunk_header, sizeof (RiffChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } while (1) { if (!DoReadFile (infile, &chunk_header, sizeof (ChunkHeader), &bcount) || bcount != sizeof (ChunkHeader)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &chunk_header, sizeof (ChunkHeader))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackLittleEndianToNative (&chunk_header, ChunkHeaderFormat); if (!strncmp (chunk_header.ckID, ""ds64"", 4)) { if (chunk_header.ckSize < sizeof (DS64Chunk) || !DoReadFile (infile, &ds64_chunk, sizeof (DS64Chunk), &bcount) || bcount != sizeof (DS64Chunk)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &ds64_chunk, sizeof (DS64Chunk))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } got_ds64 = 1; WavpackLittleEndianToNative (&ds64_chunk, DS64ChunkFormat); if (debug_logging_mode) error_line (""DS64: riffSize = %lld, dataSize = %lld, sampleCount = %lld, table_length = %d"", (long long) ds64_chunk.riffSize64, (long long) ds64_chunk.dataSize64, (long long) ds64_chunk.sampleCount64, ds64_chunk.tableLength); if (ds64_chunk.tableLength * sizeof (CS64Chunk) != chunk_header.ckSize - sizeof (DS64Chunk)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } while (ds64_chunk.tableLength--) { CS64Chunk cs64_chunk; if (!DoReadFile (infile, &cs64_chunk, sizeof (CS64Chunk), &bcount) || bcount != sizeof (CS64Chunk) || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &cs64_chunk, sizeof (CS64Chunk)))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } } } else if (!strncmp (chunk_header.ckID, ""fmt "", 4)) { int supported = TRUE, format; if (chunk_header.ckSize < 16 || chunk_header.ckSize > sizeof (WaveHeader) || !DoReadFile (infile, &WaveHeader, chunk_header.ckSize, &bcount) || bcount != chunk_header.ckSize) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, &WaveHeader, chunk_header.ckSize)) { error_line (""%s"", WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } WavpackLittleEndianToNative (&WaveHeader, WaveHeaderFormat); if (debug_logging_mode) { error_line (""format tag size = %d"", chunk_header.ckSize); error_line (""FormatTag = %x, NumChannels = %d, BitsPerSample = %d"", WaveHeader.FormatTag, WaveHeader.NumChannels, WaveHeader.BitsPerSample); error_line (""BlockAlign = %d, SampleRate = %d, BytesPerSecond = %d"", WaveHeader.BlockAlign, WaveHeader.SampleRate, WaveHeader.BytesPerSecond); if (chunk_header.ckSize > 16) error_line (""cbSize = %d, ValidBitsPerSample = %d"", WaveHeader.cbSize, WaveHeader.ValidBitsPerSample); if (chunk_header.ckSize > 20) error_line (""ChannelMask = %x, SubFormat = %d"", WaveHeader.ChannelMask, WaveHeader.SubFormat); } if (chunk_header.ckSize > 16 && WaveHeader.cbSize == 2) config->qmode |= QMODE_ADOBE_MODE; format = (WaveHeader.FormatTag == 0xfffe && chunk_header.ckSize == 40) ? WaveHeader.SubFormat : WaveHeader.FormatTag; config->bits_per_sample = (chunk_header.ckSize == 40 && WaveHeader.ValidBitsPerSample) ? WaveHeader.ValidBitsPerSample : WaveHeader.BitsPerSample; if (format != 1 && format != 3) supported = FALSE; if (format == 3 && config->bits_per_sample != 32) supported = FALSE; if (!WaveHeader.NumChannels || WaveHeader.NumChannels > 256 || WaveHeader.BlockAlign / WaveHeader.NumChannels < (config->bits_per_sample + 7) / 8 || WaveHeader.BlockAlign / WaveHeader.NumChannels > 4 || WaveHeader.BlockAlign % WaveHeader.NumChannels) supported = FALSE; if (config->bits_per_sample < 1 || config->bits_per_sample > 32) supported = FALSE; if (!supported) { error_line (""%s is an unsupported .WAV format!"", infilename); return WAVPACK_SOFT_ERROR; } if (chunk_header.ckSize < 40) { if (!config->channel_mask && !(config->qmode & QMODE_CHANS_UNASSIGNED)) { if (WaveHeader.NumChannels <= 2) config->channel_mask = 0x5 - WaveHeader.NumChannels; else if (WaveHeader.NumChannels <= 18) config->channel_mask = (1 << WaveHeader.NumChannels) - 1; else config->channel_mask = 0x3ffff; } } else if (WaveHeader.ChannelMask && (config->channel_mask || (config->qmode & QMODE_CHANS_UNASSIGNED))) { error_line (""this WAV file already has channel order information!""); return WAVPACK_SOFT_ERROR; } else if (WaveHeader.ChannelMask) config->channel_mask = WaveHeader.ChannelMask; if (format == 3) config->float_norm_exp = 127; else if ((config->qmode & QMODE_ADOBE_MODE) && WaveHeader.BlockAlign / WaveHeader.NumChannels == 4) { if (WaveHeader.BitsPerSample == 24) config->float_norm_exp = 127 + 23; else if (WaveHeader.BitsPerSample == 32) config->float_norm_exp = 127 + 15; } if (debug_logging_mode) { if (config->float_norm_exp == 127) error_line (""data format: normalized 32-bit floating point""); else if (config->float_norm_exp) error_line (""data format: 32-bit floating point (Audition %d:%d float type 1)"", config->float_norm_exp - 126, 150 - config->float_norm_exp); else error_line (""data format: %d-bit integers stored in %d byte(s)"", config->bits_per_sample, WaveHeader.BlockAlign / WaveHeader.NumChannels); } } else if (!strncmp (chunk_header.ckID, ""data"", 4)) { int64_t data_chunk_size = (got_ds64 && chunk_header.ckSize == (uint32_t) -1) ? ds64_chunk.dataSize64 : chunk_header.ckSize; if (!WaveHeader.NumChannels || (is_rf64 && !got_ds64)) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } if (infilesize && !(config->qmode & QMODE_IGNORE_LENGTH) && infilesize - data_chunk_size > 16777216) { error_line (""this .WAV file has over 16 MB of extra RIFF data, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (config->qmode & QMODE_IGNORE_LENGTH) { if (infilesize && DoGetFilePosition (infile) != -1) total_samples = (infilesize - DoGetFilePosition (infile)) / WaveHeader.BlockAlign; else total_samples = -1; } else { total_samples = data_chunk_size / WaveHeader.BlockAlign; if (got_ds64 && total_samples != ds64_chunk.sampleCount64) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } if (!total_samples) { error_line (""this .WAV file has no audio samples, probably is corrupt!""); return WAVPACK_SOFT_ERROR; } if (total_samples > MAX_WAVPACK_SAMPLES) { error_line (""%s has too many samples for WavPack!"", infilename); return WAVPACK_SOFT_ERROR; } } config->bytes_per_sample = WaveHeader.BlockAlign / WaveHeader.NumChannels; config->num_channels = WaveHeader.NumChannels; config->sample_rate = WaveHeader.SampleRate; break; } else { int bytes_to_copy = (chunk_header.ckSize + 1) & ~1L; char *buff; if (bytes_to_copy < 0 || bytes_to_copy > 4194304) { error_line (""%s is not a valid .WAV file!"", infilename); return WAVPACK_SOFT_ERROR; } buff = malloc (bytes_to_copy); if (debug_logging_mode) error_line (""extra unknown chunk \""%c%c%c%c\"" of %d bytes"", chunk_header.ckID [0], chunk_header.ckID [1], chunk_header.ckID [2], chunk_header.ckID [3], chunk_header.ckSize); if (!DoReadFile (infile, buff, bytes_to_copy, &bcount) || bcount != bytes_to_copy || (!(config->qmode & QMODE_NO_STORE_WRAPPER) && !WavpackAddWrapper (wpc, buff, bytes_to_copy))) { error_line (""%s"", WavpackGetErrorMessage (wpc)); free (buff); return WAVPACK_SOFT_ERROR; } free (buff); } } if (!WavpackSetConfiguration64 (wpc, config, total_samples, NULL)) { error_line (""%s: %s"", infilename, WavpackGetErrorMessage (wpc)); return WAVPACK_SOFT_ERROR; } return WAVPACK_NO_ERROR; }",visit repo url,cli/riff.c,https://github.com/dbry/WavPack,138171460347958,1 1574,[],"static void rq_attach_root(struct rq *rq, struct root_domain *rd) { unsigned long flags; const struct sched_class *class; spin_lock_irqsave(&rq->lock, flags); if (rq->rd) { struct root_domain *old_rd = rq->rd; for (class = sched_class_highest; class; class = class->next) { if (class->leave_domain) class->leave_domain(rq); } cpu_clear(rq->cpu, old_rd->span); cpu_clear(rq->cpu, old_rd->online); if (atomic_dec_and_test(&old_rd->refcount)) kfree(old_rd); } atomic_inc(&rd->refcount); rq->rd = rd; cpu_set(rq->cpu, rd->span); if (cpu_isset(rq->cpu, cpu_online_map)) cpu_set(rq->cpu, rd->online); for (class = sched_class_highest; class; class = class->next) { if (class->join_domain) class->join_domain(rq); } spin_unlock_irqrestore(&rq->lock, flags); }",linux-2.6,,,107307558034167268452380259479215639778,0 4871,CWE-119,"const char * util_acl_to_str(const sc_acl_entry_t *e) { static char line[80], buf[20]; unsigned int acl; if (e == NULL) return ""N/A""; line[0] = 0; while (e != NULL) { acl = e->method; switch (acl) { case SC_AC_UNKNOWN: return ""N/A""; case SC_AC_NEVER: return ""NEVR""; case SC_AC_NONE: return ""NONE""; case SC_AC_CHV: strcpy(buf, ""CHV""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""%d"", e->key_ref); break; case SC_AC_TERM: strcpy(buf, ""TERM""); break; case SC_AC_PRO: strcpy(buf, ""PROT""); break; case SC_AC_AUT: strcpy(buf, ""AUTH""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 4, ""%d"", e->key_ref); break; case SC_AC_SEN: strcpy(buf, ""Sec.Env. ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; case SC_AC_SCB: strcpy(buf, ""Sec.ControlByte ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""Ox%X"", e->key_ref); break; case SC_AC_IDA: strcpy(buf, ""PKCS#15 AuthID ""); if (e->key_ref != SC_AC_KEY_REF_NONE) sprintf(buf + 3, ""#%d"", e->key_ref); break; default: strcpy(buf, ""????""); break; } strcat(line, buf); strcat(line, "" ""); e = e->next; } line[strlen(line)-1] = 0; return line; }",visit repo url,src/tools/util.c,https://github.com/OpenSC/OpenSC,34728816745796,1 17,NVD-CWE-Other,"kg_unseal(minor_status, context_handle, input_token_buffer, message_buffer, conf_state, qop_state, toktype) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t input_token_buffer; gss_buffer_t message_buffer; int *conf_state; gss_qop_t *qop_state; int toktype; { krb5_gss_ctx_id_rec *ctx; unsigned char *ptr; unsigned int bodysize; int err; int toktype2; int vfyflags = 0; OM_uint32 ret; ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { *minor_status = KG_CTX_INCOMPLETE; return(GSS_S_NO_CONTEXT); } ptr = (unsigned char *) input_token_buffer->value; err = g_verify_token_header(ctx->mech_used, &bodysize, &ptr, -1, input_token_buffer->length, vfyflags); if (err) { *minor_status = err; return GSS_S_DEFECTIVE_TOKEN; } if (bodysize < 2) { *minor_status = (OM_uint32)G_BAD_TOK_HEADER; return GSS_S_DEFECTIVE_TOKEN; } toktype2 = load_16_be(ptr); ptr += 2; bodysize -= 2; switch (toktype2) { case KG2_TOK_MIC_MSG: case KG2_TOK_WRAP_MSG: case KG2_TOK_DEL_CTX: ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx, ptr, bodysize, message_buffer, conf_state, qop_state, toktype); break; case KG_TOK_MIC_MSG: case KG_TOK_WRAP_MSG: case KG_TOK_DEL_CTX: ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize, message_buffer, conf_state, qop_state, toktype); break; default: *minor_status = (OM_uint32)G_BAD_TOK_HEADER; ret = GSS_S_DEFECTIVE_TOKEN; break; } if (ret != 0) save_error_info (*minor_status, ctx->k5_context); return ret; }",visit repo url,src/lib/gssapi/krb5/k5unseal.c,https://github.com/krb5/krb5,230644267269898,1 2610,[],"SCTP_STATIC int sctp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, size_t len, int noblock, int flags, int *addr_len) { struct sctp_ulpevent *event = NULL; struct sctp_sock *sp = sctp_sk(sk); struct sk_buff *skb; int copied; int err = 0; int skb_len; SCTP_DEBUG_PRINTK(""sctp_recvmsg(%s: %p, %s: %p, %s: %zd, %s: %d, %s: "" ""0x%x, %s: %p)\n"", ""sk"", sk, ""msghdr"", msg, ""len"", len, ""knoblauch"", noblock, ""flags"", flags, ""addr_len"", addr_len); sctp_lock_sock(sk); if (sctp_style(sk, TCP) && !sctp_sstate(sk, ESTABLISHED)) { err = -ENOTCONN; goto out; } skb = sctp_skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; skb_len = skb->len; copied = skb_len; if (copied > len) copied = len; err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); event = sctp_skb2event(skb); if (err) goto out_free; sock_recv_timestamp(msg, sk, skb); if (sctp_ulpevent_is_notification(event)) { msg->msg_flags |= MSG_NOTIFICATION; sp->pf->event_msgname(event, msg->msg_name, addr_len); } else { sp->pf->skb_msgname(skb, msg->msg_name, addr_len); } if (sp->subscribe.sctp_data_io_event) sctp_ulpevent_read_sndrcvinfo(event, msg); #if 0 if (sk->sk_protinfo.af_inet.cmsg_flags) ip_cmsg_recv(msg, skb); #endif err = copied; if (skb_len > copied) { msg->msg_flags &= ~MSG_EOR; if (flags & MSG_PEEK) goto out_free; sctp_skb_pull(skb, copied); skb_queue_head(&sk->sk_receive_queue, skb); if (!sctp_ulpevent_is_notification(event)) sctp_assoc_rwnd_increase(event->asoc, copied); goto out; } else if ((event->msg_flags & MSG_NOTIFICATION) || (event->msg_flags & MSG_EOR)) msg->msg_flags |= MSG_EOR; else msg->msg_flags &= ~MSG_EOR; out_free: if (flags & MSG_PEEK) { kfree_skb(skb); } else { sctp_ulpevent_free(event); } out: sctp_release_sock(sk); return err; }",linux-2.6,,,171404235928809659537272350245765602274,0 2312,CWE-255,"static int unix_getpw(UNUSED void *instance, REQUEST *request, VALUE_PAIR **vp_list) { const char *name; const char *encrypted_pass; #ifdef HAVE_GETSPNAM struct spwd *spwd = NULL; #endif #ifdef OSFC2 struct pr_passwd *pr_pw; #else struct passwd *pwd; #endif #ifdef HAVE_GETUSERSHELL char *shell; #endif VALUE_PAIR *vp; if (!request->username) { return RLM_MODULE_NOOP; } name = (char *)request->username->vp_strvalue; encrypted_pass = NULL; #ifdef OSFC2 if ((pr_pw = getprpwnam(name)) == NULL) return RLM_MODULE_NOTFOUND; encrypted_pass = pr_pw->ufld.fd_encrypt; if (pr_pw->uflg.fg_lock!=1) { radlog(L_AUTH, ""rlm_unix: [%s]: account locked"", name); return RLM_MODULE_USERLOCK; } #else if ((pwd = getpwnam(name)) == NULL) { return RLM_MODULE_NOTFOUND; } encrypted_pass = pwd->pw_passwd; #endif #ifdef HAVE_GETSPNAM if ((encrypted_pass == NULL) || (strlen(encrypted_pass) < 10)) { if ((spwd = getspnam(name)) == NULL) { return RLM_MODULE_NOTFOUND; } encrypted_pass = spwd->sp_pwdp; } #endif #ifndef OSFC2 #ifdef DENY_SHELL if (strcmp(pwd->pw_shell, DENY_SHELL) == 0) { radlog_request(L_AUTH, 0, request, ""rlm_unix: [%s]: invalid shell"", name); return RLM_MODULE_REJECT; } #endif #ifdef HAVE_GETUSERSHELL while ((shell = getusershell()) != NULL) { if (strcmp(shell, pwd->pw_shell) == 0 || strcmp(shell, ""/RADIUSD/ANY/SHELL"") == 0) { break; } } endusershell(); if (shell == NULL) { radlog_request(L_AUTH, 0, request, ""[%s]: invalid shell [%s]"", name, pwd->pw_shell); return RLM_MODULE_REJECT; } #endif #endif #if defined(HAVE_GETSPNAM) && !defined(M_UNIX) if (spwd && spwd->sp_expire > 0 && (request->timestamp / 86400) > spwd->sp_expire) { radlog_request(L_AUTH, 0, request, ""[%s]: password has expired"", name); return RLM_MODULE_REJECT; } #endif #if defined(__FreeBSD__) || defined(bsdi) || defined(_PWF_EXPIRE) if ((pwd->pw_expire > 0) && (request->timestamp > pwd->pw_expire)) { radlog_request(L_AUTH, 0, request, ""[%s]: password has expired"", name); return RLM_MODULE_REJECT; } #endif if (encrypted_pass[0] == 0) return RLM_MODULE_NOOP; vp = pairmake(""Crypt-Password"", encrypted_pass, T_OP_SET); if (!vp) return RLM_MODULE_FAIL; pairmove(vp_list, &vp); pairfree(&vp); return RLM_MODULE_UPDATED; }",visit repo url,src/modules/rlm_unix/rlm_unix.c,https://github.com/alandekok/freeradius-server,134677693361776,1 3155,NVD-CWE-noinfo,"static inline FILE *xfmkstemp(char **tmpname, char *dir) { int fd; FILE *ret; fd = xmkstemp(tmpname, dir); if (fd == -1) return NULL; if (!(ret = fdopen(fd, ""w+"" UL_CLOEXECSTR))) { close(fd); return NULL; } return ret; }",visit repo url,include/fileutils.h,https://github.com/karelzak/util-linux,225996784062712,1 2765,['CWE-189'],"struct sctp_shared_key *sctp_auth_shkey_create(__u16 key_id, gfp_t gfp) { struct sctp_shared_key *new; new = kzalloc(sizeof(struct sctp_shared_key), gfp); if (!new) return NULL; INIT_LIST_HEAD(&new->key_list); new->key_id = key_id; return new; }",linux-2.6,,,198330886343211434438032322832285127234,0 3057,CWE-125,"int string_rfind(const char *input, int len, const char *s, int s_len, int pos, bool case_sensitive) { assertx(input); assertx(s); if (!s_len || pos < -len || pos > len) { return -1; } void *ptr; if (case_sensitive) { if (pos >= 0) { ptr = bstrrstr(input + pos, len - pos, s, s_len); } else { ptr = bstrrstr(input, len + pos + s_len, s, s_len); } } else { if (pos >= 0) { ptr = bstrrcasestr(input + pos, len - pos, s, s_len); } else { ptr = bstrrcasestr(input, len + pos + s_len, s, s_len); } } if (ptr != nullptr) { return (int)((const char *)ptr - input); } return -1; }",visit repo url,hphp/runtime/base/zend-string.cpp,https://github.com/facebook/hhvm,240850516937144,1 6568,CWE-415,"destroyPresentationContextList(LST_HEAD ** lst) { DUL_PRESENTATIONCONTEXT *pc; DUL_TRANSFERSYNTAX *ts; if ((lst == NULL) || (*lst == NULL)) return; while ((pc = (DUL_PRESENTATIONCONTEXT*) LST_Dequeue(lst)) != NULL) { if (pc->proposedTransferSyntax != NULL) { while ((ts = (DUL_TRANSFERSYNTAX*) LST_Dequeue(&pc->proposedTransferSyntax)) != NULL) { free(ts); } LST_Destroy(&pc->proposedTransferSyntax); } free(pc); } LST_Destroy(lst); }",visit repo url,dcmnet/libsrc/assoc.cc,https://github.com/DCMTK/dcmtk,73151011640585,1 2163,CWE-326,"static u32 __ipv6_select_ident(struct net *net, u32 hashrnd, const struct in6_addr *dst, const struct in6_addr *src) { u32 hash, id; hash = __ipv6_addr_jhash(dst, hashrnd); hash = __ipv6_addr_jhash(src, hash); hash ^= net_hash_mix(net); id = ip_idents_reserve(hash, 1); if (unlikely(!id)) id = 1 << 31; return id; }",visit repo url,net/ipv6/output_core.c,https://github.com/torvalds/linux,280656404100674,1 6238,CWE-190,"void fp8_write_bin(uint8_t *bin, int len, const fp8_t a) { if (len != 8 * RLC_FP_BYTES) { RLC_THROW(ERR_NO_BUFFER); return; } fp4_write_bin(bin, 4 * RLC_FP_BYTES, a[0]); fp4_write_bin(bin + 4 * RLC_FP_BYTES, 4 * RLC_FP_BYTES, a[1]); }",visit repo url,src/fpx/relic_fpx_util.c,https://github.com/relic-toolkit/relic,88382421142838,1 1421,CWE-310,"static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg) { struct crypto_report_rng rrng; snprintf(rrng.type, CRYPTO_MAX_ALG_NAME, ""%s"", ""rng""); rrng.seedsize = alg->cra_rng.seedsize; if (nla_put(skb, CRYPTOCFGA_REPORT_RNG, sizeof(struct crypto_report_rng), &rrng)) goto nla_put_failure; return 0; nla_put_failure: return -EMSGSIZE; }",visit repo url,crypto/rng.c,https://github.com/torvalds/linux,181708372934514,1 3444,CWE-134,"int http_connect(int sockfd, const char *host, int port, AyProxyData *proxy) { char cmd[512]; char *inputline = NULL; char *proxy_auth = NULL; char debug_buff[512]; int remaining = sizeof(cmd) - 1; remaining -= snprintf(cmd, sizeof(cmd), ""CONNECT %s:%d HTTP/1.1\r\n"", host, port); if (proxy->username && proxy->username[0]) { proxy_auth = encode_proxy_auth_str(proxy); strncat(cmd, ""Proxy-Authorization: Basic "", remaining); remaining -= 27; strncat(cmd, proxy_auth, remaining); remaining -= strlen(proxy_auth); strncat(cmd, ""\r\n"", remaining); remaining -= 2; } strncat(cmd, ""\r\n"", remaining); #ifndef DEBUG snprintf(debug_buff, sizeof(debug_buff), ""<%s>\n"", cmd); debug_print(debug_buff); #endif if (send(sockfd, cmd, strlen(cmd), 0) < 0) return AY_CONNECTION_REFUSED; if (ay_recv_line(sockfd, &inputline) < 0) return AY_CONNECTION_REFUSED; #ifndef DEBUG snprintf(debug_buff, sizeof(debug_buff), ""<%s>\n"", inputline); debug_print(debug_buff); #endif if (!strstr(inputline, ""200"")) { if (strstr(inputline, ""407"")) { while (ay_recv_line(sockfd, &inputline) > 0) { free(inputline); } return AY_PROXY_AUTH_REQUIRED; } if (strstr(inputline, ""403"")) { while (ay_recv_line(sockfd, &inputline) > 0) { free(inputline); } return AY_PROXY_PERMISSION_DENIED; } free(inputline); return AY_CONNECTION_REFUSED; } while (strlen(inputline) > 1) { free(inputline); if (ay_recv_line(sockfd, &inputline) < 0) { return AY_CONNECTION_REFUSED; } #ifndef DEBUG snprintf(debug_buff, sizeof(debug_buff), ""<%s>\n"", inputline); debug_print(debug_buff); #endif } free(inputline); g_free(proxy_auth); return 0; }",visit repo url,libproxy/proxy.c,https://github.com/ayttm/ayttm,259555555743730,1 6523,CWE-125,"MOBI_RET mobi_find_attrvalue(MOBIResult *result, const unsigned char *data_start, const unsigned char *data_end, const MOBIFiletype type, const char *needle) { if (!result) { debug_print(""Result structure is null%s"", ""\n""); return MOBI_PARAM_ERR; } result->start = result->end = NULL; *(result->value) = '\0'; if (!data_start || !data_end) { debug_print(""Data is null%s"", ""\n""); return MOBI_PARAM_ERR; } size_t needle_length = strlen(needle); if (needle_length > MOBI_ATTRNAME_MAXSIZE) { debug_print(""Attribute too long: %zu\n"", needle_length); return MOBI_PARAM_ERR; } if (data_start + needle_length > data_end) { return MOBI_SUCCESS; } unsigned char *data = (unsigned char *) data_start; unsigned char tag_open; unsigned char tag_close; if (type == T_CSS) { tag_open = '{'; tag_close = '}'; } else { tag_open = '<'; tag_close = '>'; } unsigned char last_border = tag_close; while (data <= data_end) { if (*data == tag_open || *data == tag_close) { last_border = *data; } if (data + needle_length <= data_end && memcmp(data, needle, needle_length) == 0) { if (last_border != tag_open) { data += needle_length; continue; } while (data >= data_start && !isspace(*data) && *data != tag_open && *data != '=' && *data != '(') { data--; } result->is_url = (*data == '('); result->start = ++data; int i = 0; while (data <= data_end && !isspace(*data) && *data != tag_close && *data != ')' && i < MOBI_ATTRVALUE_MAXSIZE) { result->value[i++] = (char) *data++; } if (*(data - 1) == '/' && *data == '>') { --data; --i; } result->end = data; result->value[i] = '\0'; return MOBI_SUCCESS; } data++; } return MOBI_SUCCESS; }",visit repo url,src/parse_rawml.c,https://github.com/bfabiszewski/libmobi,155008125335358,1 5423,CWE-190,"_libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, size_t datalen, int macstate) { int rc = 0; char *message = NULL; char *language = NULL; size_t message_len = 0; size_t language_len = 0; LIBSSH2_CHANNEL *channelp = NULL; size_t data_head = 0; unsigned char msg = data[0]; switch(session->packAdd_state) { case libssh2_NB_state_idle: _libssh2_debug(session, LIBSSH2_TRACE_TRANS, ""Packet type %d received, length=%d"", (int) msg, (int) datalen); if((macstate == LIBSSH2_MAC_INVALID) && (!session->macerror || LIBSSH2_MACERROR(session, (char *) data, datalen))) { LIBSSH2_FREE(session, data); return _libssh2_error(session, LIBSSH2_ERROR_INVALID_MAC, ""Invalid MAC received""); } session->packAdd_state = libssh2_NB_state_allocated; break; case libssh2_NB_state_jump1: goto libssh2_packet_add_jump_point1; case libssh2_NB_state_jump2: goto libssh2_packet_add_jump_point2; case libssh2_NB_state_jump3: goto libssh2_packet_add_jump_point3; case libssh2_NB_state_jump4: goto libssh2_packet_add_jump_point4; case libssh2_NB_state_jump5: goto libssh2_packet_add_jump_point5; default: break; } if(session->packAdd_state == libssh2_NB_state_allocated) { switch(msg) { case SSH_MSG_DISCONNECT: if(datalen >= 5) { size_t reason = _libssh2_ntohu32(data + 1); if(datalen >= 9) { message_len = _libssh2_ntohu32(data + 5); if(message_len < datalen-13) { message = (char *) data + 9; language_len = _libssh2_ntohu32(data + 9 + message_len); language = (char *) data + 9 + message_len + 4; if(language_len > (datalen-13-message_len)) { language = message = NULL; language_len = message_len = 0; } } else message_len = 0; } if(session->ssh_msg_disconnect) { LIBSSH2_DISCONNECT(session, reason, message, message_len, language, language_len); } _libssh2_debug(session, LIBSSH2_TRACE_TRANS, ""Disconnect(%d): %s(%s)"", reason, message, language); } LIBSSH2_FREE(session, data); session->socket_state = LIBSSH2_SOCKET_DISCONNECTED; session->packAdd_state = libssh2_NB_state_idle; return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT, ""socket disconnect""); case SSH_MSG_IGNORE: if(datalen >= 2) { if(session->ssh_msg_ignore) { LIBSSH2_IGNORE(session, (char *) data + 1, datalen - 1); } } else if(session->ssh_msg_ignore) { LIBSSH2_IGNORE(session, """", 0); } LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return 0; case SSH_MSG_DEBUG: if(datalen >= 2) { int always_display = data[1]; if(datalen >= 6) { message_len = _libssh2_ntohu32(data + 2); if(message_len <= (datalen - 10)) { message = (char *) data + 6; language_len = _libssh2_ntohu32(data + 6 + message_len); if(language_len <= (datalen - 10 - message_len)) language = (char *) data + 10 + message_len; } } if(session->ssh_msg_debug) { LIBSSH2_DEBUG(session, always_display, message, message_len, language, language_len); } } _libssh2_debug(session, LIBSSH2_TRACE_TRANS, ""Debug Packet: %s"", message); LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return 0; case SSH_MSG_GLOBAL_REQUEST: if(datalen >= 5) { uint32_t len = 0; unsigned char want_reply = 0; len = _libssh2_ntohu32(data + 1); if(datalen >= (6 + len)) { want_reply = data[5 + len]; _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""Received global request type %.*s (wr %X)"", len, data + 5, want_reply); } if(want_reply) { static const unsigned char packet = SSH_MSG_REQUEST_FAILURE; libssh2_packet_add_jump_point5: session->packAdd_state = libssh2_NB_state_jump5; rc = _libssh2_transport_send(session, &packet, 1, NULL, 0); if(rc == LIBSSH2_ERROR_EAGAIN) return rc; } } LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return 0; case SSH_MSG_CHANNEL_EXTENDED_DATA: data_head += 4; case SSH_MSG_CHANNEL_DATA: data_head += 9; if(datalen >= data_head) channelp = _libssh2_channel_locate(session, _libssh2_ntohu32(data + 1)); if(!channelp) { _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_UNKNOWN, ""Packet received for unknown channel""); LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return 0; } #ifdef LIBSSH2DEBUG { uint32_t stream_id = 0; if(msg == SSH_MSG_CHANNEL_EXTENDED_DATA) stream_id = _libssh2_ntohu32(data + 5); _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""%d bytes packet_add() for %lu/%lu/%lu"", (int) (datalen - data_head), channelp->local.id, channelp->remote.id, stream_id); } #endif if((channelp->remote.extended_data_ignore_mode == LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE) && (msg == SSH_MSG_CHANNEL_EXTENDED_DATA)) { LIBSSH2_FREE(session, data); _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""Ignoring extended data and refunding %d bytes"", (int) (datalen - 13)); if(channelp->read_avail + datalen - data_head >= channelp->remote.window_size) datalen = channelp->remote.window_size - channelp->read_avail + data_head; channelp->remote.window_size -= datalen - data_head; _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""shrinking window size by %lu bytes to %lu, "" ""read_avail %lu"", datalen - data_head, channelp->remote.window_size, channelp->read_avail); session->packAdd_channelp = channelp; libssh2_packet_add_jump_point1: session->packAdd_state = libssh2_NB_state_jump1; rc = _libssh2_channel_receive_window_adjust(session-> packAdd_channelp, datalen - 13, 1, NULL); if(rc == LIBSSH2_ERROR_EAGAIN) return rc; session->packAdd_state = libssh2_NB_state_idle; return 0; } if(channelp->remote.packet_size < (datalen - data_head)) { _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED, ""Packet contains more data than we offered"" "" to receive, truncating""); datalen = channelp->remote.packet_size + data_head; } if(channelp->remote.window_size <= channelp->read_avail) { _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_WINDOW_EXCEEDED, ""The current receive window is full,"" "" data ignored""); LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return 0; } channelp->remote.eof = 0; if(channelp->read_avail + datalen - data_head > channelp->remote.window_size) { _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_WINDOW_EXCEEDED, ""Remote sent more data than current "" ""window allows, truncating""); datalen = channelp->remote.window_size - channelp->read_avail + data_head; } channelp->read_avail += datalen - data_head; _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""increasing read_avail by %lu bytes to %lu/%lu"", (long)(datalen - data_head), (long)channelp->read_avail, (long)channelp->remote.window_size); break; case SSH_MSG_CHANNEL_EOF: if(datalen >= 5) channelp = _libssh2_channel_locate(session, _libssh2_ntohu32(data + 1)); if(!channelp) ; else { _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""EOF received for channel %lu/%lu"", channelp->local.id, channelp->remote.id); channelp->remote.eof = 1; } LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return 0; case SSH_MSG_CHANNEL_REQUEST: if(datalen >= 9) { uint32_t channel = _libssh2_ntohu32(data + 1); uint32_t len = _libssh2_ntohu32(data + 5); unsigned char want_reply = 1; if((len + 9) < datalen) want_reply = data[len + 9]; _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""Channel %d received request type %.*s (wr %X)"", channel, len, data + 9, want_reply); if(len == sizeof(""exit-status"") - 1 && (sizeof(""exit-status"") - 1 + 9) <= datalen && !memcmp(""exit-status"", data + 9, sizeof(""exit-status"") - 1)) { if(datalen >= 20) channelp = _libssh2_channel_locate(session, channel); if(channelp && (sizeof(""exit-status"") + 13) <= datalen) { channelp->exit_status = _libssh2_ntohu32(data + 9 + sizeof(""exit-status"")); _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""Exit status %lu received for "" ""channel %lu/%lu"", channelp->exit_status, channelp->local.id, channelp->remote.id); } } else if(len == sizeof(""exit-signal"") - 1 && (sizeof(""exit-signal"") - 1 + 9) <= datalen && !memcmp(""exit-signal"", data + 9, sizeof(""exit-signal"") - 1)) { if(datalen >= 20) channelp = _libssh2_channel_locate(session, channel); if(channelp && (sizeof(""exit-signal"") + 13) <= datalen) { uint32_t namelen = _libssh2_ntohu32(data + 9 + sizeof(""exit-signal"")); if(namelen <= UINT_MAX - 1) { channelp->exit_signal = LIBSSH2_ALLOC(session, namelen + 1); } else { channelp->exit_signal = NULL; } if(!channelp->exit_signal) rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ""memory for signal name""); else if((sizeof(""exit-signal"") + 13 + namelen <= datalen)) { memcpy(channelp->exit_signal, data + 13 + sizeof(""exit-signal""), namelen); channelp->exit_signal[namelen] = '\0'; _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""Exit signal %s received for "" ""channel %lu/%lu"", channelp->exit_signal, channelp->local.id, channelp->remote.id); } } } if(want_reply) { unsigned char packet[5]; libssh2_packet_add_jump_point4: session->packAdd_state = libssh2_NB_state_jump4; packet[0] = SSH_MSG_CHANNEL_FAILURE; memcpy(&packet[1], data + 1, 4); rc = _libssh2_transport_send(session, packet, 5, NULL, 0); if(rc == LIBSSH2_ERROR_EAGAIN) return rc; } } LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return rc; case SSH_MSG_CHANNEL_CLOSE: if(datalen >= 5) channelp = _libssh2_channel_locate(session, _libssh2_ntohu32(data + 1)); if(!channelp) { LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return 0; } _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""Close received for channel %lu/%lu"", channelp->local.id, channelp->remote.id); channelp->remote.close = 1; channelp->remote.eof = 1; LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return 0; case SSH_MSG_CHANNEL_OPEN: if(datalen < 17) ; else if((datalen >= (sizeof(""forwarded-tcpip"") + 4)) && ((sizeof(""forwarded-tcpip"") - 1) == _libssh2_ntohu32(data + 1)) && (memcmp(data + 5, ""forwarded-tcpip"", sizeof(""forwarded-tcpip"") - 1) == 0)) { memset(&session->packAdd_Qlstn_state, 0, sizeof(session->packAdd_Qlstn_state)); libssh2_packet_add_jump_point2: session->packAdd_state = libssh2_NB_state_jump2; rc = packet_queue_listener(session, data, datalen, &session->packAdd_Qlstn_state); } else if((datalen >= (sizeof(""x11"") + 4)) && ((sizeof(""x11"") - 1) == _libssh2_ntohu32(data + 1)) && (memcmp(data + 5, ""x11"", sizeof(""x11"") - 1) == 0)) { memset(&session->packAdd_x11open_state, 0, sizeof(session->packAdd_x11open_state)); libssh2_packet_add_jump_point3: session->packAdd_state = libssh2_NB_state_jump3; rc = packet_x11_open(session, data, datalen, &session->packAdd_x11open_state); } if(rc == LIBSSH2_ERROR_EAGAIN) return rc; LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return rc; case SSH_MSG_CHANNEL_WINDOW_ADJUST: if(datalen < 9) ; else { uint32_t bytestoadd = _libssh2_ntohu32(data + 5); channelp = _libssh2_channel_locate(session, _libssh2_ntohu32(data + 1)); if(channelp) { channelp->local.window_size += bytestoadd; _libssh2_debug(session, LIBSSH2_TRACE_CONN, ""Window adjust for channel %lu/%lu, "" ""adding %lu bytes, new window_size=%lu"", channelp->local.id, channelp->remote.id, bytestoadd, channelp->local.window_size); } } LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return 0; default: break; } session->packAdd_state = libssh2_NB_state_sent; } if(session->packAdd_state == libssh2_NB_state_sent) { LIBSSH2_PACKET *packetp = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_PACKET)); if(!packetp) { _libssh2_debug(session, LIBSSH2_ERROR_ALLOC, ""memory for packet""); LIBSSH2_FREE(session, data); session->packAdd_state = libssh2_NB_state_idle; return LIBSSH2_ERROR_ALLOC; } packetp->data = data; packetp->data_len = datalen; packetp->data_head = data_head; _libssh2_list_add(&session->packets, &packetp->node); session->packAdd_state = libssh2_NB_state_sent1; } if((msg == SSH_MSG_KEXINIT && !(session->state & LIBSSH2_STATE_EXCHANGING_KEYS)) || (session->packAdd_state == libssh2_NB_state_sent2)) { if(session->packAdd_state == libssh2_NB_state_sent1) { _libssh2_debug(session, LIBSSH2_TRACE_TRANS, ""Renegotiating Keys""); session->packAdd_state = libssh2_NB_state_sent2; } session->readPack_state = libssh2_NB_state_idle; session->packet.total_num = 0; session->packAdd_state = libssh2_NB_state_idle; session->fullpacket_state = libssh2_NB_state_idle; memset(&session->startup_key_state, 0, sizeof(key_exchange_state_t)); rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state); if(rc == LIBSSH2_ERROR_EAGAIN) return rc; } session->packAdd_state = libssh2_NB_state_idle; return 0; }",visit repo url,src/packet.c,https://github.com/libssh2/libssh2,101885688565209,1 2494,CWE-190,"static int getnum (lua_State *L, const char **fmt, int df) { if (!isdigit(**fmt)) return df; else { int a = 0; do { if (a > (INT_MAX / 10) || a * 10 > (INT_MAX - (**fmt - '0'))) luaL_error(L, ""integral size overflow""); a = a*10 + *((*fmt)++) - '0'; } while (isdigit(**fmt)); return a; } }",visit repo url,deps/lua/src/lua_struct.c,https://github.com/antirez/redis,73727277879910,1 2493,['CWE-119'],"static int show_modified(struct oneway_unpack_data *cbdata, struct cache_entry *old, struct cache_entry *new, int report_missing, int cached, int match_missing) { unsigned int mode, oldmode; const unsigned char *sha1; struct rev_info *revs = cbdata->revs; if (get_stat_data(new, &sha1, &mode, cached, match_missing, cbdata) < 0) { if (report_missing) diff_index_show_file(revs, ""-"", old, old->sha1, old->ce_mode); return -1; } if (revs->combine_merges && !cached && (hashcmp(sha1, old->sha1) || hashcmp(old->sha1, new->sha1))) { struct combine_diff_path *p; int pathlen = ce_namelen(new); p = xmalloc(combine_diff_path_size(2, pathlen)); p->path = (char *) &p->parent[2]; p->next = NULL; p->len = pathlen; memcpy(p->path, new->name, pathlen); p->path[pathlen] = 0; p->mode = mode; hashclr(p->sha1); memset(p->parent, 0, 2 * sizeof(struct combine_diff_parent)); p->parent[0].status = DIFF_STATUS_MODIFIED; p->parent[0].mode = new->ce_mode; hashcpy(p->parent[0].sha1, new->sha1); p->parent[1].status = DIFF_STATUS_MODIFIED; p->parent[1].mode = old->ce_mode; hashcpy(p->parent[1].sha1, old->sha1); show_combined_diff(p, 2, revs->dense_combined_merges, revs); free(p); return 0; } oldmode = old->ce_mode; if (mode == oldmode && !hashcmp(sha1, old->sha1) && !DIFF_OPT_TST(&revs->diffopt, FIND_COPIES_HARDER)) return 0; diff_change(&revs->diffopt, oldmode, mode, old->sha1, sha1, old->name); return 0; }",git,,,53246825925114855388982958584843505134,0 1849,['CWE-189'],"gnutls_handshake (gnutls_session_t session) { int ret; if ((ret = _gnutls_handshake_hash_init (session)) < 0) { gnutls_assert (); return ret; } if (session->security_parameters.entity == GNUTLS_CLIENT) { ret = _gnutls_handshake_client (session); } else { ret = _gnutls_handshake_server (session); } if (ret < 0) { if (_gnutls_abort_handshake (session, ret) == 0) STATE = STATE0; return ret; } ret = _gnutls_handshake_common (session); if (ret < 0) { if (_gnutls_abort_handshake (session, ret) == 0) STATE = STATE0; return ret; } STATE = STATE0; _gnutls_handshake_io_buffer_clear (session); _gnutls_handshake_internal_state_clear (session); return 0; }",gnutls,,,95372876226441166284213445037741180255,0 6088,['CWE-200'],"static void cbq_ovl_classic(struct cbq_class *cl) { struct cbq_sched_data *q = qdisc_priv(cl->qdisc); psched_tdiff_t delay = PSCHED_TDIFF(cl->undertime, q->now); if (!cl->delayed) { delay += cl->offtime; if (cl->avgidle < 0) delay -= (-cl->avgidle) - ((-cl->avgidle) >> cl->ewma_log); if (cl->avgidle < cl->minidle) cl->avgidle = cl->minidle; if (delay <= 0) delay = 1; PSCHED_TADD2(q->now, delay, cl->undertime); cl->xstats.overactions++; cl->delayed = 1; } if (q->wd_expires == 0 || q->wd_expires > delay) q->wd_expires = delay; if (q->toplevel == TC_CBQ_MAXLEVEL) { struct cbq_class *b; psched_tdiff_t base_delay = q->wd_expires; for (b = cl->borrow; b; b = b->borrow) { delay = PSCHED_TDIFF(b->undertime, q->now); if (delay < base_delay) { if (delay <= 0) delay = 1; base_delay = delay; } } q->wd_expires = base_delay; } }",linux-2.6,,,179011273051915238623033606902008011992,0 1919,['CWE-20'],"static struct page *new_page_node(struct page *p, unsigned long private, int **result) { struct page_to_node *pm = (struct page_to_node *)private; while (pm->node != MAX_NUMNODES && pm->page != p) pm++; if (pm->node == MAX_NUMNODES) return NULL; *result = &pm->status; return alloc_pages_node(pm->node, GFP_HIGHUSER_MOVABLE | GFP_THISNODE, 0); }",linux-2.6,,,285217743974090297398919950223638044164,0 1028,CWE-20,"static bool generic_new(struct nf_conn *ct, const struct sk_buff *skb, unsigned int dataoff, unsigned int *timeouts) { return true; }",visit repo url,net/netfilter/nf_conntrack_proto_generic.c,https://github.com/torvalds/linux,97414003936761,1 912,CWE-20,"static int vapic_enter(struct kvm_vcpu *vcpu) { struct kvm_lapic *apic = vcpu->arch.apic; struct page *page; if (!apic || !apic->vapic_addr) return 0; page = gfn_to_page(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT); if (is_error_page(page)) return -EFAULT; vcpu->arch.apic->vapic_page = page; return 0; }",visit repo url,arch/x86/kvm/x86.c,https://github.com/torvalds/linux,26130351100318,1 5001,CWE-125,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 6543,['CWE-200'],"foo_manager_running_cb (NMClient *client, GParamSpec *pspec, gpointer user_data) { NMApplet *applet = NM_APPLET (user_data); if (nm_client_get_manager_running (client)) { g_message (""NM appeared""); } else { g_message (""NM disappeared""); clear_animation_timeout (applet); } applet_schedule_update_icon (applet); }",network-manager-applet,,,108694292629915678456738967883254541667,0 2974,CWE-125,"do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, int swap, uint32_t namesz, uint32_t descsz, size_t noff, size_t doff, int *flags, size_t size, int clazz) { #ifdef ELFCORE int os_style = -1; if ((namesz == 4 && strncmp((char *)&nbuf[noff], ""CORE"", 4) == 0) || (namesz == 5 && strcmp((char *)&nbuf[noff], ""CORE"") == 0)) { os_style = OS_STYLE_SVR4; } if ((namesz == 8 && strcmp((char *)&nbuf[noff], ""FreeBSD"") == 0)) { os_style = OS_STYLE_FREEBSD; } if ((namesz >= 11 && strncmp((char *)&nbuf[noff], ""NetBSD-CORE"", 11) == 0)) { os_style = OS_STYLE_NETBSD; } if (os_style != -1 && (*flags & FLAGS_DID_CORE_STYLE) == 0) { if (file_printf(ms, "", %s-style"", os_style_names[os_style]) == -1) return 1; *flags |= FLAGS_DID_CORE_STYLE; *flags |= os_style; } switch (os_style) { case OS_STYLE_NETBSD: if (type == NT_NETBSD_CORE_PROCINFO) { char sbuf[512]; struct NetBSD_elfcore_procinfo pi; memset(&pi, 0, sizeof(pi)); memcpy(&pi, nbuf + doff, descsz); if (file_printf(ms, "", from '%.31s', pid=%u, uid=%u, "" ""gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)"", file_printable(sbuf, sizeof(sbuf), RCAST(char *, pi.cpi_name)), elf_getu32(swap, (uint32_t)pi.cpi_pid), elf_getu32(swap, pi.cpi_euid), elf_getu32(swap, pi.cpi_egid), elf_getu32(swap, pi.cpi_nlwps), elf_getu32(swap, (uint32_t)pi.cpi_siglwp), elf_getu32(swap, pi.cpi_signo), elf_getu32(swap, pi.cpi_sigcode)) == -1) return 1; *flags |= FLAGS_DID_CORE; return 1; } break; case OS_STYLE_FREEBSD: if (type == NT_PRPSINFO && *flags & FLAGS_IS_CORE) { size_t argoff, pidoff; if (clazz == ELFCLASS32) argoff = 4 + 4 + 17; else argoff = 4 + 4 + 8 + 17; if (file_printf(ms, "", from '%.80s'"", nbuf + doff + argoff) == -1) return 1; pidoff = argoff + 81 + 2; if (doff + pidoff + 4 <= size) { if (file_printf(ms, "", pid=%u"", elf_getu32(swap, *RCAST(uint32_t *, (nbuf + doff + pidoff)))) == -1) return 1; } *flags |= FLAGS_DID_CORE; } break; default: if (type == NT_PRPSINFO && *flags & FLAGS_IS_CORE) { size_t i, j; unsigned char c; for (i = 0; i < NOFFSETS; i++) { unsigned char *cname, *cp; size_t reloffset = prpsoffsets(i); size_t noffset = doff + reloffset; size_t k; for (j = 0; j < 16; j++, noffset++, reloffset++) { if (noffset >= size) goto tryanother; if (reloffset >= descsz) goto tryanother; c = nbuf[noffset]; if (c == '\0') { if (j == 0) goto tryanother; else break; } else { if (!isprint(c) || isquote(c)) goto tryanother; } } for (k = i + 1 ; k < NOFFSETS; k++) { size_t no; int adjust = 1; if (prpsoffsets(k) >= prpsoffsets(i)) continue; for (no = doff + prpsoffsets(k); no < doff + prpsoffsets(i); no++) adjust = adjust && isprint(nbuf[no]); if (adjust) i = k; } cname = (unsigned char *) &nbuf[doff + prpsoffsets(i)]; for (cp = cname; cp < nbuf + size && *cp && isprint(*cp); cp++) continue; while (cp > cname && isspace(cp[-1])) cp--; if (file_printf(ms, "", from '%.*s'"", (int)(cp - cname), cname) == -1) return 1; *flags |= FLAGS_DID_CORE; return 1; tryanother: ; } } break; } #endif return 0; }",visit repo url,src/readelf.c,https://github.com/file/file,237070895564746,1 1059,['CWE-20'],"void srcu_init_notifier_head(struct srcu_notifier_head *nh) { mutex_init(&nh->mutex); if (init_srcu_struct(&nh->srcu) < 0) BUG(); nh->head = NULL; }",linux-2.6,,,135788440705079704083238783130239715609,0 3484,['CWE-20'],"static struct sctp_sackhdr *sctp_sm_pull_sack(struct sctp_chunk *chunk) { struct sctp_sackhdr *sack; unsigned int len; __u16 num_blocks; __u16 num_dup_tsns; sack = (struct sctp_sackhdr *) chunk->skb->data; num_blocks = ntohs(sack->num_gap_ack_blocks); num_dup_tsns = ntohs(sack->num_dup_tsns); len = sizeof(struct sctp_sackhdr); len += (num_blocks + num_dup_tsns) * sizeof(__u32); if (len > chunk->skb->len) return NULL; skb_pull(chunk->skb, len); return sack; }",linux-2.6,,,38913243193811161918666754631810077612,0 3507,['CWE-20'],"static sctp_disposition_t sctp_sf_do_unexpected_init( const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { sctp_disposition_t retval; struct sctp_chunk *chunk = arg; struct sctp_chunk *repl; struct sctp_association *new_asoc; struct sctp_chunk *err_chunk; struct sctp_packet *packet; sctp_unrecognized_param_t *unk_param; int len; if (!chunk->singleton) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (chunk->sctp_hdr->vtag != 0) return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_init_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); chunk->subh.init_hdr = (sctp_inithdr_t *) chunk->skb->data; chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(sctp_inithdr_t)); err_chunk = NULL; if (!sctp_verify_init(asoc, chunk->chunk_hdr->type, (sctp_init_chunk_t *)chunk->chunk_hdr, chunk, &err_chunk)) { if (err_chunk) { packet = sctp_abort_pkt_new(ep, asoc, arg, (__u8 *)(err_chunk->chunk_hdr) + sizeof(sctp_chunkhdr_t), ntohs(err_chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t)); if (packet) { sctp_add_cmd_sf(commands, SCTP_CMD_SEND_PKT, SCTP_PACKET(packet)); SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); retval = SCTP_DISPOSITION_CONSUME; } else { retval = SCTP_DISPOSITION_NOMEM; } goto cleanup; } else { return sctp_sf_tabort_8_4_8(ep, asoc, type, arg, commands); } } new_asoc = sctp_make_temp_asoc(ep, chunk, GFP_ATOMIC); if (!new_asoc) goto nomem; if (!sctp_process_init(new_asoc, chunk->chunk_hdr->type, sctp_source(chunk), (sctp_init_chunk_t *)chunk->chunk_hdr, GFP_ATOMIC)) goto nomem; if (!sctp_state(asoc, COOKIE_WAIT)) { if (!sctp_sf_check_restart_addrs(new_asoc, asoc, chunk, commands)) { retval = SCTP_DISPOSITION_CONSUME; goto nomem_retval; } } sctp_tietags_populate(new_asoc, asoc); len = 0; if (err_chunk) { len = ntohs(err_chunk->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); } if (sctp_assoc_set_bind_addr_from_ep(new_asoc, GFP_ATOMIC) < 0) goto nomem; repl = sctp_make_init_ack(new_asoc, chunk, GFP_ATOMIC, len); if (!repl) goto nomem; if (err_chunk) { unk_param = (sctp_unrecognized_param_t *) ((__u8 *)(err_chunk->chunk_hdr) + sizeof(sctp_chunkhdr_t)); sctp_addto_chunk(repl, len, unk_param); } sctp_add_cmd_sf(commands, SCTP_CMD_NEW_ASOC, SCTP_ASOC(new_asoc)); sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); sctp_add_cmd_sf(commands, SCTP_CMD_DELETE_TCB, SCTP_NULL()); retval = SCTP_DISPOSITION_CONSUME; return retval; nomem: retval = SCTP_DISPOSITION_NOMEM; nomem_retval: if (new_asoc) sctp_association_free(new_asoc); cleanup: if (err_chunk) sctp_chunk_free(err_chunk); return retval; }",linux-2.6,,,102305274864570996930010969113112597146,0 3226,['CWE-189'],"static void jas_cmshapmatlut_init(jas_cmshapmatlut_t *lut) { lut->data = 0; lut->size = 0; }",jasper,,,209754905708088319666536067031818360092,0 432,[],"pfm_debug(pfm_context_t *ctx, void *arg, int count, struct pt_regs *regs) { unsigned int m = *(unsigned int *)arg; pfm_sysctl.debug = m == 0 ? 0 : 1; printk(KERN_INFO ""perfmon debugging %s (timing reset)\n"", pfm_sysctl.debug ? ""on"" : ""off""); if (m == 0) { memset(pfm_stats, 0, sizeof(pfm_stats)); for(m=0; m < NR_CPUS; m++) pfm_stats[m].pfm_ovfl_intr_cycles_min = ~0UL; } return 0; }",linux-2.6,,,64728065873859046094634544206538406835,0 4252,['CWE-119'],"sctp_disposition_t sctp_sf_backbeat_8_3(const struct sctp_endpoint *ep, const struct sctp_association *asoc, const sctp_subtype_t type, void *arg, sctp_cmd_seq_t *commands) { struct sctp_chunk *chunk = arg; union sctp_addr from_addr; struct sctp_transport *link; sctp_sender_hb_info_t *hbinfo; unsigned long max_interval; if (!sctp_vtag_verify(chunk, asoc)) return sctp_sf_pdiscard(ep, asoc, type, arg, commands); if (!sctp_chunk_length_valid(chunk, sizeof(sctp_heartbeat_chunk_t))) return sctp_sf_violation_chunklen(ep, asoc, type, arg, commands); hbinfo = (sctp_sender_hb_info_t *) chunk->skb->data; if (ntohs(hbinfo->param_hdr.length) != sizeof(sctp_sender_hb_info_t)) { return SCTP_DISPOSITION_DISCARD; } from_addr = hbinfo->daddr; link = sctp_assoc_lookup_paddr(asoc, &from_addr); if (unlikely(!link)) { if (from_addr.sa.sa_family == AF_INET6) { if (net_ratelimit()) printk(KERN_WARNING ""%s association %p could not find address %pI6\n"", __func__, asoc, &from_addr.v6.sin6_addr); } else { if (net_ratelimit()) printk(KERN_WARNING ""%s association %p could not find address %pI4\n"", __func__, asoc, &from_addr.v4.sin_addr.s_addr); } return SCTP_DISPOSITION_DISCARD; } if (hbinfo->hb_nonce != link->hb_nonce) return SCTP_DISPOSITION_DISCARD; max_interval = link->hbinterval + link->rto; if (time_after(hbinfo->sent_at, jiffies) || time_after(jiffies, hbinfo->sent_at + max_interval)) { SCTP_DEBUG_PRINTK(""%s: HEARTBEAT ACK with invalid timestamp "" ""received for transport: %p\n"", __func__, link); return SCTP_DISPOSITION_DISCARD; } sctp_add_cmd_sf(commands, SCTP_CMD_TRANSPORT_ON, SCTP_TRANSPORT(link)); return SCTP_DISPOSITION_CONSUME; }",linux-2.6,,,44940551542109324918183594285932101180,0 4185,CWE-476,"rfbReleaseClientIterator(rfbClientIteratorPtr iterator) { if(iterator->next) rfbDecrClientRef(iterator->next); free(iterator); }",visit repo url,libvncserver/rfbserver.c,https://github.com/LibVNC/libvncserver,80593074391236,1 1868,['CWE-189'],"is_write_comp_null (gnutls_session_t session) { if (session->security_parameters.write_compression_algorithm == GNUTLS_COMP_NULL) return 0; return 1; }",gnutls,,,24817571868659709318693835142680942837,0 6469,[],"canonicalize_path (const char *path, char **pcanonical) { char *canonical = 0; assert (path && *path); assert (pcanonical); canonical = MALLOC (char, 1+ LT_STRLEN (path)); if (!canonical) return 1; { size_t dest = 0; size_t src; for (src = 0; path[src] != LT_EOS_CHAR; ++src) { if (path[src] == LT_PATHSEP_CHAR) { if ((dest == 0) || (path[1+ src] == LT_PATHSEP_CHAR) || (path[1+ src] == LT_EOS_CHAR)) continue; } if ((path[src] != '/') #if defined(LT_DIRSEP_CHAR) && (path[src] != LT_DIRSEP_CHAR) #endif ) { canonical[dest++] = path[src]; } else if ((path[1+ src] != LT_PATHSEP_CHAR) && (path[1+ src] != LT_EOS_CHAR) #if defined(LT_DIRSEP_CHAR) && (path[1+ src] != LT_DIRSEP_CHAR) #endif && (path[1+ src] != '/')) { canonical[dest++] = '/'; } } canonical[dest] = LT_EOS_CHAR; } *pcanonical = canonical; return 0; }",libtool,,,288900925283859787527997112547379457885,0 5815,['CWE-200'],"static int ltalk_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) { if (!net_eq(dev_net(dev), &init_net)) goto freeit; if (skb_mac_header(skb)[2] == 1) { struct ddpehdr *ddp; struct atalk_addr *ap = atalk_find_dev_addr(dev); if (!ap || skb->len < sizeof(__be16) || skb->len > 1023) goto freeit; if (!(skb = skb_share_check(skb, GFP_ATOMIC))) return 0; ddp = (struct ddpehdr *) skb_push(skb, sizeof(*ddp) - 4); ddp->deh_dnode = skb_mac_header(skb)[0]; ddp->deh_snode = skb_mac_header(skb)[1]; ddp->deh_dnet = ap->s_net; ddp->deh_snet = ap->s_net; ddp->deh_sum = 0; ddp->deh_len_hops = htons(skb->len + (DDP_MAXHOPS << 10)); } skb_reset_transport_header(skb); return atalk_rcv(skb, dev, pt, orig_dev); freeit: kfree_skb(skb); return 0; }",linux-2.6,,,69627556021977642712489466681131323129,0 4361,['CWE-399'],"long keyctl_get_keyring_ID(key_serial_t id, int create) { key_ref_t key_ref; long ret; key_ref = lookup_user_key(id, create, 0, KEY_SEARCH); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); goto error; } ret = key_ref_to_ptr(key_ref)->serial; key_ref_put(key_ref); error: return ret; } ",linux-2.6,,,309732032800556773296527265540903643318,0 3963,['CWE-362'],"static inline __s32 inotify_find_update_watch(struct inotify_handle *ih, struct inode *inode, u32 mask) { return -EOPNOTSUPP; }",linux-2.6,,,129329883160602415245425625676895762757,0 3309,CWE-476,"smb_flush_file(struct smb_request *sr, struct smb_ofile *ofile) { sr->user_cr = smb_ofile_getcred(ofile); if ((ofile->f_node->flags & NODE_FLAGS_WRITE_THROUGH) == 0) (void) smb_fsop_commit(sr, sr->user_cr, ofile->f_node); }",visit repo url,usr/src/uts/common/fs/smbsrv/smb_flush.c,https://github.com/illumos/illumos-gate,115165781663886,1 5002,CWE-191,"cssp_read_tsrequest(STREAM token, STREAM pubkey) { STREAM s; int length; int tagval; s = tcp_recv(NULL, 4); if (s == NULL) return False; if (s->p[0] != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) { logger(Protocol, Error, ""cssp_read_tsrequest(), expected BER_TAG_SEQUENCE|BER_TAG_CONSTRUCTED, got %x"", s->p[0]); return False; } if (s->p[1] < 0x80) length = s->p[1] - 2; else if (s->p[1] == 0x81) length = s->p[2] - 1; else if (s->p[1] == 0x82) length = (s->p[2] << 8) | s->p[3]; else return False; s = tcp_recv(s, length); if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; in_uint8s(s, length); if (token) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; token->end = token->p = token->data; out_uint8p(token, s->p, length); s_mark_end(token); } if (pubkey) { if (!ber_in_header(s, &tagval, &length) || tagval != (BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3)) return False; if (!ber_in_header(s, &tagval, &length) || tagval != BER_TAG_OCTET_STRING) return False; pubkey->data = pubkey->p = s->p; pubkey->end = pubkey->data + length; pubkey->size = length; } return True; }",visit repo url,cssp.c,https://github.com/rdesktop/rdesktop,152680878401651,1 5509,CWE-125,"fp_readl(char *s, int size, struct tok_state *tok) { PyObject* bufobj; const char *buf; Py_ssize_t buflen; assert(size > 0); size--; if (tok->decoding_buffer) { bufobj = tok->decoding_buffer; Py_INCREF(bufobj); } else { bufobj = PyObject_CallObject(tok->decoding_readline, NULL); if (bufobj == NULL) goto error; } if (PyUnicode_CheckExact(bufobj)) { buf = PyUnicode_AsUTF8AndSize(bufobj, &buflen); if (buf == NULL) { goto error; } } else { buf = PyByteArray_AsString(bufobj); if (buf == NULL) { goto error; } buflen = PyByteArray_GET_SIZE(bufobj); } Py_XDECREF(tok->decoding_buffer); if (buflen > size) { tok->decoding_buffer = PyByteArray_FromStringAndSize(buf+size, buflen-size); if (tok->decoding_buffer == NULL) goto error; buflen = size; } else tok->decoding_buffer = NULL; memcpy(s, buf, buflen); s[buflen] = '\0'; if (buflen == 0) s = NULL; Py_DECREF(bufobj); return s; error: Py_XDECREF(bufobj); return error_ret(tok); }",visit repo url,ast3/Parser/tokenizer.c,https://github.com/python/typed_ast,48160380069365,1 3012,['CWE-189'],"static void pirlvl_destroy(jpc_pirlvl_t *rlvl) { if (rlvl->prclyrnos) { jas_free(rlvl->prclyrnos); } }",jasper,,,309009726125995660591100130696478065259,0 4372,['CWE-264'],"static void __lock_sock(struct sock *sk) { DEFINE_WAIT(wait); for (;;) { prepare_to_wait_exclusive(&sk->sk_lock.wq, &wait, TASK_UNINTERRUPTIBLE); spin_unlock_bh(&sk->sk_lock.slock); schedule(); spin_lock_bh(&sk->sk_lock.slock); if (!sock_owned_by_user(sk)) break; } finish_wait(&sk->sk_lock.wq, &wait); }",linux-2.6,,,273361999007387339527411825269535171383,0 3935,['CWE-362'],"static inline __s32 inotify_find_watch(struct inotify_handle *ih, struct inode *inode, struct inotify_watch **watchp) { return -EOPNOTSUPP; }",linux-2.6,,,196476253226070728648464012068905592697,0 4150,CWE-416,"xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, const xmlChar *name, const xmlChar *value) { xmlChar *ret, *dst; const xmlChar *src; xmlAttributePtr attrDecl = NULL; if (doc == NULL) return(NULL); if (elem == NULL) return(NULL); if (name == NULL) return(NULL); if (value == NULL) return(NULL); if ((elem->ns != NULL) && (elem->ns->prefix != NULL)) { xmlChar fn[50]; xmlChar *fullname; fullname = xmlBuildQName(elem->name, elem->ns->prefix, fn, 50); if (fullname == NULL) return(NULL); if ((fullname != fn) && (fullname != elem->name)) xmlFree(fullname); } attrDecl = xmlGetDtdAttrDesc(doc->intSubset, elem->name, name); if ((attrDecl == NULL) && (doc->extSubset != NULL)) attrDecl = xmlGetDtdAttrDesc(doc->extSubset, elem->name, name); if (attrDecl == NULL) return(NULL); if (attrDecl->atype == XML_ATTRIBUTE_CDATA) return(NULL); ret = xmlStrdup(value); if (ret == NULL) return(NULL); src = value; dst = ret; while (*src == 0x20) src++; while (*src != 0) { if (*src == 0x20) { while (*src == 0x20) src++; if (*src != 0) *dst++ = 0x20; } else { *dst++ = *src++; } } *dst = 0; return(ret); }",visit repo url,valid.c,https://github.com/GNOME/libxml2,28750489266090,1 1468,CWE-264,"int perf_pmu_register(struct pmu *pmu, const char *name, int type) { int cpu, ret; mutex_lock(&pmus_lock); ret = -ENOMEM; pmu->pmu_disable_count = alloc_percpu(int); if (!pmu->pmu_disable_count) goto unlock; pmu->type = -1; if (!name) goto skip_type; pmu->name = name; if (type < 0) { type = idr_alloc(&pmu_idr, pmu, PERF_TYPE_MAX, 0, GFP_KERNEL); if (type < 0) { ret = type; goto free_pdc; } } pmu->type = type; if (pmu_bus_running) { ret = pmu_dev_alloc(pmu); if (ret) goto free_idr; } skip_type: pmu->pmu_cpu_context = find_pmu_context(pmu->task_ctx_nr); if (pmu->pmu_cpu_context) goto got_cpu_context; ret = -ENOMEM; pmu->pmu_cpu_context = alloc_percpu(struct perf_cpu_context); if (!pmu->pmu_cpu_context) goto free_dev; for_each_possible_cpu(cpu) { struct perf_cpu_context *cpuctx; cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu); __perf_event_init_context(&cpuctx->ctx); lockdep_set_class(&cpuctx->ctx.mutex, &cpuctx_mutex); lockdep_set_class(&cpuctx->ctx.lock, &cpuctx_lock); cpuctx->ctx.type = cpu_context; cpuctx->ctx.pmu = pmu; __perf_cpu_hrtimer_init(cpuctx, cpu); INIT_LIST_HEAD(&cpuctx->rotation_list); cpuctx->unique_pmu = pmu; } got_cpu_context: if (!pmu->start_txn) { if (pmu->pmu_enable) { pmu->start_txn = perf_pmu_start_txn; pmu->commit_txn = perf_pmu_commit_txn; pmu->cancel_txn = perf_pmu_cancel_txn; } else { pmu->start_txn = perf_pmu_nop_void; pmu->commit_txn = perf_pmu_nop_int; pmu->cancel_txn = perf_pmu_nop_void; } } if (!pmu->pmu_enable) { pmu->pmu_enable = perf_pmu_nop_void; pmu->pmu_disable = perf_pmu_nop_void; } if (!pmu->event_idx) pmu->event_idx = perf_event_idx_default; list_add_rcu(&pmu->entry, &pmus); ret = 0; unlock: mutex_unlock(&pmus_lock); return ret; free_dev: device_del(pmu->dev); put_device(pmu->dev); free_idr: if (pmu->type >= PERF_TYPE_MAX) idr_remove(&pmu_idr, pmu->type); free_pdc: free_percpu(pmu->pmu_disable_count); goto unlock; }",visit repo url,kernel/events/core.c,https://github.com/torvalds/linux,52144838113081,1 2773,['CWE-264'],"sbni_pci_probe( struct net_device *dev ) { struct pci_dev *pdev = NULL; while( (pdev = pci_get_class( PCI_CLASS_NETWORK_OTHER << 8, pdev )) != NULL ) { int pci_irq_line; unsigned long pci_ioaddr; u16 subsys; if( pdev->vendor != SBNI_PCI_VENDOR && pdev->device != SBNI_PCI_DEVICE ) continue; pci_ioaddr = pci_resource_start( pdev, 0 ); pci_irq_line = pdev->irq; if( !request_region( pci_ioaddr, SBNI_IO_EXTENT, dev->name ) ) { pci_read_config_word( pdev, PCI_SUBSYSTEM_ID, &subsys ); if (subsys != 2) continue; if (!request_region(pci_ioaddr += 4, SBNI_IO_EXTENT, dev->name ) ) continue; } if( pci_irq_line <= 0 || pci_irq_line >= NR_IRQS ) printk( KERN_WARNING "" WARNING: The PCI BIOS assigned "" ""this PCI card to IRQ %d, which is unlikely "" ""to work!.\n"" KERN_WARNING "" You should use the PCI BIOS "" ""setup to assign a valid IRQ line.\n"", pci_irq_line ); if( (pci_ioaddr & 7) == 0 && pci_enable_device( pdev ) ) { release_region( pci_ioaddr, SBNI_IO_EXTENT ); pci_dev_put( pdev ); return -EIO; } if( sbni_probe1( dev, pci_ioaddr, pci_irq_line ) ) { SET_NETDEV_DEV(dev, &pdev->dev); pci_dev_put( pdev ); return 0; } } return -ENODEV; }",linux-2.6,,,269715182345101423623429633382343534275,0 1806,CWE-284,"int vfs_open(const struct path *path, struct file *file, const struct cred *cred) { struct dentry *dentry = path->dentry; struct inode *inode = dentry->d_inode; file->f_path = *path; if (dentry->d_flags & DCACHE_OP_SELECT_INODE) { inode = dentry->d_op->d_select_inode(dentry, file->f_flags); if (IS_ERR(inode)) return PTR_ERR(inode); } return do_dentry_open(file, inode, NULL, cred); }",visit repo url,fs/open.c,https://github.com/torvalds/linux,213627798927957,1 4573,['CWE-399'],"static int ext4_inode_is_fast_symlink(struct inode *inode) { int ea_blocks = EXT4_I(inode)->i_file_acl ? (inode->i_sb->s_blocksize >> 9) : 0; return (S_ISLNK(inode->i_mode) && inode->i_blocks - ea_blocks == 0); }",linux-2.6,,,121223521593012254733798178547988285225,0 4026,['CWE-362'],"static struct audit_tree *alloc_tree(const char *s) { struct audit_tree *tree; tree = kmalloc(sizeof(struct audit_tree) + strlen(s) + 1, GFP_KERNEL); if (tree) { atomic_set(&tree->count, 1); tree->goner = 0; INIT_LIST_HEAD(&tree->chunks); INIT_LIST_HEAD(&tree->rules); INIT_LIST_HEAD(&tree->list); INIT_LIST_HEAD(&tree->same_root); tree->root = NULL; strcpy(tree->pathname, s); } return tree; }",linux-2.6,,,9892705080137805291858260181105155498,0 2667,[],"static int sctp_getsockopt_local_addrs_num_old(struct sock *sk, int len, char __user *optval, int __user *optlen) { sctp_assoc_t id; struct sctp_bind_addr *bp; struct sctp_association *asoc; struct sctp_sockaddr_entry *addr; int cnt = 0; if (len < sizeof(sctp_assoc_t)) return -EINVAL; if (copy_from_user(&id, optval, sizeof(sctp_assoc_t))) return -EFAULT; printk(KERN_WARNING ""SCTP: Use of SCTP_GET_LOCAL_ADDRS_NUM_OLD "" ""socket option deprecated\n""); if (0 == id) { bp = &sctp_sk(sk)->ep->base.bind_addr; } else { asoc = sctp_id2assoc(sk, id); if (!asoc) return -EINVAL; bp = &asoc->base.bind_addr; } if (sctp_list_single_entry(&bp->address_list)) { addr = list_entry(bp->address_list.next, struct sctp_sockaddr_entry, list); if (sctp_is_any(&addr->a)) { rcu_read_lock(); list_for_each_entry_rcu(addr, &sctp_local_addr_list, list) { if (!addr->valid) continue; if ((PF_INET == sk->sk_family) && (AF_INET6 == addr->a.sa.sa_family)) continue; if ((PF_INET6 == sk->sk_family) && inet_v6_ipv6only(sk) && (AF_INET == addr->a.sa.sa_family)) continue; cnt++; } rcu_read_unlock(); } else { cnt = 1; } goto done; } list_for_each_entry(addr, &bp->address_list, list) { cnt ++; } done: return cnt; }",linux-2.6,,,111794357216401445242893631100393571798,0 1888,['CWE-20'],"int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) { pud_t *new = pud_alloc_one(mm, address); if (!new) return -ENOMEM; smp_wmb(); spin_lock(&mm->page_table_lock); if (pgd_present(*pgd)) pud_free(mm, new); else pgd_populate(mm, pgd, new); spin_unlock(&mm->page_table_lock); return 0; }",linux-2.6,,,129132179697246719519516779543548152295,0 72,['CWE-787'],"static int cirrus_vga_load(QEMUFile *f, void *opaque, int version_id) { CirrusVGAState *s = opaque; int ret; if (version_id > 2) return -EINVAL; if (s->pci_dev && version_id >= 2) { ret = pci_device_load(s->pci_dev, f); if (ret < 0) return ret; } qemu_get_be32s(f, &s->latch); qemu_get_8s(f, &s->sr_index); qemu_get_buffer(f, s->sr, 256); qemu_get_8s(f, &s->gr_index); qemu_get_8s(f, &s->cirrus_shadow_gr0); qemu_get_8s(f, &s->cirrus_shadow_gr1); s->gr[0x00] = s->cirrus_shadow_gr0 & 0x0f; s->gr[0x01] = s->cirrus_shadow_gr1 & 0x0f; qemu_get_buffer(f, s->gr + 2, 254); qemu_get_8s(f, &s->ar_index); qemu_get_buffer(f, s->ar, 21); s->ar_flip_flop=qemu_get_be32(f); qemu_get_8s(f, &s->cr_index); qemu_get_buffer(f, s->cr, 256); qemu_get_8s(f, &s->msr); qemu_get_8s(f, &s->fcr); qemu_get_8s(f, &s->st00); qemu_get_8s(f, &s->st01); qemu_get_8s(f, &s->dac_state); qemu_get_8s(f, &s->dac_sub_index); qemu_get_8s(f, &s->dac_read_index); qemu_get_8s(f, &s->dac_write_index); qemu_get_buffer(f, s->dac_cache, 3); qemu_get_buffer(f, s->palette, 768); s->bank_offset=qemu_get_be32(f); qemu_get_8s(f, &s->cirrus_hidden_dac_lockindex); qemu_get_8s(f, &s->cirrus_hidden_dac_data); qemu_get_be32s(f, &s->hw_cursor_x); qemu_get_be32s(f, &s->hw_cursor_y); s->graphic_mode = -1; cirrus_update_bank_ptr(s, 0); cirrus_update_bank_ptr(s, 1); return 0; }",qemu,,,329612191013024136795190814891046588807,0 4046,['CWE-362'],"static void trim_marked(struct audit_tree *tree) { struct list_head *p, *q; spin_lock(&hash_lock); if (tree->goner) { spin_unlock(&hash_lock); return; } for (p = tree->chunks.next; p != &tree->chunks; p = q) { struct node *node = list_entry(p, struct node, list); q = p->next; if (node->index & (1U<<31)) { list_del_init(p); list_add(p, &tree->chunks); } } while (!list_empty(&tree->chunks)) { struct node *node; node = list_entry(tree->chunks.next, struct node, list); if (!(node->index & (1U<<31))) break; untag_chunk(node); } if (!tree->root && !tree->goner) { tree->goner = 1; spin_unlock(&hash_lock); mutex_lock(&audit_filter_mutex); kill_rules(tree); list_del_init(&tree->list); mutex_unlock(&audit_filter_mutex); prune_one(tree); } else { spin_unlock(&hash_lock); } }",linux-2.6,,,234152811519541271500288876630679820640,0 2182,CWE-416,"static struct page *follow_page_pte(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, unsigned int flags, struct dev_pagemap **pgmap) { struct mm_struct *mm = vma->vm_mm; struct page *page; spinlock_t *ptl; pte_t *ptep, pte; retry: if (unlikely(pmd_bad(*pmd))) return no_page_table(vma, flags); ptep = pte_offset_map_lock(mm, pmd, address, &ptl); pte = *ptep; if (!pte_present(pte)) { swp_entry_t entry; if (likely(!(flags & FOLL_MIGRATION))) goto no_page; if (pte_none(pte)) goto no_page; entry = pte_to_swp_entry(pte); if (!is_migration_entry(entry)) goto no_page; pte_unmap_unlock(ptep, ptl); migration_entry_wait(mm, pmd, address); goto retry; } if ((flags & FOLL_NUMA) && pte_protnone(pte)) goto no_page; if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags)) { pte_unmap_unlock(ptep, ptl); return NULL; } page = vm_normal_page(vma, address, pte); if (!page && pte_devmap(pte) && (flags & FOLL_GET)) { *pgmap = get_dev_pagemap(pte_pfn(pte), *pgmap); if (*pgmap) page = pte_page(pte); else goto no_page; } else if (unlikely(!page)) { if (flags & FOLL_DUMP) { page = ERR_PTR(-EFAULT); goto out; } if (is_zero_pfn(pte_pfn(pte))) { page = pte_page(pte); } else { int ret; ret = follow_pfn_pte(vma, address, ptep, flags); page = ERR_PTR(ret); goto out; } } if (flags & FOLL_SPLIT && PageTransCompound(page)) { int ret; get_page(page); pte_unmap_unlock(ptep, ptl); lock_page(page); ret = split_huge_page(page); unlock_page(page); put_page(page); if (ret) return ERR_PTR(ret); goto retry; } if (flags & FOLL_GET) get_page(page); if (flags & FOLL_TOUCH) { if ((flags & FOLL_WRITE) && !pte_dirty(pte) && !PageDirty(page)) set_page_dirty(page); mark_page_accessed(page); } if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) { if (PageTransCompound(page)) goto out; if (page->mapping && trylock_page(page)) { lru_add_drain(); mlock_vma_page(page); unlock_page(page); } } out: pte_unmap_unlock(ptep, ptl); return page; no_page: pte_unmap_unlock(ptep, ptl); if (!pte_none(pte)) return NULL; return no_page_table(vma, flags); }",visit repo url,mm/gup.c,https://github.com/torvalds/linux,69574028786373,1 6291,['CWE-200'],"static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n, void *arg) { struct rtattr **tca; struct tcmsg *t; u32 protocol; u32 prio; u32 nprio; u32 parent; struct net_device *dev; struct Qdisc *q; struct tcf_proto **back, **chain; struct tcf_proto *tp; struct tcf_proto_ops *tp_ops; struct Qdisc_class_ops *cops; unsigned long cl; unsigned long fh; int err; replay: tca = arg; t = NLMSG_DATA(n); protocol = TC_H_MIN(t->tcm_info); prio = TC_H_MAJ(t->tcm_info); nprio = prio; parent = t->tcm_parent; cl = 0; if (prio == 0) { if (n->nlmsg_type != RTM_NEWTFILTER || !(n->nlmsg_flags&NLM_F_CREATE)) return -ENOENT; prio = TC_H_MAKE(0x80000000U,0U); } if ((dev = __dev_get_by_index(t->tcm_ifindex)) == NULL) return -ENODEV; if (!parent) { q = dev->qdisc_sleeping; parent = q->handle; } else if ((q = qdisc_lookup(dev, TC_H_MAJ(t->tcm_parent))) == NULL) return -EINVAL; if ((cops = q->ops->cl_ops) == NULL) return -EINVAL; if (TC_H_MIN(parent)) { cl = cops->get(q, parent); if (cl == 0) return -ENOENT; } chain = cops->tcf_chain(q, cl); err = -EINVAL; if (chain == NULL) goto errout; for (back = chain; (tp=*back) != NULL; back = &tp->next) { if (tp->prio >= prio) { if (tp->prio == prio) { if (!nprio || (tp->protocol != protocol && protocol)) goto errout; } else tp = NULL; break; } } if (tp == NULL) { if (tca[TCA_KIND-1] == NULL || !protocol) goto errout; err = -ENOENT; if (n->nlmsg_type != RTM_NEWTFILTER || !(n->nlmsg_flags&NLM_F_CREATE)) goto errout; err = -ENOBUFS; if ((tp = kmalloc(sizeof(*tp), GFP_KERNEL)) == NULL) goto errout; err = -EINVAL; tp_ops = tcf_proto_lookup_ops(tca[TCA_KIND-1]); if (tp_ops == NULL) { #ifdef CONFIG_KMOD struct rtattr *kind = tca[TCA_KIND-1]; char name[IFNAMSIZ]; if (kind != NULL && rtattr_strlcpy(name, kind, IFNAMSIZ) < IFNAMSIZ) { rtnl_unlock(); request_module(""cls_%s"", name); rtnl_lock(); tp_ops = tcf_proto_lookup_ops(kind); if (tp_ops != NULL) { module_put(tp_ops->owner); err = -EAGAIN; } } #endif kfree(tp); goto errout; } memset(tp, 0, sizeof(*tp)); tp->ops = tp_ops; tp->protocol = protocol; tp->prio = nprio ? : tcf_auto_prio(*back); tp->q = q; tp->classify = tp_ops->classify; tp->classid = parent; if ((err = tp_ops->init(tp)) != 0) { module_put(tp_ops->owner); kfree(tp); goto errout; } qdisc_lock_tree(dev); tp->next = *back; *back = tp; qdisc_unlock_tree(dev); } else if (tca[TCA_KIND-1] && rtattr_strcmp(tca[TCA_KIND-1], tp->ops->kind)) goto errout; fh = tp->ops->get(tp, t->tcm_handle); if (fh == 0) { if (n->nlmsg_type == RTM_DELTFILTER && t->tcm_handle == 0) { qdisc_lock_tree(dev); *back = tp->next; qdisc_unlock_tree(dev); tfilter_notify(skb, n, tp, fh, RTM_DELTFILTER); tcf_destroy(tp); err = 0; goto errout; } err = -ENOENT; if (n->nlmsg_type != RTM_NEWTFILTER || !(n->nlmsg_flags&NLM_F_CREATE)) goto errout; } else { switch (n->nlmsg_type) { case RTM_NEWTFILTER: err = -EEXIST; if (n->nlmsg_flags&NLM_F_EXCL) goto errout; break; case RTM_DELTFILTER: err = tp->ops->delete(tp, fh); if (err == 0) tfilter_notify(skb, n, tp, fh, RTM_DELTFILTER); goto errout; case RTM_GETTFILTER: err = tfilter_notify(skb, n, tp, fh, RTM_NEWTFILTER); goto errout; default: err = -EINVAL; goto errout; } } err = tp->ops->change(tp, cl, t->tcm_handle, tca, &fh); if (err == 0) tfilter_notify(skb, n, tp, fh, RTM_NEWTFILTER); errout: if (cl) cops->put(q, cl); if (err == -EAGAIN) goto replay; return err; }",linux-2.6,,,152709634651932175015382890498833788001,0 5840,CWE-416,"PJ_DEF(pj_status_t) pjsip_ua_unregister_dlg( pjsip_user_agent *ua, pjsip_dialog *dlg ) { struct dlg_set *dlg_set; pjsip_dialog *d; PJ_ASSERT_RETURN(ua && dlg, PJ_EINVAL); PJ_ASSERT_RETURN(dlg->dlg_set, PJ_EINVALIDOP); pj_mutex_lock(mod_ua.mutex); dlg_set = (struct dlg_set*) dlg->dlg_set; d = dlg_set->dlg_list.next; while (d != (pjsip_dialog*)&dlg_set->dlg_list && d != dlg) { d = d->next; } if (d != dlg) { pj_assert(!""Dialog is not registered!""); pj_mutex_unlock(mod_ua.mutex); return PJ_EINVALIDOP; } pj_list_erase(dlg); if (pj_list_empty(&dlg_set->dlg_list)) { pj_hash_set_lower(NULL, mod_ua.dlg_table, dlg->local.info->tag.ptr, (unsigned)dlg->local.info->tag.slen, dlg->local.tag_hval, NULL); pj_list_push_back(&mod_ua.free_dlgset_nodes, dlg_set); } pj_mutex_unlock(mod_ua.mutex); return PJ_SUCCESS; }",visit repo url,pjsip/src/pjsip/sip_ua_layer.c,https://github.com/pjsip/pjproject,9154938649186,1 2546,['CWE-119'],"static int limit_list(struct rev_info *revs) { int slop = SLOP; unsigned long date = ~0ul; struct commit_list *list = revs->commits; struct commit_list *newlist = NULL; struct commit_list **p = &newlist; while (list) { struct commit_list *entry = list; struct commit *commit = list->item; struct object *obj = &commit->object; show_early_output_fn_t show; list = list->next; free(entry); if (revs->max_age != -1 && (commit->date < revs->max_age)) obj->flags |= UNINTERESTING; if (add_parents_to_list(revs, commit, &list) < 0) return -1; if (obj->flags & UNINTERESTING) { mark_parents_uninteresting(commit); if (revs->show_all) p = &commit_list_insert(commit, p)->next; slop = still_interesting(list, date, slop); if (slop) continue; if (revs->show_all) *p = list; break; } if (revs->min_age != -1 && (commit->date > revs->min_age)) continue; date = commit->date; p = &commit_list_insert(commit, p)->next; show = show_early_output; if (!show) continue; show(revs, newlist); show_early_output = NULL; } if (revs->cherry_pick) cherry_pick_list(newlist, revs); revs->commits = newlist; return 0; }",git,,,145942913230950279801682466346835857121,0 1685,[],"static int cpu_shares_write_uint(struct cgroup *cgrp, struct cftype *cftype, u64 shareval) { return sched_group_set_shares(cgroup_tg(cgrp), shareval); }",linux-2.6,,,253102871804469890731148474623097726486,0 3443,CWE-611,"PLIST_API void plist_from_xml(const char *plist_xml, uint32_t length, plist_t * plist) { xmlDocPtr plist_doc = xmlParseMemory(plist_xml, length); xmlNodePtr root_node = xmlDocGetRootElement(plist_doc); xml_to_node(root_node, plist); xmlFreeDoc(plist_doc); }",visit repo url,src/xplist.c,https://github.com/UIKit0/libplist,146586822828572,1 5623,CWE-125,"Ta3AST_FromNodeObject(const node *n, PyCompilerFlags *flags, PyObject *filename, int feature_version, PyArena *arena) { int i, j, k, num; asdl_seq *stmts = NULL; asdl_seq *type_ignores = NULL; stmt_ty s; node *ch; struct compiling c; mod_ty res = NULL; asdl_seq *argtypes = NULL; expr_ty ret, arg; c.c_arena = arena; c.c_filename = filename; c.c_normalize = NULL; c.c_normalize_args = NULL; c.c_feature_version = feature_version; if (TYPE(n) == encoding_decl) n = CHILD(n, 0); k = 0; switch (TYPE(n)) { case file_input: stmts = _Ta3_asdl_seq_new(num_stmts(n), arena); if (!stmts) goto out; for (i = 0; i < NCH(n) - 1; i++) { ch = CHILD(n, i); if (TYPE(ch) == NEWLINE) continue; REQ(ch, stmt); num = num_stmts(ch); if (num == 1) { s = ast_for_stmt(&c, ch); if (!s) goto out; asdl_seq_SET(stmts, k++, s); } else { ch = CHILD(ch, 0); REQ(ch, simple_stmt); for (j = 0; j < num; j++) { s = ast_for_stmt(&c, CHILD(ch, j * 2)); if (!s) goto out; asdl_seq_SET(stmts, k++, s); } } } ch = CHILD(n, NCH(n) - 1); REQ(ch, ENDMARKER); num = NCH(ch); type_ignores = _Ta3_asdl_seq_new(num, arena); if (!type_ignores) goto out; for (i = 0; i < num; i++) { type_ignore_ty ti = TypeIgnore(LINENO(CHILD(ch, i)), arena); if (!ti) goto out; asdl_seq_SET(type_ignores, i, ti); } res = Module(stmts, type_ignores, arena); break; case eval_input: { expr_ty testlist_ast; testlist_ast = ast_for_testlist(&c, CHILD(n, 0)); if (!testlist_ast) goto out; res = Expression(testlist_ast, arena); break; } case single_input: if (TYPE(CHILD(n, 0)) == NEWLINE) { stmts = _Ta3_asdl_seq_new(1, arena); if (!stmts) goto out; asdl_seq_SET(stmts, 0, Pass(n->n_lineno, n->n_col_offset, arena)); if (!asdl_seq_GET(stmts, 0)) goto out; res = Interactive(stmts, arena); } else { n = CHILD(n, 0); num = num_stmts(n); stmts = _Ta3_asdl_seq_new(num, arena); if (!stmts) goto out; if (num == 1) { s = ast_for_stmt(&c, n); if (!s) goto out; asdl_seq_SET(stmts, 0, s); } else { REQ(n, simple_stmt); for (i = 0; i < NCH(n); i += 2) { if (TYPE(CHILD(n, i)) == NEWLINE) break; s = ast_for_stmt(&c, CHILD(n, i)); if (!s) goto out; asdl_seq_SET(stmts, i / 2, s); } } res = Interactive(stmts, arena); } break; case func_type_input: n = CHILD(n, 0); REQ(n, func_type); if (TYPE(CHILD(n, 1)) == typelist) { ch = CHILD(n, 1); num = 0; for (i = 0; i < NCH(ch); i++) { if (TYPE(CHILD(ch, i)) == test) num++; } argtypes = _Ta3_asdl_seq_new(num, arena); j = 0; for (i = 0; i < NCH(ch); i++) { if (TYPE(CHILD(ch, i)) == test) { arg = ast_for_expr(&c, CHILD(ch, i)); if (!arg) goto out; asdl_seq_SET(argtypes, j++, arg); } } } else argtypes = _Ta3_asdl_seq_new(0, arena); ret = ast_for_expr(&c, CHILD(n, NCH(n) - 1)); if (!ret) goto out; res = FunctionType(argtypes, ret, arena); break; default: PyErr_Format(PyExc_SystemError, ""invalid node %d for Ta3AST_FromNode"", TYPE(n)); goto out; } out: if (c.c_normalize) { Py_DECREF(c.c_normalize); PyTuple_SET_ITEM(c.c_normalize_args, 1, NULL); Py_DECREF(c.c_normalize_args); } return res; }",visit repo url,ast3/Python/ast.c,https://github.com/python/typed_ast,20661516850992,1 2241,['CWE-193'],"generic_file_direct_write(struct kiocb *iocb, const struct iovec *iov, unsigned long *nr_segs, loff_t pos, loff_t *ppos, size_t count, size_t ocount) { struct file *file = iocb->ki_filp; struct address_space *mapping = file->f_mapping; struct inode *inode = mapping->host; ssize_t written; size_t write_len; pgoff_t end; if (count != ocount) *nr_segs = iov_shorten((struct iovec *)iov, *nr_segs, count); write_len = iov_length(iov, *nr_segs); end = (pos + write_len - 1) >> PAGE_CACHE_SHIFT; if (mapping_mapped(mapping)) unmap_mapping_range(mapping, pos, write_len, 0); written = filemap_write_and_wait(mapping); if (written) goto out; if (mapping->nrpages) { written = invalidate_inode_pages2_range(mapping, pos >> PAGE_CACHE_SHIFT, end); if (written) goto out; } written = mapping->a_ops->direct_IO(WRITE, iocb, iov, pos, *nr_segs); if (mapping->nrpages) { invalidate_inode_pages2_range(mapping, pos >> PAGE_CACHE_SHIFT, end); } if (written > 0) { loff_t end = pos + written; if (end > i_size_read(inode) && !S_ISBLK(inode->i_mode)) { i_size_write(inode, end); mark_inode_dirty(inode); } *ppos = end; } out: if ((written >= 0 || written == -EIOCBQUEUED) && ((file->f_flags & O_SYNC) || IS_SYNC(inode))) { int err = generic_osync_inode(inode, mapping, OSYNC_METADATA); if (err < 0) written = err; } return written; }",linux-2.6,,,317341151958410980253354632778787746540,0 3071,['CWE-189'],"void jp2_box_destroy(jp2_box_t *box) { if (box->ops->destroy) { (*box->ops->destroy)(box); } jas_free(box); }",jasper,,,134031347341398715344881107254571896494,0 6376,['CWE-200'],"static struct tcf_proto_ops *tcf_proto_lookup_ops(struct nlattr *kind) { struct tcf_proto_ops *t = NULL; if (kind) { read_lock(&cls_mod_lock); for (t = tcf_proto_base; t; t = t->next) { if (nla_strcmp(kind, t->kind) == 0) { if (!try_module_get(t->owner)) t = NULL; break; } } read_unlock(&cls_mod_lock); } return t; }",linux-2.6,,,196436614192459553016540319793383351194,0 5271,CWE-330,"static int oidc_cache_crypto_encrypt_impl(request_rec *r, unsigned char *plaintext, int plaintext_len, const unsigned char *aad, int aad_len, unsigned char *key, const unsigned char *iv, int iv_len, unsigned char *ciphertext, const unsigned char *tag, int tag_len) { EVP_CIPHER_CTX *ctx; int len; int ciphertext_len; if (!(ctx = EVP_CIPHER_CTX_new())) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_new""); return -1; } if (!EVP_EncryptInit_ex(ctx, OIDC_CACHE_CIPHER, NULL, NULL, NULL)) { oidc_cache_crypto_openssl_error(r, ""EVP_EncryptInit_ex""); return -1; } if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_SET_IVLEN, iv_len, NULL)) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_ctrl""); return -1; } if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) { oidc_cache_crypto_openssl_error(r, ""EVP_EncryptInit_ex""); return -1; } if (!EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) { oidc_cache_crypto_openssl_error(r, ""EVP_DecryptUpdate aad: aad_len=%d"", aad_len); return -1; } if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) { oidc_cache_crypto_openssl_error(r, ""EVP_EncryptUpdate ciphertext""); return -1; } ciphertext_len = len; if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) { oidc_cache_crypto_openssl_error(r, ""EVP_EncryptFinal_ex""); return -1; } ciphertext_len += len; if (!EVP_CIPHER_CTX_ctrl(ctx, OIDC_CACHE_CRYPTO_GET_TAG, tag_len, (void *) tag)) { oidc_cache_crypto_openssl_error(r, ""EVP_CIPHER_CTX_ctrl""); return -1; } EVP_CIPHER_CTX_free(ctx); return ciphertext_len; }",visit repo url,src/cache/common.c,https://github.com/zmartzone/mod_auth_openidc,176856116245140,1 4019,['CWE-362'],"static inline size_t audit_pack_string(void **bufp, const char *str) { size_t len = strlen(str); memcpy(*bufp, str, len); *bufp += len; return len; }",linux-2.6,,,282271325655558590059254312525396531833,0 6573,CWE-415,"destroyPresentationContextList(LST_HEAD ** l) { PRV_PRESENTATIONCONTEXTITEM * prvCtx; DUL_SUBITEM * subItem; if (*l == NULL) return; prvCtx = (PRV_PRESENTATIONCONTEXTITEM*)LST_Dequeue(l); while (prvCtx != NULL) { subItem = (DUL_SUBITEM*)LST_Dequeue(&prvCtx->transferSyntaxList); while (subItem != NULL) { free(subItem); subItem = (DUL_SUBITEM*)LST_Dequeue(&prvCtx->transferSyntaxList); } LST_Destroy(&prvCtx->transferSyntaxList); free(prvCtx); prvCtx = (PRV_PRESENTATIONCONTEXTITEM*)LST_Dequeue(l); } LST_Destroy(l); }",visit repo url,dcmnet/libsrc/dulfsm.cc,https://github.com/DCMTK/dcmtk,246343253915530,1 562,[],"static unsigned long bad_file_get_unmapped_area(struct file *file, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags) { return -EIO; }",linux-2.6,,,189982540298424765804787695548517969117,0 1443,CWE-362,"static int do_setxattr(struct btrfs_trans_handle *trans, struct inode *inode, const char *name, const void *value, size_t size, int flags) { struct btrfs_dir_item *di; struct btrfs_root *root = BTRFS_I(inode)->root; struct btrfs_path *path; size_t name_len = strlen(name); int ret = 0; if (name_len + size > BTRFS_MAX_XATTR_SIZE(root)) return -ENOSPC; path = btrfs_alloc_path(); if (!path) return -ENOMEM; if (flags & XATTR_REPLACE) { di = btrfs_lookup_xattr(trans, root, path, btrfs_ino(inode), name, name_len, -1); if (IS_ERR(di)) { ret = PTR_ERR(di); goto out; } else if (!di) { ret = -ENODATA; goto out; } ret = btrfs_delete_one_dir_name(trans, root, path, di); if (ret) goto out; btrfs_release_path(path); if (!value) goto out; } else { di = btrfs_lookup_xattr(NULL, root, path, btrfs_ino(inode), name, name_len, 0); if (IS_ERR(di)) { ret = PTR_ERR(di); goto out; } if (!di && !value) goto out; btrfs_release_path(path); } again: ret = btrfs_insert_xattr_item(trans, root, path, btrfs_ino(inode), name, name_len, value, size); if (ret == -EOVERFLOW) ret = -EEXIST; if (ret == -EEXIST) { if (flags & XATTR_CREATE) goto out; btrfs_release_path(path); di = btrfs_lookup_xattr(trans, root, path, btrfs_ino(inode), name, name_len, -1); if (IS_ERR(di)) { ret = PTR_ERR(di); goto out; } else if (!di) { btrfs_release_path(path); goto again; } ret = btrfs_delete_one_dir_name(trans, root, path, di); if (ret) goto out; if (value) { btrfs_release_path(path); goto again; } } out: btrfs_free_path(path); return ret; }",visit repo url,fs/btrfs/xattr.c,https://github.com/torvalds/linux,190938265159149,1 1787,CWE-416,"void snd_pcm_period_elapsed(struct snd_pcm_substream *substream) { struct snd_pcm_runtime *runtime; unsigned long flags; if (PCM_RUNTIME_CHECK(substream)) return; runtime = substream->runtime; snd_pcm_stream_lock_irqsave(substream, flags); if (!snd_pcm_running(substream) || snd_pcm_update_hw_ptr0(substream, 1) < 0) goto _end; #ifdef CONFIG_SND_PCM_TIMER if (substream->timer_running) snd_timer_interrupt(substream->timer, 1); #endif _end: snd_pcm_stream_unlock_irqrestore(substream, flags); kill_fasync(&runtime->fasync, SIGIO, POLL_IN); }",visit repo url,sound/core/pcm_lib.c,https://github.com/torvalds/linux,133236748825531,1 4288,CWE-400,"static int lmf_header_load(lmf_header *lmfh, RBuffer *buf, Sdb *db) { if (r_buf_size (buf) < sizeof (lmf_header)) { return false; } if (r_buf_fread_at (buf, QNX_HEADER_ADDR, (ut8 *) lmfh, ""iiiiiiiicccciiiicc"", 1) < QNX_HDR_SIZE) { return false; } r_strf_buffer (32); sdb_set (db, ""qnx.version"", r_strf (""0x%xH"", lmfh->version), 0); sdb_set (db, ""qnx.cflags"", r_strf (""0x%xH"", lmfh->cflags), 0); sdb_set (db, ""qnx.cpu"", r_strf (""0x%xH"", lmfh->cpu), 0); sdb_set (db, ""qnx.fpu"", r_strf (""0x%xH"", lmfh->fpu), 0); sdb_set (db, ""qnx.code_index"", r_strf (""0x%x"", lmfh->code_index), 0); sdb_set (db, ""qnx.stack_index"", r_strf (""0x%x"", lmfh->stack_index), 0); sdb_set (db, ""qnx.heap_index"", r_strf (""0x%x"", lmfh->heap_index), 0); sdb_set (db, ""qnx.argv_index"", r_strf (""0x%x"", lmfh->argv_index), 0); sdb_set (db, ""qnx.code_offset"", r_strf (""0x%x"", lmfh->code_offset), 0); sdb_set (db, ""qnx.stack_nbytes"", r_strf (""0x%x"", lmfh->stack_nbytes), 0); sdb_set (db, ""qnx.heap_nbytes"", r_strf (""0x%x"", lmfh->heap_nbytes), 0); sdb_set (db, ""qnx.image_base"", r_strf (""0x%x"", lmfh->image_base), 0); return true; }",visit repo url,libr/bin/p/bin_qnx.c,https://github.com/radareorg/radare2,48139697908724,1 1682,[],"void wait_task_inactive(struct task_struct *p) { unsigned long flags; int running, on_rq; struct rq *rq; for (;;) { rq = task_rq(p); while (task_running(rq, p)) cpu_relax(); rq = task_rq_lock(p, &flags); running = task_running(rq, p); on_rq = p->se.on_rq; task_rq_unlock(rq, &flags); if (unlikely(running)) { cpu_relax(); continue; } if (unlikely(on_rq)) { schedule_timeout_uninterruptible(1); continue; } break; } }",linux-2.6,,,157691571483124078682254552755454923965,0 5827,CWE-362,"static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent, pj_sock_t newsock, void *newconn, const pj_sockaddr_t *src_addr, int src_addr_len, pj_status_t accept_status) { pj_ssl_sock_t *ssock; #ifndef SSL_SOCK_IMP_USE_OWN_NETWORK pj_activesock_cb asock_cb; #endif pj_activesock_cfg asock_cfg; unsigned i; pj_status_t status; #ifndef SSL_SOCK_IMP_USE_OWN_NETWORK PJ_UNUSED_ARG(newconn); #endif if (accept_status != PJ_SUCCESS) { if (ssock_parent->param.cb.on_accept_complete2) { (*ssock_parent->param.cb.on_accept_complete2)(ssock_parent, NULL, src_addr, src_addr_len, accept_status); } return PJ_TRUE; } status = pj_ssl_sock_create(ssock_parent->pool, &ssock_parent->newsock_param, &ssock); if (status != PJ_SUCCESS) goto on_return; ssock->sock = newsock; ssock->parent = ssock_parent; ssock->is_server = PJ_TRUE; if (ssock_parent->cert) { status = pj_ssl_sock_set_certificate(ssock, ssock->pool, ssock_parent->cert); if (status != PJ_SUCCESS) goto on_return; } ssock->addr_len = src_addr_len; pj_sockaddr_cp(&ssock->local_addr, &ssock_parent->local_addr); pj_sockaddr_cp(&ssock->rem_addr, src_addr); status = ssl_create(ssock); if (status != PJ_SUCCESS) goto on_return; ssock->asock_rbuf = (void**)pj_pool_calloc(ssock->pool, ssock->param.async_cnt, sizeof(void*)); if (!ssock->asock_rbuf) return PJ_ENOMEM; for (i = 0; iparam.async_cnt; ++i) { ssock->asock_rbuf[i] = (void*) pj_pool_alloc( ssock->pool, ssock->param.read_buffer_size + sizeof(read_data_t*)); if (!ssock->asock_rbuf[i]) return PJ_ENOMEM; } if (ssock_parent->param.grp_lock) { pj_grp_lock_t *glock; status = pj_grp_lock_create(ssock->pool, NULL, &glock); if (status != PJ_SUCCESS) goto on_return; pj_grp_lock_add_ref(glock); asock_cfg.grp_lock = ssock->param.grp_lock = glock; pj_grp_lock_add_handler(ssock->param.grp_lock, ssock->pool, ssock, ssl_on_destroy); } #ifdef SSL_SOCK_IMP_USE_OWN_NETWORK status = network_setup_connection(ssock, newconn); if (status != PJ_SUCCESS) goto on_return; #else status = pj_sock_apply_qos2(ssock->sock, ssock->param.qos_type, &ssock->param.qos_params, 1, ssock->pool->obj_name, NULL); if (status != PJ_SUCCESS && !ssock->param.qos_ignore_error) goto on_return; if (ssock->param.sockopt_params.cnt) { status = pj_sock_setsockopt_params(ssock->sock, &ssock->param.sockopt_params); if (status != PJ_SUCCESS && !ssock->param.sockopt_ignore_error) goto on_return; } pj_activesock_cfg_default(&asock_cfg); asock_cfg.async_cnt = ssock->param.async_cnt; asock_cfg.concurrency = ssock->param.concurrency; asock_cfg.whole_data = PJ_TRUE; pj_bzero(&asock_cb, sizeof(asock_cb)); asock_cb.on_data_read = asock_on_data_read; asock_cb.on_data_sent = asock_on_data_sent; status = pj_activesock_create(ssock->pool, ssock->sock, ssock->param.sock_type, &asock_cfg, ssock->param.ioqueue, &asock_cb, ssock, &ssock->asock); if (status != PJ_SUCCESS) goto on_return; status = pj_activesock_start_read2(ssock->asock, ssock->pool, (unsigned)ssock->param.read_buffer_size, ssock->asock_rbuf, PJ_IOQUEUE_ALWAYS_ASYNC); if (status != PJ_SUCCESS) goto on_return; #endif status = get_localaddr(ssock, &ssock->local_addr, &ssock->addr_len); if (status != PJ_SUCCESS) { pj_sockaddr_cp(&ssock->local_addr, &ssock_parent->local_addr); } pj_assert(ssock->send_buf.max_len == 0); ssock->send_buf.buf = (char*) pj_pool_alloc(ssock->pool, ssock->param.send_buffer_size); if (!ssock->send_buf.buf) return PJ_ENOMEM; ssock->send_buf.max_len = ssock->param.send_buffer_size; ssock->send_buf.start = ssock->send_buf.buf; ssock->send_buf.len = 0; if (ssock->param.timer_heap && (ssock->param.timeout.sec != 0 || ssock->param.timeout.msec != 0)) { pj_assert(ssock->timer.id == TIMER_NONE); status = pj_timer_heap_schedule_w_grp_lock(ssock->param.timer_heap, &ssock->timer, &ssock->param.timeout, TIMER_HANDSHAKE_TIMEOUT, ssock->param.grp_lock); if (status != PJ_SUCCESS) { ssock->timer.id = TIMER_NONE; status = PJ_SUCCESS; } } ssock->ssl_state = SSL_STATE_HANDSHAKING; ssl_set_state(ssock, PJ_TRUE); status = ssl_do_handshake(ssock); on_return: if (ssock && status != PJ_EPENDING) { on_handshake_complete(ssock, status); } return PJ_TRUE; }",visit repo url,pjlib/src/pj/ssl_sock_imp_common.c,https://github.com/pjsip/pjproject,104159016183687,1 4453,['CWE-264'],"static void sock_def_wakeup(struct sock *sk) { read_lock(&sk->sk_callback_lock); if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) wake_up_interruptible_all(sk->sk_sleep); read_unlock(&sk->sk_callback_lock); }",linux-2.6,,,95828464832133765681278224539772677941,0 2235,['CWE-193'],"struct page *__grab_cache_page(struct address_space *mapping, pgoff_t index) { int status; struct page *page; repeat: page = find_lock_page(mapping, index); if (likely(page)) return page; page = page_cache_alloc(mapping); if (!page) return NULL; status = add_to_page_cache_lru(page, mapping, index, GFP_KERNEL); if (unlikely(status)) { page_cache_release(page); if (status == -EEXIST) goto repeat; return NULL; } return page; }",linux-2.6,,,165552226377542241214083655457547964946,0 3334,[],"static inline u32 nla_get_u32(struct nlattr *nla) { return *(u32 *) nla_data(nla); }",linux-2.6,,,32095854977413777008342687032645585062,0 4671,CWE-125,"static void oinf_entry_dump(GF_OperatingPointsInformation *ptr, FILE * trace) { u32 i, count; if (!ptr) { fprintf(trace, ""\n""); fprintf(trace, "" \n""); fprintf(trace, ""\n""); fprintf(trace, ""\n""); fprintf(trace, ""\n""); return; } fprintf(trace, ""scalability_mask); switch (ptr->scalability_mask) { case 2: fprintf(trace, ""Multiview""); break; case 4: fprintf(trace, ""Spatial scalability""); break; case 8: fprintf(trace, ""Auxilary""); break; default: fprintf(trace, ""unknown""); } fprintf(trace, "")\"" num_profile_tier_level=\""%u\"""", gf_list_count(ptr->profile_tier_levels) ); fprintf(trace, "" num_operating_points=\""%u\"" dependency_layers=\""%u\"""", gf_list_count(ptr->operating_points), gf_list_count(ptr->dependency_layers)); fprintf(trace, "">\n""); count=gf_list_count(ptr->profile_tier_levels); for (i = 0; i < count; i++) { LHEVC_ProfileTierLevel *ptl = (LHEVC_ProfileTierLevel *)gf_list_get(ptr->profile_tier_levels, i); fprintf(trace, "" \n"", ptl->general_profile_space, ptl->general_tier_flag, ptl->general_profile_idc, ptl->general_profile_compatibility_flags, ptl->general_constraint_indicator_flags); } count=gf_list_count(ptr->operating_points); for (i = 0; i < count; i++) { LHEVC_OperatingPoint *op = (LHEVC_OperatingPoint *)gf_list_get(ptr->operating_points, i); fprintf(trace, ""output_layer_set_idx); fprintf(trace, "" max_temporal_id=\""%u\"" layer_count=\""%u\"""", op->max_temporal_id, op->layer_count); fprintf(trace, "" minPicWidth=\""%u\"" minPicHeight=\""%u\"""", op->minPicWidth, op->minPicHeight); fprintf(trace, "" maxPicWidth=\""%u\"" maxPicHeight=\""%u\"""", op->maxPicWidth, op->maxPicHeight); fprintf(trace, "" maxChromaFormat=\""%u\"" maxBitDepth=\""%u\"""", op->maxChromaFormat, op->maxBitDepth); fprintf(trace, "" frame_rate_info_flag=\""%u\"" bit_rate_info_flag=\""%u\"""", op->frame_rate_info_flag, op->bit_rate_info_flag); if (op->frame_rate_info_flag) fprintf(trace, "" avgFrameRate=\""%u\"" constantFrameRate=\""%u\"""", op->avgFrameRate, op->constantFrameRate); if (op->bit_rate_info_flag) fprintf(trace, "" maxBitRate=\""%u\"" avgBitRate=\""%u\"""", op->maxBitRate, op->avgBitRate); fprintf(trace, ""/>\n""); } count=gf_list_count(ptr->dependency_layers); for (i = 0; i < count; i++) { u32 j; LHEVC_DependentLayer *dep = (LHEVC_DependentLayer *)gf_list_get(ptr->dependency_layers, i); fprintf(trace, ""dependent_layerID, dep->num_layers_dependent_on); if (dep->num_layers_dependent_on) { fprintf(trace, "" dependent_on_layerID=\""""); for (j = 0; j < dep->num_layers_dependent_on; j++) fprintf(trace, ""%d "", dep->dependent_on_layerID[j]); fprintf(trace, ""\""""); } fprintf(trace, "" dimension_identifier=\""""); for (j = 0; j < 16; j++) if (ptr->scalability_mask & (1 << j)) fprintf(trace, ""%d "", dep->dimension_identifier[j]); fprintf(trace, ""\""/>\n""); } fprintf(trace, ""\n""); return; }",visit repo url,src/isomedia/box_dump.c,https://github.com/gpac/gpac,50434042163685,1 3677,['CWE-119'],"int hfsplus_find_cat(struct super_block *sb, u32 cnid, struct hfs_find_data *fd) { hfsplus_cat_entry tmp; int err; u16 type; hfsplus_cat_build_key(sb, fd->search_key, cnid, NULL); err = hfs_brec_read(fd, &tmp, sizeof(hfsplus_cat_entry)); if (err) return err; type = be16_to_cpu(tmp.type); if (type != HFSPLUS_FOLDER_THREAD && type != HFSPLUS_FILE_THREAD) { printk(KERN_ERR ""hfs: found bad thread record in catalog\n""); return -EIO; } if (be16_to_cpu(tmp.thread.nodeName.length) > 255) { printk(KERN_ERR ""hfs: catalog name length corrupted\n""); return -EIO; } hfsplus_cat_build_key_uni(fd->search_key, be32_to_cpu(tmp.thread.parentID), &tmp.thread.nodeName); return hfs_brec_find(fd); }",linux-2.6,,,205775791775920522637527124072392202876,0 2630,CWE-125,"static int getStrrtokenPos(char* str, int savedPos) { int result =-1; int i; for(i=savedPos-1; i>=0; i--) { if(isIDSeparator(*(str+i)) ){ if(i>=2 && isIDSeparator(*(str+i-2)) ){ result = i-2; } else { result = i; } break; } } if(result < 1){ result =-1; } return result; }",visit repo url,ext/intl/locale/locale_methods.c,https://github.com/php/php-src,10808690675959,1 4784,CWE-119,"static int tcos_select_file(sc_card_t *card, const sc_path_t *in_path, sc_file_t **file_out) { sc_context_t *ctx; sc_apdu_t apdu; sc_file_t *file=NULL; u8 buf[SC_MAX_APDU_BUFFER_SIZE], pathbuf[SC_MAX_PATH_SIZE], *path = pathbuf; unsigned int i; int r, pathlen; assert(card != NULL && in_path != NULL); ctx=card->ctx; memcpy(path, in_path->value, in_path->len); pathlen = in_path->len; sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0xA4, 0, 0x04); switch (in_path->type) { case SC_PATH_TYPE_FILE_ID: if (pathlen != 2) return SC_ERROR_INVALID_ARGUMENTS; case SC_PATH_TYPE_FROM_CURRENT: apdu.p1 = 9; break; case SC_PATH_TYPE_DF_NAME: apdu.p1 = 4; break; case SC_PATH_TYPE_PATH: apdu.p1 = 8; if (pathlen >= 2 && memcmp(path, ""\x3F\x00"", 2) == 0) path += 2, pathlen -= 2; if (pathlen == 0) apdu.p1 = 0; break; case SC_PATH_TYPE_PARENT: apdu.p1 = 3; pathlen = 0; break; default: SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS); } if( pathlen == 0 ) apdu.cse = SC_APDU_CASE_2_SHORT; apdu.lc = pathlen; apdu.data = path; apdu.datalen = pathlen; if (file_out != NULL) { apdu.resp = buf; apdu.resplen = sizeof(buf); apdu.le = 256; } else { apdu.resplen = 0; apdu.le = 0; apdu.p2 = 0x0C; apdu.cse = (pathlen == 0) ? SC_APDU_CASE_1 : SC_APDU_CASE_3_SHORT; } r = sc_transmit_apdu(card, &apdu); SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, ""APDU transmit failed""); r = sc_check_sw(card, apdu.sw1, apdu.sw2); if (r || file_out == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r); if (apdu.resplen < 1 || apdu.resp[0] != 0x62){ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""received invalid template %02X\n"", apdu.resp[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } file = sc_file_new(); if (file == NULL) SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); *file_out = file; file->path = *in_path; for(i=2; i+1size=0; for(j=0; jsize = (file->size<<8) | d[j]; break; case 0x82: file->shareable = (d[0] & 0x40) ? 1 : 0; file->ef_structure = d[0] & 7; switch ((d[0]>>3) & 7) { case 0: file->type = SC_FILE_TYPE_WORKING_EF; break; case 7: file->type = SC_FILE_TYPE_DF; break; default: sc_debug(ctx, SC_LOG_DEBUG_NORMAL, ""invalid file type %02X in file descriptor\n"", d[0]); SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_UNKNOWN_DATA_RECEIVED); } break; case 0x83: file->id = (d[0]<<8) | d[1]; break; case 0x84: memcpy(file->name, d, len); file->namelen = len; break; case 0x86: sc_file_set_sec_attr(file, d, len); break; default: if (len>0) sc_file_set_prop_attr(file, d, len); } } file->magic = SC_FILE_MAGIC; parse_sec_attr(card, file, file->sec_attr, file->sec_attr_len); return 0; }",visit repo url,src/libopensc/card-tcos.c,https://github.com/OpenSC/OpenSC,13139987058975,1 687,CWE-20,"static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t size, int flags) { struct sock *sk = sock->sk; struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name; struct ddpehdr *ddp; int copied = 0; int offset = 0; int err = 0; struct sk_buff *skb; skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &err); lock_sock(sk); if (!skb) goto out; ddp = ddp_hdr(skb); copied = ntohs(ddp->deh_len_hops) & 1023; if (sk->sk_type != SOCK_RAW) { offset = sizeof(*ddp); copied -= offset; } if (copied > size) { copied = size; msg->msg_flags |= MSG_TRUNC; } err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied); if (!err) { if (sat) { sat->sat_family = AF_APPLETALK; sat->sat_port = ddp->deh_sport; sat->sat_addr.s_node = ddp->deh_snode; sat->sat_addr.s_net = ddp->deh_snet; } msg->msg_namelen = sizeof(*sat); } skb_free_datagram(sk, skb); out: release_sock(sk); return err ? : copied; }",visit repo url,net/appletalk/ddp.c,https://github.com/torvalds/linux,30002071291188,1 5796,['CWE-200'],"static int atalk_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) { return -ENOIOCTLCMD; }",linux-2.6,,,42732587796891058508603562437860250942,0 6407,['CWE-59'],"int main(int argc, char ** argv) { int c; unsigned long flags = MS_MANDLOCK; char * orgoptions = NULL; char * share_name = NULL; const char * ipaddr = NULL; char * uuid = NULL; char * mountpoint = NULL; char * options = NULL; char * optionstail; char * resolved_path = NULL; char * temp; char * dev_name; int rc = 0; int rsize = 0; int wsize = 0; int nomtab = 0; int uid = 0; int gid = 0; int optlen = 0; int orgoptlen = 0; size_t options_size = 0; size_t current_len; int retry = 0; struct addrinfo *addrhead = NULL, *addr; struct utsname sysinfo; struct mntent mountent; struct sockaddr_in *addr4; struct sockaddr_in6 *addr6; FILE * pmntfile; if (check_setuid()) return EX_USAGE; if(argc && argv) thisprogram = argv[0]; else mount_cifs_usage(stderr); if(thisprogram == NULL) thisprogram = ""mount.cifs""; uname(&sysinfo); if(argc > 2) { dev_name = argv[1]; share_name = strndup(argv[1], MAX_UNC_LEN); if (share_name == NULL) { fprintf(stderr, ""%s: %s"", argv[0], strerror(ENOMEM)); exit(EX_SYSERR); } mountpoint = argv[2]; } else if (argc == 2) { if ((strcmp(argv[1], ""-V"") == 0) || (strcmp(argv[1], ""--version"") == 0)) { print_cifs_mount_version(); exit(0); } if ((strcmp(argv[1], ""-h"") == 0) || (strcmp(argv[1], ""-?"") == 0) || (strcmp(argv[1], ""--help"") == 0)) mount_cifs_usage(stdout); mount_cifs_usage(stderr); } else { mount_cifs_usage(stderr); } while ((c = getopt_long (argc, argv, ""afFhilL:no:O:rsSU:vVwt:"", longopts, NULL)) != -1) { switch (c) { case '?': case 'h': mount_cifs_usage(stdout); case 'n': ++nomtab; break; case 'b': #ifdef MS_BIND flags |= MS_BIND; #else fprintf(stderr, ""option 'b' (MS_BIND) not supported\n""); #endif break; case 'm': #ifdef MS_MOVE flags |= MS_MOVE; #else fprintf(stderr, ""option 'm' (MS_MOVE) not supported\n""); #endif break; case 'o': orgoptions = strdup(optarg); break; case 'r': flags |= MS_RDONLY; break; case 'U': uuid = optarg; break; case 'v': ++verboseflag; break; case 'V': print_cifs_mount_version(); exit (0); case 'w': flags &= ~MS_RDONLY; break; case 'R': rsize = atoi(optarg) ; break; case 'W': wsize = atoi(optarg); break; case '1': if (isdigit(*optarg)) { char *ep; uid = strtoul(optarg, &ep, 10); if (*ep) { fprintf(stderr, ""bad uid value \""%s\""\n"", optarg); exit(EX_USAGE); } } else { struct passwd *pw; if (!(pw = getpwnam(optarg))) { fprintf(stderr, ""bad user name \""%s\""\n"", optarg); exit(EX_USAGE); } uid = pw->pw_uid; endpwent(); } break; case '2': if (isdigit(*optarg)) { char *ep; gid = strtoul(optarg, &ep, 10); if (*ep) { fprintf(stderr, ""bad gid value \""%s\""\n"", optarg); exit(EX_USAGE); } } else { struct group *gr; if (!(gr = getgrnam(optarg))) { fprintf(stderr, ""bad user name \""%s\""\n"", optarg); exit(EX_USAGE); } gid = gr->gr_gid; endpwent(); } break; case 'u': got_user = 1; user_name = optarg; break; case 'd': domain_name = optarg; got_domain = 1; break; case 'p': if(mountpassword == NULL) mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1); if(mountpassword) { got_password = 1; strlcpy(mountpassword,optarg,MOUNT_PASSWD_SIZE+1); } break; case 'S': get_password_from_file(0 ,NULL); break; case 't': break; case 'f': ++fakemnt; break; default: fprintf(stderr, ""unknown mount option %c\n"",c); mount_cifs_usage(stderr); } } if((argc < 3) || (dev_name == NULL) || (mountpoint == NULL)) { mount_cifs_usage(stderr); } rc = chdir(mountpoint); if (rc) { fprintf(stderr, ""Couldn't chdir to %s: %s\n"", mountpoint, strerror(errno)); rc = EX_USAGE; goto mount_exit; } rc = check_mountpoint(thisprogram, mountpoint); if (rc) goto mount_exit; if (getuid()) { rc = check_fstab(thisprogram, mountpoint, dev_name, &orgoptions); if (rc) goto mount_exit; flags |= CIFS_SETUID_FLAGS; } if (getenv(""PASSWD"")) { if(mountpassword == NULL) mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1); if(mountpassword) { strlcpy(mountpassword,getenv(""PASSWD""),MOUNT_PASSWD_SIZE+1); got_password = 1; } } else if (getenv(""PASSWD_FD"")) { get_password_from_file(atoi(getenv(""PASSWD_FD"")),NULL); } else if (getenv(""PASSWD_FILE"")) { get_password_from_file(0, getenv(""PASSWD_FILE"")); } if (orgoptions && parse_options(&orgoptions, &flags)) { rc = EX_USAGE; goto mount_exit; } if (getuid()) { #if !CIFS_LEGACY_SETUID_CHECK if (!(flags & (MS_USERS|MS_USER))) { fprintf(stderr, ""%s: permission denied\n"", thisprogram); rc = EX_USAGE; goto mount_exit; } #endif if (geteuid()) { fprintf(stderr, ""%s: not installed setuid - \""user\"" "" ""CIFS mounts not supported."", thisprogram); rc = EX_FAIL; goto mount_exit; } } flags &= ~(MS_USERS|MS_USER); addrhead = addr = parse_server(&share_name); if((addrhead == NULL) && (got_ip == 0)) { fprintf(stderr, ""No ip address specified and hostname not found\n""); rc = EX_USAGE; goto mount_exit; } resolved_path = (char *)malloc(PATH_MAX+1); if (!resolved_path) { fprintf(stderr, ""Unable to allocate memory.\n""); rc = EX_SYSERR; goto mount_exit; } if(!realpath(""."", resolved_path)) { fprintf(stderr, ""Unable to resolve %s to canonical path: %s\n"", mountpoint, strerror(errno)); rc = EX_SYSERR; goto mount_exit; } mountpoint = resolved_path; if(got_user == 0) { if (getenv(""USER"")) user_name = strdup(getenv(""USER"")); if (user_name == NULL) user_name = getusername(); got_user = 1; } if(got_password == 0) { char *tmp_pass = getpass(""Password: ""); mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1); if (!tmp_pass || !mountpassword) { fprintf(stderr, ""Password not entered, exiting\n""); exit(EX_USAGE); } strlcpy(mountpassword, tmp_pass, MOUNT_PASSWD_SIZE+1); got_password = 1; } if(orgoptions) { optlen = strlen(orgoptions); orgoptlen = optlen; } else optlen = 0; if(share_name) optlen += strlen(share_name) + 4; else { fprintf(stderr, ""No server share name specified\n""); fprintf(stderr, ""\nMounting the DFS root for server not implemented yet\n""); exit(EX_USAGE); } if(user_name) optlen += strlen(user_name) + 6; optlen += MAX_ADDRESS_LEN + 4; if(mountpassword) optlen += strlen(mountpassword) + 6; mount_retry: SAFE_FREE(options); options_size = optlen + 10 + DOMAIN_SIZE; options = (char *)malloc(options_size + 8 ); if(options == NULL) { fprintf(stderr, ""Could not allocate memory for mount options\n""); exit(EX_SYSERR); } strlcpy(options, ""unc="", options_size); strlcat(options,share_name,options_size); temp = strrchr(options, '/'); if(temp > options + 6) *temp = '\\'; if(user_name) { if(got_domain == 0) domain_name = check_for_domain(&user_name); strlcat(options,"",user="",options_size); strlcat(options,user_name,options_size); } if(retry == 0) { if(domain_name) { strlcat(options,"",domain="",options_size); strlcat(options,domain_name,options_size); } } strlcat(options,"",ver="",options_size); strlcat(options,MOUNT_CIFS_VERSION_MAJOR,options_size); if(orgoptions) { strlcat(options,"","",options_size); strlcat(options,orgoptions,options_size); } if(prefixpath) { strlcat(options,"",prefixpath="",options_size); strlcat(options,prefixpath,options_size); } replace_char(dev_name, '\\', '/', strlen(share_name)); if (!got_ip && addr) { strlcat(options, "",ip="", options_size); current_len = strnlen(options, options_size); optionstail = options + current_len; switch (addr->ai_addr->sa_family) { case AF_INET6: addr6 = (struct sockaddr_in6 *) addr->ai_addr; ipaddr = inet_ntop(AF_INET6, &addr6->sin6_addr, optionstail, options_size - current_len); break; case AF_INET: addr4 = (struct sockaddr_in *) addr->ai_addr; ipaddr = inet_ntop(AF_INET, &addr4->sin_addr, optionstail, options_size - current_len); break; default: ipaddr = NULL; } if (!ipaddr) { addr = addr->ai_next; if (addr) goto mount_retry; rc = EX_SYSERR; goto mount_exit; } } if (addr->ai_addr->sa_family == AF_INET6 && addr6->sin6_scope_id) { strlcat(options, ""%"", options_size); current_len = strnlen(options, options_size); optionstail = options + current_len; snprintf(optionstail, options_size - current_len, ""%u"", addr6->sin6_scope_id); } if(verboseflag) fprintf(stderr, ""\nmount.cifs kernel mount options: %s"", options); if (mountpassword) { if(retry == 0) check_for_comma(&mountpassword); strlcat(options,"",pass="",options_size); strlcat(options,mountpassword,options_size); if (verboseflag) fprintf(stderr, "",pass=********""); } if (verboseflag) fprintf(stderr, ""\n""); rc = check_mtab(thisprogram, dev_name, mountpoint); if (rc) goto mount_exit; if (!fakemnt && mount(dev_name, ""."", cifs_fstype, flags, options)) { switch (errno) { case ECONNREFUSED: case EHOSTUNREACH: if (addr) { addr = addr->ai_next; if (addr) goto mount_retry; } break; case ENODEV: fprintf(stderr, ""mount error: cifs filesystem not supported by the system\n""); break; case ENXIO: if(retry == 0) { retry = 1; if (uppercase_string(dev_name) && uppercase_string(share_name) && uppercase_string(prefixpath)) { fprintf(stderr, ""retrying with upper case share name\n""); goto mount_retry; } } } fprintf(stderr, ""mount error(%d): %s\n"", errno, strerror(errno)); fprintf(stderr, ""Refer to the mount.cifs(8) manual page (e.g. man "" ""mount.cifs)\n""); rc = EX_FAIL; goto mount_exit; } if (nomtab) goto mount_exit; atexit(unlock_mtab); rc = lock_mtab(); if (rc) { fprintf(stderr, ""cannot lock mtab""); goto mount_exit; } pmntfile = setmntent(MOUNTED, ""a+""); if (!pmntfile) { fprintf(stderr, ""could not update mount table\n""); unlock_mtab(); rc = EX_FILEIO; goto mount_exit; } mountent.mnt_fsname = dev_name; mountent.mnt_dir = mountpoint; mountent.mnt_type = (char *)(void *)cifs_fstype; mountent.mnt_opts = (char *)malloc(220); if(mountent.mnt_opts) { char * mount_user = getusername(); memset(mountent.mnt_opts,0,200); if(flags & MS_RDONLY) strlcat(mountent.mnt_opts,""ro"",220); else strlcat(mountent.mnt_opts,""rw"",220); if(flags & MS_MANDLOCK) strlcat(mountent.mnt_opts,"",mand"",220); if(flags & MS_NOEXEC) strlcat(mountent.mnt_opts,"",noexec"",220); if(flags & MS_NOSUID) strlcat(mountent.mnt_opts,"",nosuid"",220); if(flags & MS_NODEV) strlcat(mountent.mnt_opts,"",nodev"",220); if(flags & MS_SYNCHRONOUS) strlcat(mountent.mnt_opts,"",sync"",220); if(mount_user) { if(getuid() != 0) { strlcat(mountent.mnt_opts, "",user="", 220); strlcat(mountent.mnt_opts, mount_user, 220); } } } mountent.mnt_freq = 0; mountent.mnt_passno = 0; rc = addmntent(pmntfile,&mountent); endmntent(pmntfile); unlock_mtab(); SAFE_FREE(mountent.mnt_opts); if (rc) rc = EX_FILEIO; mount_exit: if(mountpassword) { int len = strlen(mountpassword); memset(mountpassword,0,len); SAFE_FREE(mountpassword); } if (addrhead) freeaddrinfo(addrhead); SAFE_FREE(options); SAFE_FREE(orgoptions); SAFE_FREE(resolved_path); SAFE_FREE(share_name); exit(rc); }",samba,,,20627858211727386570611431834691738312,0 3133,CWE-134,"rrd_info_t *rrd_graph_v( int argc, char **argv) { image_desc_t im; rrd_info_t *grinfo; rrd_graph_init(&im); rrd_graph_options(argc, argv, &im); if (rrd_test_error()) { rrd_info_free(im.grinfo); im_free(&im); return NULL; } if (optind >= argc) { rrd_info_free(im.grinfo); im_free(&im); rrd_set_error(""missing filename""); return NULL; } if (strlen(argv[optind]) >= MAXPATH) { rrd_set_error(""filename (including path) too long""); rrd_info_free(im.grinfo); im_free(&im); return NULL; } strncpy(im.graphfile, argv[optind], MAXPATH - 1); im.graphfile[MAXPATH - 1] = '\0'; if (strcmp(im.graphfile, ""-"") == 0) { im.graphfile[0] = '\0'; } rrd_graph_script(argc, argv, &im, 1); if (rrd_test_error()) { rrd_info_free(im.grinfo); im_free(&im); return NULL; } if (graph_paint(&im) == -1) { rrd_info_free(im.grinfo); im_free(&im); return NULL; } if (im.imginfo && *im.imginfo) { rrd_infoval_t info; char *path; char *filename; if (bad_format_imginfo(im.imginfo)) { rrd_info_free(im.grinfo); im_free(&im); rrd_set_error(""bad format for imginfo""); return NULL; } path = strdup(im.graphfile); filename = basename(path); info.u_str = sprintf_alloc(im.imginfo, filename, (long) (im.zoom * im.ximg), (long) (im.zoom * im.yimg)); grinfo_push(&im, sprintf_alloc(""image_info""), RD_I_STR, info); free(info.u_str); free(path); } if (im.rendered_image) { rrd_infoval_t img; img.u_blo.size = im.rendered_image_size; img.u_blo.ptr = im.rendered_image; grinfo_push(&im, sprintf_alloc(""image""), RD_I_BLO, img); } grinfo = im.grinfo; im_free(&im); return grinfo; }",visit repo url,src/rrd_graph.c,https://github.com/oetiker/rrdtool-1.x,77543197513583,1 3961,CWE-284,"int socket_create(uint16_t port) { int sfd = -1; int yes = 1; #ifdef WIN32 WSADATA wsa_data; if (!wsa_init) { if (WSAStartup(MAKEWORD(2,2), &wsa_data) != ERROR_SUCCESS) { fprintf(stderr, ""WSAStartup failed!\n""); ExitProcess(-1); } wsa_init = 1; } #endif struct sockaddr_in saddr; if (0 > (sfd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP))) { perror(""socket()""); return -1; } if (setsockopt(sfd, SOL_SOCKET, SO_REUSEADDR, (void*)&yes, sizeof(int)) == -1) { perror(""setsockopt()""); socket_close(sfd); return -1; } memset((void *) &saddr, 0, sizeof(saddr)); saddr.sin_family = AF_INET; saddr.sin_addr.s_addr = htonl(INADDR_ANY); saddr.sin_port = htons(port); if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) { perror(""bind()""); socket_close(sfd); return -1; } if (listen(sfd, 1) == -1) { perror(""listen()""); socket_close(sfd); return -1; } return sfd; }",visit repo url,common/socket.c,https://github.com/libimobiledevice/libimobiledevice,233708807792066,1 1021,['CWE-20'],"int raw_notifier_chain_register(struct raw_notifier_head *nh, struct notifier_block *n) { return notifier_chain_register(&nh->head, n); }",linux-2.6,,,6148366596652814519874544932646208542,0 6092,CWE-190,"int cp_cmlhs_gen(bn_t x[], gt_t hs[], size_t len, uint8_t prf[], size_t plen, bn_t sk, g2_t pk, bn_t d, g2_t y, int bls) { g1_t g1; g2_t g2; gt_t gt; bn_t n; int result = RLC_OK; g1_null(g1); g2_null(g2); gt_null(gt); bn_null(n); RLC_TRY { bn_new(n); g1_new(g1); g2_new(g2); gt_new(gt); pc_get_ord(n); g1_get_gen(g1); g2_get_gen(g2); pc_map(gt, g1, g2); rand_bytes(prf, plen); if (bls) { cp_bls_gen(sk, pk); } else { cp_ecdsa_gen(sk, g1); fp_copy(pk->x[0], g1->x); fp_copy(pk->y[0], g1->y); } for (int i = 0; i < len; i++) { bn_rand_mod(x[i], n); gt_exp(hs[i], gt, x[i]); } bn_rand_mod(d, n); g2_mul_gen(y, d); } RLC_CATCH_ANY { result = RLC_ERR; } RLC_FINALLY { g1_free(g1); g2_free(g2); gt_free(gt); bn_free(n); } return result; }",visit repo url,src/cp/relic_cp_cmlhs.c,https://github.com/relic-toolkit/relic,269813092125039,1 6563,CWE-908,"void ZydisFormatterBufferInit(ZydisFormatterBuffer* buffer, char* user_buffer, ZyanUSize length) { ZYAN_ASSERT(buffer); ZYAN_ASSERT(user_buffer); ZYAN_ASSERT(length); buffer->is_token_list = ZYAN_FALSE; buffer->string.flags = ZYAN_STRING_HAS_FIXED_CAPACITY; buffer->string.vector.allocator = ZYAN_NULL; buffer->string.vector.element_size = sizeof(char); buffer->string.vector.size = 1; buffer->string.vector.capacity = length; buffer->string.vector.data = user_buffer; *user_buffer = '\0'; }",visit repo url,src/Formatter.c,https://github.com/zyantific/zydis,64638162211493,1 3496,CWE-119,"translate_hex_string(char *s, char *saved_orphan) { int c1 = *saved_orphan; char *start = s; char *t = s; for (; *s; s++) { if (isspace(*s)) continue; if (c1) { *t++ = (hexval(c1) << 4) + hexval(*s); c1 = 0; } else c1 = *s; } *saved_orphan = c1; return t - start; }",visit repo url,t1lib.c,https://github.com/kohler/t1utils,202697930746064,1 1950,CWE-401,"static ssize_t rpmsg_eptdev_write_iter(struct kiocb *iocb, struct iov_iter *from) { struct file *filp = iocb->ki_filp; struct rpmsg_eptdev *eptdev = filp->private_data; size_t len = iov_iter_count(from); void *kbuf; int ret; kbuf = kzalloc(len, GFP_KERNEL); if (!kbuf) return -ENOMEM; if (!copy_from_iter_full(kbuf, len, from)) return -EFAULT; if (mutex_lock_interruptible(&eptdev->ept_lock)) { ret = -ERESTARTSYS; goto free_kbuf; } if (!eptdev->ept) { ret = -EPIPE; goto unlock_eptdev; } if (filp->f_flags & O_NONBLOCK) ret = rpmsg_trysend(eptdev->ept, kbuf, len); else ret = rpmsg_send(eptdev->ept, kbuf, len); unlock_eptdev: mutex_unlock(&eptdev->ept_lock); free_kbuf: kfree(kbuf); return ret < 0 ? ret : len; }",visit repo url,drivers/rpmsg/rpmsg_char.c,https://github.com/torvalds/linux,161187461684488,1 3601,CWE-119,"void jpc_qmfb_split_colres(jpc_fix_t *a, int numrows, int numcols, int stride, int parity) { int bufsize = JPC_CEILDIVPOW2(numrows, 1); jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; jpc_fix_t *buf = splitbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; register jpc_fix_t *srcptr2; register jpc_fix_t *dstptr2; register int n; register int i; int m; int hstartcol; if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { abort(); } } if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; m = numrows - hstartcol; n = m; dstptr = buf; srcptr = &a[(1 - parity) * stride]; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < numcols; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += numcols; srcptr += stride << 1; } dstptr = &a[(1 - parity) * stride]; srcptr = &a[(2 - parity) * stride]; n = numrows - m - (!parity); while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < numcols; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += stride; srcptr += stride << 1; } dstptr = &a[hstartcol * stride]; srcptr = buf; n = m; while (n-- > 0) { dstptr2 = dstptr; srcptr2 = srcptr; for (i = 0; i < numcols; ++i) { *dstptr2 = *srcptr2; ++dstptr2; ++srcptr2; } dstptr += stride; srcptr += numcols; } } if (buf != splitbuf) { jas_free(buf); } }",visit repo url,src/libjasper/jpc/jpc_qmfb.c,https://github.com/mdadams/jasper,141009548908171,1 1291,[],"issue_expect_message (int expected) { if (expected == '\n') M4ERROR ((EXIT_FAILURE, 0, ""expecting line feed in frozen file"")); else M4ERROR ((EXIT_FAILURE, 0, ""expecting character `%c' in frozen file"", expected)); }",m4,,,11084239009528774929561764296623090679,0 3097,CWE-119,"dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) { DTLS1_RECORD_DATA *rdata; pitem *item; if (pqueue_size(queue->q) >= 100) return 0; rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) { if (rdata != NULL) OPENSSL_free(rdata); if (item != NULL) pitem_free(item); SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); return(0); } rdata->packet = s->packet; rdata->packet_length = s->packet_length; memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); item->data = rdata; #ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_rbio(s)) && (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) { BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo); } #endif s->packet = NULL; s->packet_length = 0; memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); OPENSSL_free(rdata); pitem_free(item); return(0); } if (pqueue_insert(queue->q, item) == NULL) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); OPENSSL_free(rdata); pitem_free(item); return(0); } return(1); }",visit repo url,ssl/d1_pkt.c,https://github.com/openssl/openssl,29442625315897,1 5838,CWE-125,"PJ_DEF(int) pj_scan_get_char( pj_scanner *scanner ) { int chr = *scanner->curptr; if (!chr) { pj_scan_syntax_err(scanner); return 0; } ++scanner->curptr; if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws) { pj_scan_skip_whitespace(scanner); } return chr; }",visit repo url,pjlib-util/src/pjlib-util/scanner.c,https://github.com/pjsip/pjproject,178042630485668,1 2439,CWE-119,"static int sdp_parse_fmtp_config_h264(AVFormatContext *s, AVStream *stream, PayloadContext *h264_data, const char *attr, const char *value) { AVCodecParameters *par = stream->codecpar; if (!strcmp(attr, ""packetization-mode"")) { av_log(s, AV_LOG_DEBUG, ""RTP Packetization Mode: %d\n"", atoi(value)); h264_data->packetization_mode = atoi(value); if (h264_data->packetization_mode > 1) av_log(s, AV_LOG_ERROR, ""Interleaved RTP mode is not supported yet.\n""); } else if (!strcmp(attr, ""profile-level-id"")) { if (strlen(value) == 6) parse_profile_level_id(s, h264_data, value); } else if (!strcmp(attr, ""sprop-parameter-sets"")) { int ret; if (value[strlen(value) - 1] == ',') { av_log(s, AV_LOG_WARNING, ""Missing PPS in sprop-parameter-sets, ignoring\n""); return 0; } par->extradata_size = 0; av_freep(&par->extradata); ret = ff_h264_parse_sprop_parameter_sets(s, &par->extradata, &par->extradata_size, value); av_log(s, AV_LOG_DEBUG, ""Extradata set to %p (size: %d)\n"", par->extradata, par->extradata_size); return ret; } return 0; }",visit repo url,libavformat/rtpdec_h264.c,https://github.com/FFmpeg/FFmpeg,214745539989937,1 4642,['CWE-399'],"static inline int ext4_begin_ordered_truncate(struct inode *inode, loff_t new_size) { return jbd2_journal_begin_ordered_truncate(&EXT4_I(inode)->jinode, new_size); }",linux-2.6,,,79089393777034404662797196180414645299,0 1723,CWE-19,"ext2_xattr_list(struct dentry *dentry, char *buffer, size_t buffer_size) { struct inode *inode = d_inode(dentry); struct buffer_head *bh = NULL; struct ext2_xattr_entry *entry; char *end; size_t rest = buffer_size; int error; ea_idebug(inode, ""buffer=%p, buffer_size=%ld"", buffer, (long)buffer_size); down_read(&EXT2_I(inode)->xattr_sem); error = 0; if (!EXT2_I(inode)->i_file_acl) goto cleanup; ea_idebug(inode, ""reading block %d"", EXT2_I(inode)->i_file_acl); bh = sb_bread(inode->i_sb, EXT2_I(inode)->i_file_acl); error = -EIO; if (!bh) goto cleanup; ea_bdebug(bh, ""b_count=%d, refcount=%d"", atomic_read(&(bh->b_count)), le32_to_cpu(HDR(bh)->h_refcount)); end = bh->b_data + bh->b_size; if (HDR(bh)->h_magic != cpu_to_le32(EXT2_XATTR_MAGIC) || HDR(bh)->h_blocks != cpu_to_le32(1)) { bad_block: ext2_error(inode->i_sb, ""ext2_xattr_list"", ""inode %ld: bad block %d"", inode->i_ino, EXT2_I(inode)->i_file_acl); error = -EIO; goto cleanup; } entry = FIRST_ENTRY(bh); while (!IS_LAST_ENTRY(entry)) { struct ext2_xattr_entry *next = EXT2_XATTR_NEXT(entry); if ((char *)next >= end) goto bad_block; entry = next; } if (ext2_xattr_cache_insert(bh)) ea_idebug(inode, ""cache insert failed""); for (entry = FIRST_ENTRY(bh); !IS_LAST_ENTRY(entry); entry = EXT2_XATTR_NEXT(entry)) { const struct xattr_handler *handler = ext2_xattr_handler(entry->e_name_index); if (handler && (!handler->list || handler->list(dentry))) { const char *prefix = handler->prefix ?: handler->name; size_t prefix_len = strlen(prefix); size_t size = prefix_len + entry->e_name_len + 1; if (buffer) { if (size > rest) { error = -ERANGE; goto cleanup; } memcpy(buffer, prefix, prefix_len); buffer += prefix_len; memcpy(buffer, entry->e_name, entry->e_name_len); buffer += entry->e_name_len; *buffer++ = 0; } rest -= size; } } error = buffer_size - rest; cleanup: brelse(bh); up_read(&EXT2_I(inode)->xattr_sem); return error; }",visit repo url,fs/ext2/xattr.c,https://github.com/torvalds/linux,45063727732023,1 3050,['CWE-189'],"static int jas_icctagtabent_cmp(const void *src, const void *dst) { jas_icctagtabent_t *srctagtabent = JAS_CAST(jas_icctagtabent_t *, src); jas_icctagtabent_t *dsttagtabent = JAS_CAST(jas_icctagtabent_t *, dst); if (srctagtabent->off > dsttagtabent->off) { return 1; } else if (srctagtabent->off < dsttagtabent->off) { return -1; } return 0; }",jasper,,,60985981525122201705893141040846966585,0 274,CWE-476,"static inline void mcryptd_check_internal(struct rtattr **tb, u32 *type, u32 *mask) { struct crypto_attr_type *algt; algt = crypto_get_attr_type(tb); if (IS_ERR(algt)) return; if ((algt->type & CRYPTO_ALG_INTERNAL)) *type |= CRYPTO_ALG_INTERNAL; if ((algt->mask & CRYPTO_ALG_INTERNAL)) *mask |= CRYPTO_ALG_INTERNAL; }",visit repo url,crypto/mcryptd.c,https://github.com/torvalds/linux,204638783136192,1 4134,[],"static int __devexit ibwdt_remove(struct platform_device *dev) { misc_deregister(&ibwdt_miscdev); release_region(WDT_START, 1); #if WDT_START != WDT_STOP release_region(WDT_STOP, 1); #endif return 0; }",linux-2.6,,,306139453059682823781507134568800129652,0 1654,[],"int select_nohz_load_balancer(int stop_tick) { int cpu = smp_processor_id(); if (stop_tick) { cpu_set(cpu, nohz.cpu_mask); cpu_rq(cpu)->in_nohz_recently = 1; if (cpu_is_offline(cpu) && atomic_read(&nohz.load_balancer) == cpu) { if (atomic_cmpxchg(&nohz.load_balancer, cpu, -1) != cpu) BUG(); return 0; } if (cpus_weight(nohz.cpu_mask) == num_online_cpus()) { if (atomic_read(&nohz.load_balancer) == cpu) atomic_set(&nohz.load_balancer, -1); return 0; } if (atomic_read(&nohz.load_balancer) == -1) { if (atomic_cmpxchg(&nohz.load_balancer, -1, cpu) == -1) return 1; } else if (atomic_read(&nohz.load_balancer) == cpu) return 1; } else { if (!cpu_isset(cpu, nohz.cpu_mask)) return 0; cpu_clear(cpu, nohz.cpu_mask); if (atomic_read(&nohz.load_balancer) == cpu) if (atomic_cmpxchg(&nohz.load_balancer, cpu, -1) != cpu) BUG(); } return 0; }",linux-2.6,,,252516661367715761397032723346256045000,0 5404,['CWE-476'],"static u64 mk_cr_64(u64 curr_cr, u32 new_val) { return (curr_cr & ~((1ULL << 32) - 1)) | new_val; }",linux-2.6,,,27309605536377488452890343003777162962,0 4556,CWE-122,"int AVI_read_audio(avi_t *AVI, u8 *audbuf, int bytes, int *continuous) { int nr, todo; s64 pos; if(AVI->mode==AVI_MODE_WRITE) { AVI_errno = AVI_ERR_NOT_PERM; return -1; } if(!AVI->track[AVI->aptr].audio_index) { AVI_errno = AVI_ERR_NO_IDX; return -1; } nr = 0; if (bytes==0) { AVI->track[AVI->aptr].audio_posc++; AVI->track[AVI->aptr].audio_posb = 0; } *continuous = 1; while(bytes>0) { s64 ret; int left = (int) (AVI->track[AVI->aptr].audio_index[AVI->track[AVI->aptr].audio_posc].len - AVI->track[AVI->aptr].audio_posb); if(left==0) { if(AVI->track[AVI->aptr].audio_posc>=AVI->track[AVI->aptr].audio_chunks-1) return nr; AVI->track[AVI->aptr].audio_posc++; AVI->track[AVI->aptr].audio_posb = 0; *continuous = 0; continue; } if(bytestrack[AVI->aptr].audio_index[AVI->track[AVI->aptr].audio_posc].pos + AVI->track[AVI->aptr].audio_posb; gf_fseek(AVI->fdes, pos, SEEK_SET); if ( (ret = avi_read(AVI->fdes,audbuf+nr,todo)) != todo) { GF_LOG(GF_LOG_ERROR, GF_LOG_CONTAINER, (""[avilib] XXX pos = %""LLD"", ret = %""LLD"", todo = %ld\n"", pos, ret, todo)); AVI_errno = AVI_ERR_READ; return -1; } bytes -= todo; nr += todo; AVI->track[AVI->aptr].audio_posb += todo; } return nr; }",visit repo url,src/media_tools/avilib.c,https://github.com/gpac/gpac,117950825461363,1 218,CWE-264,"static struct dentry *aio_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data) { static const struct dentry_operations ops = { .d_dname = simple_dname, }; return mount_pseudo(fs_type, ""aio:"", NULL, &ops, AIO_RING_MAGIC); }",visit repo url,fs/aio.c,https://github.com/torvalds/linux,35904936340965,1 4055,['CWE-362'],"static inline u32 inotify_get_cookie(void) { return 0; }",linux-2.6,,,256960811392323172618736974210163543791,0 5521,['CWE-119'],"int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, struct ecryptfs_auth_tok **auth_tok, char *sig) { int rc = 0; (*auth_tok_key) = request_key(&key_type_user, sig, NULL); if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { printk(KERN_ERR ""Could not find key with description: [%s]\n"", sig); rc = process_request_key_err(PTR_ERR(*auth_tok_key)); goto out; } (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key); if (ecryptfs_verify_version((*auth_tok)->version)) { printk(KERN_ERR ""Data structure version mismatch. "" ""Userspace tools must match eCryptfs "" ""kernel module with major version [%d] "" ""and minor version [%d]\n"", ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR); rc = -EINVAL; goto out; } if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) { printk(KERN_ERR ""Invalid auth_tok structure "" ""returned from key query\n""); rc = -EINVAL; goto out; } out: return rc; }",linux-2.6,,,249927561752824970633315805483314898445,0 3679,['CWE-119'],"int hfsplus_create_cat(u32 cnid, struct inode *dir, struct qstr *str, struct inode *inode) { struct hfs_find_data fd; struct super_block *sb; hfsplus_cat_entry entry; int entry_size; int err; dprint(DBG_CAT_MOD, ""create_cat: %s,%u(%d)\n"", str->name, cnid, inode->i_nlink); sb = dir->i_sb; hfs_find_init(HFSPLUS_SB(sb).cat_tree, &fd); hfsplus_cat_build_key(sb, fd.search_key, cnid, NULL); entry_size = hfsplus_fill_cat_thread(sb, &entry, S_ISDIR(inode->i_mode) ? HFSPLUS_FOLDER_THREAD : HFSPLUS_FILE_THREAD, dir->i_ino, str); err = hfs_brec_find(&fd); if (err != -ENOENT) { if (!err) err = -EEXIST; goto err2; } err = hfs_brec_insert(&fd, &entry, entry_size); if (err) goto err2; hfsplus_cat_build_key(sb, fd.search_key, dir->i_ino, str); entry_size = hfsplus_cat_build_record(&entry, cnid, inode); err = hfs_brec_find(&fd); if (err != -ENOENT) { if (!err) err = -EEXIST; goto err1; } err = hfs_brec_insert(&fd, &entry, entry_size); if (err) goto err1; dir->i_size++; dir->i_mtime = dir->i_ctime = CURRENT_TIME_SEC; mark_inode_dirty(dir); hfs_find_exit(&fd); return 0; err1: hfsplus_cat_build_key(sb, fd.search_key, cnid, NULL); if (!hfs_brec_find(&fd)) hfs_brec_remove(&fd); err2: hfs_find_exit(&fd); return err; }",linux-2.6,,,291484150011928658077179426829557426537,0 6618,['CWE-200'],"update_connection_cb (PolKitAction *action, gboolean gained_privilege, GError *error, gpointer user_data) { ConnectionUpdateInfo *info = (ConnectionUpdateInfo *) user_data; gboolean done = TRUE; GtkWindow *parent; parent = nm_connection_editor_get_window (info->editor); if (gained_privilege) { update_connection (info->list, info->editor, info->original, info->modified, info->callback, info->user_data); done = FALSE; } else if (error) { error_dialog (parent, _(""Could not update connection""), ""%s"", error->message); g_error_free (error); } else { error_dialog (parent, _(""Could not update connection""), ""%s"", _(""The connection could not be updated due to an unknown error."")); } if (done) connection_update_done (info, FALSE); else { g_object_unref (info->original); g_object_unref (info->modified); g_slice_free (ConnectionUpdateInfo, info); } }",network-manager-applet,,,167092271251101640269564041194656446213,0 4290,CWE-400,"static st64 buf_format(RBuffer *dst, RBuffer *src, const char *fmt, int n) { st64 res = 0; int i; for (i = 0; i < n; i++) { int j; int m = 1; int tsize = 2; bool bigendian = true; for (j = 0; fmt[j]; j++) { switch (fmt[j]) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': if (m == 1) { m = r_num_get (NULL, &fmt[j]); } continue; case 's': tsize = 2; bigendian = false; break; case 'S': tsize = 2; bigendian = true; break; case 'i': tsize = 4; bigendian = false; break; case 'I': tsize = 4; bigendian = true; break; case 'l': tsize = 8; bigendian = false; break; case 'L': tsize = 8; bigendian = true; break; case 'c': tsize = 1; bigendian = false; break; default: return -1; } int k; for (k = 0; k < m; k++) { ut8 tmp[sizeof (ut64)]; ut8 d1; ut16 d2; ut32 d3; ut64 d4; st64 r = r_buf_read (src, tmp, tsize); if (r < tsize) { return -1; } switch (tsize) { case 1: d1 = r_read_ble8 (tmp); r = r_buf_write (dst, (ut8 *)&d1, 1); break; case 2: d2 = r_read_ble16 (tmp, bigendian); r = r_buf_write (dst, (ut8 *)&d2, 2); break; case 4: d3 = r_read_ble32 (tmp, bigendian); r = r_buf_write (dst, (ut8 *)&d3, 4); break; case 8: d4 = r_read_ble64 (tmp, bigendian); r = r_buf_write (dst, (ut8 *)&d4, 8); break; } if (r < 0) { return -1; } res += r; } m = 1; } } return res; }",visit repo url,libr/util/buf.c,https://github.com/radareorg/radare2,19403192206979,1 4503,['CWE-20'],"static unsigned ext4_list_backups(struct super_block *sb, unsigned *three, unsigned *five, unsigned *seven) { unsigned *min = three; int mult = 3; unsigned ret; if (!EXT4_HAS_RO_COMPAT_FEATURE(sb, EXT4_FEATURE_RO_COMPAT_SPARSE_SUPER)) { ret = *min; *min += 1; return ret; } if (*five < *min) { min = five; mult = 5; } if (*seven < *min) { min = seven; mult = 7; } ret = *min; *min *= mult; return ret; }",linux-2.6,,,221642669289004823215509620005731877127,0 1040,CWE-119,"int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) { gfn_t gfn, end_gfn; pfn_t pfn; int r = 0; struct iommu_domain *domain = kvm->arch.iommu_domain; int flags; if (!domain) return 0; gfn = slot->base_gfn; end_gfn = gfn + slot->npages; flags = IOMMU_READ; if (!(slot->flags & KVM_MEM_READONLY)) flags |= IOMMU_WRITE; if (!kvm->arch.iommu_noncoherent) flags |= IOMMU_CACHE; while (gfn < end_gfn) { unsigned long page_size; if (iommu_iova_to_phys(domain, gfn_to_gpa(gfn))) { gfn += 1; continue; } page_size = kvm_host_page_size(kvm, gfn); while ((gfn + (page_size >> PAGE_SHIFT)) > end_gfn) page_size >>= 1; while ((gfn << PAGE_SHIFT) & (page_size - 1)) page_size >>= 1; while (__gfn_to_hva_memslot(slot, gfn) & (page_size - 1)) page_size >>= 1; pfn = kvm_pin_pages(slot, gfn, page_size); if (is_error_noslot_pfn(pfn)) { gfn += 1; continue; } r = iommu_map(domain, gfn_to_gpa(gfn), pfn_to_hpa(pfn), page_size, flags); if (r) { printk(KERN_ERR ""kvm_iommu_map_address:"" ""iommu failed to map pfn=%llx\n"", pfn); kvm_unpin_pages(kvm, pfn, page_size); goto unmap_pages; } gfn += page_size >> PAGE_SHIFT; } return 0; unmap_pages: kvm_iommu_put_pages(kvm, slot->base_gfn, gfn - slot->base_gfn); return r; }",visit repo url,virt/kvm/iommu.c,https://github.com/torvalds/linux,30407021459076,1 2967,['CWE-189'],"char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize) { int c; char *bufptr; assert(bufsize > 0); bufptr = buf; while (bufsize > 1) { if ((c = jas_stream_getc(stream)) == EOF) { break; } *bufptr++ = c; --bufsize; if (c == '\n') { break; } } *bufptr = '\0'; return buf; }",jasper,,,9568265688565530943767917985627688521,0 3987,CWE-352,"static void print_buttons(HttpRequest req, HttpResponse res, Service_T s) { if (is_readonly(req)) { return; } StringBuffer_append(res->outputbuffer, """"); if (s->start) StringBuffer_append(res->outputbuffer, """", s->name); if (s->stop) StringBuffer_append(res->outputbuffer, """", s->name); if ((s->start && s->stop) || s->restart) StringBuffer_append(res->outputbuffer, """", s->name); StringBuffer_append(res->outputbuffer, ""
"" """" ""
"" """" ""
"" """" ""
"" """" ""
"", s->name, s->monitor ? ""unmonitor"" : ""monitor"", s->monitor ? ""Disable monitoring"" : ""Enable monitoring""); }",visit repo url,src/http/cervlet.c,https://bitbucket.org/tildeslash/monit,53376931367575,1 5848,['CWE-200'],"static int raw_release(struct socket *sock) { struct sock *sk = sock->sk; struct raw_sock *ro = raw_sk(sk); unregister_netdevice_notifier(&ro->notifier); lock_sock(sk); if (ro->bound) { if (ro->ifindex) { struct net_device *dev; dev = dev_get_by_index(&init_net, ro->ifindex); if (dev) { raw_disable_allfilters(dev, sk); dev_put(dev); } } else raw_disable_allfilters(NULL, sk); } if (ro->count > 1) kfree(ro->filter); ro->ifindex = 0; ro->bound = 0; ro->count = 0; sock_orphan(sk); sock->sk = NULL; release_sock(sk); sock_put(sk); return 0; }",linux-2.6,,,58558409249210697527145010173822737982,0 3083,CWE-310,"int ssl3_accept(SSL *s) { BUF_MEM *buf; unsigned long alg_k,Time=(unsigned long)time(NULL); void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state,skip=0; RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); clear_sys_error(); if (s->info_callback != NULL) cb=s->info_callback; else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; s->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); if (s->cert == NULL) { SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); return(-1); } #ifndef OPENSSL_NO_HEARTBEATS if (s->tlsext_hb_pending) { s->tlsext_hb_pending = 0; s->tlsext_hb_seq++; } #endif for (;;) { state=s->state; switch (s->state) { case SSL_ST_RENEGOTIATE: s->renegotiate=1; case SSL_ST_BEFORE: case SSL_ST_ACCEPT: case SSL_ST_BEFORE|SSL_ST_ACCEPT: case SSL_ST_OK|SSL_ST_ACCEPT: s->server=1; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); if ((s->version>>8) != 3) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); return -1; } if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_VERSION_TOO_LOW); return -1; } s->type=SSL_ST_ACCEPT; if (s->init_buf == NULL) { if ((buf=BUF_MEM_new()) == NULL) { ret= -1; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret= -1; goto end; } s->init_buf=buf; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } s->init_num=0; s->s3->flags &= ~TLS1_FLAGS_SKIP_CERT_VERIFY; s->s3->flags &= ~SSL3_FLAGS_CCS_OK; s->s3->change_cipher_spec = 0; if (s->state != SSL_ST_RENEGOTIATE) { if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } ssl3_init_finished_mac(s); s->state=SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; } else if (!s->s3->send_connection_binding && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ret = -1; goto end; } else { s->ctx->stats.sess_accept_renegotiate++; s->state=SSL3_ST_SW_HELLO_REQ_A; } break; case SSL3_ST_SW_HELLO_REQ_A: case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; ret=ssl3_send_hello_request(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; s->state=SSL3_ST_SW_FLUSH; s->init_num=0; ssl3_init_finished_mac(s); break; case SSL3_ST_SW_HELLO_REQ_C: s->state=SSL_ST_OK; break; case SSL3_ST_SR_CLNT_HELLO_A: case SSL3_ST_SR_CLNT_HELLO_B: case SSL3_ST_SR_CLNT_HELLO_C: ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; #ifndef OPENSSL_NO_SRP s->state = SSL3_ST_SR_CLNT_HELLO_D; case SSL3_ST_SR_CLNT_HELLO_D: { int al; if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) < 0) { s->rwstate=SSL_X509_LOOKUP; goto end; } if (ret != SSL_ERROR_NONE) { ssl3_send_alert(s,SSL3_AL_FATAL,al); if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT); ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret= -1; goto end; } } #endif s->renegotiate = 2; s->state=SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; break; case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: ret=ssl3_send_server_hello(s); if (ret <= 0) goto end; #ifndef OPENSSL_NO_TLSEXT if (s->hit) { if (s->tlsext_ticket_expected) s->state=SSL3_ST_SW_SESSION_TICKET_A; else s->state=SSL3_ST_SW_CHANGE_A; } #else if (s->hit) s->state=SSL3_ST_SW_CHANGE_A; #endif else s->state = SSL3_ST_SW_CERT_A; s->init_num = 0; break; case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; #ifndef OPENSSL_NO_TLSEXT if (s->tlsext_status_expected) s->state=SSL3_ST_SW_CERT_STATUS_A; else s->state=SSL3_ST_SW_KEY_EXCH_A; } else { skip = 1; s->state=SSL3_ST_SW_KEY_EXCH_A; } #else } else skip=1; s->state=SSL3_ST_SW_KEY_EXCH_A; #endif s->init_num=0; break; case SSL3_ST_SW_KEY_EXCH_A: case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; if ((s->options & SSL_OP_EPHEMERAL_RSA) #ifndef OPENSSL_NO_KRB5 && !(alg_k & SSL_kKRB5) #endif ) s->s3->tmp.use_rsa_tmp=1; else s->s3->tmp.use_rsa_tmp=0; if (s->s3->tmp.use_rsa_tmp #ifndef OPENSSL_NO_PSK || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) #endif #ifndef OPENSSL_NO_SRP || (alg_k & SSL_kSRP) #endif || (alg_k & SSL_kDHE) || (alg_k & SSL_kECDHE) || ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) ) ) ) ) { ret=ssl3_send_server_key_exchange(s); if (ret <= 0) goto end; } else skip=1; s->state=SSL3_ST_SW_CERT_REQ_A; s->init_num=0; break; case SSL3_ST_SW_CERT_REQ_A: case SSL3_ST_SW_CERT_REQ_B: if ( !(s->verify_mode & SSL_VERIFY_PEER) || ((s->session->peer != NULL) && (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) || (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { skip=1; s->s3->tmp.cert_request=0; s->state=SSL3_ST_SW_SRVR_DONE_A; if (s->s3->handshake_buffer) if (!ssl3_digest_cached_records(s)) return -1; } else { s->s3->tmp.cert_request=1; ret=ssl3_send_certificate_request(s); if (ret <= 0) goto end; #ifndef NETSCAPE_HANG_BUG s->state=SSL3_ST_SW_SRVR_DONE_A; #else s->state=SSL3_ST_SW_FLUSH; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; #endif s->init_num=0; } break; case SSL3_ST_SW_SRVR_DONE_A: case SSL3_ST_SW_SRVR_DONE_B: ret=ssl3_send_server_done(s); if (ret <= 0) goto end; s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; s->state=SSL3_ST_SW_FLUSH; s->init_num=0; break; case SSL3_ST_SW_FLUSH: s->rwstate=SSL_WRITING; if (BIO_flush(s->wbio) <= 0) { ret= -1; goto end; } s->rwstate=SSL_NOTHING; s->state=s->s3->tmp.next_state; break; case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: if (s->s3->tmp.cert_request) { ret=ssl3_get_client_certificate(s); if (ret <= 0) goto end; } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: case SSL3_ST_SR_KEY_EXCH_B: ret=ssl3_get_client_key_exchange(s); if (ret <= 0) goto end; if (ret == 2) { #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) s->state=SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) s->state=SSL3_ST_SR_NEXT_PROTO_A; else s->state=SSL3_ST_SR_FINISHED_A; #endif s->init_num = 0; } else if (SSL_USE_SIGALGS(s)) { s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; if (!s->session->peer) break; if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR); return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; if (!ssl3_digest_cached_records(s)) return -1; } else { int offset=0; int dgst_num; s->state=SSL3_ST_SR_CERT_VRFY_A; s->init_num=0; if (s->s3->handshake_buffer) if (!ssl3_digest_cached_records(s)) return -1; for (dgst_num=0; dgst_nums3->handshake_dgst[dgst_num]) { int dgst_size; s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset])); dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); if (dgst_size < 0) { ret = -1; goto end; } offset+=dgst_size; } } break; case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: if (!s->s3->change_cipher_spec) s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) s->state=SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) s->state=SSL3_ST_SR_NEXT_PROTO_A; else s->state=SSL3_ST_SR_FINISHED_A; #endif s->init_num=0; break; #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: if (!s->s3->change_cipher_spec) s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_next_proto(s); if (ret <= 0) goto end; s->init_num = 0; s->state=SSL3_ST_SR_FINISHED_A; break; #endif case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: if (!s->s3->change_cipher_spec) s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; if (s->hit) s->state=SSL_ST_OK; #ifndef OPENSSL_NO_TLSEXT else if (s->tlsext_ticket_expected) s->state=SSL3_ST_SW_SESSION_TICKET_A; #endif else s->state=SSL3_ST_SW_CHANGE_A; s->init_num=0; break; #ifndef OPENSSL_NO_TLSEXT case SSL3_ST_SW_SESSION_TICKET_A: case SSL3_ST_SW_SESSION_TICKET_B: ret=ssl3_send_newsession_ticket(s); if (ret <= 0) goto end; s->state=SSL3_ST_SW_CHANGE_A; s->init_num=0; break; case SSL3_ST_SW_CERT_STATUS_A: case SSL3_ST_SW_CERT_STATUS_B: ret=ssl3_send_cert_status(s); if (ret <= 0) goto end; s->state=SSL3_ST_SW_KEY_EXCH_A; s->init_num=0; break; #endif case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: s->session->cipher=s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; goto end; } ret=ssl3_send_change_cipher_spec(s, SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); if (ret <= 0) goto end; s->state=SSL3_ST_SW_FINISHED_A; s->init_num=0; if (!s->method->ssl3_enc->change_cipher_state(s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret= -1; goto end; } break; case SSL3_ST_SW_FINISHED_A: case SSL3_ST_SW_FINISHED_B: ret=ssl3_send_finished(s, SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, s->method->ssl3_enc->server_finished_label, s->method->ssl3_enc->server_finished_label_len); if (ret <= 0) goto end; s->state=SSL3_ST_SW_FLUSH; if (s->hit) { #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) { s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; } else s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #endif } else s->s3->tmp.next_state=SSL_ST_OK; s->init_num=0; break; case SSL_ST_OK: ssl3_cleanup_key_block(s); BUF_MEM_free(s->init_buf); s->init_buf=NULL; ssl_free_wbio_buffer(s); s->init_num=0; if (s->renegotiate == 2) { s->renegotiate=0; s->new_session=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); s->ctx->stats.sess_accept_good++; s->handshake_func=ssl3_accept; if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); } ret = 1; goto end; default: SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE); ret= -1; goto end; } if (!s->s3->tmp.reuse_message && !skip) { if (s->debug) { if ((ret=BIO_flush(s->wbio)) <= 0) goto end; } if ((cb != NULL) && (s->state != state)) { new_state=s->state; s->state=state; cb(s,SSL_CB_ACCEPT_LOOP,1); s->state=new_state; } } skip=0; }",visit repo url,ssl/s3_srvr.c,https://github.com/openssl/openssl,227242905048962,1 1796,[],"static enum hrtimer_restart hrtick(struct hrtimer *timer) { struct rq *rq = container_of(timer, struct rq, hrtick_timer); WARN_ON_ONCE(cpu_of(rq) != smp_processor_id()); spin_lock(&rq->lock); __update_rq_clock(rq); rq->curr->sched_class->task_tick(rq, rq->curr, 1); spin_unlock(&rq->lock); return HRTIMER_NORESTART; }",linux-2.6,,,207758452385509031989191636044928694599,0 6275,CWE-787,"encodeJsonStructure(const void *src, const UA_DataType *type, CtxJson *ctx) { if(ctx->depth > UA_JSON_ENCODING_MAX_RECURSION) return UA_STATUSCODE_BADENCODINGERROR; ctx->depth++; status ret = writeJsonObjStart(ctx); uintptr_t ptr = (uintptr_t) src; u8 membersSize = type->membersSize; const UA_DataType * typelists[2] = {UA_TYPES, &type[-type->typeIndex]}; for(size_t i = 0; i < membersSize && ret == UA_STATUSCODE_GOOD; ++i) { const UA_DataTypeMember *m = &type->members[i]; const UA_DataType *mt = &typelists[!m->namespaceZero][m->memberTypeIndex]; if(m->memberName != NULL && *m->memberName != 0) ret |= writeJsonKey(ctx, m->memberName); if(!m->isArray) { ptr += m->padding; size_t memSize = mt->memSize; ret |= encodeJsonJumpTable[mt->typeKind]((const void*) ptr, mt, ctx); ptr += memSize; } else { ptr += m->padding; const size_t length = *((const size_t*) ptr); ptr += sizeof (size_t); ret |= encodeJsonArray(ctx, *(void * const *)ptr, length, mt); ptr += sizeof (void*); } } ret |= writeJsonObjEnd(ctx); ctx->depth--; return ret; }",visit repo url,src/ua_types_encoding_json.c,https://github.com/open62541/open62541,173804388075220,1 5999,['CWE-200'],"static __inline__ unsigned hash_dst(u32 *dst, u8 protocol, u8 tunnelid) { unsigned h = dst[RSVP_DST_LEN-1]; h ^= h>>16; h ^= h>>8; return (h ^ protocol ^ tunnelid) & 0xFF; }",linux-2.6,,,330348935688063175935971895498931573154,0 5103,CWE-125,"static int init_types(void) { static int initialized; if (initialized) return 1; if (add_ast_fields() < 0) return 0; mod_type = make_type(""mod"", &AST_type, NULL, 0); if (!mod_type) return 0; if (!add_attributes(mod_type, NULL, 0)) return 0; Module_type = make_type(""Module"", mod_type, Module_fields, 1); if (!Module_type) return 0; Interactive_type = make_type(""Interactive"", mod_type, Interactive_fields, 1); if (!Interactive_type) return 0; Expression_type = make_type(""Expression"", mod_type, Expression_fields, 1); if (!Expression_type) return 0; Suite_type = make_type(""Suite"", mod_type, Suite_fields, 1); if (!Suite_type) return 0; stmt_type = make_type(""stmt"", &AST_type, NULL, 0); if (!stmt_type) return 0; if (!add_attributes(stmt_type, stmt_attributes, 4)) return 0; FunctionDef_type = make_type(""FunctionDef"", stmt_type, FunctionDef_fields, 5); if (!FunctionDef_type) return 0; AsyncFunctionDef_type = make_type(""AsyncFunctionDef"", stmt_type, AsyncFunctionDef_fields, 5); if (!AsyncFunctionDef_type) return 0; ClassDef_type = make_type(""ClassDef"", stmt_type, ClassDef_fields, 5); if (!ClassDef_type) return 0; Return_type = make_type(""Return"", stmt_type, Return_fields, 1); if (!Return_type) return 0; Delete_type = make_type(""Delete"", stmt_type, Delete_fields, 1); if (!Delete_type) return 0; Assign_type = make_type(""Assign"", stmt_type, Assign_fields, 2); if (!Assign_type) return 0; AugAssign_type = make_type(""AugAssign"", stmt_type, AugAssign_fields, 3); if (!AugAssign_type) return 0; AnnAssign_type = make_type(""AnnAssign"", stmt_type, AnnAssign_fields, 4); if (!AnnAssign_type) return 0; For_type = make_type(""For"", stmt_type, For_fields, 4); if (!For_type) return 0; AsyncFor_type = make_type(""AsyncFor"", stmt_type, AsyncFor_fields, 4); if (!AsyncFor_type) return 0; While_type = make_type(""While"", stmt_type, While_fields, 3); if (!While_type) return 0; If_type = make_type(""If"", stmt_type, If_fields, 3); if (!If_type) return 0; With_type = make_type(""With"", stmt_type, With_fields, 2); if (!With_type) return 0; AsyncWith_type = make_type(""AsyncWith"", stmt_type, AsyncWith_fields, 2); if (!AsyncWith_type) return 0; Raise_type = make_type(""Raise"", stmt_type, Raise_fields, 2); if (!Raise_type) return 0; Try_type = make_type(""Try"", stmt_type, Try_fields, 4); if (!Try_type) return 0; Assert_type = make_type(""Assert"", stmt_type, Assert_fields, 2); if (!Assert_type) return 0; Import_type = make_type(""Import"", stmt_type, Import_fields, 1); if (!Import_type) return 0; ImportFrom_type = make_type(""ImportFrom"", stmt_type, ImportFrom_fields, 3); if (!ImportFrom_type) return 0; Global_type = make_type(""Global"", stmt_type, Global_fields, 1); if (!Global_type) return 0; Nonlocal_type = make_type(""Nonlocal"", stmt_type, Nonlocal_fields, 1); if (!Nonlocal_type) return 0; Expr_type = make_type(""Expr"", stmt_type, Expr_fields, 1); if (!Expr_type) return 0; Pass_type = make_type(""Pass"", stmt_type, NULL, 0); if (!Pass_type) return 0; Break_type = make_type(""Break"", stmt_type, NULL, 0); if (!Break_type) return 0; Continue_type = make_type(""Continue"", stmt_type, NULL, 0); if (!Continue_type) return 0; expr_type = make_type(""expr"", &AST_type, NULL, 0); if (!expr_type) return 0; if (!add_attributes(expr_type, expr_attributes, 4)) return 0; BoolOp_type = make_type(""BoolOp"", expr_type, BoolOp_fields, 2); if (!BoolOp_type) return 0; NamedExpr_type = make_type(""NamedExpr"", expr_type, NamedExpr_fields, 2); if (!NamedExpr_type) return 0; BinOp_type = make_type(""BinOp"", expr_type, BinOp_fields, 3); if (!BinOp_type) return 0; UnaryOp_type = make_type(""UnaryOp"", expr_type, UnaryOp_fields, 2); if (!UnaryOp_type) return 0; Lambda_type = make_type(""Lambda"", expr_type, Lambda_fields, 2); if (!Lambda_type) return 0; IfExp_type = make_type(""IfExp"", expr_type, IfExp_fields, 3); if (!IfExp_type) return 0; Dict_type = make_type(""Dict"", expr_type, Dict_fields, 2); if (!Dict_type) return 0; Set_type = make_type(""Set"", expr_type, Set_fields, 1); if (!Set_type) return 0; ListComp_type = make_type(""ListComp"", expr_type, ListComp_fields, 2); if (!ListComp_type) return 0; SetComp_type = make_type(""SetComp"", expr_type, SetComp_fields, 2); if (!SetComp_type) return 0; DictComp_type = make_type(""DictComp"", expr_type, DictComp_fields, 3); if (!DictComp_type) return 0; GeneratorExp_type = make_type(""GeneratorExp"", expr_type, GeneratorExp_fields, 2); if (!GeneratorExp_type) return 0; Await_type = make_type(""Await"", expr_type, Await_fields, 1); if (!Await_type) return 0; Yield_type = make_type(""Yield"", expr_type, Yield_fields, 1); if (!Yield_type) return 0; YieldFrom_type = make_type(""YieldFrom"", expr_type, YieldFrom_fields, 1); if (!YieldFrom_type) return 0; Compare_type = make_type(""Compare"", expr_type, Compare_fields, 3); if (!Compare_type) return 0; Call_type = make_type(""Call"", expr_type, Call_fields, 3); if (!Call_type) return 0; FormattedValue_type = make_type(""FormattedValue"", expr_type, FormattedValue_fields, 3); if (!FormattedValue_type) return 0; JoinedStr_type = make_type(""JoinedStr"", expr_type, JoinedStr_fields, 1); if (!JoinedStr_type) return 0; Constant_type = make_type(""Constant"", expr_type, Constant_fields, 1); if (!Constant_type) return 0; Attribute_type = make_type(""Attribute"", expr_type, Attribute_fields, 3); if (!Attribute_type) return 0; Subscript_type = make_type(""Subscript"", expr_type, Subscript_fields, 3); if (!Subscript_type) return 0; Starred_type = make_type(""Starred"", expr_type, Starred_fields, 2); if (!Starred_type) return 0; Name_type = make_type(""Name"", expr_type, Name_fields, 2); if (!Name_type) return 0; List_type = make_type(""List"", expr_type, List_fields, 2); if (!List_type) return 0; Tuple_type = make_type(""Tuple"", expr_type, Tuple_fields, 2); if (!Tuple_type) return 0; expr_context_type = make_type(""expr_context"", &AST_type, NULL, 0); if (!expr_context_type) return 0; if (!add_attributes(expr_context_type, NULL, 0)) return 0; Load_type = make_type(""Load"", expr_context_type, NULL, 0); if (!Load_type) return 0; Load_singleton = PyType_GenericNew(Load_type, NULL, NULL); if (!Load_singleton) return 0; Store_type = make_type(""Store"", expr_context_type, NULL, 0); if (!Store_type) return 0; Store_singleton = PyType_GenericNew(Store_type, NULL, NULL); if (!Store_singleton) return 0; Del_type = make_type(""Del"", expr_context_type, NULL, 0); if (!Del_type) return 0; Del_singleton = PyType_GenericNew(Del_type, NULL, NULL); if (!Del_singleton) return 0; AugLoad_type = make_type(""AugLoad"", expr_context_type, NULL, 0); if (!AugLoad_type) return 0; AugLoad_singleton = PyType_GenericNew(AugLoad_type, NULL, NULL); if (!AugLoad_singleton) return 0; AugStore_type = make_type(""AugStore"", expr_context_type, NULL, 0); if (!AugStore_type) return 0; AugStore_singleton = PyType_GenericNew(AugStore_type, NULL, NULL); if (!AugStore_singleton) return 0; Param_type = make_type(""Param"", expr_context_type, NULL, 0); if (!Param_type) return 0; Param_singleton = PyType_GenericNew(Param_type, NULL, NULL); if (!Param_singleton) return 0; NamedStore_type = make_type(""NamedStore"", expr_context_type, NULL, 0); if (!NamedStore_type) return 0; NamedStore_singleton = PyType_GenericNew(NamedStore_type, NULL, NULL); if (!NamedStore_singleton) return 0; slice_type = make_type(""slice"", &AST_type, NULL, 0); if (!slice_type) return 0; if (!add_attributes(slice_type, NULL, 0)) return 0; Slice_type = make_type(""Slice"", slice_type, Slice_fields, 3); if (!Slice_type) return 0; ExtSlice_type = make_type(""ExtSlice"", slice_type, ExtSlice_fields, 1); if (!ExtSlice_type) return 0; Index_type = make_type(""Index"", slice_type, Index_fields, 1); if (!Index_type) return 0; boolop_type = make_type(""boolop"", &AST_type, NULL, 0); if (!boolop_type) return 0; if (!add_attributes(boolop_type, NULL, 0)) return 0; And_type = make_type(""And"", boolop_type, NULL, 0); if (!And_type) return 0; And_singleton = PyType_GenericNew(And_type, NULL, NULL); if (!And_singleton) return 0; Or_type = make_type(""Or"", boolop_type, NULL, 0); if (!Or_type) return 0; Or_singleton = PyType_GenericNew(Or_type, NULL, NULL); if (!Or_singleton) return 0; operator_type = make_type(""operator"", &AST_type, NULL, 0); if (!operator_type) return 0; if (!add_attributes(operator_type, NULL, 0)) return 0; Add_type = make_type(""Add"", operator_type, NULL, 0); if (!Add_type) return 0; Add_singleton = PyType_GenericNew(Add_type, NULL, NULL); if (!Add_singleton) return 0; Sub_type = make_type(""Sub"", operator_type, NULL, 0); if (!Sub_type) return 0; Sub_singleton = PyType_GenericNew(Sub_type, NULL, NULL); if (!Sub_singleton) return 0; Mult_type = make_type(""Mult"", operator_type, NULL, 0); if (!Mult_type) return 0; Mult_singleton = PyType_GenericNew(Mult_type, NULL, NULL); if (!Mult_singleton) return 0; MatMult_type = make_type(""MatMult"", operator_type, NULL, 0); if (!MatMult_type) return 0; MatMult_singleton = PyType_GenericNew(MatMult_type, NULL, NULL); if (!MatMult_singleton) return 0; Div_type = make_type(""Div"", operator_type, NULL, 0); if (!Div_type) return 0; Div_singleton = PyType_GenericNew(Div_type, NULL, NULL); if (!Div_singleton) return 0; Mod_type = make_type(""Mod"", operator_type, NULL, 0); if (!Mod_type) return 0; Mod_singleton = PyType_GenericNew(Mod_type, NULL, NULL); if (!Mod_singleton) return 0; Pow_type = make_type(""Pow"", operator_type, NULL, 0); if (!Pow_type) return 0; Pow_singleton = PyType_GenericNew(Pow_type, NULL, NULL); if (!Pow_singleton) return 0; LShift_type = make_type(""LShift"", operator_type, NULL, 0); if (!LShift_type) return 0; LShift_singleton = PyType_GenericNew(LShift_type, NULL, NULL); if (!LShift_singleton) return 0; RShift_type = make_type(""RShift"", operator_type, NULL, 0); if (!RShift_type) return 0; RShift_singleton = PyType_GenericNew(RShift_type, NULL, NULL); if (!RShift_singleton) return 0; BitOr_type = make_type(""BitOr"", operator_type, NULL, 0); if (!BitOr_type) return 0; BitOr_singleton = PyType_GenericNew(BitOr_type, NULL, NULL); if (!BitOr_singleton) return 0; BitXor_type = make_type(""BitXor"", operator_type, NULL, 0); if (!BitXor_type) return 0; BitXor_singleton = PyType_GenericNew(BitXor_type, NULL, NULL); if (!BitXor_singleton) return 0; BitAnd_type = make_type(""BitAnd"", operator_type, NULL, 0); if (!BitAnd_type) return 0; BitAnd_singleton = PyType_GenericNew(BitAnd_type, NULL, NULL); if (!BitAnd_singleton) return 0; FloorDiv_type = make_type(""FloorDiv"", operator_type, NULL, 0); if (!FloorDiv_type) return 0; FloorDiv_singleton = PyType_GenericNew(FloorDiv_type, NULL, NULL); if (!FloorDiv_singleton) return 0; unaryop_type = make_type(""unaryop"", &AST_type, NULL, 0); if (!unaryop_type) return 0; if (!add_attributes(unaryop_type, NULL, 0)) return 0; Invert_type = make_type(""Invert"", unaryop_type, NULL, 0); if (!Invert_type) return 0; Invert_singleton = PyType_GenericNew(Invert_type, NULL, NULL); if (!Invert_singleton) return 0; Not_type = make_type(""Not"", unaryop_type, NULL, 0); if (!Not_type) return 0; Not_singleton = PyType_GenericNew(Not_type, NULL, NULL); if (!Not_singleton) return 0; UAdd_type = make_type(""UAdd"", unaryop_type, NULL, 0); if (!UAdd_type) return 0; UAdd_singleton = PyType_GenericNew(UAdd_type, NULL, NULL); if (!UAdd_singleton) return 0; USub_type = make_type(""USub"", unaryop_type, NULL, 0); if (!USub_type) return 0; USub_singleton = PyType_GenericNew(USub_type, NULL, NULL); if (!USub_singleton) return 0; cmpop_type = make_type(""cmpop"", &AST_type, NULL, 0); if (!cmpop_type) return 0; if (!add_attributes(cmpop_type, NULL, 0)) return 0; Eq_type = make_type(""Eq"", cmpop_type, NULL, 0); if (!Eq_type) return 0; Eq_singleton = PyType_GenericNew(Eq_type, NULL, NULL); if (!Eq_singleton) return 0; NotEq_type = make_type(""NotEq"", cmpop_type, NULL, 0); if (!NotEq_type) return 0; NotEq_singleton = PyType_GenericNew(NotEq_type, NULL, NULL); if (!NotEq_singleton) return 0; Lt_type = make_type(""Lt"", cmpop_type, NULL, 0); if (!Lt_type) return 0; Lt_singleton = PyType_GenericNew(Lt_type, NULL, NULL); if (!Lt_singleton) return 0; LtE_type = make_type(""LtE"", cmpop_type, NULL, 0); if (!LtE_type) return 0; LtE_singleton = PyType_GenericNew(LtE_type, NULL, NULL); if (!LtE_singleton) return 0; Gt_type = make_type(""Gt"", cmpop_type, NULL, 0); if (!Gt_type) return 0; Gt_singleton = PyType_GenericNew(Gt_type, NULL, NULL); if (!Gt_singleton) return 0; GtE_type = make_type(""GtE"", cmpop_type, NULL, 0); if (!GtE_type) return 0; GtE_singleton = PyType_GenericNew(GtE_type, NULL, NULL); if (!GtE_singleton) return 0; Is_type = make_type(""Is"", cmpop_type, NULL, 0); if (!Is_type) return 0; Is_singleton = PyType_GenericNew(Is_type, NULL, NULL); if (!Is_singleton) return 0; IsNot_type = make_type(""IsNot"", cmpop_type, NULL, 0); if (!IsNot_type) return 0; IsNot_singleton = PyType_GenericNew(IsNot_type, NULL, NULL); if (!IsNot_singleton) return 0; In_type = make_type(""In"", cmpop_type, NULL, 0); if (!In_type) return 0; In_singleton = PyType_GenericNew(In_type, NULL, NULL); if (!In_singleton) return 0; NotIn_type = make_type(""NotIn"", cmpop_type, NULL, 0); if (!NotIn_type) return 0; NotIn_singleton = PyType_GenericNew(NotIn_type, NULL, NULL); if (!NotIn_singleton) return 0; comprehension_type = make_type(""comprehension"", &AST_type, comprehension_fields, 4); if (!comprehension_type) return 0; if (!add_attributes(comprehension_type, NULL, 0)) return 0; excepthandler_type = make_type(""excepthandler"", &AST_type, NULL, 0); if (!excepthandler_type) return 0; if (!add_attributes(excepthandler_type, excepthandler_attributes, 4)) return 0; ExceptHandler_type = make_type(""ExceptHandler"", excepthandler_type, ExceptHandler_fields, 3); if (!ExceptHandler_type) return 0; arguments_type = make_type(""arguments"", &AST_type, arguments_fields, 6); if (!arguments_type) return 0; if (!add_attributes(arguments_type, NULL, 0)) return 0; arg_type = make_type(""arg"", &AST_type, arg_fields, 2); if (!arg_type) return 0; if (!add_attributes(arg_type, arg_attributes, 4)) return 0; keyword_type = make_type(""keyword"", &AST_type, keyword_fields, 2); if (!keyword_type) return 0; if (!add_attributes(keyword_type, NULL, 0)) return 0; alias_type = make_type(""alias"", &AST_type, alias_fields, 2); if (!alias_type) return 0; if (!add_attributes(alias_type, NULL, 0)) return 0; withitem_type = make_type(""withitem"", &AST_type, withitem_fields, 2); if (!withitem_type) return 0; if (!add_attributes(withitem_type, NULL, 0)) return 0; initialized = 1; return 1; }",visit repo url,Python/Python-ast.c,https://github.com/python/cpython,139927134042620,1 5792,['CWE-200'],"static int atrtr_ioctl(unsigned int cmd, void __user *arg) { struct rtentry rt; if (copy_from_user(&rt, arg, sizeof(rt))) return -EFAULT; switch (cmd) { case SIOCDELRT: if (rt.rt_dst.sa_family != AF_APPLETALK) return -EINVAL; return atrtr_delete(&((struct sockaddr_at *) &rt.rt_dst)->sat_addr); case SIOCADDRT: { struct net_device *dev = NULL; if (rt.rt_dev) { char name[IFNAMSIZ]; if (copy_from_user(name, rt.rt_dev, IFNAMSIZ-1)) return -EFAULT; name[IFNAMSIZ-1] = '\0'; dev = __dev_get_by_name(&init_net, name); if (!dev) return -ENODEV; } return atrtr_create(&rt, dev); } } return -EINVAL; }",linux-2.6,,,226413778867198168786595715797259123558,0 3167,['CWE-189'],"void jpc_mqdec_destroy(jpc_mqdec_t *mqdec) { if (mqdec->ctxs) { jas_free(mqdec->ctxs); } jas_free(mqdec); }",jasper,,,138429503460424965368972035171347133569,0 4880,['CWE-189'],"int ecryptfs_encrypt_and_encode_filename( char **encoded_name, size_t *encoded_name_size, struct ecryptfs_crypt_stat *crypt_stat, struct ecryptfs_mount_crypt_stat *mount_crypt_stat, const char *name, size_t name_size) { size_t encoded_name_no_prefix_size; int rc = 0; (*encoded_name) = NULL; (*encoded_name_size) = 0; if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES)) || (mount_crypt_stat && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) { struct ecryptfs_filename *filename; filename = kzalloc(sizeof(*filename), GFP_KERNEL); if (!filename) { printk(KERN_ERR ""%s: Out of memory whilst attempting "" ""to kzalloc [%zd] bytes\n"", __func__, sizeof(*filename)); rc = -ENOMEM; goto out; } filename->filename = (char *)name; filename->filename_size = name_size; rc = ecryptfs_encrypt_filename(filename, crypt_stat, mount_crypt_stat); if (rc) { printk(KERN_ERR ""%s: Error attempting to encrypt "" ""filename; rc = [%d]\n"", __func__, rc); kfree(filename); goto out; } ecryptfs_encode_for_filename( NULL, &encoded_name_no_prefix_size, filename->encrypted_filename, filename->encrypted_filename_size); if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCFN_USE_MOUNT_FNEK)) || (mount_crypt_stat && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) (*encoded_name_size) = (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE + encoded_name_no_prefix_size); else (*encoded_name_size) = (ECRYPTFS_FEK_ENCRYPTED_FILENAME_PREFIX_SIZE + encoded_name_no_prefix_size); (*encoded_name) = kmalloc((*encoded_name_size) + 1, GFP_KERNEL); if (!(*encoded_name)) { printk(KERN_ERR ""%s: Out of memory whilst attempting "" ""to kzalloc [%zd] bytes\n"", __func__, (*encoded_name_size)); rc = -ENOMEM; kfree(filename->encrypted_filename); kfree(filename); goto out; } if ((crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCFN_USE_MOUNT_FNEK)) || (mount_crypt_stat && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK))) { memcpy((*encoded_name), ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX, ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE); ecryptfs_encode_for_filename( ((*encoded_name) + ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE), &encoded_name_no_prefix_size, filename->encrypted_filename, filename->encrypted_filename_size); (*encoded_name_size) = (ECRYPTFS_FNEK_ENCRYPTED_FILENAME_PREFIX_SIZE + encoded_name_no_prefix_size); (*encoded_name)[(*encoded_name_size)] = '\0'; (*encoded_name_size)++; } else { rc = -ENOTSUPP; } if (rc) { printk(KERN_ERR ""%s: Error attempting to encode "" ""encrypted filename; rc = [%d]\n"", __func__, rc); kfree((*encoded_name)); (*encoded_name) = NULL; (*encoded_name_size) = 0; } kfree(filename->encrypted_filename); kfree(filename); } else { rc = ecryptfs_copy_filename(encoded_name, encoded_name_size, name, name_size); } out: return rc; }",linux-2.6,,,233269540622869007693356731526217879303,0 5185,['CWE-20'],"static void free_kvm_area(void) { int cpu; for_each_online_cpu(cpu) free_vmcs(per_cpu(vmxarea, cpu)); }",linux-2.6,,,329226422587775015751637133402988150155,0 3790,[],"static void unix_write_space(struct sock *sk) { read_lock(&sk->sk_callback_lock); if (unix_writable(sk)) { if (sk->sk_sleep && waitqueue_active(sk->sk_sleep)) wake_up_interruptible(sk->sk_sleep); sk_wake_async(sk, 2, POLL_OUT); } read_unlock(&sk->sk_callback_lock); }",linux-2.6,,,76604580217152553543796756236619925884,0 1403,[],"load_balance_fair(struct rq *this_rq, int this_cpu, struct rq *busiest, unsigned long max_load_move, struct sched_domain *sd, enum cpu_idle_type idle, int *all_pinned, int *this_best_prio) { struct cfs_rq *busy_cfs_rq; long rem_load_move = max_load_move; struct rq_iterator cfs_rq_iterator; cfs_rq_iterator.start = load_balance_start_fair; cfs_rq_iterator.next = load_balance_next_fair; for_each_leaf_cfs_rq(busiest, busy_cfs_rq) { #ifdef CONFIG_FAIR_GROUP_SCHED struct cfs_rq *this_cfs_rq; long imbalance; unsigned long maxload; this_cfs_rq = cpu_cfs_rq(busy_cfs_rq, this_cpu); imbalance = busy_cfs_rq->load.weight - this_cfs_rq->load.weight; if (imbalance <= 0) continue; imbalance /= 2; maxload = min(rem_load_move, imbalance); *this_best_prio = cfs_rq_best_prio(this_cfs_rq); #else # define maxload rem_load_move #endif cfs_rq_iterator.arg = busy_cfs_rq; rem_load_move -= balance_tasks(this_rq, this_cpu, busiest, maxload, sd, idle, all_pinned, this_best_prio, &cfs_rq_iterator); if (rem_load_move <= 0) break; } return max_load_move - rem_load_move; }",linux-2.6,,,266686809958089973035522874836781212634,0 2854,['CWE-119'],"static void deny_bits_array(struct posix_ace_state_array *a, u32 mask) { int i; for (i=0; i < a->n; i++) deny_bits(&a->aces[i].perms, mask); }",linux-2.6,,,139516997017345170277449233616386608492,0 4465,['CWE-264'],"static int skfp_open(struct net_device *dev) { struct s_smc *smc = netdev_priv(dev); int err; PRINTK(KERN_INFO ""entering skfp_open\n""); err = request_irq(dev->irq, skfp_interrupt, IRQF_SHARED, dev->name, dev); if (err) return err; read_address(smc, NULL); memcpy(dev->dev_addr, smc->hw.fddi_canon_addr.a, 6); init_smt(smc, NULL); smt_online(smc, 1); STI_FBI(); mac_clear_multicast(smc); mac_drv_rx_mode(smc, RX_DISABLE_PROMISC); netif_start_queue(dev); return (0); } ",linux-2.6,,,54135508646175106984819859929828044427,0 5837,CWE-125,"PJ_DEF(pj_status_t) pjmedia_rtcp_fb_parse_nack( const void *buf, pj_size_t length, unsigned *nack_cnt, pjmedia_rtcp_fb_nack nack[]) { pjmedia_rtcp_common *hdr = (pjmedia_rtcp_common*) buf; pj_uint8_t *p; unsigned cnt, i; PJ_ASSERT_RETURN(buf && nack_cnt && nack, PJ_EINVAL); PJ_ASSERT_RETURN(length >= sizeof(pjmedia_rtcp_common), PJ_ETOOSMALL); if (hdr->pt != RTCP_RTPFB || hdr->count != 1) return PJ_ENOTFOUND; cnt = pj_ntohs((pj_uint16_t)hdr->length) - 2; if (length < (cnt+3)*4) return PJ_ETOOSMALL; *nack_cnt = PJ_MIN(*nack_cnt, cnt); p = (pj_uint8_t*)hdr + sizeof(*hdr); for (i = 0; i < *nack_cnt; ++i) { pj_uint16_t val; pj_memcpy(&val, p, 2); nack[i].pid = pj_ntohs(val); pj_memcpy(&val, p+2, 2); nack[i].blp = pj_ntohs(val); p += 4; } return PJ_SUCCESS; }",visit repo url,pjmedia/src/pjmedia/rtcp_fb.c,https://github.com/pjsip/pjproject,27740087355337,1 2491,['CWE-119'],"static inline int diff_might_be_rename(void) { return diff_queued_diff.nr == 1 && !DIFF_FILE_VALID(diff_queued_diff.queue[0]->one); }",git,,,98369740930308777336059640524547777718,0 2767,CWE-400,"static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof) { char *ksep, *vsep, *val; size_t klen, vlen; size_t new_vlen; if (var->ptr >= var->end) { return 0; } vsep = memchr(var->ptr, '&', var->end - var->ptr); if (!vsep) { if (!eof) { return 0; } else { vsep = var->end; } } ksep = memchr(var->ptr, '=', vsep - var->ptr); if (ksep) { *ksep = '\0'; klen = ksep - var->ptr; vlen = vsep - ++ksep; } else { ksep = """"; klen = vsep - var->ptr; vlen = 0; } php_url_decode(var->ptr, klen); val = estrndup(ksep, vlen); if (vlen) { vlen = php_url_decode(val, vlen); } if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen)) { php_register_variable_safe(var->ptr, val, new_vlen, arr); } efree(val); var->ptr = vsep + (vsep != var->end); return 1; }",visit repo url,main/php_variables.c,https://github.com/php/php-src,265141855322736,1 1754,CWE-119,"check_compat_entry_size_and_hooks(struct compat_arpt_entry *e, struct xt_table_info *newinfo, unsigned int *size, const unsigned char *base, const unsigned char *limit, const unsigned int *hook_entries, const unsigned int *underflows, const char *name) { struct xt_entry_target *t; struct xt_target *target; unsigned int entry_offset; int ret, off, h; duprintf(""check_compat_entry_size_and_hooks %p\n"", e); if ((unsigned long)e % __alignof__(struct compat_arpt_entry) != 0 || (unsigned char *)e + sizeof(struct compat_arpt_entry) >= limit) { duprintf(""Bad offset %p, limit = %p\n"", e, limit); return -EINVAL; } if (e->next_offset < sizeof(struct compat_arpt_entry) + sizeof(struct compat_xt_entry_target)) { duprintf(""checking: element %p size %u\n"", e, e->next_offset); return -EINVAL; } ret = check_entry((struct arpt_entry *)e); if (ret) return ret; off = sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry); entry_offset = (void *)e - (void *)base; t = compat_arpt_get_target(e); target = xt_request_find_target(NFPROTO_ARP, t->u.user.name, t->u.user.revision); if (IS_ERR(target)) { duprintf(""check_compat_entry_size_and_hooks: `%s' not found\n"", t->u.user.name); ret = PTR_ERR(target); goto out; } t->u.kernel.target = target; off += xt_compat_target_offset(target); *size += off; ret = xt_compat_add_offset(NFPROTO_ARP, entry_offset, off); if (ret) goto release_target; for (h = 0; h < NF_ARP_NUMHOOKS; h++) { if ((unsigned char *)e - base == hook_entries[h]) newinfo->hook_entry[h] = hook_entries[h]; if ((unsigned char *)e - base == underflows[h]) newinfo->underflow[h] = underflows[h]; } memset(&e->counters, 0, sizeof(e->counters)); e->comefrom = 0; return 0; release_target: module_put(t->u.kernel.target->me); out: return ret; }",visit repo url,net/ipv4/netfilter/arp_tables.c,https://github.com/torvalds/linux,112833058446025,1 5698,['CWE-200'],"static int llc_ui_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) { struct sock *sk = sock->sk; struct llc_sock *llc = llc_sk(sk); int rc = -EINVAL, opt; lock_sock(sk); if (unlikely(level != SOL_LLC || optlen != sizeof(int))) goto out; rc = get_user(opt, (int __user *)optval); if (rc) goto out; rc = -EINVAL; switch (optname) { case LLC_OPT_RETRY: if (opt > LLC_OPT_MAX_RETRY) goto out; llc->n2 = opt; break; case LLC_OPT_SIZE: if (opt > LLC_OPT_MAX_SIZE) goto out; llc->n1 = opt; break; case LLC_OPT_ACK_TMR_EXP: if (opt > LLC_OPT_MAX_ACK_TMR_EXP) goto out; llc->ack_timer.expire = opt * HZ; break; case LLC_OPT_P_TMR_EXP: if (opt > LLC_OPT_MAX_P_TMR_EXP) goto out; llc->pf_cycle_timer.expire = opt * HZ; break; case LLC_OPT_REJ_TMR_EXP: if (opt > LLC_OPT_MAX_REJ_TMR_EXP) goto out; llc->rej_sent_timer.expire = opt * HZ; break; case LLC_OPT_BUSY_TMR_EXP: if (opt > LLC_OPT_MAX_BUSY_TMR_EXP) goto out; llc->busy_state_timer.expire = opt * HZ; break; case LLC_OPT_TX_WIN: if (opt > LLC_OPT_MAX_WIN) goto out; llc->k = opt; break; case LLC_OPT_RX_WIN: if (opt > LLC_OPT_MAX_WIN) goto out; llc->rw = opt; break; default: rc = -ENOPROTOOPT; goto out; } rc = 0; out: release_sock(sk); return rc; }",linux-2.6,,,19587184757986004130602499735703414882,0 2466,CWE-200,"raptor_libxml_getEntity(void* user_data, const xmlChar *name) { raptor_sax2* sax2 = (raptor_sax2*)user_data; return libxml2_getEntity(sax2->xc, name); }",visit repo url,src/raptor_libxml.c,https://github.com/dajobe/raptor,197054779318675,1 5713,['CWE-200'],"static int llc_ui_shutdown(struct socket *sock, int how) { struct sock *sk = sock->sk; int rc = -ENOTCONN; lock_sock(sk); if (unlikely(sk->sk_state != TCP_ESTABLISHED)) goto out; rc = -EINVAL; if (how != 2) goto out; rc = llc_send_disc(sk); if (!rc) rc = llc_ui_wait_for_disc(sk, sk->sk_rcvtimeo); sk->sk_state_change(sk); out: release_sock(sk); return rc; }",linux-2.6,,,275405257452466102315093561546857077779,0 3098,['CWE-189'],"static void jas_cmpxform_destroy(jas_cmpxform_t *pxform) { if (--pxform->refcnt <= 0) { (*pxform->ops->destroy)(pxform); jas_free(pxform); } }",jasper,,,21420239541986678084845286908534844306,0 4418,['CWE-264'],"void sock_rfree(struct sk_buff *skb) { struct sock *sk = skb->sk; skb_truesize_check(skb); atomic_sub(skb->truesize, &sk->sk_rmem_alloc); sk_mem_uncharge(skb->sk, skb->truesize); }",linux-2.6,,,278534460464355023554000063605146111978,0 4352,['CWE-399'],"long keyctl_setperm_key(key_serial_t id, key_perm_t perm) { struct key *key; key_ref_t key_ref; long ret; ret = -EINVAL; if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) goto error; key_ref = lookup_user_key(id, 1, 1, KEY_SETATTR); if (IS_ERR(key_ref)) { ret = PTR_ERR(key_ref); goto error; } key = key_ref_to_ptr(key_ref); ret = -EACCES; down_write(&key->sem); if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) { key->perm = perm; ret = 0; } up_write(&key->sem); key_put(key); error: return ret; } ",linux-2.6,,,311303692275520879297251593071955470287,0 1429,[],"load_balance_fair(struct rq *this_rq, int this_cpu, struct rq *busiest, unsigned long max_load_move, struct sched_domain *sd, enum cpu_idle_type idle, int *all_pinned, int *this_best_prio) { return __load_balance_fair(this_rq, this_cpu, busiest, max_load_move, sd, idle, all_pinned, this_best_prio, &busiest->cfs); }",linux-2.6,,,201974903590701334263685559777848445042,0 3754,CWE-416,"int yr_execute_code( YR_RULES* rules, YR_SCAN_CONTEXT* context, int timeout, time_t start_time) { int64_t mem[MEM_SIZE]; int32_t sp = 0; uint8_t* ip = rules->code_start; YR_VALUE args[MAX_FUNCTION_ARGS]; YR_VALUE *stack; YR_VALUE r1; YR_VALUE r2; YR_VALUE r3; #ifdef PROFILING_ENABLED YR_RULE* current_rule = NULL; #endif YR_RULE* rule; YR_MATCH* match; YR_OBJECT_FUNCTION* function; char* identifier; char* args_fmt; int i; int found; int count; int result = ERROR_SUCCESS; int stop = FALSE; int cycle = 0; int tidx = context->tidx; int stack_size; #ifdef PROFILING_ENABLED clock_t start = clock(); #endif yr_get_configuration(YR_CONFIG_STACK_SIZE, (void*) &stack_size); stack = (YR_VALUE*) yr_malloc(stack_size * sizeof(YR_VALUE)); if (stack == NULL) return ERROR_INSUFFICIENT_MEMORY; while(!stop) { switch(*ip) { case OP_NOP: break; case OP_HALT: assert(sp == 0); stop = TRUE; break; case OP_PUSH: r1.i = *(uint64_t*)(ip + 1); ip += sizeof(uint64_t); push(r1); break; case OP_POP: pop(r1); break; case OP_CLEAR_M: r1.i = *(uint64_t*)(ip + 1); ip += sizeof(uint64_t); mem[r1.i] = 0; break; case OP_ADD_M: r1.i = *(uint64_t*)(ip + 1); ip += sizeof(uint64_t); pop(r2); if (!is_undef(r2)) mem[r1.i] += r2.i; break; case OP_INCR_M: r1.i = *(uint64_t*)(ip + 1); ip += sizeof(uint64_t); mem[r1.i]++; break; case OP_PUSH_M: r1.i = *(uint64_t*)(ip + 1); ip += sizeof(uint64_t); r1.i = mem[r1.i]; push(r1); break; case OP_POP_M: r1.i = *(uint64_t*)(ip + 1); ip += sizeof(uint64_t); pop(r2); mem[r1.i] = r2.i; break; case OP_SWAPUNDEF: r1.i = *(uint64_t*)(ip + 1); ip += sizeof(uint64_t); pop(r2); if (is_undef(r2)) { r1.i = mem[r1.i]; push(r1); } else { push(r2); } break; case OP_JNUNDEF: pop(r1); push(r1); ip = jmp_if(!is_undef(r1), ip); break; case OP_JLE: pop(r2); pop(r1); push(r1); push(r2); ip = jmp_if(r1.i <= r2.i, ip); break; case OP_JTRUE: pop(r1); push(r1); ip = jmp_if(!is_undef(r1) && r1.i, ip); break; case OP_JFALSE: pop(r1); push(r1); ip = jmp_if(is_undef(r1) || !r1.i, ip); break; case OP_AND: pop(r2); pop(r1); if (is_undef(r1) || is_undef(r2)) r1.i = 0; else r1.i = r1.i && r2.i; push(r1); break; case OP_OR: pop(r2); pop(r1); if (is_undef(r1)) { push(r2); } else if (is_undef(r2)) { push(r1); } else { r1.i = r1.i || r2.i; push(r1); } break; case OP_NOT: pop(r1); if (is_undef(r1)) r1.i = UNDEFINED; else r1.i= !r1.i; push(r1); break; case OP_MOD: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); if (r2.i != 0) r1.i = r1.i % r2.i; else r1.i = UNDEFINED; push(r1); break; case OP_SHR: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i >> r2.i; push(r1); break; case OP_SHL: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i << r2.i; push(r1); break; case OP_BITWISE_NOT: pop(r1); ensure_defined(r1); r1.i = ~r1.i; push(r1); break; case OP_BITWISE_AND: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i & r2.i; push(r1); break; case OP_BITWISE_OR: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i | r2.i; push(r1); break; case OP_BITWISE_XOR: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i ^ r2.i; push(r1); break; case OP_PUSH_RULE: rule = *(YR_RULE**)(ip + 1); ip += sizeof(uint64_t); r1.i = rule->t_flags[tidx] & RULE_TFLAGS_MATCH ? 1 : 0; push(r1); break; case OP_INIT_RULE: #ifdef PROFILING_ENABLED current_rule = *(YR_RULE**)(ip + 1); #endif ip += sizeof(uint64_t); break; case OP_MATCH_RULE: pop(r1); rule = *(YR_RULE**)(ip + 1); ip += sizeof(uint64_t); if (!is_undef(r1) && r1.i) rule->t_flags[tidx] |= RULE_TFLAGS_MATCH; else if (RULE_IS_GLOBAL(rule)) rule->ns->t_flags[tidx] |= NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL; #ifdef PROFILING_ENABLED rule->clock_ticks += clock() - start; start = clock(); #endif break; case OP_OBJ_LOAD: identifier = *(char**)(ip + 1); ip += sizeof(uint64_t); r1.o = (YR_OBJECT*) yr_hash_table_lookup( context->objects_table, identifier, NULL); assert(r1.o != NULL); push(r1); break; case OP_OBJ_FIELD: identifier = *(char**)(ip + 1); ip += sizeof(uint64_t); pop(r1); ensure_defined(r1); r1.o = yr_object_lookup_field(r1.o, identifier); assert(r1.o != NULL); push(r1); break; case OP_OBJ_VALUE: pop(r1); ensure_defined(r1); switch(r1.o->type) { case OBJECT_TYPE_INTEGER: r1.i = ((YR_OBJECT_INTEGER*) r1.o)->value; break; case OBJECT_TYPE_FLOAT: if (isnan(((YR_OBJECT_DOUBLE*) r1.o)->value)) r1.i = UNDEFINED; else r1.d = ((YR_OBJECT_DOUBLE*) r1.o)->value; break; case OBJECT_TYPE_STRING: if (((YR_OBJECT_STRING*) r1.o)->value == NULL) r1.i = UNDEFINED; else r1.p = ((YR_OBJECT_STRING*) r1.o)->value; break; default: assert(FALSE); } push(r1); break; case OP_INDEX_ARRAY: pop(r1); pop(r2); ensure_defined(r1); ensure_defined(r2); assert(r2.o->type == OBJECT_TYPE_ARRAY); r1.o = yr_object_array_get_item(r2.o, 0, (int) r1.i); if (r1.o == NULL) r1.i = UNDEFINED; push(r1); break; case OP_LOOKUP_DICT: pop(r1); pop(r2); ensure_defined(r1); ensure_defined(r2); assert(r2.o->type == OBJECT_TYPE_DICTIONARY); r1.o = yr_object_dict_get_item( r2.o, 0, r1.ss->c_string); if (r1.o == NULL) r1.i = UNDEFINED; push(r1); break; case OP_CALL: args_fmt = *(char**)(ip + 1); ip += sizeof(uint64_t); i = (int) strlen(args_fmt); count = 0; while (i > 0) { pop(r1); if (is_undef(r1)) count++; args[i - 1] = r1; i--; } pop(r2); ensure_defined(r2); if (count > 0) { r1.i = UNDEFINED; push(r1); break; } function = (YR_OBJECT_FUNCTION*) r2.o; result = ERROR_INTERNAL_FATAL_ERROR; for (i = 0; i < MAX_OVERLOADED_FUNCTIONS; i++) { if (function->prototypes[i].arguments_fmt == NULL) break; if (strcmp(function->prototypes[i].arguments_fmt, args_fmt) == 0) { result = function->prototypes[i].code(args, context, function); break; } } assert(i < MAX_OVERLOADED_FUNCTIONS); if (result == ERROR_SUCCESS) { r1.o = function->return_obj; push(r1); } else { stop = TRUE; } break; case OP_FOUND: pop(r1); r1.i = r1.s->matches[tidx].tail != NULL ? 1 : 0; push(r1); break; case OP_FOUND_AT: pop(r2); pop(r1); if (is_undef(r1)) { r1.i = 0; push(r1); break; } match = r2.s->matches[tidx].head; r3.i = FALSE; while (match != NULL) { if (r1.i == match->base + match->offset) { r3.i = TRUE; break; } if (r1.i < match->base + match->offset) break; match = match->next; } push(r3); break; case OP_FOUND_IN: pop(r3); pop(r2); pop(r1); ensure_defined(r1); ensure_defined(r2); match = r3.s->matches[tidx].head; r3.i = FALSE; while (match != NULL && !r3.i) { if (match->base + match->offset >= r1.i && match->base + match->offset <= r2.i) { r3.i = TRUE; } if (match->base + match->offset > r2.i) break; match = match->next; } push(r3); break; case OP_COUNT: pop(r1); r1.i = r1.s->matches[tidx].count; push(r1); break; case OP_OFFSET: pop(r2); pop(r1); ensure_defined(r1); match = r2.s->matches[tidx].head; i = 1; r3.i = UNDEFINED; while (match != NULL && r3.i == UNDEFINED) { if (r1.i == i) r3.i = match->base + match->offset; i++; match = match->next; } push(r3); break; case OP_LENGTH: pop(r2); pop(r1); ensure_defined(r1); match = r2.s->matches[tidx].head; i = 1; r3.i = UNDEFINED; while (match != NULL && r3.i == UNDEFINED) { if (r1.i == i) r3.i = match->match_length; i++; match = match->next; } push(r3); break; case OP_OF: found = 0; count = 0; pop(r1); while (!is_undef(r1)) { if (r1.s->matches[tidx].tail != NULL) found++; count++; pop(r1); } pop(r2); if (is_undef(r2)) r1.i = found >= count ? 1 : 0; else r1.i = found >= r2.i ? 1 : 0; push(r1); break; case OP_FILESIZE: r1.i = context->file_size; push(r1); break; case OP_ENTRYPOINT: r1.i = context->entry_point; push(r1); break; case OP_INT8: pop(r1); r1.i = read_int8_t_little_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_INT16: pop(r1); r1.i = read_int16_t_little_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_INT32: pop(r1); r1.i = read_int32_t_little_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_UINT8: pop(r1); r1.i = read_uint8_t_little_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_UINT16: pop(r1); r1.i = read_uint16_t_little_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_UINT32: pop(r1); r1.i = read_uint32_t_little_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_INT8BE: pop(r1); r1.i = read_int8_t_big_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_INT16BE: pop(r1); r1.i = read_int16_t_big_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_INT32BE: pop(r1); r1.i = read_int32_t_big_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_UINT8BE: pop(r1); r1.i = read_uint8_t_big_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_UINT16BE: pop(r1); r1.i = read_uint16_t_big_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_UINT32BE: pop(r1); r1.i = read_uint32_t_big_endian(context->iterator, (size_t) r1.i); push(r1); break; case OP_CONTAINS: pop(r2); pop(r1); ensure_defined(r1); ensure_defined(r2); r1.i = memmem(r1.ss->c_string, r1.ss->length, r2.ss->c_string, r2.ss->length) != NULL; push(r1); break; case OP_IMPORT: r1.i = *(uint64_t*)(ip + 1); ip += sizeof(uint64_t); result = yr_modules_load((char*) r1.p, context); if (result != ERROR_SUCCESS) stop = TRUE; break; case OP_MATCHES: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); if (r1.ss->length == 0) { r1.i = FALSE; push(r1); break; } result = yr_re_exec( (uint8_t*) r2.re->code, (uint8_t*) r1.ss->c_string, r1.ss->length, 0, r2.re->flags | RE_FLAGS_SCAN, NULL, NULL, &found); if (result != ERROR_SUCCESS) stop = TRUE; r1.i = found >= 0; push(r1); break; case OP_INT_TO_DBL: r1.i = *(uint64_t*)(ip + 1); ip += sizeof(uint64_t); r2 = stack[sp - r1.i]; if (is_undef(r2)) stack[sp - r1.i].i = UNDEFINED; else stack[sp - r1.i].d = (double) r2.i; break; case OP_STR_TO_BOOL: pop(r1); ensure_defined(r1); r1.i = r1.ss->length > 0; push(r1); break; case OP_INT_EQ: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i == r2.i; push(r1); break; case OP_INT_NEQ: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i != r2.i; push(r1); break; case OP_INT_LT: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i < r2.i; push(r1); break; case OP_INT_GT: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i > r2.i; push(r1); break; case OP_INT_LE: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i <= r2.i; push(r1); break; case OP_INT_GE: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i >= r2.i; push(r1); break; case OP_INT_ADD: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i + r2.i; push(r1); break; case OP_INT_SUB: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i - r2.i; push(r1); break; case OP_INT_MUL: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.i * r2.i; push(r1); break; case OP_INT_DIV: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); if (r2.i != 0) r1.i = r1.i / r2.i; else r1.i = UNDEFINED; push(r1); break; case OP_INT_MINUS: pop(r1); ensure_defined(r1); r1.i = -r1.i; push(r1); break; case OP_DBL_LT: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.d < r2.d; push(r1); break; case OP_DBL_GT: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.d > r2.d; push(r1); break; case OP_DBL_LE: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.d <= r2.d; push(r1); break; case OP_DBL_GE: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.d >= r2.d; push(r1); break; case OP_DBL_EQ: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.d == r2.d; push(r1); break; case OP_DBL_NEQ: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.i = r1.d != r2.d; push(r1); break; case OP_DBL_ADD: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.d = r1.d + r2.d; push(r1); break; case OP_DBL_SUB: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.d = r1.d - r2.d; push(r1); break; case OP_DBL_MUL: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.d = r1.d * r2.d; push(r1); break; case OP_DBL_DIV: pop(r2); pop(r1); ensure_defined(r2); ensure_defined(r1); r1.d = r1.d / r2.d; push(r1); break; case OP_DBL_MINUS: pop(r1); ensure_defined(r1); r1.d = -r1.d; push(r1); break; case OP_STR_EQ: case OP_STR_NEQ: case OP_STR_LT: case OP_STR_LE: case OP_STR_GT: case OP_STR_GE: pop(r2); pop(r1); ensure_defined(r1); ensure_defined(r2); switch(*ip) { case OP_STR_EQ: r1.i = (sized_string_cmp(r1.ss, r2.ss) == 0); break; case OP_STR_NEQ: r1.i = (sized_string_cmp(r1.ss, r2.ss) != 0); break; case OP_STR_LT: r1.i = (sized_string_cmp(r1.ss, r2.ss) < 0); break; case OP_STR_LE: r1.i = (sized_string_cmp(r1.ss, r2.ss) <= 0); break; case OP_STR_GT: r1.i = (sized_string_cmp(r1.ss, r2.ss) > 0); break; case OP_STR_GE: r1.i = (sized_string_cmp(r1.ss, r2.ss) >= 0); break; } push(r1); break; default: assert(FALSE); } if (timeout > 0) { if (++cycle == 10) { if (difftime(time(NULL), start_time) > timeout) { #ifdef PROFILING_ENABLED assert(current_rule != NULL); current_rule->clock_ticks += clock() - start; #endif result = ERROR_SCAN_TIMEOUT; stop = TRUE; } cycle = 0; } } ip++; } yr_modules_unload_all(context); yr_free(stack); return result;",visit repo url,libyara/exec.c,https://github.com/VirusTotal/yara,242984273168805,1 2567,[],"static void prepare_attr_stack(const char *path, int dirlen) { struct attr_stack *elem, *info; int len; struct strbuf pathbuf; strbuf_init(&pathbuf, dirlen+2+strlen(GITATTRIBUTES_FILE)); if (!attr_stack) bootstrap_attr_stack(); info = attr_stack; attr_stack = info->prev; while (attr_stack && attr_stack->origin) { int namelen = strlen(attr_stack->origin); elem = attr_stack; if (namelen <= dirlen && !strncmp(elem->origin, path, namelen)) break; debug_pop(elem); attr_stack = elem->prev; free_attr_elem(elem); } if (!is_bare_repository()) { while (1) { char *cp; len = strlen(attr_stack->origin); if (dirlen <= len) break; strbuf_reset(&pathbuf); strbuf_add(&pathbuf, path, dirlen); strbuf_addch(&pathbuf, '/'); cp = strchr(pathbuf.buf + len + 1, '/'); strcpy(cp + 1, GITATTRIBUTES_FILE); elem = read_attr(pathbuf.buf, 0); *cp = '\0'; elem->origin = strdup(pathbuf.buf); elem->prev = attr_stack; attr_stack = elem; debug_push(elem); } } info->prev = attr_stack; attr_stack = info; }",git,,,69932965146699713724359913865999334239,0 385,CWE-416,"static int ipxitf_ioctl(unsigned int cmd, void __user *arg) { int rc = -EINVAL; struct ifreq ifr; int val; switch (cmd) { case SIOCSIFADDR: { struct sockaddr_ipx *sipx; struct ipx_interface_definition f; rc = -EFAULT; if (copy_from_user(&ifr, arg, sizeof(ifr))) break; sipx = (struct sockaddr_ipx *)&ifr.ifr_addr; rc = -EINVAL; if (sipx->sipx_family != AF_IPX) break; f.ipx_network = sipx->sipx_network; memcpy(f.ipx_device, ifr.ifr_name, sizeof(f.ipx_device)); memcpy(f.ipx_node, sipx->sipx_node, IPX_NODE_LEN); f.ipx_dlink_type = sipx->sipx_type; f.ipx_special = sipx->sipx_special; if (sipx->sipx_action == IPX_DLTITF) rc = ipxitf_delete(&f); else rc = ipxitf_create(&f); break; } case SIOCGIFADDR: { struct sockaddr_ipx *sipx; struct ipx_interface *ipxif; struct net_device *dev; rc = -EFAULT; if (copy_from_user(&ifr, arg, sizeof(ifr))) break; sipx = (struct sockaddr_ipx *)&ifr.ifr_addr; dev = __dev_get_by_name(&init_net, ifr.ifr_name); rc = -ENODEV; if (!dev) break; ipxif = ipxitf_find_using_phys(dev, ipx_map_frame_type(sipx->sipx_type)); rc = -EADDRNOTAVAIL; if (!ipxif) break; sipx->sipx_family = AF_IPX; sipx->sipx_network = ipxif->if_netnum; memcpy(sipx->sipx_node, ipxif->if_node, sizeof(sipx->sipx_node)); rc = -EFAULT; if (copy_to_user(arg, &ifr, sizeof(ifr))) break; ipxitf_put(ipxif); rc = 0; break; } case SIOCAIPXITFCRT: rc = -EFAULT; if (get_user(val, (unsigned char __user *) arg)) break; rc = 0; ipxcfg_auto_create_interfaces = val; break; case SIOCAIPXPRISLT: rc = -EFAULT; if (get_user(val, (unsigned char __user *) arg)) break; rc = 0; ipxcfg_set_auto_select(val); break; } return rc; }",visit repo url,net/ipx/af_ipx.c,https://github.com/torvalds/linux,68329283807246,1 4552,CWE-122,"void id3dmx_flush(GF_Filter *filter, u8 *id3_buf, u32 id3_buf_size, GF_FilterPid *audio_pid, GF_FilterPid **video_pid_p) { GF_BitStream *bs = gf_bs_new(id3_buf, id3_buf_size, GF_BITSTREAM_READ); char *sep_desc; char *_buf=NULL; u32 buf_alloc=0; gf_bs_skip_bytes(bs, 3); gf_bs_read_u8(bs); gf_bs_read_u8(bs); gf_bs_read_int(bs, 1); u8 ext_hdr = gf_bs_read_int(bs, 1); gf_bs_read_int(bs, 6); u32 size = gf_id3_read_size(bs); if (ext_hdr) { } while (size && (gf_bs_available(bs)>=10) ) { char *buf; char szTag[1024]; char *sep; s32 tag_idx; u32 pic_size; u32 ftag = gf_bs_read_u32(bs); u32 fsize = gf_id3_read_size(bs); gf_bs_read_u16(bs); size -= 10; if (!fsize) break; if (size=0) { const char *tag_name = gf_itags_get_name((u32) tag_idx); id3dmx_set_string(audio_pid, (char *) tag_name, buf+1, GF_FALSE); } else { sprintf(szTag, ""tag_%s"", gf_4cc_to_str(ftag)); if ((ftag>>24) == 'T') { id3dmx_set_string(audio_pid, szTag, buf+1, GF_TRUE); } else { gf_filter_pid_set_property_dyn(audio_pid, szTag, &PROP_DATA(buf, fsize) ); } } size -= fsize; } gf_bs_del(bs); if (_buf) gf_free(_buf); }",visit repo url,src/filters/reframe_mp3.c,https://github.com/gpac/gpac,105718509423913,1 1337,NVD-CWE-Other,"static inline int ccid_hc_rx_getsockopt(struct ccid *ccid, struct sock *sk, const int optname, int len, u32 __user *optval, int __user *optlen) { int rc = -ENOPROTOOPT; if (ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL) rc = ccid->ccid_ops->ccid_hc_rx_getsockopt(sk, optname, len, optval, optlen); return rc; }",visit repo url,net/dccp/ccid.h,https://github.com/torvalds/linux,51798961720321,1 3773,CWE-119,"rtadv_read (struct thread *thread) { int sock; int len; u_char buf[RTADV_MSG_SIZE]; struct sockaddr_in6 from; ifindex_t ifindex = 0; int hoplimit = -1; struct zebra_vrf *zvrf = THREAD_ARG (thread); sock = THREAD_FD (thread); zvrf->rtadv.ra_read = NULL; rtadv_event (zvrf, RTADV_READ, sock); len = rtadv_recv_packet (sock, buf, BUFSIZ, &from, &ifindex, &hoplimit); if (len < 0) { zlog_warn (""router solicitation recv failed: %s."", safe_strerror (errno)); return len; } rtadv_process_packet (buf, (unsigned)len, ifindex, hoplimit, zvrf->vrf_id); return 0; }",visit repo url,zebra/rtadv.c,https://github.com/Quagga/quagga,62731001700840,1 1232,[],"m4_traceon (struct obstack *obs, int argc, token_data **argv) { symbol *s; int i; if (argc == 1) hack_all_symbols (set_trace, obs); else for (i = 1; i < argc; i++) { s = lookup_symbol (TOKEN_DATA_TEXT (argv[i]), SYMBOL_INSERT); set_trace (s, obs); } }",m4,,,244105217062731585170994085040506986448,0 501,CWE-476,"static struct o2nm_cluster *to_o2nm_cluster_from_node(struct o2nm_node *node) { return to_o2nm_cluster(node->nd_item.ci_parent->ci_parent); }",visit repo url,fs/ocfs2/cluster/nodemanager.c,https://github.com/torvalds/linux,93315839893750,1 1545,[]," __acquires(this_rq->lock) { int ret = 0; if (unlikely(!irqs_disabled())) { spin_unlock(&this_rq->lock); BUG_ON(1); } if (unlikely(!spin_trylock(&busiest->lock))) { if (busiest < this_rq) { spin_unlock(&this_rq->lock); spin_lock(&busiest->lock); spin_lock(&this_rq->lock); ret = 1; } else spin_lock(&busiest->lock); } return ret; }",linux-2.6,,,9861174195601114427666484468930753697,0 2115,CWE-400,"int __usb_get_extra_descriptor(char *buffer, unsigned size, unsigned char type, void **ptr) { struct usb_descriptor_header *header; while (size >= sizeof(struct usb_descriptor_header)) { header = (struct usb_descriptor_header *)buffer; if (header->bLength < 2) { printk(KERN_ERR ""%s: bogus descriptor, type %d length %d\n"", usbcore_name, header->bDescriptorType, header->bLength); return -1; } if (header->bDescriptorType == type) { *ptr = header; return 0; } buffer += header->bLength; size -= header->bLength; } return -1; }",visit repo url,drivers/usb/core/usb.c,https://github.com/torvalds/linux,158169974274345,1 3752,CWE-125,"int yr_re_fast_exec( uint8_t* code, uint8_t* input_data, size_t input_size, int flags, RE_MATCH_CALLBACK_FUNC callback, void* callback_args) { RE_REPEAT_ANY_ARGS* repeat_any_args; uint8_t* code_stack[MAX_FAST_RE_STACK]; uint8_t* input_stack[MAX_FAST_RE_STACK]; int matches_stack[MAX_FAST_RE_STACK]; uint8_t* ip = code; uint8_t* input = input_data; uint8_t* next_input; uint8_t* next_opcode; uint8_t mask; uint8_t value; int i; int stop; int input_incr; int sp = 0; int bytes_matched; int max_bytes_matched = input_size; input_incr = flags & RE_FLAGS_BACKWARDS ? -1 : 1; if (flags & RE_FLAGS_BACKWARDS) input--; code_stack[sp] = code; input_stack[sp] = input; matches_stack[sp] = 0; sp++; while (sp > 0) { sp--; ip = code_stack[sp]; input = input_stack[sp]; bytes_matched = matches_stack[sp]; stop = FALSE; while(!stop) { if (*ip == RE_OPCODE_MATCH) { if (flags & RE_FLAGS_EXHAUSTIVE) { int cb_result = callback( flags & RE_FLAGS_BACKWARDS ? input + 1 : input_data, bytes_matched, flags, callback_args); switch(cb_result) { case ERROR_INSUFFICIENT_MEMORY: return -2; case ERROR_TOO_MANY_MATCHES: return -3; default: if (cb_result != ERROR_SUCCESS) return -4; } break; } else { return bytes_matched; } } if (bytes_matched >= max_bytes_matched) break; switch(*ip) { case RE_OPCODE_LITERAL: if (*input == *(ip + 1)) { bytes_matched++; input += input_incr; ip += 2; } else { stop = TRUE; } break; case RE_OPCODE_MASKED_LITERAL: value = *(int16_t*)(ip + 1) & 0xFF; mask = *(int16_t*)(ip + 1) >> 8; if ((*input & mask) == value) { bytes_matched++; input += input_incr; ip += 3; } else { stop = TRUE; } break; case RE_OPCODE_ANY: bytes_matched++; input += input_incr; ip += 1; break; case RE_OPCODE_REPEAT_ANY_UNGREEDY: repeat_any_args = (RE_REPEAT_ANY_ARGS*)(ip + 1); next_opcode = ip + 1 + sizeof(RE_REPEAT_ANY_ARGS); for (i = repeat_any_args->min + 1; i <= repeat_any_args->max; i++) { next_input = input + i * input_incr; if (bytes_matched + i >= max_bytes_matched) break; if ( *(next_opcode) != RE_OPCODE_LITERAL || (*(next_opcode) == RE_OPCODE_LITERAL && *(next_opcode + 1) == *next_input)) { if (sp >= MAX_FAST_RE_STACK) return -4; code_stack[sp] = next_opcode; input_stack[sp] = next_input; matches_stack[sp] = bytes_matched + i; sp++; } } input += input_incr * repeat_any_args->min; bytes_matched += repeat_any_args->min; ip = next_opcode; break; default: assert(FALSE); } } } return -1; }",visit repo url,libyara/re.c,https://github.com/VirusTotal/yara,72944536791748,1 3189,['CWE-189'],"static int jpc_dec_cp_setfrompoc(jpc_dec_cp_t *cp, jpc_poc_t *poc, int reset) { int pchgno; jpc_pchg_t *pchg; if (reset) { while (jpc_pchglist_numpchgs(cp->pchglist) > 0) { pchg = jpc_pchglist_remove(cp->pchglist, 0); jpc_pchg_destroy(pchg); } } for (pchgno = 0; pchgno < poc->numpchgs; ++pchgno) { if (!(pchg = jpc_pchg_copy(&poc->pchgs[pchgno]))) { return -1; } if (jpc_pchglist_insert(cp->pchglist, -1, pchg)) { return -1; } } return 0; }",jasper,,,263460382166660905830122469299591366254,0 5774,CWE-125,"sysObjectID_handler(snmp_varbind_t *varbind, uint32_t *oid) { OID(sysObjectID_oid, 1, 3, 6, 1, 4, 1, 54352); snmp_api_set_oid(varbind, oid, sysObjectID_oid); }",visit repo url,examples/snmp-server/resources/snmp-SNMP-MIB-2-System.c,https://github.com/contiki-ng/contiki-ng,236631433388450,1